Plutorun started on Sun Jan 7 04:46:51 CET 2007
Starting Pluto (Openswan Version 2.4.6 X.509-1.5.4 LDAP_V3 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR; Vendor ID OElLO]RdWNRD)
Setting NAT-Traversal port-4500 floating to on
   port floating activation criteria nat_t=1/port_fload=1
  including NAT-Traversal patch (Version 0.6c)
| opening /dev/hw_random
WARNING: Open of /dev/hw_random failed in init_rnd_pool(), trying alternate sources of random
| opening /dev/urandom
WARNING: Using /dev/urandom as the source of random
| inserting event EVENT_REINIT_SECRET, timeout in 3600 seconds
| inserting event EVENT_PENDING_PHASE2, timeout in 120 seconds
ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)
starting up 1 cryptographic helpers
| opening /dev/hw_random
WARNING: Open of /dev/hw_random failed in init_rnd_pool(), trying alternate sources of random
| opening /dev/urandom
WARNING: Using /dev/urandom as the source of random
started helper pid=8564 (fd:5)
Using Linux 2.6 IPsec interface code on 2.6.18-3-686
! helper 0 waiting on fd: 6
Changing to directory '/etc/ipsec.d/cacerts'
  loaded CA cert file 'ca_crissi.pem' (1141 bytes)
  loaded CA cert file 'c6ac2744.0' (1141 bytes)
Changing to directory '/etc/ipsec.d/aacerts'
Changing to directory '/etc/ipsec.d/ocspcerts'
Changing to directory '/etc/ipsec.d/crls'
  Warning: empty directory
| inserting event EVENT_LOG_DAILY, timeout in 69189 seconds
| next event EVENT_PENDING_PHASE2 in 120 seconds
|  
| *received whack message
| Added new connection ipsec-cert with policy RSASIG+ENCRYPT+TUNNEL
  loaded host cert file '/etc/ipsec.d/certs/mykeys_crissi.pem' (2401 bytes)
| certificate is valid
| counting wild cards for C=de, L=Wernigerode, O=CSI, CN=Christoph Thielecke is 0
| counting wild cards for C=de, L=Wernigerode, O=CSI, CN=CSI VPN CA, E=crissi99@gmx.de is 0
added connection description "ipsec-cert"
| 192.168.10.101[C=de, L=Wernigerode, O=CSI, CN=Christoph Thielecke]...10.242.3.1---192.168.10.222[C=de, L=Wernigerode, O=CSI, CN=CSI VPN CA, E=crissi99@gmx.de]===10.242.3.0/24
| ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 1; policy: RSASIG+ENCRYPT+TUNNEL
| next event EVENT_PENDING_PHASE2 in 120 seconds
|  
| *received whack message
listening for IKE messages
| found lo with address 127.0.0.1
| found eth2 with address 192.168.10.101
adding interface eth2/eth2 192.168.10.101:500
adding interface eth2/eth2 192.168.10.101:4500
adding interface lo/lo 127.0.0.1:500
adding interface lo/lo 127.0.0.1:4500
| found lo with address 0000:0000:0000:0000:0000:0000:0000:0001
adding interface lo/lo ::1:500
loading secrets from "/etc/ipsec.secrets"
  loaded private key file '/etc/ipsec.d/private/crissi.pem' (1112 bytes)
  invalid passphrase
| loaded private key for keyid: PPK_RSA:
"/etc/ipsec.secrets" line 3: error loading RSA private key file
| next event EVENT_PENDING_PHASE2 in 120 seconds
|  
| *received whack message
| processing connection ipsec-cert
| route owner of "ipsec-cert" unrouted: NULL; eroute owner: NULL
| could_route called for ipsec-cert (kind=CK_PERMANENT)
| route owner of "ipsec-cert" unrouted: NULL; eroute owner: NULL
| add eroute 10.242.3.0/24:0 --0-> 192.168.10.101/32:0 => %trap (raw_eroute)
| eroute_connection add eroute 192.168.10.101/32:0 --0-> 10.242.3.0/24:0 => %trap (raw_eroute)
| route_and_eroute: firewall_notified: true
| command executing prepare-host
| executing prepare-host: 2>&1 PLUTO_VERSION='1.1' PLUTO_VERB='prepare-host' PLUTO_CONNECTION='ipsec-cert' PLUTO_NEXT_HOP='192.168.10.222' PLUTO_INTERFACE='eth2' PLUTO_ME='192.168.10.101' PLUTO_MY_ID='C=de, L=Wernigerode, O=CSI, CN=Christoph Thielecke' PLUTO_MY_CLIENT='192.168.10.101/32' PLUTO_MY_CLIENT_NET='192.168.10.101' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_PEER='192.168.10.222' PLUTO_PEER_ID='C=de, L=Wernigerode, O=CSI, CN=CSI VPN CA, E=crissi99@gmx.de' PLUTO_PEER_CLIENT='10.242.3.0/24' PLUTO_PEER_CLIENT_NET='10.242.3.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL'   ipsec _updown
| command executing route-host
| executing route-host: 2>&1 PLUTO_VERSION='1.1' PLUTO_VERB='route-host' PLUTO_CONNECTION='ipsec-cert' PLUTO_NEXT_HOP='192.168.10.222' PLUTO_INTERFACE='eth2' PLUTO_ME='192.168.10.101' PLUTO_MY_ID='C=de, L=Wernigerode, O=CSI, CN=Christoph Thielecke' PLUTO_MY_CLIENT='192.168.10.101/32' PLUTO_MY_CLIENT_NET='192.168.10.101' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_PEER='192.168.10.222' PLUTO_PEER_ID='C=de, L=Wernigerode, O=CSI, CN=CSI VPN CA, E=crissi99@gmx.de' PLUTO_PEER_CLIENT='10.242.3.0/24' PLUTO_PEER_CLIENT_NET='10.242.3.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL'   ipsec _updown
| next event EVENT_PENDING_PHASE2 in 120 seconds
|  
| *received whack message
| processing connection ipsec-cert
| empty esp_info, returning empty
| creating state object #1 at 0x80feaa0
| processing connection ipsec-cert
| ICOOKIE:  da b8 c1 49  1a 44 1d 8d
| RCOOKIE:  00 00 00 00  00 00 00 00
| peer:  c0 a8 0a de
| state hash entry 8
| inserting event EVENT_SO_DISCARD, timeout in 0 seconds for #1
| Queuing pending Quick Mode with 192.168.10.222 "ipsec-cert"
"ipsec-cert" #1: initiating Main Mode
| sending 312 bytes for main_outI1 through eth2:500 to 192.168.10.222:500:
| inserting event EVENT_RETRANSMIT, timeout in 10 seconds for #1
| next event EVENT_RETRANSMIT in 10 seconds for #1
|  
| *received 40 bytes from 192.168.10.222:500 on eth2 (port=500)
|  processing packet with exchange type=ISAKMP_XCHG_INFO (5)
| ICOOKIE:  da b8 c1 49  1a 44 1d 8d
| RCOOKIE:  f2 6d a7 71  ee 55 c9 ac
| peer:  c0 a8 0a de
| state hash entry 7
| p15 state object not found
packet from 192.168.10.222:500: ignoring informational payload, type NO_PROPOSAL_CHOSEN
| processing informational NO_PROPOSAL_CHOSEN (14)
packet from 192.168.10.222:500: received and ignored informational message
| complete state transition with STF_IGNORE
| next event EVENT_RETRANSMIT in 10 seconds for #1
|  
| *received whack message
| processing connection ipsec-cert
| empty esp_info, returning empty
| Queuing pending Quick Mode with 192.168.10.222 "ipsec-cert"
| next event EVENT_RETRANSMIT in 4 seconds for #1
|  
| *time to handle event
| handling event EVENT_RETRANSMIT
| event after this is EVENT_PENDING_PHASE2 in 110 seconds
| processing connection ipsec-cert
| handling event EVENT_RETRANSMIT for 192.168.10.222 "ipsec-cert" #1
| sending 312 bytes for EVENT_RETRANSMIT through eth2:500 to 192.168.10.222:500:
| inserting event EVENT_RETRANSMIT, timeout in 20 seconds for #1
| next event EVENT_RETRANSMIT in 20 seconds for #1
|  
| *received 40 bytes from 192.168.10.222:500 on eth2 (port=500)
|  processing packet with exchange type=ISAKMP_XCHG_INFO (5)
| ICOOKIE:  da b8 c1 49  1a 44 1d 8d
| RCOOKIE:  2b 80 4e b6  c9 17 b2 e2
| peer:  c0 a8 0a de
| state hash entry 3
| p15 state object not found
packet from 192.168.10.222:500: ignoring informational payload, type NO_PROPOSAL_CHOSEN
| processing informational NO_PROPOSAL_CHOSEN (14)
packet from 192.168.10.222:500: received and ignored informational message
| complete state transition with STF_IGNORE
| next event EVENT_RETRANSMIT in 20 seconds for #1
|  
| *received whack message
| processing connection ipsec-cert
"ipsec-cert": terminating SAs using this connection
| processing connection ipsec-cert
"ipsec-cert" #1: deleting state (STATE_MAIN_I1)
| deleting state #1
| processing connection ipsec-cert
| ICOOKIE:  da b8 c1 49  1a 44 1d 8d
| RCOOKIE:  00 00 00 00  00 00 00 00
| peer:  c0 a8 0a de
| state hash entry 8
| next event EVENT_PENDING_PHASE2 in 106 seconds
|  
| *received whack message
shutting down
| processing connection ipsec-cert
"ipsec-cert": deleting connection
| delete eroute 10.242.3.0/24:0 --0-> 192.168.10.101/32:0 => int.0@192.168.10.101 (raw_eroute)
| eroute_connection delete eroute 192.168.10.101/32:0 --0-> 10.242.3.0/24:0 => int.0@0.0.0.0 (raw_eroute)
| route owner of "ipsec-cert" unrouted: NULL
| command executing unroute-host
| executing unroute-host: 2>&1 PLUTO_VERSION='1.1' PLUTO_VERB='unroute-host' PLUTO_CONNECTION='ipsec-cert' PLUTO_NEXT_HOP='192.168.10.222' PLUTO_INTERFACE='eth2' PLUTO_ME='192.168.10.101' PLUTO_MY_ID='C=de, L=Wernigerode, O=CSI, CN=Christoph Thielecke' PLUTO_MY_CLIENT='192.168.10.101/32' PLUTO_MY_CLIENT_NET='192.168.10.101' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_PEER='192.168.10.222' PLUTO_PEER_ID='C=de, L=Wernigerode, O=CSI, CN=CSI VPN CA, E=crissi99@gmx.de' PLUTO_PEER_CLIENT='10.242.3.0/24' PLUTO_PEER_CLIENT_NET='10.242.3.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL'   ipsec _updown
shutting down interface lo/lo ::1:500
shutting down interface lo/lo 127.0.0.1:4500
shutting down interface lo/lo 127.0.0.1:500
shutting down interface eth2/eth2 192.168.10.101:4500
shutting down interface eth2/eth2 192.168.10.101:500
