Mobile IPv6 HOWTO » History » Version 1
Andreas Steffen, 13.11.2008 04:52
Create MobileIPv6 page
| 1 | 1 | Andreas Steffen | = Mobile IPv6 = |
|---|---|---|---|
| 2 | 1 | Andreas Steffen | |
| 3 | 1 | Andreas Steffen | Starting with version 4.2.9, strongSwan can be used to secure the Mobile IPv6 Binding Update messages and all payload traffic between a Mobile Node (MN) and its Home Agent (HA) using an IPsec transport and an IPsec tunnel Security Association (SA), respectively. |
| 4 | 1 | Andreas Steffen | |
| 5 | 1 | Andreas Steffen | == Mobile Node carol == |
| 6 | 1 | Andreas Steffen | |
| 7 | 1 | Andreas Steffen | === /etc/mip6d.conf === |
| 8 | 1 | Andreas Steffen | |
| 9 | 1 | Andreas Steffen | {{{ |
| 10 | 1 | Andreas Steffen | NodeConfig MN; |
| 11 | 1 | Andreas Steffen | |
| 12 | 1 | Andreas Steffen | UseMnHaIPsec enabled; |
| 13 | 1 | Andreas Steffen | KeyMngMobCapability enabled; |
| 14 | 1 | Andreas Steffen | DoRouteOptimizationMN disabled; |
| 15 | 1 | Andreas Steffen | |
| 16 | 1 | Andreas Steffen | Interface "eth0"; |
| 17 | 1 | Andreas Steffen | |
| 18 | 1 | Andreas Steffen | MnHomeLink "eth0" { |
| 19 | 1 | Andreas Steffen | HomeAgentAddress 2001:1::1; |
| 20 | 1 | Andreas Steffen | HomeAddress 2001:1::10/64; |
| 21 | 1 | Andreas Steffen | } |
| 22 | 1 | Andreas Steffen | |
| 23 | 1 | Andreas Steffen | IPsecPolicySet { |
| 24 | 1 | Andreas Steffen | HomeAgentAddress 2001:1::1; |
| 25 | 1 | Andreas Steffen | HomeAddress 2001:1::10/64; |
| 26 | 1 | Andreas Steffen | |
| 27 | 1 | Andreas Steffen | IPsecPolicy Mh UseESP 1; |
| 28 | 1 | Andreas Steffen | IPsecPolicy TunnelPayload UseESP 2; |
| 29 | 1 | Andreas Steffen | } |
| 30 | 1 | Andreas Steffen | }}} |
| 31 | 1 | Andreas Steffen | |
| 32 | 1 | Andreas Steffen | === /etc/ipsec.conf === |
| 33 | 1 | Andreas Steffen | |
| 34 | 1 | Andreas Steffen | {{{ |
| 35 | 1 | Andreas Steffen | config setup |
| 36 | 1 | Andreas Steffen | crlcheckinterval=180 |
| 37 | 1 | Andreas Steffen | plutostart=no |
| 38 | 1 | Andreas Steffen | charondebug="knl 2" |
| 39 | 1 | Andreas Steffen | |
| 40 | 1 | Andreas Steffen | conn %default |
| 41 | 1 | Andreas Steffen | keyexchange=ikev2 |
| 42 | 1 | Andreas Steffen | reauth=no |
| 43 | 1 | Andreas Steffen | mobike=no |
| 44 | 1 | Andreas Steffen | installpolicy=no |
| 45 | 1 | Andreas Steffen | |
| 46 | 1 | Andreas Steffen | conn mh |
| 47 | 1 | Andreas Steffen | also=home |
| 48 | 1 | Andreas Steffen | rightsubnet=2001:1::1/128 |
| 49 | 1 | Andreas Steffen | leftprotoport=135/0 |
| 50 | 1 | Andreas Steffen | rightprotoport=135/0 |
| 51 | 1 | Andreas Steffen | type=transport_proxy |
| 52 | 1 | Andreas Steffen | auto=route |
| 53 | 1 | Andreas Steffen | |
| 54 | 1 | Andreas Steffen | conn tunnel |
| 55 | 1 | Andreas Steffen | also=home |
| 56 | 1 | Andreas Steffen | rightsubnet=::/0 |
| 57 | 1 | Andreas Steffen | auto=route |
| 58 | 1 | Andreas Steffen | |
| 59 | 1 | Andreas Steffen | conn home |
| 60 | 1 | Andreas Steffen | leftcert=carolCert.pem |
| 61 | 1 | Andreas Steffen | leftid=carol@strongswan.org |
| 62 | 1 | Andreas Steffen | leftsubnet=2001:1::10/128 |
| 63 | 1 | Andreas Steffen | right=2001:1::1 |
| 64 | 1 | Andreas Steffen | rightid=moon.strongswan.org |
| 65 | 1 | Andreas Steffen | ike=aes128-sha1-modp2048! |
| 66 | 1 | Andreas Steffen | esp=aes128-sha1-modp2048! |
| 67 | 1 | Andreas Steffen | }}} |
| 68 | 1 | Andreas Steffen | |
| 69 | 1 | Andreas Steffen | === ipsec statusall === |
| 70 | 1 | Andreas Steffen | |
| 71 | 1 | Andreas Steffen | {{{ |
| 72 | 1 | Andreas Steffen | Performance: |
| 73 | 1 | Andreas Steffen | uptime: 56 seconds, since Nov 13 01:06:39 2008 |
| 74 | 1 | Andreas Steffen | worker threads: 9 idle of 16, job queue load: 0, scheduled events: 2 |
| 75 | 1 | Andreas Steffen | loaded plugins: curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink |
| 76 | 1 | Andreas Steffen | Listening IP addresses: |
| 77 | 1 | Andreas Steffen | 192.168.0.100 |
| 78 | 1 | Andreas Steffen | 2001::18d9:88ff:fe7d:36b3 |
| 79 | 1 | Andreas Steffen | fec0::18d9:88ff:fe7d:36b3 |
| 80 | 1 | Andreas Steffen | 2001:1::10 |
| 81 | 1 | Andreas Steffen | Connections: |
| 82 | 1 | Andreas Steffen | mh: %any[carol@strongswan.org]...2001:1::1[moon.strongswan.org] |
| 83 | 1 | Andreas Steffen | mh: CAs: "C=CH, O=Linux strongSwan, CN=strongSwan Root CA"...%any |
| 84 | 1 | Andreas Steffen | mh: public key authentication |
| 85 | 1 | Andreas Steffen | mh: 2001:1::10/128[135] === 2001:1::1/128[135] |
| 86 | 1 | Andreas Steffen | tunnel: 2001:1::10/128 === ::/0 |
| 87 | 1 | Andreas Steffen | Security Associations: |
| 88 | 1 | Andreas Steffen | mh[1]: ESTABLISHED, 2001::18d9:88ff:fe7d:36b3[carol@strongswan.org]...2001:1::1[moon.strongswan.org] |
| 89 | 1 | Andreas Steffen | mh[1]: IKE SPIs: 372bdbd1320c2eb4_i* a53801fd03fbffee_r, rekeying in 55 minutes |
| 90 | 1 | Andreas Steffen | mh[1]: IKE proposal: AES_CBC-128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048_BIT |
| 91 | 1 | Andreas Steffen | mh{1}: ROUTED, TRANSPORT |
| 92 | 1 | Andreas Steffen | mh{1}: 2001:1::10/128[135] === 2001:1::1/128[135] |
| 93 | 1 | Andreas Steffen | tunnel{2}: ROUTED, TUNNEL |
| 94 | 1 | Andreas Steffen | tunnel{2}: 2001:1::10/128 === ::/0 |
| 95 | 1 | Andreas Steffen | mh{1}: INSTALLED, TRANSPORT, ESP SPIs: cf472638_i c31ec667_o |
| 96 | 1 | Andreas Steffen | mh{1}: AES_CBC-128/HMAC_SHA1_96, rekeying in 13 minutes, last use: 49s_i no_o |
| 97 | 1 | Andreas Steffen | mh{1}: 2001:1::10/128[135] === 2001:1::1/128[135] |
| 98 | 1 | Andreas Steffen | tunnel{2}: INSTALLED, TUNNEL, ESP SPIs: c4f98106_i c0f90752_o |
| 99 | 1 | Andreas Steffen | tunnel{2}: AES_CBC-128/HMAC_SHA1_96, rekeying in 14 minutes, last use: 45s_i no_o |
| 100 | 1 | Andreas Steffen | tunnel{2}: 2001:1::10/128 === ::/0 |
| 101 | 1 | Andreas Steffen | }}} |
| 102 | 1 | Andreas Steffen | |
| 103 | 1 | Andreas Steffen | === ip xfrm policy === |
| 104 | 1 | Andreas Steffen | |
| 105 | 1 | Andreas Steffen | {{{ |
| 106 | 1 | Andreas Steffen | src 2001:1::1/128 dst 2001:1::10/128 proto 135 |
| 107 | 1 | Andreas Steffen | dir in priority 2 ptype main |
| 108 | 1 | Andreas Steffen | tmpl src :: dst :: |
| 109 | 1 | Andreas Steffen | proto esp reqid 1 mode transport |
| 110 | 1 | Andreas Steffen | |
| 111 | 1 | Andreas Steffen | src 2001:1::10/128 dst 2001:1::1/128 proto 135 |
| 112 | 1 | Andreas Steffen | dir out priority 2 ptype main |
| 113 | 1 | Andreas Steffen | tmpl src :: dst :: |
| 114 | 1 | Andreas Steffen | proto esp reqid 1 mode transport |
| 115 | 1 | Andreas Steffen | |
| 116 | 1 | Andreas Steffen | src ::/0 dst 2001:1::10/128 |
| 117 | 1 | Andreas Steffen | dir in priority 10 ptype main |
| 118 | 1 | Andreas Steffen | tmpl src 2001:1::1 dst 2001::18d9:88ff:fe7d:36b3 |
| 119 | 1 | Andreas Steffen | proto esp reqid 2 mode tunnel |
| 120 | 1 | Andreas Steffen | |
| 121 | 1 | Andreas Steffen | src 2001:1::10/128 dst ::/0 |
| 122 | 1 | Andreas Steffen | dir out priority 10 ptype main |
| 123 | 1 | Andreas Steffen | tmpl src 2001::18d9:88ff:fe7d:36b3 dst 2001:1::1 |
| 124 | 1 | Andreas Steffen | proto esp reqid 2 mode tunnel |
| 125 | 1 | Andreas Steffen | }}} |
| 126 | 1 | Andreas Steffen | |
| 127 | 1 | Andreas Steffen | === ip xfrm state === |
| 128 | 1 | Andreas Steffen | |
| 129 | 1 | Andreas Steffen | {{{ |
| 130 | 1 | Andreas Steffen | src :: dst :: |
| 131 | 1 | Andreas Steffen | proto hao reqid 0 mode ro |
| 132 | 1 | Andreas Steffen | replay-window 0 flag wildrecv |
| 133 | 1 | Andreas Steffen | coa :: |
| 134 | 1 | Andreas Steffen | sel src ::/0 dst ::/0 |
| 135 | 1 | Andreas Steffen | |
| 136 | 1 | Andreas Steffen | src :: dst :: |
| 137 | 1 | Andreas Steffen | proto route2 reqid 0 mode ro |
| 138 | 1 | Andreas Steffen | replay-window 0 flag wildrecv |
| 139 | 1 | Andreas Steffen | coa :: |
| 140 | 1 | Andreas Steffen | sel src ::/0 dst ::/0 |
| 141 | 1 | Andreas Steffen | |
| 142 | 1 | Andreas Steffen | src 2001:1::10 dst 2001:1::1 |
| 143 | 1 | Andreas Steffen | proto hao reqid 0 mode ro |
| 144 | 1 | Andreas Steffen | replay-window 0 |
| 145 | 1 | Andreas Steffen | coa 2001::18d9:88ff:fe7d:36b3 |
| 146 | 1 | Andreas Steffen | lastused 2008-11-13 01:06:50 |
| 147 | 1 | Andreas Steffen | sel src 2001:1::10/128 dst 2001:1::1/128 |
| 148 | 1 | Andreas Steffen | |
| 149 | 1 | Andreas Steffen | src 2001:1::10 dst 2001:1::1 |
| 150 | 1 | Andreas Steffen | proto esp spi 0xc31ec667 reqid 1 mode transport |
| 151 | 1 | Andreas Steffen | replay-window 32 |
| 152 | 1 | Andreas Steffen | auth hmac(sha1) 0xf6815c3cd001ff884eb6c1b4112ea9db0daf1eef |
| 153 | 1 | Andreas Steffen | enc cbc(aes) 0xa51f577d694f46beb85179ecc5d35251 |
| 154 | 1 | Andreas Steffen | sel src ::/0 dst ::/0 |
| 155 | 1 | Andreas Steffen | |
| 156 | 1 | Andreas Steffen | src 2001:1::1 dst 2001:1::10 |
| 157 | 1 | Andreas Steffen | proto esp spi 0xcf472638 reqid 1 mode transport |
| 158 | 1 | Andreas Steffen | replay-window 32 |
| 159 | 1 | Andreas Steffen | auth hmac(sha1) 0x8d9790093b1baa89a128e92c7019c32d776eccac |
| 160 | 1 | Andreas Steffen | enc cbc(aes) 0xe02ea1231d5e1908564992ccafdc97cd |
| 161 | 1 | Andreas Steffen | sel src ::/0 dst ::/0 |
| 162 | 1 | Andreas Steffen | |
| 163 | 1 | Andreas Steffen | src 2001::18d9:88ff:fe7d:36b3 dst 2001:1::1 |
| 164 | 1 | Andreas Steffen | proto esp spi 0xc0f90752 reqid 2 mode tunnel |
| 165 | 1 | Andreas Steffen | replay-window 32 flag 20 |
| 166 | 1 | Andreas Steffen | auth hmac(sha1) 0x8339d597ed1d92d820443171d3e3282d83186572 |
| 167 | 1 | Andreas Steffen | enc cbc(aes) 0xcba21b583a2330897e33339b72855eaa |
| 168 | 1 | Andreas Steffen | |
| 169 | 1 | Andreas Steffen | src 2001:1::1 dst 2001::18d9:88ff:fe7d:36b3 |
| 170 | 1 | Andreas Steffen | proto esp spi 0xc4f98106 reqid 2 mode tunnel |
| 171 | 1 | Andreas Steffen | replay-window 32 flag 20 |
| 172 | 1 | Andreas Steffen | auth hmac(sha1) 0xf4ffd5a21d52b4766ea81c22945f3f558f24c675 |
| 173 | 1 | Andreas Steffen | enc cbc(aes) 0x7c0d20968090085fbb17557f53c8818b |
| 174 | 1 | Andreas Steffen | }}} |
| 175 | 1 | Andreas Steffen | |
| 176 | 1 | Andreas Steffen | === /var/log/daemon.log === |
| 177 | 1 | Andreas Steffen | |
| 178 | 1 | Andreas Steffen | {{{ |
| 179 | 1 | Andreas Steffen | Nov 13 01:06:39 carol charon: 01[DMN] starting charon (strongSwan Version 4.2.9rc18) |
| 180 | 1 | Andreas Steffen | Nov 13 01:06:39 carol charon: 01[CFG] loading ca certificates from '/etc/ipsec.d/cacerts' |
| 181 | 1 | Andreas Steffen | Nov 13 01:06:39 carol charon: 01[LIB] loaded certificate file '/etc/ipsec.d/cacerts/strongswanCert.pem' |
| 182 | 1 | Andreas Steffen | Nov 13 01:06:39 carol charon: 01[CFG] loading aa certificates from '/etc/ipsec.d/aacerts' |
| 183 | 1 | Andreas Steffen | Nov 13 01:06:39 carol charon: 01[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts' |
| 184 | 1 | Andreas Steffen | Nov 13 01:06:39 carol charon: 01[CFG] loading attribute certificates from '/etc/ipsec.d/acerts' |
| 185 | 1 | Andreas Steffen | Nov 13 01:06:39 carol charon: 01[CFG] loading crls from '/etc/ipsec.d/crls' |
| 186 | 1 | Andreas Steffen | Nov 13 01:06:39 carol charon: 01[LIB] loaded crl file '/etc/ipsec.d/crls/strongswan.crl' |
| 187 | 1 | Andreas Steffen | Nov 13 01:06:39 carol charon: 01[CFG] loading secrets from '/etc/ipsec.secrets' |
| 188 | 1 | Andreas Steffen | Nov 13 01:06:39 carol charon: 01[CFG] loaded private key file '/etc/ipsec.d/private/carolKey.pem' |
| 189 | 1 | Andreas Steffen | Nov 13 01:06:39 carol charon: 01[DMN] loaded plugins: curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink |
| 190 | 1 | Andreas Steffen | Nov 13 01:06:39 carol charon: 01[KNL] listening on interfaces: |
| 191 | 1 | Andreas Steffen | Nov 13 01:06:39 carol charon: 01[KNL] eth0 |
| 192 | 1 | Andreas Steffen | Nov 13 01:06:39 carol charon: 01[KNL] 192.168.0.100 |
| 193 | 1 | Andreas Steffen | Nov 13 01:06:39 carol charon: 01[KNL] 2001::18d9:88ff:fe7d:36b3 |
| 194 | 1 | Andreas Steffen | Nov 13 01:06:39 carol charon: 01[KNL] fec0::18d9:88ff:fe7d:36b3 |
| 195 | 1 | Andreas Steffen | Nov 13 01:06:39 carol charon: 01[KNL] fe80::18d9:88ff:fe7d:36b3 |
| 196 | 1 | Andreas Steffen | Nov 13 01:06:39 carol charon: 01[JOB] spawning 16 worker threads |
| 197 | 1 | Andreas Steffen | Nov 13 01:06:40 carol charon: 07[CFG] received stroke: add connection 'mh' |
| 198 | 1 | Andreas Steffen | Nov 13 01:06:40 carol charon: 07[KNL] getting interface name for 2001:1::1 |
| 199 | 1 | Andreas Steffen | Nov 13 01:06:40 carol charon: 07[KNL] 2001:1::1 is not a local address |
| 200 | 1 | Andreas Steffen | Nov 13 01:06:40 carol charon: 07[KNL] getting interface name for %any |
| 201 | 1 | Andreas Steffen | Nov 13 01:06:40 carol charon: 07[KNL] %any is not a local address |
| 202 | 1 | Andreas Steffen | Nov 13 01:06:40 carol charon: 07[CFG] left nor right host is our side, assuming left=local |
| 203 | 1 | Andreas Steffen | Nov 13 01:06:40 carol charon: 07[LIB] loaded certificate file '/etc/ipsec.d/certs/carolCert.pem' |
| 204 | 1 | Andreas Steffen | Nov 13 01:06:40 carol charon: 07[CFG] added configuration 'mh': %any[carol@strongswan.org]...2001:1::1[moon.strongswan.org] |
| 205 | 1 | Andreas Steffen | Nov 13 01:06:40 carol charon: 09[CFG] received stroke: route 'mh' |
| 206 | 1 | Andreas Steffen | Nov 13 01:06:40 carol charon: 10[KNL] getting address to reach 2001:1::1 |
| 207 | 1 | Andreas Steffen | Nov 13 01:06:40 carol charon: 10[CHD] my address: 2001::18d9:88ff:fe7d:36b3 is a transport mode proxy for 2001:1::10 |
| 208 | 1 | Andreas Steffen | Nov 13 01:06:40 carol charon: 10[IKE] CHILD_SA routed |
| 209 | 1 | Andreas Steffen | Nov 13 01:06:40 carol charon: 11[CFG] received stroke: add connection 'tunnel' |
| 210 | 1 | Andreas Steffen | Nov 13 01:06:40 carol charon: 11[KNL] getting interface name for 2001:1::1 |
| 211 | 1 | Andreas Steffen | Nov 13 01:06:40 carol charon: 11[KNL] 2001:1::1 is not a local address |
| 212 | 1 | Andreas Steffen | Nov 13 01:06:40 carol charon: 11[KNL] getting interface name for %any |
| 213 | 1 | Andreas Steffen | Nov 13 01:06:40 carol charon: 11[KNL] %any is not a local address |
| 214 | 1 | Andreas Steffen | Nov 13 01:06:40 carol charon: 11[CFG] left nor right host is our side, assuming left=local |
| 215 | 1 | Andreas Steffen | Nov 13 01:06:40 carol charon: 11[LIB] loaded certificate file '/etc/ipsec.d/certs/carolCert.pem' |
| 216 | 1 | Andreas Steffen | Nov 13 01:06:40 carol charon: 11[CFG] added child to existing configuration 'mh' |
| 217 | 1 | Andreas Steffen | Nov 13 01:06:40 carol charon: 12[CFG] received stroke: route 'tunnel' |
| 218 | 1 | Andreas Steffen | Nov 13 01:06:40 carol charon: 16[KNL] getting address to reach 2001:1::1 |
| 219 | 1 | Andreas Steffen | Nov 13 01:06:40 carol charon: 16[IKE] CHILD_SA routed |
| 220 | 1 | Andreas Steffen | |
| 221 | 1 | Andreas Steffen | Nov 13 01:06:45 carol mip6d[1072]: MIPL Mobile IPv6 for Linux v2.0.2-umip-0.4 started (Mobile Node) |
| 222 | 1 | Andreas Steffen | |
| 223 | 1 | Andreas Steffen | Nov 13 01:06:45 carol charon: 04[KNL] interface ip6tnl1 activated |
| 224 | 1 | Andreas Steffen | Nov 13 01:06:45 carol charon: 04[KNL] fe80::18d9:88ff:fe7d:36b3 appeared on ip6tnl1 |
| 225 | 1 | Andreas Steffen | Nov 13 01:06:45 carol charon: 04[KNL] 2001:1::10 appeared on ip6tnl1 |
| 226 | 1 | Andreas Steffen | Nov 13 01:06:45 carol mip6d[1073]: Interface 1 (lo):type 772 unsupported |
| 227 | 1 | Andreas Steffen | Nov 13 01:06:45 carol charon: 04[KNL] fe80::18d9:88ff:fe7d:36b3 disappeared from eth0 |
| 228 | 1 | Andreas Steffen | Nov 13 01:06:45 carol charon: 03[KNL] received a XFRM_MSG_MIGRATE |
| 229 | 1 | Andreas Steffen | Nov 13 01:06:45 carol charon: 03[KNL] policy: 2001:1::10/128[135] === 2001:1::1/128[135] out, index 0 |
| 230 | 1 | Andreas Steffen | Nov 13 01:06:45 carol charon: 03[KNL] XFRMA_KMADDRESS |
| 231 | 1 | Andreas Steffen | Nov 13 01:06:45 carol charon: 03[KNL] kmaddress: 2001::18d9:88ff:fe7d:36b3...2001:1::1 |
| 232 | 1 | Andreas Steffen | Nov 13 01:06:45 carol charon: 03[KNL] XFRMA_POLICY_TYPE |
| 233 | 1 | Andreas Steffen | Nov 13 01:06:45 carol charon: 03[KNL] XFRMA_MIGRATE |
| 234 | 1 | Andreas Steffen | Nov 13 01:06:45 carol charon: 03[KNL] migrate ESP %any...%any to 2001::18d9:88ff:fe7d:36b3...2001:1::1, reqid {1} |
| 235 | 1 | Andreas Steffen | Nov 13 01:06:45 carol charon: 03[KNL] creating migrate job for policy 2001:1::10/128[135] === 2001:1::1/128[135] out with reqid {1} |
| 236 | 1 | Andreas Steffen | Nov 13 01:06:45 carol charon: 03[KNL] received a XFRM_MSG_MIGRATE |
| 237 | 1 | Andreas Steffen | Nov 13 01:06:45 carol charon: 03[KNL] policy: 2001:1::1/128[135] === 2001:1::10/128[135] in, index 0 |
| 238 | 1 | Andreas Steffen | Nov 13 01:06:45 carol charon: 03[KNL] XFRMA_KMADDRESS |
| 239 | 1 | Andreas Steffen | Nov 13 01:06:45 carol charon: 03[KNL] kmaddress: 2001::18d9:88ff:fe7d:36b3...2001:1::1 |
| 240 | 1 | Andreas Steffen | Nov 13 01:06:45 carol charon: 03[KNL] XFRMA_POLICY_TYPE |
| 241 | 1 | Andreas Steffen | Nov 13 01:06:45 carol charon: 03[KNL] XFRMA_MIGRATE |
| 242 | 1 | Andreas Steffen | Nov 13 01:06:45 carol charon: 03[KNL] migrate ESP %any...%any to 2001:1::1...2001::18d9:88ff:fe7d:36b3, reqid {1} |
| 243 | 1 | Andreas Steffen | Nov 13 01:06:45 carol charon: 03[KNL] creating migrate job for policy 2001:1::1/128[135] === 2001:1::10/128[135] in with reqid {1} |
| 244 | 1 | Andreas Steffen | Nov 13 01:06:45 carol charon: 03[KNL] received a XFRM_MSG_MIGRATE |
| 245 | 1 | Andreas Steffen | Nov 13 01:06:45 carol charon: 03[KNL] policy: 2001:1::10/128 === ::/0 out, index 0 |
| 246 | 1 | Andreas Steffen | Nov 13 01:06:45 carol charon: 03[KNL] XFRMA_KMADDRESS |
| 247 | 1 | Andreas Steffen | Nov 13 01:06:45 carol charon: 03[KNL] kmaddress: 2001::18d9:88ff:fe7d:36b3...2001:1::1 |
| 248 | 1 | Andreas Steffen | Nov 13 01:06:45 carol charon: 03[KNL] XFRMA_POLICY_TYPE |
| 249 | 1 | Andreas Steffen | Nov 13 01:06:45 carol charon: 03[KNL] XFRMA_MIGRATE |
| 250 | 1 | Andreas Steffen | Nov 13 01:06:45 carol charon: 03[KNL] migrate ESP 2001:1::10...2001:1::1 to 2001::18d9:88ff:fe7d:36b3...2001:1::1, reqid {2} |
| 251 | 1 | Andreas Steffen | Nov 13 01:06:45 carol charon: 03[KNL] creating migrate job for policy 2001:1::10/128 === ::/0 out with reqid {2} |
| 252 | 1 | Andreas Steffen | Nov 13 01:06:45 carol charon: 03[KNL] received a XFRM_MSG_MIGRATE |
| 253 | 1 | Andreas Steffen | Nov 13 01:06:45 carol charon: 03[KNL] policy: ::/0 === 2001:1::10/128 in, index 0 |
| 254 | 1 | Andreas Steffen | Nov 13 01:06:45 carol charon: 03[KNL] XFRMA_KMADDRESS |
| 255 | 1 | Andreas Steffen | Nov 13 01:06:45 carol charon: 03[KNL] kmaddress: 2001::18d9:88ff:fe7d:36b3...2001:1::1 |
| 256 | 1 | Andreas Steffen | Nov 13 01:06:45 carol charon: 03[KNL] XFRMA_POLICY_TYPE |
| 257 | 1 | Andreas Steffen | Nov 13 01:06:45 carol charon: 03[KNL] XFRMA_MIGRATE |
| 258 | 1 | Andreas Steffen | Nov 13 01:06:45 carol charon: 03[KNL] migrate ESP 2001:1::1...2001:1::10 to 2001:1::1...2001::18d9:88ff:fe7d:36b3, reqid {2} |
| 259 | 1 | Andreas Steffen | Nov 13 01:06:45 carol charon: 03[KNL] creating migrate job for policy ::/0 === 2001:1::10/128 in with reqid {2} |
| 260 | 1 | Andreas Steffen | |
| 261 | 1 | Andreas Steffen | Nov 13 01:06:45 carol charon: 03[KNL] received a XFRM_MSG_ACQUIRE |
| 262 | 1 | Andreas Steffen | Nov 13 01:06:45 carol charon: 03[KNL] XFRMA_TMPL |
| 263 | 1 | Andreas Steffen | Nov 13 01:06:45 carol charon: 03[KNL] XFRMA_POLICY_TYPE |
| 264 | 1 | Andreas Steffen | Nov 13 01:06:45 carol charon: 03[KNL] creating acquire job for policy 2001:1::10/128[135/5] === 2001:1::1/128[135] with reqid {1} |
| 265 | 1 | Andreas Steffen | Nov 13 01:06:45 carol charon: 11[IKE] initiating IKE_SA mh[1] to 2001:1::1 |
| 266 | 1 | Andreas Steffen | Nov 13 01:06:45 carol charon: 11[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ] |
| 267 | 1 | Andreas Steffen | Nov 13 01:06:45 carol charon: 11[NET] sending packet: from 2001::18d9:88ff:fe7d:36b3[500] to 2001:1::1[500] |
| 268 | 1 | Andreas Steffen | Nov 13 01:06:45 carol charon: 15[KNL] getting address to reach 2001:1::1 |
| 269 | 1 | Andreas Steffen | Nov 13 01:06:45 carol charon: 16[NET] received packet: from 2001:1::1[500] to 2001::18d9:88ff:fe7d:36b3[500] |
| 270 | 1 | Andreas Steffen | Nov 13 01:06:45 carol charon: 16[ENC] parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ ] |
| 271 | 1 | Andreas Steffen | Nov 13 01:06:45 carol charon: 16[IKE] received cert request for "C=CH, O=Linux strongSwan, CN=strongSwan Root CA" |
| 272 | 1 | Andreas Steffen | Nov 13 01:06:45 carol charon: 16[IKE] sending cert request for "C=CH, O=Linux strongSwan, CN=strongSwan Root CA" |
| 273 | 1 | Andreas Steffen | Nov 13 01:06:45 carol charon: 16[IKE] authentication of 'carol@strongswan.org' (myself) with RSA signature successful |
| 274 | 1 | Andreas Steffen | Nov 13 01:06:45 carol charon: 16[IKE] sending end entity cert "C=CH, O=Linux strongSwan, OU=Research, CN=carol@strongswan.org" |
| 275 | 1 | Andreas Steffen | Nov 13 01:06:45 carol charon: 16[IKE] establishing CHILD_SA mh{1} |
| 276 | 1 | Andreas Steffen | Nov 13 01:06:45 carol charon: 16[CHD] my address: 2001::18d9:88ff:fe7d:36b3 is a transport mode proxy for 2001:1::10 |
| 277 | 1 | Andreas Steffen | Nov 13 01:06:45 carol charon: 16[KNL] getting SPI for reqid {1} |
| 278 | 1 | Andreas Steffen | Nov 13 01:06:45 carol charon: 16[KNL] got SPI cf472638 for reqid {1} |
| 279 | 1 | Andreas Steffen | Nov 13 01:06:45 carol charon: 16[ENC] generating IKE_AUTH request 1 [ IDi CERT CERTREQ IDr AUTH N(USE_TRANSP) SA TSi TSr ] |
| 280 | 1 | Andreas Steffen | Nov 13 01:06:45 carol charon: 16[NET] sending packet: from 2001::18d9:88ff:fe7d:36b3[500] to 2001:1::1[500] |
| 281 | 1 | Andreas Steffen | Nov 13 01:06:45 carol charon: 12[NET] received packet: from 2001:1::1[500] to 2001::18d9:88ff:fe7d:36b3[500] |
| 282 | 1 | Andreas Steffen | Nov 13 01:06:45 carol charon: 12[ENC] parsed IKE_AUTH response 1 [ IDr CERT AUTH N(USE_TRANSP) SA TSi TSr ] |
| 283 | 1 | Andreas Steffen | Nov 13 01:06:45 carol charon: 12[IKE] received end entity cert "C=CH, O=Linux strongSwan, CN=moon.strongswan.org" |
| 284 | 1 | Andreas Steffen | Nov 13 01:06:45 carol charon: 12[CFG] using certificate "C=CH, O=Linux strongSwan, CN=moon.strongswan.org" |
| 285 | 1 | Andreas Steffen | Nov 13 01:06:45 carol charon: 12[CFG] using trusted ca certificate "C=CH, O=Linux strongSwan, CN=strongSwan Root CA" |
| 286 | 1 | Andreas Steffen | Nov 13 01:06:45 carol charon: 12[CFG] checking certificate status of "C=CH, O=Linux strongSwan, CN=moon.strongswan.org" |
| 287 | 1 | Andreas Steffen | Nov 13 01:06:45 carol charon: 12[CFG] using trusted certificate "C=CH, O=Linux strongSwan, CN=strongSwan Root CA" |
| 288 | 1 | Andreas Steffen | Nov 13 01:06:45 carol charon: 12[CFG] crl correctly signed by "C=CH, O=Linux strongSwan, CN=strongSwan Root CA" |
| 289 | 1 | Andreas Steffen | Nov 13 01:06:45 carol charon: 12[CFG] crl is valid: until Nov 13 22:27:58 2008 |
| 290 | 1 | Andreas Steffen | Nov 13 01:06:45 carol charon: 12[CFG] using cached crl |
| 291 | 1 | Andreas Steffen | Nov 13 01:06:45 carol charon: 12[CFG] certificate status is good |
| 292 | 1 | Andreas Steffen | Nov 13 01:06:45 carol charon: 12[IKE] authentication of 'moon.strongswan.org' with RSA signature successful |
| 293 | 1 | Andreas Steffen | Nov 13 01:06:45 carol charon: 12[IKE] scheduling rekeying in 3374s |
| 294 | 1 | Andreas Steffen | Nov 13 01:06:45 carol charon: 12[IKE] maximum IKE_SA lifetime 3554s |
| 295 | 1 | Andreas Steffen | Nov 13 01:06:45 carol charon: 12[IKE] IKE_SA mh[1] established between 2001::18d9:88ff:fe7d:36b3[carol@strongswan.org]...2001:1::1[moon.strongswan.org] |
| 296 | 1 | Andreas Steffen | Nov 13 01:06:45 carol charon: 12[KNL] adding SAD entry with SPI c31ec667 and reqid {1} |
| 297 | 1 | Andreas Steffen | Nov 13 01:06:45 carol charon: 12[KNL] using encryption algorithm AES_CBC with key size 128 |
| 298 | 1 | Andreas Steffen | Nov 13 01:06:45 carol charon: 12[KNL] using integrity algorithm HMAC_SHA1_96 with key size 160 |
| 299 | 1 | Andreas Steffen | Nov 13 01:06:45 carol charon: 12[KNL] adding SAD entry with SPI cf472638 and reqid {1} |
| 300 | 1 | Andreas Steffen | Nov 13 01:06:45 carol charon: 12[KNL] using encryption algorithm AES_CBC with key size 128 |
| 301 | 1 | Andreas Steffen | Nov 13 01:06:45 carol charon: 12[KNL] using integrity algorithm HMAC_SHA1_96 with key size 160 |
| 302 | 1 | Andreas Steffen | Nov 13 01:06:45 carol charon: 12[IKE] CHILD_SA mh{1} established with SPIs cf472638_i c31ec667_o and TS 2001:1::10/128[135] === 2001:1::1/128[135] |
| 303 | 1 | Andreas Steffen | Nov 13 01:06:46 carol charon: 04[KNL] fe80::18d9:88ff:fe7d:36b3 appeared on eth0 |
| 304 | 1 | Andreas Steffen | |
| 305 | 1 | Andreas Steffen | Nov 13 01:06:47 carol charon: 03[KNL] received a XFRM_MSG_ACQUIRE |
| 306 | 1 | Andreas Steffen | Nov 13 01:06:47 carol charon: 03[KNL] XFRMA_TMPL |
| 307 | 1 | Andreas Steffen | Nov 13 01:06:47 carol charon: 03[KNL] XFRMA_POLICY_TYPE |
| 308 | 1 | Andreas Steffen | Nov 13 01:06:47 carol charon: 03[KNL] creating acquire job for policy 2001:1::10/128[ipv6-icmp/146] === 2001:1::1/128[ipv6-icmp] with reqid {2} |
| 309 | 1 | Andreas Steffen | Nov 13 01:06:47 carol charon: 10[IKE] establishing CHILD_SA tunnel{2} |
| 310 | 1 | Andreas Steffen | Nov 13 01:06:47 carol charon: 10[KNL] getting SPI for reqid {2} |
| 311 | 1 | Andreas Steffen | Nov 13 01:06:47 carol charon: 10[KNL] got SPI c4f98106 for reqid {2} |
| 312 | 1 | Andreas Steffen | Nov 13 01:06:47 carol charon: 10[ENC] generating CREATE_CHILD_SA request 2 [ SA No KE TSi TSr ] |
| 313 | 1 | Andreas Steffen | Nov 13 01:06:47 carol charon: 10[NET] sending packet: from 2001::18d9:88ff:fe7d:36b3[500] to 2001:1::1[500] |
| 314 | 1 | Andreas Steffen | Nov 13 01:06:47 carol charon: 17[KNL] getting address to reach 2001:1::1 |
| 315 | 1 | Andreas Steffen | Nov 13 01:06:47 carol charon: 08[NET] received packet: from 2001:1::1[500] to 2001::18d9:88ff:fe7d:36b3[500] |
| 316 | 1 | Andreas Steffen | Nov 13 01:06:47 carol charon: 08[ENC] parsed CREATE_CHILD_SA response 2 [ SA No KE TSi TSr ] |
| 317 | 1 | Andreas Steffen | Nov 13 01:06:47 carol charon: 08[KNL] adding SAD entry with SPI c0f90752 and reqid {2} |
| 318 | 1 | Andreas Steffen | Nov 13 01:06:47 carol charon: 08[KNL] using encryption algorithm AES_CBC with key size 128 |
| 319 | 1 | Andreas Steffen | Nov 13 01:06:47 carol charon: 08[KNL] using integrity algorithm HMAC_SHA1_96 with key size 160 |
| 320 | 1 | Andreas Steffen | Nov 13 01:06:47 carol charon: 08[KNL] adding SAD entry with SPI c4f98106 and reqid {2} |
| 321 | 1 | Andreas Steffen | Nov 13 01:06:47 carol charon: 08[KNL] using encryption algorithm AES_CBC with key size 128 |
| 322 | 1 | Andreas Steffen | Nov 13 01:06:47 carol charon: 08[KNL] using integrity algorithm HMAC_SHA1_96 with key size 160 |
| 323 | 1 | Andreas Steffen | Nov 13 01:06:47 carol charon: 08[IKE] CHILD_SA tunnel{2} established with SPIs c4f98106_i c0f90752_o and TS 2001:1::10/128 === ::/0 |
| 324 | 1 | Andreas Steffen | }}} |
| 325 | 1 | Andreas Steffen | |
| 326 | 1 | Andreas Steffen | == Home Agent moon == |
| 327 | 1 | Andreas Steffen | |
| 328 | 1 | Andreas Steffen | === /etc/mip6d.conf === |
| 329 | 1 | Andreas Steffen | |
| 330 | 1 | Andreas Steffen | {{{ |
| 331 | 1 | Andreas Steffen | NodeConfig HA; |
| 332 | 1 | Andreas Steffen | |
| 333 | 1 | Andreas Steffen | UseMnHaIPsec enabled; |
| 334 | 1 | Andreas Steffen | KeyMngMobCapability enabled; |
| 335 | 1 | Andreas Steffen | DefaultBindingAclPolicy deny; |
| 336 | 1 | Andreas Steffen | |
| 337 | 1 | Andreas Steffen | Interface "eth0"; |
| 338 | 1 | Andreas Steffen | |
| 339 | 1 | Andreas Steffen | include "/etc/mip6d.conf.d/carol.mip6d.conf" |
| 340 | 1 | Andreas Steffen | }}} |
| 341 | 1 | Andreas Steffen | |
| 342 | 1 | Andreas Steffen | === /etc/mip6d.conf.d/carol.mip6d.conf === |
| 343 | 1 | Andreas Steffen | |
| 344 | 1 | Andreas Steffen | {{{ |
| 345 | 1 | Andreas Steffen | Interface "eth1"; |
| 346 | 1 | Andreas Steffen | |
| 347 | 1 | Andreas Steffen | IPsecPolicySet { |
| 348 | 1 | Andreas Steffen | HomeAgentAddress 2001:1::1; |
| 349 | 1 | Andreas Steffen | HomeAddress 2001:1::10/64; |
| 350 | 1 | Andreas Steffen | |
| 351 | 1 | Andreas Steffen | IPsecPolicy Mh UseESP 1; |
| 352 | 1 | Andreas Steffen | IPsecPolicy TunnelPayload UseESP 2; |
| 353 | 1 | Andreas Steffen | } |
| 354 | 1 | Andreas Steffen | |
| 355 | 1 | Andreas Steffen | BindingAclPolicy 2001:1::10 allow; |
| 356 | 1 | Andreas Steffen | }}} |
| 357 | 1 | Andreas Steffen | |
| 358 | 1 | Andreas Steffen | === /etc/ipsec.conf === |
| 359 | 1 | Andreas Steffen | |
| 360 | 1 | Andreas Steffen | {{{ |
| 361 | 1 | Andreas Steffen | config setup |
| 362 | 1 | Andreas Steffen | crlcheckinterval=180 |
| 363 | 1 | Andreas Steffen | plutostart=no |
| 364 | 1 | Andreas Steffen | charondebug="knl 2" |
| 365 | 1 | Andreas Steffen | |
| 366 | 1 | Andreas Steffen | conn %default |
| 367 | 1 | Andreas Steffen | keyexchange=ikev2 |
| 368 | 1 | Andreas Steffen | reauth=no |
| 369 | 1 | Andreas Steffen | mobike=no |
| 370 | 1 | Andreas Steffen | installpolicy=no |
| 371 | 1 | Andreas Steffen | |
| 372 | 1 | Andreas Steffen | conn mh |
| 373 | 1 | Andreas Steffen | also=ha |
| 374 | 1 | Andreas Steffen | leftsubnet=2001:1::1/128 |
| 375 | 1 | Andreas Steffen | leftprotoport=135/0 |
| 376 | 1 | Andreas Steffen | rightprotoport=135/0 |
| 377 | 1 | Andreas Steffen | type=transport_proxy |
| 378 | 1 | Andreas Steffen | |
| 379 | 1 | Andreas Steffen | conn tunnel |
| 380 | 1 | Andreas Steffen | also=ha |
| 381 | 1 | Andreas Steffen | leftsubnet=::/0 |
| 382 | 1 | Andreas Steffen | |
| 383 | 1 | Andreas Steffen | conn ha |
| 384 | 1 | Andreas Steffen | left=2001:1::1 |
| 385 | 1 | Andreas Steffen | leftcert=moonCert.pem |
| 386 | 1 | Andreas Steffen | leftid=@moon.strongswan.org |
| 387 | 1 | Andreas Steffen | right=%any |
| 388 | 1 | Andreas Steffen | ike=aes128-sha1-modp2048! |
| 389 | 1 | Andreas Steffen | esp=aes128-sha1-modp2048! |
| 390 | 1 | Andreas Steffen | |
| 391 | 1 | Andreas Steffen | include /etc/ipsec.conf.d/carol.ipsec.conf |
| 392 | 1 | Andreas Steffen | include /etc/ipsec.conf.d/dave.ipsec.conf |
| 393 | 1 | Andreas Steffen | }}} |
| 394 | 1 | Andreas Steffen | |
| 395 | 1 | Andreas Steffen | === /etc/ipsec.conf.d/carol.ipsec.conf === |
| 396 | 1 | Andreas Steffen | |
| 397 | 1 | Andreas Steffen | {{{ |
| 398 | 1 | Andreas Steffen | conn carol |
| 399 | 1 | Andreas Steffen | rightsubnet=2001:1::10/128 |
| 400 | 1 | Andreas Steffen | rightid=carol@strongswan.org |
| 401 | 1 | Andreas Steffen | |
| 402 | 1 | Andreas Steffen | conn carol-mh |
| 403 | 1 | Andreas Steffen | also=carol |
| 404 | 1 | Andreas Steffen | also=mh |
| 405 | 1 | Andreas Steffen | auto=add |
| 406 | 1 | Andreas Steffen | |
| 407 | 1 | Andreas Steffen | conn carol-tunnel |
| 408 | 1 | Andreas Steffen | also=carol |
| 409 | 1 | Andreas Steffen | also=tunnel |
| 410 | 1 | Andreas Steffen | auto=add |
| 411 | 1 | Andreas Steffen | }}} |
| 412 | 1 | Andreas Steffen | |
| 413 | 1 | Andreas Steffen | === ipsec statusall === |
| 414 | 1 | Andreas Steffen | |
| 415 | 1 | Andreas Steffen | {{{ |
| 416 | 1 | Andreas Steffen | Performance: |
| 417 | 1 | Andreas Steffen | uptime: 9 minutes, since Nov 13 01:05:33 2008 |
| 418 | 1 | Andreas Steffen | worker threads: 91 idle of 98, job queue load: 0, scheduled events: 2 |
| 419 | 1 | Andreas Steffen | loaded plugins: curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink sqlite sql |
| 420 | 1 | Andreas Steffen | Listening IP addresses: |
| 421 | 1 | Andreas Steffen | 10.1.0.1 |
| 422 | 1 | Andreas Steffen | 2001:1::1 |
| 423 | 1 | Andreas Steffen | fec1::1 |
| 424 | 1 | Andreas Steffen | 192.168.0.1 |
| 425 | 1 | Andreas Steffen | 2001::1 |
| 426 | 1 | Andreas Steffen | fec0::1 |
| 427 | 1 | Andreas Steffen | Connections: |
| 428 | 1 | Andreas Steffen | carol-mh: 2001:1::1[moon.strongswan.org]...%any[carol@strongswan.org] |
| 429 | 1 | Andreas Steffen | carol-mh: CAs: "C=CH, O=Linux strongSwan, CN=strongSwan Root CA"...%any |
| 430 | 1 | Andreas Steffen | carol-mh: public key authentication |
| 431 | 1 | Andreas Steffen | carol-mh: 2001:1::1/128[135] === 2001:1::10/128[135] |
| 432 | 1 | Andreas Steffen | carol-tunnel: ::/0 === 2001:1::10/128 |
| 433 | 1 | Andreas Steffen | dave-mh: 2001:1::1[moon.strongswan.org]...%any[dave@strongswan.org] |
| 434 | 1 | Andreas Steffen | dave-mh: CAs: "C=CH, O=Linux strongSwan, CN=strongSwan Root CA"...%any |
| 435 | 1 | Andreas Steffen | dave-mh: public key authentication |
| 436 | 1 | Andreas Steffen | dave-mh: 2001:1::1/128[135] === 2001:1::20/128[135] |
| 437 | 1 | Andreas Steffen | dave-tunnel: ::/0 === 2001:1::20/128 |
| 438 | 1 | Andreas Steffen | Security Associations: |
| 439 | 1 | Andreas Steffen | carol-mh[1]: ESTABLISHED, 2001:1::1[moon.strongswan.org]...2001::18d9:88ff:fe7d:36b3[carol@strongswan.org] |
| 440 | 1 | Andreas Steffen | carol-mh[1]: IKE SPIs: 372bdbd1320c2eb4_i a53801fd03fbffee_r*, rekeying in 47 minutes |
| 441 | 1 | Andreas Steffen | carol-mh[1]: IKE proposal: AES_CBC-128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048_BIT |
| 442 | 1 | Andreas Steffen | carol-mh{1}: INSTALLED, TRANSPORT, ESP SPIs: c31ec667_i cf472638_o |
| 443 | 1 | Andreas Steffen | carol-mh{1}: AES_CBC-128/HMAC_SHA1_96, rekeying in 8 minutes, last use: 485s_i no_o |
| 444 | 1 | Andreas Steffen | carol-mh{1}: 2001:1::1/128[135] === 2001:1::10/128[135] |
| 445 | 1 | Andreas Steffen | carol-tunnel{2}: INSTALLED, TUNNEL, ESP SPIs: c0f90752_i c4f98106_o |
| 446 | 1 | Andreas Steffen | carol-tunnel{2}: AES_CBC-128/HMAC_SHA1_96, rekeying in 8 minutes, last use: 481s_i no_o |
| 447 | 1 | Andreas Steffen | carol-tunnel{2}: ::/0 === 2001:1::10/128 |
| 448 | 1 | Andreas Steffen | }}} |
| 449 | 1 | Andreas Steffen | |
| 450 | 1 | Andreas Steffen | === ip xfrm policy === |
| 451 | 1 | Andreas Steffen | |
| 452 | 1 | Andreas Steffen | {{{ |
| 453 | 1 | Andreas Steffen | src 2001:1::10/128 dst 2001:1::1/128 proto 135 |
| 454 | 1 | Andreas Steffen | dir in priority 2 ptype main |
| 455 | 1 | Andreas Steffen | tmpl src :: dst :: |
| 456 | 1 | Andreas Steffen | proto esp reqid 1 mode transport |
| 457 | 1 | Andreas Steffen | |
| 458 | 1 | Andreas Steffen | src 2001:1::1/128 dst 2001:1::10/128 proto 135 |
| 459 | 1 | Andreas Steffen | dir out priority 2 ptype main |
| 460 | 1 | Andreas Steffen | tmpl src :: dst :: |
| 461 | 1 | Andreas Steffen | proto esp reqid 1 mode transport |
| 462 | 1 | Andreas Steffen | |
| 463 | 1 | Andreas Steffen | src 2001:1::10/128 dst ::/0 |
| 464 | 1 | Andreas Steffen | dir in priority 10 ptype main |
| 465 | 1 | Andreas Steffen | tmpl src 2001::18d9:88ff:fe7d:36b3 dst 2001:1::1 |
| 466 | 1 | Andreas Steffen | proto esp reqid 2 mode tunnel |
| 467 | 1 | Andreas Steffen | |
| 468 | 1 | Andreas Steffen | src 2001:1::10/128 dst ::/0 |
| 469 | 1 | Andreas Steffen | dir fwd priority 10 ptype main |
| 470 | 1 | Andreas Steffen | tmpl src 2001::18d9:88ff:fe7d:36b3 dst 2001:1::1 |
| 471 | 1 | Andreas Steffen | proto esp reqid 2 mode tunnel |
| 472 | 1 | Andreas Steffen | |
| 473 | 1 | Andreas Steffen | src ::/0 dst 2001:1::10/128 |
| 474 | 1 | Andreas Steffen | dir out priority 10 ptype main |
| 475 | 1 | Andreas Steffen | tmpl src 2001:1::1 dst 2001::18d9:88ff:fe7d:36b3 |
| 476 | 1 | Andreas Steffen | proto esp reqid 2 mode tunnel |
| 477 | 1 | Andreas Steffen | }}} |
| 478 | 1 | Andreas Steffen | |
| 479 | 1 | Andreas Steffen | === ip xfrm state === |
| 480 | 1 | Andreas Steffen | |
| 481 | 1 | Andreas Steffen | {{{ |
| 482 | 1 | Andreas Steffen | src :: dst :: |
| 483 | 1 | Andreas Steffen | proto hao reqid 0 mode ro |
| 484 | 1 | Andreas Steffen | replay-window 0 flag wildrecv |
| 485 | 1 | Andreas Steffen | coa :: |
| 486 | 1 | Andreas Steffen | sel src ::/0 dst ::/0 |
| 487 | 1 | Andreas Steffen | |
| 488 | 1 | Andreas Steffen | src 2001:1::10 dst 2001:1::1 |
| 489 | 1 | Andreas Steffen | proto esp spi 0xc31ec667 reqid 1 mode transport |
| 490 | 1 | Andreas Steffen | replay-window 32 |
| 491 | 1 | Andreas Steffen | auth hmac(sha1) 0xf6815c3cd001ff884eb6c1b4112ea9db0daf1eef |
| 492 | 1 | Andreas Steffen | enc cbc(aes) 0xa51f577d694f46beb85179ecc5d35251 |
| 493 | 1 | Andreas Steffen | sel src ::/0 dst ::/0 |
| 494 | 1 | Andreas Steffen | |
| 495 | 1 | Andreas Steffen | src 2001:1::1 dst 2001:1::10 |
| 496 | 1 | Andreas Steffen | proto esp spi 0xcf472638 reqid 1 mode transport |
| 497 | 1 | Andreas Steffen | replay-window 32 |
| 498 | 1 | Andreas Steffen | auth hmac(sha1) 0x8d9790093b1baa89a128e92c7019c32d776eccac |
| 499 | 1 | Andreas Steffen | enc cbc(aes) 0xe02ea1231d5e1908564992ccafdc97cd |
| 500 | 1 | Andreas Steffen | sel src ::/0 dst ::/0 |
| 501 | 1 | Andreas Steffen | |
| 502 | 1 | Andreas Steffen | src 2001:1::1 dst 2001:1::10 |
| 503 | 1 | Andreas Steffen | proto route2 reqid 0 mode ro |
| 504 | 1 | Andreas Steffen | replay-window 0 |
| 505 | 1 | Andreas Steffen | coa 2001::18d9:88ff:fe7d:36b3 |
| 506 | 1 | Andreas Steffen | lastused 2008-11-13 01:06:50 |
| 507 | 1 | Andreas Steffen | sel src 2001:1::1/128 dst 2001:1::10/128 |
| 508 | 1 | Andreas Steffen | |
| 509 | 1 | Andreas Steffen | src 2001:1::10 dst 2001:1::1 |
| 510 | 1 | Andreas Steffen | proto hao reqid 0 mode ro |
| 511 | 1 | Andreas Steffen | replay-window 0 |
| 512 | 1 | Andreas Steffen | coa 2001::18d9:88ff:fe7d:36b3 |
| 513 | 1 | Andreas Steffen | sel src 2001:1::10/128 dst 2001:1::1/128 |
| 514 | 1 | Andreas Steffen | |
| 515 | 1 | Andreas Steffen | src 2001::18d9:88ff:fe7d:36b3 dst 2001:1::1 |
| 516 | 1 | Andreas Steffen | proto esp spi 0xc0f90752 reqid 2 mode tunnel |
| 517 | 1 | Andreas Steffen | replay-window 32 flag 20 |
| 518 | 1 | Andreas Steffen | auth hmac(sha1) 0x8339d597ed1d92d820443171d3e3282d83186572 |
| 519 | 1 | Andreas Steffen | enc cbc(aes) 0xcba21b583a2330897e33339b72855eaa |
| 520 | 1 | Andreas Steffen | |
| 521 | 1 | Andreas Steffen | src 2001:1::1 dst 2001::18d9:88ff:fe7d:36b3 |
| 522 | 1 | Andreas Steffen | proto esp spi 0xc4f98106 reqid 2 mode tunnel |
| 523 | 1 | Andreas Steffen | replay-window 32 flag 20 |
| 524 | 1 | Andreas Steffen | auth hmac(sha1) 0xf4ffd5a21d52b4766ea81c22945f3f558f24c675 |
| 525 | 1 | Andreas Steffen | enc cbc(aes) 0x7c0d20968090085fbb17557f53c8818b |
| 526 | 1 | Andreas Steffen | }}} |
| 527 | 1 | Andreas Steffen | |
| 528 | 1 | Andreas Steffen | === /var/log/daemon.log === |
| 529 | 1 | Andreas Steffen | |
| 530 | 1 | Andreas Steffen | {{{ |
| 531 | 1 | Andreas Steffen | Nov 13 01:05:33 moon charon: 01[DMN] starting charon (strongSwan Version 4.2.9rc18) |
| 532 | 1 | Andreas Steffen | Nov 13 01:05:33 moon charon: 01[CFG] loading ca certificates from '/etc/ipsec.d/cacerts' |
| 533 | 1 | Andreas Steffen | Nov 13 01:05:33 moon charon: 01[LIB] loaded certificate file '/etc/ipsec.d/cacerts/strongswanCert.pem' |
| 534 | 1 | Andreas Steffen | Nov 13 01:05:33 moon charon: 01[CFG] loading aa certificates from '/etc/ipsec.d/aacerts' |
| 535 | 1 | Andreas Steffen | Nov 13 01:05:33 moon charon: 01[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts' |
| 536 | 1 | Andreas Steffen | Nov 13 01:05:33 moon charon: 01[CFG] loading attribute certificates from '/etc/ipsec.d/acerts' |
| 537 | 1 | Andreas Steffen | Nov 13 01:05:33 moon charon: 01[CFG] loading crls from '/etc/ipsec.d/crls' |
| 538 | 1 | Andreas Steffen | Nov 13 01:05:33 moon charon: 01[LIB] loaded crl file '/etc/ipsec.d/crls/strongswan.crl' |
| 539 | 1 | Andreas Steffen | Nov 13 01:05:33 moon charon: 01[CFG] loading secrets from '/etc/ipsec.secrets' |
| 540 | 1 | Andreas Steffen | Nov 13 01:05:33 moon charon: 01[CFG] loaded private key file '/etc/ipsec.d/private/moonKey.pem' |
| 541 | 1 | Andreas Steffen | Nov 13 01:05:34 moon charon: 01[DMN] loaded plugins: curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink sqlite sql |
| 542 | 1 | Andreas Steffen | Nov 13 01:05:34 moon charon: 01[KNL] listening on interfaces: |
| 543 | 1 | Andreas Steffen | Nov 13 01:05:34 moon charon: 01[KNL] eth1 |
| 544 | 1 | Andreas Steffen | Nov 13 01:05:34 moon charon: 01[KNL] 10.1.0.1 |
| 545 | 1 | Andreas Steffen | Nov 13 01:05:34 moon charon: 01[KNL] 2001:1::1 |
| 546 | 1 | Andreas Steffen | Nov 13 01:05:34 moon charon: 01[KNL] fec1::1 |
| 547 | 1 | Andreas Steffen | Nov 13 01:05:34 moon charon: 01[KNL] fe80::b8d5:baff:feea:d493 |
| 548 | 1 | Andreas Steffen | Nov 13 01:05:34 moon charon: 01[KNL] eth0 |
| 549 | 1 | Andreas Steffen | Nov 13 01:05:34 moon charon: 01[KNL] 192.168.0.1 |
| 550 | 1 | Andreas Steffen | Nov 13 01:05:34 moon charon: 01[KNL] 2001::1 |
| 551 | 1 | Andreas Steffen | Nov 13 01:05:34 moon charon: 01[KNL] fec0::1 |
| 552 | 1 | Andreas Steffen | Nov 13 01:05:34 moon charon: 01[KNL] fe80::e4f6:c7ff:fe59:80e1 |
| 553 | 1 | Andreas Steffen | Nov 13 01:05:34 moon charon: 01[JOB] spawning 98 worker threads |
| 554 | 1 | Andreas Steffen | Nov 13 01:05:35 moon charon: 23[CFG] crl caching to /etc/ipsec.d/crls enabled |
| 555 | 1 | Andreas Steffen | Nov 13 01:05:35 moon charon: 25[CFG] received stroke: add connection 'carol-mh' |
| 556 | 1 | Andreas Steffen | Nov 13 01:05:35 moon charon: 25[KNL] getting interface name for %any |
| 557 | 1 | Andreas Steffen | Nov 13 01:05:35 moon charon: 25[KNL] %any is not a local address |
| 558 | 1 | Andreas Steffen | Nov 13 01:05:35 moon charon: 25[KNL] getting interface name for 2001:1::1 |
| 559 | 1 | Andreas Steffen | Nov 13 01:05:35 moon charon: 25[KNL] 2001:1::1 is on interface eth1 |
| 560 | 1 | Andreas Steffen | Nov 13 01:05:35 moon charon: 25[LIB] loaded certificate file '/etc/ipsec.d/certs/moonCert.pem' |
| 561 | 1 | Andreas Steffen | Nov 13 01:05:35 moon charon: 25[CFG] added configuration 'carol-mh': 2001:1::1[moon.strongswan.org]...%any[carol@strongswan.org] |
| 562 | 1 | Andreas Steffen | Nov 13 01:05:35 moon charon: 27[CFG] received stroke: add connection 'carol-tunnel' |
| 563 | 1 | Andreas Steffen | Nov 13 01:05:35 moon charon: 27[KNL] getting interface name for %any |
| 564 | 1 | Andreas Steffen | Nov 13 01:05:35 moon charon: 27[KNL] %any is not a local address |
| 565 | 1 | Andreas Steffen | Nov 13 01:05:35 moon charon: 27[KNL] getting interface name for 2001:1::1 |
| 566 | 1 | Andreas Steffen | Nov 13 01:05:35 moon charon: 27[KNL] 2001:1::1 is on interface eth1 |
| 567 | 1 | Andreas Steffen | Nov 13 01:05:35 moon charon: 27[LIB] loaded certificate file '/etc/ipsec.d/certs/moonCert.pem' |
| 568 | 1 | Andreas Steffen | Nov 13 01:05:35 moon charon: 27[CFG] added child to existing configuration 'carol-mh' |
| 569 | 1 | Andreas Steffen | Nov 13 01:05:35 moon charon: 28[CFG] received stroke: add connection 'dave-mh' |
| 570 | 1 | Andreas Steffen | Nov 13 01:05:35 moon charon: 28[KNL] getting interface name for %any |
| 571 | 1 | Andreas Steffen | Nov 13 01:05:35 moon charon: 28[KNL] %any is not a local address |
| 572 | 1 | Andreas Steffen | Nov 13 01:05:35 moon charon: 28[KNL] getting interface name for 2001:1::1 |
| 573 | 1 | Andreas Steffen | Nov 13 01:05:35 moon charon: 28[KNL] 2001:1::1 is on interface eth1 |
| 574 | 1 | Andreas Steffen | Nov 13 01:05:35 moon charon: 28[LIB] loaded certificate file '/etc/ipsec.d/certs/moonCert.pem' |
| 575 | 1 | Andreas Steffen | Nov 13 01:05:35 moon charon: 28[CFG] added configuration 'dave-mh': 2001:1::1[moon.strongswan.org]...%any[dave@strongswan.org] |
| 576 | 1 | Andreas Steffen | Nov 13 01:05:35 moon charon: 30[CFG] received stroke: add connection 'dave-tunnel' |
| 577 | 1 | Andreas Steffen | Nov 13 01:05:35 moon charon: 30[KNL] getting interface name for %any |
| 578 | 1 | Andreas Steffen | Nov 13 01:05:35 moon charon: 30[KNL] %any is not a local address |
| 579 | 1 | Andreas Steffen | Nov 13 01:05:35 moon charon: 30[KNL] getting interface name for 2001:1::1 |
| 580 | 1 | Andreas Steffen | Nov 13 01:05:35 moon charon: 30[KNL] 2001:1::1 is on interface eth1 |
| 581 | 1 | Andreas Steffen | Nov 13 01:05:35 moon charon: 30[LIB] loaded certificate file '/etc/ipsec.d/certs/moonCert.pem' |
| 582 | 1 | Andreas Steffen | Nov 13 01:05:35 moon charon: 30[CFG] added child to existing configuration 'dave-mh' |
| 583 | 1 | Andreas Steffen | |
| 584 | 1 | Andreas Steffen | Nov 13 01:05:39 moon mip6d[1167]: MIPL Mobile IPv6 for Linux v2.0.2-umip-0.4 started (Home Agent) |
| 585 | 1 | Andreas Steffen | |
| 586 | 1 | Andreas Steffen | Nov 13 01:06:45 moon charon: 33[NET] received packet: from 2001::18d9:88ff:fe7d:36b3[500] to 2001:1::1[500] |
| 587 | 1 | Andreas Steffen | Nov 13 01:06:45 moon charon: 33[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ] |
| 588 | 1 | Andreas Steffen | Nov 13 01:06:45 moon charon: 33[IKE] 2001::18d9:88ff:fe7d:36b3 is initiating an IKE_SA |
| 589 | 1 | Andreas Steffen | Nov 13 01:06:45 moon charon: 33[IKE] sending cert request for "C=CH, O=Linux strongSwan, CN=strongSwan Root CA" |
| 590 | 1 | Andreas Steffen | Nov 13 01:06:45 moon charon: 33[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ ] |
| 591 | 1 | Andreas Steffen | Nov 13 01:06:45 moon charon: 33[NET] sending packet: from 2001:1::1[500] to 2001::18d9:88ff:fe7d:36b3[500] |
| 592 | 1 | Andreas Steffen | Nov 13 01:06:45 moon charon: 34[NET] received packet: from 2001::18d9:88ff:fe7d:36b3[500] to 2001:1::1[500] |
| 593 | 1 | Andreas Steffen | Nov 13 01:06:45 moon charon: 34[ENC] parsed IKE_AUTH request 1 [ IDi CERT CERTREQ IDr AUTH N(USE_TRANSP) SA TSi TSr ] |
| 594 | 1 | Andreas Steffen | Nov 13 01:06:45 moon charon: 34[IKE] received cert request for "C=CH, O=Linux strongSwan, CN=strongSwan Root CA" |
| 595 | 1 | Andreas Steffen | Nov 13 01:06:45 moon charon: 34[IKE] received end entity cert "C=CH, O=Linux strongSwan, OU=Research, CN=carol@strongswan.org" |
| 596 | 1 | Andreas Steffen | Nov 13 01:06:45 moon charon: 34[CFG] using certificate "C=CH, O=Linux strongSwan, OU=Research, CN=carol@strongswan.org" |
| 597 | 1 | Andreas Steffen | Nov 13 01:06:45 moon charon: 34[CFG] using trusted ca certificate "C=CH, O=Linux strongSwan, CN=strongSwan Root CA" |
| 598 | 1 | Andreas Steffen | Nov 13 01:06:45 moon charon: 34[CFG] checking certificate status of "C=CH, O=Linux strongSwan, OU=Research, CN=carol@strongswan.org" |
| 599 | 1 | Andreas Steffen | Nov 13 01:06:45 moon charon: 34[CFG] using trusted certificate "C=CH, O=Linux strongSwan, CN=strongSwan Root CA" |
| 600 | 1 | Andreas Steffen | Nov 13 01:06:45 moon charon: 34[CFG] crl correctly signed by "C=CH, O=Linux strongSwan, CN=strongSwan Root CA" |
| 601 | 1 | Andreas Steffen | Nov 13 01:06:45 moon charon: 34[CFG] crl is valid: until Nov 13 22:27:58 2008 |
| 602 | 1 | Andreas Steffen | Nov 13 01:06:45 moon charon: 34[CFG] using cached crl |
| 603 | 1 | Andreas Steffen | Nov 13 01:06:45 moon charon: 34[CFG] certificate status is good |
| 604 | 1 | Andreas Steffen | Nov 13 01:06:45 moon charon: 34[IKE] authentication of 'carol@strongswan.org' with RSA signature successful |
| 605 | 1 | Andreas Steffen | Nov 13 01:06:45 moon charon: 34[CFG] found matching peer config "carol-mh": moon.strongswan.org...carol@strongswan.org with prio 40.5 |
| 606 | 1 | Andreas Steffen | Nov 13 01:06:45 moon charon: 34[IKE] authentication of 'moon.strongswan.org' (myself) with RSA signature successful |
| 607 | 1 | Andreas Steffen | Nov 13 01:06:45 moon charon: 34[IKE] scheduling rekeying in 3365s |
| 608 | 1 | Andreas Steffen | Nov 13 01:06:45 moon charon: 34[IKE] maximum IKE_SA lifetime 3545s |
| 609 | 1 | Andreas Steffen | Nov 13 01:06:45 moon charon: 34[IKE] IKE_SA carol-mh[1] established between 2001:1::1[moon.strongswan.org]...2001::18d9:88ff:fe7d:36b3[carol@strongswan.org] |
| 610 | 1 | Andreas Steffen | Nov 13 01:06:45 moon charon: 34[IKE] sending end entity cert "C=CH, O=Linux strongSwan, CN=moon.strongswan.org" |
| 611 | 1 | Andreas Steffen | Nov 13 01:06:45 moon charon: 34[CHD] other address: 2001::18d9:88ff:fe7d:36b3 is a transport mode proxy for 2001:1::10 |
| 612 | 1 | Andreas Steffen | Nov 13 01:06:45 moon charon: 34[KNL] getting SPI for reqid {1} |
| 613 | 1 | Andreas Steffen | Nov 13 01:06:45 moon charon: 34[KNL] got SPI c31ec667 for reqid {1} |
| 614 | 1 | Andreas Steffen | Nov 13 01:06:45 moon charon: 34[KNL] adding SAD entry with SPI c31ec667 and reqid {1} |
| 615 | 1 | Andreas Steffen | Nov 13 01:06:45 moon charon: 34[KNL] using encryption algorithm AES_CBC with key size 128 |
| 616 | 1 | Andreas Steffen | Nov 13 01:06:45 moon charon: 34[KNL] using integrity algorithm HMAC_SHA1_96 with key size 160 |
| 617 | 1 | Andreas Steffen | Nov 13 01:06:45 moon charon: 34[KNL] adding SAD entry with SPI cf472638 and reqid {1} |
| 618 | 1 | Andreas Steffen | Nov 13 01:06:45 moon charon: 34[KNL] using encryption algorithm AES_CBC with key size 128 |
| 619 | 1 | Andreas Steffen | Nov 13 01:06:45 moon charon: 34[KNL] using integrity algorithm HMAC_SHA1_96 with key size 160 |
| 620 | 1 | Andreas Steffen | Nov 13 01:06:45 moon charon: 34[IKE] CHILD_SA carol-mh{1} established with SPIs c31ec667_i cf472638_o and TS 2001:1::1/128[135] === 2001:1::10/128[135] |
| 621 | 1 | Andreas Steffen | Nov 13 01:06:45 moon charon: 34[ENC] generating IKE_AUTH response 1 [ IDr CERT AUTH N(USE_TRANSP) SA TSi TSr ] |
| 622 | 1 | Andreas Steffen | Nov 13 01:06:45 moon charon: 34[NET] sending packet: from 2001:1::1[500] to 2001::18d9:88ff:fe7d:36b3[500] |
| 623 | 1 | Andreas Steffen | |
| 624 | 1 | Andreas Steffen | Nov 13 01:06:47 moon charon: 04[KNL] received a XFRM_MSG_MIGRATE |
| 625 | 1 | Andreas Steffen | Nov 13 01:06:47 moon charon: 04[KNL] policy: 2001:1::10/128[135] === 2001:1::1/128[135] in, index 0 |
| 626 | 1 | Andreas Steffen | Nov 13 01:06:47 moon charon: 04[KNL] XFRMA_KMADDRESS |
| 627 | 1 | Andreas Steffen | Nov 13 01:06:47 moon charon: 04[KNL] kmaddress: 2001:1::1...2001::18d9:88ff:fe7d:36b3 |
| 628 | 1 | Andreas Steffen | Nov 13 01:06:47 moon charon: 04[KNL] XFRMA_POLICY_TYPE |
| 629 | 1 | Andreas Steffen | Nov 13 01:06:47 moon charon: 04[KNL] XFRMA_MIGRATE |
| 630 | 1 | Andreas Steffen | Nov 13 01:06:47 moon charon: 04[KNL] migrate ESP %any...%any to 2001::18d9:88ff:fe7d:36b3...2001:1::1, reqid {1} |
| 631 | 1 | Andreas Steffen | Nov 13 01:06:47 moon charon: 04[KNL] creating migrate job for policy 2001:1::10/128[135] === 2001:1::1/128[135] in with reqid {1} |
| 632 | 1 | Andreas Steffen | Nov 13 01:06:47 moon charon: 05[KNL] interface ip6tnl1 activated |
| 633 | 1 | Andreas Steffen | Nov 13 01:06:47 moon charon: 04[KNL] received a XFRM_MSG_MIGRATE |
| 634 | 1 | Andreas Steffen | Nov 13 01:06:47 moon charon: 04[KNL] policy: 2001:1::1/128[135] === 2001:1::10/128[135] out, index 0 |
| 635 | 1 | Andreas Steffen | Nov 13 01:06:47 moon charon: 04[KNL] XFRMA_KMADDRESS |
| 636 | 1 | Andreas Steffen | Nov 13 01:06:47 moon charon: 04[KNL] kmaddress: 2001:1::1...2001::18d9:88ff:fe7d:36b3 |
| 637 | 1 | Andreas Steffen | Nov 13 01:06:47 moon charon: 04[KNL] XFRMA_POLICY_TYPE |
| 638 | 1 | Andreas Steffen | Nov 13 01:06:47 moon charon: 04[KNL] XFRMA_MIGRATE |
| 639 | 1 | Andreas Steffen | Nov 13 01:06:47 moon charon: 04[KNL] migrate ESP %any...%any to 2001:1::1...2001::18d9:88ff:fe7d:36b3, reqid {1} |
| 640 | 1 | Andreas Steffen | Nov 13 01:06:47 moon charon: 04[KNL] creating migrate job for policy 2001:1::1/128[135] === 2001:1::10/128[135] out with reqid {1} |
| 641 | 1 | Andreas Steffen | Nov 13 01:06:47 moon charon: 04[KNL] received a XFRM_MSG_MIGRATE |
| 642 | 1 | Andreas Steffen | Nov 13 01:06:47 moon charon: 04[KNL] policy: 2001:1::10/128 === ::/0 in, index 0 |
| 643 | 1 | Andreas Steffen | Nov 13 01:06:47 moon charon: 04[KNL] XFRMA_KMADDRESS |
| 644 | 1 | Andreas Steffen | Nov 13 01:06:47 moon charon: 04[KNL] kmaddress: 2001:1::1...2001::18d9:88ff:fe7d:36b3 |
| 645 | 1 | Andreas Steffen | Nov 13 01:06:47 moon charon: 04[KNL] XFRMA_POLICY_TYPE |
| 646 | 1 | Andreas Steffen | Nov 13 01:06:47 moon charon: 04[KNL] XFRMA_MIGRATE |
| 647 | 1 | Andreas Steffen | Nov 13 01:06:47 moon charon: 04[KNL] migrate ESP 2001:1::10...2001:1::1 to 2001::18d9:88ff:fe7d:36b3...2001:1::1, reqid {2} |
| 648 | 1 | Andreas Steffen | Nov 13 01:06:47 moon charon: 04[KNL] creating migrate job for policy 2001:1::10/128 === ::/0 in with reqid {2} |
| 649 | 1 | Andreas Steffen | Nov 13 01:06:47 moon charon: 37[JOB] no CHILD_SA found with reqid {2} |
| 650 | 1 | Andreas Steffen | Nov 13 01:06:47 moon charon: 04[KNL] received a XFRM_MSG_MIGRATE |
| 651 | 1 | Andreas Steffen | Nov 13 01:06:47 moon charon: 04[KNL] policy: 2001:1::10/128 === ::/0 fwd, index 0 |
| 652 | 1 | Andreas Steffen | Nov 13 01:06:47 moon charon: 04[KNL] XFRMA_KMADDRESS |
| 653 | 1 | Andreas Steffen | Nov 13 01:06:47 moon charon: 04[KNL] kmaddress: 2001:1::1...2001::18d9:88ff:fe7d:36b3 |
| 654 | 1 | Andreas Steffen | Nov 13 01:06:47 moon charon: 04[KNL] XFRMA_POLICY_TYPE |
| 655 | 1 | Andreas Steffen | Nov 13 01:06:47 moon charon: 04[KNL] XFRMA_MIGRATE |
| 656 | 1 | Andreas Steffen | Nov 13 01:06:47 moon charon: 04[KNL] migrate ESP 2001:1::10...2001:1::1 to 2001::18d9:88ff:fe7d:36b3...2001:1::1, reqid {2} |
| 657 | 1 | Andreas Steffen | Nov 13 01:06:47 moon charon: 04[KNL] creating migrate job for policy 2001:1::10/128 === ::/0 fwd with reqid {2} |
| 658 | 1 | Andreas Steffen | Nov 13 01:06:47 moon charon: 38[JOB] no CHILD_SA found with reqid {2} |
| 659 | 1 | Andreas Steffen | Nov 13 01:06:47 moon charon: 04[KNL] received a XFRM_MSG_MIGRATE |
| 660 | 1 | Andreas Steffen | Nov 13 01:06:47 moon charon: 04[KNL] policy: ::/0 === 2001:1::10/128 out, index 0 |
| 661 | 1 | Andreas Steffen | Nov 13 01:06:47 moon charon: 04[KNL] XFRMA_KMADDRESS |
| 662 | 1 | Andreas Steffen | Nov 13 01:06:47 moon charon: 04[KNL] kmaddress: 2001:1::1...2001::18d9:88ff:fe7d:36b3 |
| 663 | 1 | Andreas Steffen | Nov 13 01:06:47 moon charon: 04[KNL] XFRMA_POLICY_TYPE |
| 664 | 1 | Andreas Steffen | Nov 13 01:06:47 moon charon: 04[KNL] XFRMA_MIGRATE |
| 665 | 1 | Andreas Steffen | Nov 13 01:06:47 moon charon: 04[KNL] migrate ESP 2001:1::1...2001:1::10 to 2001:1::1...2001::18d9:88ff:fe7d:36b3, reqid {2} |
| 666 | 1 | Andreas Steffen | Nov 13 01:06:47 moon charon: 04[KNL] creating migrate job for policy ::/0 === 2001:1::10/128 out with reqid {2} |
| 667 | 1 | Andreas Steffen | Nov 13 01:06:47 moon charon: 39[JOB] no CHILD_SA found with reqid {2} |
| 668 | 1 | Andreas Steffen | Nov 13 01:06:47 moon charon: 05[KNL] fe80::b8d5:baff:feea:d493 appeared on ip6tnl1 |
| 669 | 1 | Andreas Steffen | |
| 670 | 1 | Andreas Steffen | Nov 13 01:06:47 moon charon: 40[NET] received packet: from 2001::18d9:88ff:fe7d:36b3[500] to 2001:1::1[500] |
| 671 | 1 | Andreas Steffen | Nov 13 01:06:47 moon charon: 40[ENC] parsed CREATE_CHILD_SA request 2 [ SA No KE TSi TSr ] |
| 672 | 1 | Andreas Steffen | Nov 13 01:06:47 moon charon: 40[KNL] getting SPI for reqid {2} |
| 673 | 1 | Andreas Steffen | Nov 13 01:06:47 moon charon: 40[KNL] got SPI c0f90752 for reqid {2} |
| 674 | 1 | Andreas Steffen | Nov 13 01:06:47 moon charon: 40[KNL] adding SAD entry with SPI c0f90752 and reqid {2} |
| 675 | 1 | Andreas Steffen | Nov 13 01:06:47 moon charon: 40[KNL] using encryption algorithm AES_CBC with key size 128 |
| 676 | 1 | Andreas Steffen | Nov 13 01:06:47 moon charon: 40[KNL] using integrity algorithm HMAC_SHA1_96 with key size 160 |
| 677 | 1 | Andreas Steffen | Nov 13 01:06:47 moon charon: 40[KNL] adding SAD entry with SPI c4f98106 and reqid {2} |
| 678 | 1 | Andreas Steffen | Nov 13 01:06:47 moon charon: 40[KNL] using encryption algorithm AES_CBC with key size 128 |
| 679 | 1 | Andreas Steffen | Nov 13 01:06:47 moon charon: 40[KNL] using integrity algorithm HMAC_SHA1_96 with key size 160 |
| 680 | 1 | Andreas Steffen | Nov 13 01:06:47 moon charon: 40[IKE] CHILD_SA carol-tunnel{2} established with SPIs c0f90752_i c4f98106_o and TS ::/0 === 2001:1::10/128 |
| 681 | 1 | Andreas Steffen | Nov 13 01:06:47 moon charon: 40[ENC] generating CREATE_CHILD_SA response 2 [ SA No KE TSi TSr ] |
| 682 | 1 | Andreas Steffen | Nov 13 01:06:47 moon charon: 40[NET] sending packet: from 2001:1::1[500] to 2001::18d9:88ff:fe7d:36b3[500] |
| 683 | 1 | Andreas Steffen | }}} |