apollo-13
asked on
ASTARO Hardware Firewall SITE-TO-SITE VPN
I have 2 cites and both sides has astaro hardware firewall v7.
Bothsides:
firware version:7.512
AES-256
RSA key
I configured on the astaro city one(HQ)site-to-site VPN and the other City(our branch-1) too. They nearly one year worked witout Problem But sudennly something happend and stop connection between HQ and OUR BRANCH-1. 2 weeks ago both sites started sometimes lose connections .NOW NO MORE CONNECTIONS ANY MORE.
when lose connections then i look HQ astaro admin page->site-to-site VPN
site-to-site VPN our_Branch-1the status RED.
But IPSec section is Green.
any idea please?
Thanks
Bothsides:
firware version:7.512
AES-256
RSA key
I configured on the astaro city one(HQ)site-to-site VPN and the other City(our branch-1) too. They nearly one year worked witout Problem But sudennly something happend and stop connection between HQ and OUR BRANCH-1. 2 weeks ago both sites started sometimes lose connections .NOW NO MORE CONNECTIONS ANY MORE.
when lose connections then i look HQ astaro admin page->site-to-site VPN
site-to-site VPN our_Branch-1the status RED.
But IPSec section is Green.any idea please?
Thanks
Ah, da is' ja der Apollo wieder ...
Looks like something in Phase 2 goes wrong. The SA Delete notif might come some time after the tunnel started negotiation - then the lifetimes are not the same on each side. If it comes shortly after initiation of the connection, one or more of the encryption/hash/DH settings, or Proxy IDs, are different.
If you do not have more in your logs, you should watch if the tunnel is up for more than one or two minutes after you re-initiate it. And you should have the log of the other site, of course.
By all means you should try to increase the log level, to get anything useful for troubleshooting. Usually you have to watch both sites to get a picture.
Looks like something in Phase 2 goes wrong. The SA Delete notif might come some time after the tunnel started negotiation - then the lifetimes are not the same on each side. If it comes shortly after initiation of the connection, one or more of the encryption/hash/DH settings, or Proxy IDs, are different.
If you do not have more in your logs, you should watch if the tunnel is up for more than one or two minutes after you re-initiate it. And you should have the log of the other site, of course.
By all means you should try to increase the log level, to get anything useful for troubleshooting. Usually you have to watch both sites to get a picture.
ASKER
Hi Qlemo
thanks for answer.
thanks for answer.
ASKER
unfortunalitly i cant connect to see logs on the other side. Actually this connection lost problem happend after up2date firmware updated.
Here is the LIVE LOGS :
Live-Protokoll: IPSec-VPN
2012:12:30-13:16:04 astaro-2 pluto[851]: | kernel_alg_esp_auth_keylen
2012:12:30-13:16:04 astaro-2 pluto[851]: | kernel_alg_esp_auth_keylen
2012:12:30-13:56:02 astaro-1 pluto[9488]: | kernel_alg_esp_auth_keylen
2012:12:30-13:56:02 astaro-1 pluto[9488]: | kernel_alg_esp_auth_keylen
2012:12:30-14:11:05 astaro-2 pluto[851]: | kernel_alg_esp_auth_keylen
2012:12:30-14:11:06 astaro-2 pluto[851]: | kernel_alg_esp_auth_keylen
2012:12:30-14:32:56 astaro-1 pluto[9488]: | kernel_alg_esp_auth_keylen
2012:12:30-14:32:56 astaro-1 pluto[9488]: | kernel_alg_esp_auth_keylen
2012:12:30-14:33:04 astaro-1 pluto[9488]: | kernel_alg_esp_auth_keylen
2012:12:30-14:33:04 astaro-1 pluto[9488]: | kernel_alg_esp_auth_keylen
2012:12:30-14:33:55 astaro-2 pluto[851]: "S_Site_to_Site_Branch-1":
2012:12:30-14:33:55 astaro-2 pluto[851]: | alg_info_delref() alg_info->ref_cnt=0
2012:12:30-14:33:55 astaro-2 pluto[851]: | alg_info_delref() freeing alg_info
2012:12:30-14:33:55 astaro-2 pluto[851]: | alg_info_delref() alg_info->ref_cnt=0
2012:12:30-14:33:55 astaro-2 pluto[851]: | alg_info_delref() freeing alg_info
2012:12:30-14:33:55 astaro-2 pluto[851]: forgetting secrets
2012:12:30-14:33:55 astaro-2 pluto[851]: loading secrets from "/etc/ipsec.secrets"
2012:12:30-14:33:55 astaro-2 pluto[851]: Changing to directory '/etc/ipsec.d/cacerts'
2012:12:30-14:33:55 astaro-2 pluto[851]: loaded CA cert file 'VPN Signing CA.pem' (2938 bytes)
2012:12:30-14:33:55 astaro-2 pluto[851]: loaded CA cert file 'VPN Signing CA (Thu Feb 5 14:14:06 2009).pem' (3079 bytes)
2012:12:30-14:33:55 astaro-2 pluto[851]: Changing to directory '/etc/ipsec.d/aacerts'
2012:12:30-14:33:55 astaro-2 pluto[851]: Changing to directory '/etc/ipsec.d/ocspcerts'
2012:12:30-14:33:55 astaro-2 pluto[851]: Changing to directory '/etc/ipsec.d/crls'
2012:12:30-14:33:56 astaro-1 pluto[9488]: shutting down
2012:12:30-14:33:56 astaro-1 pluto[9488]: forgetting secrets
2012:12:30-14:33:56 astaro-1 pluto[9488]: "S_Site_to_Site_Branch-1":
2012:12:30-14:33:56 astaro-1 pluto[9488]: | alg_info_delref() alg_info->ref_cnt=0
2012:12:30-14:33:56 astaro-1 pluto[9488]: | alg_info_delref() freeing alg_info
2012:12:30-14:33:56 astaro-1 pluto[9488]: | alg_info_delref() alg_info->ref_cnt=0
2012:12:30-14:33:56 astaro-1 pluto[9488]: | alg_info_delref() freeing alg_info
2012:12:30-14:33:56 astaro-1 pluto[9488]: "S_Site_to_Site_Branch-1_T
2012:12:30-14:33:56 astaro-1 pluto[9488]: | alg_info_delref() alg_info->ref_cnt=0
2012:12:30-14:33:56 astaro-1 pluto[9488]: | alg_info_delref() freeing alg_info
2012:12:30-14:33:56 astaro-1 pluto[9488]: | alg_info_delref() alg_info->ref_cnt=0
2012:12:30-14:33:56 astaro-1 pluto[9488]: | alg_info_delref() freeing alg_info
2012:12:30-14:33:56 astaro-1 pluto[9488]: shutting down interface ipsec0/eth1 61.150.145.70
2012:12:30-14:33:56 astaro-1 pluto[9488]: shutting down interface ipsec0/eth1 61.150.145.70
2012:12:30-14:33:58 astaro-2 pluto[851]: shutting down
2012:12:30-14:33:58 astaro-2 pluto[851]: forgetting secrets
2012:12:30-14:33:58 astaro-2 pluto[851]: "S_Site_to_Site_Branch-1_T
2012:12:30-14:33:58 astaro-2 pluto[851]: | alg_info_delref() alg_info->ref_cnt=0
2012:12:30-14:33:58 astaro-2 pluto[851]: | alg_info_delref() freeing alg_info
2012:12:30-14:33:58 astaro-2 pluto[851]: | alg_info_delref() alg_info->ref_cnt=0
2012:12:30-14:33:58 astaro-2 pluto[851]: | alg_info_delref() freeing alg_info
2012:12:30-14:33:58 astaro-2 pluto[851]: shutting down interface ipsec0/eth1 61.150.145.70
2012:12:30-14:33:58 astaro-2 pluto[851]: shutting down interface ipsec0/eth1 61.150.145.70
2012:12:30-14:34:14 astaro-1 ipsec_starter[16733]: Starting strongSwan 4.2.3 IPsec [starter]...
2012:12:30-14:34:14 astaro-1 ipsec_starter[16744]: IP address or index of physical interface changed -> reinit of ipsec interface
2012:12:30-14:34:15 astaro-2 ipsec_starter[7456]: Starting strongSwan 4.2.3 IPsec [starter]...
2012:12:30-14:34:15 astaro-2 ipsec_starter[7467]: IP address or index of physical interface changed -> reinit of ipsec interface
2012:12:30-14:34:16 astaro-1 ipsec_starter[16744]: pluto too long to start... - kill kill
2012:12:30-14:34:16 astaro-1 ipsec_starter[16744]: pluto has died -- restart scheduled (5sec)
2012:12:30-14:34:16 astaro-2 pluto[7484]: Starting Pluto (strongSwan Version 4.2.3 THREADS LIBLDAP VENDORID CISCO_QUIRKS)
2012:12:30-14:34:16 astaro-2 pluto[7484]: including NAT-Traversal patch (Version 0.6c)
2012:12:30-14:34:16 astaro-2 pluto[7484]: ike_alg: Activating OAKLEY_AES_CBC encryption: Ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: ike_alg: Activating OAKLEY_BLOWFISH_CBC encryption: Ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: ike_alg: Activating OAKLEY_SERPENT_CBC encryption: Ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: ike_alg: Activating OAKLEY_SHA2_256 hash: Ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: ike_alg: Activating OAKLEY_SHA2_384 hash: Ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: ike_alg: Activating OAKLEY_SHA2_512 hash: Ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: ike_alg: Activating OAKLEY_TWOFISH_CBC encryption: Ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: ike_alg: Activating OAKLEY_TWOFISH_CBC_SSH encryption: Ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: Testing registered IKE encryption algorithms:
2012:12:30-14:34:16 astaro-2 pluto[7484]: OAKLEY_DES_CBC self-test not available
2012:12:30-14:34:16 astaro-2 pluto[7484]: OAKLEY_BLOWFISH_CBC self-test not available
2012:12:30-14:34:16 astaro-2 pluto[7484]: OAKLEY_3DES_CBC self-test not available
2012:12:30-14:34:16 astaro-2 pluto[7484]: OAKLEY_AES_CBC self-test not available
2012:12:30-14:34:16 astaro-2 pluto[7484]: OAKLEY_SERPENT_CBC self-test not available
2012:12:30-14:34:16 astaro-2 pluto[7484]: OAKLEY_TWOFISH_CBC self-test not available
2012:12:30-14:34:16 astaro-2 pluto[7484]: OAKLEY_TWOFISH_CBC_SSH self-test not available
2012:12:30-14:34:16 astaro-2 pluto[7484]: Testing registered IKE hash algorithms:
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hash testvector 0: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hash testvector 1: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hash testvector 2: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hash testvector 3: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hash testvector 4: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hash testvector 5: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hash testvector 6: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: OAKLEY_MD5 hash self-test passed
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hmac testvector 0: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hmac testvector 1: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hmac testvector 2: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hmac testvector 3: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hmac testvector 4: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hmac testvector 5: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: OAKLEY_MD5 hmac self-test passed
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hash testvector 0: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hash testvector 1: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hash testvector 2: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: OAKLEY_SHA hash self-test passed
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hmac testvector 0: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hmac testvector 1: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hmac testvector 2: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hmac testvector 3: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hmac testvector 4: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hmac testvector 5: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: OAKLEY_SHA hmac self-test passed
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hash testvector 0: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hash testvector 1: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hash testvector 2: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: OAKLEY_SHA2_256 hash self-test passed
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hmac testvector 0: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hmac testvector 1: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hmac testvector 2: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hmac testvector 3: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hmac testvector 4: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hmac testvector 5: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: OAKLEY_SHA2_256 hmac self-test passed
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hash testvector 0: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hash testvector 1: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hash testvector 2: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: OAKLEY_SHA2_384 hash self-test passed
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hmac testvector 0: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hmac testvector 1: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hmac testvector 2: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hmac testvector 3: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hmac testvector 4: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hmac testvector 5: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: OAKLEY_SHA2_384 hmac self-test passed
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hash testvector 0: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hash testvector 1: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hash testvector 2: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: OAKLEY_SHA2_512 hash self-test passed
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hmac testvector 0: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hmac testvector 1: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hmac testvector 2: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hmac testvector 3: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hmac testvector 4: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hmac testvector 5: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: OAKLEY_SHA2_512 hmac self-test passed
2012:12:30-14:34:16 astaro-2 pluto[7484]: All crypto self-tests passed
2012:12:30-14:34:16 astaro-2 pluto[7484]: Using KLIPS IPsec interface code
2012:12:30-14:34:16 astaro-2 pluto[7484]: HA system enabled and listen on interface eth3
2012:12:30-14:34:16 astaro-2 pluto[7484]: Changing to directory '/etc/ipsec.d/cacerts'
2012:12:30-14:34:16 astaro-2 pluto[7484]: loaded CA cert file 'VPN Signing CA.pem' (2938 bytes)
2012:12:30-14:34:16 astaro-2 pluto[7484]: loaded CA cert file 'VPN Signing CA (Thu Feb 5 14:14:06 2009).pem' (3079 bytes)
2012:12:30-14:34:16 astaro-2 pluto[7484]: Changing to directory '/etc/ipsec.d/aacerts'
2012:12:30-14:34:16 astaro-2 pluto[7484]: Changing to directory '/etc/ipsec.d/ocspcerts'
2012:12:30-14:34:16 astaro-2 pluto[7484]: Changing to directory '/etc/ipsec.d/crls'
2012:12:30-14:34:16 astaro-2 pluto[7484]: HA System active! Switch to Master mode to listen for IKE messages
2012:12:30-14:34:16 astaro-2 pluto[7484]: adding interface ipsec0/eth1 61.150.145.70:500
2012:12:30-14:34:16 astaro-2 pluto[7484]: adding interface ipsec0/eth1 61.150.145.70:4500
2012:12:30-14:34:16 astaro-2 pluto[7484]: loading secrets from "/etc/ipsec.secrets"
2012:12:30-14:34:16 astaro-2 pluto[7484]: | alg_info_parse_str() ealg_buf=aes aalg_buf=md5eklen=256 aklen=0
2012:12:30-14:34:16 astaro-2 pluto[7484]: | enum_search_prefix () calling enum_search(0x80c4564, "ESP_AES")
2012:12:30-14:34:16 astaro-2 pluto[7484]: | parser_alg_info_add() ealg_getbyname("aes")=12
2012:12:30-14:34:16 astaro-2 pluto[7484]: | enum_search_prefix () calling enum_search(0x80c46f8, "AUTH_ALGORITHM_HMAC_MD5")
2012:12:30-14:34:16 astaro-2 pluto[7484]: | parser_alg_info_add() aalg_getbyname("md5")=1
2012:12:30-14:34:16 astaro-2 pluto[7484]: | __alg_info_esp_add() ealg=12 aalg=1 cnt=1
2012:12:30-14:34:16 astaro-2 pluto[7484]: | esp string values: 12_256-1,
2012:12:30-14:34:16 astaro-2 pluto[7484]: | alg_info_parse_str() ealg_buf=aes aalg_buf=md5eklen=256 aklen=0
2012:12:30-14:34:16 astaro-2 pluto[7484]: | enum_search_prefix () calling enum_search(0x80c4798, "OAKLEY_AES")
2012:12:30-14:34:16 astaro-2 pluto[7484]: | enum_search_ppfixi () calling enum_search(0x80c4798, "OAKLEY_AES_CBC")
2012:12:30-14:34:16 astaro-2 pluto[7484]: | parser_alg_info_add() ealg_getbyname("aes")=7
2012:12:30-14:34:16 astaro-2 pluto[7484]: | enum_search_prefix () calling enum_search(0x80c47a8, "OAKLEY_MD5")
2012:12:30-14:34:16 astaro-2 pluto[7484]: | parser_alg_info_add() aalg_getbyname("md5")=1
2012:12:30-14:34:16 astaro-2 pluto[7484]: | enum_search_prefix () calling enum_search(0x80c47d8, "OAKLEY_GROUP_MODP1536")
2012:12:30-14:34:16 astaro-2 pluto[7484]: | parser_alg_info_add() modp_getbyname("modp1536")
2012:12:30-14:34:16 astaro-2 pluto[7484]: | __alg_info_ike_add() ealg=7 aalg=1 modp_id=5, cnt=1
2012:12:30-14:34:16 astaro-2 pluto[7484]: | ike string values: 7_256-1-5,
2012:12:30-14:34:16 astaro-2 pluto[7484]: | alg_info_addref() alg_info->ref_cnt=1
2012:12:30-14:34:16 astaro-2 pluto[7484]: | alg_info_addref() alg_info->ref_cnt=1
2012:12:30-14:34:16 astaro-2 pluto[7484]: added connection description "S_Site_to_Site_Branch-1_T
2012:12:30-14:34:16 astaro-2 pluto[7484]: | alg_info_parse_str() ealg_buf=aes aalg_buf=md5eklen=256 aklen=0
2012:12:30-14:34:16 astaro-2 pluto[7484]: | enum_search_prefix () calling enum_search(0x80c4564, "ESP_AES")
2012:12:30-14:34:16 astaro-2 pluto[7484]: | parser_alg_info_add() ealg_getbyname("aes")=12
2012:12:30-14:34:16 astaro-2 pluto[7484]: | enum_search_prefix () calling enum_search(0x80c46f8, "AUTH_ALGORITHM_HMAC_MD5")
2012:12:30-14:34:16 astaro-2 pluto[7484]: | parser_alg_info_add() aalg_getbyname("md5")=1
2012:12:30-14:34:16 astaro-2 pluto[7484]: | __alg_info_esp_add() ealg=12 aalg=1 cnt=1
2012:12:30-14:34:16 astaro-2 pluto[7484]: | esp string values: 12_256-1,
2012:12:30-14:34:16 astaro-2 pluto[7484]: | alg_info_parse_str() ealg_buf=aes aalg_buf=md5eklen=256 aklen=0
2012:12:30-14:34:16 astaro-2 pluto[7484]: | enum_search_prefix () calling enum_search(0x80c4798, "OAKLEY_AES")
2012:12:30-14:34:16 astaro-2 pluto[7484]: | enum_search_ppfixi () calling enum_search(0x80c4798, "OAKLEY_AES_CBC")
2012:12:30-14:34:16 astaro-2 pluto[7484]: | parser_alg_info_add() ealg_getbyname("aes")=7
2012:12:30-14:34:16 astaro-2 pluto[7484]: | enum_search_prefix () calling enum_search(0x80c47a8, "OAKLEY_MD5")
2012:12:30-14:34:16 astaro-2 pluto[7484]: | parser_alg_info_add() aalg_getbyname("md5")=1
2012:12:30-14:34:16 astaro-2 pluto[7484]: | enum_search_prefix () calling enum_search(0x80c47d8, "OAKLEY_GROUP_MODP1536")
2012:12:30-14:34:16 astaro-2 pluto[7484]: | parser_alg_info_add() modp_getbyname("modp1536")
2012:12:30-14:34:16 astaro-2 pluto[7484]: | __alg_info_ike_add() ealg=7 aalg=1 modp_id=5, cnt=1
2012:12:30-14:34:16 astaro-2 pluto[7484]: | ike string values: 7_256-1-5,
2012:12:30-14:34:16 astaro-2 pluto[7484]: | alg_info_addref() alg_info->ref_cnt=1
2012:12:30-14:34:16 astaro-2 pluto[7484]: | alg_info_addref() alg_info->ref_cnt=1
2012:12:30-14:34:16 astaro-2 pluto[7484]: added connection description "S_Site_to_Site_Branch-1"
2012:12:30-14:34:16 astaro-2 pluto[7484]: Pluto is now Slave
2012:12:30-14:34:21 astaro-1 pluto[16850]: Starting Pluto (strongSwan Version 4.2.3 THREADS LIBLDAP VENDORID CISCO_QUIRKS)
2012:12:30-14:34:21 astaro-1 pluto[16850]: including NAT-Traversal patch (Version 0.6c)
2012:12:30-14:34:21 astaro-1 pluto[16850]: ike_alg: Activating OAKLEY_AES_CBC encryption: Ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: ike_alg: Activating OAKLEY_BLOWFISH_CBC encryption: Ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: ike_alg: Activating OAKLEY_SERPENT_CBC encryption: Ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: ike_alg: Activating OAKLEY_SHA2_256 hash: Ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: ike_alg: Activating OAKLEY_SHA2_384 hash: Ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: ike_alg: Activating OAKLEY_SHA2_512 hash: Ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: ike_alg: Activating OAKLEY_TWOFISH_CBC encryption: Ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: ike_alg: Activating OAKLEY_TWOFISH_CBC_SSH encryption: Ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: Testing registered IKE encryption algorithms:
2012:12:30-14:34:21 astaro-1 pluto[16850]: OAKLEY_DES_CBC self-test not available
2012:12:30-14:34:21 astaro-1 pluto[16850]: OAKLEY_BLOWFISH_CBC self-test not available
2012:12:30-14:34:21 astaro-1 pluto[16850]: OAKLEY_3DES_CBC self-test not available
2012:12:30-14:34:21 astaro-1 pluto[16850]: OAKLEY_AES_CBC self-test not available
2012:12:30-14:34:21 astaro-1 pluto[16850]: OAKLEY_SERPENT_CBC self-test not available
2012:12:30-14:34:21 astaro-1 pluto[16850]: OAKLEY_TWOFISH_CBC self-test not available
2012:12:30-14:34:21 astaro-1 pluto[16850]: OAKLEY_TWOFISH_CBC_SSH self-test not available
2012:12:30-14:34:21 astaro-1 pluto[16850]: Testing registered IKE hash algorithms:
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hash testvector 0: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hash testvector 1: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hash testvector 2: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hash testvector 3: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hash testvector 4: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hash testvector 5: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hash testvector 6: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: OAKLEY_MD5 hash self-test passed
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hmac testvector 0: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hmac testvector 1: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hmac testvector 2: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hmac testvector 3: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hmac testvector 4: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hmac testvector 5: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: OAKLEY_MD5 hmac self-test passed
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hash testvector 0: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hash testvector 1: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hash testvector 2: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: OAKLEY_SHA hash self-test passed
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hmac testvector 0: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hmac testvector 1: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hmac testvector 2: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hmac testvector 3: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hmac testvector 4: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hmac testvector 5: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: OAKLEY_SHA hmac self-test passed
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hash testvector 0: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hash testvector 1: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hash testvector 2: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: OAKLEY_SHA2_256 hash self-test passed
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hmac testvector 0: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hmac testvector 1: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hmac testvector 2: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hmac testvector 3: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hmac testvector 4: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hmac testvector 5: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: OAKLEY_SHA2_256 hmac self-test passed
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hash testvector 0: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hash testvector 1: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hash testvector 2: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: OAKLEY_SHA2_384 hash self-test passed
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hmac testvector 0: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hmac testvector 1: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hmac testvector 2: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hmac testvector 3: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hmac testvector 4: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hmac testvector 5: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: OAKLEY_SHA2_384 hmac self-test passed
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hash testvector 0: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hash testvector 1: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hash testvector 2: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: OAKLEY_SHA2_512 hash self-test passed
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hmac testvector 0: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hmac testvector 1: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hmac testvector 2: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hmac testvector 3: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hmac testvector 4: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hmac testvector 5: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: OAKLEY_SHA2_512 hmac self-test passed
2012:12:30-14:34:21 astaro-1 pluto[16850]: All crypto self-tests passed
2012:12:30-14:34:21 astaro-1 pluto[16850]: Using KLIPS IPsec interface code
2012:12:30-14:34:21 astaro-1 pluto[16850]: HA system enabled and listen on interface eth3
2012:12:30-14:34:21 astaro-1 pluto[16850]: Initial HA switch to Master mode
2012:12:30-14:34:21 astaro-1 pluto[16850]: Changing to directory '/etc/ipsec.d/cacerts'
2012:12:30-14:34:21 astaro-1 pluto[16850]: loaded CA cert file 'VPN Signing CA.pem' (2938 bytes)
2012:12:30-14:34:21 astaro-1 pluto[16850]: loaded CA cert file 'VPN Signing CA (Thu Feb 5 14:14:06 2009).pem' (3079 bytes)
2012:12:30-14:34:21 astaro-1 pluto[16850]: Changing to directory '/etc/ipsec.d/aacerts'
2012:12:30-14:34:21 astaro-1 pluto[16850]: Changing to directory '/etc/ipsec.d/ocspcerts'
2012:12:30-14:34:21 astaro-1 pluto[16850]: Changing to directory '/etc/ipsec.d/crls'
2012:12:30-14:34:21 astaro-1 pluto[16850]: listening for IKE messages
2012:12:30-14:34:21 astaro-1 pluto[16850]: adding interface ipsec0/eth1 61.150.145.70:500
2012:12:30-14:34:21 astaro-1 pluto[16850]: adding interface ipsec0/eth1 61.150.145.70:4500
2012:12:30-14:34:21 astaro-1 pluto[16850]: loading secrets from "/etc/ipsec.secrets"
2012:12:30-14:34:21 astaro-1 pluto[16850]: | alg_info_parse_str() ealg_buf=aes aalg_buf=md5eklen=256 aklen=0
2012:12:30-14:34:21 astaro-1 pluto[16850]: | enum_search_prefix () calling enum_search(0x80c4564, "ESP_AES")
2012:12:30-14:34:21 astaro-1 pluto[16850]: | parser_alg_info_add() ealg_getbyname("aes")=12
2012:12:30-14:34:21 astaro-1 pluto[16850]: | enum_search_prefix () calling enum_search(0x80c46f8, "AUTH_ALGORITHM_HMAC_MD5")
2012:12:30-14:34:21 astaro-1 pluto[16850]: | parser_alg_info_add() aalg_getbyname("md5")=1
2012:12:30-14:34:21 astaro-1 pluto[16850]: | __alg_info_esp_add() ealg=12 aalg=1 cnt=1
2012:12:30-14:34:21 astaro-1 pluto[16850]: | esp string values: 12_256-1,
2012:12:30-14:34:21 astaro-1 pluto[16850]: | alg_info_parse_str() ealg_buf=aes aalg_buf=md5eklen=256 aklen=0
2012:12:30-14:34:21 astaro-1 pluto[16850]: | enum_search_prefix () calling enum_search(0x80c4798, "OAKLEY_AES")
2012:12:30-14:34:21 astaro-1 pluto[16850]: | enum_search_ppfixi () calling enum_search(0x80c4798, "OAKLEY_AES_CBC")
2012:12:30-14:34:21 astaro-1 pluto[16850]: | parser_alg_info_add() ealg_getbyname("aes")=7
2012:12:30-14:34:21 astaro-1 pluto[16850]: | enum_search_prefix () calling enum_search(0x80c47a8, "OAKLEY_MD5")
2012:12:30-14:34:21 astaro-1 pluto[16850]: | parser_alg_info_add() aalg_getbyname("md5")=1
2012:12:30-14:34:21 astaro-1 pluto[16850]: | enum_search_prefix () calling enum_search(0x80c47d8, "OAKLEY_GROUP_MODP1536")
2012:12:30-14:34:21 astaro-1 pluto[16850]: | parser_alg_info_add() modp_getbyname("modp1536")
2012:12:30-14:34:21 astaro-1 pluto[16850]: | __alg_info_ike_add() ealg=7 aalg=1 modp_id=5, cnt=1
2012:12:30-14:34:21 astaro-1 pluto[16850]: | ike string values: 7_256-1-5,
2012:12:30-14:34:21 astaro-1 pluto[16850]: | alg_info_addref() alg_info->ref_cnt=1
2012:12:30-14:34:21 astaro-1 pluto[16850]: | alg_info_addref() alg_info->ref_cnt=1
2012:12:30-14:34:21 astaro-1 pluto[16850]: added connection description "S_Site_to_Site_Branch-1_T
2012:12:30-14:34:21 astaro-1 pluto[16850]: | alg_info_parse_str() ealg_buf=aes aalg_buf=md5eklen=256 aklen=0
2012:12:30-14:34:21 astaro-1 pluto[16850]: | enum_search_prefix () calling enum_search(0x80c4564, "ESP_AES")
2012:12:30-14:34:21 astaro-1 pluto[16850]: | parser_alg_info_add() ealg_getbyname("aes")=12
2012:12:30-14:34:21 astaro-1 pluto[16850]: | enum_search_prefix () calling enum_search(0x80c46f8, "AUTH_ALGORITHM_HMAC_MD5")
2012:12:30-14:34:21 astaro-1 pluto[16850]: | parser_alg_info_add() aalg_getbyname("md5")=1
2012:12:30-14:34:21 astaro-1 pluto[16850]: | __alg_info_esp_add() ealg=12 aalg=1 cnt=1
2012:12:30-14:34:21 astaro-1 pluto[16850]: | esp string values: 12_256-1,
2012:12:30-14:34:21 astaro-1 pluto[16850]: | alg_info_parse_str() ealg_buf=aes aalg_buf=md5eklen=256 aklen=0
2012:12:30-14:34:21 astaro-1 pluto[16850]: | enum_search_prefix () calling enum_search(0x80c4798, "OAKLEY_AES")
2012:12:30-14:34:21 astaro-1 pluto[16850]: | enum_search_ppfixi () calling enum_search(0x80c4798, "OAKLEY_AES_CBC")
2012:12:30-14:34:21 astaro-1 pluto[16850]: | parser_alg_info_add() ealg_getbyname("aes")=7
2012:12:30-14:34:21 astaro-1 pluto[16850]: | enum_search_prefix () calling enum_search(0x80c47a8, "OAKLEY_MD5")
2012:12:30-14:34:21 astaro-1 pluto[16850]: | parser_alg_info_add() aalg_getbyname("md5")=1
2012:12:30-14:34:21 astaro-1 pluto[16850]: | enum_search_prefix () calling enum_search(0x80c47d8, "OAKLEY_GROUP_MODP1536")
2012:12:30-14:34:21 astaro-1 pluto[16850]: | parser_alg_info_add() modp_getbyname("modp1536")
2012:12:30-14:34:21 astaro-1 pluto[16850]: | __alg_info_ike_add() ealg=7 aalg=1 modp_id=5, cnt=1
2012:12:30-14:34:21 astaro-1 pluto[16850]: | ike string values: 7_256-1-5,
2012:12:30-14:34:21 astaro-1 pluto[16850]: | alg_info_addref() alg_info->ref_cnt=1
2012:12:30-14:34:21 astaro-1 pluto[16850]: | alg_info_addref() alg_info->ref_cnt=1
2012:12:30-14:34:21 astaro-1 pluto[16850]: added connection description "S_Site_to_Site_Branch-1"
2012:12:30-14:34:21 astaro-1 pluto[16850]: HA System: Pluto is already in Master mode
Here is the LIVE LOGS :
Live-Protokoll: IPSec-VPN
2012:12:30-13:16:04 astaro-2 pluto[851]: | kernel_alg_esp_auth_keylen
2012:12:30-13:16:04 astaro-2 pluto[851]: | kernel_alg_esp_auth_keylen
2012:12:30-13:56:02 astaro-1 pluto[9488]: | kernel_alg_esp_auth_keylen
2012:12:30-13:56:02 astaro-1 pluto[9488]: | kernel_alg_esp_auth_keylen
2012:12:30-14:11:05 astaro-2 pluto[851]: | kernel_alg_esp_auth_keylen
2012:12:30-14:11:06 astaro-2 pluto[851]: | kernel_alg_esp_auth_keylen
2012:12:30-14:32:56 astaro-1 pluto[9488]: | kernel_alg_esp_auth_keylen
2012:12:30-14:32:56 astaro-1 pluto[9488]: | kernel_alg_esp_auth_keylen
2012:12:30-14:33:04 astaro-1 pluto[9488]: | kernel_alg_esp_auth_keylen
2012:12:30-14:33:04 astaro-1 pluto[9488]: | kernel_alg_esp_auth_keylen
2012:12:30-14:33:55 astaro-2 pluto[851]: "S_Site_to_Site_Branch-1":
2012:12:30-14:33:55 astaro-2 pluto[851]: | alg_info_delref() alg_info->ref_cnt=0
2012:12:30-14:33:55 astaro-2 pluto[851]: | alg_info_delref() freeing alg_info
2012:12:30-14:33:55 astaro-2 pluto[851]: | alg_info_delref() alg_info->ref_cnt=0
2012:12:30-14:33:55 astaro-2 pluto[851]: | alg_info_delref() freeing alg_info
2012:12:30-14:33:55 astaro-2 pluto[851]: forgetting secrets
2012:12:30-14:33:55 astaro-2 pluto[851]: loading secrets from "/etc/ipsec.secrets"
2012:12:30-14:33:55 astaro-2 pluto[851]: Changing to directory '/etc/ipsec.d/cacerts'
2012:12:30-14:33:55 astaro-2 pluto[851]: loaded CA cert file 'VPN Signing CA.pem' (2938 bytes)
2012:12:30-14:33:55 astaro-2 pluto[851]: loaded CA cert file 'VPN Signing CA (Thu Feb 5 14:14:06 2009).pem' (3079 bytes)
2012:12:30-14:33:55 astaro-2 pluto[851]: Changing to directory '/etc/ipsec.d/aacerts'
2012:12:30-14:33:55 astaro-2 pluto[851]: Changing to directory '/etc/ipsec.d/ocspcerts'
2012:12:30-14:33:55 astaro-2 pluto[851]: Changing to directory '/etc/ipsec.d/crls'
2012:12:30-14:33:56 astaro-1 pluto[9488]: shutting down
2012:12:30-14:33:56 astaro-1 pluto[9488]: forgetting secrets
2012:12:30-14:33:56 astaro-1 pluto[9488]: "S_Site_to_Site_Branch-1":
2012:12:30-14:33:56 astaro-1 pluto[9488]: | alg_info_delref() alg_info->ref_cnt=0
2012:12:30-14:33:56 astaro-1 pluto[9488]: | alg_info_delref() freeing alg_info
2012:12:30-14:33:56 astaro-1 pluto[9488]: | alg_info_delref() alg_info->ref_cnt=0
2012:12:30-14:33:56 astaro-1 pluto[9488]: | alg_info_delref() freeing alg_info
2012:12:30-14:33:56 astaro-1 pluto[9488]: "S_Site_to_Site_Branch-1_T
2012:12:30-14:33:56 astaro-1 pluto[9488]: | alg_info_delref() alg_info->ref_cnt=0
2012:12:30-14:33:56 astaro-1 pluto[9488]: | alg_info_delref() freeing alg_info
2012:12:30-14:33:56 astaro-1 pluto[9488]: | alg_info_delref() alg_info->ref_cnt=0
2012:12:30-14:33:56 astaro-1 pluto[9488]: | alg_info_delref() freeing alg_info
2012:12:30-14:33:56 astaro-1 pluto[9488]: shutting down interface ipsec0/eth1 61.150.145.70
2012:12:30-14:33:56 astaro-1 pluto[9488]: shutting down interface ipsec0/eth1 61.150.145.70
2012:12:30-14:33:58 astaro-2 pluto[851]: shutting down
2012:12:30-14:33:58 astaro-2 pluto[851]: forgetting secrets
2012:12:30-14:33:58 astaro-2 pluto[851]: "S_Site_to_Site_Branch-1_T
2012:12:30-14:33:58 astaro-2 pluto[851]: | alg_info_delref() alg_info->ref_cnt=0
2012:12:30-14:33:58 astaro-2 pluto[851]: | alg_info_delref() freeing alg_info
2012:12:30-14:33:58 astaro-2 pluto[851]: | alg_info_delref() alg_info->ref_cnt=0
2012:12:30-14:33:58 astaro-2 pluto[851]: | alg_info_delref() freeing alg_info
2012:12:30-14:33:58 astaro-2 pluto[851]: shutting down interface ipsec0/eth1 61.150.145.70
2012:12:30-14:33:58 astaro-2 pluto[851]: shutting down interface ipsec0/eth1 61.150.145.70
2012:12:30-14:34:14 astaro-1 ipsec_starter[16733]: Starting strongSwan 4.2.3 IPsec [starter]...
2012:12:30-14:34:14 astaro-1 ipsec_starter[16744]: IP address or index of physical interface changed -> reinit of ipsec interface
2012:12:30-14:34:15 astaro-2 ipsec_starter[7456]: Starting strongSwan 4.2.3 IPsec [starter]...
2012:12:30-14:34:15 astaro-2 ipsec_starter[7467]: IP address or index of physical interface changed -> reinit of ipsec interface
2012:12:30-14:34:16 astaro-1 ipsec_starter[16744]: pluto too long to start... - kill kill
2012:12:30-14:34:16 astaro-1 ipsec_starter[16744]: pluto has died -- restart scheduled (5sec)
2012:12:30-14:34:16 astaro-2 pluto[7484]: Starting Pluto (strongSwan Version 4.2.3 THREADS LIBLDAP VENDORID CISCO_QUIRKS)
2012:12:30-14:34:16 astaro-2 pluto[7484]: including NAT-Traversal patch (Version 0.6c)
2012:12:30-14:34:16 astaro-2 pluto[7484]: ike_alg: Activating OAKLEY_AES_CBC encryption: Ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: ike_alg: Activating OAKLEY_BLOWFISH_CBC encryption: Ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: ike_alg: Activating OAKLEY_SERPENT_CBC encryption: Ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: ike_alg: Activating OAKLEY_SHA2_256 hash: Ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: ike_alg: Activating OAKLEY_SHA2_384 hash: Ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: ike_alg: Activating OAKLEY_SHA2_512 hash: Ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: ike_alg: Activating OAKLEY_TWOFISH_CBC encryption: Ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: ike_alg: Activating OAKLEY_TWOFISH_CBC_SSH encryption: Ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: Testing registered IKE encryption algorithms:
2012:12:30-14:34:16 astaro-2 pluto[7484]: OAKLEY_DES_CBC self-test not available
2012:12:30-14:34:16 astaro-2 pluto[7484]: OAKLEY_BLOWFISH_CBC self-test not available
2012:12:30-14:34:16 astaro-2 pluto[7484]: OAKLEY_3DES_CBC self-test not available
2012:12:30-14:34:16 astaro-2 pluto[7484]: OAKLEY_AES_CBC self-test not available
2012:12:30-14:34:16 astaro-2 pluto[7484]: OAKLEY_SERPENT_CBC self-test not available
2012:12:30-14:34:16 astaro-2 pluto[7484]: OAKLEY_TWOFISH_CBC self-test not available
2012:12:30-14:34:16 astaro-2 pluto[7484]: OAKLEY_TWOFISH_CBC_SSH self-test not available
2012:12:30-14:34:16 astaro-2 pluto[7484]: Testing registered IKE hash algorithms:
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hash testvector 0: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hash testvector 1: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hash testvector 2: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hash testvector 3: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hash testvector 4: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hash testvector 5: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hash testvector 6: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: OAKLEY_MD5 hash self-test passed
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hmac testvector 0: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hmac testvector 1: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hmac testvector 2: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hmac testvector 3: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hmac testvector 4: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hmac testvector 5: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: OAKLEY_MD5 hmac self-test passed
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hash testvector 0: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hash testvector 1: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hash testvector 2: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: OAKLEY_SHA hash self-test passed
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hmac testvector 0: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hmac testvector 1: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hmac testvector 2: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hmac testvector 3: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hmac testvector 4: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hmac testvector 5: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: OAKLEY_SHA hmac self-test passed
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hash testvector 0: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hash testvector 1: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hash testvector 2: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: OAKLEY_SHA2_256 hash self-test passed
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hmac testvector 0: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hmac testvector 1: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hmac testvector 2: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hmac testvector 3: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hmac testvector 4: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hmac testvector 5: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: OAKLEY_SHA2_256 hmac self-test passed
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hash testvector 0: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hash testvector 1: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hash testvector 2: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: OAKLEY_SHA2_384 hash self-test passed
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hmac testvector 0: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hmac testvector 1: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hmac testvector 2: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hmac testvector 3: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hmac testvector 4: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hmac testvector 5: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: OAKLEY_SHA2_384 hmac self-test passed
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hash testvector 0: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hash testvector 1: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hash testvector 2: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: OAKLEY_SHA2_512 hash self-test passed
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hmac testvector 0: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hmac testvector 1: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hmac testvector 2: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hmac testvector 3: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hmac testvector 4: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hmac testvector 5: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: OAKLEY_SHA2_512 hmac self-test passed
2012:12:30-14:34:16 astaro-2 pluto[7484]: All crypto self-tests passed
2012:12:30-14:34:16 astaro-2 pluto[7484]: Using KLIPS IPsec interface code
2012:12:30-14:34:16 astaro-2 pluto[7484]: HA system enabled and listen on interface eth3
2012:12:30-14:34:16 astaro-2 pluto[7484]: Changing to directory '/etc/ipsec.d/cacerts'
2012:12:30-14:34:16 astaro-2 pluto[7484]: loaded CA cert file 'VPN Signing CA.pem' (2938 bytes)
2012:12:30-14:34:16 astaro-2 pluto[7484]: loaded CA cert file 'VPN Signing CA (Thu Feb 5 14:14:06 2009).pem' (3079 bytes)
2012:12:30-14:34:16 astaro-2 pluto[7484]: Changing to directory '/etc/ipsec.d/aacerts'
2012:12:30-14:34:16 astaro-2 pluto[7484]: Changing to directory '/etc/ipsec.d/ocspcerts'
2012:12:30-14:34:16 astaro-2 pluto[7484]: Changing to directory '/etc/ipsec.d/crls'
2012:12:30-14:34:16 astaro-2 pluto[7484]: HA System active! Switch to Master mode to listen for IKE messages
2012:12:30-14:34:16 astaro-2 pluto[7484]: adding interface ipsec0/eth1 61.150.145.70:500
2012:12:30-14:34:16 astaro-2 pluto[7484]: adding interface ipsec0/eth1 61.150.145.70:4500
2012:12:30-14:34:16 astaro-2 pluto[7484]: loading secrets from "/etc/ipsec.secrets"
2012:12:30-14:34:16 astaro-2 pluto[7484]: | alg_info_parse_str() ealg_buf=aes aalg_buf=md5eklen=256 aklen=0
2012:12:30-14:34:16 astaro-2 pluto[7484]: | enum_search_prefix () calling enum_search(0x80c4564, "ESP_AES")
2012:12:30-14:34:16 astaro-2 pluto[7484]: | parser_alg_info_add() ealg_getbyname("aes")=12
2012:12:30-14:34:16 astaro-2 pluto[7484]: | enum_search_prefix () calling enum_search(0x80c46f8, "AUTH_ALGORITHM_HMAC_MD5")
2012:12:30-14:34:16 astaro-2 pluto[7484]: | parser_alg_info_add() aalg_getbyname("md5")=1
2012:12:30-14:34:16 astaro-2 pluto[7484]: | __alg_info_esp_add() ealg=12 aalg=1 cnt=1
2012:12:30-14:34:16 astaro-2 pluto[7484]: | esp string values: 12_256-1,
2012:12:30-14:34:16 astaro-2 pluto[7484]: | alg_info_parse_str() ealg_buf=aes aalg_buf=md5eklen=256 aklen=0
2012:12:30-14:34:16 astaro-2 pluto[7484]: | enum_search_prefix () calling enum_search(0x80c4798, "OAKLEY_AES")
2012:12:30-14:34:16 astaro-2 pluto[7484]: | enum_search_ppfixi () calling enum_search(0x80c4798, "OAKLEY_AES_CBC")
2012:12:30-14:34:16 astaro-2 pluto[7484]: | parser_alg_info_add() ealg_getbyname("aes")=7
2012:12:30-14:34:16 astaro-2 pluto[7484]: | enum_search_prefix () calling enum_search(0x80c47a8, "OAKLEY_MD5")
2012:12:30-14:34:16 astaro-2 pluto[7484]: | parser_alg_info_add() aalg_getbyname("md5")=1
2012:12:30-14:34:16 astaro-2 pluto[7484]: | enum_search_prefix () calling enum_search(0x80c47d8, "OAKLEY_GROUP_MODP1536")
2012:12:30-14:34:16 astaro-2 pluto[7484]: | parser_alg_info_add() modp_getbyname("modp1536")
2012:12:30-14:34:16 astaro-2 pluto[7484]: | __alg_info_ike_add() ealg=7 aalg=1 modp_id=5, cnt=1
2012:12:30-14:34:16 astaro-2 pluto[7484]: | ike string values: 7_256-1-5,
2012:12:30-14:34:16 astaro-2 pluto[7484]: | alg_info_addref() alg_info->ref_cnt=1
2012:12:30-14:34:16 astaro-2 pluto[7484]: | alg_info_addref() alg_info->ref_cnt=1
2012:12:30-14:34:16 astaro-2 pluto[7484]: added connection description "S_Site_to_Site_Branch-1_T
2012:12:30-14:34:16 astaro-2 pluto[7484]: | alg_info_parse_str() ealg_buf=aes aalg_buf=md5eklen=256 aklen=0
2012:12:30-14:34:16 astaro-2 pluto[7484]: | enum_search_prefix () calling enum_search(0x80c4564, "ESP_AES")
2012:12:30-14:34:16 astaro-2 pluto[7484]: | parser_alg_info_add() ealg_getbyname("aes")=12
2012:12:30-14:34:16 astaro-2 pluto[7484]: | enum_search_prefix () calling enum_search(0x80c46f8, "AUTH_ALGORITHM_HMAC_MD5")
2012:12:30-14:34:16 astaro-2 pluto[7484]: | parser_alg_info_add() aalg_getbyname("md5")=1
2012:12:30-14:34:16 astaro-2 pluto[7484]: | __alg_info_esp_add() ealg=12 aalg=1 cnt=1
2012:12:30-14:34:16 astaro-2 pluto[7484]: | esp string values: 12_256-1,
2012:12:30-14:34:16 astaro-2 pluto[7484]: | alg_info_parse_str() ealg_buf=aes aalg_buf=md5eklen=256 aklen=0
2012:12:30-14:34:16 astaro-2 pluto[7484]: | enum_search_prefix () calling enum_search(0x80c4798, "OAKLEY_AES")
2012:12:30-14:34:16 astaro-2 pluto[7484]: | enum_search_ppfixi () calling enum_search(0x80c4798, "OAKLEY_AES_CBC")
2012:12:30-14:34:16 astaro-2 pluto[7484]: | parser_alg_info_add() ealg_getbyname("aes")=7
2012:12:30-14:34:16 astaro-2 pluto[7484]: | enum_search_prefix () calling enum_search(0x80c47a8, "OAKLEY_MD5")
2012:12:30-14:34:16 astaro-2 pluto[7484]: | parser_alg_info_add() aalg_getbyname("md5")=1
2012:12:30-14:34:16 astaro-2 pluto[7484]: | enum_search_prefix () calling enum_search(0x80c47d8, "OAKLEY_GROUP_MODP1536")
2012:12:30-14:34:16 astaro-2 pluto[7484]: | parser_alg_info_add() modp_getbyname("modp1536")
2012:12:30-14:34:16 astaro-2 pluto[7484]: | __alg_info_ike_add() ealg=7 aalg=1 modp_id=5, cnt=1
2012:12:30-14:34:16 astaro-2 pluto[7484]: | ike string values: 7_256-1-5,
2012:12:30-14:34:16 astaro-2 pluto[7484]: | alg_info_addref() alg_info->ref_cnt=1
2012:12:30-14:34:16 astaro-2 pluto[7484]: | alg_info_addref() alg_info->ref_cnt=1
2012:12:30-14:34:16 astaro-2 pluto[7484]: added connection description "S_Site_to_Site_Branch-1"
2012:12:30-14:34:16 astaro-2 pluto[7484]: Pluto is now Slave
2012:12:30-14:34:21 astaro-1 pluto[16850]: Starting Pluto (strongSwan Version 4.2.3 THREADS LIBLDAP VENDORID CISCO_QUIRKS)
2012:12:30-14:34:21 astaro-1 pluto[16850]: including NAT-Traversal patch (Version 0.6c)
2012:12:30-14:34:21 astaro-1 pluto[16850]: ike_alg: Activating OAKLEY_AES_CBC encryption: Ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: ike_alg: Activating OAKLEY_BLOWFISH_CBC encryption: Ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: ike_alg: Activating OAKLEY_SERPENT_CBC encryption: Ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: ike_alg: Activating OAKLEY_SHA2_256 hash: Ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: ike_alg: Activating OAKLEY_SHA2_384 hash: Ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: ike_alg: Activating OAKLEY_SHA2_512 hash: Ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: ike_alg: Activating OAKLEY_TWOFISH_CBC encryption: Ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: ike_alg: Activating OAKLEY_TWOFISH_CBC_SSH encryption: Ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: Testing registered IKE encryption algorithms:
2012:12:30-14:34:21 astaro-1 pluto[16850]: OAKLEY_DES_CBC self-test not available
2012:12:30-14:34:21 astaro-1 pluto[16850]: OAKLEY_BLOWFISH_CBC self-test not available
2012:12:30-14:34:21 astaro-1 pluto[16850]: OAKLEY_3DES_CBC self-test not available
2012:12:30-14:34:21 astaro-1 pluto[16850]: OAKLEY_AES_CBC self-test not available
2012:12:30-14:34:21 astaro-1 pluto[16850]: OAKLEY_SERPENT_CBC self-test not available
2012:12:30-14:34:21 astaro-1 pluto[16850]: OAKLEY_TWOFISH_CBC self-test not available
2012:12:30-14:34:21 astaro-1 pluto[16850]: OAKLEY_TWOFISH_CBC_SSH self-test not available
2012:12:30-14:34:21 astaro-1 pluto[16850]: Testing registered IKE hash algorithms:
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hash testvector 0: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hash testvector 1: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hash testvector 2: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hash testvector 3: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hash testvector 4: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hash testvector 5: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hash testvector 6: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: OAKLEY_MD5 hash self-test passed
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hmac testvector 0: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hmac testvector 1: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hmac testvector 2: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hmac testvector 3: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hmac testvector 4: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hmac testvector 5: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: OAKLEY_MD5 hmac self-test passed
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hash testvector 0: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hash testvector 1: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hash testvector 2: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: OAKLEY_SHA hash self-test passed
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hmac testvector 0: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hmac testvector 1: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hmac testvector 2: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hmac testvector 3: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hmac testvector 4: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hmac testvector 5: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: OAKLEY_SHA hmac self-test passed
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hash testvector 0: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hash testvector 1: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hash testvector 2: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: OAKLEY_SHA2_256 hash self-test passed
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hmac testvector 0: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hmac testvector 1: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hmac testvector 2: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hmac testvector 3: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hmac testvector 4: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hmac testvector 5: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: OAKLEY_SHA2_256 hmac self-test passed
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hash testvector 0: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hash testvector 1: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hash testvector 2: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: OAKLEY_SHA2_384 hash self-test passed
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hmac testvector 0: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hmac testvector 1: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hmac testvector 2: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hmac testvector 3: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hmac testvector 4: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hmac testvector 5: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: OAKLEY_SHA2_384 hmac self-test passed
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hash testvector 0: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hash testvector 1: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hash testvector 2: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: OAKLEY_SHA2_512 hash self-test passed
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hmac testvector 0: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hmac testvector 1: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hmac testvector 2: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hmac testvector 3: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hmac testvector 4: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hmac testvector 5: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: OAKLEY_SHA2_512 hmac self-test passed
2012:12:30-14:34:21 astaro-1 pluto[16850]: All crypto self-tests passed
2012:12:30-14:34:21 astaro-1 pluto[16850]: Using KLIPS IPsec interface code
2012:12:30-14:34:21 astaro-1 pluto[16850]: HA system enabled and listen on interface eth3
2012:12:30-14:34:21 astaro-1 pluto[16850]: Initial HA switch to Master mode
2012:12:30-14:34:21 astaro-1 pluto[16850]: Changing to directory '/etc/ipsec.d/cacerts'
2012:12:30-14:34:21 astaro-1 pluto[16850]: loaded CA cert file 'VPN Signing CA.pem' (2938 bytes)
2012:12:30-14:34:21 astaro-1 pluto[16850]: loaded CA cert file 'VPN Signing CA (Thu Feb 5 14:14:06 2009).pem' (3079 bytes)
2012:12:30-14:34:21 astaro-1 pluto[16850]: Changing to directory '/etc/ipsec.d/aacerts'
2012:12:30-14:34:21 astaro-1 pluto[16850]: Changing to directory '/etc/ipsec.d/ocspcerts'
2012:12:30-14:34:21 astaro-1 pluto[16850]: Changing to directory '/etc/ipsec.d/crls'
2012:12:30-14:34:21 astaro-1 pluto[16850]: listening for IKE messages
2012:12:30-14:34:21 astaro-1 pluto[16850]: adding interface ipsec0/eth1 61.150.145.70:500
2012:12:30-14:34:21 astaro-1 pluto[16850]: adding interface ipsec0/eth1 61.150.145.70:4500
2012:12:30-14:34:21 astaro-1 pluto[16850]: loading secrets from "/etc/ipsec.secrets"
2012:12:30-14:34:21 astaro-1 pluto[16850]: | alg_info_parse_str() ealg_buf=aes aalg_buf=md5eklen=256 aklen=0
2012:12:30-14:34:21 astaro-1 pluto[16850]: | enum_search_prefix () calling enum_search(0x80c4564, "ESP_AES")
2012:12:30-14:34:21 astaro-1 pluto[16850]: | parser_alg_info_add() ealg_getbyname("aes")=12
2012:12:30-14:34:21 astaro-1 pluto[16850]: | enum_search_prefix () calling enum_search(0x80c46f8, "AUTH_ALGORITHM_HMAC_MD5")
2012:12:30-14:34:21 astaro-1 pluto[16850]: | parser_alg_info_add() aalg_getbyname("md5")=1
2012:12:30-14:34:21 astaro-1 pluto[16850]: | __alg_info_esp_add() ealg=12 aalg=1 cnt=1
2012:12:30-14:34:21 astaro-1 pluto[16850]: | esp string values: 12_256-1,
2012:12:30-14:34:21 astaro-1 pluto[16850]: | alg_info_parse_str() ealg_buf=aes aalg_buf=md5eklen=256 aklen=0
2012:12:30-14:34:21 astaro-1 pluto[16850]: | enum_search_prefix () calling enum_search(0x80c4798, "OAKLEY_AES")
2012:12:30-14:34:21 astaro-1 pluto[16850]: | enum_search_ppfixi () calling enum_search(0x80c4798, "OAKLEY_AES_CBC")
2012:12:30-14:34:21 astaro-1 pluto[16850]: | parser_alg_info_add() ealg_getbyname("aes")=7
2012:12:30-14:34:21 astaro-1 pluto[16850]: | enum_search_prefix () calling enum_search(0x80c47a8, "OAKLEY_MD5")
2012:12:30-14:34:21 astaro-1 pluto[16850]: | parser_alg_info_add() aalg_getbyname("md5")=1
2012:12:30-14:34:21 astaro-1 pluto[16850]: | enum_search_prefix () calling enum_search(0x80c47d8, "OAKLEY_GROUP_MODP1536")
2012:12:30-14:34:21 astaro-1 pluto[16850]: | parser_alg_info_add() modp_getbyname("modp1536")
2012:12:30-14:34:21 astaro-1 pluto[16850]: | __alg_info_ike_add() ealg=7 aalg=1 modp_id=5, cnt=1
2012:12:30-14:34:21 astaro-1 pluto[16850]: | ike string values: 7_256-1-5,
2012:12:30-14:34:21 astaro-1 pluto[16850]: | alg_info_addref() alg_info->ref_cnt=1
2012:12:30-14:34:21 astaro-1 pluto[16850]: | alg_info_addref() alg_info->ref_cnt=1
2012:12:30-14:34:21 astaro-1 pluto[16850]: added connection description "S_Site_to_Site_Branch-1_T
2012:12:30-14:34:21 astaro-1 pluto[16850]: | alg_info_parse_str() ealg_buf=aes aalg_buf=md5eklen=256 aklen=0
2012:12:30-14:34:21 astaro-1 pluto[16850]: | enum_search_prefix () calling enum_search(0x80c4564, "ESP_AES")
2012:12:30-14:34:21 astaro-1 pluto[16850]: | parser_alg_info_add() ealg_getbyname("aes")=12
2012:12:30-14:34:21 astaro-1 pluto[16850]: | enum_search_prefix () calling enum_search(0x80c46f8, "AUTH_ALGORITHM_HMAC_MD5")
2012:12:30-14:34:21 astaro-1 pluto[16850]: | parser_alg_info_add() aalg_getbyname("md5")=1
2012:12:30-14:34:21 astaro-1 pluto[16850]: | __alg_info_esp_add() ealg=12 aalg=1 cnt=1
2012:12:30-14:34:21 astaro-1 pluto[16850]: | esp string values: 12_256-1,
2012:12:30-14:34:21 astaro-1 pluto[16850]: | alg_info_parse_str() ealg_buf=aes aalg_buf=md5eklen=256 aklen=0
2012:12:30-14:34:21 astaro-1 pluto[16850]: | enum_search_prefix () calling enum_search(0x80c4798, "OAKLEY_AES")
2012:12:30-14:34:21 astaro-1 pluto[16850]: | enum_search_ppfixi () calling enum_search(0x80c4798, "OAKLEY_AES_CBC")
2012:12:30-14:34:21 astaro-1 pluto[16850]: | parser_alg_info_add() ealg_getbyname("aes")=7
2012:12:30-14:34:21 astaro-1 pluto[16850]: | enum_search_prefix () calling enum_search(0x80c47a8, "OAKLEY_MD5")
2012:12:30-14:34:21 astaro-1 pluto[16850]: | parser_alg_info_add() aalg_getbyname("md5")=1
2012:12:30-14:34:21 astaro-1 pluto[16850]: | enum_search_prefix () calling enum_search(0x80c47d8, "OAKLEY_GROUP_MODP1536")
2012:12:30-14:34:21 astaro-1 pluto[16850]: | parser_alg_info_add() modp_getbyname("modp1536")
2012:12:30-14:34:21 astaro-1 pluto[16850]: | __alg_info_ike_add() ealg=7 aalg=1 modp_id=5, cnt=1
2012:12:30-14:34:21 astaro-1 pluto[16850]: | ike string values: 7_256-1-5,
2012:12:30-14:34:21 astaro-1 pluto[16850]: | alg_info_addref() alg_info->ref_cnt=1
2012:12:30-14:34:21 astaro-1 pluto[16850]: | alg_info_addref() alg_info->ref_cnt=1
2012:12:30-14:34:21 astaro-1 pluto[16850]: added connection description "S_Site_to_Site_Branch-1"
2012:12:30-14:34:21 astaro-1 pluto[16850]: HA System: Pluto is already in Master mode
That log is just talking about the boot process. No hint to info in regard of establishing a connection.
It is always a good idea to have a fallback remote access method, like TeamViewer or direct RDP, in case the VPN does not come up.
Anyway, if you try to initiate traffic from HQ to Branch-1, e.g. by pinging a remote IP, you should see something more in the logs. I'm certain strongSwan supports log levels to provide more detail, but I have no knowledge about that Open Source IPSec VPN software, and any Astaro-specific implementation of it.
It is always a good idea to have a fallback remote access method, like TeamViewer or direct RDP, in case the VPN does not come up.
Anyway, if you try to initiate traffic from HQ to Branch-1, e.g. by pinging a remote IP, you should see something more in the logs. I'm certain strongSwan supports log levels to provide more detail, but I have no knowledge about that Open Source IPSec VPN software, and any Astaro-specific implementation of it.
ASKER
no ping and Teamwiever works unfortunatily ,today i tried all options. :)
ASKER
Is the both sides must be the same firmware? Because my is not.After updated firmware on the HQ side then lost connections.
ASKER
i got this info:
ERROR: asynchronous network error report on eth1 for message to 212.40.85.14 port 500, complainant 212.40.85.14: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)]
ERROR: asynchronous network error report on eth1 for message to 212.40.85.14 port 500, complainant 212.40.85.14: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)]
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
ok thanks ,i will try
Thanks for accepting, but strictly seen, it is too early to do that, as the issue is not resolved yet. I'll continue to monitor this thread, and am able to reopen it if needed. Please post back whether the Firmware upgrade worked out for you.
ASKER
2012:12:21-20:48:26 pluto[6124]: "S_REF_mXgVgYJEgW_0"[2] 210.185.50.150#85: ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0xa2911282) not found (maybe expired)