« previous next »
Pages: [1]

Author Topic: Android can't connect IPSec  (Read 1580 times)

zentyaltester

  • Zen Apprentice
  • *
  • Posts: 19
  • Karma: +0/-0
    • View Profile
Android can't connect IPSec
« on: March 12, 2014, 07:34:23 pm »
Hello,

I try to forward all ipsec request via iptables to my zentyal ipsec server which is running within a virtual machine.
My iptables rules doesn't work.

I tried this:

sudo iptables -A FORWARD ! -s 192.168.0.0/16 -d 192.168.122.2/32 -p udp -m state --state NEW,RELATED,ESTABLISHED -m udp --dport 500 -j ACCEPT
sudo iptables -t nat -A PREROUTING ! -s 192.168.0.0/16 -p udp -m udp --dport 500 -j DNAT --to-destination 192.168.122.2:500

sudo iptables -A FORWARD ! -s 192.168.0.0/16 -d 192.168.122.2/32 -p udp -m state --state NEW,RELATED,ESTABLISHED -m udp --dport 4500 -j ACCEPT
sudo iptables -t nat -A PREROUTING ! -s 192.168.0.0/16 -p udp -m udp --dport 4500 -j DNAT --to-destination 192.168.122.2:4500

Anyone an idea?
« Last Edit: March 15, 2014, 07:34:58 am by zentyaltester »
Logged

zentyaltester

  • Zen Apprentice
  • *
  • Posts: 19
  • Karma: +0/-0
    • View Profile
Re: iptables forward port to IPSec
« Reply #1 on: March 15, 2014, 07:33:54 am »
I try to to connect my android device to zentyal ipsec server. But it doesn't works.

Zentyal IPSec Server Configuration:

Name: IPSecNet
Type: General L2TP/IPSec Settings
Public IP address: 192.168.122.2 --> IPTables forward all traffic to this address
Remote Address: Any
PSK Shared Secret: ipsecserverpassword
Tunnel IP: 192.168.100.101
Primary nameserver: local
Secondary nameserver: not set
WINS server: local
Ranges: 192.168.100.240 - 192.168.100.250

Zentyal IPsec Server User Settings:

User: test.android.user
Password: XXXXX
IP Adddress: 192.168.100.241/32

Android Device IPSec VPN Configuration

Type: L2TP/IPSec PSK
Server Address: Public address of my server
L2TP Key: Not used
IPSec Identifier: IPsecNet
IPsec Pre-Shared Key: ipsecserverpassword

ipsec barf returns the following log messages:

Mar 15 07:12:54 zentyal pluto[29023]: packet from 56.111.111.111:500: ignoring Vendor ID payload [FRAGMENTATION 80000000]
Mar 15 07:12:54 zentyal pluto[29023]: packet from 56.111.111.111:500: received Vendor ID payload [RFC 3947] method set to=109
Mar 15 07:12:54 zentyal pluto[29023]: packet from 56.111.111.111:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 109
Mar 15 07:12:54 zentyal pluto[29023]: packet from 56.111.111.111:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 109
Mar 15 07:12:54 zentyal pluto[29023]: packet from 56.111.111.111:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Mar 15 07:12:54 zentyal pluto[29023]: packet from 56.111.111.111:500: received Vendor ID payload [Dead Peer Detection]
Mar 15 07:12:54 zentyal pluto[29023]: "IPsecNet"[4] 56.111.111.111 #33: Aggressive mode peer ID is ID_KEY_ID: '@#0x49507365634e6574'
Mar 15 07:12:54 zentyal pluto[29023]: "IPsecNet"[4] 56.111.111.111 #33: no suitable connection for peer '@#0x49507365634e6574'
Mar 15 07:12:54 zentyal pluto[29023]: "IPsecNet"[4] 56.111.111.111 #33: initial Aggressive Mode packet claiming to be from 10.222.222.22 on 56.111.111.111 but no connection has been authorized
Mar 15 07:12:54 zentyal pluto[29023]: "IPsecNet"[4] 56.111.111.111 #33: sending notification INVALID_ID_INFORMATION to 56.111.111.111:500
Mar 15 07:12:55 zentyal pluto[29023]: packet from 56.111.111.111:500: ignoring Vendor ID payload [FRAGMENTATION 80000000]
Mar 15 07:12:55 zentyal pluto[29023]: packet from 56.111.111.111:500: received Vendor ID payload [RFC 3947] method set to=109
Mar 15 07:12:55 zentyal pluto[29023]: packet from 56.111.111.111:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 109
Mar 15 07:12:55 zentyal pluto[29023]: packet from 56.111.111.111:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 109
Mar 15 07:12:55 zentyal pluto[29023]: packet from 56.111.111.111:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Mar 15 07:12:55 zentyal pluto[29023]: packet from 56.111.111.111:500: received Vendor ID payload [Dead Peer Detection]
Mar 15 07:12:55 zentyal pluto[29023]: "IPsecNet"[4] 56.111.111.111 #34: Aggressive mode peer ID is ID_KEY_ID: '@#0x49507365634e6574'
Mar 15 07:12:55 zentyal pluto[29023]: "IPsecNet"[4] 56.111.111.111 #34: no suitable connection for peer '@#0x49507365634e6574'
Mar 15 07:12:55 zentyal pluto[29023]: "IPsecNet"[4] 56.111.111.111 #34: initial Aggressive Mode packet claiming to be from 10.222.222.22 on 56.111.111.111 but no connection has been authorized
Mar 15 07:12:55 zentyal pluto[29023]: "IPsecNet"[4] 56.111.111.111 #34: sending notification INVALID_ID_INFORMATION to 56.111.111.111:500
Mar 15 07:12:58 zentyal pluto[29023]: packet from 56.111.111.111:500: ignoring Vendor ID payload [FRAGMENTATION 80000000]
Mar 15 07:12:58 zentyal pluto[29023]: packet from 56.111.111.111:500: received Vendor ID payload [RFC 3947] method set to=109
Mar 15 07:12:58 zentyal pluto[29023]: packet from 56.111.111.111:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 109
Mar 15 07:12:58 zentyal pluto[29023]: packet from 56.111.111.111:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 109
Mar 15 07:12:58 zentyal pluto[29023]: packet from 56.111.111.111:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Mar 15 07:12:58 zentyal pluto[29023]: packet from 56.111.111.111:500: received Vendor ID payload [Dead Peer Detection]
Mar 15 07:12:58 zentyal pluto[29023]: "IPsecNet"[4] 56.111.111.111 #35: Aggressive mode peer ID is ID_KEY_ID: '@#0x49507365634e6574'
Mar 15 07:12:58 zentyal pluto[29023]: "IPsecNet"[4] 56.111.111.111 #35: no suitable connection for peer '@#0x49507365634e6574'
Mar 15 07:12:58 zentyal pluto[29023]: "IPsecNet"[4] 56.111.111.111 #35: initial Aggressive Mode packet claiming to be from 10.222.222.22 on 56.111.111.111 but no connection has been authorized
Mar 15 07:12:58 zentyal pluto[29023]: "IPsecNet"[4] 56.111.111.111 #35: sending notification INVALID_ID_INFORMATION to 56.111.111.111:500
Mar 15 07:13:01 zentyal pluto[29023]: packet from 56.111.111.111:500: ignoring Vendor ID payload [FRAGMENTATION 80000000]
Mar 15 07:13:01 zentyal pluto[29023]: packet from 56.111.111.111:500: received Vendor ID payload [RFC 3947] method set to=109
Mar 15 07:13:01 zentyal pluto[29023]: packet from 56.111.111.111:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 109
Mar 15 07:13:01 zentyal pluto[29023]: packet from 56.111.111.111:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 109
Mar 15 07:13:01 zentyal pluto[29023]: packet from 56.111.111.111:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Mar 15 07:13:01 zentyal pluto[29023]: packet from 56.111.111.111:500: received Vendor ID payload [Dead Peer Detection]
Mar 15 07:13:01 zentyal pluto[29023]: "IPsecNet"[4] 56.111.111.111 #36: Aggressive mode peer ID is ID_KEY_ID: '@#0x49507365634e6574'
Mar 15 07:13:01 zentyal pluto[29023]: "IPsecNet"[4] 56.111.111.111 #36: no suitable connection for peer '@#0x49507365634e6574'
Mar 15 07:13:01 zentyal pluto[29023]: "IPsecNet"[4] 56.111.111.111 #36: initial Aggressive Mode packet claiming to be from 10.222.222.22 on 56.111.111.111 but no connection has been authorized
Mar 15 07:13:01 zentyal pluto[29023]: "IPsecNet"[4] 56.111.111.111 #36: sending notification INVALID_ID_INFORMATION to 56.111.111.111:500
Mar 15 07:13:04 zentyal pluto[29023]: packet from 56.111.111.111:500: ignoring Vendor ID payload [FRAGMENTATION 80000000]
Mar 15 07:13:04 zentyal pluto[29023]: packet from 56.111.111.111:500: received Vendor ID payload [RFC 3947] method set to=109
Mar 15 07:13:04 zentyal pluto[29023]: packet from 56.111.111.111:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 109
Mar 15 07:13:04 zentyal pluto[29023]: packet from 56.111.111.111:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 109
Mar 15 07:13:04 zentyal pluto[29023]: packet from 56.111.111.111:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Mar 15 07:13:04 zentyal pluto[29023]: packet from 56.111.111.111:500: received Vendor ID payload [Dead Peer Detection]
Mar 15 07:13:04 zentyal pluto[29023]: "IPsecNet"[4] 56.111.111.111 #37: Aggressive mode peer ID is ID_KEY_ID: '@#0x49507365634e6574'
Mar 15 07:13:04 zentyal pluto[29023]: "IPsecNet"[4] 56.111.111.111 #37: no suitable connection for peer '@#0x49507365634e6574'
Mar 15 07:13:04 zentyal pluto[29023]: "IPsecNet"[4] 56.111.111.111 #37: initial Aggressive Mode packet claiming to be from 10.222.222.22 on 56.111.111.111 but no connection has been authorized
Mar 15 07:13:04 zentyal pluto[29023]: "IPsecNet"[4] 56.111.111.111 #37: sending notification INVALID_ID_INFORMATION to 56.111.111.111:500
Mar 15 07:13:07 zentyal pluto[29023]: packet from 56.111.111.111:500: ignoring Vendor ID payload [FRAGMENTATION 80000000]
Mar 15 07:13:07 zentyal pluto[29023]: packet from 56.111.111.111:500: received Vendor ID payload [RFC 3947] method set to=109
Mar 15 07:13:07 zentyal pluto[29023]: packet from 56.111.111.111:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 109
Mar 15 07:13:07 zentyal pluto[29023]: packet from 56.111.111.111:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 109
Mar 15 07:13:07 zentyal pluto[29023]: packet from 56.111.111.111:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Mar 15 07:13:07 zentyal pluto[29023]: packet from 56.111.111.111:500: received Vendor ID payload [Dead Peer Detection]
Mar 15 07:13:07 zentyal pluto[29023]: "IPsecNet"[4] 56.111.111.111 #38: Aggressive mode peer ID is ID_KEY_ID: '@#0x49507365634e6574'
Mar 15 07:13:07 zentyal pluto[29023]: "IPsecNet"[4] 56.111.111.111 #38: no suitable connection for peer '@#0x49507365634e6574'
Mar 15 07:13:07 zentyal pluto[29023]: "IPsecNet"[4] 56.111.111.111 #38: initial Aggressive Mode packet claiming to be from 10.222.222.22 on 56.111.111.111 but no connection has been authorized
Mar 15 07:13:07 zentyal pluto[29023]: "IPsecNet"[4] 56.111.111.111 #38: sending notification INVALID_ID_INFORMATION to 56.111.111.111:500
Mar 15 07:13:10 zentyal pluto[29023]: packet from 56.111.111.111:500: ignoring Vendor ID payload [FRAGMENTATION 80000000]
Mar 15 07:13:10 zentyal pluto[29023]: packet from 56.111.111.111:500: received Vendor ID payload [RFC 3947] method set to=109
Mar 15 07:13:10 zentyal pluto[29023]: packet from 56.111.111.111:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 109
Mar 15 07:13:10 zentyal pluto[29023]: packet from 56.111.111.111:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 109
Mar 15 07:13:10 zentyal pluto[29023]: packet from 56.111.111.111:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Mar 15 07:13:10 zentyal pluto[29023]: packet from 56.111.111.111:500: received Vendor ID payload [Dead Peer Detection]
Mar 15 07:13:10 zentyal pluto[29023]: "IPsecNet"[4] 56.111.111.111 #39: Aggressive mode peer ID is ID_KEY_ID: '@#0x49507365634e6574'
Mar 15 07:13:10 zentyal pluto[29023]: "IPsecNet"[4] 56.111.111.111 #39: no suitable connection for peer '@#0x49507365634e6574'
Mar 15 07:13:10 zentyal pluto[29023]: "IPsecNet"[4] 56.111.111.111 #39: initial Aggressive Mode packet claiming to be from 10.222.222.22 on 56.111.111.111 but no connection has been authorized
Mar 15 07:13:10 zentyal pluto[29023]: "IPsecNet"[4] 56.111.111.111 #39: sending notification INVALID_ID_INFORMATION to 56.111.111.111:500
Mar 15 07:13:13 zentyal pluto[29023]: packet from 56.111.111.111:500: ignoring Vendor ID payload [FRAGMENTATION 80000000]
Mar 15 07:13:13 zentyal pluto[29023]: packet from 56.111.111.111:500: received Vendor ID payload [RFC 3947] method set to=109
Mar 15 07:13:13 zentyal pluto[29023]: packet from 56.111.111.111:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 109
Mar 15 07:13:13 zentyal pluto[29023]: packet from 56.111.111.111:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 109
Mar 15 07:13:13 zentyal pluto[29023]: packet from 56.111.111.111:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Mar 15 07:13:13 zentyal pluto[29023]: packet from 56.111.111.111:500: received Vendor ID payload [Dead Peer Detection]
Mar 15 07:13:13 zentyal pluto[29023]: "IPsecNet"[4] 56.111.111.111 #40: Aggressive mode peer ID is ID_KEY_ID: '@#0x49507365634e6574'
Mar 15 07:13:13 zentyal pluto[29023]: "IPsecNet"[4] 56.111.111.111 #40: no suitable connection for peer '@#0x49507365634e6574'
Mar 15 07:13:13 zentyal pluto[29023]: "IPsecNet"[4] 56.111.111.111 #40: initial Aggressive Mode packet claiming to be from 10.222.222.22 on 56.111.111.111 but no connection has been authorized
Mar 15 07:13:13 zentyal pluto[29023]: "IPsecNet"[4] 56.111.111.111 #40: sending notification INVALID_ID_INFORMATION to 56.111.111.111:500
Mar 15 07:13:16 zentyal pluto[29023]: packet from 56.111.111.111:500: ignoring Vendor ID payload [FRAGMENTATION 80000000]
Mar 15 07:13:16 zentyal pluto[29023]: packet from 56.111.111.111:500: received Vendor ID payload [RFC 3947] method set to=109
Mar 15 07:13:16 zentyal pluto[29023]: packet from 56.111.111.111:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 109
Mar 15 07:13:16 zentyal pluto[29023]: packet from 56.111.111.111:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 109
Mar 15 07:13:16 zentyal pluto[29023]: packet from 56.111.111.111:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Mar 15 07:13:16 zentyal pluto[29023]: packet from 56.111.111.111:500: received Vendor ID payload [Dead Peer Detection]
Mar 15 07:13:16 zentyal pluto[29023]: "IPsecNet"[4] 56.111.111.111 #41: Aggressive mode peer ID is ID_KEY_ID: '@#0x49507365634e6574'
Mar 15 07:13:16 zentyal pluto[29023]: "IPsecNet"[4] 56.111.111.111 #41: no suitable connection for peer '@#0x49507365634e6574'
Mar 15 07:13:16 zentyal pluto[29023]: "IPsecNet"[4] 56.111.111.111 #41: initial Aggressive Mode packet claiming to be from 10.222.222.22 on 56.111.111.111 but no connection has been authorized
Mar 15 07:13:16 zentyal pluto[29023]: "IPsecNet"[4] 56.111.111.111 #41: sending notification INVALID_ID_INFORMATION to 56.111.111.111:500
Mar 15 07:13:19 zentyal pluto[29023]: packet from 56.111.111.111:500: ignoring Vendor ID payload [FRAGMENTATION 80000000]
Mar 15 07:13:19 zentyal pluto[29023]: packet from 56.111.111.111:500: received Vendor ID payload [RFC 3947] method set to=109
Mar 15 07:13:19 zentyal pluto[29023]: packet from 56.111.111.111:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 109
Mar 15 07:13:19 zentyal pluto[29023]: packet from 56.111.111.111:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 109
Mar 15 07:13:19 zentyal pluto[29023]: packet from 56.111.111.111:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Mar 15 07:13:19 zentyal pluto[29023]: packet from 56.111.111.111:500: received Vendor ID payload [Dead Peer Detection]
Mar 15 07:13:19 zentyal pluto[29023]: "IPsecNet"[4] 56.111.111.111 #42: Aggressive mode peer ID is ID_KEY_ID: '@#0x49507365634e6574'
Mar 15 07:13:19 zentyal pluto[29023]: "IPsecNet"[4] 56.111.111.111 #42: no suitable connection for peer '@#0x49507365634e6574'
Mar 15 07:13:19 zentyal pluto[29023]: "IPsecNet"[4] 56.111.111.111 #42: initial Aggressive Mode packet claiming to be from 10.222.222.22 on 56.111.111.111 but no connection has been authorized
Mar 15 07:13:19 zentyal pluto[29023]: "IPsecNet"[4] 56.111.111.111 #42: sending notification INVALID_ID_INFORMATION to 56.111.111.111:500

What I am doing wrong?

Thanks in advance for any hints and suggestions.
« Last Edit: March 15, 2014, 07:36:33 am by zentyaltester »
Logged

zentyaltester

  • Zen Apprentice
  • *
  • Posts: 19
  • Karma: +0/-0
    • View Profile
Re: Android can't connect IPSec
« Reply #2 on: March 15, 2014, 07:42:06 am »
If I set the option "IPsec identifier" to "not used" in my android device I got an other error form "ipsec barf":

Mar 15 07:38:03 zentyal pluto[29023]: packet from 56.111.111.111:500: received Vendor ID payload [RFC 3947] method set to=109
Mar 15 07:38:03 zentyal pluto[29023]: packet from 56.111.111.111:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 109
Mar 15 07:38:03 zentyal pluto[29023]: packet from 56.111.111.111:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 109
Mar 15 07:38:03 zentyal pluto[29023]: packet from 56.111.111.111:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Mar 15 07:38:03 zentyal pluto[29023]: packet from 56.111.111.111:500: ignoring Vendor ID payload [FRAGMENTATION 80000000]
Mar 15 07:38:03 zentyal pluto[29023]: packet from 56.111.111.111:500: received Vendor ID payload [Dead Peer Detection]
Mar 15 07:38:03 zentyal pluto[29023]: "IPsecNet"[4] 56.111.111.111 #43: responding to Main Mode from unknown peer 56.111.111.111
Mar 15 07:38:03 zentyal pluto[29023]: "IPsecNet"[4] 56.111.111.111 #43: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Mar 15 07:38:03 zentyal pluto[29023]: "IPsecNet"[4] 56.111.111.111 #43: STATE_MAIN_R1: sent MR1, expecting MI2
Mar 15 07:38:05 zentyal pluto[29023]: packet from 56.111.111.111:500: received Vendor ID payload [RFC 3947] method set to=109
Mar 15 07:38:05 zentyal pluto[29023]: packet from 56.111.111.111:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 109
Mar 15 07:38:05 zentyal pluto[29023]: packet from 56.111.111.111:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 109
Mar 15 07:38:05 zentyal pluto[29023]: packet from 56.111.111.111:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Mar 15 07:38:05 zentyal pluto[29023]: packet from 56.111.111.111:500: ignoring Vendor ID payload [FRAGMENTATION 80000000]
Mar 15 07:38:05 zentyal pluto[29023]: packet from 56.111.111.111:500: received Vendor ID payload [Dead Peer Detection]
Mar 15 07:38:05 zentyal pluto[29023]: "IPsecNet"[4] 56.111.111.111 #44: responding to Main Mode from unknown peer 56.111.111.111
Mar 15 07:38:05 zentyal pluto[29023]: "IPsecNet"[4] 56.111.111.111 #44: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Mar 15 07:38:05 zentyal pluto[29023]: "IPsecNet"[4] 56.111.111.111 #44: STATE_MAIN_R1: sent MR1, expecting MI2
Mar 15 07:38:08 zentyal pluto[29023]: packet from 56.111.111.111:500: received Vendor ID payload [RFC 3947] method set to=109
Mar 15 07:38:08 zentyal pluto[29023]: packet from 56.111.111.111:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 109
Mar 15 07:38:08 zentyal pluto[29023]: packet from 56.111.111.111:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 109
Mar 15 07:38:08 zentyal pluto[29023]: packet from 56.111.111.111:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Mar 15 07:38:08 zentyal pluto[29023]: packet from 56.111.111.111:500: ignoring Vendor ID payload [FRAGMENTATION 80000000]
Mar 15 07:38:08 zentyal pluto[29023]: packet from 56.111.111.111:500: received Vendor ID payload [Dead Peer Detection]
Mar 15 07:38:08 zentyal pluto[29023]: "IPsecNet"[4] 56.111.111.111 #45: responding to Main Mode from unknown peer 56.111.111.111
Mar 15 07:38:08 zentyal pluto[29023]: "IPsecNet"[4] 56.111.111.111 #45: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Mar 15 07:38:08 zentyal pluto[29023]: "IPsecNet"[4] 56.111.111.111 #45: STATE_MAIN_R1: sent MR1, expecting MI2
Mar 15 07:38:11 zentyal pluto[29023]: packet from 56.111.111.111:500: received Vendor ID payload [RFC 3947] method set to=109
Mar 15 07:38:11 zentyal pluto[29023]: packet from 56.111.111.111:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 109
Mar 15 07:38:11 zentyal pluto[29023]: packet from 56.111.111.111:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 109
Mar 15 07:38:11 zentyal pluto[29023]: packet from 56.111.111.111:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Mar 15 07:38:11 zentyal pluto[29023]: packet from 56.111.111.111:500: ignoring Vendor ID payload [FRAGMENTATION 80000000]
Mar 15 07:38:11 zentyal pluto[29023]: packet from 56.111.111.111:500: received Vendor ID payload [Dead Peer Detection]
Mar 15 07:38:11 zentyal pluto[29023]: "IPsecNet"[4] 56.111.111.111 #46: responding to Main Mode from unknown peer 56.111.111.111
Mar 15 07:38:11 zentyal pluto[29023]: "IPsecNet"[4] 56.111.111.111 #46: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Mar 15 07:38:11 zentyal pluto[29023]: "IPsecNet"[4] 56.111.111.111 #46: STATE_MAIN_R1: sent MR1, expecting MI2
Mar 15 07:38:14 zentyal pluto[29023]: packet from 56.111.111.111:500: received Vendor ID payload [RFC 3947] method set to=109
Mar 15 07:38:14 zentyal pluto[29023]: packet from 56.111.111.111:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 109
Mar 15 07:38:14 zentyal pluto[29023]: packet from 56.111.111.111:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 109
Mar 15 07:38:14 zentyal pluto[29023]: packet from 56.111.111.111:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Mar 15 07:38:14 zentyal pluto[29023]: packet from 56.111.111.111:500: ignoring Vendor ID payload [FRAGMENTATION 80000000]
Mar 15 07:38:14 zentyal pluto[29023]: packet from 56.111.111.111:500: received Vendor ID payload [Dead Peer Detection]
Mar 15 07:38:14 zentyal pluto[29023]: "IPsecNet"[4] 56.111.111.111 #47: responding to Main Mode from unknown peer 56.111.111.111
Mar 15 07:38:14 zentyal pluto[29023]: "IPsecNet"[4] 56.111.111.111 #47: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Mar 15 07:38:14 zentyal pluto[29023]: "IPsecNet"[4] 56.111.111.111 #47: STATE_MAIN_R1: sent MR1, expecting MI2
Mar 15 07:38:17 zentyal pluto[29023]: packet from 56.111.111.111:500: received Vendor ID payload [RFC 3947] method set to=109
Mar 15 07:38:17 zentyal pluto[29023]: packet from 56.111.111.111:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 109
Mar 15 07:38:17 zentyal pluto[29023]: packet from 56.111.111.111:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 109
Mar 15 07:38:17 zentyal pluto[29023]: packet from 56.111.111.111:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Mar 15 07:38:17 zentyal pluto[29023]: packet from 56.111.111.111:500: ignoring Vendor ID payload [FRAGMENTATION 80000000]
Mar 15 07:38:17 zentyal pluto[29023]: packet from 56.111.111.111:500: received Vendor ID payload [Dead Peer Detection]
Mar 15 07:38:17 zentyal pluto[29023]: "IPsecNet"[4] 56.111.111.111 #48: responding to Main Mode from unknown peer 56.111.111.111
Mar 15 07:38:17 zentyal pluto[29023]: "IPsecNet"[4] 56.111.111.111 #48: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Mar 15 07:38:17 zentyal pluto[29023]: "IPsecNet"[4] 56.111.111.111 #48: STATE_MAIN_R1: sent MR1, expecting MI2
Mar 15 07:38:18 zentyal pluto[29023]: "IPsecNet"[4] 56.111.111.111 #45: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): both are NATed
Mar 15 07:38:18 zentyal pluto[29023]: "IPsecNet"[4] 56.111.111.111 #45: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Mar 15 07:38:18 zentyal pluto[29023]: "IPsecNet"[4] 56.111.111.111 #45: STATE_MAIN_R2: sent MR2, expecting MI3
Mar 15 07:38:18 zentyal pluto[29023]: "IPsecNet"[4] 56.111.111.111 #45: Main mode peer ID is ID_IPV4_ADDR: '10.222.222.22'
Mar 15 07:38:18 zentyal pluto[29023]: "IPsecNet"[4] 56.111.111.111 #45: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Mar 15 07:38:18 zentyal pluto[29023]: "IPsecNet"[4] 56.111.111.111 #45: new NAT mapping for #45, was 56.111.111.111:500, now 56.111.111.111:4500
Mar 15 07:38:18 zentyal pluto[29023]: "IPsecNet"[4] 56.111.111.111 #45: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=aes_256 prf=oakley_sha group=modp1024}
Mar 15 07:38:18 zentyal pluto[29023]: "IPsecNet"[4] 56.111.111.111 #45: ignoring informational payload, type IPSEC_INITIAL_CONTACT msgid=00000000
Mar 15 07:38:18 zentyal pluto[29023]: "IPsecNet"[4] 56.111.111.111 #45: received and ignored informational message
Mar 15 07:38:19 zentyal pluto[29023]: "IPsecNet"[4] 56.111.111.111 #45: the peer proposed: 144.33.33.22/32:17/1701 -> 10.222.222.22/32:17/0
Mar 15 07:38:19 zentyal pluto[29023]: "IPsecNet"[4] 56.111.111.111 #49: responding to Quick Mode proposal {msgid:21a303bc}
Mar 15 07:38:19 zentyal pluto[29023]: "IPsecNet"[4] 56.111.111.111 #49:     us: 192.168.122.2<192.168.122.2>[+S=C]:17/1701
Mar 15 07:38:19 zentyal pluto[29023]: "IPsecNet"[4] 56.111.111.111 #49:   them: 56.111.111.111[10.222.222.22,+S=C]:17/0
Mar 15 07:38:19 zentyal pluto[29023]: "IPsecNet"[4] 56.111.111.111 #49: keeping refhim=4294901761 during rekey
Mar 15 07:38:19 zentyal pluto[29023]: "IPsecNet"[4] 56.111.111.111 #49: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Mar 15 07:38:19 zentyal pluto[29023]: "IPsecNet"[4] 56.111.111.111 #49: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
Mar 15 07:38:19 zentyal pluto[29023]: "IPsecNet"[4] 56.111.111.111 #49: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Mar 15 07:38:19 zentyal pluto[29023]: "IPsecNet"[4] 56.111.111.111 #49: STATE_QUICK_R2: IPsec SA established tunnel mode {ESP=>0x081c45f7 <0x5b05c5f3 xfrm=AES_256-HMAC_SHA1 NATOA=none NATD=56.111.111.111:4500 DPD=none}
Mar 15 07:38:24 zentyal pluto[29023]: ERROR: asynchronous network error report on eth0 (sport=4500) for message to 56.111.111.111 port 4500, complainant 56.111.111.111: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)]
Mar 15 07:38:24 zentyal pluto[29023]: ERROR: asynchronous network error report on eth0 (sport=4500) for message to 56.111.111.111 port 4500, complainant 56.111.111.111: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)]
Mar 15 07:38:25 zentyal pluto[29023]: "IPsecNet"[4] 56.111.111.111 #47: ERROR: asynchronous network error report on eth0 (sport=500) for message to 56.111.111.111 port 500, complainant 56.111.111.111: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)]
Mar 15 07:38:26 zentyal pluto[29023]: ERROR: asynchronous network error report on eth0 (sport=4500) for message to 56.111.111.111 port 4500, complainant 56.111.111.111: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)]
Mar 15 07:38:26 zentyal pluto[29023]: ERROR: asynchronous network error report on eth0 (sport=4500) for message to 56.111.111.111 port 4500, complainant 56.111.111.111: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)]
Mar 15 07:38:28 zentyal pluto[29023]: "IPsecNet"[4] 56.111.111.111 #48: ERROR: asynchronous network error report on eth0 (sport=500) for message to 56.111.111.111 port 500, complainant 56.111.111.111: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)]
Mar 15 07:38:33 zentyal pluto[29023]: "IPsecNet"[4] 56.111.111.111 #43: ERROR: asynchronous network error report on eth0 (sport=500) for message to 56.111.111.111 port 500, complainant 56.111.111.111: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)]
Mar 15 07:38:35 zentyal pluto[29023]: "IPsecNet"[4] 56.111.111.111 #44: ERROR: asynchronous network error report on eth0 (sport=500) for message to 56.111.111.111 port 500, complainant 56.111.111.111: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)]
Mar 15 07:38:41 zentyal pluto[29023]: "IPsecNet"[4] 56.111.111.111 #46: ERROR: asynchronous network error report on eth0 (sport=500) for message to 56.111.111.111 port 500, complainant 56.111.111.111: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)]
Mar 15 07:38:44 zentyal pluto[29023]: "IPsecNet"[4] 56.111.111.111 #47: ERROR: asynchronous network error report on eth0 (sport=500) for message to 56.111.111.111 port 500, complainant 56.111.111.111: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)]
Mar 15 07:38:47 zentyal pluto[29023]: "IPsecNet"[4] 56.111.111.111 #48: ERROR: asynchronous network error report on eth0 (sport=500) for message to 56.111.111.111 port 500, complainant 56.111.111.111: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)]


Logged
Pages: [1]
« previous next »