# Openswan "could not start conn "NetTunnel""

## DestroyFX

Hi everyone. I need to set un a VPN between 2 corp and I have a problem problem. I can etablish a tunnel And I got this error on the log "Jul 14 15:08:26 GmaxNet ipsec__plutorun: ...could not start conn "NetTunnel""

I have googled 3 hours today and 2 hours yesterday with no solution  :Sad:  Please help me if you can

Network schematic:

SUBNET=192.168.20.0/24

|

GATEWAY[Gentoo+Openswan] = 199.xxx.xxx.xxx (internet IP)

|

|

[TUNNEL]

|

|

GATEWAY[Fortigate 100] = 80.xxx.xxx.xxx (internet IP)

|

SUBNET = 192.168.40.0/24

Config in the fortigate100:

Phase 1:

            IP Address: 80.xxx.xxx.xxx (remote gateway)

            Mode: Main

            Authen Method: Preshare Key

            Key: A beautiful long key

            Accept Any peer ID

            Proposal: AES256/SHA1 & AES256/MD5

            DH Group: 5

            Keylife: 28800 sec.

            Local ID:

            XAuth: Disabled

            Nat-Traversal: True

            Dead Peer detection: True

Phase 2:

            Proposal: AES256/SHA1 & AES256/MD5

            Enable repay detection: True

            Enable perfect Forwart secrecy(PFS): True

            DH Group: 5

            Keylife: 28800 sec.

            Autokey Keep Alive: True

            Internet Browsing: False

My conf file:

-------------------------------------------------------------------------------------

# /etc/ipsec.conf - Openswan IPsec configuration file

# RCSID $Id: ipsec.conf.in,v 1.15.2.2 2005/11/14 20:10:27 paul Exp $

# This file:  /usr/share/doc/openswan-2.4.4/ipsec.conf-sample

#

# Manual:     ipsec.conf.5

version 2.0     # conforms to second version of ipsec.conf specification

# basic configuration

config setup

        # plutodebug / klipsdebug = "all", "none" or a combation from below:

        # "raw crypt parsing emitting control klips pfkey natt x509 private"

        # eg:

        # plutodebug="control parsing"

        #

        # Only enable klipsdebug=all if you are a developer

        #

        # NAT-TRAVERSAL support, see README.NAT-Traversal

        nat_traversal=yes

        klipsdebug="all"

        plutodebug="all"

        #plutodebug="control parsing"

        interfaces="ipsec0=eth0"

        # virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%4:172.16.0.0/12

# Add connections here

# sample VPN connection

#conn sample

#               # Left security gateway, subnet behind it, nexthop toward right.

#               left=10.0.0.1

#               leftsubnet=172.16.0.0/24

#               leftnexthop=10.22.33.44

#               # Right security gateway, subnet behind it, nexthop toward left.

#               right=10.12.12.1

#               rightsubnet=192.168.0.0/24

#               rightnexthop=10.101.102.103

#               # To authorize this connection, but not actually start it,

#               # at startup, uncomment this.

#               #auto=start

#Disable Opportunistic Encryption

include /etc/ipsec/ipsec.d/examples/no_oe.conf

include /etc/ipsec/openswana-openswanb.conf

----------------------------------------------------------------------

/etc/ipsec/openswana-openswanb.conf

conn NetTunnel

        leftsubnet=192.168.20.0/24

        left=199.xxx.xxx.xxx

        rightsubnet=192.168.30.0/24

        right=80.xxx.xxx.xxx

        keyingtries=1

        authby=secret

        type=tunnel

        disablearrivalcheck=no

        auto=start

        keyexchange=ike

        esp=aes256-sha1,aes256-md5

        ike=aes256-sha1-modp1536,aes256-md5-modp1536

        pfs=yes

        auth=esp

        dpddelay=30

        dpdtimeout=120

        dpdaction=hold

-----------------------------------------------------------------------

ipsec auto --status:

000 interface lo/lo ::1

000 interface eth0/eth0 199.xxx.xxx.xxx

000 interface eth0/eth0 199.xxx.xxx.xxx

000 interface eth1/eth1 192.xxx.xxx.xxx

000 interface eth1/eth1 192.xxx.xxx.xxx

000 interface lo/lo 127.0.0.1

000 interface lo/lo 127.0.0.1

000 %myid = (none)

000 debug raw+crypt+parsing+emitting+control+lifecycle+klips+dns+oppo+controlmore+pfkey+nattraversal+x509

000

000 algorithm ESP encrypt: id=2, name=ESP_DES, ivlen=8, keysizemin=64, keysizemax=64

000 algorithm ESP encrypt: id=3, name=ESP_3DES, ivlen=8, keysizemin=192, keysizemax=192

000 algorithm ESP encrypt: id=7, name=ESP_BLOWFISH, ivlen=8, keysizemin=40, keysizemax=448

000 algorithm ESP encrypt: id=11, name=ESP_NULL, ivlen=0, keysizemin=0, keysizemax=0

000 algorithm ESP encrypt: id=12, name=ESP_AES, ivlen=8, keysizemin=128, keysizemax=256

000 algorithm ESP encrypt: id=252, name=ESP_SERPENT, ivlen=8, keysizemin=128, keysizemax=256

000 algorithm ESP encrypt: id=253, name=ESP_TWOFISH, ivlen=8, keysizemin=128, keysizemax=256

000 algorithm ESP auth attr: id=1, name=AUTH_ALGORITHM_HMAC_MD5, keysizemin=128, keysizemax=128

000 algorithm ESP auth attr: id=2, name=AUTH_ALGORITHM_HMAC_SHA1, keysizemin=160, keysizemax=160

000 algorithm ESP auth attr: id=5, name=AUTH_ALGORITHM_HMAC_SHA2_256, keysizemin=256, keysizemax=256

000 algorithm ESP auth attr: id=251, name=(null), keysizemin=0, keysizemax=0

000

000 algorithm IKE encrypt: id=5, name=OAKLEY_3DES_CBC, blocksize=8, keydeflen=192

000 algorithm IKE encrypt: id=7, name=OAKLEY_AES_CBC, blocksize=16, keydeflen=128

000 algorithm IKE hash: id=1, name=OAKLEY_MD5, hashsize=16

000 algorithm IKE hash: id=2, name=OAKLEY_SHA1, hashsize=20

000 algorithm IKE dh group: id=2, name=OAKLEY_GROUP_MODP1024, bits=1024

000 algorithm IKE dh group: id=5, name=OAKLEY_GROUP_MODP1536, bits=1536

000 algorithm IKE dh group: id=14, name=OAKLEY_GROUP_MODP2048, bits=2048

000 algorithm IKE dh group: id=15, name=OAKLEY_GROUP_MODP3072, bits=3072

000 algorithm IKE dh group: id=16, name=OAKLEY_GROUP_MODP4096, bits=4096

000 algorithm IKE dh group: id=17, name=OAKLEY_GROUP_MODP6144, bits=6144

000 algorithm IKE dh group: id=18, name=OAKLEY_GROUP_MODP8192, bits=8192

000

000 stats db_ops.c: {curr_cnt, total_cnt, maxsz} :context={0,1,36} trans={0,1,336} attrs={0,1,224}

000

000 "NetTunnel": 192.168.20.0/24===199.xxx.xxx.xxx...80.xxx.xxx.xxx===192.168.40.0/24; prospective erouted; eroute owner: #0

000 "NetTunnel":     srcip=unset; dstip=unset; srcup=ipsec _updown; dstup=ipsec _updown;

000 "NetTunnel":   ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 1

000 "NetTunnel":   policy: PSK+ENCRYPT+TUNNEL+PFS+UP; prio: 24,24; interface: eth0;

000 "NetTunnel":   dpd: action:hold; delay:30; timeout:120;

000 "NetTunnel":   newest ISAKMP SA: #0; newest IPsec SA: #0;

000 "NetTunnel":   IKE algorithms wanted: 7_256-2-5, 7_256-1-5, flags=-strict

000 "NetTunnel":   IKE algorithms found:  7_256-2_160-5, 7_256-1_128-5,

000 "NetTunnel":   ESP algorithms wanted: 12_256-2, 12_256-1, flags=-strict

000 "NetTunnel":   ESP algorithms loaded: 12_256-2, 12_256-1, flags=-strict

000

000 #1: "NetTunnel":500 STATE_MAIN_I1 (sent MI1, expecting MR1); EVENT_RETRANSMIT in 7s; nodpd

000 #1: pending Phase 2 for "NetTunnel" replacing #0

000


THE LOG

Jul 14 15:08:24 GmaxNet ipsec_setup: Starting Openswan IPsec U2.4.4/K2.6.16-genplus...

Jul 14 15:08:25 GmaxNet ipsec_setup: KLIPS ipsec0 on eth0 199.xxx.xxx.xxx/255.255.255.248 broadcast 199.xxx.xxx.xxx

Jul 14 15:08:25 GmaxNet ipsec__plutorun: Starting Pluto subsystem...

Jul 14 15:08:25 GmaxNet pluto[4058]: Starting Pluto (Openswan Version 2.4.4 X.509-1.5.4 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR; Vendor ID OEz}FFFfgr_e)

Jul 14 15:08:25 GmaxNet pluto[4058]: Setting NAT-Traversal port-4500 floating to on

Jul 14 15:08:25 GmaxNet pluto[4058]:    port floating activation criteria nat_t=1/port_fload=1

Jul 14 15:08:25 GmaxNet pluto[4058]:   including NAT-Traversal patch (Version 0.6c)

Jul 14 15:08:25 GmaxNet pluto[4058]: | opening /dev/urandom

Jul 14 15:08:25 GmaxNet pluto[4058]: | inserting event EVENT_REINIT_SECRET, timeout in 3600 seconds

Jul 14 15:08:25 GmaxNet pluto[4058]: | inserting event EVENT_PENDING_PHASE2, timeout in 120 seconds

Jul 14 15:08:25 GmaxNet pluto[4058]: ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)

Jul 14 15:08:25 GmaxNet pluto[4058]: starting up 1 cryptographic helpers

Jul 14 15:08:25 GmaxNet pluto[4059]: | opening /dev/urandom

Jul 14 15:08:25 GmaxNet pluto[4058]: started helper pid=4059 (fd:6)

Jul 14 15:08:25 GmaxNet pluto[4058]: | process 4058 listening for PF_KEY_V2 on file descriptor 7

Jul 14 15:08:25 GmaxNet pluto[4058]: Using Linux 2.6 IPsec interface code on 2.6.16-genplus

Jul 14 15:08:25 GmaxNet pluto[4058]: | pfkey_lib_debug:pfkey_msg_hdr_build:

Jul 14 15:08:25 GmaxNet pluto[4058]: | pfkey_lib_debug:pfkey_msg_hdr_build: on_entry &pfkey_ext=0p0xbf840a40 pfkey_ext=0p0xbf841a80 *pfkey_ext=0p(nil).

Jul 14 15:08:25 GmaxNet pluto[4058]: | pfkey_lib_debug:pfkey_msg_hdr_build: on_exit &pfkey_ext=0p0xbf840a40 pfkey_ext=0p0xbf841a80 *pfkey_ext=0p0x80f4428.

Jul 14 15:08:25 GmaxNet pluto[4058]: | pfkey_lib_debug:pfkey_msg_build: pfkey_msg=0p0x80f2de8 allocated 16 bytes, &(extensions[0])=0p0xbf841a80

Jul 14 15:08:25 GmaxNet pluto[4058]: | pfkey_lib_debug:pfkey_msg_build: extensions permitted=00000001, seen=00000001, required=00000001.

Jul 14 15:08:25 GmaxNet pluto[4058]: | pfkey_lib_debug:pfkey_msg_parse: parsing message ver=2, type=7(register), errno=0, satype=2(AH), len=2, res=0, seq=1, pid=4058.

Jul 14 15:08:25 GmaxNet pluto[4058]: | pfkey_lib_debug:pfkey_msg_parse: remain=0

Jul 14 15:08:25 GmaxNet pluto[4058]: | pfkey_lib_debug:pfkey_msg_parse: extensions permitted=00000001, required=00000001.

Jul 14 15:08:25 GmaxNet pluto[4058]: | pfkey_lib_debug:pfkey_msg_parse: extensions permitted=00000001, seen=00000001, required=00000001.

Jul 14 15:08:25 GmaxNet pluto[4058]: | finish_pfkey_msg: SADB_REGISTER message 1 for AH

Jul 14 15:08:25 GmaxNet ipsec_setup: ...Openswan IPsec started

Jul 14 15:08:25 GmaxNet pluto[4059]: ! helper 0 waiting on fd: 7

Jul 14 15:08:25 GmaxNet pluto[4058]: |   02 07 00 02  02 00 00 00  01 00 00 00  da 0f 00 00

Jul 14 15:08:25 GmaxNet pluto[4058]: | pfkey_get: SADB_REGISTER message 1

Jul 14 15:08:25 GmaxNet pluto[4058]: | AH registered with kernel.

Jul 14 15:08:25 GmaxNet pluto[4058]: | pfkey_lib_debug:pfkey_msg_hdr_build:

Jul 14 15:08:25 GmaxNet pluto[4058]: | pfkey_lib_debug:pfkey_msg_hdr_build: on_entry &pfkey_ext=0p0xbf840a40 pfkey_ext=0p0xbf841a80 *pfkey_ext=0p(nil).

Jul 14 15:08:25 GmaxNet pluto[4058]: | pfkey_lib_debug:pfkey_msg_hdr_build: on_exit &pfkey_ext=0p0xbf840a40 pfkey_ext=0p0xbf841a80 *pfkey_ext=0p0x80f4428.

Jul 14 15:08:25 GmaxNet pluto[4058]: | pfkey_lib_debug:pfkey_msg_build: pfkey_msg=0p0x80f2de8 allocated 16 bytes, &(extensions[0])=0p0xbf841a80

Jul 14 15:08:25 GmaxNet pluto[4058]: | pfkey_lib_debug:pfkey_msg_build: extensions permitted=00000001, seen=00000001, required=00000001.

Jul 14 15:08:25 GmaxNet pluto[4058]: | pfkey_lib_debug:pfkey_msg_parse: parsing message ver=2, type=7(register), errno=0, satype=3(ESP), len=2, res=0, seq=2, pid=4058.

Jul 14 15:08:25 GmaxNet pluto[4058]: | pfkey_lib_debug:pfkey_msg_parse: remain=0

Jul 14 15:08:25 GmaxNet pluto[4058]: | pfkey_lib_debug:pfkey_msg_parse: extensions permitted=00000001, required=00000001.

Jul 14 15:08:25 GmaxNet pluto[4058]: | pfkey_lib_debug:pfkey_msg_parse: extensions permitted=00000001, seen=00000001, required=00000001.

Jul 14 15:08:25 GmaxNet pluto[4058]: | finish_pfkey_msg: SADB_REGISTER message 2 for ESP

Jul 14 15:08:25 GmaxNet pluto[4058]: |   02 07 00 03  02 00 00 00  02 00 00 00  da 0f 00 00

Jul 14 15:08:25 GmaxNet pluto[4058]: | pfkey_get: SADB_REGISTER message 2

Jul 14 15:08:25 GmaxNet pluto[4058]: | alg_init():memset(0x80f0ea0, 0, 2016) memset(0x80f1680, 0, 2048)

Jul 14 15:08:25 GmaxNet pluto[4058]: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: sadb_msg_len=15 sadb_supported_len=40

Jul 14 15:08:25 GmaxNet pluto[4058]: | kernel_alg_add():satype=3, exttype=14, alg_id=251

Jul 14 15:08:25 GmaxNet pluto[4058]: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[0], exttype=14, satype=3, alg_id=251, alg_ivlen=0, alg_minbits=0, alg_maxbits=0, res=0, ret=1

Jul 14 15:08:25 GmaxNet pluto[4058]: | kernel_alg_add():satype=3, exttype=14, alg_id=2

Jul 14 15:08:25 GmaxNet pluto[4058]: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[1], exttype=14, satype=3, alg_id=2, alg_ivlen=0, alg_minbits=128, alg_maxbits=128, res=0, ret=1

Jul 14 15:08:25 GmaxNet pluto[4058]: | kernel_alg_add():satype=3, exttype=14, alg_id=3

Jul 14 15:08:25 GmaxNet pluto[4058]: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[2], exttype=14, satype=3, alg_id=3, alg_ivlen=0, alg_minbits=160, alg_maxbits=160, res=0, ret=1

Jul 14 15:08:25 GmaxNet pluto[4058]: | kernel_alg_add():satype=3, exttype=14, alg_id=5

Jul 14 15:08:25 GmaxNet pluto[4058]: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[3], exttype=14, satype=3, alg_id=5, alg_ivlen=0, alg_minbits=256, alg_maxbits=256, res=0, ret=1

Jul 14 15:08:25 GmaxNet pluto[4058]: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: sadb_msg_len=15 sadb_supported_len=64

Jul 14 15:08:25 GmaxNet pluto[4058]: | kernel_alg_add():satype=3, exttype=15, alg_id=11

Jul 14 15:08:25 GmaxNet pluto[4058]: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[4], exttype=15, satype=3, alg_id=11, alg_ivlen=0, alg_minbits=0, alg_maxbits=0, res=0, ret=1

Jul 14 15:08:25 GmaxNet pluto[4058]: | kernel_alg_add():satype=3, exttype=15, alg_id=2

Jul 14 15:08:25 GmaxNet pluto[4058]: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[5], exttype=15, satype=3, alg_id=2, alg_ivlen=8, alg_minbits=64, alg_maxbits=64, res=0, ret=1

Jul 14 15:08:25 GmaxNet pluto[4058]: | kernel_alg_add():satype=3, exttype=15, alg_id=3

Jul 14 15:08:25 GmaxNet pluto[4058]: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[6], exttype=15, satype=3, alg_id=3, alg_ivlen=8, alg_minbits=192, alg_maxbits=192, res=0, ret=1

Jul 14 15:08:25 GmaxNet pluto[4058]: | kernel_alg_add():satype=3, exttype=15, alg_id=7

Jul 14 15:08:25 GmaxNet pluto[4058]: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[7], exttype=15, satype=3, alg_id=7, alg_ivlen=8, alg_minbits=40, alg_maxbits=448, res=0, ret=1

Jul 14 15:08:25 GmaxNet pluto[4058]: | kernel_alg_add():satype=3, exttype=15, alg_id=12

Jul 14 15:08:25 GmaxNet pluto[4058]: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[8], exttype=15, satype=3, alg_id=12, alg_ivlen=8, alg_minbits=128, alg_maxbits=256, res=0, ret=1

Jul 14 15:08:25 GmaxNet pluto[4058]: | kernel_alg_add():satype=3, exttype=15, alg_id=252

Jul 14 15:08:25 GmaxNet pluto[4058]: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[9], exttype=15, satype=3, alg_id=252, alg_ivlen=8, alg_minbits=128, alg_maxbits=256, res=0, ret=1

Jul 14 15:08:25 GmaxNet pluto[4058]: | kernel_alg_add():satype=3, exttype=15, alg_id=253

Jul 14 15:08:25 GmaxNet pluto[4058]: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[10], exttype=15, satype=3, alg_id=253, alg_ivlen=8, alg_minbits=128, alg_maxbits=256, res=0, ret=1

Jul 14 15:08:25 GmaxNet pluto[4058]: | ESP registered with kernel.

Jul 14 15:08:25 GmaxNet pluto[4058]: | pfkey_lib_debug:pfkey_msg_hdr_build:

Jul 14 15:08:25 GmaxNet pluto[4058]: | pfkey_lib_debug:pfkey_msg_hdr_build: on_entry &pfkey_ext=0p0xbf840a40 pfkey_ext=0p0xbf841a80 *pfkey_ext=0p(nil).

Jul 14 15:08:25 GmaxNet pluto[4058]: | pfkey_lib_debug:pfkey_msg_hdr_build: on_exit &pfkey_ext=0p0xbf840a40 pfkey_ext=0p0xbf841a80 *pfkey_ext=0p0x80f4428.

Jul 14 15:08:25 GmaxNet pluto[4058]: | pfkey_lib_debug:pfkey_msg_build: pfkey_msg=0p0x80f2de8 allocated 16 bytes, &(extensions[0])=0p0xbf841a80

Jul 14 15:08:25 GmaxNet pluto[4058]: | pfkey_lib_debug:pfkey_msg_build: extensions permitted=00000001, seen=00000001, required=00000001.

Jul 14 15:08:25 GmaxNet pluto[4058]: | pfkey_lib_debug:pfkey_msg_parse: parsing message ver=2, type=7(register), errno=0, satype=9(IPIP), len=2, res=0, seq=3, pid=4058.

Jul 14 15:08:25 GmaxNet pluto[4058]: | pfkey_lib_debug:pfkey_msg_parse: remain=0

Jul 14 15:08:25 GmaxNet pluto[4058]: | pfkey_lib_debug:pfkey_msg_parse: extensions permitted=00000001, required=00000001.

Jul 14 15:08:25 GmaxNet pluto[4058]: | pfkey_lib_debug:pfkey_msg_parse: extensions permitted=00000001, seen=00000001, required=00000001.

Jul 14 15:08:25 GmaxNet pluto[4058]: | finish_pfkey_msg: SADB_REGISTER message 3 for IPCOMP

Jul 14 15:08:25 GmaxNet pluto[4058]: |   02 07 00 09  02 00 00 00  03 00 00 00  da 0f 00 00

Jul 14 15:08:25 GmaxNet pluto[4058]: | pfkey_get: SADB_REGISTER message 3

Jul 14 15:08:25 GmaxNet pluto[4058]: | IPCOMP registered with kernel.

Jul 14 15:08:25 GmaxNet pluto[4058]: Changing to directory '/etc/ipsec/ipsec.d/cacerts'

Jul 14 15:08:25 GmaxNet pluto[4058]: Changing to directory '/etc/ipsec/ipsec.d/aacerts'

Jul 14 15:08:25 GmaxNet pluto[4058]: Changing to directory '/etc/ipsec/ipsec.d/ocspcerts'

Jul 14 15:08:25 GmaxNet pluto[4058]: Changing to directory '/etc/ipsec/ipsec.d/crls'

Jul 14 15:08:25 GmaxNet pluto[4058]:   Warning: empty directory

Jul 14 15:08:25 GmaxNet pluto[4058]: | inserting event EVENT_LOG_DAILY, timeout in 31895 seconds

Jul 14 15:08:25 GmaxNet pluto[4058]: | next event EVENT_PENDING_PHASE2 in 120 seconds

Jul 14 15:08:26 GmaxNet pluto[4058]: |

Jul 14 15:08:26 GmaxNet pluto[4058]: | *received whack message

Jul 14 15:08:26 GmaxNet pluto[4058]: | alg_info_parse_str() ealg_buf=aes aalg_buf=sha1eklen=256  aklen=0

Jul 14 15:08:26 GmaxNet pluto[4058]: | enum_search_prefix () calling enum_search(0x80d1a64, "OAKLEY_AES")

Jul 14 15:08:26 GmaxNet pluto[4058]: | enum_search_ppfixi () calling enum_search(0x80d1a64, "OAKLEY_AES_CBC")

Jul 14 15:08:26 GmaxNet pluto[4058]: | parser_alg_info_add() ealg_getbyname("aes")=7

Jul 14 15:08:26 GmaxNet pluto[4058]: | enum_search_prefix () calling enum_search(0x80d1a28, "OAKLEY_SHA1")

Jul 14 15:08:26 GmaxNet pluto[4058]: | parser_alg_info_add() aalg_getbyname("sha1")=2

Jul 14 15:08:26 GmaxNet pluto[4058]: | enum_search_prefix () calling enum_search(0x80d194c, "OAKLEY_GROUP_MODP1536")

Jul 14 15:08:26 GmaxNet pluto[4058]: | parser_alg_info_add() modp_getbyname("modp1536")=5

Jul 14 15:08:26 GmaxNet pluto[4058]: | __alg_info_ike_add() ealg=7 aalg=2 modp_id=5, cnt=1

Jul 14 15:08:26 GmaxNet pluto[4058]: | alg_info_parse_str() ealg_buf=aes aalg_buf=md5eklen=256  aklen=0

Jul 14 15:08:26 GmaxNet pluto[4058]: | enum_search_prefix () calling enum_search(0x80d1a64, "OAKLEY_AES")

Jul 14 15:08:26 GmaxNet pluto[4058]: | enum_search_ppfixi () calling enum_search(0x80d1a64, "OAKLEY_AES_CBC")

Jul 14 15:08:26 GmaxNet pluto[4058]: | parser_alg_info_add() ealg_getbyname("aes")=7

Jul 14 15:08:26 GmaxNet pluto[4058]: | enum_search_prefix () calling enum_search(0x80d1a28, "OAKLEY_MD5")

Jul 14 15:08:26 GmaxNet pluto[4058]: | parser_alg_info_add() aalg_getbyname("md5")=1

Jul 14 15:08:26 GmaxNet pluto[4058]: | enum_search_prefix () calling enum_search(0x80d194c, "OAKLEY_GROUP_MODP1536")

Jul 14 15:08:26 GmaxNet pluto[4058]: | parser_alg_info_add() modp_getbyname("modp1536")=5

Jul 14 15:08:26 GmaxNet pluto[4058]: | __alg_info_ike_add() ealg=7 aalg=1 modp_id=5, cnt=2

Jul 14 15:08:26 GmaxNet pluto[4058]: | Added new connection NetTunnel with policy PSK+ENCRYPT+TUNNEL+PFS

Jul 14 15:08:26 GmaxNet pluto[4058]: | from whack: got --esp=aes256-sha1,aes256-md5

Jul 14 15:08:26 GmaxNet pluto[4058]: | alg_info_parse_str() ealg_buf=aes aalg_buf=sha1eklen=256  aklen=0

Jul 14 15:08:26 GmaxNet pluto[4058]: | enum_search_prefix () calling enum_search(0x80d1e8c, "ESP_AES")

Jul 14 15:08:26 GmaxNet pluto[4058]: | parser_alg_info_add() ealg_getbyname("aes")=12

Jul 14 15:08:26 GmaxNet pluto[4058]: | enum_search_prefix () calling enum_search(0x80d1c40, "AUTH_ALGORITHM_HMAC_SHA1")

Jul 14 15:08:26 GmaxNet pluto[4058]: | parser_alg_info_add() aalg_getbyname("sha1")=2

Jul 14 15:08:26 GmaxNet pluto[4058]: | __alg_info_esp_add() ealg=12 aalg=2 cnt=1

Jul 14 15:08:26 GmaxNet pluto[4058]: | alg_info_parse_str() ealg_buf=aes aalg_buf=md5eklen=256  aklen=0

Jul 14 15:08:26 GmaxNet pluto[4058]: | enum_search_prefix () calling enum_search(0x80d1e8c, "ESP_AES")

Jul 14 15:08:26 GmaxNet pluto[4058]: | parser_alg_info_add() ealg_getbyname("aes")=12

Jul 14 15:08:26 GmaxNet pluto[4058]: | enum_search_prefix () calling enum_search(0x80d1c40, "AUTH_ALGORITHM_HMAC_MD5")

Jul 14 15:08:26 GmaxNet pluto[4058]: | parser_alg_info_add() aalg_getbyname("md5")=1

Jul 14 15:08:26 GmaxNet pluto[4058]: | __alg_info_esp_add() ealg=12 aalg=1 cnt=2

Jul 14 15:08:26 GmaxNet pluto[4058]: | esp string values: 12_256-2, 12_256-1, flags=-strict

Jul 14 15:08:26 GmaxNet pluto[4058]: | from whack: got --ike=aes256-sha1-modp1536,aes256-md5-modp1536

Jul 14 15:08:26 GmaxNet pluto[4058]: | ike string values: 7_256-2-5, 7_256-1-5, flags=-strict

Jul 14 15:08:26 GmaxNet pluto[4058]: | counting wild cards for (none) is 15

Jul 14 15:08:26 GmaxNet pluto[4058]: | counting wild cards for (none) is 15

Jul 14 15:08:26 GmaxNet pluto[4058]: | alg_info_addref() alg_info->ref_cnt=1

Jul 14 15:08:26 GmaxNet pluto[4058]: | alg_info_addref() alg_info->ref_cnt=1

Jul 14 15:08:26 GmaxNet pluto[4058]: | alg_info_addref() alg_info->ref_cnt=2

Jul 14 15:08:26 GmaxNet pluto[4058]: | alg_info_addref() alg_info->ref_cnt=2

Jul 14 15:08:26 GmaxNet pluto[4058]: added connection description "NetTunnel"

Jul 14 15:08:26 GmaxNet pluto[4058]: | 192.168.20.0/24===199.xxx.xxx.xxx...80.xxx.xxx.xxx===192.168.40.0/24

Jul 14 15:08:26 GmaxNet pluto[4058]: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 1; policy: PSK+ENCRYPT+TUNNEL+PFS

Jul 14 15:08:26 GmaxNet pluto[4058]: | next event EVENT_PENDING_PHASE2 in 119 seconds

Jul 14 15:08:26 GmaxNet pluto[4058]: |

Jul 14 15:08:26 GmaxNet pluto[4058]: | *received whack message

Jul 14 15:08:26 GmaxNet pluto[4058]: listening for IKE messages

Jul 14 15:08:26 GmaxNet pluto[4058]: | found eth0 with address 199.xxx.xxx.xxx

Jul 14 15:08:26 GmaxNet pluto[4058]: | found eth1 with address 192.xxx.xxx.xxx

Jul 14 15:08:26 GmaxNet pluto[4058]: | found lo with address 127.0.0.1

Jul 14 15:08:26 GmaxNet pluto[4058]: adding interface lo/lo 127.0.0.1:500

Jul 14 15:08:26 GmaxNet pluto[4058]: adding interface lo/lo 127.0.0.1:4500

Jul 14 15:08:26 GmaxNet pluto[4058]: adding interface eth1/eth1 192.xxx.xxx.xxx:500

Jul 14 15:08:26 GmaxNet pluto[4058]: adding interface eth1/eth1 192.xxx.xxx.xxx:4500

Jul 14 15:08:26 GmaxNet pluto[4058]: adding interface eth0/eth0 199.xxx.xxx.xxx:500

Jul 14 15:08:26 GmaxNet pluto[4058]: adding interface eth0/eth0 199.xxx.xxx.xxx:4500

Jul 14 15:08:26 GmaxNet pluto[4058]: | found lo with address 0000:0000:0000:0000:0000:0000:0000:0001

Jul 14 15:08:26 GmaxNet pluto[4058]: adding interface lo/lo ::1:500

Jul 14 15:08:26 GmaxNet pluto[4058]: | connect_to_host_pair: 199.xxx.xxx.xxx:500 80.xxx.xxx.xxx:500 -> hp:none

Jul 14 15:08:26 GmaxNet pluto[4058]: loading secrets from "/etc/ipsec/ipsec.secrets"

Jul 14 15:08:26 GmaxNet pluto[4058]: | loaded private key for keyid: PPK_RSA:AQO1G3uVJ

Jul 14 15:08:26 GmaxNet pluto[4058]: | next event EVENT_PENDING_PHASE2 in 119 seconds

Jul 14 15:08:26 GmaxNet pluto[4058]: |

Jul 14 15:08:26 GmaxNet pluto[4058]: | *received whack message

Jul 14 15:08:26 GmaxNet pluto[4058]: | processing connection NetTunnel

Jul 14 15:08:26 GmaxNet pluto[4058]: | route owner of "NetTunnel" unrouted: NULL; eroute owner: NULL

Jul 14 15:08:26 GmaxNet pluto[4058]: | could_route called for NetTunnel (kind=CK_PERMANENT)

Jul 14 15:08:26 GmaxNet pluto[4058]: | route owner of "NetTunnel" unrouted: NULL; eroute owner: NULL

Jul 14 15:08:26 GmaxNet pluto[4058]: | route_and_eroute with c: NetTunnel (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: 0

Jul 14 15:08:26 GmaxNet pluto[4058]: | add eroute 192.168.20.0/24:0 --0-> 192.168.40.0/24:0 => %trap (raw_eroute)

Jul 14 15:08:26 GmaxNet pluto[4058]: | eroute_connection add eroute 192.168.20.0/24:0 --0-> 192.168.40.0/24:0 => %trap (raw_eroute)

Jul 14 15:08:26 GmaxNet pluto[4058]: | route_and_eroute: firewall_notified: true

Jul 14 15:08:26 GmaxNet pluto[4058]: | command executing prepare-client

Jul 14 15:08:26 GmaxNet pluto[4058]: | executing prepare-client: 2>&1 PLUTO_VERSION='1.1' PLUTO_VERB='prepare-client' PLUTO_CONNECTION='NetTunnel' PLUTO_NEXT_HOP='80.xxx.xxx.xxx' PLUTO_INTERFACE='eth0' PLUTO_ME='199.xxx.xxx.xxx' PLUTO_MY_ID='199.xxx.xxx.xxx' PLUTO_MY_CLIENT='192.168.20.0/24' PLUTO_MY_CLIENT_NET='192.168.20.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_PEER='80.xxx.xxx.xxx' PLUTO_PEER_ID='80.xxx.xxx.xxx' PLUTO_PEER_CLIENT='192.168.40.0/24' PLUTO_PEER_CLIENT_NET='192.168.40.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS'   ipsec _updown

Jul 14 15:08:26 GmaxNet pluto[4058]: | command executing route-client

Jul 14 15:08:26 GmaxNet pluto[4058]: | executing route-client: 2>&1 PLUTO_VERSION='1.1' PLUTO_VERB='route-client' PLUTO_CONNECTION='NetTunnel' PLUTO_NEXT_HOP='80.xxx.xxx.xxx' PLUTO_INTERFACE='eth0' PLUTO_ME='199.xxx.xxx.xxx' PLUTO_MY_ID='199.xxx.xxx.xxx' PLUTO_MY_CLIENT='192.168.20.0/24' PLUTO_MY_CLIENT_NET='192.168.20.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_PEER='80.xxx.xxx.xxx' PLUTO_PEER_ID='80.xxx.xxx.xxx' PLUTO_PEER_CLIENT='192.168.20.0/24' PLUTO_PEER_CLIENT_NET='192.168.20.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS'   ipsec _updown

Jul 14 15:08:26 GmaxNet pluto[4058]: | next event EVENT_PENDING_PHASE2 in 119 seconds

Jul 14 15:08:26 GmaxNet pluto[4058]: |

Jul 14 15:08:26 GmaxNet pluto[4058]: | *received whack message

Jul 14 15:08:26 GmaxNet pluto[4058]: | processing connection NetTunnel

Jul 14 15:08:26 GmaxNet pluto[4058]: | kernel_alg_db_new() initial trans_cnt=28

Jul 14 15:08:26 GmaxNet pluto[4058]: | kernel_alg_db_new() will return p_new->protoid=3, p_new->trans_cnt=2

Jul 14 15:08:26 GmaxNet pluto[4058]: | kernel_alg_db_new()     trans[0]: transid=12, attr_cnt=2, attrs[0].type=5, attrs[0].val=2

Jul 14 15:08:26 GmaxNet pluto[4058]: | kernel_alg_db_new()     trans[1]: transid=12, attr_cnt=2, attrs[0].type=5, attrs[0].val=1

Jul 14 15:08:26 GmaxNet pluto[4058]: | returning new proposal from esp_info

Jul 14 15:08:26 GmaxNet pluto[4058]: | creating state object #1 at 0x80f4828

Jul 14 15:08:26 GmaxNet pluto[4058]: | processing connection NetTunnel

Jul 14 15:08:26 GmaxNet pluto[4058]: | ICOOKIE:  ff 66 6f 93  22 10 12 96

Jul 14 15:08:26 GmaxNet pluto[4058]: | RCOOKIE:  00 00 00 00  00 00 00 00

Jul 14 15:08:26 GmaxNet pluto[4058]: | peer:  d8 e2 36 0d

Jul 14 15:08:26 GmaxNet pluto[4058]: | state hash entry 18

Jul 14 15:08:26 GmaxNet pluto[4058]: | inserting event EVENT_SO_DISCARD, timeout in 0 seconds for #1

Jul 14 15:08:26 GmaxNet pluto[4058]: | Queuing pending Quick Mode with 80.xxx.xxx.xxx "NetTunnel"

Jul 14 15:08:26 GmaxNet pluto[4058]: "NetTunnel" #1: initiating Main Mode

Jul 14 15:08:26 GmaxNet pluto[4058]: | **emit ISAKMP Message:

Jul 14 15:08:26 GmaxNet pluto[4058]: |    initiator cookie:

Jul 14 15:08:26 GmaxNet pluto[4058]: |   ff 66 6f 93  22 10 12 96

Jul 14 15:08:26 GmaxNet pluto[4058]: |    responder cookie:

Jul 14 15:08:26 GmaxNet pluto[4058]: |   00 00 00 00  00 00 00 00

Jul 14 15:08:26 GmaxNet pluto[4058]: |    next payload type: ISAKMP_NEXT_SA

Jul 14 15:08:26 GmaxNet pluto[4058]: |    ISAKMP version: ISAKMP Version 1.0

Jul 14 15:08:26 GmaxNet pluto[4058]: |    exchange type: ISAKMP_XCHG_IDPROT

Jul 14 15:08:26 GmaxNet pluto[4058]: |    flags: none

Jul 14 15:08:26 GmaxNet pluto[4058]: |    message ID:  00 00 00 00

Jul 14 15:08:26 GmaxNet pluto[4058]: | ***emit ISAKMP Security Association Payload:

Jul 14 15:08:26 GmaxNet pluto[4058]: |    next payload type: ISAKMP_NEXT_VID

Jul 14 15:08:26 GmaxNet pluto[4058]: |    DOI: ISAKMP_DOI_IPSEC

Jul 14 15:08:26 GmaxNet pluto[4058]: | ****emit IPsec DOI SIT:

Jul 14 15:08:26 GmaxNet pluto[4058]: |    IPsec DOI SIT: SIT_IDENTITY_ONLY

Jul 14 15:08:26 GmaxNet pluto[4058]: | out_sa pcn: 0 has 1 valid proposals

Jul 14 15:08:26 GmaxNet pluto[4058]: | out_sa pcn: 0 pn: 0<1 valid_count: 1

Jul 14 15:08:26 GmaxNet pluto[4058]: | ****emit ISAKMP Proposal Payload:

Jul 14 15:08:26 GmaxNet pluto[4058]: |    next payload type: ISAKMP_NEXT_NONE

Jul 14 15:08:26 GmaxNet pluto[4058]: |    proposal number: 0

Jul 14 15:08:26 GmaxNet pluto[4058]: |    protocol ID: PROTO_ISAKMP

Jul 14 15:08:26 GmaxNet pluto[4058]: |    SPI size: 0

Jul 14 15:08:26 GmaxNet pluto[4058]: |    number of transforms: 2

Jul 14 15:08:26 GmaxNet pluto[4058]: | *****emit ISAKMP Transform Payload (ISAKMP):

Jul 14 15:08:26 GmaxNet pluto[4058]: |    next payload type: ISAKMP_NEXT_T

Jul 14 15:08:26 GmaxNet pluto[4058]: |    transform number: 0

Jul 14 15:08:26 GmaxNet pluto[4058]: |    transform ID: KEY_IKE

Jul 14 15:08:26 GmaxNet pluto[4058]: | ******emit ISAKMP Oakley attribute:

Jul 14 15:08:26 GmaxNet pluto[4058]: |    af+type: OAKLEY_LIFE_TYPE

Jul 14 15:08:26 GmaxNet pluto[4058]: |    length/value: 1

Jul 14 15:08:26 GmaxNet pluto[4058]: |     [1 is OAKLEY_LIFE_SECONDS]

Jul 14 15:08:26 GmaxNet pluto[4058]: | ******emit ISAKMP Oakley attribute:

Jul 14 15:08:26 GmaxNet pluto[4058]: |    af+type: OAKLEY_LIFE_DURATION

Jul 14 15:08:26 GmaxNet pluto[4058]: |    length/value: 3600

Jul 14 15:08:26 GmaxNet pluto[4058]: | ******emit ISAKMP Oakley attribute:

Jul 14 15:08:26 GmaxNet pluto[4058]: |    af+type: OAKLEY_ENCRYPTION_ALGORITHM

Jul 14 15:08:26 GmaxNet pluto[4058]: |    length/value: 7

Jul 14 15:08:26 GmaxNet pluto[4058]: |     [7 is OAKLEY_AES_CBC]

Jul 14 15:08:26 GmaxNet pluto[4058]: | ******emit ISAKMP Oakley attribute:

Jul 14 15:08:26 GmaxNet pluto[4058]: |    af+type: OAKLEY_HASH_ALGORITHM

Jul 14 15:08:26 GmaxNet pluto[4058]: |    length/value: 2

Jul 14 15:08:26 GmaxNet pluto[4058]: |     [2 is OAKLEY_SHA1]

Jul 14 15:08:26 GmaxNet pluto[4058]: | ******emit ISAKMP Oakley attribute:

Jul 14 15:08:26 GmaxNet pluto[4058]: |    af+type: OAKLEY_AUTHENTICATION_METHOD

Jul 14 15:08:26 GmaxNet pluto[4058]: |    length/value: 1

Jul 14 15:08:26 GmaxNet pluto[4058]: |     [1 is OAKLEY_PRESHARED_KEY]

Jul 14 15:08:26 GmaxNet pluto[4058]: | ******emit ISAKMP Oakley attribute:

Jul 14 15:08:26 GmaxNet pluto[4058]: |    af+type: OAKLEY_GROUP_DESCRIPTION

Jul 14 15:08:26 GmaxNet pluto[4058]: |    length/value: 5

Jul 14 15:08:26 GmaxNet pluto[4058]: |     [5 is OAKLEY_GROUP_MODP1536]

Jul 14 15:08:26 GmaxNet pluto[4058]: | ******emit ISAKMP Oakley attribute:

Jul 14 15:08:26 GmaxNet pluto[4058]: |    af+type: OAKLEY_KEY_LENGTH

Jul 14 15:08:26 GmaxNet pluto[4058]: |    length/value: 256

Jul 14 15:08:26 GmaxNet pluto[4058]: | emitting length of ISAKMP Transform Payload (ISAKMP): 36

Jul 14 15:08:26 GmaxNet pluto[4058]: | *****emit ISAKMP Transform Payload (ISAKMP):

Jul 14 15:08:26 GmaxNet pluto[4058]: |    next payload type: ISAKMP_NEXT_NONE

Jul 14 15:08:26 GmaxNet pluto[4058]: |    transform number: 1

Jul 14 15:08:26 GmaxNet pluto[4058]: |    transform ID: KEY_IKE

Jul 14 15:08:26 GmaxNet pluto[4058]: | ******emit ISAKMP Oakley attribute:

Jul 14 15:08:26 GmaxNet pluto[4058]: |    af+type: OAKLEY_LIFE_TYPE

Jul 14 15:08:26 GmaxNet pluto[4058]: |    length/value: 1

Jul 14 15:08:26 GmaxNet pluto[4058]: |     [1 is OAKLEY_LIFE_SECONDS]

Jul 14 15:08:26 GmaxNet pluto[4058]: | ******emit ISAKMP Oakley attribute:

Jul 14 15:08:26 GmaxNet pluto[4058]: |    af+type: OAKLEY_LIFE_DURATION

Jul 14 15:08:26 GmaxNet pluto[4058]: |    length/value: 3600

Jul 14 15:08:26 GmaxNet pluto[4058]: | ******emit ISAKMP Oakley attribute:

Jul 14 15:08:26 GmaxNet pluto[4058]: |    af+type: OAKLEY_ENCRYPTION_ALGORITHM

Jul 14 15:08:26 GmaxNet pluto[4058]: |    length/value: 7

Jul 14 15:08:26 GmaxNet pluto[4058]: |     [7 is OAKLEY_AES_CBC]

Jul 14 15:08:26 GmaxNet pluto[4058]: | ******emit ISAKMP Oakley attribute:

Jul 14 15:08:26 GmaxNet pluto[4058]: |    af+type: OAKLEY_HASH_ALGORITHM

Jul 14 15:08:26 GmaxNet pluto[4058]: |    length/value: 1

Jul 14 15:08:26 GmaxNet pluto[4058]: |     [1 is OAKLEY_MD5]

Jul 14 15:08:26 GmaxNet pluto[4058]: | ******emit ISAKMP Oakley attribute:

Jul 14 15:08:26 GmaxNet pluto[4058]: |    af+type: OAKLEY_AUTHENTICATION_METHOD

Jul 14 15:08:26 GmaxNet pluto[4058]: |    length/value: 1

Jul 14 15:08:26 GmaxNet pluto[4058]: |     [1 is OAKLEY_PRESHARED_KEY]

Jul 14 15:08:26 GmaxNet pluto[4058]: | ******emit ISAKMP Oakley attribute:

Jul 14 15:08:26 GmaxNet pluto[4058]: |    af+type: OAKLEY_GROUP_DESCRIPTION

Jul 14 15:08:26 GmaxNet pluto[4058]: |    length/value: 5

Jul 14 15:08:26 GmaxNet pluto[4058]: |     [5 is OAKLEY_GROUP_MODP1536]

Jul 14 15:08:26 GmaxNet pluto[4058]: | ******emit ISAKMP Oakley attribute:

Jul 14 15:08:26 GmaxNet pluto[4058]: |    af+type: OAKLEY_KEY_LENGTH

Jul 14 15:08:26 GmaxNet pluto[4058]: |    length/value: 256

Jul 14 15:08:26 GmaxNet pluto[4058]: | emitting length of ISAKMP Transform Payload (ISAKMP): 36

Jul 14 15:08:26 GmaxNet pluto[4058]: | emitting length of ISAKMP Proposal Payload: 80

Jul 14 15:08:26 GmaxNet pluto[4058]: | emitting length of ISAKMP Security Association Payload: 92

Jul 14 15:08:26 GmaxNet pluto[4058]: | ***emit ISAKMP Vendor ID Payload:

Jul 14 15:08:26 GmaxNet pluto[4058]: |    next payload type: ISAKMP_NEXT_NONE

Jul 14 15:08:26 GmaxNet pluto[4058]: | emitting 12 raw bytes of Vendor ID into ISAKMP Vendor ID Payload

Jul 14 15:08:26 GmaxNet pluto[4058]: | Vendor ID  4f 45 7a 7d  46 46 46 66  67 72 5f 65

Jul 14 15:08:26 GmaxNet pluto[4058]: | emitting length of ISAKMP Vendor ID Payload: 16

Jul 14 15:08:26 GmaxNet pluto[4058]: | ***emit ISAKMP Vendor ID Payload:

Jul 14 15:08:26 GmaxNet pluto[4058]: |    next payload type: ISAKMP_NEXT_NONE

Jul 14 15:08:26 GmaxNet pluto[4058]: | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload

Jul 14 15:08:26 GmaxNet pluto[4058]: | V_ID  af ca d7 13  68 a1 f1 c9  6b 86 96 fc  77 57 01 00

Jul 14 15:08:26 GmaxNet pluto[4058]: | emitting length of ISAKMP Vendor ID Payload: 20

Jul 14 15:08:26 GmaxNet pluto[4058]: | nat traversal enabled: 1

Jul 14 15:08:26 GmaxNet pluto[4058]: | nat add vid. port: 1 nonike: 1

Jul 14 15:08:26 GmaxNet pluto[4058]: | out_vendorid(): sending [RFC 3947]

Jul 14 15:08:26 GmaxNet pluto[4058]: | ***emit ISAKMP Vendor ID Payload:

Jul 14 15:08:26 GmaxNet pluto[4058]: |    next payload type: ISAKMP_NEXT_NONE

Jul 14 15:08:26 GmaxNet pluto[4058]: | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload

Jul 14 15:08:26 GmaxNet pluto[4058]: | V_ID  4a 13 1c 81  07 03 58 45  5c 57 28 f2  0e 95 45 2f

Jul 14 15:08:26 GmaxNet pluto[4058]: | emitting length of ISAKMP Vendor ID Payload: 20

Jul 14 15:08:26 GmaxNet pluto[4058]: | out_vendorid(): sending [draft-ietf-ipsec-nat-t-ike-03]

Jul 14 15:08:26 GmaxNet pluto[4058]: | ***emit ISAKMP Vendor ID Payload:

Jul 14 15:08:26 GmaxNet pluto[4058]: |    next payload type: ISAKMP_NEXT_NONE

Jul 14 15:08:26 GmaxNet pluto[4058]: | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload

Jul 14 15:08:26 GmaxNet pluto[4058]: | V_ID  7d 94 19 a6  53 10 ca 6f  2c 17 9d 92  15 52 9d 56

Jul 14 15:08:26 GmaxNet pluto[4058]: | emitting length of ISAKMP Vendor ID Payload: 20

Jul 14 15:08:26 GmaxNet pluto[4058]: | out_vendorid(): sending [draft-ietf-ipsec-nat-t-ike-02]

Jul 14 15:08:26 GmaxNet pluto[4058]: | ***emit ISAKMP Vendor ID Payload:

Jul 14 15:08:26 GmaxNet pluto[4058]: |    next payload type: ISAKMP_NEXT_NONE

Jul 14 15:08:26 GmaxNet pluto[4058]: | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload

Jul 14 15:08:26 GmaxNet pluto[4058]: | V_ID  cd 60 46 43  35 df 21 f8  7c fd b2 fc  68 b6 a4 48

Jul 14 15:08:26 GmaxNet pluto[4058]: | emitting length of ISAKMP Vendor ID Payload: 20

Jul 14 15:08:26 GmaxNet pluto[4058]: | out_vendorid(): sending [draft-ietf-ipsec-nat-t-ike-00]

Jul 14 15:08:26 GmaxNet pluto[4058]: | ***emit ISAKMP Vendor ID Payload:

Jul 14 15:08:26 GmaxNet pluto[4058]: |    next payload type: ISAKMP_NEXT_NONE

Jul 14 15:08:26 GmaxNet pluto[4058]: | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload

Jul 14 15:08:26 GmaxNet pluto[4058]: | V_ID  44 85 15 2d  18 b6 bb cd  0b e8 a8 46  95 79 dd cc

Jul 14 15:08:26 GmaxNet pluto[4058]: | emitting length of ISAKMP Vendor ID Payload: 20

Jul 14 15:08:26 GmaxNet pluto[4058]: | emitting length of ISAKMP Message: 236

Jul 14 15:08:26 GmaxNet pluto[4058]: | sending 236 bytes for main_outI1 through eth0:500 to 80.xxx.xxx.xxx:500:

Jul 14 15:08:26 GmaxNet pluto[4058]: |   ff 66 6f 93  22 10 12 96  00 00 00 00  00 00 00 00

Jul 14 15:08:26 GmaxNet pluto[4058]: |   01 10 02 00  00 00 00 00  00 00 00 ec  0d 00 00 5c

Jul 14 15:08:26 GmaxNet pluto[4058]: |   00 00 00 01  00 00 00 01  00 00 00 50  00 01 00 02

Jul 14 15:08:26 GmaxNet pluto[4058]: |   03 00 00 24  00 01 00 00  80 0b 00 01  80 0c 0e 10

Jul 14 15:08:26 GmaxNet pluto[4058]: |   80 01 00 07  80 02 00 02  80 03 00 01  80 04 00 05

Jul 14 15:08:26 GmaxNet pluto[4058]: |   80 0e 01 00  00 00 00 24  01 01 00 00  80 0b 00 01

Jul 14 15:08:26 GmaxNet pluto[4058]: |   80 0c 0e 10  80 01 00 07  80 02 00 01  80 03 00 01

Jul 14 15:08:26 GmaxNet pluto[4058]: |   80 04 00 05  80 0e 01 00  0d 00 00 10  4f 45 7a 7d

Jul 14 15:08:26 GmaxNet pluto[4058]: |   46 46 46 66  67 72 5f 65  0d 00 00 14  af ca d7 13

Jul 14 15:08:26 GmaxNet pluto[4058]: |   68 a1 f1 c9  6b 86 96 fc  77 57 01 00  0d 00 00 14

Jul 14 15:08:26 GmaxNet pluto[4058]: |   4a 13 1c 81  07 03 58 45  5c 57 28 f2  0e 95 45 2f

Jul 14 15:08:26 GmaxNet pluto[4058]: |   0d 00 00 14  7d 94 19 a6  53 10 ca 6f  2c 17 9d 92

Jul 14 15:08:26 GmaxNet pluto[4058]: |   15 52 9d 56  0d 00 00 14  cd 60 46 43  35 df 21 f8

Jul 14 15:08:26 GmaxNet pluto[4058]: |   7c fd b2 fc  68 b6 a4 48  00 00 00 14  44 85 15 2d

Jul 14 15:08:26 GmaxNet pluto[4058]: |   18 b6 bb cd  0b e8 a8 46  95 79 dd cc

Jul 14 15:08:26 GmaxNet pluto[4058]: | inserting event EVENT_RETRANSMIT, timeout in 10 seconds for #1

Jul 14 15:08:26 GmaxNet pluto[4058]: | next event EVENT_RETRANSMIT in 10 seconds for #1

Jul 14 15:08:26 GmaxNet ipsec__plutorun: 104 "NetTunnel" #1: STATE_MAIN_I1: initiate

Jul 14 15:08:26 GmaxNet ipsec__plutorun: ...could not start conn "NetTunnel"

Jul 14 15:08:27 GmaxNet pluto[4058]: |

Jul 14 15:08:27 GmaxNet pluto[4058]: | *received 240 bytes from 80.xxx.xxx.xxx:500 on eth0 (port=500)

Jul 14 15:08:27 GmaxNet pluto[4058]: |   d3 14 32 07  8b c9 99 5d  00 00 00 00  00 00 00 00

Jul 14 15:08:27 GmaxNet pluto[4058]: |   01 10 02 00  00 00 00 00  00 00 00 f0  0d 00 00 5c

Jul 14 15:08:27 GmaxNet pluto[4058]: |   00 00 00 01  00 00 00 01  00 00 00 50  01 01 00 02

Jul 14 15:08:27 GmaxNet pluto[4058]: |   03 00 00 24  01 01 00 00  80 0b 00 01  80 0c 70 80

Jul 14 15:08:27 GmaxNet pluto[4058]: |   80 01 00 07  80 0e 01 00  80 02 00 02  80 03 00 01

Jul 14 15:08:27 GmaxNet pluto[4058]: |   80 04 00 05  00 00 00 24  02 01 00 00  80 0b 00 01

Jul 14 15:08:27 GmaxNet pluto[4058]: |   80 0c 70 80  80 01 00 07  80 0e 01 00  80 02 00 01

Jul 14 15:08:27 GmaxNet pluto[4058]: |   80 03 00 01  80 04 00 05  0d 00 00 14  af ca d7 13

Jul 14 15:08:27 GmaxNet pluto[4058]: |   68 a1 f1 c9  6b 86 96 fc  77 57 01 00  0d 00 00 14

Jul 14 15:08:27 GmaxNet pluto[4058]: |   af ca 07 13  68 a1 f1 c9  6b 86 96 fc  77 57 01 00

Jul 14 15:08:27 GmaxNet pluto[4058]: |   0d 00 00 14  50 62 b3 35  bc 20 db 32  c0 d5 44 65

Jul 14 15:08:27 GmaxNet pluto[4058]: |   a2 f7 01 00  0d 00 00 14  1d 6e 17 8f  6c 2c 0b e2

Jul 14 15:08:27 GmaxNet pluto[4058]: |   84 98 54 65  45 0f e9 d4  0d 00 00 14  7d 94 19 a6

Jul 14 15:08:27 GmaxNet pluto[4058]: |   53 10 ca 6f  2c 17 9d 92  15 52 9d 56  00 00 00 14

Jul 14 15:08:27 GmaxNet pluto[4058]: |   44 85 15 2d  18 b6 bb cd  0b e8 a8 46  95 79 dd cc

Jul 14 15:08:27 GmaxNet pluto[4058]: | **parse ISAKMP Message:

Jul 14 15:08:27 GmaxNet pluto[4058]: |    initiator cookie:

Jul 14 15:08:27 GmaxNet pluto[4058]: |   d3 14 32 07  8b c9 99 5d

Jul 14 15:08:27 GmaxNet pluto[4058]: |    responder cookie:

Jul 14 15:08:27 GmaxNet pluto[4058]: |   00 00 00 00  00 00 00 00

Jul 14 15:08:27 GmaxNet pluto[4058]: |    next payload type: ISAKMP_NEXT_SA

Jul 14 15:08:27 GmaxNet pluto[4058]: |    ISAKMP version: ISAKMP Version 1.0

Jul 14 15:08:27 GmaxNet pluto[4058]: |    exchange type: ISAKMP_XCHG_IDPROT

Jul 14 15:08:27 GmaxNet pluto[4058]: |    flags: none

Jul 14 15:08:27 GmaxNet pluto[4058]: |    message ID:  00 00 00 00

Jul 14 15:08:27 GmaxNet pluto[4058]: |    length: 240

Jul 14 15:08:27 GmaxNet pluto[4058]: |  processing packet with exchange type=ISAKMP_XCHG_IDPROT (2)

Jul 14 15:08:27 GmaxNet pluto[4058]: | ***parse ISAKMP Security Association Payload:

Jul 14 15:08:27 GmaxNet pluto[4058]: |    next payload type: ISAKMP_NEXT_VID

Jul 14 15:08:27 GmaxNet pluto[4058]: |    length: 92

Jul 14 15:08:27 GmaxNet pluto[4058]: |    DOI: ISAKMP_DOI_IPSEC

Jul 14 15:08:27 GmaxNet pluto[4058]: | ***parse ISAKMP Vendor ID Payload:

Jul 14 15:08:27 GmaxNet pluto[4058]: |    next payload type: ISAKMP_NEXT_VID

Jul 14 15:08:27 GmaxNet pluto[4058]: |    length: 20

Jul 14 15:08:27 GmaxNet pluto[4058]: | ***parse ISAKMP Vendor ID Payload:

Jul 14 15:08:27 GmaxNet pluto[4058]: |    next payload type: ISAKMP_NEXT_VID

Jul 14 15:08:27 GmaxNet pluto[4058]: |    length: 20

Jul 14 15:08:27 GmaxNet pluto[4058]: | ***parse ISAKMP Vendor ID Payload:

Jul 14 15:08:27 GmaxNet pluto[4058]: |    next payload type: ISAKMP_NEXT_VID

Jul 14 15:08:27 GmaxNet pluto[4058]: |    length: 20

Jul 14 15:08:27 GmaxNet pluto[4058]: | ***parse ISAKMP Vendor ID Payload:

Jul 14 15:08:27 GmaxNet pluto[4058]: |    next payload type: ISAKMP_NEXT_VID

Jul 14 15:08:27 GmaxNet pluto[4058]: |    length: 20

Jul 14 15:08:27 GmaxNet pluto[4058]: | ***parse ISAKMP Vendor ID Payload:

Jul 14 15:08:27 GmaxNet pluto[4058]: |    next payload type: ISAKMP_NEXT_VID

Jul 14 15:08:27 GmaxNet pluto[4058]: |    length: 20

Jul 14 15:08:27 GmaxNet pluto[4058]: | ***parse ISAKMP Vendor ID Payload:

Jul 14 15:08:27 GmaxNet pluto[4058]: |    next payload type: ISAKMP_NEXT_NONE

Jul 14 15:08:27 GmaxNet pluto[4058]: |    length: 20

Jul 14 15:08:27 GmaxNet pluto[4058]: packet from 80.xxx.xxx.xxx:500: received Vendor ID payload [Dead Peer Detection]

Jul 14 15:08:27 GmaxNet pluto[4058]: packet from 80.xxx.xxx.xxx:500: ignoring unknown Vendor ID payload [afca071368a1f1c96b8696fc77570100]

Jul 14 15:08:27 GmaxNet pluto[4058]: packet from 80.xxx.xxx.xxx:500: ignoring unknown Vendor ID payload [5062b335bc20db32c0d54465a2f70100]

Jul 14 15:08:27 GmaxNet pluto[4058]: packet from 80.xxx.xxx.xxx:500: ignoring unknown Vendor ID payload [1d6e178f6c2c0be284985465450fe9d4]

Jul 14 15:08:27 GmaxNet pluto[4058]: packet from 80.xxx.xxx.xxx:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] method set to=108

Jul 14 15:08:27 GmaxNet pluto[4058]: packet from 80.xxx.xxx.xxx:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]

Jul 14 15:08:27 GmaxNet pluto[4058]: | nat-t detected, sending nat-t VID

Jul 14 15:08:27 GmaxNet pluto[4058]: | find_host_connection called from main_inI1_outR1

Jul 14 15:08:27 GmaxNet pluto[4058]: | find_host_pair: comparing to 199.xxx.xxx.xxx:500 80.xxx.xxx.xxx:500

Jul 14 15:08:27 GmaxNet pluto[4058]: | find_host_pair_conn (find_host_connection2): 199.xxx.xxx.xxx:500 80.xxx.xxx.xxx:500 -> hp:none

Jul 14 15:08:27 GmaxNet pluto[4058]: | find_host_connection called from main_inI1_outR1

Jul 14 15:08:27 GmaxNet pluto[4058]: | find_host_pair: comparing to 199.xxx.xxx.xxx:500 80.xxx.xxx.xxx:500

Jul 14 15:08:27 GmaxNet pluto[4058]: | find_host_pair_conn (find_host_connection2): 199.xxx.xxx.xxx:500 %any:500 -> hp:none

Jul 14 15:08:27 GmaxNet pluto[4058]: packet from 80.xxx.xxx.xxx:500: initial Main Mode message received on 199.xxx.xxx.xxx:500 but no connection has been authorized

Jul 14 15:08:27 GmaxNet pluto[4058]: | complete state transition with STF_IGNORE

Jul 14 15:08:27 GmaxNet pluto[4058]: | next event EVENT_RETRANSMIT in 9 seconds for #1

Jul 14 15:08:30 GmaxNet pluto[4058]: |

Jul 14 15:08:30 GmaxNet pluto[4058]: | *received whack message

Jul 14 15:08:30 GmaxNet pluto[4058]: shutting down

Jul 14 15:08:30 GmaxNet pluto[4058]: forgetting secrets

Jul 14 15:08:30 GmaxNet pluto[4058]: | processing connection NetTunnel

Jul 14 15:08:30 GmaxNet pluto[4058]: "NetTunnel": deleting connection

Jul 14 15:08:30 GmaxNet pluto[4058]: | processing connection NetTunnel

Jul 14 15:08:30 GmaxNet pluto[4058]: "NetTunnel" #1: deleting state (STATE_MAIN_I1)

Jul 14 15:08:30 GmaxNet pluto[4058]: | deleting state #1

Jul 14 15:08:30 GmaxNet pluto[4058]: | processing connection NetTunnel

Jul 14 15:08:30 GmaxNet pluto[4058]: | no suspended cryptographic state for 1

Jul 14 15:08:30 GmaxNet pluto[4058]: | ICOOKIE:  ff 66 6f 93  22 10 12 96

Jul 14 15:08:30 GmaxNet pluto[4058]: | RCOOKIE:  00 00 00 00  00 00 00 00

Jul 14 15:08:30 GmaxNet pluto[4058]: | peer:  d8 e2 36 0d

Jul 14 15:08:30 GmaxNet pluto[4058]: | state hash entry 18

Jul 14 15:08:30 GmaxNet pluto[4058]: | delete eroute 192.168.40.0/24:0 --0-> 192.168.20.0/24:0 => int.0@199.xxx.xxx.xxx (raw_eroute)

Jul 14 15:08:30 GmaxNet pluto[4058]: | eroute_connection delete eroute 192.168.20.0/24:0 --0-> 192.168.40.0/24:0 => int.0@0.0.0.0 (raw_eroute)

Jul 14 15:08:30 GmaxNet pluto[4058]: | route owner of "NetTunnel" unrouted: NULL

Jul 14 15:08:30 GmaxNet pluto[4058]: | command executing unroute-client

Jul 14 15:08:30 GmaxNet pluto[4058]: | executing unroute-client: 2>&1 PLUTO_VERSION='1.1' PLUTO_VERB='unroute-client' PLUTO_CONNECTION='NetTunnel' PLUTO_NEXT_HOP='80.xxx.xxx.xxx' PLUTO_INTERFACE='eth0' PLUTO_ME='199.xxx.xxx.xxx' PLUTO_MY_ID='199.xxx.xxx.xxx' PLUTO_MY_CLIENT='192.168.24.0/24' PLUTO_MY_CLIENT_NET='192.168.20.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_PEER='80.xxx.xxx.xxx' PLUTO_PEER_ID='80.xxx.xxx.xxx' PLUTO_PEER_CLIENT='192.168.40.0/24' PLUTO_PEER_CLIENT_NET='192.168.20.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP'   ipsec _updown

Jul 14 15:08:30 GmaxNet ipsec_setup: Stopping Openswan IPsec...

Jul 14 15:08:30 GmaxNet pluto[4058]: | alg_info_delref(0x80f35b8) alg_info->ref_cnt=2

Jul 14 15:08:30 GmaxNet pluto[4058]: | alg_info_delref(0x80f2e00) alg_info->ref_cnt=2

Jul 14 15:08:30 GmaxNet pluto[4058]: shutting down interface lo/lo ::1:500

Jul 14 15:08:30 GmaxNet pluto[4058]: shutting down interface eth0/eth0 199.xxx.xxx.xxx:4500

Jul 14 15:08:30 GmaxNet pluto[4058]: shutting down interface eth0/eth0 199.xxx.xxx.xxx:500

Jul 14 15:08:30 GmaxNet pluto[4058]: shutting down interface eth1/eth1 192.xxx.xxx.xxx:4500

Jul 14 15:08:30 GmaxNet pluto[4058]: shutting down interface eth1/eth1 192.xxx.xxx.xxx:500

Jul 14 15:08:30 GmaxNet pluto[4058]: shutting down interface lo/lo 127.0.0.1:4500

Jul 14 15:08:30 GmaxNet pluto[4058]: shutting down interface lo/lo 127.0.0.1:500

Jul 14 15:08:31 GmaxNet ipsec_setup: ...Openswan IPsec stopped

----------

## lejim

Have you successfully set up a vpn between a FG100 and a gentoo box? I have to do exactly the same, tried racoon but too poor documentation... Can you help me in the quest of the holy connectivity ?

----------

## niolou

Hi all ! 

Does this topic is stiff active ? Because i have made a configuration of openswan who works with a fortigate if someone is interessed please let me now.

Cheers

----------

## lejim

Glad to see there still is an interest in this post but for me it's solved since a long time now.

Salut niolou, sympa de voir qu'il y'a des gens qui déterrent des topics oublié au fin fond du forum pour aider  :Smile:  comme tu constate je n'ai jamais eu de réponse donc pour lui aussi ça doit être résolu.

[mode ma vie]

En fait à cette époque je suis passé au FortiOS 3 ou la config du quick selector mode à été modifié deplacé donc j'ai un poil galerer avant de remettre le doigts dessus sinon depuis pas mal de mois maintenant ça fonctionne nickel h24 7j/7.

[/]

@+

----------

