Hi Daniel/Andreas
Here is the charon log file for the ikev2 case.
This is the ipsec.conf that I am using.
config setup
strictcrlpolicy=no
plutodebug=none
plutostart=yes
charonstart=yes
charondebug="dmn 2, mgr 2, ike 2, chd 2, job 2, cfg 2, knl 2, net 2,
lib 2"
nat_traversal=no
ca ipsec
cacert=CACERT.pem
auto=add
conn %default
ikelifetime=60m
keylife=5m
rekeymargin=1m
rekeyfuzz=0%
keyingtries=1
keyexchange=ikev2
mobike=no
conn host-host
left=10.10.10.5
leftsubnet=10.10.10.0/24
leftcert=BTS_CERT.pem
leftsendcert=never
right=10.10.10.2
rightsubnet=10.10.10.0/24
rightcert=BTS_CERT.pem
rightsendcert=never
rightid=%any
auto=start
I am using strongswan 4.3.4.
One more thing I wanted to ask : if I don't know the DN of the peer
certificate, can i mention my rightid as %any (as I have done here)
Thanks & Regards,
Ashish
On 1/5/10, Daniel Mentz
<[email protected]<danielml%[email protected]>>
wrote:
>
> ashish mahalka wrote:
>
>> Currently in my ipsec.conf this is what I have:
>> charondebug="dmn 2, mgr 2, ike 2, chd 2, job 2, cfg 2, knl 2, net 2, lib
>> 2"
>>
>
> That's ok. Awaiting the log file tomorrow.
>
Jan 5 11:47:57 ipsec01-axc charon: 01[DMN] Starting IKEv2 charon daemon
(strongSwan 4.3.4)
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] plugin 'aes': loaded successfully
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] plugin 'des': loaded successfully
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] plugin 'sha1': loaded successfully
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] plugin 'sha2': loaded successfully
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] plugin 'md5': loaded successfully
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] plugin 'fips-prf': loaded
successfully
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] plugin 'random': loaded successfully
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] plugin 'x509': loaded successfully
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] plugin 'pubkey': loaded successfully
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] plugin 'xcbc': loaded successfully
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] plugin 'hmac': loaded successfully
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] plugin 'gmp': loaded successfully
Jan 5 11:47:57 ipsec01-axc charon: 01[KNL] listening on interfaces:
Jan 5 11:47:57 ipsec01-axc charon: 01[KNL] eth0
Jan 5 11:47:57 ipsec01-axc charon: 01[KNL] 10.120.165.230
Jan 5 11:47:57 ipsec01-axc charon: 01[KNL] fe80::207:e9ff:fe0f:9102
Jan 5 11:47:57 ipsec01-axc charon: 01[KNL] eth1
Jan 5 11:47:57 ipsec01-axc charon: 01[KNL] 10.10.10.5
Jan 5 11:47:57 ipsec01-axc charon: 01[KNL] fe80::225:11ff:fe37:393a
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] plugin 'kernel-netlink': loaded
successfully
Jan 5 11:47:57 ipsec01-axc charon: 01[CFG] loading ca certificates from
'/etc/ipsec.d/cacerts'
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] loading
'/etc/ipsec.d/cacerts/CACERT.pem' (2094 bytes)
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] file content is not binary ASN.1
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] -----BEGIN CERTIFICATE-----
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] -----END CERTIFICATE-----
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] file coded in PEM format
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] L0 - x509:
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] L1 - tbsCertificate:
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] L2 - DEFAULT v1:
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] L3 - version:
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] v3
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] L2 - serialNumber:
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] L2 - signature:
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] L3 - algorithmIdentifier:
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] L4 - algorithm:
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] 'sha-1WithRSAEncryption'
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] L2 - issuer:
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] 'CN=WIPRO NSN ODC Test Root CA,
OU=CertificateAuthorityRoot, OU=Root, DC=FTMAXCWiproODC090309'
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] L2 - validity:
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] L3 - notBefore:
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] L4 - utcTime:
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] 'Mar 09 09:00:22 UTC 2009'
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] L3 - notAfter:
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] L4 - utcTime:
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] 'Mar 09 09:00:22 UTC 2010'
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] L2 - subject:
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] 'CN=WIPRO NSN ODC Test Root CA,
OU=CertificateAuthorityRoot, OU=Root, DC=FTMAXCWiproODC090309'
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] L2 - subjectPublicKeyInfo:
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] L0 - subjectPublicKeyInfo:
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] L1 - algorithm:
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] L2 - algorithmIdentifier:
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] L3 - algorithm:
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] 'rsaEncryption'
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] L1 - subjectPublicKey:
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] L0 - RSAPublicKey:
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] L1 - modulus:
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] L1 - publicExponent:
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] L2 - optional extensions:
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] L3 - extensions:
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] L4 - extension:
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] L5 - extnID:
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] 'authorityKeyIdentifier'
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] L5 - critical:
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] FALSE
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] L5 - extnValue:
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] L6 - authorityKeyIdentifier:
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] L7 - keyIdentifier:
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] L4 - extension:
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] L5 - extnID:
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] 'subjectKeyIdentifier'
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] L5 - critical:
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] FALSE
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] L5 - extnValue:
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] L6 - keyIdentifier:
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] L4 - extension:
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] L5 - extnID:
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] 'keyUsage'
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] L5 - critical:
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] TRUE
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] L5 - extnValue:
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] L4 - extension:
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] L5 - extnID:
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] 'basicConstraints'
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] L5 - critical:
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] TRUE
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] L5 - extnValue:
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] L6 - basicConstraints:
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] L7 - CA:
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] TRUE
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] L7 - pathLenConstraint:
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] L1 - signatureAlgorithm:
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] L2 - algorithmIdentifier:
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] L3 - algorithm:
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] 'sha-1WithRSAEncryption'
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] L1 - signatureValue:
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] signature verification:
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] L0 - digestInfo:
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] L1 - digestAlgorithm:
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] L2 - algorithmIdentifier:
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] L3 - algorithm:
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] 'sha-1'
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] L1 - digest:
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] loaded certificate file
'/etc/ipsec.d/cacerts/CACERT.pem'
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] loading
'/etc/ipsec.d/cacerts/cacert.pem' (1562 bytes)
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] file content is not binary ASN.1
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] -----BEGIN CERTIFICATE-----
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] -----END CERTIFICATE-----
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] file coded in PEM format
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] L0 - x509:
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] L1 - tbsCertificate:
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] L2 - DEFAULT v1:
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] L3 - version:
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] v3
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] L2 - serialNumber:
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] L2 - signature:
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] L3 - algorithmIdentifier:
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] L4 - algorithm:
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] 'sha-1WithRSAEncryption'
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] L2 - issuer:
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] 'C=IN, ST=KAR, L=BAN, O=WIPRO,
OU=NSN, CN=wipro.com, [email protected]'
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] L2 - validity:
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] L3 - notBefore:
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] L4 - utcTime:
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] 'Oct 01 05:48:15 UTC 2009'
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] L3 - notAfter:
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] L4 - utcTime:
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] 'Sep 29 05:48:15 UTC 2019'
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] L2 - subject:
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] 'C=IN, ST=KAR, L=BAN, O=WIPRO,
OU=NSN, CN=wipro.com, [email protected]'
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] L2 - subjectPublicKeyInfo:
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] L0 - subjectPublicKeyInfo:
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] L1 - algorithm:
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] L2 - algorithmIdentifier:
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] L3 - algorithm:
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] 'rsaEncryption'
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] L1 - subjectPublicKey:
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] L0 - RSAPublicKey:
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] L1 - modulus:
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] L1 - publicExponent:
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] L2 - optional extensions:
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] L3 - extensions:
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] L4 - extension:
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] L5 - extnID:
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] 'subjectKeyIdentifier'
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] L5 - critical:
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] FALSE
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] L5 - extnValue:
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] L6 - keyIdentifier:
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] L4 - extension:
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] L5 - extnID:
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] 'authorityKeyIdentifier'
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] L5 - critical:
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] FALSE
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] L5 - extnValue:
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] L6 - authorityKeyIdentifier:
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] L7 - keyIdentifier:
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] L7 - authorityCertIssuer:
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] L7 - authorityCertSerialNumber:
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] L4 - extension:
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] L5 - extnID:
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] 'basicConstraints'
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] L5 - critical:
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] FALSE
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] L5 - extnValue:
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] L6 - basicConstraints:
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] L7 - CA:
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] TRUE
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] L1 - signatureAlgorithm:
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] L2 - algorithmIdentifier:
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] L3 - algorithm:
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] 'sha-1WithRSAEncryption'
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] L1 - signatureValue:
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] signature verification:
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] L0 - digestInfo:
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] L1 - digestAlgorithm:
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] L2 - algorithmIdentifier:
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] L3 - algorithm:
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] 'sha-1'
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] L1 - digest:
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] loaded certificate file
'/etc/ipsec.d/cacerts/cacert.pem'
Jan 5 11:47:57 ipsec01-axc charon: 01[CFG] loading aa certificates from
'/etc/ipsec.d/aacerts'
Jan 5 11:47:57 ipsec01-axc charon: 01[CFG] loading ocsp signer certificates
from '/etc/ipsec.d/ocspcerts'
Jan 5 11:47:57 ipsec01-axc charon: 01[CFG] loading attribute certificates from
'/etc/ipsec.d/acerts'
Jan 5 11:47:57 ipsec01-axc charon: 01[CFG] loading crls from
'/etc/ipsec.d/crls'
Jan 5 11:47:57 ipsec01-axc charon: 01[CFG] loading secrets from
'/etc/ipsec.secrets'
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] loading
'/etc/ipsec.d/private/BTS_KEY.pem' (1679 bytes)
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] file content is not binary ASN.1
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] -----BEGIN RSA PRIVATE KEY-----
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] -----END RSA PRIVATE KEY-----
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] file coded in PEM format
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] L0 - RSAPrivateKey:
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] L1 - version:
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] L1 - modulus:
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] L1 - publicExponent:
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] L1 - privateExponent:
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] L1 - prime1:
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] L1 - prime2:
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] L1 - exponent1:
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] L1 - exponent2:
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] L1 - coefficient:
Jan 5 11:47:57 ipsec01-axc charon: 01[CFG] loaded private key file
'/etc/ipsec.d/private/BTS_KEY.pem'
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] plugin 'stroke': loaded successfully
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] plugin 'updown': loaded successfully
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] plugin 'attr': loaded successfully
Jan 5 11:47:57 ipsec01-axc charon: 01[LIB] plugin 'resolv-conf': loaded
successfully
Jan 5 11:47:57 ipsec01-axc charon: 01[DMN] loaded plugins: aes des sha1 sha2
md5 fips-prf random x509 pubkey xcbc hmac gmp kernel-netlink stroke updown attr
resolv-conf
Jan 5 11:47:57 ipsec01-axc charon: 01[JOB] spawning 16 worker threads
Jan 5 11:47:57 ipsec01-axc charon: 02[JOB] started worker thread, thread_ID:
3085953936
Jan 5 11:47:57 ipsec01-axc charon: 02[JOB] no events, waiting
Jan 5 11:47:57 ipsec01-axc charon: 04[JOB] started worker thread, thread_ID:
3064974224
Jan 5 11:47:57 ipsec01-axc charon: 05[JOB] started worker thread, thread_ID:
3054484368
Jan 5 11:47:57 ipsec01-axc charon: 06[JOB] started worker thread, thread_ID:
3043994512
Jan 5 11:47:57 ipsec01-axc charon: 07[JOB] started worker thread, thread_ID:
3033504656
Jan 5 11:47:57 ipsec01-axc charon: 08[JOB] started worker thread, thread_ID:
3023014800
Jan 5 11:47:57 ipsec01-axc charon: 08[CFG] received stroke: add ca 'ipsec'
Jan 5 11:47:57 ipsec01-axc charon: 08[CFG] ca ipsec
Jan 5 11:47:57 ipsec01-axc charon: 08[CFG] cacert=CACERT.pem
Jan 5 11:47:57 ipsec01-axc charon: 08[CFG] crluri=(null)
Jan 5 11:47:57 ipsec01-axc charon: 08[CFG] crluri2=(null)
Jan 5 11:47:57 ipsec01-axc charon: 08[CFG] ocspuri=(null)
Jan 5 11:47:57 ipsec01-axc charon: 08[CFG] ocspuri2=(null)
Jan 5 11:47:57 ipsec01-axc charon: 08[CFG] certuribase=(null)
Jan 5 11:47:57 ipsec01-axc charon: 08[LIB] loading
'/etc/ipsec.d/cacerts/CACERT.pem' (2094 bytes)
Jan 5 11:47:57 ipsec01-axc charon: 08[LIB] file content is not binary ASN.1
Jan 5 11:47:57 ipsec01-axc charon: 08[LIB] -----BEGIN CERTIFICATE-----
Jan 5 11:47:57 ipsec01-axc charon: 08[LIB] -----END CERTIFICATE-----
Jan 5 11:47:57 ipsec01-axc charon: 08[LIB] file coded in PEM format
Jan 5 11:47:57 ipsec01-axc charon: 08[LIB] L0 - x509:
Jan 5 11:47:57 ipsec01-axc charon: 08[LIB] L1 - tbsCertificate:
Jan 5 11:47:57 ipsec01-axc charon: 08[LIB] L2 - DEFAULT v1:
Jan 5 11:47:57 ipsec01-axc charon: 08[LIB] L3 - version:
Jan 5 11:47:57 ipsec01-axc charon: 08[LIB] v3
Jan 5 11:47:57 ipsec01-axc charon: 08[LIB] L2 - serialNumber:
Jan 5 11:47:57 ipsec01-axc charon: 08[LIB] L2 - signature:
Jan 5 11:47:57 ipsec01-axc charon: 08[LIB] L3 - algorithmIdentifier:
Jan 5 11:47:57 ipsec01-axc charon: 08[LIB] L4 - algorithm:
Jan 5 11:47:57 ipsec01-axc charon: 08[LIB] 'sha-1WithRSAEncryption'
Jan 5 11:47:57 ipsec01-axc charon: 08[LIB] L2 - issuer:
Jan 5 11:47:57 ipsec01-axc charon: 08[LIB] 'CN=WIPRO NSN ODC Test Root CA,
OU=CertificateAuthorityRoot, OU=Root, DC=FTMAXCWiproODC090309'
Jan 5 11:47:57 ipsec01-axc charon: 08[LIB] L2 - validity:
Jan 5 11:47:57 ipsec01-axc charon: 08[LIB] L3 - notBefore:
Jan 5 11:47:57 ipsec01-axc charon: 08[LIB] L4 - utcTime:
Jan 5 11:47:57 ipsec01-axc charon: 08[LIB] 'Mar 09 09:00:22 UTC 2009'
Jan 5 11:47:57 ipsec01-axc charon: 08[LIB] L3 - notAfter:
Jan 5 11:47:57 ipsec01-axc charon: 08[LIB] L4 - utcTime:
Jan 5 11:47:57 ipsec01-axc charon: 08[LIB] 'Mar 09 09:00:22 UTC 2010'
Jan 5 11:47:57 ipsec01-axc charon: 08[LIB] L2 - subject:
Jan 5 11:47:57 ipsec01-axc charon: 08[LIB] 'CN=WIPRO NSN ODC Test Root CA,
OU=CertificateAuthorityRoot, OU=Root, DC=FTMAXCWiproODC090309'
Jan 5 11:47:57 ipsec01-axc charon: 08[LIB] L2 - subjectPublicKeyInfo:
Jan 5 11:47:57 ipsec01-axc charon: 08[LIB] L0 - subjectPublicKeyInfo:
Jan 5 11:47:57 ipsec01-axc charon: 08[LIB] L1 - algorithm:
Jan 5 11:47:57 ipsec01-axc charon: 08[LIB] L2 - algorithmIdentifier:
Jan 5 11:47:57 ipsec01-axc charon: 08[LIB] L3 - algorithm:
Jan 5 11:47:57 ipsec01-axc charon: 08[LIB] 'rsaEncryption'
Jan 5 11:47:57 ipsec01-axc charon: 08[LIB] L1 - subjectPublicKey:
Jan 5 11:47:57 ipsec01-axc charon: 08[LIB] L0 - RSAPublicKey:
Jan 5 11:47:57 ipsec01-axc charon: 08[LIB] L1 - modulus:
Jan 5 11:47:57 ipsec01-axc charon: 08[LIB] L1 - publicExponent:
Jan 5 11:47:57 ipsec01-axc charon: 08[LIB] L2 - optional extensions:
Jan 5 11:47:57 ipsec01-axc charon: 08[LIB] L3 - extensions:
Jan 5 11:47:57 ipsec01-axc charon: 08[LIB] L4 - extension:
Jan 5 11:47:57 ipsec01-axc charon: 08[LIB] L5 - extnID:
Jan 5 11:47:57 ipsec01-axc charon: 08[LIB] 'authorityKeyIdentifier'
Jan 5 11:47:57 ipsec01-axc charon: 08[LIB] L5 - critical:
Jan 5 11:47:57 ipsec01-axc charon: 08[LIB] FALSE
Jan 5 11:47:57 ipsec01-axc charon: 08[LIB] L5 - extnValue:
Jan 5 11:47:57 ipsec01-axc charon: 08[LIB] L6 - authorityKeyIdentifier:
Jan 5 11:47:57 ipsec01-axc charon: 08[LIB] L7 - keyIdentifier:
Jan 5 11:47:57 ipsec01-axc charon: 08[LIB] L4 - extension:
Jan 5 11:47:57 ipsec01-axc charon: 08[LIB] L5 - extnID:
Jan 5 11:47:57 ipsec01-axc charon: 08[LIB] 'subjectKeyIdentifier'
Jan 5 11:47:57 ipsec01-axc charon: 08[LIB] L5 - critical:
Jan 5 11:47:57 ipsec01-axc charon: 08[LIB] FALSE
Jan 5 11:47:57 ipsec01-axc charon: 08[LIB] L5 - extnValue:
Jan 5 11:47:57 ipsec01-axc charon: 08[LIB] L6 - keyIdentifier:
Jan 5 11:47:57 ipsec01-axc charon: 08[LIB] L4 - extension:
Jan 5 11:47:57 ipsec01-axc charon: 08[LIB] L5 - extnID:
Jan 5 11:47:57 ipsec01-axc charon: 08[LIB] 'keyUsage'
Jan 5 11:47:57 ipsec01-axc charon: 08[LIB] L5 - critical:
Jan 5 11:47:57 ipsec01-axc charon: 08[LIB] TRUE
Jan 5 11:47:57 ipsec01-axc charon: 08[LIB] L5 - extnValue:
Jan 5 11:47:57 ipsec01-axc charon: 08[LIB] L4 - extension:
Jan 5 11:47:57 ipsec01-axc charon: 08[LIB] L5 - extnID:
Jan 5 11:47:57 ipsec01-axc charon: 08[LIB] 'basicConstraints'
Jan 5 11:47:57 ipsec01-axc charon: 08[LIB] L5 - critical:
Jan 5 11:47:57 ipsec01-axc charon: 08[LIB] TRUE
Jan 5 11:47:57 ipsec01-axc charon: 08[LIB] L5 - extnValue:
Jan 5 11:47:57 ipsec01-axc charon: 08[LIB] L6 - basicConstraints:
Jan 5 11:47:57 ipsec01-axc charon: 08[LIB] L7 - CA:
Jan 5 11:47:57 ipsec01-axc charon: 08[LIB] TRUE
Jan 5 11:47:57 ipsec01-axc charon: 08[LIB] L7 - pathLenConstraint:
Jan 5 11:47:57 ipsec01-axc charon: 08[LIB] L1 - signatureAlgorithm:
Jan 5 11:47:57 ipsec01-axc charon: 08[LIB] L2 - algorithmIdentifier:
Jan 5 11:47:57 ipsec01-axc charon: 08[LIB] L3 - algorithm:
Jan 5 11:47:57 ipsec01-axc charon: 08[LIB] 'sha-1WithRSAEncryption'
Jan 5 11:47:57 ipsec01-axc charon: 08[LIB] L1 - signatureValue:
Jan 5 11:47:57 ipsec01-axc charon: 14[JOB] started worker thread, thread_ID:
2960075664
Jan 5 11:47:57 ipsec01-axc charon: 08[LIB] signature verification:
Jan 5 11:47:57 ipsec01-axc charon: 08[LIB] L0 - digestInfo:
Jan 5 11:47:57 ipsec01-axc charon: 08[LIB] L1 - digestAlgorithm:
Jan 5 11:47:57 ipsec01-axc charon: 08[LIB] L2 - algorithmIdentifier:
Jan 5 11:47:57 ipsec01-axc charon: 08[LIB] L3 - algorithm:
Jan 5 11:47:57 ipsec01-axc charon: 08[LIB] 'sha-1'
Jan 5 11:47:57 ipsec01-axc charon: 08[LIB] L1 - digest:
Jan 5 11:47:57 ipsec01-axc charon: 08[LIB] loaded certificate file
'/etc/ipsec.d/cacerts/CACERT.pem'
Jan 5 11:47:57 ipsec01-axc charon: 08[CFG] added ca 'ipsec'
Jan 5 11:47:57 ipsec01-axc charon: 11[JOB] started worker thread, thread_ID:
2991545232
Jan 5 11:47:57 ipsec01-axc charon: 12[JOB] started worker thread, thread_ID:
2981055376
Jan 5 11:47:57 ipsec01-axc charon: 13[JOB] started worker thread, thread_ID:
2970565520
Jan 5 11:47:57 ipsec01-axc charon: 15[JOB] started worker thread, thread_ID:
2949585808
Jan 5 11:47:57 ipsec01-axc charon: 16[JOB] started worker thread, thread_ID:
2939095952
Jan 5 11:47:57 ipsec01-axc charon: 17[JOB] started worker thread, thread_ID:
2928606096
Jan 5 11:47:57 ipsec01-axc charon: 03[JOB] started worker thread, thread_ID:
3075464080
Jan 5 11:47:57 ipsec01-axc charon: 06[NET] waiting for data on sockets
Jan 5 11:47:57 ipsec01-axc charon: 09[JOB] started worker thread, thread_ID:
3012524944
Jan 5 11:47:57 ipsec01-axc charon: 10[JOB] started worker thread, thread_ID:
3002035088
Jan 5 11:47:57 ipsec01-axc charon: 14[CFG] received stroke: add connection
'host-host'
Jan 5 11:47:57 ipsec01-axc charon: 14[CFG] conn host-host
Jan 5 11:47:57 ipsec01-axc charon: 14[CFG] left=10.10.10.5
Jan 5 11:47:57 ipsec01-axc charon: 14[CFG] leftsubnet=10.10.10.0/24
Jan 5 11:47:57 ipsec01-axc charon: 14[CFG] leftsourceip=(null)
Jan 5 11:47:57 ipsec01-axc charon: 14[CFG] leftauth=(null)
Jan 5 11:47:57 ipsec01-axc charon: 14[CFG] leftauth2=(null)
Jan 5 11:47:57 ipsec01-axc charon: 14[CFG] leftid=(null)
Jan 5 11:47:57 ipsec01-axc charon: 14[CFG] leftid2=(null)
Jan 5 11:47:57 ipsec01-axc charon: 14[CFG] leftcert=BTS_CERT.pem
Jan 5 11:47:57 ipsec01-axc charon: 14[CFG] leftcert2=(null)
Jan 5 11:47:57 ipsec01-axc charon: 14[CFG] leftca=(null)
Jan 5 11:47:57 ipsec01-axc charon: 14[CFG] leftca2=(null)
Jan 5 11:47:57 ipsec01-axc charon: 14[CFG] leftgroups=(null)
Jan 5 11:47:57 ipsec01-axc charon: 14[CFG] leftupdown=(null)
Jan 5 11:47:57 ipsec01-axc charon: 14[CFG] right=10.10.10.2
Jan 5 11:47:57 ipsec01-axc charon: 14[CFG] rightsubnet=10.10.10.0/24
Jan 5 11:47:57 ipsec01-axc charon: 14[CFG] rightsourceip=(null)
Jan 5 11:47:57 ipsec01-axc charon: 14[CFG] rightauth=(null)
Jan 5 11:47:57 ipsec01-axc charon: 14[CFG] rightauth2=(null)
Jan 5 11:47:57 ipsec01-axc charon: 14[CFG] rightid=%any
Jan 5 11:47:57 ipsec01-axc charon: 14[CFG] rightid2=(null)
Jan 5 11:47:57 ipsec01-axc charon: 14[CFG] rightcert=BTS_CERT.pem
Jan 5 11:47:57 ipsec01-axc charon: 14[CFG] rightcert2=(null)
Jan 5 11:47:57 ipsec01-axc charon: 14[CFG] rightca=(null)
Jan 5 11:47:57 ipsec01-axc charon: 14[CFG] rightca2=(null)
Jan 5 11:47:57 ipsec01-axc charon: 14[CFG] rightgroups=(null)
Jan 5 11:47:57 ipsec01-axc charon: 14[CFG] rightupdown=(null)
Jan 5 11:47:57 ipsec01-axc charon: 14[CFG] eap_identity=(null)
Jan 5 11:47:57 ipsec01-axc charon: 14[CFG]
ike=aes128-sha1-modp2048,3des-sha1-modp1536
Jan 5 11:47:57 ipsec01-axc charon: 14[CFG] esp=aes128-sha1,3des-sha1
Jan 5 11:47:57 ipsec01-axc charon: 14[CFG] mediation=no
Jan 5 11:47:57 ipsec01-axc charon: 14[CFG] mediated_by=(null)
Jan 5 11:47:57 ipsec01-axc charon: 14[CFG] me_peerid=(null)
Jan 5 11:47:57 ipsec01-axc charon: 14[KNL] getting interface name for
10.10.10.2
Jan 5 11:47:57 ipsec01-axc charon: 14[KNL] 10.10.10.2 is not a local address
Jan 5 11:47:57 ipsec01-axc charon: 14[KNL] getting interface name for
10.10.10.5
Jan 5 11:47:57 ipsec01-axc charon: 14[KNL] 10.10.10.5 is on interface eth1
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] loading
'/etc/ipsec.d/certs/BTS_CERT.pem' (2126 bytes)
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] file content is not binary ASN.1
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] -----BEGIN CERTIFICATE-----
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] -----END CERTIFICATE-----
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] file coded in PEM format
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] L0 - x509:
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] L1 - tbsCertificate:
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] L2 - DEFAULT v1:
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] L3 - version:
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] v3
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] L2 - serialNumber:
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] L2 - signature:
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] L3 - algorithmIdentifier:
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] L4 - algorithm:
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] 'sha-1WithRSAEncryption'
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] L2 - issuer:
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] 'CN=WIPRO NSN ODC Test Root CA,
OU=CertificateAuthorityRoot, OU=Root, DC=FTMAXCWiproODC090309'
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] L2 - validity:
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] L3 - notBefore:
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] L4 - utcTime:
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] 'Dec 29 02:17:43 UTC 2009'
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] L3 - notAfter:
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] L4 - utcTime:
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] 'Jan 28 02:17:43 UTC 2010'
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] L2 - subject:
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] 'C=IN, O=NSN, CN=AXC/Ultra Node
SerialNo#4H123456789'
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] L2 - subjectPublicKeyInfo:
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] L0 - subjectPublicKeyInfo:
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] L1 - algorithm:
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] L2 - algorithmIdentifier:
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] L3 - algorithm:
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] 'rsaEncryption'
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] L1 - subjectPublicKey:
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] L0 - RSAPublicKey:
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] L1 - modulus:
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] L1 - publicExponent:
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] L2 - optional extensions:
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] L3 - extensions:
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] L4 - extension:
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] L5 - extnID:
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] 'authorityKeyIdentifier'
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] L5 - critical:
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] FALSE
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] L5 - extnValue:
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] L6 - authorityKeyIdentifier:
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] L7 - keyIdentifier:
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] L4 - extension:
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] L5 - extnID:
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] 'subjectKeyIdentifier'
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] L5 - critical:
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] FALSE
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] L5 - extnValue:
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] L6 - keyIdentifier:
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] L4 - extension:
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] L5 - extnID:
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] 'crlDistributionPoints'
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] L5 - critical:
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] FALSE
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] L5 - extnValue:
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] L6 - crlDistributionPoints:
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] L7 - DistributionPoint:
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] L8 - distributionPoint:
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] L9 - fullName:
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] L10 - generalNames:
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] L11 - generalName:
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] L12 - URI:
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB]
'ldap://10.120.160.88:389/DC=FTMAXCWiproODC090309,OU=Root,OU=CertificateAuthorityRoot,CN=WIPRO%20NSN%20ODC%20Test%20Root%20CA?certificaterevocationlist'
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] L4 - extension:
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] L5 - extnID:
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] 'authorityInfoAccess'
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] L5 - critical:
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] FALSE
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] L5 - extnValue:
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] L6 - authorityInfoAccess:
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] L7 - accessDescription:
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] L8 - accessMethod:
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] 'caIssuers'
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] L8 - accessLocation:
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] L9 - URI:
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB]
'ldap://10.120.160.88:389/CN=WIPRO%20NSN
ODC%20Test%20Root%20CA,%20OU=CertificateAuthorityRoot,%20OU=Root,%20DC=FTMAXCWiproODC090309?cACertificate;binary'
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB]
'ldap://10.120.160.88:389/CN=WIPRO%20NSN
ODC%20Test%20Root%20CA,%20OU=CertificateAuthorityRoot,%20OU=Root,%20DC=FTMAXCWiproODC090309?cACertificate;binary'
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] L1 - signatureAlgorithm:
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] L2 - algorithmIdentifier:
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] L3 - algorithm:
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] 'sha-1WithRSAEncryption'
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] L1 - signatureValue:
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] loaded certificate file
'/etc/ipsec.d/certs/BTS_CERT.pem'
Jan 5 11:47:57 ipsec01-axc charon: 14[CFG] peerid 10.10.10.5 not confirmed
by certificate, defaulting to subject DN: C=IN, O=NSN, CN=AXC/Ultra Node
SerialNo#4H123456789
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] loading
'/etc/ipsec.d/certs/BTS_CERT.pem' (2126 bytes)
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] file content is not binary ASN.1
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] -----BEGIN CERTIFICATE-----
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] -----END CERTIFICATE-----
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] file coded in PEM format
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] L0 - x509:
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] L1 - tbsCertificate:
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] L2 - DEFAULT v1:
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] L3 - version:
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] v3
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] L2 - serialNumber:
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] L2 - signature:
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] L3 - algorithmIdentifier:
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] L4 - algorithm:
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] 'sha-1WithRSAEncryption'
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] L2 - issuer:
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] 'CN=WIPRO NSN ODC Test Root CA,
OU=CertificateAuthorityRoot, OU=Root, DC=FTMAXCWiproODC090309'
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] L2 - validity:
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] L3 - notBefore:
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] L4 - utcTime:
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] 'Dec 29 02:17:43 UTC 2009'
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] L3 - notAfter:
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] L4 - utcTime:
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] 'Jan 28 02:17:43 UTC 2010'
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] L2 - subject:
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] 'C=IN, O=NSN, CN=AXC/Ultra Node
SerialNo#4H123456789'
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] L2 - subjectPublicKeyInfo:
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] L0 - subjectPublicKeyInfo:
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] L1 - algorithm:
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] L2 - algorithmIdentifier:
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] L3 - algorithm:
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] 'rsaEncryption'
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] L1 - subjectPublicKey:
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] L0 - RSAPublicKey:
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] L1 - modulus:
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] L1 - publicExponent:
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] L2 - optional extensions:
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] L3 - extensions:
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] L4 - extension:
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] L5 - extnID:
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] 'authorityKeyIdentifier'
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] L5 - critical:
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] FALSE
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] L5 - extnValue:
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] L6 - authorityKeyIdentifier:
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] L7 - keyIdentifier:
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] L4 - extension:
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] L5 - extnID:
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] 'subjectKeyIdentifier'
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] L5 - critical:
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] FALSE
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] L5 - extnValue:
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] L6 - keyIdentifier:
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] L4 - extension:
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] L5 - extnID:
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] 'crlDistributionPoints'
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] L5 - critical:
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] FALSE
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] L5 - extnValue:
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] L6 - crlDistributionPoints:
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] L7 - DistributionPoint:
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] L8 - distributionPoint:
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] L9 - fullName:
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] L10 - generalNames:
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] L11 - generalName:
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] L12 - URI:
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB]
'ldap://10.120.160.88:389/DC=FTMAXCWiproODC090309,OU=Root,OU=CertificateAuthorityRoot,CN=WIPRO%20NSN%20ODC%20Test%20Root%20CA?certificaterevocationlist'
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] L4 - extension:
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] L5 - extnID:
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] 'authorityInfoAccess'
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] L5 - critical:
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] FALSE
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] L5 - extnValue:
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] L6 - authorityInfoAccess:
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] L7 - accessDescription:
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] L8 - accessMethod:
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] 'caIssuers'
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] L8 - accessLocation:
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] L9 - URI:
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB]
'ldap://10.120.160.88:389/CN=WIPRO%20NSN
ODC%20Test%20Root%20CA,%20OU=CertificateAuthorityRoot,%20OU=Root,%20DC=FTMAXCWiproODC090309?cACertificate;binary'
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB]
'ldap://10.120.160.88:389/CN=WIPRO%20NSN
ODC%20Test%20Root%20CA,%20OU=CertificateAuthorityRoot,%20OU=Root,%20DC=FTMAXCWiproODC090309?cACertificate;binary'
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] L1 - signatureAlgorithm:
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] L2 - algorithmIdentifier:
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] L3 - algorithm:
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] 'sha-1WithRSAEncryption'
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] L1 - signatureValue:
Jan 5 11:47:57 ipsec01-axc charon: 14[LIB] loaded certificate file
'/etc/ipsec.d/certs/BTS_CERT.pem'
Jan 5 11:47:57 ipsec01-axc charon: 14[CFG] peerid %any not confirmed by
certificate, defaulting to subject DN: C=IN, O=NSN, CN=AXC/Ultra Node
SerialNo#4H123456789
Jan 5 11:47:57 ipsec01-axc charon: 14[CFG] added configuration 'host-host'
Jan 5 11:47:57 ipsec01-axc charon: 08[CFG] received stroke: initiate
'host-host'
Jan 5 11:47:57 ipsec01-axc charon: 08[MGR] created IKE_SA
Jan 5 11:47:57 ipsec01-axc charon: 08[IKE] queueing IKE_INIT task
Jan 5 11:47:57 ipsec01-axc charon: 08[IKE] queueing IKE_NATD task
Jan 5 11:47:57 ipsec01-axc charon: 08[IKE] queueing IKE_CERT_PRE task
Jan 5 11:47:57 ipsec01-axc charon: 08[IKE] queueing IKE_AUTHENTICATE task
Jan 5 11:47:57 ipsec01-axc charon: 08[IKE] queueing IKE_CERT_POST task
Jan 5 11:47:57 ipsec01-axc charon: 08[IKE] queueing IKE_CONFIG task
Jan 5 11:47:57 ipsec01-axc charon: 08[IKE] queueing IKE_AUTH_LIFETIME task
Jan 5 11:47:57 ipsec01-axc charon: 08[IKE] queueing CHILD_CREATE task
Jan 5 11:47:57 ipsec01-axc charon: 08[IKE] activating new tasks
Jan 5 11:47:57 ipsec01-axc charon: 08[IKE] activating IKE_INIT task
Jan 5 11:47:57 ipsec01-axc charon: 08[IKE] activating IKE_NATD task
Jan 5 11:47:57 ipsec01-axc charon: 08[IKE] activating IKE_CERT_PRE task
Jan 5 11:47:57 ipsec01-axc charon: 08[IKE] activating IKE_AUTHENTICATE task
Jan 5 11:47:57 ipsec01-axc charon: 08[IKE] activating IKE_CERT_POST task
Jan 5 11:47:57 ipsec01-axc charon: 08[IKE] activating IKE_CONFIG task
Jan 5 11:47:57 ipsec01-axc charon: 08[IKE] activating CHILD_CREATE task
Jan 5 11:47:57 ipsec01-axc charon: 08[IKE] activating IKE_AUTH_LIFETIME task
Jan 5 11:47:57 ipsec01-axc charon: 08[IKE] initiating IKE_SA host-host[1] to
10.10.10.2
Jan 5 11:47:57 ipsec01-axc charon: 08[IKE] IKE_SA host-host[1] state change:
CREATED => CONNECTING
Jan 5 11:47:57 ipsec01-axc charon: 08[LIB] size of DH secret exponent: 2047
bits
Jan 5 11:47:57 ipsec01-axc charon: 08[ENC] generating IKE_SA_INIT request 0 [
SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
Jan 5 11:47:57 ipsec01-axc charon: 08[NET] sending packet: from
10.10.10.5[500] to 10.10.10.2[500]
Jan 5 11:47:57 ipsec01-axc charon: 07[NET] sending packet: from
10.10.10.5[500] to 10.10.10.2[500]
Jan 5 11:47:57 ipsec01-axc charon: 08[MGR] checkin IKE_SA
Jan 5 11:47:57 ipsec01-axc charon: 02[JOB] next event in 3s 999ms, waiting
Jan 5 11:47:57 ipsec01-axc charon: 08[MGR] check-in of IKE_SA successful.
Jan 5 11:48:01 ipsec01-axc charon: 02[JOB] got event, queuing job for execution
Jan 5 11:48:01 ipsec01-axc charon: 02[JOB] no events, waiting
Jan 5 11:48:01 ipsec01-axc charon: 13[MGR] checkout IKE_SA
Jan 5 11:48:01 ipsec01-axc charon: 13[MGR] IKE_SA successfully checked out
Jan 5 11:48:01 ipsec01-axc charon: 13[IKE] retransmit 1 of request with
message ID 0
Jan 5 11:48:01 ipsec01-axc charon: 13[NET] sending packet: from
10.10.10.5[500] to 10.10.10.2[500]
Jan 5 11:48:01 ipsec01-axc charon: 13[MGR] checkin IKE_SA
Jan 5 11:48:01 ipsec01-axc charon: 13[MGR] check-in of IKE_SA successful.
Jan 5 11:48:01 ipsec01-axc charon: 07[NET] sending packet: from
10.10.10.5[500] to 10.10.10.2[500]
Jan 5 11:48:01 ipsec01-axc charon: 02[JOB] next event in 7s 199ms, waiting
Jan 5 11:48:09 ipsec01-axc charon: 02[JOB] got event, queuing job for execution
Jan 5 11:48:09 ipsec01-axc charon: 02[JOB] no events, waiting
Jan 5 11:48:09 ipsec01-axc charon: 15[MGR] checkout IKE_SA
Jan 5 11:48:09 ipsec01-axc charon: 15[MGR] IKE_SA successfully checked out
Jan 5 11:48:09 ipsec01-axc charon: 15[IKE] retransmit 2 of request with
message ID 0
Jan 5 11:48:09 ipsec01-axc charon: 15[NET] sending packet: from
10.10.10.5[500] to 10.10.10.2[500]
Jan 5 11:48:09 ipsec01-axc charon: 15[MGR] checkin IKE_SA
Jan 5 11:48:09 ipsec01-axc charon: 15[MGR] check-in of IKE_SA successful.
Jan 5 11:48:09 ipsec01-axc charon: 07[NET] sending packet: from
10.10.10.5[500] to 10.10.10.2[500]
Jan 5 11:48:09 ipsec01-axc charon: 02[JOB] next event in 12s 959ms, waiting
Jan 5 11:48:22 ipsec01-axc charon: 02[JOB] got event, queuing job for execution
Jan 5 11:48:22 ipsec01-axc charon: 02[JOB] no events, waiting
Jan 5 11:48:22 ipsec01-axc charon: 16[MGR] checkout IKE_SA
Jan 5 11:48:22 ipsec01-axc charon: 16[MGR] IKE_SA successfully checked out
Jan 5 11:48:22 ipsec01-axc charon: 16[IKE] retransmit 3 of request with
message ID 0
Jan 5 11:48:22 ipsec01-axc charon: 16[NET] sending packet: from
10.10.10.5[500] to 10.10.10.2[500]
Jan 5 11:48:22 ipsec01-axc charon: 07[NET] sending packet: from
10.10.10.5[500] to 10.10.10.2[500]
Jan 5 11:48:22 ipsec01-axc charon: 16[MGR] checkin IKE_SA
Jan 5 11:48:22 ipsec01-axc charon: 16[MGR] check-in of IKE_SA successful.
Jan 5 11:48:22 ipsec01-axc charon: 02[JOB] next event in 23s 327ms, waiting
_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users
