/testing/guestbin/swan-prep [root@road github-1210-ikev1-quick-mismatch]# ipsec start Redirecting to: systemctl start ipsec.service [ 10.828884] AVX or AES-NI instructions are not detected. [ 10.836011] AVX or AES-NI instructions are not detected. [ 11.083255] IPv4 over IPsec tunneling driver [ 11.106863] IPsec XFRM device driver [root@road github-1210-ikev1-quick-mismatch]# ../../guestbin/wait-until-pluto-started ==== cut ==== 000 PID Process addconn exited ==== tuc ==== [root@road github-1210-ikev1-quick-mismatch]# ipsec auto --add road WARNING: ipsec auto has been deprecated 002 "road": added IKEv1 connection [root@road github-1210-ikev1-quick-mismatch]# echo "initdone" initdone [root@road github-1210-ikev1-quick-mismatch]# ipsec auto --up road WARNING: ipsec auto has been deprecated 002 "road" #1: initiating IKEv1 Main Mode connection 102 "road" #1: sent Main Mode request 104 "road" #1: sent Main Mode I2 106 "road" #1: sent Main Mode I3 002 "road" #1: Peer ID is ID_FQDN: '@east' 004 "road" #1: ISAKMP SA established {auth=PRESHARED_KEY cipher=3DES_CBC_192 integ=HMAC_SHA1 group=MODP2048} 002 "road" #2: initiating Quick Mode IKEv1+PSK+ENCRYPT+TUNNEL+PFS+UP+IKE_FRAG_ALLOW+ESN_NO+ESN_YES {using isakmp#1 msgid:7c42d8af proposal=defaults pfsgroup=MODP2048} 115 "road" #2: sent Quick Mode request 010 "road" #2: STATE_QUICK_I1: retransmission; will wait 0.5 seconds for response 010 "road" #2: STATE_QUICK_I1: retransmission; will wait 1 seconds for response 010 "road" #2: STATE_QUICK_I1: retransmission; will wait 2 seconds for response 010 "road" #2: STATE_QUICK_I1: retransmission; will wait 4 seconds for response 010 "road" #2: STATE_QUICK_I1: retransmission; will wait 8 seconds for response 010 "road" #2: STATE_QUICK_I1: retransmission; will wait 16 seconds for response 010 "road" #2: STATE_QUICK_I1: retransmission; will wait 32 seconds for response 031 "road" #2: STATE_QUICK_I1: 60 second timeout exceeded after 7 retransmits. No acceptable response to our first Quick Mode message: perhaps peer likes no proposal 002 "road" #2: deleting IPsec SA (QUICK_I1) aged 64.07234s and NOT sending notification [root@road github-1210-ikev1-quick-mismatch 31]# echo done done [root@road github-1210-ikev1-quick-mismatch]# ../../guestbin/ipsec-look.sh ==== cut ==== DUMP IN: OUTPUT/road.ipsec-look.782.log ==== tuc ==== road Tue Aug 8 20:06:50 EDT 2023 XFRM state: XFRM policy: XFRM done IPSEC mangle TABLES iptables filter TABLE Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination ROUTING TABLES default via 192.1.3.254 dev eth0 proto static 192.1.3.0/24 dev eth0 proto kernel scope link src 192.1.3.209 NSS_CERTIFICATES Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI [root@road github-1210-ikev1-quick-mismatch]# >>>>>>>>>> post-mortem >>>>>>>>>>../../guestbin/post-mortem.sh PPID PID PGID SID TTY TPGID STAT UID TIME COMMAND 1 759 759 759 ? -1 Ssl 0 0:00 /usr/local/libexec/ipsec/pluto --leak-detective --config /etc/ipsec.conf --nofork : : checking shutting down pluto : ipsec whack --shutdown pidof pluto PASS: shutting down pluto : : checking core files : PASS: core files : : checking memory leaks : PASS: memory leaks : : checking reference leaks : PASS: reference leaks : : checking xfrm errors : PASS: xfrm errors : : checking state/policy entries : PASS: state/policy entries : : checking selinux audit records : PASS: selinux audit records : : unload any selinux modules : [root@road github-1210-ikev1-quick-mismatch]# <<<<<<<<<< post-mortem <<<<<<<<<<>>>>>>>>>>cut>>>>>>>>>> done <<<<<<<<<