The KN8164V features HD resolution of 1920 x 1200, FIPS 140-2 with level 1 security standards and virtual media transmissions at twice the speed. Built for reliability, the KN series provides local console and remote over IP access, ensuring 24/7 availability to all servers.
Course Of The Month
8 days, 13 hours left to enrollBecome a Premium Member and unlock a new, free course in leading technologies each month.
Solved
ASTARO Hardware Firewall SITE-TO-SITE VPN
Posted on 2012-12-29
I have 2 cites and both sides has astaro hardware firewall v7.
Bothsides:
firware version:7.512
AES-256
RSA key
I configured on the astaro city one(HQ)site-to-site VPN and the other City(our branch-1) too. They nearly one year worked witout Problem But sudennly something happend and stop connection between HQ and OUR BRANCH-1. 2 weeks ago both sites started sometimes lose connections .NOW NO MORE CONNECTIONS ANY MORE.
when lose connections then i look HQ astaro admin page->site-to-site VPN
site-to-site VPN our_Branch-1the status RED.
But IPSec section is Green.
any idea please?
Thanks
Bothsides:
firware version:7.512
AES-256
RSA key
I configured on the astaro city one(HQ)site-to-site VPN and the other City(our branch-1) too. They nearly one year worked witout Problem But sudennly something happend and stop connection between HQ and OUR BRANCH-1. 2 weeks ago both sites started sometimes lose connections .NOW NO MORE CONNECTIONS ANY MORE.
when lose connections then i look HQ astaro admin page->site-to-site VPN
site-to-site VPN our_Branch-1the status RED.
But IPSec section is Green.any idea please?
Thanks
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
-
7
4
11 Comments
I am not sure that Log message can give idea?
2012:12:21-20:48:26 pluto[6124]: "S_REF_mXgVgYJEgW_0"[2] 210.185.50.150#85: ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0xa2911282) not found (maybe expired)
2012:12:21-20:48:26 pluto[6124]: "S_REF_mXgVgYJEgW_0"[2] 210.185.50.150#85: ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0xa2911282) not found (maybe expired)
Active today
Ah, da is' ja der Apollo wieder ...
Looks like something in Phase 2 goes wrong. The SA Delete notif might come some time after the tunnel started negotiation - then the lifetimes are not the same on each side. If it comes shortly after initiation of the connection, one or more of the encryption/hash/DH settings, or Proxy IDs, are different.
If you do not have more in your logs, you should watch if the tunnel is up for more than one or two minutes after you re-initiate it. And you should have the log of the other site, of course.
By all means you should try to increase the log level, to get anything useful for troubleshooting. Usually you have to watch both sites to get a picture.
Looks like something in Phase 2 goes wrong. The SA Delete notif might come some time after the tunnel started negotiation - then the lifetimes are not the same on each side. If it comes shortly after initiation of the connection, one or more of the encryption/hash/DH settings, or Proxy IDs, are different.
If you do not have more in your logs, you should watch if the tunnel is up for more than one or two minutes after you re-initiate it. And you should have the log of the other site, of course.
By all means you should try to increase the log level, to get anything useful for troubleshooting. Usually you have to watch both sites to get a picture.
unfortunalitly i cant connect to see logs on the other side. Actually this connection lost problem happend after up2date firmware updated.
Here is the LIVE LOGS :
Live-Protokoll: IPSec-VPN
2012:12:30-13:16:04 astaro-2 pluto[851]: | kernel_alg_esp_auth_keylen
2012:12:30-13:16:04 astaro-2 pluto[851]: | kernel_alg_esp_auth_keylen
2012:12:30-13:56:02 astaro-1 pluto[9488]: | kernel_alg_esp_auth_keylen
2012:12:30-13:56:02 astaro-1 pluto[9488]: | kernel_alg_esp_auth_keylen
2012:12:30-14:11:05 astaro-2 pluto[851]: | kernel_alg_esp_auth_keylen
2012:12:30-14:11:06 astaro-2 pluto[851]: | kernel_alg_esp_auth_keylen
2012:12:30-14:32:56 astaro-1 pluto[9488]: | kernel_alg_esp_auth_keylen
2012:12:30-14:32:56 astaro-1 pluto[9488]: | kernel_alg_esp_auth_keylen
2012:12:30-14:33:04 astaro-1 pluto[9488]: | kernel_alg_esp_auth_keylen
2012:12:30-14:33:04 astaro-1 pluto[9488]: | kernel_alg_esp_auth_keylen
2012:12:30-14:33:55 astaro-2 pluto[851]: "S_Site_to_Site_Branch-1":
2012:12:30-14:33:55 astaro-2 pluto[851]: | alg_info_delref() alg_info->ref_cnt=0
2012:12:30-14:33:55 astaro-2 pluto[851]: | alg_info_delref() freeing alg_info
2012:12:30-14:33:55 astaro-2 pluto[851]: | alg_info_delref() alg_info->ref_cnt=0
2012:12:30-14:33:55 astaro-2 pluto[851]: | alg_info_delref() freeing alg_info
2012:12:30-14:33:55 astaro-2 pluto[851]: forgetting secrets
2012:12:30-14:33:55 astaro-2 pluto[851]: loading secrets from "/etc/ipsec.secrets"
2012:12:30-14:33:55 astaro-2 pluto[851]: Changing to directory '/etc/ipsec.d/cacerts'
2012:12:30-14:33:55 astaro-2 pluto[851]: loaded CA cert file 'VPN Signing CA.pem' (2938 bytes)
2012:12:30-14:33:55 astaro-2 pluto[851]: loaded CA cert file 'VPN Signing CA (Thu Feb 5 14:14:06 2009).pem' (3079 bytes)
2012:12:30-14:33:55 astaro-2 pluto[851]: Changing to directory '/etc/ipsec.d/aacerts'
2012:12:30-14:33:55 astaro-2 pluto[851]: Changing to directory '/etc/ipsec.d/ocspcerts'
2012:12:30-14:33:55 astaro-2 pluto[851]: Changing to directory '/etc/ipsec.d/crls'
2012:12:30-14:33:56 astaro-1 pluto[9488]: shutting down
2012:12:30-14:33:56 astaro-1 pluto[9488]: forgetting secrets
2012:12:30-14:33:56 astaro-1 pluto[9488]: "S_Site_to_Site_Branch-1":
2012:12:30-14:33:56 astaro-1 pluto[9488]: | alg_info_delref() alg_info->ref_cnt=0
2012:12:30-14:33:56 astaro-1 pluto[9488]: | alg_info_delref() freeing alg_info
2012:12:30-14:33:56 astaro-1 pluto[9488]: | alg_info_delref() alg_info->ref_cnt=0
2012:12:30-14:33:56 astaro-1 pluto[9488]: | alg_info_delref() freeing alg_info
2012:12:30-14:33:56 astaro-1 pluto[9488]: "S_Site_to_Site_Branch-1_T
2012:12:30-14:33:56 astaro-1 pluto[9488]: | alg_info_delref() alg_info->ref_cnt=0
2012:12:30-14:33:56 astaro-1 pluto[9488]: | alg_info_delref() freeing alg_info
2012:12:30-14:33:56 astaro-1 pluto[9488]: | alg_info_delref() alg_info->ref_cnt=0
2012:12:30-14:33:56 astaro-1 pluto[9488]: | alg_info_delref() freeing alg_info
2012:12:30-14:33:56 astaro-1 pluto[9488]: shutting down interface ipsec0/eth1 61.150.145.70
2012:12:30-14:33:56 astaro-1 pluto[9488]: shutting down interface ipsec0/eth1 61.150.145.70
2012:12:30-14:33:58 astaro-2 pluto[851]: shutting down
2012:12:30-14:33:58 astaro-2 pluto[851]: forgetting secrets
2012:12:30-14:33:58 astaro-2 pluto[851]: "S_Site_to_Site_Branch-1_T
2012:12:30-14:33:58 astaro-2 pluto[851]: | alg_info_delref() alg_info->ref_cnt=0
2012:12:30-14:33:58 astaro-2 pluto[851]: | alg_info_delref() freeing alg_info
2012:12:30-14:33:58 astaro-2 pluto[851]: | alg_info_delref() alg_info->ref_cnt=0
2012:12:30-14:33:58 astaro-2 pluto[851]: | alg_info_delref() freeing alg_info
2012:12:30-14:33:58 astaro-2 pluto[851]: shutting down interface ipsec0/eth1 61.150.145.70
2012:12:30-14:33:58 astaro-2 pluto[851]: shutting down interface ipsec0/eth1 61.150.145.70
2012:12:30-14:34:14 astaro-1 ipsec_starter[16733]: Starting strongSwan 4.2.3 IPsec [starter]...
2012:12:30-14:34:14 astaro-1 ipsec_starter[16744]: IP address or index of physical interface changed -> reinit of ipsec interface
2012:12:30-14:34:15 astaro-2 ipsec_starter[7456]: Starting strongSwan 4.2.3 IPsec [starter]...
2012:12:30-14:34:15 astaro-2 ipsec_starter[7467]: IP address or index of physical interface changed -> reinit of ipsec interface
2012:12:30-14:34:16 astaro-1 ipsec_starter[16744]: pluto too long to start... - kill kill
2012:12:30-14:34:16 astaro-1 ipsec_starter[16744]: pluto has died -- restart scheduled (5sec)
2012:12:30-14:34:16 astaro-2 pluto[7484]: Starting Pluto (strongSwan Version 4.2.3 THREADS LIBLDAP VENDORID CISCO_QUIRKS)
2012:12:30-14:34:16 astaro-2 pluto[7484]: including NAT-Traversal patch (Version 0.6c)
2012:12:30-14:34:16 astaro-2 pluto[7484]: ike_alg: Activating OAKLEY_AES_CBC encryption: Ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: ike_alg: Activating OAKLEY_BLOWFISH_CBC encryption: Ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: ike_alg: Activating OAKLEY_SERPENT_CBC encryption: Ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: ike_alg: Activating OAKLEY_SHA2_256 hash: Ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: ike_alg: Activating OAKLEY_SHA2_384 hash: Ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: ike_alg: Activating OAKLEY_SHA2_512 hash: Ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: ike_alg: Activating OAKLEY_TWOFISH_CBC encryption: Ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: ike_alg: Activating OAKLEY_TWOFISH_CBC_SSH encryption: Ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: Testing registered IKE encryption algorithms:
2012:12:30-14:34:16 astaro-2 pluto[7484]: OAKLEY_DES_CBC self-test not available
2012:12:30-14:34:16 astaro-2 pluto[7484]: OAKLEY_BLOWFISH_CBC self-test not available
2012:12:30-14:34:16 astaro-2 pluto[7484]: OAKLEY_3DES_CBC self-test not available
2012:12:30-14:34:16 astaro-2 pluto[7484]: OAKLEY_AES_CBC self-test not available
2012:12:30-14:34:16 astaro-2 pluto[7484]: OAKLEY_SERPENT_CBC self-test not available
2012:12:30-14:34:16 astaro-2 pluto[7484]: OAKLEY_TWOFISH_CBC self-test not available
2012:12:30-14:34:16 astaro-2 pluto[7484]: OAKLEY_TWOFISH_CBC_SSH self-test not available
2012:12:30-14:34:16 astaro-2 pluto[7484]: Testing registered IKE hash algorithms:
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hash testvector 0: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hash testvector 1: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hash testvector 2: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hash testvector 3: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hash testvector 4: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hash testvector 5: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hash testvector 6: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: OAKLEY_MD5 hash self-test passed
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hmac testvector 0: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hmac testvector 1: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hmac testvector 2: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hmac testvector 3: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hmac testvector 4: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hmac testvector 5: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: OAKLEY_MD5 hmac self-test passed
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hash testvector 0: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hash testvector 1: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hash testvector 2: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: OAKLEY_SHA hash self-test passed
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hmac testvector 0: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hmac testvector 1: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hmac testvector 2: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hmac testvector 3: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hmac testvector 4: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hmac testvector 5: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: OAKLEY_SHA hmac self-test passed
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hash testvector 0: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hash testvector 1: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hash testvector 2: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: OAKLEY_SHA2_256 hash self-test passed
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hmac testvector 0: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hmac testvector 1: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hmac testvector 2: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hmac testvector 3: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hmac testvector 4: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hmac testvector 5: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: OAKLEY_SHA2_256 hmac self-test passed
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hash testvector 0: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hash testvector 1: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hash testvector 2: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: OAKLEY_SHA2_384 hash self-test passed
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hmac testvector 0: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hmac testvector 1: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hmac testvector 2: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hmac testvector 3: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hmac testvector 4: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hmac testvector 5: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: OAKLEY_SHA2_384 hmac self-test passed
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hash testvector 0: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hash testvector 1: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hash testvector 2: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: OAKLEY_SHA2_512 hash self-test passed
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hmac testvector 0: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hmac testvector 1: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hmac testvector 2: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hmac testvector 3: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hmac testvector 4: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hmac testvector 5: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: OAKLEY_SHA2_512 hmac self-test passed
2012:12:30-14:34:16 astaro-2 pluto[7484]: All crypto self-tests passed
2012:12:30-14:34:16 astaro-2 pluto[7484]: Using KLIPS IPsec interface code
2012:12:30-14:34:16 astaro-2 pluto[7484]: HA system enabled and listen on interface eth3
2012:12:30-14:34:16 astaro-2 pluto[7484]: Changing to directory '/etc/ipsec.d/cacerts'
2012:12:30-14:34:16 astaro-2 pluto[7484]: loaded CA cert file 'VPN Signing CA.pem' (2938 bytes)
2012:12:30-14:34:16 astaro-2 pluto[7484]: loaded CA cert file 'VPN Signing CA (Thu Feb 5 14:14:06 2009).pem' (3079 bytes)
2012:12:30-14:34:16 astaro-2 pluto[7484]: Changing to directory '/etc/ipsec.d/aacerts'
2012:12:30-14:34:16 astaro-2 pluto[7484]: Changing to directory '/etc/ipsec.d/ocspcerts'
2012:12:30-14:34:16 astaro-2 pluto[7484]: Changing to directory '/etc/ipsec.d/crls'
2012:12:30-14:34:16 astaro-2 pluto[7484]: HA System active! Switch to Master mode to listen for IKE messages
2012:12:30-14:34:16 astaro-2 pluto[7484]: adding interface ipsec0/eth1 61.150.145.70:500
2012:12:30-14:34:16 astaro-2 pluto[7484]: adding interface ipsec0/eth1 61.150.145.70:4500
2012:12:30-14:34:16 astaro-2 pluto[7484]: loading secrets from "/etc/ipsec.secrets"
2012:12:30-14:34:16 astaro-2 pluto[7484]: | alg_info_parse_str() ealg_buf=aes aalg_buf=md5eklen=256 aklen=0
2012:12:30-14:34:16 astaro-2 pluto[7484]: | enum_search_prefix () calling enum_search(0x80c4564, "ESP_AES")
2012:12:30-14:34:16 astaro-2 pluto[7484]: | parser_alg_info_add() ealg_getbyname("aes")=12
2012:12:30-14:34:16 astaro-2 pluto[7484]: | enum_search_prefix () calling enum_search(0x80c46f8, "AUTH_ALGORITHM_HMAC_MD5")
2012:12:30-14:34:16 astaro-2 pluto[7484]: | parser_alg_info_add() aalg_getbyname("md5")=1
2012:12:30-14:34:16 astaro-2 pluto[7484]: | __alg_info_esp_add() ealg=12 aalg=1 cnt=1
2012:12:30-14:34:16 astaro-2 pluto[7484]: | esp string values: 12_256-1,
2012:12:30-14:34:16 astaro-2 pluto[7484]: | alg_info_parse_str() ealg_buf=aes aalg_buf=md5eklen=256 aklen=0
2012:12:30-14:34:16 astaro-2 pluto[7484]: | enum_search_prefix () calling enum_search(0x80c4798, "OAKLEY_AES")
2012:12:30-14:34:16 astaro-2 pluto[7484]: | enum_search_ppfixi () calling enum_search(0x80c4798, "OAKLEY_AES_CBC")
2012:12:30-14:34:16 astaro-2 pluto[7484]: | parser_alg_info_add() ealg_getbyname("aes")=7
2012:12:30-14:34:16 astaro-2 pluto[7484]: | enum_search_prefix () calling enum_search(0x80c47a8, "OAKLEY_MD5")
2012:12:30-14:34:16 astaro-2 pluto[7484]: | parser_alg_info_add() aalg_getbyname("md5")=1
2012:12:30-14:34:16 astaro-2 pluto[7484]: | enum_search_prefix () calling enum_search(0x80c47d8, "OAKLEY_GROUP_MODP1536")
2012:12:30-14:34:16 astaro-2 pluto[7484]: | parser_alg_info_add() modp_getbyname("modp1536")
2012:12:30-14:34:16 astaro-2 pluto[7484]: | __alg_info_ike_add() ealg=7 aalg=1 modp_id=5, cnt=1
2012:12:30-14:34:16 astaro-2 pluto[7484]: | ike string values: 7_256-1-5,
2012:12:30-14:34:16 astaro-2 pluto[7484]: | alg_info_addref() alg_info->ref_cnt=1
2012:12:30-14:34:16 astaro-2 pluto[7484]: | alg_info_addref() alg_info->ref_cnt=1
2012:12:30-14:34:16 astaro-2 pluto[7484]: added connection description "S_Site_to_Site_Branch-1_T
2012:12:30-14:34:16 astaro-2 pluto[7484]: | alg_info_parse_str() ealg_buf=aes aalg_buf=md5eklen=256 aklen=0
2012:12:30-14:34:16 astaro-2 pluto[7484]: | enum_search_prefix () calling enum_search(0x80c4564, "ESP_AES")
2012:12:30-14:34:16 astaro-2 pluto[7484]: | parser_alg_info_add() ealg_getbyname("aes")=12
2012:12:30-14:34:16 astaro-2 pluto[7484]: | enum_search_prefix () calling enum_search(0x80c46f8, "AUTH_ALGORITHM_HMAC_MD5")
2012:12:30-14:34:16 astaro-2 pluto[7484]: | parser_alg_info_add() aalg_getbyname("md5")=1
2012:12:30-14:34:16 astaro-2 pluto[7484]: | __alg_info_esp_add() ealg=12 aalg=1 cnt=1
2012:12:30-14:34:16 astaro-2 pluto[7484]: | esp string values: 12_256-1,
2012:12:30-14:34:16 astaro-2 pluto[7484]: | alg_info_parse_str() ealg_buf=aes aalg_buf=md5eklen=256 aklen=0
2012:12:30-14:34:16 astaro-2 pluto[7484]: | enum_search_prefix () calling enum_search(0x80c4798, "OAKLEY_AES")
2012:12:30-14:34:16 astaro-2 pluto[7484]: | enum_search_ppfixi () calling enum_search(0x80c4798, "OAKLEY_AES_CBC")
2012:12:30-14:34:16 astaro-2 pluto[7484]: | parser_alg_info_add() ealg_getbyname("aes")=7
2012:12:30-14:34:16 astaro-2 pluto[7484]: | enum_search_prefix () calling enum_search(0x80c47a8, "OAKLEY_MD5")
2012:12:30-14:34:16 astaro-2 pluto[7484]: | parser_alg_info_add() aalg_getbyname("md5")=1
2012:12:30-14:34:16 astaro-2 pluto[7484]: | enum_search_prefix () calling enum_search(0x80c47d8, "OAKLEY_GROUP_MODP1536")
2012:12:30-14:34:16 astaro-2 pluto[7484]: | parser_alg_info_add() modp_getbyname("modp1536")
2012:12:30-14:34:16 astaro-2 pluto[7484]: | __alg_info_ike_add() ealg=7 aalg=1 modp_id=5, cnt=1
2012:12:30-14:34:16 astaro-2 pluto[7484]: | ike string values: 7_256-1-5,
2012:12:30-14:34:16 astaro-2 pluto[7484]: | alg_info_addref() alg_info->ref_cnt=1
2012:12:30-14:34:16 astaro-2 pluto[7484]: | alg_info_addref() alg_info->ref_cnt=1
2012:12:30-14:34:16 astaro-2 pluto[7484]: added connection description "S_Site_to_Site_Branch-1"
2012:12:30-14:34:16 astaro-2 pluto[7484]: Pluto is now Slave
2012:12:30-14:34:21 astaro-1 pluto[16850]: Starting Pluto (strongSwan Version 4.2.3 THREADS LIBLDAP VENDORID CISCO_QUIRKS)
2012:12:30-14:34:21 astaro-1 pluto[16850]: including NAT-Traversal patch (Version 0.6c)
2012:12:30-14:34:21 astaro-1 pluto[16850]: ike_alg: Activating OAKLEY_AES_CBC encryption: Ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: ike_alg: Activating OAKLEY_BLOWFISH_CBC encryption: Ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: ike_alg: Activating OAKLEY_SERPENT_CBC encryption: Ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: ike_alg: Activating OAKLEY_SHA2_256 hash: Ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: ike_alg: Activating OAKLEY_SHA2_384 hash: Ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: ike_alg: Activating OAKLEY_SHA2_512 hash: Ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: ike_alg: Activating OAKLEY_TWOFISH_CBC encryption: Ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: ike_alg: Activating OAKLEY_TWOFISH_CBC_SSH encryption: Ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: Testing registered IKE encryption algorithms:
2012:12:30-14:34:21 astaro-1 pluto[16850]: OAKLEY_DES_CBC self-test not available
2012:12:30-14:34:21 astaro-1 pluto[16850]: OAKLEY_BLOWFISH_CBC self-test not available
2012:12:30-14:34:21 astaro-1 pluto[16850]: OAKLEY_3DES_CBC self-test not available
2012:12:30-14:34:21 astaro-1 pluto[16850]: OAKLEY_AES_CBC self-test not available
2012:12:30-14:34:21 astaro-1 pluto[16850]: OAKLEY_SERPENT_CBC self-test not available
2012:12:30-14:34:21 astaro-1 pluto[16850]: OAKLEY_TWOFISH_CBC self-test not available
2012:12:30-14:34:21 astaro-1 pluto[16850]: OAKLEY_TWOFISH_CBC_SSH self-test not available
2012:12:30-14:34:21 astaro-1 pluto[16850]: Testing registered IKE hash algorithms:
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hash testvector 0: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hash testvector 1: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hash testvector 2: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hash testvector 3: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hash testvector 4: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hash testvector 5: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hash testvector 6: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: OAKLEY_MD5 hash self-test passed
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hmac testvector 0: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hmac testvector 1: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hmac testvector 2: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hmac testvector 3: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hmac testvector 4: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hmac testvector 5: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: OAKLEY_MD5 hmac self-test passed
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hash testvector 0: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hash testvector 1: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hash testvector 2: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: OAKLEY_SHA hash self-test passed
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hmac testvector 0: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hmac testvector 1: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hmac testvector 2: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hmac testvector 3: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hmac testvector 4: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hmac testvector 5: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: OAKLEY_SHA hmac self-test passed
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hash testvector 0: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hash testvector 1: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hash testvector 2: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: OAKLEY_SHA2_256 hash self-test passed
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hmac testvector 0: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hmac testvector 1: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hmac testvector 2: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hmac testvector 3: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hmac testvector 4: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hmac testvector 5: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: OAKLEY_SHA2_256 hmac self-test passed
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hash testvector 0: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hash testvector 1: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hash testvector 2: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: OAKLEY_SHA2_384 hash self-test passed
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hmac testvector 0: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hmac testvector 1: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hmac testvector 2: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hmac testvector 3: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hmac testvector 4: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hmac testvector 5: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: OAKLEY_SHA2_384 hmac self-test passed
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hash testvector 0: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hash testvector 1: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hash testvector 2: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: OAKLEY_SHA2_512 hash self-test passed
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hmac testvector 0: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hmac testvector 1: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hmac testvector 2: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hmac testvector 3: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hmac testvector 4: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hmac testvector 5: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: OAKLEY_SHA2_512 hmac self-test passed
2012:12:30-14:34:21 astaro-1 pluto[16850]: All crypto self-tests passed
2012:12:30-14:34:21 astaro-1 pluto[16850]: Using KLIPS IPsec interface code
2012:12:30-14:34:21 astaro-1 pluto[16850]: HA system enabled and listen on interface eth3
2012:12:30-14:34:21 astaro-1 pluto[16850]: Initial HA switch to Master mode
2012:12:30-14:34:21 astaro-1 pluto[16850]: Changing to directory '/etc/ipsec.d/cacerts'
2012:12:30-14:34:21 astaro-1 pluto[16850]: loaded CA cert file 'VPN Signing CA.pem' (2938 bytes)
2012:12:30-14:34:21 astaro-1 pluto[16850]: loaded CA cert file 'VPN Signing CA (Thu Feb 5 14:14:06 2009).pem' (3079 bytes)
2012:12:30-14:34:21 astaro-1 pluto[16850]: Changing to directory '/etc/ipsec.d/aacerts'
2012:12:30-14:34:21 astaro-1 pluto[16850]: Changing to directory '/etc/ipsec.d/ocspcerts'
2012:12:30-14:34:21 astaro-1 pluto[16850]: Changing to directory '/etc/ipsec.d/crls'
2012:12:30-14:34:21 astaro-1 pluto[16850]: listening for IKE messages
2012:12:30-14:34:21 astaro-1 pluto[16850]: adding interface ipsec0/eth1 61.150.145.70:500
2012:12:30-14:34:21 astaro-1 pluto[16850]: adding interface ipsec0/eth1 61.150.145.70:4500
2012:12:30-14:34:21 astaro-1 pluto[16850]: loading secrets from "/etc/ipsec.secrets"
2012:12:30-14:34:21 astaro-1 pluto[16850]: | alg_info_parse_str() ealg_buf=aes aalg_buf=md5eklen=256 aklen=0
2012:12:30-14:34:21 astaro-1 pluto[16850]: | enum_search_prefix () calling enum_search(0x80c4564, "ESP_AES")
2012:12:30-14:34:21 astaro-1 pluto[16850]: | parser_alg_info_add() ealg_getbyname("aes")=12
2012:12:30-14:34:21 astaro-1 pluto[16850]: | enum_search_prefix () calling enum_search(0x80c46f8, "AUTH_ALGORITHM_HMAC_MD5")
2012:12:30-14:34:21 astaro-1 pluto[16850]: | parser_alg_info_add() aalg_getbyname("md5")=1
2012:12:30-14:34:21 astaro-1 pluto[16850]: | __alg_info_esp_add() ealg=12 aalg=1 cnt=1
2012:12:30-14:34:21 astaro-1 pluto[16850]: | esp string values: 12_256-1,
2012:12:30-14:34:21 astaro-1 pluto[16850]: | alg_info_parse_str() ealg_buf=aes aalg_buf=md5eklen=256 aklen=0
2012:12:30-14:34:21 astaro-1 pluto[16850]: | enum_search_prefix () calling enum_search(0x80c4798, "OAKLEY_AES")
2012:12:30-14:34:21 astaro-1 pluto[16850]: | enum_search_ppfixi () calling enum_search(0x80c4798, "OAKLEY_AES_CBC")
2012:12:30-14:34:21 astaro-1 pluto[16850]: | parser_alg_info_add() ealg_getbyname("aes")=7
2012:12:30-14:34:21 astaro-1 pluto[16850]: | enum_search_prefix () calling enum_search(0x80c47a8, "OAKLEY_MD5")
2012:12:30-14:34:21 astaro-1 pluto[16850]: | parser_alg_info_add() aalg_getbyname("md5")=1
2012:12:30-14:34:21 astaro-1 pluto[16850]: | enum_search_prefix () calling enum_search(0x80c47d8, "OAKLEY_GROUP_MODP1536")
2012:12:30-14:34:21 astaro-1 pluto[16850]: | parser_alg_info_add() modp_getbyname("modp1536")
2012:12:30-14:34:21 astaro-1 pluto[16850]: | __alg_info_ike_add() ealg=7 aalg=1 modp_id=5, cnt=1
2012:12:30-14:34:21 astaro-1 pluto[16850]: | ike string values: 7_256-1-5,
2012:12:30-14:34:21 astaro-1 pluto[16850]: | alg_info_addref() alg_info->ref_cnt=1
2012:12:30-14:34:21 astaro-1 pluto[16850]: | alg_info_addref() alg_info->ref_cnt=1
2012:12:30-14:34:21 astaro-1 pluto[16850]: added connection description "S_Site_to_Site_Branch-1_T
2012:12:30-14:34:21 astaro-1 pluto[16850]: | alg_info_parse_str() ealg_buf=aes aalg_buf=md5eklen=256 aklen=0
2012:12:30-14:34:21 astaro-1 pluto[16850]: | enum_search_prefix () calling enum_search(0x80c4564, "ESP_AES")
2012:12:30-14:34:21 astaro-1 pluto[16850]: | parser_alg_info_add() ealg_getbyname("aes")=12
2012:12:30-14:34:21 astaro-1 pluto[16850]: | enum_search_prefix () calling enum_search(0x80c46f8, "AUTH_ALGORITHM_HMAC_MD5")
2012:12:30-14:34:21 astaro-1 pluto[16850]: | parser_alg_info_add() aalg_getbyname("md5")=1
2012:12:30-14:34:21 astaro-1 pluto[16850]: | __alg_info_esp_add() ealg=12 aalg=1 cnt=1
2012:12:30-14:34:21 astaro-1 pluto[16850]: | esp string values: 12_256-1,
2012:12:30-14:34:21 astaro-1 pluto[16850]: | alg_info_parse_str() ealg_buf=aes aalg_buf=md5eklen=256 aklen=0
2012:12:30-14:34:21 astaro-1 pluto[16850]: | enum_search_prefix () calling enum_search(0x80c4798, "OAKLEY_AES")
2012:12:30-14:34:21 astaro-1 pluto[16850]: | enum_search_ppfixi () calling enum_search(0x80c4798, "OAKLEY_AES_CBC")
2012:12:30-14:34:21 astaro-1 pluto[16850]: | parser_alg_info_add() ealg_getbyname("aes")=7
2012:12:30-14:34:21 astaro-1 pluto[16850]: | enum_search_prefix () calling enum_search(0x80c47a8, "OAKLEY_MD5")
2012:12:30-14:34:21 astaro-1 pluto[16850]: | parser_alg_info_add() aalg_getbyname("md5")=1
2012:12:30-14:34:21 astaro-1 pluto[16850]: | enum_search_prefix () calling enum_search(0x80c47d8, "OAKLEY_GROUP_MODP1536")
2012:12:30-14:34:21 astaro-1 pluto[16850]: | parser_alg_info_add() modp_getbyname("modp1536")
2012:12:30-14:34:21 astaro-1 pluto[16850]: | __alg_info_ike_add() ealg=7 aalg=1 modp_id=5, cnt=1
2012:12:30-14:34:21 astaro-1 pluto[16850]: | ike string values: 7_256-1-5,
2012:12:30-14:34:21 astaro-1 pluto[16850]: | alg_info_addref() alg_info->ref_cnt=1
2012:12:30-14:34:21 astaro-1 pluto[16850]: | alg_info_addref() alg_info->ref_cnt=1
2012:12:30-14:34:21 astaro-1 pluto[16850]: added connection description "S_Site_to_Site_Branch-1"
2012:12:30-14:34:21 astaro-1 pluto[16850]: HA System: Pluto is already in Master mode
Here is the LIVE LOGS :
Live-Protokoll: IPSec-VPN
2012:12:30-13:16:04 astaro-2 pluto[851]: | kernel_alg_esp_auth_keylen
2012:12:30-13:16:04 astaro-2 pluto[851]: | kernel_alg_esp_auth_keylen
2012:12:30-13:56:02 astaro-1 pluto[9488]: | kernel_alg_esp_auth_keylen
2012:12:30-13:56:02 astaro-1 pluto[9488]: | kernel_alg_esp_auth_keylen
2012:12:30-14:11:05 astaro-2 pluto[851]: | kernel_alg_esp_auth_keylen
2012:12:30-14:11:06 astaro-2 pluto[851]: | kernel_alg_esp_auth_keylen
2012:12:30-14:32:56 astaro-1 pluto[9488]: | kernel_alg_esp_auth_keylen
2012:12:30-14:32:56 astaro-1 pluto[9488]: | kernel_alg_esp_auth_keylen
2012:12:30-14:33:04 astaro-1 pluto[9488]: | kernel_alg_esp_auth_keylen
2012:12:30-14:33:04 astaro-1 pluto[9488]: | kernel_alg_esp_auth_keylen
2012:12:30-14:33:55 astaro-2 pluto[851]: "S_Site_to_Site_Branch-1":
2012:12:30-14:33:55 astaro-2 pluto[851]: | alg_info_delref() alg_info->ref_cnt=0
2012:12:30-14:33:55 astaro-2 pluto[851]: | alg_info_delref() freeing alg_info
2012:12:30-14:33:55 astaro-2 pluto[851]: | alg_info_delref() alg_info->ref_cnt=0
2012:12:30-14:33:55 astaro-2 pluto[851]: | alg_info_delref() freeing alg_info
2012:12:30-14:33:55 astaro-2 pluto[851]: forgetting secrets
2012:12:30-14:33:55 astaro-2 pluto[851]: loading secrets from "/etc/ipsec.secrets"
2012:12:30-14:33:55 astaro-2 pluto[851]: Changing to directory '/etc/ipsec.d/cacerts'
2012:12:30-14:33:55 astaro-2 pluto[851]: loaded CA cert file 'VPN Signing CA.pem' (2938 bytes)
2012:12:30-14:33:55 astaro-2 pluto[851]: loaded CA cert file 'VPN Signing CA (Thu Feb 5 14:14:06 2009).pem' (3079 bytes)
2012:12:30-14:33:55 astaro-2 pluto[851]: Changing to directory '/etc/ipsec.d/aacerts'
2012:12:30-14:33:55 astaro-2 pluto[851]: Changing to directory '/etc/ipsec.d/ocspcerts'
2012:12:30-14:33:55 astaro-2 pluto[851]: Changing to directory '/etc/ipsec.d/crls'
2012:12:30-14:33:56 astaro-1 pluto[9488]: shutting down
2012:12:30-14:33:56 astaro-1 pluto[9488]: forgetting secrets
2012:12:30-14:33:56 astaro-1 pluto[9488]: "S_Site_to_Site_Branch-1":
2012:12:30-14:33:56 astaro-1 pluto[9488]: | alg_info_delref() alg_info->ref_cnt=0
2012:12:30-14:33:56 astaro-1 pluto[9488]: | alg_info_delref() freeing alg_info
2012:12:30-14:33:56 astaro-1 pluto[9488]: | alg_info_delref() alg_info->ref_cnt=0
2012:12:30-14:33:56 astaro-1 pluto[9488]: | alg_info_delref() freeing alg_info
2012:12:30-14:33:56 astaro-1 pluto[9488]: "S_Site_to_Site_Branch-1_T
2012:12:30-14:33:56 astaro-1 pluto[9488]: | alg_info_delref() alg_info->ref_cnt=0
2012:12:30-14:33:56 astaro-1 pluto[9488]: | alg_info_delref() freeing alg_info
2012:12:30-14:33:56 astaro-1 pluto[9488]: | alg_info_delref() alg_info->ref_cnt=0
2012:12:30-14:33:56 astaro-1 pluto[9488]: | alg_info_delref() freeing alg_info
2012:12:30-14:33:56 astaro-1 pluto[9488]: shutting down interface ipsec0/eth1 61.150.145.70
2012:12:30-14:33:56 astaro-1 pluto[9488]: shutting down interface ipsec0/eth1 61.150.145.70
2012:12:30-14:33:58 astaro-2 pluto[851]: shutting down
2012:12:30-14:33:58 astaro-2 pluto[851]: forgetting secrets
2012:12:30-14:33:58 astaro-2 pluto[851]: "S_Site_to_Site_Branch-1_T
2012:12:30-14:33:58 astaro-2 pluto[851]: | alg_info_delref() alg_info->ref_cnt=0
2012:12:30-14:33:58 astaro-2 pluto[851]: | alg_info_delref() freeing alg_info
2012:12:30-14:33:58 astaro-2 pluto[851]: | alg_info_delref() alg_info->ref_cnt=0
2012:12:30-14:33:58 astaro-2 pluto[851]: | alg_info_delref() freeing alg_info
2012:12:30-14:33:58 astaro-2 pluto[851]: shutting down interface ipsec0/eth1 61.150.145.70
2012:12:30-14:33:58 astaro-2 pluto[851]: shutting down interface ipsec0/eth1 61.150.145.70
2012:12:30-14:34:14 astaro-1 ipsec_starter[16733]: Starting strongSwan 4.2.3 IPsec [starter]...
2012:12:30-14:34:14 astaro-1 ipsec_starter[16744]: IP address or index of physical interface changed -> reinit of ipsec interface
2012:12:30-14:34:15 astaro-2 ipsec_starter[7456]: Starting strongSwan 4.2.3 IPsec [starter]...
2012:12:30-14:34:15 astaro-2 ipsec_starter[7467]: IP address or index of physical interface changed -> reinit of ipsec interface
2012:12:30-14:34:16 astaro-1 ipsec_starter[16744]: pluto too long to start... - kill kill
2012:12:30-14:34:16 astaro-1 ipsec_starter[16744]: pluto has died -- restart scheduled (5sec)
2012:12:30-14:34:16 astaro-2 pluto[7484]: Starting Pluto (strongSwan Version 4.2.3 THREADS LIBLDAP VENDORID CISCO_QUIRKS)
2012:12:30-14:34:16 astaro-2 pluto[7484]: including NAT-Traversal patch (Version 0.6c)
2012:12:30-14:34:16 astaro-2 pluto[7484]: ike_alg: Activating OAKLEY_AES_CBC encryption: Ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: ike_alg: Activating OAKLEY_BLOWFISH_CBC encryption: Ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: ike_alg: Activating OAKLEY_SERPENT_CBC encryption: Ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: ike_alg: Activating OAKLEY_SHA2_256 hash: Ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: ike_alg: Activating OAKLEY_SHA2_384 hash: Ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: ike_alg: Activating OAKLEY_SHA2_512 hash: Ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: ike_alg: Activating OAKLEY_TWOFISH_CBC encryption: Ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: ike_alg: Activating OAKLEY_TWOFISH_CBC_SSH encryption: Ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: Testing registered IKE encryption algorithms:
2012:12:30-14:34:16 astaro-2 pluto[7484]: OAKLEY_DES_CBC self-test not available
2012:12:30-14:34:16 astaro-2 pluto[7484]: OAKLEY_BLOWFISH_CBC self-test not available
2012:12:30-14:34:16 astaro-2 pluto[7484]: OAKLEY_3DES_CBC self-test not available
2012:12:30-14:34:16 astaro-2 pluto[7484]: OAKLEY_AES_CBC self-test not available
2012:12:30-14:34:16 astaro-2 pluto[7484]: OAKLEY_SERPENT_CBC self-test not available
2012:12:30-14:34:16 astaro-2 pluto[7484]: OAKLEY_TWOFISH_CBC self-test not available
2012:12:30-14:34:16 astaro-2 pluto[7484]: OAKLEY_TWOFISH_CBC_SSH self-test not available
2012:12:30-14:34:16 astaro-2 pluto[7484]: Testing registered IKE hash algorithms:
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hash testvector 0: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hash testvector 1: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hash testvector 2: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hash testvector 3: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hash testvector 4: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hash testvector 5: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hash testvector 6: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: OAKLEY_MD5 hash self-test passed
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hmac testvector 0: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hmac testvector 1: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hmac testvector 2: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hmac testvector 3: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hmac testvector 4: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hmac testvector 5: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: OAKLEY_MD5 hmac self-test passed
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hash testvector 0: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hash testvector 1: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hash testvector 2: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: OAKLEY_SHA hash self-test passed
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hmac testvector 0: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hmac testvector 1: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hmac testvector 2: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hmac testvector 3: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hmac testvector 4: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hmac testvector 5: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: OAKLEY_SHA hmac self-test passed
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hash testvector 0: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hash testvector 1: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hash testvector 2: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: OAKLEY_SHA2_256 hash self-test passed
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hmac testvector 0: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hmac testvector 1: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hmac testvector 2: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hmac testvector 3: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hmac testvector 4: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hmac testvector 5: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: OAKLEY_SHA2_256 hmac self-test passed
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hash testvector 0: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hash testvector 1: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hash testvector 2: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: OAKLEY_SHA2_384 hash self-test passed
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hmac testvector 0: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hmac testvector 1: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hmac testvector 2: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hmac testvector 3: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hmac testvector 4: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hmac testvector 5: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: OAKLEY_SHA2_384 hmac self-test passed
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hash testvector 0: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hash testvector 1: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hash testvector 2: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: OAKLEY_SHA2_512 hash self-test passed
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hmac testvector 0: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hmac testvector 1: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hmac testvector 2: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hmac testvector 3: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hmac testvector 4: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: | hmac testvector 5: ok
2012:12:30-14:34:16 astaro-2 pluto[7484]: OAKLEY_SHA2_512 hmac self-test passed
2012:12:30-14:34:16 astaro-2 pluto[7484]: All crypto self-tests passed
2012:12:30-14:34:16 astaro-2 pluto[7484]: Using KLIPS IPsec interface code
2012:12:30-14:34:16 astaro-2 pluto[7484]: HA system enabled and listen on interface eth3
2012:12:30-14:34:16 astaro-2 pluto[7484]: Changing to directory '/etc/ipsec.d/cacerts'
2012:12:30-14:34:16 astaro-2 pluto[7484]: loaded CA cert file 'VPN Signing CA.pem' (2938 bytes)
2012:12:30-14:34:16 astaro-2 pluto[7484]: loaded CA cert file 'VPN Signing CA (Thu Feb 5 14:14:06 2009).pem' (3079 bytes)
2012:12:30-14:34:16 astaro-2 pluto[7484]: Changing to directory '/etc/ipsec.d/aacerts'
2012:12:30-14:34:16 astaro-2 pluto[7484]: Changing to directory '/etc/ipsec.d/ocspcerts'
2012:12:30-14:34:16 astaro-2 pluto[7484]: Changing to directory '/etc/ipsec.d/crls'
2012:12:30-14:34:16 astaro-2 pluto[7484]: HA System active! Switch to Master mode to listen for IKE messages
2012:12:30-14:34:16 astaro-2 pluto[7484]: adding interface ipsec0/eth1 61.150.145.70:500
2012:12:30-14:34:16 astaro-2 pluto[7484]: adding interface ipsec0/eth1 61.150.145.70:4500
2012:12:30-14:34:16 astaro-2 pluto[7484]: loading secrets from "/etc/ipsec.secrets"
2012:12:30-14:34:16 astaro-2 pluto[7484]: | alg_info_parse_str() ealg_buf=aes aalg_buf=md5eklen=256 aklen=0
2012:12:30-14:34:16 astaro-2 pluto[7484]: | enum_search_prefix () calling enum_search(0x80c4564, "ESP_AES")
2012:12:30-14:34:16 astaro-2 pluto[7484]: | parser_alg_info_add() ealg_getbyname("aes")=12
2012:12:30-14:34:16 astaro-2 pluto[7484]: | enum_search_prefix () calling enum_search(0x80c46f8, "AUTH_ALGORITHM_HMAC_MD5")
2012:12:30-14:34:16 astaro-2 pluto[7484]: | parser_alg_info_add() aalg_getbyname("md5")=1
2012:12:30-14:34:16 astaro-2 pluto[7484]: | __alg_info_esp_add() ealg=12 aalg=1 cnt=1
2012:12:30-14:34:16 astaro-2 pluto[7484]: | esp string values: 12_256-1,
2012:12:30-14:34:16 astaro-2 pluto[7484]: | alg_info_parse_str() ealg_buf=aes aalg_buf=md5eklen=256 aklen=0
2012:12:30-14:34:16 astaro-2 pluto[7484]: | enum_search_prefix () calling enum_search(0x80c4798, "OAKLEY_AES")
2012:12:30-14:34:16 astaro-2 pluto[7484]: | enum_search_ppfixi () calling enum_search(0x80c4798, "OAKLEY_AES_CBC")
2012:12:30-14:34:16 astaro-2 pluto[7484]: | parser_alg_info_add() ealg_getbyname("aes")=7
2012:12:30-14:34:16 astaro-2 pluto[7484]: | enum_search_prefix () calling enum_search(0x80c47a8, "OAKLEY_MD5")
2012:12:30-14:34:16 astaro-2 pluto[7484]: | parser_alg_info_add() aalg_getbyname("md5")=1
2012:12:30-14:34:16 astaro-2 pluto[7484]: | enum_search_prefix () calling enum_search(0x80c47d8, "OAKLEY_GROUP_MODP1536")
2012:12:30-14:34:16 astaro-2 pluto[7484]: | parser_alg_info_add() modp_getbyname("modp1536")
2012:12:30-14:34:16 astaro-2 pluto[7484]: | __alg_info_ike_add() ealg=7 aalg=1 modp_id=5, cnt=1
2012:12:30-14:34:16 astaro-2 pluto[7484]: | ike string values: 7_256-1-5,
2012:12:30-14:34:16 astaro-2 pluto[7484]: | alg_info_addref() alg_info->ref_cnt=1
2012:12:30-14:34:16 astaro-2 pluto[7484]: | alg_info_addref() alg_info->ref_cnt=1
2012:12:30-14:34:16 astaro-2 pluto[7484]: added connection description "S_Site_to_Site_Branch-1_T
2012:12:30-14:34:16 astaro-2 pluto[7484]: | alg_info_parse_str() ealg_buf=aes aalg_buf=md5eklen=256 aklen=0
2012:12:30-14:34:16 astaro-2 pluto[7484]: | enum_search_prefix () calling enum_search(0x80c4564, "ESP_AES")
2012:12:30-14:34:16 astaro-2 pluto[7484]: | parser_alg_info_add() ealg_getbyname("aes")=12
2012:12:30-14:34:16 astaro-2 pluto[7484]: | enum_search_prefix () calling enum_search(0x80c46f8, "AUTH_ALGORITHM_HMAC_MD5")
2012:12:30-14:34:16 astaro-2 pluto[7484]: | parser_alg_info_add() aalg_getbyname("md5")=1
2012:12:30-14:34:16 astaro-2 pluto[7484]: | __alg_info_esp_add() ealg=12 aalg=1 cnt=1
2012:12:30-14:34:16 astaro-2 pluto[7484]: | esp string values: 12_256-1,
2012:12:30-14:34:16 astaro-2 pluto[7484]: | alg_info_parse_str() ealg_buf=aes aalg_buf=md5eklen=256 aklen=0
2012:12:30-14:34:16 astaro-2 pluto[7484]: | enum_search_prefix () calling enum_search(0x80c4798, "OAKLEY_AES")
2012:12:30-14:34:16 astaro-2 pluto[7484]: | enum_search_ppfixi () calling enum_search(0x80c4798, "OAKLEY_AES_CBC")
2012:12:30-14:34:16 astaro-2 pluto[7484]: | parser_alg_info_add() ealg_getbyname("aes")=7
2012:12:30-14:34:16 astaro-2 pluto[7484]: | enum_search_prefix () calling enum_search(0x80c47a8, "OAKLEY_MD5")
2012:12:30-14:34:16 astaro-2 pluto[7484]: | parser_alg_info_add() aalg_getbyname("md5")=1
2012:12:30-14:34:16 astaro-2 pluto[7484]: | enum_search_prefix () calling enum_search(0x80c47d8, "OAKLEY_GROUP_MODP1536")
2012:12:30-14:34:16 astaro-2 pluto[7484]: | parser_alg_info_add() modp_getbyname("modp1536")
2012:12:30-14:34:16 astaro-2 pluto[7484]: | __alg_info_ike_add() ealg=7 aalg=1 modp_id=5, cnt=1
2012:12:30-14:34:16 astaro-2 pluto[7484]: | ike string values: 7_256-1-5,
2012:12:30-14:34:16 astaro-2 pluto[7484]: | alg_info_addref() alg_info->ref_cnt=1
2012:12:30-14:34:16 astaro-2 pluto[7484]: | alg_info_addref() alg_info->ref_cnt=1
2012:12:30-14:34:16 astaro-2 pluto[7484]: added connection description "S_Site_to_Site_Branch-1"
2012:12:30-14:34:16 astaro-2 pluto[7484]: Pluto is now Slave
2012:12:30-14:34:21 astaro-1 pluto[16850]: Starting Pluto (strongSwan Version 4.2.3 THREADS LIBLDAP VENDORID CISCO_QUIRKS)
2012:12:30-14:34:21 astaro-1 pluto[16850]: including NAT-Traversal patch (Version 0.6c)
2012:12:30-14:34:21 astaro-1 pluto[16850]: ike_alg: Activating OAKLEY_AES_CBC encryption: Ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: ike_alg: Activating OAKLEY_BLOWFISH_CBC encryption: Ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: ike_alg: Activating OAKLEY_SERPENT_CBC encryption: Ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: ike_alg: Activating OAKLEY_SHA2_256 hash: Ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: ike_alg: Activating OAKLEY_SHA2_384 hash: Ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: ike_alg: Activating OAKLEY_SHA2_512 hash: Ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: ike_alg: Activating OAKLEY_TWOFISH_CBC encryption: Ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: ike_alg: Activating OAKLEY_TWOFISH_CBC_SSH encryption: Ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: Testing registered IKE encryption algorithms:
2012:12:30-14:34:21 astaro-1 pluto[16850]: OAKLEY_DES_CBC self-test not available
2012:12:30-14:34:21 astaro-1 pluto[16850]: OAKLEY_BLOWFISH_CBC self-test not available
2012:12:30-14:34:21 astaro-1 pluto[16850]: OAKLEY_3DES_CBC self-test not available
2012:12:30-14:34:21 astaro-1 pluto[16850]: OAKLEY_AES_CBC self-test not available
2012:12:30-14:34:21 astaro-1 pluto[16850]: OAKLEY_SERPENT_CBC self-test not available
2012:12:30-14:34:21 astaro-1 pluto[16850]: OAKLEY_TWOFISH_CBC self-test not available
2012:12:30-14:34:21 astaro-1 pluto[16850]: OAKLEY_TWOFISH_CBC_SSH self-test not available
2012:12:30-14:34:21 astaro-1 pluto[16850]: Testing registered IKE hash algorithms:
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hash testvector 0: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hash testvector 1: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hash testvector 2: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hash testvector 3: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hash testvector 4: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hash testvector 5: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hash testvector 6: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: OAKLEY_MD5 hash self-test passed
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hmac testvector 0: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hmac testvector 1: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hmac testvector 2: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hmac testvector 3: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hmac testvector 4: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hmac testvector 5: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: OAKLEY_MD5 hmac self-test passed
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hash testvector 0: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hash testvector 1: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hash testvector 2: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: OAKLEY_SHA hash self-test passed
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hmac testvector 0: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hmac testvector 1: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hmac testvector 2: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hmac testvector 3: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hmac testvector 4: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hmac testvector 5: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: OAKLEY_SHA hmac self-test passed
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hash testvector 0: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hash testvector 1: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hash testvector 2: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: OAKLEY_SHA2_256 hash self-test passed
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hmac testvector 0: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hmac testvector 1: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hmac testvector 2: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hmac testvector 3: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hmac testvector 4: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hmac testvector 5: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: OAKLEY_SHA2_256 hmac self-test passed
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hash testvector 0: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hash testvector 1: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hash testvector 2: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: OAKLEY_SHA2_384 hash self-test passed
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hmac testvector 0: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hmac testvector 1: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hmac testvector 2: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hmac testvector 3: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hmac testvector 4: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hmac testvector 5: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: OAKLEY_SHA2_384 hmac self-test passed
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hash testvector 0: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hash testvector 1: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hash testvector 2: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: OAKLEY_SHA2_512 hash self-test passed
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hmac testvector 0: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hmac testvector 1: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hmac testvector 2: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hmac testvector 3: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hmac testvector 4: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: | hmac testvector 5: ok
2012:12:30-14:34:21 astaro-1 pluto[16850]: OAKLEY_SHA2_512 hmac self-test passed
2012:12:30-14:34:21 astaro-1 pluto[16850]: All crypto self-tests passed
2012:12:30-14:34:21 astaro-1 pluto[16850]: Using KLIPS IPsec interface code
2012:12:30-14:34:21 astaro-1 pluto[16850]: HA system enabled and listen on interface eth3
2012:12:30-14:34:21 astaro-1 pluto[16850]: Initial HA switch to Master mode
2012:12:30-14:34:21 astaro-1 pluto[16850]: Changing to directory '/etc/ipsec.d/cacerts'
2012:12:30-14:34:21 astaro-1 pluto[16850]: loaded CA cert file 'VPN Signing CA.pem' (2938 bytes)
2012:12:30-14:34:21 astaro-1 pluto[16850]: loaded CA cert file 'VPN Signing CA (Thu Feb 5 14:14:06 2009).pem' (3079 bytes)
2012:12:30-14:34:21 astaro-1 pluto[16850]: Changing to directory '/etc/ipsec.d/aacerts'
2012:12:30-14:34:21 astaro-1 pluto[16850]: Changing to directory '/etc/ipsec.d/ocspcerts'
2012:12:30-14:34:21 astaro-1 pluto[16850]: Changing to directory '/etc/ipsec.d/crls'
2012:12:30-14:34:21 astaro-1 pluto[16850]: listening for IKE messages
2012:12:30-14:34:21 astaro-1 pluto[16850]: adding interface ipsec0/eth1 61.150.145.70:500
2012:12:30-14:34:21 astaro-1 pluto[16850]: adding interface ipsec0/eth1 61.150.145.70:4500
2012:12:30-14:34:21 astaro-1 pluto[16850]: loading secrets from "/etc/ipsec.secrets"
2012:12:30-14:34:21 astaro-1 pluto[16850]: | alg_info_parse_str() ealg_buf=aes aalg_buf=md5eklen=256 aklen=0
2012:12:30-14:34:21 astaro-1 pluto[16850]: | enum_search_prefix () calling enum_search(0x80c4564, "ESP_AES")
2012:12:30-14:34:21 astaro-1 pluto[16850]: | parser_alg_info_add() ealg_getbyname("aes")=12
2012:12:30-14:34:21 astaro-1 pluto[16850]: | enum_search_prefix () calling enum_search(0x80c46f8, "AUTH_ALGORITHM_HMAC_MD5")
2012:12:30-14:34:21 astaro-1 pluto[16850]: | parser_alg_info_add() aalg_getbyname("md5")=1
2012:12:30-14:34:21 astaro-1 pluto[16850]: | __alg_info_esp_add() ealg=12 aalg=1 cnt=1
2012:12:30-14:34:21 astaro-1 pluto[16850]: | esp string values: 12_256-1,
2012:12:30-14:34:21 astaro-1 pluto[16850]: | alg_info_parse_str() ealg_buf=aes aalg_buf=md5eklen=256 aklen=0
2012:12:30-14:34:21 astaro-1 pluto[16850]: | enum_search_prefix () calling enum_search(0x80c4798, "OAKLEY_AES")
2012:12:30-14:34:21 astaro-1 pluto[16850]: | enum_search_ppfixi () calling enum_search(0x80c4798, "OAKLEY_AES_CBC")
2012:12:30-14:34:21 astaro-1 pluto[16850]: | parser_alg_info_add() ealg_getbyname("aes")=7
2012:12:30-14:34:21 astaro-1 pluto[16850]: | enum_search_prefix () calling enum_search(0x80c47a8, "OAKLEY_MD5")
2012:12:30-14:34:21 astaro-1 pluto[16850]: | parser_alg_info_add() aalg_getbyname("md5")=1
2012:12:30-14:34:21 astaro-1 pluto[16850]: | enum_search_prefix () calling enum_search(0x80c47d8, "OAKLEY_GROUP_MODP1536")
2012:12:30-14:34:21 astaro-1 pluto[16850]: | parser_alg_info_add() modp_getbyname("modp1536")
2012:12:30-14:34:21 astaro-1 pluto[16850]: | __alg_info_ike_add() ealg=7 aalg=1 modp_id=5, cnt=1
2012:12:30-14:34:21 astaro-1 pluto[16850]: | ike string values: 7_256-1-5,
2012:12:30-14:34:21 astaro-1 pluto[16850]: | alg_info_addref() alg_info->ref_cnt=1
2012:12:30-14:34:21 astaro-1 pluto[16850]: | alg_info_addref() alg_info->ref_cnt=1
2012:12:30-14:34:21 astaro-1 pluto[16850]: added connection description "S_Site_to_Site_Branch-1_T
2012:12:30-14:34:21 astaro-1 pluto[16850]: | alg_info_parse_str() ealg_buf=aes aalg_buf=md5eklen=256 aklen=0
2012:12:30-14:34:21 astaro-1 pluto[16850]: | enum_search_prefix () calling enum_search(0x80c4564, "ESP_AES")
2012:12:30-14:34:21 astaro-1 pluto[16850]: | parser_alg_info_add() ealg_getbyname("aes")=12
2012:12:30-14:34:21 astaro-1 pluto[16850]: | enum_search_prefix () calling enum_search(0x80c46f8, "AUTH_ALGORITHM_HMAC_MD5")
2012:12:30-14:34:21 astaro-1 pluto[16850]: | parser_alg_info_add() aalg_getbyname("md5")=1
2012:12:30-14:34:21 astaro-1 pluto[16850]: | __alg_info_esp_add() ealg=12 aalg=1 cnt=1
2012:12:30-14:34:21 astaro-1 pluto[16850]: | esp string values: 12_256-1,
2012:12:30-14:34:21 astaro-1 pluto[16850]: | alg_info_parse_str() ealg_buf=aes aalg_buf=md5eklen=256 aklen=0
2012:12:30-14:34:21 astaro-1 pluto[16850]: | enum_search_prefix () calling enum_search(0x80c4798, "OAKLEY_AES")
2012:12:30-14:34:21 astaro-1 pluto[16850]: | enum_search_ppfixi () calling enum_search(0x80c4798, "OAKLEY_AES_CBC")
2012:12:30-14:34:21 astaro-1 pluto[16850]: | parser_alg_info_add() ealg_getbyname("aes")=7
2012:12:30-14:34:21 astaro-1 pluto[16850]: | enum_search_prefix () calling enum_search(0x80c47a8, "OAKLEY_MD5")
2012:12:30-14:34:21 astaro-1 pluto[16850]: | parser_alg_info_add() aalg_getbyname("md5")=1
2012:12:30-14:34:21 astaro-1 pluto[16850]: | enum_search_prefix () calling enum_search(0x80c47d8, "OAKLEY_GROUP_MODP1536")
2012:12:30-14:34:21 astaro-1 pluto[16850]: | parser_alg_info_add() modp_getbyname("modp1536")
2012:12:30-14:34:21 astaro-1 pluto[16850]: | __alg_info_ike_add() ealg=7 aalg=1 modp_id=5, cnt=1
2012:12:30-14:34:21 astaro-1 pluto[16850]: | ike string values: 7_256-1-5,
2012:12:30-14:34:21 astaro-1 pluto[16850]: | alg_info_addref() alg_info->ref_cnt=1
2012:12:30-14:34:21 astaro-1 pluto[16850]: | alg_info_addref() alg_info->ref_cnt=1
2012:12:30-14:34:21 astaro-1 pluto[16850]: added connection description "S_Site_to_Site_Branch-1"
2012:12:30-14:34:21 astaro-1 pluto[16850]: HA System: Pluto is already in Master mode
Active today
That log is just talking about the boot process. No hint to info in regard of establishing a connection.
It is always a good idea to have a fallback remote access method, like TeamViewer or direct RDP, in case the VPN does not come up.
Anyway, if you try to initiate traffic from HQ to Branch-1, e.g. by pinging a remote IP, you should see something more in the logs. I'm certain strongSwan supports log levels to provide more detail, but I have no knowledge about that Open Source IPSec VPN software, and any Astaro-specific implementation of it.
It is always a good idea to have a fallback remote access method, like TeamViewer or direct RDP, in case the VPN does not come up.
Anyway, if you try to initiate traffic from HQ to Branch-1, e.g. by pinging a remote IP, you should see something more in the logs. I'm certain strongSwan supports log levels to provide more detail, but I have no knowledge about that Open Source IPSec VPN software, and any Astaro-specific implementation of it.
Is the both sides must be the same firmware? Because my is not.After updated firmware on the HQ side then lost connections.
i got this info:
ERROR: asynchronous network error report on eth1 for message to 212.40.85.14 port 500, complainant 212.40.85.14: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)]
ERROR: asynchronous network error report on eth1 for message to 212.40.85.14 port 500, complainant 212.40.85.14: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)]
Active today
Usually a Firmware upgrade should not lead to communication issues - but that depends on whether there have been wiped out some inconsistencies leading to vulnerability, or something similar. Making both Astaro having the same Firmware would be my first approach in this case.
The other stuff doesn't tell anything more.
The other stuff doesn't tell anything more.
Featured Post
You might have a modern environment with all sorts of high-tech equipment, but what makes it worthwhile is how you seamlessly bring together the presentation with audio, video and lighting. The ATEN Control System provides integrated control and system automation.
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
Tired of waiting for your show or movie to load? Are buffering issues a constant problem with your internet connection? Check this article out to see if these simple adjustments are the solution for you.
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market. Every year, Cisco displays cutting-edge technol…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Suggested Courses
Earn Certification
HTML5 Specialist - Certification
Free withPremium
Course of the Month8 days, 13 hours left to enroll
615 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.