Mark's Blog: Now with logging

« Better than release notes | Main | At long last! »

July 20, 2004

Now with logging

Okay, I am the end luser here. I've got logging turned on; the doc doesn't help. Here is an excerpt what I get to try to decipher:

4      21:41:24.902  07/20/2004  Sev=Info/4     CM/0x43100002^M
Begin connection process
                                                                                
5      21:41:24.902  07/20/2004  Sev=Warning/2  CVPND/0x83400011^M
Error -28 sending packet. Dst Addr: 0xC0A800FF, Src Addr: 0xC0A80063 (DRVIFACE:1236).
                                                                                
6      21:41:24.916  07/20/2004  Sev=Info/4     CM/0x43100004^M
Establish secure connection using Ethernet
                                                                                
7      21:41:24.916  07/20/2004  Sev=Info/4     CM/0x43100024^M
Attempt connection with server "vpn.example.com"
                                                                                
8      21:41:25.137  07/20/2004  Sev=Info/4     CVPND/0x43400019^M
Privilege Separation: binding to port: (500).
                                                                                
9      21:41:25.137  07/20/2004  Sev=Info/4     CVPND/0x43400019^M
Privilege Separation: binding to port: (4500).
                                                                                
10     21:41:25.137  07/20/2004  Sev=Info/6     IKE/0x4300003B^M
Attempting to establish a connection with aaa.bbb.ccc.ddd.
                                                                                
11     21:41:25.207  07/20/2004  Sev=Info/4     IKE/0x43000013^M
SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID(Xauth), VID(dpd), VID(Nat-T), VID(Frag), VID(Unity)) to aaa.bbb.ccc.ddd
                                                                                
12     21:41:25.208  07/20/2004  Sev=Info/4     IPSEC/0x43700008^M
IPSec driver successfully started
                                                                                
13     21:41:25.208  07/20/2004  Sev=Info/4     IPSEC/0x43700014^M
Deleted all keys
                                                                                
14     21:41:30.242  07/20/2004  Sev=Info/4     IKE/0x43000017^M
Marking IKE SA for deletion  (I_Cookie=2064A5FC4423F0EF R_Cookie=0000000000000000) reason = DEL_REASON_PEER_NOT_RESPONDING
                                                                                
15     21:41:30.781  07/20/2004  Sev=Info/4     IKE/0x4300004A^M
Discarding IKE SA negotiation (I_Cookie=2064A5FC4423F0EF R_Cookie=0000000000000000) reason = DEL_REASON_PEER_NOT_RESPONDING
                                                                                
16     21:41:30.781  07/20/2004  Sev=Info/4     CM/0x43100014^M
Unable to establish Phase 1 SA with server "vpn.example.com" because of "DEL_REASON_PEER_NOT_RESPONDING"
                                                                                
17     21:41:30.782  07/20/2004  Sev=Info/4     CM/0x43100011^M
Attempt connection with backup server "vpn2.example.com"

It's just so obvious! The when I google for DEL_REASON_PEER_NOT_RESPONDING, even the discussions are incomprehensible. No wonder Sun IT only wants to support this on platforms they control.

Posted by Mark at July 20, 2004 10:26 PM