hellcat Fri Nov 4 20:48:43 GMT 2011 + _________________________ version + + ipsec --version Linux Openswan 2.6.28 (klips) See `ipsec --copyright' for copyright information. + _________________________ /proc/version + + cat /proc/version Linux version 2.6.32-5-amd64 (Debian 2.6.32-38) (ben@decadent.org.uk) (gcc version 4.3.5 (Debian 4.3.5-4) ) #1 SMP Mon Oct 3 03:59:20 UTC 2011 + _________________________ /proc/net/ipsec_eroute + + test -r /proc/net/ipsec_eroute + sort -sg -k 3 /proc/net/ipsec_eroute + _________________________ netstat-rn + + netstat -nr + head -n 100 Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 172.30.3.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 172.30.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 172.30.2.0 0.0.0.0 255.255.255.0 U 0 0 0 ipsec0 0.0.0.0 172.30.2.1 0.0.0.0 UG 0 0 0 eth0 + _________________________ /proc/net/ipsec_spi + + test -r /proc/net/ipsec_spi + cat /proc/net/ipsec_spi + _________________________ /proc/net/ipsec_spigrp + + test -r /proc/net/ipsec_spigrp + cat /proc/net/ipsec_spigrp + _________________________ /proc/net/ipsec_tncfg + + test -r /proc/net/ipsec_tncfg + cat /proc/net/ipsec_tncfg ipsec0 -> eth0 mtu=16260(1500) -> 1500 ipsec1 -> NULL mtu=0(0) -> 0 + _________________________ /proc/net/pfkey + + test -r /proc/net/pfkey + _________________________ /proc/crypto + + test -r /proc/crypto + cat /proc/crypto name : tnepres driver : tnepres-generic module : serpent priority : 0 refcnt : 1 selftest : passed type : cipher blocksize : 16 min keysize : 0 max keysize : 32 name : serpent driver : serpent-generic module : serpent priority : 0 refcnt : 1 selftest : passed type : cipher blocksize : 16 min keysize : 0 max keysize : 32 name : blowfish driver : blowfish-generic module : blowfish priority : 0 refcnt : 1 selftest : passed type : cipher blocksize : 8 min keysize : 4 max keysize : 56 name : twofish driver : twofish-generic module : twofish priority : 100 refcnt : 1 selftest : passed type : cipher blocksize : 16 min keysize : 16 max keysize : 32 name : sha256 driver : sha256-generic module : sha256_generic priority : 0 refcnt : 1 selftest : passed type : shash blocksize : 64 digestsize : 32 name : sha224 driver : sha224-generic module : sha256_generic priority : 0 refcnt : 1 selftest : passed type : shash blocksize : 64 digestsize : 28 name : sha512 driver : sha512-generic module : sha512_generic priority : 0 refcnt : 1 selftest : passed type : shash blocksize : 128 digestsize : 64 name : sha384 driver : sha384-generic module : sha512_generic priority : 0 refcnt : 1 selftest : passed type : shash blocksize : 128 digestsize : 48 name : des3_ede driver : des3_ede-generic module : des_generic priority : 0 refcnt : 1 selftest : passed type : cipher blocksize : 8 min keysize : 24 max keysize : 24 name : des driver : des-generic module : des_generic priority : 0 refcnt : 1 selftest : passed type : cipher blocksize : 8 min keysize : 8 max keysize : 8 name : aes driver : aes-asm module : aes_x86_64 priority : 200 refcnt : 1 selftest : passed type : cipher blocksize : 16 min keysize : 16 max keysize : 32 name : aes driver : aes-generic module : aes_generic priority : 100 refcnt : 1 selftest : passed type : cipher blocksize : 16 min keysize : 16 max keysize : 32 name : stdrng driver : krng module : kernel priority : 200 refcnt : 1 selftest : passed type : rng seedsize : 0 name : md5 driver : md5-generic module : kernel priority : 0 refcnt : 1 selftest : passed type : shash blocksize : 64 digestsize : 16 + __________________________/proc/sys/net/core/xfrm-star /usr/lib/ipsec/barf: 1: __________________________/proc/sys/net/core/xfrm-star: not found + echo -n /proc/sys/net/core/xfrm_acq_expires: /proc/sys/net/core/xfrm_acq_expires: + cat /proc/sys/net/core/xfrm_acq_expires 30 + echo -n /proc/sys/net/core/xfrm_aevent_etime: /proc/sys/net/core/xfrm_aevent_etime: + cat /proc/sys/net/core/xfrm_aevent_etime 10 + echo -n /proc/sys/net/core/xfrm_aevent_rseqth: /proc/sys/net/core/xfrm_aevent_rseqth: + cat /proc/sys/net/core/xfrm_aevent_rseqth 2 + echo -n /proc/sys/net/core/xfrm_larval_drop: /proc/sys/net/core/xfrm_larval_drop: + cat /proc/sys/net/core/xfrm_larval_drop 1 + _________________________ /proc/sys/net/ipsec-star + + test -d /proc/sys/net/ipsec + cd /proc/sys/net/ipsec + egrep ^ debug_ah debug_eroute debug_esp debug_ipcomp debug_mast debug_netlink debug_pfkey debug_radij debug_rcv debug_spi debug_tunnel debug_verbose debug_xform debug_xmit icmp inbound_policy_check pfkey_lossage tos debug_ah:0 debug_eroute:0 debug_esp:0 debug_ipcomp:0 debug_mast:0 debug_netlink:0 debug_pfkey:0 debug_radij:0 debug_rcv:0 debug_spi:0 debug_tunnel:0 debug_verbose:0 debug_xform:0 debug_xmit:0 icmp:1 inbound_policy_check:1 pfkey_lossage:0 tos:1 + _________________________ ipsec/status + + ipsec auto --status 000 using kernel interface: mast 000 interface mast0/eth0 2a01:348:22f:1::2 000 interface mast0/eth0 172.30.2.2 000 interface mast0/eth0 172.30.2.2 000 interface mast0/eth1 172.30.3.1 000 interface mast0/eth1 172.30.3.1 000 %myid = (none) 000 debug parsing+control 000 000 virtual_private (%priv): 000 - allowed 1 subnet: 172.30.2.2/32 000 - disallowed 0 subnets: 000 WARNING: Disallowed subnets in virtual_private= is empty. If you have 000 private address space in internal use, it should be excluded! 000 000 algorithm ESP encrypt: id=3, name=ESP_3DES, ivlen=64, keysizemin=192, keysizemax=192 000 algorithm ESP encrypt: id=12, name=ESP_AES, ivlen=128, keysizemin=128, keysizemax=256 000 algorithm ESP auth attr: id=1, name=AUTH_ALGORITHM_HMAC_MD5, keysizemin=128, keysizemax=128 000 algorithm ESP auth attr: id=2, name=AUTH_ALGORITHM_HMAC_SHA1, keysizemin=160, keysizemax=160 000 000 algorithm IKE encrypt: id=3, name=OAKLEY_BLOWFISH_CBC, blocksize=8, keydeflen=128 000 algorithm IKE encrypt: id=5, name=OAKLEY_3DES_CBC, blocksize=8, keydeflen=192 000 algorithm IKE encrypt: id=7, name=OAKLEY_AES_CBC, blocksize=16, keydeflen=128 000 algorithm IKE encrypt: id=65004, name=OAKLEY_SERPENT_CBC, blocksize=16, keydeflen=128 000 algorithm IKE encrypt: id=65005, name=OAKLEY_TWOFISH_CBC, blocksize=16, keydeflen=128 000 algorithm IKE encrypt: id=65289, name=OAKLEY_TWOFISH_CBC_SSH, blocksize=16, keydeflen=128 000 algorithm IKE hash: id=1, name=OAKLEY_MD5, hashsize=16 000 algorithm IKE hash: id=2, name=OAKLEY_SHA1, hashsize=20 000 algorithm IKE hash: id=4, name=OAKLEY_SHA2_256, hashsize=32 000 algorithm IKE hash: id=6, name=OAKLEY_SHA2_512, hashsize=64 000 algorithm IKE dh group: id=2, name=OAKLEY_GROUP_MODP1024, bits=1024 000 algorithm IKE dh group: id=5, name=OAKLEY_GROUP_MODP1536, bits=1536 000 algorithm IKE dh group: id=14, name=OAKLEY_GROUP_MODP2048, bits=2048 000 algorithm IKE dh group: id=15, name=OAKLEY_GROUP_MODP3072, bits=3072 000 algorithm IKE dh group: id=16, name=OAKLEY_GROUP_MODP4096, bits=4096 000 algorithm IKE dh group: id=17, name=OAKLEY_GROUP_MODP6144, bits=6144 000 algorithm IKE dh group: id=18, name=OAKLEY_GROUP_MODP8192, bits=8192 000 000 stats db_ops: {curr_cnt, total_cnt, maxsz} :context={0,0,0} trans={0,0,0} attrs={0,0,0} 000 000 "cmalton.kegs.local": 172.30.2.2[C=GB, ST=Essex, L=Chelmsford, O=King Edward VI Grammar School, OU=ICT, CN=vpn.kegs.org.uk, E=ict@kegs.org.uk,+S=C]:17/1701...%virtual[C=GB, ST=Essex, L=Chelmsford, O=King Edward VI Grammar School, OU=ICT, CN=cmalton.kegs.local, E=cmalton@kegs.org.uk,+S=C]:17/%any===?; unrouted; eroute owner: #0 000 "cmalton.kegs.local": myip=unset; hisip=unset; mycert=/etc/ipsec.d/certs/vpn.kegs.org.uk.pem; hiscert=/etc/ipsec.d/certs/cmalton.kegs.local.pem; 000 "cmalton.kegs.local": CAs: 'C=GB, ST=Essex, O=King Edward VI Grammar School, OU=ICT, CN=L2TP VPN Certificate Authority, E=ict@kegs.org.uk'...'C=GB, ST=Essex, O=King Edward VI Grammar School, OU=ICT, CN=L2TP VPN Certificate Authority, E=ict@kegs.org.uk' 000 "cmalton.kegs.local": ike_life: 28800s; ipsec_life: 3600s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0 000 "cmalton.kegs.local": policy: RSASIG+ENCRYPT+DONTREKEY+IKEv2ALLOW+lKOD+rKOD; prio: 32,32; interface: eth0; 000 "cmalton.kegs.local": newest ISAKMP SA: #0; newest IPsec SA: #0; 000 "passthrough-for-non-l2tp": 172.30.2.2<172.30.2.2>[+S=C]---172.30.2.2...%any[+S=C]===0.0.0.0/0; unrouted; eroute owner: #0 000 "passthrough-for-non-l2tp": myip=unset; hisip=unset; 000 "passthrough-for-non-l2tp": ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0 000 "passthrough-for-non-l2tp": policy: PFS+IKEv2ALLOW+PASS+NEVER_NEGOTIATE+lKOD+rKOD; prio: 32,0; interface: eth0; 000 "passthrough-for-non-l2tp": newest ISAKMP SA: #0; newest IPsec SA: #0; 000 000 + _________________________ ifconfig-a + + ifconfig -a eth0 Link encap:Ethernet HWaddr 00:18:f3:07:b4:0b inet addr:172.30.2.2 Bcast:172.30.2.255 Mask:255.255.255.0 inet6 addr: 2a01:348:22f:1::2/64 Scope:Global inet6 addr: fe80::218:f3ff:fe07:b40b/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:5354 errors:0 dropped:0 overruns:0 frame:0 TX packets:5760 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:995422 (972.0 KiB) TX bytes:1119907 (1.0 MiB) Interrupt:27 Base address:0x8000 eth1 Link encap:Ethernet HWaddr 00:06:4f:38:fb:67 inet addr:172.30.3.1 Bcast:172.30.3.255 Mask:255.255.255.0 UP BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) Interrupt:22 Base address:0x6c00 eth2 Link encap:Ethernet HWaddr 00:06:4f:40:9f:46 BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) Interrupt:21 Base address:0xc800 ipsec0 Link encap:Ethernet HWaddr 00:18:f3:07:b4:0b inet addr:172.30.2.2 Mask:255.255.255.0 inet6 addr: fe80::218:f3ff:fe07:b40b/64 Scope:Link UP RUNNING NOARP MTU:16260 Metric:1 RX packets:49 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:10 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) ipsec1 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 NOARP MTU:0 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:10 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:16 errors:0 dropped:0 overruns:0 frame:0 TX packets:16 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:1040 (1.0 KiB) TX bytes:1040 (1.0 KiB) mast0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 inet addr:172.30.3.1 Mask:255.255.255.255 UP RUNNING NOARP MTU:1452 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:10 RX bytes:5488 (5.3 KiB) TX bytes:0 (0.0 B) + _________________________ ip-addr-list + + ip addr list 1: lo: mtu 16436 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:18:f3:07:b4:0b brd ff:ff:ff:ff:ff:ff inet 172.30.2.2/24 brd 172.30.2.255 scope global eth0 inet6 2a01:348:22f:1::2/64 scope global valid_lft forever preferred_lft forever inet6 fe80::218:f3ff:fe07:b40b/64 scope link valid_lft forever preferred_lft forever 3: eth2: mtu 1500 qdisc noop state DOWN qlen 1000 link/ether 00:06:4f:40:9f:46 brd ff:ff:ff:ff:ff:ff 4: eth1: mtu 1500 qdisc pfifo_fast state DOWN qlen 1000 link/ether 00:06:4f:38:fb:67 brd ff:ff:ff:ff:ff:ff inet 172.30.3.1/24 brd 172.30.3.255 scope global eth1 6: ipsec0: mtu 16260 qdisc pfifo_fast state UNKNOWN qlen 10 link/ether 00:18:f3:07:b4:0b brd ff:ff:ff:ff:ff:ff inet 172.30.2.2/24 brd 172.30.2.255 scope global ipsec0 inet6 fe80::218:f3ff:fe07:b40b/64 scope link valid_lft forever preferred_lft forever 7: ipsec1: mtu 0 qdisc noop state DOWN qlen 10 link/void 8: mast0: mtu 1452 qdisc pfifo_fast state UNKNOWN qlen 10 link/none inet 172.30.3.1/32 scope global mast0 + _________________________ ip-route-list + + ip route list 172.30.3.0/24 dev eth1 proto kernel scope link src 172.30.3.1 172.30.2.0/24 dev eth0 proto kernel scope link src 172.30.2.2 172.30.2.0/24 dev ipsec0 proto kernel scope link src 172.30.2.2 default via 172.30.2.1 dev eth0 + _________________________ ip-rule-list + + ip rule list 0: from all lookup local 32766: from all lookup main 32767: from all lookup default + _________________________ ipsec_verify + + ipsec verify --nocolour Checking your system to see if IPsec got installed and started correctly: Version check and ipsec on-path [OK] Linux Openswan 2.6.28 (klips) Checking for IPsec support in kernel [OK] KLIPS detected, checking for NAT Traversal support [OK] Checking that pluto is running [OK] Pluto listening for IKE on udp 500 [OK] Pluto listening for NAT-T on udp 4500 [OK] Two or more interfaces found, checking IP forwarding [OK] Checking NAT and MASQUERADEing [OK] Checking for 'ip' command [OK] Checking for 'iptables' command [OK] Opportunistic Encryption Support [DISABLED] + _________________________ mii-tool + + [ -x /sbin/mii-tool ] + /sbin/mii-tool -v eth0: negotiated 1000baseT-HD flow-control, link ok product info: vendor 00:07:32, model 17 rev 2 basic mode: autonegotiation enabled basic status: autonegotiation complete, link ok capabilities: 1000baseT-HD 1000baseT-FD 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD advertising: 1000baseT-HD 1000baseT-FD 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD flow-control link partner: 1000baseT-HD 1000baseT-FD 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD flow-control eth1: no link product info: vendor 00:00:00, model 0 rev 0 basic mode: autonegotiation enabled basic status: no link capabilities: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD advertising: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD + _________________________ ipsec/directory + + ipsec --directory /usr/lib/ipsec + _________________________ hostname/fqdn + + hostname --fqdn hellcat.net.cmalton.me.uk + _________________________ hostname/ipaddress + + hostname --ip-address 127.0.1.1 + _________________________ uptime + + uptime 20:48:43 up 35 min, 1 user, load average: 0.00, 0.00, 0.00 + _________________________ ps + + ps alxwf + egrep -i ppid|pluto|ipsec|klips F UID PID PPID PRI NI VSZ RSS WCHAN STAT TTY TIME COMMAND 0 0 3163 1870 20 0 3952 652 - S+ pts/0 0:00 \_ /bin/sh /usr/lib/ipsec/barf 0 0 3242 3163 20 0 6020 668 - S+ pts/0 0:00 \_ egrep -i ppid|pluto|ipsec|klips 1 0 3127 1 20 0 3952 232 - S pts/0 0:00 /bin/sh /usr/lib/ipsec/_plutorun --debug parsing control --uniqueids yes --force_busy no --nocrsend no --strictcrlpolicy no --nat_traversal yes --keep_alive --protostack auto --force_keepalive no --disable_port_floating no --virtual_private %v4:172.30.2.2/32 --crlcheckinterval 0 --ocspuri --nhelpers --dump --opts --stderrlog --wait no --pre --post --log daemon.error --plutorestartoncrash true --pid /var/run/pluto/pluto.pid 1 0 3129 3127 20 0 3952 304 - S pts/0 0:00 \_ /bin/sh /usr/lib/ipsec/_plutorun --debug parsing control --uniqueids yes --force_busy no --nocrsend no --strictcrlpolicy no --nat_traversal yes --keep_alive --protostack auto --force_keepalive no --disable_port_floating no --virtual_private %v4:172.30.2.2/32 --crlcheckinterval 0 --ocspuri --nhelpers --dump --opts --stderrlog --wait no --pre --post --log daemon.error --plutorestartoncrash true --pid /var/run/pluto/pluto.pid 4 0 3134 3129 20 0 64940 3496 - S pts/0 0:00 | \_ /usr/lib/ipsec/pluto --nofork --secretsfile /etc/ipsec.secrets --ipsecdir /etc/ipsec.d --debug-parsing --debug-control --use-auto --uniqueids --nat_traversal --virtual_private %v4:172.30.2.2/32 1 0 3137 3134 30 10 64932 1252 - SN pts/0 0:00 | \_ pluto helper # 0 0 0 3138 3134 20 0 5856 388 - S pts/0 0:00 | \_ _pluto_adns 0 0 3130 3127 20 0 3952 616 - S pts/0 0:00 \_ /bin/sh /usr/lib/ipsec/_plutoload --wait no --post 0 0 3128 1 20 0 3852 624 - S pts/0 0:00 logger -s -p daemon.error -t ipsec__plutorun + _________________________ ipsec/showdefaults + + ipsec showdefaults routephys=eth0 routevirt=ipsec0 routeaddr=172.30.2.2 routenexthop=172.30.2.1 + _________________________ ipsec/conf + + ipsec _include /etc/ipsec.conf + ipsec _keycensor #< /etc/ipsec.conf 1 # /etc/ipsec.conf - Openswan IPsec configuration file # This file: /usr/share/doc/openswan/ipsec.conf-sample # # Manual: ipsec.conf.5 version 2.0 # conforms to second version of ipsec.conf specification # basic configuration config setup # Do not set debug options to debug configuration issues! # plutodebug / klipsdebug = "all", "none" or a combation from below: # "raw crypt parsing emitting control klips pfkey natt x509 dpd private" # eg: plutodebug="control parsing" # plutodebug="all" # # enable to get logs per-peer # plutoopts="--perpeerlog" # # Again: only enable plutodebug or klipsdebug when asked by a developer # # NAT-TRAVERSAL support, see README.NAT-Traversal nat_traversal=yes # exclude networks used on server side by adding %v4:!a.b.c.0/24 virtual_private=%v4:172.30.2.2/32 # OE is now off by default. Uncomment and change to on, to enable. oe=off # which IPsec stack to use. auto will try netkey, then klips then mast protostack=auto # Add connections here conn cmalton.kegs.local # # Configuration for one user with any type of IPsec/L2TP client # including the updated Windows 2000/XP (MS KB Q818043), but # excluding the non-updated Windows 2000/XP. # # # Use a certificate. Disable Perfect Forward Secrecy. # authby=rsasig pfs=no auto=add # we cannot rekey for %any, let client rekey rekey=no # Set ikelifetime and keylife to same defaults windows has ikelifetime=8h keylife=1h # l2tp-over-ipsec is transport mode # See http://bugs.xelerance.com/view.php?id=466 type=transport # left=%defaultroute leftcert=/etc/ipsec.d/certs/vpn.kegs.org.uk.pem leftprotoport=17/1701 # # The remote user. # right=%any rightcert=/etc/ipsec.d/certs/cmalton.kegs.local.pem # Using the magic port of "0" means "any one single port". This is # a work around required for Apple OSX clients that use a randomly # high port, but propose "0" instead of their port. If that does # not work, try 17/%any rightprotoport=17/%any rightsubnet=vhost:%priv,%no # Normally, KLIPS drops all plaintext traffic from IP's it has a crypted # connection with. With L2TP clients behind NAT, that's not really what # you want. The connection below allows both l2tp/ipsec and plaintext # connections from behind the same NAT router. # The l2tpd use a leftprotoport, so they are more specific and will be used # first. Then, packets for the host on different ports and protocols (eg ssh) # will match this passthrough conn. conn passthrough-for-non-l2tp type=passthrough left=172.30.2.2 leftnexthop=172.30.2.2 right=0.0.0.0 rightsubnet=0.0.0.0/0 auto=route + _________________________ ipsec/secrets + + ipsec _include /etc/ipsec.secrets + ipsec _secretcensor #< /etc/ipsec.secrets 1 # RCSID $Id: ipsec.secrets.proto,v 1.3.6.1 2005/09/28 13:59:14 paul Exp $ # This file holds shared secrets or RSA private keys for inter-Pluto # authentication. See ipsec_pluto(8) manpage, and HTML documentation. # RSA private key for this host, authenticating it to any other host # which knows the public part. Suitable public keys, for ipsec.conf, DNS, # or configuration of other implementations, can be extracted conveniently # with "[sums to ef67...]". # this file is managed with debconf and will contain the automatically created RSA keys #> /etc/ipsec.secrets 12 : RSA cmalton.kegs.local.pem "[sums to 304c...]" : RSA /etc/ipsec.d/private/vpn.kegs.org.uk.pem "[sums to 304c...]" + _________________________ ipsec/listall + + ipsec auto --listall 000 000 List of Public Keys: 000 000 Nov 04 20:46:01 2011, 1024 RSA Key AwEAAbqKo (has private key), until Nov 02 22:05:17 2014 ok 000 ID_DER_ASN1_DN 'C=GB, ST=Essex, L=Chelmsford, O=King Edward VI Grammar School, OU=ICT, CN=cmalton.kegs.local, E=cmalton@kegs.org.uk' 000 Issuer 'C=GB, ST=Essex, O=King Edward VI Grammar School, OU=ICT, CN=L2TP VPN Certificate Authority, E=ict@kegs.org.uk' 000 Nov 04 20:44:53 2011, 1024 RSA Key AwEAAZ9vL (has private key), until Oct 31 22:20:06 2021 ok 000 ID_DER_ASN1_DN 'C=GB, ST=Essex, L=Chelmsford, O=King Edward VI Grammar School, OU=ICT, CN=vpn.kegs.org.uk, E=ict@kegs.org.uk' 000 Issuer 'C=GB, ST=Essex, O=King Edward VI Grammar School, OU=ICT, CN=L2TP VPN Certificate Authority, E=ict@kegs.org.uk' 000 List of Pre-shared secrets (from /etc/ipsec.secrets) 000 14: RSA (none) (none) 000 13: RSA (none) (none) 000 000 List of X.509 End Certificates: 000 000 Nov 04 20:44:53 2011, count: 1 000 subject: 'C=GB, ST=Essex, L=Chelmsford, O=King Edward VI Grammar School, OU=ICT, CN=cmalton.kegs.local, E=cmalton@kegs.org.uk' 000 issuer: 'C=GB, ST=Essex, O=King Edward VI Grammar School, OU=ICT, CN=L2TP VPN Certificate Authority, E=ict@kegs.org.uk' 000 serial: 00:a0:bd:82:e0:a6:28:bd:88 000 pubkey: 1024 RSA Key AwEAAbqKo, has private key 000 validity: not before Nov 03 22:21:25 2011 ok 000 not after Oct 31 22:21:25 2021 ok 000 subjkey: 0c:2f:43:36:9c:57:34:ce:c5:4e:a5:aa:d4:df:f4:3a:56:18:6a:ff 000 authkey: be:77:9b:e5:04:3c:d3:2b:c4:11:60:31:35:1a:70:21:6c:05:61:d7 000 Nov 04 20:44:53 2011, count: 1 000 subject: 'C=GB, ST=Essex, L=Chelmsford, O=King Edward VI Grammar School, OU=ICT, CN=vpn.kegs.org.uk, E=ict@kegs.org.uk' 000 issuer: 'C=GB, ST=Essex, O=King Edward VI Grammar School, OU=ICT, CN=L2TP VPN Certificate Authority, E=ict@kegs.org.uk' 000 serial: 00:a0:bd:82:e0:a6:28:bd:87 000 pubkey: 1024 RSA Key AwEAAZ9vL, has private key 000 validity: not before Nov 03 22:20:06 2011 ok 000 not after Oct 31 22:20:06 2021 ok 000 subjkey: 70:e9:bf:e4:1a:fa:b0:9d:d3:79:77:d6:d8:b3:78:17:07:aa:aa:8e 000 authkey: be:77:9b:e5:04:3c:d3:2b:c4:11:60:31:35:1a:70:21:6c:05:61:d7 000 000 List of X.509 CA Certificates: 000 000 Nov 04 20:44:53 2011, count: 1 000 subject: 'C=GB, ST=Essex, O=King Edward VI Grammar School, OU=ICT, CN=L2TP VPN Certificate Authority, E=ict@kegs.org.uk' 000 issuer: 'C=GB, ST=Essex, O=King Edward VI Grammar School, OU=ICT, CN=L2TP VPN Certificate Authority, E=ict@kegs.org.uk' 000 serial: 00:a0:bd:82:e0:a6:28:bd:84 000 pubkey: 1024 RSA Key AwEAAf2/p 000 validity: not before Nov 03 22:05:17 2011 ok 000 not after Nov 02 22:05:17 2014 ok 000 subjkey: be:77:9b:e5:04:3c:d3:2b:c4:11:60:31:35:1a:70:21:6c:05:61:d7 000 authkey: be:77:9b:e5:04:3c:d3:2b:c4:11:60:31:35:1a:70:21:6c:05:61:d7 000 aserial: 00:a0:bd:82:e0:a6:28:bd:84 + [ /etc/ipsec.d/policies ] + basename /etc/ipsec.d/policies/block + base=block + _________________________ ipsec/policies/block + + cat /etc/ipsec.d/policies/block # This file defines the set of CIDRs (network/mask-length) to which # communication should never be allowed. # # See /usr/share/doc/openswan/policygroups.html for details. # # $Id: block.in,v 1.4 2003/02/17 02:22:15 mcr Exp $ # + basename /etc/ipsec.d/policies/clear + base=clear + _________________________ ipsec/policies/clear + + cat /etc/ipsec.d/policies/clear # This file defines the set of CIDRs (network/mask-length) to which # communication should always be in the clear. # # See /usr/share/doc/openswan/policygroups.html for details. # # root name servers should be in the clear 192.58.128.30/32 198.41.0.4/32 192.228.79.201/32 192.33.4.12/32 128.8.10.90/32 192.203.230.10/32 192.5.5.241/32 192.112.36.4/32 128.63.2.53/32 192.36.148.17/32 193.0.14.129/32 199.7.83.42/32 202.12.27.33/32 + basename /etc/ipsec.d/policies/clear-or-private + base=clear-or-private + _________________________ ipsec/policies/clear-or-private + + cat /etc/ipsec.d/policies/clear-or-private # This file defines the set of CIDRs (network/mask-length) to which # we will communicate in the clear, or, if the other side initiates IPSEC, # using encryption. This behaviour is also called "Opportunistic Responder". # # See /usr/share/doc/openswan/policygroups.html for details. # # $Id: clear-or-private.in,v 1.4 2003/02/17 02:22:15 mcr Exp $ # + basename /etc/ipsec.d/policies/private + base=private + _________________________ ipsec/policies/private + + cat /etc/ipsec.d/policies/private # This file defines the set of CIDRs (network/mask-length) to which # communication should always be private (i.e. encrypted). # See /usr/share/doc/openswan/policygroups.html for details. # # $Id: private.in,v 1.4 2003/02/17 02:22:15 mcr Exp $ # + basename /etc/ipsec.d/policies/private-or-clear + base=private-or-clear + _________________________ ipsec/policies/private-or-clear + + cat /etc/ipsec.d/policies/private-or-clear # This file defines the set of CIDRs (network/mask-length) to which # communication should be private, if possible, but in the clear otherwise. # # If the target has a TXT (later IPSECKEY) record that specifies # authentication material, we will require private (i.e. encrypted) # communications. If no such record is found, communications will be # in the clear. # # See /usr/share/doc/openswan/policygroups.html for details. # # $Id: private-or-clear.in,v 1.5 2003/02/17 02:22:15 mcr Exp $ # 0.0.0.0/0 + _________________________ ipsec/ls-libdir + + ls -l /usr/lib/ipsec total 2492 -rwxr-xr-x 1 root root 7128 Dec 24 2010 _copyright -rwxr-xr-x 1 root root 2379 Dec 24 2010 _include -rwxr-xr-x 1 root root 1475 Dec 24 2010 _keycensor -rwxr-xr-x 1 root root 11480 Dec 24 2010 _pluto_adns -rwxr-xr-x 1 root root 2632 Dec 24 2010 _plutoload -rwxr-xr-x 1 root root 8205 Dec 24 2010 _plutorun -rwxr-xr-x 1 root root 12951 Dec 24 2010 _realsetup -rwxr-xr-x 1 root root 1975 Dec 24 2010 _secretcensor -rwxr-xr-x 1 root root 9314 Dec 24 2010 _startklips -rwxr-xr-x 1 root root 6042 Dec 24 2010 _startnetkey -rwxr-xr-x 1 root root 4868 Dec 24 2010 _updown -rwxr-xr-x 1 root root 16182 Dec 24 2010 _updown.klips -rwxr-xr-x 1 root root 15372 Dec 24 2010 _updown.mast -rwxr-xr-x 1 root root 11551 Dec 24 2010 _updown.netkey -rwxr-xr-x 1 root root 212608 Dec 24 2010 addconn -rwxr-xr-x 1 root root 6015 Dec 24 2010 auto -rwxr-xr-x 1 root root 10828 Dec 24 2010 barf -rwxr-xr-x 1 root root 99768 Dec 24 2010 eroute -rwxr-xr-x 1 root root 25056 Dec 24 2010 ikeping -rwxr-xr-x 1 root root 73048 Dec 24 2010 klipsdebug -rwxr-xr-x 1 root root 2591 Dec 24 2010 look -rwxr-xr-x 1 root root 2182 Dec 24 2010 newhostkey -rwxr-xr-x 1 root root 66648 Dec 24 2010 pf_key -rwxr-xr-x 1 root root 1119024 Dec 24 2010 pluto -rwxr-xr-x 1 root root 11368 Dec 24 2010 ranbits -rwxr-xr-x 1 root root 24296 Dec 24 2010 rsasigkey -rwxr-xr-x 1 root root 766 Dec 24 2010 secrets lrwxrwxrwx 1 root root 17 Sep 22 12:20 setup -> /etc/init.d/ipsec -rwxr-xr-x 1 root root 1054 Dec 24 2010 showdefaults -rwxr-xr-x 1 root root 286776 Dec 24 2010 showhostkey -rwxr-xr-x 1 root root 26248 Dec 24 2010 showpolicy -rwxr-xr-x 1 root root 162288 Dec 24 2010 spi -rwxr-xr-x 1 root root 85576 Dec 24 2010 spigrp -rwxr-xr-x 1 root root 78776 Dec 24 2010 tncfg -rwxr-xr-x 1 root root 13446 Dec 24 2010 verify -rwxr-xr-x 1 root root 59864 Dec 24 2010 whack + _________________________ ipsec/ls-execdir + + ls -l /usr/lib/ipsec total 2492 -rwxr-xr-x 1 root root 7128 Dec 24 2010 _copyright -rwxr-xr-x 1 root root 2379 Dec 24 2010 _include -rwxr-xr-x 1 root root 1475 Dec 24 2010 _keycensor -rwxr-xr-x 1 root root 11480 Dec 24 2010 _pluto_adns -rwxr-xr-x 1 root root 2632 Dec 24 2010 _plutoload -rwxr-xr-x 1 root root 8205 Dec 24 2010 _plutorun -rwxr-xr-x 1 root root 12951 Dec 24 2010 _realsetup -rwxr-xr-x 1 root root 1975 Dec 24 2010 _secretcensor -rwxr-xr-x 1 root root 9314 Dec 24 2010 _startklips -rwxr-xr-x 1 root root 6042 Dec 24 2010 _startnetkey -rwxr-xr-x 1 root root 4868 Dec 24 2010 _updown -rwxr-xr-x 1 root root 16182 Dec 24 2010 _updown.klips -rwxr-xr-x 1 root root 15372 Dec 24 2010 _updown.mast -rwxr-xr-x 1 root root 11551 Dec 24 2010 _updown.netkey -rwxr-xr-x 1 root root 212608 Dec 24 2010 addconn -rwxr-xr-x 1 root root 6015 Dec 24 2010 auto -rwxr-xr-x 1 root root 10828 Dec 24 2010 barf -rwxr-xr-x 1 root root 99768 Dec 24 2010 eroute -rwxr-xr-x 1 root root 25056 Dec 24 2010 ikeping -rwxr-xr-x 1 root root 73048 Dec 24 2010 klipsdebug -rwxr-xr-x 1 root root 2591 Dec 24 2010 look -rwxr-xr-x 1 root root 2182 Dec 24 2010 newhostkey -rwxr-xr-x 1 root root 66648 Dec 24 2010 pf_key -rwxr-xr-x 1 root root 1119024 Dec 24 2010 pluto -rwxr-xr-x 1 root root 11368 Dec 24 2010 ranbits -rwxr-xr-x 1 root root 24296 Dec 24 2010 rsasigkey -rwxr-xr-x 1 root root 766 Dec 24 2010 secrets lrwxrwxrwx 1 root root 17 Sep 22 12:20 setup -> /etc/init.d/ipsec -rwxr-xr-x 1 root root 1054 Dec 24 2010 showdefaults -rwxr-xr-x 1 root root 286776 Dec 24 2010 showhostkey -rwxr-xr-x 1 root root 26248 Dec 24 2010 showpolicy -rwxr-xr-x 1 root root 162288 Dec 24 2010 spi -rwxr-xr-x 1 root root 85576 Dec 24 2010 spigrp -rwxr-xr-x 1 root root 78776 Dec 24 2010 tncfg -rwxr-xr-x 1 root root 13446 Dec 24 2010 verify -rwxr-xr-x 1 root root 59864 Dec 24 2010 whack + _________________________ /proc/net/dev + + cat /proc/net/dev Inter-| Receive | Transmit face |bytes packets errs drop fifo frame compressed multicast|bytes packets errs drop fifo colls carrier compressed lo: 1040 16 0 0 0 0 0 0 1040 16 0 0 0 0 0 0 eth0: 996133 5360 0 0 0 0 0 0 1120413 5766 0 0 0 0 0 0 eth2: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 eth1: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ipsec0: 0 49 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ipsec1: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 mast0: 5488 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 + _________________________ /proc/net/route + + cat /proc/net/route Iface Destination Gateway Flags RefCnt Use Metric Mask MTU Window IRTT eth1 00031EAC 00000000 0001 0 0 0 00FFFFFF 0 0 0 eth0 00021EAC 00000000 0001 0 0 0 00FFFFFF 0 0 0 ipsec0 00021EAC 00000000 0001 0 0 0 00FFFFFF 0 0 0 eth0 00000000 01021EAC 0003 0 0 0 00000000 0 0 0 + _________________________ /proc/sys/net/ipv4/ip_no_pmtu_disc + + cat /proc/sys/net/ipv4/ip_no_pmtu_disc 0 + _________________________ /proc/sys/net/ipv4/ip_forward + + cat /proc/sys/net/ipv4/ip_forward 1 + _________________________ /proc/sys/net/ipv4/tcp_ecn + + cat /proc/sys/net/ipv4/tcp_ecn 2 + _________________________ /proc/sys/net/ipv4/conf/star-rp_filter + + cd /proc/sys/net/ipv4/conf + egrep ^ all/rp_filter default/rp_filter eth0/rp_filter eth1/rp_filter eth2/rp_filter ipsec0/rp_filter ipsec1/rp_filter lo/rp_filter mast0/rp_filter all/rp_filter:0 default/rp_filter:0 eth0/rp_filter:0 eth1/rp_filter:0 eth2/rp_filter:0 ipsec0/rp_filter:0 ipsec1/rp_filter:0 lo/rp_filter:0 mast0/rp_filter:0 + _________________________ /proc/sys/net/ipv4/conf/star-star-redirects + + cd /proc/sys/net/ipv4/conf + egrep ^ all/accept_redirects all/secure_redirects all/send_redirects default/accept_redirects default/secure_redirects default/send_redirects eth0/accept_redirects eth0/secure_redirects eth0/send_redirects eth1/accept_redirects eth1/secure_redirects eth1/send_redirects eth2/accept_redirects eth2/secure_redirects eth2/send_redirects ipsec0/accept_redirects ipsec0/secure_redirects ipsec0/send_redirects ipsec1/accept_redirects ipsec1/secure_redirects ipsec1/send_redirects lo/accept_redirects lo/secure_redirects lo/send_redirects mast0/accept_redirects mast0/secure_redirects mast0/send_redirects all/accept_redirects:0 all/secure_redirects:1 all/send_redirects:1 default/accept_redirects:1 default/secure_redirects:1 default/send_redirects:1 eth0/accept_redirects:1 eth0/secure_redirects:1 eth0/send_redirects:1 eth1/accept_redirects:1 eth1/secure_redirects:1 eth1/send_redirects:1 eth2/accept_redirects:1 eth2/secure_redirects:1 eth2/send_redirects:1 ipsec0/accept_redirects:1 ipsec0/secure_redirects:1 ipsec0/send_redirects:1 ipsec1/accept_redirects:1 ipsec1/secure_redirects:1 ipsec1/send_redirects:1 lo/accept_redirects:1 lo/secure_redirects:1 lo/send_redirects:1 mast0/accept_redirects:1 mast0/secure_redirects:1 mast0/send_redirects:1 + _________________________ /proc/sys/net/ipv4/tcp_window_scaling + + cat /proc/sys/net/ipv4/tcp_window_scaling 1 + _________________________ /proc/sys/net/ipv4/tcp_adv_win_scale + + cat /proc/sys/net/ipv4/tcp_adv_win_scale 2 + _________________________ uname-a + + uname -a Linux hellcat 2.6.32-5-amd64 #1 SMP Mon Oct 3 03:59:20 UTC 2011 x86_64 GNU/Linux + _________________________ config-built-with + + test -r /proc/config_built_with + _________________________ distro-release + + test -f /etc/redhat-release + test -f /etc/debian-release + test -f /etc/SuSE-release + test -f /etc/mandrake-release + test -f /etc/mandriva-release + test -f /etc/gentoo-release + _________________________ /proc/net/ipsec_version + + test -r /proc/net/ipsec_version + cat /proc/net/ipsec_version Openswan version: 2.6.28 + _________________________ iptables + + test -r /sbin/iptables + iptables -L -v -n Chain INPUT (policy ACCEPT 2706 packets, 688K bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 3773 packets, 654K bytes) pkts bytes target prot opt in out source destination + _________________________ iptables-nat + + iptables -t nat -L -v -n Chain PREROUTING (policy ACCEPT 55 packets, 8014 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 49 packets, 6129 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 49 packets, 6129 bytes) pkts bytes target prot opt in out source destination + _________________________ iptables-mangle + + iptables -t mangle -L -v -n Chain PREROUTING (policy ACCEPT 4678 packets, 868K bytes) pkts bytes target prot opt in out source destination Chain INPUT (policy ACCEPT 4678 packets, 868K bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 5811 packets, 1050K bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 5941 packets, 1068K bytes) pkts bytes target prot opt in out source destination + _________________________ /proc/modules + + test -f /proc/modules + cat /proc/modules ip6table_filter 2384 0 - Live 0xffffffffa05b4000 ip6_tables 15107 1 ip6table_filter, Live 0xffffffffa05aa000 ipsec 331477 2 - Live 0xffffffffa0524000 ccm 6833 0 - Live 0xffffffffa051d000 serpent 16791 0 - Live 0xffffffffa0513000 blowfish 7944 0 - Live 0xffffffffa050c000 twofish 6025 0 - Live 0xffffffffa0505000 twofish_common 13472 1 twofish, Live 0xffffffffa04fc000 ecb 1841 0 - Live 0xffffffffa04f6000 xcbc 2325 0 - Live 0xffffffffa04f0000 cbc 2539 0 - Live 0xffffffffa04ea000 sha256_generic 8692 0 - Live 0xffffffffa04e2000 sha512_generic 4449 0 - Live 0xffffffffa04db000 des_generic 15475 0 - Live 0xffffffffa04d2000 aes_x86_64 7340 0 - Live 0xffffffffa04c4000 aes_generic 25714 1 aes_x86_64, Live 0xffffffffa04ab000 tun 10844 0 - Live 0xffffffffa04a2000 xt_tcpudp 2319 0 - Live 0xffffffffa049c000 xt_state 1303 0 - Live 0xffffffffa0496000 xt_multiport 2267 0 - Live 0xffffffffa0490000 iptable_filter 2258 0 - Live 0xffffffffa048a000 iptable_nat 4299 0 - Live 0xffffffffa0483000 nf_nat 13388 1 iptable_nat, Live 0xffffffffa0478000 nf_conntrack_ipv4 9833 3 iptable_nat,nf_nat, Live 0xffffffffa046f000 nf_conntrack 46535 4 xt_state,iptable_nat,nf_nat,nf_conntrack_ipv4, Live 0xffffffffa0457000 nf_defrag_ipv4 1139 1 nf_conntrack_ipv4, Live 0xffffffffa0451000 iptable_mangle 2817 0 - Live 0xffffffffa044b000 ip_tables 13915 3 iptable_filter,iptable_nat,iptable_mangle, Live 0xffffffffa0441000 x_tables 12845 6 ip6_tables,xt_tcpudp,xt_state,xt_multiport,iptable_nat,ip_tables, Live 0xffffffffa0435000 ext3 106710 1 - Live 0xffffffffa040f000 jbd 37221 1 ext3, Live 0xffffffffa03fc000 loop 11799 0 - Live 0xffffffffa03f3000 nouveau 353128 0 - Live 0xffffffffa038a000 ttm 40162 1 nouveau, Live 0xffffffffa0376000 drm_kms_helper 20369 1 nouveau, Live 0xffffffffa036a000 snd_hda_codec_analog 64562 1 - Live 0xffffffffa0352000 parport_pc 18855 0 - Live 0xffffffffa0346000 i2c_i801 7830 0 - Live 0xffffffffa0337000 drm 142279 3 nouveau,ttm,drm_kms_helper, Live 0xffffffffa0300000 i2c_algo_bit 4225 1 nouveau, Live 0xffffffffa02f9000 asus_atk0110 7686 0 - Live 0xffffffffa02f2000 parport 27954 1 parport_pc, Live 0xffffffffa02e3000 evdev 7352 2 - Live 0xffffffffa02dc000 psmouse 49937 0 - Live 0xffffffffa02c7000 serio_raw 3752 0 - Live 0xffffffffa02c1000 pcspkr 1699 0 - Live 0xffffffffa02bb000 snd_hda_intel 20035 0 - Live 0xffffffffa02af000 i2c_core 15819 5 nouveau,drm_kms_helper,i2c_i801,drm,i2c_algo_bit, Live 0xffffffffa02a3000 snd_hda_codec 54244 2 snd_hda_codec_analog,snd_hda_intel, Live 0xffffffffa0281000 snd_hwdep 5380 1 snd_hda_codec, Live 0xffffffffa0279000 snd_pcm 60487 2 snd_hda_intel,snd_hda_codec, Live 0xffffffffa025e000 snd_timer 15598 1 snd_pcm, Live 0xffffffffa0253000 rng_core 3006 0 - Live 0xffffffffa024d000 snd 46526 6 snd_hda_codec_analog,snd_hda_intel,snd_hda_codec,snd_hwdep,snd_pcm,snd_timer, Live 0xffffffffa0236000 soundcore 4598 1 snd, Live 0xffffffffa022e000 snd_page_alloc 6249 2 snd_hda_intel,snd_pcm, Live 0xffffffffa0226000 button 4650 1 nouveau, Live 0xffffffffa021e000 processor 29935 0 - Live 0xffffffffa020e000 ext4 288350 6 - Live 0xffffffffa01b1000 mbcache 5050 2 ext3,ext4, Live 0xffffffffa01a9000 jbd2 67015 1 ext4, Live 0xffffffffa018c000 crc16 1319 1 ext4, Live 0xffffffffa0186000 raid1 18431 4 - Live 0xffffffffa017b000 md_mod 73872 5 raid1, Live 0xffffffffa015e000 sg 24069 0 - Live 0xffffffffa014b000 sr_mod 12602 0 - Live 0xffffffffa0141000 cdrom 29415 1 sr_mod, Live 0xffffffffa0133000 sd_mod 29921 13 - Live 0xffffffffa0124000 crc_t10dif 1276 1 sd_mod, Live 0xffffffffa011e000 ata_generic 3239 0 - Live 0xffffffffa0118000 uhci_hcd 18521 0 - Live 0xffffffffa010d000 8139too 17981 0 - Live 0xffffffffa0101000 thermal 11674 0 - Live 0xffffffffa00f8000 8139cp 15941 0 - Live 0xffffffffa00ee000 floppy 49087 0 - Live 0xffffffffa00da000 r8169 36840 0 - Live 0xffffffffa00c9000 mii 3210 3 8139too,8139cp,r8169, Live 0xffffffffa00c3000 thermal_sys 11942 2 processor,thermal, Live 0xffffffffa00ba000 ata_piix 21124 11 - Live 0xffffffffa00ae000 ehci_hcd 32081 0 - Live 0xffffffffa00a0000 libata 133776 2 ata_generic,ata_piix, Live 0xffffffffa006a000 scsi_mod 126533 4 sg,sr_mod,sd_mod,libata, Live 0xffffffffa0037000 usbcore 122674 3 uhci_hcd,ehci_hcd, Live 0xffffffffa0007000 nls_base 6377 1 usbcore, Live 0xffffffffa0000000 + _________________________ /proc/meminfo + + cat /proc/meminfo MemTotal: 3481976 kB MemFree: 3233532 kB Buffers: 18440 kB Cached: 136528 kB SwapCached: 0 kB Active: 109872 kB Inactive: 77484 kB Active(anon): 32248 kB Inactive(anon): 300 kB Active(file): 77624 kB Inactive(file): 77184 kB Unevictable: 0 kB Mlocked: 0 kB SwapTotal: 0 kB SwapFree: 0 kB Dirty: 28 kB Writeback: 0 kB AnonPages: 32112 kB Mapped: 19668 kB Shmem: 324 kB Slab: 21992 kB SReclaimable: 12880 kB SUnreclaim: 9112 kB KernelStack: 1264 kB PageTables: 5080 kB NFS_Unstable: 0 kB Bounce: 0 kB WritebackTmp: 0 kB CommitLimit: 1740988 kB Committed_AS: 117472 kB VmallocTotal: 34359738367 kB VmallocUsed: 113288 kB VmallocChunk: 34359615996 kB HardwareCorrupted: 0 kB HugePages_Total: 0 HugePages_Free: 0 HugePages_Rsvd: 0 HugePages_Surp: 0 Hugepagesize: 2048 kB DirectMap4k: 7744 kB DirectMap2M: 3530752 kB + _________________________ /proc/net/ipsec-ls + + test -f /proc/net/ipsec_version + ls -l /proc/net/ipsec_eroute /proc/net/ipsec_klipsdebug /proc/net/ipsec_spi /proc/net/ipsec_spigrp /proc/net/ipsec_tncfg /proc/net/ipsec_version lrwxrwxrwx 1 root root 16 Nov 4 20:48 /proc/net/ipsec_eroute -> ipsec/eroute/all lrwxrwxrwx 1 root root 16 Nov 4 20:48 /proc/net/ipsec_klipsdebug -> ipsec/klipsdebug lrwxrwxrwx 1 root root 13 Nov 4 20:48 /proc/net/ipsec_spi -> ipsec/spi/all lrwxrwxrwx 1 root root 16 Nov 4 20:48 /proc/net/ipsec_spigrp -> ipsec/spigrp/all lrwxrwxrwx 1 root root 11 Nov 4 20:48 /proc/net/ipsec_tncfg -> ipsec/tncfg lrwxrwxrwx 1 root root 13 Nov 4 20:48 /proc/net/ipsec_version -> ipsec/version + _________________________ usr/src/linux/.config + + test -f /proc/config.gz + uname -r + test -f /lib/modules/2.6.32-5-amd64/build/.config + egrep+ ONFIG_IPSEC|CONFIG_KLIPS|CONFIG_NET_KEY|CONFIG_INET|CONFIG_IP|CONFIG_HW_RANDOM|CONFIG_CRYPTO_DEV|_XFRM uname -r + cat /lib/modules/2.6.32-5-amd64/build/.config CONFIG_IPC_NS=y CONFIG_XFRM=y CONFIG_XFRM_USER=m CONFIG_XFRM_SUB_POLICY=y CONFIG_XFRM_MIGRATE=y # CONFIG_XFRM_STATISTICS is not set CONFIG_XFRM_IPCOMP=m CONFIG_NET_KEY=m CONFIG_NET_KEY_MIGRATE=y CONFIG_INET=y CONFIG_IP_MULTICAST=y CONFIG_IP_ADVANCED_ROUTER=y # CONFIG_IP_FIB_TRIE is not set CONFIG_IP_FIB_HASH=y CONFIG_IP_MULTIPLE_TABLES=y CONFIG_IP_ROUTE_MULTIPATH=y CONFIG_IP_ROUTE_VERBOSE=y # CONFIG_IP_PNP is not set CONFIG_IP_MROUTE=y CONFIG_IP_PIMSM_V1=y CONFIG_IP_PIMSM_V2=y CONFIG_INET_AH=m CONFIG_INET_ESP=m CONFIG_INET_IPCOMP=m CONFIG_INET_XFRM_TUNNEL=m CONFIG_INET_TUNNEL=m CONFIG_INET_XFRM_MODE_TRANSPORT=m CONFIG_INET_XFRM_MODE_TUNNEL=m CONFIG_INET_XFRM_MODE_BEET=m CONFIG_INET_LRO=m CONFIG_INET_DIAG=m CONFIG_INET_TCP_DIAG=m CONFIG_IPV6=y CONFIG_IPV6_PRIVACY=y CONFIG_IPV6_ROUTER_PREF=y CONFIG_IPV6_ROUTE_INFO=y CONFIG_IPV6_OPTIMISTIC_DAD=y CONFIG_INET6_AH=m CONFIG_INET6_ESP=m CONFIG_INET6_IPCOMP=m CONFIG_IPV6_MIP6=y CONFIG_INET6_XFRM_TUNNEL=m CONFIG_INET6_TUNNEL=m CONFIG_INET6_XFRM_MODE_TRANSPORT=m CONFIG_INET6_XFRM_MODE_TUNNEL=m CONFIG_INET6_XFRM_MODE_BEET=m CONFIG_INET6_XFRM_MODE_ROUTEOPTIMIZATION=m CONFIG_IPV6_SIT=m CONFIG_IPV6_NDISC_NODETYPE=y CONFIG_IPV6_TUNNEL=m CONFIG_IPV6_MULTIPLE_TABLES=y CONFIG_IPV6_SUBTREES=y CONFIG_IPV6_MROUTE=y CONFIG_IPV6_PIMSM_V2=y CONFIG_IP_VS=m CONFIG_IP_VS_IPV6=y # CONFIG_IP_VS_DEBUG is not set CONFIG_IP_VS_TAB_BITS=12 CONFIG_IP_VS_PROTO_TCP=y CONFIG_IP_VS_PROTO_UDP=y CONFIG_IP_VS_PROTO_AH_ESP=y CONFIG_IP_VS_PROTO_ESP=y CONFIG_IP_VS_PROTO_AH=y CONFIG_IP_VS_RR=m CONFIG_IP_VS_WRR=m CONFIG_IP_VS_LC=m CONFIG_IP_VS_WLC=m CONFIG_IP_VS_LBLC=m CONFIG_IP_VS_LBLCR=m CONFIG_IP_VS_DH=m CONFIG_IP_VS_SH=m CONFIG_IP_VS_SED=m CONFIG_IP_VS_NQ=m CONFIG_IP_VS_FTP=m CONFIG_IP_NF_QUEUE=m CONFIG_IP_NF_IPTABLES=m CONFIG_IP_NF_MATCH_ADDRTYPE=m CONFIG_IP_NF_MATCH_AH=m CONFIG_IP_NF_MATCH_ECN=m CONFIG_IP_NF_MATCH_TTL=m CONFIG_IP_NF_FILTER=m CONFIG_IP_NF_TARGET_REJECT=m CONFIG_IP_NF_TARGET_LOG=m CONFIG_IP_NF_TARGET_ULOG=m CONFIG_IP_NF_TARGET_MASQUERADE=m CONFIG_IP_NF_TARGET_NETMAP=m CONFIG_IP_NF_TARGET_REDIRECT=m CONFIG_IP_NF_MANGLE=m CONFIG_IP_NF_TARGET_CLUSTERIP=m CONFIG_IP_NF_TARGET_ECN=m CONFIG_IP_NF_TARGET_TTL=m CONFIG_IP_NF_RAW=m CONFIG_IP_NF_SECURITY=m CONFIG_IP_NF_ARPTABLES=m CONFIG_IP_NF_ARPFILTER=m CONFIG_IP_NF_ARP_MANGLE=m CONFIG_IP6_NF_QUEUE=m CONFIG_IP6_NF_IPTABLES=m CONFIG_IP6_NF_MATCH_AH=m CONFIG_IP6_NF_MATCH_EUI64=m CONFIG_IP6_NF_MATCH_FRAG=m CONFIG_IP6_NF_MATCH_OPTS=m CONFIG_IP6_NF_MATCH_HL=m CONFIG_IP6_NF_MATCH_IPV6HEADER=m CONFIG_IP6_NF_MATCH_MH=m CONFIG_IP6_NF_MATCH_RT=m CONFIG_IP6_NF_TARGET_HL=m CONFIG_IP6_NF_TARGET_LOG=m CONFIG_IP6_NF_FILTER=m CONFIG_IP6_NF_TARGET_REJECT=m CONFIG_IP6_NF_MANGLE=m CONFIG_IP6_NF_RAW=m CONFIG_IP6_NF_SECURITY=m CONFIG_IP_DCCP=m CONFIG_INET_DCCP_DIAG=m # CONFIG_IP_DCCP_CCID2_DEBUG is not set CONFIG_IP_DCCP_CCID3=y # CONFIG_IP_DCCP_CCID3_DEBUG is not set CONFIG_IP_DCCP_CCID3_RTO=100 CONFIG_IP_DCCP_TFRC_LIB=y # CONFIG_IP_DCCP_DEBUG is not set CONFIG_IP_SCTP=m CONFIG_IPX=m # CONFIG_IPX_INTERN is not set CONFIG_IPDDP=m CONFIG_IPDDP_ENCAP=y CONFIG_IPDDP_DECAP=y CONFIG_IP1000=m # CONFIG_IPW2100 is not set CONFIG_IPW2200=m CONFIG_IPW2200_MONITOR=y CONFIG_IPW2200_RADIOTAP=y CONFIG_IPW2200_PROMISCUOUS=y CONFIG_IPW2200_QOS=y # CONFIG_IPW2200_DEBUG is not set CONFIG_IPPP_FILTER=y CONFIG_IPMI_HANDLER=m # CONFIG_IPMI_PANIC_EVENT is not set CONFIG_IPMI_DEVICE_INTERFACE=m CONFIG_IPMI_SI=m CONFIG_IPMI_WATCHDOG=m CONFIG_IPMI_POWEROFF=m CONFIG_HW_RANDOM=m CONFIG_HW_RANDOM_TIMERIOMEM=m CONFIG_HW_RANDOM_INTEL=m CONFIG_HW_RANDOM_AMD=m CONFIG_HW_RANDOM_VIA=m CONFIG_HW_RANDOM_VIRTIO=m CONFIG_IPWIRELESS=m CONFIG_SECURITY_NETWORK_XFRM=y CONFIG_CRYPTO_DEV_PADLOCK=m CONFIG_CRYPTO_DEV_PADLOCK_AES=m CONFIG_CRYPTO_DEV_PADLOCK_SHA=m CONFIG_CRYPTO_DEV_HIFN_795X=m CONFIG_CRYPTO_DEV_HIFN_795X_RNG=y + _________________________ etc/syslog.conf + + _________________________ etc/syslog-ng/syslog-ng.conf + + cat /etc/syslog-ng/syslog-ng.conf cat: /etc/syslog-ng/syslog-ng.conf: No such file or directory + cat /etc/syslog.conf cat: /etc/syslog.conf: No such file or directory + _________________________ etc/resolv.conf + + cat /etc/resolv.conf domain net.cmalton.me.uk search net.cmalton.me.uk net.cmalton.me.uk. kegs.local. nameserver 172.30.2.1 + _________________________ lib/modules-ls + + ls -ltr /lib/modules total 4 drwxr-xr-x 4 root root 4096 Nov 4 18:48 2.6.32-5-amd64 + _________________________ fipscheck + + cat /proc/sys/crypto/fips_enabled 0 + _________________________ /proc/ksyms-netif_rx + + test -r /proc/ksyms + test -r /proc/kallsyms + egrep netif_rx /proc/kallsyms ffffffff8124efc8 T netif_rx ffffffff8124fdb9 T netif_rx_ni + _________________________ lib/modules-netif_rx + + modulegoo kernel/net/ipv4/ipip.o netif_rx + set +x 2.6.32-5-amd64: + _________________________ kern.debug + + test -f /var/log/kern.debug + _________________________ klog + + sed -n 25844,$p /var/log/syslog + cat + egrep -i ipsec|klips|pluto Nov 4 20:44:53 hellcat ipsec_setup: Starting Openswan IPsec 2.6.28... Nov 4 20:44:53 hellcat ipsec_setup: Using KLIPS/legacy stack Nov 4 20:44:53 hellcat ipsec_setup: KLIPS debug `none' Nov 4 20:44:53 hellcat ipsec_setup: KLIPS ipsec0 on eth0 172.30.2.2/255.255.255.0 broadcast 172.30.2.255 Nov 4 20:44:53 hellcat ipsec_setup: ...Openswan IPsec started Nov 4 20:44:53 hellcat ipsec__plutorun: adjusting ipsec.d to /etc/ipsec.d Nov 4 20:44:53 hellcat pluto: adjusting ipsec.d to /etc/ipsec.d Nov 4 20:44:53 hellcat ipsec__plutorun: 002 loading certificate from /etc/ipsec.d/certs/vpn.kegs.org.uk.pem Nov 4 20:44:53 hellcat ipsec__plutorun: 002 loaded host cert file '/etc/ipsec.d/certs/vpn.kegs.org.uk.pem' (3417 bytes) Nov 4 20:44:53 hellcat ipsec__plutorun: 002 loading certificate from /etc/ipsec.d/certs/cmalton.kegs.local.pem Nov 4 20:44:53 hellcat ipsec__plutorun: 002 loaded host cert file '/etc/ipsec.d/certs/cmalton.kegs.local.pem' (3432 bytes) Nov 4 20:44:53 hellcat ipsec__plutorun: 002 added connection description "cmalton.kegs.local" Nov 4 20:44:53 hellcat ipsec__plutorun: 002 added connection description "passthrough-for-non-l2tp" Nov 4 20:44:53 hellcat ipsec__plutorun: 003 NAT-Traversal: Trying new style NAT-T + _________________________ plog + + sed -n 13322,$p /var/log/auth.log + cat + egrep -i pluto Nov 4 20:44:53 hellcat ipsec__plutorun: Starting Pluto subsystem... Nov 4 20:44:53 hellcat pluto[3134]: Starting Pluto (Openswan Version 2.6.28; Vendor ID OEQ{O\177nez{CQ) pid:3134 Nov 4 20:44:53 hellcat pluto[3134]: SAref support [disabled]: Protocol not available Nov 4 20:44:53 hellcat pluto[3134]: SAbind support [disabled]: Protocol not available Nov 4 20:44:53 hellcat pluto[3134]: Setting NAT-Traversal port-4500 floating to on Nov 4 20:44:53 hellcat pluto[3134]: port floating activation criteria nat_t=1/port_float=1 Nov 4 20:44:53 hellcat pluto[3134]: NAT-Traversal support [enabled] Nov 4 20:44:53 hellcat pluto[3134]: | opening /dev/urandom Nov 4 20:44:53 hellcat pluto[3134]: using /dev/urandom as source of random entropy Nov 4 20:44:53 hellcat pluto[3134]: | inserting event EVENT_REINIT_SECRET, timeout in 3600 seconds Nov 4 20:44:53 hellcat pluto[3134]: | inserting event EVENT_PENDING_DDNS, timeout in 60 seconds Nov 4 20:44:53 hellcat pluto[3134]: | inserting event EVENT_PENDING_PHASE2, timeout in 120 seconds Nov 4 20:44:53 hellcat pluto[3134]: ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC_SSH: Ok (ret=0) Nov 4 20:44:53 hellcat pluto[3134]: ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC: Ok (ret=0) Nov 4 20:44:53 hellcat pluto[3134]: ike_alg_register_enc(): Activating OAKLEY_SERPENT_CBC: Ok (ret=0) Nov 4 20:44:53 hellcat pluto[3134]: ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0) Nov 4 20:44:53 hellcat pluto[3134]: ike_alg_register_enc(): Activating OAKLEY_BLOWFISH_CBC: Ok (ret=0) Nov 4 20:44:53 hellcat pluto[3134]: ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok (ret=0) Nov 4 20:44:53 hellcat pluto[3134]: ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok (ret=0) Nov 4 20:44:53 hellcat pluto[3134]: starting up 1 cryptographic helpers Nov 4 20:44:53 hellcat pluto[3134]: started helper pid=3137 (fd:7) Nov 4 20:44:53 hellcat pluto[3134]: Kernel interface auto-pick Nov 4 20:44:53 hellcat pluto[3134]: No Kernel NETKEY interface detected Nov 4 20:44:53 hellcat pluto[3134]: Using KLIPSng (mast) IPsec interface code on 2.6.32-5-amd64 Nov 4 20:44:53 hellcat pluto[3134]: | inserting event EVENT_SHUNT_SCAN, timeout in 120 seconds Nov 4 20:44:53 hellcat pluto[3137]: | opening /dev/urandom Nov 4 20:44:53 hellcat pluto[3137]: using /dev/urandom as source of random entropy Nov 4 20:44:53 hellcat pluto[3134]: Changed path to directory '/etc/ipsec.d/cacerts' Nov 4 20:44:53 hellcat pluto[3137]: ! helper 0 waiting on fd: 8 Nov 4 20:44:53 hellcat pluto[3134]: loaded CA cert file 'cacert.pem' (3707 bytes) Nov 4 20:44:53 hellcat pluto[3134]: | file content is not binary ASN.1 Nov 4 20:44:53 hellcat pluto[3134]: | -----BEGIN CERTIFICATE----- Nov 4 20:44:53 hellcat pluto[3134]: | -----END CERTIFICATE----- Nov 4 20:44:53 hellcat pluto[3134]: | file coded in PEM format Nov 4 20:44:53 hellcat pluto[3134]: | L0 - certificate: Nov 4 20:44:53 hellcat pluto[3134]: | L1 - tbsCertificate: Nov 4 20:44:53 hellcat pluto[3134]: | L2 - DEFAULT v1: Nov 4 20:44:53 hellcat pluto[3134]: | L3 - version: Nov 4 20:44:53 hellcat pluto[3134]: | v3 Nov 4 20:44:53 hellcat pluto[3134]: | L2 - serialNumber: Nov 4 20:44:53 hellcat pluto[3134]: | L2 - signature: Nov 4 20:44:53 hellcat pluto[3134]: | L3 - algorithmIdentifier: Nov 4 20:44:53 hellcat pluto[3134]: | L4 - algorithm: Nov 4 20:44:53 hellcat pluto[3134]: | 'sha-1WithRSAEncryption' Nov 4 20:44:53 hellcat pluto[3134]: | L2 - issuer: Nov 4 20:44:53 hellcat pluto[3134]: | 'C=GB, ST=Essex, O=King Edward VI Grammar School, OU=ICT, CN=L2TP VPN Certificate Authority, E=ict@kegs.org.uk' Nov 4 20:44:53 hellcat pluto[3134]: | L2 - validity: Nov 4 20:44:53 hellcat pluto[3134]: | L3 - notBefore: Nov 4 20:44:53 hellcat pluto[3134]: | L4 - utcTime: Nov 4 20:44:53 hellcat pluto[3134]: | 'Nov 03 22:05:17 UTC 2011' Nov 4 20:44:53 hellcat pluto[3134]: | L3 - notAfter: Nov 4 20:44:53 hellcat pluto[3134]: | L4 - utcTime: Nov 4 20:44:53 hellcat pluto[3134]: | 'Nov 02 22:05:17 UTC 2014' Nov 4 20:44:53 hellcat pluto[3134]: | L2 - subject: Nov 4 20:44:53 hellcat pluto[3134]: | 'C=GB, ST=Essex, O=King Edward VI Grammar School, OU=ICT, CN=L2TP VPN Certificate Authority, E=ict@kegs.org.uk' Nov 4 20:44:53 hellcat pluto[3134]: | L2 - subjectPublicKeyInfo: Nov 4 20:44:53 hellcat pluto[3134]: | L3 - algorithm: Nov 4 20:44:53 hellcat pluto[3134]: | L4 - algorithmIdentifier: Nov 4 20:44:53 hellcat pluto[3134]: | L5 - algorithm: Nov 4 20:44:53 hellcat pluto[3134]: | 'rsaEncryption' Nov 4 20:44:53 hellcat pluto[3134]: | L3 - subjectPublicKey: Nov 4 20:44:53 hellcat pluto[3134]: | L4 - RSAPublicKey: Nov 4 20:44:53 hellcat pluto[3134]: | L5 - modulus: Nov 4 20:44:53 hellcat pluto[3134]: | L5 - publicExponent: Nov 4 20:44:53 hellcat pluto[3134]: | L2 - optional extensions: Nov 4 20:44:53 hellcat pluto[3134]: | L3 - extensions: Nov 4 20:44:53 hellcat pluto[3134]: | L4 - extension: Nov 4 20:44:53 hellcat pluto[3134]: | L5 - extnID: Nov 4 20:44:53 hellcat pluto[3134]: | 'subjectKeyIdentifier' Nov 4 20:44:53 hellcat pluto[3134]: | L5 - critical: Nov 4 20:44:53 hellcat pluto[3134]: | FALSE Nov 4 20:44:53 hellcat pluto[3134]: | L5 - extnValue: Nov 4 20:44:53 hellcat pluto[3134]: | L6 - keyIdentifier: Nov 4 20:44:53 hellcat pluto[3134]: | L4 - extension: Nov 4 20:44:53 hellcat pluto[3134]: | L5 - extnID: Nov 4 20:44:53 hellcat pluto[3134]: | 'authorityKeyIdentifier' Nov 4 20:44:53 hellcat pluto[3134]: | L5 - critical: Nov 4 20:44:53 hellcat pluto[3134]: | FALSE Nov 4 20:44:53 hellcat pluto[3134]: | L5 - extnValue: Nov 4 20:44:53 hellcat pluto[3134]: | L6 - authorityKeyIdentifier: Nov 4 20:44:53 hellcat pluto[3134]: | L7 - keyIdentifier: Nov 4 20:44:53 hellcat pluto[3134]: | L8 - keyIdentifier: Nov 4 20:44:53 hellcat pluto[3134]: | L7 - authorityCertIssuer: Nov 4 20:44:53 hellcat pluto[3134]: | L8 - generalNames: Nov 4 20:44:53 hellcat pluto[3134]: | L9 - generalName: Nov 4 20:44:53 hellcat pluto[3134]: | L10 - directoryName: Nov 4 20:44:53 hellcat pluto[3134]: | 'C=GB, ST=Essex, O=King Edward VI Grammar School, OU=ICT, CN=L2TP VPN Certificate Authority, E=ict@kegs.org.uk' Nov 4 20:44:53 hellcat pluto[3134]: | L7 - authorityCertSerialNumber: Nov 4 20:44:53 hellcat pluto[3134]: | L4 - extension: Nov 4 20:44:53 hellcat pluto[3134]: | L5 - extnID: Nov 4 20:44:53 hellcat pluto[3134]: | 'basicConstraints' Nov 4 20:44:53 hellcat pluto[3134]: | L5 - critical: Nov 4 20:44:53 hellcat pluto[3134]: | FALSE Nov 4 20:44:53 hellcat pluto[3134]: | L5 - extnValue: Nov 4 20:44:53 hellcat pluto[3134]: | L6 - basicConstraints: Nov 4 20:44:53 hellcat pluto[3134]: | L7 - CA: Nov 4 20:44:53 hellcat pluto[3134]: | TRUE Nov 4 20:44:53 hellcat pluto[3134]: | L1 - signatureAlgorithm: Nov 4 20:44:53 hellcat pluto[3134]: | L2 - algorithmIdentifier: Nov 4 20:44:53 hellcat pluto[3134]: | L3 - algorithm: Nov 4 20:44:53 hellcat pluto[3134]: | 'sha-1WithRSAEncryption' Nov 4 20:44:53 hellcat pluto[3134]: | L1 - signatureValue: Nov 4 20:44:53 hellcat pluto[3134]: | authcert inserted Nov 4 20:44:53 hellcat pluto[3134]: Changed path to directory '/etc/ipsec.d/aacerts' Nov 4 20:44:53 hellcat pluto[3134]: Changed path to directory '/etc/ipsec.d/ocspcerts' Nov 4 20:44:53 hellcat pluto[3134]: Changing to directory '/etc/ipsec.d/crls' Nov 4 20:44:53 hellcat pluto[3134]: Warning: empty directory Nov 4 20:44:53 hellcat pluto[3134]: | inserting event EVENT_LOG_DAILY, timeout in 11707 seconds Nov 4 20:44:53 hellcat pluto[3134]: | next event EVENT_PENDING_DDNS in 60 seconds Nov 4 20:44:53 hellcat pluto[3134]: | Nov 4 20:44:53 hellcat pluto[3134]: | *received whack message Nov 4 20:44:53 hellcat pluto[3134]: | Added new connection cmalton.kegs.local with policy RSASIG+ENCRYPT+DONTREKEY+IKEv2ALLOW Nov 4 20:44:53 hellcat pluto[3134]: loading certificate from /etc/ipsec.d/certs/vpn.kegs.org.uk.pem Nov 4 20:44:53 hellcat pluto[3134]: loaded host cert file '/etc/ipsec.d/certs/vpn.kegs.org.uk.pem' (3417 bytes) Nov 4 20:44:53 hellcat pluto[3134]: | file content is not binary ASN.1 Nov 4 20:44:53 hellcat pluto[3134]: | -----BEGIN CERTIFICATE----- Nov 4 20:44:53 hellcat pluto[3134]: | -----END CERTIFICATE----- Nov 4 20:44:53 hellcat pluto[3134]: | file coded in PEM format Nov 4 20:44:53 hellcat pluto[3134]: | L0 - certificate: Nov 4 20:44:53 hellcat pluto[3134]: | L1 - tbsCertificate: Nov 4 20:44:53 hellcat pluto[3134]: | L2 - DEFAULT v1: Nov 4 20:44:53 hellcat pluto[3134]: | L3 - version: Nov 4 20:44:53 hellcat pluto[3134]: | v3 Nov 4 20:44:53 hellcat pluto[3134]: | L2 - serialNumber: Nov 4 20:44:53 hellcat pluto[3134]: | L2 - signature: Nov 4 20:44:53 hellcat pluto[3134]: | L3 - algorithmIdentifier: Nov 4 20:44:53 hellcat pluto[3134]: | L4 - algorithm: Nov 4 20:44:53 hellcat pluto[3134]: | 'sha-1WithRSAEncryption' Nov 4 20:44:53 hellcat pluto[3134]: | L2 - issuer: Nov 4 20:44:53 hellcat pluto[3134]: | 'C=GB, ST=Essex, O=King Edward VI Grammar School, OU=ICT, CN=L2TP VPN Certificate Authority, E=ict@kegs.org.uk' Nov 4 20:44:53 hellcat pluto[3134]: | L2 - validity: Nov 4 20:44:53 hellcat pluto[3134]: | L3 - notBefore: Nov 4 20:44:53 hellcat pluto[3134]: | L4 - utcTime: Nov 4 20:44:53 hellcat pluto[3134]: | 'Nov 03 22:20:06 UTC 2011' Nov 4 20:44:53 hellcat pluto[3134]: | L3 - notAfter: Nov 4 20:44:53 hellcat pluto[3134]: | L4 - utcTime: Nov 4 20:44:53 hellcat pluto[3134]: | 'Oct 31 22:20:06 UTC 2021' Nov 4 20:44:53 hellcat pluto[3134]: | L2 - subject: Nov 4 20:44:53 hellcat pluto[3134]: | 'C=GB, ST=Essex, L=Chelmsford, O=King Edward VI Grammar School, OU=ICT, CN=vpn.kegs.org.uk, E=ict@kegs.org.uk' Nov 4 20:44:53 hellcat pluto[3134]: | L2 - subjectPublicKeyInfo: Nov 4 20:44:53 hellcat pluto[3134]: | L3 - algorithm: Nov 4 20:44:53 hellcat pluto[3134]: | L4 - algorithmIdentifier: Nov 4 20:44:53 hellcat pluto[3134]: | L5 - algorithm: Nov 4 20:44:53 hellcat pluto[3134]: | 'rsaEncryption' Nov 4 20:44:53 hellcat pluto[3134]: | L3 - subjectPublicKey: Nov 4 20:44:53 hellcat pluto[3134]: | L4 - RSAPublicKey: Nov 4 20:44:53 hellcat pluto[3134]: | L5 - modulus: Nov 4 20:44:53 hellcat pluto[3134]: | L5 - publicExponent: Nov 4 20:44:53 hellcat pluto[3134]: | L2 - optional extensions: Nov 4 20:44:53 hellcat pluto[3134]: | L3 - extensions: Nov 4 20:44:53 hellcat pluto[3134]: | L4 - extension: Nov 4 20:44:53 hellcat pluto[3134]: | L5 - extnID: Nov 4 20:44:53 hellcat pluto[3134]: | 'basicConstraints' Nov 4 20:44:53 hellcat pluto[3134]: | L5 - critical: Nov 4 20:44:53 hellcat pluto[3134]: | FALSE Nov 4 20:44:53 hellcat pluto[3134]: | L5 - extnValue: Nov 4 20:44:53 hellcat pluto[3134]: | L6 - basicConstraints: Nov 4 20:44:53 hellcat pluto[3134]: | L7 - CA: Nov 4 20:44:53 hellcat pluto[3134]: | FALSE Nov 4 20:44:53 hellcat pluto[3134]: | L4 - extension: Nov 4 20:44:53 hellcat pluto[3134]: | L5 - extnID: Nov 4 20:44:53 hellcat pluto[3134]: | 'nsComment' Nov 4 20:44:53 hellcat pluto[3134]: | L5 - critical: Nov 4 20:44:53 hellcat pluto[3134]: | FALSE Nov 4 20:44:53 hellcat pluto[3134]: | L5 - extnValue: Nov 4 20:44:53 hellcat pluto[3134]: | L4 - extension: Nov 4 20:44:53 hellcat pluto[3134]: | L5 - extnID: Nov 4 20:44:53 hellcat pluto[3134]: | 'subjectKeyIdentifier' Nov 4 20:44:53 hellcat pluto[3134]: | L5 - critical: Nov 4 20:44:53 hellcat pluto[3134]: | FALSE Nov 4 20:44:53 hellcat pluto[3134]: | L5 - extnValue: Nov 4 20:44:53 hellcat pluto[3134]: | L6 - keyIdentifier: Nov 4 20:44:53 hellcat pluto[3134]: | L4 - extension: Nov 4 20:44:53 hellcat pluto[3134]: | L5 - extnID: Nov 4 20:44:53 hellcat pluto[3134]: | 'authorityKeyIdentifier' Nov 4 20:44:53 hellcat pluto[3134]: | L5 - critical: Nov 4 20:44:53 hellcat pluto[3134]: | FALSE Nov 4 20:44:53 hellcat pluto[3134]: | L5 - extnValue: Nov 4 20:44:53 hellcat pluto[3134]: | L6 - authorityKeyIdentifier: Nov 4 20:44:53 hellcat pluto[3134]: | L7 - keyIdentifier: Nov 4 20:44:53 hellcat pluto[3134]: | L8 - keyIdentifier: Nov 4 20:44:53 hellcat pluto[3134]: | L1 - signatureAlgorithm: Nov 4 20:44:53 hellcat pluto[3134]: | L2 - algorithmIdentifier: Nov 4 20:44:53 hellcat pluto[3134]: | L3 - algorithm: Nov 4 20:44:53 hellcat pluto[3134]: | 'sha-1WithRSAEncryption' Nov 4 20:44:53 hellcat pluto[3134]: | L1 - signatureValue: Nov 4 20:44:53 hellcat pluto[3134]: | certificate is valid Nov 4 20:44:53 hellcat pluto[3134]: | counting wild cards for C=GB, ST=Essex, L=Chelmsford, O=King Edward VI Grammar School, OU=ICT, CN=vpn.kegs.org.uk, E=ict@kegs.org.uk is 0 Nov 4 20:44:53 hellcat pluto[3134]: loading certificate from /etc/ipsec.d/certs/cmalton.kegs.local.pem Nov 4 20:44:53 hellcat pluto[3134]: loaded host cert file '/etc/ipsec.d/certs/cmalton.kegs.local.pem' (3432 bytes) Nov 4 20:44:53 hellcat pluto[3134]: | file content is not binary ASN.1 Nov 4 20:44:53 hellcat pluto[3134]: | -----BEGIN CERTIFICATE----- Nov 4 20:44:53 hellcat pluto[3134]: | -----END CERTIFICATE----- Nov 4 20:44:53 hellcat pluto[3134]: | file coded in PEM format Nov 4 20:44:53 hellcat pluto[3134]: | L0 - certificate: Nov 4 20:44:53 hellcat pluto[3134]: | L1 - tbsCertificate: Nov 4 20:44:53 hellcat pluto[3134]: | L2 - DEFAULT v1: Nov 4 20:44:53 hellcat pluto[3134]: | L3 - version: Nov 4 20:44:53 hellcat pluto[3134]: | v3 Nov 4 20:44:53 hellcat pluto[3134]: | L2 - serialNumber: Nov 4 20:44:53 hellcat pluto[3134]: | L2 - signature: Nov 4 20:44:53 hellcat pluto[3134]: | L3 - algorithmIdentifier: Nov 4 20:44:53 hellcat pluto[3134]: | L4 - algorithm: Nov 4 20:44:53 hellcat pluto[3134]: | 'sha-1WithRSAEncryption' Nov 4 20:44:53 hellcat pluto[3134]: | L2 - issuer: Nov 4 20:44:53 hellcat pluto[3134]: | 'C=GB, ST=Essex, O=King Edward VI Grammar School, OU=ICT, CN=L2TP VPN Certificate Authority, E=ict@kegs.org.uk' Nov 4 20:44:53 hellcat pluto[3134]: | L2 - validity: Nov 4 20:44:53 hellcat pluto[3134]: | L3 - notBefore: Nov 4 20:44:53 hellcat pluto[3134]: | L4 - utcTime: Nov 4 20:44:53 hellcat pluto[3134]: | 'Nov 03 22:21:25 UTC 2011' Nov 4 20:44:53 hellcat pluto[3134]: | L3 - notAfter: Nov 4 20:44:53 hellcat pluto[3134]: | L4 - utcTime: Nov 4 20:44:53 hellcat pluto[3134]: | 'Oct 31 22:21:25 UTC 2021' Nov 4 20:44:53 hellcat pluto[3134]: | L2 - subject: Nov 4 20:44:53 hellcat pluto[3134]: | 'C=GB, ST=Essex, L=Chelmsford, O=King Edward VI Grammar School, OU=ICT, CN=cmalton.kegs.local, E=cmalton@kegs.org.uk' Nov 4 20:44:53 hellcat pluto[3134]: | L2 - subjectPublicKeyInfo: Nov 4 20:44:53 hellcat pluto[3134]: | L3 - algorithm: Nov 4 20:44:53 hellcat pluto[3134]: | L4 - algorithmIdentifier: Nov 4 20:44:53 hellcat pluto[3134]: | L5 - algorithm: Nov 4 20:44:53 hellcat pluto[3134]: | 'rsaEncryption' Nov 4 20:44:53 hellcat pluto[3134]: | L3 - subjectPublicKey: Nov 4 20:44:53 hellcat pluto[3134]: | L4 - RSAPublicKey: Nov 4 20:44:53 hellcat pluto[3134]: | L5 - modulus: Nov 4 20:44:53 hellcat pluto[3134]: | L5 - publicExponent: Nov 4 20:44:53 hellcat pluto[3134]: | L2 - optional extensions: Nov 4 20:44:53 hellcat pluto[3134]: | L3 - extensions: Nov 4 20:44:53 hellcat pluto[3134]: | L4 - extension: Nov 4 20:44:53 hellcat pluto[3134]: | L5 - extnID: Nov 4 20:44:53 hellcat pluto[3134]: | 'basicConstraints' Nov 4 20:44:53 hellcat pluto[3134]: | L5 - critical: Nov 4 20:44:53 hellcat pluto[3134]: | FALSE Nov 4 20:44:53 hellcat pluto[3134]: | L5 - extnValue: Nov 4 20:44:53 hellcat pluto[3134]: | L6 - basicConstraints: Nov 4 20:44:53 hellcat pluto[3134]: | L7 - CA: Nov 4 20:44:53 hellcat pluto[3134]: | FALSE Nov 4 20:44:53 hellcat pluto[3134]: | L4 - extension: Nov 4 20:44:53 hellcat pluto[3134]: | L5 - extnID: Nov 4 20:44:53 hellcat pluto[3134]: | 'nsComment' Nov 4 20:44:53 hellcat pluto[3134]: | L5 - critical: Nov 4 20:44:53 hellcat pluto[3134]: | FALSE Nov 4 20:44:53 hellcat pluto[3134]: | L5 - extnValue: Nov 4 20:44:53 hellcat pluto[3134]: | L4 - extension: Nov 4 20:44:53 hellcat pluto[3134]: | L5 - extnID: Nov 4 20:44:53 hellcat pluto[3134]: | 'subjectKeyIdentifier' Nov 4 20:44:53 hellcat pluto[3134]: | L5 - critical: Nov 4 20:44:53 hellcat pluto[3134]: | FALSE Nov 4 20:44:53 hellcat pluto[3134]: | L5 - extnValue: Nov 4 20:44:53 hellcat pluto[3134]: | L6 - keyIdentifier: Nov 4 20:44:53 hellcat pluto[3134]: | L4 - extension: Nov 4 20:44:53 hellcat pluto[3134]: | L5 - extnID: Nov 4 20:44:53 hellcat pluto[3134]: | 'authorityKeyIdentifier' Nov 4 20:44:53 hellcat pluto[3134]: | L5 - critical: Nov 4 20:44:53 hellcat pluto[3134]: | FALSE Nov 4 20:44:53 hellcat pluto[3134]: | L5 - extnValue: Nov 4 20:44:53 hellcat pluto[3134]: | L6 - authorityKeyIdentifier: Nov 4 20:44:53 hellcat pluto[3134]: | L7 - keyIdentifier: Nov 4 20:44:53 hellcat pluto[3134]: | L8 - keyIdentifier: Nov 4 20:44:53 hellcat pluto[3134]: | L1 - signatureAlgorithm: Nov 4 20:44:53 hellcat pluto[3134]: | L2 - algorithmIdentifier: Nov 4 20:44:53 hellcat pluto[3134]: | L3 - algorithm: Nov 4 20:44:53 hellcat pluto[3134]: | 'sha-1WithRSAEncryption' Nov 4 20:44:53 hellcat pluto[3134]: | L1 - signatureValue: Nov 4 20:44:53 hellcat pluto[3134]: | certificate is valid Nov 4 20:44:53 hellcat pluto[3134]: | counting wild cards for C=GB, ST=Essex, L=Chelmsford, O=King Edward VI Grammar School, OU=ICT, CN=cmalton.kegs.local, E=cmalton@kegs.org.uk is 0 Nov 4 20:44:53 hellcat pluto[3134]: | based upon policy, the connection is a template. Nov 4 20:44:53 hellcat pluto[3134]: added connection description "cmalton.kegs.local" Nov 4 20:44:53 hellcat pluto[3134]: | 172.30.2.2[C=GB, ST=Essex, L=Chelmsford, O=King Edward VI Grammar School, OU=ICT, CN=vpn.kegs.org.uk, E=ict@kegs.org.uk,+S=C]:17/1701...%virtual[C=GB, ST=Essex, L=Chelmsford, O=King Edward VI Grammar School, OU=ICT, CN=cmalton.kegs.local, E=cmalton@kegs.org.uk,+S=C]:17/%any===? Nov 4 20:44:53 hellcat pluto[3134]: | ike_life: 28800s; ipsec_life: 3600s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; policy: RSASIG+ENCRYPT+DONTREKEY+IKEv2ALLOW Nov 4 20:44:53 hellcat pluto[3134]: | * processed 0 messages from cryptographic helpers Nov 4 20:44:53 hellcat pluto[3134]: | next event EVENT_PENDING_DDNS in 60 seconds Nov 4 20:44:53 hellcat pluto[3134]: | next event EVENT_PENDING_DDNS in 60 seconds Nov 4 20:44:53 hellcat pluto[3134]: | Nov 4 20:44:53 hellcat pluto[3134]: | *received whack message Nov 4 20:44:53 hellcat pluto[3134]: | Added new connection passthrough-for-non-l2tp with policy PFS+IKEv2ALLOW+PASS+NEVER_NEGOTIATE Nov 4 20:44:53 hellcat pluto[3134]: | counting wild cards for 172.30.2.2 is 0 Nov 4 20:44:53 hellcat pluto[3134]: | counting wild cards for (none) is 15 Nov 4 20:44:53 hellcat pluto[3134]: added connection description "passthrough-for-non-l2tp" Nov 4 20:44:53 hellcat pluto[3134]: | 172.30.2.2<172.30.2.2>[+S=C]---172.30.2.2...%any[+S=C]===0.0.0.0/0 Nov 4 20:44:53 hellcat pluto[3134]: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; policy: PFS+IKEv2ALLOW+PASS+NEVER_NEGOTIATE Nov 4 20:44:53 hellcat pluto[3134]: | * processed 0 messages from cryptographic helpers Nov 4 20:44:53 hellcat pluto[3134]: | next event EVENT_PENDING_DDNS in 60 seconds Nov 4 20:44:53 hellcat pluto[3134]: | next event EVENT_PENDING_DDNS in 60 seconds Nov 4 20:44:53 hellcat pluto[3134]: | Nov 4 20:44:53 hellcat pluto[3134]: | *received whack message Nov 4 20:44:53 hellcat pluto[3134]: listening for IKE messages Nov 4 20:44:53 hellcat pluto[3134]: | found lo with address 127.0.0.1 Nov 4 20:44:53 hellcat pluto[3134]: | found eth0 with address 172.30.2.2 Nov 4 20:44:53 hellcat pluto[3134]: | found eth1 with address 172.30.3.1 Nov 4 20:44:53 hellcat pluto[3134]: | found ipsec0 with address 172.30.2.2 Nov 4 20:44:53 hellcat pluto[3134]: | found mast0 with address 172.30.3.1 Nov 4 20:44:53 hellcat pluto[3134]: found mast0 device already present Nov 4 20:44:53 hellcat pluto[3134]: device mast0 already in use Nov 4 20:44:53 hellcat pluto[3134]: | useful mast device 0 Nov 4 20:44:53 hellcat pluto[3134]: NAT-Traversal: Trying new style NAT-T Nov 4 20:44:53 hellcat pluto[3134]: adding interface mast0/eth1 172.30.3.1:500 (fd=12) Nov 4 20:44:53 hellcat pluto[3134]: adding interface mast0/eth1 172.30.3.1:4500 (fd=13) Nov 4 20:44:53 hellcat pluto[3134]: adding interface mast0/eth0 172.30.2.2:500 (fd=14) Nov 4 20:44:53 hellcat pluto[3134]: adding interface mast0/eth0 172.30.2.2:4500 (fd=15) Nov 4 20:44:53 hellcat pluto[3134]: | found lo with address 0000:0000:0000:0000:0000:0000:0000:0001 Nov 4 20:44:53 hellcat pluto[3134]: | found eth0 with address 2a01:0348:022f:0001:0000:0000:0000:0002 Nov 4 20:44:53 hellcat pluto[3134]: | useful mast device 0 Nov 4 20:44:53 hellcat pluto[3134]: adding interface mast0/eth0 2a01:348:22f:1::2:500 (fd=16) Nov 4 20:44:53 hellcat pluto[3134]: | useful mast device 0 Nov 4 20:44:53 hellcat pluto[3134]: loading secrets from "/etc/ipsec.secrets" Nov 4 20:44:53 hellcat pluto[3134]: loading secrets from "/var/lib/openswan/ipsec.secrets.inc" Nov 4 20:44:53 hellcat pluto[3134]: loaded private key file '/etc/ipsec.d/private/cmalton.kegs.local.pem' (963 bytes) Nov 4 20:44:53 hellcat pluto[3134]: | file content is not binary ASN.1 Nov 4 20:44:53 hellcat pluto[3134]: | -----BEGIN RSA PRIVATE KEY----- Nov 4 20:44:53 hellcat pluto[3134]: | Proc-Type: 4,ENCRYPTED Nov 4 20:44:53 hellcat pluto[3134]: | DEK-Info: DES-EDE3-CBC,953FA5681177E88C Nov 4 20:44:53 hellcat pluto[3134]: | -----END RSA PRIVATE KEY----- Nov 4 20:44:53 hellcat pluto[3134]: | file coded in PEM format Nov 4 20:44:53 hellcat pluto[3134]: | L0 - RSAPrivateKey: Nov 4 20:44:53 hellcat pluto[3134]: | L1 - version: Nov 4 20:44:53 hellcat pluto[3134]: | L1 - modulus: Nov 4 20:44:53 hellcat pluto[3134]: | L1 - publicExponent: Nov 4 20:44:53 hellcat pluto[3134]: | L1 - privateExponent: Nov 4 20:44:53 hellcat pluto[3134]: | L1 - prime1: Nov 4 20:44:53 hellcat pluto[3134]: | L1 - prime2: Nov 4 20:44:53 hellcat pluto[3134]: | L1 - exponent1: Nov 4 20:44:53 hellcat pluto[3134]: | L1 - exponent2: Nov 4 20:44:53 hellcat pluto[3134]: | L1 - coefficient: Nov 4 20:44:53 hellcat pluto[3134]: loaded private key for keyid: PPK_RSA:AwEAAbqKo Nov 4 20:44:53 hellcat pluto[3134]: loaded private key file '/etc/ipsec.d/private/vpn.kegs.org.uk.pem' (951 bytes) Nov 4 20:44:53 hellcat pluto[3134]: | file content is not binary ASN.1 Nov 4 20:44:53 hellcat pluto[3134]: | -----BEGIN RSA PRIVATE KEY----- Nov 4 20:44:53 hellcat pluto[3134]: | Proc-Type: 4,ENCRYPTED Nov 4 20:44:53 hellcat pluto[3134]: | DEK-Info: DES-EDE3-CBC,C240C039443DE062 Nov 4 20:44:53 hellcat pluto[3134]: | -----END RSA PRIVATE KEY----- Nov 4 20:44:53 hellcat pluto[3134]: | file coded in PEM format Nov 4 20:44:53 hellcat pluto[3134]: | L0 - RSAPrivateKey: Nov 4 20:44:53 hellcat pluto[3134]: | L1 - version: Nov 4 20:44:53 hellcat pluto[3134]: | L1 - modulus: Nov 4 20:44:53 hellcat pluto[3134]: | L1 - publicExponent: Nov 4 20:44:53 hellcat pluto[3134]: | L1 - privateExponent: Nov 4 20:44:53 hellcat pluto[3134]: | L1 - prime1: Nov 4 20:44:53 hellcat pluto[3134]: | L1 - prime2: Nov 4 20:44:53 hellcat pluto[3134]: | L1 - exponent1: Nov 4 20:44:53 hellcat pluto[3134]: | L1 - exponent2: Nov 4 20:44:53 hellcat pluto[3134]: | L1 - coefficient: Nov 4 20:44:53 hellcat pluto[3134]: loaded private key for keyid: PPK_RSA:AwEAAZ9vL Nov 4 20:44:53 hellcat pluto[3134]: | * processed 0 messages from cryptographic helpers Nov 4 20:44:53 hellcat pluto[3134]: | next event EVENT_PENDING_DDNS in 60 seconds Nov 4 20:44:53 hellcat pluto[3134]: | next event EVENT_PENDING_DDNS in 60 seconds Nov 4 20:44:53 hellcat pluto[3134]: | Nov 4 20:44:53 hellcat pluto[3134]: | *received whack message Nov 4 20:44:53 hellcat pluto[3134]: | processing connection passthrough-for-non-l2tp Nov 4 20:44:53 hellcat pluto[3134]: | route owner of "passthrough-for-non-l2tp" unrouted: NULL; eroute owner: NULL Nov 4 20:44:53 hellcat pluto[3134]: | could_route called for passthrough-for-non-l2tp (kind=CK_PERMANENT) Nov 4 20:44:53 hellcat pluto[3134]: | * processed 0 messages from cryptographic helpers Nov 4 20:44:53 hellcat pluto[3134]: | next event EVENT_PENDING_DDNS in 60 seconds Nov 4 20:44:53 hellcat pluto[3134]: | next event EVENT_PENDING_DDNS in 60 seconds Nov 4 20:45:53 hellcat pluto[3134]: | Nov 4 20:45:53 hellcat pluto[3134]: | next event EVENT_PENDING_DDNS in 0 seconds Nov 4 20:45:53 hellcat pluto[3134]: | *time to handle event Nov 4 20:45:53 hellcat pluto[3134]: | handling event EVENT_PENDING_DDNS Nov 4 20:45:53 hellcat pluto[3134]: | event after this is EVENT_SHUNT_SCAN in 60 seconds Nov 4 20:45:53 hellcat pluto[3134]: | inserting event EVENT_PENDING_DDNS, timeout in 60 seconds Nov 4 20:45:53 hellcat pluto[3134]: | next event EVENT_PENDING_DDNS in 60 seconds Nov 4 20:46:01 hellcat pluto[3134]: | Nov 4 20:46:01 hellcat pluto[3134]: | *received 312 bytes from 172.30.2.100:500 on eth0 (port=500) Nov 4 20:46:01 hellcat pluto[3134]: | **parse ISAKMP Message: Nov 4 20:46:01 hellcat pluto[3134]: | initiator cookie: Nov 4 20:46:01 hellcat pluto[3134]: | 01 3a 4d 0d af c4 a3 ac Nov 4 20:46:01 hellcat pluto[3134]: | responder cookie: Nov 4 20:46:01 hellcat pluto[3134]: | 00 00 00 00 00 00 00 00 Nov 4 20:46:01 hellcat pluto[3134]: | next payload type: ISAKMP_NEXT_SA Nov 4 20:46:01 hellcat pluto[3134]: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) Nov 4 20:46:01 hellcat pluto[3134]: | exchange type: ISAKMP_XCHG_IDPROT Nov 4 20:46:01 hellcat pluto[3134]: | flags: none Nov 4 20:46:01 hellcat pluto[3134]: | message ID: 00 00 00 00 Nov 4 20:46:01 hellcat pluto[3134]: | length: 312 Nov 4 20:46:01 hellcat pluto[3134]: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) Nov 4 20:46:01 hellcat pluto[3134]: | got payload 0x2(ISAKMP_NEXT_SA) needed: 0x2 opt: 0x2080 Nov 4 20:46:01 hellcat pluto[3134]: | ***parse ISAKMP Security Association Payload: Nov 4 20:46:01 hellcat pluto[3134]: | next payload type: ISAKMP_NEXT_VID Nov 4 20:46:01 hellcat pluto[3134]: | length: 200 Nov 4 20:46:01 hellcat pluto[3134]: | DOI: ISAKMP_DOI_IPSEC Nov 4 20:46:01 hellcat pluto[3134]: | got payload 0x2000(ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 Nov 4 20:46:01 hellcat pluto[3134]: | ***parse ISAKMP Vendor ID Payload: Nov 4 20:46:01 hellcat pluto[3134]: | next payload type: ISAKMP_NEXT_VID Nov 4 20:46:01 hellcat pluto[3134]: | length: 24 Nov 4 20:46:01 hellcat pluto[3134]: | got payload 0x2000(ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 Nov 4 20:46:01 hellcat pluto[3134]: | ***parse ISAKMP Vendor ID Payload: Nov 4 20:46:01 hellcat pluto[3134]: | next payload type: ISAKMP_NEXT_VID Nov 4 20:46:01 hellcat pluto[3134]: | length: 20 Nov 4 20:46:01 hellcat pluto[3134]: | got payload 0x2000(ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 Nov 4 20:46:01 hellcat pluto[3134]: | ***parse ISAKMP Vendor ID Payload: Nov 4 20:46:01 hellcat pluto[3134]: | next payload type: ISAKMP_NEXT_VID Nov 4 20:46:01 hellcat pluto[3134]: | length: 20 Nov 4 20:46:01 hellcat pluto[3134]: | got payload 0x2000(ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 Nov 4 20:46:01 hellcat pluto[3134]: | ***parse ISAKMP Vendor ID Payload: Nov 4 20:46:01 hellcat pluto[3134]: | next payload type: ISAKMP_NEXT_NONE Nov 4 20:46:01 hellcat pluto[3134]: | length: 20 Nov 4 20:46:01 hellcat pluto[3134]: packet from 172.30.2.100:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004] Nov 4 20:46:01 hellcat pluto[3134]: packet from 172.30.2.100:500: ignoring Vendor ID payload [FRAGMENTATION] Nov 4 20:46:01 hellcat pluto[3134]: packet from 172.30.2.100:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106 Nov 4 20:46:01 hellcat pluto[3134]: packet from 172.30.2.100:500: ignoring Vendor ID payload [Vid-Initial-Contact] Nov 4 20:46:01 hellcat pluto[3134]: | ****parse IPsec DOI SIT: Nov 4 20:46:01 hellcat pluto[3134]: | IPsec DOI SIT: SIT_IDENTITY_ONLY Nov 4 20:46:01 hellcat pluto[3134]: | ****parse ISAKMP Proposal Payload: Nov 4 20:46:01 hellcat pluto[3134]: | next payload type: ISAKMP_NEXT_NONE Nov 4 20:46:01 hellcat pluto[3134]: | length: 188 Nov 4 20:46:01 hellcat pluto[3134]: | proposal number: 1 Nov 4 20:46:01 hellcat pluto[3134]: | protocol ID: PROTO_ISAKMP Nov 4 20:46:01 hellcat pluto[3134]: | SPI size: 0 Nov 4 20:46:01 hellcat pluto[3134]: | number of transforms: 5 Nov 4 20:46:01 hellcat pluto[3134]: | *****parse ISAKMP Transform Payload (ISAKMP): Nov 4 20:46:01 hellcat pluto[3134]: | next payload type: ISAKMP_NEXT_T Nov 4 20:46:01 hellcat pluto[3134]: | length: 36 Nov 4 20:46:01 hellcat pluto[3134]: | transform number: 1 Nov 4 20:46:01 hellcat pluto[3134]: | transform ID: KEY_IKE Nov 4 20:46:01 hellcat pluto[3134]: | ******parse ISAKMP Oakley attribute: Nov 4 20:46:01 hellcat pluto[3134]: | af+type: OAKLEY_ENCRYPTION_ALGORITHM Nov 4 20:46:01 hellcat pluto[3134]: | length/value: 5 Nov 4 20:46:01 hellcat pluto[3134]: | ******parse ISAKMP Oakley attribute: Nov 4 20:46:01 hellcat pluto[3134]: | af+type: OAKLEY_HASH_ALGORITHM Nov 4 20:46:01 hellcat pluto[3134]: | length/value: 2 Nov 4 20:46:01 hellcat pluto[3134]: | ******parse ISAKMP Oakley attribute: Nov 4 20:46:01 hellcat pluto[3134]: | af+type: OAKLEY_GROUP_DESCRIPTION Nov 4 20:46:01 hellcat pluto[3134]: | length/value: 14 Nov 4 20:46:01 hellcat pluto[3134]: | ******parse ISAKMP Oakley attribute: Nov 4 20:46:01 hellcat pluto[3134]: | af+type: OAKLEY_AUTHENTICATION_METHOD Nov 4 20:46:01 hellcat pluto[3134]: | length/value: 3 Nov 4 20:46:01 hellcat pluto[3134]: | ******parse ISAKMP Oakley attribute: Nov 4 20:46:01 hellcat pluto[3134]: | af+type: OAKLEY_LIFE_TYPE Nov 4 20:46:01 hellcat pluto[3134]: | length/value: 1 Nov 4 20:46:01 hellcat pluto[3134]: | ******parse ISAKMP Oakley attribute: Nov 4 20:46:01 hellcat pluto[3134]: | af+type: OAKLEY_LIFE_DURATION (variable length) Nov 4 20:46:01 hellcat pluto[3134]: | length/value: 4 Nov 4 20:46:01 hellcat pluto[3134]: | *****parse ISAKMP Transform Payload (ISAKMP): Nov 4 20:46:01 hellcat pluto[3134]: | next payload type: ISAKMP_NEXT_T Nov 4 20:46:01 hellcat pluto[3134]: | length: 36 Nov 4 20:46:01 hellcat pluto[3134]: | transform number: 2 Nov 4 20:46:01 hellcat pluto[3134]: | transform ID: KEY_IKE Nov 4 20:46:01 hellcat pluto[3134]: | ******parse ISAKMP Oakley attribute: Nov 4 20:46:01 hellcat pluto[3134]: | af+type: OAKLEY_ENCRYPTION_ALGORITHM Nov 4 20:46:01 hellcat pluto[3134]: | length/value: 5 Nov 4 20:46:01 hellcat pluto[3134]: | ******parse ISAKMP Oakley attribute: Nov 4 20:46:01 hellcat pluto[3134]: | af+type: OAKLEY_HASH_ALGORITHM Nov 4 20:46:01 hellcat pluto[3134]: | length/value: 2 Nov 4 20:46:01 hellcat pluto[3134]: | ******parse ISAKMP Oakley attribute: Nov 4 20:46:01 hellcat pluto[3134]: | af+type: OAKLEY_GROUP_DESCRIPTION Nov 4 20:46:01 hellcat pluto[3134]: | length/value: 2 Nov 4 20:46:01 hellcat pluto[3134]: | ******parse ISAKMP Oakley attribute: Nov 4 20:46:01 hellcat pluto[3134]: | af+type: OAKLEY_AUTHENTICATION_METHOD Nov 4 20:46:01 hellcat pluto[3134]: | length/value: 3 Nov 4 20:46:01 hellcat pluto[3134]: | ******parse ISAKMP Oakley attribute: Nov 4 20:46:01 hellcat pluto[3134]: | af+type: OAKLEY_LIFE_TYPE Nov 4 20:46:01 hellcat pluto[3134]: | length/value: 1 Nov 4 20:46:01 hellcat pluto[3134]: | ******parse ISAKMP Oakley attribute: Nov 4 20:46:01 hellcat pluto[3134]: | af+type: OAKLEY_LIFE_DURATION (variable length) Nov 4 20:46:01 hellcat pluto[3134]: | length/value: 4 Nov 4 20:46:01 hellcat pluto[3134]: | *****parse ISAKMP Transform Payload (ISAKMP): Nov 4 20:46:01 hellcat pluto[3134]: | next payload type: ISAKMP_NEXT_T Nov 4 20:46:01 hellcat pluto[3134]: | length: 36 Nov 4 20:46:01 hellcat pluto[3134]: | transform number: 3 Nov 4 20:46:01 hellcat pluto[3134]: | transform ID: KEY_IKE Nov 4 20:46:01 hellcat pluto[3134]: | ******parse ISAKMP Oakley attribute: Nov 4 20:46:01 hellcat pluto[3134]: | af+type: OAKLEY_ENCRYPTION_ALGORITHM Nov 4 20:46:01 hellcat pluto[3134]: | length/value: 5 Nov 4 20:46:01 hellcat pluto[3134]: | ******parse ISAKMP Oakley attribute: Nov 4 20:46:01 hellcat pluto[3134]: | af+type: OAKLEY_HASH_ALGORITHM Nov 4 20:46:01 hellcat pluto[3134]: | length/value: 1 Nov 4 20:46:01 hellcat pluto[3134]: | ******parse ISAKMP Oakley attribute: Nov 4 20:46:01 hellcat pluto[3134]: | af+type: OAKLEY_GROUP_DESCRIPTION Nov 4 20:46:01 hellcat pluto[3134]: | length/value: 2 Nov 4 20:46:01 hellcat pluto[3134]: | ******parse ISAKMP Oakley attribute: Nov 4 20:46:01 hellcat pluto[3134]: | af+type: OAKLEY_AUTHENTICATION_METHOD Nov 4 20:46:01 hellcat pluto[3134]: | length/value: 3 Nov 4 20:46:01 hellcat pluto[3134]: | ******parse ISAKMP Oakley attribute: Nov 4 20:46:01 hellcat pluto[3134]: | af+type: OAKLEY_LIFE_TYPE Nov 4 20:46:01 hellcat pluto[3134]: | length/value: 1 Nov 4 20:46:01 hellcat pluto[3134]: | ******parse ISAKMP Oakley attribute: Nov 4 20:46:01 hellcat pluto[3134]: | af+type: OAKLEY_LIFE_DURATION (variable length) Nov 4 20:46:01 hellcat pluto[3134]: | length/value: 4 Nov 4 20:46:01 hellcat pluto[3134]: | *****parse ISAKMP Transform Payload (ISAKMP): Nov 4 20:46:01 hellcat pluto[3134]: | next payload type: ISAKMP_NEXT_T Nov 4 20:46:01 hellcat pluto[3134]: | length: 36 Nov 4 20:46:01 hellcat pluto[3134]: | transform number: 4 Nov 4 20:46:01 hellcat pluto[3134]: | transform ID: KEY_IKE Nov 4 20:46:01 hellcat pluto[3134]: | ******parse ISAKMP Oakley attribute: Nov 4 20:46:01 hellcat pluto[3134]: | af+type: OAKLEY_ENCRYPTION_ALGORITHM Nov 4 20:46:01 hellcat pluto[3134]: | length/value: 1 Nov 4 20:46:01 hellcat pluto[3134]: | ******parse ISAKMP Oakley attribute: Nov 4 20:46:01 hellcat pluto[3134]: | af+type: OAKLEY_HASH_ALGORITHM Nov 4 20:46:01 hellcat pluto[3134]: | length/value: 2 Nov 4 20:46:01 hellcat pluto[3134]: | ******parse ISAKMP Oakley attribute: Nov 4 20:46:01 hellcat pluto[3134]: | af+type: OAKLEY_GROUP_DESCRIPTION Nov 4 20:46:01 hellcat pluto[3134]: | length/value: 1 Nov 4 20:46:01 hellcat pluto[3134]: | ******parse ISAKMP Oakley attribute: Nov 4 20:46:01 hellcat pluto[3134]: | af+type: OAKLEY_AUTHENTICATION_METHOD Nov 4 20:46:01 hellcat pluto[3134]: | length/value: 3 Nov 4 20:46:01 hellcat pluto[3134]: | ******parse ISAKMP Oakley attribute: Nov 4 20:46:01 hellcat pluto[3134]: | af+type: OAKLEY_LIFE_TYPE Nov 4 20:46:01 hellcat pluto[3134]: | length/value: 1 Nov 4 20:46:01 hellcat pluto[3134]: | ******parse ISAKMP Oakley attribute: Nov 4 20:46:01 hellcat pluto[3134]: | af+type: OAKLEY_LIFE_DURATION (variable length) Nov 4 20:46:01 hellcat pluto[3134]: | length/value: 4 Nov 4 20:46:01 hellcat pluto[3134]: | *****parse ISAKMP Transform Payload (ISAKMP): Nov 4 20:46:01 hellcat pluto[3134]: | next payload type: ISAKMP_NEXT_NONE Nov 4 20:46:01 hellcat pluto[3134]: | length: 36 Nov 4 20:46:01 hellcat pluto[3134]: | transform number: 5 Nov 4 20:46:01 hellcat pluto[3134]: | transform ID: KEY_IKE Nov 4 20:46:01 hellcat pluto[3134]: | ******parse ISAKMP Oakley attribute: Nov 4 20:46:01 hellcat pluto[3134]: | af+type: OAKLEY_ENCRYPTION_ALGORITHM Nov 4 20:46:01 hellcat pluto[3134]: | length/value: 1 Nov 4 20:46:01 hellcat pluto[3134]: | ******parse ISAKMP Oakley attribute: Nov 4 20:46:01 hellcat pluto[3134]: | af+type: OAKLEY_HASH_ALGORITHM Nov 4 20:46:01 hellcat pluto[3134]: | length/value: 1 Nov 4 20:46:01 hellcat pluto[3134]: | ******parse ISAKMP Oakley attribute: Nov 4 20:46:01 hellcat pluto[3134]: | af+type: OAKLEY_GROUP_DESCRIPTION Nov 4 20:46:01 hellcat pluto[3134]: | length/value: 1 Nov 4 20:46:01 hellcat pluto[3134]: | ******parse ISAKMP Oakley attribute: Nov 4 20:46:01 hellcat pluto[3134]: | af+type: OAKLEY_AUTHENTICATION_METHOD Nov 4 20:46:01 hellcat pluto[3134]: | length/value: 3 Nov 4 20:46:01 hellcat pluto[3134]: | ******parse ISAKMP Oakley attribute: Nov 4 20:46:01 hellcat pluto[3134]: | af+type: OAKLEY_LIFE_TYPE Nov 4 20:46:01 hellcat pluto[3134]: | length/value: 1 Nov 4 20:46:01 hellcat pluto[3134]: | ******parse ISAKMP Oakley attribute: Nov 4 20:46:01 hellcat pluto[3134]: | af+type: OAKLEY_LIFE_DURATION (variable length) Nov 4 20:46:01 hellcat pluto[3134]: | length/value: 4 Nov 4 20:46:01 hellcat pluto[3134]: | instantiated "cmalton.kegs.local" for 172.30.2.100 Nov 4 20:46:01 hellcat pluto[3134]: | creating state object #1 at 0x17a7270 Nov 4 20:46:01 hellcat pluto[3134]: | processing connection cmalton.kegs.local[1] 172.30.2.100 Nov 4 20:46:01 hellcat pluto[3134]: | ICOOKIE: 01 3a 4d 0d af c4 a3 ac Nov 4 20:46:01 hellcat pluto[3134]: | RCOOKIE: e9 22 8b 76 97 50 c2 90 Nov 4 20:46:01 hellcat pluto[3134]: | state hash entry 26 Nov 4 20:46:01 hellcat pluto[3134]: | inserting state object #1 on chain 26 Nov 4 20:46:01 hellcat pluto[3134]: | inserting event EVENT_SO_DISCARD, timeout in 0 seconds for #1 Nov 4 20:46:01 hellcat pluto[3134]: "cmalton.kegs.local"[1] 172.30.2.100 #1: responding to Main Mode from unknown peer 172.30.2.100 Nov 4 20:46:01 hellcat pluto[3134]: | ****parse IPsec DOI SIT: Nov 4 20:46:01 hellcat pluto[3134]: | IPsec DOI SIT: SIT_IDENTITY_ONLY Nov 4 20:46:01 hellcat pluto[3134]: | ****parse ISAKMP Proposal Payload: Nov 4 20:46:01 hellcat pluto[3134]: | next payload type: ISAKMP_NEXT_NONE Nov 4 20:46:01 hellcat pluto[3134]: | length: 188 Nov 4 20:46:01 hellcat pluto[3134]: | proposal number: 1 Nov 4 20:46:01 hellcat pluto[3134]: | protocol ID: PROTO_ISAKMP Nov 4 20:46:01 hellcat pluto[3134]: | SPI size: 0 Nov 4 20:46:01 hellcat pluto[3134]: | number of transforms: 5 Nov 4 20:46:01 hellcat pluto[3134]: | *****parse ISAKMP Transform Payload (ISAKMP): Nov 4 20:46:01 hellcat pluto[3134]: | next payload type: ISAKMP_NEXT_T Nov 4 20:46:01 hellcat pluto[3134]: | length: 36 Nov 4 20:46:01 hellcat pluto[3134]: | transform number: 1 Nov 4 20:46:01 hellcat pluto[3134]: | transform ID: KEY_IKE Nov 4 20:46:01 hellcat pluto[3134]: | ******parse ISAKMP Oakley attribute: Nov 4 20:46:01 hellcat pluto[3134]: | af+type: OAKLEY_ENCRYPTION_ALGORITHM Nov 4 20:46:01 hellcat pluto[3134]: | length/value: 5 Nov 4 20:46:01 hellcat pluto[3134]: | [5 is OAKLEY_3DES_CBC] Nov 4 20:46:01 hellcat pluto[3134]: | ******parse ISAKMP Oakley attribute: Nov 4 20:46:01 hellcat pluto[3134]: | af+type: OAKLEY_HASH_ALGORITHM Nov 4 20:46:01 hellcat pluto[3134]: | length/value: 2 Nov 4 20:46:01 hellcat pluto[3134]: | [2 is OAKLEY_SHA1] Nov 4 20:46:01 hellcat pluto[3134]: | ******parse ISAKMP Oakley attribute: Nov 4 20:46:01 hellcat pluto[3134]: | af+type: OAKLEY_GROUP_DESCRIPTION Nov 4 20:46:01 hellcat pluto[3134]: | length/value: 14 Nov 4 20:46:01 hellcat pluto[3134]: | [14 is OAKLEY_GROUP_MODP2048] Nov 4 20:46:01 hellcat pluto[3134]: | ******parse ISAKMP Oakley attribute: Nov 4 20:46:01 hellcat pluto[3134]: | af+type: OAKLEY_AUTHENTICATION_METHOD Nov 4 20:46:01 hellcat pluto[3134]: | length/value: 3 Nov 4 20:46:01 hellcat pluto[3134]: | [3 is OAKLEY_RSA_SIG] Nov 4 20:46:01 hellcat pluto[3134]: | ******parse ISAKMP Oakley attribute: Nov 4 20:46:01 hellcat pluto[3134]: | af+type: OAKLEY_LIFE_TYPE Nov 4 20:46:01 hellcat pluto[3134]: | length/value: 1 Nov 4 20:46:01 hellcat pluto[3134]: | [1 is OAKLEY_LIFE_SECONDS] Nov 4 20:46:01 hellcat pluto[3134]: | ******parse ISAKMP Oakley attribute: Nov 4 20:46:01 hellcat pluto[3134]: | af+type: OAKLEY_LIFE_DURATION (variable length) Nov 4 20:46:01 hellcat pluto[3134]: | length/value: 4 Nov 4 20:46:01 hellcat pluto[3134]: | long duration: 28800 Nov 4 20:46:01 hellcat pluto[3134]: | Oakley Transform 1 accepted Nov 4 20:46:01 hellcat pluto[3134]: | complete state transition with STF_OK Nov 4 20:46:01 hellcat pluto[3134]: "cmalton.kegs.local"[1] 172.30.2.100 #1: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 Nov 4 20:46:01 hellcat pluto[3134]: | sending reply packet to 172.30.2.100:500 (from port 500) Nov 4 20:46:01 hellcat pluto[3134]: | sending 140 bytes for STATE_MAIN_R0 through eth0:500 to 172.30.2.100:500 (using #1) Nov 4 20:46:01 hellcat pluto[3134]: | inserting event EVENT_RETRANSMIT, timeout in 10 seconds for #1 Nov 4 20:46:01 hellcat pluto[3134]: "cmalton.kegs.local"[1] 172.30.2.100 #1: STATE_MAIN_R1: sent MR1, expecting MI2 Nov 4 20:46:01 hellcat pluto[3134]: | modecfg pull: noquirk policy:push not-client Nov 4 20:46:01 hellcat pluto[3134]: | phase 1 is done, looking for phase 2 to unpend Nov 4 20:46:01 hellcat pluto[3134]: | * processed 0 messages from cryptographic helpers Nov 4 20:46:01 hellcat pluto[3134]: | next event EVENT_RETRANSMIT in 10 seconds for #1 Nov 4 20:46:01 hellcat pluto[3134]: | next event EVENT_RETRANSMIT in 10 seconds for #1 Nov 4 20:46:01 hellcat pluto[3134]: | Nov 4 20:46:01 hellcat pluto[3134]: | *received 360 bytes from 172.30.2.100:500 on eth0 (port=500) Nov 4 20:46:01 hellcat pluto[3134]: | **parse ISAKMP Message: Nov 4 20:46:01 hellcat pluto[3134]: | initiator cookie: Nov 4 20:46:01 hellcat pluto[3134]: | 01 3a 4d 0d af c4 a3 ac Nov 4 20:46:01 hellcat pluto[3134]: | responder cookie: Nov 4 20:46:01 hellcat pluto[3134]: | e9 22 8b 76 97 50 c2 90 Nov 4 20:46:01 hellcat pluto[3134]: | next payload type: ISAKMP_NEXT_KE Nov 4 20:46:01 hellcat pluto[3134]: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) Nov 4 20:46:01 hellcat pluto[3134]: | exchange type: ISAKMP_XCHG_IDPROT Nov 4 20:46:01 hellcat pluto[3134]: | flags: none Nov 4 20:46:01 hellcat pluto[3134]: | message ID: 00 00 00 00 Nov 4 20:46:01 hellcat pluto[3134]: | length: 360 Nov 4 20:46:01 hellcat pluto[3134]: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) Nov 4 20:46:01 hellcat pluto[3134]: | ICOOKIE: 01 3a 4d 0d af c4 a3 ac Nov 4 20:46:01 hellcat pluto[3134]: | RCOOKIE: e9 22 8b 76 97 50 c2 90 Nov 4 20:46:01 hellcat pluto[3134]: | state hash entry 26 Nov 4 20:46:01 hellcat pluto[3134]: | v1 peer and cookies match on #1, provided msgid 00000000 vs 00000000 Nov 4 20:46:01 hellcat pluto[3134]: | v1 state object #1 found, in STATE_MAIN_R1 Nov 4 20:46:01 hellcat pluto[3134]: | processing connection cmalton.kegs.local[1] 172.30.2.100 Nov 4 20:46:01 hellcat pluto[3134]: | got payload 0x10(ISAKMP_NEXT_KE) needed: 0x410 opt: 0x102080 Nov 4 20:46:01 hellcat pluto[3134]: | ***parse ISAKMP Key Exchange Payload: Nov 4 20:46:01 hellcat pluto[3134]: | next payload type: ISAKMP_NEXT_NONCE Nov 4 20:46:01 hellcat pluto[3134]: | length: 260 Nov 4 20:46:01 hellcat pluto[3134]: | got payload 0x400(ISAKMP_NEXT_NONCE) needed: 0x400 opt: 0x102080 Nov 4 20:46:01 hellcat pluto[3134]: | ***parse ISAKMP Nonce Payload: Nov 4 20:46:01 hellcat pluto[3134]: | next payload type: ISAKMP_NEXT_NAT-D Nov 4 20:46:01 hellcat pluto[3134]: | length: 24 Nov 4 20:46:01 hellcat pluto[3134]: | got payload 0x100000(ISAKMP_NEXT_NAT-D) needed: 0x0 opt: 0x102080 Nov 4 20:46:01 hellcat pluto[3134]: | ***parse ISAKMP NAT-D Payload: Nov 4 20:46:01 hellcat pluto[3134]: | next payload type: ISAKMP_NEXT_NAT-D Nov 4 20:46:01 hellcat pluto[3134]: | length: 24 Nov 4 20:46:01 hellcat pluto[3134]: | got payload 0x100000(ISAKMP_NEXT_NAT-D) needed: 0x0 opt: 0x102080 Nov 4 20:46:01 hellcat pluto[3134]: | ***parse ISAKMP NAT-D Payload: Nov 4 20:46:01 hellcat pluto[3134]: | next payload type: ISAKMP_NEXT_NONE Nov 4 20:46:01 hellcat pluto[3134]: | length: 24 Nov 4 20:46:01 hellcat pluto[3134]: "cmalton.kegs.local"[1] 172.30.2.100 #1: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: no NAT detected Nov 4 20:46:01 hellcat pluto[3134]: | inserting event EVENT_NAT_T_KEEPALIVE, timeout in 20 seconds Nov 4 20:46:01 hellcat pluto[3134]: | 0: w->pcw_dead: 0 w->pcw_work: 0 cnt: 1 Nov 4 20:46:01 hellcat pluto[3134]: | asking helper 0 to do build_kenonce op on seq: 1 (len=2752, pcw_work=1) Nov 4 20:46:01 hellcat pluto[3134]: | crypto helper write of request: cnt=2752C=GB, ST=Essex, L=Chelmsford, O=King Edward VI Grammar School, OU=ICT, CN=cmalton.kegs.local, E=cmalton@kegs.org.uk of kind PPK_PSK Nov 4 20:46:01 hellcat pluto[3134]: | instantiating him to 0.0.0.0 Nov 4 20:46:01 hellcat pluto[3134]: | actually looking for secret for C=GB, ST=Essex, L=Chelmsford, O=King Edward VI Grammar School, OU=ICT, CN=vpn.kegs.org.uk, E=ict@kegs.org.uk->%any of kind PPK_PSK Nov 4 20:46:01 hellcat pluto[3134]: | concluding with best_match=0 best=(nil) (lineno=-1) Nov 4 20:46:01 hellcat pluto[3134]: | parent1 type: 7 group: 14 len: 2752 Nov 4 20:46:01 hellcat pluto[3134]: | 0: w->pcw_dead: 0 w->pcw_work: 0 cnt: 1 Nov 4 20:46:01 hellcat pluto[3134]: | asking helper 0 to do compute dh+iv op on seq: 2 (len=2752, pcw_work=1) Nov 4 20:46:01 hellcat pluto[3134]: | crypto helper write of request: cnt=2752C=GB, ST=Essex, L=Chelmsford, O=King Edward VI Grammar School, OU=ICT, CN=cmalton.kegs.local, E=cmalton@kegs.org.uk of kind PPK_RSA Nov 4 20:46:01 hellcat pluto[3134]: | searching for certificate PPK_RSA:AwEAAZ9vL vs PPK_RSA:AwEAAZ9vL Nov 4 20:46:01 hellcat pluto[3134]: | signing hash with RSA Key *AwEAAZ9vL Nov 4 20:46:01 hellcat pluto[3134]: | complete state transition with STF_OK Nov 4 20:46:01 hellcat pluto[3134]: "cmalton.kegs.local"[1] 172.30.2.100 #1: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3 Nov 4 20:46:01 hellcat pluto[3134]: | sending reply packet to 172.30.2.100:500 (from port 500) Nov 4 20:46:01 hellcat pluto[3134]: | sending 1180 bytes for STATE_MAIN_R2 through eth0:500 to 172.30.2.100:500 (using #1) Nov 4 20:46:01 hellcat pluto[3134]: | inserting event EVENT_SA_EXPIRE, timeout in 28800 seconds for #1 Nov 4 20:46:01 hellcat pluto[3134]: "cmalton.kegs.local"[1] 172.30.2.100 #1: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_RSA_SIG cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp2048} Nov 4 20:46:01 hellcat pluto[3134]: | modecfg pull: noquirk policy:push not-client Nov 4 20:46:01 hellcat pluto[3134]: | phase 1 is done, looking for phase 2 to unpend Nov 4 20:46:01 hellcat pluto[3134]: | * processed 0 messages from cryptographic helpers Nov 4 20:46:01 hellcat pluto[3134]: | next event EVENT_NAT_T_KEEPALIVE in 20 seconds Nov 4 20:46:01 hellcat pluto[3134]: | next event EVENT_NAT_T_KEEPALIVE in 20 seconds Nov 4 20:46:01 hellcat pluto[3134]: | Nov 4 20:46:01 hellcat pluto[3134]: | *received 1116 bytes from 172.30.2.100:500 on eth0 (port=500) Nov 4 20:46:01 hellcat pluto[3134]: | **parse ISAKMP Message: Nov 4 20:46:01 hellcat pluto[3134]: | initiator cookie: Nov 4 20:46:01 hellcat pluto[3134]: | 01 3a 4d 0d af c4 a3 ac Nov 4 20:46:01 hellcat pluto[3134]: | responder cookie: Nov 4 20:46:01 hellcat pluto[3134]: | e9 22 8b 76 97 50 c2 90 Nov 4 20:46:01 hellcat pluto[3134]: | next payload type: ISAKMP_NEXT_HASH Nov 4 20:46:01 hellcat pluto[3134]: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) Nov 4 20:46:01 hellcat pluto[3134]: | exchange type: ISAKMP_XCHG_QUICK Nov 4 20:46:01 hellcat pluto[3134]: | flags: ISAKMP_FLAG_ENCRYPTION Nov 4 20:46:01 hellcat pluto[3134]: | message ID: 9a b8 04 37 Nov 4 20:46:01 hellcat pluto[3134]: | length: 1116 Nov 4 20:46:01 hellcat pluto[3134]: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32) Nov 4 20:46:01 hellcat pluto[3134]: | ICOOKIE: 01 3a 4d 0d af c4 a3 ac Nov 4 20:46:01 hellcat pluto[3134]: | RCOOKIE: e9 22 8b 76 97 50 c2 90 Nov 4 20:46:01 hellcat pluto[3134]: | state hash entry 26 Nov 4 20:46:01 hellcat pluto[3134]: | v1 peer and cookies match on #1, provided msgid 9ab80437 vs 00000000 Nov 4 20:46:01 hellcat pluto[3134]: | v1 state object not found Nov 4 20:46:01 hellcat pluto[3134]: | ICOOKIE: 01 3a 4d 0d af c4 a3 ac Nov 4 20:46:01 hellcat pluto[3134]: | RCOOKIE: e9 22 8b 76 97 50 c2 90 Nov 4 20:46:01 hellcat pluto[3134]: | state hash entry 26 Nov 4 20:46:01 hellcat pluto[3134]: | v1 peer and cookies match on #1, provided msgid 00000000 vs 00000000 Nov 4 20:46:01 hellcat pluto[3134]: | v1 state object #1 found, in STATE_MAIN_R3 Nov 4 20:46:01 hellcat pluto[3134]: | processing connection cmalton.kegs.local[1] 172.30.2.100 Nov 4 20:46:01 hellcat pluto[3134]: | got payload 0x100(ISAKMP_NEXT_HASH) needed: 0x502 opt: 0x200030 Nov 4 20:46:01 hellcat pluto[3134]: | ***parse ISAKMP Hash Payload: Nov 4 20:46:01 hellcat pluto[3134]: | next payload type: ISAKMP_NEXT_SA Nov 4 20:46:01 hellcat pluto[3134]: | length: 24 Nov 4 20:46:01 hellcat pluto[3134]: | got payload 0x2(ISAKMP_NEXT_SA) needed: 0x402 opt: 0x200030 Nov 4 20:46:01 hellcat pluto[3134]: | ***parse ISAKMP Security Association Payload: Nov 4 20:46:01 hellcat pluto[3134]: | next payload type: ISAKMP_NEXT_NONCE Nov 4 20:46:01 hellcat pluto[3134]: | length: 1012 Nov 4 20:46:01 hellcat pluto[3134]: | DOI: ISAKMP_DOI_IPSEC Nov 4 20:46:01 hellcat pluto[3134]: | got payload 0x400(ISAKMP_NEXT_NONCE) needed: 0x400 opt: 0x200030 Nov 4 20:46:01 hellcat pluto[3134]: | ***parse ISAKMP Nonce Payload: Nov 4 20:46:01 hellcat pluto[3134]: | next payload type: ISAKMP_NEXT_ID Nov 4 20:46:01 hellcat pluto[3134]: | length: 24 Nov 4 20:46:01 hellcat pluto[3134]: | got payload 0x20(ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030 Nov 4 20:46:01 hellcat pluto[3134]: | ***parse ISAKMP Identification Payload (IPsec DOI): Nov 4 20:46:01 hellcat pluto[3134]: | next payload type: ISAKMP_NEXT_ID Nov 4 20:46:01 hellcat pluto[3134]: | length: 12 Nov 4 20:46:01 hellcat pluto[3134]: | ID type: ID_IPV4_ADDR Nov 4 20:46:01 hellcat pluto[3134]: | Protocol ID: 17 Nov 4 20:46:01 hellcat pluto[3134]: | port: 1701 Nov 4 20:46:01 hellcat pluto[3134]: | obj: ac 1e 02 64 00 00 00 0c 01 11 06 a5 Nov 4 20:46:01 hellcat pluto[3134]: | got payload 0x20(ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030 Nov 4 20:46:01 hellcat pluto[3134]: | ***parse ISAKMP Identification Payload (IPsec DOI): Nov 4 20:46:01 hellcat pluto[3134]: | next payload type: ISAKMP_NEXT_NONE Nov 4 20:46:01 hellcat pluto[3134]: | length: 12 Nov 4 20:46:01 hellcat pluto[3134]: | ID type: ID_IPV4_ADDR Nov 4 20:46:01 hellcat pluto[3134]: | Protocol ID: 17 Nov 4 20:46:01 hellcat pluto[3134]: | port: 1701 Nov 4 20:46:01 hellcat pluto[3134]: | obj: ac 1e 02 02 00 00 00 00 66 6f 72 64 Nov 4 20:46:01 hellcat pluto[3134]: | removing 4 bytes of padding Nov 4 20:46:01 hellcat pluto[3134]: | peer client is 172.30.2.100 Nov 4 20:46:01 hellcat pluto[3134]: | peer client protocol/port is 17/1701 Nov 4 20:46:01 hellcat pluto[3134]: | our client is 172.30.2.2 Nov 4 20:46:01 hellcat pluto[3134]: | our client protocol/port is 17/1701 Nov 4 20:46:01 hellcat pluto[3134]: "cmalton.kegs.local"[1] 172.30.2.100 #1: the peer proposed: 172.30.2.2/32:17/1701 -> 172.30.2.100/32:17/0 Nov 4 20:46:01 hellcat pluto[3134]: | duplicating state object #1 Nov 4 20:46:01 hellcat pluto[3134]: | creating state object #2 at 0x17a9930 Nov 4 20:46:01 hellcat pluto[3134]: | processing connection cmalton.kegs.local[1] 172.30.2.100 Nov 4 20:46:01 hellcat pluto[3134]: | ICOOKIE: 01 3a 4d 0d af c4 a3 ac Nov 4 20:46:01 hellcat pluto[3134]: | RCOOKIE: e9 22 8b 76 97 50 c2 90 Nov 4 20:46:01 hellcat pluto[3134]: | state hash entry 26 Nov 4 20:46:01 hellcat pluto[3134]: | inserting state object #2 on chain 26 Nov 4 20:46:01 hellcat pluto[3134]: | inserting event EVENT_SO_DISCARD, timeout in 0 seconds for #2 Nov 4 20:46:01 hellcat pluto[3134]: | ****parse IPsec DOI SIT: Nov 4 20:46:01 hellcat pluto[3134]: | IPsec DOI SIT: SIT_IDENTITY_ONLY Nov 4 20:46:01 hellcat pluto[3134]: | ****parse ISAKMP Proposal Payload: Nov 4 20:46:01 hellcat pluto[3134]: | next payload type: ISAKMP_NEXT_P Nov 4 20:46:01 hellcat pluto[3134]: | length: 92 Nov 4 20:46:01 hellcat pluto[3134]: | proposal number: 1 Nov 4 20:46:01 hellcat pluto[3134]: | protocol ID: PROTO_IPSEC_ESP Nov 4 20:46:01 hellcat pluto[3134]: | SPI size: 4 Nov 4 20:46:01 hellcat pluto[3134]: | number of transforms: 2 Nov 4 20:46:01 hellcat pluto[3134]: | parsing 4 raw bytes of ISAKMP Proposal Payload into SPI Nov 4 20:46:01 hellcat pluto[3134]: | SPI 09 75 e5 e7 Nov 4 20:46:01 hellcat pluto[3134]: | ****parse ISAKMP Proposal Payload: Nov 4 20:46:01 hellcat pluto[3134]: | next payload type: ISAKMP_NEXT_P Nov 4 20:46:01 hellcat pluto[3134]: | length: 52 Nov 4 20:46:01 hellcat pluto[3134]: | proposal number: 2 Nov 4 20:46:01 hellcat pluto[3134]: | protocol ID: PROTO_IPSEC_AH Nov 4 20:46:01 hellcat pluto[3134]: | SPI size: 4 Nov 4 20:46:01 hellcat pluto[3134]: | number of transforms: 1 Nov 4 20:46:01 hellcat pluto[3134]: | *****parse ISAKMP Transform Payload (ESP): Nov 4 20:46:01 hellcat pluto[3134]: | next payload type: ISAKMP_NEXT_T Nov 4 20:46:01 hellcat pluto[3134]: | length: 40 Nov 4 20:46:01 hellcat pluto[3134]: | transform number: 1 Nov 4 20:46:01 hellcat pluto[3134]: | transform ID: ESP_3DES Nov 4 20:46:01 hellcat pluto[3134]: | ******parse ISAKMP IPsec DOI attribute: Nov 4 20:46:01 hellcat pluto[3134]: | af+type: SA_LIFE_TYPE Nov 4 20:46:01 hellcat pluto[3134]: | length/value: 1 Nov 4 20:46:01 hellcat pluto[3134]: | [1 is SA_LIFE_TYPE_SECONDS] Nov 4 20:46:01 hellcat pluto[3134]: | ******parse ISAKMP IPsec DOI attribute: Nov 4 20:46:01 hellcat pluto[3134]: | af+type: SA_LIFE_DURATION (variable length) Nov 4 20:46:01 hellcat pluto[3134]: | length/value: 4 Nov 4 20:46:01 hellcat pluto[3134]: | long duration: 3600 Nov 4 20:46:01 hellcat pluto[3134]: | ******parse ISAKMP IPsec DOI attribute: Nov 4 20:46:01 hellcat pluto[3134]: | af+type: SA_LIFE_TYPE Nov 4 20:46:01 hellcat pluto[3134]: | length/value: 2 Nov 4 20:46:01 hellcat pluto[3134]: | [2 is SA_LIFE_TYPE_KBYTES] Nov 4 20:46:01 hellcat pluto[3134]: | ******parse ISAKMP IPsec DOI attribute: Nov 4 20:46:01 hellcat pluto[3134]: | af+type: SA_LIFE_DURATION (variable length) Nov 4 20:46:01 hellcat pluto[3134]: | length/value: 4 Nov 4 20:46:01 hellcat pluto[3134]: | long duration: 250000 Nov 4 20:46:01 hellcat pluto[3134]: | ******parse ISAKMP IPsec DOI attribute: Nov 4 20:46:01 hellcat pluto[3134]: | af+type: ENCAPSULATION_MODE Nov 4 20:46:01 hellcat pluto[3134]: | length/value: 2 Nov 4 20:46:01 hellcat pluto[3134]: | [2 is ENCAPSULATION_MODE_TRANSPORT] Nov 4 20:46:01 hellcat pluto[3134]: | ******parse ISAKMP IPsec DOI attribute: Nov 4 20:46:01 hellcat pluto[3134]: | af+type: AUTH_ALGORITHM Nov 4 20:46:01 hellcat pluto[3134]: | length/value: 1 Nov 4 20:46:01 hellcat pluto[3134]: | [1 is AUTH_ALGORITHM_HMAC_MD5] Nov 4 20:46:01 hellcat pluto[3134]: | 0: w->pcw_dead: 0 w->pcw_work: 0 cnt: 1 Nov 4 20:46:01 hellcat pluto[3134]: | asking helper 0 to do build_nonce op on seq: 3 (len=2752, pcw_work=1) Nov 4 20:46:01 hellcat pluto[3134]: | crypto helper write of request: cnt=2752serialno=#2 ost->serialno=#0 Nov 4 20:46:01 hellcat pluto[3134]: | installing outgoing SA now as refhim=0 Nov 4 20:46:01 hellcat pluto[3134]: | outgoing SA has refhim=19 Nov 4 20:46:01 hellcat pluto[3134]: | complete state transition with STF_OK Nov 4 20:46:01 hellcat pluto[3134]: "cmalton.kegs.local"[1] 172.30.2.100 #2: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1 Nov 4 20:46:01 hellcat pluto[3134]: | sending reply packet to 172.30.2.100:500 (from port 500) Nov 4 20:46:01 hellcat pluto[3134]: | sending 164 bytes for STATE_QUICK_R0 through eth0:500 to 172.30.2.100:500 (using #2) Nov 4 20:46:01 hellcat pluto[3134]: | inserting event EVENT_RETRANSMIT, timeout in 10 seconds for #2 Nov 4 20:46:01 hellcat pluto[3134]: "cmalton.kegs.local"[1] 172.30.2.100 #2: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2 Nov 4 20:46:01 hellcat pluto[3134]: | modecfg pull: noquirk policy:push not-client Nov 4 20:46:01 hellcat pluto[3134]: | phase 1 is done, looking for phase 2 to unpend Nov 4 20:46:01 hellcat pluto[3134]: | * processed 1 messages from cryptographic helpers Nov 4 20:46:01 hellcat pluto[3134]: | next event EVENT_RETRANSMIT in 10 seconds for #2 Nov 4 20:46:01 hellcat pluto[3134]: | next event EVENT_RETRANSMIT in 10 seconds for #2 Nov 4 20:46:01 hellcat pluto[3134]: | Nov 4 20:46:01 hellcat pluto[3134]: | *received 52 bytes from 172.30.2.100:500 on eth0 (port=500) Nov 4 20:46:01 hellcat pluto[3134]: | **parse ISAKMP Message: Nov 4 20:46:01 hellcat pluto[3134]: | initiator cookie: Nov 4 20:46:01 hellcat pluto[3134]: | 01 3a 4d 0d af c4 a3 ac Nov 4 20:46:01 hellcat pluto[3134]: | responder cookie: Nov 4 20:46:01 hellcat pluto[3134]: | e9 22 8b 76 97 50 c2 90 Nov 4 20:46:01 hellcat pluto[3134]: | next payload type: ISAKMP_NEXT_HASH Nov 4 20:46:01 hellcat pluto[3134]: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) Nov 4 20:46:01 hellcat pluto[3134]: | exchange type: ISAKMP_XCHG_QUICK Nov 4 20:46:01 hellcat pluto[3134]: | flags: ISAKMP_FLAG_ENCRYPTION Nov 4 20:46:01 hellcat pluto[3134]: | message ID: 9a b8 04 37 Nov 4 20:46:01 hellcat pluto[3134]: | length: 52 Nov 4 20:46:01 hellcat pluto[3134]: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32) Nov 4 20:46:01 hellcat pluto[3134]: | ICOOKIE: 01 3a 4d 0d af c4 a3 ac Nov 4 20:46:01 hellcat pluto[3134]: | RCOOKIE: e9 22 8b 76 97 50 c2 90 Nov 4 20:46:01 hellcat pluto[3134]: | state hash entry 26 Nov 4 20:46:01 hellcat pluto[3134]: | v1 peer and cookies match on #2, provided msgid 9ab80437 vs 9ab80437 Nov 4 20:46:01 hellcat pluto[3134]: | v1 state object #2 found, in STATE_QUICK_R1 Nov 4 20:46:01 hellcat pluto[3134]: | processing connection cmalton.kegs.local[1] 172.30.2.100 Nov 4 20:46:01 hellcat pluto[3134]: | got payload 0x100(ISAKMP_NEXT_HASH) needed: 0x100 opt: 0x0 Nov 4 20:46:01 hellcat pluto[3134]: | ***parse ISAKMP Hash Payload: Nov 4 20:46:01 hellcat pluto[3134]: | next payload type: ISAKMP_NEXT_NONE Nov 4 20:46:01 hellcat pluto[3134]: | length: 24 Nov 4 20:46:01 hellcat pluto[3134]: | install_ipsec_sa() for #2: outbound only Nov 4 20:46:01 hellcat pluto[3134]: | route owner of "cmalton.kegs.local"[1] 172.30.2.100 unrouted: NULL; eroute owner: NULL Nov 4 20:46:01 hellcat pluto[3134]: | could_route called for cmalton.kegs.local (kind=CK_INSTANCE) Nov 4 20:46:01 hellcat pluto[3134]: | complete state transition with STF_OK Nov 4 20:46:01 hellcat pluto[3134]: "cmalton.kegs.local"[1] 172.30.2.100 #2: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2 Nov 4 20:46:01 hellcat pluto[3134]: | inserting event EVENT_SA_EXPIRE, timeout in 3600 seconds for #2 Nov 4 20:46:01 hellcat pluto[3134]: "cmalton.kegs.local"[1] 172.30.2.100 #2: STATE_QUICK_R2: IPsec SA established transport mode {ESP=>0x0975e5e7 <0x4738a212 xfrm=3DES_0-HMAC_MD5 NATOA=none NATD=none DPD=none} Nov 4 20:46:01 hellcat pluto[3134]: | modecfg pull: noquirk policy:push not-client Nov 4 20:46:01 hellcat pluto[3134]: | phase 1 is done, looking for phase 2 to unpend Nov 4 20:46:01 hellcat pluto[3134]: | * processed 0 messages from cryptographic helpers Nov 4 20:46:01 hellcat pluto[3134]: | next event EVENT_NAT_T_KEEPALIVE in 20 seconds Nov 4 20:46:01 hellcat pluto[3134]: | next event EVENT_NAT_T_KEEPALIVE in 20 seconds Nov 4 20:46:21 hellcat pluto[3134]: | Nov 4 20:46:21 hellcat pluto[3134]: | next event EVENT_NAT_T_KEEPALIVE in 0 seconds Nov 4 20:46:21 hellcat pluto[3134]: | *time to handle event Nov 4 20:46:21 hellcat pluto[3134]: | handling event EVENT_NAT_T_KEEPALIVE Nov 4 20:46:21 hellcat pluto[3134]: | event after this is EVENT_PENDING_DDNS in 32 seconds Nov 4 20:46:21 hellcat pluto[3134]: | processing connection cmalton.kegs.local[1] 172.30.2.100 Nov 4 20:46:21 hellcat pluto[3134]: | processing connection cmalton.kegs.local[1] 172.30.2.100 Nov 4 20:46:21 hellcat pluto[3134]: | next event EVENT_PENDING_DDNS in 32 seconds Nov 4 20:46:28 hellcat pluto[3134]: | Nov 4 20:46:28 hellcat pluto[3134]: | *received 68 bytes from 172.30.2.100:500 on eth0 (port=500) Nov 4 20:46:28 hellcat pluto[3134]: | **parse ISAKMP Message: Nov 4 20:46:28 hellcat pluto[3134]: | initiator cookie: Nov 4 20:46:28 hellcat pluto[3134]: | 01 3a 4d 0d af c4 a3 ac Nov 4 20:46:28 hellcat pluto[3134]: | responder cookie: Nov 4 20:46:28 hellcat pluto[3134]: | e9 22 8b 76 97 50 c2 90 Nov 4 20:46:28 hellcat pluto[3134]: | next payload type: ISAKMP_NEXT_HASH Nov 4 20:46:28 hellcat pluto[3134]: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) Nov 4 20:46:28 hellcat pluto[3134]: | exchange type: ISAKMP_XCHG_INFO Nov 4 20:46:28 hellcat pluto[3134]: | flags: ISAKMP_FLAG_ENCRYPTION Nov 4 20:46:28 hellcat pluto[3134]: | message ID: 7c f1 a1 b4 Nov 4 20:46:28 hellcat pluto[3134]: | length: 68 Nov 4 20:46:28 hellcat pluto[3134]: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_INFO (5) Nov 4 20:46:28 hellcat pluto[3134]: | ICOOKIE: 01 3a 4d 0d af c4 a3 ac Nov 4 20:46:28 hellcat pluto[3134]: | RCOOKIE: e9 22 8b 76 97 50 c2 90 Nov 4 20:46:28 hellcat pluto[3134]: | state hash entry 26 Nov 4 20:46:28 hellcat pluto[3134]: | peer and cookies match on #2, provided msgid 00000000 vs 9ab80437/00000000 Nov 4 20:46:28 hellcat pluto[3134]: | peer and cookies match on #1, provided msgid 00000000 vs 00000000/00000000 Nov 4 20:46:28 hellcat pluto[3134]: | p15 state object #1 found, in STATE_MAIN_R3 Nov 4 20:46:28 hellcat pluto[3134]: | processing connection cmalton.kegs.local[1] 172.30.2.100 Nov 4 20:46:28 hellcat pluto[3134]: | got payload 0x100(ISAKMP_NEXT_HASH) needed: 0x100 opt: 0x0 Nov 4 20:46:28 hellcat pluto[3134]: | ***parse ISAKMP Hash Payload: Nov 4 20:46:28 hellcat pluto[3134]: | next payload type: ISAKMP_NEXT_D Nov 4 20:46:28 hellcat pluto[3134]: | length: 24 Nov 4 20:46:28 hellcat pluto[3134]: | got payload 0x1000(ISAKMP_NEXT_D) needed: 0x0 opt: 0x0 Nov 4 20:46:28 hellcat pluto[3134]: | ***parse ISAKMP Delete Payload: Nov 4 20:46:28 hellcat pluto[3134]: | next payload type: ISAKMP_NEXT_NONE Nov 4 20:46:28 hellcat pluto[3134]: | length: 16 Nov 4 20:46:28 hellcat pluto[3134]: | DOI: ISAKMP_DOI_IPSEC Nov 4 20:46:28 hellcat pluto[3134]: | protocol ID: 3 Nov 4 20:46:28 hellcat pluto[3134]: | SPI size: 4 Nov 4 20:46:28 hellcat pluto[3134]: | number of SPIs: 1 Nov 4 20:46:28 hellcat pluto[3134]: | processing connection cmalton.kegs.local[1] 172.30.2.100 Nov 4 20:46:28 hellcat pluto[3134]: "cmalton.kegs.local"[1] 172.30.2.100 #1: received Delete SA(0x0975e5e7) payload: deleting IPSEC State #2 Nov 4 20:46:28 hellcat pluto[3134]: | deleting state #2 Nov 4 20:46:28 hellcat pluto[3134]: | sending 68 bytes for delete notify through eth0:500 to 172.30.2.100:500 (using #1) Nov 4 20:46:28 hellcat pluto[3134]: | ICOOKIE: 01 3a 4d 0d af c4 a3 ac Nov 4 20:46:28 hellcat pluto[3134]: | RCOOKIE: e9 22 8b 76 97 50 c2 90 Nov 4 20:46:28 hellcat pluto[3134]: | state hash entry 26 Nov 4 20:46:28 hellcat pluto[3134]: | del: 09 75 e5 e7 Nov 4 20:46:28 hellcat pluto[3134]: "cmalton.kegs.local"[1] 172.30.2.100 #1: received and ignored informational message Nov 4 20:46:28 hellcat pluto[3134]: | complete state transition with STF_IGNORE Nov 4 20:46:28 hellcat pluto[3134]: | * processed 0 messages from cryptographic helpers Nov 4 20:46:28 hellcat pluto[3134]: | next event EVENT_PENDING_DDNS in 25 seconds Nov 4 20:46:28 hellcat pluto[3134]: | next event EVENT_PENDING_DDNS in 25 seconds Nov 4 20:46:28 hellcat pluto[3134]: | Nov 4 20:46:28 hellcat pluto[3134]: | *received 84 bytes from 172.30.2.100:500 on eth0 (port=500) Nov 4 20:46:28 hellcat pluto[3134]: | **parse ISAKMP Message: Nov 4 20:46:28 hellcat pluto[3134]: | initiator cookie: Nov 4 20:46:28 hellcat pluto[3134]: | 01 3a 4d 0d af c4 a3 ac Nov 4 20:46:28 hellcat pluto[3134]: | responder cookie: Nov 4 20:46:28 hellcat pluto[3134]: | e9 22 8b 76 97 50 c2 90 Nov 4 20:46:28 hellcat pluto[3134]: | next payload type: ISAKMP_NEXT_HASH Nov 4 20:46:28 hellcat pluto[3134]: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) Nov 4 20:46:28 hellcat pluto[3134]: | exchange type: ISAKMP_XCHG_INFO Nov 4 20:46:28 hellcat pluto[3134]: | flags: ISAKMP_FLAG_ENCRYPTION Nov 4 20:46:28 hellcat pluto[3134]: | message ID: 8e 28 ff 33 Nov 4 20:46:28 hellcat pluto[3134]: | length: 84 Nov 4 20:46:28 hellcat pluto[3134]: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_INFO (5) Nov 4 20:46:28 hellcat pluto[3134]: | ICOOKIE: 01 3a 4d 0d af c4 a3 ac Nov 4 20:46:28 hellcat pluto[3134]: | RCOOKIE: e9 22 8b 76 97 50 c2 90 Nov 4 20:46:28 hellcat pluto[3134]: | state hash entry 26 Nov 4 20:46:28 hellcat pluto[3134]: | peer and cookies match on #1, provided msgid 00000000 vs 00000000/00000000 Nov 4 20:46:28 hellcat pluto[3134]: | p15 state object #1 found, in STATE_MAIN_R3 Nov 4 20:46:28 hellcat pluto[3134]: | processing connection cmalton.kegs.local[1] 172.30.2.100 Nov 4 20:46:28 hellcat pluto[3134]: | got payload 0x100(ISAKMP_NEXT_HASH) needed: 0x100 opt: 0x0 Nov 4 20:46:28 hellcat pluto[3134]: | ***parse ISAKMP Hash Payload: Nov 4 20:46:28 hellcat pluto[3134]: | next payload type: ISAKMP_NEXT_D Nov 4 20:46:28 hellcat pluto[3134]: | length: 24 Nov 4 20:46:28 hellcat pluto[3134]: | got payload 0x1000(ISAKMP_NEXT_D) needed: 0x0 opt: 0x0 Nov 4 20:46:28 hellcat pluto[3134]: | ***parse ISAKMP Delete Payload: Nov 4 20:46:28 hellcat pluto[3134]: | next payload type: ISAKMP_NEXT_NONE Nov 4 20:46:28 hellcat pluto[3134]: | length: 28 Nov 4 20:46:28 hellcat pluto[3134]: | DOI: ISAKMP_DOI_IPSEC Nov 4 20:46:28 hellcat pluto[3134]: | protocol ID: 1 Nov 4 20:46:28 hellcat pluto[3134]: | SPI size: 16 Nov 4 20:46:28 hellcat pluto[3134]: | number of SPIs: 1 Nov 4 20:46:28 hellcat pluto[3134]: | removing 4 bytes of padding Nov 4 20:46:28 hellcat pluto[3134]: | ICOOKIE: 01 3a 4d 0d af c4 a3 ac Nov 4 20:46:28 hellcat pluto[3134]: | RCOOKIE: e9 22 8b 76 97 50 c2 90 Nov 4 20:46:28 hellcat pluto[3134]: | state hash entry 26 Nov 4 20:46:28 hellcat pluto[3134]: | v1 peer and cookies match on #1, provided msgid 00000000 vs 00000000 Nov 4 20:46:28 hellcat pluto[3134]: | v1 state object #1 found, in STATE_MAIN_R3 Nov 4 20:46:28 hellcat pluto[3134]: | processing connection cmalton.kegs.local[1] 172.30.2.100 Nov 4 20:46:28 hellcat pluto[3134]: "cmalton.kegs.local"[1] 172.30.2.100 #1: received Delete SA payload: deleting ISAKMP State #1 Nov 4 20:46:28 hellcat pluto[3134]: | deleting state #1 Nov 4 20:46:28 hellcat pluto[3134]: | sending 84 bytes for delete notify through eth0:500 to 172.30.2.100:500 (using #1) Nov 4 20:46:28 hellcat pluto[3134]: | ICOOKIE: 01 3a 4d 0d af c4 a3 ac Nov 4 20:46:28 hellcat pluto[3134]: | RCOOKIE: e9 22 8b 76 97 50 c2 90 Nov 4 20:46:28 hellcat pluto[3134]: | state hash entry 26 Nov 4 20:46:28 hellcat pluto[3134]: | processing connection cmalton.kegs.local[1] 172.30.2.100 Nov 4 20:46:28 hellcat pluto[3134]: "cmalton.kegs.local"[1] 172.30.2.100: deleting connection "cmalton.kegs.local" instance with peer 172.30.2.100 {isakmp=#0/ipsec=#0} Nov 4 20:46:28 hellcat pluto[3134]: | del: 01 3a 4d 0d af c4 a3 ac e9 22 8b 76 97 50 c2 90 Nov 4 20:46:28 hellcat pluto[3134]: packet from 172.30.2.100:500: received and ignored informational message Nov 4 20:46:28 hellcat pluto[3134]: | complete state transition with STF_IGNORE Nov 4 20:46:28 hellcat pluto[3134]: | * processed 0 messages from cryptographic helpers Nov 4 20:46:28 hellcat pluto[3134]: | next event EVENT_PENDING_DDNS in 25 seconds Nov 4 20:46:28 hellcat pluto[3134]: | next event EVENT_PENDING_DDNS in 25 seconds Nov 4 20:46:53 hellcat pluto[3134]: | Nov 4 20:46:53 hellcat pluto[3134]: | next event EVENT_PENDING_DDNS in 0 seconds Nov 4 20:46:53 hellcat pluto[3134]: | *time to handle event Nov 4 20:46:53 hellcat pluto[3134]: | handling event EVENT_PENDING_DDNS Nov 4 20:46:53 hellcat pluto[3134]: | event after this is EVENT_SHUNT_SCAN in 0 seconds Nov 4 20:46:53 hellcat pluto[3134]: | inserting event EVENT_PENDING_DDNS, timeout in 60 seconds Nov 4 20:46:53 hellcat pluto[3134]: | handling event EVENT_SHUNT_SCAN Nov 4 20:46:53 hellcat pluto[3134]: | event after this is EVENT_PENDING_PHASE2 in 0 seconds Nov 4 20:46:53 hellcat pluto[3134]: | inserting event EVENT_SHUNT_SCAN, timeout in 120 seconds Nov 4 20:46:53 hellcat pluto[3134]: | scanning for shunt eroutes Nov 4 20:46:53 hellcat pluto[3134]: | handling event EVENT_PENDING_PHASE2 Nov 4 20:46:53 hellcat pluto[3134]: | event after this is EVENT_PENDING_DDNS in 60 seconds Nov 4 20:46:53 hellcat pluto[3134]: | inserting event EVENT_PENDING_PHASE2, timeout in 120 seconds Nov 4 20:46:53 hellcat pluto[3134]: | pending review: connection "passthrough-for-non-l2tp" has no negotiated policy, skipped Nov 4 20:46:53 hellcat pluto[3134]: | pending review: connection "cmalton.kegs.local" was not up, skipped Nov 4 20:46:53 hellcat pluto[3134]: | next event EVENT_PENDING_DDNS in 60 seconds Nov 4 20:47:53 hellcat pluto[3134]: | Nov 4 20:47:53 hellcat pluto[3134]: | next event EVENT_PENDING_DDNS in 0 seconds Nov 4 20:47:53 hellcat pluto[3134]: | *time to handle event Nov 4 20:47:53 hellcat pluto[3134]: | handling event EVENT_PENDING_DDNS Nov 4 20:47:53 hellcat pluto[3134]: | event after this is EVENT_PENDING_PHASE2 in 60 seconds Nov 4 20:47:53 hellcat pluto[3134]: | inserting event EVENT_PENDING_DDNS, timeout in 60 seconds Nov 4 20:47:53 hellcat pluto[3134]: | next event EVENT_PENDING_DDNS in 60 seconds Nov 4 20:48:43 hellcat pluto[3134]: | Nov 4 20:48:43 hellcat pluto[3134]: | *received whack message Nov 4 20:48:43 hellcat pluto[3134]: | * processed 0 messages from cryptographic helpers Nov 4 20:48:43 hellcat pluto[3134]: | next event EVENT_PENDING_DDNS in 10 seconds Nov 4 20:48:43 hellcat pluto[3134]: | next event EVENT_PENDING_DDNS in 10 seconds Nov 4 20:48:43 hellcat pluto[3134]: | Nov 4 20:48:43 hellcat pluto[3134]: | *received whack message Nov 4 20:48:43 hellcat pluto[3134]: | * processed 0 messages from cryptographic helpers Nov 4 20:48:43 hellcat pluto[3134]: | next event EVENT_PENDING_DDNS in 10 seconds Nov 4 20:48:43 hellcat pluto[3134]: | next event EVENT_PENDING_DDNS in 10 seconds Nov 4 20:48:43 hellcat pluto[3134]: | Nov 4 20:48:43 hellcat pluto[3134]: | *received whack message Nov 4 20:48:43 hellcat pluto[3134]: | * processed 0 messages from cryptographic helpers Nov 4 20:48:43 hellcat pluto[3134]: | next event EVENT_PENDING_DDNS in 10 seconds Nov 4 20:48:43 hellcat pluto[3134]: | next event EVENT_PENDING_DDNS in 10 seconds + _________________________ date + + date Fri Nov 4 20:48:43 GMT 2011