Aug 26 13:21:35.326252: FIPS Product: YES Aug 26 13:21:35.326353: FIPS Kernel: NO Aug 26 13:21:35.326356: FIPS Mode: NO Aug 26 13:21:35.326358: NSS DB directory: sql:/etc/ipsec.d Aug 26 13:21:35.326475: Initializing NSS Aug 26 13:21:35.326481: Opening NSS database "sql:/etc/ipsec.d" read-only Aug 26 13:21:35.348947: NSS initialized Aug 26 13:21:35.348963: NSS crypto library initialized Aug 26 13:21:35.348965: FIPS HMAC integrity support [enabled] Aug 26 13:21:35.348967: FIPS mode disabled for pluto daemon Aug 26 13:21:35.374966: FIPS HMAC integrity verification self-test FAILED Aug 26 13:21:35.375102: libcap-ng support [enabled] Aug 26 13:21:35.375111: Linux audit support [enabled] Aug 26 13:21:35.375147: Linux audit activated Aug 26 13:21:35.375153: Starting Pluto (Libreswan Version v3.28-685-gbfd5aef521-master-s2 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:2111 Aug 26 13:21:35.375155: core dump dir: /tmp Aug 26 13:21:35.375158: secrets file: /etc/ipsec.secrets Aug 26 13:21:35.375161: leak-detective enabled Aug 26 13:21:35.375163: NSS crypto [enabled] Aug 26 13:21:35.375165: XAUTH PAM support [enabled] Aug 26 13:21:35.375241: | libevent is using pluto's memory allocator Aug 26 13:21:35.375253: Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800) Aug 26 13:21:35.375270: | libevent_malloc: new ptr-libevent@0x555fbaec0688 size 40 Aug 26 13:21:35.375274: | libevent_malloc: new ptr-libevent@0x555fbaec0608 size 40 Aug 26 13:21:35.375278: | libevent_malloc: new ptr-libevent@0x555fbaec0588 size 40 Aug 26 13:21:35.375281: | creating event base Aug 26 13:21:35.375285: | libevent_malloc: new ptr-libevent@0x555fbaeb21b8 size 56 Aug 26 13:21:35.375319: | libevent_malloc: new ptr-libevent@0x555fbae33d18 size 664 Aug 26 13:21:35.375333: | libevent_malloc: new ptr-libevent@0x555fbaefaca8 size 24 Aug 26 13:21:35.375351: | libevent_malloc: new ptr-libevent@0x555fbaefacf8 size 384 Aug 26 13:21:35.375362: | libevent_malloc: new ptr-libevent@0x555fbaefac68 size 16 Aug 26 13:21:35.375365: | libevent_malloc: new ptr-libevent@0x555fbaec0508 size 40 Aug 26 13:21:35.375368: | libevent_malloc: new ptr-libevent@0x555fbaec0488 size 48 Aug 26 13:21:35.375374: | libevent_realloc: new ptr-libevent@0x555fbae339a8 size 256 Aug 26 13:21:35.375377: | libevent_malloc: new ptr-libevent@0x555fbaefaea8 size 16 Aug 26 13:21:35.375383: | libevent_free: release ptr-libevent@0x555fbaeb21b8 Aug 26 13:21:35.375388: | libevent initialized Aug 26 13:21:35.375392: | libevent_realloc: new ptr-libevent@0x555fbaeb21b8 size 64 Aug 26 13:21:35.375396: | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds Aug 26 13:21:35.375411: | init_nat_traversal() initialized with keep_alive=0s Aug 26 13:21:35.375414: NAT-Traversal support [enabled] Aug 26 13:21:35.375417: | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized Aug 26 13:21:35.375423: | global one-shot timer EVENT_FREE_ROOT_CERTS initialized Aug 26 13:21:35.375429: | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds Aug 26 13:21:35.375463: | global one-shot timer EVENT_REVIVE_CONNS initialized Aug 26 13:21:35.375469: | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds Aug 26 13:21:35.375472: | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds Aug 26 13:21:35.375519: Encryption algorithms: Aug 26 13:21:35.375531: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm, aes_ccm_c Aug 26 13:21:35.375536: AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_b Aug 26 13:21:35.375540: AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_a Aug 26 13:21:35.375544: 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] 3des Aug 26 13:21:35.375548: CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128} Aug 26 13:21:35.375557: CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} camellia Aug 26 13:21:35.375562: AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm, aes_gcm_c Aug 26 13:21:35.375566: AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_b Aug 26 13:21:35.375570: AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_a Aug 26 13:21:35.375573: AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aesctr Aug 26 13:21:35.375577: AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aes Aug 26 13:21:35.375581: SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} serpent Aug 26 13:21:35.375585: TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} twofish Aug 26 13:21:35.375589: TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} twofish_cbc_ssh Aug 26 13:21:35.375593: NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_gmac Aug 26 13:21:35.375597: NULL IKEv1: ESP IKEv2: ESP [] Aug 26 13:21:35.375600: CHACHA20_POLY1305 IKEv1: IKEv2: IKE ESP [*256] chacha20poly1305 Aug 26 13:21:35.375608: Hash algorithms: Aug 26 13:21:35.375612: MD5 IKEv1: IKE IKEv2: Aug 26 13:21:35.375615: SHA1 IKEv1: IKE IKEv2: FIPS sha Aug 26 13:21:35.375619: SHA2_256 IKEv1: IKE IKEv2: FIPS sha2, sha256 Aug 26 13:21:35.375622: SHA2_384 IKEv1: IKE IKEv2: FIPS sha384 Aug 26 13:21:35.375625: SHA2_512 IKEv1: IKE IKEv2: FIPS sha512 Aug 26 13:21:35.375638: PRF algorithms: Aug 26 13:21:35.375642: HMAC_MD5 IKEv1: IKE IKEv2: IKE md5 Aug 26 13:21:35.375646: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS sha, sha1 Aug 26 13:21:35.375649: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS sha2, sha256, sha2_256 Aug 26 13:21:35.375652: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS sha384, sha2_384 Aug 26 13:21:35.375655: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS sha512, sha2_512 Aug 26 13:21:35.375658: AES_XCBC IKEv1: IKEv2: IKE aes128_xcbc Aug 26 13:21:35.375683: Integrity algorithms: Aug 26 13:21:35.375687: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH md5, hmac_md5 Aug 26 13:21:35.375690: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha, sha1, sha1_96, hmac_sha1 Aug 26 13:21:35.375694: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha512, sha2_512, sha2_512_256, hmac_sha2_512 Aug 26 13:21:35.375698: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha384, sha2_384, sha2_384_192, hmac_sha2_384 Aug 26 13:21:35.375702: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 Aug 26 13:21:35.375705: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH Aug 26 13:21:35.375708: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH aes_xcbc, aes128_xcbc, aes128_xcbc_96 Aug 26 13:21:35.375711: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac Aug 26 13:21:35.375714: NONE IKEv1: ESP IKEv2: IKE ESP FIPS null Aug 26 13:21:35.375726: DH algorithms: Aug 26 13:21:35.375730: NONE IKEv1: IKEv2: IKE ESP AH FIPS null, dh0 Aug 26 13:21:35.375733: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh5 Aug 26 13:21:35.375736: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh14 Aug 26 13:21:35.375742: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh15 Aug 26 13:21:35.375745: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh16 Aug 26 13:21:35.375748: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh17 Aug 26 13:21:35.375751: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh18 Aug 26 13:21:35.375754: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_256, ecp256 Aug 26 13:21:35.375757: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_384, ecp384 Aug 26 13:21:35.375760: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_521, ecp521 Aug 26 13:21:35.375763: DH31 IKEv1: IKE IKEv2: IKE ESP AH curve25519 Aug 26 13:21:35.375766: testing CAMELLIA_CBC: Aug 26 13:21:35.375769: Camellia: 16 bytes with 128-bit key Aug 26 13:21:35.375895: Camellia: 16 bytes with 128-bit key Aug 26 13:21:35.375919: Camellia: 16 bytes with 256-bit key Aug 26 13:21:35.375939: Camellia: 16 bytes with 256-bit key Aug 26 13:21:35.375956: testing AES_GCM_16: Aug 26 13:21:35.375958: empty string Aug 26 13:21:35.375977: one block Aug 26 13:21:35.375993: two blocks Aug 26 13:21:35.376008: two blocks with associated data Aug 26 13:21:35.376025: testing AES_CTR: Aug 26 13:21:35.376027: Encrypting 16 octets using AES-CTR with 128-bit key Aug 26 13:21:35.376043: Encrypting 32 octets using AES-CTR with 128-bit key Aug 26 13:21:35.376066: Encrypting 36 octets using AES-CTR with 128-bit key Aug 26 13:21:35.376098: Encrypting 16 octets using AES-CTR with 192-bit key Aug 26 13:21:35.376127: Encrypting 32 octets using AES-CTR with 192-bit key Aug 26 13:21:35.376157: Encrypting 36 octets using AES-CTR with 192-bit key Aug 26 13:21:35.376183: Encrypting 16 octets using AES-CTR with 256-bit key Aug 26 13:21:35.376201: Encrypting 32 octets using AES-CTR with 256-bit key Aug 26 13:21:35.376218: Encrypting 36 octets using AES-CTR with 256-bit key Aug 26 13:21:35.376235: testing AES_CBC: Aug 26 13:21:35.376237: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key Aug 26 13:21:35.376253: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key Aug 26 13:21:35.376271: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key Aug 26 13:21:35.376309: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key Aug 26 13:21:35.376349: testing AES_XCBC: Aug 26 13:21:35.376351: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input Aug 26 13:21:35.376428: RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input Aug 26 13:21:35.376505: RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input Aug 26 13:21:35.376580: RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input Aug 26 13:21:35.376657: RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input Aug 26 13:21:35.376731: RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input Aug 26 13:21:35.376807: RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input Aug 26 13:21:35.377026: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) Aug 26 13:21:35.377163: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) Aug 26 13:21:35.377326: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) Aug 26 13:21:35.377591: testing HMAC_MD5: Aug 26 13:21:35.377597: RFC 2104: MD5_HMAC test 1 Aug 26 13:21:35.377761: RFC 2104: MD5_HMAC test 2 Aug 26 13:21:35.377942: RFC 2104: MD5_HMAC test 3 Aug 26 13:21:35.378128: 8 CPU cores online Aug 26 13:21:35.378132: starting up 7 crypto helpers Aug 26 13:21:35.378173: started thread for crypto helper 0 Aug 26 13:21:35.378180: | starting up helper thread 0 Aug 26 13:21:35.378191: started thread for crypto helper 1 Aug 26 13:21:35.378195: | status value returned by setting the priority of this thread (crypto helper 0) 22 Aug 26 13:21:35.378199: | crypto helper 0 waiting (nothing to do) Aug 26 13:21:35.378208: started thread for crypto helper 2 Aug 26 13:21:35.378212: | starting up helper thread 2 Aug 26 13:21:35.378229: started thread for crypto helper 3 Aug 26 13:21:35.378236: | status value returned by setting the priority of this thread (crypto helper 2) 22 Aug 26 13:21:35.378232: | starting up helper thread 3 Aug 26 13:21:35.378214: | starting up helper thread 1 Aug 26 13:21:35.378239: | crypto helper 2 waiting (nothing to do) Aug 26 13:21:35.378256: | status value returned by setting the priority of this thread (crypto helper 1) 22 Aug 26 13:21:35.378260: | crypto helper 1 waiting (nothing to do) Aug 26 13:21:35.378243: | status value returned by setting the priority of this thread (crypto helper 3) 22 Aug 26 13:21:35.378269: | crypto helper 3 waiting (nothing to do) Aug 26 13:21:35.378251: started thread for crypto helper 4 Aug 26 13:21:35.378265: | starting up helper thread 4 Aug 26 13:21:35.378278: | status value returned by setting the priority of this thread (crypto helper 4) 22 Aug 26 13:21:35.378281: | crypto helper 4 waiting (nothing to do) Aug 26 13:21:35.378287: started thread for crypto helper 5 Aug 26 13:21:35.378292: | starting up helper thread 5 Aug 26 13:21:35.378325: | status value returned by setting the priority of this thread (crypto helper 5) 22 Aug 26 13:21:35.378328: | crypto helper 5 waiting (nothing to do) Aug 26 13:21:35.378336: started thread for crypto helper 6 Aug 26 13:21:35.378339: | checking IKEv1 state table Aug 26 13:21:35.378344: | MAIN_R0: category: half-open IKE SA flags: 0: Aug 26 13:21:35.378346: | -> MAIN_R1 EVENT_SO_DISCARD Aug 26 13:21:35.378348: | MAIN_I1: category: half-open IKE SA flags: 0: Aug 26 13:21:35.378349: | -> MAIN_I2 EVENT_RETRANSMIT Aug 26 13:21:35.378351: | MAIN_R1: category: open IKE SA flags: 200: Aug 26 13:21:35.378353: | -> MAIN_R2 EVENT_RETRANSMIT Aug 26 13:21:35.378354: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 13:21:35.378356: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 13:21:35.378357: | MAIN_I2: category: open IKE SA flags: 0: Aug 26 13:21:35.378359: | -> MAIN_I3 EVENT_RETRANSMIT Aug 26 13:21:35.378360: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 13:21:35.378362: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 13:21:35.378364: | MAIN_R2: category: open IKE SA flags: 0: Aug 26 13:21:35.378365: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 13:21:35.378367: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 13:21:35.378368: | -> UNDEFINED EVENT_SA_REPLACE Aug 26 13:21:35.378370: | MAIN_I3: category: open IKE SA flags: 0: Aug 26 13:21:35.378371: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 13:21:35.378373: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 13:21:35.378374: | -> UNDEFINED EVENT_SA_REPLACE Aug 26 13:21:35.378376: | MAIN_R3: category: established IKE SA flags: 200: Aug 26 13:21:35.378377: | -> UNDEFINED EVENT_NULL Aug 26 13:21:35.378379: | MAIN_I4: category: established IKE SA flags: 0: Aug 26 13:21:35.378381: | -> UNDEFINED EVENT_NULL Aug 26 13:21:35.378382: | AGGR_R0: category: half-open IKE SA flags: 0: Aug 26 13:21:35.378384: | -> AGGR_R1 EVENT_SO_DISCARD Aug 26 13:21:35.378386: | AGGR_I1: category: half-open IKE SA flags: 0: Aug 26 13:21:35.378387: | -> AGGR_I2 EVENT_SA_REPLACE Aug 26 13:21:35.378389: | -> AGGR_I2 EVENT_SA_REPLACE Aug 26 13:21:35.378390: | AGGR_R1: category: open IKE SA flags: 200: Aug 26 13:21:35.378392: | -> AGGR_R2 EVENT_SA_REPLACE Aug 26 13:21:35.378393: | -> AGGR_R2 EVENT_SA_REPLACE Aug 26 13:21:35.378395: | AGGR_I2: category: established IKE SA flags: 200: Aug 26 13:21:35.378396: | -> UNDEFINED EVENT_NULL Aug 26 13:21:35.378398: | AGGR_R2: category: established IKE SA flags: 0: Aug 26 13:21:35.378400: | -> UNDEFINED EVENT_NULL Aug 26 13:21:35.378401: | QUICK_R0: category: established CHILD SA flags: 0: Aug 26 13:21:35.378403: | -> QUICK_R1 EVENT_RETRANSMIT Aug 26 13:21:35.378405: | QUICK_I1: category: established CHILD SA flags: 0: Aug 26 13:21:35.378406: | -> QUICK_I2 EVENT_SA_REPLACE Aug 26 13:21:35.378408: | QUICK_R1: category: established CHILD SA flags: 0: Aug 26 13:21:35.378412: | -> QUICK_R2 EVENT_SA_REPLACE Aug 26 13:21:35.378414: | QUICK_I2: category: established CHILD SA flags: 200: Aug 26 13:21:35.378415: | -> UNDEFINED EVENT_NULL Aug 26 13:21:35.378417: | QUICK_R2: category: established CHILD SA flags: 0: Aug 26 13:21:35.378418: | -> UNDEFINED EVENT_NULL Aug 26 13:21:35.378420: | INFO: category: informational flags: 0: Aug 26 13:21:35.378422: | -> UNDEFINED EVENT_NULL Aug 26 13:21:35.378423: | INFO_PROTECTED: category: informational flags: 0: Aug 26 13:21:35.378425: | -> UNDEFINED EVENT_NULL Aug 26 13:21:35.378426: | XAUTH_R0: category: established IKE SA flags: 0: Aug 26 13:21:35.378428: | -> XAUTH_R1 EVENT_NULL Aug 26 13:21:35.378430: | XAUTH_R1: category: established IKE SA flags: 0: Aug 26 13:21:35.378431: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 13:21:35.378433: | MODE_CFG_R0: category: informational flags: 0: Aug 26 13:21:35.378434: | -> MODE_CFG_R1 EVENT_SA_REPLACE Aug 26 13:21:35.378436: | MODE_CFG_R1: category: established IKE SA flags: 0: Aug 26 13:21:35.378438: | -> MODE_CFG_R2 EVENT_SA_REPLACE Aug 26 13:21:35.378439: | MODE_CFG_R2: category: established IKE SA flags: 0: Aug 26 13:21:35.378441: | -> UNDEFINED EVENT_NULL Aug 26 13:21:35.378443: | MODE_CFG_I1: category: established IKE SA flags: 0: Aug 26 13:21:35.378444: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 13:21:35.378446: | XAUTH_I0: category: established IKE SA flags: 0: Aug 26 13:21:35.378447: | -> XAUTH_I1 EVENT_RETRANSMIT Aug 26 13:21:35.378449: | XAUTH_I1: category: established IKE SA flags: 0: Aug 26 13:21:35.378451: | -> MAIN_I4 EVENT_RETRANSMIT Aug 26 13:21:35.378455: | checking IKEv2 state table Aug 26 13:21:35.378459: | PARENT_I0: category: ignore flags: 0: Aug 26 13:21:35.378461: | -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT) Aug 26 13:21:35.378463: | PARENT_I1: category: half-open IKE SA flags: 0: Aug 26 13:21:35.378465: | -> PARENT_I1 EVENT_RETAIN send-request (Initiator: process SA_INIT reply notification) Aug 26 13:21:35.378467: | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH) Aug 26 13:21:35.378469: | PARENT_I2: category: open IKE SA flags: 0: Aug 26 13:21:35.378471: | -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification) Aug 26 13:21:35.378473: | -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification) Aug 26 13:21:35.378474: | -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification) Aug 26 13:21:35.378476: | -> V2_IPSEC_I EVENT_SA_REPLACE (Initiator: process IKE_AUTH response) Aug 26 13:21:35.378478: | -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification) Aug 26 13:21:35.378480: | PARENT_I3: category: established IKE SA flags: 0: Aug 26 13:21:35.378481: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Request) Aug 26 13:21:35.378483: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Response) Aug 26 13:21:35.378485: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Request) Aug 26 13:21:35.378486: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Response) Aug 26 13:21:35.378488: | PARENT_R0: category: half-open IKE SA flags: 0: Aug 26 13:21:35.378490: | -> PARENT_R1 EVENT_SO_DISCARD send-request (Respond to IKE_SA_INIT) Aug 26 13:21:35.378492: | PARENT_R1: category: half-open IKE SA flags: 0: Aug 26 13:21:35.378493: | -> PARENT_R1 EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request (no SKEYSEED)) Aug 26 13:21:35.378495: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request) Aug 26 13:21:35.378497: | PARENT_R2: category: established IKE SA flags: 0: Aug 26 13:21:35.378499: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Request) Aug 26 13:21:35.378500: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Response) Aug 26 13:21:35.378502: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Request) Aug 26 13:21:35.378505: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Response) Aug 26 13:21:35.378507: | V2_CREATE_I0: category: established IKE SA flags: 0: Aug 26 13:21:35.378508: | -> V2_CREATE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA) Aug 26 13:21:35.378510: | V2_CREATE_I: category: established IKE SA flags: 0: Aug 26 13:21:35.378512: | -> V2_IPSEC_I EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response) Aug 26 13:21:35.378514: | V2_REKEY_IKE_I0: category: established IKE SA flags: 0: Aug 26 13:21:35.378516: | -> V2_REKEY_IKE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey) Aug 26 13:21:35.378517: | V2_REKEY_IKE_I: category: established IKE SA flags: 0: Aug 26 13:21:35.378519: | -> PARENT_I3 EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response) Aug 26 13:21:35.378521: | V2_REKEY_CHILD_I0: category: established IKE SA flags: 0: Aug 26 13:21:35.378523: | -> V2_REKEY_CHILD_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA) Aug 26 13:21:35.378525: | V2_REKEY_CHILD_I: category: established IKE SA flags: 0: Aug 26 13:21:35.378526: | V2_CREATE_R: category: established IKE SA flags: 0: Aug 26 13:21:35.378528: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IPsec SA Request) Aug 26 13:21:35.378530: | V2_REKEY_IKE_R: category: established IKE SA flags: 0: Aug 26 13:21:35.378532: | -> PARENT_R2 EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IKE Rekey) Aug 26 13:21:35.378534: | V2_REKEY_CHILD_R: category: established IKE SA flags: 0: Aug 26 13:21:35.378535: | V2_IPSEC_I: category: established CHILD SA flags: 0: Aug 26 13:21:35.378537: | V2_IPSEC_R: category: established CHILD SA flags: 0: Aug 26 13:21:35.378539: | IKESA_DEL: category: established IKE SA flags: 0: Aug 26 13:21:35.378541: | -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) Aug 26 13:21:35.378542: | CHILDSA_DEL: category: informational flags: 0: Aug 26 13:21:35.378573: Using Linux XFRM/NETKEY IPsec interface code on 5.1.18-200.fc29.x86_64 Aug 26 13:21:35.378870: | Hard-wiring algorithms Aug 26 13:21:35.378873: | adding AES_CCM_16 to kernel algorithm db Aug 26 13:21:35.378877: | adding AES_CCM_12 to kernel algorithm db Aug 26 13:21:35.378878: | adding AES_CCM_8 to kernel algorithm db Aug 26 13:21:35.378880: | adding 3DES_CBC to kernel algorithm db Aug 26 13:21:35.378882: | adding CAMELLIA_CBC to kernel algorithm db Aug 26 13:21:35.378883: | adding AES_GCM_16 to kernel algorithm db Aug 26 13:21:35.378885: | adding AES_GCM_12 to kernel algorithm db Aug 26 13:21:35.378886: | adding AES_GCM_8 to kernel algorithm db Aug 26 13:21:35.378888: | adding AES_CTR to kernel algorithm db Aug 26 13:21:35.378890: | adding AES_CBC to kernel algorithm db Aug 26 13:21:35.378891: | adding SERPENT_CBC to kernel algorithm db Aug 26 13:21:35.378893: | adding TWOFISH_CBC to kernel algorithm db Aug 26 13:21:35.378895: | adding NULL_AUTH_AES_GMAC to kernel algorithm db Aug 26 13:21:35.378896: | adding NULL to kernel algorithm db Aug 26 13:21:35.378898: | adding CHACHA20_POLY1305 to kernel algorithm db Aug 26 13:21:35.378900: | adding HMAC_MD5_96 to kernel algorithm db Aug 26 13:21:35.378901: | adding HMAC_SHA1_96 to kernel algorithm db Aug 26 13:21:35.378903: | adding HMAC_SHA2_512_256 to kernel algorithm db Aug 26 13:21:35.378905: | adding HMAC_SHA2_384_192 to kernel algorithm db Aug 26 13:21:35.378906: | adding HMAC_SHA2_256_128 to kernel algorithm db Aug 26 13:21:35.378908: | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db Aug 26 13:21:35.378910: | adding AES_XCBC_96 to kernel algorithm db Aug 26 13:21:35.378911: | adding AES_CMAC_96 to kernel algorithm db Aug 26 13:21:35.378913: | adding NONE to kernel algorithm db Aug 26 13:21:35.378929: | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes Aug 26 13:21:35.378934: | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds Aug 26 13:21:35.378935: | setup kernel fd callback Aug 26 13:21:35.378940: | add_fd_read_event_handler: new KERNEL_XRM_FD-pe@0x555fbaeba3a8 Aug 26 13:21:35.378942: | libevent_malloc: new ptr-libevent@0x555fbaef9418 size 128 Aug 26 13:21:35.378944: | libevent_malloc: new ptr-libevent@0x555fbaf004a8 size 16 Aug 26 13:21:35.378949: | add_fd_read_event_handler: new KERNEL_ROUTE_FD-pe@0x555fbaf00438 Aug 26 13:21:35.378951: | libevent_malloc: new ptr-libevent@0x555fbaeb2e68 size 128 Aug 26 13:21:35.378953: | libevent_malloc: new ptr-libevent@0x555fbaf00108 size 16 Aug 26 13:21:35.379101: | global one-shot timer EVENT_CHECK_CRLS initialized Aug 26 13:21:35.379107: selinux support is enabled. Aug 26 13:21:35.379550: | unbound context created - setting debug level to 5 Aug 26 13:21:35.379573: | /etc/hosts lookups activated Aug 26 13:21:35.379581: | /etc/resolv.conf usage activated Aug 26 13:21:35.379618: | outgoing-port-avoid set 0-65535 Aug 26 13:21:35.379635: | outgoing-port-permit set 32768-60999 Aug 26 13:21:35.379638: | Loading dnssec root key from:/var/lib/unbound/root.key Aug 26 13:21:35.379640: | No additional dnssec trust anchors defined via dnssec-trusted= option Aug 26 13:21:35.379642: | Setting up events, loop start Aug 26 13:21:35.379644: | add_fd_read_event_handler: new PLUTO_CTL_FD-pe@0x555fbaf008d8 Aug 26 13:21:35.379646: | libevent_malloc: new ptr-libevent@0x555fbaf0c738 size 128 Aug 26 13:21:35.379649: | libevent_malloc: new ptr-libevent@0x555fbaf17a28 size 16 Aug 26 13:21:35.379653: | libevent_realloc: new ptr-libevent@0x555fbaf17a68 size 256 Aug 26 13:21:35.379656: | libevent_malloc: new ptr-libevent@0x555fbaf17b98 size 8 Aug 26 13:21:35.379658: | libevent_realloc: new ptr-libevent@0x555fbaf17bd8 size 144 Aug 26 13:21:35.379659: | libevent_malloc: new ptr-libevent@0x555fbaebe978 size 152 Aug 26 13:21:35.379663: | libevent_malloc: new ptr-libevent@0x555fbaf17c98 size 16 Aug 26 13:21:35.379665: | signal event handler PLUTO_SIGCHLD installed Aug 26 13:21:35.379667: | libevent_malloc: new ptr-libevent@0x555fbaf17cd8 size 8 Aug 26 13:21:35.379671: | libevent_malloc: new ptr-libevent@0x555fbae34758 size 152 Aug 26 13:21:35.379673: | signal event handler PLUTO_SIGTERM installed Aug 26 13:21:35.379674: | libevent_malloc: new ptr-libevent@0x555fbaf17d18 size 8 Aug 26 13:21:35.379676: | libevent_malloc: new ptr-libevent@0x555fbae3f988 size 152 Aug 26 13:21:35.379678: | signal event handler PLUTO_SIGHUP installed Aug 26 13:21:35.379680: | libevent_malloc: new ptr-libevent@0x555fbaf17d58 size 8 Aug 26 13:21:35.379682: | libevent_realloc: release ptr-libevent@0x555fbaf17bd8 Aug 26 13:21:35.379683: | libevent_realloc: new ptr-libevent@0x555fbaf17d98 size 256 Aug 26 13:21:35.379687: | libevent_malloc: new ptr-libevent@0x555fbae377b8 size 152 Aug 26 13:21:35.379689: | signal event handler PLUTO_SIGSYS installed Aug 26 13:21:35.379963: | created addconn helper (pid:2151) using fork+execve Aug 26 13:21:35.379978: | forked child 2151 Aug 26 13:21:35.380015: | starting up helper thread 6 Aug 26 13:21:35.380022: | status value returned by setting the priority of this thread (crypto helper 6) 22 Aug 26 13:21:35.380030: | crypto helper 6 waiting (nothing to do) Aug 26 13:21:35.383809: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:21:35.384001: listening for IKE messages Aug 26 13:21:35.384278: | Inspecting interface lo Aug 26 13:21:35.384284: | found lo with address 127.0.0.1 Aug 26 13:21:35.384293: | Inspecting interface eth0 Aug 26 13:21:35.384301: | found eth0 with address 192.0.2.254 Aug 26 13:21:35.384305: | Inspecting interface eth1 Aug 26 13:21:35.384310: | found eth1 with address 192.1.2.23 Aug 26 13:21:35.384370: Kernel supports NIC esp-hw-offload Aug 26 13:21:35.384379: adding interface eth1/eth1 (esp-hw-offload not supported by kernel) 192.1.2.23:500 Aug 26 13:21:35.384413: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 13:21:35.384417: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 13:21:35.384419: adding interface eth1/eth1 192.1.2.23:4500 Aug 26 13:21:35.384442: adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.0.2.254:500 Aug 26 13:21:35.384457: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 13:21:35.384459: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 13:21:35.384462: adding interface eth0/eth0 192.0.2.254:4500 Aug 26 13:21:35.384480: adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500 Aug 26 13:21:35.384495: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 13:21:35.384498: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 13:21:35.384500: adding interface lo/lo 127.0.0.1:4500 Aug 26 13:21:35.384541: | no interfaces to sort Aug 26 13:21:35.384545: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Aug 26 13:21:35.384555: | add_fd_read_event_handler: new ethX-pe@0x555fbaf18358 Aug 26 13:21:35.384560: | libevent_malloc: new ptr-libevent@0x555fbaf0c688 size 128 Aug 26 13:21:35.384564: | libevent_malloc: new ptr-libevent@0x555fbaf183c8 size 16 Aug 26 13:21:35.384571: | setup callback for interface lo 127.0.0.1:4500 fd 22 Aug 26 13:21:35.384574: | add_fd_read_event_handler: new ethX-pe@0x555fbaf18408 Aug 26 13:21:35.384579: | libevent_malloc: new ptr-libevent@0x555fbaeb2f18 size 128 Aug 26 13:21:35.384581: | libevent_malloc: new ptr-libevent@0x555fbaf18478 size 16 Aug 26 13:21:35.384586: | setup callback for interface lo 127.0.0.1:500 fd 21 Aug 26 13:21:35.384589: | add_fd_read_event_handler: new ethX-pe@0x555fbaf184b8 Aug 26 13:21:35.384592: | libevent_malloc: new ptr-libevent@0x555fbaeb2838 size 128 Aug 26 13:21:35.384594: | libevent_malloc: new ptr-libevent@0x555fbaf18528 size 16 Aug 26 13:21:35.384599: | setup callback for interface eth0 192.0.2.254:4500 fd 20 Aug 26 13:21:35.384602: | add_fd_read_event_handler: new ethX-pe@0x555fbaf18568 Aug 26 13:21:35.384606: | libevent_malloc: new ptr-libevent@0x555fbaeba0f8 size 128 Aug 26 13:21:35.384609: | libevent_malloc: new ptr-libevent@0x555fbaf185d8 size 16 Aug 26 13:21:35.384614: | setup callback for interface eth0 192.0.2.254:500 fd 19 Aug 26 13:21:35.384617: | add_fd_read_event_handler: new ethX-pe@0x555fbaf18618 Aug 26 13:21:35.384620: | libevent_malloc: new ptr-libevent@0x555fbaeba1f8 size 128 Aug 26 13:21:35.384622: | libevent_malloc: new ptr-libevent@0x555fbaf18688 size 16 Aug 26 13:21:35.384627: | setup callback for interface eth1 192.1.2.23:4500 fd 18 Aug 26 13:21:35.384629: | add_fd_read_event_handler: new ethX-pe@0x555fbaf186c8 Aug 26 13:21:35.384632: | libevent_malloc: new ptr-libevent@0x555fbaeba2f8 size 128 Aug 26 13:21:35.384635: | libevent_malloc: new ptr-libevent@0x555fbaf18738 size 16 Aug 26 13:21:35.384639: | setup callback for interface eth1 192.1.2.23:500 fd 17 Aug 26 13:21:35.384644: | certs and keys locked by 'free_preshared_secrets' Aug 26 13:21:35.384646: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 13:21:35.384660: loading secrets from "/etc/ipsec.secrets" Aug 26 13:21:35.384673: | saving Modulus Aug 26 13:21:35.384675: | saving PublicExponent Aug 26 13:21:35.384678: | ignoring PrivateExponent Aug 26 13:21:35.384680: | ignoring Prime1 Aug 26 13:21:35.384682: | ignoring Prime2 Aug 26 13:21:35.384684: | ignoring Exponent1 Aug 26 13:21:35.384686: | ignoring Exponent2 Aug 26 13:21:35.384688: | ignoring Coefficient Aug 26 13:21:35.384690: | ignoring CKAIDNSS Aug 26 13:21:35.384715: | computed rsa CKAID 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Aug 26 13:21:35.384718: | computed rsa CKAID 8a 82 25 f1 Aug 26 13:21:35.384721: loaded private key for keyid: PKK_RSA:AQO9bJbr3 Aug 26 13:21:35.384726: | certs and keys locked by 'process_secret' Aug 26 13:21:35.384728: | certs and keys unlocked by 'process_secret' Aug 26 13:21:35.384735: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:21:35.384741: | spent 0.941 milliseconds in whack Aug 26 13:21:35.407021: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:21:35.407045: listening for IKE messages Aug 26 13:21:35.407077: | Inspecting interface lo Aug 26 13:21:35.407083: | found lo with address 127.0.0.1 Aug 26 13:21:35.407085: | Inspecting interface eth0 Aug 26 13:21:35.407088: | found eth0 with address 192.0.2.254 Aug 26 13:21:35.407090: | Inspecting interface eth1 Aug 26 13:21:35.407092: | found eth1 with address 192.1.2.23 Aug 26 13:21:35.407134: | no interfaces to sort Aug 26 13:21:35.407141: | libevent_free: release ptr-libevent@0x555fbaf0c688 Aug 26 13:21:35.407143: | free_event_entry: release EVENT_NULL-pe@0x555fbaf18358 Aug 26 13:21:35.407146: | add_fd_read_event_handler: new ethX-pe@0x555fbaf18358 Aug 26 13:21:35.407148: | libevent_malloc: new ptr-libevent@0x555fbaf0c688 size 128 Aug 26 13:21:35.407153: | setup callback for interface lo 127.0.0.1:4500 fd 22 Aug 26 13:21:35.407156: | libevent_free: release ptr-libevent@0x555fbaeb2f18 Aug 26 13:21:35.407157: | free_event_entry: release EVENT_NULL-pe@0x555fbaf18408 Aug 26 13:21:35.407159: | add_fd_read_event_handler: new ethX-pe@0x555fbaf18408 Aug 26 13:21:35.407161: | libevent_malloc: new ptr-libevent@0x555fbaeb2f18 size 128 Aug 26 13:21:35.407164: | setup callback for interface lo 127.0.0.1:500 fd 21 Aug 26 13:21:35.407167: | libevent_free: release ptr-libevent@0x555fbaeb2838 Aug 26 13:21:35.407168: | free_event_entry: release EVENT_NULL-pe@0x555fbaf184b8 Aug 26 13:21:35.407170: | add_fd_read_event_handler: new ethX-pe@0x555fbaf184b8 Aug 26 13:21:35.407172: | libevent_malloc: new ptr-libevent@0x555fbaeb2838 size 128 Aug 26 13:21:35.407175: | setup callback for interface eth0 192.0.2.254:4500 fd 20 Aug 26 13:21:35.407178: | libevent_free: release ptr-libevent@0x555fbaeba0f8 Aug 26 13:21:35.407179: | free_event_entry: release EVENT_NULL-pe@0x555fbaf18568 Aug 26 13:21:35.407181: | add_fd_read_event_handler: new ethX-pe@0x555fbaf18568 Aug 26 13:21:35.407183: | libevent_malloc: new ptr-libevent@0x555fbaeba0f8 size 128 Aug 26 13:21:35.407186: | setup callback for interface eth0 192.0.2.254:500 fd 19 Aug 26 13:21:35.407189: | libevent_free: release ptr-libevent@0x555fbaeba1f8 Aug 26 13:21:35.407190: | free_event_entry: release EVENT_NULL-pe@0x555fbaf18618 Aug 26 13:21:35.407192: | add_fd_read_event_handler: new ethX-pe@0x555fbaf18618 Aug 26 13:21:35.407194: | libevent_malloc: new ptr-libevent@0x555fbaeba1f8 size 128 Aug 26 13:21:35.407197: | setup callback for interface eth1 192.1.2.23:4500 fd 18 Aug 26 13:21:35.407199: | libevent_free: release ptr-libevent@0x555fbaeba2f8 Aug 26 13:21:35.407201: | free_event_entry: release EVENT_NULL-pe@0x555fbaf186c8 Aug 26 13:21:35.407202: | add_fd_read_event_handler: new ethX-pe@0x555fbaf186c8 Aug 26 13:21:35.407204: | libevent_malloc: new ptr-libevent@0x555fbaeba2f8 size 128 Aug 26 13:21:35.407207: | setup callback for interface eth1 192.1.2.23:500 fd 17 Aug 26 13:21:35.407209: | certs and keys locked by 'free_preshared_secrets' Aug 26 13:21:35.407211: forgetting secrets Aug 26 13:21:35.407218: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 13:21:35.407228: loading secrets from "/etc/ipsec.secrets" Aug 26 13:21:35.407239: | saving Modulus Aug 26 13:21:35.407241: | saving PublicExponent Aug 26 13:21:35.407243: | ignoring PrivateExponent Aug 26 13:21:35.407245: | ignoring Prime1 Aug 26 13:21:35.407247: | ignoring Prime2 Aug 26 13:21:35.407249: | ignoring Exponent1 Aug 26 13:21:35.407251: | ignoring Exponent2 Aug 26 13:21:35.407253: | ignoring Coefficient Aug 26 13:21:35.407255: | ignoring CKAIDNSS Aug 26 13:21:35.407274: | computed rsa CKAID 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Aug 26 13:21:35.407276: | computed rsa CKAID 8a 82 25 f1 Aug 26 13:21:35.407279: loaded private key for keyid: PKK_RSA:AQO9bJbr3 Aug 26 13:21:35.407284: | certs and keys locked by 'process_secret' Aug 26 13:21:35.407285: | certs and keys unlocked by 'process_secret' Aug 26 13:21:35.407302: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:21:35.407310: | spent 0.289 milliseconds in whack Aug 26 13:21:35.407834: | processing signal PLUTO_SIGCHLD Aug 26 13:21:35.407846: | waitpid returned pid 2151 (exited with status 0) Aug 26 13:21:35.407852: | reaped addconn helper child (status 0) Aug 26 13:21:35.407856: | waitpid returned ECHILD (no child processes left) Aug 26 13:21:35.407860: | spent 0.017 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:21:35.459682: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:21:35.459699: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:21:35.459716: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 13:21:35.459718: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:21:35.459720: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 13:21:35.459723: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:21:35.459728: | Added new connection northnet-eastnets/0x1 with policy ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 13:21:35.459731: | No AUTH policy was set - defaulting to RSASIG Aug 26 13:21:35.460405: | setting ID to ID_DER_ASN1_DN: 'E=user-north@testing.libreswan.org,CN=north.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' Aug 26 13:21:35.460418: | loading left certificate 'north' pubkey Aug 26 13:21:35.460490: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x555fbaf1e008 Aug 26 13:21:35.460494: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x555fbaf1e108 Aug 26 13:21:35.460496: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x555fbaf1eb18 Aug 26 13:21:35.460584: | unreference key: 0x555fbae06c48 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org cnt 1-- Aug 26 13:21:35.460673: | warning: no secret key loaded for left certificate with nickname north: NSS: cert private key not found Aug 26 13:21:35.460681: | counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org is 0 Aug 26 13:21:35.460896: | setting ID to ID_DER_ASN1_DN: 'E=user-east@testing.libreswan.org,CN=east.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' Aug 26 13:21:35.460901: | loading right certificate 'east' pubkey Aug 26 13:21:35.460959: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x555fbaf1e108 Aug 26 13:21:35.460963: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x555fbaf1eb18 Aug 26 13:21:35.460964: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x555fbaf1e9a8 Aug 26 13:21:35.460966: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x555fbaf1ea18 Aug 26 13:21:35.460968: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x555fbaf1a4e8 Aug 26 13:21:35.461110: | unreference key: 0x555fbaf22d18 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org cnt 1-- Aug 26 13:21:35.461229: | certs and keys locked by 'lsw_add_rsa_secret' Aug 26 13:21:35.461233: | certs and keys unlocked by 'lsw_add_rsa_secret' Aug 26 13:21:35.461238: | counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org is 0 Aug 26 13:21:35.461245: | connect_to_host_pair: 192.1.2.23:500 192.1.3.33:500 -> hp@(nil): none Aug 26 13:21:35.461248: | new hp@0x555fbaf25658 Aug 26 13:21:35.461251: added connection description "northnet-eastnets/0x1" Aug 26 13:21:35.461260: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 13:21:35.461291: | 192.0.2.0/24===192.1.2.23<192.1.2.23>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org]---192.1.2.254...192.1.3.33<192.1.3.33>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org]===192.0.3.0/24 Aug 26 13:21:35.461301: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:21:35.461310: | spent 1.64 milliseconds in whack Aug 26 13:21:35.461344: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:21:35.461354: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:21:35.461370: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 13:21:35.461373: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:21:35.461375: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 13:21:35.461393: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:21:35.461397: | Added new connection northnet-eastnets/0x2 with policy ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 13:21:35.461399: | No AUTH policy was set - defaulting to RSASIG Aug 26 13:21:35.461500: | setting ID to ID_DER_ASN1_DN: 'E=user-north@testing.libreswan.org,CN=north.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' Aug 26 13:21:35.461506: | loading left certificate 'north' pubkey Aug 26 13:21:35.461556: | unreference key: 0x555fbaf1ef88 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org cnt 1-- Aug 26 13:21:35.461566: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x555fbaf23a28 Aug 26 13:21:35.461568: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x555fbaf24318 Aug 26 13:21:35.461570: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x555fbaf1eb18 Aug 26 13:21:35.461603: | unreference key: 0x555fbaf1db78 @north.testing.libreswan.org cnt 1-- Aug 26 13:21:35.461636: | unreference key: 0x555fbaf1edb8 user-north@testing.libreswan.org cnt 1-- Aug 26 13:21:35.461671: | unreference key: 0x555fbaf23c78 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org cnt 1-- Aug 26 13:21:35.461769: | warning: no secret key loaded for left certificate with nickname north: NSS: cert private key not found Aug 26 13:21:35.461777: | counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org is 0 Aug 26 13:21:35.461836: | setting ID to ID_DER_ASN1_DN: 'E=user-east@testing.libreswan.org,CN=east.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' Aug 26 13:21:35.461840: | loading right certificate 'east' pubkey Aug 26 13:21:35.461875: | unreference key: 0x555fbaf252d8 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org cnt 1-- Aug 26 13:21:35.461884: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x555fbaf1eb18 Aug 26 13:21:35.461886: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x555fbaf23d68 Aug 26 13:21:35.461888: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x555fbaf237e8 Aug 26 13:21:35.461890: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x555fbaf240f8 Aug 26 13:21:35.461891: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x555fbaf240a8 Aug 26 13:21:35.461923: | unreference key: 0x555fbaf24148 192.1.2.23 cnt 1-- Aug 26 13:21:35.461955: | unreference key: 0x555fbaf24658 east@testing.libreswan.org cnt 1-- Aug 26 13:21:35.461987: | unreference key: 0x555fbaf248b8 @east.testing.libreswan.org cnt 1-- Aug 26 13:21:35.462019: | unreference key: 0x555fbaf24fd8 user-east@testing.libreswan.org cnt 1-- Aug 26 13:21:35.462053: | unreference key: 0x555fbaf23e98 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org cnt 1-- Aug 26 13:21:35.462086: | secrets entry for east already exists Aug 26 13:21:35.462092: | counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org is 0 Aug 26 13:21:35.462096: | find_host_pair: comparing 192.1.2.23:500 to 192.1.3.33:500 but ignoring ports Aug 26 13:21:35.462099: | connect_to_host_pair: 192.1.2.23:500 192.1.3.33:500 -> hp@0x555fbaf25658: northnet-eastnets/0x1 Aug 26 13:21:35.462104: added connection description "northnet-eastnets/0x2" Aug 26 13:21:35.462112: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 13:21:35.462138: | 192.0.22.0/24===192.1.2.23<192.1.2.23>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org]---192.1.2.254...192.1.3.33<192.1.3.33>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org]===192.0.3.0/24 Aug 26 13:21:35.462143: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:21:35.462148: | spent 0.808 milliseconds in whack Aug 26 13:21:35.522555: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:21:35.522819: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 13:21:35.522824: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 13:21:35.522945: | FOR_EACH_STATE_... in show_states_status (sort_states) Aug 26 13:21:35.522954: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:21:35.522959: | spent 0.425 milliseconds in whack Aug 26 13:21:37.473350: | spent 0.00265 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:21:37.473418: | *received 792 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) Aug 26 13:21:37.473435: | ff 46 30 fd 82 4a 54 6b 00 00 00 00 00 00 00 00 Aug 26 13:21:37.473437: | 01 10 02 00 00 00 00 00 00 00 03 18 0d 00 02 84 Aug 26 13:21:37.473438: | 00 00 00 01 00 00 00 01 00 00 02 78 00 01 00 12 Aug 26 13:21:37.473440: | 03 00 00 24 00 01 00 00 80 0b 00 01 80 0c 0e 10 Aug 26 13:21:37.473441: | 80 01 00 07 80 02 00 04 80 03 00 03 80 04 00 0e Aug 26 13:21:37.473442: | 80 0e 01 00 03 00 00 24 01 01 00 00 80 0b 00 01 Aug 26 13:21:37.473459: | 80 0c 0e 10 80 01 00 07 80 02 00 04 80 03 00 03 Aug 26 13:21:37.473460: | 80 04 00 0e 80 0e 00 80 03 00 00 24 02 01 00 00 Aug 26 13:21:37.473462: | 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 06 Aug 26 13:21:37.473463: | 80 03 00 03 80 04 00 0e 80 0e 01 00 03 00 00 24 Aug 26 13:21:37.473465: | 03 01 00 00 80 0b 00 01 80 0c 0e 10 80 01 00 07 Aug 26 13:21:37.473466: | 80 02 00 06 80 03 00 03 80 04 00 0e 80 0e 00 80 Aug 26 13:21:37.473480: | 03 00 00 24 04 01 00 00 80 0b 00 01 80 0c 0e 10 Aug 26 13:21:37.473482: | 80 01 00 07 80 02 00 02 80 03 00 03 80 04 00 0e Aug 26 13:21:37.473483: | 80 0e 01 00 03 00 00 24 05 01 00 00 80 0b 00 01 Aug 26 13:21:37.473485: | 80 0c 0e 10 80 01 00 07 80 02 00 02 80 03 00 03 Aug 26 13:21:37.473486: | 80 04 00 0e 80 0e 00 80 03 00 00 24 06 01 00 00 Aug 26 13:21:37.473488: | 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 04 Aug 26 13:21:37.473489: | 80 03 00 03 80 04 00 05 80 0e 01 00 03 00 00 24 Aug 26 13:21:37.473491: | 07 01 00 00 80 0b 00 01 80 0c 0e 10 80 01 00 07 Aug 26 13:21:37.473492: | 80 02 00 04 80 03 00 03 80 04 00 05 80 0e 00 80 Aug 26 13:21:37.473493: | 03 00 00 24 08 01 00 00 80 0b 00 01 80 0c 0e 10 Aug 26 13:21:37.473495: | 80 01 00 07 80 02 00 06 80 03 00 03 80 04 00 05 Aug 26 13:21:37.473496: | 80 0e 01 00 03 00 00 24 09 01 00 00 80 0b 00 01 Aug 26 13:21:37.473498: | 80 0c 0e 10 80 01 00 07 80 02 00 06 80 03 00 03 Aug 26 13:21:37.473499: | 80 04 00 05 80 0e 00 80 03 00 00 24 0a 01 00 00 Aug 26 13:21:37.473501: | 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 02 Aug 26 13:21:37.473502: | 80 03 00 03 80 04 00 05 80 0e 01 00 03 00 00 24 Aug 26 13:21:37.473504: | 0b 01 00 00 80 0b 00 01 80 0c 0e 10 80 01 00 07 Aug 26 13:21:37.473505: | 80 02 00 02 80 03 00 03 80 04 00 05 80 0e 00 80 Aug 26 13:21:37.473507: | 03 00 00 20 0c 01 00 00 80 0b 00 01 80 0c 0e 10 Aug 26 13:21:37.473508: | 80 01 00 05 80 02 00 04 80 03 00 03 80 04 00 0e Aug 26 13:21:37.473509: | 03 00 00 20 0d 01 00 00 80 0b 00 01 80 0c 0e 10 Aug 26 13:21:37.473513: | 80 01 00 05 80 02 00 06 80 03 00 03 80 04 00 0e Aug 26 13:21:37.473515: | 03 00 00 20 0e 01 00 00 80 0b 00 01 80 0c 0e 10 Aug 26 13:21:37.473516: | 80 01 00 05 80 02 00 02 80 03 00 03 80 04 00 0e Aug 26 13:21:37.473518: | 03 00 00 20 0f 01 00 00 80 0b 00 01 80 0c 0e 10 Aug 26 13:21:37.473519: | 80 01 00 05 80 02 00 04 80 03 00 03 80 04 00 05 Aug 26 13:21:37.473521: | 03 00 00 20 10 01 00 00 80 0b 00 01 80 0c 0e 10 Aug 26 13:21:37.473522: | 80 01 00 05 80 02 00 06 80 03 00 03 80 04 00 05 Aug 26 13:21:37.473524: | 00 00 00 20 11 01 00 00 80 0b 00 01 80 0c 0e 10 Aug 26 13:21:37.473525: | 80 01 00 05 80 02 00 02 80 03 00 03 80 04 00 05 Aug 26 13:21:37.473526: | 0d 00 00 14 40 48 b7 d5 6e bc e8 85 25 e7 de 7f Aug 26 13:21:37.473528: | 00 d6 c2 d3 0d 00 00 14 af ca d7 13 68 a1 f1 c9 Aug 26 13:21:37.473529: | 6b 86 96 fc 77 57 01 00 0d 00 00 14 4a 13 1c 81 Aug 26 13:21:37.473531: | 07 03 58 45 5c 57 28 f2 0e 95 45 2f 0d 00 00 14 Aug 26 13:21:37.473532: | 7d 94 19 a6 53 10 ca 6f 2c 17 9d 92 15 52 9d 56 Aug 26 13:21:37.473534: | 0d 00 00 14 90 cb 80 91 3e bb 69 6e 08 63 81 b5 Aug 26 13:21:37.473535: | ec 42 7b 1f 00 00 00 14 cd 60 46 43 35 df 21 f8 Aug 26 13:21:37.473537: | 7c fd b2 fc 68 b6 a4 48 Aug 26 13:21:37.473541: | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) Aug 26 13:21:37.473544: | **parse ISAKMP Message: Aug 26 13:21:37.473546: | initiator cookie: Aug 26 13:21:37.473547: | ff 46 30 fd 82 4a 54 6b Aug 26 13:21:37.473549: | responder cookie: Aug 26 13:21:37.473550: | 00 00 00 00 00 00 00 00 Aug 26 13:21:37.473552: | next payload type: ISAKMP_NEXT_SA (0x1) Aug 26 13:21:37.473554: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 13:21:37.473555: | exchange type: ISAKMP_XCHG_IDPROT (0x2) Aug 26 13:21:37.473557: | flags: none (0x0) Aug 26 13:21:37.473559: | Message ID: 0 (0x0) Aug 26 13:21:37.473560: | length: 792 (0x318) Aug 26 13:21:37.473562: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) Aug 26 13:21:37.473564: | State DB: IKEv1 state not found (find_state_ikev1_init) Aug 26 13:21:37.473566: | #null state always idle Aug 26 13:21:37.473569: | got payload 0x2 (ISAKMP_NEXT_SA) needed: 0x2 opt: 0x2080 Aug 26 13:21:37.473571: | ***parse ISAKMP Security Association Payload: Aug 26 13:21:37.473573: | next payload type: ISAKMP_NEXT_VID (0xd) Aug 26 13:21:37.473575: | length: 644 (0x284) Aug 26 13:21:37.473576: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 13:21:37.473578: | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 Aug 26 13:21:37.473580: | ***parse ISAKMP Vendor ID Payload: Aug 26 13:21:37.473581: | next payload type: ISAKMP_NEXT_VID (0xd) Aug 26 13:21:37.473583: | length: 20 (0x14) Aug 26 13:21:37.473584: | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 Aug 26 13:21:37.473586: | ***parse ISAKMP Vendor ID Payload: Aug 26 13:21:37.473587: | next payload type: ISAKMP_NEXT_VID (0xd) Aug 26 13:21:37.473589: | length: 20 (0x14) Aug 26 13:21:37.473591: | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 Aug 26 13:21:37.473592: | ***parse ISAKMP Vendor ID Payload: Aug 26 13:21:37.473594: | next payload type: ISAKMP_NEXT_VID (0xd) Aug 26 13:21:37.473595: | length: 20 (0x14) Aug 26 13:21:37.473597: | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 Aug 26 13:21:37.473598: | ***parse ISAKMP Vendor ID Payload: Aug 26 13:21:37.473600: | next payload type: ISAKMP_NEXT_VID (0xd) Aug 26 13:21:37.473601: | length: 20 (0x14) Aug 26 13:21:37.473603: | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 Aug 26 13:21:37.473604: | ***parse ISAKMP Vendor ID Payload: Aug 26 13:21:37.473606: | next payload type: ISAKMP_NEXT_VID (0xd) Aug 26 13:21:37.473607: | length: 20 (0x14) Aug 26 13:21:37.473609: | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 Aug 26 13:21:37.473610: | ***parse ISAKMP Vendor ID Payload: Aug 26 13:21:37.473613: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:21:37.473615: | length: 20 (0x14) Aug 26 13:21:37.473617: | message 'main_inI1_outR1' HASH payload not checked early Aug 26 13:21:37.473620: | received Vendor ID payload [FRAGMENTATION] Aug 26 13:21:37.473622: | received Vendor ID payload [Dead Peer Detection] Aug 26 13:21:37.473624: | quirks.qnat_traversal_vid set to=117 [RFC 3947] Aug 26 13:21:37.473626: | received Vendor ID payload [RFC 3947] Aug 26 13:21:37.473628: | Ignoring older NAT-T Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] Aug 26 13:21:37.473629: | ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] Aug 26 13:21:37.473631: | Ignoring older NAT-T Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] Aug 26 13:21:37.473633: | ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] Aug 26 13:21:37.473635: | Ignoring older NAT-T Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] Aug 26 13:21:37.473636: | ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] Aug 26 13:21:37.473638: | in statetime_start() with no state Aug 26 13:21:37.473641: | find_host_connection local=192.1.2.23:500 remote=192.1.3.33:500 policy=IKEV1_ALLOW but ignoring ports Aug 26 13:21:37.473645: | find_host_pair: comparing 192.1.2.23:500 to 192.1.3.33:500 but ignoring ports Aug 26 13:21:37.473646: | find_next_host_connection policy=IKEV1_ALLOW Aug 26 13:21:37.473649: | found policy = RSASIG+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (northnet-eastnets/0x2) Aug 26 13:21:37.473651: | find_next_host_connection returns northnet-eastnets/0x2 Aug 26 13:21:37.473653: | find_next_host_connection policy=IKEV1_ALLOW Aug 26 13:21:37.473655: | found policy = RSASIG+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (northnet-eastnets/0x1) Aug 26 13:21:37.473656: | find_next_host_connection returns northnet-eastnets/0x1 Aug 26 13:21:37.473658: | find_next_host_connection policy=IKEV1_ALLOW Aug 26 13:21:37.473660: | find_next_host_connection returns empty Aug 26 13:21:37.473680: | creating state object #1 at 0x555fbaf27778 Aug 26 13:21:37.473682: | State DB: adding IKEv1 state #1 in UNDEFINED Aug 26 13:21:37.473687: | pstats #1 ikev1.isakmp started Aug 26 13:21:37.473690: | #1 updating local interface from to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2669) Aug 26 13:21:37.473695: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in main_inI1_outR1() at ikev1_main.c:667) Aug 26 13:21:37.473697: | parent state #1: UNDEFINED(ignore) => MAIN_R0(half-open IKE SA) Aug 26 13:21:37.473699: | sender checking NAT-T: enabled; VID 117 Aug 26 13:21:37.473701: | returning NAT-T method NAT_TRAVERSAL_METHOD_IETF_RFC Aug 26 13:21:37.473703: | enabling possible NAT-traversal with method RFC 3947 (NAT-Traversal) Aug 26 13:21:37.473705: "northnet-eastnets/0x2" #1: responding to Main Mode Aug 26 13:21:37.473726: | **emit ISAKMP Message: Aug 26 13:21:37.473728: | initiator cookie: Aug 26 13:21:37.473730: | ff 46 30 fd 82 4a 54 6b Aug 26 13:21:37.473731: | responder cookie: Aug 26 13:21:37.473733: | d9 29 c1 51 cb 06 e4 0b Aug 26 13:21:37.473734: | next payload type: ISAKMP_NEXT_SA (0x1) Aug 26 13:21:37.473736: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 13:21:37.473737: | exchange type: ISAKMP_XCHG_IDPROT (0x2) Aug 26 13:21:37.473739: | flags: none (0x0) Aug 26 13:21:37.473741: | Message ID: 0 (0x0) Aug 26 13:21:37.473742: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:21:37.473744: | next payload chain: ignoring supplied 'ISAKMP Message'.'next payload type' value 1:ISAKMP_NEXT_SA Aug 26 13:21:37.473746: | ***emit ISAKMP Security Association Payload: Aug 26 13:21:37.473748: | next payload type: ISAKMP_NEXT_VID (0xd) Aug 26 13:21:37.473749: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 13:21:37.473751: | next payload chain: ignoring supplied 'ISAKMP Security Association Payload'.'next payload type' value 13:ISAKMP_NEXT_VID Aug 26 13:21:37.473755: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Security Association Payload (1:ISAKMP_NEXT_SA) Aug 26 13:21:37.473757: | next payload chain: saving location 'ISAKMP Security Association Payload'.'next payload type' in 'reply packet' Aug 26 13:21:37.473759: | ****parse IPsec DOI SIT: Aug 26 13:21:37.473760: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) Aug 26 13:21:37.473762: | ****parse ISAKMP Proposal Payload: Aug 26 13:21:37.473764: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:21:37.473765: | length: 632 (0x278) Aug 26 13:21:37.473767: | proposal number: 0 (0x0) Aug 26 13:21:37.473768: | protocol ID: PROTO_ISAKMP (0x1) Aug 26 13:21:37.473770: | SPI size: 0 (0x0) Aug 26 13:21:37.473771: | number of transforms: 18 (0x12) Aug 26 13:21:37.473774: | *****parse ISAKMP Transform Payload (ISAKMP): Aug 26 13:21:37.473775: | next payload type: ISAKMP_NEXT_T (0x3) Aug 26 13:21:37.473777: | length: 36 (0x24) Aug 26 13:21:37.473778: | ISAKMP transform number: 0 (0x0) Aug 26 13:21:37.473780: | ISAKMP transform ID: KEY_IKE (0x1) Aug 26 13:21:37.473781: | ******parse ISAKMP Oakley attribute: Aug 26 13:21:37.473783: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Aug 26 13:21:37.473785: | length/value: 1 (0x1) Aug 26 13:21:37.473787: | [1 is OAKLEY_LIFE_SECONDS] Aug 26 13:21:37.473788: | ******parse ISAKMP Oakley attribute: Aug 26 13:21:37.473790: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Aug 26 13:21:37.473792: | length/value: 3600 (0xe10) Aug 26 13:21:37.473793: | ******parse ISAKMP Oakley attribute: Aug 26 13:21:37.473795: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Aug 26 13:21:37.473796: | length/value: 7 (0x7) Aug 26 13:21:37.473798: | [7 is OAKLEY_AES_CBC] Aug 26 13:21:37.473800: | ******parse ISAKMP Oakley attribute: Aug 26 13:21:37.473801: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Aug 26 13:21:37.473803: | length/value: 4 (0x4) Aug 26 13:21:37.473804: | [4 is OAKLEY_SHA2_256] Aug 26 13:21:37.473806: | ******parse ISAKMP Oakley attribute: Aug 26 13:21:37.473808: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Aug 26 13:21:37.473809: | length/value: 3 (0x3) Aug 26 13:21:37.473811: | [3 is OAKLEY_RSA_SIG] Aug 26 13:21:37.473812: | ******parse ISAKMP Oakley attribute: Aug 26 13:21:37.473814: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Aug 26 13:21:37.473815: | length/value: 14 (0xe) Aug 26 13:21:37.473817: | [14 is OAKLEY_GROUP_MODP2048] Aug 26 13:21:37.473819: | ******parse ISAKMP Oakley attribute: Aug 26 13:21:37.473820: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) Aug 26 13:21:37.473822: | length/value: 256 (0x100) Aug 26 13:21:37.473824: | OAKLEY proposal verified unconditionally; no alg_info to check against Aug 26 13:21:37.473825: | Oakley Transform 0 accepted Aug 26 13:21:37.473827: | ****emit IPsec DOI SIT: Aug 26 13:21:37.473828: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) Aug 26 13:21:37.473830: | ****emit ISAKMP Proposal Payload: Aug 26 13:21:37.473832: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:21:37.473833: | proposal number: 0 (0x0) Aug 26 13:21:37.473835: | protocol ID: PROTO_ISAKMP (0x1) Aug 26 13:21:37.473836: | SPI size: 0 (0x0) Aug 26 13:21:37.473838: | number of transforms: 1 (0x1) Aug 26 13:21:37.473840: | last substructure: saving location 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' Aug 26 13:21:37.473841: | *****emit ISAKMP Transform Payload (ISAKMP): Aug 26 13:21:37.473843: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:21:37.473844: | ISAKMP transform number: 0 (0x0) Aug 26 13:21:37.473846: | ISAKMP transform ID: KEY_IKE (0x1) Aug 26 13:21:37.473848: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Aug 26 13:21:37.473850: | emitting 28 raw bytes of attributes into ISAKMP Transform Payload (ISAKMP) Aug 26 13:21:37.473852: | attributes 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 04 Aug 26 13:21:37.473854: | attributes 80 03 00 03 80 04 00 0e 80 0e 01 00 Aug 26 13:21:37.473856: | emitting length of ISAKMP Transform Payload (ISAKMP): 36 Aug 26 13:21:37.473858: | emitting length of ISAKMP Proposal Payload: 44 Aug 26 13:21:37.473859: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is 0 Aug 26 13:21:37.473861: | emitting length of ISAKMP Security Association Payload: 56 Aug 26 13:21:37.473863: | last substructure: checking 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' is 0 Aug 26 13:21:37.473865: | out_vid(): sending [FRAGMENTATION] Aug 26 13:21:37.473866: | ***emit ISAKMP Vendor ID Payload: Aug 26 13:21:37.473868: | next payload type: ISAKMP_NEXT_VID (0xd) Aug 26 13:21:37.473870: | next payload chain: ignoring supplied 'ISAKMP Vendor ID Payload'.'next payload type' value 13:ISAKMP_NEXT_VID Aug 26 13:21:37.473872: | next payload chain: setting previous 'ISAKMP Security Association Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) Aug 26 13:21:37.473873: | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' Aug 26 13:21:37.473875: | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload Aug 26 13:21:37.473877: | V_ID 40 48 b7 d5 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3 Aug 26 13:21:37.473879: | emitting length of ISAKMP Vendor ID Payload: 20 Aug 26 13:21:37.473880: | out_vid(): sending [Dead Peer Detection] Aug 26 13:21:37.473882: | ***emit ISAKMP Vendor ID Payload: Aug 26 13:21:37.473883: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:21:37.473885: | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) Aug 26 13:21:37.473887: | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' Aug 26 13:21:37.473888: | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload Aug 26 13:21:37.473890: | V_ID af ca d7 13 68 a1 f1 c9 6b 86 96 fc 77 57 01 00 Aug 26 13:21:37.473892: | emitting length of ISAKMP Vendor ID Payload: 20 Aug 26 13:21:37.473893: | out_vid(): sending [RFC 3947] Aug 26 13:21:37.473894: | ***emit ISAKMP Vendor ID Payload: Aug 26 13:21:37.473896: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:21:37.473898: | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) Aug 26 13:21:37.473900: | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' Aug 26 13:21:37.473901: | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload Aug 26 13:21:37.473903: | V_ID 4a 13 1c 81 07 03 58 45 5c 57 28 f2 0e 95 45 2f Aug 26 13:21:37.473904: | emitting length of ISAKMP Vendor ID Payload: 20 Aug 26 13:21:37.473906: | no IKEv1 message padding required Aug 26 13:21:37.473907: | emitting length of ISAKMP Message: 144 Aug 26 13:21:37.473911: | complete v1 state transition with STF_OK Aug 26 13:21:37.473914: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in complete_v1_state_transition() at ikev1.c:2673) Aug 26 13:21:37.473916: | #1 is idle Aug 26 13:21:37.473918: | doing_xauth:no, t_xauth_client_done:no Aug 26 13:21:37.473919: | peer supports fragmentation Aug 26 13:21:37.473920: | peer supports DPD Aug 26 13:21:37.473922: | IKEv1: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 Aug 26 13:21:37.473924: | parent state #1: MAIN_R0(half-open IKE SA) => MAIN_R1(open IKE SA) Aug 26 13:21:37.473926: | event_already_set, deleting event Aug 26 13:21:37.473929: | sending reply packet to 192.1.3.33:500 (from 192.1.2.23:500) Aug 26 13:21:37.473933: | sending 144 bytes for STATE_MAIN_R0 through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) Aug 26 13:21:37.473935: | ff 46 30 fd 82 4a 54 6b d9 29 c1 51 cb 06 e4 0b Aug 26 13:21:37.473936: | 01 10 02 00 00 00 00 00 00 00 00 90 0d 00 00 38 Aug 26 13:21:37.473940: | 00 00 00 01 00 00 00 01 00 00 00 2c 00 01 00 01 Aug 26 13:21:37.473942: | 00 00 00 24 00 01 00 00 80 0b 00 01 80 0c 0e 10 Aug 26 13:21:37.473943: | 80 01 00 07 80 02 00 04 80 03 00 03 80 04 00 0e Aug 26 13:21:37.473945: | 80 0e 01 00 0d 00 00 14 40 48 b7 d5 6e bc e8 85 Aug 26 13:21:37.473946: | 25 e7 de 7f 00 d6 c2 d3 0d 00 00 14 af ca d7 13 Aug 26 13:21:37.473947: | 68 a1 f1 c9 6b 86 96 fc 77 57 01 00 00 00 00 14 Aug 26 13:21:37.473949: | 4a 13 1c 81 07 03 58 45 5c 57 28 f2 0e 95 45 2f Aug 26 13:21:37.473973: | !event_already_set at reschedule Aug 26 13:21:37.473977: | event_schedule: new EVENT_SO_DISCARD-pe@0x555fbaf23f88 Aug 26 13:21:37.473979: | inserting event EVENT_SO_DISCARD, timeout in 60 seconds for #1 Aug 26 13:21:37.473982: | libevent_malloc: new ptr-libevent@0x555fbaf1ea68 size 128 Aug 26 13:21:37.473984: "northnet-eastnets/0x2" #1: STATE_MAIN_R1: sent MR1, expecting MI2 Aug 26 13:21:37.473986: | modecfg pull: noquirk policy:push not-client Aug 26 13:21:37.473988: | phase 1 is done, looking for phase 2 to unpend Aug 26 13:21:37.473990: | stop processing: from 192.1.3.33:500 (BACKGROUND) (in process_md() at demux.c:380) Aug 26 13:21:37.473994: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in process_md() at demux.c:382) Aug 26 13:21:37.473996: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:21:37.473999: | spent 0.596 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:21:37.475213: | spent 0.00214 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:21:37.475229: | *received 396 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) Aug 26 13:21:37.475247: | ff 46 30 fd 82 4a 54 6b d9 29 c1 51 cb 06 e4 0b Aug 26 13:21:37.475248: | 04 10 02 00 00 00 00 00 00 00 01 8c 0a 00 01 04 Aug 26 13:21:37.475250: | b7 b6 99 aa b6 58 3f dc 2b 2e ec 1a 58 ad 77 e3 Aug 26 13:21:37.475251: | dc 46 cf dd 1d 70 af 71 02 6c 36 52 72 db e3 35 Aug 26 13:21:37.475253: | 9c 6a 26 62 36 d3 03 7c ff b8 2e 7e 61 eb 91 e3 Aug 26 13:21:37.475254: | 6a 3a b1 d0 62 4e 94 6b 3b 94 da 18 3d 45 8e 73 Aug 26 13:21:37.475256: | 1d 51 b7 8b fd 21 9a 69 f6 14 ba 3f cc 6f f6 ce Aug 26 13:21:37.475257: | b9 a8 f2 35 f1 a6 ea b5 34 fa 45 0d ba 64 92 c4 Aug 26 13:21:37.475259: | 6d 30 78 86 80 6e 09 a8 1e 99 14 64 9b 81 94 32 Aug 26 13:21:37.475260: | 43 d8 07 c3 4f 1c f9 fc 35 80 f8 4e 20 e4 5d 23 Aug 26 13:21:37.475262: | 81 85 c5 bc ae 2e d0 48 85 90 53 f7 e5 fe 4e b9 Aug 26 13:21:37.475263: | 19 91 65 32 e3 b4 f8 5c e7 ac 95 64 97 05 a7 bf Aug 26 13:21:37.475265: | 51 26 6f 46 f9 e4 38 91 87 c2 4b 13 b2 5b 59 fb Aug 26 13:21:37.475266: | 84 de 41 15 e5 e8 43 91 33 76 44 3f 9b 51 76 ed Aug 26 13:21:37.475268: | 6d fe 28 1b d3 14 ed 4c 5e 02 90 d0 82 3a 84 75 Aug 26 13:21:37.475269: | 0c ea b8 ae 5a 07 7d e7 06 5a df c2 ea a9 1e 7a Aug 26 13:21:37.475271: | 3d ae f8 d1 72 23 6b da 0e 95 dc 20 f2 87 d6 59 Aug 26 13:21:37.475272: | 47 01 ec e3 00 fa 41 a7 82 8a a5 57 61 eb 72 c4 Aug 26 13:21:37.475274: | 14 00 00 24 a3 32 86 3d 47 ec 12 d4 81 48 28 77 Aug 26 13:21:37.475275: | ec 4c ae 8d ff 85 1d a2 5f c4 cb 82 8a 65 5a ce Aug 26 13:21:37.475277: | 87 0d a3 9c 14 00 00 24 ed 32 8a af f0 63 ea 88 Aug 26 13:21:37.475278: | 01 05 5b 36 83 42 ef 6f 7d 4f 64 aa 83 82 09 43 Aug 26 13:21:37.475280: | 53 88 23 dd 04 b7 7d cf 00 00 00 24 7d 1f f8 05 Aug 26 13:21:37.475281: | 8e cd 98 1a ee ba d7 61 74 76 d9 06 3c 55 1e b4 Aug 26 13:21:37.475283: | 00 77 f8 6f 4d ca 09 e3 d8 9a 01 8c Aug 26 13:21:37.475286: | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) Aug 26 13:21:37.475310: | **parse ISAKMP Message: Aug 26 13:21:37.475326: | initiator cookie: Aug 26 13:21:37.475328: | ff 46 30 fd 82 4a 54 6b Aug 26 13:21:37.475329: | responder cookie: Aug 26 13:21:37.475331: | d9 29 c1 51 cb 06 e4 0b Aug 26 13:21:37.475334: | next payload type: ISAKMP_NEXT_KE (0x4) Aug 26 13:21:37.475336: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 13:21:37.475338: | exchange type: ISAKMP_XCHG_IDPROT (0x2) Aug 26 13:21:37.475339: | flags: none (0x0) Aug 26 13:21:37.475341: | Message ID: 0 (0x0) Aug 26 13:21:37.475343: | length: 396 (0x18c) Aug 26 13:21:37.475345: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) Aug 26 13:21:37.475347: | State DB: found IKEv1 state #1 in MAIN_R1 (find_state_ikev1) Aug 26 13:21:37.475350: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in process_v1_packet() at ikev1.c:1459) Aug 26 13:21:37.475352: | #1 is idle Aug 26 13:21:37.475354: | #1 idle Aug 26 13:21:37.475356: | got payload 0x10 (ISAKMP_NEXT_KE) needed: 0x410 opt: 0x102080 Aug 26 13:21:37.475357: | ***parse ISAKMP Key Exchange Payload: Aug 26 13:21:37.475359: | next payload type: ISAKMP_NEXT_NONCE (0xa) Aug 26 13:21:37.475361: | length: 260 (0x104) Aug 26 13:21:37.475362: | got payload 0x400 (ISAKMP_NEXT_NONCE) needed: 0x400 opt: 0x102080 Aug 26 13:21:37.475364: | ***parse ISAKMP Nonce Payload: Aug 26 13:21:37.475366: | next payload type: ISAKMP_NEXT_NATD_RFC (0x14) Aug 26 13:21:37.475367: | length: 36 (0x24) Aug 26 13:21:37.475369: | got payload 0x100000 (ISAKMP_NEXT_NATD_RFC) needed: 0x0 opt: 0x102080 Aug 26 13:21:37.475371: | ***parse ISAKMP NAT-D Payload: Aug 26 13:21:37.475372: | next payload type: ISAKMP_NEXT_NATD_RFC (0x14) Aug 26 13:21:37.475374: | length: 36 (0x24) Aug 26 13:21:37.475375: | got payload 0x100000 (ISAKMP_NEXT_NATD_RFC) needed: 0x0 opt: 0x102080 Aug 26 13:21:37.475377: | ***parse ISAKMP NAT-D Payload: Aug 26 13:21:37.475379: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:21:37.475380: | length: 36 (0x24) Aug 26 13:21:37.475382: | message 'main_inI2_outR2' HASH payload not checked early Aug 26 13:21:37.475385: | init checking NAT-T: enabled; RFC 3947 (NAT-Traversal) Aug 26 13:21:37.475396: | natd_hash: hasher=0x555fba8f0ca0(32) Aug 26 13:21:37.475398: | natd_hash: icookie= ff 46 30 fd 82 4a 54 6b Aug 26 13:21:37.475400: | natd_hash: rcookie= d9 29 c1 51 cb 06 e4 0b Aug 26 13:21:37.475401: | natd_hash: ip= c0 01 02 17 Aug 26 13:21:37.475403: | natd_hash: port=500 Aug 26 13:21:37.475404: | natd_hash: hash= ed 32 8a af f0 63 ea 88 01 05 5b 36 83 42 ef 6f Aug 26 13:21:37.475406: | natd_hash: hash= 7d 4f 64 aa 83 82 09 43 53 88 23 dd 04 b7 7d cf Aug 26 13:21:37.475411: | natd_hash: hasher=0x555fba8f0ca0(32) Aug 26 13:21:37.475412: | natd_hash: icookie= ff 46 30 fd 82 4a 54 6b Aug 26 13:21:37.475414: | natd_hash: rcookie= d9 29 c1 51 cb 06 e4 0b Aug 26 13:21:37.475415: | natd_hash: ip= c0 01 03 21 Aug 26 13:21:37.475417: | natd_hash: port=500 Aug 26 13:21:37.475418: | natd_hash: hash= 7d 1f f8 05 8e cd 98 1a ee ba d7 61 74 76 d9 06 Aug 26 13:21:37.475420: | natd_hash: hash= 3c 55 1e b4 00 77 f8 6f 4d ca 09 e3 d8 9a 01 8c Aug 26 13:21:37.475421: | expected NAT-D(me): ed 32 8a af f0 63 ea 88 01 05 5b 36 83 42 ef 6f Aug 26 13:21:37.475423: | expected NAT-D(me): 7d 4f 64 aa 83 82 09 43 53 88 23 dd 04 b7 7d cf Aug 26 13:21:37.475424: | expected NAT-D(him): Aug 26 13:21:37.475426: | 7d 1f f8 05 8e cd 98 1a ee ba d7 61 74 76 d9 06 Aug 26 13:21:37.475428: | 3c 55 1e b4 00 77 f8 6f 4d ca 09 e3 d8 9a 01 8c Aug 26 13:21:37.475429: | received NAT-D: ed 32 8a af f0 63 ea 88 01 05 5b 36 83 42 ef 6f Aug 26 13:21:37.475431: | received NAT-D: 7d 4f 64 aa 83 82 09 43 53 88 23 dd 04 b7 7d cf Aug 26 13:21:37.475432: | received NAT-D: 7d 1f f8 05 8e cd 98 1a ee ba d7 61 74 76 d9 06 Aug 26 13:21:37.475434: | received NAT-D: 3c 55 1e b4 00 77 f8 6f 4d ca 09 e3 d8 9a 01 8c Aug 26 13:21:37.475435: | NAT_TRAVERSAL encaps using auto-detect Aug 26 13:21:37.475437: | NAT_TRAVERSAL this end is NOT behind NAT Aug 26 13:21:37.475438: | NAT_TRAVERSAL that end is NOT behind NAT Aug 26 13:21:37.475440: | NAT_TRAVERSAL nat-keepalive enabled 192.1.3.33 Aug 26 13:21:37.475442: | NAT-Traversal: Result using RFC 3947 (NAT-Traversal) sender port 500: no NAT detected Aug 26 13:21:37.475445: | NAT_T_WITH_KA detected Aug 26 13:21:37.475447: | global one-shot timer EVENT_NAT_T_KEEPALIVE scheduled in 20 seconds Aug 26 13:21:37.475452: | adding inI2_outR2 KE work-order 1 for state #1 Aug 26 13:21:37.475454: | state #1 requesting EVENT_SO_DISCARD to be deleted Aug 26 13:21:37.475456: | libevent_free: release ptr-libevent@0x555fbaf1ea68 Aug 26 13:21:37.475458: | free_event_entry: release EVENT_SO_DISCARD-pe@0x555fbaf23f88 Aug 26 13:21:37.475460: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x555fbaf23f88 Aug 26 13:21:37.475462: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Aug 26 13:21:37.475464: | libevent_malloc: new ptr-libevent@0x555fbaf28878 size 128 Aug 26 13:21:37.475469: | complete v1 state transition with STF_SUSPEND Aug 26 13:21:37.475473: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in complete_v1_state_transition() at ikev1.c:2648) Aug 26 13:21:37.475475: | suspending state #1 and saving MD Aug 26 13:21:37.475476: | #1 is busy; has a suspended MD Aug 26 13:21:37.475479: | #1 spent 0.0945 milliseconds in process_packet_tail() Aug 26 13:21:37.475482: | stop processing: from 192.1.3.33:500 (BACKGROUND) (in process_md() at demux.c:380) Aug 26 13:21:37.475485: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in process_md() at demux.c:382) Aug 26 13:21:37.475487: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:21:37.475489: | spent 0.246 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:21:37.475505: | crypto helper 0 resuming Aug 26 13:21:37.475514: | crypto helper 0 starting work-order 1 for state #1 Aug 26 13:21:37.475517: | crypto helper 0 doing build KE and nonce (inI2_outR2 KE); request ID 1 Aug 26 13:21:37.476064: | crypto helper 0 finished build KE and nonce (inI2_outR2 KE); request ID 1 time elapsed 0.000547 seconds Aug 26 13:21:37.476070: | (#1) spent 0.552 milliseconds in crypto helper computing work-order 1: inI2_outR2 KE (pcr) Aug 26 13:21:37.476072: | crypto helper 0 sending results from work-order 1 for state #1 to event queue Aug 26 13:21:37.476074: | scheduling resume sending helper answer for #1 Aug 26 13:21:37.476077: | libevent_malloc: new ptr-libevent@0x7f4ecc002888 size 128 Aug 26 13:21:37.476083: | crypto helper 0 waiting (nothing to do) Aug 26 13:21:37.476117: | processing resume sending helper answer for #1 Aug 26 13:21:37.476126: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:797) Aug 26 13:21:37.476130: | crypto helper 0 replies to request ID 1 Aug 26 13:21:37.476132: | calling continuation function 0x555fba81bb50 Aug 26 13:21:37.476133: | main_inI2_outR2_continue for #1: calculated ke+nonce, sending R2 Aug 26 13:21:37.476138: | **emit ISAKMP Message: Aug 26 13:21:37.476139: | initiator cookie: Aug 26 13:21:37.476141: | ff 46 30 fd 82 4a 54 6b Aug 26 13:21:37.476143: | responder cookie: Aug 26 13:21:37.476144: | d9 29 c1 51 cb 06 e4 0b Aug 26 13:21:37.476146: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:21:37.476148: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 13:21:37.476149: | exchange type: ISAKMP_XCHG_IDPROT (0x2) Aug 26 13:21:37.476151: | flags: none (0x0) Aug 26 13:21:37.476153: | Message ID: 0 (0x0) Aug 26 13:21:37.476155: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:21:37.476157: | ***emit ISAKMP Key Exchange Payload: Aug 26 13:21:37.476158: | next payload type: ISAKMP_NEXT_NONCE (0xa) Aug 26 13:21:37.476160: | next payload chain: ignoring supplied 'ISAKMP Key Exchange Payload'.'next payload type' value 10:ISAKMP_NEXT_NONCE Aug 26 13:21:37.476162: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Key Exchange Payload (4:ISAKMP_NEXT_KE) Aug 26 13:21:37.476164: | next payload chain: saving location 'ISAKMP Key Exchange Payload'.'next payload type' in 'reply packet' Aug 26 13:21:37.476168: | emitting 256 raw bytes of keyex value into ISAKMP Key Exchange Payload Aug 26 13:21:37.476170: | keyex value 0c b9 9b 33 05 69 a9 82 98 f9 ba 09 0c 11 47 79 Aug 26 13:21:37.476172: | keyex value 3b a7 b7 fd 58 34 19 41 82 9a d5 8a a0 94 99 5a Aug 26 13:21:37.476173: | keyex value 9e ca 5b d8 c1 06 74 38 3f 6f 51 35 a9 77 55 4b Aug 26 13:21:37.476175: | keyex value 6b 6d 8d 57 6a 0f fe 86 17 06 e2 48 ba d2 f1 f1 Aug 26 13:21:37.476176: | keyex value fd ce 79 01 0d d6 50 75 0b 38 e6 26 2b ab 93 e9 Aug 26 13:21:37.476178: | keyex value 2e 8a 0b 9e b3 f2 70 59 49 3c f2 75 36 80 34 3e Aug 26 13:21:37.476179: | keyex value db 0d d4 de 25 9a 9a 86 5b 62 2e fe 44 90 76 02 Aug 26 13:21:37.476181: | keyex value d1 3a 67 b5 a0 29 26 da 6f 1a 32 89 b1 f1 03 3c Aug 26 13:21:37.476182: | keyex value 24 ad 2b ee cd aa d2 27 9a 93 08 0e 2b 2f c9 e2 Aug 26 13:21:37.476184: | keyex value a9 f9 ea f2 08 b5 68 98 d2 f8 5e 32 36 21 b6 6c Aug 26 13:21:37.476185: | keyex value 90 1c a5 5f 19 76 8f ab c0 ad 95 80 07 f1 da 83 Aug 26 13:21:37.476187: | keyex value db 47 cd af 6e cc d0 d8 81 46 cb bc 7f 16 47 c9 Aug 26 13:21:37.476188: | keyex value b5 9c 77 a8 82 ea 83 15 52 6e 6d 83 44 8a 11 4d Aug 26 13:21:37.476190: | keyex value 6e 26 08 98 1e 7c 50 d3 39 08 dc 1a 1e 8d 44 38 Aug 26 13:21:37.476191: | keyex value d5 b9 e7 d0 bd a0 b8 31 24 88 23 ee d1 46 90 0b Aug 26 13:21:37.476193: | keyex value 6c 1f 33 6b 1b f8 df 13 91 89 25 cc 8d dc b7 3b Aug 26 13:21:37.476194: | emitting length of ISAKMP Key Exchange Payload: 260 Aug 26 13:21:37.476196: | ***emit ISAKMP Nonce Payload: Aug 26 13:21:37.476198: | next payload type: ISAKMP_NEXT_CR (0x7) Aug 26 13:21:37.476200: | next payload chain: ignoring supplied 'ISAKMP Nonce Payload'.'next payload type' value 7:ISAKMP_NEXT_CR Aug 26 13:21:37.476202: | next payload chain: setting previous 'ISAKMP Key Exchange Payload'.'next payload type' to current ISAKMP Nonce Payload (10:ISAKMP_NEXT_NONCE) Aug 26 13:21:37.476204: | next payload chain: saving location 'ISAKMP Nonce Payload'.'next payload type' in 'reply packet' Aug 26 13:21:37.476206: | emitting 32 raw bytes of Nr into ISAKMP Nonce Payload Aug 26 13:21:37.476207: | Nr 8a 58 f1 2d 8f 10 5b ad e6 e5 af 78 0d b6 be 3e Aug 26 13:21:37.476209: | Nr 48 cd f5 23 32 0d b0 fd bc 19 a4 6e 75 6f 0f 9e Aug 26 13:21:37.476210: | emitting length of ISAKMP Nonce Payload: 36 Aug 26 13:21:37.476212: | ***emit ISAKMP Certificate RequestPayload: Aug 26 13:21:37.476214: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:21:37.476216: | cert type: CERT_X509_SIGNATURE (0x4) Aug 26 13:21:37.476218: | next payload chain: setting previous 'ISAKMP Nonce Payload'.'next payload type' to current ISAKMP Certificate RequestPayload (7:ISAKMP_NEXT_CR) Aug 26 13:21:37.476220: | next payload chain: saving location 'ISAKMP Certificate RequestPayload'.'next payload type' in 'reply packet' Aug 26 13:21:37.476222: | emitting 175 raw bytes of CA into ISAKMP Certificate RequestPayload Aug 26 13:21:37.476223: | CA 30 81 ac 31 0b 30 09 06 03 55 04 06 13 02 43 41 Aug 26 13:21:37.476225: | CA 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 Aug 26 13:21:37.476226: | CA 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 Aug 26 13:21:37.476228: | CA 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c Aug 26 13:21:37.476229: | CA 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 Aug 26 13:21:37.476231: | CA 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 Aug 26 13:21:37.476232: | CA 6e 74 31 25 30 23 06 03 55 04 03 0c 1c 4c 69 62 Aug 26 13:21:37.476234: | CA 72 65 73 77 61 6e 20 74 65 73 74 20 43 41 20 66 Aug 26 13:21:37.476235: | CA 6f 72 20 6d 61 69 6e 63 61 31 24 30 22 06 09 2a Aug 26 13:21:37.476237: | CA 86 48 86 f7 0d 01 09 01 16 15 74 65 73 74 69 6e Aug 26 13:21:37.476238: | CA 67 40 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 Aug 26 13:21:37.476240: | emitting length of ISAKMP Certificate RequestPayload: 180 Aug 26 13:21:37.476242: | sending NAT-D payloads Aug 26 13:21:37.476250: | natd_hash: hasher=0x555fba8f0ca0(32) Aug 26 13:21:37.476252: | natd_hash: icookie= ff 46 30 fd 82 4a 54 6b Aug 26 13:21:37.476254: | natd_hash: rcookie= d9 29 c1 51 cb 06 e4 0b Aug 26 13:21:37.476255: | natd_hash: ip= c0 01 03 21 Aug 26 13:21:37.476257: | natd_hash: port=500 Aug 26 13:21:37.476258: | natd_hash: hash= 7d 1f f8 05 8e cd 98 1a ee ba d7 61 74 76 d9 06 Aug 26 13:21:37.476260: | natd_hash: hash= 3c 55 1e b4 00 77 f8 6f 4d ca 09 e3 d8 9a 01 8c Aug 26 13:21:37.476261: | ***emit ISAKMP NAT-D Payload: Aug 26 13:21:37.476263: | next payload type: ISAKMP_NEXT_NATD_RFC (0x14) Aug 26 13:21:37.476265: | next payload chain: ignoring supplied 'ISAKMP NAT-D Payload'.'next payload type' value 20:ISAKMP_NEXT_NATD_RFC Aug 26 13:21:37.476267: | next payload chain: setting previous 'ISAKMP Certificate RequestPayload'.'next payload type' to current ISAKMP NAT-D Payload (20:ISAKMP_NEXT_NATD_RFC) Aug 26 13:21:37.476269: | next payload chain: saving location 'ISAKMP NAT-D Payload'.'next payload type' in 'reply packet' Aug 26 13:21:37.476270: | emitting 32 raw bytes of NAT-D into ISAKMP NAT-D Payload Aug 26 13:21:37.476272: | NAT-D 7d 1f f8 05 8e cd 98 1a ee ba d7 61 74 76 d9 06 Aug 26 13:21:37.476274: | NAT-D 3c 55 1e b4 00 77 f8 6f 4d ca 09 e3 d8 9a 01 8c Aug 26 13:21:37.476275: | emitting length of ISAKMP NAT-D Payload: 36 Aug 26 13:21:37.476279: | natd_hash: hasher=0x555fba8f0ca0(32) Aug 26 13:21:37.476281: | natd_hash: icookie= ff 46 30 fd 82 4a 54 6b Aug 26 13:21:37.476282: | natd_hash: rcookie= d9 29 c1 51 cb 06 e4 0b Aug 26 13:21:37.476284: | natd_hash: ip= c0 01 02 17 Aug 26 13:21:37.476285: | natd_hash: port=500 Aug 26 13:21:37.476287: | natd_hash: hash= ed 32 8a af f0 63 ea 88 01 05 5b 36 83 42 ef 6f Aug 26 13:21:37.476299: | natd_hash: hash= 7d 4f 64 aa 83 82 09 43 53 88 23 dd 04 b7 7d cf Aug 26 13:21:37.476302: | ***emit ISAKMP NAT-D Payload: Aug 26 13:21:37.476304: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:21:37.476325: | next payload chain: setting previous 'ISAKMP NAT-D Payload'.'next payload type' to current ISAKMP NAT-D Payload (20:ISAKMP_NEXT_NATD_RFC) Aug 26 13:21:37.476327: | next payload chain: saving location 'ISAKMP NAT-D Payload'.'next payload type' in 'reply packet' Aug 26 13:21:37.476328: | emitting 32 raw bytes of NAT-D into ISAKMP NAT-D Payload Aug 26 13:21:37.476330: | NAT-D ed 32 8a af f0 63 ea 88 01 05 5b 36 83 42 ef 6f Aug 26 13:21:37.476332: | NAT-D 7d 4f 64 aa 83 82 09 43 53 88 23 dd 04 b7 7d cf Aug 26 13:21:37.476333: | emitting length of ISAKMP NAT-D Payload: 36 Aug 26 13:21:37.476335: | no IKEv1 message padding required Aug 26 13:21:37.476336: | emitting length of ISAKMP Message: 576 Aug 26 13:21:37.476338: | main inI2_outR2: starting async DH calculation (group=14) Aug 26 13:21:37.476347: | started looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org of kind PKK_PSK Aug 26 13:21:37.476351: | actually looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org of kind PKK_PSK Aug 26 13:21:37.476357: | line 0: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org) to type PKK_RSA Aug 26 13:21:37.476372: | line 1: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org) to type PKK_RSA Aug 26 13:21:37.476375: | concluding with best_match=000 best=(nil) (lineno=-1) Aug 26 13:21:37.476376: | no PreShared Key Found Aug 26 13:21:37.476383: | adding main_inI2_outR2_tail work-order 2 for state #1 Aug 26 13:21:37.476386: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:21:37.476389: | libevent_free: release ptr-libevent@0x555fbaf28878 Aug 26 13:21:37.476391: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x555fbaf23f88 Aug 26 13:21:37.476393: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x555fbaf23f88 Aug 26 13:21:37.476395: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Aug 26 13:21:37.476397: | libevent_malloc: new ptr-libevent@0x555fbaf28928 size 128 Aug 26 13:21:37.476403: | #1 main_inI2_outR2_continue1_tail:1165 st->st_calculating = FALSE; Aug 26 13:21:37.476405: | complete v1 state transition with STF_OK Aug 26 13:21:37.476408: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in complete_v1_state_transition() at ikev1.c:2673) Aug 26 13:21:37.476410: | #1 is idle; has background offloaded task Aug 26 13:21:37.476411: | doing_xauth:no, t_xauth_client_done:no Aug 26 13:21:37.476413: | IKEv1: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2 Aug 26 13:21:37.476415: | parent state #1: MAIN_R1(open IKE SA) => MAIN_R2(open IKE SA) Aug 26 13:21:37.476417: | event_already_set, deleting event Aug 26 13:21:37.476418: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:21:37.476420: | libevent_free: release ptr-libevent@0x555fbaf28928 Aug 26 13:21:37.476422: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x555fbaf23f88 Aug 26 13:21:37.476425: | sending reply packet to 192.1.3.33:500 (from 192.1.2.23:500) Aug 26 13:21:37.476430: | sending 576 bytes for STATE_MAIN_R1 through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) Aug 26 13:21:37.476431: | ff 46 30 fd 82 4a 54 6b d9 29 c1 51 cb 06 e4 0b Aug 26 13:21:37.476433: | 04 10 02 00 00 00 00 00 00 00 02 40 0a 00 01 04 Aug 26 13:21:37.476434: | 0c b9 9b 33 05 69 a9 82 98 f9 ba 09 0c 11 47 79 Aug 26 13:21:37.476436: | 3b a7 b7 fd 58 34 19 41 82 9a d5 8a a0 94 99 5a Aug 26 13:21:37.476437: | 9e ca 5b d8 c1 06 74 38 3f 6f 51 35 a9 77 55 4b Aug 26 13:21:37.476437: | crypto helper 2 resuming Aug 26 13:21:37.476452: | crypto helper 2 starting work-order 2 for state #1 Aug 26 13:21:37.476439: | 6b 6d 8d 57 6a 0f fe 86 17 06 e2 48 ba d2 f1 f1 Aug 26 13:21:37.476460: | fd ce 79 01 0d d6 50 75 0b 38 e6 26 2b ab 93 e9 Aug 26 13:21:37.476464: | 2e 8a 0b 9e b3 f2 70 59 49 3c f2 75 36 80 34 3e Aug 26 13:21:37.476455: | crypto helper 2 doing compute dh+iv (V1 Phase 1) (main_inI2_outR2_tail); request ID 2 Aug 26 13:21:37.476465: | db 0d d4 de 25 9a 9a 86 5b 62 2e fe 44 90 76 02 Aug 26 13:21:37.476478: | d1 3a 67 b5 a0 29 26 da 6f 1a 32 89 b1 f1 03 3c Aug 26 13:21:37.476480: | 24 ad 2b ee cd aa d2 27 9a 93 08 0e 2b 2f c9 e2 Aug 26 13:21:37.476482: | a9 f9 ea f2 08 b5 68 98 d2 f8 5e 32 36 21 b6 6c Aug 26 13:21:37.476483: | 90 1c a5 5f 19 76 8f ab c0 ad 95 80 07 f1 da 83 Aug 26 13:21:37.476484: | db 47 cd af 6e cc d0 d8 81 46 cb bc 7f 16 47 c9 Aug 26 13:21:37.476486: | b5 9c 77 a8 82 ea 83 15 52 6e 6d 83 44 8a 11 4d Aug 26 13:21:37.476487: | 6e 26 08 98 1e 7c 50 d3 39 08 dc 1a 1e 8d 44 38 Aug 26 13:21:37.476489: | d5 b9 e7 d0 bd a0 b8 31 24 88 23 ee d1 46 90 0b Aug 26 13:21:37.476490: | 6c 1f 33 6b 1b f8 df 13 91 89 25 cc 8d dc b7 3b Aug 26 13:21:37.476492: | 07 00 00 24 8a 58 f1 2d 8f 10 5b ad e6 e5 af 78 Aug 26 13:21:37.476493: | 0d b6 be 3e 48 cd f5 23 32 0d b0 fd bc 19 a4 6e Aug 26 13:21:37.476495: | 75 6f 0f 9e 14 00 00 b4 04 30 81 ac 31 0b 30 09 Aug 26 13:21:37.476496: | 06 03 55 04 06 13 02 43 41 31 10 30 0e 06 03 55 Aug 26 13:21:37.476498: | 04 08 0c 07 4f 6e 74 61 72 69 6f 31 10 30 0e 06 Aug 26 13:21:37.476499: | 03 55 04 07 0c 07 54 6f 72 6f 6e 74 6f 31 12 30 Aug 26 13:21:37.476500: | 10 06 03 55 04 0a 0c 09 4c 69 62 72 65 73 77 61 Aug 26 13:21:37.476502: | 6e 31 18 30 16 06 03 55 04 0b 0c 0f 54 65 73 74 Aug 26 13:21:37.476503: | 20 44 65 70 61 72 74 6d 65 6e 74 31 25 30 23 06 Aug 26 13:21:37.476506: | 03 55 04 03 0c 1c 4c 69 62 72 65 73 77 61 6e 20 Aug 26 13:21:37.476508: | 74 65 73 74 20 43 41 20 66 6f 72 20 6d 61 69 6e Aug 26 13:21:37.476509: | 63 61 31 24 30 22 06 09 2a 86 48 86 f7 0d 01 09 Aug 26 13:21:37.476511: | 01 16 15 74 65 73 74 69 6e 67 40 6c 69 62 72 65 Aug 26 13:21:37.476512: | 73 77 61 6e 2e 6f 72 67 14 00 00 24 7d 1f f8 05 Aug 26 13:21:37.476514: | 8e cd 98 1a ee ba d7 61 74 76 d9 06 3c 55 1e b4 Aug 26 13:21:37.476515: | 00 77 f8 6f 4d ca 09 e3 d8 9a 01 8c 00 00 00 24 Aug 26 13:21:37.476516: | ed 32 8a af f0 63 ea 88 01 05 5b 36 83 42 ef 6f Aug 26 13:21:37.476518: | 7d 4f 64 aa 83 82 09 43 53 88 23 dd 04 b7 7d cf Aug 26 13:21:37.476535: | !event_already_set at reschedule Aug 26 13:21:37.476539: | event_schedule: new EVENT_RETRANSMIT-pe@0x555fbaf23f88 Aug 26 13:21:37.476542: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #1 Aug 26 13:21:37.476544: | libevent_malloc: new ptr-libevent@0x555fbaf28928 size 128 Aug 26 13:21:37.476547: | #1 STATE_MAIN_R2: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 10983.219005 Aug 26 13:21:37.476549: "northnet-eastnets/0x2" #1: STATE_MAIN_R2: sent MR2, expecting MI3 Aug 26 13:21:37.476551: | modecfg pull: noquirk policy:push not-client Aug 26 13:21:37.476552: | phase 1 is done, looking for phase 2 to unpend Aug 26 13:21:37.476555: | resume sending helper answer for #1 suppresed complete_v1_state_transition() Aug 26 13:21:37.476559: | #1 spent 0.407 milliseconds in resume sending helper answer Aug 26 13:21:37.476562: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:833) Aug 26 13:21:37.476564: | libevent_free: release ptr-libevent@0x7f4ecc002888 Aug 26 13:21:37.477123: | crypto helper 2 finished compute dh+iv (V1 Phase 1) (main_inI2_outR2_tail); request ID 2 time elapsed 0.000667 seconds Aug 26 13:21:37.477130: | (#1) spent 0.67 milliseconds in crypto helper computing work-order 2: main_inI2_outR2_tail (pcr) Aug 26 13:21:37.477132: | crypto helper 2 sending results from work-order 2 for state #1 to event queue Aug 26 13:21:37.477134: | scheduling resume sending helper answer for #1 Aug 26 13:21:37.477137: | libevent_malloc: new ptr-libevent@0x7f4ec4000f48 size 128 Aug 26 13:21:37.477141: | crypto helper 2 waiting (nothing to do) Aug 26 13:21:37.477176: | processing resume sending helper answer for #1 Aug 26 13:21:37.477186: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:797) Aug 26 13:21:37.477189: | crypto helper 2 replies to request ID 2 Aug 26 13:21:37.477191: | calling continuation function 0x555fba81bb50 Aug 26 13:21:37.477193: | main_inI2_outR2_calcdone for #1: calculate DH finished Aug 26 13:21:37.477196: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in main_inI2_outR2_continue2() at ikev1_main.c:1015) Aug 26 13:21:37.477199: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in main_inI2_outR2_continue2() at ikev1_main.c:1028) Aug 26 13:21:37.477202: | resume sending helper answer for #1 suppresed complete_v1_state_transition() Aug 26 13:21:37.477205: | #1 spent 0.0156 milliseconds in resume sending helper answer Aug 26 13:21:37.477207: | processing: STOP state #0 (in resume_handler() at server.c:833) Aug 26 13:21:37.477209: | libevent_free: release ptr-libevent@0x7f4ec4000f48 Aug 26 13:21:37.483815: | spent 0.00211 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:21:37.483831: | *received 2028 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) Aug 26 13:21:37.483834: | ff 46 30 fd 82 4a 54 6b d9 29 c1 51 cb 06 e4 0b Aug 26 13:21:37.483836: | 05 10 02 01 00 00 00 00 00 00 07 ec 09 48 5a 81 Aug 26 13:21:37.483837: | 65 97 c9 aa 8f 87 10 ee f6 70 ac d3 6c b9 92 21 Aug 26 13:21:37.483839: | 63 6d 14 6c f3 da 5b d8 81 a4 76 ce 24 d7 54 dd Aug 26 13:21:37.483840: | ca e0 9c a5 69 a9 c1 3b 37 b8 5e c3 3c fb a5 08 Aug 26 13:21:37.483844: | 5a 9f 00 81 ab 9b 9f 15 6d d8 e8 23 bf 4b 78 24 Aug 26 13:21:37.483845: | 03 2c 6d d0 f9 e2 66 9a 65 b8 e3 9b 1f 81 3d 49 Aug 26 13:21:37.483847: | 0b b9 1e 61 62 20 f1 65 81 a0 4c e3 55 73 7c 15 Aug 26 13:21:37.483848: | 26 e6 9a 88 4d 08 1e c1 54 16 d1 39 3a 9c e3 67 Aug 26 13:21:37.483850: | 48 46 ca 60 c3 ba 28 a7 8a 17 68 df 27 10 44 f1 Aug 26 13:21:37.483851: | c0 36 a4 d4 c3 77 d8 3a b1 9c 64 59 78 b8 24 2d Aug 26 13:21:37.483853: | 2d 8b b3 8c d0 49 95 32 a0 b6 f3 65 9c 5d 9a 2a Aug 26 13:21:37.483854: | ac 3b 37 94 d1 88 67 5c ae f6 92 5f 44 db 37 e3 Aug 26 13:21:37.483856: | 7d da 4e a8 62 2b 08 11 9e d9 f7 42 0f 3f fa 49 Aug 26 13:21:37.483857: | 57 d3 f6 8e 09 d4 80 44 b7 48 8d 25 79 4d 01 42 Aug 26 13:21:37.483859: | a1 db cf 91 67 c8 08 6a 00 e4 c9 22 01 cd 97 39 Aug 26 13:21:37.483860: | 5e e0 98 ad 3c 67 c0 fc 65 55 9b 9c f2 49 42 f3 Aug 26 13:21:37.483862: | 4d a9 9a 91 88 9b 6a ff 4e 95 f8 59 15 1d 42 87 Aug 26 13:21:37.483863: | e3 1e 22 12 e8 bd e3 ca 6c b2 69 20 35 d7 0c 1f Aug 26 13:21:37.483865: | b3 e5 88 b5 6a a6 c1 6d 83 80 bf b5 90 fb 07 ac Aug 26 13:21:37.483866: | 81 d5 a3 9e c0 db 61 98 bd 77 1e 75 52 73 47 fb Aug 26 13:21:37.483868: | 85 10 2f 15 7b 9b 01 73 a5 d1 f1 e4 d7 e6 35 a9 Aug 26 13:21:37.483869: | be 76 a3 d5 5c 85 18 20 f3 8c bc f4 6f 94 22 71 Aug 26 13:21:37.483871: | df aa 78 c9 70 77 a0 d2 2e 9f 39 cf bd e3 27 56 Aug 26 13:21:37.483872: | b4 3f ba 60 67 2e bd 62 9a 63 31 65 26 76 05 7e Aug 26 13:21:37.483874: | 9f 26 76 33 4e fd 7e 28 21 c9 d8 4f 33 76 7c 2b Aug 26 13:21:37.483875: | 06 28 c7 d3 36 ce fc 0e 40 0d 4e 92 03 f5 1b d5 Aug 26 13:21:37.483877: | b0 75 f0 4c 1a 8e 66 0c 23 23 b7 54 75 3f cb 9f Aug 26 13:21:37.483878: | 66 ca 22 e9 bc 7f ca 92 e9 51 b3 40 d4 56 43 5c Aug 26 13:21:37.483880: | 9e 79 59 89 15 13 55 38 f7 c4 3e 21 af cc cd ee Aug 26 13:21:37.483881: | 91 17 00 6e 1c 31 07 25 fc 25 09 da 9a 07 40 80 Aug 26 13:21:37.483882: | 84 a1 b2 18 d9 2c 60 a5 4e 1a fe b0 3d 92 a2 97 Aug 26 13:21:37.483884: | da ad 20 7c c2 a0 0d ca d0 a0 57 b7 7e 51 ed 60 Aug 26 13:21:37.483885: | 72 73 14 a6 20 48 35 ce 8c 66 27 2e 17 d4 0d 57 Aug 26 13:21:37.483887: | 2f 1f d0 b9 e8 be a3 54 bc 99 9b 9d 2b 2c a8 0b Aug 26 13:21:37.483888: | 9c ec 8f 0d d5 33 52 07 dc 3f 43 96 79 20 ea 72 Aug 26 13:21:37.483890: | dd 1e 63 0e d2 f1 a6 de fe 9a e2 17 14 a6 81 cc Aug 26 13:21:37.483891: | 47 6c f5 68 d4 6c 31 71 89 ce 4a b4 eb b8 fa df Aug 26 13:21:37.483893: | 22 5f 8a 29 d8 13 c2 4c 8a eb 9f d7 45 1e ab 21 Aug 26 13:21:37.483894: | 27 8a 24 aa 98 32 33 30 8f 33 7f 48 06 fa d5 93 Aug 26 13:21:37.483896: | 67 f1 fb 10 73 ec 98 68 05 42 c0 67 aa fa 49 56 Aug 26 13:21:37.483897: | 2b 48 7c 5d d8 8a fe 5d 7d b3 45 29 74 58 69 b7 Aug 26 13:21:37.483899: | 02 44 42 af 4d e0 a4 52 0d 32 b5 b0 33 56 35 4b Aug 26 13:21:37.483900: | 6c 22 28 f3 2a 51 be 7f 2f 20 1f a1 4f 23 41 37 Aug 26 13:21:37.483902: | 38 b7 6c 28 00 97 f2 2e bc 54 40 9f 2d 9b 0c 16 Aug 26 13:21:37.483903: | 0a 49 f3 92 15 3e e5 b7 80 78 f5 c7 d1 9c fa 52 Aug 26 13:21:37.483905: | 56 a6 f2 c7 e2 32 ec e5 71 0d 4a a7 58 98 c0 3a Aug 26 13:21:37.483906: | 7e 06 f5 15 8d b4 c8 6c ac d2 30 39 e8 13 a3 0a Aug 26 13:21:37.483908: | 9b 8e 6f 41 c7 bf 91 cf d4 2c a1 d3 22 ae 49 a4 Aug 26 13:21:37.483909: | 48 cf d5 0c df d0 2f 09 f6 6c ab 40 a9 fe bc 21 Aug 26 13:21:37.483911: | a7 7a 6a 90 32 90 e4 88 7b b5 c7 77 e2 fa cc 33 Aug 26 13:21:37.483912: | 56 9b 3a aa b3 e7 64 da 74 af af 4f ea a0 c7 c0 Aug 26 13:21:37.483914: | 5a 4a b5 4e f4 64 25 20 05 b1 9f 62 72 ae 34 a9 Aug 26 13:21:37.483915: | 08 60 6b 95 60 9e 82 54 57 23 d6 c8 12 65 6e f2 Aug 26 13:21:37.483917: | 4f 99 83 e2 f5 69 a8 b0 2c e3 3e 82 b9 26 f0 47 Aug 26 13:21:37.483918: | 48 0b f1 5c 42 b5 63 fd d7 f7 90 1b 0b 0e 3c 09 Aug 26 13:21:37.483920: | fe 6c 09 eb 6c 53 28 c6 88 44 03 75 ee 0a de fb Aug 26 13:21:37.483922: | a1 55 56 24 90 40 e8 3a 80 ca 25 ca a3 0e 1b a8 Aug 26 13:21:37.483923: | cb 2a f5 92 ce dd 6c b9 d0 97 12 25 c8 40 bb 4e Aug 26 13:21:37.483925: | 31 17 90 c4 a6 62 cd 18 79 e2 14 29 11 6d cd 8b Aug 26 13:21:37.483926: | 63 ad d1 ea fe ca 72 46 0d 8f bd b8 d2 26 72 a1 Aug 26 13:21:37.483928: | 28 24 ef cc 36 d5 3c 0a 77 1a a0 1a 44 8c 4a 06 Aug 26 13:21:37.483929: | dd 35 77 4a 32 2f 84 7d 03 73 d6 de 18 53 fc d2 Aug 26 13:21:37.483931: | 19 fc e9 4e 72 e8 73 43 9b 4c dd 19 8d 0f 03 c2 Aug 26 13:21:37.483932: | 5d 14 ec b1 10 0c 23 e5 72 3b 71 9f 6e 9b 09 eb Aug 26 13:21:37.483934: | 44 01 6e 3b 9a b1 b1 29 38 cb 1b e3 fe e6 1e 53 Aug 26 13:21:37.483935: | dd 96 29 e1 12 e0 6a aa 5e d0 39 b3 f0 b7 46 6a Aug 26 13:21:37.483937: | 03 8a 3d 60 10 f8 d8 35 20 3d 26 ac 06 26 41 44 Aug 26 13:21:37.483938: | 98 db 31 bc ae c8 58 8f ef 79 ff 82 90 15 94 4e Aug 26 13:21:37.483940: | 46 e8 8c 0d 73 b9 59 ca c2 8f 96 b1 a8 99 0f b7 Aug 26 13:21:37.483941: | d8 75 de 59 ff 6a a4 04 23 96 ae 23 3d 59 31 5a Aug 26 13:21:37.483943: | 70 53 55 85 1d 61 f4 d7 35 2b a7 02 f0 ca 84 a5 Aug 26 13:21:37.483944: | 7a 34 a9 1d 7f 76 43 ae 2d be d0 cd 1c 82 98 26 Aug 26 13:21:37.483946: | 40 a7 6a 4b 56 45 45 8e ab 8d 1c 89 1d 00 28 28 Aug 26 13:21:37.483947: | 45 e5 84 a0 9b 9b be 00 dc 2f 50 62 77 8a de 65 Aug 26 13:21:37.483949: | ed 3f e3 2c 16 7b 70 d7 d9 ee af fc 9a 47 b7 b6 Aug 26 13:21:37.483950: | b5 3b 07 68 9f db b4 15 09 26 72 1f 75 47 06 10 Aug 26 13:21:37.483952: | b5 17 b8 43 e2 f7 19 78 ca 59 cb 59 78 ef 50 20 Aug 26 13:21:37.483953: | 47 ef 3f 99 5a a5 64 48 21 b4 42 c1 cf 02 cd 3b Aug 26 13:21:37.483955: | 17 e2 6d fc fe d3 b6 63 a2 31 ca 08 ea 8c 85 47 Aug 26 13:21:37.483956: | e9 12 73 99 50 e9 7d de c2 16 d2 95 2e 8b 62 6f Aug 26 13:21:37.483958: | ca 81 98 20 f2 6d 40 d4 0c 9d 0f 2b de 08 7c 68 Aug 26 13:21:37.483959: | 43 f3 11 8c bc d4 74 6f a0 e8 35 bc 02 ff 16 e3 Aug 26 13:21:37.483961: | 37 d0 43 cf f7 14 ac c8 bd c7 54 cc 72 90 09 52 Aug 26 13:21:37.483962: | d0 0d c1 43 e1 e7 e4 9d 65 43 b9 16 50 93 b9 49 Aug 26 13:21:37.483964: | e2 c4 8f 7d 11 c3 dd e9 e1 d5 b4 6a 73 0b b8 c5 Aug 26 13:21:37.483965: | b5 69 c4 48 76 88 29 4f dd bc 2c 0e d9 60 a7 67 Aug 26 13:21:37.483966: | e7 ec a7 50 57 ed 45 8a 8f 26 37 e4 32 c1 39 85 Aug 26 13:21:37.483968: | 4b 23 f1 34 b4 3c 50 79 8a 0b 28 53 5e 08 d4 7b Aug 26 13:21:37.483969: | 4e 43 e7 49 a7 6f dc e6 57 8a 4e 13 5d b3 43 11 Aug 26 13:21:37.483971: | 79 1a 9c d6 e1 90 c0 5d 2f 64 43 cc 14 40 49 4c Aug 26 13:21:37.483972: | ea 6a 59 60 04 b8 80 d0 14 99 04 e2 a3 01 06 c7 Aug 26 13:21:37.483974: | 55 c2 ef f5 2b 9f cd 51 d7 a8 57 23 78 65 77 0d Aug 26 13:21:37.483975: | d6 00 42 5d 1e ee a4 f2 aa b2 0b 14 6c 34 1d d8 Aug 26 13:21:37.483977: | 99 32 64 df 0e 72 12 f8 fb 56 78 b7 2f b0 a8 ae Aug 26 13:21:37.483978: | e9 37 54 29 b6 3d d1 36 46 a8 db cd d0 71 a2 37 Aug 26 13:21:37.483980: | 1d b9 42 f9 d2 29 db b9 08 4c a9 59 ea a5 50 00 Aug 26 13:21:37.483981: | 10 65 04 df d3 73 b7 7e 55 d5 ec 77 55 7e ef 3c Aug 26 13:21:37.483983: | b7 8f 2c 56 17 4d a1 2b 75 ac 40 0f ca 2b d6 e1 Aug 26 13:21:37.483984: | dd 64 cd f5 3b 50 81 d3 c5 00 fb 7c 7e 3c ae 56 Aug 26 13:21:37.483986: | e0 39 2b 4e 16 e6 13 fc 70 16 b8 4d 26 be ec 9c Aug 26 13:21:37.483987: | 91 07 80 12 84 9b 0c 51 ca 56 ef bf a4 b0 b9 ff Aug 26 13:21:37.483989: | 8f 74 a5 62 c2 a0 33 3b 71 55 b6 47 ed f5 2a d1 Aug 26 13:21:37.483990: | 6e 98 96 79 b3 6f 1a 04 cf 22 82 1e 7e cc 3e 5b Aug 26 13:21:37.483992: | c7 5b af e6 8f 6d 3c de 32 bc 0e 65 5b fc 6a 7e Aug 26 13:21:37.483993: | 0f 39 b1 05 55 39 b0 e4 92 9c 63 06 46 c5 5e 99 Aug 26 13:21:37.483995: | a7 93 da 52 37 4c 59 7a 9a 30 aa 73 17 de 0b 72 Aug 26 13:21:37.483996: | bb b6 10 f8 a4 f2 86 2c b4 94 2c 19 bd 1e d3 4d Aug 26 13:21:37.483998: | 22 f7 c6 c5 a5 ef 1f 5e 3a 91 e5 ef b9 0c 56 14 Aug 26 13:21:37.484000: | 28 ef ca 5d 66 20 d8 6f 8b 8f 66 33 5e 0d 88 da Aug 26 13:21:37.484001: | 20 fb e4 57 c1 36 0a 7f 84 7b 5a 2b d8 41 24 af Aug 26 13:21:37.484003: | 61 a6 4a 4f 51 52 ef 7c 2a 3b d1 54 e0 41 a7 23 Aug 26 13:21:37.484004: | 97 70 f4 3b 1b 45 81 0a 8f 43 b8 5b 93 f4 4c 28 Aug 26 13:21:37.484006: | f6 b7 e9 95 2c 0c e0 0f 98 8a bb dd d5 ab 60 cd Aug 26 13:21:37.484007: | aa 99 0e 38 2a 47 2a 40 74 8d 4d 3c d7 18 eb 07 Aug 26 13:21:37.484009: | 75 ee 0b 60 66 ce c7 7e e8 36 b1 ef 82 ea 47 06 Aug 26 13:21:37.484010: | 2d a8 99 2e 40 c5 26 ad 02 5c 2d 41 6f b6 ac a8 Aug 26 13:21:37.484012: | 9e 47 d8 a9 80 4f 79 c8 c2 7e 39 ba c8 cb ac 2e Aug 26 13:21:37.484013: | fc 04 bb dc 2c 94 5e 81 e9 a8 e7 c4 a4 72 aa 57 Aug 26 13:21:37.484015: | 21 ae 60 ad 0b 75 a8 f9 20 17 66 a3 74 c2 68 55 Aug 26 13:21:37.484016: | 77 1a ff 39 c3 fc 13 65 60 84 30 a5 c5 4c 6c c0 Aug 26 13:21:37.484018: | 62 94 6e 80 20 3e eb a0 b7 e9 f5 f8 18 aa 4c 09 Aug 26 13:21:37.484019: | 4c fd 26 1e 79 76 13 3e 80 7b 28 bc 56 6e 03 cd Aug 26 13:21:37.484021: | 2c b8 bd a8 cc 8b f9 01 0a 61 6f 44 9b 95 ef 27 Aug 26 13:21:37.484022: | 7e 41 06 47 03 3a f7 71 88 46 5a e0 9e b0 57 df Aug 26 13:21:37.484024: | 10 f3 e4 8d cd ca 42 ea 73 09 94 f5 0d 4d e1 88 Aug 26 13:21:37.484025: | 34 99 5a ec 29 c0 3b 15 34 7a 38 4b Aug 26 13:21:37.484028: | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) Aug 26 13:21:37.484030: | **parse ISAKMP Message: Aug 26 13:21:37.484032: | initiator cookie: Aug 26 13:21:37.484034: | ff 46 30 fd 82 4a 54 6b Aug 26 13:21:37.484035: | responder cookie: Aug 26 13:21:37.484037: | d9 29 c1 51 cb 06 e4 0b Aug 26 13:21:37.484038: | next payload type: ISAKMP_NEXT_ID (0x5) Aug 26 13:21:37.484040: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 13:21:37.484042: | exchange type: ISAKMP_XCHG_IDPROT (0x2) Aug 26 13:21:37.484044: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 13:21:37.484045: | Message ID: 0 (0x0) Aug 26 13:21:37.484047: | length: 2028 (0x7ec) Aug 26 13:21:37.484049: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) Aug 26 13:21:37.484051: | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) Aug 26 13:21:37.484055: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in process_v1_packet() at ikev1.c:1459) Aug 26 13:21:37.484056: | #1 is idle Aug 26 13:21:37.484058: | #1 idle Aug 26 13:21:37.484060: | received encrypted packet from 192.1.3.33:500 Aug 26 13:21:37.484070: | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x220 opt: 0x20c0 Aug 26 13:21:37.484072: | ***parse ISAKMP Identification Payload: Aug 26 13:21:37.484074: | next payload type: ISAKMP_NEXT_CERT (0x6) Aug 26 13:21:37.484076: | length: 193 (0xc1) Aug 26 13:21:37.484077: | ID type: ID_DER_ASN1_DN (0x9) Aug 26 13:21:37.484079: | DOI specific A: 0 (0x0) Aug 26 13:21:37.484080: | DOI specific B: 0 (0x0) Aug 26 13:21:37.484082: | obj: 30 81 b6 31 0b 30 09 06 03 55 04 06 13 02 43 41 Aug 26 13:21:37.484084: | obj: 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 Aug 26 13:21:37.484085: | obj: 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 Aug 26 13:21:37.484087: | obj: 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c Aug 26 13:21:37.484088: | obj: 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 Aug 26 13:21:37.484090: | obj: 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 Aug 26 13:21:37.484091: | obj: 6e 74 31 24 30 22 06 03 55 04 03 0c 1b 6e 6f 72 Aug 26 13:21:37.484093: | obj: 74 68 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 Aug 26 13:21:37.484094: | obj: 73 77 61 6e 2e 6f 72 67 31 2f 30 2d 06 09 2a 86 Aug 26 13:21:37.484096: | obj: 48 86 f7 0d 01 09 01 16 20 75 73 65 72 2d 6e 6f Aug 26 13:21:37.484097: | obj: 72 74 68 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 Aug 26 13:21:37.484100: | obj: 65 73 77 61 6e 2e 6f 72 67 Aug 26 13:21:37.484101: | got payload 0x40 (ISAKMP_NEXT_CERT) needed: 0x200 opt: 0x20c0 Aug 26 13:21:37.484103: | ***parse ISAKMP Certificate Payload: Aug 26 13:21:37.484105: | next payload type: ISAKMP_NEXT_CR (0x7) Aug 26 13:21:37.484106: | length: 1232 (0x4d0) Aug 26 13:21:37.484108: | cert encoding: CERT_X509_SIGNATURE (0x4) Aug 26 13:21:37.484110: | got payload 0x80 (ISAKMP_NEXT_CR) needed: 0x200 opt: 0x20c0 Aug 26 13:21:37.484111: | ***parse ISAKMP Certificate RequestPayload: Aug 26 13:21:37.484113: | next payload type: ISAKMP_NEXT_SIG (0x9) Aug 26 13:21:37.484114: | length: 180 (0xb4) Aug 26 13:21:37.484116: | cert type: CERT_X509_SIGNATURE (0x4) Aug 26 13:21:37.484117: | got payload 0x200 (ISAKMP_NEXT_SIG) needed: 0x200 opt: 0x20c0 Aug 26 13:21:37.484119: | ***parse ISAKMP Signature Payload: Aug 26 13:21:37.484121: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:21:37.484122: | length: 388 (0x184) Aug 26 13:21:37.484124: | removing 7 bytes of padding Aug 26 13:21:37.484125: | message 'main_inI3_outR3' HASH payload not checked early Aug 26 13:21:37.484128: | DER ASN1 DN: 30 81 b6 31 0b 30 09 06 03 55 04 06 13 02 43 41 Aug 26 13:21:37.484130: | DER ASN1 DN: 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 Aug 26 13:21:37.484131: | DER ASN1 DN: 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 Aug 26 13:21:37.484133: | DER ASN1 DN: 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c Aug 26 13:21:37.484134: | DER ASN1 DN: 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 Aug 26 13:21:37.484136: | DER ASN1 DN: 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 Aug 26 13:21:37.484137: | DER ASN1 DN: 6e 74 31 24 30 22 06 03 55 04 03 0c 1b 6e 6f 72 Aug 26 13:21:37.484139: | DER ASN1 DN: 74 68 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 Aug 26 13:21:37.484140: | DER ASN1 DN: 73 77 61 6e 2e 6f 72 67 31 2f 30 2d 06 09 2a 86 Aug 26 13:21:37.484142: | DER ASN1 DN: 48 86 f7 0d 01 09 01 16 20 75 73 65 72 2d 6e 6f Aug 26 13:21:37.484143: | DER ASN1 DN: 72 74 68 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 Aug 26 13:21:37.484145: | DER ASN1 DN: 65 73 77 61 6e 2e 6f 72 67 Aug 26 13:21:37.484150: "northnet-eastnets/0x2" #1: Peer ID is ID_DER_ASN1_DN: 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' Aug 26 13:21:37.484154: | global one-shot timer EVENT_FREE_ROOT_CERTS scheduled in 300 seconds Aug 26 13:21:37.484156: loading root certificate cache Aug 26 13:21:37.486488: | spent 2.31 milliseconds in get_root_certs() calling PK11_ListCertsInSlot() Aug 26 13:21:37.486509: | spent 0.0129 milliseconds in get_root_certs() filtering CAs Aug 26 13:21:37.486514: | #1 spent 2.34 milliseconds in find_and_verify_certs() calling get_root_certs() Aug 26 13:21:37.486516: | checking for known CERT payloads Aug 26 13:21:37.486518: | saving certificate of type 'X509_SIGNATURE' Aug 26 13:21:37.486543: | decoded cert: E=user-north@testing.libreswan.org,CN=north.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA Aug 26 13:21:37.486548: | #1 spent 0.0309 milliseconds in find_and_verify_certs() calling decode_cert_payloads() Aug 26 13:21:37.486551: | cert_issuer_has_current_crl: looking for a CRL issued by E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA Aug 26 13:21:37.486581: | #1 spent 0.0292 milliseconds in find_and_verify_certs() calling crl_update_check() Aug 26 13:21:37.486585: | missing or expired CRL Aug 26 13:21:37.486587: | crl_strict: 0, ocsp: 0, ocsp_strict: 0, ocsp_post: 0 Aug 26 13:21:37.486589: | verify_end_cert trying profile IPsec Aug 26 13:21:37.486661: | certificate is valid (profile IPsec) Aug 26 13:21:37.486666: | #1 spent 0.0787 milliseconds in find_and_verify_certs() calling verify_end_cert() Aug 26 13:21:37.486670: "northnet-eastnets/0x2" #1: certificate verified OK: E=user-north@testing.libreswan.org,CN=north.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA Aug 26 13:21:37.486717: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x555fbaf3d188 Aug 26 13:21:37.486721: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x555fbaf3cfd8 Aug 26 13:21:37.486723: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x555fbaf3ce28 Aug 26 13:21:37.486811: | unreference key: 0x555fbaf3d488 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org cnt 1-- Aug 26 13:21:37.486817: | #1 spent 0.142 milliseconds in decode_certs() calling add_pubkey_from_nss_cert() Aug 26 13:21:37.486820: | #1 spent 2.65 milliseconds in decode_certs() Aug 26 13:21:37.486827: | ID_DER_ASN1_DN 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' needs further ID comparison against 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' Aug 26 13:21:37.486829: | ID_DER_ASN1_DN 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' matched our ID Aug 26 13:21:37.486831: | SAN ID matched, updating that.cert Aug 26 13:21:37.486833: | X509: CERT and ID matches current connection Aug 26 13:21:37.486835: | CR 30 81 ac 31 0b 30 09 06 03 55 04 06 13 02 43 41 Aug 26 13:21:37.486836: | CR 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 Aug 26 13:21:37.486838: | CR 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 Aug 26 13:21:37.486839: | CR 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c Aug 26 13:21:37.486841: | CR 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 Aug 26 13:21:37.486842: | CR 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 Aug 26 13:21:37.486844: | CR 6e 74 31 25 30 23 06 03 55 04 03 0c 1c 4c 69 62 Aug 26 13:21:37.486845: | CR 72 65 73 77 61 6e 20 74 65 73 74 20 43 41 20 66 Aug 26 13:21:37.486847: | CR 6f 72 20 6d 61 69 6e 63 61 31 24 30 22 06 09 2a Aug 26 13:21:37.486848: | CR 86 48 86 f7 0d 01 09 01 16 15 74 65 73 74 69 6e Aug 26 13:21:37.486849: | CR 67 40 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 Aug 26 13:21:37.486853: | requested CA: 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:21:37.486856: | refine_host_connection for IKEv1: starting with "northnet-eastnets/0x2" Aug 26 13:21:37.486860: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:21:37.486863: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:21:37.486867: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:21:37.486870: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:21:37.486872: | refine_host_connection: happy with starting point: "northnet-eastnets/0x2" Aug 26 13:21:37.486873: | The remote did not specify an IDr and our current connection is good enough Aug 26 13:21:37.486877: | offered CA: 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:21:37.486900: | required RSA CA is 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:21:37.486906: | checking RSA keyid 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' for match with 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' Aug 26 13:21:37.486912: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:21:37.486915: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:21:37.486919: | key issuer CA is 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:21:37.487021: | an RSA Sig check passed with *AwEAAcBZv [remote certificates] Aug 26 13:21:37.487026: | #1 spent 0.103 milliseconds in try_all_RSA_keys() trying a pubkey Aug 26 13:21:37.487028: "northnet-eastnets/0x2" #1: Authenticated using RSA Aug 26 13:21:37.487029: | thinking about whether to send my certificate: Aug 26 13:21:37.487031: | I have RSA key: OAKLEY_RSA_SIG cert.type: CERT_X509_SIGNATURE Aug 26 13:21:37.487033: | sendcert: CERT_ALWAYSSEND and I did not get a certificate request Aug 26 13:21:37.487035: | so send cert. Aug 26 13:21:37.487038: | **emit ISAKMP Message: Aug 26 13:21:37.487039: | initiator cookie: Aug 26 13:21:37.487041: | ff 46 30 fd 82 4a 54 6b Aug 26 13:21:37.487043: | responder cookie: Aug 26 13:21:37.487044: | d9 29 c1 51 cb 06 e4 0b Aug 26 13:21:37.487046: | next payload type: ISAKMP_NEXT_ID (0x5) Aug 26 13:21:37.487048: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 13:21:37.487049: | exchange type: ISAKMP_XCHG_IDPROT (0x2) Aug 26 13:21:37.487051: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 13:21:37.487053: | Message ID: 0 (0x0) Aug 26 13:21:37.487055: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:21:37.487057: | next payload chain: ignoring supplied 'ISAKMP Message'.'next payload type' value 5:ISAKMP_NEXT_ID Aug 26 13:21:37.487059: | ***emit ISAKMP Identification Payload (IPsec DOI): Aug 26 13:21:37.487060: | next payload type: ISAKMP_NEXT_CERT (0x6) Aug 26 13:21:37.487062: | ID type: ID_DER_ASN1_DN (0x9) Aug 26 13:21:37.487064: | Protocol ID: 0 (0x0) Aug 26 13:21:37.487065: | port: 0 (0x0) Aug 26 13:21:37.487067: | next payload chain: ignoring supplied 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' value 6:ISAKMP_NEXT_CERT Aug 26 13:21:37.487069: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) Aug 26 13:21:37.487071: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' Aug 26 13:21:37.487073: | emitting 183 raw bytes of my identity into ISAKMP Identification Payload (IPsec DOI) Aug 26 13:21:37.487075: | my identity 30 81 b4 31 0b 30 09 06 03 55 04 06 13 02 43 41 Aug 26 13:21:37.487077: | my identity 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 Aug 26 13:21:37.487078: | my identity 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 Aug 26 13:21:37.487080: | my identity 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c Aug 26 13:21:37.487081: | my identity 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 Aug 26 13:21:37.487083: | my identity 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 Aug 26 13:21:37.487084: | my identity 6e 74 31 23 30 21 06 03 55 04 03 0c 1a 65 61 73 Aug 26 13:21:37.487086: | my identity 74 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 Aug 26 13:21:37.487087: | my identity 77 61 6e 2e 6f 72 67 31 2e 30 2c 06 09 2a 86 48 Aug 26 13:21:37.487089: | my identity 86 f7 0d 01 09 01 16 1f 75 73 65 72 2d 65 61 73 Aug 26 13:21:37.487090: | my identity 74 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 Aug 26 13:21:37.487092: | my identity 77 61 6e 2e 6f 72 67 Aug 26 13:21:37.487093: | emitting length of ISAKMP Identification Payload (IPsec DOI): 191 Aug 26 13:21:37.487095: "northnet-eastnets/0x2" #1: I am sending my cert Aug 26 13:21:37.487097: | ***emit ISAKMP Certificate Payload: Aug 26 13:21:37.487099: | next payload type: ISAKMP_NEXT_SIG (0x9) Aug 26 13:21:37.487103: | cert encoding: CERT_X509_SIGNATURE (0x4) Aug 26 13:21:37.487105: | next payload chain: ignoring supplied 'ISAKMP Certificate Payload'.'next payload type' value 9:ISAKMP_NEXT_SIG Aug 26 13:21:37.487107: | next payload chain: setting previous 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' to current ISAKMP Certificate Payload (6:ISAKMP_NEXT_CERT) Aug 26 13:21:37.487108: | next payload chain: saving location 'ISAKMP Certificate Payload'.'next payload type' in 'reply packet' Aug 26 13:21:37.487110: | emitting 1260 raw bytes of CERT into ISAKMP Certificate Payload Aug 26 13:21:37.487112: | CERT 30 82 04 e8 30 82 04 51 a0 03 02 01 02 02 01 03 Aug 26 13:21:37.487113: | CERT 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 Aug 26 13:21:37.487115: | CERT 81 ac 31 0b 30 09 06 03 55 04 06 13 02 43 41 31 Aug 26 13:21:37.487116: | CERT 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 69 Aug 26 13:21:37.487118: | CERT 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 6f Aug 26 13:21:37.487119: | CERT 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c 69 Aug 26 13:21:37.487121: | CERT 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 0b Aug 26 13:21:37.487122: | CERT 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 6e Aug 26 13:21:37.487124: | CERT 74 31 25 30 23 06 03 55 04 03 0c 1c 4c 69 62 72 Aug 26 13:21:37.487125: | CERT 65 73 77 61 6e 20 74 65 73 74 20 43 41 20 66 6f Aug 26 13:21:37.487127: | CERT 72 20 6d 61 69 6e 63 61 31 24 30 22 06 09 2a 86 Aug 26 13:21:37.487128: | CERT 48 86 f7 0d 01 09 01 16 15 74 65 73 74 69 6e 67 Aug 26 13:21:37.487130: | CERT 40 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 30 22 Aug 26 13:21:37.487131: | CERT 18 0f 32 30 31 39 30 38 32 34 30 39 30 37 35 33 Aug 26 13:21:37.487133: | CERT 5a 18 0f 32 30 32 32 30 38 32 33 30 39 30 37 35 Aug 26 13:21:37.487134: | CERT 33 5a 30 81 b4 31 0b 30 09 06 03 55 04 06 13 02 Aug 26 13:21:37.487136: | CERT 43 41 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 Aug 26 13:21:37.487137: | CERT 61 72 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 Aug 26 13:21:37.487139: | CERT 6f 72 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c Aug 26 13:21:37.487140: | CERT 09 4c 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 Aug 26 13:21:37.487142: | CERT 55 04 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 Aug 26 13:21:37.487143: | CERT 6d 65 6e 74 31 23 30 21 06 03 55 04 03 0c 1a 65 Aug 26 13:21:37.487145: | CERT 61 73 74 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 Aug 26 13:21:37.487146: | CERT 65 73 77 61 6e 2e 6f 72 67 31 2e 30 2c 06 09 2a Aug 26 13:21:37.487148: | CERT 86 48 86 f7 0d 01 09 01 16 1f 75 73 65 72 2d 65 Aug 26 13:21:37.487149: | CERT 61 73 74 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 Aug 26 13:21:37.487151: | CERT 65 73 77 61 6e 2e 6f 72 67 30 82 01 a2 30 0d 06 Aug 26 13:21:37.487152: | CERT 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 8f Aug 26 13:21:37.487154: | CERT 00 30 82 01 8a 02 82 01 81 00 b1 1e 7c b3 bf 11 Aug 26 13:21:37.487155: | CERT 96 94 23 ca 97 5e c7 66 36 55 71 49 95 8d 0c 2a Aug 26 13:21:37.487157: | CERT 5c 30 4d 58 29 a3 7b 4d 3b 3f 03 06 46 a6 04 63 Aug 26 13:21:37.487158: | CERT 71 0d e1 59 4f 9c ec 3a 17 24 8d 91 6a a8 e2 da Aug 26 13:21:37.487160: | CERT 57 41 de f4 ff 65 bf f6 11 34 d3 7d 5a 7f 6e 3a Aug 26 13:21:37.487161: | CERT 3b 74 3c 51 2b e4 bf ce 6b b2 14 47 26 52 f5 57 Aug 26 13:21:37.487163: | CERT 28 bc c5 fb f9 bc 2d 4e b9 f8 46 54 c7 95 41 a7 Aug 26 13:21:37.487164: | CERT a4 b4 d3 b3 fe 55 4b df f5 c3 78 39 8b 4e 04 57 Aug 26 13:21:37.487166: | CERT c0 1d 5b 17 3c 28 eb 40 9d 1d 7c b3 bb 0f f0 63 Aug 26 13:21:37.487167: | CERT c7 c0 84 b0 4e e4 a9 7c c5 4b 08 43 a6 2d 00 22 Aug 26 13:21:37.487168: | CERT fd 98 d4 03 d0 ad 97 85 d1 48 15 d3 e4 e5 2d 46 Aug 26 13:21:37.487170: | CERT 7c ab 41 97 05 27 61 77 3d b6 b1 58 a0 5f e0 8d Aug 26 13:21:37.487171: | CERT 26 84 9b 03 20 ce 5e 27 7f 7d 14 03 b6 9d 6b 9f Aug 26 13:21:37.487173: | CERT fd 0c d4 c7 2d eb be ea 62 87 fa 99 e0 a6 1c 85 Aug 26 13:21:37.487175: | CERT 4f 34 da 93 2e 5f db 03 10 58 a8 c4 99 17 2d b1 Aug 26 13:21:37.487177: | CERT bc e5 7b bd af 0e 28 aa a5 74 ea 69 74 5e fa 2c Aug 26 13:21:37.487178: | CERT c3 00 3c 2f 58 d0 20 cf e3 46 8d de aa f9 f7 30 Aug 26 13:21:37.487180: | CERT 5c 16 05 04 89 4c 92 9b 8a 33 11 70 83 17 58 24 Aug 26 13:21:37.487181: | CERT 2a 4b ab be b6 ec 84 9c 78 9c 11 04 2a 02 ce 27 Aug 26 13:21:37.487183: | CERT 83 a1 1f 2b 38 3f 27 7d 46 94 63 ff 64 59 4e 6c Aug 26 13:21:37.487184: | CERT 87 ca 3e e6 31 df 1e 7d 48 88 02 c7 9d fa 4a d7 Aug 26 13:21:37.487186: | CERT f2 5b a5 fd 7f 1b c6 dc 1a bb a6 c4 f8 32 cd bf Aug 26 13:21:37.487187: | CERT a7 0b 71 8b 2b 31 41 17 25 a4 18 52 7d 32 fc 0f Aug 26 13:21:37.487189: | CERT 5f b8 bb ca e1 94 1a 42 4d 1f 37 16 67 84 ae b4 Aug 26 13:21:37.487190: | CERT 32 42 9c 5a 91 71 62 b4 4b 07 02 03 01 00 01 a3 Aug 26 13:21:37.487192: | CERT 82 01 06 30 82 01 02 30 09 06 03 55 1d 13 04 02 Aug 26 13:21:37.487193: | CERT 30 00 30 47 06 03 55 1d 11 04 40 30 3e 82 1a 65 Aug 26 13:21:37.487195: | CERT 61 73 74 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 Aug 26 13:21:37.487196: | CERT 65 73 77 61 6e 2e 6f 72 67 81 1a 65 61 73 74 40 Aug 26 13:21:37.487198: | CERT 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 Aug 26 13:21:37.487199: | CERT 6e 2e 6f 72 67 87 04 c0 01 02 17 30 0b 06 03 55 Aug 26 13:21:37.487201: | CERT 1d 0f 04 04 03 02 07 80 30 1d 06 03 55 1d 25 04 Aug 26 13:21:37.487202: | CERT 16 30 14 06 08 2b 06 01 05 05 07 03 01 06 08 2b Aug 26 13:21:37.487204: | CERT 06 01 05 05 07 03 02 30 41 06 08 2b 06 01 05 05 Aug 26 13:21:37.487205: | CERT 07 01 01 04 35 30 33 30 31 06 08 2b 06 01 05 05 Aug 26 13:21:37.487207: | CERT 07 30 01 86 25 68 74 74 70 3a 2f 2f 6e 69 63 2e Aug 26 13:21:37.487208: | CERT 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 Aug 26 13:21:37.487210: | CERT 6e 2e 6f 72 67 3a 32 35 36 30 30 3d 06 03 55 1d Aug 26 13:21:37.487211: | CERT 1f 04 36 30 34 30 32 a0 30 a0 2e 86 2c 68 74 74 Aug 26 13:21:37.487213: | CERT 70 3a 2f 2f 6e 69 63 2e 74 65 73 74 69 6e 67 2e Aug 26 13:21:37.487214: | CERT 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 2f 72 65 Aug 26 13:21:37.487216: | CERT 76 6f 6b 65 64 2e 63 72 6c 30 0d 06 09 2a 86 48 Aug 26 13:21:37.487217: | CERT 86 f7 0d 01 01 0b 05 00 03 81 81 00 3a 56 a3 7d Aug 26 13:21:37.487219: | CERT b1 4e 62 2f 82 0d e3 fe 74 40 ef cb eb 93 ea ad Aug 26 13:21:37.487220: | CERT e4 74 8b 80 6f ae 8b 65 87 12 a6 24 0d 21 9c 5f Aug 26 13:21:37.487222: | CERT 70 5c 6f d9 66 8d 98 8b ea 59 f8 96 52 6a 6c 86 Aug 26 13:21:37.487223: | CERT d6 7d ba 37 a9 8c 33 8c 77 18 23 0b 1b 2a 66 47 Aug 26 13:21:37.487225: | CERT e7 95 94 e6 75 84 30 d4 db b8 23 eb 89 82 a9 fd Aug 26 13:21:37.487226: | CERT ed 46 8b ce 46 7f f9 19 8f 49 da 29 2e 1e 97 cd Aug 26 13:21:37.487228: | CERT 12 42 86 c7 57 fc 4f 0a 19 26 8a a1 0d 26 81 4d Aug 26 13:21:37.487229: | CERT 53 f4 5c 92 a1 03 03 8d 6c 51 33 cc Aug 26 13:21:37.487231: | emitting length of ISAKMP Certificate Payload: 1265 Aug 26 13:21:37.487253: | started looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org of kind PKK_RSA Aug 26 13:21:37.487296: | searching for certificate PKK_RSA:AwEAAbEef vs PKK_RSA:AwEAAbEef Aug 26 13:21:37.493406: | ***emit ISAKMP Signature Payload: Aug 26 13:21:37.493418: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:21:37.493421: | next payload chain: setting previous 'ISAKMP Certificate Payload'.'next payload type' to current ISAKMP Signature Payload (9:ISAKMP_NEXT_SIG) Aug 26 13:21:37.493423: | next payload chain: saving location 'ISAKMP Signature Payload'.'next payload type' in 'reply packet' Aug 26 13:21:37.493426: | emitting 384 raw bytes of SIG_R into ISAKMP Signature Payload Aug 26 13:21:37.493431: | SIG_R 96 31 d3 f5 28 f8 91 1e fe d4 8a fa db 79 49 03 Aug 26 13:21:37.493432: | SIG_R 1b 2c 9d 7d 2d b5 e7 1d 66 f6 71 24 29 0e 95 c5 Aug 26 13:21:37.493434: | SIG_R 19 3e 23 e4 b9 1b 03 59 48 de c7 bf 5a a9 1c 68 Aug 26 13:21:37.493435: | SIG_R 5b 03 98 c9 5f 9a ab c0 e6 22 44 08 d7 ce 91 57 Aug 26 13:21:37.493437: | SIG_R d0 fc ca 9d f0 41 10 70 96 12 0c 21 ac 09 d8 ee Aug 26 13:21:37.493438: | SIG_R c5 6c 4a 47 0c 36 fa d2 9f 38 c9 df e3 39 92 3c Aug 26 13:21:37.493440: | SIG_R 82 3a 02 d9 25 b8 23 ee e9 43 ba f1 7b b7 93 93 Aug 26 13:21:37.493441: | SIG_R 7a 9f 0e 7e 4c 9d 6b 0f 1a d5 35 9e 5d 2d 27 07 Aug 26 13:21:37.493443: | SIG_R 07 18 0c 9c ef 7e a4 df 8a 72 50 d4 15 53 46 7b Aug 26 13:21:37.493444: | SIG_R 1d 15 e3 bb 80 b4 47 3b 06 1f 26 26 09 b9 76 4c Aug 26 13:21:37.493446: | SIG_R a4 ae 30 69 09 4f 98 f3 d9 ee f2 fd 52 ef 8b 61 Aug 26 13:21:37.493447: | SIG_R 45 47 78 00 87 d4 ca be 4a fe 7b 25 55 ca e0 44 Aug 26 13:21:37.493449: | SIG_R 5b 4d 8a a0 b9 8b 81 e7 ea df c6 f3 73 85 b1 62 Aug 26 13:21:37.493450: | SIG_R 9c 37 70 1f 13 6d e2 40 9d c8 f5 0a 40 8c aa ed Aug 26 13:21:37.493451: | SIG_R cb 14 7a d1 40 ec d4 04 8d 2f 81 33 09 dd 33 24 Aug 26 13:21:37.493453: | SIG_R c1 7f b1 bc 5d 2f 44 b8 2f 30 ed 80 d0 74 fd f1 Aug 26 13:21:37.493454: | SIG_R bb 67 fb 1b dd 6e 2d 81 ee 1e d6 39 22 fa 0c 80 Aug 26 13:21:37.493456: | SIG_R 58 f4 8e 4a 9d bd f3 5d 51 db a5 17 01 0b 5e bb Aug 26 13:21:37.493457: | SIG_R 2d 6e 57 81 fe 35 6e 00 da 24 94 71 f7 69 5a 05 Aug 26 13:21:37.493459: | SIG_R 8e 3f e9 e3 23 51 a5 2d 56 a3 9e 36 fe c4 c3 94 Aug 26 13:21:37.493460: | SIG_R 02 57 f4 36 f5 e8 f3 67 ef 53 b1 c3 dc 88 1e b8 Aug 26 13:21:37.493462: | SIG_R 47 f6 a3 08 06 7d 1e 08 38 a1 a4 f6 58 b4 d1 84 Aug 26 13:21:37.493463: | SIG_R fe 19 13 3c 47 87 73 79 b1 7d a2 98 c5 52 7f 18 Aug 26 13:21:37.493465: | SIG_R 91 56 4b 31 32 c1 74 4b 50 2b e9 0a 55 db 47 36 Aug 26 13:21:37.493466: | emitting length of ISAKMP Signature Payload: 388 Aug 26 13:21:37.493469: | emitting 12 zero bytes of encryption padding into ISAKMP Message Aug 26 13:21:37.493470: | no IKEv1 message padding required Aug 26 13:21:37.493472: | emitting length of ISAKMP Message: 1884 Aug 26 13:21:37.493486: | FOR_EACH_CONNECTION_... in ISAKMP_SA_established Aug 26 13:21:37.493560: | complete v1 state transition with STF_OK Aug 26 13:21:37.493568: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in complete_v1_state_transition() at ikev1.c:2673) Aug 26 13:21:37.493569: | #1 is idle Aug 26 13:21:37.493571: | doing_xauth:no, t_xauth_client_done:no Aug 26 13:21:37.493573: | IKEv1: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3 Aug 26 13:21:37.493575: | parent state #1: MAIN_R2(open IKE SA) => MAIN_R3(established IKE SA) Aug 26 13:21:37.493577: | event_already_set, deleting event Aug 26 13:21:37.493579: | state #1 requesting EVENT_RETRANSMIT to be deleted Aug 26 13:21:37.493581: | #1 STATE_MAIN_R3: retransmits: cleared Aug 26 13:21:37.493585: | libevent_free: release ptr-libevent@0x555fbaf28928 Aug 26 13:21:37.493587: | free_event_entry: release EVENT_RETRANSMIT-pe@0x555fbaf23f88 Aug 26 13:21:37.493590: | sending reply packet to 192.1.3.33:500 (from 192.1.2.23:500) Aug 26 13:21:37.493596: | sending 1884 bytes for STATE_MAIN_R2 through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) Aug 26 13:21:37.493598: | ff 46 30 fd 82 4a 54 6b d9 29 c1 51 cb 06 e4 0b Aug 26 13:21:37.493600: | 05 10 02 01 00 00 00 00 00 00 07 5c 10 a6 18 c0 Aug 26 13:21:37.493601: | c1 4d f2 1e ae df 64 7f af 09 26 d9 7a 0b 75 9a Aug 26 13:21:37.493603: | 82 a6 d6 c5 f4 bd 78 14 23 4f de 8f 13 35 a8 71 Aug 26 13:21:37.493604: | c5 2d 3e a6 43 a1 da ab 80 d6 98 f0 19 fd ce 93 Aug 26 13:21:37.493605: | a7 2c ff 63 e2 8b e5 ba f4 60 9a 1d 07 ab 87 33 Aug 26 13:21:37.493607: | 75 d3 15 c8 10 76 0c f4 67 60 6d 98 a7 8b be f5 Aug 26 13:21:37.493608: | 4a b5 03 27 d6 b2 d8 49 d8 c5 3e 7f 4e 2b fa 56 Aug 26 13:21:37.493612: | 10 6c b0 d9 17 68 a3 71 0f dc 7b 22 08 6a a6 79 Aug 26 13:21:37.493613: | 40 ba eb 10 d8 fe 61 cc 34 8d f3 13 ed 7c 95 d3 Aug 26 13:21:37.493615: | 60 b7 68 61 38 57 62 11 82 59 92 55 f9 f1 b2 1e Aug 26 13:21:37.493616: | b7 97 94 0b 70 9c 32 f6 94 be b7 3b 91 8c b6 cb Aug 26 13:21:37.493618: | 31 c5 8e eb 94 9c 3f 36 01 91 49 f6 8c 09 03 68 Aug 26 13:21:37.493619: | 41 63 0c 25 a4 7d 62 10 27 52 ab f0 7e be 91 18 Aug 26 13:21:37.493620: | 00 0f 23 42 17 ae da d5 3b 5d e4 91 0e 6d 56 dc Aug 26 13:21:37.493622: | 09 d7 cc 64 70 22 39 c6 ed 90 3f 49 9e 52 3b b6 Aug 26 13:21:37.493623: | e4 81 79 79 96 70 21 6c b5 4e 77 3a 3f d6 d3 e8 Aug 26 13:21:37.493625: | 50 27 13 b6 c1 67 2b 07 34 48 18 55 ca 4e 8c 6e Aug 26 13:21:37.493626: | 14 80 19 04 64 c8 d1 86 71 cd 93 5b d3 27 22 c1 Aug 26 13:21:37.493628: | a4 59 a7 cd d2 9c 35 86 62 40 48 27 52 9b 40 2f Aug 26 13:21:37.493629: | ca b2 df b7 9f 5b 06 ea a1 8f 66 b6 7e 04 1b 60 Aug 26 13:21:37.493631: | ba fc 63 87 2c dd 6c 4a b0 9b d3 66 5d d9 1b 7e Aug 26 13:21:37.493632: | 3b 83 dc 85 e5 2a 33 18 f7 23 62 65 81 39 84 a9 Aug 26 13:21:37.493633: | 6c 4c ac af 1a 35 4c f9 d2 e7 54 d2 3a 66 0d be Aug 26 13:21:37.493635: | 5a c3 83 2a 7b 55 a0 d1 ff 15 98 d9 36 57 0a 61 Aug 26 13:21:37.493636: | b0 4f b5 d1 5c 93 41 c0 ee 07 e5 60 48 90 a6 45 Aug 26 13:21:37.493638: | 0b ab 9c e1 0b d5 92 d9 3d ed 68 98 bf 25 55 44 Aug 26 13:21:37.493639: | c4 ef 4c 97 78 94 b7 3d d7 de 4d c3 ba e2 3b 66 Aug 26 13:21:37.493641: | 8a 58 cf a5 43 d0 20 16 4a 95 92 b6 50 aa 77 9d Aug 26 13:21:37.493642: | 58 f5 28 e1 bb c6 f3 0e bd 51 dc c3 f4 eb 95 03 Aug 26 13:21:37.493644: | fe 27 58 96 01 d1 b3 18 81 c0 aa 66 95 9b 50 39 Aug 26 13:21:37.493645: | 04 69 fd c2 5f 74 0b 5d fc 28 bc be dc 47 26 bd Aug 26 13:21:37.493647: | 98 ea af db a8 a0 69 de 19 b0 30 1f 14 f9 7b 5d Aug 26 13:21:37.493648: | 3d 1a 9c 31 a4 fd ca 09 4b 2b 62 39 7e d5 e5 49 Aug 26 13:21:37.493649: | 72 ea d3 fe 8d a6 cb c6 3b 26 86 59 e4 82 b9 5e Aug 26 13:21:37.493651: | 37 eb 14 b9 ae cb 4e cf 6f 75 4b 17 2a 84 0b e0 Aug 26 13:21:37.493652: | 6a 2c c3 ef 22 00 e6 be 93 5e 44 29 86 83 ff 06 Aug 26 13:21:37.493654: | f6 62 39 b7 3d 10 53 0b 12 1f e5 66 72 7d 0a 62 Aug 26 13:21:37.493655: | a9 5f 64 13 36 b7 f5 e3 1d 65 66 bb d5 8c ac 3c Aug 26 13:21:37.493657: | 73 fe 50 0b 22 42 8d 31 69 2a 3e 26 2d c7 d3 7d Aug 26 13:21:37.493658: | bb 2e e4 2b 22 74 bf 89 18 80 03 85 d0 29 22 62 Aug 26 13:21:37.493660: | 60 1b 4c a7 80 e0 a1 e2 35 e9 04 48 a0 af c0 0d Aug 26 13:21:37.493661: | 40 82 8b 96 e1 8c 60 27 39 8b 87 02 1b 6a f7 12 Aug 26 13:21:37.493663: | b0 d2 30 9f 07 53 8e 02 26 33 83 6d a1 a2 f2 e9 Aug 26 13:21:37.493664: | 8e 90 64 7a 06 00 5d 02 3e 55 65 8a d0 c9 a7 ed Aug 26 13:21:37.493665: | 77 b6 7d 6e a0 bf b5 a0 12 03 9e de 48 a6 5d 3d Aug 26 13:21:37.493667: | 13 31 ba 79 4a 83 01 45 52 e1 ef 4b de d4 db bf Aug 26 13:21:37.493668: | 68 9a 64 1c 18 02 ba 51 18 83 b2 55 3d 49 96 30 Aug 26 13:21:37.493670: | f0 d2 4f e9 0a cc 1c f1 c6 a9 b0 c3 77 c3 d4 59 Aug 26 13:21:37.493671: | 5f 75 b4 b5 fa f1 a9 4b f2 fb 47 f4 43 f2 b5 84 Aug 26 13:21:37.493673: | cd 39 ff dc 0e 4c 0e 7e 88 b8 95 6a 0c b8 9c 27 Aug 26 13:21:37.493674: | 87 5c 63 70 64 7e 3d 54 66 c9 f5 fe 19 4f b9 d3 Aug 26 13:21:37.493676: | 8d 9a f8 39 69 26 fc a5 6a 05 ab 0c ae 29 45 ec Aug 26 13:21:37.493677: | eb 73 cd 50 92 13 bf 96 75 a3 24 25 00 02 a1 98 Aug 26 13:21:37.493678: | a3 ef f1 6b 78 56 a3 78 c3 63 80 da c9 70 ca a7 Aug 26 13:21:37.493680: | 84 0c ec 2c 9c 79 fd b2 90 2c ce ab c7 62 f3 22 Aug 26 13:21:37.493681: | 4c ce 7e fa 0c 11 42 1f 6d e5 d5 9c 23 16 90 bf Aug 26 13:21:37.493683: | 00 1c b9 1e 62 2e 22 09 8a 3f e5 97 bf aa 21 94 Aug 26 13:21:37.493684: | a5 a5 20 bc ff ba f4 01 8d 4d 86 1e 60 5a 83 e0 Aug 26 13:21:37.493686: | a7 01 4f f7 a8 ba 00 0d 92 57 11 75 0f bb 5d ef Aug 26 13:21:37.493688: | a2 eb e0 be 9d 7a 61 3e 38 5c 2c f3 96 37 97 64 Aug 26 13:21:37.493689: | f6 48 17 54 41 ad 4a 7b 5a 01 fb 5e 43 e3 28 d2 Aug 26 13:21:37.493691: | de 03 aa eb 18 af 97 95 89 4b d5 ff 97 00 d8 44 Aug 26 13:21:37.493692: | f0 3e 5a 58 86 dc 0c 88 ea 12 bf 95 60 8e 7d dd Aug 26 13:21:37.493694: | ac 16 e5 86 38 49 58 01 da c9 f5 29 b7 64 7e 46 Aug 26 13:21:37.493695: | 11 d7 33 e4 36 91 88 2d 97 de 8a 8a b4 1a 64 7f Aug 26 13:21:37.493697: | c7 61 d8 88 63 36 28 e8 db 72 ad 40 e4 1a 52 a7 Aug 26 13:21:37.493698: | 20 a9 c1 f8 01 3b c3 25 50 a2 7a a8 92 02 e5 d2 Aug 26 13:21:37.493700: | 67 47 20 52 7c 47 da 4e 4f 0b 40 46 ec a4 da 23 Aug 26 13:21:37.493701: | 20 f3 bf d0 2d 05 0e 01 12 bb eb 26 28 69 cc c3 Aug 26 13:21:37.493703: | d0 1d 68 dc 0d 3e ef 49 0f 84 4e e6 0d 00 bb 32 Aug 26 13:21:37.493704: | 80 f8 36 c4 67 d6 02 60 19 91 62 b7 d6 ee a3 8f Aug 26 13:21:37.493705: | c3 bc 48 4f 0d 58 80 5b b3 20 f9 d9 be 30 1d 81 Aug 26 13:21:37.493707: | 4f 02 1a f5 76 25 5d 84 13 eb 22 87 e9 32 db fe Aug 26 13:21:37.493708: | c4 ad f3 3d 5e cd ba 08 62 9e bd 9d 0c 08 5e f2 Aug 26 13:21:37.493710: | 41 7e 6e 81 3e e4 15 bb 9a 07 a3 b0 c0 75 5d 40 Aug 26 13:21:37.493711: | d3 47 30 eb f5 81 d6 da 3c d8 53 48 95 45 20 ef Aug 26 13:21:37.493713: | fb d1 00 7a a8 82 3b 9d a4 6e 6c f9 c8 86 e5 1a Aug 26 13:21:37.493714: | 43 2a 7a 56 6b 65 0f e6 04 75 5c c1 2a 87 ea 43 Aug 26 13:21:37.493716: | 7b df 52 ba 6b f7 18 32 17 c5 83 99 f1 32 50 36 Aug 26 13:21:37.493717: | 12 21 8c 25 f1 a4 42 bb 0a b4 31 6f 94 0a 06 c5 Aug 26 13:21:37.493718: | ee 87 45 7f 38 39 f3 2a 15 59 2d 3a 8a 07 16 8b Aug 26 13:21:37.493720: | 6e 3c 7e e8 f2 17 fc e5 e9 64 63 6b 8b 40 a0 d4 Aug 26 13:21:37.493721: | 4d ba 2c aa 2d e4 06 cb 9d da 45 14 d5 9f c9 87 Aug 26 13:21:37.493723: | 88 b2 d2 a3 b3 40 fa 51 b8 c9 24 76 e8 48 e4 3c Aug 26 13:21:37.493724: | c2 00 af 27 7c 1c 5d 32 6f 14 83 00 e3 9e 81 ec Aug 26 13:21:37.493726: | b7 53 1c 95 23 ed aa 46 d4 97 4f c6 61 1e c7 a0 Aug 26 13:21:37.493727: | ac c0 79 7e 3d 52 0c d8 0f d6 7b 41 71 77 b7 36 Aug 26 13:21:37.493729: | e1 b2 30 92 bd 48 bb d4 fe 6c e6 bc 5f d3 45 c1 Aug 26 13:21:37.493730: | d2 da ef f9 2c d4 63 6a c6 3a a2 b7 25 0a 16 0f Aug 26 13:21:37.493732: | 08 cc 5f 2e 44 df 0a d9 33 1e cb ce 3f 07 36 7e Aug 26 13:21:37.493733: | ad 28 44 8a 56 9a 62 64 07 7e 9e cd e4 99 5e 06 Aug 26 13:21:37.493734: | d8 41 ea 31 74 ce e0 a1 7e a4 e9 ac b6 2a c0 5e Aug 26 13:21:37.493736: | e6 bd 35 db 1c 03 18 c3 1e b6 f4 6f d7 e6 71 bb Aug 26 13:21:37.493737: | b1 c7 06 26 ea c3 ac 89 83 66 97 7c 7b 22 83 08 Aug 26 13:21:37.493739: | 4f 2a 4a 79 90 95 6b d3 62 ae 56 a3 27 1b 7d 27 Aug 26 13:21:37.493740: | 10 17 58 8a 14 d3 4f c3 8a d8 f2 2e 0e 76 84 5e Aug 26 13:21:37.493742: | 3e ae 90 fa 86 d4 7c 9a b3 f1 50 c4 5e a3 01 13 Aug 26 13:21:37.493743: | e9 af e8 ed a0 7e 72 18 72 ec 18 79 d0 c2 1b 22 Aug 26 13:21:37.493745: | 55 da f4 30 96 55 ae e5 e2 d3 5d fa 5b 8f 4a 05 Aug 26 13:21:37.493746: | cd 98 85 38 14 67 6f 9b ee 6d 95 a4 93 4b 21 f6 Aug 26 13:21:37.493747: | 3f d1 f3 d2 30 29 e2 16 a6 e4 7a 65 ce 55 19 89 Aug 26 13:21:37.493749: | 3e 0e f0 5c 95 0a 03 61 fe 83 2e 39 f3 a4 a4 c4 Aug 26 13:21:37.493750: | 27 75 a9 6d 52 a8 5a c0 9e f1 71 15 05 69 67 00 Aug 26 13:21:37.493752: | 02 01 38 df 15 33 4b 7a 74 56 4d 84 ba 87 8c 1a Aug 26 13:21:37.493753: | fd 51 6f 77 d6 0b b9 2a b4 df 95 aa 22 47 5b 0b Aug 26 13:21:37.493755: | e2 dc 05 8d 0f 48 35 45 8c e5 14 34 57 ff d5 1c Aug 26 13:21:37.493756: | 6e cb 3c be 3d 6e 09 9c ab b7 08 1f 3b fc c6 d3 Aug 26 13:21:37.493758: | 39 b4 dd 90 bf 57 b5 e7 e4 ad 00 b1 0c 89 df 56 Aug 26 13:21:37.493759: | 65 bf ab c8 22 e7 bd 6f ea b9 11 f1 ac db d5 45 Aug 26 13:21:37.493760: | 59 8f fd 8a 02 89 27 a9 e7 01 7f 23 01 5e cf 9b Aug 26 13:21:37.493762: | f3 fe 3b 2b 63 41 bb a7 65 c7 6a bc 53 7b 98 5c Aug 26 13:21:37.493764: | 07 65 4d d8 dc 32 39 c7 fd c2 10 cb f2 64 13 e4 Aug 26 13:21:37.493766: | 69 7f d6 2c 90 c7 92 8d 6f eb 6f de eb 1b ae 52 Aug 26 13:21:37.493767: | 3b 8a 55 9a 96 37 f7 09 da 33 1e f1 06 ba 82 ec Aug 26 13:21:37.493769: | 1e b0 ab fa da 85 e4 b7 44 66 b3 25 06 ee f5 e4 Aug 26 13:21:37.493770: | 76 0e a6 40 3e f5 54 28 d1 66 1f 12 0f 30 10 1a Aug 26 13:21:37.493771: | f4 79 5b ba a3 a2 3d 3f 32 02 c6 66 Aug 26 13:21:37.493816: | !event_already_set at reschedule Aug 26 13:21:37.493821: | event_schedule: new EVENT_SA_REPLACE-pe@0x555fbaf23f88 Aug 26 13:21:37.493824: | inserting event EVENT_SA_REPLACE, timeout in 3330 seconds for #1 Aug 26 13:21:37.493826: | libevent_malloc: new ptr-libevent@0x555fbaf3f0c8 size 128 Aug 26 13:21:37.493828: | pstats #1 ikev1.isakmp established Aug 26 13:21:37.493832: "northnet-eastnets/0x2" #1: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=RSA_SIG cipher=AES_CBC_256 integ=HMAC_SHA2_256 group=MODP2048} Aug 26 13:21:37.493834: | DPD: dpd_init() called on ISAKMP SA Aug 26 13:21:37.493836: | DPD: Peer supports Dead Peer Detection Aug 26 13:21:37.493837: | DPD: not initializing DPD because DPD is disabled locally Aug 26 13:21:37.493839: | modecfg pull: noquirk policy:push not-client Aug 26 13:21:37.493841: | phase 1 is done, looking for phase 2 to unpend Aug 26 13:21:37.493842: | unpending state #1 Aug 26 13:21:37.493847: | #1 spent 6.77 milliseconds Aug 26 13:21:37.493850: | #1 spent 9.66 milliseconds in process_packet_tail() Aug 26 13:21:37.493854: | stop processing: from 192.1.3.33:500 (BACKGROUND) (in process_md() at demux.c:380) Aug 26 13:21:37.493857: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in process_md() at demux.c:382) Aug 26 13:21:37.493860: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:21:37.493862: | spent 9.98 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:21:37.498897: | spent 0.00262 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:21:37.498915: | *received 476 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) Aug 26 13:21:37.498918: | ff 46 30 fd 82 4a 54 6b d9 29 c1 51 cb 06 e4 0b Aug 26 13:21:37.498919: | 08 10 20 01 0d 25 1a 9e 00 00 01 dc 1f 2e 89 7c Aug 26 13:21:37.498921: | 7d f1 e9 4d 2b 70 ba 5b 68 fd b1 76 37 7b d9 e4 Aug 26 13:21:37.498923: | d7 6b e2 d7 77 a6 8e 21 ca f5 b6 11 25 b3 8f 00 Aug 26 13:21:37.498924: | a3 85 ae 65 c4 d1 6c 74 56 c0 5f a1 40 42 c1 62 Aug 26 13:21:37.498926: | 92 e4 00 c2 15 c5 fc 94 90 49 93 bf 19 54 14 69 Aug 26 13:21:37.498928: | ed 1e 3b 0c a6 37 84 3b 69 b0 80 34 b7 ad a8 db Aug 26 13:21:37.498929: | 13 18 ad 6d be 74 7e bc e2 e7 f0 bc 29 c7 e4 48 Aug 26 13:21:37.498931: | 3b f3 e3 2a 90 80 90 5c dc 7e 81 78 76 4f 10 67 Aug 26 13:21:37.498932: | 70 91 42 74 0a f1 95 62 5a 47 52 c0 78 45 b3 dc Aug 26 13:21:37.498934: | 0f d5 eb 9e 36 de 58 57 ef c9 4d 42 e1 94 cb 9c Aug 26 13:21:37.498935: | c5 d1 23 ee aa 38 b2 27 61 35 a9 15 ff a5 f4 a3 Aug 26 13:21:37.498937: | 20 5a 8b 5f 8e 9b c3 4e 52 22 7b af e9 cd f3 18 Aug 26 13:21:37.498939: | be b1 8e cf 74 64 e5 85 42 15 89 8f 3b 69 38 c2 Aug 26 13:21:37.498953: | 23 35 b2 08 4b ff e3 e7 62 f2 6a af 39 aa e0 39 Aug 26 13:21:37.498955: | 03 1c fc 36 8e 98 e4 c1 fe 4a f0 ad 60 9e ee 62 Aug 26 13:21:37.498956: | 58 0f c2 6d 82 ae 1c 96 3f db 7a 11 d9 4c c4 1e Aug 26 13:21:37.498957: | bb d9 f8 dd 8f de 1a 65 b0 19 47 74 26 02 d5 68 Aug 26 13:21:37.498959: | fc 84 89 8a c1 6e 59 53 1d 13 81 f7 7c 4b 8e cf Aug 26 13:21:37.498960: | b6 a6 93 2f 91 c5 0c a7 93 93 8a 72 3c 6a 0b 8a Aug 26 13:21:37.498962: | a9 c4 50 fe 53 3e 5b 71 29 9d 80 bb 64 de a3 00 Aug 26 13:21:37.498963: | 64 9b f9 8b 93 79 87 f9 ce 5d db b2 e0 dd 34 49 Aug 26 13:21:37.498965: | 3c 75 44 e0 b2 11 84 8d 75 da cb 60 9b df 35 db Aug 26 13:21:37.498966: | 6b 80 95 1a 2c 39 b4 4b 35 ab 42 af 4a ea f8 d8 Aug 26 13:21:37.498969: | 40 14 84 36 f7 61 96 1a 4c 5d 03 ae 55 fb 0a 41 Aug 26 13:21:37.498984: | cd 09 b0 7a 5a d0 39 98 91 9f c8 57 78 16 f6 5b Aug 26 13:21:37.498986: | 3a f8 51 25 97 b8 9b 35 52 f6 31 e8 ba 6f ff 0b Aug 26 13:21:37.498987: | 6b d5 8c 7c 49 44 ed a5 85 73 05 85 e0 ac 8b 17 Aug 26 13:21:37.498989: | 2b eb 50 92 5e f7 db c9 8b 81 4d b2 01 a9 75 19 Aug 26 13:21:37.498990: | 79 2b 3b 0d 6a ff 7a 35 50 24 c7 2e Aug 26 13:21:37.498993: | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) Aug 26 13:21:37.498996: | **parse ISAKMP Message: Aug 26 13:21:37.498998: | initiator cookie: Aug 26 13:21:37.498999: | ff 46 30 fd 82 4a 54 6b Aug 26 13:21:37.499001: | responder cookie: Aug 26 13:21:37.499002: | d9 29 c1 51 cb 06 e4 0b Aug 26 13:21:37.499004: | next payload type: ISAKMP_NEXT_HASH (0x8) Aug 26 13:21:37.499006: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 13:21:37.499008: | exchange type: ISAKMP_XCHG_QUICK (0x20) Aug 26 13:21:37.499010: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 13:21:37.499011: | Message ID: 220535454 (0xd251a9e) Aug 26 13:21:37.499013: | length: 476 (0x1dc) Aug 26 13:21:37.499015: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32) Aug 26 13:21:37.499018: | State DB: IKEv1 state not found (find_state_ikev1) Aug 26 13:21:37.499020: | State DB: found IKEv1 state #1 in MAIN_R3 (find_state_ikev1) Aug 26 13:21:37.499023: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in process_v1_packet() at ikev1.c:1607) Aug 26 13:21:37.499034: | #1 is idle Aug 26 13:21:37.499036: | #1 idle Aug 26 13:21:37.499039: | received encrypted packet from 192.1.3.33:500 Aug 26 13:21:37.499047: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x502 opt: 0x200030 Aug 26 13:21:37.499049: | ***parse ISAKMP Hash Payload: Aug 26 13:21:37.499051: | next payload type: ISAKMP_NEXT_SA (0x1) Aug 26 13:21:37.499052: | length: 36 (0x24) Aug 26 13:21:37.499054: | got payload 0x2 (ISAKMP_NEXT_SA) needed: 0x402 opt: 0x200030 Aug 26 13:21:37.499056: | ***parse ISAKMP Security Association Payload: Aug 26 13:21:37.499058: | next payload type: ISAKMP_NEXT_NONCE (0xa) Aug 26 13:21:37.499059: | length: 84 (0x54) Aug 26 13:21:37.499061: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 13:21:37.499063: | got payload 0x400 (ISAKMP_NEXT_NONCE) needed: 0x400 opt: 0x200030 Aug 26 13:21:37.499064: | ***parse ISAKMP Nonce Payload: Aug 26 13:21:37.499066: | next payload type: ISAKMP_NEXT_KE (0x4) Aug 26 13:21:37.499067: | length: 36 (0x24) Aug 26 13:21:37.499069: | got payload 0x10 (ISAKMP_NEXT_KE) needed: 0x0 opt: 0x200030 Aug 26 13:21:37.499071: | ***parse ISAKMP Key Exchange Payload: Aug 26 13:21:37.499072: | next payload type: ISAKMP_NEXT_ID (0x5) Aug 26 13:21:37.499074: | length: 260 (0x104) Aug 26 13:21:37.499076: | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030 Aug 26 13:21:37.499078: | ***parse ISAKMP Identification Payload (IPsec DOI): Aug 26 13:21:37.499079: | next payload type: ISAKMP_NEXT_ID (0x5) Aug 26 13:21:37.499081: | length: 16 (0x10) Aug 26 13:21:37.499082: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Aug 26 13:21:37.499084: | Protocol ID: 0 (0x0) Aug 26 13:21:37.499085: | port: 0 (0x0) Aug 26 13:21:37.499087: | obj: c0 00 03 00 ff ff ff 00 Aug 26 13:21:37.499089: | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030 Aug 26 13:21:37.499090: | ***parse ISAKMP Identification Payload (IPsec DOI): Aug 26 13:21:37.499092: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:21:37.499094: | length: 16 (0x10) Aug 26 13:21:37.499095: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Aug 26 13:21:37.499097: | Protocol ID: 0 (0x0) Aug 26 13:21:37.499098: | port: 0 (0x0) Aug 26 13:21:37.499100: | obj: c0 00 02 00 ff ff ff 00 Aug 26 13:21:37.499115: | quick_inI1_outR1 HASH(1): Aug 26 13:21:37.499117: | f4 2f 9a e5 e8 cd 03 f4 ac b6 0e 72 bb 2c f1 ec Aug 26 13:21:37.499118: | 27 7c af 52 be 42 20 66 72 cb 0f eb 97 fc 2d c9 Aug 26 13:21:37.499122: | received 'quick_inI1_outR1' message HASH(1) data ok Aug 26 13:21:37.499125: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address Aug 26 13:21:37.499126: | ID address c0 00 03 00 Aug 26 13:21:37.499128: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID mask Aug 26 13:21:37.499130: | ID mask ff ff ff 00 Aug 26 13:21:37.499133: | peer client is subnet 192.0.3.0/24 Aug 26 13:21:37.499134: | peer client protocol/port is 0/0 Aug 26 13:21:37.499136: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address Aug 26 13:21:37.499138: | ID address c0 00 02 00 Aug 26 13:21:37.499139: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID mask Aug 26 13:21:37.499141: | ID mask ff ff ff 00 Aug 26 13:21:37.499143: | our client is subnet 192.0.2.0/24 Aug 26 13:21:37.499144: | our client protocol/port is 0/0 Aug 26 13:21:37.499148: "northnet-eastnets/0x2" #1: the peer proposed: 192.0.2.0/24:0/0 -> 192.0.3.0/24:0/0 Aug 26 13:21:37.499151: | find_client_connection starting with northnet-eastnets/0x2 Aug 26 13:21:37.499153: | looking for 192.0.2.0/24:0/0 -> 192.0.3.0/24:0/0 Aug 26 13:21:37.499156: | concrete checking against sr#0 192.0.22.0/24 -> 192.0.3.0/24 Aug 26 13:21:37.499165: | match_id a=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org Aug 26 13:21:37.499167: | b=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org Aug 26 13:21:37.499169: | results matched Aug 26 13:21:37.499173: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:21:37.499176: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:21:37.499180: | fc_try trying northnet-eastnets/0x2:192.0.2.0/24:0/0 -> 192.0.3.0/24:0/0 vs northnet-eastnets/0x2:192.0.22.0/24:0/0 -> 192.0.3.0/24:0/0 Aug 26 13:21:37.499182: | our client (192.0.22.0/24) not in our_net (192.0.2.0/24) Aug 26 13:21:37.499189: | match_id a=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org Aug 26 13:21:37.499190: | b=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org Aug 26 13:21:37.499192: | results matched Aug 26 13:21:37.499195: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:21:37.499199: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:21:37.499202: | fc_try trying northnet-eastnets/0x2:192.0.2.0/24:0/0 -> 192.0.3.0/24:0/0 vs northnet-eastnets/0x1:192.0.2.0/24:0/0 -> 192.0.3.0/24:0/0 Aug 26 13:21:37.499204: | fc_try concluding with northnet-eastnets/0x1 [128] Aug 26 13:21:37.499206: | fc_try northnet-eastnets/0x2 gives northnet-eastnets/0x1 Aug 26 13:21:37.499207: | concluding with d = northnet-eastnets/0x1 Aug 26 13:21:37.499209: | using connection "northnet-eastnets/0x1" Aug 26 13:21:37.499211: | client wildcard: no port wildcard: no virtual: no Aug 26 13:21:37.499214: | creating state object #2 at 0x555fbaf2d968 Aug 26 13:21:37.499216: | State DB: adding IKEv1 state #2 in UNDEFINED Aug 26 13:21:37.499219: | pstats #2 ikev1.ipsec started Aug 26 13:21:37.499221: | duplicating state object #1 "northnet-eastnets/0x2" as #2 for IPSEC SA Aug 26 13:21:37.499224: | #2 setting local endpoint to 192.1.2.23:500 from #1.st_localport (in duplicate_state() at state.c:1484) Aug 26 13:21:37.499230: | in connection_discard for connection northnet-eastnets/0x2 Aug 26 13:21:37.499234: | start processing: connection "northnet-eastnets/0x1" (BACKGROUND) (in quick_inI1_outR1_tail() at ikev1_quick.c:1286) Aug 26 13:21:37.499237: | suspend processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in quick_inI1_outR1_tail() at ikev1_quick.c:1295) Aug 26 13:21:37.499240: | start processing: state #2 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in quick_inI1_outR1_tail() at ikev1_quick.c:1295) Aug 26 13:21:37.499242: | child state #2: UNDEFINED(ignore) => QUICK_R0(established CHILD SA) Aug 26 13:21:37.499244: | ****parse IPsec DOI SIT: Aug 26 13:21:37.499246: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) Aug 26 13:21:37.499248: | ****parse ISAKMP Proposal Payload: Aug 26 13:21:37.499250: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:21:37.499251: | length: 72 (0x48) Aug 26 13:21:37.499253: | proposal number: 0 (0x0) Aug 26 13:21:37.499254: | protocol ID: PROTO_IPSEC_ESP (0x3) Aug 26 13:21:37.499256: | SPI size: 4 (0x4) Aug 26 13:21:37.499258: | number of transforms: 2 (0x2) Aug 26 13:21:37.499259: | parsing 4 raw bytes of ISAKMP Proposal Payload into SPI Aug 26 13:21:37.499261: | SPI 4a d1 f0 14 Aug 26 13:21:37.499263: | *****parse ISAKMP Transform Payload (ESP): Aug 26 13:21:37.499265: | next payload type: ISAKMP_NEXT_T (0x3) Aug 26 13:21:37.499266: | length: 32 (0x20) Aug 26 13:21:37.499268: | ESP transform number: 0 (0x0) Aug 26 13:21:37.499269: | ESP transform ID: ESP_AES (0xc) Aug 26 13:21:37.499272: | ******parse ISAKMP IPsec DOI attribute: Aug 26 13:21:37.499274: | af+type: AF+GROUP_DESCRIPTION (0x8003) Aug 26 13:21:37.499276: | length/value: 14 (0xe) Aug 26 13:21:37.499277: | [14 is OAKLEY_GROUP_MODP2048] Aug 26 13:21:37.499279: | ******parse ISAKMP IPsec DOI attribute: Aug 26 13:21:37.499281: | af+type: AF+ENCAPSULATION_MODE (0x8004) Aug 26 13:21:37.499282: | length/value: 1 (0x1) Aug 26 13:21:37.499284: | [1 is ENCAPSULATION_MODE_TUNNEL] Aug 26 13:21:37.499286: | NAT-T non-encap: Installing IPsec SA without ENCAP, st->hidden_variables.st_nat_traversal is none Aug 26 13:21:37.499292: | ******parse ISAKMP IPsec DOI attribute: Aug 26 13:21:37.499295: | af+type: AF+SA_LIFE_TYPE (0x8001) Aug 26 13:21:37.499297: | length/value: 1 (0x1) Aug 26 13:21:37.499299: | [1 is SA_LIFE_TYPE_SECONDS] Aug 26 13:21:37.499300: | ******parse ISAKMP IPsec DOI attribute: Aug 26 13:21:37.499302: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) Aug 26 13:21:37.499303: | length/value: 28800 (0x7080) Aug 26 13:21:37.499305: | ******parse ISAKMP IPsec DOI attribute: Aug 26 13:21:37.499307: | af+type: AF+AUTH_ALGORITHM (0x8005) Aug 26 13:21:37.499308: | length/value: 2 (0x2) Aug 26 13:21:37.499310: | [2 is AUTH_ALGORITHM_HMAC_SHA1] Aug 26 13:21:37.499312: | ******parse ISAKMP IPsec DOI attribute: Aug 26 13:21:37.499313: | af+type: AF+KEY_LENGTH (0x8006) Aug 26 13:21:37.499315: | length/value: 128 (0x80) Aug 26 13:21:37.499317: | ESP IPsec Transform verified unconditionally; no alg_info to check against Aug 26 13:21:37.499321: | adding quick_outI1 KE work-order 3 for state #2 Aug 26 13:21:37.499323: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x555fbaf2d358 Aug 26 13:21:37.499326: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #2 Aug 26 13:21:37.499328: | libevent_malloc: new ptr-libevent@0x555fbaf3c168 size 128 Aug 26 13:21:37.499330: | libevent_realloc: release ptr-libevent@0x555fbaeb21b8 Aug 26 13:21:37.499332: | libevent_realloc: new ptr-libevent@0x555fbaf1a1c8 size 128 Aug 26 13:21:37.499338: | complete v1 state transition with STF_SUSPEND Aug 26 13:21:37.499347: | crypto helper 1 resuming Aug 26 13:21:37.499347: | [RE]START processing: state #2 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in complete_v1_state_transition() at ikev1.c:2648) Aug 26 13:21:37.499365: | suspending state #2 and saving MD Aug 26 13:21:37.499360: | crypto helper 1 starting work-order 3 for state #2 Aug 26 13:21:37.499369: | #2 is busy; has a suspended MD Aug 26 13:21:37.499375: | crypto helper 1 doing build KE and nonce (quick_outI1 KE); request ID 3 Aug 26 13:21:37.499378: | #1 spent 0.245 milliseconds in process_packet_tail() Aug 26 13:21:37.499390: | stop processing: from 192.1.3.33:500 (BACKGROUND) (in process_md() at demux.c:380) Aug 26 13:21:37.499397: | stop processing: state #2 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in process_md() at demux.c:382) Aug 26 13:21:37.499401: | resume processing: connection "northnet-eastnets/0x1" (in process_md() at demux.c:382) Aug 26 13:21:37.499404: | stop processing: connection "northnet-eastnets/0x1" (in process_md() at demux.c:383) Aug 26 13:21:37.499409: | spent 0.49 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:21:37.499419: | spent 0.00166 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:21:37.499430: | *received 476 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) Aug 26 13:21:37.499433: | ff 46 30 fd 82 4a 54 6b d9 29 c1 51 cb 06 e4 0b Aug 26 13:21:37.499436: | 08 10 20 01 60 c9 1e 6e 00 00 01 dc 66 9b c0 37 Aug 26 13:21:37.499438: | 29 50 76 f5 db f1 76 0e 6e eb ac cf 3d 71 f2 cc Aug 26 13:21:37.499441: | 51 3e 94 6c b7 6f c5 52 8c a1 8d 60 56 af 08 d7 Aug 26 13:21:37.499443: | 0e f7 39 66 3a f7 a2 29 83 13 cd 9a eb 66 bc 8b Aug 26 13:21:37.499446: | 43 36 21 9b c9 17 0c b7 15 d2 f6 25 ad 3c c0 fb Aug 26 13:21:37.499461: | 3e 9b d2 75 1e 87 b8 0c bd 28 02 d4 30 23 1e 11 Aug 26 13:21:37.499463: | 31 57 42 8f 8c 68 65 dd 98 b3 ee d2 9f 64 c1 05 Aug 26 13:21:37.499466: | fc 25 bc 9b 73 b7 e1 f5 18 22 ee 94 e1 a1 37 9c Aug 26 13:21:37.499468: | ac fa 7b e3 89 de 66 13 9e 0d 2a 13 22 6b 65 bb Aug 26 13:21:37.499471: | 2e 90 81 a9 f8 11 ea da 24 cd e6 e4 85 4b 9b d6 Aug 26 13:21:37.499473: | 37 18 a3 49 ba 20 78 41 dc 9f 86 f2 f6 55 3a 87 Aug 26 13:21:37.499475: | 95 bc 1e fe 8b c3 55 b0 55 38 a0 f8 4a ae ab 51 Aug 26 13:21:37.499478: | af 96 19 45 6f 50 e4 8f 8e 53 96 2a 9d cc 57 6b Aug 26 13:21:37.499480: | 3a f0 d3 92 07 40 47 8c 36 36 bc 4d 1e fe f2 d9 Aug 26 13:21:37.499482: | d6 b0 7a 6e 28 28 8a 16 78 fb 83 98 92 6b aa 7e Aug 26 13:21:37.499485: | ac 76 d6 b6 a2 b0 be 38 03 31 41 12 ff 7e cc 3f Aug 26 13:21:37.499487: | bf 31 8b 32 4f e9 00 2c 1c 5c 3c cf fc 30 1f 71 Aug 26 13:21:37.499490: | b5 99 77 da c5 95 73 be 51 c5 13 e2 8b de 3f 5e Aug 26 13:21:37.499492: | d7 e9 57 7a 84 c5 56 b0 e6 62 da 46 8f 71 1a 17 Aug 26 13:21:37.499494: | de 18 24 01 77 2a 1b 4f 8c d9 b1 91 a4 fe 9d 88 Aug 26 13:21:37.499497: | d8 1c dd cf 22 ac 05 82 b4 ee 8b a1 ea ee 3f 2b Aug 26 13:21:37.499499: | 17 bd f3 b3 cc d3 6b 60 b6 0a fe ac d4 e0 db b8 Aug 26 13:21:37.499502: | 5c fd 7a ff 75 a9 5d 02 b9 44 7d bf b4 b8 29 a5 Aug 26 13:21:37.499504: | 2b 9f 11 5a bf cf 09 ea 99 84 72 9b 7d 19 73 18 Aug 26 13:21:37.499506: | 28 8b f9 34 d5 de 7d 68 93 b8 ea eb 18 10 31 a5 Aug 26 13:21:37.499509: | b0 cc 9a 47 ba b8 52 12 98 c7 36 76 cc 2a 3b b5 Aug 26 13:21:37.499511: | 47 7b 32 fe 33 ef 21 a6 dc 7d 65 cf e1 cc 08 41 Aug 26 13:21:37.499514: | a8 c1 0a 56 44 f6 80 85 64 47 d2 15 93 d1 36 27 Aug 26 13:21:37.499516: | cd 52 c3 c5 6b e8 e3 1e b1 80 d1 95 Aug 26 13:21:37.499520: | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) Aug 26 13:21:37.499523: | **parse ISAKMP Message: Aug 26 13:21:37.499526: | initiator cookie: Aug 26 13:21:37.499528: | ff 46 30 fd 82 4a 54 6b Aug 26 13:21:37.499531: | responder cookie: Aug 26 13:21:37.499533: | d9 29 c1 51 cb 06 e4 0b Aug 26 13:21:37.499536: | next payload type: ISAKMP_NEXT_HASH (0x8) Aug 26 13:21:37.499539: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 13:21:37.499541: | exchange type: ISAKMP_XCHG_QUICK (0x20) Aug 26 13:21:37.499544: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 13:21:37.499547: | Message ID: 1623793262 (0x60c91e6e) Aug 26 13:21:37.499549: | length: 476 (0x1dc) Aug 26 13:21:37.499552: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32) Aug 26 13:21:37.499557: | State DB: IKEv1 state not found (find_state_ikev1) Aug 26 13:21:37.499560: | State DB: found IKEv1 state #1 in MAIN_R3 (find_state_ikev1) Aug 26 13:21:37.499565: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in process_v1_packet() at ikev1.c:1607) Aug 26 13:21:37.499574: | #1 is idle Aug 26 13:21:37.499576: | #1 idle Aug 26 13:21:37.499580: | received encrypted packet from 192.1.3.33:500 Aug 26 13:21:37.499588: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x502 opt: 0x200030 Aug 26 13:21:37.499591: | ***parse ISAKMP Hash Payload: Aug 26 13:21:37.499593: | next payload type: ISAKMP_NEXT_SA (0x1) Aug 26 13:21:37.499596: | length: 36 (0x24) Aug 26 13:21:37.499599: | got payload 0x2 (ISAKMP_NEXT_SA) needed: 0x402 opt: 0x200030 Aug 26 13:21:37.499601: | ***parse ISAKMP Security Association Payload: Aug 26 13:21:37.499604: | next payload type: ISAKMP_NEXT_NONCE (0xa) Aug 26 13:21:37.499606: | length: 84 (0x54) Aug 26 13:21:37.499609: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 13:21:37.499612: | got payload 0x400 (ISAKMP_NEXT_NONCE) needed: 0x400 opt: 0x200030 Aug 26 13:21:37.499614: | ***parse ISAKMP Nonce Payload: Aug 26 13:21:37.499617: | next payload type: ISAKMP_NEXT_KE (0x4) Aug 26 13:21:37.499619: | length: 36 (0x24) Aug 26 13:21:37.499622: | got payload 0x10 (ISAKMP_NEXT_KE) needed: 0x0 opt: 0x200030 Aug 26 13:21:37.499624: | ***parse ISAKMP Key Exchange Payload: Aug 26 13:21:37.499627: | next payload type: ISAKMP_NEXT_ID (0x5) Aug 26 13:21:37.499629: | length: 260 (0x104) Aug 26 13:21:37.499632: | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030 Aug 26 13:21:37.499634: | ***parse ISAKMP Identification Payload (IPsec DOI): Aug 26 13:21:37.499637: | next payload type: ISAKMP_NEXT_ID (0x5) Aug 26 13:21:37.499639: | length: 16 (0x10) Aug 26 13:21:37.499642: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Aug 26 13:21:37.499644: | Protocol ID: 0 (0x0) Aug 26 13:21:37.499647: | port: 0 (0x0) Aug 26 13:21:37.499649: | obj: c0 00 03 00 ff ff ff 00 Aug 26 13:21:37.499652: | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030 Aug 26 13:21:37.499654: | ***parse ISAKMP Identification Payload (IPsec DOI): Aug 26 13:21:37.499657: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:21:37.499659: | length: 16 (0x10) Aug 26 13:21:37.499662: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Aug 26 13:21:37.499664: | Protocol ID: 0 (0x0) Aug 26 13:21:37.499667: | port: 0 (0x0) Aug 26 13:21:37.499669: | obj: c0 00 16 00 ff ff ff 00 Aug 26 13:21:37.499689: | quick_inI1_outR1 HASH(1): Aug 26 13:21:37.499692: | 0f 4e 74 48 12 71 13 27 09 31 0c 9c e7 ff ad bc Aug 26 13:21:37.499694: | ec 85 e6 36 08 4d 78 b6 3e 42 2f ec 54 34 59 a6 Aug 26 13:21:37.499697: | received 'quick_inI1_outR1' message HASH(1) data ok Aug 26 13:21:37.499701: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address Aug 26 13:21:37.499704: | ID address c0 00 03 00 Aug 26 13:21:37.499706: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID mask Aug 26 13:21:37.499709: | ID mask ff ff ff 00 Aug 26 13:21:37.499713: | peer client is subnet 192.0.3.0/24 Aug 26 13:21:37.499715: | peer client protocol/port is 0/0 Aug 26 13:21:37.499718: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address Aug 26 13:21:37.499720: | ID address c0 00 16 00 Aug 26 13:21:37.499723: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID mask Aug 26 13:21:37.499725: | ID mask ff ff ff 00 Aug 26 13:21:37.499729: | our client is subnet 192.0.22.0/24 Aug 26 13:21:37.499731: | our client protocol/port is 0/0 Aug 26 13:21:37.499736: "northnet-eastnets/0x2" #1: the peer proposed: 192.0.22.0/24:0/0 -> 192.0.3.0/24:0/0 Aug 26 13:21:37.499741: | find_client_connection starting with northnet-eastnets/0x2 Aug 26 13:21:37.499744: | looking for 192.0.22.0/24:0/0 -> 192.0.3.0/24:0/0 Aug 26 13:21:37.499748: | concrete checking against sr#0 192.0.22.0/24 -> 192.0.3.0/24 Aug 26 13:21:37.499763: | match_id a=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org Aug 26 13:21:37.499766: | b=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org Aug 26 13:21:37.499768: | results matched Aug 26 13:21:37.499775: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:21:37.499781: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:21:37.499786: | fc_try trying northnet-eastnets/0x2:192.0.22.0/24:0/0 -> 192.0.3.0/24:0/0 vs northnet-eastnets/0x2:192.0.22.0/24:0/0 -> 192.0.3.0/24:0/0 Aug 26 13:21:37.499797: | match_id a=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org Aug 26 13:21:37.499799: | b=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org Aug 26 13:21:37.499802: | results matched Aug 26 13:21:37.499807: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:21:37.499813: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:21:37.499819: | fc_try trying northnet-eastnets/0x2:192.0.22.0/24:0/0 -> 192.0.3.0/24:0/0 vs northnet-eastnets/0x1:192.0.2.0/24:0/0 -> 192.0.3.0/24:0/0 Aug 26 13:21:37.499822: | our client (192.0.2.0/24) not in our_net (192.0.22.0/24) Aug 26 13:21:37.499825: | fc_try concluding with northnet-eastnets/0x2 [129] Aug 26 13:21:37.499827: | fc_try northnet-eastnets/0x2 gives northnet-eastnets/0x2 Aug 26 13:21:37.499830: | concluding with d = northnet-eastnets/0x2 Aug 26 13:21:37.499832: | client wildcard: no port wildcard: no virtual: no Aug 26 13:21:37.499836: | creating state object #3 at 0x555fbaf34638 Aug 26 13:21:37.499839: | State DB: adding IKEv1 state #3 in UNDEFINED Aug 26 13:21:37.499844: | pstats #3 ikev1.ipsec started Aug 26 13:21:37.499847: | duplicating state object #1 "northnet-eastnets/0x2" as #3 for IPSEC SA Aug 26 13:21:37.499851: | #3 setting local endpoint to 192.1.2.23:500 from #1.st_localport (in duplicate_state() at state.c:1484) Aug 26 13:21:37.499857: | suspend processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in quick_inI1_outR1_tail() at ikev1_quick.c:1295) Aug 26 13:21:37.499861: | start processing: state #3 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in quick_inI1_outR1_tail() at ikev1_quick.c:1295) Aug 26 13:21:37.499864: | child state #3: UNDEFINED(ignore) => QUICK_R0(established CHILD SA) Aug 26 13:21:37.499867: | ****parse IPsec DOI SIT: Aug 26 13:21:37.499870: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) Aug 26 13:21:37.499873: | ****parse ISAKMP Proposal Payload: Aug 26 13:21:37.499875: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:21:37.499878: | length: 72 (0x48) Aug 26 13:21:37.499880: | proposal number: 0 (0x0) Aug 26 13:21:37.499883: | protocol ID: PROTO_IPSEC_ESP (0x3) Aug 26 13:21:37.499885: | SPI size: 4 (0x4) Aug 26 13:21:37.499888: | number of transforms: 2 (0x2) Aug 26 13:21:37.499890: | parsing 4 raw bytes of ISAKMP Proposal Payload into SPI Aug 26 13:21:37.499893: | SPI 84 e1 1f 1c Aug 26 13:21:37.499896: | *****parse ISAKMP Transform Payload (ESP): Aug 26 13:21:37.499898: | next payload type: ISAKMP_NEXT_T (0x3) Aug 26 13:21:37.499901: | length: 32 (0x20) Aug 26 13:21:37.499903: | ESP transform number: 0 (0x0) Aug 26 13:21:37.499906: | ESP transform ID: ESP_AES (0xc) Aug 26 13:21:37.499908: | ******parse ISAKMP IPsec DOI attribute: Aug 26 13:21:37.499912: | af+type: AF+GROUP_DESCRIPTION (0x8003) Aug 26 13:21:37.499915: | length/value: 14 (0xe) Aug 26 13:21:37.499918: | [14 is OAKLEY_GROUP_MODP2048] Aug 26 13:21:37.499920: | ******parse ISAKMP IPsec DOI attribute: Aug 26 13:21:37.499923: | af+type: AF+ENCAPSULATION_MODE (0x8004) Aug 26 13:21:37.499925: | length/value: 1 (0x1) Aug 26 13:21:37.499928: | [1 is ENCAPSULATION_MODE_TUNNEL] Aug 26 13:21:37.499931: | NAT-T non-encap: Installing IPsec SA without ENCAP, st->hidden_variables.st_nat_traversal is none Aug 26 13:21:37.499933: | ******parse ISAKMP IPsec DOI attribute: Aug 26 13:21:37.499936: | af+type: AF+SA_LIFE_TYPE (0x8001) Aug 26 13:21:37.499938: | length/value: 1 (0x1) Aug 26 13:21:37.499941: | [1 is SA_LIFE_TYPE_SECONDS] Aug 26 13:21:37.499943: | ******parse ISAKMP IPsec DOI attribute: Aug 26 13:21:37.499946: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) Aug 26 13:21:37.499949: | length/value: 28800 (0x7080) Aug 26 13:21:37.499951: | ******parse ISAKMP IPsec DOI attribute: Aug 26 13:21:37.499954: | af+type: AF+AUTH_ALGORITHM (0x8005) Aug 26 13:21:37.499956: | length/value: 2 (0x2) Aug 26 13:21:37.499958: | [2 is AUTH_ALGORITHM_HMAC_SHA1] Aug 26 13:21:37.499961: | ******parse ISAKMP IPsec DOI attribute: Aug 26 13:21:37.499964: | af+type: AF+KEY_LENGTH (0x8006) Aug 26 13:21:37.499966: | length/value: 128 (0x80) Aug 26 13:21:37.499969: | ESP IPsec Transform verified unconditionally; no alg_info to check against Aug 26 13:21:37.499974: | adding quick_outI1 KE work-order 4 for state #3 Aug 26 13:21:37.499977: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x555fbaeb21b8 Aug 26 13:21:37.499981: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #3 Aug 26 13:21:37.499984: | libevent_malloc: new ptr-libevent@0x555fbaf38498 size 128 Aug 26 13:21:37.499990: | complete v1 state transition with STF_SUSPEND Aug 26 13:21:37.500010: | [RE]START processing: state #3 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in complete_v1_state_transition() at ikev1.c:2648) Aug 26 13:21:37.500012: | suspending state #3 and saving MD Aug 26 13:21:37.500015: | #3 is busy; has a suspended MD Aug 26 13:21:37.500018: | crypto helper 3 resuming Aug 26 13:21:37.500019: | #1 spent 0.318 milliseconds in process_packet_tail() Aug 26 13:21:37.500032: | crypto helper 3 starting work-order 4 for state #3 Aug 26 13:21:37.500038: | stop processing: from 192.1.3.33:500 (BACKGROUND) (in process_md() at demux.c:380) Aug 26 13:21:37.500040: | crypto helper 3 doing build KE and nonce (quick_outI1 KE); request ID 4 Aug 26 13:21:37.500043: | stop processing: state #3 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in process_md() at demux.c:382) Aug 26 13:21:37.500046: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:21:37.500050: | spent 0.623 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:21:37.500779: | crypto helper 3 finished build KE and nonce (quick_outI1 KE); request ID 4 time elapsed 0.000739 seconds Aug 26 13:21:37.500789: | (#3) spent 0.562 milliseconds in crypto helper computing work-order 4: quick_outI1 KE (pcr) Aug 26 13:21:37.500791: | crypto helper 3 sending results from work-order 4 for state #3 to event queue Aug 26 13:21:37.500793: | scheduling resume sending helper answer for #3 Aug 26 13:21:37.500795: | libevent_malloc: new ptr-libevent@0x7f4ebc003f28 size 128 Aug 26 13:21:37.500800: | crypto helper 3 waiting (nothing to do) Aug 26 13:21:37.500808: | processing resume sending helper answer for #3 Aug 26 13:21:37.500819: | start processing: state #3 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:797) Aug 26 13:21:37.500820: | crypto helper 1 finished build KE and nonce (quick_outI1 KE); request ID 3 time elapsed 0.001445 seconds Aug 26 13:21:37.500828: | crypto helper 3 replies to request ID 4 Aug 26 13:21:37.500837: | (#2) spent 0.901 milliseconds in crypto helper computing work-order 3: quick_outI1 KE (pcr) Aug 26 13:21:37.500838: | calling continuation function 0x555fba81bb50 Aug 26 13:21:37.500842: | crypto helper 1 sending results from work-order 3 for state #2 to event queue Aug 26 13:21:37.500848: | quick_inI1_outR1_cryptocontinue1 for #3: calculated ke+nonce, calculating DH Aug 26 13:21:37.500854: | scheduling resume sending helper answer for #2 Aug 26 13:21:37.500861: | libevent_malloc: new ptr-libevent@0x7f4ec8003f28 size 128 Aug 26 13:21:37.500866: | crypto helper 1 waiting (nothing to do) Aug 26 13:21:37.500869: | started looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org of kind PKK_PSK Aug 26 13:21:37.500875: | actually looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org of kind PKK_PSK Aug 26 13:21:37.500881: | line 0: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org) to type PKK_RSA Aug 26 13:21:37.500883: | line 1: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org) to type PKK_RSA Aug 26 13:21:37.500885: | concluding with best_match=000 best=(nil) (lineno=-1) Aug 26 13:21:37.500887: | no PreShared Key Found Aug 26 13:21:37.500889: | adding quick outR1 DH work-order 5 for state #3 Aug 26 13:21:37.500891: | state #3 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:21:37.500894: | libevent_free: release ptr-libevent@0x555fbaf38498 Aug 26 13:21:37.500896: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x555fbaeb21b8 Aug 26 13:21:37.500898: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x555fbaeb21b8 Aug 26 13:21:37.500900: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #3 Aug 26 13:21:37.500902: | libevent_malloc: new ptr-libevent@0x555fbaf38498 size 128 Aug 26 13:21:37.500906: | suspending state #3 and saving MD Aug 26 13:21:37.500909: | #3 is busy; has a suspended MD Aug 26 13:21:37.500912: | crypto helper 4 resuming Aug 26 13:21:37.500913: | resume sending helper answer for #3 suppresed complete_v1_state_transition() and stole MD Aug 26 13:21:37.500919: | crypto helper 4 starting work-order 5 for state #3 Aug 26 13:21:37.500923: | #3 spent 0.0862 milliseconds in resume sending helper answer Aug 26 13:21:37.500923: | crypto helper 4 doing compute dh (V1 Phase 2 PFS) (quick outR1 DH); request ID 5 Aug 26 13:21:37.500930: | stop processing: state #3 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:833) Aug 26 13:21:37.500933: | libevent_free: release ptr-libevent@0x7f4ebc003f28 Aug 26 13:21:37.500940: | processing resume sending helper answer for #2 Aug 26 13:21:37.500945: | start processing: state #2 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in resume_handler() at server.c:797) Aug 26 13:21:37.500949: | crypto helper 1 replies to request ID 3 Aug 26 13:21:37.500951: | calling continuation function 0x555fba81bb50 Aug 26 13:21:37.500954: | quick_inI1_outR1_cryptocontinue1 for #2: calculated ke+nonce, calculating DH Aug 26 13:21:37.500965: | started looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org of kind PKK_PSK Aug 26 13:21:37.500972: | actually looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org of kind PKK_PSK Aug 26 13:21:37.500984: | line 0: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org) to type PKK_RSA Aug 26 13:21:37.500987: | line 1: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org) to type PKK_RSA Aug 26 13:21:37.500990: | concluding with best_match=000 best=(nil) (lineno=-1) Aug 26 13:21:37.500993: | no PreShared Key Found Aug 26 13:21:37.500996: | adding quick outR1 DH work-order 6 for state #2 Aug 26 13:21:37.500999: | state #2 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:21:37.501002: | libevent_free: release ptr-libevent@0x555fbaf3c168 Aug 26 13:21:37.501005: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x555fbaf2d358 Aug 26 13:21:37.501008: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x555fbaf2d358 Aug 26 13:21:37.501012: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #2 Aug 26 13:21:37.501015: | libevent_malloc: new ptr-libevent@0x7f4ebc003f28 size 128 Aug 26 13:21:37.501020: | suspending state #2 and saving MD Aug 26 13:21:37.501023: | #2 is busy; has a suspended MD Aug 26 13:21:37.501026: | resume sending helper answer for #2 suppresed complete_v1_state_transition() and stole MD Aug 26 13:21:37.501031: | #2 spent 0.0812 milliseconds in resume sending helper answer Aug 26 13:21:37.501036: | stop processing: state #2 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in resume_handler() at server.c:833) Aug 26 13:21:37.501038: | libevent_free: release ptr-libevent@0x7f4ec8003f28 Aug 26 13:21:37.501056: | crypto helper 5 resuming Aug 26 13:21:37.501064: | crypto helper 5 starting work-order 6 for state #2 Aug 26 13:21:37.501068: | crypto helper 5 doing compute dh (V1 Phase 2 PFS) (quick outR1 DH); request ID 6 Aug 26 13:21:37.501516: | crypto helper 4 finished compute dh (V1 Phase 2 PFS) (quick outR1 DH); request ID 5 time elapsed 0.000593 seconds Aug 26 13:21:37.501523: | (#3) spent 0.596 milliseconds in crypto helper computing work-order 5: quick outR1 DH (pcr) Aug 26 13:21:37.501525: | crypto helper 4 sending results from work-order 5 for state #3 to event queue Aug 26 13:21:37.501527: | scheduling resume sending helper answer for #3 Aug 26 13:21:37.501529: | libevent_malloc: new ptr-libevent@0x7f4ec0003618 size 128 Aug 26 13:21:37.501534: | crypto helper 4 waiting (nothing to do) Aug 26 13:21:37.501539: | processing resume sending helper answer for #3 Aug 26 13:21:37.501544: | start processing: state #3 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:797) Aug 26 13:21:37.501547: | crypto helper 4 replies to request ID 5 Aug 26 13:21:37.501548: | calling continuation function 0x555fba81bb50 Aug 26 13:21:37.501550: | quick_inI1_outR1_cryptocontinue2 for #3: calculated DH, sending R1 Aug 26 13:21:37.501554: | **emit ISAKMP Message: Aug 26 13:21:37.501556: | initiator cookie: Aug 26 13:21:37.501557: | ff 46 30 fd 82 4a 54 6b Aug 26 13:21:37.501559: | responder cookie: Aug 26 13:21:37.501560: | d9 29 c1 51 cb 06 e4 0b Aug 26 13:21:37.501562: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:21:37.501564: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 13:21:37.501566: | exchange type: ISAKMP_XCHG_QUICK (0x20) Aug 26 13:21:37.501567: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 13:21:37.501569: | Message ID: 1623793262 (0x60c91e6e) Aug 26 13:21:37.501571: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:21:37.501573: | ***emit ISAKMP Hash Payload: Aug 26 13:21:37.501575: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:21:37.501577: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Aug 26 13:21:37.501578: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'reply packet' Aug 26 13:21:37.501581: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Aug 26 13:21:37.501584: | emitting length of ISAKMP Hash Payload: 36 Aug 26 13:21:37.501586: | ***emit ISAKMP Security Association Payload: Aug 26 13:21:37.501587: | next payload type: ISAKMP_NEXT_NONCE (0xa) Aug 26 13:21:37.501589: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 13:21:37.501591: | next payload chain: ignoring supplied 'ISAKMP Security Association Payload'.'next payload type' value 10:ISAKMP_NEXT_NONCE Aug 26 13:21:37.501593: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Security Association Payload (1:ISAKMP_NEXT_SA) Aug 26 13:21:37.501595: | next payload chain: saving location 'ISAKMP Security Association Payload'.'next payload type' in 'reply packet' Aug 26 13:21:37.501597: | ****parse IPsec DOI SIT: Aug 26 13:21:37.501598: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) Aug 26 13:21:37.501600: | ****parse ISAKMP Proposal Payload: Aug 26 13:21:37.501602: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:21:37.501603: | length: 72 (0x48) Aug 26 13:21:37.501605: | proposal number: 0 (0x0) Aug 26 13:21:37.501606: | protocol ID: PROTO_IPSEC_ESP (0x3) Aug 26 13:21:37.501608: | SPI size: 4 (0x4) Aug 26 13:21:37.501609: | number of transforms: 2 (0x2) Aug 26 13:21:37.501611: | parsing 4 raw bytes of ISAKMP Proposal Payload into SPI Aug 26 13:21:37.501613: | SPI 84 e1 1f 1c Aug 26 13:21:37.501615: | *****parse ISAKMP Transform Payload (ESP): Aug 26 13:21:37.501616: | next payload type: ISAKMP_NEXT_T (0x3) Aug 26 13:21:37.501618: | length: 32 (0x20) Aug 26 13:21:37.501619: | ESP transform number: 0 (0x0) Aug 26 13:21:37.501620: | crypto helper 5 finished compute dh (V1 Phase 2 PFS) (quick outR1 DH); request ID 6 time elapsed 0.000553 seconds Aug 26 13:21:37.501621: | ESP transform ID: ESP_AES (0xc) Aug 26 13:21:37.501629: | ******parse ISAKMP IPsec DOI attribute: Aug 26 13:21:37.501630: | (#2) spent 0.557 milliseconds in crypto helper computing work-order 6: quick outR1 DH (pcr) Aug 26 13:21:37.501632: | af+type: AF+GROUP_DESCRIPTION (0x8003) Aug 26 13:21:37.501634: | crypto helper 5 sending results from work-order 6 for state #2 to event queue Aug 26 13:21:37.501639: | scheduling resume sending helper answer for #2 Aug 26 13:21:37.501643: | libevent_malloc: new ptr-libevent@0x7f4eb40037f8 size 128 Aug 26 13:21:37.501635: | length/value: 14 (0xe) Aug 26 13:21:37.501647: | crypto helper 5 waiting (nothing to do) Aug 26 13:21:37.501649: | [14 is OAKLEY_GROUP_MODP2048] Aug 26 13:21:37.501651: | ******parse ISAKMP IPsec DOI attribute: Aug 26 13:21:37.501653: | af+type: AF+ENCAPSULATION_MODE (0x8004) Aug 26 13:21:37.501655: | length/value: 1 (0x1) Aug 26 13:21:37.501656: | [1 is ENCAPSULATION_MODE_TUNNEL] Aug 26 13:21:37.501658: | NAT-T non-encap: Installing IPsec SA without ENCAP, st->hidden_variables.st_nat_traversal is none Aug 26 13:21:37.501660: | ******parse ISAKMP IPsec DOI attribute: Aug 26 13:21:37.501661: | af+type: AF+SA_LIFE_TYPE (0x8001) Aug 26 13:21:37.501663: | length/value: 1 (0x1) Aug 26 13:21:37.501664: | [1 is SA_LIFE_TYPE_SECONDS] Aug 26 13:21:37.501666: | ******parse ISAKMP IPsec DOI attribute: Aug 26 13:21:37.501667: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) Aug 26 13:21:37.501669: | length/value: 28800 (0x7080) Aug 26 13:21:37.501671: | ******parse ISAKMP IPsec DOI attribute: Aug 26 13:21:37.501672: | af+type: AF+AUTH_ALGORITHM (0x8005) Aug 26 13:21:37.501674: | length/value: 2 (0x2) Aug 26 13:21:37.501675: | [2 is AUTH_ALGORITHM_HMAC_SHA1] Aug 26 13:21:37.501677: | ******parse ISAKMP IPsec DOI attribute: Aug 26 13:21:37.501678: | af+type: AF+KEY_LENGTH (0x8006) Aug 26 13:21:37.501680: | length/value: 128 (0x80) Aug 26 13:21:37.501682: | ESP IPsec Transform verified unconditionally; no alg_info to check against Aug 26 13:21:37.501683: | ****emit IPsec DOI SIT: Aug 26 13:21:37.501685: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) Aug 26 13:21:37.501687: | ****emit ISAKMP Proposal Payload: Aug 26 13:21:37.501688: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:21:37.501691: | proposal number: 0 (0x0) Aug 26 13:21:37.501693: | protocol ID: PROTO_IPSEC_ESP (0x3) Aug 26 13:21:37.501695: | SPI size: 4 (0x4) Aug 26 13:21:37.501696: | number of transforms: 1 (0x1) Aug 26 13:21:37.501698: | last substructure: saving location 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' Aug 26 13:21:37.501712: | netlink_get_spi: allocated 0x38d5abde for esp.0@192.1.2.23 Aug 26 13:21:37.501715: | emitting 4 raw bytes of SPI into ISAKMP Proposal Payload Aug 26 13:21:37.501716: | SPI 38 d5 ab de Aug 26 13:21:37.501718: | *****emit ISAKMP Transform Payload (ESP): Aug 26 13:21:37.501719: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:21:37.501721: | ESP transform number: 0 (0x0) Aug 26 13:21:37.501723: | ESP transform ID: ESP_AES (0xc) Aug 26 13:21:37.501724: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' Aug 26 13:21:37.501726: | emitting 24 raw bytes of attributes into ISAKMP Transform Payload (ESP) Aug 26 13:21:37.501728: | attributes 80 03 00 0e 80 04 00 01 80 01 00 01 80 02 70 80 Aug 26 13:21:37.501730: | attributes 80 05 00 02 80 06 00 80 Aug 26 13:21:37.501731: | emitting length of ISAKMP Transform Payload (ESP): 32 Aug 26 13:21:37.501733: | emitting length of ISAKMP Proposal Payload: 44 Aug 26 13:21:37.501735: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' is 0 Aug 26 13:21:37.501736: | emitting length of ISAKMP Security Association Payload: 56 Aug 26 13:21:37.501738: | last substructure: checking 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' is 0 Aug 26 13:21:37.501741: "northnet-eastnets/0x2" #3: responding to Quick Mode proposal {msgid:60c91e6e} Aug 26 13:21:37.501749: "northnet-eastnets/0x2" #3: us: 192.0.22.0/24===192.1.2.23<192.1.2.23>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org] Aug 26 13:21:37.501754: "northnet-eastnets/0x2" #3: them: 192.1.3.33<192.1.3.33>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org]===192.0.3.0/24 Aug 26 13:21:37.501756: | ***emit ISAKMP Nonce Payload: Aug 26 13:21:37.501758: | next payload type: ISAKMP_NEXT_KE (0x4) Aug 26 13:21:37.501760: | next payload chain: ignoring supplied 'ISAKMP Nonce Payload'.'next payload type' value 4:ISAKMP_NEXT_KE Aug 26 13:21:37.501762: | next payload chain: setting previous 'ISAKMP Security Association Payload'.'next payload type' to current ISAKMP Nonce Payload (10:ISAKMP_NEXT_NONCE) Aug 26 13:21:37.501764: | next payload chain: saving location 'ISAKMP Nonce Payload'.'next payload type' in 'reply packet' Aug 26 13:21:37.501766: | emitting 32 raw bytes of Nr into ISAKMP Nonce Payload Aug 26 13:21:37.501767: | Nr d7 67 93 2c 52 6c 27 c3 95 22 27 a2 43 32 59 0c Aug 26 13:21:37.501769: | Nr 78 54 42 6a 4e 1c 70 6b 00 71 02 f2 f3 95 9e 1e Aug 26 13:21:37.501770: | emitting length of ISAKMP Nonce Payload: 36 Aug 26 13:21:37.501772: | ***emit ISAKMP Key Exchange Payload: Aug 26 13:21:37.501774: | next payload type: ISAKMP_NEXT_ID (0x5) Aug 26 13:21:37.501775: | next payload chain: ignoring supplied 'ISAKMP Key Exchange Payload'.'next payload type' value 5:ISAKMP_NEXT_ID Aug 26 13:21:37.501777: | next payload chain: setting previous 'ISAKMP Nonce Payload'.'next payload type' to current ISAKMP Key Exchange Payload (4:ISAKMP_NEXT_KE) Aug 26 13:21:37.501779: | next payload chain: saving location 'ISAKMP Key Exchange Payload'.'next payload type' in 'reply packet' Aug 26 13:21:37.501781: | emitting 256 raw bytes of keyex value into ISAKMP Key Exchange Payload Aug 26 13:21:37.501782: | keyex value 54 1e 72 33 39 d9 65 ed 42 de 38 d5 0b d2 38 b4 Aug 26 13:21:37.501784: | keyex value 74 3c 0a fa e6 b5 fd 07 b0 3d a3 a9 82 c2 ae 96 Aug 26 13:21:37.501786: | keyex value c4 7b d1 cb b1 b2 0f 6a 90 db 26 a0 45 cb 7a 47 Aug 26 13:21:37.501788: | keyex value c7 31 b4 4b a2 97 bc 82 34 47 f4 c9 82 7c 4c 46 Aug 26 13:21:37.501790: | keyex value 3e 7b 32 d9 56 aa 1f f5 d8 68 a1 ff a9 fe b6 5f Aug 26 13:21:37.501791: | keyex value 5b 0d 13 c2 02 8b e3 01 45 2c a2 63 0a 29 6e 33 Aug 26 13:21:37.501793: | keyex value 24 2b 0f 47 83 2d 4b 1d 18 15 ab e8 3a d1 fb 6e Aug 26 13:21:37.501794: | keyex value 23 70 51 95 ea b9 f6 1b 00 7f 63 7c 5e 3f bd f6 Aug 26 13:21:37.501796: | keyex value 5f 46 7c 12 96 df 80 81 0b 09 a4 41 fc 36 df 1f Aug 26 13:21:37.501797: | keyex value 22 02 1d b9 58 a3 0e c3 d1 0e e3 ac cc ec 4f e3 Aug 26 13:21:37.501799: | keyex value ca ef 86 41 a7 02 34 a7 dd a9 b7 b2 74 4b 8b 2a Aug 26 13:21:37.501800: | keyex value ce 36 20 1a 49 21 b2 19 bf ec bd 64 e3 78 df d5 Aug 26 13:21:37.501802: | keyex value 20 5f b8 50 db 84 f5 5a 69 8d 24 af a9 02 39 e2 Aug 26 13:21:37.501803: | keyex value f7 a1 ba 97 1a 80 86 68 4c c0 c9 02 5b 29 b5 be Aug 26 13:21:37.501805: | keyex value 8e fc 2d 64 d1 86 a3 5b cb cd d3 a8 ac 62 d7 74 Aug 26 13:21:37.501806: | keyex value a3 25 c9 54 a4 12 a0 f8 e8 0e 91 79 fa 8d fb 9f Aug 26 13:21:37.501808: | emitting length of ISAKMP Key Exchange Payload: 260 Aug 26 13:21:37.501809: | ***emit ISAKMP Identification Payload (IPsec DOI): Aug 26 13:21:37.501811: | next payload type: ISAKMP_NEXT_ID (0x5) Aug 26 13:21:37.501813: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Aug 26 13:21:37.501814: | Protocol ID: 0 (0x0) Aug 26 13:21:37.501816: | port: 0 (0x0) Aug 26 13:21:37.501818: | next payload chain: ignoring supplied 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' value 5:ISAKMP_NEXT_ID Aug 26 13:21:37.501820: | next payload chain: setting previous 'ISAKMP Key Exchange Payload'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) Aug 26 13:21:37.501821: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' Aug 26 13:21:37.501823: | emitting 8 raw bytes of ID body into ISAKMP Identification Payload (IPsec DOI) Aug 26 13:21:37.501825: | ID body c0 00 03 00 ff ff ff 00 Aug 26 13:21:37.501826: | emitting length of ISAKMP Identification Payload (IPsec DOI): 16 Aug 26 13:21:37.501828: | ***emit ISAKMP Identification Payload (IPsec DOI): Aug 26 13:21:37.501830: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:21:37.501831: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Aug 26 13:21:37.501833: | Protocol ID: 0 (0x0) Aug 26 13:21:37.501834: | port: 0 (0x0) Aug 26 13:21:37.501836: | next payload chain: setting previous 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) Aug 26 13:21:37.501838: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' Aug 26 13:21:37.501840: | emitting 8 raw bytes of ID body into ISAKMP Identification Payload (IPsec DOI) Aug 26 13:21:37.501841: | ID body c0 00 16 00 ff ff ff 00 Aug 26 13:21:37.501843: | emitting length of ISAKMP Identification Payload (IPsec DOI): 16 Aug 26 13:21:37.501862: | quick inR1 outI2 HASH(2): Aug 26 13:21:37.501864: | c1 33 5e 04 a9 5b f2 96 eb ca 61 25 85 bf a2 17 Aug 26 13:21:37.501866: | 73 94 9d c8 4f 5b dc 6e d8 34 97 45 7d 56 11 75 Aug 26 13:21:37.501868: | compute_proto_keymat: needed_len (after ESP enc)=16 Aug 26 13:21:37.501870: | compute_proto_keymat: needed_len (after ESP auth)=36 Aug 26 13:21:37.501949: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:21:37.501955: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Aug 26 13:21:37.501958: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Aug 26 13:21:37.501961: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Aug 26 13:21:37.501964: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Aug 26 13:21:37.501968: | route owner of "northnet-eastnets/0x2" unrouted: NULL Aug 26 13:21:37.501974: | install_inbound_ipsec_sa() checking if we can route Aug 26 13:21:37.501978: | could_route called for northnet-eastnets/0x2 (kind=CK_PERMANENT) Aug 26 13:21:37.501980: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:21:37.501983: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Aug 26 13:21:37.501986: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Aug 26 13:21:37.501989: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Aug 26 13:21:37.501991: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Aug 26 13:21:37.501995: | route owner of "northnet-eastnets/0x2" unrouted: NULL; eroute owner: NULL Aug 26 13:21:37.501997: | routing is easy, or has resolvable near-conflict Aug 26 13:21:37.502000: | checking if this is a replacement state Aug 26 13:21:37.502003: | st=0x555fbaf34638 ost=(nil) st->serialno=#3 ost->serialno=#0 Aug 26 13:21:37.502006: | installing outgoing SA now as refhim=0 Aug 26 13:21:37.502009: | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 Aug 26 13:21:37.502013: | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 Aug 26 13:21:37.502016: | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 Aug 26 13:21:37.502020: | setting IPsec SA replay-window to 32 Aug 26 13:21:37.502023: | NIC esp-hw-offload not for connection 'northnet-eastnets/0x2' not available on interface eth1 Aug 26 13:21:37.502026: | netlink: enabling tunnel mode Aug 26 13:21:37.502029: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 13:21:37.502032: | netlink: esp-hw-offload not set for IPsec SA Aug 26 13:21:37.502104: | netlink response for Add SA esp.84e11f1c@192.1.3.33 included non-error error Aug 26 13:21:37.502110: | outgoing SA has refhim=0 Aug 26 13:21:37.502113: | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 Aug 26 13:21:37.502116: | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 Aug 26 13:21:37.502118: | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 Aug 26 13:21:37.502121: | setting IPsec SA replay-window to 32 Aug 26 13:21:37.502122: | NIC esp-hw-offload not for connection 'northnet-eastnets/0x2' not available on interface eth1 Aug 26 13:21:37.502124: | netlink: enabling tunnel mode Aug 26 13:21:37.502126: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 13:21:37.502127: | netlink: esp-hw-offload not set for IPsec SA Aug 26 13:21:37.502175: | netlink response for Add SA esp.38d5abde@192.1.2.23 included non-error error Aug 26 13:21:37.502183: | priority calculation of connection "northnet-eastnets/0x2" is 0xfe7e7 Aug 26 13:21:37.502191: | add inbound eroute 192.0.3.0/24:0 --0-> 192.0.22.0/24:0 => tun.10000@192.1.2.23 (raw_eroute) Aug 26 13:21:37.502195: | IPsec Sa SPD priority set to 1042407 Aug 26 13:21:37.502220: | raw_eroute result=success Aug 26 13:21:37.502266: | emitting 12 zero bytes of encryption padding into ISAKMP Message Aug 26 13:21:37.502271: | no IKEv1 message padding required Aug 26 13:21:37.502275: | emitting length of ISAKMP Message: 460 Aug 26 13:21:37.502285: | finished processing quick inI1 Aug 26 13:21:37.502293: | complete v1 state transition with STF_OK Aug 26 13:21:37.502301: | [RE]START processing: state #3 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in complete_v1_state_transition() at ikev1.c:2673) Aug 26 13:21:37.502303: | #3 is idle Aug 26 13:21:37.502305: | doing_xauth:no, t_xauth_client_done:no Aug 26 13:21:37.502307: | IKEv1: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1 Aug 26 13:21:37.502309: | child state #3: QUICK_R0(established CHILD SA) => QUICK_R1(established CHILD SA) Aug 26 13:21:37.502311: | event_already_set, deleting event Aug 26 13:21:37.502313: | state #3 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:21:37.502315: | libevent_free: release ptr-libevent@0x555fbaf38498 Aug 26 13:21:37.502317: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x555fbaeb21b8 Aug 26 13:21:37.502321: | sending reply packet to 192.1.3.33:500 (from 192.1.2.23:500) Aug 26 13:21:37.502329: | sending 460 bytes for STATE_QUICK_R0 through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #3) Aug 26 13:21:37.502331: | ff 46 30 fd 82 4a 54 6b d9 29 c1 51 cb 06 e4 0b Aug 26 13:21:37.502333: | 08 10 20 01 60 c9 1e 6e 00 00 01 cc 71 42 b0 d6 Aug 26 13:21:37.502334: | fe 97 08 7e 8f 2d 5c 8a 0f 7f 44 66 21 3b d0 90 Aug 26 13:21:37.502336: | 4c 9a 02 e4 1e b2 68 16 f3 68 8a 19 f8 ed 27 d5 Aug 26 13:21:37.502337: | 70 b1 60 7c 51 5a 64 d0 22 f3 24 61 9c 22 13 0e Aug 26 13:21:37.502339: | e0 ad ed 48 08 51 9d aa d0 5c 80 a6 2d 9c b5 1c Aug 26 13:21:37.502340: | 68 80 5c 9b ba 1a 40 ca c0 f7 d0 62 8b 01 b4 6e Aug 26 13:21:37.502342: | db fa 71 ad 37 8a 87 d3 71 5b 4b 3f c3 2b 0a 33 Aug 26 13:21:37.502356: | 97 e8 e0 7f 6e 44 22 4b ff ad 31 bf f0 dd 5f 2d Aug 26 13:21:37.502358: | aa 9e f1 57 5c b4 12 49 fb 0d 02 85 4a 11 bf d9 Aug 26 13:21:37.502359: | 4d 5d 2d b4 ca 9d e3 a1 79 b3 8f 55 f7 12 b3 1f Aug 26 13:21:37.502361: | fe e7 1f 65 02 37 b0 73 1f 2c f3 a4 5f c8 3d 67 Aug 26 13:21:37.502362: | f6 a0 7f c9 4b 26 c1 38 4c b5 1d f2 ac b4 3e d3 Aug 26 13:21:37.502364: | 58 30 1d 9f d1 0e 62 52 5e 53 0a 29 30 d0 bf 8e Aug 26 13:21:37.502365: | 56 6d 08 11 b5 86 9e 0f 4e 32 6b 1c fa 89 da e5 Aug 26 13:21:37.502367: | f9 9c d0 64 ad d5 c7 29 00 1f 08 b4 13 cd 1a 81 Aug 26 13:21:37.502368: | ab e0 d2 62 b0 35 06 a2 40 7f 17 6c ed ff 99 df Aug 26 13:21:37.502370: | ea 85 30 70 95 1a 19 f0 35 90 32 94 0c 44 ef 91 Aug 26 13:21:37.502371: | 1a 8b 8f 72 74 17 ef 67 1b 8a 76 14 79 35 5e 41 Aug 26 13:21:37.502372: | c8 bf 2e 7e c5 d9 bc 87 1a 16 83 79 f3 0d a2 a8 Aug 26 13:21:37.502374: | 82 a2 91 e4 00 75 82 f0 1c 37 85 12 52 82 00 24 Aug 26 13:21:37.502375: | 23 d7 8b d6 87 16 8b 85 15 03 88 97 86 36 28 6c Aug 26 13:21:37.502377: | 94 a7 cf d1 14 e4 d3 a9 6f b7 5d 7d 0f 52 3f b0 Aug 26 13:21:37.502378: | 25 12 27 b0 0d 17 f4 e4 b1 77 68 b4 74 61 b7 39 Aug 26 13:21:37.502380: | b0 26 4e 67 60 c0 0f de ab 15 43 5c 98 9d 42 55 Aug 26 13:21:37.502381: | 75 95 78 ec 9f 42 b3 8c a2 fe 02 e2 72 0f 9c 56 Aug 26 13:21:37.502383: | 2a 3f ff fa 13 28 77 d4 06 d4 dd b0 07 ea 19 09 Aug 26 13:21:37.502384: | 5c 03 ab 68 43 13 9f c4 64 15 c1 e8 89 b6 7b de Aug 26 13:21:37.502385: | eb d4 0f a8 f6 2f 05 12 a6 62 67 37 Aug 26 13:21:37.502418: | !event_already_set at reschedule Aug 26 13:21:37.502422: | event_schedule: new EVENT_RETRANSMIT-pe@0x555fbaeb21b8 Aug 26 13:21:37.502424: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #3 Aug 26 13:21:37.502427: | libevent_malloc: new ptr-libevent@0x7f4ec8003f28 size 128 Aug 26 13:21:37.502430: | #3 STATE_QUICK_R1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 10983.244888 Aug 26 13:21:37.502432: | pstats #3 ikev1.ipsec established Aug 26 13:21:37.502434: | NAT-T: encaps is 'auto' Aug 26 13:21:37.502437: "northnet-eastnets/0x2" #3: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2 tunnel mode {ESP=>0x84e11f1c <0x38d5abde xfrm=AES_CBC_128-HMAC_SHA1_96 NATOA=none NATD=none DPD=passive} Aug 26 13:21:37.502439: | modecfg pull: noquirk policy:push not-client Aug 26 13:21:37.502441: | phase 1 is done, looking for phase 2 to unpend Aug 26 13:21:37.502444: | resume sending helper answer for #3 suppresed complete_v1_state_transition() Aug 26 13:21:37.502448: | #3 spent 0.874 milliseconds in resume sending helper answer Aug 26 13:21:37.502451: | stop processing: state #3 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:833) Aug 26 13:21:37.502453: | libevent_free: release ptr-libevent@0x7f4ec0003618 Aug 26 13:21:37.502458: | processing resume sending helper answer for #2 Aug 26 13:21:37.502461: | start processing: state #2 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in resume_handler() at server.c:797) Aug 26 13:21:37.502478: | crypto helper 5 replies to request ID 6 Aug 26 13:21:37.502481: | calling continuation function 0x555fba81bb50 Aug 26 13:21:37.502483: | quick_inI1_outR1_cryptocontinue2 for #2: calculated DH, sending R1 Aug 26 13:21:37.502486: | **emit ISAKMP Message: Aug 26 13:21:37.502488: | initiator cookie: Aug 26 13:21:37.502490: | ff 46 30 fd 82 4a 54 6b Aug 26 13:21:37.502491: | responder cookie: Aug 26 13:21:37.502493: | d9 29 c1 51 cb 06 e4 0b Aug 26 13:21:37.502495: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:21:37.502496: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 13:21:37.502498: | exchange type: ISAKMP_XCHG_QUICK (0x20) Aug 26 13:21:37.502500: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 13:21:37.502502: | Message ID: 220535454 (0xd251a9e) Aug 26 13:21:37.502503: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:21:37.502505: | ***emit ISAKMP Hash Payload: Aug 26 13:21:37.502507: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:21:37.502509: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Aug 26 13:21:37.502511: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'reply packet' Aug 26 13:21:37.502513: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Aug 26 13:21:37.502515: | emitting length of ISAKMP Hash Payload: 36 Aug 26 13:21:37.502516: | ***emit ISAKMP Security Association Payload: Aug 26 13:21:37.502518: | next payload type: ISAKMP_NEXT_NONCE (0xa) Aug 26 13:21:37.502520: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 13:21:37.502522: | next payload chain: ignoring supplied 'ISAKMP Security Association Payload'.'next payload type' value 10:ISAKMP_NEXT_NONCE Aug 26 13:21:37.502524: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Security Association Payload (1:ISAKMP_NEXT_SA) Aug 26 13:21:37.502526: | next payload chain: saving location 'ISAKMP Security Association Payload'.'next payload type' in 'reply packet' Aug 26 13:21:37.502527: | ****parse IPsec DOI SIT: Aug 26 13:21:37.502529: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) Aug 26 13:21:37.502531: | ****parse ISAKMP Proposal Payload: Aug 26 13:21:37.502533: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:21:37.502534: | length: 72 (0x48) Aug 26 13:21:37.502536: | proposal number: 0 (0x0) Aug 26 13:21:37.502537: | protocol ID: PROTO_IPSEC_ESP (0x3) Aug 26 13:21:37.502539: | SPI size: 4 (0x4) Aug 26 13:21:37.502541: | number of transforms: 2 (0x2) Aug 26 13:21:37.502542: | parsing 4 raw bytes of ISAKMP Proposal Payload into SPI Aug 26 13:21:37.502544: | SPI 4a d1 f0 14 Aug 26 13:21:37.502546: | *****parse ISAKMP Transform Payload (ESP): Aug 26 13:21:37.502547: | next payload type: ISAKMP_NEXT_T (0x3) Aug 26 13:21:37.502549: | length: 32 (0x20) Aug 26 13:21:37.502551: | ESP transform number: 0 (0x0) Aug 26 13:21:37.502552: | ESP transform ID: ESP_AES (0xc) Aug 26 13:21:37.502554: | ******parse ISAKMP IPsec DOI attribute: Aug 26 13:21:37.502556: | af+type: AF+GROUP_DESCRIPTION (0x8003) Aug 26 13:21:37.502557: | length/value: 14 (0xe) Aug 26 13:21:37.502559: | [14 is OAKLEY_GROUP_MODP2048] Aug 26 13:21:37.502561: | ******parse ISAKMP IPsec DOI attribute: Aug 26 13:21:37.502563: | af+type: AF+ENCAPSULATION_MODE (0x8004) Aug 26 13:21:37.502564: | length/value: 1 (0x1) Aug 26 13:21:37.502566: | [1 is ENCAPSULATION_MODE_TUNNEL] Aug 26 13:21:37.502568: | NAT-T non-encap: Installing IPsec SA without ENCAP, st->hidden_variables.st_nat_traversal is none Aug 26 13:21:37.502569: | ******parse ISAKMP IPsec DOI attribute: Aug 26 13:21:37.502571: | af+type: AF+SA_LIFE_TYPE (0x8001) Aug 26 13:21:37.502572: | length/value: 1 (0x1) Aug 26 13:21:37.502574: | [1 is SA_LIFE_TYPE_SECONDS] Aug 26 13:21:37.502575: | ******parse ISAKMP IPsec DOI attribute: Aug 26 13:21:37.502577: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) Aug 26 13:21:37.502579: | length/value: 28800 (0x7080) Aug 26 13:21:37.502581: | ******parse ISAKMP IPsec DOI attribute: Aug 26 13:21:37.502583: | af+type: AF+AUTH_ALGORITHM (0x8005) Aug 26 13:21:37.502585: | length/value: 2 (0x2) Aug 26 13:21:37.502586: | [2 is AUTH_ALGORITHM_HMAC_SHA1] Aug 26 13:21:37.502588: | ******parse ISAKMP IPsec DOI attribute: Aug 26 13:21:37.502589: | af+type: AF+KEY_LENGTH (0x8006) Aug 26 13:21:37.502591: | length/value: 128 (0x80) Aug 26 13:21:37.502593: | ESP IPsec Transform verified unconditionally; no alg_info to check against Aug 26 13:21:37.502594: | ****emit IPsec DOI SIT: Aug 26 13:21:37.502596: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) Aug 26 13:21:37.502598: | ****emit ISAKMP Proposal Payload: Aug 26 13:21:37.502599: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:21:37.502601: | proposal number: 0 (0x0) Aug 26 13:21:37.502603: | protocol ID: PROTO_IPSEC_ESP (0x3) Aug 26 13:21:37.502604: | SPI size: 4 (0x4) Aug 26 13:21:37.502606: | number of transforms: 1 (0x1) Aug 26 13:21:37.502608: | last substructure: saving location 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' Aug 26 13:21:37.502616: | netlink_get_spi: allocated 0x19ad0dcb for esp.0@192.1.2.23 Aug 26 13:21:37.502618: | emitting 4 raw bytes of SPI into ISAKMP Proposal Payload Aug 26 13:21:37.502620: | SPI 19 ad 0d cb Aug 26 13:21:37.502622: | *****emit ISAKMP Transform Payload (ESP): Aug 26 13:21:37.502623: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:21:37.502625: | ESP transform number: 0 (0x0) Aug 26 13:21:37.502626: | ESP transform ID: ESP_AES (0xc) Aug 26 13:21:37.502628: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' Aug 26 13:21:37.502630: | emitting 24 raw bytes of attributes into ISAKMP Transform Payload (ESP) Aug 26 13:21:37.502632: | attributes 80 03 00 0e 80 04 00 01 80 01 00 01 80 02 70 80 Aug 26 13:21:37.502634: | attributes 80 05 00 02 80 06 00 80 Aug 26 13:21:37.502635: | emitting length of ISAKMP Transform Payload (ESP): 32 Aug 26 13:21:37.502637: | emitting length of ISAKMP Proposal Payload: 44 Aug 26 13:21:37.502639: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' is 0 Aug 26 13:21:37.502640: | emitting length of ISAKMP Security Association Payload: 56 Aug 26 13:21:37.502642: | last substructure: checking 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' is 0 Aug 26 13:21:37.502645: "northnet-eastnets/0x1" #2: responding to Quick Mode proposal {msgid:0d251a9e} Aug 26 13:21:37.502653: "northnet-eastnets/0x1" #2: us: 192.0.2.0/24===192.1.2.23<192.1.2.23>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org] Aug 26 13:21:37.502658: "northnet-eastnets/0x1" #2: them: 192.1.3.33<192.1.3.33>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org]===192.0.3.0/24 Aug 26 13:21:37.502660: | ***emit ISAKMP Nonce Payload: Aug 26 13:21:37.502662: | next payload type: ISAKMP_NEXT_KE (0x4) Aug 26 13:21:37.502664: | next payload chain: ignoring supplied 'ISAKMP Nonce Payload'.'next payload type' value 4:ISAKMP_NEXT_KE Aug 26 13:21:37.502666: | next payload chain: setting previous 'ISAKMP Security Association Payload'.'next payload type' to current ISAKMP Nonce Payload (10:ISAKMP_NEXT_NONCE) Aug 26 13:21:37.502668: | next payload chain: saving location 'ISAKMP Nonce Payload'.'next payload type' in 'reply packet' Aug 26 13:21:37.502670: | emitting 32 raw bytes of Nr into ISAKMP Nonce Payload Aug 26 13:21:37.502672: | Nr 7b 18 2e e6 fe 6d 5a 5e 62 ed da 33 4f 3c 68 a0 Aug 26 13:21:37.502673: | Nr af bc ac 8f 0a 11 e5 cb a4 43 16 7b 58 07 05 17 Aug 26 13:21:37.502675: | emitting length of ISAKMP Nonce Payload: 36 Aug 26 13:21:37.502676: | ***emit ISAKMP Key Exchange Payload: Aug 26 13:21:37.502678: | next payload type: ISAKMP_NEXT_ID (0x5) Aug 26 13:21:37.502680: | next payload chain: ignoring supplied 'ISAKMP Key Exchange Payload'.'next payload type' value 5:ISAKMP_NEXT_ID Aug 26 13:21:37.502683: | next payload chain: setting previous 'ISAKMP Nonce Payload'.'next payload type' to current ISAKMP Key Exchange Payload (4:ISAKMP_NEXT_KE) Aug 26 13:21:37.502685: | next payload chain: saving location 'ISAKMP Key Exchange Payload'.'next payload type' in 'reply packet' Aug 26 13:21:37.502687: | emitting 256 raw bytes of keyex value into ISAKMP Key Exchange Payload Aug 26 13:21:37.502688: | keyex value 80 55 d7 92 24 d7 46 c0 a6 ad c3 96 3c 0a 37 c1 Aug 26 13:21:37.502690: | keyex value ce 5f 75 5e bf 52 df b0 c4 02 49 41 a6 20 dd 36 Aug 26 13:21:37.502692: | keyex value 6a a1 96 bb de a0 0c 0c 2f 4d 3d 53 05 1f 46 fc Aug 26 13:21:37.502693: | keyex value 9d 31 fa 6c 7e 89 9d 47 48 07 9f 35 b1 3f 33 a4 Aug 26 13:21:37.502695: | keyex value 53 f3 ae ed d2 d8 5a 73 b3 c8 1f f2 0b 07 0f 14 Aug 26 13:21:37.502696: | keyex value 78 f8 de 17 af a3 8a 51 1a 92 f4 88 c6 9d f9 8c Aug 26 13:21:37.502698: | keyex value ae e0 41 01 2b 28 3f 63 7a 32 39 97 3a fc f0 c2 Aug 26 13:21:37.502699: | keyex value b6 ac 53 12 46 d9 68 69 71 10 dc 6e 1b 76 a8 bc Aug 26 13:21:37.502701: | keyex value 39 d7 5c 0e d5 6d 66 02 6e ca 9c b0 1c 47 5e 74 Aug 26 13:21:37.502702: | keyex value f4 cd 06 c2 68 91 64 bd 16 b2 1d 15 4f bf e6 91 Aug 26 13:21:37.502704: | keyex value 60 e2 23 2f 39 fb 18 e9 7c 9a 24 04 d2 d4 c2 77 Aug 26 13:21:37.502705: | keyex value 1a ce 78 4e 9c 54 f6 7e 9b f3 7d 4e f2 79 ae 87 Aug 26 13:21:37.502707: | keyex value a8 b4 14 13 49 87 15 7d cb 17 46 1d a6 6f cd 8f Aug 26 13:21:37.502708: | keyex value 39 73 09 15 c3 82 93 3a 5a dd af 50 70 f3 0f 82 Aug 26 13:21:37.502710: | keyex value 98 97 ba 84 f5 de 55 ec f2 ae cf ac 89 a3 4b 83 Aug 26 13:21:37.502711: | keyex value 58 d2 a8 ac f2 0b 95 f8 bb e5 17 19 79 bd 18 8c Aug 26 13:21:37.502713: | emitting length of ISAKMP Key Exchange Payload: 260 Aug 26 13:21:37.502715: | ***emit ISAKMP Identification Payload (IPsec DOI): Aug 26 13:21:37.502716: | next payload type: ISAKMP_NEXT_ID (0x5) Aug 26 13:21:37.502718: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Aug 26 13:21:37.502720: | Protocol ID: 0 (0x0) Aug 26 13:21:37.502721: | port: 0 (0x0) Aug 26 13:21:37.502723: | next payload chain: ignoring supplied 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' value 5:ISAKMP_NEXT_ID Aug 26 13:21:37.502725: | next payload chain: setting previous 'ISAKMP Key Exchange Payload'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) Aug 26 13:21:37.502727: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' Aug 26 13:21:37.502729: | emitting 8 raw bytes of ID body into ISAKMP Identification Payload (IPsec DOI) Aug 26 13:21:37.502731: | ID body c0 00 03 00 ff ff ff 00 Aug 26 13:21:37.502732: | emitting length of ISAKMP Identification Payload (IPsec DOI): 16 Aug 26 13:21:37.502734: | ***emit ISAKMP Identification Payload (IPsec DOI): Aug 26 13:21:37.502736: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:21:37.502737: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Aug 26 13:21:37.502739: | Protocol ID: 0 (0x0) Aug 26 13:21:37.502740: | port: 0 (0x0) Aug 26 13:21:37.502742: | next payload chain: setting previous 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) Aug 26 13:21:37.502744: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' Aug 26 13:21:37.502746: | emitting 8 raw bytes of ID body into ISAKMP Identification Payload (IPsec DOI) Aug 26 13:21:37.502747: | ID body c0 00 02 00 ff ff ff 00 Aug 26 13:21:37.502749: | emitting length of ISAKMP Identification Payload (IPsec DOI): 16 Aug 26 13:21:37.502777: | quick inR1 outI2 HASH(2): Aug 26 13:21:37.502780: | ee 71 e0 07 d2 26 58 97 a5 28 a4 f9 05 cc e6 96 Aug 26 13:21:37.502782: | 17 e3 04 6a 36 2c 07 28 7a 24 8b 47 e9 fc 6a 61 Aug 26 13:21:37.502784: | compute_proto_keymat: needed_len (after ESP enc)=16 Aug 26 13:21:37.502785: | compute_proto_keymat: needed_len (after ESP auth)=36 Aug 26 13:21:37.502859: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:21:37.502862: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Aug 26 13:21:37.502864: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Aug 26 13:21:37.502865: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Aug 26 13:21:37.502867: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Aug 26 13:21:37.502869: | route owner of "northnet-eastnets/0x1" unrouted: NULL Aug 26 13:21:37.502871: | install_inbound_ipsec_sa() checking if we can route Aug 26 13:21:37.502873: | could_route called for northnet-eastnets/0x1 (kind=CK_PERMANENT) Aug 26 13:21:37.502874: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:21:37.502876: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Aug 26 13:21:37.502878: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Aug 26 13:21:37.502879: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Aug 26 13:21:37.502881: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Aug 26 13:21:37.502883: | route owner of "northnet-eastnets/0x1" unrouted: NULL; eroute owner: NULL Aug 26 13:21:37.502885: | routing is easy, or has resolvable near-conflict Aug 26 13:21:37.502887: | checking if this is a replacement state Aug 26 13:21:37.502888: | st=0x555fbaf2d968 ost=(nil) st->serialno=#2 ost->serialno=#0 Aug 26 13:21:37.502890: | installing outgoing SA now as refhim=0 Aug 26 13:21:37.502892: | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 Aug 26 13:21:37.502894: | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 Aug 26 13:21:37.502896: | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 Aug 26 13:21:37.502898: | setting IPsec SA replay-window to 32 Aug 26 13:21:37.502900: | NIC esp-hw-offload not for connection 'northnet-eastnets/0x1' not available on interface eth1 Aug 26 13:21:37.502902: | netlink: enabling tunnel mode Aug 26 13:21:37.502904: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 13:21:37.502906: | netlink: esp-hw-offload not set for IPsec SA Aug 26 13:21:37.502935: | netlink response for Add SA esp.4ad1f014@192.1.3.33 included non-error error Aug 26 13:21:37.502940: | outgoing SA has refhim=0 Aug 26 13:21:37.502947: | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 Aug 26 13:21:37.502951: | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 Aug 26 13:21:37.502955: | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 Aug 26 13:21:37.502960: | setting IPsec SA replay-window to 32 Aug 26 13:21:37.502964: | NIC esp-hw-offload not for connection 'northnet-eastnets/0x1' not available on interface eth1 Aug 26 13:21:37.502967: | netlink: enabling tunnel mode Aug 26 13:21:37.502971: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 13:21:37.502974: | netlink: esp-hw-offload not set for IPsec SA Aug 26 13:21:37.503009: | netlink response for Add SA esp.19ad0dcb@192.1.2.23 included non-error error Aug 26 13:21:37.503014: | priority calculation of connection "northnet-eastnets/0x1" is 0xfe7e7 Aug 26 13:21:37.503022: | add inbound eroute 192.0.3.0/24:0 --0-> 192.0.2.0/24:0 => tun.10000@192.1.2.23 (raw_eroute) Aug 26 13:21:37.503027: | IPsec Sa SPD priority set to 1042407 Aug 26 13:21:37.503049: | raw_eroute result=success Aug 26 13:21:37.503087: | emitting 12 zero bytes of encryption padding into ISAKMP Message Aug 26 13:21:37.503092: | no IKEv1 message padding required Aug 26 13:21:37.503095: | emitting length of ISAKMP Message: 460 Aug 26 13:21:37.503106: | finished processing quick inI1 Aug 26 13:21:37.503109: | complete v1 state transition with STF_OK Aug 26 13:21:37.503116: | [RE]START processing: state #2 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in complete_v1_state_transition() at ikev1.c:2673) Aug 26 13:21:37.503121: | #2 is idle Aug 26 13:21:37.503124: | doing_xauth:no, t_xauth_client_done:no Aug 26 13:21:37.503129: | IKEv1: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1 Aug 26 13:21:37.503133: | child state #2: QUICK_R0(established CHILD SA) => QUICK_R1(established CHILD SA) Aug 26 13:21:37.503136: | event_already_set, deleting event Aug 26 13:21:37.503140: | state #2 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:21:37.503144: | libevent_free: release ptr-libevent@0x7f4ebc003f28 Aug 26 13:21:37.503148: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x555fbaf2d358 Aug 26 13:21:37.503154: | sending reply packet to 192.1.3.33:500 (from 192.1.2.23:500) Aug 26 13:21:37.503163: | sending 460 bytes for STATE_QUICK_R0 through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #2) Aug 26 13:21:37.503166: | ff 46 30 fd 82 4a 54 6b d9 29 c1 51 cb 06 e4 0b Aug 26 13:21:37.503170: | 08 10 20 01 0d 25 1a 9e 00 00 01 cc 6c de a9 9d Aug 26 13:21:37.503173: | 8a 0a 6e 46 65 82 a9 54 db b4 4e a6 cc 50 28 13 Aug 26 13:21:37.503176: | e1 05 4e e6 cc 3a f0 56 53 87 50 0e b9 64 be 35 Aug 26 13:21:37.503179: | ee cf 92 54 9b c0 48 63 4d 1d 5d 46 57 81 be d6 Aug 26 13:21:37.503182: | b0 49 14 11 82 c0 0a 60 bc 38 3c ea 9b f6 75 d5 Aug 26 13:21:37.503185: | f1 24 bd 55 d2 48 c0 2c 76 9d 35 0d c5 a3 b8 ac Aug 26 13:21:37.503188: | 72 6a 1e f8 be e8 52 8c be 97 20 ad 91 99 d1 3a Aug 26 13:21:37.503191: | 51 4f 05 6f 34 8e 74 30 ae 20 2a c5 2a 8b a1 20 Aug 26 13:21:37.503194: | e6 83 7f 0b c1 b2 a0 58 90 59 5b b9 e3 03 95 44 Aug 26 13:21:37.503197: | 3f 33 4f 21 fe be 79 30 09 82 e2 4f 1f da 75 45 Aug 26 13:21:37.503201: | 8f 9c 2d 41 47 88 2c 40 3a 76 08 cf 5a 3e 57 4a Aug 26 13:21:37.503204: | e4 fd c2 7d ca a4 43 aa 11 86 0a 62 3e 05 79 39 Aug 26 13:21:37.503207: | 2f 6b 78 df 47 d5 ec 7a 26 46 bf 8c 84 19 3a 10 Aug 26 13:21:37.503210: | fe 61 6e 0f 88 b5 3e 06 d3 c9 6c b0 5c f3 97 26 Aug 26 13:21:37.503213: | 53 7d ad c2 b2 e8 56 e4 89 ea b4 b2 d8 8b 47 c7 Aug 26 13:21:37.503216: | 15 3e d2 1e 0d be ca a0 57 9b 58 7f 9f ae ea b5 Aug 26 13:21:37.503220: | 1c 1c 17 19 ad 80 7c d4 2a c0 ff 8b e1 ad 13 b0 Aug 26 13:21:37.503223: | 1a 03 af c8 d8 70 e3 10 80 3b b2 64 9c ce 68 4d Aug 26 13:21:37.503226: | fd ef 7a 98 9e c3 f3 6a 5f cb 45 d2 ae c8 79 da Aug 26 13:21:37.503229: | 5e 4a 2d 68 30 76 60 99 8c 36 d3 6d de 7b d3 3c Aug 26 13:21:37.503232: | e9 c7 15 61 17 8c 2f cf 5e 75 1c a7 d5 84 77 b7 Aug 26 13:21:37.503235: | 4a c0 35 41 10 64 4f 0b 0d 48 f4 60 32 e8 e7 40 Aug 26 13:21:37.503238: | c2 a8 67 2b 98 49 b7 56 ab 07 e7 a5 0b e3 52 45 Aug 26 13:21:37.503241: | 07 fe 2b b7 f1 3d 28 02 ee 0f 61 0f 06 ab b0 99 Aug 26 13:21:37.503244: | 86 3e 52 5c de a7 7d e5 3d d6 37 17 b6 b6 ff e6 Aug 26 13:21:37.503248: | e0 f0 12 c0 6b 28 b2 2a 09 0d 38 58 22 c9 a0 ad Aug 26 13:21:37.503251: | d3 46 2d 47 8d e0 42 9c 84 01 65 06 8f b6 eb 4d Aug 26 13:21:37.503254: | eb ec c1 eb f2 91 df 98 ee 49 95 75 Aug 26 13:21:37.503278: | !event_already_set at reschedule Aug 26 13:21:37.503282: | event_schedule: new EVENT_RETRANSMIT-pe@0x555fbaf2d358 Aug 26 13:21:37.503285: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #2 Aug 26 13:21:37.503287: | libevent_malloc: new ptr-libevent@0x7f4ec0003618 size 128 Aug 26 13:21:37.503300: | #2 STATE_QUICK_R1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 10983.245748 Aug 26 13:21:37.503302: | pstats #2 ikev1.ipsec established Aug 26 13:21:37.503305: | NAT-T: encaps is 'auto' Aug 26 13:21:37.503308: "northnet-eastnets/0x1" #2: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2 tunnel mode {ESP=>0x4ad1f014 <0x19ad0dcb xfrm=AES_CBC_128-HMAC_SHA1_96 NATOA=none NATD=none DPD=passive} Aug 26 13:21:37.503310: | modecfg pull: noquirk policy:push not-client Aug 26 13:21:37.503312: | phase 1 is done, looking for phase 2 to unpend Aug 26 13:21:37.503317: | resume sending helper answer for #2 suppresed complete_v1_state_transition() Aug 26 13:21:37.503321: | #2 spent 0.826 milliseconds in resume sending helper answer Aug 26 13:21:37.503324: | stop processing: state #2 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in resume_handler() at server.c:833) Aug 26 13:21:37.503327: | libevent_free: release ptr-libevent@0x7f4eb40037f8 Aug 26 13:21:37.534758: | spent 0.00261 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:21:37.534776: | *received 76 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) Aug 26 13:21:37.534779: | ff 46 30 fd 82 4a 54 6b d9 29 c1 51 cb 06 e4 0b Aug 26 13:21:37.534781: | 08 10 20 01 60 c9 1e 6e 00 00 00 4c bc 28 a3 56 Aug 26 13:21:37.534797: | 4c e6 70 c8 f7 f9 5f d1 0e f7 ac e8 29 f6 39 eb Aug 26 13:21:37.534799: | 60 21 06 e6 ff d5 88 a6 f0 93 c3 65 6b 44 1b a0 Aug 26 13:21:37.534803: | c7 43 e6 31 99 9d 04 e6 ee 0d f9 c7 Aug 26 13:21:37.534807: | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) Aug 26 13:21:37.534811: | **parse ISAKMP Message: Aug 26 13:21:37.534814: | initiator cookie: Aug 26 13:21:37.534816: | ff 46 30 fd 82 4a 54 6b Aug 26 13:21:37.534819: | responder cookie: Aug 26 13:21:37.534821: | d9 29 c1 51 cb 06 e4 0b Aug 26 13:21:37.534824: | next payload type: ISAKMP_NEXT_HASH (0x8) Aug 26 13:21:37.534827: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 13:21:37.534830: | exchange type: ISAKMP_XCHG_QUICK (0x20) Aug 26 13:21:37.534833: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 13:21:37.534835: | Message ID: 1623793262 (0x60c91e6e) Aug 26 13:21:37.534838: | length: 76 (0x4c) Aug 26 13:21:37.534841: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32) Aug 26 13:21:37.534845: | State DB: found IKEv1 state #3 in QUICK_R1 (find_state_ikev1) Aug 26 13:21:37.534849: | start processing: state #3 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in process_v1_packet() at ikev1.c:1633) Aug 26 13:21:37.534852: | #3 is idle Aug 26 13:21:37.534853: | #3 idle Aug 26 13:21:37.534856: | received encrypted packet from 192.1.3.33:500 Aug 26 13:21:37.534873: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x100 opt: 0x0 Aug 26 13:21:37.534877: | ***parse ISAKMP Hash Payload: Aug 26 13:21:37.534892: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:21:37.534895: | length: 36 (0x24) Aug 26 13:21:37.534898: | removing 12 bytes of padding Aug 26 13:21:37.534918: | quick_inI2 HASH(3): Aug 26 13:21:37.534920: | 31 62 66 81 a3 8d ac ae ef 90 d3 4d 8d eb e6 ec Aug 26 13:21:37.534921: | a8 7e 90 f9 0d 7f 20 f3 ff 77 c3 f1 bf 6f 2d f9 Aug 26 13:21:37.534923: | received 'quick_inI2' message HASH(3) data ok Aug 26 13:21:37.534927: | install_ipsec_sa() for #3: outbound only Aug 26 13:21:37.534929: | could_route called for northnet-eastnets/0x2 (kind=CK_PERMANENT) Aug 26 13:21:37.534931: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:21:37.534933: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Aug 26 13:21:37.534935: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Aug 26 13:21:37.534937: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Aug 26 13:21:37.534938: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Aug 26 13:21:37.534941: | route owner of "northnet-eastnets/0x2" unrouted: NULL; eroute owner: NULL Aug 26 13:21:37.534943: | sr for #3: unrouted Aug 26 13:21:37.534945: | route_and_eroute() for proto 0, and source port 0 dest port 0 Aug 26 13:21:37.534946: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:21:37.534948: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Aug 26 13:21:37.534950: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Aug 26 13:21:37.534951: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Aug 26 13:21:37.534953: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Aug 26 13:21:37.534955: | route owner of "northnet-eastnets/0x2" unrouted: NULL; eroute owner: NULL Aug 26 13:21:37.534959: | route_and_eroute with c: northnet-eastnets/0x2 (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #3 Aug 26 13:21:37.534962: | priority calculation of connection "northnet-eastnets/0x2" is 0xfe7e7 Aug 26 13:21:37.534968: | eroute_connection add eroute 192.0.22.0/24:0 --0-> 192.0.3.0/24:0 => tun.0@192.1.3.33 (raw_eroute) Aug 26 13:21:37.534970: | IPsec Sa SPD priority set to 1042407 Aug 26 13:21:37.535009: | raw_eroute result=success Aug 26 13:21:37.535013: | running updown command "ipsec _updown" for verb up Aug 26 13:21:37.535015: | command executing up-client Aug 26 13:21:37.535034: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:21:37.535038: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:21:37.535050: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.22.0/24' PLUTO_MY_CLIENT_NET='192.0.22.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY=' Aug 26 13:21:37.535053: | popen cmd is 1405 chars long Aug 26 13:21:37.535055: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0: Aug 26 13:21:37.535057: | cmd( 80):x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PL: Aug 26 13:21:37.535058: | cmd( 160):UTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east: Aug 26 13:21:37.535060: | cmd( 240):.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='192.: Aug 26 13:21:37.535062: | cmd( 320):0.22.0/24' PLUTO_MY_CLIENT_NET='192.0.22.0' PLUTO_MY_CLIENT_MASK='255.255.255.0': Aug 26 13:21:37.535063: | cmd( 400): PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='E: Aug 26 13:21:37.535065: | cmd( 480):SP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libres: Aug 26 13:21:37.535067: | cmd( 560):wan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.li: Aug 26 13:21:37.535068: | cmd( 640):breswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' : Aug 26 13:21:37.535070: | cmd( 720):PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL=': Aug 26 13:21:37.535072: | cmd( 800):0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, : Aug 26 13:21:37.535073: | cmd( 880):CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' P: Aug 26 13:21:37.535075: | cmd( 960):LUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_: Aug 26 13:21:37.535077: | cmd(1040):TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMIL: Aug 26 13:21:37.535078: | cmd(1120):Y='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEE: Aug 26 13:21:37.535080: | cmd(1200):R_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' : Aug 26 13:21:37.535082: | cmd(1280):PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x8: Aug 26 13:21:37.535085: | cmd(1360):4e11f1c SPI_OUT=0x38d5abde ipsec _updown 2>&1: Aug 26 13:21:37.543852: | route_and_eroute: firewall_notified: true Aug 26 13:21:37.543867: | running updown command "ipsec _updown" for verb prepare Aug 26 13:21:37.543871: | command executing prepare-client Aug 26 13:21:37.543895: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:21:37.543902: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:21:37.543920: | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.22.0/24' PLUTO_MY_CLIENT_NET='192.0.22.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CON Aug 26 13:21:37.543924: | popen cmd is 1410 chars long Aug 26 13:21:37.543927: | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastn: Aug 26 13:21:37.543930: | cmd( 80):ets/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.2: Aug 26 13:21:37.543933: | cmd( 160):3' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN: Aug 26 13:21:37.543936: | cmd( 240):=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT=: Aug 26 13:21:37.543939: | cmd( 320):'192.0.22.0/24' PLUTO_MY_CLIENT_NET='192.0.22.0' PLUTO_MY_CLIENT_MASK='255.255.2: Aug 26 13:21:37.543942: | cmd( 400):55.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TY: Aug 26 13:21:37.543945: | cmd( 480):PE='ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=L: Aug 26 13:21:37.543948: | cmd( 560):ibreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testi: Aug 26 13:21:37.543951: | cmd( 640):ng.libreswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.: Aug 26 13:21:37.543954: | cmd( 720):3.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTO: Aug 26 13:21:37.543957: | cmd( 800):COL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Departm: Aug 26 13:21:37.543960: | cmd( 880):ent, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netk: Aug 26 13:21:37.543963: | cmd( 960):ey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+S: Aug 26 13:21:37.543966: | cmd(1040):AREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDR: Aug 26 13:21:37.543968: | cmd(1120):FAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUT: Aug 26 13:21:37.543971: | cmd(1200):O_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT: Aug 26 13:21:37.543974: | cmd(1280):='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_I: Aug 26 13:21:37.543977: | cmd(1360):N=0x84e11f1c SPI_OUT=0x38d5abde ipsec _updown 2>&1: Aug 26 13:21:37.553782: | running updown command "ipsec _updown" for verb route Aug 26 13:21:37.553795: | command executing route-client Aug 26 13:21:37.553820: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:21:37.553827: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:21:37.553843: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.22.0/24' PLUTO_MY_CLIENT_NET='192.0.22.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_PO Aug 26 13:21:37.553845: | popen cmd is 1408 chars long Aug 26 13:21:37.553847: | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet: Aug 26 13:21:37.553849: | cmd( 80):s/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23': Aug 26 13:21:37.553851: | cmd( 160): PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=e: Aug 26 13:21:37.553853: | cmd( 240):ast.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='1: Aug 26 13:21:37.553854: | cmd( 320):92.0.22.0/24' PLUTO_MY_CLIENT_NET='192.0.22.0' PLUTO_MY_CLIENT_MASK='255.255.255: Aug 26 13:21:37.553856: | cmd( 400):.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE: Aug 26 13:21:37.553858: | cmd( 480):='ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Lib: Aug 26 13:21:37.553859: | cmd( 560):reswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing: Aug 26 13:21:37.553861: | cmd( 640):.libreswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.: Aug 26 13:21:37.553863: | cmd( 720):0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCO: Aug 26 13:21:37.553864: | cmd( 800):L='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Departmen: Aug 26 13:21:37.553866: | cmd( 880):t, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey: Aug 26 13:21:37.553868: | cmd( 960):' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAR: Aug 26 13:21:37.553870: | cmd(1040):EF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFA: Aug 26 13:21:37.553873: | cmd(1120):MILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_: Aug 26 13:21:37.553875: | cmd(1200):PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT=': Aug 26 13:21:37.553877: | cmd(1280):0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=: Aug 26 13:21:37.553880: | cmd(1360):0x84e11f1c SPI_OUT=0x38d5abde ipsec _updown 2>&1: Aug 26 13:21:37.566673: | route_and_eroute: instance "northnet-eastnets/0x2", setting eroute_owner {spd=0x555fbaf25888,sr=0x555fbaf25888} to #3 (was #0) (newest_ipsec_sa=#0) Aug 26 13:21:37.566694: | #1 spent 1.59 milliseconds in install_ipsec_sa() Aug 26 13:21:37.566698: | inI2: instance northnet-eastnets/0x2[0], setting IKEv1 newest_ipsec_sa to #3 (was #0) (spd.eroute=#3) cloned from #1 Aug 26 13:21:37.566702: | DPD: dpd_init() called on IPsec SA Aug 26 13:21:37.566703: | DPD: Peer does not support Dead Peer Detection Aug 26 13:21:37.566707: | complete v1 state transition with STF_OK Aug 26 13:21:37.566712: | [RE]START processing: state #3 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in complete_v1_state_transition() at ikev1.c:2673) Aug 26 13:21:37.566717: | #3 is idle Aug 26 13:21:37.566720: | doing_xauth:no, t_xauth_client_done:no Aug 26 13:21:37.566722: | IKEv1: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2 Aug 26 13:21:37.566727: | child state #3: QUICK_R1(established CHILD SA) => QUICK_R2(established CHILD SA) Aug 26 13:21:37.566730: | event_already_set, deleting event Aug 26 13:21:37.566733: | state #3 requesting EVENT_RETRANSMIT to be deleted Aug 26 13:21:37.566736: | #3 STATE_QUICK_R2: retransmits: cleared Aug 26 13:21:37.566750: | libevent_free: release ptr-libevent@0x7f4ec8003f28 Aug 26 13:21:37.566756: | free_event_entry: release EVENT_RETRANSMIT-pe@0x555fbaeb21b8 Aug 26 13:21:37.566765: | !event_already_set at reschedule Aug 26 13:21:37.566770: | event_schedule: new EVENT_SA_REPLACE-pe@0x555fbaeb21b8 Aug 26 13:21:37.566786: | inserting event EVENT_SA_REPLACE, timeout in 28530 seconds for #3 Aug 26 13:21:37.566791: | libevent_malloc: new ptr-libevent@0x7f4eb40037f8 size 128 Aug 26 13:21:37.566795: | pstats #3 ikev1.ipsec established Aug 26 13:21:37.566801: | NAT-T: encaps is 'auto' Aug 26 13:21:37.566819: "northnet-eastnets/0x2" #3: STATE_QUICK_R2: IPsec SA established tunnel mode {ESP=>0x84e11f1c <0x38d5abde xfrm=AES_CBC_128-HMAC_SHA1_96 NATOA=none NATD=none DPD=passive} Aug 26 13:21:37.566823: | modecfg pull: noquirk policy:push not-client Aug 26 13:21:37.566825: | phase 1 is done, looking for phase 2 to unpend Aug 26 13:21:37.566831: | #3 spent 1.73 milliseconds in process_packet_tail() Aug 26 13:21:37.566838: | stop processing: from 192.1.3.33:500 (BACKGROUND) (in process_md() at demux.c:380) Aug 26 13:21:37.566843: | stop processing: state #3 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in process_md() at demux.c:382) Aug 26 13:21:37.566847: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:21:37.566852: | spent 1.91 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:21:37.566867: | processing signal PLUTO_SIGCHLD Aug 26 13:21:37.566873: | waitpid returned ECHILD (no child processes left) Aug 26 13:21:37.566878: | spent 0.00514 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:21:37.566880: | processing signal PLUTO_SIGCHLD Aug 26 13:21:37.566884: | waitpid returned ECHILD (no child processes left) Aug 26 13:21:37.566888: | spent 0.00397 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:21:37.566891: | processing signal PLUTO_SIGCHLD Aug 26 13:21:37.566894: | waitpid returned ECHILD (no child processes left) Aug 26 13:21:37.566898: | spent 0.0036 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:21:37.567052: | spent 0.00234 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:21:37.567069: | *received 76 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) Aug 26 13:21:37.567073: | ff 46 30 fd 82 4a 54 6b d9 29 c1 51 cb 06 e4 0b Aug 26 13:21:37.567075: | 08 10 20 01 0d 25 1a 9e 00 00 00 4c c9 40 f8 da Aug 26 13:21:37.567078: | b7 b7 20 02 51 95 d4 e1 62 06 51 4d c7 3a 5a b1 Aug 26 13:21:37.567080: | 11 29 87 b6 c1 34 c1 7d ef d2 c6 ca 16 2a d2 fa Aug 26 13:21:37.567083: | 18 16 37 20 ed 22 2e 5a 5c 1f c7 0f Aug 26 13:21:37.567088: | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) Aug 26 13:21:37.567092: | **parse ISAKMP Message: Aug 26 13:21:37.567095: | initiator cookie: Aug 26 13:21:37.567097: | ff 46 30 fd 82 4a 54 6b Aug 26 13:21:37.567099: | responder cookie: Aug 26 13:21:37.567102: | d9 29 c1 51 cb 06 e4 0b Aug 26 13:21:37.567105: | next payload type: ISAKMP_NEXT_HASH (0x8) Aug 26 13:21:37.567108: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 13:21:37.567111: | exchange type: ISAKMP_XCHG_QUICK (0x20) Aug 26 13:21:37.567116: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 13:21:37.567119: | Message ID: 220535454 (0xd251a9e) Aug 26 13:21:37.567121: | length: 76 (0x4c) Aug 26 13:21:37.567125: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32) Aug 26 13:21:37.567132: | State DB: found IKEv1 state #2 in QUICK_R1 (find_state_ikev1) Aug 26 13:21:37.567138: | start processing: state #2 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in process_v1_packet() at ikev1.c:1633) Aug 26 13:21:37.567141: | #2 is idle Aug 26 13:21:37.567143: | #2 idle Aug 26 13:21:37.567148: | received encrypted packet from 192.1.3.33:500 Aug 26 13:21:37.567186: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x100 opt: 0x0 Aug 26 13:21:37.567191: | ***parse ISAKMP Hash Payload: Aug 26 13:21:37.567194: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:21:37.567197: | length: 36 (0x24) Aug 26 13:21:37.567199: | removing 12 bytes of padding Aug 26 13:21:37.567232: | quick_inI2 HASH(3): Aug 26 13:21:37.567234: | f6 28 f5 b3 0c 4c 20 c1 ca 85 ae 9f 26 d9 ec 1c Aug 26 13:21:37.567236: | 13 99 20 a2 7f 4a e5 59 ca 95 84 d7 67 78 ce 6e Aug 26 13:21:37.567237: | received 'quick_inI2' message HASH(3) data ok Aug 26 13:21:37.567241: | install_ipsec_sa() for #2: outbound only Aug 26 13:21:37.567243: | could_route called for northnet-eastnets/0x1 (kind=CK_PERMANENT) Aug 26 13:21:37.567245: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:21:37.567248: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Aug 26 13:21:37.567250: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Aug 26 13:21:37.567252: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Aug 26 13:21:37.567254: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Aug 26 13:21:37.567257: | route owner of "northnet-eastnets/0x1" unrouted: "northnet-eastnets/0x2" erouted; eroute owner: NULL Aug 26 13:21:37.567258: | sr for #2: unrouted Aug 26 13:21:37.567261: | route_and_eroute() for proto 0, and source port 0 dest port 0 Aug 26 13:21:37.567263: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:21:37.567265: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Aug 26 13:21:37.567267: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Aug 26 13:21:37.567268: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Aug 26 13:21:37.567270: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Aug 26 13:21:37.567273: | route owner of "northnet-eastnets/0x1" unrouted: "northnet-eastnets/0x2" erouted; eroute owner: NULL Aug 26 13:21:37.567275: | route_and_eroute with c: northnet-eastnets/0x1 (next: none) ero:null esr:{(nil)} ro:northnet-eastnets/0x2 rosr:{0x555fbaf25888} and state: #2 Aug 26 13:21:37.567278: | priority calculation of connection "northnet-eastnets/0x1" is 0xfe7e7 Aug 26 13:21:37.567283: | eroute_connection add eroute 192.0.2.0/24:0 --0-> 192.0.3.0/24:0 => tun.0@192.1.3.33 (raw_eroute) Aug 26 13:21:37.567301: | IPsec Sa SPD priority set to 1042407 Aug 26 13:21:37.567331: | raw_eroute result=success Aug 26 13:21:37.567336: | running updown command "ipsec _updown" for verb up Aug 26 13:21:37.567339: | command executing up-client Aug 26 13:21:37.567370: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:21:37.567377: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:21:37.567397: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RS Aug 26 13:21:37.567403: | popen cmd is 1403 chars long Aug 26 13:21:37.567406: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0: Aug 26 13:21:37.567409: | cmd( 80):x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PL: Aug 26 13:21:37.567411: | cmd( 160):UTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east: Aug 26 13:21:37.567414: | cmd( 240):.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='192.: Aug 26 13:21:37.567416: | cmd( 320):0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' P: Aug 26 13:21:37.567419: | cmd( 400):LUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP: Aug 26 13:21:37.567421: | cmd( 480):' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswa: Aug 26 13:21:37.567424: | cmd( 560):n, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libr: Aug 26 13:21:37.567427: | cmd( 640):eswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PL: Aug 26 13:21:37.567429: | cmd( 720):UTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0': Aug 26 13:21:37.567432: | cmd( 800): PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN: Aug 26 13:21:37.567435: | cmd( 880):=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLU: Aug 26 13:21:37.567437: | cmd( 960):TO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TR: Aug 26 13:21:37.567440: | cmd(1040):ACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY=: Aug 26 13:21:37.567443: | cmd(1120):'ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_: Aug 26 13:21:37.567445: | cmd(1200):DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PL: Aug 26 13:21:37.567448: | cmd(1280):UTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x4ad: Aug 26 13:21:37.567451: | cmd(1360):1f014 SPI_OUT=0x19ad0dcb ipsec _updown 2>&1: Aug 26 13:21:37.576110: | route_and_eroute: firewall_notified: true Aug 26 13:21:37.576132: | route_and_eroute: instance "northnet-eastnets/0x1", setting eroute_owner {spd=0x555fbaf18f58,sr=0x555fbaf18f58} to #2 (was #0) (newest_ipsec_sa=#0) Aug 26 13:21:37.576141: | #1 spent 0.611 milliseconds in install_ipsec_sa() Aug 26 13:21:37.576147: | inI2: instance northnet-eastnets/0x1[0], setting IKEv1 newest_ipsec_sa to #2 (was #0) (spd.eroute=#2) cloned from #1 Aug 26 13:21:37.576150: | DPD: dpd_init() called on IPsec SA Aug 26 13:21:37.576153: | DPD: Peer does not support Dead Peer Detection Aug 26 13:21:37.576158: | complete v1 state transition with STF_OK Aug 26 13:21:37.576165: | [RE]START processing: state #2 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in complete_v1_state_transition() at ikev1.c:2673) Aug 26 13:21:37.576169: | #2 is idle Aug 26 13:21:37.576172: | doing_xauth:no, t_xauth_client_done:no Aug 26 13:21:37.576175: | IKEv1: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2 Aug 26 13:21:37.576180: | child state #2: QUICK_R1(established CHILD SA) => QUICK_R2(established CHILD SA) Aug 26 13:21:37.576183: | event_already_set, deleting event Aug 26 13:21:37.576186: | state #2 requesting EVENT_RETRANSMIT to be deleted Aug 26 13:21:37.576191: | #2 STATE_QUICK_R2: retransmits: cleared Aug 26 13:21:37.576204: | libevent_free: release ptr-libevent@0x7f4ec0003618 Aug 26 13:21:37.576210: | free_event_entry: release EVENT_RETRANSMIT-pe@0x555fbaf2d358 Aug 26 13:21:37.576218: | !event_already_set at reschedule Aug 26 13:21:37.576223: | event_schedule: new EVENT_SA_REPLACE-pe@0x555fbaf2d358 Aug 26 13:21:37.576227: | inserting event EVENT_SA_REPLACE, timeout in 28530 seconds for #2 Aug 26 13:21:37.576234: | libevent_malloc: new ptr-libevent@0x555fbaf38498 size 128 Aug 26 13:21:37.576239: | pstats #2 ikev1.ipsec established Aug 26 13:21:37.576245: | NAT-T: encaps is 'auto' Aug 26 13:21:37.576251: "northnet-eastnets/0x1" #2: STATE_QUICK_R2: IPsec SA established tunnel mode {ESP=>0x4ad1f014 <0x19ad0dcb xfrm=AES_CBC_128-HMAC_SHA1_96 NATOA=none NATD=none DPD=passive} Aug 26 13:21:37.576255: | modecfg pull: noquirk policy:push not-client Aug 26 13:21:37.576257: | phase 1 is done, looking for phase 2 to unpend Aug 26 13:21:37.576263: | #2 spent 0.735 milliseconds in process_packet_tail() Aug 26 13:21:37.576270: | stop processing: from 192.1.3.33:500 (BACKGROUND) (in process_md() at demux.c:380) Aug 26 13:21:37.576276: | stop processing: state #2 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in process_md() at demux.c:382) Aug 26 13:21:37.576281: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:21:37.576285: | spent 0.94 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:21:37.576303: | processing signal PLUTO_SIGCHLD Aug 26 13:21:37.576311: | waitpid returned ECHILD (no child processes left) Aug 26 13:21:37.576316: | spent 0.00589 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:21:55.396414: | processing global timer EVENT_SHUNT_SCAN Aug 26 13:21:55.396471: | expiring aged bare shunts from shunt table Aug 26 13:21:55.396492: | spent 0.018 milliseconds in global timer EVENT_SHUNT_SCAN Aug 26 13:21:57.476899: | processing global timer EVENT_NAT_T_KEEPALIVE Aug 26 13:21:57.476972: | FOR_EACH_STATE_... in nat_traversal_ka_event (for_each_state) Aug 26 13:21:57.476997: | start processing: state #3 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in for_each_state() at state.c:1575) Aug 26 13:21:57.477007: | not behind NAT: no NAT-T KEEP-ALIVE required for conn northnet-eastnets/0x2 Aug 26 13:21:57.477023: | [RE]START processing: state #3 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in nat_traversal_send_ka() at nat_traversal.c:774) Aug 26 13:21:57.477035: | ka_event: send NAT-KA to 192.1.3.33:500 (state=#3) Aug 26 13:21:57.477042: | sending NAT-T Keep Alive Aug 26 13:21:57.477071: | sending 1 bytes for NAT-T Keep Alive through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #3) Aug 26 13:21:57.477082: | ff Aug 26 13:21:57.477224: | stop processing: state #3 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in nat_traversal_send_ka() at nat_traversal.c:786) Aug 26 13:21:57.477249: | processing: STOP state #0 (in for_each_state() at state.c:1577) Aug 26 13:21:57.477273: | start processing: state #2 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in for_each_state() at state.c:1575) Aug 26 13:21:57.477335: | not behind NAT: no NAT-T KEEP-ALIVE required for conn northnet-eastnets/0x1 Aug 26 13:21:57.477360: | [RE]START processing: state #2 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in nat_traversal_send_ka() at nat_traversal.c:774) Aug 26 13:21:57.477380: | ka_event: send NAT-KA to 192.1.3.33:500 (state=#2) Aug 26 13:21:57.477392: | sending NAT-T Keep Alive Aug 26 13:21:57.477419: | sending 1 bytes for NAT-T Keep Alive through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #2) Aug 26 13:21:57.477432: | ff Aug 26 13:21:57.477517: | stop processing: state #2 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in nat_traversal_send_ka() at nat_traversal.c:786) Aug 26 13:21:57.477535: | processing: STOP state #0 (in for_each_state() at state.c:1577) Aug 26 13:21:57.477559: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in for_each_state() at state.c:1575) Aug 26 13:21:57.477574: | not behind NAT: no NAT-T KEEP-ALIVE required for conn northnet-eastnets/0x2 Aug 26 13:21:57.477597: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in for_each_state() at state.c:1577) Aug 26 13:21:57.477614: | global one-shot timer EVENT_NAT_T_KEEPALIVE scheduled in 20 seconds Aug 26 13:21:57.477645: | spent 0.528 milliseconds in global timer EVENT_NAT_T_KEEPALIVE Aug 26 13:22:15.396677: | processing global timer EVENT_SHUNT_SCAN Aug 26 13:22:15.396740: | expiring aged bare shunts from shunt table Aug 26 13:22:15.396763: | spent 0.0193 milliseconds in global timer EVENT_SHUNT_SCAN Aug 26 13:22:17.479394: | processing global timer EVENT_NAT_T_KEEPALIVE Aug 26 13:22:17.479451: | FOR_EACH_STATE_... in nat_traversal_ka_event (for_each_state) Aug 26 13:22:17.479477: | start processing: state #3 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in for_each_state() at state.c:1575) Aug 26 13:22:17.479487: | not behind NAT: no NAT-T KEEP-ALIVE required for conn northnet-eastnets/0x2 Aug 26 13:22:17.479502: | [RE]START processing: state #3 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in nat_traversal_send_ka() at nat_traversal.c:774) Aug 26 13:22:17.479514: | ka_event: send NAT-KA to 192.1.3.33:500 (state=#3) Aug 26 13:22:17.479521: | sending NAT-T Keep Alive Aug 26 13:22:17.479538: | sending 1 bytes for NAT-T Keep Alive through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #3) Aug 26 13:22:17.479546: | ff Aug 26 13:22:17.479683: | stop processing: state #3 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in nat_traversal_send_ka() at nat_traversal.c:786) Aug 26 13:22:17.479707: | processing: STOP state #0 (in for_each_state() at state.c:1577) Aug 26 13:22:17.479732: | start processing: state #2 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in for_each_state() at state.c:1575) Aug 26 13:22:17.479746: | not behind NAT: no NAT-T KEEP-ALIVE required for conn northnet-eastnets/0x1 Aug 26 13:22:17.479767: | [RE]START processing: state #2 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in nat_traversal_send_ka() at nat_traversal.c:774) Aug 26 13:22:17.479785: | ka_event: send NAT-KA to 192.1.3.33:500 (state=#2) Aug 26 13:22:17.479797: | sending NAT-T Keep Alive Aug 26 13:22:17.479823: | sending 1 bytes for NAT-T Keep Alive through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #2) Aug 26 13:22:17.479835: | ff Aug 26 13:22:17.479916: | stop processing: state #2 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in nat_traversal_send_ka() at nat_traversal.c:786) Aug 26 13:22:17.479938: | processing: STOP state #0 (in for_each_state() at state.c:1577) Aug 26 13:22:17.479962: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in for_each_state() at state.c:1575) Aug 26 13:22:17.479977: | not behind NAT: no NAT-T KEEP-ALIVE required for conn northnet-eastnets/0x2 Aug 26 13:22:17.480001: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in for_each_state() at state.c:1577) Aug 26 13:22:17.480019: | global one-shot timer EVENT_NAT_T_KEEPALIVE scheduled in 20 seconds Aug 26 13:22:17.480044: | spent 0.495 milliseconds in global timer EVENT_NAT_T_KEEPALIVE Aug 26 13:22:20.363202: | spent 0.00262 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:22:20.363222: | *received 476 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) Aug 26 13:22:20.363225: | ff 46 30 fd 82 4a 54 6b d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:20.363227: | 08 10 20 01 55 0e 82 c8 00 00 01 dc 84 3f 95 fa Aug 26 13:22:20.363228: | 97 92 5d ad 7b ec 15 49 50 6e 9c 71 31 f4 f6 db Aug 26 13:22:20.363230: | 37 a4 e2 dc 02 f6 b4 6d 06 40 0e d7 29 2a a6 22 Aug 26 13:22:20.363231: | 90 d8 1f 92 02 ae e3 8a d0 e6 52 47 24 ba 02 45 Aug 26 13:22:20.363233: | 6e 02 74 70 cb 57 35 f5 80 61 0a 67 be 6c 9f 1b Aug 26 13:22:20.363234: | 47 a5 5a 58 83 ba 2e f2 73 57 81 e1 e7 b1 9b af Aug 26 13:22:20.363236: | f8 8c 25 c7 09 32 0b 58 a4 99 39 f8 38 8c 99 4a Aug 26 13:22:20.363237: | d8 f2 92 5d f6 08 17 29 64 aa 1f 94 89 89 01 49 Aug 26 13:22:20.363239: | 0d 78 fd cd e7 29 42 b0 aa ff 64 d3 24 99 b5 8b Aug 26 13:22:20.363240: | 1a 15 55 b8 f8 2d a3 f6 e9 94 33 fc cf fd b5 96 Aug 26 13:22:20.363242: | 71 fc 04 7d 71 e5 b4 1d b6 27 a0 74 83 3c a0 e3 Aug 26 13:22:20.363243: | 42 ce 89 6c 71 8a 96 b3 f8 7c ee 72 f3 8b 07 46 Aug 26 13:22:20.363247: | 0f 53 e6 ff ee 70 18 d8 b1 1e be 13 dc 8e ed 22 Aug 26 13:22:20.363248: | 5b 82 76 0d d8 1a 2a eb 14 62 d8 f3 6c ac 91 4b Aug 26 13:22:20.363250: | 0c 87 4d 67 73 2a 0d f3 49 a5 25 58 1d 66 66 dc Aug 26 13:22:20.363251: | 35 9f f8 f6 f1 af 23 cf ae 7e 7e bc c5 1a 06 02 Aug 26 13:22:20.363253: | a4 e9 29 91 d7 6a 38 05 c4 0b b9 31 f4 21 6f 4c Aug 26 13:22:20.363254: | 03 fe 04 6f 19 f2 68 50 57 66 8a a6 1f df eb 42 Aug 26 13:22:20.363256: | 79 8a b1 55 32 9b 73 6c 01 a6 7e c9 bf 65 21 cc Aug 26 13:22:20.363257: | cb 39 cc fd 15 63 ff a0 94 53 14 06 5e bb f9 85 Aug 26 13:22:20.363259: | 36 2c b5 df c6 b0 5f 2b 7e 8a 90 08 86 c0 ee 0b Aug 26 13:22:20.363260: | e4 8a b5 82 11 62 cc 05 c3 fc cd e2 ef a5 81 41 Aug 26 13:22:20.363262: | 01 28 be f6 49 b2 88 6e 0e f8 54 36 f0 2d aa bc Aug 26 13:22:20.363263: | 17 3c d8 c3 4b b6 46 8e bf 13 54 89 fd 0e 0b d3 Aug 26 13:22:20.363264: | 3b 43 bd 46 e4 81 ef a6 ee e1 2c 2c b8 ec c1 b8 Aug 26 13:22:20.363266: | f3 08 74 36 9d c7 1e 53 fb 62 26 c9 23 21 d4 23 Aug 26 13:22:20.363267: | 54 85 fb 42 64 0d 0a 64 55 ed ec c6 8f 8c f2 c7 Aug 26 13:22:20.363269: | 6e de 8d 3e 68 07 bf e6 2a d6 56 12 5b 11 74 7a Aug 26 13:22:20.363270: | 9d 6b bb 15 bd 1d f3 7d 16 f4 db 26 Aug 26 13:22:20.363273: | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) Aug 26 13:22:20.363276: | **parse ISAKMP Message: Aug 26 13:22:20.363278: | initiator cookie: Aug 26 13:22:20.363279: | ff 46 30 fd 82 4a 54 6b Aug 26 13:22:20.363281: | responder cookie: Aug 26 13:22:20.363282: | d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:20.363284: | next payload type: ISAKMP_NEXT_HASH (0x8) Aug 26 13:22:20.363286: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 13:22:20.363291: | exchange type: ISAKMP_XCHG_QUICK (0x20) Aug 26 13:22:20.363295: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 13:22:20.363297: | Message ID: 1427014344 (0x550e82c8) Aug 26 13:22:20.363298: | length: 476 (0x1dc) Aug 26 13:22:20.363300: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32) Aug 26 13:22:20.363304: | State DB: IKEv1 state not found (find_state_ikev1) Aug 26 13:22:20.363306: | State DB: found IKEv1 state #1 in MAIN_R3 (find_state_ikev1) Aug 26 13:22:20.363310: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in process_v1_packet() at ikev1.c:1607) Aug 26 13:22:20.363344: | #1 is idle Aug 26 13:22:20.363348: | #1 idle Aug 26 13:22:20.363350: | received encrypted packet from 192.1.3.33:500 Aug 26 13:22:20.363365: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x502 opt: 0x200030 Aug 26 13:22:20.363367: | ***parse ISAKMP Hash Payload: Aug 26 13:22:20.363369: | next payload type: ISAKMP_NEXT_SA (0x1) Aug 26 13:22:20.363370: | length: 36 (0x24) Aug 26 13:22:20.363372: | got payload 0x2 (ISAKMP_NEXT_SA) needed: 0x402 opt: 0x200030 Aug 26 13:22:20.363374: | ***parse ISAKMP Security Association Payload: Aug 26 13:22:20.363376: | next payload type: ISAKMP_NEXT_NONCE (0xa) Aug 26 13:22:20.363377: | length: 84 (0x54) Aug 26 13:22:20.363378: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 13:22:20.363380: | got payload 0x400 (ISAKMP_NEXT_NONCE) needed: 0x400 opt: 0x200030 Aug 26 13:22:20.363382: | ***parse ISAKMP Nonce Payload: Aug 26 13:22:20.363383: | next payload type: ISAKMP_NEXT_KE (0x4) Aug 26 13:22:20.363385: | length: 36 (0x24) Aug 26 13:22:20.363386: | got payload 0x10 (ISAKMP_NEXT_KE) needed: 0x0 opt: 0x200030 Aug 26 13:22:20.363388: | ***parse ISAKMP Key Exchange Payload: Aug 26 13:22:20.363389: | next payload type: ISAKMP_NEXT_ID (0x5) Aug 26 13:22:20.363391: | length: 260 (0x104) Aug 26 13:22:20.363393: | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030 Aug 26 13:22:20.363394: | ***parse ISAKMP Identification Payload (IPsec DOI): Aug 26 13:22:20.363396: | next payload type: ISAKMP_NEXT_ID (0x5) Aug 26 13:22:20.363397: | length: 16 (0x10) Aug 26 13:22:20.363401: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Aug 26 13:22:20.363403: | Protocol ID: 0 (0x0) Aug 26 13:22:20.363404: | port: 0 (0x0) Aug 26 13:22:20.363406: | obj: c0 00 03 00 ff ff ff 00 Aug 26 13:22:20.363407: | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030 Aug 26 13:22:20.363409: | ***parse ISAKMP Identification Payload (IPsec DOI): Aug 26 13:22:20.363411: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:20.363412: | length: 16 (0x10) Aug 26 13:22:20.363414: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Aug 26 13:22:20.363415: | Protocol ID: 0 (0x0) Aug 26 13:22:20.363416: | port: 0 (0x0) Aug 26 13:22:20.363418: | obj: c0 00 02 00 ff ff ff 00 Aug 26 13:22:20.363440: | quick_inI1_outR1 HASH(1): Aug 26 13:22:20.363442: | 4b f1 8c 31 ae 74 1c b1 bf 9b e8 55 76 75 67 b5 Aug 26 13:22:20.363444: | 2f 61 25 fa 4a 25 60 4f 08 a8 5f fd 4b 7e 35 a2 Aug 26 13:22:20.363446: | received 'quick_inI1_outR1' message HASH(1) data ok Aug 26 13:22:20.363449: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address Aug 26 13:22:20.363450: | ID address c0 00 03 00 Aug 26 13:22:20.363452: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID mask Aug 26 13:22:20.363454: | ID mask ff ff ff 00 Aug 26 13:22:20.363456: | peer client is subnet 192.0.3.0/24 Aug 26 13:22:20.363458: | peer client protocol/port is 0/0 Aug 26 13:22:20.363460: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address Aug 26 13:22:20.363461: | ID address c0 00 02 00 Aug 26 13:22:20.363463: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID mask Aug 26 13:22:20.363464: | ID mask ff ff ff 00 Aug 26 13:22:20.363466: | our client is subnet 192.0.2.0/24 Aug 26 13:22:20.363468: | our client protocol/port is 0/0 Aug 26 13:22:20.363471: "northnet-eastnets/0x2" #1: the peer proposed: 192.0.2.0/24:0/0 -> 192.0.3.0/24:0/0 Aug 26 13:22:20.363474: | find_client_connection starting with northnet-eastnets/0x2 Aug 26 13:22:20.363476: | looking for 192.0.2.0/24:0/0 -> 192.0.3.0/24:0/0 Aug 26 13:22:20.363478: | concrete checking against sr#0 192.0.22.0/24 -> 192.0.3.0/24 Aug 26 13:22:20.363490: | match_id a=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org Aug 26 13:22:20.363492: | b=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org Aug 26 13:22:20.363493: | results matched Aug 26 13:22:20.363497: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:22:20.363501: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:22:20.363504: | fc_try trying northnet-eastnets/0x2:192.0.2.0/24:0/0 -> 192.0.3.0/24:0/0 vs northnet-eastnets/0x2:192.0.22.0/24:0/0 -> 192.0.3.0/24:0/0 Aug 26 13:22:20.363506: | our client (192.0.22.0/24) not in our_net (192.0.2.0/24) Aug 26 13:22:20.363512: | match_id a=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org Aug 26 13:22:20.363514: | b=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org Aug 26 13:22:20.363515: | results matched Aug 26 13:22:20.363519: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:22:20.363522: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:22:20.363526: | fc_try trying northnet-eastnets/0x2:192.0.2.0/24:0/0 -> 192.0.3.0/24:0/0 vs northnet-eastnets/0x1:192.0.2.0/24:0/0 -> 192.0.3.0/24:0/0 Aug 26 13:22:20.363529: | fc_try concluding with northnet-eastnets/0x1 [256] Aug 26 13:22:20.363531: | fc_try northnet-eastnets/0x2 gives northnet-eastnets/0x1 Aug 26 13:22:20.363532: | concluding with d = northnet-eastnets/0x1 Aug 26 13:22:20.363534: | using connection "northnet-eastnets/0x1" Aug 26 13:22:20.363536: | client wildcard: no port wildcard: no virtual: no Aug 26 13:22:20.363540: | creating state object #4 at 0x555fbaf3f178 Aug 26 13:22:20.363541: | State DB: adding IKEv1 state #4 in UNDEFINED Aug 26 13:22:20.363548: | pstats #4 ikev1.ipsec started Aug 26 13:22:20.363550: | duplicating state object #1 "northnet-eastnets/0x2" as #4 for IPSEC SA Aug 26 13:22:20.363554: | #4 setting local endpoint to 192.1.2.23:500 from #1.st_localport (in duplicate_state() at state.c:1484) Aug 26 13:22:20.363560: | in connection_discard for connection northnet-eastnets/0x2 Aug 26 13:22:20.363562: | start processing: connection "northnet-eastnets/0x1" (BACKGROUND) (in quick_inI1_outR1_tail() at ikev1_quick.c:1286) Aug 26 13:22:20.363565: | suspend processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in quick_inI1_outR1_tail() at ikev1_quick.c:1295) Aug 26 13:22:20.363568: | start processing: state #4 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in quick_inI1_outR1_tail() at ikev1_quick.c:1295) Aug 26 13:22:20.363570: | child state #4: UNDEFINED(ignore) => QUICK_R0(established CHILD SA) Aug 26 13:22:20.363572: | ****parse IPsec DOI SIT: Aug 26 13:22:20.363574: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) Aug 26 13:22:20.363576: | ****parse ISAKMP Proposal Payload: Aug 26 13:22:20.363578: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:20.363579: | length: 72 (0x48) Aug 26 13:22:20.363581: | proposal number: 0 (0x0) Aug 26 13:22:20.363582: | protocol ID: PROTO_IPSEC_ESP (0x3) Aug 26 13:22:20.363584: | SPI size: 4 (0x4) Aug 26 13:22:20.363585: | number of transforms: 2 (0x2) Aug 26 13:22:20.363587: | parsing 4 raw bytes of ISAKMP Proposal Payload into SPI Aug 26 13:22:20.363589: | SPI 63 67 35 5e Aug 26 13:22:20.363591: | *****parse ISAKMP Transform Payload (ESP): Aug 26 13:22:20.363593: | next payload type: ISAKMP_NEXT_T (0x3) Aug 26 13:22:20.363594: | length: 32 (0x20) Aug 26 13:22:20.363596: | ESP transform number: 0 (0x0) Aug 26 13:22:20.363597: | ESP transform ID: ESP_AES (0xc) Aug 26 13:22:20.363599: | ******parse ISAKMP IPsec DOI attribute: Aug 26 13:22:20.363601: | af+type: AF+GROUP_DESCRIPTION (0x8003) Aug 26 13:22:20.363603: | length/value: 14 (0xe) Aug 26 13:22:20.363605: | [14 is OAKLEY_GROUP_MODP2048] Aug 26 13:22:20.363607: | ******parse ISAKMP IPsec DOI attribute: Aug 26 13:22:20.363608: | af+type: AF+ENCAPSULATION_MODE (0x8004) Aug 26 13:22:20.363610: | length/value: 1 (0x1) Aug 26 13:22:20.363611: | [1 is ENCAPSULATION_MODE_TUNNEL] Aug 26 13:22:20.363613: | NAT-T non-encap: Installing IPsec SA without ENCAP, st->hidden_variables.st_nat_traversal is none Aug 26 13:22:20.363615: | ******parse ISAKMP IPsec DOI attribute: Aug 26 13:22:20.363616: | af+type: AF+SA_LIFE_TYPE (0x8001) Aug 26 13:22:20.363618: | length/value: 1 (0x1) Aug 26 13:22:20.363619: | [1 is SA_LIFE_TYPE_SECONDS] Aug 26 13:22:20.363621: | ******parse ISAKMP IPsec DOI attribute: Aug 26 13:22:20.363623: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) Aug 26 13:22:20.363624: | length/value: 28800 (0x7080) Aug 26 13:22:20.363626: | ******parse ISAKMP IPsec DOI attribute: Aug 26 13:22:20.363628: | af+type: AF+AUTH_ALGORITHM (0x8005) Aug 26 13:22:20.363629: | length/value: 2 (0x2) Aug 26 13:22:20.363631: | [2 is AUTH_ALGORITHM_HMAC_SHA1] Aug 26 13:22:20.363632: | ******parse ISAKMP IPsec DOI attribute: Aug 26 13:22:20.363634: | af+type: AF+KEY_LENGTH (0x8006) Aug 26 13:22:20.363635: | length/value: 128 (0x80) Aug 26 13:22:20.363637: | ESP IPsec Transform verified unconditionally; no alg_info to check against Aug 26 13:22:20.363641: | adding quick_outI1 KE work-order 7 for state #4 Aug 26 13:22:20.363643: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f4ec8004218 Aug 26 13:22:20.363647: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #4 Aug 26 13:22:20.363649: | libevent_malloc: new ptr-libevent@0x555fbaf3c3a8 size 128 Aug 26 13:22:20.363656: | complete v1 state transition with STF_SUSPEND Aug 26 13:22:20.363661: | [RE]START processing: state #4 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in complete_v1_state_transition() at ikev1.c:2648) Aug 26 13:22:20.363661: | crypto helper 6 resuming Aug 26 13:22:20.363664: | suspending state #4 and saving MD Aug 26 13:22:20.363672: | crypto helper 6 starting work-order 7 for state #4 Aug 26 13:22:20.363676: | #4 is busy; has a suspended MD Aug 26 13:22:20.363681: | crypto helper 6 doing build KE and nonce (quick_outI1 KE); request ID 7 Aug 26 13:22:20.363687: | #1 spent 0.23 milliseconds in process_packet_tail() Aug 26 13:22:20.363691: | stop processing: from 192.1.3.33:500 (BACKGROUND) (in process_md() at demux.c:380) Aug 26 13:22:20.363696: | stop processing: state #4 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in process_md() at demux.c:382) Aug 26 13:22:20.363699: | resume processing: connection "northnet-eastnets/0x1" (in process_md() at demux.c:382) Aug 26 13:22:20.363702: | stop processing: connection "northnet-eastnets/0x1" (in process_md() at demux.c:383) Aug 26 13:22:20.363706: | spent 0.483 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:22:20.364215: | crypto helper 6 finished build KE and nonce (quick_outI1 KE); request ID 7 time elapsed 0.000534 seconds Aug 26 13:22:20.364220: | (#4) spent 0.538 milliseconds in crypto helper computing work-order 7: quick_outI1 KE (pcr) Aug 26 13:22:20.364222: | crypto helper 6 sending results from work-order 7 for state #4 to event queue Aug 26 13:22:20.364224: | scheduling resume sending helper answer for #4 Aug 26 13:22:20.364227: | libevent_malloc: new ptr-libevent@0x7f4eb8002888 size 128 Aug 26 13:22:20.364232: | crypto helper 6 waiting (nothing to do) Aug 26 13:22:20.364237: | processing resume sending helper answer for #4 Aug 26 13:22:20.364243: | start processing: state #4 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in resume_handler() at server.c:797) Aug 26 13:22:20.364245: | crypto helper 6 replies to request ID 7 Aug 26 13:22:20.364247: | calling continuation function 0x555fba81bb50 Aug 26 13:22:20.364249: | quick_inI1_outR1_cryptocontinue1 for #4: calculated ke+nonce, calculating DH Aug 26 13:22:20.364256: | started looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org of kind PKK_PSK Aug 26 13:22:20.364261: | actually looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org of kind PKK_PSK Aug 26 13:22:20.364266: | line 0: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org) to type PKK_RSA Aug 26 13:22:20.364268: | line 1: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org) to type PKK_RSA Aug 26 13:22:20.364270: | concluding with best_match=000 best=(nil) (lineno=-1) Aug 26 13:22:20.364272: | no PreShared Key Found Aug 26 13:22:20.364274: | adding quick outR1 DH work-order 8 for state #4 Aug 26 13:22:20.364276: | state #4 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:22:20.364278: | libevent_free: release ptr-libevent@0x555fbaf3c3a8 Aug 26 13:22:20.364280: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f4ec8004218 Aug 26 13:22:20.364282: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f4ec8004218 Aug 26 13:22:20.364286: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #4 Aug 26 13:22:20.364291: | libevent_malloc: new ptr-libevent@0x555fbaf3c3a8 size 128 Aug 26 13:22:20.364297: | suspending state #4 and saving MD Aug 26 13:22:20.364299: | #4 is busy; has a suspended MD Aug 26 13:22:20.364301: | resume sending helper answer for #4 suppresed complete_v1_state_transition() and stole MD Aug 26 13:22:20.364324: | #4 spent 0.0561 milliseconds in resume sending helper answer Aug 26 13:22:20.364327: | stop processing: state #4 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in resume_handler() at server.c:833) Aug 26 13:22:20.364331: | libevent_free: release ptr-libevent@0x7f4eb8002888 Aug 26 13:22:20.364347: | crypto helper 0 resuming Aug 26 13:22:20.364358: | crypto helper 0 starting work-order 8 for state #4 Aug 26 13:22:20.364378: | crypto helper 0 doing compute dh (V1 Phase 2 PFS) (quick outR1 DH); request ID 8 Aug 26 13:22:20.364887: | crypto helper 0 finished compute dh (V1 Phase 2 PFS) (quick outR1 DH); request ID 8 time elapsed 0.000524 seconds Aug 26 13:22:20.364892: | (#4) spent 0.528 milliseconds in crypto helper computing work-order 8: quick outR1 DH (pcr) Aug 26 13:22:20.364894: | crypto helper 0 sending results from work-order 8 for state #4 to event queue Aug 26 13:22:20.364896: | scheduling resume sending helper answer for #4 Aug 26 13:22:20.364898: | libevent_malloc: new ptr-libevent@0x7f4ecc0027d8 size 128 Aug 26 13:22:20.364903: | crypto helper 0 waiting (nothing to do) Aug 26 13:22:20.364931: | processing resume sending helper answer for #4 Aug 26 13:22:20.364952: | start processing: state #4 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in resume_handler() at server.c:797) Aug 26 13:22:20.364955: | crypto helper 0 replies to request ID 8 Aug 26 13:22:20.364957: | calling continuation function 0x555fba81bb50 Aug 26 13:22:20.364959: | quick_inI1_outR1_cryptocontinue2 for #4: calculated DH, sending R1 Aug 26 13:22:20.364978: | **emit ISAKMP Message: Aug 26 13:22:20.364980: | initiator cookie: Aug 26 13:22:20.364982: | ff 46 30 fd 82 4a 54 6b Aug 26 13:22:20.364983: | responder cookie: Aug 26 13:22:20.364985: | d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:20.364986: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:20.364988: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 13:22:20.364990: | exchange type: ISAKMP_XCHG_QUICK (0x20) Aug 26 13:22:20.364991: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 13:22:20.364993: | Message ID: 1427014344 (0x550e82c8) Aug 26 13:22:20.364995: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:22:20.364997: | ***emit ISAKMP Hash Payload: Aug 26 13:22:20.364998: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:20.365000: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Aug 26 13:22:20.365002: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'reply packet' Aug 26 13:22:20.365004: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Aug 26 13:22:20.365006: | emitting length of ISAKMP Hash Payload: 36 Aug 26 13:22:20.365007: | ***emit ISAKMP Security Association Payload: Aug 26 13:22:20.365009: | next payload type: ISAKMP_NEXT_NONCE (0xa) Aug 26 13:22:20.365011: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 13:22:20.365013: | next payload chain: ignoring supplied 'ISAKMP Security Association Payload'.'next payload type' value 10:ISAKMP_NEXT_NONCE Aug 26 13:22:20.365015: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Security Association Payload (1:ISAKMP_NEXT_SA) Aug 26 13:22:20.365016: | next payload chain: saving location 'ISAKMP Security Association Payload'.'next payload type' in 'reply packet' Aug 26 13:22:20.365018: | ****parse IPsec DOI SIT: Aug 26 13:22:20.365020: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) Aug 26 13:22:20.365022: | ****parse ISAKMP Proposal Payload: Aug 26 13:22:20.365023: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:20.365027: | length: 72 (0x48) Aug 26 13:22:20.365028: | proposal number: 0 (0x0) Aug 26 13:22:20.365030: | protocol ID: PROTO_IPSEC_ESP (0x3) Aug 26 13:22:20.365031: | SPI size: 4 (0x4) Aug 26 13:22:20.365033: | number of transforms: 2 (0x2) Aug 26 13:22:20.365035: | parsing 4 raw bytes of ISAKMP Proposal Payload into SPI Aug 26 13:22:20.365036: | SPI 63 67 35 5e Aug 26 13:22:20.365038: | *****parse ISAKMP Transform Payload (ESP): Aug 26 13:22:20.365040: | next payload type: ISAKMP_NEXT_T (0x3) Aug 26 13:22:20.365041: | length: 32 (0x20) Aug 26 13:22:20.365043: | ESP transform number: 0 (0x0) Aug 26 13:22:20.365044: | ESP transform ID: ESP_AES (0xc) Aug 26 13:22:20.365046: | ******parse ISAKMP IPsec DOI attribute: Aug 26 13:22:20.365048: | af+type: AF+GROUP_DESCRIPTION (0x8003) Aug 26 13:22:20.365049: | length/value: 14 (0xe) Aug 26 13:22:20.365051: | [14 is OAKLEY_GROUP_MODP2048] Aug 26 13:22:20.365053: | ******parse ISAKMP IPsec DOI attribute: Aug 26 13:22:20.365054: | af+type: AF+ENCAPSULATION_MODE (0x8004) Aug 26 13:22:20.365056: | length/value: 1 (0x1) Aug 26 13:22:20.365057: | [1 is ENCAPSULATION_MODE_TUNNEL] Aug 26 13:22:20.365059: | NAT-T non-encap: Installing IPsec SA without ENCAP, st->hidden_variables.st_nat_traversal is none Aug 26 13:22:20.365061: | ******parse ISAKMP IPsec DOI attribute: Aug 26 13:22:20.365062: | af+type: AF+SA_LIFE_TYPE (0x8001) Aug 26 13:22:20.365064: | length/value: 1 (0x1) Aug 26 13:22:20.365065: | [1 is SA_LIFE_TYPE_SECONDS] Aug 26 13:22:20.365067: | ******parse ISAKMP IPsec DOI attribute: Aug 26 13:22:20.365068: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) Aug 26 13:22:20.365070: | length/value: 28800 (0x7080) Aug 26 13:22:20.365072: | ******parse ISAKMP IPsec DOI attribute: Aug 26 13:22:20.365073: | af+type: AF+AUTH_ALGORITHM (0x8005) Aug 26 13:22:20.365075: | length/value: 2 (0x2) Aug 26 13:22:20.365076: | [2 is AUTH_ALGORITHM_HMAC_SHA1] Aug 26 13:22:20.365078: | ******parse ISAKMP IPsec DOI attribute: Aug 26 13:22:20.365079: | af+type: AF+KEY_LENGTH (0x8006) Aug 26 13:22:20.365081: | length/value: 128 (0x80) Aug 26 13:22:20.365083: | ESP IPsec Transform verified unconditionally; no alg_info to check against Aug 26 13:22:20.365084: | ****emit IPsec DOI SIT: Aug 26 13:22:20.365086: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) Aug 26 13:22:20.365088: | ****emit ISAKMP Proposal Payload: Aug 26 13:22:20.365089: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:20.365091: | proposal number: 0 (0x0) Aug 26 13:22:20.365092: | protocol ID: PROTO_IPSEC_ESP (0x3) Aug 26 13:22:20.365094: | SPI size: 4 (0x4) Aug 26 13:22:20.365095: | number of transforms: 1 (0x1) Aug 26 13:22:20.365097: | last substructure: saving location 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' Aug 26 13:22:20.365110: | netlink_get_spi: allocated 0x1de30b97 for esp.0@192.1.2.23 Aug 26 13:22:20.365113: | emitting 4 raw bytes of SPI into ISAKMP Proposal Payload Aug 26 13:22:20.365114: | SPI 1d e3 0b 97 Aug 26 13:22:20.365116: | *****emit ISAKMP Transform Payload (ESP): Aug 26 13:22:20.365118: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:20.365119: | ESP transform number: 0 (0x0) Aug 26 13:22:20.365121: | ESP transform ID: ESP_AES (0xc) Aug 26 13:22:20.365122: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' Aug 26 13:22:20.365124: | emitting 24 raw bytes of attributes into ISAKMP Transform Payload (ESP) Aug 26 13:22:20.365126: | attributes 80 03 00 0e 80 04 00 01 80 01 00 01 80 02 70 80 Aug 26 13:22:20.365128: | attributes 80 05 00 02 80 06 00 80 Aug 26 13:22:20.365129: | emitting length of ISAKMP Transform Payload (ESP): 32 Aug 26 13:22:20.365131: | emitting length of ISAKMP Proposal Payload: 44 Aug 26 13:22:20.365132: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' is 0 Aug 26 13:22:20.365135: | emitting length of ISAKMP Security Association Payload: 56 Aug 26 13:22:20.365137: | last substructure: checking 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' is 0 Aug 26 13:22:20.365140: "northnet-eastnets/0x1" #4: responding to Quick Mode proposal {msgid:550e82c8} Aug 26 13:22:20.365148: "northnet-eastnets/0x1" #4: us: 192.0.2.0/24===192.1.2.23<192.1.2.23>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org] Aug 26 13:22:20.365153: "northnet-eastnets/0x1" #4: them: 192.1.3.33<192.1.3.33>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org]===192.0.3.0/24 Aug 26 13:22:20.365155: | ***emit ISAKMP Nonce Payload: Aug 26 13:22:20.365157: | next payload type: ISAKMP_NEXT_KE (0x4) Aug 26 13:22:20.365158: | next payload chain: ignoring supplied 'ISAKMP Nonce Payload'.'next payload type' value 4:ISAKMP_NEXT_KE Aug 26 13:22:20.365161: | next payload chain: setting previous 'ISAKMP Security Association Payload'.'next payload type' to current ISAKMP Nonce Payload (10:ISAKMP_NEXT_NONCE) Aug 26 13:22:20.365162: | next payload chain: saving location 'ISAKMP Nonce Payload'.'next payload type' in 'reply packet' Aug 26 13:22:20.365164: | emitting 32 raw bytes of Nr into ISAKMP Nonce Payload Aug 26 13:22:20.365166: | Nr 03 98 68 02 75 37 0f 63 ca 9a c9 8b 2b d6 0b 6b Aug 26 13:22:20.365167: | Nr 9d 3f e4 d9 8e a3 33 33 ea 9c 1a 1e aa ba fb 74 Aug 26 13:22:20.365169: | emitting length of ISAKMP Nonce Payload: 36 Aug 26 13:22:20.365170: | ***emit ISAKMP Key Exchange Payload: Aug 26 13:22:20.365172: | next payload type: ISAKMP_NEXT_ID (0x5) Aug 26 13:22:20.365174: | next payload chain: ignoring supplied 'ISAKMP Key Exchange Payload'.'next payload type' value 5:ISAKMP_NEXT_ID Aug 26 13:22:20.365176: | next payload chain: setting previous 'ISAKMP Nonce Payload'.'next payload type' to current ISAKMP Key Exchange Payload (4:ISAKMP_NEXT_KE) Aug 26 13:22:20.365177: | next payload chain: saving location 'ISAKMP Key Exchange Payload'.'next payload type' in 'reply packet' Aug 26 13:22:20.365179: | emitting 256 raw bytes of keyex value into ISAKMP Key Exchange Payload Aug 26 13:22:20.365181: | keyex value f9 eb ce 25 4f aa 48 1e 1f 77 10 ed c0 19 0d 67 Aug 26 13:22:20.365182: | keyex value 1a 0a c1 88 ff 59 2e 18 10 ff e9 c9 2d a2 3b b9 Aug 26 13:22:20.365184: | keyex value bb c1 bb 20 42 c4 0c 6a 6c 02 13 6e ba 24 d0 10 Aug 26 13:22:20.365185: | keyex value 29 fd 97 89 b7 d0 ff 2e ed 02 b7 c9 54 71 07 ee Aug 26 13:22:20.365187: | keyex value 2d 4d 7d b1 90 a1 e6 7c fa 77 b2 bd c0 07 9a 14 Aug 26 13:22:20.365188: | keyex value 95 d1 44 f2 84 7a c4 bc 86 59 c4 67 3e 85 81 7d Aug 26 13:22:20.365190: | keyex value 3c 1c ea f9 bf d9 86 a8 9c 02 ad 39 0b fd ca 75 Aug 26 13:22:20.365191: | keyex value 77 38 eb 17 aa 46 b0 9a 1a f2 45 49 bd e3 0c 15 Aug 26 13:22:20.365192: | keyex value ff c3 4d 16 d1 bd 10 8c be 0c 2e ca e2 9f 56 51 Aug 26 13:22:20.365194: | keyex value 05 be d3 c6 14 08 0e c3 56 be 33 da 33 01 ad 31 Aug 26 13:22:20.365195: | keyex value 58 6b 12 15 03 1c 07 79 54 5f 70 d4 e1 85 5c 18 Aug 26 13:22:20.365197: | keyex value d5 ae 6d 21 08 28 31 93 5a 7f e4 94 68 67 74 65 Aug 26 13:22:20.365198: | keyex value 4b d6 7f 4c 8d b2 08 05 2e b7 c6 3f 28 b1 07 2c Aug 26 13:22:20.365200: | keyex value 16 ba 3f ef f4 1c f3 2d c8 50 7f 5a 44 f8 80 41 Aug 26 13:22:20.365201: | keyex value e1 7c 1b 6d b6 82 3b 8d 4f 79 43 5f 5e af 32 af Aug 26 13:22:20.365203: | keyex value d7 70 df e5 24 8c 12 7b 3f 9c 35 4b ec 1d 4d 55 Aug 26 13:22:20.365204: | emitting length of ISAKMP Key Exchange Payload: 260 Aug 26 13:22:20.365206: | ***emit ISAKMP Identification Payload (IPsec DOI): Aug 26 13:22:20.365207: | next payload type: ISAKMP_NEXT_ID (0x5) Aug 26 13:22:20.365209: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Aug 26 13:22:20.365211: | Protocol ID: 0 (0x0) Aug 26 13:22:20.365213: | port: 0 (0x0) Aug 26 13:22:20.365215: | next payload chain: ignoring supplied 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' value 5:ISAKMP_NEXT_ID Aug 26 13:22:20.365217: | next payload chain: setting previous 'ISAKMP Key Exchange Payload'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) Aug 26 13:22:20.365219: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' Aug 26 13:22:20.365221: | emitting 8 raw bytes of ID body into ISAKMP Identification Payload (IPsec DOI) Aug 26 13:22:20.365222: | ID body c0 00 03 00 ff ff ff 00 Aug 26 13:22:20.365224: | emitting length of ISAKMP Identification Payload (IPsec DOI): 16 Aug 26 13:22:20.365225: | ***emit ISAKMP Identification Payload (IPsec DOI): Aug 26 13:22:20.365227: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:20.365228: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Aug 26 13:22:20.365230: | Protocol ID: 0 (0x0) Aug 26 13:22:20.365231: | port: 0 (0x0) Aug 26 13:22:20.365233: | next payload chain: setting previous 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) Aug 26 13:22:20.365235: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' Aug 26 13:22:20.365236: | emitting 8 raw bytes of ID body into ISAKMP Identification Payload (IPsec DOI) Aug 26 13:22:20.365238: | ID body c0 00 02 00 ff ff ff 00 Aug 26 13:22:20.365239: | emitting length of ISAKMP Identification Payload (IPsec DOI): 16 Aug 26 13:22:20.365259: | quick inR1 outI2 HASH(2): Aug 26 13:22:20.365261: | 3d 8d 9e 1f 6f d3 c7 44 85 8e d6 aa 67 4a 74 6a Aug 26 13:22:20.365263: | 0e 43 f1 8b ea a5 f9 ab 5c 70 5e 59 e5 ce 63 46 Aug 26 13:22:20.365265: | compute_proto_keymat: needed_len (after ESP enc)=16 Aug 26 13:22:20.365266: | compute_proto_keymat: needed_len (after ESP auth)=36 Aug 26 13:22:20.365381: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:22:20.365387: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Aug 26 13:22:20.365389: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Aug 26 13:22:20.365391: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Aug 26 13:22:20.365393: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Aug 26 13:22:20.365395: | route owner of "northnet-eastnets/0x1" erouted: self Aug 26 13:22:20.365397: | install_inbound_ipsec_sa() checking if we can route Aug 26 13:22:20.365399: | could_route called for northnet-eastnets/0x1 (kind=CK_PERMANENT) Aug 26 13:22:20.365400: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:22:20.365402: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Aug 26 13:22:20.365403: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Aug 26 13:22:20.365405: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Aug 26 13:22:20.365407: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Aug 26 13:22:20.365409: | route owner of "northnet-eastnets/0x1" erouted: self; eroute owner: self Aug 26 13:22:20.365411: | routing is easy, or has resolvable near-conflict Aug 26 13:22:20.365412: | checking if this is a replacement state Aug 26 13:22:20.365414: | st=0x555fbaf3f178 ost=0x555fbaf2d968 st->serialno=#4 ost->serialno=#2 Aug 26 13:22:20.365416: "northnet-eastnets/0x1" #4: keeping refhim=0 during rekey Aug 26 13:22:20.365417: | installing outgoing SA now as refhim=0 Aug 26 13:22:20.365420: | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 Aug 26 13:22:20.365423: | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 Aug 26 13:22:20.365424: | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 Aug 26 13:22:20.365427: | setting IPsec SA replay-window to 32 Aug 26 13:22:20.365429: | NIC esp-hw-offload not for connection 'northnet-eastnets/0x1' not available on interface eth1 Aug 26 13:22:20.365431: | netlink: enabling tunnel mode Aug 26 13:22:20.365435: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 13:22:20.365437: | netlink: esp-hw-offload not set for IPsec SA Aug 26 13:22:20.365509: | netlink response for Add SA esp.6367355e@192.1.3.33 included non-error error Aug 26 13:22:20.365512: | outgoing SA has refhim=0 Aug 26 13:22:20.365514: | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 Aug 26 13:22:20.365517: | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 Aug 26 13:22:20.365524: | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 Aug 26 13:22:20.365528: | setting IPsec SA replay-window to 32 Aug 26 13:22:20.365531: | NIC esp-hw-offload not for connection 'northnet-eastnets/0x1' not available on interface eth1 Aug 26 13:22:20.365534: | netlink: enabling tunnel mode Aug 26 13:22:20.365537: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 13:22:20.365540: | netlink: esp-hw-offload not set for IPsec SA Aug 26 13:22:20.365578: | netlink response for Add SA esp.1de30b97@192.1.2.23 included non-error error Aug 26 13:22:20.365666: | emitting 12 zero bytes of encryption padding into ISAKMP Message Aug 26 13:22:20.365671: | no IKEv1 message padding required Aug 26 13:22:20.365675: | emitting length of ISAKMP Message: 460 Aug 26 13:22:20.365686: | finished processing quick inI1 Aug 26 13:22:20.365689: | complete v1 state transition with STF_OK Aug 26 13:22:20.365696: | [RE]START processing: state #4 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in complete_v1_state_transition() at ikev1.c:2673) Aug 26 13:22:20.365699: | #4 is idle Aug 26 13:22:20.365702: | doing_xauth:no, t_xauth_client_done:no Aug 26 13:22:20.365706: | IKEv1: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1 Aug 26 13:22:20.365711: | child state #4: QUICK_R0(established CHILD SA) => QUICK_R1(established CHILD SA) Aug 26 13:22:20.365714: | event_already_set, deleting event Aug 26 13:22:20.365730: | state #4 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:22:20.365734: | libevent_free: release ptr-libevent@0x555fbaf3c3a8 Aug 26 13:22:20.365737: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f4ec8004218 Aug 26 13:22:20.365744: | sending reply packet to 192.1.3.33:500 (from 192.1.2.23:500) Aug 26 13:22:20.365751: | sending 460 bytes for STATE_QUICK_R0 through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #4) Aug 26 13:22:20.365754: | ff 46 30 fd 82 4a 54 6b d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:20.365757: | 08 10 20 01 55 0e 82 c8 00 00 01 cc b4 c4 64 49 Aug 26 13:22:20.365760: | 37 a3 0a 27 77 88 1f a7 d2 00 50 b0 c7 a8 f7 47 Aug 26 13:22:20.365763: | 50 8f ce 39 f0 d2 76 02 91 48 85 f3 b7 ea f6 de Aug 26 13:22:20.365766: | 44 45 32 ae db a2 e5 6e 45 d3 6b a2 d7 13 80 27 Aug 26 13:22:20.365769: | a8 5c 50 8c 32 5f 00 dc 29 99 e8 18 df ab a1 d7 Aug 26 13:22:20.365771: | 7b 57 6e 1e ee 41 76 08 dd af 65 23 35 b1 32 e4 Aug 26 13:22:20.365774: | 0d 5a c6 84 94 e2 26 69 b3 61 4c ee 68 3a dd 6f Aug 26 13:22:20.365778: | 6d 30 82 3f 75 a4 16 ef 75 bf a3 9a b6 bf f8 f3 Aug 26 13:22:20.365781: | 62 b8 b3 34 31 6d 43 ce d2 35 d9 3e bc 05 fe 89 Aug 26 13:22:20.365784: | 4c b0 64 ab ed d6 ed e6 5e 92 3a 2c 66 bc db 1b Aug 26 13:22:20.365786: | 5c c8 45 a6 c5 b1 54 25 c7 f6 84 c7 c1 3f 1b 83 Aug 26 13:22:20.365789: | f8 5f 5e 95 63 84 34 26 46 c3 7f 3e 95 3a 3b c2 Aug 26 13:22:20.365792: | 26 72 67 f9 ab 9a a8 3c ed a2 57 f4 9b 3c 7c 29 Aug 26 13:22:20.365795: | e2 74 9b 1f 23 d1 ef bd 2c c9 37 66 e0 6e 5f 63 Aug 26 13:22:20.365798: | 9f 3d e0 b3 f5 e3 d7 e6 18 c6 be 54 89 c7 56 6a Aug 26 13:22:20.365801: | e0 ee 03 db af 0e 9f 27 5f 17 8c 20 25 3a b5 92 Aug 26 13:22:20.365804: | 59 a2 27 23 f5 44 68 7b bb 3f 7f 81 07 35 81 f4 Aug 26 13:22:20.365806: | 89 f1 e1 9d 36 49 73 d5 ce a8 58 7b 1e 56 8c 1f Aug 26 13:22:20.365809: | 07 2b 21 eb 18 9d db 22 1e e6 da c1 12 33 28 e4 Aug 26 13:22:20.365812: | a2 d2 13 7b 69 5a 87 97 fb 27 98 69 e6 bf 32 be Aug 26 13:22:20.365816: | 39 26 b0 fa d2 50 a8 1f 64 c7 c6 bf e0 a9 c4 27 Aug 26 13:22:20.365819: | 8f 65 5d 3e 47 35 ee 45 0f cb 54 b1 8a 9c c0 2b Aug 26 13:22:20.365822: | b0 1d c0 3b e8 f9 4d f1 63 a5 ae c5 c2 2c fc c5 Aug 26 13:22:20.365825: | f8 8b 77 56 15 7b 63 43 60 77 56 2a e1 bf af bd Aug 26 13:22:20.365828: | cd eb ad 67 dd 85 c9 85 85 f4 26 7a c6 a6 77 e4 Aug 26 13:22:20.365831: | e6 1d a9 f2 d8 83 cd bb ab 03 04 cb d2 54 e4 18 Aug 26 13:22:20.365834: | 48 99 a3 b9 e1 3a 4c 7d 20 b7 2f fb 43 a4 94 77 Aug 26 13:22:20.365837: | 02 5c 93 70 79 6a 2d 13 98 d2 07 7a Aug 26 13:22:20.365862: | !event_already_set at reschedule Aug 26 13:22:20.365881: | event_schedule: new EVENT_RETRANSMIT-pe@0x7f4ec8004218 Aug 26 13:22:20.365884: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #4 Aug 26 13:22:20.365886: | libevent_malloc: new ptr-libevent@0x7f4eb8002888 size 128 Aug 26 13:22:20.365889: | #4 STATE_QUICK_R1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 11026.108347 Aug 26 13:22:20.365891: | pstats #4 ikev1.ipsec established Aug 26 13:22:20.365894: | NAT-T: encaps is 'auto' Aug 26 13:22:20.365897: "northnet-eastnets/0x1" #4: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2 tunnel mode {ESP=>0x6367355e <0x1de30b97 xfrm=AES_CBC_128-HMAC_SHA1_96 NATOA=none NATD=none DPD=passive} Aug 26 13:22:20.365899: | modecfg pull: noquirk policy:push not-client Aug 26 13:22:20.365901: | phase 1 is done, looking for phase 2 to unpend Aug 26 13:22:20.365903: | resume sending helper answer for #4 suppresed complete_v1_state_transition() Aug 26 13:22:20.365907: | #4 spent 0.933 milliseconds in resume sending helper answer Aug 26 13:22:20.365910: | stop processing: state #4 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in resume_handler() at server.c:833) Aug 26 13:22:20.365913: | libevent_free: release ptr-libevent@0x7f4ecc0027d8 Aug 26 13:22:20.374858: | spent 0.00226 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:22:20.374875: | *received 76 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) Aug 26 13:22:20.374877: | ff 46 30 fd 82 4a 54 6b d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:20.374879: | 08 10 20 01 55 0e 82 c8 00 00 00 4c 2b 50 cf e7 Aug 26 13:22:20.374881: | 04 5e b4 ab a6 7e 00 8c 97 e1 a3 2e 54 37 c8 c0 Aug 26 13:22:20.374882: | 10 7c d1 e6 bb 7f b0 ee e1 ea a1 00 bf cd d2 aa Aug 26 13:22:20.374884: | 11 ef 1a d3 2a e8 87 49 b7 07 35 01 Aug 26 13:22:20.374887: | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) Aug 26 13:22:20.374889: | **parse ISAKMP Message: Aug 26 13:22:20.374891: | initiator cookie: Aug 26 13:22:20.374892: | ff 46 30 fd 82 4a 54 6b Aug 26 13:22:20.374894: | responder cookie: Aug 26 13:22:20.374895: | d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:20.374897: | next payload type: ISAKMP_NEXT_HASH (0x8) Aug 26 13:22:20.374899: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 13:22:20.374901: | exchange type: ISAKMP_XCHG_QUICK (0x20) Aug 26 13:22:20.374903: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 13:22:20.374904: | Message ID: 1427014344 (0x550e82c8) Aug 26 13:22:20.374906: | length: 76 (0x4c) Aug 26 13:22:20.374908: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32) Aug 26 13:22:20.374910: | State DB: found IKEv1 state #4 in QUICK_R1 (find_state_ikev1) Aug 26 13:22:20.374926: | start processing: state #4 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in process_v1_packet() at ikev1.c:1633) Aug 26 13:22:20.374928: | #4 is idle Aug 26 13:22:20.374930: | #4 idle Aug 26 13:22:20.374932: | received encrypted packet from 192.1.3.33:500 Aug 26 13:22:20.374942: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x100 opt: 0x0 Aug 26 13:22:20.374944: | ***parse ISAKMP Hash Payload: Aug 26 13:22:20.374946: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:20.374947: | length: 36 (0x24) Aug 26 13:22:20.374951: | removing 12 bytes of padding Aug 26 13:22:20.374965: | quick_inI2 HASH(3): Aug 26 13:22:20.374967: | ab e9 04 b6 b7 46 62 b7 3f 7b 03 b8 fb 74 da 53 Aug 26 13:22:20.374968: | f3 5c a8 61 d4 85 1d 15 21 61 05 7a 75 06 7c 9f Aug 26 13:22:20.374970: | received 'quick_inI2' message HASH(3) data ok Aug 26 13:22:20.374974: | install_ipsec_sa() for #4: outbound only Aug 26 13:22:20.374976: | could_route called for northnet-eastnets/0x1 (kind=CK_PERMANENT) Aug 26 13:22:20.374977: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:22:20.374979: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Aug 26 13:22:20.374981: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Aug 26 13:22:20.374983: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Aug 26 13:22:20.374985: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Aug 26 13:22:20.374988: | route owner of "northnet-eastnets/0x1" erouted: self; eroute owner: self Aug 26 13:22:20.374989: | sr for #4: erouted Aug 26 13:22:20.374991: | route_and_eroute() for proto 0, and source port 0 dest port 0 Aug 26 13:22:20.374993: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:22:20.374994: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Aug 26 13:22:20.374996: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Aug 26 13:22:20.374998: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Aug 26 13:22:20.374999: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Aug 26 13:22:20.375001: | route owner of "northnet-eastnets/0x1" erouted: self; eroute owner: self Aug 26 13:22:20.375004: | route_and_eroute with c: northnet-eastnets/0x1 (next: none) ero:northnet-eastnets/0x1 esr:{(nil)} ro:northnet-eastnets/0x1 rosr:{(nil)} and state: #4 Aug 26 13:22:20.375006: | priority calculation of connection "northnet-eastnets/0x1" is 0xfe7e7 Aug 26 13:22:20.375011: | eroute_connection replace eroute 192.0.2.0/24:0 --0-> 192.0.3.0/24:0 => tun.0@192.1.3.33>tun.0@192.1.3.33 (raw_eroute) Aug 26 13:22:20.375013: | IPsec Sa SPD priority set to 1042407 Aug 26 13:22:20.375045: | raw_eroute result=success Aug 26 13:22:20.375048: | route_and_eroute: firewall_notified: true Aug 26 13:22:20.375050: | route_and_eroute: instance "northnet-eastnets/0x1", setting eroute_owner {spd=0x555fbaf18f58,sr=0x555fbaf18f58} to #4 (was #2) (newest_ipsec_sa=#2) Aug 26 13:22:20.375055: | #1 spent 0.0792 milliseconds in install_ipsec_sa() Aug 26 13:22:20.375060: | inI2: instance northnet-eastnets/0x1[0], setting IKEv1 newest_ipsec_sa to #4 (was #2) (spd.eroute=#4) cloned from #1 Aug 26 13:22:20.375075: | DPD: dpd_init() called on IPsec SA Aug 26 13:22:20.375078: | DPD: Peer does not support Dead Peer Detection Aug 26 13:22:20.375081: | complete v1 state transition with STF_OK Aug 26 13:22:20.375087: | [RE]START processing: state #4 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in complete_v1_state_transition() at ikev1.c:2673) Aug 26 13:22:20.375090: | #4 is idle Aug 26 13:22:20.375093: | doing_xauth:no, t_xauth_client_done:no Aug 26 13:22:20.375109: | IKEv1: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2 Aug 26 13:22:20.375113: | child state #4: QUICK_R1(established CHILD SA) => QUICK_R2(established CHILD SA) Aug 26 13:22:20.375116: | event_already_set, deleting event Aug 26 13:22:20.375120: | state #4 requesting EVENT_RETRANSMIT to be deleted Aug 26 13:22:20.375123: | #4 STATE_QUICK_R2: retransmits: cleared Aug 26 13:22:20.375127: | libevent_free: release ptr-libevent@0x7f4eb8002888 Aug 26 13:22:20.375131: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f4ec8004218 Aug 26 13:22:20.375135: | !event_already_set at reschedule Aug 26 13:22:20.375138: | event_schedule: new EVENT_SA_REPLACE-pe@0x7f4ec8004218 Aug 26 13:22:20.375143: | inserting event EVENT_SA_REPLACE, timeout in 28530 seconds for #4 Aug 26 13:22:20.375147: | libevent_malloc: new ptr-libevent@0x7f4ecc0027d8 size 128 Aug 26 13:22:20.375150: | pstats #4 ikev1.ipsec established Aug 26 13:22:20.375153: | NAT-T: encaps is 'auto' Aug 26 13:22:20.375156: "northnet-eastnets/0x1" #4: STATE_QUICK_R2: IPsec SA established tunnel mode {ESP=>0x6367355e <0x1de30b97 xfrm=AES_CBC_128-HMAC_SHA1_96 NATOA=none NATD=none DPD=passive} Aug 26 13:22:20.375160: | modecfg pull: noquirk policy:push not-client Aug 26 13:22:20.375161: | phase 1 is done, looking for phase 2 to unpend Aug 26 13:22:20.375164: | #4 spent 0.191 milliseconds in process_packet_tail() Aug 26 13:22:20.375167: | stop processing: from 192.1.3.33:500 (BACKGROUND) (in process_md() at demux.c:380) Aug 26 13:22:20.375170: | stop processing: state #4 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in process_md() at demux.c:382) Aug 26 13:22:20.375172: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:22:20.375175: | spent 0.307 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:22:22.540920: | spent 0.00447 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:22:22.540955: | *received 476 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) Aug 26 13:22:22.540960: | ff 46 30 fd 82 4a 54 6b d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:22.540963: | 08 10 20 01 17 ff 60 cc 00 00 01 dc aa f2 c2 87 Aug 26 13:22:22.540966: | 63 4d 62 af 5c 4e f9 3c 2e 43 28 18 11 e3 58 72 Aug 26 13:22:22.540968: | ae 94 b1 01 a0 c5 7e fe 21 c8 e3 c5 af 34 2f f8 Aug 26 13:22:22.540971: | d7 71 d2 6d dc 35 34 08 45 c0 54 7f d0 f6 68 a3 Aug 26 13:22:22.540973: | e8 74 ed 16 69 45 5b f0 33 8e 51 a4 df 94 7c b1 Aug 26 13:22:22.540976: | 5e 49 51 2a a9 00 17 6b f6 86 bc 11 9d 05 00 96 Aug 26 13:22:22.540978: | e7 98 4a 4f 51 16 87 17 f9 71 1c df ce c3 88 4d Aug 26 13:22:22.540981: | fa 99 64 c0 9c ca ad a6 71 63 a1 e8 3b e8 e9 5c Aug 26 13:22:22.540983: | bd b2 5d 61 ec d5 ca 4e e1 47 5f 05 17 fd 09 e2 Aug 26 13:22:22.540986: | 3f 76 34 fe 77 ad 7a 9c d9 d4 49 5d 6c 3a ce ee Aug 26 13:22:22.540989: | 65 75 61 78 c0 e9 c0 da 61 3d 98 a6 c9 9a c2 bf Aug 26 13:22:22.540991: | 65 8e b6 26 f3 ef 4e 4d 9f 85 9d c0 79 05 7d 78 Aug 26 13:22:22.540994: | 8d 7c d3 e1 34 17 91 a2 cd fc 1a f4 ca af 5d 47 Aug 26 13:22:22.540996: | 19 b8 63 8b 2f c9 67 da 42 e9 fb 85 6d a6 72 a7 Aug 26 13:22:22.540999: | aa 13 82 fd 5b 43 5d 74 1f 63 90 53 83 ea 53 7a Aug 26 13:22:22.541001: | d3 36 21 42 7c 12 a5 3a 5b f5 c2 b3 dd 88 db 02 Aug 26 13:22:22.541004: | 57 6d a8 a4 f7 b0 fc c8 3d f7 15 b3 fe 85 6a 95 Aug 26 13:22:22.541006: | d9 e6 71 3e 8b 57 7d 89 2b e0 51 16 39 a3 51 37 Aug 26 13:22:22.541009: | 00 56 59 ac a5 2a d2 8e 89 4d 14 50 c7 78 09 86 Aug 26 13:22:22.541012: | f0 7e 87 6a 39 9d 85 b2 fa be d1 07 86 0c c9 79 Aug 26 13:22:22.541014: | fb 4b 4d a5 9a d5 0c 78 2b f8 3f 2a 29 c1 05 c3 Aug 26 13:22:22.541017: | ba 2a e9 a7 04 f7 ba 7c 75 ca 15 d2 49 b7 8d f1 Aug 26 13:22:22.541019: | 19 ac 02 26 35 13 af 2e 67 f6 83 19 a1 14 8e 2d Aug 26 13:22:22.541022: | 0a b9 a3 60 7f 03 02 55 85 4d a6 d0 08 96 78 45 Aug 26 13:22:22.541024: | 72 1b b4 fe 48 49 f4 c9 4c e6 8e 6c 73 e6 41 ad Aug 26 13:22:22.541027: | 0c f8 f7 2c 6b fa 48 ae 01 b5 96 50 e5 92 0f 47 Aug 26 13:22:22.541029: | 99 55 e8 9d e2 b4 c0 0e ac 25 08 ac 0d f1 e5 90 Aug 26 13:22:22.541032: | 48 33 86 c7 4b 8c 41 19 21 24 a4 f0 13 3a b1 27 Aug 26 13:22:22.541034: | fd a1 3f d0 13 2d 38 59 c8 1d ee b2 Aug 26 13:22:22.541040: | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) Aug 26 13:22:22.541044: | **parse ISAKMP Message: Aug 26 13:22:22.541047: | initiator cookie: Aug 26 13:22:22.541050: | ff 46 30 fd 82 4a 54 6b Aug 26 13:22:22.541053: | responder cookie: Aug 26 13:22:22.541055: | d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:22.541059: | next payload type: ISAKMP_NEXT_HASH (0x8) Aug 26 13:22:22.541062: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 13:22:22.541065: | exchange type: ISAKMP_XCHG_QUICK (0x20) Aug 26 13:22:22.541069: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 13:22:22.541072: | Message ID: 402612428 (0x17ff60cc) Aug 26 13:22:22.541075: | length: 476 (0x1dc) Aug 26 13:22:22.541082: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32) Aug 26 13:22:22.541087: | State DB: IKEv1 state not found (find_state_ikev1) Aug 26 13:22:22.541091: | State DB: found IKEv1 state #1 in MAIN_R3 (find_state_ikev1) Aug 26 13:22:22.541098: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in process_v1_packet() at ikev1.c:1607) Aug 26 13:22:22.541123: | #1 is idle Aug 26 13:22:22.541127: | #1 idle Aug 26 13:22:22.541131: | received encrypted packet from 192.1.3.33:500 Aug 26 13:22:22.541146: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x502 opt: 0x200030 Aug 26 13:22:22.541150: | ***parse ISAKMP Hash Payload: Aug 26 13:22:22.541153: | next payload type: ISAKMP_NEXT_SA (0x1) Aug 26 13:22:22.541156: | length: 36 (0x24) Aug 26 13:22:22.541159: | got payload 0x2 (ISAKMP_NEXT_SA) needed: 0x402 opt: 0x200030 Aug 26 13:22:22.541163: | ***parse ISAKMP Security Association Payload: Aug 26 13:22:22.541166: | next payload type: ISAKMP_NEXT_NONCE (0xa) Aug 26 13:22:22.541168: | length: 84 (0x54) Aug 26 13:22:22.541171: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 13:22:22.541174: | got payload 0x400 (ISAKMP_NEXT_NONCE) needed: 0x400 opt: 0x200030 Aug 26 13:22:22.541177: | ***parse ISAKMP Nonce Payload: Aug 26 13:22:22.541180: | next payload type: ISAKMP_NEXT_KE (0x4) Aug 26 13:22:22.541182: | length: 36 (0x24) Aug 26 13:22:22.541186: | got payload 0x10 (ISAKMP_NEXT_KE) needed: 0x0 opt: 0x200030 Aug 26 13:22:22.541188: | ***parse ISAKMP Key Exchange Payload: Aug 26 13:22:22.541191: | next payload type: ISAKMP_NEXT_ID (0x5) Aug 26 13:22:22.541194: | length: 260 (0x104) Aug 26 13:22:22.541197: | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030 Aug 26 13:22:22.541200: | ***parse ISAKMP Identification Payload (IPsec DOI): Aug 26 13:22:22.541202: | next payload type: ISAKMP_NEXT_ID (0x5) Aug 26 13:22:22.541205: | length: 16 (0x10) Aug 26 13:22:22.541208: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Aug 26 13:22:22.541211: | Protocol ID: 0 (0x0) Aug 26 13:22:22.541213: | port: 0 (0x0) Aug 26 13:22:22.541216: | obj: c0 00 03 00 ff ff ff 00 Aug 26 13:22:22.541219: | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030 Aug 26 13:22:22.541222: | ***parse ISAKMP Identification Payload (IPsec DOI): Aug 26 13:22:22.541225: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:22.541227: | length: 16 (0x10) Aug 26 13:22:22.541230: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Aug 26 13:22:22.541233: | Protocol ID: 0 (0x0) Aug 26 13:22:22.541235: | port: 0 (0x0) Aug 26 13:22:22.541238: | obj: c0 00 16 00 ff ff ff 00 Aug 26 13:22:22.541271: | quick_inI1_outR1 HASH(1): Aug 26 13:22:22.541276: | 06 fa f4 a1 af 71 53 b9 0a 62 16 9d e9 61 7e 68 Aug 26 13:22:22.541278: | 0d 59 cd 88 e7 0e 03 fb 5e 3c cc 36 5b 07 f5 9e Aug 26 13:22:22.541281: | received 'quick_inI1_outR1' message HASH(1) data ok Aug 26 13:22:22.541287: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address Aug 26 13:22:22.541302: | ID address c0 00 03 00 Aug 26 13:22:22.541306: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID mask Aug 26 13:22:22.541308: | ID mask ff ff ff 00 Aug 26 13:22:22.541314: | peer client is subnet 192.0.3.0/24 Aug 26 13:22:22.541317: | peer client protocol/port is 0/0 Aug 26 13:22:22.541320: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address Aug 26 13:22:22.541323: | ID address c0 00 16 00 Aug 26 13:22:22.541325: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID mask Aug 26 13:22:22.541328: | ID mask ff ff ff 00 Aug 26 13:22:22.541332: | our client is subnet 192.0.22.0/24 Aug 26 13:22:22.541335: | our client protocol/port is 0/0 Aug 26 13:22:22.541340: "northnet-eastnets/0x2" #1: the peer proposed: 192.0.22.0/24:0/0 -> 192.0.3.0/24:0/0 Aug 26 13:22:22.541345: | find_client_connection starting with northnet-eastnets/0x2 Aug 26 13:22:22.541349: | looking for 192.0.22.0/24:0/0 -> 192.0.3.0/24:0/0 Aug 26 13:22:22.541357: | concrete checking against sr#0 192.0.22.0/24 -> 192.0.3.0/24 Aug 26 13:22:22.541361: | client wildcard: no port wildcard: no virtual: no Aug 26 13:22:22.541366: | creating state object #5 at 0x555fbaf2e458 Aug 26 13:22:22.541370: | State DB: adding IKEv1 state #5 in UNDEFINED Aug 26 13:22:22.541374: | pstats #5 ikev1.ipsec started Aug 26 13:22:22.541378: | duplicating state object #1 "northnet-eastnets/0x2" as #5 for IPSEC SA Aug 26 13:22:22.541383: | #5 setting local endpoint to 192.1.2.23:500 from #1.st_localport (in duplicate_state() at state.c:1484) Aug 26 13:22:22.541390: | suspend processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in quick_inI1_outR1_tail() at ikev1_quick.c:1295) Aug 26 13:22:22.541394: | start processing: state #5 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in quick_inI1_outR1_tail() at ikev1_quick.c:1295) Aug 26 13:22:22.541398: | child state #5: UNDEFINED(ignore) => QUICK_R0(established CHILD SA) Aug 26 13:22:22.541402: | ****parse IPsec DOI SIT: Aug 26 13:22:22.541406: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) Aug 26 13:22:22.541410: | ****parse ISAKMP Proposal Payload: Aug 26 13:22:22.541413: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:22.541415: | length: 72 (0x48) Aug 26 13:22:22.541418: | proposal number: 0 (0x0) Aug 26 13:22:22.541421: | protocol ID: PROTO_IPSEC_ESP (0x3) Aug 26 13:22:22.541424: | SPI size: 4 (0x4) Aug 26 13:22:22.541426: | number of transforms: 2 (0x2) Aug 26 13:22:22.541429: | parsing 4 raw bytes of ISAKMP Proposal Payload into SPI Aug 26 13:22:22.541432: | SPI dc d5 9a 6b Aug 26 13:22:22.541436: | *****parse ISAKMP Transform Payload (ESP): Aug 26 13:22:22.541438: | next payload type: ISAKMP_NEXT_T (0x3) Aug 26 13:22:22.541441: | length: 32 (0x20) Aug 26 13:22:22.541444: | ESP transform number: 0 (0x0) Aug 26 13:22:22.541447: | ESP transform ID: ESP_AES (0xc) Aug 26 13:22:22.541451: | ******parse ISAKMP IPsec DOI attribute: Aug 26 13:22:22.541454: | af+type: AF+GROUP_DESCRIPTION (0x8003) Aug 26 13:22:22.541457: | length/value: 14 (0xe) Aug 26 13:22:22.541460: | [14 is OAKLEY_GROUP_MODP2048] Aug 26 13:22:22.541463: | ******parse ISAKMP IPsec DOI attribute: Aug 26 13:22:22.541466: | af+type: AF+ENCAPSULATION_MODE (0x8004) Aug 26 13:22:22.541469: | length/value: 1 (0x1) Aug 26 13:22:22.541472: | [1 is ENCAPSULATION_MODE_TUNNEL] Aug 26 13:22:22.541475: | NAT-T non-encap: Installing IPsec SA without ENCAP, st->hidden_variables.st_nat_traversal is none Aug 26 13:22:22.541478: | ******parse ISAKMP IPsec DOI attribute: Aug 26 13:22:22.541481: | af+type: AF+SA_LIFE_TYPE (0x8001) Aug 26 13:22:22.541483: | length/value: 1 (0x1) Aug 26 13:22:22.541486: | [1 is SA_LIFE_TYPE_SECONDS] Aug 26 13:22:22.541489: | ******parse ISAKMP IPsec DOI attribute: Aug 26 13:22:22.541491: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) Aug 26 13:22:22.541494: | length/value: 28800 (0x7080) Aug 26 13:22:22.541497: | ******parse ISAKMP IPsec DOI attribute: Aug 26 13:22:22.541500: | af+type: AF+AUTH_ALGORITHM (0x8005) Aug 26 13:22:22.541503: | length/value: 2 (0x2) Aug 26 13:22:22.541505: | [2 is AUTH_ALGORITHM_HMAC_SHA1] Aug 26 13:22:22.541508: | ******parse ISAKMP IPsec DOI attribute: Aug 26 13:22:22.541511: | af+type: AF+KEY_LENGTH (0x8006) Aug 26 13:22:22.541514: | length/value: 128 (0x80) Aug 26 13:22:22.541517: | ESP IPsec Transform verified unconditionally; no alg_info to check against Aug 26 13:22:22.541524: | adding quick_outI1 KE work-order 9 for state #5 Aug 26 13:22:22.541528: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f4eb8002b78 Aug 26 13:22:22.541532: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #5 Aug 26 13:22:22.541536: | libevent_malloc: new ptr-libevent@0x555fbaf3c3a8 size 128 Aug 26 13:22:22.541548: | complete v1 state transition with STF_SUSPEND Aug 26 13:22:22.541554: | [RE]START processing: state #5 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in complete_v1_state_transition() at ikev1.c:2648) Aug 26 13:22:22.541559: | suspending state #5 and saving MD Aug 26 13:22:22.541562: | #5 is busy; has a suspended MD Aug 26 13:22:22.541569: | #1 spent 0.275 milliseconds in process_packet_tail() Aug 26 13:22:22.541574: | stop processing: from 192.1.3.33:500 (BACKGROUND) (in process_md() at demux.c:380) Aug 26 13:22:22.541578: | stop processing: state #5 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in process_md() at demux.c:382) Aug 26 13:22:22.541582: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:22:22.541587: | spent 0.638 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:22:22.541597: | crypto helper 2 resuming Aug 26 13:22:22.541622: | crypto helper 2 starting work-order 9 for state #5 Aug 26 13:22:22.541598: | spent 0.00211 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:22:22.541630: | crypto helper 2 doing build KE and nonce (quick_outI1 KE); request ID 9 Aug 26 13:22:22.541656: | *received 476 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) Aug 26 13:22:22.541661: | ff 46 30 fd 82 4a 54 6b d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:22.541664: | 08 10 20 01 7d 20 6b 25 00 00 01 dc 06 da 19 89 Aug 26 13:22:22.541666: | 8a a9 73 2c 98 64 09 8e 3d 35 41 39 89 5a 06 99 Aug 26 13:22:22.541669: | b9 cf 99 2e b9 dc 87 6f e0 6c 86 d3 61 5b 0c 30 Aug 26 13:22:22.541672: | 7a 0b 3c 1a de 14 8b 23 eb d7 be 3e 19 dc ba e6 Aug 26 13:22:22.541674: | 1a 88 cd 3f fb 47 b9 ba 7a 1e 38 4a ff eb 10 ba Aug 26 13:22:22.541677: | 1e 7b 51 89 f0 b4 1b 9f 4d 55 52 5a d6 5b 7f 28 Aug 26 13:22:22.541679: | 18 0e ef c0 8b 3d 52 95 80 aa 1e a4 57 71 f4 4f Aug 26 13:22:22.541682: | 52 53 2b 59 7a 8a 25 c9 44 df 7c 4c 8e 4f 93 8f Aug 26 13:22:22.541685: | cf 98 54 bb 0c ce ce bc c7 fa c9 5e 21 dc b2 34 Aug 26 13:22:22.541687: | 22 ca 14 84 84 38 d1 42 ae ea d9 7a 51 99 dd e2 Aug 26 13:22:22.541690: | 48 d0 47 e0 a8 41 db c7 0b 76 70 ce c2 6c 6d 10 Aug 26 13:22:22.541692: | e8 07 4c ce 8c 4a a1 13 34 f3 55 2c 94 d1 3a eb Aug 26 13:22:22.541695: | bb 10 c2 bc b0 f2 41 00 f4 40 fb 25 c0 37 fc fe Aug 26 13:22:22.541697: | a3 be ad 88 e9 ef 44 12 bc b1 c8 0a d2 e0 79 e9 Aug 26 13:22:22.541700: | 7f ec 40 6c a9 a4 56 95 e8 02 cd 6c c1 ad d7 e2 Aug 26 13:22:22.541702: | 6b a0 29 48 2e 7c cc e6 55 b0 ac ee 47 6c a1 92 Aug 26 13:22:22.541705: | 32 79 ca 7e 39 53 c4 50 64 65 65 43 19 9a 7e 71 Aug 26 13:22:22.541708: | 9d 77 19 d7 11 34 9f 3e c4 96 b5 e7 ac d0 07 c7 Aug 26 13:22:22.541710: | b9 3e c0 7e a3 9b 01 f5 b7 2d ee 27 c6 9a e6 b9 Aug 26 13:22:22.541713: | 50 77 67 09 de 58 eb 77 b5 39 e4 7c 37 ff 34 05 Aug 26 13:22:22.541715: | e3 a2 3b 9e b3 74 1b 39 4b 02 25 cf 27 29 cc 35 Aug 26 13:22:22.541718: | 09 1e 53 36 e6 ac f5 61 9d 67 8d 66 b7 4c 07 c7 Aug 26 13:22:22.541720: | 84 37 4b 97 96 0f 9f d9 fb 91 70 de 96 80 52 a9 Aug 26 13:22:22.541723: | 4a 02 48 62 9f 10 51 31 7e a0 4f 67 db aa af 32 Aug 26 13:22:22.541725: | 8f e8 ec 00 0f e8 0f 85 21 36 fb 48 d5 2d a2 5d Aug 26 13:22:22.541728: | 3f 9f f2 67 8a 10 20 b8 e7 76 77 6d 9d b2 c7 81 Aug 26 13:22:22.541730: | 91 9d 38 88 c5 e0 34 4e 5f f6 77 fd e8 dd 9b c9 Aug 26 13:22:22.541733: | 27 eb 56 fa fa 18 fc ef 8b 10 7a c5 93 1c c7 81 Aug 26 13:22:22.541736: | a7 49 13 1c 56 64 a3 f6 e6 d7 42 55 Aug 26 13:22:22.541740: | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) Aug 26 13:22:22.541744: | **parse ISAKMP Message: Aug 26 13:22:22.541747: | initiator cookie: Aug 26 13:22:22.541749: | ff 46 30 fd 82 4a 54 6b Aug 26 13:22:22.541752: | responder cookie: Aug 26 13:22:22.541755: | d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:22.541757: | next payload type: ISAKMP_NEXT_HASH (0x8) Aug 26 13:22:22.541761: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 13:22:22.541763: | exchange type: ISAKMP_XCHG_QUICK (0x20) Aug 26 13:22:22.541767: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 13:22:22.541772: | Message ID: 2099276581 (0x7d206b25) Aug 26 13:22:22.541775: | length: 476 (0x1dc) Aug 26 13:22:22.541778: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32) Aug 26 13:22:22.541782: | State DB: IKEv1 state not found (find_state_ikev1) Aug 26 13:22:22.541785: | State DB: found IKEv1 state #1 in MAIN_R3 (find_state_ikev1) Aug 26 13:22:22.541791: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in process_v1_packet() at ikev1.c:1607) Aug 26 13:22:22.541804: | #1 is idle Aug 26 13:22:22.541807: | #1 idle Aug 26 13:22:22.541811: | received encrypted packet from 192.1.3.33:500 Aug 26 13:22:22.541820: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x502 opt: 0x200030 Aug 26 13:22:22.541824: | ***parse ISAKMP Hash Payload: Aug 26 13:22:22.541827: | next payload type: ISAKMP_NEXT_SA (0x1) Aug 26 13:22:22.541829: | length: 36 (0x24) Aug 26 13:22:22.541833: | got payload 0x2 (ISAKMP_NEXT_SA) needed: 0x402 opt: 0x200030 Aug 26 13:22:22.541836: | ***parse ISAKMP Security Association Payload: Aug 26 13:22:22.541838: | next payload type: ISAKMP_NEXT_NONCE (0xa) Aug 26 13:22:22.541841: | length: 84 (0x54) Aug 26 13:22:22.541844: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 13:22:22.541847: | got payload 0x400 (ISAKMP_NEXT_NONCE) needed: 0x400 opt: 0x200030 Aug 26 13:22:22.541850: | ***parse ISAKMP Nonce Payload: Aug 26 13:22:22.541852: | next payload type: ISAKMP_NEXT_KE (0x4) Aug 26 13:22:22.541855: | length: 36 (0x24) Aug 26 13:22:22.541858: | got payload 0x10 (ISAKMP_NEXT_KE) needed: 0x0 opt: 0x200030 Aug 26 13:22:22.541861: | ***parse ISAKMP Key Exchange Payload: Aug 26 13:22:22.541863: | next payload type: ISAKMP_NEXT_ID (0x5) Aug 26 13:22:22.541866: | length: 260 (0x104) Aug 26 13:22:22.541869: | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030 Aug 26 13:22:22.541872: | ***parse ISAKMP Identification Payload (IPsec DOI): Aug 26 13:22:22.541874: | next payload type: ISAKMP_NEXT_ID (0x5) Aug 26 13:22:22.541877: | length: 16 (0x10) Aug 26 13:22:22.541880: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Aug 26 13:22:22.541882: | Protocol ID: 0 (0x0) Aug 26 13:22:22.541885: | port: 0 (0x0) Aug 26 13:22:22.541888: | obj: c0 00 03 00 ff ff ff 00 Aug 26 13:22:22.541891: | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030 Aug 26 13:22:22.541893: | ***parse ISAKMP Identification Payload (IPsec DOI): Aug 26 13:22:22.541896: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:22.541899: | length: 16 (0x10) Aug 26 13:22:22.541901: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Aug 26 13:22:22.541904: | Protocol ID: 0 (0x0) Aug 26 13:22:22.541906: | port: 0 (0x0) Aug 26 13:22:22.541909: | obj: c0 00 02 00 ff ff ff 00 Aug 26 13:22:22.541932: | quick_inI1_outR1 HASH(1): Aug 26 13:22:22.541935: | d6 9f ec b5 34 30 97 1d cc 56 fa 2c 89 db cd 9a Aug 26 13:22:22.541938: | 54 7b 53 8f 8b 36 04 da be d6 f8 06 3e 8d 8c a3 Aug 26 13:22:22.541941: | received 'quick_inI1_outR1' message HASH(1) data ok Aug 26 13:22:22.541946: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address Aug 26 13:22:22.541949: | ID address c0 00 03 00 Aug 26 13:22:22.541952: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID mask Aug 26 13:22:22.541954: | ID mask ff ff ff 00 Aug 26 13:22:22.541959: | peer client is subnet 192.0.3.0/24 Aug 26 13:22:22.541962: | peer client protocol/port is 0/0 Aug 26 13:22:22.541965: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address Aug 26 13:22:22.541967: | ID address c0 00 02 00 Aug 26 13:22:22.541970: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID mask Aug 26 13:22:22.541973: | ID mask ff ff ff 00 Aug 26 13:22:22.541976: | our client is subnet 192.0.2.0/24 Aug 26 13:22:22.541979: | our client protocol/port is 0/0 Aug 26 13:22:22.541984: "northnet-eastnets/0x2" #1: the peer proposed: 192.0.2.0/24:0/0 -> 192.0.3.0/24:0/0 Aug 26 13:22:22.541991: | find_client_connection starting with northnet-eastnets/0x2 Aug 26 13:22:22.541995: | looking for 192.0.2.0/24:0/0 -> 192.0.3.0/24:0/0 Aug 26 13:22:22.541999: | concrete checking against sr#0 192.0.22.0/24 -> 192.0.3.0/24 Aug 26 13:22:22.542017: | match_id a=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org Aug 26 13:22:22.542020: | b=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org Aug 26 13:22:22.542023: | results matched Aug 26 13:22:22.542029: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:22:22.542035: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:22:22.542042: | fc_try trying northnet-eastnets/0x2:192.0.2.0/24:0/0 -> 192.0.3.0/24:0/0 vs northnet-eastnets/0x2:192.0.22.0/24:0/0 -> 192.0.3.0/24:0/0 Aug 26 13:22:22.542046: | our client (192.0.22.0/24) not in our_net (192.0.2.0/24) Aug 26 13:22:22.542056: | match_id a=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org Aug 26 13:22:22.542059: | b=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org Aug 26 13:22:22.542062: | results matched Aug 26 13:22:22.542068: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:22:22.542074: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:22:22.542079: | fc_try trying northnet-eastnets/0x2:192.0.2.0/24:0/0 -> 192.0.3.0/24:0/0 vs northnet-eastnets/0x1:192.0.2.0/24:0/0 -> 192.0.3.0/24:0/0 Aug 26 13:22:22.542083: | fc_try concluding with northnet-eastnets/0x1 [256] Aug 26 13:22:22.542086: | fc_try northnet-eastnets/0x2 gives northnet-eastnets/0x1 Aug 26 13:22:22.542088: | concluding with d = northnet-eastnets/0x1 Aug 26 13:22:22.542091: | using connection "northnet-eastnets/0x1" Aug 26 13:22:22.542094: | client wildcard: no port wildcard: no virtual: no Aug 26 13:22:22.542102: | creating state object #6 at 0x555fbaf47cc8 Aug 26 13:22:22.542106: | State DB: adding IKEv1 state #6 in UNDEFINED Aug 26 13:22:22.542109: | pstats #6 ikev1.ipsec started Aug 26 13:22:22.542113: | duplicating state object #1 "northnet-eastnets/0x2" as #6 for IPSEC SA Aug 26 13:22:22.542118: | #6 setting local endpoint to 192.1.2.23:500 from #1.st_localport (in duplicate_state() at state.c:1484) Aug 26 13:22:22.542122: | in connection_discard for connection northnet-eastnets/0x2 Aug 26 13:22:22.542126: | start processing: connection "northnet-eastnets/0x1" (BACKGROUND) (in quick_inI1_outR1_tail() at ikev1_quick.c:1286) Aug 26 13:22:22.542131: | suspend processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in quick_inI1_outR1_tail() at ikev1_quick.c:1295) Aug 26 13:22:22.542136: | start processing: state #6 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in quick_inI1_outR1_tail() at ikev1_quick.c:1295) Aug 26 13:22:22.542139: | child state #6: UNDEFINED(ignore) => QUICK_R0(established CHILD SA) Aug 26 13:22:22.542142: | ****parse IPsec DOI SIT: Aug 26 13:22:22.542145: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) Aug 26 13:22:22.542149: | ****parse ISAKMP Proposal Payload: Aug 26 13:22:22.542151: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:22.542154: | length: 72 (0x48) Aug 26 13:22:22.542157: | proposal number: 0 (0x0) Aug 26 13:22:22.542159: | protocol ID: PROTO_IPSEC_ESP (0x3) Aug 26 13:22:22.542162: | SPI size: 4 (0x4) Aug 26 13:22:22.542165: | number of transforms: 2 (0x2) Aug 26 13:22:22.542170: | parsing 4 raw bytes of ISAKMP Proposal Payload into SPI Aug 26 13:22:22.542172: | SPI aa d7 2b a6 Aug 26 13:22:22.542176: | *****parse ISAKMP Transform Payload (ESP): Aug 26 13:22:22.542178: | next payload type: ISAKMP_NEXT_T (0x3) Aug 26 13:22:22.542181: | length: 32 (0x20) Aug 26 13:22:22.542184: | ESP transform number: 0 (0x0) Aug 26 13:22:22.542186: | ESP transform ID: ESP_AES (0xc) Aug 26 13:22:22.542190: | ******parse ISAKMP IPsec DOI attribute: Aug 26 13:22:22.542193: | af+type: AF+GROUP_DESCRIPTION (0x8003) Aug 26 13:22:22.542195: | length/value: 14 (0xe) Aug 26 13:22:22.542198: | [14 is OAKLEY_GROUP_MODP2048] Aug 26 13:22:22.542201: | ******parse ISAKMP IPsec DOI attribute: Aug 26 13:22:22.542204: | af+type: AF+ENCAPSULATION_MODE (0x8004) Aug 26 13:22:22.542207: | length/value: 1 (0x1) Aug 26 13:22:22.542210: | [1 is ENCAPSULATION_MODE_TUNNEL] Aug 26 13:22:22.542213: | NAT-T non-encap: Installing IPsec SA without ENCAP, st->hidden_variables.st_nat_traversal is none Aug 26 13:22:22.542216: | ******parse ISAKMP IPsec DOI attribute: Aug 26 13:22:22.542218: | af+type: AF+SA_LIFE_TYPE (0x8001) Aug 26 13:22:22.542221: | length/value: 1 (0x1) Aug 26 13:22:22.542224: | [1 is SA_LIFE_TYPE_SECONDS] Aug 26 13:22:22.542226: | ******parse ISAKMP IPsec DOI attribute: Aug 26 13:22:22.542229: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) Aug 26 13:22:22.542232: | length/value: 28800 (0x7080) Aug 26 13:22:22.542235: | ******parse ISAKMP IPsec DOI attribute: Aug 26 13:22:22.542237: | af+type: AF+AUTH_ALGORITHM (0x8005) Aug 26 13:22:22.542240: | length/value: 2 (0x2) Aug 26 13:22:22.542243: | [2 is AUTH_ALGORITHM_HMAC_SHA1] Aug 26 13:22:22.542245: | ******parse ISAKMP IPsec DOI attribute: Aug 26 13:22:22.542248: | af+type: AF+KEY_LENGTH (0x8006) Aug 26 13:22:22.542251: | length/value: 128 (0x80) Aug 26 13:22:22.542254: | ESP IPsec Transform verified unconditionally; no alg_info to check against Aug 26 13:22:22.542262: | adding quick_outI1 KE work-order 10 for state #6 Aug 26 13:22:22.542266: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f4ebc004218 Aug 26 13:22:22.542270: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #6 Aug 26 13:22:22.542274: | libevent_malloc: new ptr-libevent@0x555fbaf2ef48 size 128 Aug 26 13:22:22.542283: | complete v1 state transition with STF_SUSPEND Aug 26 13:22:22.542296: | [RE]START processing: state #6 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in complete_v1_state_transition() at ikev1.c:2648) Aug 26 13:22:22.542306: | suspending state #6 and saving MD Aug 26 13:22:22.542311: | #6 is busy; has a suspended MD Aug 26 13:22:22.542319: | #1 spent 0.367 milliseconds in process_packet_tail() Aug 26 13:22:22.542327: | stop processing: from 192.1.3.33:500 (BACKGROUND) (in process_md() at demux.c:380) Aug 26 13:22:22.542332: | stop processing: state #6 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in process_md() at demux.c:382) Aug 26 13:22:22.542342: | resume processing: connection "northnet-eastnets/0x1" (in process_md() at demux.c:382) Aug 26 13:22:22.542328: | crypto helper 3 resuming Aug 26 13:22:22.542347: | stop processing: connection "northnet-eastnets/0x1" (in process_md() at demux.c:383) Aug 26 13:22:22.542360: | crypto helper 3 starting work-order 10 for state #6 Aug 26 13:22:22.542371: | spent 0.717 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:22:22.542381: | crypto helper 3 doing build KE and nonce (quick_outI1 KE); request ID 10 Aug 26 13:22:22.542561: | crypto helper 2 finished build KE and nonce (quick_outI1 KE); request ID 9 time elapsed 0.000931 seconds Aug 26 13:22:22.542572: | (#5) spent 0.929 milliseconds in crypto helper computing work-order 9: quick_outI1 KE (pcr) Aug 26 13:22:22.542576: | crypto helper 2 sending results from work-order 9 for state #5 to event queue Aug 26 13:22:22.542579: | scheduling resume sending helper answer for #5 Aug 26 13:22:22.542583: | libevent_malloc: new ptr-libevent@0x7f4ec4004fd8 size 128 Aug 26 13:22:22.542596: | crypto helper 2 waiting (nothing to do) Aug 26 13:22:22.542603: | processing resume sending helper answer for #5 Aug 26 13:22:22.542610: | start processing: state #5 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:797) Aug 26 13:22:22.542615: | crypto helper 2 replies to request ID 9 Aug 26 13:22:22.542618: | calling continuation function 0x555fba81bb50 Aug 26 13:22:22.542621: | quick_inI1_outR1_cryptocontinue1 for #5: calculated ke+nonce, calculating DH Aug 26 13:22:22.542634: | started looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org of kind PKK_PSK Aug 26 13:22:22.542641: | actually looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org of kind PKK_PSK Aug 26 13:22:22.542651: | line 0: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org) to type PKK_RSA Aug 26 13:22:22.542655: | line 1: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org) to type PKK_RSA Aug 26 13:22:22.542658: | concluding with best_match=000 best=(nil) (lineno=-1) Aug 26 13:22:22.542661: | no PreShared Key Found Aug 26 13:22:22.542665: | adding quick outR1 DH work-order 11 for state #5 Aug 26 13:22:22.542668: | state #5 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:22:22.542672: | libevent_free: release ptr-libevent@0x555fbaf3c3a8 Aug 26 13:22:22.542675: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f4eb8002b78 Aug 26 13:22:22.542679: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f4eb8002b78 Aug 26 13:22:22.542683: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #5 Aug 26 13:22:22.542686: | libevent_malloc: new ptr-libevent@0x555fbaf3c3a8 size 128 Aug 26 13:22:22.542693: | suspending state #5 and saving MD Aug 26 13:22:22.542696: | #5 is busy; has a suspended MD Aug 26 13:22:22.542700: | resume sending helper answer for #5 suppresed complete_v1_state_transition() and stole MD Aug 26 13:22:22.542705: | #5 spent 0.0897 milliseconds in resume sending helper answer Aug 26 13:22:22.542710: | stop processing: state #5 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:833) Aug 26 13:22:22.542713: | libevent_free: release ptr-libevent@0x7f4ec4004fd8 Aug 26 13:22:22.542738: | crypto helper 1 resuming Aug 26 13:22:22.542754: | crypto helper 1 starting work-order 11 for state #5 Aug 26 13:22:22.542761: | crypto helper 1 doing compute dh (V1 Phase 2 PFS) (quick outR1 DH); request ID 11 Aug 26 13:22:22.543461: | crypto helper 3 finished build KE and nonce (quick_outI1 KE); request ID 10 time elapsed 0.001079 seconds Aug 26 13:22:22.543482: | (#6) spent 0.968 milliseconds in crypto helper computing work-order 10: quick_outI1 KE (pcr) Aug 26 13:22:22.543487: | crypto helper 3 sending results from work-order 10 for state #6 to event queue Aug 26 13:22:22.543491: | scheduling resume sending helper answer for #6 Aug 26 13:22:22.543495: | libevent_malloc: new ptr-libevent@0x7f4ebc00a028 size 128 Aug 26 13:22:22.543504: | crypto helper 3 waiting (nothing to do) Aug 26 13:22:22.543549: | processing resume sending helper answer for #6 Aug 26 13:22:22.543566: | start processing: state #6 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in resume_handler() at server.c:797) Aug 26 13:22:22.543572: | crypto helper 3 replies to request ID 10 Aug 26 13:22:22.543575: | calling continuation function 0x555fba81bb50 Aug 26 13:22:22.543579: | quick_inI1_outR1_cryptocontinue1 for #6: calculated ke+nonce, calculating DH Aug 26 13:22:22.543596: | started looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org of kind PKK_PSK Aug 26 13:22:22.543619: | actually looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org of kind PKK_PSK Aug 26 13:22:22.543630: | line 0: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org) to type PKK_RSA Aug 26 13:22:22.543634: | line 1: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org) to type PKK_RSA Aug 26 13:22:22.543638: | concluding with best_match=000 best=(nil) (lineno=-1) Aug 26 13:22:22.543641: | no PreShared Key Found Aug 26 13:22:22.543647: | adding quick outR1 DH work-order 12 for state #6 Aug 26 13:22:22.543650: | state #6 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:22:22.543655: | libevent_free: release ptr-libevent@0x555fbaf2ef48 Aug 26 13:22:22.543659: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f4ebc004218 Aug 26 13:22:22.543661: | crypto helper 1 finished compute dh (V1 Phase 2 PFS) (quick outR1 DH); request ID 11 time elapsed 0.0009 seconds Aug 26 13:22:22.543663: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f4ebc004218 Aug 26 13:22:22.543689: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #6 Aug 26 13:22:22.543678: | (#5) spent 0.91 milliseconds in crypto helper computing work-order 11: quick outR1 DH (pcr) Aug 26 13:22:22.543705: | crypto helper 1 sending results from work-order 11 for state #5 to event queue Aug 26 13:22:22.543697: | libevent_malloc: new ptr-libevent@0x7f4ec4004fd8 size 128 Aug 26 13:22:22.543713: | scheduling resume sending helper answer for #5 Aug 26 13:22:22.543725: | suspending state #6 and saving MD Aug 26 13:22:22.543732: | #6 is busy; has a suspended MD Aug 26 13:22:22.543740: | resume sending helper answer for #6 suppresed complete_v1_state_transition() and stole MD Aug 26 13:22:22.543727: | libevent_malloc: new ptr-libevent@0x7f4ec8003e78 size 128 Aug 26 13:22:22.543747: | #6 spent 0.164 milliseconds in resume sending helper answer Aug 26 13:22:22.543754: | crypto helper 1 starting work-order 12 for state #6 Aug 26 13:22:22.543754: | stop processing: state #6 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in resume_handler() at server.c:833) Aug 26 13:22:22.543765: | crypto helper 1 doing compute dh (V1 Phase 2 PFS) (quick outR1 DH); request ID 12 Aug 26 13:22:22.543767: | libevent_free: release ptr-libevent@0x7f4ebc00a028 Aug 26 13:22:22.543773: | crypto helper 4 resuming Aug 26 13:22:22.543782: | processing resume sending helper answer for #5 Aug 26 13:22:22.543804: | start processing: state #5 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:797) Aug 26 13:22:22.543793: | crypto helper 4 waiting (nothing to do) Aug 26 13:22:22.543811: | crypto helper 1 replies to request ID 11 Aug 26 13:22:22.543822: | calling continuation function 0x555fba81bb50 Aug 26 13:22:22.543826: | quick_inI1_outR1_cryptocontinue2 for #5: calculated DH, sending R1 Aug 26 13:22:22.543834: | **emit ISAKMP Message: Aug 26 13:22:22.543838: | initiator cookie: Aug 26 13:22:22.543841: | ff 46 30 fd 82 4a 54 6b Aug 26 13:22:22.543844: | responder cookie: Aug 26 13:22:22.543847: | d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:22.543851: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:22.543854: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 13:22:22.543857: | exchange type: ISAKMP_XCHG_QUICK (0x20) Aug 26 13:22:22.543861: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 13:22:22.543867: | Message ID: 402612428 (0x17ff60cc) Aug 26 13:22:22.543871: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:22:22.543875: | ***emit ISAKMP Hash Payload: Aug 26 13:22:22.543879: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:22.543883: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Aug 26 13:22:22.543886: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'reply packet' Aug 26 13:22:22.543891: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Aug 26 13:22:22.543894: | emitting length of ISAKMP Hash Payload: 36 Aug 26 13:22:22.543897: | ***emit ISAKMP Security Association Payload: Aug 26 13:22:22.543900: | next payload type: ISAKMP_NEXT_NONCE (0xa) Aug 26 13:22:22.543904: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 13:22:22.543907: | next payload chain: ignoring supplied 'ISAKMP Security Association Payload'.'next payload type' value 10:ISAKMP_NEXT_NONCE Aug 26 13:22:22.543911: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Security Association Payload (1:ISAKMP_NEXT_SA) Aug 26 13:22:22.543915: | next payload chain: saving location 'ISAKMP Security Association Payload'.'next payload type' in 'reply packet' Aug 26 13:22:22.543919: | ****parse IPsec DOI SIT: Aug 26 13:22:22.543922: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) Aug 26 13:22:22.543926: | ****parse ISAKMP Proposal Payload: Aug 26 13:22:22.543929: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:22.543932: | length: 72 (0x48) Aug 26 13:22:22.543935: | proposal number: 0 (0x0) Aug 26 13:22:22.543939: | protocol ID: PROTO_IPSEC_ESP (0x3) Aug 26 13:22:22.543942: | SPI size: 4 (0x4) Aug 26 13:22:22.543945: | number of transforms: 2 (0x2) Aug 26 13:22:22.543948: | parsing 4 raw bytes of ISAKMP Proposal Payload into SPI Aug 26 13:22:22.543951: | SPI dc d5 9a 6b Aug 26 13:22:22.543955: | *****parse ISAKMP Transform Payload (ESP): Aug 26 13:22:22.543958: | next payload type: ISAKMP_NEXT_T (0x3) Aug 26 13:22:22.543961: | length: 32 (0x20) Aug 26 13:22:22.543964: | ESP transform number: 0 (0x0) Aug 26 13:22:22.543968: | ESP transform ID: ESP_AES (0xc) Aug 26 13:22:22.543971: | ******parse ISAKMP IPsec DOI attribute: Aug 26 13:22:22.543975: | af+type: AF+GROUP_DESCRIPTION (0x8003) Aug 26 13:22:22.543978: | length/value: 14 (0xe) Aug 26 13:22:22.543981: | [14 is OAKLEY_GROUP_MODP2048] Aug 26 13:22:22.543985: | ******parse ISAKMP IPsec DOI attribute: Aug 26 13:22:22.543988: | af+type: AF+ENCAPSULATION_MODE (0x8004) Aug 26 13:22:22.543991: | length/value: 1 (0x1) Aug 26 13:22:22.543994: | [1 is ENCAPSULATION_MODE_TUNNEL] Aug 26 13:22:22.543998: | NAT-T non-encap: Installing IPsec SA without ENCAP, st->hidden_variables.st_nat_traversal is none Aug 26 13:22:22.544001: | ******parse ISAKMP IPsec DOI attribute: Aug 26 13:22:22.544004: | af+type: AF+SA_LIFE_TYPE (0x8001) Aug 26 13:22:22.544007: | length/value: 1 (0x1) Aug 26 13:22:22.544010: | [1 is SA_LIFE_TYPE_SECONDS] Aug 26 13:22:22.544014: | ******parse ISAKMP IPsec DOI attribute: Aug 26 13:22:22.544017: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) Aug 26 13:22:22.544020: | length/value: 28800 (0x7080) Aug 26 13:22:22.544023: | ******parse ISAKMP IPsec DOI attribute: Aug 26 13:22:22.544027: | af+type: AF+AUTH_ALGORITHM (0x8005) Aug 26 13:22:22.544029: | length/value: 2 (0x2) Aug 26 13:22:22.544032: | [2 is AUTH_ALGORITHM_HMAC_SHA1] Aug 26 13:22:22.544036: | ******parse ISAKMP IPsec DOI attribute: Aug 26 13:22:22.544039: | af+type: AF+KEY_LENGTH (0x8006) Aug 26 13:22:22.544042: | length/value: 128 (0x80) Aug 26 13:22:22.544045: | ESP IPsec Transform verified unconditionally; no alg_info to check against Aug 26 13:22:22.544049: | ****emit IPsec DOI SIT: Aug 26 13:22:22.544052: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) Aug 26 13:22:22.544055: | ****emit ISAKMP Proposal Payload: Aug 26 13:22:22.544060: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:22.544064: | proposal number: 0 (0x0) Aug 26 13:22:22.544067: | protocol ID: PROTO_IPSEC_ESP (0x3) Aug 26 13:22:22.544070: | SPI size: 4 (0x4) Aug 26 13:22:22.544073: | number of transforms: 1 (0x1) Aug 26 13:22:22.544077: | last substructure: saving location 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' Aug 26 13:22:22.544104: | netlink_get_spi: allocated 0xdfa7993f for esp.0@192.1.2.23 Aug 26 13:22:22.544109: | emitting 4 raw bytes of SPI into ISAKMP Proposal Payload Aug 26 13:22:22.544112: | SPI df a7 99 3f Aug 26 13:22:22.544115: | *****emit ISAKMP Transform Payload (ESP): Aug 26 13:22:22.544119: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:22.544122: | ESP transform number: 0 (0x0) Aug 26 13:22:22.544125: | ESP transform ID: ESP_AES (0xc) Aug 26 13:22:22.544129: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' Aug 26 13:22:22.544133: | emitting 24 raw bytes of attributes into ISAKMP Transform Payload (ESP) Aug 26 13:22:22.544136: | attributes 80 03 00 0e 80 04 00 01 80 01 00 01 80 02 70 80 Aug 26 13:22:22.544139: | attributes 80 05 00 02 80 06 00 80 Aug 26 13:22:22.544142: | emitting length of ISAKMP Transform Payload (ESP): 32 Aug 26 13:22:22.544145: | emitting length of ISAKMP Proposal Payload: 44 Aug 26 13:22:22.544149: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' is 0 Aug 26 13:22:22.544152: | emitting length of ISAKMP Security Association Payload: 56 Aug 26 13:22:22.544156: | last substructure: checking 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' is 0 Aug 26 13:22:22.544162: "northnet-eastnets/0x2" #5: responding to Quick Mode proposal {msgid:17ff60cc} Aug 26 13:22:22.544176: "northnet-eastnets/0x2" #5: us: 192.0.22.0/24===192.1.2.23<192.1.2.23>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org] Aug 26 13:22:22.544187: "northnet-eastnets/0x2" #5: them: 192.1.3.33<192.1.3.33>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org]===192.0.3.0/24 Aug 26 13:22:22.544190: | ***emit ISAKMP Nonce Payload: Aug 26 13:22:22.544194: | next payload type: ISAKMP_NEXT_KE (0x4) Aug 26 13:22:22.544198: | next payload chain: ignoring supplied 'ISAKMP Nonce Payload'.'next payload type' value 4:ISAKMP_NEXT_KE Aug 26 13:22:22.544202: | next payload chain: setting previous 'ISAKMP Security Association Payload'.'next payload type' to current ISAKMP Nonce Payload (10:ISAKMP_NEXT_NONCE) Aug 26 13:22:22.544205: | next payload chain: saving location 'ISAKMP Nonce Payload'.'next payload type' in 'reply packet' Aug 26 13:22:22.544209: | emitting 32 raw bytes of Nr into ISAKMP Nonce Payload Aug 26 13:22:22.544212: | Nr f0 c9 57 94 d7 b0 21 5a 4d dc 76 0c 2c e3 e5 86 Aug 26 13:22:22.544216: | Nr a9 32 21 4f 75 9e 66 19 76 f1 2e fe c5 1b 2c 55 Aug 26 13:22:22.544219: | emitting length of ISAKMP Nonce Payload: 36 Aug 26 13:22:22.544222: | ***emit ISAKMP Key Exchange Payload: Aug 26 13:22:22.544225: | next payload type: ISAKMP_NEXT_ID (0x5) Aug 26 13:22:22.544229: | next payload chain: ignoring supplied 'ISAKMP Key Exchange Payload'.'next payload type' value 5:ISAKMP_NEXT_ID Aug 26 13:22:22.544233: | next payload chain: setting previous 'ISAKMP Nonce Payload'.'next payload type' to current ISAKMP Key Exchange Payload (4:ISAKMP_NEXT_KE) Aug 26 13:22:22.544236: | next payload chain: saving location 'ISAKMP Key Exchange Payload'.'next payload type' in 'reply packet' Aug 26 13:22:22.544240: | emitting 256 raw bytes of keyex value into ISAKMP Key Exchange Payload Aug 26 13:22:22.544243: | keyex value ce fe d8 0e 9d 08 a3 de 80 bd e1 cf 23 fc 51 84 Aug 26 13:22:22.544247: | keyex value 03 97 9a d0 51 12 bb 33 4e 4f d0 df cf 2f 86 a6 Aug 26 13:22:22.544252: | keyex value de 20 8f 65 d8 59 81 63 5a 49 de d8 0c 73 fc 05 Aug 26 13:22:22.544255: | keyex value 86 2b 45 93 dc 7f 34 0a f3 fc 34 94 34 22 ba 06 Aug 26 13:22:22.544258: | keyex value 33 bd 34 bc c7 13 64 8e fe e9 7b 4b 30 75 39 47 Aug 26 13:22:22.544261: | keyex value eb b3 09 1e ea 6a 4d dc f6 54 60 db 5a 11 0c f5 Aug 26 13:22:22.544264: | keyex value fc a4 08 c4 8d ce 25 41 89 13 87 d7 c7 4b b9 f1 Aug 26 13:22:22.544267: | keyex value c3 55 4a e9 f2 11 14 34 7f 1d 74 c5 d6 6d 74 bd Aug 26 13:22:22.544270: | keyex value c0 86 b9 15 97 cc cd ce f0 1b 55 dd d4 97 21 7d Aug 26 13:22:22.544273: | keyex value 74 0f 13 ad 38 a3 3f 60 2e 90 02 2f b2 6d 19 64 Aug 26 13:22:22.544277: | keyex value 0f 03 58 69 63 9d d1 61 a9 81 4c 69 01 82 e6 79 Aug 26 13:22:22.544280: | keyex value 29 16 55 cb da d7 e3 25 d1 70 75 90 c3 dd 4f 25 Aug 26 13:22:22.544283: | keyex value 36 d9 88 f5 2e 3a ad 7b 6c fc 5e 3e 3a 0b aa 66 Aug 26 13:22:22.544286: | keyex value 9a 77 3f b5 31 31 4a 32 f9 49 65 3d a7 b2 ba 48 Aug 26 13:22:22.544299: | keyex value 16 41 00 c8 83 54 43 86 71 33 7f c5 61 85 4c 2c Aug 26 13:22:22.544310: | keyex value 47 09 97 38 f4 a6 a6 ba d4 22 0a 2c af cc 54 7b Aug 26 13:22:22.544315: | emitting length of ISAKMP Key Exchange Payload: 260 Aug 26 13:22:22.544321: | ***emit ISAKMP Identification Payload (IPsec DOI): Aug 26 13:22:22.544326: | next payload type: ISAKMP_NEXT_ID (0x5) Aug 26 13:22:22.544329: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Aug 26 13:22:22.544332: | Protocol ID: 0 (0x0) Aug 26 13:22:22.544335: | port: 0 (0x0) Aug 26 13:22:22.544339: | next payload chain: ignoring supplied 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' value 5:ISAKMP_NEXT_ID Aug 26 13:22:22.544343: | next payload chain: setting previous 'ISAKMP Key Exchange Payload'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) Aug 26 13:22:22.544347: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' Aug 26 13:22:22.544351: | emitting 8 raw bytes of ID body into ISAKMP Identification Payload (IPsec DOI) Aug 26 13:22:22.544354: | ID body c0 00 03 00 ff ff ff 00 Aug 26 13:22:22.544357: | emitting length of ISAKMP Identification Payload (IPsec DOI): 16 Aug 26 13:22:22.544361: | ***emit ISAKMP Identification Payload (IPsec DOI): Aug 26 13:22:22.544364: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:22.544367: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Aug 26 13:22:22.544370: | Protocol ID: 0 (0x0) Aug 26 13:22:22.544373: | port: 0 (0x0) Aug 26 13:22:22.544377: | next payload chain: setting previous 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) Aug 26 13:22:22.544380: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' Aug 26 13:22:22.544384: | emitting 8 raw bytes of ID body into ISAKMP Identification Payload (IPsec DOI) Aug 26 13:22:22.544387: | ID body c0 00 16 00 ff ff ff 00 Aug 26 13:22:22.544390: | emitting length of ISAKMP Identification Payload (IPsec DOI): 16 Aug 26 13:22:22.544432: | quick inR1 outI2 HASH(2): Aug 26 13:22:22.544437: | f9 04 e1 09 af fb 72 5e a0 b4 ea 79 62 67 2c cd Aug 26 13:22:22.544440: | 05 7f 3a 9f f0 e9 80 32 63 43 33 50 0c c6 7d ca Aug 26 13:22:22.544444: | compute_proto_keymat: needed_len (after ESP enc)=16 Aug 26 13:22:22.544447: | compute_proto_keymat: needed_len (after ESP auth)=36 Aug 26 13:22:22.544574: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:22:22.544581: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Aug 26 13:22:22.544584: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Aug 26 13:22:22.544588: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Aug 26 13:22:22.544592: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Aug 26 13:22:22.544597: | route owner of "northnet-eastnets/0x2" erouted: self Aug 26 13:22:22.544603: | install_inbound_ipsec_sa() checking if we can route Aug 26 13:22:22.544607: | could_route called for northnet-eastnets/0x2 (kind=CK_PERMANENT) Aug 26 13:22:22.544610: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:22:22.544613: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Aug 26 13:22:22.544617: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Aug 26 13:22:22.544620: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Aug 26 13:22:22.544624: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Aug 26 13:22:22.544628: | route owner of "northnet-eastnets/0x2" erouted: self; eroute owner: self Aug 26 13:22:22.544632: | routing is easy, or has resolvable near-conflict Aug 26 13:22:22.544635: | checking if this is a replacement state Aug 26 13:22:22.544639: | st=0x555fbaf2e458 ost=0x555fbaf34638 st->serialno=#5 ost->serialno=#3 Aug 26 13:22:22.544643: "northnet-eastnets/0x2" #5: keeping refhim=0 during rekey Aug 26 13:22:22.544646: | installing outgoing SA now as refhim=0 Aug 26 13:22:22.544652: | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 Aug 26 13:22:22.544656: | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 Aug 26 13:22:22.544660: | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 Aug 26 13:22:22.544665: | setting IPsec SA replay-window to 32 Aug 26 13:22:22.544669: | NIC esp-hw-offload not for connection 'northnet-eastnets/0x2' not available on interface eth1 Aug 26 13:22:22.544673: | netlink: enabling tunnel mode Aug 26 13:22:22.544677: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 13:22:22.544681: | netlink: esp-hw-offload not set for IPsec SA Aug 26 13:22:22.544755: | crypto helper 1 finished compute dh (V1 Phase 2 PFS) (quick outR1 DH); request ID 12 time elapsed 0.00099 seconds Aug 26 13:22:22.544765: | (#6) spent 0.99 milliseconds in crypto helper computing work-order 12: quick outR1 DH (pcr) Aug 26 13:22:22.544769: | crypto helper 1 sending results from work-order 12 for state #6 to event queue Aug 26 13:22:22.544773: | scheduling resume sending helper answer for #6 Aug 26 13:22:22.544780: | libevent_malloc: new ptr-libevent@0x7f4ec8005118 size 128 Aug 26 13:22:22.544785: | crypto helper 1 waiting (nothing to do) Aug 26 13:22:22.544789: | netlink response for Add SA esp.dcd59a6b@192.1.3.33 included non-error error Aug 26 13:22:22.544799: | outgoing SA has refhim=0 Aug 26 13:22:22.544806: | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 Aug 26 13:22:22.544810: | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 Aug 26 13:22:22.544814: | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 Aug 26 13:22:22.544819: | setting IPsec SA replay-window to 32 Aug 26 13:22:22.544822: | NIC esp-hw-offload not for connection 'northnet-eastnets/0x2' not available on interface eth1 Aug 26 13:22:22.544825: | netlink: enabling tunnel mode Aug 26 13:22:22.544829: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 13:22:22.544832: | netlink: esp-hw-offload not set for IPsec SA Aug 26 13:22:22.544889: | netlink response for Add SA esp.dfa7993f@192.1.2.23 included non-error error Aug 26 13:22:22.544994: | emitting 12 zero bytes of encryption padding into ISAKMP Message Aug 26 13:22:22.545001: | no IKEv1 message padding required Aug 26 13:22:22.545005: | emitting length of ISAKMP Message: 460 Aug 26 13:22:22.545018: | finished processing quick inI1 Aug 26 13:22:22.545022: | complete v1 state transition with STF_OK Aug 26 13:22:22.545029: | [RE]START processing: state #5 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in complete_v1_state_transition() at ikev1.c:2673) Aug 26 13:22:22.545033: | #5 is idle Aug 26 13:22:22.545036: | doing_xauth:no, t_xauth_client_done:no Aug 26 13:22:22.545040: | IKEv1: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1 Aug 26 13:22:22.545044: | child state #5: QUICK_R0(established CHILD SA) => QUICK_R1(established CHILD SA) Aug 26 13:22:22.545051: | event_already_set, deleting event Aug 26 13:22:22.545055: | state #5 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:22:22.545059: | libevent_free: release ptr-libevent@0x555fbaf3c3a8 Aug 26 13:22:22.545063: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f4eb8002b78 Aug 26 13:22:22.545069: | sending reply packet to 192.1.3.33:500 (from 192.1.2.23:500) Aug 26 13:22:22.545078: | sending 460 bytes for STATE_QUICK_R0 through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #5) Aug 26 13:22:22.545081: | ff 46 30 fd 82 4a 54 6b d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:22.545085: | 08 10 20 01 17 ff 60 cc 00 00 01 cc 91 d8 8d ab Aug 26 13:22:22.545087: | 13 84 10 79 0c 45 94 a3 57 8e f0 7f 3f 6d 6b f8 Aug 26 13:22:22.545090: | d7 6b f0 22 26 d2 a8 2f c2 2e 83 c3 44 3c 19 62 Aug 26 13:22:22.545093: | 86 5b cf ef 37 22 b6 8d f9 ad d8 7d 0f ff 82 88 Aug 26 13:22:22.545096: | 01 54 f3 c1 6c 83 70 02 f3 19 96 3e 7e f9 3d 0f Aug 26 13:22:22.545099: | 1a 2c 33 a0 4c 89 62 34 ac 14 4e 13 bc 8a 21 7b Aug 26 13:22:22.545102: | 00 14 44 6b 60 94 db ed e6 4a 4a 5a d2 27 78 86 Aug 26 13:22:22.545105: | 74 d7 81 87 45 7a d6 73 db 60 52 ee 06 42 1b 02 Aug 26 13:22:22.545108: | 00 6b 63 00 b6 29 9e 77 8e 75 ea d9 f1 da 31 71 Aug 26 13:22:22.545111: | 66 6c a4 4f de 0b 2d eb c1 74 31 16 58 cf b1 68 Aug 26 13:22:22.545114: | e2 95 0e 30 ff fb c6 fd 22 52 53 67 cc bf a7 84 Aug 26 13:22:22.545117: | 67 f3 2d 61 cf 79 66 2c be a8 b7 62 e5 b7 ac 0f Aug 26 13:22:22.545119: | 90 68 d4 c8 a2 d8 e2 01 a7 c6 e8 33 61 82 3b 6b Aug 26 13:22:22.545122: | 47 42 ff d1 78 4b 94 a4 2b 42 3d ab 90 1c 25 00 Aug 26 13:22:22.545125: | 62 5e 9c a1 02 54 b8 c3 cc b8 63 b1 0b 8a 6b 5f Aug 26 13:22:22.545128: | 09 3c 58 ef 71 93 a1 3c 18 23 60 62 04 15 bf 87 Aug 26 13:22:22.545131: | 40 0f cf d4 47 42 33 78 4d 1f cb a9 44 24 f6 88 Aug 26 13:22:22.545134: | 4b 76 c0 04 cd 76 51 14 1e 7f f9 a7 f0 c4 7f 68 Aug 26 13:22:22.545137: | e3 d5 c2 83 f9 f1 ed 71 9a 97 ef 97 13 69 4e 91 Aug 26 13:22:22.545140: | 3f 2a c5 30 a9 b2 7d f8 fe c3 ed 82 e6 68 e3 47 Aug 26 13:22:22.545143: | 53 94 e9 f8 b4 21 43 2b 2d e1 b6 aa 44 fe 24 ae Aug 26 13:22:22.545146: | 89 69 4c e8 b4 7c 2a 87 0a 3e 21 56 cb 9b 1f 01 Aug 26 13:22:22.545149: | 7a 97 65 33 b1 25 44 85 89 2e 84 29 ba ac 67 87 Aug 26 13:22:22.545151: | a0 2a b2 ab ff 41 df b6 78 49 8c 24 8c a2 52 8e Aug 26 13:22:22.545154: | 84 c9 34 c2 23 9b 32 a5 bb bd 3f 31 2f 83 89 93 Aug 26 13:22:22.545157: | 24 f7 d2 b2 c1 6e 08 dc a9 f6 b5 04 64 85 87 05 Aug 26 13:22:22.545160: | f1 56 60 d3 fe fe f0 0a dd 26 4e 38 07 2d 9e d4 Aug 26 13:22:22.545163: | 62 db 0c a7 e8 a7 2a c9 1c de 93 74 Aug 26 13:22:22.545211: | !event_already_set at reschedule Aug 26 13:22:22.545218: | event_schedule: new EVENT_RETRANSMIT-pe@0x7f4eb8002b78 Aug 26 13:22:22.545224: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #5 Aug 26 13:22:22.545228: | libevent_malloc: new ptr-libevent@0x7f4ebc00a028 size 128 Aug 26 13:22:22.545235: | #5 STATE_QUICK_R1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 11028.287684 Aug 26 13:22:22.545238: | pstats #5 ikev1.ipsec established Aug 26 13:22:22.545243: | NAT-T: encaps is 'auto' Aug 26 13:22:22.545248: "northnet-eastnets/0x2" #5: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2 tunnel mode {ESP=>0xdcd59a6b <0xdfa7993f xfrm=AES_CBC_128-HMAC_SHA1_96 NATOA=none NATD=none DPD=passive} Aug 26 13:22:22.545253: | modecfg pull: noquirk policy:push not-client Aug 26 13:22:22.545256: | phase 1 is done, looking for phase 2 to unpend Aug 26 13:22:22.545261: | resume sending helper answer for #5 suppresed complete_v1_state_transition() Aug 26 13:22:22.545268: | #5 spent 1.37 milliseconds in resume sending helper answer Aug 26 13:22:22.545275: | stop processing: state #5 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:833) Aug 26 13:22:22.545282: | libevent_free: release ptr-libevent@0x7f4ec8003e78 Aug 26 13:22:22.545300: | processing resume sending helper answer for #6 Aug 26 13:22:22.545310: | start processing: state #6 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in resume_handler() at server.c:797) Aug 26 13:22:22.545315: | crypto helper 1 replies to request ID 12 Aug 26 13:22:22.545318: | calling continuation function 0x555fba81bb50 Aug 26 13:22:22.545322: | quick_inI1_outR1_cryptocontinue2 for #6: calculated DH, sending R1 Aug 26 13:22:22.545328: | **emit ISAKMP Message: Aug 26 13:22:22.545332: | initiator cookie: Aug 26 13:22:22.545335: | ff 46 30 fd 82 4a 54 6b Aug 26 13:22:22.545338: | responder cookie: Aug 26 13:22:22.545341: | d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:22.545344: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:22.545348: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 13:22:22.545351: | exchange type: ISAKMP_XCHG_QUICK (0x20) Aug 26 13:22:22.545354: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 13:22:22.545358: | Message ID: 2099276581 (0x7d206b25) Aug 26 13:22:22.545362: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:22:22.545365: | ***emit ISAKMP Hash Payload: Aug 26 13:22:22.545369: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:22.545373: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Aug 26 13:22:22.545376: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'reply packet' Aug 26 13:22:22.545380: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Aug 26 13:22:22.545383: | emitting length of ISAKMP Hash Payload: 36 Aug 26 13:22:22.545387: | ***emit ISAKMP Security Association Payload: Aug 26 13:22:22.545390: | next payload type: ISAKMP_NEXT_NONCE (0xa) Aug 26 13:22:22.545393: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 13:22:22.545397: | next payload chain: ignoring supplied 'ISAKMP Security Association Payload'.'next payload type' value 10:ISAKMP_NEXT_NONCE Aug 26 13:22:22.545401: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Security Association Payload (1:ISAKMP_NEXT_SA) Aug 26 13:22:22.545405: | next payload chain: saving location 'ISAKMP Security Association Payload'.'next payload type' in 'reply packet' Aug 26 13:22:22.545408: | ****parse IPsec DOI SIT: Aug 26 13:22:22.545411: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) Aug 26 13:22:22.545415: | ****parse ISAKMP Proposal Payload: Aug 26 13:22:22.545418: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:22.545421: | length: 72 (0x48) Aug 26 13:22:22.545425: | proposal number: 0 (0x0) Aug 26 13:22:22.545428: | protocol ID: PROTO_IPSEC_ESP (0x3) Aug 26 13:22:22.545431: | SPI size: 4 (0x4) Aug 26 13:22:22.545434: | number of transforms: 2 (0x2) Aug 26 13:22:22.545438: | parsing 4 raw bytes of ISAKMP Proposal Payload into SPI Aug 26 13:22:22.545441: | SPI aa d7 2b a6 Aug 26 13:22:22.545444: | *****parse ISAKMP Transform Payload (ESP): Aug 26 13:22:22.545447: | next payload type: ISAKMP_NEXT_T (0x3) Aug 26 13:22:22.545450: | length: 32 (0x20) Aug 26 13:22:22.545454: | ESP transform number: 0 (0x0) Aug 26 13:22:22.545457: | ESP transform ID: ESP_AES (0xc) Aug 26 13:22:22.545460: | ******parse ISAKMP IPsec DOI attribute: Aug 26 13:22:22.545464: | af+type: AF+GROUP_DESCRIPTION (0x8003) Aug 26 13:22:22.545467: | length/value: 14 (0xe) Aug 26 13:22:22.545470: | [14 is OAKLEY_GROUP_MODP2048] Aug 26 13:22:22.545474: | ******parse ISAKMP IPsec DOI attribute: Aug 26 13:22:22.545477: | af+type: AF+ENCAPSULATION_MODE (0x8004) Aug 26 13:22:22.545480: | length/value: 1 (0x1) Aug 26 13:22:22.545483: | [1 is ENCAPSULATION_MODE_TUNNEL] Aug 26 13:22:22.545487: | NAT-T non-encap: Installing IPsec SA without ENCAP, st->hidden_variables.st_nat_traversal is none Aug 26 13:22:22.545490: | ******parse ISAKMP IPsec DOI attribute: Aug 26 13:22:22.545496: | af+type: AF+SA_LIFE_TYPE (0x8001) Aug 26 13:22:22.545499: | length/value: 1 (0x1) Aug 26 13:22:22.545502: | [1 is SA_LIFE_TYPE_SECONDS] Aug 26 13:22:22.545505: | ******parse ISAKMP IPsec DOI attribute: Aug 26 13:22:22.545509: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) Aug 26 13:22:22.545512: | length/value: 28800 (0x7080) Aug 26 13:22:22.545515: | ******parse ISAKMP IPsec DOI attribute: Aug 26 13:22:22.545518: | af+type: AF+AUTH_ALGORITHM (0x8005) Aug 26 13:22:22.545521: | length/value: 2 (0x2) Aug 26 13:22:22.545524: | [2 is AUTH_ALGORITHM_HMAC_SHA1] Aug 26 13:22:22.545528: | ******parse ISAKMP IPsec DOI attribute: Aug 26 13:22:22.545531: | af+type: AF+KEY_LENGTH (0x8006) Aug 26 13:22:22.545534: | length/value: 128 (0x80) Aug 26 13:22:22.545537: | ESP IPsec Transform verified unconditionally; no alg_info to check against Aug 26 13:22:22.545540: | ****emit IPsec DOI SIT: Aug 26 13:22:22.545544: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) Aug 26 13:22:22.545547: | ****emit ISAKMP Proposal Payload: Aug 26 13:22:22.545550: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:22.545553: | proposal number: 0 (0x0) Aug 26 13:22:22.545557: | protocol ID: PROTO_IPSEC_ESP (0x3) Aug 26 13:22:22.545560: | SPI size: 4 (0x4) Aug 26 13:22:22.545563: | number of transforms: 1 (0x1) Aug 26 13:22:22.545566: | last substructure: saving location 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' Aug 26 13:22:22.545582: | netlink_get_spi: allocated 0x5b1ca772 for esp.0@192.1.2.23 Aug 26 13:22:22.545587: | emitting 4 raw bytes of SPI into ISAKMP Proposal Payload Aug 26 13:22:22.545590: | SPI 5b 1c a7 72 Aug 26 13:22:22.545593: | *****emit ISAKMP Transform Payload (ESP): Aug 26 13:22:22.545597: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:22.545600: | ESP transform number: 0 (0x0) Aug 26 13:22:22.545603: | ESP transform ID: ESP_AES (0xc) Aug 26 13:22:22.545606: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' Aug 26 13:22:22.545610: | emitting 24 raw bytes of attributes into ISAKMP Transform Payload (ESP) Aug 26 13:22:22.545614: | attributes 80 03 00 0e 80 04 00 01 80 01 00 01 80 02 70 80 Aug 26 13:22:22.545617: | attributes 80 05 00 02 80 06 00 80 Aug 26 13:22:22.545620: | emitting length of ISAKMP Transform Payload (ESP): 32 Aug 26 13:22:22.545623: | emitting length of ISAKMP Proposal Payload: 44 Aug 26 13:22:22.545627: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' is 0 Aug 26 13:22:22.545630: | emitting length of ISAKMP Security Association Payload: 56 Aug 26 13:22:22.545634: | last substructure: checking 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' is 0 Aug 26 13:22:22.545639: "northnet-eastnets/0x1" #6: responding to Quick Mode proposal {msgid:7d206b25} Aug 26 13:22:22.545653: "northnet-eastnets/0x1" #6: us: 192.0.2.0/24===192.1.2.23<192.1.2.23>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org] Aug 26 13:22:22.545664: "northnet-eastnets/0x1" #6: them: 192.1.3.33<192.1.3.33>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org]===192.0.3.0/24 Aug 26 13:22:22.545668: | ***emit ISAKMP Nonce Payload: Aug 26 13:22:22.545671: | next payload type: ISAKMP_NEXT_KE (0x4) Aug 26 13:22:22.545675: | next payload chain: ignoring supplied 'ISAKMP Nonce Payload'.'next payload type' value 4:ISAKMP_NEXT_KE Aug 26 13:22:22.545679: | next payload chain: setting previous 'ISAKMP Security Association Payload'.'next payload type' to current ISAKMP Nonce Payload (10:ISAKMP_NEXT_NONCE) Aug 26 13:22:22.545683: | next payload chain: saving location 'ISAKMP Nonce Payload'.'next payload type' in 'reply packet' Aug 26 13:22:22.545686: | emitting 32 raw bytes of Nr into ISAKMP Nonce Payload Aug 26 13:22:22.545692: | Nr 18 cf 7e 8c ca 4a 96 49 92 4e b6 b1 ea 78 93 8c Aug 26 13:22:22.545695: | Nr c1 67 78 c2 24 f7 b8 47 67 f3 20 a2 4d b9 b0 a2 Aug 26 13:22:22.545698: | emitting length of ISAKMP Nonce Payload: 36 Aug 26 13:22:22.545701: | ***emit ISAKMP Key Exchange Payload: Aug 26 13:22:22.545704: | next payload type: ISAKMP_NEXT_ID (0x5) Aug 26 13:22:22.545708: | next payload chain: ignoring supplied 'ISAKMP Key Exchange Payload'.'next payload type' value 5:ISAKMP_NEXT_ID Aug 26 13:22:22.545712: | next payload chain: setting previous 'ISAKMP Nonce Payload'.'next payload type' to current ISAKMP Key Exchange Payload (4:ISAKMP_NEXT_KE) Aug 26 13:22:22.545715: | next payload chain: saving location 'ISAKMP Key Exchange Payload'.'next payload type' in 'reply packet' Aug 26 13:22:22.545719: | emitting 256 raw bytes of keyex value into ISAKMP Key Exchange Payload Aug 26 13:22:22.545722: | keyex value c8 93 60 07 08 6e 20 5f 5c a6 d1 7e 2c 0f 05 28 Aug 26 13:22:22.545725: | keyex value ca e7 ab 80 8d e8 d7 c2 d7 08 98 d8 c5 de 2f 9b Aug 26 13:22:22.545728: | keyex value d3 a1 42 f8 fa fd 1d 13 5d 06 0a cd 4e cb 5b 73 Aug 26 13:22:22.545731: | keyex value eb cc cd 60 d6 fd 6d 04 41 c3 77 91 99 28 7a 47 Aug 26 13:22:22.545734: | keyex value c3 7b 19 f7 18 f2 b9 62 7a c1 c7 ba 80 34 f1 7d Aug 26 13:22:22.545737: | keyex value c0 6f 52 f2 93 6e 7b f4 c9 25 fb 89 29 be e7 53 Aug 26 13:22:22.545740: | keyex value 0b a0 0a a9 83 40 eb 69 40 17 fb 0d 51 fa 44 c4 Aug 26 13:22:22.545743: | keyex value e5 db 44 7a b0 e1 79 1e 4a db b1 db db cc 6c 9b Aug 26 13:22:22.545746: | keyex value 35 1a 90 e3 7d 4c 6b 8d d2 d9 6b 7d 69 53 46 ca Aug 26 13:22:22.545749: | keyex value ef 46 35 e9 d2 e8 e0 b6 75 c5 9f 3b bf 2d dc f3 Aug 26 13:22:22.545752: | keyex value f2 da cf ce b9 3b 01 95 cf ba 2d 5d 2f 80 bf 1f Aug 26 13:22:22.545755: | keyex value b3 88 44 ce c8 ab b4 29 d0 18 a0 7c dc ec f0 4b Aug 26 13:22:22.545758: | keyex value b1 16 11 3a 7b c3 05 c7 3a e9 0a 58 ff f0 0a 79 Aug 26 13:22:22.545761: | keyex value 11 a5 c9 ce cd 7a 9a 2a 98 13 2e 7f 16 51 28 90 Aug 26 13:22:22.545764: | keyex value 31 40 08 d3 86 38 5b a1 16 d0 33 53 13 5e 09 c4 Aug 26 13:22:22.545767: | keyex value 4e dd 8e 60 5f f1 a8 65 7a ca bf 22 1b 3a cb 4a Aug 26 13:22:22.545770: | emitting length of ISAKMP Key Exchange Payload: 260 Aug 26 13:22:22.545774: | ***emit ISAKMP Identification Payload (IPsec DOI): Aug 26 13:22:22.545777: | next payload type: ISAKMP_NEXT_ID (0x5) Aug 26 13:22:22.545780: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Aug 26 13:22:22.545783: | Protocol ID: 0 (0x0) Aug 26 13:22:22.545786: | port: 0 (0x0) Aug 26 13:22:22.545790: | next payload chain: ignoring supplied 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' value 5:ISAKMP_NEXT_ID Aug 26 13:22:22.545794: | next payload chain: setting previous 'ISAKMP Key Exchange Payload'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) Aug 26 13:22:22.545797: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' Aug 26 13:22:22.545801: | emitting 8 raw bytes of ID body into ISAKMP Identification Payload (IPsec DOI) Aug 26 13:22:22.545804: | ID body c0 00 03 00 ff ff ff 00 Aug 26 13:22:22.545808: | emitting length of ISAKMP Identification Payload (IPsec DOI): 16 Aug 26 13:22:22.545811: | ***emit ISAKMP Identification Payload (IPsec DOI): Aug 26 13:22:22.545814: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:22.545817: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Aug 26 13:22:22.545820: | Protocol ID: 0 (0x0) Aug 26 13:22:22.545823: | port: 0 (0x0) Aug 26 13:22:22.545827: | next payload chain: setting previous 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) Aug 26 13:22:22.545830: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' Aug 26 13:22:22.545836: | emitting 8 raw bytes of ID body into ISAKMP Identification Payload (IPsec DOI) Aug 26 13:22:22.545839: | ID body c0 00 02 00 ff ff ff 00 Aug 26 13:22:22.545842: | emitting length of ISAKMP Identification Payload (IPsec DOI): 16 Aug 26 13:22:22.545871: | quick inR1 outI2 HASH(2): Aug 26 13:22:22.545875: | c3 9f 03 42 b1 f6 b8 f6 77 39 59 9d 6e df 07 3e Aug 26 13:22:22.545878: | b7 fa ea 98 8c ab 0f 4d b4 3f e3 02 b8 b0 63 b4 Aug 26 13:22:22.545882: | compute_proto_keymat: needed_len (after ESP enc)=16 Aug 26 13:22:22.545885: | compute_proto_keymat: needed_len (after ESP auth)=36 Aug 26 13:22:22.545994: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:22:22.546000: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Aug 26 13:22:22.546004: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Aug 26 13:22:22.546008: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Aug 26 13:22:22.546011: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Aug 26 13:22:22.546015: | route owner of "northnet-eastnets/0x1" erouted: self Aug 26 13:22:22.546018: | install_inbound_ipsec_sa() checking if we can route Aug 26 13:22:22.546022: | could_route called for northnet-eastnets/0x1 (kind=CK_PERMANENT) Aug 26 13:22:22.546025: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:22:22.546028: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Aug 26 13:22:22.546032: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Aug 26 13:22:22.546035: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Aug 26 13:22:22.546038: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Aug 26 13:22:22.546043: | route owner of "northnet-eastnets/0x1" erouted: self; eroute owner: self Aug 26 13:22:22.546046: | routing is easy, or has resolvable near-conflict Aug 26 13:22:22.546049: | checking if this is a replacement state Aug 26 13:22:22.546053: | st=0x555fbaf47cc8 ost=0x555fbaf3f178 st->serialno=#6 ost->serialno=#4 Aug 26 13:22:22.546056: "northnet-eastnets/0x1" #6: keeping refhim=0 during rekey Aug 26 13:22:22.546060: | installing outgoing SA now as refhim=0 Aug 26 13:22:22.546064: | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 Aug 26 13:22:22.546067: | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 Aug 26 13:22:22.546071: | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 Aug 26 13:22:22.546076: | setting IPsec SA replay-window to 32 Aug 26 13:22:22.546080: | NIC esp-hw-offload not for connection 'northnet-eastnets/0x1' not available on interface eth1 Aug 26 13:22:22.546083: | netlink: enabling tunnel mode Aug 26 13:22:22.546087: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 13:22:22.546090: | netlink: esp-hw-offload not set for IPsec SA Aug 26 13:22:22.546144: | netlink response for Add SA esp.aad72ba6@192.1.3.33 included non-error error Aug 26 13:22:22.546153: | outgoing SA has refhim=0 Aug 26 13:22:22.546160: | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 Aug 26 13:22:22.546165: | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 Aug 26 13:22:22.546169: | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 Aug 26 13:22:22.546173: | setting IPsec SA replay-window to 32 Aug 26 13:22:22.546177: | NIC esp-hw-offload not for connection 'northnet-eastnets/0x1' not available on interface eth1 Aug 26 13:22:22.546180: | netlink: enabling tunnel mode Aug 26 13:22:22.546184: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 13:22:22.546187: | netlink: esp-hw-offload not set for IPsec SA Aug 26 13:22:22.546240: | netlink response for Add SA esp.5b1ca772@192.1.2.23 included non-error error Aug 26 13:22:22.546312: | emitting 12 zero bytes of encryption padding into ISAKMP Message Aug 26 13:22:22.546323: | no IKEv1 message padding required Aug 26 13:22:22.546327: | emitting length of ISAKMP Message: 460 Aug 26 13:22:22.546340: | finished processing quick inI1 Aug 26 13:22:22.546347: | complete v1 state transition with STF_OK Aug 26 13:22:22.546354: | [RE]START processing: state #6 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in complete_v1_state_transition() at ikev1.c:2673) Aug 26 13:22:22.546358: | #6 is idle Aug 26 13:22:22.546361: | doing_xauth:no, t_xauth_client_done:no Aug 26 13:22:22.546365: | IKEv1: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1 Aug 26 13:22:22.546369: | child state #6: QUICK_R0(established CHILD SA) => QUICK_R1(established CHILD SA) Aug 26 13:22:22.546372: | event_already_set, deleting event Aug 26 13:22:22.546376: | state #6 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:22:22.546380: | libevent_free: release ptr-libevent@0x7f4ec4004fd8 Aug 26 13:22:22.546384: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f4ebc004218 Aug 26 13:22:22.546390: | sending reply packet to 192.1.3.33:500 (from 192.1.2.23:500) Aug 26 13:22:22.546399: | sending 460 bytes for STATE_QUICK_R0 through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #6) Aug 26 13:22:22.546402: | ff 46 30 fd 82 4a 54 6b d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:22.546405: | 08 10 20 01 7d 20 6b 25 00 00 01 cc af 36 6f 0c Aug 26 13:22:22.546408: | 84 ee 71 a9 51 a8 42 2e 9c e1 24 b8 71 b4 a5 93 Aug 26 13:22:22.546411: | de e8 dc 17 62 37 71 d5 a1 f6 82 57 96 56 b3 c6 Aug 26 13:22:22.546414: | 76 d1 d6 36 c4 72 23 b3 f3 c5 ff d3 a4 cf d0 8e Aug 26 13:22:22.546417: | ad c5 9a 7b e8 fd e1 3c eb 8b 45 35 6d 63 de 11 Aug 26 13:22:22.546420: | 29 74 d0 79 5c 7b 82 e3 34 59 22 44 12 ba fb 41 Aug 26 13:22:22.546423: | e8 f9 d6 dd 3f 63 d6 63 ac d8 dd 13 bf 4a 20 66 Aug 26 13:22:22.546426: | 90 e6 f7 63 f0 e0 34 a3 87 71 aa ce 67 c7 41 40 Aug 26 13:22:22.546429: | 82 a0 e9 da 1c 1e 04 df 59 5a a4 e1 5f 70 e2 ca Aug 26 13:22:22.546432: | a3 50 8e ab 30 c1 3d e6 00 69 4c e3 87 3f 26 9e Aug 26 13:22:22.546434: | 59 96 ef 81 60 96 d3 f4 c4 f8 7a e5 42 77 3f 2a Aug 26 13:22:22.546437: | b3 7b 76 93 d1 28 ca db 44 07 e6 12 2a 6b 75 a9 Aug 26 13:22:22.546440: | 49 9e 30 24 b2 aa 98 b2 4a 09 5f ac 04 5a 76 b6 Aug 26 13:22:22.546443: | 84 51 db ae 4d 7e 36 24 51 43 6b 2b 86 88 79 4e Aug 26 13:22:22.546446: | e3 54 3a de 1f 63 48 c7 1d b3 83 00 45 1d ba 1f Aug 26 13:22:22.546449: | 3d 5b 05 dc fb f2 26 d6 70 65 0e 56 6c 4c 88 de Aug 26 13:22:22.546452: | 53 ff ba 2e 0a e7 38 87 04 18 77 a3 40 06 21 72 Aug 26 13:22:22.546455: | 0d 48 6f 9b 13 64 cf e2 34 aa 64 4c 19 13 c9 af Aug 26 13:22:22.546458: | c0 44 36 cf 0e f1 c1 fb c2 35 9f 80 2c 48 f8 62 Aug 26 13:22:22.546461: | 69 f5 da 06 e0 33 34 4e 35 d7 01 53 00 29 23 a8 Aug 26 13:22:22.546464: | 6b 9b d5 fe fd e6 4b a3 aa e5 71 b8 b5 6d 75 e1 Aug 26 13:22:22.546466: | f1 bd 65 9c 6e 21 eb a5 64 95 6d ec df 6b 21 28 Aug 26 13:22:22.546469: | a0 52 a2 2c a5 89 2f a2 af 89 8a c9 a2 f7 55 bb Aug 26 13:22:22.546472: | 91 a2 a2 44 85 d3 3e 79 7c 2b db 08 60 f8 5a 9d Aug 26 13:22:22.546475: | 88 75 71 dd 47 8d 0e 70 66 60 9a f8 4d 81 10 81 Aug 26 13:22:22.546478: | 7d c4 e6 bd 77 84 54 13 d1 3b eb f6 6e 7f 1c 4f Aug 26 13:22:22.546481: | c4 3c 63 e0 ea 33 4e d1 fa 99 78 14 83 c6 d9 34 Aug 26 13:22:22.546484: | bc fc 0d 2d db e4 5e ab 81 5d 99 08 Aug 26 13:22:22.546513: | !event_already_set at reschedule Aug 26 13:22:22.546520: | event_schedule: new EVENT_RETRANSMIT-pe@0x7f4ebc004218 Aug 26 13:22:22.546525: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #6 Aug 26 13:22:22.546529: | libevent_malloc: new ptr-libevent@0x7f4ec8003e78 size 128 Aug 26 13:22:22.546536: | #6 STATE_QUICK_R1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 11028.288985 Aug 26 13:22:22.546539: | pstats #6 ikev1.ipsec established Aug 26 13:22:22.546544: | NAT-T: encaps is 'auto' Aug 26 13:22:22.546549: "northnet-eastnets/0x1" #6: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2 tunnel mode {ESP=>0xaad72ba6 <0x5b1ca772 xfrm=AES_CBC_128-HMAC_SHA1_96 NATOA=none NATD=none DPD=passive} Aug 26 13:22:22.546555: | modecfg pull: noquirk policy:push not-client Aug 26 13:22:22.546558: | phase 1 is done, looking for phase 2 to unpend Aug 26 13:22:22.546563: | resume sending helper answer for #6 suppresed complete_v1_state_transition() Aug 26 13:22:22.546571: | #6 spent 1.22 milliseconds in resume sending helper answer Aug 26 13:22:22.546577: | stop processing: state #6 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in resume_handler() at server.c:833) Aug 26 13:22:22.546581: | libevent_free: release ptr-libevent@0x7f4ec8005118 Aug 26 13:22:23.045402: | timer_event_cb: processing event@0x7f4eb8002b78 Aug 26 13:22:23.045469: | handling event EVENT_RETRANSMIT for child state #5 Aug 26 13:22:23.045495: | start processing: state #5 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in timer_event_cb() at timer.c:250) Aug 26 13:22:23.045507: | IKEv1 retransmit event Aug 26 13:22:23.045523: | [RE]START processing: state #5 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in retransmit_v1_msg() at retry.c:61) Aug 26 13:22:23.045538: | handling event EVENT_RETRANSMIT for 192.1.3.33 "northnet-eastnets/0x2" #5 keying attempt 0 of 0; retransmit 1 Aug 26 13:22:23.045558: | retransmits: current time 11028.788014; retransmit count 0 exceeds limit? NO; deltatime 0.5 exceeds limit? NO; monotime 0.50033 exceeds limit? NO Aug 26 13:22:23.045570: | event_schedule: new EVENT_RETRANSMIT-pe@0x555fbaf3eb68 Aug 26 13:22:23.045582: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #5 Aug 26 13:22:23.045594: | libevent_malloc: new ptr-libevent@0x7f4ec8005118 size 128 Aug 26 13:22:23.045608: "northnet-eastnets/0x2" #5: STATE_QUICK_R1: retransmission; will wait 0.5 seconds for response Aug 26 13:22:23.045628: | sending 460 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #5) Aug 26 13:22:23.045637: | ff 46 30 fd 82 4a 54 6b d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:23.045645: | 08 10 20 01 17 ff 60 cc 00 00 01 cc 91 d8 8d ab Aug 26 13:22:23.045653: | 13 84 10 79 0c 45 94 a3 57 8e f0 7f 3f 6d 6b f8 Aug 26 13:22:23.045660: | d7 6b f0 22 26 d2 a8 2f c2 2e 83 c3 44 3c 19 62 Aug 26 13:22:23.045668: | 86 5b cf ef 37 22 b6 8d f9 ad d8 7d 0f ff 82 88 Aug 26 13:22:23.045675: | 01 54 f3 c1 6c 83 70 02 f3 19 96 3e 7e f9 3d 0f Aug 26 13:22:23.045682: | 1a 2c 33 a0 4c 89 62 34 ac 14 4e 13 bc 8a 21 7b Aug 26 13:22:23.045690: | 00 14 44 6b 60 94 db ed e6 4a 4a 5a d2 27 78 86 Aug 26 13:22:23.045697: | 74 d7 81 87 45 7a d6 73 db 60 52 ee 06 42 1b 02 Aug 26 13:22:23.045705: | 00 6b 63 00 b6 29 9e 77 8e 75 ea d9 f1 da 31 71 Aug 26 13:22:23.045712: | 66 6c a4 4f de 0b 2d eb c1 74 31 16 58 cf b1 68 Aug 26 13:22:23.045720: | e2 95 0e 30 ff fb c6 fd 22 52 53 67 cc bf a7 84 Aug 26 13:22:23.045727: | 67 f3 2d 61 cf 79 66 2c be a8 b7 62 e5 b7 ac 0f Aug 26 13:22:23.045734: | 90 68 d4 c8 a2 d8 e2 01 a7 c6 e8 33 61 82 3b 6b Aug 26 13:22:23.045742: | 47 42 ff d1 78 4b 94 a4 2b 42 3d ab 90 1c 25 00 Aug 26 13:22:23.045749: | 62 5e 9c a1 02 54 b8 c3 cc b8 63 b1 0b 8a 6b 5f Aug 26 13:22:23.045757: | 09 3c 58 ef 71 93 a1 3c 18 23 60 62 04 15 bf 87 Aug 26 13:22:23.045764: | 40 0f cf d4 47 42 33 78 4d 1f cb a9 44 24 f6 88 Aug 26 13:22:23.045771: | 4b 76 c0 04 cd 76 51 14 1e 7f f9 a7 f0 c4 7f 68 Aug 26 13:22:23.045779: | e3 d5 c2 83 f9 f1 ed 71 9a 97 ef 97 13 69 4e 91 Aug 26 13:22:23.045786: | 3f 2a c5 30 a9 b2 7d f8 fe c3 ed 82 e6 68 e3 47 Aug 26 13:22:23.045794: | 53 94 e9 f8 b4 21 43 2b 2d e1 b6 aa 44 fe 24 ae Aug 26 13:22:23.045801: | 89 69 4c e8 b4 7c 2a 87 0a 3e 21 56 cb 9b 1f 01 Aug 26 13:22:23.045808: | 7a 97 65 33 b1 25 44 85 89 2e 84 29 ba ac 67 87 Aug 26 13:22:23.045816: | a0 2a b2 ab ff 41 df b6 78 49 8c 24 8c a2 52 8e Aug 26 13:22:23.045823: | 84 c9 34 c2 23 9b 32 a5 bb bd 3f 31 2f 83 89 93 Aug 26 13:22:23.045831: | 24 f7 d2 b2 c1 6e 08 dc a9 f6 b5 04 64 85 87 05 Aug 26 13:22:23.045838: | f1 56 60 d3 fe fe f0 0a dd 26 4e 38 07 2d 9e d4 Aug 26 13:22:23.045858: | 62 db 0c a7 e8 a7 2a c9 1c de 93 74 Aug 26 13:22:23.045990: | libevent_free: release ptr-libevent@0x7f4ebc00a028 Aug 26 13:22:23.046008: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f4eb8002b78 Aug 26 13:22:23.046030: | #5 spent 0.568 milliseconds in timer_event_cb() EVENT_RETRANSMIT Aug 26 13:22:23.046047: | stop processing: state #5 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in timer_event_cb() at timer.c:557) Aug 26 13:22:23.047211: | timer_event_cb: processing event@0x7f4ebc004218 Aug 26 13:22:23.047258: | handling event EVENT_RETRANSMIT for child state #6 Aug 26 13:22:23.047281: | start processing: state #6 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in timer_event_cb() at timer.c:250) Aug 26 13:22:23.047309: | IKEv1 retransmit event Aug 26 13:22:23.047330: | [RE]START processing: state #6 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in retransmit_v1_msg() at retry.c:61) Aug 26 13:22:23.047345: | handling event EVENT_RETRANSMIT for 192.1.3.33 "northnet-eastnets/0x1" #6 keying attempt 0 of 0; retransmit 1 Aug 26 13:22:23.047365: | retransmits: current time 11028.789821; retransmit count 0 exceeds limit? NO; deltatime 0.5 exceeds limit? NO; monotime 0.500836 exceeds limit? NO Aug 26 13:22:23.047376: | event_schedule: new EVENT_RETRANSMIT-pe@0x7f4eb8002b78 Aug 26 13:22:23.047389: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #6 Aug 26 13:22:23.047399: | libevent_malloc: new ptr-libevent@0x7f4ebc00a028 size 128 Aug 26 13:22:23.047412: "northnet-eastnets/0x1" #6: STATE_QUICK_R1: retransmission; will wait 0.5 seconds for response Aug 26 13:22:23.047431: | sending 460 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #6) Aug 26 13:22:23.047440: | ff 46 30 fd 82 4a 54 6b d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:23.047448: | 08 10 20 01 7d 20 6b 25 00 00 01 cc af 36 6f 0c Aug 26 13:22:23.047456: | 84 ee 71 a9 51 a8 42 2e 9c e1 24 b8 71 b4 a5 93 Aug 26 13:22:23.047463: | de e8 dc 17 62 37 71 d5 a1 f6 82 57 96 56 b3 c6 Aug 26 13:22:23.047470: | 76 d1 d6 36 c4 72 23 b3 f3 c5 ff d3 a4 cf d0 8e Aug 26 13:22:23.047478: | ad c5 9a 7b e8 fd e1 3c eb 8b 45 35 6d 63 de 11 Aug 26 13:22:23.047485: | 29 74 d0 79 5c 7b 82 e3 34 59 22 44 12 ba fb 41 Aug 26 13:22:23.047493: | e8 f9 d6 dd 3f 63 d6 63 ac d8 dd 13 bf 4a 20 66 Aug 26 13:22:23.047500: | 90 e6 f7 63 f0 e0 34 a3 87 71 aa ce 67 c7 41 40 Aug 26 13:22:23.047507: | 82 a0 e9 da 1c 1e 04 df 59 5a a4 e1 5f 70 e2 ca Aug 26 13:22:23.047515: | a3 50 8e ab 30 c1 3d e6 00 69 4c e3 87 3f 26 9e Aug 26 13:22:23.047522: | 59 96 ef 81 60 96 d3 f4 c4 f8 7a e5 42 77 3f 2a Aug 26 13:22:23.047529: | b3 7b 76 93 d1 28 ca db 44 07 e6 12 2a 6b 75 a9 Aug 26 13:22:23.047537: | 49 9e 30 24 b2 aa 98 b2 4a 09 5f ac 04 5a 76 b6 Aug 26 13:22:23.047544: | 84 51 db ae 4d 7e 36 24 51 43 6b 2b 86 88 79 4e Aug 26 13:22:23.047551: | e3 54 3a de 1f 63 48 c7 1d b3 83 00 45 1d ba 1f Aug 26 13:22:23.047559: | 3d 5b 05 dc fb f2 26 d6 70 65 0e 56 6c 4c 88 de Aug 26 13:22:23.047566: | 53 ff ba 2e 0a e7 38 87 04 18 77 a3 40 06 21 72 Aug 26 13:22:23.047573: | 0d 48 6f 9b 13 64 cf e2 34 aa 64 4c 19 13 c9 af Aug 26 13:22:23.047581: | c0 44 36 cf 0e f1 c1 fb c2 35 9f 80 2c 48 f8 62 Aug 26 13:22:23.047588: | 69 f5 da 06 e0 33 34 4e 35 d7 01 53 00 29 23 a8 Aug 26 13:22:23.047595: | 6b 9b d5 fe fd e6 4b a3 aa e5 71 b8 b5 6d 75 e1 Aug 26 13:22:23.047603: | f1 bd 65 9c 6e 21 eb a5 64 95 6d ec df 6b 21 28 Aug 26 13:22:23.047610: | a0 52 a2 2c a5 89 2f a2 af 89 8a c9 a2 f7 55 bb Aug 26 13:22:23.047617: | 91 a2 a2 44 85 d3 3e 79 7c 2b db 08 60 f8 5a 9d Aug 26 13:22:23.047625: | 88 75 71 dd 47 8d 0e 70 66 60 9a f8 4d 81 10 81 Aug 26 13:22:23.047632: | 7d c4 e6 bd 77 84 54 13 d1 3b eb f6 6e 7f 1c 4f Aug 26 13:22:23.047639: | c4 3c 63 e0 ea 33 4e d1 fa 99 78 14 83 c6 d9 34 Aug 26 13:22:23.047647: | bc fc 0d 2d db e4 5e ab 81 5d 99 08 Aug 26 13:22:23.047739: | libevent_free: release ptr-libevent@0x7f4ec8003e78 Aug 26 13:22:23.047767: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f4ebc004218 Aug 26 13:22:23.047788: | #6 spent 0.522 milliseconds in timer_event_cb() EVENT_RETRANSMIT Aug 26 13:22:23.047804: | stop processing: state #6 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in timer_event_cb() at timer.c:557) Aug 26 13:22:23.547529: | timer_event_cb: processing event@0x555fbaf3eb68 Aug 26 13:22:23.547568: | handling event EVENT_RETRANSMIT for child state #5 Aug 26 13:22:23.547580: | start processing: state #5 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in timer_event_cb() at timer.c:250) Aug 26 13:22:23.547585: | IKEv1 retransmit event Aug 26 13:22:23.547592: | [RE]START processing: state #5 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in retransmit_v1_msg() at retry.c:61) Aug 26 13:22:23.547598: | handling event EVENT_RETRANSMIT for 192.1.3.33 "northnet-eastnets/0x2" #5 keying attempt 0 of 0; retransmit 2 Aug 26 13:22:23.547608: | retransmits: current time 11029.290069; retransmit count 1 exceeds limit? NO; deltatime 1 exceeds limit? NO; monotime 1.002385 exceeds limit? NO Aug 26 13:22:23.547613: | event_schedule: new EVENT_RETRANSMIT-pe@0x7f4ebc004218 Aug 26 13:22:23.547618: | inserting event EVENT_RETRANSMIT, timeout in 1 seconds for #5 Aug 26 13:22:23.547623: | libevent_malloc: new ptr-libevent@0x7f4ec8003e78 size 128 Aug 26 13:22:23.547630: "northnet-eastnets/0x2" #5: STATE_QUICK_R1: retransmission; will wait 1 seconds for response Aug 26 13:22:23.547639: | sending 460 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #5) Aug 26 13:22:23.547643: | ff 46 30 fd 82 4a 54 6b d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:23.547647: | 08 10 20 01 17 ff 60 cc 00 00 01 cc 91 d8 8d ab Aug 26 13:22:23.547650: | 13 84 10 79 0c 45 94 a3 57 8e f0 7f 3f 6d 6b f8 Aug 26 13:22:23.547653: | d7 6b f0 22 26 d2 a8 2f c2 2e 83 c3 44 3c 19 62 Aug 26 13:22:23.547656: | 86 5b cf ef 37 22 b6 8d f9 ad d8 7d 0f ff 82 88 Aug 26 13:22:23.547659: | 01 54 f3 c1 6c 83 70 02 f3 19 96 3e 7e f9 3d 0f Aug 26 13:22:23.547662: | 1a 2c 33 a0 4c 89 62 34 ac 14 4e 13 bc 8a 21 7b Aug 26 13:22:23.547665: | 00 14 44 6b 60 94 db ed e6 4a 4a 5a d2 27 78 86 Aug 26 13:22:23.547668: | 74 d7 81 87 45 7a d6 73 db 60 52 ee 06 42 1b 02 Aug 26 13:22:23.547671: | 00 6b 63 00 b6 29 9e 77 8e 75 ea d9 f1 da 31 71 Aug 26 13:22:23.547675: | 66 6c a4 4f de 0b 2d eb c1 74 31 16 58 cf b1 68 Aug 26 13:22:23.547678: | e2 95 0e 30 ff fb c6 fd 22 52 53 67 cc bf a7 84 Aug 26 13:22:23.547681: | 67 f3 2d 61 cf 79 66 2c be a8 b7 62 e5 b7 ac 0f Aug 26 13:22:23.547684: | 90 68 d4 c8 a2 d8 e2 01 a7 c6 e8 33 61 82 3b 6b Aug 26 13:22:23.547687: | 47 42 ff d1 78 4b 94 a4 2b 42 3d ab 90 1c 25 00 Aug 26 13:22:23.547690: | 62 5e 9c a1 02 54 b8 c3 cc b8 63 b1 0b 8a 6b 5f Aug 26 13:22:23.547693: | 09 3c 58 ef 71 93 a1 3c 18 23 60 62 04 15 bf 87 Aug 26 13:22:23.547696: | 40 0f cf d4 47 42 33 78 4d 1f cb a9 44 24 f6 88 Aug 26 13:22:23.547699: | 4b 76 c0 04 cd 76 51 14 1e 7f f9 a7 f0 c4 7f 68 Aug 26 13:22:23.547702: | e3 d5 c2 83 f9 f1 ed 71 9a 97 ef 97 13 69 4e 91 Aug 26 13:22:23.547705: | 3f 2a c5 30 a9 b2 7d f8 fe c3 ed 82 e6 68 e3 47 Aug 26 13:22:23.547708: | 53 94 e9 f8 b4 21 43 2b 2d e1 b6 aa 44 fe 24 ae Aug 26 13:22:23.547712: | 89 69 4c e8 b4 7c 2a 87 0a 3e 21 56 cb 9b 1f 01 Aug 26 13:22:23.547715: | 7a 97 65 33 b1 25 44 85 89 2e 84 29 ba ac 67 87 Aug 26 13:22:23.547718: | a0 2a b2 ab ff 41 df b6 78 49 8c 24 8c a2 52 8e Aug 26 13:22:23.547721: | 84 c9 34 c2 23 9b 32 a5 bb bd 3f 31 2f 83 89 93 Aug 26 13:22:23.547724: | 24 f7 d2 b2 c1 6e 08 dc a9 f6 b5 04 64 85 87 05 Aug 26 13:22:23.547727: | f1 56 60 d3 fe fe f0 0a dd 26 4e 38 07 2d 9e d4 Aug 26 13:22:23.547730: | 62 db 0c a7 e8 a7 2a c9 1c de 93 74 Aug 26 13:22:23.547806: | libevent_free: release ptr-libevent@0x7f4ec8005118 Aug 26 13:22:23.547814: | free_event_entry: release EVENT_RETRANSMIT-pe@0x555fbaf3eb68 Aug 26 13:22:23.547832: | #5 spent 0.268 milliseconds in timer_event_cb() EVENT_RETRANSMIT Aug 26 13:22:23.547840: | stop processing: state #5 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in timer_event_cb() at timer.c:557) Aug 26 13:22:23.547845: | timer_event_cb: processing event@0x7f4eb8002b78 Aug 26 13:22:23.547850: | handling event EVENT_RETRANSMIT for child state #6 Aug 26 13:22:23.547856: | start processing: state #6 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in timer_event_cb() at timer.c:250) Aug 26 13:22:23.547861: | IKEv1 retransmit event Aug 26 13:22:23.547867: | [RE]START processing: state #6 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in retransmit_v1_msg() at retry.c:61) Aug 26 13:22:23.547873: | handling event EVENT_RETRANSMIT for 192.1.3.33 "northnet-eastnets/0x1" #6 keying attempt 0 of 0; retransmit 2 Aug 26 13:22:23.547880: | retransmits: current time 11029.290343; retransmit count 1 exceeds limit? NO; deltatime 1 exceeds limit? NO; monotime 1.001358 exceeds limit? NO Aug 26 13:22:23.547884: | event_schedule: new EVENT_RETRANSMIT-pe@0x555fbaf3eb68 Aug 26 13:22:23.547890: | inserting event EVENT_RETRANSMIT, timeout in 1 seconds for #6 Aug 26 13:22:23.547894: | libevent_malloc: new ptr-libevent@0x7f4ec8005118 size 128 Aug 26 13:22:23.547898: "northnet-eastnets/0x1" #6: STATE_QUICK_R1: retransmission; will wait 1 seconds for response Aug 26 13:22:23.547906: | sending 460 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #6) Aug 26 13:22:23.547910: | ff 46 30 fd 82 4a 54 6b d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:23.547913: | 08 10 20 01 7d 20 6b 25 00 00 01 cc af 36 6f 0c Aug 26 13:22:23.547917: | 84 ee 71 a9 51 a8 42 2e 9c e1 24 b8 71 b4 a5 93 Aug 26 13:22:23.547920: | de e8 dc 17 62 37 71 d5 a1 f6 82 57 96 56 b3 c6 Aug 26 13:22:23.547923: | 76 d1 d6 36 c4 72 23 b3 f3 c5 ff d3 a4 cf d0 8e Aug 26 13:22:23.547926: | ad c5 9a 7b e8 fd e1 3c eb 8b 45 35 6d 63 de 11 Aug 26 13:22:23.547929: | 29 74 d0 79 5c 7b 82 e3 34 59 22 44 12 ba fb 41 Aug 26 13:22:23.547932: | e8 f9 d6 dd 3f 63 d6 63 ac d8 dd 13 bf 4a 20 66 Aug 26 13:22:23.547935: | 90 e6 f7 63 f0 e0 34 a3 87 71 aa ce 67 c7 41 40 Aug 26 13:22:23.547938: | 82 a0 e9 da 1c 1e 04 df 59 5a a4 e1 5f 70 e2 ca Aug 26 13:22:23.547941: | a3 50 8e ab 30 c1 3d e6 00 69 4c e3 87 3f 26 9e Aug 26 13:22:23.547944: | 59 96 ef 81 60 96 d3 f4 c4 f8 7a e5 42 77 3f 2a Aug 26 13:22:23.547947: | b3 7b 76 93 d1 28 ca db 44 07 e6 12 2a 6b 75 a9 Aug 26 13:22:23.547950: | 49 9e 30 24 b2 aa 98 b2 4a 09 5f ac 04 5a 76 b6 Aug 26 13:22:23.547953: | 84 51 db ae 4d 7e 36 24 51 43 6b 2b 86 88 79 4e Aug 26 13:22:23.547957: | e3 54 3a de 1f 63 48 c7 1d b3 83 00 45 1d ba 1f Aug 26 13:22:23.547960: | 3d 5b 05 dc fb f2 26 d6 70 65 0e 56 6c 4c 88 de Aug 26 13:22:23.547963: | 53 ff ba 2e 0a e7 38 87 04 18 77 a3 40 06 21 72 Aug 26 13:22:23.547966: | 0d 48 6f 9b 13 64 cf e2 34 aa 64 4c 19 13 c9 af Aug 26 13:22:23.547969: | c0 44 36 cf 0e f1 c1 fb c2 35 9f 80 2c 48 f8 62 Aug 26 13:22:23.547972: | 69 f5 da 06 e0 33 34 4e 35 d7 01 53 00 29 23 a8 Aug 26 13:22:23.547975: | 6b 9b d5 fe fd e6 4b a3 aa e5 71 b8 b5 6d 75 e1 Aug 26 13:22:23.547978: | f1 bd 65 9c 6e 21 eb a5 64 95 6d ec df 6b 21 28 Aug 26 13:22:23.547981: | a0 52 a2 2c a5 89 2f a2 af 89 8a c9 a2 f7 55 bb Aug 26 13:22:23.547984: | 91 a2 a2 44 85 d3 3e 79 7c 2b db 08 60 f8 5a 9d Aug 26 13:22:23.547987: | 88 75 71 dd 47 8d 0e 70 66 60 9a f8 4d 81 10 81 Aug 26 13:22:23.547990: | 7d c4 e6 bd 77 84 54 13 d1 3b eb f6 6e 7f 1c 4f Aug 26 13:22:23.547994: | c4 3c 63 e0 ea 33 4e d1 fa 99 78 14 83 c6 d9 34 Aug 26 13:22:23.547997: | bc fc 0d 2d db e4 5e ab 81 5d 99 08 Aug 26 13:22:23.548020: | libevent_free: release ptr-libevent@0x7f4ebc00a028 Aug 26 13:22:23.548026: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f4eb8002b78 Aug 26 13:22:23.548033: | #6 spent 0.177 milliseconds in timer_event_cb() EVENT_RETRANSMIT Aug 26 13:22:23.548042: | stop processing: state #6 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in timer_event_cb() at timer.c:557) Aug 26 13:22:24.549363: | timer_event_cb: processing event@0x7f4ebc004218 Aug 26 13:22:24.549424: | handling event EVENT_RETRANSMIT for child state #5 Aug 26 13:22:24.549446: | start processing: state #5 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in timer_event_cb() at timer.c:250) Aug 26 13:22:24.549456: | IKEv1 retransmit event Aug 26 13:22:24.549470: | [RE]START processing: state #5 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in retransmit_v1_msg() at retry.c:61) Aug 26 13:22:24.549482: | handling event EVENT_RETRANSMIT for 192.1.3.33 "northnet-eastnets/0x2" #5 keying attempt 0 of 0; retransmit 3 Aug 26 13:22:24.549500: | retransmits: current time 11030.291957; retransmit count 2 exceeds limit? NO; deltatime 2 exceeds limit? NO; monotime 2.004273 exceeds limit? NO Aug 26 13:22:24.549510: | event_schedule: new EVENT_RETRANSMIT-pe@0x7f4eb8002b78 Aug 26 13:22:24.549520: | inserting event EVENT_RETRANSMIT, timeout in 2 seconds for #5 Aug 26 13:22:24.549529: | libevent_malloc: new ptr-libevent@0x7f4ebc00a028 size 128 Aug 26 13:22:24.549540: "northnet-eastnets/0x2" #5: STATE_QUICK_R1: retransmission; will wait 2 seconds for response Aug 26 13:22:24.549558: | sending 460 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #5) Aug 26 13:22:24.549566: | ff 46 30 fd 82 4a 54 6b d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:24.549573: | 08 10 20 01 17 ff 60 cc 00 00 01 cc 91 d8 8d ab Aug 26 13:22:24.549579: | 13 84 10 79 0c 45 94 a3 57 8e f0 7f 3f 6d 6b f8 Aug 26 13:22:24.549586: | d7 6b f0 22 26 d2 a8 2f c2 2e 83 c3 44 3c 19 62 Aug 26 13:22:24.549592: | 86 5b cf ef 37 22 b6 8d f9 ad d8 7d 0f ff 82 88 Aug 26 13:22:24.549598: | 01 54 f3 c1 6c 83 70 02 f3 19 96 3e 7e f9 3d 0f Aug 26 13:22:24.549604: | 1a 2c 33 a0 4c 89 62 34 ac 14 4e 13 bc 8a 21 7b Aug 26 13:22:24.549611: | 00 14 44 6b 60 94 db ed e6 4a 4a 5a d2 27 78 86 Aug 26 13:22:24.549617: | 74 d7 81 87 45 7a d6 73 db 60 52 ee 06 42 1b 02 Aug 26 13:22:24.549623: | 00 6b 63 00 b6 29 9e 77 8e 75 ea d9 f1 da 31 71 Aug 26 13:22:24.549630: | 66 6c a4 4f de 0b 2d eb c1 74 31 16 58 cf b1 68 Aug 26 13:22:24.549636: | e2 95 0e 30 ff fb c6 fd 22 52 53 67 cc bf a7 84 Aug 26 13:22:24.549642: | 67 f3 2d 61 cf 79 66 2c be a8 b7 62 e5 b7 ac 0f Aug 26 13:22:24.549649: | 90 68 d4 c8 a2 d8 e2 01 a7 c6 e8 33 61 82 3b 6b Aug 26 13:22:24.549655: | 47 42 ff d1 78 4b 94 a4 2b 42 3d ab 90 1c 25 00 Aug 26 13:22:24.549661: | 62 5e 9c a1 02 54 b8 c3 cc b8 63 b1 0b 8a 6b 5f Aug 26 13:22:24.549667: | 09 3c 58 ef 71 93 a1 3c 18 23 60 62 04 15 bf 87 Aug 26 13:22:24.549674: | 40 0f cf d4 47 42 33 78 4d 1f cb a9 44 24 f6 88 Aug 26 13:22:24.549680: | 4b 76 c0 04 cd 76 51 14 1e 7f f9 a7 f0 c4 7f 68 Aug 26 13:22:24.549686: | e3 d5 c2 83 f9 f1 ed 71 9a 97 ef 97 13 69 4e 91 Aug 26 13:22:24.549693: | 3f 2a c5 30 a9 b2 7d f8 fe c3 ed 82 e6 68 e3 47 Aug 26 13:22:24.549699: | 53 94 e9 f8 b4 21 43 2b 2d e1 b6 aa 44 fe 24 ae Aug 26 13:22:24.549705: | 89 69 4c e8 b4 7c 2a 87 0a 3e 21 56 cb 9b 1f 01 Aug 26 13:22:24.549711: | 7a 97 65 33 b1 25 44 85 89 2e 84 29 ba ac 67 87 Aug 26 13:22:24.549718: | a0 2a b2 ab ff 41 df b6 78 49 8c 24 8c a2 52 8e Aug 26 13:22:24.549724: | 84 c9 34 c2 23 9b 32 a5 bb bd 3f 31 2f 83 89 93 Aug 26 13:22:24.549730: | 24 f7 d2 b2 c1 6e 08 dc a9 f6 b5 04 64 85 87 05 Aug 26 13:22:24.549736: | f1 56 60 d3 fe fe f0 0a dd 26 4e 38 07 2d 9e d4 Aug 26 13:22:24.549742: | 62 db 0c a7 e8 a7 2a c9 1c de 93 74 Aug 26 13:22:24.549862: | libevent_free: release ptr-libevent@0x7f4ec8003e78 Aug 26 13:22:24.549876: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f4ebc004218 Aug 26 13:22:24.549895: | #5 spent 0.479 milliseconds in timer_event_cb() EVENT_RETRANSMIT Aug 26 13:22:24.549910: | stop processing: state #5 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in timer_event_cb() at timer.c:557) Aug 26 13:22:24.549933: | timer_event_cb: processing event@0x555fbaf3eb68 Aug 26 13:22:24.549942: | handling event EVENT_RETRANSMIT for child state #6 Aug 26 13:22:24.549955: | start processing: state #6 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in timer_event_cb() at timer.c:250) Aug 26 13:22:24.549965: | IKEv1 retransmit event Aug 26 13:22:24.549978: | [RE]START processing: state #6 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in retransmit_v1_msg() at retry.c:61) Aug 26 13:22:24.549989: | handling event EVENT_RETRANSMIT for 192.1.3.33 "northnet-eastnets/0x1" #6 keying attempt 0 of 0; retransmit 3 Aug 26 13:22:24.550005: | retransmits: current time 11030.292463; retransmit count 2 exceeds limit? NO; deltatime 2 exceeds limit? NO; monotime 2.003478 exceeds limit? NO Aug 26 13:22:24.550013: | event_schedule: new EVENT_RETRANSMIT-pe@0x7f4ebc004218 Aug 26 13:22:24.550022: | inserting event EVENT_RETRANSMIT, timeout in 2 seconds for #6 Aug 26 13:22:24.550030: | libevent_malloc: new ptr-libevent@0x7f4ec8003e78 size 128 Aug 26 13:22:24.550039: "northnet-eastnets/0x1" #6: STATE_QUICK_R1: retransmission; will wait 2 seconds for response Aug 26 13:22:24.550053: | sending 460 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #6) Aug 26 13:22:24.550060: | ff 46 30 fd 82 4a 54 6b d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:24.550066: | 08 10 20 01 7d 20 6b 25 00 00 01 cc af 36 6f 0c Aug 26 13:22:24.550072: | 84 ee 71 a9 51 a8 42 2e 9c e1 24 b8 71 b4 a5 93 Aug 26 13:22:24.550078: | de e8 dc 17 62 37 71 d5 a1 f6 82 57 96 56 b3 c6 Aug 26 13:22:24.550084: | 76 d1 d6 36 c4 72 23 b3 f3 c5 ff d3 a4 cf d0 8e Aug 26 13:22:24.550090: | ad c5 9a 7b e8 fd e1 3c eb 8b 45 35 6d 63 de 11 Aug 26 13:22:24.550096: | 29 74 d0 79 5c 7b 82 e3 34 59 22 44 12 ba fb 41 Aug 26 13:22:24.550102: | e8 f9 d6 dd 3f 63 d6 63 ac d8 dd 13 bf 4a 20 66 Aug 26 13:22:24.550107: | 90 e6 f7 63 f0 e0 34 a3 87 71 aa ce 67 c7 41 40 Aug 26 13:22:24.550113: | 82 a0 e9 da 1c 1e 04 df 59 5a a4 e1 5f 70 e2 ca Aug 26 13:22:24.550119: | a3 50 8e ab 30 c1 3d e6 00 69 4c e3 87 3f 26 9e Aug 26 13:22:24.550125: | 59 96 ef 81 60 96 d3 f4 c4 f8 7a e5 42 77 3f 2a Aug 26 13:22:24.550131: | b3 7b 76 93 d1 28 ca db 44 07 e6 12 2a 6b 75 a9 Aug 26 13:22:24.550137: | 49 9e 30 24 b2 aa 98 b2 4a 09 5f ac 04 5a 76 b6 Aug 26 13:22:24.550143: | 84 51 db ae 4d 7e 36 24 51 43 6b 2b 86 88 79 4e Aug 26 13:22:24.550148: | e3 54 3a de 1f 63 48 c7 1d b3 83 00 45 1d ba 1f Aug 26 13:22:24.550154: | 3d 5b 05 dc fb f2 26 d6 70 65 0e 56 6c 4c 88 de Aug 26 13:22:24.550160: | 53 ff ba 2e 0a e7 38 87 04 18 77 a3 40 06 21 72 Aug 26 13:22:24.550166: | 0d 48 6f 9b 13 64 cf e2 34 aa 64 4c 19 13 c9 af Aug 26 13:22:24.550172: | c0 44 36 cf 0e f1 c1 fb c2 35 9f 80 2c 48 f8 62 Aug 26 13:22:24.550178: | 69 f5 da 06 e0 33 34 4e 35 d7 01 53 00 29 23 a8 Aug 26 13:22:24.550184: | 6b 9b d5 fe fd e6 4b a3 aa e5 71 b8 b5 6d 75 e1 Aug 26 13:22:24.550189: | f1 bd 65 9c 6e 21 eb a5 64 95 6d ec df 6b 21 28 Aug 26 13:22:24.550195: | a0 52 a2 2c a5 89 2f a2 af 89 8a c9 a2 f7 55 bb Aug 26 13:22:24.550201: | 91 a2 a2 44 85 d3 3e 79 7c 2b db 08 60 f8 5a 9d Aug 26 13:22:24.550207: | 88 75 71 dd 47 8d 0e 70 66 60 9a f8 4d 81 10 81 Aug 26 13:22:24.550213: | 7d c4 e6 bd 77 84 54 13 d1 3b eb f6 6e 7f 1c 4f Aug 26 13:22:24.550219: | c4 3c 63 e0 ea 33 4e d1 fa 99 78 14 83 c6 d9 34 Aug 26 13:22:24.550225: | bc fc 0d 2d db e4 5e ab 81 5d 99 08 Aug 26 13:22:24.550270: | libevent_free: release ptr-libevent@0x7f4ec8005118 Aug 26 13:22:24.550281: | free_event_entry: release EVENT_RETRANSMIT-pe@0x555fbaf3eb68 Aug 26 13:22:24.550328: | #6 spent 0.345 milliseconds in timer_event_cb() EVENT_RETRANSMIT Aug 26 13:22:24.550359: | stop processing: state #6 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in timer_event_cb() at timer.c:557) Aug 26 13:22:26.552679: | timer_event_cb: processing event@0x7f4eb8002b78 Aug 26 13:22:26.552739: | handling event EVENT_RETRANSMIT for child state #5 Aug 26 13:22:26.552764: | start processing: state #5 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in timer_event_cb() at timer.c:250) Aug 26 13:22:26.552772: | IKEv1 retransmit event Aug 26 13:22:26.552781: | [RE]START processing: state #5 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in retransmit_v1_msg() at retry.c:61) Aug 26 13:22:26.552790: | handling event EVENT_RETRANSMIT for 192.1.3.33 "northnet-eastnets/0x2" #5 keying attempt 0 of 0; retransmit 4 Aug 26 13:22:26.552802: | retransmits: current time 11032.295262; retransmit count 3 exceeds limit? NO; deltatime 4 exceeds limit? NO; monotime 4.007578 exceeds limit? NO Aug 26 13:22:26.552809: | event_schedule: new EVENT_RETRANSMIT-pe@0x555fbaf3eb68 Aug 26 13:22:26.552816: | inserting event EVENT_RETRANSMIT, timeout in 4 seconds for #5 Aug 26 13:22:26.552823: | libevent_malloc: new ptr-libevent@0x7f4ec8005118 size 128 Aug 26 13:22:26.552831: "northnet-eastnets/0x2" #5: STATE_QUICK_R1: retransmission; will wait 4 seconds for response Aug 26 13:22:26.552843: | sending 460 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #5) Aug 26 13:22:26.552848: | ff 46 30 fd 82 4a 54 6b d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:26.552853: | 08 10 20 01 17 ff 60 cc 00 00 01 cc 91 d8 8d ab Aug 26 13:22:26.552857: | 13 84 10 79 0c 45 94 a3 57 8e f0 7f 3f 6d 6b f8 Aug 26 13:22:26.552862: | d7 6b f0 22 26 d2 a8 2f c2 2e 83 c3 44 3c 19 62 Aug 26 13:22:26.552866: | 86 5b cf ef 37 22 b6 8d f9 ad d8 7d 0f ff 82 88 Aug 26 13:22:26.552870: | 01 54 f3 c1 6c 83 70 02 f3 19 96 3e 7e f9 3d 0f Aug 26 13:22:26.552874: | 1a 2c 33 a0 4c 89 62 34 ac 14 4e 13 bc 8a 21 7b Aug 26 13:22:26.552878: | 00 14 44 6b 60 94 db ed e6 4a 4a 5a d2 27 78 86 Aug 26 13:22:26.552883: | 74 d7 81 87 45 7a d6 73 db 60 52 ee 06 42 1b 02 Aug 26 13:22:26.552887: | 00 6b 63 00 b6 29 9e 77 8e 75 ea d9 f1 da 31 71 Aug 26 13:22:26.552891: | 66 6c a4 4f de 0b 2d eb c1 74 31 16 58 cf b1 68 Aug 26 13:22:26.552895: | e2 95 0e 30 ff fb c6 fd 22 52 53 67 cc bf a7 84 Aug 26 13:22:26.552899: | 67 f3 2d 61 cf 79 66 2c be a8 b7 62 e5 b7 ac 0f Aug 26 13:22:26.552903: | 90 68 d4 c8 a2 d8 e2 01 a7 c6 e8 33 61 82 3b 6b Aug 26 13:22:26.552908: | 47 42 ff d1 78 4b 94 a4 2b 42 3d ab 90 1c 25 00 Aug 26 13:22:26.552912: | 62 5e 9c a1 02 54 b8 c3 cc b8 63 b1 0b 8a 6b 5f Aug 26 13:22:26.552916: | 09 3c 58 ef 71 93 a1 3c 18 23 60 62 04 15 bf 87 Aug 26 13:22:26.552920: | 40 0f cf d4 47 42 33 78 4d 1f cb a9 44 24 f6 88 Aug 26 13:22:26.552924: | 4b 76 c0 04 cd 76 51 14 1e 7f f9 a7 f0 c4 7f 68 Aug 26 13:22:26.552928: | e3 d5 c2 83 f9 f1 ed 71 9a 97 ef 97 13 69 4e 91 Aug 26 13:22:26.552933: | 3f 2a c5 30 a9 b2 7d f8 fe c3 ed 82 e6 68 e3 47 Aug 26 13:22:26.552937: | 53 94 e9 f8 b4 21 43 2b 2d e1 b6 aa 44 fe 24 ae Aug 26 13:22:26.552941: | 89 69 4c e8 b4 7c 2a 87 0a 3e 21 56 cb 9b 1f 01 Aug 26 13:22:26.552945: | 7a 97 65 33 b1 25 44 85 89 2e 84 29 ba ac 67 87 Aug 26 13:22:26.552949: | a0 2a b2 ab ff 41 df b6 78 49 8c 24 8c a2 52 8e Aug 26 13:22:26.552954: | 84 c9 34 c2 23 9b 32 a5 bb bd 3f 31 2f 83 89 93 Aug 26 13:22:26.552958: | 24 f7 d2 b2 c1 6e 08 dc a9 f6 b5 04 64 85 87 05 Aug 26 13:22:26.552962: | f1 56 60 d3 fe fe f0 0a dd 26 4e 38 07 2d 9e d4 Aug 26 13:22:26.552966: | 62 db 0c a7 e8 a7 2a c9 1c de 93 74 Aug 26 13:22:26.553060: | libevent_free: release ptr-libevent@0x7f4ebc00a028 Aug 26 13:22:26.553071: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f4eb8002b78 Aug 26 13:22:26.553085: | #5 spent 0.361 milliseconds in timer_event_cb() EVENT_RETRANSMIT Aug 26 13:22:26.553094: | stop processing: state #5 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in timer_event_cb() at timer.c:557) Aug 26 13:22:26.553102: | timer_event_cb: processing event@0x7f4ebc004218 Aug 26 13:22:26.553107: | handling event EVENT_RETRANSMIT for child state #6 Aug 26 13:22:26.553116: | start processing: state #6 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in timer_event_cb() at timer.c:250) Aug 26 13:22:26.553126: | IKEv1 retransmit event Aug 26 13:22:26.553135: | [RE]START processing: state #6 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in retransmit_v1_msg() at retry.c:61) Aug 26 13:22:26.553143: | handling event EVENT_RETRANSMIT for 192.1.3.33 "northnet-eastnets/0x1" #6 keying attempt 0 of 0; retransmit 4 Aug 26 13:22:26.553153: | retransmits: current time 11032.295614; retransmit count 3 exceeds limit? NO; deltatime 4 exceeds limit? NO; monotime 4.006629 exceeds limit? NO Aug 26 13:22:26.553158: | event_schedule: new EVENT_RETRANSMIT-pe@0x7f4eb8002b78 Aug 26 13:22:26.553165: | inserting event EVENT_RETRANSMIT, timeout in 4 seconds for #6 Aug 26 13:22:26.553170: | libevent_malloc: new ptr-libevent@0x7f4ebc00a028 size 128 Aug 26 13:22:26.553176: "northnet-eastnets/0x1" #6: STATE_QUICK_R1: retransmission; will wait 4 seconds for response Aug 26 13:22:26.553186: | sending 460 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #6) Aug 26 13:22:26.553191: | ff 46 30 fd 82 4a 54 6b d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:26.553195: | 08 10 20 01 7d 20 6b 25 00 00 01 cc af 36 6f 0c Aug 26 13:22:26.553199: | 84 ee 71 a9 51 a8 42 2e 9c e1 24 b8 71 b4 a5 93 Aug 26 13:22:26.553204: | de e8 dc 17 62 37 71 d5 a1 f6 82 57 96 56 b3 c6 Aug 26 13:22:26.553208: | 76 d1 d6 36 c4 72 23 b3 f3 c5 ff d3 a4 cf d0 8e Aug 26 13:22:26.553212: | ad c5 9a 7b e8 fd e1 3c eb 8b 45 35 6d 63 de 11 Aug 26 13:22:26.553216: | 29 74 d0 79 5c 7b 82 e3 34 59 22 44 12 ba fb 41 Aug 26 13:22:26.553220: | e8 f9 d6 dd 3f 63 d6 63 ac d8 dd 13 bf 4a 20 66 Aug 26 13:22:26.553225: | 90 e6 f7 63 f0 e0 34 a3 87 71 aa ce 67 c7 41 40 Aug 26 13:22:26.553229: | 82 a0 e9 da 1c 1e 04 df 59 5a a4 e1 5f 70 e2 ca Aug 26 13:22:26.553233: | a3 50 8e ab 30 c1 3d e6 00 69 4c e3 87 3f 26 9e Aug 26 13:22:26.553237: | 59 96 ef 81 60 96 d3 f4 c4 f8 7a e5 42 77 3f 2a Aug 26 13:22:26.553241: | b3 7b 76 93 d1 28 ca db 44 07 e6 12 2a 6b 75 a9 Aug 26 13:22:26.553245: | 49 9e 30 24 b2 aa 98 b2 4a 09 5f ac 04 5a 76 b6 Aug 26 13:22:26.553250: | 84 51 db ae 4d 7e 36 24 51 43 6b 2b 86 88 79 4e Aug 26 13:22:26.553254: | e3 54 3a de 1f 63 48 c7 1d b3 83 00 45 1d ba 1f Aug 26 13:22:26.553258: | 3d 5b 05 dc fb f2 26 d6 70 65 0e 56 6c 4c 88 de Aug 26 13:22:26.553262: | 53 ff ba 2e 0a e7 38 87 04 18 77 a3 40 06 21 72 Aug 26 13:22:26.553266: | 0d 48 6f 9b 13 64 cf e2 34 aa 64 4c 19 13 c9 af Aug 26 13:22:26.553270: | c0 44 36 cf 0e f1 c1 fb c2 35 9f 80 2c 48 f8 62 Aug 26 13:22:26.553275: | 69 f5 da 06 e0 33 34 4e 35 d7 01 53 00 29 23 a8 Aug 26 13:22:26.553279: | 6b 9b d5 fe fd e6 4b a3 aa e5 71 b8 b5 6d 75 e1 Aug 26 13:22:26.553283: | f1 bd 65 9c 6e 21 eb a5 64 95 6d ec df 6b 21 28 Aug 26 13:22:26.553287: | a0 52 a2 2c a5 89 2f a2 af 89 8a c9 a2 f7 55 bb Aug 26 13:22:26.553326: | 91 a2 a2 44 85 d3 3e 79 7c 2b db 08 60 f8 5a 9d Aug 26 13:22:26.553334: | 88 75 71 dd 47 8d 0e 70 66 60 9a f8 4d 81 10 81 Aug 26 13:22:26.553341: | 7d c4 e6 bd 77 84 54 13 d1 3b eb f6 6e 7f 1c 4f Aug 26 13:22:26.553348: | c4 3c 63 e0 ea 33 4e d1 fa 99 78 14 83 c6 d9 34 Aug 26 13:22:26.553354: | bc fc 0d 2d db e4 5e ab 81 5d 99 08 Aug 26 13:22:26.553397: | libevent_free: release ptr-libevent@0x7f4ec8003e78 Aug 26 13:22:26.553405: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f4ebc004218 Aug 26 13:22:26.553416: | #6 spent 0.275 milliseconds in timer_event_cb() EVENT_RETRANSMIT Aug 26 13:22:26.553425: | stop processing: state #6 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in timer_event_cb() at timer.c:557) Aug 26 13:22:30.557520: | timer_event_cb: processing event@0x555fbaf3eb68 Aug 26 13:22:30.557560: | handling event EVENT_RETRANSMIT for child state #5 Aug 26 13:22:30.557572: | start processing: state #5 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in timer_event_cb() at timer.c:250) Aug 26 13:22:30.557578: | IKEv1 retransmit event Aug 26 13:22:30.557593: | [RE]START processing: state #5 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in retransmit_v1_msg() at retry.c:61) Aug 26 13:22:30.557600: | handling event EVENT_RETRANSMIT for 192.1.3.33 "northnet-eastnets/0x2" #5 keying attempt 0 of 0; retransmit 5 Aug 26 13:22:30.557610: | retransmits: current time 11036.300071; retransmit count 4 exceeds limit? NO; deltatime 8 exceeds limit? NO; monotime 8.012387 exceeds limit? NO Aug 26 13:22:30.557616: | event_schedule: new EVENT_RETRANSMIT-pe@0x7f4ebc004218 Aug 26 13:22:30.557621: | inserting event EVENT_RETRANSMIT, timeout in 8 seconds for #5 Aug 26 13:22:30.557626: | libevent_malloc: new ptr-libevent@0x7f4ec8003e78 size 128 Aug 26 13:22:30.557633: "northnet-eastnets/0x2" #5: STATE_QUICK_R1: retransmission; will wait 8 seconds for response Aug 26 13:22:30.557642: | sending 460 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #5) Aug 26 13:22:30.557646: | ff 46 30 fd 82 4a 54 6b d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:30.557650: | 08 10 20 01 17 ff 60 cc 00 00 01 cc 91 d8 8d ab Aug 26 13:22:30.557653: | 13 84 10 79 0c 45 94 a3 57 8e f0 7f 3f 6d 6b f8 Aug 26 13:22:30.557657: | d7 6b f0 22 26 d2 a8 2f c2 2e 83 c3 44 3c 19 62 Aug 26 13:22:30.557660: | 86 5b cf ef 37 22 b6 8d f9 ad d8 7d 0f ff 82 88 Aug 26 13:22:30.557663: | 01 54 f3 c1 6c 83 70 02 f3 19 96 3e 7e f9 3d 0f Aug 26 13:22:30.557666: | 1a 2c 33 a0 4c 89 62 34 ac 14 4e 13 bc 8a 21 7b Aug 26 13:22:30.557670: | 00 14 44 6b 60 94 db ed e6 4a 4a 5a d2 27 78 86 Aug 26 13:22:30.557673: | 74 d7 81 87 45 7a d6 73 db 60 52 ee 06 42 1b 02 Aug 26 13:22:30.557676: | 00 6b 63 00 b6 29 9e 77 8e 75 ea d9 f1 da 31 71 Aug 26 13:22:30.557679: | 66 6c a4 4f de 0b 2d eb c1 74 31 16 58 cf b1 68 Aug 26 13:22:30.557683: | e2 95 0e 30 ff fb c6 fd 22 52 53 67 cc bf a7 84 Aug 26 13:22:30.557686: | 67 f3 2d 61 cf 79 66 2c be a8 b7 62 e5 b7 ac 0f Aug 26 13:22:30.557689: | 90 68 d4 c8 a2 d8 e2 01 a7 c6 e8 33 61 82 3b 6b Aug 26 13:22:30.557693: | 47 42 ff d1 78 4b 94 a4 2b 42 3d ab 90 1c 25 00 Aug 26 13:22:30.557696: | 62 5e 9c a1 02 54 b8 c3 cc b8 63 b1 0b 8a 6b 5f Aug 26 13:22:30.557699: | 09 3c 58 ef 71 93 a1 3c 18 23 60 62 04 15 bf 87 Aug 26 13:22:30.557702: | 40 0f cf d4 47 42 33 78 4d 1f cb a9 44 24 f6 88 Aug 26 13:22:30.557706: | 4b 76 c0 04 cd 76 51 14 1e 7f f9 a7 f0 c4 7f 68 Aug 26 13:22:30.557709: | e3 d5 c2 83 f9 f1 ed 71 9a 97 ef 97 13 69 4e 91 Aug 26 13:22:30.557712: | 3f 2a c5 30 a9 b2 7d f8 fe c3 ed 82 e6 68 e3 47 Aug 26 13:22:30.557715: | 53 94 e9 f8 b4 21 43 2b 2d e1 b6 aa 44 fe 24 ae Aug 26 13:22:30.557719: | 89 69 4c e8 b4 7c 2a 87 0a 3e 21 56 cb 9b 1f 01 Aug 26 13:22:30.557722: | 7a 97 65 33 b1 25 44 85 89 2e 84 29 ba ac 67 87 Aug 26 13:22:30.557725: | a0 2a b2 ab ff 41 df b6 78 49 8c 24 8c a2 52 8e Aug 26 13:22:30.557728: | 84 c9 34 c2 23 9b 32 a5 bb bd 3f 31 2f 83 89 93 Aug 26 13:22:30.557732: | 24 f7 d2 b2 c1 6e 08 dc a9 f6 b5 04 64 85 87 05 Aug 26 13:22:30.557735: | f1 56 60 d3 fe fe f0 0a dd 26 4e 38 07 2d 9e d4 Aug 26 13:22:30.557738: | 62 db 0c a7 e8 a7 2a c9 1c de 93 74 Aug 26 13:22:30.557818: | libevent_free: release ptr-libevent@0x7f4ec8005118 Aug 26 13:22:30.557826: | free_event_entry: release EVENT_RETRANSMIT-pe@0x555fbaf3eb68 Aug 26 13:22:30.557837: | #5 spent 0.279 milliseconds in timer_event_cb() EVENT_RETRANSMIT Aug 26 13:22:30.557844: | stop processing: state #5 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in timer_event_cb() at timer.c:557) Aug 26 13:22:30.557850: | timer_event_cb: processing event@0x7f4eb8002b78 Aug 26 13:22:30.557855: | handling event EVENT_RETRANSMIT for child state #6 Aug 26 13:22:30.557862: | start processing: state #6 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in timer_event_cb() at timer.c:250) Aug 26 13:22:30.557867: | IKEv1 retransmit event Aug 26 13:22:30.557873: | [RE]START processing: state #6 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in retransmit_v1_msg() at retry.c:61) Aug 26 13:22:30.557882: | handling event EVENT_RETRANSMIT for 192.1.3.33 "northnet-eastnets/0x1" #6 keying attempt 0 of 0; retransmit 5 Aug 26 13:22:30.557890: | retransmits: current time 11036.300353; retransmit count 4 exceeds limit? NO; deltatime 8 exceeds limit? NO; monotime 8.011368 exceeds limit? NO Aug 26 13:22:30.557895: | event_schedule: new EVENT_RETRANSMIT-pe@0x555fbaf3eb68 Aug 26 13:22:30.557900: | inserting event EVENT_RETRANSMIT, timeout in 8 seconds for #6 Aug 26 13:22:30.557904: | libevent_malloc: new ptr-libevent@0x7f4ec8005118 size 128 Aug 26 13:22:30.557909: "northnet-eastnets/0x1" #6: STATE_QUICK_R1: retransmission; will wait 8 seconds for response Aug 26 13:22:30.557916: | sending 460 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #6) Aug 26 13:22:30.557921: | ff 46 30 fd 82 4a 54 6b d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:30.557924: | 08 10 20 01 7d 20 6b 25 00 00 01 cc af 36 6f 0c Aug 26 13:22:30.557927: | 84 ee 71 a9 51 a8 42 2e 9c e1 24 b8 71 b4 a5 93 Aug 26 13:22:30.557930: | de e8 dc 17 62 37 71 d5 a1 f6 82 57 96 56 b3 c6 Aug 26 13:22:30.557934: | 76 d1 d6 36 c4 72 23 b3 f3 c5 ff d3 a4 cf d0 8e Aug 26 13:22:30.557937: | ad c5 9a 7b e8 fd e1 3c eb 8b 45 35 6d 63 de 11 Aug 26 13:22:30.557940: | 29 74 d0 79 5c 7b 82 e3 34 59 22 44 12 ba fb 41 Aug 26 13:22:30.557943: | e8 f9 d6 dd 3f 63 d6 63 ac d8 dd 13 bf 4a 20 66 Aug 26 13:22:30.557947: | 90 e6 f7 63 f0 e0 34 a3 87 71 aa ce 67 c7 41 40 Aug 26 13:22:30.557950: | 82 a0 e9 da 1c 1e 04 df 59 5a a4 e1 5f 70 e2 ca Aug 26 13:22:30.557953: | a3 50 8e ab 30 c1 3d e6 00 69 4c e3 87 3f 26 9e Aug 26 13:22:30.557956: | 59 96 ef 81 60 96 d3 f4 c4 f8 7a e5 42 77 3f 2a Aug 26 13:22:30.557960: | b3 7b 76 93 d1 28 ca db 44 07 e6 12 2a 6b 75 a9 Aug 26 13:22:30.557963: | 49 9e 30 24 b2 aa 98 b2 4a 09 5f ac 04 5a 76 b6 Aug 26 13:22:30.557966: | 84 51 db ae 4d 7e 36 24 51 43 6b 2b 86 88 79 4e Aug 26 13:22:30.557969: | e3 54 3a de 1f 63 48 c7 1d b3 83 00 45 1d ba 1f Aug 26 13:22:30.557973: | 3d 5b 05 dc fb f2 26 d6 70 65 0e 56 6c 4c 88 de Aug 26 13:22:30.557976: | 53 ff ba 2e 0a e7 38 87 04 18 77 a3 40 06 21 72 Aug 26 13:22:30.557979: | 0d 48 6f 9b 13 64 cf e2 34 aa 64 4c 19 13 c9 af Aug 26 13:22:30.557982: | c0 44 36 cf 0e f1 c1 fb c2 35 9f 80 2c 48 f8 62 Aug 26 13:22:30.557986: | 69 f5 da 06 e0 33 34 4e 35 d7 01 53 00 29 23 a8 Aug 26 13:22:30.557989: | 6b 9b d5 fe fd e6 4b a3 aa e5 71 b8 b5 6d 75 e1 Aug 26 13:22:30.557992: | f1 bd 65 9c 6e 21 eb a5 64 95 6d ec df 6b 21 28 Aug 26 13:22:30.557995: | a0 52 a2 2c a5 89 2f a2 af 89 8a c9 a2 f7 55 bb Aug 26 13:22:30.557999: | 91 a2 a2 44 85 d3 3e 79 7c 2b db 08 60 f8 5a 9d Aug 26 13:22:30.558002: | 88 75 71 dd 47 8d 0e 70 66 60 9a f8 4d 81 10 81 Aug 26 13:22:30.558005: | 7d c4 e6 bd 77 84 54 13 d1 3b eb f6 6e 7f 1c 4f Aug 26 13:22:30.558008: | c4 3c 63 e0 ea 33 4e d1 fa 99 78 14 83 c6 d9 34 Aug 26 13:22:30.558012: | bc fc 0d 2d db e4 5e ab 81 5d 99 08 Aug 26 13:22:30.558036: | libevent_free: release ptr-libevent@0x7f4ebc00a028 Aug 26 13:22:30.558042: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f4eb8002b78 Aug 26 13:22:30.558049: | #6 spent 0.188 milliseconds in timer_event_cb() EVENT_RETRANSMIT Aug 26 13:22:30.558056: | stop processing: state #6 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in timer_event_cb() at timer.c:557) Aug 26 13:22:31.465703: | spent 0.00272 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:22:31.465723: | *received 476 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) Aug 26 13:22:31.465726: | ff 46 30 fd 82 4a 54 6b d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:31.465727: | 08 10 20 01 6e 47 49 b1 00 00 01 dc c6 c2 37 ee Aug 26 13:22:31.465729: | b1 f1 3f f1 0f 39 8f c3 45 a8 08 31 73 c0 0e de Aug 26 13:22:31.465730: | 28 a5 cb 78 f2 38 37 2c ba 0e f1 33 60 d1 6c c2 Aug 26 13:22:31.465732: | d1 d5 30 41 42 0d 31 31 a6 44 be 9f ff 20 58 5f Aug 26 13:22:31.465736: | a6 b9 57 94 45 9a 7a 09 16 7a 65 ae a4 c2 7c 1e Aug 26 13:22:31.465737: | 5b 04 4b 65 24 53 70 fd 01 24 90 3f 53 e8 59 d3 Aug 26 13:22:31.465739: | bb df d3 2d 77 a6 02 6a 12 d0 22 f9 68 18 f3 53 Aug 26 13:22:31.465740: | 69 f1 8c 5a 82 9d c6 4f 83 cd b4 d4 f5 ba 50 f5 Aug 26 13:22:31.465742: | fb de 35 b9 cd c7 66 58 78 e4 d0 fb 69 bf 46 42 Aug 26 13:22:31.465743: | 32 32 0e 5d 20 89 55 7e 2b 62 1d 2d 8a 56 00 58 Aug 26 13:22:31.465745: | f2 cd 57 1d a3 93 fc c0 e0 97 e4 da ff 60 2b 68 Aug 26 13:22:31.465746: | 91 05 83 14 b3 c4 b2 f1 de 24 cb 0e 08 5e 2c d1 Aug 26 13:22:31.465748: | a9 c1 33 e8 ad 2a 6c a6 0f fe c6 d7 32 36 75 a9 Aug 26 13:22:31.465749: | f1 ea 3e 5c 6f ad 07 bf 55 8e 6e c8 58 84 f3 4b Aug 26 13:22:31.465751: | a5 ce 5e 03 a3 f0 4c fc 7b e4 1d 17 88 3d 53 f4 Aug 26 13:22:31.465752: | 99 a3 ee 04 ae d7 39 a7 f2 1c 66 4e 64 c2 c6 19 Aug 26 13:22:31.465754: | 02 c3 ed 8e e5 0d f7 dd 7b b6 3a 1e 44 6b fb e9 Aug 26 13:22:31.465755: | 1f 84 20 48 36 55 c0 3f d2 8c fa af df 2a 6d fc Aug 26 13:22:31.465756: | ad 21 70 61 f7 fb 00 bd 50 d5 ff 38 25 3b 07 ae Aug 26 13:22:31.465758: | f5 b9 16 72 4a a7 69 f8 19 d7 06 27 ff 3a 84 f9 Aug 26 13:22:31.465759: | 83 ee 45 00 cc 63 f4 25 45 72 8d e6 b2 99 b8 0b Aug 26 13:22:31.465761: | 16 e6 69 98 c7 7b 34 24 fd 85 ef ef d5 4c 59 20 Aug 26 13:22:31.465762: | 32 d1 e5 cc 84 f9 92 60 09 be c4 8b 4f 80 92 06 Aug 26 13:22:31.465764: | d5 c5 27 87 32 e9 a7 02 a0 71 0d c0 40 34 a6 0d Aug 26 13:22:31.465765: | 6b 11 b9 84 fe 7e 33 5d ea e5 49 b9 77 34 1a 75 Aug 26 13:22:31.465767: | 1b b2 a9 7e 53 da e0 e3 58 c9 dd 3b 5c 54 18 6e Aug 26 13:22:31.465768: | 1a 52 18 70 af cb b0 99 a8 ed 04 ee 4f 9f b5 ba Aug 26 13:22:31.465770: | eb ed c3 cd 8d 9c ab e7 2f aa ad dd 05 55 97 71 Aug 26 13:22:31.465771: | d7 f8 ab d0 d2 c8 d9 3b 62 5d e3 2b Aug 26 13:22:31.465774: | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) Aug 26 13:22:31.465777: | **parse ISAKMP Message: Aug 26 13:22:31.465778: | initiator cookie: Aug 26 13:22:31.465780: | ff 46 30 fd 82 4a 54 6b Aug 26 13:22:31.465782: | responder cookie: Aug 26 13:22:31.465783: | d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:31.465785: | next payload type: ISAKMP_NEXT_HASH (0x8) Aug 26 13:22:31.465787: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 13:22:31.465788: | exchange type: ISAKMP_XCHG_QUICK (0x20) Aug 26 13:22:31.465790: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 13:22:31.465792: | Message ID: 1850165681 (0x6e4749b1) Aug 26 13:22:31.465793: | length: 476 (0x1dc) Aug 26 13:22:31.465796: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32) Aug 26 13:22:31.465799: | State DB: IKEv1 state not found (find_state_ikev1) Aug 26 13:22:31.465801: | State DB: found IKEv1 state #1 in MAIN_R3 (find_state_ikev1) Aug 26 13:22:31.465805: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in process_v1_packet() at ikev1.c:1607) Aug 26 13:22:31.465817: | #1 is idle Aug 26 13:22:31.465819: | #1 idle Aug 26 13:22:31.465821: | received encrypted packet from 192.1.3.33:500 Aug 26 13:22:31.465829: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x502 opt: 0x200030 Aug 26 13:22:31.465831: | ***parse ISAKMP Hash Payload: Aug 26 13:22:31.465833: | next payload type: ISAKMP_NEXT_SA (0x1) Aug 26 13:22:31.465835: | length: 36 (0x24) Aug 26 13:22:31.465836: | got payload 0x2 (ISAKMP_NEXT_SA) needed: 0x402 opt: 0x200030 Aug 26 13:22:31.465838: | ***parse ISAKMP Security Association Payload: Aug 26 13:22:31.465840: | next payload type: ISAKMP_NEXT_NONCE (0xa) Aug 26 13:22:31.465841: | length: 84 (0x54) Aug 26 13:22:31.465843: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 13:22:31.465845: | got payload 0x400 (ISAKMP_NEXT_NONCE) needed: 0x400 opt: 0x200030 Aug 26 13:22:31.465846: | ***parse ISAKMP Nonce Payload: Aug 26 13:22:31.465848: | next payload type: ISAKMP_NEXT_KE (0x4) Aug 26 13:22:31.465851: | length: 36 (0x24) Aug 26 13:22:31.465853: | got payload 0x10 (ISAKMP_NEXT_KE) needed: 0x0 opt: 0x200030 Aug 26 13:22:31.465854: | ***parse ISAKMP Key Exchange Payload: Aug 26 13:22:31.465856: | next payload type: ISAKMP_NEXT_ID (0x5) Aug 26 13:22:31.465857: | length: 260 (0x104) Aug 26 13:22:31.465859: | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030 Aug 26 13:22:31.465861: | ***parse ISAKMP Identification Payload (IPsec DOI): Aug 26 13:22:31.465862: | next payload type: ISAKMP_NEXT_ID (0x5) Aug 26 13:22:31.465864: | length: 16 (0x10) Aug 26 13:22:31.465865: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Aug 26 13:22:31.465867: | Protocol ID: 0 (0x0) Aug 26 13:22:31.465868: | port: 0 (0x0) Aug 26 13:22:31.465870: | obj: c0 00 03 00 ff ff ff 00 Aug 26 13:22:31.465872: | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030 Aug 26 13:22:31.465873: | ***parse ISAKMP Identification Payload (IPsec DOI): Aug 26 13:22:31.465875: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:31.465876: | length: 16 (0x10) Aug 26 13:22:31.465878: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Aug 26 13:22:31.465879: | Protocol ID: 0 (0x0) Aug 26 13:22:31.465881: | port: 0 (0x0) Aug 26 13:22:31.465882: | obj: c0 00 16 00 ff ff ff 00 Aug 26 13:22:31.465897: | quick_inI1_outR1 HASH(1): Aug 26 13:22:31.465899: | 09 00 e0 44 81 a8 c4 70 37 45 bf 17 39 2b ec f3 Aug 26 13:22:31.465901: | 35 3e 1a 63 15 82 89 55 80 9a d2 30 7a 0e 39 86 Aug 26 13:22:31.465902: | received 'quick_inI1_outR1' message HASH(1) data ok Aug 26 13:22:31.465905: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address Aug 26 13:22:31.465907: | ID address c0 00 03 00 Aug 26 13:22:31.465909: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID mask Aug 26 13:22:31.465910: | ID mask ff ff ff 00 Aug 26 13:22:31.465913: | peer client is subnet 192.0.3.0/24 Aug 26 13:22:31.465915: | peer client protocol/port is 0/0 Aug 26 13:22:31.465916: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address Aug 26 13:22:31.465918: | ID address c0 00 16 00 Aug 26 13:22:31.465920: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID mask Aug 26 13:22:31.465921: | ID mask ff ff ff 00 Aug 26 13:22:31.465923: | our client is subnet 192.0.22.0/24 Aug 26 13:22:31.465925: | our client protocol/port is 0/0 Aug 26 13:22:31.465928: "northnet-eastnets/0x2" #1: the peer proposed: 192.0.22.0/24:0/0 -> 192.0.3.0/24:0/0 Aug 26 13:22:31.465931: | find_client_connection starting with northnet-eastnets/0x2 Aug 26 13:22:31.465933: | looking for 192.0.22.0/24:0/0 -> 192.0.3.0/24:0/0 Aug 26 13:22:31.465936: | concrete checking against sr#0 192.0.22.0/24 -> 192.0.3.0/24 Aug 26 13:22:31.465938: | client wildcard: no port wildcard: no virtual: no Aug 26 13:22:31.465941: | creating state object #7 at 0x555fbaf35128 Aug 26 13:22:31.465943: | State DB: adding IKEv1 state #7 in UNDEFINED Aug 26 13:22:31.465945: | pstats #7 ikev1.ipsec started Aug 26 13:22:31.465947: | duplicating state object #1 "northnet-eastnets/0x2" as #7 for IPSEC SA Aug 26 13:22:31.465950: | #7 setting local endpoint to 192.1.2.23:500 from #1.st_localport (in duplicate_state() at state.c:1484) Aug 26 13:22:31.465954: | suspend processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in quick_inI1_outR1_tail() at ikev1_quick.c:1295) Aug 26 13:22:31.465957: | start processing: state #7 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in quick_inI1_outR1_tail() at ikev1_quick.c:1295) Aug 26 13:22:31.465959: | child state #7: UNDEFINED(ignore) => QUICK_R0(established CHILD SA) Aug 26 13:22:31.465961: | ****parse IPsec DOI SIT: Aug 26 13:22:31.465963: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) Aug 26 13:22:31.465965: | ****parse ISAKMP Proposal Payload: Aug 26 13:22:31.465967: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:31.465968: | length: 72 (0x48) Aug 26 13:22:31.465970: | proposal number: 0 (0x0) Aug 26 13:22:31.465973: | protocol ID: PROTO_IPSEC_ESP (0x3) Aug 26 13:22:31.465974: | SPI size: 4 (0x4) Aug 26 13:22:31.465976: | number of transforms: 2 (0x2) Aug 26 13:22:31.465978: | parsing 4 raw bytes of ISAKMP Proposal Payload into SPI Aug 26 13:22:31.465979: | SPI 89 3e f5 2c Aug 26 13:22:31.465981: | *****parse ISAKMP Transform Payload (ESP): Aug 26 13:22:31.465983: | next payload type: ISAKMP_NEXT_T (0x3) Aug 26 13:22:31.465984: | length: 32 (0x20) Aug 26 13:22:31.465986: | ESP transform number: 0 (0x0) Aug 26 13:22:31.465988: | ESP transform ID: ESP_AES (0xc) Aug 26 13:22:31.465990: | ******parse ISAKMP IPsec DOI attribute: Aug 26 13:22:31.465992: | af+type: AF+GROUP_DESCRIPTION (0x8003) Aug 26 13:22:31.465993: | length/value: 14 (0xe) Aug 26 13:22:31.465995: | [14 is OAKLEY_GROUP_MODP2048] Aug 26 13:22:31.465997: | ******parse ISAKMP IPsec DOI attribute: Aug 26 13:22:31.465999: | af+type: AF+ENCAPSULATION_MODE (0x8004) Aug 26 13:22:31.466000: | length/value: 1 (0x1) Aug 26 13:22:31.466002: | [1 is ENCAPSULATION_MODE_TUNNEL] Aug 26 13:22:31.466004: | NAT-T non-encap: Installing IPsec SA without ENCAP, st->hidden_variables.st_nat_traversal is none Aug 26 13:22:31.466005: | ******parse ISAKMP IPsec DOI attribute: Aug 26 13:22:31.466007: | af+type: AF+SA_LIFE_TYPE (0x8001) Aug 26 13:22:31.466008: | length/value: 1 (0x1) Aug 26 13:22:31.466010: | [1 is SA_LIFE_TYPE_SECONDS] Aug 26 13:22:31.466011: | ******parse ISAKMP IPsec DOI attribute: Aug 26 13:22:31.466013: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) Aug 26 13:22:31.466015: | length/value: 28800 (0x7080) Aug 26 13:22:31.466016: | ******parse ISAKMP IPsec DOI attribute: Aug 26 13:22:31.466018: | af+type: AF+AUTH_ALGORITHM (0x8005) Aug 26 13:22:31.466019: | length/value: 2 (0x2) Aug 26 13:22:31.466021: | [2 is AUTH_ALGORITHM_HMAC_SHA1] Aug 26 13:22:31.466023: | ******parse ISAKMP IPsec DOI attribute: Aug 26 13:22:31.466024: | af+type: AF+KEY_LENGTH (0x8006) Aug 26 13:22:31.466026: | length/value: 128 (0x80) Aug 26 13:22:31.466028: | ESP IPsec Transform verified unconditionally; no alg_info to check against Aug 26 13:22:31.466032: | adding quick_outI1 KE work-order 13 for state #7 Aug 26 13:22:31.466034: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f4eb8002b78 Aug 26 13:22:31.466037: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #7 Aug 26 13:22:31.466039: | libevent_malloc: new ptr-libevent@0x7f4ebc00a028 size 128 Aug 26 13:22:31.466046: | complete v1 state transition with STF_SUSPEND Aug 26 13:22:31.466049: | [RE]START processing: state #7 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in complete_v1_state_transition() at ikev1.c:2648) Aug 26 13:22:31.466051: | suspending state #7 and saving MD Aug 26 13:22:31.466053: | #7 is busy; has a suspended MD Aug 26 13:22:31.466056: | #1 spent 0.15 milliseconds in process_packet_tail() Aug 26 13:22:31.466059: | stop processing: from 192.1.3.33:500 (BACKGROUND) (in process_md() at demux.c:380) Aug 26 13:22:31.466062: | stop processing: state #7 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in process_md() at demux.c:382) Aug 26 13:22:31.466064: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:22:31.466066: | spent 0.351 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:22:31.466082: | crypto helper 5 resuming Aug 26 13:22:31.466091: | crypto helper 5 starting work-order 13 for state #7 Aug 26 13:22:31.466095: | crypto helper 5 doing build KE and nonce (quick_outI1 KE); request ID 13 Aug 26 13:22:31.466646: | crypto helper 5 finished build KE and nonce (quick_outI1 KE); request ID 13 time elapsed 0.000551 seconds Aug 26 13:22:31.466655: | (#7) spent 0.557 milliseconds in crypto helper computing work-order 13: quick_outI1 KE (pcr) Aug 26 13:22:31.466658: | crypto helper 5 sending results from work-order 13 for state #7 to event queue Aug 26 13:22:31.466660: | scheduling resume sending helper answer for #7 Aug 26 13:22:31.466662: | libevent_malloc: new ptr-libevent@0x7f4eb40078e8 size 128 Aug 26 13:22:31.466670: | crypto helper 5 waiting (nothing to do) Aug 26 13:22:31.466705: | processing resume sending helper answer for #7 Aug 26 13:22:31.466714: | start processing: state #7 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:797) Aug 26 13:22:31.466717: | crypto helper 5 replies to request ID 13 Aug 26 13:22:31.466719: | calling continuation function 0x555fba81bb50 Aug 26 13:22:31.466721: | quick_inI1_outR1_cryptocontinue1 for #7: calculated ke+nonce, calculating DH Aug 26 13:22:31.466730: | started looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org of kind PKK_PSK Aug 26 13:22:31.466735: | actually looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org of kind PKK_PSK Aug 26 13:22:31.466741: | line 0: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org) to type PKK_RSA Aug 26 13:22:31.466743: | line 1: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org) to type PKK_RSA Aug 26 13:22:31.466745: | concluding with best_match=000 best=(nil) (lineno=-1) Aug 26 13:22:31.466747: | no PreShared Key Found Aug 26 13:22:31.466749: | adding quick outR1 DH work-order 14 for state #7 Aug 26 13:22:31.466751: | state #7 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:22:31.466753: | libevent_free: release ptr-libevent@0x7f4ebc00a028 Aug 26 13:22:31.466755: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f4eb8002b78 Aug 26 13:22:31.466757: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f4eb8002b78 Aug 26 13:22:31.466760: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #7 Aug 26 13:22:31.466762: | libevent_malloc: new ptr-libevent@0x7f4ebc00a028 size 128 Aug 26 13:22:31.466768: | suspending state #7 and saving MD Aug 26 13:22:31.466771: | #7 is busy; has a suspended MD Aug 26 13:22:31.466773: | crypto helper 6 resuming Aug 26 13:22:31.466775: | resume sending helper answer for #7 suppresed complete_v1_state_transition() and stole MD Aug 26 13:22:31.466781: | crypto helper 6 starting work-order 14 for state #7 Aug 26 13:22:31.466788: | #7 spent 0.0668 milliseconds in resume sending helper answer Aug 26 13:22:31.466790: | crypto helper 6 doing compute dh (V1 Phase 2 PFS) (quick outR1 DH); request ID 14 Aug 26 13:22:31.466794: | stop processing: state #7 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:833) Aug 26 13:22:31.466797: | libevent_free: release ptr-libevent@0x7f4eb40078e8 Aug 26 13:22:31.467307: | crypto helper 6 finished compute dh (V1 Phase 2 PFS) (quick outR1 DH); request ID 14 time elapsed 0.000517 seconds Aug 26 13:22:31.467315: | (#7) spent 0.517 milliseconds in crypto helper computing work-order 14: quick outR1 DH (pcr) Aug 26 13:22:31.467341: | crypto helper 6 sending results from work-order 14 for state #7 to event queue Aug 26 13:22:31.467343: | scheduling resume sending helper answer for #7 Aug 26 13:22:31.467345: | libevent_malloc: new ptr-libevent@0x7f4eb80027d8 size 128 Aug 26 13:22:31.467350: | crypto helper 6 waiting (nothing to do) Aug 26 13:22:31.467368: | processing resume sending helper answer for #7 Aug 26 13:22:31.467374: | start processing: state #7 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:797) Aug 26 13:22:31.467392: | crypto helper 6 replies to request ID 14 Aug 26 13:22:31.467393: | calling continuation function 0x555fba81bb50 Aug 26 13:22:31.467395: | quick_inI1_outR1_cryptocontinue2 for #7: calculated DH, sending R1 Aug 26 13:22:31.467402: | **emit ISAKMP Message: Aug 26 13:22:31.467403: | initiator cookie: Aug 26 13:22:31.467405: | ff 46 30 fd 82 4a 54 6b Aug 26 13:22:31.467407: | responder cookie: Aug 26 13:22:31.467408: | d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:31.467410: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:31.467412: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 13:22:31.467413: | exchange type: ISAKMP_XCHG_QUICK (0x20) Aug 26 13:22:31.467428: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 13:22:31.467430: | Message ID: 1850165681 (0x6e4749b1) Aug 26 13:22:31.467432: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:22:31.467433: | ***emit ISAKMP Hash Payload: Aug 26 13:22:31.467435: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:31.467437: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Aug 26 13:22:31.467439: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'reply packet' Aug 26 13:22:31.467441: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Aug 26 13:22:31.467443: | emitting length of ISAKMP Hash Payload: 36 Aug 26 13:22:31.467444: | ***emit ISAKMP Security Association Payload: Aug 26 13:22:31.467446: | next payload type: ISAKMP_NEXT_NONCE (0xa) Aug 26 13:22:31.467448: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 13:22:31.467450: | next payload chain: ignoring supplied 'ISAKMP Security Association Payload'.'next payload type' value 10:ISAKMP_NEXT_NONCE Aug 26 13:22:31.467452: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Security Association Payload (1:ISAKMP_NEXT_SA) Aug 26 13:22:31.467454: | next payload chain: saving location 'ISAKMP Security Association Payload'.'next payload type' in 'reply packet' Aug 26 13:22:31.467455: | ****parse IPsec DOI SIT: Aug 26 13:22:31.467457: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) Aug 26 13:22:31.467459: | ****parse ISAKMP Proposal Payload: Aug 26 13:22:31.467461: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:31.467462: | length: 72 (0x48) Aug 26 13:22:31.467464: | proposal number: 0 (0x0) Aug 26 13:22:31.467465: | protocol ID: PROTO_IPSEC_ESP (0x3) Aug 26 13:22:31.467467: | SPI size: 4 (0x4) Aug 26 13:22:31.467469: | number of transforms: 2 (0x2) Aug 26 13:22:31.467470: | parsing 4 raw bytes of ISAKMP Proposal Payload into SPI Aug 26 13:22:31.467472: | SPI 89 3e f5 2c Aug 26 13:22:31.467474: | *****parse ISAKMP Transform Payload (ESP): Aug 26 13:22:31.467475: | next payload type: ISAKMP_NEXT_T (0x3) Aug 26 13:22:31.467477: | length: 32 (0x20) Aug 26 13:22:31.467479: | ESP transform number: 0 (0x0) Aug 26 13:22:31.467480: | ESP transform ID: ESP_AES (0xc) Aug 26 13:22:31.467482: | ******parse ISAKMP IPsec DOI attribute: Aug 26 13:22:31.467484: | af+type: AF+GROUP_DESCRIPTION (0x8003) Aug 26 13:22:31.467485: | length/value: 14 (0xe) Aug 26 13:22:31.467487: | [14 is OAKLEY_GROUP_MODP2048] Aug 26 13:22:31.467489: | ******parse ISAKMP IPsec DOI attribute: Aug 26 13:22:31.467491: | af+type: AF+ENCAPSULATION_MODE (0x8004) Aug 26 13:22:31.467492: | length/value: 1 (0x1) Aug 26 13:22:31.467494: | [1 is ENCAPSULATION_MODE_TUNNEL] Aug 26 13:22:31.467495: | NAT-T non-encap: Installing IPsec SA without ENCAP, st->hidden_variables.st_nat_traversal is none Aug 26 13:22:31.467497: | ******parse ISAKMP IPsec DOI attribute: Aug 26 13:22:31.467499: | af+type: AF+SA_LIFE_TYPE (0x8001) Aug 26 13:22:31.467500: | length/value: 1 (0x1) Aug 26 13:22:31.467502: | [1 is SA_LIFE_TYPE_SECONDS] Aug 26 13:22:31.467503: | ******parse ISAKMP IPsec DOI attribute: Aug 26 13:22:31.467505: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) Aug 26 13:22:31.467507: | length/value: 28800 (0x7080) Aug 26 13:22:31.467508: | ******parse ISAKMP IPsec DOI attribute: Aug 26 13:22:31.467510: | af+type: AF+AUTH_ALGORITHM (0x8005) Aug 26 13:22:31.467512: | length/value: 2 (0x2) Aug 26 13:22:31.467514: | [2 is AUTH_ALGORITHM_HMAC_SHA1] Aug 26 13:22:31.467516: | ******parse ISAKMP IPsec DOI attribute: Aug 26 13:22:31.467517: | af+type: AF+KEY_LENGTH (0x8006) Aug 26 13:22:31.467519: | length/value: 128 (0x80) Aug 26 13:22:31.467521: | ESP IPsec Transform verified unconditionally; no alg_info to check against Aug 26 13:22:31.467522: | ****emit IPsec DOI SIT: Aug 26 13:22:31.467524: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) Aug 26 13:22:31.467526: | ****emit ISAKMP Proposal Payload: Aug 26 13:22:31.467527: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:31.467529: | proposal number: 0 (0x0) Aug 26 13:22:31.467530: | protocol ID: PROTO_IPSEC_ESP (0x3) Aug 26 13:22:31.467532: | SPI size: 4 (0x4) Aug 26 13:22:31.467533: | number of transforms: 1 (0x1) Aug 26 13:22:31.467535: | last substructure: saving location 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' Aug 26 13:22:31.467548: | netlink_get_spi: allocated 0xd3e21e6a for esp.0@192.1.2.23 Aug 26 13:22:31.467550: | emitting 4 raw bytes of SPI into ISAKMP Proposal Payload Aug 26 13:22:31.467552: | SPI d3 e2 1e 6a Aug 26 13:22:31.467553: | *****emit ISAKMP Transform Payload (ESP): Aug 26 13:22:31.467555: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:31.467557: | ESP transform number: 0 (0x0) Aug 26 13:22:31.467558: | ESP transform ID: ESP_AES (0xc) Aug 26 13:22:31.467560: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' Aug 26 13:22:31.467562: | emitting 24 raw bytes of attributes into ISAKMP Transform Payload (ESP) Aug 26 13:22:31.467564: | attributes 80 03 00 0e 80 04 00 01 80 01 00 01 80 02 70 80 Aug 26 13:22:31.467565: | attributes 80 05 00 02 80 06 00 80 Aug 26 13:22:31.467567: | emitting length of ISAKMP Transform Payload (ESP): 32 Aug 26 13:22:31.467568: | emitting length of ISAKMP Proposal Payload: 44 Aug 26 13:22:31.467570: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' is 0 Aug 26 13:22:31.467572: | emitting length of ISAKMP Security Association Payload: 56 Aug 26 13:22:31.467574: | last substructure: checking 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' is 0 Aug 26 13:22:31.467577: "northnet-eastnets/0x2" #7: responding to Quick Mode proposal {msgid:6e4749b1} Aug 26 13:22:31.467585: "northnet-eastnets/0x2" #7: us: 192.0.22.0/24===192.1.2.23<192.1.2.23>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org] Aug 26 13:22:31.467590: "northnet-eastnets/0x2" #7: them: 192.1.3.33<192.1.3.33>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org]===192.0.3.0/24 Aug 26 13:22:31.467592: | ***emit ISAKMP Nonce Payload: Aug 26 13:22:31.467594: | next payload type: ISAKMP_NEXT_KE (0x4) Aug 26 13:22:31.467596: | next payload chain: ignoring supplied 'ISAKMP Nonce Payload'.'next payload type' value 4:ISAKMP_NEXT_KE Aug 26 13:22:31.467598: | next payload chain: setting previous 'ISAKMP Security Association Payload'.'next payload type' to current ISAKMP Nonce Payload (10:ISAKMP_NEXT_NONCE) Aug 26 13:22:31.467600: | next payload chain: saving location 'ISAKMP Nonce Payload'.'next payload type' in 'reply packet' Aug 26 13:22:31.467601: | emitting 32 raw bytes of Nr into ISAKMP Nonce Payload Aug 26 13:22:31.467603: | Nr b8 89 f7 d4 d6 5f 83 54 d2 91 71 3e 87 21 c1 77 Aug 26 13:22:31.467605: | Nr ca 4c f5 9b 6c af cb f4 ff 35 84 f3 af c5 9c 38 Aug 26 13:22:31.467606: | emitting length of ISAKMP Nonce Payload: 36 Aug 26 13:22:31.467608: | ***emit ISAKMP Key Exchange Payload: Aug 26 13:22:31.467609: | next payload type: ISAKMP_NEXT_ID (0x5) Aug 26 13:22:31.467611: | next payload chain: ignoring supplied 'ISAKMP Key Exchange Payload'.'next payload type' value 5:ISAKMP_NEXT_ID Aug 26 13:22:31.467615: | next payload chain: setting previous 'ISAKMP Nonce Payload'.'next payload type' to current ISAKMP Key Exchange Payload (4:ISAKMP_NEXT_KE) Aug 26 13:22:31.467616: | next payload chain: saving location 'ISAKMP Key Exchange Payload'.'next payload type' in 'reply packet' Aug 26 13:22:31.467618: | emitting 256 raw bytes of keyex value into ISAKMP Key Exchange Payload Aug 26 13:22:31.467620: | keyex value eb ca 11 8b 8b 11 56 fd 49 8e 7b 2c a2 54 d7 47 Aug 26 13:22:31.467622: | keyex value b9 20 68 93 49 33 b4 68 49 ac 3d f8 1c 3b 3e b9 Aug 26 13:22:31.467623: | keyex value 50 4c 46 29 eb 74 cf 46 8b 46 a8 17 7b 00 46 bd Aug 26 13:22:31.467625: | keyex value eb a0 c3 e8 13 c9 ea 7b a3 44 d0 7d 7e e9 f0 d7 Aug 26 13:22:31.467626: | keyex value 6c de 25 eb 37 40 b0 6c f9 fb 99 27 86 20 2a ed Aug 26 13:22:31.467628: | keyex value 5b b8 fe 1e 3f d4 ed 96 07 45 12 a0 ba 7c c7 dd Aug 26 13:22:31.467629: | keyex value 0f 68 56 a0 80 ce a6 19 ec 4a ff d5 c4 89 9d 6d Aug 26 13:22:31.467630: | keyex value 2d 80 8a 40 82 f3 f9 bd f4 bc d1 2b 46 a7 7f 08 Aug 26 13:22:31.467632: | keyex value 40 82 c9 dd 55 56 cd 11 67 78 6d 8e aa a1 74 fc Aug 26 13:22:31.467633: | keyex value 58 27 e2 2f b4 bf d0 17 ad 0f 7f a2 9d 2e 04 bd Aug 26 13:22:31.467635: | keyex value a1 23 de cf ba 63 c3 fc 21 2f 30 b6 f9 ad 56 85 Aug 26 13:22:31.467637: | keyex value 77 87 1e 50 60 c0 63 b0 91 4a 24 61 b7 10 0d 44 Aug 26 13:22:31.467638: | keyex value f8 a9 4b 43 2f 2a aa 83 a1 f4 72 6d 97 c4 be c6 Aug 26 13:22:31.467639: | keyex value bb 13 7b ef 4e a0 e5 c9 e3 a6 55 86 5b c6 40 f7 Aug 26 13:22:31.467641: | keyex value 19 fa 79 ca 50 b3 2e 4e c2 4c 7a c9 7c 5d 49 c7 Aug 26 13:22:31.467642: | keyex value 45 83 e5 c0 12 32 c0 4a 96 6c ae 47 81 f3 4c f2 Aug 26 13:22:31.467644: | emitting length of ISAKMP Key Exchange Payload: 260 Aug 26 13:22:31.467646: | ***emit ISAKMP Identification Payload (IPsec DOI): Aug 26 13:22:31.467647: | next payload type: ISAKMP_NEXT_ID (0x5) Aug 26 13:22:31.467649: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Aug 26 13:22:31.467651: | Protocol ID: 0 (0x0) Aug 26 13:22:31.467652: | port: 0 (0x0) Aug 26 13:22:31.467654: | next payload chain: ignoring supplied 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' value 5:ISAKMP_NEXT_ID Aug 26 13:22:31.467656: | next payload chain: setting previous 'ISAKMP Key Exchange Payload'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) Aug 26 13:22:31.467658: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' Aug 26 13:22:31.467660: | emitting 8 raw bytes of ID body into ISAKMP Identification Payload (IPsec DOI) Aug 26 13:22:31.467661: | ID body c0 00 03 00 ff ff ff 00 Aug 26 13:22:31.467663: | emitting length of ISAKMP Identification Payload (IPsec DOI): 16 Aug 26 13:22:31.467664: | ***emit ISAKMP Identification Payload (IPsec DOI): Aug 26 13:22:31.467666: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:31.467667: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Aug 26 13:22:31.467669: | Protocol ID: 0 (0x0) Aug 26 13:22:31.467670: | port: 0 (0x0) Aug 26 13:22:31.467672: | next payload chain: setting previous 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) Aug 26 13:22:31.467674: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' Aug 26 13:22:31.467676: | emitting 8 raw bytes of ID body into ISAKMP Identification Payload (IPsec DOI) Aug 26 13:22:31.467677: | ID body c0 00 16 00 ff ff ff 00 Aug 26 13:22:31.467679: | emitting length of ISAKMP Identification Payload (IPsec DOI): 16 Aug 26 13:22:31.467698: | quick inR1 outI2 HASH(2): Aug 26 13:22:31.467701: | c3 9b a8 4a 7e 7c f8 80 e2 ef 22 17 d7 b9 46 37 Aug 26 13:22:31.467702: | 34 83 1d d2 b4 f9 66 77 c7 37 dd 52 14 36 36 9a Aug 26 13:22:31.467704: | compute_proto_keymat: needed_len (after ESP enc)=16 Aug 26 13:22:31.467708: | compute_proto_keymat: needed_len (after ESP auth)=36 Aug 26 13:22:31.467775: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:22:31.467778: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Aug 26 13:22:31.467780: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Aug 26 13:22:31.467782: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Aug 26 13:22:31.467784: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Aug 26 13:22:31.467787: | route owner of "northnet-eastnets/0x2" erouted: self Aug 26 13:22:31.467788: | install_inbound_ipsec_sa() checking if we can route Aug 26 13:22:31.467790: | could_route called for northnet-eastnets/0x2 (kind=CK_PERMANENT) Aug 26 13:22:31.467792: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:22:31.467794: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Aug 26 13:22:31.467795: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Aug 26 13:22:31.467797: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Aug 26 13:22:31.467799: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Aug 26 13:22:31.467801: | route owner of "northnet-eastnets/0x2" erouted: self; eroute owner: self Aug 26 13:22:31.467803: | routing is easy, or has resolvable near-conflict Aug 26 13:22:31.467804: | checking if this is a replacement state Aug 26 13:22:31.467806: | st=0x555fbaf35128 ost=0x555fbaf34638 st->serialno=#7 ost->serialno=#3 Aug 26 13:22:31.467808: "northnet-eastnets/0x2" #7: keeping refhim=0 during rekey Aug 26 13:22:31.467810: | installing outgoing SA now as refhim=0 Aug 26 13:22:31.467812: | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 Aug 26 13:22:31.467814: | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 Aug 26 13:22:31.467816: | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 Aug 26 13:22:31.467818: | setting IPsec SA replay-window to 32 Aug 26 13:22:31.467820: | NIC esp-hw-offload not for connection 'northnet-eastnets/0x2' not available on interface eth1 Aug 26 13:22:31.467822: | netlink: enabling tunnel mode Aug 26 13:22:31.467824: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 13:22:31.467826: | netlink: esp-hw-offload not set for IPsec SA Aug 26 13:22:31.467902: | netlink response for Add SA esp.893ef52c@192.1.3.33 included non-error error Aug 26 13:22:31.467905: | outgoing SA has refhim=0 Aug 26 13:22:31.467907: | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 Aug 26 13:22:31.467909: | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 Aug 26 13:22:31.467911: | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 Aug 26 13:22:31.467913: | setting IPsec SA replay-window to 32 Aug 26 13:22:31.467915: | NIC esp-hw-offload not for connection 'northnet-eastnets/0x2' not available on interface eth1 Aug 26 13:22:31.467917: | netlink: enabling tunnel mode Aug 26 13:22:31.467918: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 13:22:31.467920: | netlink: esp-hw-offload not set for IPsec SA Aug 26 13:22:31.467976: | netlink response for Add SA esp.d3e21e6a@192.1.2.23 included non-error error Aug 26 13:22:31.468270: | emitting 12 zero bytes of encryption padding into ISAKMP Message Aug 26 13:22:31.468273: | no IKEv1 message padding required Aug 26 13:22:31.468275: | emitting length of ISAKMP Message: 460 Aug 26 13:22:31.468282: | finished processing quick inI1 Aug 26 13:22:31.468285: | complete v1 state transition with STF_OK Aug 26 13:22:31.468292: | [RE]START processing: state #7 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in complete_v1_state_transition() at ikev1.c:2673) Aug 26 13:22:31.468297: | #7 is idle Aug 26 13:22:31.468300: | doing_xauth:no, t_xauth_client_done:no Aug 26 13:22:31.468303: | IKEv1: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1 Aug 26 13:22:31.468305: | child state #7: QUICK_R0(established CHILD SA) => QUICK_R1(established CHILD SA) Aug 26 13:22:31.468308: | event_already_set, deleting event Aug 26 13:22:31.468323: | state #7 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:22:31.468326: | libevent_free: release ptr-libevent@0x7f4ebc00a028 Aug 26 13:22:31.468328: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f4eb8002b78 Aug 26 13:22:31.468331: | sending reply packet to 192.1.3.33:500 (from 192.1.2.23:500) Aug 26 13:22:31.468336: | sending 460 bytes for STATE_QUICK_R0 through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #7) Aug 26 13:22:31.468338: | ff 46 30 fd 82 4a 54 6b d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:31.468339: | 08 10 20 01 6e 47 49 b1 00 00 01 cc 02 d7 5a 95 Aug 26 13:22:31.468341: | e6 b2 2c be 4e 07 02 ab 98 4a ba 01 3d 87 31 98 Aug 26 13:22:31.468342: | bd b5 2d 3e 07 e0 f4 33 47 27 bc de 56 f0 51 8b Aug 26 13:22:31.468344: | 70 9d 81 15 3e 19 66 9e 26 d1 8d 6d 6f f5 f4 34 Aug 26 13:22:31.468345: | 80 af 51 c7 c3 27 38 96 59 66 c9 db 1e 33 2c 23 Aug 26 13:22:31.468347: | dd fd ba 46 84 46 55 53 07 e7 b6 25 4f 66 a3 6c Aug 26 13:22:31.468348: | a6 b1 37 96 42 2b 4d c7 8d 45 84 b6 b9 e0 f5 1f Aug 26 13:22:31.468350: | 36 68 6e 56 b6 06 cc e0 40 7c b6 b1 ce cf 0d a4 Aug 26 13:22:31.468351: | e4 0e 45 88 7d 5a b8 a0 f9 03 27 5c 98 4e dd 88 Aug 26 13:22:31.468352: | c0 d5 c1 c5 c7 38 3e 9b ef 5a 98 5e ab 72 ba e4 Aug 26 13:22:31.468354: | 39 b4 fc fb 84 f3 30 df 65 dd 76 08 ee 28 13 f6 Aug 26 13:22:31.468355: | a4 7d d6 c4 10 a9 a5 d8 9e 8e 91 0e 6c 11 96 f5 Aug 26 13:22:31.468357: | e8 fd c6 6f 7f e6 a1 4a 46 fc fd 24 3c b3 3d 06 Aug 26 13:22:31.468358: | 82 a5 48 f0 df d2 88 63 fd ce 24 e9 25 d4 56 93 Aug 26 13:22:31.468360: | f4 e5 fa 24 d2 d8 f6 9c 84 84 3d 70 19 14 eb 39 Aug 26 13:22:31.468361: | 50 1a 21 1f 72 d3 ef 42 2e 8b 02 62 21 b6 4d 15 Aug 26 13:22:31.468363: | 0f 03 c2 8d 67 3a 66 2f f0 84 5e c9 b2 09 ef ee Aug 26 13:22:31.468364: | bf 37 77 d8 90 c6 04 04 4a a5 bd 0b e0 ef 29 1b Aug 26 13:22:31.468366: | e3 af c0 e8 78 e2 1e 0a 03 d4 5f 45 39 29 dd e5 Aug 26 13:22:31.468367: | b9 0d 3c 62 48 18 c5 73 40 8b db 2c 92 4f 31 78 Aug 26 13:22:31.468369: | e2 60 e9 2b fe 01 cb 38 3d d4 43 de a6 71 11 6f Aug 26 13:22:31.468370: | 24 16 b2 dc 44 b7 18 98 d6 e8 6f cd 4b d9 ac 21 Aug 26 13:22:31.468371: | fd d0 86 1f e8 e6 e0 1b fc f6 8c 78 0b 02 73 67 Aug 26 13:22:31.468373: | 4b bb 46 b1 3a e7 51 d5 aa 23 9c e7 12 ac 2b 5f Aug 26 13:22:31.468374: | 12 26 4b cd b6 cf a8 5d 51 ad ef f1 6c ab 3e 08 Aug 26 13:22:31.468376: | 2f b5 bc d4 06 43 08 77 8f 7b 92 94 1d fd 1c 5c Aug 26 13:22:31.468377: | 83 70 35 fb 8e d0 9a e2 8b b3 8c 10 eb d4 bf 2a Aug 26 13:22:31.468379: | b1 79 66 81 df e3 17 db 2d b3 5c e7 Aug 26 13:22:31.468409: | !event_already_set at reschedule Aug 26 13:22:31.468428: | event_schedule: new EVENT_RETRANSMIT-pe@0x7f4eb8002b78 Aug 26 13:22:31.468431: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #7 Aug 26 13:22:31.468433: | libevent_malloc: new ptr-libevent@0x7f4eb40078e8 size 128 Aug 26 13:22:31.468437: | #7 STATE_QUICK_R1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 11037.210894 Aug 26 13:22:31.468439: | pstats #7 ikev1.ipsec established Aug 26 13:22:31.468441: | NAT-T: encaps is 'auto' Aug 26 13:22:31.468444: "northnet-eastnets/0x2" #7: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2 tunnel mode {ESP=>0x893ef52c <0xd3e21e6a xfrm=AES_CBC_128-HMAC_SHA1_96 NATOA=none NATD=none DPD=passive} Aug 26 13:22:31.468446: | modecfg pull: noquirk policy:push not-client Aug 26 13:22:31.468448: | phase 1 is done, looking for phase 2 to unpend Aug 26 13:22:31.468450: | resume sending helper answer for #7 suppresed complete_v1_state_transition() Aug 26 13:22:31.468454: | #7 spent 1.04 milliseconds in resume sending helper answer Aug 26 13:22:31.468458: | stop processing: state #7 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:833) Aug 26 13:22:31.468464: | libevent_free: release ptr-libevent@0x7f4eb80027d8 Aug 26 13:22:31.478609: | spent 0.00263 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:22:31.478630: | *received 76 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) Aug 26 13:22:31.478633: | ff 46 30 fd 82 4a 54 6b d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:31.478634: | 08 10 20 01 6e 47 49 b1 00 00 00 4c 65 ec 07 24 Aug 26 13:22:31.478636: | dd 0e 03 0b cb 1c 9d 5d 88 89 d6 8d 65 c6 fb ad Aug 26 13:22:31.478637: | fe 6d 7d d0 8f 89 e5 51 eb d5 3c 93 68 f1 75 92 Aug 26 13:22:31.478639: | 81 e7 0b b3 d1 3f b5 de 75 47 3e 36 Aug 26 13:22:31.478642: | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) Aug 26 13:22:31.478645: | **parse ISAKMP Message: Aug 26 13:22:31.478647: | initiator cookie: Aug 26 13:22:31.478649: | ff 46 30 fd 82 4a 54 6b Aug 26 13:22:31.478650: | responder cookie: Aug 26 13:22:31.478651: | d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:31.478653: | next payload type: ISAKMP_NEXT_HASH (0x8) Aug 26 13:22:31.478655: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 13:22:31.478657: | exchange type: ISAKMP_XCHG_QUICK (0x20) Aug 26 13:22:31.478659: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 13:22:31.478661: | Message ID: 1850165681 (0x6e4749b1) Aug 26 13:22:31.478662: | length: 76 (0x4c) Aug 26 13:22:31.478664: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32) Aug 26 13:22:31.478667: | State DB: found IKEv1 state #7 in QUICK_R1 (find_state_ikev1) Aug 26 13:22:31.478671: | start processing: state #7 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in process_v1_packet() at ikev1.c:1633) Aug 26 13:22:31.478673: | #7 is idle Aug 26 13:22:31.478674: | #7 idle Aug 26 13:22:31.478677: | received encrypted packet from 192.1.3.33:500 Aug 26 13:22:31.478690: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x100 opt: 0x0 Aug 26 13:22:31.478692: | ***parse ISAKMP Hash Payload: Aug 26 13:22:31.478694: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:31.478696: | length: 36 (0x24) Aug 26 13:22:31.478697: | removing 12 bytes of padding Aug 26 13:22:31.478715: | quick_inI2 HASH(3): Aug 26 13:22:31.478717: | e7 aa 10 f2 2e df b7 50 1e 54 8e 9a 55 6e 77 da Aug 26 13:22:31.478719: | aa 80 f3 9a cd 3c 6e 13 0f 66 33 69 87 61 d8 25 Aug 26 13:22:31.478721: | received 'quick_inI2' message HASH(3) data ok Aug 26 13:22:31.478724: | install_ipsec_sa() for #7: outbound only Aug 26 13:22:31.478726: | could_route called for northnet-eastnets/0x2 (kind=CK_PERMANENT) Aug 26 13:22:31.478728: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:22:31.478730: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Aug 26 13:22:31.478732: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Aug 26 13:22:31.478734: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Aug 26 13:22:31.478736: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Aug 26 13:22:31.478739: | route owner of "northnet-eastnets/0x2" erouted: self; eroute owner: self Aug 26 13:22:31.478741: | sr for #7: erouted Aug 26 13:22:31.478743: | route_and_eroute() for proto 0, and source port 0 dest port 0 Aug 26 13:22:31.478744: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:22:31.478746: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Aug 26 13:22:31.478748: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Aug 26 13:22:31.478749: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Aug 26 13:22:31.478751: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Aug 26 13:22:31.478753: | route owner of "northnet-eastnets/0x2" erouted: self; eroute owner: self Aug 26 13:22:31.478756: | route_and_eroute with c: northnet-eastnets/0x2 (next: none) ero:northnet-eastnets/0x2 esr:{(nil)} ro:northnet-eastnets/0x2 rosr:{(nil)} and state: #7 Aug 26 13:22:31.478758: | priority calculation of connection "northnet-eastnets/0x2" is 0xfe7e7 Aug 26 13:22:31.478764: | eroute_connection replace eroute 192.0.22.0/24:0 --0-> 192.0.3.0/24:0 => tun.0@192.1.3.33>tun.0@192.1.3.33 (raw_eroute) Aug 26 13:22:31.478769: | IPsec Sa SPD priority set to 1042407 Aug 26 13:22:31.478794: | raw_eroute result=success Aug 26 13:22:31.478796: | route_and_eroute: firewall_notified: true Aug 26 13:22:31.478799: | route_and_eroute: instance "northnet-eastnets/0x2", setting eroute_owner {spd=0x555fbaf25888,sr=0x555fbaf25888} to #7 (was #3) (newest_ipsec_sa=#3) Aug 26 13:22:31.478802: | #1 spent 0.0771 milliseconds in install_ipsec_sa() Aug 26 13:22:31.478805: | inI2: instance northnet-eastnets/0x2[0], setting IKEv1 newest_ipsec_sa to #7 (was #3) (spd.eroute=#7) cloned from #1 Aug 26 13:22:31.478806: | DPD: dpd_init() called on IPsec SA Aug 26 13:22:31.478808: | DPD: Peer does not support Dead Peer Detection Aug 26 13:22:31.478810: | complete v1 state transition with STF_OK Aug 26 13:22:31.478813: | [RE]START processing: state #7 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in complete_v1_state_transition() at ikev1.c:2673) Aug 26 13:22:31.478814: | #7 is idle Aug 26 13:22:31.478816: | doing_xauth:no, t_xauth_client_done:no Aug 26 13:22:31.478818: | IKEv1: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2 Aug 26 13:22:31.478820: | child state #7: QUICK_R1(established CHILD SA) => QUICK_R2(established CHILD SA) Aug 26 13:22:31.478822: | event_already_set, deleting event Aug 26 13:22:31.478839: | state #7 requesting EVENT_RETRANSMIT to be deleted Aug 26 13:22:31.478841: | #7 STATE_QUICK_R2: retransmits: cleared Aug 26 13:22:31.478844: | libevent_free: release ptr-libevent@0x7f4eb40078e8 Aug 26 13:22:31.478846: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f4eb8002b78 Aug 26 13:22:31.478861: | !event_already_set at reschedule Aug 26 13:22:31.478863: | event_schedule: new EVENT_SA_REPLACE-pe@0x7f4eb8002b78 Aug 26 13:22:31.478865: | inserting event EVENT_SA_REPLACE, timeout in 28530 seconds for #7 Aug 26 13:22:31.478868: | libevent_malloc: new ptr-libevent@0x7f4eb80027d8 size 128 Aug 26 13:22:31.478870: | pstats #7 ikev1.ipsec established Aug 26 13:22:31.478872: | NAT-T: encaps is 'auto' Aug 26 13:22:31.478875: "northnet-eastnets/0x2" #7: STATE_QUICK_R2: IPsec SA established tunnel mode {ESP=>0x893ef52c <0xd3e21e6a xfrm=AES_CBC_128-HMAC_SHA1_96 NATOA=none NATD=none DPD=passive} Aug 26 13:22:31.478877: | modecfg pull: noquirk policy:push not-client Aug 26 13:22:31.478878: | phase 1 is done, looking for phase 2 to unpend Aug 26 13:22:31.478881: | #7 spent 0.157 milliseconds in process_packet_tail() Aug 26 13:22:31.478884: | stop processing: from 192.1.3.33:500 (BACKGROUND) (in process_md() at demux.c:380) Aug 26 13:22:31.478887: | stop processing: state #7 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in process_md() at demux.c:382) Aug 26 13:22:31.478889: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:22:31.478892: | spent 0.27 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:22:34.472774: | spent 0.00258 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:22:34.472793: | *received 108 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) Aug 26 13:22:34.472796: | ff 46 30 fd 82 4a 54 6b d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:34.472798: | 08 10 05 01 ba 7e 44 9c 00 00 00 6c 7c e5 30 f8 Aug 26 13:22:34.472799: | 2b 71 72 f2 07 ee b3 0e 74 7f ec 3d 7f c0 5b e8 Aug 26 13:22:34.472801: | 52 27 ee d5 cc 68 fb e4 e5 c4 77 1e 79 24 3a 58 Aug 26 13:22:34.472803: | 15 fd 0e 1d 69 fa 63 73 7c 41 45 d7 46 0a 1e 69 Aug 26 13:22:34.472804: | b3 a7 d8 f9 9b 4d 80 0e 7b 25 a5 da 5e 71 45 e9 Aug 26 13:22:34.472806: | 34 94 2a dc d9 b3 66 b2 9d 9e bc b9 Aug 26 13:22:34.472809: | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) Aug 26 13:22:34.472812: | **parse ISAKMP Message: Aug 26 13:22:34.472814: | initiator cookie: Aug 26 13:22:34.472815: | ff 46 30 fd 82 4a 54 6b Aug 26 13:22:34.472817: | responder cookie: Aug 26 13:22:34.472818: | d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:34.472822: | next payload type: ISAKMP_NEXT_HASH (0x8) Aug 26 13:22:34.472824: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 13:22:34.472826: | exchange type: ISAKMP_XCHG_INFO (0x5) Aug 26 13:22:34.472828: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 13:22:34.472830: | Message ID: 3128837276 (0xba7e449c) Aug 26 13:22:34.472831: | length: 108 (0x6c) Aug 26 13:22:34.472834: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_INFO (5) Aug 26 13:22:34.472837: | peer and cookies match on #7; msgid=00000000 st_msgid=6e4749b1 st_msgid_phase15=00000000 Aug 26 13:22:34.472839: | peer and cookies match on #6; msgid=00000000 st_msgid=7d206b25 st_msgid_phase15=00000000 Aug 26 13:22:34.472841: | peer and cookies match on #5; msgid=00000000 st_msgid=17ff60cc st_msgid_phase15=00000000 Aug 26 13:22:34.472843: | peer and cookies match on #4; msgid=00000000 st_msgid=550e82c8 st_msgid_phase15=00000000 Aug 26 13:22:34.472845: | peer and cookies match on #3; msgid=00000000 st_msgid=60c91e6e st_msgid_phase15=00000000 Aug 26 13:22:34.472847: | peer and cookies match on #2; msgid=00000000 st_msgid=0d251a9e st_msgid_phase15=00000000 Aug 26 13:22:34.472849: | peer and cookies match on #1; msgid=00000000 st_msgid=00000000 st_msgid_phase15=00000000 Aug 26 13:22:34.472851: | p15 state object #1 found, in STATE_MAIN_R3 Aug 26 13:22:34.472853: | State DB: found IKEv1 state #1 in MAIN_R3 (find_v1_info_state) Aug 26 13:22:34.472857: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in process_v1_packet() at ikev1.c:1479) Aug 26 13:22:34.472870: | #1 is idle Aug 26 13:22:34.472872: | #1 idle Aug 26 13:22:34.472874: | received encrypted packet from 192.1.3.33:500 Aug 26 13:22:34.472882: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x100 opt: 0x0 Aug 26 13:22:34.472884: | ***parse ISAKMP Hash Payload: Aug 26 13:22:34.472886: | next payload type: ISAKMP_NEXT_N (0xb) Aug 26 13:22:34.472888: | length: 36 (0x24) Aug 26 13:22:34.472890: | got payload 0x800 (ISAKMP_NEXT_N) needed: 0x0 opt: 0x0 Aug 26 13:22:34.472892: | ***parse ISAKMP Notification Payload: Aug 26 13:22:34.472894: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:34.472895: | length: 32 (0x20) Aug 26 13:22:34.472897: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 13:22:34.472899: | protocol ID: 1 (0x1) Aug 26 13:22:34.472900: | SPI size: 16 (0x10) Aug 26 13:22:34.472902: | Notify Message Type: R_U_THERE (0x8d28) Aug 26 13:22:34.472904: | removing 12 bytes of padding Aug 26 13:22:34.472916: | informational HASH(1): Aug 26 13:22:34.472919: | d8 0d 6a dd 9b c8 6d c4 f4 e8 32 76 e9 58 9f 56 Aug 26 13:22:34.472920: | 58 23 01 12 76 eb 01 85 ef 88 be 5e 9f a9 01 a1 Aug 26 13:22:34.472923: | received 'informational' message HASH(1) data ok Aug 26 13:22:34.472924: | info: ff 46 30 fd 82 4a 54 6b d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:34.472926: | info: 00 00 36 00 Aug 26 13:22:34.472929: | processing informational R_U_THERE (36136) Aug 26 13:22:34.472930: | pstats ikev1_recv_notifies_e 36136 Aug 26 13:22:34.472934: | DPD: received R_U_THERE seq:13824 monotime:11040.2154 (state=#1 name="northnet-eastnets/0x2") Aug 26 13:22:34.472939: | **emit ISAKMP Message: Aug 26 13:22:34.472941: | initiator cookie: Aug 26 13:22:34.472942: | ff 46 30 fd 82 4a 54 6b Aug 26 13:22:34.472944: | responder cookie: Aug 26 13:22:34.472946: | d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:34.472947: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:34.472949: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 13:22:34.472951: | exchange type: ISAKMP_XCHG_INFO (0x5) Aug 26 13:22:34.472952: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 13:22:34.472954: | Message ID: 2749232924 (0xa3ddf71c) Aug 26 13:22:34.472956: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:22:34.472958: | ***emit ISAKMP Hash Payload: Aug 26 13:22:34.472960: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:34.472962: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Aug 26 13:22:34.472965: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'ISAKMP notify' Aug 26 13:22:34.472968: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Aug 26 13:22:34.472969: | emitting length of ISAKMP Hash Payload: 36 Aug 26 13:22:34.472971: | ***emit ISAKMP Notification Payload: Aug 26 13:22:34.472973: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:34.472974: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 13:22:34.472976: | protocol ID: 1 (0x1) Aug 26 13:22:34.472978: | SPI size: 16 (0x10) Aug 26 13:22:34.472979: | Notify Message Type: R_U_THERE_ACK (0x8d29) Aug 26 13:22:34.472981: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Notification Payload (11:ISAKMP_NEXT_N) Aug 26 13:22:34.472983: | next payload chain: saving location 'ISAKMP Notification Payload'.'next payload type' in 'ISAKMP notify' Aug 26 13:22:34.472986: | emitting 8 raw bytes of notify icookie into ISAKMP Notification Payload Aug 26 13:22:34.472987: | notify icookie ff 46 30 fd 82 4a 54 6b Aug 26 13:22:34.472989: | emitting 8 raw bytes of notify rcookie into ISAKMP Notification Payload Aug 26 13:22:34.472991: | notify rcookie d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:34.472993: | emitting 4 raw bytes of notify data into ISAKMP Notification Payload Aug 26 13:22:34.472994: | notify data 00 00 36 00 Aug 26 13:22:34.472996: | emitting length of ISAKMP Notification Payload: 32 Aug 26 13:22:34.473006: | notification HASH(1): Aug 26 13:22:34.473008: | 23 0a a7 96 2c b6 e4 4f 8a d7 d4 34 5c f9 17 32 Aug 26 13:22:34.473009: | 9b 28 bd e9 9c 2f 48 a2 11 f4 83 cf 4f 2b 9d 53 Aug 26 13:22:34.473014: | emitting 12 zero bytes of encryption padding into ISAKMP Message Aug 26 13:22:34.473016: | no IKEv1 message padding required Aug 26 13:22:34.473017: | emitting length of ISAKMP Message: 108 Aug 26 13:22:34.473024: | sending 108 bytes for ISAKMP notify through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) Aug 26 13:22:34.473026: | ff 46 30 fd 82 4a 54 6b d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:34.473027: | 08 10 05 01 a3 dd f7 1c 00 00 00 6c 34 de 57 53 Aug 26 13:22:34.473029: | 98 4e 13 f1 d6 11 77 05 ae fc 0d 2a 48 15 cb 87 Aug 26 13:22:34.473031: | 1b e5 ab d6 41 b5 89 ea 4b a9 b1 4f f5 25 81 3c Aug 26 13:22:34.473032: | 32 1c f0 60 c6 c2 1e 4d e7 22 f2 e7 17 24 ad 92 Aug 26 13:22:34.473034: | 0a ea 3b 8b 75 87 0b a6 f3 be 39 52 81 34 62 89 Aug 26 13:22:34.473035: | a4 a2 6f b4 b2 f6 98 ce fa 41 37 50 Aug 26 13:22:34.473060: | complete v1 state transition with STF_IGNORE Aug 26 13:22:34.473065: | #1 spent 0.122 milliseconds in process_packet_tail() Aug 26 13:22:34.473068: | stop processing: from 192.1.3.33:500 (BACKGROUND) (in process_md() at demux.c:380) Aug 26 13:22:34.473072: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in process_md() at demux.c:382) Aug 26 13:22:34.473074: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:22:34.473077: | spent 0.279 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:22:35.376462: | processing global timer EVENT_PENDING_DDNS Aug 26 13:22:35.376481: | FOR_EACH_CONNECTION_... in connection_check_ddns Aug 26 13:22:35.376484: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Aug 26 13:22:35.376487: | elapsed time in connection_check_ddns for hostname lookup 0.000006 Aug 26 13:22:35.376492: | spent 0.00998 milliseconds in global timer EVENT_PENDING_DDNS Aug 26 13:22:35.378552: | processing global timer EVENT_SHUNT_SCAN Aug 26 13:22:35.378562: | expiring aged bare shunts from shunt table Aug 26 13:22:35.378566: | spent 0.00361 milliseconds in global timer EVENT_SHUNT_SCAN Aug 26 13:22:37.475953: | spent 0.00768 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:22:37.476010: | *received 108 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) Aug 26 13:22:37.476028: | ff 46 30 fd 82 4a 54 6b d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:37.476038: | 08 10 05 01 f4 5b 0f 9e 00 00 00 6c b1 c9 d9 15 Aug 26 13:22:37.476047: | d7 91 13 b6 16 15 bc 44 5d b8 d5 19 c7 ed d2 a0 Aug 26 13:22:37.476052: | 19 28 cb b5 0a 9a b7 53 7e 4c 54 13 12 85 fc 99 Aug 26 13:22:37.476057: | b9 12 4a a9 1c 2a 2f 40 f3 ea 62 1b ab 49 b6 b0 Aug 26 13:22:37.476062: | 0d 8a 7b af 67 6f 97 0d bc 1e 15 f5 d4 c9 54 76 Aug 26 13:22:37.476067: | e5 fc 24 fe d9 0a af bd b8 75 35 40 Aug 26 13:22:37.476078: | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) Aug 26 13:22:37.476086: | **parse ISAKMP Message: Aug 26 13:22:37.476092: | initiator cookie: Aug 26 13:22:37.476097: | ff 46 30 fd 82 4a 54 6b Aug 26 13:22:37.476102: | responder cookie: Aug 26 13:22:37.476107: | d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:37.476113: | next payload type: ISAKMP_NEXT_HASH (0x8) Aug 26 13:22:37.476119: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 13:22:37.476125: | exchange type: ISAKMP_XCHG_INFO (0x5) Aug 26 13:22:37.476131: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 13:22:37.476136: | Message ID: 4099608478 (0xf45b0f9e) Aug 26 13:22:37.476142: | length: 108 (0x6c) Aug 26 13:22:37.476148: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_INFO (5) Aug 26 13:22:37.476158: | peer and cookies match on #7; msgid=00000000 st_msgid=6e4749b1 st_msgid_phase15=00000000 Aug 26 13:22:37.476164: | peer and cookies match on #6; msgid=00000000 st_msgid=7d206b25 st_msgid_phase15=00000000 Aug 26 13:22:37.476171: | peer and cookies match on #5; msgid=00000000 st_msgid=17ff60cc st_msgid_phase15=00000000 Aug 26 13:22:37.476177: | peer and cookies match on #4; msgid=00000000 st_msgid=550e82c8 st_msgid_phase15=00000000 Aug 26 13:22:37.476182: | peer and cookies match on #3; msgid=00000000 st_msgid=60c91e6e st_msgid_phase15=00000000 Aug 26 13:22:37.476189: | peer and cookies match on #2; msgid=00000000 st_msgid=0d251a9e st_msgid_phase15=00000000 Aug 26 13:22:37.476195: | peer and cookies match on #1; msgid=00000000 st_msgid=00000000 st_msgid_phase15=00000000 Aug 26 13:22:37.476200: | p15 state object #1 found, in STATE_MAIN_R3 Aug 26 13:22:37.476207: | State DB: found IKEv1 state #1 in MAIN_R3 (find_v1_info_state) Aug 26 13:22:37.476218: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in process_v1_packet() at ikev1.c:1479) Aug 26 13:22:37.476250: | #1 is idle Aug 26 13:22:37.476256: | #1 idle Aug 26 13:22:37.476264: | received encrypted packet from 192.1.3.33:500 Aug 26 13:22:37.476286: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x100 opt: 0x0 Aug 26 13:22:37.476350: | ***parse ISAKMP Hash Payload: Aug 26 13:22:37.476358: | next payload type: ISAKMP_NEXT_N (0xb) Aug 26 13:22:37.476364: | length: 36 (0x24) Aug 26 13:22:37.476370: | got payload 0x800 (ISAKMP_NEXT_N) needed: 0x0 opt: 0x0 Aug 26 13:22:37.476376: | ***parse ISAKMP Notification Payload: Aug 26 13:22:37.476382: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:37.476387: | length: 32 (0x20) Aug 26 13:22:37.476393: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 13:22:37.476399: | protocol ID: 1 (0x1) Aug 26 13:22:37.476405: | SPI size: 16 (0x10) Aug 26 13:22:37.476411: | Notify Message Type: R_U_THERE (0x8d28) Aug 26 13:22:37.476417: | removing 12 bytes of padding Aug 26 13:22:37.476462: | informational HASH(1): Aug 26 13:22:37.476472: | 99 a3 8e a0 fa c1 cd e1 28 25 32 35 63 50 f1 b0 Aug 26 13:22:37.476479: | c4 ea 8d b6 24 ab 3c c9 d2 d5 09 18 47 f8 f8 b0 Aug 26 13:22:37.476486: | received 'informational' message HASH(1) data ok Aug 26 13:22:37.476493: | info: ff 46 30 fd 82 4a 54 6b d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:37.476499: | info: 00 00 36 01 Aug 26 13:22:37.476509: | processing informational R_U_THERE (36136) Aug 26 13:22:37.476516: | pstats ikev1_recv_notifies_e 36136 Aug 26 13:22:37.476529: | DPD: received R_U_THERE seq:13825 monotime:11043.218989 (state=#1 name="northnet-eastnets/0x2") Aug 26 13:22:37.476558: | **emit ISAKMP Message: Aug 26 13:22:37.476567: | initiator cookie: Aug 26 13:22:37.476575: | ff 46 30 fd 82 4a 54 6b Aug 26 13:22:37.476581: | responder cookie: Aug 26 13:22:37.476587: | d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:37.476595: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:37.476603: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 13:22:37.476610: | exchange type: ISAKMP_XCHG_INFO (0x5) Aug 26 13:22:37.476616: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 13:22:37.476624: | Message ID: 2933732493 (0xaedd348d) Aug 26 13:22:37.476631: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:22:37.476639: | ***emit ISAKMP Hash Payload: Aug 26 13:22:37.476645: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:37.476654: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Aug 26 13:22:37.476661: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'ISAKMP notify' Aug 26 13:22:37.476669: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Aug 26 13:22:37.476676: | emitting length of ISAKMP Hash Payload: 36 Aug 26 13:22:37.476683: | ***emit ISAKMP Notification Payload: Aug 26 13:22:37.476690: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:37.476697: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 13:22:37.476704: | protocol ID: 1 (0x1) Aug 26 13:22:37.476710: | SPI size: 16 (0x10) Aug 26 13:22:37.476717: | Notify Message Type: R_U_THERE_ACK (0x8d29) Aug 26 13:22:37.476725: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Notification Payload (11:ISAKMP_NEXT_N) Aug 26 13:22:37.476734: | next payload chain: saving location 'ISAKMP Notification Payload'.'next payload type' in 'ISAKMP notify' Aug 26 13:22:37.476743: | emitting 8 raw bytes of notify icookie into ISAKMP Notification Payload Aug 26 13:22:37.476750: | notify icookie ff 46 30 fd 82 4a 54 6b Aug 26 13:22:37.476757: | emitting 8 raw bytes of notify rcookie into ISAKMP Notification Payload Aug 26 13:22:37.476764: | notify rcookie d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:37.476771: | emitting 4 raw bytes of notify data into ISAKMP Notification Payload Aug 26 13:22:37.476777: | notify data 00 00 36 01 Aug 26 13:22:37.476784: | emitting length of ISAKMP Notification Payload: 32 Aug 26 13:22:37.476825: | notification HASH(1): Aug 26 13:22:37.476835: | c0 38 78 6a fa b4 d6 94 b8 8f ab aa 68 bf 29 65 Aug 26 13:22:37.476842: | 43 24 f5 56 2f 7b a4 ab af b5 09 fe 3a d8 b2 b6 Aug 26 13:22:37.476862: | emitting 12 zero bytes of encryption padding into ISAKMP Message Aug 26 13:22:37.476871: | no IKEv1 message padding required Aug 26 13:22:37.476877: | emitting length of ISAKMP Message: 108 Aug 26 13:22:37.476903: | sending 108 bytes for ISAKMP notify through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) Aug 26 13:22:37.476912: | ff 46 30 fd 82 4a 54 6b d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:37.476919: | 08 10 05 01 ae dd 34 8d 00 00 00 6c 0c 20 74 c3 Aug 26 13:22:37.476925: | 23 bf cc 18 fc 53 8c c4 96 8a 48 7d 99 c2 c1 27 Aug 26 13:22:37.476931: | ed 19 3a 9f 94 c0 ee 2c 08 b6 0b 47 4a d8 5b 2b Aug 26 13:22:37.476938: | d4 93 bc f8 eb 6a 10 f1 1e d3 95 15 06 5b c4 a2 Aug 26 13:22:37.476944: | 8a 5c 12 e5 19 12 00 a9 3e 8a 36 36 8a 77 1b 29 Aug 26 13:22:37.476951: | c3 32 02 c5 70 15 df 5e f7 33 f6 db Aug 26 13:22:37.477030: | complete v1 state transition with STF_IGNORE Aug 26 13:22:37.477049: | #1 spent 0.493 milliseconds in process_packet_tail() Aug 26 13:22:37.477063: | stop processing: from 192.1.3.33:500 (BACKGROUND) (in process_md() at demux.c:380) Aug 26 13:22:37.477077: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in process_md() at demux.c:382) Aug 26 13:22:37.477085: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:22:37.477096: | spent 1.04 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:22:37.482211: | processing global timer EVENT_NAT_T_KEEPALIVE Aug 26 13:22:37.482237: | FOR_EACH_STATE_... in nat_traversal_ka_event (for_each_state) Aug 26 13:22:37.482247: | start processing: state #7 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in for_each_state() at state.c:1575) Aug 26 13:22:37.482252: | not behind NAT: no NAT-T KEEP-ALIVE required for conn northnet-eastnets/0x2 Aug 26 13:22:37.482258: | [RE]START processing: state #7 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in nat_traversal_send_ka() at nat_traversal.c:774) Aug 26 13:22:37.482263: | ka_event: send NAT-KA to 192.1.3.33:500 (state=#7) Aug 26 13:22:37.482266: | sending NAT-T Keep Alive Aug 26 13:22:37.482273: | sending 1 bytes for NAT-T Keep Alive through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #7) Aug 26 13:22:37.482276: | ff Aug 26 13:22:37.482348: | stop processing: state #7 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in nat_traversal_send_ka() at nat_traversal.c:786) Aug 26 13:22:37.482362: | processing: STOP state #0 (in for_each_state() at state.c:1577) Aug 26 13:22:37.482373: | start processing: state #6 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in for_each_state() at state.c:1575) Aug 26 13:22:37.482378: | not behind NAT: no NAT-T KEEP-ALIVE required for conn northnet-eastnets/0x1 Aug 26 13:22:37.482387: | stop processing: state #6 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in for_each_state() at state.c:1577) Aug 26 13:22:37.482396: | start processing: state #5 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in for_each_state() at state.c:1575) Aug 26 13:22:37.482402: | not behind NAT: no NAT-T KEEP-ALIVE required for conn northnet-eastnets/0x2 Aug 26 13:22:37.482411: | stop processing: state #5 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in for_each_state() at state.c:1577) Aug 26 13:22:37.482420: | start processing: state #4 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in for_each_state() at state.c:1575) Aug 26 13:22:37.482425: | not behind NAT: no NAT-T KEEP-ALIVE required for conn northnet-eastnets/0x1 Aug 26 13:22:37.482431: | [RE]START processing: state #4 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in nat_traversal_send_ka() at nat_traversal.c:774) Aug 26 13:22:37.482435: | ka_event: send NAT-KA to 192.1.3.33:500 (state=#4) Aug 26 13:22:37.482438: | sending NAT-T Keep Alive Aug 26 13:22:37.482445: | sending 1 bytes for NAT-T Keep Alive through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #4) Aug 26 13:22:37.482448: | ff Aug 26 13:22:37.482476: | stop processing: state #4 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in nat_traversal_send_ka() at nat_traversal.c:786) Aug 26 13:22:37.482485: | processing: STOP state #0 (in for_each_state() at state.c:1577) Aug 26 13:22:37.482495: | start processing: state #3 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in for_each_state() at state.c:1575) Aug 26 13:22:37.482501: | not behind NAT: no NAT-T KEEP-ALIVE required for conn northnet-eastnets/0x2 Aug 26 13:22:37.482510: | stop processing: state #3 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in for_each_state() at state.c:1577) Aug 26 13:22:37.482519: | start processing: state #2 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in for_each_state() at state.c:1575) Aug 26 13:22:37.482526: | not behind NAT: no NAT-T KEEP-ALIVE required for conn northnet-eastnets/0x1 Aug 26 13:22:37.482532: | stop processing: state #2 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in for_each_state() at state.c:1577) Aug 26 13:22:37.482537: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in for_each_state() at state.c:1575) Aug 26 13:22:37.482540: | not behind NAT: no NAT-T KEEP-ALIVE required for conn northnet-eastnets/0x2 Aug 26 13:22:37.482545: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in for_each_state() at state.c:1577) Aug 26 13:22:37.482550: | global one-shot timer EVENT_NAT_T_KEEPALIVE scheduled in 20 seconds Aug 26 13:22:37.482563: | spent 0.272 milliseconds in global timer EVENT_NAT_T_KEEPALIVE Aug 26 13:22:38.560751: | timer_event_cb: processing event@0x7f4ebc004218 Aug 26 13:22:38.560801: | handling event EVENT_RETRANSMIT for child state #5 Aug 26 13:22:38.560826: | start processing: state #5 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in timer_event_cb() at timer.c:250) Aug 26 13:22:38.560838: | IKEv1 retransmit event Aug 26 13:22:38.560854: | [RE]START processing: state #5 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in retransmit_v1_msg() at retry.c:61) Aug 26 13:22:38.560869: | handling event EVENT_RETRANSMIT for 192.1.3.33 "northnet-eastnets/0x2" #5 keying attempt 0 of 0; retransmit 6 Aug 26 13:22:38.560890: | retransmits: current time 11044.303345; retransmit count 5 exceeds limit? NO; deltatime 16 exceeds limit? NO; monotime 16.015661 exceeds limit? NO Aug 26 13:22:38.560902: | event_schedule: new EVENT_RETRANSMIT-pe@0x555fbaf28f98 Aug 26 13:22:38.560915: | inserting event EVENT_RETRANSMIT, timeout in 16 seconds for #5 Aug 26 13:22:38.560926: | libevent_malloc: new ptr-libevent@0x555fbaf3df18 size 128 Aug 26 13:22:38.560939: "northnet-eastnets/0x2" #5: STATE_QUICK_R1: retransmission; will wait 16 seconds for response Aug 26 13:22:38.560959: | sending 460 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #5) Aug 26 13:22:38.560968: | ff 46 30 fd 82 4a 54 6b d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:38.560976: | 08 10 20 01 17 ff 60 cc 00 00 01 cc 91 d8 8d ab Aug 26 13:22:38.560984: | 13 84 10 79 0c 45 94 a3 57 8e f0 7f 3f 6d 6b f8 Aug 26 13:22:38.560991: | d7 6b f0 22 26 d2 a8 2f c2 2e 83 c3 44 3c 19 62 Aug 26 13:22:38.560999: | 86 5b cf ef 37 22 b6 8d f9 ad d8 7d 0f ff 82 88 Aug 26 13:22:38.561006: | 01 54 f3 c1 6c 83 70 02 f3 19 96 3e 7e f9 3d 0f Aug 26 13:22:38.561013: | 1a 2c 33 a0 4c 89 62 34 ac 14 4e 13 bc 8a 21 7b Aug 26 13:22:38.561021: | 00 14 44 6b 60 94 db ed e6 4a 4a 5a d2 27 78 86 Aug 26 13:22:38.561028: | 74 d7 81 87 45 7a d6 73 db 60 52 ee 06 42 1b 02 Aug 26 13:22:38.561035: | 00 6b 63 00 b6 29 9e 77 8e 75 ea d9 f1 da 31 71 Aug 26 13:22:38.561042: | 66 6c a4 4f de 0b 2d eb c1 74 31 16 58 cf b1 68 Aug 26 13:22:38.561050: | e2 95 0e 30 ff fb c6 fd 22 52 53 67 cc bf a7 84 Aug 26 13:22:38.561057: | 67 f3 2d 61 cf 79 66 2c be a8 b7 62 e5 b7 ac 0f Aug 26 13:22:38.561064: | 90 68 d4 c8 a2 d8 e2 01 a7 c6 e8 33 61 82 3b 6b Aug 26 13:22:38.561071: | 47 42 ff d1 78 4b 94 a4 2b 42 3d ab 90 1c 25 00 Aug 26 13:22:38.561079: | 62 5e 9c a1 02 54 b8 c3 cc b8 63 b1 0b 8a 6b 5f Aug 26 13:22:38.561086: | 09 3c 58 ef 71 93 a1 3c 18 23 60 62 04 15 bf 87 Aug 26 13:22:38.561093: | 40 0f cf d4 47 42 33 78 4d 1f cb a9 44 24 f6 88 Aug 26 13:22:38.561100: | 4b 76 c0 04 cd 76 51 14 1e 7f f9 a7 f0 c4 7f 68 Aug 26 13:22:38.561108: | e3 d5 c2 83 f9 f1 ed 71 9a 97 ef 97 13 69 4e 91 Aug 26 13:22:38.561115: | 3f 2a c5 30 a9 b2 7d f8 fe c3 ed 82 e6 68 e3 47 Aug 26 13:22:38.561122: | 53 94 e9 f8 b4 21 43 2b 2d e1 b6 aa 44 fe 24 ae Aug 26 13:22:38.561130: | 89 69 4c e8 b4 7c 2a 87 0a 3e 21 56 cb 9b 1f 01 Aug 26 13:22:38.561137: | 7a 97 65 33 b1 25 44 85 89 2e 84 29 ba ac 67 87 Aug 26 13:22:38.561144: | a0 2a b2 ab ff 41 df b6 78 49 8c 24 8c a2 52 8e Aug 26 13:22:38.561151: | 84 c9 34 c2 23 9b 32 a5 bb bd 3f 31 2f 83 89 93 Aug 26 13:22:38.561159: | 24 f7 d2 b2 c1 6e 08 dc a9 f6 b5 04 64 85 87 05 Aug 26 13:22:38.561166: | f1 56 60 d3 fe fe f0 0a dd 26 4e 38 07 2d 9e d4 Aug 26 13:22:38.561173: | 62 db 0c a7 e8 a7 2a c9 1c de 93 74 Aug 26 13:22:38.561319: | libevent_free: release ptr-libevent@0x7f4ec8003e78 Aug 26 13:22:38.561353: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f4ebc004218 Aug 26 13:22:38.561379: | #5 spent 0.553 milliseconds in timer_event_cb() EVENT_RETRANSMIT Aug 26 13:22:38.561406: | stop processing: state #5 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in timer_event_cb() at timer.c:557) Aug 26 13:22:38.561439: | timer_event_cb: processing event@0x555fbaf3eb68 Aug 26 13:22:38.561455: | handling event EVENT_RETRANSMIT for child state #6 Aug 26 13:22:38.561480: | start processing: state #6 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in timer_event_cb() at timer.c:250) Aug 26 13:22:38.561496: | IKEv1 retransmit event Aug 26 13:22:38.561521: | [RE]START processing: state #6 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in retransmit_v1_msg() at retry.c:61) Aug 26 13:22:38.561543: | handling event EVENT_RETRANSMIT for 192.1.3.33 "northnet-eastnets/0x1" #6 keying attempt 0 of 0; retransmit 6 Aug 26 13:22:38.561572: | retransmits: current time 11044.304023; retransmit count 5 exceeds limit? NO; deltatime 16 exceeds limit? NO; monotime 16.015038 exceeds limit? NO Aug 26 13:22:38.561588: | event_schedule: new EVENT_RETRANSMIT-pe@0x7f4ebc004218 Aug 26 13:22:38.561606: | inserting event EVENT_RETRANSMIT, timeout in 16 seconds for #6 Aug 26 13:22:38.561622: | libevent_malloc: new ptr-libevent@0x7f4ec8003e78 size 128 Aug 26 13:22:38.561639: "northnet-eastnets/0x1" #6: STATE_QUICK_R1: retransmission; will wait 16 seconds for response Aug 26 13:22:38.561668: | sending 460 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #6) Aug 26 13:22:38.561681: | ff 46 30 fd 82 4a 54 6b d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:38.561694: | 08 10 20 01 7d 20 6b 25 00 00 01 cc af 36 6f 0c Aug 26 13:22:38.561707: | 84 ee 71 a9 51 a8 42 2e 9c e1 24 b8 71 b4 a5 93 Aug 26 13:22:38.561720: | de e8 dc 17 62 37 71 d5 a1 f6 82 57 96 56 b3 c6 Aug 26 13:22:38.561733: | 76 d1 d6 36 c4 72 23 b3 f3 c5 ff d3 a4 cf d0 8e Aug 26 13:22:38.561746: | ad c5 9a 7b e8 fd e1 3c eb 8b 45 35 6d 63 de 11 Aug 26 13:22:38.561758: | 29 74 d0 79 5c 7b 82 e3 34 59 22 44 12 ba fb 41 Aug 26 13:22:38.561771: | e8 f9 d6 dd 3f 63 d6 63 ac d8 dd 13 bf 4a 20 66 Aug 26 13:22:38.561784: | 90 e6 f7 63 f0 e0 34 a3 87 71 aa ce 67 c7 41 40 Aug 26 13:22:38.561797: | 82 a0 e9 da 1c 1e 04 df 59 5a a4 e1 5f 70 e2 ca Aug 26 13:22:38.561809: | a3 50 8e ab 30 c1 3d e6 00 69 4c e3 87 3f 26 9e Aug 26 13:22:38.561822: | 59 96 ef 81 60 96 d3 f4 c4 f8 7a e5 42 77 3f 2a Aug 26 13:22:38.561835: | b3 7b 76 93 d1 28 ca db 44 07 e6 12 2a 6b 75 a9 Aug 26 13:22:38.561847: | 49 9e 30 24 b2 aa 98 b2 4a 09 5f ac 04 5a 76 b6 Aug 26 13:22:38.561859: | 84 51 db ae 4d 7e 36 24 51 43 6b 2b 86 88 79 4e Aug 26 13:22:38.561871: | e3 54 3a de 1f 63 48 c7 1d b3 83 00 45 1d ba 1f Aug 26 13:22:38.561883: | 3d 5b 05 dc fb f2 26 d6 70 65 0e 56 6c 4c 88 de Aug 26 13:22:38.561896: | 53 ff ba 2e 0a e7 38 87 04 18 77 a3 40 06 21 72 Aug 26 13:22:38.561909: | 0d 48 6f 9b 13 64 cf e2 34 aa 64 4c 19 13 c9 af Aug 26 13:22:38.561922: | c0 44 36 cf 0e f1 c1 fb c2 35 9f 80 2c 48 f8 62 Aug 26 13:22:38.561935: | 69 f5 da 06 e0 33 34 4e 35 d7 01 53 00 29 23 a8 Aug 26 13:22:38.561948: | 6b 9b d5 fe fd e6 4b a3 aa e5 71 b8 b5 6d 75 e1 Aug 26 13:22:38.561960: | f1 bd 65 9c 6e 21 eb a5 64 95 6d ec df 6b 21 28 Aug 26 13:22:38.561973: | a0 52 a2 2c a5 89 2f a2 af 89 8a c9 a2 f7 55 bb Aug 26 13:22:38.561986: | 91 a2 a2 44 85 d3 3e 79 7c 2b db 08 60 f8 5a 9d Aug 26 13:22:38.561999: | 88 75 71 dd 47 8d 0e 70 66 60 9a f8 4d 81 10 81 Aug 26 13:22:38.562011: | 7d c4 e6 bd 77 84 54 13 d1 3b eb f6 6e 7f 1c 4f Aug 26 13:22:38.562024: | c4 3c 63 e0 ea 33 4e d1 fa 99 78 14 83 c6 d9 34 Aug 26 13:22:38.562037: | bc fc 0d 2d db e4 5e ab 81 5d 99 08 Aug 26 13:22:38.562110: | libevent_free: release ptr-libevent@0x7f4ec8005118 Aug 26 13:22:38.562127: | free_event_entry: release EVENT_RETRANSMIT-pe@0x555fbaf3eb68 Aug 26 13:22:38.562152: | #6 spent 0.679 milliseconds in timer_event_cb() EVENT_RETRANSMIT Aug 26 13:22:38.562176: | stop processing: state #6 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in timer_event_cb() at timer.c:557) Aug 26 13:22:40.479197: | spent 0.0028 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:22:40.479220: | *received 108 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) Aug 26 13:22:40.479224: | ff 46 30 fd 82 4a 54 6b d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:40.479225: | 08 10 05 01 d6 c1 47 6f 00 00 00 6c 93 fc b9 fb Aug 26 13:22:40.479227: | 98 6d c0 03 2d 75 41 bf f2 99 ea 49 7d 24 8b 8b Aug 26 13:22:40.479229: | 0e fe 30 26 35 d5 2d da 37 26 9f 27 6b 18 8b 04 Aug 26 13:22:40.479230: | a1 a5 32 15 4d 78 16 31 12 69 ff a2 2b 66 0b dc Aug 26 13:22:40.479232: | 41 4f 68 8a 55 e2 b0 5d f4 9f b5 7d 68 b6 09 56 Aug 26 13:22:40.479233: | 73 24 3c 13 02 82 80 a6 d0 ea 4a 63 Aug 26 13:22:40.479236: | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) Aug 26 13:22:40.479239: | **parse ISAKMP Message: Aug 26 13:22:40.479241: | initiator cookie: Aug 26 13:22:40.479242: | ff 46 30 fd 82 4a 54 6b Aug 26 13:22:40.479244: | responder cookie: Aug 26 13:22:40.479246: | d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:40.479248: | next payload type: ISAKMP_NEXT_HASH (0x8) Aug 26 13:22:40.479249: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 13:22:40.479251: | exchange type: ISAKMP_XCHG_INFO (0x5) Aug 26 13:22:40.479253: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 13:22:40.479255: | Message ID: 3602990959 (0xd6c1476f) Aug 26 13:22:40.479256: | length: 108 (0x6c) Aug 26 13:22:40.479258: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_INFO (5) Aug 26 13:22:40.479262: | peer and cookies match on #7; msgid=00000000 st_msgid=6e4749b1 st_msgid_phase15=00000000 Aug 26 13:22:40.479264: | peer and cookies match on #6; msgid=00000000 st_msgid=7d206b25 st_msgid_phase15=00000000 Aug 26 13:22:40.479266: | peer and cookies match on #5; msgid=00000000 st_msgid=17ff60cc st_msgid_phase15=00000000 Aug 26 13:22:40.479268: | peer and cookies match on #4; msgid=00000000 st_msgid=550e82c8 st_msgid_phase15=00000000 Aug 26 13:22:40.479270: | peer and cookies match on #3; msgid=00000000 st_msgid=60c91e6e st_msgid_phase15=00000000 Aug 26 13:22:40.479272: | peer and cookies match on #2; msgid=00000000 st_msgid=0d251a9e st_msgid_phase15=00000000 Aug 26 13:22:40.479274: | peer and cookies match on #1; msgid=00000000 st_msgid=00000000 st_msgid_phase15=00000000 Aug 26 13:22:40.479276: | p15 state object #1 found, in STATE_MAIN_R3 Aug 26 13:22:40.479278: | State DB: found IKEv1 state #1 in MAIN_R3 (find_v1_info_state) Aug 26 13:22:40.479282: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in process_v1_packet() at ikev1.c:1479) Aug 26 13:22:40.479311: | #1 is idle Aug 26 13:22:40.479317: | #1 idle Aug 26 13:22:40.479321: | received encrypted packet from 192.1.3.33:500 Aug 26 13:22:40.479332: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x100 opt: 0x0 Aug 26 13:22:40.479335: | ***parse ISAKMP Hash Payload: Aug 26 13:22:40.479338: | next payload type: ISAKMP_NEXT_N (0xb) Aug 26 13:22:40.479340: | length: 36 (0x24) Aug 26 13:22:40.479342: | got payload 0x800 (ISAKMP_NEXT_N) needed: 0x0 opt: 0x0 Aug 26 13:22:40.479344: | ***parse ISAKMP Notification Payload: Aug 26 13:22:40.479346: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:40.479347: | length: 32 (0x20) Aug 26 13:22:40.479349: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 13:22:40.479351: | protocol ID: 1 (0x1) Aug 26 13:22:40.479352: | SPI size: 16 (0x10) Aug 26 13:22:40.479354: | Notify Message Type: R_U_THERE (0x8d28) Aug 26 13:22:40.479356: | removing 12 bytes of padding Aug 26 13:22:40.479374: | informational HASH(1): Aug 26 13:22:40.479376: | e6 5c 71 30 f4 3e 3a cb 0f cf 78 b2 3d 98 5b 68 Aug 26 13:22:40.479378: | 6b dd fd 21 99 81 6d e6 7e 48 af 7e a5 45 a1 08 Aug 26 13:22:40.479380: | received 'informational' message HASH(1) data ok Aug 26 13:22:40.479381: | info: ff 46 30 fd 82 4a 54 6b d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:40.479383: | info: 00 00 36 02 Aug 26 13:22:40.479386: | processing informational R_U_THERE (36136) Aug 26 13:22:40.479388: | pstats ikev1_recv_notifies_e 36136 Aug 26 13:22:40.479393: | DPD: received R_U_THERE seq:13826 monotime:11046.221858 (state=#1 name="northnet-eastnets/0x2") Aug 26 13:22:40.479398: | **emit ISAKMP Message: Aug 26 13:22:40.479401: | initiator cookie: Aug 26 13:22:40.479402: | ff 46 30 fd 82 4a 54 6b Aug 26 13:22:40.479404: | responder cookie: Aug 26 13:22:40.479405: | d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:40.479407: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:40.479409: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 13:22:40.479411: | exchange type: ISAKMP_XCHG_INFO (0x5) Aug 26 13:22:40.479412: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 13:22:40.479414: | Message ID: 2476888179 (0x93a25073) Aug 26 13:22:40.479416: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:22:40.479418: | ***emit ISAKMP Hash Payload: Aug 26 13:22:40.479420: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:40.479422: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Aug 26 13:22:40.479424: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'ISAKMP notify' Aug 26 13:22:40.479426: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Aug 26 13:22:40.479428: | emitting length of ISAKMP Hash Payload: 36 Aug 26 13:22:40.479429: | ***emit ISAKMP Notification Payload: Aug 26 13:22:40.479431: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:40.479433: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 13:22:40.479434: | protocol ID: 1 (0x1) Aug 26 13:22:40.479436: | SPI size: 16 (0x10) Aug 26 13:22:40.479438: | Notify Message Type: R_U_THERE_ACK (0x8d29) Aug 26 13:22:40.479440: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Notification Payload (11:ISAKMP_NEXT_N) Aug 26 13:22:40.479442: | next payload chain: saving location 'ISAKMP Notification Payload'.'next payload type' in 'ISAKMP notify' Aug 26 13:22:40.479444: | emitting 8 raw bytes of notify icookie into ISAKMP Notification Payload Aug 26 13:22:40.479446: | notify icookie ff 46 30 fd 82 4a 54 6b Aug 26 13:22:40.479448: | emitting 8 raw bytes of notify rcookie into ISAKMP Notification Payload Aug 26 13:22:40.479449: | notify rcookie d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:40.479451: | emitting 4 raw bytes of notify data into ISAKMP Notification Payload Aug 26 13:22:40.479452: | notify data 00 00 36 02 Aug 26 13:22:40.479454: | emitting length of ISAKMP Notification Payload: 32 Aug 26 13:22:40.479464: | notification HASH(1): Aug 26 13:22:40.479466: | e9 db b8 3d 8c fc d8 c1 e0 6d 81 8b 02 9e 72 3e Aug 26 13:22:40.479468: | 91 2e e8 44 8e 4b 4f ed b6 a8 06 bc 99 5a 6e 2c Aug 26 13:22:40.479472: | emitting 12 zero bytes of encryption padding into ISAKMP Message Aug 26 13:22:40.479474: | no IKEv1 message padding required Aug 26 13:22:40.479476: | emitting length of ISAKMP Message: 108 Aug 26 13:22:40.479482: | sending 108 bytes for ISAKMP notify through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) Aug 26 13:22:40.479484: | ff 46 30 fd 82 4a 54 6b d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:40.479486: | 08 10 05 01 93 a2 50 73 00 00 00 6c d6 55 38 e4 Aug 26 13:22:40.479487: | 19 76 13 7c a8 01 5b b9 c6 36 16 f1 db 4e e1 bb Aug 26 13:22:40.479489: | 10 be f7 01 5c 3b ec 23 f6 ed a2 86 5e 78 46 e5 Aug 26 13:22:40.479491: | 40 b5 2b 71 f6 98 a1 83 c1 5a 93 b9 1d 95 1e 93 Aug 26 13:22:40.479492: | 99 83 4f 81 3d 83 b7 ba 43 78 39 de b7 4a 53 70 Aug 26 13:22:40.479493: | 19 62 05 34 3e 15 02 9b 7c cb e1 56 Aug 26 13:22:40.479526: | complete v1 state transition with STF_IGNORE Aug 26 13:22:40.479533: | #1 spent 0.127 milliseconds in process_packet_tail() Aug 26 13:22:40.479538: | stop processing: from 192.1.3.33:500 (BACKGROUND) (in process_md() at demux.c:380) Aug 26 13:22:40.479543: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in process_md() at demux.c:382) Aug 26 13:22:40.479549: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:22:40.479554: | spent 0.311 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:22:42.795197: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:22:42.795381: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 13:22:42.795390: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 13:22:42.795500: | FOR_EACH_STATE_... in show_states_status (sort_states) Aug 26 13:22:42.795504: | FOR_EACH_STATE_... in sort_states Aug 26 13:22:42.795511: | get_sa_info esp.19ad0dcb@192.1.2.23 Aug 26 13:22:42.795530: | get_sa_info esp.4ad1f014@192.1.3.33 Aug 26 13:22:42.795542: | get_sa_info esp.1de30b97@192.1.2.23 Aug 26 13:22:42.795549: | get_sa_info esp.6367355e@192.1.3.33 Aug 26 13:22:42.795560: | get_sa_info esp.5b1ca772@192.1.2.23 Aug 26 13:22:42.795565: | get_sa_info esp.aad72ba6@192.1.3.33 Aug 26 13:22:42.795578: | get_sa_info esp.38d5abde@192.1.2.23 Aug 26 13:22:42.795584: | get_sa_info esp.84e11f1c@192.1.3.33 Aug 26 13:22:42.795595: | get_sa_info esp.dfa7993f@192.1.2.23 Aug 26 13:22:42.795601: | get_sa_info esp.dcd59a6b@192.1.3.33 Aug 26 13:22:42.795611: | get_sa_info esp.d3e21e6a@192.1.2.23 Aug 26 13:22:42.795618: | get_sa_info esp.893ef52c@192.1.3.33 Aug 26 13:22:42.795646: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:22:42.795667: | spent 0.469 milliseconds in whack Aug 26 13:22:43.480299: | spent 0.00321 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:22:43.480323: | *received 108 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) Aug 26 13:22:43.480340: | ff 46 30 fd 82 4a 54 6b d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:43.480343: | 08 10 05 01 4d 11 a6 08 00 00 00 6c ee 88 26 09 Aug 26 13:22:43.480345: | 43 a8 8d 23 55 a9 08 19 9c 69 fb e6 a2 18 49 eb Aug 26 13:22:43.480347: | 96 a4 65 7f 66 27 9d f4 7f 2c 5c 93 87 4b e6 4a Aug 26 13:22:43.480350: | ba b5 43 81 eb 69 c5 6d 05 a3 54 04 43 3d 37 da Aug 26 13:22:43.480352: | be 07 d1 cc 6a 2d 15 c1 23 8f 0e b5 31 4a b1 d0 Aug 26 13:22:43.480355: | da f3 f5 a3 7a 18 ef 7b a8 13 58 b5 Aug 26 13:22:43.480360: | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) Aug 26 13:22:43.480364: | **parse ISAKMP Message: Aug 26 13:22:43.480366: | initiator cookie: Aug 26 13:22:43.480369: | ff 46 30 fd 82 4a 54 6b Aug 26 13:22:43.480371: | responder cookie: Aug 26 13:22:43.480374: | d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:43.480377: | next payload type: ISAKMP_NEXT_HASH (0x8) Aug 26 13:22:43.480379: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 13:22:43.480382: | exchange type: ISAKMP_XCHG_INFO (0x5) Aug 26 13:22:43.480385: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 13:22:43.480387: | Message ID: 1293002248 (0x4d11a608) Aug 26 13:22:43.480390: | length: 108 (0x6c) Aug 26 13:22:43.480394: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_INFO (5) Aug 26 13:22:43.480398: | peer and cookies match on #7; msgid=00000000 st_msgid=6e4749b1 st_msgid_phase15=00000000 Aug 26 13:22:43.480401: | peer and cookies match on #6; msgid=00000000 st_msgid=7d206b25 st_msgid_phase15=00000000 Aug 26 13:22:43.480404: | peer and cookies match on #5; msgid=00000000 st_msgid=17ff60cc st_msgid_phase15=00000000 Aug 26 13:22:43.480407: | peer and cookies match on #4; msgid=00000000 st_msgid=550e82c8 st_msgid_phase15=00000000 Aug 26 13:22:43.480410: | peer and cookies match on #3; msgid=00000000 st_msgid=60c91e6e st_msgid_phase15=00000000 Aug 26 13:22:43.480413: | peer and cookies match on #2; msgid=00000000 st_msgid=0d251a9e st_msgid_phase15=00000000 Aug 26 13:22:43.480416: | peer and cookies match on #1; msgid=00000000 st_msgid=00000000 st_msgid_phase15=00000000 Aug 26 13:22:43.480419: | p15 state object #1 found, in STATE_MAIN_R3 Aug 26 13:22:43.480422: | State DB: found IKEv1 state #1 in MAIN_R3 (find_v1_info_state) Aug 26 13:22:43.480427: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in process_v1_packet() at ikev1.c:1479) Aug 26 13:22:43.480447: | #1 is idle Aug 26 13:22:43.480450: | #1 idle Aug 26 13:22:43.480454: | received encrypted packet from 192.1.3.33:500 Aug 26 13:22:43.480479: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x100 opt: 0x0 Aug 26 13:22:43.480482: | ***parse ISAKMP Hash Payload: Aug 26 13:22:43.480485: | next payload type: ISAKMP_NEXT_N (0xb) Aug 26 13:22:43.480488: | length: 36 (0x24) Aug 26 13:22:43.480491: | got payload 0x800 (ISAKMP_NEXT_N) needed: 0x0 opt: 0x0 Aug 26 13:22:43.480494: | ***parse ISAKMP Notification Payload: Aug 26 13:22:43.480497: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:43.480499: | length: 32 (0x20) Aug 26 13:22:43.480502: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 13:22:43.480505: | protocol ID: 1 (0x1) Aug 26 13:22:43.480507: | SPI size: 16 (0x10) Aug 26 13:22:43.480510: | Notify Message Type: R_U_THERE (0x8d28) Aug 26 13:22:43.480513: | removing 12 bytes of padding Aug 26 13:22:43.480544: | informational HASH(1): Aug 26 13:22:43.480548: | 70 9d 9d 25 9d bc 23 fd f8 41 d1 10 60 2f 6b d3 Aug 26 13:22:43.480550: | 8d fb a5 54 c0 ee 7f 25 8f b9 c7 b2 6a 3e 1a fd Aug 26 13:22:43.480553: | received 'informational' message HASH(1) data ok Aug 26 13:22:43.480556: | info: ff 46 30 fd 82 4a 54 6b d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:43.480558: | info: 00 00 36 03 Aug 26 13:22:43.480562: | processing informational R_U_THERE (36136) Aug 26 13:22:43.480564: | pstats ikev1_recv_notifies_e 36136 Aug 26 13:22:43.480586: | DPD: received R_U_THERE seq:13827 monotime:11049.223051 (state=#1 name="northnet-eastnets/0x2") Aug 26 13:22:43.480604: | **emit ISAKMP Message: Aug 26 13:22:43.480607: | initiator cookie: Aug 26 13:22:43.480609: | ff 46 30 fd 82 4a 54 6b Aug 26 13:22:43.480627: | responder cookie: Aug 26 13:22:43.480629: | d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:43.480632: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:43.480635: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 13:22:43.480638: | exchange type: ISAKMP_XCHG_INFO (0x5) Aug 26 13:22:43.480640: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 13:22:43.480643: | Message ID: 641064146 (0x2635dcd2) Aug 26 13:22:43.480646: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:22:43.480649: | ***emit ISAKMP Hash Payload: Aug 26 13:22:43.480652: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:43.480668: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Aug 26 13:22:43.480671: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'ISAKMP notify' Aug 26 13:22:43.480674: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Aug 26 13:22:43.480677: | emitting length of ISAKMP Hash Payload: 36 Aug 26 13:22:43.480679: | ***emit ISAKMP Notification Payload: Aug 26 13:22:43.480682: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:43.480684: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 13:22:43.480687: | protocol ID: 1 (0x1) Aug 26 13:22:43.480689: | SPI size: 16 (0x10) Aug 26 13:22:43.480692: | Notify Message Type: R_U_THERE_ACK (0x8d29) Aug 26 13:22:43.480695: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Notification Payload (11:ISAKMP_NEXT_N) Aug 26 13:22:43.480698: | next payload chain: saving location 'ISAKMP Notification Payload'.'next payload type' in 'ISAKMP notify' Aug 26 13:22:43.480701: | emitting 8 raw bytes of notify icookie into ISAKMP Notification Payload Aug 26 13:22:43.480704: | notify icookie ff 46 30 fd 82 4a 54 6b Aug 26 13:22:43.480707: | emitting 8 raw bytes of notify rcookie into ISAKMP Notification Payload Aug 26 13:22:43.480709: | notify rcookie d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:43.480712: | emitting 4 raw bytes of notify data into ISAKMP Notification Payload Aug 26 13:22:43.480715: | notify data 00 00 36 03 Aug 26 13:22:43.480719: | emitting length of ISAKMP Notification Payload: 32 Aug 26 13:22:43.480733: | notification HASH(1): Aug 26 13:22:43.480736: | a0 80 65 42 4c 18 29 e8 c5 8d e0 03 92 59 45 db Aug 26 13:22:43.480739: | d2 14 c4 aa 3d 6e 59 ab d8 ca b6 d8 cf 48 8d cb Aug 26 13:22:43.480745: | emitting 12 zero bytes of encryption padding into ISAKMP Message Aug 26 13:22:43.480748: | no IKEv1 message padding required Aug 26 13:22:43.480751: | emitting length of ISAKMP Message: 108 Aug 26 13:22:43.480760: | sending 108 bytes for ISAKMP notify through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) Aug 26 13:22:43.480763: | ff 46 30 fd 82 4a 54 6b d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:43.480765: | 08 10 05 01 26 35 dc d2 00 00 00 6c 15 a2 65 54 Aug 26 13:22:43.480768: | 0f 6c ca 08 7b a0 cb 85 e1 31 ad 1f 66 19 8b ad Aug 26 13:22:43.480770: | bc 93 78 1a c9 63 a9 78 36 5b 0e 7e 08 83 0a 5a Aug 26 13:22:43.480773: | 10 da ff 89 d6 71 3d 40 72 6b 41 23 dc db ef cc Aug 26 13:22:43.480775: | ee 14 3f a9 0c ba e1 2a 66 3a 68 c2 b2 12 4f c4 Aug 26 13:22:43.480778: | 90 7a 29 38 2f 3e 3e d1 43 d1 a0 0b Aug 26 13:22:43.480812: | complete v1 state transition with STF_IGNORE Aug 26 13:22:43.480834: | #1 spent 0.251 milliseconds in process_packet_tail() Aug 26 13:22:43.480839: | stop processing: from 192.1.3.33:500 (BACKGROUND) (in process_md() at demux.c:380) Aug 26 13:22:43.480845: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in process_md() at demux.c:382) Aug 26 13:22:43.480848: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:22:43.480852: | spent 0.519 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:22:43.765048: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:22:43.765066: shutting down Aug 26 13:22:43.765073: | processing: RESET whack log_fd (was fd@16) (in exit_pluto() at plutomain.c:1825) Aug 26 13:22:43.765076: destroying root certificate cache Aug 26 13:22:43.765097: | certs and keys locked by 'free_preshared_secrets' Aug 26 13:22:43.765099: forgetting secrets Aug 26 13:22:43.765105: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 13:22:43.765113: | unreference key: 0x555fbaf24fd8 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org cnt 1-- Aug 26 13:22:43.765116: | unreference key: 0x555fbaf248b8 user-east@testing.libreswan.org cnt 1-- Aug 26 13:22:43.765118: | unreference key: 0x555fbaf24658 @east.testing.libreswan.org cnt 1-- Aug 26 13:22:43.765121: | unreference key: 0x555fbaf24148 east@testing.libreswan.org cnt 1-- Aug 26 13:22:43.765125: | unreference key: 0x555fbaf22d18 192.1.2.23 cnt 1-- Aug 26 13:22:43.765130: | unreference key: 0x555fbaf1edb8 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org cnt 1-- Aug 26 13:22:43.765133: | unreference key: 0x555fbaf1db78 user-north@testing.libreswan.org cnt 1-- Aug 26 13:22:43.765135: | unreference key: 0x555fbae06c48 @north.testing.libreswan.org cnt 1-- Aug 26 13:22:43.765139: | start processing: connection "northnet-eastnets/0x2" (in delete_connection() at connections.c:189) Aug 26 13:22:43.765142: | Deleting states for connection - including all other IPsec SA's of this IKE SA Aug 26 13:22:43.765143: | pass 0 Aug 26 13:22:43.765145: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 13:22:43.765147: | state #7 Aug 26 13:22:43.765149: | suspend processing: connection "northnet-eastnets/0x2" (in foreach_state_by_connection_func_delete() at state.c:1310) Aug 26 13:22:43.765153: | start processing: state #7 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in foreach_state_by_connection_func_delete() at state.c:1310) Aug 26 13:22:43.765155: | pstats #7 ikev1.ipsec deleted completed Aug 26 13:22:43.765158: | [RE]START processing: state #7 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in delete_state() at state.c:879) Aug 26 13:22:43.765163: "northnet-eastnets/0x2" #7: deleting state (STATE_QUICK_R2) aged 12.299s and sending notification Aug 26 13:22:43.765165: | child state #7: QUICK_R2(established CHILD SA) => delete Aug 26 13:22:43.765169: | get_sa_info esp.893ef52c@192.1.3.33 Aug 26 13:22:43.765181: | get_sa_info esp.d3e21e6a@192.1.2.23 Aug 26 13:22:43.765187: "northnet-eastnets/0x2" #7: ESP traffic information: in=84B out=0B Aug 26 13:22:43.765189: | #7 send IKEv1 delete notification for STATE_QUICK_R2 Aug 26 13:22:43.765191: | FOR_EACH_STATE_... in find_phase1_state Aug 26 13:22:43.765199: | **emit ISAKMP Message: Aug 26 13:22:43.765201: | initiator cookie: Aug 26 13:22:43.765203: | ff 46 30 fd 82 4a 54 6b Aug 26 13:22:43.765204: | responder cookie: Aug 26 13:22:43.765206: | d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:43.765208: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:43.765210: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 13:22:43.765211: | exchange type: ISAKMP_XCHG_INFO (0x5) Aug 26 13:22:43.765213: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 13:22:43.765215: | Message ID: 1185295667 (0x46a62d33) Aug 26 13:22:43.765217: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:22:43.765219: | ***emit ISAKMP Hash Payload: Aug 26 13:22:43.765221: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:43.765223: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Aug 26 13:22:43.765225: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'delete msg' Aug 26 13:22:43.765227: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Aug 26 13:22:43.765229: | emitting length of ISAKMP Hash Payload: 36 Aug 26 13:22:43.765231: | ***emit ISAKMP Delete Payload: Aug 26 13:22:43.765232: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:43.765234: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 13:22:43.765236: | protocol ID: 3 (0x3) Aug 26 13:22:43.765237: | SPI size: 4 (0x4) Aug 26 13:22:43.765239: | number of SPIs: 1 (0x1) Aug 26 13:22:43.765241: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Delete Payload (12:ISAKMP_NEXT_D) Aug 26 13:22:43.765242: | next payload chain: saving location 'ISAKMP Delete Payload'.'next payload type' in 'delete msg' Aug 26 13:22:43.765245: | emitting 4 raw bytes of delete payload into ISAKMP Delete Payload Aug 26 13:22:43.765246: | delete payload d3 e2 1e 6a Aug 26 13:22:43.765248: | emitting length of ISAKMP Delete Payload: 16 Aug 26 13:22:43.765271: | send delete HASH(1): Aug 26 13:22:43.765273: | f5 6f d6 b0 59 7e e1 99 41 03 36 06 57 02 86 46 Aug 26 13:22:43.765274: | b7 82 5d 46 9a d0 68 68 f6 35 78 ff e8 43 66 e3 Aug 26 13:22:43.765281: | emitting 12 zero bytes of encryption padding into ISAKMP Message Aug 26 13:22:43.765283: | no IKEv1 message padding required Aug 26 13:22:43.765284: | emitting length of ISAKMP Message: 92 Aug 26 13:22:43.765319: | sending 92 bytes for delete notify through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) Aug 26 13:22:43.765323: | ff 46 30 fd 82 4a 54 6b d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:43.765325: | 08 10 05 01 46 a6 2d 33 00 00 00 5c ca 63 7f ff Aug 26 13:22:43.765326: | 54 f4 bd d0 e3 98 b0 9c 97 3b db c2 ec 02 7d 92 Aug 26 13:22:43.765328: | ac 10 e6 c4 30 ea f1 4d 23 a4 72 73 0a b0 13 cc Aug 26 13:22:43.765329: | f4 62 47 a1 af 35 7b 3d bc 2f f4 c7 1c da 2b 06 Aug 26 13:22:43.765331: | 19 f0 18 db cd 14 c5 cd f8 1e 70 16 Aug 26 13:22:43.765385: | state #7 requesting EVENT_SA_REPLACE to be deleted Aug 26 13:22:43.765404: | libevent_free: release ptr-libevent@0x7f4eb80027d8 Aug 26 13:22:43.765407: | free_event_entry: release EVENT_SA_REPLACE-pe@0x7f4eb8002b78 Aug 26 13:22:43.765475: | running updown command "ipsec _updown" for verb down Aug 26 13:22:43.765479: | command executing down-client Aug 26 13:22:43.765538: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.22.0/24' PLUTO_MY_CLIENT_NET='192.0.22.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566825751' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' P Aug 26 13:22:43.765544: | popen cmd is 1298 chars long Aug 26 13:22:43.765549: | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets: Aug 26 13:22:43.765552: | cmd( 80):/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' : Aug 26 13:22:43.765556: | cmd( 160):PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=ea: Aug 26 13:22:43.765559: | cmd( 240):st.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='19: Aug 26 13:22:43.765563: | cmd( 320):2.0.22.0/24' PLUTO_MY_CLIENT_NET='192.0.22.0' PLUTO_MY_CLIENT_MASK='255.255.255.: Aug 26 13:22:43.765566: | cmd( 400):0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE=: Aug 26 13:22:43.765570: | cmd( 480):'ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libr: Aug 26 13:22:43.765573: | cmd( 560):eswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.: Aug 26 13:22:43.765577: | cmd( 640):libreswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0: Aug 26 13:22:43.765580: | cmd( 720):' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL: Aug 26 13:22:43.765584: | cmd( 800):='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566825751' PLUTO_CONN: Aug 26 13:22:43.765587: | cmd( 880):_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO: Aug 26 13:22:43.765591: | cmd( 960):' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLU: Aug 26 13:22:43.765594: | cmd(1040):TO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER: Aug 26 13:22:43.765597: | cmd(1120):_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI: Aug 26 13:22:43.765600: | cmd(1200):_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x893ef52c SPI_OUT=0xd3e21e6a : Aug 26 13:22:43.765603: | cmd(1280):ipsec _updown 2>&1: Aug 26 13:22:43.774064: | shunt_eroute() called for connection 'northnet-eastnets/0x2' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 0--0->-0 Aug 26 13:22:43.774086: | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 Aug 26 13:22:43.774091: | priority calculation of connection "northnet-eastnets/0x2" is 0xfe7e7 Aug 26 13:22:43.774096: | IPsec Sa SPD priority set to 1042407 Aug 26 13:22:43.774132: | delete esp.893ef52c@192.1.3.33 Aug 26 13:22:43.774151: | netlink response for Del SA esp.893ef52c@192.1.3.33 included non-error error Aug 26 13:22:43.774154: | priority calculation of connection "northnet-eastnets/0x2" is 0xfe7e7 Aug 26 13:22:43.774159: | delete inbound eroute 192.0.3.0/24:0 --0-> 192.0.22.0/24:0 => unk255.10000@192.1.2.23 (raw_eroute) Aug 26 13:22:43.774178: | raw_eroute result=success Aug 26 13:22:43.774182: | delete esp.d3e21e6a@192.1.2.23 Aug 26 13:22:43.774191: | netlink response for Del SA esp.d3e21e6a@192.1.2.23 included non-error error Aug 26 13:22:43.774208: | stop processing: connection "northnet-eastnets/0x2" (BACKGROUND) (in update_state_connection() at connections.c:4076) Aug 26 13:22:43.774211: | start processing: connection NULL (in update_state_connection() at connections.c:4077) Aug 26 13:22:43.774213: | in connection_discard for connection northnet-eastnets/0x2 Aug 26 13:22:43.774216: | State DB: deleting IKEv1 state #7 in QUICK_R2 Aug 26 13:22:43.774222: | child state #7: QUICK_R2(established CHILD SA) => UNDEFINED(ignore) Aug 26 13:22:43.774258: | stop processing: state #7 from 192.1.3.33:500 (in delete_state() at state.c:1143) Aug 26 13:22:43.774274: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) Aug 26 13:22:43.774276: | state #6 Aug 26 13:22:43.774280: | start processing: state #6 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in foreach_state_by_connection_func_delete() at state.c:1310) Aug 26 13:22:43.774283: | pstats #6 ikev1.ipsec deleted completed Aug 26 13:22:43.774286: | [RE]START processing: state #6 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in delete_state() at state.c:879) Aug 26 13:22:43.774300: "northnet-eastnets/0x1" #6: deleting state (STATE_QUICK_R1) aged 21.232s and sending notification Aug 26 13:22:43.774305: | child state #6: QUICK_R1(established CHILD SA) => delete Aug 26 13:22:43.774308: | get_sa_info esp.aad72ba6@192.1.3.33 Aug 26 13:22:43.774316: | get_sa_info esp.5b1ca772@192.1.2.23 Aug 26 13:22:43.774322: "northnet-eastnets/0x1" #6: ESP traffic information: in=0B out=0B Aug 26 13:22:43.774325: | #6 send IKEv1 delete notification for STATE_QUICK_R1 Aug 26 13:22:43.774327: | FOR_EACH_STATE_... in find_phase1_state Aug 26 13:22:43.774343: | **emit ISAKMP Message: Aug 26 13:22:43.774347: | initiator cookie: Aug 26 13:22:43.774349: | ff 46 30 fd 82 4a 54 6b Aug 26 13:22:43.774352: | responder cookie: Aug 26 13:22:43.774354: | d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:43.774357: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:43.774359: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 13:22:43.774375: | exchange type: ISAKMP_XCHG_INFO (0x5) Aug 26 13:22:43.774378: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 13:22:43.774381: | Message ID: 79123939 (0x4b755e3) Aug 26 13:22:43.774384: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:22:43.774387: | ***emit ISAKMP Hash Payload: Aug 26 13:22:43.774390: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:43.774394: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Aug 26 13:22:43.774397: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'delete msg' Aug 26 13:22:43.774401: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Aug 26 13:22:43.774403: | emitting length of ISAKMP Hash Payload: 36 Aug 26 13:22:43.774406: | ***emit ISAKMP Delete Payload: Aug 26 13:22:43.774408: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:43.774411: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 13:22:43.774413: | protocol ID: 3 (0x3) Aug 26 13:22:43.774431: | SPI size: 4 (0x4) Aug 26 13:22:43.774433: | number of SPIs: 1 (0x1) Aug 26 13:22:43.774436: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Delete Payload (12:ISAKMP_NEXT_D) Aug 26 13:22:43.774439: | next payload chain: saving location 'ISAKMP Delete Payload'.'next payload type' in 'delete msg' Aug 26 13:22:43.774443: | emitting 4 raw bytes of delete payload into ISAKMP Delete Payload Aug 26 13:22:43.774446: | delete payload 5b 1c a7 72 Aug 26 13:22:43.774449: | emitting length of ISAKMP Delete Payload: 16 Aug 26 13:22:43.774513: | send delete HASH(1): Aug 26 13:22:43.774517: | 6c cd 30 74 8b 2a 28 2b e4 31 1e 6f a8 7e 04 d5 Aug 26 13:22:43.774520: | cd c4 ff d8 88 ef 17 99 0d 40 e9 d9 0f 22 f8 a4 Aug 26 13:22:43.774532: | emitting 12 zero bytes of encryption padding into ISAKMP Message Aug 26 13:22:43.774538: | no IKEv1 message padding required Aug 26 13:22:43.774540: | emitting length of ISAKMP Message: 92 Aug 26 13:22:43.774574: | sending 92 bytes for delete notify through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) Aug 26 13:22:43.774577: | ff 46 30 fd 82 4a 54 6b d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:43.774580: | 08 10 05 01 04 b7 55 e3 00 00 00 5c 38 84 03 e3 Aug 26 13:22:43.774583: | 49 47 fc f7 30 44 c7 c2 44 29 89 4a a4 41 c8 21 Aug 26 13:22:43.774585: | 61 63 08 1b 18 1b 8e 24 ce a3 da 9a cf 84 4d 4f Aug 26 13:22:43.774588: | 7c 94 5a 0e 15 ed fb 26 3d 26 20 2e ef 18 30 84 Aug 26 13:22:43.774590: | 9e 7f 13 65 6d fa 14 bf 8e df d3 3b Aug 26 13:22:43.774642: | state #6 requesting EVENT_RETRANSMIT to be deleted Aug 26 13:22:43.774645: | #6 STATE_QUICK_R1: retransmits: cleared Aug 26 13:22:43.774654: | libevent_free: release ptr-libevent@0x7f4ec8003e78 Aug 26 13:22:43.774660: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f4ebc004218 Aug 26 13:22:43.774739: | delete esp.aad72ba6@192.1.3.33 Aug 26 13:22:43.774754: | netlink response for Del SA esp.aad72ba6@192.1.3.33 included non-error error Aug 26 13:22:43.774759: | delete esp.5b1ca772@192.1.2.23 Aug 26 13:22:43.774781: | netlink response for Del SA esp.5b1ca772@192.1.2.23 included non-error error Aug 26 13:22:43.774800: | in connection_discard for connection northnet-eastnets/0x1 Aug 26 13:22:43.774803: | State DB: deleting IKEv1 state #6 in QUICK_R1 Aug 26 13:22:43.774808: | child state #6: QUICK_R1(established CHILD SA) => UNDEFINED(ignore) Aug 26 13:22:43.774842: | stop processing: state #6 from 192.1.3.33:500 (in delete_state() at state.c:1143) Aug 26 13:22:43.774855: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) Aug 26 13:22:43.774859: | state #5 Aug 26 13:22:43.774864: | start processing: state #5 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in foreach_state_by_connection_func_delete() at state.c:1310) Aug 26 13:22:43.774867: | pstats #5 ikev1.ipsec deleted completed Aug 26 13:22:43.774872: | [RE]START processing: state #5 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in delete_state() at state.c:879) Aug 26 13:22:43.774876: "northnet-eastnets/0x2" #5: deleting state (STATE_QUICK_R1) aged 21.233s and sending notification Aug 26 13:22:43.774879: | child state #5: QUICK_R1(established CHILD SA) => delete Aug 26 13:22:43.774883: | get_sa_info esp.dcd59a6b@192.1.3.33 Aug 26 13:22:43.774892: | get_sa_info esp.dfa7993f@192.1.2.23 Aug 26 13:22:43.774899: "northnet-eastnets/0x2" #5: ESP traffic information: in=0B out=0B Aug 26 13:22:43.774903: | #5 send IKEv1 delete notification for STATE_QUICK_R1 Aug 26 13:22:43.774905: | FOR_EACH_STATE_... in find_phase1_state Aug 26 13:22:43.774911: | **emit ISAKMP Message: Aug 26 13:22:43.774914: | initiator cookie: Aug 26 13:22:43.774917: | ff 46 30 fd 82 4a 54 6b Aug 26 13:22:43.774919: | responder cookie: Aug 26 13:22:43.774922: | d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:43.774924: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:43.774927: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 13:22:43.774930: | exchange type: ISAKMP_XCHG_INFO (0x5) Aug 26 13:22:43.774933: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 13:22:43.774936: | Message ID: 3848946534 (0xe56a4366) Aug 26 13:22:43.774939: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:22:43.774942: | ***emit ISAKMP Hash Payload: Aug 26 13:22:43.774945: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:43.774949: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Aug 26 13:22:43.774952: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'delete msg' Aug 26 13:22:43.774955: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Aug 26 13:22:43.774958: | emitting length of ISAKMP Hash Payload: 36 Aug 26 13:22:43.774960: | ***emit ISAKMP Delete Payload: Aug 26 13:22:43.774965: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:43.774968: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 13:22:43.774971: | protocol ID: 3 (0x3) Aug 26 13:22:43.774973: | SPI size: 4 (0x4) Aug 26 13:22:43.774976: | number of SPIs: 1 (0x1) Aug 26 13:22:43.774979: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Delete Payload (12:ISAKMP_NEXT_D) Aug 26 13:22:43.774983: | next payload chain: saving location 'ISAKMP Delete Payload'.'next payload type' in 'delete msg' Aug 26 13:22:43.774986: | emitting 4 raw bytes of delete payload into ISAKMP Delete Payload Aug 26 13:22:43.774989: | delete payload df a7 99 3f Aug 26 13:22:43.774992: | emitting length of ISAKMP Delete Payload: 16 Aug 26 13:22:43.775012: | send delete HASH(1): Aug 26 13:22:43.775015: | 42 5e 53 c8 36 27 67 bd a3 98 e7 1e 02 f7 59 f4 Aug 26 13:22:43.775018: | 76 6e b2 92 45 64 6a 59 65 23 7d 68 f5 e2 d3 7c Aug 26 13:22:43.775025: | emitting 12 zero bytes of encryption padding into ISAKMP Message Aug 26 13:22:43.775028: | no IKEv1 message padding required Aug 26 13:22:43.775031: | emitting length of ISAKMP Message: 92 Aug 26 13:22:43.775041: | sending 92 bytes for delete notify through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) Aug 26 13:22:43.775044: | ff 46 30 fd 82 4a 54 6b d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:43.775047: | 08 10 05 01 e5 6a 43 66 00 00 00 5c de 23 b3 6d Aug 26 13:22:43.775049: | fc ae b5 a8 a9 3c d6 fe 12 25 1d a6 a9 50 da 9a Aug 26 13:22:43.775052: | 95 5b c4 28 bd 87 d8 cd 95 49 67 36 b7 1c f2 dc Aug 26 13:22:43.775054: | d1 6c 7d a5 78 ee 77 4c 94 68 9d f0 ff 69 ff 42 Aug 26 13:22:43.775057: | 6b 17 34 46 f7 e9 b5 63 21 3c 0e b9 Aug 26 13:22:43.775083: | state #5 requesting EVENT_RETRANSMIT to be deleted Aug 26 13:22:43.775086: | #5 STATE_QUICK_R1: retransmits: cleared Aug 26 13:22:43.775092: | libevent_free: release ptr-libevent@0x555fbaf3df18 Aug 26 13:22:43.775095: | free_event_entry: release EVENT_RETRANSMIT-pe@0x555fbaf28f98 Aug 26 13:22:43.775145: | delete esp.dcd59a6b@192.1.3.33 Aug 26 13:22:43.775159: | netlink response for Del SA esp.dcd59a6b@192.1.3.33 included non-error error Aug 26 13:22:43.775163: | priority calculation of connection "northnet-eastnets/0x2" is 0xfe7e7 Aug 26 13:22:43.775170: | delete inbound eroute 192.0.3.0/24:0 --0-> 192.0.22.0/24:0 => unk255.10000@192.1.2.23 (raw_eroute) Aug 26 13:22:43.775181: | raw_eroute result=success Aug 26 13:22:43.775185: | delete esp.dfa7993f@192.1.2.23 Aug 26 13:22:43.775196: | netlink response for Del SA esp.dfa7993f@192.1.2.23 included non-error error Aug 26 13:22:43.775201: | in connection_discard for connection northnet-eastnets/0x2 Aug 26 13:22:43.775204: | State DB: deleting IKEv1 state #5 in QUICK_R1 Aug 26 13:22:43.775207: | child state #5: QUICK_R1(established CHILD SA) => UNDEFINED(ignore) Aug 26 13:22:43.775227: | stop processing: state #5 from 192.1.3.33:500 (in delete_state() at state.c:1143) Aug 26 13:22:43.775239: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) Aug 26 13:22:43.775242: | state #4 Aug 26 13:22:43.775247: | start processing: state #4 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in foreach_state_by_connection_func_delete() at state.c:1310) Aug 26 13:22:43.775250: | pstats #4 ikev1.ipsec deleted completed Aug 26 13:22:43.775255: | [RE]START processing: state #4 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in delete_state() at state.c:879) Aug 26 13:22:43.775258: "northnet-eastnets/0x1" #4: deleting state (STATE_QUICK_R2) aged 23.411s and sending notification Aug 26 13:22:43.775262: | child state #4: QUICK_R2(established CHILD SA) => delete Aug 26 13:22:43.775265: | get_sa_info esp.6367355e@192.1.3.33 Aug 26 13:22:43.775275: | get_sa_info esp.1de30b97@192.1.2.23 Aug 26 13:22:43.775283: "northnet-eastnets/0x1" #4: ESP traffic information: in=84B out=84B Aug 26 13:22:43.775286: | #4 send IKEv1 delete notification for STATE_QUICK_R2 Aug 26 13:22:43.775297: | FOR_EACH_STATE_... in find_phase1_state Aug 26 13:22:43.775303: | **emit ISAKMP Message: Aug 26 13:22:43.775306: | initiator cookie: Aug 26 13:22:43.775309: | ff 46 30 fd 82 4a 54 6b Aug 26 13:22:43.775311: | responder cookie: Aug 26 13:22:43.775314: | d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:43.775329: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:43.775332: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 13:22:43.775335: | exchange type: ISAKMP_XCHG_INFO (0x5) Aug 26 13:22:43.775338: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 13:22:43.775341: | Message ID: 2444803496 (0x91b8bda8) Aug 26 13:22:43.775344: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:22:43.775347: | ***emit ISAKMP Hash Payload: Aug 26 13:22:43.775350: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:43.775353: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Aug 26 13:22:43.775356: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'delete msg' Aug 26 13:22:43.775360: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Aug 26 13:22:43.775363: | emitting length of ISAKMP Hash Payload: 36 Aug 26 13:22:43.775365: | ***emit ISAKMP Delete Payload: Aug 26 13:22:43.775368: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:43.775371: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 13:22:43.775373: | protocol ID: 3 (0x3) Aug 26 13:22:43.775376: | SPI size: 4 (0x4) Aug 26 13:22:43.775378: | number of SPIs: 1 (0x1) Aug 26 13:22:43.775381: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Delete Payload (12:ISAKMP_NEXT_D) Aug 26 13:22:43.775384: | next payload chain: saving location 'ISAKMP Delete Payload'.'next payload type' in 'delete msg' Aug 26 13:22:43.775387: | emitting 4 raw bytes of delete payload into ISAKMP Delete Payload Aug 26 13:22:43.775389: | delete payload 1d e3 0b 97 Aug 26 13:22:43.775392: | emitting length of ISAKMP Delete Payload: 16 Aug 26 13:22:43.775410: | send delete HASH(1): Aug 26 13:22:43.775413: | 1a 52 e0 2b 9e 30 45 45 43 e3 df 9a 36 c8 16 d7 Aug 26 13:22:43.775416: | 46 59 4e 90 96 be 12 2e 01 1f 03 ee eb f2 3b 44 Aug 26 13:22:43.775423: | emitting 12 zero bytes of encryption padding into ISAKMP Message Aug 26 13:22:43.775426: | no IKEv1 message padding required Aug 26 13:22:43.775428: | emitting length of ISAKMP Message: 92 Aug 26 13:22:43.775437: | sending 92 bytes for delete notify through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) Aug 26 13:22:43.775440: | ff 46 30 fd 82 4a 54 6b d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:43.775442: | 08 10 05 01 91 b8 bd a8 00 00 00 5c 62 ed 87 f8 Aug 26 13:22:43.775445: | 1b 7c 05 38 f3 d3 31 02 c0 b9 9b 08 e9 6b 8e 03 Aug 26 13:22:43.775447: | 99 a0 ed 58 06 19 05 ed be a6 7f 40 9e e9 5f 77 Aug 26 13:22:43.775450: | 9c 6f 76 e6 8b 8a 9a a5 0f f4 b4 7b d9 17 b8 2f Aug 26 13:22:43.775452: | e4 95 5b 33 69 63 32 56 6c 44 17 c2 Aug 26 13:22:43.775469: | state #4 requesting EVENT_SA_REPLACE to be deleted Aug 26 13:22:43.775473: | libevent_free: release ptr-libevent@0x7f4ecc0027d8 Aug 26 13:22:43.775478: | free_event_entry: release EVENT_SA_REPLACE-pe@0x7f4ec8004218 Aug 26 13:22:43.775513: | running updown command "ipsec _updown" for verb down Aug 26 13:22:43.775532: | command executing down-client Aug 26 13:22:43.775583: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566825740' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLU Aug 26 13:22:43.775589: | popen cmd is 1296 chars long Aug 26 13:22:43.775592: | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets: Aug 26 13:22:43.775595: | cmd( 80):/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' : Aug 26 13:22:43.775597: | cmd( 160):PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=ea: Aug 26 13:22:43.775600: | cmd( 240):st.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='19: Aug 26 13:22:43.775602: | cmd( 320):2.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0': Aug 26 13:22:43.775605: | cmd( 400): PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='E: Aug 26 13:22:43.775608: | cmd( 480):SP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libres: Aug 26 13:22:43.775610: | cmd( 560):wan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.li: Aug 26 13:22:43.775613: | cmd( 640):breswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' : Aug 26 13:22:43.775616: | cmd( 720):PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL=': Aug 26 13:22:43.775618: | cmd( 800):0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566825740' PLUTO_CONN_P: Aug 26 13:22:43.775621: | cmd( 880):OLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' : Aug 26 13:22:43.775624: | cmd( 960):PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO: Aug 26 13:22:43.775626: | cmd(1040):_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_B: Aug 26 13:22:43.775629: | cmd(1120):ANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_I: Aug 26 13:22:43.775632: | cmd(1200):FACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x6367355e SPI_OUT=0x1de30b97 ip: Aug 26 13:22:43.775635: | cmd(1280):sec _updown 2>&1: Aug 26 13:22:43.786130: | shunt_eroute() called for connection 'northnet-eastnets/0x1' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 0--0->-0 Aug 26 13:22:43.786146: | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 Aug 26 13:22:43.786150: | priority calculation of connection "northnet-eastnets/0x1" is 0xfe7e7 Aug 26 13:22:43.786153: | IPsec Sa SPD priority set to 1042407 Aug 26 13:22:43.786185: | delete esp.6367355e@192.1.3.33 Aug 26 13:22:43.786209: | netlink response for Del SA esp.6367355e@192.1.3.33 included non-error error Aug 26 13:22:43.786214: | priority calculation of connection "northnet-eastnets/0x1" is 0xfe7e7 Aug 26 13:22:43.786222: | delete inbound eroute 192.0.3.0/24:0 --0-> 192.0.2.0/24:0 => unk255.10000@192.1.2.23 (raw_eroute) Aug 26 13:22:43.786245: | raw_eroute result=success Aug 26 13:22:43.786250: | delete esp.1de30b97@192.1.2.23 Aug 26 13:22:43.786262: | netlink response for Del SA esp.1de30b97@192.1.2.23 included non-error error Aug 26 13:22:43.786272: | in connection_discard for connection northnet-eastnets/0x1 Aug 26 13:22:43.786276: | State DB: deleting IKEv1 state #4 in QUICK_R2 Aug 26 13:22:43.786286: | child state #4: QUICK_R2(established CHILD SA) => UNDEFINED(ignore) Aug 26 13:22:43.786353: | stop processing: state #4 from 192.1.3.33:500 (in delete_state() at state.c:1143) Aug 26 13:22:43.786380: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) Aug 26 13:22:43.786384: | state #3 Aug 26 13:22:43.786390: | start processing: state #3 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in foreach_state_by_connection_func_delete() at state.c:1310) Aug 26 13:22:43.786398: | pstats #3 ikev1.ipsec deleted completed Aug 26 13:22:43.786405: | [RE]START processing: state #3 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in delete_state() at state.c:879) Aug 26 13:22:43.786410: "northnet-eastnets/0x2" #3: deleting state (STATE_QUICK_R2) aged 66.286s and sending notification Aug 26 13:22:43.786414: | child state #3: QUICK_R2(established CHILD SA) => delete Aug 26 13:22:43.786420: | get_sa_info esp.84e11f1c@192.1.3.33 Aug 26 13:22:43.786430: | get_sa_info esp.38d5abde@192.1.2.23 Aug 26 13:22:43.786439: "northnet-eastnets/0x2" #3: ESP traffic information: in=168B out=0B Aug 26 13:22:43.786445: | #3 send IKEv1 delete notification for STATE_QUICK_R2 Aug 26 13:22:43.786449: | FOR_EACH_STATE_... in find_phase1_state Aug 26 13:22:43.786465: | **emit ISAKMP Message: Aug 26 13:22:43.786469: | initiator cookie: Aug 26 13:22:43.786472: | ff 46 30 fd 82 4a 54 6b Aug 26 13:22:43.786475: | responder cookie: Aug 26 13:22:43.786478: | d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:43.786481: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:43.786485: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 13:22:43.786489: | exchange type: ISAKMP_XCHG_INFO (0x5) Aug 26 13:22:43.786493: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 13:22:43.786497: | Message ID: 1458275913 (0x56eb8649) Aug 26 13:22:43.786501: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:22:43.786504: | ***emit ISAKMP Hash Payload: Aug 26 13:22:43.786508: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:43.786513: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Aug 26 13:22:43.786517: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'delete msg' Aug 26 13:22:43.786521: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Aug 26 13:22:43.786524: | emitting length of ISAKMP Hash Payload: 36 Aug 26 13:22:43.786527: | ***emit ISAKMP Delete Payload: Aug 26 13:22:43.786530: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:43.786533: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 13:22:43.786537: | protocol ID: 3 (0x3) Aug 26 13:22:43.786540: | SPI size: 4 (0x4) Aug 26 13:22:43.786543: | number of SPIs: 1 (0x1) Aug 26 13:22:43.786547: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Delete Payload (12:ISAKMP_NEXT_D) Aug 26 13:22:43.786551: | next payload chain: saving location 'ISAKMP Delete Payload'.'next payload type' in 'delete msg' Aug 26 13:22:43.786555: | emitting 4 raw bytes of delete payload into ISAKMP Delete Payload Aug 26 13:22:43.786559: | delete payload 38 d5 ab de Aug 26 13:22:43.786562: | emitting length of ISAKMP Delete Payload: 16 Aug 26 13:22:43.786598: | send delete HASH(1): Aug 26 13:22:43.786603: | c9 be 9f 95 47 31 46 9f 1e 70 2f 11 dc 8d 15 65 Aug 26 13:22:43.786607: | c6 40 60 f0 f0 53 7b 05 b4 f5 f5 f3 ee 4d aa 4e Aug 26 13:22:43.786619: | emitting 12 zero bytes of encryption padding into ISAKMP Message Aug 26 13:22:43.786623: | no IKEv1 message padding required Aug 26 13:22:43.786626: | emitting length of ISAKMP Message: 92 Aug 26 13:22:43.786652: | sending 92 bytes for delete notify through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) Aug 26 13:22:43.786658: | ff 46 30 fd 82 4a 54 6b d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:43.786661: | 08 10 05 01 56 eb 86 49 00 00 00 5c 3a 77 97 14 Aug 26 13:22:43.786663: | f5 12 83 a1 dd e4 b1 37 99 8b ae da 23 3b 58 de Aug 26 13:22:43.786666: | f5 c7 47 bf 7f e8 69 7e 50 df 8d 16 cd 53 26 c7 Aug 26 13:22:43.786668: | 77 2b 61 63 89 2d 25 ef 90 0d 41 91 76 94 0c b8 Aug 26 13:22:43.786671: | da a0 e1 d4 b7 f1 a4 37 a5 00 d7 d3 Aug 26 13:22:43.786720: | state #3 requesting EVENT_SA_REPLACE to be deleted Aug 26 13:22:43.786734: | libevent_free: release ptr-libevent@0x7f4eb40037f8 Aug 26 13:22:43.786742: | free_event_entry: release EVENT_SA_REPLACE-pe@0x555fbaeb21b8 Aug 26 13:22:43.786797: | delete esp.84e11f1c@192.1.3.33 Aug 26 13:22:43.786819: | netlink response for Del SA esp.84e11f1c@192.1.3.33 included non-error error Aug 26 13:22:43.786824: | priority calculation of connection "northnet-eastnets/0x2" is 0xfe7e7 Aug 26 13:22:43.786831: | delete inbound eroute 192.0.3.0/24:0 --0-> 192.0.22.0/24:0 => unk255.10000@192.1.2.23 (raw_eroute) Aug 26 13:22:43.786841: | raw_eroute result=success Aug 26 13:22:43.786845: | delete esp.38d5abde@192.1.2.23 Aug 26 13:22:43.786857: | netlink response for Del SA esp.38d5abde@192.1.2.23 included non-error error Aug 26 13:22:43.786864: | in connection_discard for connection northnet-eastnets/0x2 Aug 26 13:22:43.786868: | State DB: deleting IKEv1 state #3 in QUICK_R2 Aug 26 13:22:43.786872: | child state #3: QUICK_R2(established CHILD SA) => UNDEFINED(ignore) Aug 26 13:22:43.786901: | stop processing: state #3 from 192.1.3.33:500 (in delete_state() at state.c:1143) Aug 26 13:22:43.786919: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) Aug 26 13:22:43.786923: | state #2 Aug 26 13:22:43.786929: | start processing: state #2 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in foreach_state_by_connection_func_delete() at state.c:1310) Aug 26 13:22:43.786933: | pstats #2 ikev1.ipsec deleted completed Aug 26 13:22:43.786939: | [RE]START processing: state #2 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in delete_state() at state.c:879) Aug 26 13:22:43.786943: "northnet-eastnets/0x1" #2: deleting state (STATE_QUICK_R2) aged 66.287s and sending notification Aug 26 13:22:43.786947: | child state #2: QUICK_R2(established CHILD SA) => delete Aug 26 13:22:43.786952: | get_sa_info esp.4ad1f014@192.1.3.33 Aug 26 13:22:43.786963: | get_sa_info esp.19ad0dcb@192.1.2.23 Aug 26 13:22:43.786971: "northnet-eastnets/0x1" #2: ESP traffic information: in=168B out=168B Aug 26 13:22:43.786975: | #2 send IKEv1 delete notification for STATE_QUICK_R2 Aug 26 13:22:43.786977: | FOR_EACH_STATE_... in find_phase1_state Aug 26 13:22:43.786987: | **emit ISAKMP Message: Aug 26 13:22:43.786990: | initiator cookie: Aug 26 13:22:43.786993: | ff 46 30 fd 82 4a 54 6b Aug 26 13:22:43.786997: | responder cookie: Aug 26 13:22:43.787000: | d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:43.787003: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:43.787006: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 13:22:43.787010: | exchange type: ISAKMP_XCHG_INFO (0x5) Aug 26 13:22:43.787013: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 13:22:43.787016: | Message ID: 3517716038 (0xd1ac1646) Aug 26 13:22:43.787020: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:22:43.787024: | ***emit ISAKMP Hash Payload: Aug 26 13:22:43.787027: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:43.787031: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Aug 26 13:22:43.787035: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'delete msg' Aug 26 13:22:43.787038: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Aug 26 13:22:43.787041: | emitting length of ISAKMP Hash Payload: 36 Aug 26 13:22:43.787043: | ***emit ISAKMP Delete Payload: Aug 26 13:22:43.787046: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:43.787049: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 13:22:43.787051: | protocol ID: 3 (0x3) Aug 26 13:22:43.787054: | SPI size: 4 (0x4) Aug 26 13:22:43.787057: | number of SPIs: 1 (0x1) Aug 26 13:22:43.787061: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Delete Payload (12:ISAKMP_NEXT_D) Aug 26 13:22:43.787064: | next payload chain: saving location 'ISAKMP Delete Payload'.'next payload type' in 'delete msg' Aug 26 13:22:43.787068: | emitting 4 raw bytes of delete payload into ISAKMP Delete Payload Aug 26 13:22:43.787078: | delete payload 19 ad 0d cb Aug 26 13:22:43.787081: | emitting length of ISAKMP Delete Payload: 16 Aug 26 13:22:43.787103: | send delete HASH(1): Aug 26 13:22:43.787107: | 62 bc 4d 99 16 40 40 60 e6 51 36 d2 2e e1 61 a5 Aug 26 13:22:43.787109: | 02 81 17 af d4 75 c1 8c ab b9 51 a9 bc 35 d9 74 Aug 26 13:22:43.787117: | emitting 12 zero bytes of encryption padding into ISAKMP Message Aug 26 13:22:43.787120: | no IKEv1 message padding required Aug 26 13:22:43.787123: | emitting length of ISAKMP Message: 92 Aug 26 13:22:43.787136: | sending 92 bytes for delete notify through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) Aug 26 13:22:43.787140: | ff 46 30 fd 82 4a 54 6b d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:43.787143: | 08 10 05 01 d1 ac 16 46 00 00 00 5c 22 55 41 89 Aug 26 13:22:43.787146: | a1 e2 fa b1 ee ca b6 bf 64 e2 db 84 2b cc 3b 81 Aug 26 13:22:43.787149: | a8 cc c7 83 4c 1c e7 dd 40 0d 28 45 78 5e ac 9d Aug 26 13:22:43.787152: | cc 9c bf 7e 1c a2 2c c8 ae ad 8e ef 90 0c 68 89 Aug 26 13:22:43.787155: | 16 a2 b5 b5 82 2d af 15 22 97 4e e3 Aug 26 13:22:43.787184: | state #2 requesting EVENT_SA_REPLACE to be deleted Aug 26 13:22:43.787191: | libevent_free: release ptr-libevent@0x555fbaf38498 Aug 26 13:22:43.787195: | free_event_entry: release EVENT_SA_REPLACE-pe@0x555fbaf2d358 Aug 26 13:22:43.787237: | delete esp.4ad1f014@192.1.3.33 Aug 26 13:22:43.787253: | netlink response for Del SA esp.4ad1f014@192.1.3.33 included non-error error Aug 26 13:22:43.787258: | priority calculation of connection "northnet-eastnets/0x1" is 0xfe7e7 Aug 26 13:22:43.787267: | delete inbound eroute 192.0.3.0/24:0 --0-> 192.0.2.0/24:0 => unk255.10000@192.1.2.23 (raw_eroute) Aug 26 13:22:43.787278: | raw_eroute result=success Aug 26 13:22:43.787283: | delete esp.19ad0dcb@192.1.2.23 Aug 26 13:22:43.787299: | netlink response for Del SA esp.19ad0dcb@192.1.2.23 included non-error error Aug 26 13:22:43.787305: | in connection_discard for connection northnet-eastnets/0x1 Aug 26 13:22:43.787309: | State DB: deleting IKEv1 state #2 in QUICK_R2 Aug 26 13:22:43.787312: | child state #2: QUICK_R2(established CHILD SA) => UNDEFINED(ignore) Aug 26 13:22:43.787335: | stop processing: state #2 from 192.1.3.33:500 (in delete_state() at state.c:1143) Aug 26 13:22:43.787350: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) Aug 26 13:22:43.787353: | state #1 Aug 26 13:22:43.787357: | pass 1 Aug 26 13:22:43.787360: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 13:22:43.787363: | state #1 Aug 26 13:22:43.787368: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in foreach_state_by_connection_func_delete() at state.c:1310) Aug 26 13:22:43.787371: | pstats #1 ikev1.isakmp deleted completed Aug 26 13:22:43.787377: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in delete_state() at state.c:879) Aug 26 13:22:43.787381: "northnet-eastnets/0x2" #1: deleting state (STATE_MAIN_R3) aged 66.313s and sending notification Aug 26 13:22:43.787384: | parent state #1: MAIN_R3(established IKE SA) => delete Aug 26 13:22:43.787416: | #1 send IKEv1 delete notification for STATE_MAIN_R3 Aug 26 13:22:43.787422: | **emit ISAKMP Message: Aug 26 13:22:43.787425: | initiator cookie: Aug 26 13:22:43.787427: | ff 46 30 fd 82 4a 54 6b Aug 26 13:22:43.787430: | responder cookie: Aug 26 13:22:43.787432: | d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:43.787434: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:43.787437: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 13:22:43.787439: | exchange type: ISAKMP_XCHG_INFO (0x5) Aug 26 13:22:43.787442: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 13:22:43.787445: | Message ID: 4057811328 (0xf1dd4980) Aug 26 13:22:43.787447: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:22:43.787451: | ***emit ISAKMP Hash Payload: Aug 26 13:22:43.787453: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:43.787459: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Aug 26 13:22:43.787462: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'delete msg' Aug 26 13:22:43.787465: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Aug 26 13:22:43.787468: | emitting length of ISAKMP Hash Payload: 36 Aug 26 13:22:43.787471: | ***emit ISAKMP Delete Payload: Aug 26 13:22:43.787473: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:43.787476: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 13:22:43.787478: | protocol ID: 1 (0x1) Aug 26 13:22:43.787481: | SPI size: 16 (0x10) Aug 26 13:22:43.787483: | number of SPIs: 1 (0x1) Aug 26 13:22:43.787486: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Delete Payload (12:ISAKMP_NEXT_D) Aug 26 13:22:43.787489: | next payload chain: saving location 'ISAKMP Delete Payload'.'next payload type' in 'delete msg' Aug 26 13:22:43.787492: | emitting 8 raw bytes of initiator SPI into ISAKMP Delete Payload Aug 26 13:22:43.787495: | initiator SPI ff 46 30 fd 82 4a 54 6b Aug 26 13:22:43.787498: | emitting 8 raw bytes of responder SPI into ISAKMP Delete Payload Aug 26 13:22:43.787501: | responder SPI d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:43.787504: | emitting length of ISAKMP Delete Payload: 28 Aug 26 13:22:43.787527: | send delete HASH(1): Aug 26 13:22:43.787531: | a9 ba d0 1c 88 1d 47 b8 d7 67 d6 33 ca 53 45 59 Aug 26 13:22:43.787535: | 2b a7 0e 7e fa 29 70 56 15 9e 3c d7 19 67 76 8f Aug 26 13:22:43.787542: | no IKEv1 message padding required Aug 26 13:22:43.787545: | emitting length of ISAKMP Message: 92 Aug 26 13:22:43.787555: | sending 92 bytes for delete notify through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) Aug 26 13:22:43.787558: | ff 46 30 fd 82 4a 54 6b d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:43.787560: | 08 10 05 01 f1 dd 49 80 00 00 00 5c ae 54 df 95 Aug 26 13:22:43.787563: | dd 2e 03 ff 91 e4 15 14 c7 87 72 4f 89 54 4d 11 Aug 26 13:22:43.787565: | 86 60 6b bb 55 c9 c1 8c e9 55 d6 8b b4 1c bb 05 Aug 26 13:22:43.787568: | 48 47 70 dc ec 62 b0 54 b8 80 ff 84 6e f4 3e ec Aug 26 13:22:43.787570: | 83 8a e6 06 5c 58 58 ad 9a 48 45 f1 Aug 26 13:22:43.787591: | state #1 requesting EVENT_SA_REPLACE to be deleted Aug 26 13:22:43.787597: | libevent_free: release ptr-libevent@0x555fbaf3f0c8 Aug 26 13:22:43.787601: | free_event_entry: release EVENT_SA_REPLACE-pe@0x555fbaf23f88 Aug 26 13:22:43.787605: | State DB: IKEv1 state not found (flush_incomplete_children) Aug 26 13:22:43.787611: | in connection_discard for connection northnet-eastnets/0x2 Aug 26 13:22:43.787614: | State DB: deleting IKEv1 state #1 in MAIN_R3 Aug 26 13:22:43.787619: | parent state #1: MAIN_R3(established IKE SA) => UNDEFINED(ignore) Aug 26 13:22:43.787630: | unreference key: 0x555fbaf383a8 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org cnt 2-- Aug 26 13:22:43.787648: | stop processing: state #1 from 192.1.3.33:500 (in delete_state() at state.c:1143) Aug 26 13:22:43.787657: | unreference key: 0x555fbaf383a8 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org cnt 1-- Aug 26 13:22:43.787665: | unreference key: 0x555fbaf39ed8 user-north@testing.libreswan.org cnt 1-- Aug 26 13:22:43.787671: | unreference key: 0x555fbaf2d618 @north.testing.libreswan.org cnt 1-- Aug 26 13:22:43.787705: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) Aug 26 13:22:43.787709: | shunt_eroute() called for connection 'northnet-eastnets/0x2' to 'delete' for rt_kind 'unrouted' using protoports 0--0->-0 Aug 26 13:22:43.787713: | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 Aug 26 13:22:43.787716: | priority calculation of connection "northnet-eastnets/0x2" is 0xfe7e7 Aug 26 13:22:43.787734: | priority calculation of connection "northnet-eastnets/0x2" is 0xfe7e7 Aug 26 13:22:43.787746: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:22:43.787751: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Aug 26 13:22:43.787755: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Aug 26 13:22:43.787758: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Aug 26 13:22:43.787762: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Aug 26 13:22:43.787767: | route owner of "northnet-eastnets/0x2" unrouted: "northnet-eastnets/0x1" prospective erouted Aug 26 13:22:43.787773: | flush revival: connection 'northnet-eastnets/0x2' wasn't on the list Aug 26 13:22:43.787777: | processing: STOP connection NULL (in discard_connection() at connections.c:249) Aug 26 13:22:43.787786: | start processing: connection "northnet-eastnets/0x1" (in delete_connection() at connections.c:189) Aug 26 13:22:43.787789: | Deleting states for connection - including all other IPsec SA's of this IKE SA Aug 26 13:22:43.787792: | pass 0 Aug 26 13:22:43.787794: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 13:22:43.787796: | pass 1 Aug 26 13:22:43.787799: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 13:22:43.787802: | shunt_eroute() called for connection 'northnet-eastnets/0x1' to 'delete' for rt_kind 'unrouted' using protoports 0--0->-0 Aug 26 13:22:43.787805: | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 Aug 26 13:22:43.787808: | priority calculation of connection "northnet-eastnets/0x1" is 0xfe7e7 Aug 26 13:22:43.787825: | priority calculation of connection "northnet-eastnets/0x1" is 0xfe7e7 Aug 26 13:22:43.787837: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:22:43.787841: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Aug 26 13:22:43.787844: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Aug 26 13:22:43.787849: | route owner of "northnet-eastnets/0x1" unrouted: NULL Aug 26 13:22:43.787852: | running updown command "ipsec _updown" for verb unroute Aug 26 13:22:43.787856: | command executing unroute-client Aug 26 13:22:43.787892: | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO Aug 26 13:22:43.787898: | popen cmd is 1277 chars long Aug 26 13:22:43.787902: | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastn: Aug 26 13:22:43.787905: | cmd( 80):ets/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.2: Aug 26 13:22:43.787909: | cmd( 160):3' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN: Aug 26 13:22:43.787912: | cmd( 240):=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT=: Aug 26 13:22:43.787915: | cmd( 320):'192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255: Aug 26 13:22:43.787919: | cmd( 400):.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE: Aug 26 13:22:43.787922: | cmd( 480):='none' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Li: Aug 26 13:22:43.787928: | cmd( 560):breswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testin: Aug 26 13:22:43.787931: | cmd( 640):g.libreswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3: Aug 26 13:22:43.787935: | cmd( 720):.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOC: Aug 26 13:22:43.787937: | cmd( 800):OL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY: Aug 26 13:22:43.787940: | cmd( 880):='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO: Aug 26 13:22:43.787943: | cmd( 960):_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_P: Aug 26 13:22:43.787946: | cmd(1040):EER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER: Aug 26 13:22:43.787948: | cmd(1120):='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE=: Aug 26 13:22:43.787951: | cmd(1200):'' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&1: Aug 26 13:22:43.798867: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:22:43.798885: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:22:43.798888: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:22:43.798889: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:22:43.798892: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:22:43.798899: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:22:43.798965: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:22:43.798973: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:22:43.798975: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:22:43.798976: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:22:43.798979: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:22:43.798982: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:22:43.798994: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:22:43.798998: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:22:43.799060: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:22:43.799063: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:22:43.799064: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:22:43.799067: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:22:43.799069: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:22:43.799077: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:22:43.799086: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:22:43.799097: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:22:43.799107: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:22:43.799116: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:22:43.799125: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:22:43.799135: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:22:43.799145: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:22:43.799155: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:22:43.799165: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:22:43.799174: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:22:43.799184: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:22:43.799194: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:22:43.799204: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:22:43.799213: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:22:43.799279: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:22:43.799292: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:22:43.799307: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:22:43.799318: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:22:43.804925: | free hp@0x555fbaf25658 Aug 26 13:22:43.804942: | flush revival: connection 'northnet-eastnets/0x1' wasn't on the list Aug 26 13:22:43.804946: | stop processing: connection "northnet-eastnets/0x1" (in discard_connection() at connections.c:249) Aug 26 13:22:43.804970: | crl fetch request list locked by 'free_crl_fetch' Aug 26 13:22:43.804973: | crl fetch request list unlocked by 'free_crl_fetch' Aug 26 13:22:43.804984: shutting down interface lo/lo 127.0.0.1:4500 Aug 26 13:22:43.804986: shutting down interface lo/lo 127.0.0.1:500 Aug 26 13:22:43.804989: shutting down interface eth0/eth0 192.0.2.254:4500 Aug 26 13:22:43.804990: shutting down interface eth0/eth0 192.0.2.254:500 Aug 26 13:22:43.804993: shutting down interface eth1/eth1 192.1.2.23:4500 Aug 26 13:22:43.804994: shutting down interface eth1/eth1 192.1.2.23:500 Aug 26 13:22:43.804998: | FOR_EACH_STATE_... in delete_states_dead_interfaces Aug 26 13:22:43.805009: | libevent_free: release ptr-libevent@0x555fbaf0c688 Aug 26 13:22:43.805011: | free_event_entry: release EVENT_NULL-pe@0x555fbaf18358 Aug 26 13:22:43.805019: | libevent_free: release ptr-libevent@0x555fbaeb2f18 Aug 26 13:22:43.805021: | free_event_entry: release EVENT_NULL-pe@0x555fbaf18408 Aug 26 13:22:43.805027: | libevent_free: release ptr-libevent@0x555fbaeb2838 Aug 26 13:22:43.805029: | free_event_entry: release EVENT_NULL-pe@0x555fbaf184b8 Aug 26 13:22:43.805033: | libevent_free: release ptr-libevent@0x555fbaeba0f8 Aug 26 13:22:43.805035: | free_event_entry: release EVENT_NULL-pe@0x555fbaf18568 Aug 26 13:22:43.805039: | libevent_free: release ptr-libevent@0x555fbaeba1f8 Aug 26 13:22:43.805041: | free_event_entry: release EVENT_NULL-pe@0x555fbaf18618 Aug 26 13:22:43.805046: | libevent_free: release ptr-libevent@0x555fbaeba2f8 Aug 26 13:22:43.805047: | free_event_entry: release EVENT_NULL-pe@0x555fbaf186c8 Aug 26 13:22:43.805052: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Aug 26 13:22:43.805513: | libevent_free: release ptr-libevent@0x555fbaf0c738 Aug 26 13:22:43.805523: | free_event_entry: release EVENT_NULL-pe@0x555fbaf008d8 Aug 26 13:22:43.805530: | libevent_free: release ptr-libevent@0x555fbaeb2e68 Aug 26 13:22:43.805534: | free_event_entry: release EVENT_NULL-pe@0x555fbaf00438 Aug 26 13:22:43.805538: | libevent_free: release ptr-libevent@0x555fbaef9418 Aug 26 13:22:43.805541: | free_event_entry: release EVENT_NULL-pe@0x555fbaeba3a8 Aug 26 13:22:43.805546: | global timer EVENT_REINIT_SECRET uninitialized Aug 26 13:22:43.805550: | global timer EVENT_SHUNT_SCAN uninitialized Aug 26 13:22:43.805553: | global timer EVENT_PENDING_DDNS uninitialized Aug 26 13:22:43.805556: | global timer EVENT_PENDING_PHASE2 uninitialized Aug 26 13:22:43.805559: | global timer EVENT_CHECK_CRLS uninitialized Aug 26 13:22:43.805562: | global timer EVENT_REVIVE_CONNS uninitialized Aug 26 13:22:43.805568: | global timer EVENT_FREE_ROOT_CERTS uninitialized Aug 26 13:22:43.805571: | global timer EVENT_RESET_LOG_RATE_LIMIT uninitialized Aug 26 13:22:43.805575: | global timer EVENT_NAT_T_KEEPALIVE uninitialized Aug 26 13:22:43.805581: | libevent_free: release ptr-libevent@0x555fbaebe978 Aug 26 13:22:43.805585: | signal event handler PLUTO_SIGCHLD uninstalled Aug 26 13:22:43.805589: | libevent_free: release ptr-libevent@0x555fbae34758 Aug 26 13:22:43.805593: | signal event handler PLUTO_SIGTERM uninstalled Aug 26 13:22:43.805596: | libevent_free: release ptr-libevent@0x555fbae3f988 Aug 26 13:22:43.805600: | signal event handler PLUTO_SIGHUP uninstalled Aug 26 13:22:43.805604: | libevent_free: release ptr-libevent@0x555fbae377b8 Aug 26 13:22:43.805608: | signal event handler PLUTO_SIGSYS uninstalled Aug 26 13:22:43.805611: | releasing event base Aug 26 13:22:43.805624: | libevent_free: release ptr-libevent@0x555fbaf17d98 Aug 26 13:22:43.805628: | libevent_free: release ptr-libevent@0x555fbaefacf8 Aug 26 13:22:43.805632: | libevent_free: release ptr-libevent@0x555fbaefaca8 Aug 26 13:22:43.805636: | libevent_free: release ptr-libevent@0x555fbaf1a1c8 Aug 26 13:22:43.805640: | libevent_free: release ptr-libevent@0x555fbaefac68 Aug 26 13:22:43.805643: | libevent_free: release ptr-libevent@0x555fbaf17a28 Aug 26 13:22:43.805647: | libevent_free: release ptr-libevent@0x555fbaf17c98 Aug 26 13:22:43.805650: | libevent_free: release ptr-libevent@0x555fbaefaea8 Aug 26 13:22:43.805654: | libevent_free: release ptr-libevent@0x555fbaf004a8 Aug 26 13:22:43.805657: | libevent_free: release ptr-libevent@0x555fbaf00108 Aug 26 13:22:43.805660: | libevent_free: release ptr-libevent@0x555fbaf18738 Aug 26 13:22:43.805676: | libevent_free: release ptr-libevent@0x555fbaf18688 Aug 26 13:22:43.805679: | libevent_free: release ptr-libevent@0x555fbaf185d8 Aug 26 13:22:43.805682: | libevent_free: release ptr-libevent@0x555fbaf18528 Aug 26 13:22:43.805684: | libevent_free: release ptr-libevent@0x555fbaf18478 Aug 26 13:22:43.805685: | libevent_free: release ptr-libevent@0x555fbaf183c8 Aug 26 13:22:43.805687: | libevent_free: release ptr-libevent@0x555fbae339a8 Aug 26 13:22:43.805688: | libevent_free: release ptr-libevent@0x555fbaf17d18 Aug 26 13:22:43.805690: | libevent_free: release ptr-libevent@0x555fbaf17cd8 Aug 26 13:22:43.805692: | libevent_free: release ptr-libevent@0x555fbaf17b98 Aug 26 13:22:43.805693: | libevent_free: release ptr-libevent@0x555fbaf17d58 Aug 26 13:22:43.805695: | libevent_free: release ptr-libevent@0x555fbaf17a68 Aug 26 13:22:43.805697: | libevent_free: release ptr-libevent@0x555fbaec0508 Aug 26 13:22:43.805698: | libevent_free: release ptr-libevent@0x555fbaec0488 Aug 26 13:22:43.805700: | libevent_free: release ptr-libevent@0x555fbae33d18 Aug 26 13:22:43.805702: | releasing global libevent data Aug 26 13:22:43.805704: | libevent_free: release ptr-libevent@0x555fbaec0688 Aug 26 13:22:43.805706: | libevent_free: release ptr-libevent@0x555fbaec0608 Aug 26 13:22:43.805708: | libevent_free: release ptr-libevent@0x555fbaec0588 Aug 26 13:22:43.805735: leak detective found no leaks