Firewall Log von Tag 2010-10-15.Section: ipsec Oct 14 09:56:45 ipsec_setup Stopping Openswan IPsec... Oct 14 09:56:45 ipsec_setup stop ordered, but IPsec appears to be already stopped! Oct 14 09:56:45 ipsec_setup doing cleanup anyway... Oct 14 09:56:45 ipsec_setup ...Openswan IPsec stopped Oct 14 09:57:37 ipsec_setup Stopping Openswan IPsec... Oct 14 09:57:37 ipsec_setup stop ordered, but IPsec appears to be already stopped! Oct 14 09:57:37 ipsec_setup doing cleanup anyway... Oct 14 09:57:37 ipsec_setup ...Openswan IPsec stopped Oct 14 10:24:10 ipsec_setup Stopping Openswan IPsec... Oct 14 10:24:10 ipsec_setup stop ordered, but IPsec appears to be already stopped! Oct 14 10:24:10 ipsec_setup doing cleanup anyway... Oct 14 10:24:10 ipsec_setup ...Openswan IPsec stopped Oct 14 10:27:48 ipsec_setup Stopping Openswan IPsec... Oct 14 10:27:48 ipsec_setup stop ordered, but IPsec appears to be already stopped! Oct 14 10:27:48 ipsec_setup doing cleanup anyway... Oct 14 10:27:48 ipsec_setup ...Openswan IPsec stopped Oct 14 12:29:02 ipsec_setup Stopping Openswan IPsec... Oct 14 12:29:02 ipsec_setup stop ordered, but IPsec appears to be already stopped! Oct 14 12:29:02 ipsec_setup doing cleanup anyway... Oct 14 12:29:02 ipsec_setup ...Openswan IPsec stopped Oct 14 12:29:02 ipsec_setup Starting Openswan IPsec 2.6.24... Oct 14 12:29:02 ipsec_setup Using KLIPS/legacy stack Oct 14 12:29:04 ipsec_setup KLIPS debug `none' Oct 14 12:29:04 ipsec_setup KLIPS ipsec0 on eth2 XXX.XXX.XXX.31/255.255.255.192 broadcast XXX.XXX.XXX.63 Oct 14 12:29:04 ipsec__plutorun Starting Pluto subsystem... Oct 14 12:29:05 ipsec_setup ...Openswan IPsec started Oct 14 12:29:05 ipsec__plutorun adjusting ipsec.d to /etc/ipsec/ipsec.d Oct 14 12:29:05 pluto[18013] Starting Pluto (Openswan Version 2.6.24; Vendor ID OEU}`hAnwstx) pid:18013 Oct 14 12:29:05 pluto[18013] Setting NAT-Traversal port-4500 floating to on Oct 14 12:29:05 pluto[18013] port floating activation criteria nat_t=1/port_float=1 Oct 14 12:29:05 pluto[18013] NAT-Traversal support [enabled] Oct 14 12:29:05 pluto[18013] using /dev/urandom as source of random entropy Oct 14 12:29:05 pluto[18013] ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC_SSH: Ok (ret=0) Oct 14 12:29:05 pluto[18013] ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC: Ok (ret=0) Oct 14 12:29:05 pluto[18013] ike_alg_register_enc(): Activating OAKLEY_SERPENT_CBC: Ok (ret=0) Oct 14 12:29:05 pluto[18013] ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0) Oct 14 12:29:05 pluto[18013] ike_alg_register_enc(): Activating OAKLEY_BLOWFISH_CBC: Ok (ret=0) Oct 14 12:29:05 pluto[18013] ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok (ret=0) Oct 14 12:29:05 pluto[18013] ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok (ret=0) Oct 14 12:29:05 pluto[18013] starting up 1 cryptographic helpers Oct 14 12:29:05 pluto[18021] using /dev/urandom as source of random entropy Oct 14 12:29:05 pluto[18013] started helper pid=18021 (fd:5) Oct 14 12:29:05 pluto[18013] Using KLIPS IPsec interface code on 2.6.27.19-72.e25 Oct 14 12:29:05 pluto[18013] Changed path to directory '/etc/ipsec/ipsec.d/cacerts' Oct 14 12:29:05 pluto[18013] Could not change to directory '/etc/ipsec/ipsec.d/aacerts': /home/httpd/cgi-bin Oct 14 12:29:05 pluto[18013] Could not change to directory '/etc/ipsec/ipsec.d/ocspcerts': /home/httpd/cgi-bin Oct 14 12:29:05 pluto[18013] Changing to directory '/etc/ipsec/ipsec.d/crls' Oct 14 12:29:05 pluto[18013] Warning: empty directory Oct 14 12:29:05 pluto[18013] listening for IKE messages Oct 14 12:29:05 pluto[18013] NAT-Traversal: Trying new style NAT-T Oct 14 12:29:05 pluto[18013] adding interface ipsec0/eth2 XXX.XXX.XXX.31:500 Oct 14 12:29:05 pluto[18013] adding interface ipsec0/eth2 XXX.XXX.XXX.31:4500 Oct 14 12:29:05 pluto[18013] loading secrets from "/etc/ipsec/ipsec.secrets" Oct 14 12:29:05 ipsec__plutorun: 003 NAT-Traversal Trying new style NAT-T Oct 14 13:33:16 pluto[18013] shutting down interface ipsec0/eth2 XXX.XXX.XXX.31:4500 Oct 14 13:33:16 pluto[18013] shutting down interface ipsec0/eth2 XXX.XXX.XXX.31:500 Oct 14 13:33:16 pluto[18013] ADNS process terminated by signal 15 Oct 14 13:37:11 ipsec_setup Stopping Openswan IPsec... Oct 14 13:37:11 ipsec_setup stop ordered, but IPsec appears to be already stopped! Oct 14 13:37:11 ipsec_setup doing cleanup anyway... Oct 14 13:37:11 ipsec_setup ...Openswan IPsec stopped Oct 14 13:37:11 ipsec_setup Starting Openswan IPsec 2.6.24... Oct 14 13:37:11 ipsec_setup Using KLIPS/legacy stack Oct 14 13:37:13 ipsec_setup KLIPS debug `none' Oct 14 13:37:13 ipsec_setup KLIPS ipsec0 on eth2 XXX.XXX.XXX.31/255.255.255.192 broadcast XXX.XXX.XXX.63 Oct 14 13:37:14 ipsec__plutorun Starting Pluto subsystem... Oct 14 13:37:14 ipsec_setup ...Openswan IPsec started Oct 14 13:37:14 ipsec__plutorun adjusting ipsec.d to /etc/ipsec/ipsec.d Oct 14 13:37:14 pluto[4970] Starting Pluto (Openswan Version 2.6.24; Vendor ID OEU}`hAnwstx) pid:4970 Oct 14 13:37:14 pluto[4970] Setting NAT-Traversal port-4500 floating to on Oct 14 13:37:14 pluto[4970] port floating activation criteria nat_t=1/port_float=1 Oct 14 13:37:14 pluto[4970] NAT-Traversal support [enabled] Oct 14 13:37:14 pluto[4970] using /dev/urandom as source of random entropy Oct 14 13:37:14 pluto[4970] ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC_SSH: Ok (ret=0) Oct 14 13:37:14 pluto[4970] ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC: Ok (ret=0) Oct 14 13:37:14 pluto[4970] ike_alg_register_enc(): Activating OAKLEY_SERPENT_CBC: Ok (ret=0) Oct 14 13:37:14 pluto[4970] ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0) Oct 14 13:37:14 pluto[4970] ike_alg_register_enc(): Activating OAKLEY_BLOWFISH_CBC: Ok (ret=0) Oct 14 13:37:14 pluto[4970] ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok (ret=0) Oct 14 13:37:14 pluto[4970] ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok (ret=0) Oct 14 13:37:14 pluto[4970] starting up 1 cryptographic helpers Oct 14 13:37:14 pluto[4978] using /dev/urandom as source of random entropy Oct 14 13:37:14 pluto[4970] started helper pid=4978 (fd:5) Oct 14 13:37:14 pluto[4970] Using KLIPS IPsec interface code on 2.6.27.19-72.e25 Oct 14 13:37:14 pluto[4970] Changed path to directory '/etc/ipsec/ipsec.d/cacerts' Oct 14 13:37:14 pluto[4970] loaded CA cert file 'cacert.pem' (1269 bytes) Oct 14 13:37:14 pluto[4970] Could not change to directory '/etc/ipsec/ipsec.d/aacerts': / Oct 14 13:37:14 pluto[4970] Could not change to directory '/etc/ipsec/ipsec.d/ocspcerts': / Oct 14 13:37:14 pluto[4970] Changing to directory '/etc/ipsec/ipsec.d/crls' Oct 14 13:37:14 pluto[4970] Warning: empty directory Oct 14 13:37:14 pluto[4970] listening for IKE messages Oct 14 13:37:14 pluto[4970] NAT-Traversal: Trying new style NAT-T Oct 14 13:37:14 pluto[4970] adding interface ipsec0/eth2 XXX.XXX.XXX.31:500 Oct 14 13:37:14 pluto[4970] adding interface ipsec0/eth2 XXX.XXX.XXX.31:4500 Oct 14 13:37:14 pluto[4970] loading secrets from "/etc/ipsec/ipsec.secrets" Oct 14 13:37:14 pluto[4970] loaded private key file '/etc/ipsec/ipsec.d/certs/hostkey.pem' (887 bytes) Oct 14 13:37:14 pluto[4970] loaded private key for keyid: PPK_RSA:AwEAAdwtb Oct 14 13:37:14 ipsec__plutorun: 003 NAT-Traversal Trying new style NAT-T Oct 14 13:38:47 ipsec_setup Stopping Openswan IPsec... Oct 14 13:38:47 pluto[4970] shutting down Oct 14 13:38:47 pluto[4970] forgetting secrets Oct 14 13:38:47 pluto[4970] shutting down interface ipsec0/eth2 XXX.XXX.XXX.31:4500 Oct 14 13:38:47 pluto[4970] shutting down interface ipsec0/eth2 XXX.XXX.XXX.31:500 Oct 14 13:38:48 pluto[4978] pluto_crypto_helper: helper (0) is normal exiting Oct 14 13:38:49 ipsec_setup ...Openswan IPsec stopped Oct 14 13:38:50 ipsec_setup Starting Openswan IPsec 2.6.24... Oct 14 13:38:50 ipsec_setup Using KLIPS/legacy stack Oct 14 13:38:52 ipsec_setup KLIPS debug `none' Oct 14 13:38:52 ipsec_setup KLIPS ipsec0 on eth2 XXX.XXX.XXX.31/255.255.255.192 broadcast XXX.XXX.XXX.63 Oct 14 13:38:52 ipsec__plutorun Starting Pluto subsystem... Oct 14 13:38:52 ipsec__plutorun adjusting ipsec.d to /etc/ipsec/ipsec.d Oct 14 13:38:52 pluto[5585] Starting Pluto (Openswan Version 2.6.24; Vendor ID OEU}`hAnwstx) pid:5585 Oct 14 13:38:52 pluto[5585] Setting NAT-Traversal port-4500 floating to on Oct 14 13:38:52 pluto[5585] port floating activation criteria nat_t=1/port_float=1 Oct 14 13:38:52 pluto[5585] NAT-Traversal support [enabled] Oct 14 13:38:52 pluto[5585] using /dev/urandom as source of random entropy Oct 14 13:38:52 pluto[5585] ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC_SSH: Ok (ret=0) Oct 14 13:38:52 pluto[5585] ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC: Ok (ret=0) Oct 14 13:38:52 pluto[5585] ike_alg_register_enc(): Activating OAKLEY_SERPENT_CBC: Ok (ret=0) Oct 14 13:38:52 pluto[5585] ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0) Oct 14 13:38:52 pluto[5585] ike_alg_register_enc(): Activating OAKLEY_BLOWFISH_CBC: Ok (ret=0) Oct 14 13:38:52 pluto[5585] ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok (ret=0) Oct 14 13:38:52 pluto[5585] ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok (ret=0) Oct 14 13:38:52 pluto[5585] starting up 1 cryptographic helpers Oct 14 13:38:52 pluto[5591] using /dev/urandom as source of random entropy Oct 14 13:38:52 ipsec_setup ...Openswan IPsec started Oct 14 13:38:52 pluto[5585] started helper pid=5591 (fd:5) Oct 14 13:38:52 pluto[5585] Using KLIPS IPsec interface code on 2.6.27.19-72.e25 Oct 14 13:38:52 pluto[5585] Changed path to directory '/etc/ipsec/ipsec.d/cacerts' Oct 14 13:38:52 pluto[5585] loaded CA cert file 'cacert.pem' (1269 bytes) Oct 14 13:38:52 pluto[5585] Could not change to directory '/etc/ipsec/ipsec.d/aacerts': / Oct 14 13:38:52 pluto[5585] Could not change to directory '/etc/ipsec/ipsec.d/ocspcerts': / Oct 14 13:38:52 pluto[5585] Changing to directory '/etc/ipsec/ipsec.d/crls' Oct 14 13:38:52 pluto[5585] Warning: empty directory Oct 14 13:38:52 pluto[5585] listening for IKE messages Oct 14 13:38:52 pluto[5585] NAT-Traversal: Trying new style NAT-T Oct 14 13:38:52 pluto[5585] adding interface ipsec0/eth2 XXX.XXX.XXX.31:500 Oct 14 13:38:52 pluto[5585] adding interface ipsec0/eth2 XXX.XXX.XXX.31:4500 Oct 14 13:38:52 pluto[5585] loading secrets from "/etc/ipsec/ipsec.secrets" Oct 14 13:38:52 pluto[5585] loaded private key file '/etc/ipsec/ipsec.d/certs/hostkey.pem' (887 bytes) Oct 14 13:38:52 pluto[5585] loaded private key for keyid: PPK_RSA:AwEAAdwtb Oct 14 13:38:52 ipsec__plutorun: 003 NAT-Traversal Trying new style NAT-T Oct 14 13:56:52 ipsec_setup Stopping Openswan IPsec... Oct 14 13:56:52 pluto[5585] shutting down Oct 14 13:56:52 pluto[5585] forgetting secrets Oct 14 13:56:52 pluto[5585] shutting down interface ipsec0/eth2 XXX.XXX.XXX.31:4500 Oct 14 13:56:52 pluto[5585] shutting down interface ipsec0/eth2 XXX.XXX.XXX.31:500 Oct 14 13:56:53 pluto[5591] pluto_crypto_helper: helper (0) is normal exiting Oct 14 13:56:54 ipsec_setup ...Openswan IPsec stopped Oct 14 13:56:55 ipsec_setup Starting Openswan IPsec 2.6.24... Oct 14 13:56:55 ipsec_setup Using KLIPS/legacy stack Oct 14 13:56:56 ipsec_setup KLIPS debug `none' Oct 14 13:56:56 ipsec_setup KLIPS ipsec0 on eth2 XXX.XXX.XXX.31/255.255.255.192 broadcast XXX.XXX.XXX.63 Oct 14 13:56:56 ipsec__plutorun Starting Pluto subsystem... Oct 14 13:56:56 pluto[7621] Starting Pluto (Openswan Version 2.6.24; Vendor ID OEU}`hAnwstx) pid:7621 Oct 14 13:56:56 pluto[7621] Setting NAT-Traversal port-4500 floating to on Oct 14 13:56:56 pluto[7621] port floating activation criteria nat_t=1/port_float=1 Oct 14 13:56:56 pluto[7621] NAT-Traversal support [enabled] Oct 14 13:56:56 pluto[7621] using /dev/urandom as source of random entropy Oct 14 13:56:56 pluto[7621] ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC_SSH: Ok (ret=0) Oct 14 13:56:56 ipsec__plutorun adjusting ipsec.d to /etc/ipsec/ipsec.d Oct 14 13:56:56 pluto[7621] ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC: Ok (ret=0) Oct 14 13:56:56 pluto[7621] ike_alg_register_enc(): Activating OAKLEY_SERPENT_CBC: Ok (ret=0) Oct 14 13:56:56 pluto[7621] ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0) Oct 14 13:56:56 pluto[7621] ike_alg_register_enc(): Activating OAKLEY_BLOWFISH_CBC: Ok (ret=0) Oct 14 13:56:56 pluto[7621] ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok (ret=0) Oct 14 13:56:56 pluto[7621] ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok (ret=0) Oct 14 13:56:56 pluto[7621] starting up 1 cryptographic helpers Oct 14 13:56:56 pluto[7625] using /dev/urandom as source of random entropy Oct 14 13:56:56 pluto[7621] started helper pid=7625 (fd:5) Oct 14 13:56:56 ipsec_setup ...Openswan IPsec started Oct 14 13:56:56 pluto[7621] Using KLIPS IPsec interface code on 2.6.27.19-72.e25 Oct 14 13:56:56 pluto[7621] Changed path to directory '/etc/ipsec/ipsec.d/cacerts' Oct 14 13:56:56 pluto[7621] loaded CA cert file 'cacert.pem' (1269 bytes) Oct 14 13:56:56 pluto[7621] Could not change to directory '/etc/ipsec/ipsec.d/aacerts': /home/httpd/cgi-bin Oct 14 13:56:56 pluto[7621] Could not change to directory '/etc/ipsec/ipsec.d/ocspcerts': /home/httpd/cgi-bin Oct 14 13:56:56 pluto[7621] Changing to directory '/etc/ipsec/ipsec.d/crls' Oct 14 13:56:56 pluto[7621] Warning: empty directory Oct 14 13:56:56 pluto[7621] loading certificate from hostcert.pem Oct 14 13:56:56 pluto[7621] loaded host cert file '/etc/ipsec/ipsec.d/certs/hostcert.pem' (1143 bytes) Oct 14 13:56:56 pluto[7621] loading certificate from Zweigstellecert.pem Oct 14 13:56:56 pluto[7621] loaded host cert file '/etc/ipsec/ipsec.d/certs/Zweigstellecert.pem' (1269 bytes) Oct 14 13:56:56 pluto[7621] added connection description "Zweigstelle" Oct 14 13:56:56 ipsec__plutorun 002 loading certificate from hostcert.pem Oct 14 13:56:56 ipsec__plutorun 002 loaded host cert file '/etc/ipsec/ipsec.d/certs/hostcert.pem' (1143 bytes) Oct 14 13:56:56 ipsec__plutorun 002 loading certificate from Zweigstellecert.pem Oct 14 13:56:56 ipsec__plutorun 002 loaded host cert file '/etc/ipsec/ipsec.d/certs/Zweigstellecert.pem' (1269 bytes) Oct 14 13:56:56 ipsec__plutorun 002 added connection description "Zweigstelle" Oct 14 13:56:56 pluto[7621] listening for IKE messages Oct 14 13:56:56 pluto[7621] NAT-Traversal: Trying new style NAT-T Oct 14 13:56:56 pluto[7621] adding interface ipsec0/eth2 XXX.XXX.XXX.31:500 Oct 14 13:56:56 pluto[7621] adding interface ipsec0/eth2 XXX.XXX.XXX.31:4500 Oct 14 13:56:56 pluto[7621] loading secrets from "/etc/ipsec/ipsec.secrets" Oct 14 13:56:56 pluto[7621] loaded private key file '/etc/ipsec/ipsec.d/certs/hostkey.pem' (887 bytes) Oct 14 13:56:56 pluto[7621] loaded private key for keyid: PPK_RSA:AwEAAdwtb Oct 14 13:56:56 ipsec__plutorun: 003 NAT-Traversal Trying new style NAT-T Oct 14 13:56:57 pluto[7621] "Zweigstelle" #1: initiating Main Mode Oct 14 13:56:57 ipsec__plutorun: 104 "Zweigstelle" #1: STATE_MAIN_I1 initiate Oct 14 13:57:00 pluto[7621] "Zweigstelle" #1: ERROR: asynchronous network error report on eth2 (sport=500) for message to YYY.YYY.YYY.221 port 500, complainant XXX.XXX.XXX.31: No route to host [errno 113, origin ICMP type 3 code 1 (not authenticated)] Oct 14 13:57:10 pluto[7621] "Zweigstelle" #1: ERROR: asynchronous network error report on eth2 (sport=500) for message to YYY.YYY.YYY.221 port 500, complainant XXX.XXX.XXX.31: No route to host [errno 113, origin ICMP type 3 code 1 (not authenticated)] Oct 14 13:57:30 pluto[7621] "Zweigstelle" #1: ERROR: asynchronous network error report on eth2 (sport=500) for message to YYY.YYY.YYY.221 port 500, complainant XXX.XXX.XXX.31: No route to host [errno 113, origin ICMP type 3 code 1 (not authenticated)] Oct 14 13:57:45 ipsec_setup Stopping Openswan IPsec... Oct 14 13:57:45 pluto[7621] shutting down Oct 14 13:57:45 pluto[7621] forgetting secrets Oct 14 13:57:45 pluto[7621] "Zweigstelle": deleting connection Oct 14 13:57:45 pluto[7621] "Zweigstelle" #1: deleting state (STATE_MAIN_I1) Oct 14 13:57:45 pluto[7621] shutting down interface ipsec0/eth2 XXX.XXX.XXX.31:4500 Oct 14 13:57:45 pluto[7621] shutting down interface ipsec0/eth2 XXX.XXX.XXX.31:500 Oct 14 13:57:46 pluto[7625] pluto_crypto_helper: helper (0) is normal exiting Oct 14 13:57:47 ipsec_setup ...Openswan IPsec stopped Oct 14 13:57:47 ipsec_setup Starting Openswan IPsec 2.6.24... Oct 14 13:57:47 ipsec_setup Using KLIPS/legacy stack Oct 14 13:57:48 ipsec_setup KLIPS debug `none' Oct 14 13:57:48 ipsec_setup KLIPS ipsec0 on eth2 XXX.XXX.XXX.31/255.255.255.192 broadcast XXX.XXX.XXX.63 Oct 14 13:57:48 ipsec__plutorun Starting Pluto subsystem... Oct 14 13:57:48 pluto[7856] Starting Pluto (Openswan Version 2.6.24; Vendor ID OEU}`hAnwstx) pid:7856 Oct 14 13:57:48 pluto[7856] Setting NAT-Traversal port-4500 floating to on Oct 14 13:57:48 pluto[7856] port floating activation criteria nat_t=1/port_float=1 Oct 14 13:57:48 pluto[7856] NAT-Traversal support [enabled] Oct 14 13:57:48 pluto[7856] using /dev/urandom as source of random entropy Oct 14 13:57:48 pluto[7856] ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC_SSH: Ok (ret=0) Oct 14 13:57:49 ipsec__plutorun adjusting ipsec.d to /etc/ipsec/ipsec.d Oct 14 13:57:49 pluto[7856] ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC: Ok (ret=0) Oct 14 13:57:49 pluto[7856] ike_alg_register_enc(): Activating OAKLEY_SERPENT_CBC: Ok (ret=0) Oct 14 13:57:49 pluto[7856] ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0) Oct 14 13:57:49 pluto[7856] ike_alg_register_enc(): Activating OAKLEY_BLOWFISH_CBC: Ok (ret=0) Oct 14 13:57:49 pluto[7856] ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok (ret=0) Oct 14 13:57:49 pluto[7856] ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok (ret=0) Oct 14 13:57:49 pluto[7856] starting up 1 cryptographic helpers Oct 14 13:57:49 pluto[7860] using /dev/urandom as source of random entropy Oct 14 13:57:49 pluto[7856] started helper pid=7860 (fd:5) Oct 14 13:57:49 pluto[7856] Using KLIPS IPsec interface code on 2.6.27.19-72.e25 Oct 14 13:57:49 ipsec_setup ...Openswan IPsec started Oct 14 13:57:49 pluto[7856] Changed path to directory '/etc/ipsec/ipsec.d/cacerts' Oct 14 13:57:49 pluto[7856] loaded CA cert file 'cacert.pem' (1269 bytes) Oct 14 13:57:49 pluto[7856] Could not change to directory '/etc/ipsec/ipsec.d/aacerts': /home/httpd/cgi-bin Oct 14 13:57:49 pluto[7856] Could not change to directory '/etc/ipsec/ipsec.d/ocspcerts': /home/httpd/cgi-bin Oct 14 13:57:49 pluto[7856] Changing to directory '/etc/ipsec/ipsec.d/crls' Oct 14 13:57:49 pluto[7856] Warning: empty directory Oct 14 13:57:49 pluto[7856] loading certificate from hostcert.pem Oct 14 13:57:49 pluto[7856] loaded host cert file '/etc/ipsec/ipsec.d/certs/hostcert.pem' (1143 bytes) Oct 14 13:57:49 pluto[7856] loading certificate from Zweigstellecert.pem Oct 14 13:57:49 pluto[7856] loaded host cert file '/etc/ipsec/ipsec.d/certs/Zweigstellecert.pem' (1269 bytes) Oct 14 13:57:49 pluto[7856] added connection description "Zweigstelle" Oct 14 13:57:49 ipsec__plutorun 002 loading certificate from hostcert.pem Oct 14 13:57:49 ipsec__plutorun 002 loaded host cert file '/etc/ipsec/ipsec.d/certs/hostcert.pem' (1143 bytes) Oct 14 13:57:49 ipsec__plutorun 002 loading certificate from Zweigstellecert.pem Oct 14 13:57:49 ipsec__plutorun 002 loaded host cert file '/etc/ipsec/ipsec.d/certs/Zweigstellecert.pem' (1269 bytes) Oct 14 13:57:49 ipsec__plutorun 002 added connection description "Zweigstelle" Oct 14 13:57:49 pluto[7856] listening for IKE messages Oct 14 13:57:49 pluto[7856] NAT-Traversal: Trying new style NAT-T Oct 14 13:57:49 pluto[7856] adding interface ipsec0/eth2 XXX.XXX.XXX.31:500 Oct 14 13:57:49 pluto[7856] adding interface ipsec0/eth2 XXX.XXX.XXX.31:4500 Oct 14 13:57:49 pluto[7856] loading secrets from "/etc/ipsec/ipsec.secrets" Oct 14 13:57:49 pluto[7856] loaded private key file '/etc/ipsec/ipsec.d/certs/hostkey.pem' (887 bytes) Oct 14 13:57:49 pluto[7856] loaded private key for keyid: PPK_RSA:AwEAAdwtb Oct 14 13:57:49 ipsec__plutorun: 003 NAT-Traversal Trying new style NAT-T Oct 14 13:57:49 pluto[7856] "Zweigstelle" #1: initiating Main Mode Oct 14 13:57:49 ipsec__plutorun: 104 "Zweigstelle" #1: STATE_MAIN_I1 initiate Oct 14 13:57:52 pluto[7856] "Zweigstelle" #1: ERROR: asynchronous network error report on eth2 (sport=500) for message to YYY.YYY.YYY.221 port 500, complainant XXX.XXX.XXX.31: No route to host [errno 113, origin ICMP type 3 code 1 (not authenticated)] Oct 14 13:58:02 pluto[7856] "Zweigstelle" #1: ERROR: asynchronous network error report on eth2 (sport=500) for message to YYY.YYY.YYY.221 port 500, complainant XXX.XXX.XXX.31: No route to host [errno 113, origin ICMP type 3 code 1 (not authenticated)] Oct 14 13:58:22 pluto[7856] "Zweigstelle" #1: ERROR: asynchronous network error report on eth2 (sport=500) for message to YYY.YYY.YYY.221 port 500, complainant XXX.XXX.XXX.31: No route to host [errno 113, origin ICMP type 3 code 1 (not authenticated)] Oct 14 13:59:02 pluto[7856] "Zweigstelle" #1: ERROR: asynchronous network error report on eth2 (sport=500) for message to YYY.YYY.YYY.221 port 500, complainant XXX.XXX.XXX.31: No route to host [errno 113, origin ICMP type 3 code 1 (not authenticated)] Oct 14 13:59:42 pluto[7856] "Zweigstelle" #1: ERROR: asynchronous network error report on eth2 (sport=500) for message to YYY.YYY.YYY.221 port 500, complainant XXX.XXX.XXX.31: No route to host [errno 113, origin ICMP type 3 code 1 (not authenticated)] Oct 14 14:00:22 pluto[7856] "Zweigstelle" #1: ERROR: asynchronous network error report on eth2 (sport=500) for message to YYY.YYY.YYY.221 port 500, complainant XXX.XXX.XXX.31: No route to host [errno 113, origin ICMP type 3 code 1 (not authenticated)] Oct 14 14:00:37 ipsec_setup Stopping Openswan IPsec... Oct 14 14:00:37 pluto[7856] shutting down Oct 14 14:00:37 pluto[7856] forgetting secrets Oct 14 14:00:37 pluto[7856] "Zweigstelle": deleting connection Oct 14 14:00:37 pluto[7856] "Zweigstelle" #1: deleting state (STATE_MAIN_I1) Oct 14 14:00:37 pluto[7856] shutting down interface ipsec0/eth2 XXX.XXX.XXX.31:4500 Oct 14 14:00:37 pluto[7856] shutting down interface ipsec0/eth2 XXX.XXX.XXX.31:500 Oct 14 14:00:38 pluto[7860] pluto_crypto_helper: helper (0) is normal exiting Oct 14 14:00:39 ipsec_setup ...Openswan IPsec stopped Oct 14 14:00:39 ipsec_setup Starting Openswan IPsec 2.6.24... Oct 14 14:00:39 ipsec_setup Using KLIPS/legacy stack Oct 14 14:00:40 ipsec_setup KLIPS debug `none' Oct 14 14:00:40 ipsec_setup KLIPS ipsec0 on eth2 XXX.XXX.XXX.31/255.255.255.192 broadcast XXX.XXX.XXX.63 Oct 14 14:00:40 ipsec__plutorun Starting Pluto subsystem... Oct 14 14:00:40 pluto[8442] Starting Pluto (Openswan Version 2.6.24; Vendor ID OEU}`hAnwstx) pid:8442 Oct 14 14:00:40 pluto[8442] Setting NAT-Traversal port-4500 floating to on Oct 14 14:00:40 pluto[8442] port floating activation criteria nat_t=1/port_float=1 Oct 14 14:00:40 pluto[8442] NAT-Traversal support [enabled] Oct 14 14:00:40 pluto[8442] using /dev/urandom as source of random entropy Oct 14 14:00:40 pluto[8442] ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC_SSH: Ok (ret=0) Oct 14 14:00:40 ipsec__plutorun adjusting ipsec.d to /etc/ipsec/ipsec.d Oct 14 14:00:40 pluto[8442] ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC: Ok (ret=0) Oct 14 14:00:40 pluto[8442] ike_alg_register_enc(): Activating OAKLEY_SERPENT_CBC: Ok (ret=0) Oct 14 14:00:40 pluto[8442] ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0) Oct 14 14:00:40 pluto[8442] ike_alg_register_enc(): Activating OAKLEY_BLOWFISH_CBC: Ok (ret=0) Oct 14 14:00:40 pluto[8442] ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok (ret=0) Oct 14 14:00:40 pluto[8442] ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok (ret=0) Oct 14 14:00:40 pluto[8442] starting up 1 cryptographic helpers Oct 14 14:00:40 pluto[8446] using /dev/urandom as source of random entropy Oct 14 14:00:40 pluto[8442] started helper pid=8446 (fd:5) Oct 14 14:00:40 pluto[8442] Using KLIPS IPsec interface code on 2.6.27.19-72.e25 Oct 14 14:00:40 ipsec_setup ...Openswan IPsec started Oct 14 14:00:40 pluto[8442] Changed path to directory '/etc/ipsec/ipsec.d/cacerts' Oct 14 14:00:40 pluto[8442] loaded CA cert file 'routercert.pem' (1269 bytes) Oct 14 14:00:40 pluto[8442] loaded CA cert file 'cacert.pem' (1269 bytes) Oct 14 14:00:40 pluto[8442] Could not change to directory '/etc/ipsec/ipsec.d/aacerts': /home/httpd/cgi-bin Oct 14 14:00:40 pluto[8442] Could not change to directory '/etc/ipsec/ipsec.d/ocspcerts': /home/httpd/cgi-bin Oct 14 14:00:40 pluto[8442] Changing to directory '/etc/ipsec/ipsec.d/crls' Oct 14 14:00:40 pluto[8442] Warning: empty directory Oct 14 14:00:41 pluto[8442] loading certificate from hostcert.pem Oct 14 14:00:41 pluto[8442] loaded host cert file '/etc/ipsec/ipsec.d/certs/hostcert.pem' (1143 bytes) Oct 14 14:00:41 pluto[8442] loading certificate from Zweigstellecert.pem Oct 14 14:00:41 pluto[8442] loaded host cert file '/etc/ipsec/ipsec.d/certs/Zweigstellecert.pem' (1269 bytes) Oct 14 14:00:41 pluto[8442] added connection description "Zweigstelle" Oct 14 14:00:41 ipsec__plutorun 002 loading certificate from hostcert.pem Oct 14 14:00:41 ipsec__plutorun 002 loaded host cert file '/etc/ipsec/ipsec.d/certs/hostcert.pem' (1143 bytes) Oct 14 14:00:41 ipsec__plutorun 002 loading certificate from Zweigstellecert.pem Oct 14 14:00:41 ipsec__plutorun 002 loaded host cert file '/etc/ipsec/ipsec.d/certs/Zweigstellecert.pem' (1269 bytes) Oct 14 14:00:41 ipsec__plutorun 002 added connection description "Zweigstelle" Oct 14 14:00:41 pluto[8442] listening for IKE messages Oct 14 14:00:41 pluto[8442] NAT-Traversal: Trying new style NAT-T Oct 14 14:00:41 pluto[8442] adding interface ipsec0/eth2 XXX.XXX.XXX.31:500 Oct 14 14:00:41 pluto[8442] adding interface ipsec0/eth2 XXX.XXX.XXX.31:4500 Oct 14 14:00:41 pluto[8442] loading secrets from "/etc/ipsec/ipsec.secrets" Oct 14 14:00:41 pluto[8442] loaded private key file '/etc/ipsec/ipsec.d/certs/hostkey.pem' (887 bytes) Oct 14 14:00:41 pluto[8442] loaded private key for keyid: PPK_RSA:AwEAAdwtb Oct 14 14:00:41 ipsec__plutorun: 003 NAT-Traversal Trying new style NAT-T Oct 14 14:00:41 pluto[8442] "Zweigstelle" #1: initiating Main Mode Oct 14 14:00:41 ipsec__plutorun: 104 "Zweigstelle" #1: STATE_MAIN_I1 initiate Oct 14 14:00:44 pluto[8442] "Zweigstelle" #1: ERROR: asynchronous network error report on eth2 (sport=500) for message to YYY.YYY.YYY.221 port 500, complainant XXX.XXX.XXX.31: No route to host [errno 113, origin ICMP type 3 code 1 (not authenticated)] Oct 14 14:00:54 pluto[8442] "Zweigstelle" #1: ERROR: asynchronous network error report on eth2 (sport=500) for message to YYY.YYY.YYY.221 port 500, complainant XXX.XXX.XXX.31: No route to host [errno 113, origin ICMP type 3 code 1 (not authenticated)] Oct 14 14:01:04 ipsec_setup Stopping Openswan IPsec... Oct 14 14:01:04 pluto[8442] shutting down Oct 14 14:01:04 pluto[8442] forgetting secrets Oct 14 14:01:04 pluto[8442] "Zweigstelle": deleting connection Oct 14 14:01:04 pluto[8442] "Zweigstelle" #1: deleting state (STATE_MAIN_I1) Oct 14 14:01:04 pluto[8442] shutting down interface ipsec0/eth2 XXX.XXX.XXX.31:4500 Oct 14 14:01:04 pluto[8442] shutting down interface ipsec0/eth2 XXX.XXX.XXX.31:500 Oct 14 14:01:05 pluto[8446] pluto_crypto_helper: helper (0) is normal exiting Oct 14 14:01:06 ipsec_setup ...Openswan IPsec stopped Oct 14 14:01:07 ipsec_setup Starting Openswan IPsec 2.6.24... Oct 14 14:01:07 ipsec_setup Using KLIPS/legacy stack Oct 14 14:01:08 ipsec_setup KLIPS debug `none' Oct 14 14:01:08 ipsec_setup KLIPS ipsec0 on eth2 XXX.XXX.XXX.31/255.255.255.192 broadcast XXX.XXX.XXX.63 Oct 14 14:01:08 ipsec__plutorun Starting Pluto subsystem... Oct 14 14:01:08 pluto[8736] Starting Pluto (Openswan Version 2.6.24; Vendor ID OEU}`hAnwstx) pid:8736 Oct 14 14:01:08 pluto[8736] Setting NAT-Traversal port-4500 floating to on Oct 14 14:01:08 pluto[8736] port floating activation criteria nat_t=1/port_float=1 Oct 14 14:01:08 pluto[8736] NAT-Traversal support [enabled] Oct 14 14:01:08 pluto[8736] using /dev/urandom as source of random entropy Oct 14 14:01:08 pluto[8736] ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC_SSH: Ok (ret=0) Oct 14 14:01:08 ipsec__plutorun adjusting ipsec.d to /etc/ipsec/ipsec.d Oct 14 14:01:08 pluto[8736] ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC: Ok (ret=0) Oct 14 14:01:08 pluto[8736] ike_alg_register_enc(): Activating OAKLEY_SERPENT_CBC: Ok (ret=0) Oct 14 14:01:08 pluto[8736] ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0) Oct 14 14:01:08 pluto[8736] ike_alg_register_enc(): Activating OAKLEY_BLOWFISH_CBC: Ok (ret=0) Oct 14 14:01:08 pluto[8736] ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok (ret=0) Oct 14 14:01:08 pluto[8736] ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok (ret=0) Oct 14 14:01:08 pluto[8736] starting up 1 cryptographic helpers Oct 14 14:01:08 pluto[8740] using /dev/urandom as source of random entropy Oct 14 14:01:08 pluto[8736] started helper pid=8740 (fd:5) Oct 14 14:01:08 pluto[8736] Using KLIPS IPsec interface code on 2.6.27.19-72.e25 Oct 14 14:01:08 ipsec_setup ...Openswan IPsec started Oct 14 14:01:08 pluto[8736] Changed path to directory '/etc/ipsec/ipsec.d/cacerts' Oct 14 14:01:08 pluto[8736] loaded CA cert file 'routercert.pem' (1269 bytes) Oct 14 14:01:08 pluto[8736] loaded CA cert file 'cacert.pem' (1269 bytes) Oct 14 14:01:08 pluto[8736] Could not change to directory '/etc/ipsec/ipsec.d/aacerts': /home/httpd/cgi-bin Oct 14 14:01:08 pluto[8736] Could not change to directory '/etc/ipsec/ipsec.d/ocspcerts': /home/httpd/cgi-bin Oct 14 14:01:08 pluto[8736] Changing to directory '/etc/ipsec/ipsec.d/crls' Oct 14 14:01:08 pluto[8736] Warning: empty directory Oct 14 14:01:08 pluto[8736] listening for IKE messages Oct 14 14:01:08 pluto[8736] NAT-Traversal: Trying new style NAT-T Oct 14 14:01:08 pluto[8736] adding interface ipsec0/eth2 XXX.XXX.XXX.31:500 Oct 14 14:01:08 pluto[8736] adding interface ipsec0/eth2 XXX.XXX.XXX.31:4500 Oct 14 14:01:08 pluto[8736] loading secrets from "/etc/ipsec/ipsec.secrets" Oct 14 14:01:08 pluto[8736] loaded private key file '/etc/ipsec/ipsec.d/certs/hostkey.pem' (887 bytes) Oct 14 14:01:08 pluto[8736] loaded private key for keyid: PPK_RSA:AwEAAdwtb Oct 14 14:01:08 ipsec__plutorun: 003 NAT-Traversal Trying new style NAT-T Oct 14 14:01:13 ipsec_setup Stopping Openswan IPsec... Oct 14 14:01:13 pluto[8736] shutting down Oct 14 14:01:13 pluto[8736] forgetting secrets Oct 14 14:01:13 pluto[8736] shutting down interface ipsec0/eth2 XXX.XXX.XXX.31:4500 Oct 14 14:01:13 pluto[8736] shutting down interface ipsec0/eth2 XXX.XXX.XXX.31:500 Oct 14 14:01:14 pluto[8740] pluto_crypto_helper: helper (0) is normal exiting Oct 14 14:01:15 ipsec_setup ...Openswan IPsec stopped Oct 14 14:01:15 ipsec_setup Starting Openswan IPsec 2.6.24... Oct 14 14:01:15 ipsec_setup Using KLIPS/legacy stack Oct 14 14:01:16 ipsec_setup KLIPS debug `none' Oct 14 14:01:16 ipsec_setup KLIPS ipsec0 on eth2 XXX.XXX.XXX.31/255.255.255.192 broadcast XXX.XXX.XXX.63 Oct 14 14:01:16 ipsec__plutorun Starting Pluto subsystem... Oct 14 14:01:16 pluto[8930] Starting Pluto (Openswan Version 2.6.24; Vendor ID OEU}`hAnwstx) pid:8930 Oct 14 14:01:16 pluto[8930] Setting NAT-Traversal port-4500 floating to on Oct 14 14:01:16 pluto[8930] port floating activation criteria nat_t=1/port_float=1 Oct 14 14:01:16 pluto[8930] NAT-Traversal support [enabled] Oct 14 14:01:16 pluto[8930] using /dev/urandom as source of random entropy Oct 14 14:01:16 pluto[8930] ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC_SSH: Ok (ret=0) Oct 14 14:01:16 ipsec__plutorun adjusting ipsec.d to /etc/ipsec/ipsec.d Oct 14 14:01:16 pluto[8930] ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC: Ok (ret=0) Oct 14 14:01:16 pluto[8930] ike_alg_register_enc(): Activating OAKLEY_SERPENT_CBC: Ok (ret=0) Oct 14 14:01:16 pluto[8930] ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0) Oct 14 14:01:16 pluto[8930] ike_alg_register_enc(): Activating OAKLEY_BLOWFISH_CBC: Ok (ret=0) Oct 14 14:01:16 pluto[8930] ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok (ret=0) Oct 14 14:01:16 pluto[8930] ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok (ret=0) Oct 14 14:01:16 pluto[8930] starting up 1 cryptographic helpers Oct 14 14:01:17 pluto[8934] using /dev/urandom as source of random entropy Oct 14 14:01:17 pluto[8930] started helper pid=8934 (fd:5) Oct 14 14:01:17 pluto[8930] Using KLIPS IPsec interface code on 2.6.27.19-72.e25 Oct 14 14:01:17 ipsec_setup ...Openswan IPsec started Oct 14 14:01:17 pluto[8930] Changed path to directory '/etc/ipsec/ipsec.d/cacerts' Oct 14 14:01:17 pluto[8930] loaded CA cert file 'cacert.pem' (1269 bytes) Oct 14 14:01:17 pluto[8930] Could not change to directory '/etc/ipsec/ipsec.d/aacerts': /home/httpd/cgi-bin Oct 14 14:01:17 pluto[8930] Could not change to directory '/etc/ipsec/ipsec.d/ocspcerts': /home/httpd/cgi-bin Oct 14 14:01:17 pluto[8930] Changing to directory '/etc/ipsec/ipsec.d/crls' Oct 14 14:01:17 pluto[8930] Warning: empty directory Oct 14 14:01:17 pluto[8930] listening for IKE messages Oct 14 14:01:17 pluto[8930] NAT-Traversal: Trying new style NAT-T Oct 14 14:01:17 pluto[8930] adding interface ipsec0/eth2 XXX.XXX.XXX.31:500 Oct 14 14:01:17 pluto[8930] adding interface ipsec0/eth2 XXX.XXX.XXX.31:4500 Oct 14 14:01:17 pluto[8930] loading secrets from "/etc/ipsec/ipsec.secrets" Oct 14 14:01:17 pluto[8930] loaded private key file '/etc/ipsec/ipsec.d/certs/hostkey.pem' (887 bytes) Oct 14 14:01:17 pluto[8930] loaded private key for keyid: PPK_RSA:AwEAAdwtb Oct 14 14:01:17 ipsec__plutorun: 003 NAT-Traversal Trying new style NAT-T Oct 14 14:01:57 ipsec_setup Stopping Openswan IPsec... Oct 14 14:01:57 pluto[8930] shutting down Oct 14 14:01:57 pluto[8930] forgetting secrets Oct 14 14:01:57 pluto[8930] shutting down interface ipsec0/eth2 XXX.XXX.XXX.31:4500 Oct 14 14:01:57 pluto[8930] shutting down interface ipsec0/eth2 XXX.XXX.XXX.31:500 Oct 14 14:01:58 pluto[8934] pluto_crypto_helper: helper (0) is normal exiting Oct 14 14:01:59 ipsec_setup ...Openswan IPsec stopped Oct 14 14:01:59 ipsec_setup Starting Openswan IPsec 2.6.24... Oct 14 14:01:59 ipsec_setup Using KLIPS/legacy stack Oct 14 14:02:00 ipsec_setup KLIPS debug `none' Oct 14 14:02:00 ipsec_setup KLIPS ipsec0 on eth2 XXX.XXX.XXX.31/255.255.255.192 broadcast XXX.XXX.XXX.63 Oct 14 14:02:01 ipsec__plutorun Starting Pluto subsystem... Oct 14 14:02:01 pluto[9140] Starting Pluto (Openswan Version 2.6.24; Vendor ID OEU}`hAnwstx) pid:9140 Oct 14 14:02:01 pluto[9140] Setting NAT-Traversal port-4500 floating to on Oct 14 14:02:01 pluto[9140] port floating activation criteria nat_t=1/port_float=1 Oct 14 14:02:01 pluto[9140] NAT-Traversal support [enabled] Oct 14 14:02:01 pluto[9140] using /dev/urandom as source of random entropy Oct 14 14:02:01 pluto[9140] ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC_SSH: Ok (ret=0) Oct 14 14:02:01 ipsec__plutorun adjusting ipsec.d to /etc/ipsec/ipsec.d Oct 14 14:02:01 pluto[9140] ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC: Ok (ret=0) Oct 14 14:02:01 pluto[9140] ike_alg_register_enc(): Activating OAKLEY_SERPENT_CBC: Ok (ret=0) Oct 14 14:02:01 pluto[9140] ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0) Oct 14 14:02:01 pluto[9140] ike_alg_register_enc(): Activating OAKLEY_BLOWFISH_CBC: Ok (ret=0) Oct 14 14:02:01 pluto[9140] ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok (ret=0) Oct 14 14:02:01 pluto[9140] ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok (ret=0) Oct 14 14:02:01 pluto[9140] starting up 1 cryptographic helpers Oct 14 14:02:01 pluto[9144] using /dev/urandom as source of random entropy Oct 14 14:02:01 pluto[9140] started helper pid=9144 (fd:5) Oct 14 14:02:01 pluto[9140] Using KLIPS IPsec interface code on 2.6.27.19-72.e25 Oct 14 14:02:01 ipsec_setup ...Openswan IPsec started Oct 14 14:02:01 pluto[9140] Changed path to directory '/etc/ipsec/ipsec.d/cacerts' Oct 14 14:02:01 pluto[9140] loaded CA cert file 'cacert.pem' (1269 bytes) Oct 14 14:02:01 pluto[9140] Could not change to directory '/etc/ipsec/ipsec.d/aacerts': /home/httpd/cgi-bin Oct 14 14:02:01 pluto[9140] Could not change to directory '/etc/ipsec/ipsec.d/ocspcerts': /home/httpd/cgi-bin Oct 14 14:02:01 pluto[9140] Changing to directory '/etc/ipsec/ipsec.d/crls' Oct 14 14:02:01 pluto[9140] Warning: empty directory Oct 14 14:02:01 pluto[9140] loading certificate from hostcert.pem Oct 14 14:02:01 pluto[9140] loaded host cert file '/etc/ipsec/ipsec.d/certs/hostcert.pem' (1143 bytes) Oct 14 14:02:01 pluto[9140] loading certificate from Zweigstellecert.pem Oct 14 14:02:01 pluto[9140] loaded host cert file '/etc/ipsec/ipsec.d/certs/Zweigstellecert.pem' (1269 bytes) Oct 14 14:02:01 pluto[9140] added connection description "Zweigstelle" Oct 14 14:02:01 ipsec__plutorun 002 loading certificate from hostcert.pem Oct 14 14:02:01 ipsec__plutorun 002 loaded host cert file '/etc/ipsec/ipsec.d/certs/hostcert.pem' (1143 bytes) Oct 14 14:02:01 ipsec__plutorun 002 loading certificate from Zweigstellecert.pem Oct 14 14:02:01 ipsec__plutorun 002 loaded host cert file '/etc/ipsec/ipsec.d/certs/Zweigstellecert.pem' (1269 bytes) Oct 14 14:02:01 ipsec__plutorun 002 added connection description "Zweigstelle" Oct 14 14:02:01 pluto[9140] listening for IKE messages Oct 14 14:02:01 pluto[9140] NAT-Traversal: Trying new style NAT-T Oct 14 14:02:01 pluto[9140] adding interface ipsec0/eth2 XXX.XXX.XXX.31:500 Oct 14 14:02:01 pluto[9140] adding interface ipsec0/eth2 XXX.XXX.XXX.31:4500 Oct 14 14:02:01 pluto[9140] loading secrets from "/etc/ipsec/ipsec.secrets" Oct 14 14:02:01 pluto[9140] loaded private key file '/etc/ipsec/ipsec.d/certs/hostkey.pem' (887 bytes) Oct 14 14:02:01 pluto[9140] loaded private key for keyid: PPK_RSA:AwEAAdwtb Oct 14 14:02:01 ipsec__plutorun: 003 NAT-Traversal Trying new style NAT-T Oct 14 14:02:01 pluto[9140] "Zweigstelle" #1: initiating Main Mode Oct 14 14:02:01 ipsec__plutorun: 104 "Zweigstelle" #1: STATE_MAIN_I1 initiate Oct 14 14:02:04 pluto[9140] "Zweigstelle" #1: ERROR: asynchronous network error report on eth2 (sport=500) for message to YYY.YYY.YYY.221 port 500, complainant XXX.XXX.XXX.31: No route to host [errno 113, origin ICMP type 3 code 1 (not authenticated)] Oct 14 14:02:14 pluto[9140] "Zweigstelle" #1: ERROR: asynchronous network error report on eth2 (sport=500) for message to YYY.YYY.YYY.221 port 500, complainant XXX.XXX.XXX.31: No route to host [errno 113, origin ICMP type 3 code 1 (not authenticated)] Oct 14 14:02:34 pluto[9140] "Zweigstelle" #1: ERROR: asynchronous network error report on eth2 (sport=500) for message to YYY.YYY.YYY.221 port 500, complainant XXX.XXX.XXX.31: No route to host [errno 113, origin ICMP type 3 code 1 (not authenticated)] Oct 14 14:03:14 pluto[9140] "Zweigstelle" #1: ERROR: asynchronous network error report on eth2 (sport=500) for message to YYY.YYY.YYY.221 port 500, complainant XXX.XXX.XXX.31: No route to host [errno 113, origin ICMP type 3 code 1 (not authenticated)] Oct 14 14:03:20 pluto[9140] forgetting secrets Oct 14 14:03:20 pluto[9140] "Zweigstelle": deleting connection Oct 14 14:03:20 pluto[9140] "Zweigstelle" #1: deleting state (STATE_MAIN_I1) Oct 14 14:07:00 ipsec_setup Stopping Openswan IPsec... Oct 14 14:07:00 ipsec_setup stop ordered, but IPsec appears to be already stopped! Oct 14 14:07:00 ipsec_setup doing cleanup anyway... Oct 14 14:07:01 ipsec_setup ...Openswan IPsec stopped Oct 14 14:07:01 ipsec_setup Starting Openswan IPsec 2.6.24... Oct 14 14:07:01 ipsec_setup Using KLIPS/legacy stack Oct 14 14:07:03 ipsec_setup KLIPS debug `none' Oct 14 14:07:03 ipsec_setup KLIPS ipsec0 on eth2 XXX.XXX.XXX.31/255.255.255.192 broadcast XXX.XXX.XXX.63 Oct 14 14:07:03 ipsec__plutorun Starting Pluto subsystem... Oct 14 14:07:03 ipsec_setup ...Openswan IPsec started Oct 14 14:07:03 ipsec__plutorun adjusting ipsec.d to /etc/ipsec/ipsec.d Oct 14 14:07:03 pluto[4905] Starting Pluto (Openswan Version 2.6.24; Vendor ID OEU}`hAnwstx) pid:4905 Oct 14 14:07:03 pluto[4905] Setting NAT-Traversal port-4500 floating to on Oct 14 14:07:03 pluto[4905] port floating activation criteria nat_t=1/port_float=1 Oct 14 14:07:03 pluto[4905] NAT-Traversal support [enabled] Oct 14 14:07:03 pluto[4905] using /dev/urandom as source of random entropy Oct 14 14:07:03 pluto[4905] ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC_SSH: Ok (ret=0) Oct 14 14:07:03 pluto[4905] ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC: Ok (ret=0) Oct 14 14:07:03 pluto[4905] ike_alg_register_enc(): Activating OAKLEY_SERPENT_CBC: Ok (ret=0) Oct 14 14:07:03 pluto[4905] ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0) Oct 14 14:07:03 pluto[4905] ike_alg_register_enc(): Activating OAKLEY_BLOWFISH_CBC: Ok (ret=0) Oct 14 14:07:03 pluto[4905] ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok (ret=0) Oct 14 14:07:03 pluto[4905] ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok (ret=0) Oct 14 14:07:03 pluto[4905] starting up 1 cryptographic helpers Oct 14 14:07:03 pluto[4913] using /dev/urandom as source of random entropy Oct 14 14:07:04 pluto[4905] started helper pid=4913 (fd:5) Oct 14 14:07:04 pluto[4905] Using KLIPS IPsec interface code on 2.6.27.19-72.e25 Oct 14 14:07:04 pluto[4905] Changed path to directory '/etc/ipsec/ipsec.d/cacerts' Oct 14 14:07:04 pluto[4905] loaded CA cert file 'cacert.pem' (1269 bytes) Oct 14 14:07:04 pluto[4905] Could not change to directory '/etc/ipsec/ipsec.d/aacerts': / Oct 14 14:07:04 pluto[4905] Could not change to directory '/etc/ipsec/ipsec.d/ocspcerts': / Oct 14 14:07:04 pluto[4905] Changing to directory '/etc/ipsec/ipsec.d/crls' Oct 14 14:07:04 pluto[4905] Warning: empty directory Oct 14 14:07:04 pluto[4905] loading certificate from hostcert.pem Oct 14 14:07:04 pluto[4905] loaded host cert file '/etc/ipsec/ipsec.d/certs/hostcert.pem' (1143 bytes) Oct 14 14:07:04 pluto[4905] loading certificate from Zweigstellecert.pem Oct 14 14:07:04 ipsec__plutorun 002 loading certificate from hostcert.pem Oct 14 14:07:04 ipsec__plutorun 002 loaded host cert file '/etc/ipsec/ipsec.d/certs/hostcert.pem' (1143 bytes) Oct 14 14:07:04 ipsec__plutorun 002 loading certificate from Zweigstellecert.pem Oct 14 14:07:04 pluto[4905] loaded host cert file '/etc/ipsec/ipsec.d/certs/Zweigstellecert.pem' (1269 bytes) Oct 14 14:07:04 pluto[4905] added connection description "Zweigstelle" Oct 14 14:07:04 ipsec__plutorun 002 loaded host cert file '/etc/ipsec/ipsec.d/certs/Zweigstellecert.pem' (1269 bytes) Oct 14 14:07:04 ipsec__plutorun 002 added connection description "Zweigstelle" Oct 14 14:07:04 pluto[4905] listening for IKE messages Oct 14 14:07:04 pluto[4905] NAT-Traversal: Trying new style NAT-T Oct 14 14:07:04 pluto[4905] adding interface ipsec0/eth2 XXX.XXX.XXX.31:500 Oct 14 14:07:04 pluto[4905] adding interface ipsec0/eth2 XXX.XXX.XXX.31:4500 Oct 14 14:07:04 pluto[4905] loading secrets from "/etc/ipsec/ipsec.secrets" Oct 14 14:07:04 pluto[4905] loaded private key file '/etc/ipsec/ipsec.d/certs/hostkey.pem' (887 bytes) Oct 14 14:07:04 pluto[4905] loaded private key for keyid: PPK_RSA:AwEAAdwtb Oct 14 14:07:04 ipsec__plutorun: 003 NAT-Traversal Trying new style NAT-T Oct 14 14:07:04 pluto[4905] "Zweigstelle" #1: initiating Main Mode Oct 14 14:07:04 ipsec__plutorun: 104 "Zweigstelle" #1: STATE_MAIN_I1 initiate Oct 14 14:07:05 pluto[4905] "Zweigstelle" #1: ERROR: asynchronous network error report on eth2 (sport=500) for message to YYY.YYY.YYY.221 port 500, complainant XXX.XXX.XXX.31: No route to host [errno 113, origin ICMP type 3 code 1 (not authenticated)] Oct 14 14:07:15 pluto[4905] "Zweigstelle" #1: ERROR: asynchronous network error report on eth2 (sport=500) for message to YYY.YYY.YYY.221 port 500, complainant XXX.XXX.XXX.31: No route to host [errno 113, origin ICMP type 3 code 1 (not authenticated)] Oct 14 14:07:35 pluto[4905] "Zweigstelle" #1: ERROR: asynchronous network error report on eth2 (sport=500) for message to YYY.YYY.YYY.221 port 500, complainant XXX.XXX.XXX.31: No route to host [errno 113, origin ICMP type 3 code 1 (not authenticated)] Oct 14 14:08:17 pluto[4905] "Zweigstelle" #1: ERROR: asynchronous network error report on eth2 (sport=500) for message to YYY.YYY.YYY.221 port 500, complainant XXX.XXX.XXX.31: No route to host [errno 113, origin ICMP type 3 code 1 (not authenticated)] Oct 14 14:08:36 ipsec_setup Stopping Openswan IPsec... Oct 14 14:08:36 pluto[4905] shutting down Oct 14 14:08:36 pluto[4905] forgetting secrets Oct 14 14:08:36 pluto[4905] "Zweigstelle": deleting connection Oct 14 14:08:36 pluto[4905] "Zweigstelle" #1: deleting state (STATE_MAIN_I1) Oct 14 14:08:37 pluto[4905] shutting down interface ipsec0/eth2 XXX.XXX.XXX.31:4500 Oct 14 14:08:37 pluto[4905] shutting down interface ipsec0/eth2 XXX.XXX.XXX.31:500 Oct 14 14:08:38 pluto[4913] pluto_crypto_helper: helper (0) is normal exiting Oct 14 14:08:39 ipsec_setup ...Openswan IPsec stopped Oct 14 14:08:39 ipsec_setup Starting Openswan IPsec 2.6.24... Oct 14 14:08:39 ipsec_setup Using KLIPS/legacy stack Oct 14 14:08:41 ipsec_setup KLIPS debug `none' Oct 14 14:08:41 ipsec_setup KLIPS ipsec0 on eth2 XXX.XXX.XXX.31/255.255.255.192 broadcast XXX.XXX.XXX.63 Oct 14 14:08:41 ipsec__plutorun Starting Pluto subsystem... Oct 14 14:08:42 ipsec__plutorun adjusting ipsec.d to /etc/ipsec/ipsec.d Oct 14 14:08:42 pluto[5551] Starting Pluto (Openswan Version 2.6.24; Vendor ID OEU}`hAnwstx) pid:5551 Oct 14 14:08:42 pluto[5551] Setting NAT-Traversal port-4500 floating to on Oct 14 14:08:42 pluto[5551] port floating activation criteria nat_t=1/port_float=1 Oct 14 14:08:42 pluto[5551] NAT-Traversal support [enabled] Oct 14 14:08:42 pluto[5551] using /dev/urandom as source of random entropy Oct 14 14:08:42 pluto[5551] ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC_SSH: Ok (ret=0) Oct 14 14:08:42 pluto[5551] ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC: Ok (ret=0) Oct 14 14:08:42 pluto[5551] ike_alg_register_enc(): Activating OAKLEY_SERPENT_CBC: Ok (ret=0) Oct 14 14:08:42 pluto[5551] ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0) Oct 14 14:08:42 pluto[5551] ike_alg_register_enc(): Activating OAKLEY_BLOWFISH_CBC: Ok (ret=0) Oct 14 14:08:42 pluto[5551] ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok (ret=0) Oct 14 14:08:42 pluto[5551] ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok (ret=0) Oct 14 14:08:42 pluto[5551] starting up 1 cryptographic helpers Oct 14 14:08:42 pluto[5557] using /dev/urandom as source of random entropy Oct 14 14:08:42 ipsec_setup ...Openswan IPsec started Oct 14 14:08:42 pluto[5551] started helper pid=5557 (fd:5) Oct 14 14:08:42 pluto[5551] Using KLIPS IPsec interface code on 2.6.27.19-72.e25 Oct 14 14:08:42 pluto[5551] Changed path to directory '/etc/ipsec/ipsec.d/cacerts' Oct 14 14:08:42 pluto[5551] loaded CA cert file 'cacert.pem' (1269 bytes) Oct 14 14:08:42 pluto[5551] Could not change to directory '/etc/ipsec/ipsec.d/aacerts': / Oct 14 14:08:42 pluto[5551] Could not change to directory '/etc/ipsec/ipsec.d/ocspcerts': / Oct 14 14:08:42 pluto[5551] Changing to directory '/etc/ipsec/ipsec.d/crls' Oct 14 14:08:42 pluto[5551] Warning: empty directory Oct 14 14:08:42 pluto[5551] loading certificate from hostcert.pem Oct 14 14:08:42 pluto[5551] loaded host cert file '/etc/ipsec/ipsec.d/certs/hostcert.pem' (1143 bytes) Oct 14 14:08:42 pluto[5551] loading certificate from Zweigstellecert.pem Oct 14 14:08:42 pluto[5551] loaded host cert file '/etc/ipsec/ipsec.d/certs/Zweigstellecert.pem' (1269 bytes) Oct 14 14:08:42 pluto[5551] added connection description "Zweigstelle" Oct 14 14:08:42 ipsec__plutorun 002 loading certificate from hostcert.pem Oct 14 14:08:42 ipsec__plutorun 002 loaded host cert file '/etc/ipsec/ipsec.d/certs/hostcert.pem' (1143 bytes) Oct 14 14:08:42 ipsec__plutorun 002 loading certificate from Zweigstellecert.pem Oct 14 14:08:42 ipsec__plutorun 002 loaded host cert file '/etc/ipsec/ipsec.d/certs/Zweigstellecert.pem' (1269 bytes) Oct 14 14:08:42 ipsec__plutorun 002 added connection description "Zweigstelle" Oct 14 14:08:42 pluto[5551] listening for IKE messages Oct 14 14:08:42 pluto[5551] NAT-Traversal: Trying new style NAT-T Oct 14 14:08:42 pluto[5551] adding interface ipsec0/eth2 XXX.XXX.XXX.31:500 Oct 14 14:08:42 pluto[5551] adding interface ipsec0/eth2 XXX.XXX.XXX.31:4500 Oct 14 14:08:42 pluto[5551] loading secrets from "/etc/ipsec/ipsec.secrets" Oct 14 14:08:42 pluto[5551] loaded private key file '/etc/ipsec/ipsec.d/certs/hostkey.pem' (887 bytes) Oct 14 14:08:42 pluto[5551] loaded private key for keyid: PPK_RSA:AwEAAdwtb Oct 14 14:08:42 ipsec__plutorun: 003 NAT-Traversal Trying new style NAT-T Oct 14 14:08:43 pluto[5551] "Zweigstelle" #1: initiating Main Mode Oct 14 14:08:43 ipsec__plutorun: 104 "Zweigstelle" #1: STATE_MAIN_I1 initiate Oct 14 14:08:46 pluto[5551] "Zweigstelle" #1: ERROR: asynchronous network error report on eth2 (sport=500) for message to YYY.YYY.YYY.221 port 500, complainant XXX.XXX.XXX.31: No route to host [errno 113, origin ICMP type 3 code 1 (not authenticated)] Oct 14 14:08:56 pluto[5551] "Zweigstelle" #1: ERROR: asynchronous network error report on eth2 (sport=500) for message to YYY.YYY.YYY.221 port 500, complainant XXX.XXX.XXX.31: No route to host [errno 113, origin ICMP type 3 code 1 (not authenticated)] Oct 14 14:09:16 pluto[5551] "Zweigstelle" #1: ERROR: asynchronous network error report on eth2 (sport=500) for message to YYY.YYY.YYY.221 port 500, complainant XXX.XXX.XXX.31: No route to host [errno 113, origin ICMP type 3 code 1 (not authenticated)] Oct 14 14:09:56 pluto[5551] "Zweigstelle" #1: ERROR: asynchronous network error report on eth2 (sport=500) for message to YYY.YYY.YYY.221 port 500, complainant XXX.XXX.XXX.31: No route to host [errno 113, origin ICMP type 3 code 1 (not authenticated)] Oct 14 14:10:36 pluto[5551] "Zweigstelle" #1: ERROR: asynchronous network error report on eth2 (sport=500) for message to YYY.YYY.YYY.221 port 500, complainant XXX.XXX.XXX.31: No route to host [errno 113, origin ICMP type 3 code 1 (not authenticated)] Oct 14 14:11:16 pluto[5551] "Zweigstelle" #1: ERROR: asynchronous network error report on eth2 (sport=500) for message to YYY.YYY.YYY.221 port 500, complainant XXX.XXX.XXX.31: No route to host [errno 113, origin ICMP type 3 code 1 (not authenticated)] Oct 14 14:11:56 pluto[5551] "Zweigstelle" #1: ERROR: asynchronous network error report on eth2 (sport=500) for message to YYY.YYY.YYY.221 port 500, complainant XXX.XXX.XXX.31: No route to host [errno 113, origin ICMP type 3 code 1 (not authenticated)] Oct 14 14:12:36 pluto[5551] "Zweigstelle" #1: ERROR: asynchronous network error report on eth2 (sport=500) for message to YYY.YYY.YYY.221 port 500, complainant XXX.XXX.XXX.31: No route to host [errno 113, origin ICMP type 3 code 1 (not authenticated)] Oct 14 14:13:16 pluto[5551] "Zweigstelle" #1: ERROR: asynchronous network error report on eth2 (sport=500) for message to YYY.YYY.YYY.221 port 500, complainant XXX.XXX.XXX.31: No route to host [errno 113, origin ICMP type 3 code 1 (not authenticated)] Oct 14 14:13:56 pluto[5551] "Zweigstelle" #1: ERROR: asynchronous network error report on eth2 (sport=500) for message to YYY.YYY.YYY.221 port 500, complainant XXX.XXX.XXX.31: No route to host [errno 113, origin ICMP type 3 code 1 (not authenticated)] Oct 14 14:15:12 pluto[5551] forgetting secrets Oct 14 14:15:12 pluto[5551] "Zweigstelle": deleting connection Oct 14 14:15:12 pluto[5551] "Zweigstelle" #1: deleting state (STATE_MAIN_I1) Oct 14 14:41:20 ipsec_setup Stopping Openswan IPsec... Oct 14 14:41:20 ipsec_setup stop ordered, but IPsec appears to be already stopped! Oct 14 14:41:20 ipsec_setup doing cleanup anyway... Oct 14 14:41:20 ipsec_setup ...Openswan IPsec stopped Oct 14 14:41:20 ipsec_setup Starting Openswan IPsec 2.6.24... Oct 14 14:41:21 ipsec_setup Using KLIPS/legacy stack Oct 14 14:41:23 ipsec_setup KLIPS debug `none' Oct 14 14:41:24 ipsec_setup KLIPS ipsec0 on eth2 XXX.XXX.XXX.31/255.255.255.192 broadcast XXX.XXX.XXX.63 Oct 14 14:41:24 ipsec__plutorun Starting Pluto subsystem... Oct 14 14:41:24 ipsec_setup ...Openswan IPsec started Oct 14 14:41:24 ipsec__plutorun adjusting ipsec.d to /etc/ipsec/ipsec.d Oct 14 14:41:24 pluto[4957] Starting Pluto (Openswan Version 2.6.24; Vendor ID OEU}`hAnwstx) pid:4957 Oct 14 14:41:24 pluto[4957] Setting NAT-Traversal port-4500 floating to on Oct 14 14:41:24 pluto[4957] port floating activation criteria nat_t=1/port_float=1 Oct 14 14:41:24 pluto[4957] NAT-Traversal support [enabled] Oct 14 14:41:24 pluto[4957] using /dev/urandom as source of random entropy Oct 14 14:41:24 pluto[4957] ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC_SSH: Ok (ret=0) Oct 14 14:41:24 pluto[4957] ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC: Ok (ret=0) Oct 14 14:41:24 pluto[4957] ike_alg_register_enc(): Activating OAKLEY_SERPENT_CBC: Ok (ret=0) Oct 14 14:41:24 pluto[4957] ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0) Oct 14 14:41:24 pluto[4957] ike_alg_register_enc(): Activating OAKLEY_BLOWFISH_CBC: Ok (ret=0) Oct 14 14:41:24 pluto[4957] ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok (ret=0) Oct 14 14:41:24 pluto[4957] ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok (ret=0) Oct 14 14:41:24 pluto[4957] starting up 1 cryptographic helpers Oct 14 14:41:24 pluto[4964] using /dev/urandom as source of random entropy Oct 14 14:41:24 pluto[4957] started helper pid=4964 (fd:5) Oct 14 14:41:24 pluto[4957] Using KLIPS IPsec interface code on 2.6.27.19-72.e25 Oct 14 14:41:24 pluto[4957] Changed path to directory '/etc/ipsec/ipsec.d/cacerts' Oct 14 14:41:24 pluto[4957] loaded CA cert file 'cacert.pem' (1269 bytes) Oct 14 14:41:24 pluto[4957] Could not change to directory '/etc/ipsec/ipsec.d/aacerts': / Oct 14 14:41:24 pluto[4957] Could not change to directory '/etc/ipsec/ipsec.d/ocspcerts': / Oct 14 14:41:24 pluto[4957] Changing to directory '/etc/ipsec/ipsec.d/crls' Oct 14 14:41:24 pluto[4957] Warning: empty directory Oct 14 14:41:24 pluto[4957] loading certificate from hostcert.pem Oct 14 14:41:24 ipsec__plutorun 002 loading certificate from hostcert.pem Oct 14 14:41:24 pluto[4957] loaded host cert file '/etc/ipsec/ipsec.d/certs/hostcert.pem' (1143 bytes) Oct 14 14:41:24 pluto[4957] loading certificate from Zweigstellecert.pem Oct 14 14:41:24 ipsec__plutorun 002 loaded host cert file '/etc/ipsec/ipsec.d/certs/hostcert.pem' (1143 bytes) Oct 14 14:41:24 ipsec__plutorun 002 loading certificate from Zweigstellecert.pem Oct 14 14:41:24 pluto[4957] loaded host cert file '/etc/ipsec/ipsec.d/certs/Zweigstellecert.pem' (1269 bytes) Oct 14 14:41:24 pluto[4957] added connection description "Zweigstelle" Oct 14 14:41:24 ipsec__plutorun 002 loaded host cert file '/etc/ipsec/ipsec.d/certs/Zweigstellecert.pem' (1269 bytes) Oct 14 14:41:24 ipsec__plutorun 002 added connection description "Zweigstelle" Oct 14 14:41:24 pluto[4957] listening for IKE messages Oct 14 14:41:24 pluto[4957] NAT-Traversal: Trying new style NAT-T Oct 14 14:41:24 pluto[4957] adding interface ipsec0/eth2 XXX.XXX.XXX.31:500 Oct 14 14:41:24 pluto[4957] adding interface ipsec0/eth2 XXX.XXX.XXX.31:4500 Oct 14 14:41:24 pluto[4957] loading secrets from "/etc/ipsec/ipsec.secrets" Oct 14 14:41:24 pluto[4957] loaded private key file '/etc/ipsec/ipsec.d/certs/hostkey.pem' (887 bytes) Oct 14 14:41:24 pluto[4957] loaded private key for keyid: PPK_RSA:AwEAAdwtb Oct 14 14:41:24 ipsec__plutorun: 003 NAT-Traversal Trying new style NAT-T Oct 14 14:41:25 pluto[4957] "Zweigstelle" #1: initiating Main Mode Oct 14 14:41:25 ipsec__plutorun: 104 "Zweigstelle" #1: STATE_MAIN_I1 initiate Oct 14 14:41:25 pluto[4957] "Zweigstelle" #1: received Vendor ID payload [RFC 3947] method set to=109 Oct 14 14:41:25 pluto[4957] "Zweigstelle" #1: received Vendor ID payload [Dead Peer Detection] Oct 14 14:41:25 pluto[4957] "Zweigstelle" #1: enabling possible NAT-traversal with method 4 Oct 14 14:41:25 pluto[4957] "Zweigstelle" #1: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2 Oct 14 14:41:25 pluto[4957] "Zweigstelle" #1: STATE_MAIN_I2: sent MI2, expecting MR2 Oct 14 14:41:26 pluto[4957] "Zweigstelle" #1: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected Oct 14 14:41:26 pluto[4957] "Zweigstelle" #1: I am sending my cert Oct 14 14:41:26 pluto[4957] "Zweigstelle" #1: I am sending a certificate request Oct 14 14:41:26 pluto[4957] "Zweigstelle" #1: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3 Oct 14 14:41:26 pluto[4957] "Zweigstelle" #1: STATE_MAIN_I3: sent MI3, expecting MR3 Oct 14 14:41:26 pluto[4957] "Zweigstelle" #1: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 14:41:26 pluto[4957] "Zweigstelle" #1: received and ignored informational message Oct 14 14:41:35 pluto[4957] "Zweigstelle" #1: discarding duplicate packet; already STATE_MAIN_I3 Oct 14 14:41:36 pluto[4957] "Zweigstelle" #1: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 14:41:36 pluto[4957] "Zweigstelle" #1: received and ignored informational message Oct 14 14:41:55 pluto[4957] "Zweigstelle" #1: discarding duplicate packet; already STATE_MAIN_I3 Oct 14 14:41:56 pluto[4957] "Zweigstelle" #1: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 14:41:56 pluto[4957] "Zweigstelle" #1: received and ignored informational message Oct 14 14:41:58 pluto[4957] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [RFC 3947] method set to=109 Oct 14 14:41:58 pluto[4957] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 109 Oct 14 14:41:58 pluto[4957] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 109 Oct 14 14:41:58 pluto[4957] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00] Oct 14 14:41:58 pluto[4957] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [Dead Peer Detection] Oct 14 14:41:58 pluto[4957] "Zweigstelle" #2: responding to Main Mode Oct 14 14:41:58 pluto[4957] "Zweigstelle" #2: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 Oct 14 14:41:58 pluto[4957] "Zweigstelle" #2: STATE_MAIN_R1: sent MR1, expecting MI2 Oct 14 14:41:58 pluto[4957] "Zweigstelle" #2: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected Oct 14 14:41:58 pluto[4957] "Zweigstelle" #2: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2 Oct 14 14:41:58 pluto[4957] "Zweigstelle" #2: STATE_MAIN_R2: sent MR2, expecting MI3 Oct 14 14:41:59 pluto[4957] "Zweigstelle" #2: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 14:41:59 pluto[4957] "Zweigstelle" #2: issuer cacert not found Oct 14 14:41:59 pluto[4957] "Zweigstelle" #2: X.509 certificate rejected Oct 14 14:41:59 pluto[4957] "Zweigstelle" #2: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 14:41:59 pluto[4957] "Zweigstelle" #2: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 14:42:08 pluto[4957] "Zweigstelle" #2: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 14:42:08 pluto[4957] "Zweigstelle" #2: issuer cacert not found Oct 14 14:42:08 pluto[4957] "Zweigstelle" #2: X.509 certificate rejected Oct 14 14:42:08 pluto[4957] "Zweigstelle" #2: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 14:42:08 pluto[4957] "Zweigstelle" #2: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 14:42:22 pluto[4957] initiate on demand from 192.168.200.11:0 to 192.168.210.201:0 proto=0 state: fos_start because: acquire Oct 14 14:42:28 pluto[4957] "Zweigstelle" #2: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 14:42:28 pluto[4957] "Zweigstelle" #2: issuer cacert not found Oct 14 14:42:28 pluto[4957] "Zweigstelle" #2: X.509 certificate rejected Oct 14 14:42:28 pluto[4957] "Zweigstelle" #2: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 14:42:28 pluto[4957] "Zweigstelle" #2: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 14:42:36 pluto[4957] "Zweigstelle" #1: max number of retransmissions (2) reached STATE_MAIN_I3. Possible authentication failure: no acceptable response to our first encrypted message Oct 14 14:42:36 pluto[4957] "Zweigstelle" #1: starting keying attempt 2 of an unlimited number Oct 14 14:42:36 pluto[4957] "Zweigstelle" #3: initiating Main Mode to replace #1 Oct 14 14:42:36 pluto[4957] "Zweigstelle" #3: received Vendor ID payload [RFC 3947] method set to=109 Oct 14 14:42:36 pluto[4957] "Zweigstelle" #3: received Vendor ID payload [Dead Peer Detection] Oct 14 14:42:36 pluto[4957] "Zweigstelle" #3: enabling possible NAT-traversal with method 4 Oct 14 14:42:36 pluto[4957] "Zweigstelle" #3: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2 Oct 14 14:42:36 pluto[4957] "Zweigstelle" #3: STATE_MAIN_I2: sent MI2, expecting MR2 Oct 14 14:42:37 pluto[4957] "Zweigstelle" #3: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected Oct 14 14:42:37 pluto[4957] "Zweigstelle" #3: I am sending my cert Oct 14 14:42:37 pluto[4957] "Zweigstelle" #3: I am sending a certificate request Oct 14 14:42:37 pluto[4957] "Zweigstelle" #3: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3 Oct 14 14:42:37 pluto[4957] "Zweigstelle" #3: STATE_MAIN_I3: sent MI3, expecting MR3 Oct 14 14:42:37 pluto[4957] "Zweigstelle" #3: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 14:42:37 pluto[4957] "Zweigstelle" #3: received and ignored informational message Oct 14 14:42:42 ipsec_setup Stopping Openswan IPsec... Oct 14 14:42:42 pluto[4957] shutting down Oct 14 14:42:42 pluto[4957] forgetting secrets Oct 14 14:42:42 pluto[4957] "Zweigstelle": deleting connection Oct 14 14:42:42 pluto[4957] "Zweigstelle" #3: deleting state (STATE_MAIN_I3) Oct 14 14:42:42 pluto[4957] "Zweigstelle" #2: deleting state (STATE_MAIN_R2) Oct 14 14:42:42 pluto[4957] shutting down interface ipsec0/eth2 XXX.XXX.XXX.31:4500 Oct 14 14:42:42 pluto[4957] shutting down interface ipsec0/eth2 XXX.XXX.XXX.31:500 Oct 14 14:42:43 pluto[4964] pluto_crypto_helper: helper (0) is normal exiting Oct 14 14:42:45 ipsec_setup ...Openswan IPsec stopped Oct 14 14:42:45 ipsec_setup Starting Openswan IPsec 2.6.24... Oct 14 14:42:45 ipsec_setup Using KLIPS/legacy stack Oct 14 14:42:47 ipsec_setup KLIPS debug `none' Oct 14 14:42:47 ipsec_setup KLIPS ipsec0 on eth2 XXX.XXX.XXX.31/255.255.255.192 broadcast XXX.XXX.XXX.63 Oct 14 14:42:47 ipsec__plutorun Starting Pluto subsystem... Oct 14 14:42:47 pluto[5568] Starting Pluto (Openswan Version 2.6.24; Vendor ID OEU}`hAnwstx) pid:5568 Oct 14 14:42:47 pluto[5568] Setting NAT-Traversal port-4500 floating to on Oct 14 14:42:47 ipsec__plutorun adjusting ipsec.d to /etc/ipsec/ipsec.d Oct 14 14:42:47 pluto[5568] port floating activation criteria nat_t=1/port_float=1 Oct 14 14:42:47 pluto[5568] NAT-Traversal support [enabled] Oct 14 14:42:47 pluto[5568] using /dev/urandom as source of random entropy Oct 14 14:42:47 pluto[5568] ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC_SSH: Ok (ret=0) Oct 14 14:42:47 pluto[5568] ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC: Ok (ret=0) Oct 14 14:42:47 pluto[5568] ike_alg_register_enc(): Activating OAKLEY_SERPENT_CBC: Ok (ret=0) Oct 14 14:42:47 pluto[5568] ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0) Oct 14 14:42:47 pluto[5568] ike_alg_register_enc(): Activating OAKLEY_BLOWFISH_CBC: Ok (ret=0) Oct 14 14:42:47 pluto[5568] ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok (ret=0) Oct 14 14:42:47 pluto[5568] ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok (ret=0) Oct 14 14:42:47 pluto[5568] starting up 1 cryptographic helpers Oct 14 14:42:47 pluto[5574] using /dev/urandom as source of random entropy Oct 14 14:42:47 ipsec_setup ...Openswan IPsec started Oct 14 14:42:47 pluto[5568] started helper pid=5574 (fd:5) Oct 14 14:42:47 pluto[5568] Using KLIPS IPsec interface code on 2.6.27.19-72.e25 Oct 14 14:42:47 pluto[5568] Changed path to directory '/etc/ipsec/ipsec.d/cacerts' Oct 14 14:42:47 pluto[5568] loaded CA cert file 'cacert.pem' (1269 bytes) Oct 14 14:42:47 pluto[5568] Could not change to directory '/etc/ipsec/ipsec.d/aacerts': / Oct 14 14:42:47 pluto[5568] Could not change to directory '/etc/ipsec/ipsec.d/ocspcerts': / Oct 14 14:42:47 pluto[5568] Changing to directory '/etc/ipsec/ipsec.d/crls' Oct 14 14:42:47 pluto[5568] Warning: empty directory Oct 14 14:42:47 pluto[5568] loading certificate from hostcert.pem Oct 14 14:42:47 pluto[5568] loaded host cert file '/etc/ipsec/ipsec.d/certs/hostcert.pem' (1143 bytes) Oct 14 14:42:47 pluto[5568] loading certificate from Zweigstellecert.pem Oct 14 14:42:47 pluto[5568] loaded host cert file '/etc/ipsec/ipsec.d/certs/Zweigstellecert.pem' (1269 bytes) Oct 14 14:42:47 pluto[5568] added connection description "Zweigstelle" Oct 14 14:42:47 ipsec__plutorun 002 loading certificate from hostcert.pem Oct 14 14:42:47 ipsec__plutorun 002 loaded host cert file '/etc/ipsec/ipsec.d/certs/hostcert.pem' (1143 bytes) Oct 14 14:42:47 ipsec__plutorun 002 loading certificate from Zweigstellecert.pem Oct 14 14:42:47 ipsec__plutorun 002 loaded host cert file '/etc/ipsec/ipsec.d/certs/Zweigstellecert.pem' (1269 bytes) Oct 14 14:42:47 ipsec__plutorun 002 added connection description "Zweigstelle" Oct 14 14:42:48 pluto[5568] listening for IKE messages Oct 14 14:42:48 pluto[5568] NAT-Traversal: Trying new style NAT-T Oct 14 14:42:48 pluto[5568] adding interface ipsec0/eth2 XXX.XXX.XXX.31:500 Oct 14 14:42:48 pluto[5568] adding interface ipsec0/eth2 XXX.XXX.XXX.31:4500 Oct 14 14:42:48 pluto[5568] loading secrets from "/etc/ipsec/ipsec.secrets" Oct 14 14:42:48 pluto[5568] loaded private key file '/etc/ipsec/ipsec.d/certs/hostkey.pem' (887 bytes) Oct 14 14:42:48 pluto[5568] loaded private key for keyid: PPK_RSA:AwEAAdwtb Oct 14 14:42:48 ipsec__plutorun: 003 NAT-Traversal Trying new style NAT-T Oct 14 14:42:48 pluto[5568] "Zweigstelle" #1: initiating Main Mode Oct 14 14:42:48 ipsec__plutorun: 104 "Zweigstelle" #1: STATE_MAIN_I1 initiate Oct 14 14:42:48 pluto[5568] "Zweigstelle" #1: received Vendor ID payload [RFC 3947] method set to=109 Oct 14 14:42:48 pluto[5568] "Zweigstelle" #1: received Vendor ID payload [Dead Peer Detection] Oct 14 14:42:48 pluto[5568] "Zweigstelle" #1: enabling possible NAT-traversal with method 4 Oct 14 14:42:48 pluto[5568] "Zweigstelle" #1: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2 Oct 14 14:42:48 pluto[5568] "Zweigstelle" #1: STATE_MAIN_I2: sent MI2, expecting MR2 Oct 14 14:42:49 pluto[5568] "Zweigstelle" #1: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected Oct 14 14:42:49 pluto[5568] "Zweigstelle" #1: I am sending my cert Oct 14 14:42:49 pluto[5568] "Zweigstelle" #1: I am sending a certificate request Oct 14 14:42:49 pluto[5568] "Zweigstelle" #1: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3 Oct 14 14:42:49 pluto[5568] "Zweigstelle" #1: STATE_MAIN_I3: sent MI3, expecting MR3 Oct 14 14:42:49 pluto[5568] "Zweigstelle" #1: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 14:42:49 pluto[5568] "Zweigstelle" #1: received and ignored informational message Oct 14 14:42:59 pluto[5568] "Zweigstelle" #1: discarding duplicate packet; already STATE_MAIN_I3 Oct 14 14:42:59 pluto[5568] "Zweigstelle" #1: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 14:42:59 pluto[5568] "Zweigstelle" #1: received and ignored informational message Oct 14 14:43:06 pluto[5568] packet from YYY.YYY.YYY.221:500: phase 1 message is part of an unknown exchange Oct 14 14:43:08 pluto[5568] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [RFC 3947] method set to=109 Oct 14 14:43:08 pluto[5568] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 109 Oct 14 14:43:08 pluto[5568] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 109 Oct 14 14:43:08 pluto[5568] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00] Oct 14 14:43:08 pluto[5568] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [Dead Peer Detection] Oct 14 14:43:08 pluto[5568] "Zweigstelle" #2: responding to Main Mode Oct 14 14:43:08 pluto[5568] "Zweigstelle" #2: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 Oct 14 14:43:08 pluto[5568] "Zweigstelle" #2: STATE_MAIN_R1: sent MR1, expecting MI2 Oct 14 14:43:08 pluto[5568] "Zweigstelle" #2: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected Oct 14 14:43:08 pluto[5568] "Zweigstelle" #2: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2 Oct 14 14:43:08 pluto[5568] "Zweigstelle" #2: STATE_MAIN_R2: sent MR2, expecting MI3 Oct 14 14:43:08 pluto[5568] "Zweigstelle" #2: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 14:43:08 pluto[5568] "Zweigstelle" #2: issuer cacert not found Oct 14 14:43:08 pluto[5568] "Zweigstelle" #2: X.509 certificate rejected Oct 14 14:43:08 pluto[5568] "Zweigstelle" #2: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 14:43:08 pluto[5568] "Zweigstelle" #2: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 14:43:18 pluto[5568] "Zweigstelle" #2: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 14:43:18 pluto[5568] "Zweigstelle" #2: issuer cacert not found Oct 14 14:43:18 pluto[5568] "Zweigstelle" #2: X.509 certificate rejected Oct 14 14:43:18 pluto[5568] "Zweigstelle" #2: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 14:43:18 pluto[5568] "Zweigstelle" #2: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 14:43:19 pluto[5568] "Zweigstelle" #1: discarding duplicate packet; already STATE_MAIN_I3 Oct 14 14:43:19 pluto[5568] "Zweigstelle" #1: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 14:43:19 pluto[5568] "Zweigstelle" #1: received and ignored informational message Oct 14 14:43:38 pluto[5568] "Zweigstelle" #2: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 14:43:38 pluto[5568] "Zweigstelle" #2: issuer cacert not found Oct 14 14:43:38 pluto[5568] "Zweigstelle" #2: X.509 certificate rejected Oct 14 14:43:38 pluto[5568] "Zweigstelle" #2: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 14:43:38 pluto[5568] "Zweigstelle" #2: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 14:43:59 pluto[5568] "Zweigstelle" #1: max number of retransmissions (2) reached STATE_MAIN_I3. Possible authentication failure: no acceptable response to our first encrypted message Oct 14 14:43:59 pluto[5568] "Zweigstelle" #1: starting keying attempt 2 of an unlimited number Oct 14 14:43:59 pluto[5568] "Zweigstelle" #3: initiating Main Mode to replace #1 Oct 14 14:43:59 pluto[5568] "Zweigstelle" #3: received Vendor ID payload [RFC 3947] method set to=109 Oct 14 14:43:59 pluto[5568] "Zweigstelle" #3: received Vendor ID payload [Dead Peer Detection] Oct 14 14:43:59 pluto[5568] "Zweigstelle" #3: enabling possible NAT-traversal with method 4 Oct 14 14:43:59 pluto[5568] "Zweigstelle" #3: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2 Oct 14 14:43:59 pluto[5568] "Zweigstelle" #3: STATE_MAIN_I2: sent MI2, expecting MR2 Oct 14 14:43:59 pluto[5568] "Zweigstelle" #3: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected Oct 14 14:43:59 pluto[5568] "Zweigstelle" #3: I am sending my cert Oct 14 14:43:59 pluto[5568] "Zweigstelle" #3: I am sending a certificate request Oct 14 14:43:59 pluto[5568] "Zweigstelle" #3: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3 Oct 14 14:43:59 pluto[5568] "Zweigstelle" #3: STATE_MAIN_I3: sent MI3, expecting MR3 Oct 14 14:43:59 pluto[5568] "Zweigstelle" #3: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 14:43:59 pluto[5568] "Zweigstelle" #3: received and ignored informational message Oct 14 14:44:09 pluto[5568] "Zweigstelle" #3: discarding duplicate packet; already STATE_MAIN_I3 Oct 14 14:44:09 pluto[5568] "Zweigstelle" #3: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 14:44:09 pluto[5568] "Zweigstelle" #3: received and ignored informational message Oct 14 14:44:18 pluto[5568] "Zweigstelle" #2: max number of retransmissions (2) reached STATE_MAIN_R2 Oct 14 14:44:18 pluto[5568] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [RFC 3947] method set to=109 Oct 14 14:44:18 pluto[5568] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 109 Oct 14 14:44:18 pluto[5568] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 109 Oct 14 14:44:18 pluto[5568] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00] Oct 14 14:44:18 pluto[5568] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [Dead Peer Detection] Oct 14 14:44:18 pluto[5568] "Zweigstelle" #4: responding to Main Mode Oct 14 14:44:18 pluto[5568] "Zweigstelle" #4: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 Oct 14 14:44:18 pluto[5568] "Zweigstelle" #4: STATE_MAIN_R1: sent MR1, expecting MI2 Oct 14 14:44:18 pluto[5568] "Zweigstelle" #4: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected Oct 14 14:44:18 pluto[5568] "Zweigstelle" #4: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2 Oct 14 14:44:18 pluto[5568] "Zweigstelle" #4: STATE_MAIN_R2: sent MR2, expecting MI3 Oct 14 14:44:19 pluto[5568] "Zweigstelle" #4: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 14:44:19 pluto[5568] "Zweigstelle" #4: issuer cacert not found Oct 14 14:44:19 pluto[5568] "Zweigstelle" #4: X.509 certificate rejected Oct 14 14:44:19 pluto[5568] "Zweigstelle" #4: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 14:44:19 pluto[5568] "Zweigstelle" #4: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 14:44:22 pluto[5568] initiate on demand from 192.168.200.11:0 to 192.168.210.201:0 proto=0 state: fos_start because: acquire Oct 14 14:44:29 pluto[5568] "Zweigstelle" #4: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 14:44:29 pluto[5568] "Zweigstelle" #4: issuer cacert not found Oct 14 14:44:29 pluto[5568] "Zweigstelle" #4: X.509 certificate rejected Oct 14 14:44:29 pluto[5568] "Zweigstelle" #4: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 14:44:29 pluto[5568] "Zweigstelle" #4: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 14:44:29 pluto[5568] "Zweigstelle" #3: discarding duplicate packet; already STATE_MAIN_I3 Oct 14 14:44:29 pluto[5568] "Zweigstelle" #3: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 14:44:29 pluto[5568] "Zweigstelle" #3: received and ignored informational message Oct 14 14:44:49 pluto[5568] "Zweigstelle" #4: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 14:44:49 pluto[5568] "Zweigstelle" #4: issuer cacert not found Oct 14 14:44:49 pluto[5568] "Zweigstelle" #4: X.509 certificate rejected Oct 14 14:44:49 pluto[5568] "Zweigstelle" #4: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 14:44:49 pluto[5568] "Zweigstelle" #4: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 14:44:52 ipsec_setup Stopping Openswan IPsec... Oct 14 14:44:52 pluto[5568] shutting down Oct 14 14:44:52 pluto[5568] forgetting secrets Oct 14 14:44:52 pluto[5568] "Zweigstelle": deleting connection Oct 14 14:44:52 pluto[5568] "Zweigstelle" #4: deleting state (STATE_MAIN_R2) Oct 14 14:44:52 pluto[5568] "Zweigstelle" #3: deleting state (STATE_MAIN_I3) Oct 14 14:44:52 pluto[5568] shutting down interface ipsec0/eth2 XXX.XXX.XXX.31:4500 Oct 14 14:44:52 pluto[5568] shutting down interface ipsec0/eth2 XXX.XXX.XXX.31:500 Oct 14 14:44:53 pluto[5574] pluto_crypto_helper: helper (0) is normal exiting Oct 14 14:44:55 ipsec_setup ...Openswan IPsec stopped Oct 14 14:44:55 ipsec_setup Starting Openswan IPsec 2.6.24... Oct 14 14:44:55 ipsec_setup Using KLIPS/legacy stack Oct 14 14:44:56 ipsec_setup KLIPS debug `none' Oct 14 14:44:56 ipsec_setup KLIPS ipsec0 on eth2 XXX.XXX.XXX.31/255.255.255.192 broadcast XXX.XXX.XXX.63 Oct 14 14:44:56 ipsec__plutorun Starting Pluto subsystem... Oct 14 14:44:56 pluto[6297] Starting Pluto (Openswan Version 2.6.24; Vendor ID OEU}`hAnwstx) pid:6297 Oct 14 14:44:56 pluto[6297] Setting NAT-Traversal port-4500 floating to on Oct 14 14:44:56 pluto[6297] port floating activation criteria nat_t=1/port_float=1 Oct 14 14:44:56 pluto[6297] NAT-Traversal support [enabled] Oct 14 14:44:56 pluto[6297] using /dev/urandom as source of random entropy Oct 14 14:44:56 pluto[6297] ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC_SSH: Ok (ret=0) Oct 14 14:44:56 ipsec__plutorun adjusting ipsec.d to /etc/ipsec/ipsec.d Oct 14 14:44:56 pluto[6297] ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC: Ok (ret=0) Oct 14 14:44:56 pluto[6297] ike_alg_register_enc(): Activating OAKLEY_SERPENT_CBC: Ok (ret=0) Oct 14 14:44:56 pluto[6297] ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0) Oct 14 14:44:56 pluto[6297] ike_alg_register_enc(): Activating OAKLEY_BLOWFISH_CBC: Ok (ret=0) Oct 14 14:44:56 pluto[6297] ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok (ret=0) Oct 14 14:44:56 pluto[6297] ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok (ret=0) Oct 14 14:44:56 pluto[6297] starting up 1 cryptographic helpers Oct 14 14:44:56 pluto[6301] using /dev/urandom as source of random entropy Oct 14 14:44:56 pluto[6297] started helper pid=6301 (fd:5) Oct 14 14:44:56 pluto[6297] Using KLIPS IPsec interface code on 2.6.27.19-72.e25 Oct 14 14:44:56 ipsec_setup ...Openswan IPsec started Oct 14 14:44:56 pluto[6297] Changed path to directory '/etc/ipsec/ipsec.d/cacerts' Oct 14 14:44:56 pluto[6297] loaded CA cert file 'cacert.pem' (1269 bytes) Oct 14 14:44:56 pluto[6297] Could not change to directory '/etc/ipsec/ipsec.d/aacerts': /home/httpd/cgi-bin Oct 14 14:44:56 pluto[6297] Could not change to directory '/etc/ipsec/ipsec.d/ocspcerts': /home/httpd/cgi-bin Oct 14 14:44:56 pluto[6297] Changing to directory '/etc/ipsec/ipsec.d/crls' Oct 14 14:44:56 pluto[6297] Warning: empty directory Oct 14 14:44:56 pluto[6297] loading certificate from hostcert.pem Oct 14 14:44:56 pluto[6297] loaded host cert file '/etc/ipsec/ipsec.d/certs/hostcert.pem' (1143 bytes) Oct 14 14:44:56 pluto[6297] loading certificate from Zweigstellecert.pem Oct 14 14:44:56 pluto[6297] loaded host cert file '/etc/ipsec/ipsec.d/certs/Zweigstellecert.pem' (1269 bytes) Oct 14 14:44:56 pluto[6297] added connection description "Zweigstelle" Oct 14 14:44:56 ipsec__plutorun 002 loading certificate from hostcert.pem Oct 14 14:44:57 ipsec__plutorun 002 loaded host cert file '/etc/ipsec/ipsec.d/certs/hostcert.pem' (1143 bytes) Oct 14 14:44:57 ipsec__plutorun 002 loading certificate from Zweigstellecert.pem Oct 14 14:44:57 ipsec__plutorun 002 loaded host cert file '/etc/ipsec/ipsec.d/certs/Zweigstellecert.pem' (1269 bytes) Oct 14 14:44:57 ipsec__plutorun 002 added connection description "Zweigstelle" Oct 14 14:44:57 pluto[6297] listening for IKE messages Oct 14 14:44:57 pluto[6297] NAT-Traversal: Trying new style NAT-T Oct 14 14:44:57 pluto[6297] adding interface ipsec0/eth2 XXX.XXX.XXX.31:500 Oct 14 14:44:57 pluto[6297] adding interface ipsec0/eth2 XXX.XXX.XXX.31:4500 Oct 14 14:44:57 pluto[6297] loading secrets from "/etc/ipsec/ipsec.secrets" Oct 14 14:44:57 pluto[6297] loaded private key file '/etc/ipsec/ipsec.d/certs/hostkey.pem' (887 bytes) Oct 14 14:44:57 pluto[6297] loaded private key for keyid: PPK_RSA:AwEAAdwtb Oct 14 14:44:57 ipsec__plutorun: 003 NAT-Traversal Trying new style NAT-T Oct 14 14:44:57 pluto[6297] "Zweigstelle" #1: initiating Main Mode Oct 14 14:44:57 ipsec__plutorun: 104 "Zweigstelle" #1: STATE_MAIN_I1 initiate Oct 14 14:44:57 pluto[6297] "Zweigstelle" #1: received Vendor ID payload [RFC 3947] method set to=109 Oct 14 14:44:57 pluto[6297] "Zweigstelle" #1: received Vendor ID payload [Dead Peer Detection] Oct 14 14:44:57 pluto[6297] "Zweigstelle" #1: enabling possible NAT-traversal with method 4 Oct 14 14:44:57 pluto[6297] "Zweigstelle" #1: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2 Oct 14 14:44:57 pluto[6297] "Zweigstelle" #1: STATE_MAIN_I2: sent MI2, expecting MR2 Oct 14 14:44:58 pluto[6297] "Zweigstelle" #1: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected Oct 14 14:44:58 pluto[6297] "Zweigstelle" #1: I am sending my cert Oct 14 14:44:58 pluto[6297] "Zweigstelle" #1: I am sending a certificate request Oct 14 14:44:58 pluto[6297] "Zweigstelle" #1: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3 Oct 14 14:44:58 pluto[6297] "Zweigstelle" #1: STATE_MAIN_I3: sent MI3, expecting MR3 Oct 14 14:44:58 pluto[6297] "Zweigstelle" #1: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 14:44:58 pluto[6297] "Zweigstelle" #1: received and ignored informational message Oct 14 14:45:07 pluto[6297] "Zweigstelle" #1: discarding duplicate packet; already STATE_MAIN_I3 Oct 14 14:45:08 pluto[6297] "Zweigstelle" #1: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 14:45:08 pluto[6297] "Zweigstelle" #1: received and ignored informational message Oct 14 14:45:27 pluto[6297] "Zweigstelle" #1: discarding duplicate packet; already STATE_MAIN_I3 Oct 14 14:45:28 pluto[6297] "Zweigstelle" #1: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 14:45:28 pluto[6297] "Zweigstelle" #1: received and ignored informational message Oct 14 14:45:29 pluto[6297] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [RFC 3947] method set to=109 Oct 14 14:45:29 pluto[6297] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 109 Oct 14 14:45:29 pluto[6297] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 109 Oct 14 14:45:29 pluto[6297] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00] Oct 14 14:45:29 pluto[6297] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [Dead Peer Detection] Oct 14 14:45:29 pluto[6297] "Zweigstelle" #2: responding to Main Mode Oct 14 14:45:29 pluto[6297] "Zweigstelle" #2: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 Oct 14 14:45:29 pluto[6297] "Zweigstelle" #2: STATE_MAIN_R1: sent MR1, expecting MI2 Oct 14 14:45:29 pluto[6297] "Zweigstelle" #2: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected Oct 14 14:45:29 pluto[6297] "Zweigstelle" #2: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2 Oct 14 14:45:29 pluto[6297] "Zweigstelle" #2: STATE_MAIN_R2: sent MR2, expecting MI3 Oct 14 14:45:29 pluto[6297] "Zweigstelle" #2: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 14:45:29 pluto[6297] "Zweigstelle" #2: issuer cacert not found Oct 14 14:45:29 pluto[6297] "Zweigstelle" #2: X.509 certificate rejected Oct 14 14:45:29 pluto[6297] "Zweigstelle" #2: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 14:45:29 pluto[6297] "Zweigstelle" #2: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 14:45:39 pluto[6297] "Zweigstelle" #2: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 14:45:39 pluto[6297] "Zweigstelle" #2: issuer cacert not found Oct 14 14:45:39 pluto[6297] "Zweigstelle" #2: X.509 certificate rejected Oct 14 14:45:39 pluto[6297] "Zweigstelle" #2: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 14:45:39 pluto[6297] "Zweigstelle" #2: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 14:45:44 pluto[6297] initiate on demand from 192.168.200.12:0 to 192.168.210.248:0 proto=0 state: fos_start because: acquire Oct 14 14:45:59 pluto[6297] "Zweigstelle" #2: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 14:45:59 pluto[6297] "Zweigstelle" #2: issuer cacert not found Oct 14 14:45:59 pluto[6297] "Zweigstelle" #2: X.509 certificate rejected Oct 14 14:45:59 pluto[6297] "Zweigstelle" #2: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 14:45:59 pluto[6297] "Zweigstelle" #2: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 14:46:08 pluto[6297] "Zweigstelle" #1: max number of retransmissions (2) reached STATE_MAIN_I3. Possible authentication failure: no acceptable response to our first encrypted message Oct 14 14:46:08 pluto[6297] "Zweigstelle" #1: starting keying attempt 2 of an unlimited number Oct 14 14:46:08 pluto[6297] "Zweigstelle" #3: initiating Main Mode to replace #1 Oct 14 14:46:08 pluto[6297] "Zweigstelle" #3: received Vendor ID payload [RFC 3947] method set to=109 Oct 14 14:46:08 pluto[6297] "Zweigstelle" #3: received Vendor ID payload [Dead Peer Detection] Oct 14 14:46:08 pluto[6297] "Zweigstelle" #3: enabling possible NAT-traversal with method 4 Oct 14 14:46:08 pluto[6297] "Zweigstelle" #3: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2 Oct 14 14:46:08 pluto[6297] "Zweigstelle" #3: STATE_MAIN_I2: sent MI2, expecting MR2 Oct 14 14:46:08 pluto[6297] "Zweigstelle" #3: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected Oct 14 14:46:08 pluto[6297] "Zweigstelle" #3: I am sending my cert Oct 14 14:46:08 pluto[6297] "Zweigstelle" #3: I am sending a certificate request Oct 14 14:46:08 pluto[6297] "Zweigstelle" #3: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3 Oct 14 14:46:08 pluto[6297] "Zweigstelle" #3: STATE_MAIN_I3: sent MI3, expecting MR3 Oct 14 14:46:08 pluto[6297] "Zweigstelle" #3: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 14:46:08 pluto[6297] "Zweigstelle" #3: received and ignored informational message Oct 14 14:46:18 pluto[6297] "Zweigstelle" #3: discarding duplicate packet; already STATE_MAIN_I3 Oct 14 14:46:18 pluto[6297] "Zweigstelle" #3: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 14:46:18 pluto[6297] "Zweigstelle" #3: received and ignored informational message Oct 14 14:46:37 pluto[6297] "Zweigstelle" #3: discarding duplicate packet; already STATE_MAIN_I3 Oct 14 14:46:38 pluto[6297] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [RFC 3947] method set to=109 Oct 14 14:46:38 pluto[6297] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 109 Oct 14 14:46:38 pluto[6297] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 109 Oct 14 14:46:38 pluto[6297] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00] Oct 14 14:46:38 pluto[6297] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [Dead Peer Detection] Oct 14 14:46:38 pluto[6297] "Zweigstelle" #4: responding to Main Mode Oct 14 14:46:38 pluto[6297] "Zweigstelle" #4: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 Oct 14 14:46:38 pluto[6297] "Zweigstelle" #4: STATE_MAIN_R1: sent MR1, expecting MI2 Oct 14 14:46:39 pluto[6297] "Zweigstelle" #3: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 14:46:39 pluto[6297] "Zweigstelle" #3: received and ignored informational message Oct 14 14:46:39 pluto[6297] "Zweigstelle" #2: max number of retransmissions (2) reached STATE_MAIN_R2 Oct 14 14:46:39 pluto[6297] "Zweigstelle" #4: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected Oct 14 14:46:39 pluto[6297] "Zweigstelle" #4: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2 Oct 14 14:46:39 pluto[6297] "Zweigstelle" #4: STATE_MAIN_R2: sent MR2, expecting MI3 Oct 14 14:46:39 pluto[6297] "Zweigstelle" #4: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 14:46:39 pluto[6297] "Zweigstelle" #4: issuer cacert not found Oct 14 14:46:39 pluto[6297] "Zweigstelle" #4: X.509 certificate rejected Oct 14 14:46:39 pluto[6297] "Zweigstelle" #4: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 14:46:39 pluto[6297] "Zweigstelle" #4: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 14:46:49 pluto[6297] "Zweigstelle" #4: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 14:46:49 pluto[6297] "Zweigstelle" #4: issuer cacert not found Oct 14 14:46:49 pluto[6297] "Zweigstelle" #4: X.509 certificate rejected Oct 14 14:46:49 pluto[6297] "Zweigstelle" #4: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 14:46:49 pluto[6297] "Zweigstelle" #4: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 14:47:09 pluto[6297] "Zweigstelle" #4: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 14:47:09 pluto[6297] "Zweigstelle" #4: issuer cacert not found Oct 14 14:47:09 pluto[6297] "Zweigstelle" #4: X.509 certificate rejected Oct 14 14:47:09 pluto[6297] "Zweigstelle" #4: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 14:47:09 pluto[6297] "Zweigstelle" #4: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 14:47:18 pluto[6297] "Zweigstelle" #3: max number of retransmissions (2) reached STATE_MAIN_I3. Possible authentication failure: no acceptable response to our first encrypted message Oct 14 14:47:18 pluto[6297] "Zweigstelle" #3: starting keying attempt 3 of an unlimited number Oct 14 14:47:18 pluto[6297] "Zweigstelle" #5: initiating Main Mode to replace #3 Oct 14 14:47:18 pluto[6297] "Zweigstelle" #5: received Vendor ID payload [RFC 3947] method set to=109 Oct 14 14:47:18 pluto[6297] "Zweigstelle" #5: received Vendor ID payload [Dead Peer Detection] Oct 14 14:47:18 pluto[6297] "Zweigstelle" #5: enabling possible NAT-traversal with method 4 Oct 14 14:47:18 pluto[6297] "Zweigstelle" #5: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2 Oct 14 14:47:18 pluto[6297] "Zweigstelle" #5: STATE_MAIN_I2: sent MI2, expecting MR2 Oct 14 14:47:18 pluto[6297] "Zweigstelle" #5: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected Oct 14 14:47:18 pluto[6297] "Zweigstelle" #5: I am sending my cert Oct 14 14:47:18 pluto[6297] "Zweigstelle" #5: I am sending a certificate request Oct 14 14:47:18 pluto[6297] "Zweigstelle" #5: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3 Oct 14 14:47:18 pluto[6297] "Zweigstelle" #5: STATE_MAIN_I3: sent MI3, expecting MR3 Oct 14 14:47:18 pluto[6297] "Zweigstelle" #5: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 14:47:18 pluto[6297] "Zweigstelle" #5: received and ignored informational message Oct 14 14:47:28 pluto[6297] "Zweigstelle" #5: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 14:47:28 pluto[6297] "Zweigstelle" #5: received and ignored informational message Oct 14 14:47:28 pluto[6297] "Zweigstelle" #5: discarding duplicate packet; already STATE_MAIN_I3 Oct 14 14:47:48 pluto[6297] "Zweigstelle" #5: discarding duplicate packet; already STATE_MAIN_I3 Oct 14 14:47:48 pluto[6297] "Zweigstelle" #5: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 14:47:48 pluto[6297] "Zweigstelle" #5: received and ignored informational message Oct 14 14:47:49 pluto[6297] "Zweigstelle" #4: max number of retransmissions (2) reached STATE_MAIN_R2 Oct 14 14:47:49 pluto[6297] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [RFC 3947] method set to=109 Oct 14 14:47:49 pluto[6297] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 109 Oct 14 14:47:49 pluto[6297] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 109 Oct 14 14:47:49 pluto[6297] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00] Oct 14 14:47:49 pluto[6297] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [Dead Peer Detection] Oct 14 14:47:49 pluto[6297] "Zweigstelle" #6: responding to Main Mode Oct 14 14:47:49 pluto[6297] "Zweigstelle" #6: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 Oct 14 14:47:49 pluto[6297] "Zweigstelle" #6: STATE_MAIN_R1: sent MR1, expecting MI2 Oct 14 14:47:49 pluto[6297] "Zweigstelle" #6: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected Oct 14 14:47:49 pluto[6297] "Zweigstelle" #6: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2 Oct 14 14:47:49 pluto[6297] "Zweigstelle" #6: STATE_MAIN_R2: sent MR2, expecting MI3 Oct 14 14:47:50 pluto[6297] "Zweigstelle" #6: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 14:47:50 pluto[6297] "Zweigstelle" #6: issuer cacert not found Oct 14 14:47:50 pluto[6297] "Zweigstelle" #6: X.509 certificate rejected Oct 14 14:47:50 pluto[6297] "Zweigstelle" #6: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 14:47:50 pluto[6297] "Zweigstelle" #6: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 14:48:00 pluto[6297] "Zweigstelle" #6: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 14:48:00 pluto[6297] "Zweigstelle" #6: issuer cacert not found Oct 14 14:48:00 pluto[6297] "Zweigstelle" #6: X.509 certificate rejected Oct 14 14:48:00 pluto[6297] "Zweigstelle" #6: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 14:48:00 pluto[6297] "Zweigstelle" #6: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 14:48:20 pluto[6297] "Zweigstelle" #6: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 14:48:20 pluto[6297] "Zweigstelle" #6: issuer cacert not found Oct 14 14:48:20 pluto[6297] "Zweigstelle" #6: X.509 certificate rejected Oct 14 14:48:20 pluto[6297] "Zweigstelle" #6: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 14:48:20 pluto[6297] "Zweigstelle" #6: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 14:48:28 pluto[6297] "Zweigstelle" #5: max number of retransmissions (2) reached STATE_MAIN_I3. Possible authentication failure: no acceptable response to our first encrypted message Oct 14 14:48:28 pluto[6297] "Zweigstelle" #5: starting keying attempt 4 of an unlimited number Oct 14 14:48:28 pluto[6297] "Zweigstelle" #7: initiating Main Mode to replace #5 Oct 14 14:48:28 pluto[6297] "Zweigstelle" #7: received Vendor ID payload [RFC 3947] method set to=109 Oct 14 14:48:28 pluto[6297] "Zweigstelle" #7: received Vendor ID payload [Dead Peer Detection] Oct 14 14:48:28 pluto[6297] "Zweigstelle" #7: enabling possible NAT-traversal with method 4 Oct 14 14:48:28 pluto[6297] "Zweigstelle" #7: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2 Oct 14 14:48:28 pluto[6297] "Zweigstelle" #7: STATE_MAIN_I2: sent MI2, expecting MR2 Oct 14 14:48:28 pluto[6297] "Zweigstelle" #7: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected Oct 14 14:48:28 pluto[6297] "Zweigstelle" #7: I am sending my cert Oct 14 14:48:28 pluto[6297] "Zweigstelle" #7: I am sending a certificate request Oct 14 14:48:28 pluto[6297] "Zweigstelle" #7: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3 Oct 14 14:48:28 pluto[6297] "Zweigstelle" #7: STATE_MAIN_I3: sent MI3, expecting MR3 Oct 14 14:48:29 pluto[6297] "Zweigstelle" #7: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 14:48:29 pluto[6297] "Zweigstelle" #7: received and ignored informational message Oct 14 14:48:38 pluto[6297] "Zweigstelle" #7: discarding duplicate packet; already STATE_MAIN_I3 Oct 14 14:48:38 pluto[6297] "Zweigstelle" #7: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 14:48:38 pluto[6297] "Zweigstelle" #7: received and ignored informational message Oct 14 14:48:58 pluto[6297] "Zweigstelle" #7: discarding duplicate packet; already STATE_MAIN_I3 Oct 14 14:48:58 pluto[6297] "Zweigstelle" #7: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 14:48:58 pluto[6297] "Zweigstelle" #7: received and ignored informational message Oct 14 14:48:59 pluto[6297] "Zweigstelle" #6: max number of retransmissions (2) reached STATE_MAIN_R2 Oct 14 14:49:00 pluto[6297] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [RFC 3947] method set to=109 Oct 14 14:49:00 pluto[6297] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 109 Oct 14 14:49:00 pluto[6297] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 109 Oct 14 14:49:00 pluto[6297] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00] Oct 14 14:49:00 pluto[6297] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [Dead Peer Detection] Oct 14 14:49:00 pluto[6297] "Zweigstelle" #8: responding to Main Mode Oct 14 14:49:00 pluto[6297] "Zweigstelle" #8: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 Oct 14 14:49:00 pluto[6297] "Zweigstelle" #8: STATE_MAIN_R1: sent MR1, expecting MI2 Oct 14 14:49:00 pluto[6297] "Zweigstelle" #8: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected Oct 14 14:49:00 pluto[6297] "Zweigstelle" #8: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2 Oct 14 14:49:00 pluto[6297] "Zweigstelle" #8: STATE_MAIN_R2: sent MR2, expecting MI3 Oct 14 14:49:00 pluto[6297] "Zweigstelle" #8: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 14:49:00 pluto[6297] "Zweigstelle" #8: issuer cacert not found Oct 14 14:49:00 pluto[6297] "Zweigstelle" #8: X.509 certificate rejected Oct 14 14:49:00 pluto[6297] "Zweigstelle" #8: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 14:49:00 pluto[6297] "Zweigstelle" #8: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 14:49:10 pluto[6297] "Zweigstelle" #8: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 14:49:10 pluto[6297] "Zweigstelle" #8: issuer cacert not found Oct 14 14:49:10 pluto[6297] "Zweigstelle" #8: X.509 certificate rejected Oct 14 14:49:10 pluto[6297] "Zweigstelle" #8: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 14:49:10 pluto[6297] "Zweigstelle" #8: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 14:49:30 pluto[6297] "Zweigstelle" #8: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 14:49:30 pluto[6297] "Zweigstelle" #8: issuer cacert not found Oct 14 14:49:30 pluto[6297] "Zweigstelle" #8: X.509 certificate rejected Oct 14 14:49:30 pluto[6297] "Zweigstelle" #8: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 14:49:30 pluto[6297] "Zweigstelle" #8: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 14:49:38 pluto[6297] "Zweigstelle" #7: max number of retransmissions (2) reached STATE_MAIN_I3. Possible authentication failure: no acceptable response to our first encrypted message Oct 14 14:49:38 pluto[6297] "Zweigstelle" #7: starting keying attempt 5 of an unlimited number Oct 14 14:49:38 pluto[6297] "Zweigstelle" #9: initiating Main Mode to replace #7 Oct 14 14:49:38 pluto[6297] "Zweigstelle" #9: received Vendor ID payload [RFC 3947] method set to=109 Oct 14 14:49:38 pluto[6297] "Zweigstelle" #9: received Vendor ID payload [Dead Peer Detection] Oct 14 14:49:38 pluto[6297] "Zweigstelle" #9: enabling possible NAT-traversal with method 4 Oct 14 14:49:38 pluto[6297] "Zweigstelle" #9: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2 Oct 14 14:49:38 pluto[6297] "Zweigstelle" #9: STATE_MAIN_I2: sent MI2, expecting MR2 Oct 14 14:49:39 pluto[6297] "Zweigstelle" #9: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected Oct 14 14:49:39 pluto[6297] "Zweigstelle" #9: I am sending my cert Oct 14 14:49:39 pluto[6297] "Zweigstelle" #9: I am sending a certificate request Oct 14 14:49:39 pluto[6297] "Zweigstelle" #9: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3 Oct 14 14:49:39 pluto[6297] "Zweigstelle" #9: STATE_MAIN_I3: sent MI3, expecting MR3 Oct 14 14:49:39 pluto[6297] "Zweigstelle" #9: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 14:49:39 pluto[6297] "Zweigstelle" #9: received and ignored informational message Oct 14 14:49:49 pluto[6297] "Zweigstelle" #9: discarding duplicate packet; already STATE_MAIN_I3 Oct 14 14:49:49 pluto[6297] "Zweigstelle" #9: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 14:49:49 pluto[6297] "Zweigstelle" #9: received and ignored informational message Oct 14 14:50:09 pluto[6297] "Zweigstelle" #9: discarding duplicate packet; already STATE_MAIN_I3 Oct 14 14:50:09 pluto[6297] "Zweigstelle" #9: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 14:50:09 pluto[6297] "Zweigstelle" #9: received and ignored informational message Oct 14 14:50:10 pluto[6297] "Zweigstelle" #8: max number of retransmissions (2) reached STATE_MAIN_R2 Oct 14 14:50:10 pluto[6297] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [RFC 3947] method set to=109 Oct 14 14:50:10 pluto[6297] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 109 Oct 14 14:50:10 pluto[6297] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 109 Oct 14 14:50:10 pluto[6297] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00] Oct 14 14:50:10 pluto[6297] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [Dead Peer Detection] Oct 14 14:50:10 pluto[6297] "Zweigstelle" #10: responding to Main Mode Oct 14 14:50:10 pluto[6297] "Zweigstelle" #10: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 Oct 14 14:50:10 pluto[6297] "Zweigstelle" #10: STATE_MAIN_R1: sent MR1, expecting MI2 Oct 14 14:50:10 pluto[6297] "Zweigstelle" #10: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected Oct 14 14:50:10 pluto[6297] "Zweigstelle" #10: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2 Oct 14 14:50:10 pluto[6297] "Zweigstelle" #10: STATE_MAIN_R2: sent MR2, expecting MI3 Oct 14 14:50:10 pluto[6297] "Zweigstelle" #10: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 14:50:10 pluto[6297] "Zweigstelle" #10: issuer cacert not found Oct 14 14:50:10 pluto[6297] "Zweigstelle" #10: X.509 certificate rejected Oct 14 14:50:10 pluto[6297] "Zweigstelle" #10: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 14:50:10 pluto[6297] "Zweigstelle" #10: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 14:50:20 pluto[6297] "Zweigstelle" #10: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 14:50:20 pluto[6297] "Zweigstelle" #10: issuer cacert not found Oct 14 14:50:20 pluto[6297] "Zweigstelle" #10: X.509 certificate rejected Oct 14 14:50:20 pluto[6297] "Zweigstelle" #10: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 14:50:20 pluto[6297] "Zweigstelle" #10: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 14:50:40 pluto[6297] "Zweigstelle" #10: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 14:50:40 pluto[6297] "Zweigstelle" #10: issuer cacert not found Oct 14 14:50:40 pluto[6297] "Zweigstelle" #10: X.509 certificate rejected Oct 14 14:50:40 pluto[6297] "Zweigstelle" #10: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 14:50:40 pluto[6297] "Zweigstelle" #10: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 14:50:49 pluto[6297] "Zweigstelle" #9: max number of retransmissions (2) reached STATE_MAIN_I3. Possible authentication failure: no acceptable response to our first encrypted message Oct 14 14:50:49 pluto[6297] "Zweigstelle" #9: starting keying attempt 6 of an unlimited number Oct 14 14:50:49 pluto[6297] "Zweigstelle" #11: initiating Main Mode to replace #9 Oct 14 14:50:49 pluto[6297] "Zweigstelle" #11: received Vendor ID payload [RFC 3947] method set to=109 Oct 14 14:50:49 pluto[6297] "Zweigstelle" #11: received Vendor ID payload [Dead Peer Detection] Oct 14 14:50:49 pluto[6297] "Zweigstelle" #11: enabling possible NAT-traversal with method 4 Oct 14 14:50:49 pluto[6297] "Zweigstelle" #11: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2 Oct 14 14:50:49 pluto[6297] "Zweigstelle" #11: STATE_MAIN_I2: sent MI2, expecting MR2 Oct 14 14:50:50 pluto[6297] "Zweigstelle" #11: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected Oct 14 14:50:50 pluto[6297] "Zweigstelle" #11: I am sending my cert Oct 14 14:50:50 pluto[6297] "Zweigstelle" #11: I am sending a certificate request Oct 14 14:50:50 pluto[6297] "Zweigstelle" #11: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3 Oct 14 14:50:50 pluto[6297] "Zweigstelle" #11: STATE_MAIN_I3: sent MI3, expecting MR3 Oct 14 14:50:50 pluto[6297] "Zweigstelle" #11: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 14:50:50 pluto[6297] "Zweigstelle" #11: received and ignored informational message Oct 14 14:51:00 pluto[6297] "Zweigstelle" #11: discarding duplicate packet; already STATE_MAIN_I3 Oct 14 14:51:00 pluto[6297] "Zweigstelle" #11: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 14:51:00 pluto[6297] "Zweigstelle" #11: received and ignored informational message Oct 14 14:51:20 pluto[6297] "Zweigstelle" #10: max number of retransmissions (2) reached STATE_MAIN_R2 Oct 14 14:51:20 pluto[6297] "Zweigstelle" #11: discarding duplicate packet; already STATE_MAIN_I3 Oct 14 14:51:20 pluto[6297] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [RFC 3947] method set to=109 Oct 14 14:51:20 pluto[6297] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 109 Oct 14 14:51:20 pluto[6297] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 109 Oct 14 14:51:20 pluto[6297] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00] Oct 14 14:51:20 pluto[6297] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [Dead Peer Detection] Oct 14 14:51:20 pluto[6297] "Zweigstelle" #12: responding to Main Mode Oct 14 14:51:20 pluto[6297] "Zweigstelle" #12: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 Oct 14 14:51:20 pluto[6297] "Zweigstelle" #12: STATE_MAIN_R1: sent MR1, expecting MI2 Oct 14 14:51:20 pluto[6297] "Zweigstelle" #11: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 14:51:20 pluto[6297] "Zweigstelle" #11: received and ignored informational message Oct 14 14:51:20 pluto[6297] "Zweigstelle" #12: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected Oct 14 14:51:20 pluto[6297] "Zweigstelle" #12: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2 Oct 14 14:51:20 pluto[6297] "Zweigstelle" #12: STATE_MAIN_R2: sent MR2, expecting MI3 Oct 14 14:51:20 pluto[6297] "Zweigstelle" #12: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 14:51:20 pluto[6297] "Zweigstelle" #12: issuer cacert not found Oct 14 14:51:20 pluto[6297] "Zweigstelle" #12: X.509 certificate rejected Oct 14 14:51:20 pluto[6297] "Zweigstelle" #12: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 14:51:20 pluto[6297] "Zweigstelle" #12: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 14:51:30 pluto[6297] "Zweigstelle" #12: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 14:51:30 pluto[6297] "Zweigstelle" #12: issuer cacert not found Oct 14 14:51:30 pluto[6297] "Zweigstelle" #12: X.509 certificate rejected Oct 14 14:51:30 pluto[6297] "Zweigstelle" #12: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 14:51:30 pluto[6297] "Zweigstelle" #12: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 14:51:50 pluto[6297] "Zweigstelle" #12: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 14:51:50 pluto[6297] "Zweigstelle" #12: issuer cacert not found Oct 14 14:51:50 pluto[6297] "Zweigstelle" #12: X.509 certificate rejected Oct 14 14:51:50 pluto[6297] "Zweigstelle" #12: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 14:51:50 pluto[6297] "Zweigstelle" #12: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 14:52:00 pluto[6297] "Zweigstelle" #11: max number of retransmissions (2) reached STATE_MAIN_I3. Possible authentication failure: no acceptable response to our first encrypted message Oct 14 14:52:00 pluto[6297] "Zweigstelle" #11: starting keying attempt 7 of an unlimited number Oct 14 14:52:00 pluto[6297] "Zweigstelle" #13: initiating Main Mode to replace #11 Oct 14 14:52:00 pluto[6297] "Zweigstelle" #13: received Vendor ID payload [RFC 3947] method set to=109 Oct 14 14:52:00 pluto[6297] "Zweigstelle" #13: received Vendor ID payload [Dead Peer Detection] Oct 14 14:52:00 pluto[6297] "Zweigstelle" #13: enabling possible NAT-traversal with method 4 Oct 14 14:52:01 pluto[6297] "Zweigstelle" #13: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2 Oct 14 14:52:01 pluto[6297] "Zweigstelle" #13: STATE_MAIN_I2: sent MI2, expecting MR2 Oct 14 14:52:01 pluto[6297] "Zweigstelle" #13: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected Oct 14 14:52:01 pluto[6297] "Zweigstelle" #13: I am sending my cert Oct 14 14:52:01 pluto[6297] "Zweigstelle" #13: I am sending a certificate request Oct 14 14:52:01 pluto[6297] "Zweigstelle" #13: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3 Oct 14 14:52:01 pluto[6297] "Zweigstelle" #13: STATE_MAIN_I3: sent MI3, expecting MR3 Oct 14 14:52:01 pluto[6297] "Zweigstelle" #13: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 14:52:01 pluto[6297] "Zweigstelle" #13: received and ignored informational message Oct 14 14:52:11 pluto[6297] "Zweigstelle" #13: discarding duplicate packet; already STATE_MAIN_I3 Oct 14 14:52:11 pluto[6297] "Zweigstelle" #13: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 14:52:11 pluto[6297] "Zweigstelle" #13: received and ignored informational message Oct 14 14:52:30 pluto[6297] "Zweigstelle" #12: max number of retransmissions (2) reached STATE_MAIN_R2 Oct 14 14:52:30 pluto[6297] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [RFC 3947] method set to=109 Oct 14 14:52:30 pluto[6297] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 109 Oct 14 14:52:30 pluto[6297] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 109 Oct 14 14:52:30 pluto[6297] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00] Oct 14 14:52:30 pluto[6297] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [Dead Peer Detection] Oct 14 14:52:30 pluto[6297] "Zweigstelle" #14: responding to Main Mode Oct 14 14:52:30 pluto[6297] "Zweigstelle" #14: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 Oct 14 14:52:30 pluto[6297] "Zweigstelle" #14: STATE_MAIN_R1: sent MR1, expecting MI2 Oct 14 14:52:30 pluto[6297] "Zweigstelle" #14: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected Oct 14 14:52:30 pluto[6297] "Zweigstelle" #14: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2 Oct 14 14:52:30 pluto[6297] "Zweigstelle" #14: STATE_MAIN_R2: sent MR2, expecting MI3 Oct 14 14:52:30 pluto[6297] "Zweigstelle" #14: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 14:52:30 pluto[6297] "Zweigstelle" #14: issuer cacert not found Oct 14 14:52:30 pluto[6297] "Zweigstelle" #14: X.509 certificate rejected Oct 14 14:52:30 pluto[6297] "Zweigstelle" #14: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 14:52:30 pluto[6297] "Zweigstelle" #14: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 14:52:31 pluto[6297] "Zweigstelle" #13: discarding duplicate packet; already STATE_MAIN_I3 Oct 14 14:52:31 pluto[6297] "Zweigstelle" #13: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 14:52:31 pluto[6297] "Zweigstelle" #13: received and ignored informational message Oct 14 14:52:40 pluto[6297] "Zweigstelle" #14: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 14:52:40 pluto[6297] "Zweigstelle" #14: issuer cacert not found Oct 14 14:52:40 pluto[6297] "Zweigstelle" #14: X.509 certificate rejected Oct 14 14:52:40 pluto[6297] "Zweigstelle" #14: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 14:52:40 pluto[6297] "Zweigstelle" #14: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 14:52:56 pluto[6297] pending Quick Mode with YYY.YYY.YYY.221 "Zweigstelle" took too long -- replacing phase 1 Oct 14 14:52:56 pluto[6297] "Zweigstelle" #15: initiating Main Mode to replace #13 Oct 14 14:52:56 pluto[6297] "Zweigstelle" #15: received Vendor ID payload [RFC 3947] method set to=109 Oct 14 14:52:56 pluto[6297] "Zweigstelle" #15: received Vendor ID payload [Dead Peer Detection] Oct 14 14:52:56 pluto[6297] "Zweigstelle" #15: enabling possible NAT-traversal with method 4 Oct 14 14:52:56 pluto[6297] "Zweigstelle" #15: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2 Oct 14 14:52:56 pluto[6297] "Zweigstelle" #15: STATE_MAIN_I2: sent MI2, expecting MR2 Oct 14 14:52:57 pluto[6297] "Zweigstelle" #15: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected Oct 14 14:52:57 pluto[6297] "Zweigstelle" #15: I am sending my cert Oct 14 14:52:57 pluto[6297] "Zweigstelle" #15: I am sending a certificate request Oct 14 14:52:57 pluto[6297] "Zweigstelle" #15: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3 Oct 14 14:52:57 pluto[6297] "Zweigstelle" #15: STATE_MAIN_I3: sent MI3, expecting MR3 Oct 14 14:52:57 pluto[6297] "Zweigstelle" #15: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 14:52:57 pluto[6297] "Zweigstelle" #15: received and ignored informational message Oct 14 14:53:00 pluto[6297] "Zweigstelle" #14: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 14:53:00 pluto[6297] "Zweigstelle" #14: issuer cacert not found Oct 14 14:53:00 pluto[6297] "Zweigstelle" #14: X.509 certificate rejected Oct 14 14:53:00 pluto[6297] "Zweigstelle" #14: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 14:53:00 pluto[6297] "Zweigstelle" #14: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 14:53:07 pluto[6297] "Zweigstelle" #15: discarding duplicate packet; already STATE_MAIN_I3 Oct 14 14:53:07 pluto[6297] "Zweigstelle" #15: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 14:53:07 pluto[6297] "Zweigstelle" #15: received and ignored informational message Oct 14 14:53:27 pluto[6297] "Zweigstelle" #15: discarding duplicate packet; already STATE_MAIN_I3 Oct 14 14:53:27 pluto[6297] "Zweigstelle" #15: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 14:53:27 pluto[6297] "Zweigstelle" #15: received and ignored informational message Oct 14 14:53:40 pluto[6297] "Zweigstelle" #14: max number of retransmissions (2) reached STATE_MAIN_R2 Oct 14 14:53:40 pluto[6297] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [RFC 3947] method set to=109 Oct 14 14:53:40 pluto[6297] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 109 Oct 14 14:53:40 pluto[6297] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 109 Oct 14 14:53:40 pluto[6297] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00] Oct 14 14:53:40 pluto[6297] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [Dead Peer Detection] Oct 14 14:53:40 pluto[6297] "Zweigstelle" #16: responding to Main Mode Oct 14 14:53:40 pluto[6297] "Zweigstelle" #16: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 Oct 14 14:53:40 pluto[6297] "Zweigstelle" #16: STATE_MAIN_R1: sent MR1, expecting MI2 Oct 14 14:53:40 pluto[6297] "Zweigstelle" #16: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected Oct 14 14:53:40 pluto[6297] "Zweigstelle" #16: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2 Oct 14 14:53:40 pluto[6297] "Zweigstelle" #16: STATE_MAIN_R2: sent MR2, expecting MI3 Oct 14 14:53:40 pluto[6297] "Zweigstelle" #16: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 14:53:40 pluto[6297] "Zweigstelle" #16: issuer cacert not found Oct 14 14:53:40 pluto[6297] "Zweigstelle" #16: X.509 certificate rejected Oct 14 14:53:40 pluto[6297] "Zweigstelle" #16: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 14:53:40 pluto[6297] "Zweigstelle" #16: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 14:53:50 pluto[6297] "Zweigstelle" #16: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 14:53:50 pluto[6297] "Zweigstelle" #16: issuer cacert not found Oct 14 14:53:50 pluto[6297] "Zweigstelle" #16: X.509 certificate rejected Oct 14 14:53:50 pluto[6297] "Zweigstelle" #16: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 14:53:50 pluto[6297] "Zweigstelle" #16: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 14:54:07 pluto[6297] "Zweigstelle" #15: max number of retransmissions (2) reached STATE_MAIN_I3. Possible authentication failure: no acceptable response to our first encrypted message Oct 14 14:54:07 pluto[6297] "Zweigstelle" #15: starting keying attempt 2 of an unlimited number Oct 14 14:54:07 pluto[6297] "Zweigstelle" #17: initiating Main Mode to replace #15 Oct 14 14:54:07 pluto[6297] "Zweigstelle" #17: received Vendor ID payload [RFC 3947] method set to=109 Oct 14 14:54:07 pluto[6297] "Zweigstelle" #17: received Vendor ID payload [Dead Peer Detection] Oct 14 14:54:07 pluto[6297] "Zweigstelle" #17: enabling possible NAT-traversal with method 4 Oct 14 14:54:07 pluto[6297] "Zweigstelle" #17: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2 Oct 14 14:54:07 pluto[6297] "Zweigstelle" #17: STATE_MAIN_I2: sent MI2, expecting MR2 Oct 14 14:54:07 pluto[6297] "Zweigstelle" #17: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected Oct 14 14:54:07 pluto[6297] "Zweigstelle" #17: I am sending my cert Oct 14 14:54:07 pluto[6297] "Zweigstelle" #17: I am sending a certificate request Oct 14 14:54:07 pluto[6297] "Zweigstelle" #17: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3 Oct 14 14:54:07 pluto[6297] "Zweigstelle" #17: STATE_MAIN_I3: sent MI3, expecting MR3 Oct 14 14:54:07 pluto[6297] "Zweigstelle" #17: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 14:54:07 pluto[6297] "Zweigstelle" #17: received and ignored informational message Oct 14 14:54:10 pluto[6297] "Zweigstelle" #16: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 14:54:10 pluto[6297] "Zweigstelle" #16: issuer cacert not found Oct 14 14:54:10 pluto[6297] "Zweigstelle" #16: X.509 certificate rejected Oct 14 14:54:10 pluto[6297] "Zweigstelle" #16: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 14:54:10 pluto[6297] "Zweigstelle" #16: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 14:54:17 pluto[6297] "Zweigstelle" #17: discarding duplicate packet; already STATE_MAIN_I3 Oct 14 14:54:17 pluto[6297] "Zweigstelle" #17: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 14:54:17 pluto[6297] "Zweigstelle" #17: received and ignored informational message Oct 14 14:54:32 ipsec_setup Stopping Openswan IPsec... Oct 14 14:54:32 pluto[6297] shutting down Oct 14 14:54:32 pluto[6297] forgetting secrets Oct 14 14:54:32 pluto[6297] "Zweigstelle": deleting connection Oct 14 14:54:32 pluto[6297] "Zweigstelle" #17: deleting state (STATE_MAIN_I3) Oct 14 14:54:32 pluto[6297] "Zweigstelle" #16: deleting state (STATE_MAIN_R2) Oct 14 14:54:32 pluto[6297] shutting down interface ipsec0/eth2 XXX.XXX.XXX.31:4500 Oct 14 14:54:32 pluto[6297] shutting down interface ipsec0/eth2 XXX.XXX.XXX.31:500 Oct 14 14:54:33 pluto[6301] pluto_crypto_helper: helper (0) is normal exiting Oct 14 14:54:34 ipsec_setup ...Openswan IPsec stopped Oct 14 14:54:35 ipsec_setup Starting Openswan IPsec 2.6.24... Oct 14 14:54:35 ipsec_setup Using KLIPS/legacy stack Oct 14 14:54:36 ipsec_setup KLIPS debug `none' Oct 14 14:54:36 ipsec_setup KLIPS ipsec0 on eth2 XXX.XXX.XXX.31/255.255.255.192 broadcast XXX.XXX.XXX.63 Oct 14 14:54:36 ipsec__plutorun Starting Pluto subsystem... Oct 14 14:54:36 pluto[7534] Starting Pluto (Openswan Version 2.6.24; Vendor ID OEU}`hAnwstx) pid:7534 Oct 14 14:54:36 pluto[7534] Setting NAT-Traversal port-4500 floating to on Oct 14 14:54:36 pluto[7534] port floating activation criteria nat_t=1/port_float=1 Oct 14 14:54:36 pluto[7534] NAT-Traversal support [enabled] Oct 14 14:54:36 pluto[7534] using /dev/urandom as source of random entropy Oct 14 14:54:36 pluto[7534] ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC_SSH: Ok (ret=0) Oct 14 14:54:36 ipsec__plutorun adjusting ipsec.d to /etc/ipsec/ipsec.d Oct 14 14:54:36 pluto[7534] ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC: Ok (ret=0) Oct 14 14:54:36 pluto[7534] ike_alg_register_enc(): Activating OAKLEY_SERPENT_CBC: Ok (ret=0) Oct 14 14:54:36 pluto[7534] ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0) Oct 14 14:54:36 pluto[7534] ike_alg_register_enc(): Activating OAKLEY_BLOWFISH_CBC: Ok (ret=0) Oct 14 14:54:36 pluto[7534] ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok (ret=0) Oct 14 14:54:36 pluto[7534] ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok (ret=0) Oct 14 14:54:36 pluto[7534] starting up 1 cryptographic helpers Oct 14 14:54:36 pluto[7538] using /dev/urandom as source of random entropy Oct 14 14:54:36 pluto[7534] started helper pid=7538 (fd:5) Oct 14 14:54:36 pluto[7534] Using KLIPS IPsec interface code on 2.6.27.19-72.e25 Oct 14 14:54:36 ipsec_setup ...Openswan IPsec started Oct 14 14:54:36 pluto[7534] Changed path to directory '/etc/ipsec/ipsec.d/cacerts' Oct 14 14:54:36 pluto[7534] loaded CA cert file 'cacert.pem' (1269 bytes) Oct 14 14:54:36 pluto[7534] loaded CA cert file 'Zweigstellecert.pem' (1269 bytes) Oct 14 14:54:36 pluto[7534] Could not change to directory '/etc/ipsec/ipsec.d/aacerts': /home/httpd/cgi-bin Oct 14 14:54:36 pluto[7534] Could not change to directory '/etc/ipsec/ipsec.d/ocspcerts': /home/httpd/cgi-bin Oct 14 14:54:36 pluto[7534] Changing to directory '/etc/ipsec/ipsec.d/crls' Oct 14 14:54:36 pluto[7534] Warning: empty directory Oct 14 14:54:36 pluto[7534] loading certificate from hostcert.pem Oct 14 14:54:36 pluto[7534] loaded host cert file '/etc/ipsec/ipsec.d/certs/hostcert.pem' (1143 bytes) Oct 14 14:54:36 pluto[7534] loading certificate from Zweigstellecert.pem Oct 14 14:54:36 pluto[7534] loaded host cert file '/etc/ipsec/ipsec.d/certs/Zweigstellecert.pem' (1269 bytes) Oct 14 14:54:36 pluto[7534] added connection description "Zweigstelle" Oct 14 14:54:36 ipsec__plutorun 002 loading certificate from hostcert.pem Oct 14 14:54:36 ipsec__plutorun 002 loaded host cert file '/etc/ipsec/ipsec.d/certs/hostcert.pem' (1143 bytes) Oct 14 14:54:36 ipsec__plutorun 002 loading certificate from Zweigstellecert.pem Oct 14 14:54:36 ipsec__plutorun 002 loaded host cert file '/etc/ipsec/ipsec.d/certs/Zweigstellecert.pem' (1269 bytes) Oct 14 14:54:36 ipsec__plutorun 002 added connection description "Zweigstelle" Oct 14 14:54:36 pluto[7534] listening for IKE messages Oct 14 14:54:36 pluto[7534] NAT-Traversal: Trying new style NAT-T Oct 14 14:54:36 pluto[7534] adding interface ipsec0/eth2 XXX.XXX.XXX.31:500 Oct 14 14:54:36 pluto[7534] adding interface ipsec0/eth2 XXX.XXX.XXX.31:4500 Oct 14 14:54:36 pluto[7534] loading secrets from "/etc/ipsec/ipsec.secrets" Oct 14 14:54:36 pluto[7534] loaded private key file '/etc/ipsec/ipsec.d/certs/hostkey.pem' (887 bytes) Oct 14 14:54:36 pluto[7534] loaded private key for keyid: PPK_RSA:AwEAAdwtb Oct 14 14:54:36 ipsec__plutorun: 003 NAT-Traversal Trying new style NAT-T Oct 14 14:54:37 pluto[7534] "Zweigstelle" #1: initiating Main Mode Oct 14 14:54:37 ipsec__plutorun: 104 "Zweigstelle" #1: STATE_MAIN_I1 initiate Oct 14 14:54:37 pluto[7534] "Zweigstelle" #1: received Vendor ID payload [RFC 3947] method set to=109 Oct 14 14:54:37 pluto[7534] "Zweigstelle" #1: received Vendor ID payload [Dead Peer Detection] Oct 14 14:54:37 pluto[7534] "Zweigstelle" #1: enabling possible NAT-traversal with method 4 Oct 14 14:54:37 pluto[7534] packet from YYY.YYY.YYY.221:500: phase 1 message is part of an unknown exchange Oct 14 14:54:37 pluto[7534] "Zweigstelle" #1: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2 Oct 14 14:54:37 pluto[7534] "Zweigstelle" #1: STATE_MAIN_I2: sent MI2, expecting MR2 Oct 14 14:54:37 pluto[7534] "Zweigstelle" #1: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected Oct 14 14:54:37 pluto[7534] "Zweigstelle" #1: I am sending my cert Oct 14 14:54:37 pluto[7534] "Zweigstelle" #1: I am sending a certificate request Oct 14 14:54:37 pluto[7534] "Zweigstelle" #1: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3 Oct 14 14:54:37 pluto[7534] "Zweigstelle" #1: STATE_MAIN_I3: sent MI3, expecting MR3 Oct 14 14:54:38 pluto[7534] "Zweigstelle" #1: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 14:54:38 pluto[7534] "Zweigstelle" #1: received and ignored informational message Oct 14 14:54:44 pluto[7534] initiate on demand from 192.168.200.12:0 to 192.168.210.248:0 proto=0 state: fos_start because: acquire Oct 14 14:54:47 pluto[7534] "Zweigstelle" #1: discarding duplicate packet; already STATE_MAIN_I3 Oct 14 14:54:47 pluto[7534] "Zweigstelle" #1: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 14:54:47 pluto[7534] "Zweigstelle" #1: received and ignored informational message Oct 14 14:54:50 pluto[7534] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [RFC 3947] method set to=109 Oct 14 14:54:50 pluto[7534] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 109 Oct 14 14:54:50 pluto[7534] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 109 Oct 14 14:54:50 pluto[7534] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00] Oct 14 14:54:50 pluto[7534] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [Dead Peer Detection] Oct 14 14:54:50 pluto[7534] "Zweigstelle" #2: responding to Main Mode Oct 14 14:54:50 pluto[7534] "Zweigstelle" #2: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 Oct 14 14:54:50 pluto[7534] "Zweigstelle" #2: STATE_MAIN_R1: sent MR1, expecting MI2 Oct 14 14:54:50 pluto[7534] "Zweigstelle" #2: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected Oct 14 14:54:50 pluto[7534] "Zweigstelle" #2: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2 Oct 14 14:54:50 pluto[7534] "Zweigstelle" #2: STATE_MAIN_R2: sent MR2, expecting MI3 Oct 14 14:54:50 pluto[7534] "Zweigstelle" #2: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 14:54:50 pluto[7534] "Zweigstelle" #2: no crl from issuer "C=DE, O=router, CN=router CA" found (strict=no) Oct 14 14:54:50 pluto[7534] "Zweigstelle" #2: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 14:54:50 pluto[7534] "Zweigstelle" #2: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 14:55:00 pluto[7534] "Zweigstelle" #2: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 14:55:00 pluto[7534] "Zweigstelle" #2: no crl from issuer "C=DE, O=router, CN=router CA" found (strict=no) Oct 14 14:55:00 pluto[7534] "Zweigstelle" #2: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 14:55:00 pluto[7534] "Zweigstelle" #2: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 14:55:04 ipsec_setup Stopping Openswan IPsec... Oct 14 14:55:04 pluto[7534] shutting down Oct 14 14:55:04 pluto[7534] forgetting secrets Oct 14 14:55:04 pluto[7534] "Zweigstelle": deleting connection Oct 14 14:55:04 pluto[7534] "Zweigstelle" #2: deleting state (STATE_MAIN_R2) Oct 14 14:55:04 pluto[7534] "Zweigstelle" #1: deleting state (STATE_MAIN_I3) Oct 14 14:55:04 pluto[7534] shutting down interface ipsec0/eth2 XXX.XXX.XXX.31:4500 Oct 14 14:55:04 pluto[7534] shutting down interface ipsec0/eth2 XXX.XXX.XXX.31:500 Oct 14 14:55:05 pluto[7538] pluto_crypto_helper: helper (0) is normal exiting Oct 14 14:55:06 ipsec_setup ...Openswan IPsec stopped Oct 14 14:55:07 ipsec_setup Starting Openswan IPsec 2.6.24... Oct 14 14:55:07 ipsec_setup Using KLIPS/legacy stack Oct 14 14:55:08 ipsec_setup KLIPS debug `none' Oct 14 14:55:08 ipsec_setup KLIPS ipsec0 on eth2 XXX.XXX.XXX.31/255.255.255.192 broadcast XXX.XXX.XXX.63 Oct 14 14:55:08 ipsec__plutorun Starting Pluto subsystem... Oct 14 14:55:08 pluto[8111] Starting Pluto (Openswan Version 2.6.24; Vendor ID OEU}`hAnwstx) pid:8111 Oct 14 14:55:08 pluto[8111] Setting NAT-Traversal port-4500 floating to on Oct 14 14:55:08 pluto[8111] port floating activation criteria nat_t=1/port_float=1 Oct 14 14:55:08 pluto[8111] NAT-Traversal support [enabled] Oct 14 14:55:08 pluto[8111] using /dev/urandom as source of random entropy Oct 14 14:55:08 ipsec__plutorun adjusting ipsec.d to /etc/ipsec/ipsec.d Oct 14 14:55:08 pluto[8111] ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC_SSH: Ok (ret=0) Oct 14 14:55:08 pluto[8111] ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC: Ok (ret=0) Oct 14 14:55:08 pluto[8111] ike_alg_register_enc(): Activating OAKLEY_SERPENT_CBC: Ok (ret=0) Oct 14 14:55:08 pluto[8111] ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0) Oct 14 14:55:08 pluto[8111] ike_alg_register_enc(): Activating OAKLEY_BLOWFISH_CBC: Ok (ret=0) Oct 14 14:55:08 pluto[8111] ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok (ret=0) Oct 14 14:55:08 pluto[8111] ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok (ret=0) Oct 14 14:55:08 pluto[8111] starting up 1 cryptographic helpers Oct 14 14:55:08 pluto[8115] using /dev/urandom as source of random entropy Oct 14 14:55:08 pluto[8111] started helper pid=8115 (fd:5) Oct 14 14:55:08 pluto[8111] Using KLIPS IPsec interface code on 2.6.27.19-72.e25 Oct 14 14:55:08 ipsec_setup ...Openswan IPsec started Oct 14 14:55:08 pluto[8111] Changed path to directory '/etc/ipsec/ipsec.d/cacerts' Oct 14 14:55:08 pluto[8111] loaded CA cert file 'cacert.pem' (1269 bytes) Oct 14 14:55:08 pluto[8111] loaded CA cert file 'Zweigstellecert.pem' (1269 bytes) Oct 14 14:55:08 pluto[8111] Could not change to directory '/etc/ipsec/ipsec.d/aacerts': /home/httpd/cgi-bin Oct 14 14:55:08 pluto[8111] Could not change to directory '/etc/ipsec/ipsec.d/ocspcerts': /home/httpd/cgi-bin Oct 14 14:55:08 pluto[8111] Changing to directory '/etc/ipsec/ipsec.d/crls' Oct 14 14:55:08 pluto[8111] Warning: empty directory Oct 14 14:55:08 pluto[8111] loading certificate from hostcert.pem Oct 14 14:55:08 pluto[8111] loaded host cert file '/etc/ipsec/ipsec.d/certs/hostcert.pem' (1143 bytes) Oct 14 14:55:08 pluto[8111] loading certificate from Zweigstellecert.pem Oct 14 14:55:08 pluto[8111] loaded host cert file '/etc/ipsec/ipsec.d/certs/Zweigstellecert.pem' (1269 bytes) Oct 14 14:55:08 pluto[8111] added connection description "Zweigstelle" Oct 14 14:55:08 ipsec__plutorun 002 loading certificate from hostcert.pem Oct 14 14:55:08 ipsec__plutorun 002 loaded host cert file '/etc/ipsec/ipsec.d/certs/hostcert.pem' (1143 bytes) Oct 14 14:55:08 ipsec__plutorun 002 loading certificate from Zweigstellecert.pem Oct 14 14:55:08 ipsec__plutorun 002 loaded host cert file '/etc/ipsec/ipsec.d/certs/Zweigstellecert.pem' (1269 bytes) Oct 14 14:55:08 ipsec__plutorun 002 added connection description "Zweigstelle" Oct 14 14:55:08 pluto[8111] listening for IKE messages Oct 14 14:55:08 pluto[8111] NAT-Traversal: Trying new style NAT-T Oct 14 14:55:08 pluto[8111] adding interface ipsec0/eth2 XXX.XXX.XXX.31:500 Oct 14 14:55:08 pluto[8111] adding interface ipsec0/eth2 XXX.XXX.XXX.31:4500 Oct 14 14:55:08 pluto[8111] loading secrets from "/etc/ipsec/ipsec.secrets" Oct 14 14:55:08 pluto[8111] loaded private key file '/etc/ipsec/ipsec.d/certs/hostkey.pem' (887 bytes) Oct 14 14:55:08 pluto[8111] loaded private key for keyid: PPK_RSA:AwEAAdwtb Oct 14 14:55:08 ipsec__plutorun: 003 NAT-Traversal Trying new style NAT-T Oct 14 14:55:09 pluto[8111] "Zweigstelle" #1: initiating Main Mode Oct 14 14:55:09 ipsec__plutorun: 104 "Zweigstelle" #1: STATE_MAIN_I1 initiate Oct 14 14:55:09 pluto[8111] "Zweigstelle" #1: received Vendor ID payload [RFC 3947] method set to=109 Oct 14 14:55:09 pluto[8111] "Zweigstelle" #1: received Vendor ID payload [Dead Peer Detection] Oct 14 14:55:09 pluto[8111] "Zweigstelle" #1: enabling possible NAT-traversal with method 4 Oct 14 14:55:09 pluto[8111] "Zweigstelle" #1: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2 Oct 14 14:55:09 pluto[8111] "Zweigstelle" #1: STATE_MAIN_I2: sent MI2, expecting MR2 Oct 14 14:55:09 pluto[8111] "Zweigstelle" #1: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected Oct 14 14:55:09 pluto[8111] "Zweigstelle" #1: I am sending my cert Oct 14 14:55:09 pluto[8111] "Zweigstelle" #1: I am sending a certificate request Oct 14 14:55:09 pluto[8111] "Zweigstelle" #1: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3 Oct 14 14:55:09 pluto[8111] "Zweigstelle" #1: STATE_MAIN_I3: sent MI3, expecting MR3 Oct 14 14:55:09 pluto[8111] "Zweigstelle" #1: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 14:55:09 pluto[8111] "Zweigstelle" #1: received and ignored informational message Oct 14 14:55:19 pluto[8111] "Zweigstelle" #1: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 14:55:19 pluto[8111] "Zweigstelle" #1: received and ignored informational message Oct 14 14:55:19 pluto[8111] "Zweigstelle" #1: discarding duplicate packet; already STATE_MAIN_I3 Oct 14 14:55:20 pluto[8111] packet from YYY.YYY.YYY.221:500: phase 1 message is part of an unknown exchange Oct 14 14:55:39 pluto[8111] "Zweigstelle" #1: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 14:55:39 pluto[8111] "Zweigstelle" #1: received and ignored informational message Oct 14 14:55:39 pluto[8111] "Zweigstelle" #1: discarding duplicate packet; already STATE_MAIN_I3 Oct 14 14:55:44 pluto[8111] initiate on demand from 192.168.200.12:0 to 192.168.210.248:0 proto=0 state: fos_start because: acquire Oct 14 14:56:00 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [RFC 3947] method set to=109 Oct 14 14:56:00 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 109 Oct 14 14:56:00 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 109 Oct 14 14:56:00 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00] Oct 14 14:56:00 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [Dead Peer Detection] Oct 14 14:56:00 pluto[8111] "Zweigstelle" #2: responding to Main Mode Oct 14 14:56:00 pluto[8111] "Zweigstelle" #2: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 Oct 14 14:56:00 pluto[8111] "Zweigstelle" #2: STATE_MAIN_R1: sent MR1, expecting MI2 Oct 14 14:56:00 pluto[8111] "Zweigstelle" #2: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected Oct 14 14:56:00 pluto[8111] "Zweigstelle" #2: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2 Oct 14 14:56:00 pluto[8111] "Zweigstelle" #2: STATE_MAIN_R2: sent MR2, expecting MI3 Oct 14 14:56:00 pluto[8111] "Zweigstelle" #2: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 14:56:00 pluto[8111] "Zweigstelle" #2: no crl from issuer "C=DE, O=router, CN=router CA" found (strict=no) Oct 14 14:56:00 pluto[8111] "Zweigstelle" #2: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 14:56:00 pluto[8111] "Zweigstelle" #2: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 14:56:10 pluto[8111] "Zweigstelle" #2: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 14:56:10 pluto[8111] "Zweigstelle" #2: no crl from issuer "C=DE, O=router, CN=router CA" found (strict=no) Oct 14 14:56:10 pluto[8111] "Zweigstelle" #2: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 14:56:10 pluto[8111] "Zweigstelle" #2: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 14:56:19 pluto[8111] "Zweigstelle" #1: max number of retransmissions (2) reached STATE_MAIN_I3. Possible authentication failure: no acceptable response to our first encrypted message Oct 14 14:56:19 pluto[8111] "Zweigstelle" #1: starting keying attempt 2 of an unlimited number Oct 14 14:56:19 pluto[8111] "Zweigstelle" #3: initiating Main Mode to replace #1 Oct 14 14:56:20 pluto[8111] "Zweigstelle" #3: received Vendor ID payload [RFC 3947] method set to=109 Oct 14 14:56:20 pluto[8111] "Zweigstelle" #3: received Vendor ID payload [Dead Peer Detection] Oct 14 14:56:20 pluto[8111] "Zweigstelle" #3: enabling possible NAT-traversal with method 4 Oct 14 14:56:20 pluto[8111] "Zweigstelle" #3: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2 Oct 14 14:56:20 pluto[8111] "Zweigstelle" #3: STATE_MAIN_I2: sent MI2, expecting MR2 Oct 14 14:56:20 pluto[8111] "Zweigstelle" #3: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected Oct 14 14:56:20 pluto[8111] "Zweigstelle" #3: I am sending my cert Oct 14 14:56:20 pluto[8111] "Zweigstelle" #3: I am sending a certificate request Oct 14 14:56:20 pluto[8111] "Zweigstelle" #3: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3 Oct 14 14:56:20 pluto[8111] "Zweigstelle" #3: STATE_MAIN_I3: sent MI3, expecting MR3 Oct 14 14:56:20 pluto[8111] "Zweigstelle" #3: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 14:56:20 pluto[8111] "Zweigstelle" #3: received and ignored informational message Oct 14 14:56:30 pluto[8111] "Zweigstelle" #3: discarding duplicate packet; already STATE_MAIN_I3 Oct 14 14:56:30 pluto[8111] "Zweigstelle" #2: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 14:56:30 pluto[8111] "Zweigstelle" #2: no crl from issuer "C=DE, O=router, CN=router CA" found (strict=no) Oct 14 14:56:30 pluto[8111] "Zweigstelle" #2: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 14:56:30 pluto[8111] "Zweigstelle" #2: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 14:56:30 pluto[8111] "Zweigstelle" #3: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 14:56:30 pluto[8111] "Zweigstelle" #3: received and ignored informational message Oct 14 14:56:50 pluto[8111] "Zweigstelle" #3: discarding duplicate packet; already STATE_MAIN_I3 Oct 14 14:56:50 pluto[8111] "Zweigstelle" #3: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 14:56:50 pluto[8111] "Zweigstelle" #3: received and ignored informational message Oct 14 14:57:10 pluto[8111] "Zweigstelle" #2: max number of retransmissions (2) reached STATE_MAIN_R2 Oct 14 14:57:10 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [RFC 3947] method set to=109 Oct 14 14:57:10 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 109 Oct 14 14:57:10 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 109 Oct 14 14:57:10 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00] Oct 14 14:57:10 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [Dead Peer Detection] Oct 14 14:57:10 pluto[8111] "Zweigstelle" #4: responding to Main Mode Oct 14 14:57:10 pluto[8111] "Zweigstelle" #4: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 Oct 14 14:57:10 pluto[8111] "Zweigstelle" #4: STATE_MAIN_R1: sent MR1, expecting MI2 Oct 14 14:57:10 pluto[8111] "Zweigstelle" #4: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected Oct 14 14:57:10 pluto[8111] "Zweigstelle" #4: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2 Oct 14 14:57:10 pluto[8111] "Zweigstelle" #4: STATE_MAIN_R2: sent MR2, expecting MI3 Oct 14 14:57:10 pluto[8111] "Zweigstelle" #4: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 14:57:10 pluto[8111] "Zweigstelle" #4: no crl from issuer "C=DE, O=router, CN=router CA" found (strict=no) Oct 14 14:57:10 pluto[8111] "Zweigstelle" #4: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 14:57:10 pluto[8111] "Zweigstelle" #4: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 14:57:20 pluto[8111] "Zweigstelle" #4: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 14:57:20 pluto[8111] "Zweigstelle" #4: no crl from issuer "C=DE, O=router, CN=router CA" found (strict=no) Oct 14 14:57:20 pluto[8111] "Zweigstelle" #4: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 14:57:20 pluto[8111] "Zweigstelle" #4: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 14:57:30 pluto[8111] "Zweigstelle" #3: max number of retransmissions (2) reached STATE_MAIN_I3. Possible authentication failure: no acceptable response to our first encrypted message Oct 14 14:57:30 pluto[8111] "Zweigstelle" #3: starting keying attempt 3 of an unlimited number Oct 14 14:57:30 pluto[8111] "Zweigstelle" #5: initiating Main Mode to replace #3 Oct 14 14:57:31 pluto[8111] "Zweigstelle" #5: received Vendor ID payload [RFC 3947] method set to=109 Oct 14 14:57:31 pluto[8111] "Zweigstelle" #5: received Vendor ID payload [Dead Peer Detection] Oct 14 14:57:31 pluto[8111] "Zweigstelle" #5: enabling possible NAT-traversal with method 4 Oct 14 14:57:31 pluto[8111] "Zweigstelle" #5: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2 Oct 14 14:57:31 pluto[8111] "Zweigstelle" #5: STATE_MAIN_I2: sent MI2, expecting MR2 Oct 14 14:57:31 pluto[8111] "Zweigstelle" #5: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected Oct 14 14:57:31 pluto[8111] "Zweigstelle" #5: I am sending my cert Oct 14 14:57:31 pluto[8111] "Zweigstelle" #5: I am sending a certificate request Oct 14 14:57:31 pluto[8111] "Zweigstelle" #5: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3 Oct 14 14:57:31 pluto[8111] "Zweigstelle" #5: STATE_MAIN_I3: sent MI3, expecting MR3 Oct 14 14:57:31 pluto[8111] "Zweigstelle" #5: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 14:57:31 pluto[8111] "Zweigstelle" #5: received and ignored informational message Oct 14 14:57:40 pluto[8111] "Zweigstelle" #4: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 14:57:40 pluto[8111] "Zweigstelle" #4: no crl from issuer "C=DE, O=router, CN=router CA" found (strict=no) Oct 14 14:57:40 pluto[8111] "Zweigstelle" #4: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 14:57:40 pluto[8111] "Zweigstelle" #4: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 14:57:41 pluto[8111] "Zweigstelle" #5: discarding duplicate packet; already STATE_MAIN_I3 Oct 14 14:57:41 pluto[8111] "Zweigstelle" #5: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 14:57:41 pluto[8111] "Zweigstelle" #5: received and ignored informational message Oct 14 14:58:01 pluto[8111] "Zweigstelle" #5: discarding duplicate packet; already STATE_MAIN_I3 Oct 14 14:58:01 pluto[8111] "Zweigstelle" #5: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 14:58:01 pluto[8111] "Zweigstelle" #5: received and ignored informational message Oct 14 14:58:20 pluto[8111] "Zweigstelle" #4: max number of retransmissions (2) reached STATE_MAIN_R2 Oct 14 14:58:20 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [RFC 3947] method set to=109 Oct 14 14:58:20 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 109 Oct 14 14:58:20 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 109 Oct 14 14:58:20 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00] Oct 14 14:58:20 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [Dead Peer Detection] Oct 14 14:58:20 pluto[8111] "Zweigstelle" #6: responding to Main Mode Oct 14 14:58:20 pluto[8111] "Zweigstelle" #6: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 Oct 14 14:58:20 pluto[8111] "Zweigstelle" #6: STATE_MAIN_R1: sent MR1, expecting MI2 Oct 14 14:58:20 pluto[8111] "Zweigstelle" #6: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected Oct 14 14:58:20 pluto[8111] "Zweigstelle" #6: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2 Oct 14 14:58:20 pluto[8111] "Zweigstelle" #6: STATE_MAIN_R2: sent MR2, expecting MI3 Oct 14 14:58:20 pluto[8111] "Zweigstelle" #6: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 14:58:20 pluto[8111] "Zweigstelle" #6: no crl from issuer "C=DE, O=router, CN=router CA" found (strict=no) Oct 14 14:58:20 pluto[8111] "Zweigstelle" #6: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 14:58:20 pluto[8111] "Zweigstelle" #6: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 14:58:29 pluto[8111] "Zweigstelle" #6: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 14:58:29 pluto[8111] "Zweigstelle" #6: no crl from issuer "C=DE, O=router, CN=router CA" found (strict=no) Oct 14 14:58:29 pluto[8111] "Zweigstelle" #6: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 14:58:29 pluto[8111] "Zweigstelle" #6: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 14:58:41 pluto[8111] "Zweigstelle" #5: max number of retransmissions (2) reached STATE_MAIN_I3. Possible authentication failure: no acceptable response to our first encrypted message Oct 14 14:58:41 pluto[8111] "Zweigstelle" #5: starting keying attempt 4 of an unlimited number Oct 14 14:58:41 pluto[8111] "Zweigstelle" #7: initiating Main Mode to replace #5 Oct 14 14:58:42 pluto[8111] "Zweigstelle" #7: received Vendor ID payload [RFC 3947] method set to=109 Oct 14 14:58:42 pluto[8111] "Zweigstelle" #7: received Vendor ID payload [Dead Peer Detection] Oct 14 14:58:42 pluto[8111] "Zweigstelle" #7: enabling possible NAT-traversal with method 4 Oct 14 14:58:42 pluto[8111] "Zweigstelle" #7: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2 Oct 14 14:58:42 pluto[8111] "Zweigstelle" #7: STATE_MAIN_I2: sent MI2, expecting MR2 Oct 14 14:58:42 pluto[8111] "Zweigstelle" #7: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected Oct 14 14:58:42 pluto[8111] "Zweigstelle" #7: I am sending my cert Oct 14 14:58:42 pluto[8111] "Zweigstelle" #7: I am sending a certificate request Oct 14 14:58:42 pluto[8111] "Zweigstelle" #7: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3 Oct 14 14:58:42 pluto[8111] "Zweigstelle" #7: STATE_MAIN_I3: sent MI3, expecting MR3 Oct 14 14:58:42 pluto[8111] "Zweigstelle" #7: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 14:58:42 pluto[8111] "Zweigstelle" #7: received and ignored informational message Oct 14 14:58:50 pluto[8111] "Zweigstelle" #6: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 14:58:50 pluto[8111] "Zweigstelle" #6: no crl from issuer "C=DE, O=router, CN=router CA" found (strict=no) Oct 14 14:58:50 pluto[8111] "Zweigstelle" #6: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 14:58:50 pluto[8111] "Zweigstelle" #6: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 14:58:52 pluto[8111] "Zweigstelle" #7: discarding duplicate packet; already STATE_MAIN_I3 Oct 14 14:58:52 pluto[8111] "Zweigstelle" #7: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 14:58:52 pluto[8111] "Zweigstelle" #7: received and ignored informational message Oct 14 14:59:12 pluto[8111] "Zweigstelle" #7: discarding duplicate packet; already STATE_MAIN_I3 Oct 14 14:59:12 pluto[8111] "Zweigstelle" #7: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 14:59:12 pluto[8111] "Zweigstelle" #7: received and ignored informational message Oct 14 14:59:30 pluto[8111] "Zweigstelle" #6: max number of retransmissions (2) reached STATE_MAIN_R2 Oct 14 14:59:30 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [RFC 3947] method set to=109 Oct 14 14:59:30 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 109 Oct 14 14:59:30 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 109 Oct 14 14:59:30 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00] Oct 14 14:59:30 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [Dead Peer Detection] Oct 14 14:59:30 pluto[8111] "Zweigstelle" #8: responding to Main Mode Oct 14 14:59:30 pluto[8111] "Zweigstelle" #8: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 Oct 14 14:59:30 pluto[8111] "Zweigstelle" #8: STATE_MAIN_R1: sent MR1, expecting MI2 Oct 14 14:59:30 pluto[8111] "Zweigstelle" #8: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected Oct 14 14:59:30 pluto[8111] "Zweigstelle" #8: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2 Oct 14 14:59:30 pluto[8111] "Zweigstelle" #8: STATE_MAIN_R2: sent MR2, expecting MI3 Oct 14 14:59:30 pluto[8111] "Zweigstelle" #8: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 14:59:30 pluto[8111] "Zweigstelle" #8: no crl from issuer "C=DE, O=router, CN=router CA" found (strict=no) Oct 14 14:59:30 pluto[8111] "Zweigstelle" #8: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 14:59:30 pluto[8111] "Zweigstelle" #8: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 14:59:40 pluto[8111] "Zweigstelle" #8: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 14:59:40 pluto[8111] "Zweigstelle" #8: no crl from issuer "C=DE, O=router, CN=router CA" found (strict=no) Oct 14 14:59:40 pluto[8111] "Zweigstelle" #8: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 14:59:40 pluto[8111] "Zweigstelle" #8: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 14:59:52 pluto[8111] "Zweigstelle" #7: max number of retransmissions (2) reached STATE_MAIN_I3. Possible authentication failure: no acceptable response to our first encrypted message Oct 14 14:59:52 pluto[8111] "Zweigstelle" #7: starting keying attempt 5 of an unlimited number Oct 14 14:59:52 pluto[8111] "Zweigstelle" #9: initiating Main Mode to replace #7 Oct 14 14:59:52 pluto[8111] "Zweigstelle" #9: received Vendor ID payload [RFC 3947] method set to=109 Oct 14 14:59:52 pluto[8111] "Zweigstelle" #9: received Vendor ID payload [Dead Peer Detection] Oct 14 14:59:52 pluto[8111] "Zweigstelle" #9: enabling possible NAT-traversal with method 4 Oct 14 14:59:52 pluto[8111] "Zweigstelle" #9: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2 Oct 14 14:59:52 pluto[8111] "Zweigstelle" #9: STATE_MAIN_I2: sent MI2, expecting MR2 Oct 14 14:59:52 pluto[8111] "Zweigstelle" #9: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected Oct 14 14:59:52 pluto[8111] "Zweigstelle" #9: I am sending my cert Oct 14 14:59:52 pluto[8111] "Zweigstelle" #9: I am sending a certificate request Oct 14 14:59:52 pluto[8111] "Zweigstelle" #9: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3 Oct 14 14:59:52 pluto[8111] "Zweigstelle" #9: STATE_MAIN_I3: sent MI3, expecting MR3 Oct 14 14:59:52 pluto[8111] "Zweigstelle" #9: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 14:59:52 pluto[8111] "Zweigstelle" #9: received and ignored informational message Oct 14 15:00:00 pluto[8111] "Zweigstelle" #8: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:00:00 pluto[8111] "Zweigstelle" #8: no crl from issuer "C=DE, O=router, CN=router CA" found (strict=no) Oct 14 15:00:00 pluto[8111] "Zweigstelle" #8: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:00:00 pluto[8111] "Zweigstelle" #8: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 15:00:02 pluto[8111] "Zweigstelle" #9: discarding duplicate packet; already STATE_MAIN_I3 Oct 14 15:00:02 pluto[8111] "Zweigstelle" #9: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 15:00:02 pluto[8111] "Zweigstelle" #9: received and ignored informational message Oct 14 15:00:22 pluto[8111] "Zweigstelle" #9: discarding duplicate packet; already STATE_MAIN_I3 Oct 14 15:00:22 pluto[8111] "Zweigstelle" #9: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 15:00:22 pluto[8111] "Zweigstelle" #9: received and ignored informational message Oct 14 15:00:40 pluto[8111] "Zweigstelle" #8: max number of retransmissions (2) reached STATE_MAIN_R2 Oct 14 15:00:40 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [RFC 3947] method set to=109 Oct 14 15:00:40 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 109 Oct 14 15:00:40 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 109 Oct 14 15:00:40 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00] Oct 14 15:00:40 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [Dead Peer Detection] Oct 14 15:00:40 pluto[8111] "Zweigstelle" #10: responding to Main Mode Oct 14 15:00:40 pluto[8111] "Zweigstelle" #10: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 Oct 14 15:00:40 pluto[8111] "Zweigstelle" #10: STATE_MAIN_R1: sent MR1, expecting MI2 Oct 14 15:00:40 pluto[8111] "Zweigstelle" #10: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected Oct 14 15:00:40 pluto[8111] "Zweigstelle" #10: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2 Oct 14 15:00:40 pluto[8111] "Zweigstelle" #10: STATE_MAIN_R2: sent MR2, expecting MI3 Oct 14 15:00:40 pluto[8111] "Zweigstelle" #10: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:00:40 pluto[8111] "Zweigstelle" #10: no crl from issuer "C=DE, O=router, CN=router CA" found (strict=no) Oct 14 15:00:40 pluto[8111] "Zweigstelle" #10: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:00:40 pluto[8111] "Zweigstelle" #10: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 15:00:50 pluto[8111] "Zweigstelle" #10: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:00:50 pluto[8111] "Zweigstelle" #10: no crl from issuer "C=DE, O=router, CN=router CA" found (strict=no) Oct 14 15:00:50 pluto[8111] "Zweigstelle" #10: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:00:50 pluto[8111] "Zweigstelle" #10: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 15:01:02 pluto[8111] "Zweigstelle" #9: max number of retransmissions (2) reached STATE_MAIN_I3. Possible authentication failure: no acceptable response to our first encrypted message Oct 14 15:01:02 pluto[8111] "Zweigstelle" #9: starting keying attempt 6 of an unlimited number Oct 14 15:01:02 pluto[8111] "Zweigstelle" #11: initiating Main Mode to replace #9 Oct 14 15:01:02 pluto[8111] "Zweigstelle" #11: received Vendor ID payload [RFC 3947] method set to=109 Oct 14 15:01:02 pluto[8111] "Zweigstelle" #11: received Vendor ID payload [Dead Peer Detection] Oct 14 15:01:02 pluto[8111] "Zweigstelle" #11: enabling possible NAT-traversal with method 4 Oct 14 15:01:02 pluto[8111] "Zweigstelle" #11: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2 Oct 14 15:01:02 pluto[8111] "Zweigstelle" #11: STATE_MAIN_I2: sent MI2, expecting MR2 Oct 14 15:01:02 pluto[8111] "Zweigstelle" #11: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected Oct 14 15:01:02 pluto[8111] "Zweigstelle" #11: I am sending my cert Oct 14 15:01:02 pluto[8111] "Zweigstelle" #11: I am sending a certificate request Oct 14 15:01:02 pluto[8111] "Zweigstelle" #11: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3 Oct 14 15:01:02 pluto[8111] "Zweigstelle" #11: STATE_MAIN_I3: sent MI3, expecting MR3 Oct 14 15:01:02 pluto[8111] "Zweigstelle" #11: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 15:01:02 pluto[8111] "Zweigstelle" #11: received and ignored informational message Oct 14 15:01:10 pluto[8111] "Zweigstelle" #10: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:01:10 pluto[8111] "Zweigstelle" #10: no crl from issuer "C=DE, O=router, CN=router CA" found (strict=no) Oct 14 15:01:10 pluto[8111] "Zweigstelle" #10: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:01:10 pluto[8111] "Zweigstelle" #10: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 15:01:12 pluto[8111] "Zweigstelle" #11: discarding duplicate packet; already STATE_MAIN_I3 Oct 14 15:01:12 pluto[8111] "Zweigstelle" #11: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 15:01:12 pluto[8111] "Zweigstelle" #11: received and ignored informational message Oct 14 15:01:32 pluto[8111] "Zweigstelle" #11: discarding duplicate packet; already STATE_MAIN_I3 Oct 14 15:01:32 pluto[8111] "Zweigstelle" #11: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 15:01:32 pluto[8111] "Zweigstelle" #11: received and ignored informational message Oct 14 15:01:50 pluto[8111] "Zweigstelle" #10: max number of retransmissions (2) reached STATE_MAIN_R2 Oct 14 15:01:50 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [RFC 3947] method set to=109 Oct 14 15:01:50 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 109 Oct 14 15:01:50 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 109 Oct 14 15:01:50 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00] Oct 14 15:01:50 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [Dead Peer Detection] Oct 14 15:01:50 pluto[8111] "Zweigstelle" #12: responding to Main Mode Oct 14 15:01:50 pluto[8111] "Zweigstelle" #12: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 Oct 14 15:01:50 pluto[8111] "Zweigstelle" #12: STATE_MAIN_R1: sent MR1, expecting MI2 Oct 14 15:01:50 pluto[8111] "Zweigstelle" #12: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected Oct 14 15:01:50 pluto[8111] "Zweigstelle" #12: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2 Oct 14 15:01:50 pluto[8111] "Zweigstelle" #12: STATE_MAIN_R2: sent MR2, expecting MI3 Oct 14 15:01:50 pluto[8111] "Zweigstelle" #12: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:01:50 pluto[8111] "Zweigstelle" #12: no crl from issuer "C=DE, O=router, CN=router CA" found (strict=no) Oct 14 15:01:50 pluto[8111] "Zweigstelle" #12: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:01:50 pluto[8111] "Zweigstelle" #12: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 15:02:01 pluto[8111] "Zweigstelle" #12: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:02:01 pluto[8111] "Zweigstelle" #12: no crl from issuer "C=DE, O=router, CN=router CA" found (strict=no) Oct 14 15:02:01 pluto[8111] "Zweigstelle" #12: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:02:01 pluto[8111] "Zweigstelle" #12: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 15:02:12 pluto[8111] "Zweigstelle" #11: max number of retransmissions (2) reached STATE_MAIN_I3. Possible authentication failure: no acceptable response to our first encrypted message Oct 14 15:02:12 pluto[8111] "Zweigstelle" #11: starting keying attempt 7 of an unlimited number Oct 14 15:02:12 pluto[8111] "Zweigstelle" #13: initiating Main Mode to replace #11 Oct 14 15:02:12 pluto[8111] "Zweigstelle" #13: received Vendor ID payload [RFC 3947] method set to=109 Oct 14 15:02:12 pluto[8111] "Zweigstelle" #13: received Vendor ID payload [Dead Peer Detection] Oct 14 15:02:12 pluto[8111] "Zweigstelle" #13: enabling possible NAT-traversal with method 4 Oct 14 15:02:12 pluto[8111] "Zweigstelle" #13: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2 Oct 14 15:02:12 pluto[8111] "Zweigstelle" #13: STATE_MAIN_I2: sent MI2, expecting MR2 Oct 14 15:02:12 pluto[8111] "Zweigstelle" #13: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected Oct 14 15:02:12 pluto[8111] "Zweigstelle" #13: I am sending my cert Oct 14 15:02:12 pluto[8111] "Zweigstelle" #13: I am sending a certificate request Oct 14 15:02:12 pluto[8111] "Zweigstelle" #13: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3 Oct 14 15:02:12 pluto[8111] "Zweigstelle" #13: STATE_MAIN_I3: sent MI3, expecting MR3 Oct 14 15:02:12 pluto[8111] "Zweigstelle" #13: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 15:02:12 pluto[8111] "Zweigstelle" #13: received and ignored informational message Oct 14 15:02:21 pluto[8111] "Zweigstelle" #12: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:02:21 pluto[8111] "Zweigstelle" #12: no crl from issuer "C=DE, O=router, CN=router CA" found (strict=no) Oct 14 15:02:21 pluto[8111] "Zweigstelle" #12: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:02:21 pluto[8111] "Zweigstelle" #12: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 15:02:22 pluto[8111] "Zweigstelle" #13: discarding duplicate packet; already STATE_MAIN_I3 Oct 14 15:02:22 pluto[8111] "Zweigstelle" #13: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 15:02:22 pluto[8111] "Zweigstelle" #13: received and ignored informational message Oct 14 15:02:42 pluto[8111] "Zweigstelle" #13: discarding duplicate packet; already STATE_MAIN_I3 Oct 14 15:02:42 pluto[8111] "Zweigstelle" #13: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 15:02:42 pluto[8111] "Zweigstelle" #13: received and ignored informational message Oct 14 15:03:00 pluto[8111] "Zweigstelle" #12: max number of retransmissions (2) reached STATE_MAIN_R2 Oct 14 15:03:01 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [RFC 3947] method set to=109 Oct 14 15:03:01 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 109 Oct 14 15:03:01 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 109 Oct 14 15:03:01 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00] Oct 14 15:03:01 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [Dead Peer Detection] Oct 14 15:03:01 pluto[8111] "Zweigstelle" #14: responding to Main Mode Oct 14 15:03:01 pluto[8111] "Zweigstelle" #14: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 Oct 14 15:03:01 pluto[8111] "Zweigstelle" #14: STATE_MAIN_R1: sent MR1, expecting MI2 Oct 14 15:03:01 pluto[8111] "Zweigstelle" #14: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected Oct 14 15:03:01 pluto[8111] "Zweigstelle" #14: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2 Oct 14 15:03:01 pluto[8111] "Zweigstelle" #14: STATE_MAIN_R2: sent MR2, expecting MI3 Oct 14 15:03:02 pluto[8111] "Zweigstelle" #14: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:03:02 pluto[8111] "Zweigstelle" #14: no crl from issuer "C=DE, O=router, CN=router CA" found (strict=no) Oct 14 15:03:02 pluto[8111] "Zweigstelle" #14: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:03:02 pluto[8111] "Zweigstelle" #14: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 15:03:08 pluto[8111] pending Quick Mode with YYY.YYY.YYY.221 "Zweigstelle" took too long -- replacing phase 1 Oct 14 15:03:08 pluto[8111] "Zweigstelle" #15: initiating Main Mode to replace #13 Oct 14 15:03:08 pluto[8111] "Zweigstelle" #15: received Vendor ID payload [RFC 3947] method set to=109 Oct 14 15:03:08 pluto[8111] "Zweigstelle" #15: received Vendor ID payload [Dead Peer Detection] Oct 14 15:03:08 pluto[8111] "Zweigstelle" #15: enabling possible NAT-traversal with method 4 Oct 14 15:03:08 pluto[8111] "Zweigstelle" #15: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2 Oct 14 15:03:08 pluto[8111] "Zweigstelle" #15: STATE_MAIN_I2: sent MI2, expecting MR2 Oct 14 15:03:08 pluto[8111] "Zweigstelle" #15: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected Oct 14 15:03:08 pluto[8111] "Zweigstelle" #15: I am sending my cert Oct 14 15:03:08 pluto[8111] "Zweigstelle" #15: I am sending a certificate request Oct 14 15:03:08 pluto[8111] "Zweigstelle" #15: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3 Oct 14 15:03:08 pluto[8111] "Zweigstelle" #15: STATE_MAIN_I3: sent MI3, expecting MR3 Oct 14 15:03:08 pluto[8111] "Zweigstelle" #15: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 15:03:08 pluto[8111] "Zweigstelle" #15: received and ignored informational message Oct 14 15:03:12 pluto[8111] "Zweigstelle" #14: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:03:12 pluto[8111] "Zweigstelle" #14: no crl from issuer "C=DE, O=router, CN=router CA" found (strict=no) Oct 14 15:03:12 pluto[8111] "Zweigstelle" #14: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:03:12 pluto[8111] "Zweigstelle" #14: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 15:03:18 pluto[8111] "Zweigstelle" #15: discarding duplicate packet; already STATE_MAIN_I3 Oct 14 15:03:18 pluto[8111] "Zweigstelle" #15: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 15:03:18 pluto[8111] "Zweigstelle" #15: received and ignored informational message Oct 14 15:03:32 pluto[8111] "Zweigstelle" #14: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:03:32 pluto[8111] "Zweigstelle" #14: no crl from issuer "C=DE, O=router, CN=router CA" found (strict=no) Oct 14 15:03:32 pluto[8111] "Zweigstelle" #14: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:03:32 pluto[8111] "Zweigstelle" #14: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 15:03:37 pluto[8111] "Zweigstelle" #15: discarding duplicate packet; already STATE_MAIN_I3 Oct 14 15:03:39 pluto[8111] "Zweigstelle" #15: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 15:03:39 pluto[8111] "Zweigstelle" #15: received and ignored informational message Oct 14 15:04:11 pluto[8111] "Zweigstelle" #14: max number of retransmissions (2) reached STATE_MAIN_R2 Oct 14 15:04:12 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [RFC 3947] method set to=109 Oct 14 15:04:12 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 109 Oct 14 15:04:12 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 109 Oct 14 15:04:12 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00] Oct 14 15:04:12 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [Dead Peer Detection] Oct 14 15:04:12 pluto[8111] "Zweigstelle" #16: responding to Main Mode Oct 14 15:04:12 pluto[8111] "Zweigstelle" #16: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 Oct 14 15:04:12 pluto[8111] "Zweigstelle" #16: STATE_MAIN_R1: sent MR1, expecting MI2 Oct 14 15:04:12 pluto[8111] "Zweigstelle" #16: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected Oct 14 15:04:12 pluto[8111] "Zweigstelle" #16: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2 Oct 14 15:04:12 pluto[8111] "Zweigstelle" #16: STATE_MAIN_R2: sent MR2, expecting MI3 Oct 14 15:04:12 pluto[8111] "Zweigstelle" #16: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:04:12 pluto[8111] "Zweigstelle" #16: no crl from issuer "C=DE, O=router, CN=router CA" found (strict=no) Oct 14 15:04:12 pluto[8111] "Zweigstelle" #16: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:04:12 pluto[8111] "Zweigstelle" #16: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 15:04:18 pluto[8111] "Zweigstelle" #15: max number of retransmissions (2) reached STATE_MAIN_I3. Possible authentication failure: no acceptable response to our first encrypted message Oct 14 15:04:18 pluto[8111] "Zweigstelle" #15: starting keying attempt 2 of an unlimited number Oct 14 15:04:18 pluto[8111] "Zweigstelle" #17: initiating Main Mode to replace #15 Oct 14 15:04:18 pluto[8111] "Zweigstelle" #17: received Vendor ID payload [RFC 3947] method set to=109 Oct 14 15:04:18 pluto[8111] "Zweigstelle" #17: received Vendor ID payload [Dead Peer Detection] Oct 14 15:04:18 pluto[8111] "Zweigstelle" #17: enabling possible NAT-traversal with method 4 Oct 14 15:04:18 pluto[8111] "Zweigstelle" #17: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2 Oct 14 15:04:18 pluto[8111] "Zweigstelle" #17: STATE_MAIN_I2: sent MI2, expecting MR2 Oct 14 15:04:18 pluto[8111] "Zweigstelle" #17: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected Oct 14 15:04:18 pluto[8111] "Zweigstelle" #17: I am sending my cert Oct 14 15:04:18 pluto[8111] "Zweigstelle" #17: I am sending a certificate request Oct 14 15:04:18 pluto[8111] "Zweigstelle" #17: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3 Oct 14 15:04:18 pluto[8111] "Zweigstelle" #17: STATE_MAIN_I3: sent MI3, expecting MR3 Oct 14 15:04:18 pluto[8111] "Zweigstelle" #17: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 15:04:18 pluto[8111] "Zweigstelle" #17: received and ignored informational message Oct 14 15:04:22 pluto[8111] "Zweigstelle" #16: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:04:22 pluto[8111] "Zweigstelle" #16: no crl from issuer "C=DE, O=router, CN=router CA" found (strict=no) Oct 14 15:04:22 pluto[8111] "Zweigstelle" #16: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:04:22 pluto[8111] "Zweigstelle" #16: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 15:04:28 pluto[8111] "Zweigstelle" #17: discarding duplicate packet; already STATE_MAIN_I3 Oct 14 15:04:28 pluto[8111] "Zweigstelle" #17: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 15:04:28 pluto[8111] "Zweigstelle" #17: received and ignored informational message Oct 14 15:04:42 pluto[8111] "Zweigstelle" #16: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:04:42 pluto[8111] "Zweigstelle" #16: no crl from issuer "C=DE, O=router, CN=router CA" found (strict=no) Oct 14 15:04:42 pluto[8111] "Zweigstelle" #16: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:04:42 pluto[8111] "Zweigstelle" #16: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 15:04:47 pluto[8111] "Zweigstelle" #17: discarding duplicate packet; already STATE_MAIN_I3 Oct 14 15:04:49 pluto[8111] "Zweigstelle" #17: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 15:04:49 pluto[8111] "Zweigstelle" #17: received and ignored informational message Oct 14 15:05:08 pluto[8111] pending Quick Mode with YYY.YYY.YYY.221 "Zweigstelle" took too long -- replacing phase 1 Oct 14 15:05:08 pluto[8111] "Zweigstelle" #18: initiating Main Mode to replace #17 Oct 14 15:05:08 pluto[8111] "Zweigstelle" #18: received Vendor ID payload [RFC 3947] method set to=109 Oct 14 15:05:08 pluto[8111] "Zweigstelle" #18: received Vendor ID payload [Dead Peer Detection] Oct 14 15:05:08 pluto[8111] "Zweigstelle" #18: enabling possible NAT-traversal with method 4 Oct 14 15:05:08 pluto[8111] "Zweigstelle" #18: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2 Oct 14 15:05:08 pluto[8111] "Zweigstelle" #18: STATE_MAIN_I2: sent MI2, expecting MR2 Oct 14 15:05:08 pluto[8111] "Zweigstelle" #18: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected Oct 14 15:05:08 pluto[8111] "Zweigstelle" #18: I am sending my cert Oct 14 15:05:08 pluto[8111] "Zweigstelle" #18: I am sending a certificate request Oct 14 15:05:08 pluto[8111] "Zweigstelle" #18: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3 Oct 14 15:05:08 pluto[8111] "Zweigstelle" #18: STATE_MAIN_I3: sent MI3, expecting MR3 Oct 14 15:05:08 pluto[8111] "Zweigstelle" #18: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 15:05:08 pluto[8111] "Zweigstelle" #18: received and ignored informational message Oct 14 15:05:18 pluto[8111] "Zweigstelle" #18: discarding duplicate packet; already STATE_MAIN_I3 Oct 14 15:05:18 pluto[8111] "Zweigstelle" #18: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 15:05:18 pluto[8111] "Zweigstelle" #18: received and ignored informational message Oct 14 15:05:22 pluto[8111] "Zweigstelle" #16: max number of retransmissions (2) reached STATE_MAIN_R2 Oct 14 15:05:22 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [RFC 3947] method set to=109 Oct 14 15:05:22 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 109 Oct 14 15:05:22 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 109 Oct 14 15:05:22 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00] Oct 14 15:05:22 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [Dead Peer Detection] Oct 14 15:05:22 pluto[8111] "Zweigstelle" #19: responding to Main Mode Oct 14 15:05:22 pluto[8111] "Zweigstelle" #19: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 Oct 14 15:05:22 pluto[8111] "Zweigstelle" #19: STATE_MAIN_R1: sent MR1, expecting MI2 Oct 14 15:05:22 pluto[8111] "Zweigstelle" #19: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected Oct 14 15:05:22 pluto[8111] "Zweigstelle" #19: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2 Oct 14 15:05:22 pluto[8111] "Zweigstelle" #19: STATE_MAIN_R2: sent MR2, expecting MI3 Oct 14 15:05:22 pluto[8111] "Zweigstelle" #19: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:05:22 pluto[8111] "Zweigstelle" #19: no crl from issuer "C=DE, O=router, CN=router CA" found (strict=no) Oct 14 15:05:22 pluto[8111] "Zweigstelle" #19: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:05:22 pluto[8111] "Zweigstelle" #19: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 15:05:31 pluto[8111] "Zweigstelle" #19: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:05:31 pluto[8111] "Zweigstelle" #19: no crl from issuer "C=DE, O=router, CN=router CA" found (strict=no) Oct 14 15:05:31 pluto[8111] "Zweigstelle" #19: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:05:31 pluto[8111] "Zweigstelle" #19: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 15:05:38 pluto[8111] "Zweigstelle" #18: discarding duplicate packet; already STATE_MAIN_I3 Oct 14 15:05:38 pluto[8111] "Zweigstelle" #18: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 15:05:38 pluto[8111] "Zweigstelle" #18: received and ignored informational message Oct 14 15:05:52 pluto[8111] "Zweigstelle" #19: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:05:52 pluto[8111] "Zweigstelle" #19: no crl from issuer "C=DE, O=router, CN=router CA" found (strict=no) Oct 14 15:05:52 pluto[8111] "Zweigstelle" #19: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:05:52 pluto[8111] "Zweigstelle" #19: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 15:06:18 pluto[8111] "Zweigstelle" #18: max number of retransmissions (2) reached STATE_MAIN_I3. Possible authentication failure: no acceptable response to our first encrypted message Oct 14 15:06:18 pluto[8111] "Zweigstelle" #18: starting keying attempt 2 of an unlimited number Oct 14 15:06:18 pluto[8111] "Zweigstelle" #20: initiating Main Mode to replace #18 Oct 14 15:06:18 pluto[8111] "Zweigstelle" #20: received Vendor ID payload [RFC 3947] method set to=109 Oct 14 15:06:18 pluto[8111] "Zweigstelle" #20: received Vendor ID payload [Dead Peer Detection] Oct 14 15:06:18 pluto[8111] "Zweigstelle" #20: enabling possible NAT-traversal with method 4 Oct 14 15:06:18 pluto[8111] "Zweigstelle" #20: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2 Oct 14 15:06:18 pluto[8111] "Zweigstelle" #20: STATE_MAIN_I2: sent MI2, expecting MR2 Oct 14 15:06:18 pluto[8111] "Zweigstelle" #20: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected Oct 14 15:06:18 pluto[8111] "Zweigstelle" #20: I am sending my cert Oct 14 15:06:18 pluto[8111] "Zweigstelle" #20: I am sending a certificate request Oct 14 15:06:18 pluto[8111] "Zweigstelle" #20: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3 Oct 14 15:06:18 pluto[8111] "Zweigstelle" #20: STATE_MAIN_I3: sent MI3, expecting MR3 Oct 14 15:06:18 pluto[8111] "Zweigstelle" #20: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 15:06:18 pluto[8111] "Zweigstelle" #20: received and ignored informational message Oct 14 15:06:28 pluto[8111] "Zweigstelle" #20: discarding duplicate packet; already STATE_MAIN_I3 Oct 14 15:06:28 pluto[8111] "Zweigstelle" #20: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 15:06:28 pluto[8111] "Zweigstelle" #20: received and ignored informational message Oct 14 15:06:32 pluto[8111] "Zweigstelle" #19: max number of retransmissions (2) reached STATE_MAIN_R2 Oct 14 15:06:32 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [RFC 3947] method set to=109 Oct 14 15:06:32 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 109 Oct 14 15:06:32 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 109 Oct 14 15:06:32 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00] Oct 14 15:06:32 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [Dead Peer Detection] Oct 14 15:06:32 pluto[8111] "Zweigstelle" #21: responding to Main Mode Oct 14 15:06:32 pluto[8111] "Zweigstelle" #21: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 Oct 14 15:06:32 pluto[8111] "Zweigstelle" #21: STATE_MAIN_R1: sent MR1, expecting MI2 Oct 14 15:06:32 pluto[8111] "Zweigstelle" #21: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected Oct 14 15:06:32 pluto[8111] "Zweigstelle" #21: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2 Oct 14 15:06:32 pluto[8111] "Zweigstelle" #21: STATE_MAIN_R2: sent MR2, expecting MI3 Oct 14 15:06:32 pluto[8111] "Zweigstelle" #21: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:06:32 pluto[8111] "Zweigstelle" #21: no crl from issuer "C=DE, O=router, CN=router CA" found (strict=no) Oct 14 15:06:32 pluto[8111] "Zweigstelle" #21: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:06:32 pluto[8111] "Zweigstelle" #21: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 15:06:43 pluto[8111] "Zweigstelle" #21: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:06:43 pluto[8111] "Zweigstelle" #21: no crl from issuer "C=DE, O=router, CN=router CA" found (strict=no) Oct 14 15:06:43 pluto[8111] "Zweigstelle" #21: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:06:43 pluto[8111] "Zweigstelle" #21: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 15:06:48 pluto[8111] "Zweigstelle" #20: discarding duplicate packet; already STATE_MAIN_I3 Oct 14 15:06:48 pluto[8111] "Zweigstelle" #20: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 15:06:48 pluto[8111] "Zweigstelle" #20: received and ignored informational message Oct 14 15:07:03 pluto[8111] "Zweigstelle" #21: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:07:03 pluto[8111] "Zweigstelle" #21: no crl from issuer "C=DE, O=router, CN=router CA" found (strict=no) Oct 14 15:07:03 pluto[8111] "Zweigstelle" #21: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:07:03 pluto[8111] "Zweigstelle" #21: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 15:07:08 pluto[8111] pending Quick Mode with YYY.YYY.YYY.221 "Zweigstelle" took too long -- replacing phase 1 Oct 14 15:07:08 pluto[8111] "Zweigstelle" #22: initiating Main Mode to replace #20 Oct 14 15:07:08 pluto[8111] "Zweigstelle" #22: received Vendor ID payload [RFC 3947] method set to=109 Oct 14 15:07:08 pluto[8111] "Zweigstelle" #22: received Vendor ID payload [Dead Peer Detection] Oct 14 15:07:08 pluto[8111] "Zweigstelle" #22: enabling possible NAT-traversal with method 4 Oct 14 15:07:08 pluto[8111] "Zweigstelle" #22: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2 Oct 14 15:07:08 pluto[8111] "Zweigstelle" #22: STATE_MAIN_I2: sent MI2, expecting MR2 Oct 14 15:07:08 pluto[8111] "Zweigstelle" #22: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected Oct 14 15:07:08 pluto[8111] "Zweigstelle" #22: I am sending my cert Oct 14 15:07:08 pluto[8111] "Zweigstelle" #22: I am sending a certificate request Oct 14 15:07:08 pluto[8111] "Zweigstelle" #22: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3 Oct 14 15:07:08 pluto[8111] "Zweigstelle" #22: STATE_MAIN_I3: sent MI3, expecting MR3 Oct 14 15:07:08 pluto[8111] "Zweigstelle" #22: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 15:07:08 pluto[8111] "Zweigstelle" #22: received and ignored informational message Oct 14 15:07:18 pluto[8111] "Zweigstelle" #22: discarding duplicate packet; already STATE_MAIN_I3 Oct 14 15:07:18 pluto[8111] "Zweigstelle" #22: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 15:07:18 pluto[8111] "Zweigstelle" #22: received and ignored informational message Oct 14 15:07:38 pluto[8111] "Zweigstelle" #22: discarding duplicate packet; already STATE_MAIN_I3 Oct 14 15:07:38 pluto[8111] "Zweigstelle" #22: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 15:07:38 pluto[8111] "Zweigstelle" #22: received and ignored informational message Oct 14 15:07:42 pluto[8111] "Zweigstelle" #21: max number of retransmissions (2) reached STATE_MAIN_R2 Oct 14 15:07:42 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [RFC 3947] method set to=109 Oct 14 15:07:42 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 109 Oct 14 15:07:42 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 109 Oct 14 15:07:42 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00] Oct 14 15:07:42 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [Dead Peer Detection] Oct 14 15:07:42 pluto[8111] "Zweigstelle" #23: responding to Main Mode Oct 14 15:07:42 pluto[8111] "Zweigstelle" #23: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 Oct 14 15:07:42 pluto[8111] "Zweigstelle" #23: STATE_MAIN_R1: sent MR1, expecting MI2 Oct 14 15:07:43 pluto[8111] "Zweigstelle" #23: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected Oct 14 15:07:43 pluto[8111] "Zweigstelle" #23: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2 Oct 14 15:07:43 pluto[8111] "Zweigstelle" #23: STATE_MAIN_R2: sent MR2, expecting MI3 Oct 14 15:07:43 pluto[8111] "Zweigstelle" #23: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:07:43 pluto[8111] "Zweigstelle" #23: no crl from issuer "C=DE, O=router, CN=router CA" found (strict=no) Oct 14 15:07:43 pluto[8111] "Zweigstelle" #23: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:07:43 pluto[8111] "Zweigstelle" #23: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 15:07:53 pluto[8111] "Zweigstelle" #23: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:07:53 pluto[8111] "Zweigstelle" #23: no crl from issuer "C=DE, O=router, CN=router CA" found (strict=no) Oct 14 15:07:53 pluto[8111] "Zweigstelle" #23: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:07:53 pluto[8111] "Zweigstelle" #23: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 15:08:13 pluto[8111] "Zweigstelle" #23: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:08:13 pluto[8111] "Zweigstelle" #23: no crl from issuer "C=DE, O=router, CN=router CA" found (strict=no) Oct 14 15:08:13 pluto[8111] "Zweigstelle" #23: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:08:13 pluto[8111] "Zweigstelle" #23: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 15:08:18 pluto[8111] "Zweigstelle" #22: max number of retransmissions (2) reached STATE_MAIN_I3. Possible authentication failure: no acceptable response to our first encrypted message Oct 14 15:08:18 pluto[8111] "Zweigstelle" #22: starting keying attempt 2 of an unlimited number Oct 14 15:08:18 pluto[8111] "Zweigstelle" #24: initiating Main Mode to replace #22 Oct 14 15:08:18 pluto[8111] "Zweigstelle" #24: received Vendor ID payload [RFC 3947] method set to=109 Oct 14 15:08:18 pluto[8111] "Zweigstelle" #24: received Vendor ID payload [Dead Peer Detection] Oct 14 15:08:18 pluto[8111] "Zweigstelle" #24: enabling possible NAT-traversal with method 4 Oct 14 15:08:18 pluto[8111] "Zweigstelle" #24: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2 Oct 14 15:08:18 pluto[8111] "Zweigstelle" #24: STATE_MAIN_I2: sent MI2, expecting MR2 Oct 14 15:08:18 pluto[8111] "Zweigstelle" #24: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected Oct 14 15:08:18 pluto[8111] "Zweigstelle" #24: I am sending my cert Oct 14 15:08:18 pluto[8111] "Zweigstelle" #24: I am sending a certificate request Oct 14 15:08:18 pluto[8111] "Zweigstelle" #24: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3 Oct 14 15:08:18 pluto[8111] "Zweigstelle" #24: STATE_MAIN_I3: sent MI3, expecting MR3 Oct 14 15:08:18 pluto[8111] "Zweigstelle" #24: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 15:08:18 pluto[8111] "Zweigstelle" #24: received and ignored informational message Oct 14 15:08:28 pluto[8111] "Zweigstelle" #24: discarding duplicate packet; already STATE_MAIN_I3 Oct 14 15:08:28 pluto[8111] "Zweigstelle" #24: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 15:08:28 pluto[8111] "Zweigstelle" #24: received and ignored informational message Oct 14 15:08:47 pluto[8111] "Zweigstelle" #24: discarding duplicate packet; already STATE_MAIN_I3 Oct 14 15:08:48 pluto[8111] "Zweigstelle" #24: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 15:08:48 pluto[8111] "Zweigstelle" #24: received and ignored informational message Oct 14 15:08:53 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [RFC 3947] method set to=109 Oct 14 15:08:53 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 109 Oct 14 15:08:53 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 109 Oct 14 15:08:53 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00] Oct 14 15:08:53 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [Dead Peer Detection] Oct 14 15:08:53 pluto[8111] "Zweigstelle" #25: responding to Main Mode Oct 14 15:08:53 pluto[8111] "Zweigstelle" #25: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 Oct 14 15:08:53 pluto[8111] "Zweigstelle" #25: STATE_MAIN_R1: sent MR1, expecting MI2 Oct 14 15:08:53 pluto[8111] "Zweigstelle" #23: max number of retransmissions (2) reached STATE_MAIN_R2 Oct 14 15:08:53 pluto[8111] "Zweigstelle" #25: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected Oct 14 15:08:53 pluto[8111] "Zweigstelle" #25: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2 Oct 14 15:08:53 pluto[8111] "Zweigstelle" #25: STATE_MAIN_R2: sent MR2, expecting MI3 Oct 14 15:08:53 pluto[8111] "Zweigstelle" #25: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:08:53 pluto[8111] "Zweigstelle" #25: no crl from issuer "C=DE, O=router, CN=router CA" found (strict=no) Oct 14 15:08:53 pluto[8111] "Zweigstelle" #25: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:08:53 pluto[8111] "Zweigstelle" #25: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 15:09:03 pluto[8111] "Zweigstelle" #25: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:09:03 pluto[8111] "Zweigstelle" #25: no crl from issuer "C=DE, O=router, CN=router CA" found (strict=no) Oct 14 15:09:03 pluto[8111] "Zweigstelle" #25: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:09:03 pluto[8111] "Zweigstelle" #25: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 15:09:08 pluto[8111] pending Quick Mode with YYY.YYY.YYY.221 "Zweigstelle" took too long -- replacing phase 1 Oct 14 15:09:08 pluto[8111] "Zweigstelle" #26: initiating Main Mode to replace #24 Oct 14 15:09:08 pluto[8111] "Zweigstelle" #26: received Vendor ID payload [RFC 3947] method set to=109 Oct 14 15:09:08 pluto[8111] "Zweigstelle" #26: received Vendor ID payload [Dead Peer Detection] Oct 14 15:09:08 pluto[8111] "Zweigstelle" #26: enabling possible NAT-traversal with method 4 Oct 14 15:09:08 pluto[8111] "Zweigstelle" #26: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2 Oct 14 15:09:08 pluto[8111] "Zweigstelle" #26: STATE_MAIN_I2: sent MI2, expecting MR2 Oct 14 15:09:08 pluto[8111] "Zweigstelle" #26: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected Oct 14 15:09:08 pluto[8111] "Zweigstelle" #26: I am sending my cert Oct 14 15:09:08 pluto[8111] "Zweigstelle" #26: I am sending a certificate request Oct 14 15:09:08 pluto[8111] "Zweigstelle" #26: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3 Oct 14 15:09:08 pluto[8111] "Zweigstelle" #26: STATE_MAIN_I3: sent MI3, expecting MR3 Oct 14 15:09:08 pluto[8111] "Zweigstelle" #26: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 15:09:08 pluto[8111] "Zweigstelle" #26: received and ignored informational message Oct 14 15:09:18 pluto[8111] "Zweigstelle" #26: discarding duplicate packet; already STATE_MAIN_I3 Oct 14 15:09:18 pluto[8111] "Zweigstelle" #26: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 15:09:18 pluto[8111] "Zweigstelle" #26: received and ignored informational message Oct 14 15:09:22 pluto[8111] "Zweigstelle" #25: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:09:22 pluto[8111] "Zweigstelle" #25: no crl from issuer "C=DE, O=router, CN=router CA" found (strict=no) Oct 14 15:09:22 pluto[8111] "Zweigstelle" #25: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:09:22 pluto[8111] "Zweigstelle" #25: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 15:09:38 pluto[8111] "Zweigstelle" #26: discarding duplicate packet; already STATE_MAIN_I3 Oct 14 15:09:38 pluto[8111] "Zweigstelle" #26: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 15:09:38 pluto[8111] "Zweigstelle" #26: received and ignored informational message Oct 14 15:10:03 pluto[8111] "Zweigstelle" #25: max number of retransmissions (2) reached STATE_MAIN_R2 Oct 14 15:10:03 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [RFC 3947] method set to=109 Oct 14 15:10:03 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 109 Oct 14 15:10:03 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 109 Oct 14 15:10:03 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00] Oct 14 15:10:03 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [Dead Peer Detection] Oct 14 15:10:03 pluto[8111] "Zweigstelle" #27: responding to Main Mode Oct 14 15:10:03 pluto[8111] "Zweigstelle" #27: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 Oct 14 15:10:03 pluto[8111] "Zweigstelle" #27: STATE_MAIN_R1: sent MR1, expecting MI2 Oct 14 15:10:03 pluto[8111] "Zweigstelle" #27: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected Oct 14 15:10:03 pluto[8111] "Zweigstelle" #27: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2 Oct 14 15:10:03 pluto[8111] "Zweigstelle" #27: STATE_MAIN_R2: sent MR2, expecting MI3 Oct 14 15:10:03 pluto[8111] "Zweigstelle" #27: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:10:03 pluto[8111] "Zweigstelle" #27: no crl from issuer "C=DE, O=router, CN=router CA" found (strict=no) Oct 14 15:10:03 pluto[8111] "Zweigstelle" #27: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:10:03 pluto[8111] "Zweigstelle" #27: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 15:10:13 pluto[8111] "Zweigstelle" #27: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:10:13 pluto[8111] "Zweigstelle" #27: no crl from issuer "C=DE, O=router, CN=router CA" found (strict=no) Oct 14 15:10:13 pluto[8111] "Zweigstelle" #27: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:10:13 pluto[8111] "Zweigstelle" #27: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 15:10:18 pluto[8111] "Zweigstelle" #26: max number of retransmissions (2) reached STATE_MAIN_I3. Possible authentication failure: no acceptable response to our first encrypted message Oct 14 15:10:18 pluto[8111] "Zweigstelle" #26: starting keying attempt 2 of an unlimited number Oct 14 15:10:18 pluto[8111] "Zweigstelle" #28: initiating Main Mode to replace #26 Oct 14 15:10:18 pluto[8111] "Zweigstelle" #28: received Vendor ID payload [RFC 3947] method set to=109 Oct 14 15:10:18 pluto[8111] "Zweigstelle" #28: received Vendor ID payload [Dead Peer Detection] Oct 14 15:10:18 pluto[8111] "Zweigstelle" #28: enabling possible NAT-traversal with method 4 Oct 14 15:10:18 pluto[8111] "Zweigstelle" #28: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2 Oct 14 15:10:18 pluto[8111] "Zweigstelle" #28: STATE_MAIN_I2: sent MI2, expecting MR2 Oct 14 15:10:19 pluto[8111] "Zweigstelle" #28: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected Oct 14 15:10:19 pluto[8111] "Zweigstelle" #28: I am sending my cert Oct 14 15:10:19 pluto[8111] "Zweigstelle" #28: I am sending a certificate request Oct 14 15:10:19 pluto[8111] "Zweigstelle" #28: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3 Oct 14 15:10:19 pluto[8111] "Zweigstelle" #28: STATE_MAIN_I3: sent MI3, expecting MR3 Oct 14 15:10:19 pluto[8111] "Zweigstelle" #28: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 15:10:19 pluto[8111] "Zweigstelle" #28: received and ignored informational message Oct 14 15:10:29 pluto[8111] "Zweigstelle" #28: discarding duplicate packet; already STATE_MAIN_I3 Oct 14 15:10:29 pluto[8111] "Zweigstelle" #28: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 15:10:29 pluto[8111] "Zweigstelle" #28: received and ignored informational message Oct 14 15:10:33 pluto[8111] "Zweigstelle" #27: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:10:33 pluto[8111] "Zweigstelle" #27: no crl from issuer "C=DE, O=router, CN=router CA" found (strict=no) Oct 14 15:10:33 pluto[8111] "Zweigstelle" #27: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:10:33 pluto[8111] "Zweigstelle" #27: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 15:10:48 pluto[8111] "Zweigstelle" #28: discarding duplicate packet; already STATE_MAIN_I3 Oct 14 15:10:50 pluto[8111] "Zweigstelle" #28: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 15:10:50 pluto[8111] "Zweigstelle" #28: received and ignored informational message Oct 14 15:11:08 pluto[8111] pending Quick Mode with YYY.YYY.YYY.221 "Zweigstelle" took too long -- replacing phase 1 Oct 14 15:11:08 pluto[8111] "Zweigstelle" #29: initiating Main Mode to replace #28 Oct 14 15:11:08 pluto[8111] "Zweigstelle" #29: received Vendor ID payload [RFC 3947] method set to=109 Oct 14 15:11:08 pluto[8111] "Zweigstelle" #29: received Vendor ID payload [Dead Peer Detection] Oct 14 15:11:08 pluto[8111] "Zweigstelle" #29: enabling possible NAT-traversal with method 4 Oct 14 15:11:08 pluto[8111] "Zweigstelle" #29: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2 Oct 14 15:11:08 pluto[8111] "Zweigstelle" #29: STATE_MAIN_I2: sent MI2, expecting MR2 Oct 14 15:11:08 pluto[8111] "Zweigstelle" #29: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected Oct 14 15:11:08 pluto[8111] "Zweigstelle" #29: I am sending my cert Oct 14 15:11:08 pluto[8111] "Zweigstelle" #29: I am sending a certificate request Oct 14 15:11:08 pluto[8111] "Zweigstelle" #29: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3 Oct 14 15:11:08 pluto[8111] "Zweigstelle" #29: STATE_MAIN_I3: sent MI3, expecting MR3 Oct 14 15:11:08 pluto[8111] "Zweigstelle" #29: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 15:11:08 pluto[8111] "Zweigstelle" #29: received and ignored informational message Oct 14 15:11:13 pluto[8111] "Zweigstelle" #27: max number of retransmissions (2) reached STATE_MAIN_R2 Oct 14 15:11:13 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [RFC 3947] method set to=109 Oct 14 15:11:13 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 109 Oct 14 15:11:13 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 109 Oct 14 15:11:13 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00] Oct 14 15:11:13 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [Dead Peer Detection] Oct 14 15:11:13 pluto[8111] "Zweigstelle" #30: responding to Main Mode Oct 14 15:11:13 pluto[8111] "Zweigstelle" #30: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 Oct 14 15:11:13 pluto[8111] "Zweigstelle" #30: STATE_MAIN_R1: sent MR1, expecting MI2 Oct 14 15:11:13 pluto[8111] "Zweigstelle" #30: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected Oct 14 15:11:13 pluto[8111] "Zweigstelle" #30: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2 Oct 14 15:11:13 pluto[8111] "Zweigstelle" #30: STATE_MAIN_R2: sent MR2, expecting MI3 Oct 14 15:11:13 pluto[8111] "Zweigstelle" #30: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:11:13 pluto[8111] "Zweigstelle" #30: no crl from issuer "C=DE, O=router, CN=router CA" found (strict=no) Oct 14 15:11:13 pluto[8111] "Zweigstelle" #30: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:11:13 pluto[8111] "Zweigstelle" #30: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 15:11:18 pluto[8111] "Zweigstelle" #29: discarding duplicate packet; already STATE_MAIN_I3 Oct 14 15:11:18 pluto[8111] "Zweigstelle" #29: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 15:11:18 pluto[8111] "Zweigstelle" #29: received and ignored informational message Oct 14 15:11:23 pluto[8111] "Zweigstelle" #30: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:11:23 pluto[8111] "Zweigstelle" #30: no crl from issuer "C=DE, O=router, CN=router CA" found (strict=no) Oct 14 15:11:23 pluto[8111] "Zweigstelle" #30: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:11:23 pluto[8111] "Zweigstelle" #30: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 15:11:37 pluto[8111] "Zweigstelle" #29: discarding duplicate packet; already STATE_MAIN_I3 Oct 14 15:11:39 pluto[8111] "Zweigstelle" #29: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 15:11:39 pluto[8111] "Zweigstelle" #29: received and ignored informational message Oct 14 15:11:43 pluto[8111] "Zweigstelle" #30: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:11:43 pluto[8111] "Zweigstelle" #30: no crl from issuer "C=DE, O=router, CN=router CA" found (strict=no) Oct 14 15:11:43 pluto[8111] "Zweigstelle" #30: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:11:43 pluto[8111] "Zweigstelle" #30: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 15:12:18 pluto[8111] "Zweigstelle" #29: max number of retransmissions (2) reached STATE_MAIN_I3. Possible authentication failure: no acceptable response to our first encrypted message Oct 14 15:12:18 pluto[8111] "Zweigstelle" #29: starting keying attempt 2 of an unlimited number Oct 14 15:12:18 pluto[8111] "Zweigstelle" #31: initiating Main Mode to replace #29 Oct 14 15:12:18 pluto[8111] "Zweigstelle" #31: received Vendor ID payload [RFC 3947] method set to=109 Oct 14 15:12:18 pluto[8111] "Zweigstelle" #31: received Vendor ID payload [Dead Peer Detection] Oct 14 15:12:18 pluto[8111] "Zweigstelle" #31: enabling possible NAT-traversal with method 4 Oct 14 15:12:18 pluto[8111] "Zweigstelle" #31: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2 Oct 14 15:12:18 pluto[8111] "Zweigstelle" #31: STATE_MAIN_I2: sent MI2, expecting MR2 Oct 14 15:12:18 pluto[8111] "Zweigstelle" #31: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected Oct 14 15:12:18 pluto[8111] "Zweigstelle" #31: I am sending my cert Oct 14 15:12:18 pluto[8111] "Zweigstelle" #31: I am sending a certificate request Oct 14 15:12:18 pluto[8111] "Zweigstelle" #31: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3 Oct 14 15:12:18 pluto[8111] "Zweigstelle" #31: STATE_MAIN_I3: sent MI3, expecting MR3 Oct 14 15:12:18 pluto[8111] "Zweigstelle" #31: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 15:12:18 pluto[8111] "Zweigstelle" #31: received and ignored informational message Oct 14 15:12:23 pluto[8111] "Zweigstelle" #30: max number of retransmissions (2) reached STATE_MAIN_R2 Oct 14 15:12:23 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [RFC 3947] method set to=109 Oct 14 15:12:23 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 109 Oct 14 15:12:23 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 109 Oct 14 15:12:23 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00] Oct 14 15:12:23 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [Dead Peer Detection] Oct 14 15:12:23 pluto[8111] "Zweigstelle" #32: responding to Main Mode Oct 14 15:12:23 pluto[8111] "Zweigstelle" #32: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 Oct 14 15:12:23 pluto[8111] "Zweigstelle" #32: STATE_MAIN_R1: sent MR1, expecting MI2 Oct 14 15:12:23 pluto[8111] "Zweigstelle" #32: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected Oct 14 15:12:23 pluto[8111] "Zweigstelle" #32: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2 Oct 14 15:12:23 pluto[8111] "Zweigstelle" #32: STATE_MAIN_R2: sent MR2, expecting MI3 Oct 14 15:12:23 pluto[8111] "Zweigstelle" #32: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:12:23 pluto[8111] "Zweigstelle" #32: no crl from issuer "C=DE, O=router, CN=router CA" found (strict=no) Oct 14 15:12:23 pluto[8111] "Zweigstelle" #32: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:12:23 pluto[8111] "Zweigstelle" #32: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 15:12:28 pluto[8111] "Zweigstelle" #31: discarding duplicate packet; already STATE_MAIN_I3 Oct 14 15:12:28 pluto[8111] "Zweigstelle" #31: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 15:12:28 pluto[8111] "Zweigstelle" #31: received and ignored informational message Oct 14 15:12:33 pluto[8111] "Zweigstelle" #32: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:12:33 pluto[8111] "Zweigstelle" #32: no crl from issuer "C=DE, O=router, CN=router CA" found (strict=no) Oct 14 15:12:33 pluto[8111] "Zweigstelle" #32: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:12:33 pluto[8111] "Zweigstelle" #32: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 15:12:47 pluto[8111] "Zweigstelle" #31: discarding duplicate packet; already STATE_MAIN_I3 Oct 14 15:12:49 pluto[8111] "Zweigstelle" #31: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 15:12:49 pluto[8111] "Zweigstelle" #31: received and ignored informational message Oct 14 15:12:53 pluto[8111] "Zweigstelle" #32: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:12:53 pluto[8111] "Zweigstelle" #32: no crl from issuer "C=DE, O=router, CN=router CA" found (strict=no) Oct 14 15:12:53 pluto[8111] "Zweigstelle" #32: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:12:53 pluto[8111] "Zweigstelle" #32: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 15:13:08 pluto[8111] pending Quick Mode with YYY.YYY.YYY.221 "Zweigstelle" took too long -- replacing phase 1 Oct 14 15:13:08 pluto[8111] "Zweigstelle" #33: initiating Main Mode to replace #31 Oct 14 15:13:08 pluto[8111] "Zweigstelle" #33: received Vendor ID payload [RFC 3947] method set to=109 Oct 14 15:13:08 pluto[8111] "Zweigstelle" #33: received Vendor ID payload [Dead Peer Detection] Oct 14 15:13:08 pluto[8111] "Zweigstelle" #33: enabling possible NAT-traversal with method 4 Oct 14 15:13:08 pluto[8111] "Zweigstelle" #33: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2 Oct 14 15:13:08 pluto[8111] "Zweigstelle" #33: STATE_MAIN_I2: sent MI2, expecting MR2 Oct 14 15:13:08 pluto[8111] "Zweigstelle" #33: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected Oct 14 15:13:08 pluto[8111] "Zweigstelle" #33: I am sending my cert Oct 14 15:13:08 pluto[8111] "Zweigstelle" #33: I am sending a certificate request Oct 14 15:13:08 pluto[8111] "Zweigstelle" #33: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3 Oct 14 15:13:08 pluto[8111] "Zweigstelle" #33: STATE_MAIN_I3: sent MI3, expecting MR3 Oct 14 15:13:08 pluto[8111] "Zweigstelle" #33: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 15:13:08 pluto[8111] "Zweigstelle" #33: received and ignored informational message Oct 14 15:13:18 pluto[8111] "Zweigstelle" #33: discarding duplicate packet; already STATE_MAIN_I3 Oct 14 15:13:18 pluto[8111] "Zweigstelle" #33: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 15:13:18 pluto[8111] "Zweigstelle" #33: received and ignored informational message Oct 14 15:13:33 pluto[8111] "Zweigstelle" #32: max number of retransmissions (2) reached STATE_MAIN_R2 Oct 14 15:13:33 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [RFC 3947] method set to=109 Oct 14 15:13:33 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 109 Oct 14 15:13:33 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 109 Oct 14 15:13:33 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00] Oct 14 15:13:33 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [Dead Peer Detection] Oct 14 15:13:33 pluto[8111] "Zweigstelle" #34: responding to Main Mode Oct 14 15:13:33 pluto[8111] "Zweigstelle" #34: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 Oct 14 15:13:33 pluto[8111] "Zweigstelle" #34: STATE_MAIN_R1: sent MR1, expecting MI2 Oct 14 15:13:33 pluto[8111] "Zweigstelle" #34: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected Oct 14 15:13:33 pluto[8111] "Zweigstelle" #34: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2 Oct 14 15:13:33 pluto[8111] "Zweigstelle" #34: STATE_MAIN_R2: sent MR2, expecting MI3 Oct 14 15:13:34 pluto[8111] "Zweigstelle" #34: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:13:34 pluto[8111] "Zweigstelle" #34: no crl from issuer "C=DE, O=router, CN=router CA" found (strict=no) Oct 14 15:13:34 pluto[8111] "Zweigstelle" #34: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:13:34 pluto[8111] "Zweigstelle" #34: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 15:13:38 pluto[8111] "Zweigstelle" #33: discarding duplicate packet; already STATE_MAIN_I3 Oct 14 15:13:38 pluto[8111] "Zweigstelle" #33: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 15:13:38 pluto[8111] "Zweigstelle" #33: received and ignored informational message Oct 14 15:13:44 pluto[8111] "Zweigstelle" #34: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:13:44 pluto[8111] "Zweigstelle" #34: no crl from issuer "C=DE, O=router, CN=router CA" found (strict=no) Oct 14 15:13:44 pluto[8111] "Zweigstelle" #34: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:13:44 pluto[8111] "Zweigstelle" #34: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 15:14:04 pluto[8111] "Zweigstelle" #34: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:14:04 pluto[8111] "Zweigstelle" #34: no crl from issuer "C=DE, O=router, CN=router CA" found (strict=no) Oct 14 15:14:04 pluto[8111] "Zweigstelle" #34: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:14:04 pluto[8111] "Zweigstelle" #34: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 15:14:18 pluto[8111] "Zweigstelle" #33: max number of retransmissions (2) reached STATE_MAIN_I3. Possible authentication failure: no acceptable response to our first encrypted message Oct 14 15:14:18 pluto[8111] "Zweigstelle" #33: starting keying attempt 2 of an unlimited number Oct 14 15:14:18 pluto[8111] "Zweigstelle" #35: initiating Main Mode to replace #33 Oct 14 15:14:18 pluto[8111] "Zweigstelle" #35: received Vendor ID payload [RFC 3947] method set to=109 Oct 14 15:14:18 pluto[8111] "Zweigstelle" #35: received Vendor ID payload [Dead Peer Detection] Oct 14 15:14:18 pluto[8111] "Zweigstelle" #35: enabling possible NAT-traversal with method 4 Oct 14 15:14:18 pluto[8111] "Zweigstelle" #35: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2 Oct 14 15:14:18 pluto[8111] "Zweigstelle" #35: STATE_MAIN_I2: sent MI2, expecting MR2 Oct 14 15:14:18 pluto[8111] "Zweigstelle" #35: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected Oct 14 15:14:18 pluto[8111] "Zweigstelle" #35: I am sending my cert Oct 14 15:14:18 pluto[8111] "Zweigstelle" #35: I am sending a certificate request Oct 14 15:14:18 pluto[8111] "Zweigstelle" #35: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3 Oct 14 15:14:18 pluto[8111] "Zweigstelle" #35: STATE_MAIN_I3: sent MI3, expecting MR3 Oct 14 15:14:18 pluto[8111] "Zweigstelle" #35: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 15:14:18 pluto[8111] "Zweigstelle" #35: received and ignored informational message Oct 14 15:14:28 pluto[8111] "Zweigstelle" #35: discarding duplicate packet; already STATE_MAIN_I3 Oct 14 15:14:28 pluto[8111] "Zweigstelle" #35: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 15:14:28 pluto[8111] "Zweigstelle" #35: received and ignored informational message Oct 14 15:14:43 pluto[8111] "Zweigstelle" #34: max number of retransmissions (2) reached STATE_MAIN_R2 Oct 14 15:14:43 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [RFC 3947] method set to=109 Oct 14 15:14:43 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 109 Oct 14 15:14:43 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 109 Oct 14 15:14:43 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00] Oct 14 15:14:43 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [Dead Peer Detection] Oct 14 15:14:43 pluto[8111] "Zweigstelle" #36: responding to Main Mode Oct 14 15:14:43 pluto[8111] "Zweigstelle" #36: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 Oct 14 15:14:43 pluto[8111] "Zweigstelle" #36: STATE_MAIN_R1: sent MR1, expecting MI2 Oct 14 15:14:44 pluto[8111] "Zweigstelle" #36: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected Oct 14 15:14:44 pluto[8111] "Zweigstelle" #36: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2 Oct 14 15:14:44 pluto[8111] "Zweigstelle" #36: STATE_MAIN_R2: sent MR2, expecting MI3 Oct 14 15:14:44 pluto[8111] "Zweigstelle" #36: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:14:44 pluto[8111] "Zweigstelle" #36: no crl from issuer "C=DE, O=router, CN=router CA" found (strict=no) Oct 14 15:14:44 pluto[8111] "Zweigstelle" #36: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:14:44 pluto[8111] "Zweigstelle" #36: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 15:14:48 pluto[8111] "Zweigstelle" #35: discarding duplicate packet; already STATE_MAIN_I3 Oct 14 15:14:48 pluto[8111] "Zweigstelle" #35: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 15:14:48 pluto[8111] "Zweigstelle" #35: received and ignored informational message Oct 14 15:14:54 pluto[8111] "Zweigstelle" #36: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:14:54 pluto[8111] "Zweigstelle" #36: no crl from issuer "C=DE, O=router, CN=router CA" found (strict=no) Oct 14 15:14:54 pluto[8111] "Zweigstelle" #36: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:14:54 pluto[8111] "Zweigstelle" #36: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 15:15:08 pluto[8111] pending Quick Mode with YYY.YYY.YYY.221 "Zweigstelle" took too long -- replacing phase 1 Oct 14 15:15:08 pluto[8111] "Zweigstelle" #37: initiating Main Mode to replace #35 Oct 14 15:15:08 pluto[8111] "Zweigstelle" #37: received Vendor ID payload [RFC 3947] method set to=109 Oct 14 15:15:08 pluto[8111] "Zweigstelle" #37: received Vendor ID payload [Dead Peer Detection] Oct 14 15:15:08 pluto[8111] "Zweigstelle" #37: enabling possible NAT-traversal with method 4 Oct 14 15:15:08 pluto[8111] "Zweigstelle" #37: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2 Oct 14 15:15:08 pluto[8111] "Zweigstelle" #37: STATE_MAIN_I2: sent MI2, expecting MR2 Oct 14 15:15:08 pluto[8111] "Zweigstelle" #37: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected Oct 14 15:15:08 pluto[8111] "Zweigstelle" #37: I am sending my cert Oct 14 15:15:08 pluto[8111] "Zweigstelle" #37: I am sending a certificate request Oct 14 15:15:08 pluto[8111] "Zweigstelle" #37: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3 Oct 14 15:15:08 pluto[8111] "Zweigstelle" #37: STATE_MAIN_I3: sent MI3, expecting MR3 Oct 14 15:15:08 pluto[8111] "Zweigstelle" #37: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 15:15:08 pluto[8111] "Zweigstelle" #37: received and ignored informational message Oct 14 15:15:14 pluto[8111] "Zweigstelle" #36: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:15:14 pluto[8111] "Zweigstelle" #36: no crl from issuer "C=DE, O=router, CN=router CA" found (strict=no) Oct 14 15:15:14 pluto[8111] "Zweigstelle" #36: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:15:14 pluto[8111] "Zweigstelle" #36: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 15:15:18 pluto[8111] "Zweigstelle" #37: discarding duplicate packet; already STATE_MAIN_I3 Oct 14 15:15:18 pluto[8111] "Zweigstelle" #37: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 15:15:18 pluto[8111] "Zweigstelle" #37: received and ignored informational message Oct 14 15:15:37 pluto[8111] "Zweigstelle" #37: discarding duplicate packet; already STATE_MAIN_I3 Oct 14 15:15:38 pluto[8111] "Zweigstelle" #37: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 15:15:38 pluto[8111] "Zweigstelle" #37: received and ignored informational message Oct 14 15:15:53 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [RFC 3947] method set to=109 Oct 14 15:15:53 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 109 Oct 14 15:15:53 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 109 Oct 14 15:15:53 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00] Oct 14 15:15:53 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [Dead Peer Detection] Oct 14 15:15:53 pluto[8111] "Zweigstelle" #38: responding to Main Mode Oct 14 15:15:53 pluto[8111] "Zweigstelle" #38: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 Oct 14 15:15:53 pluto[8111] "Zweigstelle" #38: STATE_MAIN_R1: sent MR1, expecting MI2 Oct 14 15:15:54 pluto[8111] "Zweigstelle" #38: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected Oct 14 15:15:54 pluto[8111] "Zweigstelle" #36: max number of retransmissions (2) reached STATE_MAIN_R2 Oct 14 15:15:54 pluto[8111] "Zweigstelle" #38: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2 Oct 14 15:15:54 pluto[8111] "Zweigstelle" #38: STATE_MAIN_R2: sent MR2, expecting MI3 Oct 14 15:15:54 pluto[8111] "Zweigstelle" #38: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:15:54 pluto[8111] "Zweigstelle" #38: no crl from issuer "C=DE, O=router, CN=router CA" found (strict=no) Oct 14 15:15:54 pluto[8111] "Zweigstelle" #38: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:15:54 pluto[8111] "Zweigstelle" #38: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 15:16:04 pluto[8111] "Zweigstelle" #38: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:16:04 pluto[8111] "Zweigstelle" #38: no crl from issuer "C=DE, O=router, CN=router CA" found (strict=no) Oct 14 15:16:04 pluto[8111] "Zweigstelle" #38: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:16:04 pluto[8111] "Zweigstelle" #38: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 15:16:18 pluto[8111] "Zweigstelle" #37: max number of retransmissions (2) reached STATE_MAIN_I3. Possible authentication failure: no acceptable response to our first encrypted message Oct 14 15:16:18 pluto[8111] "Zweigstelle" #37: starting keying attempt 2 of an unlimited number Oct 14 15:16:18 pluto[8111] "Zweigstelle" #39: initiating Main Mode to replace #37 Oct 14 15:16:18 pluto[8111] "Zweigstelle" #39: received Vendor ID payload [RFC 3947] method set to=109 Oct 14 15:16:18 pluto[8111] "Zweigstelle" #39: received Vendor ID payload [Dead Peer Detection] Oct 14 15:16:18 pluto[8111] "Zweigstelle" #39: enabling possible NAT-traversal with method 4 Oct 14 15:16:18 pluto[8111] "Zweigstelle" #39: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2 Oct 14 15:16:18 pluto[8111] "Zweigstelle" #39: STATE_MAIN_I2: sent MI2, expecting MR2 Oct 14 15:16:18 pluto[8111] "Zweigstelle" #39: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected Oct 14 15:16:18 pluto[8111] "Zweigstelle" #39: I am sending my cert Oct 14 15:16:18 pluto[8111] "Zweigstelle" #39: I am sending a certificate request Oct 14 15:16:18 pluto[8111] "Zweigstelle" #39: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3 Oct 14 15:16:18 pluto[8111] "Zweigstelle" #39: STATE_MAIN_I3: sent MI3, expecting MR3 Oct 14 15:16:18 pluto[8111] "Zweigstelle" #39: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 15:16:18 pluto[8111] "Zweigstelle" #39: received and ignored informational message Oct 14 15:16:23 pluto[8111] "Zweigstelle" #38: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:16:23 pluto[8111] "Zweigstelle" #38: no crl from issuer "C=DE, O=router, CN=router CA" found (strict=no) Oct 14 15:16:23 pluto[8111] "Zweigstelle" #38: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:16:23 pluto[8111] "Zweigstelle" #38: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 15:16:28 pluto[8111] "Zweigstelle" #39: discarding duplicate packet; already STATE_MAIN_I3 Oct 14 15:16:28 pluto[8111] "Zweigstelle" #39: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 15:16:28 pluto[8111] "Zweigstelle" #39: received and ignored informational message Oct 14 15:16:48 pluto[8111] "Zweigstelle" #39: discarding duplicate packet; already STATE_MAIN_I3 Oct 14 15:16:48 pluto[8111] "Zweigstelle" #39: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 15:16:48 pluto[8111] "Zweigstelle" #39: received and ignored informational message Oct 14 15:17:04 pluto[8111] "Zweigstelle" #38: max number of retransmissions (2) reached STATE_MAIN_R2 Oct 14 15:17:04 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [RFC 3947] method set to=109 Oct 14 15:17:04 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 109 Oct 14 15:17:04 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 109 Oct 14 15:17:04 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00] Oct 14 15:17:04 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [Dead Peer Detection] Oct 14 15:17:04 pluto[8111] "Zweigstelle" #40: responding to Main Mode Oct 14 15:17:04 pluto[8111] "Zweigstelle" #40: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 Oct 14 15:17:04 pluto[8111] "Zweigstelle" #40: STATE_MAIN_R1: sent MR1, expecting MI2 Oct 14 15:17:04 pluto[8111] "Zweigstelle" #40: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected Oct 14 15:17:04 pluto[8111] "Zweigstelle" #40: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2 Oct 14 15:17:04 pluto[8111] "Zweigstelle" #40: STATE_MAIN_R2: sent MR2, expecting MI3 Oct 14 15:17:04 pluto[8111] "Zweigstelle" #40: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:17:04 pluto[8111] "Zweigstelle" #40: no crl from issuer "C=DE, O=router, CN=router CA" found (strict=no) Oct 14 15:17:04 pluto[8111] "Zweigstelle" #40: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:17:04 pluto[8111] "Zweigstelle" #40: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 15:17:08 pluto[8111] pending Quick Mode with YYY.YYY.YYY.221 "Zweigstelle" took too long -- replacing phase 1 Oct 14 15:17:08 pluto[8111] "Zweigstelle" #41: initiating Main Mode to replace #39 Oct 14 15:17:08 pluto[8111] "Zweigstelle" #41: received Vendor ID payload [RFC 3947] method set to=109 Oct 14 15:17:08 pluto[8111] "Zweigstelle" #41: received Vendor ID payload [Dead Peer Detection] Oct 14 15:17:08 pluto[8111] "Zweigstelle" #41: enabling possible NAT-traversal with method 4 Oct 14 15:17:08 pluto[8111] "Zweigstelle" #41: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2 Oct 14 15:17:08 pluto[8111] "Zweigstelle" #41: STATE_MAIN_I2: sent MI2, expecting MR2 Oct 14 15:17:08 pluto[8111] "Zweigstelle" #41: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected Oct 14 15:17:08 pluto[8111] "Zweigstelle" #41: I am sending my cert Oct 14 15:17:08 pluto[8111] "Zweigstelle" #41: I am sending a certificate request Oct 14 15:17:08 pluto[8111] "Zweigstelle" #41: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3 Oct 14 15:17:08 pluto[8111] "Zweigstelle" #41: STATE_MAIN_I3: sent MI3, expecting MR3 Oct 14 15:17:08 pluto[8111] "Zweigstelle" #41: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 15:17:08 pluto[8111] "Zweigstelle" #41: received and ignored informational message Oct 14 15:17:13 pluto[8111] "Zweigstelle" #40: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:17:13 pluto[8111] "Zweigstelle" #40: no crl from issuer "C=DE, O=router, CN=router CA" found (strict=no) Oct 14 15:17:13 pluto[8111] "Zweigstelle" #40: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:17:13 pluto[8111] "Zweigstelle" #40: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 15:17:17 pluto[8111] "Zweigstelle" #41: discarding duplicate packet; already STATE_MAIN_I3 Oct 14 15:17:19 pluto[8111] "Zweigstelle" #41: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 15:17:19 pluto[8111] "Zweigstelle" #41: received and ignored informational message Oct 14 15:17:34 pluto[8111] "Zweigstelle" #40: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:17:34 pluto[8111] "Zweigstelle" #40: no crl from issuer "C=DE, O=router, CN=router CA" found (strict=no) Oct 14 15:17:34 pluto[8111] "Zweigstelle" #40: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:17:34 pluto[8111] "Zweigstelle" #40: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 15:17:38 pluto[8111] "Zweigstelle" #41: discarding duplicate packet; already STATE_MAIN_I3 Oct 14 15:17:38 pluto[8111] "Zweigstelle" #41: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 15:17:38 pluto[8111] "Zweigstelle" #41: received and ignored informational message Oct 14 15:18:14 pluto[8111] "Zweigstelle" #40: max number of retransmissions (2) reached STATE_MAIN_R2 Oct 14 15:18:14 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [RFC 3947] method set to=109 Oct 14 15:18:14 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 109 Oct 14 15:18:14 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 109 Oct 14 15:18:14 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00] Oct 14 15:18:14 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [Dead Peer Detection] Oct 14 15:18:14 pluto[8111] "Zweigstelle" #42: responding to Main Mode Oct 14 15:18:14 pluto[8111] "Zweigstelle" #42: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 Oct 14 15:18:14 pluto[8111] "Zweigstelle" #42: STATE_MAIN_R1: sent MR1, expecting MI2 Oct 14 15:18:14 pluto[8111] "Zweigstelle" #42: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected Oct 14 15:18:14 pluto[8111] "Zweigstelle" #42: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2 Oct 14 15:18:14 pluto[8111] "Zweigstelle" #42: STATE_MAIN_R2: sent MR2, expecting MI3 Oct 14 15:18:14 pluto[8111] "Zweigstelle" #42: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:18:14 pluto[8111] "Zweigstelle" #42: no crl from issuer "C=DE, O=router, CN=router CA" found (strict=no) Oct 14 15:18:14 pluto[8111] "Zweigstelle" #42: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:18:14 pluto[8111] "Zweigstelle" #42: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 15:18:18 pluto[8111] "Zweigstelle" #41: max number of retransmissions (2) reached STATE_MAIN_I3. Possible authentication failure: no acceptable response to our first encrypted message Oct 14 15:18:18 pluto[8111] "Zweigstelle" #41: starting keying attempt 2 of an unlimited number Oct 14 15:18:18 pluto[8111] "Zweigstelle" #43: initiating Main Mode to replace #41 Oct 14 15:18:18 pluto[8111] "Zweigstelle" #43: received Vendor ID payload [RFC 3947] method set to=109 Oct 14 15:18:18 pluto[8111] "Zweigstelle" #43: received Vendor ID payload [Dead Peer Detection] Oct 14 15:18:18 pluto[8111] "Zweigstelle" #43: enabling possible NAT-traversal with method 4 Oct 14 15:18:18 pluto[8111] "Zweigstelle" #43: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2 Oct 14 15:18:18 pluto[8111] "Zweigstelle" #43: STATE_MAIN_I2: sent MI2, expecting MR2 Oct 14 15:18:18 pluto[8111] "Zweigstelle" #43: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected Oct 14 15:18:18 pluto[8111] "Zweigstelle" #43: I am sending my cert Oct 14 15:18:18 pluto[8111] "Zweigstelle" #43: I am sending a certificate request Oct 14 15:18:18 pluto[8111] "Zweigstelle" #43: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3 Oct 14 15:18:18 pluto[8111] "Zweigstelle" #43: STATE_MAIN_I3: sent MI3, expecting MR3 Oct 14 15:18:18 pluto[8111] "Zweigstelle" #43: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 15:18:18 pluto[8111] "Zweigstelle" #43: received and ignored informational message Oct 14 15:18:23 pluto[8111] "Zweigstelle" #42: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:18:23 pluto[8111] "Zweigstelle" #42: no crl from issuer "C=DE, O=router, CN=router CA" found (strict=no) Oct 14 15:18:23 pluto[8111] "Zweigstelle" #42: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:18:23 pluto[8111] "Zweigstelle" #42: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 15:18:28 pluto[8111] "Zweigstelle" #43: discarding duplicate packet; already STATE_MAIN_I3 Oct 14 15:18:28 pluto[8111] "Zweigstelle" #43: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 15:18:28 pluto[8111] "Zweigstelle" #43: received and ignored informational message Oct 14 15:18:44 pluto[8111] "Zweigstelle" #42: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:18:44 pluto[8111] "Zweigstelle" #42: no crl from issuer "C=DE, O=router, CN=router CA" found (strict=no) Oct 14 15:18:44 pluto[8111] "Zweigstelle" #42: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:18:44 pluto[8111] "Zweigstelle" #42: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 15:18:48 pluto[8111] "Zweigstelle" #43: discarding duplicate packet; already STATE_MAIN_I3 Oct 14 15:18:48 pluto[8111] "Zweigstelle" #43: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 15:18:48 pluto[8111] "Zweigstelle" #43: received and ignored informational message Oct 14 15:19:08 pluto[8111] pending Quick Mode with YYY.YYY.YYY.221 "Zweigstelle" took too long -- replacing phase 1 Oct 14 15:19:08 pluto[8111] "Zweigstelle" #44: initiating Main Mode to replace #43 Oct 14 15:19:08 pluto[8111] "Zweigstelle" #44: received Vendor ID payload [RFC 3947] method set to=109 Oct 14 15:19:08 pluto[8111] "Zweigstelle" #44: received Vendor ID payload [Dead Peer Detection] Oct 14 15:19:08 pluto[8111] "Zweigstelle" #44: enabling possible NAT-traversal with method 4 Oct 14 15:19:08 pluto[8111] "Zweigstelle" #44: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2 Oct 14 15:19:08 pluto[8111] "Zweigstelle" #44: STATE_MAIN_I2: sent MI2, expecting MR2 Oct 14 15:19:08 pluto[8111] "Zweigstelle" #44: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected Oct 14 15:19:08 pluto[8111] "Zweigstelle" #44: I am sending my cert Oct 14 15:19:08 pluto[8111] "Zweigstelle" #44: I am sending a certificate request Oct 14 15:19:08 pluto[8111] "Zweigstelle" #44: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3 Oct 14 15:19:08 pluto[8111] "Zweigstelle" #44: STATE_MAIN_I3: sent MI3, expecting MR3 Oct 14 15:19:08 pluto[8111] "Zweigstelle" #44: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 15:19:08 pluto[8111] "Zweigstelle" #44: received and ignored informational message Oct 14 15:19:18 pluto[8111] "Zweigstelle" #44: discarding duplicate packet; already STATE_MAIN_I3 Oct 14 15:19:18 pluto[8111] "Zweigstelle" #44: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 15:19:18 pluto[8111] "Zweigstelle" #44: received and ignored informational message Oct 14 15:19:24 pluto[8111] "Zweigstelle" #42: max number of retransmissions (2) reached STATE_MAIN_R2 Oct 14 15:19:24 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [RFC 3947] method set to=109 Oct 14 15:19:24 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 109 Oct 14 15:19:24 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 109 Oct 14 15:19:24 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00] Oct 14 15:19:24 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [Dead Peer Detection] Oct 14 15:19:24 pluto[8111] "Zweigstelle" #45: responding to Main Mode Oct 14 15:19:24 pluto[8111] "Zweigstelle" #45: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 Oct 14 15:19:24 pluto[8111] "Zweigstelle" #45: STATE_MAIN_R1: sent MR1, expecting MI2 Oct 14 15:19:24 pluto[8111] "Zweigstelle" #45: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected Oct 14 15:19:24 pluto[8111] "Zweigstelle" #45: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2 Oct 14 15:19:24 pluto[8111] "Zweigstelle" #45: STATE_MAIN_R2: sent MR2, expecting MI3 Oct 14 15:19:25 pluto[8111] "Zweigstelle" #45: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:19:25 pluto[8111] "Zweigstelle" #45: no crl from issuer "C=DE, O=router, CN=router CA" found (strict=no) Oct 14 15:19:25 pluto[8111] "Zweigstelle" #45: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:19:25 pluto[8111] "Zweigstelle" #45: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 15:19:35 pluto[8111] "Zweigstelle" #45: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:19:35 pluto[8111] "Zweigstelle" #45: no crl from issuer "C=DE, O=router, CN=router CA" found (strict=no) Oct 14 15:19:35 pluto[8111] "Zweigstelle" #45: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:19:35 pluto[8111] "Zweigstelle" #45: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 15:19:38 pluto[8111] "Zweigstelle" #44: discarding duplicate packet; already STATE_MAIN_I3 Oct 14 15:19:38 pluto[8111] "Zweigstelle" #44: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 15:19:38 pluto[8111] "Zweigstelle" #44: received and ignored informational message Oct 14 15:19:55 pluto[8111] "Zweigstelle" #45: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:19:55 pluto[8111] "Zweigstelle" #45: no crl from issuer "C=DE, O=router, CN=router CA" found (strict=no) Oct 14 15:19:55 pluto[8111] "Zweigstelle" #45: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:19:55 pluto[8111] "Zweigstelle" #45: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 15:20:18 pluto[8111] "Zweigstelle" #44: max number of retransmissions (2) reached STATE_MAIN_I3. Possible authentication failure: no acceptable response to our first encrypted message Oct 14 15:20:18 pluto[8111] "Zweigstelle" #44: starting keying attempt 2 of an unlimited number Oct 14 15:20:18 pluto[8111] "Zweigstelle" #46: initiating Main Mode to replace #44 Oct 14 15:20:18 pluto[8111] "Zweigstelle" #46: received Vendor ID payload [RFC 3947] method set to=109 Oct 14 15:20:18 pluto[8111] "Zweigstelle" #46: received Vendor ID payload [Dead Peer Detection] Oct 14 15:20:18 pluto[8111] "Zweigstelle" #46: enabling possible NAT-traversal with method 4 Oct 14 15:20:18 pluto[8111] "Zweigstelle" #46: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2 Oct 14 15:20:18 pluto[8111] "Zweigstelle" #46: STATE_MAIN_I2: sent MI2, expecting MR2 Oct 14 15:20:18 pluto[8111] "Zweigstelle" #46: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected Oct 14 15:20:18 pluto[8111] "Zweigstelle" #46: I am sending my cert Oct 14 15:20:18 pluto[8111] "Zweigstelle" #46: I am sending a certificate request Oct 14 15:20:18 pluto[8111] "Zweigstelle" #46: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3 Oct 14 15:20:18 pluto[8111] "Zweigstelle" #46: STATE_MAIN_I3: sent MI3, expecting MR3 Oct 14 15:20:18 pluto[8111] "Zweigstelle" #46: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 15:20:18 pluto[8111] "Zweigstelle" #46: received and ignored informational message Oct 14 15:20:27 pluto[8111] "Zweigstelle" #46: discarding duplicate packet; already STATE_MAIN_I3 Oct 14 15:20:28 pluto[8111] "Zweigstelle" #46: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 15:20:28 pluto[8111] "Zweigstelle" #46: received and ignored informational message Oct 14 15:20:34 pluto[8111] "Zweigstelle" #45: max number of retransmissions (2) reached STATE_MAIN_R2 Oct 14 15:20:34 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [RFC 3947] method set to=109 Oct 14 15:20:34 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 109 Oct 14 15:20:34 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 109 Oct 14 15:20:34 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00] Oct 14 15:20:34 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [Dead Peer Detection] Oct 14 15:20:34 pluto[8111] "Zweigstelle" #47: responding to Main Mode Oct 14 15:20:34 pluto[8111] "Zweigstelle" #47: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 Oct 14 15:20:34 pluto[8111] "Zweigstelle" #47: STATE_MAIN_R1: sent MR1, expecting MI2 Oct 14 15:20:35 pluto[8111] "Zweigstelle" #47: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected Oct 14 15:20:35 pluto[8111] "Zweigstelle" #47: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2 Oct 14 15:20:35 pluto[8111] "Zweigstelle" #47: STATE_MAIN_R2: sent MR2, expecting MI3 Oct 14 15:20:35 pluto[8111] "Zweigstelle" #47: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:20:35 pluto[8111] "Zweigstelle" #47: no crl from issuer "C=DE, O=router, CN=router CA" found (strict=no) Oct 14 15:20:35 pluto[8111] "Zweigstelle" #47: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:20:35 pluto[8111] "Zweigstelle" #47: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 15:20:45 pluto[8111] "Zweigstelle" #47: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:20:45 pluto[8111] "Zweigstelle" #47: no crl from issuer "C=DE, O=router, CN=router CA" found (strict=no) Oct 14 15:20:45 pluto[8111] "Zweigstelle" #47: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:20:45 pluto[8111] "Zweigstelle" #47: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 15:20:48 pluto[8111] "Zweigstelle" #46: discarding duplicate packet; already STATE_MAIN_I3 Oct 14 15:20:48 pluto[8111] "Zweigstelle" #46: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 15:20:48 pluto[8111] "Zweigstelle" #46: received and ignored informational message Oct 14 15:21:05 pluto[8111] "Zweigstelle" #47: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:21:05 pluto[8111] "Zweigstelle" #47: no crl from issuer "C=DE, O=router, CN=router CA" found (strict=no) Oct 14 15:21:05 pluto[8111] "Zweigstelle" #47: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:21:05 pluto[8111] "Zweigstelle" #47: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 15:21:08 pluto[8111] pending Quick Mode with YYY.YYY.YYY.221 "Zweigstelle" took too long -- replacing phase 1 Oct 14 15:21:08 pluto[8111] "Zweigstelle" #48: initiating Main Mode to replace #46 Oct 14 15:21:08 pluto[8111] "Zweigstelle" #48: received Vendor ID payload [RFC 3947] method set to=109 Oct 14 15:21:08 pluto[8111] "Zweigstelle" #48: received Vendor ID payload [Dead Peer Detection] Oct 14 15:21:08 pluto[8111] "Zweigstelle" #48: enabling possible NAT-traversal with method 4 Oct 14 15:21:08 pluto[8111] "Zweigstelle" #48: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2 Oct 14 15:21:08 pluto[8111] "Zweigstelle" #48: STATE_MAIN_I2: sent MI2, expecting MR2 Oct 14 15:21:08 pluto[8111] "Zweigstelle" #48: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected Oct 14 15:21:08 pluto[8111] "Zweigstelle" #48: I am sending my cert Oct 14 15:21:08 pluto[8111] "Zweigstelle" #48: I am sending a certificate request Oct 14 15:21:08 pluto[8111] "Zweigstelle" #48: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3 Oct 14 15:21:08 pluto[8111] "Zweigstelle" #48: STATE_MAIN_I3: sent MI3, expecting MR3 Oct 14 15:21:08 pluto[8111] "Zweigstelle" #48: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 15:21:08 pluto[8111] "Zweigstelle" #48: received and ignored informational message Oct 14 15:21:18 pluto[8111] "Zweigstelle" #48: discarding duplicate packet; already STATE_MAIN_I3 Oct 14 15:21:19 pluto[8111] "Zweigstelle" #48: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 15:21:19 pluto[8111] "Zweigstelle" #48: received and ignored informational message Oct 14 15:21:38 pluto[8111] "Zweigstelle" #48: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 15:21:38 pluto[8111] "Zweigstelle" #48: received and ignored informational message Oct 14 15:21:39 pluto[8111] "Zweigstelle" #48: discarding duplicate packet; already STATE_MAIN_I3 Oct 14 15:21:45 pluto[8111] "Zweigstelle" #47: max number of retransmissions (2) reached STATE_MAIN_R2 Oct 14 15:21:45 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [RFC 3947] method set to=109 Oct 14 15:21:45 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 109 Oct 14 15:21:45 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 109 Oct 14 15:21:45 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00] Oct 14 15:21:45 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [Dead Peer Detection] Oct 14 15:21:45 pluto[8111] "Zweigstelle" #49: responding to Main Mode Oct 14 15:21:45 pluto[8111] "Zweigstelle" #49: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 Oct 14 15:21:45 pluto[8111] "Zweigstelle" #49: STATE_MAIN_R1: sent MR1, expecting MI2 Oct 14 15:21:45 pluto[8111] "Zweigstelle" #49: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected Oct 14 15:21:45 pluto[8111] "Zweigstelle" #49: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2 Oct 14 15:21:45 pluto[8111] "Zweigstelle" #49: STATE_MAIN_R2: sent MR2, expecting MI3 Oct 14 15:21:45 pluto[8111] "Zweigstelle" #49: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:21:45 pluto[8111] "Zweigstelle" #49: no crl from issuer "C=DE, O=router, CN=router CA" found (strict=no) Oct 14 15:21:45 pluto[8111] "Zweigstelle" #49: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:21:45 pluto[8111] "Zweigstelle" #49: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 15:21:55 pluto[8111] "Zweigstelle" #49: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:21:55 pluto[8111] "Zweigstelle" #49: no crl from issuer "C=DE, O=router, CN=router CA" found (strict=no) Oct 14 15:21:55 pluto[8111] "Zweigstelle" #49: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:21:55 pluto[8111] "Zweigstelle" #49: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 15:22:15 pluto[8111] "Zweigstelle" #49: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:22:15 pluto[8111] "Zweigstelle" #49: no crl from issuer "C=DE, O=router, CN=router CA" found (strict=no) Oct 14 15:22:15 pluto[8111] "Zweigstelle" #49: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:22:15 pluto[8111] "Zweigstelle" #49: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 15:22:18 pluto[8111] "Zweigstelle" #48: max number of retransmissions (2) reached STATE_MAIN_I3. Possible authentication failure: no acceptable response to our first encrypted message Oct 14 15:22:18 pluto[8111] "Zweigstelle" #48: starting keying attempt 2 of an unlimited number Oct 14 15:22:18 pluto[8111] "Zweigstelle" #50: initiating Main Mode to replace #48 Oct 14 15:22:18 pluto[8111] "Zweigstelle" #50: received Vendor ID payload [RFC 3947] method set to=109 Oct 14 15:22:18 pluto[8111] "Zweigstelle" #50: received Vendor ID payload [Dead Peer Detection] Oct 14 15:22:18 pluto[8111] "Zweigstelle" #50: enabling possible NAT-traversal with method 4 Oct 14 15:22:18 pluto[8111] "Zweigstelle" #50: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2 Oct 14 15:22:18 pluto[8111] "Zweigstelle" #50: STATE_MAIN_I2: sent MI2, expecting MR2 Oct 14 15:22:18 pluto[8111] "Zweigstelle" #50: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected Oct 14 15:22:19 pluto[8111] "Zweigstelle" #50: I am sending my cert Oct 14 15:22:19 pluto[8111] "Zweigstelle" #50: I am sending a certificate request Oct 14 15:22:19 pluto[8111] "Zweigstelle" #50: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3 Oct 14 15:22:19 pluto[8111] "Zweigstelle" #50: STATE_MAIN_I3: sent MI3, expecting MR3 Oct 14 15:22:19 pluto[8111] "Zweigstelle" #50: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 15:22:19 pluto[8111] "Zweigstelle" #50: received and ignored informational message Oct 14 15:22:29 pluto[8111] "Zweigstelle" #50: discarding duplicate packet; already STATE_MAIN_I3 Oct 14 15:22:29 pluto[8111] "Zweigstelle" #50: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 15:22:29 pluto[8111] "Zweigstelle" #50: received and ignored informational message Oct 14 15:22:49 pluto[8111] "Zweigstelle" #50: discarding duplicate packet; already STATE_MAIN_I3 Oct 14 15:22:49 pluto[8111] "Zweigstelle" #50: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 15:22:49 pluto[8111] "Zweigstelle" #50: received and ignored informational message Oct 14 15:22:55 pluto[8111] "Zweigstelle" #49: max number of retransmissions (2) reached STATE_MAIN_R2 Oct 14 15:22:55 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [RFC 3947] method set to=109 Oct 14 15:22:55 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 109 Oct 14 15:22:55 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 109 Oct 14 15:22:55 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00] Oct 14 15:22:55 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [Dead Peer Detection] Oct 14 15:22:55 pluto[8111] "Zweigstelle" #51: responding to Main Mode Oct 14 15:22:55 pluto[8111] "Zweigstelle" #51: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 Oct 14 15:22:55 pluto[8111] "Zweigstelle" #51: STATE_MAIN_R1: sent MR1, expecting MI2 Oct 14 15:22:55 pluto[8111] "Zweigstelle" #51: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected Oct 14 15:22:55 pluto[8111] "Zweigstelle" #51: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2 Oct 14 15:22:55 pluto[8111] "Zweigstelle" #51: STATE_MAIN_R2: sent MR2, expecting MI3 Oct 14 15:22:55 pluto[8111] "Zweigstelle" #51: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:22:55 pluto[8111] "Zweigstelle" #51: no crl from issuer "C=DE, O=router, CN=router CA" found (strict=no) Oct 14 15:22:55 pluto[8111] "Zweigstelle" #51: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:22:55 pluto[8111] "Zweigstelle" #51: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 15:23:05 pluto[8111] "Zweigstelle" #51: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:23:05 pluto[8111] "Zweigstelle" #51: no crl from issuer "C=DE, O=router, CN=router CA" found (strict=no) Oct 14 15:23:05 pluto[8111] "Zweigstelle" #51: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:23:05 pluto[8111] "Zweigstelle" #51: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 15:23:08 pluto[8111] pending Quick Mode with YYY.YYY.YYY.221 "Zweigstelle" took too long -- replacing phase 1 Oct 14 15:23:08 pluto[8111] "Zweigstelle" #52: initiating Main Mode to replace #50 Oct 14 15:23:08 pluto[8111] "Zweigstelle" #52: received Vendor ID payload [RFC 3947] method set to=109 Oct 14 15:23:08 pluto[8111] "Zweigstelle" #52: received Vendor ID payload [Dead Peer Detection] Oct 14 15:23:08 pluto[8111] "Zweigstelle" #52: enabling possible NAT-traversal with method 4 Oct 14 15:23:08 pluto[8111] "Zweigstelle" #52: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2 Oct 14 15:23:08 pluto[8111] "Zweigstelle" #52: STATE_MAIN_I2: sent MI2, expecting MR2 Oct 14 15:23:09 pluto[8111] "Zweigstelle" #52: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected Oct 14 15:23:09 pluto[8111] "Zweigstelle" #52: I am sending my cert Oct 14 15:23:09 pluto[8111] "Zweigstelle" #52: I am sending a certificate request Oct 14 15:23:09 pluto[8111] "Zweigstelle" #52: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3 Oct 14 15:23:09 pluto[8111] "Zweigstelle" #52: STATE_MAIN_I3: sent MI3, expecting MR3 Oct 14 15:23:09 pluto[8111] "Zweigstelle" #52: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 15:23:09 pluto[8111] "Zweigstelle" #52: received and ignored informational message Oct 14 15:23:19 pluto[8111] "Zweigstelle" #52: discarding duplicate packet; already STATE_MAIN_I3 Oct 14 15:23:19 pluto[8111] "Zweigstelle" #52: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 15:23:19 pluto[8111] "Zweigstelle" #52: received and ignored informational message Oct 14 15:23:25 pluto[8111] "Zweigstelle" #51: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:23:25 pluto[8111] "Zweigstelle" #51: no crl from issuer "C=DE, O=router, CN=router CA" found (strict=no) Oct 14 15:23:25 pluto[8111] "Zweigstelle" #51: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:23:25 pluto[8111] "Zweigstelle" #51: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 15:23:39 pluto[8111] "Zweigstelle" #52: discarding duplicate packet; already STATE_MAIN_I3 Oct 14 15:23:39 pluto[8111] "Zweigstelle" #52: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 15:23:39 pluto[8111] "Zweigstelle" #52: received and ignored informational message Oct 14 15:24:05 pluto[8111] "Zweigstelle" #51: max number of retransmissions (2) reached STATE_MAIN_R2 Oct 14 15:24:05 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [RFC 3947] method set to=109 Oct 14 15:24:05 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 109 Oct 14 15:24:05 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 109 Oct 14 15:24:05 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00] Oct 14 15:24:05 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [Dead Peer Detection] Oct 14 15:24:05 pluto[8111] "Zweigstelle" #53: responding to Main Mode Oct 14 15:24:05 pluto[8111] "Zweigstelle" #53: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 Oct 14 15:24:05 pluto[8111] "Zweigstelle" #53: STATE_MAIN_R1: sent MR1, expecting MI2 Oct 14 15:24:05 pluto[8111] "Zweigstelle" #53: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected Oct 14 15:24:05 pluto[8111] "Zweigstelle" #53: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2 Oct 14 15:24:05 pluto[8111] "Zweigstelle" #53: STATE_MAIN_R2: sent MR2, expecting MI3 Oct 14 15:24:05 pluto[8111] "Zweigstelle" #53: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:24:05 pluto[8111] "Zweigstelle" #53: no crl from issuer "C=DE, O=router, CN=router CA" found (strict=no) Oct 14 15:24:05 pluto[8111] "Zweigstelle" #53: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:24:05 pluto[8111] "Zweigstelle" #53: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 15:24:15 pluto[8111] "Zweigstelle" #53: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:24:15 pluto[8111] "Zweigstelle" #53: no crl from issuer "C=DE, O=router, CN=router CA" found (strict=no) Oct 14 15:24:15 pluto[8111] "Zweigstelle" #53: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:24:15 pluto[8111] "Zweigstelle" #53: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 15:24:19 pluto[8111] "Zweigstelle" #52: max number of retransmissions (2) reached STATE_MAIN_I3. Possible authentication failure: no acceptable response to our first encrypted message Oct 14 15:24:19 pluto[8111] "Zweigstelle" #52: starting keying attempt 2 of an unlimited number Oct 14 15:24:19 pluto[8111] "Zweigstelle" #54: initiating Main Mode to replace #52 Oct 14 15:24:19 pluto[8111] "Zweigstelle" #54: received Vendor ID payload [RFC 3947] method set to=109 Oct 14 15:24:19 pluto[8111] "Zweigstelle" #54: received Vendor ID payload [Dead Peer Detection] Oct 14 15:24:19 pluto[8111] "Zweigstelle" #54: enabling possible NAT-traversal with method 4 Oct 14 15:24:19 pluto[8111] "Zweigstelle" #54: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2 Oct 14 15:24:19 pluto[8111] "Zweigstelle" #54: STATE_MAIN_I2: sent MI2, expecting MR2 Oct 14 15:24:20 pluto[8111] "Zweigstelle" #54: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected Oct 14 15:24:20 pluto[8111] "Zweigstelle" #54: I am sending my cert Oct 14 15:24:20 pluto[8111] "Zweigstelle" #54: I am sending a certificate request Oct 14 15:24:20 pluto[8111] "Zweigstelle" #54: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3 Oct 14 15:24:20 pluto[8111] "Zweigstelle" #54: STATE_MAIN_I3: sent MI3, expecting MR3 Oct 14 15:24:20 pluto[8111] "Zweigstelle" #54: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 15:24:20 pluto[8111] "Zweigstelle" #54: received and ignored informational message Oct 14 15:24:30 pluto[8111] "Zweigstelle" #54: discarding duplicate packet; already STATE_MAIN_I3 Oct 14 15:24:30 pluto[8111] "Zweigstelle" #54: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 15:24:30 pluto[8111] "Zweigstelle" #54: received and ignored informational message Oct 14 15:24:35 pluto[8111] "Zweigstelle" #53: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:24:35 pluto[8111] "Zweigstelle" #53: no crl from issuer "C=DE, O=router, CN=router CA" found (strict=no) Oct 14 15:24:35 pluto[8111] "Zweigstelle" #53: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:24:35 pluto[8111] "Zweigstelle" #53: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 15:24:50 pluto[8111] "Zweigstelle" #54: discarding duplicate packet; already STATE_MAIN_I3 Oct 14 15:24:50 pluto[8111] "Zweigstelle" #54: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 15:24:50 pluto[8111] "Zweigstelle" #54: received and ignored informational message Oct 14 15:25:08 pluto[8111] pending Quick Mode with YYY.YYY.YYY.221 "Zweigstelle" took too long -- replacing phase 1 Oct 14 15:25:08 pluto[8111] "Zweigstelle" #55: initiating Main Mode to replace #54 Oct 14 15:25:08 pluto[8111] "Zweigstelle" #55: received Vendor ID payload [RFC 3947] method set to=109 Oct 14 15:25:08 pluto[8111] "Zweigstelle" #55: received Vendor ID payload [Dead Peer Detection] Oct 14 15:25:08 pluto[8111] "Zweigstelle" #55: enabling possible NAT-traversal with method 4 Oct 14 15:25:08 pluto[8111] "Zweigstelle" #55: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2 Oct 14 15:25:08 pluto[8111] "Zweigstelle" #55: STATE_MAIN_I2: sent MI2, expecting MR2 Oct 14 15:25:08 pluto[8111] "Zweigstelle" #55: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected Oct 14 15:25:08 pluto[8111] "Zweigstelle" #55: I am sending my cert Oct 14 15:25:08 pluto[8111] "Zweigstelle" #55: I am sending a certificate request Oct 14 15:25:08 pluto[8111] "Zweigstelle" #55: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3 Oct 14 15:25:08 pluto[8111] "Zweigstelle" #55: STATE_MAIN_I3: sent MI3, expecting MR3 Oct 14 15:25:08 pluto[8111] "Zweigstelle" #55: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 15:25:08 pluto[8111] "Zweigstelle" #55: received and ignored informational message Oct 14 15:25:14 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [RFC 3947] method set to=109 Oct 14 15:25:14 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 109 Oct 14 15:25:14 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 109 Oct 14 15:25:14 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00] Oct 14 15:25:14 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [Dead Peer Detection] Oct 14 15:25:14 pluto[8111] "Zweigstelle" #56: responding to Main Mode Oct 14 15:25:14 pluto[8111] "Zweigstelle" #56: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 Oct 14 15:25:14 pluto[8111] "Zweigstelle" #56: STATE_MAIN_R1: sent MR1, expecting MI2 Oct 14 15:25:14 pluto[8111] "Zweigstelle" #56: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected Oct 14 15:25:15 pluto[8111] "Zweigstelle" #56: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2 Oct 14 15:25:15 pluto[8111] "Zweigstelle" #56: STATE_MAIN_R2: sent MR2, expecting MI3 Oct 14 15:25:15 pluto[8111] "Zweigstelle" #53: max number of retransmissions (2) reached STATE_MAIN_R2 Oct 14 15:25:15 pluto[8111] "Zweigstelle" #56: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:25:15 pluto[8111] "Zweigstelle" #56: no crl from issuer "C=DE, O=router, CN=router CA" found (strict=no) Oct 14 15:25:15 pluto[8111] "Zweigstelle" #56: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:25:15 pluto[8111] "Zweigstelle" #56: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 15:25:18 pluto[8111] "Zweigstelle" #55: discarding duplicate packet; already STATE_MAIN_I3 Oct 14 15:25:18 pluto[8111] "Zweigstelle" #55: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 15:25:18 pluto[8111] "Zweigstelle" #55: received and ignored informational message Oct 14 15:25:25 pluto[8111] "Zweigstelle" #56: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:25:25 pluto[8111] "Zweigstelle" #56: no crl from issuer "C=DE, O=router, CN=router CA" found (strict=no) Oct 14 15:25:25 pluto[8111] "Zweigstelle" #56: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:25:25 pluto[8111] "Zweigstelle" #56: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 15:25:38 pluto[8111] "Zweigstelle" #55: discarding duplicate packet; already STATE_MAIN_I3 Oct 14 15:25:38 pluto[8111] "Zweigstelle" #55: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 15:25:38 pluto[8111] "Zweigstelle" #55: received and ignored informational message Oct 14 15:25:45 pluto[8111] "Zweigstelle" #56: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:25:45 pluto[8111] "Zweigstelle" #56: no crl from issuer "C=DE, O=router, CN=router CA" found (strict=no) Oct 14 15:25:45 pluto[8111] "Zweigstelle" #56: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:25:45 pluto[8111] "Zweigstelle" #56: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 15:26:18 pluto[8111] "Zweigstelle" #55: max number of retransmissions (2) reached STATE_MAIN_I3. Possible authentication failure: no acceptable response to our first encrypted message Oct 14 15:26:18 pluto[8111] "Zweigstelle" #55: starting keying attempt 2 of an unlimited number Oct 14 15:26:18 pluto[8111] "Zweigstelle" #57: initiating Main Mode to replace #55 Oct 14 15:26:18 pluto[8111] "Zweigstelle" #57: received Vendor ID payload [RFC 3947] method set to=109 Oct 14 15:26:18 pluto[8111] "Zweigstelle" #57: received Vendor ID payload [Dead Peer Detection] Oct 14 15:26:18 pluto[8111] "Zweigstelle" #57: enabling possible NAT-traversal with method 4 Oct 14 15:26:18 pluto[8111] "Zweigstelle" #57: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2 Oct 14 15:26:18 pluto[8111] "Zweigstelle" #57: STATE_MAIN_I2: sent MI2, expecting MR2 Oct 14 15:26:18 pluto[8111] "Zweigstelle" #57: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected Oct 14 15:26:18 pluto[8111] "Zweigstelle" #57: I am sending my cert Oct 14 15:26:18 pluto[8111] "Zweigstelle" #57: I am sending a certificate request Oct 14 15:26:18 pluto[8111] "Zweigstelle" #57: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3 Oct 14 15:26:18 pluto[8111] "Zweigstelle" #57: STATE_MAIN_I3: sent MI3, expecting MR3 Oct 14 15:26:19 pluto[8111] "Zweigstelle" #57: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 15:26:19 pluto[8111] "Zweigstelle" #57: received and ignored informational message Oct 14 15:26:25 pluto[8111] "Zweigstelle" #56: max number of retransmissions (2) reached STATE_MAIN_R2 Oct 14 15:26:25 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [RFC 3947] method set to=109 Oct 14 15:26:25 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 109 Oct 14 15:26:25 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 109 Oct 14 15:26:25 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00] Oct 14 15:26:25 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [Dead Peer Detection] Oct 14 15:26:25 pluto[8111] "Zweigstelle" #58: responding to Main Mode Oct 14 15:26:25 pluto[8111] "Zweigstelle" #58: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 Oct 14 15:26:25 pluto[8111] "Zweigstelle" #58: STATE_MAIN_R1: sent MR1, expecting MI2 Oct 14 15:26:25 pluto[8111] "Zweigstelle" #58: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected Oct 14 15:26:25 pluto[8111] "Zweigstelle" #58: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2 Oct 14 15:26:25 pluto[8111] "Zweigstelle" #58: STATE_MAIN_R2: sent MR2, expecting MI3 Oct 14 15:26:25 pluto[8111] "Zweigstelle" #58: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:26:25 pluto[8111] "Zweigstelle" #58: no crl from issuer "C=DE, O=router, CN=router CA" found (strict=no) Oct 14 15:26:25 pluto[8111] "Zweigstelle" #58: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:26:25 pluto[8111] "Zweigstelle" #58: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 15:26:28 pluto[8111] "Zweigstelle" #57: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 15:26:28 pluto[8111] "Zweigstelle" #57: received and ignored informational message Oct 14 15:26:29 pluto[8111] "Zweigstelle" #57: discarding duplicate packet; already STATE_MAIN_I3 Oct 14 15:26:35 pluto[8111] "Zweigstelle" #58: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:26:35 pluto[8111] "Zweigstelle" #58: no crl from issuer "C=DE, O=router, CN=router CA" found (strict=no) Oct 14 15:26:35 pluto[8111] "Zweigstelle" #58: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:26:35 pluto[8111] "Zweigstelle" #58: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 15:26:48 pluto[8111] "Zweigstelle" #57: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 15:26:48 pluto[8111] "Zweigstelle" #57: received and ignored informational message Oct 14 15:26:49 pluto[8111] "Zweigstelle" #57: discarding duplicate packet; already STATE_MAIN_I3 Oct 14 15:26:55 pluto[8111] "Zweigstelle" #58: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:26:55 pluto[8111] "Zweigstelle" #58: no crl from issuer "C=DE, O=router, CN=router CA" found (strict=no) Oct 14 15:26:55 pluto[8111] "Zweigstelle" #58: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:26:55 pluto[8111] "Zweigstelle" #58: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 15:27:08 pluto[8111] pending Quick Mode with YYY.YYY.YYY.221 "Zweigstelle" took too long -- replacing phase 1 Oct 14 15:27:08 pluto[8111] "Zweigstelle" #59: initiating Main Mode to replace #57 Oct 14 15:27:08 pluto[8111] "Zweigstelle" #59: received Vendor ID payload [RFC 3947] method set to=109 Oct 14 15:27:08 pluto[8111] "Zweigstelle" #59: received Vendor ID payload [Dead Peer Detection] Oct 14 15:27:08 pluto[8111] "Zweigstelle" #59: enabling possible NAT-traversal with method 4 Oct 14 15:27:08 pluto[8111] "Zweigstelle" #59: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2 Oct 14 15:27:08 pluto[8111] "Zweigstelle" #59: STATE_MAIN_I2: sent MI2, expecting MR2 Oct 14 15:27:08 pluto[8111] "Zweigstelle" #59: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected Oct 14 15:27:08 pluto[8111] "Zweigstelle" #59: I am sending my cert Oct 14 15:27:08 pluto[8111] "Zweigstelle" #59: I am sending a certificate request Oct 14 15:27:08 pluto[8111] "Zweigstelle" #59: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3 Oct 14 15:27:08 pluto[8111] "Zweigstelle" #59: STATE_MAIN_I3: sent MI3, expecting MR3 Oct 14 15:27:09 pluto[8111] "Zweigstelle" #59: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 15:27:09 pluto[8111] "Zweigstelle" #59: received and ignored informational message Oct 14 15:27:18 pluto[8111] "Zweigstelle" #59: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 15:27:18 pluto[8111] "Zweigstelle" #59: received and ignored informational message Oct 14 15:27:19 pluto[8111] "Zweigstelle" #59: discarding duplicate packet; already STATE_MAIN_I3 Oct 14 15:27:35 pluto[8111] "Zweigstelle" #58: max number of retransmissions (2) reached STATE_MAIN_R2 Oct 14 15:27:35 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [RFC 3947] method set to=109 Oct 14 15:27:35 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 109 Oct 14 15:27:35 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 109 Oct 14 15:27:35 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00] Oct 14 15:27:35 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [Dead Peer Detection] Oct 14 15:27:35 pluto[8111] "Zweigstelle" #60: responding to Main Mode Oct 14 15:27:35 pluto[8111] "Zweigstelle" #60: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 Oct 14 15:27:35 pluto[8111] "Zweigstelle" #60: STATE_MAIN_R1: sent MR1, expecting MI2 Oct 14 15:27:35 pluto[8111] "Zweigstelle" #60: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected Oct 14 15:27:35 pluto[8111] "Zweigstelle" #60: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2 Oct 14 15:27:35 pluto[8111] "Zweigstelle" #60: STATE_MAIN_R2: sent MR2, expecting MI3 Oct 14 15:27:35 pluto[8111] "Zweigstelle" #60: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:27:35 pluto[8111] "Zweigstelle" #60: no crl from issuer "C=DE, O=router, CN=router CA" found (strict=no) Oct 14 15:27:35 pluto[8111] "Zweigstelle" #60: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:27:35 pluto[8111] "Zweigstelle" #60: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 15:27:38 pluto[8111] "Zweigstelle" #59: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 15:27:38 pluto[8111] "Zweigstelle" #59: received and ignored informational message Oct 14 15:27:39 pluto[8111] "Zweigstelle" #59: discarding duplicate packet; already STATE_MAIN_I3 Oct 14 15:27:45 pluto[8111] "Zweigstelle" #60: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:27:45 pluto[8111] "Zweigstelle" #60: no crl from issuer "C=DE, O=router, CN=router CA" found (strict=no) Oct 14 15:27:45 pluto[8111] "Zweigstelle" #60: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:27:45 pluto[8111] "Zweigstelle" #60: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 15:28:05 pluto[8111] "Zweigstelle" #60: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:28:05 pluto[8111] "Zweigstelle" #60: no crl from issuer "C=DE, O=router, CN=router CA" found (strict=no) Oct 14 15:28:05 pluto[8111] "Zweigstelle" #60: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:28:05 pluto[8111] "Zweigstelle" #60: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 15:28:18 pluto[8111] "Zweigstelle" #59: max number of retransmissions (2) reached STATE_MAIN_I3. Possible authentication failure: no acceptable response to our first encrypted message Oct 14 15:28:18 pluto[8111] "Zweigstelle" #59: starting keying attempt 2 of an unlimited number Oct 14 15:28:18 pluto[8111] "Zweigstelle" #61: initiating Main Mode to replace #59 Oct 14 15:28:18 pluto[8111] "Zweigstelle" #61: received Vendor ID payload [RFC 3947] method set to=109 Oct 14 15:28:18 pluto[8111] "Zweigstelle" #61: received Vendor ID payload [Dead Peer Detection] Oct 14 15:28:18 pluto[8111] "Zweigstelle" #61: enabling possible NAT-traversal with method 4 Oct 14 15:28:18 pluto[8111] "Zweigstelle" #61: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2 Oct 14 15:28:18 pluto[8111] "Zweigstelle" #61: STATE_MAIN_I2: sent MI2, expecting MR2 Oct 14 15:28:18 pluto[8111] "Zweigstelle" #61: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected Oct 14 15:28:18 pluto[8111] "Zweigstelle" #61: I am sending my cert Oct 14 15:28:18 pluto[8111] "Zweigstelle" #61: I am sending a certificate request Oct 14 15:28:18 pluto[8111] "Zweigstelle" #61: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3 Oct 14 15:28:18 pluto[8111] "Zweigstelle" #61: STATE_MAIN_I3: sent MI3, expecting MR3 Oct 14 15:28:19 pluto[8111] "Zweigstelle" #61: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 15:28:19 pluto[8111] "Zweigstelle" #61: received and ignored informational message Oct 14 15:28:28 pluto[8111] "Zweigstelle" #61: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 15:28:28 pluto[8111] "Zweigstelle" #61: received and ignored informational message Oct 14 15:28:29 pluto[8111] "Zweigstelle" #61: discarding duplicate packet; already STATE_MAIN_I3 Oct 14 15:28:45 pluto[8111] "Zweigstelle" #60: max number of retransmissions (2) reached STATE_MAIN_R2 Oct 14 15:28:45 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [RFC 3947] method set to=109 Oct 14 15:28:45 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 109 Oct 14 15:28:45 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 109 Oct 14 15:28:45 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00] Oct 14 15:28:45 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [Dead Peer Detection] Oct 14 15:28:45 pluto[8111] "Zweigstelle" #62: responding to Main Mode Oct 14 15:28:45 pluto[8111] "Zweigstelle" #62: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 Oct 14 15:28:45 pluto[8111] "Zweigstelle" #62: STATE_MAIN_R1: sent MR1, expecting MI2 Oct 14 15:28:45 pluto[8111] "Zweigstelle" #62: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected Oct 14 15:28:45 pluto[8111] "Zweigstelle" #62: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2 Oct 14 15:28:45 pluto[8111] "Zweigstelle" #62: STATE_MAIN_R2: sent MR2, expecting MI3 Oct 14 15:28:45 pluto[8111] "Zweigstelle" #62: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:28:45 pluto[8111] "Zweigstelle" #62: no crl from issuer "C=DE, O=router, CN=router CA" found (strict=no) Oct 14 15:28:45 pluto[8111] "Zweigstelle" #62: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:28:45 pluto[8111] "Zweigstelle" #62: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 15:28:48 pluto[8111] "Zweigstelle" #61: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 15:28:48 pluto[8111] "Zweigstelle" #61: received and ignored informational message Oct 14 15:28:49 pluto[8111] "Zweigstelle" #61: discarding duplicate packet; already STATE_MAIN_I3 Oct 14 15:28:55 pluto[8111] "Zweigstelle" #62: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:28:55 pluto[8111] "Zweigstelle" #62: no crl from issuer "C=DE, O=router, CN=router CA" found (strict=no) Oct 14 15:28:55 pluto[8111] "Zweigstelle" #62: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:28:55 pluto[8111] "Zweigstelle" #62: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 15:29:08 pluto[8111] pending Quick Mode with YYY.YYY.YYY.221 "Zweigstelle" took too long -- replacing phase 1 Oct 14 15:29:08 pluto[8111] "Zweigstelle" #63: initiating Main Mode to replace #61 Oct 14 15:29:08 pluto[8111] "Zweigstelle" #63: received Vendor ID payload [RFC 3947] method set to=109 Oct 14 15:29:08 pluto[8111] "Zweigstelle" #63: received Vendor ID payload [Dead Peer Detection] Oct 14 15:29:08 pluto[8111] "Zweigstelle" #63: enabling possible NAT-traversal with method 4 Oct 14 15:29:08 pluto[8111] "Zweigstelle" #63: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2 Oct 14 15:29:08 pluto[8111] "Zweigstelle" #63: STATE_MAIN_I2: sent MI2, expecting MR2 Oct 14 15:29:08 pluto[8111] "Zweigstelle" #63: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected Oct 14 15:29:08 pluto[8111] "Zweigstelle" #63: I am sending my cert Oct 14 15:29:08 pluto[8111] "Zweigstelle" #63: I am sending a certificate request Oct 14 15:29:08 pluto[8111] "Zweigstelle" #63: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3 Oct 14 15:29:08 pluto[8111] "Zweigstelle" #63: STATE_MAIN_I3: sent MI3, expecting MR3 Oct 14 15:29:08 pluto[8111] "Zweigstelle" #63: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 15:29:08 pluto[8111] "Zweigstelle" #63: received and ignored informational message Oct 14 15:29:15 pluto[8111] "Zweigstelle" #62: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:29:15 pluto[8111] "Zweigstelle" #62: no crl from issuer "C=DE, O=router, CN=router CA" found (strict=no) Oct 14 15:29:15 pluto[8111] "Zweigstelle" #62: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:29:15 pluto[8111] "Zweigstelle" #62: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 15:29:18 pluto[8111] "Zweigstelle" #63: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 15:29:18 pluto[8111] "Zweigstelle" #63: received and ignored informational message Oct 14 15:29:19 pluto[8111] "Zweigstelle" #63: discarding duplicate packet; already STATE_MAIN_I3 Oct 14 15:29:38 pluto[8111] "Zweigstelle" #63: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 15:29:38 pluto[8111] "Zweigstelle" #63: received and ignored informational message Oct 14 15:29:39 pluto[8111] "Zweigstelle" #63: discarding duplicate packet; already STATE_MAIN_I3 Oct 14 15:29:55 pluto[8111] "Zweigstelle" #62: max number of retransmissions (2) reached STATE_MAIN_R2 Oct 14 15:29:55 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [RFC 3947] method set to=109 Oct 14 15:29:55 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 109 Oct 14 15:29:55 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 109 Oct 14 15:29:55 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00] Oct 14 15:29:55 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [Dead Peer Detection] Oct 14 15:29:55 pluto[8111] "Zweigstelle" #64: responding to Main Mode Oct 14 15:29:55 pluto[8111] "Zweigstelle" #64: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 Oct 14 15:29:55 pluto[8111] "Zweigstelle" #64: STATE_MAIN_R1: sent MR1, expecting MI2 Oct 14 15:29:55 pluto[8111] "Zweigstelle" #64: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected Oct 14 15:29:55 pluto[8111] "Zweigstelle" #64: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2 Oct 14 15:29:55 pluto[8111] "Zweigstelle" #64: STATE_MAIN_R2: sent MR2, expecting MI3 Oct 14 15:29:55 pluto[8111] "Zweigstelle" #64: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:29:55 pluto[8111] "Zweigstelle" #64: no crl from issuer "C=DE, O=router, CN=router CA" found (strict=no) Oct 14 15:29:55 pluto[8111] "Zweigstelle" #64: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:29:55 pluto[8111] "Zweigstelle" #64: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 15:30:05 pluto[8111] "Zweigstelle" #64: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:30:05 pluto[8111] "Zweigstelle" #64: no crl from issuer "C=DE, O=router, CN=router CA" found (strict=no) Oct 14 15:30:05 pluto[8111] "Zweigstelle" #64: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:30:05 pluto[8111] "Zweigstelle" #64: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 15:30:18 pluto[8111] "Zweigstelle" #63: max number of retransmissions (2) reached STATE_MAIN_I3. Possible authentication failure: no acceptable response to our first encrypted message Oct 14 15:30:18 pluto[8111] "Zweigstelle" #63: starting keying attempt 2 of an unlimited number Oct 14 15:30:18 pluto[8111] "Zweigstelle" #65: initiating Main Mode to replace #63 Oct 14 15:30:18 pluto[8111] "Zweigstelle" #65: received Vendor ID payload [RFC 3947] method set to=109 Oct 14 15:30:18 pluto[8111] "Zweigstelle" #65: received Vendor ID payload [Dead Peer Detection] Oct 14 15:30:18 pluto[8111] "Zweigstelle" #65: enabling possible NAT-traversal with method 4 Oct 14 15:30:18 pluto[8111] "Zweigstelle" #65: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2 Oct 14 15:30:18 pluto[8111] "Zweigstelle" #65: STATE_MAIN_I2: sent MI2, expecting MR2 Oct 14 15:30:18 pluto[8111] "Zweigstelle" #65: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected Oct 14 15:30:18 pluto[8111] "Zweigstelle" #65: I am sending my cert Oct 14 15:30:18 pluto[8111] "Zweigstelle" #65: I am sending a certificate request Oct 14 15:30:18 pluto[8111] "Zweigstelle" #65: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3 Oct 14 15:30:18 pluto[8111] "Zweigstelle" #65: STATE_MAIN_I3: sent MI3, expecting MR3 Oct 14 15:30:19 pluto[8111] "Zweigstelle" #65: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 15:30:19 pluto[8111] "Zweigstelle" #65: received and ignored informational message Oct 14 15:30:25 pluto[8111] "Zweigstelle" #64: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:30:25 pluto[8111] "Zweigstelle" #64: no crl from issuer "C=DE, O=router, CN=router CA" found (strict=no) Oct 14 15:30:25 pluto[8111] "Zweigstelle" #64: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:30:25 pluto[8111] "Zweigstelle" #64: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 15:30:28 pluto[8111] "Zweigstelle" #65: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 15:30:28 pluto[8111] "Zweigstelle" #65: received and ignored informational message Oct 14 15:30:29 pluto[8111] "Zweigstelle" #65: discarding duplicate packet; already STATE_MAIN_I3 Oct 14 15:30:48 pluto[8111] "Zweigstelle" #65: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 15:30:48 pluto[8111] "Zweigstelle" #65: received and ignored informational message Oct 14 15:30:49 pluto[8111] "Zweigstelle" #65: discarding duplicate packet; already STATE_MAIN_I3 Oct 14 15:31:05 pluto[8111] "Zweigstelle" #64: max number of retransmissions (2) reached STATE_MAIN_R2 Oct 14 15:31:05 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [RFC 3947] method set to=109 Oct 14 15:31:05 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 109 Oct 14 15:31:05 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 109 Oct 14 15:31:05 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00] Oct 14 15:31:05 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [Dead Peer Detection] Oct 14 15:31:05 pluto[8111] "Zweigstelle" #66: responding to Main Mode Oct 14 15:31:05 pluto[8111] "Zweigstelle" #66: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 Oct 14 15:31:05 pluto[8111] "Zweigstelle" #66: STATE_MAIN_R1: sent MR1, expecting MI2 Oct 14 15:31:05 pluto[8111] "Zweigstelle" #66: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected Oct 14 15:31:05 pluto[8111] "Zweigstelle" #66: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2 Oct 14 15:31:05 pluto[8111] "Zweigstelle" #66: STATE_MAIN_R2: sent MR2, expecting MI3 Oct 14 15:31:05 pluto[8111] "Zweigstelle" #66: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:31:05 pluto[8111] "Zweigstelle" #66: no crl from issuer "C=DE, O=router, CN=router CA" found (strict=no) Oct 14 15:31:05 pluto[8111] "Zweigstelle" #66: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:31:05 pluto[8111] "Zweigstelle" #66: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 15:31:08 pluto[8111] pending Quick Mode with YYY.YYY.YYY.221 "Zweigstelle" took too long -- replacing phase 1 Oct 14 15:31:08 pluto[8111] "Zweigstelle" #67: initiating Main Mode to replace #65 Oct 14 15:31:08 pluto[8111] "Zweigstelle" #67: received Vendor ID payload [RFC 3947] method set to=109 Oct 14 15:31:08 pluto[8111] "Zweigstelle" #67: received Vendor ID payload [Dead Peer Detection] Oct 14 15:31:08 pluto[8111] "Zweigstelle" #67: enabling possible NAT-traversal with method 4 Oct 14 15:31:08 pluto[8111] "Zweigstelle" #67: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2 Oct 14 15:31:08 pluto[8111] "Zweigstelle" #67: STATE_MAIN_I2: sent MI2, expecting MR2 Oct 14 15:31:08 pluto[8111] "Zweigstelle" #67: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected Oct 14 15:31:08 pluto[8111] "Zweigstelle" #67: I am sending my cert Oct 14 15:31:08 pluto[8111] "Zweigstelle" #67: I am sending a certificate request Oct 14 15:31:08 pluto[8111] "Zweigstelle" #67: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3 Oct 14 15:31:08 pluto[8111] "Zweigstelle" #67: STATE_MAIN_I3: sent MI3, expecting MR3 Oct 14 15:31:08 pluto[8111] "Zweigstelle" #67: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 15:31:08 pluto[8111] "Zweigstelle" #67: received and ignored informational message Oct 14 15:31:14 pluto[8111] "Zweigstelle" #66: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:31:14 pluto[8111] "Zweigstelle" #66: no crl from issuer "C=DE, O=router, CN=router CA" found (strict=no) Oct 14 15:31:14 pluto[8111] "Zweigstelle" #66: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:31:14 pluto[8111] "Zweigstelle" #66: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 15:31:18 pluto[8111] "Zweigstelle" #67: discarding duplicate packet; already STATE_MAIN_I3 Oct 14 15:31:18 pluto[8111] "Zweigstelle" #67: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 15:31:18 pluto[8111] "Zweigstelle" #67: received and ignored informational message Oct 14 15:31:35 pluto[8111] "Zweigstelle" #66: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:31:35 pluto[8111] "Zweigstelle" #66: no crl from issuer "C=DE, O=router, CN=router CA" found (strict=no) Oct 14 15:31:35 pluto[8111] "Zweigstelle" #66: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:31:35 pluto[8111] "Zweigstelle" #66: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 15:31:38 pluto[8111] "Zweigstelle" #67: discarding duplicate packet; already STATE_MAIN_I3 Oct 14 15:31:38 pluto[8111] "Zweigstelle" #67: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 15:31:38 pluto[8111] "Zweigstelle" #67: received and ignored informational message Oct 14 15:32:15 pluto[8111] "Zweigstelle" #66: max number of retransmissions (2) reached STATE_MAIN_R2 Oct 14 15:32:15 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [RFC 3947] method set to=109 Oct 14 15:32:15 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 109 Oct 14 15:32:15 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 109 Oct 14 15:32:15 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00] Oct 14 15:32:15 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [Dead Peer Detection] Oct 14 15:32:15 pluto[8111] "Zweigstelle" #68: responding to Main Mode Oct 14 15:32:15 pluto[8111] "Zweigstelle" #68: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 Oct 14 15:32:15 pluto[8111] "Zweigstelle" #68: STATE_MAIN_R1: sent MR1, expecting MI2 Oct 14 15:32:15 pluto[8111] "Zweigstelle" #68: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected Oct 14 15:32:15 pluto[8111] "Zweigstelle" #68: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2 Oct 14 15:32:15 pluto[8111] "Zweigstelle" #68: STATE_MAIN_R2: sent MR2, expecting MI3 Oct 14 15:32:15 pluto[8111] "Zweigstelle" #68: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:32:15 pluto[8111] "Zweigstelle" #68: no crl from issuer "C=DE, O=router, CN=router CA" found (strict=no) Oct 14 15:32:15 pluto[8111] "Zweigstelle" #68: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:32:15 pluto[8111] "Zweigstelle" #68: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 15:32:18 pluto[8111] "Zweigstelle" #67: max number of retransmissions (2) reached STATE_MAIN_I3. Possible authentication failure: no acceptable response to our first encrypted message Oct 14 15:32:18 pluto[8111] "Zweigstelle" #67: starting keying attempt 2 of an unlimited number Oct 14 15:32:18 pluto[8111] "Zweigstelle" #69: initiating Main Mode to replace #67 Oct 14 15:32:18 pluto[8111] "Zweigstelle" #69: received Vendor ID payload [RFC 3947] method set to=109 Oct 14 15:32:18 pluto[8111] "Zweigstelle" #69: received Vendor ID payload [Dead Peer Detection] Oct 14 15:32:18 pluto[8111] "Zweigstelle" #69: enabling possible NAT-traversal with method 4 Oct 14 15:32:18 pluto[8111] "Zweigstelle" #69: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2 Oct 14 15:32:18 pluto[8111] "Zweigstelle" #69: STATE_MAIN_I2: sent MI2, expecting MR2 Oct 14 15:32:18 pluto[8111] "Zweigstelle" #69: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected Oct 14 15:32:18 pluto[8111] "Zweigstelle" #69: I am sending my cert Oct 14 15:32:18 pluto[8111] "Zweigstelle" #69: I am sending a certificate request Oct 14 15:32:18 pluto[8111] "Zweigstelle" #69: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3 Oct 14 15:32:18 pluto[8111] "Zweigstelle" #69: STATE_MAIN_I3: sent MI3, expecting MR3 Oct 14 15:32:18 pluto[8111] "Zweigstelle" #69: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 15:32:18 pluto[8111] "Zweigstelle" #69: received and ignored informational message Oct 14 15:32:24 pluto[8111] "Zweigstelle" #68: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:32:24 pluto[8111] "Zweigstelle" #68: no crl from issuer "C=DE, O=router, CN=router CA" found (strict=no) Oct 14 15:32:24 pluto[8111] "Zweigstelle" #68: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:32:24 pluto[8111] "Zweigstelle" #68: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 15:32:29 pluto[8111] "Zweigstelle" #69: discarding duplicate packet; already STATE_MAIN_I3 Oct 14 15:32:29 pluto[8111] "Zweigstelle" #69: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 15:32:29 pluto[8111] "Zweigstelle" #69: received and ignored informational message Oct 14 15:32:45 pluto[8111] "Zweigstelle" #68: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:32:45 pluto[8111] "Zweigstelle" #68: no crl from issuer "C=DE, O=router, CN=router CA" found (strict=no) Oct 14 15:32:45 pluto[8111] "Zweigstelle" #68: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:32:45 pluto[8111] "Zweigstelle" #68: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 15:32:48 pluto[8111] "Zweigstelle" #69: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 15:32:48 pluto[8111] "Zweigstelle" #69: received and ignored informational message Oct 14 15:32:49 pluto[8111] "Zweigstelle" #69: discarding duplicate packet; already STATE_MAIN_I3 Oct 14 15:33:08 pluto[8111] pending Quick Mode with YYY.YYY.YYY.221 "Zweigstelle" took too long -- replacing phase 1 Oct 14 15:33:08 pluto[8111] "Zweigstelle" #70: initiating Main Mode to replace #69 Oct 14 15:33:08 pluto[8111] "Zweigstelle" #70: received Vendor ID payload [RFC 3947] method set to=109 Oct 14 15:33:08 pluto[8111] "Zweigstelle" #70: received Vendor ID payload [Dead Peer Detection] Oct 14 15:33:08 pluto[8111] "Zweigstelle" #70: enabling possible NAT-traversal with method 4 Oct 14 15:33:08 pluto[8111] "Zweigstelle" #70: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2 Oct 14 15:33:08 pluto[8111] "Zweigstelle" #70: STATE_MAIN_I2: sent MI2, expecting MR2 Oct 14 15:33:08 pluto[8111] "Zweigstelle" #70: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected Oct 14 15:33:08 pluto[8111] "Zweigstelle" #70: I am sending my cert Oct 14 15:33:08 pluto[8111] "Zweigstelle" #70: I am sending a certificate request Oct 14 15:33:08 pluto[8111] "Zweigstelle" #70: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3 Oct 14 15:33:08 pluto[8111] "Zweigstelle" #70: STATE_MAIN_I3: sent MI3, expecting MR3 Oct 14 15:33:08 pluto[8111] "Zweigstelle" #70: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 15:33:08 pluto[8111] "Zweigstelle" #70: received and ignored informational message Oct 14 15:33:18 pluto[8111] "Zweigstelle" #70: discarding duplicate packet; already STATE_MAIN_I3 Oct 14 15:33:18 pluto[8111] "Zweigstelle" #70: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 15:33:18 pluto[8111] "Zweigstelle" #70: received and ignored informational message Oct 14 15:33:25 pluto[8111] "Zweigstelle" #68: max number of retransmissions (2) reached STATE_MAIN_R2 Oct 14 15:33:25 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [RFC 3947] method set to=109 Oct 14 15:33:25 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 109 Oct 14 15:33:25 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 109 Oct 14 15:33:25 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00] Oct 14 15:33:25 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [Dead Peer Detection] Oct 14 15:33:25 pluto[8111] "Zweigstelle" #71: responding to Main Mode Oct 14 15:33:25 pluto[8111] "Zweigstelle" #71: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 Oct 14 15:33:25 pluto[8111] "Zweigstelle" #71: STATE_MAIN_R1: sent MR1, expecting MI2 Oct 14 15:33:25 pluto[8111] "Zweigstelle" #71: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected Oct 14 15:33:25 pluto[8111] "Zweigstelle" #71: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2 Oct 14 15:33:25 pluto[8111] "Zweigstelle" #71: STATE_MAIN_R2: sent MR2, expecting MI3 Oct 14 15:33:25 pluto[8111] "Zweigstelle" #71: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:33:25 pluto[8111] "Zweigstelle" #71: no crl from issuer "C=DE, O=router, CN=router CA" found (strict=no) Oct 14 15:33:25 pluto[8111] "Zweigstelle" #71: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:33:25 pluto[8111] "Zweigstelle" #71: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 15:33:36 pluto[8111] "Zweigstelle" #71: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:33:36 pluto[8111] "Zweigstelle" #71: no crl from issuer "C=DE, O=router, CN=router CA" found (strict=no) Oct 14 15:33:36 pluto[8111] "Zweigstelle" #71: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:33:36 pluto[8111] "Zweigstelle" #71: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 15:33:38 pluto[8111] "Zweigstelle" #70: discarding duplicate packet; already STATE_MAIN_I3 Oct 14 15:33:38 pluto[8111] "Zweigstelle" #70: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 15:33:38 pluto[8111] "Zweigstelle" #70: received and ignored informational message Oct 14 15:33:56 pluto[8111] "Zweigstelle" #71: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:33:56 pluto[8111] "Zweigstelle" #71: no crl from issuer "C=DE, O=router, CN=router CA" found (strict=no) Oct 14 15:33:56 pluto[8111] "Zweigstelle" #71: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:33:56 pluto[8111] "Zweigstelle" #71: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 15:34:18 pluto[8111] "Zweigstelle" #70: max number of retransmissions (2) reached STATE_MAIN_I3. Possible authentication failure: no acceptable response to our first encrypted message Oct 14 15:34:18 pluto[8111] "Zweigstelle" #70: starting keying attempt 2 of an unlimited number Oct 14 15:34:18 pluto[8111] "Zweigstelle" #72: initiating Main Mode to replace #70 Oct 14 15:34:18 pluto[8111] "Zweigstelle" #72: received Vendor ID payload [RFC 3947] method set to=109 Oct 14 15:34:18 pluto[8111] "Zweigstelle" #72: received Vendor ID payload [Dead Peer Detection] Oct 14 15:34:18 pluto[8111] "Zweigstelle" #72: enabling possible NAT-traversal with method 4 Oct 14 15:34:18 pluto[8111] "Zweigstelle" #72: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2 Oct 14 15:34:18 pluto[8111] "Zweigstelle" #72: STATE_MAIN_I2: sent MI2, expecting MR2 Oct 14 15:34:18 pluto[8111] "Zweigstelle" #72: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected Oct 14 15:34:18 pluto[8111] "Zweigstelle" #72: I am sending my cert Oct 14 15:34:18 pluto[8111] "Zweigstelle" #72: I am sending a certificate request Oct 14 15:34:18 pluto[8111] "Zweigstelle" #72: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3 Oct 14 15:34:18 pluto[8111] "Zweigstelle" #72: STATE_MAIN_I3: sent MI3, expecting MR3 Oct 14 15:34:18 pluto[8111] "Zweigstelle" #72: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 15:34:18 pluto[8111] "Zweigstelle" #72: received and ignored informational message Oct 14 15:34:28 pluto[8111] "Zweigstelle" #72: discarding duplicate packet; already STATE_MAIN_I3 Oct 14 15:34:28 pluto[8111] "Zweigstelle" #72: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 15:34:28 pluto[8111] "Zweigstelle" #72: received and ignored informational message Oct 14 15:34:35 pluto[8111] "Zweigstelle" #71: max number of retransmissions (2) reached STATE_MAIN_R2 Oct 14 15:34:35 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [RFC 3947] method set to=109 Oct 14 15:34:35 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 109 Oct 14 15:34:35 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 109 Oct 14 15:34:35 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00] Oct 14 15:34:35 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [Dead Peer Detection] Oct 14 15:34:35 pluto[8111] "Zweigstelle" #73: responding to Main Mode Oct 14 15:34:35 pluto[8111] "Zweigstelle" #73: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 Oct 14 15:34:35 pluto[8111] "Zweigstelle" #73: STATE_MAIN_R1: sent MR1, expecting MI2 Oct 14 15:34:35 pluto[8111] "Zweigstelle" #73: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected Oct 14 15:34:35 pluto[8111] "Zweigstelle" #73: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2 Oct 14 15:34:35 pluto[8111] "Zweigstelle" #73: STATE_MAIN_R2: sent MR2, expecting MI3 Oct 14 15:34:36 pluto[8111] "Zweigstelle" #73: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:34:36 pluto[8111] "Zweigstelle" #73: no crl from issuer "C=DE, O=router, CN=router CA" found (strict=no) Oct 14 15:34:36 pluto[8111] "Zweigstelle" #73: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:34:36 pluto[8111] "Zweigstelle" #73: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 15:34:46 pluto[8111] "Zweigstelle" #73: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:34:46 pluto[8111] "Zweigstelle" #73: no crl from issuer "C=DE, O=router, CN=router CA" found (strict=no) Oct 14 15:34:46 pluto[8111] "Zweigstelle" #73: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:34:46 pluto[8111] "Zweigstelle" #73: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 15:34:48 pluto[8111] "Zweigstelle" #72: discarding duplicate packet; already STATE_MAIN_I3 Oct 14 15:34:48 pluto[8111] "Zweigstelle" #72: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 15:34:48 pluto[8111] "Zweigstelle" #72: received and ignored informational message Oct 14 15:35:06 pluto[8111] "Zweigstelle" #73: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:35:06 pluto[8111] "Zweigstelle" #73: no crl from issuer "C=DE, O=router, CN=router CA" found (strict=no) Oct 14 15:35:06 pluto[8111] "Zweigstelle" #73: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:35:06 pluto[8111] "Zweigstelle" #73: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 15:35:08 pluto[8111] pending Quick Mode with YYY.YYY.YYY.221 "Zweigstelle" took too long -- replacing phase 1 Oct 14 15:35:08 pluto[8111] "Zweigstelle" #74: initiating Main Mode to replace #72 Oct 14 15:35:08 pluto[8111] "Zweigstelle" #74: received Vendor ID payload [RFC 3947] method set to=109 Oct 14 15:35:08 pluto[8111] "Zweigstelle" #74: received Vendor ID payload [Dead Peer Detection] Oct 14 15:35:08 pluto[8111] "Zweigstelle" #74: enabling possible NAT-traversal with method 4 Oct 14 15:35:08 pluto[8111] "Zweigstelle" #74: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2 Oct 14 15:35:08 pluto[8111] "Zweigstelle" #74: STATE_MAIN_I2: sent MI2, expecting MR2 Oct 14 15:35:08 pluto[8111] "Zweigstelle" #74: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected Oct 14 15:35:08 pluto[8111] "Zweigstelle" #74: I am sending my cert Oct 14 15:35:08 pluto[8111] "Zweigstelle" #74: I am sending a certificate request Oct 14 15:35:08 pluto[8111] "Zweigstelle" #74: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3 Oct 14 15:35:08 pluto[8111] "Zweigstelle" #74: STATE_MAIN_I3: sent MI3, expecting MR3 Oct 14 15:35:08 pluto[8111] "Zweigstelle" #74: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 15:35:08 pluto[8111] "Zweigstelle" #74: received and ignored informational message Oct 14 15:35:17 pluto[8111] "Zweigstelle" #74: discarding duplicate packet; already STATE_MAIN_I3 Oct 14 15:35:18 pluto[8111] "Zweigstelle" #74: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 15:35:18 pluto[8111] "Zweigstelle" #74: received and ignored informational message Oct 14 15:35:37 pluto[8111] "Zweigstelle" #74: discarding duplicate packet; already STATE_MAIN_I3 Oct 14 15:35:39 pluto[8111] "Zweigstelle" #74: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 15:35:39 pluto[8111] "Zweigstelle" #74: received and ignored informational message Oct 14 15:35:45 pluto[8111] "Zweigstelle" #73: max number of retransmissions (2) reached STATE_MAIN_R2 Oct 14 15:35:46 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [RFC 3947] method set to=109 Oct 14 15:35:46 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 109 Oct 14 15:35:46 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 109 Oct 14 15:35:46 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00] Oct 14 15:35:46 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [Dead Peer Detection] Oct 14 15:35:46 pluto[8111] "Zweigstelle" #75: responding to Main Mode Oct 14 15:35:46 pluto[8111] "Zweigstelle" #75: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 Oct 14 15:35:46 pluto[8111] "Zweigstelle" #75: STATE_MAIN_R1: sent MR1, expecting MI2 Oct 14 15:35:46 pluto[8111] "Zweigstelle" #75: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected Oct 14 15:35:46 pluto[8111] "Zweigstelle" #75: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2 Oct 14 15:35:46 pluto[8111] "Zweigstelle" #75: STATE_MAIN_R2: sent MR2, expecting MI3 Oct 14 15:35:46 pluto[8111] "Zweigstelle" #75: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:35:46 pluto[8111] "Zweigstelle" #75: no crl from issuer "C=DE, O=router, CN=router CA" found (strict=no) Oct 14 15:35:46 pluto[8111] "Zweigstelle" #75: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:35:46 pluto[8111] "Zweigstelle" #75: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 15:35:56 pluto[8111] "Zweigstelle" #75: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:35:56 pluto[8111] "Zweigstelle" #75: no crl from issuer "C=DE, O=router, CN=router CA" found (strict=no) Oct 14 15:35:56 pluto[8111] "Zweigstelle" #75: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:35:56 pluto[8111] "Zweigstelle" #75: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 15:36:16 pluto[8111] "Zweigstelle" #75: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:36:16 pluto[8111] "Zweigstelle" #75: no crl from issuer "C=DE, O=router, CN=router CA" found (strict=no) Oct 14 15:36:16 pluto[8111] "Zweigstelle" #75: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:36:16 pluto[8111] "Zweigstelle" #75: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 15:36:18 pluto[8111] "Zweigstelle" #74: max number of retransmissions (2) reached STATE_MAIN_I3. Possible authentication failure: no acceptable response to our first encrypted message Oct 14 15:36:18 pluto[8111] "Zweigstelle" #74: starting keying attempt 2 of an unlimited number Oct 14 15:36:18 pluto[8111] "Zweigstelle" #76: initiating Main Mode to replace #74 Oct 14 15:36:18 pluto[8111] "Zweigstelle" #76: received Vendor ID payload [RFC 3947] method set to=109 Oct 14 15:36:18 pluto[8111] "Zweigstelle" #76: received Vendor ID payload [Dead Peer Detection] Oct 14 15:36:18 pluto[8111] "Zweigstelle" #76: enabling possible NAT-traversal with method 4 Oct 14 15:36:18 pluto[8111] "Zweigstelle" #76: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2 Oct 14 15:36:18 pluto[8111] "Zweigstelle" #76: STATE_MAIN_I2: sent MI2, expecting MR2 Oct 14 15:36:18 pluto[8111] "Zweigstelle" #76: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected Oct 14 15:36:18 pluto[8111] "Zweigstelle" #76: I am sending my cert Oct 14 15:36:18 pluto[8111] "Zweigstelle" #76: I am sending a certificate request Oct 14 15:36:18 pluto[8111] "Zweigstelle" #76: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3 Oct 14 15:36:18 pluto[8111] "Zweigstelle" #76: STATE_MAIN_I3: sent MI3, expecting MR3 Oct 14 15:36:18 pluto[8111] "Zweigstelle" #76: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 15:36:18 pluto[8111] "Zweigstelle" #76: received and ignored informational message Oct 14 15:36:28 pluto[8111] "Zweigstelle" #76: discarding duplicate packet; already STATE_MAIN_I3 Oct 14 15:36:29 pluto[8111] "Zweigstelle" #76: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 15:36:29 pluto[8111] "Zweigstelle" #76: received and ignored informational message Oct 14 15:36:48 pluto[8111] "Zweigstelle" #76: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 14 15:36:48 pluto[8111] "Zweigstelle" #76: received and ignored informational message Oct 14 15:36:49 pluto[8111] "Zweigstelle" #76: discarding duplicate packet; already STATE_MAIN_I3 Oct 14 15:36:56 pluto[8111] "Zweigstelle" #75: max number of retransmissions (2) reached STATE_MAIN_R2 Oct 14 15:36:56 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [RFC 3947] method set to=109 Oct 14 15:36:56 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 109 Oct 14 15:36:56 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 109 Oct 14 15:36:56 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00] Oct 14 15:36:56 pluto[8111] packet from YYY.YYY.YYY.221:500: received Vendor ID payload [Dead Peer Detection] Oct 14 15:36:56 pluto[8111] "Zweigstelle" #77: responding to Main Mode Oct 14 15:36:56 pluto[8111] "Zweigstelle" #77: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 Oct 14 15:36:56 pluto[8111] "Zweigstelle" #77: STATE_MAIN_R1: sent MR1, expecting MI2 Oct 14 15:36:56 pluto[8111] "Zweigstelle" #77: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected Oct 14 15:36:56 pluto[8111] "Zweigstelle" #77: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2 Oct 14 15:36:56 pluto[8111] "Zweigstelle" #77: STATE_MAIN_R2: sent MR2, expecting MI3 Oct 14 15:36:56 pluto[8111] "Zweigstelle" #77: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:36:56 pluto[8111] "Zweigstelle" #77: no crl from issuer "C=DE, O=router, CN=router CA" found (strict=no) Oct 14 15:36:56 pluto[8111] "Zweigstelle" #77: no suitable connection for peer 'C=DE, O=router, CN=YYY.YYY.YYY.221' Oct 14 15:36:56 pluto[8111] "Zweigstelle" #77: sending encrypted notification INVALID_ID_INFORMATION to YYY.YYY.YYY.221:500 Oct 14 15:36:58 pluto[8111] forgetting secrets Oct 14 15:36:58 pluto[8111] "Zweigstelle": deleting connection Oct 14 15:36:58 pluto[8111] "Zweigstelle" #77: deleting state (STATE_MAIN_R2) Oct 14 15:36:58 pluto[8111] "Zweigstelle" #76: deleting state (STATE_MAIN_I3) Oct 14 15:42:17 ipsec_setup Stopping Openswan IPsec... Oct 14 15:42:17 ipsec_setup stop ordered, but IPsec appears to be already stopped! Oct 14 15:42:17 ipsec_setup doing cleanup anyway... Oct 14 15:42:17 ipsec_setup ...Openswan IPsec stopped Oct 14 15:42:17 ipsec_setup Starting Openswan IPsec 2.6.24... Oct 14 15:42:17 ipsec_setup Using KLIPS/legacy stack Oct 14 15:42:21 ipsec_setup KLIPS debug `none' Oct 14 15:42:21 ipsec_setup KLIPS ipsec0 on eth2 XXX.XXX.XXX.31/255.255.255.192 broadcast XXX.XXX.XXX.63 Oct 14 15:42:21 ipsec__plutorun Starting Pluto subsystem... Oct 14 15:42:21 ipsec_setup ...Openswan IPsec started Oct 14 15:42:21 ipsec__plutorun adjusting ipsec.d to /etc/ipsec/ipsec.d Oct 14 15:42:21 pluto[5225] Starting Pluto (Openswan Version 2.6.24; Vendor ID OEU}`hAnwstx) pid:5225 Oct 14 15:42:21 pluto[5225] Setting NAT-Traversal port-4500 floating to on Oct 14 15:42:21 pluto[5225] port floating activation criteria nat_t=1/port_float=1 Oct 14 15:42:21 pluto[5225] NAT-Traversal support [enabled] Oct 14 15:42:21 pluto[5225] using /dev/urandom as source of random entropy Oct 14 15:42:21 pluto[5225] ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC_SSH: Ok (ret=0) Oct 14 15:42:21 pluto[5225] ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC: Ok (ret=0) Oct 14 15:42:21 pluto[5225] ike_alg_register_enc(): Activating OAKLEY_SERPENT_CBC: Ok (ret=0) Oct 14 15:42:21 pluto[5225] ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0) Oct 14 15:42:21 pluto[5225] ike_alg_register_enc(): Activating OAKLEY_BLOWFISH_CBC: Ok (ret=0) Oct 14 15:42:21 pluto[5225] ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok (ret=0) Oct 14 15:42:21 pluto[5225] ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok (ret=0) Oct 14 15:42:21 pluto[5225] starting up 1 cryptographic helpers Oct 14 15:42:21 pluto[5233] using /dev/urandom as source of random entropy Oct 14 15:42:22 pluto[5225] started helper pid=5233 (fd:5) Oct 14 15:42:22 pluto[5225] Using KLIPS IPsec interface code on 2.6.27.19-72.e25 Oct 14 15:42:22 pluto[5225] Changed path to directory '/etc/ipsec/ipsec.d/cacerts' Oct 14 15:42:22 pluto[5225] loaded CA cert file 'cacert.pem' (1269 bytes) Oct 14 15:42:22 pluto[5225] loaded CA cert file 'Zweigstellecert.pem' (1269 bytes) Oct 14 15:42:22 pluto[5225] Could not change to directory '/etc/ipsec/ipsec.d/aacerts': / Oct 14 15:42:22 pluto[5225] Could not change to directory '/etc/ipsec/ipsec.d/ocspcerts': / Oct 14 15:42:22 pluto[5225] Changing to directory '/etc/ipsec/ipsec.d/crls' Oct 14 15:42:22 pluto[5225] Warning: empty directory Oct 14 15:42:22 pluto[5225] loading certificate from hostcert.pem Oct 14 15:42:22 ipsec__plutorun 002 loading certificate from hostcert.pem Oct 14 15:42:22 pluto[5225] loaded host cert file '/etc/ipsec/ipsec.d/certs/hostcert.pem' (1143 bytes) Oct 14 15:42:22 pluto[5225] loading certificate from Zweigstellecert.pem Oct 14 15:42:22 ipsec__plutorun 002 loaded host cert file '/etc/ipsec/ipsec.d/certs/hostcert.pem' (1143 bytes) Oct 14 15:42:22 ipsec__plutorun 002 loading certificate from Zweigstellecert.pem Oct 14 15:42:22 pluto[5225] loaded host cert file '/etc/ipsec/ipsec.d/certs/Zweigstellecert.pem' (1269 bytes) Oct 14 15:42:22 pluto[5225] added connection description "Zweigstelle" Oct 14 15:42:22 ipsec__plutorun 002 loaded host cert file '/etc/ipsec/ipsec.d/certs/Zweigstellecert.pem' (1269 bytes) Oct 14 15:42:22 ipsec__plutorun 002 added connection description "Zweigstelle" Oct 14 15:42:22 pluto[5225] listening for IKE messages Oct 14 15:42:22 pluto[5225] NAT-Traversal: Trying new style NAT-T Oct 14 15:42:22 pluto[5225] adding interface ipsec0/eth2 XXX.XXX.XXX.31:500 Oct 14 15:42:22 pluto[5225] adding interface ipsec0/eth2 XXX.XXX.XXX.31:4500 Oct 14 15:42:22 pluto[5225] loading secrets from "/etc/ipsec/ipsec.secrets" Oct 14 15:42:22 pluto[5225] loaded private key file '/etc/ipsec/ipsec.d/certs/hostkey.pem' (887 bytes) Oct 14 15:42:22 pluto[5225] loaded private key for keyid: PPK_RSA:AwEAAdwtb Oct 14 15:42:22 ipsec__plutorun: 003 NAT-Traversal Trying new style NAT-T Oct 14 15:42:23 pluto[5225] "Zweigstelle" #1: initiating Main Mode Oct 14 15:42:23 ipsec__plutorun: 104 "Zweigstelle" #1: STATE_MAIN_I1 initiate Oct 14 15:42:24 pluto[5225] "Zweigstelle" #1: ERROR: asynchronous network error report on eth2 (sport=500) for message to YYY.YYY.YYY.221 port 500, complainant XXX.XXX.XXX.31: No route to host [errno 113, origin ICMP type 3 code 1 (not authenticated)] Oct 14 15:42:34 pluto[5225] "Zweigstelle" #1: ERROR: asynchronous network error report on eth2 (sport=500) for message to YYY.YYY.YYY.221 port 500, complainant XXX.XXX.XXX.31: No route to host [errno 113, origin ICMP type 3 code 1 (not authenticated)] Oct 14 15:42:56 pluto[5225] "Zweigstelle" #1: ERROR: asynchronous network error report on eth2 (sport=500) for message to YYY.YYY.YYY.221 port 500, complainant XXX.XXX.XXX.31: No route to host [errno 113, origin ICMP type 3 code 1 (not authenticated)] Oct 14 15:43:36 pluto[5225] "Zweigstelle" #1: ERROR: asynchronous network error report on eth2 (sport=500) for message to YYY.YYY.YYY.221 port 500, complainant XXX.XXX.XXX.31: No route to host [errno 113, origin ICMP type 3 code 1 (not authenticated)] Oct 14 15:43:42 ipsec_setup Stopping Openswan IPsec... Oct 14 15:43:42 pluto[5225] shutting down Oct 14 15:43:42 pluto[5225] forgetting secrets Oct 14 15:43:42 pluto[5225] "Zweigstelle": deleting connection Oct 14 15:43:42 pluto[5225] "Zweigstelle" #1: deleting state (STATE_MAIN_I1) Oct 14 15:43:42 pluto[5225] shutting down interface ipsec0/eth2 XXX.XXX.XXX.31:4500 Oct 14 15:43:42 pluto[5225] shutting down interface ipsec0/eth2 XXX.XXX.XXX.31:500 Oct 14 15:43:43 pluto[5233] pluto_crypto_helper: helper (0) is normal exiting Oct 14 15:43:44 ipsec_setup ...Openswan IPsec stopped Oct 14 15:43:45 ipsec_setup Starting Openswan IPsec 2.6.24... Oct 14 15:43:45 ipsec_setup Using KLIPS/legacy stack Oct 14 15:43:47 ipsec_setup KLIPS debug `none' Oct 14 15:43:47 ipsec_setup KLIPS ipsec0 on eth2 XXX.XXX.XXX.31/255.255.255.192 broadcast XXX.XXX.XXX.63 Oct 14 15:43:47 ipsec__plutorun Starting Pluto subsystem... Oct 14 15:43:47 ipsec__plutorun adjusting ipsec.d to /etc/ipsec/ipsec.d Oct 14 15:43:47 pluto[5820] Starting Pluto (Openswan Version 2.6.24; Vendor ID OEU}`hAnwstx) pid:5820 Oct 14 15:43:47 pluto[5820] Setting NAT-Traversal port-4500 floating to on Oct 14 15:43:47 pluto[5820] port floating activation criteria nat_t=1/port_float=1 Oct 14 15:43:47 pluto[5820] NAT-Traversal support [enabled] Oct 14 15:43:47 pluto[5820] using /dev/urandom as source of random entropy Oct 14 15:43:47 pluto[5820] ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC_SSH: Ok (ret=0) Oct 14 15:43:47 pluto[5820] ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC: Ok (ret=0) Oct 14 15:43:47 pluto[5820] ike_alg_register_enc(): Activating OAKLEY_SERPENT_CBC: Ok (ret=0) Oct 14 15:43:47 pluto[5820] ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0) Oct 14 15:43:47 pluto[5820] ike_alg_register_enc(): Activating OAKLEY_BLOWFISH_CBC: Ok (ret=0) Oct 14 15:43:47 pluto[5820] ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok (ret=0) Oct 14 15:43:47 pluto[5820] ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok (ret=0) Oct 14 15:43:47 pluto[5820] starting up 1 cryptographic helpers Oct 14 15:43:47 pluto[5826] using /dev/urandom as source of random entropy Oct 14 15:43:47 ipsec_setup ...Openswan IPsec started Oct 14 15:43:47 pluto[5820] started helper pid=5826 (fd:5) Oct 14 15:43:47 pluto[5820] Using KLIPS IPsec interface code on 2.6.27.19-72.e25 Oct 14 15:43:47 pluto[5820] Changed path to directory '/etc/ipsec/ipsec.d/cacerts' Oct 14 15:43:47 pluto[5820] loaded CA cert file 'cacert.pem' (1269 bytes) Oct 14 15:43:47 pluto[5820] loaded CA cert file 'Zweigstellecert.pem' (1269 bytes) Oct 14 15:43:47 pluto[5820] Could not change to directory '/etc/ipsec/ipsec.d/aacerts': / Oct 14 15:43:47 pluto[5820] Could not change to directory '/etc/ipsec/ipsec.d/ocspcerts': / Oct 14 15:43:47 pluto[5820] Changing to directory '/etc/ipsec/ipsec.d/crls' Oct 14 15:43:47 pluto[5820] Warning: empty directory Oct 14 15:43:47 pluto[5820] loading certificate from hostcert.pem Oct 14 15:43:47 pluto[5820] loaded host cert file '/etc/ipsec/ipsec.d/certs/hostcert.pem' (1143 bytes) Oct 14 15:43:47 pluto[5820] loading certificate from Zweigstellecert.pem Oct 14 15:43:47 pluto[5820] loaded host cert file '/etc/ipsec/ipsec.d/certs/Zweigstellecert.pem' (1269 bytes) Oct 14 15:43:47 pluto[5820] added connection description "Zweigstelle" Oct 14 15:43:47 ipsec__plutorun 002 loading certificate from hostcert.pem Oct 14 15:43:47 ipsec__plutorun 002 loaded host cert file '/etc/ipsec/ipsec.d/certs/hostcert.pem' (1143 bytes) Oct 14 15:43:47 ipsec__plutorun 002 loading certificate from Zweigstellecert.pem Oct 14 15:43:47 ipsec__plutorun 002 loaded host cert file '/etc/ipsec/ipsec.d/certs/Zweigstellecert.pem' (1269 bytes) Oct 14 15:43:47 ipsec__plutorun 002 added connection description "Zweigstelle" Oct 14 15:43:47 pluto[5820] listening for IKE messages Oct 14 15:43:47 pluto[5820] NAT-Traversal: Trying new style NAT-T Oct 14 15:43:47 pluto[5820] adding interface ipsec0/eth2 XXX.XXX.XXX.31:500 Oct 14 15:43:47 pluto[5820] adding interface ipsec0/eth2 XXX.XXX.XXX.31:4500 Oct 14 15:43:47 pluto[5820] loading secrets from "/etc/ipsec/ipsec.secrets" Oct 14 15:43:47 pluto[5820] loaded private key file '/etc/ipsec/ipsec.d/certs/hostkey.pem' (887 bytes) Oct 14 15:43:47 pluto[5820] loaded private key for keyid: PPK_RSA:AwEAAdwtb Oct 14 15:43:47 ipsec__plutorun: 003 NAT-Traversal Trying new style NAT-T Oct 14 15:43:48 pluto[5820] "Zweigstelle" #1: initiating Main Mode Oct 14 15:43:48 ipsec__plutorun: 104 "Zweigstelle" #1: STATE_MAIN_I1 initiate Oct 14 15:43:51 pluto[5820] "Zweigstelle" #1: ERROR: asynchronous network error report on eth2 (sport=500) for message to YYY.YYY.YYY.221 port 500, complainant XXX.XXX.XXX.31: No route to host [errno 113, origin ICMP type 3 code 1 (not authenticated)] Oct 14 15:44:01 pluto[5820] "Zweigstelle" #1: ERROR: asynchronous network error report on eth2 (sport=500) for message to YYY.YYY.YYY.221 port 500, complainant XXX.XXX.XXX.31: No route to host [errno 113, origin ICMP type 3 code 1 (not authenticated)] Oct 14 15:44:21 pluto[5820] "Zweigstelle" #1: ERROR: asynchronous network error report on eth2 (sport=500) for message to YYY.YYY.YYY.221 port 500, complainant XXX.XXX.XXX.31: No route to host [errno 113, origin ICMP type 3 code 1 (not authenticated)] Oct 14 15:45:01 pluto[5820] "Zweigstelle" #1: ERROR: asynchronous network error report on eth2 (sport=500) for message to YYY.YYY.YYY.221 port 500, complainant XXX.XXX.XXX.31: No route to host [errno 113, origin ICMP type 3 code 1 (not authenticated)] Oct 14 15:45:39 pluto[5820] "Zweigstelle" #1: ERROR: asynchronous network error report on eth2 (sport=500) for message to YYY.YYY.YYY.221 port 500, complainant XXX.XXX.XXX.31: No route to host [errno 113, origin ICMP type 3 code 1 (not authenticated)] Oct 14 15:46:20 pluto[5820] "Zweigstelle" #1: ERROR: asynchronous network error report on eth2 (sport=500) for message to YYY.YYY.YYY.221 port 500, complainant XXX.XXX.XXX.31: No route to host [errno 113, origin ICMP type 3 code 1 (not authenticated)] Oct 14 15:47:01 pluto[5820] "Zweigstelle" #1: ERROR: asynchronous network error report on eth2 (sport=500) for message to YYY.YYY.YYY.221 port 500, complainant XXX.XXX.XXX.31: No route to host [errno 113, origin ICMP type 3 code 1 (not authenticated)] Oct 14 15:47:41 pluto[5820] "Zweigstelle" #1: ERROR: asynchronous network error report on eth2 (sport=500) for message to YYY.YYY.YYY.221 port 500, complainant XXX.XXX.XXX.31: No route to host [errno 113, origin ICMP type 3 code 1 (not authenticated)] Oct 14 15:48:21 pluto[5820] "Zweigstelle" #1: ERROR: asynchronous network error report on eth2 (sport=500) for message to YYY.YYY.YYY.221 port 500, complainant XXX.XXX.XXX.31: No route to host [errno 113, origin ICMP type 3 code 1 (not authenticated)] Oct 14 15:49:01 pluto[5820] "Zweigstelle" #1: ERROR: asynchronous network error report on eth2 (sport=500) for message to YYY.YYY.YYY.221 port 500, complainant XXX.XXX.XXX.31: No route to host [errno 113, origin ICMP type 3 code 1 (not authenticated)] Oct 14 15:49:41 pluto[5820] "Zweigstelle" #1: ERROR: asynchronous network error report on eth2 (sport=500) for message to YYY.YYY.YYY.221 port 500, complainant XXX.XXX.XXX.31: No route to host [errno 113, origin ICMP type 3 code 1 (not authenticated)] Oct 14 15:50:21 pluto[5820] "Zweigstelle" #1: ERROR: asynchronous network error report on eth2 (sport=500) for message to YYY.YYY.YYY.221 port 500, complainant XXX.XXX.XXX.31: No route to host [errno 113, origin ICMP type 3 code 1 (not authenticated)] Oct 14 15:51:01 pluto[5820] "Zweigstelle" #1: ERROR: asynchronous network error report on eth2 (sport=500) for message to YYY.YYY.YYY.221 port 500, complainant XXX.XXX.XXX.31: No route to host [errno 113, origin ICMP type 3 code 1 (not authenticated)] Oct 14 15:51:40 pluto[5820] "Zweigstelle" #1: ERROR: asynchronous network error report on eth2 (sport=500) for message to YYY.YYY.YYY.221 port 500, complainant XXX.XXX.XXX.31: No route to host [errno 113, origin ICMP type 3 code 1 (not authenticated)] Oct 14 15:51:47 pluto[5820] pending Quick Mode with YYY.YYY.YYY.221 "Zweigstelle" took too long -- replacing phase 1 Oct 14 15:51:47 pluto[5820] "Zweigstelle" #2: initiating Main Mode to replace #1 Oct 14 15:51:50 pluto[5820] "Zweigstelle" #2: ERROR: asynchronous network error report on eth2 (sport=500) for message to YYY.YYY.YYY.221 port 500, complainant XXX.XXX.XXX.31: No route to host [errno 113, origin ICMP type 3 code 1 (not authenticated)] Oct 14 15:52:00 pluto[5820] "Zweigstelle" #2: ERROR: asynchronous network error report on eth2 (sport=500) for message to YYY.YYY.YYY.221 port 500, complainant XXX.XXX.XXX.31: No route to host [errno 113, origin ICMP type 3 code 1 (not authenticated)] Oct 14 15:52:20 pluto[5820] "Zweigstelle" #2: ERROR: asynchronous network error report on eth2 (sport=500) for message to YYY.YYY.YYY.221 port 500, complainant XXX.XXX.XXX.31: No route to host [errno 113, origin ICMP type 3 code 1 (not authenticated)] Oct 14 15:53:00 pluto[5820] "Zweigstelle" #2: ERROR: asynchronous network error report on eth2 (sport=500) for message to YYY.YYY.YYY.221 port 500, complainant XXX.XXX.XXX.31: No route to host [errno 113, origin ICMP type 3 code 1 (not authenticated)] Oct 14 15:53:40 pluto[5820] "Zweigstelle" #2: ERROR: asynchronous network error report on eth2 (sport=500) for message to YYY.YYY.YYY.221 port 500, complainant XXX.XXX.XXX.31: No route to host [errno 113, origin ICMP type 3 code 1 (not authenticated)] Oct 14 15:53:47 pluto[5820] pending Quick Mode with YYY.YYY.YYY.221 "Zweigstelle" took too long -- replacing phase 1 Oct 14 15:53:47 pluto[5820] "Zweigstelle" #3: initiating Main Mode to replace #2 Oct 14 15:53:50 pluto[5820] "Zweigstelle" #3: ERROR: asynchronous network error report on eth2 (sport=500) for message to YYY.YYY.YYY.221 port 500, complainant XXX.XXX.XXX.31: No route to host [errno 113, origin ICMP type 3 code 1 (not authenticated)] Oct 14 15:54:00 pluto[5820] "Zweigstelle" #3: ERROR: asynchronous network error report on eth2 (sport=500) for message to YYY.YYY.YYY.221 port 500, complainant XXX.XXX.XXX.31: No route to host [errno 113, origin ICMP type 3 code 1 (not authenticated)] Oct 14 15:54:20 pluto[5820] "Zweigstelle" #3: ERROR: asynchronous network error report on eth2 (sport=500) for message to YYY.YYY.YYY.221 port 500, complainant XXX.XXX.XXX.31: No route to host [errno 113, origin ICMP type 3 code 1 (not authenticated)] Oct 14 15:55:00 pluto[5820] "Zweigstelle" #3: ERROR: asynchronous network error report on eth2 (sport=500) for message to YYY.YYY.YYY.221 port 500, complainant XXX.XXX.XXX.31: No route to host [errno 113, origin ICMP type 3 code 1 (not authenticated)] Oct 14 15:55:40 pluto[5820] "Zweigstelle" #3: ERROR: asynchronous network error report on eth2 (sport=500) for message to YYY.YYY.YYY.221 port 500, complainant XXX.XXX.XXX.31: No route to host [errno 113, origin ICMP type 3 code 1 (not authenticated)] Oct 14 15:55:47 pluto[5820] pending Quick Mode with YYY.YYY.YYY.221 "Zweigstelle" took too long -- replacing phase 1 Oct 14 15:55:47 pluto[5820] "Zweigstelle" #4: initiating Main Mode to replace #3 Oct 14 15:55:50 pluto[5820] "Zweigstelle" #4: ERROR: asynchronous network error report on eth2 (sport=500) for message to YYY.YYY.YYY.221 port 500, complainant XXX.XXX.XXX.31: No route to host [errno 113, origin ICMP type 3 code 1 (not authenticated)] Oct 14 15:56:00 pluto[5820] "Zweigstelle" #4: ERROR: asynchronous network error report on eth2 (sport=500) for message to YYY.YYY.YYY.221 port 500, complainant XXX.XXX.XXX.31: No route to host [errno 113, origin ICMP type 3 code 1 (not authenticated)] Oct 14 15:56:20 pluto[5820] "Zweigstelle" #4: ERROR: asynchronous network error report on eth2 (sport=500) for message to YYY.YYY.YYY.221 port 500, complainant XXX.XXX.XXX.31: No route to host [errno 113, origin ICMP type 3 code 1 (not authenticated)] Oct 14 15:57:00 pluto[5820] "Zweigstelle" #4: ERROR: asynchronous network error report on eth2 (sport=500) for message to YYY.YYY.YYY.221 port 500, complainant XXX.XXX.XXX.31: No route to host [errno 113, origin ICMP type 3 code 1 (not authenticated)] Oct 14 15:57:40 pluto[5820] "Zweigstelle" #4: ERROR: asynchronous network error report on eth2 (sport=500) for message to YYY.YYY.YYY.221 port 500, complainant XXX.XXX.XXX.31: No route to host [errno 113, origin ICMP type 3 code 1 (not authenticated)] Oct 14 15:57:47 pluto[5820] pending Quick Mode with YYY.YYY.YYY.221 "Zweigstelle" took too long -- replacing phase 1 Oct 14 15:57:47 pluto[5820] "Zweigstelle" #5: initiating Main Mode to replace #4 Oct 14 15:57:48 pluto[5820] "Zweigstelle" #5: ERROR: asynchronous network error report on eth2 (sport=500) for message to YYY.YYY.YYY.221 port 500, complainant XXX.XXX.XXX.31: No route to host [errno 113, origin ICMP type 3 code 1 (not authenticated)] Oct 14 15:57:58 pluto[5820] "Zweigstelle" #5: ERROR: asynchronous network error report on eth2 (sport=500) for message to YYY.YYY.YYY.221 port 500, complainant XXX.XXX.XXX.31: No route to host [errno 113, origin ICMP type 3 code 1 (not authenticated)] Oct 14 15:58:18 pluto[5820] "Zweigstelle" #5: ERROR: asynchronous network error report on eth2 (sport=500) for message to YYY.YYY.YYY.221 port 500, complainant XXX.XXX.XXX.31: No route to host [errno 113, origin ICMP type 3 code 1 (not authenticated)] Oct 14 15:58:57 pluto[5820] ERROR: "Zweigstelle" #5: sendto on eth2 to YYY.YYY.YYY.221:500 failed in EVENT_RETRANSMIT. Errno 101: Network is unreachable Oct 14 15:59:37 pluto[5820] ERROR: "Zweigstelle" #5: sendto on eth2 to YYY.YYY.YYY.221:500 failed in EVENT_RETRANSMIT. Errno 101: Network is unreachable Oct 14 15:59:47 pluto[5820] pending Quick Mode with YYY.YYY.YYY.221 "Zweigstelle" took too long -- replacing phase 1 Oct 14 15:59:47 pluto[5820] "Zweigstelle" #6: initiating Main Mode to replace #5 Oct 14 15:59:47 pluto[5820] ERROR: "Zweigstelle" #6: sendto on eth2 to YYY.YYY.YYY.221:500 failed in main_outI1. Errno 101: Network is unreachable Oct 14 15:59:57 pluto[5820] ERROR: "Zweigstelle" #6: sendto on eth2 to YYY.YYY.YYY.221:500 failed in EVENT_RETRANSMIT. Errno 101: Network is unreachable Oct 14 16:00:06 ipsec_setup Stopping Openswan IPsec... Oct 14 16:00:06 pluto[5820] shutting down Oct 14 16:00:06 pluto[5820] forgetting secrets Oct 14 16:00:06 pluto[5820] "Zweigstelle": deleting connection Oct 14 16:00:06 pluto[5820] "Zweigstelle" #6: deleting state (STATE_MAIN_I1) Oct 14 16:00:06 pluto[5826] pluto_crypto_helper: helper (0) is normal exiting Oct 14 16:00:06 pluto[5820] shutting down interface ipsec0/eth2 XXX.XXX.XXX.31:4500 Oct 14 16:00:06 pluto[5820] shutting down interface ipsec0/eth2 XXX.XXX.XXX.31:500 Oct 14 16:00:08 ipsec_setup ...Openswan IPsec stopped Oct 14 16:00:08 ipsec_setup Starting Openswan IPsec 2.6.24... Oct 14 16:00:08 ipsec_setup Using KLIPS/legacy stack Oct 14 16:00:10 ipsec_setup KLIPS debug `none' Oct 14 16:00:10 ipsec_setup unable to determine address of `eth2' Oct 14 16:00:26 ipsec_setup Stopping Openswan IPsec... Oct 14 16:00:26 ipsec_setup stop ordered, but IPsec appears to be already stopped! Oct 14 16:00:26 ipsec_setup doing cleanup anyway... Oct 14 16:00:27 ipsec_setup ...Openswan IPsec stopped Oct 14 16:00:27 ipsec_setup Starting Openswan IPsec 2.6.24... Oct 14 16:00:28 ipsec_setup Using KLIPS/legacy stack Oct 14 16:00:30 ipsec_setup KLIPS debug `none' Oct 14 16:00:30 ipsec_setup unable to determine address of `eth2' Oct 15 08:08:03 ipsec_setup Stopping Openswan IPsec... Oct 15 08:08:03 ipsec_setup stop ordered, but IPsec appears to be already stopped! Oct 15 08:08:03 ipsec_setup doing cleanup anyway... Oct 15 08:08:03 ipsec_setup ...Openswan IPsec stopped Oct 15 08:08:04 ipsec_setup Starting Openswan IPsec 2.6.24... Oct 15 08:08:04 ipsec_setup Using KLIPS/legacy stack Oct 15 08:08:07 ipsec_setup KLIPS debug `none' Oct 15 08:08:07 ipsec_setup KLIPS ipsec0 on eth2 192.168.200.2/255.255.255.0 broadcast 192.168.200.255 Oct 15 08:08:08 ipsec__plutorun Starting Pluto subsystem... Oct 15 08:08:08 ipsec_setup ...Openswan IPsec started Oct 15 08:08:08 ipsec__plutorun adjusting ipsec.d to /etc/ipsec/ipsec.d Oct 15 08:08:08 pluto[4967] Starting Pluto (Openswan Version 2.6.24; Vendor ID OEU}`hAnwstx) pid:4967 Oct 15 08:08:08 pluto[4967] Setting NAT-Traversal port-4500 floating to on Oct 15 08:08:08 pluto[4967] port floating activation criteria nat_t=1/port_float=1 Oct 15 08:08:08 pluto[4967] NAT-Traversal support [enabled] Oct 15 08:08:08 pluto[4967] using /dev/urandom as source of random entropy Oct 15 08:08:08 pluto[4967] ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC_SSH: Ok (ret=0) Oct 15 08:08:08 pluto[4967] ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC: Ok (ret=0) Oct 15 08:08:08 pluto[4967] ike_alg_register_enc(): Activating OAKLEY_SERPENT_CBC: Ok (ret=0) Oct 15 08:08:08 pluto[4967] ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0) Oct 15 08:08:08 pluto[4967] ike_alg_register_enc(): Activating OAKLEY_BLOWFISH_CBC: Ok (ret=0) Oct 15 08:08:08 pluto[4967] ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok (ret=0) Oct 15 08:08:08 pluto[4967] ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok (ret=0) Oct 15 08:08:08 pluto[4967] starting up 1 cryptographic helpers Oct 15 08:08:08 pluto[4974] using /dev/urandom as source of random entropy Oct 15 08:08:08 pluto[4967] started helper pid=4974 (fd:5) Oct 15 08:08:08 pluto[4967] Using KLIPS IPsec interface code on 2.6.27.19-72.e25 Oct 15 08:08:08 pluto[4967] Changed path to directory '/etc/ipsec/ipsec.d/cacerts' Oct 15 08:08:08 pluto[4967] loaded CA cert file 'cacert.pem' (1269 bytes) Oct 15 08:08:08 pluto[4967] loaded CA cert file 'Zweigstellecert.pem' (1269 bytes) Oct 15 08:08:08 pluto[4967] Could not change to directory '/etc/ipsec/ipsec.d/aacerts': / Oct 15 08:08:08 pluto[4967] Could not change to directory '/etc/ipsec/ipsec.d/ocspcerts': / Oct 15 08:08:08 pluto[4967] Changing to directory '/etc/ipsec/ipsec.d/crls' Oct 15 08:08:08 pluto[4967] Warning: empty directory Oct 15 08:08:08 pluto[4967] loading certificate from hostcert.pem Oct 15 08:08:08 ipsec__plutorun 002 loading certificate from hostcert.pem Oct 15 08:08:08 pluto[4967] loaded host cert file '/etc/ipsec/ipsec.d/certs/hostcert.pem' (1143 bytes) Oct 15 08:08:08 pluto[4967] loading certificate from Zweigstellecert.pem Oct 15 08:08:08 ipsec__plutorun 002 loaded host cert file '/etc/ipsec/ipsec.d/certs/hostcert.pem' (1143 bytes) Oct 15 08:08:08 ipsec__plutorun 002 loading certificate from Zweigstellecert.pem Oct 15 08:08:08 pluto[4967] loaded host cert file '/etc/ipsec/ipsec.d/certs/Zweigstellecert.pem' (1269 bytes) Oct 15 08:08:08 pluto[4967] added connection description "Zweigstelle" Oct 15 08:08:08 ipsec__plutorun 002 loaded host cert file '/etc/ipsec/ipsec.d/certs/Zweigstellecert.pem' (1269 bytes) Oct 15 08:08:08 ipsec__plutorun 002 added connection description "Zweigstelle" Oct 15 08:08:08 pluto[4967] listening for IKE messages Oct 15 08:08:08 pluto[4967] NAT-Traversal: Trying new style NAT-T Oct 15 08:08:08 pluto[4967] adding interface ipsec0/eth2 192.168.200.2:500 Oct 15 08:08:08 pluto[4967] adding interface ipsec0/eth2 192.168.200.2:4500 Oct 15 08:08:08 pluto[4967] loading secrets from "/etc/ipsec/ipsec.secrets" Oct 15 08:08:08 pluto[4967] loaded private key file '/etc/ipsec/ipsec.d/certs/hostkey.pem' (887 bytes) Oct 15 08:08:08 pluto[4967] loaded private key for keyid: PPK_RSA:AwEAAdwtb Oct 15 08:08:08 ipsec__plutorun: 003 NAT-Traversal Trying new style NAT-T Oct 15 08:08:09 pluto[4967] "Zweigstelle" #1: initiating Main Mode Oct 15 08:08:09 ipsec__plutorun: 104 "Zweigstelle" #1: STATE_MAIN_I1 initiate Oct 15 08:09:10 ipsec_setup Stopping Openswan IPsec... Oct 15 08:09:11 pluto[4967] shutting down Oct 15 08:09:11 pluto[4967] forgetting secrets Oct 15 08:09:11 pluto[4967] "Zweigstelle": deleting connection Oct 15 08:09:11 pluto[4967] "Zweigstelle" #1: deleting state (STATE_MAIN_I1) Oct 15 08:09:11 pluto[4967] shutting down interface ipsec0/eth2 192.168.200.2:4500 Oct 15 08:09:11 pluto[4967] shutting down interface ipsec0/eth2 192.168.200.2:500 Oct 15 08:09:12 pluto[4974] pluto_crypto_helper: helper (0) is normal exiting Oct 15 08:09:13 ipsec_setup ...Openswan IPsec stopped Oct 15 08:09:14 ipsec_setup Starting Openswan IPsec 2.6.24... Oct 15 08:09:14 ipsec_setup Using KLIPS/legacy stack Oct 15 08:09:16 ipsec_setup KLIPS debug `none' Oct 15 08:09:17 ipsec_setup KLIPS ipsec0 on eth2 192.168.200.2/255.255.255.0 broadcast 192.168.200.255 Oct 15 08:09:17 ipsec__plutorun Starting Pluto subsystem... Oct 15 08:09:17 ipsec__plutorun adjusting ipsec.d to /etc/ipsec/ipsec.d Oct 15 08:09:17 pluto[5538] Starting Pluto (Openswan Version 2.6.24; Vendor ID OEU}`hAnwstx) pid:5538 Oct 15 08:09:17 pluto[5538] Setting NAT-Traversal port-4500 floating to on Oct 15 08:09:17 pluto[5538] port floating activation criteria nat_t=1/port_float=1 Oct 15 08:09:17 pluto[5538] NAT-Traversal support [enabled] Oct 15 08:09:17 pluto[5538] using /dev/urandom as source of random entropy Oct 15 08:09:17 pluto[5538] ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC_SSH: Ok (ret=0) Oct 15 08:09:17 pluto[5538] ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC: Ok (ret=0) Oct 15 08:09:17 pluto[5538] ike_alg_register_enc(): Activating OAKLEY_SERPENT_CBC: Ok (ret=0) Oct 15 08:09:17 pluto[5538] ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0) Oct 15 08:09:17 pluto[5538] ike_alg_register_enc(): Activating OAKLEY_BLOWFISH_CBC: Ok (ret=0) Oct 15 08:09:17 pluto[5538] ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok (ret=0) Oct 15 08:09:17 pluto[5538] ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok (ret=0) Oct 15 08:09:17 pluto[5538] starting up 1 cryptographic helpers Oct 15 08:09:17 pluto[5544] using /dev/urandom as source of random entropy Oct 15 08:09:17 ipsec_setup ...Openswan IPsec started Oct 15 08:09:17 pluto[5538] started helper pid=5544 (fd:5) Oct 15 08:09:17 pluto[5538] Using KLIPS IPsec interface code on 2.6.27.19-72.e25 Oct 15 08:09:17 pluto[5538] Changed path to directory '/etc/ipsec/ipsec.d/cacerts' Oct 15 08:09:17 pluto[5538] loaded CA cert file 'cacert.pem' (1269 bytes) Oct 15 08:09:17 pluto[5538] loaded CA cert file 'Zweigstellecert.pem' (1269 bytes) Oct 15 08:09:17 pluto[5538] Could not change to directory '/etc/ipsec/ipsec.d/aacerts': / Oct 15 08:09:17 pluto[5538] Could not change to directory '/etc/ipsec/ipsec.d/ocspcerts': / Oct 15 08:09:17 pluto[5538] Changing to directory '/etc/ipsec/ipsec.d/crls' Oct 15 08:09:17 pluto[5538] Warning: empty directory Oct 15 08:09:17 pluto[5538] loading certificate from hostcert.pem Oct 15 08:09:17 pluto[5538] loaded host cert file '/etc/ipsec/ipsec.d/certs/hostcert.pem' (1143 bytes) Oct 15 08:09:17 pluto[5538] loading certificate from Zweigstellecert.pem Oct 15 08:09:17 pluto[5538] loaded host cert file '/etc/ipsec/ipsec.d/certs/Zweigstellecert.pem' (1269 bytes) Oct 15 08:09:17 pluto[5538] added connection description "Zweigstelle" Oct 15 08:09:17 ipsec__plutorun 002 loading certificate from hostcert.pem Oct 15 08:09:17 ipsec__plutorun 002 loaded host cert file '/etc/ipsec/ipsec.d/certs/hostcert.pem' (1143 bytes) Oct 15 08:09:17 ipsec__plutorun 002 loading certificate from Zweigstellecert.pem Oct 15 08:09:17 ipsec__plutorun 002 loaded host cert file '/etc/ipsec/ipsec.d/certs/Zweigstellecert.pem' (1269 bytes) Oct 15 08:09:17 ipsec__plutorun 002 added connection description "Zweigstelle" Oct 15 08:09:17 pluto[5538] listening for IKE messages Oct 15 08:09:17 pluto[5538] NAT-Traversal: Trying new style NAT-T Oct 15 08:09:17 pluto[5538] adding interface ipsec0/eth2 192.168.200.2:500 Oct 15 08:09:17 pluto[5538] adding interface ipsec0/eth2 192.168.200.2:4500 Oct 15 08:09:17 pluto[5538] loading secrets from "/etc/ipsec/ipsec.secrets" Oct 15 08:09:17 pluto[5538] loaded private key file '/etc/ipsec/ipsec.d/certs/hostkey.pem' (887 bytes) Oct 15 08:09:17 pluto[5538] loaded private key for keyid: PPK_RSA:AwEAAdwtb Oct 15 08:09:17 ipsec__plutorun: 003 NAT-Traversal Trying new style NAT-T Oct 15 08:09:18 pluto[5538] "Zweigstelle" #1: initiating Main Mode Oct 15 08:09:18 ipsec__plutorun: 104 "Zweigstelle" #1: STATE_MAIN_I1 initiate Oct 15 08:09:18 pluto[5538] "Zweigstelle" #1: received Vendor ID payload [RFC 3947] method set to=109 Oct 15 08:09:18 pluto[5538] "Zweigstelle" #1: received Vendor ID payload [Dead Peer Detection] Oct 15 08:09:18 pluto[5538] "Zweigstelle" #1: enabling possible NAT-traversal with method 4 Oct 15 08:09:18 pluto[5538] "Zweigstelle" #1: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2 Oct 15 08:09:18 pluto[5538] "Zweigstelle" #1: STATE_MAIN_I2: sent MI2, expecting MR2 Oct 15 08:09:19 pluto[5538] "Zweigstelle" #1: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): i am NATed Oct 15 08:09:19 pluto[5538] "Zweigstelle" #1: I am sending my cert Oct 15 08:09:19 pluto[5538] "Zweigstelle" #1: I am sending a certificate request Oct 15 08:09:19 pluto[5538] "Zweigstelle" #1: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3 Oct 15 08:09:19 pluto[5538] "Zweigstelle" #1: STATE_MAIN_I3: sent MI3, expecting MR3 Oct 15 08:09:19 pluto[5538] "Zweigstelle" #1: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 15 08:09:19 pluto[5538] "Zweigstelle" #1: received and ignored informational message Oct 15 08:09:29 pluto[5538] "Zweigstelle" #1: discarding duplicate packet; already STATE_MAIN_I3 Oct 15 08:09:29 pluto[5538] "Zweigstelle" #1: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 15 08:09:29 pluto[5538] "Zweigstelle" #1: received and ignored informational message Oct 15 08:09:49 pluto[5538] "Zweigstelle" #1: discarding duplicate packet; already STATE_MAIN_I3 Oct 15 08:09:49 pluto[5538] "Zweigstelle" #1: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 15 08:09:49 pluto[5538] "Zweigstelle" #1: received and ignored informational message Oct 15 08:10:29 pluto[5538] "Zweigstelle" #1: max number of retransmissions (2) reached STATE_MAIN_I3. Possible authentication failure: no acceptable response to our first encrypted message Oct 15 08:10:29 pluto[5538] "Zweigstelle" #1: starting keying attempt 2 of an unlimited number Oct 15 08:10:29 pluto[5538] "Zweigstelle" #2: initiating Main Mode to replace #1 Oct 15 08:10:29 pluto[5538] "Zweigstelle" #2: received Vendor ID payload [RFC 3947] method set to=109 Oct 15 08:10:29 pluto[5538] "Zweigstelle" #2: received Vendor ID payload [Dead Peer Detection] Oct 15 08:10:29 pluto[5538] "Zweigstelle" #2: enabling possible NAT-traversal with method 4 Oct 15 08:10:29 pluto[5538] "Zweigstelle" #2: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2 Oct 15 08:10:29 pluto[5538] "Zweigstelle" #2: STATE_MAIN_I2: sent MI2, expecting MR2 Oct 15 08:10:30 pluto[5538] "Zweigstelle" #2: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): i am NATed Oct 15 08:10:30 pluto[5538] "Zweigstelle" #2: I am sending my cert Oct 15 08:10:30 pluto[5538] "Zweigstelle" #2: I am sending a certificate request Oct 15 08:10:30 pluto[5538] "Zweigstelle" #2: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3 Oct 15 08:10:30 pluto[5538] "Zweigstelle" #2: STATE_MAIN_I3: sent MI3, expecting MR3 Oct 15 08:10:30 pluto[5538] "Zweigstelle" #2: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 15 08:10:30 pluto[5538] "Zweigstelle" #2: received and ignored informational message Oct 15 08:10:40 pluto[5538] "Zweigstelle" #2: discarding duplicate packet; already STATE_MAIN_I3 Oct 15 08:10:40 pluto[5538] "Zweigstelle" #2: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 15 08:10:40 pluto[5538] "Zweigstelle" #2: received and ignored informational message Oct 15 08:11:00 pluto[5538] "Zweigstelle" #2: discarding duplicate packet; already STATE_MAIN_I3 Oct 15 08:11:00 pluto[5538] "Zweigstelle" #2: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 15 08:11:00 pluto[5538] "Zweigstelle" #2: received and ignored informational message Oct 15 08:11:40 pluto[5538] "Zweigstelle" #2: max number of retransmissions (2) reached STATE_MAIN_I3. Possible authentication failure: no acceptable response to our first encrypted message Oct 15 08:11:40 pluto[5538] "Zweigstelle" #2: starting keying attempt 3 of an unlimited number Oct 15 08:11:40 pluto[5538] "Zweigstelle" #3: initiating Main Mode to replace #2 Oct 15 08:11:40 pluto[5538] "Zweigstelle" #3: received Vendor ID payload [RFC 3947] method set to=109 Oct 15 08:11:40 pluto[5538] "Zweigstelle" #3: received Vendor ID payload [Dead Peer Detection] Oct 15 08:11:40 pluto[5538] "Zweigstelle" #3: enabling possible NAT-traversal with method 4 Oct 15 08:11:40 pluto[5538] "Zweigstelle" #3: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2 Oct 15 08:11:40 pluto[5538] "Zweigstelle" #3: STATE_MAIN_I2: sent MI2, expecting MR2 Oct 15 08:11:40 pluto[5538] "Zweigstelle" #3: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): i am NATed Oct 15 08:11:40 pluto[5538] "Zweigstelle" #3: I am sending my cert Oct 15 08:11:40 pluto[5538] "Zweigstelle" #3: I am sending a certificate request Oct 15 08:11:40 pluto[5538] "Zweigstelle" #3: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3 Oct 15 08:11:40 pluto[5538] "Zweigstelle" #3: STATE_MAIN_I3: sent MI3, expecting MR3 Oct 15 08:11:40 pluto[5538] "Zweigstelle" #3: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 15 08:11:40 pluto[5538] "Zweigstelle" #3: received and ignored informational message Oct 15 08:11:49 pluto[5538] "Zweigstelle" #3: discarding duplicate packet; already STATE_MAIN_I3 Oct 15 08:11:50 pluto[5538] "Zweigstelle" #3: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 15 08:11:50 pluto[5538] "Zweigstelle" #3: received and ignored informational message Oct 15 08:12:09 pluto[5538] "Zweigstelle" #3: discarding duplicate packet; already STATE_MAIN_I3 Oct 15 08:12:10 pluto[5538] "Zweigstelle" #3: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 15 08:12:10 pluto[5538] "Zweigstelle" #3: received and ignored informational message Oct 15 08:12:50 pluto[5538] "Zweigstelle" #3: max number of retransmissions (2) reached STATE_MAIN_I3. Possible authentication failure: no acceptable response to our first encrypted message Oct 15 08:12:50 pluto[5538] "Zweigstelle" #3: starting keying attempt 4 of an unlimited number Oct 15 08:12:50 pluto[5538] "Zweigstelle" #4: initiating Main Mode to replace #3 Oct 15 08:12:50 pluto[5538] "Zweigstelle" #4: received Vendor ID payload [RFC 3947] method set to=109 Oct 15 08:12:50 pluto[5538] "Zweigstelle" #4: received Vendor ID payload [Dead Peer Detection] Oct 15 08:12:50 pluto[5538] "Zweigstelle" #4: enabling possible NAT-traversal with method 4 Oct 15 08:12:50 pluto[5538] "Zweigstelle" #4: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2 Oct 15 08:12:50 pluto[5538] "Zweigstelle" #4: STATE_MAIN_I2: sent MI2, expecting MR2 Oct 15 08:12:50 pluto[5538] "Zweigstelle" #4: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): i am NATed Oct 15 08:12:50 pluto[5538] "Zweigstelle" #4: I am sending my cert Oct 15 08:12:50 pluto[5538] "Zweigstelle" #4: I am sending a certificate request Oct 15 08:12:50 pluto[5538] "Zweigstelle" #4: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3 Oct 15 08:12:50 pluto[5538] "Zweigstelle" #4: STATE_MAIN_I3: sent MI3, expecting MR3 Oct 15 08:12:50 pluto[5538] "Zweigstelle" #4: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 15 08:12:50 pluto[5538] "Zweigstelle" #4: received and ignored informational message Oct 15 08:13:01 pluto[5538] "Zweigstelle" #4: discarding duplicate packet; already STATE_MAIN_I3 Oct 15 08:13:01 pluto[5538] "Zweigstelle" #4: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 15 08:13:01 pluto[5538] "Zweigstelle" #4: received and ignored informational message Oct 15 08:13:20 pluto[5538] "Zweigstelle" #4: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 15 08:13:20 pluto[5538] "Zweigstelle" #4: received and ignored informational message Oct 15 08:13:21 pluto[5538] "Zweigstelle" #4: discarding duplicate packet; already STATE_MAIN_I3 Oct 15 08:14:00 pluto[5538] "Zweigstelle" #4: max number of retransmissions (2) reached STATE_MAIN_I3. Possible authentication failure: no acceptable response to our first encrypted message Oct 15 08:14:00 pluto[5538] "Zweigstelle" #4: starting keying attempt 5 of an unlimited number Oct 15 08:14:00 pluto[5538] "Zweigstelle" #5: initiating Main Mode to replace #4 Oct 15 08:14:00 pluto[5538] "Zweigstelle" #5: received Vendor ID payload [RFC 3947] method set to=109 Oct 15 08:14:00 pluto[5538] "Zweigstelle" #5: received Vendor ID payload [Dead Peer Detection] Oct 15 08:14:00 pluto[5538] "Zweigstelle" #5: enabling possible NAT-traversal with method 4 Oct 15 08:14:00 pluto[5538] "Zweigstelle" #5: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2 Oct 15 08:14:00 pluto[5538] "Zweigstelle" #5: STATE_MAIN_I2: sent MI2, expecting MR2 Oct 15 08:14:00 pluto[5538] "Zweigstelle" #5: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): i am NATed Oct 15 08:14:00 pluto[5538] "Zweigstelle" #5: I am sending my cert Oct 15 08:14:00 pluto[5538] "Zweigstelle" #5: I am sending a certificate request Oct 15 08:14:00 pluto[5538] "Zweigstelle" #5: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3 Oct 15 08:14:00 pluto[5538] "Zweigstelle" #5: STATE_MAIN_I3: sent MI3, expecting MR3 Oct 15 08:14:00 pluto[5538] "Zweigstelle" #5: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 15 08:14:00 pluto[5538] "Zweigstelle" #5: received and ignored informational message Oct 15 08:14:10 pluto[5538] "Zweigstelle" #5: discarding duplicate packet; already STATE_MAIN_I3 Oct 15 08:14:10 pluto[5538] "Zweigstelle" #5: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 15 08:14:10 pluto[5538] "Zweigstelle" #5: received and ignored informational message Oct 15 08:14:30 pluto[5538] "Zweigstelle" #5: discarding duplicate packet; already STATE_MAIN_I3 Oct 15 08:14:30 pluto[5538] "Zweigstelle" #5: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 15 08:14:30 pluto[5538] "Zweigstelle" #5: received and ignored informational message Oct 15 08:15:10 pluto[5538] "Zweigstelle" #5: max number of retransmissions (2) reached STATE_MAIN_I3. Possible authentication failure: no acceptable response to our first encrypted message Oct 15 08:15:10 pluto[5538] "Zweigstelle" #5: starting keying attempt 6 of an unlimited number Oct 15 08:15:10 pluto[5538] "Zweigstelle" #6: initiating Main Mode to replace #5 Oct 15 08:15:10 pluto[5538] "Zweigstelle" #6: received Vendor ID payload [RFC 3947] method set to=109 Oct 15 08:15:10 pluto[5538] "Zweigstelle" #6: received Vendor ID payload [Dead Peer Detection] Oct 15 08:15:10 pluto[5538] "Zweigstelle" #6: enabling possible NAT-traversal with method 4 Oct 15 08:15:10 pluto[5538] "Zweigstelle" #6: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2 Oct 15 08:15:10 pluto[5538] "Zweigstelle" #6: STATE_MAIN_I2: sent MI2, expecting MR2 Oct 15 08:15:11 pluto[5538] "Zweigstelle" #6: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): i am NATed Oct 15 08:15:11 pluto[5538] "Zweigstelle" #6: I am sending my cert Oct 15 08:15:11 pluto[5538] "Zweigstelle" #6: I am sending a certificate request Oct 15 08:15:11 pluto[5538] "Zweigstelle" #6: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3 Oct 15 08:15:11 pluto[5538] "Zweigstelle" #6: STATE_MAIN_I3: sent MI3, expecting MR3 Oct 15 08:15:11 pluto[5538] "Zweigstelle" #6: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 15 08:15:11 pluto[5538] "Zweigstelle" #6: received and ignored informational message Oct 15 08:15:21 pluto[5538] "Zweigstelle" #6: discarding duplicate packet; already STATE_MAIN_I3 Oct 15 08:15:21 pluto[5538] "Zweigstelle" #6: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 15 08:15:21 pluto[5538] "Zweigstelle" #6: received and ignored informational message Oct 15 08:15:40 pluto[5538] "Zweigstelle" #6: discarding duplicate packet; already STATE_MAIN_I3 Oct 15 08:15:41 pluto[5538] "Zweigstelle" #6: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 15 08:15:41 pluto[5538] "Zweigstelle" #6: received and ignored informational message Oct 15 08:16:21 pluto[5538] "Zweigstelle" #6: max number of retransmissions (2) reached STATE_MAIN_I3. Possible authentication failure: no acceptable response to our first encrypted message Oct 15 08:16:21 pluto[5538] "Zweigstelle" #6: starting keying attempt 7 of an unlimited number Oct 15 08:16:21 pluto[5538] "Zweigstelle" #7: initiating Main Mode to replace #6 Oct 15 08:16:21 pluto[5538] "Zweigstelle" #7: received Vendor ID payload [RFC 3947] method set to=109 Oct 15 08:16:21 pluto[5538] "Zweigstelle" #7: received Vendor ID payload [Dead Peer Detection] Oct 15 08:16:21 pluto[5538] "Zweigstelle" #7: enabling possible NAT-traversal with method 4 Oct 15 08:16:21 pluto[5538] "Zweigstelle" #7: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2 Oct 15 08:16:21 pluto[5538] "Zweigstelle" #7: STATE_MAIN_I2: sent MI2, expecting MR2 Oct 15 08:16:21 pluto[5538] "Zweigstelle" #7: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): i am NATed Oct 15 08:16:21 pluto[5538] "Zweigstelle" #7: I am sending my cert Oct 15 08:16:21 pluto[5538] "Zweigstelle" #7: I am sending a certificate request Oct 15 08:16:21 pluto[5538] "Zweigstelle" #7: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3 Oct 15 08:16:21 pluto[5538] "Zweigstelle" #7: STATE_MAIN_I3: sent MI3, expecting MR3 Oct 15 08:16:22 pluto[5538] "Zweigstelle" #7: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 15 08:16:22 pluto[5538] "Zweigstelle" #7: received and ignored informational message Oct 15 08:16:31 pluto[5538] "Zweigstelle" #7: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 15 08:16:31 pluto[5538] "Zweigstelle" #7: received and ignored informational message Oct 15 08:16:32 pluto[5538] "Zweigstelle" #7: discarding duplicate packet; already STATE_MAIN_I3 Oct 15 08:16:51 pluto[5538] "Zweigstelle" #7: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000 Oct 15 08:16:51 pluto[5538] "Zweigstelle" #7: received and ignored informational message Oct 15 08:16:51 pluto[5538] "Zweigstelle" #7: discarding duplicate packet; already STATE_MAIN_I3