Plutorun started on Fri Oct 23 02:07:14 CST 2009 adjusting ipsec.d to /etc/ipsec.d nss directory plutomain: /etc/ipsec.d NSS Initialized Non-fips mode set in /proc/sys/crypto/fips_enabled Non-fips mode set in /proc/sys/crypto/fips_enabled Starting Pluto (Openswan Version 2.6.21; Vendor ID OE~q\177kZNr}Wk) pid:5575 Setting NAT-Traversal port-4500 floating to off port floating activation criteria nat_t=0/port_float=1 including NAT-Traversal patch (Version 0.6c) [disabled] ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC_SSH: Ok (ret=0) ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC: Ok (ret=0) ike_alg_register_enc(): Activating OAKLEY_SERPENT_CBC: Ok (ret=0) ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0) ike_alg_register_enc(): Activating OAKLEY_BLOWFISH_CBC: Ok (ret=0) ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok (ret=0) ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok (ret=0) starting up 1 cryptographic helpers main fd(9) helper fd(10) started helper (thread) pid=-1208382576 (fd:9) Using Linux 2.6 IPsec interface code on 2.6.18-164.el5PAE (experimental code) ike_alg_register_enc(): WARNING: enc alg=0 not found in constants.c:oakley_enc_names ike_alg_register_enc(): Activating : Ok (ret=0) ike_alg_register_enc(): WARNING: enc alg=0 not found in constants.c:oakley_enc_names ike_alg_add(): ERROR: Algorithm already exists ike_alg_register_enc(): Activating : FAILED (ret=-17) ike_alg_register_enc(): WARNING: enc alg=0 not found in constants.c:oakley_enc_names ike_alg_add(): ERROR: Algorithm already exists ike_alg_register_enc(): Activating : FAILED (ret=-17) ike_alg_register_enc(): WARNING: enc alg=0 not found in constants.c:oakley_enc_names ike_alg_add(): ERROR: Algorithm already exists ike_alg_register_enc(): Activating : FAILED (ret=-17) ike_alg_register_enc(): WARNING: enc alg=0 not found in constants.c:oakley_enc_names ike_alg_add(): ERROR: Algorithm already exists ike_alg_register_enc(): Activating : FAILED (ret=-17) ike_alg_register_enc(): WARNING: enc alg=0 not found in constants.c:oakley_enc_names ike_alg_add(): ERROR: Algorithm already exists ike_alg_register_enc(): Activating : FAILED (ret=-17) myid malformed: empty string "" Could not change to directory '/etc/ipsec.d/cacerts': /root Could not change to directory '/etc/ipsec.d/aacerts': /root Could not change to directory '/etc/ipsec.d/ocspcerts': /root Could not change to directory '/etc/ipsec.d/crls' Non-fips mode set in /proc/sys/crypto/fips_enabled Non-fips mode set in /proc/sys/crypto/fips_enabled added connection description "host-host" listening for IKE messages adding interface eth0/eth0 192.168.0.10:500 adding interface lo/lo 127.0.0.1:500 adding interface eth0/eth0 2001:db8:1:1::1234:500 adding interface lo/lo ::1:500 loading secrets from "/etc/ipsec.secrets" "host-host" #1: initiating v2 parent SA pluto_do_crypto: helper (0) is exiting "host-host" #1: transition from state STATE_IKEv2_START to state STATE_PARENT_I1 "host-host" #1: STATE_PARENT_I1: sent v2I1, expected v2R1 "host-host" #1: max number of retransmissions (2) reached STATE_PARENT_I1. No response (or no acceptable response) to our first IKE message "host-host" #1: starting keying attempt 2 of at most 1 "host-host" #2: initiating v2 parent SA to replace #1 pluto_do_crypto: helper (0) is exiting "host-host" #2: transition from state STATE_IKEv2_START to state STATE_PARENT_I1 "host-host" #2: STATE_PARENT_I1: sent v2I1, expected v2R1 "host-host" #2: max number of retransmissions (2) reached STATE_PARENT_I1. No response (or no acceptable response) to our first IKE message "host-host" #2: starting keying attempt 3 of at most 1 "host-host" #2: next attempt will be IKEv1 "host-host" #3: initiating Main Mode to replace #2 "host-host" #3: max number of retransmissions (2) reached STATE_MAIN_I1. No response (or no acceptable response) to our first IKE message "host-host" #3: starting keying attempt 4 of at most 1 "host-host" #4: initiating Main Mode to replace #3 "host-host" #4: max number of retransmissions (2) reached STATE_MAIN_I1. No response (or no acceptable response) to our first IKE message "host-host" #4: starting keying attempt 5 of at most 1 "host-host" #5: initiating Main Mode to replace #4 "host-host" #5: max number of retransmissions (2) reached STATE_MAIN_I1. No response (or no acceptable response) to our first IKE message "host-host" #5: starting keying attempt 6 of at most 1 "host-host" #5: next attempt will be IKEv2 "host-host" #6: initiating v2 parent SA to replace #5 pluto_do_crypto: helper (0) is exiting "host-host" #6: transition from state STATE_IKEv2_START to state STATE_PARENT_I1 "host-host" #6: STATE_PARENT_I1: sent v2I1, expected v2R1 "host-host" #6: max number of retransmissions (2) reached STATE_PARENT_I1. No response (or no acceptable response) to our first IKE message "host-host" #6: starting keying attempt 7 of at most 1 "host-host" #7: initiating v2 parent SA to replace #6 pluto_do_crypto: helper (0) is exiting "host-host" #7: transition from state STATE_IKEv2_START to state STATE_PARENT_I1 "host-host" #7: STATE_PARENT_I1: sent v2I1, expected v2R1 "host-host" #7: max number of retransmissions (2) reached STATE_PARENT_I1. No response (or no acceptable response) to our first IKE message "host-host" #7: starting keying attempt 8 of at most 1 "host-host" #8: initiating v2 parent SA to replace #7 pluto_do_crypto: helper (0) is exiting "host-host" #8: transition from state STATE_IKEv2_START to state STATE_PARENT_I1 "host-host" #8: STATE_PARENT_I1: sent v2I1, expected v2R1 "host-host" #8: max number of retransmissions (2) reached STATE_PARENT_I1. No response (or no acceptable response) to our first IKE message "host-host" #8: starting keying attempt 9 of at most 1 "host-host" #8: next attempt will be IKEv1 "host-host" #9: initiating Main Mode to replace #8 "host-host" #9: max number of retransmissions (2) reached STATE_MAIN_I1. No response (or no acceptable response) to our first IKE message "host-host" #9: starting keying attempt 10 of at most 1 "host-host" #10: initiating Main Mode to replace #9 "host-host" #10: max number of retransmissions (2) reached STATE_MAIN_I1. No response (or no acceptable response) to our first IKE message "host-host" #10: starting keying attempt 11 of at most 1 "host-host" #11: initiating Main Mode to replace #10 "host-host" #11: max number of retransmissions (2) reached STATE_MAIN_I1. No response (or no acceptable response) to our first IKE message "host-host" #11: starting keying attempt 12 of at most 1 "host-host" #11: next attempt will be IKEv2 "host-host" #12: initiating v2 parent SA to replace #11 pluto_do_crypto: helper (0) is exiting "host-host" #12: transition from state STATE_IKEv2_START to state STATE_PARENT_I1 "host-host" #12: STATE_PARENT_I1: sent v2I1, expected v2R1 "host-host" #12: max number of retransmissions (2) reached STATE_PARENT_I1. No response (or no acceptable response) to our first IKE message "host-host" #12: starting keying attempt 13 of at most 1 "host-host" #13: initiating v2 parent SA to replace #12 pluto_do_crypto: helper (0) is exiting "host-host" #13: transition from state STATE_IKEv2_START to state STATE_PARENT_I1 "host-host" #13: STATE_PARENT_I1: sent v2I1, expected v2R1 "host-host" #13: max number of retransmissions (2) reached STATE_PARENT_I1. No response (or no acceptable response) to our first IKE message "host-host" #13: starting keying attempt 14 of at most 1 "host-host" #14: initiating v2 parent SA to replace #13 pluto_do_crypto: helper (0) is exiting "host-host" #14: transition from state STATE_IKEv2_START to state STATE_PARENT_I1 "host-host" #14: STATE_PARENT_I1: sent v2I1, expected v2R1 "host-host" #14: max number of retransmissions (2) reached STATE_PARENT_I1. No response (or no acceptable response) to our first IKE message "host-host" #14: starting keying attempt 15 of at most 1 "host-host" #14: next attempt will be IKEv1 "host-host" #15: initiating Main Mode to replace #14 "host-host" #15: max number of retransmissions (2) reached STATE_MAIN_I1. No response (or no acceptable response) to our first IKE message "host-host" #15: starting keying attempt 16 of at most 1 "host-host" #16: initiating Main Mode to replace #15