2022:12:09-08:28:19 sgmrgt02-1 pluto[19105]: | handling event EVENT_RETRANSMIT for 37.201.6.102 "L_for admin" #6104
2022:12:09-08:28:42 sgmrgt02-1 pluto[19105]: | *received 28 bytes from 37.201.6.102:30444 on eth18
2022:12:09-08:28:42 sgmrgt02-1 pluto[19105]: packet from 37.201.6.102:30444: length of ISAKMP Message is smaller than minimum
2022:12:09-08:28:42 sgmrgt02-1 pluto[19105]: packet from 37.201.6.102:30444: sending notification PAYLOAD_MALFORMED to 37.201.6.102:30444
2022:12:09-08:28:44 sgmrgt02-1 pluto[19105]: | *received 180 bytes from 37.201.6.102:30430 on eth18
2022:12:09-08:28:44 sgmrgt02-1 pluto[19105]: packet from 37.201.6.102:30430: received Vendor ID payload [XAUTH]
2022:12:09-08:28:44 sgmrgt02-1 pluto[19105]: packet from 37.201.6.102:30430: received Vendor ID payload [Dead Peer Detection]
2022:12:09-08:28:44 sgmrgt02-1 pluto[19105]: packet from 37.201.6.102:30430: ignoring Vendor ID payload [FRAGMENTATION 80000000]
2022:12:09-08:28:44 sgmrgt02-1 pluto[19105]: packet from 37.201.6.102:30430: received Vendor ID payload [RFC 3947]
2022:12:09-08:28:44 sgmrgt02-1 pluto[19105]: packet from 37.201.6.102:30430: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
2022:12:09-08:28:44 sgmrgt02-1 pluto[19105]: | instantiated "D_for Alle_Studierende to Any-0" for 37.201.6.102
2022:12:09-08:28:44 sgmrgt02-1 pluto[19105]: "D_for Alle_Studierende to Any-0"[71] 37.201.6.102:30430 #6105: responding to Main Mode from unknown peer 37.201.6.102:30430
2022:12:09-08:28:44 sgmrgt02-1 pluto[19105]: | *received 300 bytes from 37.201.6.102:30430 on eth18
2022:12:09-08:28:44 sgmrgt02-1 pluto[19105]: "D_for Alle_Studierende to Any-0"[71] 37.201.6.102:30430 #6105: NAT-Traversal: Result using RFC 3947: peer is NATed
2022:12:09-08:28:44 sgmrgt02-1 pluto[19105]: | *received 524 bytes from 37.201.6.102:30535 on eth18
2022:12:09-08:28:44 sgmrgt02-1 pluto[19105]: | NAT-T: new mapping 37.201.6.102:30430/30535)
2022:12:09-08:28:44 sgmrgt02-1 pluto[19105]: "D_for Alle_Studierende to Any-0"[71] 37.201.6.102:30535 #6105: Peer ID is ID_USER_FQDN: 'EMAIL_OF_THE_USER'
2022:12:09-08:28:44 sgmrgt02-1 pluto[19105]: | instantiated "D_IPSec_Verwaltung-0" for 37.201.6.102
2022:12:09-08:28:44 sgmrgt02-1 pluto[19105]: "D_IPSec_Verwaltung-0"[12] 37.201.6.102:30535 #6105: deleting connection "D_for Alle_Studierende to Any-0"[71] instance with peer 37.201.6.102 {isakmp=#0/ipsec=#0}
2022:12:09-08:28:44 sgmrgt02-1 pluto[19105]: "D_IPSec_Verwaltung-0"[12] 37.201.6.102:30535 #6105: we have a cert and are sending it
2022:12:09-08:28:44 sgmrgt02-1 pluto[19105]: "D_IPSec_Verwaltung-0"[12] 37.201.6.102:30535 #6105: Dead Peer Detection (RFC 3706) enabled
2022:12:09-08:28:44 sgmrgt02-1 pluto[19105]: "D_IPSec_Verwaltung-0"[12] 37.201.6.102:30535 #6105: sent MR3, ISAKMP SA established
2022:12:09-08:28:44 sgmrgt02-1 pluto[19105]: "D_IPSec_Verwaltung-0"[12] 37.201.6.102:30535 #6105: sending XAUTH request
2022:12:09-08:28:44 sgmrgt02-1 pluto[19105]: | *received 92 bytes from 37.201.6.102:30535 on eth18
2022:12:09-08:28:44 sgmrgt02-1 pluto[19105]: "D_IPSec_Verwaltung-0"[12] 37.201.6.102:30535 #6105: parsing XAUTH reply
2022:12:09-08:28:46 sgmrgt02-1 pluto[19105]: "D_IPSec_Verwaltung-0"[12] 37.201.6.102:30535 #6105: extended authentication was successful
2022:12:09-08:28:46 sgmrgt02-1 pluto[19105]: "D_IPSec_Verwaltung-0"[12] 37.201.6.102:30535 #6105: sending XAUTH status
2022:12:09-08:28:46 sgmrgt02-1 pluto[19105]: | *received 76 bytes from 37.201.6.102:30535 on eth18
2022:12:09-08:28:46 sgmrgt02-1 pluto[19105]: "D_IPSec_Verwaltung-0"[12] 37.201.6.102:30535 #6105: parsing XAUTH ack
2022:12:09-08:28:46 sgmrgt02-1 pluto[19105]: "D_IPSec_Verwaltung-0"[12] 37.201.6.102:30535 #6105: received XAUTH ack, established
2022:12:09-08:28:46 sgmrgt02-1 pluto[19105]: | *received 76 bytes from 37.201.6.102:30535 on eth18
2022:12:09-08:28:46 sgmrgt02-2 pluto[18480]: | instantiated "D_IPSec_Verwaltung-0" for 37.201.6.102
2022:12:09-08:28:46 sgmrgt02-1 pluto[19105]: "D_IPSec_Verwaltung-0"[12] 37.201.6.102:30535 #6105: parsing ModeCfg request
2022:12:09-08:28:46 sgmrgt02-1 pluto[19105]: "D_IPSec_Verwaltung-0"[12] 37.201.6.102:30535 #6105: peer requested virtual IP %any
2022:12:09-08:28:46 sgmrgt02-1 pluto[19105]: "D_IPSec_Verwaltung-0"[12] 37.201.6.102:30535 #6105: assigning virtual IP 192.168.6.3 to peer
2022:12:09-08:28:46 sgmrgt02-1 pluto[19105]: "D_IPSec_Verwaltung-0"[12] 37.201.6.102:30535 #6105: sending ModeCfg reply
2022:12:09-08:28:46 sgmrgt02-1 pluto[19105]: "D_IPSec_Verwaltung-0"[12] 37.201.6.102:30535 #6105: sent ModeCfg reply, established
2022:12:09-08:28:46 sgmrgt02-2 pluto[18480]: "D_IPSec_Verwaltung-0"[12] 37.201.6.102:30535: deleting connection "D_IPSec_Verwaltung-0"[12] instance with peer 37.201.6.102 {isakmp=#0/ipsec=#0}
2022:12:09-08:28:46 sgmrgt02-2 pluto[18480]: | instantiated "D_IPSec_Verwaltung-0" for 37.201.6.102
2022:12:09-08:28:46 sgmrgt02-1 pluto[19105]: | *received 380 bytes from 37.201.6.102:30535 on eth18
2022:12:09-08:28:46 sgmrgt02-1 pluto[19105]: "D_IPSec_Verwaltung-0"[12] 37.201.6.102:30535 #6106: responding to Quick Mode
2022:12:09-08:28:46 sgmrgt02-1 pluto[19105]: | *received 60 bytes from 37.201.6.102:30535 on eth18
2022:12:09-08:28:46 sgmrgt02-1 pluto[19105]: | route owner of "D_IPSec_Verwaltung-0"[12] 37.201.6.102:30535 unrouted: NULL; eroute owner: NULL
2022:12:09-08:28:46 sgmrgt02-1 pluto[19105]: | route owner of "D_IPSec_Verwaltung-0"[12] 37.201.6.102:30535 unrouted: NULL; eroute owner: NULL
2022:12:09-08:28:46 sgmrgt02-1 pluto[19105]: | eroute_connection add eroute 0.0.0.0/0:0 -> 192.168.6.3/32:0 => tun.0@37.201.6.102:0
2022:12:09-08:28:46 sgmrgt02-1 pluto[19105]: | executing up-client: 2>&1 PLUTO_VERSION='1.1' PLUTO_VERB='up-client' PLUTO_CONNECTION='D_IPSec_Verwaltung-0' PLUTO_NEXT_HOP='37.201.6.102' PLUTO_INTERFACE='eth18' PLUTO_REQID='38385' PLUTO_ME='IP_OF_FIREWALL' PLUTO_MY_ID='DNS_OF_FIREWALL' PLUTO_MY_CLIENT='0.0.0.0/0' PLUTO_MY_CLIENT_NET='0.0.0.0' PLUTO_MY_CLIENT_MASK='0.0.0.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_PEER='37.201.6.102' PLUTO_PEER_ID='EMAIL_OF_THE_USER' PLUTO_PEER_CLIENT='192.168.6.3/32' PLUTO_PEER_CLIENT_NET='192.168.6.3' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=de, L=CITY_NAME, O=ORGANISATION_NAME, CN=ORGANISATION_NAME VPN CA, E=ORGANISATION_EMAIL' PLUTO_XAUTH_ID='USER_ID' /usr/libexec/ipsec/updown classic
2022:12:09-08:28:46 sgmrgt02-1 pluto[19105]: id="2201" severity="info" sys="SecureNet" sub="vpn" event="Connection started" username="USER_ID" variant="ipsec" srcip="37.201.6.102" virtual_ip="192.168.6.3"
2022:12:09-08:28:47 sgmrgt02-1 pluto[19105]: | executing prepare-client: 2>&1 PLUTO_VERSION='1.1' PLUTO_VERB='prepare-client' PLUTO_CONNECTION='D_IPSec_Verwaltung-0' PLUTO_NEXT_HOP='37.201.6.102' PLUTO_INTERFACE='eth18' PLUTO_REQID='38385' PLUTO_ME='IP_OF_FIREWALL' PLUTO_MY_ID='DNS_OF_FIREWALL' PLUTO_MY_CLIENT='0.0.0.0/0' PLUTO_MY_CLIENT_NET='0.0.0.0' PLUTO_MY_CLIENT_MASK='0.0.0.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_PEER='37.201.6.102' PLUTO_PEER_ID='EMAIL_OF_THE_USER' PLUTO_PEER_CLIENT='192.168.6.3/32' PLUTO_PEER_CLIENT_NET='192.168.6.3' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=de, L=CITY_NAME, O=ORGANISATION_NAME, CN=ORGANISATION_NAME VPN CA, E=ORGANISATION_EMAIL' PLUTO_XAUTH_ID='USER_ID' /usr/libexec/ipsec/updown classic
2022:12:09-08:28:47 sgmrgt02-1 pluto[19105]: | executing route-client: 2>&1 PLUTO_VERSION='1.1' PLUTO_VERB='route-client' PLUTO_CONNECTION='D_IPSec_Verwaltung-0' PLUTO_NEXT_HOP='37.201.6.102' PLUTO_INTERFACE='eth18' PLUTO_REQID='38385' PLUTO_ME='IP_OF_FIREWALL' PLUTO_MY_ID='DNS_OF_FIREWALL' PLUTO_MY_CLIENT='0.0.0.0/0' PLUTO_MY_CLIENT_NET='0.0.0.0' PLUTO_MY_CLIENT_MASK='0.0.0.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_PEER='37.201.6.102' PLUTO_PEER_ID='EMAIL_OF_THE_USER' PLUTO_PEER_CLIENT='192.168.6.3/32' PLUTO_PEER_CLIENT_NET='192.168.6.3' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=de, L=CITY_NAME, O=ORGANISATION_NAME, CN=ORGANISATION_NAME VPN CA, E=ORGANISATION_EMAIL' PLUTO_XAUTH_ID='USER_ID' /usr/libexec/ipsec/updown classic
2022:12:09-08:28:47 sgmrgt02-1 pluto[19105]: | route_and_eroute: instance "D_IPSec_Verwaltung-0"[12] 37.201.6.102:30535, setting eroute_owner {spd=0x9455578,sr=0x9455578} to #6106 (was #0) (newest_ipsec_sa=#0)
2022:12:09-08:28:47 sgmrgt02-1 pluto[19105]: "D_IPSec_Verwaltung-0"[12] 37.201.6.102:30535 #6106: IPsec SA established {ESP=>0xc614385b <0xf5b524a6 NATOA=0.0.0.0 DPD}
2022:12:09-08:28:47 sgmrgt02-2 pluto[18480]: | route owner of "D_IPSec_Verwaltung-0"[12] 37.201.6.102:30535 unrouted: NULL; eroute owner: NULL
2022:12:09-08:28:47 sgmrgt02-2 pluto[18480]: | HA System: setting sequence number of added SA esp.c614385b@37.201.6.102 to 4096
2022:12:09-08:28:47 sgmrgt02-2 pluto[18480]: | route owner of "D_IPSec_Verwaltung-0"[12] 37.201.6.102:30535 unrouted: NULL; eroute owner: NULL
2022:12:09-08:28:47 sgmrgt02-2 pluto[18480]: | eroute_connection add eroute 0.0.0.0/0:0 -> 192.168.6.3/32:0 => tun.0@37.201.6.102:0
2022:12:09-08:28:47 sgmrgt02-2 pluto[18480]: | executing up-client: 2>&1 PLUTO_VERSION='1.1' PLUTO_VERB='up-client' PLUTO_CONNECTION='D_IPSec_Verwaltung-0' PLUTO_NEXT_HOP='37.201.6.102' PLUTO_INTERFACE='eth18' PLUTO_REQID='45189' PLUTO_ME='IP_OF_FIREWALL' PLUTO_MY_ID='DNS_OF_FIREWALL' PLUTO_MY_CLIENT='0.0.0.0/0' PLUTO_MY_CLIENT_NET='0.0.0.0' PLUTO_MY_CLIENT_MASK='0.0.0.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_PEER='37.201.6.102' PLUTO_PEER_ID='EMAIL_OF_THE_USER' PLUTO_PEER_CLIENT='192.168.6.3/32' PLUTO_PEER_CLIENT_NET='192.168.6.3' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=de, L=CITY_NAME, O=ORGANISATION_NAME, CN=ORGANISATION_NAME VPN CA, E=ORGANISATION_EMAIL' PLUTO_XAUTH_ID='USER_ID' /usr/libexec/ipsec/updown classic
2022:12:09-08:28:47 sgmrgt02-2 pluto[18480]: id="2201" severity="info" sys="SecureNet" sub="vpn" event="Connection started" username="USER_ID" variant="ipsec" srcip="37.201.6.102" virtual_ip="192.168.6.3"
2022:12:09-08:28:48 sgmrgt02-2 pluto[18480]: | executing prepare-client: 2>&1 PLUTO_VERSION='1.1' PLUTO_VERB='prepare-client' PLUTO_CONNECTION='D_IPSec_Verwaltung-0' PLUTO_NEXT_HOP='37.201.6.102' PLUTO_INTERFACE='eth18' PLUTO_REQID='45189' PLUTO_ME='IP_OF_FIREWALL' PLUTO_MY_ID='DNS_OF_FIREWALL' PLUTO_MY_CLIENT='0.0.0.0/0' PLUTO_MY_CLIENT_NET='0.0.0.0' PLUTO_MY_CLIENT_MASK='0.0.0.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_PEER='37.201.6.102' PLUTO_PEER_ID='EMAIL_OF_THE_USER' PLUTO_PEER_CLIENT='192.168.6.3/32' PLUTO_PEER_CLIENT_NET='192.168.6.3' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=de, L=CITY_NAME, O=ORGANISATION_NAME, CN=ORGANISATION_NAME VPN CA, E=ORGANISATION_EMAIL' PLUTO_XAUTH_ID='USER_ID' /usr/libexec/ipsec/updown classic
2022:12:09-08:28:48 sgmrgt02-2 pluto[18480]: | executing route-client: 2>&1 PLUTO_VERSION='1.1' PLUTO_VERB='route-client' PLUTO_CONNECTION='D_IPSec_Verwaltung-0' PLUTO_NEXT_HOP='37.201.6.102' PLUTO_INTERFACE='eth18' PLUTO_REQID='45189' PLUTO_ME='IP_OF_FIREWALL' PLUTO_MY_ID='DNS_OF_FIREWALL' PLUTO_MY_CLIENT='0.0.0.0/0' PLUTO_MY_CLIENT_NET='0.0.0.0' PLUTO_MY_CLIENT_MASK='0.0.0.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_PEER='37.201.6.102' PLUTO_PEER_ID='EMAIL_OF_THE_USER' PLUTO_PEER_CLIENT='192.168.6.3/32' PLUTO_PEER_CLIENT_NET='192.168.6.3' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=de, L=CITY_NAME, O=ORGANISATION_NAME, CN=ORGANISATION_NAME VPN CA, E=ORGANISATION_EMAIL' PLUTO_XAUTH_ID='USER_ID' /usr/libexec/ipsec/updown classic
2022:12:09-08:28:48 sgmrgt02-2 pluto[18480]: | route_and_eroute: instance "D_IPSec_Verwaltung-0"[12] 37.201.6.102:30535, setting eroute_owner {spd=0x8917dc0,sr=0x8917dc0} to #6106 (was #0) (newest_ipsec_sa=#6106)
2022:12:09-08:28:59 sgmrgt02-1 pluto[19105]: | handling event EVENT_RETRANSMIT for 37.201.6.102 "L_for admin" #6104
2022:12:09-08:28:59 sgmrgt02-1 pluto[19105]: "L_for admin"[227] 37.201.6.102:30546 #6104: max number of retransmissions (2) reached STATE_MAIN_R2
2022:12:09-08:28:59 sgmrgt02-1 pluto[19105]: "L_for admin"[227] 37.201.6.102:30546: deleting connection "L_for admin"[227] instance with peer 37.201.6.102 {isakmp=#0/ipsec=#0}