[ previous ] [ next ] [ threads ]
 
 From:  sai <sonicsai at gmail dot com>
 To:  Marvin Scharwies <marvin dash s at web dot de>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: m0n0wall 1.2b9 IPSec issue
 Date:  Fri, 15 Jul 2005 13:46:33 +0500
Gib,

I've been trying to understand how to setup an IPSEC tunnel between a
static ip and a dynamic ip address. Could you post settings of both
'B' and 'C' , ie your EDIT TUNNEL page please?

TIA

sai
 

On 7/10/05, Marvin Scharwies <marvin dash s at web dot de> wrote:
> Hi!
> 
> I got the same problem when I try to connect to my 1.2beta9 with a mobile 
> client sometimes:
> The raccon connection is established, but every single packet is dropped.
> When I press the "Save" Button in m0n0webgui; IPSec, without changing 
> anything, and connect again, everything works fine again.
> Hmm?
> 
> Regards,
> Marvin
> 
> > ----- Original Message ----- 
> > From: "Gib Winter" <winterg plus dated plus 1121399014 dot 0b943d at gib dot cc>
> > To: <m0n0wall at lists dot m0n0 dot ch>
> > Sent: Sunday, July 10, 2005 5:45 AM
> > Subject: [m0n0wall] m0n0wall 1.2b9 IPSec issue
> > 
> > 
> >> I've been running m0n0wall for quite some time.  I have three of them
> >> running on WRAP boxes with IPSec tunnels between them.  Two have static
> >> IP addresses(unit A and unit B), while one is dynamic IP(unit C).
> >> Everything worked fine when I ran version 1.2b7 and a few earlier
> >> betas.  When I upgraded two of the boxes to 1.2b8 and b9, my dynamic
> >> IPSec tunnel no longer works correctly.  I'm not sure if it is a bug or
> >> I'm doing something incorrectly.
> >>
> >> Unit A is running 1.2b9 and unit C is running 1.2b9.  Unit B is running
> >> 1.2b7.  I use the dynamic IP unit (C) to contact the others.  The
> >> problem is, that I can always contact unit B, running 1.2b7, but unit A
> >> seems to require me to log in via the webGUI, and re-save the IPSec
> >> settings before I can establish a connection after the session has
> >> dropped.  The logs on Unit C show that a n IPSec session is established
> >> in racoon, but traffic won't pass.  The logs are included below for Unit
> >> A and C.  I re-saved the existing settings (changing nothing) on unit A
> >> at 21:44:21 and that is when everything works again until things time
> >> out.  Interestingly enough, the IP address on B has not changed in well
> >> over a week, so it shouldn't be related to old Security Policies.
> >>
> >> Any help or ideas would be appreciated.
> >>
> >> Thanks,
> >> Gib
> >>
> >>
> >> For those that link pictures....
> >>
> >> __________
> >> |  Unit A  |
> >> |   1.2b9  |--------------------
> >> |Static IP|                        |
> >> --------------                       |
> >>                                  ____|________
> >>                                  | Unit C       |
> >>                                  | 1.2b9        |
> >>                                  |Dynamic IP|
> >>                                  -----------------
> >>                                        |
> >>                                        |
> >> __________                        |
> >> | Unit B   |                       |
> >> | 1.2b7    |---------------------
> >> |Static IP |
> >> --------------
> >>
> >> IPSec Connection from C to B always works.  Connection from C to A
> >> requires a manual save of the existing settings on Unit A webGUI before
> >> tunnel will work.
> >>
> >>
> >> Log entries - Note, IP addresses changed
> >>
> >> Unit C Logs
> >> Jul 9 21:44:46 racoon: INFO: pfkey.c:1420:pk_recvadd(): IPsec-SA
> >> established: ESP/Tunnel 69.123.123.123->67.38.234.234
> >> spi=62679222(0x3bc68b6)
> >> Jul 9 21:44:46 racoon: INFO: pfkey.c:1197:pk_recvupdate(): IPsec-SA
> >> established: ESP/Tunnel 67.38.234.234->69.123.123.123 
> >> spi=9647285(0x9334b5)
> >> Jul 9 21:44:45 racoon: INFO:
> >> isakmp_inf.c:1155:info_recv_initialcontact(): purging spi=109022360.
> >> Jul 9 21:44:45 racoon: INFO: isakmp.c:952:isakmp_ph2begin_i(): initiate
> >> new phase 2 negotiation: 69.123.123.123[0]<=>67.38.234.234[0]
> >> Jul 9 21:44:45 racoon: INFO: isakmp.c:2459:log_ph1established():
> >> ISAKMP-SA established 69.123.123.123[500]-67.38.234.234[500]
> >> spi:e67307ee6943c90e:6a91f589e3cd12b6
> >> Jul 9 21:44:45 racoon: NOTIFY: oakley.c:2084:oakley_skeyid(): couldn't
> >> find the proper pskey, try to get one by the peer's address.
> >> Jul 9 21:44:44 racoon: WARNING: ipsec_doi.c:3079:ipsecdoi_checkid1():
> >> ID value mismatched.
> >> Jul 9 21:44:44 racoon: WARNING: ipsec_doi.c:3064:ipsecdoi_checkid1():
> >> ID type mismatched.
> >> Jul 9 21:44:44 racoon: INFO: vendorid.c:128:check_vendorid(): received
> >> Vendor ID: KAME/racoon
> >> Jul 9 21:44:43 racoon: INFO: isakmp.c:813:isakmp_ph1begin_i(): begin
> >> Aggressive mode.
> >> Jul 9 21:44:43 racoon: INFO: isakmp.c:808:isakmp_ph1begin_i(): initiate
> >> new phase 1 negotiation: 69.123.123.123[500]<=>67.38.234.234[500]
> >> Jul 9 21:44:43 racoon: INFO: isakmp.c:1694:isakmp_post_acquire():
> >> IPsec-SA request for 67.38.234.234 queued due to no phase1 found.
> >> Jul 9 21:44:23 racoon: INFO: isakmp.c:1574:isakmp_ph1delete():
> >> ISAKMP-SA deleted 69.123.123.123[500]-67.38.234.234[500]
> >> spi:9c6b8e276539ce45:8bd53167b1f9a733
> >> Jul 9 21:44:22 racoon: INFO: isakmp_inf.c:887:purge_isakmp_spi():
> >> purged ISAKMP-SA proto_id=ISAKMP spi=9c6b8e276539ce45:8bd53167b1f9a733.
> >> Jul 9 21:44:21 racoon: INFO: isakmp_inf.c:989:purge_ipsec_spi(): purged
> >> IPsec-SA proto_id=ESP spi=233926349.
> >> Jul 9 21:38:21 racoon: INFO: pfkey.c:1420:pk_recvadd(): IPsec-SA
> >> established: ESP/Tunnel 69.123.123.123->67.38.234.234
> >> spi=233926349(0xdf16ecd)
> >> Jul 9 21:38:21 racoon: INFO: pfkey.c:1197:pk_recvupdate(): IPsec-SA
> >> established: ESP/Tunnel 67.38.234.234->69.123.123.123
> >> spi=109022360(0x67f8c98)
> >> Jul 9 21:38:20 racoon: INFO: isakmp.c:952:isakmp_ph2begin_i(): initiate
> >> new phase 2 negotiation: 69.123.123.123[0]<=>67.38.234.234[0]
> >> Jul 9 21:38:20 racoon: INFO: isakmp.c:2459:log_ph1established():
> >> ISAKMP-SA established 69.123.123.123[500]-67.38.234.234[500]
> >> spi:9c6b8e276533c90e:6a91f167b1f9a733
> >> Jul 9 21:38:20 racoon: NOTIFY: oakley.c:2084:oakley_skeyid(): couldn't
> >> find the proper pskey, try to get one by the peer's address.
> >> Jul 9 21:38:19 racoon: WARNING: ipsec_doi.c:3079:ipsecdoi_checkid1():
> >> ID value mismatched.
> >> Jul 9 21:38:19 racoon: WARNING: ipsec_doi.c:3064:ipsecdoi_checkid1():
> >> ID type mismatched.
> >> Jul 9 21:38:19 racoon: INFO: vendorid.c:128:check_vendorid(): received
> >> Vendor ID: KAME/racoon
> >> Jul 9 21:38:18 racoon: INFO: isakmp.c:813:isakmp_ph1begin_i(): begin
> >> Aggressive mode.
> >> Jul 9 21:38:18 racoon: INFO: isakmp.c:808:isakmp_ph1begin_i(): initiate
> >> new phase 1 negotiation: 69.123.123.123[500]<=>67.38.234.234[500]
> >> Jul 9 21:38:18 racoon: INFO: isakmp.c:1694:isakmp_post_acquire():
> >> IPsec-SA request for 67.38.234.234 queued due to no phase1 found.
> >> Jul 9 21:38:04 racoon: ERROR: pfkey.c:2292:pk_recvspddump(): such
> >> policy already exists. anyway replace it: 10.67.10.3/32[0]
> >> 10.67.10.0/24[0] proto=any dir=out
> >> Jul 9 21:38:03 racoon: ERROR: pfkey.c:2292:pk_recvspddump(): such
> >> policy already exists. anyway replace it: 10.67.10.0/24[0]
> >> 10.67.10.3/32[0] proto=any dir=in
> >> Jul 9 21:38:03 racoon: INFO: isakmp.c:1368:isakmp_open():
> >> 192.168.10.1[500] used as isakmp port (fd=11)
> >> Jul 9 21:38:03 racoon: INFO: isakmp.c:1368:isakmp_open():
> >> 10.67.10.3[500] used as isakmp port (fd=10)
> >> Jul 9 21:38:03 racoon: INFO: isakmp.c:1368:isakmp_open():
> >> 127.0.0.1[500] used as isakmp port (fd=9)
> >> Jul 9 21:38:03 racoon: INFO: isakmp.c:1368:isakmp_open():
> >> 69.123.123.123[500] used as isakmp port (fd=8)
> >> Jul 9 21:38:03 racoon: INFO: isakmp.c:1368:isakmp_open():
> >> 10.10.10.1[500] used as isakmp port (fd=7)
> >> Jul 9 21:38:03 racoon: INFO: main.c:175:main(): @(#)This product linked
> >> OpenSSL 0.9.7d 17 Mar 2004 (http://www.openssl.org/)
> >> Jul 9 21:38:03 racoon: INFO: main.c:174:main(): @(#)internal version
> >> 20001216 sakane at kame dot net
> >> Jul 9 21:38:03 racoon: INFO: main.c:172:main(): @(#)package version
> >> freebsd-20040818a
> >> Jul 9 21:38:02 racoon: INFO: session.c:180:close_session(): racoon
> >> shutdown
> >> Jul 9 21:38:01 racoon: INFO: session.c:299:check_sigreq(): caught
> >> signal 15
> >> Jul 9 21:37:14 racoon: ERROR: pfkey.c:1790:pk_recvdelete(): no iph2
> >> found: ESP 67.38.234.234->69.123.123.123 spi=68880930(0x41b0a22)
> >> Jul 9 21:37:09 racoon: ERROR: pfkey.c:1797:pk_recvdelete(): pfkey
> >> DELETE received: ESP 69.123.123.123->67.38.234.234 
> >> spi=109346707(0x6847f93)
> >> Jul 9 21:36:43 racoon: INFO: pfkey.c:1420:pk_recvadd(): IPsec-SA
> >> established: ESP/Tunnel 69.123.123.123->67.38.234.234
> >> spi=109346707(0x6847f93)
> >> Jul 9 21:36:43 racoon: INFO: pfkey.c:1197:pk_recvupdate(): IPsec-SA
> >> established: ESP/Tunnel 67.38.234.234->69.123.123.123
> >> spi=68880930(0x41b0a22)
> >> Jul 9 21:36:42 racoon: INFO: isakmp.c:952:isakmp_ph2begin_i(): initiate
> >> new phase 2 negotiation: 69.123.123.123[0]<=>67.38.234.234[0]
> >> Jul 9 21:36:42 racoon: INFO: isakmp.c:2459:log_ph1established():
> >> ISAKMP-SA established 69.123.123.123[500]-67.38.234.234[500]
> >> spi:c5833031051d869e:5b14ab734a9b8d1c
> >> Jul 9 21:36:42 racoon: NOTIFY: oakley.c:2084:oakley_skeyid(): couldn't
> >> find the proper pskey, try to get one by the peer's address.
> >> Jul 9 21:36:41 racoon: WARNING: ipsec_doi.c:3079:ipsecdoi_checkid1():
> >> ID value mismatched.
> >> Jul 9 21:36:41 racoon: WARNING: ipsec_doi.c:3064:ipsecdoi_checkid1():
> >> ID type mismatched.
> >> Jul 9 21:36:41 racoon: INFO: vendorid.c:128:check_vendorid(): received
> >> Vendor ID: KAME/racoon
> >> Jul 9 21:36:40 racoon: INFO: isakmp.c:813:isakmp_ph1begin_i(): begin
> >> Aggressive mode.
> >> Jul 9 21:36:40 racoon: INFO: isakmp.c:808:isakmp_ph1begin_i(): initiate
> >> new phase 1 negotiation: 69.123.123.123[500]<=>67.38.234.234[500]
> >> Jul 9 21:36:40 racoon: INFO: isakmp.c:1694:isakmp_post_acquire():
> >> IPsec-SA request for 67.38.234.234 queued due to no phase1 found.
> >> Jul 9 21:36:33 racoon: ERROR: pfkey.c:2292:pk_recvspddump(): such
> >> policy already exists. anyway replace it: 10.67.10.0/24[0]
> >> 10.0.10.0/24[0] proto=any dir=out
> >> Jul 9 21:36:33 racoon: ERROR: pfkey.c:2292:pk_recvspddump(): such
> >> policy already exists. anyway replace it: 192.168.10.0/24[0]
> >> 192.168.150.0/24[0] proto=any dir=out
> >> Jul 9 21:36:33 racoon: ERROR: pfkey.c:2292:pk_recvspddump(): such
> >> policy already exists. anyway replace it: 10.67.10.0/24[0]
> >> 192.168.150.0/24[0] proto=any dir=out
> >> Jul 9 21:36:33 racoon: ERROR: pfkey.c:2292:pk_recvspddump(): such
> >> policy already exists. anyway replace it: 10.67.10.3/32[0]
> >> 10.67.10.0/24[0] proto=any dir=out
> >> Jul 9 21:36:33 racoon: ERROR: pfkey.c:2292:pk_recvspddump(): such
> >> policy already exists. anyway replace it: 10.0.10.0/24[0]
> >> 10.67.10.0/24[0] proto=any dir=in
> >> Jul 9 21:36:33 racoon: ERROR: pfkey.c:2292:pk_recvspddump(): such
> >> policy already exists. anyway replace it: 192.168.150.0/24[0]
> >> 192.168.10.0/24[0] proto=any dir=in
> >> Jul 9 21:36:33 racoon: ERROR: pfkey.c:2292:pk_recvspddump(): such
> >> policy already exists. anyway replace it: 192.168.150.0/24[0]
> >> 10.67.10.0/24[0] proto=any dir=in
> >> Jul 9 21:36:32 racoon: ERROR: pfkey.c:2292:pk_recvspddump(): such
> >> policy already exists. anyway replace it: 10.67.10.0/24[0]
> >> 10.67.10.3/32[0] proto=any dir=in
> >> Jul 9 21:36:32 racoon: INFO: isakmp.c:1368:isakmp_open():
> >> 192.168.10.1[500] used as isakmp port (fd=11)
> >> Jul 9 21:36:32 racoon: INFO: isakmp.c:1368:isakmp_open():
> >> 10.67.10.3[500] used as isakmp port (fd=10)
> >> Jul 9 21:36:32 racoon: INFO: isakmp.c:1368:isakmp_open():
> >> 127.0.0.1[500] used as isakmp port (fd=9)
> >> Jul 9 21:36:32 racoon: INFO: isakmp.c:1368:isakmp_open():
> >> 69.123.123.123[500] used as isakmp port (fd=8)
> >> Jul 9 21:36:32 racoon: INFO: isakmp.c:1368:isakmp_open():
> >> 10.10.10.1[500] used as isakmp port (fd=7)
> >> Jul 9 21:36:32 racoon: INFO: main.c:175:main(): @(#)This product linked
> >> OpenSSL 0.9.7d 17 Mar 2004 (http://www.openssl.org/)
> >> Jul 9 21:36:32 racoon: INFO: main.c:174:main(): @(#)internal version
> >> 20001216 sakane at kame dot net
> >> Jul 9 21:36:32 racoon: INFO: main.c:172:main(): @(#)package version
> >> freebsd-20040818a
> >> Jul 9 21:36:31 racoon: INFO: session.c:180:close_session(): racoon
> >> shutdown
> >> Jul 9 21:36:30 racoon: INFO: session.c:299:check_sigreq(): caught
> >> signal 15
> >> Jul 9 21:34:42 racoon: INFO: pfkey.c:1420:pk_recvadd(): IPsec-SA
> >> established: ESP/Tunnel 69.123.123.123->67.38.234.234
> >> spi=10656391(0xa29a87)
> >> Jul 9 21:34:42 racoon: INFO: pfkey.c:1197:pk_recvupdate(): IPsec-SA
> >> established: ESP/Tunnel 67.38.234.234->69.123.123.123
> >> spi=210680177(0xc8eb971)
> >> Jul 9 21:34:41 racoon: INFO: isakmp.c:952:isakmp_ph2begin_i(): initiate
> >> new phase 2 negotiation: 69.123.123.123[0]<=>67.38.234.234[0]
> >> Jul 9 21:34:41 racoon: INFO: isakmp.c:2459:log_ph1established():
> >> ISAKMP-SA established 69.123.123.123[500]-67.38.234.234[500]
> >> spi:cecb8378ce23c90e:6a91f7e511abd02c
> >> Jul 9 21:34:41 racoon: NOTIFY: oakley.c:2084:oakley_skeyid(): couldn't
> >> find the proper pskey, try to get one by the peer's address.
> >> Jul 9 21:34:40 racoon: WARNING: ipsec_doi.c:3079:ipsecdoi_checkid1():
> >> ID value mismatched.
> >> Jul 9 21:34:40 racoon: WARNING: ipsec_doi.c:3064:ipsecdoi_checkid1():
> >> ID type mismatched.
> >> Jul 9 21:34:40 racoon: INFO: vendorid.c:128:check_vendorid(): received
> >> Vendor ID: KAME/racoon
> >> Jul 9 21:34:39 racoon: INFO: isakmp.c:813:isakmp_ph1begin_i(): begin
> >> Aggressive mode.
> >> Jul 9 21:34:39 racoon: INFO: isakmp.c:808:isakmp_ph1begin_i(): initiate
> >> new phase 1 negotiation: 69.123.123.123[500]<=>67.38.234.234[500]
> >> Jul 9 21:34:39 racoon: INFO: isakmp.c:1694:isakmp_post_acquire():
> >> IPsec-SA request for 67.38.234.234 queued due to no phase1 found.
> >> Jul 9 21:34:22 racoon: ERROR: pfkey.c:2292:pk_recvspddump(): such
> >> policy already exists. anyway replace it: 10.67.10.0/24[0]
> >> 10.0.10.0/24[0] proto=any dir=out
> >> Jul 9 21:34:22 racoon: ERROR: pfkey.c:2292:pk_recvspddump(): such
> >> policy already exists. anyway replace it: 192.168.10.0/24[0]
> >> 192.168.150.0/24[0] proto=any dir=out
> >> Jul 9 21:34:22 racoon: ERROR: pfkey.c:2292:pk_recvspddump(): such
> >> policy already exists. anyway replace it: 10.67.10.0/24[0]
> >> 192.168.150.0/24[0] proto=any dir=out
> >> Jul 9 21:34:22 racoon: ERROR: pfkey.c:2292:pk_recvspddump(): such
> >> policy already exists. anyway replace it: 10.67.10.3/32[0]
> >> 10.67.10.0/24[0] proto=any dir=out
> >> Jul 9 21:34:22 racoon: ERROR: pfkey.c:2292:pk_recvspddump(): such
> >> policy already exists. anyway replace it: 10.0.10.0/24[0]
> >> 10.67.10.0/24[0] proto=any dir=in
> >> Jul 9 21:34:22 racoon: ERROR: pfkey.c:2292:pk_recvspddump(): such
> >> policy already exists. anyway replace it: 192.168.150.0/24[0]
> >> 192.168.10.0/24[0] proto=any dir=in
> >> Jul 9 21:34:21 racoon: ERROR: pfkey.c:2292:pk_recvspddump(): such
> >> policy already exists. anyway replace it: 192.168.150.0/24[0]
> >> 10.67.10.0/24[0] proto=any dir=in
> >> Jul 9 21:34:21 racoon: ERROR: pfkey.c:2292:pk_recvspddump(): such
> >> policy already exists. anyway replace it: 10.67.10.0/24[0]
> >> 10.67.10.3/32[0] proto=any dir=in
> >> Jul 9 21:34:21 racoon: INFO: isakmp.c:1368:isakmp_open():
> >> 192.168.10.1[500] used as isakmp port (fd=11)
> >> Jul 9 21:34:21 racoon: INFO: isakmp.c:1368:isakmp_open():
> >> 10.67.10.3[500] used as isakmp port (fd=10)
> >> Jul 9 21:34:21 racoon: INFO: isakmp.c:1368:isakmp_open():
> >> 127.0.0.1[500] used as isakmp port (fd=9)
> >> Jul 9 21:34:21 racoon: INFO: isakmp.c:1368:isakmp_open():
> >> 69.123.123.123[500] used as isakmp port (fd=8)
> >> Jul 9 21:34:21 racoon: INFO: isakmp.c:1368:isakmp_open():
> >> 10.10.10.1[500] used as isakmp port (fd=7)
> >> Jul 9 21:34:21 racoon: INFO: main.c:175:main(): @(#)This product linked
> >> OpenSSL 0.9.7d 17 Mar 2004 (http://www.openssl.org/)
> >> Jul 9 21:34:21 racoon: INFO: main.c:174:main(): @(#)internal version
> >> 20001216 sakane at kame dot net
> >> Jul 9 21:34:21 racoon: INFO: main.c:172:main(): @(#)package version
> >> freebsd-20040818a
> >> Jul 9 21:34:20 racoon: INFO: session.c:180:close_session(): racoon
> >> shutdown
> >> Jul 9 21:34:19 racoon: INFO: session.c:299:check_sigreq(): caught
> >> signal 15
> >> Jul 9 21:08:12 racoon: INFO: isakmp.c:1574:isakmp_ph1delete():
> >> ISAKMP-SA deleted 69.123.123.123[500]-67.38.234.234[500]
> >> spi:e728f7e00dae5f1e:ed2ded86d85b510b
> >> Jul 9 21:08:11 racoon: INFO: isakmp.c:1526:isakmp_ph1expire():
> >> ISAKMP-SA expired 69.123.123.123[500]-67.38.234.234[500]
> >> spi:e728f7e00da3c90e:6a91fd86d85b510b
> >>
> >>
> >>
> >>
> >>
> >> Unit A Logs
> >>
> >> Jul 9 21:44:46 racoon: ERROR: pfkey.c:2009:pk_recvspdupdate(): such
> >> policy does not already exist: 10.0.10.0/24[0] 10.67.10.0/24[0]
> >> proto=any dir=out
> >> Jul 9 21:44:46 racoon: ERROR: pfkey.c:2009:pk_recvspdupdate(): such
> >> policy does not already exist: 10.67.10.0/24[0] 10.0.10.0/24[0]
> >> proto=any dir=in
> >> Jul 9 21:44:46 racoon: INFO: pfkey.c:1420:pk_recvadd(): IPsec-SA
> >> established: ESP/Tunnel 67.38.234.234->69.123.123.123 
> >> spi=9647285(0x9334b5)
> >> Jul 9 21:44:46 racoon: INFO: pfkey.c:1197:pk_recvupdate(): IPsec-SA
> >> established: ESP/Tunnel 69.123.123.123->67.38.234.234
> >> spi=62679222(0x3bc68b6)
> >> Jul 9 21:44:45 racoon: INFO: isakmp_quick.c:2017:get_proposal_r(): no
> >> policy found, try to generate the policy : 10.67.10.0/24[0]
> >> 10.0.10.0/24[0] proto=any dir=in
> >> Jul 9 21:44:45 racoon: INFO: isakmp.c:1059:isakmp_ph2begin_r(): respond
> >> new phase 2 negotiation: 67.38.234.234[0]<=>69.123.123.123[0]
> >> Jul 9 21:44:45 racoon: INFO: isakmp.c:2459:log_ph1established():
> >> ISAKMP-SA established 67.38.234.234[500]-69.123.123.123[500]
> >> spi:e67307ee6943c90e:6a91f589e3cd12b6
> >> Jul 9 21:44:43 racoon: INFO: isakmp.c:909:isakmp_ph1begin_r(): begin
> >> Aggressive mode.
> >> Jul 9 21:44:43 racoon: INFO: isakmp.c:904:isakmp_ph1begin_r(): respond
> >> new phase 1 negotiation: 67.38.234.234[500]<=>69.123.123.123[500]
> >> Jul 9 21:44:23 racoon: INFO: isakmp.c:1368:isakmp_open():
> >> 10.0.10.1[500] used as isakmp port (fd=10)
> >> Jul 9 21:44:23 racoon: INFO: isakmp.c:1368:isakmp_open():
> >> 192.168.10.1[500] used as isakmp port (fd=9)
> >> Jul 9 21:44:23 racoon: INFO: isakmp.c:1368:isakmp_open():
> >> 127.0.0.1[500] used as isakmp port (fd=8)
> >> Jul 9 21:44:23 racoon: INFO: isakmp.c:1368:isakmp_open():
> >> 67.38.234.234[500] used as isakmp port (fd=7)
> >> Jul 9 21:44:23 racoon: INFO: main.c:175:main(): @(#)This product linked
> >> OpenSSL 0.9.7d 17 Mar 2004 (http://www.openssl.org/)
> >> Jul 9 21:44:23 racoon: INFO: main.c:174:main(): @(#)internal version
> >> 20001216 sakane at kame dot net
> >> Jul 9 21:44:23 racoon: INFO: main.c:172:main(): @(#)package version
> >> freebsd-20040818a
> >> Jul 9 21:44:22 racoon: INFO: session.c:180:close_session(): racoon
> >> shutdown
> >> Jul 9 21:44:21 racoon: INFO: session.c:299:check_sigreq(): caught
> >> signal 15
> >> Jul 9 21:38:21 racoon: INFO: pfkey.c:1420:pk_recvadd(): IPsec-SA
> >> established: ESP/Tunnel 67.38.234.234->69.123.123.123
> >> spi=109022360(0x67f8c98)
> >> Jul 9 21:38:21 racoon: INFO: pfkey.c:1197:pk_recvupdate(): IPsec-SA
> >> established: ESP/Tunnel 69.123.123.123->67.38.234.234
> >> spi=233926349(0xdf16ecd)
> >> Jul 9 21:38:20 racoon: INFO: isakmp.c:1059:isakmp_ph2begin_r(): respond
> >> new phase 2 negotiation: 67.38.234.234[0]<=>69.123.123.123[0]
> >> Jul 9 21:38:20 racoon: INFO:
> >> isakmp_inf.c:1155:info_recv_initialcontact(): purging spi=109346707.
> >> Jul 9 21:38:20 racoon: INFO: isakmp.c:2459:log_ph1established():
> >> ISAKMP-SA established 67.38.234.234[500]-69.123.123.123[500]
> >> spi:9c6b8e276533c90e:6a91f167b1f9a733
> >> Jul 9 21:38:18 racoon: INFO: isakmp.c:909:isakmp_ph1begin_r(): begin
> >> Aggressive mode.
> >> Jul 9 21:38:18 racoon: INFO: isakmp.c:904:isakmp_ph1begin_r(): respond
> >> new phase 1 negotiation: 67.38.234.234[500]<=>69.123.123.123[500]
> >> Jul 9 21:38:03 racoon: INFO: isakmp.c:1574:isakmp_ph1delete():
> >> ISAKMP-SA deleted 67.38.234.234[500]-69.123.123.123[500]
> >> spi:c5833031051d869e:5b14ab734a9b8d1c
> >> Jul 9 21:38:02 racoon: INFO: isakmp_inf.c:887:purge_isakmp_spi():
> >> purged ISAKMP-SA proto_id=ISAKMP spi=c5833031051d869e:5b14ab734a9b8d1c.
> >> Jul 9 21:37:09 racoon: INFO: isakmp_inf.c:989:purge_ipsec_spi(): purged
> >> IPsec-SA proto_id=ESP spi=68880930.
> >> Jul 9 21:36:43 racoon: INFO: pfkey.c:1420:pk_recvadd(): IPsec-SA
> >> established: ESP/Tunnel 67.38.234.234->69.123.123.123
> >> spi=68880930(0x41b0a22)
> >> Jul 9 21:36:43 racoon: INFO: pfkey.c:1197:pk_recvupdate(): IPsec-SA
> >> established: ESP/Tunnel 69.123.123.123->67.38.234.234
> >> spi=109346707(0x6847f93)
> >> Jul 9 21:36:42 racoon: INFO: isakmp.c:1059:isakmp_ph2begin_r(): respond
> >> new phase 2 negotiation: 67.38.234.234[0]<=>69.123.123.123[0]
> >> Jul 9 21:36:42 racoon: INFO:
> >> isakmp_inf.c:1155:info_recv_initialcontact(): purging spi=10656391.
> >> Jul 9 21:36:42 racoon: INFO:
> >> isakmp_inf.c:1155:info_recv_initialcontact(): purging spi=210680177.
> >> Jul 9 21:36:42 racoon: INFO: isakmp.c:2459:log_ph1established():
> >> ISAKMP-SA established 67.38.234.234[500]-69.123.123.123[500]
> >> spi:c5833031051d869e:5b14ab734a9b8d1c
> >> Jul 9 21:36:40 racoon: INFO: isakmp.c:909:isakmp_ph1begin_r(): begin
> >> Aggressive mode.
> >> Jul 9 21:36:40 racoon: INFO: isakmp.c:904:isakmp_ph1begin_r(): respond
> >> new phase 1 negotiation: 67.38.234.234[500]<=>69.123.123.123[500]
> >> Jul 9 21:36:32 racoon: INFO: isakmp.c:1574:isakmp_ph1delete():
> >> ISAKMP-SA deleted 67.38.234.234[500]-69.123.123.123[500]
> >> spi:cecb8378ce24c756:1bb8f7e511abd02c
> >> Jul 9 21:36:31 racoon: INFO: isakmp_inf.c:887:purge_isakmp_spi():
> >> purged ISAKMP-SA proto_id=ISAKMP spi=cecb8378ce24c756:1bb8f7e511abd02c.
> >> Jul 9 21:34:42 racoon: INFO: pfkey.c:1420:pk_recvadd(): IPsec-SA
> >> established: ESP/Tunnel 67.38.234.234->69.123.123.123
> >> spi=210680177(0xc8eb971)
> >> Jul 9 21:34:42 racoon: INFO: pfkey.c:1197:pk_recvupdate(): IPsec-SA
> >> established: ESP/Tunnel 69.123.123.123->67.38.234.234
> >> spi=10656391(0xa29a87)
> >> Jul 9 21:34:41 racoon: INFO: isakmp.c:1059:isakmp_ph2begin_r(): respond
> >> new phase 2 negotiation: 67.38.234.234[0]<=>69.123.123.123[0]
> >> Jul 9 21:34:41 racoon: INFO:
> >> isakmp_inf.c:1155:info_recv_initialcontact(): purging spi=114575059.
> >> Jul 9 21:34:41 racoon: INFO:
> >> isakmp_inf.c:1155:info_recv_initialcontact(): purging spi=122119065.
> >> Jul 9 21:34:41 racoon: INFO: isakmp.c:2459:log_ph1established():
> >> ISAKMP-SA established 67.38.234.234[500]-69.123.123.123[500]
> >> spi:cecb8378ce23c90e:6a91f7e511abd02c
> >> Jul 9 21:34:40 racoon: INFO: isakmp.c:909:isakmp_ph1begin_r(): begin
> >> Aggressive mode.
> >> Jul 9 21:34:40 racoon: INFO: isakmp.c:904:isakmp_ph1begin_r(): respond
> >> new phase 1 negotiation: 67.38.234.234[500]<=>69.123.123.123[500]
> >> Jul 9 21:08:12 racoon: INFO: isakmp.c:1574:isakmp_ph1delete():
> >> ISAKMP-SA deleted 67.38.234.234[500]-69.123.123.123[500]
> >> spi:e728f7e00dae5f1e:ed2ded86d85b510b
> >> Jul 9 21:08:11 racoon: INFO: isakmp.c:1526:isakmp_ph1expire():
> >> ISAKMP-SA expired 67.38.234.234[500]-69.123.123.123[500]
> >> spi:e728f7e00da3c90e:6a91fd86d85b510b
> >>
> >>
> >>
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> >> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> >> 
> >
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> 
>