VR-S1000ログ出力例1～5

VR-S1000ログ出力例1～5

VR-S1000のファームウェアVerによって出力されるログ情報が異なります。
下記はファームウェアVer.2.09以降でのログ出力例です。

PC1→PC2宛のpingでIPsecのトリガとする。

Mar 21 17:15:09 VRB0C745BF000E pluto: loading secrets from "/etc/ipsec.secrets"
Mar 21 17:17:21 VRB0C745BF000E pluto: "IPsec_test" #1: initiating Main Mode
Mar 21 17:17:58 VRB0C745BF000E pluto: initiate on demand from 192.168.100.100:8 to 192.168.101.100:0 proto=1 state: fos_start because: acquire
Mar 21 17:18:32 VRB0C745BF000E pluto: "IPsec_test" #1: starting keying attempt 2 of at most 3
Mar 21 17:18:32 VRB0C745BF000E pluto: "IPsec_test" #2: initiating Main Mode to replace #1
Mar 21 17:19:42 VRB0C745BF000E pluto: "IPsec_test" #2: starting keying attempt 3 of at most 3
Mar 21 17:19:42 VRB0C745BF000E pluto: "IPsec_test" #3: initiating Main Mode to replace #2
Mar 21 17:23:37 VRB0C745BF000E pluto: initiate on demand from 192.168.100.100:8 to 192.168.101.100:0 proto=1 state: fos_start because: acquire
Mar 21 17:23:37 VRB0C745BF000E pluto: "IPsec_test" #4: initiating Main Mode
Mar 21 17:24:47 VRB0C745BF000E pluto: "IPsec_test" #4: starting keying attempt 2 of at most 3
Mar 21 17:24:47 VRB0C745BF000E pluto: "IPsec_test" #5: initiating Main Mode to replace #4
Mar 21 17:25:57 VRB0C745BF000E pluto: "IPsec_test" #5: starting keying attempt 3 of at most 3
Mar 21 17:25:57 VRB0C745BF000E pluto: "IPsec_test" #6: initiating Main Mode to replace #5

IPsec設定が無いので、接続要求が有ったログのみ残る。

VPN > IPsec > IPsecポリシー > IKEポリシー

(1) 本来 172.27.0.101 であるべきところを、172.27.0.110(存在しない) と設定間違い。
PC1→PC2宛のpingでIPsecのトリガとする。

Mar 21 17:34:38 VRB0C745BF000E pluto: loading secrets from "/etc/ipsec.secrets"
Mar 21 17:34:38 VRB0C745BF000E janus_run: Starting janus watcher...
Mar 21 17:34:38 VRB0C745BF000E janus watcher[29721]: Starting Janus - Dynamic DNS watcher (Version 1.3)
Mar 21 17:34:55 VRB0C745BF000E pluto: initiate on demand from 192.168.100.100:8 to 192.168.101.100:0 proto=1 state: fos_start because: acquire
Mar 21 17:34:55 VRB0C745BF000E pluto: "IPsec_test" #7: initiating Main Mode
Mar 21 17:34:58 VRB0C745BF000E pluto: "IPsec_test" #7: ERROR: asynchronous network error report on eth0 (sport=500) for message to 172.27.0.110 port 500, complainant 172.27.0.100: No route to host [errno 113, origin ICMP type 3 code 1 (not authenticated)]
Mar 21 17:35:28 VRB0C745BF000E pluto: "IPsec_test" #7: ERROR: asynchronous network error report on eth0 (sport=500) for message to 172.27.0.110 port 500, complainant 172.27.0.100: No route to host [errno 113, origin ICMP type 3 code 1 (not authenticated)]
Mar 21 17:36:05 VRB0C745BF000E pluto: "IPsec_test" #7: starting keying attempt 2 of at most 3
Mar 21 17:36:05 VRB0C745BF000E pluto: "IPsec_test" #8: initiating Main Mode to replace #7
Mar 21 17:36:08 VRB0C745BF000E pluto: "IPsec_test" #8: ERROR: asynchronous network error report on eth0 (sport=500) for message to 172.27.0.110 port 500, complainant 172.27.0.100: No route to host [errno 113, origin ICMP type 3 code 1 (not authenticated)]
Mar 21 17:36:38 VRB0C745BF000E last message repeated 2 times
Mar 21 17:37:15 VRB0C745BF000E pluto: "IPsec_test" #8: starting keying attempt 3 of at most 3
Mar 21 17:37:15 VRB0C745BF000E pluto: "IPsec_test" #9: initiating Main Mode to replace #8
Mar 21 17:37:18 VRB0C745BF000E pluto: "IPsec_test" #9: ERROR: asynchronous network error report on eth0 (sport=500) for message to 172.27.0.110 port 500, complainant 172.27.0.100: No route to host [errno 113, origin ICMP type 3 code 1 (not authenticated)]
Mar 21 17:37:48 VRB0C745BF000E last message repeated 2 times

(2) 本来 172.27.0.101であるべきところを、172.27.0.1(存在する) と設定間違い。
PC1→PC2宛のpingでIPsecのトリガとする。

Mar 21 17:57:01 VRB0C745BF000E pluto: loading secrets from "/etc/ipsec.secrets"
Mar 21 17:57:02 VRB0C745BF000E janus_run: Starting janus watcher...
Mar 21 17:57:02 VRB0C745BF000E janus watcher[30544]: Starting Janus - Dynamic DNS watcher (Version 1.3)
Mar 21 17:57:20 VRB0C745BF000E pluto: initiate on demand from 192.168.100.100:8 to 192.168.101.100:0 proto=1 state: fos_start because: acquire
Mar 21 17:57:20 VRB0C745BF000E pluto: "IPsec_test" #10: initiating Main Mode
Mar 21 17:58:30 VRB0C745BF000E pluto: "IPsec_test" #10: max number of retransmissions (2) reached STATE_MAIN_I1. No response (or no acceptable response) to our first IKE message
Mar 21 17:58:30 VRB0C745BF000E pluto: "IPsec_test" #10: starting keying attempt 2 of at most 3
Mar 21 17:58:30 VRB0C745BF000E pluto: "IPsec_test" #11: initiating Main Mode to replace #10
Mar 21 17:59:40 VRB0C745BF000E pluto: "IPsec_test" #11: starting keying attempt 3 of at most 3
Mar 21 17:59:40 VRB0C745BF000E pluto: "IPsec_test" #12: initiating Main Mode to replace #11

DUT1側で、本来 172.27.0.101(DUT2のアドレス) であるべきところを設定間違い。
この場合、DUT2には接続要求が来ないので、ログは残らない。

PC1→PC2宛のpingでIPsecのトリガとする。(DUT1がイニシエーターとなる)
《IPsecパラメーター》
IPsecウィザードのデフォルト値で設定した場合。

Mar 21 18:15:54 VRB0C745BF000E pluto: loading secrets from "/etc/ipsec.secrets"
Mar 21 18:15:55 VRB0C745BF000E janus_run: Starting janus watcher...
Mar 21 18:15:55 VRB0C745BF000E janus watcher[12065]: Starting Janus - Dynamic DNS watcher (Version 1.3)
Mar 21 18:17:37 VRB0C745BF000E pluto: "IPsec_test" #1: initiating Main Mode
Mar 21 18:17:37 VRB0C745BF000E pluto: "IPsec_test" #1: received Vendor ID payload [Openswan (this version) VR-S1000_V2.09_D20140225-dirty ]
Mar 21 18:17:37 VRB0C745BF000E pluto: "IPsec_test" #1: received Vendor ID payload [Dead Peer Detection]
Mar 21 18:17:37 VRB0C745BF000E pluto: "IPsec_test" #1: received Vendor ID payload [RFC 3947] method set to=115
Mar 21 18:17:37 VRB0C745BF000E pluto: "IPsec_test" #1: enabling possible NAT-traversal with method RFC 3947 (NAT-Traversal)
Mar 21 18:17:37 VRB0C745BF000E pluto: "IPsec_test" #1: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
Mar 21 18:17:37 VRB0C745BF000E pluto: "IPsec_test" #1: STATE_MAIN_I2: sent MI2, expecting MR2
Mar 21 18:17:37 VRB0C745BF000E pluto: "IPsec_test" #1: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike (MacOS X): no NAT detected
Mar 21 18:17:37 VRB0C745BF000E pluto: "IPsec_test" #1: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
Mar 21 18:17:37 VRB0C745BF000E pluto: "IPsec_test" #1: STATE_MAIN_I3: sent MI3, expecting MR3
Mar 21 18:17:37 VRB0C745BF000E pluto: "IPsec_test" #1: received Vendor ID payload [CAN-IKEv2]
Mar 21 18:17:37 VRB0C745BF000E pluto: "IPsec_test" #1: Main mode peer ID is ID_IPV4_ADDR: '172.27.0.101'
Mar 21 18:17:37 VRB0C745BF000E pluto: "IPsec_test" #1: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
Mar 21 18:17:37 VRB0C745BF000E pluto: "IPsec_test" #1: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp1024}
Mar 21 18:17:37 VRB0C745BF000E pluto: "IPsec_test" #1: Dead Peer Detection (RFC 3706): enabled
Mar 21 18:17:37 VRB0C745BF000E pluto: "IPsec_test" #2: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+IKEv2ALLOW+SAREFTRACK {using isakmp#1 msgid:e0ca4eeb proposal=3DES(3)_192-SHA1(2)_160 pfsgroup=OAKLEY_GROUP_MODP1024}
Mar 21 18:17:37 VRB0C745BF000E pluto: "IPsec_test" #2: Dead Peer Detection (RFC 3706): enabled
Mar 21 18:17:37 VRB0C745BF000E pluto: "IPsec_test" #2: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2
Mar 21 18:17:37 VRB0C745BF000E pluto: "IPsec_test" #2: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode {ESP=>0x412facd2 <0x9408cef9 xfrm=3DES_0-HMAC_SHA1 NATOA=none NATD=none DPD=enabled}

Mar 21 18:16:57 VRB0C745BF0018 pluto: loading secrets from "/etc/ipsec.secrets"
Mar 21 18:16:58 VRB0C745BF0018 janus_run: Starting janus watcher...
Mar 21 18:16:59 VRB0C745BF0018 janus watcher[12350]: Starting Janus - Dynamic DNS watcher (Version 1.3)
Mar 21 18:17:37 VRB0C745BF0018 pluto: packet from 172.27.0.100:500: received Vendor ID payload [Dead Peer Detection]
Mar 21 18:17:37 VRB0C745BF0018 pluto: packet from 172.27.0.100:500: received Vendor ID payload [RFC 3947] method set to=115
Mar 21 18:17:37 VRB0C745BF0018 pluto: packet from 172.27.0.100:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 115
Mar 21 18:17:37 VRB0C745BF0018 pluto: packet from 172.27.0.100:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 115
Mar 21 18:17:37 VRB0C745BF0018 pluto: packet from 172.27.0.100:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 115
Mar 21 18:17:37 VRB0C745BF0018 pluto: packet from 172.27.0.100:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Mar 21 18:17:37 VRB0C745BF0018 pluto: "IPsec_DUT2" #1: responding to Main Mode
Mar 21 18:17:37 VRB0C745BF0018 pluto: "IPsec_DUT2" #1: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Mar 21 18:17:37 VRB0C745BF0018 pluto: "IPsec_DUT2" #1: STATE_MAIN_R1: sent MR1, expecting MI2
Mar 21 18:17:37 VRB0C745BF0018 pluto: "IPsec_DUT2" #1: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike (MacOS X): no NAT detected
Mar 21 18:17:37 VRB0C745BF0018 pluto: "IPsec_DUT2" #1: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Mar 21 18:17:37 VRB0C745BF0018 pluto: "IPsec_DUT2" #1: STATE_MAIN_R2: sent MR2, expecting MI3
Mar 21 18:17:37 VRB0C745BF0018 pluto: "IPsec_DUT2" #1: Main mode peer ID is ID_IPV4_ADDR: '172.27.0.100'
Mar 21 18:17:37 VRB0C745BF0018 pluto: "IPsec_DUT2" #1: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Mar 21 18:17:37 VRB0C745BF0018 pluto: "IPsec_DUT2" #1: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp1024}
Mar 21 18:17:37 VRB0C745BF0018 pluto: "IPsec_DUT2" #1: Dead Peer Detection (RFC 3706): enabled
Mar 21 18:17:37 VRB0C745BF0018 pluto: "IPsec_DUT2" #1: the peer proposed: 192.168.101.0/24:0/0 -> 192.168.100.0/24:0/0
Mar 21 18:17:37 VRB0C745BF0018 pluto: "IPsec_DUT2" #2: responding to Quick Mode proposal {msgid:e0ca4eeb}
Mar 21 18:17:37 VRB0C745BF0018 pluto: "IPsec_DUT2" #2: us: 192.168.101.0/24===172.27.0.101<172.27.0.101>
Mar 21 18:17:37 VRB0C745BF0018 pluto: "IPsec_DUT2" #2: them: 172.27.0.100<172.27.0.100>===192.168.100.0/24
Mar 21 18:17:37 VRB0C745BF0018 pluto: "IPsec_DUT2" #2: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Mar 21 18:17:37 VRB0C745BF0018 pluto: "IPsec_DUT2" #2: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
Mar 21 18:17:37 VRB0C745BF0018 pluto: "IPsec_DUT2" #2: Dead Peer Detection (RFC 3706): enabled
Mar 21 18:17:37 VRB0C745BF0018 pluto: "IPsec_DUT2" #2: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Mar 21 18:17:37 VRB0C745BF0018 pluto: "IPsec_DUT2" #2: STATE_QUICK_R2: IPsec SA established tunnel mode {ESP=>0x9408cef9 <0x412facd2 xfrm=3DES_0-HMAC_SHA1 NATOA=none NATD=none DPD=enabled}

PC1→PC2宛のpingでIPsecのトリガとする。(DUT1がイニシエーターとなる
《IPsecパラメーター》
DUT1　VPNポリシー / DH Group5(1536bit)
DUT2　VPNポリシー / DH Group2(1024bit) : デフォルト
他は IPsecウィザードのデフォルト値で設定

Mar 21 18:30:45 VRB0C745BF000E pluto: loading secrets from "/etc/ipsec.secrets"
Mar 21 18:30:45 VRB0C745BF000E janus_run: Starting janus watcher...
Mar 21 18:30:45 VRB0C745BF000E janus watcher[31016]: Starting Janus - Dynamic DNS watcher (Version 1.3)
Mar 21 18:31:16 VRB0C745BF000E pluto: "IPsec_test" #5: initiating Main Mode
Mar 21 18:31:16 VRB0C745BF000E pluto: "IPsec_test" #5: received Vendor ID payload [Openswan (this version) VR-S1000_V2.09_D20140225-dirty ]
Mar 21 18:31:16 VRB0C745BF000E pluto: "IPsec_test" #5: received Vendor ID payload [Dead Peer Detection]
Mar 21 18:31:16 VRB0C745BF000E pluto: "IPsec_test" #5: received Vendor ID payload [RFC 3947] method set to=115
Mar 21 18:31:16 VRB0C745BF000E pluto: "IPsec_test" #5: enabling possible NAT-traversal with method RFC 3947 (NAT-Traversal)
Mar 21 18:31:16 VRB0C745BF000E pluto: "IPsec_test" #5: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
Mar 21 18:31:16 VRB0C745BF000E pluto: "IPsec_test" #5: STATE_MAIN_I2: sent MI2, expecting MR2
Mar 21 18:31:16 VRB0C745BF000E pluto: "IPsec_test" #5: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike (MacOS X): no NAT detected
Mar 21 18:31:16 VRB0C745BF000E pluto: "IPsec_test" #5: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
Mar 21 18:31:16 VRB0C745BF000E pluto: "IPsec_test" #5: STATE_MAIN_I3: sent MI3, expecting MR3
Mar 21 18:31:16 VRB0C745BF000E pluto: "IPsec_test" #5: received Vendor ID payload [CAN-IKEv2]
Mar 21 18:31:16 VRB0C745BF000E pluto: "IPsec_test" #5: Main mode peer ID is ID_IPV4_ADDR: '172.27.0.101'
Mar 21 18:31:16 VRB0C745BF000E pluto: "IPsec_test" #5: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
Mar 21 18:31:16 VRB0C745BF000E pluto: "IPsec_test" #5: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp1024}
Mar 21 18:31:16 VRB0C745BF000E pluto: "IPsec_test" #5: Dead Peer Detection (RFC 3706): enabled
Mar 21 18:31:16 VRB0C745BF000E pluto: "IPsec_test" #6: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+IKEv2ALLOW+SAREFTRACK {using isakmp#5 msgid:d704f447 proposal=3DES(3)_192-SHA1(2)_160 pfsgroup=OAKLEY_GROUP_MODP1536}
Mar 21 18:31:16 VRB0C745BF000E pluto: "IPsec_test" #6: Dead Peer Detection (RFC 3706): enabled
Mar 21 18:31:16 VRB0C745BF000E pluto: "IPsec_test" #6: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2
Mar 21 18:31:16 VRB0C745BF000E pluto: "IPsec_test" #6: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode {ESP=>0x51b89d41 <0x10d7c61a xfrm=3DES_0-HMAC_SHA1 NATOA=none NATD=none DPD=enabled}

Mar 21 18:30:36 VRB0C745BF0018 pluto: loading secrets from "/etc/ipsec.secrets"
Mar 21 18:30:36 VRB0C745BF0018 janus_run: Starting janus watcher...
Mar 21 18:30:36 VRB0C745BF0018 janus watcher[28842]: Starting Janus - Dynamic DNS watcher (Version 1.3)
Mar 21 18:31:16 VRB0C745BF0018 pluto: packet from 172.27.0.100:500: received Vendor ID payload [Dead Peer Detection]
Mar 21 18:31:16 VRB0C745BF0018 pluto: packet from 172.27.0.100:500: received Vendor ID payload [RFC 3947] method set to=115
Mar 21 18:31:16 VRB0C745BF0018 pluto: packet from 172.27.0.100:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 115
Mar 21 18:31:16 VRB0C745BF0018 pluto: packet from 172.27.0.100:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 115
Mar 21 18:31:16 VRB0C745BF0018 pluto: packet from 172.27.0.100:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 115
Mar 21 18:31:16 VRB0C745BF0018 pluto: packet from 172.27.0.100:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Mar 21 18:31:16 VRB0C745BF0018 pluto: "IPsec_DUT2" #5: responding to Main Mode
Mar 21 18:31:16 VRB0C745BF0018 pluto: "IPsec_DUT2" #5: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Mar 21 18:31:16 VRB0C745BF0018 pluto: "IPsec_DUT2" #5: STATE_MAIN_R1: sent MR1, expecting MI2
Mar 21 18:31:16 VRB0C745BF0018 pluto: "IPsec_DUT2" #5: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike (MacOS X): no NAT detected
Mar 21 18:31:16 VRB0C745BF0018 pluto: "IPsec_DUT2" #5: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Mar 21 18:31:16 VRB0C745BF0018 pluto: "IPsec_DUT2" #5: STATE_MAIN_R2: sent MR2, expecting MI3
Mar 21 18:31:16 VRB0C745BF0018 pluto: "IPsec_DUT2" #5: Main mode peer ID is ID_IPV4_ADDR: '172.27.0.100'
Mar 21 18:31:16 VRB0C745BF0018 pluto: "IPsec_DUT2" #5: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Mar 21 18:31:16 VRB0C745BF0018 pluto: "IPsec_DUT2" #5: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp1024}
Mar 21 18:31:16 VRB0C745BF0018 pluto: "IPsec_DUT2" #5: Dead Peer Detection (RFC 3706): enabled
Mar 21 18:31:16 VRB0C745BF0018 pluto: "IPsec_DUT2" #5: the peer proposed: 192.168.101.0/24:0/0 -> 192.168.100.0/24:0/0
Mar 21 18:31:16 VRB0C745BF0018 pluto: "IPsec_DUT2" #6: responding to Quick Mode proposal {msgid:d704f447}
Mar 21 18:31:16 VRB0C745BF0018 pluto: "IPsec_DUT2" #6: us: 192.168.101.0/24===172.27.0.101<172.27.0.101>
Mar 21 18:31:16 VRB0C745BF0018 pluto: "IPsec_DUT2" #6: them: 172.27.0.100<172.27.0.100>===192.168.100.0/24
Mar 21 18:31:16 VRB0C745BF0018 pluto: "IPsec_DUT2" #6: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Mar 21 18:31:16 VRB0C745BF0018 pluto: "IPsec_DUT2" #6: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
Mar 21 18:31:16 VRB0C745BF0018 pluto: "IPsec_DUT2" #6: Dead Peer Detection (RFC 3706): enabled
Mar 21 18:31:16 VRB0C745BF0018 pluto: "IPsec_DUT2" #6: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Mar 21 18:31:16 VRB0C745BF0018 pluto: "IPsec_DUT2" #6: STATE_QUICK_R2: IPsec SA established tunnel mode {ESP=>0x10d7c61a <0x51b89d41 xfrm=3DES_0-HMAC_SHA1 NATOA=none NATD=none DPD=enabled}

VPN > IPsec > IPsecポリシー > VPNポリシー

PC1→PC2宛のpingでIPsecのトリガとする。(DUT1がイニシエーターとなる)
《IPsecパラメーター》
DUT1　VPNポリシー / AES-128
DUT2　VPNポリシー / 3DES : デフォルト
他は IPsecウィザードのデフォルト値で設定

Mar 21 19:10:34 VRB0C745BF000E pluto: loading secrets from "/etc/ipsec.secrets"
Mar 21 19:10:35 VRB0C745BF000E janus_run: Starting janus watcher...
Mar 21 19:10:35 VRB0C745BF000E janus watcher[12139]: Starting Janus - Dynamic DNS watcher (Version 1.3)
Mar 21 19:12:02 VRB0C745BF000E pluto: "IPsec_test" #7: initiating Main Mode
Mar 21 19:12:02 VRB0C745BF000E pluto: "IPsec_test" #7: received Vendor ID payload [Openswan (this version) VR-S1000_V2.09_D20140225-dirty ]
Mar 21 19:12:02 VRB0C745BF000E pluto: "IPsec_test" #7: received Vendor ID payload [Dead Peer Detection]
Mar 21 19:12:02 VRB0C745BF000E pluto: "IPsec_test" #7: received Vendor ID payload [RFC 3947] method set to=115
Mar 21 19:12:02 VRB0C745BF000E pluto: "IPsec_test" #7: enabling possible NAT-traversal with method RFC 3947 (NAT-Traversal)
Mar 21 19:12:02 VRB0C745BF000E pluto: "IPsec_test" #7: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
Mar 21 19:12:02 VRB0C745BF000E pluto: "IPsec_test" #7: STATE_MAIN_I2: sent MI2, expecting MR2
Mar 21 19:12:02 VRB0C745BF000E pluto: "IPsec_test" #7: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike (MacOS X): no NAT detected
Mar 21 19:12:02 VRB0C745BF000E pluto: "IPsec_test" #7: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
Mar 21 19:12:02 VRB0C745BF000E pluto: "IPsec_test" #7: STATE_MAIN_I3: sent MI3, expecting MR3
Mar 21 19:12:02 VRB0C745BF000E pluto: "IPsec_test" #7: received Vendor ID payload [CAN-IKEv2]
Mar 21 19:12:02 VRB0C745BF000E pluto: "IPsec_test" #7: Main mode peer ID is ID_IPV4_ADDR: '172.27.0.101'
Mar 21 19:12:02 VRB0C745BF000E pluto: "IPsec_test" #7: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
Mar 21 19:12:02 VRB0C745BF000E pluto: "IPsec_test" #7: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp1024}
Mar 21 19:12:02 VRB0C745BF000E pluto: "IPsec_test" #7: Dead Peer Detection (RFC 3706): enabled
Mar 21 19:12:02 VRB0C745BF000E pluto: "IPsec_test" #8: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+IKEv2ALLOW+SAREFTRACK {using isakmp#7 msgid:e44ca173 proposal=AES(12)_128-SHA1(2)_160 pfsgroup=OAKLEY_GROUP_MODP1024}
Mar 21 19:12:02 VRB0C745BF000E pluto: "IPsec_test" #7: ignoring informational payload, type NO_PROPOSAL_CHOSEN msgid=00000000
Mar 21 19:12:02 VRB0C745BF000E pluto: "IPsec_test" #7: received and ignored informational message
Mar 21 19:12:12 VRB0C745BF000E pluto: "IPsec_test" #7: ignoring informational payload, type NO_PROPOSAL_CHOSEN msgid=00000000
Mar 21 19:12:12 VRB0C745BF000E pluto: "IPsec_test" #7: received and ignored informational message
Mar 21 19:12:32 VRB0C745BF000E pluto: "IPsec_test" #7: ignoring informational payload, type NO_PROPOSAL_CHOSEN msgid=00000000
Mar 21 19:12:32 VRB0C745BF000E pluto: "IPsec_test" #7: received and ignored informational message
Mar 21 19:13:12 VRB0C745BF000E pluto: "IPsec_test" #8: starting keying attempt 2 of at most 3
Mar 21 19:13:12 VRB0C745BF000E pluto: "IPsec_test" #9: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+IKEv2ALLOW+SAREFTRACK to replace #8 {using isakmp#7 msgid:cf2e4efb proposal=AES(12)_128-SHA1(2)_160 pfsgroup=OAKLEY_GROUP_MODP1024}
Mar 21 19:13:12 VRB0C745BF000E pluto: "IPsec_test" #7: ignoring informational payload, type NO_PROPOSAL_CHOSEN msgid=00000000
Mar 21 19:13:12 VRB0C745BF000E pluto: "IPsec_test" #7: received and ignored informational message
Mar 21 19:13:22 VRB0C745BF000E pluto: "IPsec_test" #7: ignoring informational payload, type NO_PROPOSAL_CHOSEN msgid=00000000
Mar 21 19:13:22 VRB0C745BF000E pluto: "IPsec_test" #7: received and ignored informational message
Mar 21 19:13:42 VRB0C745BF000E pluto: "IPsec_test" #7: ignoring informational payload, type NO_PROPOSAL_CHOSEN msgid=00000000
Mar 21 19:13:42 VRB0C745BF000E pluto: "IPsec_test" #7: received and ignored informational message
Mar 21 19:14:22 VRB0C745BF000E pluto: "IPsec_test" #9: starting keying attempt 3 of at most 3
Mar 21 19:14:22 VRB0C745BF000E pluto: "IPsec_test" #10: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+IKEv2ALLOW+SAREFTRACK to replace #9 {using isakmp#7 msgid:e7a1dd9d proposal=AES(12)_128-SHA1(2)_160 pfsgroup=OAKLEY_GROUP_MODP1024}
Mar 21 19:14:22 VRB0C745BF000E pluto: "IPsec_test" #7: ignoring informational payload, type NO_PROPOSAL_CHOSEN msgid=00000000
Mar 21 19:14:22 VRB0C745BF000E pluto: "IPsec_test" #7: received and ignored informational message
Mar 21 19:14:32 VRB0C745BF000E pluto: "IPsec_test" #7: ignoring informational payload, type NO_PROPOSAL_CHOSEN msgid=00000000
Mar 21 19:14:32 VRB0C745BF000E pluto: "IPsec_test" #7: received and ignored informational message
Mar 21 19:14:52 VRB0C745BF000E pluto: "IPsec_test" #7: ignoring informational payload, type NO_PROPOSAL_CHOSEN msgid=00000000
Mar 21 19:14:52 VRB0C745BF000E pluto: "IPsec_test" #7: received and ignored informational message

Mar 21 19:11:01 VRB0C745BF0018 pluto: loading secrets from "/etc/ipsec.secrets"
Mar 21 19:11:02 VRB0C745BF0018 janus_run: Starting janus watcher...
Mar 21 19:11:02 VRB0C745BF0018 janus watcher[8467]: Starting Janus - Dynamic DNS watcher (Version 1.3)
Mar 21 19:12:02 VRB0C745BF0018 pluto: packet from 172.27.0.100:500: received Vendor ID payload [Dead Peer Detection]
Mar 21 19:12:02 VRB0C745BF0018 pluto: packet from 172.27.0.100:500: received Vendor ID payload [RFC 3947] method set to=115
Mar 21 19:12:02 VRB0C745BF0018 pluto: packet from 172.27.0.100:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 115
Mar 21 19:12:02 VRB0C745BF0018 pluto: packet from 172.27.0.100:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 115
Mar 21 19:12:02 VRB0C745BF0018 pluto: packet from 172.27.0.100:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 115
Mar 21 19:12:02 VRB0C745BF0018 pluto: packet from 172.27.0.100:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Mar 21 19:12:02 VRB0C745BF0018 pluto: "IPsec_DUT2" #7: responding to Main Mode
Mar 21 19:12:02 VRB0C745BF0018 pluto: "IPsec_DUT2" #7: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Mar 21 19:12:02 VRB0C745BF0018 pluto: "IPsec_DUT2" #7: STATE_MAIN_R1: sent MR1, expecting MI2
Mar 21 19:12:02 VRB0C745BF0018 pluto: "IPsec_DUT2" #7: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike (MacOS X): no NAT detected
Mar 21 19:12:02 VRB0C745BF0018 pluto: "IPsec_DUT2" #7: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Mar 21 19:12:02 VRB0C745BF0018 pluto: "IPsec_DUT2" #7: STATE_MAIN_R2: sent MR2, expecting MI3
Mar 21 19:12:02 VRB0C745BF0018 pluto: "IPsec_DUT2" #7: Main mode peer ID is ID_IPV4_ADDR: '172.27.0.100'
Mar 21 19:12:02 VRB0C745BF0018 pluto: "IPsec_DUT2" #7: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Mar 21 19:12:02 VRB0C745BF0018 pluto: "IPsec_DUT2" #7: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp1024}
Mar 21 19:12:02 VRB0C745BF0018 pluto: "IPsec_DUT2" #7: Dead Peer Detection (RFC 3706): enabled
Mar 21 19:12:02 VRB0C745BF0018 pluto: "IPsec_DUT2" #7: the peer proposed: 192.168.101.0/24:0/0 -> 192.168.100.0/24:0/0
Mar 21 19:12:02 VRB0C745BF0018 pluto: "IPsec_DUT2" #8: IPsec Transform [ESP_AES (128), AUTH_ALGORITHM_HMAC_SHA1] refused due to strict flag
Mar 21 19:12:02 VRB0C745BF0018 pluto: "IPsec_DUT2" #8: no acceptable Proposal in IPsec SA
Mar 21 19:12:02 VRB0C745BF0018 pluto: "IPsec_DUT2" #8: sending encrypted notification NO_PROPOSAL_CHOSEN to 172.27.0.100:500
Mar 21 19:12:12 VRB0C745BF0018 pluto: "IPsec_DUT2" #7: the peer proposed: 192.168.101.0/24:0/0 -> 192.168.100.0/24:0/0
Mar 21 19:12:12 VRB0C745BF0018 pluto: "IPsec_DUT2" #9: IPsec Transform [ESP_AES (128), AUTH_ALGORITHM_HMAC_SHA1] refused due to strict flag
Mar 21 19:12:12 VRB0C745BF0018 pluto: "IPsec_DUT2" #9: no acceptable Proposal in IPsec SA
Mar 21 19:12:12 VRB0C745BF0018 pluto: "IPsec_DUT2" #9: sending encrypted notification NO_PROPOSAL_CHOSEN to 172.27.0.100:500
Mar 21 19:12:32 VRB0C745BF0018 pluto: "IPsec_DUT2" #7: the peer proposed: 192.168.101.0/24:0/0 -> 192.168.100.0/24:0/0
Mar 21 19:12:32 VRB0C745BF0018 pluto: "IPsec_DUT2" #10: IPsec Transform [ESP_AES (128), AUTH_ALGORITHM_HMAC_SHA1] refused due to strict flag
Mar 21 19:12:32 VRB0C745BF0018 pluto: "IPsec_DUT2" #10: no acceptable Proposal in IPsec SA
Mar 21 19:12:32 VRB0C745BF0018 pluto: "IPsec_DUT2" #10: sending encrypted notification NO_PROPOSAL_CHOSEN to 172.27.0.100:500
Mar 21 19:13:12 VRB0C745BF0018 pluto: "IPsec_DUT2" #11: IPsec Transform [ESP_AES (128), AUTH_ALGORITHM_HMAC_SHA1] refused due to strict flag
Mar 21 19:13:12 VRB0C745BF0018 pluto: "IPsec_DUT2" #11: no acceptable Proposal in IPsec SA
Mar 21 19:13:12 VRB0C745BF0018 pluto: "IPsec_DUT2" #11: sending encrypted notification NO_PROPOSAL_CHOSEN to 172.27.0.100:500
Mar 21 19:13:22 VRB0C745BF0018 pluto: "IPsec_DUT2" #7: the peer proposed: 192.168.101.0/24:0/0 -> 192.168.100.0/24:0/0
Mar 21 19:13:22 VRB0C745BF0018 pluto: "IPsec_DUT2" #12: IPsec Transform [ESP_AES (128), AUTH_ALGORITHM_HMAC_SHA1] refused due to strict flag
Mar 21 19:13:22 VRB0C745BF0018 pluto: "IPsec_DUT2" #12: no acceptable Proposal in IPsec SA
Mar 21 19:13:22 VRB0C745BF0018 pluto: "IPsec_DUT2" #12: sending encrypted notification NO_PROPOSAL_CHOSEN to 172.27.0.100:500
Mar 21 19:13:42 VRB0C745BF0018 pluto: "IPsec_DUT2" #7: the peer proposed: 192.168.101.0/24:0/0 -> 192.168.100.0/24:0/0
Mar 21 19:13:42 VRB0C745BF0018 pluto: "IPsec_DUT2" #13: IPsec Transform [ESP_AES (128), AUTH_ALGORITHM_HMAC_SHA1] refused due to strict flag
Mar 21 19:13:42 VRB0C745BF0018 pluto: "IPsec_DUT2" #13: no acceptable Proposal in IPsec SA
Mar 21 19:13:42 VRB0C745BF0018 pluto: "IPsec_DUT2" #13: sending encrypted notification NO_PROPOSAL_CHOSEN to 172.27.0.100:500
Mar 21 19:14:22 VRB0C745BF0018 pluto: "IPsec_DUT2" #14: IPsec Transform [ESP_AES (128), AUTH_ALGORITHM_HMAC_SHA1] refused due to strict flag
Mar 21 19:14:22 VRB0C745BF0018 pluto: "IPsec_DUT2" #14: no acceptable Proposal in IPsec SA
Mar 21 19:14:22 VRB0C745BF0018 pluto: "IPsec_DUT2" #14: sending encrypted notification NO_PROPOSAL_CHOSEN to 172.27.0.100:500
Mar 21 19:14:32 VRB0C745BF0018 pluto: "IPsec_DUT2" #7: the peer proposed: 192.168.101.0/24:0/0 -> 192.168.100.0/24:0/0
Mar 21 19:14:32 VRB0C745BF0018 pluto: "IPsec_DUT2" #15: IPsec Transform [ESP_AES (128), AUTH_ALGORITHM_HMAC_SHA1] refused due to strict flag
Mar 21 19:14:32 VRB0C745BF0018 pluto: "IPsec_DUT2" #15: no acceptable Proposal in IPsec SA
Mar 21 19:14:32 VRB0C745BF0018 pluto: "IPsec_DUT2" #15: sending encrypted notification NO_PROPOSAL_CHOSEN to 172.27.0.100:500
Mar 21 19:14:52 VRB0C745BF0018 pluto: "IPsec_DUT2" #7: the peer proposed: 192.168.101.0/24:0/0 -> 192.168.100.0/24:0/0
Mar 21 19:14:52 VRB0C745BF0018 pluto: "IPsec_DUT2" #16: IPsec Transform [ESP_AES (128), AUTH_ALGORITHM_HMAC_SHA1] refused due to strict flag
Mar 21 19:14:52 VRB0C745BF0018 pluto: "IPsec_DUT2" #16: no acceptable Proposal in IPsec SA
Mar 21 19:14:52 VRB0C745BF0018 pluto: "IPsec_DUT2" #16: sending encrypted notification NO_PROPOSAL_CHOSEN to 172.27.0.100:500

VPN > IPsec > IPsecポリシー > VPNポリシー