2009:02:20-00:12:16 (none) ipsec_starter[3487]: Starting strongSwan 4.2.3 IPsec [starter]...
2009:02:20-00:12:16 (none) ipsec_starter[3499]: IP address or index of physical interface changed -> reinit of ipsec interface
2009:02:20-00:12:17 (none) pluto[3502]: Starting Pluto (strongSwan Version 4.2.3 THREADS LIBLDAP VENDORID CISCO_QUIRKS)
2009:02:20-00:12:17 (none) pluto[3502]:   including NAT-Traversal patch (Version 0.6c)
2009:02:20-00:12:17 (none) pluto[3502]: ike_alg: Activating OAKLEY_AES_CBC encryption: Ok
2009:02:20-00:12:17 (none) pluto[3502]: ike_alg: Activating OAKLEY_BLOWFISH_CBC encryption: Ok
2009:02:20-00:12:17 (none) pluto[3502]: ike_alg: Activating OAKLEY_SERPENT_CBC encryption: Ok
2009:02:20-00:12:17 (none) pluto[3502]: ike_alg: Activating OAKLEY_SHA2_256 hash: Ok
2009:02:20-00:12:17 (none) pluto[3502]: ike_alg: Activating OAKLEY_SHA2_384 hash: Ok
2009:02:20-00:12:17 (none) pluto[3502]: ike_alg: Activating OAKLEY_SHA2_512 hash: Ok
2009:02:20-00:12:17 (none) pluto[3502]: ike_alg: Activating OAKLEY_TWOFISH_CBC encryption: Ok
2009:02:20-00:12:17 (none) pluto[3502]: ike_alg: Activating OAKLEY_TWOFISH_CBC_SSH encryption: Ok
2009:02:20-00:12:17 (none) pluto[3502]: Testing registered IKE encryption algorithms:
2009:02:20-00:12:17 (none) pluto[3502]:   OAKLEY_DES_CBC self-test not available
2009:02:20-00:12:17 (none) pluto[3502]:   OAKLEY_BLOWFISH_CBC self-test not available
2009:02:20-00:12:17 (none) pluto[3502]:   OAKLEY_3DES_CBC self-test not available
2009:02:20-00:12:17 (none) pluto[3502]:   OAKLEY_AES_CBC self-test not available
2009:02:20-00:12:17 (none) pluto[3502]:   OAKLEY_SERPENT_CBC self-test not available
2009:02:20-00:12:17 (none) pluto[3502]:   OAKLEY_TWOFISH_CBC self-test not available
2009:02:20-00:12:17 (none) pluto[3502]:   OAKLEY_TWOFISH_CBC_SSH self-test not available
2009:02:20-00:12:17 (none) pluto[3502]: Testing registered IKE hash algorithms:
2009:02:20-00:12:17 (none) pluto[3502]:   OAKLEY_MD5 hash self-test passed
2009:02:20-00:12:17 (none) pluto[3502]:   OAKLEY_MD5 hmac self-test passed
2009:02:20-00:12:17 (none) pluto[3502]:   OAKLEY_SHA hash self-test passed
2009:02:20-00:12:17 (none) pluto[3502]:   OAKLEY_SHA hmac self-test passed
2009:02:20-00:12:17 (none) pluto[3502]:   OAKLEY_SHA2_256 hash self-test passed
2009:02:20-00:12:17 (none) pluto[3502]:   OAKLEY_SHA2_256 hmac self-test passed
2009:02:20-00:12:17 (none) pluto[3502]:   OAKLEY_SHA2_384 hash self-test passed
2009:02:20-00:12:17 (none) pluto[3502]:   OAKLEY_SHA2_384 hmac self-test passed
2009:02:20-00:12:17 (none) pluto[3502]:   OAKLEY_SHA2_512 hash self-test passed
2009:02:20-00:12:17 (none) pluto[3502]:   OAKLEY_SHA2_512 hmac self-test passed
2009:02:20-00:12:17 (none) pluto[3502]: All crypto self-tests passed
2009:02:20-00:12:17 (none) pluto[3502]: Using KLIPS IPsec interface code
2009:02:20-00:12:17 (none) pluto[3502]: Changing to directory '/etc/ipsec.d/cacerts'
2009:02:20-00:12:17 (none) pluto[3502]:   loaded CA cert file 'REF_kTEyxqdXBN.pem' (3017 bytes)
2009:02:20-00:12:17 (none) pluto[3502]:   loaded CA cert file 'REF_QHKekLaGZZ.pem' (2902 bytes)
2009:02:20-00:12:17 (none) pluto[3502]: Changing to directory '/etc/ipsec.d/aacerts'
2009:02:20-00:12:17 (none) pluto[3502]: Changing to directory '/etc/ipsec.d/ocspcerts'
2009:02:20-00:12:17 (none) pluto[3502]: Changing to directory '/etc/ipsec.d/crls'
2009:02:20-00:12:17 (none) pluto[3502]: listening for IKE messages
2009:02:20-00:12:17 (none) pluto[3502]: no public interfaces found
2009:02:20-00:12:17 (none) pluto[3502]: loading secrets from "/etc/ipsec.secrets"
2009:02:20-00:12:17 (none) pluto[3502]:   loaded private key file '/etc/ipsec.d/private/REF_dfLXPCvKHv.pem' (887 bytes)
2009:02:20-00:12:17 (none) pluto[3502]:   loaded shared key for 0.0.0.0 90.227.121.172 
2009:02:20-00:12:17 (none) pluto[3502]:   loaded shared key for 0.0.0.0 90.227.121.172 
2009:02:20-00:12:17 (none) pluto[3502]: added connection description "S_REF_pnKrJatNZI_0"
2009:02:20-00:12:17 (none) pluto[3502]: "S_REF_pnKrJatNZI_0": we have no ipsecN interface for either end of this connection
2009:02:20-00:12:17 (none) pluto[3502]: added connection description "S_REF_pnKrJatNZI_1"
2009:02:20-00:12:17 (none) pluto[3502]: "S_REF_pnKrJatNZI_1": we have no ipsecN interface for either end of this connection
2009:02:20-00:12:17 (none) pluto[3502]: added connection description "S_REF_RIPyjEYzFx_0"
2009:02:20-00:12:17 (none) pluto[3502]: added connection description "S_REF_RIPyjEYzFx_1"
2009:02:20-00:12:17 (none) pluto[3502]:   loaded host cert file '/etc/ipsec.d/hostcerts/x509cert.pem' (3580 bytes)
2009:02:20-00:12:17 (none) pluto[3502]:   loaded host cert file '/etc/ipsec.d/hostcerts/REF_ltHSPeLYvG_de32489d.pem' (3576 bytes)
2009:02:20-00:12:17 (none) pluto[3502]: added connection description "D_REF_lenxqVXgKL_0"
2009:02:20-00:12:17 (none) xl2tpd[3515]: This binary does not support kernel L2TP.
2009:02:20-00:12:17 (none) xl2tpd[3517]: xl2tpd version xl2tpd-1.1.12 started on (none) PID:3517
2009:02:20-00:12:17 (none) xl2tpd[3517]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
2009:02:20-00:12:17 (none) xl2tpd[3517]: Forked by Scott Balmos and David Stipp, (C) 2001
2009:02:20-00:12:17 (none) xl2tpd[3517]: Inherited by Jeff McAdams, (C) 2002
2009:02:20-00:12:17 (none) xl2tpd[3517]: Forked again by Xelerance (www.xelerance.com) (C) 2006
2009:02:20-00:12:17 (none) xl2tpd[3517]: Listening on IP address 0.0.0.0, port 1701

### Here I disabled/enabled the IPsec connection ########

2009:02:20-00:21:37 vretstorp ipsec_starter[3499]: IP address or index of physical interface changed -> reinit of ipsec interface
2009:02:20-00:21:37 vretstorp pluto[3502]: "S_REF_pnKrJatNZI_0": deleting connection
2009:02:20-00:21:37 vretstorp pluto[3502]: "S_REF_pnKrJatNZI_1": deleting connection
2009:02:20-00:21:37 vretstorp pluto[3502]: listening for IKE messages
2009:02:20-00:21:37 vretstorp pluto[3502]: adding interface ipsec0/eth1 xx.xxx.xxx.xxx:500
2009:02:20-00:21:37 vretstorp pluto[3502]: adding interface ipsec0/eth1 xx.xxx.xxx.xxx:4500
2009:02:20-00:21:37 vretstorp pluto[3502]: forgetting secrets
2009:02:20-00:21:37 vretstorp pluto[3502]: loading secrets from "/etc/ipsec.secrets"
2009:02:20-00:21:37 vretstorp pluto[3502]:   loaded private key file '/etc/ipsec.d/private/REF_dfLXPCvKHv.pem' (887 bytes)
2009:02:20-00:21:37 vretstorp pluto[3502]:   loaded shared key for 0.0.0.0 xx.xxx.xxx.xxx 
2009:02:20-00:21:37 vretstorp pluto[3502]:   loaded shared key for 0.0.0.0 xx.xxx.xxx.xxx 
2009:02:20-00:21:37 vretstorp pluto[3502]: forgetting secrets
2009:02:20-00:21:37 vretstorp pluto[3502]: loading secrets from "/etc/ipsec.secrets"
2009:02:20-00:21:37 vretstorp pluto[3502]:   loaded private key file '/etc/ipsec.d/private/REF_dfLXPCvKHv.pem' (887 bytes)
2009:02:20-00:21:37 vretstorp pluto[3502]:   loaded shared key for 0.0.0.0 xx.xxx.xxx.xxx 
2009:02:20-00:21:37 vretstorp pluto[3502]:   loaded shared key for 0.0.0.0 xx.xxx.xxx.xxx 
2009:02:20-00:21:37 vretstorp pluto[3502]: Changing to directory '/etc/ipsec.d/cacerts'
2009:02:20-00:21:37 vretstorp pluto[3502]:   loaded CA cert file 'REF_kTEyxqdXBN.pem' (3017 bytes)
2009:02:20-00:21:37 vretstorp pluto[3502]:   loaded CA cert file 'REF_QHKekLaGZZ.pem' (2902 bytes)
2009:02:20-00:21:37 vretstorp pluto[3502]: Changing to directory '/etc/ipsec.d/aacerts'
2009:02:20-00:21:37 vretstorp pluto[3502]: Changing to directory '/etc/ipsec.d/ocspcerts'
2009:02:20-00:21:37 vretstorp pluto[3502]: Changing to directory '/etc/ipsec.d/crls'
2009:02:20-00:21:58 vretstorp pluto[3502]: added connection description "S_REF_pnKrJatNZI_0"
2009:02:20-00:21:58 vretstorp pluto[3502]: "S_REF_pnKrJatNZI_0" #1: initiating Main Mode
2009:02:20-00:21:58 vretstorp pluto[3502]: added connection description "S_REF_pnKrJatNZI_1"
2009:02:20-00:21:59 vretstorp pluto[3502]: forgetting secrets
2009:02:20-00:21:59 vretstorp pluto[3502]: loading secrets from "/etc/ipsec.secrets"
2009:02:20-00:21:59 vretstorp pluto[3502]:   loaded private key file '/etc/ipsec.d/private/REF_dfLXPCvKHv.pem' (887 bytes)
2009:02:20-00:21:59 vretstorp pluto[3502]:   loaded shared key for 0.0.0.0 xx.xxx.xxx.xxx 
2009:02:20-00:21:59 vretstorp pluto[3502]:   loaded shared key for 0.0.0.0 xx.xxx.xxx.xxx 
2009:02:20-00:21:59 vretstorp pluto[3502]: Changing to directory '/etc/ipsec.d/cacerts'
2009:02:20-00:21:59 vretstorp pluto[3502]:   loaded CA cert file 'REF_kTEyxqdXBN.pem' (3017 bytes)
2009:02:20-00:21:59 vretstorp pluto[3502]:   loaded CA cert file 'REF_QHKekLaGZZ.pem' (2902 bytes)
2009:02:20-00:21:59 vretstorp pluto[3502]: Changing to directory '/etc/ipsec.d/aacerts'
2009:02:20-00:21:59 vretstorp pluto[3502]: Changing to directory '/etc/ipsec.d/ocspcerts'
2009:02:20-00:21:59 vretstorp pluto[3502]: Changing to directory '/etc/ipsec.d/crls'
2009:02:20-00:21:59 vretstorp pluto[3502]: "S_REF_pnKrJatNZI_0" #1: ignoring Vendor ID payload [4f455b7075417d5959587e46]
2009:02:20-00:21:59 vretstorp pluto[3502]: "S_REF_pnKrJatNZI_0" #1: received Vendor ID payload [Dead Peer Detection]
2009:02:20-00:21:59 vretstorp pluto[3502]: "S_REF_pnKrJatNZI_0" #1: received Vendor ID payload [RFC 3947]
2009:02:20-00:21:59 vretstorp pluto[3502]: "S_REF_pnKrJatNZI_0" #1: enabling possible NAT-traversal with method 3
2009:02:20-00:21:59 vretstorp pluto[3502]: "S_REF_pnKrJatNZI_0" #1: NAT-Traversal: Result using RFC 3947: no NAT detected
2009:02:20-00:21:59 vretstorp pluto[3502]: "S_REF_pnKrJatNZI_0" #1: we don't have a cert
2009:02:20-00:21:59 vretstorp pluto[3502]: "S_REF_pnKrJatNZI_0" #1: multiple ipsec.secrets entries with distinct secrets match endpoints: first secret used
2009:02:20-00:21:59 vretstorp pluto[3502]: "S_REF_pnKrJatNZI_0" #1: Peer ID is ID_FQDN: '@fw.saitek.se'
2009:02:20-00:21:59 vretstorp pluto[3502]: "S_REF_pnKrJatNZI_0" #1: ISAKMP SA established
2009:02:20-00:21:59 vretstorp pluto[3502]: "S_REF_pnKrJatNZI_1" #2: initiating Quick Mode RSASIG+ENCRYPT+COMPRESS+TUNNEL+PFS+UP {using isakmp#1}
2009:02:20-00:21:59 vretstorp pluto[3502]: "S_REF_pnKrJatNZI_0" #3: initiating Quick Mode RSASIG+ENCRYPT+COMPRESS+TUNNEL+PFS+UP {using isakmp#1}
2009:02:20-00:22:00 vretstorp pluto[3502]: "S_REF_pnKrJatNZI_1" #2: Dead Peer Detection (RFC 3706) enabled
2009:02:20-00:22:00 vretstorp pluto[3502]: "S_REF_pnKrJatNZI_1" #2: sent QI2, IPsec SA established {ESP=>0xb30a203f <0xdab27cae IPCOMP=>0x00000f32 <0x0000417d DPD}
2009:02:20-00:22:00 vretstorp pluto[3502]: "S_REF_pnKrJatNZI_0" #3: Dead Peer Detection (RFC 3706) enabled
2009:02:20-00:22:00 vretstorp pluto[3502]: "S_REF_pnKrJatNZI_0" #3: sent QI2, IPsec SA established {ESP=>0xb30a2040 <0xdab27caf IPCOMP=>0x00000f33 <0x0000417e DPD}
2009:02:20-00:22:18 vretstorp pluto[3502]: packet from yy.yyy.yy.yyy:500: ignoring Vendor ID payload [4f455b7075417d5959587e46]
2009:02:20-00:22:18 vretstorp pluto[3502]: packet from yy.yyy.yy.yyy:500: received Vendor ID payload [Dead Peer Detection]
2009:02:20-00:22:18 vretstorp pluto[3502]: packet from yy.yyy.yy.yyy:500: received Vendor ID payload [RFC 3947]
2009:02:20-00:22:18 vretstorp pluto[3502]: packet from yy.yyy.yy.yyy:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]
2009:02:20-00:22:18 vretstorp pluto[3502]: packet from yy.yyy.yy.yyy:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02]
2009:02:20-00:22:18 vretstorp pluto[3502]: packet from yy.yyy.yy.yyy:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
2009:02:20-00:22:18 vretstorp pluto[3502]: "S_REF_pnKrJatNZI_1" #4: responding to Main Mode
2009:02:20-00:22:18 vretstorp pluto[3502]: "S_REF_pnKrJatNZI_1" #4: NAT-Traversal: Result using RFC 3947: no NAT detected
2009:02:20-00:22:18 vretstorp pluto[3502]: "S_REF_pnKrJatNZI_1" #4: Peer ID is ID_FQDN: '@fw.secret.se'
2009:02:20-00:22:18 vretstorp pluto[3502]: "S_REF_pnKrJatNZI_1" #4: we don't have a cert
2009:02:20-00:22:18 vretstorp pluto[3502]: "S_REF_pnKrJatNZI_1" #4: multiple ipsec.secrets entries with distinct secrets match endpoints: first secret used
2009:02:20-00:22:18 vretstorp pluto[3502]: "S_REF_pnKrJatNZI_1" #4: sent MR3, ISAKMP SA established
2009:02:20-00:22:18 vretstorp pluto[3502]: "S_REF_pnKrJatNZI_0" #5: responding to Quick Mode
2009:02:20-00:22:18 vretstorp pluto[3502]: "S_REF_pnKrJatNZI_1" #6: responding to Quick Mode
2009:02:20-00:22:18 vretstorp pluto[3502]: "S_REF_pnKrJatNZI_0" #5: Dead Peer Detection (RFC 3706) enabled
2009:02:20-00:22:18 vretstorp pluto[3502]: "S_REF_pnKrJatNZI_0" #5: IPsec SA established {ESP=>0xb30a2041 <0xdab27cb0 IPCOMP=>0x00000f34 <0x0000417f DPD}
2009:02:20-00:22:18 vretstorp pluto[3502]: "S_REF_pnKrJatNZI_1" #6: Dead Peer Detection (RFC 3706) enabled
2009:02:20-00:22:18 vretstorp pluto[3502]: "S_REF_pnKrJatNZI_1" #6: IPsec SA established {ESP=>0xb30a2042 <0xdab27cb1 IPCOMP=>0x00000f35 <0x00004180 DPD}