Page Menu
Home
VyOS Platform
Search
Configure Global Search
Log In
Files
F22942
VyOS IKEv2 debug.txt
All Users
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Authored By
xomka686
Oct 8 2017, 1:36 PM
2017-10-08 13:36:10 (UTC+0)
Size
22 KB
Referenced Files
None
Subscribers
None
VyOS IKEv2 debug.txt
View Options
Unable to find IKEv2 messages. Strongswan might be running with IKEv2 turned off or alternatively, your log files have been emptied (ie, logwatch)
cr3
Sun Oct 8 13:05:15 UTC 2017
+ _________________________ version
+ ipsec --version
Linux strongSwan U4.5.2/K3.13.11-1-amd64-vyos
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil, Switzerland
See 'ipsec --copyright' for copyright information.
+ _________________________ /proc/net/pfkey
+ test -r /proc/net/pfkey
+ cat /proc/net/pfkey
sk RefCnt Rmem Wmem User Inode
+ _________________________ ip-xfrm-state
+ ip -s xfrm state
src 10.0.0.3 dst 10.0.0.1
proto esp spi 0xb5c9c14e(3049898318) reqid 2(0x00000002) mode tunnel
replay-window 32 seq 0x00000000 flag af-unspec (0x00100000)
mark 9437185/0xffffffff
auth-trunc hmac(sha256) 0xa02dca1ddb9bcda8a58094bdc2ef1731eb5cbff543d0b66164f0321a95534e81 (256 bits) 128
enc cbc(aes) 0xaee9c8de212b521533280b112e2af131 (128 bits)
lifetime config:
limit: soft (INF)(bytes), hard (INF)(bytes)
limit: soft (INF)(packets), hard (INF)(packets)
expire add: soft 3054(sec), hard 3600(sec)
expire use: soft 0(sec), hard 0(sec)
lifetime current:
0(bytes), 0(packets)
add 2017-10-08 13:05:06 use -
stats:
replay-window 0 replay 0 failed 0
src 10.0.0.1 dst 10.0.0.3
proto esp spi 0xc66d5403(3329053699) reqid 2(0x00000002) mode tunnel
replay-window 32 seq 0x00000000 flag af-unspec (0x00100000)
mark 9437185/0xffffffff
auth-trunc hmac(sha256) 0x98073b7cda3e8419ba03c14b8f6fe9eef50d77030af8503f1855d994ecb835ae (256 bits) 128
enc cbc(aes) 0xbc81d9a238982201de82059677e47757 (128 bits)
lifetime config:
limit: soft (INF)(bytes), hard (INF)(bytes)
limit: soft (INF)(packets), hard (INF)(packets)
expire add: soft 2954(sec), hard 3600(sec)
expire use: soft 0(sec), hard 0(sec)
lifetime current:
0(bytes), 0(packets)
add 2017-10-08 13:05:06 use -
stats:
replay-window 0 replay 0 failed 0
+ _________________________ ip-xfrm-policy
+ ip -s xfrm policy
src 0.0.0.0/0 dst 0.0.0.0/0 uid 0
dir fwd action allow index 1786 priority 2051 ptype main share any flag (0x00000000)
lifetime config:
limit: soft (INF)(bytes), hard (INF)(bytes)
limit: soft (INF)(packets), hard (INF)(packets)
expire add: soft 0(sec), hard 0(sec)
expire use: soft 0(sec), hard 0(sec)
lifetime current:
0(bytes), 0(packets)
add 2017-10-08 13:05:06 use -
mark 9437185/0xffffffff
tmpl src 10.0.0.1 dst 10.0.0.3
proto esp spi 0x00000000(0) reqid 2(0x00000002) mode tunnel
level required share any
enc-mask ffffffff auth-mask ffffffff comp-mask ffffffff
src 0.0.0.0/0 dst 0.0.0.0/0 uid 0
dir in action allow index 1776 priority 2051 ptype main share any flag (0x00000000)
lifetime config:
limit: soft (INF)(bytes), hard (INF)(bytes)
limit: soft (INF)(packets), hard (INF)(packets)
expire add: soft 0(sec), hard 0(sec)
expire use: soft 0(sec), hard 0(sec)
lifetime current:
0(bytes), 0(packets)
add 2017-10-08 13:05:06 use -
mark 9437185/0xffffffff
tmpl src 10.0.0.1 dst 10.0.0.3
proto esp spi 0x00000000(0) reqid 2(0x00000002) mode tunnel
level required share any
enc-mask ffffffff auth-mask ffffffff comp-mask ffffffff
src 0.0.0.0/0 dst 0.0.0.0/0 uid 0
dir out action allow index 1769 priority 2051 ptype main share any flag (0x00000000)
lifetime config:
limit: soft (INF)(bytes), hard (INF)(bytes)
limit: soft (INF)(packets), hard (INF)(packets)
expire add: soft 0(sec), hard 0(sec)
expire use: soft 0(sec), hard 0(sec)
lifetime current:
0(bytes), 0(packets)
add 2017-10-08 13:05:06 use -
mark 9437185/0xffffffff
tmpl src 10.0.0.3 dst 10.0.0.1
proto esp spi 0x00000000(0) reqid 2(0x00000002) mode tunnel
level required share any
enc-mask ffffffff auth-mask ffffffff comp-mask ffffffff
src ::/0 dst ::/0 uid 0
socket out action allow index 1852 priority 0 ptype main share any flag (0x00000000)
lifetime config:
limit: soft (INF)(bytes), hard (INF)(bytes)
limit: soft (INF)(packets), hard (INF)(packets)
expire add: soft 0(sec), hard 0(sec)
expire use: soft 0(sec), hard 0(sec)
lifetime current:
0(bytes), 0(packets)
add 2017-10-08 13:05:06 use -
src ::/0 dst ::/0 uid 0
socket in action allow index 1843 priority 0 ptype main share any flag (0x00000000)
lifetime config:
limit: soft (INF)(bytes), hard (INF)(bytes)
limit: soft (INF)(packets), hard (INF)(packets)
expire add: soft 0(sec), hard 0(sec)
expire use: soft 0(sec), hard 0(sec)
lifetime current:
0(bytes), 0(packets)
add 2017-10-08 13:05:06 use -
src 0.0.0.0/0 dst 0.0.0.0/0 uid 0
socket out action allow index 1836 priority 0 ptype main share any flag (0x00000000)
lifetime config:
limit: soft (INF)(bytes), hard (INF)(bytes)
limit: soft (INF)(packets), hard (INF)(packets)
expire add: soft 0(sec), hard 0(sec)
expire use: soft 0(sec), hard 0(sec)
lifetime current:
0(bytes), 0(packets)
add 2017-10-08 13:05:06 use -
src 0.0.0.0/0 dst 0.0.0.0/0 uid 0
socket in action allow index 1827 priority 0 ptype main share any flag (0x00000000)
lifetime config:
limit: soft (INF)(bytes), hard (INF)(bytes)
limit: soft (INF)(packets), hard (INF)(packets)
expire add: soft 0(sec), hard 0(sec)
expire use: soft 0(sec), hard 0(sec)
lifetime current:
0(bytes), 0(packets)
add 2017-10-08 13:05:06 use -
src 0.0.0.0/0 dst 0.0.0.0/0 uid 0
socket out action allow index 1820 priority 0 ptype main share any flag (0x00000000)
lifetime config:
limit: soft (INF)(bytes), hard (INF)(bytes)
limit: soft (INF)(packets), hard (INF)(packets)
expire add: soft 0(sec), hard 0(sec)
expire use: soft 0(sec), hard 0(sec)
lifetime current:
0(bytes), 0(packets)
add 2017-10-08 13:05:06 use -
src 0.0.0.0/0 dst 0.0.0.0/0 uid 0
socket in action allow index 1811 priority 0 ptype main share any flag (0x00000000)
lifetime config:
limit: soft (INF)(bytes), hard (INF)(bytes)
limit: soft (INF)(packets), hard (INF)(packets)
expire add: soft 0(sec), hard 0(sec)
expire use: soft 0(sec), hard 0(sec)
lifetime current:
0(bytes), 0(packets)
add 2017-10-08 13:05:06 use -
src 0.0.0.0/0 dst 0.0.0.0/0 uid 0
socket out action allow index 1804 priority 0 ptype main share any flag (0x00000000)
lifetime config:
limit: soft (INF)(bytes), hard (INF)(bytes)
limit: soft (INF)(packets), hard (INF)(packets)
expire add: soft 0(sec), hard 0(sec)
expire use: soft 0(sec), hard 0(sec)
lifetime current:
0(bytes), 0(packets)
add 2017-10-08 13:05:06 use -
src 0.0.0.0/0 dst 0.0.0.0/0 uid 0
socket in action allow index 1795 priority 0 ptype main share any flag (0x00000000)
lifetime config:
limit: soft (INF)(bytes), hard (INF)(bytes)
limit: soft (INF)(packets), hard (INF)(packets)
expire add: soft 0(sec), hard 0(sec)
expire use: soft 0(sec), hard 0(sec)
lifetime current:
0(bytes), 0(packets)
add 2017-10-08 13:05:06 use 2017-10-08 13:05:06
src ::/0 dst ::/0 uid 0
socket in action allow index 1763 priority 0 ptype main share any flag (0x00000000)
lifetime config:
limit: soft 0(bytes), hard 0(bytes)
limit: soft 0(packets), hard 0(packets)
expire add: soft 0(sec), hard 0(sec)
expire use: soft 0(sec), hard 0(sec)
lifetime current:
0(bytes), 0(packets)
add 2017-10-08 13:05:06 use -
src ::/0 dst ::/0 uid 0
socket out action allow index 1756 priority 0 ptype main share any flag (0x00000000)
lifetime config:
limit: soft 0(bytes), hard 0(bytes)
limit: soft 0(packets), hard 0(packets)
expire add: soft 0(sec), hard 0(sec)
expire use: soft 0(sec), hard 0(sec)
lifetime current:
0(bytes), 0(packets)
add 2017-10-08 13:05:06 use -
src ::/0 dst ::/0 uid 0
socket in action allow index 1747 priority 0 ptype main share any flag (0x00000000)
lifetime config:
limit: soft 0(bytes), hard 0(bytes)
limit: soft 0(packets), hard 0(packets)
expire add: soft 0(sec), hard 0(sec)
expire use: soft 0(sec), hard 0(sec)
lifetime current:
0(bytes), 0(packets)
add 2017-10-08 13:05:06 use -
src ::/0 dst ::/0 uid 0
socket out action allow index 1740 priority 0 ptype main share any flag (0x00000000)
lifetime config:
limit: soft 0(bytes), hard 0(bytes)
limit: soft 0(packets), hard 0(packets)
expire add: soft 0(sec), hard 0(sec)
expire use: soft 0(sec), hard 0(sec)
lifetime current:
0(bytes), 0(packets)
add 2017-10-08 13:05:06 use -
src ::/0 dst ::/0 uid 0
socket in action allow index 1731 priority 0 ptype main share any flag (0x00000000)
lifetime config:
limit: soft 0(bytes), hard 0(bytes)
limit: soft 0(packets), hard 0(packets)
expire add: soft 0(sec), hard 0(sec)
expire use: soft 0(sec), hard 0(sec)
lifetime current:
0(bytes), 0(packets)
add 2017-10-08 13:05:06 use -
src ::/0 dst ::/0 uid 0
socket out action allow index 1724 priority 0 ptype main share any flag (0x00000000)
lifetime config:
limit: soft 0(bytes), hard 0(bytes)
limit: soft 0(packets), hard 0(packets)
expire add: soft 0(sec), hard 0(sec)
expire use: soft 0(sec), hard 0(sec)
lifetime current:
0(bytes), 0(packets)
add 2017-10-08 13:05:06 use -
src 0.0.0.0/0 dst 0.0.0.0/0 uid 0
socket in action allow index 1715 priority 0 ptype main share any flag (0x00000000)
lifetime config:
limit: soft 0(bytes), hard 0(bytes)
limit: soft 0(packets), hard 0(packets)
expire add: soft 0(sec), hard 0(sec)
expire use: soft 0(sec), hard 0(sec)
lifetime current:
0(bytes), 0(packets)
add 2017-10-08 13:05:06 use 2017-10-08 13:05:11
src 0.0.0.0/0 dst 0.0.0.0/0 uid 0
socket out action allow index 1708 priority 0 ptype main share any flag (0x00000000)
lifetime config:
limit: soft 0(bytes), hard 0(bytes)
limit: soft 0(packets), hard 0(packets)
expire add: soft 0(sec), hard 0(sec)
expire use: soft 0(sec), hard 0(sec)
lifetime current:
0(bytes), 0(packets)
add 2017-10-08 13:05:06 use 2017-10-08 13:05:06
src 0.0.0.0/0 dst 0.0.0.0/0 uid 0
socket in action allow index 1699 priority 0 ptype main share any flag (0x00000000)
lifetime config:
limit: soft 0(bytes), hard 0(bytes)
limit: soft 0(packets), hard 0(packets)
expire add: soft 0(sec), hard 0(sec)
expire use: soft 0(sec), hard 0(sec)
lifetime current:
0(bytes), 0(packets)
add 2017-10-08 13:05:06 use -
src 0.0.0.0/0 dst 0.0.0.0/0 uid 0
socket out action allow index 1692 priority 0 ptype main share any flag (0x00000000)
lifetime config:
limit: soft 0(bytes), hard 0(bytes)
limit: soft 0(packets), hard 0(packets)
expire add: soft 0(sec), hard 0(sec)
expire use: soft 0(sec), hard 0(sec)
lifetime current:
0(bytes), 0(packets)
add 2017-10-08 13:05:06 use 2017-10-08 13:05:06
src 0.0.0.0/0 dst 0.0.0.0/0 uid 0
socket in action allow index 1683 priority 0 ptype main share any flag (0x00000000)
lifetime config:
limit: soft 0(bytes), hard 0(bytes)
limit: soft 0(packets), hard 0(packets)
expire add: soft 0(sec), hard 0(sec)
expire use: soft 0(sec), hard 0(sec)
lifetime current:
0(bytes), 0(packets)
add 2017-10-08 13:05:06 use 2017-10-08 13:05:11
src 0.0.0.0/0 dst 0.0.0.0/0 uid 0
(0x00000000)
lifetime config:
limit: soft 0(bytes), hard 0(bytes)
limit: soft 0(packets), hard 0(packets)
expire add: soft 0(sec), hard 0(sec)
expire use: soft 0(sec), hard 0(sec)
lifetime current:
0(bytes), 0(packets)
add 2017-10-08 13:05:06 use -
+ _________________________ /proc/sys/net/ipsec-star
+ test -d /proc/sys/net/ipsec
+ _________________________ ipsec/status
+ ipsec statusall
000 Status of IKEv1 pluto daemon (strongSwan 4.5.2):
000 interface lo/lo ::1:500
000 interface lo/lo 127.0.0.1:500
000 interface lo/lo 192.168.101.103:500
000 interface eth0/eth0 10.0.0.3:500
000 %myid = '%any'
000 loaded plugins: test-vectors curl ldap aes des sha1 sha2 md5 random x509 pkcs1 pgp dnskey pem openssl gmp hmac xauth attr kernel-netlink resolve
000 debug options: raw+crypt+parsing+emitting+control+lifecycle+kernel+dns+natt+oppo+controlmore
000
Status of IKEv2 charon daemon (strongSwan 4.5.2):
uptime: 10 seconds, since Oct 08 13:05:05 2017
malloc: sbrk 270336, mmap 0, used 237328, free 33008
worker threads: 7 idle of 16, job queue load: 0, scheduled events: 3
loaded plugins: test-vectors curl ldap aes des sha1 sha2 md5 random x509 revocation constraints pubkey pkcs1 pgp pem openssl fips-prf gmp agent pkcs11 xcbc hmac ctr ccm gcm attr kernel-netlink resolve socket-raw farp stroke updown eap-identity eap-aka eap-md5 eap-gtc eap-mschapv2 eap-radius eap-tls eap-ttls eap-tnc dhcp led addrblock
Listening IP addresses:
10.0.0.3
Connections:
peer-10.0.0.1-tunnel-vti: 10.0.0.3...10.0.0.1, dpddelay=15s
peer-10.0.0.1-tunnel-vti: local: [10.0.0.3] uses pre-shared key authentication
peer-10.0.0.1-tunnel-vti: remote: [10.0.0.1] uses any authentication
peer-10.0.0.1-tunnel-vti: child: 0.0.0.0/0 === 0.0.0.0/0 , dpdaction=clear
Routed Connections:
peer-10.0.0.1-tunnel-vti{1}: ROUTED, TUNNEL
peer-10.0.0.1-tunnel-vti{1}: 0.0.0.0/0 === 0.0.0.0/0
Security Associations:
.0.0.1[10.0.0.1]
peer-10.0.0.1-tunnel-vti[1]: IKE SPIs: c1a3ed81e2e0c22d_i* 2078e9cf102b9cea_r, rekeying in 15 minutes
peer-10.0.0.1-tunnel-vti[1]: IKE proposal: AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048_256
peer-10.0.0.1-tunnel-vti{2}: INSTALLED, TUNNEL, ESP SPIs: c66d5403_i b5c9c14e_o
peer-10.0.0.1-tunnel-vti{2}: AES_CBC_128/HMAC_SHA2_256_128, 0 bytes_i, 0 bytes_o, rekeying in 50 minutes
peer-10.0.0.1-tunnel-vti{2}: 0.0.0.0/0 === 0.0.0.0/0
+ _________________________ routing/tables
+ ip rule list
0: from all lookup local
32766: from all lookup main
32766: from all lookup main
32766: from all lookup main
32767: from all lookup default
+ _________________________ ip/route
+ /opt/vyatta/bin/vtyshow.pl show ip route
Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF,
I - ISIS, B - BGP, > - selected route, * - FIB route
K>* 0.0.0.0/0 via 10.0.0.1, eth0
C>* 10.0.0.0/24 is directly connected, eth0
C>* 127.0.0.0/8 is directly connected, lo
S>* 192.168.101.101/32 [1/0] via 192.168.101.1 (recursive via 10.0.0.1)
C>* 192.168.101.103/32 is directly connected, lo
+ _________________________ ipsec/directory
+ ipsec --directory
/usr/lib/ipsec
+ _________________________ ps
+ egrep -i 'ppid|pluto|ipsec|klips'
+ ps alxwf
F UID PID PPID PRI NI VSZ RSS WCHAN STAT TTY TIME COMMAND
4 0 13522 13521 20 0 21024 1212 - S+ ttyS0 0:00 | \_ sudo /usr/lib/ipsec/barf
4 0 13523 13522 20 0 9216 1372 - S+ ttyS0 0:00 | \_ /bin/sh /usr/lib/ipsec/barf
0 0 13590 13523 20 0 6116 572 - S+ ttyS0 0:00 | \_ egrep -i ppid|pluto|ipsec|klips
1 0 13278 1 20 0 12644 520 - Ss ? 0:00 /usr/lib/ipsec/starter
4 0 13279 13278 20 0 147068 3888 - Ssl ? 0:00 \_ /usr/lib/ipsec/pluto --nofork --uniqueids --debug-all
0 0 13342 13279 20 0 8020 340 - S ? 0:00 | \_ _pluto_adns -d
b/ipsec/charon --use-syslog
+ _________________________ ipsec/conf
+ /usr/lib/ipsec/_keycensor
+ /usr/lib/ipsec/_include /etc/ipsec.conf
#< /etc/ipsec.conf 1
# generated by /opt/vyatta/sbin/vpn-config.pl
version 2.0
config setup
charonstart=yes
interfaces="%none"
plutodebug="all"
conn clear
auto=ignore
conn clear-or-private
auto=ignore
conn private-or-clear
auto=ignore
conn private
auto=ignore
conn block
auto=ignore
conn packetdefault
auto=ignore
conn %default
keyexchange=ikev1
conn peer-10.0.0.1-tunnel-vti
left=10.0.0.3
leftid="10.0.0.3"
right=10.0.0.1
rightid="10.0.0.1"
leftsubnet=0.0.0.0/0
rightsubnet=0.0.0.0/0
ike=aes128-sha256-modp2048s256!
keyexchange=ikev2
reauth=no
ikelifetime=1800s
dpddelay=15s
dpdtimeout=50s
dpdaction=clear
esp=aes128-sha256!
keylife=3600s
rekeymargin=540s
type=tunnel
pfs=yes
pfsgroup=modp4096
compress=no
authby=secret
mark=9437185
leftupdown="/usr/lib/ipsec/vti-up-down vti0"
auto=start
keyingtries=%forever
#conn peer-10.0.0.1-tunnel-vti
#< /etc/dmvpn.conf 1
# generated by /opt/vyatta/sbin/dmvpn-config.pl
#> /etc/ipsec.conf 61
+ _________________________ ipsec/secrets
+ /usr/lib/ipsec/_secretcensor
+ /usr/lib/ipsec/_include /etc/ipsec.secrets
#< /etc/ipsec.secrets 1
# generated by /opt/vyatta/sbin/vpn-config.pl
10.0.0.3 10.0.0.1 10.0.0.3 10.0.0.1 : PSK "[sums to 3f9b...]"
#< /etc/dmvpn.secrets 1
# generated by /opt/vyatta/sbin/dmvpn-config.pl
#> /etc/ipsec.secrets 6
+ _________________________ ipsec/listall
+ ipsec listall
000
000 List of registered IKEv1 Algorithms:
000
000 encryption: BLOWFISH_CBC[openssl] 3DES_CBC[des] AES_CBC[aes] CAMELLIA_CBC[openssl]
000 integrity: HMAC_MD5[md5] HMAC_SHA1[sha1] HMAC_SHA2_256[sha2] HMAC_SHA2_384[sha2] HMAC_SHA2_512[sha2]
000 dh-group: MODP_1024[openssl] MODP_1536[openssl] MODP_2048[openssl] MODP_3072[openssl] MODP_4096[openssl]
000 MODP_6144[openssl] MODP_8192[openssl] ECP_256[openssl] ECP_384[openssl] ECP_521[openssl]
000 MODP_1024_160[openssl] MODP_2048_224[openssl] MODP_2048_256[openssl] ECP_192[openssl] ECP_224[openssl]
000 random-gen: RNG_STRONG[random] RNG_TRUE[random]
000
000 List of registered ESP Algorithms:
000
000 encryption: DES_CBC 3DES_CBC CAST_CBC BLOWFISH_CBC NULL AES_CBC AES_CTR AES_CCM_8 AES_CCM_12 AES_CCM_16 AES_GCM_8
000 AES_GCM_12 AES_GCM_16 CAMELLIA_CBC AES_GMAC SERPENT_CBC TWOFISH_CBC
000 integrity: HMAC_MD5 HMAC_SHA1 HMAC_SHA2_256 HMAC_SHA2_384 HMAC_SHA2_512 HMAC_RIPEMD AES_XCBC_96 NULL HMAC_SHA2_256_96
List of registered IKEv2 Algorithms:
encryption: AES_CBC[aes] 3DES_CBC[des] DES_CBC[des] DES_ECB[des] CAMELLIA_CBC[openssl] RC5_CBC[openssl]
IDEA_CBC[openssl] CAST_CBC[openssl] BLOWFISH_CBC[openssl] NULL[openssl] AES_CTR[ctr]
integrity: AES_XCBC_96[xcbc] HMAC_SHA1_96[hmac] HMAC_SHA1_128[hmac] HMAC_SHA1_160[hmac] HMAC_SHA2_256_128[hmac]
HMAC_SHA2_256_256[hmac] HMAC_MD5_96[hmac] HMAC_MD5_128[hmac] HMAC_SHA2_384_192[hmac]
HMAC_SHA2_384_384[hmac] HMAC_SHA2_512_256[hmac]
aead: AES_CCM_8[ccm] AES_CCM_12[ccm] AES_CCM_16[ccm] AES_GCM_8[gcm] AES_GCM_12[gcm] AES_GCM_16[gcm]
hasher: HASH_SHA1[sha1] HASH_SHA224[sha2] HASH_SHA256[sha2] HASH_SHA384[sha2] HASH_SHA512[sha2] HASH_MD5[md5]
HASH_MD2[openssl] HASH_MD4[openssl]
prf: PRF_KEYED_SHA1[sha1] PRF_FIPS_SHA1_160[fips-prf] PRF_AES128_XCBC[xcbc] PRF_HMAC_SHA1[hmac]
PRF_HMAC_SHA2_256[hmac] PRF_HMAC_MD5[hmac] PRF_HMAC_SHA2_384[hmac] PRF_HMAC_SHA2_512[hmac]
dh-group: MODP_2048[openssl] MODP_2048_224[openssl] MODP_2048_256[openssl] MODP_1536[openssl] ECP_256[openssl]
ECP_384[openssl] ECP_521[openssl] ECP_224[openssl] ECP_192[openssl] MODP_3072[openssl] MODP_4096[openssl]
MODP_6144[openssl] MODP_8192[openssl] MODP_1024[openssl] MODP_1024_160[openssl] MODP_768[openssl]
MODP_CUSTOM[openssl]
random-gen: RNG_STRONG[random] RNG_TRUE[random]
+ '[' ']'
+ _________________________ /proc/net/ipsec_version
+ test -r /proc/net/ipsec_version
+ test -r /proc/net/pfkey
++ uname -r
+ echo 'NETKEY (3.13.11-1-amd64-vyos) support detected '
NETKEY (3.13.11-1-amd64-vyos) support detected
+ _________________________ /proc/net/ipsec-ls
+ test -f /proc/net/ipsec_version
+ _________________________ plutolog
+ case "$1" in
+ cat
+ egrep -i pluto
+ sed -n '1886,$p' /var/log/messages
Oct 8 13:05:06 cr3 pluto[13279]: Starting IKEv1 pluto daemon (strongSwan 4.5.2) THREADS SMARTCARD VENDORID CISCO_QUIRKS
Oct 8 13:05:06 cr3 pluto[13279]: including NAT-Traversal patch (Version 0.6c) [disabled]
Oct 8 13:05:06 cr3 pluto[13279]: failed to load pkcs11 module '/usr/lib/opensc-pkcs11.so'
Oct 8 13:05:06 cr3 ipsec_starter[13278]: pluto (13279) started after 20 ms
Oct 8 13:05:06 cr3 pluto[13279]: Changing to directory '/etc/ipsec.d/crls'
Oct 8 13:05:06 cr3 pluto[13279]: listening for IKE messages
Oct 8 13:05:06 cr3 pluto[13279]: adding interface eth0/eth0 10.0.0.3:500
Oct 8 13:05:06 cr3 pluto[13279]: adding interface lo/lo 192.168.101.103:500
Oct 8 13:05:06 cr3 pluto[13279]: adding interface lo/lo 127.0.0.1:500
Oct 8 13:05:06 cr3 pluto[13279]: adding interface lo/lo ::1:500
Oct 8 13:05:06 cr3 pluto[13279]: loading secrets from "/etc/ipsec.secrets"
Oct 8 13:05:06 cr3 pluto[13279]: loaded PSK secret for 10.0.0.3 10.0.0.1 10.0.0.3 10.0.0.1
Oct 8 13:05:06 cr3 pluto[13279]: loading secrets from "/etc/dmvpn.secrets"
Oct 8 13:05:06 cr3 pluto[13279]: added connection description "peer-10.0.0.1-tunnel-vti"
+ _________________________ charonlog
+ case "$1" in
+ cat
+ egrep -i charon
+ sed -n '1,$p' /dev/null
+ _________________________ date
+ date
Sun Oct 8 13:05:15 UTC 2017
File Metadata
Details
Attached
Mime Type
text/plain
Storage Engine
amazon-s3
Storage Format
Raw Data
Storage Handle
phabricator/rw/d4/cym73wqpyohgmnrz
Default Alt Text
VyOS IKEv2 debug.txt (22 KB)
Attached To
Mode
T416: IKEv2 VTI Site-to-Site VPN between Cisco IOS-XE 16.3.1a and VyOS 1.1.7 not working (IKEv1 working ok)
Attached
Detach File
Event Timeline
Log In to Comment