darkflame Thu May 5 13:33:38 SAST 2005 + _________________________ version + ipsec --version Linux Openswan U2.3.0/K2.4.26-1-586tsc (netkey) See `ipsec --copyright' for copyright information. + _________________________ /proc/version + cat /proc/version Linux version 2.4.26-1-586tsc (horms@tabatha) (gcc version 3.2.3 (Debian)) #1 Tue Aug 24 13:38:47 JST 2004 + _________________________ /proc/net/ipsec_eroute + test -r /proc/net/ipsec_eroute + _________________________ netstat-rn + netstat -nr + head -100 Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 10.10.60.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 0.0.0.0 10.10.60.254 0.0.0.0 UG 0 0 0 eth0 + _________________________ /proc/net/ipsec_spi + test -r /proc/net/ipsec_spi + _________________________ /proc/net/ipsec_spigrp + test -r /proc/net/ipsec_spigrp + _________________________ /proc/net/ipsec_tncfg + test -r /proc/net/ipsec_tncfg + _________________________ /proc/net/pfkey + test -r /proc/net/pfkey + cat /proc/net/pfkey sk RefCnt Rmem Wmem User Inode + _________________________ setkey-D + setkey -D cli.cli.cli.cli[4500] 10.10.60.98[4500] esp-udp mode=transport spi=4173187991(0xf8bdcb97) reqid=16505(0x00004079) E: 3des-cbc 4458c22b e9332c7a ca7c2470 ec41b3bf bbd9df7c 7367c02b A: hmac-md5 d4be4a04 0d09148c f3e372c6 b6166a74 seq=0x00000000 replay=64 flags=0x00000000 state=mature created: May 5 13:31:00 2005 current: May 5 13:33:40 2005 diff: 160(s) hard: 0(s) soft: 0(s) last: hard: 0(s) soft: 0(s) current: 0(bytes) hard: 0(bytes) soft: 0(bytes) allocated: 0 hard: 0 soft: 0 sadb_seq=0 pid=3419 refcnt=0 + _________________________ setkey-D-P + setkey -D -P 10.10.60.98[1701] cli.cli.cli.cli[1701] udp out ipsec esp/transport//require created: May 5 13:32:05 2005 lastused: lifetime: 0(s) validtime: 0(s) spid=1433 seq=20 pid=3424 refcnt=1 (per-socket policy) in none created: May 4 12:49:43 2005 lastused: lifetime: 0(s) validtime: 0(s) spid=947 seq=19 pid=3424 refcnt=1 (per-socket policy) in none created: May 4 12:49:43 2005 lastused: lifetime: 0(s) validtime: 0(s) spid=931 seq=18 pid=3424 refcnt=1 (per-socket policy) in none created: May 4 12:49:43 2005 lastused: lifetime: 0(s) validtime: 0(s) spid=915 seq=17 pid=3424 refcnt=1 (per-socket policy) in none created: May 4 12:49:43 2005 lastused: lifetime: 0(s) validtime: 0(s) spid=899 seq=16 pid=3424 refcnt=1 (per-socket policy) in none created: May 4 12:49:43 2005 lastused: lifetime: 0(s) validtime: 0(s) spid=883 seq=15 pid=3424 refcnt=1 (per-socket policy) in none created: May 4 12:49:43 2005 lastused: lifetime: 0(s) validtime: 0(s) spid=867 seq=14 pid=3424 refcnt=1 (per-socket policy) in none created: May 4 12:49:43 2005 lastused: lifetime: 0(s) validtime: 0(s) spid=851 seq=13 pid=3424 refcnt=1 (per-socket policy) in none created: May 4 12:49:43 2005 lastused: lifetime: 0(s) validtime: 0(s) spid=835 seq=12 pid=3424 refcnt=1 (per-socket policy) in none created: May 4 12:49:42 2005 lastused: May 5 13:32:04 2005 lifetime: 0(s) validtime: 0(s) spid=819 seq=11 pid=3424 refcnt=1 (per-socket policy) in none created: May 4 12:49:42 2005 lastused: May 5 12:30:13 2005 lifetime: 0(s) validtime: 0(s) spid=803 seq=10 pid=3424 refcnt=1 (per-socket policy) out none created: May 4 12:49:43 2005 lastused: lifetime: 0(s) validtime: 0(s) spid=956 seq=9 pid=3424 refcnt=1 (per-socket policy) out none created: May 4 12:49:43 2005 lastused: lifetime: 0(s) validtime: 0(s) spid=940 seq=8 pid=3424 refcnt=1 (per-socket policy) out none created: May 4 12:49:43 2005 lastused: lifetime: 0(s) validtime: 0(s) spid=924 seq=7 pid=3424 refcnt=1 (per-socket policy) out none created: May 4 12:49:43 2005 lastused: lifetime: 0(s) validtime: 0(s) spid=908 seq=6 pid=3424 refcnt=1 (per-socket policy) out none created: May 4 12:49:43 2005 lastused: lifetime: 0(s) validtime: 0(s) spid=892 seq=5 pid=3424 refcnt=1 (per-socket policy) out none created: May 4 12:49:43 2005 lastused: lifetime: 0(s) validtime: 0(s) spid=876 seq=4 pid=3424 refcnt=1 (per-socket policy) out none created: May 4 12:49:43 2005 lastused: lifetime: 0(s) validtime: 0(s) spid=860 seq=3 pid=3424 refcnt=1 (per-socket policy) out none created: May 4 12:49:43 2005 lastused: lifetime: 0(s) validtime: 0(s) spid=844 seq=2 pid=3424 refcnt=1 (per-socket policy) out none created: May 4 12:49:42 2005 lastused: May 5 13:33:33 2005 lifetime: 0(s) validtime: 0(s) spid=828 seq=1 pid=3424 refcnt=1 (per-socket policy) out none created: May 4 12:49:42 2005 lastused: May 5 12:30:13 2005 lifetime: 0(s) validtime: 0(s) spid=812 seq=0 pid=3424 refcnt=1 + _________________________ /proc/sys/net/ipsec-star + test -d /proc/sys/net/ipsec + _________________________ ipsec/status + ipsec auto --status 000 interface lo/lo ::1 000 interface eth0/eth0 2001:18b0:1000:1002::95:1 000 interface eth0/eth0 2001:18b0:1000:1002::95:2 000 interface eth0/eth0 2001:18b0:1000:1002::1 000 interface eth0/eth0 2001:18b0:1000:1002::ad5 000 interface eth0/eth0 2001:18b0:1000:1002:200:1aff:fe00:fc14 000 interface lo/lo 127.0.0.1 000 interface lo/lo 127.0.0.1 000 interface eth0/eth0 10.10.60.98 000 interface eth0/eth0 10.10.60.98 000 %myid = (none) 000 debug none 000 000 algorithm ESP encrypt: id=2, name=ESP_DES, ivlen=8, keysizemin=64, keysizemax=64 000 algorithm ESP encrypt: id=3, name=ESP_3DES, ivlen=8, keysizemin=192, keysizemax=192 000 algorithm ESP encrypt: id=7, name=ESP_BLOWFISH, ivlen=8, keysizemin=40, keysizemax=448 000 algorithm ESP encrypt: id=11, name=ESP_NULL, ivlen=0, keysizemin=0, keysizemax=0 000 algorithm ESP encrypt: id=12, name=ESP_AES, ivlen=8, keysizemin=128, keysizemax=256 000 algorithm ESP encrypt: id=252, name=ESP_SERPENT, ivlen=8, keysizemin=128, keysizemax=256 000 algorithm ESP encrypt: id=253, name=ESP_TWOFISH, ivlen=8, keysizemin=128, keysizemax=256 000 algorithm ESP auth attr: id=1, name=AUTH_ALGORITHM_HMAC_MD5, keysizemin=128, keysizemax=128 000 algorithm ESP auth attr: id=2, name=AUTH_ALGORITHM_HMAC_SHA1, keysizemin=160, keysizemax=160 000 algorithm ESP auth attr: id=5, name=AUTH_ALGORITHM_HMAC_SHA2_256, keysizemin=256, keysizemax=256 000 algorithm ESP auth attr: id=251, name=(null), keysizemin=0, keysizemax=0 000 000 algorithm IKE encrypt: id=7, name=OAKLEY_AES_CBC, blocksize=16, keydeflen=128 000 algorithm IKE encrypt: id=5, name=OAKLEY_3DES_CBC, blocksize=8, keydeflen=192 000 algorithm IKE hash: id=2, name=OAKLEY_SHA1, hashsize=20 000 algorithm IKE hash: id=1, name=OAKLEY_MD5, hashsize=16 000 algorithm IKE dh group: id=2, name=OAKLEY_GROUP_MODP1024, bits=1024 000 algorithm IKE dh group: id=5, name=OAKLEY_GROUP_MODP1536, bits=1536 000 algorithm IKE dh group: id=14, name=OAKLEY_GROUP_MODP2048, bits=2048 000 algorithm IKE dh group: id=15, name=OAKLEY_GROUP_MODP3072, bits=3072 000 algorithm IKE dh group: id=16, name=OAKLEY_GROUP_MODP4096, bits=4096 000 algorithm IKE dh group: id=17, name=OAKLEY_GROUP_MODP6144, bits=6144 000 algorithm IKE dh group: id=18, name=OAKLEY_GROUP_MODP8192, bits=8192 000 000 stats db_ops.c: {curr_cnt, total_cnt, maxsz} :context={0,0,0} trans={0,0,0} attrs={0,0,0} 000 000 "L2TP-PSK-orgWIN2KXP": 10.10.60.98:17/1701...%any:17/1701; unrouted; eroute owner: #0 000 "L2TP-PSK-orgWIN2KXP": srcip=unset; dstip=unset 000 "L2TP-PSK-orgWIN2KXP": ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 3 000 "L2TP-PSK-orgWIN2KXP": policy: PSK+ENCRYPT+TUNNEL; prio: 32,32; interface: eth0; 000 "L2TP-PSK-orgWIN2KXP": newest ISAKMP SA: #0; newest IPsec SA: #0; 000 "L2TP-PSK-orgWIN2KXP"[30]: 10.10.60.98:4500:17/1701...cli.cli.cli.cli:4500:17/1701; prospective erouted; eroute owner: #0 000 "L2TP-PSK-orgWIN2KXP"[30]: srcip=unset; dstip=unset 000 "L2TP-PSK-orgWIN2KXP"[30]: ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 3 000 "L2TP-PSK-orgWIN2KXP"[30]: policy: PSK+ENCRYPT+TUNNEL; prio: 32,32; interface: eth0; 000 "L2TP-PSK-orgWIN2KXP"[30]: newest ISAKMP SA: #0; newest IPsec SA: #0; 000 000 #127: "L2TP-PSK-orgWIN2KXP"[30] cli.cli.cli.cli:4500 STATE_QUICK_R1 (sent QR1, inbound IPsec SA installed, expecting QI2); EVENT_RETRANSMIT in 32s; nodpd 000 000 10.10.60.98/32:0 -17-> cli.cli.cli.cli/32:0 => %hold 0 %acquire-netlink 000 10.10.60.98/32:0 -17-> cli.cli.cli.cli/32:0 => %hold 0 %acquire-netlink 000 10.10.60.98/32:0 -17-> cli.cli.cli.cli/32:0 => %hold 0 %acquire-netlink 000 10.10.60.98/32:0 -17-> cli.cli.cli.cli/32:0 => %hold 0 %acquire-netlink 000 10.10.60.98/32:0 -17-> cli.cli.cli.cli/32:0 => %hold 0 %acquire-netlink 000 10.10.60.98/32:0 -17-> cli.cli.cli.cli/32:0 => %hold 0 %acquire-netlink 000 10.10.60.98/32:0 -17-> cli.cli.cli.cli/32:0 => %hold 0 %acquire-netlink 000 10.10.60.98/32:0 -17-> cli.cli.cli.cli/32:0 => %hold 0 %acquire-netlink 000 10.10.60.98/32:0 -17-> cli.cli.cli.cli/32:0 => %hold 0 %acquire-netlink 000 10.10.60.98/32:0 -17-> cli.cli.cli.cli/32:0 => %hold 0 %acquire-netlink + _________________________ ifconfig-a + ifconfig -a eth0 Link encap:Ethernet HWaddr 00:00:1A:00:FC:14 inet addr:10.10.60.98 Bcast:10.10.60.255 Mask:255.255.255.0 inet6 addr: 2001:18b0:1000:1002::95:1/128 Scope:Global inet6 addr: 2001:18b0:1000:1002::95:2/128 Scope:Global inet6 addr: fe80::200:1aff:fe00:fc14/64 Scope:Link inet6 addr: 2001:18b0:1000:1002::1/128 Scope:Global inet6 addr: 2001:18b0:1000:1002::ad5/128 Scope:Global inet6 addr: 2001:18b0:1000:1002:200:1aff:fe00:fc14/128 Scope:Global UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:451383 errors:0 dropped:2 overruns:0 frame:1 TX packets:499145 errors:0 dropped:0 overruns:0 carrier:0 collisions:172 txqueuelen:1000 RX bytes:146833537 (140.0 MiB) TX bytes:113989483 (108.7 MiB) Interrupt:5 Base address:0x300 isv6 Link encap:IPv6-in-IPv4 inet6 addr: fe80::a0a:3c62/64 Scope:Link inet6 addr: 2001:18b0:1000:1002:200:1aff:fe00:fc14/128 Scope:Global UP POINTOPOINT RUNNING NOARP MTU:1480 Metric:1 RX packets:19787 errors:0 dropped:0 overruns:0 frame:0 TX packets:30521 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:2052361 (1.9 MiB) TX bytes:3778142 (3.6 MiB) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:161846 errors:0 dropped:0 overruns:0 frame:0 TX packets:161846 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:29975702 (28.5 MiB) TX bytes:29975702 (28.5 MiB) openbox Link encap:IPv6-in-IPv4 inet6 addr: fe80::a0a:3c62/64 Scope:Link inet6 addr: 2001:18b0:1000:1002:200:1aff:fe00:fc14/128 Scope:Global UP POINTOPOINT RUNNING NOARP MTU:1480 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) sit0 Link encap:IPv6-in-IPv4 NOARP MTU:1480 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) + _________________________ ip-addr-list + ip addr list 1: lo: mtu 16436 qdisc noqueue link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host 2: eth0: mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 00:00:1a:00:fc:14 brd ff:ff:ff:ff:ff:ff inet 10.10.60.98/24 brd 10.10.60.255 scope global eth0 inet6 2001:18b0:1000:1002::95:1/128 scope global inet6 2001:18b0:1000:1002::95:2/128 scope global inet6 fe80::200:1aff:fe00:fc14/64 scope link inet6 2001:18b0:1000:1002::1/128 scope global inet6 2001:18b0:1000:1002::ad5/128 scope global inet6 2001:18b0:1000:1002:200:1aff:fe00:fc14/128 scope global 3: sit0@NONE: mtu 1480 qdisc noop link/sit 0.0.0.0 brd 0.0.0.0 4: isv6@NONE: mtu 1480 qdisc noqueue link/sit 0.0.0.0 peer isp.ipv6.gate.way inet6 fe80::a0a:3c62/64 scope link inet6 2001:18b0:1000:1002:200:1aff:fe00:fc14/128 scope global 5: openbox@NONE: mtu 1480 qdisc noqueue link/sit 0.0.0.0 peer 10.10.61.201 inet6 fe80::a0a:3c62/64 scope link inet6 2001:18b0:1000:1002:200:1aff:fe00:fc14/128 scope global + _________________________ ip-route-list + ip route list 10.10.60.0/24 dev eth0 proto kernel scope link src 10.10.60.98 default via 10.10.60.254 dev eth0 + _________________________ ip-rule-list + ip rule list 0: from all lookup local 32766: from all lookup main 32767: from all lookup default + _________________________ ipsec_verify + ipsec verify --nocolour Checking your system to see if IPsec got installed and started correctly: Version check and ipsec on-path [OK] Linux Openswan U2.3.0/K2.4.26-1-586tsc (netkey) Checking for IPsec support in kernel [OK] Checking for RSA private key (/etc/ipsec.secrets) [FAILED] ipsec showhostkey: no default key in "/etc/ipsec.secrets" Checking that pluto is running [OK] Two or more interfaces found, checking IP forwarding [OK] Checking NAT and MASQUERADEing [OK] Checking for 'ip' command [OK] Checking for 'iptables' command [OK] Checking for 'setkey' command for NETKEY IPsec stack support [OK] Opportunistic Encryption DNS checks: Looking for TXT in forward dns zone: darkflame [MISSING] Does the machine have at least one non-private address? [FAILED] + _________________________ mii-tool + '[' -x /sbin/mii-tool ']' + /sbin/mii-tool -v SIOCGMIIPHY on 'eth0' failed: Operation not supported no MII interfaces found + _________________________ ipsec/directory + ipsec --directory /usr/lib/ipsec + _________________________ hostname/fqdn + hostname --fqdn darkflame.darkskies.za.net + _________________________ hostname/ipaddress + hostname --ip-address 10.10.60.98 + _________________________ uptime + uptime 13:34:07 up 1 day, 17:22, 1 user, load average: 3.22, 2.69, 2.09 + _________________________ ps + ps alxwf + egrep -i 'ppid|pluto|ipsec|klips' F UID PID PPID PRI NI VSZ RSS WCHAN STAT TTY TIME COMMAND 4 0 3371 1817 9 0 2736 1324 wait4 S+ pts/5 0:00 | \_ /bin/sh /usr/lib/ipsec/barf 0 0 3565 3371 9 0 1540 468 pipe_w S+ pts/5 0:00 | \_ grep -E -i ppid|pluto|ipsec|klips 1 0 20714 1 9 0 2312 896 wait4 S pts/5 0:00 /bin/bash /usr/lib/ipsec/_plutorun --debug --uniqueids yes --nocrsend --strictcrlpolicy --nat_traversal yes --keep_alive --force_keepalive --disable_port_floating --virtual_private --crlcheckinterval 0 --ocspuri --nhelpers --dump --opts --stderrlog --wait no --pre --post --log daemon.error --pid /var/run/pluto.pid 1 0 20718 20714 9 0 2312 904 wait4 S pts/5 0:00 \_ /bin/bash /usr/lib/ipsec/_plutorun --debug --uniqueids yes --nocrsend --strictcrlpolicy --nat_traversal yes --keep_alive --force_keepalive --disable_port_floating --virtual_private --crlcheckinterval 0 --ocspuri --nhelpers --dump --opts --stderrlog --wait no --pre --post --log daemon.error --pid /var/run/pluto.pid 4 0 20723 20718 8 0 2528 1024 select S pts/5 0:08 | \_ /usr/lib/ipsec/pluto --nofork --secretsfile /etc/ipsec.secrets --ipsecdir /etc/ipsec.d --uniqueids --nat_traversal 1 0 20739 20723 15 10 2460 540 ? SN pts/5 0:06 | \_ pluto helper # 0 -nofork 0 0 20810 20723 9 0 1416 220 select S pts/5 0:00 | \_ _pluto_adns 0 0 20719 20714 8 0 2288 896 pipe_w S pts/5 0:00 \_ /bin/sh /usr/lib/ipsec/_plutoload --wait no --post 0 0 20715 1 9 0 1480 336 pipe_w S pts/5 0:00 logger -s -p daemon.error -t ipsec__plutorun + _________________________ ipsec/showdefaults + ipsec showdefaults routephys=eth0 routevirt=ipsec0 routeaddr=10.10.60.98 routenexthop=10.10.60.254 + _________________________ ipsec/conf + ipsec _include /etc/ipsec.conf + ipsec _keycensor #< /etc/ipsec.conf 1 # /etc/ipsec.conf - Openswan IPsec configuration file # RCSID $Id: ipsec.conf.in,v 1.13 2004/03/24 04:14:39 ken Exp $ # This file: /usr/share/doc/openswan/ipsec.conf-sample # # Manual: ipsec.conf.5 version 2.0 # conforms to second version of ipsec.conf specification # basic configuration config setup # Debug-logging controls: "none" for (almost) none, "all" for lots. # klipsdebug=none # plutodebug="control parsing" nat_traversal=yes # Add connections here # sample VPN connection #sample# conn sample #sample# # Left security gateway, subnet behind it, next hop toward right. #sample# left=10.0.0.1 #sample# leftsubnet=172.16.0.0/24 #sample# leftnexthop=10.22.33.44 #sample# # Right security gateway, subnet behind it, next hop toward left. #sample# right=10.12.12.1 #sample# rightsubnet=192.168.0.0/24 #sample# rightnexthop=10.101.102.103 #sample# # To authorize this connection, but not actually start it, at startup, #sample# # uncomment this. #sample# #auto=start #Disable Opportunistic Encryption #< /etc/ipsec.d/examples/no_oe.conf 1 # 'include' this file to disable Opportunistic Encryption. # See /usr/share/doc/openswan/policygroups.html for details. # # RCSID $Id: no_oe.conf.in,v 1.2 2004/10/03 19:33:10 paul Exp $ conn block auto=ignore conn private auto=ignore conn private-or-clear auto=ignore conn clear-or-private auto=ignore conn clear auto=ignore conn packetdefault auto=ignore #> /etc/ipsec.conf 36 conn L2TP-PSK-orgWIN2KXP # # Use a Preshared Key. Disable Perfect Forward Secrecy. # authby=secret pfs=no # left=10.10.60.98 # # Required for original (non-updated) Windows 2000/XP clients. leftprotoport=17/1701 # # The remote user. # right=%any rightprotoport=17/1701 # # Authorize this connection, and wait for connection from user. # auto=add keyingtries=3 + _________________________ ipsec/secrets + ipsec _include /etc/ipsec.secrets + ipsec _secretcensor #< /etc/ipsec.secrets 1 # RCSID $Id: ipsec.secrets.proto,v 1.2 2004/03/13 17:13:47 rene Exp $ # This file holds shared secrets or RSA private keys for inter-Pluto # authentication. See ipsec_pluto(8) manpage, and HTML documentation. # RSA private key for this host, authenticating it to any other host # which knows the public part. Suitable public keys, for ipsec.conf, DNS, # or configuration of other implementations, can be extracted conveniently # with "[sums to ef67...]". 10.10.60.98 %any: PSK "[sums to 2628...]" : RSA /etc/ipsec.d/private/darkflameKey.pem + _________________________ ipsec/listall + ipsec auto --listall 000 000 List of Public Keys: 000 + '[' /etc/ipsec.d/policies ']' ++ basename /etc/ipsec.d/policies/block + base=block + _________________________ ipsec/policies/block + cat /etc/ipsec.d/policies/block # This file defines the set of CIDRs (network/mask-length) to which # communication should never be allowed. # # See /usr/share/doc/openswan/policygroups.html for details. # # $Id: block.in,v 1.4 2003/02/17 02:22:15 mcr Exp $ # ++ basename /etc/ipsec.d/policies/clear + base=clear + _________________________ ipsec/policies/clear + cat /etc/ipsec.d/policies/clear # This file defines the set of CIDRs (network/mask-length) to which # communication should always be in the clear. # # See /usr/share/doc/openswan/policygroups.html for details. # # $Id: clear.in,v 1.4 2003/02/17 02:22:15 mcr Exp $ # ++ basename /etc/ipsec.d/policies/clear-or-private + base=clear-or-private + _________________________ ipsec/policies/clear-or-private + cat /etc/ipsec.d/policies/clear-or-private # This file defines the set of CIDRs (network/mask-length) to which # we will communicate in the clear, or, if the other side initiates IPSEC, # using encryption. This behaviour is also called "Opportunistic Responder". # # See /usr/share/doc/openswan/policygroups.html for details. # # $Id: clear-or-private.in,v 1.4 2003/02/17 02:22:15 mcr Exp $ # ++ basename /etc/ipsec.d/policies/private + base=private + _________________________ ipsec/policies/private + cat /etc/ipsec.d/policies/private # This file defines the set of CIDRs (network/mask-length) to which # communication should always be private (i.e. encrypted). # See /usr/share/doc/openswan/policygroups.html for details. # # $Id: private.in,v 1.4 2003/02/17 02:22:15 mcr Exp $ # ++ basename /etc/ipsec.d/policies/private-or-clear + base=private-or-clear + _________________________ ipsec/policies/private-or-clear + cat /etc/ipsec.d/policies/private-or-clear # This file defines the set of CIDRs (network/mask-length) to which # communication should be private, if possible, but in the clear otherwise. # # If the target has a TXT (later IPSECKEY) record that specifies # authentication material, we will require private (i.e. encrypted) # communications. If no such record is found, communications will be # in the clear. # # See /usr/share/doc/openswan/policygroups.html for details. # # $Id: private-or-clear.in,v 1.5 2003/02/17 02:22:15 mcr Exp $ # 0.0.0.0/0 + _________________________ ipsec/ls-libdir + ls -l /usr/lib/ipsec total 1388 -rwxr-xr-x 1 root root 15469 May 4 12:02 _confread -rwxr-xr-x 1 root root 4544 May 4 12:07 _copyright -rwxr-xr-x 1 root root 2380 May 4 12:02 _include -rwxr-xr-x 1 root root 1476 May 4 12:02 _keycensor -rwxr-xr-x 1 root root 9784 May 4 12:07 _pluto_adns -rwxr-xr-x 1 root root 3586 May 4 12:02 _plutoload -rwxr-xr-x 1 root root 7293 May 4 12:03 _plutorun -rwxr-xr-x 1 root root 11410 May 4 12:02 _realsetup -rwxr-xr-x 1 root root 1976 May 4 12:02 _secretcensor -rwxr-xr-x 1 root root 9262 May 4 12:04 _startklips -rwxr-xr-x 1 root root 12329 May 4 12:02 _updown -rwxr-xr-x 1 root root 7572 May 4 12:02 _updown_x509 -rwxr-xr-x 1 root root 18842 May 4 12:02 auto -rwxr-xr-x 1 root root 10561 May 4 12:04 barf -rwxr-xr-x 1 root root 816 May 4 12:03 calcgoo -rwxr-xr-x 1 root root 80792 May 4 12:07 eroute -rwxr-xr-x 1 root root 16044 May 4 12:07 ikeping -rwxr-xr-x 1 root root 1942 May 4 12:03 ipsec_pr.template -rwxr-xr-x 1 root root 60664 May 4 12:07 klipsdebug -rwxr-xr-x 1 root root 1664 May 4 12:03 livetest -rwxr-xr-x 1 root root 2462 May 4 12:03 look -rwxr-xr-x 1 root root 7118 May 4 12:04 mailkey -rwxr-xr-x 1 root root 15933 May 4 12:03 manual -rwxr-xr-x 1 root root 1874 May 4 12:03 newhostkey -rwxr-xr-x 1 root root 53132 May 4 12:07 pf_key -rwxr-xr-x 1 root root 665112 May 4 12:07 pluto -rwxr-xr-x 1 root root 6584 May 4 12:07 ranbits -rwxr-xr-x 1 root root 18584 May 4 12:07 rsasigkey -rwxr-xr-x 1 root root 766 May 4 12:03 secrets -rwxr-xr-x 1 root root 17570 May 4 12:03 send-pr lrwxrwxrwx 1 root root 17 May 4 12:46 setup -> /etc/init.d/ipsec -rwxr-xr-x 1 root root 1048 May 4 12:03 showdefaults -rwxr-xr-x 1 root root 4749 May 4 12:03 showhostkey -rwxr-xr-x 1 root root 118232 May 4 12:07 spi -rwxr-xr-x 1 root root 68408 May 4 12:07 spigrp -rwxr-xr-x 1 root root 9744 May 4 12:07 tncfg -rwxr-xr-x 1 root root 10189 May 4 12:04 verify -rwxr-xr-x 1 root root 47032 May 4 12:07 whack + _________________________ ipsec/ls-execdir + ls -l /usr/lib/ipsec total 1388 -rwxr-xr-x 1 root root 15469 May 4 12:02 _confread -rwxr-xr-x 1 root root 4544 May 4 12:07 _copyright -rwxr-xr-x 1 root root 2380 May 4 12:02 _include -rwxr-xr-x 1 root root 1476 May 4 12:02 _keycensor -rwxr-xr-x 1 root root 9784 May 4 12:07 _pluto_adns -rwxr-xr-x 1 root root 3586 May 4 12:02 _plutoload -rwxr-xr-x 1 root root 7293 May 4 12:03 _plutorun -rwxr-xr-x 1 root root 11410 May 4 12:02 _realsetup -rwxr-xr-x 1 root root 1976 May 4 12:02 _secretcensor -rwxr-xr-x 1 root root 9262 May 4 12:04 _startklips -rwxr-xr-x 1 root root 12329 May 4 12:02 _updown -rwxr-xr-x 1 root root 7572 May 4 12:02 _updown_x509 -rwxr-xr-x 1 root root 18842 May 4 12:02 auto -rwxr-xr-x 1 root root 10561 May 4 12:04 barf -rwxr-xr-x 1 root root 816 May 4 12:03 calcgoo -rwxr-xr-x 1 root root 80792 May 4 12:07 eroute -rwxr-xr-x 1 root root 16044 May 4 12:07 ikeping -rwxr-xr-x 1 root root 1942 May 4 12:03 ipsec_pr.template -rwxr-xr-x 1 root root 60664 May 4 12:07 klipsdebug -rwxr-xr-x 1 root root 1664 May 4 12:03 livetest -rwxr-xr-x 1 root root 2462 May 4 12:03 look -rwxr-xr-x 1 root root 7118 May 4 12:04 mailkey -rwxr-xr-x 1 root root 15933 May 4 12:03 manual -rwxr-xr-x 1 root root 1874 May 4 12:03 newhostkey -rwxr-xr-x 1 root root 53132 May 4 12:07 pf_key -rwxr-xr-x 1 root root 665112 May 4 12:07 pluto -rwxr-xr-x 1 root root 6584 May 4 12:07 ranbits -rwxr-xr-x 1 root root 18584 May 4 12:07 rsasigkey -rwxr-xr-x 1 root root 766 May 4 12:03 secrets -rwxr-xr-x 1 root root 17570 May 4 12:03 send-pr lrwxrwxrwx 1 root root 17 May 4 12:46 setup -> /etc/init.d/ipsec -rwxr-xr-x 1 root root 1048 May 4 12:03 showdefaults -rwxr-xr-x 1 root root 4749 May 4 12:03 showhostkey -rwxr-xr-x 1 root root 118232 May 4 12:07 spi -rwxr-xr-x 1 root root 68408 May 4 12:07 spigrp -rwxr-xr-x 1 root root 9744 May 4 12:07 tncfg -rwxr-xr-x 1 root root 10189 May 4 12:04 verify -rwxr-xr-x 1 root root 47032 May 4 12:07 whack + _________________________ ipsec/updowns ++ ls /usr/lib/ipsec ++ egrep updown + cat /usr/lib/ipsec/_updown #! /bin/sh # iproute2 version, default updown script # # Copyright (C) 2003-2004 Nigel Meteringham # Copyright (C) 2003-2004 Tuomo Soini # Copyright (C) 2002-2004 Michael Richardson # # This program is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by the # Free Software Foundation; either version 2 of the License, or (at your # option) any later version. See . # # This program is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY # or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License # for more details. # # RCSID $Id: _updown.ip2.in,v 1.12 2004/07/09 03:54:26 ken Exp $ # CAUTION: Installing a new version of FreeS/WAN will install a new # copy of this script, wiping out any custom changes you make. If # you need changes, make a copy of this under another name, and customize # that, and use the (left/right)updown parameters in ipsec.conf to make # FreeS/WAN use yours instead of this default one. LC_ALL=C export LC_ALL # things that this script gets (from ipsec_pluto(8) man page) # # # PLUTO_VERSION # indicates what version of this interface is being # used. This document describes version 1.1. This # is upwardly compatible with version 1.0. # # PLUTO_VERB # specifies the name of the operation to be performed # (prepare-host, prepare-client, up-host, up-client, # down-host, or down-client). If the address family # for security gateway to security gateway communica­ # tions is IPv6, then a suffix of -v6 is added to the # verb. # # PLUTO_CONNECTION # is the name of the connection for which we are # routing. # # PLUTO_CONN_POLICY # the policy of the connection, as in: # RSASIG+ENCRYPT+TUNNEL+PFS+DONTREKEY+OPPORTUNISTIC+failureDROP+lKOD+rKOD # # PLUTO_NEXT_HOP # is the next hop to which packets bound for the peer # must be sent. # # PLUTO_INTERFACE # is the name of the ipsec interface to be used. # # PLUTO_ME # is the IP address of our host. # # PLUTO_MY_CLIENT # is the IP address / count of our client subnet. If # the client is just the host, this will be the # host's own IP address / max (where max is 32 for # IPv4 and 128 for IPv6). # # PLUTO_MY_CLIENT_NET # is the IP address of our client net. If the client # is just the host, this will be the host's own IP # address. # # PLUTO_MY_CLIENT_MASK # is the mask for our client net. If the client is # just the host, this will be 255.255.255.255. # # PLUTO_MY_SOURCEIP # if non-empty, then the source address for the route will be # set to this IP address. # # PLUTO_PEER # is the IP address of our peer. # # PLUTO_PEER_CLIENT # is the IP address / count of the peer's client sub­ # net. If the client is just the peer, this will be # the peer's own IP address / max (where max is 32 # for IPv4 and 128 for IPv6). # # PLUTO_PEER_CLIENT_NET # is the IP address of the peer's client net. If the # client is just the peer, this will be the peer's # own IP address. # # PLUTO_PEER_CLIENT_MASK # is the mask for the peer's client net. If the # client is just the peer, this will be # 255.255.255.255. # # PLUTO_CONNECTION_TYPE # # check interface version case "$PLUTO_VERSION" in 1.[0]) # Older Pluto?!? Play it safe, script may be using new features. echo "$0: obsolete interface version \`$PLUTO_VERSION'," >&2 echo "$0: called by obsolete Pluto?" >&2 exit 2 ;; 1.*) ;; *) echo "$0: unknown interface version \`$PLUTO_VERSION'" >&2 exit 2 ;; esac # check parameter(s) case "$1:$*" in ':') # no parameters ;; ipfwadm:ipfwadm) # due to (left/right)firewall; for default script only ;; custom:*) # custom parameters (see above CAUTION comment) ;; *) echo "$0: unknown parameters \`$*'" >&2 exit 2 ;; esac # utility functions for route manipulation # Meddling with this stuff should not be necessary and requires great care. uproute() { doroute add ip route flush cache } downroute() { doroute delete ip route flush cache } uprule() { # policy based advanced routing if [ -n "$PLUTO_IPROUTETABLE" ] && [ "$PLUTO_IPROUTETABLE" != "main" ] then dorule delete dorule add fi # virtual sourceip support if [ -n "$PLUTO_MY_SOURCEIP" ] && ["$PLUTO_MY_SOURCEIP" != "no" ] then addsource changesource fi ip route flush cache } downrule() { if [ -n "$PLUTO_MY_SOURCEIP" ] && [ "$PLUTO_IPROUTETABLE" != "main" ] then dorule delete ip route flush cache fi } addsource() { st=0 if ! ip -o route get ${PLUTO_MY_SOURCEIP%/*} | grep -q ^local then it="ip addr add ${PLUTO_MY_SOURCEIP%/*}/32 dev $PLUTO_INTERFACE" oops="`eval $it 2>&1`" st=$? if test " $oops" = " " -a " $st" != " 0" then oops="silent error, exit status $st" fi if test " $oops" != " " -o " $st" != " 0" then echo "$0: addsource \`$it' failed ($oops)" >&2 fi fi return $st } changesource() { st=0 parms="$PLUTO_PEER_CLIENT" parms2="dev $PLUTO_INTERFACE" parms3="src ${PLUTO_MY_SOURCEIP%/*}" if [ -n "$PLUTO_IPROUTETABLE" ] && [ "$PLUTO_IPROUTETABLE" != "main" ] then parms3="$parms3 table '$PLUTO_IPROUTETABLE'" fi case "$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK" in "0.0.0.0/0.0.0.0") # opportunistic encryption work around it= ;; esac oops="`eval $it 2>&1`" st=$? if test " $oops" = " " -a " $st" != " 0" then oops="silent error, exit status $st" fi if test " $oops" != " " -o " $st" != " 0" then echo "$0: changesource \`$it' failed ($oops)" >&2 fi return $st } dorule() { st=0 it2= iprule="from $PLUTO_MY_CLIENT" iprule2="to $PLUTO_PEER_CLIENT table $PLUTO_IPROUTETABLE" case "$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK" in "0.0.0.0/0.0.0.0") # opportunistic encryption work around st=0 ;; *) if test "$PLUTO_MY_SOURCEIP" = "no" then if test "$PLUTO_ME" = "${PLUTO_MY_CLIENT%/*}" then it="ip rule $1 iif lo $iprule2" else it="ip rule $1 $iprule $iprule2" fi else if test "${PLUTO_MY_SOURCEIP%/*}" = "${PLUTO_MY_CLIENT%/*}" then it="ip rule $1 iif lo $iprule2" else it="ip rule $1 $iprule $iprule2" it2="ip rule $1 iif lo $iprule2" fi fi oops="`eval $it 2>&1`" st=$? if test " $oops" = " " -a " $st" != " 0" then oops="silent error, exit status $st" fi case "$oops" in 'RTNETLINK answers: No such process'*) # This is what ip rule gives # for "could not find such a rule" oops= st=0 ;; esac if test " $oops" != " " -o " $st" != " 0" then echo "$0: dorule \`$it' failed ($oops)" >&2 fi if test "$st" = "0" -a -n "$it2" then oops="`eval $it2 2>&1`" st=$? if test " $oops" = " " -a " $st" != " 0" then oops="silent error, exit status $st" fi case "$oops" in 'RTNETLINK answers: No such process'*) # This is what ip rule gives # for "could not find such a rule" oops= st=0 ;; esac if test " $oops" != " " -o " $st" != " 0" then echo "$0: dorule \`$it2' failed ($oops)" >&2 fi fi ;; esac return $st } doroute() { st=0 parms="$PLUTO_PEER_CLIENT" parms2= if [ -n "$PLUTO_NEXT_HOP" ] then parms2="via $PLUTO_NEXT_HOP" fi parms2="$parms2 dev $PLUTO_INTERFACE" parms3= if [ -n "$PLUTO_IPROUTETABLE" ] && [ "$PLUTO_IPROUTETABLE" != "main" ] then parms3="table $PLUTO_IPROUTETABLE" fi if [ -z "$PLUTO_MY_SOURCEIP" ] then if [ -f /etc/sysconfig/defaultsource ] then . /etc/sysconfig/defaultsource if [ -n "$DEFAULTSOURCE" ] then PLUTO_MY_SOURCEIP=$DEFAULTSOURCE fi fi fi if test "$1" = "add" -a -n "$PLUTO_MY_SOURCEIP" then addsource parms3="$parms3 src ${PLUTO_MY_SOURCEIP%/*}" fi case "$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK" in "0.0.0.0/0.0.0.0") # opportunistic encryption work around # need to provide route that eclipses default, without # replacing it. it="ip route $1 0.0.0.0/1 $parms2 $parms3 && ip route $1 128.0.0.0/1 $parms2 $parms3" ;; *) it="ip route $1 $parms $parms2 $parms3" ;; esac oops="`eval $it 2>&1`" st=$? if test " $oops" = " " -a " $st" != " 0" then oops="silent error, exit status $st" fi if test " $oops" != " " -o " $st" != " 0" then echo "$0: doroute \`$it' failed ($oops)" >&2 fi return $st } # the big choice case "$PLUTO_VERB:$1" in prepare-host:*|prepare-client:*) # delete possibly-existing route (preliminary to adding a route) case "$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK" in "0.0.0.0/0.0.0.0") # need to provide route that eclipses default, without # replacing it. parms1="0.0.0.0/1" parms2="128.0.0.0/1" it="ip route delete $parms1 2>&1 ; ip route delete $parms2 2>&1" oops="`ip route delete $parms1 2>&1 ; ip route delete $parms2 2>&1`" ;; *) parms="$PLUTO_PEER_CLIENT" it="ip route delete $parms 2>&1" oops="`ip route delete $parms 2>&1`" ;; esac status="$?" if test " $oops" = " " -a " $status" != " 0" then oops="silent error, exit status $status" fi case "$oops" in *'RTNETLINK answers: No such process'*) # This is what route (currently -- not documented!) gives # for "could not find such a route". oops= status=0 ;; esac if test " $oops" != " " -o " $status" != " 0" then echo "$0: \`$it' failed ($oops)" >&2 fi exit $status ;; route-host:*|route-client:*) # connection to me or my client subnet being routed uproute ;; unroute-host:*|unroute-client:*) # connection to me or my client subnet being unrouted downroute ;; up-host:*) # connection to me coming up # If you are doing a custom version, firewall commands go here. ;; down-host:*) # connection to me going down # If you are doing a custom version, firewall commands go here. ;; up-client:) # connection to my client subnet coming up # If you are doing a custom version, firewall commands go here. ;; down-client:) # connection to my client subnet going down # If you are doing a custom version, firewall commands go here. ;; up-client:ipfwadm) # connection to client subnet, with (left/right)firewall=yes, coming up # This is used only by the default updown script, not by your custom # ones, so do not mess with it; see CAUTION comment up at top. ipfwadm -F -i accept -b -S $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK \ -D $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK ;; down-client:ipfwadm) # connection to client subnet, with (left/right)firewall=yes, going down # This is used only by the default updown script, not by your custom # ones, so do not mess with it; see CAUTION comment up at top. ipfwadm -F -d accept -b -S $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK \ -D $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK ;; # # IPv6 # prepare-host-v6:*|prepare-client-v6:*) ;; route-host-v6:*|route-client-v6:*) # connection to me or my client subnet being routed #uproute_v6 ;; unroute-host-v6:*|unroute-client-v6:*) # connection to me or my client subnet being unrouted #downroute_v6 ;; up-host-v6:*) # connection to me coming up # If you are doing a custom version, firewall commands go here. ;; down-host-v6:*) # connection to me going down # If you are doing a custom version, firewall commands go here. ;; up-client-v6:) # connection to my client subnet coming up # If you are doing a custom version, firewall commands go here. ;; down-client-v6:) # connection to my client subnet going down # If you are doing a custom version, firewall commands go here. ;; *) echo "$0: unknown verb \`$PLUTO_VERB' or parameter \`$1'" >&2 exit 1 ;; esac + cat /usr/lib/ipsec/_updown_x509 #! /bin/sh # # customized updown script # # logging of VPN connections # # tag put in front of each log entry: TAG=vpn # # syslog facility and priority used: FAC_PRIO=local0.notice # # to create a special vpn logging file, put the following line into # the syslog configuration file /etc/syslog.conf: # # local0.notice -/var/log/vpn # # check interface version case "$PLUTO_VERSION" in 1.[0]) # Older Pluto?!? Play it safe, script may be using new features. echo "$0: obsolete interface version \`$PLUTO_VERSION'," >&2 echo "$0: called by obsolete Pluto?" >&2 exit 2 ;; 1.*) ;; *) echo "$0: unknown interface version \`$PLUTO_VERSION'" >&2 exit 2 ;; esac # check parameter(s) case "$1:$*" in ':') # no parameters ;; ipfwadm:ipfwadm) # due to (left/right)firewall; for default script only ;; custom:*) # custom parameters (see above CAUTION comment) ;; *) echo "$0: unknown parameters \`$*'" >&2 exit 2 ;; esac # utility functions for route manipulation # Meddling with this stuff should not be necessary and requires great care. uproute() { doroute add } downroute() { doroute del } doroute() { parms="-net $PLUTO_PEER_CLIENT_NET netmask $PLUTO_PEER_CLIENT_MASK" parms2="dev $PLUTO_INTERFACE gw $PLUTO_NEXT_HOP" case "$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK" in "0.0.0.0/0.0.0.0") # horrible kludge for obscure routing bug with opportunistic it="route $1 -net 0.0.0.0 netmask 128.0.0.0 $parms2 &&" it="$it route $1 -net 128.0.0.0 netmask 128.0.0.0 $parms2" route $1 -net 0.0.0.0 netmask 128.0.0.0 $parms2 && route $1 -net 128.0.0.0 netmask 128.0.0.0 $parms2 ;; *) it="route $1 $parms $parms2" route $1 $parms $parms2 ;; esac st=$? if test $st -ne 0 then # route has already given its own cryptic message echo "$0: \`$it' failed" >&2 if test " $1 $st" = " add 7" then # another totally undocumented interface -- 7 and # "SIOCADDRT: Network is unreachable" means that # the gateway isn't reachable. echo "$0: (incorrect or missing nexthop setting??)" >&2 fi fi return $st } # are there port numbers? if [ "$PLUTO_MY_PORT" != 0 ] then S_MY_PORT="--sport $PLUTO_MY_PORT" D_MY_PORT="--dport $PLUTO_MY_PORT" fi if [ "$PLUTO_PEER_PORT" != 0 ] then S_PEER_PORT="--sport $PLUTO_PEER_PORT" D_PEER_PORT="--dport $PLUTO_PEER_PORT" fi # the big choice case "$PLUTO_VERB:$1" in prepare-host:*|prepare-client:*) # delete possibly-existing route (preliminary to adding a route) case "$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK" in "0.0.0.0/0.0.0.0") # horrible kludge for obscure routing bug with opportunistic parms1="-net 0.0.0.0 netmask 128.0.0.0" parms2="-net 128.0.0.0 netmask 128.0.0.0" it="route del $parms1 2>&1 ; route del $parms2 2>&1" oops="`route del $parms1 2>&1 ; route del $parms2 2>&1`" ;; *) parms="-net $PLUTO_PEER_CLIENT_NET netmask $PLUTO_PEER_CLIENT_MASK" it="route del $parms 2>&1" oops="`route del $parms 2>&1`" ;; esac status="$?" if test " $oops" = " " -a " $status" != " 0" then oops="silent error, exit status $status" fi case "$oops" in 'SIOCDELRT: No such process'*) # This is what route (currently -- not documented!) gives # for "could not find such a route". oops= status=0 ;; esac if test " $oops" != " " -o " $status" != " 0" then echo "$0: \`$it' failed ($oops)" >&2 fi exit $status ;; route-host:*|route-client:*) # connection to me or my client subnet being routed uproute ;; unroute-host:*|unroute-client:*) # connection to me or my client subnet being unrouted downroute ;; up-host:*) # connection to me coming up # If you are doing a custom version, firewall commands go here. iptables -I INPUT 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \ -s $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $S_PEER_PORT \ -d $PLUTO_ME $D_MY_PORT -j ACCEPT iptables -I OUTPUT 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \ -s $PLUTO_ME $S_MY_PORT \ -d $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $D_PEER_PORT -j ACCEPT # if [ "$PLUTO_PEER_CLIENT" == "$PLUTO_PEER/32" ] then logger -t $TAG -p $FAC_PRIO \ "+ `echo -e $PLUTO_PEER_ID` $PLUTO_PEER -- $PLUTO_ME" else logger -t $TAG -p $FAC_PRIO \ "+ `echo -e $PLUTO_PEER_ID` $PLUTO_PEER_CLIENT == $PLUTO_PEER -- $PLUTO_ME" fi ;; down-host:*) # connection to me going down # If you are doing a custom version, firewall commands go here. iptables -D INPUT -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \ -s $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $S_PEER_PORT \ -d $PLUTO_ME $D_MY_PORT -j ACCEPT iptables -D OUTPUT -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \ -s $PLUTO_ME $S_MY_PORT \ -d $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $D_PEER_PORT -j ACCEPT # if [ "$PLUTO_PEER_CLIENT" == "$PLUTO_PEER/32" ] then logger -t $TAG -p $FAC_PRIO -- \ "- `echo -e $PLUTO_PEER_ID` $PLUTO_PEER -- $PLUTO_ME" else logger -t $TAG -p $FAC_PRIO -- \ "- `echo -e $PLUTO_PEER_ID` $PLUTO_PEER_CLIENT == $PLUTO_PEER -- $PLUTO_ME" fi ;; up-client:) # connection to my client subnet coming up # If you are doing a custom version, firewall commands go here. iptables -I FORWARD 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \ -s $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK $S_MY_PORT \ -d $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $D_PEER_PORT -j ACCEPT iptables -I FORWARD 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \ -s $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $S_PEER_PORT \ -d $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK $D_MY_PORT -j ACCEPT # if [ "$PLUTO_PEER_CLIENT" == "$PLUTO_PEER/32" ] then logger -t $TAG -p $FAC_PRIO \ "+ `echo -e $PLUTO_PEER_ID` $PLUTO_PEER -- $PLUTO_ME == $PLUTO_MY_CLIENT" else logger -t $TAG -p $FAC_PRIO \ "+ `echo -e $PLUTO_PEER_ID` $PLUTO_PEER_CLIENT == $PLUTO_PEER -- $PLUTO_ME == $PLUTO_MY_CLIENT" fi ;; down-client:) # connection to my client subnet going down # If you are doing a custom version, firewall commands go here. iptables -D FORWARD -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \ -s $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK $S_MY_PORT \ -d $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $D_PEER_PORT -j ACCEPT iptables -D FORWARD -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \ -s $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $S_PEER_PORT \ -d $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK $D_MY_PORT -j ACCEPT # if [ "$PLUTO_PEER_CLIENT" == "$PLUTO_PEER/32" ] then logger -t $TAG -p $FAC_PRIO -- \ "- `echo -e $PLUTO_PEER_ID` $PLUTO_PEER -- $PLUTO_ME == $PLUTO_MY_CLIENT" else logger -t $TAG -p $FAC_PRIO -- \ "- `echo -e $PLUTO_PEER_ID` $PLUTO_PEER_CLIENT == $PLUTO_PEER -- $PLUTO_ME == $PLUTO_MY_CLIENT" fi ;; up-client:ipfwadm) # connection to client subnet, with (left/right)firewall=yes, coming up # This is used only by the default updown script, not by your custom # ones, so do not mess with it; see CAUTION comment up at top. ipfwadm -F -i accept -b -S $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK \ -D $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK ;; down-client:ipfwadm) # connection to client subnet, with (left/right)firewall=yes, going down # This is used only by the default updown script, not by your custom # ones, so do not mess with it; see CAUTION comment up at top. ipfwadm -F -d accept -b -S $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK \ -D $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK ;; *) echo "$0: unknown verb \`$PLUTO_VERB' or parameter \`$1'" >&2 exit 1 ;; esac + _________________________ /proc/net/dev + cat /proc/net/dev Inter-| Receive | Transmit face |bytes packets errs drop fifo frame compressed multicast|bytes packets errs drop fifo colls carrier compressed lo:29988804 161951 0 0 0 0 0 0 29988804 161951 0 0 0 0 0 0 eth0:146871211 451534 0 2 0 1 0 488 114066034 499329 0 0 0 172 0 0 sit0: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 isv6: 2052361 19787 0 0 0 0 0 0 3778142 30521 0 0 0 0 0 0 openbox: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 + _________________________ /proc/net/route + cat /proc/net/route Iface Destination Gateway Flags RefCnt Use Metric Mask MTU Window IRTT eth0 003C0A0A 00000000 0001 0 0 0 00FFFFFF 0 0 0 eth0 00000000 FE3C0A0A 0003 0 0 0 00000000 0 0 0 + _________________________ /proc/sys/net/ipv4/ip_forward + cat /proc/sys/net/ipv4/ip_forward 1 + _________________________ /proc/sys/net/ipv4/conf/star-rp_filter + cd /proc/sys/net/ipv4/conf + egrep '^' all/rp_filter default/rp_filter eth0/rp_filter lo/rp_filter all/rp_filter:1 default/rp_filter:1 eth0/rp_filter:1 lo/rp_filter:1 + _________________________ uname-a + uname -a Linux darkflame 2.4.26-1-586tsc #1 Tue Aug 24 13:38:47 JST 2004 i586 GNU/Linux + _________________________ config-built-with + test -r /proc/config_built_with + _________________________ redhat-release + test -r /etc/redhat-release + test -r /etc/fedora-release + _________________________ /proc/net/ipsec_version + test -r /proc/net/ipsec_version + test -r /proc/net/pfkey ++ uname -r + echo 'NETKEY (2.4.26-1-586tsc) support detected ' NETKEY (2.4.26-1-586tsc) support detected + _________________________ ipfwadm + test -r /sbin/ipfwadm + 'no old-style linux 1.x/2.0 ipfwadm firewall support' /usr/lib/ipsec/barf: line 297: no old-style linux 1.x/2.0 ipfwadm firewall support: No such file or directory + _________________________ ipchains + test -r /sbin/ipchains + echo 'no old-style linux 2.0 ipchains firewall support' no old-style linux 2.0 ipchains firewall support + _________________________ iptables + test -r /sbin/iptables + iptables -L -v -n Chain INPUT (policy ACCEPT 620K packets, 171M bytes) pkts bytes target prot opt in out source destination 0 0 REJECT tcp -- * * 0.0.0.0/0 !127.0.0.1 tcp dpt:8086 reject-with tcp-reset 298K 124M blacklist tcp -- * * 0.0.0.0/0 0.0.0.0/0 Chain FORWARD (policy ACCEPT 11213 packets, 951K bytes) pkts bytes target prot opt in out source destination 130 6272 TCPMSS tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x02 TCPMSS clamp to PMTU Chain OUTPUT (policy ACCEPT 666K packets, 137M bytes) pkts bytes target prot opt in out source destination 0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:6667 OWNER UID match 1039 reject-with icmp-port-unreachable 0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:6667 OWNER UID match 1038 reject-with icmp-port-unreachable Chain blacklist (1 references) pkts bytes target prot opt in out source destination 0 0 REJECT tcp -- * * 213.1.215.250 0.0.0.0/0 reject-with tcp-reset 0 0 REJECT tcp -- * * 64.5.245.11 0.0.0.0/0 reject-with tcp-reset 2 120 REJECT tcp -- * * 192.55.214.133 0.0.0.0/0 reject-with tcp-reset + _________________________ iptables-nat + iptables -t nat -L -v -n Chain PREROUTING (policy ACCEPT 4580 packets, 388K bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 118K packets, 9476K bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 118K packets, 9536K bytes) pkts bytes target prot opt in out source destination + _________________________ iptables-mangle + iptables -t mangle -L -v -n Chain PREROUTING (policy ACCEPT 631K packets, 172M bytes) pkts bytes target prot opt in out source destination Chain INPUT (policy ACCEPT 620K packets, 171M bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 11213 packets, 951K bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 666K packets, 137M bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 678K packets, 138M bytes) pkts bytes target prot opt in out source destination + _________________________ /proc/modules + test -f /proc/modules + cat /proc/modules xfrm_user 8548 0 (unused) af_key 20392 0 ppp_deflate 3320 0 (autoclean) ppp_async 7360 0 (autoclean) ppp_generic 20028 0 (autoclean) [ppp_deflate ppp_async] slhc 5104 0 (autoclean) [ppp_generic] af_packet 12872 1 (autoclean) ipx 16804 1 (autoclean) deflate 1196 0 (autoclean) zlib_deflate 18232 0 (autoclean) [ppp_deflate deflate] twofish 42476 0 (autoclean) serpent 12588 0 (autoclean) aes 35104 0 (autoclean) binfmt_misc 5636 1 blowfish 7020 0 (autoclean) des 10380 1 (autoclean) sha256 8844 0 (autoclean) sha1 7532 0 (autoclean) crypto_null 940 0 (autoclean) ipcomp 4208 0 (unused) esp4 6512 1 ah4 4592 0 (unused) rtc 6684 0 (autoclean) ipt_owner 1272 2 (autoclean) ipt_REDIRECT 760 0 (autoclean) ipt_REJECT 3480 28 (autoclean) ipt_TCPMSS 2328 1 (autoclean) iptable_mangle 2072 0 (autoclean) (unused) iptable_filter 1644 1 (autoclean) ip_conntrack_irc 2960 1 (autoclean) ip_nat_irc 2160 0 (unused) ip_conntrack_ftp 3824 1 (autoclean) ip_nat_ftp 2704 0 (unused) iptable_nat 16536 2 [ipt_REDIRECT ip_nat_irc ip_nat_ftp] ip_tables 12448 9 [ipt_owner ipt_REDIRECT ipt_REJECT ipt_TCPMSS iptable_mangle iptable_filter iptable_nat] ip_conntrack 20168 2 [ipt_REDIRECT ip_conntrack_irc ip_nat_irc ip_conntrack_ftp ip_nat_ftp iptable_nat] dm-mod 44856 0 md5 3212 2 (autoclean) ipv6 188116 -1 ne 6608 1 isa-pnp 30180 0 [ne] 8390 6176 0 [ne] crc32 2880 0 [8390] ext3 75244 3 (autoclean) jbd 39024 3 (autoclean) [ext3] ide-detect 288 0 (autoclean) (unused) piix 8608 2 (autoclean) ide-disk 14048 5 (autoclean) ide-core 103244 5 (autoclean) [ide-detect piix ide-disk] unix 14760 43 (autoclean) + _________________________ /proc/meminfo + cat /proc/meminfo total: used: free: shared: buffers: cached: Mem: 47460352 46395392 1064960 0 2830336 18530304 Swap: 321994752 91217920 230776832 MemTotal: 46348 kB MemFree: 1040 kB MemShared: 0 kB Buffers: 2764 kB Cached: 10836 kB SwapCached: 7260 kB Active: 19416 kB Inactive: 15612 kB HighTotal: 0 kB HighFree: 0 kB LowTotal: 46348 kB LowFree: 1040 kB SwapTotal: 314448 kB SwapFree: 225368 kB + _________________________ /proc/net/ipsec-ls + test -f /proc/net/ipsec_version + _________________________ usr/src/linux/.config + test -f /proc/config.gz ++ uname -r + test -f /lib/modules/2.4.26-1-586tsc/build/.config + echo 'no .config file found, cannot list kernel properties' no .config file found, cannot list kernel properties + _________________________ etc/syslog.conf + cat /etc/syslog.conf # /etc/syslog.conf Configuration file for syslogd. # # For more information see syslog.conf(5) # manpage. # # First some standard logfiles. Log by facility. # auth.info /var/log/auth.info auth,authpriv.* /var/log/auth.log *.*;auth,authpriv.none;*.!=debug;mail.none -/var/log/syslog #cron.* /var/log/cron.log daemon.* -/var/log/daemon.log kern.* -/var/log/kern.log lpr.* -/var/log/lpr.log mail.* -/var/log/mail.log user.* -/var/log/user.log uucp.* /var/log/uucp.log local2.* -/var/log/ppp.log # # Logging for the mail system. Split it up so that # it is easy to write scripts to parse these files. # mail.info -/var/log/mail.info mail.warn -/var/log/mail.warn mail.err /var/log/mail.err # Logging for INN news system # news.crit /var/log/news/news.crit news.err /var/log/news/news.err news.notice -/var/log/news/news.notice # # Some `catch-all' logfiles. # *.=debug;\ auth,authpriv.none;\ news.none;mail.none -/var/log/debug *.=info;*.=notice;*.=warn;\ auth,authpriv.none;\ cron,daemon.none;\ mail,news.none -/var/log/messages # # Emergencies are sent to everybody logged in. # *.emerg * # # I like to have messages displayed on the console, but only on a virtual # console I usually leave idle. # #daemon,mail.*;\ # news.=crit;news.=err;news.=notice;\ # *.=debug;*.=info;\ # *.=notice;*.=warn /dev/tty8 # The named pipe /dev/xconsole is for the `xconsole' utility. To use it, # you must invoke `xconsole' with the `-file' option: # # $ xconsole -file /dev/xconsole [...] # # NOTE: adjust the list below, or you'll go crazy if you have a reasonably # busy site.. # daemon.*;mail.*;\ news.crit;news.err;news.notice;\ *.=debug;*.=info;\ *.=notice;*.=warn |/dev/xconsole + _________________________ etc/resolv.conf + cat /etc/resolv.conf # Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8) # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN nameserver 127.0.0.1 nameserver 10.10.61.104 nameserver 10.10.61.101 search openbox.local darkskies.za.net + _________________________ lib/modules-ls + ls -ltr /lib/modules total 16 drwxr-xr-x 4 root root 4096 Dec 10 2003 2.4.23 drwxr-xr-x 4 root root 4096 Jan 13 2004 2.4.24 drwxr-xr-x 4 root root 4096 Sep 6 2004 2.4.26-1-586tsc drwxr-xr-x 4 root root 4096 May 1 23:07 2.4.27-2-586tsc + _________________________ /proc/ksyms-netif_rx + test -r /proc/ksyms + egrep netif_rx /proc/ksyms c01bc550 netif_rx_Ra6a81add + _________________________ lib/modules-netif_rx + modulegoo kernel/net/ipv4/ipip.o netif_rx + set +x 2.4.23: U netif_rx_R23217066 2.4.24: U netif_rx_R23217066 2.4.26-1-586tsc: U netif_rx_Ra6a81add 2.4.27-2-586tsc: U netif_rx_R6c214f27 + _________________________ kern.debug + test -f /var/log/kern.debug + _________________________ klog + sed -n '1966,$p' /var/log/daemon.log + egrep -i 'ipsec|klips|pluto' + cat May 4 12:49:18 darkflame ipsec_setup: Starting Openswan IPsec 2.3.0... May 4 12:49:18 darkflame ipsec_setup: /sbin/insmod /lib/modules/2.4.26-1-586tsc/kernel/net/key/af_key.o May 4 12:49:18 darkflame ipsec_setup: Using /lib/modules/2.4.26-1-586tsc/kernel/net/key/af_key.o May 4 12:49:18 darkflame ipsec_setup: Symbol version prefix '' May 4 12:49:18 darkflame ipsec_setup: /sbin/insmod -q /lib/modules/2.4.26-1-586tsc/kernel/net/xfrm/xfrm_user.o May 4 12:49:18 darkflame ipsec_setup: Using /lib/modules/2.4.26-1-586tsc/kernel/net/xfrm/xfrm_user.o May 4 12:49:18 darkflame ipsec_setup: Symbol version prefix '' + _________________________ plog + sed -n '645,$p' /var/log/auth.log + egrep -i pluto + cat May 4 12:49:18 darkflame ipsec__plutorun: Starting Pluto subsystem... May 4 12:49:19 darkflame pluto[20723]: Starting Pluto (Openswan Version 2.3.0 X.509-1.5.4 PLUTO_USES_KEYRR) May 4 12:49:20 darkflame pluto[20723]: Setting port floating to on May 4 12:49:20 darkflame pluto[20723]: port floating activate 1/1 May 4 12:49:20 darkflame pluto[20723]: including NAT-Traversal patch (Version 0.6c) May 4 12:49:20 darkflame pluto[20723]: ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0) May 4 12:49:20 darkflame pluto[20723]: starting up 1 cryptographic helpers May 4 12:49:20 darkflame pluto[20723]: started helper pid=20739 (fd:6) May 4 12:49:21 darkflame pluto[20723]: Using Linux 2.6 IPsec interface code May 4 12:49:40 darkflame pluto[20723]: Changing to directory '/etc/ipsec.d/cacerts' May 4 12:49:40 darkflame pluto[20723]: Could not change to directory '/etc/ipsec.d/aacerts' May 4 12:49:40 darkflame pluto[20723]: Changing to directory '/etc/ipsec.d/ocspcerts' May 4 12:49:41 darkflame pluto[20723]: Changing to directory '/etc/ipsec.d/crls' May 4 12:49:41 darkflame pluto[20723]: Warning: empty directory May 4 12:49:41 darkflame pluto[20723]: added connection description "L2TP-PSK-orgWIN2KXP" May 4 12:49:42 darkflame pluto[20723]: listening for IKE messages May 4 12:49:43 darkflame pluto[20723]: adding interface eth0/eth0 10.10.60.98 May 4 12:49:43 darkflame pluto[20723]: adding interface eth0/eth0 10.10.60.98:4500 May 4 12:49:43 darkflame pluto[20723]: adding interface lo/lo 127.0.0.1 May 4 12:49:43 darkflame pluto[20723]: adding interface lo/lo 127.0.0.1:4500 May 4 12:49:43 darkflame pluto[20723]: adding interface eth0/eth0 2001:18b0:1000:1002:200:1aff:fe00:fc14 May 4 12:49:43 darkflame pluto[20723]: adding interface eth0/eth0 2001:18b0:1000:1002::ad5 May 4 12:49:43 darkflame pluto[20723]: adding interface eth0/eth0 2001:18b0:1000:1002::1 May 4 12:49:43 darkflame pluto[20723]: adding interface eth0/eth0 2001:18b0:1000:1002::95:2 May 4 12:49:43 darkflame pluto[20723]: adding interface eth0/eth0 2001:18b0:1000:1002::95:1 May 4 12:49:44 darkflame pluto[20723]: adding interface lo/lo ::1 May 4 12:49:44 darkflame pluto[20723]: loading secrets from "/etc/ipsec.secrets" May 4 12:49:44 darkflame pluto[20723]: loaded private key file '/etc/ipsec.d/private/darkflameKey.pem' (1675 bytes) May 4 13:00:09 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004] May 4 13:00:09 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: ignoring Vendor ID payload [FRAGMENTATION] May 4 13:00:09 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106 May 4 13:00:09 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: ignoring Vendor ID payload [Vid-Initial-Contact] May 4 13:00:11 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[1] cli.cli.cli.cli #1: responding to Main Mode from unknown peer cli.cli.cli.cli May 4 13:00:12 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[1] cli.cli.cli.cli #1: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 May 4 13:00:12 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004] May 4 13:00:12 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: ignoring Vendor ID payload [FRAGMENTATION] May 4 13:00:12 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106 May 4 13:00:13 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: ignoring Vendor ID payload [Vid-Initial-Contact] May 4 13:00:13 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[1] cli.cli.cli.cli #2: responding to Main Mode from unknown peer cli.cli.cli.cli May 4 13:00:13 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[1] cli.cli.cli.cli #2: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 May 4 13:00:13 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004] May 4 13:00:13 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: ignoring Vendor ID payload [FRAGMENTATION] May 4 13:00:13 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106 May 4 13:00:13 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: ignoring Vendor ID payload [Vid-Initial-Contact] May 4 13:00:14 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[1] cli.cli.cli.cli #3: responding to Main Mode from unknown peer cli.cli.cli.cli May 4 13:00:14 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[1] cli.cli.cli.cli #3: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 May 4 13:00:14 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004] May 4 13:00:14 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: ignoring Vendor ID payload [FRAGMENTATION] May 4 13:00:14 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106 May 4 13:00:14 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: ignoring Vendor ID payload [Vid-Initial-Contact] May 4 13:00:14 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[1] cli.cli.cli.cli #4: responding to Main Mode from unknown peer cli.cli.cli.cli May 4 13:00:14 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[1] cli.cli.cli.cli #4: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 May 4 13:00:14 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[1] cli.cli.cli.cli #1: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: i am NATed May 4 13:00:14 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[1] cli.cli.cli.cli #1: discarding packet received during DNS lookup in STATE_MAIN_R1 May 4 13:00:15 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[1] cli.cli.cli.cli #1: discarding packet received during DNS lookup in STATE_MAIN_R1 May 4 13:00:17 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[1] cli.cli.cli.cli #1: WARNING: compute_dh_shared(): for OAKLEY_GROUP_MODP2048 took 635940 usec May 4 13:00:17 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[1] cli.cli.cli.cli #1: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2 May 4 13:00:18 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[1] cli.cli.cli.cli #1: Main mode peer ID is ID_IPV4_ADDR: 'cli.cli.cli.cli' May 4 13:00:18 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[1] cli.cli.cli.cli #1: I did not send a certificate because I do not have one. May 4 13:00:18 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[1] cli.cli.cli.cli #1: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3 May 4 13:00:18 darkflame pluto[20723]: | NAT-T: new mapping cli.cli.cli.cli:500/4500) May 4 13:00:18 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[1] cli.cli.cli.cli:4500 #1: sent MR3, ISAKMP SA established May 4 13:00:18 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[1] cli.cli.cli.cli:4500 #1: retransmitting in response to duplicate packet; already STATE_MAIN_R3 May 4 13:00:19 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[1] cli.cli.cli.cli:4500 #5: responding to Quick Mode May 4 13:00:31 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[1] cli.cli.cli.cli:4500 #5: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1 May 4 13:00:31 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[1] cli.cli.cli.cli:4500 #5: discarding duplicate packet; already STATE_QUICK_R1 May 4 13:00:36 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[1] cli.cli.cli.cli:4500 #5: route-host output: /usr/lib/ipsec/_updown: doroute `ip route add cli.cli.cli.cli/32 via cli.cli.cli.cli dev eth0 ' failed (RTNETLINK answers: Network is unreachable) May 4 13:00:37 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[1] cli.cli.cli.cli:4500 #5: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2 May 4 13:00:38 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[1] cli.cli.cli.cli:4500 #5: IPsec SA established {ESP/NAT=>0x8ef9c54f <0x979df866 NATOA=0.0.0.0} May 4 13:01:06 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[1] cli.cli.cli.cli:4500 #1: received Delete SA payload: deleting ISAKMP State #1 May 4 13:01:06 darkflame pluto[20723]: packet from cli.cli.cli.cli:4500: received and ignored informational message May 4 13:01:06 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[1] cli.cli.cli.cli:4500 #5: next payload type of ISAKMP Hash Payload has an unknown value: 100 May 4 13:01:06 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[1] cli.cli.cli.cli:4500 #5: malformed payload in packet May 4 13:01:06 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[1] cli.cli.cli.cli:4500 #5: sending notification PAYLOAD_MALFORMED to cli.cli.cli.cli:4500 May 4 13:01:31 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[1] cli.cli.cli.cli:4500 #3: max number of retransmissions (2) reached STATE_MAIN_R1 May 4 13:01:31 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[1] cli.cli.cli.cli:4500 #2: max number of retransmissions (2) reached STATE_MAIN_R1 May 4 13:01:31 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[1] cli.cli.cli.cli:4500 #4: max number of retransmissions (2) reached STATE_MAIN_R1 May 4 13:56:08 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[1] cli.cli.cli.cli:4500 #6: initiating Main Mode May 4 13:56:08 darkflame pluto[20723]: | no IKE algorithms for this connection May 4 13:57:18 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[1] cli.cli.cli.cli:4500 #6: max number of retransmissions (2) reached STATE_MAIN_I1. No response (or no acceptable response) to our first IKE message May 4 13:57:18 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[1] cli.cli.cli.cli:4500 #6: starting keying attempt 2 of at most 3 May 4 13:57:18 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[1] cli.cli.cli.cli:4500 #7: initiating Main Mode to replace #6 May 4 13:57:18 darkflame pluto[20723]: | no IKE algorithms for this connection May 4 13:58:28 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[1] cli.cli.cli.cli:4500 #7: max number of retransmissions (2) reached STATE_MAIN_I1. No response (or no acceptable response) to our first IKE message May 4 13:58:28 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[1] cli.cli.cli.cli:4500 #7: starting keying attempt 3 of at most 3 May 4 13:58:28 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[1] cli.cli.cli.cli:4500 #8: initiating Main Mode to replace #7 May 4 13:58:28 darkflame pluto[20723]: | no IKE algorithms for this connection May 4 13:59:38 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[1] cli.cli.cli.cli:4500 #8: max number of retransmissions (2) reached STATE_MAIN_I1. No response (or no acceptable response) to our first IKE message May 4 14:00:38 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[1] cli.cli.cli.cli:4500 #5: IPsec SA expired (LATEST!) May 4 14:00:39 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[1] cli.cli.cli.cli:4500: deleting connection "L2TP-PSK-orgWIN2KXP" instance with peer cli.cli.cli.cli {isakmp=#0/ipsec=#0} May 4 14:00:40 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP": unroute-host output: /usr/lib/ipsec/_updown: doroute `ip route delete cli.cli.cli.cli/32 via cli.cli.cli.cli dev eth0 ' failed (RTNETLINK answers: No such process) May 4 21:43:04 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004] May 4 21:43:04 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: ignoring Vendor ID payload [FRAGMENTATION] May 4 21:43:04 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106 May 4 21:43:04 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: ignoring Vendor ID payload [Vid-Initial-Contact] May 4 21:43:04 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[2] cli.cli.cli.cli #9: responding to Main Mode from unknown peer cli.cli.cli.cli May 4 21:43:04 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[2] cli.cli.cli.cli #9: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 May 4 21:43:04 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004] May 4 21:43:04 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: ignoring Vendor ID payload [FRAGMENTATION] May 4 21:43:04 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106 May 4 21:43:04 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: ignoring Vendor ID payload [Vid-Initial-Contact] May 4 21:43:04 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[2] cli.cli.cli.cli #10: responding to Main Mode from unknown peer cli.cli.cli.cli May 4 21:43:04 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[2] cli.cli.cli.cli #10: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 May 4 21:43:04 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[2] cli.cli.cli.cli #9: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: i am NATed May 4 21:43:05 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[2] cli.cli.cli.cli #9: WARNING: compute_dh_shared(): for OAKLEY_GROUP_MODP2048 took 213628 usec May 4 21:43:05 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[2] cli.cli.cli.cli #9: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2 May 4 21:43:05 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[2] cli.cli.cli.cli #9: Main mode peer ID is ID_IPV4_ADDR: 'cli.cli.cli.cli' May 4 21:43:05 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[2] cli.cli.cli.cli #9: I did not send a certificate because I do not have one. May 4 21:43:05 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[2] cli.cli.cli.cli #9: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3 May 4 21:43:05 darkflame pluto[20723]: | NAT-T: new mapping cli.cli.cli.cli:500/4500) May 4 21:43:05 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[2] cli.cli.cli.cli:4500 #9: sent MR3, ISAKMP SA established May 4 21:43:06 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[2] cli.cli.cli.cli:4500 #11: responding to Quick Mode May 4 21:43:09 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[2] cli.cli.cli.cli:4500 #11: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1 May 4 21:43:09 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[2] cli.cli.cli.cli:4500 #11: discarding duplicate packet; already STATE_QUICK_R1 May 4 21:43:09 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[2] cli.cli.cli.cli:4500 #11: discarding duplicate packet; already STATE_QUICK_R1 May 4 21:43:13 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[2] cli.cli.cli.cli:4500 #11: route-host output: /usr/lib/ipsec/_updown: doroute `ip route add cli.cli.cli.cli/32 via cli.cli.cli.cli dev eth0 ' failed (RTNETLINK answers: Network is unreachable) May 4 21:43:13 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[2] cli.cli.cli.cli:4500 #11: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2 May 4 21:43:13 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[2] cli.cli.cli.cli:4500 #11: IPsec SA established {ESP/NAT=>0xc97744d5 <0x6c3627bc NATOA=0.0.0.0} May 4 21:43:44 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[2] cli.cli.cli.cli:4500 #9: received Delete SA payload: deleting ISAKMP State #9 May 4 21:43:44 darkflame pluto[20723]: packet from cli.cli.cli.cli:4500: received and ignored informational message May 4 21:43:44 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[2] cli.cli.cli.cli:4500 #11: next payload type of ISAKMP Hash Payload has an unknown value: 132 May 4 21:43:44 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[2] cli.cli.cli.cli:4500 #11: malformed payload in packet May 4 21:43:44 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[2] cli.cli.cli.cli:4500 #11: sending notification PAYLOAD_MALFORMED to cli.cli.cli.cli:4500 May 4 21:44:14 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[2] cli.cli.cli.cli:4500 #10: max number of retransmissions (2) reached STATE_MAIN_R1 May 4 21:44:23 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004] May 4 21:44:23 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: ignoring Vendor ID payload [FRAGMENTATION] May 4 21:44:23 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106 May 4 21:44:23 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: ignoring Vendor ID payload [Vid-Initial-Contact] May 4 21:44:23 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[3] cli.cli.cli.cli #12: responding to Main Mode from unknown peer cli.cli.cli.cli May 4 21:44:23 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[3] cli.cli.cli.cli #12: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 May 4 21:44:23 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[3] cli.cli.cli.cli #12: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: i am NATed May 4 21:44:24 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[3] cli.cli.cli.cli #12: WARNING: compute_dh_shared(): for OAKLEY_GROUP_MODP2048 took 221156 usec May 4 21:44:24 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[3] cli.cli.cli.cli #12: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2 May 4 21:44:24 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[3] cli.cli.cli.cli #12: Main mode peer ID is ID_IPV4_ADDR: 'cli.cli.cli.cli' May 4 21:44:24 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[3] cli.cli.cli.cli #12: I did not send a certificate because I do not have one. May 4 21:44:24 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[3] cli.cli.cli.cli #12: deleting connection "L2TP-PSK-orgWIN2KXP" instance with peer cli.cli.cli.cli {isakmp=#0/ipsec=#11} May 4 21:44:24 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP" #11: deleting state (STATE_QUICK_R2) May 4 21:44:25 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[3] cli.cli.cli.cli #12: unroute-host output: /usr/lib/ipsec/_updown: doroute `ip route delete cli.cli.cli.cli/32 via cli.cli.cli.cli dev eth0 ' failed (RTNETLINK answers: No such process) May 4 21:44:26 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[3] cli.cli.cli.cli #12: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3 May 4 21:44:26 darkflame pluto[20723]: | NAT-T: new mapping cli.cli.cli.cli:500/4500) May 4 21:44:26 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[3] cli.cli.cli.cli:4500 #12: sent MR3, ISAKMP SA established May 4 21:44:26 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[3] cli.cli.cli.cli:4500 #12: retransmitting in response to duplicate packet; already STATE_MAIN_R3 May 4 21:44:26 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[3] cli.cli.cli.cli:4500 #13: responding to Quick Mode May 4 21:44:29 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[3] cli.cli.cli.cli:4500 #13: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1 May 4 21:44:29 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[3] cli.cli.cli.cli:4500 #13: discarding duplicate packet; already STATE_QUICK_R1 May 4 21:44:32 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[3] cli.cli.cli.cli:4500 #13: route-host output: /usr/lib/ipsec/_updown: doroute `ip route add cli.cli.cli.cli/32 via cli.cli.cli.cli dev eth0 ' failed (RTNETLINK answers: Network is unreachable) May 4 21:44:33 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[3] cli.cli.cli.cli:4500 #13: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2 May 4 21:44:33 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[3] cli.cli.cli.cli:4500 #13: IPsec SA established {ESP/NAT=>0xb253de56 <0x3b5ae6d2 NATOA=0.0.0.0} May 4 21:45:04 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[3] cli.cli.cli.cli:4500 #12: received Delete SA(0xb253de56) payload: deleting IPSEC State #13 May 4 21:45:04 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[3] cli.cli.cli.cli:4500 #12: received and ignored informational message May 4 21:45:05 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[3] cli.cli.cli.cli:4500 #12: received Delete SA payload: deleting ISAKMP State #12 May 4 21:45:05 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[3] cli.cli.cli.cli:4500: deleting connection "L2TP-PSK-orgWIN2KXP" instance with peer cli.cli.cli.cli {isakmp=#0/ipsec=#0} May 4 21:45:05 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP": unroute-host output: /usr/lib/ipsec/_updown: doroute `ip route delete cli.cli.cli.cli/32 via cli.cli.cli.cli dev eth0 ' failed (RTNETLINK answers: No such process) May 4 21:45:05 darkflame pluto[20723]: packet from cli.cli.cli.cli:4500: received and ignored informational message May 4 23:35:42 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004] May 4 23:35:42 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: ignoring Vendor ID payload [FRAGMENTATION] May 4 23:35:42 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106 May 4 23:35:42 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: ignoring Vendor ID payload [Vid-Initial-Contact] May 4 23:35:42 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[4] cli.cli.cli.cli #14: responding to Main Mode from unknown peer cli.cli.cli.cli May 4 23:35:42 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[4] cli.cli.cli.cli #14: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 May 4 23:35:42 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004] May 4 23:35:42 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: ignoring Vendor ID payload [FRAGMENTATION] May 4 23:35:42 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106 May 4 23:35:42 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: ignoring Vendor ID payload [Vid-Initial-Contact] May 4 23:35:42 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[4] cli.cli.cli.cli #15: responding to Main Mode from unknown peer cli.cli.cli.cli May 4 23:35:42 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[4] cli.cli.cli.cli #15: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 May 4 23:35:42 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[4] cli.cli.cli.cli #14: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: i am NATed May 4 23:35:43 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[4] cli.cli.cli.cli #14: discarding packet received during DNS lookup in STATE_MAIN_R1 May 4 23:35:44 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[4] cli.cli.cli.cli #14: WARNING: compute_dh_shared(): for OAKLEY_GROUP_MODP2048 took 220718 usec May 4 23:35:44 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[4] cli.cli.cli.cli #14: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2 May 4 23:35:44 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[4] cli.cli.cli.cli #14: Main mode peer ID is ID_IPV4_ADDR: 'cli.cli.cli.cli' May 4 23:35:44 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[4] cli.cli.cli.cli #14: I did not send a certificate because I do not have one. May 4 23:35:44 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[4] cli.cli.cli.cli #14: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3 May 4 23:35:44 darkflame pluto[20723]: | NAT-T: new mapping cli.cli.cli.cli:500/4500) May 4 23:35:44 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[4] cli.cli.cli.cli:4500 #14: sent MR3, ISAKMP SA established May 4 23:35:44 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[4] cli.cli.cli.cli:4500 #16: responding to Quick Mode May 4 23:35:48 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[4] cli.cli.cli.cli:4500 #16: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1 May 4 23:35:48 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[4] cli.cli.cli.cli:4500 #16: discarding duplicate packet; already STATE_QUICK_R1 May 4 23:35:48 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[4] cli.cli.cli.cli:4500 #16: discarding duplicate packet; already STATE_QUICK_R1 May 4 23:35:51 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[4] cli.cli.cli.cli:4500 #16: route-host output: /usr/lib/ipsec/_updown: doroute `ip route add cli.cli.cli.cli/32 via cli.cli.cli.cli dev eth0 ' failed (RTNETLINK answers: Network is unreachable) May 4 23:35:51 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[4] cli.cli.cli.cli:4500 #16: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2 May 4 23:35:51 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[4] cli.cli.cli.cli:4500 #16: IPsec SA established {ESP/NAT=>0xf9c74a99 <0x0459447c NATOA=0.0.0.0} May 4 23:35:51 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[4] cli.cli.cli.cli:4500 #14: received Delete SA(0xf9c74a99) payload: deleting IPSEC State #16 May 4 23:35:51 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[4] cli.cli.cli.cli:4500 #14: received and ignored informational message May 4 23:35:52 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[4] cli.cli.cli.cli:4500 #14: received Delete SA payload: deleting ISAKMP State #14 May 4 23:35:52 darkflame pluto[20723]: packet from cli.cli.cli.cli:4500: received and ignored informational message May 4 23:35:52 darkflame pluto[20723]: ERROR: netlink XFRM_MSG_DELPOLICY response for flow int.0@0.0.0.0 included errno 2: No such file or directory May 4 23:36:52 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[4] cli.cli.cli.cli:4500 #15: max number of retransmissions (2) reached STATE_MAIN_R1 May 4 23:36:52 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[4] cli.cli.cli.cli:4500: deleting connection "L2TP-PSK-orgWIN2KXP" instance with peer cli.cli.cli.cli {isakmp=#0/ipsec=#0} May 4 23:36:53 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP": unroute-host output: /usr/lib/ipsec/_updown: doroute `ip route delete cli.cli.cli.cli/32 via cli.cli.cli.cli dev eth0 ' failed (RTNETLINK answers: No such process) May 4 23:42:36 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004] May 4 23:42:36 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: ignoring Vendor ID payload [FRAGMENTATION] May 4 23:42:36 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106 May 4 23:42:36 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: ignoring Vendor ID payload [Vid-Initial-Contact] May 4 23:42:36 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[5] cli.cli.cli.cli #17: responding to Main Mode from unknown peer cli.cli.cli.cli May 4 23:42:36 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[5] cli.cli.cli.cli #17: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 May 4 23:42:36 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004] May 4 23:42:36 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: ignoring Vendor ID payload [FRAGMENTATION] May 4 23:42:36 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106 May 4 23:42:36 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: ignoring Vendor ID payload [Vid-Initial-Contact] May 4 23:42:37 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[5] cli.cli.cli.cli #18: responding to Main Mode from unknown peer cli.cli.cli.cli May 4 23:42:37 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[5] cli.cli.cli.cli #18: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 May 4 23:42:37 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[5] cli.cli.cli.cli #17: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: i am NATed May 4 23:42:37 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[5] cli.cli.cli.cli #17: WARNING: compute_dh_shared(): for OAKLEY_GROUP_MODP2048 took 224140 usec May 4 23:42:37 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[5] cli.cli.cli.cli #17: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2 May 4 23:42:38 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[5] cli.cli.cli.cli #17: Main mode peer ID is ID_IPV4_ADDR: 'cli.cli.cli.cli' May 4 23:42:38 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[5] cli.cli.cli.cli #17: I did not send a certificate because I do not have one. May 4 23:42:38 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[5] cli.cli.cli.cli #17: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3 May 4 23:42:38 darkflame pluto[20723]: | NAT-T: new mapping cli.cli.cli.cli:500/4500) May 4 23:42:38 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[5] cli.cli.cli.cli:4500 #17: sent MR3, ISAKMP SA established May 4 23:42:38 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[5] cli.cli.cli.cli:4500 #19: responding to Quick Mode May 4 23:42:41 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[5] cli.cli.cli.cli:4500 #19: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1 May 4 23:42:41 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[5] cli.cli.cli.cli:4500 #19: discarding duplicate packet; already STATE_QUICK_R1 May 4 23:42:41 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[5] cli.cli.cli.cli:4500 #19: discarding duplicate packet; already STATE_QUICK_R1 May 4 23:42:44 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[5] cli.cli.cli.cli:4500 #19: route-host output: /usr/lib/ipsec/_updown: doroute `ip route add cli.cli.cli.cli/32 via cli.cli.cli.cli dev eth0 ' failed (RTNETLINK answers: Network is unreachable) May 4 23:42:44 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[5] cli.cli.cli.cli:4500 #19: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2 May 4 23:42:44 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[5] cli.cli.cli.cli:4500 #19: IPsec SA established {ESP/NAT=>0x60274b6d <0x6c4592c1 NATOA=0.0.0.0} May 4 23:43:16 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[5] cli.cli.cli.cli:4500 #17: received Delete SA(0x60274b6d) payload: deleting IPSEC State #19 May 4 23:43:17 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[5] cli.cli.cli.cli:4500 #17: received and ignored informational message May 4 23:43:17 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[5] cli.cli.cli.cli:4500 #17: received Delete SA payload: deleting ISAKMP State #17 May 4 23:43:17 darkflame pluto[20723]: packet from cli.cli.cli.cli:4500: received and ignored informational message May 4 23:43:46 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[5] cli.cli.cli.cli:4500 #18: max number of retransmissions (2) reached STATE_MAIN_R1 May 4 23:43:46 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[5] cli.cli.cli.cli:4500: deleting connection "L2TP-PSK-orgWIN2KXP" instance with peer cli.cli.cli.cli {isakmp=#0/ipsec=#0} May 4 23:43:46 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP": unroute-host output: /usr/lib/ipsec/_updown: doroute `ip route delete cli.cli.cli.cli/32 via cli.cli.cli.cli dev eth0 ' failed (RTNETLINK answers: No such process) May 4 23:44:02 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004] May 4 23:44:02 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: ignoring Vendor ID payload [FRAGMENTATION] May 4 23:44:02 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106 May 4 23:44:02 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: ignoring Vendor ID payload [Vid-Initial-Contact] May 4 23:44:02 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[6] cli.cli.cli.cli #20: responding to Main Mode from unknown peer cli.cli.cli.cli May 4 23:44:03 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[6] cli.cli.cli.cli #20: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 May 4 23:44:03 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[6] cli.cli.cli.cli #20: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: i am NATed May 4 23:44:04 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[6] cli.cli.cli.cli #20: WARNING: compute_dh_shared(): for OAKLEY_GROUP_MODP2048 took 337972 usec May 4 23:44:04 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[6] cli.cli.cli.cli #20: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2 May 4 23:44:04 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[6] cli.cli.cli.cli #20: Main mode peer ID is ID_IPV4_ADDR: 'cli.cli.cli.cli' May 4 23:44:04 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[6] cli.cli.cli.cli #20: I did not send a certificate because I do not have one. May 4 23:44:04 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[6] cli.cli.cli.cli #20: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3 May 4 23:44:04 darkflame pluto[20723]: | NAT-T: new mapping cli.cli.cli.cli:500/4500) May 4 23:44:04 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[6] cli.cli.cli.cli:4500 #20: sent MR3, ISAKMP SA established May 4 23:44:04 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[6] cli.cli.cli.cli:4500 #20: retransmitting in response to duplicate packet; already STATE_MAIN_R3 May 4 23:44:04 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[6] cli.cli.cli.cli:4500 #21: responding to Quick Mode May 4 23:44:06 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[6] cli.cli.cli.cli:4500 #21: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1 May 4 23:44:06 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[6] cli.cli.cli.cli:4500 #21: discarding duplicate packet; already STATE_QUICK_R1 May 4 23:44:10 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[6] cli.cli.cli.cli:4500 #21: route-host output: /usr/lib/ipsec/_updown: doroute `ip route add cli.cli.cli.cli/32 via cli.cli.cli.cli dev eth0 ' failed (RTNETLINK answers: Network is unreachable) May 4 23:44:10 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[6] cli.cli.cli.cli:4500 #21: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2 May 4 23:44:10 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[6] cli.cli.cli.cli:4500 #21: IPsec SA established {ESP/NAT=>0xfa290451 <0xd249bb39 NATOA=0.0.0.0} May 4 23:44:11 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[6] cli.cli.cli.cli:4500 #20: received Delete SA(0xfa290451) payload: deleting IPSEC State #21 May 4 23:44:11 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[6] cli.cli.cli.cli:4500 #20: received and ignored informational message May 4 23:44:11 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[6] cli.cli.cli.cli:4500 #20: received Delete SA payload: deleting ISAKMP State #20 May 4 23:44:12 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[6] cli.cli.cli.cli:4500: deleting connection "L2TP-PSK-orgWIN2KXP" instance with peer cli.cli.cli.cli {isakmp=#0/ipsec=#0} May 4 23:44:12 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP": unroute-host output: /usr/lib/ipsec/_updown: doroute `ip route delete cli.cli.cli.cli/32 via cli.cli.cli.cli dev eth0 ' failed (RTNETLINK answers: No such process) May 4 23:44:12 darkflame pluto[20723]: packet from cli.cli.cli.cli:4500: received and ignored informational message May 4 23:47:26 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004] May 4 23:47:26 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: ignoring Vendor ID payload [FRAGMENTATION] May 4 23:47:26 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106 May 4 23:47:26 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: ignoring Vendor ID payload [Vid-Initial-Contact] May 4 23:47:26 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[7] cli.cli.cli.cli #22: responding to Main Mode from unknown peer cli.cli.cli.cli May 4 23:47:26 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[7] cli.cli.cli.cli #22: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 May 4 23:47:26 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004] May 4 23:47:26 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: ignoring Vendor ID payload [FRAGMENTATION] May 4 23:47:26 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106 May 4 23:47:26 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: ignoring Vendor ID payload [Vid-Initial-Contact] May 4 23:47:26 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[7] cli.cli.cli.cli #23: responding to Main Mode from unknown peer cli.cli.cli.cli May 4 23:47:26 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[7] cli.cli.cli.cli #23: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 May 4 23:47:26 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[7] cli.cli.cli.cli #22: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: i am NATed May 4 23:47:27 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[7] cli.cli.cli.cli #22: WARNING: compute_dh_shared(): for OAKLEY_GROUP_MODP2048 took 206224 usec May 4 23:47:27 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[7] cli.cli.cli.cli #22: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2 May 4 23:47:27 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[7] cli.cli.cli.cli #22: discarding duplicate packet; already STATE_MAIN_R2 May 4 23:47:27 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[7] cli.cli.cli.cli #22: Main mode peer ID is ID_IPV4_ADDR: 'cli.cli.cli.cli' May 4 23:47:27 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[7] cli.cli.cli.cli #22: I did not send a certificate because I do not have one. May 4 23:47:27 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[7] cli.cli.cli.cli #22: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3 May 4 23:47:27 darkflame pluto[20723]: | NAT-T: new mapping cli.cli.cli.cli:500/4500) May 4 23:47:28 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[7] cli.cli.cli.cli:4500 #22: sent MR3, ISAKMP SA established May 4 23:47:28 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[7] cli.cli.cli.cli:4500 #24: responding to Quick Mode May 4 23:47:30 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[7] cli.cli.cli.cli:4500 #24: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1 May 4 23:47:30 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[7] cli.cli.cli.cli:4500 #24: discarding duplicate packet; already STATE_QUICK_R1 May 4 23:47:30 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[7] cli.cli.cli.cli:4500 #24: discarding duplicate packet; already STATE_QUICK_R1 May 4 23:47:34 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[7] cli.cli.cli.cli:4500 #24: route-host output: /usr/lib/ipsec/_updown: doroute `ip route add cli.cli.cli.cli/32 via cli.cli.cli.cli dev eth0 ' failed (RTNETLINK answers: Network is unreachable) May 4 23:47:34 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[7] cli.cli.cli.cli:4500 #24: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2 May 4 23:47:34 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[7] cli.cli.cli.cli:4500 #24: IPsec SA established {ESP/NAT=>0xf60b9afd <0xe84b7216 NATOA=0.0.0.0} May 4 23:47:35 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[7] cli.cli.cli.cli:4500 #22: received Delete SA(0xf60b9afd) payload: deleting IPSEC State #24 May 4 23:47:36 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[7] cli.cli.cli.cli:4500 #22: received and ignored informational message May 4 23:47:36 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[7] cli.cli.cli.cli:4500 #22: received Delete SA payload: deleting ISAKMP State #22 May 4 23:47:36 darkflame pluto[20723]: packet from cli.cli.cli.cli:4500: received and ignored informational message May 4 23:48:36 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[7] cli.cli.cli.cli:4500 #23: max number of retransmissions (2) reached STATE_MAIN_R1 May 4 23:48:36 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[7] cli.cli.cli.cli:4500: deleting connection "L2TP-PSK-orgWIN2KXP" instance with peer cli.cli.cli.cli {isakmp=#0/ipsec=#0} May 4 23:48:36 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP": unroute-host output: /usr/lib/ipsec/_updown: doroute `ip route delete cli.cli.cli.cli/32 via cli.cli.cli.cli dev eth0 ' failed (RTNETLINK answers: No such process) May 4 23:49:20 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004] May 4 23:49:20 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: ignoring Vendor ID payload [FRAGMENTATION] May 4 23:49:20 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106 May 4 23:49:20 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: ignoring Vendor ID payload [Vid-Initial-Contact] May 4 23:49:20 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[8] cli.cli.cli.cli #25: responding to Main Mode from unknown peer cli.cli.cli.cli May 4 23:49:20 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[8] cli.cli.cli.cli #25: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 May 4 23:49:20 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[8] cli.cli.cli.cli #25: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: i am NATed May 4 23:49:21 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[8] cli.cli.cli.cli #25: WARNING: compute_dh_shared(): for OAKLEY_GROUP_MODP2048 took 204845 usec May 4 23:49:21 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[8] cli.cli.cli.cli #25: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2 May 4 23:49:21 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[8] cli.cli.cli.cli #25: Main mode peer ID is ID_IPV4_ADDR: 'cli.cli.cli.cli' May 4 23:49:21 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[8] cli.cli.cli.cli #25: I did not send a certificate because I do not have one. May 4 23:49:21 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[8] cli.cli.cli.cli #25: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3 May 4 23:49:21 darkflame pluto[20723]: | NAT-T: new mapping cli.cli.cli.cli:500/4500) May 4 23:49:21 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[8] cli.cli.cli.cli:4500 #25: sent MR3, ISAKMP SA established May 4 23:49:21 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[8] cli.cli.cli.cli:4500 #26: responding to Quick Mode May 4 23:49:25 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[8] cli.cli.cli.cli:4500 #26: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1 May 4 23:49:25 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[8] cli.cli.cli.cli:4500 #26: discarding duplicate packet; already STATE_QUICK_R1 May 4 23:49:25 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[8] cli.cli.cli.cli:4500 #26: discarding duplicate packet; already STATE_QUICK_R1 May 4 23:49:29 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[8] cli.cli.cli.cli:4500 #26: route-host output: /usr/lib/ipsec/_updown: doroute `ip route add cli.cli.cli.cli/32 via cli.cli.cli.cli dev eth0 ' failed (RTNETLINK answers: Network is unreachable) May 4 23:49:29 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[8] cli.cli.cli.cli:4500 #26: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2 May 4 23:49:29 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[8] cli.cli.cli.cli:4500 #26: IPsec SA established {ESP/NAT=>0xc278fd56 <0xf1fad85f NATOA=0.0.0.0} May 4 23:49:31 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[8] cli.cli.cli.cli:4500 #25: received Delete SA(0xc278fd56) payload: deleting IPSEC State #26 May 4 23:49:32 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[8] cli.cli.cli.cli:4500 #25: received and ignored informational message May 4 23:49:32 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[8] cli.cli.cli.cli:4500 #25: received Delete SA payload: deleting ISAKMP State #25 May 4 23:49:32 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[8] cli.cli.cli.cli:4500: deleting connection "L2TP-PSK-orgWIN2KXP" instance with peer cli.cli.cli.cli {isakmp=#0/ipsec=#0} May 4 23:49:32 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP": unroute-host output: /usr/lib/ipsec/_updown: doroute `ip route delete cli.cli.cli.cli/32 via cli.cli.cli.cli dev eth0 ' failed (RTNETLINK answers: No such process) May 4 23:49:32 darkflame pluto[20723]: packet from cli.cli.cli.cli:4500: received and ignored informational message May 4 23:52:29 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004] May 4 23:52:29 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: ignoring Vendor ID payload [FRAGMENTATION] May 4 23:52:29 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106 May 4 23:52:29 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: ignoring Vendor ID payload [Vid-Initial-Contact] May 4 23:52:29 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[9] cli.cli.cli.cli #27: responding to Main Mode from unknown peer cli.cli.cli.cli May 4 23:52:29 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[9] cli.cli.cli.cli #27: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 May 4 23:52:29 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[9] cli.cli.cli.cli #27: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: i am NATed May 4 23:52:30 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[9] cli.cli.cli.cli #27: WARNING: compute_dh_shared(): for OAKLEY_GROUP_MODP2048 took 285355 usec May 4 23:52:30 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[9] cli.cli.cli.cli #27: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2 May 4 23:52:30 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[9] cli.cli.cli.cli #27: discarding duplicate packet; already STATE_MAIN_R2 May 4 23:52:31 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[9] cli.cli.cli.cli #27: Main mode peer ID is ID_IPV4_ADDR: 'cli.cli.cli.cli' May 4 23:52:31 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[9] cli.cli.cli.cli #27: I did not send a certificate because I do not have one. May 4 23:52:31 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[9] cli.cli.cli.cli #27: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3 May 4 23:52:31 darkflame pluto[20723]: | NAT-T: new mapping cli.cli.cli.cli:500/4500) May 4 23:52:31 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[9] cli.cli.cli.cli:4500 #27: sent MR3, ISAKMP SA established May 4 23:52:31 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[9] cli.cli.cli.cli:4500 #28: responding to Quick Mode May 4 23:52:32 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[9] cli.cli.cli.cli:4500 #28: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1 May 4 23:52:32 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[9] cli.cli.cli.cli:4500 #28: discarding duplicate packet; already STATE_QUICK_R1 May 4 23:52:36 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[9] cli.cli.cli.cli:4500 #28: route-host output: /usr/lib/ipsec/_updown: doroute `ip route add cli.cli.cli.cli/32 via cli.cli.cli.cli dev eth0 ' failed (RTNETLINK answers: Network is unreachable) May 4 23:52:36 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[9] cli.cli.cli.cli:4500 #28: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2 May 4 23:52:36 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[9] cli.cli.cli.cli:4500 #28: IPsec SA established {ESP/NAT=>0x5cd0ff4a <0xeea70d2c NATOA=0.0.0.0} May 5 00:00:33 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[9] cli.cli.cli.cli:4500 #27: received Delete SA(0x5cd0ff4a) payload: deleting IPSEC State #28 May 5 00:00:33 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[9] cli.cli.cli.cli:4500 #27: received and ignored informational message May 5 00:00:33 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[9] cli.cli.cli.cli:4500 #27: received Delete SA payload: deleting ISAKMP State #27 May 5 00:00:34 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[9] cli.cli.cli.cli:4500: deleting connection "L2TP-PSK-orgWIN2KXP" instance with peer cli.cli.cli.cli {isakmp=#0/ipsec=#0} May 5 00:00:34 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP": unroute-host output: /usr/lib/ipsec/_updown: doroute `ip route delete cli.cli.cli.cli/32 via cli.cli.cli.cli dev eth0 ' failed (RTNETLINK answers: No such process) May 5 00:00:34 darkflame pluto[20723]: packet from cli.cli.cli.cli:4500: received and ignored informational message May 5 00:01:12 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004] May 5 00:01:12 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: ignoring Vendor ID payload [FRAGMENTATION] May 5 00:01:12 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106 May 5 00:01:12 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: ignoring Vendor ID payload [Vid-Initial-Contact] May 5 00:01:12 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[10] cli.cli.cli.cli #29: responding to Main Mode from unknown peer cli.cli.cli.cli May 5 00:01:12 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[10] cli.cli.cli.cli #29: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 May 5 00:01:12 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004] May 5 00:01:12 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: ignoring Vendor ID payload [FRAGMENTATION] May 5 00:01:12 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106 May 5 00:01:12 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: ignoring Vendor ID payload [Vid-Initial-Contact] May 5 00:01:12 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[10] cli.cli.cli.cli #30: responding to Main Mode from unknown peer cli.cli.cli.cli May 5 00:01:12 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[10] cli.cli.cli.cli #30: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 May 5 00:01:12 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[10] cli.cli.cli.cli #29: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: i am NATed May 5 00:01:13 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[10] cli.cli.cli.cli #29: discarding packet received during DNS lookup in STATE_MAIN_R1 May 5 00:01:14 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[10] cli.cli.cli.cli #29: WARNING: compute_dh_shared(): for OAKLEY_GROUP_MODP2048 took 204238 usec May 5 00:01:14 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[10] cli.cli.cli.cli #29: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2 May 5 00:01:14 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[10] cli.cli.cli.cli #29: Main mode peer ID is ID_IPV4_ADDR: 'cli.cli.cli.cli' May 5 00:01:14 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[10] cli.cli.cli.cli #29: I did not send a certificate because I do not have one. May 5 00:01:14 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[10] cli.cli.cli.cli #29: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3 May 5 00:01:14 darkflame pluto[20723]: | NAT-T: new mapping cli.cli.cli.cli:500/4500) May 5 00:01:14 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[10] cli.cli.cli.cli:4500 #29: sent MR3, ISAKMP SA established May 5 00:01:14 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[10] cli.cli.cli.cli:4500 #31: responding to Quick Mode May 5 00:01:17 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[10] cli.cli.cli.cli:4500 #31: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1 May 5 00:01:17 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[10] cli.cli.cli.cli:4500 #31: discarding duplicate packet; already STATE_QUICK_R1 May 5 00:01:17 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[10] cli.cli.cli.cli:4500 #31: discarding duplicate packet; already STATE_QUICK_R1 May 5 00:01:20 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[10] cli.cli.cli.cli:4500 #31: route-host output: /usr/lib/ipsec/_updown: doroute `ip route add cli.cli.cli.cli/32 via cli.cli.cli.cli dev eth0 ' failed (RTNETLINK answers: Network is unreachable) May 5 00:01:21 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[10] cli.cli.cli.cli:4500 #31: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2 May 5 00:01:21 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[10] cli.cli.cli.cli:4500 #31: IPsec SA established {ESP/NAT=>0x3ee95edf <0x8174dcdf NATOA=0.0.0.0} May 5 00:02:15 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[10] cli.cli.cli.cli:4500 #29: received Delete SA(0x3ee95edf) payload: deleting IPSEC State #31 May 5 00:02:16 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[10] cli.cli.cli.cli:4500 #29: received and ignored informational message May 5 00:02:16 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[10] cli.cli.cli.cli:4500 #29: received Delete SA payload: deleting ISAKMP State #29 May 5 00:02:16 darkflame pluto[20723]: packet from cli.cli.cli.cli:4500: received and ignored informational message May 5 00:02:22 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[10] cli.cli.cli.cli:4500 #30: max number of retransmissions (2) reached STATE_MAIN_R1 May 5 00:02:22 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[10] cli.cli.cli.cli:4500: deleting connection "L2TP-PSK-orgWIN2KXP" instance with peer cli.cli.cli.cli {isakmp=#0/ipsec=#0} May 5 00:02:22 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP": unroute-host output: /usr/lib/ipsec/_updown: doroute `ip route delete cli.cli.cli.cli/32 via cli.cli.cli.cli dev eth0 ' failed (RTNETLINK answers: No such process) May 5 00:02:48 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004] May 5 00:02:48 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: ignoring Vendor ID payload [FRAGMENTATION] May 5 00:02:48 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106 May 5 00:02:48 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: ignoring Vendor ID payload [Vid-Initial-Contact] May 5 00:02:48 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[11] cli.cli.cli.cli #32: responding to Main Mode from unknown peer cli.cli.cli.cli May 5 00:02:48 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[11] cli.cli.cli.cli #32: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 May 5 00:02:48 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[11] cli.cli.cli.cli #32: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: i am NATed May 5 00:02:49 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[11] cli.cli.cli.cli #32: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2 May 5 00:02:49 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[11] cli.cli.cli.cli #32: Main mode peer ID is ID_IPV4_ADDR: 'cli.cli.cli.cli' May 5 00:02:49 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[11] cli.cli.cli.cli #32: I did not send a certificate because I do not have one. May 5 00:02:49 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[11] cli.cli.cli.cli #32: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3 May 5 00:02:49 darkflame pluto[20723]: | NAT-T: new mapping cli.cli.cli.cli:500/4500) May 5 00:02:49 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[11] cli.cli.cli.cli:4500 #32: sent MR3, ISAKMP SA established May 5 00:02:49 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[11] cli.cli.cli.cli:4500 #33: responding to Quick Mode May 5 00:02:50 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[11] cli.cli.cli.cli:4500 #33: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1 May 5 00:02:50 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[11] cli.cli.cli.cli:4500 #33: discarding duplicate packet; already STATE_QUICK_R1 May 5 00:02:54 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[11] cli.cli.cli.cli:4500 #33: route-host output: /usr/lib/ipsec/_updown: doroute `ip route add cli.cli.cli.cli/32 via cli.cli.cli.cli dev eth0 ' failed (RTNETLINK answers: Network is unreachable) May 5 00:02:54 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[11] cli.cli.cli.cli:4500 #33: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2 May 5 00:02:54 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[11] cli.cli.cli.cli:4500 #33: IPsec SA established {ESP/NAT=>0x60db16ef <0xa05c801f NATOA=0.0.0.0} May 5 00:58:19 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[11] cli.cli.cli.cli:4500 #34: initiating Main Mode to replace #32 May 5 00:58:19 darkflame pluto[20723]: | no IKE algorithms for this connection May 5 00:58:20 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[11] cli.cli.cli.cli:4500 #34: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004] May 5 00:58:20 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[11] cli.cli.cli.cli:4500 #34: ignoring Vendor ID payload [FRAGMENTATION] May 5 00:58:20 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[11] cli.cli.cli.cli:4500 #34: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106 May 5 00:58:20 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[11] cli.cli.cli.cli:4500 #34: enabling possible NAT-traversal with method RFC XXXX (NAT-Traversal) May 5 00:58:20 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[11] cli.cli.cli.cli:4500 #34: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2 May 5 00:58:20 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[11] cli.cli.cli.cli:4500 #34: I did not send a certificate because I do not have one. May 5 00:58:20 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[11] cli.cli.cli.cli:4500 #34: NAT-Traversal: Only 0 NAT-D - Aborting NAT-Traversal negociation May 5 00:58:20 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[11] cli.cli.cli.cli:4500 #34: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3 May 5 00:58:20 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[11] cli.cli.cli.cli:4500 #34: Main mode peer ID is ID_IPV4_ADDR: 'cli.cli.cli.cli' May 5 00:58:20 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[11] cli.cli.cli.cli:4500 #34: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4 May 5 00:58:21 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[11] cli.cli.cli.cli:4500 #34: ISAKMP SA established May 5 00:58:21 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[11] cli.cli.cli.cli:4500 #34: discarding duplicate packet; already STATE_MAIN_I4 May 5 00:58:23 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[11] cli.cli.cli.cli:4500 #34: discarding duplicate packet; already STATE_MAIN_I4 May 5 00:58:24 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[11] cli.cli.cli.cli:4500 #35: initiating Quick Mode PSK+ENCRYPT+TUNNEL to replace #33 {using isakmp#34} May 5 00:58:25 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[11] cli.cli.cli.cli:4500 #34: ignoring informational payload, type INVALID_ID_INFORMATION May 5 00:58:25 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[11] cli.cli.cli.cli:4500 #34: received and ignored informational message May 5 00:59:34 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[11] cli.cli.cli.cli:4500 #35: max number of retransmissions (2) reached STATE_QUICK_I1 May 5 00:59:35 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[11] cli.cli.cli.cli:4500 #35: starting keying attempt 2 of at most 3 May 5 00:59:35 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[11] cli.cli.cli.cli:4500 #36: initiating Quick Mode PSK+ENCRYPT+TUNNEL to replace #35 {using isakmp#34} May 5 00:59:35 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[11] cli.cli.cli.cli:4500 #34: ignoring informational payload, type INVALID_ID_INFORMATION May 5 00:59:35 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[11] cli.cli.cli.cli:4500 #34: received and ignored informational message May 5 01:00:45 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[11] cli.cli.cli.cli:4500 #36: max number of retransmissions (2) reached STATE_QUICK_I1 May 5 01:00:45 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[11] cli.cli.cli.cli:4500 #36: starting keying attempt 3 of at most 3 May 5 01:00:45 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[11] cli.cli.cli.cli:4500 #37: initiating Quick Mode PSK+ENCRYPT+TUNNEL to replace #36 {using isakmp#34} May 5 01:00:45 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[11] cli.cli.cli.cli:4500 #34: ignoring informational payload, type INVALID_ID_INFORMATION May 5 01:00:45 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[11] cli.cli.cli.cli:4500 #34: received and ignored informational message May 5 01:01:55 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[11] cli.cli.cli.cli:4500 #37: max number of retransmissions (2) reached STATE_QUICK_I1 May 5 01:02:26 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[11] cli.cli.cli.cli:4500 #34: cannot respond to IPsec SA request because no connection is known for ext.ext.ext.ext/32===10.10.60.98:4500:17/1701...cli.cli.cli.cli:4500:17/1701 May 5 01:02:26 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[11] cli.cli.cli.cli:4500 #34: sending encrypted notification INVALID_ID_INFORMATION to cli.cli.cli.cli:4500 May 5 01:02:27 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[11] cli.cli.cli.cli:4500 #34: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x619bf2fb (perhaps this is a duplicated packet) May 5 01:02:27 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[11] cli.cli.cli.cli:4500 #34: sending encrypted notification INVALID_MESSAGE_ID to cli.cli.cli.cli:4500 May 5 01:02:29 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[11] cli.cli.cli.cli:4500 #34: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x619bf2fb (perhaps this is a duplicated packet) May 5 01:02:29 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[11] cli.cli.cli.cli:4500 #34: sending encrypted notification INVALID_MESSAGE_ID to cli.cli.cli.cli:4500 May 5 01:02:33 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[11] cli.cli.cli.cli:4500 #34: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x619bf2fb (perhaps this is a duplicated packet) May 5 01:02:33 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[11] cli.cli.cli.cli:4500 #34: sending encrypted notification INVALID_MESSAGE_ID to cli.cli.cli.cli:4500 May 5 01:02:41 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[11] cli.cli.cli.cli:4500 #34: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x619bf2fb (perhaps this is a duplicated packet) May 5 01:02:41 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[11] cli.cli.cli.cli:4500 #34: sending encrypted notification INVALID_MESSAGE_ID to cli.cli.cli.cli:4500 May 5 01:02:54 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[11] cli.cli.cli.cli:4500 #33: IPsec SA expired (LATEST!) May 5 01:02:54 darkflame pluto[20723]: ERROR: netlink XFRM_MSG_DELPOLICY response for flow int.0@0.0.0.0 included errno 2: No such file or directory May 5 01:02:57 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[11] cli.cli.cli.cli:4500 #34: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x619bf2fb (perhaps this is a duplicated packet) May 5 01:02:57 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[11] cli.cli.cli.cli:4500 #34: sending encrypted notification INVALID_MESSAGE_ID to cli.cli.cli.cli:4500 May 5 01:03:29 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[11] cli.cli.cli.cli:4500 #34: received Delete SA payload: deleting ISAKMP State #34 May 5 01:03:29 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[11] cli.cli.cli.cli:4500: deleting connection "L2TP-PSK-orgWIN2KXP" instance with peer cli.cli.cli.cli {isakmp=#0/ipsec=#0} May 5 01:03:29 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP": unroute-host output: /usr/lib/ipsec/_updown: doroute `ip route delete cli.cli.cli.cli/32 via cli.cli.cli.cli dev eth0 ' failed (RTNETLINK answers: No such process) May 5 01:03:30 darkflame pluto[20723]: packet from cli.cli.cli.cli:4500: received and ignored informational message May 5 01:03:30 darkflame pluto[20723]: packet from cli.cli.cli.cli:4500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004] May 5 01:03:30 darkflame pluto[20723]: packet from cli.cli.cli.cli:4500: ignoring Vendor ID payload [FRAGMENTATION] May 5 01:03:30 darkflame pluto[20723]: packet from cli.cli.cli.cli:4500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106 May 5 01:03:30 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[12] cli.cli.cli.cli:4500 #38: responding to Main Mode from unknown peer cli.cli.cli.cli:4500 May 5 01:03:30 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[12] cli.cli.cli.cli:4500 #38: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 May 5 01:03:30 darkflame pluto[20723]: packet from cli.cli.cli.cli:4500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004] May 5 01:03:30 darkflame pluto[20723]: packet from cli.cli.cli.cli:4500: ignoring Vendor ID payload [FRAGMENTATION] May 5 01:03:30 darkflame pluto[20723]: packet from cli.cli.cli.cli:4500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106 May 5 01:03:30 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[12] cli.cli.cli.cli:4500 #39: responding to Main Mode from unknown peer cli.cli.cli.cli:4500 May 5 01:03:30 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[12] cli.cli.cli.cli:4500 #39: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 May 5 01:03:30 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[12] cli.cli.cli.cli:4500 #38: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: i am NATed May 5 01:03:30 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[12] cli.cli.cli.cli:4500 #38: discarding packet received during DNS lookup in STATE_MAIN_R1 May 5 01:03:31 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[12] cli.cli.cli.cli:4500 #38: WARNING: compute_dh_shared(): for OAKLEY_GROUP_MODP2048 took 222274 usec May 5 01:03:31 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[12] cli.cli.cli.cli:4500 #38: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2 May 5 01:03:31 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[12] cli.cli.cli.cli:4500 #38: Main mode peer ID is ID_IPV4_ADDR: 'cli.cli.cli.cli' May 5 01:03:31 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[12] cli.cli.cli.cli:4500 #38: I did not send a certificate because I do not have one. May 5 01:03:31 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[12] cli.cli.cli.cli:4500 #38: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3 May 5 01:03:31 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[12] cli.cli.cli.cli:4500 #38: sent MR3, ISAKMP SA established May 5 01:03:31 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[12] cli.cli.cli.cli:4500 #40: responding to Quick Mode May 5 01:03:34 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[12] cli.cli.cli.cli:4500 #40: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1 May 5 01:03:34 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[12] cli.cli.cli.cli:4500 #40: discarding duplicate packet; already STATE_QUICK_R1 May 5 01:03:34 darkflame pluto[20723]: packet from cli.cli.cli.cli:4500: Informational Exchange is for an unknown (expired?) SA May 5 01:03:37 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[12] cli.cli.cli.cli:4500 #40: route-host output: /usr/lib/ipsec/_updown: doroute `ip route add cli.cli.cli.cli/32 via cli.cli.cli.cli dev eth0 ' failed (RTNETLINK answers: Network is unreachable) May 5 01:03:37 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[12] cli.cli.cli.cli:4500 #40: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2 May 5 01:03:37 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[12] cli.cli.cli.cli:4500 #40: IPsec SA established {ESP/NAT=>0x69ba0c8d <0x8f652a02 NATOA=0.0.0.0} May 5 01:04:33 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[12] cli.cli.cli.cli:4500 #38: received Delete SA(0x69ba0c8d) payload: deleting IPSEC State #40 May 5 01:04:34 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[12] cli.cli.cli.cli:4500 #38: received and ignored informational message May 5 01:04:34 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[12] cli.cli.cli.cli:4500 #38: received Delete SA payload: deleting ISAKMP State #38 May 5 01:04:34 darkflame pluto[20723]: packet from cli.cli.cli.cli:4500: received and ignored informational message May 5 01:04:40 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[12] cli.cli.cli.cli:4500 #39: max number of retransmissions (2) reached STATE_MAIN_R1 May 5 01:04:40 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[12] cli.cli.cli.cli:4500: deleting connection "L2TP-PSK-orgWIN2KXP" instance with peer cli.cli.cli.cli {isakmp=#0/ipsec=#0} May 5 01:04:41 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP": unroute-host output: /usr/lib/ipsec/_updown: doroute `ip route delete cli.cli.cli.cli/32 via cli.cli.cli.cli dev eth0 ' failed (RTNETLINK answers: No such process) May 5 01:05:57 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004] May 5 01:05:57 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: ignoring Vendor ID payload [FRAGMENTATION] May 5 01:05:57 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106 May 5 01:05:57 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: ignoring Vendor ID payload [Vid-Initial-Contact] May 5 01:05:57 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[13] cli.cli.cli.cli #41: responding to Main Mode from unknown peer cli.cli.cli.cli May 5 01:05:58 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[13] cli.cli.cli.cli #41: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 May 5 01:05:58 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004] May 5 01:05:58 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: ignoring Vendor ID payload [FRAGMENTATION] May 5 01:05:58 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106 May 5 01:05:58 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: ignoring Vendor ID payload [Vid-Initial-Contact] May 5 01:05:58 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[13] cli.cli.cli.cli #42: responding to Main Mode from unknown peer cli.cli.cli.cli May 5 01:05:58 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[13] cli.cli.cli.cli #42: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 May 5 01:05:58 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[13] cli.cli.cli.cli #41: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: i am NATed May 5 01:05:59 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[13] cli.cli.cli.cli #41: discarding packet received during DNS lookup in STATE_MAIN_R1 May 5 01:06:00 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[13] cli.cli.cli.cli #41: WARNING: compute_dh_shared(): for OAKLEY_GROUP_MODP2048 took 491351 usec May 5 01:06:01 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[13] cli.cli.cli.cli #41: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2 May 5 01:06:01 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[13] cli.cli.cli.cli #41: discarding duplicate packet; already STATE_MAIN_R2 May 5 01:06:01 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[13] cli.cli.cli.cli #41: Main mode peer ID is ID_IPV4_ADDR: 'cli.cli.cli.cli' May 5 01:06:01 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[13] cli.cli.cli.cli #41: I did not send a certificate because I do not have one. May 5 01:06:01 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[13] cli.cli.cli.cli #41: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3 May 5 01:06:02 darkflame pluto[20723]: | NAT-T: new mapping cli.cli.cli.cli:500/4500) May 5 01:06:02 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[13] cli.cli.cli.cli:4500 #41: sent MR3, ISAKMP SA established May 5 01:06:02 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[13] cli.cli.cli.cli:4500 #43: responding to Quick Mode May 5 01:06:05 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[13] cli.cli.cli.cli:4500 #43: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1 May 5 01:06:05 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[13] cli.cli.cli.cli:4500 #43: discarding duplicate packet; already STATE_QUICK_R1 May 5 01:06:05 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[13] cli.cli.cli.cli:4500 #43: discarding duplicate packet; already STATE_QUICK_R1 May 5 01:06:08 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[13] cli.cli.cli.cli:4500 #43: route-host output: /usr/lib/ipsec/_updown: doroute `ip route add cli.cli.cli.cli/32 via cli.cli.cli.cli dev eth0 ' failed (RTNETLINK answers: Network is unreachable) May 5 01:06:09 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[13] cli.cli.cli.cli:4500 #43: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2 May 5 01:06:09 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[13] cli.cli.cli.cli:4500 #43: IPsec SA established {ESP/NAT=>0x2a2df28e <0x4a84b412 NATOA=0.0.0.0} May 5 01:07:09 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[13] cli.cli.cli.cli:4500 #42: max number of retransmissions (2) reached STATE_MAIN_R1 May 5 02:01:32 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[13] cli.cli.cli.cli:4500 #44: initiating Main Mode to replace #41 May 5 02:01:32 darkflame pluto[20723]: | no IKE algorithms for this connection May 5 02:01:32 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[13] cli.cli.cli.cli:4500 #44: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004] May 5 02:01:32 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[13] cli.cli.cli.cli:4500 #44: ignoring Vendor ID payload [FRAGMENTATION] May 5 02:01:33 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[13] cli.cli.cli.cli:4500 #44: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106 May 5 02:01:33 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[13] cli.cli.cli.cli:4500 #44: enabling possible NAT-traversal with method RFC XXXX (NAT-Traversal) May 5 02:01:33 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[13] cli.cli.cli.cli:4500 #44: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2 May 5 02:01:33 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[13] cli.cli.cli.cli:4500 #44: I did not send a certificate because I do not have one. May 5 02:01:33 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[13] cli.cli.cli.cli:4500 #44: NAT-Traversal: Only 0 NAT-D - Aborting NAT-Traversal negociation May 5 02:01:33 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[13] cli.cli.cli.cli:4500 #44: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3 May 5 02:01:33 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[13] cli.cli.cli.cli:4500 #44: discarding duplicate packet; already STATE_MAIN_I3 May 5 02:01:34 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[13] cli.cli.cli.cli:4500 #44: Main mode peer ID is ID_IPV4_ADDR: 'cli.cli.cli.cli' May 5 02:01:34 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[13] cli.cli.cli.cli:4500 #44: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4 May 5 02:01:34 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[13] cli.cli.cli.cli:4500 #44: ISAKMP SA established May 5 02:01:35 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[13] cli.cli.cli.cli:4500 #44: discarding duplicate packet; already STATE_MAIN_I4 May 5 02:01:37 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[13] cli.cli.cli.cli:4500 #44: discarding duplicate packet; already STATE_MAIN_I4 May 5 02:01:39 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[13] cli.cli.cli.cli:4500 #45: initiating Quick Mode PSK+ENCRYPT+TUNNEL to replace #43 {using isakmp#44} May 5 02:01:40 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[13] cli.cli.cli.cli:4500 #44: ignoring informational payload, type INVALID_ID_INFORMATION May 5 02:01:40 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[13] cli.cli.cli.cli:4500 #44: received and ignored informational message May 5 02:02:49 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[13] cli.cli.cli.cli:4500 #45: max number of retransmissions (2) reached STATE_QUICK_I1 May 5 02:02:49 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[13] cli.cli.cli.cli:4500 #45: starting keying attempt 2 of at most 3 May 5 02:02:49 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[13] cli.cli.cli.cli:4500 #46: initiating Quick Mode PSK+ENCRYPT+TUNNEL to replace #45 {using isakmp#44} May 5 02:02:50 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[13] cli.cli.cli.cli:4500 #44: ignoring informational payload, type INVALID_ID_INFORMATION May 5 02:02:50 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[13] cli.cli.cli.cli:4500 #44: received and ignored informational message May 5 02:03:59 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[13] cli.cli.cli.cli:4500 #46: max number of retransmissions (2) reached STATE_QUICK_I1 May 5 02:03:59 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[13] cli.cli.cli.cli:4500 #46: starting keying attempt 3 of at most 3 May 5 02:03:59 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[13] cli.cli.cli.cli:4500 #47: initiating Quick Mode PSK+ENCRYPT+TUNNEL to replace #46 {using isakmp#44} May 5 02:03:59 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[13] cli.cli.cli.cli:4500 #44: ignoring informational payload, type INVALID_ID_INFORMATION May 5 02:03:59 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[13] cli.cli.cli.cli:4500 #44: received and ignored informational message May 5 02:05:09 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[13] cli.cli.cli.cli:4500 #47: max number of retransmissions (2) reached STATE_QUICK_I1 May 5 02:05:44 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[13] cli.cli.cli.cli:4500 #44: cannot respond to IPsec SA request because no connection is known for ext.ext.ext.ext/32===10.10.60.98:4500:17/1701...cli.cli.cli.cli:4500:17/1701 May 5 02:05:44 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[13] cli.cli.cli.cli:4500 #44: sending encrypted notification INVALID_ID_INFORMATION to cli.cli.cli.cli:4500 May 5 02:05:45 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[13] cli.cli.cli.cli:4500 #44: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x7fdd9b9b (perhaps this is a duplicated packet) May 5 02:05:45 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[13] cli.cli.cli.cli:4500 #44: sending encrypted notification INVALID_MESSAGE_ID to cli.cli.cli.cli:4500 May 5 02:05:46 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[13] cli.cli.cli.cli:4500 #44: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x7fdd9b9b (perhaps this is a duplicated packet) May 5 02:05:47 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[13] cli.cli.cli.cli:4500 #44: sending encrypted notification INVALID_MESSAGE_ID to cli.cli.cli.cli:4500 May 5 02:05:51 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[13] cli.cli.cli.cli:4500 #44: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x7fdd9b9b (perhaps this is a duplicated packet) May 5 02:05:51 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[13] cli.cli.cli.cli:4500 #44: sending encrypted notification INVALID_MESSAGE_ID to cli.cli.cli.cli:4500 May 5 02:05:58 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[13] cli.cli.cli.cli:4500 #44: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x7fdd9b9b (perhaps this is a duplicated packet) May 5 02:05:58 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[13] cli.cli.cli.cli:4500 #44: sending encrypted notification INVALID_MESSAGE_ID to cli.cli.cli.cli:4500 May 5 02:06:08 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[13] cli.cli.cli.cli:4500 #43: next payload type of ISAKMP Hash Payload has an unknown value: 75 May 5 02:06:08 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[13] cli.cli.cli.cli:4500 #43: malformed payload in packet May 5 02:06:08 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[13] cli.cli.cli.cli:4500 #43: sending notification PAYLOAD_MALFORMED to cli.cli.cli.cli:4500 May 5 02:06:09 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[13] cli.cli.cli.cli:4500 #43: IPsec SA expired (LATEST!) May 5 02:06:10 darkflame pluto[20723]: ERROR: netlink XFRM_MSG_DELPOLICY response for flow int.0@0.0.0.0 included errno 2: No such file or directory May 5 02:06:14 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[13] cli.cli.cli.cli:4500 #44: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x7fdd9b9b (perhaps this is a duplicated packet) May 5 02:06:15 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[13] cli.cli.cli.cli:4500 #44: sending encrypted notification INVALID_MESSAGE_ID to cli.cli.cli.cli:4500 May 5 02:06:46 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[13] cli.cli.cli.cli:4500 #44: received Delete SA payload: deleting ISAKMP State #44 May 5 02:06:46 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[13] cli.cli.cli.cli:4500: deleting connection "L2TP-PSK-orgWIN2KXP" instance with peer cli.cli.cli.cli {isakmp=#0/ipsec=#0} May 5 02:06:47 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP": unroute-host output: /usr/lib/ipsec/_updown: doroute `ip route delete cli.cli.cli.cli/32 via cli.cli.cli.cli dev eth0 ' failed (RTNETLINK answers: No such process) May 5 02:06:47 darkflame pluto[20723]: packet from cli.cli.cli.cli:4500: received and ignored informational message May 5 02:06:47 darkflame pluto[20723]: packet from cli.cli.cli.cli:4500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004] May 5 02:06:47 darkflame pluto[20723]: packet from cli.cli.cli.cli:4500: ignoring Vendor ID payload [FRAGMENTATION] May 5 02:06:47 darkflame pluto[20723]: packet from cli.cli.cli.cli:4500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106 May 5 02:06:47 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[14] cli.cli.cli.cli:4500 #48: responding to Main Mode from unknown peer cli.cli.cli.cli:4500 May 5 02:06:47 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[14] cli.cli.cli.cli:4500 #48: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 May 5 02:06:47 darkflame pluto[20723]: packet from cli.cli.cli.cli:4500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004] May 5 02:06:47 darkflame pluto[20723]: packet from cli.cli.cli.cli:4500: ignoring Vendor ID payload [FRAGMENTATION] May 5 02:06:47 darkflame pluto[20723]: packet from cli.cli.cli.cli:4500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106 May 5 02:06:47 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[14] cli.cli.cli.cli:4500 #49: responding to Main Mode from unknown peer cli.cli.cli.cli:4500 May 5 02:06:47 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[14] cli.cli.cli.cli:4500 #49: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 May 5 02:06:48 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[14] cli.cli.cli.cli:4500 #48: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: i am NATed May 5 02:06:49 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[14] cli.cli.cli.cli:4500 #48: WARNING: compute_dh_shared(): for OAKLEY_GROUP_MODP2048 took 205935 usec May 5 02:06:49 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[14] cli.cli.cli.cli:4500 #48: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2 May 5 02:06:49 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[14] cli.cli.cli.cli:4500 #48: discarding duplicate packet; already STATE_MAIN_R2 May 5 02:06:49 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[14] cli.cli.cli.cli:4500 #48: Main mode peer ID is ID_IPV4_ADDR: 'cli.cli.cli.cli' May 5 02:06:49 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[14] cli.cli.cli.cli:4500 #48: I did not send a certificate because I do not have one. May 5 02:06:49 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[14] cli.cli.cli.cli:4500 #48: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3 May 5 02:06:50 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[14] cli.cli.cli.cli:4500 #48: sent MR3, ISAKMP SA established May 5 02:06:50 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[14] cli.cli.cli.cli:4500 #50: responding to Quick Mode May 5 02:06:52 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[14] cli.cli.cli.cli:4500 #50: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1 May 5 02:06:52 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[14] cli.cli.cli.cli:4500 #50: discarding duplicate packet; already STATE_QUICK_R1 May 5 02:06:55 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[14] cli.cli.cli.cli:4500 #50: route-host output: /usr/lib/ipsec/_updown: doroute `ip route add cli.cli.cli.cli/32 via cli.cli.cli.cli dev eth0 ' failed (RTNETLINK answers: Network is unreachable) May 5 02:06:55 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[14] cli.cli.cli.cli:4500 #50: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2 May 5 02:06:56 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[14] cli.cli.cli.cli:4500 #50: IPsec SA established {ESP/NAT=>0x0fc2c51d <0x749a8767 NATOA=0.0.0.0} May 5 02:07:47 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[14] cli.cli.cli.cli:4500 #48: received Delete SA(0x0fc2c51d) payload: deleting IPSEC State #50 May 5 02:07:48 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[14] cli.cli.cli.cli:4500 #48: received and ignored informational message May 5 02:07:48 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[14] cli.cli.cli.cli:4500 #48: received Delete SA payload: deleting ISAKMP State #48 May 5 02:07:48 darkflame pluto[20723]: packet from cli.cli.cli.cli:4500: received and ignored informational message May 5 02:07:57 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[14] cli.cli.cli.cli:4500 #49: max number of retransmissions (2) reached STATE_MAIN_R1 May 5 02:07:57 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[14] cli.cli.cli.cli:4500: deleting connection "L2TP-PSK-orgWIN2KXP" instance with peer cli.cli.cli.cli {isakmp=#0/ipsec=#0} May 5 02:07:57 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP": unroute-host output: /usr/lib/ipsec/_updown: doroute `ip route delete cli.cli.cli.cli/32 via cli.cli.cli.cli dev eth0 ' failed (RTNETLINK answers: No such process) May 5 02:30:05 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004] May 5 02:30:06 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: ignoring Vendor ID payload [FRAGMENTATION] May 5 02:30:06 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106 May 5 02:30:06 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: ignoring Vendor ID payload [Vid-Initial-Contact] May 5 02:30:06 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[15] cli.cli.cli.cli #51: responding to Main Mode from unknown peer cli.cli.cli.cli May 5 02:30:06 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[15] cli.cli.cli.cli #51: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 May 5 02:30:06 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004] May 5 02:30:06 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: ignoring Vendor ID payload [FRAGMENTATION] May 5 02:30:06 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106 May 5 02:30:06 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: ignoring Vendor ID payload [Vid-Initial-Contact] May 5 02:30:06 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[15] cli.cli.cli.cli #52: responding to Main Mode from unknown peer cli.cli.cli.cli May 5 02:30:07 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[15] cli.cli.cli.cli #52: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 May 5 02:30:07 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[15] cli.cli.cli.cli #51: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: i am NATed May 5 02:30:07 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[15] cli.cli.cli.cli #51: discarding packet received during DNS lookup in STATE_MAIN_R1 May 5 02:30:09 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[15] cli.cli.cli.cli #51: WARNING: compute_dh_shared(): for OAKLEY_GROUP_MODP2048 took 668189 usec May 5 02:30:10 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[15] cli.cli.cli.cli #51: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2 May 5 02:30:10 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[15] cli.cli.cli.cli #51: discarding duplicate packet; already STATE_MAIN_R2 May 5 02:30:10 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[15] cli.cli.cli.cli #51: Main mode peer ID is ID_IPV4_ADDR: 'cli.cli.cli.cli' May 5 02:30:10 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[15] cli.cli.cli.cli #51: I did not send a certificate because I do not have one. May 5 02:30:10 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[15] cli.cli.cli.cli #51: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3 May 5 02:30:10 darkflame pluto[20723]: | NAT-T: new mapping cli.cli.cli.cli:500/4500) May 5 02:30:10 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[15] cli.cli.cli.cli:4500 #51: sent MR3, ISAKMP SA established May 5 02:30:10 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[15] cli.cli.cli.cli:4500 #53: responding to Quick Mode May 5 02:30:14 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[15] cli.cli.cli.cli:4500 #53: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1 May 5 02:30:14 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[15] cli.cli.cli.cli:4500 #53: discarding duplicate packet; already STATE_QUICK_R1 May 5 02:30:14 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[15] cli.cli.cli.cli:4500 #53: discarding duplicate packet; already STATE_QUICK_R1 May 5 02:30:21 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[15] cli.cli.cli.cli:4500 #53: route-host output: /usr/lib/ipsec/_updown: doroute `ip route add cli.cli.cli.cli/32 via cli.cli.cli.cli dev eth0 ' failed (RTNETLINK answers: Network is unreachable) May 5 02:30:22 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[15] cli.cli.cli.cli:4500 #53: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2 May 5 02:30:22 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[15] cli.cli.cli.cli:4500 #53: IPsec SA established {ESP/NAT=>0xc6a8bbfc <0xb82bcef7 NATOA=0.0.0.0} May 5 02:31:21 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[15] cli.cli.cli.cli:4500 #52: max number of retransmissions (2) reached STATE_MAIN_R1 May 5 02:32:15 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[15] cli.cli.cli.cli:4500 #51: received Delete SA(0xc6a8bbfc) payload: deleting IPSEC State #53 May 5 02:32:15 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[15] cli.cli.cli.cli:4500 #51: received and ignored informational message May 5 02:32:15 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[15] cli.cli.cli.cli:4500 #51: received Delete SA payload: deleting ISAKMP State #51 May 5 02:32:16 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[15] cli.cli.cli.cli:4500: deleting connection "L2TP-PSK-orgWIN2KXP" instance with peer cli.cli.cli.cli {isakmp=#0/ipsec=#0} May 5 02:32:16 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP": unroute-host output: /usr/lib/ipsec/_updown: doroute `ip route delete cli.cli.cli.cli/32 via cli.cli.cli.cli dev eth0 ' failed (RTNETLINK answers: No such process) May 5 02:32:16 darkflame pluto[20723]: packet from cli.cli.cli.cli:4500: received and ignored informational message May 5 03:00:02 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004] May 5 03:00:03 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: ignoring Vendor ID payload [FRAGMENTATION] May 5 03:00:03 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106 May 5 03:00:03 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: ignoring Vendor ID payload [Vid-Initial-Contact] May 5 03:00:03 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[16] cli.cli.cli.cli #54: responding to Main Mode from unknown peer cli.cli.cli.cli May 5 03:00:03 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[16] cli.cli.cli.cli #54: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 May 5 03:00:03 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004] May 5 03:00:03 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: ignoring Vendor ID payload [FRAGMENTATION] May 5 03:00:03 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106 May 5 03:00:03 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: ignoring Vendor ID payload [Vid-Initial-Contact] May 5 03:00:03 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[16] cli.cli.cli.cli #55: responding to Main Mode from unknown peer cli.cli.cli.cli May 5 03:00:03 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[16] cli.cli.cli.cli #55: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 May 5 03:00:03 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[16] cli.cli.cli.cli #54: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: i am NATed May 5 03:00:04 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[16] cli.cli.cli.cli #54: discarding packet received during DNS lookup in STATE_MAIN_R1 May 5 03:00:04 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[16] cli.cli.cli.cli #54: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2 May 5 03:00:04 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[16] cli.cli.cli.cli #54: Main mode peer ID is ID_IPV4_ADDR: 'cli.cli.cli.cli' May 5 03:00:05 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[16] cli.cli.cli.cli #54: I did not send a certificate because I do not have one. May 5 03:00:05 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[16] cli.cli.cli.cli #54: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3 May 5 03:00:05 darkflame pluto[20723]: | NAT-T: new mapping cli.cli.cli.cli:500/4500) May 5 03:00:05 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[16] cli.cli.cli.cli:4500 #54: sent MR3, ISAKMP SA established May 5 03:00:05 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[16] cli.cli.cli.cli:4500 #56: responding to Quick Mode May 5 03:00:08 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[16] cli.cli.cli.cli:4500 #56: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1 May 5 03:00:08 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[16] cli.cli.cli.cli:4500 #56: discarding duplicate packet; already STATE_QUICK_R1 May 5 03:00:08 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[16] cli.cli.cli.cli:4500 #56: discarding duplicate packet; already STATE_QUICK_R1 May 5 03:00:12 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[16] cli.cli.cli.cli:4500 #56: route-host output: /usr/lib/ipsec/_updown: doroute `ip route add cli.cli.cli.cli/32 via cli.cli.cli.cli dev eth0 ' failed (RTNETLINK answers: Network is unreachable) May 5 03:00:13 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[16] cli.cli.cli.cli:4500 #56: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2 May 5 03:00:13 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[16] cli.cli.cli.cli:4500 #56: IPsec SA established {ESP/NAT=>0x7a39c954 <0xa0d025b5 NATOA=0.0.0.0} May 5 03:01:13 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[16] cli.cli.cli.cli:4500 #55: max number of retransmissions (2) reached STATE_MAIN_R1 May 5 03:07:51 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[16] cli.cli.cli.cli:4500 #54: received Delete SA payload: deleting ISAKMP State #54 May 5 03:07:52 darkflame pluto[20723]: packet from cli.cli.cli.cli:4500: received and ignored informational message May 5 03:30:07 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004] May 5 03:30:07 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: ignoring Vendor ID payload [FRAGMENTATION] May 5 03:30:07 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106 May 5 03:30:08 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: ignoring Vendor ID payload [Vid-Initial-Contact] May 5 03:30:08 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[17] cli.cli.cli.cli #57: responding to Main Mode from unknown peer cli.cli.cli.cli May 5 03:30:08 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[17] cli.cli.cli.cli #57: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 May 5 03:30:08 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004] May 5 03:30:08 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: ignoring Vendor ID payload [FRAGMENTATION] May 5 03:30:08 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106 May 5 03:30:08 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: ignoring Vendor ID payload [Vid-Initial-Contact] May 5 03:30:08 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[17] cli.cli.cli.cli #58: responding to Main Mode from unknown peer cli.cli.cli.cli May 5 03:30:08 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[17] cli.cli.cli.cli #58: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 May 5 03:30:08 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[17] cli.cli.cli.cli #57: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: i am NATed May 5 03:30:09 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[17] cli.cli.cli.cli #57: discarding packet received during DNS lookup in STATE_MAIN_R1 May 5 03:30:10 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[17] cli.cli.cli.cli #57: WARNING: compute_dh_shared(): for OAKLEY_GROUP_MODP2048 took 392872 usec May 5 03:30:10 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[17] cli.cli.cli.cli #57: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2 May 5 03:30:11 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[17] cli.cli.cli.cli #57: Main mode peer ID is ID_IPV4_ADDR: 'cli.cli.cli.cli' May 5 03:30:11 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[17] cli.cli.cli.cli #57: I did not send a certificate because I do not have one. May 5 03:30:11 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[17] cli.cli.cli.cli #57: deleting connection "L2TP-PSK-orgWIN2KXP" instance with peer cli.cli.cli.cli {isakmp=#0/ipsec=#56} May 5 03:30:11 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP" #56: deleting state (STATE_QUICK_R2) May 5 03:30:13 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[17] cli.cli.cli.cli #57: unroute-host output: /usr/lib/ipsec/_updown: doroute `ip route delete cli.cli.cli.cli/32 via cli.cli.cli.cli dev eth0 ' failed (RTNETLINK answers: No such process) May 5 03:30:13 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[17] cli.cli.cli.cli #57: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3 May 5 03:30:13 darkflame pluto[20723]: | NAT-T: new mapping cli.cli.cli.cli:500/4500) May 5 03:30:13 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[17] cli.cli.cli.cli:4500 #57: sent MR3, ISAKMP SA established May 5 03:30:13 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[17] cli.cli.cli.cli:4500 #57: retransmitting in response to duplicate packet; already STATE_MAIN_R3 May 5 03:30:13 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[17] cli.cli.cli.cli:4500 #59: responding to Quick Mode May 5 03:30:18 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[17] cli.cli.cli.cli:4500 #59: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1 May 5 03:30:18 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[17] cli.cli.cli.cli:4500 #59: discarding duplicate packet; already STATE_QUICK_R1 May 5 03:30:18 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[17] cli.cli.cli.cli:4500 #59: discarding duplicate packet; already STATE_QUICK_R1 May 5 03:30:22 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[17] cli.cli.cli.cli:4500 #59: route-host output: /usr/lib/ipsec/_updown: doroute `ip route add cli.cli.cli.cli/32 via cli.cli.cli.cli dev eth0 ' failed (RTNETLINK answers: Network is unreachable) May 5 03:30:23 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[17] cli.cli.cli.cli:4500 #59: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2 May 5 03:30:23 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[17] cli.cli.cli.cli:4500 #59: IPsec SA established {ESP/NAT=>0x89d5b9b2 <0x1762777c NATOA=0.0.0.0} May 5 03:31:18 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[17] cli.cli.cli.cli:4500 #58: max number of retransmissions (2) reached STATE_MAIN_R1 May 5 04:25:43 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[17] cli.cli.cli.cli:4500 #60: initiating Main Mode to replace #57 May 5 04:25:43 darkflame pluto[20723]: | no IKE algorithms for this connection May 5 04:25:44 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[17] cli.cli.cli.cli:4500 #60: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004] May 5 04:25:44 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[17] cli.cli.cli.cli:4500 #60: ignoring Vendor ID payload [FRAGMENTATION] May 5 04:25:44 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[17] cli.cli.cli.cli:4500 #60: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106 May 5 04:25:44 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[17] cli.cli.cli.cli:4500 #60: enabling possible NAT-traversal with method RFC XXXX (NAT-Traversal) May 5 04:25:45 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[17] cli.cli.cli.cli:4500 #60: discarding packet received during DNS lookup in STATE_MAIN_I1 May 5 04:25:45 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[17] cli.cli.cli.cli:4500 #60: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2 May 5 04:25:45 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[17] cli.cli.cli.cli:4500 #60: I did not send a certificate because I do not have one. May 5 04:25:46 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[17] cli.cli.cli.cli:4500 #60: NAT-Traversal: Only 0 NAT-D - Aborting NAT-Traversal negociation May 5 04:25:46 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[17] cli.cli.cli.cli:4500 #60: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3 May 5 04:25:46 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[17] cli.cli.cli.cli:4500 #60: Main mode peer ID is ID_IPV4_ADDR: 'cli.cli.cli.cli' May 5 04:25:46 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[17] cli.cli.cli.cli:4500 #60: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4 May 5 04:25:46 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[17] cli.cli.cli.cli:4500 #60: ISAKMP SA established May 5 04:25:47 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[17] cli.cli.cli.cli:4500 #60: discarding duplicate packet; already STATE_MAIN_I4 May 5 04:25:49 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[17] cli.cli.cli.cli:4500 #60: discarding duplicate packet; already STATE_MAIN_I4 May 5 04:25:52 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[17] cli.cli.cli.cli:4500 #61: initiating Quick Mode PSK+ENCRYPT+TUNNEL to replace #59 {using isakmp#60} May 5 04:25:52 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[17] cli.cli.cli.cli:4500 #60: ignoring informational payload, type INVALID_ID_INFORMATION May 5 04:25:52 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[17] cli.cli.cli.cli:4500 #60: received and ignored informational message May 5 04:27:02 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[17] cli.cli.cli.cli:4500 #61: max number of retransmissions (2) reached STATE_QUICK_I1 May 5 04:27:02 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[17] cli.cli.cli.cli:4500 #61: starting keying attempt 2 of at most 3 May 5 04:27:02 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[17] cli.cli.cli.cli:4500 #62: initiating Quick Mode PSK+ENCRYPT+TUNNEL to replace #61 {using isakmp#60} May 5 04:27:02 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[17] cli.cli.cli.cli:4500 #60: ignoring informational payload, type INVALID_ID_INFORMATION May 5 04:27:02 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[17] cli.cli.cli.cli:4500 #60: received and ignored informational message May 5 04:28:12 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[17] cli.cli.cli.cli:4500 #62: max number of retransmissions (2) reached STATE_QUICK_I1 May 5 04:28:12 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[17] cli.cli.cli.cli:4500 #62: starting keying attempt 3 of at most 3 May 5 04:28:12 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[17] cli.cli.cli.cli:4500 #63: initiating Quick Mode PSK+ENCRYPT+TUNNEL to replace #62 {using isakmp#60} May 5 04:28:12 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[17] cli.cli.cli.cli:4500 #60: ignoring informational payload, type INVALID_ID_INFORMATION May 5 04:28:12 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[17] cli.cli.cli.cli:4500 #60: received and ignored informational message May 5 04:29:22 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[17] cli.cli.cli.cli:4500 #63: max number of retransmissions (2) reached STATE_QUICK_I1 May 5 04:29:41 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[17] cli.cli.cli.cli:4500 #60: cannot respond to IPsec SA request because no connection is known for ext.ext.ext.ext/32===10.10.60.98:4500:17/1701...cli.cli.cli.cli:4500:17/1701 May 5 04:29:42 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[17] cli.cli.cli.cli:4500 #60: sending encrypted notification INVALID_ID_INFORMATION to cli.cli.cli.cli:4500 May 5 04:29:42 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[17] cli.cli.cli.cli:4500 #60: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x7197d236 (perhaps this is a duplicated packet) May 5 04:29:42 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[17] cli.cli.cli.cli:4500 #60: sending encrypted notification INVALID_MESSAGE_ID to cli.cli.cli.cli:4500 May 5 04:29:44 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[17] cli.cli.cli.cli:4500 #60: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x7197d236 (perhaps this is a duplicated packet) May 5 04:29:44 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[17] cli.cli.cli.cli:4500 #60: sending encrypted notification INVALID_MESSAGE_ID to cli.cli.cli.cli:4500 May 5 04:29:48 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[17] cli.cli.cli.cli:4500 #60: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x7197d236 (perhaps this is a duplicated packet) May 5 04:29:48 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[17] cli.cli.cli.cli:4500 #60: sending encrypted notification INVALID_MESSAGE_ID to cli.cli.cli.cli:4500 May 5 04:29:56 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[17] cli.cli.cli.cli:4500 #60: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x7197d236 (perhaps this is a duplicated packet) May 5 04:29:56 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[17] cli.cli.cli.cli:4500 #60: sending encrypted notification INVALID_MESSAGE_ID to cli.cli.cli.cli:4500 May 5 04:30:12 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[17] cli.cli.cli.cli:4500 #60: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x7197d236 (perhaps this is a duplicated packet) May 5 04:30:12 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[17] cli.cli.cli.cli:4500 #60: sending encrypted notification INVALID_MESSAGE_ID to cli.cli.cli.cli:4500 May 5 04:30:22 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[17] cli.cli.cli.cli:4500 #59: IPsec SA expired (LATEST!) May 5 04:30:23 darkflame pluto[20723]: packet from cli.cli.cli.cli:4500: Informational Exchange is for an unknown (expired?) SA May 5 04:30:23 darkflame pluto[20723]: ERROR: netlink XFRM_MSG_DELPOLICY response for flow int.0@0.0.0.0 included errno 2: No such file or directory May 5 04:30:44 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[17] cli.cli.cli.cli:4500 #60: received Delete SA payload: deleting ISAKMP State #60 May 5 04:30:44 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[17] cli.cli.cli.cli:4500: deleting connection "L2TP-PSK-orgWIN2KXP" instance with peer cli.cli.cli.cli {isakmp=#0/ipsec=#0} May 5 04:30:44 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP": unroute-host output: /usr/lib/ipsec/_updown: doroute `ip route delete cli.cli.cli.cli/32 via cli.cli.cli.cli dev eth0 ' failed (RTNETLINK answers: No such process) May 5 04:30:45 darkflame pluto[20723]: packet from cli.cli.cli.cli:4500: received and ignored informational message May 5 04:30:45 darkflame pluto[20723]: packet from cli.cli.cli.cli:4500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004] May 5 04:30:45 darkflame pluto[20723]: packet from cli.cli.cli.cli:4500: ignoring Vendor ID payload [FRAGMENTATION] May 5 04:30:45 darkflame pluto[20723]: packet from cli.cli.cli.cli:4500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106 May 5 04:30:45 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[18] cli.cli.cli.cli:4500 #64: responding to Main Mode from unknown peer cli.cli.cli.cli:4500 May 5 04:30:45 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[18] cli.cli.cli.cli:4500 #64: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 May 5 04:30:45 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[18] cli.cli.cli.cli:4500 #64: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: i am NATed May 5 04:30:45 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[18] cli.cli.cli.cli:4500 #64: WARNING: compute_dh_shared(): for OAKLEY_GROUP_MODP2048 took 271662 usec May 5 04:30:46 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[18] cli.cli.cli.cli:4500 #64: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2 May 5 04:30:46 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[18] cli.cli.cli.cli:4500 #64: Main mode peer ID is ID_IPV4_ADDR: 'cli.cli.cli.cli' May 5 04:30:46 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[18] cli.cli.cli.cli:4500 #64: I did not send a certificate because I do not have one. May 5 04:30:46 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[18] cli.cli.cli.cli:4500 #64: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3 May 5 04:30:46 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[18] cli.cli.cli.cli:4500 #64: sent MR3, ISAKMP SA established May 5 04:30:46 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[18] cli.cli.cli.cli:4500 #65: responding to Quick Mode May 5 04:30:49 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[18] cli.cli.cli.cli:4500 #65: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1 May 5 04:30:49 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[18] cli.cli.cli.cli:4500 #65: discarding duplicate packet; already STATE_QUICK_R1 May 5 04:30:51 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[18] cli.cli.cli.cli:4500 #65: route-host output: /usr/lib/ipsec/_updown: doroute `ip route add cli.cli.cli.cli/32 via cli.cli.cli.cli dev eth0 ' failed (RTNETLINK answers: Network is unreachable) May 5 04:30:51 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[18] cli.cli.cli.cli:4500 #65: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2 May 5 04:30:51 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[18] cli.cli.cli.cli:4500 #65: IPsec SA established {ESP/NAT=>0x14f2b305 <0xc6d33d2e NATOA=0.0.0.0} May 5 04:32:21 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[18] cli.cli.cli.cli:4500 #64: received Delete SA(0x14f2b305) payload: deleting IPSEC State #65 May 5 04:32:22 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[18] cli.cli.cli.cli:4500 #64: received and ignored informational message May 5 04:32:22 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[18] cli.cli.cli.cli:4500 #64: received Delete SA payload: deleting ISAKMP State #64 May 5 04:32:22 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[18] cli.cli.cli.cli:4500: deleting connection "L2TP-PSK-orgWIN2KXP" instance with peer cli.cli.cli.cli {isakmp=#0/ipsec=#0} May 5 04:32:22 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP": unroute-host output: /usr/lib/ipsec/_updown: doroute `ip route delete cli.cli.cli.cli/32 via cli.cli.cli.cli dev eth0 ' failed (RTNETLINK answers: No such process) May 5 04:32:22 darkflame pluto[20723]: packet from cli.cli.cli.cli:4500: received and ignored informational message May 5 05:00:04 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004] May 5 05:00:05 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: ignoring Vendor ID payload [FRAGMENTATION] May 5 05:00:05 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106 May 5 05:00:05 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: ignoring Vendor ID payload [Vid-Initial-Contact] May 5 05:00:05 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[19] cli.cli.cli.cli #66: responding to Main Mode from unknown peer cli.cli.cli.cli May 5 05:00:05 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[19] cli.cli.cli.cli #66: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 May 5 05:00:05 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[19] cli.cli.cli.cli #66: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: i am NATed May 5 05:00:06 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[19] cli.cli.cli.cli #66: discarding packet received during DNS lookup in STATE_MAIN_R1 May 5 05:00:07 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[19] cli.cli.cli.cli #66: WARNING: compute_dh_shared(): for OAKLEY_GROUP_MODP2048 took 283900 usec May 5 05:00:07 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[19] cli.cli.cli.cli #66: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2 May 5 05:00:07 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[19] cli.cli.cli.cli #66: Main mode peer ID is ID_IPV4_ADDR: 'cli.cli.cli.cli' May 5 05:00:07 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[19] cli.cli.cli.cli #66: I did not send a certificate because I do not have one. May 5 05:00:07 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[19] cli.cli.cli.cli #66: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3 May 5 05:00:08 darkflame pluto[20723]: | NAT-T: new mapping cli.cli.cli.cli:500/4500) May 5 05:00:08 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[19] cli.cli.cli.cli:4500 #66: sent MR3, ISAKMP SA established May 5 05:00:08 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[19] cli.cli.cli.cli:4500 #67: responding to Quick Mode May 5 05:00:11 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[19] cli.cli.cli.cli:4500 #67: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1 May 5 05:00:11 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[19] cli.cli.cli.cli:4500 #67: discarding duplicate packet; already STATE_QUICK_R1 May 5 05:00:11 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[19] cli.cli.cli.cli:4500 #67: discarding duplicate packet; already STATE_QUICK_R1 May 5 05:00:15 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[19] cli.cli.cli.cli:4500 #67: route-host output: /usr/lib/ipsec/_updown: doroute `ip route add cli.cli.cli.cli/32 via cli.cli.cli.cli dev eth0 ' failed (RTNETLINK answers: Network is unreachable) May 5 05:00:17 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[19] cli.cli.cli.cli:4500 #67: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2 May 5 05:00:18 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[19] cli.cli.cli.cli:4500 #67: IPsec SA established {ESP/NAT=>0x1f491a56 <0x581d901d NATOA=0.0.0.0} May 5 05:55:37 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[19] cli.cli.cli.cli:4500 #68: initiating Main Mode to replace #66 May 5 05:55:38 darkflame pluto[20723]: | no IKE algorithms for this connection May 5 05:55:38 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[19] cli.cli.cli.cli:4500 #68: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004] May 5 05:55:38 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[19] cli.cli.cli.cli:4500 #68: ignoring Vendor ID payload [FRAGMENTATION] May 5 05:55:38 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[19] cli.cli.cli.cli:4500 #68: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106 May 5 05:55:38 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[19] cli.cli.cli.cli:4500 #68: enabling possible NAT-traversal with method RFC XXXX (NAT-Traversal) May 5 05:55:38 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[19] cli.cli.cli.cli:4500 #68: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2 May 5 05:55:38 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[19] cli.cli.cli.cli:4500 #68: I did not send a certificate because I do not have one. May 5 05:55:38 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[19] cli.cli.cli.cli:4500 #68: NAT-Traversal: Only 0 NAT-D - Aborting NAT-Traversal negociation May 5 05:55:38 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[19] cli.cli.cli.cli:4500 #68: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3 May 5 05:55:39 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[19] cli.cli.cli.cli:4500 #68: Main mode peer ID is ID_IPV4_ADDR: 'cli.cli.cli.cli' May 5 05:55:39 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[19] cli.cli.cli.cli:4500 #68: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4 May 5 05:55:39 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[19] cli.cli.cli.cli:4500 #68: ISAKMP SA established May 5 05:55:40 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[19] cli.cli.cli.cli:4500 #68: discarding duplicate packet; already STATE_MAIN_I4 May 5 05:55:42 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[19] cli.cli.cli.cli:4500 #68: discarding duplicate packet; already STATE_MAIN_I4 May 5 05:55:45 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[19] cli.cli.cli.cli:4500 #69: initiating Quick Mode PSK+ENCRYPT+TUNNEL to replace #67 {using isakmp#68} May 5 05:55:45 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[19] cli.cli.cli.cli:4500 #68: ignoring informational payload, type INVALID_ID_INFORMATION May 5 05:55:45 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[19] cli.cli.cli.cli:4500 #68: received and ignored informational message May 5 05:56:55 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[19] cli.cli.cli.cli:4500 #69: max number of retransmissions (2) reached STATE_QUICK_I1 May 5 05:56:55 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[19] cli.cli.cli.cli:4500 #69: starting keying attempt 2 of at most 3 May 5 05:56:55 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[19] cli.cli.cli.cli:4500 #70: initiating Quick Mode PSK+ENCRYPT+TUNNEL to replace #69 {using isakmp#68} May 5 05:56:55 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[19] cli.cli.cli.cli:4500 #68: ignoring informational payload, type INVALID_ID_INFORMATION May 5 05:56:55 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[19] cli.cli.cli.cli:4500 #68: received and ignored informational message May 5 05:58:05 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[19] cli.cli.cli.cli:4500 #70: max number of retransmissions (2) reached STATE_QUICK_I1 May 5 05:58:05 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[19] cli.cli.cli.cli:4500 #70: starting keying attempt 3 of at most 3 May 5 05:58:05 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[19] cli.cli.cli.cli:4500 #71: initiating Quick Mode PSK+ENCRYPT+TUNNEL to replace #70 {using isakmp#68} May 5 05:58:05 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[19] cli.cli.cli.cli:4500 #68: ignoring informational payload, type INVALID_ID_INFORMATION May 5 05:58:05 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[19] cli.cli.cli.cli:4500 #68: received and ignored informational message May 5 05:59:15 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[19] cli.cli.cli.cli:4500 #71: max number of retransmissions (2) reached STATE_QUICK_I1 May 5 05:59:33 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[19] cli.cli.cli.cli:4500 #68: cannot respond to IPsec SA request because no connection is known for ext.ext.ext.ext/32===10.10.60.98:4500:17/1701...cli.cli.cli.cli:4500:17/1701 May 5 05:59:33 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[19] cli.cli.cli.cli:4500 #68: sending encrypted notification INVALID_ID_INFORMATION to cli.cli.cli.cli:4500 May 5 05:59:34 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[19] cli.cli.cli.cli:4500 #68: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x8c31d07e (perhaps this is a duplicated packet) May 5 05:59:34 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[19] cli.cli.cli.cli:4500 #68: sending encrypted notification INVALID_MESSAGE_ID to cli.cli.cli.cli:4500 May 5 05:59:36 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[19] cli.cli.cli.cli:4500 #68: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x8c31d07e (perhaps this is a duplicated packet) May 5 05:59:36 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[19] cli.cli.cli.cli:4500 #68: sending encrypted notification INVALID_MESSAGE_ID to cli.cli.cli.cli:4500 May 5 05:59:40 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[19] cli.cli.cli.cli:4500 #68: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x8c31d07e (perhaps this is a duplicated packet) May 5 05:59:40 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[19] cli.cli.cli.cli:4500 #68: sending encrypted notification INVALID_MESSAGE_ID to cli.cli.cli.cli:4500 May 5 05:59:48 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[19] cli.cli.cli.cli:4500 #68: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x8c31d07e (perhaps this is a duplicated packet) May 5 05:59:48 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[19] cli.cli.cli.cli:4500 #68: sending encrypted notification INVALID_MESSAGE_ID to cli.cli.cli.cli:4500 May 5 06:00:04 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[19] cli.cli.cli.cli:4500 #68: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x8c31d07e (perhaps this is a duplicated packet) May 5 06:00:04 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[19] cli.cli.cli.cli:4500 #68: sending encrypted notification INVALID_MESSAGE_ID to cli.cli.cli.cli:4500 May 5 06:00:11 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[19] cli.cli.cli.cli:4500 #67: next payload type of ISAKMP Hash Payload has an unknown value: 229 May 5 06:00:11 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[19] cli.cli.cli.cli:4500 #67: malformed payload in packet May 5 06:00:12 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[19] cli.cli.cli.cli:4500 #67: sending notification PAYLOAD_MALFORMED to cli.cli.cli.cli:4500 May 5 06:00:15 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[19] cli.cli.cli.cli:4500 #67: IPsec SA expired (LATEST!) May 5 06:00:17 darkflame pluto[20723]: ERROR: netlink XFRM_MSG_DELPOLICY response for flow int.0@0.0.0.0 included errno 2: No such file or directory May 5 06:00:36 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[19] cli.cli.cli.cli:4500 #68: received Delete SA payload: deleting ISAKMP State #68 May 5 06:00:36 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[19] cli.cli.cli.cli:4500: deleting connection "L2TP-PSK-orgWIN2KXP" instance with peer cli.cli.cli.cli {isakmp=#0/ipsec=#0} May 5 06:00:37 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP": unroute-host output: /usr/lib/ipsec/_updown: doroute `ip route delete cli.cli.cli.cli/32 via cli.cli.cli.cli dev eth0 ' failed (RTNETLINK answers: No such process) May 5 06:00:38 darkflame pluto[20723]: packet from cli.cli.cli.cli:4500: received and ignored informational message May 5 06:00:38 darkflame pluto[20723]: packet from cli.cli.cli.cli:4500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004] May 5 06:00:38 darkflame pluto[20723]: packet from cli.cli.cli.cli:4500: ignoring Vendor ID payload [FRAGMENTATION] May 5 06:00:38 darkflame pluto[20723]: packet from cli.cli.cli.cli:4500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106 May 5 06:00:38 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[20] cli.cli.cli.cli:4500 #72: responding to Main Mode from unknown peer cli.cli.cli.cli:4500 May 5 06:00:38 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[20] cli.cli.cli.cli:4500 #72: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 May 5 06:00:39 darkflame pluto[20723]: packet from cli.cli.cli.cli:4500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004] May 5 06:00:39 darkflame pluto[20723]: packet from cli.cli.cli.cli:4500: ignoring Vendor ID payload [FRAGMENTATION] May 5 06:00:39 darkflame pluto[20723]: packet from cli.cli.cli.cli:4500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106 May 5 06:00:39 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[20] cli.cli.cli.cli:4500 #73: responding to Main Mode from unknown peer cli.cli.cli.cli:4500 May 5 06:00:39 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[20] cli.cli.cli.cli:4500 #73: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 May 5 06:00:39 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[20] cli.cli.cli.cli:4500 #72: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: i am NATed May 5 06:00:40 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[20] cli.cli.cli.cli:4500 #72: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2 May 5 06:00:40 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[20] cli.cli.cli.cli:4500 #72: discarding duplicate packet; already STATE_MAIN_R2 May 5 06:00:40 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[20] cli.cli.cli.cli:4500 #72: Main mode peer ID is ID_IPV4_ADDR: 'cli.cli.cli.cli' May 5 06:00:40 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[20] cli.cli.cli.cli:4500 #72: I did not send a certificate because I do not have one. May 5 06:00:40 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[20] cli.cli.cli.cli:4500 #72: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3 May 5 06:00:40 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[20] cli.cli.cli.cli:4500 #72: sent MR3, ISAKMP SA established May 5 06:00:41 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[20] cli.cli.cli.cli:4500 #74: responding to Quick Mode May 5 06:00:43 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[20] cli.cli.cli.cli:4500 #74: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1 May 5 06:00:43 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[20] cli.cli.cli.cli:4500 #74: discarding duplicate packet; already STATE_QUICK_R1 May 5 06:00:46 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[20] cli.cli.cli.cli:4500 #74: route-host output: /usr/lib/ipsec/_updown: doroute `ip route add cli.cli.cli.cli/32 via cli.cli.cli.cli dev eth0 ' failed (RTNETLINK answers: Network is unreachable) May 5 06:00:46 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[20] cli.cli.cli.cli:4500 #74: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2 May 5 06:00:46 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[20] cli.cli.cli.cli:4500 #74: IPsec SA established {ESP/NAT=>0x260a74d1 <0xd8e53449 NATOA=0.0.0.0} May 5 06:01:48 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[20] cli.cli.cli.cli:4500 #73: max number of retransmissions (2) reached STATE_MAIN_R1 May 5 06:02:14 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[20] cli.cli.cli.cli:4500 #72: received Delete SA(0x260a74d1) payload: deleting IPSEC State #74 May 5 06:02:15 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[20] cli.cli.cli.cli:4500 #72: received and ignored informational message May 5 06:02:15 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[20] cli.cli.cli.cli:4500 #72: received Delete SA payload: deleting ISAKMP State #72 May 5 06:02:15 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[20] cli.cli.cli.cli:4500: deleting connection "L2TP-PSK-orgWIN2KXP" instance with peer cli.cli.cli.cli {isakmp=#0/ipsec=#0} May 5 06:02:15 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP": unroute-host output: /usr/lib/ipsec/_updown: doroute `ip route delete cli.cli.cli.cli/32 via cli.cli.cli.cli dev eth0 ' failed (RTNETLINK answers: No such process) May 5 06:02:15 darkflame pluto[20723]: packet from cli.cli.cli.cli:4500: received and ignored informational message May 5 06:30:14 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004] May 5 06:30:15 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: ignoring Vendor ID payload [FRAGMENTATION] May 5 06:30:15 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106 May 5 06:30:15 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: ignoring Vendor ID payload [Vid-Initial-Contact] May 5 06:30:21 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[21] cli.cli.cli.cli #75: responding to Main Mode from unknown peer cli.cli.cli.cli May 5 06:30:25 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[21] cli.cli.cli.cli #75: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 May 5 06:30:26 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004] May 5 06:30:26 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: ignoring Vendor ID payload [FRAGMENTATION] May 5 06:30:26 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106 May 5 06:30:26 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: ignoring Vendor ID payload [Vid-Initial-Contact] May 5 06:30:26 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[21] cli.cli.cli.cli #76: responding to Main Mode from unknown peer cli.cli.cli.cli May 5 06:30:26 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[21] cli.cli.cli.cli #76: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 May 5 06:30:27 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004] May 5 06:30:27 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: ignoring Vendor ID payload [FRAGMENTATION] May 5 06:30:27 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106 May 5 06:30:27 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: ignoring Vendor ID payload [Vid-Initial-Contact] May 5 06:30:27 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[21] cli.cli.cli.cli #77: responding to Main Mode from unknown peer cli.cli.cli.cli May 5 06:30:27 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[21] cli.cli.cli.cli #77: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 May 5 06:30:27 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004] May 5 06:30:27 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: ignoring Vendor ID payload [FRAGMENTATION] May 5 06:30:27 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106 May 5 06:30:27 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: ignoring Vendor ID payload [Vid-Initial-Contact] May 5 06:30:28 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[21] cli.cli.cli.cli #78: responding to Main Mode from unknown peer cli.cli.cli.cli May 5 06:30:28 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[21] cli.cli.cli.cli #78: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 May 5 06:30:28 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004] May 5 06:30:28 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: ignoring Vendor ID payload [FRAGMENTATION] May 5 06:30:28 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106 May 5 06:30:28 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: ignoring Vendor ID payload [Vid-Initial-Contact] May 5 06:30:29 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[21] cli.cli.cli.cli #79: responding to Main Mode from unknown peer cli.cli.cli.cli May 5 06:30:29 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[21] cli.cli.cli.cli #79: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 May 5 06:30:30 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[21] cli.cli.cli.cli #75: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: i am NATed May 5 06:30:30 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[21] cli.cli.cli.cli #75: discarding packet received during DNS lookup in STATE_MAIN_R1 May 5 06:30:30 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[21] cli.cli.cli.cli #75: discarding packet received during DNS lookup in STATE_MAIN_R1 May 5 06:30:33 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[21] cli.cli.cli.cli #75: WARNING: compute_dh_shared(): for OAKLEY_GROUP_MODP2048 took 439947 usec May 5 06:30:34 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[21] cli.cli.cli.cli #75: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2 May 5 06:30:34 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[21] cli.cli.cli.cli #75: discarding duplicate packet; already STATE_MAIN_R2 May 5 06:30:34 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[21] cli.cli.cli.cli #75: Main mode peer ID is ID_IPV4_ADDR: 'cli.cli.cli.cli' May 5 06:30:34 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[21] cli.cli.cli.cli #75: I did not send a certificate because I do not have one. May 5 06:30:34 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[21] cli.cli.cli.cli #75: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3 May 5 06:30:34 darkflame pluto[20723]: | NAT-T: new mapping cli.cli.cli.cli:500/4500) May 5 06:30:34 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[21] cli.cli.cli.cli:4500 #75: sent MR3, ISAKMP SA established May 5 06:30:35 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[21] cli.cli.cli.cli:4500 #80: responding to Quick Mode May 5 06:30:41 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[21] cli.cli.cli.cli:4500 #80: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1 May 5 06:30:42 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[21] cli.cli.cli.cli:4500 #80: discarding duplicate packet; already STATE_QUICK_R1 May 5 06:30:49 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[21] cli.cli.cli.cli:4500 #80: route-host output: /usr/lib/ipsec/_updown: doroute `ip route add cli.cli.cli.cli/32 via cli.cli.cli.cli dev eth0 ' failed (RTNETLINK answers: Network is unreachable) May 5 06:30:49 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[21] cli.cli.cli.cli:4500 #80: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2 May 5 06:30:49 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[21] cli.cli.cli.cli:4500 #80: IPsec SA established {ESP/NAT=>0x7d11b993 <0x40e10d9a NATOA=0.0.0.0} May 5 06:31:41 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[21] cli.cli.cli.cli:4500 #76: max number of retransmissions (2) reached STATE_MAIN_R1 May 5 06:31:41 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[21] cli.cli.cli.cli:4500 #77: max number of retransmissions (2) reached STATE_MAIN_R1 May 5 06:31:41 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[21] cli.cli.cli.cli:4500 #79: max number of retransmissions (2) reached STATE_MAIN_R1 May 5 06:31:41 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[21] cli.cli.cli.cli:4500 #78: max number of retransmissions (2) reached STATE_MAIN_R1 May 5 07:26:04 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[21] cli.cli.cli.cli:4500 #81: initiating Main Mode to replace #75 May 5 07:26:04 darkflame pluto[20723]: | no IKE algorithms for this connection May 5 07:26:04 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[21] cli.cli.cli.cli:4500 #81: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004] May 5 07:26:04 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[21] cli.cli.cli.cli:4500 #81: ignoring Vendor ID payload [FRAGMENTATION] May 5 07:26:05 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[21] cli.cli.cli.cli:4500 #81: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106 May 5 07:26:05 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[21] cli.cli.cli.cli:4500 #81: enabling possible NAT-traversal with method RFC XXXX (NAT-Traversal) May 5 07:26:05 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[21] cli.cli.cli.cli:4500 #81: discarding packet received during DNS lookup in STATE_MAIN_I1 May 5 07:26:05 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[21] cli.cli.cli.cli:4500 #81: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2 May 5 07:26:06 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[21] cli.cli.cli.cli:4500 #81: I did not send a certificate because I do not have one. May 5 07:26:06 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[21] cli.cli.cli.cli:4500 #81: NAT-Traversal: Only 0 NAT-D - Aborting NAT-Traversal negociation May 5 07:26:06 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[21] cli.cli.cli.cli:4500 #81: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3 May 5 07:26:06 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[21] cli.cli.cli.cli:4500 #81: Main mode peer ID is ID_IPV4_ADDR: 'cli.cli.cli.cli' May 5 07:26:06 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[21] cli.cli.cli.cli:4500 #81: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4 May 5 07:26:06 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[21] cli.cli.cli.cli:4500 #81: ISAKMP SA established May 5 07:26:07 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[21] cli.cli.cli.cli:4500 #81: discarding duplicate packet; already STATE_MAIN_I4 May 5 07:26:19 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[21] cli.cli.cli.cli:4500 #82: initiating Quick Mode PSK+ENCRYPT+TUNNEL to replace #80 {using isakmp#81} May 5 07:26:19 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[21] cli.cli.cli.cli:4500 #81: ignoring informational payload, type INVALID_ID_INFORMATION May 5 07:26:19 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[21] cli.cli.cli.cli:4500 #81: received and ignored informational message May 5 07:27:29 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[21] cli.cli.cli.cli:4500 #82: max number of retransmissions (2) reached STATE_QUICK_I1 May 5 07:27:29 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[21] cli.cli.cli.cli:4500 #82: starting keying attempt 2 of at most 3 May 5 07:27:29 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[21] cli.cli.cli.cli:4500 #83: initiating Quick Mode PSK+ENCRYPT+TUNNEL to replace #82 {using isakmp#81} May 5 07:27:29 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[21] cli.cli.cli.cli:4500 #81: ignoring informational payload, type INVALID_ID_INFORMATION May 5 07:27:29 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[21] cli.cli.cli.cli:4500 #81: received and ignored informational message May 5 07:28:39 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[21] cli.cli.cli.cli:4500 #83: max number of retransmissions (2) reached STATE_QUICK_I1 May 5 07:28:39 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[21] cli.cli.cli.cli:4500 #83: starting keying attempt 3 of at most 3 May 5 07:28:39 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[21] cli.cli.cli.cli:4500 #84: initiating Quick Mode PSK+ENCRYPT+TUNNEL to replace #83 {using isakmp#81} May 5 07:28:39 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[21] cli.cli.cli.cli:4500 #81: ignoring informational payload, type INVALID_ID_INFORMATION May 5 07:28:39 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[21] cli.cli.cli.cli:4500 #81: received and ignored informational message May 5 07:29:49 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[21] cli.cli.cli.cli:4500 #84: max number of retransmissions (2) reached STATE_QUICK_I1 May 5 07:30:02 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[21] cli.cli.cli.cli:4500 #81: cannot respond to IPsec SA request because no connection is known for ext.ext.ext.ext/32===10.10.60.98:4500:17/1701...cli.cli.cli.cli:4500:17/1701 May 5 07:30:02 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[21] cli.cli.cli.cli:4500 #81: sending encrypted notification INVALID_ID_INFORMATION to cli.cli.cli.cli:4500 May 5 07:30:03 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[21] cli.cli.cli.cli:4500 #81: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x797d716b (perhaps this is a duplicated packet) May 5 07:30:03 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[21] cli.cli.cli.cli:4500 #81: sending encrypted notification INVALID_MESSAGE_ID to cli.cli.cli.cli:4500 May 5 07:30:05 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[21] cli.cli.cli.cli:4500 #81: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x797d716b (perhaps this is a duplicated packet) May 5 07:30:05 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[21] cli.cli.cli.cli:4500 #81: sending encrypted notification INVALID_MESSAGE_ID to cli.cli.cli.cli:4500 May 5 07:30:09 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[21] cli.cli.cli.cli:4500 #81: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x797d716b (perhaps this is a duplicated packet) May 5 07:30:09 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[21] cli.cli.cli.cli:4500 #81: sending encrypted notification INVALID_MESSAGE_ID to cli.cli.cli.cli:4500 May 5 07:30:17 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[21] cli.cli.cli.cli:4500 #81: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x797d716b (perhaps this is a duplicated packet) May 5 07:30:17 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[21] cli.cli.cli.cli:4500 #81: sending encrypted notification INVALID_MESSAGE_ID to cli.cli.cli.cli:4500 May 5 07:30:33 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[21] cli.cli.cli.cli:4500 #81: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x797d716b (perhaps this is a duplicated packet) May 5 07:30:33 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[21] cli.cli.cli.cli:4500 #81: sending encrypted notification INVALID_MESSAGE_ID to cli.cli.cli.cli:4500 May 5 07:30:48 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[21] cli.cli.cli.cli:4500 #80: next payload type of ISAKMP Hash Payload has an unknown value: 127 May 5 07:30:48 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[21] cli.cli.cli.cli:4500 #80: malformed payload in packet May 5 07:30:48 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[21] cli.cli.cli.cli:4500 #80: sending notification PAYLOAD_MALFORMED to cli.cli.cli.cli:4500 May 5 07:30:49 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[21] cli.cli.cli.cli:4500 #80: IPsec SA expired (LATEST!) May 5 07:30:50 darkflame pluto[20723]: ERROR: netlink XFRM_MSG_DELPOLICY response for flow int.0@0.0.0.0 included errno 2: No such file or directory May 5 07:31:05 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[21] cli.cli.cli.cli:4500 #81: received Delete SA payload: deleting ISAKMP State #81 May 5 07:31:05 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[21] cli.cli.cli.cli:4500: deleting connection "L2TP-PSK-orgWIN2KXP" instance with peer cli.cli.cli.cli {isakmp=#0/ipsec=#0} May 5 07:31:05 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP": unroute-host output: /usr/lib/ipsec/_updown: doroute `ip route delete cli.cli.cli.cli/32 via cli.cli.cli.cli dev eth0 ' failed (RTNETLINK answers: No such process) May 5 07:31:05 darkflame pluto[20723]: packet from cli.cli.cli.cli:4500: received and ignored informational message May 5 07:31:05 darkflame pluto[20723]: packet from cli.cli.cli.cli:4500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004] May 5 07:31:05 darkflame pluto[20723]: packet from cli.cli.cli.cli:4500: ignoring Vendor ID payload [FRAGMENTATION] May 5 07:31:06 darkflame pluto[20723]: packet from cli.cli.cli.cli:4500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106 May 5 07:31:06 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[22] cli.cli.cli.cli:4500 #85: responding to Main Mode from unknown peer cli.cli.cli.cli:4500 May 5 07:31:06 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[22] cli.cli.cli.cli:4500 #85: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 May 5 07:31:06 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[22] cli.cli.cli.cli:4500 #85: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: i am NATed May 5 07:31:07 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[22] cli.cli.cli.cli:4500 #85: WARNING: compute_dh_shared(): for OAKLEY_GROUP_MODP2048 took 351831 usec May 5 07:31:07 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[22] cli.cli.cli.cli:4500 #85: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2 May 5 07:31:07 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[22] cli.cli.cli.cli:4500 #85: discarding duplicate packet; already STATE_MAIN_R2 May 5 07:31:07 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[22] cli.cli.cli.cli:4500 #85: Main mode peer ID is ID_IPV4_ADDR: 'cli.cli.cli.cli' May 5 07:31:07 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[22] cli.cli.cli.cli:4500 #85: I did not send a certificate because I do not have one. May 5 07:31:07 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[22] cli.cli.cli.cli:4500 #85: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3 May 5 07:31:07 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[22] cli.cli.cli.cli:4500 #85: sent MR3, ISAKMP SA established May 5 07:31:07 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[22] cli.cli.cli.cli:4500 #86: responding to Quick Mode May 5 07:31:09 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[22] cli.cli.cli.cli:4500 #86: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1 May 5 07:31:09 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[22] cli.cli.cli.cli:4500 #86: discarding duplicate packet; already STATE_QUICK_R1 May 5 07:31:13 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[22] cli.cli.cli.cli:4500 #86: route-host output: /usr/lib/ipsec/_updown: doroute `ip route add cli.cli.cli.cli/32 via cli.cli.cli.cli dev eth0 ' failed (RTNETLINK answers: Network is unreachable) May 5 07:31:13 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[22] cli.cli.cli.cli:4500 #86: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2 May 5 07:31:13 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[22] cli.cli.cli.cli:4500 #86: IPsec SA established {ESP/NAT=>0xca2a0afb <0x8bbc066b NATOA=0.0.0.0} May 5 07:32:37 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[22] cli.cli.cli.cli:4500 #85: received Delete SA(0xca2a0afb) payload: deleting IPSEC State #86 May 5 07:32:37 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[22] cli.cli.cli.cli:4500 #85: received and ignored informational message May 5 07:32:37 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[22] cli.cli.cli.cli:4500 #85: received Delete SA payload: deleting ISAKMP State #85 May 5 07:32:37 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[22] cli.cli.cli.cli:4500: deleting connection "L2TP-PSK-orgWIN2KXP" instance with peer cli.cli.cli.cli {isakmp=#0/ipsec=#0} May 5 07:32:37 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP": unroute-host output: /usr/lib/ipsec/_updown: doroute `ip route delete cli.cli.cli.cli/32 via cli.cli.cli.cli dev eth0 ' failed (RTNETLINK answers: No such process) May 5 07:32:37 darkflame pluto[20723]: packet from cli.cli.cli.cli:4500: received and ignored informational message May 5 08:00:05 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004] May 5 08:00:06 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: ignoring Vendor ID payload [FRAGMENTATION] May 5 08:00:06 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106 May 5 08:00:06 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: ignoring Vendor ID payload [Vid-Initial-Contact] May 5 08:00:06 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[23] cli.cli.cli.cli #87: responding to Main Mode from unknown peer cli.cli.cli.cli May 5 08:00:06 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[23] cli.cli.cli.cli #87: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 May 5 08:00:06 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004] May 5 08:00:06 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: ignoring Vendor ID payload [FRAGMENTATION] May 5 08:00:06 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106 May 5 08:00:06 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: ignoring Vendor ID payload [Vid-Initial-Contact] May 5 08:00:06 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[23] cli.cli.cli.cli #88: responding to Main Mode from unknown peer cli.cli.cli.cli May 5 08:00:06 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[23] cli.cli.cli.cli #88: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 May 5 08:00:06 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[23] cli.cli.cli.cli #87: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: i am NATed May 5 08:00:07 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[23] cli.cli.cli.cli #87: discarding packet received during DNS lookup in STATE_MAIN_R1 May 5 08:00:08 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[23] cli.cli.cli.cli #87: WARNING: compute_dh_shared(): for OAKLEY_GROUP_MODP2048 took 583691 usec May 5 08:00:09 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[23] cli.cli.cli.cli #87: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2 May 5 08:00:09 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[23] cli.cli.cli.cli #87: Main mode peer ID is ID_IPV4_ADDR: 'cli.cli.cli.cli' May 5 08:00:09 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[23] cli.cli.cli.cli #87: I did not send a certificate because I do not have one. May 5 08:00:09 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[23] cli.cli.cli.cli #87: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3 May 5 08:00:09 darkflame pluto[20723]: | NAT-T: new mapping cli.cli.cli.cli:500/4500) May 5 08:00:09 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[23] cli.cli.cli.cli:4500 #87: sent MR3, ISAKMP SA established May 5 08:00:09 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[23] cli.cli.cli.cli:4500 #89: responding to Quick Mode May 5 08:00:11 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[23] cli.cli.cli.cli:4500 #89: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1 May 5 08:00:11 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[23] cli.cli.cli.cli:4500 #89: discarding duplicate packet; already STATE_QUICK_R1 May 5 08:00:17 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[23] cli.cli.cli.cli:4500 #89: route-host output: /usr/lib/ipsec/_updown: doroute `ip route add cli.cli.cli.cli/32 via cli.cli.cli.cli dev eth0 ' failed (RTNETLINK answers: Network is unreachable) May 5 08:00:18 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[23] cli.cli.cli.cli:4500 #89: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2 May 5 08:00:18 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[23] cli.cli.cli.cli:4500 #89: IPsec SA established {ESP/NAT=>0x81df9d4b <0xeb6c82de NATOA=0.0.0.0} May 5 08:01:18 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[23] cli.cli.cli.cli:4500 #88: max number of retransmissions (2) reached STATE_MAIN_R1 May 5 08:55:40 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[23] cli.cli.cli.cli:4500 #90: initiating Main Mode to replace #87 May 5 08:55:41 darkflame pluto[20723]: | no IKE algorithms for this connection May 5 08:55:41 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[23] cli.cli.cli.cli:4500 #90: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004] May 5 08:55:41 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[23] cli.cli.cli.cli:4500 #90: ignoring Vendor ID payload [FRAGMENTATION] May 5 08:55:41 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[23] cli.cli.cli.cli:4500 #90: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106 May 5 08:55:41 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[23] cli.cli.cli.cli:4500 #90: enabling possible NAT-traversal with method RFC XXXX (NAT-Traversal) May 5 08:55:42 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[23] cli.cli.cli.cli:4500 #90: discarding packet received during DNS lookup in STATE_MAIN_I1 May 5 08:55:42 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[23] cli.cli.cli.cli:4500 #90: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2 May 5 08:55:42 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[23] cli.cli.cli.cli:4500 #90: I did not send a certificate because I do not have one. May 5 08:55:43 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[23] cli.cli.cli.cli:4500 #90: NAT-Traversal: Only 0 NAT-D - Aborting NAT-Traversal negociation May 5 08:55:43 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[23] cli.cli.cli.cli:4500 #90: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3 May 5 08:55:43 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[23] cli.cli.cli.cli:4500 #90: Main mode peer ID is ID_IPV4_ADDR: 'cli.cli.cli.cli' May 5 08:55:43 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[23] cli.cli.cli.cli:4500 #90: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4 May 5 08:55:43 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[23] cli.cli.cli.cli:4500 #90: ISAKMP SA established May 5 08:55:44 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[23] cli.cli.cli.cli:4500 #90: discarding duplicate packet; already STATE_MAIN_I4 May 5 08:55:46 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[23] cli.cli.cli.cli:4500 #90: discarding duplicate packet; already STATE_MAIN_I4 May 5 08:55:48 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[23] cli.cli.cli.cli:4500 #91: initiating Quick Mode PSK+ENCRYPT+TUNNEL to replace #89 {using isakmp#90} May 5 08:55:48 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[23] cli.cli.cli.cli:4500 #90: ignoring informational payload, type INVALID_ID_INFORMATION May 5 08:55:48 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[23] cli.cli.cli.cli:4500 #90: received and ignored informational message May 5 08:56:58 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[23] cli.cli.cli.cli:4500 #91: max number of retransmissions (2) reached STATE_QUICK_I1 May 5 08:56:58 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[23] cli.cli.cli.cli:4500 #91: starting keying attempt 2 of at most 3 May 5 08:56:58 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[23] cli.cli.cli.cli:4500 #92: initiating Quick Mode PSK+ENCRYPT+TUNNEL to replace #91 {using isakmp#90} May 5 08:56:58 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[23] cli.cli.cli.cli:4500 #90: ignoring informational payload, type INVALID_ID_INFORMATION May 5 08:56:58 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[23] cli.cli.cli.cli:4500 #90: received and ignored informational message May 5 08:58:08 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[23] cli.cli.cli.cli:4500 #92: max number of retransmissions (2) reached STATE_QUICK_I1 May 5 08:58:08 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[23] cli.cli.cli.cli:4500 #92: starting keying attempt 3 of at most 3 May 5 08:58:08 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[23] cli.cli.cli.cli:4500 #93: initiating Quick Mode PSK+ENCRYPT+TUNNEL to replace #92 {using isakmp#90} May 5 08:58:08 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[23] cli.cli.cli.cli:4500 #90: ignoring informational payload, type INVALID_ID_INFORMATION May 5 08:58:08 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[23] cli.cli.cli.cli:4500 #90: received and ignored informational message May 5 08:59:18 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[23] cli.cli.cli.cli:4500 #93: max number of retransmissions (2) reached STATE_QUICK_I1 May 5 08:59:33 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[23] cli.cli.cli.cli:4500 #90: cannot respond to IPsec SA request because no connection is known for ext.ext.ext.ext/32===10.10.60.98:4500:17/1701...cli.cli.cli.cli:4500:17/1701 May 5 08:59:33 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[23] cli.cli.cli.cli:4500 #90: sending encrypted notification INVALID_ID_INFORMATION to cli.cli.cli.cli:4500 May 5 08:59:34 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[23] cli.cli.cli.cli:4500 #90: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x06b41ee0 (perhaps this is a duplicated packet) May 5 08:59:34 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[23] cli.cli.cli.cli:4500 #90: sending encrypted notification INVALID_MESSAGE_ID to cli.cli.cli.cli:4500 May 5 08:59:36 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[23] cli.cli.cli.cli:4500 #90: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x06b41ee0 (perhaps this is a duplicated packet) May 5 08:59:36 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[23] cli.cli.cli.cli:4500 #90: sending encrypted notification INVALID_MESSAGE_ID to cli.cli.cli.cli:4500 May 5 08:59:40 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[23] cli.cli.cli.cli:4500 #90: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x06b41ee0 (perhaps this is a duplicated packet) May 5 08:59:40 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[23] cli.cli.cli.cli:4500 #90: sending encrypted notification INVALID_MESSAGE_ID to cli.cli.cli.cli:4500 May 5 08:59:48 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[23] cli.cli.cli.cli:4500 #90: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x06b41ee0 (perhaps this is a duplicated packet) May 5 08:59:48 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[23] cli.cli.cli.cli:4500 #90: sending encrypted notification INVALID_MESSAGE_ID to cli.cli.cli.cli:4500 May 5 09:00:04 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[23] cli.cli.cli.cli:4500 #90: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x06b41ee0 (perhaps this is a duplicated packet) May 5 09:00:04 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[23] cli.cli.cli.cli:4500 #90: sending encrypted notification INVALID_MESSAGE_ID to cli.cli.cli.cli:4500 May 5 09:00:12 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[23] cli.cli.cli.cli:4500 #89: next payload type of ISAKMP Hash Payload has an unknown value: 120 May 5 09:00:12 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[23] cli.cli.cli.cli:4500 #89: malformed payload in packet May 5 09:00:12 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[23] cli.cli.cli.cli:4500 #89: sending notification PAYLOAD_MALFORMED to cli.cli.cli.cli:4500 May 5 09:00:18 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[23] cli.cli.cli.cli:4500 #89: IPsec SA expired (LATEST!) May 5 09:00:20 darkflame pluto[20723]: ERROR: netlink XFRM_MSG_DELPOLICY response for flow int.0@0.0.0.0 included errno 2: No such file or directory May 5 09:00:36 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[23] cli.cli.cli.cli:4500 #90: received Delete SA payload: deleting ISAKMP State #90 May 5 09:00:36 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[23] cli.cli.cli.cli:4500: deleting connection "L2TP-PSK-orgWIN2KXP" instance with peer cli.cli.cli.cli {isakmp=#0/ipsec=#0} May 5 09:00:37 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP": unroute-host output: /usr/lib/ipsec/_updown: doroute `ip route delete cli.cli.cli.cli/32 via cli.cli.cli.cli dev eth0 ' failed (RTNETLINK answers: No such process) May 5 09:00:37 darkflame pluto[20723]: packet from cli.cli.cli.cli:4500: received and ignored informational message May 5 09:00:37 darkflame pluto[20723]: packet from cli.cli.cli.cli:4500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004] May 5 09:00:37 darkflame pluto[20723]: packet from cli.cli.cli.cli:4500: ignoring Vendor ID payload [FRAGMENTATION] May 5 09:00:37 darkflame pluto[20723]: packet from cli.cli.cli.cli:4500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106 May 5 09:00:37 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[24] cli.cli.cli.cli:4500 #94: responding to Main Mode from unknown peer cli.cli.cli.cli:4500 May 5 09:00:37 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[24] cli.cli.cli.cli:4500 #94: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 May 5 09:00:37 darkflame pluto[20723]: packet from cli.cli.cli.cli:4500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004] May 5 09:00:38 darkflame pluto[20723]: packet from cli.cli.cli.cli:4500: ignoring Vendor ID payload [FRAGMENTATION] May 5 09:00:38 darkflame pluto[20723]: packet from cli.cli.cli.cli:4500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106 May 5 09:00:38 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[24] cli.cli.cli.cli:4500 #95: responding to Main Mode from unknown peer cli.cli.cli.cli:4500 May 5 09:00:38 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[24] cli.cli.cli.cli:4500 #95: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 May 5 09:00:38 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[24] cli.cli.cli.cli:4500 #94: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: i am NATed May 5 09:00:39 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[24] cli.cli.cli.cli:4500 #94: discarding packet received during DNS lookup in STATE_MAIN_R1 May 5 09:00:39 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[24] cli.cli.cli.cli:4500 #94: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2 May 5 09:00:39 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[24] cli.cli.cli.cli:4500 #94: Main mode peer ID is ID_IPV4_ADDR: 'cli.cli.cli.cli' May 5 09:00:39 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[24] cli.cli.cli.cli:4500 #94: I did not send a certificate because I do not have one. May 5 09:00:40 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[24] cli.cli.cli.cli:4500 #94: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3 May 5 09:00:40 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[24] cli.cli.cli.cli:4500 #94: sent MR3, ISAKMP SA established May 5 09:00:40 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[24] cli.cli.cli.cli:4500 #96: responding to Quick Mode May 5 09:00:44 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[24] cli.cli.cli.cli:4500 #96: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1 May 5 09:00:45 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[24] cli.cli.cli.cli:4500 #96: discarding duplicate packet; already STATE_QUICK_R1 May 5 09:00:45 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[24] cli.cli.cli.cli:4500 #96: discarding duplicate packet; already STATE_QUICK_R1 May 5 09:00:48 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[24] cli.cli.cli.cli:4500 #96: route-host output: /usr/lib/ipsec/_updown: doroute `ip route add cli.cli.cli.cli/32 via cli.cli.cli.cli dev eth0 ' failed (RTNETLINK answers: Network is unreachable) May 5 09:00:49 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[24] cli.cli.cli.cli:4500 #96: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2 May 5 09:00:49 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[24] cli.cli.cli.cli:4500 #96: IPsec SA established {ESP/NAT=>0xdb19a265 <0xcd922990 NATOA=0.0.0.0} May 5 09:01:48 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[24] cli.cli.cli.cli:4500 #95: max number of retransmissions (2) reached STATE_MAIN_R1 May 5 09:03:06 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[24] cli.cli.cli.cli:4500 #94: received Delete SA(0xdb19a265) payload: deleting IPSEC State #96 May 5 09:03:06 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[24] cli.cli.cli.cli:4500 #94: received and ignored informational message May 5 09:03:06 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[24] cli.cli.cli.cli:4500 #94: received Delete SA payload: deleting ISAKMP State #94 May 5 09:03:06 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[24] cli.cli.cli.cli:4500: deleting connection "L2TP-PSK-orgWIN2KXP" instance with peer cli.cli.cli.cli {isakmp=#0/ipsec=#0} May 5 09:03:07 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP": unroute-host output: /usr/lib/ipsec/_updown: doroute `ip route delete cli.cli.cli.cli/32 via cli.cli.cli.cli dev eth0 ' failed (RTNETLINK answers: No such process) May 5 09:03:07 darkflame pluto[20723]: packet from cli.cli.cli.cli:4500: received and ignored informational message May 5 09:30:03 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004] May 5 09:30:04 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: ignoring Vendor ID payload [FRAGMENTATION] May 5 09:30:04 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106 May 5 09:30:04 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: ignoring Vendor ID payload [Vid-Initial-Contact] May 5 09:30:04 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[25] cli.cli.cli.cli #97: responding to Main Mode from unknown peer cli.cli.cli.cli May 5 09:30:04 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[25] cli.cli.cli.cli #97: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 May 5 09:30:04 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004] May 5 09:30:04 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: ignoring Vendor ID payload [FRAGMENTATION] May 5 09:30:04 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106 May 5 09:30:04 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: ignoring Vendor ID payload [Vid-Initial-Contact] May 5 09:30:04 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[25] cli.cli.cli.cli #98: responding to Main Mode from unknown peer cli.cli.cli.cli May 5 09:30:04 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[25] cli.cli.cli.cli #98: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 May 5 09:30:04 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[25] cli.cli.cli.cli #97: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: i am NATed May 5 09:30:05 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[25] cli.cli.cli.cli #97: discarding packet received during DNS lookup in STATE_MAIN_R1 May 5 09:30:06 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[25] cli.cli.cli.cli #97: WARNING: compute_dh_shared(): for OAKLEY_GROUP_MODP2048 took 433248 usec May 5 09:30:06 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[25] cli.cli.cli.cli #97: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2 May 5 09:30:06 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[25] cli.cli.cli.cli #97: Main mode peer ID is ID_IPV4_ADDR: 'cli.cli.cli.cli' May 5 09:30:07 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[25] cli.cli.cli.cli #97: I did not send a certificate because I do not have one. May 5 09:30:07 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[25] cli.cli.cli.cli #97: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3 May 5 09:30:07 darkflame pluto[20723]: | NAT-T: new mapping cli.cli.cli.cli:500/4500) May 5 09:30:07 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[25] cli.cli.cli.cli:4500 #97: sent MR3, ISAKMP SA established May 5 09:30:07 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[25] cli.cli.cli.cli:4500 #97: retransmitting in response to duplicate packet; already STATE_MAIN_R3 May 5 09:30:07 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[25] cli.cli.cli.cli:4500 #99: responding to Quick Mode May 5 09:30:09 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[25] cli.cli.cli.cli:4500 #99: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1 May 5 09:30:09 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[25] cli.cli.cli.cli:4500 #99: discarding duplicate packet; already STATE_QUICK_R1 May 5 09:30:15 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[25] cli.cli.cli.cli:4500 #99: route-host output: /usr/lib/ipsec/_updown: doroute `ip route add cli.cli.cli.cli/32 via cli.cli.cli.cli dev eth0 ' failed (RTNETLINK answers: Network is unreachable) May 5 09:30:15 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[25] cli.cli.cli.cli:4500 #99: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2 May 5 09:30:15 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[25] cli.cli.cli.cli:4500 #99: IPsec SA established {ESP/NAT=>0x4fc5999c <0x087fad6f NATOA=0.0.0.0} May 5 09:31:15 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[25] cli.cli.cli.cli:4500 #98: max number of retransmissions (2) reached STATE_MAIN_R1 May 5 10:25:37 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[25] cli.cli.cli.cli:4500 #100: initiating Main Mode to replace #97 May 5 10:25:37 darkflame pluto[20723]: | no IKE algorithms for this connection May 5 10:25:37 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[25] cli.cli.cli.cli:4500 #100: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004] May 5 10:25:38 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[25] cli.cli.cli.cli:4500 #100: ignoring Vendor ID payload [FRAGMENTATION] May 5 10:25:38 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[25] cli.cli.cli.cli:4500 #100: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106 May 5 10:25:38 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[25] cli.cli.cli.cli:4500 #100: enabling possible NAT-traversal with method RFC XXXX (NAT-Traversal) May 5 10:25:38 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[25] cli.cli.cli.cli:4500 #100: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2 May 5 10:25:38 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[25] cli.cli.cli.cli:4500 #100: I did not send a certificate because I do not have one. May 5 10:25:39 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[25] cli.cli.cli.cli:4500 #100: NAT-Traversal: Only 0 NAT-D - Aborting NAT-Traversal negociation May 5 10:25:39 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[25] cli.cli.cli.cli:4500 #100: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3 May 5 10:25:39 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[25] cli.cli.cli.cli:4500 #100: Main mode peer ID is ID_IPV4_ADDR: 'cli.cli.cli.cli' May 5 10:25:39 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[25] cli.cli.cli.cli:4500 #100: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4 May 5 10:25:39 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[25] cli.cli.cli.cli:4500 #100: ISAKMP SA established May 5 10:25:40 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[25] cli.cli.cli.cli:4500 #100: discarding duplicate packet; already STATE_MAIN_I4 May 5 10:25:42 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[25] cli.cli.cli.cli:4500 #100: discarding duplicate packet; already STATE_MAIN_I4 May 5 10:25:45 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[25] cli.cli.cli.cli:4500 #101: initiating Quick Mode PSK+ENCRYPT+TUNNEL to replace #99 {using isakmp#100} May 5 10:25:45 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[25] cli.cli.cli.cli:4500 #100: ignoring informational payload, type INVALID_ID_INFORMATION May 5 10:25:45 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[25] cli.cli.cli.cli:4500 #100: received and ignored informational message May 5 10:26:55 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[25] cli.cli.cli.cli:4500 #101: max number of retransmissions (2) reached STATE_QUICK_I1 May 5 10:26:55 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[25] cli.cli.cli.cli:4500 #101: starting keying attempt 2 of at most 3 May 5 10:26:55 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[25] cli.cli.cli.cli:4500 #102: initiating Quick Mode PSK+ENCRYPT+TUNNEL to replace #101 {using isakmp#100} May 5 10:26:55 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[25] cli.cli.cli.cli:4500 #100: ignoring informational payload, type INVALID_ID_INFORMATION May 5 10:26:55 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[25] cli.cli.cli.cli:4500 #100: received and ignored informational message May 5 10:28:05 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[25] cli.cli.cli.cli:4500 #102: max number of retransmissions (2) reached STATE_QUICK_I1 May 5 10:28:05 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[25] cli.cli.cli.cli:4500 #102: starting keying attempt 3 of at most 3 May 5 10:28:05 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[25] cli.cli.cli.cli:4500 #103: initiating Quick Mode PSK+ENCRYPT+TUNNEL to replace #102 {using isakmp#100} May 5 10:28:05 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[25] cli.cli.cli.cli:4500 #100: ignoring informational payload, type INVALID_ID_INFORMATION May 5 10:28:05 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[25] cli.cli.cli.cli:4500 #100: received and ignored informational message May 5 10:29:15 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[25] cli.cli.cli.cli:4500 #103: max number of retransmissions (2) reached STATE_QUICK_I1 May 5 10:29:37 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[25] cli.cli.cli.cli:4500 #100: cannot respond to IPsec SA request because no connection is known for ext.ext.ext.ext/32===10.10.60.98:4500:17/1701...cli.cli.cli.cli:4500:17/1701 May 5 10:29:37 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[25] cli.cli.cli.cli:4500 #100: sending encrypted notification INVALID_ID_INFORMATION to cli.cli.cli.cli:4500 May 5 10:29:37 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[25] cli.cli.cli.cli:4500 #100: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0xd7dd694f (perhaps this is a duplicated packet) May 5 10:29:37 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[25] cli.cli.cli.cli:4500 #100: sending encrypted notification INVALID_MESSAGE_ID to cli.cli.cli.cli:4500 May 5 10:29:39 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[25] cli.cli.cli.cli:4500 #100: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0xd7dd694f (perhaps this is a duplicated packet) May 5 10:29:39 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[25] cli.cli.cli.cli:4500 #100: sending encrypted notification INVALID_MESSAGE_ID to cli.cli.cli.cli:4500 May 5 10:29:43 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[25] cli.cli.cli.cli:4500 #100: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0xd7dd694f (perhaps this is a duplicated packet) May 5 10:29:43 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[25] cli.cli.cli.cli:4500 #100: sending encrypted notification INVALID_MESSAGE_ID to cli.cli.cli.cli:4500 May 5 10:29:51 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[25] cli.cli.cli.cli:4500 #100: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0xd7dd694f (perhaps this is a duplicated packet) May 5 10:29:51 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[25] cli.cli.cli.cli:4500 #100: sending encrypted notification INVALID_MESSAGE_ID to cli.cli.cli.cli:4500 May 5 10:30:07 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[25] cli.cli.cli.cli:4500 #100: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0xd7dd694f (perhaps this is a duplicated packet) May 5 10:30:08 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[25] cli.cli.cli.cli:4500 #100: sending encrypted notification INVALID_MESSAGE_ID to cli.cli.cli.cli:4500 May 5 10:30:10 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[25] cli.cli.cli.cli:4500 #99: byte 2 of ISAKMP Hash Payload must be zero, but is not May 5 10:30:10 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[25] cli.cli.cli.cli:4500 #99: malformed payload in packet May 5 10:30:10 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[25] cli.cli.cli.cli:4500 #99: sending notification PAYLOAD_MALFORMED to cli.cli.cli.cli:4500 May 5 10:30:15 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[25] cli.cli.cli.cli:4500 #99: IPsec SA expired (LATEST!) May 5 10:30:16 darkflame pluto[20723]: ERROR: netlink XFRM_MSG_DELPOLICY response for flow int.0@0.0.0.0 included errno 2: No such file or directory May 5 10:30:39 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[25] cli.cli.cli.cli:4500 #100: received Delete SA payload: deleting ISAKMP State #100 May 5 10:30:40 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[25] cli.cli.cli.cli:4500: deleting connection "L2TP-PSK-orgWIN2KXP" instance with peer cli.cli.cli.cli {isakmp=#0/ipsec=#0} May 5 10:30:40 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP": unroute-host output: /usr/lib/ipsec/_updown: doroute `ip route delete cli.cli.cli.cli/32 via cli.cli.cli.cli dev eth0 ' failed (RTNETLINK answers: No such process) May 5 10:30:41 darkflame pluto[20723]: packet from cli.cli.cli.cli:4500: received and ignored informational message May 5 10:30:41 darkflame pluto[20723]: packet from cli.cli.cli.cli:4500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004] May 5 10:30:41 darkflame pluto[20723]: packet from cli.cli.cli.cli:4500: ignoring Vendor ID payload [FRAGMENTATION] May 5 10:30:41 darkflame pluto[20723]: packet from cli.cli.cli.cli:4500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106 May 5 10:30:41 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[26] cli.cli.cli.cli:4500 #104: responding to Main Mode from unknown peer cli.cli.cli.cli:4500 May 5 10:30:41 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[26] cli.cli.cli.cli:4500 #104: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 May 5 10:30:41 darkflame pluto[20723]: packet from cli.cli.cli.cli:4500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004] May 5 10:30:41 darkflame pluto[20723]: packet from cli.cli.cli.cli:4500: ignoring Vendor ID payload [FRAGMENTATION] May 5 10:30:41 darkflame pluto[20723]: packet from cli.cli.cli.cli:4500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106 May 5 10:30:41 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[26] cli.cli.cli.cli:4500 #105: responding to Main Mode from unknown peer cli.cli.cli.cli:4500 May 5 10:30:41 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[26] cli.cli.cli.cli:4500 #105: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 May 5 10:30:41 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[26] cli.cli.cli.cli:4500 #104: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: i am NATed May 5 10:30:42 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[26] cli.cli.cli.cli:4500 #104: discarding packet received during DNS lookup in STATE_MAIN_R1 May 5 10:30:42 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[26] cli.cli.cli.cli:4500 #104: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2 May 5 10:30:42 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[26] cli.cli.cli.cli:4500 #104: Main mode peer ID is ID_IPV4_ADDR: 'cli.cli.cli.cli' May 5 10:30:42 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[26] cli.cli.cli.cli:4500 #104: I did not send a certificate because I do not have one. May 5 10:30:42 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[26] cli.cli.cli.cli:4500 #104: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3 May 5 10:30:42 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[26] cli.cli.cli.cli:4500 #104: sent MR3, ISAKMP SA established May 5 10:30:43 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[26] cli.cli.cli.cli:4500 #106: responding to Quick Mode May 5 10:30:46 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[26] cli.cli.cli.cli:4500 #106: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1 May 5 10:30:46 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[26] cli.cli.cli.cli:4500 #106: discarding duplicate packet; already STATE_QUICK_R1 May 5 10:30:46 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[26] cli.cli.cli.cli:4500 #106: discarding duplicate packet; already STATE_QUICK_R1 May 5 10:30:49 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[26] cli.cli.cli.cli:4500 #106: route-host output: /usr/lib/ipsec/_updown: doroute `ip route add cli.cli.cli.cli/32 via cli.cli.cli.cli dev eth0 ' failed (RTNETLINK answers: Network is unreachable) May 5 10:30:49 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[26] cli.cli.cli.cli:4500 #106: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2 May 5 10:30:49 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[26] cli.cli.cli.cli:4500 #106: IPsec SA established {ESP/NAT=>0x3f4a2f88 <0xf99cd84b NATOA=0.0.0.0} May 5 10:31:51 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[26] cli.cli.cli.cli:4500 #105: max number of retransmissions (2) reached STATE_MAIN_R1 May 5 10:32:03 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[26] cli.cli.cli.cli:4500 #104: received Delete SA(0x3f4a2f88) payload: deleting IPSEC State #106 May 5 10:32:03 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[26] cli.cli.cli.cli:4500 #104: received and ignored informational message May 5 10:32:03 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[26] cli.cli.cli.cli:4500 #104: received Delete SA payload: deleting ISAKMP State #104 May 5 10:32:03 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[26] cli.cli.cli.cli:4500: deleting connection "L2TP-PSK-orgWIN2KXP" instance with peer cli.cli.cli.cli {isakmp=#0/ipsec=#0} May 5 10:32:03 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP": unroute-host output: /usr/lib/ipsec/_updown: doroute `ip route delete cli.cli.cli.cli/32 via cli.cli.cli.cli dev eth0 ' failed (RTNETLINK answers: No such process) May 5 10:32:03 darkflame pluto[20723]: packet from cli.cli.cli.cli:4500: received and ignored informational message May 5 11:00:06 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004] May 5 11:00:06 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: ignoring Vendor ID payload [FRAGMENTATION] May 5 11:00:07 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106 May 5 11:00:07 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: ignoring Vendor ID payload [Vid-Initial-Contact] May 5 11:00:07 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[27] cli.cli.cli.cli #107: responding to Main Mode from unknown peer cli.cli.cli.cli May 5 11:00:07 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[27] cli.cli.cli.cli #107: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 May 5 11:00:07 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004] May 5 11:00:07 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: ignoring Vendor ID payload [FRAGMENTATION] May 5 11:00:07 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106 May 5 11:00:07 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: ignoring Vendor ID payload [Vid-Initial-Contact] May 5 11:00:07 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[27] cli.cli.cli.cli #108: responding to Main Mode from unknown peer cli.cli.cli.cli May 5 11:00:07 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[27] cli.cli.cli.cli #108: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 May 5 11:00:07 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004] May 5 11:00:08 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: ignoring Vendor ID payload [FRAGMENTATION] May 5 11:00:08 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106 May 5 11:00:08 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: ignoring Vendor ID payload [Vid-Initial-Contact] May 5 11:00:08 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[27] cli.cli.cli.cli #109: responding to Main Mode from unknown peer cli.cli.cli.cli May 5 11:00:08 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[27] cli.cli.cli.cli #109: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 May 5 11:00:08 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[27] cli.cli.cli.cli #107: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: i am NATed May 5 11:00:09 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[27] cli.cli.cli.cli #107: discarding packet received during DNS lookup in STATE_MAIN_R1 May 5 11:00:11 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[27] cli.cli.cli.cli #107: discarding packet received during DNS lookup in STATE_MAIN_R1 May 5 11:00:12 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[27] cli.cli.cli.cli #107: WARNING: compute_dh_shared(): for OAKLEY_GROUP_MODP2048 took 475637 usec May 5 11:00:13 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[27] cli.cli.cli.cli #107: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2 May 5 11:00:13 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[27] cli.cli.cli.cli #107: Main mode peer ID is ID_IPV4_ADDR: 'cli.cli.cli.cli' May 5 11:00:13 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[27] cli.cli.cli.cli #107: I did not send a certificate because I do not have one. May 5 11:00:13 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[27] cli.cli.cli.cli #107: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3 May 5 11:00:13 darkflame pluto[20723]: | NAT-T: new mapping cli.cli.cli.cli:500/4500) May 5 11:00:13 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[27] cli.cli.cli.cli:4500 #107: sent MR3, ISAKMP SA established May 5 11:00:14 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[27] cli.cli.cli.cli:4500 #110: responding to Quick Mode May 5 11:00:19 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[27] cli.cli.cli.cli:4500 #110: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1 May 5 11:00:19 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[27] cli.cli.cli.cli:4500 #110: discarding duplicate packet; already STATE_QUICK_R1 May 5 11:00:19 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[27] cli.cli.cli.cli:4500 #110: discarding duplicate packet; already STATE_QUICK_R1 May 5 11:00:27 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[27] cli.cli.cli.cli:4500 #110: route-host output: /usr/lib/ipsec/_updown: doroute `ip route add cli.cli.cli.cli/32 via cli.cli.cli.cli dev eth0 ' failed (RTNETLINK answers: Network is unreachable) May 5 11:00:28 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[27] cli.cli.cli.cli:4500 #110: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2 May 5 11:00:29 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[27] cli.cli.cli.cli:4500 #110: IPsec SA established {ESP/NAT=>0x1ddb27cb <0x7845ea1f NATOA=0.0.0.0} May 5 11:01:19 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[27] cli.cli.cli.cli:4500 #109: max number of retransmissions (2) reached STATE_MAIN_R1 May 5 11:01:19 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[27] cli.cli.cli.cli:4500 #108: max number of retransmissions (2) reached STATE_MAIN_R1 May 5 11:55:44 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[27] cli.cli.cli.cli:4500 #111: initiating Main Mode to replace #107 May 5 11:55:44 darkflame pluto[20723]: | no IKE algorithms for this connection May 5 11:55:45 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[27] cli.cli.cli.cli:4500 #111: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004] May 5 11:55:45 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[27] cli.cli.cli.cli:4500 #111: ignoring Vendor ID payload [FRAGMENTATION] May 5 11:55:45 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[27] cli.cli.cli.cli:4500 #111: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106 May 5 11:55:45 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[27] cli.cli.cli.cli:4500 #111: enabling possible NAT-traversal with method RFC XXXX (NAT-Traversal) May 5 11:55:46 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[27] cli.cli.cli.cli:4500 #111: discarding packet received during DNS lookup in STATE_MAIN_I1 May 5 11:55:46 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[27] cli.cli.cli.cli:4500 #111: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2 May 5 11:55:47 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[27] cli.cli.cli.cli:4500 #111: I did not send a certificate because I do not have one. May 5 11:55:47 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[27] cli.cli.cli.cli:4500 #111: NAT-Traversal: Only 0 NAT-D - Aborting NAT-Traversal negociation May 5 11:55:47 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[27] cli.cli.cli.cli:4500 #111: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3 May 5 11:55:47 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[27] cli.cli.cli.cli:4500 #111: Main mode peer ID is ID_IPV4_ADDR: 'cli.cli.cli.cli' May 5 11:55:47 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[27] cli.cli.cli.cli:4500 #111: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4 May 5 11:55:47 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[27] cli.cli.cli.cli:4500 #111: ISAKMP SA established May 5 11:55:48 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[27] cli.cli.cli.cli:4500 #111: discarding duplicate packet; already STATE_MAIN_I4 May 5 11:55:57 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[27] cli.cli.cli.cli:4500 #112: initiating Quick Mode PSK+ENCRYPT+TUNNEL to replace #110 {using isakmp#111} May 5 11:55:57 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[27] cli.cli.cli.cli:4500 #111: ignoring informational payload, type INVALID_ID_INFORMATION May 5 11:55:57 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[27] cli.cli.cli.cli:4500 #111: received and ignored informational message May 5 11:57:07 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[27] cli.cli.cli.cli:4500 #112: max number of retransmissions (2) reached STATE_QUICK_I1 May 5 11:57:07 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[27] cli.cli.cli.cli:4500 #112: starting keying attempt 2 of at most 3 May 5 11:57:07 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[27] cli.cli.cli.cli:4500 #113: initiating Quick Mode PSK+ENCRYPT+TUNNEL to replace #112 {using isakmp#111} May 5 11:57:07 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[27] cli.cli.cli.cli:4500 #111: ignoring informational payload, type INVALID_ID_INFORMATION May 5 11:57:07 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[27] cli.cli.cli.cli:4500 #111: received and ignored informational message May 5 11:58:17 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[27] cli.cli.cli.cli:4500 #113: max number of retransmissions (2) reached STATE_QUICK_I1 May 5 11:58:17 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[27] cli.cli.cli.cli:4500 #113: starting keying attempt 3 of at most 3 May 5 11:58:17 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[27] cli.cli.cli.cli:4500 #114: initiating Quick Mode PSK+ENCRYPT+TUNNEL to replace #113 {using isakmp#111} May 5 11:58:17 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[27] cli.cli.cli.cli:4500 #111: ignoring informational payload, type INVALID_ID_INFORMATION May 5 11:58:17 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[27] cli.cli.cli.cli:4500 #111: received and ignored informational message May 5 11:59:27 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[27] cli.cli.cli.cli:4500 #114: max number of retransmissions (2) reached STATE_QUICK_I1 May 5 11:59:42 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[27] cli.cli.cli.cli:4500 #111: cannot respond to IPsec SA request because no connection is known for ext.ext.ext.ext/32===10.10.60.98:4500:17/1701...cli.cli.cli.cli:4500:17/1701 May 5 11:59:42 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[27] cli.cli.cli.cli:4500 #111: sending encrypted notification INVALID_ID_INFORMATION to cli.cli.cli.cli:4500 May 5 11:59:42 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[27] cli.cli.cli.cli:4500 #111: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0xb234dd64 (perhaps this is a duplicated packet) May 5 11:59:42 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[27] cli.cli.cli.cli:4500 #111: sending encrypted notification INVALID_MESSAGE_ID to cli.cli.cli.cli:4500 May 5 11:59:44 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[27] cli.cli.cli.cli:4500 #111: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0xb234dd64 (perhaps this is a duplicated packet) May 5 11:59:44 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[27] cli.cli.cli.cli:4500 #111: sending encrypted notification INVALID_MESSAGE_ID to cli.cli.cli.cli:4500 May 5 11:59:48 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[27] cli.cli.cli.cli:4500 #111: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0xb234dd64 (perhaps this is a duplicated packet) May 5 11:59:48 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[27] cli.cli.cli.cli:4500 #111: sending encrypted notification INVALID_MESSAGE_ID to cli.cli.cli.cli:4500 May 5 11:59:56 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[27] cli.cli.cli.cli:4500 #111: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0xb234dd64 (perhaps this is a duplicated packet) May 5 11:59:56 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[27] cli.cli.cli.cli:4500 #111: sending encrypted notification INVALID_MESSAGE_ID to cli.cli.cli.cli:4500 May 5 12:00:12 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[27] cli.cli.cli.cli:4500 #111: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0xb234dd64 (perhaps this is a duplicated packet) May 5 12:00:12 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[27] cli.cli.cli.cli:4500 #111: sending encrypted notification INVALID_MESSAGE_ID to cli.cli.cli.cli:4500 May 5 12:00:24 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[27] cli.cli.cli.cli:4500 #110: next payload type of ISAKMP Hash Payload has an unknown value: 53 May 5 12:00:24 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[27] cli.cli.cli.cli:4500 #110: malformed payload in packet May 5 12:00:24 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[27] cli.cli.cli.cli:4500 #110: sending notification PAYLOAD_MALFORMED to cli.cli.cli.cli:4500 May 5 12:00:27 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[27] cli.cli.cli.cli:4500 #110: IPsec SA expired (LATEST!) May 5 12:00:28 darkflame pluto[20723]: ERROR: netlink XFRM_MSG_DELPOLICY response for flow int.0@0.0.0.0 included errno 2: No such file or directory May 5 12:00:44 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[27] cli.cli.cli.cli:4500 #111: received Delete SA payload: deleting ISAKMP State #111 May 5 12:00:44 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[27] cli.cli.cli.cli:4500: deleting connection "L2TP-PSK-orgWIN2KXP" instance with peer cli.cli.cli.cli {isakmp=#0/ipsec=#0} May 5 12:00:45 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP": unroute-host output: /usr/lib/ipsec/_updown: doroute `ip route delete cli.cli.cli.cli/32 via cli.cli.cli.cli dev eth0 ' failed (RTNETLINK answers: No such process) May 5 12:00:45 darkflame pluto[20723]: packet from cli.cli.cli.cli:4500: received and ignored informational message May 5 12:00:45 darkflame pluto[20723]: packet from cli.cli.cli.cli:4500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004] May 5 12:00:45 darkflame pluto[20723]: packet from cli.cli.cli.cli:4500: ignoring Vendor ID payload [FRAGMENTATION] May 5 12:00:45 darkflame pluto[20723]: packet from cli.cli.cli.cli:4500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106 May 5 12:00:45 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[28] cli.cli.cli.cli:4500 #115: responding to Main Mode from unknown peer cli.cli.cli.cli:4500 May 5 12:00:45 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[28] cli.cli.cli.cli:4500 #115: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 May 5 12:00:45 darkflame pluto[20723]: packet from cli.cli.cli.cli:4500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004] May 5 12:00:45 darkflame pluto[20723]: packet from cli.cli.cli.cli:4500: ignoring Vendor ID payload [FRAGMENTATION] May 5 12:00:45 darkflame pluto[20723]: packet from cli.cli.cli.cli:4500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106 May 5 12:00:46 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[28] cli.cli.cli.cli:4500 #116: responding to Main Mode from unknown peer cli.cli.cli.cli:4500 May 5 12:00:46 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[28] cli.cli.cli.cli:4500 #116: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 May 5 12:00:46 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[28] cli.cli.cli.cli:4500 #115: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: i am NATed May 5 12:00:46 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[28] cli.cli.cli.cli:4500 #115: WARNING: compute_dh_shared(): for OAKLEY_GROUP_MODP2048 took 209441 usec May 5 12:00:46 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[28] cli.cli.cli.cli:4500 #115: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2 May 5 12:00:47 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[28] cli.cli.cli.cli:4500 #115: Main mode peer ID is ID_IPV4_ADDR: 'cli.cli.cli.cli' May 5 12:00:47 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[28] cli.cli.cli.cli:4500 #115: I did not send a certificate because I do not have one. May 5 12:00:47 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[28] cli.cli.cli.cli:4500 #115: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3 May 5 12:00:47 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[28] cli.cli.cli.cli:4500 #115: sent MR3, ISAKMP SA established May 5 12:00:47 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[28] cli.cli.cli.cli:4500 #115: retransmitting in response to duplicate packet; already STATE_MAIN_R3 May 5 12:00:47 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[28] cli.cli.cli.cli:4500 #117: responding to Quick Mode May 5 12:00:50 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[28] cli.cli.cli.cli:4500 #117: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1 May 5 12:00:50 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[28] cli.cli.cli.cli:4500 #117: discarding duplicate packet; already STATE_QUICK_R1 May 5 12:00:50 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[28] cli.cli.cli.cli:4500 #117: discarding duplicate packet; already STATE_QUICK_R1 May 5 12:00:53 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[28] cli.cli.cli.cli:4500 #117: route-host output: /usr/lib/ipsec/_updown: doroute `ip route add cli.cli.cli.cli/32 via cli.cli.cli.cli dev eth0 ' failed (RTNETLINK answers: Network is unreachable) May 5 12:00:53 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[28] cli.cli.cli.cli:4500 #117: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2 May 5 12:00:53 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[28] cli.cli.cli.cli:4500 #117: IPsec SA established {ESP/NAT=>0x98d4c8fb <0x4232941e NATOA=0.0.0.0} May 5 12:01:55 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[28] cli.cli.cli.cli:4500 #116: max number of retransmissions (2) reached STATE_MAIN_R1 May 5 12:02:23 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[28] cli.cli.cli.cli:4500 #115: received Delete SA(0x98d4c8fb) payload: deleting IPSEC State #117 May 5 12:02:23 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[28] cli.cli.cli.cli:4500 #115: received and ignored informational message May 5 12:02:23 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[28] cli.cli.cli.cli:4500 #115: received Delete SA payload: deleting ISAKMP State #115 May 5 12:02:23 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[28] cli.cli.cli.cli:4500: deleting connection "L2TP-PSK-orgWIN2KXP" instance with peer cli.cli.cli.cli {isakmp=#0/ipsec=#0} May 5 12:02:24 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP": unroute-host output: /usr/lib/ipsec/_updown: doroute `ip route delete cli.cli.cli.cli/32 via cli.cli.cli.cli dev eth0 ' failed (RTNETLINK answers: No such process) May 5 12:02:24 darkflame pluto[20723]: packet from cli.cli.cli.cli:4500: received and ignored informational message May 5 12:30:08 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004] May 5 12:30:09 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: ignoring Vendor ID payload [FRAGMENTATION] May 5 12:30:09 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106 May 5 12:30:09 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: ignoring Vendor ID payload [Vid-Initial-Contact] May 5 12:30:09 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[29] cli.cli.cli.cli #118: responding to Main Mode from unknown peer cli.cli.cli.cli May 5 12:30:09 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[29] cli.cli.cli.cli #118: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 May 5 12:30:09 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004] May 5 12:30:09 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: ignoring Vendor ID payload [FRAGMENTATION] May 5 12:30:09 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106 May 5 12:30:09 darkflame pluto[20723]: packet from cli.cli.cli.cli:500: ignoring Vendor ID payload [Vid-Initial-Contact] May 5 12:30:10 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[29] cli.cli.cli.cli #119: responding to Main Mode from unknown peer cli.cli.cli.cli May 5 12:30:10 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[29] cli.cli.cli.cli #119: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 May 5 12:30:10 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[29] cli.cli.cli.cli #118: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: i am NATed May 5 12:30:11 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[29] cli.cli.cli.cli #118: discarding packet received during DNS lookup in STATE_MAIN_R1 May 5 12:30:13 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[29] cli.cli.cli.cli #118: WARNING: compute_dh_shared(): for OAKLEY_GROUP_MODP2048 took 493097 usec May 5 12:30:13 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[29] cli.cli.cli.cli #118: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2 May 5 12:30:13 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[29] cli.cli.cli.cli #118: discarding duplicate packet; already STATE_MAIN_R2 May 5 12:30:14 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[29] cli.cli.cli.cli #118: Main mode peer ID is ID_IPV4_ADDR: 'cli.cli.cli.cli' May 5 12:30:14 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[29] cli.cli.cli.cli #118: I did not send a certificate because I do not have one. May 5 12:30:14 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[29] cli.cli.cli.cli #118: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3 May 5 12:30:14 darkflame pluto[20723]: | NAT-T: new mapping cli.cli.cli.cli:500/4500) May 5 12:30:14 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[29] cli.cli.cli.cli:4500 #118: sent MR3, ISAKMP SA established May 5 12:30:14 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[29] cli.cli.cli.cli:4500 #120: responding to Quick Mode May 5 12:30:19 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[29] cli.cli.cli.cli:4500 #120: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1 May 5 12:30:19 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[29] cli.cli.cli.cli:4500 #120: discarding duplicate packet; already STATE_QUICK_R1 May 5 12:30:19 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[29] cli.cli.cli.cli:4500 #120: discarding duplicate packet; already STATE_QUICK_R1 May 5 12:30:25 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[29] cli.cli.cli.cli:4500 #120: route-host output: /usr/lib/ipsec/_updown: doroute `ip route add cli.cli.cli.cli/32 via cli.cli.cli.cli dev eth0 ' failed (RTNETLINK answers: Network is unreachable) May 5 12:30:26 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[29] cli.cli.cli.cli:4500 #120: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2 May 5 12:30:26 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[29] cli.cli.cli.cli:4500 #120: IPsec SA established {ESP/NAT=>0x4ab0bf24 <0xb17d5c01 NATOA=0.0.0.0} May 5 12:31:19 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[29] cli.cli.cli.cli:4500 #119: max number of retransmissions (2) reached STATE_MAIN_R1 May 5 13:25:46 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[29] cli.cli.cli.cli:4500 #121: initiating Main Mode to replace #118 May 5 13:25:47 darkflame pluto[20723]: | no IKE algorithms for this connection May 5 13:25:47 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[29] cli.cli.cli.cli:4500 #121: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004] May 5 13:25:48 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[29] cli.cli.cli.cli:4500 #121: ignoring Vendor ID payload [FRAGMENTATION] May 5 13:25:48 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[29] cli.cli.cli.cli:4500 #121: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106 May 5 13:25:48 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[29] cli.cli.cli.cli:4500 #121: enabling possible NAT-traversal with method RFC XXXX (NAT-Traversal) May 5 13:25:48 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[29] cli.cli.cli.cli:4500 #121: discarding packet received during DNS lookup in STATE_MAIN_I1 May 5 13:25:49 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[29] cli.cli.cli.cli:4500 #121: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2 May 5 13:25:49 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[29] cli.cli.cli.cli:4500 #121: I did not send a certificate because I do not have one. May 5 13:25:49 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[29] cli.cli.cli.cli:4500 #121: NAT-Traversal: Only 0 NAT-D - Aborting NAT-Traversal negociation May 5 13:25:49 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[29] cli.cli.cli.cli:4500 #121: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3 May 5 13:25:49 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[29] cli.cli.cli.cli:4500 #121: Main mode peer ID is ID_IPV4_ADDR: 'cli.cli.cli.cli' May 5 13:25:49 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[29] cli.cli.cli.cli:4500 #121: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4 May 5 13:25:49 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[29] cli.cli.cli.cli:4500 #121: ISAKMP SA established May 5 13:25:50 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[29] cli.cli.cli.cli:4500 #121: discarding duplicate packet; already STATE_MAIN_I4 May 5 13:25:52 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[29] cli.cli.cli.cli:4500 #121: discarding duplicate packet; already STATE_MAIN_I4 May 5 13:25:55 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[29] cli.cli.cli.cli:4500 #122: initiating Quick Mode PSK+ENCRYPT+TUNNEL to replace #120 {using isakmp#121} May 5 13:25:55 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[29] cli.cli.cli.cli:4500 #121: ignoring informational payload, type INVALID_ID_INFORMATION May 5 13:25:55 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[29] cli.cli.cli.cli:4500 #121: received and ignored informational message May 5 13:27:05 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[29] cli.cli.cli.cli:4500 #122: max number of retransmissions (2) reached STATE_QUICK_I1 May 5 13:27:05 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[29] cli.cli.cli.cli:4500 #122: starting keying attempt 2 of at most 3 May 5 13:27:05 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[29] cli.cli.cli.cli:4500 #123: initiating Quick Mode PSK+ENCRYPT+TUNNEL to replace #122 {using isakmp#121} May 5 13:27:05 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[29] cli.cli.cli.cli:4500 #121: ignoring informational payload, type INVALID_ID_INFORMATION May 5 13:27:05 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[29] cli.cli.cli.cli:4500 #121: received and ignored informational message May 5 13:28:15 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[29] cli.cli.cli.cli:4500 #123: max number of retransmissions (2) reached STATE_QUICK_I1 May 5 13:28:15 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[29] cli.cli.cli.cli:4500 #123: starting keying attempt 3 of at most 3 May 5 13:28:15 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[29] cli.cli.cli.cli:4500 #124: initiating Quick Mode PSK+ENCRYPT+TUNNEL to replace #123 {using isakmp#121} May 5 13:28:15 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[29] cli.cli.cli.cli:4500 #121: ignoring informational payload, type INVALID_ID_INFORMATION May 5 13:28:15 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[29] cli.cli.cli.cli:4500 #121: received and ignored informational message May 5 13:29:25 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[29] cli.cli.cli.cli:4500 #124: max number of retransmissions (2) reached STATE_QUICK_I1 May 5 13:29:42 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[29] cli.cli.cli.cli:4500 #121: cannot respond to IPsec SA request because no connection is known for ext.ext.ext.ext/32===10.10.60.98:4500:17/1701...cli.cli.cli.cli:4500:17/1701 May 5 13:29:42 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[29] cli.cli.cli.cli:4500 #121: sending encrypted notification INVALID_ID_INFORMATION to cli.cli.cli.cli:4500 May 5 13:29:43 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[29] cli.cli.cli.cli:4500 #121: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x59a6030b (perhaps this is a duplicated packet) May 5 13:29:43 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[29] cli.cli.cli.cli:4500 #121: sending encrypted notification INVALID_MESSAGE_ID to cli.cli.cli.cli:4500 May 5 13:29:45 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[29] cli.cli.cli.cli:4500 #121: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x59a6030b (perhaps this is a duplicated packet) May 5 13:29:45 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[29] cli.cli.cli.cli:4500 #121: sending encrypted notification INVALID_MESSAGE_ID to cli.cli.cli.cli:4500 May 5 13:29:49 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[29] cli.cli.cli.cli:4500 #121: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x59a6030b (perhaps this is a duplicated packet) May 5 13:29:49 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[29] cli.cli.cli.cli:4500 #121: sending encrypted notification INVALID_MESSAGE_ID to cli.cli.cli.cli:4500 May 5 13:29:57 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[29] cli.cli.cli.cli:4500 #121: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x59a6030b (perhaps this is a duplicated packet) May 5 13:29:57 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[29] cli.cli.cli.cli:4500 #121: sending encrypted notification INVALID_MESSAGE_ID to cli.cli.cli.cli:4500 May 5 13:30:13 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[29] cli.cli.cli.cli:4500 #121: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x59a6030b (perhaps this is a duplicated packet) May 5 13:30:13 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[29] cli.cli.cli.cli:4500 #121: sending encrypted notification INVALID_MESSAGE_ID to cli.cli.cli.cli:4500 May 5 13:30:25 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[29] cli.cli.cli.cli:4500 #120: IPsec SA expired (LATEST!) May 5 13:30:29 darkflame pluto[20723]: ERROR: netlink XFRM_MSG_DELPOLICY response for flow int.0@0.0.0.0 included errno 2: No such file or directory May 5 13:30:29 darkflame pluto[20723]: packet from cli.cli.cli.cli:4500: Informational Exchange is for an unknown (expired?) SA May 5 13:30:45 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[29] cli.cli.cli.cli:4500 #121: received Delete SA payload: deleting ISAKMP State #121 May 5 13:30:45 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[29] cli.cli.cli.cli:4500: deleting connection "L2TP-PSK-orgWIN2KXP" instance with peer cli.cli.cli.cli {isakmp=#0/ipsec=#0} May 5 13:30:46 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP": unroute-host output: /usr/lib/ipsec/_updown: doroute `ip route delete cli.cli.cli.cli/32 via cli.cli.cli.cli dev eth0 ' failed (RTNETLINK answers: No such process) May 5 13:30:46 darkflame pluto[20723]: packet from cli.cli.cli.cli:4500: received and ignored informational message May 5 13:30:46 darkflame pluto[20723]: packet from cli.cli.cli.cli:4500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004] May 5 13:30:46 darkflame pluto[20723]: packet from cli.cli.cli.cli:4500: ignoring Vendor ID payload [FRAGMENTATION] May 5 13:30:47 darkflame pluto[20723]: packet from cli.cli.cli.cli:4500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106 May 5 13:30:47 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[30] cli.cli.cli.cli:4500 #125: responding to Main Mode from unknown peer cli.cli.cli.cli:4500 May 5 13:30:47 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[30] cli.cli.cli.cli:4500 #125: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 May 5 13:30:47 darkflame pluto[20723]: packet from cli.cli.cli.cli:4500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004] May 5 13:30:47 darkflame pluto[20723]: packet from cli.cli.cli.cli:4500: ignoring Vendor ID payload [FRAGMENTATION] May 5 13:30:47 darkflame pluto[20723]: packet from cli.cli.cli.cli:4500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106 May 5 13:30:47 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[30] cli.cli.cli.cli:4500 #126: responding to Main Mode from unknown peer cli.cli.cli.cli:4500 May 5 13:30:47 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[30] cli.cli.cli.cli:4500 #126: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 May 5 13:30:47 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[30] cli.cli.cli.cli:4500 #125: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: i am NATed May 5 13:30:48 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[30] cli.cli.cli.cli:4500 #125: discarding packet received during DNS lookup in STATE_MAIN_R1 May 5 13:30:49 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[30] cli.cli.cli.cli:4500 #125: WARNING: compute_dh_shared(): for OAKLEY_GROUP_MODP2048 took 449133 usec May 5 13:30:49 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[30] cli.cli.cli.cli:4500 #125: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2 May 5 13:30:50 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[30] cli.cli.cli.cli:4500 #125: Main mode peer ID is ID_IPV4_ADDR: 'cli.cli.cli.cli' May 5 13:30:50 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[30] cli.cli.cli.cli:4500 #125: I did not send a certificate because I do not have one. May 5 13:30:50 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[30] cli.cli.cli.cli:4500 #125: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3 May 5 13:30:50 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[30] cli.cli.cli.cli:4500 #125: sent MR3, ISAKMP SA established May 5 13:30:50 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[30] cli.cli.cli.cli:4500 #127: responding to Quick Mode May 5 13:31:00 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[30] cli.cli.cli.cli:4500 #127: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1 May 5 13:31:01 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[30] cli.cli.cli.cli:4500 #127: discarding duplicate packet; already STATE_QUICK_R1 May 5 13:31:04 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[30] cli.cli.cli.cli:4500 #128: responding to Quick Mode May 5 13:31:08 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[30] cli.cli.cli.cli:4500 #128: ERROR: netlink XFRM_MSG_NEWPOLICY response for flow tun.10000@10.10.60.98 included errno 17: File exists May 5 13:31:08 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[30] cli.cli.cli.cli:4500 #128: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1 May 5 13:31:08 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[30] cli.cli.cli.cli:4500 #128: discarding duplicate packet; already STATE_QUICK_R1 May 5 13:31:09 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[30] cli.cli.cli.cli:4500 #128: discarding duplicate packet; already STATE_QUICK_R1 May 5 13:31:13 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[30] cli.cli.cli.cli:4500 #128: route-host output: /usr/lib/ipsec/_updown: doroute `ip route add cli.cli.cli.cli/32 via cli.cli.cli.cli dev eth0 ' failed (RTNETLINK answers: Network is unreachable) May 5 13:31:13 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[30] cli.cli.cli.cli:4500 #128: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2 May 5 13:31:13 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[30] cli.cli.cli.cli:4500 #128: IPsec SA established {ESP/NAT=>0xe1efe530 <0xfda5be39 NATOA=0.0.0.0} May 5 13:32:00 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[30] cli.cli.cli.cli:4500 #126: max number of retransmissions (2) reached STATE_MAIN_R1 May 5 13:32:04 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[30] cli.cli.cli.cli:4500 #125: received Delete SA(0xe1efe530) payload: deleting IPSEC State #128 May 5 13:32:05 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[30] cli.cli.cli.cli:4500 #125: received and ignored informational message May 5 13:32:05 darkflame pluto[20723]: "L2TP-PSK-orgWIN2KXP"[30] cli.cli.cli.cli:4500 #125: received Delete SA payload: deleting ISAKMP State #125 May 5 13:32:05 darkflame pluto[20723]: packet from cli.cli.cli.cli:4500: received and ignored informational message + _________________________ date + date Thu May 5 13:34:56 SAST 2005