Unable to find IKEv2 messages. Strongswan might be running with IKEv2 turned off or alternatively, your log files have been emptied (ie, logwatch) cr3 Sun Oct 8 13:05:15 UTC 2017 + _________________________ version + ipsec --version Linux strongSwan U4.5.2/K3.13.11-1-amd64-vyos Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil, Switzerland See 'ipsec --copyright' for copyright information. + _________________________ /proc/net/pfkey + test -r /proc/net/pfkey + cat /proc/net/pfkey sk RefCnt Rmem Wmem User Inode + _________________________ ip-xfrm-state + ip -s xfrm state src 10.0.0.3 dst 10.0.0.1 proto esp spi 0xb5c9c14e(3049898318) reqid 2(0x00000002) mode tunnel replay-window 32 seq 0x00000000 flag af-unspec (0x00100000) mark 9437185/0xffffffff auth-trunc hmac(sha256) 0xa02dca1ddb9bcda8a58094bdc2ef1731eb5cbff543d0b66164f0321a95534e81 (256 bits) 128 enc cbc(aes) 0xaee9c8de212b521533280b112e2af131 (128 bits) lifetime config: limit: soft (INF)(bytes), hard (INF)(bytes) limit: soft (INF)(packets), hard (INF)(packets) expire add: soft 3054(sec), hard 3600(sec) expire use: soft 0(sec), hard 0(sec) lifetime current: 0(bytes), 0(packets) add 2017-10-08 13:05:06 use - stats: replay-window 0 replay 0 failed 0 src 10.0.0.1 dst 10.0.0.3 proto esp spi 0xc66d5403(3329053699) reqid 2(0x00000002) mode tunnel replay-window 32 seq 0x00000000 flag af-unspec (0x00100000) mark 9437185/0xffffffff auth-trunc hmac(sha256) 0x98073b7cda3e8419ba03c14b8f6fe9eef50d77030af8503f1855d994ecb835ae (256 bits) 128 enc cbc(aes) 0xbc81d9a238982201de82059677e47757 (128 bits) lifetime config: limit: soft (INF)(bytes), hard (INF)(bytes) limit: soft (INF)(packets), hard (INF)(packets) expire add: soft 2954(sec), hard 3600(sec) expire use: soft 0(sec), hard 0(sec) lifetime current: 0(bytes), 0(packets) add 2017-10-08 13:05:06 use - stats: replay-window 0 replay 0 failed 0 + _________________________ ip-xfrm-policy + ip -s xfrm policy src 0.0.0.0/0 dst 0.0.0.0/0 uid 0 dir fwd action allow index 1786 priority 2051 ptype main share any flag (0x00000000) lifetime config: limit: soft (INF)(bytes), hard (INF)(bytes) limit: soft (INF)(packets), hard (INF)(packets) expire add: soft 0(sec), hard 0(sec) expire use: soft 0(sec), hard 0(sec) lifetime current: 0(bytes), 0(packets) add 2017-10-08 13:05:06 use - mark 9437185/0xffffffff tmpl src 10.0.0.1 dst 10.0.0.3 proto esp spi 0x00000000(0) reqid 2(0x00000002) mode tunnel level required share any enc-mask ffffffff auth-mask ffffffff comp-mask ffffffff src 0.0.0.0/0 dst 0.0.0.0/0 uid 0 dir in action allow index 1776 priority 2051 ptype main share any flag (0x00000000) lifetime config: limit: soft (INF)(bytes), hard (INF)(bytes) limit: soft (INF)(packets), hard (INF)(packets) expire add: soft 0(sec), hard 0(sec) expire use: soft 0(sec), hard 0(sec) lifetime current: 0(bytes), 0(packets) add 2017-10-08 13:05:06 use - mark 9437185/0xffffffff tmpl src 10.0.0.1 dst 10.0.0.3 proto esp spi 0x00000000(0) reqid 2(0x00000002) mode tunnel level required share any enc-mask ffffffff auth-mask ffffffff comp-mask ffffffff src 0.0.0.0/0 dst 0.0.0.0/0 uid 0 dir out action allow index 1769 priority 2051 ptype main share any flag (0x00000000) lifetime config: limit: soft (INF)(bytes), hard (INF)(bytes) limit: soft (INF)(packets), hard (INF)(packets) expire add: soft 0(sec), hard 0(sec) expire use: soft 0(sec), hard 0(sec) lifetime current: 0(bytes), 0(packets) add 2017-10-08 13:05:06 use - mark 9437185/0xffffffff tmpl src 10.0.0.3 dst 10.0.0.1 proto esp spi 0x00000000(0) reqid 2(0x00000002) mode tunnel level required share any enc-mask ffffffff auth-mask ffffffff comp-mask ffffffff src ::/0 dst ::/0 uid 0 socket out action allow index 1852 priority 0 ptype main share any flag (0x00000000) lifetime config: limit: soft (INF)(bytes), hard (INF)(bytes) limit: soft (INF)(packets), hard (INF)(packets) expire add: soft 0(sec), hard 0(sec) expire use: soft 0(sec), hard 0(sec) lifetime current: 0(bytes), 0(packets) add 2017-10-08 13:05:06 use - src ::/0 dst ::/0 uid 0 socket in action allow index 1843 priority 0 ptype main share any flag (0x00000000) lifetime config: limit: soft (INF)(bytes), hard (INF)(bytes) limit: soft (INF)(packets), hard (INF)(packets) expire add: soft 0(sec), hard 0(sec) expire use: soft 0(sec), hard 0(sec) lifetime current: 0(bytes), 0(packets) add 2017-10-08 13:05:06 use - src 0.0.0.0/0 dst 0.0.0.0/0 uid 0 socket out action allow index 1836 priority 0 ptype main share any flag (0x00000000) lifetime config: limit: soft (INF)(bytes), hard (INF)(bytes) limit: soft (INF)(packets), hard (INF)(packets) expire add: soft 0(sec), hard 0(sec) expire use: soft 0(sec), hard 0(sec) lifetime current: 0(bytes), 0(packets) add 2017-10-08 13:05:06 use - src 0.0.0.0/0 dst 0.0.0.0/0 uid 0 socket in action allow index 1827 priority 0 ptype main share any flag (0x00000000) lifetime config: limit: soft (INF)(bytes), hard (INF)(bytes) limit: soft (INF)(packets), hard (INF)(packets) expire add: soft 0(sec), hard 0(sec) expire use: soft 0(sec), hard 0(sec) lifetime current: 0(bytes), 0(packets) add 2017-10-08 13:05:06 use - src 0.0.0.0/0 dst 0.0.0.0/0 uid 0 socket out action allow index 1820 priority 0 ptype main share any flag (0x00000000) lifetime config: limit: soft (INF)(bytes), hard (INF)(bytes) limit: soft (INF)(packets), hard (INF)(packets) expire add: soft 0(sec), hard 0(sec) expire use: soft 0(sec), hard 0(sec) lifetime current: 0(bytes), 0(packets) add 2017-10-08 13:05:06 use - src 0.0.0.0/0 dst 0.0.0.0/0 uid 0 socket in action allow index 1811 priority 0 ptype main share any flag (0x00000000) lifetime config: limit: soft (INF)(bytes), hard (INF)(bytes) limit: soft (INF)(packets), hard (INF)(packets) expire add: soft 0(sec), hard 0(sec) expire use: soft 0(sec), hard 0(sec) lifetime current: 0(bytes), 0(packets) add 2017-10-08 13:05:06 use - src 0.0.0.0/0 dst 0.0.0.0/0 uid 0 socket out action allow index 1804 priority 0 ptype main share any flag (0x00000000) lifetime config: limit: soft (INF)(bytes), hard (INF)(bytes) limit: soft (INF)(packets), hard (INF)(packets) expire add: soft 0(sec), hard 0(sec) expire use: soft 0(sec), hard 0(sec) lifetime current: 0(bytes), 0(packets) add 2017-10-08 13:05:06 use - src 0.0.0.0/0 dst 0.0.0.0/0 uid 0 socket in action allow index 1795 priority 0 ptype main share any flag (0x00000000) lifetime config: limit: soft (INF)(bytes), hard (INF)(bytes) limit: soft (INF)(packets), hard (INF)(packets) expire add: soft 0(sec), hard 0(sec) expire use: soft 0(sec), hard 0(sec) lifetime current: 0(bytes), 0(packets) add 2017-10-08 13:05:06 use 2017-10-08 13:05:06 src ::/0 dst ::/0 uid 0 socket in action allow index 1763 priority 0 ptype main share any flag (0x00000000) lifetime config: limit: soft 0(bytes), hard 0(bytes) limit: soft 0(packets), hard 0(packets) expire add: soft 0(sec), hard 0(sec) expire use: soft 0(sec), hard 0(sec) lifetime current: 0(bytes), 0(packets) add 2017-10-08 13:05:06 use - src ::/0 dst ::/0 uid 0 socket out action allow index 1756 priority 0 ptype main share any flag (0x00000000) lifetime config: limit: soft 0(bytes), hard 0(bytes) limit: soft 0(packets), hard 0(packets) expire add: soft 0(sec), hard 0(sec) expire use: soft 0(sec), hard 0(sec) lifetime current: 0(bytes), 0(packets) add 2017-10-08 13:05:06 use - src ::/0 dst ::/0 uid 0 socket in action allow index 1747 priority 0 ptype main share any flag (0x00000000) lifetime config: limit: soft 0(bytes), hard 0(bytes) limit: soft 0(packets), hard 0(packets) expire add: soft 0(sec), hard 0(sec) expire use: soft 0(sec), hard 0(sec) lifetime current: 0(bytes), 0(packets) add 2017-10-08 13:05:06 use - src ::/0 dst ::/0 uid 0 socket out action allow index 1740 priority 0 ptype main share any flag (0x00000000) lifetime config: limit: soft 0(bytes), hard 0(bytes) limit: soft 0(packets), hard 0(packets) expire add: soft 0(sec), hard 0(sec) expire use: soft 0(sec), hard 0(sec) lifetime current: 0(bytes), 0(packets) add 2017-10-08 13:05:06 use - src ::/0 dst ::/0 uid 0 socket in action allow index 1731 priority 0 ptype main share any flag (0x00000000) lifetime config: limit: soft 0(bytes), hard 0(bytes) limit: soft 0(packets), hard 0(packets) expire add: soft 0(sec), hard 0(sec) expire use: soft 0(sec), hard 0(sec) lifetime current: 0(bytes), 0(packets) add 2017-10-08 13:05:06 use - src ::/0 dst ::/0 uid 0 socket out action allow index 1724 priority 0 ptype main share any flag (0x00000000) lifetime config: limit: soft 0(bytes), hard 0(bytes) limit: soft 0(packets), hard 0(packets) expire add: soft 0(sec), hard 0(sec) expire use: soft 0(sec), hard 0(sec) lifetime current: 0(bytes), 0(packets) add 2017-10-08 13:05:06 use - src 0.0.0.0/0 dst 0.0.0.0/0 uid 0 socket in action allow index 1715 priority 0 ptype main share any flag (0x00000000) lifetime config: limit: soft 0(bytes), hard 0(bytes) limit: soft 0(packets), hard 0(packets) expire add: soft 0(sec), hard 0(sec) expire use: soft 0(sec), hard 0(sec) lifetime current: 0(bytes), 0(packets) add 2017-10-08 13:05:06 use 2017-10-08 13:05:11 src 0.0.0.0/0 dst 0.0.0.0/0 uid 0 socket out action allow index 1708 priority 0 ptype main share any flag (0x00000000) lifetime config: limit: soft 0(bytes), hard 0(bytes) limit: soft 0(packets), hard 0(packets) expire add: soft 0(sec), hard 0(sec) expire use: soft 0(sec), hard 0(sec) lifetime current: 0(bytes), 0(packets) add 2017-10-08 13:05:06 use 2017-10-08 13:05:06 src 0.0.0.0/0 dst 0.0.0.0/0 uid 0 socket in action allow index 1699 priority 0 ptype main share any flag (0x00000000) lifetime config: limit: soft 0(bytes), hard 0(bytes) limit: soft 0(packets), hard 0(packets) expire add: soft 0(sec), hard 0(sec) expire use: soft 0(sec), hard 0(sec) lifetime current: 0(bytes), 0(packets) add 2017-10-08 13:05:06 use - src 0.0.0.0/0 dst 0.0.0.0/0 uid 0 socket out action allow index 1692 priority 0 ptype main share any flag (0x00000000) lifetime config: limit: soft 0(bytes), hard 0(bytes) limit: soft 0(packets), hard 0(packets) expire add: soft 0(sec), hard 0(sec) expire use: soft 0(sec), hard 0(sec) lifetime current: 0(bytes), 0(packets) add 2017-10-08 13:05:06 use 2017-10-08 13:05:06 src 0.0.0.0/0 dst 0.0.0.0/0 uid 0 socket in action allow index 1683 priority 0 ptype main share any flag (0x00000000) lifetime config: limit: soft 0(bytes), hard 0(bytes) limit: soft 0(packets), hard 0(packets) expire add: soft 0(sec), hard 0(sec) expire use: soft 0(sec), hard 0(sec) lifetime current: 0(bytes), 0(packets) add 2017-10-08 13:05:06 use 2017-10-08 13:05:11 src 0.0.0.0/0 dst 0.0.0.0/0 uid 0 (0x00000000) lifetime config: limit: soft 0(bytes), hard 0(bytes) limit: soft 0(packets), hard 0(packets) expire add: soft 0(sec), hard 0(sec) expire use: soft 0(sec), hard 0(sec) lifetime current: 0(bytes), 0(packets) add 2017-10-08 13:05:06 use - + _________________________ /proc/sys/net/ipsec-star + test -d /proc/sys/net/ipsec + _________________________ ipsec/status + ipsec statusall 000 Status of IKEv1 pluto daemon (strongSwan 4.5.2): 000 interface lo/lo ::1:500 000 interface lo/lo 127.0.0.1:500 000 interface lo/lo 192.168.101.103:500 000 interface eth0/eth0 10.0.0.3:500 000 %myid = '%any' 000 loaded plugins: test-vectors curl ldap aes des sha1 sha2 md5 random x509 pkcs1 pgp dnskey pem openssl gmp hmac xauth attr kernel-netlink resolve 000 debug options: raw+crypt+parsing+emitting+control+lifecycle+kernel+dns+natt+oppo+controlmore 000 Status of IKEv2 charon daemon (strongSwan 4.5.2): uptime: 10 seconds, since Oct 08 13:05:05 2017 malloc: sbrk 270336, mmap 0, used 237328, free 33008 worker threads: 7 idle of 16, job queue load: 0, scheduled events: 3 loaded plugins: test-vectors curl ldap aes des sha1 sha2 md5 random x509 revocation constraints pubkey pkcs1 pgp pem openssl fips-prf gmp agent pkcs11 xcbc hmac ctr ccm gcm attr kernel-netlink resolve socket-raw farp stroke updown eap-identity eap-aka eap-md5 eap-gtc eap-mschapv2 eap-radius eap-tls eap-ttls eap-tnc dhcp led addrblock Listening IP addresses: 10.0.0.3 Connections: peer-10.0.0.1-tunnel-vti: 10.0.0.3...10.0.0.1, dpddelay=15s peer-10.0.0.1-tunnel-vti: local: [10.0.0.3] uses pre-shared key authentication peer-10.0.0.1-tunnel-vti: remote: [10.0.0.1] uses any authentication peer-10.0.0.1-tunnel-vti: child: 0.0.0.0/0 === 0.0.0.0/0 , dpdaction=clear Routed Connections: peer-10.0.0.1-tunnel-vti{1}: ROUTED, TUNNEL peer-10.0.0.1-tunnel-vti{1}: 0.0.0.0/0 === 0.0.0.0/0 Security Associations: .0.0.1[10.0.0.1] peer-10.0.0.1-tunnel-vti[1]: IKE SPIs: c1a3ed81e2e0c22d_i* 2078e9cf102b9cea_r, rekeying in 15 minutes peer-10.0.0.1-tunnel-vti[1]: IKE proposal: AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048_256 peer-10.0.0.1-tunnel-vti{2}: INSTALLED, TUNNEL, ESP SPIs: c66d5403_i b5c9c14e_o peer-10.0.0.1-tunnel-vti{2}: AES_CBC_128/HMAC_SHA2_256_128, 0 bytes_i, 0 bytes_o, rekeying in 50 minutes peer-10.0.0.1-tunnel-vti{2}: 0.0.0.0/0 === 0.0.0.0/0 + _________________________ routing/tables + ip rule list 0: from all lookup local 32766: from all lookup main 32766: from all lookup main 32766: from all lookup main 32767: from all lookup default + _________________________ ip/route + /opt/vyatta/bin/vtyshow.pl show ip route Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF, I - ISIS, B - BGP, > - selected route, * - FIB route K>* 0.0.0.0/0 via 10.0.0.1, eth0 C>* 10.0.0.0/24 is directly connected, eth0 C>* 127.0.0.0/8 is directly connected, lo S>* 192.168.101.101/32 [1/0] via 192.168.101.1 (recursive via 10.0.0.1) C>* 192.168.101.103/32 is directly connected, lo + _________________________ ipsec/directory + ipsec --directory /usr/lib/ipsec + _________________________ ps + egrep -i 'ppid|pluto|ipsec|klips' + ps alxwf F UID PID PPID PRI NI VSZ RSS WCHAN STAT TTY TIME COMMAND 4 0 13522 13521 20 0 21024 1212 - S+ ttyS0 0:00 | \_ sudo /usr/lib/ipsec/barf 4 0 13523 13522 20 0 9216 1372 - S+ ttyS0 0:00 | \_ /bin/sh /usr/lib/ipsec/barf 0 0 13590 13523 20 0 6116 572 - S+ ttyS0 0:00 | \_ egrep -i ppid|pluto|ipsec|klips 1 0 13278 1 20 0 12644 520 - Ss ? 0:00 /usr/lib/ipsec/starter 4 0 13279 13278 20 0 147068 3888 - Ssl ? 0:00 \_ /usr/lib/ipsec/pluto --nofork --uniqueids --debug-all 0 0 13342 13279 20 0 8020 340 - S ? 0:00 | \_ _pluto_adns -d b/ipsec/charon --use-syslog + _________________________ ipsec/conf + /usr/lib/ipsec/_keycensor + /usr/lib/ipsec/_include /etc/ipsec.conf #< /etc/ipsec.conf 1 # generated by /opt/vyatta/sbin/vpn-config.pl version 2.0 config setup charonstart=yes interfaces="%none" plutodebug="all" conn clear auto=ignore conn clear-or-private auto=ignore conn private-or-clear auto=ignore conn private auto=ignore conn block auto=ignore conn packetdefault auto=ignore conn %default keyexchange=ikev1 conn peer-10.0.0.1-tunnel-vti left=10.0.0.3 leftid="10.0.0.3" right=10.0.0.1 rightid="10.0.0.1" leftsubnet=0.0.0.0/0 rightsubnet=0.0.0.0/0 ike=aes128-sha256-modp2048s256! keyexchange=ikev2 reauth=no ikelifetime=1800s dpddelay=15s dpdtimeout=50s dpdaction=clear esp=aes128-sha256! keylife=3600s rekeymargin=540s type=tunnel pfs=yes pfsgroup=modp4096 compress=no authby=secret mark=9437185 leftupdown="/usr/lib/ipsec/vti-up-down vti0" auto=start keyingtries=%forever #conn peer-10.0.0.1-tunnel-vti #< /etc/dmvpn.conf 1 # generated by /opt/vyatta/sbin/dmvpn-config.pl #> /etc/ipsec.conf 61 + _________________________ ipsec/secrets + /usr/lib/ipsec/_secretcensor + /usr/lib/ipsec/_include /etc/ipsec.secrets #< /etc/ipsec.secrets 1 # generated by /opt/vyatta/sbin/vpn-config.pl 10.0.0.3 10.0.0.1 10.0.0.3 10.0.0.1 : PSK "[sums to 3f9b...]" #< /etc/dmvpn.secrets 1 # generated by /opt/vyatta/sbin/dmvpn-config.pl #> /etc/ipsec.secrets 6 + _________________________ ipsec/listall + ipsec listall 000 000 List of registered IKEv1 Algorithms: 000 000 encryption: BLOWFISH_CBC[openssl] 3DES_CBC[des] AES_CBC[aes] CAMELLIA_CBC[openssl] 000 integrity: HMAC_MD5[md5] HMAC_SHA1[sha1] HMAC_SHA2_256[sha2] HMAC_SHA2_384[sha2] HMAC_SHA2_512[sha2] 000 dh-group: MODP_1024[openssl] MODP_1536[openssl] MODP_2048[openssl] MODP_3072[openssl] MODP_4096[openssl] 000 MODP_6144[openssl] MODP_8192[openssl] ECP_256[openssl] ECP_384[openssl] ECP_521[openssl] 000 MODP_1024_160[openssl] MODP_2048_224[openssl] MODP_2048_256[openssl] ECP_192[openssl] ECP_224[openssl] 000 random-gen: RNG_STRONG[random] RNG_TRUE[random] 000 000 List of registered ESP Algorithms: 000 000 encryption: DES_CBC 3DES_CBC CAST_CBC BLOWFISH_CBC NULL AES_CBC AES_CTR AES_CCM_8 AES_CCM_12 AES_CCM_16 AES_GCM_8 000 AES_GCM_12 AES_GCM_16 CAMELLIA_CBC AES_GMAC SERPENT_CBC TWOFISH_CBC 000 integrity: HMAC_MD5 HMAC_SHA1 HMAC_SHA2_256 HMAC_SHA2_384 HMAC_SHA2_512 HMAC_RIPEMD AES_XCBC_96 NULL HMAC_SHA2_256_96 List of registered IKEv2 Algorithms: encryption: AES_CBC[aes] 3DES_CBC[des] DES_CBC[des] DES_ECB[des] CAMELLIA_CBC[openssl] RC5_CBC[openssl] IDEA_CBC[openssl] CAST_CBC[openssl] BLOWFISH_CBC[openssl] NULL[openssl] AES_CTR[ctr] integrity: AES_XCBC_96[xcbc] HMAC_SHA1_96[hmac] HMAC_SHA1_128[hmac] HMAC_SHA1_160[hmac] HMAC_SHA2_256_128[hmac] HMAC_SHA2_256_256[hmac] HMAC_MD5_96[hmac] HMAC_MD5_128[hmac] HMAC_SHA2_384_192[hmac] HMAC_SHA2_384_384[hmac] HMAC_SHA2_512_256[hmac] aead: AES_CCM_8[ccm] AES_CCM_12[ccm] AES_CCM_16[ccm] AES_GCM_8[gcm] AES_GCM_12[gcm] AES_GCM_16[gcm] hasher: HASH_SHA1[sha1] HASH_SHA224[sha2] HASH_SHA256[sha2] HASH_SHA384[sha2] HASH_SHA512[sha2] HASH_MD5[md5] HASH_MD2[openssl] HASH_MD4[openssl] prf: PRF_KEYED_SHA1[sha1] PRF_FIPS_SHA1_160[fips-prf] PRF_AES128_XCBC[xcbc] PRF_HMAC_SHA1[hmac] PRF_HMAC_SHA2_256[hmac] PRF_HMAC_MD5[hmac] PRF_HMAC_SHA2_384[hmac] PRF_HMAC_SHA2_512[hmac] dh-group: MODP_2048[openssl] MODP_2048_224[openssl] MODP_2048_256[openssl] MODP_1536[openssl] ECP_256[openssl] ECP_384[openssl] ECP_521[openssl] ECP_224[openssl] ECP_192[openssl] MODP_3072[openssl] MODP_4096[openssl] MODP_6144[openssl] MODP_8192[openssl] MODP_1024[openssl] MODP_1024_160[openssl] MODP_768[openssl] MODP_CUSTOM[openssl] random-gen: RNG_STRONG[random] RNG_TRUE[random] + '[' ']' + _________________________ /proc/net/ipsec_version + test -r /proc/net/ipsec_version + test -r /proc/net/pfkey ++ uname -r + echo 'NETKEY (3.13.11-1-amd64-vyos) support detected ' NETKEY (3.13.11-1-amd64-vyos) support detected + _________________________ /proc/net/ipsec-ls + test -f /proc/net/ipsec_version + _________________________ plutolog + case "$1" in + cat + egrep -i pluto + sed -n '1886,$p' /var/log/messages Oct 8 13:05:06 cr3 pluto[13279]: Starting IKEv1 pluto daemon (strongSwan 4.5.2) THREADS SMARTCARD VENDORID CISCO_QUIRKS Oct 8 13:05:06 cr3 pluto[13279]: including NAT-Traversal patch (Version 0.6c) [disabled] Oct 8 13:05:06 cr3 pluto[13279]: failed to load pkcs11 module '/usr/lib/opensc-pkcs11.so' Oct 8 13:05:06 cr3 ipsec_starter[13278]: pluto (13279) started after 20 ms Oct 8 13:05:06 cr3 pluto[13279]: Changing to directory '/etc/ipsec.d/crls' Oct 8 13:05:06 cr3 pluto[13279]: listening for IKE messages Oct 8 13:05:06 cr3 pluto[13279]: adding interface eth0/eth0 10.0.0.3:500 Oct 8 13:05:06 cr3 pluto[13279]: adding interface lo/lo 192.168.101.103:500 Oct 8 13:05:06 cr3 pluto[13279]: adding interface lo/lo 127.0.0.1:500 Oct 8 13:05:06 cr3 pluto[13279]: adding interface lo/lo ::1:500 Oct 8 13:05:06 cr3 pluto[13279]: loading secrets from "/etc/ipsec.secrets" Oct 8 13:05:06 cr3 pluto[13279]: loaded PSK secret for 10.0.0.3 10.0.0.1 10.0.0.3 10.0.0.1 Oct 8 13:05:06 cr3 pluto[13279]: loading secrets from "/etc/dmvpn.secrets" Oct 8 13:05:06 cr3 pluto[13279]: added connection description "peer-10.0.0.1-tunnel-vti" + _________________________ charonlog + case "$1" in + cat + egrep -i charon + sed -n '1,$p' /dev/null + _________________________ date + date Sun Oct 8 13:05:15 UTC 2017