Hi, I have a rekeying issue for a connection that is setup with main mode, software certificate authentication and xauth secondary authentication.
Pluto 4.6 acts as server and Charon 5.0.2 as client. I have set the ikelifetime to 5m, so it's a little faster to debug. While pluto completes the rekeying, Charon stucks on half way (see the logs below). Any ideas what's wrong? Thanks & Regards Gerald Nov 12 14:56:55 ThinClient charon: 05[IKE] initiating Main Mode IKE_SA Ipsec zu bb53[6] to 10.11.11.53 Nov 12 14:56:55 ThinClient charon: 05[CFG] nm ike_state_change, my sa = yes, state = 1 Nov 12 14:56:55 ThinClient charon: 05[ENC] generating ID_PROT request 0 [ SA V V V V ] Nov 12 14:56:55 ThinClient charon: 05[NET] sending packet: from 10.14.11.213[47202] to 10.11.11.53[500] Nov 12 14:56:56 ThinClient charon: 03[NET] received packet: from 10.11.11.53[500] to 10.14.11.213[47202] Nov 12 14:56:56 ThinClient charon: 03[ENC] parsed ID_PROT response 0 [ SA V V V V V ] Nov 12 14:56:56 ThinClient charon: 03[IKE] received strongSwan vendor ID Nov 12 14:56:56 ThinClient charon: 03[IKE] received Cisco Unity vendor ID Nov 12 14:56:56 ThinClient charon: 03[IKE] received XAuth vendor ID Nov 12 14:56:56 ThinClient charon: 03[IKE] received DPD vendor ID Nov 12 14:56:56 ThinClient charon: 03[IKE] received NAT-T (RFC 3947) vendor ID Nov 12 14:56:56 ThinClient charon: 03[ENC] generating ID_PROT request 0 [ KE No NAT-D NAT-D ] Nov 12 14:56:56 ThinClient charon: 03[NET] sending packet: from 10.14.11.213[47202] to 10.11.11.53[500] Nov 12 14:56:56 ThinClient charon: 14[NET] received packet: from 10.11.11.53[500] to 10.14.11.213[47202] Nov 12 14:56:56 ThinClient charon: 14[ENC] parsed ID_PROT response 0 [ KE No CERTREQ NAT-D NAT-D ] Nov 12 14:56:56 ThinClient charon: 14[IKE] ignoring certificate request without data Nov 12 14:56:56 ThinClient charon: 14[IKE] sending cert request for "[email protected], C=DE, ST=M-V, L=Schwerin, O=PKI, OU=DVZ M-V GmbH, CN=PCA2006" Nov 12 14:56:56 ThinClient charon: 14[IKE] sending cert request for "C=DE, O=DVZ M-V GmbH, CN=CA102008" Nov 12 14:56:56 ThinClient charon: 14[IKE] sending cert request for "C=DE, O=DATEV eG, CN=CA DATEV INT 01" Nov 12 14:56:56 ThinClient charon: 14[IKE] sending cert request for "C=DE, O=Zertifizierungsstelle E:Secure, CN=CA E:SECURE 6" Nov 12 14:56:56 ThinClient charon: 14[IKE] sending cert request for "DC=de, DC=demo, OU=Zertifikate, OU=SSLVPN Demo, CN=CA ECOS Demo" Nov 12 14:56:56 ThinClient charon: 14[IKE] sending cert request for "C=DE, ST=M-V, L=Schwerin, O=PKI, OU=DVZ M-V GmbH, CN=CA052006, [email protected]" Nov 12 14:56:56 ThinClient charon: 14[IKE] sending cert request for "DC=test, DC=testuml, OU=Zertifikate, CN=ca test" Nov 12 14:56:56 ThinClient charon: 14[CFG] get_private_by_cert public = 7c:84:9a:9f:49:75:35:f8:a2:77:49:7f:ff:2a:52:f4:3f:d5:00:64 Nov 12 14:56:56 ThinClient charon: 14[CFG] private_key_has_fingerprint FALSE current = 06:66:14:4a:a6:db:d1:12:df:f5:2f:9b:a5:26:e1:28:92:ee:fb:00 fingerpr Nov 12 14:56:56 ThinClient charon: 14[CFG] private_key_has_fingerprint TRUE current = 7c:84:9a:9f:49:75:35:f8:a2:77:49:7f:ff:2a:52:f4:3f:d5:00:64 fingerpri Nov 12 14:56:56 ThinClient charon: 14[IKE] authentication of 'DC=test, DC=testuml, OU=Benutzer, OU=Ipsec Benutzer, CN=ipseccert' (myself) successful Nov 12 14:56:56 ThinClient charon: 14[IKE] sending end entity cert "DC=test, DC=testuml, OU=Benutzer, OU=Ipsec Benutzer, CN=ipseccert" Nov 12 14:56:56 ThinClient charon: 14[ENC] generating ID_PROT request 0 [ ID CERT SIG CERTREQ CERTREQ CERTREQ CERTREQ CERTREQ CERTREQ CERTREQ ] Nov 12 14:56:56 ThinClient charon: 14[NET] sending packet: from 10.14.11.213[47202] to 10.11.11.53[500] Nov 12 14:56:56 ThinClient charon: 02[NET] received packet: from 10.11.11.53[500] to 10.14.11.213[47202] Nov 12 14:56:56 ThinClient charon: 02[ENC] parsed ID_PROT response 0 [ ID CERT SIG ] Nov 12 14:56:56 ThinClient charon: 02[IKE] received end entity cert "DC=test, DC=testuml, OU=Zertifikate, CN=ipsec cert" Nov 12 14:56:56 ThinClient charon: 02[CFG] using certificate "DC=test, DC=testuml, OU=Zertifikate, CN=ipsec cert" Nov 12 14:56:56 ThinClient charon: 02[CFG] using trusted ca certificate "DC=test, DC=testuml, OU=Zertifikate, CN=ca test" Nov 12 14:56:56 ThinClient charon: 02[CFG] checking certificate status of "DC=test, DC=testuml, OU=Zertifikate, CN=ipsec cert" Nov 12 14:56:56 ThinClient charon: 02[CFG] certificate status is not available Nov 12 14:56:56 ThinClient charon: 02[CFG] reached self-signed root ca with a path length of 0 Nov 12 14:56:56 ThinClient charon: 02[IKE] authentication of 'DC=test, DC=testuml, OU=Zertifikate, CN=ipsec cert' with RSA successful Nov 12 14:56:56 ThinClient charon: 01[NET] received packet: from 10.11.11.53[500] to 10.14.11.213[47202] Nov 12 14:56:56 ThinClient charon: 01[ENC] parsed TRANSACTION request 1488310923 [ HASH CP ] Nov 12 14:56:56 ThinClient charon: 01[ENC] generating TRANSACTION response 1488310923 [ HASH CP ] Nov 12 14:56:56 ThinClient charon: 01[NET] sending packet: from 10.14.11.213[47202] to 10.11.11.53[500] Nov 12 14:56:56 ThinClient charon: 13[NET] received packet: from 10.11.11.53[500] to 10.14.11.213[47202] Nov 12 14:56:56 ThinClient charon: 13[ENC] parsed TRANSACTION request 2053778663 [ HASH CP ] ov 12 14:56:56 ThinClient charon: 13[IKE] XAuth authentication of 'richter3' (myself) successful Nov 12 14:56:56 ThinClient charon: 13[IKE] IKE_SA Ipsec zu bb53[6] established between 10.14.11.213[DC=test, DC=testuml, OU=Benutzer, OU=Ipsec Benutzer, CN=i Nov 12 14:56:56 ThinClient charon: 13[IKE] scheduling reauthentication in 92s Nov 12 14:56:56 ThinClient charon: 13[IKE] maximum IKE_SA lifetime 212s Nov 12 14:56:56 ThinClient charon: 13[CFG] nm ike_state_change, my sa = yes, state = 2 Nov 12 14:56:56 ThinClient charon: 13[ENC] generating TRANSACTION response 2053778663 [ HASH CP ] Nov 12 14:56:56 ThinClient charon: 13[NET] sending packet: from 10.14.11.213[47202] to 10.11.11.53[500] Nov 12 14:56:56 ThinClient charon: 13[ENC] generating TRANSACTION request 2528279185 [ HASH CP ] Nov 12 14:56:56 ThinClient charon: 13[NET] sending packet: from 10.14.11.213[47202] to 10.11.11.53[500] Nov 12 14:56:56 ThinClient charon: 16[NET] received packet: from 10.11.11.53[500] to 10.14.11.213[47202] Nov 12 14:56:56 ThinClient charon: 16[ENC] parsed TRANSACTION response 2528279185 [ HASH CP ] Nov 12 14:56:56 ThinClient charon: 16[IKE] installing DNS server 10.11.12.1 via resolvconf Nov 12 14:56:56 ThinClient charon: 16[IKE] installing new virtual IP 10.11.99.2 Nov 12 14:56:57 ThinClient charon: 16[ENC] generating QUICK_MODE request 457155588 [ HASH SA No KE ID ID ] Nov 12 14:56:57 ThinClient charon: 16[NET] sending packet: from 10.14.11.213[47202] to 10.11.11.53[500] Nov 12 14:56:57 ThinClient charon: 15[NET] received packet: from 10.11.11.53[500] to 10.14.11.213[47202] Nov 12 14:56:57 ThinClient charon: 15[ENC] parsed QUICK_MODE response 457155588 [ HASH SA No KE ID ID ] Nov 12 14:56:57 ThinClient charon: 15[CFG] nm child_state_change, my sa = yes, state = 2 Nov 12 14:56:57 ThinClient charon: 15[CFG] nm child_state_change, my sa = yes, state = 3 Nov 12 14:56:57 ThinClient charon: 15[IKE] CHILD_SA Ipsec zu bb53{4} established with SPIs c270d929_i cb7c8081_o and TS 10.11.99.2/32 === 10.11.99.0/24 Nov 12 14:56:57 ThinClient charon: 15[CFG] nm child_updown, my sa = yes, up Nov 12 14:56:57 ThinClient charon: 15[ENC] generating QUICK_MODE request 457155588 [ HASH ] Nov 12 14:56:57 ThinClient charon: 15[NET] sending packet: from 10.14.11.213[47202] to 10.11.11.53[500] Nov 12 14:57:03 ThinClient charon: 16[NET] received packet: from 10.11.11.53[500] to 10.14.11.213[47202] Nov 12 14:57:03 ThinClient charon: 16[ENC] parsed INFORMATIONAL_V1 request 1177115487 [ HASH N(DPD) ] Nov 12 14:57:03 ThinClient charon: 16[ENC] generating INFORMATIONAL_V1 request 3644654542 [ HASH N(DPD_ACK) ] Nov 12 14:57:03 ThinClient charon: 16[NET] sending packet: from 10.14.11.213[47202] to 10.11.11.53[500] Nov 12 14:57:13 ThinClient charon: 03[NET] received packet: from 10.11.11.53[500] to 10.14.11.213[47202] Nov 12 14:57:13 ThinClient charon: 03[ENC] parsed INFORMATIONAL_V1 request 2464019944 [ HASH N(DPD) ] Nov 12 14:57:13 ThinClient charon: 03[ENC] generating INFORMATIONAL_V1 request 3422220081 [ HASH N(DPD_ACK) ] Nov 12 14:57:13 ThinClient charon: 03[NET] sending packet: from 10.14.11.213[47202] to 10.11.11.53[500] Nov 12 14:57:23 ThinClient charon: 13[IKE] sending DPD request Nov 12 14:57:23 ThinClient charon: 13[ENC] generating INFORMATIONAL_V1 request 53821446 [ HASH N(DPD) ] .... Nov 12 14:58:28 ThinClient charon: 16[IKE] reauthenticating IKE_SA Ipsec zu bb53[6] Nov 12 14:58:28 ThinClient charon: 16[IKE] installing new virtual IP 10.11.99.2 Nov 12 14:58:28 ThinClient charon: 16[IKE] initiating Main Mode IKE_SA Ipsec zu bb53[7] to 10.11.11.53 Nov 12 14:58:28 ThinClient charon: 16[ENC] generating ID_PROT request 0 [ SA V V V V ] Nov 12 14:58:28 ThinClient charon: 16[NET] sending packet: from 10.14.11.213[47202] to 10.11.11.53[500] Nov 12 14:58:28 ThinClient charon: 15[NET] received packet: from 10.11.11.53[500] to 10.14.11.213[47202] Nov 12 14:58:28 ThinClient charon: 15[ENC] parsed ID_PROT response 0 [ SA V V V V V ] Nov 12 14:58:28 ThinClient charon: 15[IKE] received strongSwan vendor ID Nov 12 14:58:28 ThinClient charon: 15[IKE] received Cisco Unity vendor ID Nov 12 14:58:28 ThinClient charon: 15[IKE] received XAuth vendor ID Nov 12 14:58:28 ThinClient charon: 15[IKE] received DPD vendor ID Nov 12 14:58:28 ThinClient charon: 15[IKE] received NAT-T (RFC 3947) vendor ID Nov 12 14:58:28 ThinClient charon: 15[ENC] generating ID_PROT request 0 [ KE No NAT-D NAT-D ] Nov 12 14:58:28 ThinClient charon: 15[NET] sending packet: from 10.14.11.213[47202] to 10.11.11.53[500] Nov 12 14:58:29 ThinClient charon: 03[NET] received packet: from 10.11.11.53[500] to 10.14.11.213[47202] Nov 12 14:58:29 ThinClient charon: 03[ENC] parsed ID_PROT response 0 [ KE No CERTREQ NAT-D NAT-D ] Nov 12 14:58:29 ThinClient charon: 03[IKE] ignoring certificate request without data Nov 12 14:58:29 ThinClient charon: 03[IKE] sending cert request for "[email protected], C=DE, ST=M-V, L=Schwerin, O=PKI, OU=DVZ M-V GmbH, CN=PCA2006" Nov 12 14:58:29 ThinClient charon: 03[IKE] sending cert request for "C=DE, O=DVZ M-V GmbH, CN=CA102008" Nov 12 14:58:29 ThinClient charon: 03[IKE] sending cert request for "C=DE, O=DATEV eG, CN=CA DATEV INT 01" Nov 12 14:58:29 ThinClient charon: 03[IKE] sending cert request for "C=DE, O=Zertifizierungsstelle E:Secure, CN=CA E:SECURE 6" Nov 12 14:58:29 ThinClient charon: 03[IKE] sending cert request for "DC=de, DC=demo, OU=Zertifikate, OU=SSLVPN Demo, CN=CA ECOS Demo" Nov 12 14:58:29 ThinClient charon: 03[IKE] sending cert request for "C=DE, ST=M-V, L=Schwerin, O=PKI, OU=DVZ M-V GmbH, CN=CA052006, [email protected]" Nov 12 14:58:29 ThinClient charon: 03[IKE] sending cert request for "DC=test, DC=testuml, OU=Zertifikate, CN=ca test" Nov 12 14:58:29 ThinClient charon: 03[CFG] get_private_by_cert public = 7c:84:9a:9f:49:75:35:f8:a2:77:49:7f:ff:2a:52:f4:3f:d5:00:64 Nov 12 14:58:29 ThinClient charon: 03[CFG] private_key_has_fingerprint FALSE current = 06:66:14:4a:a6:db:d1:12:df:f5:2f:9b:a5:26:e1:28:92:ee:fb:00 fingerpr Nov 12 14:58:29 ThinClient charon: 03[CFG] private_key_has_fingerprint TRUE current = 7c:84:9a:9f:49:75:35:f8:a2:77:49:7f:ff:2a:52:f4:3f:d5:00:64 fingerpri Nov 12 14:58:29 ThinClient charon: 03[IKE] authentication of 'DC=test, DC=testuml, OU=Benutzer, OU=Ipsec Benutzer, CN=ipseccert' (myself) successful Nov 12 14:58:29 ThinClient charon: 03[IKE] sending end entity cert "DC=test, DC=testuml, OU=Benutzer, OU=Ipsec Benutzer, CN=ipseccert" Nov 12 14:58:29 ThinClient charon: 03[ENC] generating ID_PROT request 0 [ ID CERT SIG CERTREQ CERTREQ CERTREQ CERTREQ CERTREQ CERTREQ CERTREQ ] Nov 12 14:58:29 ThinClient charon: 03[NET] sending packet: from 10.14.11.213[47202] to 10.11.11.53[500] Nov 12 14:58:29 ThinClient charon: 14[NET] received packet: from 10.11.11.53[500] to 10.14.11.213[47202] Nov 12 14:58:29 ThinClient charon: 14[ENC] parsed ID_PROT response 0 [ ID CERT SIG ] Nov 12 14:58:29 ThinClient charon: 14[IKE] received end entity cert "DC=test, DC=testuml, OU=Zertifikate, CN=ipsec cert" Nov 12 14:58:29 ThinClient charon: 14[CFG] using certificate "DC=test, DC=testuml, OU=Zertifikate, CN=ipsec cert" Nov 12 14:58:29 ThinClient charon: 14[CFG] using trusted ca certificate "DC=test, DC=testuml, OU=Zertifikate, CN=ca test" Nov 12 14:58:29 ThinClient charon: 14[CFG] checking certificate status of "DC=test, DC=testuml, OU=Zertifikate, CN=ipsec cert" Nov 12 14:58:29 ThinClient charon: 14[CFG] certificate status is not available Nov 12 14:58:29 ThinClient charon: 14[CFG] reached self-signed root ca with a path length of 0 Nov 12 14:58:29 ThinClient charon: 14[IKE] authentication of 'DC=test, DC=testuml, OU=Zertifikate, CN=ipsec cert' with RSA successful Nov 12 14:58:33 ThinClient charon: 16[NET] received packet: from 10.11.11.53[500] to 10.14.11.213[47202] Nov 12 14:58:33 ThinClient charon: 16[ENC] parsed INFORMATIONAL_V1 request 606203659 [ HASH N(DPD) ] Nov 12 14:58:33 ThinClient charon: 03[IKE] sending DPD request Nov 12 14:58:43 ThinClient charon: 14[NET] received packet: from 10.11.11.53[500] to 10.14.11.213[47202] Nov 12 14:58:43 ThinClient charon: 14[ENC] parsed INFORMATIONAL_V1 request 4185063012 [ HASH N(DPD) ] Nov 12 14:58:43 ThinClient charon: 01[IKE] sending DPD request Nov 12 14:58:53 ThinClient charon: 03[NET] received packet: from 10.11.11.53[500] to 10.14.11.213[47202] Nov 12 14:58:53 ThinClient charon: 03[ENC] parsed INFORMATIONAL_V1 request 3679076023 [ HASH N(DPD) ] Nov 12 14:58:53 ThinClient charon: 02[IKE] sending DPD request Nov 12 14:59:03 ThinClient charon: 01[NET] received packet: from 10.11.11.53[500] to 10.14.11.213[47202] Nov 12 14:59:03 ThinClient charon: 01[ENC] parsed INFORMATIONAL_V1 request 2810910974 [ HASH N(DPD) ] Nov 12 14:59:03 ThinClient charon: 13[NET] received packet: from 10.11.11.53[500] to 10.14.11.213[47202] Nov 12 14:59:03 ThinClient charon: 13[ENC] parsed INFORMATIONAL_V1 request 2419136272 [ HASH D ] Nov 12 14:59:03 ThinClient charon: 13[IKE] received DELETE for ESP CHILD_SA with SPI cb7c8081 Nov 12 14:59:03 ThinClient charon: 13[IKE] closing CHILD_SA Ipsec zu bb53{4} with SPIs c270d929_i (0 bytes) cb7c8081_o (0 bytes) and TS 10.11.99.2/32 === 10. Nov 12 14:59:03 ThinClient charon: 15[NET] received packet: from 10.11.11.53[500] to 10.14.11.213[47202] Nov 12 14:59:03 ThinClient charon: 13[CFG] nm child_updown, my sa = no, down Nov 12 14:59:03 ThinClient charon: 15[ENC] parsed INFORMATIONAL_V1 request 620663622 [ HASH D ] Nov 12 14:59:03 ThinClient charon: 15[IKE] received DELETE for IKE_SA Ipsec zu bb53[6] Nov 12 14:59:03 ThinClient charon: 15[IKE] deleting IKE_SA Ipsec zu bb53[6] between 10.14.11.213[DC=test, DC=testuml, OU=Benutzer, OU=Ipsec Benutzer, CN=ipse Nov 12 14:59:03 ThinClient charon: 16[NET] received packet: from 10.11.11.53[500] to 10.14.11.213[47202] Nov 12 14:59:03 ThinClient charon: 16[ENC] parsed INFORMATIONAL_V1 request 2443116413 [ HASH D ] Nov 12 14:59:03 ThinClient charon: 16[IKE] received DELETE for IKE_SA Ipsec zu bb53[7] Nov 12 14:59:03 ThinClient charon: 16[IKE] deleting IKE_SA Ipsec zu bb53[7] between 10.14.11.213[DC=test, DC=testuml, OU=Benutzer, OU=Ipsec Benutzer, CN=ipse Nov 12 14:57:03 bb53 pluto[5852]: packet from 10.14.11.213:47202: received Vendor ID payload [strongSwan] Nov 12 14:57:03 bb53 pluto[5852]: packet from 10.14.11.213:47202: received Vendor ID payload [XAUTH] Nov 12 14:57:03 bb53 pluto[5852]: packet from 10.14.11.213:47202: received Vendor ID payload [RFC 3947] Nov 12 14:57:03 bb53 pluto[5852]: packet from 10.14.11.213:47202: received Vendor ID payload [Dead Peer Detection] Nov 12 14:57:03 bb53 pluto[5852]: "v_ipsec_xauth_server_cert__ipseccert"[3] 10.14.11.213:47202 #9: responding to Main Mode from unknown peer 10.14.11.213:472 Nov 12 14:57:03 bb53 pluto[5852]: "v_ipsec_xauth_server_cert__ipseccert"[3] 10.14.11.213:47202 #9: NAT-Traversal: Result using RFC 3947: no NAT detected Nov 12 14:57:03 bb53 pluto[5852]: "v_ipsec_xauth_server_cert__ipseccert"[3] 10.14.11.213:47202 #9: Peer ID is ID_DER_ASN1_DN: 'DC=test, DC=testuml, OU=Benutz Nov 12 14:57:03 bb53 pluto[5852]: "v_ipsec_xauth_server_cert__ipseccert"[3] 10.14.11.213:47202 #9: crl not found Nov 12 14:57:03 bb53 pluto[5852]: "v_ipsec_xauth_server_cert__ipseccert"[3] 10.14.11.213:47202 #9: certificate status unknown Nov 12 14:57:03 bb53 pluto[5852]: "v_ipsec_xauth_server_cert__ipseccert"[3] 10.14.11.213:47202 #9: we have a cert and are sending it Nov 12 14:57:03 bb53 pluto[5852]: "v_ipsec_xauth_server_cert__ipseccert"[3] 10.14.11.213:47202 #9: sent MR3, ISAKMP SA established Nov 12 14:57:03 bb53 pluto[5852]: "v_ipsec_xauth_server_cert__ipseccert"[3] 10.14.11.213:47202 #9: sending XAUTH request Nov 12 14:57:03 bb53 pluto[5852]: "v_ipsec_xauth_server_cert__ipseccert"[3] 10.14.11.213:47202 #9: parsing XAUTH reply Nov 12 14:57:03 bb53 pluto[5852]: "v_ipsec_xauth_server_cert__ipseccert"[3] 10.14.11.213:47202 #9: get_xauth_secret user=richter3 server=DC=test, DC=testuml, Nov 12 14:57:03 bb53 pluto[5852]: "v_ipsec_xauth_server_cert__ipseccert"[3] 10.14.11.213:47202 #9: extended authentication was successful Nov 12 14:57:03 bb53 pluto[5852]: "v_ipsec_xauth_server_cert__ipseccert"[3] 10.14.11.213:47202 #9: sending XAUTH status Nov 12 14:57:03 bb53 pluto[5852]: "v_ipsec_xauth_server_cert__ipseccert"[3] 10.14.11.213:47202 #9: parsing XAUTH ack Nov 12 14:57:03 bb53 pluto[5852]: "v_ipsec_xauth_server_cert__ipseccert"[3] 10.14.11.213:47202 #9: received XAUTH ack, established Nov 12 14:57:03 bb53 pluto[5852]: "v_ipsec_xauth_server_cert__ipseccert"[3] 10.14.11.213:47202 #9: parsing ModeCfg request Nov 12 14:57:03 bb53 pluto[5852]: "v_ipsec_xauth_server_cert__ipseccert"[3] 10.14.11.213:47202 #9: peer requested virtual IP %any Nov 12 14:57:03 bb53 pluto[5852]: reassigning offline lease to 'richter3' Nov 12 14:57:03 bb53 pluto[5852]: "v_ipsec_xauth_server_cert__ipseccert"[3] 10.14.11.213:47202 #9: assigning virtual IP 10.11.99.2 to peer Nov 12 14:57:03 bb53 pluto[5852]: "v_ipsec_xauth_server_cert__ipseccert"[3] 10.14.11.213:47202 #9: sending ModeCfg reply Nov 12 14:57:03 bb53 pluto[5852]: "v_ipsec_xauth_server_cert__ipseccert"[3] 10.14.11.213:47202 #9: sent ModeCfg reply, established Nov 12 14:57:04 bb53 pluto[5852]: "v_ipsec_xauth_server_cert__ipseccert"[3] 10.14.11.213:47202 #10: responding to Quick Mode Nov 12 14:57:04 bb53 pluto[5852]: "v_ipsec_xauth_server_cert__ipseccert"[3] 10.14.11.213:47202 #10: Dead Peer Detection (RFC 3706) enabled Nov 12 14:57:04 bb53 pluto[5852]: "v_ipsec_xauth_server_cert__ipseccert"[3] 10.14.11.213:47202 #10: IPsec SA established {ESP=>0xc270d929 <0xcb7c8081} Nov 12 14:58:35 bb53 pluto[5852]: packet from 10.14.11.213:47202: received Vendor ID payload [strongSwan] Nov 12 14:58:35 bb53 pluto[5852]: packet from 10.14.11.213:47202: received Vendor ID payload [XAUTH] Nov 12 14:58:35 bb53 pluto[5852]: packet from 10.14.11.213:47202: received Vendor ID payload [RFC 3947] Nov 12 14:58:35 bb53 pluto[5852]: packet from 10.14.11.213:47202: received Vendor ID payload [Dead Peer Detection] Nov 12 14:58:35 bb53 pluto[5852]: "v_ipsec_xauth_server_cert__ipseccert"[3] 10.14.11.213:47202 #11: responding to Main Mode from unknown peer 10.14.11.213:47 Nov 12 14:58:36 bb53 pluto[5852]: "v_ipsec_xauth_server_cert__ipseccert"[3] 10.14.11.213:47202 #11: NAT-Traversal: Result using RFC 3947: no NAT detected Nov 12 14:58:36 bb53 pluto[5852]: "v_ipsec_xauth_server_cert__ipseccert"[3] 10.14.11.213:47202 #11: Peer ID is ID_DER_ASN1_DN: 'DC=test, DC=testuml, OU=Benut Nov 12 14:58:36 bb53 pluto[5852]: "v_ipsec_xauth_server_cert__ipseccert"[3] 10.14.11.213:47202 #11: crl not found Nov 12 14:58:36 bb53 pluto[5852]: "v_ipsec_xauth_server_cert__ipseccert"[3] 10.14.11.213:47202 #11: certificate status unknown Nov 12 14:58:36 bb53 pluto[5852]: "v_ipsec_xauth_server_cert__ipseccert"[3] 10.14.11.213:47202 #11: we have a cert and are sending it Nov 12 14:58:36 bb53 pluto[5852]: "v_ipsec_xauth_server_cert__ipseccert"[3] 10.14.11.213:47202 #11: sent MR3, ISAKMP SA established Nov 12 14:59:10 bb53 pluto[5852]: "v_ipsec_xauth_server_cert__ipseccert"[3] 10.14.11.213:47202 #11: DPD: No response from peer - declaring peer dead Nov 12 14:59:10 bb53 pluto[5852]: "v_ipsec_xauth_server_cert__ipseccert"[3] 10.14.11.213:47202 #11: DPD: Terminating all SAs using this connection Nov 12 14:59:10 bb53 pluto[5852]: "v_ipsec_xauth_server_cert__ipseccert" #10: deleting state (STATE_QUICK_R2) Nov 12 14:59:10 bb53 pluto[5852]: "v_ipsec_xauth_server_cert__ipseccert" #11: deleting state (STATE_MAIN_R3) Nov 12 14:59:10 bb53 pluto[5852]: "v_ipsec_xauth_server_cert__ipseccert" #9: deleting state (STATE_MODE_CFG_R1) Nov 12 14:59:10 bb53 pluto[5852]: DPD: Clearing connection "v_ipsec_xauth_server_cert__ipseccert" Nov 12 14:59:10 bb53 pluto[5852]: "v_ipsec_xauth_server_cert__ipseccert"[3] 10.14.11.213:47202: deleting connection "v_ipsec_xauth_server_cert__ipseccert" in Nov 12 14:59:10 bb53 pluto[5852]: lease 10.11.99.2 by 'richter3' went offline _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
