Jul 20 16:22:23 moon charon: 01[DMN] starting charon (strongSwan Version 4.2.17) Jul 20 16:22:23 moon charon: 01[CFG] loading ca certificates from '/etc/ipsec.d/cacerts' Jul 20 16:22:23 moon charon: 01[LIB] loaded certificate file '/etc/ipsec.d/cacerts/researchCert.pem' Jul 20 16:22:23 moon charon: 01[LIB] loaded certificate file '/etc/ipsec.d/cacerts/strongswanCert.pem' Jul 20 16:22:23 moon charon: 01[LIB] loaded certificate file '/etc/ipsec.d/cacerts/salesCert.pem' Jul 20 16:22:23 moon charon: 01[CFG] loading aa certificates from '/etc/ipsec.d/aacerts' Jul 20 16:22:23 moon charon: 01[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts' Jul 20 16:22:23 moon charon: 01[CFG] loading attribute certificates from '/etc/ipsec.d/acerts' Jul 20 16:22:23 moon charon: 01[CFG] loading crls from '/etc/ipsec.d/crls' Jul 20 16:22:23 moon charon: 01[CFG] loading secrets from '/etc/ipsec.secrets' Jul 20 16:22:23 moon charon: 01[CFG] loaded private key file '/etc/ipsec.d/private/moonKey.pem' Jul 20 16:22:23 moon charon: 01[DMN] loaded plugins: curl aes des sha1 sha2 md5 gmp random x509 pubkey hmac xcbc stroke kernel-netlink Jul 20 16:22:23 moon charon: 01[KNL] listening on interfaces: Jul 20 16:22:23 moon charon: 01[KNL] eth0 Jul 20 16:22:23 moon charon: 01[KNL] 192.168.0.1 Jul 20 16:22:23 moon charon: 01[KNL] fec0::1 Jul 20 16:22:23 moon charon: 01[KNL] fe80::fcfd:c0ff:fea8:1 Jul 20 16:22:23 moon charon: 01[KNL] eth1 Jul 20 16:22:23 moon charon: 01[KNL] 10.1.0.1 Jul 20 16:22:23 moon charon: 01[KNL] fec1::1 Jul 20 16:22:23 moon charon: 01[KNL] fe80::fcfd:aff:fe01:1 Jul 20 16:22:23 moon charon: 01[DMN] integrity test of libstrongswan code Jul 20 16:22:23 moon charon: 01[LIB] TEXT: 0x40024e08 + 52128 = 0x400319a8 Jul 20 16:22:23 moon charon: 01[LIB] RODATA: 0x40031a20 + 9716 = 0x40034014 Jul 20 16:22:23 moon charon: 01[LIB] SHA-1 HMAC key: strongSwan Version 4.2.17 Jul 20 16:22:23 moon charon: 01[LIB] SHA-1 HMAC sig: a8:79:ce:93:03:c1:35:1f:be:cd:2f:9b:ac:57:0d:9a Jul 20 16:22:23 moon charon: 01[DMN] integrity test passed Jul 20 16:22:23 moon charon: 01[JOB] spawning 16 worker threads Jul 20 16:22:23 moon charon: 03[CFG] received stroke: add ca 'strongswan' Jul 20 16:22:23 moon charon: 03[LIB] loaded certificate file '/etc/ipsec.d/cacerts/strongswanCert.pem' Jul 20 16:22:23 moon charon: 03[CFG] added ca 'strongswan' Jul 20 16:22:23 moon charon: 08[CFG] received stroke: add ca 'research' Jul 20 16:22:23 moon charon: 08[LIB] loaded certificate file '/etc/ipsec.d/cacerts/researchCert.pem' Jul 20 16:22:23 moon charon: 08[CFG] added ca 'research' Jul 20 16:22:23 moon charon: 10[CFG] received stroke: add ca 'sales' Jul 20 16:22:23 moon charon: 10[LIB] loaded certificate file '/etc/ipsec.d/cacerts/salesCert.pem' Jul 20 16:22:23 moon charon: 10[CFG] added ca 'sales' Jul 20 16:22:23 moon charon: 12[CFG] received stroke: add connection 'alice' Jul 20 16:22:23 moon charon: 12[LIB] loaded certificate file '/etc/ipsec.d/certs/moonCert.pem' Jul 20 16:22:23 moon charon: 12[CFG] added configuration 'alice': 192.168.0.1[moon.strongswan.org]...%any[%any] Jul 20 16:22:23 moon charon: 14[CFG] received stroke: add connection 'venus' Jul 20 16:22:23 moon charon: 14[LIB] loaded certificate file '/etc/ipsec.d/certs/moonCert.pem' Jul 20 16:22:23 moon charon: 14[CFG] added configuration 'venus': 192.168.0.1[moon.strongswan.org]...%any[%any] Jul 20 16:22:26 moon charon: 09[NET] received packet: from 192.168.0.100[500] to 192.168.0.1[500] Jul 20 16:22:26 moon charon: 09[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ] Jul 20 16:22:26 moon charon: 09[IKE] 192.168.0.100 is initiating an IKE_SA Jul 20 16:22:26 moon charon: 09[IKE] sending cert request for "C=CH, O=Linux strongSwan, OU=Research, CN=Research CA" Jul 20 16:22:26 moon charon: 09[IKE] sending cert request for "C=CH, O=Linux strongSwan, CN=strongSwan Root CA" Jul 20 16:22:26 moon charon: 09[IKE] sending cert request for "C=CH, O=Linux strongSwan, OU=Sales, CN=Sales CA" Jul 20 16:22:26 moon charon: 09[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ ] Jul 20 16:22:26 moon charon: 09[NET] sending packet: from 192.168.0.1[500] to 192.168.0.100[500] Jul 20 16:22:26 moon charon: 03[NET] received packet: from 192.168.0.100[4500] to 192.168.0.1[4500] Jul 20 16:22:26 moon charon: 03[ENC] parsed IKE_AUTH request 1 [ IDi CERT CERTREQ IDr AUTH SA TSi TSr N(MOBIKE_SUP) N(ADD_6_ADDR) ] Jul 20 16:22:26 moon charon: 03[IKE] received cert request for "C=CH, O=Linux strongSwan, CN=strongSwan Root CA" Jul 20 16:22:26 moon charon: 03[IKE] received end entity cert "C=CH, O=Linux strongSwan, OU=Research, CN=carol@strongswan.org" Jul 20 16:22:26 moon charon: 03[CFG] using certificate "C=CH, O=Linux strongSwan, OU=Research, CN=carol@strongswan.org" Jul 20 16:22:26 moon charon: 03[CFG] using trusted intermediate ca certificate "C=CH, O=Linux strongSwan, OU=Research, CN=Research CA" Jul 20 16:22:26 moon charon: 03[CFG] checking certificate status of "C=CH, O=Linux strongSwan, OU=Research, CN=carol@strongswan.org" Jul 20 16:22:26 moon charon: 03[CFG] requesting ocsp status from 'http://ocsp.strongswan.org:8881' ... Jul 20 16:22:26 moon charon: 03[CFG] using certificate "C=CH, O=Linux strongSwan, OU=Research OCSP Signing Authority, CN=ocsp.research.strongswan.org" Jul 20 16:22:26 moon charon: 03[CFG] using trusted intermediate ca certificate "C=CH, O=Linux strongSwan, OU=Research, CN=Research CA" Jul 20 16:22:26 moon charon: 03[CFG] using trusted ca certificate "C=CH, O=Linux strongSwan, CN=strongSwan Root CA" Jul 20 16:22:26 moon charon: 03[CFG] ocsp response correctly signed by "C=CH, O=Linux strongSwan, OU=Research OCSP Signing Authority, CN=ocsp.research.strongswan.org" Jul 20 16:22:26 moon charon: 03[CFG] ocsp response is valid: until Jul 20 16:27:26 2009 Jul 20 16:22:26 moon charon: 03[CFG] certificate status is good Jul 20 16:22:26 moon charon: 03[CFG] using trusted ca certificate "C=CH, O=Linux strongSwan, CN=strongSwan Root CA" Jul 20 16:22:26 moon charon: 03[CFG] checking certificate status of "C=CH, O=Linux strongSwan, OU=Research, CN=Research CA" Jul 20 16:22:26 moon charon: 03[CFG] using certificate "C=CH, O=Linux strongSwan, OU=Research OCSP Signing Authority, CN=ocsp.research.strongswan.org" Jul 20 16:22:26 moon charon: 03[CFG] using trusted intermediate ca certificate "C=CH, O=Linux strongSwan, OU=Research, CN=Research CA" Jul 20 16:22:26 moon charon: 03[CFG] using trusted ca certificate "C=CH, O=Linux strongSwan, CN=strongSwan Root CA" Jul 20 16:22:26 moon charon: 03[CFG] ocsp response correctly signed by "C=CH, O=Linux strongSwan, OU=Research OCSP Signing Authority, CN=ocsp.research.strongswan.org" Jul 20 16:22:26 moon charon: 03[CFG] ocsp response contains no status on our certificate Jul 20 16:22:26 moon charon: 03[CFG] requesting ocsp status from 'http://ocsp.strongswan.org:8880' ... Jul 20 16:22:26 moon charon: 03[CFG] using certificate "C=CH, O=Linux strongSwan, OU=OCSP Signing Authority, CN=ocsp.strongswan.org" Jul 20 16:22:26 moon charon: 03[CFG] using trusted ca certificate "C=CH, O=Linux strongSwan, CN=strongSwan Root CA" Jul 20 16:22:26 moon charon: 03[CFG] ocsp response correctly signed by "C=CH, O=Linux strongSwan, OU=OCSP Signing Authority, CN=ocsp.strongswan.org" Jul 20 16:22:26 moon charon: 03[CFG] ocsp response is valid: until Jul 20 16:27:26 2009 Jul 20 16:22:26 moon charon: 03[CFG] certificate status is good Jul 20 16:22:26 moon charon: 03[IKE] authentication of 'C=CH, O=Linux strongSwan, OU=Research, CN=carol@strongswan.org' with RSA signature successful Jul 20 16:22:26 moon charon: 03[CFG] constraint check failed: peer not authenticated by CA 'C=CH, O=Linux strongSwan, OU=Sales, CN=Sales CA'. Jul 20 16:22:26 moon charon: 03[CFG] found matching peer config "alice": moon.strongswan.org...%any with prio 21.5 Jul 20 16:22:26 moon charon: 03[IKE] peer supports MOBIKE Jul 20 16:22:26 moon charon: 03[IKE] authentication of 'moon.strongswan.org' (myself) with RSA signature successful Jul 20 16:22:26 moon charon: 03[IKE] scheduling reauthentication in 3330s Jul 20 16:22:26 moon charon: 03[IKE] maximum IKE_SA lifetime 3510s Jul 20 16:22:26 moon charon: 03[IKE] IKE_SA alice[1] established between 192.168.0.1[moon.strongswan.org]...192.168.0.100[C=CH, O=Linux strongSwan, OU=Research, CN=carol@strongswan.org] Jul 20 16:22:26 moon charon: 03[IKE] sending end entity cert "C=CH, O=Linux strongSwan, CN=moon.strongswan.org" Jul 20 16:22:26 moon charon: 03[KNL] no local address found in traffic selector 10.1.0.10/32 Jul 20 16:22:26 moon charon: 03[IKE] CHILD_SA alice{1} established with SPIs c1bb682c_i c6ef70d3_o and TS 10.1.0.10/32 === 192.168.0.100/32 Jul 20 16:22:26 moon charon: 03[ENC] generating IKE_AUTH response 1 [ IDr CERT AUTH SA TSi TSr N(AUTH_LFT) N(MOBIKE_SUP) N(ADD_4_ADDR) N(ADD_6_ADDR) N(ADD_6_ADDR) ] Jul 20 16:22:26 moon charon: 03[NET] sending packet: from 192.168.0.1[4500] to 192.168.0.100[4500] Jul 20 16:22:27 moon charon: 11[NET] received packet: from 192.168.0.200[500] to 192.168.0.1[500] Jul 20 16:22:27 moon charon: 11[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ] Jul 20 16:22:27 moon charon: 11[IKE] 192.168.0.200 is initiating an IKE_SA Jul 20 16:22:27 moon charon: 11[IKE] sending cert request for "C=CH, O=Linux strongSwan, OU=Research, CN=Research CA" Jul 20 16:22:27 moon charon: 11[IKE] sending cert request for "C=CH, O=Linux strongSwan, CN=strongSwan Root CA" Jul 20 16:22:27 moon charon: 11[IKE] sending cert request for "C=CH, O=Linux strongSwan, OU=Sales, CN=Sales CA" Jul 20 16:22:27 moon charon: 11[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ ] Jul 20 16:22:27 moon charon: 11[NET] sending packet: from 192.168.0.1[500] to 192.168.0.200[500] Jul 20 16:22:27 moon charon: 08[NET] received packet: from 192.168.0.200[4500] to 192.168.0.1[4500] Jul 20 16:22:27 moon charon: 08[ENC] parsed IKE_AUTH request 1 [ IDi CERT CERTREQ IDr AUTH SA TSi TSr N(MOBIKE_SUP) N(ADD_6_ADDR) ] Jul 20 16:22:27 moon charon: 08[IKE] received cert request for "C=CH, O=Linux strongSwan, CN=strongSwan Root CA" Jul 20 16:22:27 moon charon: 08[IKE] received end entity cert "C=CH, O=Linux strongSwan, OU=Sales, CN=dave@strongswan.org" Jul 20 16:22:27 moon charon: 08[CFG] using certificate "C=CH, O=Linux strongSwan, OU=Sales, CN=dave@strongswan.org" Jul 20 16:22:27 moon charon: 08[CFG] using trusted intermediate ca certificate "C=CH, O=Linux strongSwan, OU=Sales, CN=Sales CA" Jul 20 16:22:27 moon charon: 08[CFG] checking certificate status of "C=CH, O=Linux strongSwan, OU=Sales, CN=dave@strongswan.org" Jul 20 16:22:27 moon charon: 08[CFG] using certificate "C=CH, O=Linux strongSwan, OU=Research OCSP Signing Authority, CN=ocsp.research.strongswan.org" Jul 20 16:22:27 moon charon: 08[CFG] using trusted intermediate ca certificate "C=CH, O=Linux strongSwan, OU=Research, CN=Research CA" Jul 20 16:22:27 moon charon: 08[CFG] using trusted ca certificate "C=CH, O=Linux strongSwan, CN=strongSwan Root CA" Jul 20 16:22:27 moon charon: 08[CFG] ocsp response correctly signed by "C=CH, O=Linux strongSwan, OU=Research OCSP Signing Authority, CN=ocsp.research.strongswan.org" Jul 20 16:22:27 moon charon: 08[CFG] ocsp response contains no status on our certificate Jul 20 16:22:27 moon charon: 08[CFG] using certificate "C=CH, O=Linux strongSwan, OU=OCSP Signing Authority, CN=ocsp.strongswan.org" Jul 20 16:22:27 moon charon: 08[CFG] using trusted ca certificate "C=CH, O=Linux strongSwan, CN=strongSwan Root CA" Jul 20 16:22:27 moon charon: 08[CFG] ocsp response correctly signed by "C=CH, O=Linux strongSwan, OU=OCSP Signing Authority, CN=ocsp.strongswan.org" Jul 20 16:22:27 moon charon: 08[CFG] ocsp response contains no status on our certificate Jul 20 16:22:27 moon charon: 08[CFG] requesting ocsp status from 'http://ocsp.strongswan.org:8882' ... Jul 20 16:22:27 moon charon: 08[CFG] using certificate "C=CH, O=Linux strongSwan, OU=Sales OCSP Signing Authority, CN=ocsp.sales.strongswan.org" Jul 20 16:22:27 moon charon: 08[CFG] using trusted intermediate ca certificate "C=CH, O=Linux strongSwan, OU=Sales, CN=Sales CA" Jul 20 16:22:27 moon charon: 08[CFG] using trusted ca certificate "C=CH, O=Linux strongSwan, CN=strongSwan Root CA" Jul 20 16:22:27 moon charon: 08[CFG] ocsp response correctly signed by "C=CH, O=Linux strongSwan, OU=Sales OCSP Signing Authority, CN=ocsp.sales.strongswan.org" Jul 20 16:22:27 moon charon: 08[CFG] ocsp response is valid: until Jul 20 16:27:27 2009 Jul 20 16:22:27 moon charon: 08[CFG] certificate status is good Jul 20 16:22:27 moon charon: 08[CFG] using trusted ca certificate "C=CH, O=Linux strongSwan, CN=strongSwan Root CA" Jul 20 16:22:27 moon charon: 08[CFG] checking certificate status of "C=CH, O=Linux strongSwan, OU=Sales, CN=Sales CA" Jul 20 16:22:27 moon charon: 08[CFG] using certificate "C=CH, O=Linux strongSwan, OU=Research OCSP Signing Authority, CN=ocsp.research.strongswan.org" Jul 20 16:22:27 moon charon: 08[CFG] using trusted intermediate ca certificate "C=CH, O=Linux strongSwan, OU=Research, CN=Research CA" Jul 20 16:22:27 moon charon: 08[CFG] using trusted ca certificate "C=CH, O=Linux strongSwan, CN=strongSwan Root CA" Jul 20 16:22:27 moon charon: 08[CFG] ocsp response correctly signed by "C=CH, O=Linux strongSwan, OU=Research OCSP Signing Authority, CN=ocsp.research.strongswan.org" Jul 20 16:22:27 moon charon: 08[CFG] ocsp response contains no status on our certificate Jul 20 16:22:27 moon charon: 08[CFG] using certificate "C=CH, O=Linux strongSwan, OU=OCSP Signing Authority, CN=ocsp.strongswan.org" Jul 20 16:22:27 moon charon: 08[CFG] using trusted ca certificate "C=CH, O=Linux strongSwan, CN=strongSwan Root CA" Jul 20 16:22:27 moon charon: 08[CFG] ocsp response correctly signed by "C=CH, O=Linux strongSwan, OU=OCSP Signing Authority, CN=ocsp.strongswan.org" Jul 20 16:22:27 moon charon: 08[CFG] ocsp response contains no status on our certificate Jul 20 16:22:27 moon charon: 08[CFG] using certificate "C=CH, O=Linux strongSwan, OU=Sales OCSP Signing Authority, CN=ocsp.sales.strongswan.org" Jul 20 16:22:27 moon charon: 08[CFG] using trusted intermediate ca certificate "C=CH, O=Linux strongSwan, OU=Sales, CN=Sales CA" Jul 20 16:22:27 moon charon: 08[CFG] using trusted ca certificate "C=CH, O=Linux strongSwan, CN=strongSwan Root CA" Jul 20 16:22:27 moon charon: 08[CFG] ocsp response correctly signed by "C=CH, O=Linux strongSwan, OU=Sales OCSP Signing Authority, CN=ocsp.sales.strongswan.org" Jul 20 16:22:27 moon charon: 08[CFG] ocsp response contains no status on our certificate Jul 20 16:22:27 moon charon: 08[CFG] requesting ocsp status from 'http://ocsp.strongswan.org:8880' ... Jul 20 16:22:27 moon charon: 08[CFG] using certificate "C=CH, O=Linux strongSwan, OU=OCSP Signing Authority, CN=ocsp.strongswan.org" Jul 20 16:22:27 moon charon: 08[CFG] using trusted ca certificate "C=CH, O=Linux strongSwan, CN=strongSwan Root CA" Jul 20 16:22:27 moon charon: 08[CFG] ocsp response correctly signed by "C=CH, O=Linux strongSwan, OU=OCSP Signing Authority, CN=ocsp.strongswan.org" Jul 20 16:22:27 moon charon: 08[CFG] ocsp response is valid: until Jul 20 16:27:27 2009 Jul 20 16:22:27 moon charon: 08[CFG] certificate status is good Jul 20 16:22:27 moon charon: 08[IKE] authentication of 'C=CH, O=Linux strongSwan, OU=Sales, CN=dave@strongswan.org' with RSA signature successful Jul 20 16:22:27 moon charon: 08[CFG] constraint check failed: peer not authenticated by CA 'C=CH, O=Linux strongSwan, OU=Research, CN=Research CA'. Jul 20 16:22:27 moon charon: 08[CFG] found matching peer config "venus": moon.strongswan.org...%any with prio 21.5 Jul 20 16:22:27 moon charon: 08[IKE] peer supports MOBIKE Jul 20 16:22:27 moon charon: 08[IKE] authentication of 'moon.strongswan.org' (myself) with RSA signature successful Jul 20 16:22:27 moon charon: 08[IKE] scheduling reauthentication in 3375s Jul 20 16:22:27 moon charon: 08[IKE] maximum IKE_SA lifetime 3555s Jul 20 16:22:27 moon charon: 08[IKE] IKE_SA venus[2] established between 192.168.0.1[moon.strongswan.org]...192.168.0.200[C=CH, O=Linux strongSwan, OU=Sales, CN=dave@strongswan.org] Jul 20 16:22:27 moon charon: 08[IKE] sending end entity cert "C=CH, O=Linux strongSwan, CN=moon.strongswan.org" Jul 20 16:22:27 moon charon: 08[KNL] no local address found in traffic selector 10.1.0.20/32 Jul 20 16:22:27 moon charon: 08[IKE] CHILD_SA venus{2} established with SPIs c6e33b7c_i cb2a0f6f_o and TS 10.1.0.20/32 === 192.168.0.200/32 Jul 20 16:22:27 moon charon: 08[ENC] generating IKE_AUTH response 1 [ IDr CERT AUTH SA TSi TSr N(AUTH_LFT) N(MOBIKE_SUP) N(ADD_4_ADDR) N(ADD_6_ADDR) N(ADD_6_ADDR) ] Jul 20 16:22:27 moon charon: 08[NET] sending packet: from 192.168.0.1[4500] to 192.168.0.200[4500] Jul 20 16:22:41 moon charon: 01[DMN] signal of type SIGINT received. Shutting down Jul 20 16:22:41 moon charon: 01[IKE] deleting IKE_SA alice[1] between 192.168.0.1[moon.strongswan.org]...192.168.0.100[C=CH, O=Linux strongSwan, OU=Research, CN=carol@strongswan.org] Jul 20 16:22:41 moon charon: 01[IKE] sending DELETE for IKE_SA alice[1] Jul 20 16:22:41 moon charon: 01[ENC] generating INFORMATIONAL request 0 [ D ] Jul 20 16:22:41 moon charon: 01[NET] sending packet: from 192.168.0.1[4500] to 192.168.0.100[4500] Jul 20 16:22:41 moon charon: 01[IKE] deleting IKE_SA venus[2] between 192.168.0.1[moon.strongswan.org]...192.168.0.200[C=CH, O=Linux strongSwan, OU=Sales, CN=dave@strongswan.org] Jul 20 16:22:41 moon charon: 01[IKE] sending DELETE for IKE_SA venus[2] Jul 20 16:22:41 moon charon: 01[ENC] generating INFORMATIONAL request 0 [ D ] Jul 20 16:22:41 moon charon: 01[NET] sending packet: from 192.168.0.1[4500] to 192.168.0.200[4500]