Hi,
I am trying to connect Amazon Web Services IPSec VPN with OpenBSD 5.2.
They provide two seperate tunnels. I am trying to connect only one of
them.
It continuously disconnects and reconnects in approximately 1 minute
periods.
I am working as a database administrator. I do not have much experience
with networks. I am trying to learn some with OpenBSD. Do you have any
suggestions?
=== ipsec.conf ===
ike active esp tunnel \
from {169.254.255.2, 192.168.124.0/23} to {169.254.255.1,
10.32.1.0/24} \
local 89.145.186.243 peer 72.21.209.224 \
main auth hmac-sha1 enc aes-128 group modp1024 lifetime 28800 \
quick auth hmac-sha1 enc aes-128 group modp1024 lifetime 3600 \
srcid 89.145.186.243 psk ***
=== AWS VPC VPN Configuration IPSec Tunnel #1 ===
#1: Internet Key Exchange Configuration
Configure the IKE SA as follows
- Authentication Method : Pre-Shared Key
- Pre-Shared Key : ***
- Authentication Algorithm : sha1
- Encryption Algorithm : aes-128-cbc
- Lifetime : 28800 seconds
- Phase 1 Negotiation Mode : main
- Perfect Forward Secrecy : Diffie-Hellman Group 2
#2: IPSec Configuration
Configure the IPSec SA as follows:
- Protocol : esp
- Authentication Algorithm : hmac-sha1-96
- Encryption Algorithm : aes-128-cbc
- Lifetime : 3600 seconds
- Mode : tunnel
- Perfect Forward Secrecy : Diffie-Hellman Group 2
IPSec Dead Peer Detection (DPD) will be enabled on the AWS Endpoint. We
recommend configuring DPD on your endpoint as follows:
- DPD Interval : 10
- DPD Retries : 3
IPSec ESP (Encapsulating Security Payload) inserts additional
headers to transmit packets. These headers require additional space,
which reduces the amount of space available to transmit application
data.
To limit the impact of this behavior, we recommend the following
configuration on your Customer Gateway:
- TCP MSS Adjustment : 1387 bytes
- Clear Don't Fragment Bit : enabled
- Fragmentation : Before encryption
#3: Tunnel Interface Configuration
Your Customer Gateway must be configured with a tunnel interface that
is
associated with the IPSec tunnel. All traffic transmitted to the tunnel
interface is encrypted and transmitted to the Virtual Private Gateway.
The Customer Gateway and Virtual Private Gateway each have two
addresses that relate
to this IPSec tunnel. Each contains an outside address, upon which
encrypted
traffic is exchanged. Each also contain an inside address associated
with
the tunnel interface.
The Customer Gateway outside IP address was provided when the Customer
Gateway
was created. Changing the IP address requires the creation of a new
Customer Gateway.
The Customer Gateway inside IP address should be configured on your
tunnel
interface.
Outside IP Addresses:
- Customer Gateway : 89.145.186.243
- Virtual Private Gateway : 72.21.209.224
Inside IP Addresses
- Customer Gateway : 169.254.255.2/30
- Virtual Private Gateway : 169.254.255.1/30
Configure your tunnel to fragment at the optimal size:
- Tunnel interface MTU : 1436 bytes
#4: Static Routing Configuration:
To route traffic between your internal network and your VPC,
you will need a static route added to your router.
Static Route Configuration Options:
- Next hop : 169.254.255.1
You should add static routes towards your internal network on the VGW.
The VGW will then send traffic towards your internal network over
the tunnels.
=== ifconfig ===
em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:0c:29:69:f5:c8
priority: 0
groups: egress
media: Ethernet autoselect (1000baseT full-duplex,master)
status: active
inet 89.145.186.243 netmask 0xfffffff8 broadcast 89.145.186.247
inet6 fe80::20c:29ff:fe69:f5c8%em0 prefixlen 64 scopeid 0x1
em1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:0c:29:69:f5:d2
priority: 0
media: Ethernet autoselect (1000baseT full-duplex,master)
status: active
inet6 fe80::20c:29ff:fe69:f5d2%em1 prefixlen 64 scopeid 0x2
inet 192.168.124.8 netmask 0xfffffe00 broadcast 192.168.125.255
enc0: flags=0<>
priority: 0
groups: enc
status: active
pflog0: flags=141<UP,RUNNING,PROMISC> mtu 33196
priority: 0
groups: pflog
=== ipsecctl -s all ===
FLOWS:
flow esp in from 169.254.255.1 to 192.168.124.0/23 peer 72.21.209.224
srcid 89.145.186.243/32 dstid 72.21.209.224/32 type use
flow esp out from 192.168.124.0/23 to 169.254.255.1 peer 72.21.209.224
srcid 89.145.186.243/32 dstid 72.21.209.224/32 type require
flow esp in from 10.32.1.0/24 to 192.168.124.0/23 peer 72.21.209.224
srcid 89.145.186.243/32 dstid 72.21.209.224/32 type use
flow esp out from 192.168.124.0/23 to 10.32.1.0/24 peer 72.21.209.224
srcid 89.145.186.243/32 dstid 72.21.209.224/32 type require
SAD:
esp tunnel from 89.145.186.243 to 72.21.209.224 spi 0x236ded4f auth
hmac-sha1 enc aes
esp tunnel from 72.21.209.224 to 89.145.186.243 spi 0x9370e4d0 auth
hmac-sha1 enc aes
esp tunnel from 89.145.186.243 to 72.21.209.224 spi 0x9d21abb9 auth
hmac-sha1 enc aes
esp tunnel from 72.21.209.224 to 89.145.186.243 spi 0xd0ddb960 auth
hmac-sha1 enc aes
=== tcpdump -envps 1500 port 500 ====
cookie: d69f2a6ad91ba706->0000000000000000 msgid: 00000000 len:
184
payload: SA len: 56 DOI: 1(IPSEC) situation: IDENTITY_ONLY
payload: PROPOSAL len: 44 proposal: 1 proto: ISAKMP spisz:
0 xforms: 1
payload: TRANSFORM len: 36
transform: 0 ID: ISAKMP
attribute ENCRYPTION_ALGORITHM = AES_CBC
attribute HASH_ALGORITHM = SHA
attribute AUTHENTICATION_METHOD = PRE_SHARED
attribute GROUP_DESCRIPTION = MODP_1024
attribute LIFE_TYPE = SECONDS
attribute LIFE_DURATION = 28800
attribute KEY_LENGTH = 128
payload: VENDOR len: 20
payload: VENDOR len: 20 (supports v2 NAT-T,
draft-ietf-ipsec-nat-t-ike-02)
payload: VENDOR len: 20 (supports v3 NAT-T,
draft-ietf-ipsec-nat-t-ike-03)
payload: VENDOR len: 20 (supports NAT-T, RFC 3947)
payload: VENDOR len: 20 (supports DPD v1.0) (ttl 64, id 16939,
len 212)
11:24:33.724715 00:27:22:c9:8a:c7 00:0c:29:69:f5:c8 0800 146:
72.21.209.224.500 > 89.145.186.243.500: [udp sum ok] isakmp v1.0
exchange ID_PROT
cookie: d69f2a6ad91ba706->295fd23e12596bf5 msgid: 00000000 len:
104
payload: SA len: 56 DOI: 1(IPSEC) situation: IDENTITY_ONLY
payload: PROPOSAL len: 44 proposal: 1 proto: ISAKMP spisz:
0 xforms: 1
payload: TRANSFORM len: 36
transform: 0 ID: ISAKMP
attribute ENCRYPTION_ALGORITHM = AES_CBC
attribute HASH_ALGORITHM = SHA
attribute AUTHENTICATION_METHOD = PRE_SHARED
attribute GROUP_DESCRIPTION = MODP_1024
attribute LIFE_TYPE = SECONDS
attribute LIFE_DURATION = 28800
attribute KEY_LENGTH = 128
payload: VENDOR len: 20 (supports DPD v1.0) (ttl 50, id 43425,
len 132)
11:24:33.742589 00:0c:29:69:f5:c8 00:27:22:c9:8a:c7 0800 222:
89.145.186.243.500 > 72.21.209.224.500: [udp sum ok] isakmp v1.0
exchange ID_PROT
cookie: d69f2a6ad91ba706->295fd23e12596bf5 msgid: 00000000 len:
180
payload: KEY_EXCH len: 132
payload: NONCE len: 20 (ttl 64, id 49712, len 208)
=== isakmpd -dK4D A=50 when it disconnects ===
112533.862397 Timr 10 timer_handle_expirations: event
connection_checker(0x85e17c20)
112533.862586 Timr 10 timer_add_event: event
connection_checker(0x85e17c20) added before
exchange_free_aux(0x844f6500), expiration in 60s
112533.862753 Timr 10 timer_add_event: event
exchange_free_aux(0x844f6900) added before sa_soft_expire(0x86e7f200),
expiration in 120s
112533.862834 Exch 10 exchange_establish_p2: 0x844f6900
from-169.254.255.2-to-169.254.255.1
phase2-from-169.254.255.2-to-169.254.255.1 policy initiator phase 2 doi
1 exchange 32 step 0
112533.862894 Exch 10 exchange_establish_p2: icookie d69f2a6ad91ba706
rcookie 295fd23e12596bf5
112533.862958 Exch 10 exchange_establish_p2: msgid 31aeaff8 sa_list
112533.863871 Sdep 50 pf_key_v2_get_spi: spi:
112533.863950 Sdep 50 7fcec6b4
112533.871519 Cryp 50 crypto_init_iv: initialized IV:
112533.871684 Cryp 50 fe0e32ab ca99480b c890fe28 5b03e2b0
112533.871770 Cryp 50 crypto_update_iv: updated IV:
112533.871774 Cryp 50 08f6cb95 81eafcb2 05690915 79d07aa0
112533.871779 Exch 40 exchange_run: exchange 0x844f6900 finished step
0, advancing...
112533.871783 Timr 10 timer_handle_expirations: event
connection_checker(0x85e17df0)
112533.872559 Timr 10 timer_add_event: event
connection_checker(0x85e17df0) added before
exchange_free_aux(0x844f6500), expiration in 60s
112533.872836 Timr 10 timer_add_event: event
exchange_free_aux(0x844f6f00) added before sa_soft_expire(0x86e7f200),
expiration in 120s
112533.873243 Exch 10 exchange_establish_p2: 0x844f6f00
from-169.254.255.2-to-10.32.1.0/24
phase2-from-169.254.255.2-to-10.32.1.0/24 policy initiator phase 2 doi 1
exchange 32 step 0
112533.873488 Exch 10 exchange_establish_p2: icookie d69f2a6ad91ba706
rcookie 295fd23e12596bf5
112533.873489 Exch 10 exchange_establish_p2: msgid b92bd517 sa_list
112533.874540 Sdep 50 pf_key_v2_get_spi: spi:
112533.874769 Sdep 50 15ea3039
112533.884662 Cryp 50 crypto_init_iv: initialized IV:
112533.884758 Cryp 50 70863dcc 2946e51b e6f0077f 9d6900e2
112533.884832 Cryp 50 crypto_update_iv: updated IV:
112533.884895 Cryp 50 65f6149f 0b840ed1 972594f1 e2c69bf8
112533.885091 Exch 40 exchange_run: exchange 0x844f6f00 finished step
0, advancing...
112533.885152 Timr 10 timer_handle_expirations: event
connection_checker(0x85e172e0)
112533.885947 Timr 10 timer_add_event: event
connection_checker(0x85e172e0) added before
exchange_free_aux(0x844f6500), expiration in 60s
112533.886047 Timr 10 timer_handle_expirations: event
connection_checker(0x85e17450)
112533.886705 Timr 10 timer_add_event: event
connection_checker(0x85e17450) added before
exchange_free_aux(0x844f6500), expiration in 60s
112533.888008 Trpt 30 transport_send_messages: message 0x89a41d00
scheduled for retransmission 1 in 7 secs
112533.888450 Timr 10 timer_add_event: event
message_send_expire(0x89a41d00) added before
connection_checker(0x85e17c20), expiration in 7s
112533.889119 Trpt 30 transport_send_messages: message 0x88fa7800
scheduled for retransmission 1 in 7 secs
112533.889720 Timr 10 timer_add_event: event
message_send_expire(0x88fa7800) added before
connection_checker(0x85e17c20), expiration in 7s
112534.050562 Trpt 50 virtual_clone: old 0x801f01c0 new 0x7f2de800
(main is 0x7f2ded80)
112534.050826 Mesg 20 message_free: freeing 0x89a41d00
112534.050920 Timr 10 timer_remove_event: removing event
message_send_expire(0x89a41d00)
112534.051393 Mesg 50 message_parse_payloads: offset 28 payload HASH
112534.051458 Mesg 50 message_parse_payloads: offset 52 payload SA
112534.051518 Mesg 50 message_parse_payloads: offset 108 payload NONCE
112534.051595 Mesg 50 message_parse_payloads: offset 176 payload
KEY_EXCH
112534.051654 Mesg 50 message_parse_payloads: offset 308 payload ID
112534.051713 Mesg 50 message_parse_payloads: offset 320 payload ID
112534.051777 Mesg 50 message_parse_payloads: offset 64 payload
PROPOSAL
112534.051869 Mesg 50 message_parse_payloads: offset 76 payload
TRANSFORM
112534.051928 Mesg 50 Transform 1's attributes
112534.051986 Mesg 50 Attribute SA_LIFE_TYPE value 1
112534.052045 Mesg 50 Attribute SA_LIFE_DURATION value 3600
112534.052103 Mesg 50 Attribute ENCAPSULATION_MODE value 1
112534.052203 Mesg 50 Attribute AUTHENTICATION_ALGORITHM value 2
112534.052289 Mesg 50 Attribute GROUP_DESCRIPTION value 2
112534.053171 Mesg 50 Attribute KEY_LENGTH value 128
112534.053297 Mesg 40 ipsec_validate_id_information: proto 0 port 0
type 1
112534.053421 Mesg 40 ipsec_validate_id_information: IPv4:
112534.053576 Mesg 40 a9feff02
112534.053683 Mesg 40 ipsec_validate_id_information: proto 0 port 0
type 1
112534.053774 Mesg 40 ipsec_validate_id_information: IPv4:
112534.053866 Mesg 40 a9feff01
112534.054000 Misc 20 ipsec_decode_transform: transform 1 chosen
112534.054101 Cryp 50 crypto_update_iv: updated IV:
112534.054203 Cryp 50 a5f22cb5 e2e0e7b8 15ed649e f8ccb57f
112534.054295 Exch 40 exchange_run: exchange 0x844f6900 finished step
1, advancing...
112534.054307 Cryp 50 crypto_update_iv: updated IV:
112534.054544 Cryp 50 1628a9d9 ad2ad86d 0c732787 e60c5546
112534.054749 Exch 40 exchange_run: exchange 0x844f6900 finished step
2, advancing...
112534.063161 Exch 10 exchange_finalize: 0x844f6900
from-169.254.255.2-to-169.254.255.1
phase2-from-169.254.255.2-to-169.254.255.1 policy initiator phase 2 doi
1 exchange 32 step 3
112534.063261 Exch 10 exchange_finalize: icookie d69f2a6ad91ba706
rcookie 295fd23e12596bf5
112534.063324 Exch 10 exchange_finalize: msgid 31aeaff8 sa_list
0x844f6a00
112534.063461 Sdep 40 pf_key_v2_convert_id: IPv4 address
89.145.186.243/32
112534.063523 Sdep 40 pf_key_v2_convert_id: IPv4 address
72.21.209.224/32
112534.063588 Sdep 10 pf_key_v2_set_spi: satype 2 dst 72.21.209.224 SPI
0xc9d031e
112534.063701 Timr 10 timer_add_event: event sa_soft_expire(0x844f6a00)
added before sa_soft_expire(0x844f6d00), expiration in 3308s
112534.063794 Timr 10 timer_add_event: event sa_hard_expire(0x844f6a00)
added before sa_soft_expire(0x844f6400), expiration in 3600s
112534.064777 Sdep 50 pf_key_v2_set_spi: done
112534.065215 Sdep 40 pf_key_v2_convert_id: IPv4 address
89.145.186.243/32
112534.065341 Sdep 40 pf_key_v2_convert_id: IPv4 address
72.21.209.224/32
112534.065478 Sdep 10 pf_key_v2_set_spi: satype 2 dst 89.145.186.243
SPI 0x7fcec6b4
112534.066208 Sdep 50 pf_key_v2_set_spi: done
112534.066525 Exch 50 ipsec_finalize_exchange: src 169.254.255.2
255.255.255.255 dst 169.254.255.1 255.255.255.255 tproto 0 sport 0 dport
0
112534.067013 Sdep 40 pf_key_v2_convert_id: IPv4 address
89.145.186.243/32
112534.067402 Sdep 40 pf_key_v2_convert_id: IPv4 address
72.21.209.224/32
112534.067529 Sdep 50 pf_key_v2_flow: src 169.254.255.2 255.255.255.255
dst 169.254.255.1 255.255.255.255 proto 0 sport 0 dport 0
112534.068778 Misc 50 pf_key_v2_flow: ADDFLOW: done
112534.068920 Sdep 50 pf_key_v2_flow: src 169.254.255.1 255.255.255.255
dst 169.254.255.2 255.255.255.255 proto 0 sport 0 dport 0
112534.069871 Misc 50 pf_key_v2_flow: ADDFLOW: done
112534.070552 Trpt 50 virtual_clone: old 0x801f01c0 new 0x7f2de940
(main is 0x7f2dee80)
112534.071551 Mesg 20 message_free: freeing 0x88fa7800
112534.071618 Timr 10 timer_remove_event: removing event
message_send_expire(0x88fa7800)
112534.071699 Mesg 50 message_parse_payloads: offset 28 payload HASH
112534.071758 Mesg 50 message_parse_payloads: offset 52 payload SA
112534.071817 Mesg 50 message_parse_payloads: offset 108 payload NONCE
112534.071897 Mesg 50 message_parse_payloads: offset 176 payload
KEY_EXCH
112534.071956 Mesg 50 message_parse_payloads: offset 308 payload ID
112534.072015 Mesg 50 message_parse_payloads: offset 320 payload ID
112534.072079 Mesg 50 message_parse_payloads: offset 64 payload
PROPOSAL
112534.072138 Mesg 50 message_parse_payloads: offset 76 payload
TRANSFORM
112534.072196 Mesg 50 Transform 1's attributes
112534.072713 Mesg 50 Attribute SA_LIFE_TYPE value 1
112534.072795 Mesg 50 Attribute SA_LIFE_DURATION value 3600
112534.073046 Mesg 50 Attribute ENCAPSULATION_MODE value 1
112534.073204 Mesg 50 Attribute AUTHENTICATION_ALGORITHM value 2
112534.073272 Mesg 50 Attribute GROUP_DESCRIPTION value 2
112534.074039 Mesg 50 Attribute KEY_LENGTH value 128
112534.074312 Mesg 40 ipsec_validate_id_information: proto 0 port 0
type 1
112534.074371 Mesg 40 ipsec_validate_id_information: IPv4:
112534.074429 Mesg 40 a9feff02
112534.074436 Mesg 40 ipsec_validate_id_information: proto 0 port 0
type 4
112534.074725 Mesg 40 ipsec_validate_id_information: IPv4
network/netmask:
112534.074914 Mesg 40 0a200100 ffffff00
112534.075000 Misc 20 ipsec_decode_transform: transform 1 chosen
112534.075063 Cryp 50 crypto_update_iv: updated IV:
112534.075148 Cryp 50 f89b433d d10d144a 2c5a5043 179ba26f
112534.075208 Exch 40 exchange_run: exchange 0x844f6f00 finished step
1, advancing...
112534.075290 Cryp 50 crypto_update_iv: updated IV:
112534.075352 Cryp 50 48bb6c2c 20c2c976 7b5c1c63 71070aff
112534.076029 Exch 40 exchange_run: exchange 0x844f6f00 finished step
2, advancing...
112534.084075 Exch 10 exchange_finalize: 0x844f6f00
from-169.254.255.2-to-10.32.1.0/24
phase2-from-169.254.255.2-to-10.32.1.0/24 policy initiator phase 2 doi 1
exchange 32 step 3
112534.084227 Exch 10 exchange_finalize: icookie d69f2a6ad91ba706
rcookie 295fd23e12596bf5
112534.084515 Exch 10 exchange_finalize: msgid b92bd517 sa_list
0x86e7ff00
112534.085206 Sdep 40 pf_key_v2_convert_id: IPv4 address
89.145.186.243/32
112534.085562 Sdep 40 pf_key_v2_convert_id: IPv4 address
72.21.209.224/32
112534.085957 Sdep 10 pf_key_v2_set_spi: satype 2 dst 72.21.209.224 SPI
0x58fb2a2a
112534.086404 Timr 10 timer_add_event: event sa_soft_expire(0x86e7ff00)
added before sa_soft_expire(0x844f6a00), expiration in 3218s
112534.086554 Timr 10 timer_add_event: event sa_hard_expire(0x86e7ff00)
added before sa_soft_expire(0x844f6400), expiration in 3600s
112534.087157 Sdep 50 pf_key_v2_set_spi: done
112534.087675 Sdep 40 pf_key_v2_convert_id: IPv4 address
89.145.186.243/32
112534.088076 Sdep 40 pf_key_v2_convert_id: IPv4 address
72.21.209.224/32
112534.088437 Sdep 10 pf_key_v2_set_spi: satype 2 dst 89.145.186.243
SPI 0x15ea3039
112534.089740 Sdep 50 pf_key_v2_set_spi: done
112534.089952 Exch 50 ipsec_finalize_exchange: src 169.254.255.2
255.255.255.255 dst 10.32.1.0 255.255.255.0 tproto 0 sport 0 dport 0
112534.090576 Sdep 40 pf_key_v2_convert_id: IPv4 address
89.145.186.243/32
112534.090789 Sdep 40 pf_key_v2_convert_id: IPv4 address
72.21.209.224/32
112534.090948 Sdep 50 pf_key_v2_flow: src 169.254.255.2 255.255.255.255
dst 10.32.1.0 255.255.255.0 proto 0 sport 0 dport 0
112534.091421 Misc 50 pf_key_v2_flow: ADDFLOW: done
112534.091709 Sdep 50 pf_key_v2_flow: src 10.32.1.0 255.255.255.0 dst
169.254.255.2 255.255.255.255 proto 0 sport 0 dport 0
112534.093624 Misc 50 pf_key_v2_flow: ADDFLOW: done
112534.218945 Trpt 50 virtual_clone: old 0x801f01c0 new 0x7f2de640
(main is 0x7f2dedc0)
112534.219112 Cryp 50 crypto_init_iv: initialized IV:
112534.219475 Cryp 50 59fc0cf7 8ef8418a c1e7750b 17458ea9
112534.219540 Mesg 50 message_parse_payloads: offset 28 payload HASH
112534.219600 Mesg 50 message_parse_payloads: offset 52 payload DELETE
112534.219751 Timr 10 timer_add_event: event
exchange_free_aux(0x86e7f100) added before sa_soft_expire(0x86e7f200),
expiration in 120s
112534.219813 Exch 10 exchange_setup_p2: 0x86e7f100 <unnamed> <no
policy> policy responder phase 2 doi 1 exchange 5 step 0
112534.219872 Exch 10 exchange_setup_p2: icookie d69f2a6ad91ba706
rcookie 295fd23e12596bf5
112534.219931 Exch 10 exchange_setup_p2: msgid 8519eadc sa_list
112534.219996 Misc 30 ipsec_responder: phase 2 exchange 5 step 0
112534.220072 SA 30 ipsec_delete_spi_list: DELETE made us delete SA
0x86e7f200 (3 references) for proto 3 (initiator id: 89.145.186.243,
responder id: 72.21.209.224)
112534.220131 Timr 10 timer_remove_event: removing event
sa_hard_expire(0x86e7f200)
112534.220190 Timr 10 timer_remove_event: removing event
sa_soft_expire(0x86e7f200)
112534.220271 Sdep 50 pf_key_v2_flow: src 192.168.124.0 255.255.254.0
dst 10.32.1.0 255.255.255.0 proto 0 sport 0 dport 0
112534.220907 Misc 50 pf_key_v2_flow: DELFLOW: done
112534.221170 Sdep 50 pf_key_v2_delete_spi: removing configuration
from-192.168.124.0/23-to-10.32.1.0/24
112534.221808 Sdep 50 pf_key_v2_delete_spi: done
112534.221949 Sdep 50 pf_key_v2_flow: src 10.32.1.0 255.255.255.0 dst
192.168.124.0 255.255.254.0 proto 0 sport 0 dport 0
112534.222587 Misc 50 pf_key_v2_flow: DELFLOW: done
112534.222650 Sdep 50 pf_key_v2_delete_spi: removing configuration
from-192.168.124.0/23-to-10.32.1.0/24
112534.222887 Sdep 50 pf_key_v2_delete_spi: done
112534.223436 Cryp 50 crypto_update_iv: updated IV:
112534.223522 Cryp 50 42fb5937 5d94b005 f01e4cdf 7af40de5
112534.223585 Exch 10 exchange_finalize: 0x86e7f100 <unnamed> <no
policy> policy responder phase 2 doi 1 exchange 5 step 0
112534.223847 Exch 10 exchange_finalize: icookie d69f2a6ad91ba706
rcookie 295fd23e12596bf5
112534.223932 Exch 10 exchange_finalize: msgid 8519eadc sa_list
112534.223996 Timr 10 timer_remove_event: removing event
exchange_free_aux(0x86e7f100)
112534.224101 Mesg 20 message_free: freeing 0x88fa7d00
112534.224274 Trpt 50 virtual_clone: old 0x801f01c0 new 0x848ca940
(main is 0x7f2dee00)
112534.224395 Cryp 50 crypto_init_iv: initialized IV:
112534.224458 Cryp 50 dfb051d9 f8b307d9 fc56bb1c b1326cf0
112534.224639 Mesg 50 message_parse_payloads: offset 28 payload HASH
112534.224700 Mesg 50 message_parse_payloads: offset 52 payload DELETE
112534.224837 Timr 10 timer_add_event: event
exchange_free_aux(0x86e7f000) added before sa_soft_expire(0x86e7ff00),
expiration in 120s
112534.224899 Exch 10 exchange_setup_p2: 0x86e7f000 <unnamed> <no
policy> policy responder phase 2 doi 1 exchange 5 step 0
112534.224958 Exch 10 exchange_setup_p2: icookie d69f2a6ad91ba706
rcookie 295fd23e12596bf5
112534.225016 Exch 10 exchange_setup_p2: msgid dcbdedbc sa_list
112534.225076 Mesg 50 message_validate_delete: invalid spi (no valid SA
found)
112534.225133 Mesg 20 message_free: freeing 0x88fa7e00
112534.235692 Trpt 50 virtual_clone: old 0x801f01c0 new 0x848cab80
(main is 0x7f2de5c0)
112534.236276 Cryp 50 crypto_init_iv: initialized IV:
112534.236675 Cryp 50 6dfef97c 6e19e1a0 a349c5ed e2ac7f18
112534.237035 Mesg 50 message_parse_payloads: offset 28 payload HASH
112534.237380 Mesg 50 message_parse_payloads: offset 52 payload DELETE
112534.237707 Timr 10 timer_add_event: event
exchange_free_aux(0x86e7f900) added before sa_soft_expire(0x86e7ff00),
expiration in 120s
112534.238165 Exch 10 exchange_setup_p2: 0x86e7f900 <unnamed> <no
policy> policy responder phase 2 doi 1 exchange 5 step 0
112534.238258 Exch 10 exchange_setup_p2: icookie d69f2a6ad91ba706
rcookie 295fd23e12596bf5
112534.239002 Exch 10 exchange_setup_p2: msgid 51952ece sa_list
112534.239227 Misc 30 ipsec_responder: phase 2 exchange 5 step 0
112534.239344 SA 30 ipsec_delete_spi_list: DELETE made us delete SA
0x844f6d00 (3 references) for proto 3 (initiator id: 89.145.186.243,
responder id: 72.21.209.224)
112534.239464 Timr 10 timer_remove_event: removing event
sa_hard_expire(0x844f6d00)
112534.239555 Timr 10 timer_remove_event: removing event
sa_soft_expire(0x844f6d00)
112534.239676 Sdep 50 pf_key_v2_flow: src 192.168.124.0 255.255.254.0
dst 169.254.255.1 255.255.255.255 proto 0 sport 0 dport 0
112534.240125 Misc 50 pf_key_v2_flow: DELFLOW: done
112534.240222 Sdep 50 pf_key_v2_delete_spi: removing configuration
from-192.168.124.0/23-to-169.254.255.1
112534.241460 Sdep 50 pf_key_v2_delete_spi: done
112534.241989 Sdep 50 pf_key_v2_flow: src 169.254.255.1 255.255.255.255
dst 192.168.124.0 255.255.254.0 proto 0 sport 0 dport 0
112534.243641 Misc 50 pf_key_v2_flow: DELFLOW: done
112534.244002 Sdep 50 pf_key_v2_delete_spi: removing configuration
from-192.168.124.0/23-to-169.254.255.1
112534.244839 Sdep 50 pf_key_v2_delete_spi: done
112534.244942 Cryp 50 crypto_update_iv: updated IV:
112534.245046 Cryp 50 bda90410 ed43e994 4c5c32c6 3c9d88c4
112534.245447 Exch 10 exchange_finalize: 0x86e7f900 <unnamed> <no
policy> policy responder phase 2 doi 1 exchange 5 step 0
112534.245829 Exch 10 exchange_finalize: icookie d69f2a6ad91ba706
rcookie 295fd23e12596bf5
112534.246173 Exch 10 exchange_finalize: msgid 51952ece sa_list
112534.246522 Timr 10 timer_remove_event: removing event
exchange_free_aux(0x86e7f900)
112534.246873 Mesg 20 message_free: freeing 0x88fa7d80
112534.247636 Trpt 50 virtual_clone: old 0x801f01c0 new 0x80a38440
(main is 0x848ca940)
112534.247994 Cryp 50 crypto_init_iv: initialized IV:
112534.248430 Cryp 50 c624de90 1cfd5c09 0f8fb180 c84ee11a
112534.249089 Mesg 50 message_parse_payloads: offset 28 payload HASH
112534.249160 Mesg 50 message_parse_payloads: offset 52 payload DELETE
112534.249292 Timr 10 timer_add_event: event
exchange_free_aux(0x844f6d00) added before sa_soft_expire(0x86e7ff00),
expiration in 120s
112534.249354 Exch 10 exchange_setup_p2: 0x844f6d00 <unnamed> <no
policy> policy responder phase 2 doi 1 exchange 5 step 0
112534.249413 Exch 10 exchange_setup_p2: icookie d69f2a6ad91ba706
rcookie 295fd23e12596bf5
112534.249471 Exch 10 exchange_setup_p2: msgid 66f3cccb sa_list
112534.249531 Mesg 50 message_validate_delete: invalid spi (no valid SA
found)
112534.249619 Mesg 20 message_free: freeing 0x88fa7380
=== isakmpd -dK4D A=50 when it reconnects ===
112544.305365 Trpt 50 virtual_clone: old 0x801f01c0 new 0x848cab80
(main is 0x7f2de5c0)
112544.306047 Cryp 50 crypto_init_iv: initialized IV:
112544.306478 Cryp 50 f33c3224 733aebcc 86fda91d 1d456e6b
112544.306848 Mesg 50 message_parse_payloads: offset 28 payload HASH
112544.307207 Mesg 50 message_parse_payloads: offset 52 payload NOTIFY
112544.307642 Timr 10 timer_add_event: event
exchange_free_aux(0x86e7f100) added before sa_soft_expire(0x86e7ff00),
expiration in 120s
112544.307741 Exch 10 exchange_setup_p2: 0x86e7f100 <unnamed> <no
policy> policy responder phase 2 doi 1 exchange 5 step 0
112544.307834 Exch 10 exchange_setup_p2: icookie d69f2a6ad91ba706
rcookie 295fd23e12596bf5
112544.307993 Exch 10 exchange_setup_p2: msgid 1f247d05 sa_list
112544.308092 Misc 30 ipsec_responder: phase 2 exchange 5 step 0
112544.308182 Exch 10 ipsec_responder: got NOTIFY of type
STATUS_DPD_R_U_THERE
112544.308519 Mesg 40 dpd_handle_notify: got STATUS_DPD_R_U_THERE seq
12696424
112544.309060 Timr 10 timer_add_event: event
exchange_free_aux(0x86e7fb00) added before sa_soft_expire(0x86e7ff00),
expiration in 120s
112544.309180 Exch 10 exchange_establish_p2: 0x86e7fb00 <unnamed> <no
policy> policy initiator phase 2 doi 1 exchange 5 step 0
112544.309269 Exch 10 exchange_establish_p2: icookie d69f2a6ad91ba706
rcookie 295fd23e12596bf5
112544.309360 Exch 10 exchange_establish_p2: msgid d119bf2c sa_list
112544.309754 Cryp 50 crypto_init_iv: initialized IV:
112544.310135 Cryp 50 209e9142 9fc6cc5e 06a2328b f7f0c036
112544.310516 Cryp 50 crypto_update_iv: updated IV:
112544.310679 Cryp 50 b7b5e8a5 e8da1f34 8d86c8c3 4250f912
112544.310876 Exch 40 exchange_run: exchange 0x86e7fb00 finished step
0, advancing...
112544.311238 Cryp 50 crypto_update_iv: updated IV:
112544.311624 Cryp 50 160f6b5f 11e6a618 ef723a01 7c31568d
112544.311919 Exch 10 exchange_finalize: 0x86e7f100 <unnamed> <no
policy> policy responder phase 2 doi 1 exchange 5 step 0
112544.312012 Exch 10 exchange_finalize: icookie d69f2a6ad91ba706
rcookie 295fd23e12596bf5
112544.312105 Exch 10 exchange_finalize: msgid 1f247d05 sa_list
112544.312207 Timr 10 timer_remove_event: removing event
exchange_free_aux(0x86e7f100)
112544.312296 Mesg 20 message_free: freeing 0x88fa7400
112544.312611 Exch 10 exchange_finalize: 0x86e7fb00 <unnamed> <no
policy> policy initiator phase 2 doi 1 exchange 5 step 1
112544.312710 Exch 10 exchange_finalize: icookie d69f2a6ad91ba706
rcookie 295fd23e12596bf5
112544.312864 Exch 10 exchange_finalize: msgid d119bf2c sa_list
112544.312980 Timr 10 timer_remove_event: removing event
exchange_free_aux(0x86e7fb00)
112544.313072 Mesg 20 message_free: freeing 0x88fa7380
=== ipsecctl -m when is disconnects ===
sadb_getspi: satype esp vers 2 len 10 seq 353 pid 2604
address_src: 72.21.209.224
address_dst: 89.145.186.243
spirange: min 0x00000100 max 0xffffffff
sadb_getspi: satype esp vers 2 len 10 seq 353 pid 2604
sa: spi 0x0149a34e auth none enc none
state mature replay 0 flags 0<>
address_src: 72.21.209.224
address_dst: 89.145.186.243
sadb_getspi: satype esp vers 2 len 10 seq 354 pid 2604
address_src: 72.21.209.224
address_dst: 89.145.186.243
spirange: min 0x00000100 max 0xffffffff
sadb_getspi: satype esp vers 2 len 10 seq 354 pid 2604
sa: spi 0x5bcc2218 auth none enc none
state mature replay 0 flags 0<>
address_src: 72.21.209.224
address_dst: 89.145.186.243
sadb_add: satype esp vers 2 len 49 seq 355 pid 2604
sa: spi 0x15ce89b2 auth hmac-sha1 enc aes
state mature replay 16 flags 0x4<tunnel>
lifetime_hard: alloc 0 bytes 0 add 3600 first 0
lifetime_soft: alloc 0 bytes 0 add 3240 first 0
address_src: 89.145.186.243
address_dst: 72.21.209.224
key_auth: bits 160: ccf152b89fad9d7c6867102a47aa9a364420db97
key_encrypt: bits 128: ada4ab350a4b99bf870730c7952123da
identity_src: type prefix id 0: 89.145.186.243/32
identity_dst: type prefix id 0: 72.21.209.224/32
src_mask: 255.255.255.255
dst_mask: 255.255.255.255
protocol: proto 0 flags 0
flow_type: type unknown direction out
src_flow: 169.254.255.2
dst_flow: 169.254.255.1
sadb_add: satype esp vers 2 len 42 seq 355 pid 2604
sa: spi 0x15ce89b2 auth hmac-sha1 enc aes
state mature replay 16 flags 0x4<tunnel>
lifetime_hard: alloc 0 bytes 0 add 3600 first 0
lifetime_soft: alloc 0 bytes 0 add 3240 first 0
address_src: 89.145.186.243
address_dst: 72.21.209.224
identity_src: type prefix id 0: 89.145.186.243/32
identity_dst: type prefix id 0: 72.21.209.224/32
src_mask: 255.255.255.255
dst_mask: 255.255.255.255
protocol: proto 0 flags 0
flow_type: type unknown direction out
src_flow: 169.254.255.2
dst_flow: 169.254.255.1
sadb_update: satype esp vers 2 len 49 seq 356 pid 2604
sa: spi 0x0149a34e auth hmac-sha1 enc aes
state mature replay 16 flags 0x4<tunnel>
lifetime_hard: alloc 0 bytes 0 add 3600 first 0
lifetime_soft: alloc 0 bytes 0 add 3240 first 0
address_src: 72.21.209.224
address_dst: 89.145.186.243
key_auth: bits 160: b5acf6afa0fc18cf3aabe3dbd7920e5bf6cd43c3
key_encrypt: bits 128: fffef9887da19803b4f258bf1dd209e5
identity_src: type prefix id 0: 72.21.209.224/32
identity_dst: type prefix id 0: 89.145.186.243/32
src_mask: 255.255.255.255
dst_mask: 255.255.255.255
protocol: proto 0 flags 0
flow_type: type unknown direction in
src_flow: 169.254.255.1
dst_flow: 169.254.255.2
sadb_update: satype esp vers 2 len 42 seq 356 pid 2604
sa: spi 0x0149a34e auth hmac-sha1 enc aes
state mature replay 16 flags 0x4<tunnel>
lifetime_hard: alloc 0 bytes 0 add 3600 first 0
lifetime_soft: alloc 0 bytes 0 add 3240 first 0
address_src: 72.21.209.224
address_dst: 89.145.186.243
identity_src: type prefix id 0: 72.21.209.224/32
identity_dst: type prefix id 0: 89.145.186.243/32
src_mask: 255.255.255.255
dst_mask: 255.255.255.255
protocol: proto 0 flags 0
flow_type: type unknown direction in
src_flow: 169.254.255.1
dst_flow: 169.254.255.2
sadb_addflow: satype esp vers 2 len 29 seq 357 pid 2604
address_dst: 72.21.209.224
identity_src: type prefix id 0: 89.145.186.243/32
identity_dst: type prefix id 0: 72.21.209.224/32
src_mask: 255.255.255.255
dst_mask: 255.255.255.255
protocol: proto 0 flags 0
flow_type: type require direction out
src_flow: 169.254.255.2
dst_flow: 169.254.255.1
sadb_addflow: satype esp vers 2 len 29 seq 357 pid 2604
address_dst: 72.21.209.224
identity_src: type prefix id 0: 89.145.186.243/32
identity_dst: type prefix id 0: 72.21.209.224/32
src_mask: 255.255.255.255
dst_mask: 255.255.255.255
protocol: proto 0 flags 0
flow_type: type require direction out
src_flow: 169.254.255.2
dst_flow: 169.254.255.1
sadb_addflow: satype esp vers 2 len 29 seq 358 pid 2604
address_dst: 72.21.209.224
identity_src: type prefix id 0: 89.145.186.243/32
identity_dst: type prefix id 0: 72.21.209.224/32
src_mask: 255.255.255.255
dst_mask: 255.255.255.255
protocol: proto 0 flags 0
flow_type: type use direction in
src_flow: 169.254.255.1
dst_flow: 169.254.255.2
sadb_addflow: satype esp vers 2 len 29 seq 358 pid 2604
address_dst: 72.21.209.224
identity_src: type prefix id 0: 89.145.186.243/32
identity_dst: type prefix id 0: 72.21.209.224/32
src_mask: 255.255.255.255
dst_mask: 255.255.255.255
protocol: proto 0 flags 0
flow_type: type use direction in
src_flow: 169.254.255.1
dst_flow: 169.254.255.2
sadb_add: satype esp vers 2 len 49 seq 359 pid 2604
sa: spi 0xd2c0c58b auth hmac-sha1 enc aes
state mature replay 16 flags 0x4<tunnel>
lifetime_hard: alloc 0 bytes 0 add 3600 first 0
lifetime_soft: alloc 0 bytes 0 add 3240 first 0
address_src: 89.145.186.243
address_dst: 72.21.209.224
key_auth: bits 160: 6459829f7012868e3bf135cb57da0cda46d78fbf
key_encrypt: bits 128: 36716e4bd7c2e96570186afda33775de
identity_src: type prefix id 0: 89.145.186.243/32
identity_dst: type prefix id 0: 72.21.209.224/32
src_mask: 255.255.255.255
dst_mask: 255.255.255.0
protocol: proto 0 flags 0
flow_type: type unknown direction out
src_flow: 169.254.255.2
dst_flow: 10.32.1.0
sadb_add: satype esp vers 2 len 42 seq 359 pid 2604
sa: spi 0xd2c0c58b auth hmac-sha1 enc aes
state mature replay 16 flags 0x4<tunnel>
lifetime_hard: alloc 0 bytes 0 add 3600 first 0
lifetime_soft: alloc 0 bytes 0 add 3240 first 0
address_src: 89.145.186.243
address_dst: 72.21.209.224
identity_src: type prefix id 0: 89.145.186.243/32
identity_dst: type prefix id 0: 72.21.209.224/32
src_mask: 255.255.255.255
dst_mask: 255.255.255.0
protocol: proto 0 flags 0
flow_type: type unknown direction out
src_flow: 169.254.255.2
dst_flow: 10.32.1.0
sadb_update: satype esp vers 2 len 49 seq 360 pid 2604
sa: spi 0x5bcc2218 auth hmac-sha1 enc aes
state mature replay 16 flags 0x4<tunnel>
lifetime_hard: alloc 0 bytes 0 add 3600 first 0
lifetime_soft: alloc 0 bytes 0 add 3240 first 0
address_src: 72.21.209.224
address_dst: 89.145.186.243
key_auth: bits 160: 6bd01e713af7045130e17e997b24ad0a71ec3501
key_encrypt: bits 128: 50ee0186fe349589ceeb849618014382
identity_src: type prefix id 0: 72.21.209.224/32
identity_dst: type prefix id 0: 89.145.186.243/32
src_mask: 255.255.255.0
dst_mask: 255.255.255.255
protocol: proto 0 flags 0
flow_type: type unknown direction in
src_flow: 10.32.1.0
dst_flow: 169.254.255.2
sadb_update: satype esp vers 2 len 42 seq 360 pid 2604
sa: spi 0x5bcc2218 auth hmac-sha1 enc aes
state mature replay 16 flags 0x4<tunnel>
lifetime_hard: alloc 0 bytes 0 add 3600 first 0
lifetime_soft: alloc 0 bytes 0 add 3240 first 0
address_src: 72.21.209.224
address_dst: 89.145.186.243
identity_src: type prefix id 0: 72.21.209.224/32
identity_dst: type prefix id 0: 89.145.186.243/32
src_mask: 255.255.255.0
dst_mask: 255.255.255.255
protocol: proto 0 flags 0
flow_type: type unknown direction in
src_flow: 10.32.1.0
dst_flow: 169.254.255.2
sadb_addflow: satype esp vers 2 len 29 seq 361 pid 2604
address_dst: 72.21.209.224
identity_src: type prefix id 0: 89.145.186.243/32
identity_dst: type prefix id 0: 72.21.209.224/32
src_mask: 255.255.255.255
dst_mask: 255.255.255.0
protocol: proto 0 flags 0
flow_type: type require direction out
src_flow: 169.254.255.2
dst_flow: 10.32.1.0
sadb_addflow: satype esp vers 2 len 29 seq 361 pid 2604
address_dst: 72.21.209.224
identity_src: type prefix id 0: 89.145.186.243/32
identity_dst: type prefix id 0: 72.21.209.224/32
src_mask: 255.255.255.255
dst_mask: 255.255.255.0
protocol: proto 0 flags 0
flow_type: type require direction out
src_flow: 169.254.255.2
dst_flow: 10.32.1.0
sadb_addflow: satype esp vers 2 len 29 seq 362 pid 2604
address_dst: 72.21.209.224
identity_src: type prefix id 0: 89.145.186.243/32
identity_dst: type prefix id 0: 72.21.209.224/32
src_mask: 255.255.255.0
dst_mask: 255.255.255.255
protocol: proto 0 flags 0
flow_type: type use direction in
src_flow: 10.32.1.0
dst_flow: 169.254.255.2
sadb_addflow: satype esp vers 2 len 29 seq 362 pid 2604
address_dst: 72.21.209.224
identity_src: type prefix id 0: 89.145.186.243/32
identity_dst: type prefix id 0: 72.21.209.224/32
src_mask: 255.255.255.0
dst_mask: 255.255.255.255
protocol: proto 0 flags 0
flow_type: type use direction in
src_flow: 10.32.1.0
dst_flow: 169.254.255.2
sadb_delflow: satype esp vers 2 len 16 seq 363 pid 2604
src_mask: 255.255.254.0
dst_mask: 255.255.255.255
protocol: proto 0 flags 0
flow_type: type require direction out
src_flow: 192.168.124.0
dst_flow: 169.254.255.1
sadb_delflow: satype esp vers 2 len 16 seq 363 pid 2604
src_mask: 255.255.254.0
dst_mask: 255.255.255.255
protocol: proto 0 flags 0
flow_type: type require direction out
src_flow: 192.168.124.0
dst_flow: 169.254.255.1
sadb_delete: satype esp vers 2 len 10 seq 364 pid 2604
sa: spi 0xf75125c7 auth none enc none
state larval replay 0 flags 0<>
address_src: 89.145.186.243
address_dst: 72.21.209.224
sadb_delete: satype esp vers 2 len 10 seq 364 pid 2604
sa: spi 0xf75125c7 auth none enc none
state larval replay 0 flags 0<>
address_src: 89.145.186.243
address_dst: 72.21.209.224
sadb_delflow: satype esp vers 2 len 16 seq 365 pid 2604
src_mask: 255.255.255.255
dst_mask: 255.255.254.0
protocol: proto 0 flags 0
flow_type: type use direction in
src_flow: 169.254.255.1
dst_flow: 192.168.124.0
sadb_delflow: satype esp vers 2 len 16 seq 365 pid 2604
src_mask: 255.255.255.255
dst_mask: 255.255.254.0
protocol: proto 0 flags 0
flow_type: type use direction in
src_flow: 169.254.255.1
dst_flow: 192.168.124.0
sadb_delete: satype esp vers 2 len 10 seq 366 pid 2604
sa: spi 0x6edb17fe auth none enc none
state larval replay 0 flags 0<>
address_src: 72.21.209.224
address_dst: 89.145.186.243
sadb_delete: satype esp vers 2 len 10 seq 366 pid 2604
sa: spi 0x6edb17fe auth none enc none
state larval replay 0 flags 0<>
address_src: 72.21.209.224
address_dst: 89.145.186.243
sadb_delflow: satype esp vers 2 len 16 seq 367 pid 2604
src_mask: 255.255.254.0
dst_mask: 255.255.255.0
protocol: proto 0 flags 0
flow_type: type require direction out
src_flow: 192.168.124.0
dst_flow: 10.32.1.0
sadb_delflow: satype esp vers 2 len 16 seq 367 pid 2604
src_mask: 255.255.254.0
dst_mask: 255.255.255.0
protocol: proto 0 flags 0
flow_type: type require direction out
src_flow: 192.168.124.0
dst_flow: 10.32.1.0
sadb_delete: satype esp vers 2 len 10 seq 368 pid 2604
sa: spi 0xb73236d6 auth none enc none
state larval replay 0 flags 0<>
address_src: 89.145.186.243
address_dst: 72.21.209.224
sadb_delete: satype esp vers 2 len 10 seq 368 pid 2604
sa: spi 0xb73236d6 auth none enc none
state larval replay 0 flags 0<>
address_src: 89.145.186.243
address_dst: 72.21.209.224
sadb_delflow: satype esp vers 2 len 16 seq 369 pid 2604
src_mask: 255.255.255.0
dst_mask: 255.255.254.0
protocol: proto 0 flags 0
flow_type: type use direction in
src_flow: 10.32.1.0
dst_flow: 192.168.124.0
sadb_delflow: satype esp vers 2 len 16 seq 369 pid 2604
src_mask: 255.255.255.0
dst_mask: 255.255.254.0
protocol: proto 0 flags 0
flow_type: type use direction in
src_flow: 10.32.1.0
dst_flow: 192.168.124.0
sadb_delete: satype esp vers 2 len 10 seq 370 pid 2604
sa: spi 0x4e6b8db2 auth none enc none
state larval replay 0 flags 0<>
address_src: 72.21.209.224
address_dst: 89.145.186.243
sadb_delete: satype esp vers 2 len 10 seq 370 pid 2604
sa: spi 0x4e6b8db2 auth none enc none
state larval replay 0 flags 0<>
address_src: 72.21.209.224
address_dst: 89.145.186.243
=== ipsecctl -m when it reconnects ===
sadb_getspi: satype esp vers 2 len 10 seq 407 pid 2604
address_src: 72.21.209.224
address_dst: 89.145.186.243
spirange: min 0x00000100 max 0xffffffff
sadb_getspi: satype esp vers 2 len 10 seq 407 pid 2604
sa: spi 0x6bb10996 auth none enc none
state mature replay 0 flags 0<>
address_src: 72.21.209.224
address_dst: 89.145.186.243
sadb_getspi: satype esp vers 2 len 10 seq 408 pid 2604
address_src: 72.21.209.224
address_dst: 89.145.186.243
spirange: min 0x00000100 max 0xffffffff
sadb_getspi: satype esp vers 2 len 10 seq 408 pid 2604
sa: spi 0xd84c944b auth none enc none
state mature replay 0 flags 0<>
address_src: 72.21.209.224
address_dst: 89.145.186.243
sadb_add: satype esp vers 2 len 49 seq 409 pid 2604
sa: spi 0x3620df6c auth hmac-sha1 enc aes
state mature replay 16 flags 0x4<tunnel>
lifetime_hard: alloc 0 bytes 0 add 3600 first 0
lifetime_soft: alloc 0 bytes 0 add 3240 first 0
address_src: 89.145.186.243
address_dst: 72.21.209.224
key_auth: bits 160: cc1fa94eb6d334abe8cffe31c94d52f4490b80cc
key_encrypt: bits 128: 3dc2385d8db54ac129af9b94bd2c19aa
identity_src: type prefix id 0: 89.145.186.243/32
identity_dst: type prefix id 0: 72.21.209.224/32
src_mask: 255.255.254.0
dst_mask: 255.255.255.255
protocol: proto 0 flags 0
flow_type: type unknown direction out
src_flow: 192.168.124.0
dst_flow: 169.254.255.1
sadb_add: satype esp vers 2 len 42 seq 409 pid 2604
sa: spi 0x3620df6c auth hmac-sha1 enc aes
state mature replay 16 flags 0x4<tunnel>
lifetime_hard: alloc 0 bytes 0 add 3600 first 0
lifetime_soft: alloc 0 bytes 0 add 3240 first 0
address_src: 89.145.186.243
address_dst: 72.21.209.224
identity_src: type prefix id 0: 89.145.186.243/32
identity_dst: type prefix id 0: 72.21.209.224/32
src_mask: 255.255.254.0
dst_mask: 255.255.255.255
protocol: proto 0 flags 0
flow_type: type unknown direction out
src_flow: 192.168.124.0
dst_flow: 169.254.255.1
sadb_update: satype esp vers 2 len 49 seq 410 pid 2604
sa: spi 0x6bb10996 auth hmac-sha1 enc aes
state mature replay 16 flags 0x4<tunnel>
lifetime_hard: alloc 0 bytes 0 add 3600 first 0
lifetime_soft: alloc 0 bytes 0 add 3240 first 0
address_src: 72.21.209.224
address_dst: 89.145.186.243
key_auth: bits 160: 30883241ef84da6d84a04e19d5f04dcd98978a8d
key_encrypt: bits 128: e034ad48f0435d458eed1df233113fde
identity_src: type prefix id 0: 72.21.209.224/32
identity_dst: type prefix id 0: 89.145.186.243/32
src_mask: 255.255.255.255
dst_mask: 255.255.254.0
protocol: proto 0 flags 0
flow_type: type unknown direction in
src_flow: 169.254.255.1
dst_flow: 192.168.124.0
sadb_update: satype esp vers 2 len 42 seq 410 pid 2604
sa: spi 0x6bb10996 auth hmac-sha1 enc aes
state mature replay 16 flags 0x4<tunnel>
lifetime_hard: alloc 0 bytes 0 add 3600 first 0
lifetime_soft: alloc 0 bytes 0 add 3240 first 0
address_src: 72.21.209.224
address_dst: 89.145.186.243
identity_src: type prefix id 0: 72.21.209.224/32
identity_dst: type prefix id 0: 89.145.186.243/32
src_mask: 255.255.255.255
dst_mask: 255.255.254.0
protocol: proto 0 flags 0
flow_type: type unknown direction in
src_flow: 169.254.255.1
dst_flow: 192.168.124.0
sadb_addflow: satype esp vers 2 len 29 seq 411 pid 2604
address_dst: 72.21.209.224
identity_src: type prefix id 0: 89.145.186.243/32
identity_dst: type prefix id 0: 72.21.209.224/32
src_mask: 255.255.254.0
dst_mask: 255.255.255.255
protocol: proto 0 flags 0
flow_type: type require direction out
src_flow: 192.168.124.0
dst_flow: 169.254.255.1
sadb_addflow: satype esp vers 2 len 29 seq 411 pid 2604
address_dst: 72.21.209.224
identity_src: type prefix id 0: 89.145.186.243/32
identity_dst: type prefix id 0: 72.21.209.224/32
src_mask: 255.255.254.0
dst_mask: 255.255.255.255
protocol: proto 0 flags 0
flow_type: type require direction out
src_flow: 192.168.124.0
dst_flow: 169.254.255.1
sadb_addflow: satype esp vers 2 len 29 seq 412 pid 2604
address_dst: 72.21.209.224
identity_src: type prefix id 0: 89.145.186.243/32
identity_dst: type prefix id 0: 72.21.209.224/32
src_mask: 255.255.255.255
dst_mask: 255.255.254.0
protocol: proto 0 flags 0
flow_type: type use direction in
src_flow: 169.254.255.1
dst_flow: 192.168.124.0
sadb_addflow: satype esp vers 2 len 29 seq 412 pid 2604
address_dst: 72.21.209.224
identity_src: type prefix id 0: 89.145.186.243/32
identity_dst: type prefix id 0: 72.21.209.224/32
src_mask: 255.255.255.255
dst_mask: 255.255.254.0
protocol: proto 0 flags 0
flow_type: type use direction in
src_flow: 169.254.255.1
dst_flow: 192.168.124.0
sadb_add: satype esp vers 2 len 49 seq 413 pid 2604
sa: spi 0x962ca4b7 auth hmac-sha1 enc aes
state mature replay 16 flags 0x4<tunnel>
lifetime_hard: alloc 0 bytes 0 add 3600 first 0
lifetime_soft: alloc 0 bytes 0 add 3240 first 0
address_src: 89.145.186.243
address_dst: 72.21.209.224
key_auth: bits 160: 8e1e5b8a53ababeba7554b28b31cdeb3d7b393ee
key_encrypt: bits 128: 1de89eadb2d40283c03bc489d10ab30d
identity_src: type prefix id 0: 89.145.186.243/32
identity_dst: type prefix id 0: 72.21.209.224/32
src_mask: 255.255.254.0
dst_mask: 255.255.255.0
protocol: proto 0 flags 0
flow_type: type unknown direction out
src_flow: 192.168.124.0
dst_flow: 10.32.1.0
sadb_add: satype esp vers 2 len 42 seq 413 pid 2604
sa: spi 0x962ca4b7 auth hmac-sha1 enc aes
state mature replay 16 flags 0x4<tunnel>
lifetime_hard: alloc 0 bytes 0 add 3600 first 0
lifetime_soft: alloc 0 bytes 0 add 3240 first 0
address_src: 89.145.186.243
address_dst: 72.21.209.224
identity_src: type prefix id 0: 89.145.186.243/32
identity_dst: type prefix id 0: 72.21.209.224/32
src_mask: 255.255.254.0
dst_mask: 255.255.255.0
protocol: proto 0 flags 0
flow_type: type unknown direction out
src_flow: 192.168.124.0
dst_flow: 10.32.1.0
sadb_update: satype esp vers 2 len 49 seq 414 pid 2604
sa: spi 0xd84c944b auth hmac-sha1 enc aes
state mature replay 16 flags 0x4<tunnel>
lifetime_hard: alloc 0 bytes 0 add 3600 first 0
lifetime_soft: alloc 0 bytes 0 add 3240 first 0
address_src: 72.21.209.224
address_dst: 89.145.186.243
key_auth: bits 160: 53119647cea59bb74b1b945c2076981a6836bccc
key_encrypt: bits 128: 5fcd416b4fe3171effec5176d1fd5504
identity_src: type prefix id 0: 72.21.209.224/32
identity_dst: type prefix id 0: 89.145.186.243/32
src_mask: 255.255.255.0
dst_mask: 255.255.254.0
protocol: proto 0 flags 0
flow_type: type unknown direction in
src_flow: 10.32.1.0
dst_flow: 192.168.124.0
sadb_update: satype esp vers 2 len 42 seq 414 pid 2604
sa: spi 0xd84c944b auth hmac-sha1 enc aes
state mature replay 16 flags 0x4<tunnel>
lifetime_hard: alloc 0 bytes 0 add 3600 first 0
lifetime_soft: alloc 0 bytes 0 add 3240 first 0
address_src: 72.21.209.224
address_dst: 89.145.186.243
identity_src: type prefix id 0: 72.21.209.224/32
identity_dst: type prefix id 0: 89.145.186.243/32
src_mask: 255.255.255.0
dst_mask: 255.255.254.0
protocol: proto 0 flags 0
flow_type: type unknown direction in
src_flow: 10.32.1.0
dst_flow: 192.168.124.0
sadb_addflow: satype esp vers 2 len 29 seq 415 pid 2604
address_dst: 72.21.209.224
identity_src: type prefix id 0: 89.145.186.243/32
identity_dst: type prefix id 0: 72.21.209.224/32
src_mask: 255.255.254.0
dst_mask: 255.255.255.0
protocol: proto 0 flags 0
flow_type: type require direction out
src_flow: 192.168.124.0
dst_flow: 10.32.1.0
sadb_addflow: satype esp vers 2 len 29 seq 415 pid 2604
address_dst: 72.21.209.224
identity_src: type prefix id 0: 89.145.186.243/32
identity_dst: type prefix id 0: 72.21.209.224/32
src_mask: 255.255.254.0
dst_mask: 255.255.255.0
protocol: proto 0 flags 0
flow_type: type require direction out
src_flow: 192.168.124.0
dst_flow: 10.32.1.0
sadb_addflow: satype esp vers 2 len 29 seq 416 pid 2604
address_dst: 72.21.209.224
identity_src: type prefix id 0: 89.145.186.243/32
identity_dst: type prefix id 0: 72.21.209.224/32
src_mask: 255.255.255.0
dst_mask: 255.255.254.0
protocol: proto 0 flags 0
flow_type: type use direction in
src_flow: 10.32.1.0
dst_flow: 192.168.124.0
sadb_addflow: satype esp vers 2 len 29 seq 416 pid 2604
address_dst: 72.21.209.224
identity_src: type prefix id 0: 89.145.186.243/32
identity_dst: type prefix id 0: 72.21.209.224/32
src_mask: 255.255.255.0
dst_mask: 255.255.254.0
protocol: proto 0 flags 0
flow_type: type use direction in
src_flow: 10.32.1.0
dst_flow: 192.168.124.0
sadb_delflow: satype esp vers 2 len 16 seq 417 pid 2604
src_mask: 255.255.255.255
dst_mask: 255.255.255.255
protocol: proto 0 flags 0
flow_type: type require direction out
src_flow: 169.254.255.2
dst_flow: 169.254.255.1
sadb_delflow: satype esp vers 2 len 16 seq 417 pid 2604
src_mask: 255.255.255.255
dst_mask: 255.255.255.255
protocol: proto 0 flags 0
flow_type: type require direction out
src_flow: 169.254.255.2
dst_flow: 169.254.255.1
sadb_delete: satype esp vers 2 len 10 seq 418 pid 2604
sa: spi 0x63564d47 auth none enc none
state larval replay 0 flags 0<>
address_src: 89.145.186.243
address_dst: 72.21.209.224
sadb_delete: satype esp vers 2 len 10 seq 418 pid 2604
sa: spi 0x63564d47 auth none enc none
state larval replay 0 flags 0<>
address_src: 89.145.186.243
address_dst: 72.21.209.224
sadb_delflow: satype esp vers 2 len 16 seq 419 pid 2604
src_mask: 255.255.255.255
dst_mask: 255.255.255.255
protocol: proto 0 flags 0
flow_type: type use direction in
src_flow: 169.254.255.1
dst_flow: 169.254.255.2
sadb_delflow: satype esp vers 2 len 16 seq 419 pid 2604
src_mask: 255.255.255.255
dst_mask: 255.255.255.255
protocol: proto 0 flags 0
flow_type: type use direction in
src_flow: 169.254.255.1
dst_flow: 169.254.255.2
sadb_delete: satype esp vers 2 len 10 seq 420 pid 2604
sa: spi 0xc1df9918 auth none enc none
state larval replay 0 flags 0<>
address_src: 72.21.209.224
address_dst: 89.145.186.243
sadb_delete: satype esp vers 2 len 10 seq 420 pid 2604
sa: spi 0xc1df9918 auth none enc none
state larval replay 0 flags 0<>
address_src: 72.21.209.224
address_dst: 89.145.186.243
sadb_delflow: satype esp vers 2 len 16 seq 421 pid 2604
src_mask: 255.255.255.255
dst_mask: 255.255.255.0
protocol: proto 0 flags 0
flow_type: type require direction out
src_flow: 169.254.255.2
dst_flow: 10.32.1.0
sadb_delflow: satype esp vers 2 len 16 seq 421 pid 2604
src_mask: 255.255.255.255
dst_mask: 255.255.255.0
protocol: proto 0 flags 0
flow_type: type require direction out
src_flow: 169.254.255.2
dst_flow: 10.32.1.0
sadb_delete: satype esp vers 2 len 10 seq 422 pid 2604
sa: spi 0xeb2c7c94 auth none enc none
state larval replay 0 flags 0<>
address_src: 89.145.186.243
address_dst: 72.21.209.224
sadb_delete: satype esp vers 2 len 10 seq 422 pid 2604
sa: spi 0xeb2c7c94 auth none enc none
state larval replay 0 flags 0<>
address_src: 89.145.186.243
address_dst: 72.21.209.224
sadb_delflow: satype esp vers 2 len 16 seq 423 pid 2604
src_mask: 255.255.255.0
dst_mask: 255.255.255.255
protocol: proto 0 flags 0
flow_type: type use direction in
src_flow: 10.32.1.0
dst_flow: 169.254.255.2
sadb_delflow: satype esp vers 2 len 16 seq 423 pid 2604
src_mask: 255.255.255.0
dst_mask: 255.255.255.255
protocol: proto 0 flags 0
flow_type: type use direction in
src_flow: 10.32.1.0
dst_flow: 169.254.255.2
sadb_delete: satype esp vers 2 len 10 seq 424 pid 2604
sa: spi 0xec9aff9f auth none enc none
state larval replay 0 flags 0<>
address_src: 72.21.209.224
address_dst: 89.145.186.243
sadb_delete: satype esp vers 2 len 10 seq 424 pid 2604
sa: spi 0xec9aff9f auth none enc none
state larval replay 0 flags 0<>
address_src: 72.21.209.224
address_dst: 89.145.186.243
