I've been running m0n0wall for quite some time. I have three of them
running on WRAP boxes with IPSec tunnels between them. Two have static
IP addresses(unit A and unit B), while one is dynamic IP(unit C).
Everything worked fine when I ran version 1.2b7 and a few earlier
betas. When I upgraded two of the boxes to 1.2b8 and b9, my dynamic
IPSec tunnel no longer works correctly. I'm not sure if it is a bug or
I'm doing something incorrectly.
Unit A is running 1.2b9 and unit C is running 1.2b9. Unit B is running
1.2b7. I use the dynamic IP unit (C) to contact the others. The
problem is, that I can always contact unit B, running 1.2b7, but unit A
seems to require me to log in via the webGUI, and re-save the IPSec
settings before I can establish a connection after the session has
dropped. The logs on Unit C show that a n IPSec session is established
in racoon, but traffic won't pass. The logs are included below for Unit
A and C. I re-saved the existing settings (changing nothing) on unit A
at 21:44:21 and that is when everything works again until things time
out. Interestingly enough, the IP address on B has not changed in well
over a week, so it shouldn't be related to old Security Policies.
Any help or ideas would be appreciated.
Thanks,
Gib
For those that link pictures....
__________
| Unit A |
| 1.2b9 |--------------------
|Static IP| |
-------------- |
____|________
| Unit C |
| 1.2b9 |
|Dynamic IP|
-----------------
|
|
__________ |
| Unit B | |
| 1.2b7 |---------------------
|Static IP |
--------------
IPSec Connection from C to B always works. Connection from C to A
requires a manual save of the existing settings on Unit A webGUI before
tunnel will work.
Log entries - Note, IP addresses changed
Unit C Logs
Jul 9 21:44:46 racoon: INFO: pfkey.c:1420:pk_recvadd(): IPsec-SA
established: ESP/Tunnel 69.123.123.123->67.38.234.234
spi=62679222(0x3bc68b6)
Jul 9 21:44:46 racoon: INFO: pfkey.c:1197:pk_recvupdate(): IPsec-SA
established: ESP/Tunnel 67.38.234.234->69.123.123.123 spi=9647285(0x9334b5)
Jul 9 21:44:45 racoon: INFO:
isakmp_inf.c:1155:info_recv_initialcontact(): purging spi=109022360.
Jul 9 21:44:45 racoon: INFO: isakmp.c:952:isakmp_ph2begin_i(): initiate
new phase 2 negotiation: 69.123.123.123[0]<=>67.38.234.234[0]
Jul 9 21:44:45 racoon: INFO: isakmp.c:2459:log_ph1established():
ISAKMP-SA established 69.123.123.123[500]-67.38.234.234[500]
spi:e67307ee6943c90e:6a91f589e3cd12b6
Jul 9 21:44:45 racoon: NOTIFY: oakley.c:2084:oakley_skeyid(): couldn't
find the proper pskey, try to get one by the peer's address.
Jul 9 21:44:44 racoon: WARNING: ipsec_doi.c:3079:ipsecdoi_checkid1():
ID value mismatched.
Jul 9 21:44:44 racoon: WARNING: ipsec_doi.c:3064:ipsecdoi_checkid1():
ID type mismatched.
Jul 9 21:44:44 racoon: INFO: vendorid.c:128:check_vendorid(): received
Vendor ID: KAME/racoon
Jul 9 21:44:43 racoon: INFO: isakmp.c:813:isakmp_ph1begin_i(): begin
Aggressive mode.
Jul 9 21:44:43 racoon: INFO: isakmp.c:808:isakmp_ph1begin_i(): initiate
new phase 1 negotiation: 69.123.123.123[500]<=>67.38.234.234[500]
Jul 9 21:44:43 racoon: INFO: isakmp.c:1694:isakmp_post_acquire():
IPsec-SA request for 67.38.234.234 queued due to no phase1 found.
Jul 9 21:44:23 racoon: INFO: isakmp.c:1574:isakmp_ph1delete():
ISAKMP-SA deleted 69.123.123.123[500]-67.38.234.234[500]
spi:9c6b8e276539ce45:8bd53167b1f9a733
Jul 9 21:44:22 racoon: INFO: isakmp_inf.c:887:purge_isakmp_spi():
purged ISAKMP-SA proto_id=ISAKMP spi=9c6b8e276539ce45:8bd53167b1f9a733.
Jul 9 21:44:21 racoon: INFO: isakmp_inf.c:989:purge_ipsec_spi(): purged
IPsec-SA proto_id=ESP spi=233926349.
Jul 9 21:38:21 racoon: INFO: pfkey.c:1420:pk_recvadd(): IPsec-SA
established: ESP/Tunnel 69.123.123.123->67.38.234.234
spi=233926349(0xdf16ecd)
Jul 9 21:38:21 racoon: INFO: pfkey.c:1197:pk_recvupdate(): IPsec-SA
established: ESP/Tunnel 67.38.234.234->69.123.123.123
spi=109022360(0x67f8c98)
Jul 9 21:38:20 racoon: INFO: isakmp.c:952:isakmp_ph2begin_i(): initiate
new phase 2 negotiation: 69.123.123.123[0]<=>67.38.234.234[0]
Jul 9 21:38:20 racoon: INFO: isakmp.c:2459:log_ph1established():
ISAKMP-SA established 69.123.123.123[500]-67.38.234.234[500]
spi:9c6b8e276533c90e:6a91f167b1f9a733
Jul 9 21:38:20 racoon: NOTIFY: oakley.c:2084:oakley_skeyid(): couldn't
find the proper pskey, try to get one by the peer's address.
Jul 9 21:38:19 racoon: WARNING: ipsec_doi.c:3079:ipsecdoi_checkid1():
ID value mismatched.
Jul 9 21:38:19 racoon: WARNING: ipsec_doi.c:3064:ipsecdoi_checkid1():
ID type mismatched.
Jul 9 21:38:19 racoon: INFO: vendorid.c:128:check_vendorid(): received
Vendor ID: KAME/racoon
Jul 9 21:38:18 racoon: INFO: isakmp.c:813:isakmp_ph1begin_i(): begin
Aggressive mode.
Jul 9 21:38:18 racoon: INFO: isakmp.c:808:isakmp_ph1begin_i(): initiate
new phase 1 negotiation: 69.123.123.123[500]<=>67.38.234.234[500]
Jul 9 21:38:18 racoon: INFO: isakmp.c:1694:isakmp_post_acquire():
IPsec-SA request for 67.38.234.234 queued due to no phase1 found.
Jul 9 21:38:04 racoon: ERROR: pfkey.c:2292:pk_recvspddump(): such
policy already exists. anyway replace it: 10.67.10.3/32[0]
10.67.10.0/24[0] proto=any dir=out
Jul 9 21:38:03 racoon: ERROR: pfkey.c:2292:pk_recvspddump(): such
policy already exists. anyway replace it: 10.67.10.0/24[0]
10.67.10.3/32[0] proto=any dir=in
Jul 9 21:38:03 racoon: INFO: isakmp.c:1368:isakmp_open():
192.168.10.1[500] used as isakmp port (fd=11)
Jul 9 21:38:03 racoon: INFO: isakmp.c:1368:isakmp_open():
10.67.10.3[500] used as isakmp port (fd=10)
Jul 9 21:38:03 racoon: INFO: isakmp.c:1368:isakmp_open():
127.0.0.1[500] used as isakmp port (fd=9)
Jul 9 21:38:03 racoon: INFO: isakmp.c:1368:isakmp_open():
69.123.123.123[500] used as isakmp port (fd=8)
Jul 9 21:38:03 racoon: INFO: isakmp.c:1368:isakmp_open():
10.10.10.1[500] used as isakmp port (fd=7)
Jul 9 21:38:03 racoon: INFO: main.c:175:main(): @(#)This product linked
OpenSSL 0.9.7d 17 Mar 2004 (http://www.openssl.org/)
Jul 9 21:38:03 racoon: INFO: main.c:174:main(): @(#)internal version
20001216 sakane at kame dot net
Jul 9 21:38:03 racoon: INFO: main.c:172:main(): @(#)package version
freebsd-20040818a
Jul 9 21:38:02 racoon: INFO: session.c:180:close_session(): racoon
shutdown
Jul 9 21:38:01 racoon: INFO: session.c:299:check_sigreq(): caught
signal 15
Jul 9 21:37:14 racoon: ERROR: pfkey.c:1790:pk_recvdelete(): no iph2
found: ESP 67.38.234.234->69.123.123.123 spi=68880930(0x41b0a22)
Jul 9 21:37:09 racoon: ERROR: pfkey.c:1797:pk_recvdelete(): pfkey
DELETE received: ESP 69.123.123.123->67.38.234.234 spi=109346707(0x6847f93)
Jul 9 21:36:43 racoon: INFO: pfkey.c:1420:pk_recvadd(): IPsec-SA
established: ESP/Tunnel 69.123.123.123->67.38.234.234
spi=109346707(0x6847f93)
Jul 9 21:36:43 racoon: INFO: pfkey.c:1197:pk_recvupdate(): IPsec-SA
established: ESP/Tunnel 67.38.234.234->69.123.123.123
spi=68880930(0x41b0a22)
Jul 9 21:36:42 racoon: INFO: isakmp.c:952:isakmp_ph2begin_i(): initiate
new phase 2 negotiation: 69.123.123.123[0]<=>67.38.234.234[0]
Jul 9 21:36:42 racoon: INFO: isakmp.c:2459:log_ph1established():
ISAKMP-SA established 69.123.123.123[500]-67.38.234.234[500]
spi:c5833031051d869e:5b14ab734a9b8d1c
Jul 9 21:36:42 racoon: NOTIFY: oakley.c:2084:oakley_skeyid(): couldn't
find the proper pskey, try to get one by the peer's address.
Jul 9 21:36:41 racoon: WARNING: ipsec_doi.c:3079:ipsecdoi_checkid1():
ID value mismatched.
Jul 9 21:36:41 racoon: WARNING: ipsec_doi.c:3064:ipsecdoi_checkid1():
ID type mismatched.
Jul 9 21:36:41 racoon: INFO: vendorid.c:128:check_vendorid(): received
Vendor ID: KAME/racoon
Jul 9 21:36:40 racoon: INFO: isakmp.c:813:isakmp_ph1begin_i(): begin
Aggressive mode.
Jul 9 21:36:40 racoon: INFO: isakmp.c:808:isakmp_ph1begin_i(): initiate
new phase 1 negotiation: 69.123.123.123[500]<=>67.38.234.234[500]
Jul 9 21:36:40 racoon: INFO: isakmp.c:1694:isakmp_post_acquire():
IPsec-SA request for 67.38.234.234 queued due to no phase1 found.
Jul 9 21:36:33 racoon: ERROR: pfkey.c:2292:pk_recvspddump(): such
policy already exists. anyway replace it: 10.67.10.0/24[0]
10.0.10.0/24[0] proto=any dir=out
Jul 9 21:36:33 racoon: ERROR: pfkey.c:2292:pk_recvspddump(): such
policy already exists. anyway replace it: 192.168.10.0/24[0]
192.168.150.0/24[0] proto=any dir=out
Jul 9 21:36:33 racoon: ERROR: pfkey.c:2292:pk_recvspddump(): such
policy already exists. anyway replace it: 10.67.10.0/24[0]
192.168.150.0/24[0] proto=any dir=out
Jul 9 21:36:33 racoon: ERROR: pfkey.c:2292:pk_recvspddump(): such
policy already exists. anyway replace it: 10.67.10.3/32[0]
10.67.10.0/24[0] proto=any dir=out
Jul 9 21:36:33 racoon: ERROR: pfkey.c:2292:pk_recvspddump(): such
policy already exists. anyway replace it: 10.0.10.0/24[0]
10.67.10.0/24[0] proto=any dir=in
Jul 9 21:36:33 racoon: ERROR: pfkey.c:2292:pk_recvspddump(): such
policy already exists. anyway replace it: 192.168.150.0/24[0]
192.168.10.0/24[0] proto=any dir=in
Jul 9 21:36:33 racoon: ERROR: pfkey.c:2292:pk_recvspddump(): such
policy already exists. anyway replace it: 192.168.150.0/24[0]
10.67.10.0/24[0] proto=any dir=in
Jul 9 21:36:32 racoon: ERROR: pfkey.c:2292:pk_recvspddump(): such
policy already exists. anyway replace it: 10.67.10.0/24[0]
10.67.10.3/32[0] proto=any dir=in
Jul 9 21:36:32 racoon: INFO: isakmp.c:1368:isakmp_open():
192.168.10.1[500] used as isakmp port (fd=11)
Jul 9 21:36:32 racoon: INFO: isakmp.c:1368:isakmp_open():
10.67.10.3[500] used as isakmp port (fd=10)
Jul 9 21:36:32 racoon: INFO: isakmp.c:1368:isakmp_open():
127.0.0.1[500] used as isakmp port (fd=9)
Jul 9 21:36:32 racoon: INFO: isakmp.c:1368:isakmp_open():
69.123.123.123[500] used as isakmp port (fd=8)
Jul 9 21:36:32 racoon: INFO: isakmp.c:1368:isakmp_open():
10.10.10.1[500] used as isakmp port (fd=7)
Jul 9 21:36:32 racoon: INFO: main.c:175:main(): @(#)This product linked
OpenSSL 0.9.7d 17 Mar 2004 (http://www.openssl.org/)
Jul 9 21:36:32 racoon: INFO: main.c:174:main(): @(#)internal version
20001216 sakane at kame dot net
Jul 9 21:36:32 racoon: INFO: main.c:172:main(): @(#)package version
freebsd-20040818a
Jul 9 21:36:31 racoon: INFO: session.c:180:close_session(): racoon
shutdown
Jul 9 21:36:30 racoon: INFO: session.c:299:check_sigreq(): caught
signal 15
Jul 9 21:34:42 racoon: INFO: pfkey.c:1420:pk_recvadd(): IPsec-SA
established: ESP/Tunnel 69.123.123.123->67.38.234.234
spi=10656391(0xa29a87)
Jul 9 21:34:42 racoon: INFO: pfkey.c:1197:pk_recvupdate(): IPsec-SA
established: ESP/Tunnel 67.38.234.234->69.123.123.123
spi=210680177(0xc8eb971)
Jul 9 21:34:41 racoon: INFO: isakmp.c:952:isakmp_ph2begin_i(): initiate
new phase 2 negotiation: 69.123.123.123[0]<=>67.38.234.234[0]
Jul 9 21:34:41 racoon: INFO: isakmp.c:2459:log_ph1established():
ISAKMP-SA established 69.123.123.123[500]-67.38.234.234[500]
spi:cecb8378ce23c90e:6a91f7e511abd02c
Jul 9 21:34:41 racoon: NOTIFY: oakley.c:2084:oakley_skeyid(): couldn't
find the proper pskey, try to get one by the peer's address.
Jul 9 21:34:40 racoon: WARNING: ipsec_doi.c:3079:ipsecdoi_checkid1():
ID value mismatched.
Jul 9 21:34:40 racoon: WARNING: ipsec_doi.c:3064:ipsecdoi_checkid1():
ID type mismatched.
Jul 9 21:34:40 racoon: INFO: vendorid.c:128:check_vendorid(): received
Vendor ID: KAME/racoon
Jul 9 21:34:39 racoon: INFO: isakmp.c:813:isakmp_ph1begin_i(): begin
Aggressive mode.
Jul 9 21:34:39 racoon: INFO: isakmp.c:808:isakmp_ph1begin_i(): initiate
new phase 1 negotiation: 69.123.123.123[500]<=>67.38.234.234[500]
Jul 9 21:34:39 racoon: INFO: isakmp.c:1694:isakmp_post_acquire():
IPsec-SA request for 67.38.234.234 queued due to no phase1 found.
Jul 9 21:34:22 racoon: ERROR: pfkey.c:2292:pk_recvspddump(): such
policy already exists. anyway replace it: 10.67.10.0/24[0]
10.0.10.0/24[0] proto=any dir=out
Jul 9 21:34:22 racoon: ERROR: pfkey.c:2292:pk_recvspddump(): such
policy already exists. anyway replace it: 192.168.10.0/24[0]
192.168.150.0/24[0] proto=any dir=out
Jul 9 21:34:22 racoon: ERROR: pfkey.c:2292:pk_recvspddump(): such
policy already exists. anyway replace it: 10.67.10.0/24[0]
192.168.150.0/24[0] proto=any dir=out
Jul 9 21:34:22 racoon: ERROR: pfkey.c:2292:pk_recvspddump(): such
policy already exists. anyway replace it: 10.67.10.3/32[0]
10.67.10.0/24[0] proto=any dir=out
Jul 9 21:34:22 racoon: ERROR: pfkey.c:2292:pk_recvspddump(): such
policy already exists. anyway replace it: 10.0.10.0/24[0]
10.67.10.0/24[0] proto=any dir=in
Jul 9 21:34:22 racoon: ERROR: pfkey.c:2292:pk_recvspddump(): such
policy already exists. anyway replace it: 192.168.150.0/24[0]
192.168.10.0/24[0] proto=any dir=in
Jul 9 21:34:21 racoon: ERROR: pfkey.c:2292:pk_recvspddump(): such
policy already exists. anyway replace it: 192.168.150.0/24[0]
10.67.10.0/24[0] proto=any dir=in
Jul 9 21:34:21 racoon: ERROR: pfkey.c:2292:pk_recvspddump(): such
policy already exists. anyway replace it: 10.67.10.0/24[0]
10.67.10.3/32[0] proto=any dir=in
Jul 9 21:34:21 racoon: INFO: isakmp.c:1368:isakmp_open():
192.168.10.1[500] used as isakmp port (fd=11)
Jul 9 21:34:21 racoon: INFO: isakmp.c:1368:isakmp_open():
10.67.10.3[500] used as isakmp port (fd=10)
Jul 9 21:34:21 racoon: INFO: isakmp.c:1368:isakmp_open():
127.0.0.1[500] used as isakmp port (fd=9)
Jul 9 21:34:21 racoon: INFO: isakmp.c:1368:isakmp_open():
69.123.123.123[500] used as isakmp port (fd=8)
Jul 9 21:34:21 racoon: INFO: isakmp.c:1368:isakmp_open():
10.10.10.1[500] used as isakmp port (fd=7)
Jul 9 21:34:21 racoon: INFO: main.c:175:main(): @(#)This product linked
OpenSSL 0.9.7d 17 Mar 2004 (http://www.openssl.org/)
Jul 9 21:34:21 racoon: INFO: main.c:174:main(): @(#)internal version
20001216 sakane at kame dot net
Jul 9 21:34:21 racoon: INFO: main.c:172:main(): @(#)package version
freebsd-20040818a
Jul 9 21:34:20 racoon: INFO: session.c:180:close_session(): racoon
shutdown
Jul 9 21:34:19 racoon: INFO: session.c:299:check_sigreq(): caught
signal 15
Jul 9 21:08:12 racoon: INFO: isakmp.c:1574:isakmp_ph1delete():
ISAKMP-SA deleted 69.123.123.123[500]-67.38.234.234[500]
spi:e728f7e00dae5f1e:ed2ded86d85b510b
Jul 9 21:08:11 racoon: INFO: isakmp.c:1526:isakmp_ph1expire():
ISAKMP-SA expired 69.123.123.123[500]-67.38.234.234[500]
spi:e728f7e00da3c90e:6a91fd86d85b510b
Unit A Logs
Jul 9 21:44:46 racoon: ERROR: pfkey.c:2009:pk_recvspdupdate(): such
policy does not already exist: 10.0.10.0/24[0] 10.67.10.0/24[0]
proto=any dir=out
Jul 9 21:44:46 racoon: ERROR: pfkey.c:2009:pk_recvspdupdate(): such
policy does not already exist: 10.67.10.0/24[0] 10.0.10.0/24[0]
proto=any dir=in
Jul 9 21:44:46 racoon: INFO: pfkey.c:1420:pk_recvadd(): IPsec-SA
established: ESP/Tunnel 67.38.234.234->69.123.123.123 spi=9647285(0x9334b5)
Jul 9 21:44:46 racoon: INFO: pfkey.c:1197:pk_recvupdate(): IPsec-SA
established: ESP/Tunnel 69.123.123.123->67.38.234.234
spi=62679222(0x3bc68b6)
Jul 9 21:44:45 racoon: INFO: isakmp_quick.c:2017:get_proposal_r(): no
policy found, try to generate the policy : 10.67.10.0/24[0]
10.0.10.0/24[0] proto=any dir=in
Jul 9 21:44:45 racoon: INFO: isakmp.c:1059:isakmp_ph2begin_r(): respond
new phase 2 negotiation: 67.38.234.234[0]<=>69.123.123.123[0]
Jul 9 21:44:45 racoon: INFO: isakmp.c:2459:log_ph1established():
ISAKMP-SA established 67.38.234.234[500]-69.123.123.123[500]
spi:e67307ee6943c90e:6a91f589e3cd12b6
Jul 9 21:44:43 racoon: INFO: isakmp.c:909:isakmp_ph1begin_r(): begin
Aggressive mode.
Jul 9 21:44:43 racoon: INFO: isakmp.c:904:isakmp_ph1begin_r(): respond
new phase 1 negotiation: 67.38.234.234[500]<=>69.123.123.123[500]
Jul 9 21:44:23 racoon: INFO: isakmp.c:1368:isakmp_open():
10.0.10.1[500] used as isakmp port (fd=10)
Jul 9 21:44:23 racoon: INFO: isakmp.c:1368:isakmp_open():
192.168.10.1[500] used as isakmp port (fd=9)
Jul 9 21:44:23 racoon: INFO: isakmp.c:1368:isakmp_open():
127.0.0.1[500] used as isakmp port (fd=8)
Jul 9 21:44:23 racoon: INFO: isakmp.c:1368:isakmp_open():
67.38.234.234[500] used as isakmp port (fd=7)
Jul 9 21:44:23 racoon: INFO: main.c:175:main(): @(#)This product linked
OpenSSL 0.9.7d 17 Mar 2004 (http://www.openssl.org/)
Jul 9 21:44:23 racoon: INFO: main.c:174:main(): @(#)internal version
20001216 sakane at kame dot net
Jul 9 21:44:23 racoon: INFO: main.c:172:main(): @(#)package version
freebsd-20040818a
Jul 9 21:44:22 racoon: INFO: session.c:180:close_session(): racoon
shutdown
Jul 9 21:44:21 racoon: INFO: session.c:299:check_sigreq(): caught
signal 15
Jul 9 21:38:21 racoon: INFO: pfkey.c:1420:pk_recvadd(): IPsec-SA
established: ESP/Tunnel 67.38.234.234->69.123.123.123
spi=109022360(0x67f8c98)
Jul 9 21:38:21 racoon: INFO: pfkey.c:1197:pk_recvupdate(): IPsec-SA
established: ESP/Tunnel 69.123.123.123->67.38.234.234
spi=233926349(0xdf16ecd)
Jul 9 21:38:20 racoon: INFO: isakmp.c:1059:isakmp_ph2begin_r(): respond
new phase 2 negotiation: 67.38.234.234[0]<=>69.123.123.123[0]
Jul 9 21:38:20 racoon: INFO:
isakmp_inf.c:1155:info_recv_initialcontact(): purging spi=109346707.
Jul 9 21:38:20 racoon: INFO: isakmp.c:2459:log_ph1established():
ISAKMP-SA established 67.38.234.234[500]-69.123.123.123[500]
spi:9c6b8e276533c90e:6a91f167b1f9a733
Jul 9 21:38:18 racoon: INFO: isakmp.c:909:isakmp_ph1begin_r(): begin
Aggressive mode.
Jul 9 21:38:18 racoon: INFO: isakmp.c:904:isakmp_ph1begin_r(): respond
new phase 1 negotiation: 67.38.234.234[500]<=>69.123.123.123[500]
Jul 9 21:38:03 racoon: INFO: isakmp.c:1574:isakmp_ph1delete():
ISAKMP-SA deleted 67.38.234.234[500]-69.123.123.123[500]
spi:c5833031051d869e:5b14ab734a9b8d1c
Jul 9 21:38:02 racoon: INFO: isakmp_inf.c:887:purge_isakmp_spi():
purged ISAKMP-SA proto_id=ISAKMP spi=c5833031051d869e:5b14ab734a9b8d1c.
Jul 9 21:37:09 racoon: INFO: isakmp_inf.c:989:purge_ipsec_spi(): purged
IPsec-SA proto_id=ESP spi=68880930.
Jul 9 21:36:43 racoon: INFO: pfkey.c:1420:pk_recvadd(): IPsec-SA
established: ESP/Tunnel 67.38.234.234->69.123.123.123
spi=68880930(0x41b0a22)
Jul 9 21:36:43 racoon: INFO: pfkey.c:1197:pk_recvupdate(): IPsec-SA
established: ESP/Tunnel 69.123.123.123->67.38.234.234
spi=109346707(0x6847f93)
Jul 9 21:36:42 racoon: INFO: isakmp.c:1059:isakmp_ph2begin_r(): respond
new phase 2 negotiation: 67.38.234.234[0]<=>69.123.123.123[0]
Jul 9 21:36:42 racoon: INFO:
isakmp_inf.c:1155:info_recv_initialcontact(): purging spi=10656391.
Jul 9 21:36:42 racoon: INFO:
isakmp_inf.c:1155:info_recv_initialcontact(): purging spi=210680177.
Jul 9 21:36:42 racoon: INFO: isakmp.c:2459:log_ph1established():
ISAKMP-SA established 67.38.234.234[500]-69.123.123.123[500]
spi:c5833031051d869e:5b14ab734a9b8d1c
Jul 9 21:36:40 racoon: INFO: isakmp.c:909:isakmp_ph1begin_r(): begin
Aggressive mode.
Jul 9 21:36:40 racoon: INFO: isakmp.c:904:isakmp_ph1begin_r(): respond
new phase 1 negotiation: 67.38.234.234[500]<=>69.123.123.123[500]
Jul 9 21:36:32 racoon: INFO: isakmp.c:1574:isakmp_ph1delete():
ISAKMP-SA deleted 67.38.234.234[500]-69.123.123.123[500]
spi:cecb8378ce24c756:1bb8f7e511abd02c
Jul 9 21:36:31 racoon: INFO: isakmp_inf.c:887:purge_isakmp_spi():
purged ISAKMP-SA proto_id=ISAKMP spi=cecb8378ce24c756:1bb8f7e511abd02c.
Jul 9 21:34:42 racoon: INFO: pfkey.c:1420:pk_recvadd(): IPsec-SA
established: ESP/Tunnel 67.38.234.234->69.123.123.123
spi=210680177(0xc8eb971)
Jul 9 21:34:42 racoon: INFO: pfkey.c:1197:pk_recvupdate(): IPsec-SA
established: ESP/Tunnel 69.123.123.123->67.38.234.234
spi=10656391(0xa29a87)
Jul 9 21:34:41 racoon: INFO: isakmp.c:1059:isakmp_ph2begin_r(): respond
new phase 2 negotiation: 67.38.234.234[0]<=>69.123.123.123[0]
Jul 9 21:34:41 racoon: INFO:
isakmp_inf.c:1155:info_recv_initialcontact(): purging spi=114575059.
Jul 9 21:34:41 racoon: INFO:
isakmp_inf.c:1155:info_recv_initialcontact(): purging spi=122119065.
Jul 9 21:34:41 racoon: INFO: isakmp.c:2459:log_ph1established():
ISAKMP-SA established 67.38.234.234[500]-69.123.123.123[500]
spi:cecb8378ce23c90e:6a91f7e511abd02c
Jul 9 21:34:40 racoon: INFO: isakmp.c:909:isakmp_ph1begin_r(): begin
Aggressive mode.
Jul 9 21:34:40 racoon: INFO: isakmp.c:904:isakmp_ph1begin_r(): respond
new phase 1 negotiation: 67.38.234.234[500]<=>69.123.123.123[500]
Jul 9 21:08:12 racoon: INFO: isakmp.c:1574:isakmp_ph1delete():
ISAKMP-SA deleted 67.38.234.234[500]-69.123.123.123[500]
spi:e728f7e00dae5f1e:ed2ded86d85b510b
Jul 9 21:08:11 racoon: INFO: isakmp.c:1526:isakmp_ph1expire():
ISAKMP-SA expired 67.38.234.234[500]-69.123.123.123[500]
spi:e728f7e00da3c90e:6a91fd86d85b510b | 