> Starting Pluto (Libreswan Version 3.29 XFRM(netkey) esp-hw-offload FORK > PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC SYSTEMD_WATCHDOG > LABELED_IPSEC LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS) > LDAP(non-NSS)) pid:7125 > ... > | forked child 7133 > seccomp security not supported > | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@14 > (in whack_handle() at rcv_whack.c:717) > | Added new connection xauth-psk with policy > PSK+ENCRYPT+TUNNEL+DONT_REKEY+XAUTH+AGGRESSIVE+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO > | ike (phase1) algorithm values: 3DES_CBC-HMAC_MD5-MODP1536, > 3DES_CBC-HMAC_SHA1-MODP1536, AES_CBC-HMAC_SHA1-MODP1536, > AES_CBC-HMAC_MD5-MODP1536 > | counting wild cards for <server.address.redacted> is 0 > | counting wild cards for (none) is 15 > | add new addresspool to global pools 10.231.247.10-10.231.247.254 size 245 > ptr 0x55b964cc9f98 > | based upon policy, the connection is a template. > | reference addresspool of conn xauth-psk[0] kind CK_TEMPLATE refcnt 0 > added connection description "xauth-psk" > | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; > keyingtries: 0; replay_window: 32; policy: > PSK+ENCRYPT+TUNNEL+DONT_REKEY+XAUTH+AGGRESSIVE+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO > | > 0.0.0.0/0===<server.address.redacted><<server.address.redacted>>[MS+XS+S=C]...%any[+MC+XC+S=C] > ... > | connect_to_host_pair: <server.address.redacted>:500 0.0.0.0:500 -> hp:none > ... > | *received 572 bytes from 192.168.12.87:1500 on vipnet (port=500) > ... > | **parse ISAKMP Message: > | initiator cookie: > | 0c 75 da 3b 07 7a f1 49 > | responder cookie: > | 00 00 00 00 00 00 00 00 > | next payload type: ISAKMP_NEXT_SA (0x1) > | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) > | exchange type: ISAKMP_XCHG_AGGR (0x4) > | flags: none (0x0) > | Message ID: 0 (0x0) > | length: 572 (0x23c) > ... > | find_host_connection me=<server.address.redacted>:500 > him=192.168.12.87:1500 policy=PSK+AGGRESSIVE+IKEV1_ALLOW > | find_host_pair: comparing <server.address.redacted>:500 to 0.0.0.0:500 > | find_next_host_connection policy=PSK+AGGRESSIVE+IKEV1_ALLOW > | find_next_host_connection returns empty > | find_host_connection me=<server.address.redacted>:500 him=%any:1500 > policy=PSK+AGGRESSIVE+IKEV1_ALLOW > | find_host_pair: comparing <server.address.redacted>:500 to 0.0.0.0:500 > | find_next_host_connection policy=PSK+AGGRESSIVE+IKEV1_ALLOW > | found policy = > PSK+ENCRYPT+TUNNEL+DONT_REKEY+XAUTH+AGGRESSIVE+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO > (xauth-psk) > | find_next_host_connection returns empty > packet from 192.168.12.87:1500: initial Aggressive Mode message from > 192.168.12.87 but no (wildcard) connection has been configured with policy > PSK+AGGRESSIVE+IKEV1_ALLOW
For some reason, it isn't even considering xauth-psk configuration. _______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
