# tail -f /var/log/messages |grep pluto
Mar 26 08:09:12 mieszko-ipfire1 pluto[20910]: packet from 31.175.9.53:500: received Vendor ID payload [RFC 3947]
Mar 26 08:09:12 mieszko-ipfire1 pluto[20910]: packet from 31.175.9.53:500: ignoring Vendor ID payload [4df37928e9fc4fd1b3262170d515c662]
Mar 26 08:09:12 mieszko-ipfire1 pluto[20910]: packet from 31.175.9.53:500: ignoring Vendor ID payload [8f8d83826d246b6fc7a8a6a428c11de8]
Mar 26 08:09:12 mieszko-ipfire1 pluto[20910]: packet from 31.175.9.53:500: ignoring Vendor ID payload [439b59f8ba676c4c7737ae22eab8f582]
Mar 26 08:09:12 mieszko-ipfire1 pluto[20910]: packet from 31.175.9.53:500: ignoring Vendor ID payload [4d1e0e136deafa34c4f3ea9f02ec7285]
Mar 26 08:09:12 mieszko-ipfire1 pluto[20910]: packet from 31.175.9.53:500: ignoring Vendor ID payload [80d0bb3def54565ee84645d4c85ce3ee]
Mar 26 08:09:12 mieszko-ipfire1 pluto[20910]: packet from 31.175.9.53:500: ignoring Vendor ID payload [9909b64eed937c6573de52ace952fa6b]
Mar 26 08:09:12 mieszko-ipfire1 pluto[20910]: packet from 31.175.9.53:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]
Mar 26 08:09:12 mieszko-ipfire1 pluto[20910]: packet from 31.175.9.53:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02]
Mar 26 08:09:13 mieszko-ipfire1 pluto[20910]: packet from 31.175.9.53:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
Mar 26 08:09:13 mieszko-ipfire1 pluto[20910]: packet from 31.175.9.53:500: received Vendor ID payload [XAUTH]
Mar 26 08:09:13 mieszko-ipfire1 pluto[20910]: packet from 31.175.9.53:500: ignoring Vendor ID payload [Cisco-Unity]
Mar 26 08:09:13 mieszko-ipfire1 pluto[20910]: packet from 31.175.9.53:500: received Vendor ID payload [Dead Peer Detection]
Mar 26 08:09:13 mieszko-ipfire1 pluto[20910]: "mieszko01"[1] 31.175.9.53 #1: responding to Main Mode from unknown peer 31.175.9.53
Mar 26 08:09:14 mieszko-ipfire1 pluto[20910]: "mieszko01"[1] 31.175.9.53 #1: NAT-Traversal: Result using RFC 3947: peer is NATed
# cat /etc/ipsec.user.secrets
# user secrets that should not overwritten by the webif
mieszko01 : XAUTH "(passwd)"
# cat /etc/ipsec.conf
version 2
config setup
interfaces="%defaultroute "
plutodebug="none"
uniqueids=yes
nat_traversal=yes
virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16,%v4:!192.168.5.0/24,%v4:!192.168.6.0/24
conn %default
keyingtries=0
include /etc/ipsec.user.conf
conn mieszko
left=mieszko.homelinux.org
leftnexthop=%defaultroute
leftsubnet=192.168.10.0/24
leftfirewall=yes
lefthostaccess=yes
right=%any
rightsubnet=vhost:%no,%priv
leftcert=/var/ipfire/certs/hostcert.pem
rightcert=/var/ipfire/certs/mieszkocert.pem
leftid="@mieszko.homelinux.org"
rightid="@mieszko"
ike=aes128-sha-modp1536,aes128-sha-modp1024,aes128-md5-modp1536,aes128-md5-modp1024,3des-sha-modp1536,3des-sha-modp1024,3des-md5-modp1536,3des-md5-modp1024
esp=aes128-sha1,aes128-md5,3des-sha1,3des-md5
keyexchange=ikev1
ikelifetime=1h
keylife=8h
dpddelay=30
dpdtimeout=120
dpdaction=clear
pfs=no
authby=rsasig
leftrsasigkey=%cert
rightrsasigkey=%cert
auto=add
rightsourceip=
# cat /etc/ipsec.user.conf
# user connections that should not overwritten by the webif
#
conn mieszko01
left=mieszko.homelinux.org
leftnexthop=%defaultroute
leftsubnet=0.0.0.0/0
leftfirewall=yes
lefthostaccess=yes
right=%any
rightsubnet=vhost:%no,%priv
leftcert=/var/ipfire/certs/hostcert.pem
rightcert=/var/ipfire/certs/mieszkocert.pem
leftid="@mieszko.homelinux.org"
rightid="@mieszko"
ike=aes128-sha-modp1536,aes128-sha-modp1024,aes128-md5-modp1536,aes128-md5-modp1024,3des-sha-modp1536,3des-sha-modp1024,3des-md5-modp1536,3des-md5-modp1024
esp=aes128-sha1,aes128-md5,3des-sha1,3des-md5
keyexchange=ikev1
ikelifetime=1h
keylife=8h
dpddelay=30
dpdtimeout=120
dpdaction=clear
pfs=no
authby=xauthrsasig
xauth=server
leftrsasigkey=%cert
rightrsasigkey=%cert
auto=add
rightsourceip=