Aug 26 13:21:37.225470: FIPS Product: YES Aug 26 13:21:37.225580: FIPS Kernel: NO Aug 26 13:21:37.225583: FIPS Mode: NO Aug 26 13:21:37.225586: NSS DB directory: sql:/etc/ipsec.d Aug 26 13:21:37.225715: Initializing NSS Aug 26 13:21:37.225721: Opening NSS database "sql:/etc/ipsec.d" read-only Aug 26 13:21:37.249686: NSS initialized Aug 26 13:21:37.249699: NSS crypto library initialized Aug 26 13:21:37.249701: FIPS HMAC integrity support [enabled] Aug 26 13:21:37.249703: FIPS mode disabled for pluto daemon Aug 26 13:21:37.274795: FIPS HMAC integrity verification self-test FAILED Aug 26 13:21:37.274873: libcap-ng support [enabled] Aug 26 13:21:37.274879: Linux audit support [enabled] Aug 26 13:21:37.275150: Linux audit activated Aug 26 13:21:37.275156: Starting Pluto (Libreswan Version v3.28-685-gbfd5aef521-master-s2 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:3864 Aug 26 13:21:37.275158: core dump dir: /tmp Aug 26 13:21:37.275160: secrets file: /etc/ipsec.secrets Aug 26 13:21:37.275161: leak-detective enabled Aug 26 13:21:37.275163: NSS crypto [enabled] Aug 26 13:21:37.275164: XAUTH PAM support [enabled] Aug 26 13:21:37.275222: | libevent is using pluto's memory allocator Aug 26 13:21:37.275227: Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800) Aug 26 13:21:37.275239: | libevent_malloc: new ptr-libevent@0x5649f9a5c688 size 40 Aug 26 13:21:37.275244: | libevent_malloc: new ptr-libevent@0x5649f9a5c608 size 40 Aug 26 13:21:37.275246: | libevent_malloc: new ptr-libevent@0x5649f9a5c588 size 40 Aug 26 13:21:37.275248: | creating event base Aug 26 13:21:37.275251: | libevent_malloc: new ptr-libevent@0x5649f9a4e1b8 size 56 Aug 26 13:21:37.275254: | libevent_malloc: new ptr-libevent@0x5649f99cfd18 size 664 Aug 26 13:21:37.275262: | libevent_malloc: new ptr-libevent@0x5649f9a96ca8 size 24 Aug 26 13:21:37.275264: | libevent_malloc: new ptr-libevent@0x5649f9a96cf8 size 384 Aug 26 13:21:37.275272: | libevent_malloc: new ptr-libevent@0x5649f9a96c68 size 16 Aug 26 13:21:37.275274: | libevent_malloc: new ptr-libevent@0x5649f9a5c508 size 40 Aug 26 13:21:37.275276: | libevent_malloc: new ptr-libevent@0x5649f9a5c488 size 48 Aug 26 13:21:37.275279: | libevent_realloc: new ptr-libevent@0x5649f99cf9a8 size 256 Aug 26 13:21:37.275281: | libevent_malloc: new ptr-libevent@0x5649f9a96ea8 size 16 Aug 26 13:21:37.275285: | libevent_free: release ptr-libevent@0x5649f9a4e1b8 Aug 26 13:21:37.275293: | libevent initialized Aug 26 13:21:37.275299: | libevent_realloc: new ptr-libevent@0x5649f9a4e1b8 size 64 Aug 26 13:21:37.275302: | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds Aug 26 13:21:37.275334: | init_nat_traversal() initialized with keep_alive=0s Aug 26 13:21:37.275336: NAT-Traversal support [enabled] Aug 26 13:21:37.275338: | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized Aug 26 13:21:37.275360: | global one-shot timer EVENT_FREE_ROOT_CERTS initialized Aug 26 13:21:37.275362: | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds Aug 26 13:21:37.275386: | global one-shot timer EVENT_REVIVE_CONNS initialized Aug 26 13:21:37.275388: | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds Aug 26 13:21:37.275391: | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds Aug 26 13:21:37.275422: Encryption algorithms: Aug 26 13:21:37.275428: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm, aes_ccm_c Aug 26 13:21:37.275431: AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_b Aug 26 13:21:37.275433: AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_a Aug 26 13:21:37.275435: 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] 3des Aug 26 13:21:37.275437: CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128} Aug 26 13:21:37.275444: CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} camellia Aug 26 13:21:37.275447: AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm, aes_gcm_c Aug 26 13:21:37.275449: AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_b Aug 26 13:21:37.275451: AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_a Aug 26 13:21:37.275453: AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aesctr Aug 26 13:21:37.275456: AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aes Aug 26 13:21:37.275458: SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} serpent Aug 26 13:21:37.275460: TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} twofish Aug 26 13:21:37.275462: TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} twofish_cbc_ssh Aug 26 13:21:37.275464: NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_gmac Aug 26 13:21:37.275466: NULL IKEv1: ESP IKEv2: ESP [] Aug 26 13:21:37.275468: CHACHA20_POLY1305 IKEv1: IKEv2: IKE ESP [*256] chacha20poly1305 Aug 26 13:21:37.275473: Hash algorithms: Aug 26 13:21:37.275475: MD5 IKEv1: IKE IKEv2: Aug 26 13:21:37.275477: SHA1 IKEv1: IKE IKEv2: FIPS sha Aug 26 13:21:37.275479: SHA2_256 IKEv1: IKE IKEv2: FIPS sha2, sha256 Aug 26 13:21:37.275481: SHA2_384 IKEv1: IKE IKEv2: FIPS sha384 Aug 26 13:21:37.275483: SHA2_512 IKEv1: IKE IKEv2: FIPS sha512 Aug 26 13:21:37.275491: PRF algorithms: Aug 26 13:21:37.275493: HMAC_MD5 IKEv1: IKE IKEv2: IKE md5 Aug 26 13:21:37.275495: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS sha, sha1 Aug 26 13:21:37.275497: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS sha2, sha256, sha2_256 Aug 26 13:21:37.275499: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS sha384, sha2_384 Aug 26 13:21:37.275501: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS sha512, sha2_512 Aug 26 13:21:37.275503: AES_XCBC IKEv1: IKEv2: IKE aes128_xcbc Aug 26 13:21:37.275519: Integrity algorithms: Aug 26 13:21:37.275521: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH md5, hmac_md5 Aug 26 13:21:37.275523: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha, sha1, sha1_96, hmac_sha1 Aug 26 13:21:37.275526: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha512, sha2_512, sha2_512_256, hmac_sha2_512 Aug 26 13:21:37.275528: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha384, sha2_384, sha2_384_192, hmac_sha2_384 Aug 26 13:21:37.275531: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 Aug 26 13:21:37.275532: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH Aug 26 13:21:37.275535: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH aes_xcbc, aes128_xcbc, aes128_xcbc_96 Aug 26 13:21:37.275537: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac Aug 26 13:21:37.275538: NONE IKEv1: ESP IKEv2: IKE ESP FIPS null Aug 26 13:21:37.275546: DH algorithms: Aug 26 13:21:37.275548: NONE IKEv1: IKEv2: IKE ESP AH FIPS null, dh0 Aug 26 13:21:37.275550: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh5 Aug 26 13:21:37.275552: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh14 Aug 26 13:21:37.275555: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh15 Aug 26 13:21:37.275557: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh16 Aug 26 13:21:37.275559: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh17 Aug 26 13:21:37.275560: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh18 Aug 26 13:21:37.275562: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_256, ecp256 Aug 26 13:21:37.275564: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_384, ecp384 Aug 26 13:21:37.275566: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_521, ecp521 Aug 26 13:21:37.275568: DH31 IKEv1: IKE IKEv2: IKE ESP AH curve25519 Aug 26 13:21:37.275570: testing CAMELLIA_CBC: Aug 26 13:21:37.275572: Camellia: 16 bytes with 128-bit key Aug 26 13:21:37.275660: Camellia: 16 bytes with 128-bit key Aug 26 13:21:37.275680: Camellia: 16 bytes with 256-bit key Aug 26 13:21:37.275699: Camellia: 16 bytes with 256-bit key Aug 26 13:21:37.275716: testing AES_GCM_16: Aug 26 13:21:37.275719: empty string Aug 26 13:21:37.275737: one block Aug 26 13:21:37.275752: two blocks Aug 26 13:21:37.275768: two blocks with associated data Aug 26 13:21:37.275784: testing AES_CTR: Aug 26 13:21:37.275786: Encrypting 16 octets using AES-CTR with 128-bit key Aug 26 13:21:37.275802: Encrypting 32 octets using AES-CTR with 128-bit key Aug 26 13:21:37.275821: Encrypting 36 octets using AES-CTR with 128-bit key Aug 26 13:21:37.275838: Encrypting 16 octets using AES-CTR with 192-bit key Aug 26 13:21:37.275854: Encrypting 32 octets using AES-CTR with 192-bit key Aug 26 13:21:37.275870: Encrypting 36 octets using AES-CTR with 192-bit key Aug 26 13:21:37.275887: Encrypting 16 octets using AES-CTR with 256-bit key Aug 26 13:21:37.275903: Encrypting 32 octets using AES-CTR with 256-bit key Aug 26 13:21:37.275919: Encrypting 36 octets using AES-CTR with 256-bit key Aug 26 13:21:37.275936: testing AES_CBC: Aug 26 13:21:37.275938: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key Aug 26 13:21:37.275954: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key Aug 26 13:21:37.275972: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key Aug 26 13:21:37.275989: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key Aug 26 13:21:37.276009: testing AES_XCBC: Aug 26 13:21:37.276011: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input Aug 26 13:21:37.276086: RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input Aug 26 13:21:37.276163: RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input Aug 26 13:21:37.276238: RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input Aug 26 13:21:37.276343: RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input Aug 26 13:21:37.276433: RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input Aug 26 13:21:37.276509: RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input Aug 26 13:21:37.276675: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) Aug 26 13:21:37.276751: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) Aug 26 13:21:37.276833: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) Aug 26 13:21:37.276993: testing HMAC_MD5: Aug 26 13:21:37.276996: RFC 2104: MD5_HMAC test 1 Aug 26 13:21:37.277112: RFC 2104: MD5_HMAC test 2 Aug 26 13:21:37.277204: RFC 2104: MD5_HMAC test 3 Aug 26 13:21:37.277358: 8 CPU cores online Aug 26 13:21:37.277363: starting up 7 crypto helpers Aug 26 13:21:37.277390: started thread for crypto helper 0 Aug 26 13:21:37.277417: | starting up helper thread 0 Aug 26 13:21:37.277424: started thread for crypto helper 1 Aug 26 13:21:37.277435: | status value returned by setting the priority of this thread (crypto helper 0) 22 Aug 26 13:21:37.277437: | crypto helper 0 waiting (nothing to do) Aug 26 13:21:37.277428: | starting up helper thread 1 Aug 26 13:21:37.277452: | status value returned by setting the priority of this thread (crypto helper 1) 22 Aug 26 13:21:37.277455: | crypto helper 1 waiting (nothing to do) Aug 26 13:21:37.277461: started thread for crypto helper 2 Aug 26 13:21:37.277489: started thread for crypto helper 3 Aug 26 13:21:37.277507: | starting up helper thread 3 Aug 26 13:21:37.277512: | starting up helper thread 2 Aug 26 13:21:37.277516: | status value returned by setting the priority of this thread (crypto helper 3) 22 Aug 26 13:21:37.277530: | starting up helper thread 4 Aug 26 13:21:37.277525: started thread for crypto helper 4 Aug 26 13:21:37.277539: | status value returned by setting the priority of this thread (crypto helper 4) 22 Aug 26 13:21:37.277536: | crypto helper 3 waiting (nothing to do) Aug 26 13:21:37.277560: started thread for crypto helper 5 Aug 26 13:21:37.277564: | starting up helper thread 5 Aug 26 13:21:37.277561: | crypto helper 4 waiting (nothing to do) Aug 26 13:21:37.277569: | status value returned by setting the priority of this thread (crypto helper 5) 22 Aug 26 13:21:37.277531: | status value returned by setting the priority of this thread (crypto helper 2) 22 Aug 26 13:21:37.277578: started thread for crypto helper 6 Aug 26 13:21:37.277584: | crypto helper 5 waiting (nothing to do) Aug 26 13:21:37.277591: | starting up helper thread 6 Aug 26 13:21:37.277593: | checking IKEv1 state table Aug 26 13:21:37.277620: | status value returned by setting the priority of this thread (crypto helper 6) 22 Aug 26 13:21:37.277623: | crypto helper 6 waiting (nothing to do) Aug 26 13:21:37.277624: | MAIN_R0: category: half-open IKE SA flags: 0: Aug 26 13:21:37.277645: | -> MAIN_R1 EVENT_SO_DISCARD Aug 26 13:21:37.277647: | MAIN_I1: category: half-open IKE SA flags: 0: Aug 26 13:21:37.277649: | -> MAIN_I2 EVENT_RETRANSMIT Aug 26 13:21:37.277651: | MAIN_R1: category: open IKE SA flags: 200: Aug 26 13:21:37.277649: | crypto helper 2 waiting (nothing to do) Aug 26 13:21:37.277653: | -> MAIN_R2 EVENT_RETRANSMIT Aug 26 13:21:37.277662: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 13:21:37.277664: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 13:21:37.277666: | MAIN_I2: category: open IKE SA flags: 0: Aug 26 13:21:37.277667: | -> MAIN_I3 EVENT_RETRANSMIT Aug 26 13:21:37.277669: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 13:21:37.277670: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 13:21:37.277672: | MAIN_R2: category: open IKE SA flags: 0: Aug 26 13:21:37.277674: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 13:21:37.277675: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 13:21:37.277677: | -> UNDEFINED EVENT_SA_REPLACE Aug 26 13:21:37.277679: | MAIN_I3: category: open IKE SA flags: 0: Aug 26 13:21:37.277680: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 13:21:37.277682: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 13:21:37.277683: | -> UNDEFINED EVENT_SA_REPLACE Aug 26 13:21:37.277685: | MAIN_R3: category: established IKE SA flags: 200: Aug 26 13:21:37.277687: | -> UNDEFINED EVENT_NULL Aug 26 13:21:37.277688: | MAIN_I4: category: established IKE SA flags: 0: Aug 26 13:21:37.277703: | -> UNDEFINED EVENT_NULL Aug 26 13:21:37.277705: | AGGR_R0: category: half-open IKE SA flags: 0: Aug 26 13:21:37.277706: | -> AGGR_R1 EVENT_SO_DISCARD Aug 26 13:21:37.277708: | AGGR_I1: category: half-open IKE SA flags: 0: Aug 26 13:21:37.277709: | -> AGGR_I2 EVENT_SA_REPLACE Aug 26 13:21:37.277711: | -> AGGR_I2 EVENT_SA_REPLACE Aug 26 13:21:37.277713: | AGGR_R1: category: open IKE SA flags: 200: Aug 26 13:21:37.277714: | -> AGGR_R2 EVENT_SA_REPLACE Aug 26 13:21:37.277716: | -> AGGR_R2 EVENT_SA_REPLACE Aug 26 13:21:37.277717: | AGGR_I2: category: established IKE SA flags: 200: Aug 26 13:21:37.277719: | -> UNDEFINED EVENT_NULL Aug 26 13:21:37.277721: | AGGR_R2: category: established IKE SA flags: 0: Aug 26 13:21:37.277722: | -> UNDEFINED EVENT_NULL Aug 26 13:21:37.277724: | QUICK_R0: category: established CHILD SA flags: 0: Aug 26 13:21:37.277725: | -> QUICK_R1 EVENT_RETRANSMIT Aug 26 13:21:37.277730: | QUICK_I1: category: established CHILD SA flags: 0: Aug 26 13:21:37.277732: | -> QUICK_I2 EVENT_SA_REPLACE Aug 26 13:21:37.277733: | QUICK_R1: category: established CHILD SA flags: 0: Aug 26 13:21:37.277735: | -> QUICK_R2 EVENT_SA_REPLACE Aug 26 13:21:37.277737: | QUICK_I2: category: established CHILD SA flags: 200: Aug 26 13:21:37.277738: | -> UNDEFINED EVENT_NULL Aug 26 13:21:37.277740: | QUICK_R2: category: established CHILD SA flags: 0: Aug 26 13:21:37.277741: | -> UNDEFINED EVENT_NULL Aug 26 13:21:37.277743: | INFO: category: informational flags: 0: Aug 26 13:21:37.277744: | -> UNDEFINED EVENT_NULL Aug 26 13:21:37.277746: | INFO_PROTECTED: category: informational flags: 0: Aug 26 13:21:37.277748: | -> UNDEFINED EVENT_NULL Aug 26 13:21:37.277749: | XAUTH_R0: category: established IKE SA flags: 0: Aug 26 13:21:37.277751: | -> XAUTH_R1 EVENT_NULL Aug 26 13:21:37.277753: | XAUTH_R1: category: established IKE SA flags: 0: Aug 26 13:21:37.277754: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 13:21:37.277756: | MODE_CFG_R0: category: informational flags: 0: Aug 26 13:21:37.277757: | -> MODE_CFG_R1 EVENT_SA_REPLACE Aug 26 13:21:37.277759: | MODE_CFG_R1: category: established IKE SA flags: 0: Aug 26 13:21:37.277761: | -> MODE_CFG_R2 EVENT_SA_REPLACE Aug 26 13:21:37.277762: | MODE_CFG_R2: category: established IKE SA flags: 0: Aug 26 13:21:37.277764: | -> UNDEFINED EVENT_NULL Aug 26 13:21:37.277765: | MODE_CFG_I1: category: established IKE SA flags: 0: Aug 26 13:21:37.277767: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 13:21:37.277769: | XAUTH_I0: category: established IKE SA flags: 0: Aug 26 13:21:37.277770: | -> XAUTH_I1 EVENT_RETRANSMIT Aug 26 13:21:37.277772: | XAUTH_I1: category: established IKE SA flags: 0: Aug 26 13:21:37.277773: | -> MAIN_I4 EVENT_RETRANSMIT Aug 26 13:21:37.277777: | checking IKEv2 state table Aug 26 13:21:37.277782: | PARENT_I0: category: ignore flags: 0: Aug 26 13:21:37.277784: | -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT) Aug 26 13:21:37.277786: | PARENT_I1: category: half-open IKE SA flags: 0: Aug 26 13:21:37.277788: | -> PARENT_I1 EVENT_RETAIN send-request (Initiator: process SA_INIT reply notification) Aug 26 13:21:37.277789: | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH) Aug 26 13:21:37.277791: | PARENT_I2: category: open IKE SA flags: 0: Aug 26 13:21:37.277793: | -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification) Aug 26 13:21:37.277795: | -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification) Aug 26 13:21:37.277797: | -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification) Aug 26 13:21:37.277798: | -> V2_IPSEC_I EVENT_SA_REPLACE (Initiator: process IKE_AUTH response) Aug 26 13:21:37.277800: | -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification) Aug 26 13:21:37.277802: | PARENT_I3: category: established IKE SA flags: 0: Aug 26 13:21:37.277803: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Request) Aug 26 13:21:37.277805: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Response) Aug 26 13:21:37.277807: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Request) Aug 26 13:21:37.277808: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Response) Aug 26 13:21:37.277810: | PARENT_R0: category: half-open IKE SA flags: 0: Aug 26 13:21:37.277812: | -> PARENT_R1 EVENT_SO_DISCARD send-request (Respond to IKE_SA_INIT) Aug 26 13:21:37.277814: | PARENT_R1: category: half-open IKE SA flags: 0: Aug 26 13:21:37.277815: | -> PARENT_R1 EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request (no SKEYSEED)) Aug 26 13:21:37.277817: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request) Aug 26 13:21:37.277819: | PARENT_R2: category: established IKE SA flags: 0: Aug 26 13:21:37.277821: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Request) Aug 26 13:21:37.277824: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Response) Aug 26 13:21:37.277825: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Request) Aug 26 13:21:37.277827: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Response) Aug 26 13:21:37.277829: | V2_CREATE_I0: category: established IKE SA flags: 0: Aug 26 13:21:37.277831: | -> V2_CREATE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA) Aug 26 13:21:37.277832: | V2_CREATE_I: category: established IKE SA flags: 0: Aug 26 13:21:37.277834: | -> V2_IPSEC_I EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response) Aug 26 13:21:37.277836: | V2_REKEY_IKE_I0: category: established IKE SA flags: 0: Aug 26 13:21:37.277838: | -> V2_REKEY_IKE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey) Aug 26 13:21:37.277840: | V2_REKEY_IKE_I: category: established IKE SA flags: 0: Aug 26 13:21:37.277841: | -> PARENT_I3 EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response) Aug 26 13:21:37.277843: | V2_REKEY_CHILD_I0: category: established IKE SA flags: 0: Aug 26 13:21:37.277845: | -> V2_REKEY_CHILD_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA) Aug 26 13:21:37.277847: | V2_REKEY_CHILD_I: category: established IKE SA flags: 0: Aug 26 13:21:37.277849: | V2_CREATE_R: category: established IKE SA flags: 0: Aug 26 13:21:37.277850: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IPsec SA Request) Aug 26 13:21:37.277852: | V2_REKEY_IKE_R: category: established IKE SA flags: 0: Aug 26 13:21:37.277854: | -> PARENT_R2 EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IKE Rekey) Aug 26 13:21:37.277856: | V2_REKEY_CHILD_R: category: established IKE SA flags: 0: Aug 26 13:21:37.277857: | V2_IPSEC_I: category: established CHILD SA flags: 0: Aug 26 13:21:37.277859: | V2_IPSEC_R: category: established CHILD SA flags: 0: Aug 26 13:21:37.277861: | IKESA_DEL: category: established IKE SA flags: 0: Aug 26 13:21:37.277863: | -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) Aug 26 13:21:37.277865: | CHILDSA_DEL: category: informational flags: 0: Aug 26 13:21:37.277875: Using Linux XFRM/NETKEY IPsec interface code on 5.1.18-200.fc29.x86_64 Aug 26 13:21:37.278365: | Hard-wiring algorithms Aug 26 13:21:37.278370: | adding AES_CCM_16 to kernel algorithm db Aug 26 13:21:37.278374: | adding AES_CCM_12 to kernel algorithm db Aug 26 13:21:37.278375: | adding AES_CCM_8 to kernel algorithm db Aug 26 13:21:37.278377: | adding 3DES_CBC to kernel algorithm db Aug 26 13:21:37.278379: | adding CAMELLIA_CBC to kernel algorithm db Aug 26 13:21:37.278380: | adding AES_GCM_16 to kernel algorithm db Aug 26 13:21:37.278382: | adding AES_GCM_12 to kernel algorithm db Aug 26 13:21:37.278383: | adding AES_GCM_8 to kernel algorithm db Aug 26 13:21:37.278385: | adding AES_CTR to kernel algorithm db Aug 26 13:21:37.278386: | adding AES_CBC to kernel algorithm db Aug 26 13:21:37.278388: | adding SERPENT_CBC to kernel algorithm db Aug 26 13:21:37.278390: | adding TWOFISH_CBC to kernel algorithm db Aug 26 13:21:37.278392: | adding NULL_AUTH_AES_GMAC to kernel algorithm db Aug 26 13:21:37.278393: | adding NULL to kernel algorithm db Aug 26 13:21:37.278395: | adding CHACHA20_POLY1305 to kernel algorithm db Aug 26 13:21:37.278397: | adding HMAC_MD5_96 to kernel algorithm db Aug 26 13:21:37.278398: | adding HMAC_SHA1_96 to kernel algorithm db Aug 26 13:21:37.278400: | adding HMAC_SHA2_512_256 to kernel algorithm db Aug 26 13:21:37.278401: | adding HMAC_SHA2_384_192 to kernel algorithm db Aug 26 13:21:37.278403: | adding HMAC_SHA2_256_128 to kernel algorithm db Aug 26 13:21:37.278404: | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db Aug 26 13:21:37.278406: | adding AES_XCBC_96 to kernel algorithm db Aug 26 13:21:37.278407: | adding AES_CMAC_96 to kernel algorithm db Aug 26 13:21:37.278409: | adding NONE to kernel algorithm db Aug 26 13:21:37.278426: | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes Aug 26 13:21:37.278431: | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds Aug 26 13:21:37.278432: | setup kernel fd callback Aug 26 13:21:37.278435: | add_fd_read_event_handler: new KERNEL_XRM_FD-pe@0x5649f9a563a8 Aug 26 13:21:37.278437: | libevent_malloc: new ptr-libevent@0x5649f9a95418 size 128 Aug 26 13:21:37.278439: | libevent_malloc: new ptr-libevent@0x5649f9a9c4a8 size 16 Aug 26 13:21:37.278443: | add_fd_read_event_handler: new KERNEL_ROUTE_FD-pe@0x5649f9a9c438 Aug 26 13:21:37.278445: | libevent_malloc: new ptr-libevent@0x5649f9a4ee68 size 128 Aug 26 13:21:37.278447: | libevent_malloc: new ptr-libevent@0x5649f9a9c108 size 16 Aug 26 13:21:37.278589: | global one-shot timer EVENT_CHECK_CRLS initialized Aug 26 13:21:37.278597: selinux support is enabled. Aug 26 13:21:37.279045: | unbound context created - setting debug level to 5 Aug 26 13:21:37.279066: | /etc/hosts lookups activated Aug 26 13:21:37.279077: | /etc/resolv.conf usage activated Aug 26 13:21:37.279113: | outgoing-port-avoid set 0-65535 Aug 26 13:21:37.279130: | outgoing-port-permit set 32768-60999 Aug 26 13:21:37.279132: | Loading dnssec root key from:/var/lib/unbound/root.key Aug 26 13:21:37.279134: | No additional dnssec trust anchors defined via dnssec-trusted= option Aug 26 13:21:37.279136: | Setting up events, loop start Aug 26 13:21:37.279139: | add_fd_read_event_handler: new PLUTO_CTL_FD-pe@0x5649f9a9c8d8 Aug 26 13:21:37.279141: | libevent_malloc: new ptr-libevent@0x5649f9aa8738 size 128 Aug 26 13:21:37.279143: | libevent_malloc: new ptr-libevent@0x5649f9ab3a28 size 16 Aug 26 13:21:37.279148: | libevent_realloc: new ptr-libevent@0x5649f9ab3a68 size 256 Aug 26 13:21:37.279150: | libevent_malloc: new ptr-libevent@0x5649f9ab3b98 size 8 Aug 26 13:21:37.279152: | libevent_realloc: new ptr-libevent@0x5649f9ab3bd8 size 144 Aug 26 13:21:37.279153: | libevent_malloc: new ptr-libevent@0x5649f9a5a978 size 152 Aug 26 13:21:37.279156: | libevent_malloc: new ptr-libevent@0x5649f9ab3c98 size 16 Aug 26 13:21:37.279159: | signal event handler PLUTO_SIGCHLD installed Aug 26 13:21:37.279160: | libevent_malloc: new ptr-libevent@0x5649f9ab3cd8 size 8 Aug 26 13:21:37.279163: | libevent_malloc: new ptr-libevent@0x5649f99d0758 size 152 Aug 26 13:21:37.279166: | signal event handler PLUTO_SIGTERM installed Aug 26 13:21:37.279167: | libevent_malloc: new ptr-libevent@0x5649f9ab3d18 size 8 Aug 26 13:21:37.279169: | libevent_malloc: new ptr-libevent@0x5649f99db988 size 152 Aug 26 13:21:37.279171: | signal event handler PLUTO_SIGHUP installed Aug 26 13:21:37.279173: | libevent_malloc: new ptr-libevent@0x5649f9ab3d58 size 8 Aug 26 13:21:37.279174: | libevent_realloc: release ptr-libevent@0x5649f9ab3bd8 Aug 26 13:21:37.279176: | libevent_realloc: new ptr-libevent@0x5649f9ab3d98 size 256 Aug 26 13:21:37.279179: | libevent_malloc: new ptr-libevent@0x5649f99d37b8 size 152 Aug 26 13:21:37.279181: | signal event handler PLUTO_SIGSYS installed Aug 26 13:21:37.279492: | created addconn helper (pid:3889) using fork+execve Aug 26 13:21:37.279511: | forked child 3889 Aug 26 13:21:37.282420: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:21:37.282439: listening for IKE messages Aug 26 13:21:37.282835: | Inspecting interface lo Aug 26 13:21:37.282843: | found lo with address 127.0.0.1 Aug 26 13:21:37.282848: | Inspecting interface eth0 Aug 26 13:21:37.282852: | found eth0 with address 192.0.3.254 Aug 26 13:21:37.282856: | Inspecting interface eth1 Aug 26 13:21:37.282860: | found eth1 with address 192.1.3.33 Aug 26 13:21:37.282927: Kernel supports NIC esp-hw-offload Aug 26 13:21:37.282939: adding interface eth1/eth1 (esp-hw-offload not supported by kernel) 192.1.3.33:500 Aug 26 13:21:37.282982: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 13:21:37.282987: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 13:21:37.282992: adding interface eth1/eth1 192.1.3.33:4500 Aug 26 13:21:37.283021: adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.0.3.254:500 Aug 26 13:21:37.283040: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 13:21:37.283044: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 13:21:37.283048: adding interface eth0/eth0 192.0.3.254:4500 Aug 26 13:21:37.283072: adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500 Aug 26 13:21:37.283090: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 13:21:37.283094: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 13:21:37.283098: adding interface lo/lo 127.0.0.1:4500 Aug 26 13:21:37.283165: | no interfaces to sort Aug 26 13:21:37.283170: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Aug 26 13:21:37.283179: | add_fd_read_event_handler: new ethX-pe@0x5649f9ab4358 Aug 26 13:21:37.283182: | libevent_malloc: new ptr-libevent@0x5649f9aa8688 size 128 Aug 26 13:21:37.283186: | libevent_malloc: new ptr-libevent@0x5649f9ab43c8 size 16 Aug 26 13:21:37.283194: | setup callback for interface lo 127.0.0.1:4500 fd 22 Aug 26 13:21:37.283197: | add_fd_read_event_handler: new ethX-pe@0x5649f9ab4408 Aug 26 13:21:37.283201: | libevent_malloc: new ptr-libevent@0x5649f9a4ef18 size 128 Aug 26 13:21:37.283203: | libevent_malloc: new ptr-libevent@0x5649f9ab4478 size 16 Aug 26 13:21:37.283208: | setup callback for interface lo 127.0.0.1:500 fd 21 Aug 26 13:21:37.283211: | add_fd_read_event_handler: new ethX-pe@0x5649f9ab44b8 Aug 26 13:21:37.283214: | libevent_malloc: new ptr-libevent@0x5649f9a4e838 size 128 Aug 26 13:21:37.283217: | libevent_malloc: new ptr-libevent@0x5649f9ab4528 size 16 Aug 26 13:21:37.283221: | setup callback for interface eth0 192.0.3.254:4500 fd 20 Aug 26 13:21:37.283224: | add_fd_read_event_handler: new ethX-pe@0x5649f9ab4568 Aug 26 13:21:37.283228: | libevent_malloc: new ptr-libevent@0x5649f9a560f8 size 128 Aug 26 13:21:37.283231: | libevent_malloc: new ptr-libevent@0x5649f9ab45d8 size 16 Aug 26 13:21:37.283235: | setup callback for interface eth0 192.0.3.254:500 fd 19 Aug 26 13:21:37.283238: | add_fd_read_event_handler: new ethX-pe@0x5649f9ab4618 Aug 26 13:21:37.283241: | libevent_malloc: new ptr-libevent@0x5649f9a561f8 size 128 Aug 26 13:21:37.283244: | libevent_malloc: new ptr-libevent@0x5649f9ab4688 size 16 Aug 26 13:21:37.283248: | setup callback for interface eth1 192.1.3.33:4500 fd 18 Aug 26 13:21:37.283251: | add_fd_read_event_handler: new ethX-pe@0x5649f9ab46c8 Aug 26 13:21:37.283254: | libevent_malloc: new ptr-libevent@0x5649f9a562f8 size 128 Aug 26 13:21:37.283256: | libevent_malloc: new ptr-libevent@0x5649f9ab4738 size 16 Aug 26 13:21:37.283261: | setup callback for interface eth1 192.1.3.33:500 fd 17 Aug 26 13:21:37.283265: | certs and keys locked by 'free_preshared_secrets' Aug 26 13:21:37.283268: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 13:21:37.283291: loading secrets from "/etc/ipsec.secrets" Aug 26 13:21:37.283324: | saving Modulus Aug 26 13:21:37.283341: | saving PublicExponent Aug 26 13:21:37.283345: | ignoring PrivateExponent Aug 26 13:21:37.283348: | ignoring Prime1 Aug 26 13:21:37.283351: | ignoring Prime2 Aug 26 13:21:37.283355: | ignoring Exponent1 Aug 26 13:21:37.283358: | ignoring Exponent2 Aug 26 13:21:37.283361: | ignoring Coefficient Aug 26 13:21:37.283364: | ignoring CKAIDNSS Aug 26 13:21:37.283400: | computed rsa CKAID 90 5d fc a1 08 68 74 7c 6f 20 d3 1b 2d 20 4b 8f Aug 26 13:21:37.283403: | computed rsa CKAID 88 aa 7c 5d Aug 26 13:21:37.283407: loaded private key for keyid: PKK_RSA:AQPl33O2P Aug 26 13:21:37.283415: | certs and keys locked by 'process_secret' Aug 26 13:21:37.283419: | certs and keys unlocked by 'process_secret' Aug 26 13:21:37.283427: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:21:37.283433: | spent 1.02 milliseconds in whack Aug 26 13:21:37.297425: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:21:37.297444: listening for IKE messages Aug 26 13:21:37.297477: | Inspecting interface lo Aug 26 13:21:37.297482: | found lo with address 127.0.0.1 Aug 26 13:21:37.297485: | Inspecting interface eth0 Aug 26 13:21:37.297487: | found eth0 with address 192.0.3.254 Aug 26 13:21:37.297489: | Inspecting interface eth1 Aug 26 13:21:37.297492: | found eth1 with address 192.1.3.33 Aug 26 13:21:37.297533: | no interfaces to sort Aug 26 13:21:37.297540: | libevent_free: release ptr-libevent@0x5649f9aa8688 Aug 26 13:21:37.297543: | free_event_entry: release EVENT_NULL-pe@0x5649f9ab4358 Aug 26 13:21:37.297545: | add_fd_read_event_handler: new ethX-pe@0x5649f9ab4358 Aug 26 13:21:37.297547: | libevent_malloc: new ptr-libevent@0x5649f9aa8688 size 128 Aug 26 13:21:37.297552: | setup callback for interface lo 127.0.0.1:4500 fd 22 Aug 26 13:21:37.297555: | libevent_free: release ptr-libevent@0x5649f9a4ef18 Aug 26 13:21:37.297556: | free_event_entry: release EVENT_NULL-pe@0x5649f9ab4408 Aug 26 13:21:37.297558: | add_fd_read_event_handler: new ethX-pe@0x5649f9ab4408 Aug 26 13:21:37.297560: | libevent_malloc: new ptr-libevent@0x5649f9a4ef18 size 128 Aug 26 13:21:37.297563: | setup callback for interface lo 127.0.0.1:500 fd 21 Aug 26 13:21:37.297565: | libevent_free: release ptr-libevent@0x5649f9a4e838 Aug 26 13:21:37.297567: | free_event_entry: release EVENT_NULL-pe@0x5649f9ab44b8 Aug 26 13:21:37.297569: | add_fd_read_event_handler: new ethX-pe@0x5649f9ab44b8 Aug 26 13:21:37.297570: | libevent_malloc: new ptr-libevent@0x5649f9a4e838 size 128 Aug 26 13:21:37.297573: | setup callback for interface eth0 192.0.3.254:4500 fd 20 Aug 26 13:21:37.297576: | libevent_free: release ptr-libevent@0x5649f9a560f8 Aug 26 13:21:37.297577: | free_event_entry: release EVENT_NULL-pe@0x5649f9ab4568 Aug 26 13:21:37.297579: | add_fd_read_event_handler: new ethX-pe@0x5649f9ab4568 Aug 26 13:21:37.297581: | libevent_malloc: new ptr-libevent@0x5649f9a560f8 size 128 Aug 26 13:21:37.297584: | setup callback for interface eth0 192.0.3.254:500 fd 19 Aug 26 13:21:37.297586: | libevent_free: release ptr-libevent@0x5649f9a561f8 Aug 26 13:21:37.297588: | free_event_entry: release EVENT_NULL-pe@0x5649f9ab4618 Aug 26 13:21:37.297589: | add_fd_read_event_handler: new ethX-pe@0x5649f9ab4618 Aug 26 13:21:37.297591: | libevent_malloc: new ptr-libevent@0x5649f9a561f8 size 128 Aug 26 13:21:37.297594: | setup callback for interface eth1 192.1.3.33:4500 fd 18 Aug 26 13:21:37.297596: | libevent_free: release ptr-libevent@0x5649f9a562f8 Aug 26 13:21:37.297598: | free_event_entry: release EVENT_NULL-pe@0x5649f9ab46c8 Aug 26 13:21:37.297599: | add_fd_read_event_handler: new ethX-pe@0x5649f9ab46c8 Aug 26 13:21:37.297601: | libevent_malloc: new ptr-libevent@0x5649f9a562f8 size 128 Aug 26 13:21:37.297604: | setup callback for interface eth1 192.1.3.33:500 fd 17 Aug 26 13:21:37.297606: | certs and keys locked by 'free_preshared_secrets' Aug 26 13:21:37.297608: forgetting secrets Aug 26 13:21:37.297615: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 13:21:37.297627: loading secrets from "/etc/ipsec.secrets" Aug 26 13:21:37.297640: | saving Modulus Aug 26 13:21:37.297642: | saving PublicExponent Aug 26 13:21:37.297645: | ignoring PrivateExponent Aug 26 13:21:37.297647: | ignoring Prime1 Aug 26 13:21:37.297649: | ignoring Prime2 Aug 26 13:21:37.297651: | ignoring Exponent1 Aug 26 13:21:37.297653: | ignoring Exponent2 Aug 26 13:21:37.297655: | ignoring Coefficient Aug 26 13:21:37.297657: | ignoring CKAIDNSS Aug 26 13:21:37.297675: | computed rsa CKAID 90 5d fc a1 08 68 74 7c 6f 20 d3 1b 2d 20 4b 8f Aug 26 13:21:37.297677: | computed rsa CKAID 88 aa 7c 5d Aug 26 13:21:37.297680: loaded private key for keyid: PKK_RSA:AQPl33O2P Aug 26 13:21:37.297685: | certs and keys locked by 'process_secret' Aug 26 13:21:37.297688: | certs and keys unlocked by 'process_secret' Aug 26 13:21:37.297697: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:21:37.297703: | spent 0.284 milliseconds in whack Aug 26 13:21:37.298050: | processing signal PLUTO_SIGCHLD Aug 26 13:21:37.298059: | waitpid returned pid 3889 (exited with status 0) Aug 26 13:21:37.298064: | reaped addconn helper child (status 0) Aug 26 13:21:37.298068: | waitpid returned ECHILD (no child processes left) Aug 26 13:21:37.298072: | spent 0.0152 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:21:37.357931: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:21:37.357950: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:21:37.357952: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 13:21:37.357954: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:21:37.357956: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 13:21:37.357959: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:21:37.357965: | Added new connection north-dpd/0x1 with policy ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 13:21:37.357968: | No AUTH policy was set - defaulting to RSASIG Aug 26 13:21:37.358464: | setting ID to ID_DER_ASN1_DN: 'E=user-north@testing.libreswan.org,CN=north.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' Aug 26 13:21:37.358476: | loading left certificate 'north' pubkey Aug 26 13:21:37.358547: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x5649f9ab6838 Aug 26 13:21:37.358552: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x5649f9ab67e8 Aug 26 13:21:37.358553: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x5649f9ab6798 Aug 26 13:21:37.358646: | unreference key: 0x5649f9ab6888 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org cnt 1-- Aug 26 13:21:37.358779: | certs and keys locked by 'lsw_add_rsa_secret' Aug 26 13:21:37.358783: | certs and keys unlocked by 'lsw_add_rsa_secret' Aug 26 13:21:37.358788: | counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org is 0 Aug 26 13:21:37.359187: | setting ID to ID_DER_ASN1_DN: 'E=user-east@testing.libreswan.org,CN=east.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' Aug 26 13:21:37.359193: | loading right certificate 'east' pubkey Aug 26 13:21:37.359251: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x5649f9ab98b8 Aug 26 13:21:37.359255: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x5649f9abaac8 Aug 26 13:21:37.359257: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x5649f9ab9e88 Aug 26 13:21:37.359259: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x5649f9ab99b8 Aug 26 13:21:37.359260: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x5649f9ab64e8 Aug 26 13:21:37.359442: | unreference key: 0x5649f9abf6e8 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org cnt 1-- Aug 26 13:21:37.359521: | warning: no secret key loaded for right certificate with nickname east: NSS: cert private key not found Aug 26 13:21:37.359528: | counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org is 0 Aug 26 13:21:37.359535: | connect_to_host_pair: 192.1.3.33:500 192.1.2.23:500 -> hp@(nil): none Aug 26 13:21:37.359538: | new hp@0x5649f9abeef8 Aug 26 13:21:37.359541: added connection description "north-dpd/0x1" Aug 26 13:21:37.359550: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 13:21:37.359561: | 192.0.3.0/24===192.1.3.33<192.1.3.33>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org]---192.1.3.254...192.1.2.23<192.1.2.23>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org]===192.0.2.0/24 Aug 26 13:21:37.359567: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:21:37.359577: | spent 1.65 milliseconds in whack Aug 26 13:21:37.359650: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:21:37.359663: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:21:37.359665: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 13:21:37.359667: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:21:37.359669: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 13:21:37.359671: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:21:37.359675: | Added new connection north-dpd/0x2 with policy ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 13:21:37.359677: | No AUTH policy was set - defaulting to RSASIG Aug 26 13:21:37.359757: | setting ID to ID_DER_ASN1_DN: 'E=user-north@testing.libreswan.org,CN=north.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' Aug 26 13:21:37.359762: | loading left certificate 'north' pubkey Aug 26 13:21:37.359803: | unreference key: 0x5649f9abae08 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org cnt 1-- Aug 26 13:21:37.359812: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x5649f9ab9e88 Aug 26 13:21:37.359814: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x5649f9ab99b8 Aug 26 13:21:37.359816: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x5649f9ab64e8 Aug 26 13:21:37.359850: | unreference key: 0x5649f9ab9cb8 @north.testing.libreswan.org cnt 1-- Aug 26 13:21:37.359883: | unreference key: 0x5649f9ab9ed8 user-north@testing.libreswan.org cnt 1-- Aug 26 13:21:37.359919: | unreference key: 0x5649f9ac1268 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org cnt 1-- Aug 26 13:21:37.359953: | secrets entry for north already exists Aug 26 13:21:37.359959: | counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org is 0 Aug 26 13:21:37.360017: | setting ID to ID_DER_ASN1_DN: 'E=user-east@testing.libreswan.org,CN=east.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' Aug 26 13:21:37.360021: | loading right certificate 'east' pubkey Aug 26 13:21:37.360058: | unreference key: 0x5649f9ac08d8 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org cnt 1-- Aug 26 13:21:37.360066: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x5649f9ab99b8 Aug 26 13:21:37.360068: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x5649f9abf128 Aug 26 13:21:37.360070: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x5649f9ac1358 Aug 26 13:21:37.360071: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x5649f9abf568 Aug 26 13:21:37.360073: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x5649f9ac0888 Aug 26 13:21:37.360105: | unreference key: 0x5649f9abf478 192.1.2.23 cnt 1-- Aug 26 13:21:37.360138: | unreference key: 0x5649f9abe738 east@testing.libreswan.org cnt 1-- Aug 26 13:21:37.360171: | unreference key: 0x5649f9ac0228 @east.testing.libreswan.org cnt 1-- Aug 26 13:21:37.360203: | unreference key: 0x5649f9ac0678 user-east@testing.libreswan.org cnt 1-- Aug 26 13:21:37.360238: | unreference key: 0x5649f9abf2f8 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org cnt 1-- Aug 26 13:21:37.360360: | warning: no secret key loaded for right certificate with nickname east: NSS: cert private key not found Aug 26 13:21:37.360369: | counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org is 0 Aug 26 13:21:37.360374: | find_host_pair: comparing 192.1.3.33:500 to 192.1.2.23:500 but ignoring ports Aug 26 13:21:37.360377: | connect_to_host_pair: 192.1.3.33:500 192.1.2.23:500 -> hp@0x5649f9abeef8: north-dpd/0x1 Aug 26 13:21:37.360378: added connection description "north-dpd/0x2" Aug 26 13:21:37.360389: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 13:21:37.360401: | 192.0.3.0/24===192.1.3.33<192.1.3.33>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org]---192.1.3.254...192.1.2.23<192.1.2.23>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org]===192.0.22.0/24 Aug 26 13:21:37.360406: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:21:37.360410: | spent 0.756 milliseconds in whack Aug 26 13:21:37.471811: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:21:37.471832: | dup_any(fd@16) -> fd@23 (in whack_process() at rcv_whack.c:590) Aug 26 13:21:37.471835: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:21:37.471838: initiating all conns with alias='north-dpd' Aug 26 13:21:37.471843: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 13:21:37.471846: | start processing: connection "north-dpd/0x2" (in initiate_a_connection() at initiate.c:186) Aug 26 13:21:37.471849: | empty esp_info, returning defaults for ENCRYPT Aug 26 13:21:37.471853: | connection 'north-dpd/0x2' +POLICY_UP Aug 26 13:21:37.471855: | dup_any(fd@23) -> fd@24 (in initiate_a_connection() at initiate.c:342) Aug 26 13:21:37.471858: | FOR_EACH_STATE_... in find_phase1_state Aug 26 13:21:37.471874: | creating state object #1 at 0x5649f9ac26a8 Aug 26 13:21:37.471877: | State DB: adding IKEv1 state #1 in UNDEFINED Aug 26 13:21:37.471882: | pstats #1 ikev1.isakmp started Aug 26 13:21:37.471887: | suspend processing: connection "north-dpd/0x2" (in main_outI1() at ikev1_main.c:118) Aug 26 13:21:37.471890: | start processing: state #1 connection "north-dpd/0x2" from 192.1.2.23 (in main_outI1() at ikev1_main.c:118) Aug 26 13:21:37.471893: | parent state #1: UNDEFINED(ignore) => MAIN_I1(half-open IKE SA) Aug 26 13:21:37.471896: | dup_any(fd@24) -> fd@25 (in main_outI1() at ikev1_main.c:123) Aug 26 13:21:37.471899: | Queuing pending IPsec SA negotiating with 192.1.2.23 "north-dpd/0x2" IKE SA #1 "north-dpd/0x2" Aug 26 13:21:37.471901: "north-dpd/0x2" #1: initiating Main Mode Aug 26 13:21:37.471927: | **emit ISAKMP Message: Aug 26 13:21:37.471930: | initiator cookie: Aug 26 13:21:37.471932: | ff 46 30 fd 82 4a 54 6b Aug 26 13:21:37.471934: | responder cookie: Aug 26 13:21:37.471935: | 00 00 00 00 00 00 00 00 Aug 26 13:21:37.471937: | next payload type: ISAKMP_NEXT_SA (0x1) Aug 26 13:21:37.471939: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 13:21:37.471941: | exchange type: ISAKMP_XCHG_IDPROT (0x2) Aug 26 13:21:37.471942: | flags: none (0x0) Aug 26 13:21:37.471944: | Message ID: 0 (0x0) Aug 26 13:21:37.471946: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:21:37.471948: | next payload chain: ignoring supplied 'ISAKMP Message'.'next payload type' value 1:ISAKMP_NEXT_SA Aug 26 13:21:37.471951: | no specific IKE algorithms specified - using defaults Aug 26 13:21:37.471967: | oakley_alg_makedb() processing ealg=aes=7 halg=sha2_256=4 modp=MODP2048=14 eklen=0 Aug 26 13:21:37.471971: | oakley_alg_makedb() processing ealg=aes=7 halg=sha2_512=6 modp=MODP2048=14 eklen=0 Aug 26 13:21:37.471974: | oakley_alg_makedb() processing ealg=aes=7 halg=sha=2 modp=MODP2048=14 eklen=0 Aug 26 13:21:37.471979: | oakley_alg_makedb() processing ealg=aes=7 halg=sha2_256=4 modp=MODP1536=5 eklen=0 Aug 26 13:21:37.471982: | oakley_alg_makedb() processing ealg=aes=7 halg=sha2_512=6 modp=MODP1536=5 eklen=0 Aug 26 13:21:37.471986: | oakley_alg_makedb() processing ealg=aes=7 halg=sha=2 modp=MODP1536=5 eklen=0 Aug 26 13:21:37.471990: | oakley_alg_makedb() processing ealg=3des_cbc=5 halg=sha2_256=4 modp=MODP2048=14 eklen=0 Aug 26 13:21:37.471994: | oakley_alg_makedb() processing ealg=3des_cbc=5 halg=sha2_512=6 modp=MODP2048=14 eklen=0 Aug 26 13:21:37.472000: | oakley_alg_makedb() processing ealg=3des_cbc=5 halg=sha=2 modp=MODP2048=14 eklen=0 Aug 26 13:21:37.472004: | oakley_alg_makedb() processing ealg=3des_cbc=5 halg=sha2_256=4 modp=MODP1536=5 eklen=0 Aug 26 13:21:37.472007: | oakley_alg_makedb() processing ealg=3des_cbc=5 halg=sha2_512=6 modp=MODP1536=5 eklen=0 Aug 26 13:21:37.472011: | oakley_alg_makedb() processing ealg=3des_cbc=5 halg=sha=2 modp=MODP1536=5 eklen=0 Aug 26 13:21:37.472014: | oakley_alg_makedb() returning 0x5649f9ac4998 Aug 26 13:21:37.472018: | ***emit ISAKMP Security Association Payload: Aug 26 13:21:37.472020: | next payload type: ISAKMP_NEXT_VID (0xd) Aug 26 13:21:37.472022: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 13:21:37.472024: | next payload chain: ignoring supplied 'ISAKMP Security Association Payload'.'next payload type' value 13:ISAKMP_NEXT_VID Aug 26 13:21:37.472026: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Security Association Payload (1:ISAKMP_NEXT_SA) Aug 26 13:21:37.472028: | next payload chain: saving location 'ISAKMP Security Association Payload'.'next payload type' in 'reply packet' Aug 26 13:21:37.472030: | ****emit IPsec DOI SIT: Aug 26 13:21:37.472032: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) Aug 26 13:21:37.472034: | ikev1_out_sa pcn: 0 has 1 valid proposals Aug 26 13:21:37.472036: | ikev1_out_sa pcn: 0 pn: 0<1 valid_count: 1 trans_cnt: 18 Aug 26 13:21:37.472038: | ****emit ISAKMP Proposal Payload: Aug 26 13:21:37.472039: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:21:37.472041: | proposal number: 0 (0x0) Aug 26 13:21:37.472043: | protocol ID: PROTO_ISAKMP (0x1) Aug 26 13:21:37.472044: | SPI size: 0 (0x0) Aug 26 13:21:37.472046: | number of transforms: 18 (0x12) Aug 26 13:21:37.472048: | last substructure: saving location 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' Aug 26 13:21:37.472050: | *****emit ISAKMP Transform Payload (ISAKMP): Aug 26 13:21:37.472051: | next payload type: ISAKMP_NEXT_T (0x3) Aug 26 13:21:37.472053: | ISAKMP transform number: 0 (0x0) Aug 26 13:21:37.472055: | ISAKMP transform ID: KEY_IKE (0x1) Aug 26 13:21:37.472057: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Aug 26 13:21:37.472059: | ******emit ISAKMP Oakley attribute: Aug 26 13:21:37.472061: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Aug 26 13:21:37.472062: | length/value: 1 (0x1) Aug 26 13:21:37.472064: | [1 is OAKLEY_LIFE_SECONDS] Aug 26 13:21:37.472066: | ******emit ISAKMP Oakley attribute: Aug 26 13:21:37.472068: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Aug 26 13:21:37.472069: | length/value: 3600 (0xe10) Aug 26 13:21:37.472071: | ******emit ISAKMP Oakley attribute: Aug 26 13:21:37.472073: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Aug 26 13:21:37.472074: | length/value: 7 (0x7) Aug 26 13:21:37.472076: | [7 is OAKLEY_AES_CBC] Aug 26 13:21:37.472078: | ******emit ISAKMP Oakley attribute: Aug 26 13:21:37.472079: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Aug 26 13:21:37.472081: | length/value: 4 (0x4) Aug 26 13:21:37.472082: | [4 is OAKLEY_SHA2_256] Aug 26 13:21:37.472084: | ******emit ISAKMP Oakley attribute: Aug 26 13:21:37.472086: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Aug 26 13:21:37.472087: | length/value: 3 (0x3) Aug 26 13:21:37.472089: | [3 is OAKLEY_RSA_SIG] Aug 26 13:21:37.472090: | ******emit ISAKMP Oakley attribute: Aug 26 13:21:37.472092: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Aug 26 13:21:37.472094: | length/value: 14 (0xe) Aug 26 13:21:37.472095: | [14 is OAKLEY_GROUP_MODP2048] Aug 26 13:21:37.472097: | ******emit ISAKMP Oakley attribute: Aug 26 13:21:37.472098: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) Aug 26 13:21:37.472100: | length/value: 256 (0x100) Aug 26 13:21:37.472102: | emitting length of ISAKMP Transform Payload (ISAKMP): 36 Aug 26 13:21:37.472105: | *****emit ISAKMP Transform Payload (ISAKMP): Aug 26 13:21:37.472107: | next payload type: ISAKMP_NEXT_T (0x3) Aug 26 13:21:37.472108: | ISAKMP transform number: 1 (0x1) Aug 26 13:21:37.472110: | ISAKMP transform ID: KEY_IKE (0x1) Aug 26 13:21:37.472112: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Aug 26 13:21:37.472114: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Aug 26 13:21:37.472115: | ******emit ISAKMP Oakley attribute: Aug 26 13:21:37.472117: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Aug 26 13:21:37.472118: | length/value: 1 (0x1) Aug 26 13:21:37.472120: | [1 is OAKLEY_LIFE_SECONDS] Aug 26 13:21:37.472122: | ******emit ISAKMP Oakley attribute: Aug 26 13:21:37.472123: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Aug 26 13:21:37.472125: | length/value: 3600 (0xe10) Aug 26 13:21:37.472126: | ******emit ISAKMP Oakley attribute: Aug 26 13:21:37.472128: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Aug 26 13:21:37.472129: | length/value: 7 (0x7) Aug 26 13:21:37.472131: | [7 is OAKLEY_AES_CBC] Aug 26 13:21:37.472132: | ******emit ISAKMP Oakley attribute: Aug 26 13:21:37.472134: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Aug 26 13:21:37.472136: | length/value: 4 (0x4) Aug 26 13:21:37.472137: | [4 is OAKLEY_SHA2_256] Aug 26 13:21:37.472139: | ******emit ISAKMP Oakley attribute: Aug 26 13:21:37.472140: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Aug 26 13:21:37.472142: | length/value: 3 (0x3) Aug 26 13:21:37.472143: | [3 is OAKLEY_RSA_SIG] Aug 26 13:21:37.472145: | ******emit ISAKMP Oakley attribute: Aug 26 13:21:37.472146: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Aug 26 13:21:37.472148: | length/value: 14 (0xe) Aug 26 13:21:37.472149: | [14 is OAKLEY_GROUP_MODP2048] Aug 26 13:21:37.472151: | ******emit ISAKMP Oakley attribute: Aug 26 13:21:37.472153: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) Aug 26 13:21:37.472154: | length/value: 128 (0x80) Aug 26 13:21:37.472156: | emitting length of ISAKMP Transform Payload (ISAKMP): 36 Aug 26 13:21:37.472157: | *****emit ISAKMP Transform Payload (ISAKMP): Aug 26 13:21:37.472159: | next payload type: ISAKMP_NEXT_T (0x3) Aug 26 13:21:37.472160: | ISAKMP transform number: 2 (0x2) Aug 26 13:21:37.472162: | ISAKMP transform ID: KEY_IKE (0x1) Aug 26 13:21:37.472164: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Aug 26 13:21:37.472166: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Aug 26 13:21:37.472167: | ******emit ISAKMP Oakley attribute: Aug 26 13:21:37.472169: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Aug 26 13:21:37.472170: | length/value: 1 (0x1) Aug 26 13:21:37.472172: | [1 is OAKLEY_LIFE_SECONDS] Aug 26 13:21:37.472173: | ******emit ISAKMP Oakley attribute: Aug 26 13:21:37.472175: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Aug 26 13:21:37.472177: | length/value: 3600 (0xe10) Aug 26 13:21:37.472178: | ******emit ISAKMP Oakley attribute: Aug 26 13:21:37.472180: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Aug 26 13:21:37.472181: | length/value: 7 (0x7) Aug 26 13:21:37.472183: | [7 is OAKLEY_AES_CBC] Aug 26 13:21:37.472184: | ******emit ISAKMP Oakley attribute: Aug 26 13:21:37.472186: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Aug 26 13:21:37.472187: | length/value: 6 (0x6) Aug 26 13:21:37.472189: | [6 is OAKLEY_SHA2_512] Aug 26 13:21:37.472190: | ******emit ISAKMP Oakley attribute: Aug 26 13:21:37.472192: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Aug 26 13:21:37.472193: | length/value: 3 (0x3) Aug 26 13:21:37.472195: | [3 is OAKLEY_RSA_SIG] Aug 26 13:21:37.472196: | ******emit ISAKMP Oakley attribute: Aug 26 13:21:37.472198: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Aug 26 13:21:37.472201: | length/value: 14 (0xe) Aug 26 13:21:37.472203: | [14 is OAKLEY_GROUP_MODP2048] Aug 26 13:21:37.472204: | ******emit ISAKMP Oakley attribute: Aug 26 13:21:37.472206: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) Aug 26 13:21:37.472207: | length/value: 256 (0x100) Aug 26 13:21:37.472209: | emitting length of ISAKMP Transform Payload (ISAKMP): 36 Aug 26 13:21:37.472210: | *****emit ISAKMP Transform Payload (ISAKMP): Aug 26 13:21:37.472212: | next payload type: ISAKMP_NEXT_T (0x3) Aug 26 13:21:37.472213: | ISAKMP transform number: 3 (0x3) Aug 26 13:21:37.472215: | ISAKMP transform ID: KEY_IKE (0x1) Aug 26 13:21:37.472217: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Aug 26 13:21:37.472219: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Aug 26 13:21:37.472220: | ******emit ISAKMP Oakley attribute: Aug 26 13:21:37.472222: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Aug 26 13:21:37.472223: | length/value: 1 (0x1) Aug 26 13:21:37.472225: | [1 is OAKLEY_LIFE_SECONDS] Aug 26 13:21:37.472226: | ******emit ISAKMP Oakley attribute: Aug 26 13:21:37.472228: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Aug 26 13:21:37.472230: | length/value: 3600 (0xe10) Aug 26 13:21:37.472231: | ******emit ISAKMP Oakley attribute: Aug 26 13:21:37.472233: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Aug 26 13:21:37.472234: | length/value: 7 (0x7) Aug 26 13:21:37.472236: | [7 is OAKLEY_AES_CBC] Aug 26 13:21:37.472237: | ******emit ISAKMP Oakley attribute: Aug 26 13:21:37.472239: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Aug 26 13:21:37.472240: | length/value: 6 (0x6) Aug 26 13:21:37.472242: | [6 is OAKLEY_SHA2_512] Aug 26 13:21:37.472243: | ******emit ISAKMP Oakley attribute: Aug 26 13:21:37.472245: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Aug 26 13:21:37.472247: | length/value: 3 (0x3) Aug 26 13:21:37.472248: | [3 is OAKLEY_RSA_SIG] Aug 26 13:21:37.472250: | ******emit ISAKMP Oakley attribute: Aug 26 13:21:37.472251: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Aug 26 13:21:37.472253: | length/value: 14 (0xe) Aug 26 13:21:37.472254: | [14 is OAKLEY_GROUP_MODP2048] Aug 26 13:21:37.472256: | ******emit ISAKMP Oakley attribute: Aug 26 13:21:37.472257: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) Aug 26 13:21:37.472259: | length/value: 128 (0x80) Aug 26 13:21:37.472261: | emitting length of ISAKMP Transform Payload (ISAKMP): 36 Aug 26 13:21:37.472262: | *****emit ISAKMP Transform Payload (ISAKMP): Aug 26 13:21:37.472264: | next payload type: ISAKMP_NEXT_T (0x3) Aug 26 13:21:37.472265: | ISAKMP transform number: 4 (0x4) Aug 26 13:21:37.472267: | ISAKMP transform ID: KEY_IKE (0x1) Aug 26 13:21:37.472268: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Aug 26 13:21:37.472270: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Aug 26 13:21:37.472272: | ******emit ISAKMP Oakley attribute: Aug 26 13:21:37.472273: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Aug 26 13:21:37.472275: | length/value: 1 (0x1) Aug 26 13:21:37.472276: | [1 is OAKLEY_LIFE_SECONDS] Aug 26 13:21:37.472300: | ******emit ISAKMP Oakley attribute: Aug 26 13:21:37.472302: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Aug 26 13:21:37.472304: | length/value: 3600 (0xe10) Aug 26 13:21:37.472305: | ******emit ISAKMP Oakley attribute: Aug 26 13:21:37.472307: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Aug 26 13:21:37.472308: | length/value: 7 (0x7) Aug 26 13:21:37.472310: | [7 is OAKLEY_AES_CBC] Aug 26 13:21:37.472312: | ******emit ISAKMP Oakley attribute: Aug 26 13:21:37.472313: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Aug 26 13:21:37.472315: | length/value: 2 (0x2) Aug 26 13:21:37.472318: | [2 is OAKLEY_SHA1] Aug 26 13:21:37.472320: | ******emit ISAKMP Oakley attribute: Aug 26 13:21:37.472322: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Aug 26 13:21:37.472323: | length/value: 3 (0x3) Aug 26 13:21:37.472325: | [3 is OAKLEY_RSA_SIG] Aug 26 13:21:37.472326: | ******emit ISAKMP Oakley attribute: Aug 26 13:21:37.472328: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Aug 26 13:21:37.472330: | length/value: 14 (0xe) Aug 26 13:21:37.472331: | [14 is OAKLEY_GROUP_MODP2048] Aug 26 13:21:37.472333: | ******emit ISAKMP Oakley attribute: Aug 26 13:21:37.472334: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) Aug 26 13:21:37.472336: | length/value: 256 (0x100) Aug 26 13:21:37.472338: | emitting length of ISAKMP Transform Payload (ISAKMP): 36 Aug 26 13:21:37.472339: | *****emit ISAKMP Transform Payload (ISAKMP): Aug 26 13:21:37.472341: | next payload type: ISAKMP_NEXT_T (0x3) Aug 26 13:21:37.472342: | ISAKMP transform number: 5 (0x5) Aug 26 13:21:37.472344: | ISAKMP transform ID: KEY_IKE (0x1) Aug 26 13:21:37.472346: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Aug 26 13:21:37.472348: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Aug 26 13:21:37.472350: | ******emit ISAKMP Oakley attribute: Aug 26 13:21:37.472351: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Aug 26 13:21:37.472353: | length/value: 1 (0x1) Aug 26 13:21:37.472354: | [1 is OAKLEY_LIFE_SECONDS] Aug 26 13:21:37.472356: | ******emit ISAKMP Oakley attribute: Aug 26 13:21:37.472358: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Aug 26 13:21:37.472359: | length/value: 3600 (0xe10) Aug 26 13:21:37.472361: | ******emit ISAKMP Oakley attribute: Aug 26 13:21:37.472362: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Aug 26 13:21:37.472364: | length/value: 7 (0x7) Aug 26 13:21:37.472365: | [7 is OAKLEY_AES_CBC] Aug 26 13:21:37.472367: | ******emit ISAKMP Oakley attribute: Aug 26 13:21:37.472369: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Aug 26 13:21:37.472370: | length/value: 2 (0x2) Aug 26 13:21:37.472372: | [2 is OAKLEY_SHA1] Aug 26 13:21:37.472373: | ******emit ISAKMP Oakley attribute: Aug 26 13:21:37.472375: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Aug 26 13:21:37.472376: | length/value: 3 (0x3) Aug 26 13:21:37.472378: | [3 is OAKLEY_RSA_SIG] Aug 26 13:21:37.472379: | ******emit ISAKMP Oakley attribute: Aug 26 13:21:37.472381: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Aug 26 13:21:37.472383: | length/value: 14 (0xe) Aug 26 13:21:37.472384: | [14 is OAKLEY_GROUP_MODP2048] Aug 26 13:21:37.472386: | ******emit ISAKMP Oakley attribute: Aug 26 13:21:37.472387: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) Aug 26 13:21:37.472389: | length/value: 128 (0x80) Aug 26 13:21:37.472391: | emitting length of ISAKMP Transform Payload (ISAKMP): 36 Aug 26 13:21:37.472392: | *****emit ISAKMP Transform Payload (ISAKMP): Aug 26 13:21:37.472394: | next payload type: ISAKMP_NEXT_T (0x3) Aug 26 13:21:37.472395: | ISAKMP transform number: 6 (0x6) Aug 26 13:21:37.472397: | ISAKMP transform ID: KEY_IKE (0x1) Aug 26 13:21:37.472399: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Aug 26 13:21:37.472401: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Aug 26 13:21:37.472402: | ******emit ISAKMP Oakley attribute: Aug 26 13:21:37.472404: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Aug 26 13:21:37.472405: | length/value: 1 (0x1) Aug 26 13:21:37.472407: | [1 is OAKLEY_LIFE_SECONDS] Aug 26 13:21:37.472409: | ******emit ISAKMP Oakley attribute: Aug 26 13:21:37.472410: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Aug 26 13:21:37.472412: | length/value: 3600 (0xe10) Aug 26 13:21:37.472416: | ******emit ISAKMP Oakley attribute: Aug 26 13:21:37.472418: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Aug 26 13:21:37.472420: | length/value: 7 (0x7) Aug 26 13:21:37.472421: | [7 is OAKLEY_AES_CBC] Aug 26 13:21:37.472423: | ******emit ISAKMP Oakley attribute: Aug 26 13:21:37.472424: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Aug 26 13:21:37.472426: | length/value: 4 (0x4) Aug 26 13:21:37.472427: | [4 is OAKLEY_SHA2_256] Aug 26 13:21:37.472429: | ******emit ISAKMP Oakley attribute: Aug 26 13:21:37.472431: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Aug 26 13:21:37.472432: | length/value: 3 (0x3) Aug 26 13:21:37.472434: | [3 is OAKLEY_RSA_SIG] Aug 26 13:21:37.472435: | ******emit ISAKMP Oakley attribute: Aug 26 13:21:37.472437: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Aug 26 13:21:37.472439: | length/value: 5 (0x5) Aug 26 13:21:37.472440: | [5 is OAKLEY_GROUP_MODP1536] Aug 26 13:21:37.472442: | ******emit ISAKMP Oakley attribute: Aug 26 13:21:37.472443: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) Aug 26 13:21:37.472445: | length/value: 256 (0x100) Aug 26 13:21:37.472447: | emitting length of ISAKMP Transform Payload (ISAKMP): 36 Aug 26 13:21:37.472448: | *****emit ISAKMP Transform Payload (ISAKMP): Aug 26 13:21:37.472450: | next payload type: ISAKMP_NEXT_T (0x3) Aug 26 13:21:37.472451: | ISAKMP transform number: 7 (0x7) Aug 26 13:21:37.472453: | ISAKMP transform ID: KEY_IKE (0x1) Aug 26 13:21:37.472455: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Aug 26 13:21:37.472457: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Aug 26 13:21:37.472458: | ******emit ISAKMP Oakley attribute: Aug 26 13:21:37.472460: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Aug 26 13:21:37.472461: | length/value: 1 (0x1) Aug 26 13:21:37.472463: | [1 is OAKLEY_LIFE_SECONDS] Aug 26 13:21:37.472465: | ******emit ISAKMP Oakley attribute: Aug 26 13:21:37.472466: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Aug 26 13:21:37.472468: | length/value: 3600 (0xe10) Aug 26 13:21:37.472469: | ******emit ISAKMP Oakley attribute: Aug 26 13:21:37.472471: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Aug 26 13:21:37.472473: | length/value: 7 (0x7) Aug 26 13:21:37.472474: | [7 is OAKLEY_AES_CBC] Aug 26 13:21:37.472476: | ******emit ISAKMP Oakley attribute: Aug 26 13:21:37.472477: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Aug 26 13:21:37.472479: | length/value: 4 (0x4) Aug 26 13:21:37.472480: | [4 is OAKLEY_SHA2_256] Aug 26 13:21:37.472482: | ******emit ISAKMP Oakley attribute: Aug 26 13:21:37.472484: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Aug 26 13:21:37.472485: | length/value: 3 (0x3) Aug 26 13:21:37.472487: | [3 is OAKLEY_RSA_SIG] Aug 26 13:21:37.472488: | ******emit ISAKMP Oakley attribute: Aug 26 13:21:37.472490: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Aug 26 13:21:37.472491: | length/value: 5 (0x5) Aug 26 13:21:37.472493: | [5 is OAKLEY_GROUP_MODP1536] Aug 26 13:21:37.472494: | ******emit ISAKMP Oakley attribute: Aug 26 13:21:37.472496: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) Aug 26 13:21:37.472498: | length/value: 128 (0x80) Aug 26 13:21:37.472499: | emitting length of ISAKMP Transform Payload (ISAKMP): 36 Aug 26 13:21:37.472501: | *****emit ISAKMP Transform Payload (ISAKMP): Aug 26 13:21:37.472503: | next payload type: ISAKMP_NEXT_T (0x3) Aug 26 13:21:37.472504: | ISAKMP transform number: 8 (0x8) Aug 26 13:21:37.472506: | ISAKMP transform ID: KEY_IKE (0x1) Aug 26 13:21:37.472508: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Aug 26 13:21:37.472509: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Aug 26 13:21:37.472511: | ******emit ISAKMP Oakley attribute: Aug 26 13:21:37.472513: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Aug 26 13:21:37.472515: | length/value: 1 (0x1) Aug 26 13:21:37.472517: | [1 is OAKLEY_LIFE_SECONDS] Aug 26 13:21:37.472518: | ******emit ISAKMP Oakley attribute: Aug 26 13:21:37.472520: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Aug 26 13:21:37.472521: | length/value: 3600 (0xe10) Aug 26 13:21:37.472523: | ******emit ISAKMP Oakley attribute: Aug 26 13:21:37.472525: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Aug 26 13:21:37.472526: | length/value: 7 (0x7) Aug 26 13:21:37.472528: | [7 is OAKLEY_AES_CBC] Aug 26 13:21:37.472529: | ******emit ISAKMP Oakley attribute: Aug 26 13:21:37.472531: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Aug 26 13:21:37.472533: | length/value: 6 (0x6) Aug 26 13:21:37.472534: | [6 is OAKLEY_SHA2_512] Aug 26 13:21:37.472536: | ******emit ISAKMP Oakley attribute: Aug 26 13:21:37.472537: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Aug 26 13:21:37.472539: | length/value: 3 (0x3) Aug 26 13:21:37.472540: | [3 is OAKLEY_RSA_SIG] Aug 26 13:21:37.472542: | ******emit ISAKMP Oakley attribute: Aug 26 13:21:37.472544: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Aug 26 13:21:37.472545: | length/value: 5 (0x5) Aug 26 13:21:37.472547: | [5 is OAKLEY_GROUP_MODP1536] Aug 26 13:21:37.472548: | ******emit ISAKMP Oakley attribute: Aug 26 13:21:37.472550: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) Aug 26 13:21:37.472552: | length/value: 256 (0x100) Aug 26 13:21:37.472553: | emitting length of ISAKMP Transform Payload (ISAKMP): 36 Aug 26 13:21:37.472555: | *****emit ISAKMP Transform Payload (ISAKMP): Aug 26 13:21:37.472557: | next payload type: ISAKMP_NEXT_T (0x3) Aug 26 13:21:37.472558: | ISAKMP transform number: 9 (0x9) Aug 26 13:21:37.472560: | ISAKMP transform ID: KEY_IKE (0x1) Aug 26 13:21:37.472562: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Aug 26 13:21:37.472563: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Aug 26 13:21:37.472565: | ******emit ISAKMP Oakley attribute: Aug 26 13:21:37.472567: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Aug 26 13:21:37.472568: | length/value: 1 (0x1) Aug 26 13:21:37.472570: | [1 is OAKLEY_LIFE_SECONDS] Aug 26 13:21:37.472571: | ******emit ISAKMP Oakley attribute: Aug 26 13:21:37.472573: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Aug 26 13:21:37.472575: | length/value: 3600 (0xe10) Aug 26 13:21:37.472576: | ******emit ISAKMP Oakley attribute: Aug 26 13:21:37.472578: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Aug 26 13:21:37.472579: | length/value: 7 (0x7) Aug 26 13:21:37.472581: | [7 is OAKLEY_AES_CBC] Aug 26 13:21:37.472582: | ******emit ISAKMP Oakley attribute: Aug 26 13:21:37.472584: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Aug 26 13:21:37.472586: | length/value: 6 (0x6) Aug 26 13:21:37.472587: | [6 is OAKLEY_SHA2_512] Aug 26 13:21:37.472589: | ******emit ISAKMP Oakley attribute: Aug 26 13:21:37.472590: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Aug 26 13:21:37.472592: | length/value: 3 (0x3) Aug 26 13:21:37.472593: | [3 is OAKLEY_RSA_SIG] Aug 26 13:21:37.472595: | ******emit ISAKMP Oakley attribute: Aug 26 13:21:37.472597: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Aug 26 13:21:37.472598: | length/value: 5 (0x5) Aug 26 13:21:37.472600: | [5 is OAKLEY_GROUP_MODP1536] Aug 26 13:21:37.472601: | ******emit ISAKMP Oakley attribute: Aug 26 13:21:37.472603: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) Aug 26 13:21:37.472604: | length/value: 128 (0x80) Aug 26 13:21:37.472606: | emitting length of ISAKMP Transform Payload (ISAKMP): 36 Aug 26 13:21:37.472621: | *****emit ISAKMP Transform Payload (ISAKMP): Aug 26 13:21:37.472622: | next payload type: ISAKMP_NEXT_T (0x3) Aug 26 13:21:37.472624: | ISAKMP transform number: 10 (0xa) Aug 26 13:21:37.472626: | ISAKMP transform ID: KEY_IKE (0x1) Aug 26 13:21:37.472628: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Aug 26 13:21:37.472630: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Aug 26 13:21:37.472632: | ******emit ISAKMP Oakley attribute: Aug 26 13:21:37.472633: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Aug 26 13:21:37.472635: | length/value: 1 (0x1) Aug 26 13:21:37.472636: | [1 is OAKLEY_LIFE_SECONDS] Aug 26 13:21:37.472638: | ******emit ISAKMP Oakley attribute: Aug 26 13:21:37.472640: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Aug 26 13:21:37.472641: | length/value: 3600 (0xe10) Aug 26 13:21:37.472643: | ******emit ISAKMP Oakley attribute: Aug 26 13:21:37.472644: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Aug 26 13:21:37.472646: | length/value: 7 (0x7) Aug 26 13:21:37.472647: | [7 is OAKLEY_AES_CBC] Aug 26 13:21:37.472649: | ******emit ISAKMP Oakley attribute: Aug 26 13:21:37.472650: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Aug 26 13:21:37.472652: | length/value: 2 (0x2) Aug 26 13:21:37.472653: | [2 is OAKLEY_SHA1] Aug 26 13:21:37.472655: | ******emit ISAKMP Oakley attribute: Aug 26 13:21:37.472656: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Aug 26 13:21:37.472658: | length/value: 3 (0x3) Aug 26 13:21:37.472659: | [3 is OAKLEY_RSA_SIG] Aug 26 13:21:37.472661: | ******emit ISAKMP Oakley attribute: Aug 26 13:21:37.472663: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Aug 26 13:21:37.472664: | length/value: 5 (0x5) Aug 26 13:21:37.472666: | [5 is OAKLEY_GROUP_MODP1536] Aug 26 13:21:37.472667: | ******emit ISAKMP Oakley attribute: Aug 26 13:21:37.472669: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) Aug 26 13:21:37.472670: | length/value: 256 (0x100) Aug 26 13:21:37.472672: | emitting length of ISAKMP Transform Payload (ISAKMP): 36 Aug 26 13:21:37.472673: | *****emit ISAKMP Transform Payload (ISAKMP): Aug 26 13:21:37.472675: | next payload type: ISAKMP_NEXT_T (0x3) Aug 26 13:21:37.472676: | ISAKMP transform number: 11 (0xb) Aug 26 13:21:37.472678: | ISAKMP transform ID: KEY_IKE (0x1) Aug 26 13:21:37.472680: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Aug 26 13:21:37.472682: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Aug 26 13:21:37.472683: | ******emit ISAKMP Oakley attribute: Aug 26 13:21:37.472685: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Aug 26 13:21:37.472686: | length/value: 1 (0x1) Aug 26 13:21:37.472688: | [1 is OAKLEY_LIFE_SECONDS] Aug 26 13:21:37.472689: | ******emit ISAKMP Oakley attribute: Aug 26 13:21:37.472691: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Aug 26 13:21:37.472692: | length/value: 3600 (0xe10) Aug 26 13:21:37.472694: | ******emit ISAKMP Oakley attribute: Aug 26 13:21:37.472696: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Aug 26 13:21:37.472697: | length/value: 7 (0x7) Aug 26 13:21:37.472699: | [7 is OAKLEY_AES_CBC] Aug 26 13:21:37.472700: | ******emit ISAKMP Oakley attribute: Aug 26 13:21:37.472702: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Aug 26 13:21:37.472703: | length/value: 2 (0x2) Aug 26 13:21:37.472705: | [2 is OAKLEY_SHA1] Aug 26 13:21:37.472706: | ******emit ISAKMP Oakley attribute: Aug 26 13:21:37.472708: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Aug 26 13:21:37.472709: | length/value: 3 (0x3) Aug 26 13:21:37.472711: | [3 is OAKLEY_RSA_SIG] Aug 26 13:21:37.472712: | ******emit ISAKMP Oakley attribute: Aug 26 13:21:37.472714: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Aug 26 13:21:37.472715: | length/value: 5 (0x5) Aug 26 13:21:37.472717: | [5 is OAKLEY_GROUP_MODP1536] Aug 26 13:21:37.472718: | ******emit ISAKMP Oakley attribute: Aug 26 13:21:37.472721: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) Aug 26 13:21:37.472722: | length/value: 128 (0x80) Aug 26 13:21:37.472724: | emitting length of ISAKMP Transform Payload (ISAKMP): 36 Aug 26 13:21:37.472726: | *****emit ISAKMP Transform Payload (ISAKMP): Aug 26 13:21:37.472727: | next payload type: ISAKMP_NEXT_T (0x3) Aug 26 13:21:37.472729: | ISAKMP transform number: 12 (0xc) Aug 26 13:21:37.472730: | ISAKMP transform ID: KEY_IKE (0x1) Aug 26 13:21:37.472732: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Aug 26 13:21:37.472734: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Aug 26 13:21:37.472735: | ******emit ISAKMP Oakley attribute: Aug 26 13:21:37.472737: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Aug 26 13:21:37.472739: | length/value: 1 (0x1) Aug 26 13:21:37.472740: | [1 is OAKLEY_LIFE_SECONDS] Aug 26 13:21:37.472742: | ******emit ISAKMP Oakley attribute: Aug 26 13:21:37.472743: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Aug 26 13:21:37.472745: | length/value: 3600 (0xe10) Aug 26 13:21:37.472746: | ******emit ISAKMP Oakley attribute: Aug 26 13:21:37.472748: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Aug 26 13:21:37.472749: | length/value: 5 (0x5) Aug 26 13:21:37.472751: | [5 is OAKLEY_3DES_CBC] Aug 26 13:21:37.472752: | ******emit ISAKMP Oakley attribute: Aug 26 13:21:37.472754: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Aug 26 13:21:37.472756: | length/value: 4 (0x4) Aug 26 13:21:37.472757: | [4 is OAKLEY_SHA2_256] Aug 26 13:21:37.472759: | ******emit ISAKMP Oakley attribute: Aug 26 13:21:37.472760: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Aug 26 13:21:37.472762: | length/value: 3 (0x3) Aug 26 13:21:37.472763: | [3 is OAKLEY_RSA_SIG] Aug 26 13:21:37.472765: | ******emit ISAKMP Oakley attribute: Aug 26 13:21:37.472766: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Aug 26 13:21:37.472768: | length/value: 14 (0xe) Aug 26 13:21:37.472769: | [14 is OAKLEY_GROUP_MODP2048] Aug 26 13:21:37.472771: | emitting length of ISAKMP Transform Payload (ISAKMP): 32 Aug 26 13:21:37.472773: | *****emit ISAKMP Transform Payload (ISAKMP): Aug 26 13:21:37.472774: | next payload type: ISAKMP_NEXT_T (0x3) Aug 26 13:21:37.472776: | ISAKMP transform number: 13 (0xd) Aug 26 13:21:37.472777: | ISAKMP transform ID: KEY_IKE (0x1) Aug 26 13:21:37.472779: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Aug 26 13:21:37.472781: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Aug 26 13:21:37.472782: | ******emit ISAKMP Oakley attribute: Aug 26 13:21:37.472784: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Aug 26 13:21:37.472785: | length/value: 1 (0x1) Aug 26 13:21:37.472787: | [1 is OAKLEY_LIFE_SECONDS] Aug 26 13:21:37.472789: | ******emit ISAKMP Oakley attribute: Aug 26 13:21:37.472790: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Aug 26 13:21:37.472792: | length/value: 3600 (0xe10) Aug 26 13:21:37.472793: | ******emit ISAKMP Oakley attribute: Aug 26 13:21:37.472795: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Aug 26 13:21:37.472796: | length/value: 5 (0x5) Aug 26 13:21:37.472798: | [5 is OAKLEY_3DES_CBC] Aug 26 13:21:37.472799: | ******emit ISAKMP Oakley attribute: Aug 26 13:21:37.472801: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Aug 26 13:21:37.472802: | length/value: 6 (0x6) Aug 26 13:21:37.472804: | [6 is OAKLEY_SHA2_512] Aug 26 13:21:37.472806: | ******emit ISAKMP Oakley attribute: Aug 26 13:21:37.472807: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Aug 26 13:21:37.472809: | length/value: 3 (0x3) Aug 26 13:21:37.472810: | [3 is OAKLEY_RSA_SIG] Aug 26 13:21:37.472812: | ******emit ISAKMP Oakley attribute: Aug 26 13:21:37.472813: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Aug 26 13:21:37.472816: | length/value: 14 (0xe) Aug 26 13:21:37.472817: | [14 is OAKLEY_GROUP_MODP2048] Aug 26 13:21:37.472819: | emitting length of ISAKMP Transform Payload (ISAKMP): 32 Aug 26 13:21:37.472820: | *****emit ISAKMP Transform Payload (ISAKMP): Aug 26 13:21:37.472822: | next payload type: ISAKMP_NEXT_T (0x3) Aug 26 13:21:37.472823: | ISAKMP transform number: 14 (0xe) Aug 26 13:21:37.472825: | ISAKMP transform ID: KEY_IKE (0x1) Aug 26 13:21:37.472827: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Aug 26 13:21:37.472829: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Aug 26 13:21:37.472830: | ******emit ISAKMP Oakley attribute: Aug 26 13:21:37.472832: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Aug 26 13:21:37.472833: | length/value: 1 (0x1) Aug 26 13:21:37.472835: | [1 is OAKLEY_LIFE_SECONDS] Aug 26 13:21:37.472836: | ******emit ISAKMP Oakley attribute: Aug 26 13:21:37.472838: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Aug 26 13:21:37.472839: | length/value: 3600 (0xe10) Aug 26 13:21:37.472841: | ******emit ISAKMP Oakley attribute: Aug 26 13:21:37.472843: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Aug 26 13:21:37.472844: | length/value: 5 (0x5) Aug 26 13:21:37.472846: | [5 is OAKLEY_3DES_CBC] Aug 26 13:21:37.472847: | ******emit ISAKMP Oakley attribute: Aug 26 13:21:37.472849: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Aug 26 13:21:37.472850: | length/value: 2 (0x2) Aug 26 13:21:37.472852: | [2 is OAKLEY_SHA1] Aug 26 13:21:37.472853: | ******emit ISAKMP Oakley attribute: Aug 26 13:21:37.472855: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Aug 26 13:21:37.472856: | length/value: 3 (0x3) Aug 26 13:21:37.472858: | [3 is OAKLEY_RSA_SIG] Aug 26 13:21:37.472859: | ******emit ISAKMP Oakley attribute: Aug 26 13:21:37.472861: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Aug 26 13:21:37.472862: | length/value: 14 (0xe) Aug 26 13:21:37.472864: | [14 is OAKLEY_GROUP_MODP2048] Aug 26 13:21:37.472866: | emitting length of ISAKMP Transform Payload (ISAKMP): 32 Aug 26 13:21:37.472867: | *****emit ISAKMP Transform Payload (ISAKMP): Aug 26 13:21:37.472869: | next payload type: ISAKMP_NEXT_T (0x3) Aug 26 13:21:37.472870: | ISAKMP transform number: 15 (0xf) Aug 26 13:21:37.472872: | ISAKMP transform ID: KEY_IKE (0x1) Aug 26 13:21:37.472874: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Aug 26 13:21:37.472875: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Aug 26 13:21:37.472877: | ******emit ISAKMP Oakley attribute: Aug 26 13:21:37.472879: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Aug 26 13:21:37.472880: | length/value: 1 (0x1) Aug 26 13:21:37.472882: | [1 is OAKLEY_LIFE_SECONDS] Aug 26 13:21:37.472883: | ******emit ISAKMP Oakley attribute: Aug 26 13:21:37.472885: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Aug 26 13:21:37.472886: | length/value: 3600 (0xe10) Aug 26 13:21:37.472888: | ******emit ISAKMP Oakley attribute: Aug 26 13:21:37.472889: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Aug 26 13:21:37.472891: | length/value: 5 (0x5) Aug 26 13:21:37.472892: | [5 is OAKLEY_3DES_CBC] Aug 26 13:21:37.472894: | ******emit ISAKMP Oakley attribute: Aug 26 13:21:37.472895: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Aug 26 13:21:37.472897: | length/value: 4 (0x4) Aug 26 13:21:37.472898: | [4 is OAKLEY_SHA2_256] Aug 26 13:21:37.472900: | ******emit ISAKMP Oakley attribute: Aug 26 13:21:37.472902: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Aug 26 13:21:37.472903: | length/value: 3 (0x3) Aug 26 13:21:37.472905: | [3 is OAKLEY_RSA_SIG] Aug 26 13:21:37.472906: | ******emit ISAKMP Oakley attribute: Aug 26 13:21:37.472908: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Aug 26 13:21:37.472910: | length/value: 5 (0x5) Aug 26 13:21:37.472912: | [5 is OAKLEY_GROUP_MODP1536] Aug 26 13:21:37.472913: | emitting length of ISAKMP Transform Payload (ISAKMP): 32 Aug 26 13:21:37.472915: | *****emit ISAKMP Transform Payload (ISAKMP): Aug 26 13:21:37.472916: | next payload type: ISAKMP_NEXT_T (0x3) Aug 26 13:21:37.472918: | ISAKMP transform number: 16 (0x10) Aug 26 13:21:37.472919: | ISAKMP transform ID: KEY_IKE (0x1) Aug 26 13:21:37.472921: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Aug 26 13:21:37.472923: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Aug 26 13:21:37.472925: | ******emit ISAKMP Oakley attribute: Aug 26 13:21:37.472926: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Aug 26 13:21:37.472928: | length/value: 1 (0x1) Aug 26 13:21:37.472929: | [1 is OAKLEY_LIFE_SECONDS] Aug 26 13:21:37.472931: | ******emit ISAKMP Oakley attribute: Aug 26 13:21:37.472932: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Aug 26 13:21:37.472934: | length/value: 3600 (0xe10) Aug 26 13:21:37.472935: | ******emit ISAKMP Oakley attribute: Aug 26 13:21:37.472937: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Aug 26 13:21:37.472939: | length/value: 5 (0x5) Aug 26 13:21:37.472940: | [5 is OAKLEY_3DES_CBC] Aug 26 13:21:37.472942: | ******emit ISAKMP Oakley attribute: Aug 26 13:21:37.472943: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Aug 26 13:21:37.472945: | length/value: 6 (0x6) Aug 26 13:21:37.472946: | [6 is OAKLEY_SHA2_512] Aug 26 13:21:37.472948: | ******emit ISAKMP Oakley attribute: Aug 26 13:21:37.472949: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Aug 26 13:21:37.472951: | length/value: 3 (0x3) Aug 26 13:21:37.472952: | [3 is OAKLEY_RSA_SIG] Aug 26 13:21:37.472954: | ******emit ISAKMP Oakley attribute: Aug 26 13:21:37.472955: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Aug 26 13:21:37.472957: | length/value: 5 (0x5) Aug 26 13:21:37.472958: | [5 is OAKLEY_GROUP_MODP1536] Aug 26 13:21:37.472960: | emitting length of ISAKMP Transform Payload (ISAKMP): 32 Aug 26 13:21:37.472961: | *****emit ISAKMP Transform Payload (ISAKMP): Aug 26 13:21:37.472963: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:21:37.472965: | ISAKMP transform number: 17 (0x11) Aug 26 13:21:37.472966: | ISAKMP transform ID: KEY_IKE (0x1) Aug 26 13:21:37.472968: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Aug 26 13:21:37.472970: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Aug 26 13:21:37.472971: | ******emit ISAKMP Oakley attribute: Aug 26 13:21:37.472973: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Aug 26 13:21:37.472974: | length/value: 1 (0x1) Aug 26 13:21:37.472976: | [1 is OAKLEY_LIFE_SECONDS] Aug 26 13:21:37.472977: | ******emit ISAKMP Oakley attribute: Aug 26 13:21:37.472979: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Aug 26 13:21:37.472981: | length/value: 3600 (0xe10) Aug 26 13:21:37.472982: | ******emit ISAKMP Oakley attribute: Aug 26 13:21:37.472984: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Aug 26 13:21:37.472985: | length/value: 5 (0x5) Aug 26 13:21:37.472987: | [5 is OAKLEY_3DES_CBC] Aug 26 13:21:37.472988: | ******emit ISAKMP Oakley attribute: Aug 26 13:21:37.472990: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Aug 26 13:21:37.472991: | length/value: 2 (0x2) Aug 26 13:21:37.472993: | [2 is OAKLEY_SHA1] Aug 26 13:21:37.472994: | ******emit ISAKMP Oakley attribute: Aug 26 13:21:37.472996: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Aug 26 13:21:37.472997: | length/value: 3 (0x3) Aug 26 13:21:37.472999: | [3 is OAKLEY_RSA_SIG] Aug 26 13:21:37.473001: | ******emit ISAKMP Oakley attribute: Aug 26 13:21:37.473003: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Aug 26 13:21:37.473005: | length/value: 5 (0x5) Aug 26 13:21:37.473006: | [5 is OAKLEY_GROUP_MODP1536] Aug 26 13:21:37.473008: | emitting length of ISAKMP Transform Payload (ISAKMP): 32 Aug 26 13:21:37.473009: | emitting length of ISAKMP Proposal Payload: 632 Aug 26 13:21:37.473011: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is 0 Aug 26 13:21:37.473013: | emitting length of ISAKMP Security Association Payload: 644 Aug 26 13:21:37.473015: | last substructure: checking 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' is 0 Aug 26 13:21:37.473020: | out_vid(): sending [FRAGMENTATION] Aug 26 13:21:37.473022: | ***emit ISAKMP Vendor ID Payload: Aug 26 13:21:37.473023: | next payload type: ISAKMP_NEXT_VID (0xd) Aug 26 13:21:37.473025: | next payload chain: ignoring supplied 'ISAKMP Vendor ID Payload'.'next payload type' value 13:ISAKMP_NEXT_VID Aug 26 13:21:37.473027: | next payload chain: setting previous 'ISAKMP Security Association Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) Aug 26 13:21:37.473029: | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' Aug 26 13:21:37.473031: | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload Aug 26 13:21:37.473033: | V_ID 40 48 b7 d5 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3 Aug 26 13:21:37.473035: | emitting length of ISAKMP Vendor ID Payload: 20 Aug 26 13:21:37.473036: | out_vid(): sending [Dead Peer Detection] Aug 26 13:21:37.473038: | ***emit ISAKMP Vendor ID Payload: Aug 26 13:21:37.473039: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:21:37.473041: | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) Aug 26 13:21:37.473043: | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' Aug 26 13:21:37.473045: | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload Aug 26 13:21:37.473047: | V_ID af ca d7 13 68 a1 f1 c9 6b 86 96 fc 77 57 01 00 Aug 26 13:21:37.473048: | emitting length of ISAKMP Vendor ID Payload: 20 Aug 26 13:21:37.473050: | nat add vid Aug 26 13:21:37.473052: | sending draft and RFC NATT VIDs Aug 26 13:21:37.473053: | out_vid(): sending [RFC 3947] Aug 26 13:21:37.473055: | ***emit ISAKMP Vendor ID Payload: Aug 26 13:21:37.473056: | next payload type: ISAKMP_NEXT_VID (0xd) Aug 26 13:21:37.473058: | next payload chain: ignoring supplied 'ISAKMP Vendor ID Payload'.'next payload type' value 13:ISAKMP_NEXT_VID Aug 26 13:21:37.473060: | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) Aug 26 13:21:37.473062: | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' Aug 26 13:21:37.473064: | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload Aug 26 13:21:37.473065: | V_ID 4a 13 1c 81 07 03 58 45 5c 57 28 f2 0e 95 45 2f Aug 26 13:21:37.473067: | emitting length of ISAKMP Vendor ID Payload: 20 Aug 26 13:21:37.473068: | skipping VID_NATT_RFC Aug 26 13:21:37.473070: | out_vid(): sending [draft-ietf-ipsec-nat-t-ike-03] Aug 26 13:21:37.473071: | ***emit ISAKMP Vendor ID Payload: Aug 26 13:21:37.473073: | next payload type: ISAKMP_NEXT_VID (0xd) Aug 26 13:21:37.473075: | next payload chain: ignoring supplied 'ISAKMP Vendor ID Payload'.'next payload type' value 13:ISAKMP_NEXT_VID Aug 26 13:21:37.473077: | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) Aug 26 13:21:37.473078: | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' Aug 26 13:21:37.473080: | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload Aug 26 13:21:37.473084: | V_ID 7d 94 19 a6 53 10 ca 6f 2c 17 9d 92 15 52 9d 56 Aug 26 13:21:37.473085: | emitting length of ISAKMP Vendor ID Payload: 20 Aug 26 13:21:37.473087: | out_vid(): sending [draft-ietf-ipsec-nat-t-ike-02_n] Aug 26 13:21:37.473089: | ***emit ISAKMP Vendor ID Payload: Aug 26 13:21:37.473090: | next payload type: ISAKMP_NEXT_VID (0xd) Aug 26 13:21:37.473092: | next payload chain: ignoring supplied 'ISAKMP Vendor ID Payload'.'next payload type' value 13:ISAKMP_NEXT_VID Aug 26 13:21:37.473094: | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) Aug 26 13:21:37.473096: | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' Aug 26 13:21:37.473097: | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload Aug 26 13:21:37.473099: | V_ID 90 cb 80 91 3e bb 69 6e 08 63 81 b5 ec 42 7b 1f Aug 26 13:21:37.473100: | emitting length of ISAKMP Vendor ID Payload: 20 Aug 26 13:21:37.473102: | out_vid(): sending [draft-ietf-ipsec-nat-t-ike-02] Aug 26 13:21:37.473103: | ***emit ISAKMP Vendor ID Payload: Aug 26 13:21:37.473105: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:21:37.473107: | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) Aug 26 13:21:37.473109: | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' Aug 26 13:21:37.473110: | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload Aug 26 13:21:37.473112: | V_ID cd 60 46 43 35 df 21 f8 7c fd b2 fc 68 b6 a4 48 Aug 26 13:21:37.473114: | emitting length of ISAKMP Vendor ID Payload: 20 Aug 26 13:21:37.473115: | no IKEv1 message padding required Aug 26 13:21:37.473117: | emitting length of ISAKMP Message: 792 Aug 26 13:21:37.473126: | sending 792 bytes for reply packet for main_outI1 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Aug 26 13:21:37.473128: | ff 46 30 fd 82 4a 54 6b 00 00 00 00 00 00 00 00 Aug 26 13:21:37.473130: | 01 10 02 00 00 00 00 00 00 00 03 18 0d 00 02 84 Aug 26 13:21:37.473131: | 00 00 00 01 00 00 00 01 00 00 02 78 00 01 00 12 Aug 26 13:21:37.473133: | 03 00 00 24 00 01 00 00 80 0b 00 01 80 0c 0e 10 Aug 26 13:21:37.473134: | 80 01 00 07 80 02 00 04 80 03 00 03 80 04 00 0e Aug 26 13:21:37.473136: | 80 0e 01 00 03 00 00 24 01 01 00 00 80 0b 00 01 Aug 26 13:21:37.473137: | 80 0c 0e 10 80 01 00 07 80 02 00 04 80 03 00 03 Aug 26 13:21:37.473139: | 80 04 00 0e 80 0e 00 80 03 00 00 24 02 01 00 00 Aug 26 13:21:37.473140: | 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 06 Aug 26 13:21:37.473142: | 80 03 00 03 80 04 00 0e 80 0e 01 00 03 00 00 24 Aug 26 13:21:37.473143: | 03 01 00 00 80 0b 00 01 80 0c 0e 10 80 01 00 07 Aug 26 13:21:37.473144: | 80 02 00 06 80 03 00 03 80 04 00 0e 80 0e 00 80 Aug 26 13:21:37.473146: | 03 00 00 24 04 01 00 00 80 0b 00 01 80 0c 0e 10 Aug 26 13:21:37.473147: | 80 01 00 07 80 02 00 02 80 03 00 03 80 04 00 0e Aug 26 13:21:37.473149: | 80 0e 01 00 03 00 00 24 05 01 00 00 80 0b 00 01 Aug 26 13:21:37.473150: | 80 0c 0e 10 80 01 00 07 80 02 00 02 80 03 00 03 Aug 26 13:21:37.473152: | 80 04 00 0e 80 0e 00 80 03 00 00 24 06 01 00 00 Aug 26 13:21:37.473153: | 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 04 Aug 26 13:21:37.473155: | 80 03 00 03 80 04 00 05 80 0e 01 00 03 00 00 24 Aug 26 13:21:37.473156: | 07 01 00 00 80 0b 00 01 80 0c 0e 10 80 01 00 07 Aug 26 13:21:37.473158: | 80 02 00 04 80 03 00 03 80 04 00 05 80 0e 00 80 Aug 26 13:21:37.473159: | 03 00 00 24 08 01 00 00 80 0b 00 01 80 0c 0e 10 Aug 26 13:21:37.473161: | 80 01 00 07 80 02 00 06 80 03 00 03 80 04 00 05 Aug 26 13:21:37.473162: | 80 0e 01 00 03 00 00 24 09 01 00 00 80 0b 00 01 Aug 26 13:21:37.473164: | 80 0c 0e 10 80 01 00 07 80 02 00 06 80 03 00 03 Aug 26 13:21:37.473165: | 80 04 00 05 80 0e 00 80 03 00 00 24 0a 01 00 00 Aug 26 13:21:37.473168: | 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 02 Aug 26 13:21:37.473169: | 80 03 00 03 80 04 00 05 80 0e 01 00 03 00 00 24 Aug 26 13:21:37.473171: | 0b 01 00 00 80 0b 00 01 80 0c 0e 10 80 01 00 07 Aug 26 13:21:37.473172: | 80 02 00 02 80 03 00 03 80 04 00 05 80 0e 00 80 Aug 26 13:21:37.473174: | 03 00 00 20 0c 01 00 00 80 0b 00 01 80 0c 0e 10 Aug 26 13:21:37.473175: | 80 01 00 05 80 02 00 04 80 03 00 03 80 04 00 0e Aug 26 13:21:37.473177: | 03 00 00 20 0d 01 00 00 80 0b 00 01 80 0c 0e 10 Aug 26 13:21:37.473178: | 80 01 00 05 80 02 00 06 80 03 00 03 80 04 00 0e Aug 26 13:21:37.473180: | 03 00 00 20 0e 01 00 00 80 0b 00 01 80 0c 0e 10 Aug 26 13:21:37.473181: | 80 01 00 05 80 02 00 02 80 03 00 03 80 04 00 0e Aug 26 13:21:37.473183: | 03 00 00 20 0f 01 00 00 80 0b 00 01 80 0c 0e 10 Aug 26 13:21:37.473184: | 80 01 00 05 80 02 00 04 80 03 00 03 80 04 00 05 Aug 26 13:21:37.473186: | 03 00 00 20 10 01 00 00 80 0b 00 01 80 0c 0e 10 Aug 26 13:21:37.473187: | 80 01 00 05 80 02 00 06 80 03 00 03 80 04 00 05 Aug 26 13:21:37.473189: | 00 00 00 20 11 01 00 00 80 0b 00 01 80 0c 0e 10 Aug 26 13:21:37.473190: | 80 01 00 05 80 02 00 02 80 03 00 03 80 04 00 05 Aug 26 13:21:37.473192: | 0d 00 00 14 40 48 b7 d5 6e bc e8 85 25 e7 de 7f Aug 26 13:21:37.473193: | 00 d6 c2 d3 0d 00 00 14 af ca d7 13 68 a1 f1 c9 Aug 26 13:21:37.473195: | 6b 86 96 fc 77 57 01 00 0d 00 00 14 4a 13 1c 81 Aug 26 13:21:37.473196: | 07 03 58 45 5c 57 28 f2 0e 95 45 2f 0d 00 00 14 Aug 26 13:21:37.473198: | 7d 94 19 a6 53 10 ca 6f 2c 17 9d 92 15 52 9d 56 Aug 26 13:21:37.473199: | 0d 00 00 14 90 cb 80 91 3e bb 69 6e 08 63 81 b5 Aug 26 13:21:37.473201: | ec 42 7b 1f 00 00 00 14 cd 60 46 43 35 df 21 f8 Aug 26 13:21:37.473202: | 7c fd b2 fc 68 b6 a4 48 Aug 26 13:21:37.473276: | event_schedule: new EVENT_RETRANSMIT-pe@0x5649f9abf408 Aug 26 13:21:37.473281: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #1 Aug 26 13:21:37.473284: | libevent_malloc: new ptr-libevent@0x5649f9abf638 size 128 Aug 26 13:21:37.473296: | #1 STATE_MAIN_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 10983.215742 Aug 26 13:21:37.473343: | #1 spent 1.42 milliseconds in main_outI1() Aug 26 13:21:37.473350: | stop processing: state #1 connection "north-dpd/0x2" from 192.1.2.23 (in main_outI1() at ikev1_main.c:228) Aug 26 13:21:37.473367: | resume processing: connection "north-dpd/0x2" (in main_outI1() at ikev1_main.c:228) Aug 26 13:21:37.473370: | stop processing: connection "north-dpd/0x2" (in initiate_a_connection() at initiate.c:349) Aug 26 13:21:37.473373: | start processing: connection "north-dpd/0x1" (in initiate_a_connection() at initiate.c:186) Aug 26 13:21:37.473375: | empty esp_info, returning defaults for ENCRYPT Aug 26 13:21:37.473390: | connection 'north-dpd/0x1' +POLICY_UP Aug 26 13:21:37.473393: | dup_any(fd@23) -> fd@26 (in initiate_a_connection() at initiate.c:342) Aug 26 13:21:37.473395: | FOR_EACH_STATE_... in find_phase1_state Aug 26 13:21:37.473413: | Queuing pending IPsec SA negotiating with 192.1.2.23 "north-dpd/0x1" IKE SA #1 "north-dpd/0x2" Aug 26 13:21:37.473416: | stop processing: connection "north-dpd/0x1" (in initiate_a_connection() at initiate.c:349) Aug 26 13:21:37.473419: | close_any(fd@23) (in initiate_connection() at initiate.c:384) Aug 26 13:21:37.473434: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:21:37.473437: | spent 1.57 milliseconds in whack Aug 26 13:21:37.474012: | spent 0.00197 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:21:37.474032: | *received 144 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 13:21:37.474036: | ff 46 30 fd 82 4a 54 6b d9 29 c1 51 cb 06 e4 0b Aug 26 13:21:37.474038: | 01 10 02 00 00 00 00 00 00 00 00 90 0d 00 00 38 Aug 26 13:21:37.474039: | 00 00 00 01 00 00 00 01 00 00 00 2c 00 01 00 01 Aug 26 13:21:37.474041: | 00 00 00 24 00 01 00 00 80 0b 00 01 80 0c 0e 10 Aug 26 13:21:37.474044: | 80 01 00 07 80 02 00 04 80 03 00 03 80 04 00 0e Aug 26 13:21:37.474046: | 80 0e 01 00 0d 00 00 14 40 48 b7 d5 6e bc e8 85 Aug 26 13:21:37.474047: | 25 e7 de 7f 00 d6 c2 d3 0d 00 00 14 af ca d7 13 Aug 26 13:21:37.474049: | 68 a1 f1 c9 6b 86 96 fc 77 57 01 00 00 00 00 14 Aug 26 13:21:37.474050: | 4a 13 1c 81 07 03 58 45 5c 57 28 f2 0e 95 45 2f Aug 26 13:21:37.474053: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 13:21:37.474056: | **parse ISAKMP Message: Aug 26 13:21:37.474057: | initiator cookie: Aug 26 13:21:37.474059: | ff 46 30 fd 82 4a 54 6b Aug 26 13:21:37.474061: | responder cookie: Aug 26 13:21:37.474062: | d9 29 c1 51 cb 06 e4 0b Aug 26 13:21:37.474064: | next payload type: ISAKMP_NEXT_SA (0x1) Aug 26 13:21:37.474066: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 13:21:37.474067: | exchange type: ISAKMP_XCHG_IDPROT (0x2) Aug 26 13:21:37.474069: | flags: none (0x0) Aug 26 13:21:37.474071: | Message ID: 0 (0x0) Aug 26 13:21:37.474072: | length: 144 (0x90) Aug 26 13:21:37.474074: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) Aug 26 13:21:37.474076: | State DB: IKEv1 state not found (find_state_ikev1) Aug 26 13:21:37.474078: | State DB: found IKEv1 state #1 in MAIN_I1 (find_state_ikev1_init) Aug 26 13:21:37.474082: | start processing: state #1 connection "north-dpd/0x2" from 192.1.2.23 (in process_v1_packet() at ikev1.c:1459) Aug 26 13:21:37.474083: | #1 is idle Aug 26 13:21:37.474085: | #1 idle Aug 26 13:21:37.474087: | got payload 0x2 (ISAKMP_NEXT_SA) needed: 0x2 opt: 0x2080 Aug 26 13:21:37.474089: | ***parse ISAKMP Security Association Payload: Aug 26 13:21:37.474091: | next payload type: ISAKMP_NEXT_VID (0xd) Aug 26 13:21:37.474093: | length: 56 (0x38) Aug 26 13:21:37.474094: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 13:21:37.474096: | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 Aug 26 13:21:37.474098: | ***parse ISAKMP Vendor ID Payload: Aug 26 13:21:37.474099: | next payload type: ISAKMP_NEXT_VID (0xd) Aug 26 13:21:37.474101: | length: 20 (0x14) Aug 26 13:21:37.474103: | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 Aug 26 13:21:37.474104: | ***parse ISAKMP Vendor ID Payload: Aug 26 13:21:37.474106: | next payload type: ISAKMP_NEXT_VID (0xd) Aug 26 13:21:37.474107: | length: 20 (0x14) Aug 26 13:21:37.474109: | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 Aug 26 13:21:37.474110: | ***parse ISAKMP Vendor ID Payload: Aug 26 13:21:37.474112: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:21:37.474114: | length: 20 (0x14) Aug 26 13:21:37.474115: | message 'main_inR1_outI2' HASH payload not checked early Aug 26 13:21:37.474119: | received Vendor ID payload [FRAGMENTATION] Aug 26 13:21:37.474121: | received Vendor ID payload [Dead Peer Detection] Aug 26 13:21:37.474123: | quirks.qnat_traversal_vid set to=117 [RFC 3947] Aug 26 13:21:37.474125: | received Vendor ID payload [RFC 3947] Aug 26 13:21:37.474127: | ****parse IPsec DOI SIT: Aug 26 13:21:37.474129: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) Aug 26 13:21:37.474131: | ****parse ISAKMP Proposal Payload: Aug 26 13:21:37.474132: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:21:37.474134: | length: 44 (0x2c) Aug 26 13:21:37.474135: | proposal number: 0 (0x0) Aug 26 13:21:37.474137: | protocol ID: PROTO_ISAKMP (0x1) Aug 26 13:21:37.474139: | SPI size: 0 (0x0) Aug 26 13:21:37.474140: | number of transforms: 1 (0x1) Aug 26 13:21:37.474142: | *****parse ISAKMP Transform Payload (ISAKMP): Aug 26 13:21:37.474144: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:21:37.474145: | length: 36 (0x24) Aug 26 13:21:37.474147: | ISAKMP transform number: 0 (0x0) Aug 26 13:21:37.474148: | ISAKMP transform ID: KEY_IKE (0x1) Aug 26 13:21:37.474150: | ******parse ISAKMP Oakley attribute: Aug 26 13:21:37.474152: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Aug 26 13:21:37.474154: | length/value: 1 (0x1) Aug 26 13:21:37.474156: | [1 is OAKLEY_LIFE_SECONDS] Aug 26 13:21:37.474158: | ******parse ISAKMP Oakley attribute: Aug 26 13:21:37.474160: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Aug 26 13:21:37.474162: | length/value: 3600 (0xe10) Aug 26 13:21:37.474163: | ******parse ISAKMP Oakley attribute: Aug 26 13:21:37.474165: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Aug 26 13:21:37.474167: | length/value: 7 (0x7) Aug 26 13:21:37.474168: | [7 is OAKLEY_AES_CBC] Aug 26 13:21:37.474170: | ******parse ISAKMP Oakley attribute: Aug 26 13:21:37.474172: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Aug 26 13:21:37.474173: | length/value: 4 (0x4) Aug 26 13:21:37.474175: | [4 is OAKLEY_SHA2_256] Aug 26 13:21:37.474177: | ******parse ISAKMP Oakley attribute: Aug 26 13:21:37.474178: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Aug 26 13:21:37.474180: | length/value: 3 (0x3) Aug 26 13:21:37.474181: | [3 is OAKLEY_RSA_SIG] Aug 26 13:21:37.474183: | ******parse ISAKMP Oakley attribute: Aug 26 13:21:37.474185: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Aug 26 13:21:37.474186: | length/value: 14 (0xe) Aug 26 13:21:37.474188: | [14 is OAKLEY_GROUP_MODP2048] Aug 26 13:21:37.474189: | ******parse ISAKMP Oakley attribute: Aug 26 13:21:37.474191: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) Aug 26 13:21:37.474193: | length/value: 256 (0x100) Aug 26 13:21:37.474195: | OAKLEY proposal verified unconditionally; no alg_info to check against Aug 26 13:21:37.474196: | Oakley Transform 0 accepted Aug 26 13:21:37.474198: | sender checking NAT-T: enabled; VID 117 Aug 26 13:21:37.474200: | returning NAT-T method NAT_TRAVERSAL_METHOD_IETF_RFC Aug 26 13:21:37.474202: | enabling possible NAT-traversal with method RFC 3947 (NAT-Traversal) Aug 26 13:21:37.474206: | adding outI2 KE work-order 1 for state #1 Aug 26 13:21:37.474208: | state #1 requesting EVENT_RETRANSMIT to be deleted Aug 26 13:21:37.474210: | #1 STATE_MAIN_I1: retransmits: cleared Aug 26 13:21:37.474212: | libevent_free: release ptr-libevent@0x5649f9abf638 Aug 26 13:21:37.474214: | free_event_entry: release EVENT_RETRANSMIT-pe@0x5649f9abf408 Aug 26 13:21:37.474217: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x5649f9abf408 Aug 26 13:21:37.474219: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Aug 26 13:21:37.474221: | libevent_malloc: new ptr-libevent@0x5649f9abf638 size 128 Aug 26 13:21:37.474228: | complete v1 state transition with STF_SUSPEND Aug 26 13:21:37.474232: | [RE]START processing: state #1 connection "north-dpd/0x2" from 192.1.2.23 (in complete_v1_state_transition() at ikev1.c:2648) Aug 26 13:21:37.474234: | suspending state #1 and saving MD Aug 26 13:21:37.474235: | #1 is busy; has a suspended MD Aug 26 13:21:37.474239: | #1 spent 0.111 milliseconds in process_packet_tail() Aug 26 13:21:37.474242: | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) Aug 26 13:21:37.474244: | stop processing: state #1 connection "north-dpd/0x2" from 192.1.2.23 (in process_md() at demux.c:382) Aug 26 13:21:37.474246: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:21:37.474249: | spent 0.229 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:21:37.474262: | crypto helper 0 resuming Aug 26 13:21:37.474272: | crypto helper 0 starting work-order 1 for state #1 Aug 26 13:21:37.474276: | crypto helper 0 doing build KE and nonce (outI2 KE); request ID 1 Aug 26 13:21:37.474861: | crypto helper 0 finished build KE and nonce (outI2 KE); request ID 1 time elapsed 0.000585 seconds Aug 26 13:21:37.474870: | (#1) spent 0.591 milliseconds in crypto helper computing work-order 1: outI2 KE (pcr) Aug 26 13:21:37.474873: | crypto helper 0 sending results from work-order 1 for state #1 to event queue Aug 26 13:21:37.474875: | scheduling resume sending helper answer for #1 Aug 26 13:21:37.474877: | libevent_malloc: new ptr-libevent@0x7f83c0002888 size 128 Aug 26 13:21:37.474883: | crypto helper 0 waiting (nothing to do) Aug 26 13:21:37.474917: | processing resume sending helper answer for #1 Aug 26 13:21:37.474926: | start processing: state #1 connection "north-dpd/0x2" from 192.1.2.23 (in resume_handler() at server.c:797) Aug 26 13:21:37.474930: | crypto helper 0 replies to request ID 1 Aug 26 13:21:37.474932: | calling continuation function 0x5649f7dc5b50 Aug 26 13:21:37.474934: | main_inR1_outI2_continue for #1: calculated ke+nonce, sending I2 Aug 26 13:21:37.474937: | **emit ISAKMP Message: Aug 26 13:21:37.474939: | initiator cookie: Aug 26 13:21:37.474940: | ff 46 30 fd 82 4a 54 6b Aug 26 13:21:37.474942: | responder cookie: Aug 26 13:21:37.474943: | d9 29 c1 51 cb 06 e4 0b Aug 26 13:21:37.474945: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:21:37.474947: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 13:21:37.474949: | exchange type: ISAKMP_XCHG_IDPROT (0x2) Aug 26 13:21:37.474950: | flags: none (0x0) Aug 26 13:21:37.474952: | Message ID: 0 (0x0) Aug 26 13:21:37.474954: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:21:37.474956: | ***emit ISAKMP Key Exchange Payload: Aug 26 13:21:37.474958: | next payload type: ISAKMP_NEXT_NONCE (0xa) Aug 26 13:21:37.474960: | next payload chain: ignoring supplied 'ISAKMP Key Exchange Payload'.'next payload type' value 10:ISAKMP_NEXT_NONCE Aug 26 13:21:37.474962: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Key Exchange Payload (4:ISAKMP_NEXT_KE) Aug 26 13:21:37.474964: | next payload chain: saving location 'ISAKMP Key Exchange Payload'.'next payload type' in 'reply packet' Aug 26 13:21:37.474966: | emitting 256 raw bytes of keyex value into ISAKMP Key Exchange Payload Aug 26 13:21:37.474968: | keyex value b7 b6 99 aa b6 58 3f dc 2b 2e ec 1a 58 ad 77 e3 Aug 26 13:21:37.474970: | keyex value dc 46 cf dd 1d 70 af 71 02 6c 36 52 72 db e3 35 Aug 26 13:21:37.474971: | keyex value 9c 6a 26 62 36 d3 03 7c ff b8 2e 7e 61 eb 91 e3 Aug 26 13:21:37.474973: | keyex value 6a 3a b1 d0 62 4e 94 6b 3b 94 da 18 3d 45 8e 73 Aug 26 13:21:37.474974: | keyex value 1d 51 b7 8b fd 21 9a 69 f6 14 ba 3f cc 6f f6 ce Aug 26 13:21:37.474976: | keyex value b9 a8 f2 35 f1 a6 ea b5 34 fa 45 0d ba 64 92 c4 Aug 26 13:21:37.474977: | keyex value 6d 30 78 86 80 6e 09 a8 1e 99 14 64 9b 81 94 32 Aug 26 13:21:37.474979: | keyex value 43 d8 07 c3 4f 1c f9 fc 35 80 f8 4e 20 e4 5d 23 Aug 26 13:21:37.474980: | keyex value 81 85 c5 bc ae 2e d0 48 85 90 53 f7 e5 fe 4e b9 Aug 26 13:21:37.474982: | keyex value 19 91 65 32 e3 b4 f8 5c e7 ac 95 64 97 05 a7 bf Aug 26 13:21:37.474983: | keyex value 51 26 6f 46 f9 e4 38 91 87 c2 4b 13 b2 5b 59 fb Aug 26 13:21:37.474985: | keyex value 84 de 41 15 e5 e8 43 91 33 76 44 3f 9b 51 76 ed Aug 26 13:21:37.474986: | keyex value 6d fe 28 1b d3 14 ed 4c 5e 02 90 d0 82 3a 84 75 Aug 26 13:21:37.474988: | keyex value 0c ea b8 ae 5a 07 7d e7 06 5a df c2 ea a9 1e 7a Aug 26 13:21:37.474990: | keyex value 3d ae f8 d1 72 23 6b da 0e 95 dc 20 f2 87 d6 59 Aug 26 13:21:37.474991: | keyex value 47 01 ec e3 00 fa 41 a7 82 8a a5 57 61 eb 72 c4 Aug 26 13:21:37.474993: | emitting length of ISAKMP Key Exchange Payload: 260 Aug 26 13:21:37.474995: | ***emit ISAKMP Nonce Payload: Aug 26 13:21:37.474996: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:21:37.474998: | next payload chain: setting previous 'ISAKMP Key Exchange Payload'.'next payload type' to current ISAKMP Nonce Payload (10:ISAKMP_NEXT_NONCE) Aug 26 13:21:37.475000: | next payload chain: saving location 'ISAKMP Nonce Payload'.'next payload type' in 'reply packet' Aug 26 13:21:37.475002: | emitting 32 raw bytes of Ni into ISAKMP Nonce Payload Aug 26 13:21:37.475004: | Ni a3 32 86 3d 47 ec 12 d4 81 48 28 77 ec 4c ae 8d Aug 26 13:21:37.475005: | Ni ff 85 1d a2 5f c4 cb 82 8a 65 5a ce 87 0d a3 9c Aug 26 13:21:37.475007: | emitting length of ISAKMP Nonce Payload: 36 Aug 26 13:21:37.475008: | NAT-T checking st_nat_traversal Aug 26 13:21:37.475012: | NAT-T found (implies NAT_T_WITH_NATD) Aug 26 13:21:37.475014: | sending NAT-D payloads Aug 26 13:21:37.475022: | natd_hash: hasher=0x5649f7e9aca0(32) Aug 26 13:21:37.475024: | natd_hash: icookie= ff 46 30 fd 82 4a 54 6b Aug 26 13:21:37.475025: | natd_hash: rcookie= d9 29 c1 51 cb 06 e4 0b Aug 26 13:21:37.475027: | natd_hash: ip= c0 01 02 17 Aug 26 13:21:37.475028: | natd_hash: port=500 Aug 26 13:21:37.475030: | natd_hash: hash= ed 32 8a af f0 63 ea 88 01 05 5b 36 83 42 ef 6f Aug 26 13:21:37.475032: | natd_hash: hash= 7d 4f 64 aa 83 82 09 43 53 88 23 dd 04 b7 7d cf Aug 26 13:21:37.475033: | ***emit ISAKMP NAT-D Payload: Aug 26 13:21:37.475035: | next payload type: ISAKMP_NEXT_NATD_RFC (0x14) Aug 26 13:21:37.475037: | next payload chain: ignoring supplied 'ISAKMP NAT-D Payload'.'next payload type' value 20:ISAKMP_NEXT_NATD_RFC Aug 26 13:21:37.475039: | next payload chain: setting previous 'ISAKMP Nonce Payload'.'next payload type' to current ISAKMP NAT-D Payload (20:ISAKMP_NEXT_NATD_RFC) Aug 26 13:21:37.475041: | next payload chain: saving location 'ISAKMP NAT-D Payload'.'next payload type' in 'reply packet' Aug 26 13:21:37.475043: | emitting 32 raw bytes of NAT-D into ISAKMP NAT-D Payload Aug 26 13:21:37.475044: | NAT-D ed 32 8a af f0 63 ea 88 01 05 5b 36 83 42 ef 6f Aug 26 13:21:37.475046: | NAT-D 7d 4f 64 aa 83 82 09 43 53 88 23 dd 04 b7 7d cf Aug 26 13:21:37.475047: | emitting length of ISAKMP NAT-D Payload: 36 Aug 26 13:21:37.475053: | natd_hash: hasher=0x5649f7e9aca0(32) Aug 26 13:21:37.475055: | natd_hash: icookie= ff 46 30 fd 82 4a 54 6b Aug 26 13:21:37.475056: | natd_hash: rcookie= d9 29 c1 51 cb 06 e4 0b Aug 26 13:21:37.475058: | natd_hash: ip= c0 01 03 21 Aug 26 13:21:37.475059: | natd_hash: port=500 Aug 26 13:21:37.475061: | natd_hash: hash= 7d 1f f8 05 8e cd 98 1a ee ba d7 61 74 76 d9 06 Aug 26 13:21:37.475063: | natd_hash: hash= 3c 55 1e b4 00 77 f8 6f 4d ca 09 e3 d8 9a 01 8c Aug 26 13:21:37.475064: | ***emit ISAKMP NAT-D Payload: Aug 26 13:21:37.475066: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:21:37.475068: | next payload chain: setting previous 'ISAKMP NAT-D Payload'.'next payload type' to current ISAKMP NAT-D Payload (20:ISAKMP_NEXT_NATD_RFC) Aug 26 13:21:37.475070: | next payload chain: saving location 'ISAKMP NAT-D Payload'.'next payload type' in 'reply packet' Aug 26 13:21:37.475071: | emitting 32 raw bytes of NAT-D into ISAKMP NAT-D Payload Aug 26 13:21:37.475073: | NAT-D 7d 1f f8 05 8e cd 98 1a ee ba d7 61 74 76 d9 06 Aug 26 13:21:37.475074: | NAT-D 3c 55 1e b4 00 77 f8 6f 4d ca 09 e3 d8 9a 01 8c Aug 26 13:21:37.475076: | emitting length of ISAKMP NAT-D Payload: 36 Aug 26 13:21:37.475078: | no IKEv1 message padding required Aug 26 13:21:37.475079: | emitting length of ISAKMP Message: 396 Aug 26 13:21:37.475081: | State DB: re-hashing IKEv1 state #1 IKE SPIi and SPI[ir] Aug 26 13:21:37.475084: | complete v1 state transition with STF_OK Aug 26 13:21:37.475088: | [RE]START processing: state #1 connection "north-dpd/0x2" from 192.1.2.23 (in complete_v1_state_transition() at ikev1.c:2673) Aug 26 13:21:37.475089: | #1 is idle Aug 26 13:21:37.475091: | doing_xauth:no, t_xauth_client_done:no Aug 26 13:21:37.475093: | peer supports fragmentation Aug 26 13:21:37.475094: | peer supports DPD Aug 26 13:21:37.475096: | DPD is configured locally Aug 26 13:21:37.475097: | IKEv1: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2 Aug 26 13:21:37.475100: | parent state #1: MAIN_I1(half-open IKE SA) => MAIN_I2(open IKE SA) Aug 26 13:21:37.475101: | event_already_set, deleting event Aug 26 13:21:37.475103: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:21:37.475105: | libevent_free: release ptr-libevent@0x5649f9abf638 Aug 26 13:21:37.475107: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x5649f9abf408 Aug 26 13:21:37.475111: | sending reply packet to 192.1.2.23:500 (from 192.1.3.33:500) Aug 26 13:21:37.475115: | sending 396 bytes for STATE_MAIN_I1 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Aug 26 13:21:37.475118: | ff 46 30 fd 82 4a 54 6b d9 29 c1 51 cb 06 e4 0b Aug 26 13:21:37.475122: | 04 10 02 00 00 00 00 00 00 00 01 8c 0a 00 01 04 Aug 26 13:21:37.475124: | b7 b6 99 aa b6 58 3f dc 2b 2e ec 1a 58 ad 77 e3 Aug 26 13:21:37.475126: | dc 46 cf dd 1d 70 af 71 02 6c 36 52 72 db e3 35 Aug 26 13:21:37.475127: | 9c 6a 26 62 36 d3 03 7c ff b8 2e 7e 61 eb 91 e3 Aug 26 13:21:37.475129: | 6a 3a b1 d0 62 4e 94 6b 3b 94 da 18 3d 45 8e 73 Aug 26 13:21:37.475130: | 1d 51 b7 8b fd 21 9a 69 f6 14 ba 3f cc 6f f6 ce Aug 26 13:21:37.475132: | b9 a8 f2 35 f1 a6 ea b5 34 fa 45 0d ba 64 92 c4 Aug 26 13:21:37.475133: | 6d 30 78 86 80 6e 09 a8 1e 99 14 64 9b 81 94 32 Aug 26 13:21:37.475135: | 43 d8 07 c3 4f 1c f9 fc 35 80 f8 4e 20 e4 5d 23 Aug 26 13:21:37.475136: | 81 85 c5 bc ae 2e d0 48 85 90 53 f7 e5 fe 4e b9 Aug 26 13:21:37.475138: | 19 91 65 32 e3 b4 f8 5c e7 ac 95 64 97 05 a7 bf Aug 26 13:21:37.475139: | 51 26 6f 46 f9 e4 38 91 87 c2 4b 13 b2 5b 59 fb Aug 26 13:21:37.475141: | 84 de 41 15 e5 e8 43 91 33 76 44 3f 9b 51 76 ed Aug 26 13:21:37.475142: | 6d fe 28 1b d3 14 ed 4c 5e 02 90 d0 82 3a 84 75 Aug 26 13:21:37.475144: | 0c ea b8 ae 5a 07 7d e7 06 5a df c2 ea a9 1e 7a Aug 26 13:21:37.475145: | 3d ae f8 d1 72 23 6b da 0e 95 dc 20 f2 87 d6 59 Aug 26 13:21:37.475147: | 47 01 ec e3 00 fa 41 a7 82 8a a5 57 61 eb 72 c4 Aug 26 13:21:37.475148: | 14 00 00 24 a3 32 86 3d 47 ec 12 d4 81 48 28 77 Aug 26 13:21:37.475150: | ec 4c ae 8d ff 85 1d a2 5f c4 cb 82 8a 65 5a ce Aug 26 13:21:37.475151: | 87 0d a3 9c 14 00 00 24 ed 32 8a af f0 63 ea 88 Aug 26 13:21:37.475153: | 01 05 5b 36 83 42 ef 6f 7d 4f 64 aa 83 82 09 43 Aug 26 13:21:37.475154: | 53 88 23 dd 04 b7 7d cf 00 00 00 24 7d 1f f8 05 Aug 26 13:21:37.475156: | 8e cd 98 1a ee ba d7 61 74 76 d9 06 3c 55 1e b4 Aug 26 13:21:37.475157: | 00 77 f8 6f 4d ca 09 e3 d8 9a 01 8c Aug 26 13:21:37.475176: | !event_already_set at reschedule Aug 26 13:21:37.475180: | event_schedule: new EVENT_RETRANSMIT-pe@0x5649f9abf408 Aug 26 13:21:37.475183: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #1 Aug 26 13:21:37.475185: | libevent_malloc: new ptr-libevent@0x5649f9ac47a8 size 128 Aug 26 13:21:37.475188: | #1 STATE_MAIN_I2: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 10983.217646 Aug 26 13:21:37.475191: "north-dpd/0x2" #1: STATE_MAIN_I2: sent MI2, expecting MR2 Aug 26 13:21:37.475196: | modecfg pull: noquirk policy:push not-client Aug 26 13:21:37.475198: | phase 1 is done, looking for phase 2 to unpend Aug 26 13:21:37.475200: | resume sending helper answer for #1 suppresed complete_v1_state_transition() Aug 26 13:21:37.475205: | #1 spent 0.265 milliseconds in resume sending helper answer Aug 26 13:21:37.475208: | stop processing: state #1 connection "north-dpd/0x2" from 192.1.2.23 (in resume_handler() at server.c:833) Aug 26 13:21:37.475210: | libevent_free: release ptr-libevent@0x7f83c0002888 Aug 26 13:21:37.476574: | spent 0.00205 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:21:37.476592: | *received 576 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 13:21:37.476595: | ff 46 30 fd 82 4a 54 6b d9 29 c1 51 cb 06 e4 0b Aug 26 13:21:37.476596: | 04 10 02 00 00 00 00 00 00 00 02 40 0a 00 01 04 Aug 26 13:21:37.476598: | 0c b9 9b 33 05 69 a9 82 98 f9 ba 09 0c 11 47 79 Aug 26 13:21:37.476600: | 3b a7 b7 fd 58 34 19 41 82 9a d5 8a a0 94 99 5a Aug 26 13:21:37.476601: | 9e ca 5b d8 c1 06 74 38 3f 6f 51 35 a9 77 55 4b Aug 26 13:21:37.476603: | 6b 6d 8d 57 6a 0f fe 86 17 06 e2 48 ba d2 f1 f1 Aug 26 13:21:37.476604: | fd ce 79 01 0d d6 50 75 0b 38 e6 26 2b ab 93 e9 Aug 26 13:21:37.476605: | 2e 8a 0b 9e b3 f2 70 59 49 3c f2 75 36 80 34 3e Aug 26 13:21:37.476607: | db 0d d4 de 25 9a 9a 86 5b 62 2e fe 44 90 76 02 Aug 26 13:21:37.476608: | d1 3a 67 b5 a0 29 26 da 6f 1a 32 89 b1 f1 03 3c Aug 26 13:21:37.476610: | 24 ad 2b ee cd aa d2 27 9a 93 08 0e 2b 2f c9 e2 Aug 26 13:21:37.476613: | a9 f9 ea f2 08 b5 68 98 d2 f8 5e 32 36 21 b6 6c Aug 26 13:21:37.476615: | 90 1c a5 5f 19 76 8f ab c0 ad 95 80 07 f1 da 83 Aug 26 13:21:37.476617: | db 47 cd af 6e cc d0 d8 81 46 cb bc 7f 16 47 c9 Aug 26 13:21:37.476618: | b5 9c 77 a8 82 ea 83 15 52 6e 6d 83 44 8a 11 4d Aug 26 13:21:37.476620: | 6e 26 08 98 1e 7c 50 d3 39 08 dc 1a 1e 8d 44 38 Aug 26 13:21:37.476621: | d5 b9 e7 d0 bd a0 b8 31 24 88 23 ee d1 46 90 0b Aug 26 13:21:37.476623: | 6c 1f 33 6b 1b f8 df 13 91 89 25 cc 8d dc b7 3b Aug 26 13:21:37.476624: | 07 00 00 24 8a 58 f1 2d 8f 10 5b ad e6 e5 af 78 Aug 26 13:21:37.476626: | 0d b6 be 3e 48 cd f5 23 32 0d b0 fd bc 19 a4 6e Aug 26 13:21:37.476627: | 75 6f 0f 9e 14 00 00 b4 04 30 81 ac 31 0b 30 09 Aug 26 13:21:37.476629: | 06 03 55 04 06 13 02 43 41 31 10 30 0e 06 03 55 Aug 26 13:21:37.476630: | 04 08 0c 07 4f 6e 74 61 72 69 6f 31 10 30 0e 06 Aug 26 13:21:37.476631: | 03 55 04 07 0c 07 54 6f 72 6f 6e 74 6f 31 12 30 Aug 26 13:21:37.476633: | 10 06 03 55 04 0a 0c 09 4c 69 62 72 65 73 77 61 Aug 26 13:21:37.476634: | 6e 31 18 30 16 06 03 55 04 0b 0c 0f 54 65 73 74 Aug 26 13:21:37.476636: | 20 44 65 70 61 72 74 6d 65 6e 74 31 25 30 23 06 Aug 26 13:21:37.476637: | 03 55 04 03 0c 1c 4c 69 62 72 65 73 77 61 6e 20 Aug 26 13:21:37.476639: | 74 65 73 74 20 43 41 20 66 6f 72 20 6d 61 69 6e Aug 26 13:21:37.476640: | 63 61 31 24 30 22 06 09 2a 86 48 86 f7 0d 01 09 Aug 26 13:21:37.476642: | 01 16 15 74 65 73 74 69 6e 67 40 6c 69 62 72 65 Aug 26 13:21:37.476643: | 73 77 61 6e 2e 6f 72 67 14 00 00 24 7d 1f f8 05 Aug 26 13:21:37.476645: | 8e cd 98 1a ee ba d7 61 74 76 d9 06 3c 55 1e b4 Aug 26 13:21:37.476646: | 00 77 f8 6f 4d ca 09 e3 d8 9a 01 8c 00 00 00 24 Aug 26 13:21:37.476648: | ed 32 8a af f0 63 ea 88 01 05 5b 36 83 42 ef 6f Aug 26 13:21:37.476649: | 7d 4f 64 aa 83 82 09 43 53 88 23 dd 04 b7 7d cf Aug 26 13:21:37.476652: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 13:21:37.476655: | **parse ISAKMP Message: Aug 26 13:21:37.476656: | initiator cookie: Aug 26 13:21:37.476658: | ff 46 30 fd 82 4a 54 6b Aug 26 13:21:37.476659: | responder cookie: Aug 26 13:21:37.476661: | d9 29 c1 51 cb 06 e4 0b Aug 26 13:21:37.476663: | next payload type: ISAKMP_NEXT_KE (0x4) Aug 26 13:21:37.476665: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 13:21:37.476666: | exchange type: ISAKMP_XCHG_IDPROT (0x2) Aug 26 13:21:37.476668: | flags: none (0x0) Aug 26 13:21:37.476670: | Message ID: 0 (0x0) Aug 26 13:21:37.476671: | length: 576 (0x240) Aug 26 13:21:37.476673: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) Aug 26 13:21:37.476675: | State DB: found IKEv1 state #1 in MAIN_I2 (find_state_ikev1) Aug 26 13:21:37.476679: | start processing: state #1 connection "north-dpd/0x2" from 192.1.2.23 (in process_v1_packet() at ikev1.c:1459) Aug 26 13:21:37.476680: | #1 is idle Aug 26 13:21:37.476682: | #1 idle Aug 26 13:21:37.476684: | got payload 0x10 (ISAKMP_NEXT_KE) needed: 0x410 opt: 0x102080 Aug 26 13:21:37.476686: | ***parse ISAKMP Key Exchange Payload: Aug 26 13:21:37.476688: | next payload type: ISAKMP_NEXT_NONCE (0xa) Aug 26 13:21:37.476689: | length: 260 (0x104) Aug 26 13:21:37.476691: | got payload 0x400 (ISAKMP_NEXT_NONCE) needed: 0x400 opt: 0x102080 Aug 26 13:21:37.476693: | ***parse ISAKMP Nonce Payload: Aug 26 13:21:37.476694: | next payload type: ISAKMP_NEXT_CR (0x7) Aug 26 13:21:37.476696: | length: 36 (0x24) Aug 26 13:21:37.476698: | got payload 0x80 (ISAKMP_NEXT_CR) needed: 0x0 opt: 0x102080 Aug 26 13:21:37.476699: | ***parse ISAKMP Certificate RequestPayload: Aug 26 13:21:37.476701: | next payload type: ISAKMP_NEXT_NATD_RFC (0x14) Aug 26 13:21:37.476703: | length: 180 (0xb4) Aug 26 13:21:37.476704: | cert type: CERT_X509_SIGNATURE (0x4) Aug 26 13:21:37.476706: | got payload 0x100000 (ISAKMP_NEXT_NATD_RFC) needed: 0x0 opt: 0x102080 Aug 26 13:21:37.476709: | ***parse ISAKMP NAT-D Payload: Aug 26 13:21:37.476711: | next payload type: ISAKMP_NEXT_NATD_RFC (0x14) Aug 26 13:21:37.476712: | length: 36 (0x24) Aug 26 13:21:37.476714: | got payload 0x100000 (ISAKMP_NEXT_NATD_RFC) needed: 0x0 opt: 0x102080 Aug 26 13:21:37.476716: | ***parse ISAKMP NAT-D Payload: Aug 26 13:21:37.476717: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:21:37.476719: | length: 36 (0x24) Aug 26 13:21:37.476721: | message 'main_inR2_outI3' HASH payload not checked early Aug 26 13:21:37.476730: | started looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org of kind PKK_PSK Aug 26 13:21:37.476734: | actually looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org of kind PKK_PSK Aug 26 13:21:37.476740: | line 0: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org) to type PKK_RSA Aug 26 13:21:37.476742: | line 1: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org) to type PKK_RSA Aug 26 13:21:37.476744: | concluding with best_match=000 best=(nil) (lineno=-1) Aug 26 13:21:37.476746: | no PreShared Key Found Aug 26 13:21:37.476748: | adding aggr outR1 DH work-order 2 for state #1 Aug 26 13:21:37.476750: | state #1 requesting EVENT_RETRANSMIT to be deleted Aug 26 13:21:37.476752: | #1 STATE_MAIN_I2: retransmits: cleared Aug 26 13:21:37.476754: | libevent_free: release ptr-libevent@0x5649f9ac47a8 Aug 26 13:21:37.476756: | free_event_entry: release EVENT_RETRANSMIT-pe@0x5649f9abf408 Aug 26 13:21:37.476758: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x5649f9abf408 Aug 26 13:21:37.476761: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Aug 26 13:21:37.476763: | libevent_malloc: new ptr-libevent@0x7f83c0002888 size 128 Aug 26 13:21:37.476769: | complete v1 state transition with STF_SUSPEND Aug 26 13:21:37.476775: | [RE]START processing: state #1 connection "north-dpd/0x2" from 192.1.2.23 (in complete_v1_state_transition() at ikev1.c:2648) Aug 26 13:21:37.476776: | crypto helper 1 resuming Aug 26 13:21:37.476778: | suspending state #1 and saving MD Aug 26 13:21:37.476786: | crypto helper 1 starting work-order 2 for state #1 Aug 26 13:21:37.476791: | #1 is busy; has a suspended MD Aug 26 13:21:37.476797: | crypto helper 1 doing compute dh+iv (V1 Phase 1) (aggr outR1 DH); request ID 2 Aug 26 13:21:37.476800: | #1 spent 0.0721 milliseconds in process_packet_tail() Aug 26 13:21:37.476805: | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) Aug 26 13:21:37.476810: | stop processing: state #1 connection "north-dpd/0x2" from 192.1.2.23 (in process_md() at demux.c:382) Aug 26 13:21:37.476813: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:21:37.476817: | spent 0.229 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:21:37.477487: | crypto helper 1 finished compute dh+iv (V1 Phase 1) (aggr outR1 DH); request ID 2 time elapsed 0.00069 seconds Aug 26 13:21:37.477496: | (#1) spent 0.693 milliseconds in crypto helper computing work-order 2: aggr outR1 DH (pcr) Aug 26 13:21:37.477498: | crypto helper 1 sending results from work-order 2 for state #1 to event queue Aug 26 13:21:37.477500: | scheduling resume sending helper answer for #1 Aug 26 13:21:37.477502: | libevent_malloc: new ptr-libevent@0x7f83b8000f48 size 128 Aug 26 13:21:37.477507: | crypto helper 1 waiting (nothing to do) Aug 26 13:21:37.477513: | processing resume sending helper answer for #1 Aug 26 13:21:37.477520: | start processing: state #1 connection "north-dpd/0x2" from 192.1.2.23 (in resume_handler() at server.c:797) Aug 26 13:21:37.477523: | crypto helper 1 replies to request ID 2 Aug 26 13:21:37.477525: | calling continuation function 0x5649f7dc5b50 Aug 26 13:21:37.477527: | main_inR2_outI3_cryptotail for #1: calculated DH, sending R1 Aug 26 13:21:37.477530: | **emit ISAKMP Message: Aug 26 13:21:37.477532: | initiator cookie: Aug 26 13:21:37.477533: | ff 46 30 fd 82 4a 54 6b Aug 26 13:21:37.477535: | responder cookie: Aug 26 13:21:37.477536: | d9 29 c1 51 cb 06 e4 0b Aug 26 13:21:37.477538: | next payload type: ISAKMP_NEXT_ID (0x5) Aug 26 13:21:37.477540: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 13:21:37.477541: | exchange type: ISAKMP_XCHG_IDPROT (0x2) Aug 26 13:21:37.477543: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 13:21:37.477545: | Message ID: 0 (0x0) Aug 26 13:21:37.477547: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:21:37.477549: | next payload chain: ignoring supplied 'ISAKMP Message'.'next payload type' value 5:ISAKMP_NEXT_ID Aug 26 13:21:37.477551: | CR 30 81 ac 31 0b 30 09 06 03 55 04 06 13 02 43 41 Aug 26 13:21:37.477553: | CR 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 Aug 26 13:21:37.477554: | CR 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 Aug 26 13:21:37.477556: | CR 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c Aug 26 13:21:37.477557: | CR 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 Aug 26 13:21:37.477559: | CR 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 Aug 26 13:21:37.477560: | CR 6e 74 31 25 30 23 06 03 55 04 03 0c 1c 4c 69 62 Aug 26 13:21:37.477562: | CR 72 65 73 77 61 6e 20 74 65 73 74 20 43 41 20 66 Aug 26 13:21:37.477563: | CR 6f 72 20 6d 61 69 6e 63 61 31 24 30 22 06 09 2a Aug 26 13:21:37.477565: | CR 86 48 86 f7 0d 01 09 01 16 15 74 65 73 74 69 6e Aug 26 13:21:37.477566: | CR 67 40 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 Aug 26 13:21:37.477571: | requested CA: 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:21:37.477573: | thinking about whether to send my certificate: Aug 26 13:21:37.477575: | I have RSA key: OAKLEY_RSA_SIG cert.type: CERT_X509_SIGNATURE Aug 26 13:21:37.477576: | sendcert: CERT_ALWAYSSEND and I did get a certificate request Aug 26 13:21:37.477578: | so send cert. Aug 26 13:21:37.477580: | I am sending a certificate request Aug 26 13:21:37.477582: | I will NOT send an initial contact payload Aug 26 13:21:37.477584: | init checking NAT-T: enabled; RFC 3947 (NAT-Traversal) Aug 26 13:21:37.477591: | natd_hash: hasher=0x5649f7e9aca0(32) Aug 26 13:21:37.477593: | natd_hash: icookie= ff 46 30 fd 82 4a 54 6b Aug 26 13:21:37.477594: | natd_hash: rcookie= d9 29 c1 51 cb 06 e4 0b Aug 26 13:21:37.477596: | natd_hash: ip= c0 01 03 21 Aug 26 13:21:37.477597: | natd_hash: port=500 Aug 26 13:21:37.477599: | natd_hash: hash= 7d 1f f8 05 8e cd 98 1a ee ba d7 61 74 76 d9 06 Aug 26 13:21:37.477601: | natd_hash: hash= 3c 55 1e b4 00 77 f8 6f 4d ca 09 e3 d8 9a 01 8c Aug 26 13:21:37.477604: | natd_hash: hasher=0x5649f7e9aca0(32) Aug 26 13:21:37.477606: | natd_hash: icookie= ff 46 30 fd 82 4a 54 6b Aug 26 13:21:37.477607: | natd_hash: rcookie= d9 29 c1 51 cb 06 e4 0b Aug 26 13:21:37.477609: | natd_hash: ip= c0 01 02 17 Aug 26 13:21:37.477610: | natd_hash: port=500 Aug 26 13:21:37.477612: | natd_hash: hash= ed 32 8a af f0 63 ea 88 01 05 5b 36 83 42 ef 6f Aug 26 13:21:37.477613: | natd_hash: hash= 7d 4f 64 aa 83 82 09 43 53 88 23 dd 04 b7 7d cf Aug 26 13:21:37.477615: | expected NAT-D(me): 7d 1f f8 05 8e cd 98 1a ee ba d7 61 74 76 d9 06 Aug 26 13:21:37.477617: | expected NAT-D(me): 3c 55 1e b4 00 77 f8 6f 4d ca 09 e3 d8 9a 01 8c Aug 26 13:21:37.477618: | expected NAT-D(him): Aug 26 13:21:37.477620: | ed 32 8a af f0 63 ea 88 01 05 5b 36 83 42 ef 6f Aug 26 13:21:37.477621: | 7d 4f 64 aa 83 82 09 43 53 88 23 dd 04 b7 7d cf Aug 26 13:21:37.477625: | received NAT-D: 7d 1f f8 05 8e cd 98 1a ee ba d7 61 74 76 d9 06 Aug 26 13:21:37.477627: | received NAT-D: 3c 55 1e b4 00 77 f8 6f 4d ca 09 e3 d8 9a 01 8c Aug 26 13:21:37.477628: | received NAT-D: ed 32 8a af f0 63 ea 88 01 05 5b 36 83 42 ef 6f Aug 26 13:21:37.477630: | received NAT-D: 7d 4f 64 aa 83 82 09 43 53 88 23 dd 04 b7 7d cf Aug 26 13:21:37.477631: | NAT_TRAVERSAL encaps using auto-detect Aug 26 13:21:37.477633: | NAT_TRAVERSAL this end is NOT behind NAT Aug 26 13:21:37.477634: | NAT_TRAVERSAL that end is NOT behind NAT Aug 26 13:21:37.477637: | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.23 Aug 26 13:21:37.477638: | NAT-Traversal: Result using RFC 3947 (NAT-Traversal) sender port 500: no NAT detected Aug 26 13:21:37.477640: | NAT_T_WITH_KA detected Aug 26 13:21:37.477642: | global one-shot timer EVENT_NAT_T_KEEPALIVE scheduled in 20 seconds Aug 26 13:21:37.477644: | ***emit ISAKMP Identification Payload (IPsec DOI): Aug 26 13:21:37.477646: | next payload type: ISAKMP_NEXT_CERT (0x6) Aug 26 13:21:37.477648: | ID type: ID_DER_ASN1_DN (0x9) Aug 26 13:21:37.477649: | Protocol ID: 0 (0x0) Aug 26 13:21:37.477651: | port: 0 (0x0) Aug 26 13:21:37.477653: | next payload chain: ignoring supplied 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' value 6:ISAKMP_NEXT_CERT Aug 26 13:21:37.477655: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) Aug 26 13:21:37.477657: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' Aug 26 13:21:37.477659: | emitting 185 raw bytes of my identity into ISAKMP Identification Payload (IPsec DOI) Aug 26 13:21:37.477661: | my identity 30 81 b6 31 0b 30 09 06 03 55 04 06 13 02 43 41 Aug 26 13:21:37.477663: | my identity 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 Aug 26 13:21:37.477664: | my identity 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 Aug 26 13:21:37.477666: | my identity 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c Aug 26 13:21:37.477667: | my identity 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 Aug 26 13:21:37.477669: | my identity 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 Aug 26 13:21:37.477671: | my identity 6e 74 31 24 30 22 06 03 55 04 03 0c 1b 6e 6f 72 Aug 26 13:21:37.477672: | my identity 74 68 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 Aug 26 13:21:37.477674: | my identity 73 77 61 6e 2e 6f 72 67 31 2f 30 2d 06 09 2a 86 Aug 26 13:21:37.477675: | my identity 48 86 f7 0d 01 09 01 16 20 75 73 65 72 2d 6e 6f Aug 26 13:21:37.477677: | my identity 72 74 68 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 Aug 26 13:21:37.477678: | my identity 65 73 77 61 6e 2e 6f 72 67 Aug 26 13:21:37.477680: | emitting length of ISAKMP Identification Payload (IPsec DOI): 193 Aug 26 13:21:37.477682: "north-dpd/0x2" #1: I am sending my cert Aug 26 13:21:37.477688: | ***emit ISAKMP Certificate Payload: Aug 26 13:21:37.477690: | next payload type: ISAKMP_NEXT_CR (0x7) Aug 26 13:21:37.477692: | cert encoding: CERT_X509_SIGNATURE (0x4) Aug 26 13:21:37.477694: | next payload chain: ignoring supplied 'ISAKMP Certificate Payload'.'next payload type' value 7:ISAKMP_NEXT_CR Aug 26 13:21:37.477696: | next payload chain: setting previous 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' to current ISAKMP Certificate Payload (6:ISAKMP_NEXT_CERT) Aug 26 13:21:37.477698: | next payload chain: saving location 'ISAKMP Certificate Payload'.'next payload type' in 'reply packet' Aug 26 13:21:37.477700: | emitting 1227 raw bytes of CERT into ISAKMP Certificate Payload Aug 26 13:21:37.477701: | CERT 30 82 04 c7 30 82 04 30 a0 03 02 01 02 02 01 06 Aug 26 13:21:37.477703: | CERT 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 Aug 26 13:21:37.477704: | CERT 81 ac 31 0b 30 09 06 03 55 04 06 13 02 43 41 31 Aug 26 13:21:37.477706: | CERT 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 69 Aug 26 13:21:37.477709: | CERT 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 6f Aug 26 13:21:37.477710: | CERT 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c 69 Aug 26 13:21:37.477712: | CERT 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 0b Aug 26 13:21:37.477713: | CERT 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 6e Aug 26 13:21:37.477715: | CERT 74 31 25 30 23 06 03 55 04 03 0c 1c 4c 69 62 72 Aug 26 13:21:37.477716: | CERT 65 73 77 61 6e 20 74 65 73 74 20 43 41 20 66 6f Aug 26 13:21:37.477718: | CERT 72 20 6d 61 69 6e 63 61 31 24 30 22 06 09 2a 86 Aug 26 13:21:37.477719: | CERT 48 86 f7 0d 01 09 01 16 15 74 65 73 74 69 6e 67 Aug 26 13:21:37.477721: | CERT 40 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 30 22 Aug 26 13:21:37.477722: | CERT 18 0f 32 30 31 39 30 38 32 34 30 39 30 37 35 33 Aug 26 13:21:37.477724: | CERT 5a 18 0f 32 30 32 32 30 38 32 33 30 39 30 37 35 Aug 26 13:21:37.477725: | CERT 33 5a 30 81 b6 31 0b 30 09 06 03 55 04 06 13 02 Aug 26 13:21:37.477727: | CERT 43 41 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 Aug 26 13:21:37.477728: | CERT 61 72 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 Aug 26 13:21:37.477730: | CERT 6f 72 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c Aug 26 13:21:37.477731: | CERT 09 4c 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 Aug 26 13:21:37.477733: | CERT 55 04 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 Aug 26 13:21:37.477734: | CERT 6d 65 6e 74 31 24 30 22 06 03 55 04 03 0c 1b 6e Aug 26 13:21:37.477736: | CERT 6f 72 74 68 2e 74 65 73 74 69 6e 67 2e 6c 69 62 Aug 26 13:21:37.477737: | CERT 72 65 73 77 61 6e 2e 6f 72 67 31 2f 30 2d 06 09 Aug 26 13:21:37.477739: | CERT 2a 86 48 86 f7 0d 01 09 01 16 20 75 73 65 72 2d Aug 26 13:21:37.477740: | CERT 6e 6f 72 74 68 40 74 65 73 74 69 6e 67 2e 6c 69 Aug 26 13:21:37.477742: | CERT 62 72 65 73 77 61 6e 2e 6f 72 67 30 82 01 a2 30 Aug 26 13:21:37.477743: | CERT 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 Aug 26 13:21:37.477745: | CERT 01 8f 00 30 82 01 8a 02 82 01 81 00 c0 59 bd 4b Aug 26 13:21:37.477746: | CERT 40 fd f4 2c e7 cf 9e f3 29 e6 61 73 de ab 42 3d Aug 26 13:21:37.477748: | CERT cc 51 1a e8 79 d6 53 46 a1 fd 66 d1 9e ab b4 65 Aug 26 13:21:37.477749: | CERT 76 51 ad 3f 6f 8f ef d2 73 f9 fd 8f 44 b0 6c 36 Aug 26 13:21:37.477751: | CERT 4b 95 c3 b2 45 0f 31 0c e9 df 35 95 44 c0 19 53 Aug 26 13:21:37.477752: | CERT 8d df 6a 4b b2 af d6 d3 e8 dd f5 20 df 9c cd 8a Aug 26 13:21:37.477754: | CERT f7 6a 09 92 60 00 45 44 39 4c 17 6c 06 02 91 37 Aug 26 13:21:37.477755: | CERT 4b f5 6a c3 5e 21 c6 64 32 32 98 1d b7 99 1f 3c Aug 26 13:21:37.477757: | CERT 13 fe ec c7 a4 a5 3b 37 30 df e4 31 95 47 91 b1 Aug 26 13:21:37.477758: | CERT ca 96 66 b7 9e 49 65 a2 4c 79 54 17 ed 68 19 34 Aug 26 13:21:37.477760: | CERT 9d 7e 67 91 27 51 f0 ee cb b3 90 68 7c 1d fd 83 Aug 26 13:21:37.477761: | CERT 32 06 2e e6 6f d5 f0 62 00 4d ef 11 90 b6 ad 61 Aug 26 13:21:37.477763: | CERT 83 0b 21 94 18 d9 2b 88 09 0d 33 2e 3b 71 18 f4 Aug 26 13:21:37.477764: | CERT ce 4a 45 f3 37 f4 db c0 d6 ab c2 da da cd 6d e0 Aug 26 13:21:37.477766: | CERT a3 9d 21 53 19 34 b1 0c d9 63 7c 45 b7 26 a4 d9 Aug 26 13:21:37.477767: | CERT d6 93 25 1e 1f 74 3c 07 32 69 9b bc 0f db ba 3e Aug 26 13:21:37.477769: | CERT 30 85 a4 3d ec 5c 70 fe fe 7d 64 3c 2c 48 b3 8a Aug 26 13:21:37.477770: | CERT eb 26 bf 05 d4 33 1e c3 f7 1c 24 c9 99 e3 d1 99 Aug 26 13:21:37.477772: | CERT 91 df 32 10 d5 7c 31 7e 9e 6f 70 01 dc 0d d7 21 Aug 26 13:21:37.477773: | CERT 03 76 4d f5 b2 e3 87 30 94 8c b2 0a c0 b4 d9 0b Aug 26 13:21:37.477775: | CERT d4 d9 37 e0 7a 73 13 50 8d 6f 93 9a 7c 5a 1a b2 Aug 26 13:21:37.477776: | CERT 87 7e 0c 64 60 cb 4b 2c ef 22 75 b1 7c 60 3e e3 Aug 26 13:21:37.477778: | CERT e5 f1 94 38 51 8f 00 e8 35 7b b5 01 ed c1 c4 fd Aug 26 13:21:37.477779: | CERT a3 4b 56 42 d6 8b 64 38 74 95 c4 13 70 f0 f0 23 Aug 26 13:21:37.477781: | CERT 29 57 2b ef 74 97 97 76 8d 30 48 91 02 03 01 00 Aug 26 13:21:37.477783: | CERT 01 a3 81 e4 30 81 e1 30 09 06 03 55 1d 13 04 02 Aug 26 13:21:37.477785: | CERT 30 00 30 26 06 03 55 1d 11 04 1f 30 1d 82 1b 6e Aug 26 13:21:37.477786: | CERT 6f 72 74 68 2e 74 65 73 74 69 6e 67 2e 6c 69 62 Aug 26 13:21:37.477788: | CERT 72 65 73 77 61 6e 2e 6f 72 67 30 0b 06 03 55 1d Aug 26 13:21:37.477789: | CERT 0f 04 04 03 02 07 80 30 1d 06 03 55 1d 25 04 16 Aug 26 13:21:37.477791: | CERT 30 14 06 08 2b 06 01 05 05 07 03 01 06 08 2b 06 Aug 26 13:21:37.477792: | CERT 01 05 05 07 03 02 30 41 06 08 2b 06 01 05 05 07 Aug 26 13:21:37.477794: | CERT 01 01 04 35 30 33 30 31 06 08 2b 06 01 05 05 07 Aug 26 13:21:37.477795: | CERT 30 01 86 25 68 74 74 70 3a 2f 2f 6e 69 63 2e 74 Aug 26 13:21:37.477797: | CERT 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 6e Aug 26 13:21:37.477798: | CERT 2e 6f 72 67 3a 32 35 36 30 30 3d 06 03 55 1d 1f Aug 26 13:21:37.477800: | CERT 04 36 30 34 30 32 a0 30 a0 2e 86 2c 68 74 74 70 Aug 26 13:21:37.477801: | CERT 3a 2f 2f 6e 69 63 2e 74 65 73 74 69 6e 67 2e 6c Aug 26 13:21:37.477803: | CERT 69 62 72 65 73 77 61 6e 2e 6f 72 67 2f 72 65 76 Aug 26 13:21:37.477804: | CERT 6f 6b 65 64 2e 63 72 6c 30 0d 06 09 2a 86 48 86 Aug 26 13:21:37.477806: | CERT f7 0d 01 01 0b 05 00 03 81 81 00 9e e9 26 57 73 Aug 26 13:21:37.477807: | CERT c2 4c 64 c6 ab d6 d3 1a 13 4f 6b 48 e3 17 b2 3d Aug 26 13:21:37.477809: | CERT fb 30 93 2d 15 92 6e a3 60 29 10 1d 3e a7 93 48 Aug 26 13:21:37.477810: | CERT 3c 40 5b af 9e e5 93 b7 2f d5 4b 9f db bd ab 5d Aug 26 13:21:37.477812: | CERT 03 57 3a 1a f9 81 87 13 dd 32 e7 93 b5 9e 3b 40 Aug 26 13:21:37.477814: | CERT 3c c6 c9 d5 ce c6 c7 5d da 89 36 3d d0 36 82 fd Aug 26 13:21:37.477815: | CERT b2 ab 00 2a 7c 0e a7 ad 3e e2 b1 5a 0d 88 45 26 Aug 26 13:21:37.477817: | CERT 48 51 b3 c7 79 d7 04 e7 47 5f 28 f8 63 fb ae 58 Aug 26 13:21:37.477818: | CERT 52 8b ba 60 ce 19 ac fa 4e 65 7d Aug 26 13:21:37.477820: | emitting length of ISAKMP Certificate Payload: 1232 Aug 26 13:21:37.477822: "north-dpd/0x2" #1: I am sending a certificate request Aug 26 13:21:37.477825: | ***emit ISAKMP Certificate RequestPayload: Aug 26 13:21:37.477827: | next payload type: ISAKMP_NEXT_SIG (0x9) Aug 26 13:21:37.477829: | cert type: CERT_X509_SIGNATURE (0x4) Aug 26 13:21:37.477831: | next payload chain: ignoring supplied 'ISAKMP Certificate RequestPayload'.'next payload type' value 9:ISAKMP_NEXT_SIG Aug 26 13:21:37.477833: | next payload chain: setting previous 'ISAKMP Certificate Payload'.'next payload type' to current ISAKMP Certificate RequestPayload (7:ISAKMP_NEXT_CR) Aug 26 13:21:37.477835: | next payload chain: saving location 'ISAKMP Certificate RequestPayload'.'next payload type' in 'reply packet' Aug 26 13:21:37.477837: | emitting 175 raw bytes of CA into ISAKMP Certificate RequestPayload Aug 26 13:21:37.477838: | CA 30 81 ac 31 0b 30 09 06 03 55 04 06 13 02 43 41 Aug 26 13:21:37.477840: | CA 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 Aug 26 13:21:37.477841: | CA 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 Aug 26 13:21:37.477843: | CA 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c Aug 26 13:21:37.477844: | CA 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 Aug 26 13:21:37.477846: | CA 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 Aug 26 13:21:37.477847: | CA 6e 74 31 25 30 23 06 03 55 04 03 0c 1c 4c 69 62 Aug 26 13:21:37.477849: | CA 72 65 73 77 61 6e 20 74 65 73 74 20 43 41 20 66 Aug 26 13:21:37.477850: | CA 6f 72 20 6d 61 69 6e 63 61 31 24 30 22 06 09 2a Aug 26 13:21:37.477852: | CA 86 48 86 f7 0d 01 09 01 16 15 74 65 73 74 69 6e Aug 26 13:21:37.477853: | CA 67 40 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 Aug 26 13:21:37.477855: | emitting length of ISAKMP Certificate RequestPayload: 180 Aug 26 13:21:37.477882: | started looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org of kind PKK_RSA Aug 26 13:21:37.477963: | searching for certificate PKK_RSA:AwEAAcBZv vs PKK_RSA:AwEAAcBZv Aug 26 13:21:37.483461: | ***emit ISAKMP Signature Payload: Aug 26 13:21:37.483469: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:21:37.483472: | next payload chain: setting previous 'ISAKMP Certificate RequestPayload'.'next payload type' to current ISAKMP Signature Payload (9:ISAKMP_NEXT_SIG) Aug 26 13:21:37.483474: | next payload chain: saving location 'ISAKMP Signature Payload'.'next payload type' in 'reply packet' Aug 26 13:21:37.483476: | emitting 384 raw bytes of SIG_I into ISAKMP Signature Payload Aug 26 13:21:37.483478: | SIG_I 81 43 65 da b4 99 75 c3 6c ca b0 2a a1 cc 55 51 Aug 26 13:21:37.483479: | SIG_I 85 30 c1 34 43 bf 29 9f 0f 32 6d c1 26 26 5b 40 Aug 26 13:21:37.483481: | SIG_I 4b 11 e5 08 f2 04 eb 3f 56 10 0d 17 3c 01 dd 31 Aug 26 13:21:37.483482: | SIG_I ba e1 1b 63 b5 a7 0d 23 e6 c3 81 15 6e 1f 16 80 Aug 26 13:21:37.483484: | SIG_I 7d 44 f7 cc 79 59 5a eb c7 d4 5d 45 5c e9 d9 e4 Aug 26 13:21:37.483485: | SIG_I 4d ee 07 bd a3 91 ed a6 55 05 fa 5d c1 1e 10 f5 Aug 26 13:21:37.483487: | SIG_I 2b 1b 26 73 94 3e 2d d9 a3 1d ac 18 ec 6b 54 fe Aug 26 13:21:37.483489: | SIG_I 35 28 07 50 37 80 2d 4b ff 03 9d db 8a 34 b7 36 Aug 26 13:21:37.483490: | SIG_I 8e b9 83 48 f6 1f 0a b6 97 7b 4b 09 dd 89 df fe Aug 26 13:21:37.483492: | SIG_I 07 2a 8c b0 07 51 f0 35 e8 9c b1 3e a2 7d 28 39 Aug 26 13:21:37.483493: | SIG_I 8c 84 f5 e8 30 5c 06 20 ad 74 70 b1 f8 71 8f ea Aug 26 13:21:37.483495: | SIG_I 54 1e 2b e0 14 6e 25 e9 01 7a 98 02 05 d9 70 10 Aug 26 13:21:37.483496: | SIG_I 90 a9 55 ea b0 85 4e cf f5 9f f0 3a 5b 70 22 e3 Aug 26 13:21:37.483498: | SIG_I 13 8c d7 94 e0 cb 90 84 6c 09 45 70 af 5e 7b 2a Aug 26 13:21:37.483499: | SIG_I 5e 4c 33 78 4f 12 10 0c 40 c3 56 0b de 44 31 e1 Aug 26 13:21:37.483501: | SIG_I 8c 54 74 7e 59 72 a6 d4 af 27 a8 08 39 9f cb b4 Aug 26 13:21:37.483502: | SIG_I fa 95 ac ca 9a 16 3b c9 59 e8 08 87 be 61 63 e2 Aug 26 13:21:37.483504: | SIG_I 14 23 16 84 e9 b4 71 65 a5 f0 3a cb d8 40 9a 8b Aug 26 13:21:37.483505: | SIG_I 9f 4b 9d 8a 1b a8 e8 c3 8c 97 f7 df 98 09 d1 45 Aug 26 13:21:37.483507: | SIG_I 9d 98 8b 13 cd 1c f3 18 8d ff 02 80 33 9a 8a 44 Aug 26 13:21:37.483508: | SIG_I 4b 77 c6 be 41 38 c6 b1 ce 16 d9 db c9 1e bb 26 Aug 26 13:21:37.483510: | SIG_I 70 ad 7e 8a 4c b7 89 77 89 a2 d4 45 d6 a5 36 ba Aug 26 13:21:37.483511: | SIG_I ca 40 24 f8 d5 47 35 d6 d1 36 43 23 df f3 78 f9 Aug 26 13:21:37.483513: | SIG_I 8b 04 ce fd df 9a 74 ef b8 c5 17 50 b1 b9 24 26 Aug 26 13:21:37.483515: | emitting length of ISAKMP Signature Payload: 388 Aug 26 13:21:37.483516: | Not sending INITIAL_CONTACT Aug 26 13:21:37.483518: | emitting 7 zero bytes of encryption padding into ISAKMP Message Aug 26 13:21:37.483520: | no IKEv1 message padding required Aug 26 13:21:37.483522: | emitting length of ISAKMP Message: 2028 Aug 26 13:21:37.483530: | complete v1 state transition with STF_OK Aug 26 13:21:37.483534: | [RE]START processing: state #1 connection "north-dpd/0x2" from 192.1.2.23 (in complete_v1_state_transition() at ikev1.c:2673) Aug 26 13:21:37.483536: | #1 is idle Aug 26 13:21:37.483538: | doing_xauth:no, t_xauth_client_done:no Aug 26 13:21:37.483539: | IKEv1: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3 Aug 26 13:21:37.483541: | parent state #1: MAIN_I2(open IKE SA) => MAIN_I3(open IKE SA) Aug 26 13:21:37.483543: | event_already_set, deleting event Aug 26 13:21:37.483545: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:21:37.483547: | libevent_free: release ptr-libevent@0x7f83c0002888 Aug 26 13:21:37.483549: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x5649f9abf408 Aug 26 13:21:37.483553: | sending reply packet to 192.1.2.23:500 (from 192.1.3.33:500) Aug 26 13:21:37.483557: | sending 2028 bytes for STATE_MAIN_I2 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Aug 26 13:21:37.483561: | ff 46 30 fd 82 4a 54 6b d9 29 c1 51 cb 06 e4 0b Aug 26 13:21:37.483563: | 05 10 02 01 00 00 00 00 00 00 07 ec 09 48 5a 81 Aug 26 13:21:37.483564: | 65 97 c9 aa 8f 87 10 ee f6 70 ac d3 6c b9 92 21 Aug 26 13:21:37.483566: | 63 6d 14 6c f3 da 5b d8 81 a4 76 ce 24 d7 54 dd Aug 26 13:21:37.483567: | ca e0 9c a5 69 a9 c1 3b 37 b8 5e c3 3c fb a5 08 Aug 26 13:21:37.483569: | 5a 9f 00 81 ab 9b 9f 15 6d d8 e8 23 bf 4b 78 24 Aug 26 13:21:37.483570: | 03 2c 6d d0 f9 e2 66 9a 65 b8 e3 9b 1f 81 3d 49 Aug 26 13:21:37.483572: | 0b b9 1e 61 62 20 f1 65 81 a0 4c e3 55 73 7c 15 Aug 26 13:21:37.483573: | 26 e6 9a 88 4d 08 1e c1 54 16 d1 39 3a 9c e3 67 Aug 26 13:21:37.483575: | 48 46 ca 60 c3 ba 28 a7 8a 17 68 df 27 10 44 f1 Aug 26 13:21:37.483576: | c0 36 a4 d4 c3 77 d8 3a b1 9c 64 59 78 b8 24 2d Aug 26 13:21:37.483578: | 2d 8b b3 8c d0 49 95 32 a0 b6 f3 65 9c 5d 9a 2a Aug 26 13:21:37.483579: | ac 3b 37 94 d1 88 67 5c ae f6 92 5f 44 db 37 e3 Aug 26 13:21:37.483581: | 7d da 4e a8 62 2b 08 11 9e d9 f7 42 0f 3f fa 49 Aug 26 13:21:37.483582: | 57 d3 f6 8e 09 d4 80 44 b7 48 8d 25 79 4d 01 42 Aug 26 13:21:37.483584: | a1 db cf 91 67 c8 08 6a 00 e4 c9 22 01 cd 97 39 Aug 26 13:21:37.483585: | 5e e0 98 ad 3c 67 c0 fc 65 55 9b 9c f2 49 42 f3 Aug 26 13:21:37.483587: | 4d a9 9a 91 88 9b 6a ff 4e 95 f8 59 15 1d 42 87 Aug 26 13:21:37.483589: | e3 1e 22 12 e8 bd e3 ca 6c b2 69 20 35 d7 0c 1f Aug 26 13:21:37.483590: | b3 e5 88 b5 6a a6 c1 6d 83 80 bf b5 90 fb 07 ac Aug 26 13:21:37.483592: | 81 d5 a3 9e c0 db 61 98 bd 77 1e 75 52 73 47 fb Aug 26 13:21:37.483593: | 85 10 2f 15 7b 9b 01 73 a5 d1 f1 e4 d7 e6 35 a9 Aug 26 13:21:37.483595: | be 76 a3 d5 5c 85 18 20 f3 8c bc f4 6f 94 22 71 Aug 26 13:21:37.483596: | df aa 78 c9 70 77 a0 d2 2e 9f 39 cf bd e3 27 56 Aug 26 13:21:37.483598: | b4 3f ba 60 67 2e bd 62 9a 63 31 65 26 76 05 7e Aug 26 13:21:37.483599: | 9f 26 76 33 4e fd 7e 28 21 c9 d8 4f 33 76 7c 2b Aug 26 13:21:37.483601: | 06 28 c7 d3 36 ce fc 0e 40 0d 4e 92 03 f5 1b d5 Aug 26 13:21:37.483602: | b0 75 f0 4c 1a 8e 66 0c 23 23 b7 54 75 3f cb 9f Aug 26 13:21:37.483604: | 66 ca 22 e9 bc 7f ca 92 e9 51 b3 40 d4 56 43 5c Aug 26 13:21:37.483605: | 9e 79 59 89 15 13 55 38 f7 c4 3e 21 af cc cd ee Aug 26 13:21:37.483607: | 91 17 00 6e 1c 31 07 25 fc 25 09 da 9a 07 40 80 Aug 26 13:21:37.483608: | 84 a1 b2 18 d9 2c 60 a5 4e 1a fe b0 3d 92 a2 97 Aug 26 13:21:37.483610: | da ad 20 7c c2 a0 0d ca d0 a0 57 b7 7e 51 ed 60 Aug 26 13:21:37.483611: | 72 73 14 a6 20 48 35 ce 8c 66 27 2e 17 d4 0d 57 Aug 26 13:21:37.483613: | 2f 1f d0 b9 e8 be a3 54 bc 99 9b 9d 2b 2c a8 0b Aug 26 13:21:37.483614: | 9c ec 8f 0d d5 33 52 07 dc 3f 43 96 79 20 ea 72 Aug 26 13:21:37.483616: | dd 1e 63 0e d2 f1 a6 de fe 9a e2 17 14 a6 81 cc Aug 26 13:21:37.483617: | 47 6c f5 68 d4 6c 31 71 89 ce 4a b4 eb b8 fa df Aug 26 13:21:37.483619: | 22 5f 8a 29 d8 13 c2 4c 8a eb 9f d7 45 1e ab 21 Aug 26 13:21:37.483620: | 27 8a 24 aa 98 32 33 30 8f 33 7f 48 06 fa d5 93 Aug 26 13:21:37.483622: | 67 f1 fb 10 73 ec 98 68 05 42 c0 67 aa fa 49 56 Aug 26 13:21:37.483623: | 2b 48 7c 5d d8 8a fe 5d 7d b3 45 29 74 58 69 b7 Aug 26 13:21:37.483625: | 02 44 42 af 4d e0 a4 52 0d 32 b5 b0 33 56 35 4b Aug 26 13:21:37.483626: | 6c 22 28 f3 2a 51 be 7f 2f 20 1f a1 4f 23 41 37 Aug 26 13:21:37.483628: | 38 b7 6c 28 00 97 f2 2e bc 54 40 9f 2d 9b 0c 16 Aug 26 13:21:37.483629: | 0a 49 f3 92 15 3e e5 b7 80 78 f5 c7 d1 9c fa 52 Aug 26 13:21:37.483631: | 56 a6 f2 c7 e2 32 ec e5 71 0d 4a a7 58 98 c0 3a Aug 26 13:21:37.483632: | 7e 06 f5 15 8d b4 c8 6c ac d2 30 39 e8 13 a3 0a Aug 26 13:21:37.483634: | 9b 8e 6f 41 c7 bf 91 cf d4 2c a1 d3 22 ae 49 a4 Aug 26 13:21:37.483635: | 48 cf d5 0c df d0 2f 09 f6 6c ab 40 a9 fe bc 21 Aug 26 13:21:37.483637: | a7 7a 6a 90 32 90 e4 88 7b b5 c7 77 e2 fa cc 33 Aug 26 13:21:37.483638: | 56 9b 3a aa b3 e7 64 da 74 af af 4f ea a0 c7 c0 Aug 26 13:21:37.483641: | 5a 4a b5 4e f4 64 25 20 05 b1 9f 62 72 ae 34 a9 Aug 26 13:21:37.483642: | 08 60 6b 95 60 9e 82 54 57 23 d6 c8 12 65 6e f2 Aug 26 13:21:37.483644: | 4f 99 83 e2 f5 69 a8 b0 2c e3 3e 82 b9 26 f0 47 Aug 26 13:21:37.483645: | 48 0b f1 5c 42 b5 63 fd d7 f7 90 1b 0b 0e 3c 09 Aug 26 13:21:37.483647: | fe 6c 09 eb 6c 53 28 c6 88 44 03 75 ee 0a de fb Aug 26 13:21:37.483648: | a1 55 56 24 90 40 e8 3a 80 ca 25 ca a3 0e 1b a8 Aug 26 13:21:37.483650: | cb 2a f5 92 ce dd 6c b9 d0 97 12 25 c8 40 bb 4e Aug 26 13:21:37.483651: | 31 17 90 c4 a6 62 cd 18 79 e2 14 29 11 6d cd 8b Aug 26 13:21:37.483653: | 63 ad d1 ea fe ca 72 46 0d 8f bd b8 d2 26 72 a1 Aug 26 13:21:37.483654: | 28 24 ef cc 36 d5 3c 0a 77 1a a0 1a 44 8c 4a 06 Aug 26 13:21:37.483656: | dd 35 77 4a 32 2f 84 7d 03 73 d6 de 18 53 fc d2 Aug 26 13:21:37.483657: | 19 fc e9 4e 72 e8 73 43 9b 4c dd 19 8d 0f 03 c2 Aug 26 13:21:37.483659: | 5d 14 ec b1 10 0c 23 e5 72 3b 71 9f 6e 9b 09 eb Aug 26 13:21:37.483660: | 44 01 6e 3b 9a b1 b1 29 38 cb 1b e3 fe e6 1e 53 Aug 26 13:21:37.483662: | dd 96 29 e1 12 e0 6a aa 5e d0 39 b3 f0 b7 46 6a Aug 26 13:21:37.483663: | 03 8a 3d 60 10 f8 d8 35 20 3d 26 ac 06 26 41 44 Aug 26 13:21:37.483665: | 98 db 31 bc ae c8 58 8f ef 79 ff 82 90 15 94 4e Aug 26 13:21:37.483666: | 46 e8 8c 0d 73 b9 59 ca c2 8f 96 b1 a8 99 0f b7 Aug 26 13:21:37.483668: | d8 75 de 59 ff 6a a4 04 23 96 ae 23 3d 59 31 5a Aug 26 13:21:37.483669: | 70 53 55 85 1d 61 f4 d7 35 2b a7 02 f0 ca 84 a5 Aug 26 13:21:37.483671: | 7a 34 a9 1d 7f 76 43 ae 2d be d0 cd 1c 82 98 26 Aug 26 13:21:37.483672: | 40 a7 6a 4b 56 45 45 8e ab 8d 1c 89 1d 00 28 28 Aug 26 13:21:37.483674: | 45 e5 84 a0 9b 9b be 00 dc 2f 50 62 77 8a de 65 Aug 26 13:21:37.483675: | ed 3f e3 2c 16 7b 70 d7 d9 ee af fc 9a 47 b7 b6 Aug 26 13:21:37.483677: | b5 3b 07 68 9f db b4 15 09 26 72 1f 75 47 06 10 Aug 26 13:21:37.483678: | b5 17 b8 43 e2 f7 19 78 ca 59 cb 59 78 ef 50 20 Aug 26 13:21:37.483680: | 47 ef 3f 99 5a a5 64 48 21 b4 42 c1 cf 02 cd 3b Aug 26 13:21:37.483681: | 17 e2 6d fc fe d3 b6 63 a2 31 ca 08 ea 8c 85 47 Aug 26 13:21:37.483683: | e9 12 73 99 50 e9 7d de c2 16 d2 95 2e 8b 62 6f Aug 26 13:21:37.483684: | ca 81 98 20 f2 6d 40 d4 0c 9d 0f 2b de 08 7c 68 Aug 26 13:21:37.483686: | 43 f3 11 8c bc d4 74 6f a0 e8 35 bc 02 ff 16 e3 Aug 26 13:21:37.483687: | 37 d0 43 cf f7 14 ac c8 bd c7 54 cc 72 90 09 52 Aug 26 13:21:37.483689: | d0 0d c1 43 e1 e7 e4 9d 65 43 b9 16 50 93 b9 49 Aug 26 13:21:37.483690: | e2 c4 8f 7d 11 c3 dd e9 e1 d5 b4 6a 73 0b b8 c5 Aug 26 13:21:37.483692: | b5 69 c4 48 76 88 29 4f dd bc 2c 0e d9 60 a7 67 Aug 26 13:21:37.483693: | e7 ec a7 50 57 ed 45 8a 8f 26 37 e4 32 c1 39 85 Aug 26 13:21:37.483695: | 4b 23 f1 34 b4 3c 50 79 8a 0b 28 53 5e 08 d4 7b Aug 26 13:21:37.483696: | 4e 43 e7 49 a7 6f dc e6 57 8a 4e 13 5d b3 43 11 Aug 26 13:21:37.483698: | 79 1a 9c d6 e1 90 c0 5d 2f 64 43 cc 14 40 49 4c Aug 26 13:21:37.483699: | ea 6a 59 60 04 b8 80 d0 14 99 04 e2 a3 01 06 c7 Aug 26 13:21:37.483701: | 55 c2 ef f5 2b 9f cd 51 d7 a8 57 23 78 65 77 0d Aug 26 13:21:37.483702: | d6 00 42 5d 1e ee a4 f2 aa b2 0b 14 6c 34 1d d8 Aug 26 13:21:37.483704: | 99 32 64 df 0e 72 12 f8 fb 56 78 b7 2f b0 a8 ae Aug 26 13:21:37.483705: | e9 37 54 29 b6 3d d1 36 46 a8 db cd d0 71 a2 37 Aug 26 13:21:37.483707: | 1d b9 42 f9 d2 29 db b9 08 4c a9 59 ea a5 50 00 Aug 26 13:21:37.483708: | 10 65 04 df d3 73 b7 7e 55 d5 ec 77 55 7e ef 3c Aug 26 13:21:37.483710: | b7 8f 2c 56 17 4d a1 2b 75 ac 40 0f ca 2b d6 e1 Aug 26 13:21:37.483711: | dd 64 cd f5 3b 50 81 d3 c5 00 fb 7c 7e 3c ae 56 Aug 26 13:21:37.483713: | e0 39 2b 4e 16 e6 13 fc 70 16 b8 4d 26 be ec 9c Aug 26 13:21:37.483714: | 91 07 80 12 84 9b 0c 51 ca 56 ef bf a4 b0 b9 ff Aug 26 13:21:37.483716: | 8f 74 a5 62 c2 a0 33 3b 71 55 b6 47 ed f5 2a d1 Aug 26 13:21:37.483717: | 6e 98 96 79 b3 6f 1a 04 cf 22 82 1e 7e cc 3e 5b Aug 26 13:21:37.483720: | c7 5b af e6 8f 6d 3c de 32 bc 0e 65 5b fc 6a 7e Aug 26 13:21:37.483721: | 0f 39 b1 05 55 39 b0 e4 92 9c 63 06 46 c5 5e 99 Aug 26 13:21:37.483723: | a7 93 da 52 37 4c 59 7a 9a 30 aa 73 17 de 0b 72 Aug 26 13:21:37.483724: | bb b6 10 f8 a4 f2 86 2c b4 94 2c 19 bd 1e d3 4d Aug 26 13:21:37.483726: | 22 f7 c6 c5 a5 ef 1f 5e 3a 91 e5 ef b9 0c 56 14 Aug 26 13:21:37.483727: | 28 ef ca 5d 66 20 d8 6f 8b 8f 66 33 5e 0d 88 da Aug 26 13:21:37.483729: | 20 fb e4 57 c1 36 0a 7f 84 7b 5a 2b d8 41 24 af Aug 26 13:21:37.483730: | 61 a6 4a 4f 51 52 ef 7c 2a 3b d1 54 e0 41 a7 23 Aug 26 13:21:37.483732: | 97 70 f4 3b 1b 45 81 0a 8f 43 b8 5b 93 f4 4c 28 Aug 26 13:21:37.483734: | f6 b7 e9 95 2c 0c e0 0f 98 8a bb dd d5 ab 60 cd Aug 26 13:21:37.483735: | aa 99 0e 38 2a 47 2a 40 74 8d 4d 3c d7 18 eb 07 Aug 26 13:21:37.483737: | 75 ee 0b 60 66 ce c7 7e e8 36 b1 ef 82 ea 47 06 Aug 26 13:21:37.483738: | 2d a8 99 2e 40 c5 26 ad 02 5c 2d 41 6f b6 ac a8 Aug 26 13:21:37.483740: | 9e 47 d8 a9 80 4f 79 c8 c2 7e 39 ba c8 cb ac 2e Aug 26 13:21:37.483741: | fc 04 bb dc 2c 94 5e 81 e9 a8 e7 c4 a4 72 aa 57 Aug 26 13:21:37.483743: | 21 ae 60 ad 0b 75 a8 f9 20 17 66 a3 74 c2 68 55 Aug 26 13:21:37.483744: | 77 1a ff 39 c3 fc 13 65 60 84 30 a5 c5 4c 6c c0 Aug 26 13:21:37.483746: | 62 94 6e 80 20 3e eb a0 b7 e9 f5 f8 18 aa 4c 09 Aug 26 13:21:37.483747: | 4c fd 26 1e 79 76 13 3e 80 7b 28 bc 56 6e 03 cd Aug 26 13:21:37.483749: | 2c b8 bd a8 cc 8b f9 01 0a 61 6f 44 9b 95 ef 27 Aug 26 13:21:37.483750: | 7e 41 06 47 03 3a f7 71 88 46 5a e0 9e b0 57 df Aug 26 13:21:37.483752: | 10 f3 e4 8d cd ca 42 ea 73 09 94 f5 0d 4d e1 88 Aug 26 13:21:37.483753: | 34 99 5a ec 29 c0 3b 15 34 7a 38 4b Aug 26 13:21:37.483783: | !event_already_set at reschedule Aug 26 13:21:37.483787: | event_schedule: new EVENT_RETRANSMIT-pe@0x5649f9abf408 Aug 26 13:21:37.483790: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #1 Aug 26 13:21:37.483792: | libevent_malloc: new ptr-libevent@0x5649f9abf638 size 128 Aug 26 13:21:37.483795: | #1 STATE_MAIN_I3: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 10983.226253 Aug 26 13:21:37.483797: "north-dpd/0x2" #1: STATE_MAIN_I3: sent MI3, expecting MR3 Aug 26 13:21:37.483802: | modecfg pull: noquirk policy:push not-client Aug 26 13:21:37.483804: | phase 1 is done, looking for phase 2 to unpend Aug 26 13:21:37.483807: | resume sending helper answer for #1 suppresed complete_v1_state_transition() Aug 26 13:21:37.483810: | #1 spent 6.17 milliseconds in resume sending helper answer Aug 26 13:21:37.483814: | stop processing: state #1 connection "north-dpd/0x2" from 192.1.2.23 (in resume_handler() at server.c:833) Aug 26 13:21:37.483816: | libevent_free: release ptr-libevent@0x7f83b8000f48 Aug 26 13:21:37.493857: | spent 0.00301 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:21:37.493878: | *received 1884 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 13:21:37.493881: | ff 46 30 fd 82 4a 54 6b d9 29 c1 51 cb 06 e4 0b Aug 26 13:21:37.493882: | 05 10 02 01 00 00 00 00 00 00 07 5c 10 a6 18 c0 Aug 26 13:21:37.493884: | c1 4d f2 1e ae df 64 7f af 09 26 d9 7a 0b 75 9a Aug 26 13:21:37.493885: | 82 a6 d6 c5 f4 bd 78 14 23 4f de 8f 13 35 a8 71 Aug 26 13:21:37.493887: | c5 2d 3e a6 43 a1 da ab 80 d6 98 f0 19 fd ce 93 Aug 26 13:21:37.493888: | a7 2c ff 63 e2 8b e5 ba f4 60 9a 1d 07 ab 87 33 Aug 26 13:21:37.493890: | 75 d3 15 c8 10 76 0c f4 67 60 6d 98 a7 8b be f5 Aug 26 13:21:37.493891: | 4a b5 03 27 d6 b2 d8 49 d8 c5 3e 7f 4e 2b fa 56 Aug 26 13:21:37.493893: | 10 6c b0 d9 17 68 a3 71 0f dc 7b 22 08 6a a6 79 Aug 26 13:21:37.493894: | 40 ba eb 10 d8 fe 61 cc 34 8d f3 13 ed 7c 95 d3 Aug 26 13:21:37.493896: | 60 b7 68 61 38 57 62 11 82 59 92 55 f9 f1 b2 1e Aug 26 13:21:37.493897: | b7 97 94 0b 70 9c 32 f6 94 be b7 3b 91 8c b6 cb Aug 26 13:21:37.493899: | 31 c5 8e eb 94 9c 3f 36 01 91 49 f6 8c 09 03 68 Aug 26 13:21:37.493903: | 41 63 0c 25 a4 7d 62 10 27 52 ab f0 7e be 91 18 Aug 26 13:21:37.493905: | 00 0f 23 42 17 ae da d5 3b 5d e4 91 0e 6d 56 dc Aug 26 13:21:37.493906: | 09 d7 cc 64 70 22 39 c6 ed 90 3f 49 9e 52 3b b6 Aug 26 13:21:37.493908: | e4 81 79 79 96 70 21 6c b5 4e 77 3a 3f d6 d3 e8 Aug 26 13:21:37.493909: | 50 27 13 b6 c1 67 2b 07 34 48 18 55 ca 4e 8c 6e Aug 26 13:21:37.493911: | 14 80 19 04 64 c8 d1 86 71 cd 93 5b d3 27 22 c1 Aug 26 13:21:37.493912: | a4 59 a7 cd d2 9c 35 86 62 40 48 27 52 9b 40 2f Aug 26 13:21:37.493914: | ca b2 df b7 9f 5b 06 ea a1 8f 66 b6 7e 04 1b 60 Aug 26 13:21:37.493915: | ba fc 63 87 2c dd 6c 4a b0 9b d3 66 5d d9 1b 7e Aug 26 13:21:37.493917: | 3b 83 dc 85 e5 2a 33 18 f7 23 62 65 81 39 84 a9 Aug 26 13:21:37.493918: | 6c 4c ac af 1a 35 4c f9 d2 e7 54 d2 3a 66 0d be Aug 26 13:21:37.493920: | 5a c3 83 2a 7b 55 a0 d1 ff 15 98 d9 36 57 0a 61 Aug 26 13:21:37.493921: | b0 4f b5 d1 5c 93 41 c0 ee 07 e5 60 48 90 a6 45 Aug 26 13:21:37.493923: | 0b ab 9c e1 0b d5 92 d9 3d ed 68 98 bf 25 55 44 Aug 26 13:21:37.493924: | c4 ef 4c 97 78 94 b7 3d d7 de 4d c3 ba e2 3b 66 Aug 26 13:21:37.493926: | 8a 58 cf a5 43 d0 20 16 4a 95 92 b6 50 aa 77 9d Aug 26 13:21:37.493927: | 58 f5 28 e1 bb c6 f3 0e bd 51 dc c3 f4 eb 95 03 Aug 26 13:21:37.493929: | fe 27 58 96 01 d1 b3 18 81 c0 aa 66 95 9b 50 39 Aug 26 13:21:37.493930: | 04 69 fd c2 5f 74 0b 5d fc 28 bc be dc 47 26 bd Aug 26 13:21:37.493932: | 98 ea af db a8 a0 69 de 19 b0 30 1f 14 f9 7b 5d Aug 26 13:21:37.493933: | 3d 1a 9c 31 a4 fd ca 09 4b 2b 62 39 7e d5 e5 49 Aug 26 13:21:37.493935: | 72 ea d3 fe 8d a6 cb c6 3b 26 86 59 e4 82 b9 5e Aug 26 13:21:37.493936: | 37 eb 14 b9 ae cb 4e cf 6f 75 4b 17 2a 84 0b e0 Aug 26 13:21:37.493937: | 6a 2c c3 ef 22 00 e6 be 93 5e 44 29 86 83 ff 06 Aug 26 13:21:37.493939: | f6 62 39 b7 3d 10 53 0b 12 1f e5 66 72 7d 0a 62 Aug 26 13:21:37.493940: | a9 5f 64 13 36 b7 f5 e3 1d 65 66 bb d5 8c ac 3c Aug 26 13:21:37.493942: | 73 fe 50 0b 22 42 8d 31 69 2a 3e 26 2d c7 d3 7d Aug 26 13:21:37.493943: | bb 2e e4 2b 22 74 bf 89 18 80 03 85 d0 29 22 62 Aug 26 13:21:37.493945: | 60 1b 4c a7 80 e0 a1 e2 35 e9 04 48 a0 af c0 0d Aug 26 13:21:37.493946: | 40 82 8b 96 e1 8c 60 27 39 8b 87 02 1b 6a f7 12 Aug 26 13:21:37.493948: | b0 d2 30 9f 07 53 8e 02 26 33 83 6d a1 a2 f2 e9 Aug 26 13:21:37.493949: | 8e 90 64 7a 06 00 5d 02 3e 55 65 8a d0 c9 a7 ed Aug 26 13:21:37.493951: | 77 b6 7d 6e a0 bf b5 a0 12 03 9e de 48 a6 5d 3d Aug 26 13:21:37.493952: | 13 31 ba 79 4a 83 01 45 52 e1 ef 4b de d4 db bf Aug 26 13:21:37.493954: | 68 9a 64 1c 18 02 ba 51 18 83 b2 55 3d 49 96 30 Aug 26 13:21:37.493955: | f0 d2 4f e9 0a cc 1c f1 c6 a9 b0 c3 77 c3 d4 59 Aug 26 13:21:37.493957: | 5f 75 b4 b5 fa f1 a9 4b f2 fb 47 f4 43 f2 b5 84 Aug 26 13:21:37.493958: | cd 39 ff dc 0e 4c 0e 7e 88 b8 95 6a 0c b8 9c 27 Aug 26 13:21:37.493960: | 87 5c 63 70 64 7e 3d 54 66 c9 f5 fe 19 4f b9 d3 Aug 26 13:21:37.493961: | 8d 9a f8 39 69 26 fc a5 6a 05 ab 0c ae 29 45 ec Aug 26 13:21:37.493963: | eb 73 cd 50 92 13 bf 96 75 a3 24 25 00 02 a1 98 Aug 26 13:21:37.493964: | a3 ef f1 6b 78 56 a3 78 c3 63 80 da c9 70 ca a7 Aug 26 13:21:37.493966: | 84 0c ec 2c 9c 79 fd b2 90 2c ce ab c7 62 f3 22 Aug 26 13:21:37.493967: | 4c ce 7e fa 0c 11 42 1f 6d e5 d5 9c 23 16 90 bf Aug 26 13:21:37.493969: | 00 1c b9 1e 62 2e 22 09 8a 3f e5 97 bf aa 21 94 Aug 26 13:21:37.493970: | a5 a5 20 bc ff ba f4 01 8d 4d 86 1e 60 5a 83 e0 Aug 26 13:21:37.493972: | a7 01 4f f7 a8 ba 00 0d 92 57 11 75 0f bb 5d ef Aug 26 13:21:37.493973: | a2 eb e0 be 9d 7a 61 3e 38 5c 2c f3 96 37 97 64 Aug 26 13:21:37.493975: | f6 48 17 54 41 ad 4a 7b 5a 01 fb 5e 43 e3 28 d2 Aug 26 13:21:37.493976: | de 03 aa eb 18 af 97 95 89 4b d5 ff 97 00 d8 44 Aug 26 13:21:37.493978: | f0 3e 5a 58 86 dc 0c 88 ea 12 bf 95 60 8e 7d dd Aug 26 13:21:37.493979: | ac 16 e5 86 38 49 58 01 da c9 f5 29 b7 64 7e 46 Aug 26 13:21:37.493982: | 11 d7 33 e4 36 91 88 2d 97 de 8a 8a b4 1a 64 7f Aug 26 13:21:37.493983: | c7 61 d8 88 63 36 28 e8 db 72 ad 40 e4 1a 52 a7 Aug 26 13:21:37.493985: | 20 a9 c1 f8 01 3b c3 25 50 a2 7a a8 92 02 e5 d2 Aug 26 13:21:37.493986: | 67 47 20 52 7c 47 da 4e 4f 0b 40 46 ec a4 da 23 Aug 26 13:21:37.493988: | 20 f3 bf d0 2d 05 0e 01 12 bb eb 26 28 69 cc c3 Aug 26 13:21:37.493989: | d0 1d 68 dc 0d 3e ef 49 0f 84 4e e6 0d 00 bb 32 Aug 26 13:21:37.493991: | 80 f8 36 c4 67 d6 02 60 19 91 62 b7 d6 ee a3 8f Aug 26 13:21:37.493992: | c3 bc 48 4f 0d 58 80 5b b3 20 f9 d9 be 30 1d 81 Aug 26 13:21:37.493994: | 4f 02 1a f5 76 25 5d 84 13 eb 22 87 e9 32 db fe Aug 26 13:21:37.493995: | c4 ad f3 3d 5e cd ba 08 62 9e bd 9d 0c 08 5e f2 Aug 26 13:21:37.493997: | 41 7e 6e 81 3e e4 15 bb 9a 07 a3 b0 c0 75 5d 40 Aug 26 13:21:37.493998: | d3 47 30 eb f5 81 d6 da 3c d8 53 48 95 45 20 ef Aug 26 13:21:37.494000: | fb d1 00 7a a8 82 3b 9d a4 6e 6c f9 c8 86 e5 1a Aug 26 13:21:37.494001: | 43 2a 7a 56 6b 65 0f e6 04 75 5c c1 2a 87 ea 43 Aug 26 13:21:37.494003: | 7b df 52 ba 6b f7 18 32 17 c5 83 99 f1 32 50 36 Aug 26 13:21:37.494004: | 12 21 8c 25 f1 a4 42 bb 0a b4 31 6f 94 0a 06 c5 Aug 26 13:21:37.494006: | ee 87 45 7f 38 39 f3 2a 15 59 2d 3a 8a 07 16 8b Aug 26 13:21:37.494007: | 6e 3c 7e e8 f2 17 fc e5 e9 64 63 6b 8b 40 a0 d4 Aug 26 13:21:37.494009: | 4d ba 2c aa 2d e4 06 cb 9d da 45 14 d5 9f c9 87 Aug 26 13:21:37.494010: | 88 b2 d2 a3 b3 40 fa 51 b8 c9 24 76 e8 48 e4 3c Aug 26 13:21:37.494012: | c2 00 af 27 7c 1c 5d 32 6f 14 83 00 e3 9e 81 ec Aug 26 13:21:37.494013: | b7 53 1c 95 23 ed aa 46 d4 97 4f c6 61 1e c7 a0 Aug 26 13:21:37.494015: | ac c0 79 7e 3d 52 0c d8 0f d6 7b 41 71 77 b7 36 Aug 26 13:21:37.494016: | e1 b2 30 92 bd 48 bb d4 fe 6c e6 bc 5f d3 45 c1 Aug 26 13:21:37.494018: | d2 da ef f9 2c d4 63 6a c6 3a a2 b7 25 0a 16 0f Aug 26 13:21:37.494019: | 08 cc 5f 2e 44 df 0a d9 33 1e cb ce 3f 07 36 7e Aug 26 13:21:37.494021: | ad 28 44 8a 56 9a 62 64 07 7e 9e cd e4 99 5e 06 Aug 26 13:21:37.494022: | d8 41 ea 31 74 ce e0 a1 7e a4 e9 ac b6 2a c0 5e Aug 26 13:21:37.494024: | e6 bd 35 db 1c 03 18 c3 1e b6 f4 6f d7 e6 71 bb Aug 26 13:21:37.494025: | b1 c7 06 26 ea c3 ac 89 83 66 97 7c 7b 22 83 08 Aug 26 13:21:37.494027: | 4f 2a 4a 79 90 95 6b d3 62 ae 56 a3 27 1b 7d 27 Aug 26 13:21:37.494028: | 10 17 58 8a 14 d3 4f c3 8a d8 f2 2e 0e 76 84 5e Aug 26 13:21:37.494030: | 3e ae 90 fa 86 d4 7c 9a b3 f1 50 c4 5e a3 01 13 Aug 26 13:21:37.494031: | e9 af e8 ed a0 7e 72 18 72 ec 18 79 d0 c2 1b 22 Aug 26 13:21:37.494033: | 55 da f4 30 96 55 ae e5 e2 d3 5d fa 5b 8f 4a 05 Aug 26 13:21:37.494034: | cd 98 85 38 14 67 6f 9b ee 6d 95 a4 93 4b 21 f6 Aug 26 13:21:37.494036: | 3f d1 f3 d2 30 29 e2 16 a6 e4 7a 65 ce 55 19 89 Aug 26 13:21:37.494037: | 3e 0e f0 5c 95 0a 03 61 fe 83 2e 39 f3 a4 a4 c4 Aug 26 13:21:37.494039: | 27 75 a9 6d 52 a8 5a c0 9e f1 71 15 05 69 67 00 Aug 26 13:21:37.494040: | 02 01 38 df 15 33 4b 7a 74 56 4d 84 ba 87 8c 1a Aug 26 13:21:37.494042: | fd 51 6f 77 d6 0b b9 2a b4 df 95 aa 22 47 5b 0b Aug 26 13:21:37.494043: | e2 dc 05 8d 0f 48 35 45 8c e5 14 34 57 ff d5 1c Aug 26 13:21:37.494045: | 6e cb 3c be 3d 6e 09 9c ab b7 08 1f 3b fc c6 d3 Aug 26 13:21:37.494046: | 39 b4 dd 90 bf 57 b5 e7 e4 ad 00 b1 0c 89 df 56 Aug 26 13:21:37.494048: | 65 bf ab c8 22 e7 bd 6f ea b9 11 f1 ac db d5 45 Aug 26 13:21:37.494049: | 59 8f fd 8a 02 89 27 a9 e7 01 7f 23 01 5e cf 9b Aug 26 13:21:37.494051: | f3 fe 3b 2b 63 41 bb a7 65 c7 6a bc 53 7b 98 5c Aug 26 13:21:37.494052: | 07 65 4d d8 dc 32 39 c7 fd c2 10 cb f2 64 13 e4 Aug 26 13:21:37.494054: | 69 7f d6 2c 90 c7 92 8d 6f eb 6f de eb 1b ae 52 Aug 26 13:21:37.494055: | 3b 8a 55 9a 96 37 f7 09 da 33 1e f1 06 ba 82 ec Aug 26 13:21:37.494057: | 1e b0 ab fa da 85 e4 b7 44 66 b3 25 06 ee f5 e4 Aug 26 13:21:37.494059: | 76 0e a6 40 3e f5 54 28 d1 66 1f 12 0f 30 10 1a Aug 26 13:21:37.494061: | f4 79 5b ba a3 a2 3d 3f 32 02 c6 66 Aug 26 13:21:37.494064: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 13:21:37.494067: | **parse ISAKMP Message: Aug 26 13:21:37.494069: | initiator cookie: Aug 26 13:21:37.494070: | ff 46 30 fd 82 4a 54 6b Aug 26 13:21:37.494072: | responder cookie: Aug 26 13:21:37.494073: | d9 29 c1 51 cb 06 e4 0b Aug 26 13:21:37.494075: | next payload type: ISAKMP_NEXT_ID (0x5) Aug 26 13:21:37.494077: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 13:21:37.494079: | exchange type: ISAKMP_XCHG_IDPROT (0x2) Aug 26 13:21:37.494081: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 13:21:37.494082: | Message ID: 0 (0x0) Aug 26 13:21:37.494084: | length: 1884 (0x75c) Aug 26 13:21:37.494086: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) Aug 26 13:21:37.494089: | State DB: found IKEv1 state #1 in MAIN_I3 (find_state_ikev1) Aug 26 13:21:37.494092: | start processing: state #1 connection "north-dpd/0x2" from 192.1.2.23 (in process_v1_packet() at ikev1.c:1459) Aug 26 13:21:37.494094: | #1 is idle Aug 26 13:21:37.494096: | #1 idle Aug 26 13:21:37.494098: | received encrypted packet from 192.1.2.23:500 Aug 26 13:21:37.494113: | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x220 opt: 0x20c0 Aug 26 13:21:37.494116: | ***parse ISAKMP Identification Payload: Aug 26 13:21:37.494117: | next payload type: ISAKMP_NEXT_CERT (0x6) Aug 26 13:21:37.494119: | length: 191 (0xbf) Aug 26 13:21:37.494121: | ID type: ID_DER_ASN1_DN (0x9) Aug 26 13:21:37.494122: | DOI specific A: 0 (0x0) Aug 26 13:21:37.494124: | DOI specific B: 0 (0x0) Aug 26 13:21:37.494126: | obj: 30 81 b4 31 0b 30 09 06 03 55 04 06 13 02 43 41 Aug 26 13:21:37.494127: | obj: 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 Aug 26 13:21:37.494129: | obj: 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 Aug 26 13:21:37.494130: | obj: 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c Aug 26 13:21:37.494132: | obj: 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 Aug 26 13:21:37.494133: | obj: 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 Aug 26 13:21:37.494135: | obj: 6e 74 31 23 30 21 06 03 55 04 03 0c 1a 65 61 73 Aug 26 13:21:37.494137: | obj: 74 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 Aug 26 13:21:37.494138: | obj: 77 61 6e 2e 6f 72 67 31 2e 30 2c 06 09 2a 86 48 Aug 26 13:21:37.494140: | obj: 86 f7 0d 01 09 01 16 1f 75 73 65 72 2d 65 61 73 Aug 26 13:21:37.494141: | obj: 74 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 Aug 26 13:21:37.494143: | obj: 77 61 6e 2e 6f 72 67 Aug 26 13:21:37.494144: | got payload 0x40 (ISAKMP_NEXT_CERT) needed: 0x200 opt: 0x20c0 Aug 26 13:21:37.494146: | ***parse ISAKMP Certificate Payload: Aug 26 13:21:37.494148: | next payload type: ISAKMP_NEXT_SIG (0x9) Aug 26 13:21:37.494149: | length: 1265 (0x4f1) Aug 26 13:21:37.494151: | cert encoding: CERT_X509_SIGNATURE (0x4) Aug 26 13:21:37.494153: | got payload 0x200 (ISAKMP_NEXT_SIG) needed: 0x200 opt: 0x20c0 Aug 26 13:21:37.494155: | ***parse ISAKMP Signature Payload: Aug 26 13:21:37.494156: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:21:37.494158: | length: 388 (0x184) Aug 26 13:21:37.494159: | removing 12 bytes of padding Aug 26 13:21:37.494161: | message 'main_inR3' HASH payload not checked early Aug 26 13:21:37.494164: | DER ASN1 DN: 30 81 b4 31 0b 30 09 06 03 55 04 06 13 02 43 41 Aug 26 13:21:37.494166: | DER ASN1 DN: 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 Aug 26 13:21:37.494167: | DER ASN1 DN: 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 Aug 26 13:21:37.494169: | DER ASN1 DN: 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c Aug 26 13:21:37.494171: | DER ASN1 DN: 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 Aug 26 13:21:37.494172: | DER ASN1 DN: 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 Aug 26 13:21:37.494175: | DER ASN1 DN: 6e 74 31 23 30 21 06 03 55 04 03 0c 1a 65 61 73 Aug 26 13:21:37.494176: | DER ASN1 DN: 74 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 Aug 26 13:21:37.494178: | DER ASN1 DN: 77 61 6e 2e 6f 72 67 31 2e 30 2c 06 09 2a 86 48 Aug 26 13:21:37.494180: | DER ASN1 DN: 86 f7 0d 01 09 01 16 1f 75 73 65 72 2d 65 61 73 Aug 26 13:21:37.494181: | DER ASN1 DN: 74 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 Aug 26 13:21:37.494183: | DER ASN1 DN: 77 61 6e 2e 6f 72 67 Aug 26 13:21:37.494188: "north-dpd/0x2" #1: Peer ID is ID_DER_ASN1_DN: 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' Aug 26 13:21:37.494199: | global one-shot timer EVENT_FREE_ROOT_CERTS scheduled in 300 seconds Aug 26 13:21:37.494202: loading root certificate cache Aug 26 13:21:37.496890: | spent 2.67 milliseconds in get_root_certs() calling PK11_ListCertsInSlot() Aug 26 13:21:37.496914: | spent 0.0147 milliseconds in get_root_certs() filtering CAs Aug 26 13:21:37.496920: | #1 spent 2.71 milliseconds in find_and_verify_certs() calling get_root_certs() Aug 26 13:21:37.496924: | checking for known CERT payloads Aug 26 13:21:37.496926: | saving certificate of type 'X509_SIGNATURE' Aug 26 13:21:37.496954: | decoded cert: E=user-east@testing.libreswan.org,CN=east.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA Aug 26 13:21:37.496959: | #1 spent 0.0337 milliseconds in find_and_verify_certs() calling decode_cert_payloads() Aug 26 13:21:37.496962: | cert_issuer_has_current_crl: looking for a CRL issued by E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA Aug 26 13:21:37.496995: | #1 spent 0.0319 milliseconds in find_and_verify_certs() calling crl_update_check() Aug 26 13:21:37.496998: | missing or expired CRL Aug 26 13:21:37.497001: | crl_strict: 0, ocsp: 0, ocsp_strict: 0, ocsp_post: 0 Aug 26 13:21:37.497003: | verify_end_cert trying profile IPsec Aug 26 13:21:37.497088: | certificate is valid (profile IPsec) Aug 26 13:21:37.497094: | #1 spent 0.0922 milliseconds in find_and_verify_certs() calling verify_end_cert() Aug 26 13:21:37.497097: "north-dpd/0x2" #1: certificate verified OK: E=user-east@testing.libreswan.org,CN=east.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA Aug 26 13:21:37.497152: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x5649f9ae0738 Aug 26 13:21:37.497156: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x5649f9acdeb8 Aug 26 13:21:37.497158: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x5649f9acdd08 Aug 26 13:21:37.497160: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x5649f9acdb58 Aug 26 13:21:37.497161: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x5649f9a90c28 Aug 26 13:21:37.497341: | unreference key: 0x5649f9ae04e8 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org cnt 1-- Aug 26 13:21:37.497350: | #1 spent 0.22 milliseconds in decode_certs() calling add_pubkey_from_nss_cert() Aug 26 13:21:37.497353: | #1 spent 3.12 milliseconds in decode_certs() Aug 26 13:21:37.497361: | ID_DER_ASN1_DN 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' needs further ID comparison against 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' Aug 26 13:21:37.497363: | ID_DER_ASN1_DN 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' matched our ID Aug 26 13:21:37.497365: | SAN ID matched, updating that.cert Aug 26 13:21:37.497367: | X509: CERT and ID matches current connection Aug 26 13:21:37.497391: | required RSA CA is 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:21:37.497397: | checking RSA keyid 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' for match with 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' Aug 26 13:21:37.497404: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:21:37.497407: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:21:37.497411: | key issuer CA is 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:21:37.497508: | an RSA Sig check passed with *AwEAAbEef [remote certificates] Aug 26 13:21:37.497513: | #1 spent 0.0986 milliseconds in try_all_RSA_keys() trying a pubkey Aug 26 13:21:37.497515: "north-dpd/0x2" #1: Authenticated using RSA Aug 26 13:21:37.497521: | FOR_EACH_CONNECTION_... in ISAKMP_SA_established Aug 26 13:21:37.497580: | complete v1 state transition with STF_OK Aug 26 13:21:37.497586: | [RE]START processing: state #1 connection "north-dpd/0x2" from 192.1.2.23 (in complete_v1_state_transition() at ikev1.c:2673) Aug 26 13:21:37.497588: | #1 is idle Aug 26 13:21:37.497590: | doing_xauth:no, t_xauth_client_done:no Aug 26 13:21:37.497592: | IKEv1: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4 Aug 26 13:21:37.497594: | parent state #1: MAIN_I3(open IKE SA) => MAIN_I4(established IKE SA) Aug 26 13:21:37.497596: | event_already_set, deleting event Aug 26 13:21:37.497598: | state #1 requesting EVENT_RETRANSMIT to be deleted Aug 26 13:21:37.497600: | #1 STATE_MAIN_I4: retransmits: cleared Aug 26 13:21:37.497603: | libevent_free: release ptr-libevent@0x5649f9abf638 Aug 26 13:21:37.497605: | free_event_entry: release EVENT_RETRANSMIT-pe@0x5649f9abf408 Aug 26 13:21:37.497607: | !event_already_set at reschedule Aug 26 13:21:37.497609: | event_schedule: new EVENT_SA_REPLACE-pe@0x5649f9abf408 Aug 26 13:21:37.497627: | inserting event EVENT_SA_REPLACE, timeout in 2607 seconds for #1 Aug 26 13:21:37.497629: | libevent_malloc: new ptr-libevent@0x5649f9ae28c8 size 128 Aug 26 13:21:37.497631: | pstats #1 ikev1.isakmp established Aug 26 13:21:37.497634: "north-dpd/0x2" #1: STATE_MAIN_I4: ISAKMP SA established {auth=RSA_SIG cipher=AES_CBC_256 integ=HMAC_SHA2_256 group=MODP2048} Aug 26 13:21:37.497639: | DPD: dpd_init() called on ISAKMP SA Aug 26 13:21:37.497641: | DPD: Peer supports Dead Peer Detection Aug 26 13:21:37.497643: | modecfg pull: noquirk policy:push not-client Aug 26 13:21:37.497645: | phase 1 is done, looking for phase 2 to unpend Aug 26 13:21:37.497659: | unpending state #1 Aug 26 13:21:37.497664: | creating state object #2 at 0x5649f9adb498 Aug 26 13:21:37.497667: | State DB: adding IKEv1 state #2 in UNDEFINED Aug 26 13:21:37.497669: | pstats #2 ikev1.ipsec started Aug 26 13:21:37.497671: | duplicating state object #1 "north-dpd/0x2" as #2 for IPSEC SA Aug 26 13:21:37.497674: | #2 setting local endpoint to 192.1.3.33:500 from #1.st_localport (in duplicate_state() at state.c:1484) Aug 26 13:21:37.497679: | in connection_discard for connection north-dpd/0x2 Aug 26 13:21:37.497682: | suspend processing: state #1 connection "north-dpd/0x2" from 192.1.2.23 (in quick_outI1() at ikev1_quick.c:685) Aug 26 13:21:37.497685: | start processing: state #2 connection "north-dpd/0x1" from 192.1.2.23 (in quick_outI1() at ikev1_quick.c:685) Aug 26 13:21:37.497689: | child state #2: UNDEFINED(ignore) => QUICK_I1(established CHILD SA) Aug 26 13:21:37.497693: "north-dpd/0x1" #2: initiating Quick Mode RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO {using isakmp#1 msgid:0d251a9e proposal=defaults pfsgroup=MODP2048} Aug 26 13:21:37.497698: | adding quick_outI1 KE work-order 3 for state #2 Aug 26 13:21:37.497700: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x5649f9ac2358 Aug 26 13:21:37.497706: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #2 Aug 26 13:21:37.497708: | libevent_malloc: new ptr-libevent@0x5649f9ab61c8 size 128 Aug 26 13:21:37.497710: | libevent_realloc: release ptr-libevent@0x5649f9a4e1b8 Aug 26 13:21:37.497712: | libevent_realloc: new ptr-libevent@0x5649f9ab54d8 size 128 Aug 26 13:21:37.497718: | stop processing: state #2 connection "north-dpd/0x1" from 192.1.2.23 (in quick_outI1() at ikev1_quick.c:764) Aug 26 13:21:37.497721: | resume processing: state #1 connection "north-dpd/0x2" from 192.1.2.23 (in quick_outI1() at ikev1_quick.c:764) Aug 26 13:21:37.497723: | unqueuing pending Quick Mode with 192.1.2.23 "north-dpd/0x1" Aug 26 13:21:37.497725: | removing pending policy for no connection {0x5649f9aa18f8} Aug 26 13:21:37.497729: | creating state object #3 at 0x5649f9ad9b88 Aug 26 13:21:37.497732: | State DB: adding IKEv1 state #3 in UNDEFINED Aug 26 13:21:37.497725: | crypto helper 3 resuming Aug 26 13:21:37.497736: | pstats #3 ikev1.ipsec started Aug 26 13:21:37.497747: | duplicating state object #1 "north-dpd/0x2" as #3 for IPSEC SA Aug 26 13:21:37.497743: | crypto helper 3 starting work-order 3 for state #2 Aug 26 13:21:37.497753: | #3 setting local endpoint to 192.1.3.33:500 from #1.st_localport (in duplicate_state() at state.c:1484) Aug 26 13:21:37.497757: | crypto helper 3 doing build KE and nonce (quick_outI1 KE); request ID 3 Aug 26 13:21:37.497763: | suspend processing: state #1 connection "north-dpd/0x2" from 192.1.2.23 (in quick_outI1() at ikev1_quick.c:685) Aug 26 13:21:37.497766: | start processing: state #3 connection "north-dpd/0x2" from 192.1.2.23 (in quick_outI1() at ikev1_quick.c:685) Aug 26 13:21:37.497770: | child state #3: UNDEFINED(ignore) => QUICK_I1(established CHILD SA) Aug 26 13:21:37.497774: "north-dpd/0x2" #3: initiating Quick Mode RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO {using isakmp#1 msgid:60c91e6e proposal=defaults pfsgroup=MODP2048} Aug 26 13:21:37.497780: | adding quick_outI1 KE work-order 4 for state #3 Aug 26 13:21:37.497782: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x5649f9a4e1b8 Aug 26 13:21:37.497784: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #3 Aug 26 13:21:37.497786: | libevent_malloc: new ptr-libevent@0x5649f9ab60f8 size 128 Aug 26 13:21:37.497791: | stop processing: state #3 connection "north-dpd/0x2" from 192.1.2.23 (in quick_outI1() at ikev1_quick.c:764) Aug 26 13:21:37.497794: | resume processing: state #1 connection "north-dpd/0x2" from 192.1.2.23 (in quick_outI1() at ikev1_quick.c:764) Aug 26 13:21:37.497796: | unqueuing pending Quick Mode with 192.1.2.23 "north-dpd/0x2" Aug 26 13:21:37.497798: | removing pending policy for no connection {0x5649f99a2898} Aug 26 13:21:37.497801: | close_any(fd@24) (in release_whack() at state.c:654) Aug 26 13:21:37.497804: | #1 spent 3.6 milliseconds in process_packet_tail() Aug 26 13:21:37.497807: | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) Aug 26 13:21:37.497810: | stop processing: state #1 connection "north-dpd/0x2" from 192.1.2.23 (in process_md() at demux.c:382) Aug 26 13:21:37.497812: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:21:37.497815: | spent 3.91 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:21:37.497816: | crypto helper 4 resuming Aug 26 13:21:37.497827: | crypto helper 4 starting work-order 4 for state #3 Aug 26 13:21:37.497831: | crypto helper 4 doing build KE and nonce (quick_outI1 KE); request ID 4 Aug 26 13:21:37.498379: | crypto helper 3 finished build KE and nonce (quick_outI1 KE); request ID 3 time elapsed 0.000622 seconds Aug 26 13:21:37.498389: | (#2) spent 0.627 milliseconds in crypto helper computing work-order 3: quick_outI1 KE (pcr) Aug 26 13:21:37.498391: | crypto helper 3 sending results from work-order 3 for state #2 to event queue Aug 26 13:21:37.498393: | scheduling resume sending helper answer for #2 Aug 26 13:21:37.498396: | libevent_malloc: new ptr-libevent@0x7f83bc003f28 size 128 Aug 26 13:21:37.498403: | crypto helper 3 waiting (nothing to do) Aug 26 13:21:37.498439: | processing resume sending helper answer for #2 Aug 26 13:21:37.498448: | start processing: state #2 connection "north-dpd/0x1" from 192.1.2.23 (in resume_handler() at server.c:797) Aug 26 13:21:37.498452: | crypto helper 3 replies to request ID 3 Aug 26 13:21:37.498454: | calling continuation function 0x5649f7dc5b50 Aug 26 13:21:37.498456: | quick_outI1_continue for #2: calculated ke+nonce, sending I1 Aug 26 13:21:37.498460: | **emit ISAKMP Message: Aug 26 13:21:37.498461: | initiator cookie: Aug 26 13:21:37.498463: | ff 46 30 fd 82 4a 54 6b Aug 26 13:21:37.498465: | responder cookie: Aug 26 13:21:37.498466: | d9 29 c1 51 cb 06 e4 0b Aug 26 13:21:37.498468: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:21:37.498470: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 13:21:37.498472: | exchange type: ISAKMP_XCHG_QUICK (0x20) Aug 26 13:21:37.498474: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 13:21:37.498476: | Message ID: 220535454 (0xd251a9e) Aug 26 13:21:37.498478: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:21:37.498480: | ***emit ISAKMP Hash Payload: Aug 26 13:21:37.498482: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:21:37.498484: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Aug 26 13:21:37.498486: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'reply packet' Aug 26 13:21:37.498488: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Aug 26 13:21:37.498490: | emitting length of ISAKMP Hash Payload: 36 Aug 26 13:21:37.498491: | emitting quick defaults using policy none Aug 26 13:21:37.498493: | empty esp_info, returning defaults for ENCRYPT Aug 26 13:21:37.498496: | ***emit ISAKMP Security Association Payload: Aug 26 13:21:37.498498: | next payload type: ISAKMP_NEXT_NONCE (0xa) Aug 26 13:21:37.498500: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 13:21:37.498502: | next payload chain: ignoring supplied 'ISAKMP Security Association Payload'.'next payload type' value 10:ISAKMP_NEXT_NONCE Aug 26 13:21:37.498504: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Security Association Payload (1:ISAKMP_NEXT_SA) Aug 26 13:21:37.498506: | next payload chain: saving location 'ISAKMP Security Association Payload'.'next payload type' in 'reply packet' Aug 26 13:21:37.498508: | ****emit IPsec DOI SIT: Aug 26 13:21:37.498510: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) Aug 26 13:21:37.498512: | ikev1_out_sa pcn: 0 has 1 valid proposals Aug 26 13:21:37.498514: | ikev1_out_sa pcn: 0 pn: 0<1 valid_count: 1 trans_cnt: 2 Aug 26 13:21:37.498516: | ****emit ISAKMP Proposal Payload: Aug 26 13:21:37.498517: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:21:37.498519: | proposal number: 0 (0x0) Aug 26 13:21:37.498521: | protocol ID: PROTO_IPSEC_ESP (0x3) Aug 26 13:21:37.498522: | SPI size: 4 (0x4) Aug 26 13:21:37.498524: | number of transforms: 2 (0x2) Aug 26 13:21:37.498526: | last substructure: saving location 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' Aug 26 13:21:37.498540: | netlink_get_spi: allocated 0x4ad1f014 for esp.0@192.1.3.33 Aug 26 13:21:37.498542: | emitting 4 raw bytes of SPI into ISAKMP Proposal Payload Aug 26 13:21:37.498544: | SPI 4a d1 f0 14 Aug 26 13:21:37.498546: | *****emit ISAKMP Transform Payload (ESP): Aug 26 13:21:37.498547: | next payload type: ISAKMP_NEXT_T (0x3) Aug 26 13:21:37.498549: | ESP transform number: 0 (0x0) Aug 26 13:21:37.498551: | ESP transform ID: ESP_AES (0xc) Aug 26 13:21:37.498553: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' Aug 26 13:21:37.498555: | ******emit ISAKMP IPsec DOI attribute: Aug 26 13:21:37.498557: | af+type: AF+GROUP_DESCRIPTION (0x8003) Aug 26 13:21:37.498558: | length/value: 14 (0xe) Aug 26 13:21:37.498562: | [14 is OAKLEY_GROUP_MODP2048] Aug 26 13:21:37.498564: | ******emit ISAKMP IPsec DOI attribute: Aug 26 13:21:37.498566: | af+type: AF+ENCAPSULATION_MODE (0x8004) Aug 26 13:21:37.498568: | length/value: 1 (0x1) Aug 26 13:21:37.498569: | [1 is ENCAPSULATION_MODE_TUNNEL] Aug 26 13:21:37.498571: | ******emit ISAKMP IPsec DOI attribute: Aug 26 13:21:37.498573: | af+type: AF+SA_LIFE_TYPE (0x8001) Aug 26 13:21:37.498574: | length/value: 1 (0x1) Aug 26 13:21:37.498576: | [1 is SA_LIFE_TYPE_SECONDS] Aug 26 13:21:37.498577: | ******emit ISAKMP IPsec DOI attribute: Aug 26 13:21:37.498579: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) Aug 26 13:21:37.498581: | length/value: 28800 (0x7080) Aug 26 13:21:37.498582: | ******emit ISAKMP IPsec DOI attribute: Aug 26 13:21:37.498584: | af+type: AF+AUTH_ALGORITHM (0x8005) Aug 26 13:21:37.498585: | length/value: 2 (0x2) Aug 26 13:21:37.498587: | [2 is AUTH_ALGORITHM_HMAC_SHA1] Aug 26 13:21:37.498589: | ******emit ISAKMP IPsec DOI attribute: Aug 26 13:21:37.498590: | af+type: AF+KEY_LENGTH (0x8006) Aug 26 13:21:37.498592: | length/value: 128 (0x80) Aug 26 13:21:37.498594: | emitting length of ISAKMP Transform Payload (ESP): 32 Aug 26 13:21:37.498595: | *****emit ISAKMP Transform Payload (ESP): Aug 26 13:21:37.498597: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:21:37.498599: | ESP transform number: 1 (0x1) Aug 26 13:21:37.498600: | ESP transform ID: ESP_3DES (0x3) Aug 26 13:21:37.498602: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Aug 26 13:21:37.498604: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' Aug 26 13:21:37.498606: | ******emit ISAKMP IPsec DOI attribute: Aug 26 13:21:37.498607: | af+type: AF+GROUP_DESCRIPTION (0x8003) Aug 26 13:21:37.498609: | length/value: 14 (0xe) Aug 26 13:21:37.498611: | [14 is OAKLEY_GROUP_MODP2048] Aug 26 13:21:37.498612: | ******emit ISAKMP IPsec DOI attribute: Aug 26 13:21:37.498614: | af+type: AF+ENCAPSULATION_MODE (0x8004) Aug 26 13:21:37.498615: | length/value: 1 (0x1) Aug 26 13:21:37.498617: | [1 is ENCAPSULATION_MODE_TUNNEL] Aug 26 13:21:37.498618: | ******emit ISAKMP IPsec DOI attribute: Aug 26 13:21:37.498620: | af+type: AF+SA_LIFE_TYPE (0x8001) Aug 26 13:21:37.498621: | length/value: 1 (0x1) Aug 26 13:21:37.498623: | [1 is SA_LIFE_TYPE_SECONDS] Aug 26 13:21:37.498625: | ******emit ISAKMP IPsec DOI attribute: Aug 26 13:21:37.498626: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) Aug 26 13:21:37.498628: | length/value: 28800 (0x7080) Aug 26 13:21:37.498629: | ******emit ISAKMP IPsec DOI attribute: Aug 26 13:21:37.498631: | af+type: AF+AUTH_ALGORITHM (0x8005) Aug 26 13:21:37.498632: | length/value: 2 (0x2) Aug 26 13:21:37.498634: | [2 is AUTH_ALGORITHM_HMAC_SHA1] Aug 26 13:21:37.498636: | emitting length of ISAKMP Transform Payload (ESP): 28 Aug 26 13:21:37.498637: | emitting length of ISAKMP Proposal Payload: 72 Aug 26 13:21:37.498639: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' is 0 Aug 26 13:21:37.498641: | emitting length of ISAKMP Security Association Payload: 84 Aug 26 13:21:37.498643: | last substructure: checking 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' is 0 Aug 26 13:21:37.498645: | ***emit ISAKMP Nonce Payload: Aug 26 13:21:37.498647: | next payload type: ISAKMP_NEXT_KE (0x4) Aug 26 13:21:37.498649: | next payload chain: ignoring supplied 'ISAKMP Nonce Payload'.'next payload type' value 4:ISAKMP_NEXT_KE Aug 26 13:21:37.498651: | next payload chain: setting previous 'ISAKMP Security Association Payload'.'next payload type' to current ISAKMP Nonce Payload (10:ISAKMP_NEXT_NONCE) Aug 26 13:21:37.498653: | next payload chain: saving location 'ISAKMP Nonce Payload'.'next payload type' in 'reply packet' Aug 26 13:21:37.498657: | emitting 32 raw bytes of Ni into ISAKMP Nonce Payload Aug 26 13:21:37.498659: | Ni 0e 84 7f 9c a0 08 1b 57 2b c9 0c 36 e3 c3 a3 11 Aug 26 13:21:37.498660: | Ni 83 92 91 9f 83 07 fe 22 91 d9 9d 95 e4 6a 75 a6 Aug 26 13:21:37.498662: | emitting length of ISAKMP Nonce Payload: 36 Aug 26 13:21:37.498664: | ***emit ISAKMP Key Exchange Payload: Aug 26 13:21:37.498666: | next payload type: ISAKMP_NEXT_ID (0x5) Aug 26 13:21:37.498667: | next payload chain: ignoring supplied 'ISAKMP Key Exchange Payload'.'next payload type' value 5:ISAKMP_NEXT_ID Aug 26 13:21:37.498670: | next payload chain: setting previous 'ISAKMP Nonce Payload'.'next payload type' to current ISAKMP Key Exchange Payload (4:ISAKMP_NEXT_KE) Aug 26 13:21:37.498671: | next payload chain: saving location 'ISAKMP Key Exchange Payload'.'next payload type' in 'reply packet' Aug 26 13:21:37.498673: | emitting 256 raw bytes of keyex value into ISAKMP Key Exchange Payload Aug 26 13:21:37.498675: | keyex value 67 e0 08 c7 82 68 bb ea b2 2b d9 c8 2a 2b f1 e6 Aug 26 13:21:37.498677: | keyex value 82 55 6b 36 90 ce af 0c 56 b5 4c 5e 22 38 1f 63 Aug 26 13:21:37.498678: | keyex value 7d 9c 17 16 e5 bb 2f 6a 17 9f 04 fe d9 4e 9b 78 Aug 26 13:21:37.498680: | keyex value 3d 7b 4e 44 f3 ee 05 a4 a9 66 57 49 a9 b1 0f 11 Aug 26 13:21:37.498681: | keyex value 2f e6 fa 8f dd 67 aa 3a e8 52 e0 d1 58 05 81 35 Aug 26 13:21:37.498683: | keyex value 00 84 f2 94 6b 86 08 ef 2a ff 4e 55 6d 03 29 65 Aug 26 13:21:37.498684: | keyex value d3 0c 60 b9 65 63 ec 90 a4 df 19 a6 97 f9 94 a0 Aug 26 13:21:37.498686: | keyex value 36 5b fc a9 77 ea 57 e1 f5 7d 6c 59 37 2f 2c 21 Aug 26 13:21:37.498687: | keyex value 93 fb fe 85 09 5e fd a4 f3 57 9f 1d b6 ac 39 84 Aug 26 13:21:37.498689: | keyex value c0 93 61 22 57 e0 b0 a4 87 58 a4 c0 6a c4 d5 da Aug 26 13:21:37.498690: | keyex value e6 71 c7 0e b7 2a 0f ce 89 9d 51 a8 94 29 11 54 Aug 26 13:21:37.498692: | keyex value f8 a1 86 5b 30 1c 7e 08 01 89 9d a4 e8 c0 f6 a5 Aug 26 13:21:37.498693: | keyex value 4e ca 0f f7 ef 43 bd 7b fe 53 f4 9f a0 22 27 2a Aug 26 13:21:37.498695: | keyex value 8e 08 5f b3 ef 9e 10 2a 93 e8 63 2a db c5 32 96 Aug 26 13:21:37.498696: | keyex value a4 ca ea bc e7 93 86 06 5c 0e 2d a3 b2 ff b3 b0 Aug 26 13:21:37.498698: | keyex value 26 8d 82 e2 2e 1a 6a 38 5a c1 b9 1b 48 25 d1 2c Aug 26 13:21:37.498700: | emitting length of ISAKMP Key Exchange Payload: 260 Aug 26 13:21:37.498701: | ***emit ISAKMP Identification Payload (IPsec DOI): Aug 26 13:21:37.498703: | next payload type: ISAKMP_NEXT_ID (0x5) Aug 26 13:21:37.498705: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Aug 26 13:21:37.498707: | Protocol ID: 0 (0x0) Aug 26 13:21:37.498708: | port: 0 (0x0) Aug 26 13:21:37.498710: | next payload chain: ignoring supplied 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' value 5:ISAKMP_NEXT_ID Aug 26 13:21:37.498712: | next payload chain: setting previous 'ISAKMP Key Exchange Payload'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) Aug 26 13:21:37.498714: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' Aug 26 13:21:37.498716: | emitting 4 raw bytes of client network into ISAKMP Identification Payload (IPsec DOI) Aug 26 13:21:37.498718: | client network c0 00 03 00 Aug 26 13:21:37.498720: | emitting 4 raw bytes of client mask into ISAKMP Identification Payload (IPsec DOI) Aug 26 13:21:37.498721: | client mask ff ff ff 00 Aug 26 13:21:37.498723: | emitting length of ISAKMP Identification Payload (IPsec DOI): 16 Aug 26 13:21:37.498724: | ***emit ISAKMP Identification Payload (IPsec DOI): Aug 26 13:21:37.498726: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:21:37.498728: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Aug 26 13:21:37.498729: | Protocol ID: 0 (0x0) Aug 26 13:21:37.498731: | port: 0 (0x0) Aug 26 13:21:37.498733: | next payload chain: setting previous 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) Aug 26 13:21:37.498735: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' Aug 26 13:21:37.498737: | emitting 4 raw bytes of client network into ISAKMP Identification Payload (IPsec DOI) Aug 26 13:21:37.498739: | client network c0 00 02 00 Aug 26 13:21:37.498741: | emitting 4 raw bytes of client mask into ISAKMP Identification Payload (IPsec DOI) Aug 26 13:21:37.498742: | client mask ff ff ff 00 Aug 26 13:21:37.498744: | emitting length of ISAKMP Identification Payload (IPsec DOI): 16 Aug 26 13:21:37.498760: | outI1 HASH(1): Aug 26 13:21:37.498762: | f4 2f 9a e5 e8 cd 03 f4 ac b6 0e 72 bb 2c f1 ec Aug 26 13:21:37.498764: | 27 7c af 52 be 42 20 66 72 cb 0f eb 97 fc 2d c9 Aug 26 13:21:37.498770: | no IKEv1 message padding required Aug 26 13:21:37.498772: | emitting length of ISAKMP Message: 476 Aug 26 13:21:37.498781: | sending 476 bytes for reply packet from quick_outI1 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #2) Aug 26 13:21:37.498783: | ff 46 30 fd 82 4a 54 6b d9 29 c1 51 cb 06 e4 0b Aug 26 13:21:37.498785: | 08 10 20 01 0d 25 1a 9e 00 00 01 dc 1f 2e 89 7c Aug 26 13:21:37.498786: | 7d f1 e9 4d 2b 70 ba 5b 68 fd b1 76 37 7b d9 e4 Aug 26 13:21:37.498788: | d7 6b e2 d7 77 a6 8e 21 ca f5 b6 11 25 b3 8f 00 Aug 26 13:21:37.498789: | a3 85 ae 65 c4 d1 6c 74 56 c0 5f a1 40 42 c1 62 Aug 26 13:21:37.498791: | 92 e4 00 c2 15 c5 fc 94 90 49 93 bf 19 54 14 69 Aug 26 13:21:37.498792: | ed 1e 3b 0c a6 37 84 3b 69 b0 80 34 b7 ad a8 db Aug 26 13:21:37.498794: | 13 18 ad 6d be 74 7e bc e2 e7 f0 bc 29 c7 e4 48 Aug 26 13:21:37.498795: | 3b f3 e3 2a 90 80 90 5c dc 7e 81 78 76 4f 10 67 Aug 26 13:21:37.498797: | 70 91 42 74 0a f1 95 62 5a 47 52 c0 78 45 b3 dc Aug 26 13:21:37.498798: | 0f d5 eb 9e 36 de 58 57 ef c9 4d 42 e1 94 cb 9c Aug 26 13:21:37.498800: | c5 d1 23 ee aa 38 b2 27 61 35 a9 15 ff a5 f4 a3 Aug 26 13:21:37.498801: | 20 5a 8b 5f 8e 9b c3 4e 52 22 7b af e9 cd f3 18 Aug 26 13:21:37.498803: | be b1 8e cf 74 64 e5 85 42 15 89 8f 3b 69 38 c2 Aug 26 13:21:37.498804: | 23 35 b2 08 4b ff e3 e7 62 f2 6a af 39 aa e0 39 Aug 26 13:21:37.498806: | 03 1c fc 36 8e 98 e4 c1 fe 4a f0 ad 60 9e ee 62 Aug 26 13:21:37.498807: | 58 0f c2 6d 82 ae 1c 96 3f db 7a 11 d9 4c c4 1e Aug 26 13:21:37.498809: | bb d9 f8 dd 8f de 1a 65 b0 19 47 74 26 02 d5 68 Aug 26 13:21:37.498810: | fc 84 89 8a c1 6e 59 53 1d 13 81 f7 7c 4b 8e cf Aug 26 13:21:37.498812: | b6 a6 93 2f 91 c5 0c a7 93 93 8a 72 3c 6a 0b 8a Aug 26 13:21:37.498813: | a9 c4 50 fe 53 3e 5b 71 29 9d 80 bb 64 de a3 00 Aug 26 13:21:37.498814: | 64 9b f9 8b 93 79 87 f9 ce 5d db b2 e0 dd 34 49 Aug 26 13:21:37.498816: | 3c 75 44 e0 b2 11 84 8d 75 da cb 60 9b df 35 db Aug 26 13:21:37.498817: | 6b 80 95 1a 2c 39 b4 4b 35 ab 42 af 4a ea f8 d8 Aug 26 13:21:37.498819: | 40 14 84 36 f7 61 96 1a 4c 5d 03 ae 55 fb 0a 41 Aug 26 13:21:37.498820: | cd 09 b0 7a 5a d0 39 98 91 9f c8 57 78 16 f6 5b Aug 26 13:21:37.498822: | 3a f8 51 25 97 b8 9b 35 52 f6 31 e8 ba 6f ff 0b Aug 26 13:21:37.498823: | 6b d5 8c 7c 49 44 ed a5 85 73 05 85 e0 ac 8b 17 Aug 26 13:21:37.498825: | 2b eb 50 92 5e f7 db c9 8b 81 4d b2 01 a9 75 19 Aug 26 13:21:37.498826: | 79 2b 3b 0d 6a ff 7a 35 50 24 c7 2e Aug 26 13:21:37.498861: | state #2 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:21:37.498879: | libevent_free: release ptr-libevent@0x5649f9ab61c8 Aug 26 13:21:37.498882: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x5649f9ac2358 Aug 26 13:21:37.498885: | event_schedule: new EVENT_RETRANSMIT-pe@0x5649f9ac2358 Aug 26 13:21:37.498887: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #2 Aug 26 13:21:37.498889: | libevent_malloc: new ptr-libevent@0x5649f9acf4b8 size 128 Aug 26 13:21:37.498893: | #2 STATE_QUICK_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 10983.241351 Aug 26 13:21:37.498903: | resume sending helper answer for #2 suppresed complete_v1_state_transition() Aug 26 13:21:37.498907: | #2 spent 0.433 milliseconds in resume sending helper answer Aug 26 13:21:37.498911: | stop processing: state #2 connection "north-dpd/0x1" from 192.1.2.23 (in resume_handler() at server.c:833) Aug 26 13:21:37.498914: | libevent_free: release ptr-libevent@0x7f83bc003f28 Aug 26 13:21:37.498933: | crypto helper 4 finished build KE and nonce (quick_outI1 KE); request ID 4 time elapsed 0.001101 seconds Aug 26 13:21:37.498955: | (#3) spent 0.61 milliseconds in crypto helper computing work-order 4: quick_outI1 KE (pcr) Aug 26 13:21:37.498957: | crypto helper 4 sending results from work-order 4 for state #3 to event queue Aug 26 13:21:37.498960: | scheduling resume sending helper answer for #3 Aug 26 13:21:37.498962: | libevent_malloc: new ptr-libevent@0x7f83b00055c8 size 128 Aug 26 13:21:37.498967: | crypto helper 4 waiting (nothing to do) Aug 26 13:21:37.498990: | processing resume sending helper answer for #3 Aug 26 13:21:37.498994: | start processing: state #3 connection "north-dpd/0x2" from 192.1.2.23 (in resume_handler() at server.c:797) Aug 26 13:21:37.498997: | crypto helper 4 replies to request ID 4 Aug 26 13:21:37.498999: | calling continuation function 0x5649f7dc5b50 Aug 26 13:21:37.499000: | quick_outI1_continue for #3: calculated ke+nonce, sending I1 Aug 26 13:21:37.499003: | **emit ISAKMP Message: Aug 26 13:21:37.499005: | initiator cookie: Aug 26 13:21:37.499007: | ff 46 30 fd 82 4a 54 6b Aug 26 13:21:37.499008: | responder cookie: Aug 26 13:21:37.499010: | d9 29 c1 51 cb 06 e4 0b Aug 26 13:21:37.499012: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:21:37.499014: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 13:21:37.499015: | exchange type: ISAKMP_XCHG_QUICK (0x20) Aug 26 13:21:37.499017: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 13:21:37.499019: | Message ID: 1623793262 (0x60c91e6e) Aug 26 13:21:37.499021: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:21:37.499023: | ***emit ISAKMP Hash Payload: Aug 26 13:21:37.499024: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:21:37.499026: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Aug 26 13:21:37.499028: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'reply packet' Aug 26 13:21:37.499030: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Aug 26 13:21:37.499032: | emitting length of ISAKMP Hash Payload: 36 Aug 26 13:21:37.499034: | emitting quick defaults using policy none Aug 26 13:21:37.499035: | empty esp_info, returning defaults for ENCRYPT Aug 26 13:21:37.499038: | ***emit ISAKMP Security Association Payload: Aug 26 13:21:37.499039: | next payload type: ISAKMP_NEXT_NONCE (0xa) Aug 26 13:21:37.499041: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 13:21:37.499043: | next payload chain: ignoring supplied 'ISAKMP Security Association Payload'.'next payload type' value 10:ISAKMP_NEXT_NONCE Aug 26 13:21:37.499045: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Security Association Payload (1:ISAKMP_NEXT_SA) Aug 26 13:21:37.499047: | next payload chain: saving location 'ISAKMP Security Association Payload'.'next payload type' in 'reply packet' Aug 26 13:21:37.499049: | ****emit IPsec DOI SIT: Aug 26 13:21:37.499050: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) Aug 26 13:21:37.499052: | ikev1_out_sa pcn: 0 has 1 valid proposals Aug 26 13:21:37.499054: | ikev1_out_sa pcn: 0 pn: 0<1 valid_count: 1 trans_cnt: 2 Aug 26 13:21:37.499056: | ****emit ISAKMP Proposal Payload: Aug 26 13:21:37.499057: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:21:37.499059: | proposal number: 0 (0x0) Aug 26 13:21:37.499061: | protocol ID: PROTO_IPSEC_ESP (0x3) Aug 26 13:21:37.499062: | SPI size: 4 (0x4) Aug 26 13:21:37.499064: | number of transforms: 2 (0x2) Aug 26 13:21:37.499067: | last substructure: saving location 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' Aug 26 13:21:37.499076: | netlink_get_spi: allocated 0x84e11f1c for esp.0@192.1.3.33 Aug 26 13:21:37.499078: | emitting 4 raw bytes of SPI into ISAKMP Proposal Payload Aug 26 13:21:37.499080: | SPI 84 e1 1f 1c Aug 26 13:21:37.499081: | *****emit ISAKMP Transform Payload (ESP): Aug 26 13:21:37.499083: | next payload type: ISAKMP_NEXT_T (0x3) Aug 26 13:21:37.499085: | ESP transform number: 0 (0x0) Aug 26 13:21:37.499086: | ESP transform ID: ESP_AES (0xc) Aug 26 13:21:37.499088: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' Aug 26 13:21:37.499090: | ******emit ISAKMP IPsec DOI attribute: Aug 26 13:21:37.499092: | af+type: AF+GROUP_DESCRIPTION (0x8003) Aug 26 13:21:37.499094: | length/value: 14 (0xe) Aug 26 13:21:37.499095: | [14 is OAKLEY_GROUP_MODP2048] Aug 26 13:21:37.499097: | ******emit ISAKMP IPsec DOI attribute: Aug 26 13:21:37.499099: | af+type: AF+ENCAPSULATION_MODE (0x8004) Aug 26 13:21:37.499100: | length/value: 1 (0x1) Aug 26 13:21:37.499102: | [1 is ENCAPSULATION_MODE_TUNNEL] Aug 26 13:21:37.499104: | ******emit ISAKMP IPsec DOI attribute: Aug 26 13:21:37.499105: | af+type: AF+SA_LIFE_TYPE (0x8001) Aug 26 13:21:37.499107: | length/value: 1 (0x1) Aug 26 13:21:37.499108: | [1 is SA_LIFE_TYPE_SECONDS] Aug 26 13:21:37.499110: | ******emit ISAKMP IPsec DOI attribute: Aug 26 13:21:37.499112: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) Aug 26 13:21:37.499113: | length/value: 28800 (0x7080) Aug 26 13:21:37.499115: | ******emit ISAKMP IPsec DOI attribute: Aug 26 13:21:37.499117: | af+type: AF+AUTH_ALGORITHM (0x8005) Aug 26 13:21:37.499118: | length/value: 2 (0x2) Aug 26 13:21:37.499120: | [2 is AUTH_ALGORITHM_HMAC_SHA1] Aug 26 13:21:37.499121: | ******emit ISAKMP IPsec DOI attribute: Aug 26 13:21:37.499123: | af+type: AF+KEY_LENGTH (0x8006) Aug 26 13:21:37.499125: | length/value: 128 (0x80) Aug 26 13:21:37.499126: | emitting length of ISAKMP Transform Payload (ESP): 32 Aug 26 13:21:37.499128: | *****emit ISAKMP Transform Payload (ESP): Aug 26 13:21:37.499130: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:21:37.499131: | ESP transform number: 1 (0x1) Aug 26 13:21:37.499133: | ESP transform ID: ESP_3DES (0x3) Aug 26 13:21:37.499135: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Aug 26 13:21:37.499137: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' Aug 26 13:21:37.499138: | ******emit ISAKMP IPsec DOI attribute: Aug 26 13:21:37.499140: | af+type: AF+GROUP_DESCRIPTION (0x8003) Aug 26 13:21:37.499142: | length/value: 14 (0xe) Aug 26 13:21:37.499143: | [14 is OAKLEY_GROUP_MODP2048] Aug 26 13:21:37.499145: | ******emit ISAKMP IPsec DOI attribute: Aug 26 13:21:37.499147: | af+type: AF+ENCAPSULATION_MODE (0x8004) Aug 26 13:21:37.499148: | length/value: 1 (0x1) Aug 26 13:21:37.499150: | [1 is ENCAPSULATION_MODE_TUNNEL] Aug 26 13:21:37.499151: | ******emit ISAKMP IPsec DOI attribute: Aug 26 13:21:37.499153: | af+type: AF+SA_LIFE_TYPE (0x8001) Aug 26 13:21:37.499154: | length/value: 1 (0x1) Aug 26 13:21:37.499156: | [1 is SA_LIFE_TYPE_SECONDS] Aug 26 13:21:37.499158: | ******emit ISAKMP IPsec DOI attribute: Aug 26 13:21:37.499159: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) Aug 26 13:21:37.499161: | length/value: 28800 (0x7080) Aug 26 13:21:37.499163: | ******emit ISAKMP IPsec DOI attribute: Aug 26 13:21:37.499164: | af+type: AF+AUTH_ALGORITHM (0x8005) Aug 26 13:21:37.499166: | length/value: 2 (0x2) Aug 26 13:21:37.499167: | [2 is AUTH_ALGORITHM_HMAC_SHA1] Aug 26 13:21:37.499169: | emitting length of ISAKMP Transform Payload (ESP): 28 Aug 26 13:21:37.499171: | emitting length of ISAKMP Proposal Payload: 72 Aug 26 13:21:37.499174: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' is 0 Aug 26 13:21:37.499176: | emitting length of ISAKMP Security Association Payload: 84 Aug 26 13:21:37.499178: | last substructure: checking 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' is 0 Aug 26 13:21:37.499180: | ***emit ISAKMP Nonce Payload: Aug 26 13:21:37.499182: | next payload type: ISAKMP_NEXT_KE (0x4) Aug 26 13:21:37.499184: | next payload chain: ignoring supplied 'ISAKMP Nonce Payload'.'next payload type' value 4:ISAKMP_NEXT_KE Aug 26 13:21:37.499186: | next payload chain: setting previous 'ISAKMP Security Association Payload'.'next payload type' to current ISAKMP Nonce Payload (10:ISAKMP_NEXT_NONCE) Aug 26 13:21:37.499188: | next payload chain: saving location 'ISAKMP Nonce Payload'.'next payload type' in 'reply packet' Aug 26 13:21:37.499190: | emitting 32 raw bytes of Ni into ISAKMP Nonce Payload Aug 26 13:21:37.499191: | Ni 26 a7 98 a0 3e 9b 7c 76 7e a2 f3 c8 c3 ef ec ea Aug 26 13:21:37.499193: | Ni 11 8a bd 0f 09 a9 10 76 b3 39 24 a5 cd 65 14 03 Aug 26 13:21:37.499195: | emitting length of ISAKMP Nonce Payload: 36 Aug 26 13:21:37.499196: | ***emit ISAKMP Key Exchange Payload: Aug 26 13:21:37.499198: | next payload type: ISAKMP_NEXT_ID (0x5) Aug 26 13:21:37.499200: | next payload chain: ignoring supplied 'ISAKMP Key Exchange Payload'.'next payload type' value 5:ISAKMP_NEXT_ID Aug 26 13:21:37.499202: | next payload chain: setting previous 'ISAKMP Nonce Payload'.'next payload type' to current ISAKMP Key Exchange Payload (4:ISAKMP_NEXT_KE) Aug 26 13:21:37.499204: | next payload chain: saving location 'ISAKMP Key Exchange Payload'.'next payload type' in 'reply packet' Aug 26 13:21:37.499206: | emitting 256 raw bytes of keyex value into ISAKMP Key Exchange Payload Aug 26 13:21:37.499207: | keyex value 6a 53 60 fb 0f 77 6d db 14 1a 41 2e 33 69 75 1a Aug 26 13:21:37.499209: | keyex value 9c c0 2a 3e f2 b3 3a ce a0 b9 dd d6 33 eb 55 6e Aug 26 13:21:37.499211: | keyex value 99 f0 32 ae 1f f7 4c 73 50 fb 98 75 6a 11 82 11 Aug 26 13:21:37.499212: | keyex value 0b 5c ab 20 53 a8 d6 73 f6 a2 48 a5 a7 83 a7 c5 Aug 26 13:21:37.499214: | keyex value f3 3c 08 c2 82 8e 12 bb c7 39 1b a7 f9 e2 a4 0c Aug 26 13:21:37.499215: | keyex value ab 0f 85 ae dd ff bc 65 a7 71 aa 50 55 ba 4d 06 Aug 26 13:21:37.499217: | keyex value 31 33 84 27 fc dd 0a 87 a7 6d 65 a5 93 56 2b 6e Aug 26 13:21:37.499219: | keyex value 0e aa 94 88 c4 75 5f 5c a5 bd aa f2 92 71 81 d8 Aug 26 13:21:37.499220: | keyex value b9 7e b7 f3 82 14 9b f8 17 8d 71 67 7a 7b 9b 18 Aug 26 13:21:37.499222: | keyex value 6e 1f 90 6f dd 76 33 79 5f b9 7b a4 11 3e 9b ea Aug 26 13:21:37.499223: | keyex value 97 3f a0 20 37 c1 6a ef 74 bc e5 22 63 00 3f 29 Aug 26 13:21:37.499225: | keyex value 92 c5 39 cb 54 31 7d 65 44 ba 28 07 02 7e c7 56 Aug 26 13:21:37.499226: | keyex value 62 0e cc 37 3b 6c 7f af f7 c1 b8 01 88 e5 fa 38 Aug 26 13:21:37.499228: | keyex value 40 7f 3b 9e a6 6a d9 cc 6b f0 dd d8 59 8e bf 0b Aug 26 13:21:37.499230: | keyex value c8 ca e0 e7 c3 fc 83 bc c3 05 a9 3e 3f 39 19 85 Aug 26 13:21:37.499231: | keyex value 56 d2 3b 9d de 75 b7 2c bf 39 a7 49 a9 4f 59 64 Aug 26 13:21:37.499233: | emitting length of ISAKMP Key Exchange Payload: 260 Aug 26 13:21:37.499235: | ***emit ISAKMP Identification Payload (IPsec DOI): Aug 26 13:21:37.499236: | next payload type: ISAKMP_NEXT_ID (0x5) Aug 26 13:21:37.499238: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Aug 26 13:21:37.499239: | Protocol ID: 0 (0x0) Aug 26 13:21:37.499241: | port: 0 (0x0) Aug 26 13:21:37.499243: | next payload chain: ignoring supplied 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' value 5:ISAKMP_NEXT_ID Aug 26 13:21:37.499245: | next payload chain: setting previous 'ISAKMP Key Exchange Payload'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) Aug 26 13:21:37.499247: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' Aug 26 13:21:37.499250: | emitting 4 raw bytes of client network into ISAKMP Identification Payload (IPsec DOI) Aug 26 13:21:37.499252: | client network c0 00 03 00 Aug 26 13:21:37.499254: | emitting 4 raw bytes of client mask into ISAKMP Identification Payload (IPsec DOI) Aug 26 13:21:37.499255: | client mask ff ff ff 00 Aug 26 13:21:37.499257: | emitting length of ISAKMP Identification Payload (IPsec DOI): 16 Aug 26 13:21:37.499259: | ***emit ISAKMP Identification Payload (IPsec DOI): Aug 26 13:21:37.499260: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:21:37.499262: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Aug 26 13:21:37.499263: | Protocol ID: 0 (0x0) Aug 26 13:21:37.499265: | port: 0 (0x0) Aug 26 13:21:37.499267: | next payload chain: setting previous 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) Aug 26 13:21:37.499269: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' Aug 26 13:21:37.499271: | emitting 4 raw bytes of client network into ISAKMP Identification Payload (IPsec DOI) Aug 26 13:21:37.499272: | client network c0 00 16 00 Aug 26 13:21:37.499274: | emitting 4 raw bytes of client mask into ISAKMP Identification Payload (IPsec DOI) Aug 26 13:21:37.499276: | client mask ff ff ff 00 Aug 26 13:21:37.499277: | emitting length of ISAKMP Identification Payload (IPsec DOI): 16 Aug 26 13:21:37.499298: | outI1 HASH(1): Aug 26 13:21:37.499305: | 0f 4e 74 48 12 71 13 27 09 31 0c 9c e7 ff ad bc Aug 26 13:21:37.499307: | ec 85 e6 36 08 4d 78 b6 3e 42 2f ec 54 34 59 a6 Aug 26 13:21:37.499313: | no IKEv1 message padding required Aug 26 13:21:37.499315: | emitting length of ISAKMP Message: 476 Aug 26 13:21:37.499323: | sending 476 bytes for reply packet from quick_outI1 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #3) Aug 26 13:21:37.499325: | ff 46 30 fd 82 4a 54 6b d9 29 c1 51 cb 06 e4 0b Aug 26 13:21:37.499326: | 08 10 20 01 60 c9 1e 6e 00 00 01 dc 66 9b c0 37 Aug 26 13:21:37.499328: | 29 50 76 f5 db f1 76 0e 6e eb ac cf 3d 71 f2 cc Aug 26 13:21:37.499329: | 51 3e 94 6c b7 6f c5 52 8c a1 8d 60 56 af 08 d7 Aug 26 13:21:37.499331: | 0e f7 39 66 3a f7 a2 29 83 13 cd 9a eb 66 bc 8b Aug 26 13:21:37.499332: | 43 36 21 9b c9 17 0c b7 15 d2 f6 25 ad 3c c0 fb Aug 26 13:21:37.499334: | 3e 9b d2 75 1e 87 b8 0c bd 28 02 d4 30 23 1e 11 Aug 26 13:21:37.499335: | 31 57 42 8f 8c 68 65 dd 98 b3 ee d2 9f 64 c1 05 Aug 26 13:21:37.499337: | fc 25 bc 9b 73 b7 e1 f5 18 22 ee 94 e1 a1 37 9c Aug 26 13:21:37.499338: | ac fa 7b e3 89 de 66 13 9e 0d 2a 13 22 6b 65 bb Aug 26 13:21:37.499340: | 2e 90 81 a9 f8 11 ea da 24 cd e6 e4 85 4b 9b d6 Aug 26 13:21:37.499341: | 37 18 a3 49 ba 20 78 41 dc 9f 86 f2 f6 55 3a 87 Aug 26 13:21:37.499343: | 95 bc 1e fe 8b c3 55 b0 55 38 a0 f8 4a ae ab 51 Aug 26 13:21:37.499344: | af 96 19 45 6f 50 e4 8f 8e 53 96 2a 9d cc 57 6b Aug 26 13:21:37.499346: | 3a f0 d3 92 07 40 47 8c 36 36 bc 4d 1e fe f2 d9 Aug 26 13:21:37.499347: | d6 b0 7a 6e 28 28 8a 16 78 fb 83 98 92 6b aa 7e Aug 26 13:21:37.499349: | ac 76 d6 b6 a2 b0 be 38 03 31 41 12 ff 7e cc 3f Aug 26 13:21:37.499350: | bf 31 8b 32 4f e9 00 2c 1c 5c 3c cf fc 30 1f 71 Aug 26 13:21:37.499352: | b5 99 77 da c5 95 73 be 51 c5 13 e2 8b de 3f 5e Aug 26 13:21:37.499353: | d7 e9 57 7a 84 c5 56 b0 e6 62 da 46 8f 71 1a 17 Aug 26 13:21:37.499355: | de 18 24 01 77 2a 1b 4f 8c d9 b1 91 a4 fe 9d 88 Aug 26 13:21:37.499357: | d8 1c dd cf 22 ac 05 82 b4 ee 8b a1 ea ee 3f 2b Aug 26 13:21:37.499358: | 17 bd f3 b3 cc d3 6b 60 b6 0a fe ac d4 e0 db b8 Aug 26 13:21:37.499360: | 5c fd 7a ff 75 a9 5d 02 b9 44 7d bf b4 b8 29 a5 Aug 26 13:21:37.499361: | 2b 9f 11 5a bf cf 09 ea 99 84 72 9b 7d 19 73 18 Aug 26 13:21:37.499363: | 28 8b f9 34 d5 de 7d 68 93 b8 ea eb 18 10 31 a5 Aug 26 13:21:37.499366: | b0 cc 9a 47 ba b8 52 12 98 c7 36 76 cc 2a 3b b5 Aug 26 13:21:37.499367: | 47 7b 32 fe 33 ef 21 a6 dc 7d 65 cf e1 cc 08 41 Aug 26 13:21:37.499369: | a8 c1 0a 56 44 f6 80 85 64 47 d2 15 93 d1 36 27 Aug 26 13:21:37.499370: | cd 52 c3 c5 6b e8 e3 1e b1 80 d1 95 Aug 26 13:21:37.499385: | state #3 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:21:37.499388: | libevent_free: release ptr-libevent@0x5649f9ab60f8 Aug 26 13:21:37.499391: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x5649f9a4e1b8 Aug 26 13:21:37.499393: | event_schedule: new EVENT_RETRANSMIT-pe@0x5649f9a4e1b8 Aug 26 13:21:37.499396: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #3 Aug 26 13:21:37.499398: | libevent_malloc: new ptr-libevent@0x7f83bc003f28 size 128 Aug 26 13:21:37.499401: | #3 STATE_QUICK_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 10983.24186 Aug 26 13:21:37.499408: | resume sending helper answer for #3 suppresed complete_v1_state_transition() Aug 26 13:21:37.499412: | #3 spent 0.405 milliseconds in resume sending helper answer Aug 26 13:21:37.499417: | stop processing: state #3 connection "north-dpd/0x2" from 192.1.2.23 (in resume_handler() at server.c:833) Aug 26 13:21:37.499420: | libevent_free: release ptr-libevent@0x7f83b00055c8 Aug 26 13:21:37.502432: | spent 0.00299 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:21:37.502454: | *received 460 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 13:21:37.502458: | ff 46 30 fd 82 4a 54 6b d9 29 c1 51 cb 06 e4 0b Aug 26 13:21:37.502461: | 08 10 20 01 60 c9 1e 6e 00 00 01 cc 71 42 b0 d6 Aug 26 13:21:37.502479: | fe 97 08 7e 8f 2d 5c 8a 0f 7f 44 66 21 3b d0 90 Aug 26 13:21:37.502482: | 4c 9a 02 e4 1e b2 68 16 f3 68 8a 19 f8 ed 27 d5 Aug 26 13:21:37.502485: | 70 b1 60 7c 51 5a 64 d0 22 f3 24 61 9c 22 13 0e Aug 26 13:21:37.502488: | e0 ad ed 48 08 51 9d aa d0 5c 80 a6 2d 9c b5 1c Aug 26 13:21:37.502491: | 68 80 5c 9b ba 1a 40 ca c0 f7 d0 62 8b 01 b4 6e Aug 26 13:21:37.502494: | db fa 71 ad 37 8a 87 d3 71 5b 4b 3f c3 2b 0a 33 Aug 26 13:21:37.502498: | 97 e8 e0 7f 6e 44 22 4b ff ad 31 bf f0 dd 5f 2d Aug 26 13:21:37.502500: | aa 9e f1 57 5c b4 12 49 fb 0d 02 85 4a 11 bf d9 Aug 26 13:21:37.502501: | 4d 5d 2d b4 ca 9d e3 a1 79 b3 8f 55 f7 12 b3 1f Aug 26 13:21:37.502503: | fe e7 1f 65 02 37 b0 73 1f 2c f3 a4 5f c8 3d 67 Aug 26 13:21:37.502504: | f6 a0 7f c9 4b 26 c1 38 4c b5 1d f2 ac b4 3e d3 Aug 26 13:21:37.502506: | 58 30 1d 9f d1 0e 62 52 5e 53 0a 29 30 d0 bf 8e Aug 26 13:21:37.502507: | 56 6d 08 11 b5 86 9e 0f 4e 32 6b 1c fa 89 da e5 Aug 26 13:21:37.502509: | f9 9c d0 64 ad d5 c7 29 00 1f 08 b4 13 cd 1a 81 Aug 26 13:21:37.502510: | ab e0 d2 62 b0 35 06 a2 40 7f 17 6c ed ff 99 df Aug 26 13:21:37.502512: | ea 85 30 70 95 1a 19 f0 35 90 32 94 0c 44 ef 91 Aug 26 13:21:37.502513: | 1a 8b 8f 72 74 17 ef 67 1b 8a 76 14 79 35 5e 41 Aug 26 13:21:37.502515: | c8 bf 2e 7e c5 d9 bc 87 1a 16 83 79 f3 0d a2 a8 Aug 26 13:21:37.502516: | 82 a2 91 e4 00 75 82 f0 1c 37 85 12 52 82 00 24 Aug 26 13:21:37.502518: | 23 d7 8b d6 87 16 8b 85 15 03 88 97 86 36 28 6c Aug 26 13:21:37.502519: | 94 a7 cf d1 14 e4 d3 a9 6f b7 5d 7d 0f 52 3f b0 Aug 26 13:21:37.502521: | 25 12 27 b0 0d 17 f4 e4 b1 77 68 b4 74 61 b7 39 Aug 26 13:21:37.502522: | b0 26 4e 67 60 c0 0f de ab 15 43 5c 98 9d 42 55 Aug 26 13:21:37.502524: | 75 95 78 ec 9f 42 b3 8c a2 fe 02 e2 72 0f 9c 56 Aug 26 13:21:37.502525: | 2a 3f ff fa 13 28 77 d4 06 d4 dd b0 07 ea 19 09 Aug 26 13:21:37.502527: | 5c 03 ab 68 43 13 9f c4 64 15 c1 e8 89 b6 7b de Aug 26 13:21:37.502529: | eb d4 0f a8 f6 2f 05 12 a6 62 67 37 Aug 26 13:21:37.502532: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 13:21:37.502534: | **parse ISAKMP Message: Aug 26 13:21:37.502536: | initiator cookie: Aug 26 13:21:37.502538: | ff 46 30 fd 82 4a 54 6b Aug 26 13:21:37.502542: | responder cookie: Aug 26 13:21:37.502543: | d9 29 c1 51 cb 06 e4 0b Aug 26 13:21:37.502545: | next payload type: ISAKMP_NEXT_HASH (0x8) Aug 26 13:21:37.502547: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 13:21:37.502549: | exchange type: ISAKMP_XCHG_QUICK (0x20) Aug 26 13:21:37.502551: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 13:21:37.502552: | Message ID: 1623793262 (0x60c91e6e) Aug 26 13:21:37.502554: | length: 460 (0x1cc) Aug 26 13:21:37.502556: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32) Aug 26 13:21:37.502559: | State DB: found IKEv1 state #3 in QUICK_I1 (find_state_ikev1) Aug 26 13:21:37.502562: | start processing: state #3 connection "north-dpd/0x2" from 192.1.2.23 (in process_v1_packet() at ikev1.c:1633) Aug 26 13:21:37.502564: | #3 is idle Aug 26 13:21:37.502566: | #3 idle Aug 26 13:21:37.502568: | received encrypted packet from 192.1.2.23:500 Aug 26 13:21:37.502579: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x502 opt: 0x200030 Aug 26 13:21:37.502581: | ***parse ISAKMP Hash Payload: Aug 26 13:21:37.502583: | next payload type: ISAKMP_NEXT_SA (0x1) Aug 26 13:21:37.502585: | length: 36 (0x24) Aug 26 13:21:37.502587: | got payload 0x2 (ISAKMP_NEXT_SA) needed: 0x402 opt: 0x200030 Aug 26 13:21:37.502589: | ***parse ISAKMP Security Association Payload: Aug 26 13:21:37.502591: | next payload type: ISAKMP_NEXT_NONCE (0xa) Aug 26 13:21:37.502592: | length: 56 (0x38) Aug 26 13:21:37.502594: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 13:21:37.502596: | got payload 0x400 (ISAKMP_NEXT_NONCE) needed: 0x400 opt: 0x200030 Aug 26 13:21:37.502598: | ***parse ISAKMP Nonce Payload: Aug 26 13:21:37.502599: | next payload type: ISAKMP_NEXT_KE (0x4) Aug 26 13:21:37.502601: | length: 36 (0x24) Aug 26 13:21:37.502603: | got payload 0x10 (ISAKMP_NEXT_KE) needed: 0x0 opt: 0x200030 Aug 26 13:21:37.502604: | ***parse ISAKMP Key Exchange Payload: Aug 26 13:21:37.502606: | next payload type: ISAKMP_NEXT_ID (0x5) Aug 26 13:21:37.502608: | length: 260 (0x104) Aug 26 13:21:37.502609: | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030 Aug 26 13:21:37.502611: | ***parse ISAKMP Identification Payload (IPsec DOI): Aug 26 13:21:37.502613: | next payload type: ISAKMP_NEXT_ID (0x5) Aug 26 13:21:37.502614: | length: 16 (0x10) Aug 26 13:21:37.502616: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Aug 26 13:21:37.502618: | Protocol ID: 0 (0x0) Aug 26 13:21:37.502619: | port: 0 (0x0) Aug 26 13:21:37.502621: | obj: c0 00 03 00 ff ff ff 00 Aug 26 13:21:37.502623: | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030 Aug 26 13:21:37.502624: | ***parse ISAKMP Identification Payload (IPsec DOI): Aug 26 13:21:37.502626: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:21:37.502628: | length: 16 (0x10) Aug 26 13:21:37.502629: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Aug 26 13:21:37.502631: | Protocol ID: 0 (0x0) Aug 26 13:21:37.502632: | port: 0 (0x0) Aug 26 13:21:37.502634: | obj: c0 00 16 00 ff ff ff 00 Aug 26 13:21:37.502635: | removing 12 bytes of padding Aug 26 13:21:37.502651: | quick_inR1_outI2 HASH(2): Aug 26 13:21:37.502653: | c1 33 5e 04 a9 5b f2 96 eb ca 61 25 85 bf a2 17 Aug 26 13:21:37.502655: | 73 94 9d c8 4f 5b dc 6e d8 34 97 45 7d 56 11 75 Aug 26 13:21:37.502657: | received 'quick_inR1_outI2' message HASH(2) data ok Aug 26 13:21:37.502659: | ****parse IPsec DOI SIT: Aug 26 13:21:37.502661: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) Aug 26 13:21:37.502663: | ****parse ISAKMP Proposal Payload: Aug 26 13:21:37.502665: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:21:37.502666: | length: 44 (0x2c) Aug 26 13:21:37.502668: | proposal number: 0 (0x0) Aug 26 13:21:37.502670: | protocol ID: PROTO_IPSEC_ESP (0x3) Aug 26 13:21:37.502671: | SPI size: 4 (0x4) Aug 26 13:21:37.502673: | number of transforms: 1 (0x1) Aug 26 13:21:37.502675: | parsing 4 raw bytes of ISAKMP Proposal Payload into SPI Aug 26 13:21:37.502678: | SPI 38 d5 ab de Aug 26 13:21:37.502680: | *****parse ISAKMP Transform Payload (ESP): Aug 26 13:21:37.502682: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:21:37.502683: | length: 32 (0x20) Aug 26 13:21:37.502685: | ESP transform number: 0 (0x0) Aug 26 13:21:37.502687: | ESP transform ID: ESP_AES (0xc) Aug 26 13:21:37.502689: | ******parse ISAKMP IPsec DOI attribute: Aug 26 13:21:37.502691: | af+type: AF+GROUP_DESCRIPTION (0x8003) Aug 26 13:21:37.502692: | length/value: 14 (0xe) Aug 26 13:21:37.502694: | [14 is OAKLEY_GROUP_MODP2048] Aug 26 13:21:37.502696: | ******parse ISAKMP IPsec DOI attribute: Aug 26 13:21:37.502698: | af+type: AF+ENCAPSULATION_MODE (0x8004) Aug 26 13:21:37.502699: | length/value: 1 (0x1) Aug 26 13:21:37.502701: | [1 is ENCAPSULATION_MODE_TUNNEL] Aug 26 13:21:37.502703: | NAT-T non-encap: Installing IPsec SA without ENCAP, st->hidden_variables.st_nat_traversal is none Aug 26 13:21:37.502705: | ******parse ISAKMP IPsec DOI attribute: Aug 26 13:21:37.502706: | af+type: AF+SA_LIFE_TYPE (0x8001) Aug 26 13:21:37.502708: | length/value: 1 (0x1) Aug 26 13:21:37.502710: | [1 is SA_LIFE_TYPE_SECONDS] Aug 26 13:21:37.502711: | ******parse ISAKMP IPsec DOI attribute: Aug 26 13:21:37.502716: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) Aug 26 13:21:37.502721: | length/value: 28800 (0x7080) Aug 26 13:21:37.502725: | ******parse ISAKMP IPsec DOI attribute: Aug 26 13:21:37.502728: | af+type: AF+AUTH_ALGORITHM (0x8005) Aug 26 13:21:37.502731: | length/value: 2 (0x2) Aug 26 13:21:37.502734: | [2 is AUTH_ALGORITHM_HMAC_SHA1] Aug 26 13:21:37.502737: | ******parse ISAKMP IPsec DOI attribute: Aug 26 13:21:37.502740: | af+type: AF+KEY_LENGTH (0x8006) Aug 26 13:21:37.502743: | length/value: 128 (0x80) Aug 26 13:21:37.502746: | ESP IPsec Transform verified unconditionally; no alg_info to check against Aug 26 13:21:37.502763: | started looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org of kind PKK_PSK Aug 26 13:21:37.502783: | actually looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org of kind PKK_PSK Aug 26 13:21:37.502793: | line 0: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org) to type PKK_RSA Aug 26 13:21:37.502797: | line 1: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org) to type PKK_RSA Aug 26 13:21:37.502800: | concluding with best_match=000 best=(nil) (lineno=-1) Aug 26 13:21:37.502802: | no PreShared Key Found Aug 26 13:21:37.502806: | adding quick outI2 DH work-order 5 for state #3 Aug 26 13:21:37.502809: | state #3 requesting EVENT_RETRANSMIT to be deleted Aug 26 13:21:37.502812: | #3 STATE_QUICK_I1: retransmits: cleared Aug 26 13:21:37.502816: | libevent_free: release ptr-libevent@0x7f83bc003f28 Aug 26 13:21:37.502819: | free_event_entry: release EVENT_RETRANSMIT-pe@0x5649f9a4e1b8 Aug 26 13:21:37.502822: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x5649f9a4e1b8 Aug 26 13:21:37.502825: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #3 Aug 26 13:21:37.502829: | libevent_malloc: new ptr-libevent@0x7f83b00055c8 size 128 Aug 26 13:21:37.502837: | complete v1 state transition with STF_SUSPEND Aug 26 13:21:37.502857: | [RE]START processing: state #3 connection "north-dpd/0x2" from 192.1.2.23 (in complete_v1_state_transition() at ikev1.c:2648) Aug 26 13:21:37.502860: | suspending state #3 and saving MD Aug 26 13:21:37.502862: | #3 is busy; has a suspended MD Aug 26 13:21:37.502865: | crypto helper 5 resuming Aug 26 13:21:37.502870: | #3 spent 0.209 milliseconds in process_packet_tail() Aug 26 13:21:37.502882: | crypto helper 5 starting work-order 5 for state #3 Aug 26 13:21:37.502889: | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) Aug 26 13:21:37.502893: | crypto helper 5 doing compute dh (V1 Phase 2 PFS) (quick outI2 DH); request ID 5 Aug 26 13:21:37.502895: | stop processing: state #3 connection "north-dpd/0x2" from 192.1.2.23 (in process_md() at demux.c:382) Aug 26 13:21:37.502899: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:21:37.502904: | spent 0.452 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:21:37.503287: | spent 0.00219 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:21:37.503310: | *received 460 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 13:21:37.503314: | ff 46 30 fd 82 4a 54 6b d9 29 c1 51 cb 06 e4 0b Aug 26 13:21:37.503317: | 08 10 20 01 0d 25 1a 9e 00 00 01 cc 6c de a9 9d Aug 26 13:21:37.503319: | 8a 0a 6e 46 65 82 a9 54 db b4 4e a6 cc 50 28 13 Aug 26 13:21:37.503322: | e1 05 4e e6 cc 3a f0 56 53 87 50 0e b9 64 be 35 Aug 26 13:21:37.503325: | ee cf 92 54 9b c0 48 63 4d 1d 5d 46 57 81 be d6 Aug 26 13:21:37.503327: | b0 49 14 11 82 c0 0a 60 bc 38 3c ea 9b f6 75 d5 Aug 26 13:21:37.503329: | f1 24 bd 55 d2 48 c0 2c 76 9d 35 0d c5 a3 b8 ac Aug 26 13:21:37.503330: | 72 6a 1e f8 be e8 52 8c be 97 20 ad 91 99 d1 3a Aug 26 13:21:37.503332: | 51 4f 05 6f 34 8e 74 30 ae 20 2a c5 2a 8b a1 20 Aug 26 13:21:37.503333: | e6 83 7f 0b c1 b2 a0 58 90 59 5b b9 e3 03 95 44 Aug 26 13:21:37.503335: | 3f 33 4f 21 fe be 79 30 09 82 e2 4f 1f da 75 45 Aug 26 13:21:37.503336: | 8f 9c 2d 41 47 88 2c 40 3a 76 08 cf 5a 3e 57 4a Aug 26 13:21:37.503338: | e4 fd c2 7d ca a4 43 aa 11 86 0a 62 3e 05 79 39 Aug 26 13:21:37.503340: | 2f 6b 78 df 47 d5 ec 7a 26 46 bf 8c 84 19 3a 10 Aug 26 13:21:37.503341: | fe 61 6e 0f 88 b5 3e 06 d3 c9 6c b0 5c f3 97 26 Aug 26 13:21:37.503343: | 53 7d ad c2 b2 e8 56 e4 89 ea b4 b2 d8 8b 47 c7 Aug 26 13:21:37.503344: | 15 3e d2 1e 0d be ca a0 57 9b 58 7f 9f ae ea b5 Aug 26 13:21:37.503346: | 1c 1c 17 19 ad 80 7c d4 2a c0 ff 8b e1 ad 13 b0 Aug 26 13:21:37.503347: | 1a 03 af c8 d8 70 e3 10 80 3b b2 64 9c ce 68 4d Aug 26 13:21:37.503349: | fd ef 7a 98 9e c3 f3 6a 5f cb 45 d2 ae c8 79 da Aug 26 13:21:37.503350: | 5e 4a 2d 68 30 76 60 99 8c 36 d3 6d de 7b d3 3c Aug 26 13:21:37.503352: | e9 c7 15 61 17 8c 2f cf 5e 75 1c a7 d5 84 77 b7 Aug 26 13:21:37.503353: | 4a c0 35 41 10 64 4f 0b 0d 48 f4 60 32 e8 e7 40 Aug 26 13:21:37.503355: | c2 a8 67 2b 98 49 b7 56 ab 07 e7 a5 0b e3 52 45 Aug 26 13:21:37.503356: | 07 fe 2b b7 f1 3d 28 02 ee 0f 61 0f 06 ab b0 99 Aug 26 13:21:37.503371: | 86 3e 52 5c de a7 7d e5 3d d6 37 17 b6 b6 ff e6 Aug 26 13:21:37.503372: | e0 f0 12 c0 6b 28 b2 2a 09 0d 38 58 22 c9 a0 ad Aug 26 13:21:37.503374: | d3 46 2d 47 8d e0 42 9c 84 01 65 06 8f b6 eb 4d Aug 26 13:21:37.503375: | eb ec c1 eb f2 91 df 98 ee 49 95 75 Aug 26 13:21:37.503378: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 13:21:37.503381: | **parse ISAKMP Message: Aug 26 13:21:37.503383: | initiator cookie: Aug 26 13:21:37.503384: | ff 46 30 fd 82 4a 54 6b Aug 26 13:21:37.503386: | responder cookie: Aug 26 13:21:37.503387: | d9 29 c1 51 cb 06 e4 0b Aug 26 13:21:37.503389: | next payload type: ISAKMP_NEXT_HASH (0x8) Aug 26 13:21:37.503391: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 13:21:37.503392: | exchange type: ISAKMP_XCHG_QUICK (0x20) Aug 26 13:21:37.503394: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 13:21:37.503396: | Message ID: 220535454 (0xd251a9e) Aug 26 13:21:37.503398: | length: 460 (0x1cc) Aug 26 13:21:37.503400: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32) Aug 26 13:21:37.503402: | State DB: found IKEv1 state #2 in QUICK_I1 (find_state_ikev1) Aug 26 13:21:37.503407: | start processing: state #2 connection "north-dpd/0x1" from 192.1.2.23 (in process_v1_packet() at ikev1.c:1633) Aug 26 13:21:37.503409: | #2 is idle Aug 26 13:21:37.503411: | #2 idle Aug 26 13:21:37.503413: | received encrypted packet from 192.1.2.23:500 Aug 26 13:21:37.503422: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x502 opt: 0x200030 Aug 26 13:21:37.503424: | ***parse ISAKMP Hash Payload: Aug 26 13:21:37.503426: | next payload type: ISAKMP_NEXT_SA (0x1) Aug 26 13:21:37.503427: | length: 36 (0x24) Aug 26 13:21:37.503429: | got payload 0x2 (ISAKMP_NEXT_SA) needed: 0x402 opt: 0x200030 Aug 26 13:21:37.503431: | ***parse ISAKMP Security Association Payload: Aug 26 13:21:37.503433: | next payload type: ISAKMP_NEXT_NONCE (0xa) Aug 26 13:21:37.503434: | length: 56 (0x38) Aug 26 13:21:37.503436: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 13:21:37.503438: | got payload 0x400 (ISAKMP_NEXT_NONCE) needed: 0x400 opt: 0x200030 Aug 26 13:21:37.503439: | ***parse ISAKMP Nonce Payload: Aug 26 13:21:37.503441: | next payload type: ISAKMP_NEXT_KE (0x4) Aug 26 13:21:37.503442: | length: 36 (0x24) Aug 26 13:21:37.503444: | got payload 0x10 (ISAKMP_NEXT_KE) needed: 0x0 opt: 0x200030 Aug 26 13:21:37.503446: | ***parse ISAKMP Key Exchange Payload: Aug 26 13:21:37.503447: | next payload type: ISAKMP_NEXT_ID (0x5) Aug 26 13:21:37.503449: | length: 260 (0x104) Aug 26 13:21:37.503451: | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030 Aug 26 13:21:37.503453: | ***parse ISAKMP Identification Payload (IPsec DOI): Aug 26 13:21:37.503454: | next payload type: ISAKMP_NEXT_ID (0x5) Aug 26 13:21:37.503456: | length: 16 (0x10) Aug 26 13:21:37.503457: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Aug 26 13:21:37.503459: | Protocol ID: 0 (0x0) Aug 26 13:21:37.503460: | port: 0 (0x0) Aug 26 13:21:37.503462: | obj: c0 00 03 00 ff ff ff 00 Aug 26 13:21:37.503464: | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030 Aug 26 13:21:37.503465: | ***parse ISAKMP Identification Payload (IPsec DOI): Aug 26 13:21:37.503467: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:21:37.503469: | length: 16 (0x10) Aug 26 13:21:37.503470: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Aug 26 13:21:37.503472: | Protocol ID: 0 (0x0) Aug 26 13:21:37.503473: | port: 0 (0x0) Aug 26 13:21:37.503475: | obj: c0 00 02 00 ff ff ff 00 Aug 26 13:21:37.503476: | removing 12 bytes of padding Aug 26 13:21:37.503490: | crypto helper 5 finished compute dh (V1 Phase 2 PFS) (quick outI2 DH); request ID 5 time elapsed 0.000597 seconds Aug 26 13:21:37.503491: | quick_inR1_outI2 HASH(2): Aug 26 13:21:37.503504: | ee 71 e0 07 d2 26 58 97 a5 28 a4 f9 05 cc e6 96 Aug 26 13:21:37.503508: | 17 e3 04 6a 36 2c 07 28 7a 24 8b 47 e9 fc 6a 61 Aug 26 13:21:37.503499: | (#3) spent 0.599 milliseconds in crypto helper computing work-order 5: quick outI2 DH (pcr) Aug 26 13:21:37.503510: | received 'quick_inR1_outI2' message HASH(2) data ok Aug 26 13:21:37.503519: | ****parse IPsec DOI SIT: Aug 26 13:21:37.503521: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) Aug 26 13:21:37.503514: | crypto helper 5 sending results from work-order 5 for state #3 to event queue Aug 26 13:21:37.503528: | scheduling resume sending helper answer for #3 Aug 26 13:21:37.503523: | ****parse ISAKMP Proposal Payload: Aug 26 13:21:37.503552: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:21:37.503554: | length: 44 (0x2c) Aug 26 13:21:37.503547: | libevent_malloc: new ptr-libevent@0x7f83b4001f78 size 128 Aug 26 13:21:37.503563: | crypto helper 5 waiting (nothing to do) Aug 26 13:21:37.503556: | proposal number: 0 (0x0) Aug 26 13:21:37.503572: | protocol ID: PROTO_IPSEC_ESP (0x3) Aug 26 13:21:37.503574: | SPI size: 4 (0x4) Aug 26 13:21:37.503575: | number of transforms: 1 (0x1) Aug 26 13:21:37.503577: | parsing 4 raw bytes of ISAKMP Proposal Payload into SPI Aug 26 13:21:37.503579: | SPI 19 ad 0d cb Aug 26 13:21:37.503581: | *****parse ISAKMP Transform Payload (ESP): Aug 26 13:21:37.503584: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:21:37.503586: | length: 32 (0x20) Aug 26 13:21:37.503588: | ESP transform number: 0 (0x0) Aug 26 13:21:37.503602: | ESP transform ID: ESP_AES (0xc) Aug 26 13:21:37.503605: | ******parse ISAKMP IPsec DOI attribute: Aug 26 13:21:37.503606: | af+type: AF+GROUP_DESCRIPTION (0x8003) Aug 26 13:21:37.503608: | length/value: 14 (0xe) Aug 26 13:21:37.503610: | [14 is OAKLEY_GROUP_MODP2048] Aug 26 13:21:37.503611: | ******parse ISAKMP IPsec DOI attribute: Aug 26 13:21:37.503613: | af+type: AF+ENCAPSULATION_MODE (0x8004) Aug 26 13:21:37.503615: | length/value: 1 (0x1) Aug 26 13:21:37.503616: | [1 is ENCAPSULATION_MODE_TUNNEL] Aug 26 13:21:37.503618: | NAT-T non-encap: Installing IPsec SA without ENCAP, st->hidden_variables.st_nat_traversal is none Aug 26 13:21:37.503620: | ******parse ISAKMP IPsec DOI attribute: Aug 26 13:21:37.503621: | af+type: AF+SA_LIFE_TYPE (0x8001) Aug 26 13:21:37.503623: | length/value: 1 (0x1) Aug 26 13:21:37.503624: | [1 is SA_LIFE_TYPE_SECONDS] Aug 26 13:21:37.503626: | ******parse ISAKMP IPsec DOI attribute: Aug 26 13:21:37.503628: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) Aug 26 13:21:37.503629: | length/value: 28800 (0x7080) Aug 26 13:21:37.503631: | ******parse ISAKMP IPsec DOI attribute: Aug 26 13:21:37.503633: | af+type: AF+AUTH_ALGORITHM (0x8005) Aug 26 13:21:37.503634: | length/value: 2 (0x2) Aug 26 13:21:37.503636: | [2 is AUTH_ALGORITHM_HMAC_SHA1] Aug 26 13:21:37.503637: | ******parse ISAKMP IPsec DOI attribute: Aug 26 13:21:37.503639: | af+type: AF+KEY_LENGTH (0x8006) Aug 26 13:21:37.503641: | length/value: 128 (0x80) Aug 26 13:21:37.503643: | ESP IPsec Transform verified unconditionally; no alg_info to check against Aug 26 13:21:37.503652: | started looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org of kind PKK_PSK Aug 26 13:21:37.503656: | actually looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org of kind PKK_PSK Aug 26 13:21:37.503662: | line 0: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org) to type PKK_RSA Aug 26 13:21:37.503664: | line 1: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org) to type PKK_RSA Aug 26 13:21:37.503666: | concluding with best_match=000 best=(nil) (lineno=-1) Aug 26 13:21:37.503668: | no PreShared Key Found Aug 26 13:21:37.503670: | adding quick outI2 DH work-order 6 for state #2 Aug 26 13:21:37.503672: | state #2 requesting EVENT_RETRANSMIT to be deleted Aug 26 13:21:37.503674: | #2 STATE_QUICK_I1: retransmits: cleared Aug 26 13:21:37.503677: | libevent_free: release ptr-libevent@0x5649f9acf4b8 Aug 26 13:21:37.503678: | free_event_entry: release EVENT_RETRANSMIT-pe@0x5649f9ac2358 Aug 26 13:21:37.503680: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x5649f9ac2358 Aug 26 13:21:37.503683: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #2 Aug 26 13:21:37.503685: | libevent_malloc: new ptr-libevent@0x5649f9ab60f8 size 128 Aug 26 13:21:37.503689: | complete v1 state transition with STF_SUSPEND Aug 26 13:21:37.503693: | [RE]START processing: state #2 connection "north-dpd/0x1" from 192.1.2.23 (in complete_v1_state_transition() at ikev1.c:2648) Aug 26 13:21:37.503694: | suspending state #2 and saving MD Aug 26 13:21:37.503696: | #2 is busy; has a suspended MD Aug 26 13:21:37.503700: | #2 spent 0.175 milliseconds in process_packet_tail() Aug 26 13:21:37.503705: | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) Aug 26 13:21:37.503708: | stop processing: state #2 connection "north-dpd/0x1" from 192.1.2.23 (in process_md() at demux.c:382) Aug 26 13:21:37.503710: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:21:37.503713: | spent 0.402 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:21:37.503718: | processing resume sending helper answer for #3 Aug 26 13:21:37.503721: | start processing: state #3 connection "north-dpd/0x2" from 192.1.2.23 (in resume_handler() at server.c:797) Aug 26 13:21:37.503723: | crypto helper 5 replies to request ID 5 Aug 26 13:21:37.503725: | calling continuation function 0x5649f7dc5b50 Aug 26 13:21:37.503725: | crypto helper 6 resuming Aug 26 13:21:37.503727: | quick_inR1_outI2_continue for #3: calculated ke+nonce, calculating DH Aug 26 13:21:37.503738: | crypto helper 6 starting work-order 6 for state #2 Aug 26 13:21:37.503741: | **emit ISAKMP Message: Aug 26 13:21:37.503745: | initiator cookie: Aug 26 13:21:37.503748: | ff 46 30 fd 82 4a 54 6b Aug 26 13:21:37.503741: | crypto helper 6 doing compute dh (V1 Phase 2 PFS) (quick outI2 DH); request ID 6 Aug 26 13:21:37.503750: | responder cookie: Aug 26 13:21:37.503755: | d9 29 c1 51 cb 06 e4 0b Aug 26 13:21:37.503757: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:21:37.503759: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 13:21:37.503761: | exchange type: ISAKMP_XCHG_QUICK (0x20) Aug 26 13:21:37.503762: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 13:21:37.503764: | Message ID: 1623793262 (0x60c91e6e) Aug 26 13:21:37.503766: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:21:37.503769: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address Aug 26 13:21:37.503770: | ID address c0 00 03 00 Aug 26 13:21:37.503772: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID mask Aug 26 13:21:37.503774: | ID mask ff ff ff 00 Aug 26 13:21:37.503776: | our client is subnet 192.0.3.0/24 Aug 26 13:21:37.503778: | our client protocol/port is 0/0 Aug 26 13:21:37.503780: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address Aug 26 13:21:37.503782: | ID address c0 00 16 00 Aug 26 13:21:37.503783: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID mask Aug 26 13:21:37.503785: | ID mask ff ff ff 00 Aug 26 13:21:37.503787: | peer client is subnet 192.0.22.0/24 Aug 26 13:21:37.503789: | peer client protocol/port is 0/0 Aug 26 13:21:37.503790: | ***emit ISAKMP Hash Payload: Aug 26 13:21:37.503792: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:21:37.503794: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Aug 26 13:21:37.503796: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'reply packet' Aug 26 13:21:37.503798: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Aug 26 13:21:37.503800: | emitting length of ISAKMP Hash Payload: 36 Aug 26 13:21:37.503813: | quick_inR1_outI2 HASH(3): Aug 26 13:21:37.503816: | 31 62 66 81 a3 8d ac ae ef 90 d3 4d 8d eb e6 ec Aug 26 13:21:37.503817: | a8 7e 90 f9 0d 7f 20 f3 ff 77 c3 f1 bf 6f 2d f9 Aug 26 13:21:37.503819: | compute_proto_keymat: needed_len (after ESP enc)=16 Aug 26 13:21:37.503821: | compute_proto_keymat: needed_len (after ESP auth)=36 Aug 26 13:21:37.503883: | install_ipsec_sa() for #3: inbound and outbound Aug 26 13:21:37.503886: | could_route called for north-dpd/0x2 (kind=CK_PERMANENT) Aug 26 13:21:37.503888: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:21:37.503890: | conn north-dpd/0x2 mark 0/00000000, 0/00000000 vs Aug 26 13:21:37.503892: | conn north-dpd/0x2 mark 0/00000000, 0/00000000 Aug 26 13:21:37.503894: | conn north-dpd/0x2 mark 0/00000000, 0/00000000 vs Aug 26 13:21:37.503895: | conn north-dpd/0x1 mark 0/00000000, 0/00000000 Aug 26 13:21:37.503900: | route owner of "north-dpd/0x2" unrouted: NULL; eroute owner: NULL Aug 26 13:21:37.503902: | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 Aug 26 13:21:37.503904: | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 Aug 26 13:21:37.503906: | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 Aug 26 13:21:37.503908: | setting IPsec SA replay-window to 32 Aug 26 13:21:37.503910: | NIC esp-hw-offload not for connection 'north-dpd/0x2' not available on interface eth1 Aug 26 13:21:37.503912: | netlink: enabling tunnel mode Aug 26 13:21:37.503914: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 13:21:37.503916: | netlink: esp-hw-offload not set for IPsec SA Aug 26 13:21:37.503953: | netlink response for Add SA esp.38d5abde@192.1.2.23 included non-error error Aug 26 13:21:37.503957: | set up outgoing SA, ref=0/0 Aug 26 13:21:37.503959: | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 Aug 26 13:21:37.503960: | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 Aug 26 13:21:37.503977: | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 Aug 26 13:21:37.503980: | setting IPsec SA replay-window to 32 Aug 26 13:21:37.503981: | NIC esp-hw-offload not for connection 'north-dpd/0x2' not available on interface eth1 Aug 26 13:21:37.503983: | netlink: enabling tunnel mode Aug 26 13:21:37.503985: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 13:21:37.503986: | netlink: esp-hw-offload not set for IPsec SA Aug 26 13:21:37.504010: | netlink response for Add SA esp.84e11f1c@192.1.3.33 included non-error error Aug 26 13:21:37.504013: | priority calculation of connection "north-dpd/0x2" is 0xfe7e7 Aug 26 13:21:37.504017: | add inbound eroute 192.0.22.0/24:0 --0-> 192.0.3.0/24:0 => tun.10000@192.1.3.33 (raw_eroute) Aug 26 13:21:37.504019: | IPsec Sa SPD priority set to 1042407 Aug 26 13:21:37.504034: | raw_eroute result=success Aug 26 13:21:37.504036: | set up incoming SA, ref=0/0 Aug 26 13:21:37.504038: | sr for #3: unrouted Aug 26 13:21:37.504040: | route_and_eroute() for proto 0, and source port 0 dest port 0 Aug 26 13:21:37.504042: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:21:37.504044: | conn north-dpd/0x2 mark 0/00000000, 0/00000000 vs Aug 26 13:21:37.504046: | conn north-dpd/0x2 mark 0/00000000, 0/00000000 Aug 26 13:21:37.504047: | conn north-dpd/0x2 mark 0/00000000, 0/00000000 vs Aug 26 13:21:37.504049: | conn north-dpd/0x1 mark 0/00000000, 0/00000000 Aug 26 13:21:37.504051: | route owner of "north-dpd/0x2" unrouted: NULL; eroute owner: NULL Aug 26 13:21:37.504054: | route_and_eroute with c: north-dpd/0x2 (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #3 Aug 26 13:21:37.504056: | priority calculation of connection "north-dpd/0x2" is 0xfe7e7 Aug 26 13:21:37.504060: | eroute_connection add eroute 192.0.3.0/24:0 --0-> 192.0.22.0/24:0 => tun.0@192.1.2.23 (raw_eroute) Aug 26 13:21:37.504062: | IPsec Sa SPD priority set to 1042407 Aug 26 13:21:37.504070: | raw_eroute result=success Aug 26 13:21:37.504072: | running updown command "ipsec _updown" for verb up Aug 26 13:21:37.504074: | command executing up-client Aug 26 13:21:37.504091: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:21:37.504095: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:21:37.504107: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-dpd/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+E Aug 26 13:21:37.504111: | popen cmd is 1400 chars long Aug 26 13:21:37.504113: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-dpd/0x2' PLUT: Aug 26 13:21:37.504115: | cmd( 80):O_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_I: Aug 26 13:21:37.504117: | cmd( 160):D='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testin: Aug 26 13:21:37.504119: | cmd( 240):g.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/: Aug 26 13:21:37.504120: | cmd( 320):24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_M: Aug 26 13:21:37.504122: | cmd( 400):Y_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUT: Aug 26 13:21:37.504124: | cmd( 480):O_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=: Aug 26 13:21:37.504125: | cmd( 560):Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.or: Aug 26 13:21:37.504127: | cmd( 640):g' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' PLUTO_PE: Aug 26 13:21:37.504129: | cmd( 720):ER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO: Aug 26 13:21:37.504131: | cmd( 800):_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libre: Aug 26 13:21:37.504132: | cmd( 880):swan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADD: Aug 26 13:21:37.504134: | cmd( 960):TIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK: Aug 26 13:21:37.504136: | cmd(1040):+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ip: Aug 26 13:21:37.504137: | cmd(1120):v4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOM: Aug 26 13:21:37.504139: | cmd(1200):AIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO: Aug 26 13:21:37.504141: | cmd(1280):_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x38d5ab: Aug 26 13:21:37.504142: | cmd(1360):de SPI_OUT=0x84e11f1c ipsec _updown 2>&1: Aug 26 13:21:37.504547: | crypto helper 6 finished compute dh (V1 Phase 2 PFS) (quick outI2 DH); request ID 6 time elapsed 0.000804 seconds Aug 26 13:21:37.504561: | (#2) spent 0.723 milliseconds in crypto helper computing work-order 6: quick outI2 DH (pcr) Aug 26 13:21:37.504564: | crypto helper 6 sending results from work-order 6 for state #2 to event queue Aug 26 13:21:37.504570: | scheduling resume sending helper answer for #2 Aug 26 13:21:37.504572: | libevent_malloc: new ptr-libevent@0x7f83a8001f78 size 128 Aug 26 13:21:37.504583: | crypto helper 6 waiting (nothing to do) Aug 26 13:21:37.511477: | route_and_eroute: firewall_notified: true Aug 26 13:21:37.511490: | running updown command "ipsec _updown" for verb prepare Aug 26 13:21:37.511493: | command executing prepare-client Aug 26 13:21:37.511515: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:21:37.511519: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:21:37.511533: | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-dpd/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY Aug 26 13:21:37.511540: | popen cmd is 1405 chars long Aug 26 13:21:37.511544: | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-dpd/0x2': Aug 26 13:21:37.511548: | cmd( 80): PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO: Aug 26 13:21:37.511550: | cmd( 160):_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.t: Aug 26 13:21:37.511553: | cmd( 240):esting.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0: Aug 26 13:21:37.511556: | cmd( 320):.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PL: Aug 26 13:21:37.511558: | cmd( 400):UTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP': Aug 26 13:21:37.511561: | cmd( 480): PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan: Aug 26 13:21:37.511564: | cmd( 560):, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libresw: Aug 26 13:21:37.511566: | cmd( 640):an.org' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' PLU: Aug 26 13:21:37.511570: | cmd( 720):TO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' : Aug 26 13:21:37.511572: | cmd( 800):PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=: Aug 26 13:21:37.511575: | cmd( 880):Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUT: Aug 26 13:21:37.511578: | cmd( 960):O_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_: Aug 26 13:21:37.511581: | cmd(1040):TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMIL: Aug 26 13:21:37.511584: | cmd(1120):Y='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEE: Aug 26 13:21:37.511587: | cmd(1200):R_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' : Aug 26 13:21:37.511590: | cmd(1280):PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x3: Aug 26 13:21:37.511592: | cmd(1360):8d5abde SPI_OUT=0x84e11f1c ipsec _updown 2>&1: Aug 26 13:21:37.520156: | running updown command "ipsec _updown" for verb route Aug 26 13:21:37.520168: | command executing route-client Aug 26 13:21:37.520190: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:21:37.520195: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:21:37.520209: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-dpd/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RS Aug 26 13:21:37.520215: | popen cmd is 1403 chars long Aug 26 13:21:37.520217: | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-dpd/0x2' P: Aug 26 13:21:37.520219: | cmd( 80):LUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_M: Aug 26 13:21:37.520221: | cmd( 160):Y_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.tes: Aug 26 13:21:37.520222: | cmd( 240):ting.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3: Aug 26 13:21:37.520224: | cmd( 320):.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUT: Aug 26 13:21:37.520226: | cmd( 400):O_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' P: Aug 26 13:21:37.520227: | cmd( 480):LUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, : Aug 26 13:21:37.520229: | cmd( 560):OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan: Aug 26 13:21:37.520231: | cmd( 640):.org' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' PLUTO: Aug 26 13:21:37.520233: | cmd( 720):_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PL: Aug 26 13:21:37.520234: | cmd( 800):UTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Li: Aug 26 13:21:37.520236: | cmd( 880):breswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_: Aug 26 13:21:37.520238: | cmd( 960):ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TR: Aug 26 13:21:37.520239: | cmd(1040):ACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY=: Aug 26 13:21:37.520241: | cmd(1120):'ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_: Aug 26 13:21:37.520243: | cmd(1200):DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PL: Aug 26 13:21:37.520244: | cmd(1280):UTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x38d: Aug 26 13:21:37.520246: | cmd(1360):5abde SPI_OUT=0x84e11f1c ipsec _updown 2>&1: Aug 26 13:21:37.534433: | route_and_eroute: instance "north-dpd/0x2", setting eroute_owner {spd=0x5649f9ac0d78,sr=0x5649f9ac0d78} to #3 (was #0) (newest_ipsec_sa=#0) Aug 26 13:21:37.534518: | #1 spent 1.77 milliseconds in install_ipsec_sa() Aug 26 13:21:37.534524: | emitting 12 zero bytes of encryption padding into ISAKMP Message Aug 26 13:21:37.534528: | no IKEv1 message padding required Aug 26 13:21:37.534530: | emitting length of ISAKMP Message: 76 Aug 26 13:21:37.534581: | inR1_outI2: instance north-dpd/0x2[0], setting IKEv1 newest_ipsec_sa to #3 (was #0) (spd.eroute=#3) cloned from #1 Aug 26 13:21:37.534584: | DPD: dpd_init() called on IPsec SA Aug 26 13:21:37.534587: | State DB: found IKEv1 state #1 in MAIN_I4 (find_state_ikev1) Aug 26 13:21:37.534592: | event_schedule: new EVENT_DPD-pe@0x7f83b00058b8 Aug 26 13:21:37.534596: | inserting event EVENT_DPD, timeout in 3 seconds for #3 Aug 26 13:21:37.534601: | libevent_malloc: new ptr-libevent@0x5649f9ae0088 size 128 Aug 26 13:21:37.534612: | complete v1 state transition with STF_OK Aug 26 13:21:37.534619: | [RE]START processing: state #3 connection "north-dpd/0x2" from 192.1.2.23 (in complete_v1_state_transition() at ikev1.c:2673) Aug 26 13:21:37.534622: | #3 is idle Aug 26 13:21:37.534625: | doing_xauth:no, t_xauth_client_done:no Aug 26 13:21:37.534628: | IKEv1: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2 Aug 26 13:21:37.534634: | child state #3: QUICK_I1(established CHILD SA) => QUICK_I2(established CHILD SA) Aug 26 13:21:37.534636: | event_already_set, deleting event Aug 26 13:21:37.534641: | state #3 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:21:37.534645: | libevent_free: release ptr-libevent@0x7f83b00055c8 Aug 26 13:21:37.534649: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x5649f9a4e1b8 Aug 26 13:21:37.534655: | sending reply packet to 192.1.2.23:500 (from 192.1.3.33:500) Aug 26 13:21:37.534663: | sending 76 bytes for STATE_QUICK_I1 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #3) Aug 26 13:21:37.534665: | ff 46 30 fd 82 4a 54 6b d9 29 c1 51 cb 06 e4 0b Aug 26 13:21:37.534667: | 08 10 20 01 60 c9 1e 6e 00 00 00 4c bc 28 a3 56 Aug 26 13:21:37.534669: | 4c e6 70 c8 f7 f9 5f d1 0e f7 ac e8 29 f6 39 eb Aug 26 13:21:37.534671: | 60 21 06 e6 ff d5 88 a6 f0 93 c3 65 6b 44 1b a0 Aug 26 13:21:37.534674: | c7 43 e6 31 99 9d 04 e6 ee 0d f9 c7 Aug 26 13:21:37.534729: | !event_already_set at reschedule Aug 26 13:21:37.534735: | event_schedule: new EVENT_SA_REPLACE-pe@0x5649f9a4e1b8 Aug 26 13:21:37.534752: | inserting event EVENT_SA_REPLACE, timeout in 28048 seconds for #3 Aug 26 13:21:37.534755: | libevent_malloc: new ptr-libevent@0x7f83b00055c8 size 128 Aug 26 13:21:37.534758: | pstats #3 ikev1.ipsec established Aug 26 13:21:37.534764: | NAT-T: encaps is 'auto' Aug 26 13:21:37.534768: "north-dpd/0x2" #3: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode {ESP=>0x38d5abde <0x84e11f1c xfrm=AES_CBC_128-HMAC_SHA1_96 NATOA=none NATD=none DPD=active} Aug 26 13:21:37.534779: | modecfg pull: noquirk policy:push not-client Aug 26 13:21:37.534798: | phase 1 is done, looking for phase 2 to unpend Aug 26 13:21:37.534802: | close_any(fd@25) (in release_whack() at state.c:654) Aug 26 13:21:37.534809: | resume sending helper answer for #3 suppresed complete_v1_state_transition() Aug 26 13:21:37.534816: | #3 spent 2.19 milliseconds in resume sending helper answer Aug 26 13:21:37.534822: | stop processing: state #3 connection "north-dpd/0x2" from 192.1.2.23 (in resume_handler() at server.c:833) Aug 26 13:21:37.534827: | libevent_free: release ptr-libevent@0x7f83b4001f78 Aug 26 13:21:37.534846: | processing resume sending helper answer for #2 Aug 26 13:21:37.534852: | start processing: state #2 connection "north-dpd/0x1" from 192.1.2.23 (in resume_handler() at server.c:797) Aug 26 13:21:37.534857: | crypto helper 6 replies to request ID 6 Aug 26 13:21:37.534860: | calling continuation function 0x5649f7dc5b50 Aug 26 13:21:37.534863: | quick_inR1_outI2_continue for #2: calculated ke+nonce, calculating DH Aug 26 13:21:37.534898: | **emit ISAKMP Message: Aug 26 13:21:37.534902: | initiator cookie: Aug 26 13:21:37.534905: | ff 46 30 fd 82 4a 54 6b Aug 26 13:21:37.534907: | responder cookie: Aug 26 13:21:37.534910: | d9 29 c1 51 cb 06 e4 0b Aug 26 13:21:37.534913: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:21:37.534916: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 13:21:37.534919: | exchange type: ISAKMP_XCHG_QUICK (0x20) Aug 26 13:21:37.534923: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 13:21:37.534926: | Message ID: 220535454 (0xd251a9e) Aug 26 13:21:37.534930: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:21:37.534935: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address Aug 26 13:21:37.534937: | ID address c0 00 03 00 Aug 26 13:21:37.534941: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID mask Aug 26 13:21:37.534943: | ID mask ff ff ff 00 Aug 26 13:21:37.534948: | our client is subnet 192.0.3.0/24 Aug 26 13:21:37.534951: | our client protocol/port is 0/0 Aug 26 13:21:37.534955: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address Aug 26 13:21:37.534957: | ID address c0 00 02 00 Aug 26 13:21:37.534960: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID mask Aug 26 13:21:37.534963: | ID mask ff ff ff 00 Aug 26 13:21:37.534967: | peer client is subnet 192.0.2.0/24 Aug 26 13:21:37.534970: | peer client protocol/port is 0/0 Aug 26 13:21:37.534975: | ***emit ISAKMP Hash Payload: Aug 26 13:21:37.534979: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:21:37.534981: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Aug 26 13:21:37.534983: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'reply packet' Aug 26 13:21:37.534985: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Aug 26 13:21:37.534987: | emitting length of ISAKMP Hash Payload: 36 Aug 26 13:21:37.535039: | quick_inR1_outI2 HASH(3): Aug 26 13:21:37.535045: | f6 28 f5 b3 0c 4c 20 c1 ca 85 ae 9f 26 d9 ec 1c Aug 26 13:21:37.535047: | 13 99 20 a2 7f 4a e5 59 ca 95 84 d7 67 78 ce 6e Aug 26 13:21:37.535049: | compute_proto_keymat: needed_len (after ESP enc)=16 Aug 26 13:21:37.535051: | compute_proto_keymat: needed_len (after ESP auth)=36 Aug 26 13:21:37.535140: | install_ipsec_sa() for #2: inbound and outbound Aug 26 13:21:37.535143: | could_route called for north-dpd/0x1 (kind=CK_PERMANENT) Aug 26 13:21:37.535145: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:21:37.535147: | conn north-dpd/0x1 mark 0/00000000, 0/00000000 vs Aug 26 13:21:37.535149: | conn north-dpd/0x2 mark 0/00000000, 0/00000000 Aug 26 13:21:37.535151: | conn north-dpd/0x1 mark 0/00000000, 0/00000000 vs Aug 26 13:21:37.535152: | conn north-dpd/0x1 mark 0/00000000, 0/00000000 Aug 26 13:21:37.535155: | route owner of "north-dpd/0x1" unrouted: NULL; eroute owner: NULL Aug 26 13:21:37.535159: | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 Aug 26 13:21:37.535161: | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 Aug 26 13:21:37.535163: | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 Aug 26 13:21:37.535166: | setting IPsec SA replay-window to 32 Aug 26 13:21:37.535168: | NIC esp-hw-offload not for connection 'north-dpd/0x1' not available on interface eth1 Aug 26 13:21:37.535171: | netlink: enabling tunnel mode Aug 26 13:21:37.535173: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 13:21:37.535175: | netlink: esp-hw-offload not set for IPsec SA Aug 26 13:21:37.535234: | netlink response for Add SA esp.19ad0dcb@192.1.2.23 included non-error error Aug 26 13:21:37.535237: | set up outgoing SA, ref=0/0 Aug 26 13:21:37.535239: | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 Aug 26 13:21:37.535241: | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 Aug 26 13:21:37.535243: | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 Aug 26 13:21:37.535245: | setting IPsec SA replay-window to 32 Aug 26 13:21:37.535247: | NIC esp-hw-offload not for connection 'north-dpd/0x1' not available on interface eth1 Aug 26 13:21:37.535249: | netlink: enabling tunnel mode Aug 26 13:21:37.535250: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 13:21:37.535252: | netlink: esp-hw-offload not set for IPsec SA Aug 26 13:21:37.535278: | netlink response for Add SA esp.4ad1f014@192.1.3.33 included non-error error Aug 26 13:21:37.535281: | priority calculation of connection "north-dpd/0x1" is 0xfe7e7 Aug 26 13:21:37.535285: | add inbound eroute 192.0.2.0/24:0 --0-> 192.0.3.0/24:0 => tun.10000@192.1.3.33 (raw_eroute) Aug 26 13:21:37.535287: | IPsec Sa SPD priority set to 1042407 Aug 26 13:21:37.535323: | raw_eroute result=success Aug 26 13:21:37.535326: | set up incoming SA, ref=0/0 Aug 26 13:21:37.535328: | sr for #2: unrouted Aug 26 13:21:37.535330: | route_and_eroute() for proto 0, and source port 0 dest port 0 Aug 26 13:21:37.535332: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:21:37.535333: | conn north-dpd/0x1 mark 0/00000000, 0/00000000 vs Aug 26 13:21:37.535335: | conn north-dpd/0x2 mark 0/00000000, 0/00000000 Aug 26 13:21:37.535337: | conn north-dpd/0x1 mark 0/00000000, 0/00000000 vs Aug 26 13:21:37.535339: | conn north-dpd/0x1 mark 0/00000000, 0/00000000 Aug 26 13:21:37.535341: | route owner of "north-dpd/0x1" unrouted: NULL; eroute owner: NULL Aug 26 13:21:37.535346: | route_and_eroute with c: north-dpd/0x1 (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #2 Aug 26 13:21:37.535348: | priority calculation of connection "north-dpd/0x1" is 0xfe7e7 Aug 26 13:21:37.535352: | eroute_connection add eroute 192.0.3.0/24:0 --0-> 192.0.2.0/24:0 => tun.0@192.1.2.23 (raw_eroute) Aug 26 13:21:37.535354: | IPsec Sa SPD priority set to 1042407 Aug 26 13:21:37.535363: | raw_eroute result=success Aug 26 13:21:37.535365: | running updown command "ipsec _updown" for verb up Aug 26 13:21:37.535367: | command executing up-client Aug 26 13:21:37.535385: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:21:37.535388: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:21:37.535400: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-dpd/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENC Aug 26 13:21:37.535403: | popen cmd is 1398 chars long Aug 26 13:21:37.535405: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-dpd/0x1' PLUT: Aug 26 13:21:37.535407: | cmd( 80):O_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_I: Aug 26 13:21:37.535409: | cmd( 160):D='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testin: Aug 26 13:21:37.535410: | cmd( 240):g.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/: Aug 26 13:21:37.535412: | cmd( 320):24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_M: Aug 26 13:21:37.535414: | cmd( 400):Y_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUT: Aug 26 13:21:37.535415: | cmd( 480):O_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=: Aug 26 13:21:37.535417: | cmd( 560):Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.or: Aug 26 13:21:37.535419: | cmd( 640):g' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER: Aug 26 13:21:37.535420: | cmd( 720):_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_P: Aug 26 13:21:37.535422: | cmd( 800):EER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libresw: Aug 26 13:21:37.535424: | cmd( 880):an test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTI: Aug 26 13:21:37.535425: | cmd( 960):ME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+I: Aug 26 13:21:37.535427: | cmd(1040):KE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4: Aug 26 13:21:37.535429: | cmd(1120):' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAI: Aug 26 13:21:37.535431: | cmd(1200):N_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_N: Aug 26 13:21:37.535432: | cmd(1280):M_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x19ad0dcb: Aug 26 13:21:37.535435: | cmd(1360): SPI_OUT=0x4ad1f014 ipsec _updown 2>&1: Aug 26 13:21:37.543731: | route_and_eroute: firewall_notified: true Aug 26 13:21:37.543763: | running updown command "ipsec _updown" for verb prepare Aug 26 13:21:37.543767: | command executing prepare-client Aug 26 13:21:37.543814: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:21:37.543822: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:21:37.543839: | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-dpd/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY=' Aug 26 13:21:37.543841: | popen cmd is 1403 chars long Aug 26 13:21:37.543844: | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-dpd/0x1': Aug 26 13:21:37.543846: | cmd( 80): PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO: Aug 26 13:21:37.543848: | cmd( 160):_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.t: Aug 26 13:21:37.543851: | cmd( 240):esting.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0: Aug 26 13:21:37.543854: | cmd( 320):.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PL: Aug 26 13:21:37.543856: | cmd( 400):UTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP': Aug 26 13:21:37.543859: | cmd( 480): PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan: Aug 26 13:21:37.543862: | cmd( 560):, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libresw: Aug 26 13:21:37.543865: | cmd( 640):an.org' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO: Aug 26 13:21:37.543867: | cmd( 720):_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PL: Aug 26 13:21:37.543870: | cmd( 800):UTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Li: Aug 26 13:21:37.543873: | cmd( 880):breswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_: Aug 26 13:21:37.543875: | cmd( 960):ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TR: Aug 26 13:21:37.543878: | cmd(1040):ACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY=: Aug 26 13:21:37.543880: | cmd(1120):'ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_: Aug 26 13:21:37.543881: | cmd(1200):DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PL: Aug 26 13:21:37.543883: | cmd(1280):UTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x19a: Aug 26 13:21:37.543885: | cmd(1360):d0dcb SPI_OUT=0x4ad1f014 ipsec _updown 2>&1: Aug 26 13:21:37.553766: | running updown command "ipsec _updown" for verb route Aug 26 13:21:37.553791: | command executing route-client Aug 26 13:21:37.553826: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:21:37.553835: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:21:37.553855: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-dpd/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSAS Aug 26 13:21:37.553859: | popen cmd is 1401 chars long Aug 26 13:21:37.553862: | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-dpd/0x1' P: Aug 26 13:21:37.553865: | cmd( 80):LUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_M: Aug 26 13:21:37.553868: | cmd( 160):Y_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.tes: Aug 26 13:21:37.553871: | cmd( 240):ting.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3: Aug 26 13:21:37.553873: | cmd( 320):.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUT: Aug 26 13:21:37.553876: | cmd( 400):O_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' P: Aug 26 13:21:37.553879: | cmd( 480):LUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, : Aug 26 13:21:37.553882: | cmd( 560):OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan: Aug 26 13:21:37.553884: | cmd( 640):.org' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_P: Aug 26 13:21:37.553887: | cmd( 720):EER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUT: Aug 26 13:21:37.553890: | cmd( 800):O_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libr: Aug 26 13:21:37.553893: | cmd( 880):eswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_AD: Aug 26 13:21:37.553895: | cmd( 960):DTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRAC: Aug 26 13:21:37.553898: | cmd(1040):K+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='i: Aug 26 13:21:37.553901: | cmd(1120):pv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DO: Aug 26 13:21:37.553903: | cmd(1200):MAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUT: Aug 26 13:21:37.553906: | cmd(1280):O_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x19ad0: Aug 26 13:21:37.553909: | cmd(1360):dcb SPI_OUT=0x4ad1f014 ipsec _updown 2>&1: Aug 26 13:21:37.566748: | route_and_eroute: instance "north-dpd/0x1", setting eroute_owner {spd=0x5649f9ab4f58,sr=0x5649f9ab4f58} to #2 (was #0) (newest_ipsec_sa=#0) Aug 26 13:21:37.566871: | #1 spent 1.85 milliseconds in install_ipsec_sa() Aug 26 13:21:37.566880: | emitting 12 zero bytes of encryption padding into ISAKMP Message Aug 26 13:21:37.566885: | no IKEv1 message padding required Aug 26 13:21:37.566889: | emitting length of ISAKMP Message: 76 Aug 26 13:21:37.566929: | inR1_outI2: instance north-dpd/0x1[0], setting IKEv1 newest_ipsec_sa to #2 (was #0) (spd.eroute=#2) cloned from #1 Aug 26 13:21:37.566932: | DPD: dpd_init() called on IPsec SA Aug 26 13:21:37.566936: | State DB: found IKEv1 state #1 in MAIN_I4 (find_state_ikev1) Aug 26 13:21:37.566942: | event_schedule: new EVENT_DPD-pe@0x7f83bc004218 Aug 26 13:21:37.566945: | inserting event EVENT_DPD, timeout in 3 seconds for #2 Aug 26 13:21:37.566948: | libevent_malloc: new ptr-libevent@0x7f83b4001f78 size 128 Aug 26 13:21:37.566957: | complete v1 state transition with STF_OK Aug 26 13:21:37.566961: | [RE]START processing: state #2 connection "north-dpd/0x1" from 192.1.2.23 (in complete_v1_state_transition() at ikev1.c:2673) Aug 26 13:21:37.566962: | #2 is idle Aug 26 13:21:37.566964: | doing_xauth:no, t_xauth_client_done:no Aug 26 13:21:37.566966: | IKEv1: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2 Aug 26 13:21:37.566969: | child state #2: QUICK_I1(established CHILD SA) => QUICK_I2(established CHILD SA) Aug 26 13:21:37.566971: | event_already_set, deleting event Aug 26 13:21:37.566973: | state #2 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:21:37.566976: | libevent_free: release ptr-libevent@0x5649f9ab60f8 Aug 26 13:21:37.566979: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x5649f9ac2358 Aug 26 13:21:37.566986: | sending reply packet to 192.1.2.23:500 (from 192.1.3.33:500) Aug 26 13:21:37.566994: | sending 76 bytes for STATE_QUICK_I1 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #2) Aug 26 13:21:37.566996: | ff 46 30 fd 82 4a 54 6b d9 29 c1 51 cb 06 e4 0b Aug 26 13:21:37.566997: | 08 10 20 01 0d 25 1a 9e 00 00 00 4c c9 40 f8 da Aug 26 13:21:37.566999: | b7 b7 20 02 51 95 d4 e1 62 06 51 4d c7 3a 5a b1 Aug 26 13:21:37.567001: | 11 29 87 b6 c1 34 c1 7d ef d2 c6 ca 16 2a d2 fa Aug 26 13:21:37.567002: | 18 16 37 20 ed 22 2e 5a 5c 1f c7 0f Aug 26 13:21:37.567041: | !event_already_set at reschedule Aug 26 13:21:37.567047: | event_schedule: new EVENT_SA_REPLACE-pe@0x5649f9ac2358 Aug 26 13:21:37.567051: | inserting event EVENT_SA_REPLACE, timeout in 27838 seconds for #2 Aug 26 13:21:37.567054: | libevent_malloc: new ptr-libevent@0x5649f9ab60f8 size 128 Aug 26 13:21:37.567057: | pstats #2 ikev1.ipsec established Aug 26 13:21:37.567062: | NAT-T: encaps is 'auto' Aug 26 13:21:37.567067: "north-dpd/0x1" #2: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode {ESP=>0x19ad0dcb <0x4ad1f014 xfrm=AES_CBC_128-HMAC_SHA1_96 NATOA=none NATD=none DPD=active} Aug 26 13:21:37.567077: | modecfg pull: noquirk policy:push not-client Aug 26 13:21:37.567080: | phase 1 is done, looking for phase 2 to unpend Aug 26 13:21:37.567088: | close_any(fd@26) (in release_whack() at state.c:654) Aug 26 13:21:37.567096: | resume sending helper answer for #2 suppresed complete_v1_state_transition() Aug 26 13:21:37.567103: | #2 spent 2.34 milliseconds in resume sending helper answer Aug 26 13:21:37.567108: | stop processing: state #2 connection "north-dpd/0x1" from 192.1.2.23 (in resume_handler() at server.c:833) Aug 26 13:21:37.567113: | libevent_free: release ptr-libevent@0x7f83a8001f78 Aug 26 13:21:37.567122: | processing signal PLUTO_SIGCHLD Aug 26 13:21:37.567128: | waitpid returned ECHILD (no child processes left) Aug 26 13:21:37.567132: | spent 0.0051 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:21:37.567135: | processing signal PLUTO_SIGCHLD Aug 26 13:21:37.567139: | waitpid returned ECHILD (no child processes left) Aug 26 13:21:37.567142: | spent 0.00359 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:21:37.567145: | processing signal PLUTO_SIGCHLD Aug 26 13:21:37.567149: | waitpid returned ECHILD (no child processes left) Aug 26 13:21:37.567153: | spent 0.0037 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:21:37.567163: | processing signal PLUTO_SIGCHLD Aug 26 13:21:37.567168: | waitpid returned ECHILD (no child processes left) Aug 26 13:21:37.567172: | spent 0.00381 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:21:37.567174: | processing signal PLUTO_SIGCHLD Aug 26 13:21:37.567178: | waitpid returned ECHILD (no child processes left) Aug 26 13:21:37.567182: | spent 0.00377 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:21:37.567184: | processing signal PLUTO_SIGCHLD Aug 26 13:21:37.567190: | waitpid returned ECHILD (no child processes left) Aug 26 13:21:37.567194: | spent 0.00397 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:21:37.627976: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:21:37.628200: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 13:21:37.628207: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 13:21:37.628357: | FOR_EACH_STATE_... in show_states_status (sort_states) Aug 26 13:21:37.628366: | FOR_EACH_STATE_... in sort_states Aug 26 13:21:37.628376: | get_sa_info esp.4ad1f014@192.1.3.33 Aug 26 13:21:37.628393: | get_sa_info esp.19ad0dcb@192.1.2.23 Aug 26 13:21:37.628407: | get_sa_info esp.84e11f1c@192.1.3.33 Aug 26 13:21:37.628413: | get_sa_info esp.38d5abde@192.1.2.23 Aug 26 13:21:37.628428: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:21:37.628433: | spent 0.46 milliseconds in whack Aug 26 13:21:39.908229: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:21:39.908422: | FOR_EACH_STATE_... in show_traffic_status (sort_states) Aug 26 13:21:39.908431: | FOR_EACH_STATE_... in sort_states Aug 26 13:21:39.908456: | get_sa_info esp.4ad1f014@192.1.3.33 Aug 26 13:21:39.908487: | get_sa_info esp.19ad0dcb@192.1.2.23 Aug 26 13:21:39.908509: | get_sa_info esp.84e11f1c@192.1.3.33 Aug 26 13:21:39.908518: | get_sa_info esp.38d5abde@192.1.2.23 Aug 26 13:21:39.908553: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:21:39.908558: | spent 0.337 milliseconds in whack Aug 26 13:21:40.012299: | kernel_process_msg_cb process netlink message Aug 26 13:21:40.012557: | netlink_get: XFRM_MSG_EXPIRE message Aug 26 13:21:40.012568: | spent 0.252 milliseconds in kernel message Aug 26 13:21:40.505166: | timer_event_cb: processing event@0x7f83b00058b8 Aug 26 13:21:40.505214: | handling event EVENT_DPD for child state #3 Aug 26 13:21:40.505238: | start processing: state #3 connection "north-dpd/0x2" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 13:21:40.505257: | [RE]START processing: state #3 connection "north-dpd/0x2" from 192.1.2.23 (in dpd_event() at ikev1_dpd.c:360) Aug 26 13:21:40.505266: | FOR_EACH_STATE_... in find_phase1_state Aug 26 13:21:40.505279: | DPD: processing for state #3 ("north-dpd/0x2") Aug 26 13:21:40.505333: | get_sa_info esp.84e11f1c@192.1.3.33 Aug 26 13:21:40.505404: | event_schedule: new EVENT_DPD-pe@0x5649f9ac09c8 Aug 26 13:21:40.505420: | inserting event EVENT_DPD, timeout in 3 seconds for #3 Aug 26 13:21:40.505431: | libevent_malloc: new ptr-libevent@0x7f83a8001f78 size 128 Aug 26 13:21:40.505478: | DPD: scheduling timeout to 10 Aug 26 13:21:40.505495: | event_schedule: new EVENT_DPD_TIMEOUT-pe@0x5649f9acdcd8 Aug 26 13:21:40.505506: | inserting event EVENT_DPD_TIMEOUT, timeout in 10 seconds for #1 Aug 26 13:21:40.505515: | libevent_malloc: new ptr-libevent@0x5649f9adc998 size 128 Aug 26 13:21:40.505528: | DPD: sending R_U_THERE 13820 to 192.1.2.23:500 (state #1) Aug 26 13:21:40.505627: | **emit ISAKMP Message: Aug 26 13:21:40.505637: | initiator cookie: Aug 26 13:21:40.505646: | ff 46 30 fd 82 4a 54 6b Aug 26 13:21:40.505654: | responder cookie: Aug 26 13:21:40.505661: | d9 29 c1 51 cb 06 e4 0b Aug 26 13:21:40.505670: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:21:40.505679: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 13:21:40.505688: | exchange type: ISAKMP_XCHG_INFO (0x5) Aug 26 13:21:40.505701: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 13:21:40.505710: | Message ID: 3162136392 (0xbc7a5f48) Aug 26 13:21:40.505720: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:21:40.505729: | ***emit ISAKMP Hash Payload: Aug 26 13:21:40.505738: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:21:40.505748: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Aug 26 13:21:40.505769: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'ISAKMP notify' Aug 26 13:21:40.505781: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Aug 26 13:21:40.505789: | emitting length of ISAKMP Hash Payload: 36 Aug 26 13:21:40.505798: | ***emit ISAKMP Notification Payload: Aug 26 13:21:40.505806: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:21:40.505814: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 13:21:40.505822: | protocol ID: 1 (0x1) Aug 26 13:21:40.505830: | SPI size: 16 (0x10) Aug 26 13:21:40.505839: | Notify Message Type: R_U_THERE (0x8d28) Aug 26 13:21:40.505850: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Notification Payload (11:ISAKMP_NEXT_N) Aug 26 13:21:40.505859: | next payload chain: saving location 'ISAKMP Notification Payload'.'next payload type' in 'ISAKMP notify' Aug 26 13:21:40.505870: | emitting 8 raw bytes of notify icookie into ISAKMP Notification Payload Aug 26 13:21:40.505878: | notify icookie ff 46 30 fd 82 4a 54 6b Aug 26 13:21:40.505888: | emitting 8 raw bytes of notify rcookie into ISAKMP Notification Payload Aug 26 13:21:40.505895: | notify rcookie d9 29 c1 51 cb 06 e4 0b Aug 26 13:21:40.505904: | emitting 4 raw bytes of notify data into ISAKMP Notification Payload Aug 26 13:21:40.505912: | notify data 00 00 35 fc Aug 26 13:21:40.505920: | emitting length of ISAKMP Notification Payload: 32 Aug 26 13:21:40.506042: | notification HASH(1): Aug 26 13:21:40.506054: | 16 d1 32 5f fd 24 30 32 12 af 4f c5 d8 a2 f6 47 Aug 26 13:21:40.506062: | ee 37 d6 02 27 45 f3 33 48 a6 67 ef aa a3 d9 8b Aug 26 13:21:40.506088: | emitting 12 zero bytes of encryption padding into ISAKMP Message Aug 26 13:21:40.506097: | no IKEv1 message padding required Aug 26 13:21:40.506106: | emitting length of ISAKMP Message: 108 Aug 26 13:21:40.506143: | sending 108 bytes for ISAKMP notify through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Aug 26 13:21:40.506153: | ff 46 30 fd 82 4a 54 6b d9 29 c1 51 cb 06 e4 0b Aug 26 13:21:40.506161: | 08 10 05 01 bc 7a 5f 48 00 00 00 6c 38 18 97 bd Aug 26 13:21:40.506169: | c7 36 51 5b 50 cd 7d a9 4d 47 44 79 19 59 af 79 Aug 26 13:21:40.506176: | ed 25 8d d3 8c 71 90 6b 70 f7 27 ae 89 03 d0 9c Aug 26 13:21:40.506184: | f3 7d 82 25 a2 3f 07 87 73 96 d8 43 25 d9 23 28 Aug 26 13:21:40.506191: | d8 91 21 41 0e b4 a8 67 cc 1c f2 e5 09 53 a7 fc Aug 26 13:21:40.506198: | 9e 64 f1 f0 09 b0 aa c6 bd f0 cd cd Aug 26 13:21:40.506235: ERROR: "north-dpd/0x2" #3: sendto on eth1 to 192.1.2.23:500 failed in ISAKMP notify. Errno 113: No route to host Aug 26 13:21:40.506250: | libevent_free: release ptr-libevent@0x5649f9ae0088 Aug 26 13:21:40.506260: | free_event_entry: release EVENT_DPD-pe@0x7f83b00058b8 Aug 26 13:21:40.506281: | #3 spent 1.09 milliseconds in timer_event_cb() EVENT_DPD Aug 26 13:21:40.506316: | stop processing: state #3 connection "north-dpd/0x2" from 192.1.2.23 (in timer_event_cb() at timer.c:557) Aug 26 13:21:40.536426: | timer_event_cb: processing event@0x7f83bc004218 Aug 26 13:21:40.536455: | handling event EVENT_DPD for child state #2 Aug 26 13:21:40.536469: | start processing: state #2 connection "north-dpd/0x1" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 13:21:40.536479: | [RE]START processing: state #2 connection "north-dpd/0x1" from 192.1.2.23 (in dpd_event() at ikev1_dpd.c:360) Aug 26 13:21:40.536484: | FOR_EACH_STATE_... in find_phase1_state Aug 26 13:21:40.536491: | DPD: no need to send or schedule DPD for replaced IPsec SA Aug 26 13:21:40.536497: | libevent_free: release ptr-libevent@0x7f83b4001f78 Aug 26 13:21:40.536509: | free_event_entry: release EVENT_DPD-pe@0x7f83bc004218 Aug 26 13:21:40.536521: | #2 spent 0.0973 milliseconds in timer_event_cb() EVENT_DPD Aug 26 13:21:40.536528: | stop processing: state #2 connection "north-dpd/0x1" from 192.1.2.23 (in timer_event_cb() at timer.c:557) Aug 26 13:21:43.509309: | timer_event_cb: processing event@0x5649f9ac09c8 Aug 26 13:21:43.509332: | handling event EVENT_DPD for child state #3 Aug 26 13:21:43.509341: | start processing: state #3 connection "north-dpd/0x2" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 13:21:43.509348: | [RE]START processing: state #3 connection "north-dpd/0x2" from 192.1.2.23 (in dpd_event() at ikev1_dpd.c:360) Aug 26 13:21:43.509351: | FOR_EACH_STATE_... in find_phase1_state Aug 26 13:21:43.509356: | DPD: processing for state #3 ("north-dpd/0x2") Aug 26 13:21:43.509362: | get_sa_info esp.84e11f1c@192.1.3.33 Aug 26 13:21:43.509379: | event_schedule: new EVENT_DPD-pe@0x7f83bc004218 Aug 26 13:21:43.509384: | inserting event EVENT_DPD, timeout in 3 seconds for #3 Aug 26 13:21:43.509388: | libevent_malloc: new ptr-libevent@0x5649f9aca388 size 128 Aug 26 13:21:43.509394: | DPD: sending R_U_THERE 13821 to 192.1.2.23:500 (state #1) Aug 26 13:21:43.509407: | **emit ISAKMP Message: Aug 26 13:21:43.509410: | initiator cookie: Aug 26 13:21:43.509413: | ff 46 30 fd 82 4a 54 6b Aug 26 13:21:43.509416: | responder cookie: Aug 26 13:21:43.509418: | d9 29 c1 51 cb 06 e4 0b Aug 26 13:21:43.509422: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:21:43.509425: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 13:21:43.509428: | exchange type: ISAKMP_XCHG_INFO (0x5) Aug 26 13:21:43.509431: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 13:21:43.509434: | Message ID: 1169592925 (0x45b6925d) Aug 26 13:21:43.509438: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:21:43.509441: | ***emit ISAKMP Hash Payload: Aug 26 13:21:43.509444: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:21:43.509448: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Aug 26 13:21:43.509451: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'ISAKMP notify' Aug 26 13:21:43.509455: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Aug 26 13:21:43.509458: | emitting length of ISAKMP Hash Payload: 36 Aug 26 13:21:43.509461: | ***emit ISAKMP Notification Payload: Aug 26 13:21:43.509463: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:21:43.509466: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 13:21:43.509469: | protocol ID: 1 (0x1) Aug 26 13:21:43.509472: | SPI size: 16 (0x10) Aug 26 13:21:43.509475: | Notify Message Type: R_U_THERE (0x8d28) Aug 26 13:21:43.509478: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Notification Payload (11:ISAKMP_NEXT_N) Aug 26 13:21:43.509481: | next payload chain: saving location 'ISAKMP Notification Payload'.'next payload type' in 'ISAKMP notify' Aug 26 13:21:43.509485: | emitting 8 raw bytes of notify icookie into ISAKMP Notification Payload Aug 26 13:21:43.509487: | notify icookie ff 46 30 fd 82 4a 54 6b Aug 26 13:21:43.509490: | emitting 8 raw bytes of notify rcookie into ISAKMP Notification Payload Aug 26 13:21:43.509493: | notify rcookie d9 29 c1 51 cb 06 e4 0b Aug 26 13:21:43.509496: | emitting 4 raw bytes of notify data into ISAKMP Notification Payload Aug 26 13:21:43.509499: | notify data 00 00 35 fd Aug 26 13:21:43.509502: | emitting length of ISAKMP Notification Payload: 32 Aug 26 13:21:43.509535: | notification HASH(1): Aug 26 13:21:43.509539: | 07 2e 2b 76 2a 1b b0 af 44 fd 74 0b 62 2e 2a d1 Aug 26 13:21:43.509542: | 28 c8 64 2c d6 7d aa 8b 1d 8a 78 b2 f6 eb f1 fd Aug 26 13:21:43.509551: | emitting 12 zero bytes of encryption padding into ISAKMP Message Aug 26 13:21:43.509555: | no IKEv1 message padding required Aug 26 13:21:43.509557: | emitting length of ISAKMP Message: 108 Aug 26 13:21:43.509573: | sending 108 bytes for ISAKMP notify through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Aug 26 13:21:43.509576: | ff 46 30 fd 82 4a 54 6b d9 29 c1 51 cb 06 e4 0b Aug 26 13:21:43.509579: | 08 10 05 01 45 b6 92 5d 00 00 00 6c 43 9f 08 ad Aug 26 13:21:43.509582: | a6 c2 8c ca 5b f2 3e 60 bf ba aa 2e 88 09 24 0a Aug 26 13:21:43.509587: | df dd fd 34 d4 a3 81 60 19 4d ce 76 6c 02 f5 49 Aug 26 13:21:43.509589: | 11 1d c0 47 2b 1d 21 7e 07 66 84 9b 64 a9 f7 10 Aug 26 13:21:43.509592: | f6 1e e7 29 23 78 d4 a0 f5 5a 12 e6 cd 32 96 dc Aug 26 13:21:43.509595: | 35 91 d6 9d e4 05 6c 60 55 fb 99 58 Aug 26 13:21:43.509608: ERROR: "north-dpd/0x2" #3: sendto on eth1 to 192.1.2.23:500 failed in ISAKMP notify. Errno 113: No route to host Aug 26 13:21:43.509612: | libevent_free: release ptr-libevent@0x7f83a8001f78 Aug 26 13:21:43.509619: | free_event_entry: release EVENT_DPD-pe@0x5649f9ac09c8 Aug 26 13:21:43.509627: | #3 spent 0.319 milliseconds in timer_event_cb() EVENT_DPD Aug 26 13:21:43.509632: | stop processing: state #3 connection "north-dpd/0x2" from 192.1.2.23 (in timer_event_cb() at timer.c:557) Aug 26 13:21:46.512324: | timer_event_cb: processing event@0x7f83bc004218 Aug 26 13:21:46.512351: | handling event EVENT_DPD for child state #3 Aug 26 13:21:46.512366: | start processing: state #3 connection "north-dpd/0x2" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 13:21:46.512380: | [RE]START processing: state #3 connection "north-dpd/0x2" from 192.1.2.23 (in dpd_event() at ikev1_dpd.c:360) Aug 26 13:21:46.512387: | FOR_EACH_STATE_... in find_phase1_state Aug 26 13:21:46.512396: | DPD: processing for state #3 ("north-dpd/0x2") Aug 26 13:21:46.512408: | get_sa_info esp.84e11f1c@192.1.3.33 Aug 26 13:21:46.512438: | event_schedule: new EVENT_DPD-pe@0x5649f9ac09c8 Aug 26 13:21:46.512447: | inserting event EVENT_DPD, timeout in 3 seconds for #3 Aug 26 13:21:46.512455: | libevent_malloc: new ptr-libevent@0x5649f9ac6f88 size 128 Aug 26 13:21:46.512466: | DPD: sending R_U_THERE 13822 to 192.1.2.23:500 (state #1) Aug 26 13:21:46.512484: | **emit ISAKMP Message: Aug 26 13:21:46.512490: | initiator cookie: Aug 26 13:21:46.512497: | ff 46 30 fd 82 4a 54 6b Aug 26 13:21:46.512502: | responder cookie: Aug 26 13:21:46.512508: | d9 29 c1 51 cb 06 e4 0b Aug 26 13:21:46.512515: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:21:46.512522: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 13:21:46.512529: | exchange type: ISAKMP_XCHG_INFO (0x5) Aug 26 13:21:46.512535: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 13:21:46.512542: | Message ID: 356707158 (0x1542eb56) Aug 26 13:21:46.512549: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:21:46.512556: | ***emit ISAKMP Hash Payload: Aug 26 13:21:46.512563: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:21:46.512572: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Aug 26 13:21:46.512580: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'ISAKMP notify' Aug 26 13:21:46.512588: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Aug 26 13:21:46.512594: | emitting length of ISAKMP Hash Payload: 36 Aug 26 13:21:46.512600: | ***emit ISAKMP Notification Payload: Aug 26 13:21:46.512607: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:21:46.512613: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 13:21:46.512619: | protocol ID: 1 (0x1) Aug 26 13:21:46.512625: | SPI size: 16 (0x10) Aug 26 13:21:46.512632: | Notify Message Type: R_U_THERE (0x8d28) Aug 26 13:21:46.512641: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Notification Payload (11:ISAKMP_NEXT_N) Aug 26 13:21:46.512649: | next payload chain: saving location 'ISAKMP Notification Payload'.'next payload type' in 'ISAKMP notify' Aug 26 13:21:46.512657: | emitting 8 raw bytes of notify icookie into ISAKMP Notification Payload Aug 26 13:21:46.512663: | notify icookie ff 46 30 fd 82 4a 54 6b Aug 26 13:21:46.512670: | emitting 8 raw bytes of notify rcookie into ISAKMP Notification Payload Aug 26 13:21:46.512676: | notify rcookie d9 29 c1 51 cb 06 e4 0b Aug 26 13:21:46.512683: | emitting 4 raw bytes of notify data into ISAKMP Notification Payload Aug 26 13:21:46.512694: | notify data 00 00 35 fe Aug 26 13:21:46.512701: | emitting length of ISAKMP Notification Payload: 32 Aug 26 13:21:46.512743: | notification HASH(1): Aug 26 13:21:46.512751: | f4 3e d8 f0 6d 69 19 49 c0 91 ce 7c cf 2a 4e aa Aug 26 13:21:46.512758: | cb 31 9e 4b 0e 25 bd c2 54 23 ba ba ae 49 e5 80 Aug 26 13:21:46.512775: | emitting 12 zero bytes of encryption padding into ISAKMP Message Aug 26 13:21:46.512781: | no IKEv1 message padding required Aug 26 13:21:46.512787: | emitting length of ISAKMP Message: 108 Aug 26 13:21:46.512812: | sending 108 bytes for ISAKMP notify through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Aug 26 13:21:46.512819: | ff 46 30 fd 82 4a 54 6b d9 29 c1 51 cb 06 e4 0b Aug 26 13:21:46.512825: | 08 10 05 01 15 42 eb 56 00 00 00 6c 50 c6 82 f5 Aug 26 13:21:46.512831: | 69 ab 69 89 9e e1 51 ae 6c 37 f5 fb c3 02 a6 03 Aug 26 13:21:46.512837: | 0d aa d5 ab ac 8e 8c 48 be 07 a6 ab ea 09 8d 3e Aug 26 13:21:46.512843: | 95 1d 49 a3 1f e2 91 53 10 af d8 48 b4 80 43 80 Aug 26 13:21:46.512850: | f3 01 97 32 bc 4e d7 72 d0 b7 88 b2 39 81 bb 1d Aug 26 13:21:46.512855: | 4e d5 57 0a 55 b8 d3 b5 7f aa 31 f8 Aug 26 13:21:46.512876: ERROR: "north-dpd/0x2" #3: sendto on eth1 to 192.1.2.23:500 failed in ISAKMP notify. Errno 113: No route to host Aug 26 13:21:46.512885: | libevent_free: release ptr-libevent@0x5649f9aca388 Aug 26 13:21:46.512893: | free_event_entry: release EVENT_DPD-pe@0x7f83bc004218 Aug 26 13:21:46.512905: | #3 spent 0.582 milliseconds in timer_event_cb() EVENT_DPD Aug 26 13:21:46.512917: | stop processing: state #3 connection "north-dpd/0x2" from 192.1.2.23 (in timer_event_cb() at timer.c:557) Aug 26 13:21:49.515363: | timer_event_cb: processing event@0x5649f9ac09c8 Aug 26 13:21:49.515397: | handling event EVENT_DPD for child state #3 Aug 26 13:21:49.515410: | start processing: state #3 connection "north-dpd/0x2" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 13:21:49.515420: | [RE]START processing: state #3 connection "north-dpd/0x2" from 192.1.2.23 (in dpd_event() at ikev1_dpd.c:360) Aug 26 13:21:49.515425: | FOR_EACH_STATE_... in find_phase1_state Aug 26 13:21:49.515431: | DPD: processing for state #3 ("north-dpd/0x2") Aug 26 13:21:49.515442: | get_sa_info esp.84e11f1c@192.1.3.33 Aug 26 13:21:49.515473: | event_schedule: new EVENT_DPD-pe@0x7f83bc004218 Aug 26 13:21:49.515481: | inserting event EVENT_DPD, timeout in 3 seconds for #3 Aug 26 13:21:49.515487: | libevent_malloc: new ptr-libevent@0x5649f9ae0088 size 128 Aug 26 13:21:49.515495: | DPD: sending R_U_THERE 13823 to 192.1.2.23:500 (state #1) Aug 26 13:21:49.515516: | **emit ISAKMP Message: Aug 26 13:21:49.515521: | initiator cookie: Aug 26 13:21:49.515525: | ff 46 30 fd 82 4a 54 6b Aug 26 13:21:49.515529: | responder cookie: Aug 26 13:21:49.515533: | d9 29 c1 51 cb 06 e4 0b Aug 26 13:21:49.515538: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:21:49.515542: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 13:21:49.515547: | exchange type: ISAKMP_XCHG_INFO (0x5) Aug 26 13:21:49.515551: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 13:21:49.515556: | Message ID: 164995768 (0x9d5a2b8) Aug 26 13:21:49.515561: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:21:49.515566: | ***emit ISAKMP Hash Payload: Aug 26 13:21:49.515570: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:21:49.515575: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Aug 26 13:21:49.515580: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'ISAKMP notify' Aug 26 13:21:49.515586: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Aug 26 13:21:49.515590: | emitting length of ISAKMP Hash Payload: 36 Aug 26 13:21:49.515594: | ***emit ISAKMP Notification Payload: Aug 26 13:21:49.515598: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:21:49.515609: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 13:21:49.515613: | protocol ID: 1 (0x1) Aug 26 13:21:49.515617: | SPI size: 16 (0x10) Aug 26 13:21:49.515622: | Notify Message Type: R_U_THERE (0x8d28) Aug 26 13:21:49.515627: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Notification Payload (11:ISAKMP_NEXT_N) Aug 26 13:21:49.515632: | next payload chain: saving location 'ISAKMP Notification Payload'.'next payload type' in 'ISAKMP notify' Aug 26 13:21:49.515637: | emitting 8 raw bytes of notify icookie into ISAKMP Notification Payload Aug 26 13:21:49.515642: | notify icookie ff 46 30 fd 82 4a 54 6b Aug 26 13:21:49.515646: | emitting 8 raw bytes of notify rcookie into ISAKMP Notification Payload Aug 26 13:21:49.515650: | notify rcookie d9 29 c1 51 cb 06 e4 0b Aug 26 13:21:49.515654: | emitting 4 raw bytes of notify data into ISAKMP Notification Payload Aug 26 13:21:49.515658: | notify data 00 00 35 ff Aug 26 13:21:49.515663: | emitting length of ISAKMP Notification Payload: 32 Aug 26 13:21:49.515714: | notification HASH(1): Aug 26 13:21:49.515720: | ab 5b 2e e5 2a 3e c2 13 b5 d6 d3 ae 2e 7a f7 21 Aug 26 13:21:49.515724: | af c1 a5 26 f8 51 cf 7e 54 f1 5e 57 e4 d8 11 1a Aug 26 13:21:49.515738: | emitting 12 zero bytes of encryption padding into ISAKMP Message Aug 26 13:21:49.515743: | no IKEv1 message padding required Aug 26 13:21:49.515747: | emitting length of ISAKMP Message: 108 Aug 26 13:21:49.515767: | sending 108 bytes for ISAKMP notify through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Aug 26 13:21:49.515772: | ff 46 30 fd 82 4a 54 6b d9 29 c1 51 cb 06 e4 0b Aug 26 13:21:49.515776: | 08 10 05 01 09 d5 a2 b8 00 00 00 6c ad cc d2 a0 Aug 26 13:21:49.515780: | 01 b4 e1 f0 27 ac bd f4 77 f4 8a 95 2d b9 1f a8 Aug 26 13:21:49.515784: | e9 f9 78 5d a3 15 db 25 11 0a 2e 74 75 b3 f8 f2 Aug 26 13:21:49.515787: | 57 db cb a8 6e 90 d0 d5 ec 8b f3 df cc 44 e8 ce Aug 26 13:21:49.515791: | b6 11 42 9c 38 09 bf dd 06 ec a7 8c 54 35 70 c8 Aug 26 13:21:49.515795: | 74 46 1d 43 7d 0c b1 44 0c ab a5 c3 Aug 26 13:21:49.515817: ERROR: "north-dpd/0x2" #3: sendto on eth1 to 192.1.2.23:500 failed in ISAKMP notify. Errno 113: No route to host Aug 26 13:21:49.515825: | libevent_free: release ptr-libevent@0x5649f9ac6f88 Aug 26 13:21:49.515830: | free_event_entry: release EVENT_DPD-pe@0x5649f9ac09c8 Aug 26 13:21:49.515842: | #3 spent 0.481 milliseconds in timer_event_cb() EVENT_DPD Aug 26 13:21:49.515849: | stop processing: state #3 connection "north-dpd/0x2" from 192.1.2.23 (in timer_event_cb() at timer.c:557) Aug 26 13:21:50.506886: | timer_event_cb: processing event@0x5649f9acdcd8 Aug 26 13:21:50.506902: | handling event EVENT_DPD_TIMEOUT for parent state #1 Aug 26 13:21:50.506909: | start processing: state #1 connection "north-dpd/0x2" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 13:21:50.506913: | [RE]START processing: state #1 connection "north-dpd/0x2" from 192.1.2.23 (in dpd_timeout() at ikev1_dpd.c:569) Aug 26 13:21:50.506916: "north-dpd/0x2" #1: IKEv1 DPD action - restarting all connections that share this peer Aug 26 13:21:50.506918: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:21:50.506921: | start processing: connection "north-dpd/0x2" (BACKGROUND) (in terminate_a_connection() at terminate.c:69) Aug 26 13:21:50.506923: "north-dpd/0x2" #1: terminating SAs using this connection Aug 26 13:21:50.506925: | connection 'north-dpd/0x2' -POLICY_UP Aug 26 13:21:50.506927: | FOR_EACH_STATE_... in shared_phase1_connection Aug 26 13:21:50.506929: "north-dpd/0x2" #1: IKE SA is shared - only terminating IPsec SA Aug 26 13:21:50.506932: | suspend processing: state #1 connection "north-dpd/0x2" from 192.1.2.23 (in terminate_a_connection() at terminate.c:79) Aug 26 13:21:50.506935: | start processing: state #3 connection "north-dpd/0x2" from 192.1.2.23 (in terminate_a_connection() at terminate.c:79) Aug 26 13:21:50.506937: | pstats #3 ikev1.ipsec deleted completed Aug 26 13:21:50.506940: | [RE]START processing: state #3 connection "north-dpd/0x2" from 192.1.2.23 (in delete_state() at state.c:879) Aug 26 13:21:50.506946: "north-dpd/0x2" #3: deleting state (STATE_QUICK_I2) aged 13.009s and sending notification Aug 26 13:21:50.506948: | child state #3: QUICK_I2(established CHILD SA) => delete Aug 26 13:21:50.506952: | get_sa_info esp.38d5abde@192.1.2.23 Aug 26 13:21:50.506967: | get_sa_info esp.84e11f1c@192.1.3.33 Aug 26 13:21:50.506974: "north-dpd/0x2" #3: ESP traffic information: in=0B out=168B Aug 26 13:21:50.506976: | state #3 requesting EVENT_DPD-pe@0x7f83bc004218 be deleted Aug 26 13:21:50.506980: | libevent_free: release ptr-libevent@0x5649f9ae0088 Aug 26 13:21:50.506982: | free_event_entry: release EVENT_DPD-pe@0x7f83bc004218 Aug 26 13:21:50.506985: | #3 send IKEv1 delete notification for STATE_QUICK_I2 Aug 26 13:21:50.506987: | FOR_EACH_STATE_... in find_phase1_state Aug 26 13:21:50.506996: | **emit ISAKMP Message: Aug 26 13:21:50.506998: | initiator cookie: Aug 26 13:21:50.507000: | ff 46 30 fd 82 4a 54 6b Aug 26 13:21:50.507001: | responder cookie: Aug 26 13:21:50.507003: | d9 29 c1 51 cb 06 e4 0b Aug 26 13:21:50.507005: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:21:50.507007: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 13:21:50.507009: | exchange type: ISAKMP_XCHG_INFO (0x5) Aug 26 13:21:50.507011: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 13:21:50.507012: | Message ID: 3361683450 (0xc85f37fa) Aug 26 13:21:50.507015: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:21:50.507017: | ***emit ISAKMP Hash Payload: Aug 26 13:21:50.507019: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:21:50.507021: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Aug 26 13:21:50.507023: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'delete msg' Aug 26 13:21:50.507025: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Aug 26 13:21:50.507027: | emitting length of ISAKMP Hash Payload: 36 Aug 26 13:21:50.507028: | ***emit ISAKMP Delete Payload: Aug 26 13:21:50.507030: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:21:50.507032: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 13:21:50.507033: | protocol ID: 3 (0x3) Aug 26 13:21:50.507035: | SPI size: 4 (0x4) Aug 26 13:21:50.507037: | number of SPIs: 1 (0x1) Aug 26 13:21:50.507039: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Delete Payload (12:ISAKMP_NEXT_D) Aug 26 13:21:50.507041: | next payload chain: saving location 'ISAKMP Delete Payload'.'next payload type' in 'delete msg' Aug 26 13:21:50.507043: | emitting 4 raw bytes of delete payload into ISAKMP Delete Payload Aug 26 13:21:50.507044: | delete payload 84 e1 1f 1c Aug 26 13:21:50.507046: | emitting length of ISAKMP Delete Payload: 16 Aug 26 13:21:50.507066: | send delete HASH(1): Aug 26 13:21:50.507068: | 25 13 06 4f 81 56 53 5a f0 e3 72 41 5b 7d 43 e7 Aug 26 13:21:50.507070: | 4a 6a a8 1b 6a 48 cb fa fa a0 84 0d fe 5a 5b fe Aug 26 13:21:50.507075: | emitting 12 zero bytes of encryption padding into ISAKMP Message Aug 26 13:21:50.507077: | no IKEv1 message padding required Aug 26 13:21:50.507079: | emitting length of ISAKMP Message: 92 Aug 26 13:21:50.507093: | sending 92 bytes for delete notify through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Aug 26 13:21:50.507096: | ff 46 30 fd 82 4a 54 6b d9 29 c1 51 cb 06 e4 0b Aug 26 13:21:50.507097: | 08 10 05 01 c8 5f 37 fa 00 00 00 5c 83 3b 54 c9 Aug 26 13:21:50.507099: | da b9 9d 8e 70 a0 4a a7 10 d3 5b 23 90 0e f6 67 Aug 26 13:21:50.507100: | 75 6e 63 10 c1 fc 8d cf 5a c0 59 ca 64 a0 9c d2 Aug 26 13:21:50.507102: | 7b 56 4b 9d 68 b8 71 eb 92 19 19 dc 93 2a dd 5a Aug 26 13:21:50.507103: | 42 d2 41 9e 38 58 4b 75 78 8f fa 05 Aug 26 13:21:50.507367: ERROR: "north-dpd/0x2" #3: sendto on eth1 to 192.1.2.23:500 failed in delete notify. Errno 113: No route to host Aug 26 13:21:50.507374: | state #3 requesting EVENT_SA_REPLACE to be deleted Aug 26 13:21:50.507377: | libevent_free: release ptr-libevent@0x7f83b00055c8 Aug 26 13:21:50.507380: | free_event_entry: release EVENT_SA_REPLACE-pe@0x5649f9a4e1b8 Aug 26 13:21:50.507442: | running updown command "ipsec _updown" for verb down Aug 26 13:21:50.507446: | command executing down-client Aug 26 13:21:50.507464: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:21:50.507468: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:21:50.507481: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-dpd/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566825697' PLUTO_CONN_POL Aug 26 13:21:50.507499: | popen cmd is 1408 chars long Aug 26 13:21:50.507501: | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-dpd/0x2' PL: Aug 26 13:21:50.507503: | cmd( 80):UTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY: Aug 26 13:21:50.507505: | cmd( 160):_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.test: Aug 26 13:21:50.507507: | cmd( 240):ing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.: Aug 26 13:21:50.507508: | cmd( 320):0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO: Aug 26 13:21:50.507510: | cmd( 400):_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PL: Aug 26 13:21:50.507512: | cmd( 480):UTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, O: Aug 26 13:21:50.507514: | cmd( 560):U=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.: Aug 26 13:21:50.507515: | cmd( 640):org' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' PLUTO_: Aug 26 13:21:50.507517: | cmd( 720):PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLU: Aug 26 13:21:50.507519: | cmd( 800):TO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Lib: Aug 26 13:21:50.507520: | cmd( 880):reswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_A: Aug 26 13:21:50.507522: | cmd( 960):DDTIME='1566825697' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAR: Aug 26 13:21:50.507524: | cmd(1040):EF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFA: Aug 26 13:21:50.507525: | cmd(1120):MILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_: Aug 26 13:21:50.507527: | cmd(1200):PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT=': Aug 26 13:21:50.507529: | cmd(1280):0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=: Aug 26 13:21:50.507531: | cmd(1360):0x38d5abde SPI_OUT=0x84e11f1c ipsec _updown 2>&1: Aug 26 13:21:50.514560: | shunt_eroute() called for connection 'north-dpd/0x2' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 0--0->-0 Aug 26 13:21:50.514576: | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 Aug 26 13:21:50.514579: | priority calculation of connection "north-dpd/0x2" is 0xfe7e7 Aug 26 13:21:50.514583: | IPsec Sa SPD priority set to 1042407 Aug 26 13:21:50.514614: | delete esp.38d5abde@192.1.2.23 Aug 26 13:21:50.514627: | netlink response for Del SA esp.38d5abde@192.1.2.23 included non-error error Aug 26 13:21:50.514630: | priority calculation of connection "north-dpd/0x2" is 0xfe7e7 Aug 26 13:21:50.514635: | delete inbound eroute 192.0.22.0/24:0 --0-> 192.0.3.0/24:0 => unk255.10000@192.1.3.33 (raw_eroute) Aug 26 13:21:50.514674: | raw_eroute result=success Aug 26 13:21:50.514677: | delete esp.84e11f1c@192.1.3.33 Aug 26 13:21:50.514685: | netlink response for Del SA esp.84e11f1c@192.1.3.33 included non-error error Aug 26 13:21:50.514694: | stop processing: connection "north-dpd/0x2" (BACKGROUND) (in update_state_connection() at connections.c:4076) Aug 26 13:21:50.514698: | start processing: connection NULL (in update_state_connection() at connections.c:4077) Aug 26 13:21:50.514700: | in connection_discard for connection north-dpd/0x2 Aug 26 13:21:50.514702: | State DB: deleting IKEv1 state #3 in QUICK_I2 Aug 26 13:21:50.514708: | child state #3: QUICK_I2(established CHILD SA) => UNDEFINED(ignore) Aug 26 13:21:50.514744: | stop processing: state #3 from 192.1.2.23 (in delete_state() at state.c:1143) Aug 26 13:21:50.514767: | processing: STOP connection NULL (in terminate_a_connection() at terminate.c:87) Aug 26 13:21:50.514770: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:21:50.514773: | start processing: connection "north-dpd/0x1" (in terminate_a_connection() at terminate.c:69) Aug 26 13:21:50.514775: "north-dpd/0x1": terminating SAs using this connection Aug 26 13:21:50.514790: | connection 'north-dpd/0x1' -POLICY_UP Aug 26 13:21:50.514792: | connection not shared - terminating IKE and IPsec SA Aug 26 13:21:50.514794: | Deleting states for connection - not including other IPsec SA's Aug 26 13:21:50.514795: | pass 0 Aug 26 13:21:50.514797: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 13:21:50.514799: | state #2 Aug 26 13:21:50.514801: | suspend processing: connection "north-dpd/0x1" (in foreach_state_by_connection_func_delete() at state.c:1310) Aug 26 13:21:50.514804: | start processing: state #2 connection "north-dpd/0x1" from 192.1.2.23 (in foreach_state_by_connection_func_delete() at state.c:1310) Aug 26 13:21:50.514806: | pstats #2 ikev1.ipsec deleted completed Aug 26 13:21:50.514809: | [RE]START processing: state #2 connection "north-dpd/0x1" from 192.1.2.23 (in delete_state() at state.c:879) Aug 26 13:21:50.514812: "north-dpd/0x1" #2: deleting state (STATE_QUICK_I2) aged 13.017s and sending notification Aug 26 13:21:50.514814: | child state #2: QUICK_I2(established CHILD SA) => delete Aug 26 13:21:50.514816: | get_sa_info esp.19ad0dcb@192.1.2.23 Aug 26 13:21:50.514823: | get_sa_info esp.4ad1f014@192.1.3.33 Aug 26 13:21:50.514829: "north-dpd/0x1" #2: ESP traffic information: in=168B out=168B Aug 26 13:21:50.514832: | #2 send IKEv1 delete notification for STATE_QUICK_I2 Aug 26 13:21:50.514834: | FOR_EACH_STATE_... in find_phase1_state Aug 26 13:21:50.514843: | **emit ISAKMP Message: Aug 26 13:21:50.514845: | initiator cookie: Aug 26 13:21:50.514847: | ff 46 30 fd 82 4a 54 6b Aug 26 13:21:50.514849: | responder cookie: Aug 26 13:21:50.514850: | d9 29 c1 51 cb 06 e4 0b Aug 26 13:21:50.514852: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:21:50.514854: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 13:21:50.514856: | exchange type: ISAKMP_XCHG_INFO (0x5) Aug 26 13:21:50.514859: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 13:21:50.514860: | Message ID: 2436110340 (0x91341804) Aug 26 13:21:50.514862: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:21:50.514864: | ***emit ISAKMP Hash Payload: Aug 26 13:21:50.514866: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:21:50.514868: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Aug 26 13:21:50.514872: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'delete msg' Aug 26 13:21:50.514874: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Aug 26 13:21:50.514876: | emitting length of ISAKMP Hash Payload: 36 Aug 26 13:21:50.514877: | ***emit ISAKMP Delete Payload: Aug 26 13:21:50.514879: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:21:50.514881: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 13:21:50.514883: | protocol ID: 3 (0x3) Aug 26 13:21:50.514884: | SPI size: 4 (0x4) Aug 26 13:21:50.514886: | number of SPIs: 1 (0x1) Aug 26 13:21:50.514888: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Delete Payload (12:ISAKMP_NEXT_D) Aug 26 13:21:50.514890: | next payload chain: saving location 'ISAKMP Delete Payload'.'next payload type' in 'delete msg' Aug 26 13:21:50.514892: | emitting 4 raw bytes of delete payload into ISAKMP Delete Payload Aug 26 13:21:50.514893: | delete payload 4a d1 f0 14 Aug 26 13:21:50.514895: | emitting length of ISAKMP Delete Payload: 16 Aug 26 13:21:50.514920: | send delete HASH(1): Aug 26 13:21:50.514922: | ff 0f c4 85 05 f4 f7 77 3f 0f d3 35 fc 65 f9 20 Aug 26 13:21:50.514924: | bd 93 63 28 fb 51 cb 3a 92 72 c4 c4 8c 41 a2 eb Aug 26 13:21:50.514930: | emitting 12 zero bytes of encryption padding into ISAKMP Message Aug 26 13:21:50.514932: | no IKEv1 message padding required Aug 26 13:21:50.514934: | emitting length of ISAKMP Message: 92 Aug 26 13:21:50.514948: | sending 92 bytes for delete notify through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Aug 26 13:21:50.514950: | ff 46 30 fd 82 4a 54 6b d9 29 c1 51 cb 06 e4 0b Aug 26 13:21:50.514952: | 08 10 05 01 91 34 18 04 00 00 00 5c d5 f9 97 c4 Aug 26 13:21:50.514953: | 4d 78 6a 86 fd 5d b9 b5 94 c9 ad 68 df 5c 8a 7f Aug 26 13:21:50.514955: | 21 08 fb ca 23 d2 fc be 4a 4d 3d 6c d9 2e 6c 45 Aug 26 13:21:50.514956: | 59 5b a2 d1 6f 9b 54 0c b2 8d 40 06 9d c5 75 4d Aug 26 13:21:50.514958: | 42 c9 7b a3 e6 7d 5b d7 6a 9d 1e c2 Aug 26 13:21:50.514967: ERROR: "north-dpd/0x1" #2: sendto on eth1 to 192.1.2.23:500 failed in delete notify. Errno 113: No route to host Aug 26 13:21:50.514969: | state #2 requesting EVENT_SA_REPLACE to be deleted Aug 26 13:21:50.514975: | libevent_free: release ptr-libevent@0x5649f9ab60f8 Aug 26 13:21:50.514978: | free_event_entry: release EVENT_SA_REPLACE-pe@0x5649f9ac2358 Aug 26 13:21:50.515011: | running updown command "ipsec _updown" for verb down Aug 26 13:21:50.515014: | command executing down-client Aug 26 13:21:50.515033: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:21:50.515036: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:21:50.515063: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-dpd/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566825697' PLUTO_CONN_POLIC Aug 26 13:21:50.515067: | popen cmd is 1406 chars long Aug 26 13:21:50.515069: | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-dpd/0x1' PL: Aug 26 13:21:50.515071: | cmd( 80):UTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY: Aug 26 13:21:50.515073: | cmd( 160):_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.test: Aug 26 13:21:50.515075: | cmd( 240):ing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.: Aug 26 13:21:50.515077: | cmd( 320):0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO: Aug 26 13:21:50.515078: | cmd( 400):_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PL: Aug 26 13:21:50.515080: | cmd( 480):UTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, O: Aug 26 13:21:50.515082: | cmd( 560):U=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.: Aug 26 13:21:50.515083: | cmd( 640):org' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PE: Aug 26 13:21:50.515085: | cmd( 720):ER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO: Aug 26 13:21:50.515087: | cmd( 800):_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libre: Aug 26 13:21:50.515089: | cmd( 880):swan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADD: Aug 26 13:21:50.515090: | cmd( 960):TIME='1566825697' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF: Aug 26 13:21:50.515092: | cmd(1040):_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMI: Aug 26 13:21:50.515094: | cmd(1120):LY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PE: Aug 26 13:21:50.515095: | cmd(1200):ER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0': Aug 26 13:21:50.515097: | cmd(1280): PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x: Aug 26 13:21:50.515099: | cmd(1360):19ad0dcb SPI_OUT=0x4ad1f014 ipsec _updown 2>&1: Aug 26 13:21:50.522103: | shunt_eroute() called for connection 'north-dpd/0x1' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 0--0->-0 Aug 26 13:21:50.522118: | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 Aug 26 13:21:50.522121: | priority calculation of connection "north-dpd/0x1" is 0xfe7e7 Aug 26 13:21:50.522124: | IPsec Sa SPD priority set to 1042407 Aug 26 13:21:50.522168: | delete esp.19ad0dcb@192.1.2.23 Aug 26 13:21:50.522189: | netlink response for Del SA esp.19ad0dcb@192.1.2.23 included non-error error Aug 26 13:21:50.522196: | priority calculation of connection "north-dpd/0x1" is 0xfe7e7 Aug 26 13:21:50.522205: | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.3.0/24:0 => unk255.10000@192.1.3.33 (raw_eroute) Aug 26 13:21:50.522230: | raw_eroute result=success Aug 26 13:21:50.522236: | delete esp.4ad1f014@192.1.3.33 Aug 26 13:21:50.522248: | netlink response for Del SA esp.4ad1f014@192.1.3.33 included non-error error Aug 26 13:21:50.522261: | stop processing: connection "north-dpd/0x1" (BACKGROUND) (in update_state_connection() at connections.c:4076) Aug 26 13:21:50.522266: | start processing: connection NULL (in update_state_connection() at connections.c:4077) Aug 26 13:21:50.522270: | in connection_discard for connection north-dpd/0x1 Aug 26 13:21:50.522274: | State DB: deleting IKEv1 state #2 in QUICK_I2 Aug 26 13:21:50.522281: | child state #2: QUICK_I2(established CHILD SA) => UNDEFINED(ignore) Aug 26 13:21:50.522325: | stop processing: state #2 from 192.1.2.23 (in delete_state() at state.c:1143) Aug 26 13:21:50.522356: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) Aug 26 13:21:50.522361: | state #1 Aug 26 13:21:50.522364: | pass 1 Aug 26 13:21:50.522367: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 13:21:50.522370: | state #1 Aug 26 13:21:50.522377: | processing: STOP connection NULL (in terminate_a_connection() at terminate.c:87) Aug 26 13:21:50.522381: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:21:50.522401: | start processing: connection "north-dpd/0x2" (in initiate_a_connection() at initiate.c:186) Aug 26 13:21:50.522407: | empty esp_info, returning defaults for ENCRYPT Aug 26 13:21:50.522415: | connection 'north-dpd/0x2' +POLICY_UP Aug 26 13:21:50.522419: | dup_any(fd@-1) -> fd@-1 (in initiate_a_connection() at initiate.c:342) Aug 26 13:21:50.522423: | FOR_EACH_STATE_... in find_phase1_state Aug 26 13:21:50.522430: | creating state object #4 at 0x5649f9adb498 Aug 26 13:21:50.522434: | State DB: adding IKEv1 state #4 in UNDEFINED Aug 26 13:21:50.522439: | pstats #4 ikev1.ipsec started Aug 26 13:21:50.522443: | duplicating state object #1 "north-dpd/0x2" as #4 for IPSEC SA Aug 26 13:21:50.522450: | #4 setting local endpoint to 192.1.3.33:500 from #1.st_localport (in duplicate_state() at state.c:1484) Aug 26 13:21:50.522456: | suspend processing: connection "north-dpd/0x2" (in quick_outI1() at ikev1_quick.c:685) Aug 26 13:21:50.522462: | start processing: state #4 connection "north-dpd/0x2" from 192.1.2.23 (in quick_outI1() at ikev1_quick.c:685) Aug 26 13:21:50.522473: | child state #4: UNDEFINED(ignore) => QUICK_I1(established CHILD SA) Aug 26 13:21:50.522481: "north-dpd/0x2" #4: initiating Quick Mode RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO {using isakmp#1 msgid:17ff60cc proposal=defaults pfsgroup=MODP2048} Aug 26 13:21:50.522487: | adding quick_outI1 KE work-order 7 for state #4 Aug 26 13:21:50.522492: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f83c0002b78 Aug 26 13:21:50.522496: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #4 Aug 26 13:21:50.522500: | libevent_malloc: new ptr-libevent@0x5649f9aca388 size 128 Aug 26 13:21:50.522513: | stop processing: state #4 connection "north-dpd/0x2" from 192.1.2.23 (in quick_outI1() at ikev1_quick.c:764) Aug 26 13:21:50.522515: | resume processing: connection "north-dpd/0x2" (in quick_outI1() at ikev1_quick.c:764) Aug 26 13:21:50.522517: | stop processing: connection "north-dpd/0x2" (in initiate_a_connection() at initiate.c:349) Aug 26 13:21:50.522519: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:21:50.522522: | start processing: connection "north-dpd/0x1" (in initiate_a_connection() at initiate.c:186) Aug 26 13:21:50.522526: | empty esp_info, returning defaults for ENCRYPT Aug 26 13:21:50.522520: | crypto helper 2 resuming Aug 26 13:21:50.522530: | connection 'north-dpd/0x1' +POLICY_UP Aug 26 13:21:50.522537: | crypto helper 2 starting work-order 7 for state #4 Aug 26 13:21:50.522542: | dup_any(fd@-1) -> fd@-1 (in initiate_a_connection() at initiate.c:342) Aug 26 13:21:50.522544: | crypto helper 2 doing build KE and nonce (quick_outI1 KE); request ID 7 Aug 26 13:21:50.522544: | FOR_EACH_STATE_... in find_phase1_state Aug 26 13:21:50.522555: | creating state object #5 at 0x5649f9ad6aa8 Aug 26 13:21:50.522557: | State DB: adding IKEv1 state #5 in UNDEFINED Aug 26 13:21:50.522559: | pstats #5 ikev1.ipsec started Aug 26 13:21:50.522561: | duplicating state object #1 "north-dpd/0x2" as #5 for IPSEC SA Aug 26 13:21:50.522564: | #5 setting local endpoint to 192.1.3.33:500 from #1.st_localport (in duplicate_state() at state.c:1484) Aug 26 13:21:50.522566: | in connection_discard for connection north-dpd/0x2 Aug 26 13:21:50.522568: | suspend processing: connection "north-dpd/0x1" (in quick_outI1() at ikev1_quick.c:685) Aug 26 13:21:50.522571: | start processing: state #5 connection "north-dpd/0x1" from 192.1.2.23 (in quick_outI1() at ikev1_quick.c:685) Aug 26 13:21:50.522574: | child state #5: UNDEFINED(ignore) => QUICK_I1(established CHILD SA) Aug 26 13:21:50.522577: "north-dpd/0x1" #5: initiating Quick Mode RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO {using isakmp#1 msgid:7d206b25 proposal=defaults pfsgroup=MODP2048} Aug 26 13:21:50.522582: | adding quick_outI1 KE work-order 8 for state #5 Aug 26 13:21:50.522585: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x5649f9ab9998 Aug 26 13:21:50.522592: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #5 Aug 26 13:21:50.522594: | libevent_malloc: new ptr-libevent@0x5649f9ada878 size 128 Aug 26 13:21:50.522600: | stop processing: state #5 connection "north-dpd/0x1" from 192.1.2.23 (in quick_outI1() at ikev1_quick.c:764) Aug 26 13:21:50.522603: | resume processing: connection "north-dpd/0x1" (in quick_outI1() at ikev1_quick.c:764) Aug 26 13:21:50.522605: | stop processing: connection "north-dpd/0x1" (in initiate_a_connection() at initiate.c:349) Aug 26 13:21:50.522607: | crypto helper 0 resuming Aug 26 13:21:50.522608: | libevent_free: release ptr-libevent@0x5649f9adc998 Aug 26 13:21:50.522618: | crypto helper 0 starting work-order 8 for state #5 Aug 26 13:21:50.522623: | free_event_entry: release EVENT_DPD_TIMEOUT-pe@0x5649f9acdcd8 Aug 26 13:21:50.522628: | crypto helper 0 doing build KE and nonce (quick_outI1 KE); request ID 8 Aug 26 13:21:50.522633: | #1 spent 2.42 milliseconds in timer_event_cb() EVENT_DPD_TIMEOUT Aug 26 13:21:50.522635: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Aug 26 13:21:50.522647: | processing signal PLUTO_SIGCHLD Aug 26 13:21:50.522651: | waitpid returned ECHILD (no child processes left) Aug 26 13:21:50.522654: | spent 0.00352 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:21:50.522656: | processing signal PLUTO_SIGCHLD Aug 26 13:21:50.522658: | waitpid returned ECHILD (no child processes left) Aug 26 13:21:50.522660: | spent 0.00238 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:21:50.523723: | crypto helper 2 finished build KE and nonce (quick_outI1 KE); request ID 7 time elapsed 0.001178 seconds Aug 26 13:21:50.523724: | crypto helper 0 finished build KE and nonce (quick_outI1 KE); request ID 8 time elapsed 0.001096 seconds Aug 26 13:21:50.523737: | (#4) spent 0.594 milliseconds in crypto helper computing work-order 7: quick_outI1 KE (pcr) Aug 26 13:21:50.523740: | (#5) spent 0.646 milliseconds in crypto helper computing work-order 8: quick_outI1 KE (pcr) Aug 26 13:21:50.523741: | crypto helper 2 sending results from work-order 7 for state #4 to event queue Aug 26 13:21:50.523745: | crypto helper 0 sending results from work-order 8 for state #5 to event queue Aug 26 13:21:50.523749: | scheduling resume sending helper answer for #4 Aug 26 13:21:50.523751: | scheduling resume sending helper answer for #5 Aug 26 13:21:50.523753: | libevent_malloc: new ptr-libevent@0x7f83ac002888 size 128 Aug 26 13:21:50.523754: | libevent_malloc: new ptr-libevent@0x7f83c00072f8 size 128 Aug 26 13:21:50.523762: | crypto helper 2 waiting (nothing to do) Aug 26 13:21:50.523767: | processing resume sending helper answer for #4 Aug 26 13:21:50.523767: | crypto helper 0 waiting (nothing to do) Aug 26 13:21:50.523773: | start processing: state #4 connection "north-dpd/0x2" from 192.1.2.23 (in resume_handler() at server.c:797) Aug 26 13:21:50.523776: | crypto helper 2 replies to request ID 7 Aug 26 13:21:50.523778: | calling continuation function 0x5649f7dc5b50 Aug 26 13:21:50.523780: | quick_outI1_continue for #4: calculated ke+nonce, sending I1 Aug 26 13:21:50.523799: | **emit ISAKMP Message: Aug 26 13:21:50.523801: | initiator cookie: Aug 26 13:21:50.523803: | ff 46 30 fd 82 4a 54 6b Aug 26 13:21:50.523804: | responder cookie: Aug 26 13:21:50.523806: | d9 29 c1 51 cb 06 e4 0b Aug 26 13:21:50.523808: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:21:50.523810: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 13:21:50.523811: | exchange type: ISAKMP_XCHG_QUICK (0x20) Aug 26 13:21:50.523813: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 13:21:50.523815: | Message ID: 402612428 (0x17ff60cc) Aug 26 13:21:50.523817: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:21:50.523819: | ***emit ISAKMP Hash Payload: Aug 26 13:21:50.523821: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:21:50.523823: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Aug 26 13:21:50.523826: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'reply packet' Aug 26 13:21:50.523829: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Aug 26 13:21:50.523830: | emitting length of ISAKMP Hash Payload: 36 Aug 26 13:21:50.523832: | emitting quick defaults using policy none Aug 26 13:21:50.523834: | empty esp_info, returning defaults for ENCRYPT Aug 26 13:21:50.523837: | ***emit ISAKMP Security Association Payload: Aug 26 13:21:50.523839: | next payload type: ISAKMP_NEXT_NONCE (0xa) Aug 26 13:21:50.523840: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 13:21:50.523842: | next payload chain: ignoring supplied 'ISAKMP Security Association Payload'.'next payload type' value 10:ISAKMP_NEXT_NONCE Aug 26 13:21:50.523844: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Security Association Payload (1:ISAKMP_NEXT_SA) Aug 26 13:21:50.523846: | next payload chain: saving location 'ISAKMP Security Association Payload'.'next payload type' in 'reply packet' Aug 26 13:21:50.523848: | ****emit IPsec DOI SIT: Aug 26 13:21:50.523850: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) Aug 26 13:21:50.523852: | ikev1_out_sa pcn: 0 has 1 valid proposals Aug 26 13:21:50.523854: | ikev1_out_sa pcn: 0 pn: 0<1 valid_count: 1 trans_cnt: 2 Aug 26 13:21:50.523855: | ****emit ISAKMP Proposal Payload: Aug 26 13:21:50.523857: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:21:50.523859: | proposal number: 0 (0x0) Aug 26 13:21:50.523860: | protocol ID: PROTO_IPSEC_ESP (0x3) Aug 26 13:21:50.523862: | SPI size: 4 (0x4) Aug 26 13:21:50.523863: | number of transforms: 2 (0x2) Aug 26 13:21:50.523865: | last substructure: saving location 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' Aug 26 13:21:50.523877: | netlink_get_spi: allocated 0xdcd59a6b for esp.0@192.1.3.33 Aug 26 13:21:50.523879: | emitting 4 raw bytes of SPI into ISAKMP Proposal Payload Aug 26 13:21:50.523881: | SPI dc d5 9a 6b Aug 26 13:21:50.523882: | *****emit ISAKMP Transform Payload (ESP): Aug 26 13:21:50.523884: | next payload type: ISAKMP_NEXT_T (0x3) Aug 26 13:21:50.523886: | ESP transform number: 0 (0x0) Aug 26 13:21:50.523887: | ESP transform ID: ESP_AES (0xc) Aug 26 13:21:50.523889: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' Aug 26 13:21:50.523891: | ******emit ISAKMP IPsec DOI attribute: Aug 26 13:21:50.523893: | af+type: AF+GROUP_DESCRIPTION (0x8003) Aug 26 13:21:50.523895: | length/value: 14 (0xe) Aug 26 13:21:50.523897: | [14 is OAKLEY_GROUP_MODP2048] Aug 26 13:21:50.523899: | ******emit ISAKMP IPsec DOI attribute: Aug 26 13:21:50.523900: | af+type: AF+ENCAPSULATION_MODE (0x8004) Aug 26 13:21:50.523902: | length/value: 1 (0x1) Aug 26 13:21:50.523904: | [1 is ENCAPSULATION_MODE_TUNNEL] Aug 26 13:21:50.523906: | ******emit ISAKMP IPsec DOI attribute: Aug 26 13:21:50.523907: | af+type: AF+SA_LIFE_TYPE (0x8001) Aug 26 13:21:50.523909: | length/value: 1 (0x1) Aug 26 13:21:50.523910: | [1 is SA_LIFE_TYPE_SECONDS] Aug 26 13:21:50.523912: | ******emit ISAKMP IPsec DOI attribute: Aug 26 13:21:50.523914: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) Aug 26 13:21:50.523915: | length/value: 28800 (0x7080) Aug 26 13:21:50.523917: | ******emit ISAKMP IPsec DOI attribute: Aug 26 13:21:50.523919: | af+type: AF+AUTH_ALGORITHM (0x8005) Aug 26 13:21:50.523920: | length/value: 2 (0x2) Aug 26 13:21:50.523922: | [2 is AUTH_ALGORITHM_HMAC_SHA1] Aug 26 13:21:50.523923: | ******emit ISAKMP IPsec DOI attribute: Aug 26 13:21:50.523925: | af+type: AF+KEY_LENGTH (0x8006) Aug 26 13:21:50.523927: | length/value: 128 (0x80) Aug 26 13:21:50.523928: | emitting length of ISAKMP Transform Payload (ESP): 32 Aug 26 13:21:50.523930: | *****emit ISAKMP Transform Payload (ESP): Aug 26 13:21:50.523932: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:21:50.523934: | ESP transform number: 1 (0x1) Aug 26 13:21:50.523936: | ESP transform ID: ESP_3DES (0x3) Aug 26 13:21:50.523938: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Aug 26 13:21:50.523940: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' Aug 26 13:21:50.523942: | ******emit ISAKMP IPsec DOI attribute: Aug 26 13:21:50.523943: | af+type: AF+GROUP_DESCRIPTION (0x8003) Aug 26 13:21:50.523945: | length/value: 14 (0xe) Aug 26 13:21:50.523947: | [14 is OAKLEY_GROUP_MODP2048] Aug 26 13:21:50.523948: | ******emit ISAKMP IPsec DOI attribute: Aug 26 13:21:50.523950: | af+type: AF+ENCAPSULATION_MODE (0x8004) Aug 26 13:21:50.523951: | length/value: 1 (0x1) Aug 26 13:21:50.523953: | [1 is ENCAPSULATION_MODE_TUNNEL] Aug 26 13:21:50.523954: | ******emit ISAKMP IPsec DOI attribute: Aug 26 13:21:50.523956: | af+type: AF+SA_LIFE_TYPE (0x8001) Aug 26 13:21:50.523958: | length/value: 1 (0x1) Aug 26 13:21:50.523959: | [1 is SA_LIFE_TYPE_SECONDS] Aug 26 13:21:50.523961: | ******emit ISAKMP IPsec DOI attribute: Aug 26 13:21:50.523962: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) Aug 26 13:21:50.523964: | length/value: 28800 (0x7080) Aug 26 13:21:50.523966: | ******emit ISAKMP IPsec DOI attribute: Aug 26 13:21:50.523967: | af+type: AF+AUTH_ALGORITHM (0x8005) Aug 26 13:21:50.523969: | length/value: 2 (0x2) Aug 26 13:21:50.523970: | [2 is AUTH_ALGORITHM_HMAC_SHA1] Aug 26 13:21:50.523972: | emitting length of ISAKMP Transform Payload (ESP): 28 Aug 26 13:21:50.523974: | emitting length of ISAKMP Proposal Payload: 72 Aug 26 13:21:50.523975: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' is 0 Aug 26 13:21:50.523977: | emitting length of ISAKMP Security Association Payload: 84 Aug 26 13:21:50.523979: | last substructure: checking 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' is 0 Aug 26 13:21:50.523981: | ***emit ISAKMP Nonce Payload: Aug 26 13:21:50.523983: | next payload type: ISAKMP_NEXT_KE (0x4) Aug 26 13:21:50.523985: | next payload chain: ignoring supplied 'ISAKMP Nonce Payload'.'next payload type' value 4:ISAKMP_NEXT_KE Aug 26 13:21:50.523987: | next payload chain: setting previous 'ISAKMP Security Association Payload'.'next payload type' to current ISAKMP Nonce Payload (10:ISAKMP_NEXT_NONCE) Aug 26 13:21:50.523989: | next payload chain: saving location 'ISAKMP Nonce Payload'.'next payload type' in 'reply packet' Aug 26 13:21:50.523991: | emitting 32 raw bytes of Ni into ISAKMP Nonce Payload Aug 26 13:21:50.523993: | Ni 2e dd 12 d5 a2 99 15 ae 68 63 64 ed 8c 7a 15 f6 Aug 26 13:21:50.523994: | Ni 71 bf ce 43 b1 d8 a4 25 d5 e4 23 e4 99 50 7a 14 Aug 26 13:21:50.523996: | emitting length of ISAKMP Nonce Payload: 36 Aug 26 13:21:50.523998: | ***emit ISAKMP Key Exchange Payload: Aug 26 13:21:50.524000: | next payload type: ISAKMP_NEXT_ID (0x5) Aug 26 13:21:50.524002: | next payload chain: ignoring supplied 'ISAKMP Key Exchange Payload'.'next payload type' value 5:ISAKMP_NEXT_ID Aug 26 13:21:50.524004: | next payload chain: setting previous 'ISAKMP Nonce Payload'.'next payload type' to current ISAKMP Key Exchange Payload (4:ISAKMP_NEXT_KE) Aug 26 13:21:50.524005: | next payload chain: saving location 'ISAKMP Key Exchange Payload'.'next payload type' in 'reply packet' Aug 26 13:21:50.524007: | emitting 256 raw bytes of keyex value into ISAKMP Key Exchange Payload Aug 26 13:21:50.524009: | keyex value fc 09 01 ae 6a 2d 6a 02 7b b9 82 78 94 42 75 5e Aug 26 13:21:50.524011: | keyex value cc 35 2f 53 9b bd 4e 5d b4 27 0b f6 d8 45 17 7e Aug 26 13:21:50.524012: | keyex value 68 0a 81 e0 9c 01 8d 84 7b aa 72 7c 59 b0 74 e9 Aug 26 13:21:50.524014: | keyex value 8e 87 b0 e7 56 08 72 93 e2 22 82 50 dc cc c8 cc Aug 26 13:21:50.524015: | keyex value 0b ec 5d 8f 9b 4f 91 b9 93 8d e9 eb c0 3b 63 e0 Aug 26 13:21:50.524018: | keyex value 8e 3d 9e ed ac 5b d1 4f 7a da 4a 8b a7 78 a0 59 Aug 26 13:21:50.524019: | keyex value fa 52 62 0e ea 92 25 49 ca 53 fd c8 1d 8a 3d 71 Aug 26 13:21:50.524021: | keyex value 0e cb 06 e0 b0 f2 cc 62 0f 9c 86 fd 24 00 92 d2 Aug 26 13:21:50.524022: | keyex value c5 dd 03 dd 25 e2 7f d9 bb 7c 51 e9 3d 5a 32 62 Aug 26 13:21:50.524024: | keyex value 66 d5 27 cc 64 33 ea 14 3c 00 43 26 69 c4 aa 4f Aug 26 13:21:50.524025: | keyex value 00 07 39 75 d7 b5 08 62 6a 1d 12 60 d4 09 83 2f Aug 26 13:21:50.524027: | keyex value 27 d5 ee ec 27 31 26 ac 3b 78 3c 51 d1 5e 0b 75 Aug 26 13:21:50.524028: | keyex value f7 18 92 53 be 32 b9 9f c4 33 ed 57 01 f4 a5 5a Aug 26 13:21:50.524030: | keyex value c7 a1 8a 37 3c 16 58 a6 94 8c 41 95 3a e4 94 40 Aug 26 13:21:50.524032: | keyex value 16 e5 54 17 f8 c7 21 5d e8 d2 fb f8 ed f2 5e 25 Aug 26 13:21:50.524033: | keyex value 9a 41 6b c3 ef 29 e8 9c 5c 60 11 43 67 6f b2 5c Aug 26 13:21:50.524035: | emitting length of ISAKMP Key Exchange Payload: 260 Aug 26 13:21:50.524037: | ***emit ISAKMP Identification Payload (IPsec DOI): Aug 26 13:21:50.524038: | next payload type: ISAKMP_NEXT_ID (0x5) Aug 26 13:21:50.524040: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Aug 26 13:21:50.524042: | Protocol ID: 0 (0x0) Aug 26 13:21:50.524043: | port: 0 (0x0) Aug 26 13:21:50.524045: | next payload chain: ignoring supplied 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' value 5:ISAKMP_NEXT_ID Aug 26 13:21:50.524047: | next payload chain: setting previous 'ISAKMP Key Exchange Payload'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) Aug 26 13:21:50.524049: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' Aug 26 13:21:50.524051: | emitting 4 raw bytes of client network into ISAKMP Identification Payload (IPsec DOI) Aug 26 13:21:50.524053: | client network c0 00 03 00 Aug 26 13:21:50.524055: | emitting 4 raw bytes of client mask into ISAKMP Identification Payload (IPsec DOI) Aug 26 13:21:50.524056: | client mask ff ff ff 00 Aug 26 13:21:50.524058: | emitting length of ISAKMP Identification Payload (IPsec DOI): 16 Aug 26 13:21:50.524059: | ***emit ISAKMP Identification Payload (IPsec DOI): Aug 26 13:21:50.524061: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:21:50.524063: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Aug 26 13:21:50.524064: | Protocol ID: 0 (0x0) Aug 26 13:21:50.524066: | port: 0 (0x0) Aug 26 13:21:50.524068: | next payload chain: setting previous 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) Aug 26 13:21:50.524070: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' Aug 26 13:21:50.524071: | emitting 4 raw bytes of client network into ISAKMP Identification Payload (IPsec DOI) Aug 26 13:21:50.524073: | client network c0 00 16 00 Aug 26 13:21:50.524075: | emitting 4 raw bytes of client mask into ISAKMP Identification Payload (IPsec DOI) Aug 26 13:21:50.524076: | client mask ff ff ff 00 Aug 26 13:21:50.524078: | emitting length of ISAKMP Identification Payload (IPsec DOI): 16 Aug 26 13:21:50.524100: | outI1 HASH(1): Aug 26 13:21:50.524103: | 06 fa f4 a1 af 71 53 b9 0a 62 16 9d e9 61 7e 68 Aug 26 13:21:50.524104: | 0d 59 cd 88 e7 0e 03 fb 5e 3c cc 36 5b 07 f5 9e Aug 26 13:21:50.524111: | no IKEv1 message padding required Aug 26 13:21:50.524113: | emitting length of ISAKMP Message: 476 Aug 26 13:21:50.524129: | sending 476 bytes for reply packet from quick_outI1 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #4) Aug 26 13:21:50.524131: | ff 46 30 fd 82 4a 54 6b d9 29 c1 51 cb 06 e4 0b Aug 26 13:21:50.524132: | 08 10 20 01 17 ff 60 cc 00 00 01 dc aa f2 c2 87 Aug 26 13:21:50.524134: | 63 4d 62 af 5c 4e f9 3c 2e 43 28 18 11 e3 58 72 Aug 26 13:21:50.524135: | ae 94 b1 01 a0 c5 7e fe 21 c8 e3 c5 af 34 2f f8 Aug 26 13:21:50.524138: | d7 71 d2 6d dc 35 34 08 45 c0 54 7f d0 f6 68 a3 Aug 26 13:21:50.524140: | e8 74 ed 16 69 45 5b f0 33 8e 51 a4 df 94 7c b1 Aug 26 13:21:50.524141: | 5e 49 51 2a a9 00 17 6b f6 86 bc 11 9d 05 00 96 Aug 26 13:21:50.524143: | e7 98 4a 4f 51 16 87 17 f9 71 1c df ce c3 88 4d Aug 26 13:21:50.524144: | fa 99 64 c0 9c ca ad a6 71 63 a1 e8 3b e8 e9 5c Aug 26 13:21:50.524146: | bd b2 5d 61 ec d5 ca 4e e1 47 5f 05 17 fd 09 e2 Aug 26 13:21:50.524147: | 3f 76 34 fe 77 ad 7a 9c d9 d4 49 5d 6c 3a ce ee Aug 26 13:21:50.524149: | 65 75 61 78 c0 e9 c0 da 61 3d 98 a6 c9 9a c2 bf Aug 26 13:21:50.524150: | 65 8e b6 26 f3 ef 4e 4d 9f 85 9d c0 79 05 7d 78 Aug 26 13:21:50.524152: | 8d 7c d3 e1 34 17 91 a2 cd fc 1a f4 ca af 5d 47 Aug 26 13:21:50.524153: | 19 b8 63 8b 2f c9 67 da 42 e9 fb 85 6d a6 72 a7 Aug 26 13:21:50.524155: | aa 13 82 fd 5b 43 5d 74 1f 63 90 53 83 ea 53 7a Aug 26 13:21:50.524156: | d3 36 21 42 7c 12 a5 3a 5b f5 c2 b3 dd 88 db 02 Aug 26 13:21:50.524158: | 57 6d a8 a4 f7 b0 fc c8 3d f7 15 b3 fe 85 6a 95 Aug 26 13:21:50.524159: | d9 e6 71 3e 8b 57 7d 89 2b e0 51 16 39 a3 51 37 Aug 26 13:21:50.524161: | 00 56 59 ac a5 2a d2 8e 89 4d 14 50 c7 78 09 86 Aug 26 13:21:50.524162: | f0 7e 87 6a 39 9d 85 b2 fa be d1 07 86 0c c9 79 Aug 26 13:21:50.524164: | fb 4b 4d a5 9a d5 0c 78 2b f8 3f 2a 29 c1 05 c3 Aug 26 13:21:50.524165: | ba 2a e9 a7 04 f7 ba 7c 75 ca 15 d2 49 b7 8d f1 Aug 26 13:21:50.524167: | 19 ac 02 26 35 13 af 2e 67 f6 83 19 a1 14 8e 2d Aug 26 13:21:50.524168: | 0a b9 a3 60 7f 03 02 55 85 4d a6 d0 08 96 78 45 Aug 26 13:21:50.524170: | 72 1b b4 fe 48 49 f4 c9 4c e6 8e 6c 73 e6 41 ad Aug 26 13:21:50.524171: | 0c f8 f7 2c 6b fa 48 ae 01 b5 96 50 e5 92 0f 47 Aug 26 13:21:50.524173: | 99 55 e8 9d e2 b4 c0 0e ac 25 08 ac 0d f1 e5 90 Aug 26 13:21:50.524174: | 48 33 86 c7 4b 8c 41 19 21 24 a4 f0 13 3a b1 27 Aug 26 13:21:50.524176: | fd a1 3f d0 13 2d 38 59 c8 1d ee b2 Aug 26 13:21:50.524185: ERROR: "north-dpd/0x2" #4: sendto on eth1 to 192.1.2.23:500 failed in reply packet from quick_outI1. Errno 113: No route to host Aug 26 13:21:50.524187: | state #4 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:21:50.524190: | libevent_free: release ptr-libevent@0x5649f9aca388 Aug 26 13:21:50.524192: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f83c0002b78 Aug 26 13:21:50.524194: | event_schedule: new EVENT_RETRANSMIT-pe@0x7f83c0002b78 Aug 26 13:21:50.524197: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #4 Aug 26 13:21:50.524199: | libevent_malloc: new ptr-libevent@0x5649f9ab60f8 size 128 Aug 26 13:21:50.524202: | #4 STATE_QUICK_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 10996.266661 Aug 26 13:21:50.524205: | resume sending helper answer for #4 suppresed complete_v1_state_transition() Aug 26 13:21:50.524208: | #4 spent 0.431 milliseconds in resume sending helper answer Aug 26 13:21:50.524211: | stop processing: state #4 connection "north-dpd/0x2" from 192.1.2.23 (in resume_handler() at server.c:833) Aug 26 13:21:50.524213: | libevent_free: release ptr-libevent@0x7f83ac002888 Aug 26 13:21:50.524215: | processing resume sending helper answer for #5 Aug 26 13:21:50.524218: | start processing: state #5 connection "north-dpd/0x1" from 192.1.2.23 (in resume_handler() at server.c:797) Aug 26 13:21:50.524220: | crypto helper 0 replies to request ID 8 Aug 26 13:21:50.524222: | calling continuation function 0x5649f7dc5b50 Aug 26 13:21:50.524223: | quick_outI1_continue for #5: calculated ke+nonce, sending I1 Aug 26 13:21:50.524226: | **emit ISAKMP Message: Aug 26 13:21:50.524228: | initiator cookie: Aug 26 13:21:50.524230: | ff 46 30 fd 82 4a 54 6b Aug 26 13:21:50.524231: | responder cookie: Aug 26 13:21:50.524233: | d9 29 c1 51 cb 06 e4 0b Aug 26 13:21:50.524234: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:21:50.524236: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 13:21:50.524239: | exchange type: ISAKMP_XCHG_QUICK (0x20) Aug 26 13:21:50.524241: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 13:21:50.524243: | Message ID: 2099276581 (0x7d206b25) Aug 26 13:21:50.524244: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:21:50.524246: | ***emit ISAKMP Hash Payload: Aug 26 13:21:50.524248: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:21:50.524250: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Aug 26 13:21:50.524252: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'reply packet' Aug 26 13:21:50.524254: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Aug 26 13:21:50.524255: | emitting length of ISAKMP Hash Payload: 36 Aug 26 13:21:50.524257: | emitting quick defaults using policy none Aug 26 13:21:50.524259: | empty esp_info, returning defaults for ENCRYPT Aug 26 13:21:50.524261: | ***emit ISAKMP Security Association Payload: Aug 26 13:21:50.524262: | next payload type: ISAKMP_NEXT_NONCE (0xa) Aug 26 13:21:50.524264: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 13:21:50.524266: | next payload chain: ignoring supplied 'ISAKMP Security Association Payload'.'next payload type' value 10:ISAKMP_NEXT_NONCE Aug 26 13:21:50.524268: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Security Association Payload (1:ISAKMP_NEXT_SA) Aug 26 13:21:50.524270: | next payload chain: saving location 'ISAKMP Security Association Payload'.'next payload type' in 'reply packet' Aug 26 13:21:50.524271: | ****emit IPsec DOI SIT: Aug 26 13:21:50.524273: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) Aug 26 13:21:50.524275: | ikev1_out_sa pcn: 0 has 1 valid proposals Aug 26 13:21:50.524276: | ikev1_out_sa pcn: 0 pn: 0<1 valid_count: 1 trans_cnt: 2 Aug 26 13:21:50.524278: | ****emit ISAKMP Proposal Payload: Aug 26 13:21:50.524280: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:21:50.524281: | proposal number: 0 (0x0) Aug 26 13:21:50.524283: | protocol ID: PROTO_IPSEC_ESP (0x3) Aug 26 13:21:50.524284: | SPI size: 4 (0x4) Aug 26 13:21:50.524286: | number of transforms: 2 (0x2) Aug 26 13:21:50.524293: | last substructure: saving location 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' Aug 26 13:21:50.524304: | netlink_get_spi: allocated 0xaad72ba6 for esp.0@192.1.3.33 Aug 26 13:21:50.524324: | emitting 4 raw bytes of SPI into ISAKMP Proposal Payload Aug 26 13:21:50.524326: | SPI aa d7 2b a6 Aug 26 13:21:50.524327: | *****emit ISAKMP Transform Payload (ESP): Aug 26 13:21:50.524329: | next payload type: ISAKMP_NEXT_T (0x3) Aug 26 13:21:50.524344: | ESP transform number: 0 (0x0) Aug 26 13:21:50.524346: | ESP transform ID: ESP_AES (0xc) Aug 26 13:21:50.524348: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' Aug 26 13:21:50.524350: | ******emit ISAKMP IPsec DOI attribute: Aug 26 13:21:50.524352: | af+type: AF+GROUP_DESCRIPTION (0x8003) Aug 26 13:21:50.524353: | length/value: 14 (0xe) Aug 26 13:21:50.524355: | [14 is OAKLEY_GROUP_MODP2048] Aug 26 13:21:50.524357: | ******emit ISAKMP IPsec DOI attribute: Aug 26 13:21:50.524371: | af+type: AF+ENCAPSULATION_MODE (0x8004) Aug 26 13:21:50.524372: | length/value: 1 (0x1) Aug 26 13:21:50.524374: | [1 is ENCAPSULATION_MODE_TUNNEL] Aug 26 13:21:50.524376: | ******emit ISAKMP IPsec DOI attribute: Aug 26 13:21:50.524377: | af+type: AF+SA_LIFE_TYPE (0x8001) Aug 26 13:21:50.524379: | length/value: 1 (0x1) Aug 26 13:21:50.524380: | [1 is SA_LIFE_TYPE_SECONDS] Aug 26 13:21:50.524382: | ******emit ISAKMP IPsec DOI attribute: Aug 26 13:21:50.524383: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) Aug 26 13:21:50.524385: | length/value: 28800 (0x7080) Aug 26 13:21:50.524386: | ******emit ISAKMP IPsec DOI attribute: Aug 26 13:21:50.524388: | af+type: AF+AUTH_ALGORITHM (0x8005) Aug 26 13:21:50.524391: | length/value: 2 (0x2) Aug 26 13:21:50.524392: | [2 is AUTH_ALGORITHM_HMAC_SHA1] Aug 26 13:21:50.524394: | ******emit ISAKMP IPsec DOI attribute: Aug 26 13:21:50.524396: | af+type: AF+KEY_LENGTH (0x8006) Aug 26 13:21:50.524397: | length/value: 128 (0x80) Aug 26 13:21:50.524399: | emitting length of ISAKMP Transform Payload (ESP): 32 Aug 26 13:21:50.524400: | *****emit ISAKMP Transform Payload (ESP): Aug 26 13:21:50.524402: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:21:50.524403: | ESP transform number: 1 (0x1) Aug 26 13:21:50.524405: | ESP transform ID: ESP_3DES (0x3) Aug 26 13:21:50.524407: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Aug 26 13:21:50.524409: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' Aug 26 13:21:50.524410: | ******emit ISAKMP IPsec DOI attribute: Aug 26 13:21:50.524412: | af+type: AF+GROUP_DESCRIPTION (0x8003) Aug 26 13:21:50.524413: | length/value: 14 (0xe) Aug 26 13:21:50.524415: | [14 is OAKLEY_GROUP_MODP2048] Aug 26 13:21:50.524416: | ******emit ISAKMP IPsec DOI attribute: Aug 26 13:21:50.524418: | af+type: AF+ENCAPSULATION_MODE (0x8004) Aug 26 13:21:50.524419: | length/value: 1 (0x1) Aug 26 13:21:50.524421: | [1 is ENCAPSULATION_MODE_TUNNEL] Aug 26 13:21:50.524422: | ******emit ISAKMP IPsec DOI attribute: Aug 26 13:21:50.524424: | af+type: AF+SA_LIFE_TYPE (0x8001) Aug 26 13:21:50.524425: | length/value: 1 (0x1) Aug 26 13:21:50.524427: | [1 is SA_LIFE_TYPE_SECONDS] Aug 26 13:21:50.524429: | ******emit ISAKMP IPsec DOI attribute: Aug 26 13:21:50.524430: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) Aug 26 13:21:50.524432: | length/value: 28800 (0x7080) Aug 26 13:21:50.524433: | ******emit ISAKMP IPsec DOI attribute: Aug 26 13:21:50.524435: | af+type: AF+AUTH_ALGORITHM (0x8005) Aug 26 13:21:50.524436: | length/value: 2 (0x2) Aug 26 13:21:50.524438: | [2 is AUTH_ALGORITHM_HMAC_SHA1] Aug 26 13:21:50.524439: | emitting length of ISAKMP Transform Payload (ESP): 28 Aug 26 13:21:50.524441: | emitting length of ISAKMP Proposal Payload: 72 Aug 26 13:21:50.524443: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' is 0 Aug 26 13:21:50.524444: | emitting length of ISAKMP Security Association Payload: 84 Aug 26 13:21:50.524446: | last substructure: checking 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' is 0 Aug 26 13:21:50.524448: | ***emit ISAKMP Nonce Payload: Aug 26 13:21:50.524450: | next payload type: ISAKMP_NEXT_KE (0x4) Aug 26 13:21:50.524451: | next payload chain: ignoring supplied 'ISAKMP Nonce Payload'.'next payload type' value 4:ISAKMP_NEXT_KE Aug 26 13:21:50.524453: | next payload chain: setting previous 'ISAKMP Security Association Payload'.'next payload type' to current ISAKMP Nonce Payload (10:ISAKMP_NEXT_NONCE) Aug 26 13:21:50.524455: | next payload chain: saving location 'ISAKMP Nonce Payload'.'next payload type' in 'reply packet' Aug 26 13:21:50.524457: | emitting 32 raw bytes of Ni into ISAKMP Nonce Payload Aug 26 13:21:50.524459: | Ni a4 72 35 8e 0c c3 14 7a 43 12 6c 78 c0 77 18 70 Aug 26 13:21:50.524460: | Ni ca f5 a8 09 62 b1 5f ec a1 16 37 dc fd 24 90 26 Aug 26 13:21:50.524462: | emitting length of ISAKMP Nonce Payload: 36 Aug 26 13:21:50.524463: | ***emit ISAKMP Key Exchange Payload: Aug 26 13:21:50.524465: | next payload type: ISAKMP_NEXT_ID (0x5) Aug 26 13:21:50.524467: | next payload chain: ignoring supplied 'ISAKMP Key Exchange Payload'.'next payload type' value 5:ISAKMP_NEXT_ID Aug 26 13:21:50.524469: | next payload chain: setting previous 'ISAKMP Nonce Payload'.'next payload type' to current ISAKMP Key Exchange Payload (4:ISAKMP_NEXT_KE) Aug 26 13:21:50.524471: | next payload chain: saving location 'ISAKMP Key Exchange Payload'.'next payload type' in 'reply packet' Aug 26 13:21:50.524473: | emitting 256 raw bytes of keyex value into ISAKMP Key Exchange Payload Aug 26 13:21:50.524475: | keyex value bb 5c b0 c9 90 84 c4 df 46 58 b4 bc 54 35 74 a5 Aug 26 13:21:50.524476: | keyex value f5 d5 9c 68 d5 70 c2 c7 e9 a6 b8 92 d2 90 a6 31 Aug 26 13:21:50.524478: | keyex value c3 ab 2a b7 9b c0 7a ae 9d 9f 94 e5 d1 81 9d 9b Aug 26 13:21:50.524479: | keyex value 88 8a b0 2e b3 ca aa e4 15 5e fb b2 b5 c9 d1 0d Aug 26 13:21:50.524481: | keyex value 6d 1d 17 44 c5 c0 65 fa d4 f5 ee ec 7a 61 8a 5e Aug 26 13:21:50.524482: | keyex value 72 ac 6c 72 19 d2 c4 63 12 2f 31 0b 71 3d 74 62 Aug 26 13:21:50.524484: | keyex value 18 c7 44 38 82 d5 d8 e0 e5 89 9b da f1 33 04 f4 Aug 26 13:21:50.524485: | keyex value 38 ad ae b0 c4 a6 5d 9e 07 2b de 1e 9f 2b d9 b4 Aug 26 13:21:50.524487: | keyex value 53 b6 47 40 07 52 63 b7 0f 0f b9 96 e4 2c 6b 33 Aug 26 13:21:50.524488: | keyex value e6 d0 30 7d 27 4c b6 05 6a 5d 89 b9 27 cf 65 27 Aug 26 13:21:50.524490: | keyex value cb 93 0f 9a 6e ec b2 0a 83 1c 20 b4 67 ae 96 74 Aug 26 13:21:50.524491: | keyex value 03 a3 ae ff 49 48 a5 44 5f 62 a4 8e 15 38 e0 31 Aug 26 13:21:50.524493: | keyex value d9 f9 eb 56 d1 8e 04 24 12 93 4f 3b 85 db 9d 8c Aug 26 13:21:50.524494: | keyex value 25 65 14 54 73 72 aa f9 8b 82 c4 0b 2f d6 68 9f Aug 26 13:21:50.524496: | keyex value 6b f6 21 71 50 c6 51 ca 94 83 e0 91 15 59 49 12 Aug 26 13:21:50.524497: | keyex value 93 44 79 22 d6 e0 de 8c 39 12 0b fa ef 68 99 87 Aug 26 13:21:50.524499: | emitting length of ISAKMP Key Exchange Payload: 260 Aug 26 13:21:50.524501: | ***emit ISAKMP Identification Payload (IPsec DOI): Aug 26 13:21:50.524502: | next payload type: ISAKMP_NEXT_ID (0x5) Aug 26 13:21:50.524504: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Aug 26 13:21:50.524505: | Protocol ID: 0 (0x0) Aug 26 13:21:50.524507: | port: 0 (0x0) Aug 26 13:21:50.524509: | next payload chain: ignoring supplied 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' value 5:ISAKMP_NEXT_ID Aug 26 13:21:50.524511: | next payload chain: setting previous 'ISAKMP Key Exchange Payload'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) Aug 26 13:21:50.524512: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' Aug 26 13:21:50.524514: | emitting 4 raw bytes of client network into ISAKMP Identification Payload (IPsec DOI) Aug 26 13:21:50.524516: | client network c0 00 03 00 Aug 26 13:21:50.524518: | emitting 4 raw bytes of client mask into ISAKMP Identification Payload (IPsec DOI) Aug 26 13:21:50.524519: | client mask ff ff ff 00 Aug 26 13:21:50.524521: | emitting length of ISAKMP Identification Payload (IPsec DOI): 16 Aug 26 13:21:50.524522: | ***emit ISAKMP Identification Payload (IPsec DOI): Aug 26 13:21:50.524524: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:21:50.524525: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Aug 26 13:21:50.524527: | Protocol ID: 0 (0x0) Aug 26 13:21:50.524528: | port: 0 (0x0) Aug 26 13:21:50.524530: | next payload chain: setting previous 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) Aug 26 13:21:50.524532: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' Aug 26 13:21:50.524534: | emitting 4 raw bytes of client network into ISAKMP Identification Payload (IPsec DOI) Aug 26 13:21:50.524535: | client network c0 00 02 00 Aug 26 13:21:50.524537: | emitting 4 raw bytes of client mask into ISAKMP Identification Payload (IPsec DOI) Aug 26 13:21:50.524538: | client mask ff ff ff 00 Aug 26 13:21:50.524540: | emitting length of ISAKMP Identification Payload (IPsec DOI): 16 Aug 26 13:21:50.524553: | outI1 HASH(1): Aug 26 13:21:50.524555: | d6 9f ec b5 34 30 97 1d cc 56 fa 2c 89 db cd 9a Aug 26 13:21:50.524557: | 54 7b 53 8f 8b 36 04 da be d6 f8 06 3e 8d 8c a3 Aug 26 13:21:50.524562: | no IKEv1 message padding required Aug 26 13:21:50.524564: | emitting length of ISAKMP Message: 476 Aug 26 13:21:50.524572: | sending 476 bytes for reply packet from quick_outI1 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #5) Aug 26 13:21:50.524574: | ff 46 30 fd 82 4a 54 6b d9 29 c1 51 cb 06 e4 0b Aug 26 13:21:50.524576: | 08 10 20 01 7d 20 6b 25 00 00 01 dc 06 da 19 89 Aug 26 13:21:50.524577: | 8a a9 73 2c 98 64 09 8e 3d 35 41 39 89 5a 06 99 Aug 26 13:21:50.524579: | b9 cf 99 2e b9 dc 87 6f e0 6c 86 d3 61 5b 0c 30 Aug 26 13:21:50.524580: | 7a 0b 3c 1a de 14 8b 23 eb d7 be 3e 19 dc ba e6 Aug 26 13:21:50.524581: | 1a 88 cd 3f fb 47 b9 ba 7a 1e 38 4a ff eb 10 ba Aug 26 13:21:50.524583: | 1e 7b 51 89 f0 b4 1b 9f 4d 55 52 5a d6 5b 7f 28 Aug 26 13:21:50.524584: | 18 0e ef c0 8b 3d 52 95 80 aa 1e a4 57 71 f4 4f Aug 26 13:21:50.524586: | 52 53 2b 59 7a 8a 25 c9 44 df 7c 4c 8e 4f 93 8f Aug 26 13:21:50.524587: | cf 98 54 bb 0c ce ce bc c7 fa c9 5e 21 dc b2 34 Aug 26 13:21:50.524589: | 22 ca 14 84 84 38 d1 42 ae ea d9 7a 51 99 dd e2 Aug 26 13:21:50.524590: | 48 d0 47 e0 a8 41 db c7 0b 76 70 ce c2 6c 6d 10 Aug 26 13:21:50.524592: | e8 07 4c ce 8c 4a a1 13 34 f3 55 2c 94 d1 3a eb Aug 26 13:21:50.524593: | bb 10 c2 bc b0 f2 41 00 f4 40 fb 25 c0 37 fc fe Aug 26 13:21:50.524595: | a3 be ad 88 e9 ef 44 12 bc b1 c8 0a d2 e0 79 e9 Aug 26 13:21:50.524596: | 7f ec 40 6c a9 a4 56 95 e8 02 cd 6c c1 ad d7 e2 Aug 26 13:21:50.524597: | 6b a0 29 48 2e 7c cc e6 55 b0 ac ee 47 6c a1 92 Aug 26 13:21:50.524599: | 32 79 ca 7e 39 53 c4 50 64 65 65 43 19 9a 7e 71 Aug 26 13:21:50.524600: | 9d 77 19 d7 11 34 9f 3e c4 96 b5 e7 ac d0 07 c7 Aug 26 13:21:50.524602: | b9 3e c0 7e a3 9b 01 f5 b7 2d ee 27 c6 9a e6 b9 Aug 26 13:21:50.524603: | 50 77 67 09 de 58 eb 77 b5 39 e4 7c 37 ff 34 05 Aug 26 13:21:50.524605: | e3 a2 3b 9e b3 74 1b 39 4b 02 25 cf 27 29 cc 35 Aug 26 13:21:50.524606: | 09 1e 53 36 e6 ac f5 61 9d 67 8d 66 b7 4c 07 c7 Aug 26 13:21:50.524608: | 84 37 4b 97 96 0f 9f d9 fb 91 70 de 96 80 52 a9 Aug 26 13:21:50.524609: | 4a 02 48 62 9f 10 51 31 7e a0 4f 67 db aa af 32 Aug 26 13:21:50.524611: | 8f e8 ec 00 0f e8 0f 85 21 36 fb 48 d5 2d a2 5d Aug 26 13:21:50.524612: | 3f 9f f2 67 8a 10 20 b8 e7 76 77 6d 9d b2 c7 81 Aug 26 13:21:50.524614: | 91 9d 38 88 c5 e0 34 4e 5f f6 77 fd e8 dd 9b c9 Aug 26 13:21:50.524615: | 27 eb 56 fa fa 18 fc ef 8b 10 7a c5 93 1c c7 81 Aug 26 13:21:50.524616: | a7 49 13 1c 56 64 a3 f6 e6 d7 42 55 Aug 26 13:21:50.524622: ERROR: "north-dpd/0x1" #5: sendto on eth1 to 192.1.2.23:500 failed in reply packet from quick_outI1. Errno 113: No route to host Aug 26 13:21:50.524624: | state #5 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:21:50.524626: | libevent_free: release ptr-libevent@0x5649f9ada878 Aug 26 13:21:50.524628: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x5649f9ab9998 Aug 26 13:21:50.524630: | event_schedule: new EVENT_RETRANSMIT-pe@0x5649f9ab9998 Aug 26 13:21:50.524632: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #5 Aug 26 13:21:50.524634: | libevent_malloc: new ptr-libevent@0x7f83ac002888 size 128 Aug 26 13:21:50.524637: | #5 STATE_QUICK_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 10996.267097 Aug 26 13:21:50.524639: | resume sending helper answer for #5 suppresed complete_v1_state_transition() Aug 26 13:21:50.524643: | #5 spent 0.418 milliseconds in resume sending helper answer Aug 26 13:21:50.524646: | stop processing: state #5 connection "north-dpd/0x1" from 192.1.2.23 (in resume_handler() at server.c:833) Aug 26 13:21:50.524647: | libevent_free: release ptr-libevent@0x7f83c00072f8 Aug 26 13:21:51.025196: | timer_event_cb: processing event@0x7f83c0002b78 Aug 26 13:21:51.025211: | handling event EVENT_RETRANSMIT for child state #4 Aug 26 13:21:51.025218: | start processing: state #4 connection "north-dpd/0x2" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 13:21:51.025224: | IKEv1 retransmit event Aug 26 13:21:51.025228: | [RE]START processing: state #4 connection "north-dpd/0x2" from 192.1.2.23 (in retransmit_v1_msg() at retry.c:61) Aug 26 13:21:51.025232: | handling event EVENT_RETRANSMIT for 192.1.2.23 "north-dpd/0x2" #4 keying attempt 1 of 0; retransmit 1 Aug 26 13:21:51.025237: | retransmits: current time 10996.767701; retransmit count 0 exceeds limit? NO; deltatime 0.5 exceeds limit? NO; monotime 0.50104 exceeds limit? NO Aug 26 13:21:51.025240: | event_schedule: new EVENT_RETRANSMIT-pe@0x7f83ac002b78 Aug 26 13:21:51.025243: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #4 Aug 26 13:21:51.025246: | libevent_malloc: new ptr-libevent@0x7f83c00072f8 size 128 Aug 26 13:21:51.025250: "north-dpd/0x2" #4: STATE_QUICK_I1: retransmission; will wait 0.5 seconds for response Aug 26 13:21:51.025255: | sending 476 bytes for EVENT_RETRANSMIT through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #4) Aug 26 13:21:51.025257: | ff 46 30 fd 82 4a 54 6b d9 29 c1 51 cb 06 e4 0b Aug 26 13:21:51.025259: | 08 10 20 01 17 ff 60 cc 00 00 01 dc aa f2 c2 87 Aug 26 13:21:51.025261: | 63 4d 62 af 5c 4e f9 3c 2e 43 28 18 11 e3 58 72 Aug 26 13:21:51.025262: | ae 94 b1 01 a0 c5 7e fe 21 c8 e3 c5 af 34 2f f8 Aug 26 13:21:51.025264: | d7 71 d2 6d dc 35 34 08 45 c0 54 7f d0 f6 68 a3 Aug 26 13:21:51.025266: | e8 74 ed 16 69 45 5b f0 33 8e 51 a4 df 94 7c b1 Aug 26 13:21:51.025267: | 5e 49 51 2a a9 00 17 6b f6 86 bc 11 9d 05 00 96 Aug 26 13:21:51.025269: | e7 98 4a 4f 51 16 87 17 f9 71 1c df ce c3 88 4d Aug 26 13:21:51.025271: | fa 99 64 c0 9c ca ad a6 71 63 a1 e8 3b e8 e9 5c Aug 26 13:21:51.025273: | bd b2 5d 61 ec d5 ca 4e e1 47 5f 05 17 fd 09 e2 Aug 26 13:21:51.025274: | 3f 76 34 fe 77 ad 7a 9c d9 d4 49 5d 6c 3a ce ee Aug 26 13:21:51.025276: | 65 75 61 78 c0 e9 c0 da 61 3d 98 a6 c9 9a c2 bf Aug 26 13:21:51.025278: | 65 8e b6 26 f3 ef 4e 4d 9f 85 9d c0 79 05 7d 78 Aug 26 13:21:51.025279: | 8d 7c d3 e1 34 17 91 a2 cd fc 1a f4 ca af 5d 47 Aug 26 13:21:51.025281: | 19 b8 63 8b 2f c9 67 da 42 e9 fb 85 6d a6 72 a7 Aug 26 13:21:51.025283: | aa 13 82 fd 5b 43 5d 74 1f 63 90 53 83 ea 53 7a Aug 26 13:21:51.025284: | d3 36 21 42 7c 12 a5 3a 5b f5 c2 b3 dd 88 db 02 Aug 26 13:21:51.025286: | 57 6d a8 a4 f7 b0 fc c8 3d f7 15 b3 fe 85 6a 95 Aug 26 13:21:51.025292: | d9 e6 71 3e 8b 57 7d 89 2b e0 51 16 39 a3 51 37 Aug 26 13:21:51.025297: | 00 56 59 ac a5 2a d2 8e 89 4d 14 50 c7 78 09 86 Aug 26 13:21:51.025300: | f0 7e 87 6a 39 9d 85 b2 fa be d1 07 86 0c c9 79 Aug 26 13:21:51.025301: | fb 4b 4d a5 9a d5 0c 78 2b f8 3f 2a 29 c1 05 c3 Aug 26 13:21:51.025303: | ba 2a e9 a7 04 f7 ba 7c 75 ca 15 d2 49 b7 8d f1 Aug 26 13:21:51.025305: | 19 ac 02 26 35 13 af 2e 67 f6 83 19 a1 14 8e 2d Aug 26 13:21:51.025306: | 0a b9 a3 60 7f 03 02 55 85 4d a6 d0 08 96 78 45 Aug 26 13:21:51.025308: | 72 1b b4 fe 48 49 f4 c9 4c e6 8e 6c 73 e6 41 ad Aug 26 13:21:51.025310: | 0c f8 f7 2c 6b fa 48 ae 01 b5 96 50 e5 92 0f 47 Aug 26 13:21:51.025311: | 99 55 e8 9d e2 b4 c0 0e ac 25 08 ac 0d f1 e5 90 Aug 26 13:21:51.025313: | 48 33 86 c7 4b 8c 41 19 21 24 a4 f0 13 3a b1 27 Aug 26 13:21:51.025315: | fd a1 3f d0 13 2d 38 59 c8 1d ee b2 Aug 26 13:21:51.025326: ERROR: "north-dpd/0x2" #4: sendto on eth1 to 192.1.2.23:500 failed in EVENT_RETRANSMIT. Errno 113: No route to host Aug 26 13:21:51.025330: | libevent_free: release ptr-libevent@0x5649f9ab60f8 Aug 26 13:21:51.025332: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f83c0002b78 Aug 26 13:21:51.025338: | #4 spent 0.14 milliseconds in timer_event_cb() EVENT_RETRANSMIT Aug 26 13:21:51.025341: | stop processing: state #4 connection "north-dpd/0x2" from 192.1.2.23 (in timer_event_cb() at timer.c:557) Aug 26 13:21:51.025344: | timer_event_cb: processing event@0x5649f9ab9998 Aug 26 13:21:51.025346: | handling event EVENT_RETRANSMIT for child state #5 Aug 26 13:21:51.025350: | start processing: state #5 connection "north-dpd/0x1" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 13:21:51.025354: | IKEv1 retransmit event Aug 26 13:21:51.025357: | [RE]START processing: state #5 connection "north-dpd/0x1" from 192.1.2.23 (in retransmit_v1_msg() at retry.c:61) Aug 26 13:21:51.025360: | handling event EVENT_RETRANSMIT for 192.1.2.23 "north-dpd/0x1" #5 keying attempt 1 of 0; retransmit 1 Aug 26 13:21:51.025364: | retransmits: current time 10996.767829; retransmit count 0 exceeds limit? NO; deltatime 0.5 exceeds limit? NO; monotime 0.500732 exceeds limit? NO Aug 26 13:21:51.025366: | event_schedule: new EVENT_RETRANSMIT-pe@0x7f83c0002b78 Aug 26 13:21:51.025368: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #5 Aug 26 13:21:51.025370: | libevent_malloc: new ptr-libevent@0x5649f9ab60f8 size 128 Aug 26 13:21:51.025373: "north-dpd/0x1" #5: STATE_QUICK_I1: retransmission; will wait 0.5 seconds for response Aug 26 13:21:51.025376: | sending 476 bytes for EVENT_RETRANSMIT through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #5) Aug 26 13:21:51.025378: | ff 46 30 fd 82 4a 54 6b d9 29 c1 51 cb 06 e4 0b Aug 26 13:21:51.025380: | 08 10 20 01 7d 20 6b 25 00 00 01 dc 06 da 19 89 Aug 26 13:21:51.025382: | 8a a9 73 2c 98 64 09 8e 3d 35 41 39 89 5a 06 99 Aug 26 13:21:51.025383: | b9 cf 99 2e b9 dc 87 6f e0 6c 86 d3 61 5b 0c 30 Aug 26 13:21:51.025385: | 7a 0b 3c 1a de 14 8b 23 eb d7 be 3e 19 dc ba e6 Aug 26 13:21:51.025387: | 1a 88 cd 3f fb 47 b9 ba 7a 1e 38 4a ff eb 10 ba Aug 26 13:21:51.025388: | 1e 7b 51 89 f0 b4 1b 9f 4d 55 52 5a d6 5b 7f 28 Aug 26 13:21:51.025390: | 18 0e ef c0 8b 3d 52 95 80 aa 1e a4 57 71 f4 4f Aug 26 13:21:51.025392: | 52 53 2b 59 7a 8a 25 c9 44 df 7c 4c 8e 4f 93 8f Aug 26 13:21:51.025393: | cf 98 54 bb 0c ce ce bc c7 fa c9 5e 21 dc b2 34 Aug 26 13:21:51.025395: | 22 ca 14 84 84 38 d1 42 ae ea d9 7a 51 99 dd e2 Aug 26 13:21:51.025397: | 48 d0 47 e0 a8 41 db c7 0b 76 70 ce c2 6c 6d 10 Aug 26 13:21:51.025398: | e8 07 4c ce 8c 4a a1 13 34 f3 55 2c 94 d1 3a eb Aug 26 13:21:51.025400: | bb 10 c2 bc b0 f2 41 00 f4 40 fb 25 c0 37 fc fe Aug 26 13:21:51.025402: | a3 be ad 88 e9 ef 44 12 bc b1 c8 0a d2 e0 79 e9 Aug 26 13:21:51.025403: | 7f ec 40 6c a9 a4 56 95 e8 02 cd 6c c1 ad d7 e2 Aug 26 13:21:51.025405: | 6b a0 29 48 2e 7c cc e6 55 b0 ac ee 47 6c a1 92 Aug 26 13:21:51.025407: | 32 79 ca 7e 39 53 c4 50 64 65 65 43 19 9a 7e 71 Aug 26 13:21:51.025408: | 9d 77 19 d7 11 34 9f 3e c4 96 b5 e7 ac d0 07 c7 Aug 26 13:21:51.025410: | b9 3e c0 7e a3 9b 01 f5 b7 2d ee 27 c6 9a e6 b9 Aug 26 13:21:51.025412: | 50 77 67 09 de 58 eb 77 b5 39 e4 7c 37 ff 34 05 Aug 26 13:21:51.025414: | e3 a2 3b 9e b3 74 1b 39 4b 02 25 cf 27 29 cc 35 Aug 26 13:21:51.025415: | 09 1e 53 36 e6 ac f5 61 9d 67 8d 66 b7 4c 07 c7 Aug 26 13:21:51.025417: | 84 37 4b 97 96 0f 9f d9 fb 91 70 de 96 80 52 a9 Aug 26 13:21:51.025419: | 4a 02 48 62 9f 10 51 31 7e a0 4f 67 db aa af 32 Aug 26 13:21:51.025420: | 8f e8 ec 00 0f e8 0f 85 21 36 fb 48 d5 2d a2 5d Aug 26 13:21:51.025422: | 3f 9f f2 67 8a 10 20 b8 e7 76 77 6d 9d b2 c7 81 Aug 26 13:21:51.025424: | 91 9d 38 88 c5 e0 34 4e 5f f6 77 fd e8 dd 9b c9 Aug 26 13:21:51.025425: | 27 eb 56 fa fa 18 fc ef 8b 10 7a c5 93 1c c7 81 Aug 26 13:21:51.025427: | a7 49 13 1c 56 64 a3 f6 e6 d7 42 55 Aug 26 13:21:51.025432: ERROR: "north-dpd/0x1" #5: sendto on eth1 to 192.1.2.23:500 failed in EVENT_RETRANSMIT. Errno 113: No route to host Aug 26 13:21:51.025434: | libevent_free: release ptr-libevent@0x7f83ac002888 Aug 26 13:21:51.025436: | free_event_entry: release EVENT_RETRANSMIT-pe@0x5649f9ab9998 Aug 26 13:21:51.025439: | #5 spent 0.0942 milliseconds in timer_event_cb() EVENT_RETRANSMIT Aug 26 13:21:51.025442: | stop processing: state #5 connection "north-dpd/0x1" from 192.1.2.23 (in timer_event_cb() at timer.c:557) Aug 26 13:21:51.526036: | timer_event_cb: processing event@0x7f83ac002b78 Aug 26 13:21:51.526086: | handling event EVENT_RETRANSMIT for child state #4 Aug 26 13:21:51.526122: | start processing: state #4 connection "north-dpd/0x2" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 13:21:51.526135: | IKEv1 retransmit event Aug 26 13:21:51.526150: | [RE]START processing: state #4 connection "north-dpd/0x2" from 192.1.2.23 (in retransmit_v1_msg() at retry.c:61) Aug 26 13:21:51.526165: | handling event EVENT_RETRANSMIT for 192.1.2.23 "north-dpd/0x2" #4 keying attempt 1 of 0; retransmit 2 Aug 26 13:21:51.526185: | retransmits: current time 10997.268641; retransmit count 1 exceeds limit? NO; deltatime 1 exceeds limit? NO; monotime 1.00198 exceeds limit? NO Aug 26 13:21:51.526196: | event_schedule: new EVENT_RETRANSMIT-pe@0x5649f9ab9998 Aug 26 13:21:51.526209: | inserting event EVENT_RETRANSMIT, timeout in 1 seconds for #4 Aug 26 13:21:51.526220: | libevent_malloc: new ptr-libevent@0x7f83ac002888 size 128 Aug 26 13:21:51.526233: "north-dpd/0x2" #4: STATE_QUICK_I1: retransmission; will wait 1 seconds for response Aug 26 13:21:51.526252: | sending 476 bytes for EVENT_RETRANSMIT through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #4) Aug 26 13:21:51.526262: | ff 46 30 fd 82 4a 54 6b d9 29 c1 51 cb 06 e4 0b Aug 26 13:21:51.526270: | 08 10 20 01 17 ff 60 cc 00 00 01 dc aa f2 c2 87 Aug 26 13:21:51.526277: | 63 4d 62 af 5c 4e f9 3c 2e 43 28 18 11 e3 58 72 Aug 26 13:21:51.526285: | ae 94 b1 01 a0 c5 7e fe 21 c8 e3 c5 af 34 2f f8 Aug 26 13:21:51.526319: | d7 71 d2 6d dc 35 34 08 45 c0 54 7f d0 f6 68 a3 Aug 26 13:21:51.526329: | e8 74 ed 16 69 45 5b f0 33 8e 51 a4 df 94 7c b1 Aug 26 13:21:51.526336: | 5e 49 51 2a a9 00 17 6b f6 86 bc 11 9d 05 00 96 Aug 26 13:21:51.526344: | e7 98 4a 4f 51 16 87 17 f9 71 1c df ce c3 88 4d Aug 26 13:21:51.526351: | fa 99 64 c0 9c ca ad a6 71 63 a1 e8 3b e8 e9 5c Aug 26 13:21:51.526359: | bd b2 5d 61 ec d5 ca 4e e1 47 5f 05 17 fd 09 e2 Aug 26 13:21:51.526366: | 3f 76 34 fe 77 ad 7a 9c d9 d4 49 5d 6c 3a ce ee Aug 26 13:21:51.526374: | 65 75 61 78 c0 e9 c0 da 61 3d 98 a6 c9 9a c2 bf Aug 26 13:21:51.526381: | 65 8e b6 26 f3 ef 4e 4d 9f 85 9d c0 79 05 7d 78 Aug 26 13:21:51.526389: | 8d 7c d3 e1 34 17 91 a2 cd fc 1a f4 ca af 5d 47 Aug 26 13:21:51.526396: | 19 b8 63 8b 2f c9 67 da 42 e9 fb 85 6d a6 72 a7 Aug 26 13:21:51.526404: | aa 13 82 fd 5b 43 5d 74 1f 63 90 53 83 ea 53 7a Aug 26 13:21:51.526411: | d3 36 21 42 7c 12 a5 3a 5b f5 c2 b3 dd 88 db 02 Aug 26 13:21:51.526419: | 57 6d a8 a4 f7 b0 fc c8 3d f7 15 b3 fe 85 6a 95 Aug 26 13:21:51.526426: | d9 e6 71 3e 8b 57 7d 89 2b e0 51 16 39 a3 51 37 Aug 26 13:21:51.526434: | 00 56 59 ac a5 2a d2 8e 89 4d 14 50 c7 78 09 86 Aug 26 13:21:51.526441: | f0 7e 87 6a 39 9d 85 b2 fa be d1 07 86 0c c9 79 Aug 26 13:21:51.526449: | fb 4b 4d a5 9a d5 0c 78 2b f8 3f 2a 29 c1 05 c3 Aug 26 13:21:51.526456: | ba 2a e9 a7 04 f7 ba 7c 75 ca 15 d2 49 b7 8d f1 Aug 26 13:21:51.526463: | 19 ac 02 26 35 13 af 2e 67 f6 83 19 a1 14 8e 2d Aug 26 13:21:51.526471: | 0a b9 a3 60 7f 03 02 55 85 4d a6 d0 08 96 78 45 Aug 26 13:21:51.526478: | 72 1b b4 fe 48 49 f4 c9 4c e6 8e 6c 73 e6 41 ad Aug 26 13:21:51.526486: | 0c f8 f7 2c 6b fa 48 ae 01 b5 96 50 e5 92 0f 47 Aug 26 13:21:51.526493: | 99 55 e8 9d e2 b4 c0 0e ac 25 08 ac 0d f1 e5 90 Aug 26 13:21:51.526501: | 48 33 86 c7 4b 8c 41 19 21 24 a4 f0 13 3a b1 27 Aug 26 13:21:51.526508: | fd a1 3f d0 13 2d 38 59 c8 1d ee b2 Aug 26 13:21:51.526546: ERROR: "north-dpd/0x2" #4: sendto on eth1 to 192.1.2.23:500 failed in EVENT_RETRANSMIT. Errno 113: No route to host Aug 26 13:21:51.526560: | libevent_free: release ptr-libevent@0x7f83c00072f8 Aug 26 13:21:51.526570: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f83ac002b78 Aug 26 13:21:51.526590: | #4 spent 0.543 milliseconds in timer_event_cb() EVENT_RETRANSMIT Aug 26 13:21:51.526606: | stop processing: state #4 connection "north-dpd/0x2" from 192.1.2.23 (in timer_event_cb() at timer.c:557) Aug 26 13:21:51.526618: | timer_event_cb: processing event@0x7f83c0002b78 Aug 26 13:21:51.526627: | handling event EVENT_RETRANSMIT for child state #5 Aug 26 13:21:51.526648: | start processing: state #5 connection "north-dpd/0x1" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 13:21:51.526658: | IKEv1 retransmit event Aug 26 13:21:51.526671: | [RE]START processing: state #5 connection "north-dpd/0x1" from 192.1.2.23 (in retransmit_v1_msg() at retry.c:61) Aug 26 13:21:51.526684: | handling event EVENT_RETRANSMIT for 192.1.2.23 "north-dpd/0x1" #5 keying attempt 1 of 0; retransmit 2 Aug 26 13:21:51.526700: | retransmits: current time 10997.269158; retransmit count 1 exceeds limit? NO; deltatime 1 exceeds limit? NO; monotime 1.002061 exceeds limit? NO Aug 26 13:21:51.526709: | event_schedule: new EVENT_RETRANSMIT-pe@0x7f83ac002b78 Aug 26 13:21:51.526721: | inserting event EVENT_RETRANSMIT, timeout in 1 seconds for #5 Aug 26 13:21:51.526730: | libevent_malloc: new ptr-libevent@0x7f83c00072f8 size 128 Aug 26 13:21:51.526740: "north-dpd/0x1" #5: STATE_QUICK_I1: retransmission; will wait 1 seconds for response Aug 26 13:21:51.526756: | sending 476 bytes for EVENT_RETRANSMIT through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #5) Aug 26 13:21:51.526764: | ff 46 30 fd 82 4a 54 6b d9 29 c1 51 cb 06 e4 0b Aug 26 13:21:51.526771: | 08 10 20 01 7d 20 6b 25 00 00 01 dc 06 da 19 89 Aug 26 13:21:51.526779: | 8a a9 73 2c 98 64 09 8e 3d 35 41 39 89 5a 06 99 Aug 26 13:21:51.526786: | b9 cf 99 2e b9 dc 87 6f e0 6c 86 d3 61 5b 0c 30 Aug 26 13:21:51.526794: | 7a 0b 3c 1a de 14 8b 23 eb d7 be 3e 19 dc ba e6 Aug 26 13:21:51.526801: | 1a 88 cd 3f fb 47 b9 ba 7a 1e 38 4a ff eb 10 ba Aug 26 13:21:51.526809: | 1e 7b 51 89 f0 b4 1b 9f 4d 55 52 5a d6 5b 7f 28 Aug 26 13:21:51.526816: | 18 0e ef c0 8b 3d 52 95 80 aa 1e a4 57 71 f4 4f Aug 26 13:21:51.526824: | 52 53 2b 59 7a 8a 25 c9 44 df 7c 4c 8e 4f 93 8f Aug 26 13:21:51.526831: | cf 98 54 bb 0c ce ce bc c7 fa c9 5e 21 dc b2 34 Aug 26 13:21:51.526839: | 22 ca 14 84 84 38 d1 42 ae ea d9 7a 51 99 dd e2 Aug 26 13:21:51.526846: | 48 d0 47 e0 a8 41 db c7 0b 76 70 ce c2 6c 6d 10 Aug 26 13:21:51.526854: | e8 07 4c ce 8c 4a a1 13 34 f3 55 2c 94 d1 3a eb Aug 26 13:21:51.526861: | bb 10 c2 bc b0 f2 41 00 f4 40 fb 25 c0 37 fc fe Aug 26 13:21:51.526869: | a3 be ad 88 e9 ef 44 12 bc b1 c8 0a d2 e0 79 e9 Aug 26 13:21:51.526876: | 7f ec 40 6c a9 a4 56 95 e8 02 cd 6c c1 ad d7 e2 Aug 26 13:21:51.526883: | 6b a0 29 48 2e 7c cc e6 55 b0 ac ee 47 6c a1 92 Aug 26 13:21:51.526891: | 32 79 ca 7e 39 53 c4 50 64 65 65 43 19 9a 7e 71 Aug 26 13:21:51.526898: | 9d 77 19 d7 11 34 9f 3e c4 96 b5 e7 ac d0 07 c7 Aug 26 13:21:51.526906: | b9 3e c0 7e a3 9b 01 f5 b7 2d ee 27 c6 9a e6 b9 Aug 26 13:21:51.526913: | 50 77 67 09 de 58 eb 77 b5 39 e4 7c 37 ff 34 05 Aug 26 13:21:51.526921: | e3 a2 3b 9e b3 74 1b 39 4b 02 25 cf 27 29 cc 35 Aug 26 13:21:51.526928: | 09 1e 53 36 e6 ac f5 61 9d 67 8d 66 b7 4c 07 c7 Aug 26 13:21:51.526936: | 84 37 4b 97 96 0f 9f d9 fb 91 70 de 96 80 52 a9 Aug 26 13:21:51.526943: | 4a 02 48 62 9f 10 51 31 7e a0 4f 67 db aa af 32 Aug 26 13:21:51.526951: | 8f e8 ec 00 0f e8 0f 85 21 36 fb 48 d5 2d a2 5d Aug 26 13:21:51.526958: | 3f 9f f2 67 8a 10 20 b8 e7 76 77 6d 9d b2 c7 81 Aug 26 13:21:51.526965: | 91 9d 38 88 c5 e0 34 4e 5f f6 77 fd e8 dd 9b c9 Aug 26 13:21:51.526973: | 27 eb 56 fa fa 18 fc ef 8b 10 7a c5 93 1c c7 81 Aug 26 13:21:51.526980: | a7 49 13 1c 56 64 a3 f6 e6 d7 42 55 Aug 26 13:21:51.527001: ERROR: "north-dpd/0x1" #5: sendto on eth1 to 192.1.2.23:500 failed in EVENT_RETRANSMIT. Errno 113: No route to host Aug 26 13:21:51.527011: | libevent_free: release ptr-libevent@0x5649f9ab60f8 Aug 26 13:21:51.527020: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f83c0002b78 Aug 26 13:21:51.527035: | #5 spent 0.414 milliseconds in timer_event_cb() EVENT_RETRANSMIT Aug 26 13:21:51.527048: | stop processing: state #5 connection "north-dpd/0x1" from 192.1.2.23 (in timer_event_cb() at timer.c:557) Aug 26 13:21:52.527381: | timer_event_cb: processing event@0x5649f9ab9998 Aug 26 13:21:52.527437: | handling event EVENT_RETRANSMIT for child state #4 Aug 26 13:21:52.527456: | start processing: state #4 connection "north-dpd/0x2" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 13:21:52.527465: | IKEv1 retransmit event Aug 26 13:21:52.527476: | [RE]START processing: state #4 connection "north-dpd/0x2" from 192.1.2.23 (in retransmit_v1_msg() at retry.c:61) Aug 26 13:21:52.527487: | handling event EVENT_RETRANSMIT for 192.1.2.23 "north-dpd/0x2" #4 keying attempt 1 of 0; retransmit 3 Aug 26 13:21:52.527502: | retransmits: current time 10998.269961; retransmit count 2 exceeds limit? NO; deltatime 2 exceeds limit? NO; monotime 2.0033 exceeds limit? NO Aug 26 13:21:52.527511: | event_schedule: new EVENT_RETRANSMIT-pe@0x7f83c0002b78 Aug 26 13:21:52.527521: | inserting event EVENT_RETRANSMIT, timeout in 2 seconds for #4 Aug 26 13:21:52.527529: | libevent_malloc: new ptr-libevent@0x5649f9ab60f8 size 128 Aug 26 13:21:52.527539: "north-dpd/0x2" #4: STATE_QUICK_I1: retransmission; will wait 2 seconds for response Aug 26 13:21:52.527554: | sending 476 bytes for EVENT_RETRANSMIT through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #4) Aug 26 13:21:52.527561: | ff 46 30 fd 82 4a 54 6b d9 29 c1 51 cb 06 e4 0b Aug 26 13:21:52.527567: | 08 10 20 01 17 ff 60 cc 00 00 01 dc aa f2 c2 87 Aug 26 13:21:52.527572: | 63 4d 62 af 5c 4e f9 3c 2e 43 28 18 11 e3 58 72 Aug 26 13:21:52.527578: | ae 94 b1 01 a0 c5 7e fe 21 c8 e3 c5 af 34 2f f8 Aug 26 13:21:52.527583: | d7 71 d2 6d dc 35 34 08 45 c0 54 7f d0 f6 68 a3 Aug 26 13:21:52.527589: | e8 74 ed 16 69 45 5b f0 33 8e 51 a4 df 94 7c b1 Aug 26 13:21:52.527595: | 5e 49 51 2a a9 00 17 6b f6 86 bc 11 9d 05 00 96 Aug 26 13:21:52.527600: | e7 98 4a 4f 51 16 87 17 f9 71 1c df ce c3 88 4d Aug 26 13:21:52.527606: | fa 99 64 c0 9c ca ad a6 71 63 a1 e8 3b e8 e9 5c Aug 26 13:21:52.527611: | bd b2 5d 61 ec d5 ca 4e e1 47 5f 05 17 fd 09 e2 Aug 26 13:21:52.527617: | 3f 76 34 fe 77 ad 7a 9c d9 d4 49 5d 6c 3a ce ee Aug 26 13:21:52.527622: | 65 75 61 78 c0 e9 c0 da 61 3d 98 a6 c9 9a c2 bf Aug 26 13:21:52.527628: | 65 8e b6 26 f3 ef 4e 4d 9f 85 9d c0 79 05 7d 78 Aug 26 13:21:52.527633: | 8d 7c d3 e1 34 17 91 a2 cd fc 1a f4 ca af 5d 47 Aug 26 13:21:52.527639: | 19 b8 63 8b 2f c9 67 da 42 e9 fb 85 6d a6 72 a7 Aug 26 13:21:52.527644: | aa 13 82 fd 5b 43 5d 74 1f 63 90 53 83 ea 53 7a Aug 26 13:21:52.527650: | d3 36 21 42 7c 12 a5 3a 5b f5 c2 b3 dd 88 db 02 Aug 26 13:21:52.527655: | 57 6d a8 a4 f7 b0 fc c8 3d f7 15 b3 fe 85 6a 95 Aug 26 13:21:52.527661: | d9 e6 71 3e 8b 57 7d 89 2b e0 51 16 39 a3 51 37 Aug 26 13:21:52.527666: | 00 56 59 ac a5 2a d2 8e 89 4d 14 50 c7 78 09 86 Aug 26 13:21:52.527672: | f0 7e 87 6a 39 9d 85 b2 fa be d1 07 86 0c c9 79 Aug 26 13:21:52.527677: | fb 4b 4d a5 9a d5 0c 78 2b f8 3f 2a 29 c1 05 c3 Aug 26 13:21:52.527683: | ba 2a e9 a7 04 f7 ba 7c 75 ca 15 d2 49 b7 8d f1 Aug 26 13:21:52.527688: | 19 ac 02 26 35 13 af 2e 67 f6 83 19 a1 14 8e 2d Aug 26 13:21:52.527694: | 0a b9 a3 60 7f 03 02 55 85 4d a6 d0 08 96 78 45 Aug 26 13:21:52.527699: | 72 1b b4 fe 48 49 f4 c9 4c e6 8e 6c 73 e6 41 ad Aug 26 13:21:52.527705: | 0c f8 f7 2c 6b fa 48 ae 01 b5 96 50 e5 92 0f 47 Aug 26 13:21:52.527710: | 99 55 e8 9d e2 b4 c0 0e ac 25 08 ac 0d f1 e5 90 Aug 26 13:21:52.527716: | 48 33 86 c7 4b 8c 41 19 21 24 a4 f0 13 3a b1 27 Aug 26 13:21:52.527721: | fd a1 3f d0 13 2d 38 59 c8 1d ee b2 Aug 26 13:21:52.527752: ERROR: "north-dpd/0x2" #4: sendto on eth1 to 192.1.2.23:500 failed in EVENT_RETRANSMIT. Errno 113: No route to host Aug 26 13:21:52.527762: | libevent_free: release ptr-libevent@0x7f83ac002888 Aug 26 13:21:52.527770: | free_event_entry: release EVENT_RETRANSMIT-pe@0x5649f9ab9998 Aug 26 13:21:52.527786: | #4 spent 0.409 milliseconds in timer_event_cb() EVENT_RETRANSMIT Aug 26 13:21:52.527797: | stop processing: state #4 connection "north-dpd/0x2" from 192.1.2.23 (in timer_event_cb() at timer.c:557) Aug 26 13:21:52.527806: | timer_event_cb: processing event@0x7f83ac002b78 Aug 26 13:21:52.527818: | handling event EVENT_RETRANSMIT for child state #5 Aug 26 13:21:52.527829: | start processing: state #5 connection "north-dpd/0x1" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 13:21:52.527836: | IKEv1 retransmit event Aug 26 13:21:52.527846: | [RE]START processing: state #5 connection "north-dpd/0x1" from 192.1.2.23 (in retransmit_v1_msg() at retry.c:61) Aug 26 13:21:52.527855: | handling event EVENT_RETRANSMIT for 192.1.2.23 "north-dpd/0x1" #5 keying attempt 1 of 0; retransmit 3 Aug 26 13:21:52.527867: | retransmits: current time 10998.270328; retransmit count 2 exceeds limit? NO; deltatime 2 exceeds limit? NO; monotime 2.003231 exceeds limit? NO Aug 26 13:21:52.527873: | event_schedule: new EVENT_RETRANSMIT-pe@0x5649f9ab9998 Aug 26 13:21:52.527882: | inserting event EVENT_RETRANSMIT, timeout in 2 seconds for #5 Aug 26 13:21:52.527889: | libevent_malloc: new ptr-libevent@0x7f83ac002888 size 128 Aug 26 13:21:52.527896: "north-dpd/0x1" #5: STATE_QUICK_I1: retransmission; will wait 2 seconds for response Aug 26 13:21:52.527908: | sending 476 bytes for EVENT_RETRANSMIT through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #5) Aug 26 13:21:52.527914: | ff 46 30 fd 82 4a 54 6b d9 29 c1 51 cb 06 e4 0b Aug 26 13:21:52.527919: | 08 10 20 01 7d 20 6b 25 00 00 01 dc 06 da 19 89 Aug 26 13:21:52.527925: | 8a a9 73 2c 98 64 09 8e 3d 35 41 39 89 5a 06 99 Aug 26 13:21:52.527931: | b9 cf 99 2e b9 dc 87 6f e0 6c 86 d3 61 5b 0c 30 Aug 26 13:21:52.527936: | 7a 0b 3c 1a de 14 8b 23 eb d7 be 3e 19 dc ba e6 Aug 26 13:21:52.527942: | 1a 88 cd 3f fb 47 b9 ba 7a 1e 38 4a ff eb 10 ba Aug 26 13:21:52.527947: | 1e 7b 51 89 f0 b4 1b 9f 4d 55 52 5a d6 5b 7f 28 Aug 26 13:21:52.527953: | 18 0e ef c0 8b 3d 52 95 80 aa 1e a4 57 71 f4 4f Aug 26 13:21:52.527958: | 52 53 2b 59 7a 8a 25 c9 44 df 7c 4c 8e 4f 93 8f Aug 26 13:21:52.527963: | cf 98 54 bb 0c ce ce bc c7 fa c9 5e 21 dc b2 34 Aug 26 13:21:52.527969: | 22 ca 14 84 84 38 d1 42 ae ea d9 7a 51 99 dd e2 Aug 26 13:21:52.527974: | 48 d0 47 e0 a8 41 db c7 0b 76 70 ce c2 6c 6d 10 Aug 26 13:21:52.527980: | e8 07 4c ce 8c 4a a1 13 34 f3 55 2c 94 d1 3a eb Aug 26 13:21:52.527986: | bb 10 c2 bc b0 f2 41 00 f4 40 fb 25 c0 37 fc fe Aug 26 13:21:52.527991: | a3 be ad 88 e9 ef 44 12 bc b1 c8 0a d2 e0 79 e9 Aug 26 13:21:52.527997: | 7f ec 40 6c a9 a4 56 95 e8 02 cd 6c c1 ad d7 e2 Aug 26 13:21:52.528002: | 6b a0 29 48 2e 7c cc e6 55 b0 ac ee 47 6c a1 92 Aug 26 13:21:52.528007: | 32 79 ca 7e 39 53 c4 50 64 65 65 43 19 9a 7e 71 Aug 26 13:21:52.528013: | 9d 77 19 d7 11 34 9f 3e c4 96 b5 e7 ac d0 07 c7 Aug 26 13:21:52.528018: | b9 3e c0 7e a3 9b 01 f5 b7 2d ee 27 c6 9a e6 b9 Aug 26 13:21:52.528024: | 50 77 67 09 de 58 eb 77 b5 39 e4 7c 37 ff 34 05 Aug 26 13:21:52.528029: | e3 a2 3b 9e b3 74 1b 39 4b 02 25 cf 27 29 cc 35 Aug 26 13:21:52.528035: | 09 1e 53 36 e6 ac f5 61 9d 67 8d 66 b7 4c 07 c7 Aug 26 13:21:52.528040: | 84 37 4b 97 96 0f 9f d9 fb 91 70 de 96 80 52 a9 Aug 26 13:21:52.528046: | 4a 02 48 62 9f 10 51 31 7e a0 4f 67 db aa af 32 Aug 26 13:21:52.528051: | 8f e8 ec 00 0f e8 0f 85 21 36 fb 48 d5 2d a2 5d Aug 26 13:21:52.528057: | 3f 9f f2 67 8a 10 20 b8 e7 76 77 6d 9d b2 c7 81 Aug 26 13:21:52.528062: | 91 9d 38 88 c5 e0 34 4e 5f f6 77 fd e8 dd 9b c9 Aug 26 13:21:52.528068: | 27 eb 56 fa fa 18 fc ef 8b 10 7a c5 93 1c c7 81 Aug 26 13:21:52.528073: | a7 49 13 1c 56 64 a3 f6 e6 d7 42 55 Aug 26 13:21:52.528089: ERROR: "north-dpd/0x1" #5: sendto on eth1 to 192.1.2.23:500 failed in EVENT_RETRANSMIT. Errno 113: No route to host Aug 26 13:21:52.528096: | libevent_free: release ptr-libevent@0x7f83c00072f8 Aug 26 13:21:52.528102: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f83ac002b78 Aug 26 13:21:52.528113: | #5 spent 0.304 milliseconds in timer_event_cb() EVENT_RETRANSMIT Aug 26 13:21:52.528122: | stop processing: state #5 connection "north-dpd/0x1" from 192.1.2.23 (in timer_event_cb() at timer.c:557) Aug 26 13:21:54.530182: | timer_event_cb: processing event@0x7f83c0002b78 Aug 26 13:21:54.530199: | handling event EVENT_RETRANSMIT for child state #4 Aug 26 13:21:54.530205: | start processing: state #4 connection "north-dpd/0x2" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 13:21:54.530208: | IKEv1 retransmit event Aug 26 13:21:54.530212: | [RE]START processing: state #4 connection "north-dpd/0x2" from 192.1.2.23 (in retransmit_v1_msg() at retry.c:61) Aug 26 13:21:54.530215: | handling event EVENT_RETRANSMIT for 192.1.2.23 "north-dpd/0x2" #4 keying attempt 1 of 0; retransmit 4 Aug 26 13:21:54.530219: | retransmits: current time 11000.272684; retransmit count 3 exceeds limit? NO; deltatime 4 exceeds limit? NO; monotime 4.006023 exceeds limit? NO Aug 26 13:21:54.530222: | event_schedule: new EVENT_RETRANSMIT-pe@0x7f83ac002b78 Aug 26 13:21:54.530225: | inserting event EVENT_RETRANSMIT, timeout in 4 seconds for #4 Aug 26 13:21:54.530227: | libevent_malloc: new ptr-libevent@0x7f83c00072f8 size 128 Aug 26 13:21:54.530231: "north-dpd/0x2" #4: STATE_QUICK_I1: retransmission; will wait 4 seconds for response Aug 26 13:21:54.530236: | sending 476 bytes for EVENT_RETRANSMIT through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #4) Aug 26 13:21:54.530238: | ff 46 30 fd 82 4a 54 6b d9 29 c1 51 cb 06 e4 0b Aug 26 13:21:54.530240: | 08 10 20 01 17 ff 60 cc 00 00 01 dc aa f2 c2 87 Aug 26 13:21:54.530241: | 63 4d 62 af 5c 4e f9 3c 2e 43 28 18 11 e3 58 72 Aug 26 13:21:54.530243: | ae 94 b1 01 a0 c5 7e fe 21 c8 e3 c5 af 34 2f f8 Aug 26 13:21:54.530244: | d7 71 d2 6d dc 35 34 08 45 c0 54 7f d0 f6 68 a3 Aug 26 13:21:54.530246: | e8 74 ed 16 69 45 5b f0 33 8e 51 a4 df 94 7c b1 Aug 26 13:21:54.530247: | 5e 49 51 2a a9 00 17 6b f6 86 bc 11 9d 05 00 96 Aug 26 13:21:54.530249: | e7 98 4a 4f 51 16 87 17 f9 71 1c df ce c3 88 4d Aug 26 13:21:54.530250: | fa 99 64 c0 9c ca ad a6 71 63 a1 e8 3b e8 e9 5c Aug 26 13:21:54.530252: | bd b2 5d 61 ec d5 ca 4e e1 47 5f 05 17 fd 09 e2 Aug 26 13:21:54.530253: | 3f 76 34 fe 77 ad 7a 9c d9 d4 49 5d 6c 3a ce ee Aug 26 13:21:54.530255: | 65 75 61 78 c0 e9 c0 da 61 3d 98 a6 c9 9a c2 bf Aug 26 13:21:54.530256: | 65 8e b6 26 f3 ef 4e 4d 9f 85 9d c0 79 05 7d 78 Aug 26 13:21:54.530258: | 8d 7c d3 e1 34 17 91 a2 cd fc 1a f4 ca af 5d 47 Aug 26 13:21:54.530259: | 19 b8 63 8b 2f c9 67 da 42 e9 fb 85 6d a6 72 a7 Aug 26 13:21:54.530261: | aa 13 82 fd 5b 43 5d 74 1f 63 90 53 83 ea 53 7a Aug 26 13:21:54.530262: | d3 36 21 42 7c 12 a5 3a 5b f5 c2 b3 dd 88 db 02 Aug 26 13:21:54.530264: | 57 6d a8 a4 f7 b0 fc c8 3d f7 15 b3 fe 85 6a 95 Aug 26 13:21:54.530265: | d9 e6 71 3e 8b 57 7d 89 2b e0 51 16 39 a3 51 37 Aug 26 13:21:54.530267: | 00 56 59 ac a5 2a d2 8e 89 4d 14 50 c7 78 09 86 Aug 26 13:21:54.530268: | f0 7e 87 6a 39 9d 85 b2 fa be d1 07 86 0c c9 79 Aug 26 13:21:54.530270: | fb 4b 4d a5 9a d5 0c 78 2b f8 3f 2a 29 c1 05 c3 Aug 26 13:21:54.530271: | ba 2a e9 a7 04 f7 ba 7c 75 ca 15 d2 49 b7 8d f1 Aug 26 13:21:54.530273: | 19 ac 02 26 35 13 af 2e 67 f6 83 19 a1 14 8e 2d Aug 26 13:21:54.530274: | 0a b9 a3 60 7f 03 02 55 85 4d a6 d0 08 96 78 45 Aug 26 13:21:54.530276: | 72 1b b4 fe 48 49 f4 c9 4c e6 8e 6c 73 e6 41 ad Aug 26 13:21:54.530277: | 0c f8 f7 2c 6b fa 48 ae 01 b5 96 50 e5 92 0f 47 Aug 26 13:21:54.530279: | 99 55 e8 9d e2 b4 c0 0e ac 25 08 ac 0d f1 e5 90 Aug 26 13:21:54.530280: | 48 33 86 c7 4b 8c 41 19 21 24 a4 f0 13 3a b1 27 Aug 26 13:21:54.530282: | fd a1 3f d0 13 2d 38 59 c8 1d ee b2 Aug 26 13:21:54.530297: ERROR: "north-dpd/0x2" #4: sendto on eth1 to 192.1.2.23:500 failed in EVENT_RETRANSMIT. Errno 113: No route to host Aug 26 13:21:54.530302: | libevent_free: release ptr-libevent@0x5649f9ab60f8 Aug 26 13:21:54.530322: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f83c0002b78 Aug 26 13:21:54.530327: | #4 spent 0.144 milliseconds in timer_event_cb() EVENT_RETRANSMIT Aug 26 13:21:54.530331: | stop processing: state #4 connection "north-dpd/0x2" from 192.1.2.23 (in timer_event_cb() at timer.c:557) Aug 26 13:21:54.530337: | timer_event_cb: processing event@0x5649f9ab9998 Aug 26 13:21:54.530339: | handling event EVENT_RETRANSMIT for child state #5 Aug 26 13:21:54.530342: | start processing: state #5 connection "north-dpd/0x1" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 13:21:54.530344: | IKEv1 retransmit event Aug 26 13:21:54.530359: | [RE]START processing: state #5 connection "north-dpd/0x1" from 192.1.2.23 (in retransmit_v1_msg() at retry.c:61) Aug 26 13:21:54.530362: | handling event EVENT_RETRANSMIT for 192.1.2.23 "north-dpd/0x1" #5 keying attempt 1 of 0; retransmit 4 Aug 26 13:21:54.530365: | retransmits: current time 11000.272831; retransmit count 3 exceeds limit? NO; deltatime 4 exceeds limit? NO; monotime 4.005734 exceeds limit? NO Aug 26 13:21:54.530367: | event_schedule: new EVENT_RETRANSMIT-pe@0x7f83c0002b78 Aug 26 13:21:54.530369: | inserting event EVENT_RETRANSMIT, timeout in 4 seconds for #5 Aug 26 13:21:54.530371: | libevent_malloc: new ptr-libevent@0x5649f9ab60f8 size 128 Aug 26 13:21:54.530373: "north-dpd/0x1" #5: STATE_QUICK_I1: retransmission; will wait 4 seconds for response Aug 26 13:21:54.530376: | sending 476 bytes for EVENT_RETRANSMIT through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #5) Aug 26 13:21:54.530378: | ff 46 30 fd 82 4a 54 6b d9 29 c1 51 cb 06 e4 0b Aug 26 13:21:54.530380: | 08 10 20 01 7d 20 6b 25 00 00 01 dc 06 da 19 89 Aug 26 13:21:54.530381: | 8a a9 73 2c 98 64 09 8e 3d 35 41 39 89 5a 06 99 Aug 26 13:21:54.530383: | b9 cf 99 2e b9 dc 87 6f e0 6c 86 d3 61 5b 0c 30 Aug 26 13:21:54.530384: | 7a 0b 3c 1a de 14 8b 23 eb d7 be 3e 19 dc ba e6 Aug 26 13:21:54.530386: | 1a 88 cd 3f fb 47 b9 ba 7a 1e 38 4a ff eb 10 ba Aug 26 13:21:54.530387: | 1e 7b 51 89 f0 b4 1b 9f 4d 55 52 5a d6 5b 7f 28 Aug 26 13:21:54.530389: | 18 0e ef c0 8b 3d 52 95 80 aa 1e a4 57 71 f4 4f Aug 26 13:21:54.530390: | 52 53 2b 59 7a 8a 25 c9 44 df 7c 4c 8e 4f 93 8f Aug 26 13:21:54.530392: | cf 98 54 bb 0c ce ce bc c7 fa c9 5e 21 dc b2 34 Aug 26 13:21:54.530393: | 22 ca 14 84 84 38 d1 42 ae ea d9 7a 51 99 dd e2 Aug 26 13:21:54.530395: | 48 d0 47 e0 a8 41 db c7 0b 76 70 ce c2 6c 6d 10 Aug 26 13:21:54.530396: | e8 07 4c ce 8c 4a a1 13 34 f3 55 2c 94 d1 3a eb Aug 26 13:21:54.530398: | bb 10 c2 bc b0 f2 41 00 f4 40 fb 25 c0 37 fc fe Aug 26 13:21:54.530399: | a3 be ad 88 e9 ef 44 12 bc b1 c8 0a d2 e0 79 e9 Aug 26 13:21:54.530401: | 7f ec 40 6c a9 a4 56 95 e8 02 cd 6c c1 ad d7 e2 Aug 26 13:21:54.530402: | 6b a0 29 48 2e 7c cc e6 55 b0 ac ee 47 6c a1 92 Aug 26 13:21:54.530404: | 32 79 ca 7e 39 53 c4 50 64 65 65 43 19 9a 7e 71 Aug 26 13:21:54.530405: | 9d 77 19 d7 11 34 9f 3e c4 96 b5 e7 ac d0 07 c7 Aug 26 13:21:54.530407: | b9 3e c0 7e a3 9b 01 f5 b7 2d ee 27 c6 9a e6 b9 Aug 26 13:21:54.530408: | 50 77 67 09 de 58 eb 77 b5 39 e4 7c 37 ff 34 05 Aug 26 13:21:54.530410: | e3 a2 3b 9e b3 74 1b 39 4b 02 25 cf 27 29 cc 35 Aug 26 13:21:54.530411: | 09 1e 53 36 e6 ac f5 61 9d 67 8d 66 b7 4c 07 c7 Aug 26 13:21:54.530413: | 84 37 4b 97 96 0f 9f d9 fb 91 70 de 96 80 52 a9 Aug 26 13:21:54.530414: | 4a 02 48 62 9f 10 51 31 7e a0 4f 67 db aa af 32 Aug 26 13:21:54.530416: | 8f e8 ec 00 0f e8 0f 85 21 36 fb 48 d5 2d a2 5d Aug 26 13:21:54.530417: | 3f 9f f2 67 8a 10 20 b8 e7 76 77 6d 9d b2 c7 81 Aug 26 13:21:54.530419: | 91 9d 38 88 c5 e0 34 4e 5f f6 77 fd e8 dd 9b c9 Aug 26 13:21:54.530420: | 27 eb 56 fa fa 18 fc ef 8b 10 7a c5 93 1c c7 81 Aug 26 13:21:54.530421: | a7 49 13 1c 56 64 a3 f6 e6 d7 42 55 Aug 26 13:21:54.530426: ERROR: "north-dpd/0x1" #5: sendto on eth1 to 192.1.2.23:500 failed in EVENT_RETRANSMIT. Errno 113: No route to host Aug 26 13:21:54.530428: | libevent_free: release ptr-libevent@0x7f83ac002888 Aug 26 13:21:54.530430: | free_event_entry: release EVENT_RETRANSMIT-pe@0x5649f9ab9998 Aug 26 13:21:54.530433: | #5 spent 0.0957 milliseconds in timer_event_cb() EVENT_RETRANSMIT Aug 26 13:21:54.530437: | stop processing: state #5 connection "north-dpd/0x1" from 192.1.2.23 (in timer_event_cb() at timer.c:557) Aug 26 13:21:57.281366: | processing global timer EVENT_SHUNT_SCAN Aug 26 13:21:57.281381: | expiring aged bare shunts from shunt table Aug 26 13:21:57.281387: | spent 0.00402 milliseconds in global timer EVENT_SHUNT_SCAN Aug 26 13:21:57.477278: | spent 0.011 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:21:57.477404: | NAT-T keep-alive (bogus ?) should not reach this point. Ignored. Sender: 192.1.2.23:500 Aug 26 13:21:57.477431: | spent 0.0533 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:21:57.477452: | processing global timer EVENT_NAT_T_KEEPALIVE Aug 26 13:21:57.477469: | FOR_EACH_STATE_... in nat_traversal_ka_event (for_each_state) Aug 26 13:21:57.477497: | start processing: state #5 connection "north-dpd/0x1" from 192.1.2.23 (in for_each_state() at state.c:1575) Aug 26 13:21:57.477513: | not behind NAT: no NAT-T KEEP-ALIVE required for conn north-dpd/0x1 Aug 26 13:21:57.477537: | stop processing: state #5 connection "north-dpd/0x1" from 192.1.2.23 (in for_each_state() at state.c:1577) Aug 26 13:21:57.477563: | start processing: state #4 connection "north-dpd/0x2" from 192.1.2.23 (in for_each_state() at state.c:1575) Aug 26 13:21:57.477577: | not behind NAT: no NAT-T KEEP-ALIVE required for conn north-dpd/0x2 Aug 26 13:21:57.477600: | stop processing: state #4 connection "north-dpd/0x2" from 192.1.2.23 (in for_each_state() at state.c:1577) Aug 26 13:21:57.477621: | start processing: state #1 connection "north-dpd/0x2" from 192.1.2.23 (in for_each_state() at state.c:1575) Aug 26 13:21:57.477634: | not behind NAT: no NAT-T KEEP-ALIVE required for conn north-dpd/0x2 Aug 26 13:21:57.477656: | stop processing: state #1 connection "north-dpd/0x2" from 192.1.2.23 (in for_each_state() at state.c:1577) Aug 26 13:21:57.477676: | spent 0.204 milliseconds in global timer EVENT_NAT_T_KEEPALIVE Aug 26 13:21:57.477713: | spent 0.00806 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:21:57.477742: | NAT-T keep-alive (bogus ?) should not reach this point. Ignored. Sender: 192.1.2.23:500 Aug 26 13:21:57.477755: | spent 0.0268 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:21:58.532127: | timer_event_cb: processing event@0x7f83ac002b78 Aug 26 13:21:58.532191: | handling event EVENT_RETRANSMIT for child state #4 Aug 26 13:21:58.532215: | start processing: state #4 connection "north-dpd/0x2" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 13:21:58.532227: | IKEv1 retransmit event Aug 26 13:21:58.532243: | [RE]START processing: state #4 connection "north-dpd/0x2" from 192.1.2.23 (in retransmit_v1_msg() at retry.c:61) Aug 26 13:21:58.532257: | handling event EVENT_RETRANSMIT for 192.1.2.23 "north-dpd/0x2" #4 keying attempt 1 of 0; retransmit 5 Aug 26 13:21:58.532277: | retransmits: current time 11004.274732; retransmit count 4 exceeds limit? NO; deltatime 8 exceeds limit? NO; monotime 8.008071 exceeds limit? NO Aug 26 13:21:58.532330: | event_schedule: new EVENT_RETRANSMIT-pe@0x5649f9ab9998 Aug 26 13:21:58.532344: | inserting event EVENT_RETRANSMIT, timeout in 8 seconds for #4 Aug 26 13:21:58.532356: | libevent_malloc: new ptr-libevent@0x7f83ac002888 size 128 Aug 26 13:21:58.532370: "north-dpd/0x2" #4: STATE_QUICK_I1: retransmission; will wait 8 seconds for response Aug 26 13:21:58.532390: | sending 476 bytes for EVENT_RETRANSMIT through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #4) Aug 26 13:21:58.532399: | ff 46 30 fd 82 4a 54 6b d9 29 c1 51 cb 06 e4 0b Aug 26 13:21:58.532407: | 08 10 20 01 17 ff 60 cc 00 00 01 dc aa f2 c2 87 Aug 26 13:21:58.532415: | 63 4d 62 af 5c 4e f9 3c 2e 43 28 18 11 e3 58 72 Aug 26 13:21:58.532423: | ae 94 b1 01 a0 c5 7e fe 21 c8 e3 c5 af 34 2f f8 Aug 26 13:21:58.532431: | d7 71 d2 6d dc 35 34 08 45 c0 54 7f d0 f6 68 a3 Aug 26 13:21:58.532438: | e8 74 ed 16 69 45 5b f0 33 8e 51 a4 df 94 7c b1 Aug 26 13:21:58.532446: | 5e 49 51 2a a9 00 17 6b f6 86 bc 11 9d 05 00 96 Aug 26 13:21:58.532467: | e7 98 4a 4f 51 16 87 17 f9 71 1c df ce c3 88 4d Aug 26 13:21:58.532475: | fa 99 64 c0 9c ca ad a6 71 63 a1 e8 3b e8 e9 5c Aug 26 13:21:58.532483: | bd b2 5d 61 ec d5 ca 4e e1 47 5f 05 17 fd 09 e2 Aug 26 13:21:58.532490: | 3f 76 34 fe 77 ad 7a 9c d9 d4 49 5d 6c 3a ce ee Aug 26 13:21:58.532498: | 65 75 61 78 c0 e9 c0 da 61 3d 98 a6 c9 9a c2 bf Aug 26 13:21:58.532505: | 65 8e b6 26 f3 ef 4e 4d 9f 85 9d c0 79 05 7d 78 Aug 26 13:21:58.532513: | 8d 7c d3 e1 34 17 91 a2 cd fc 1a f4 ca af 5d 47 Aug 26 13:21:58.532520: | 19 b8 63 8b 2f c9 67 da 42 e9 fb 85 6d a6 72 a7 Aug 26 13:21:58.532527: | aa 13 82 fd 5b 43 5d 74 1f 63 90 53 83 ea 53 7a Aug 26 13:21:58.532535: | d3 36 21 42 7c 12 a5 3a 5b f5 c2 b3 dd 88 db 02 Aug 26 13:21:58.532543: | 57 6d a8 a4 f7 b0 fc c8 3d f7 15 b3 fe 85 6a 95 Aug 26 13:21:58.532550: | d9 e6 71 3e 8b 57 7d 89 2b e0 51 16 39 a3 51 37 Aug 26 13:21:58.532558: | 00 56 59 ac a5 2a d2 8e 89 4d 14 50 c7 78 09 86 Aug 26 13:21:58.532565: | f0 7e 87 6a 39 9d 85 b2 fa be d1 07 86 0c c9 79 Aug 26 13:21:58.532573: | fb 4b 4d a5 9a d5 0c 78 2b f8 3f 2a 29 c1 05 c3 Aug 26 13:21:58.532580: | ba 2a e9 a7 04 f7 ba 7c 75 ca 15 d2 49 b7 8d f1 Aug 26 13:21:58.532588: | 19 ac 02 26 35 13 af 2e 67 f6 83 19 a1 14 8e 2d Aug 26 13:21:58.532595: | 0a b9 a3 60 7f 03 02 55 85 4d a6 d0 08 96 78 45 Aug 26 13:21:58.532603: | 72 1b b4 fe 48 49 f4 c9 4c e6 8e 6c 73 e6 41 ad Aug 26 13:21:58.532610: | 0c f8 f7 2c 6b fa 48 ae 01 b5 96 50 e5 92 0f 47 Aug 26 13:21:58.532618: | 99 55 e8 9d e2 b4 c0 0e ac 25 08 ac 0d f1 e5 90 Aug 26 13:21:58.532625: | 48 33 86 c7 4b 8c 41 19 21 24 a4 f0 13 3a b1 27 Aug 26 13:21:58.532633: | fd a1 3f d0 13 2d 38 59 c8 1d ee b2 Aug 26 13:21:58.532676: ERROR: "north-dpd/0x2" #4: sendto on eth1 to 192.1.2.23:500 failed in EVENT_RETRANSMIT. Errno 113: No route to host Aug 26 13:21:58.532692: | libevent_free: release ptr-libevent@0x7f83c00072f8 Aug 26 13:21:58.532703: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f83ac002b78 Aug 26 13:21:58.532726: | #4 spent 0.566 milliseconds in timer_event_cb() EVENT_RETRANSMIT Aug 26 13:21:58.532742: | stop processing: state #4 connection "north-dpd/0x2" from 192.1.2.23 (in timer_event_cb() at timer.c:557) Aug 26 13:21:58.532755: | timer_event_cb: processing event@0x7f83c0002b78 Aug 26 13:21:58.532764: | handling event EVENT_RETRANSMIT for child state #5 Aug 26 13:21:58.532778: | start processing: state #5 connection "north-dpd/0x1" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 13:21:58.532788: | IKEv1 retransmit event Aug 26 13:21:58.532801: | [RE]START processing: state #5 connection "north-dpd/0x1" from 192.1.2.23 (in retransmit_v1_msg() at retry.c:61) Aug 26 13:21:58.532814: | handling event EVENT_RETRANSMIT for 192.1.2.23 "north-dpd/0x1" #5 keying attempt 1 of 0; retransmit 5 Aug 26 13:21:58.532831: | retransmits: current time 11004.275289; retransmit count 4 exceeds limit? NO; deltatime 8 exceeds limit? NO; monotime 8.008192 exceeds limit? NO Aug 26 13:21:58.532840: | event_schedule: new EVENT_RETRANSMIT-pe@0x7f83ac002b78 Aug 26 13:21:58.532851: | inserting event EVENT_RETRANSMIT, timeout in 8 seconds for #5 Aug 26 13:21:58.532860: | libevent_malloc: new ptr-libevent@0x7f83c00072f8 size 128 Aug 26 13:21:58.532871: "north-dpd/0x1" #5: STATE_QUICK_I1: retransmission; will wait 8 seconds for response Aug 26 13:21:58.532887: | sending 476 bytes for EVENT_RETRANSMIT through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #5) Aug 26 13:21:58.532895: | ff 46 30 fd 82 4a 54 6b d9 29 c1 51 cb 06 e4 0b Aug 26 13:21:58.532903: | 08 10 20 01 7d 20 6b 25 00 00 01 dc 06 da 19 89 Aug 26 13:21:58.532911: | 8a a9 73 2c 98 64 09 8e 3d 35 41 39 89 5a 06 99 Aug 26 13:21:58.532918: | b9 cf 99 2e b9 dc 87 6f e0 6c 86 d3 61 5b 0c 30 Aug 26 13:21:58.532926: | 7a 0b 3c 1a de 14 8b 23 eb d7 be 3e 19 dc ba e6 Aug 26 13:21:58.532933: | 1a 88 cd 3f fb 47 b9 ba 7a 1e 38 4a ff eb 10 ba Aug 26 13:21:58.532948: | 1e 7b 51 89 f0 b4 1b 9f 4d 55 52 5a d6 5b 7f 28 Aug 26 13:21:58.532955: | 18 0e ef c0 8b 3d 52 95 80 aa 1e a4 57 71 f4 4f Aug 26 13:21:58.532963: | 52 53 2b 59 7a 8a 25 c9 44 df 7c 4c 8e 4f 93 8f Aug 26 13:21:58.532971: | cf 98 54 bb 0c ce ce bc c7 fa c9 5e 21 dc b2 34 Aug 26 13:21:58.532978: | 22 ca 14 84 84 38 d1 42 ae ea d9 7a 51 99 dd e2 Aug 26 13:21:58.532986: | 48 d0 47 e0 a8 41 db c7 0b 76 70 ce c2 6c 6d 10 Aug 26 13:21:58.532993: | e8 07 4c ce 8c 4a a1 13 34 f3 55 2c 94 d1 3a eb Aug 26 13:21:58.533001: | bb 10 c2 bc b0 f2 41 00 f4 40 fb 25 c0 37 fc fe Aug 26 13:21:58.533008: | a3 be ad 88 e9 ef 44 12 bc b1 c8 0a d2 e0 79 e9 Aug 26 13:21:58.533016: | 7f ec 40 6c a9 a4 56 95 e8 02 cd 6c c1 ad d7 e2 Aug 26 13:21:58.533023: | 6b a0 29 48 2e 7c cc e6 55 b0 ac ee 47 6c a1 92 Aug 26 13:21:58.533031: | 32 79 ca 7e 39 53 c4 50 64 65 65 43 19 9a 7e 71 Aug 26 13:21:58.533038: | 9d 77 19 d7 11 34 9f 3e c4 96 b5 e7 ac d0 07 c7 Aug 26 13:21:58.533046: | b9 3e c0 7e a3 9b 01 f5 b7 2d ee 27 c6 9a e6 b9 Aug 26 13:21:58.533053: | 50 77 67 09 de 58 eb 77 b5 39 e4 7c 37 ff 34 05 Aug 26 13:21:58.533061: | e3 a2 3b 9e b3 74 1b 39 4b 02 25 cf 27 29 cc 35 Aug 26 13:21:58.533068: | 09 1e 53 36 e6 ac f5 61 9d 67 8d 66 b7 4c 07 c7 Aug 26 13:21:58.533076: | 84 37 4b 97 96 0f 9f d9 fb 91 70 de 96 80 52 a9 Aug 26 13:21:58.533083: | 4a 02 48 62 9f 10 51 31 7e a0 4f 67 db aa af 32 Aug 26 13:21:58.533091: | 8f e8 ec 00 0f e8 0f 85 21 36 fb 48 d5 2d a2 5d Aug 26 13:21:58.533099: | 3f 9f f2 67 8a 10 20 b8 e7 76 77 6d 9d b2 c7 81 Aug 26 13:21:58.533106: | 91 9d 38 88 c5 e0 34 4e 5f f6 77 fd e8 dd 9b c9 Aug 26 13:21:58.533114: | 27 eb 56 fa fa 18 fc ef 8b 10 7a c5 93 1c c7 81 Aug 26 13:21:58.533121: | a7 49 13 1c 56 64 a3 f6 e6 d7 42 55 Aug 26 13:21:58.533142: ERROR: "north-dpd/0x1" #5: sendto on eth1 to 192.1.2.23:500 failed in EVENT_RETRANSMIT. Errno 113: No route to host Aug 26 13:21:58.533152: | libevent_free: release ptr-libevent@0x5649f9ab60f8 Aug 26 13:21:58.533161: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f83c0002b78 Aug 26 13:21:58.533175: | #5 spent 0.418 milliseconds in timer_event_cb() EVENT_RETRANSMIT Aug 26 13:21:58.533189: | stop processing: state #5 connection "north-dpd/0x1" from 192.1.2.23 (in timer_event_cb() at timer.c:557) Aug 26 13:22:06.540943: | timer_event_cb: processing event@0x5649f9ab9998 Aug 26 13:22:06.540990: | handling event EVENT_RETRANSMIT for child state #4 Aug 26 13:22:06.541014: | start processing: state #4 connection "north-dpd/0x2" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 13:22:06.541026: | IKEv1 retransmit event Aug 26 13:22:06.541041: | [RE]START processing: state #4 connection "north-dpd/0x2" from 192.1.2.23 (in retransmit_v1_msg() at retry.c:61) Aug 26 13:22:06.541056: | handling event EVENT_RETRANSMIT for 192.1.2.23 "north-dpd/0x2" #4 keying attempt 1 of 0; retransmit 6 Aug 26 13:22:06.541076: | retransmits: current time 11012.283531; retransmit count 5 exceeds limit? NO; deltatime 16 exceeds limit? NO; monotime 16.01687 exceeds limit? NO Aug 26 13:22:06.541088: | event_schedule: new EVENT_RETRANSMIT-pe@0x7f83c0002b78 Aug 26 13:22:06.541100: | inserting event EVENT_RETRANSMIT, timeout in 16 seconds for #4 Aug 26 13:22:06.541111: | libevent_malloc: new ptr-libevent@0x5649f9ab60f8 size 128 Aug 26 13:22:06.541124: "north-dpd/0x2" #4: STATE_QUICK_I1: retransmission; will wait 16 seconds for response Aug 26 13:22:06.541144: | sending 476 bytes for EVENT_RETRANSMIT through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #4) Aug 26 13:22:06.541153: | ff 46 30 fd 82 4a 54 6b d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:06.541161: | 08 10 20 01 17 ff 60 cc 00 00 01 dc aa f2 c2 87 Aug 26 13:22:06.541168: | 63 4d 62 af 5c 4e f9 3c 2e 43 28 18 11 e3 58 72 Aug 26 13:22:06.541176: | ae 94 b1 01 a0 c5 7e fe 21 c8 e3 c5 af 34 2f f8 Aug 26 13:22:06.541183: | d7 71 d2 6d dc 35 34 08 45 c0 54 7f d0 f6 68 a3 Aug 26 13:22:06.541202: | e8 74 ed 16 69 45 5b f0 33 8e 51 a4 df 94 7c b1 Aug 26 13:22:06.541210: | 5e 49 51 2a a9 00 17 6b f6 86 bc 11 9d 05 00 96 Aug 26 13:22:06.541217: | e7 98 4a 4f 51 16 87 17 f9 71 1c df ce c3 88 4d Aug 26 13:22:06.541225: | fa 99 64 c0 9c ca ad a6 71 63 a1 e8 3b e8 e9 5c Aug 26 13:22:06.541233: | bd b2 5d 61 ec d5 ca 4e e1 47 5f 05 17 fd 09 e2 Aug 26 13:22:06.541240: | 3f 76 34 fe 77 ad 7a 9c d9 d4 49 5d 6c 3a ce ee Aug 26 13:22:06.541248: | 65 75 61 78 c0 e9 c0 da 61 3d 98 a6 c9 9a c2 bf Aug 26 13:22:06.541255: | 65 8e b6 26 f3 ef 4e 4d 9f 85 9d c0 79 05 7d 78 Aug 26 13:22:06.541263: | 8d 7c d3 e1 34 17 91 a2 cd fc 1a f4 ca af 5d 47 Aug 26 13:22:06.541270: | 19 b8 63 8b 2f c9 67 da 42 e9 fb 85 6d a6 72 a7 Aug 26 13:22:06.541278: | aa 13 82 fd 5b 43 5d 74 1f 63 90 53 83 ea 53 7a Aug 26 13:22:06.541286: | d3 36 21 42 7c 12 a5 3a 5b f5 c2 b3 dd 88 db 02 Aug 26 13:22:06.541321: | 57 6d a8 a4 f7 b0 fc c8 3d f7 15 b3 fe 85 6a 95 Aug 26 13:22:06.541335: | d9 e6 71 3e 8b 57 7d 89 2b e0 51 16 39 a3 51 37 Aug 26 13:22:06.541347: | 00 56 59 ac a5 2a d2 8e 89 4d 14 50 c7 78 09 86 Aug 26 13:22:06.541359: | f0 7e 87 6a 39 9d 85 b2 fa be d1 07 86 0c c9 79 Aug 26 13:22:06.541374: | fb 4b 4d a5 9a d5 0c 78 2b f8 3f 2a 29 c1 05 c3 Aug 26 13:22:06.541382: | ba 2a e9 a7 04 f7 ba 7c 75 ca 15 d2 49 b7 8d f1 Aug 26 13:22:06.541389: | 19 ac 02 26 35 13 af 2e 67 f6 83 19 a1 14 8e 2d Aug 26 13:22:06.541397: | 0a b9 a3 60 7f 03 02 55 85 4d a6 d0 08 96 78 45 Aug 26 13:22:06.541404: | 72 1b b4 fe 48 49 f4 c9 4c e6 8e 6c 73 e6 41 ad Aug 26 13:22:06.541412: | 0c f8 f7 2c 6b fa 48 ae 01 b5 96 50 e5 92 0f 47 Aug 26 13:22:06.541419: | 99 55 e8 9d e2 b4 c0 0e ac 25 08 ac 0d f1 e5 90 Aug 26 13:22:06.541427: | 48 33 86 c7 4b 8c 41 19 21 24 a4 f0 13 3a b1 27 Aug 26 13:22:06.541434: | fd a1 3f d0 13 2d 38 59 c8 1d ee b2 Aug 26 13:22:06.541473: ERROR: "north-dpd/0x2" #4: sendto on eth1 to 192.1.2.23:500 failed in EVENT_RETRANSMIT. Errno 113: No route to host Aug 26 13:22:06.541488: | libevent_free: release ptr-libevent@0x7f83ac002888 Aug 26 13:22:06.541498: | free_event_entry: release EVENT_RETRANSMIT-pe@0x5649f9ab9998 Aug 26 13:22:06.541519: | #4 spent 0.568 milliseconds in timer_event_cb() EVENT_RETRANSMIT Aug 26 13:22:06.541535: | stop processing: state #4 connection "north-dpd/0x2" from 192.1.2.23 (in timer_event_cb() at timer.c:557) Aug 26 13:22:06.541547: | timer_event_cb: processing event@0x7f83ac002b78 Aug 26 13:22:06.541556: | handling event EVENT_RETRANSMIT for child state #5 Aug 26 13:22:06.541569: | start processing: state #5 connection "north-dpd/0x1" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 13:22:06.541580: | IKEv1 retransmit event Aug 26 13:22:06.541593: | [RE]START processing: state #5 connection "north-dpd/0x1" from 192.1.2.23 (in retransmit_v1_msg() at retry.c:61) Aug 26 13:22:06.541606: | handling event EVENT_RETRANSMIT for 192.1.2.23 "north-dpd/0x1" #5 keying attempt 1 of 0; retransmit 6 Aug 26 13:22:06.541622: | retransmits: current time 11012.28408; retransmit count 5 exceeds limit? NO; deltatime 16 exceeds limit? NO; monotime 16.016983 exceeds limit? NO Aug 26 13:22:06.541632: | event_schedule: new EVENT_RETRANSMIT-pe@0x5649f9ab9998 Aug 26 13:22:06.541644: | inserting event EVENT_RETRANSMIT, timeout in 16 seconds for #5 Aug 26 13:22:06.541653: | libevent_malloc: new ptr-libevent@0x7f83ac002888 size 128 Aug 26 13:22:06.541664: "north-dpd/0x1" #5: STATE_QUICK_I1: retransmission; will wait 16 seconds for response Aug 26 13:22:06.541680: | sending 476 bytes for EVENT_RETRANSMIT through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #5) Aug 26 13:22:06.541688: | ff 46 30 fd 82 4a 54 6b d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:06.541696: | 08 10 20 01 7d 20 6b 25 00 00 01 dc 06 da 19 89 Aug 26 13:22:06.541704: | 8a a9 73 2c 98 64 09 8e 3d 35 41 39 89 5a 06 99 Aug 26 13:22:06.541712: | b9 cf 99 2e b9 dc 87 6f e0 6c 86 d3 61 5b 0c 30 Aug 26 13:22:06.541724: | 7a 0b 3c 1a de 14 8b 23 eb d7 be 3e 19 dc ba e6 Aug 26 13:22:06.541745: | 1a 88 cd 3f fb 47 b9 ba 7a 1e 38 4a ff eb 10 ba Aug 26 13:22:06.541758: | 1e 7b 51 89 f0 b4 1b 9f 4d 55 52 5a d6 5b 7f 28 Aug 26 13:22:06.541771: | 18 0e ef c0 8b 3d 52 95 80 aa 1e a4 57 71 f4 4f Aug 26 13:22:06.541782: | 52 53 2b 59 7a 8a 25 c9 44 df 7c 4c 8e 4f 93 8f Aug 26 13:22:06.541794: | cf 98 54 bb 0c ce ce bc c7 fa c9 5e 21 dc b2 34 Aug 26 13:22:06.541806: | 22 ca 14 84 84 38 d1 42 ae ea d9 7a 51 99 dd e2 Aug 26 13:22:06.541819: | 48 d0 47 e0 a8 41 db c7 0b 76 70 ce c2 6c 6d 10 Aug 26 13:22:06.541827: | e8 07 4c ce 8c 4a a1 13 34 f3 55 2c 94 d1 3a eb Aug 26 13:22:06.541834: | bb 10 c2 bc b0 f2 41 00 f4 40 fb 25 c0 37 fc fe Aug 26 13:22:06.541842: | a3 be ad 88 e9 ef 44 12 bc b1 c8 0a d2 e0 79 e9 Aug 26 13:22:06.541849: | 7f ec 40 6c a9 a4 56 95 e8 02 cd 6c c1 ad d7 e2 Aug 26 13:22:06.541857: | 6b a0 29 48 2e 7c cc e6 55 b0 ac ee 47 6c a1 92 Aug 26 13:22:06.541864: | 32 79 ca 7e 39 53 c4 50 64 65 65 43 19 9a 7e 71 Aug 26 13:22:06.541872: | 9d 77 19 d7 11 34 9f 3e c4 96 b5 e7 ac d0 07 c7 Aug 26 13:22:06.541879: | b9 3e c0 7e a3 9b 01 f5 b7 2d ee 27 c6 9a e6 b9 Aug 26 13:22:06.541887: | 50 77 67 09 de 58 eb 77 b5 39 e4 7c 37 ff 34 05 Aug 26 13:22:06.541894: | e3 a2 3b 9e b3 74 1b 39 4b 02 25 cf 27 29 cc 35 Aug 26 13:22:06.541902: | 09 1e 53 36 e6 ac f5 61 9d 67 8d 66 b7 4c 07 c7 Aug 26 13:22:06.541909: | 84 37 4b 97 96 0f 9f d9 fb 91 70 de 96 80 52 a9 Aug 26 13:22:06.541917: | 4a 02 48 62 9f 10 51 31 7e a0 4f 67 db aa af 32 Aug 26 13:22:06.541924: | 8f e8 ec 00 0f e8 0f 85 21 36 fb 48 d5 2d a2 5d Aug 26 13:22:06.541932: | 3f 9f f2 67 8a 10 20 b8 e7 76 77 6d 9d b2 c7 81 Aug 26 13:22:06.541939: | 91 9d 38 88 c5 e0 34 4e 5f f6 77 fd e8 dd 9b c9 Aug 26 13:22:06.541947: | 27 eb 56 fa fa 18 fc ef 8b 10 7a c5 93 1c c7 81 Aug 26 13:22:06.541954: | a7 49 13 1c 56 64 a3 f6 e6 d7 42 55 Aug 26 13:22:06.541979: ERROR: "north-dpd/0x1" #5: sendto on eth1 to 192.1.2.23:500 failed in EVENT_RETRANSMIT. Errno 113: No route to host Aug 26 13:22:06.541990: | libevent_free: release ptr-libevent@0x7f83c00072f8 Aug 26 13:22:06.542000: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f83ac002b78 Aug 26 13:22:06.542016: | #5 spent 0.465 milliseconds in timer_event_cb() EVENT_RETRANSMIT Aug 26 13:22:06.542029: | stop processing: state #5 connection "north-dpd/0x1" from 192.1.2.23 (in timer_event_cb() at timer.c:557) Aug 26 13:22:17.291430: | processing global timer EVENT_SHUNT_SCAN Aug 26 13:22:17.291486: | expiring aged bare shunts from shunt table Aug 26 13:22:17.291506: | spent 0.017 milliseconds in global timer EVENT_SHUNT_SCAN Aug 26 13:22:17.479732: | spent 0.0104 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:22:17.479810: | NAT-T keep-alive (bogus ?) should not reach this point. Ignored. Sender: 192.1.2.23:500 Aug 26 13:22:17.479834: | spent 0.0499 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:22:17.479943: | spent 0.00795 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:22:17.479985: | NAT-T keep-alive (bogus ?) should not reach this point. Ignored. Sender: 192.1.2.23:500 Aug 26 13:22:17.480007: | spent 0.0387 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:22:20.237619: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:22:20.237909: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 13:22:20.237916: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 13:22:20.238113: | FOR_EACH_STATE_... in show_states_status (sort_states) Aug 26 13:22:20.238118: | FOR_EACH_STATE_... in sort_states Aug 26 13:22:20.238141: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:22:20.238149: | spent 0.537 milliseconds in whack Aug 26 13:22:20.291742: | kernel_process_msg_cb process netlink message Aug 26 13:22:20.291769: | netlink_get: XFRM_MSG_UPDPOLICY message Aug 26 13:22:20.291785: | spent 0.0184 milliseconds in kernel message Aug 26 13:22:20.361880: | kernel_process_msg_cb process netlink message Aug 26 13:22:20.361906: | netlink_get: XFRM_MSG_ACQUIRE message Aug 26 13:22:20.361910: | xfrm netlink msg len 376 Aug 26 13:22:20.361913: | xfrm acquire rtattribute type 5 Aug 26 13:22:20.361915: | xfrm acquire rtattribute type 16 Aug 26 13:22:20.361926: | add bare shunt 0x5649f9ab5ec8 192.0.3.254/32:8 --1--> 192.0.2.254/32:0 => %hold 0 %acquire-netlink Aug 26 13:22:20.361933: initiate on demand from 192.0.3.254:8 to 192.0.2.254:0 proto=1 because: acquire Aug 26 13:22:20.361938: | find_connection: looking for policy for connection: 192.0.3.254:1/8 -> 192.0.2.254:1/0 Aug 26 13:22:20.361941: | FOR_EACH_CONNECTION_... in find_connection_for_clients Aug 26 13:22:20.361946: | find_connection: conn "north-dpd/0x1" has compatible peers: 192.0.3.0/24 -> 192.0.2.0/24 [pri: 25214986] Aug 26 13:22:20.361949: | find_connection: first OK "north-dpd/0x1" [pri:25214986]{0x5649f9ab4e08} (child none) Aug 26 13:22:20.361953: | find_connection: concluding with "north-dpd/0x1" [pri:25214986]{0x5649f9ab4e08} kind=CK_PERMANENT Aug 26 13:22:20.361957: | assign hold, routing was prospective erouted, needs to be erouted HOLD Aug 26 13:22:20.361959: | assign_holdpass() need broad(er) shunt Aug 26 13:22:20.361962: | priority calculation of connection "north-dpd/0x1" is 0xfe7e7 Aug 26 13:22:20.361968: | eroute_connection replace %trap with broad %pass or %hold eroute 192.0.3.0/24:0 --0-> 192.0.2.0/24:0 => %hold>%hold (raw_eroute) Aug 26 13:22:20.361975: | netlink_raw_eroute: SPI_HOLD implemented as no-op Aug 26 13:22:20.361979: | raw_eroute result=success Aug 26 13:22:20.361981: | assign_holdpass() eroute_connection() done Aug 26 13:22:20.361984: | fiddle_bare_shunt called Aug 26 13:22:20.361986: | fiddle_bare_shunt with transport_proto 1 Aug 26 13:22:20.361989: | removing specific host-to-host bare shunt Aug 26 13:22:20.361993: | delete narrow %hold eroute 192.0.3.254/32:8 --1-> 192.0.2.254/32:0 => %hold (raw_eroute) Aug 26 13:22:20.361996: | netlink_raw_eroute: SPI_PASS Aug 26 13:22:20.362012: | raw_eroute result=success Aug 26 13:22:20.362016: | raw_eroute with op='delete' for transport_proto='1' kernel shunt succeeded, bare shunt lookup succeeded Aug 26 13:22:20.362021: | delete bare shunt 0x5649f9ab5ec8 192.0.3.254/32:8 --1--> 192.0.2.254/32:0 => %hold 0 %acquire-netlink Aug 26 13:22:20.362023: assign_holdpass() delete_bare_shunt() failed Aug 26 13:22:20.362025: initiate_ondemand_body() failed to install negotiation_shunt, Aug 26 13:22:20.362027: | FOR_EACH_STATE_... in find_phase1_state Aug 26 13:22:20.362032: | creating state object #6 at 0x5649f9ae05d8 Aug 26 13:22:20.362035: | State DB: adding IKEv1 state #6 in UNDEFINED Aug 26 13:22:20.362038: | pstats #6 ikev1.ipsec started Aug 26 13:22:20.362040: | duplicating state object #1 "north-dpd/0x2" as #6 for IPSEC SA Aug 26 13:22:20.362043: | #6 setting local endpoint to 192.1.3.33:500 from #1.st_localport (in duplicate_state() at state.c:1484) Aug 26 13:22:20.362047: | in connection_discard for connection north-dpd/0x2 Aug 26 13:22:20.362050: | start processing: state #6 connection "north-dpd/0x1" from 192.1.2.23 (in quick_outI1() at ikev1_quick.c:685) Aug 26 13:22:20.362059: | child state #6: UNDEFINED(ignore) => QUICK_I1(established CHILD SA) Aug 26 13:22:20.362064: "north-dpd/0x1" #6: initiating Quick Mode RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO {using isakmp#1 msgid:550e82c8 proposal=defaults pfsgroup=MODP2048} Aug 26 13:22:20.362067: | adding quick_outI1 KE work-order 9 for state #6 Aug 26 13:22:20.362069: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f83ac002b78 Aug 26 13:22:20.362072: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #6 Aug 26 13:22:20.362074: | libevent_malloc: new ptr-libevent@0x7f83c00072f8 size 128 Aug 26 13:22:20.362081: | stop processing: state #6 connection "north-dpd/0x1" from 192.1.2.23 (in quick_outI1() at ikev1_quick.c:764) Aug 26 13:22:20.362088: | initiate on demand using RSASIG from 192.0.3.254 to 192.0.2.254 Aug 26 13:22:20.362093: | spent 0.19 milliseconds in kernel message Aug 26 13:22:20.362116: | crypto helper 1 resuming Aug 26 13:22:20.362125: | crypto helper 1 starting work-order 9 for state #6 Aug 26 13:22:20.362129: | crypto helper 1 doing build KE and nonce (quick_outI1 KE); request ID 9 Aug 26 13:22:20.362681: | crypto helper 1 finished build KE and nonce (quick_outI1 KE); request ID 9 time elapsed 0.000552 seconds Aug 26 13:22:20.362690: | (#6) spent 0.553 milliseconds in crypto helper computing work-order 9: quick_outI1 KE (pcr) Aug 26 13:22:20.362692: | crypto helper 1 sending results from work-order 9 for state #6 to event queue Aug 26 13:22:20.362694: | scheduling resume sending helper answer for #6 Aug 26 13:22:20.362696: | libevent_malloc: new ptr-libevent@0x7f83b8004fd8 size 128 Aug 26 13:22:20.362702: | crypto helper 1 waiting (nothing to do) Aug 26 13:22:20.362731: | processing resume sending helper answer for #6 Aug 26 13:22:20.362752: | start processing: state #6 connection "north-dpd/0x1" from 192.1.2.23 (in resume_handler() at server.c:797) Aug 26 13:22:20.362756: | crypto helper 1 replies to request ID 9 Aug 26 13:22:20.362758: | calling continuation function 0x5649f7dc5b50 Aug 26 13:22:20.362760: | quick_outI1_continue for #6: calculated ke+nonce, sending I1 Aug 26 13:22:20.362763: | **emit ISAKMP Message: Aug 26 13:22:20.362765: | initiator cookie: Aug 26 13:22:20.362767: | ff 46 30 fd 82 4a 54 6b Aug 26 13:22:20.362769: | responder cookie: Aug 26 13:22:20.362770: | d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:20.362772: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:20.362774: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 13:22:20.362776: | exchange type: ISAKMP_XCHG_QUICK (0x20) Aug 26 13:22:20.362778: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 13:22:20.362780: | Message ID: 1427014344 (0x550e82c8) Aug 26 13:22:20.362782: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:22:20.362784: | ***emit ISAKMP Hash Payload: Aug 26 13:22:20.362786: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:20.362788: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Aug 26 13:22:20.362790: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'reply packet' Aug 26 13:22:20.362792: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Aug 26 13:22:20.362794: | emitting length of ISAKMP Hash Payload: 36 Aug 26 13:22:20.362796: | emitting quick defaults using policy none Aug 26 13:22:20.362798: | empty esp_info, returning defaults for ENCRYPT Aug 26 13:22:20.362800: | ***emit ISAKMP Security Association Payload: Aug 26 13:22:20.362802: | next payload type: ISAKMP_NEXT_NONCE (0xa) Aug 26 13:22:20.362804: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 13:22:20.362806: | next payload chain: ignoring supplied 'ISAKMP Security Association Payload'.'next payload type' value 10:ISAKMP_NEXT_NONCE Aug 26 13:22:20.362808: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Security Association Payload (1:ISAKMP_NEXT_SA) Aug 26 13:22:20.362810: | next payload chain: saving location 'ISAKMP Security Association Payload'.'next payload type' in 'reply packet' Aug 26 13:22:20.362811: | ****emit IPsec DOI SIT: Aug 26 13:22:20.362813: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) Aug 26 13:22:20.362815: | ikev1_out_sa pcn: 0 has 1 valid proposals Aug 26 13:22:20.362817: | ikev1_out_sa pcn: 0 pn: 0<1 valid_count: 1 trans_cnt: 2 Aug 26 13:22:20.362819: | ****emit ISAKMP Proposal Payload: Aug 26 13:22:20.362820: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:20.362822: | proposal number: 0 (0x0) Aug 26 13:22:20.362824: | protocol ID: PROTO_IPSEC_ESP (0x3) Aug 26 13:22:20.362825: | SPI size: 4 (0x4) Aug 26 13:22:20.362827: | number of transforms: 2 (0x2) Aug 26 13:22:20.362829: | last substructure: saving location 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' Aug 26 13:22:20.362842: | netlink_get_spi: allocated 0x6367355e for esp.0@192.1.3.33 Aug 26 13:22:20.362845: | emitting 4 raw bytes of SPI into ISAKMP Proposal Payload Aug 26 13:22:20.362846: | SPI 63 67 35 5e Aug 26 13:22:20.362848: | *****emit ISAKMP Transform Payload (ESP): Aug 26 13:22:20.362850: | next payload type: ISAKMP_NEXT_T (0x3) Aug 26 13:22:20.362851: | ESP transform number: 0 (0x0) Aug 26 13:22:20.362853: | ESP transform ID: ESP_AES (0xc) Aug 26 13:22:20.362855: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' Aug 26 13:22:20.362857: | ******emit ISAKMP IPsec DOI attribute: Aug 26 13:22:20.362859: | af+type: AF+GROUP_DESCRIPTION (0x8003) Aug 26 13:22:20.362860: | length/value: 14 (0xe) Aug 26 13:22:20.362862: | [14 is OAKLEY_GROUP_MODP2048] Aug 26 13:22:20.362864: | ******emit ISAKMP IPsec DOI attribute: Aug 26 13:22:20.362866: | af+type: AF+ENCAPSULATION_MODE (0x8004) Aug 26 13:22:20.362867: | length/value: 1 (0x1) Aug 26 13:22:20.362869: | [1 is ENCAPSULATION_MODE_TUNNEL] Aug 26 13:22:20.362870: | ******emit ISAKMP IPsec DOI attribute: Aug 26 13:22:20.362872: | af+type: AF+SA_LIFE_TYPE (0x8001) Aug 26 13:22:20.362873: | length/value: 1 (0x1) Aug 26 13:22:20.362875: | [1 is SA_LIFE_TYPE_SECONDS] Aug 26 13:22:20.362877: | ******emit ISAKMP IPsec DOI attribute: Aug 26 13:22:20.362878: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) Aug 26 13:22:20.362880: | length/value: 28800 (0x7080) Aug 26 13:22:20.362881: | ******emit ISAKMP IPsec DOI attribute: Aug 26 13:22:20.362883: | af+type: AF+AUTH_ALGORITHM (0x8005) Aug 26 13:22:20.362885: | length/value: 2 (0x2) Aug 26 13:22:20.362886: | [2 is AUTH_ALGORITHM_HMAC_SHA1] Aug 26 13:22:20.362888: | ******emit ISAKMP IPsec DOI attribute: Aug 26 13:22:20.362889: | af+type: AF+KEY_LENGTH (0x8006) Aug 26 13:22:20.362891: | length/value: 128 (0x80) Aug 26 13:22:20.362893: | emitting length of ISAKMP Transform Payload (ESP): 32 Aug 26 13:22:20.362894: | *****emit ISAKMP Transform Payload (ESP): Aug 26 13:22:20.362896: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:20.362897: | ESP transform number: 1 (0x1) Aug 26 13:22:20.362899: | ESP transform ID: ESP_3DES (0x3) Aug 26 13:22:20.362901: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Aug 26 13:22:20.362903: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' Aug 26 13:22:20.362904: | ******emit ISAKMP IPsec DOI attribute: Aug 26 13:22:20.362906: | af+type: AF+GROUP_DESCRIPTION (0x8003) Aug 26 13:22:20.362907: | length/value: 14 (0xe) Aug 26 13:22:20.362909: | [14 is OAKLEY_GROUP_MODP2048] Aug 26 13:22:20.362910: | ******emit ISAKMP IPsec DOI attribute: Aug 26 13:22:20.362912: | af+type: AF+ENCAPSULATION_MODE (0x8004) Aug 26 13:22:20.362913: | length/value: 1 (0x1) Aug 26 13:22:20.362915: | [1 is ENCAPSULATION_MODE_TUNNEL] Aug 26 13:22:20.362916: | ******emit ISAKMP IPsec DOI attribute: Aug 26 13:22:20.362918: | af+type: AF+SA_LIFE_TYPE (0x8001) Aug 26 13:22:20.362920: | length/value: 1 (0x1) Aug 26 13:22:20.362921: | [1 is SA_LIFE_TYPE_SECONDS] Aug 26 13:22:20.362923: | ******emit ISAKMP IPsec DOI attribute: Aug 26 13:22:20.362924: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) Aug 26 13:22:20.362926: | length/value: 28800 (0x7080) Aug 26 13:22:20.362927: | ******emit ISAKMP IPsec DOI attribute: Aug 26 13:22:20.362929: | af+type: AF+AUTH_ALGORITHM (0x8005) Aug 26 13:22:20.362930: | length/value: 2 (0x2) Aug 26 13:22:20.362932: | [2 is AUTH_ALGORITHM_HMAC_SHA1] Aug 26 13:22:20.362933: | emitting length of ISAKMP Transform Payload (ESP): 28 Aug 26 13:22:20.362935: | emitting length of ISAKMP Proposal Payload: 72 Aug 26 13:22:20.362937: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' is 0 Aug 26 13:22:20.362940: | emitting length of ISAKMP Security Association Payload: 84 Aug 26 13:22:20.362941: | last substructure: checking 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' is 0 Aug 26 13:22:20.362944: | ***emit ISAKMP Nonce Payload: Aug 26 13:22:20.362945: | next payload type: ISAKMP_NEXT_KE (0x4) Aug 26 13:22:20.362947: | next payload chain: ignoring supplied 'ISAKMP Nonce Payload'.'next payload type' value 4:ISAKMP_NEXT_KE Aug 26 13:22:20.362949: | next payload chain: setting previous 'ISAKMP Security Association Payload'.'next payload type' to current ISAKMP Nonce Payload (10:ISAKMP_NEXT_NONCE) Aug 26 13:22:20.362951: | next payload chain: saving location 'ISAKMP Nonce Payload'.'next payload type' in 'reply packet' Aug 26 13:22:20.362953: | emitting 32 raw bytes of Ni into ISAKMP Nonce Payload Aug 26 13:22:20.362955: | Ni 0f f2 89 2c 83 e1 1a 83 b2 d1 05 6d 12 62 26 79 Aug 26 13:22:20.362956: | Ni 1e 70 2a 29 e4 62 1a 79 20 e0 9b 38 71 ee df 7e Aug 26 13:22:20.362958: | emitting length of ISAKMP Nonce Payload: 36 Aug 26 13:22:20.362960: | ***emit ISAKMP Key Exchange Payload: Aug 26 13:22:20.362962: | next payload type: ISAKMP_NEXT_ID (0x5) Aug 26 13:22:20.362963: | next payload chain: ignoring supplied 'ISAKMP Key Exchange Payload'.'next payload type' value 5:ISAKMP_NEXT_ID Aug 26 13:22:20.362965: | next payload chain: setting previous 'ISAKMP Nonce Payload'.'next payload type' to current ISAKMP Key Exchange Payload (4:ISAKMP_NEXT_KE) Aug 26 13:22:20.362967: | next payload chain: saving location 'ISAKMP Key Exchange Payload'.'next payload type' in 'reply packet' Aug 26 13:22:20.362969: | emitting 256 raw bytes of keyex value into ISAKMP Key Exchange Payload Aug 26 13:22:20.362971: | keyex value 2c 69 8c 11 f3 90 6d 2d 49 0c f0 75 75 a6 05 06 Aug 26 13:22:20.362972: | keyex value 01 28 57 92 9d b7 07 51 f9 92 c8 c3 9b 7d ed 1a Aug 26 13:22:20.362974: | keyex value 14 09 12 4c 00 d1 e5 04 a9 23 09 70 67 2c a3 29 Aug 26 13:22:20.362975: | keyex value 81 e7 3f a0 31 22 5b 52 8e 77 d9 51 36 68 6c 47 Aug 26 13:22:20.362977: | keyex value 03 93 8a 8f a7 e1 e4 68 93 74 79 64 5a bb 17 61 Aug 26 13:22:20.362978: | keyex value 41 d3 4f 21 17 2f c7 a3 fd 6b 63 62 10 8f 3a 3b Aug 26 13:22:20.362980: | keyex value 59 74 f6 f1 79 4b f6 41 f1 15 6c 75 30 f0 2a 39 Aug 26 13:22:20.362981: | keyex value 0d f3 a6 c8 c0 8b 96 e3 d1 37 21 1e 41 fe 08 ea Aug 26 13:22:20.362983: | keyex value cd 2b d3 f5 17 47 4f 87 bb 15 a0 9a 8a 8d 8b 50 Aug 26 13:22:20.362984: | keyex value 69 f4 35 f8 86 e2 3e 74 43 78 cc df 4d d9 58 d2 Aug 26 13:22:20.362986: | keyex value 75 3d 2a 62 4f a8 59 90 40 b8 8b 04 f8 4f c9 ed Aug 26 13:22:20.362987: | keyex value 81 8f 4a 5a 2c 9b c7 f4 a3 29 47 cd aa bf 5c b5 Aug 26 13:22:20.362989: | keyex value a7 54 c1 bb 89 43 7f 08 db 16 6b cb 91 cb 90 f8 Aug 26 13:22:20.362990: | keyex value ca ef 22 22 ee 09 fd 85 92 d5 ed ff 9f 34 da 0d Aug 26 13:22:20.362992: | keyex value 4a 24 ae f3 1f 82 a7 35 f7 a5 88 29 6c d8 8c cb Aug 26 13:22:20.362993: | keyex value 3e 82 d6 52 ac c1 f8 76 a7 12 49 d6 17 ab 1c 98 Aug 26 13:22:20.362995: | emitting length of ISAKMP Key Exchange Payload: 260 Aug 26 13:22:20.362997: | ***emit ISAKMP Identification Payload (IPsec DOI): Aug 26 13:22:20.362998: | next payload type: ISAKMP_NEXT_ID (0x5) Aug 26 13:22:20.363001: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Aug 26 13:22:20.363002: | Protocol ID: 0 (0x0) Aug 26 13:22:20.363004: | port: 0 (0x0) Aug 26 13:22:20.363005: | next payload chain: ignoring supplied 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' value 5:ISAKMP_NEXT_ID Aug 26 13:22:20.363007: | next payload chain: setting previous 'ISAKMP Key Exchange Payload'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) Aug 26 13:22:20.363009: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' Aug 26 13:22:20.363012: | emitting 4 raw bytes of client network into ISAKMP Identification Payload (IPsec DOI) Aug 26 13:22:20.363014: | client network c0 00 03 00 Aug 26 13:22:20.363016: | emitting 4 raw bytes of client mask into ISAKMP Identification Payload (IPsec DOI) Aug 26 13:22:20.363017: | client mask ff ff ff 00 Aug 26 13:22:20.363019: | emitting length of ISAKMP Identification Payload (IPsec DOI): 16 Aug 26 13:22:20.363020: | ***emit ISAKMP Identification Payload (IPsec DOI): Aug 26 13:22:20.363022: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:20.363024: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Aug 26 13:22:20.363025: | Protocol ID: 0 (0x0) Aug 26 13:22:20.363026: | port: 0 (0x0) Aug 26 13:22:20.363028: | next payload chain: setting previous 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) Aug 26 13:22:20.363030: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' Aug 26 13:22:20.363032: | emitting 4 raw bytes of client network into ISAKMP Identification Payload (IPsec DOI) Aug 26 13:22:20.363033: | client network c0 00 02 00 Aug 26 13:22:20.363035: | emitting 4 raw bytes of client mask into ISAKMP Identification Payload (IPsec DOI) Aug 26 13:22:20.363037: | client mask ff ff ff 00 Aug 26 13:22:20.363038: | emitting length of ISAKMP Identification Payload (IPsec DOI): 16 Aug 26 13:22:20.363061: | outI1 HASH(1): Aug 26 13:22:20.363064: | 4b f1 8c 31 ae 74 1c b1 bf 9b e8 55 76 75 67 b5 Aug 26 13:22:20.363065: | 2f 61 25 fa 4a 25 60 4f 08 a8 5f fd 4b 7e 35 a2 Aug 26 13:22:20.363071: | no IKEv1 message padding required Aug 26 13:22:20.363073: | emitting length of ISAKMP Message: 476 Aug 26 13:22:20.363084: | sending 476 bytes for reply packet from quick_outI1 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #6) Aug 26 13:22:20.363086: | ff 46 30 fd 82 4a 54 6b d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:20.363087: | 08 10 20 01 55 0e 82 c8 00 00 01 dc 84 3f 95 fa Aug 26 13:22:20.363089: | 97 92 5d ad 7b ec 15 49 50 6e 9c 71 31 f4 f6 db Aug 26 13:22:20.363090: | 37 a4 e2 dc 02 f6 b4 6d 06 40 0e d7 29 2a a6 22 Aug 26 13:22:20.363092: | 90 d8 1f 92 02 ae e3 8a d0 e6 52 47 24 ba 02 45 Aug 26 13:22:20.363093: | 6e 02 74 70 cb 57 35 f5 80 61 0a 67 be 6c 9f 1b Aug 26 13:22:20.363094: | 47 a5 5a 58 83 ba 2e f2 73 57 81 e1 e7 b1 9b af Aug 26 13:22:20.363096: | f8 8c 25 c7 09 32 0b 58 a4 99 39 f8 38 8c 99 4a Aug 26 13:22:20.363097: | d8 f2 92 5d f6 08 17 29 64 aa 1f 94 89 89 01 49 Aug 26 13:22:20.363099: | 0d 78 fd cd e7 29 42 b0 aa ff 64 d3 24 99 b5 8b Aug 26 13:22:20.363100: | 1a 15 55 b8 f8 2d a3 f6 e9 94 33 fc cf fd b5 96 Aug 26 13:22:20.363102: | 71 fc 04 7d 71 e5 b4 1d b6 27 a0 74 83 3c a0 e3 Aug 26 13:22:20.363103: | 42 ce 89 6c 71 8a 96 b3 f8 7c ee 72 f3 8b 07 46 Aug 26 13:22:20.363105: | 0f 53 e6 ff ee 70 18 d8 b1 1e be 13 dc 8e ed 22 Aug 26 13:22:20.363106: | 5b 82 76 0d d8 1a 2a eb 14 62 d8 f3 6c ac 91 4b Aug 26 13:22:20.363108: | 0c 87 4d 67 73 2a 0d f3 49 a5 25 58 1d 66 66 dc Aug 26 13:22:20.363109: | 35 9f f8 f6 f1 af 23 cf ae 7e 7e bc c5 1a 06 02 Aug 26 13:22:20.363110: | a4 e9 29 91 d7 6a 38 05 c4 0b b9 31 f4 21 6f 4c Aug 26 13:22:20.363112: | 03 fe 04 6f 19 f2 68 50 57 66 8a a6 1f df eb 42 Aug 26 13:22:20.363113: | 79 8a b1 55 32 9b 73 6c 01 a6 7e c9 bf 65 21 cc Aug 26 13:22:20.363115: | cb 39 cc fd 15 63 ff a0 94 53 14 06 5e bb f9 85 Aug 26 13:22:20.363116: | 36 2c b5 df c6 b0 5f 2b 7e 8a 90 08 86 c0 ee 0b Aug 26 13:22:20.363118: | e4 8a b5 82 11 62 cc 05 c3 fc cd e2 ef a5 81 41 Aug 26 13:22:20.363119: | 01 28 be f6 49 b2 88 6e 0e f8 54 36 f0 2d aa bc Aug 26 13:22:20.363121: | 17 3c d8 c3 4b b6 46 8e bf 13 54 89 fd 0e 0b d3 Aug 26 13:22:20.363122: | 3b 43 bd 46 e4 81 ef a6 ee e1 2c 2c b8 ec c1 b8 Aug 26 13:22:20.363123: | f3 08 74 36 9d c7 1e 53 fb 62 26 c9 23 21 d4 23 Aug 26 13:22:20.363126: | 54 85 fb 42 64 0d 0a 64 55 ed ec c6 8f 8c f2 c7 Aug 26 13:22:20.363128: | 6e de 8d 3e 68 07 bf e6 2a d6 56 12 5b 11 74 7a Aug 26 13:22:20.363129: | 9d 6b bb 15 bd 1d f3 7d 16 f4 db 26 Aug 26 13:22:20.363164: | state #6 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:22:20.363182: | libevent_free: release ptr-libevent@0x7f83c00072f8 Aug 26 13:22:20.363184: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f83ac002b78 Aug 26 13:22:20.363187: | event_schedule: new EVENT_RETRANSMIT-pe@0x7f83ac002b78 Aug 26 13:22:20.363189: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #6 Aug 26 13:22:20.363191: | libevent_malloc: new ptr-libevent@0x5649f9ada878 size 128 Aug 26 13:22:20.363195: | #6 STATE_QUICK_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 11026.105653 Aug 26 13:22:20.363197: | resume sending helper answer for #6 suppresed complete_v1_state_transition() Aug 26 13:22:20.363201: | #6 spent 0.424 milliseconds in resume sending helper answer Aug 26 13:22:20.363205: | stop processing: state #6 connection "north-dpd/0x1" from 192.1.2.23 (in resume_handler() at server.c:833) Aug 26 13:22:20.363207: | libevent_free: release ptr-libevent@0x7f83b8004fd8 Aug 26 13:22:20.365892: | spent 0.00216 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:22:20.365909: | *received 460 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 13:22:20.365912: | ff 46 30 fd 82 4a 54 6b d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:20.365914: | 08 10 20 01 55 0e 82 c8 00 00 01 cc b4 c4 64 49 Aug 26 13:22:20.365915: | 37 a3 0a 27 77 88 1f a7 d2 00 50 b0 c7 a8 f7 47 Aug 26 13:22:20.365917: | 50 8f ce 39 f0 d2 76 02 91 48 85 f3 b7 ea f6 de Aug 26 13:22:20.365918: | 44 45 32 ae db a2 e5 6e 45 d3 6b a2 d7 13 80 27 Aug 26 13:22:20.365920: | a8 5c 50 8c 32 5f 00 dc 29 99 e8 18 df ab a1 d7 Aug 26 13:22:20.365921: | 7b 57 6e 1e ee 41 76 08 dd af 65 23 35 b1 32 e4 Aug 26 13:22:20.365923: | 0d 5a c6 84 94 e2 26 69 b3 61 4c ee 68 3a dd 6f Aug 26 13:22:20.365924: | 6d 30 82 3f 75 a4 16 ef 75 bf a3 9a b6 bf f8 f3 Aug 26 13:22:20.365926: | 62 b8 b3 34 31 6d 43 ce d2 35 d9 3e bc 05 fe 89 Aug 26 13:22:20.365927: | 4c b0 64 ab ed d6 ed e6 5e 92 3a 2c 66 bc db 1b Aug 26 13:22:20.365929: | 5c c8 45 a6 c5 b1 54 25 c7 f6 84 c7 c1 3f 1b 83 Aug 26 13:22:20.365930: | f8 5f 5e 95 63 84 34 26 46 c3 7f 3e 95 3a 3b c2 Aug 26 13:22:20.365945: | 26 72 67 f9 ab 9a a8 3c ed a2 57 f4 9b 3c 7c 29 Aug 26 13:22:20.365946: | e2 74 9b 1f 23 d1 ef bd 2c c9 37 66 e0 6e 5f 63 Aug 26 13:22:20.365948: | 9f 3d e0 b3 f5 e3 d7 e6 18 c6 be 54 89 c7 56 6a Aug 26 13:22:20.365949: | e0 ee 03 db af 0e 9f 27 5f 17 8c 20 25 3a b5 92 Aug 26 13:22:20.365951: | 59 a2 27 23 f5 44 68 7b bb 3f 7f 81 07 35 81 f4 Aug 26 13:22:20.365952: | 89 f1 e1 9d 36 49 73 d5 ce a8 58 7b 1e 56 8c 1f Aug 26 13:22:20.365954: | 07 2b 21 eb 18 9d db 22 1e e6 da c1 12 33 28 e4 Aug 26 13:22:20.365955: | a2 d2 13 7b 69 5a 87 97 fb 27 98 69 e6 bf 32 be Aug 26 13:22:20.365957: | 39 26 b0 fa d2 50 a8 1f 64 c7 c6 bf e0 a9 c4 27 Aug 26 13:22:20.365958: | 8f 65 5d 3e 47 35 ee 45 0f cb 54 b1 8a 9c c0 2b Aug 26 13:22:20.365960: | b0 1d c0 3b e8 f9 4d f1 63 a5 ae c5 c2 2c fc c5 Aug 26 13:22:20.365961: | f8 8b 77 56 15 7b 63 43 60 77 56 2a e1 bf af bd Aug 26 13:22:20.365962: | cd eb ad 67 dd 85 c9 85 85 f4 26 7a c6 a6 77 e4 Aug 26 13:22:20.365964: | e6 1d a9 f2 d8 83 cd bb ab 03 04 cb d2 54 e4 18 Aug 26 13:22:20.365965: | 48 99 a3 b9 e1 3a 4c 7d 20 b7 2f fb 43 a4 94 77 Aug 26 13:22:20.365967: | 02 5c 93 70 79 6a 2d 13 98 d2 07 7a Aug 26 13:22:20.365970: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 13:22:20.365972: | **parse ISAKMP Message: Aug 26 13:22:20.365974: | initiator cookie: Aug 26 13:22:20.365975: | ff 46 30 fd 82 4a 54 6b Aug 26 13:22:20.365977: | responder cookie: Aug 26 13:22:20.365980: | d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:20.365982: | next payload type: ISAKMP_NEXT_HASH (0x8) Aug 26 13:22:20.365984: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 13:22:20.365986: | exchange type: ISAKMP_XCHG_QUICK (0x20) Aug 26 13:22:20.365987: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 13:22:20.365989: | Message ID: 1427014344 (0x550e82c8) Aug 26 13:22:20.365991: | length: 460 (0x1cc) Aug 26 13:22:20.365993: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32) Aug 26 13:22:20.365995: | State DB: found IKEv1 state #6 in QUICK_I1 (find_state_ikev1) Aug 26 13:22:20.365998: | start processing: state #6 connection "north-dpd/0x1" from 192.1.2.23 (in process_v1_packet() at ikev1.c:1633) Aug 26 13:22:20.366000: | #6 is idle Aug 26 13:22:20.366001: | #6 idle Aug 26 13:22:20.366004: | received encrypted packet from 192.1.2.23:500 Aug 26 13:22:20.366012: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x502 opt: 0x200030 Aug 26 13:22:20.366015: | ***parse ISAKMP Hash Payload: Aug 26 13:22:20.366016: | next payload type: ISAKMP_NEXT_SA (0x1) Aug 26 13:22:20.366018: | length: 36 (0x24) Aug 26 13:22:20.366020: | got payload 0x2 (ISAKMP_NEXT_SA) needed: 0x402 opt: 0x200030 Aug 26 13:22:20.366022: | ***parse ISAKMP Security Association Payload: Aug 26 13:22:20.366023: | next payload type: ISAKMP_NEXT_NONCE (0xa) Aug 26 13:22:20.366025: | length: 56 (0x38) Aug 26 13:22:20.366026: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 13:22:20.366028: | got payload 0x400 (ISAKMP_NEXT_NONCE) needed: 0x400 opt: 0x200030 Aug 26 13:22:20.366030: | ***parse ISAKMP Nonce Payload: Aug 26 13:22:20.366031: | next payload type: ISAKMP_NEXT_KE (0x4) Aug 26 13:22:20.366033: | length: 36 (0x24) Aug 26 13:22:20.366035: | got payload 0x10 (ISAKMP_NEXT_KE) needed: 0x0 opt: 0x200030 Aug 26 13:22:20.366036: | ***parse ISAKMP Key Exchange Payload: Aug 26 13:22:20.366038: | next payload type: ISAKMP_NEXT_ID (0x5) Aug 26 13:22:20.366039: | length: 260 (0x104) Aug 26 13:22:20.366041: | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030 Aug 26 13:22:20.366043: | ***parse ISAKMP Identification Payload (IPsec DOI): Aug 26 13:22:20.366044: | next payload type: ISAKMP_NEXT_ID (0x5) Aug 26 13:22:20.366046: | length: 16 (0x10) Aug 26 13:22:20.366047: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Aug 26 13:22:20.366049: | Protocol ID: 0 (0x0) Aug 26 13:22:20.366050: | port: 0 (0x0) Aug 26 13:22:20.366052: | obj: c0 00 03 00 ff ff ff 00 Aug 26 13:22:20.366054: | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030 Aug 26 13:22:20.366055: | ***parse ISAKMP Identification Payload (IPsec DOI): Aug 26 13:22:20.366057: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:20.366058: | length: 16 (0x10) Aug 26 13:22:20.366060: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Aug 26 13:22:20.366061: | Protocol ID: 0 (0x0) Aug 26 13:22:20.366063: | port: 0 (0x0) Aug 26 13:22:20.366064: | obj: c0 00 02 00 ff ff ff 00 Aug 26 13:22:20.366066: | removing 12 bytes of padding Aug 26 13:22:20.366079: | quick_inR1_outI2 HASH(2): Aug 26 13:22:20.366082: | 3d 8d 9e 1f 6f d3 c7 44 85 8e d6 aa 67 4a 74 6a Aug 26 13:22:20.366083: | 0e 43 f1 8b ea a5 f9 ab 5c 70 5e 59 e5 ce 63 46 Aug 26 13:22:20.366085: | received 'quick_inR1_outI2' message HASH(2) data ok Aug 26 13:22:20.366087: | ****parse IPsec DOI SIT: Aug 26 13:22:20.366089: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) Aug 26 13:22:20.366091: | ****parse ISAKMP Proposal Payload: Aug 26 13:22:20.366093: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:20.366094: | length: 44 (0x2c) Aug 26 13:22:20.366096: | proposal number: 0 (0x0) Aug 26 13:22:20.366097: | protocol ID: PROTO_IPSEC_ESP (0x3) Aug 26 13:22:20.366099: | SPI size: 4 (0x4) Aug 26 13:22:20.366100: | number of transforms: 1 (0x1) Aug 26 13:22:20.366102: | parsing 4 raw bytes of ISAKMP Proposal Payload into SPI Aug 26 13:22:20.366104: | SPI 1d e3 0b 97 Aug 26 13:22:20.366106: | *****parse ISAKMP Transform Payload (ESP): Aug 26 13:22:20.366111: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:20.366112: | length: 32 (0x20) Aug 26 13:22:20.366114: | ESP transform number: 0 (0x0) Aug 26 13:22:20.366115: | ESP transform ID: ESP_AES (0xc) Aug 26 13:22:20.366118: | ******parse ISAKMP IPsec DOI attribute: Aug 26 13:22:20.366119: | af+type: AF+GROUP_DESCRIPTION (0x8003) Aug 26 13:22:20.366121: | length/value: 14 (0xe) Aug 26 13:22:20.366123: | [14 is OAKLEY_GROUP_MODP2048] Aug 26 13:22:20.366124: | ******parse ISAKMP IPsec DOI attribute: Aug 26 13:22:20.366126: | af+type: AF+ENCAPSULATION_MODE (0x8004) Aug 26 13:22:20.366127: | length/value: 1 (0x1) Aug 26 13:22:20.366129: | [1 is ENCAPSULATION_MODE_TUNNEL] Aug 26 13:22:20.366131: | NAT-T non-encap: Installing IPsec SA without ENCAP, st->hidden_variables.st_nat_traversal is none Aug 26 13:22:20.366133: | ******parse ISAKMP IPsec DOI attribute: Aug 26 13:22:20.366134: | af+type: AF+SA_LIFE_TYPE (0x8001) Aug 26 13:22:20.366136: | length/value: 1 (0x1) Aug 26 13:22:20.366137: | [1 is SA_LIFE_TYPE_SECONDS] Aug 26 13:22:20.366139: | ******parse ISAKMP IPsec DOI attribute: Aug 26 13:22:20.366140: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) Aug 26 13:22:20.366142: | length/value: 28800 (0x7080) Aug 26 13:22:20.366144: | ******parse ISAKMP IPsec DOI attribute: Aug 26 13:22:20.366145: | af+type: AF+AUTH_ALGORITHM (0x8005) Aug 26 13:22:20.366147: | length/value: 2 (0x2) Aug 26 13:22:20.366148: | [2 is AUTH_ALGORITHM_HMAC_SHA1] Aug 26 13:22:20.366150: | ******parse ISAKMP IPsec DOI attribute: Aug 26 13:22:20.366152: | af+type: AF+KEY_LENGTH (0x8006) Aug 26 13:22:20.366153: | length/value: 128 (0x80) Aug 26 13:22:20.366155: | ESP IPsec Transform verified unconditionally; no alg_info to check against Aug 26 13:22:20.366164: | started looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org of kind PKK_PSK Aug 26 13:22:20.366169: | actually looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org of kind PKK_PSK Aug 26 13:22:20.366174: | line 0: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org) to type PKK_RSA Aug 26 13:22:20.366177: | line 1: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org) to type PKK_RSA Aug 26 13:22:20.366179: | concluding with best_match=000 best=(nil) (lineno=-1) Aug 26 13:22:20.366180: | no PreShared Key Found Aug 26 13:22:20.366183: | adding quick outI2 DH work-order 10 for state #6 Aug 26 13:22:20.366184: | state #6 requesting EVENT_RETRANSMIT to be deleted Aug 26 13:22:20.366186: | #6 STATE_QUICK_I1: retransmits: cleared Aug 26 13:22:20.366189: | libevent_free: release ptr-libevent@0x5649f9ada878 Aug 26 13:22:20.366190: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f83ac002b78 Aug 26 13:22:20.366192: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f83ac002b78 Aug 26 13:22:20.366195: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #6 Aug 26 13:22:20.366197: | libevent_malloc: new ptr-libevent@0x7f83b8004fd8 size 128 Aug 26 13:22:20.366204: | complete v1 state transition with STF_SUSPEND Aug 26 13:22:20.366222: | [RE]START processing: state #6 connection "north-dpd/0x1" from 192.1.2.23 (in complete_v1_state_transition() at ikev1.c:2648) Aug 26 13:22:20.366224: | suspending state #6 and saving MD Aug 26 13:22:20.366226: | #6 is busy; has a suspended MD Aug 26 13:22:20.366229: | #6 spent 0.141 milliseconds in process_packet_tail() Aug 26 13:22:20.366233: | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) Aug 26 13:22:20.366231: | crypto helper 3 resuming Aug 26 13:22:20.366238: | stop processing: state #6 connection "north-dpd/0x1" from 192.1.2.23 (in process_md() at demux.c:382) Aug 26 13:22:20.366246: | crypto helper 3 starting work-order 10 for state #6 Aug 26 13:22:20.366250: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:22:20.366254: | crypto helper 3 doing compute dh (V1 Phase 2 PFS) (quick outI2 DH); request ID 10 Aug 26 13:22:20.366257: | spent 0.349 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:22:20.366799: | crypto helper 3 finished compute dh (V1 Phase 2 PFS) (quick outI2 DH); request ID 10 time elapsed 0.000545 seconds Aug 26 13:22:20.366808: | (#6) spent 0.547 milliseconds in crypto helper computing work-order 10: quick outI2 DH (pcr) Aug 26 13:22:20.366810: | crypto helper 3 sending results from work-order 10 for state #6 to event queue Aug 26 13:22:20.366812: | scheduling resume sending helper answer for #6 Aug 26 13:22:20.366814: | libevent_malloc: new ptr-libevent@0x7f83bc003e78 size 128 Aug 26 13:22:20.366819: | crypto helper 3 waiting (nothing to do) Aug 26 13:22:20.366858: | processing resume sending helper answer for #6 Aug 26 13:22:20.366867: | start processing: state #6 connection "north-dpd/0x1" from 192.1.2.23 (in resume_handler() at server.c:797) Aug 26 13:22:20.366870: | crypto helper 3 replies to request ID 10 Aug 26 13:22:20.366872: | calling continuation function 0x5649f7dc5b50 Aug 26 13:22:20.366874: | quick_inR1_outI2_continue for #6: calculated ke+nonce, calculating DH Aug 26 13:22:20.366877: | **emit ISAKMP Message: Aug 26 13:22:20.366879: | initiator cookie: Aug 26 13:22:20.366880: | ff 46 30 fd 82 4a 54 6b Aug 26 13:22:20.366882: | responder cookie: Aug 26 13:22:20.366883: | d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:20.366885: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:20.366887: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 13:22:20.366889: | exchange type: ISAKMP_XCHG_QUICK (0x20) Aug 26 13:22:20.366890: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 13:22:20.366892: | Message ID: 1427014344 (0x550e82c8) Aug 26 13:22:20.366894: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:22:20.366897: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address Aug 26 13:22:20.366898: | ID address c0 00 03 00 Aug 26 13:22:20.366900: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID mask Aug 26 13:22:20.366902: | ID mask ff ff ff 00 Aug 26 13:22:20.366904: | our client is subnet 192.0.3.0/24 Aug 26 13:22:20.366906: | our client protocol/port is 0/0 Aug 26 13:22:20.366908: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address Aug 26 13:22:20.366909: | ID address c0 00 02 00 Aug 26 13:22:20.366911: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID mask Aug 26 13:22:20.366913: | ID mask ff ff ff 00 Aug 26 13:22:20.366915: | peer client is subnet 192.0.2.0/24 Aug 26 13:22:20.366916: | peer client protocol/port is 0/0 Aug 26 13:22:20.366918: | ***emit ISAKMP Hash Payload: Aug 26 13:22:20.366920: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:20.366922: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Aug 26 13:22:20.366924: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'reply packet' Aug 26 13:22:20.366926: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Aug 26 13:22:20.366927: | emitting length of ISAKMP Hash Payload: 36 Aug 26 13:22:20.366944: | quick_inR1_outI2 HASH(3): Aug 26 13:22:20.366947: | ab e9 04 b6 b7 46 62 b7 3f 7b 03 b8 fb 74 da 53 Aug 26 13:22:20.366948: | f3 5c a8 61 d4 85 1d 15 21 61 05 7a 75 06 7c 9f Aug 26 13:22:20.366950: | compute_proto_keymat: needed_len (after ESP enc)=16 Aug 26 13:22:20.366953: | compute_proto_keymat: needed_len (after ESP auth)=36 Aug 26 13:22:20.367027: | install_ipsec_sa() for #6: inbound and outbound Aug 26 13:22:20.367030: | could_route called for north-dpd/0x1 (kind=CK_PERMANENT) Aug 26 13:22:20.367032: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:22:20.367034: | conn north-dpd/0x1 mark 0/00000000, 0/00000000 vs Aug 26 13:22:20.367036: | conn north-dpd/0x1 mark 0/00000000, 0/00000000 Aug 26 13:22:20.367038: | conn north-dpd/0x1 mark 0/00000000, 0/00000000 vs Aug 26 13:22:20.367039: | conn north-dpd/0x2 mark 0/00000000, 0/00000000 Aug 26 13:22:20.367042: | route owner of "north-dpd/0x1" prospective erouted: self; eroute owner: self Aug 26 13:22:20.367044: | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 Aug 26 13:22:20.367046: | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 Aug 26 13:22:20.367048: | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 Aug 26 13:22:20.367050: | setting IPsec SA replay-window to 32 Aug 26 13:22:20.367052: | NIC esp-hw-offload not for connection 'north-dpd/0x1' not available on interface eth1 Aug 26 13:22:20.367054: | netlink: enabling tunnel mode Aug 26 13:22:20.367056: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 13:22:20.367058: | netlink: esp-hw-offload not set for IPsec SA Aug 26 13:22:20.367105: | netlink response for Add SA esp.1de30b97@192.1.2.23 included non-error error Aug 26 13:22:20.367108: | set up outgoing SA, ref=0/0 Aug 26 13:22:20.367110: | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 Aug 26 13:22:20.367112: | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 Aug 26 13:22:20.367113: | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 Aug 26 13:22:20.367117: | setting IPsec SA replay-window to 32 Aug 26 13:22:20.367120: | NIC esp-hw-offload not for connection 'north-dpd/0x1' not available on interface eth1 Aug 26 13:22:20.367124: | netlink: enabling tunnel mode Aug 26 13:22:20.367127: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 13:22:20.367130: | netlink: esp-hw-offload not set for IPsec SA Aug 26 13:22:20.367160: | netlink response for Add SA esp.6367355e@192.1.3.33 included non-error error Aug 26 13:22:20.367164: | priority calculation of connection "north-dpd/0x1" is 0xfe7e7 Aug 26 13:22:20.367168: | add inbound eroute 192.0.2.0/24:0 --0-> 192.0.3.0/24:0 => tun.10000@192.1.3.33 (raw_eroute) Aug 26 13:22:20.367170: | IPsec Sa SPD priority set to 1042407 Aug 26 13:22:20.367185: | raw_eroute result=success Aug 26 13:22:20.367189: | set up incoming SA, ref=0/0 Aug 26 13:22:20.367192: | sr for #6: prospective erouted Aug 26 13:22:20.367196: | route_and_eroute() for proto 0, and source port 0 dest port 0 Aug 26 13:22:20.367199: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:22:20.367203: | conn north-dpd/0x1 mark 0/00000000, 0/00000000 vs Aug 26 13:22:20.367206: | conn north-dpd/0x1 mark 0/00000000, 0/00000000 Aug 26 13:22:20.367210: | conn north-dpd/0x1 mark 0/00000000, 0/00000000 vs Aug 26 13:22:20.367214: | conn north-dpd/0x2 mark 0/00000000, 0/00000000 Aug 26 13:22:20.367218: | route owner of "north-dpd/0x1" prospective erouted: self; eroute owner: self Aug 26 13:22:20.367223: | route_and_eroute with c: north-dpd/0x1 (next: none) ero:north-dpd/0x1 esr:{(nil)} ro:north-dpd/0x1 rosr:{(nil)} and state: #6 Aug 26 13:22:20.367227: | priority calculation of connection "north-dpd/0x1" is 0xfe7e7 Aug 26 13:22:20.367237: | eroute_connection replace eroute 192.0.3.0/24:0 --0-> 192.0.2.0/24:0 => tun.0@192.1.2.23>tun.0@192.1.2.23 (raw_eroute) Aug 26 13:22:20.367240: | IPsec Sa SPD priority set to 1042407 Aug 26 13:22:20.367268: | raw_eroute result=success Aug 26 13:22:20.367273: | running updown command "ipsec _updown" for verb up Aug 26 13:22:20.367276: | command executing up-client Aug 26 13:22:20.367307: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:22:20.367332: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:22:20.367344: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-dpd/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENC Aug 26 13:22:20.367347: | popen cmd is 1398 chars long Aug 26 13:22:20.367349: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-dpd/0x1' PLUT: Aug 26 13:22:20.367351: | cmd( 80):O_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_I: Aug 26 13:22:20.367352: | cmd( 160):D='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testin: Aug 26 13:22:20.367354: | cmd( 240):g.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/: Aug 26 13:22:20.367356: | cmd( 320):24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_M: Aug 26 13:22:20.367357: | cmd( 400):Y_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUT: Aug 26 13:22:20.367359: | cmd( 480):O_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=: Aug 26 13:22:20.367361: | cmd( 560):Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.or: Aug 26 13:22:20.367362: | cmd( 640):g' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER: Aug 26 13:22:20.367364: | cmd( 720):_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_P: Aug 26 13:22:20.367366: | cmd( 800):EER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libresw: Aug 26 13:22:20.367367: | cmd( 880):an test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTI: Aug 26 13:22:20.367369: | cmd( 960):ME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+I: Aug 26 13:22:20.367371: | cmd(1040):KE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4: Aug 26 13:22:20.367372: | cmd(1120):' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAI: Aug 26 13:22:20.367374: | cmd(1200):N_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_N: Aug 26 13:22:20.367376: | cmd(1280):M_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x1de30b97: Aug 26 13:22:20.367377: | cmd(1360): SPI_OUT=0x6367355e ipsec _updown 2>&1: Aug 26 13:22:20.374601: | route_and_eroute: firewall_notified: true Aug 26 13:22:20.374613: | route_and_eroute: instance "north-dpd/0x1", setting eroute_owner {spd=0x5649f9ab4f58,sr=0x5649f9ab4f58} to #6 (was #0) (newest_ipsec_sa=#0) Aug 26 13:22:20.374670: | #1 spent 0.811 milliseconds in install_ipsec_sa() Aug 26 13:22:20.374676: | emitting 12 zero bytes of encryption padding into ISAKMP Message Aug 26 13:22:20.374680: | no IKEv1 message padding required Aug 26 13:22:20.374683: | emitting length of ISAKMP Message: 76 Aug 26 13:22:20.374712: | inR1_outI2: instance north-dpd/0x1[0], setting IKEv1 newest_ipsec_sa to #6 (was #0) (spd.eroute=#6) cloned from #1 Aug 26 13:22:20.374717: | DPD: dpd_init() called on IPsec SA Aug 26 13:22:20.374723: | State DB: found IKEv1 state #1 in MAIN_I4 (find_state_ikev1) Aug 26 13:22:20.374728: | event_schedule: new EVENT_DPD-pe@0x5649f9a4e1b8 Aug 26 13:22:20.374730: | inserting event EVENT_DPD, timeout in 3 seconds for #6 Aug 26 13:22:20.374733: | libevent_malloc: new ptr-libevent@0x5649f9aca388 size 128 Aug 26 13:22:20.374740: | complete v1 state transition with STF_OK Aug 26 13:22:20.374743: | [RE]START processing: state #6 connection "north-dpd/0x1" from 192.1.2.23 (in complete_v1_state_transition() at ikev1.c:2673) Aug 26 13:22:20.374745: | #6 is idle Aug 26 13:22:20.374747: | doing_xauth:no, t_xauth_client_done:no Aug 26 13:22:20.374749: | IKEv1: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2 Aug 26 13:22:20.374752: | child state #6: QUICK_I1(established CHILD SA) => QUICK_I2(established CHILD SA) Aug 26 13:22:20.374754: | event_already_set, deleting event Aug 26 13:22:20.374756: | state #6 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:22:20.374759: | libevent_free: release ptr-libevent@0x7f83b8004fd8 Aug 26 13:22:20.374763: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f83ac002b78 Aug 26 13:22:20.374768: | sending reply packet to 192.1.2.23:500 (from 192.1.3.33:500) Aug 26 13:22:20.374775: | sending 76 bytes for STATE_QUICK_I1 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #6) Aug 26 13:22:20.374777: | ff 46 30 fd 82 4a 54 6b d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:20.374779: | 08 10 20 01 55 0e 82 c8 00 00 00 4c 2b 50 cf e7 Aug 26 13:22:20.374780: | 04 5e b4 ab a6 7e 00 8c 97 e1 a3 2e 54 37 c8 c0 Aug 26 13:22:20.374782: | 10 7c d1 e6 bb 7f b0 ee e1 ea a1 00 bf cd d2 aa Aug 26 13:22:20.374783: | 11 ef 1a d3 2a e8 87 49 b7 07 35 01 Aug 26 13:22:20.374825: | !event_already_set at reschedule Aug 26 13:22:20.374844: | event_schedule: new EVENT_SA_REPLACE-pe@0x7f83ac002b78 Aug 26 13:22:20.374846: | inserting event EVENT_SA_REPLACE, timeout in 27829 seconds for #6 Aug 26 13:22:20.374848: | libevent_malloc: new ptr-libevent@0x7f83b8004fd8 size 128 Aug 26 13:22:20.374851: | pstats #6 ikev1.ipsec established Aug 26 13:22:20.374854: | NAT-T: encaps is 'auto' Aug 26 13:22:20.374863: "north-dpd/0x1" #6: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode {ESP=>0x1de30b97 <0x6367355e xfrm=AES_CBC_128-HMAC_SHA1_96 NATOA=none NATD=none DPD=active} Aug 26 13:22:20.374865: | modecfg pull: noquirk policy:push not-client Aug 26 13:22:20.374867: | phase 1 is done, looking for phase 2 to unpend Aug 26 13:22:20.374871: | resume sending helper answer for #6 suppresed complete_v1_state_transition() Aug 26 13:22:20.374876: | #6 spent 1.14 milliseconds in resume sending helper answer Aug 26 13:22:20.374880: | stop processing: state #6 connection "north-dpd/0x1" from 192.1.2.23 (in resume_handler() at server.c:833) Aug 26 13:22:20.374882: | libevent_free: release ptr-libevent@0x7f83bc003e78 Aug 26 13:22:20.374892: | processing signal PLUTO_SIGCHLD Aug 26 13:22:20.374896: | waitpid returned ECHILD (no child processes left) Aug 26 13:22:20.374899: | spent 0.00376 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:22:20.524271: | kernel_process_msg_cb process netlink message Aug 26 13:22:20.524409: | netlink_get: XFRM_MSG_EXPIRE message Aug 26 13:22:20.524446: | netlink_get: XFRM_MSG_EXPIRE message Aug 26 13:22:20.524482: | spent 0.0783 milliseconds in kernel message Aug 26 13:22:22.540614: | timer_event_cb: processing event@0x7f83c0002b78 Aug 26 13:22:22.540647: | handling event EVENT_RETRANSMIT for child state #4 Aug 26 13:22:22.540657: | start processing: state #4 connection "north-dpd/0x2" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 13:22:22.540662: | IKEv1 retransmit event Aug 26 13:22:22.540667: | [RE]START processing: state #4 connection "north-dpd/0x2" from 192.1.2.23 (in retransmit_v1_msg() at retry.c:61) Aug 26 13:22:22.540672: | handling event EVENT_RETRANSMIT for 192.1.2.23 "north-dpd/0x2" #4 keying attempt 1 of 0; retransmit 7 Aug 26 13:22:22.540680: | retransmits: current time 11028.283143; retransmit count 6 exceeds limit? NO; deltatime 32 exceeds limit? NO; monotime 32.016482 exceeds limit? NO Aug 26 13:22:22.540694: | event_schedule: new EVENT_RETRANSMIT-pe@0x7f83bc004218 Aug 26 13:22:22.540699: | inserting event EVENT_RETRANSMIT, timeout in 32 seconds for #4 Aug 26 13:22:22.540704: | libevent_malloc: new ptr-libevent@0x7f83bc003e78 size 128 Aug 26 13:22:22.540709: "north-dpd/0x2" #4: STATE_QUICK_I1: retransmission; will wait 32 seconds for response Aug 26 13:22:22.540717: | sending 476 bytes for EVENT_RETRANSMIT through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #4) Aug 26 13:22:22.540720: | ff 46 30 fd 82 4a 54 6b d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:22.540723: | 08 10 20 01 17 ff 60 cc 00 00 01 dc aa f2 c2 87 Aug 26 13:22:22.540726: | 63 4d 62 af 5c 4e f9 3c 2e 43 28 18 11 e3 58 72 Aug 26 13:22:22.540728: | ae 94 b1 01 a0 c5 7e fe 21 c8 e3 c5 af 34 2f f8 Aug 26 13:22:22.540731: | d7 71 d2 6d dc 35 34 08 45 c0 54 7f d0 f6 68 a3 Aug 26 13:22:22.540734: | e8 74 ed 16 69 45 5b f0 33 8e 51 a4 df 94 7c b1 Aug 26 13:22:22.540736: | 5e 49 51 2a a9 00 17 6b f6 86 bc 11 9d 05 00 96 Aug 26 13:22:22.540739: | e7 98 4a 4f 51 16 87 17 f9 71 1c df ce c3 88 4d Aug 26 13:22:22.540741: | fa 99 64 c0 9c ca ad a6 71 63 a1 e8 3b e8 e9 5c Aug 26 13:22:22.540744: | bd b2 5d 61 ec d5 ca 4e e1 47 5f 05 17 fd 09 e2 Aug 26 13:22:22.540747: | 3f 76 34 fe 77 ad 7a 9c d9 d4 49 5d 6c 3a ce ee Aug 26 13:22:22.540749: | 65 75 61 78 c0 e9 c0 da 61 3d 98 a6 c9 9a c2 bf Aug 26 13:22:22.540752: | 65 8e b6 26 f3 ef 4e 4d 9f 85 9d c0 79 05 7d 78 Aug 26 13:22:22.540755: | 8d 7c d3 e1 34 17 91 a2 cd fc 1a f4 ca af 5d 47 Aug 26 13:22:22.540757: | 19 b8 63 8b 2f c9 67 da 42 e9 fb 85 6d a6 72 a7 Aug 26 13:22:22.540760: | aa 13 82 fd 5b 43 5d 74 1f 63 90 53 83 ea 53 7a Aug 26 13:22:22.540762: | d3 36 21 42 7c 12 a5 3a 5b f5 c2 b3 dd 88 db 02 Aug 26 13:22:22.540765: | 57 6d a8 a4 f7 b0 fc c8 3d f7 15 b3 fe 85 6a 95 Aug 26 13:22:22.540768: | d9 e6 71 3e 8b 57 7d 89 2b e0 51 16 39 a3 51 37 Aug 26 13:22:22.540770: | 00 56 59 ac a5 2a d2 8e 89 4d 14 50 c7 78 09 86 Aug 26 13:22:22.540773: | f0 7e 87 6a 39 9d 85 b2 fa be d1 07 86 0c c9 79 Aug 26 13:22:22.540776: | fb 4b 4d a5 9a d5 0c 78 2b f8 3f 2a 29 c1 05 c3 Aug 26 13:22:22.540778: | ba 2a e9 a7 04 f7 ba 7c 75 ca 15 d2 49 b7 8d f1 Aug 26 13:22:22.540781: | 19 ac 02 26 35 13 af 2e 67 f6 83 19 a1 14 8e 2d Aug 26 13:22:22.540784: | 0a b9 a3 60 7f 03 02 55 85 4d a6 d0 08 96 78 45 Aug 26 13:22:22.540786: | 72 1b b4 fe 48 49 f4 c9 4c e6 8e 6c 73 e6 41 ad Aug 26 13:22:22.540789: | 0c f8 f7 2c 6b fa 48 ae 01 b5 96 50 e5 92 0f 47 Aug 26 13:22:22.540794: | 99 55 e8 9d e2 b4 c0 0e ac 25 08 ac 0d f1 e5 90 Aug 26 13:22:22.540798: | 48 33 86 c7 4b 8c 41 19 21 24 a4 f0 13 3a b1 27 Aug 26 13:22:22.540803: | fd a1 3f d0 13 2d 38 59 c8 1d ee b2 Aug 26 13:22:22.540871: | libevent_free: release ptr-libevent@0x5649f9ab60f8 Aug 26 13:22:22.540883: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f83c0002b78 Aug 26 13:22:22.540894: | #4 spent 0.25 milliseconds in timer_event_cb() EVENT_RETRANSMIT Aug 26 13:22:22.540900: | stop processing: state #4 connection "north-dpd/0x2" from 192.1.2.23 (in timer_event_cb() at timer.c:557) Aug 26 13:22:22.540905: | timer_event_cb: processing event@0x5649f9ab9998 Aug 26 13:22:22.540908: | handling event EVENT_RETRANSMIT for child state #5 Aug 26 13:22:22.540913: | start processing: state #5 connection "north-dpd/0x1" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 13:22:22.540920: | IKEv1 retransmit event Aug 26 13:22:22.540925: | [RE]START processing: state #5 connection "north-dpd/0x1" from 192.1.2.23 (in retransmit_v1_msg() at retry.c:61) Aug 26 13:22:22.540929: | handling event EVENT_RETRANSMIT for 192.1.2.23 "north-dpd/0x1" #5 keying attempt 1 of 0; retransmit 7 Aug 26 13:22:22.540936: | retransmits: current time 11028.283399; retransmit count 6 exceeds limit? NO; deltatime 32 exceeds limit? NO; monotime 32.016302 exceeds limit? NO Aug 26 13:22:22.540944: | event_schedule: new EVENT_RETRANSMIT-pe@0x7f83c0002b78 Aug 26 13:22:22.540949: | inserting event EVENT_RETRANSMIT, timeout in 32 seconds for #5 Aug 26 13:22:22.540952: | libevent_malloc: new ptr-libevent@0x5649f9ab60f8 size 128 Aug 26 13:22:22.540956: "north-dpd/0x1" #5: STATE_QUICK_I1: retransmission; will wait 32 seconds for response Aug 26 13:22:22.540962: | sending 476 bytes for EVENT_RETRANSMIT through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #5) Aug 26 13:22:22.540965: | ff 46 30 fd 82 4a 54 6b d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:22.540967: | 08 10 20 01 7d 20 6b 25 00 00 01 dc 06 da 19 89 Aug 26 13:22:22.540970: | 8a a9 73 2c 98 64 09 8e 3d 35 41 39 89 5a 06 99 Aug 26 13:22:22.540973: | b9 cf 99 2e b9 dc 87 6f e0 6c 86 d3 61 5b 0c 30 Aug 26 13:22:22.540975: | 7a 0b 3c 1a de 14 8b 23 eb d7 be 3e 19 dc ba e6 Aug 26 13:22:22.540978: | 1a 88 cd 3f fb 47 b9 ba 7a 1e 38 4a ff eb 10 ba Aug 26 13:22:22.540980: | 1e 7b 51 89 f0 b4 1b 9f 4d 55 52 5a d6 5b 7f 28 Aug 26 13:22:22.540983: | 18 0e ef c0 8b 3d 52 95 80 aa 1e a4 57 71 f4 4f Aug 26 13:22:22.540986: | 52 53 2b 59 7a 8a 25 c9 44 df 7c 4c 8e 4f 93 8f Aug 26 13:22:22.540988: | cf 98 54 bb 0c ce ce bc c7 fa c9 5e 21 dc b2 34 Aug 26 13:22:22.540991: | 22 ca 14 84 84 38 d1 42 ae ea d9 7a 51 99 dd e2 Aug 26 13:22:22.540994: | 48 d0 47 e0 a8 41 db c7 0b 76 70 ce c2 6c 6d 10 Aug 26 13:22:22.540996: | e8 07 4c ce 8c 4a a1 13 34 f3 55 2c 94 d1 3a eb Aug 26 13:22:22.540999: | bb 10 c2 bc b0 f2 41 00 f4 40 fb 25 c0 37 fc fe Aug 26 13:22:22.541001: | a3 be ad 88 e9 ef 44 12 bc b1 c8 0a d2 e0 79 e9 Aug 26 13:22:22.541004: | 7f ec 40 6c a9 a4 56 95 e8 02 cd 6c c1 ad d7 e2 Aug 26 13:22:22.541007: | 6b a0 29 48 2e 7c cc e6 55 b0 ac ee 47 6c a1 92 Aug 26 13:22:22.541009: | 32 79 ca 7e 39 53 c4 50 64 65 65 43 19 9a 7e 71 Aug 26 13:22:22.541012: | 9d 77 19 d7 11 34 9f 3e c4 96 b5 e7 ac d0 07 c7 Aug 26 13:22:22.541014: | b9 3e c0 7e a3 9b 01 f5 b7 2d ee 27 c6 9a e6 b9 Aug 26 13:22:22.541017: | 50 77 67 09 de 58 eb 77 b5 39 e4 7c 37 ff 34 05 Aug 26 13:22:22.541020: | e3 a2 3b 9e b3 74 1b 39 4b 02 25 cf 27 29 cc 35 Aug 26 13:22:22.541022: | 09 1e 53 36 e6 ac f5 61 9d 67 8d 66 b7 4c 07 c7 Aug 26 13:22:22.541025: | 84 37 4b 97 96 0f 9f d9 fb 91 70 de 96 80 52 a9 Aug 26 13:22:22.541027: | 4a 02 48 62 9f 10 51 31 7e a0 4f 67 db aa af 32 Aug 26 13:22:22.541030: | 8f e8 ec 00 0f e8 0f 85 21 36 fb 48 d5 2d a2 5d Aug 26 13:22:22.541033: | 3f 9f f2 67 8a 10 20 b8 e7 76 77 6d 9d b2 c7 81 Aug 26 13:22:22.541035: | 91 9d 38 88 c5 e0 34 4e 5f f6 77 fd e8 dd 9b c9 Aug 26 13:22:22.541038: | 27 eb 56 fa fa 18 fc ef 8b 10 7a c5 93 1c c7 81 Aug 26 13:22:22.541040: | a7 49 13 1c 56 64 a3 f6 e6 d7 42 55 Aug 26 13:22:22.541062: | libevent_free: release ptr-libevent@0x7f83ac002888 Aug 26 13:22:22.541067: | free_event_entry: release EVENT_RETRANSMIT-pe@0x5649f9ab9998 Aug 26 13:22:22.541073: | #5 spent 0.158 milliseconds in timer_event_cb() EVENT_RETRANSMIT Aug 26 13:22:22.541078: | stop processing: state #5 connection "north-dpd/0x1" from 192.1.2.23 (in timer_event_cb() at timer.c:557) Aug 26 13:22:22.545263: | spent 0.00424 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:22:22.545312: | *received 460 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 13:22:22.545321: | ff 46 30 fd 82 4a 54 6b d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:22.545325: | 08 10 20 01 17 ff 60 cc 00 00 01 cc 91 d8 8d ab Aug 26 13:22:22.545328: | 13 84 10 79 0c 45 94 a3 57 8e f0 7f 3f 6d 6b f8 Aug 26 13:22:22.545331: | d7 6b f0 22 26 d2 a8 2f c2 2e 83 c3 44 3c 19 62 Aug 26 13:22:22.545334: | 86 5b cf ef 37 22 b6 8d f9 ad d8 7d 0f ff 82 88 Aug 26 13:22:22.545337: | 01 54 f3 c1 6c 83 70 02 f3 19 96 3e 7e f9 3d 0f Aug 26 13:22:22.545340: | 1a 2c 33 a0 4c 89 62 34 ac 14 4e 13 bc 8a 21 7b Aug 26 13:22:22.545343: | 00 14 44 6b 60 94 db ed e6 4a 4a 5a d2 27 78 86 Aug 26 13:22:22.545351: | 74 d7 81 87 45 7a d6 73 db 60 52 ee 06 42 1b 02 Aug 26 13:22:22.545354: | 00 6b 63 00 b6 29 9e 77 8e 75 ea d9 f1 da 31 71 Aug 26 13:22:22.545357: | 66 6c a4 4f de 0b 2d eb c1 74 31 16 58 cf b1 68 Aug 26 13:22:22.545360: | e2 95 0e 30 ff fb c6 fd 22 52 53 67 cc bf a7 84 Aug 26 13:22:22.545363: | 67 f3 2d 61 cf 79 66 2c be a8 b7 62 e5 b7 ac 0f Aug 26 13:22:22.545366: | 90 68 d4 c8 a2 d8 e2 01 a7 c6 e8 33 61 82 3b 6b Aug 26 13:22:22.545369: | 47 42 ff d1 78 4b 94 a4 2b 42 3d ab 90 1c 25 00 Aug 26 13:22:22.545372: | 62 5e 9c a1 02 54 b8 c3 cc b8 63 b1 0b 8a 6b 5f Aug 26 13:22:22.545375: | 09 3c 58 ef 71 93 a1 3c 18 23 60 62 04 15 bf 87 Aug 26 13:22:22.545378: | 40 0f cf d4 47 42 33 78 4d 1f cb a9 44 24 f6 88 Aug 26 13:22:22.545381: | 4b 76 c0 04 cd 76 51 14 1e 7f f9 a7 f0 c4 7f 68 Aug 26 13:22:22.545384: | e3 d5 c2 83 f9 f1 ed 71 9a 97 ef 97 13 69 4e 91 Aug 26 13:22:22.545387: | 3f 2a c5 30 a9 b2 7d f8 fe c3 ed 82 e6 68 e3 47 Aug 26 13:22:22.545390: | 53 94 e9 f8 b4 21 43 2b 2d e1 b6 aa 44 fe 24 ae Aug 26 13:22:22.545393: | 89 69 4c e8 b4 7c 2a 87 0a 3e 21 56 cb 9b 1f 01 Aug 26 13:22:22.545396: | 7a 97 65 33 b1 25 44 85 89 2e 84 29 ba ac 67 87 Aug 26 13:22:22.545399: | a0 2a b2 ab ff 41 df b6 78 49 8c 24 8c a2 52 8e Aug 26 13:22:22.545402: | 84 c9 34 c2 23 9b 32 a5 bb bd 3f 31 2f 83 89 93 Aug 26 13:22:22.545405: | 24 f7 d2 b2 c1 6e 08 dc a9 f6 b5 04 64 85 87 05 Aug 26 13:22:22.545408: | f1 56 60 d3 fe fe f0 0a dd 26 4e 38 07 2d 9e d4 Aug 26 13:22:22.545411: | 62 db 0c a7 e8 a7 2a c9 1c de 93 74 Aug 26 13:22:22.545417: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 13:22:22.545422: | **parse ISAKMP Message: Aug 26 13:22:22.545425: | initiator cookie: Aug 26 13:22:22.545428: | ff 46 30 fd 82 4a 54 6b Aug 26 13:22:22.545432: | responder cookie: Aug 26 13:22:22.545434: | d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:22.545438: | next payload type: ISAKMP_NEXT_HASH (0x8) Aug 26 13:22:22.545442: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 13:22:22.545445: | exchange type: ISAKMP_XCHG_QUICK (0x20) Aug 26 13:22:22.545451: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 13:22:22.545454: | Message ID: 402612428 (0x17ff60cc) Aug 26 13:22:22.545458: | length: 460 (0x1cc) Aug 26 13:22:22.545461: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32) Aug 26 13:22:22.545467: | State DB: found IKEv1 state #4 in QUICK_I1 (find_state_ikev1) Aug 26 13:22:22.545473: | start processing: state #4 connection "north-dpd/0x2" from 192.1.2.23 (in process_v1_packet() at ikev1.c:1633) Aug 26 13:22:22.545477: | #4 is idle Aug 26 13:22:22.545480: | #4 idle Aug 26 13:22:22.545484: | received encrypted packet from 192.1.2.23:500 Aug 26 13:22:22.545508: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x502 opt: 0x200030 Aug 26 13:22:22.545512: | ***parse ISAKMP Hash Payload: Aug 26 13:22:22.545516: | next payload type: ISAKMP_NEXT_SA (0x1) Aug 26 13:22:22.545519: | length: 36 (0x24) Aug 26 13:22:22.545523: | got payload 0x2 (ISAKMP_NEXT_SA) needed: 0x402 opt: 0x200030 Aug 26 13:22:22.545527: | ***parse ISAKMP Security Association Payload: Aug 26 13:22:22.545530: | next payload type: ISAKMP_NEXT_NONCE (0xa) Aug 26 13:22:22.545533: | length: 56 (0x38) Aug 26 13:22:22.545536: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 13:22:22.545540: | got payload 0x400 (ISAKMP_NEXT_NONCE) needed: 0x400 opt: 0x200030 Aug 26 13:22:22.545543: | ***parse ISAKMP Nonce Payload: Aug 26 13:22:22.545546: | next payload type: ISAKMP_NEXT_KE (0x4) Aug 26 13:22:22.545549: | length: 36 (0x24) Aug 26 13:22:22.545553: | got payload 0x10 (ISAKMP_NEXT_KE) needed: 0x0 opt: 0x200030 Aug 26 13:22:22.545556: | ***parse ISAKMP Key Exchange Payload: Aug 26 13:22:22.545559: | next payload type: ISAKMP_NEXT_ID (0x5) Aug 26 13:22:22.545562: | length: 260 (0x104) Aug 26 13:22:22.545566: | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030 Aug 26 13:22:22.545572: | ***parse ISAKMP Identification Payload (IPsec DOI): Aug 26 13:22:22.545576: | next payload type: ISAKMP_NEXT_ID (0x5) Aug 26 13:22:22.545579: | length: 16 (0x10) Aug 26 13:22:22.545582: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Aug 26 13:22:22.545585: | Protocol ID: 0 (0x0) Aug 26 13:22:22.545589: | port: 0 (0x0) Aug 26 13:22:22.545592: | obj: c0 00 03 00 ff ff ff 00 Aug 26 13:22:22.545595: | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030 Aug 26 13:22:22.545599: | ***parse ISAKMP Identification Payload (IPsec DOI): Aug 26 13:22:22.545602: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:22.545605: | length: 16 (0x10) Aug 26 13:22:22.545608: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Aug 26 13:22:22.545611: | Protocol ID: 0 (0x0) Aug 26 13:22:22.545614: | port: 0 (0x0) Aug 26 13:22:22.545617: | obj: c0 00 16 00 ff ff ff 00 Aug 26 13:22:22.545620: | removing 12 bytes of padding Aug 26 13:22:22.545666: | quick_inR1_outI2 HASH(2): Aug 26 13:22:22.545671: | f9 04 e1 09 af fb 72 5e a0 b4 ea 79 62 67 2c cd Aug 26 13:22:22.545674: | 05 7f 3a 9f f0 e9 80 32 63 43 33 50 0c c6 7d ca Aug 26 13:22:22.545678: | received 'quick_inR1_outI2' message HASH(2) data ok Aug 26 13:22:22.545684: | ****parse IPsec DOI SIT: Aug 26 13:22:22.545687: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) Aug 26 13:22:22.545691: | ****parse ISAKMP Proposal Payload: Aug 26 13:22:22.545694: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:22.545697: | length: 44 (0x2c) Aug 26 13:22:22.545701: | proposal number: 0 (0x0) Aug 26 13:22:22.545704: | protocol ID: PROTO_IPSEC_ESP (0x3) Aug 26 13:22:22.545707: | SPI size: 4 (0x4) Aug 26 13:22:22.545710: | number of transforms: 1 (0x1) Aug 26 13:22:22.545714: | parsing 4 raw bytes of ISAKMP Proposal Payload into SPI Aug 26 13:22:22.545717: | SPI df a7 99 3f Aug 26 13:22:22.545721: | *****parse ISAKMP Transform Payload (ESP): Aug 26 13:22:22.545724: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:22.545727: | length: 32 (0x20) Aug 26 13:22:22.545730: | ESP transform number: 0 (0x0) Aug 26 13:22:22.545734: | ESP transform ID: ESP_AES (0xc) Aug 26 13:22:22.545738: | ******parse ISAKMP IPsec DOI attribute: Aug 26 13:22:22.545742: | af+type: AF+GROUP_DESCRIPTION (0x8003) Aug 26 13:22:22.545745: | length/value: 14 (0xe) Aug 26 13:22:22.545748: | [14 is OAKLEY_GROUP_MODP2048] Aug 26 13:22:22.545752: | ******parse ISAKMP IPsec DOI attribute: Aug 26 13:22:22.545755: | af+type: AF+ENCAPSULATION_MODE (0x8004) Aug 26 13:22:22.545759: | length/value: 1 (0x1) Aug 26 13:22:22.545762: | [1 is ENCAPSULATION_MODE_TUNNEL] Aug 26 13:22:22.545766: | NAT-T non-encap: Installing IPsec SA without ENCAP, st->hidden_variables.st_nat_traversal is none Aug 26 13:22:22.545769: | ******parse ISAKMP IPsec DOI attribute: Aug 26 13:22:22.545772: | af+type: AF+SA_LIFE_TYPE (0x8001) Aug 26 13:22:22.545775: | length/value: 1 (0x1) Aug 26 13:22:22.545778: | [1 is SA_LIFE_TYPE_SECONDS] Aug 26 13:22:22.545782: | ******parse ISAKMP IPsec DOI attribute: Aug 26 13:22:22.545785: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) Aug 26 13:22:22.545788: | length/value: 28800 (0x7080) Aug 26 13:22:22.545792: | ******parse ISAKMP IPsec DOI attribute: Aug 26 13:22:22.545795: | af+type: AF+AUTH_ALGORITHM (0x8005) Aug 26 13:22:22.545798: | length/value: 2 (0x2) Aug 26 13:22:22.545801: | [2 is AUTH_ALGORITHM_HMAC_SHA1] Aug 26 13:22:22.545805: | ******parse ISAKMP IPsec DOI attribute: Aug 26 13:22:22.545808: | af+type: AF+KEY_LENGTH (0x8006) Aug 26 13:22:22.545811: | length/value: 128 (0x80) Aug 26 13:22:22.545815: | ESP IPsec Transform verified unconditionally; no alg_info to check against Aug 26 13:22:22.545836: | started looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org of kind PKK_PSK Aug 26 13:22:22.545848: | actually looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org of kind PKK_PSK Aug 26 13:22:22.545859: | line 0: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org) to type PKK_RSA Aug 26 13:22:22.545864: | line 1: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org) to type PKK_RSA Aug 26 13:22:22.545868: | concluding with best_match=000 best=(nil) (lineno=-1) Aug 26 13:22:22.545871: | no PreShared Key Found Aug 26 13:22:22.545876: | adding quick outI2 DH work-order 11 for state #4 Aug 26 13:22:22.545880: | state #4 requesting EVENT_RETRANSMIT to be deleted Aug 26 13:22:22.545884: | #4 STATE_QUICK_I1: retransmits: cleared Aug 26 13:22:22.545889: | libevent_free: release ptr-libevent@0x7f83bc003e78 Aug 26 13:22:22.545893: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f83bc004218 Aug 26 13:22:22.545897: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f83bc004218 Aug 26 13:22:22.545902: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #4 Aug 26 13:22:22.545906: | libevent_malloc: new ptr-libevent@0x7f83ac002888 size 128 Aug 26 13:22:22.545917: | complete v1 state transition with STF_SUSPEND Aug 26 13:22:22.545925: | [RE]START processing: state #4 connection "north-dpd/0x2" from 192.1.2.23 (in complete_v1_state_transition() at ikev1.c:2648) Aug 26 13:22:22.545928: | suspending state #4 and saving MD Aug 26 13:22:22.545931: | #4 is busy; has a suspended MD Aug 26 13:22:22.545938: | #4 spent 0.253 milliseconds in process_packet_tail() Aug 26 13:22:22.545943: | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) Aug 26 13:22:22.545949: | stop processing: state #4 connection "north-dpd/0x2" from 192.1.2.23 (in process_md() at demux.c:382) Aug 26 13:22:22.545952: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:22:22.545958: | spent 0.668 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:22:22.545960: | crypto helper 4 resuming Aug 26 13:22:22.545977: | crypto helper 4 starting work-order 11 for state #4 Aug 26 13:22:22.545985: | crypto helper 4 doing compute dh (V1 Phase 2 PFS) (quick outI2 DH); request ID 11 Aug 26 13:22:22.546561: | spent 0.00405 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:22:22.546595: | *received 460 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 13:22:22.546601: | ff 46 30 fd 82 4a 54 6b d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:22.546604: | 08 10 20 01 7d 20 6b 25 00 00 01 cc af 36 6f 0c Aug 26 13:22:22.546607: | 84 ee 71 a9 51 a8 42 2e 9c e1 24 b8 71 b4 a5 93 Aug 26 13:22:22.546610: | de e8 dc 17 62 37 71 d5 a1 f6 82 57 96 56 b3 c6 Aug 26 13:22:22.546613: | 76 d1 d6 36 c4 72 23 b3 f3 c5 ff d3 a4 cf d0 8e Aug 26 13:22:22.546616: | ad c5 9a 7b e8 fd e1 3c eb 8b 45 35 6d 63 de 11 Aug 26 13:22:22.546619: | 29 74 d0 79 5c 7b 82 e3 34 59 22 44 12 ba fb 41 Aug 26 13:22:22.546622: | e8 f9 d6 dd 3f 63 d6 63 ac d8 dd 13 bf 4a 20 66 Aug 26 13:22:22.546625: | 90 e6 f7 63 f0 e0 34 a3 87 71 aa ce 67 c7 41 40 Aug 26 13:22:22.546628: | 82 a0 e9 da 1c 1e 04 df 59 5a a4 e1 5f 70 e2 ca Aug 26 13:22:22.546631: | a3 50 8e ab 30 c1 3d e6 00 69 4c e3 87 3f 26 9e Aug 26 13:22:22.546634: | 59 96 ef 81 60 96 d3 f4 c4 f8 7a e5 42 77 3f 2a Aug 26 13:22:22.546637: | b3 7b 76 93 d1 28 ca db 44 07 e6 12 2a 6b 75 a9 Aug 26 13:22:22.546640: | 49 9e 30 24 b2 aa 98 b2 4a 09 5f ac 04 5a 76 b6 Aug 26 13:22:22.546643: | 84 51 db ae 4d 7e 36 24 51 43 6b 2b 86 88 79 4e Aug 26 13:22:22.546646: | e3 54 3a de 1f 63 48 c7 1d b3 83 00 45 1d ba 1f Aug 26 13:22:22.546649: | 3d 5b 05 dc fb f2 26 d6 70 65 0e 56 6c 4c 88 de Aug 26 13:22:22.546656: | 53 ff ba 2e 0a e7 38 87 04 18 77 a3 40 06 21 72 Aug 26 13:22:22.546659: | 0d 48 6f 9b 13 64 cf e2 34 aa 64 4c 19 13 c9 af Aug 26 13:22:22.546662: | c0 44 36 cf 0e f1 c1 fb c2 35 9f 80 2c 48 f8 62 Aug 26 13:22:22.546665: | 69 f5 da 06 e0 33 34 4e 35 d7 01 53 00 29 23 a8 Aug 26 13:22:22.546668: | 6b 9b d5 fe fd e6 4b a3 aa e5 71 b8 b5 6d 75 e1 Aug 26 13:22:22.546671: | f1 bd 65 9c 6e 21 eb a5 64 95 6d ec df 6b 21 28 Aug 26 13:22:22.546674: | a0 52 a2 2c a5 89 2f a2 af 89 8a c9 a2 f7 55 bb Aug 26 13:22:22.546677: | 91 a2 a2 44 85 d3 3e 79 7c 2b db 08 60 f8 5a 9d Aug 26 13:22:22.546680: | 88 75 71 dd 47 8d 0e 70 66 60 9a f8 4d 81 10 81 Aug 26 13:22:22.546683: | 7d c4 e6 bd 77 84 54 13 d1 3b eb f6 6e 7f 1c 4f Aug 26 13:22:22.546686: | c4 3c 63 e0 ea 33 4e d1 fa 99 78 14 83 c6 d9 34 Aug 26 13:22:22.546689: | bc fc 0d 2d db e4 5e ab 81 5d 99 08 Aug 26 13:22:22.546695: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 13:22:22.546700: | **parse ISAKMP Message: Aug 26 13:22:22.546703: | initiator cookie: Aug 26 13:22:22.546706: | ff 46 30 fd 82 4a 54 6b Aug 26 13:22:22.546710: | responder cookie: Aug 26 13:22:22.546713: | d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:22.546716: | next payload type: ISAKMP_NEXT_HASH (0x8) Aug 26 13:22:22.546720: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 13:22:22.546723: | exchange type: ISAKMP_XCHG_QUICK (0x20) Aug 26 13:22:22.546727: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 13:22:22.546730: | Message ID: 2099276581 (0x7d206b25) Aug 26 13:22:22.546734: | length: 460 (0x1cc) Aug 26 13:22:22.546738: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32) Aug 26 13:22:22.546742: | State DB: found IKEv1 state #5 in QUICK_I1 (find_state_ikev1) Aug 26 13:22:22.546749: | start processing: state #5 connection "north-dpd/0x1" from 192.1.2.23 (in process_v1_packet() at ikev1.c:1633) Aug 26 13:22:22.546752: | #5 is idle Aug 26 13:22:22.546755: | #5 idle Aug 26 13:22:22.546760: | received encrypted packet from 192.1.2.23:500 Aug 26 13:22:22.546777: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x502 opt: 0x200030 Aug 26 13:22:22.546782: | ***parse ISAKMP Hash Payload: Aug 26 13:22:22.546785: | next payload type: ISAKMP_NEXT_SA (0x1) Aug 26 13:22:22.546789: | length: 36 (0x24) Aug 26 13:22:22.546792: | got payload 0x2 (ISAKMP_NEXT_SA) needed: 0x402 opt: 0x200030 Aug 26 13:22:22.546796: | ***parse ISAKMP Security Association Payload: Aug 26 13:22:22.546799: | next payload type: ISAKMP_NEXT_NONCE (0xa) Aug 26 13:22:22.546802: | length: 56 (0x38) Aug 26 13:22:22.546806: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 13:22:22.546809: | got payload 0x400 (ISAKMP_NEXT_NONCE) needed: 0x400 opt: 0x200030 Aug 26 13:22:22.546812: | ***parse ISAKMP Nonce Payload: Aug 26 13:22:22.546816: | next payload type: ISAKMP_NEXT_KE (0x4) Aug 26 13:22:22.546819: | length: 36 (0x24) Aug 26 13:22:22.546822: | got payload 0x10 (ISAKMP_NEXT_KE) needed: 0x0 opt: 0x200030 Aug 26 13:22:22.546825: | ***parse ISAKMP Key Exchange Payload: Aug 26 13:22:22.546829: | next payload type: ISAKMP_NEXT_ID (0x5) Aug 26 13:22:22.546832: | length: 260 (0x104) Aug 26 13:22:22.546835: | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030 Aug 26 13:22:22.546839: | ***parse ISAKMP Identification Payload (IPsec DOI): Aug 26 13:22:22.546842: | next payload type: ISAKMP_NEXT_ID (0x5) Aug 26 13:22:22.546845: | length: 16 (0x10) Aug 26 13:22:22.546848: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Aug 26 13:22:22.546851: | Protocol ID: 0 (0x0) Aug 26 13:22:22.546854: | port: 0 (0x0) Aug 26 13:22:22.546858: | obj: c0 00 03 00 ff ff ff 00 Aug 26 13:22:22.546861: | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030 Aug 26 13:22:22.546865: | ***parse ISAKMP Identification Payload (IPsec DOI): Aug 26 13:22:22.546868: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:22.546871: | length: 16 (0x10) Aug 26 13:22:22.546877: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Aug 26 13:22:22.546880: | Protocol ID: 0 (0x0) Aug 26 13:22:22.546883: | port: 0 (0x0) Aug 26 13:22:22.546886: | obj: c0 00 02 00 ff ff ff 00 Aug 26 13:22:22.546889: | removing 12 bytes of padding Aug 26 13:22:22.546923: | quick_inR1_outI2 HASH(2): Aug 26 13:22:22.546927: | c3 9f 03 42 b1 f6 b8 f6 77 39 59 9d 6e df 07 3e Aug 26 13:22:22.546931: | b7 fa ea 98 8c ab 0f 4d b4 3f e3 02 b8 b0 63 b4 Aug 26 13:22:22.546934: | received 'quick_inR1_outI2' message HASH(2) data ok Aug 26 13:22:22.546939: | ****parse IPsec DOI SIT: Aug 26 13:22:22.546943: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) Aug 26 13:22:22.546947: | ****parse ISAKMP Proposal Payload: Aug 26 13:22:22.546950: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:22.546953: | length: 44 (0x2c) Aug 26 13:22:22.546956: | proposal number: 0 (0x0) Aug 26 13:22:22.546960: | protocol ID: PROTO_IPSEC_ESP (0x3) Aug 26 13:22:22.546963: | SPI size: 4 (0x4) Aug 26 13:22:22.546966: | number of transforms: 1 (0x1) Aug 26 13:22:22.546970: | parsing 4 raw bytes of ISAKMP Proposal Payload into SPI Aug 26 13:22:22.546973: | SPI 5b 1c a7 72 Aug 26 13:22:22.546976: | *****parse ISAKMP Transform Payload (ESP): Aug 26 13:22:22.546980: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:22.546983: | length: 32 (0x20) Aug 26 13:22:22.546986: | ESP transform number: 0 (0x0) Aug 26 13:22:22.546989: | ESP transform ID: ESP_AES (0xc) Aug 26 13:22:22.546993: | ******parse ISAKMP IPsec DOI attribute: Aug 26 13:22:22.546997: | af+type: AF+GROUP_DESCRIPTION (0x8003) Aug 26 13:22:22.546999: | crypto helper 4 finished compute dh (V1 Phase 2 PFS) (quick outI2 DH); request ID 11 time elapsed 0.001014 seconds Aug 26 13:22:22.547000: | length/value: 14 (0xe) Aug 26 13:22:22.547024: | [14 is OAKLEY_GROUP_MODP2048] Aug 26 13:22:22.547014: | (#4) spent 1.02 milliseconds in crypto helper computing work-order 11: quick outI2 DH (pcr) Aug 26 13:22:22.547037: | crypto helper 4 sending results from work-order 11 for state #4 to event queue Aug 26 13:22:22.547028: | ******parse ISAKMP IPsec DOI attribute: Aug 26 13:22:22.547055: | af+type: AF+ENCAPSULATION_MODE (0x8004) Aug 26 13:22:22.547059: | length/value: 1 (0x1) Aug 26 13:22:22.547047: | scheduling resume sending helper answer for #4 Aug 26 13:22:22.547073: | libevent_malloc: new ptr-libevent@0x7f83b0005518 size 128 Aug 26 13:22:22.547062: | [1 is ENCAPSULATION_MODE_TUNNEL] Aug 26 13:22:22.547082: | crypto helper 4 waiting (nothing to do) Aug 26 13:22:22.547090: | NAT-T non-encap: Installing IPsec SA without ENCAP, st->hidden_variables.st_nat_traversal is none Aug 26 13:22:22.547105: | ******parse ISAKMP IPsec DOI attribute: Aug 26 13:22:22.547109: | af+type: AF+SA_LIFE_TYPE (0x8001) Aug 26 13:22:22.547112: | length/value: 1 (0x1) Aug 26 13:22:22.547115: | [1 is SA_LIFE_TYPE_SECONDS] Aug 26 13:22:22.547118: | ******parse ISAKMP IPsec DOI attribute: Aug 26 13:22:22.547121: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) Aug 26 13:22:22.547125: | length/value: 28800 (0x7080) Aug 26 13:22:22.547128: | ******parse ISAKMP IPsec DOI attribute: Aug 26 13:22:22.547131: | af+type: AF+AUTH_ALGORITHM (0x8005) Aug 26 13:22:22.547134: | length/value: 2 (0x2) Aug 26 13:22:22.547138: | [2 is AUTH_ALGORITHM_HMAC_SHA1] Aug 26 13:22:22.547141: | ******parse ISAKMP IPsec DOI attribute: Aug 26 13:22:22.547144: | af+type: AF+KEY_LENGTH (0x8006) Aug 26 13:22:22.547147: | length/value: 128 (0x80) Aug 26 13:22:22.547151: | ESP IPsec Transform verified unconditionally; no alg_info to check against Aug 26 13:22:22.547173: | started looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org of kind PKK_PSK Aug 26 13:22:22.547182: | actually looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org of kind PKK_PSK Aug 26 13:22:22.547199: | line 0: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org) to type PKK_RSA Aug 26 13:22:22.547204: | line 1: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org) to type PKK_RSA Aug 26 13:22:22.547208: | concluding with best_match=000 best=(nil) (lineno=-1) Aug 26 13:22:22.547211: | no PreShared Key Found Aug 26 13:22:22.547217: | adding quick outI2 DH work-order 12 for state #5 Aug 26 13:22:22.547220: | state #5 requesting EVENT_RETRANSMIT to be deleted Aug 26 13:22:22.547224: | #5 STATE_QUICK_I1: retransmits: cleared Aug 26 13:22:22.547229: | libevent_free: release ptr-libevent@0x5649f9ab60f8 Aug 26 13:22:22.547233: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f83c0002b78 Aug 26 13:22:22.547237: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f83c0002b78 Aug 26 13:22:22.547242: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #5 Aug 26 13:22:22.547246: | libevent_malloc: new ptr-libevent@0x5649f9ada878 size 128 Aug 26 13:22:22.547255: | complete v1 state transition with STF_SUSPEND Aug 26 13:22:22.547262: | [RE]START processing: state #5 connection "north-dpd/0x1" from 192.1.2.23 (in complete_v1_state_transition() at ikev1.c:2648) Aug 26 13:22:22.547266: | suspending state #5 and saving MD Aug 26 13:22:22.547269: | #5 is busy; has a suspended MD Aug 26 13:22:22.547275: | #5 spent 0.319 milliseconds in process_packet_tail() Aug 26 13:22:22.547271: | crypto helper 5 resuming Aug 26 13:22:22.547313: | crypto helper 5 starting work-order 12 for state #5 Aug 26 13:22:22.547321: | crypto helper 5 doing compute dh (V1 Phase 2 PFS) (quick outI2 DH); request ID 12 Aug 26 13:22:22.547285: | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) Aug 26 13:22:22.547367: | stop processing: state #5 connection "north-dpd/0x1" from 192.1.2.23 (in process_md() at demux.c:382) Aug 26 13:22:22.547376: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:22:22.547384: | spent 0.764 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:22:22.547396: | processing resume sending helper answer for #4 Aug 26 13:22:22.547403: | start processing: state #4 connection "north-dpd/0x2" from 192.1.2.23 (in resume_handler() at server.c:797) Aug 26 13:22:22.547408: | crypto helper 4 replies to request ID 11 Aug 26 13:22:22.547412: | calling continuation function 0x5649f7dc5b50 Aug 26 13:22:22.547415: | quick_inR1_outI2_continue for #4: calculated ke+nonce, calculating DH Aug 26 13:22:22.547452: | **emit ISAKMP Message: Aug 26 13:22:22.547456: | initiator cookie: Aug 26 13:22:22.547459: | ff 46 30 fd 82 4a 54 6b Aug 26 13:22:22.547462: | responder cookie: Aug 26 13:22:22.547465: | d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:22.547469: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:22.547472: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 13:22:22.547476: | exchange type: ISAKMP_XCHG_QUICK (0x20) Aug 26 13:22:22.547479: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 13:22:22.547483: | Message ID: 402612428 (0x17ff60cc) Aug 26 13:22:22.547487: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:22:22.547492: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address Aug 26 13:22:22.547495: | ID address c0 00 03 00 Aug 26 13:22:22.547499: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID mask Aug 26 13:22:22.547502: | ID mask ff ff ff 00 Aug 26 13:22:22.547507: | our client is subnet 192.0.3.0/24 Aug 26 13:22:22.547511: | our client protocol/port is 0/0 Aug 26 13:22:22.547519: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address Aug 26 13:22:22.547522: | ID address c0 00 16 00 Aug 26 13:22:22.547526: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID mask Aug 26 13:22:22.547529: | ID mask ff ff ff 00 Aug 26 13:22:22.547533: | peer client is subnet 192.0.22.0/24 Aug 26 13:22:22.547536: | peer client protocol/port is 0/0 Aug 26 13:22:22.547540: | ***emit ISAKMP Hash Payload: Aug 26 13:22:22.547543: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:22.547547: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Aug 26 13:22:22.547551: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'reply packet' Aug 26 13:22:22.547556: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Aug 26 13:22:22.547559: | emitting length of ISAKMP Hash Payload: 36 Aug 26 13:22:22.547591: | quick_inR1_outI2 HASH(3): Aug 26 13:22:22.547596: | 8e f4 1e 9d f3 5b 78 59 ac 60 05 fd e6 b1 7a ee Aug 26 13:22:22.547599: | 99 23 e1 b4 73 de 8b 27 14 c1 9b c7 b6 56 2e 87 Aug 26 13:22:22.547603: | compute_proto_keymat: needed_len (after ESP enc)=16 Aug 26 13:22:22.547606: | compute_proto_keymat: needed_len (after ESP auth)=36 Aug 26 13:22:22.547759: | install_ipsec_sa() for #4: inbound and outbound Aug 26 13:22:22.547766: | could_route called for north-dpd/0x2 (kind=CK_PERMANENT) Aug 26 13:22:22.547769: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:22:22.547774: | conn north-dpd/0x2 mark 0/00000000, 0/00000000 vs Aug 26 13:22:22.547777: | conn north-dpd/0x1 mark 0/00000000, 0/00000000 Aug 26 13:22:22.547781: | conn north-dpd/0x2 mark 0/00000000, 0/00000000 vs Aug 26 13:22:22.547785: | conn north-dpd/0x2 mark 0/00000000, 0/00000000 Aug 26 13:22:22.547790: | route owner of "north-dpd/0x2" prospective erouted: self; eroute owner: self Aug 26 13:22:22.547794: | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 Aug 26 13:22:22.547798: | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 Aug 26 13:22:22.547802: | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 Aug 26 13:22:22.547808: | setting IPsec SA replay-window to 32 Aug 26 13:22:22.547811: | NIC esp-hw-offload not for connection 'north-dpd/0x2' not available on interface eth1 Aug 26 13:22:22.547815: | netlink: enabling tunnel mode Aug 26 13:22:22.547820: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 13:22:22.547823: | netlink: esp-hw-offload not set for IPsec SA Aug 26 13:22:22.547899: | netlink response for Add SA esp.dfa7993f@192.1.2.23 included non-error error Aug 26 13:22:22.547905: | set up outgoing SA, ref=0/0 Aug 26 13:22:22.547910: | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 Aug 26 13:22:22.547913: | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 Aug 26 13:22:22.547917: | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 Aug 26 13:22:22.547921: | setting IPsec SA replay-window to 32 Aug 26 13:22:22.547926: | NIC esp-hw-offload not for connection 'north-dpd/0x2' not available on interface eth1 Aug 26 13:22:22.547932: | netlink: enabling tunnel mode Aug 26 13:22:22.547940: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 13:22:22.547946: | netlink: esp-hw-offload not set for IPsec SA Aug 26 13:22:22.548008: "north-dpd/0x2" #4: ERROR: netlink response for Add SA esp.dcd59a6b@192.1.3.33 included errno 3: No such process Aug 26 13:22:22.548019: "north-dpd/0x2" #4: setup_half_ipsec_sa() hit fail: Aug 26 13:22:22.548027: | complete v1 state transition with STF_INTERNAL_ERROR Aug 26 13:22:22.548040: | [RE]START processing: state #4 connection "north-dpd/0x2" from 192.1.2.23 (in complete_v1_state_transition() at ikev1.c:2673) Aug 26 13:22:22.548046: | #4 is idle Aug 26 13:22:22.548122: | state transition function for STATE_QUICK_I1 had internal error Aug 26 13:22:22.548140: | resume sending helper answer for #4 suppresed complete_v1_state_transition() Aug 26 13:22:22.548153: | #4 spent 0.742 milliseconds in resume sending helper answer Aug 26 13:22:22.548166: | stop processing: state #4 connection "north-dpd/0x2" from 192.1.2.23 (in resume_handler() at server.c:833) Aug 26 13:22:22.548175: | libevent_free: release ptr-libevent@0x7f83b0005518 Aug 26 13:22:22.548328: | crypto helper 5 finished compute dh (V1 Phase 2 PFS) (quick outI2 DH); request ID 12 time elapsed 0.001007 seconds Aug 26 13:22:22.548342: | (#5) spent 1.01 milliseconds in crypto helper computing work-order 12: quick outI2 DH (pcr) Aug 26 13:22:22.548347: | crypto helper 5 sending results from work-order 12 for state #5 to event queue Aug 26 13:22:22.548352: | scheduling resume sending helper answer for #5 Aug 26 13:22:22.548356: | libevent_malloc: new ptr-libevent@0x7f83b4001f78 size 128 Aug 26 13:22:22.548365: | crypto helper 5 waiting (nothing to do) Aug 26 13:22:22.548412: | processing resume sending helper answer for #5 Aug 26 13:22:22.548430: | start processing: state #5 connection "north-dpd/0x1" from 192.1.2.23 (in resume_handler() at server.c:797) Aug 26 13:22:22.548437: | crypto helper 5 replies to request ID 12 Aug 26 13:22:22.548440: | calling continuation function 0x5649f7dc5b50 Aug 26 13:22:22.548444: | quick_inR1_outI2_continue for #5: calculated ke+nonce, calculating DH Aug 26 13:22:22.548450: | **emit ISAKMP Message: Aug 26 13:22:22.548454: | initiator cookie: Aug 26 13:22:22.548458: | ff 46 30 fd 82 4a 54 6b Aug 26 13:22:22.548461: | responder cookie: Aug 26 13:22:22.548464: | d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:22.548468: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:22.548471: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 13:22:22.548475: | exchange type: ISAKMP_XCHG_QUICK (0x20) Aug 26 13:22:22.548478: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 13:22:22.548482: | Message ID: 2099276581 (0x7d206b25) Aug 26 13:22:22.548486: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:22:22.548490: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address Aug 26 13:22:22.548494: | ID address c0 00 03 00 Aug 26 13:22:22.548497: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID mask Aug 26 13:22:22.548500: | ID mask ff ff ff 00 Aug 26 13:22:22.548506: | our client is subnet 192.0.3.0/24 Aug 26 13:22:22.548509: | our client protocol/port is 0/0 Aug 26 13:22:22.548513: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address Aug 26 13:22:22.548516: | ID address c0 00 02 00 Aug 26 13:22:22.548520: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID mask Aug 26 13:22:22.548523: | ID mask ff ff ff 00 Aug 26 13:22:22.548527: | peer client is subnet 192.0.2.0/24 Aug 26 13:22:22.548530: | peer client protocol/port is 0/0 Aug 26 13:22:22.548534: | ***emit ISAKMP Hash Payload: Aug 26 13:22:22.548537: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:22.548541: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Aug 26 13:22:22.548545: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'reply packet' Aug 26 13:22:22.548549: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Aug 26 13:22:22.548553: | emitting length of ISAKMP Hash Payload: 36 Aug 26 13:22:22.548581: | quick_inR1_outI2 HASH(3): Aug 26 13:22:22.548601: | 7a 3b 78 e9 ba b5 bc 07 98 00 de 46 6f 87 3e 54 Aug 26 13:22:22.548605: | 67 e9 8b c6 93 e3 e3 7c 49 64 21 4f b4 17 96 14 Aug 26 13:22:22.548609: | compute_proto_keymat: needed_len (after ESP enc)=16 Aug 26 13:22:22.548612: | compute_proto_keymat: needed_len (after ESP auth)=36 Aug 26 13:22:22.548743: | install_ipsec_sa() for #5: inbound and outbound Aug 26 13:22:22.548749: | could_route called for north-dpd/0x1 (kind=CK_PERMANENT) Aug 26 13:22:22.548753: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:22:22.548763: | conn north-dpd/0x1 mark 0/00000000, 0/00000000 vs Aug 26 13:22:22.548768: | conn north-dpd/0x1 mark 0/00000000, 0/00000000 Aug 26 13:22:22.548772: | conn north-dpd/0x1 mark 0/00000000, 0/00000000 vs Aug 26 13:22:22.548776: | conn north-dpd/0x2 mark 0/00000000, 0/00000000 Aug 26 13:22:22.548782: | route owner of "north-dpd/0x1" erouted: self; eroute owner: self Aug 26 13:22:22.548791: | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 Aug 26 13:22:22.548797: | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 Aug 26 13:22:22.548801: | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 Aug 26 13:22:22.548807: | setting IPsec SA replay-window to 32 Aug 26 13:22:22.548812: | NIC esp-hw-offload not for connection 'north-dpd/0x1' not available on interface eth1 Aug 26 13:22:22.548816: | netlink: enabling tunnel mode Aug 26 13:22:22.548820: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 13:22:22.548825: | netlink: esp-hw-offload not set for IPsec SA Aug 26 13:22:22.548899: | netlink response for Add SA esp.5b1ca772@192.1.2.23 included non-error error Aug 26 13:22:22.548907: | set up outgoing SA, ref=0/0 Aug 26 13:22:22.548911: | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 Aug 26 13:22:22.548916: | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 Aug 26 13:22:22.548920: | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 Aug 26 13:22:22.548925: | setting IPsec SA replay-window to 32 Aug 26 13:22:22.548932: | NIC esp-hw-offload not for connection 'north-dpd/0x1' not available on interface eth1 Aug 26 13:22:22.548939: | netlink: enabling tunnel mode Aug 26 13:22:22.548948: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 13:22:22.548956: | netlink: esp-hw-offload not set for IPsec SA Aug 26 13:22:22.549025: "north-dpd/0x1" #5: ERROR: netlink response for Add SA esp.aad72ba6@192.1.3.33 included errno 3: No such process Aug 26 13:22:22.549038: "north-dpd/0x1" #5: setup_half_ipsec_sa() hit fail: Aug 26 13:22:22.549048: | complete v1 state transition with STF_INTERNAL_ERROR Aug 26 13:22:22.549062: | [RE]START processing: state #5 connection "north-dpd/0x1" from 192.1.2.23 (in complete_v1_state_transition() at ikev1.c:2673) Aug 26 13:22:22.549069: | #5 is idle Aug 26 13:22:22.549152: | state transition function for STATE_QUICK_I1 had internal error Aug 26 13:22:22.549168: | resume sending helper answer for #5 suppresed complete_v1_state_transition() Aug 26 13:22:22.549184: | #5 spent 0.742 milliseconds in resume sending helper answer Aug 26 13:22:22.549199: | stop processing: state #5 connection "north-dpd/0x1" from 192.1.2.23 (in resume_handler() at server.c:833) Aug 26 13:22:22.549209: | libevent_free: release ptr-libevent@0x7f83b4001f78 Aug 26 13:22:23.046081: | spent 0.0113 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:22:23.046162: | *received 460 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 13:22:23.046175: | ff 46 30 fd 82 4a 54 6b d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:23.046184: | 08 10 20 01 17 ff 60 cc 00 00 01 cc 91 d8 8d ab Aug 26 13:22:23.046191: | 13 84 10 79 0c 45 94 a3 57 8e f0 7f 3f 6d 6b f8 Aug 26 13:22:23.046199: | d7 6b f0 22 26 d2 a8 2f c2 2e 83 c3 44 3c 19 62 Aug 26 13:22:23.046206: | 86 5b cf ef 37 22 b6 8d f9 ad d8 7d 0f ff 82 88 Aug 26 13:22:23.046214: | 01 54 f3 c1 6c 83 70 02 f3 19 96 3e 7e f9 3d 0f Aug 26 13:22:23.046221: | 1a 2c 33 a0 4c 89 62 34 ac 14 4e 13 bc 8a 21 7b Aug 26 13:22:23.046229: | 00 14 44 6b 60 94 db ed e6 4a 4a 5a d2 27 78 86 Aug 26 13:22:23.046237: | 74 d7 81 87 45 7a d6 73 db 60 52 ee 06 42 1b 02 Aug 26 13:22:23.046244: | 00 6b 63 00 b6 29 9e 77 8e 75 ea d9 f1 da 31 71 Aug 26 13:22:23.046252: | 66 6c a4 4f de 0b 2d eb c1 74 31 16 58 cf b1 68 Aug 26 13:22:23.046259: | e2 95 0e 30 ff fb c6 fd 22 52 53 67 cc bf a7 84 Aug 26 13:22:23.046267: | 67 f3 2d 61 cf 79 66 2c be a8 b7 62 e5 b7 ac 0f Aug 26 13:22:23.046286: | 90 68 d4 c8 a2 d8 e2 01 a7 c6 e8 33 61 82 3b 6b Aug 26 13:22:23.046336: | 47 42 ff d1 78 4b 94 a4 2b 42 3d ab 90 1c 25 00 Aug 26 13:22:23.046344: | 62 5e 9c a1 02 54 b8 c3 cc b8 63 b1 0b 8a 6b 5f Aug 26 13:22:23.046352: | 09 3c 58 ef 71 93 a1 3c 18 23 60 62 04 15 bf 87 Aug 26 13:22:23.046360: | 40 0f cf d4 47 42 33 78 4d 1f cb a9 44 24 f6 88 Aug 26 13:22:23.046367: | 4b 76 c0 04 cd 76 51 14 1e 7f f9 a7 f0 c4 7f 68 Aug 26 13:22:23.046375: | e3 d5 c2 83 f9 f1 ed 71 9a 97 ef 97 13 69 4e 91 Aug 26 13:22:23.046382: | 3f 2a c5 30 a9 b2 7d f8 fe c3 ed 82 e6 68 e3 47 Aug 26 13:22:23.046390: | 53 94 e9 f8 b4 21 43 2b 2d e1 b6 aa 44 fe 24 ae Aug 26 13:22:23.046398: | 89 69 4c e8 b4 7c 2a 87 0a 3e 21 56 cb 9b 1f 01 Aug 26 13:22:23.046405: | 7a 97 65 33 b1 25 44 85 89 2e 84 29 ba ac 67 87 Aug 26 13:22:23.046413: | a0 2a b2 ab ff 41 df b6 78 49 8c 24 8c a2 52 8e Aug 26 13:22:23.046420: | 84 c9 34 c2 23 9b 32 a5 bb bd 3f 31 2f 83 89 93 Aug 26 13:22:23.046428: | 24 f7 d2 b2 c1 6e 08 dc a9 f6 b5 04 64 85 87 05 Aug 26 13:22:23.046435: | f1 56 60 d3 fe fe f0 0a dd 26 4e 38 07 2d 9e d4 Aug 26 13:22:23.046443: | 62 db 0c a7 e8 a7 2a c9 1c de 93 74 Aug 26 13:22:23.046458: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 13:22:23.046470: | **parse ISAKMP Message: Aug 26 13:22:23.046479: | initiator cookie: Aug 26 13:22:23.046487: | ff 46 30 fd 82 4a 54 6b Aug 26 13:22:23.046495: | responder cookie: Aug 26 13:22:23.046502: | d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:23.046511: | next payload type: ISAKMP_NEXT_HASH (0x8) Aug 26 13:22:23.046521: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 13:22:23.046529: | exchange type: ISAKMP_XCHG_QUICK (0x20) Aug 26 13:22:23.046538: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 13:22:23.046547: | Message ID: 402612428 (0x17ff60cc) Aug 26 13:22:23.046555: | length: 460 (0x1cc) Aug 26 13:22:23.046566: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32) Aug 26 13:22:23.046579: | State DB: found IKEv1 state #4 in QUICK_I1 (find_state_ikev1) Aug 26 13:22:23.046596: | start processing: state #4 connection "north-dpd/0x2" from 192.1.2.23 (in process_v1_packet() at ikev1.c:1633) Aug 26 13:22:23.046605: | #4 is idle Aug 26 13:22:23.046612: | #4 idle Aug 26 13:22:23.046626: | "north-dpd/0x2" #4: discarding duplicate packet; already STATE_QUICK_I1; replied=F retransmit_on_duplicate=F Aug 26 13:22:23.046640: | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) Aug 26 13:22:23.046655: | stop processing: state #4 connection "north-dpd/0x2" from 192.1.2.23 (in process_md() at demux.c:382) Aug 26 13:22:23.046665: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:22:23.046681: | spent 0.517 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:22:23.047822: | spent 0.0105 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:22:23.047898: | *received 460 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 13:22:23.047910: | ff 46 30 fd 82 4a 54 6b d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:23.047919: | 08 10 20 01 7d 20 6b 25 00 00 01 cc af 36 6f 0c Aug 26 13:22:23.047926: | 84 ee 71 a9 51 a8 42 2e 9c e1 24 b8 71 b4 a5 93 Aug 26 13:22:23.047934: | de e8 dc 17 62 37 71 d5 a1 f6 82 57 96 56 b3 c6 Aug 26 13:22:23.047941: | 76 d1 d6 36 c4 72 23 b3 f3 c5 ff d3 a4 cf d0 8e Aug 26 13:22:23.047949: | ad c5 9a 7b e8 fd e1 3c eb 8b 45 35 6d 63 de 11 Aug 26 13:22:23.047956: | 29 74 d0 79 5c 7b 82 e3 34 59 22 44 12 ba fb 41 Aug 26 13:22:23.047964: | e8 f9 d6 dd 3f 63 d6 63 ac d8 dd 13 bf 4a 20 66 Aug 26 13:22:23.047972: | 90 e6 f7 63 f0 e0 34 a3 87 71 aa ce 67 c7 41 40 Aug 26 13:22:23.047979: | 82 a0 e9 da 1c 1e 04 df 59 5a a4 e1 5f 70 e2 ca Aug 26 13:22:23.047987: | a3 50 8e ab 30 c1 3d e6 00 69 4c e3 87 3f 26 9e Aug 26 13:22:23.048004: | 59 96 ef 81 60 96 d3 f4 c4 f8 7a e5 42 77 3f 2a Aug 26 13:22:23.048012: | b3 7b 76 93 d1 28 ca db 44 07 e6 12 2a 6b 75 a9 Aug 26 13:22:23.048020: | 49 9e 30 24 b2 aa 98 b2 4a 09 5f ac 04 5a 76 b6 Aug 26 13:22:23.048027: | 84 51 db ae 4d 7e 36 24 51 43 6b 2b 86 88 79 4e Aug 26 13:22:23.048035: | e3 54 3a de 1f 63 48 c7 1d b3 83 00 45 1d ba 1f Aug 26 13:22:23.048042: | 3d 5b 05 dc fb f2 26 d6 70 65 0e 56 6c 4c 88 de Aug 26 13:22:23.048050: | 53 ff ba 2e 0a e7 38 87 04 18 77 a3 40 06 21 72 Aug 26 13:22:23.048057: | 0d 48 6f 9b 13 64 cf e2 34 aa 64 4c 19 13 c9 af Aug 26 13:22:23.048065: | c0 44 36 cf 0e f1 c1 fb c2 35 9f 80 2c 48 f8 62 Aug 26 13:22:23.048072: | 69 f5 da 06 e0 33 34 4e 35 d7 01 53 00 29 23 a8 Aug 26 13:22:23.048080: | 6b 9b d5 fe fd e6 4b a3 aa e5 71 b8 b5 6d 75 e1 Aug 26 13:22:23.048087: | f1 bd 65 9c 6e 21 eb a5 64 95 6d ec df 6b 21 28 Aug 26 13:22:23.048095: | a0 52 a2 2c a5 89 2f a2 af 89 8a c9 a2 f7 55 bb Aug 26 13:22:23.048102: | 91 a2 a2 44 85 d3 3e 79 7c 2b db 08 60 f8 5a 9d Aug 26 13:22:23.048110: | 88 75 71 dd 47 8d 0e 70 66 60 9a f8 4d 81 10 81 Aug 26 13:22:23.048117: | 7d c4 e6 bd 77 84 54 13 d1 3b eb f6 6e 7f 1c 4f Aug 26 13:22:23.048125: | c4 3c 63 e0 ea 33 4e d1 fa 99 78 14 83 c6 d9 34 Aug 26 13:22:23.048132: | bc fc 0d 2d db e4 5e ab 81 5d 99 08 Aug 26 13:22:23.048147: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 13:22:23.048158: | **parse ISAKMP Message: Aug 26 13:22:23.048167: | initiator cookie: Aug 26 13:22:23.048175: | ff 46 30 fd 82 4a 54 6b Aug 26 13:22:23.048183: | responder cookie: Aug 26 13:22:23.048190: | d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:23.048199: | next payload type: ISAKMP_NEXT_HASH (0x8) Aug 26 13:22:23.048208: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 13:22:23.048216: | exchange type: ISAKMP_XCHG_QUICK (0x20) Aug 26 13:22:23.048225: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 13:22:23.048234: | Message ID: 2099276581 (0x7d206b25) Aug 26 13:22:23.048242: | length: 460 (0x1cc) Aug 26 13:22:23.048252: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32) Aug 26 13:22:23.048264: | State DB: found IKEv1 state #5 in QUICK_I1 (find_state_ikev1) Aug 26 13:22:23.048280: | start processing: state #5 connection "north-dpd/0x1" from 192.1.2.23 (in process_v1_packet() at ikev1.c:1633) Aug 26 13:22:23.048316: | #5 is idle Aug 26 13:22:23.048330: | #5 idle Aug 26 13:22:23.048343: | "north-dpd/0x1" #5: discarding duplicate packet; already STATE_QUICK_I1; replied=F retransmit_on_duplicate=F Aug 26 13:22:23.048357: | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) Aug 26 13:22:23.048372: | stop processing: state #5 connection "north-dpd/0x1" from 192.1.2.23 (in process_md() at demux.c:382) Aug 26 13:22:23.048382: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:22:23.048398: | spent 0.503 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:22:23.368825: | timer_event_cb: processing event@0x5649f9a4e1b8 Aug 26 13:22:23.368876: | handling event EVENT_DPD for child state #6 Aug 26 13:22:23.368899: | start processing: state #6 connection "north-dpd/0x1" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 13:22:23.368919: | [RE]START processing: state #6 connection "north-dpd/0x1" from 192.1.2.23 (in dpd_event() at ikev1_dpd.c:360) Aug 26 13:22:23.368928: | FOR_EACH_STATE_... in find_phase1_state Aug 26 13:22:23.368940: | DPD: no need to send or schedule DPD for replaced IPsec SA Aug 26 13:22:23.368952: | libevent_free: release ptr-libevent@0x5649f9aca388 Aug 26 13:22:23.368963: | free_event_entry: release EVENT_DPD-pe@0x5649f9a4e1b8 Aug 26 13:22:23.368983: | #6 spent 0.161 milliseconds in timer_event_cb() EVENT_DPD Aug 26 13:22:23.368997: | stop processing: state #6 connection "north-dpd/0x1" from 192.1.2.23 (in timer_event_cb() at timer.c:557) Aug 26 13:22:23.547863: | spent 0.00547 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:22:23.547912: | *received 460 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 13:22:23.547919: | ff 46 30 fd 82 4a 54 6b d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:23.547922: | 08 10 20 01 17 ff 60 cc 00 00 01 cc 91 d8 8d ab Aug 26 13:22:23.547926: | 13 84 10 79 0c 45 94 a3 57 8e f0 7f 3f 6d 6b f8 Aug 26 13:22:23.547929: | d7 6b f0 22 26 d2 a8 2f c2 2e 83 c3 44 3c 19 62 Aug 26 13:22:23.547932: | 86 5b cf ef 37 22 b6 8d f9 ad d8 7d 0f ff 82 88 Aug 26 13:22:23.547935: | 01 54 f3 c1 6c 83 70 02 f3 19 96 3e 7e f9 3d 0f Aug 26 13:22:23.547938: | 1a 2c 33 a0 4c 89 62 34 ac 14 4e 13 bc 8a 21 7b Aug 26 13:22:23.547942: | 00 14 44 6b 60 94 db ed e6 4a 4a 5a d2 27 78 86 Aug 26 13:22:23.547945: | 74 d7 81 87 45 7a d6 73 db 60 52 ee 06 42 1b 02 Aug 26 13:22:23.547948: | 00 6b 63 00 b6 29 9e 77 8e 75 ea d9 f1 da 31 71 Aug 26 13:22:23.547951: | 66 6c a4 4f de 0b 2d eb c1 74 31 16 58 cf b1 68 Aug 26 13:22:23.547954: | e2 95 0e 30 ff fb c6 fd 22 52 53 67 cc bf a7 84 Aug 26 13:22:23.547957: | 67 f3 2d 61 cf 79 66 2c be a8 b7 62 e5 b7 ac 0f Aug 26 13:22:23.547961: | 90 68 d4 c8 a2 d8 e2 01 a7 c6 e8 33 61 82 3b 6b Aug 26 13:22:23.547964: | 47 42 ff d1 78 4b 94 a4 2b 42 3d ab 90 1c 25 00 Aug 26 13:22:23.547967: | 62 5e 9c a1 02 54 b8 c3 cc b8 63 b1 0b 8a 6b 5f Aug 26 13:22:23.547970: | 09 3c 58 ef 71 93 a1 3c 18 23 60 62 04 15 bf 87 Aug 26 13:22:23.547973: | 40 0f cf d4 47 42 33 78 4d 1f cb a9 44 24 f6 88 Aug 26 13:22:23.547976: | 4b 76 c0 04 cd 76 51 14 1e 7f f9 a7 f0 c4 7f 68 Aug 26 13:22:23.547980: | e3 d5 c2 83 f9 f1 ed 71 9a 97 ef 97 13 69 4e 91 Aug 26 13:22:23.547983: | 3f 2a c5 30 a9 b2 7d f8 fe c3 ed 82 e6 68 e3 47 Aug 26 13:22:23.547986: | 53 94 e9 f8 b4 21 43 2b 2d e1 b6 aa 44 fe 24 ae Aug 26 13:22:23.547989: | 89 69 4c e8 b4 7c 2a 87 0a 3e 21 56 cb 9b 1f 01 Aug 26 13:22:23.547992: | 7a 97 65 33 b1 25 44 85 89 2e 84 29 ba ac 67 87 Aug 26 13:22:23.547995: | a0 2a b2 ab ff 41 df b6 78 49 8c 24 8c a2 52 8e Aug 26 13:22:23.547999: | 84 c9 34 c2 23 9b 32 a5 bb bd 3f 31 2f 83 89 93 Aug 26 13:22:23.548002: | 24 f7 d2 b2 c1 6e 08 dc a9 f6 b5 04 64 85 87 05 Aug 26 13:22:23.548005: | f1 56 60 d3 fe fe f0 0a dd 26 4e 38 07 2d 9e d4 Aug 26 13:22:23.548008: | 62 db 0c a7 e8 a7 2a c9 1c de 93 74 Aug 26 13:22:23.548015: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 13:22:23.548021: | **parse ISAKMP Message: Aug 26 13:22:23.548025: | initiator cookie: Aug 26 13:22:23.548028: | ff 46 30 fd 82 4a 54 6b Aug 26 13:22:23.548032: | responder cookie: Aug 26 13:22:23.548035: | d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:23.548039: | next payload type: ISAKMP_NEXT_HASH (0x8) Aug 26 13:22:23.548043: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 13:22:23.548047: | exchange type: ISAKMP_XCHG_QUICK (0x20) Aug 26 13:22:23.548051: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 13:22:23.548054: | Message ID: 402612428 (0x17ff60cc) Aug 26 13:22:23.548058: | length: 460 (0x1cc) Aug 26 13:22:23.548062: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32) Aug 26 13:22:23.548069: | State DB: found IKEv1 state #4 in QUICK_I1 (find_state_ikev1) Aug 26 13:22:23.548076: | start processing: state #4 connection "north-dpd/0x2" from 192.1.2.23 (in process_v1_packet() at ikev1.c:1633) Aug 26 13:22:23.548080: | #4 is idle Aug 26 13:22:23.548084: | #4 idle Aug 26 13:22:23.548089: | "north-dpd/0x2" #4: discarding duplicate packet; already STATE_QUICK_I1; replied=F retransmit_on_duplicate=F Aug 26 13:22:23.548095: | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) Aug 26 13:22:23.548102: | stop processing: state #4 connection "north-dpd/0x2" from 192.1.2.23 (in process_md() at demux.c:382) Aug 26 13:22:23.548106: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:22:23.548112: | spent 0.216 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:22:23.548127: | spent 0.00232 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:22:23.548140: | *received 460 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 13:22:23.548144: | ff 46 30 fd 82 4a 54 6b d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:23.548148: | 08 10 20 01 7d 20 6b 25 00 00 01 cc af 36 6f 0c Aug 26 13:22:23.548151: | 84 ee 71 a9 51 a8 42 2e 9c e1 24 b8 71 b4 a5 93 Aug 26 13:22:23.548154: | de e8 dc 17 62 37 71 d5 a1 f6 82 57 96 56 b3 c6 Aug 26 13:22:23.548157: | 76 d1 d6 36 c4 72 23 b3 f3 c5 ff d3 a4 cf d0 8e Aug 26 13:22:23.548160: | ad c5 9a 7b e8 fd e1 3c eb 8b 45 35 6d 63 de 11 Aug 26 13:22:23.548164: | 29 74 d0 79 5c 7b 82 e3 34 59 22 44 12 ba fb 41 Aug 26 13:22:23.548167: | e8 f9 d6 dd 3f 63 d6 63 ac d8 dd 13 bf 4a 20 66 Aug 26 13:22:23.548170: | 90 e6 f7 63 f0 e0 34 a3 87 71 aa ce 67 c7 41 40 Aug 26 13:22:23.548173: | 82 a0 e9 da 1c 1e 04 df 59 5a a4 e1 5f 70 e2 ca Aug 26 13:22:23.548176: | a3 50 8e ab 30 c1 3d e6 00 69 4c e3 87 3f 26 9e Aug 26 13:22:23.548179: | 59 96 ef 81 60 96 d3 f4 c4 f8 7a e5 42 77 3f 2a Aug 26 13:22:23.548183: | b3 7b 76 93 d1 28 ca db 44 07 e6 12 2a 6b 75 a9 Aug 26 13:22:23.548186: | 49 9e 30 24 b2 aa 98 b2 4a 09 5f ac 04 5a 76 b6 Aug 26 13:22:23.548189: | 84 51 db ae 4d 7e 36 24 51 43 6b 2b 86 88 79 4e Aug 26 13:22:23.548192: | e3 54 3a de 1f 63 48 c7 1d b3 83 00 45 1d ba 1f Aug 26 13:22:23.548195: | 3d 5b 05 dc fb f2 26 d6 70 65 0e 56 6c 4c 88 de Aug 26 13:22:23.548198: | 53 ff ba 2e 0a e7 38 87 04 18 77 a3 40 06 21 72 Aug 26 13:22:23.548201: | 0d 48 6f 9b 13 64 cf e2 34 aa 64 4c 19 13 c9 af Aug 26 13:22:23.548205: | c0 44 36 cf 0e f1 c1 fb c2 35 9f 80 2c 48 f8 62 Aug 26 13:22:23.548208: | 69 f5 da 06 e0 33 34 4e 35 d7 01 53 00 29 23 a8 Aug 26 13:22:23.548211: | 6b 9b d5 fe fd e6 4b a3 aa e5 71 b8 b5 6d 75 e1 Aug 26 13:22:23.548214: | f1 bd 65 9c 6e 21 eb a5 64 95 6d ec df 6b 21 28 Aug 26 13:22:23.548217: | a0 52 a2 2c a5 89 2f a2 af 89 8a c9 a2 f7 55 bb Aug 26 13:22:23.548220: | 91 a2 a2 44 85 d3 3e 79 7c 2b db 08 60 f8 5a 9d Aug 26 13:22:23.548224: | 88 75 71 dd 47 8d 0e 70 66 60 9a f8 4d 81 10 81 Aug 26 13:22:23.548227: | 7d c4 e6 bd 77 84 54 13 d1 3b eb f6 6e 7f 1c 4f Aug 26 13:22:23.548230: | c4 3c 63 e0 ea 33 4e d1 fa 99 78 14 83 c6 d9 34 Aug 26 13:22:23.548233: | bc fc 0d 2d db e4 5e ab 81 5d 99 08 Aug 26 13:22:23.548238: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 13:22:23.548242: | **parse ISAKMP Message: Aug 26 13:22:23.548246: | initiator cookie: Aug 26 13:22:23.548249: | ff 46 30 fd 82 4a 54 6b Aug 26 13:22:23.548252: | responder cookie: Aug 26 13:22:23.548255: | d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:23.548259: | next payload type: ISAKMP_NEXT_HASH (0x8) Aug 26 13:22:23.548262: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 13:22:23.548266: | exchange type: ISAKMP_XCHG_QUICK (0x20) Aug 26 13:22:23.548269: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 13:22:23.548273: | Message ID: 2099276581 (0x7d206b25) Aug 26 13:22:23.548276: | length: 460 (0x1cc) Aug 26 13:22:23.548280: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32) Aug 26 13:22:23.548284: | State DB: found IKEv1 state #5 in QUICK_I1 (find_state_ikev1) Aug 26 13:22:23.548310: | start processing: state #5 connection "north-dpd/0x1" from 192.1.2.23 (in process_v1_packet() at ikev1.c:1633) Aug 26 13:22:23.548315: | #5 is idle Aug 26 13:22:23.548319: | #5 idle Aug 26 13:22:23.548323: | "north-dpd/0x1" #5: discarding duplicate packet; already STATE_QUICK_I1; replied=F retransmit_on_duplicate=F Aug 26 13:22:23.548329: | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) Aug 26 13:22:23.548339: | stop processing: state #5 connection "north-dpd/0x1" from 192.1.2.23 (in process_md() at demux.c:382) Aug 26 13:22:23.548344: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:22:23.548353: | spent 0.201 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:22:24.549957: | spent 0.00992 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:22:24.550027: | *received 460 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 13:22:24.550038: | ff 46 30 fd 82 4a 54 6b d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:24.550045: | 08 10 20 01 17 ff 60 cc 00 00 01 cc 91 d8 8d ab Aug 26 13:22:24.550051: | 13 84 10 79 0c 45 94 a3 57 8e f0 7f 3f 6d 6b f8 Aug 26 13:22:24.550057: | d7 6b f0 22 26 d2 a8 2f c2 2e 83 c3 44 3c 19 62 Aug 26 13:22:24.550063: | 86 5b cf ef 37 22 b6 8d f9 ad d8 7d 0f ff 82 88 Aug 26 13:22:24.550069: | 01 54 f3 c1 6c 83 70 02 f3 19 96 3e 7e f9 3d 0f Aug 26 13:22:24.550075: | 1a 2c 33 a0 4c 89 62 34 ac 14 4e 13 bc 8a 21 7b Aug 26 13:22:24.550081: | 00 14 44 6b 60 94 db ed e6 4a 4a 5a d2 27 78 86 Aug 26 13:22:24.550087: | 74 d7 81 87 45 7a d6 73 db 60 52 ee 06 42 1b 02 Aug 26 13:22:24.550093: | 00 6b 63 00 b6 29 9e 77 8e 75 ea d9 f1 da 31 71 Aug 26 13:22:24.550099: | 66 6c a4 4f de 0b 2d eb c1 74 31 16 58 cf b1 68 Aug 26 13:22:24.550105: | e2 95 0e 30 ff fb c6 fd 22 52 53 67 cc bf a7 84 Aug 26 13:22:24.550111: | 67 f3 2d 61 cf 79 66 2c be a8 b7 62 e5 b7 ac 0f Aug 26 13:22:24.550118: | 90 68 d4 c8 a2 d8 e2 01 a7 c6 e8 33 61 82 3b 6b Aug 26 13:22:24.550124: | 47 42 ff d1 78 4b 94 a4 2b 42 3d ab 90 1c 25 00 Aug 26 13:22:24.550130: | 62 5e 9c a1 02 54 b8 c3 cc b8 63 b1 0b 8a 6b 5f Aug 26 13:22:24.550136: | 09 3c 58 ef 71 93 a1 3c 18 23 60 62 04 15 bf 87 Aug 26 13:22:24.550142: | 40 0f cf d4 47 42 33 78 4d 1f cb a9 44 24 f6 88 Aug 26 13:22:24.550148: | 4b 76 c0 04 cd 76 51 14 1e 7f f9 a7 f0 c4 7f 68 Aug 26 13:22:24.550154: | e3 d5 c2 83 f9 f1 ed 71 9a 97 ef 97 13 69 4e 91 Aug 26 13:22:24.550160: | 3f 2a c5 30 a9 b2 7d f8 fe c3 ed 82 e6 68 e3 47 Aug 26 13:22:24.550166: | 53 94 e9 f8 b4 21 43 2b 2d e1 b6 aa 44 fe 24 ae Aug 26 13:22:24.550172: | 89 69 4c e8 b4 7c 2a 87 0a 3e 21 56 cb 9b 1f 01 Aug 26 13:22:24.550178: | 7a 97 65 33 b1 25 44 85 89 2e 84 29 ba ac 67 87 Aug 26 13:22:24.550184: | a0 2a b2 ab ff 41 df b6 78 49 8c 24 8c a2 52 8e Aug 26 13:22:24.550190: | 84 c9 34 c2 23 9b 32 a5 bb bd 3f 31 2f 83 89 93 Aug 26 13:22:24.550196: | 24 f7 d2 b2 c1 6e 08 dc a9 f6 b5 04 64 85 87 05 Aug 26 13:22:24.550202: | f1 56 60 d3 fe fe f0 0a dd 26 4e 38 07 2d 9e d4 Aug 26 13:22:24.550208: | 62 db 0c a7 e8 a7 2a c9 1c de 93 74 Aug 26 13:22:24.550220: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 13:22:24.550231: | **parse ISAKMP Message: Aug 26 13:22:24.550238: | initiator cookie: Aug 26 13:22:24.550244: | ff 46 30 fd 82 4a 54 6b Aug 26 13:22:24.550251: | responder cookie: Aug 26 13:22:24.550257: | d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:24.550264: | next payload type: ISAKMP_NEXT_HASH (0x8) Aug 26 13:22:24.550272: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 13:22:24.550279: | exchange type: ISAKMP_XCHG_QUICK (0x20) Aug 26 13:22:24.550286: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 13:22:24.550330: | Message ID: 402612428 (0x17ff60cc) Aug 26 13:22:24.550337: | length: 460 (0x1cc) Aug 26 13:22:24.550346: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32) Aug 26 13:22:24.550357: | State DB: found IKEv1 state #4 in QUICK_I1 (find_state_ikev1) Aug 26 13:22:24.550371: | start processing: state #4 connection "north-dpd/0x2" from 192.1.2.23 (in process_v1_packet() at ikev1.c:1633) Aug 26 13:22:24.550379: | #4 is idle Aug 26 13:22:24.550385: | #4 idle Aug 26 13:22:24.550397: | "north-dpd/0x2" #4: discarding duplicate packet; already STATE_QUICK_I1; replied=F retransmit_on_duplicate=F Aug 26 13:22:24.550408: | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) Aug 26 13:22:24.550421: | stop processing: state #4 connection "north-dpd/0x2" from 192.1.2.23 (in process_md() at demux.c:382) Aug 26 13:22:24.550439: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:22:24.550453: | spent 0.424 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:22:24.550476: | spent 0.0046 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:22:24.550501: | *received 460 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 13:22:24.550509: | ff 46 30 fd 82 4a 54 6b d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:24.550516: | 08 10 20 01 7d 20 6b 25 00 00 01 cc af 36 6f 0c Aug 26 13:22:24.550522: | 84 ee 71 a9 51 a8 42 2e 9c e1 24 b8 71 b4 a5 93 Aug 26 13:22:24.550528: | de e8 dc 17 62 37 71 d5 a1 f6 82 57 96 56 b3 c6 Aug 26 13:22:24.550534: | 76 d1 d6 36 c4 72 23 b3 f3 c5 ff d3 a4 cf d0 8e Aug 26 13:22:24.550540: | ad c5 9a 7b e8 fd e1 3c eb 8b 45 35 6d 63 de 11 Aug 26 13:22:24.550546: | 29 74 d0 79 5c 7b 82 e3 34 59 22 44 12 ba fb 41 Aug 26 13:22:24.550552: | e8 f9 d6 dd 3f 63 d6 63 ac d8 dd 13 bf 4a 20 66 Aug 26 13:22:24.550558: | 90 e6 f7 63 f0 e0 34 a3 87 71 aa ce 67 c7 41 40 Aug 26 13:22:24.550564: | 82 a0 e9 da 1c 1e 04 df 59 5a a4 e1 5f 70 e2 ca Aug 26 13:22:24.550570: | a3 50 8e ab 30 c1 3d e6 00 69 4c e3 87 3f 26 9e Aug 26 13:22:24.550576: | 59 96 ef 81 60 96 d3 f4 c4 f8 7a e5 42 77 3f 2a Aug 26 13:22:24.550582: | b3 7b 76 93 d1 28 ca db 44 07 e6 12 2a 6b 75 a9 Aug 26 13:22:24.550588: | 49 9e 30 24 b2 aa 98 b2 4a 09 5f ac 04 5a 76 b6 Aug 26 13:22:24.550594: | 84 51 db ae 4d 7e 36 24 51 43 6b 2b 86 88 79 4e Aug 26 13:22:24.550600: | e3 54 3a de 1f 63 48 c7 1d b3 83 00 45 1d ba 1f Aug 26 13:22:24.550606: | 3d 5b 05 dc fb f2 26 d6 70 65 0e 56 6c 4c 88 de Aug 26 13:22:24.550612: | 53 ff ba 2e 0a e7 38 87 04 18 77 a3 40 06 21 72 Aug 26 13:22:24.550618: | 0d 48 6f 9b 13 64 cf e2 34 aa 64 4c 19 13 c9 af Aug 26 13:22:24.550624: | c0 44 36 cf 0e f1 c1 fb c2 35 9f 80 2c 48 f8 62 Aug 26 13:22:24.550630: | 69 f5 da 06 e0 33 34 4e 35 d7 01 53 00 29 23 a8 Aug 26 13:22:24.550636: | 6b 9b d5 fe fd e6 4b a3 aa e5 71 b8 b5 6d 75 e1 Aug 26 13:22:24.550642: | f1 bd 65 9c 6e 21 eb a5 64 95 6d ec df 6b 21 28 Aug 26 13:22:24.550648: | a0 52 a2 2c a5 89 2f a2 af 89 8a c9 a2 f7 55 bb Aug 26 13:22:24.550654: | 91 a2 a2 44 85 d3 3e 79 7c 2b db 08 60 f8 5a 9d Aug 26 13:22:24.550660: | 88 75 71 dd 47 8d 0e 70 66 60 9a f8 4d 81 10 81 Aug 26 13:22:24.550666: | 7d c4 e6 bd 77 84 54 13 d1 3b eb f6 6e 7f 1c 4f Aug 26 13:22:24.550672: | c4 3c 63 e0 ea 33 4e d1 fa 99 78 14 83 c6 d9 34 Aug 26 13:22:24.550678: | bc fc 0d 2d db e4 5e ab 81 5d 99 08 Aug 26 13:22:24.550688: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 13:22:24.550696: | **parse ISAKMP Message: Aug 26 13:22:24.550702: | initiator cookie: Aug 26 13:22:24.550708: | ff 46 30 fd 82 4a 54 6b Aug 26 13:22:24.550715: | responder cookie: Aug 26 13:22:24.550720: | d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:24.550727: | next payload type: ISAKMP_NEXT_HASH (0x8) Aug 26 13:22:24.550734: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 13:22:24.550741: | exchange type: ISAKMP_XCHG_QUICK (0x20) Aug 26 13:22:24.550747: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 13:22:24.550754: | Message ID: 2099276581 (0x7d206b25) Aug 26 13:22:24.550760: | length: 460 (0x1cc) Aug 26 13:22:24.550768: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32) Aug 26 13:22:24.550776: | State DB: found IKEv1 state #5 in QUICK_I1 (find_state_ikev1) Aug 26 13:22:24.550787: | start processing: state #5 connection "north-dpd/0x1" from 192.1.2.23 (in process_v1_packet() at ikev1.c:1633) Aug 26 13:22:24.550793: | #5 is idle Aug 26 13:22:24.550799: | #5 idle Aug 26 13:22:24.550808: | "north-dpd/0x1" #5: discarding duplicate packet; already STATE_QUICK_I1; replied=F retransmit_on_duplicate=F Aug 26 13:22:24.550818: | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) Aug 26 13:22:24.550834: | stop processing: state #5 connection "north-dpd/0x1" from 192.1.2.23 (in process_md() at demux.c:382) Aug 26 13:22:24.550841: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:22:24.550852: | spent 0.365 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:22:26.553127: | spent 0.00733 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:22:26.553180: | *received 460 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 13:22:26.553188: | ff 46 30 fd 82 4a 54 6b d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:26.553193: | 08 10 20 01 17 ff 60 cc 00 00 01 cc 91 d8 8d ab Aug 26 13:22:26.553197: | 13 84 10 79 0c 45 94 a3 57 8e f0 7f 3f 6d 6b f8 Aug 26 13:22:26.553201: | d7 6b f0 22 26 d2 a8 2f c2 2e 83 c3 44 3c 19 62 Aug 26 13:22:26.553206: | 86 5b cf ef 37 22 b6 8d f9 ad d8 7d 0f ff 82 88 Aug 26 13:22:26.553210: | 01 54 f3 c1 6c 83 70 02 f3 19 96 3e 7e f9 3d 0f Aug 26 13:22:26.553214: | 1a 2c 33 a0 4c 89 62 34 ac 14 4e 13 bc 8a 21 7b Aug 26 13:22:26.553219: | 00 14 44 6b 60 94 db ed e6 4a 4a 5a d2 27 78 86 Aug 26 13:22:26.553223: | 74 d7 81 87 45 7a d6 73 db 60 52 ee 06 42 1b 02 Aug 26 13:22:26.553227: | 00 6b 63 00 b6 29 9e 77 8e 75 ea d9 f1 da 31 71 Aug 26 13:22:26.553232: | 66 6c a4 4f de 0b 2d eb c1 74 31 16 58 cf b1 68 Aug 26 13:22:26.553236: | e2 95 0e 30 ff fb c6 fd 22 52 53 67 cc bf a7 84 Aug 26 13:22:26.553240: | 67 f3 2d 61 cf 79 66 2c be a8 b7 62 e5 b7 ac 0f Aug 26 13:22:26.553244: | 90 68 d4 c8 a2 d8 e2 01 a7 c6 e8 33 61 82 3b 6b Aug 26 13:22:26.553249: | 47 42 ff d1 78 4b 94 a4 2b 42 3d ab 90 1c 25 00 Aug 26 13:22:26.553253: | 62 5e 9c a1 02 54 b8 c3 cc b8 63 b1 0b 8a 6b 5f Aug 26 13:22:26.553257: | 09 3c 58 ef 71 93 a1 3c 18 23 60 62 04 15 bf 87 Aug 26 13:22:26.553262: | 40 0f cf d4 47 42 33 78 4d 1f cb a9 44 24 f6 88 Aug 26 13:22:26.553266: | 4b 76 c0 04 cd 76 51 14 1e 7f f9 a7 f0 c4 7f 68 Aug 26 13:22:26.553270: | e3 d5 c2 83 f9 f1 ed 71 9a 97 ef 97 13 69 4e 91 Aug 26 13:22:26.553275: | 3f 2a c5 30 a9 b2 7d f8 fe c3 ed 82 e6 68 e3 47 Aug 26 13:22:26.553279: | 53 94 e9 f8 b4 21 43 2b 2d e1 b6 aa 44 fe 24 ae Aug 26 13:22:26.553283: | 89 69 4c e8 b4 7c 2a 87 0a 3e 21 56 cb 9b 1f 01 Aug 26 13:22:26.553310: | 7a 97 65 33 b1 25 44 85 89 2e 84 29 ba ac 67 87 Aug 26 13:22:26.553320: | a0 2a b2 ab ff 41 df b6 78 49 8c 24 8c a2 52 8e Aug 26 13:22:26.553325: | 84 c9 34 c2 23 9b 32 a5 bb bd 3f 31 2f 83 89 93 Aug 26 13:22:26.553329: | 24 f7 d2 b2 c1 6e 08 dc a9 f6 b5 04 64 85 87 05 Aug 26 13:22:26.553334: | f1 56 60 d3 fe fe f0 0a dd 26 4e 38 07 2d 9e d4 Aug 26 13:22:26.553338: | 62 db 0c a7 e8 a7 2a c9 1c de 93 74 Aug 26 13:22:26.553348: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 13:22:26.553356: | **parse ISAKMP Message: Aug 26 13:22:26.553362: | initiator cookie: Aug 26 13:22:26.553366: | ff 46 30 fd 82 4a 54 6b Aug 26 13:22:26.553371: | responder cookie: Aug 26 13:22:26.553375: | d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:26.553381: | next payload type: ISAKMP_NEXT_HASH (0x8) Aug 26 13:22:26.553386: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 13:22:26.553391: | exchange type: ISAKMP_XCHG_QUICK (0x20) Aug 26 13:22:26.553397: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 13:22:26.553402: | Message ID: 402612428 (0x17ff60cc) Aug 26 13:22:26.553407: | length: 460 (0x1cc) Aug 26 13:22:26.553413: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32) Aug 26 13:22:26.553421: | State DB: found IKEv1 state #4 in QUICK_I1 (find_state_ikev1) Aug 26 13:22:26.553431: | start processing: state #4 connection "north-dpd/0x2" from 192.1.2.23 (in process_v1_packet() at ikev1.c:1633) Aug 26 13:22:26.553437: | #4 is idle Aug 26 13:22:26.553442: | #4 idle Aug 26 13:22:26.553450: | "north-dpd/0x2" #4: discarding duplicate packet; already STATE_QUICK_I1; replied=F retransmit_on_duplicate=F Aug 26 13:22:26.553459: | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) Aug 26 13:22:26.553475: | stop processing: state #4 connection "north-dpd/0x2" from 192.1.2.23 (in process_md() at demux.c:382) Aug 26 13:22:26.553482: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:22:26.553491: | spent 0.312 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:22:26.553508: | spent 0.0033 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:22:26.553526: | *received 460 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 13:22:26.553532: | ff 46 30 fd 82 4a 54 6b d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:26.553537: | 08 10 20 01 7d 20 6b 25 00 00 01 cc af 36 6f 0c Aug 26 13:22:26.553541: | 84 ee 71 a9 51 a8 42 2e 9c e1 24 b8 71 b4 a5 93 Aug 26 13:22:26.553545: | de e8 dc 17 62 37 71 d5 a1 f6 82 57 96 56 b3 c6 Aug 26 13:22:26.553550: | 76 d1 d6 36 c4 72 23 b3 f3 c5 ff d3 a4 cf d0 8e Aug 26 13:22:26.553554: | ad c5 9a 7b e8 fd e1 3c eb 8b 45 35 6d 63 de 11 Aug 26 13:22:26.553558: | 29 74 d0 79 5c 7b 82 e3 34 59 22 44 12 ba fb 41 Aug 26 13:22:26.553563: | e8 f9 d6 dd 3f 63 d6 63 ac d8 dd 13 bf 4a 20 66 Aug 26 13:22:26.553567: | 90 e6 f7 63 f0 e0 34 a3 87 71 aa ce 67 c7 41 40 Aug 26 13:22:26.553571: | 82 a0 e9 da 1c 1e 04 df 59 5a a4 e1 5f 70 e2 ca Aug 26 13:22:26.553575: | a3 50 8e ab 30 c1 3d e6 00 69 4c e3 87 3f 26 9e Aug 26 13:22:26.553580: | 59 96 ef 81 60 96 d3 f4 c4 f8 7a e5 42 77 3f 2a Aug 26 13:22:26.553584: | b3 7b 76 93 d1 28 ca db 44 07 e6 12 2a 6b 75 a9 Aug 26 13:22:26.553588: | 49 9e 30 24 b2 aa 98 b2 4a 09 5f ac 04 5a 76 b6 Aug 26 13:22:26.553593: | 84 51 db ae 4d 7e 36 24 51 43 6b 2b 86 88 79 4e Aug 26 13:22:26.553597: | e3 54 3a de 1f 63 48 c7 1d b3 83 00 45 1d ba 1f Aug 26 13:22:26.553601: | 3d 5b 05 dc fb f2 26 d6 70 65 0e 56 6c 4c 88 de Aug 26 13:22:26.553606: | 53 ff ba 2e 0a e7 38 87 04 18 77 a3 40 06 21 72 Aug 26 13:22:26.553610: | 0d 48 6f 9b 13 64 cf e2 34 aa 64 4c 19 13 c9 af Aug 26 13:22:26.553614: | c0 44 36 cf 0e f1 c1 fb c2 35 9f 80 2c 48 f8 62 Aug 26 13:22:26.553619: | 69 f5 da 06 e0 33 34 4e 35 d7 01 53 00 29 23 a8 Aug 26 13:22:26.553623: | 6b 9b d5 fe fd e6 4b a3 aa e5 71 b8 b5 6d 75 e1 Aug 26 13:22:26.553627: | f1 bd 65 9c 6e 21 eb a5 64 95 6d ec df 6b 21 28 Aug 26 13:22:26.553631: | a0 52 a2 2c a5 89 2f a2 af 89 8a c9 a2 f7 55 bb Aug 26 13:22:26.553636: | 91 a2 a2 44 85 d3 3e 79 7c 2b db 08 60 f8 5a 9d Aug 26 13:22:26.553640: | 88 75 71 dd 47 8d 0e 70 66 60 9a f8 4d 81 10 81 Aug 26 13:22:26.553644: | 7d c4 e6 bd 77 84 54 13 d1 3b eb f6 6e 7f 1c 4f Aug 26 13:22:26.553649: | c4 3c 63 e0 ea 33 4e d1 fa 99 78 14 83 c6 d9 34 Aug 26 13:22:26.553653: | bc fc 0d 2d db e4 5e ab 81 5d 99 08 Aug 26 13:22:26.553660: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 13:22:26.553665: | **parse ISAKMP Message: Aug 26 13:22:26.553670: | initiator cookie: Aug 26 13:22:26.553674: | ff 46 30 fd 82 4a 54 6b Aug 26 13:22:26.553679: | responder cookie: Aug 26 13:22:26.553683: | d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:26.553688: | next payload type: ISAKMP_NEXT_HASH (0x8) Aug 26 13:22:26.553693: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 13:22:26.553697: | exchange type: ISAKMP_XCHG_QUICK (0x20) Aug 26 13:22:26.553702: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 13:22:26.553707: | Message ID: 2099276581 (0x7d206b25) Aug 26 13:22:26.553711: | length: 460 (0x1cc) Aug 26 13:22:26.553717: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32) Aug 26 13:22:26.553722: | State DB: found IKEv1 state #5 in QUICK_I1 (find_state_ikev1) Aug 26 13:22:26.553730: | start processing: state #5 connection "north-dpd/0x1" from 192.1.2.23 (in process_v1_packet() at ikev1.c:1633) Aug 26 13:22:26.553735: | #5 is idle Aug 26 13:22:26.553739: | #5 idle Aug 26 13:22:26.553746: | "north-dpd/0x1" #5: discarding duplicate packet; already STATE_QUICK_I1; replied=F retransmit_on_duplicate=F Aug 26 13:22:26.553757: | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) Aug 26 13:22:26.553765: | stop processing: state #5 connection "north-dpd/0x1" from 192.1.2.23 (in process_md() at demux.c:382) Aug 26 13:22:26.553770: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:22:26.553778: | spent 0.261 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:22:30.557873: | spent 0.00573 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:22:30.557914: | *received 460 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 13:22:30.557920: | ff 46 30 fd 82 4a 54 6b d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:30.557924: | 08 10 20 01 17 ff 60 cc 00 00 01 cc 91 d8 8d ab Aug 26 13:22:30.557928: | 13 84 10 79 0c 45 94 a3 57 8e f0 7f 3f 6d 6b f8 Aug 26 13:22:30.557931: | d7 6b f0 22 26 d2 a8 2f c2 2e 83 c3 44 3c 19 62 Aug 26 13:22:30.557934: | 86 5b cf ef 37 22 b6 8d f9 ad d8 7d 0f ff 82 88 Aug 26 13:22:30.557938: | 01 54 f3 c1 6c 83 70 02 f3 19 96 3e 7e f9 3d 0f Aug 26 13:22:30.557941: | 1a 2c 33 a0 4c 89 62 34 ac 14 4e 13 bc 8a 21 7b Aug 26 13:22:30.557944: | 00 14 44 6b 60 94 db ed e6 4a 4a 5a d2 27 78 86 Aug 26 13:22:30.557948: | 74 d7 81 87 45 7a d6 73 db 60 52 ee 06 42 1b 02 Aug 26 13:22:30.557951: | 00 6b 63 00 b6 29 9e 77 8e 75 ea d9 f1 da 31 71 Aug 26 13:22:30.557954: | 66 6c a4 4f de 0b 2d eb c1 74 31 16 58 cf b1 68 Aug 26 13:22:30.557958: | e2 95 0e 30 ff fb c6 fd 22 52 53 67 cc bf a7 84 Aug 26 13:22:30.557961: | 67 f3 2d 61 cf 79 66 2c be a8 b7 62 e5 b7 ac 0f Aug 26 13:22:30.557964: | 90 68 d4 c8 a2 d8 e2 01 a7 c6 e8 33 61 82 3b 6b Aug 26 13:22:30.557968: | 47 42 ff d1 78 4b 94 a4 2b 42 3d ab 90 1c 25 00 Aug 26 13:22:30.557971: | 62 5e 9c a1 02 54 b8 c3 cc b8 63 b1 0b 8a 6b 5f Aug 26 13:22:30.557974: | 09 3c 58 ef 71 93 a1 3c 18 23 60 62 04 15 bf 87 Aug 26 13:22:30.557978: | 40 0f cf d4 47 42 33 78 4d 1f cb a9 44 24 f6 88 Aug 26 13:22:30.557981: | 4b 76 c0 04 cd 76 51 14 1e 7f f9 a7 f0 c4 7f 68 Aug 26 13:22:30.557984: | e3 d5 c2 83 f9 f1 ed 71 9a 97 ef 97 13 69 4e 91 Aug 26 13:22:30.557988: | 3f 2a c5 30 a9 b2 7d f8 fe c3 ed 82 e6 68 e3 47 Aug 26 13:22:30.557991: | 53 94 e9 f8 b4 21 43 2b 2d e1 b6 aa 44 fe 24 ae Aug 26 13:22:30.557994: | 89 69 4c e8 b4 7c 2a 87 0a 3e 21 56 cb 9b 1f 01 Aug 26 13:22:30.557998: | 7a 97 65 33 b1 25 44 85 89 2e 84 29 ba ac 67 87 Aug 26 13:22:30.558001: | a0 2a b2 ab ff 41 df b6 78 49 8c 24 8c a2 52 8e Aug 26 13:22:30.558004: | 84 c9 34 c2 23 9b 32 a5 bb bd 3f 31 2f 83 89 93 Aug 26 13:22:30.558008: | 24 f7 d2 b2 c1 6e 08 dc a9 f6 b5 04 64 85 87 05 Aug 26 13:22:30.558011: | f1 56 60 d3 fe fe f0 0a dd 26 4e 38 07 2d 9e d4 Aug 26 13:22:30.558015: | 62 db 0c a7 e8 a7 2a c9 1c de 93 74 Aug 26 13:22:30.558021: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 13:22:30.558028: | **parse ISAKMP Message: Aug 26 13:22:30.558032: | initiator cookie: Aug 26 13:22:30.558035: | ff 46 30 fd 82 4a 54 6b Aug 26 13:22:30.558039: | responder cookie: Aug 26 13:22:30.558042: | d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:30.558046: | next payload type: ISAKMP_NEXT_HASH (0x8) Aug 26 13:22:30.558051: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 13:22:30.558054: | exchange type: ISAKMP_XCHG_QUICK (0x20) Aug 26 13:22:30.558058: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 13:22:30.558062: | Message ID: 402612428 (0x17ff60cc) Aug 26 13:22:30.558066: | length: 460 (0x1cc) Aug 26 13:22:30.558071: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32) Aug 26 13:22:30.558078: | State DB: found IKEv1 state #4 in QUICK_I1 (find_state_ikev1) Aug 26 13:22:30.558085: | start processing: state #4 connection "north-dpd/0x2" from 192.1.2.23 (in process_v1_packet() at ikev1.c:1633) Aug 26 13:22:30.558090: | #4 is idle Aug 26 13:22:30.558100: | #4 idle Aug 26 13:22:30.558107: | "north-dpd/0x2" #4: discarding duplicate packet; already STATE_QUICK_I1; replied=F retransmit_on_duplicate=F Aug 26 13:22:30.558114: | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) Aug 26 13:22:30.558120: | stop processing: state #4 connection "north-dpd/0x2" from 192.1.2.23 (in process_md() at demux.c:382) Aug 26 13:22:30.558125: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:22:30.558132: | spent 0.233 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:22:30.558145: | spent 0.0024 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:22:30.558158: | *received 460 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 13:22:30.558162: | ff 46 30 fd 82 4a 54 6b d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:30.558166: | 08 10 20 01 7d 20 6b 25 00 00 01 cc af 36 6f 0c Aug 26 13:22:30.558170: | 84 ee 71 a9 51 a8 42 2e 9c e1 24 b8 71 b4 a5 93 Aug 26 13:22:30.558173: | de e8 dc 17 62 37 71 d5 a1 f6 82 57 96 56 b3 c6 Aug 26 13:22:30.558176: | 76 d1 d6 36 c4 72 23 b3 f3 c5 ff d3 a4 cf d0 8e Aug 26 13:22:30.558180: | ad c5 9a 7b e8 fd e1 3c eb 8b 45 35 6d 63 de 11 Aug 26 13:22:30.558183: | 29 74 d0 79 5c 7b 82 e3 34 59 22 44 12 ba fb 41 Aug 26 13:22:30.558186: | e8 f9 d6 dd 3f 63 d6 63 ac d8 dd 13 bf 4a 20 66 Aug 26 13:22:30.558190: | 90 e6 f7 63 f0 e0 34 a3 87 71 aa ce 67 c7 41 40 Aug 26 13:22:30.558193: | 82 a0 e9 da 1c 1e 04 df 59 5a a4 e1 5f 70 e2 ca Aug 26 13:22:30.558196: | a3 50 8e ab 30 c1 3d e6 00 69 4c e3 87 3f 26 9e Aug 26 13:22:30.558200: | 59 96 ef 81 60 96 d3 f4 c4 f8 7a e5 42 77 3f 2a Aug 26 13:22:30.558203: | b3 7b 76 93 d1 28 ca db 44 07 e6 12 2a 6b 75 a9 Aug 26 13:22:30.558206: | 49 9e 30 24 b2 aa 98 b2 4a 09 5f ac 04 5a 76 b6 Aug 26 13:22:30.558210: | 84 51 db ae 4d 7e 36 24 51 43 6b 2b 86 88 79 4e Aug 26 13:22:30.558213: | e3 54 3a de 1f 63 48 c7 1d b3 83 00 45 1d ba 1f Aug 26 13:22:30.558216: | 3d 5b 05 dc fb f2 26 d6 70 65 0e 56 6c 4c 88 de Aug 26 13:22:30.558220: | 53 ff ba 2e 0a e7 38 87 04 18 77 a3 40 06 21 72 Aug 26 13:22:30.558223: | 0d 48 6f 9b 13 64 cf e2 34 aa 64 4c 19 13 c9 af Aug 26 13:22:30.558226: | c0 44 36 cf 0e f1 c1 fb c2 35 9f 80 2c 48 f8 62 Aug 26 13:22:30.558230: | 69 f5 da 06 e0 33 34 4e 35 d7 01 53 00 29 23 a8 Aug 26 13:22:30.558233: | 6b 9b d5 fe fd e6 4b a3 aa e5 71 b8 b5 6d 75 e1 Aug 26 13:22:30.558236: | f1 bd 65 9c 6e 21 eb a5 64 95 6d ec df 6b 21 28 Aug 26 13:22:30.558240: | a0 52 a2 2c a5 89 2f a2 af 89 8a c9 a2 f7 55 bb Aug 26 13:22:30.558243: | 91 a2 a2 44 85 d3 3e 79 7c 2b db 08 60 f8 5a 9d Aug 26 13:22:30.558246: | 88 75 71 dd 47 8d 0e 70 66 60 9a f8 4d 81 10 81 Aug 26 13:22:30.558250: | 7d c4 e6 bd 77 84 54 13 d1 3b eb f6 6e 7f 1c 4f Aug 26 13:22:30.558253: | c4 3c 63 e0 ea 33 4e d1 fa 99 78 14 83 c6 d9 34 Aug 26 13:22:30.558256: | bc fc 0d 2d db e4 5e ab 81 5d 99 08 Aug 26 13:22:30.558262: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 13:22:30.558266: | **parse ISAKMP Message: Aug 26 13:22:30.558270: | initiator cookie: Aug 26 13:22:30.558273: | ff 46 30 fd 82 4a 54 6b Aug 26 13:22:30.558277: | responder cookie: Aug 26 13:22:30.558280: | d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:30.558284: | next payload type: ISAKMP_NEXT_HASH (0x8) Aug 26 13:22:30.558287: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 13:22:30.558301: | exchange type: ISAKMP_XCHG_QUICK (0x20) Aug 26 13:22:30.558305: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 13:22:30.558309: | Message ID: 2099276581 (0x7d206b25) Aug 26 13:22:30.558312: | length: 460 (0x1cc) Aug 26 13:22:30.558317: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32) Aug 26 13:22:30.558326: | State DB: found IKEv1 state #5 in QUICK_I1 (find_state_ikev1) Aug 26 13:22:30.558333: | start processing: state #5 connection "north-dpd/0x1" from 192.1.2.23 (in process_v1_packet() at ikev1.c:1633) Aug 26 13:22:30.558341: | #5 is idle Aug 26 13:22:30.558345: | #5 idle Aug 26 13:22:30.558350: | "north-dpd/0x1" #5: discarding duplicate packet; already STATE_QUICK_I1; replied=F retransmit_on_duplicate=F Aug 26 13:22:30.558356: | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) Aug 26 13:22:30.558363: | stop processing: state #5 connection "north-dpd/0x1" from 192.1.2.23 (in process_md() at demux.c:382) Aug 26 13:22:30.558367: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:22:30.558373: | spent 0.215 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:22:31.464130: | kernel_process_msg_cb process netlink message Aug 26 13:22:31.464153: | netlink_get: XFRM_MSG_ACQUIRE message Aug 26 13:22:31.464155: | xfrm netlink msg len 376 Aug 26 13:22:31.464157: | xfrm acquire rtattribute type 5 Aug 26 13:22:31.464159: | xfrm acquire rtattribute type 16 Aug 26 13:22:31.464168: | add bare shunt 0x5649f9ab5ec8 192.0.3.254/32:8 --1--> 192.0.22.254/32:0 => %hold 0 %acquire-netlink Aug 26 13:22:31.464173: initiate on demand from 192.0.3.254:8 to 192.0.22.254:0 proto=1 because: acquire Aug 26 13:22:31.464176: | find_connection: looking for policy for connection: 192.0.3.254:1/8 -> 192.0.22.254:1/0 Aug 26 13:22:31.464178: | FOR_EACH_CONNECTION_... in find_connection_for_clients Aug 26 13:22:31.464182: | find_connection: conn "north-dpd/0x2" has compatible peers: 192.0.3.0/24 -> 192.0.22.0/24 [pri: 25214986] Aug 26 13:22:31.464184: | find_connection: first OK "north-dpd/0x2" [pri:25214986]{0x5649f9ac0c28} (child none) Aug 26 13:22:31.464186: | find_connection: concluding with "north-dpd/0x2" [pri:25214986]{0x5649f9ac0c28} kind=CK_PERMANENT Aug 26 13:22:31.464189: | assign hold, routing was prospective erouted, needs to be erouted HOLD Aug 26 13:22:31.464190: | assign_holdpass() need broad(er) shunt Aug 26 13:22:31.464192: | priority calculation of connection "north-dpd/0x2" is 0xfe7e7 Aug 26 13:22:31.464196: | eroute_connection replace %trap with broad %pass or %hold eroute 192.0.3.0/24:0 --0-> 192.0.22.0/24:0 => %hold>%hold (raw_eroute) Aug 26 13:22:31.464199: | netlink_raw_eroute: SPI_HOLD implemented as no-op Aug 26 13:22:31.464204: | raw_eroute result=success Aug 26 13:22:31.464205: | assign_holdpass() eroute_connection() done Aug 26 13:22:31.464207: | fiddle_bare_shunt called Aug 26 13:22:31.464209: | fiddle_bare_shunt with transport_proto 1 Aug 26 13:22:31.464210: | removing specific host-to-host bare shunt Aug 26 13:22:31.464213: | delete narrow %hold eroute 192.0.3.254/32:8 --1-> 192.0.22.254/32:0 => %hold (raw_eroute) Aug 26 13:22:31.464215: | netlink_raw_eroute: SPI_PASS Aug 26 13:22:31.464467: | raw_eroute result=success Aug 26 13:22:31.464473: | raw_eroute with op='delete' for transport_proto='1' kernel shunt succeeded, bare shunt lookup succeeded Aug 26 13:22:31.464476: | delete bare shunt 0x5649f9ab5ec8 192.0.3.254/32:8 --1--> 192.0.22.254/32:0 => %hold 0 %acquire-netlink Aug 26 13:22:31.464478: assign_holdpass() delete_bare_shunt() failed Aug 26 13:22:31.464480: initiate_ondemand_body() failed to install negotiation_shunt, Aug 26 13:22:31.464482: | FOR_EACH_STATE_... in find_phase1_state Aug 26 13:22:31.464487: | creating state object #7 at 0x5649f9ae53f8 Aug 26 13:22:31.464490: | State DB: adding IKEv1 state #7 in UNDEFINED Aug 26 13:22:31.464496: | pstats #7 ikev1.ipsec started Aug 26 13:22:31.464498: | duplicating state object #1 "north-dpd/0x2" as #7 for IPSEC SA Aug 26 13:22:31.464502: | #7 setting local endpoint to 192.1.3.33:500 from #1.st_localport (in duplicate_state() at state.c:1484) Aug 26 13:22:31.464507: | start processing: state #7 connection "north-dpd/0x2" from 192.1.2.23 (in quick_outI1() at ikev1_quick.c:685) Aug 26 13:22:31.464521: | child state #7: UNDEFINED(ignore) => QUICK_I1(established CHILD SA) Aug 26 13:22:31.464526: "north-dpd/0x2" #7: initiating Quick Mode RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO {using isakmp#1 msgid:6e4749b1 proposal=defaults pfsgroup=MODP2048} Aug 26 13:22:31.464533: | adding quick_outI1 KE work-order 13 for state #7 Aug 26 13:22:31.464535: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x5649f9a4e1b8 Aug 26 13:22:31.464538: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #7 Aug 26 13:22:31.464540: | libevent_malloc: new ptr-libevent@0x5649f9ab60f8 size 128 Aug 26 13:22:31.464549: | stop processing: state #7 connection "north-dpd/0x2" from 192.1.2.23 (in quick_outI1() at ikev1_quick.c:764) Aug 26 13:22:31.464552: | initiate on demand using RSASIG from 192.0.3.254 to 192.0.22.254 Aug 26 13:22:31.464558: | spent 0.404 milliseconds in kernel message Aug 26 13:22:31.464586: | crypto helper 6 resuming Aug 26 13:22:31.464596: | crypto helper 6 starting work-order 13 for state #7 Aug 26 13:22:31.464599: | crypto helper 6 doing build KE and nonce (quick_outI1 KE); request ID 13 Aug 26 13:22:31.465138: | crypto helper 6 finished build KE and nonce (quick_outI1 KE); request ID 13 time elapsed 0.000539 seconds Aug 26 13:22:31.465143: | (#7) spent 0.543 milliseconds in crypto helper computing work-order 13: quick_outI1 KE (pcr) Aug 26 13:22:31.465145: | crypto helper 6 sending results from work-order 13 for state #7 to event queue Aug 26 13:22:31.465148: | scheduling resume sending helper answer for #7 Aug 26 13:22:31.465150: | libevent_malloc: new ptr-libevent@0x7f83a8005df8 size 128 Aug 26 13:22:31.465156: | crypto helper 6 waiting (nothing to do) Aug 26 13:22:31.465193: | processing resume sending helper answer for #7 Aug 26 13:22:31.465203: | start processing: state #7 connection "north-dpd/0x2" from 192.1.2.23 (in resume_handler() at server.c:797) Aug 26 13:22:31.465206: | crypto helper 6 replies to request ID 13 Aug 26 13:22:31.465208: | calling continuation function 0x5649f7dc5b50 Aug 26 13:22:31.465210: | quick_outI1_continue for #7: calculated ke+nonce, sending I1 Aug 26 13:22:31.465214: | **emit ISAKMP Message: Aug 26 13:22:31.465216: | initiator cookie: Aug 26 13:22:31.465218: | ff 46 30 fd 82 4a 54 6b Aug 26 13:22:31.465220: | responder cookie: Aug 26 13:22:31.465221: | d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:31.465223: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:31.465225: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 13:22:31.465227: | exchange type: ISAKMP_XCHG_QUICK (0x20) Aug 26 13:22:31.465229: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 13:22:31.465231: | Message ID: 1850165681 (0x6e4749b1) Aug 26 13:22:31.465233: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:22:31.465235: | ***emit ISAKMP Hash Payload: Aug 26 13:22:31.465237: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:31.465239: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Aug 26 13:22:31.465241: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'reply packet' Aug 26 13:22:31.465243: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Aug 26 13:22:31.465245: | emitting length of ISAKMP Hash Payload: 36 Aug 26 13:22:31.465246: | emitting quick defaults using policy none Aug 26 13:22:31.465248: | empty esp_info, returning defaults for ENCRYPT Aug 26 13:22:31.465251: | ***emit ISAKMP Security Association Payload: Aug 26 13:22:31.465253: | next payload type: ISAKMP_NEXT_NONCE (0xa) Aug 26 13:22:31.465255: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 13:22:31.465257: | next payload chain: ignoring supplied 'ISAKMP Security Association Payload'.'next payload type' value 10:ISAKMP_NEXT_NONCE Aug 26 13:22:31.465259: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Security Association Payload (1:ISAKMP_NEXT_SA) Aug 26 13:22:31.465261: | next payload chain: saving location 'ISAKMP Security Association Payload'.'next payload type' in 'reply packet' Aug 26 13:22:31.465263: | ****emit IPsec DOI SIT: Aug 26 13:22:31.465264: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) Aug 26 13:22:31.465268: | ikev1_out_sa pcn: 0 has 1 valid proposals Aug 26 13:22:31.465271: | ikev1_out_sa pcn: 0 pn: 0<1 valid_count: 1 trans_cnt: 2 Aug 26 13:22:31.465272: | ****emit ISAKMP Proposal Payload: Aug 26 13:22:31.465274: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:31.465276: | proposal number: 0 (0x0) Aug 26 13:22:31.465277: | protocol ID: PROTO_IPSEC_ESP (0x3) Aug 26 13:22:31.465279: | SPI size: 4 (0x4) Aug 26 13:22:31.465281: | number of transforms: 2 (0x2) Aug 26 13:22:31.465282: | last substructure: saving location 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' Aug 26 13:22:31.465313: | netlink_get_spi: allocated 0x893ef52c for esp.0@192.1.3.33 Aug 26 13:22:31.465332: | emitting 4 raw bytes of SPI into ISAKMP Proposal Payload Aug 26 13:22:31.465334: | SPI 89 3e f5 2c Aug 26 13:22:31.465335: | *****emit ISAKMP Transform Payload (ESP): Aug 26 13:22:31.465337: | next payload type: ISAKMP_NEXT_T (0x3) Aug 26 13:22:31.465339: | ESP transform number: 0 (0x0) Aug 26 13:22:31.465340: | ESP transform ID: ESP_AES (0xc) Aug 26 13:22:31.465342: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' Aug 26 13:22:31.465344: | ******emit ISAKMP IPsec DOI attribute: Aug 26 13:22:31.465346: | af+type: AF+GROUP_DESCRIPTION (0x8003) Aug 26 13:22:31.465348: | length/value: 14 (0xe) Aug 26 13:22:31.465350: | [14 is OAKLEY_GROUP_MODP2048] Aug 26 13:22:31.465352: | ******emit ISAKMP IPsec DOI attribute: Aug 26 13:22:31.465353: | af+type: AF+ENCAPSULATION_MODE (0x8004) Aug 26 13:22:31.465355: | length/value: 1 (0x1) Aug 26 13:22:31.465357: | [1 is ENCAPSULATION_MODE_TUNNEL] Aug 26 13:22:31.465358: | ******emit ISAKMP IPsec DOI attribute: Aug 26 13:22:31.465360: | af+type: AF+SA_LIFE_TYPE (0x8001) Aug 26 13:22:31.465361: | length/value: 1 (0x1) Aug 26 13:22:31.465363: | [1 is SA_LIFE_TYPE_SECONDS] Aug 26 13:22:31.465365: | ******emit ISAKMP IPsec DOI attribute: Aug 26 13:22:31.465366: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) Aug 26 13:22:31.465368: | length/value: 28800 (0x7080) Aug 26 13:22:31.465370: | ******emit ISAKMP IPsec DOI attribute: Aug 26 13:22:31.465371: | af+type: AF+AUTH_ALGORITHM (0x8005) Aug 26 13:22:31.465373: | length/value: 2 (0x2) Aug 26 13:22:31.465375: | [2 is AUTH_ALGORITHM_HMAC_SHA1] Aug 26 13:22:31.465376: | ******emit ISAKMP IPsec DOI attribute: Aug 26 13:22:31.465378: | af+type: AF+KEY_LENGTH (0x8006) Aug 26 13:22:31.465379: | length/value: 128 (0x80) Aug 26 13:22:31.465381: | emitting length of ISAKMP Transform Payload (ESP): 32 Aug 26 13:22:31.465383: | *****emit ISAKMP Transform Payload (ESP): Aug 26 13:22:31.465384: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:31.465386: | ESP transform number: 1 (0x1) Aug 26 13:22:31.465388: | ESP transform ID: ESP_3DES (0x3) Aug 26 13:22:31.465390: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Aug 26 13:22:31.465392: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' Aug 26 13:22:31.465393: | ******emit ISAKMP IPsec DOI attribute: Aug 26 13:22:31.465395: | af+type: AF+GROUP_DESCRIPTION (0x8003) Aug 26 13:22:31.465396: | length/value: 14 (0xe) Aug 26 13:22:31.465398: | [14 is OAKLEY_GROUP_MODP2048] Aug 26 13:22:31.465399: | ******emit ISAKMP IPsec DOI attribute: Aug 26 13:22:31.465401: | af+type: AF+ENCAPSULATION_MODE (0x8004) Aug 26 13:22:31.465403: | length/value: 1 (0x1) Aug 26 13:22:31.465404: | [1 is ENCAPSULATION_MODE_TUNNEL] Aug 26 13:22:31.465406: | ******emit ISAKMP IPsec DOI attribute: Aug 26 13:22:31.465407: | af+type: AF+SA_LIFE_TYPE (0x8001) Aug 26 13:22:31.465409: | length/value: 1 (0x1) Aug 26 13:22:31.465410: | [1 is SA_LIFE_TYPE_SECONDS] Aug 26 13:22:31.465412: | ******emit ISAKMP IPsec DOI attribute: Aug 26 13:22:31.465414: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) Aug 26 13:22:31.465416: | length/value: 28800 (0x7080) Aug 26 13:22:31.465418: | ******emit ISAKMP IPsec DOI attribute: Aug 26 13:22:31.465420: | af+type: AF+AUTH_ALGORITHM (0x8005) Aug 26 13:22:31.465421: | length/value: 2 (0x2) Aug 26 13:22:31.465423: | [2 is AUTH_ALGORITHM_HMAC_SHA1] Aug 26 13:22:31.465425: | emitting length of ISAKMP Transform Payload (ESP): 28 Aug 26 13:22:31.465426: | emitting length of ISAKMP Proposal Payload: 72 Aug 26 13:22:31.465428: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' is 0 Aug 26 13:22:31.465430: | emitting length of ISAKMP Security Association Payload: 84 Aug 26 13:22:31.465432: | last substructure: checking 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' is 0 Aug 26 13:22:31.465434: | ***emit ISAKMP Nonce Payload: Aug 26 13:22:31.465436: | next payload type: ISAKMP_NEXT_KE (0x4) Aug 26 13:22:31.465438: | next payload chain: ignoring supplied 'ISAKMP Nonce Payload'.'next payload type' value 4:ISAKMP_NEXT_KE Aug 26 13:22:31.465440: | next payload chain: setting previous 'ISAKMP Security Association Payload'.'next payload type' to current ISAKMP Nonce Payload (10:ISAKMP_NEXT_NONCE) Aug 26 13:22:31.465442: | next payload chain: saving location 'ISAKMP Nonce Payload'.'next payload type' in 'reply packet' Aug 26 13:22:31.465443: | emitting 32 raw bytes of Ni into ISAKMP Nonce Payload Aug 26 13:22:31.465445: | Ni fb d7 d9 67 dc 3f 1b 2c 8c a9 e1 5e 07 e9 77 e9 Aug 26 13:22:31.465447: | Ni 60 85 38 06 f5 1b 08 7e 58 22 b8 09 f7 51 fd 29 Aug 26 13:22:31.465449: | emitting length of ISAKMP Nonce Payload: 36 Aug 26 13:22:31.465451: | ***emit ISAKMP Key Exchange Payload: Aug 26 13:22:31.465452: | next payload type: ISAKMP_NEXT_ID (0x5) Aug 26 13:22:31.465454: | next payload chain: ignoring supplied 'ISAKMP Key Exchange Payload'.'next payload type' value 5:ISAKMP_NEXT_ID Aug 26 13:22:31.465456: | next payload chain: setting previous 'ISAKMP Nonce Payload'.'next payload type' to current ISAKMP Key Exchange Payload (4:ISAKMP_NEXT_KE) Aug 26 13:22:31.465458: | next payload chain: saving location 'ISAKMP Key Exchange Payload'.'next payload type' in 'reply packet' Aug 26 13:22:31.465460: | emitting 256 raw bytes of keyex value into ISAKMP Key Exchange Payload Aug 26 13:22:31.465462: | keyex value 91 fb 40 76 8e e5 c4 c8 42 02 22 58 07 58 ac 9e Aug 26 13:22:31.465463: | keyex value 0b f5 f0 db f8 02 fc 11 09 41 9d da 95 c9 53 73 Aug 26 13:22:31.465465: | keyex value 43 ba 26 f9 8a 12 07 7b 26 1c a6 f9 95 78 65 0d Aug 26 13:22:31.465466: | keyex value 28 84 06 15 92 23 cc 39 bf 17 07 ee 4d 5b 13 38 Aug 26 13:22:31.465468: | keyex value 82 9c 0e 38 d3 22 79 8c 30 f2 eb 9a 97 0a 60 88 Aug 26 13:22:31.465470: | keyex value 55 6d db a4 a8 2c 9d af 1b 6f 9a f1 7d ed 59 e3 Aug 26 13:22:31.465471: | keyex value 56 ce 45 9e ab 8a 58 ca c5 cd 6c 05 d9 ac cc df Aug 26 13:22:31.465473: | keyex value 65 30 ee 45 81 14 75 d0 7a f1 7c ca 64 2e 3a 53 Aug 26 13:22:31.465474: | keyex value 2e e3 31 7c 13 06 64 31 ca bb 94 eb 47 36 c6 5f Aug 26 13:22:31.465476: | keyex value a0 1e a7 62 3d 18 b8 87 d7 36 e1 23 3d a6 0b 80 Aug 26 13:22:31.465477: | keyex value 0c e6 ef 14 9f 6b 78 f9 1a 6f e2 9e e7 33 c0 39 Aug 26 13:22:31.465479: | keyex value 59 45 bf 53 36 28 59 63 41 d2 e7 f8 f1 bf ac 9c Aug 26 13:22:31.465480: | keyex value da 99 70 43 33 ca 10 d2 8b 76 e3 ee a8 ff 77 a8 Aug 26 13:22:31.465482: | keyex value 07 7e 31 04 5d 58 4f 9c 4b d0 d1 41 7a 6b c9 c1 Aug 26 13:22:31.465483: | keyex value 8d c9 35 b1 d9 6d 6a b0 b3 2b 1d 50 59 9f 5b a3 Aug 26 13:22:31.465485: | keyex value e5 ab 40 f0 61 f1 ac 6c 68 0d cb f6 0a 85 cb 63 Aug 26 13:22:31.465487: | emitting length of ISAKMP Key Exchange Payload: 260 Aug 26 13:22:31.465488: | ***emit ISAKMP Identification Payload (IPsec DOI): Aug 26 13:22:31.465490: | next payload type: ISAKMP_NEXT_ID (0x5) Aug 26 13:22:31.465492: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Aug 26 13:22:31.465494: | Protocol ID: 0 (0x0) Aug 26 13:22:31.465496: | port: 0 (0x0) Aug 26 13:22:31.465498: | next payload chain: ignoring supplied 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' value 5:ISAKMP_NEXT_ID Aug 26 13:22:31.465500: | next payload chain: setting previous 'ISAKMP Key Exchange Payload'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) Aug 26 13:22:31.465502: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' Aug 26 13:22:31.465504: | emitting 4 raw bytes of client network into ISAKMP Identification Payload (IPsec DOI) Aug 26 13:22:31.465505: | client network c0 00 03 00 Aug 26 13:22:31.465507: | emitting 4 raw bytes of client mask into ISAKMP Identification Payload (IPsec DOI) Aug 26 13:22:31.465509: | client mask ff ff ff 00 Aug 26 13:22:31.465510: | emitting length of ISAKMP Identification Payload (IPsec DOI): 16 Aug 26 13:22:31.465512: | ***emit ISAKMP Identification Payload (IPsec DOI): Aug 26 13:22:31.465514: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:31.465515: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Aug 26 13:22:31.465517: | Protocol ID: 0 (0x0) Aug 26 13:22:31.465518: | port: 0 (0x0) Aug 26 13:22:31.465520: | next payload chain: setting previous 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) Aug 26 13:22:31.465522: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' Aug 26 13:22:31.465524: | emitting 4 raw bytes of client network into ISAKMP Identification Payload (IPsec DOI) Aug 26 13:22:31.465525: | client network c0 00 16 00 Aug 26 13:22:31.465527: | emitting 4 raw bytes of client mask into ISAKMP Identification Payload (IPsec DOI) Aug 26 13:22:31.465529: | client mask ff ff ff 00 Aug 26 13:22:31.465530: | emitting length of ISAKMP Identification Payload (IPsec DOI): 16 Aug 26 13:22:31.465550: | outI1 HASH(1): Aug 26 13:22:31.465552: | 09 00 e0 44 81 a8 c4 70 37 45 bf 17 39 2b ec f3 Aug 26 13:22:31.465554: | 35 3e 1a 63 15 82 89 55 80 9a d2 30 7a 0e 39 86 Aug 26 13:22:31.465560: | no IKEv1 message padding required Aug 26 13:22:31.465562: | emitting length of ISAKMP Message: 476 Aug 26 13:22:31.465573: | sending 476 bytes for reply packet from quick_outI1 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #7) Aug 26 13:22:31.465575: | ff 46 30 fd 82 4a 54 6b d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:31.465577: | 08 10 20 01 6e 47 49 b1 00 00 01 dc c6 c2 37 ee Aug 26 13:22:31.465578: | b1 f1 3f f1 0f 39 8f c3 45 a8 08 31 73 c0 0e de Aug 26 13:22:31.465580: | 28 a5 cb 78 f2 38 37 2c ba 0e f1 33 60 d1 6c c2 Aug 26 13:22:31.465581: | d1 d5 30 41 42 0d 31 31 a6 44 be 9f ff 20 58 5f Aug 26 13:22:31.465583: | a6 b9 57 94 45 9a 7a 09 16 7a 65 ae a4 c2 7c 1e Aug 26 13:22:31.465584: | 5b 04 4b 65 24 53 70 fd 01 24 90 3f 53 e8 59 d3 Aug 26 13:22:31.465586: | bb df d3 2d 77 a6 02 6a 12 d0 22 f9 68 18 f3 53 Aug 26 13:22:31.465587: | 69 f1 8c 5a 82 9d c6 4f 83 cd b4 d4 f5 ba 50 f5 Aug 26 13:22:31.465589: | fb de 35 b9 cd c7 66 58 78 e4 d0 fb 69 bf 46 42 Aug 26 13:22:31.465590: | 32 32 0e 5d 20 89 55 7e 2b 62 1d 2d 8a 56 00 58 Aug 26 13:22:31.465592: | f2 cd 57 1d a3 93 fc c0 e0 97 e4 da ff 60 2b 68 Aug 26 13:22:31.465593: | 91 05 83 14 b3 c4 b2 f1 de 24 cb 0e 08 5e 2c d1 Aug 26 13:22:31.465595: | a9 c1 33 e8 ad 2a 6c a6 0f fe c6 d7 32 36 75 a9 Aug 26 13:22:31.465596: | f1 ea 3e 5c 6f ad 07 bf 55 8e 6e c8 58 84 f3 4b Aug 26 13:22:31.465598: | a5 ce 5e 03 a3 f0 4c fc 7b e4 1d 17 88 3d 53 f4 Aug 26 13:22:31.465599: | 99 a3 ee 04 ae d7 39 a7 f2 1c 66 4e 64 c2 c6 19 Aug 26 13:22:31.465601: | 02 c3 ed 8e e5 0d f7 dd 7b b6 3a 1e 44 6b fb e9 Aug 26 13:22:31.465602: | 1f 84 20 48 36 55 c0 3f d2 8c fa af df 2a 6d fc Aug 26 13:22:31.465604: | ad 21 70 61 f7 fb 00 bd 50 d5 ff 38 25 3b 07 ae Aug 26 13:22:31.465606: | f5 b9 16 72 4a a7 69 f8 19 d7 06 27 ff 3a 84 f9 Aug 26 13:22:31.465608: | 83 ee 45 00 cc 63 f4 25 45 72 8d e6 b2 99 b8 0b Aug 26 13:22:31.465609: | 16 e6 69 98 c7 7b 34 24 fd 85 ef ef d5 4c 59 20 Aug 26 13:22:31.465611: | 32 d1 e5 cc 84 f9 92 60 09 be c4 8b 4f 80 92 06 Aug 26 13:22:31.465612: | d5 c5 27 87 32 e9 a7 02 a0 71 0d c0 40 34 a6 0d Aug 26 13:22:31.465614: | 6b 11 b9 84 fe 7e 33 5d ea e5 49 b9 77 34 1a 75 Aug 26 13:22:31.465615: | 1b b2 a9 7e 53 da e0 e3 58 c9 dd 3b 5c 54 18 6e Aug 26 13:22:31.465617: | 1a 52 18 70 af cb b0 99 a8 ed 04 ee 4f 9f b5 ba Aug 26 13:22:31.465618: | eb ed c3 cd 8d 9c ab e7 2f aa ad dd 05 55 97 71 Aug 26 13:22:31.465620: | d7 f8 ab d0 d2 c8 d9 3b 62 5d e3 2b Aug 26 13:22:31.465661: | state #7 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:22:31.465665: | libevent_free: release ptr-libevent@0x5649f9ab60f8 Aug 26 13:22:31.465667: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x5649f9a4e1b8 Aug 26 13:22:31.465670: | event_schedule: new EVENT_RETRANSMIT-pe@0x5649f9a4e1b8 Aug 26 13:22:31.465672: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #7 Aug 26 13:22:31.465674: | libevent_malloc: new ptr-libevent@0x5649f9aca388 size 128 Aug 26 13:22:31.465678: | #7 STATE_QUICK_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 11037.208136 Aug 26 13:22:31.465681: | resume sending helper answer for #7 suppresed complete_v1_state_transition() Aug 26 13:22:31.465685: | #7 spent 0.449 milliseconds in resume sending helper answer Aug 26 13:22:31.465688: | stop processing: state #7 connection "north-dpd/0x2" from 192.1.2.23 (in resume_handler() at server.c:833) Aug 26 13:22:31.465690: | libevent_free: release ptr-libevent@0x7f83a8005df8 Aug 26 13:22:31.468441: | spent 0.00216 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:22:31.468458: | *received 460 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 13:22:31.468461: | ff 46 30 fd 82 4a 54 6b d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:31.468463: | 08 10 20 01 6e 47 49 b1 00 00 01 cc 02 d7 5a 95 Aug 26 13:22:31.468464: | e6 b2 2c be 4e 07 02 ab 98 4a ba 01 3d 87 31 98 Aug 26 13:22:31.468466: | bd b5 2d 3e 07 e0 f4 33 47 27 bc de 56 f0 51 8b Aug 26 13:22:31.468467: | 70 9d 81 15 3e 19 66 9e 26 d1 8d 6d 6f f5 f4 34 Aug 26 13:22:31.468469: | 80 af 51 c7 c3 27 38 96 59 66 c9 db 1e 33 2c 23 Aug 26 13:22:31.468470: | dd fd ba 46 84 46 55 53 07 e7 b6 25 4f 66 a3 6c Aug 26 13:22:31.468472: | a6 b1 37 96 42 2b 4d c7 8d 45 84 b6 b9 e0 f5 1f Aug 26 13:22:31.468474: | 36 68 6e 56 b6 06 cc e0 40 7c b6 b1 ce cf 0d a4 Aug 26 13:22:31.468475: | e4 0e 45 88 7d 5a b8 a0 f9 03 27 5c 98 4e dd 88 Aug 26 13:22:31.468477: | c0 d5 c1 c5 c7 38 3e 9b ef 5a 98 5e ab 72 ba e4 Aug 26 13:22:31.468478: | 39 b4 fc fb 84 f3 30 df 65 dd 76 08 ee 28 13 f6 Aug 26 13:22:31.468480: | a4 7d d6 c4 10 a9 a5 d8 9e 8e 91 0e 6c 11 96 f5 Aug 26 13:22:31.468481: | e8 fd c6 6f 7f e6 a1 4a 46 fc fd 24 3c b3 3d 06 Aug 26 13:22:31.468483: | 82 a5 48 f0 df d2 88 63 fd ce 24 e9 25 d4 56 93 Aug 26 13:22:31.468484: | f4 e5 fa 24 d2 d8 f6 9c 84 84 3d 70 19 14 eb 39 Aug 26 13:22:31.468486: | 50 1a 21 1f 72 d3 ef 42 2e 8b 02 62 21 b6 4d 15 Aug 26 13:22:31.468487: | 0f 03 c2 8d 67 3a 66 2f f0 84 5e c9 b2 09 ef ee Aug 26 13:22:31.468489: | bf 37 77 d8 90 c6 04 04 4a a5 bd 0b e0 ef 29 1b Aug 26 13:22:31.468491: | e3 af c0 e8 78 e2 1e 0a 03 d4 5f 45 39 29 dd e5 Aug 26 13:22:31.468492: | b9 0d 3c 62 48 18 c5 73 40 8b db 2c 92 4f 31 78 Aug 26 13:22:31.468494: | e2 60 e9 2b fe 01 cb 38 3d d4 43 de a6 71 11 6f Aug 26 13:22:31.468495: | 24 16 b2 dc 44 b7 18 98 d6 e8 6f cd 4b d9 ac 21 Aug 26 13:22:31.468509: | fd d0 86 1f e8 e6 e0 1b fc f6 8c 78 0b 02 73 67 Aug 26 13:22:31.468511: | 4b bb 46 b1 3a e7 51 d5 aa 23 9c e7 12 ac 2b 5f Aug 26 13:22:31.468513: | 12 26 4b cd b6 cf a8 5d 51 ad ef f1 6c ab 3e 08 Aug 26 13:22:31.468516: | 2f b5 bc d4 06 43 08 77 8f 7b 92 94 1d fd 1c 5c Aug 26 13:22:31.468518: | 83 70 35 fb 8e d0 9a e2 8b b3 8c 10 eb d4 bf 2a Aug 26 13:22:31.468519: | b1 79 66 81 df e3 17 db 2d b3 5c e7 Aug 26 13:22:31.468522: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 13:22:31.468525: | **parse ISAKMP Message: Aug 26 13:22:31.468526: | initiator cookie: Aug 26 13:22:31.468528: | ff 46 30 fd 82 4a 54 6b Aug 26 13:22:31.468529: | responder cookie: Aug 26 13:22:31.468531: | d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:31.468533: | next payload type: ISAKMP_NEXT_HASH (0x8) Aug 26 13:22:31.468535: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 13:22:31.468536: | exchange type: ISAKMP_XCHG_QUICK (0x20) Aug 26 13:22:31.468538: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 13:22:31.468540: | Message ID: 1850165681 (0x6e4749b1) Aug 26 13:22:31.468542: | length: 460 (0x1cc) Aug 26 13:22:31.468543: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32) Aug 26 13:22:31.468546: | State DB: found IKEv1 state #7 in QUICK_I1 (find_state_ikev1) Aug 26 13:22:31.468549: | start processing: state #7 connection "north-dpd/0x2" from 192.1.2.23 (in process_v1_packet() at ikev1.c:1633) Aug 26 13:22:31.468551: | #7 is idle Aug 26 13:22:31.468552: | #7 idle Aug 26 13:22:31.468555: | received encrypted packet from 192.1.2.23:500 Aug 26 13:22:31.468564: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x502 opt: 0x200030 Aug 26 13:22:31.468566: | ***parse ISAKMP Hash Payload: Aug 26 13:22:31.468568: | next payload type: ISAKMP_NEXT_SA (0x1) Aug 26 13:22:31.468570: | length: 36 (0x24) Aug 26 13:22:31.468572: | got payload 0x2 (ISAKMP_NEXT_SA) needed: 0x402 opt: 0x200030 Aug 26 13:22:31.468574: | ***parse ISAKMP Security Association Payload: Aug 26 13:22:31.468575: | next payload type: ISAKMP_NEXT_NONCE (0xa) Aug 26 13:22:31.468577: | length: 56 (0x38) Aug 26 13:22:31.468578: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 13:22:31.468580: | got payload 0x400 (ISAKMP_NEXT_NONCE) needed: 0x400 opt: 0x200030 Aug 26 13:22:31.468582: | ***parse ISAKMP Nonce Payload: Aug 26 13:22:31.468583: | next payload type: ISAKMP_NEXT_KE (0x4) Aug 26 13:22:31.468585: | length: 36 (0x24) Aug 26 13:22:31.468587: | got payload 0x10 (ISAKMP_NEXT_KE) needed: 0x0 opt: 0x200030 Aug 26 13:22:31.468588: | ***parse ISAKMP Key Exchange Payload: Aug 26 13:22:31.468590: | next payload type: ISAKMP_NEXT_ID (0x5) Aug 26 13:22:31.468592: | length: 260 (0x104) Aug 26 13:22:31.468593: | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030 Aug 26 13:22:31.468595: | ***parse ISAKMP Identification Payload (IPsec DOI): Aug 26 13:22:31.468597: | next payload type: ISAKMP_NEXT_ID (0x5) Aug 26 13:22:31.468598: | length: 16 (0x10) Aug 26 13:22:31.468600: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Aug 26 13:22:31.468602: | Protocol ID: 0 (0x0) Aug 26 13:22:31.468603: | port: 0 (0x0) Aug 26 13:22:31.468605: | obj: c0 00 03 00 ff ff ff 00 Aug 26 13:22:31.468607: | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030 Aug 26 13:22:31.468608: | ***parse ISAKMP Identification Payload (IPsec DOI): Aug 26 13:22:31.468610: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:31.468611: | length: 16 (0x10) Aug 26 13:22:31.468613: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Aug 26 13:22:31.468614: | Protocol ID: 0 (0x0) Aug 26 13:22:31.468616: | port: 0 (0x0) Aug 26 13:22:31.468618: | obj: c0 00 16 00 ff ff ff 00 Aug 26 13:22:31.468619: | removing 12 bytes of padding Aug 26 13:22:31.468634: | quick_inR1_outI2 HASH(2): Aug 26 13:22:31.468636: | c3 9b a8 4a 7e 7c f8 80 e2 ef 22 17 d7 b9 46 37 Aug 26 13:22:31.468637: | 34 83 1d d2 b4 f9 66 77 c7 37 dd 52 14 36 36 9a Aug 26 13:22:31.468639: | received 'quick_inR1_outI2' message HASH(2) data ok Aug 26 13:22:31.468642: | ****parse IPsec DOI SIT: Aug 26 13:22:31.468644: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) Aug 26 13:22:31.468646: | ****parse ISAKMP Proposal Payload: Aug 26 13:22:31.468649: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:31.468650: | length: 44 (0x2c) Aug 26 13:22:31.468652: | proposal number: 0 (0x0) Aug 26 13:22:31.468653: | protocol ID: PROTO_IPSEC_ESP (0x3) Aug 26 13:22:31.468655: | SPI size: 4 (0x4) Aug 26 13:22:31.468657: | number of transforms: 1 (0x1) Aug 26 13:22:31.468658: | parsing 4 raw bytes of ISAKMP Proposal Payload into SPI Aug 26 13:22:31.468660: | SPI d3 e2 1e 6a Aug 26 13:22:31.468662: | *****parse ISAKMP Transform Payload (ESP): Aug 26 13:22:31.468664: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:31.468665: | length: 32 (0x20) Aug 26 13:22:31.468667: | ESP transform number: 0 (0x0) Aug 26 13:22:31.468668: | ESP transform ID: ESP_AES (0xc) Aug 26 13:22:31.468671: | ******parse ISAKMP IPsec DOI attribute: Aug 26 13:22:31.468672: | af+type: AF+GROUP_DESCRIPTION (0x8003) Aug 26 13:22:31.468674: | length/value: 14 (0xe) Aug 26 13:22:31.468676: | [14 is OAKLEY_GROUP_MODP2048] Aug 26 13:22:31.468678: | ******parse ISAKMP IPsec DOI attribute: Aug 26 13:22:31.468680: | af+type: AF+ENCAPSULATION_MODE (0x8004) Aug 26 13:22:31.468681: | length/value: 1 (0x1) Aug 26 13:22:31.468683: | [1 is ENCAPSULATION_MODE_TUNNEL] Aug 26 13:22:31.468685: | NAT-T non-encap: Installing IPsec SA without ENCAP, st->hidden_variables.st_nat_traversal is none Aug 26 13:22:31.468686: | ******parse ISAKMP IPsec DOI attribute: Aug 26 13:22:31.468688: | af+type: AF+SA_LIFE_TYPE (0x8001) Aug 26 13:22:31.468689: | length/value: 1 (0x1) Aug 26 13:22:31.468691: | [1 is SA_LIFE_TYPE_SECONDS] Aug 26 13:22:31.468693: | ******parse ISAKMP IPsec DOI attribute: Aug 26 13:22:31.468694: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) Aug 26 13:22:31.468696: | length/value: 28800 (0x7080) Aug 26 13:22:31.468698: | ******parse ISAKMP IPsec DOI attribute: Aug 26 13:22:31.468699: | af+type: AF+AUTH_ALGORITHM (0x8005) Aug 26 13:22:31.468701: | length/value: 2 (0x2) Aug 26 13:22:31.468702: | [2 is AUTH_ALGORITHM_HMAC_SHA1] Aug 26 13:22:31.468704: | ******parse ISAKMP IPsec DOI attribute: Aug 26 13:22:31.468706: | af+type: AF+KEY_LENGTH (0x8006) Aug 26 13:22:31.468707: | length/value: 128 (0x80) Aug 26 13:22:31.468709: | ESP IPsec Transform verified unconditionally; no alg_info to check against Aug 26 13:22:31.468719: | started looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org of kind PKK_PSK Aug 26 13:22:31.468723: | actually looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org of kind PKK_PSK Aug 26 13:22:31.468729: | line 0: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org) to type PKK_RSA Aug 26 13:22:31.468732: | line 1: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org) to type PKK_RSA Aug 26 13:22:31.468734: | concluding with best_match=000 best=(nil) (lineno=-1) Aug 26 13:22:31.468735: | no PreShared Key Found Aug 26 13:22:31.468738: | adding quick outI2 DH work-order 14 for state #7 Aug 26 13:22:31.468740: | state #7 requesting EVENT_RETRANSMIT to be deleted Aug 26 13:22:31.468742: | #7 STATE_QUICK_I1: retransmits: cleared Aug 26 13:22:31.468744: | libevent_free: release ptr-libevent@0x5649f9aca388 Aug 26 13:22:31.468746: | free_event_entry: release EVENT_RETRANSMIT-pe@0x5649f9a4e1b8 Aug 26 13:22:31.468748: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x5649f9a4e1b8 Aug 26 13:22:31.468750: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #7 Aug 26 13:22:31.468754: | libevent_malloc: new ptr-libevent@0x7f83a8005df8 size 128 Aug 26 13:22:31.468759: | complete v1 state transition with STF_SUSPEND Aug 26 13:22:31.468778: | [RE]START processing: state #7 connection "north-dpd/0x2" from 192.1.2.23 (in complete_v1_state_transition() at ikev1.c:2648) Aug 26 13:22:31.468779: | suspending state #7 and saving MD Aug 26 13:22:31.468781: | #7 is busy; has a suspended MD Aug 26 13:22:31.468784: | #7 spent 0.142 milliseconds in process_packet_tail() Aug 26 13:22:31.468787: | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) Aug 26 13:22:31.468789: | crypto helper 2 resuming Aug 26 13:22:31.468802: | crypto helper 2 starting work-order 14 for state #7 Aug 26 13:22:31.468790: | stop processing: state #7 connection "north-dpd/0x2" from 192.1.2.23 (in process_md() at demux.c:382) Aug 26 13:22:31.468812: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:22:31.468807: | crypto helper 2 doing compute dh (V1 Phase 2 PFS) (quick outI2 DH); request ID 14 Aug 26 13:22:31.468817: | spent 0.36 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:22:31.469344: | crypto helper 2 finished compute dh (V1 Phase 2 PFS) (quick outI2 DH); request ID 14 time elapsed 0.000536 seconds Aug 26 13:22:31.469353: | (#7) spent 0.539 milliseconds in crypto helper computing work-order 14: quick outI2 DH (pcr) Aug 26 13:22:31.469355: | crypto helper 2 sending results from work-order 14 for state #7 to event queue Aug 26 13:22:31.469358: | scheduling resume sending helper answer for #7 Aug 26 13:22:31.469360: | libevent_malloc: new ptr-libevent@0x7f83ac0027d8 size 128 Aug 26 13:22:31.469365: | crypto helper 2 waiting (nothing to do) Aug 26 13:22:31.469408: | processing resume sending helper answer for #7 Aug 26 13:22:31.469417: | start processing: state #7 connection "north-dpd/0x2" from 192.1.2.23 (in resume_handler() at server.c:797) Aug 26 13:22:31.469420: | crypto helper 2 replies to request ID 14 Aug 26 13:22:31.469422: | calling continuation function 0x5649f7dc5b50 Aug 26 13:22:31.469424: | quick_inR1_outI2_continue for #7: calculated ke+nonce, calculating DH Aug 26 13:22:31.469428: | **emit ISAKMP Message: Aug 26 13:22:31.469430: | initiator cookie: Aug 26 13:22:31.469431: | ff 46 30 fd 82 4a 54 6b Aug 26 13:22:31.469433: | responder cookie: Aug 26 13:22:31.469435: | d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:31.469436: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:31.469438: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 13:22:31.469440: | exchange type: ISAKMP_XCHG_QUICK (0x20) Aug 26 13:22:31.469442: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 13:22:31.469444: | Message ID: 1850165681 (0x6e4749b1) Aug 26 13:22:31.469445: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:22:31.469448: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address Aug 26 13:22:31.469449: | ID address c0 00 03 00 Aug 26 13:22:31.469451: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID mask Aug 26 13:22:31.469453: | ID mask ff ff ff 00 Aug 26 13:22:31.469456: | our client is subnet 192.0.3.0/24 Aug 26 13:22:31.469457: | our client protocol/port is 0/0 Aug 26 13:22:31.469459: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address Aug 26 13:22:31.469461: | ID address c0 00 16 00 Aug 26 13:22:31.469462: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID mask Aug 26 13:22:31.469464: | ID mask ff ff ff 00 Aug 26 13:22:31.469466: | peer client is subnet 192.0.22.0/24 Aug 26 13:22:31.469468: | peer client protocol/port is 0/0 Aug 26 13:22:31.469470: | ***emit ISAKMP Hash Payload: Aug 26 13:22:31.469471: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:31.469473: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Aug 26 13:22:31.469478: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'reply packet' Aug 26 13:22:31.469480: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Aug 26 13:22:31.469482: | emitting length of ISAKMP Hash Payload: 36 Aug 26 13:22:31.469500: | quick_inR1_outI2 HASH(3): Aug 26 13:22:31.469502: | e7 aa 10 f2 2e df b7 50 1e 54 8e 9a 55 6e 77 da Aug 26 13:22:31.469504: | aa 80 f3 9a cd 3c 6e 13 0f 66 33 69 87 61 d8 25 Aug 26 13:22:31.469506: | compute_proto_keymat: needed_len (after ESP enc)=16 Aug 26 13:22:31.469507: | compute_proto_keymat: needed_len (after ESP auth)=36 Aug 26 13:22:31.469578: | #1 spent 6.2 milliseconds Aug 26 13:22:31.469581: | install_ipsec_sa() for #7: inbound and outbound Aug 26 13:22:31.469583: | could_route called for north-dpd/0x2 (kind=CK_PERMANENT) Aug 26 13:22:31.469585: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:22:31.469587: | conn north-dpd/0x2 mark 0/00000000, 0/00000000 vs Aug 26 13:22:31.469589: | conn north-dpd/0x1 mark 0/00000000, 0/00000000 Aug 26 13:22:31.469591: | conn north-dpd/0x2 mark 0/00000000, 0/00000000 vs Aug 26 13:22:31.469593: | conn north-dpd/0x2 mark 0/00000000, 0/00000000 Aug 26 13:22:31.469596: | route owner of "north-dpd/0x2" prospective erouted: self; eroute owner: self Aug 26 13:22:31.469598: | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 Aug 26 13:22:31.469600: | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 Aug 26 13:22:31.469602: | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 Aug 26 13:22:31.469605: | setting IPsec SA replay-window to 32 Aug 26 13:22:31.469607: | NIC esp-hw-offload not for connection 'north-dpd/0x2' not available on interface eth1 Aug 26 13:22:31.469609: | netlink: enabling tunnel mode Aug 26 13:22:31.469611: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 13:22:31.469613: | netlink: esp-hw-offload not set for IPsec SA Aug 26 13:22:31.469655: | netlink response for Add SA esp.d3e21e6a@192.1.2.23 included non-error error Aug 26 13:22:31.469660: | set up outgoing SA, ref=0/0 Aug 26 13:22:31.469664: | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 Aug 26 13:22:31.469666: | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 Aug 26 13:22:31.469669: | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 Aug 26 13:22:31.469672: | setting IPsec SA replay-window to 32 Aug 26 13:22:31.469674: | NIC esp-hw-offload not for connection 'north-dpd/0x2' not available on interface eth1 Aug 26 13:22:31.469676: | netlink: enabling tunnel mode Aug 26 13:22:31.469677: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 13:22:31.469679: | netlink: esp-hw-offload not set for IPsec SA Aug 26 13:22:31.469705: | netlink response for Add SA esp.893ef52c@192.1.3.33 included non-error error Aug 26 13:22:31.469724: | priority calculation of connection "north-dpd/0x2" is 0xfe7e7 Aug 26 13:22:31.469730: | add inbound eroute 192.0.22.0/24:0 --0-> 192.0.3.0/24:0 => tun.10000@192.1.3.33 (raw_eroute) Aug 26 13:22:31.469732: | IPsec Sa SPD priority set to 1042407 Aug 26 13:22:31.469766: | raw_eroute result=success Aug 26 13:22:31.469770: | set up incoming SA, ref=0/0 Aug 26 13:22:31.469774: | sr for #7: prospective erouted Aug 26 13:22:31.469776: | route_and_eroute() for proto 0, and source port 0 dest port 0 Aug 26 13:22:31.469777: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:22:31.469779: | conn north-dpd/0x2 mark 0/00000000, 0/00000000 vs Aug 26 13:22:31.469781: | conn north-dpd/0x1 mark 0/00000000, 0/00000000 Aug 26 13:22:31.469783: | conn north-dpd/0x2 mark 0/00000000, 0/00000000 vs Aug 26 13:22:31.469784: | conn north-dpd/0x2 mark 0/00000000, 0/00000000 Aug 26 13:22:31.469787: | route owner of "north-dpd/0x2" prospective erouted: self; eroute owner: self Aug 26 13:22:31.469789: | route_and_eroute with c: north-dpd/0x2 (next: none) ero:north-dpd/0x2 esr:{(nil)} ro:north-dpd/0x2 rosr:{(nil)} and state: #7 Aug 26 13:22:31.469793: | priority calculation of connection "north-dpd/0x2" is 0xfe7e7 Aug 26 13:22:31.469798: | eroute_connection replace eroute 192.0.3.0/24:0 --0-> 192.0.22.0/24:0 => tun.0@192.1.2.23>tun.0@192.1.2.23 (raw_eroute) Aug 26 13:22:31.469800: | IPsec Sa SPD priority set to 1042407 Aug 26 13:22:31.469811: | raw_eroute result=success Aug 26 13:22:31.469815: | running updown command "ipsec _updown" for verb up Aug 26 13:22:31.469818: | command executing up-client Aug 26 13:22:31.469835: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:22:31.469839: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:22:31.469850: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-dpd/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+E Aug 26 13:22:31.469853: | popen cmd is 1400 chars long Aug 26 13:22:31.469855: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-dpd/0x2' PLUT: Aug 26 13:22:31.469856: | cmd( 80):O_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_I: Aug 26 13:22:31.469858: | cmd( 160):D='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testin: Aug 26 13:22:31.469860: | cmd( 240):g.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/: Aug 26 13:22:31.469861: | cmd( 320):24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_M: Aug 26 13:22:31.469863: | cmd( 400):Y_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUT: Aug 26 13:22:31.469865: | cmd( 480):O_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=: Aug 26 13:22:31.469866: | cmd( 560):Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.or: Aug 26 13:22:31.469868: | cmd( 640):g' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' PLUTO_PE: Aug 26 13:22:31.469870: | cmd( 720):ER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO: Aug 26 13:22:31.469871: | cmd( 800):_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libre: Aug 26 13:22:31.469873: | cmd( 880):swan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADD: Aug 26 13:22:31.469875: | cmd( 960):TIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK: Aug 26 13:22:31.469876: | cmd(1040):+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ip: Aug 26 13:22:31.469878: | cmd(1120):v4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOM: Aug 26 13:22:31.469880: | cmd(1200):AIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO: Aug 26 13:22:31.469881: | cmd(1280):_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xd3e21e: Aug 26 13:22:31.469883: | cmd(1360):6a SPI_OUT=0x893ef52c ipsec _updown 2>&1: Aug 26 13:22:31.478252: | route_and_eroute: firewall_notified: true Aug 26 13:22:31.478269: | route_and_eroute: instance "north-dpd/0x2", setting eroute_owner {spd=0x5649f9ac0d78,sr=0x5649f9ac0d78} to #7 (was #0) (newest_ipsec_sa=#0) Aug 26 13:22:31.478386: | #1 spent 0.762 milliseconds in install_ipsec_sa() Aug 26 13:22:31.478396: | emitting 12 zero bytes of encryption padding into ISAKMP Message Aug 26 13:22:31.478399: | no IKEv1 message padding required Aug 26 13:22:31.478401: | emitting length of ISAKMP Message: 76 Aug 26 13:22:31.478436: | inR1_outI2: instance north-dpd/0x2[0], setting IKEv1 newest_ipsec_sa to #7 (was #0) (spd.eroute=#7) cloned from #1 Aug 26 13:22:31.478439: | DPD: dpd_init() called on IPsec SA Aug 26 13:22:31.478442: | State DB: found IKEv1 state #1 in MAIN_I4 (find_state_ikev1) Aug 26 13:22:31.478445: | event_schedule: new EVENT_DPD-pe@0x5649f9ab9998 Aug 26 13:22:31.478461: | inserting event EVENT_DPD, timeout in 3 seconds for #7 Aug 26 13:22:31.478465: | libevent_malloc: new ptr-libevent@0x5649f9aca388 size 128 Aug 26 13:22:31.478475: | complete v1 state transition with STF_OK Aug 26 13:22:31.478479: | [RE]START processing: state #7 connection "north-dpd/0x2" from 192.1.2.23 (in complete_v1_state_transition() at ikev1.c:2673) Aug 26 13:22:31.478481: | #7 is idle Aug 26 13:22:31.478483: | doing_xauth:no, t_xauth_client_done:no Aug 26 13:22:31.478486: | IKEv1: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2 Aug 26 13:22:31.478488: | child state #7: QUICK_I1(established CHILD SA) => QUICK_I2(established CHILD SA) Aug 26 13:22:31.478490: | event_already_set, deleting event Aug 26 13:22:31.478492: | state #7 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:22:31.478496: | libevent_free: release ptr-libevent@0x7f83a8005df8 Aug 26 13:22:31.478501: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x5649f9a4e1b8 Aug 26 13:22:31.478507: | sending reply packet to 192.1.2.23:500 (from 192.1.3.33:500) Aug 26 13:22:31.478515: | sending 76 bytes for STATE_QUICK_I1 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #7) Aug 26 13:22:31.478517: | ff 46 30 fd 82 4a 54 6b d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:31.478518: | 08 10 20 01 6e 47 49 b1 00 00 00 4c 65 ec 07 24 Aug 26 13:22:31.478520: | dd 0e 03 0b cb 1c 9d 5d 88 89 d6 8d 65 c6 fb ad Aug 26 13:22:31.478521: | fe 6d 7d d0 8f 89 e5 51 eb d5 3c 93 68 f1 75 92 Aug 26 13:22:31.478523: | 81 e7 0b b3 d1 3f b5 de 75 47 3e 36 Aug 26 13:22:31.478564: | !event_already_set at reschedule Aug 26 13:22:31.478568: | event_schedule: new EVENT_SA_REPLACE-pe@0x5649f9a4e1b8 Aug 26 13:22:31.478571: | inserting event EVENT_SA_REPLACE, timeout in 27768 seconds for #7 Aug 26 13:22:31.478572: | libevent_malloc: new ptr-libevent@0x7f83a8005df8 size 128 Aug 26 13:22:31.478575: | pstats #7 ikev1.ipsec established Aug 26 13:22:31.478579: | NAT-T: encaps is 'auto' Aug 26 13:22:31.478582: "north-dpd/0x2" #7: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode {ESP=>0xd3e21e6a <0x893ef52c xfrm=AES_CBC_128-HMAC_SHA1_96 NATOA=none NATD=none DPD=active} Aug 26 13:22:31.478584: | modecfg pull: noquirk policy:push not-client Aug 26 13:22:31.478586: | phase 1 is done, looking for phase 2 to unpend Aug 26 13:22:31.478590: | resume sending helper answer for #7 suppresed complete_v1_state_transition() Aug 26 13:22:31.478594: | #7 spent 1.11 milliseconds in resume sending helper answer Aug 26 13:22:31.478598: | stop processing: state #7 connection "north-dpd/0x2" from 192.1.2.23 (in resume_handler() at server.c:833) Aug 26 13:22:31.478601: | libevent_free: release ptr-libevent@0x7f83ac0027d8 Aug 26 13:22:31.478613: | processing signal PLUTO_SIGCHLD Aug 26 13:22:31.478617: | waitpid returned ECHILD (no child processes left) Aug 26 13:22:31.478620: | spent 0.00397 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:22:34.472462: | timer_event_cb: processing event@0x5649f9ab9998 Aug 26 13:22:34.472473: | handling event EVENT_DPD for child state #7 Aug 26 13:22:34.472480: | start processing: state #7 connection "north-dpd/0x2" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 13:22:34.472484: | [RE]START processing: state #7 connection "north-dpd/0x2" from 192.1.2.23 (in dpd_event() at ikev1_dpd.c:360) Aug 26 13:22:34.472489: | FOR_EACH_STATE_... in find_phase1_state Aug 26 13:22:34.472493: | DPD: processing for state #7 ("north-dpd/0x2") Aug 26 13:22:34.472498: | get_sa_info esp.893ef52c@192.1.3.33 Aug 26 13:22:34.472510: | event_schedule: new EVENT_DPD-pe@0x5649f9ac6cd8 Aug 26 13:22:34.472513: | inserting event EVENT_DPD, timeout in 3 seconds for #7 Aug 26 13:22:34.472516: | libevent_malloc: new ptr-libevent@0x7f83ac0027d8 size 128 Aug 26 13:22:34.472518: | DPD: scheduling timeout to 10 Aug 26 13:22:34.472524: | event_schedule: new EVENT_DPD_TIMEOUT-pe@0x5649f9ae2778 Aug 26 13:22:34.472526: | inserting event EVENT_DPD_TIMEOUT, timeout in 10 seconds for #1 Aug 26 13:22:34.472529: | libevent_malloc: new ptr-libevent@0x5649f9adc998 size 128 Aug 26 13:22:34.472531: | DPD: sending R_U_THERE 13824 to 192.1.2.23:500 (state #1) Aug 26 13:22:34.472561: | **emit ISAKMP Message: Aug 26 13:22:34.472564: | initiator cookie: Aug 26 13:22:34.472565: | ff 46 30 fd 82 4a 54 6b Aug 26 13:22:34.472567: | responder cookie: Aug 26 13:22:34.472568: | d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:34.472570: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:34.472572: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 13:22:34.472574: | exchange type: ISAKMP_XCHG_INFO (0x5) Aug 26 13:22:34.472577: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 13:22:34.472579: | Message ID: 3128837276 (0xba7e449c) Aug 26 13:22:34.472581: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:22:34.472583: | ***emit ISAKMP Hash Payload: Aug 26 13:22:34.472585: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:34.472587: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Aug 26 13:22:34.472589: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'ISAKMP notify' Aug 26 13:22:34.472591: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Aug 26 13:22:34.472593: | emitting length of ISAKMP Hash Payload: 36 Aug 26 13:22:34.472595: | ***emit ISAKMP Notification Payload: Aug 26 13:22:34.472596: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:34.472598: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 13:22:34.472600: | protocol ID: 1 (0x1) Aug 26 13:22:34.472601: | SPI size: 16 (0x10) Aug 26 13:22:34.472603: | Notify Message Type: R_U_THERE (0x8d28) Aug 26 13:22:34.472605: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Notification Payload (11:ISAKMP_NEXT_N) Aug 26 13:22:34.472607: | next payload chain: saving location 'ISAKMP Notification Payload'.'next payload type' in 'ISAKMP notify' Aug 26 13:22:34.472609: | emitting 8 raw bytes of notify icookie into ISAKMP Notification Payload Aug 26 13:22:34.472611: | notify icookie ff 46 30 fd 82 4a 54 6b Aug 26 13:22:34.472613: | emitting 8 raw bytes of notify rcookie into ISAKMP Notification Payload Aug 26 13:22:34.472614: | notify rcookie d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:34.472616: | emitting 4 raw bytes of notify data into ISAKMP Notification Payload Aug 26 13:22:34.472618: | notify data 00 00 36 00 Aug 26 13:22:34.472619: | emitting length of ISAKMP Notification Payload: 32 Aug 26 13:22:34.472652: | notification HASH(1): Aug 26 13:22:34.472655: | d8 0d 6a dd 9b c8 6d c4 f4 e8 32 76 e9 58 9f 56 Aug 26 13:22:34.472656: | 58 23 01 12 76 eb 01 85 ef 88 be 5e 9f a9 01 a1 Aug 26 13:22:34.472662: | emitting 12 zero bytes of encryption padding into ISAKMP Message Aug 26 13:22:34.472664: | no IKEv1 message padding required Aug 26 13:22:34.472666: | emitting length of ISAKMP Message: 108 Aug 26 13:22:34.472678: | sending 108 bytes for ISAKMP notify through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Aug 26 13:22:34.472680: | ff 46 30 fd 82 4a 54 6b d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:34.472682: | 08 10 05 01 ba 7e 44 9c 00 00 00 6c 7c e5 30 f8 Aug 26 13:22:34.472685: | 2b 71 72 f2 07 ee b3 0e 74 7f ec 3d 7f c0 5b e8 Aug 26 13:22:34.472686: | 52 27 ee d5 cc 68 fb e4 e5 c4 77 1e 79 24 3a 58 Aug 26 13:22:34.472688: | 15 fd 0e 1d 69 fa 63 73 7c 41 45 d7 46 0a 1e 69 Aug 26 13:22:34.472689: | b3 a7 d8 f9 9b 4d 80 0e 7b 25 a5 da 5e 71 45 e9 Aug 26 13:22:34.472691: | 34 94 2a dc d9 b3 66 b2 9d 9e bc b9 Aug 26 13:22:34.472733: | libevent_free: release ptr-libevent@0x5649f9aca388 Aug 26 13:22:34.472736: | free_event_entry: release EVENT_DPD-pe@0x5649f9ab9998 Aug 26 13:22:34.472742: | #7 spent 0.258 milliseconds in timer_event_cb() EVENT_DPD Aug 26 13:22:34.472745: | stop processing: state #7 connection "north-dpd/0x2" from 192.1.2.23 (in timer_event_cb() at timer.c:557) Aug 26 13:22:34.473095: | spent 0.00194 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:22:34.473108: | *received 108 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 13:22:34.473111: | ff 46 30 fd 82 4a 54 6b d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:34.473113: | 08 10 05 01 a3 dd f7 1c 00 00 00 6c 34 de 57 53 Aug 26 13:22:34.473114: | 98 4e 13 f1 d6 11 77 05 ae fc 0d 2a 48 15 cb 87 Aug 26 13:22:34.473116: | 1b e5 ab d6 41 b5 89 ea 4b a9 b1 4f f5 25 81 3c Aug 26 13:22:34.473117: | 32 1c f0 60 c6 c2 1e 4d e7 22 f2 e7 17 24 ad 92 Aug 26 13:22:34.473119: | 0a ea 3b 8b 75 87 0b a6 f3 be 39 52 81 34 62 89 Aug 26 13:22:34.473120: | a4 a2 6f b4 b2 f6 98 ce fa 41 37 50 Aug 26 13:22:34.473123: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 13:22:34.473125: | **parse ISAKMP Message: Aug 26 13:22:34.473127: | initiator cookie: Aug 26 13:22:34.473129: | ff 46 30 fd 82 4a 54 6b Aug 26 13:22:34.473130: | responder cookie: Aug 26 13:22:34.473132: | d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:34.473133: | next payload type: ISAKMP_NEXT_HASH (0x8) Aug 26 13:22:34.473135: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 13:22:34.473137: | exchange type: ISAKMP_XCHG_INFO (0x5) Aug 26 13:22:34.473139: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 13:22:34.473140: | Message ID: 2749232924 (0xa3ddf71c) Aug 26 13:22:34.473142: | length: 108 (0x6c) Aug 26 13:22:34.473144: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_INFO (5) Aug 26 13:22:34.473147: | peer and cookies match on #7; msgid=00000000 st_msgid=6e4749b1 st_msgid_phase15=00000000 Aug 26 13:22:34.473149: | peer and cookies match on #6; msgid=00000000 st_msgid=550e82c8 st_msgid_phase15=00000000 Aug 26 13:22:34.473151: | peer and cookies match on #5; msgid=00000000 st_msgid=7d206b25 st_msgid_phase15=00000000 Aug 26 13:22:34.473153: | peer and cookies match on #4; msgid=00000000 st_msgid=17ff60cc st_msgid_phase15=00000000 Aug 26 13:22:34.473155: | peer and cookies match on #1; msgid=00000000 st_msgid=00000000 st_msgid_phase15=00000000 Aug 26 13:22:34.473156: | p15 state object #1 found, in STATE_MAIN_I4 Aug 26 13:22:34.473158: | State DB: found IKEv1 state #1 in MAIN_I4 (find_v1_info_state) Aug 26 13:22:34.473161: | start processing: state #1 connection "north-dpd/0x2" from 192.1.2.23 (in process_v1_packet() at ikev1.c:1479) Aug 26 13:22:34.473169: | #1 is idle Aug 26 13:22:34.473171: | #1 idle Aug 26 13:22:34.473173: | received encrypted packet from 192.1.2.23:500 Aug 26 13:22:34.473179: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x100 opt: 0x0 Aug 26 13:22:34.473181: | ***parse ISAKMP Hash Payload: Aug 26 13:22:34.473183: | next payload type: ISAKMP_NEXT_N (0xb) Aug 26 13:22:34.473185: | length: 36 (0x24) Aug 26 13:22:34.473187: | got payload 0x800 (ISAKMP_NEXT_N) needed: 0x0 opt: 0x0 Aug 26 13:22:34.473189: | ***parse ISAKMP Notification Payload: Aug 26 13:22:34.473190: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:34.473192: | length: 32 (0x20) Aug 26 13:22:34.473193: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 13:22:34.473195: | protocol ID: 1 (0x1) Aug 26 13:22:34.473197: | SPI size: 16 (0x10) Aug 26 13:22:34.473198: | Notify Message Type: R_U_THERE_ACK (0x8d29) Aug 26 13:22:34.473202: | removing 12 bytes of padding Aug 26 13:22:34.473216: | informational HASH(1): Aug 26 13:22:34.473218: | 23 0a a7 96 2c b6 e4 4f 8a d7 d4 34 5c f9 17 32 Aug 26 13:22:34.473220: | 9b 28 bd e9 9c 2f 48 a2 11 f4 83 cf 4f 2b 9d 53 Aug 26 13:22:34.473221: | received 'informational' message HASH(1) data ok Aug 26 13:22:34.473223: | info: ff 46 30 fd 82 4a 54 6b d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:34.473225: | info: 00 00 36 00 Aug 26 13:22:34.473227: | processing informational R_U_THERE_ACK (36137) Aug 26 13:22:34.473229: | pstats ikev1_recv_notifies_e 36137 Aug 26 13:22:34.473231: | DPD: R_U_THERE_ACK, seqno received: 13824 expected: 13824 (state=#1) Aug 26 13:22:34.473233: | state #1 requesting EVENT_DPD_TIMEOUT-pe@0x5649f9ae2778 be deleted Aug 26 13:22:34.473236: | libevent_free: release ptr-libevent@0x5649f9adc998 Aug 26 13:22:34.473238: | free_event_entry: release EVENT_DPD_TIMEOUT-pe@0x5649f9ae2778 Aug 26 13:22:34.473240: | complete v1 state transition with STF_IGNORE Aug 26 13:22:34.473243: | #1 spent 0.0152 milliseconds in process_packet_tail() Aug 26 13:22:34.473246: | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) Aug 26 13:22:34.473249: | stop processing: state #1 connection "north-dpd/0x2" from 192.1.2.23 (in process_md() at demux.c:382) Aug 26 13:22:34.473251: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:22:34.473254: | spent 0.152 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:22:37.278366: | processing global timer EVENT_PENDING_DDNS Aug 26 13:22:37.278384: | FOR_EACH_CONNECTION_... in connection_check_ddns Aug 26 13:22:37.278387: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Aug 26 13:22:37.278390: | elapsed time in connection_check_ddns for hostname lookup 0.000006 Aug 26 13:22:37.278395: | spent 0.00932 milliseconds in global timer EVENT_PENDING_DDNS Aug 26 13:22:37.278397: | processing global timer EVENT_SHUNT_SCAN Aug 26 13:22:37.278400: | expiring aged bare shunts from shunt table Aug 26 13:22:37.278402: | spent 0.0026 milliseconds in global timer EVENT_SHUNT_SCAN Aug 26 13:22:37.474735: | timer_event_cb: processing event@0x5649f9ac6cd8 Aug 26 13:22:37.474784: | handling event EVENT_DPD for child state #7 Aug 26 13:22:37.474813: | start processing: state #7 connection "north-dpd/0x2" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 13:22:37.474834: | [RE]START processing: state #7 connection "north-dpd/0x2" from 192.1.2.23 (in dpd_event() at ikev1_dpd.c:360) Aug 26 13:22:37.474843: | FOR_EACH_STATE_... in find_phase1_state Aug 26 13:22:37.474857: | DPD: processing for state #7 ("north-dpd/0x2") Aug 26 13:22:37.474876: | get_sa_info esp.893ef52c@192.1.3.33 Aug 26 13:22:37.474923: | event_schedule: new EVENT_DPD-pe@0x5649f9ae2778 Aug 26 13:22:37.474939: | inserting event EVENT_DPD, timeout in 3 seconds for #7 Aug 26 13:22:37.474950: | libevent_malloc: new ptr-libevent@0x5649f9ae01e8 size 128 Aug 26 13:22:37.474963: | DPD: scheduling timeout to 10 Aug 26 13:22:37.474973: | event_schedule: new EVENT_DPD_TIMEOUT-pe@0x5649f9ab9998 Aug 26 13:22:37.474985: | inserting event EVENT_DPD_TIMEOUT, timeout in 10 seconds for #1 Aug 26 13:22:37.474995: | libevent_malloc: new ptr-libevent@0x5649f9ae5ee8 size 128 Aug 26 13:22:37.475011: | DPD: sending R_U_THERE 13825 to 192.1.2.23:500 (state #1) Aug 26 13:22:37.475065: | **emit ISAKMP Message: Aug 26 13:22:37.475078: | initiator cookie: Aug 26 13:22:37.475088: | ff 46 30 fd 82 4a 54 6b Aug 26 13:22:37.475097: | responder cookie: Aug 26 13:22:37.475107: | d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:37.475119: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:37.475131: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 13:22:37.475141: | exchange type: ISAKMP_XCHG_INFO (0x5) Aug 26 13:22:37.475153: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 13:22:37.475164: | Message ID: 4099608478 (0xf45b0f9e) Aug 26 13:22:37.475176: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:22:37.475200: | ***emit ISAKMP Hash Payload: Aug 26 13:22:37.475212: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:37.475226: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Aug 26 13:22:37.475239: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'ISAKMP notify' Aug 26 13:22:37.475253: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Aug 26 13:22:37.475264: | emitting length of ISAKMP Hash Payload: 36 Aug 26 13:22:37.475274: | ***emit ISAKMP Notification Payload: Aug 26 13:22:37.475285: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:37.475314: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 13:22:37.475326: | protocol ID: 1 (0x1) Aug 26 13:22:37.475336: | SPI size: 16 (0x10) Aug 26 13:22:37.475347: | Notify Message Type: R_U_THERE (0x8d28) Aug 26 13:22:37.475360: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Notification Payload (11:ISAKMP_NEXT_N) Aug 26 13:22:37.475373: | next payload chain: saving location 'ISAKMP Notification Payload'.'next payload type' in 'ISAKMP notify' Aug 26 13:22:37.475386: | emitting 8 raw bytes of notify icookie into ISAKMP Notification Payload Aug 26 13:22:37.475397: | notify icookie ff 46 30 fd 82 4a 54 6b Aug 26 13:22:37.475409: | emitting 8 raw bytes of notify rcookie into ISAKMP Notification Payload Aug 26 13:22:37.475420: | notify rcookie d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:37.475431: | emitting 4 raw bytes of notify data into ISAKMP Notification Payload Aug 26 13:22:37.475440: | notify data 00 00 36 01 Aug 26 13:22:37.475451: | emitting length of ISAKMP Notification Payload: 32 Aug 26 13:22:37.475545: | notification HASH(1): Aug 26 13:22:37.475560: | 99 a3 8e a0 fa c1 cd e1 28 25 32 35 63 50 f1 b0 Aug 26 13:22:37.475570: | c4 ea 8d b6 24 ab 3c c9 d2 d5 09 18 47 f8 f8 b0 Aug 26 13:22:37.475603: | emitting 12 zero bytes of encryption padding into ISAKMP Message Aug 26 13:22:37.475616: | no IKEv1 message padding required Aug 26 13:22:37.475626: | emitting length of ISAKMP Message: 108 Aug 26 13:22:37.475676: | sending 108 bytes for ISAKMP notify through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Aug 26 13:22:37.475689: | ff 46 30 fd 82 4a 54 6b d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:37.475699: | 08 10 05 01 f4 5b 0f 9e 00 00 00 6c b1 c9 d9 15 Aug 26 13:22:37.475709: | d7 91 13 b6 16 15 bc 44 5d b8 d5 19 c7 ed d2 a0 Aug 26 13:22:37.475719: | 19 28 cb b5 0a 9a b7 53 7e 4c 54 13 12 85 fc 99 Aug 26 13:22:37.475729: | b9 12 4a a9 1c 2a 2f 40 f3 ea 62 1b ab 49 b6 b0 Aug 26 13:22:37.475738: | 0d 8a 7b af 67 6f 97 0d bc 1e 15 f5 d4 c9 54 76 Aug 26 13:22:37.475748: | e5 fc 24 fe d9 0a af bd b8 75 35 40 Aug 26 13:22:37.475893: | libevent_free: release ptr-libevent@0x7f83ac0027d8 Aug 26 13:22:37.475912: | free_event_entry: release EVENT_DPD-pe@0x5649f9ac6cd8 Aug 26 13:22:37.475938: | #7 spent 1.12 milliseconds in timer_event_cb() EVENT_DPD Aug 26 13:22:37.475959: | stop processing: state #7 connection "north-dpd/0x2" from 192.1.2.23 (in timer_event_cb() at timer.c:557) Aug 26 13:22:37.477052: | spent 0.00503 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:22:37.477095: | *received 108 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 13:22:37.477104: | ff 46 30 fd 82 4a 54 6b d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:37.477111: | 08 10 05 01 ae dd 34 8d 00 00 00 6c 0c 20 74 c3 Aug 26 13:22:37.477118: | 23 bf cc 18 fc 53 8c c4 96 8a 48 7d 99 c2 c1 27 Aug 26 13:22:37.477124: | ed 19 3a 9f 94 c0 ee 2c 08 b6 0b 47 4a d8 5b 2b Aug 26 13:22:37.477129: | d4 93 bc f8 eb 6a 10 f1 1e d3 95 15 06 5b c4 a2 Aug 26 13:22:37.477135: | 8a 5c 12 e5 19 12 00 a9 3e 8a 36 36 8a 77 1b 29 Aug 26 13:22:37.477141: | c3 32 02 c5 70 15 df 5e f7 33 f6 db Aug 26 13:22:37.477152: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 13:22:37.477168: | **parse ISAKMP Message: Aug 26 13:22:37.477176: | initiator cookie: Aug 26 13:22:37.477182: | ff 46 30 fd 82 4a 54 6b Aug 26 13:22:37.477188: | responder cookie: Aug 26 13:22:37.477195: | d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:37.477202: | next payload type: ISAKMP_NEXT_HASH (0x8) Aug 26 13:22:37.477209: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 13:22:37.477216: | exchange type: ISAKMP_XCHG_INFO (0x5) Aug 26 13:22:37.477223: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 13:22:37.477230: | Message ID: 2933732493 (0xaedd348d) Aug 26 13:22:37.477237: | length: 108 (0x6c) Aug 26 13:22:37.477244: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_INFO (5) Aug 26 13:22:37.477253: | peer and cookies match on #7; msgid=00000000 st_msgid=6e4749b1 st_msgid_phase15=00000000 Aug 26 13:22:37.477261: | peer and cookies match on #6; msgid=00000000 st_msgid=550e82c8 st_msgid_phase15=00000000 Aug 26 13:22:37.477268: | peer and cookies match on #5; msgid=00000000 st_msgid=7d206b25 st_msgid_phase15=00000000 Aug 26 13:22:37.477275: | peer and cookies match on #4; msgid=00000000 st_msgid=17ff60cc st_msgid_phase15=00000000 Aug 26 13:22:37.477283: | peer and cookies match on #1; msgid=00000000 st_msgid=00000000 st_msgid_phase15=00000000 Aug 26 13:22:37.477300: | p15 state object #1 found, in STATE_MAIN_I4 Aug 26 13:22:37.477312: | State DB: found IKEv1 state #1 in MAIN_I4 (find_v1_info_state) Aug 26 13:22:37.477325: | start processing: state #1 connection "north-dpd/0x2" from 192.1.2.23 (in process_v1_packet() at ikev1.c:1479) Aug 26 13:22:37.477351: | #1 is idle Aug 26 13:22:37.477359: | #1 idle Aug 26 13:22:37.477369: | received encrypted packet from 192.1.2.23:500 Aug 26 13:22:37.477390: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x100 opt: 0x0 Aug 26 13:22:37.477398: | ***parse ISAKMP Hash Payload: Aug 26 13:22:37.477405: | next payload type: ISAKMP_NEXT_N (0xb) Aug 26 13:22:37.477412: | length: 36 (0x24) Aug 26 13:22:37.477419: | got payload 0x800 (ISAKMP_NEXT_N) needed: 0x0 opt: 0x0 Aug 26 13:22:37.477427: | ***parse ISAKMP Notification Payload: Aug 26 13:22:37.477434: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:37.477441: | length: 32 (0x20) Aug 26 13:22:37.477448: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 13:22:37.477454: | protocol ID: 1 (0x1) Aug 26 13:22:37.477461: | SPI size: 16 (0x10) Aug 26 13:22:37.477468: | Notify Message Type: R_U_THERE_ACK (0x8d29) Aug 26 13:22:37.477474: | removing 12 bytes of padding Aug 26 13:22:37.477517: | informational HASH(1): Aug 26 13:22:37.477526: | c0 38 78 6a fa b4 d6 94 b8 8f ab aa 68 bf 29 65 Aug 26 13:22:37.477533: | 43 24 f5 56 2f 7b a4 ab af b5 09 fe 3a d8 b2 b6 Aug 26 13:22:37.477540: | received 'informational' message HASH(1) data ok Aug 26 13:22:37.477547: | info: ff 46 30 fd 82 4a 54 6b d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:37.477553: | info: 00 00 36 01 Aug 26 13:22:37.477565: | #1 spent 1.85 milliseconds Aug 26 13:22:37.477573: | processing informational R_U_THERE_ACK (36137) Aug 26 13:22:37.477580: | pstats ikev1_recv_notifies_e 36137 Aug 26 13:22:37.477588: | DPD: R_U_THERE_ACK, seqno received: 13825 expected: 13825 (state=#1) Aug 26 13:22:37.477598: | state #1 requesting EVENT_DPD_TIMEOUT-pe@0x5649f9ab9998 be deleted Aug 26 13:22:37.477607: | libevent_free: release ptr-libevent@0x5649f9ae5ee8 Aug 26 13:22:37.477615: | free_event_entry: release EVENT_DPD_TIMEOUT-pe@0x5649f9ab9998 Aug 26 13:22:37.477623: | complete v1 state transition with STF_IGNORE Aug 26 13:22:37.477635: | #1 spent 0.0702 milliseconds in process_packet_tail() Aug 26 13:22:37.477647: | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) Aug 26 13:22:37.477660: | stop processing: state #1 connection "north-dpd/0x2" from 192.1.2.23 (in process_md() at demux.c:382) Aug 26 13:22:37.477669: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:22:37.477680: | spent 0.595 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:22:37.482365: | spent 0.00415 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:22:37.482396: | NAT-T keep-alive (bogus ?) should not reach this point. Ignored. Sender: 192.1.2.23:500 Aug 26 13:22:37.482405: | spent 0.0196 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:22:37.482486: | spent 0.00334 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:22:37.482503: | NAT-T keep-alive (bogus ?) should not reach this point. Ignored. Sender: 192.1.2.23:500 Aug 26 13:22:37.482511: | spent 0.0154 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:22:38.561357: | spent 0.01 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:22:38.561455: | *received 460 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 13:22:38.561472: | ff 46 30 fd 82 4a 54 6b d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:38.561486: | 08 10 20 01 17 ff 60 cc 00 00 01 cc 91 d8 8d ab Aug 26 13:22:38.561499: | 13 84 10 79 0c 45 94 a3 57 8e f0 7f 3f 6d 6b f8 Aug 26 13:22:38.561512: | d7 6b f0 22 26 d2 a8 2f c2 2e 83 c3 44 3c 19 62 Aug 26 13:22:38.561525: | 86 5b cf ef 37 22 b6 8d f9 ad d8 7d 0f ff 82 88 Aug 26 13:22:38.561537: | 01 54 f3 c1 6c 83 70 02 f3 19 96 3e 7e f9 3d 0f Aug 26 13:22:38.561549: | 1a 2c 33 a0 4c 89 62 34 ac 14 4e 13 bc 8a 21 7b Aug 26 13:22:38.561562: | 00 14 44 6b 60 94 db ed e6 4a 4a 5a d2 27 78 86 Aug 26 13:22:38.561575: | 74 d7 81 87 45 7a d6 73 db 60 52 ee 06 42 1b 02 Aug 26 13:22:38.561587: | 00 6b 63 00 b6 29 9e 77 8e 75 ea d9 f1 da 31 71 Aug 26 13:22:38.561600: | 66 6c a4 4f de 0b 2d eb c1 74 31 16 58 cf b1 68 Aug 26 13:22:38.561613: | e2 95 0e 30 ff fb c6 fd 22 52 53 67 cc bf a7 84 Aug 26 13:22:38.561626: | 67 f3 2d 61 cf 79 66 2c be a8 b7 62 e5 b7 ac 0f Aug 26 13:22:38.561638: | 90 68 d4 c8 a2 d8 e2 01 a7 c6 e8 33 61 82 3b 6b Aug 26 13:22:38.561651: | 47 42 ff d1 78 4b 94 a4 2b 42 3d ab 90 1c 25 00 Aug 26 13:22:38.561664: | 62 5e 9c a1 02 54 b8 c3 cc b8 63 b1 0b 8a 6b 5f Aug 26 13:22:38.561676: | 09 3c 58 ef 71 93 a1 3c 18 23 60 62 04 15 bf 87 Aug 26 13:22:38.561689: | 40 0f cf d4 47 42 33 78 4d 1f cb a9 44 24 f6 88 Aug 26 13:22:38.561702: | 4b 76 c0 04 cd 76 51 14 1e 7f f9 a7 f0 c4 7f 68 Aug 26 13:22:38.561715: | e3 d5 c2 83 f9 f1 ed 71 9a 97 ef 97 13 69 4e 91 Aug 26 13:22:38.561728: | 3f 2a c5 30 a9 b2 7d f8 fe c3 ed 82 e6 68 e3 47 Aug 26 13:22:38.561742: | 53 94 e9 f8 b4 21 43 2b 2d e1 b6 aa 44 fe 24 ae Aug 26 13:22:38.561755: | 89 69 4c e8 b4 7c 2a 87 0a 3e 21 56 cb 9b 1f 01 Aug 26 13:22:38.561768: | 7a 97 65 33 b1 25 44 85 89 2e 84 29 ba ac 67 87 Aug 26 13:22:38.561781: | a0 2a b2 ab ff 41 df b6 78 49 8c 24 8c a2 52 8e Aug 26 13:22:38.561794: | 84 c9 34 c2 23 9b 32 a5 bb bd 3f 31 2f 83 89 93 Aug 26 13:22:38.561806: | 24 f7 d2 b2 c1 6e 08 dc a9 f6 b5 04 64 85 87 05 Aug 26 13:22:38.561820: | f1 56 60 d3 fe fe f0 0a dd 26 4e 38 07 2d 9e d4 Aug 26 13:22:38.561832: | 62 db 0c a7 e8 a7 2a c9 1c de 93 74 Aug 26 13:22:38.561857: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 13:22:38.561875: | **parse ISAKMP Message: Aug 26 13:22:38.561890: | initiator cookie: Aug 26 13:22:38.561903: | ff 46 30 fd 82 4a 54 6b Aug 26 13:22:38.561916: | responder cookie: Aug 26 13:22:38.561929: | d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:38.561945: | next payload type: ISAKMP_NEXT_HASH (0x8) Aug 26 13:22:38.561960: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 13:22:38.561974: | exchange type: ISAKMP_XCHG_QUICK (0x20) Aug 26 13:22:38.561989: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 13:22:38.562003: | Message ID: 402612428 (0x17ff60cc) Aug 26 13:22:38.562017: | length: 460 (0x1cc) Aug 26 13:22:38.562034: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32) Aug 26 13:22:38.562054: | State DB: found IKEv1 state #4 in QUICK_I1 (find_state_ikev1) Aug 26 13:22:38.562089: | start processing: state #4 connection "north-dpd/0x2" from 192.1.2.23 (in process_v1_packet() at ikev1.c:1633) Aug 26 13:22:38.562106: | #4 is idle Aug 26 13:22:38.562119: | #4 idle Aug 26 13:22:38.562140: | "north-dpd/0x2" #4: discarding duplicate packet; already STATE_QUICK_I1; replied=F retransmit_on_duplicate=F Aug 26 13:22:38.562164: | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) Aug 26 13:22:38.562189: | stop processing: state #4 connection "north-dpd/0x2" from 192.1.2.23 (in process_md() at demux.c:382) Aug 26 13:22:38.562204: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:22:38.562226: | spent 0.819 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:22:38.562259: | spent 0.00582 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:22:38.562319: | *received 460 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 13:22:38.562337: | ff 46 30 fd 82 4a 54 6b d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:38.562345: | 08 10 20 01 7d 20 6b 25 00 00 01 cc af 36 6f 0c Aug 26 13:22:38.562353: | 84 ee 71 a9 51 a8 42 2e 9c e1 24 b8 71 b4 a5 93 Aug 26 13:22:38.562361: | de e8 dc 17 62 37 71 d5 a1 f6 82 57 96 56 b3 c6 Aug 26 13:22:38.562368: | 76 d1 d6 36 c4 72 23 b3 f3 c5 ff d3 a4 cf d0 8e Aug 26 13:22:38.562376: | ad c5 9a 7b e8 fd e1 3c eb 8b 45 35 6d 63 de 11 Aug 26 13:22:38.562383: | 29 74 d0 79 5c 7b 82 e3 34 59 22 44 12 ba fb 41 Aug 26 13:22:38.562391: | e8 f9 d6 dd 3f 63 d6 63 ac d8 dd 13 bf 4a 20 66 Aug 26 13:22:38.562398: | 90 e6 f7 63 f0 e0 34 a3 87 71 aa ce 67 c7 41 40 Aug 26 13:22:38.562406: | 82 a0 e9 da 1c 1e 04 df 59 5a a4 e1 5f 70 e2 ca Aug 26 13:22:38.562413: | a3 50 8e ab 30 c1 3d e6 00 69 4c e3 87 3f 26 9e Aug 26 13:22:38.562420: | 59 96 ef 81 60 96 d3 f4 c4 f8 7a e5 42 77 3f 2a Aug 26 13:22:38.562428: | b3 7b 76 93 d1 28 ca db 44 07 e6 12 2a 6b 75 a9 Aug 26 13:22:38.562435: | 49 9e 30 24 b2 aa 98 b2 4a 09 5f ac 04 5a 76 b6 Aug 26 13:22:38.562443: | 84 51 db ae 4d 7e 36 24 51 43 6b 2b 86 88 79 4e Aug 26 13:22:38.562450: | e3 54 3a de 1f 63 48 c7 1d b3 83 00 45 1d ba 1f Aug 26 13:22:38.562458: | 3d 5b 05 dc fb f2 26 d6 70 65 0e 56 6c 4c 88 de Aug 26 13:22:38.562465: | 53 ff ba 2e 0a e7 38 87 04 18 77 a3 40 06 21 72 Aug 26 13:22:38.562473: | 0d 48 6f 9b 13 64 cf e2 34 aa 64 4c 19 13 c9 af Aug 26 13:22:38.562480: | c0 44 36 cf 0e f1 c1 fb c2 35 9f 80 2c 48 f8 62 Aug 26 13:22:38.562488: | 69 f5 da 06 e0 33 34 4e 35 d7 01 53 00 29 23 a8 Aug 26 13:22:38.562495: | 6b 9b d5 fe fd e6 4b a3 aa e5 71 b8 b5 6d 75 e1 Aug 26 13:22:38.562503: | f1 bd 65 9c 6e 21 eb a5 64 95 6d ec df 6b 21 28 Aug 26 13:22:38.562510: | a0 52 a2 2c a5 89 2f a2 af 89 8a c9 a2 f7 55 bb Aug 26 13:22:38.562517: | 91 a2 a2 44 85 d3 3e 79 7c 2b db 08 60 f8 5a 9d Aug 26 13:22:38.562525: | 88 75 71 dd 47 8d 0e 70 66 60 9a f8 4d 81 10 81 Aug 26 13:22:38.562532: | 7d c4 e6 bd 77 84 54 13 d1 3b eb f6 6e 7f 1c 4f Aug 26 13:22:38.562540: | c4 3c 63 e0 ea 33 4e d1 fa 99 78 14 83 c6 d9 34 Aug 26 13:22:38.562547: | bc fc 0d 2d db e4 5e ab 81 5d 99 08 Aug 26 13:22:38.562560: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 13:22:38.562569: | **parse ISAKMP Message: Aug 26 13:22:38.562578: | initiator cookie: Aug 26 13:22:38.562585: | ff 46 30 fd 82 4a 54 6b Aug 26 13:22:38.562593: | responder cookie: Aug 26 13:22:38.562601: | d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:38.562609: | next payload type: ISAKMP_NEXT_HASH (0x8) Aug 26 13:22:38.562618: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 13:22:38.562626: | exchange type: ISAKMP_XCHG_QUICK (0x20) Aug 26 13:22:38.562634: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 13:22:38.562643: | Message ID: 2099276581 (0x7d206b25) Aug 26 13:22:38.562651: | length: 460 (0x1cc) Aug 26 13:22:38.562660: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32) Aug 26 13:22:38.562677: | State DB: found IKEv1 state #5 in QUICK_I1 (find_state_ikev1) Aug 26 13:22:38.562693: | start processing: state #5 connection "north-dpd/0x1" from 192.1.2.23 (in process_v1_packet() at ikev1.c:1633) Aug 26 13:22:38.562701: | #5 is idle Aug 26 13:22:38.562708: | #5 idle Aug 26 13:22:38.562720: | "north-dpd/0x1" #5: discarding duplicate packet; already STATE_QUICK_I1; replied=F retransmit_on_duplicate=F Aug 26 13:22:38.562733: | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) Aug 26 13:22:38.562747: | stop processing: state #5 connection "north-dpd/0x1" from 192.1.2.23 (in process_md() at demux.c:382) Aug 26 13:22:38.562756: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:22:38.562770: | spent 0.472 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:22:40.477321: | timer_event_cb: processing event@0x5649f9ae2778 Aug 26 13:22:40.477338: | handling event EVENT_DPD for child state #7 Aug 26 13:22:40.477347: | start processing: state #7 connection "north-dpd/0x2" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 13:22:40.477353: | [RE]START processing: state #7 connection "north-dpd/0x2" from 192.1.2.23 (in dpd_event() at ikev1_dpd.c:360) Aug 26 13:22:40.477357: | FOR_EACH_STATE_... in find_phase1_state Aug 26 13:22:40.477362: | DPD: processing for state #7 ("north-dpd/0x2") Aug 26 13:22:40.477367: | DPD: not yet time for dpd event: 11046.219832 < 11046.220061 Aug 26 13:22:40.477371: | event_schedule: new EVENT_DPD-pe@0x5649f9ab9998 Aug 26 13:22:40.477376: | inserting event EVENT_DPD, timeout in 0.000229 seconds for #7 Aug 26 13:22:40.477380: | libevent_malloc: new ptr-libevent@0x5649f9adc998 size 128 Aug 26 13:22:40.477385: | libevent_free: release ptr-libevent@0x5649f9ae01e8 Aug 26 13:22:40.477388: | free_event_entry: release EVENT_DPD-pe@0x5649f9ae2778 Aug 26 13:22:40.477397: | #7 spent 0.0764 milliseconds in timer_event_cb() EVENT_DPD Aug 26 13:22:40.477402: | stop processing: state #7 connection "north-dpd/0x2" from 192.1.2.23 (in timer_event_cb() at timer.c:557) Aug 26 13:22:40.478473: | timer_event_cb: processing event@0x5649f9ab9998 Aug 26 13:22:40.478488: | handling event EVENT_DPD for child state #7 Aug 26 13:22:40.478495: | start processing: state #7 connection "north-dpd/0x2" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 13:22:40.478502: | [RE]START processing: state #7 connection "north-dpd/0x2" from 192.1.2.23 (in dpd_event() at ikev1_dpd.c:360) Aug 26 13:22:40.478505: | FOR_EACH_STATE_... in find_phase1_state Aug 26 13:22:40.478510: | DPD: processing for state #7 ("north-dpd/0x2") Aug 26 13:22:40.478516: | get_sa_info esp.893ef52c@192.1.3.33 Aug 26 13:22:40.478897: | event_schedule: new EVENT_DPD-pe@0x5649f9ae2778 Aug 26 13:22:40.478906: | inserting event EVENT_DPD, timeout in 3 seconds for #7 Aug 26 13:22:40.478910: | libevent_malloc: new ptr-libevent@0x5649f9ae01e8 size 128 Aug 26 13:22:40.478914: | DPD: scheduling timeout to 10 Aug 26 13:22:40.478917: | event_schedule: new EVENT_DPD_TIMEOUT-pe@0x5649f9ac6cd8 Aug 26 13:22:40.478921: | inserting event EVENT_DPD_TIMEOUT, timeout in 10 seconds for #1 Aug 26 13:22:40.478924: | libevent_malloc: new ptr-libevent@0x5649f9aca388 size 128 Aug 26 13:22:40.478929: | DPD: sending R_U_THERE 13826 to 192.1.2.23:500 (state #1) Aug 26 13:22:40.478942: | **emit ISAKMP Message: Aug 26 13:22:40.478946: | initiator cookie: Aug 26 13:22:40.478949: | ff 46 30 fd 82 4a 54 6b Aug 26 13:22:40.478951: | responder cookie: Aug 26 13:22:40.478954: | d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:40.478957: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:40.478960: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 13:22:40.478963: | exchange type: ISAKMP_XCHG_INFO (0x5) Aug 26 13:22:40.478966: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 13:22:40.478969: | Message ID: 3602990959 (0xd6c1476f) Aug 26 13:22:40.478972: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:22:40.478975: | ***emit ISAKMP Hash Payload: Aug 26 13:22:40.478982: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:40.478985: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Aug 26 13:22:40.478989: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'ISAKMP notify' Aug 26 13:22:40.478992: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Aug 26 13:22:40.478995: | emitting length of ISAKMP Hash Payload: 36 Aug 26 13:22:40.478998: | ***emit ISAKMP Notification Payload: Aug 26 13:22:40.479001: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:40.479003: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 13:22:40.479006: | protocol ID: 1 (0x1) Aug 26 13:22:40.479009: | SPI size: 16 (0x10) Aug 26 13:22:40.479012: | Notify Message Type: R_U_THERE (0x8d28) Aug 26 13:22:40.479015: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Notification Payload (11:ISAKMP_NEXT_N) Aug 26 13:22:40.479018: | next payload chain: saving location 'ISAKMP Notification Payload'.'next payload type' in 'ISAKMP notify' Aug 26 13:22:40.479022: | emitting 8 raw bytes of notify icookie into ISAKMP Notification Payload Aug 26 13:22:40.479025: | notify icookie ff 46 30 fd 82 4a 54 6b Aug 26 13:22:40.479028: | emitting 8 raw bytes of notify rcookie into ISAKMP Notification Payload Aug 26 13:22:40.479030: | notify rcookie d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:40.479033: | emitting 4 raw bytes of notify data into ISAKMP Notification Payload Aug 26 13:22:40.479036: | notify data 00 00 36 02 Aug 26 13:22:40.479039: | emitting length of ISAKMP Notification Payload: 32 Aug 26 13:22:40.479072: | notification HASH(1): Aug 26 13:22:40.479075: | e6 5c 71 30 f4 3e 3a cb 0f cf 78 b2 3d 98 5b 68 Aug 26 13:22:40.479078: | 6b dd fd 21 99 81 6d e6 7e 48 af 7e a5 45 a1 08 Aug 26 13:22:40.479087: | emitting 12 zero bytes of encryption padding into ISAKMP Message Aug 26 13:22:40.479090: | no IKEv1 message padding required Aug 26 13:22:40.479092: | emitting length of ISAKMP Message: 108 Aug 26 13:22:40.479107: | sending 108 bytes for ISAKMP notify through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Aug 26 13:22:40.479110: | ff 46 30 fd 82 4a 54 6b d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:40.479113: | 08 10 05 01 d6 c1 47 6f 00 00 00 6c 93 fc b9 fb Aug 26 13:22:40.479115: | 98 6d c0 03 2d 75 41 bf f2 99 ea 49 7d 24 8b 8b Aug 26 13:22:40.479118: | 0e fe 30 26 35 d5 2d da 37 26 9f 27 6b 18 8b 04 Aug 26 13:22:40.479120: | a1 a5 32 15 4d 78 16 31 12 69 ff a2 2b 66 0b dc Aug 26 13:22:40.479123: | 41 4f 68 8a 55 e2 b0 5d f4 9f b5 7d 68 b6 09 56 Aug 26 13:22:40.479125: | 73 24 3c 13 02 82 80 a6 d0 ea 4a 63 Aug 26 13:22:40.479181: | libevent_free: release ptr-libevent@0x5649f9adc998 Aug 26 13:22:40.479186: | free_event_entry: release EVENT_DPD-pe@0x5649f9ab9998 Aug 26 13:22:40.479194: | #7 spent 0.691 milliseconds in timer_event_cb() EVENT_DPD Aug 26 13:22:40.479200: | stop processing: state #7 connection "north-dpd/0x2" from 192.1.2.23 (in timer_event_cb() at timer.c:557) Aug 26 13:22:40.479538: | spent 0.00217 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:22:40.479556: | *received 108 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 13:22:40.479560: | ff 46 30 fd 82 4a 54 6b d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:40.479563: | 08 10 05 01 93 a2 50 73 00 00 00 6c d6 55 38 e4 Aug 26 13:22:40.479565: | 19 76 13 7c a8 01 5b b9 c6 36 16 f1 db 4e e1 bb Aug 26 13:22:40.479567: | 10 be f7 01 5c 3b ec 23 f6 ed a2 86 5e 78 46 e5 Aug 26 13:22:40.479569: | 40 b5 2b 71 f6 98 a1 83 c1 5a 93 b9 1d 95 1e 93 Aug 26 13:22:40.479573: | 99 83 4f 81 3d 83 b7 ba 43 78 39 de b7 4a 53 70 Aug 26 13:22:40.479574: | 19 62 05 34 3e 15 02 9b 7c cb e1 56 Aug 26 13:22:40.479577: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 13:22:40.479580: | **parse ISAKMP Message: Aug 26 13:22:40.479585: | initiator cookie: Aug 26 13:22:40.479586: | ff 46 30 fd 82 4a 54 6b Aug 26 13:22:40.479588: | responder cookie: Aug 26 13:22:40.479590: | d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:40.479592: | next payload type: ISAKMP_NEXT_HASH (0x8) Aug 26 13:22:40.479593: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 13:22:40.479595: | exchange type: ISAKMP_XCHG_INFO (0x5) Aug 26 13:22:40.479597: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 13:22:40.479599: | Message ID: 2476888179 (0x93a25073) Aug 26 13:22:40.479600: | length: 108 (0x6c) Aug 26 13:22:40.479603: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_INFO (5) Aug 26 13:22:40.479605: | peer and cookies match on #7; msgid=00000000 st_msgid=6e4749b1 st_msgid_phase15=00000000 Aug 26 13:22:40.479608: | peer and cookies match on #6; msgid=00000000 st_msgid=550e82c8 st_msgid_phase15=00000000 Aug 26 13:22:40.479610: | peer and cookies match on #5; msgid=00000000 st_msgid=7d206b25 st_msgid_phase15=00000000 Aug 26 13:22:40.479612: | peer and cookies match on #4; msgid=00000000 st_msgid=17ff60cc st_msgid_phase15=00000000 Aug 26 13:22:40.479614: | peer and cookies match on #1; msgid=00000000 st_msgid=00000000 st_msgid_phase15=00000000 Aug 26 13:22:40.479615: | p15 state object #1 found, in STATE_MAIN_I4 Aug 26 13:22:40.479617: | State DB: found IKEv1 state #1 in MAIN_I4 (find_v1_info_state) Aug 26 13:22:40.479621: | start processing: state #1 connection "north-dpd/0x2" from 192.1.2.23 (in process_v1_packet() at ikev1.c:1479) Aug 26 13:22:40.479631: | #1 is idle Aug 26 13:22:40.479633: | #1 idle Aug 26 13:22:40.479635: | received encrypted packet from 192.1.2.23:500 Aug 26 13:22:40.479642: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x100 opt: 0x0 Aug 26 13:22:40.479644: | ***parse ISAKMP Hash Payload: Aug 26 13:22:40.479646: | next payload type: ISAKMP_NEXT_N (0xb) Aug 26 13:22:40.479648: | length: 36 (0x24) Aug 26 13:22:40.479650: | got payload 0x800 (ISAKMP_NEXT_N) needed: 0x0 opt: 0x0 Aug 26 13:22:40.479652: | ***parse ISAKMP Notification Payload: Aug 26 13:22:40.479654: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:40.479655: | length: 32 (0x20) Aug 26 13:22:40.479657: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 13:22:40.479658: | protocol ID: 1 (0x1) Aug 26 13:22:40.479660: | SPI size: 16 (0x10) Aug 26 13:22:40.479662: | Notify Message Type: R_U_THERE_ACK (0x8d29) Aug 26 13:22:40.479663: | removing 12 bytes of padding Aug 26 13:22:40.479676: | informational HASH(1): Aug 26 13:22:40.479678: | e9 db b8 3d 8c fc d8 c1 e0 6d 81 8b 02 9e 72 3e Aug 26 13:22:40.479680: | 91 2e e8 44 8e 4b 4f ed b6 a8 06 bc 99 5a 6e 2c Aug 26 13:22:40.479682: | received 'informational' message HASH(1) data ok Aug 26 13:22:40.479684: | info: ff 46 30 fd 82 4a 54 6b d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:40.479685: | info: 00 00 36 02 Aug 26 13:22:40.479689: | #1 spent 2.64 milliseconds Aug 26 13:22:40.479691: | processing informational R_U_THERE_ACK (36137) Aug 26 13:22:40.479692: | pstats ikev1_recv_notifies_e 36137 Aug 26 13:22:40.479694: | DPD: R_U_THERE_ACK, seqno received: 13826 expected: 13826 (state=#1) Aug 26 13:22:40.479697: | state #1 requesting EVENT_DPD_TIMEOUT-pe@0x5649f9ac6cd8 be deleted Aug 26 13:22:40.479700: | libevent_free: release ptr-libevent@0x5649f9aca388 Aug 26 13:22:40.479702: | free_event_entry: release EVENT_DPD_TIMEOUT-pe@0x5649f9ac6cd8 Aug 26 13:22:40.479704: | complete v1 state transition with STF_IGNORE Aug 26 13:22:40.479707: | #1 spent 0.019 milliseconds in process_packet_tail() Aug 26 13:22:40.479710: | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) Aug 26 13:22:40.479713: | stop processing: state #1 connection "north-dpd/0x2" from 192.1.2.23 (in process_md() at demux.c:382) Aug 26 13:22:40.479716: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:22:40.479718: | spent 0.17 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:22:42.632080: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:22:42.632490: | FOR_EACH_STATE_... in show_traffic_status (sort_states) Aug 26 13:22:42.632499: | FOR_EACH_STATE_... in sort_states Aug 26 13:22:42.632508: | get_sa_info esp.6367355e@192.1.3.33 Aug 26 13:22:42.632538: | get_sa_info esp.1de30b97@192.1.2.23 Aug 26 13:22:42.632560: | get_sa_info esp.893ef52c@192.1.3.33 Aug 26 13:22:42.632582: | get_sa_info esp.d3e21e6a@192.1.2.23 Aug 26 13:22:42.632602: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:22:42.632610: | spent 0.549 milliseconds in whack Aug 26 13:22:43.453533: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:22:43.453743: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 13:22:43.453748: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 13:22:43.453851: | FOR_EACH_STATE_... in show_states_status (sort_states) Aug 26 13:22:43.453853: | FOR_EACH_STATE_... in sort_states Aug 26 13:22:43.453864: | get_sa_info esp.6367355e@192.1.3.33 Aug 26 13:22:43.453880: | get_sa_info esp.1de30b97@192.1.2.23 Aug 26 13:22:43.453897: | get_sa_info esp.893ef52c@192.1.3.33 Aug 26 13:22:43.453903: | get_sa_info esp.d3e21e6a@192.1.2.23 Aug 26 13:22:43.453918: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 13:22:43.453923: | spent 0.412 milliseconds in whack Aug 26 13:22:43.480016: | timer_event_cb: processing event@0x5649f9ae2778 Aug 26 13:22:43.480031: | handling event EVENT_DPD for child state #7 Aug 26 13:22:43.480038: | start processing: state #7 connection "north-dpd/0x2" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 13:22:43.480042: | [RE]START processing: state #7 connection "north-dpd/0x2" from 192.1.2.23 (in dpd_event() at ikev1_dpd.c:360) Aug 26 13:22:43.480044: | FOR_EACH_STATE_... in find_phase1_state Aug 26 13:22:43.480048: | DPD: processing for state #7 ("north-dpd/0x2") Aug 26 13:22:43.480053: | get_sa_info esp.893ef52c@192.1.3.33 Aug 26 13:22:43.480066: | event_schedule: new EVENT_DPD-pe@0x5649f9ac6cd8 Aug 26 13:22:43.480070: | inserting event EVENT_DPD, timeout in 3 seconds for #7 Aug 26 13:22:43.480072: | libevent_malloc: new ptr-libevent@0x5649f9ac8a08 size 128 Aug 26 13:22:43.480075: | DPD: scheduling timeout to 10 Aug 26 13:22:43.480077: | event_schedule: new EVENT_DPD_TIMEOUT-pe@0x5649f9ab9998 Aug 26 13:22:43.480079: | inserting event EVENT_DPD_TIMEOUT, timeout in 10 seconds for #1 Aug 26 13:22:43.480081: | libevent_malloc: new ptr-libevent@0x5649f9ae5ee8 size 128 Aug 26 13:22:43.480084: | DPD: sending R_U_THERE 13827 to 192.1.2.23:500 (state #1) Aug 26 13:22:43.480096: | **emit ISAKMP Message: Aug 26 13:22:43.480098: | initiator cookie: Aug 26 13:22:43.480100: | ff 46 30 fd 82 4a 54 6b Aug 26 13:22:43.480101: | responder cookie: Aug 26 13:22:43.480103: | d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:43.480105: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:43.480107: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 13:22:43.480109: | exchange type: ISAKMP_XCHG_INFO (0x5) Aug 26 13:22:43.480111: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 13:22:43.480113: | Message ID: 1293002248 (0x4d11a608) Aug 26 13:22:43.480115: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:22:43.480117: | ***emit ISAKMP Hash Payload: Aug 26 13:22:43.480119: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:43.480121: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Aug 26 13:22:43.480123: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'ISAKMP notify' Aug 26 13:22:43.480126: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Aug 26 13:22:43.480127: | emitting length of ISAKMP Hash Payload: 36 Aug 26 13:22:43.480129: | ***emit ISAKMP Notification Payload: Aug 26 13:22:43.480131: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:43.480136: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 13:22:43.480138: | protocol ID: 1 (0x1) Aug 26 13:22:43.480140: | SPI size: 16 (0x10) Aug 26 13:22:43.480142: | Notify Message Type: R_U_THERE (0x8d28) Aug 26 13:22:43.480144: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Notification Payload (11:ISAKMP_NEXT_N) Aug 26 13:22:43.480146: | next payload chain: saving location 'ISAKMP Notification Payload'.'next payload type' in 'ISAKMP notify' Aug 26 13:22:43.480149: | emitting 8 raw bytes of notify icookie into ISAKMP Notification Payload Aug 26 13:22:43.480150: | notify icookie ff 46 30 fd 82 4a 54 6b Aug 26 13:22:43.480152: | emitting 8 raw bytes of notify rcookie into ISAKMP Notification Payload Aug 26 13:22:43.480154: | notify rcookie d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:43.480156: | emitting 4 raw bytes of notify data into ISAKMP Notification Payload Aug 26 13:22:43.480157: | notify data 00 00 36 03 Aug 26 13:22:43.480159: | emitting length of ISAKMP Notification Payload: 32 Aug 26 13:22:43.480184: | notification HASH(1): Aug 26 13:22:43.480187: | 70 9d 9d 25 9d bc 23 fd f8 41 d1 10 60 2f 6b d3 Aug 26 13:22:43.480188: | 8d fb a5 54 c0 ee 7f 25 8f b9 c7 b2 6a 3e 1a fd Aug 26 13:22:43.480198: | emitting 12 zero bytes of encryption padding into ISAKMP Message Aug 26 13:22:43.480200: | no IKEv1 message padding required Aug 26 13:22:43.480202: | emitting length of ISAKMP Message: 108 Aug 26 13:22:43.480213: | sending 108 bytes for ISAKMP notify through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Aug 26 13:22:43.480215: | ff 46 30 fd 82 4a 54 6b d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:43.480217: | 08 10 05 01 4d 11 a6 08 00 00 00 6c ee 88 26 09 Aug 26 13:22:43.480219: | 43 a8 8d 23 55 a9 08 19 9c 69 fb e6 a2 18 49 eb Aug 26 13:22:43.480220: | 96 a4 65 7f 66 27 9d f4 7f 2c 5c 93 87 4b e6 4a Aug 26 13:22:43.480222: | ba b5 43 81 eb 69 c5 6d 05 a3 54 04 43 3d 37 da Aug 26 13:22:43.480223: | be 07 d1 cc 6a 2d 15 c1 23 8f 0e b5 31 4a b1 d0 Aug 26 13:22:43.480225: | da f3 f5 a3 7a 18 ef 7b a8 13 58 b5 Aug 26 13:22:43.480274: | libevent_free: release ptr-libevent@0x5649f9ae01e8 Aug 26 13:22:43.480278: | free_event_entry: release EVENT_DPD-pe@0x5649f9ae2778 Aug 26 13:22:43.480284: | #7 spent 0.241 milliseconds in timer_event_cb() EVENT_DPD Aug 26 13:22:43.480287: | stop processing: state #7 connection "north-dpd/0x2" from 192.1.2.23 (in timer_event_cb() at timer.c:557) Aug 26 13:22:43.480843: | spent 0.00213 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:22:43.480857: | *received 108 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 13:22:43.480860: | ff 46 30 fd 82 4a 54 6b d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:43.480861: | 08 10 05 01 26 35 dc d2 00 00 00 6c 15 a2 65 54 Aug 26 13:22:43.480863: | 0f 6c ca 08 7b a0 cb 85 e1 31 ad 1f 66 19 8b ad Aug 26 13:22:43.480865: | bc 93 78 1a c9 63 a9 78 36 5b 0e 7e 08 83 0a 5a Aug 26 13:22:43.480866: | 10 da ff 89 d6 71 3d 40 72 6b 41 23 dc db ef cc Aug 26 13:22:43.480868: | ee 14 3f a9 0c ba e1 2a 66 3a 68 c2 b2 12 4f c4 Aug 26 13:22:43.480869: | 90 7a 29 38 2f 3e 3e d1 43 d1 a0 0b Aug 26 13:22:43.480872: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 13:22:43.480875: | **parse ISAKMP Message: Aug 26 13:22:43.480876: | initiator cookie: Aug 26 13:22:43.480878: | ff 46 30 fd 82 4a 54 6b Aug 26 13:22:43.480880: | responder cookie: Aug 26 13:22:43.480881: | d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:43.480883: | next payload type: ISAKMP_NEXT_HASH (0x8) Aug 26 13:22:43.480885: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 13:22:43.480887: | exchange type: ISAKMP_XCHG_INFO (0x5) Aug 26 13:22:43.480889: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 13:22:43.480890: | Message ID: 641064146 (0x2635dcd2) Aug 26 13:22:43.480892: | length: 108 (0x6c) Aug 26 13:22:43.480894: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_INFO (5) Aug 26 13:22:43.480900: | peer and cookies match on #7; msgid=00000000 st_msgid=6e4749b1 st_msgid_phase15=00000000 Aug 26 13:22:43.480902: | peer and cookies match on #6; msgid=00000000 st_msgid=550e82c8 st_msgid_phase15=00000000 Aug 26 13:22:43.480904: | peer and cookies match on #5; msgid=00000000 st_msgid=7d206b25 st_msgid_phase15=00000000 Aug 26 13:22:43.480906: | peer and cookies match on #4; msgid=00000000 st_msgid=17ff60cc st_msgid_phase15=00000000 Aug 26 13:22:43.480908: | peer and cookies match on #1; msgid=00000000 st_msgid=00000000 st_msgid_phase15=00000000 Aug 26 13:22:43.480910: | p15 state object #1 found, in STATE_MAIN_I4 Aug 26 13:22:43.480912: | State DB: found IKEv1 state #1 in MAIN_I4 (find_v1_info_state) Aug 26 13:22:43.480915: | start processing: state #1 connection "north-dpd/0x2" from 192.1.2.23 (in process_v1_packet() at ikev1.c:1479) Aug 26 13:22:43.480924: | #1 is idle Aug 26 13:22:43.480926: | #1 idle Aug 26 13:22:43.480929: | received encrypted packet from 192.1.2.23:500 Aug 26 13:22:43.480935: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x100 opt: 0x0 Aug 26 13:22:43.480938: | ***parse ISAKMP Hash Payload: Aug 26 13:22:43.480939: | next payload type: ISAKMP_NEXT_N (0xb) Aug 26 13:22:43.480941: | length: 36 (0x24) Aug 26 13:22:43.480943: | got payload 0x800 (ISAKMP_NEXT_N) needed: 0x0 opt: 0x0 Aug 26 13:22:43.480945: | ***parse ISAKMP Notification Payload: Aug 26 13:22:43.480947: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:43.480948: | length: 32 (0x20) Aug 26 13:22:43.480950: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 13:22:43.480952: | protocol ID: 1 (0x1) Aug 26 13:22:43.480953: | SPI size: 16 (0x10) Aug 26 13:22:43.480955: | Notify Message Type: R_U_THERE_ACK (0x8d29) Aug 26 13:22:43.480957: | removing 12 bytes of padding Aug 26 13:22:43.480969: | informational HASH(1): Aug 26 13:22:43.480971: | a0 80 65 42 4c 18 29 e8 c5 8d e0 03 92 59 45 db Aug 26 13:22:43.480973: | d2 14 c4 aa 3d 6e 59 ab d8 ca b6 d8 cf 48 8d cb Aug 26 13:22:43.480974: | received 'informational' message HASH(1) data ok Aug 26 13:22:43.480976: | info: ff 46 30 fd 82 4a 54 6b d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:43.480978: | info: 00 00 36 03 Aug 26 13:22:43.480981: | #1 spent 1.5 milliseconds Aug 26 13:22:43.480983: | processing informational R_U_THERE_ACK (36137) Aug 26 13:22:43.480985: | pstats ikev1_recv_notifies_e 36137 Aug 26 13:22:43.480987: | DPD: R_U_THERE_ACK, seqno received: 13827 expected: 13827 (state=#1) Aug 26 13:22:43.480989: | state #1 requesting EVENT_DPD_TIMEOUT-pe@0x5649f9ab9998 be deleted Aug 26 13:22:43.480992: | libevent_free: release ptr-libevent@0x5649f9ae5ee8 Aug 26 13:22:43.480994: | free_event_entry: release EVENT_DPD_TIMEOUT-pe@0x5649f9ab9998 Aug 26 13:22:43.480996: | complete v1 state transition with STF_IGNORE Aug 26 13:22:43.480999: | #1 spent 0.0184 milliseconds in process_packet_tail() Aug 26 13:22:43.481002: | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) Aug 26 13:22:43.481006: | stop processing: state #1 connection "north-dpd/0x2" from 192.1.2.23 (in process_md() at demux.c:382) Aug 26 13:22:43.481008: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:22:43.481010: | spent 0.16 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:22:43.765422: | spent 0.00282 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:22:43.765455: | *received 92 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 13:22:43.765473: | ff 46 30 fd 82 4a 54 6b d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:43.765475: | 08 10 05 01 46 a6 2d 33 00 00 00 5c ca 63 7f ff Aug 26 13:22:43.765477: | 54 f4 bd d0 e3 98 b0 9c 97 3b db c2 ec 02 7d 92 Aug 26 13:22:43.765478: | ac 10 e6 c4 30 ea f1 4d 23 a4 72 73 0a b0 13 cc Aug 26 13:22:43.765480: | f4 62 47 a1 af 35 7b 3d bc 2f f4 c7 1c da 2b 06 Aug 26 13:22:43.765481: | 19 f0 18 db cd 14 c5 cd f8 1e 70 16 Aug 26 13:22:43.765488: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 13:22:43.765499: | **parse ISAKMP Message: Aug 26 13:22:43.765503: | initiator cookie: Aug 26 13:22:43.765518: | ff 46 30 fd 82 4a 54 6b Aug 26 13:22:43.765521: | responder cookie: Aug 26 13:22:43.765524: | d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:43.765527: | next payload type: ISAKMP_NEXT_HASH (0x8) Aug 26 13:22:43.765531: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 13:22:43.765534: | exchange type: ISAKMP_XCHG_INFO (0x5) Aug 26 13:22:43.765537: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 13:22:43.765541: | Message ID: 1185295667 (0x46a62d33) Aug 26 13:22:43.765544: | length: 92 (0x5c) Aug 26 13:22:43.765547: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_INFO (5) Aug 26 13:22:43.765551: | peer and cookies match on #7; msgid=00000000 st_msgid=6e4749b1 st_msgid_phase15=00000000 Aug 26 13:22:43.765553: | peer and cookies match on #6; msgid=00000000 st_msgid=550e82c8 st_msgid_phase15=00000000 Aug 26 13:22:43.765555: | peer and cookies match on #5; msgid=00000000 st_msgid=7d206b25 st_msgid_phase15=00000000 Aug 26 13:22:43.765557: | peer and cookies match on #4; msgid=00000000 st_msgid=17ff60cc st_msgid_phase15=00000000 Aug 26 13:22:43.765559: | peer and cookies match on #1; msgid=00000000 st_msgid=00000000 st_msgid_phase15=00000000 Aug 26 13:22:43.765561: | p15 state object #1 found, in STATE_MAIN_I4 Aug 26 13:22:43.765563: | State DB: found IKEv1 state #1 in MAIN_I4 (find_v1_info_state) Aug 26 13:22:43.765566: | start processing: state #1 connection "north-dpd/0x2" from 192.1.2.23 (in process_v1_packet() at ikev1.c:1479) Aug 26 13:22:43.765578: | #1 is idle Aug 26 13:22:43.765580: | #1 idle Aug 26 13:22:43.765583: | received encrypted packet from 192.1.2.23:500 Aug 26 13:22:43.765591: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x100 opt: 0x0 Aug 26 13:22:43.765593: | ***parse ISAKMP Hash Payload: Aug 26 13:22:43.765595: | next payload type: ISAKMP_NEXT_D (0xc) Aug 26 13:22:43.765597: | length: 36 (0x24) Aug 26 13:22:43.765598: | got payload 0x1000 (ISAKMP_NEXT_D) needed: 0x0 opt: 0x0 Aug 26 13:22:43.765600: | ***parse ISAKMP Delete Payload: Aug 26 13:22:43.765602: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:43.765604: | length: 16 (0x10) Aug 26 13:22:43.765605: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 13:22:43.765607: | protocol ID: 3 (0x3) Aug 26 13:22:43.765608: | SPI size: 4 (0x4) Aug 26 13:22:43.765610: | number of SPIs: 1 (0x1) Aug 26 13:22:43.765612: | removing 12 bytes of padding Aug 26 13:22:43.765624: | informational HASH(1): Aug 26 13:22:43.765626: | f5 6f d6 b0 59 7e e1 99 41 03 36 06 57 02 86 46 Aug 26 13:22:43.765628: | b7 82 5d 46 9a d0 68 68 f6 35 78 ff e8 43 66 e3 Aug 26 13:22:43.765630: | received 'informational' message HASH(1) data ok Aug 26 13:22:43.765632: | parsing 4 raw bytes of ISAKMP Delete Payload into SPI Aug 26 13:22:43.765634: | SPI d3 e2 1e 6a Aug 26 13:22:43.765635: | FOR_EACH_STATE_... in find_phase2_state_to_delete Aug 26 13:22:43.765639: | start processing: connection "north-dpd/0x2" (BACKGROUND) (in accept_delete() at ikev1_main.c:2515) Aug 26 13:22:43.765641: "north-dpd/0x2" #1: received Delete SA payload: replace IPsec State #7 now Aug 26 13:22:43.765643: | state #7 requesting EVENT_SA_REPLACE to be deleted Aug 26 13:22:43.765646: | libevent_free: release ptr-libevent@0x7f83a8005df8 Aug 26 13:22:43.765648: | free_event_entry: release EVENT_SA_REPLACE-pe@0x5649f9a4e1b8 Aug 26 13:22:43.765650: | event_schedule: new EVENT_SA_REPLACE-pe@0x5649f9a4e1b8 Aug 26 13:22:43.765652: | inserting event EVENT_SA_REPLACE, timeout in 0 seconds for #7 Aug 26 13:22:43.765655: | libevent_malloc: new ptr-libevent@0x5649f9adc998 size 128 Aug 26 13:22:43.765658: | stop processing: connection "north-dpd/0x2" (BACKGROUND) (in accept_delete() at ikev1_main.c:2559) Aug 26 13:22:43.765659: | del: Aug 26 13:22:43.765662: | complete v1 state transition with STF_IGNORE Aug 26 13:22:43.765667: | #1 spent 0.00322 milliseconds in process_packet_tail() Aug 26 13:22:43.765672: | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) Aug 26 13:22:43.765675: | stop processing: state #1 connection "north-dpd/0x2" from 192.1.2.23 (in process_md() at demux.c:382) Aug 26 13:22:43.765677: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:22:43.765679: | spent 0.233 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:22:43.765685: | timer_event_cb: processing event@0x5649f9a4e1b8 Aug 26 13:22:43.765687: | handling event EVENT_SA_REPLACE for child state #7 Aug 26 13:22:43.765690: | start processing: state #7 connection "north-dpd/0x2" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 13:22:43.765692: | picked newest_ipsec_sa #7 for #7 Aug 26 13:22:43.765694: | replacing stale IPsec SA Aug 26 13:22:43.765697: | dup_any(fd@-1) -> fd@-1 (in ipsecdoi_replace() at ipsec_doi.c:351) Aug 26 13:22:43.765698: | FOR_EACH_STATE_... in find_phase1_state Aug 26 13:22:43.765702: | creating state object #8 at 0x5649f9ad8fb8 Aug 26 13:22:43.765704: | State DB: adding IKEv1 state #8 in UNDEFINED Aug 26 13:22:43.765711: | pstats #8 ikev1.ipsec started Aug 26 13:22:43.765713: | duplicating state object #1 "north-dpd/0x2" as #8 for IPSEC SA Aug 26 13:22:43.765716: | #8 setting local endpoint to 192.1.3.33:500 from #1.st_localport (in duplicate_state() at state.c:1484) Aug 26 13:22:43.765723: | suspend processing: state #7 connection "north-dpd/0x2" from 192.1.2.23 (in quick_outI1() at ikev1_quick.c:685) Aug 26 13:22:43.765726: | start processing: state #8 connection "north-dpd/0x2" from 192.1.2.23 (in quick_outI1() at ikev1_quick.c:685) Aug 26 13:22:43.765730: | child state #8: UNDEFINED(ignore) => QUICK_I1(established CHILD SA) Aug 26 13:22:43.765734: "north-dpd/0x2" #8: initiating Quick Mode RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO to replace #7 {using isakmp#1 msgid:9b6374a6 proposal=defaults pfsgroup=MODP2048} Aug 26 13:22:43.765737: | adding quick_outI1 KE work-order 15 for state #8 Aug 26 13:22:43.765739: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x5649f9ab9998 Aug 26 13:22:43.765741: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #8 Aug 26 13:22:43.765743: | libevent_malloc: new ptr-libevent@0x5649f9aca388 size 128 Aug 26 13:22:43.765751: | stop processing: state #8 connection "north-dpd/0x2" from 192.1.2.23 (in quick_outI1() at ikev1_quick.c:764) Aug 26 13:22:43.765754: | resume processing: state #7 connection "north-dpd/0x2" from 192.1.2.23 (in quick_outI1() at ikev1_quick.c:764) Aug 26 13:22:43.765756: | state #7 requesting EVENT_DPD-pe@0x5649f9ac6cd8 be deleted Aug 26 13:22:43.765758: | libevent_free: release ptr-libevent@0x5649f9ac8a08 Aug 26 13:22:43.765760: | free_event_entry: release EVENT_DPD-pe@0x5649f9ac6cd8 Aug 26 13:22:43.765762: | event_schedule: new EVENT_SA_EXPIRE-pe@0x5649f9ac6cd8 Aug 26 13:22:43.765764: | inserting event EVENT_SA_EXPIRE, timeout in 0 seconds for #7 Aug 26 13:22:43.765766: | libevent_malloc: new ptr-libevent@0x5649f9ac8a08 size 128 Aug 26 13:22:43.765767: | libevent_free: release ptr-libevent@0x5649f9adc998 Aug 26 13:22:43.765769: | free_event_entry: release EVENT_SA_REPLACE-pe@0x5649f9a4e1b8 Aug 26 13:22:43.765772: | #7 spent 0.0868 milliseconds in timer_event_cb() EVENT_SA_REPLACE Aug 26 13:22:43.765775: | stop processing: state #7 connection "north-dpd/0x2" from 192.1.2.23 (in timer_event_cb() at timer.c:557) Aug 26 13:22:43.765778: | timer_event_cb: processing event@0x5649f9ac6cd8 Aug 26 13:22:43.765780: | handling event EVENT_SA_EXPIRE for child state #7 Aug 26 13:22:43.765782: | start processing: state #7 connection "north-dpd/0x2" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 13:22:43.765785: | picked newest_ipsec_sa #7 for #7 Aug 26 13:22:43.765786: | un-established partial CHILD SA timeout (SA expired) Aug 26 13:22:43.765788: | pstats #7 ikev1.ipsec re-failed exchange-timeout Aug 26 13:22:43.765790: | pstats #7 ikev1.ipsec deleted completed Aug 26 13:22:43.765792: | [RE]START processing: state #7 connection "north-dpd/0x2" from 192.1.2.23 (in delete_state() at state.c:879) Aug 26 13:22:43.765793: | crypto helper 0 resuming Aug 26 13:22:43.765796: "north-dpd/0x2" #7: deleting state (STATE_QUICK_I2) aged 12.301s and sending notification Aug 26 13:22:43.765806: | crypto helper 0 starting work-order 15 for state #8 Aug 26 13:22:43.765807: | child state #7: QUICK_I2(established CHILD SA) => delete Aug 26 13:22:43.765810: | crypto helper 0 doing build KE and nonce (quick_outI1 KE); request ID 15 Aug 26 13:22:43.765811: | get_sa_info esp.d3e21e6a@192.1.2.23 Aug 26 13:22:43.765823: | get_sa_info esp.893ef52c@192.1.3.33 Aug 26 13:22:43.765829: "north-dpd/0x2" #7: ESP traffic information: in=0B out=84B Aug 26 13:22:43.765831: | #7 send IKEv1 delete notification for STATE_QUICK_I2 Aug 26 13:22:43.765833: | FOR_EACH_STATE_... in find_phase1_state Aug 26 13:22:43.765836: | **emit ISAKMP Message: Aug 26 13:22:43.765838: | initiator cookie: Aug 26 13:22:43.765839: | ff 46 30 fd 82 4a 54 6b Aug 26 13:22:43.765841: | responder cookie: Aug 26 13:22:43.765842: | d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:43.765844: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:43.765846: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 13:22:43.765848: | exchange type: ISAKMP_XCHG_INFO (0x5) Aug 26 13:22:43.765849: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 13:22:43.765851: | Message ID: 4259139447 (0xfddd4f77) Aug 26 13:22:43.765853: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:22:43.765855: | ***emit ISAKMP Hash Payload: Aug 26 13:22:43.765857: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:43.765859: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Aug 26 13:22:43.765861: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'delete msg' Aug 26 13:22:43.765863: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Aug 26 13:22:43.765864: | emitting length of ISAKMP Hash Payload: 36 Aug 26 13:22:43.765866: | ***emit ISAKMP Delete Payload: Aug 26 13:22:43.765868: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:43.765869: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 13:22:43.765871: | protocol ID: 3 (0x3) Aug 26 13:22:43.765872: | SPI size: 4 (0x4) Aug 26 13:22:43.765874: | number of SPIs: 1 (0x1) Aug 26 13:22:43.765876: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Delete Payload (12:ISAKMP_NEXT_D) Aug 26 13:22:43.765878: | next payload chain: saving location 'ISAKMP Delete Payload'.'next payload type' in 'delete msg' Aug 26 13:22:43.765880: | emitting 4 raw bytes of delete payload into ISAKMP Delete Payload Aug 26 13:22:43.765881: | delete payload 89 3e f5 2c Aug 26 13:22:43.765883: | emitting length of ISAKMP Delete Payload: 16 Aug 26 13:22:43.765895: | send delete HASH(1): Aug 26 13:22:43.765898: | dd da 85 15 c6 ba a0 22 fa d1 40 b9 05 02 9c 25 Aug 26 13:22:43.765899: | a7 6f 2c 2d 7d d7 05 ef f7 88 06 68 84 58 12 44 Aug 26 13:22:43.765904: | emitting 12 zero bytes of encryption padding into ISAKMP Message Aug 26 13:22:43.765906: | no IKEv1 message padding required Aug 26 13:22:43.765907: | emitting length of ISAKMP Message: 92 Aug 26 13:22:43.765918: | sending 92 bytes for delete notify through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Aug 26 13:22:43.765920: | ff 46 30 fd 82 4a 54 6b d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:43.765921: | 08 10 05 01 fd dd 4f 77 00 00 00 5c 3b 40 eb 2e Aug 26 13:22:43.765923: | 6a ba 1f 39 ff dd 6e 49 71 7b d1 5b 04 0b 5a 3c Aug 26 13:22:43.765924: | 1e a9 b5 bf ce ab 28 ea 5f b7 66 08 b5 3b 7d c0 Aug 26 13:22:43.765926: | 68 9c ce fb a3 a3 05 52 1b ac b0 d4 db 9b e9 72 Aug 26 13:22:43.765927: | 6c a2 fa f1 01 c4 3d 1a ba f8 9e 62 Aug 26 13:22:43.765997: | running updown command "ipsec _updown" for verb down Aug 26 13:22:43.766001: | command executing down-client Aug 26 13:22:43.766044: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:22:43.766053: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:22:43.766067: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-dpd/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566825751' PLUTO_CONN_POL Aug 26 13:22:43.766069: | popen cmd is 1411 chars long Aug 26 13:22:43.766071: | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-dpd/0x2' PL: Aug 26 13:22:43.766073: | cmd( 80):UTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY: Aug 26 13:22:43.766075: | cmd( 160):_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.test: Aug 26 13:22:43.766076: | cmd( 240):ing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.: Aug 26 13:22:43.766078: | cmd( 320):0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO: Aug 26 13:22:43.766080: | cmd( 400):_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PL: Aug 26 13:22:43.766081: | cmd( 480):UTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, O: Aug 26 13:22:43.766083: | cmd( 560):U=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.: Aug 26 13:22:43.766085: | cmd( 640):org' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' PLUTO_: Aug 26 13:22:43.766086: | cmd( 720):PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLU: Aug 26 13:22:43.766088: | cmd( 800):TO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Lib: Aug 26 13:22:43.766090: | cmd( 880):reswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_A: Aug 26 13:22:43.766091: | cmd( 960):DDTIME='1566825751' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+: Aug 26 13:22:43.766093: | cmd(1040):SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADD: Aug 26 13:22:43.766095: | cmd(1120):RFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLU: Aug 26 13:22:43.766096: | cmd(1200):TO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIEN: Aug 26 13:22:43.766098: | cmd(1280):T='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_: Aug 26 13:22:43.766100: | cmd(1360):IN=0xd3e21e6a SPI_OUT=0x893ef52c ipsec _updown 2>&1: Aug 26 13:22:43.766557: | crypto helper 0 finished build KE and nonce (quick_outI1 KE); request ID 15 time elapsed 0.000746 seconds Aug 26 13:22:43.766572: | (#8) spent 0.709 milliseconds in crypto helper computing work-order 15: quick_outI1 KE (pcr) Aug 26 13:22:43.766575: | crypto helper 0 sending results from work-order 15 for state #8 to event queue Aug 26 13:22:43.766577: | scheduling resume sending helper answer for #8 Aug 26 13:22:43.766579: | libevent_malloc: new ptr-libevent@0x7f83c00072f8 size 128 Aug 26 13:22:43.766592: | crypto helper 0 waiting (nothing to do) Aug 26 13:22:43.774373: | shunt_eroute() called for connection 'north-dpd/0x2' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 0--0->-0 Aug 26 13:22:43.774384: | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 Aug 26 13:22:43.774388: | priority calculation of connection "north-dpd/0x2" is 0xfe7e7 Aug 26 13:22:43.774394: | IPsec Sa SPD priority set to 1042407 Aug 26 13:22:43.774434: | delete esp.d3e21e6a@192.1.2.23 Aug 26 13:22:43.774449: | netlink response for Del SA esp.d3e21e6a@192.1.2.23 included non-error error Aug 26 13:22:43.774453: | priority calculation of connection "north-dpd/0x2" is 0xfe7e7 Aug 26 13:22:43.774459: | delete inbound eroute 192.0.22.0/24:0 --0-> 192.0.3.0/24:0 => unk255.10000@192.1.3.33 (raw_eroute) Aug 26 13:22:43.774504: | raw_eroute result=success Aug 26 13:22:43.774509: | delete esp.893ef52c@192.1.3.33 Aug 26 13:22:43.774521: | netlink response for Del SA esp.893ef52c@192.1.3.33 included non-error error Aug 26 13:22:43.774531: | in connection_discard for connection north-dpd/0x2 Aug 26 13:22:43.774535: | State DB: deleting IKEv1 state #7 in QUICK_I2 Aug 26 13:22:43.774541: | child state #7: QUICK_I2(established CHILD SA) => UNDEFINED(ignore) Aug 26 13:22:43.774584: | stop processing: state #7 from 192.1.2.23 (in delete_state() at state.c:1143) Aug 26 13:22:43.774609: | libevent_free: release ptr-libevent@0x5649f9ac8a08 Aug 26 13:22:43.774613: | free_event_entry: release EVENT_SA_EXPIRE-pe@0x5649f9ac6cd8 Aug 26 13:22:43.774617: | in statetime_stop() and could not find #7 Aug 26 13:22:43.774619: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Aug 26 13:22:43.774636: | processing resume sending helper answer for #8 Aug 26 13:22:43.774641: | start processing: state #8 connection "north-dpd/0x2" from 192.1.2.23 (in resume_handler() at server.c:797) Aug 26 13:22:43.774646: | crypto helper 0 replies to request ID 15 Aug 26 13:22:43.774649: | calling continuation function 0x5649f7dc5b50 Aug 26 13:22:43.774652: | quick_outI1_continue for #8: calculated ke+nonce, sending I1 Aug 26 13:22:43.774675: | **emit ISAKMP Message: Aug 26 13:22:43.774678: | initiator cookie: Aug 26 13:22:43.774680: | ff 46 30 fd 82 4a 54 6b Aug 26 13:22:43.774683: | responder cookie: Aug 26 13:22:43.774685: | d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:43.774688: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:43.774690: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 13:22:43.774693: | exchange type: ISAKMP_XCHG_QUICK (0x20) Aug 26 13:22:43.774697: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 13:22:43.774700: | Message ID: 2606986406 (0x9b6374a6) Aug 26 13:22:43.774703: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:22:43.774706: | ***emit ISAKMP Hash Payload: Aug 26 13:22:43.774709: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:43.774712: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Aug 26 13:22:43.774715: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'reply packet' Aug 26 13:22:43.774734: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Aug 26 13:22:43.774736: | emitting length of ISAKMP Hash Payload: 36 Aug 26 13:22:43.774739: | emitting quick defaults using policy none Aug 26 13:22:43.774742: | empty esp_info, returning defaults for ENCRYPT Aug 26 13:22:43.774748: | ***emit ISAKMP Security Association Payload: Aug 26 13:22:43.774751: | next payload type: ISAKMP_NEXT_NONCE (0xa) Aug 26 13:22:43.774754: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 13:22:43.774758: | next payload chain: ignoring supplied 'ISAKMP Security Association Payload'.'next payload type' value 10:ISAKMP_NEXT_NONCE Aug 26 13:22:43.774761: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Security Association Payload (1:ISAKMP_NEXT_SA) Aug 26 13:22:43.774777: | next payload chain: saving location 'ISAKMP Security Association Payload'.'next payload type' in 'reply packet' Aug 26 13:22:43.774784: | ****emit IPsec DOI SIT: Aug 26 13:22:43.774800: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) Aug 26 13:22:43.774803: | ikev1_out_sa pcn: 0 has 1 valid proposals Aug 26 13:22:43.774807: | ikev1_out_sa pcn: 0 pn: 0<1 valid_count: 1 trans_cnt: 2 Aug 26 13:22:43.774809: | ****emit ISAKMP Proposal Payload: Aug 26 13:22:43.774812: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:43.774815: | proposal number: 0 (0x0) Aug 26 13:22:43.774818: | protocol ID: PROTO_IPSEC_ESP (0x3) Aug 26 13:22:43.774820: | SPI size: 4 (0x4) Aug 26 13:22:43.774823: | number of transforms: 2 (0x2) Aug 26 13:22:43.774839: | last substructure: saving location 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' Aug 26 13:22:43.774853: | netlink_get_spi: allocated 0xd6b69ee1 for esp.0@192.1.3.33 Aug 26 13:22:43.774856: | emitting 4 raw bytes of SPI into ISAKMP Proposal Payload Aug 26 13:22:43.774859: | SPI d6 b6 9e e1 Aug 26 13:22:43.774862: | *****emit ISAKMP Transform Payload (ESP): Aug 26 13:22:43.774865: | next payload type: ISAKMP_NEXT_T (0x3) Aug 26 13:22:43.774867: | ESP transform number: 0 (0x0) Aug 26 13:22:43.774870: | ESP transform ID: ESP_AES (0xc) Aug 26 13:22:43.774873: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' Aug 26 13:22:43.774876: | ******emit ISAKMP IPsec DOI attribute: Aug 26 13:22:43.774879: | af+type: AF+GROUP_DESCRIPTION (0x8003) Aug 26 13:22:43.774882: | length/value: 14 (0xe) Aug 26 13:22:43.774885: | [14 is OAKLEY_GROUP_MODP2048] Aug 26 13:22:43.774888: | ******emit ISAKMP IPsec DOI attribute: Aug 26 13:22:43.774891: | af+type: AF+ENCAPSULATION_MODE (0x8004) Aug 26 13:22:43.774894: | length/value: 1 (0x1) Aug 26 13:22:43.774897: | [1 is ENCAPSULATION_MODE_TUNNEL] Aug 26 13:22:43.774899: | ******emit ISAKMP IPsec DOI attribute: Aug 26 13:22:43.774902: | af+type: AF+SA_LIFE_TYPE (0x8001) Aug 26 13:22:43.774905: | length/value: 1 (0x1) Aug 26 13:22:43.774907: | [1 is SA_LIFE_TYPE_SECONDS] Aug 26 13:22:43.774910: | ******emit ISAKMP IPsec DOI attribute: Aug 26 13:22:43.774912: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) Aug 26 13:22:43.774915: | length/value: 28800 (0x7080) Aug 26 13:22:43.774918: | ******emit ISAKMP IPsec DOI attribute: Aug 26 13:22:43.774921: | af+type: AF+AUTH_ALGORITHM (0x8005) Aug 26 13:22:43.774923: | length/value: 2 (0x2) Aug 26 13:22:43.774926: | [2 is AUTH_ALGORITHM_HMAC_SHA1] Aug 26 13:22:43.774929: | ******emit ISAKMP IPsec DOI attribute: Aug 26 13:22:43.774931: | af+type: AF+KEY_LENGTH (0x8006) Aug 26 13:22:43.774934: | length/value: 128 (0x80) Aug 26 13:22:43.774937: | emitting length of ISAKMP Transform Payload (ESP): 32 Aug 26 13:22:43.774940: | *****emit ISAKMP Transform Payload (ESP): Aug 26 13:22:43.774942: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:43.774945: | ESP transform number: 1 (0x1) Aug 26 13:22:43.774948: | ESP transform ID: ESP_3DES (0x3) Aug 26 13:22:43.774951: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Aug 26 13:22:43.774954: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' Aug 26 13:22:43.774957: | ******emit ISAKMP IPsec DOI attribute: Aug 26 13:22:43.774960: | af+type: AF+GROUP_DESCRIPTION (0x8003) Aug 26 13:22:43.774963: | length/value: 14 (0xe) Aug 26 13:22:43.774965: | [14 is OAKLEY_GROUP_MODP2048] Aug 26 13:22:43.774968: | ******emit ISAKMP IPsec DOI attribute: Aug 26 13:22:43.774971: | af+type: AF+ENCAPSULATION_MODE (0x8004) Aug 26 13:22:43.774973: | length/value: 1 (0x1) Aug 26 13:22:43.774976: | [1 is ENCAPSULATION_MODE_TUNNEL] Aug 26 13:22:43.774979: | ******emit ISAKMP IPsec DOI attribute: Aug 26 13:22:43.774982: | af+type: AF+SA_LIFE_TYPE (0x8001) Aug 26 13:22:43.774984: | length/value: 1 (0x1) Aug 26 13:22:43.774989: | [1 is SA_LIFE_TYPE_SECONDS] Aug 26 13:22:43.774991: | ******emit ISAKMP IPsec DOI attribute: Aug 26 13:22:43.774994: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) Aug 26 13:22:43.774996: | length/value: 28800 (0x7080) Aug 26 13:22:43.774999: | ******emit ISAKMP IPsec DOI attribute: Aug 26 13:22:43.775002: | af+type: AF+AUTH_ALGORITHM (0x8005) Aug 26 13:22:43.775004: | length/value: 2 (0x2) Aug 26 13:22:43.775006: | [2 is AUTH_ALGORITHM_HMAC_SHA1] Aug 26 13:22:43.775009: | emitting length of ISAKMP Transform Payload (ESP): 28 Aug 26 13:22:43.775012: | emitting length of ISAKMP Proposal Payload: 72 Aug 26 13:22:43.775015: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' is 0 Aug 26 13:22:43.775018: | emitting length of ISAKMP Security Association Payload: 84 Aug 26 13:22:43.775021: | last substructure: checking 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' is 0 Aug 26 13:22:43.775026: | ***emit ISAKMP Nonce Payload: Aug 26 13:22:43.775029: | next payload type: ISAKMP_NEXT_KE (0x4) Aug 26 13:22:43.775032: | next payload chain: ignoring supplied 'ISAKMP Nonce Payload'.'next payload type' value 4:ISAKMP_NEXT_KE Aug 26 13:22:43.775035: | next payload chain: setting previous 'ISAKMP Security Association Payload'.'next payload type' to current ISAKMP Nonce Payload (10:ISAKMP_NEXT_NONCE) Aug 26 13:22:43.775038: | next payload chain: saving location 'ISAKMP Nonce Payload'.'next payload type' in 'reply packet' Aug 26 13:22:43.775041: | emitting 32 raw bytes of Ni into ISAKMP Nonce Payload Aug 26 13:22:43.775044: | Ni 11 4c 0a 55 0c 0b 76 eb 2d bf 9a 55 ef 2d 99 b0 Aug 26 13:22:43.775047: | Ni d6 e2 01 3b 68 67 d9 39 60 f7 84 3f b6 2a 4e be Aug 26 13:22:43.775049: | emitting length of ISAKMP Nonce Payload: 36 Aug 26 13:22:43.775053: | ***emit ISAKMP Key Exchange Payload: Aug 26 13:22:43.775055: | next payload type: ISAKMP_NEXT_ID (0x5) Aug 26 13:22:43.775058: | next payload chain: ignoring supplied 'ISAKMP Key Exchange Payload'.'next payload type' value 5:ISAKMP_NEXT_ID Aug 26 13:22:43.775062: | next payload chain: setting previous 'ISAKMP Nonce Payload'.'next payload type' to current ISAKMP Key Exchange Payload (4:ISAKMP_NEXT_KE) Aug 26 13:22:43.775064: | next payload chain: saving location 'ISAKMP Key Exchange Payload'.'next payload type' in 'reply packet' Aug 26 13:22:43.775067: | emitting 256 raw bytes of keyex value into ISAKMP Key Exchange Payload Aug 26 13:22:43.775070: | keyex value f5 08 a5 e3 eb b1 96 48 2f 5b 0a dc bd 44 78 86 Aug 26 13:22:43.775072: | keyex value bd 67 aa 30 aa 28 71 7a f4 72 8d e9 c0 51 a7 c6 Aug 26 13:22:43.775075: | keyex value b9 83 4a 02 c5 9b cd bb 66 a3 b2 69 7c 11 d7 ac Aug 26 13:22:43.775077: | keyex value 26 83 d5 3a 77 e2 f6 5d 72 e9 38 aa af af 0d 37 Aug 26 13:22:43.775079: | keyex value eb 11 f8 36 f6 e3 f7 c6 2e bf da b6 5c d6 15 fd Aug 26 13:22:43.775082: | keyex value 1b 56 1f 22 11 b0 56 e1 81 aa ae 5b 65 ff 61 16 Aug 26 13:22:43.775084: | keyex value c6 40 b9 eb 56 43 37 ed bd 54 60 ad a8 fe 9f 7d Aug 26 13:22:43.775086: | keyex value 8e ed 3e 91 55 e7 40 0f 0f 64 5e fb 0e fe 93 d5 Aug 26 13:22:43.775089: | keyex value 2c 21 e1 97 39 6c cb 01 28 8c d9 05 80 d4 3c 5f Aug 26 13:22:43.775092: | keyex value 3a 55 c2 d6 52 98 2b cf c3 a1 d9 8a fc b5 a4 02 Aug 26 13:22:43.775094: | keyex value 18 8a 3a 36 7f 15 3c 09 9b 69 67 c5 7d 49 a7 c8 Aug 26 13:22:43.775097: | keyex value c5 ff 98 6d 14 5c 25 c3 f9 6d 39 a0 70 fb 02 35 Aug 26 13:22:43.775099: | keyex value 62 cf de 91 5a 8a 2f 73 25 5b 3b 9d de 9c e8 e3 Aug 26 13:22:43.775102: | keyex value d3 eb 4b 68 1d ca 2f 96 42 76 94 ca 7b 05 03 bd Aug 26 13:22:43.775104: | keyex value 9e d8 ac c7 3b 7f bb 50 62 9f 9c 07 4a 13 52 f4 Aug 26 13:22:43.775106: | keyex value f7 40 1f b7 df 83 3f 86 34 0a 26 20 8d 44 7f be Aug 26 13:22:43.775109: | emitting length of ISAKMP Key Exchange Payload: 260 Aug 26 13:22:43.775114: | ***emit ISAKMP Identification Payload (IPsec DOI): Aug 26 13:22:43.775117: | next payload type: ISAKMP_NEXT_ID (0x5) Aug 26 13:22:43.775120: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Aug 26 13:22:43.775122: | Protocol ID: 0 (0x0) Aug 26 13:22:43.775125: | port: 0 (0x0) Aug 26 13:22:43.775141: | next payload chain: ignoring supplied 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' value 5:ISAKMP_NEXT_ID Aug 26 13:22:43.775144: | next payload chain: setting previous 'ISAKMP Key Exchange Payload'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) Aug 26 13:22:43.775148: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' Aug 26 13:22:43.775151: | emitting 4 raw bytes of client network into ISAKMP Identification Payload (IPsec DOI) Aug 26 13:22:43.775154: | client network c0 00 03 00 Aug 26 13:22:43.775157: | emitting 4 raw bytes of client mask into ISAKMP Identification Payload (IPsec DOI) Aug 26 13:22:43.775160: | client mask ff ff ff 00 Aug 26 13:22:43.775163: | emitting length of ISAKMP Identification Payload (IPsec DOI): 16 Aug 26 13:22:43.775166: | ***emit ISAKMP Identification Payload (IPsec DOI): Aug 26 13:22:43.775169: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:43.775172: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Aug 26 13:22:43.775174: | Protocol ID: 0 (0x0) Aug 26 13:22:43.775177: | port: 0 (0x0) Aug 26 13:22:43.775181: | next payload chain: setting previous 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) Aug 26 13:22:43.775184: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' Aug 26 13:22:43.775187: | emitting 4 raw bytes of client network into ISAKMP Identification Payload (IPsec DOI) Aug 26 13:22:43.775190: | client network c0 00 16 00 Aug 26 13:22:43.775193: | emitting 4 raw bytes of client mask into ISAKMP Identification Payload (IPsec DOI) Aug 26 13:22:43.775196: | client mask ff ff ff 00 Aug 26 13:22:43.775199: | emitting length of ISAKMP Identification Payload (IPsec DOI): 16 Aug 26 13:22:43.775227: | outI1 HASH(1): Aug 26 13:22:43.775231: | 23 05 6f 3b 5e 58 19 5b e2 f4 c3 8c 7f cb 78 95 Aug 26 13:22:43.775233: | 55 90 4a f3 c4 30 23 9b 00 7f 3c 73 1f 5e 5d c8 Aug 26 13:22:43.775244: | no IKEv1 message padding required Aug 26 13:22:43.775248: | emitting length of ISAKMP Message: 476 Aug 26 13:22:43.775271: | sending 476 bytes for reply packet from quick_outI1 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #8) Aug 26 13:22:43.775274: | ff 46 30 fd 82 4a 54 6b d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:43.775277: | 08 10 20 01 9b 63 74 a6 00 00 01 dc 40 f2 08 a6 Aug 26 13:22:43.775280: | 43 21 0c b6 63 0a 06 d1 7c b6 63 16 02 d8 e5 a3 Aug 26 13:22:43.775283: | 5c 9f 55 77 28 24 d8 4a fa e6 62 df c8 35 06 07 Aug 26 13:22:43.775285: | df c0 3d ac 53 19 7b 53 b3 18 f8 65 ad 98 18 70 Aug 26 13:22:43.775292: | 4f a2 dd e6 5b dd 4b 52 e1 3b a7 ab e2 f2 ab fd Aug 26 13:22:43.775297: | 50 8f 81 64 b2 5f f3 26 d0 7b cd 93 f5 c0 63 c2 Aug 26 13:22:43.775300: | 26 c9 22 1e 84 76 6c 1c 09 9b 97 26 67 10 a4 a9 Aug 26 13:22:43.775302: | 6e 15 40 54 41 6e 12 9d 79 b9 41 bf e5 78 6e ab Aug 26 13:22:43.775304: | 32 25 4c 66 6c f1 c1 ea 8f 2c 3a 50 4c 26 43 fa Aug 26 13:22:43.775307: | 12 87 0f a8 8d a3 93 06 c9 26 a4 11 52 9d 96 44 Aug 26 13:22:43.775310: | b1 14 96 7c 5a 6c 4c c1 fd 42 19 49 0b 4a ac 06 Aug 26 13:22:43.775312: | 77 36 56 f3 9c fb 7e f2 85 5b 2f bc f6 da 3e a5 Aug 26 13:22:43.775315: | e1 dc 1b 4e 7e 8f 91 ed db fd a3 48 d0 79 88 72 Aug 26 13:22:43.775330: | da 3f 9b 2c 7c 98 a6 4b 6d e6 3e 7e 26 fe 87 7d Aug 26 13:22:43.775333: | 04 1c 28 f8 ec eb f0 9c 69 b2 6d 41 5b 4d f0 97 Aug 26 13:22:43.775335: | 75 59 4e e2 9a ce 61 a6 bd c6 d8 e1 15 b7 fb b0 Aug 26 13:22:43.775338: | a3 0f 7c 3f b6 97 bd 15 52 c4 d2 a4 d3 c7 7f 60 Aug 26 13:22:43.775342: | 44 7b 7d 89 0b e1 91 e9 06 47 68 a4 43 32 fd e7 Aug 26 13:22:43.775345: | fc 98 1b 25 9c 22 b2 2b 78 ef d2 fa 8c 25 46 cc Aug 26 13:22:43.775347: | 34 db cc 1e 5d b1 cd 02 63 46 9d f1 cf 7e 43 11 Aug 26 13:22:43.775350: | c6 f6 8e 6f f8 d5 59 b7 1a 42 8e 80 e2 89 46 b0 Aug 26 13:22:43.775352: | e8 7f 65 6b 36 48 1f 02 e7 66 08 c7 25 0f 5e 73 Aug 26 13:22:43.775355: | 06 78 d3 2f d6 4f 5c 2e 97 67 af ba 04 17 af a8 Aug 26 13:22:43.775357: | 8a 73 93 70 1c 73 f7 1a e3 73 c6 cb 42 b3 49 80 Aug 26 13:22:43.775360: | cc f9 c8 86 78 88 42 e3 23 82 90 31 1f 6a 42 47 Aug 26 13:22:43.775363: | 28 40 d3 5c f3 57 c3 01 d8 f4 16 d5 6e 8b d1 c7 Aug 26 13:22:43.775365: | ff 11 6e 77 b6 69 51 f4 7a ed 39 41 e4 5c f2 eb Aug 26 13:22:43.775368: | 19 fb 72 2f b7 3d fc ba 41 00 32 62 10 73 70 2a Aug 26 13:22:43.775370: | b2 82 da 8f 96 d6 e0 e7 6c 7b c0 64 Aug 26 13:22:43.775397: | state #8 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:22:43.775401: | libevent_free: release ptr-libevent@0x5649f9aca388 Aug 26 13:22:43.775406: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x5649f9ab9998 Aug 26 13:22:43.775410: | event_schedule: new EVENT_RETRANSMIT-pe@0x5649f9ab9998 Aug 26 13:22:43.775414: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #8 Aug 26 13:22:43.775418: | libevent_malloc: new ptr-libevent@0x5649f9ad79a8 size 128 Aug 26 13:22:43.775425: | #8 STATE_QUICK_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 11049.517876 Aug 26 13:22:43.775429: | resume sending helper answer for #8 suppresed complete_v1_state_transition() Aug 26 13:22:43.775437: | #8 spent 0.771 milliseconds in resume sending helper answer Aug 26 13:22:43.775443: | stop processing: state #8 connection "north-dpd/0x2" from 192.1.2.23 (in resume_handler() at server.c:833) Aug 26 13:22:43.775446: | libevent_free: release ptr-libevent@0x7f83c00072f8 Aug 26 13:22:43.775450: | processing signal PLUTO_SIGCHLD Aug 26 13:22:43.775456: | waitpid returned ECHILD (no child processes left) Aug 26 13:22:43.775460: | spent 0.00566 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:22:43.775469: | spent 0.00153 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:22:43.775483: | *received 92 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 13:22:43.775486: | ff 46 30 fd 82 4a 54 6b d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:43.775488: | 08 10 05 01 04 b7 55 e3 00 00 00 5c 38 84 03 e3 Aug 26 13:22:43.775490: | 49 47 fc f7 30 44 c7 c2 44 29 89 4a a4 41 c8 21 Aug 26 13:22:43.775493: | 61 63 08 1b 18 1b 8e 24 ce a3 da 9a cf 84 4d 4f Aug 26 13:22:43.775495: | 7c 94 5a 0e 15 ed fb 26 3d 26 20 2e ef 18 30 84 Aug 26 13:22:43.775498: | 9e 7f 13 65 6d fa 14 bf 8e df d3 3b Aug 26 13:22:43.775503: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 13:22:43.775506: | **parse ISAKMP Message: Aug 26 13:22:43.775509: | initiator cookie: Aug 26 13:22:43.775511: | ff 46 30 fd 82 4a 54 6b Aug 26 13:22:43.775514: | responder cookie: Aug 26 13:22:43.775531: | d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:43.775534: | next payload type: ISAKMP_NEXT_HASH (0x8) Aug 26 13:22:43.775537: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 13:22:43.775539: | exchange type: ISAKMP_XCHG_INFO (0x5) Aug 26 13:22:43.775542: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 13:22:43.775545: | Message ID: 79123939 (0x4b755e3) Aug 26 13:22:43.775548: | length: 92 (0x5c) Aug 26 13:22:43.775551: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_INFO (5) Aug 26 13:22:43.775555: | peer and cookies match on #8; msgid=00000000 st_msgid=9b6374a6 st_msgid_phase15=00000000 Aug 26 13:22:43.775559: | peer and cookies match on #6; msgid=00000000 st_msgid=550e82c8 st_msgid_phase15=00000000 Aug 26 13:22:43.775574: | peer and cookies match on #5; msgid=00000000 st_msgid=7d206b25 st_msgid_phase15=00000000 Aug 26 13:22:43.775579: | peer and cookies match on #4; msgid=00000000 st_msgid=17ff60cc st_msgid_phase15=00000000 Aug 26 13:22:43.775582: | peer and cookies match on #1; msgid=00000000 st_msgid=00000000 st_msgid_phase15=00000000 Aug 26 13:22:43.775585: | p15 state object #1 found, in STATE_MAIN_I4 Aug 26 13:22:43.775588: | State DB: found IKEv1 state #1 in MAIN_I4 (find_v1_info_state) Aug 26 13:22:43.775594: | start processing: state #1 connection "north-dpd/0x2" from 192.1.2.23 (in process_v1_packet() at ikev1.c:1479) Aug 26 13:22:43.775604: | #1 is idle Aug 26 13:22:43.775607: | #1 idle Aug 26 13:22:43.775611: | received encrypted packet from 192.1.2.23:500 Aug 26 13:22:43.775620: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x100 opt: 0x0 Aug 26 13:22:43.775623: | ***parse ISAKMP Hash Payload: Aug 26 13:22:43.775626: | next payload type: ISAKMP_NEXT_D (0xc) Aug 26 13:22:43.775629: | length: 36 (0x24) Aug 26 13:22:43.775632: | got payload 0x1000 (ISAKMP_NEXT_D) needed: 0x0 opt: 0x0 Aug 26 13:22:43.775635: | ***parse ISAKMP Delete Payload: Aug 26 13:22:43.775638: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:43.775640: | length: 16 (0x10) Aug 26 13:22:43.775643: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 13:22:43.775645: | protocol ID: 3 (0x3) Aug 26 13:22:43.775648: | SPI size: 4 (0x4) Aug 26 13:22:43.775650: | number of SPIs: 1 (0x1) Aug 26 13:22:43.775652: | removing 12 bytes of padding Aug 26 13:22:43.775668: | informational HASH(1): Aug 26 13:22:43.775671: | 6c cd 30 74 8b 2a 28 2b e4 31 1e 6f a8 7e 04 d5 Aug 26 13:22:43.775673: | cd c4 ff d8 88 ef 17 99 0d 40 e9 d9 0f 22 f8 a4 Aug 26 13:22:43.775676: | received 'informational' message HASH(1) data ok Aug 26 13:22:43.775678: | parsing 4 raw bytes of ISAKMP Delete Payload into SPI Aug 26 13:22:43.775681: | SPI 5b 1c a7 72 Aug 26 13:22:43.775683: | FOR_EACH_STATE_... in find_phase2_state_to_delete Aug 26 13:22:43.775686: "north-dpd/0x2" #1: ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0x5b1ca772) not found (maybe expired) Aug 26 13:22:43.775689: | del: Aug 26 13:22:43.775693: | #1 spent 2.12 milliseconds Aug 26 13:22:43.775697: | complete v1 state transition with STF_IGNORE Aug 26 13:22:43.775701: | #1 spent 0.00841 milliseconds in process_packet_tail() Aug 26 13:22:43.775706: | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) Aug 26 13:22:43.775710: | stop processing: state #1 connection "north-dpd/0x2" from 192.1.2.23 (in process_md() at demux.c:382) Aug 26 13:22:43.775713: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:22:43.775717: | spent 0.243 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:22:43.775725: | spent 0.0014 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:22:43.775734: | *received 92 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 13:22:43.775737: | ff 46 30 fd 82 4a 54 6b d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:43.775739: | 08 10 05 01 e5 6a 43 66 00 00 00 5c de 23 b3 6d Aug 26 13:22:43.775742: | fc ae b5 a8 a9 3c d6 fe 12 25 1d a6 a9 50 da 9a Aug 26 13:22:43.775744: | 95 5b c4 28 bd 87 d8 cd 95 49 67 36 b7 1c f2 dc Aug 26 13:22:43.775746: | d1 6c 7d a5 78 ee 77 4c 94 68 9d f0 ff 69 ff 42 Aug 26 13:22:43.775748: | 6b 17 34 46 f7 e9 b5 63 21 3c 0e b9 Aug 26 13:22:43.775752: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 13:22:43.775755: | **parse ISAKMP Message: Aug 26 13:22:43.775758: | initiator cookie: Aug 26 13:22:43.775760: | ff 46 30 fd 82 4a 54 6b Aug 26 13:22:43.775762: | responder cookie: Aug 26 13:22:43.775764: | d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:43.775767: | next payload type: ISAKMP_NEXT_HASH (0x8) Aug 26 13:22:43.775769: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 13:22:43.775771: | exchange type: ISAKMP_XCHG_INFO (0x5) Aug 26 13:22:43.775774: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 13:22:43.775776: | Message ID: 3848946534 (0xe56a4366) Aug 26 13:22:43.775781: | length: 92 (0x5c) Aug 26 13:22:43.775783: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_INFO (5) Aug 26 13:22:43.775787: | peer and cookies match on #8; msgid=00000000 st_msgid=9b6374a6 st_msgid_phase15=00000000 Aug 26 13:22:43.775790: | peer and cookies match on #6; msgid=00000000 st_msgid=550e82c8 st_msgid_phase15=00000000 Aug 26 13:22:43.775792: | peer and cookies match on #5; msgid=00000000 st_msgid=7d206b25 st_msgid_phase15=00000000 Aug 26 13:22:43.775795: | peer and cookies match on #4; msgid=00000000 st_msgid=17ff60cc st_msgid_phase15=00000000 Aug 26 13:22:43.775798: | peer and cookies match on #1; msgid=00000000 st_msgid=00000000 st_msgid_phase15=00000000 Aug 26 13:22:43.775800: | p15 state object #1 found, in STATE_MAIN_I4 Aug 26 13:22:43.775803: | State DB: found IKEv1 state #1 in MAIN_I4 (find_v1_info_state) Aug 26 13:22:43.775806: | start processing: state #1 connection "north-dpd/0x2" from 192.1.2.23 (in process_v1_packet() at ikev1.c:1479) Aug 26 13:22:43.775814: | #1 is idle Aug 26 13:22:43.775817: | #1 idle Aug 26 13:22:43.775820: | received encrypted packet from 192.1.2.23:500 Aug 26 13:22:43.775826: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x100 opt: 0x0 Aug 26 13:22:43.775829: | ***parse ISAKMP Hash Payload: Aug 26 13:22:43.775832: | next payload type: ISAKMP_NEXT_D (0xc) Aug 26 13:22:43.775834: | length: 36 (0x24) Aug 26 13:22:43.775837: | got payload 0x1000 (ISAKMP_NEXT_D) needed: 0x0 opt: 0x0 Aug 26 13:22:43.775839: | ***parse ISAKMP Delete Payload: Aug 26 13:22:43.775841: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:43.775843: | length: 16 (0x10) Aug 26 13:22:43.775846: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 13:22:43.775848: | protocol ID: 3 (0x3) Aug 26 13:22:43.775850: | SPI size: 4 (0x4) Aug 26 13:22:43.775853: | number of SPIs: 1 (0x1) Aug 26 13:22:43.775855: | removing 12 bytes of padding Aug 26 13:22:43.775869: | informational HASH(1): Aug 26 13:22:43.775872: | 42 5e 53 c8 36 27 67 bd a3 98 e7 1e 02 f7 59 f4 Aug 26 13:22:43.775874: | 76 6e b2 92 45 64 6a 59 65 23 7d 68 f5 e2 d3 7c Aug 26 13:22:43.775877: | received 'informational' message HASH(1) data ok Aug 26 13:22:43.775879: | parsing 4 raw bytes of ISAKMP Delete Payload into SPI Aug 26 13:22:43.775881: | SPI df a7 99 3f Aug 26 13:22:43.775883: | FOR_EACH_STATE_... in find_phase2_state_to_delete Aug 26 13:22:43.775886: "north-dpd/0x2" #1: ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0xdfa7993f) not found (maybe expired) Aug 26 13:22:43.775889: | del: Aug 26 13:22:43.775892: | complete v1 state transition with STF_IGNORE Aug 26 13:22:43.775896: | #1 spent 0.0033 milliseconds in process_packet_tail() Aug 26 13:22:43.775900: | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) Aug 26 13:22:43.775904: | stop processing: state #1 connection "north-dpd/0x2" from 192.1.2.23 (in process_md() at demux.c:382) Aug 26 13:22:43.775907: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:22:43.775911: | spent 0.182 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:22:43.775917: | spent 0.00127 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:22:43.775926: | *received 92 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 13:22:43.775928: | ff 46 30 fd 82 4a 54 6b d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:43.775931: | 08 10 05 01 91 b8 bd a8 00 00 00 5c 62 ed 87 f8 Aug 26 13:22:43.775933: | 1b 7c 05 38 f3 d3 31 02 c0 b9 9b 08 e9 6b 8e 03 Aug 26 13:22:43.775935: | 99 a0 ed 58 06 19 05 ed be a6 7f 40 9e e9 5f 77 Aug 26 13:22:43.775937: | 9c 6f 76 e6 8b 8a 9a a5 0f f4 b4 7b d9 17 b8 2f Aug 26 13:22:43.775939: | e4 95 5b 33 69 63 32 56 6c 44 17 c2 Aug 26 13:22:43.775943: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 13:22:43.775946: | **parse ISAKMP Message: Aug 26 13:22:43.775948: | initiator cookie: Aug 26 13:22:43.775950: | ff 46 30 fd 82 4a 54 6b Aug 26 13:22:43.775954: | responder cookie: Aug 26 13:22:43.775957: | d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:43.775959: | next payload type: ISAKMP_NEXT_HASH (0x8) Aug 26 13:22:43.775962: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 13:22:43.775964: | exchange type: ISAKMP_XCHG_INFO (0x5) Aug 26 13:22:43.775966: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 13:22:43.775969: | Message ID: 2444803496 (0x91b8bda8) Aug 26 13:22:43.775971: | length: 92 (0x5c) Aug 26 13:22:43.775974: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_INFO (5) Aug 26 13:22:43.775976: | peer and cookies match on #8; msgid=00000000 st_msgid=9b6374a6 st_msgid_phase15=00000000 Aug 26 13:22:43.775979: | peer and cookies match on #6; msgid=00000000 st_msgid=550e82c8 st_msgid_phase15=00000000 Aug 26 13:22:43.775982: | peer and cookies match on #5; msgid=00000000 st_msgid=7d206b25 st_msgid_phase15=00000000 Aug 26 13:22:43.775985: | peer and cookies match on #4; msgid=00000000 st_msgid=17ff60cc st_msgid_phase15=00000000 Aug 26 13:22:43.775987: | peer and cookies match on #1; msgid=00000000 st_msgid=00000000 st_msgid_phase15=00000000 Aug 26 13:22:43.775990: | p15 state object #1 found, in STATE_MAIN_I4 Aug 26 13:22:43.775992: | State DB: found IKEv1 state #1 in MAIN_I4 (find_v1_info_state) Aug 26 13:22:43.775996: | start processing: state #1 connection "north-dpd/0x2" from 192.1.2.23 (in process_v1_packet() at ikev1.c:1479) Aug 26 13:22:43.776003: | #1 is idle Aug 26 13:22:43.776005: | #1 idle Aug 26 13:22:43.776008: | received encrypted packet from 192.1.2.23:500 Aug 26 13:22:43.776015: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x100 opt: 0x0 Aug 26 13:22:43.776018: | ***parse ISAKMP Hash Payload: Aug 26 13:22:43.776020: | next payload type: ISAKMP_NEXT_D (0xc) Aug 26 13:22:43.776022: | length: 36 (0x24) Aug 26 13:22:43.776025: | got payload 0x1000 (ISAKMP_NEXT_D) needed: 0x0 opt: 0x0 Aug 26 13:22:43.776027: | ***parse ISAKMP Delete Payload: Aug 26 13:22:43.776043: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:43.776046: | length: 16 (0x10) Aug 26 13:22:43.776049: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 13:22:43.776051: | protocol ID: 3 (0x3) Aug 26 13:22:43.776054: | SPI size: 4 (0x4) Aug 26 13:22:43.776057: | number of SPIs: 1 (0x1) Aug 26 13:22:43.776059: | removing 12 bytes of padding Aug 26 13:22:43.776075: | informational HASH(1): Aug 26 13:22:43.776079: | 1a 52 e0 2b 9e 30 45 45 43 e3 df 9a 36 c8 16 d7 Aug 26 13:22:43.776081: | 46 59 4e 90 96 be 12 2e 01 1f 03 ee eb f2 3b 44 Aug 26 13:22:43.776084: | received 'informational' message HASH(1) data ok Aug 26 13:22:43.776087: | parsing 4 raw bytes of ISAKMP Delete Payload into SPI Aug 26 13:22:43.776090: | SPI 1d e3 0b 97 Aug 26 13:22:43.776093: | FOR_EACH_STATE_... in find_phase2_state_to_delete Aug 26 13:22:43.776097: | start processing: connection "north-dpd/0x1" (BACKGROUND) (in accept_delete() at ikev1_main.c:2515) Aug 26 13:22:43.776101: "north-dpd/0x2" #1: received Delete SA payload: replace IPsec State #6 now Aug 26 13:22:43.776105: | state #6 requesting EVENT_SA_REPLACE to be deleted Aug 26 13:22:43.776112: | libevent_free: release ptr-libevent@0x7f83b8004fd8 Aug 26 13:22:43.776116: | free_event_entry: release EVENT_SA_REPLACE-pe@0x7f83ac002b78 Aug 26 13:22:43.776120: | event_schedule: new EVENT_SA_REPLACE-pe@0x7f83ac002b78 Aug 26 13:22:43.776123: | inserting event EVENT_SA_REPLACE, timeout in 0 seconds for #6 Aug 26 13:22:43.776125: | libevent_malloc: new ptr-libevent@0x7f83c00072f8 size 128 Aug 26 13:22:43.776128: | stop processing: connection "north-dpd/0x1" (BACKGROUND) (in accept_delete() at ikev1_main.c:2559) Aug 26 13:22:43.776130: | del: Aug 26 13:22:43.776132: | complete v1 state transition with STF_IGNORE Aug 26 13:22:43.776135: | #1 spent 0.00244 milliseconds in process_packet_tail() Aug 26 13:22:43.776138: | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) Aug 26 13:22:43.776141: | stop processing: state #1 connection "north-dpd/0x2" from 192.1.2.23 (in process_md() at demux.c:382) Aug 26 13:22:43.776145: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:22:43.776147: | spent 0.226 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:22:43.776151: | timer_event_cb: processing event@0x7f83ac002b78 Aug 26 13:22:43.776153: | handling event EVENT_SA_REPLACE for child state #6 Aug 26 13:22:43.776156: | start processing: state #6 connection "north-dpd/0x1" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 13:22:43.776159: | picked newest_ipsec_sa #6 for #6 Aug 26 13:22:43.776160: | replacing stale IPsec SA Aug 26 13:22:43.776163: | dup_any(fd@-1) -> fd@-1 (in ipsecdoi_replace() at ipsec_doi.c:351) Aug 26 13:22:43.776165: | FOR_EACH_STATE_... in find_phase1_state Aug 26 13:22:43.776169: | creating state object #9 at 0x5649f9ae53f8 Aug 26 13:22:43.776170: | State DB: adding IKEv1 state #9 in UNDEFINED Aug 26 13:22:43.776175: | pstats #9 ikev1.ipsec started Aug 26 13:22:43.776177: | duplicating state object #1 "north-dpd/0x2" as #9 for IPSEC SA Aug 26 13:22:43.776180: | #9 setting local endpoint to 192.1.3.33:500 from #1.st_localport (in duplicate_state() at state.c:1484) Aug 26 13:22:43.776183: | in connection_discard for connection north-dpd/0x2 Aug 26 13:22:43.776186: | suspend processing: state #6 connection "north-dpd/0x1" from 192.1.2.23 (in quick_outI1() at ikev1_quick.c:685) Aug 26 13:22:43.776189: | start processing: state #9 connection "north-dpd/0x1" from 192.1.2.23 (in quick_outI1() at ikev1_quick.c:685) Aug 26 13:22:43.776193: | child state #9: UNDEFINED(ignore) => QUICK_I1(established CHILD SA) Aug 26 13:22:43.776198: "north-dpd/0x1" #9: initiating Quick Mode RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO to replace #6 {using isakmp#1 msgid:8f49023a proposal=defaults pfsgroup=MODP2048} Aug 26 13:22:43.776200: | adding quick_outI1 KE work-order 16 for state #9 Aug 26 13:22:43.776202: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x5649f9ac6cd8 Aug 26 13:22:43.776205: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #9 Aug 26 13:22:43.776207: | libevent_malloc: new ptr-libevent@0x5649f9adc998 size 128 Aug 26 13:22:43.776215: | stop processing: state #9 connection "north-dpd/0x1" from 192.1.2.23 (in quick_outI1() at ikev1_quick.c:764) Aug 26 13:22:43.776217: | resume processing: state #6 connection "north-dpd/0x1" from 192.1.2.23 (in quick_outI1() at ikev1_quick.c:764) Aug 26 13:22:43.776219: | event_schedule: new EVENT_SA_EXPIRE-pe@0x5649f9ac8b98 Aug 26 13:22:43.776222: | inserting event EVENT_SA_EXPIRE, timeout in 0 seconds for #6 Aug 26 13:22:43.776224: | libevent_malloc: new ptr-libevent@0x5649f9acf318 size 128 Aug 26 13:22:43.776225: | crypto helper 1 resuming Aug 26 13:22:43.776227: | libevent_free: release ptr-libevent@0x7f83c00072f8 Aug 26 13:22:43.776242: | crypto helper 1 starting work-order 16 for state #9 Aug 26 13:22:43.776242: | free_event_entry: release EVENT_SA_REPLACE-pe@0x7f83ac002b78 Aug 26 13:22:43.776250: | crypto helper 1 doing build KE and nonce (quick_outI1 KE); request ID 16 Aug 26 13:22:43.776251: | #6 spent 0.0905 milliseconds in timer_event_cb() EVENT_SA_REPLACE Aug 26 13:22:43.776259: | stop processing: state #6 connection "north-dpd/0x1" from 192.1.2.23 (in timer_event_cb() at timer.c:557) Aug 26 13:22:43.776262: | timer_event_cb: processing event@0x5649f9ac8b98 Aug 26 13:22:43.776264: | handling event EVENT_SA_EXPIRE for child state #6 Aug 26 13:22:43.776267: | start processing: state #6 connection "north-dpd/0x1" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 13:22:43.776269: | picked newest_ipsec_sa #6 for #6 Aug 26 13:22:43.776271: | un-established partial CHILD SA timeout (SA expired) Aug 26 13:22:43.776272: | pstats #6 ikev1.ipsec re-failed exchange-timeout Aug 26 13:22:43.776274: | pstats #6 ikev1.ipsec deleted completed Aug 26 13:22:43.776277: | [RE]START processing: state #6 connection "north-dpd/0x1" from 192.1.2.23 (in delete_state() at state.c:879) Aug 26 13:22:43.776279: "north-dpd/0x1" #6: deleting state (STATE_QUICK_I2) aged 23.414s and sending notification Aug 26 13:22:43.776283: | child state #6: QUICK_I2(established CHILD SA) => delete Aug 26 13:22:43.776285: | get_sa_info esp.1de30b97@192.1.2.23 Aug 26 13:22:43.776300: | get_sa_info esp.6367355e@192.1.3.33 Aug 26 13:22:43.776311: "north-dpd/0x1" #6: ESP traffic information: in=84B out=84B Aug 26 13:22:43.776314: | #6 send IKEv1 delete notification for STATE_QUICK_I2 Aug 26 13:22:43.776315: | FOR_EACH_STATE_... in find_phase1_state Aug 26 13:22:43.776319: | **emit ISAKMP Message: Aug 26 13:22:43.776321: | initiator cookie: Aug 26 13:22:43.776322: | ff 46 30 fd 82 4a 54 6b Aug 26 13:22:43.776324: | responder cookie: Aug 26 13:22:43.776325: | d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:43.776327: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:43.776329: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 13:22:43.776331: | exchange type: ISAKMP_XCHG_INFO (0x5) Aug 26 13:22:43.776332: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 13:22:43.776334: | Message ID: 3442118608 (0xcd2a8fd0) Aug 26 13:22:43.776336: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:22:43.776338: | ***emit ISAKMP Hash Payload: Aug 26 13:22:43.776340: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:43.776342: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Aug 26 13:22:43.776344: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'delete msg' Aug 26 13:22:43.776346: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Aug 26 13:22:43.776348: | emitting length of ISAKMP Hash Payload: 36 Aug 26 13:22:43.776349: | ***emit ISAKMP Delete Payload: Aug 26 13:22:43.776351: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:43.776353: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 13:22:43.776354: | protocol ID: 3 (0x3) Aug 26 13:22:43.776356: | SPI size: 4 (0x4) Aug 26 13:22:43.776357: | number of SPIs: 1 (0x1) Aug 26 13:22:43.776359: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Delete Payload (12:ISAKMP_NEXT_D) Aug 26 13:22:43.776361: | next payload chain: saving location 'ISAKMP Delete Payload'.'next payload type' in 'delete msg' Aug 26 13:22:43.776363: | emitting 4 raw bytes of delete payload into ISAKMP Delete Payload Aug 26 13:22:43.776365: | delete payload 63 67 35 5e Aug 26 13:22:43.776367: | emitting length of ISAKMP Delete Payload: 16 Aug 26 13:22:43.776380: | send delete HASH(1): Aug 26 13:22:43.776382: | e7 d1 5a 94 79 22 c5 b0 d9 06 2c be 91 77 a3 ad Aug 26 13:22:43.776384: | 55 f1 e7 eb 25 db 4c 1a ff 46 14 fb 3b b6 d2 bb Aug 26 13:22:43.776389: | emitting 12 zero bytes of encryption padding into ISAKMP Message Aug 26 13:22:43.776390: | no IKEv1 message padding required Aug 26 13:22:43.776392: | emitting length of ISAKMP Message: 92 Aug 26 13:22:43.776401: | sending 92 bytes for delete notify through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Aug 26 13:22:43.776403: | ff 46 30 fd 82 4a 54 6b d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:43.776405: | 08 10 05 01 cd 2a 8f d0 00 00 00 5c be ac 34 18 Aug 26 13:22:43.776406: | e2 cf 7f ba 8f 01 37 72 c2 37 89 68 9f 61 5c d0 Aug 26 13:22:43.776408: | 85 95 94 f2 4a 08 39 aa 91 22 ec 32 4d d8 71 86 Aug 26 13:22:43.776409: | e6 91 8e 16 35 2a be 35 3d 5a 47 d3 e2 f9 ee 73 Aug 26 13:22:43.776411: | 80 c6 5c cf 56 cf 12 9a 40 20 68 91 Aug 26 13:22:43.776472: | running updown command "ipsec _updown" for verb down Aug 26 13:22:43.776479: | command executing down-client Aug 26 13:22:43.776509: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:22:43.776518: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 13:22:43.776544: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-dpd/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566825740' PLUTO_CONN_POLIC Aug 26 13:22:43.776550: | popen cmd is 1409 chars long Aug 26 13:22:43.776554: | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-dpd/0x1' PL: Aug 26 13:22:43.776558: | cmd( 80):UTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY: Aug 26 13:22:43.776562: | cmd( 160):_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.test: Aug 26 13:22:43.776566: | cmd( 240):ing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.: Aug 26 13:22:43.776569: | cmd( 320):0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO: Aug 26 13:22:43.776572: | cmd( 400):_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PL: Aug 26 13:22:43.776574: | cmd( 480):UTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, O: Aug 26 13:22:43.776576: | cmd( 560):U=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.: Aug 26 13:22:43.776578: | cmd( 640):org' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PE: Aug 26 13:22:43.776579: | cmd( 720):ER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO: Aug 26 13:22:43.776581: | cmd( 800):_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libre: Aug 26 13:22:43.776584: | cmd( 880):swan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADD: Aug 26 13:22:43.776586: | cmd( 960):TIME='1566825740' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SA: Aug 26 13:22:43.776588: | cmd(1040):REF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRF: Aug 26 13:22:43.776591: | cmd(1120):AMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO: Aug 26 13:22:43.776593: | cmd(1200):_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT=: Aug 26 13:22:43.776595: | cmd(1280):'0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN: Aug 26 13:22:43.776598: | cmd(1360):=0x1de30b97 SPI_OUT=0x6367355e ipsec _updown 2>&1: Aug 26 13:22:43.777291: | crypto helper 1 finished build KE and nonce (quick_outI1 KE); request ID 16 time elapsed 0.001037 seconds Aug 26 13:22:43.777308: | (#9) spent 1.04 milliseconds in crypto helper computing work-order 16: quick_outI1 KE (pcr) Aug 26 13:22:43.777313: | crypto helper 1 sending results from work-order 16 for state #9 to event queue Aug 26 13:22:43.777317: | scheduling resume sending helper answer for #9 Aug 26 13:22:43.777322: | libevent_malloc: new ptr-libevent@0x7f83b8004fd8 size 128 Aug 26 13:22:43.777336: | crypto helper 1 waiting (nothing to do) Aug 26 13:22:43.787035: | shunt_eroute() called for connection 'north-dpd/0x1' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 0--0->-0 Aug 26 13:22:43.787047: | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 Aug 26 13:22:43.787052: | priority calculation of connection "north-dpd/0x1" is 0xfe7e7 Aug 26 13:22:43.787060: | IPsec Sa SPD priority set to 1042407 Aug 26 13:22:43.787088: | delete esp.1de30b97@192.1.2.23 Aug 26 13:22:43.787105: | netlink response for Del SA esp.1de30b97@192.1.2.23 included non-error error Aug 26 13:22:43.787110: | priority calculation of connection "north-dpd/0x1" is 0xfe7e7 Aug 26 13:22:43.787118: | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.3.0/24:0 => unk255.10000@192.1.3.33 (raw_eroute) Aug 26 13:22:43.787139: | raw_eroute result=success Aug 26 13:22:43.787144: | delete esp.6367355e@192.1.3.33 Aug 26 13:22:43.787155: | netlink response for Del SA esp.6367355e@192.1.3.33 included non-error error Aug 26 13:22:43.787164: | in connection_discard for connection north-dpd/0x1 Aug 26 13:22:43.787168: | State DB: deleting IKEv1 state #6 in QUICK_I2 Aug 26 13:22:43.787174: | child state #6: QUICK_I2(established CHILD SA) => UNDEFINED(ignore) Aug 26 13:22:43.787201: | stop processing: state #6 from 192.1.2.23 (in delete_state() at state.c:1143) Aug 26 13:22:43.787234: | libevent_free: release ptr-libevent@0x5649f9acf318 Aug 26 13:22:43.787239: | free_event_entry: release EVENT_SA_EXPIRE-pe@0x5649f9ac8b98 Aug 26 13:22:43.787243: | in statetime_stop() and could not find #6 Aug 26 13:22:43.787247: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Aug 26 13:22:43.787268: | spent 0.00205 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:22:43.787284: | *received 92 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 13:22:43.787298: | ff 46 30 fd 82 4a 54 6b d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:43.787303: | 08 10 05 01 56 eb 86 49 00 00 00 5c 3a 77 97 14 Aug 26 13:22:43.787306: | f5 12 83 a1 dd e4 b1 37 99 8b ae da 23 3b 58 de Aug 26 13:22:43.787309: | f5 c7 47 bf 7f e8 69 7e 50 df 8d 16 cd 53 26 c7 Aug 26 13:22:43.787312: | 77 2b 61 63 89 2d 25 ef 90 0d 41 91 76 94 0c b8 Aug 26 13:22:43.787315: | da a0 e1 d4 b7 f1 a4 37 a5 00 d7 d3 Aug 26 13:22:43.787322: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 13:22:43.787326: | **parse ISAKMP Message: Aug 26 13:22:43.787329: | initiator cookie: Aug 26 13:22:43.787332: | ff 46 30 fd 82 4a 54 6b Aug 26 13:22:43.787335: | responder cookie: Aug 26 13:22:43.787338: | d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:43.787342: | next payload type: ISAKMP_NEXT_HASH (0x8) Aug 26 13:22:43.787345: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 13:22:43.787349: | exchange type: ISAKMP_XCHG_INFO (0x5) Aug 26 13:22:43.787353: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 13:22:43.787356: | Message ID: 1458275913 (0x56eb8649) Aug 26 13:22:43.787359: | length: 92 (0x5c) Aug 26 13:22:43.787363: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_INFO (5) Aug 26 13:22:43.787368: | peer and cookies match on #9; msgid=00000000 st_msgid=8f49023a st_msgid_phase15=00000000 Aug 26 13:22:43.787372: | peer and cookies match on #8; msgid=00000000 st_msgid=9b6374a6 st_msgid_phase15=00000000 Aug 26 13:22:43.787376: | peer and cookies match on #5; msgid=00000000 st_msgid=7d206b25 st_msgid_phase15=00000000 Aug 26 13:22:43.787380: | peer and cookies match on #4; msgid=00000000 st_msgid=17ff60cc st_msgid_phase15=00000000 Aug 26 13:22:43.787384: | peer and cookies match on #1; msgid=00000000 st_msgid=00000000 st_msgid_phase15=00000000 Aug 26 13:22:43.787387: | p15 state object #1 found, in STATE_MAIN_I4 Aug 26 13:22:43.787391: | State DB: found IKEv1 state #1 in MAIN_I4 (find_v1_info_state) Aug 26 13:22:43.787397: | start processing: state #1 connection "north-dpd/0x2" from 192.1.2.23 (in process_v1_packet() at ikev1.c:1479) Aug 26 13:22:43.787413: | #1 is idle Aug 26 13:22:43.787416: | #1 idle Aug 26 13:22:43.787421: | received encrypted packet from 192.1.2.23:500 Aug 26 13:22:43.787436: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x100 opt: 0x0 Aug 26 13:22:43.787440: | ***parse ISAKMP Hash Payload: Aug 26 13:22:43.787443: | next payload type: ISAKMP_NEXT_D (0xc) Aug 26 13:22:43.787446: | length: 36 (0x24) Aug 26 13:22:43.787452: | got payload 0x1000 (ISAKMP_NEXT_D) needed: 0x0 opt: 0x0 Aug 26 13:22:43.787456: | ***parse ISAKMP Delete Payload: Aug 26 13:22:43.787459: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:43.787462: | length: 16 (0x10) Aug 26 13:22:43.787466: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 13:22:43.787469: | protocol ID: 3 (0x3) Aug 26 13:22:43.787472: | SPI size: 4 (0x4) Aug 26 13:22:43.787475: | number of SPIs: 1 (0x1) Aug 26 13:22:43.787478: | removing 12 bytes of padding Aug 26 13:22:43.787499: | informational HASH(1): Aug 26 13:22:43.787502: | c9 be 9f 95 47 31 46 9f 1e 70 2f 11 dc 8d 15 65 Aug 26 13:22:43.787506: | c6 40 60 f0 f0 53 7b 05 b4 f5 f5 f3 ee 4d aa 4e Aug 26 13:22:43.787509: | received 'informational' message HASH(1) data ok Aug 26 13:22:43.787513: | parsing 4 raw bytes of ISAKMP Delete Payload into SPI Aug 26 13:22:43.787516: | SPI 38 d5 ab de Aug 26 13:22:43.787519: | FOR_EACH_STATE_... in find_phase2_state_to_delete Aug 26 13:22:43.787524: "north-dpd/0x2" #1: ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0x38d5abde) not found (maybe expired) Aug 26 13:22:43.787527: | del: Aug 26 13:22:43.787532: | #1 spent 1.3 milliseconds Aug 26 13:22:43.787537: | complete v1 state transition with STF_IGNORE Aug 26 13:22:43.787543: | #1 spent 0.0101 milliseconds in process_packet_tail() Aug 26 13:22:43.787548: | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) Aug 26 13:22:43.787554: | stop processing: state #1 connection "north-dpd/0x2" from 192.1.2.23 (in process_md() at demux.c:382) Aug 26 13:22:43.787558: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:22:43.787563: | spent 0.282 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:22:43.787571: | processing resume sending helper answer for #9 Aug 26 13:22:43.787577: | start processing: state #9 connection "north-dpd/0x1" from 192.1.2.23 (in resume_handler() at server.c:797) Aug 26 13:22:43.787581: | crypto helper 1 replies to request ID 16 Aug 26 13:22:43.787585: | calling continuation function 0x5649f7dc5b50 Aug 26 13:22:43.787589: | quick_outI1_continue for #9: calculated ke+nonce, sending I1 Aug 26 13:22:43.787612: | **emit ISAKMP Message: Aug 26 13:22:43.787615: | initiator cookie: Aug 26 13:22:43.787618: | ff 46 30 fd 82 4a 54 6b Aug 26 13:22:43.787621: | responder cookie: Aug 26 13:22:43.787624: | d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:43.787627: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:43.787630: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 13:22:43.787634: | exchange type: ISAKMP_XCHG_QUICK (0x20) Aug 26 13:22:43.787637: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 13:22:43.787640: | Message ID: 2403926586 (0x8f49023a) Aug 26 13:22:43.787644: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:22:43.787648: | ***emit ISAKMP Hash Payload: Aug 26 13:22:43.787651: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:43.787656: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Aug 26 13:22:43.787660: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'reply packet' Aug 26 13:22:43.787664: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Aug 26 13:22:43.787667: | emitting length of ISAKMP Hash Payload: 36 Aug 26 13:22:43.787670: | emitting quick defaults using policy none Aug 26 13:22:43.787674: | empty esp_info, returning defaults for ENCRYPT Aug 26 13:22:43.787679: | ***emit ISAKMP Security Association Payload: Aug 26 13:22:43.787682: | next payload type: ISAKMP_NEXT_NONCE (0xa) Aug 26 13:22:43.787685: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 13:22:43.787689: | next payload chain: ignoring supplied 'ISAKMP Security Association Payload'.'next payload type' value 10:ISAKMP_NEXT_NONCE Aug 26 13:22:43.787694: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Security Association Payload (1:ISAKMP_NEXT_SA) Aug 26 13:22:43.787700: | next payload chain: saving location 'ISAKMP Security Association Payload'.'next payload type' in 'reply packet' Aug 26 13:22:43.787703: | ****emit IPsec DOI SIT: Aug 26 13:22:43.787706: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) Aug 26 13:22:43.787710: | ikev1_out_sa pcn: 0 has 1 valid proposals Aug 26 13:22:43.787714: | ikev1_out_sa pcn: 0 pn: 0<1 valid_count: 1 trans_cnt: 2 Aug 26 13:22:43.787717: | ****emit ISAKMP Proposal Payload: Aug 26 13:22:43.787720: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:43.787723: | proposal number: 0 (0x0) Aug 26 13:22:43.787726: | protocol ID: PROTO_IPSEC_ESP (0x3) Aug 26 13:22:43.787729: | SPI size: 4 (0x4) Aug 26 13:22:43.787732: | number of transforms: 2 (0x2) Aug 26 13:22:43.787736: | last substructure: saving location 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' Aug 26 13:22:43.787749: | netlink_get_spi: allocated 0xf604845f for esp.0@192.1.3.33 Aug 26 13:22:43.787753: | emitting 4 raw bytes of SPI into ISAKMP Proposal Payload Aug 26 13:22:43.787756: | SPI f6 04 84 5f Aug 26 13:22:43.787759: | *****emit ISAKMP Transform Payload (ESP): Aug 26 13:22:43.787763: | next payload type: ISAKMP_NEXT_T (0x3) Aug 26 13:22:43.787766: | ESP transform number: 0 (0x0) Aug 26 13:22:43.787769: | ESP transform ID: ESP_AES (0xc) Aug 26 13:22:43.787773: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' Aug 26 13:22:43.787777: | ******emit ISAKMP IPsec DOI attribute: Aug 26 13:22:43.787781: | af+type: AF+GROUP_DESCRIPTION (0x8003) Aug 26 13:22:43.787784: | length/value: 14 (0xe) Aug 26 13:22:43.787787: | [14 is OAKLEY_GROUP_MODP2048] Aug 26 13:22:43.787791: | ******emit ISAKMP IPsec DOI attribute: Aug 26 13:22:43.787794: | af+type: AF+ENCAPSULATION_MODE (0x8004) Aug 26 13:22:43.787797: | length/value: 1 (0x1) Aug 26 13:22:43.787800: | [1 is ENCAPSULATION_MODE_TUNNEL] Aug 26 13:22:43.787803: | ******emit ISAKMP IPsec DOI attribute: Aug 26 13:22:43.787806: | af+type: AF+SA_LIFE_TYPE (0x8001) Aug 26 13:22:43.787809: | length/value: 1 (0x1) Aug 26 13:22:43.787812: | [1 is SA_LIFE_TYPE_SECONDS] Aug 26 13:22:43.787816: | ******emit ISAKMP IPsec DOI attribute: Aug 26 13:22:43.787819: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) Aug 26 13:22:43.787822: | length/value: 28800 (0x7080) Aug 26 13:22:43.787825: | ******emit ISAKMP IPsec DOI attribute: Aug 26 13:22:43.787828: | af+type: AF+AUTH_ALGORITHM (0x8005) Aug 26 13:22:43.787831: | length/value: 2 (0x2) Aug 26 13:22:43.787835: | [2 is AUTH_ALGORITHM_HMAC_SHA1] Aug 26 13:22:43.787838: | ******emit ISAKMP IPsec DOI attribute: Aug 26 13:22:43.787841: | af+type: AF+KEY_LENGTH (0x8006) Aug 26 13:22:43.787845: | length/value: 128 (0x80) Aug 26 13:22:43.787848: | emitting length of ISAKMP Transform Payload (ESP): 32 Aug 26 13:22:43.787851: | *****emit ISAKMP Transform Payload (ESP): Aug 26 13:22:43.787854: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:43.787857: | ESP transform number: 1 (0x1) Aug 26 13:22:43.787861: | ESP transform ID: ESP_3DES (0x3) Aug 26 13:22:43.787865: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Aug 26 13:22:43.787869: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' Aug 26 13:22:43.787872: | ******emit ISAKMP IPsec DOI attribute: Aug 26 13:22:43.787875: | af+type: AF+GROUP_DESCRIPTION (0x8003) Aug 26 13:22:43.787878: | length/value: 14 (0xe) Aug 26 13:22:43.787882: | [14 is OAKLEY_GROUP_MODP2048] Aug 26 13:22:43.787885: | ******emit ISAKMP IPsec DOI attribute: Aug 26 13:22:43.787888: | af+type: AF+ENCAPSULATION_MODE (0x8004) Aug 26 13:22:43.787891: | length/value: 1 (0x1) Aug 26 13:22:43.787894: | [1 is ENCAPSULATION_MODE_TUNNEL] Aug 26 13:22:43.787897: | ******emit ISAKMP IPsec DOI attribute: Aug 26 13:22:43.787902: | af+type: AF+SA_LIFE_TYPE (0x8001) Aug 26 13:22:43.787905: | length/value: 1 (0x1) Aug 26 13:22:43.787908: | [1 is SA_LIFE_TYPE_SECONDS] Aug 26 13:22:43.787911: | ******emit ISAKMP IPsec DOI attribute: Aug 26 13:22:43.787915: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) Aug 26 13:22:43.787918: | length/value: 28800 (0x7080) Aug 26 13:22:43.787921: | ******emit ISAKMP IPsec DOI attribute: Aug 26 13:22:43.787924: | af+type: AF+AUTH_ALGORITHM (0x8005) Aug 26 13:22:43.787927: | length/value: 2 (0x2) Aug 26 13:22:43.787930: | [2 is AUTH_ALGORITHM_HMAC_SHA1] Aug 26 13:22:43.787934: | emitting length of ISAKMP Transform Payload (ESP): 28 Aug 26 13:22:43.787937: | emitting length of ISAKMP Proposal Payload: 72 Aug 26 13:22:43.787941: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' is 0 Aug 26 13:22:43.787944: | emitting length of ISAKMP Security Association Payload: 84 Aug 26 13:22:43.787948: | last substructure: checking 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' is 0 Aug 26 13:22:43.787954: | ***emit ISAKMP Nonce Payload: Aug 26 13:22:43.787957: | next payload type: ISAKMP_NEXT_KE (0x4) Aug 26 13:22:43.787961: | next payload chain: ignoring supplied 'ISAKMP Nonce Payload'.'next payload type' value 4:ISAKMP_NEXT_KE Aug 26 13:22:43.787966: | next payload chain: setting previous 'ISAKMP Security Association Payload'.'next payload type' to current ISAKMP Nonce Payload (10:ISAKMP_NEXT_NONCE) Aug 26 13:22:43.787970: | next payload chain: saving location 'ISAKMP Nonce Payload'.'next payload type' in 'reply packet' Aug 26 13:22:43.787974: | emitting 32 raw bytes of Ni into ISAKMP Nonce Payload Aug 26 13:22:43.787977: | Ni 5d ba 58 11 46 e9 22 f1 80 c2 ce fc 1f f0 59 75 Aug 26 13:22:43.787981: | Ni a7 05 a0 d8 50 4b f5 49 7c be 83 2c 06 ba f8 4d Aug 26 13:22:43.787984: | emitting length of ISAKMP Nonce Payload: 36 Aug 26 13:22:43.787987: | ***emit ISAKMP Key Exchange Payload: Aug 26 13:22:43.787991: | next payload type: ISAKMP_NEXT_ID (0x5) Aug 26 13:22:43.787995: | next payload chain: ignoring supplied 'ISAKMP Key Exchange Payload'.'next payload type' value 5:ISAKMP_NEXT_ID Aug 26 13:22:43.787999: | next payload chain: setting previous 'ISAKMP Nonce Payload'.'next payload type' to current ISAKMP Key Exchange Payload (4:ISAKMP_NEXT_KE) Aug 26 13:22:43.788003: | next payload chain: saving location 'ISAKMP Key Exchange Payload'.'next payload type' in 'reply packet' Aug 26 13:22:43.788007: | emitting 256 raw bytes of keyex value into ISAKMP Key Exchange Payload Aug 26 13:22:43.788010: | keyex value f2 ab 83 8b d1 c6 72 33 88 b2 00 43 e4 60 91 2b Aug 26 13:22:43.788013: | keyex value c1 fe 9f 65 78 ef 00 f9 5d 63 33 8a 61 a0 0c 28 Aug 26 13:22:43.788017: | keyex value 8a 98 ed 97 ae a6 6e 81 3d ce f4 47 aa 92 e9 12 Aug 26 13:22:43.788020: | keyex value f1 04 83 bd 8e 5c 5d e5 6f 50 ca 42 b7 0b f9 15 Aug 26 13:22:43.788023: | keyex value 33 41 bc ab 07 8d 18 17 4c 98 38 10 ac f5 51 ca Aug 26 13:22:43.788026: | keyex value 0d 4c 25 b3 d8 c5 23 77 0c c2 9c 3a 1b f5 d2 7e Aug 26 13:22:43.788030: | keyex value 11 cd 5e 8f 76 cc ed 22 55 c1 1e 81 8d 0d ce 3d Aug 26 13:22:43.788033: | keyex value ab 53 32 5d 68 75 7f 1a f3 c1 75 a9 97 4c 28 c2 Aug 26 13:22:43.788037: | keyex value 09 71 c4 ec f6 51 4d 66 52 41 e7 c5 15 78 2c 53 Aug 26 13:22:43.788040: | keyex value 92 a6 0e a1 ba 0d 75 25 30 31 71 7a 4b f2 e9 76 Aug 26 13:22:43.788043: | keyex value 6f bd 3c 1c 59 50 38 a1 36 53 7e 65 6c 1a ea 6c Aug 26 13:22:43.788046: | keyex value 0c 0a f0 83 29 dd 6d a8 fe 4c 42 93 34 e7 62 ba Aug 26 13:22:43.788050: | keyex value b0 6f 99 38 92 5f 25 27 75 be 59 8c b6 31 cc f0 Aug 26 13:22:43.788053: | keyex value ff ef 78 f0 72 36 ef 95 6e 7f ef d8 e9 81 60 fa Aug 26 13:22:43.788056: | keyex value aa be d4 66 04 99 d8 54 7a 05 c7 de 82 64 ae 12 Aug 26 13:22:43.788059: | keyex value 47 0c 0e e5 f5 48 c0 6f 1f 0f 7e dc 25 60 4f 2a Aug 26 13:22:43.788064: | emitting length of ISAKMP Key Exchange Payload: 260 Aug 26 13:22:43.788068: | ***emit ISAKMP Identification Payload (IPsec DOI): Aug 26 13:22:43.788071: | next payload type: ISAKMP_NEXT_ID (0x5) Aug 26 13:22:43.788074: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Aug 26 13:22:43.788077: | Protocol ID: 0 (0x0) Aug 26 13:22:43.788080: | port: 0 (0x0) Aug 26 13:22:43.788084: | next payload chain: ignoring supplied 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' value 5:ISAKMP_NEXT_ID Aug 26 13:22:43.788089: | next payload chain: setting previous 'ISAKMP Key Exchange Payload'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) Aug 26 13:22:43.788093: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' Aug 26 13:22:43.788097: | emitting 4 raw bytes of client network into ISAKMP Identification Payload (IPsec DOI) Aug 26 13:22:43.788101: | client network c0 00 03 00 Aug 26 13:22:43.788105: | emitting 4 raw bytes of client mask into ISAKMP Identification Payload (IPsec DOI) Aug 26 13:22:43.788108: | client mask ff ff ff 00 Aug 26 13:22:43.788111: | emitting length of ISAKMP Identification Payload (IPsec DOI): 16 Aug 26 13:22:43.788115: | ***emit ISAKMP Identification Payload (IPsec DOI): Aug 26 13:22:43.788118: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:43.788121: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Aug 26 13:22:43.788124: | Protocol ID: 0 (0x0) Aug 26 13:22:43.788127: | port: 0 (0x0) Aug 26 13:22:43.788131: | next payload chain: setting previous 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) Aug 26 13:22:43.788135: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' Aug 26 13:22:43.788139: | emitting 4 raw bytes of client network into ISAKMP Identification Payload (IPsec DOI) Aug 26 13:22:43.788142: | client network c0 00 02 00 Aug 26 13:22:43.788146: | emitting 4 raw bytes of client mask into ISAKMP Identification Payload (IPsec DOI) Aug 26 13:22:43.788149: | client mask ff ff ff 00 Aug 26 13:22:43.788152: | emitting length of ISAKMP Identification Payload (IPsec DOI): 16 Aug 26 13:22:43.788174: | outI1 HASH(1): Aug 26 13:22:43.788178: | 93 f3 f0 88 e5 52 dd 27 fd 2c 10 63 0b 99 f9 9f Aug 26 13:22:43.788181: | f9 64 3b af 5e 93 56 91 6b 3c b8 79 3a c6 1c 90 Aug 26 13:22:43.788188: | no IKEv1 message padding required Aug 26 13:22:43.788192: | emitting length of ISAKMP Message: 476 Aug 26 13:22:43.788205: | sending 476 bytes for reply packet from quick_outI1 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #9) Aug 26 13:22:43.788208: | ff 46 30 fd 82 4a 54 6b d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:43.788212: | 08 10 20 01 8f 49 02 3a 00 00 01 dc 11 43 9e 2d Aug 26 13:22:43.788215: | bc 46 dc d6 54 63 ca c5 e0 34 39 22 cc ce c5 ba Aug 26 13:22:43.788218: | 8b 79 df 1b 98 ef 22 d8 92 b2 f2 1f 35 76 5e c4 Aug 26 13:22:43.788221: | ee 79 cf 6f 3f ed 4f 83 dd 91 f5 98 9f cd fb 06 Aug 26 13:22:43.788224: | 16 d2 22 0e 3c 5d 19 78 94 3c 76 8c 0f fb 24 d4 Aug 26 13:22:43.788227: | b5 05 85 b7 f2 52 3e 0c 29 87 92 c8 07 70 67 b7 Aug 26 13:22:43.788230: | bd df cd ab a1 1a 6c 78 91 1d 59 63 d1 36 80 3a Aug 26 13:22:43.788233: | d5 07 05 f7 a3 34 3d de 89 09 1f e4 35 8e 1b fa Aug 26 13:22:43.788236: | 55 13 7b eb 1d 58 23 e2 4c 01 2c 8b 15 44 46 5e Aug 26 13:22:43.788240: | cd 0f 37 d1 4c 7d 61 3c 81 2c 24 92 49 95 56 f5 Aug 26 13:22:43.788243: | 98 d4 f7 12 8b d3 ff 8f 0f 1a 46 28 d1 89 39 ee Aug 26 13:22:43.788246: | d2 03 d3 6f 99 5d bb 91 3d 98 a8 f4 94 7d 33 06 Aug 26 13:22:43.788249: | 47 e9 78 21 77 e1 fc bc ef eb 76 38 82 e8 cc e6 Aug 26 13:22:43.788252: | b1 0b 0b 59 c0 6a fd 31 3d 37 52 d5 6b 84 0a 86 Aug 26 13:22:43.788255: | 5d 24 ae 41 27 f4 f8 e1 c6 48 e3 0a 55 d8 0f 15 Aug 26 13:22:43.788260: | c1 96 30 b7 81 5e 89 fa a1 1d 70 96 de fa aa 36 Aug 26 13:22:43.788263: | 3e a8 49 3b 0e 88 3d 8b 50 7d 36 33 ec 7a 0e 3d Aug 26 13:22:43.788266: | 4e 27 83 06 17 a5 48 ad 5a d5 63 42 3f cb d6 7c Aug 26 13:22:43.788269: | 54 d9 5d 0c 7b bc 6f f1 73 f0 a2 2a 65 e4 50 18 Aug 26 13:22:43.788272: | e6 02 9b ac 62 6e 32 0c 7c 08 f7 78 b6 d9 13 a6 Aug 26 13:22:43.788275: | 04 36 8f 8a 6f 66 7e 36 35 0f e6 ed a3 89 20 5e Aug 26 13:22:43.788278: | ba af e6 11 d8 d3 41 3d 6a 1a 96 2d ed 75 a3 17 Aug 26 13:22:43.788281: | 80 fc 3f ad 9e 5f bb 9b ce cc 4c 41 bf 26 a7 f9 Aug 26 13:22:43.788284: | 02 08 86 7d 77 59 0a c7 43 51 e6 e3 d4 b6 0e 01 Aug 26 13:22:43.788302: | 49 a2 3d 9b f4 7f 2b e2 f3 9a 7c 8e e2 86 4e 81 Aug 26 13:22:43.788308: | e6 ca 20 a3 23 94 e6 bc 02 3e d8 c8 40 62 33 95 Aug 26 13:22:43.788311: | 73 bb 3e 5a 2b 79 95 55 99 88 9d ba 83 4f a5 50 Aug 26 13:22:43.788314: | e1 a3 da c4 71 2b 5f 80 84 1b 90 25 67 2a 16 87 Aug 26 13:22:43.788317: | e4 72 99 bd c7 33 74 ae ce 85 7c ce Aug 26 13:22:43.788347: | state #9 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:22:43.788353: | libevent_free: release ptr-libevent@0x5649f9adc998 Aug 26 13:22:43.788357: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x5649f9ac6cd8 Aug 26 13:22:43.788362: | event_schedule: new EVENT_RETRANSMIT-pe@0x7f83b00058b8 Aug 26 13:22:43.788366: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #9 Aug 26 13:22:43.788371: | libevent_malloc: new ptr-libevent@0x5649f9ad7a58 size 128 Aug 26 13:22:43.788379: | #9 STATE_QUICK_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 11049.530827 Aug 26 13:22:43.788384: | resume sending helper answer for #9 suppresed complete_v1_state_transition() Aug 26 13:22:43.788390: | #9 spent 0.78 milliseconds in resume sending helper answer Aug 26 13:22:43.788396: | stop processing: state #9 connection "north-dpd/0x1" from 192.1.2.23 (in resume_handler() at server.c:833) Aug 26 13:22:43.788400: | libevent_free: release ptr-libevent@0x7f83b8004fd8 Aug 26 13:22:43.788404: | processing signal PLUTO_SIGCHLD Aug 26 13:22:43.788409: | waitpid returned ECHILD (no child processes left) Aug 26 13:22:43.788414: | spent 0.00597 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 13:22:43.788424: | spent 0.00139 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:22:43.788434: | *received 92 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 13:22:43.788438: | ff 46 30 fd 82 4a 54 6b d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:43.788441: | 08 10 05 01 d1 ac 16 46 00 00 00 5c 22 55 41 89 Aug 26 13:22:43.788444: | a1 e2 fa b1 ee ca b6 bf 64 e2 db 84 2b cc 3b 81 Aug 26 13:22:43.788447: | a8 cc c7 83 4c 1c e7 dd 40 0d 28 45 78 5e ac 9d Aug 26 13:22:43.788450: | cc 9c bf 7e 1c a2 2c c8 ae ad 8e ef 90 0c 68 89 Aug 26 13:22:43.788453: | 16 a2 b5 b5 82 2d af 15 22 97 4e e3 Aug 26 13:22:43.788458: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 13:22:43.788462: | **parse ISAKMP Message: Aug 26 13:22:43.788465: | initiator cookie: Aug 26 13:22:43.788468: | ff 46 30 fd 82 4a 54 6b Aug 26 13:22:43.788471: | responder cookie: Aug 26 13:22:43.788474: | d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:43.788477: | next payload type: ISAKMP_NEXT_HASH (0x8) Aug 26 13:22:43.788481: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 13:22:43.788484: | exchange type: ISAKMP_XCHG_INFO (0x5) Aug 26 13:22:43.788487: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 13:22:43.788490: | Message ID: 3517716038 (0xd1ac1646) Aug 26 13:22:43.788493: | length: 92 (0x5c) Aug 26 13:22:43.788497: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_INFO (5) Aug 26 13:22:43.788502: | peer and cookies match on #9; msgid=00000000 st_msgid=8f49023a st_msgid_phase15=00000000 Aug 26 13:22:43.788506: | peer and cookies match on #8; msgid=00000000 st_msgid=9b6374a6 st_msgid_phase15=00000000 Aug 26 13:22:43.788514: | peer and cookies match on #5; msgid=00000000 st_msgid=7d206b25 st_msgid_phase15=00000000 Aug 26 13:22:43.788519: | peer and cookies match on #4; msgid=00000000 st_msgid=17ff60cc st_msgid_phase15=00000000 Aug 26 13:22:43.788523: | peer and cookies match on #1; msgid=00000000 st_msgid=00000000 st_msgid_phase15=00000000 Aug 26 13:22:43.788526: | p15 state object #1 found, in STATE_MAIN_I4 Aug 26 13:22:43.788529: | State DB: found IKEv1 state #1 in MAIN_I4 (find_v1_info_state) Aug 26 13:22:43.788535: | start processing: state #1 connection "north-dpd/0x2" from 192.1.2.23 (in process_v1_packet() at ikev1.c:1479) Aug 26 13:22:43.788545: | #1 is idle Aug 26 13:22:43.788548: | #1 idle Aug 26 13:22:43.788552: | received encrypted packet from 192.1.2.23:500 Aug 26 13:22:43.788560: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x100 opt: 0x0 Aug 26 13:22:43.788564: | ***parse ISAKMP Hash Payload: Aug 26 13:22:43.788567: | next payload type: ISAKMP_NEXT_D (0xc) Aug 26 13:22:43.788570: | length: 36 (0x24) Aug 26 13:22:43.788574: | got payload 0x1000 (ISAKMP_NEXT_D) needed: 0x0 opt: 0x0 Aug 26 13:22:43.788577: | ***parse ISAKMP Delete Payload: Aug 26 13:22:43.788581: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:43.788584: | length: 16 (0x10) Aug 26 13:22:43.788587: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 13:22:43.788590: | protocol ID: 3 (0x3) Aug 26 13:22:43.788593: | SPI size: 4 (0x4) Aug 26 13:22:43.788596: | number of SPIs: 1 (0x1) Aug 26 13:22:43.788599: | removing 12 bytes of padding Aug 26 13:22:43.788615: | informational HASH(1): Aug 26 13:22:43.788619: | 62 bc 4d 99 16 40 40 60 e6 51 36 d2 2e e1 61 a5 Aug 26 13:22:43.788622: | 02 81 17 af d4 75 c1 8c ab b9 51 a9 bc 35 d9 74 Aug 26 13:22:43.788625: | received 'informational' message HASH(1) data ok Aug 26 13:22:43.788629: | parsing 4 raw bytes of ISAKMP Delete Payload into SPI Aug 26 13:22:43.788631: | SPI 19 ad 0d cb Aug 26 13:22:43.788635: | FOR_EACH_STATE_... in find_phase2_state_to_delete Aug 26 13:22:43.788638: "north-dpd/0x2" #1: ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0x19ad0dcb) not found (maybe expired) Aug 26 13:22:43.788641: | del: Aug 26 13:22:43.788646: | #1 spent 1.08 milliseconds Aug 26 13:22:43.788649: | complete v1 state transition with STF_IGNORE Aug 26 13:22:43.788654: | #1 spent 0.00799 milliseconds in process_packet_tail() Aug 26 13:22:43.788660: | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) Aug 26 13:22:43.788666: | stop processing: state #1 connection "north-dpd/0x2" from 192.1.2.23 (in process_md() at demux.c:382) Aug 26 13:22:43.788670: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:22:43.788675: | spent 0.246 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:22:43.788683: | spent 0.00139 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 13:22:43.788693: | *received 92 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 13:22:43.788696: | ff 46 30 fd 82 4a 54 6b d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:43.788699: | 08 10 05 01 f1 dd 49 80 00 00 00 5c ae 54 df 95 Aug 26 13:22:43.788702: | dd 2e 03 ff 91 e4 15 14 c7 87 72 4f 89 54 4d 11 Aug 26 13:22:43.788705: | 86 60 6b bb 55 c9 c1 8c e9 55 d6 8b b4 1c bb 05 Aug 26 13:22:43.788709: | 48 47 70 dc ec 62 b0 54 b8 80 ff 84 6e f4 3e ec Aug 26 13:22:43.788712: | 83 8a e6 06 5c 58 58 ad 9a 48 45 f1 Aug 26 13:22:43.788716: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 13:22:43.788720: | **parse ISAKMP Message: Aug 26 13:22:43.788723: | initiator cookie: Aug 26 13:22:43.788726: | ff 46 30 fd 82 4a 54 6b Aug 26 13:22:43.788729: | responder cookie: Aug 26 13:22:43.788732: | d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:43.788735: | next payload type: ISAKMP_NEXT_HASH (0x8) Aug 26 13:22:43.788739: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 13:22:43.788742: | exchange type: ISAKMP_XCHG_INFO (0x5) Aug 26 13:22:43.788747: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 13:22:43.788750: | Message ID: 4057811328 (0xf1dd4980) Aug 26 13:22:43.788753: | length: 92 (0x5c) Aug 26 13:22:43.788757: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_INFO (5) Aug 26 13:22:43.788761: | peer and cookies match on #9; msgid=00000000 st_msgid=8f49023a st_msgid_phase15=00000000 Aug 26 13:22:43.788765: | peer and cookies match on #8; msgid=00000000 st_msgid=9b6374a6 st_msgid_phase15=00000000 Aug 26 13:22:43.788769: | peer and cookies match on #5; msgid=00000000 st_msgid=7d206b25 st_msgid_phase15=00000000 Aug 26 13:22:43.788773: | peer and cookies match on #4; msgid=00000000 st_msgid=17ff60cc st_msgid_phase15=00000000 Aug 26 13:22:43.788777: | peer and cookies match on #1; msgid=00000000 st_msgid=00000000 st_msgid_phase15=00000000 Aug 26 13:22:43.788780: | p15 state object #1 found, in STATE_MAIN_I4 Aug 26 13:22:43.788784: | State DB: found IKEv1 state #1 in MAIN_I4 (find_v1_info_state) Aug 26 13:22:43.788790: | start processing: state #1 connection "north-dpd/0x2" from 192.1.2.23 (in process_v1_packet() at ikev1.c:1479) Aug 26 13:22:43.788798: | #1 is idle Aug 26 13:22:43.788801: | #1 idle Aug 26 13:22:43.788805: | received encrypted packet from 192.1.2.23:500 Aug 26 13:22:43.788813: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x100 opt: 0x0 Aug 26 13:22:43.788816: | ***parse ISAKMP Hash Payload: Aug 26 13:22:43.788819: | next payload type: ISAKMP_NEXT_D (0xc) Aug 26 13:22:43.788822: | length: 36 (0x24) Aug 26 13:22:43.788826: | got payload 0x1000 (ISAKMP_NEXT_D) needed: 0x0 opt: 0x0 Aug 26 13:22:43.788829: | ***parse ISAKMP Delete Payload: Aug 26 13:22:43.788832: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:43.788835: | length: 28 (0x1c) Aug 26 13:22:43.788838: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 13:22:43.788841: | protocol ID: 1 (0x1) Aug 26 13:22:43.788844: | SPI size: 16 (0x10) Aug 26 13:22:43.788847: | number of SPIs: 1 (0x1) Aug 26 13:22:43.788862: | informational HASH(1): Aug 26 13:22:43.788866: | a9 ba d0 1c 88 1d 47 b8 d7 67 d6 33 ca 53 45 59 Aug 26 13:22:43.788869: | 2b a7 0e 7e fa 29 70 56 15 9e 3c d7 19 67 76 8f Aug 26 13:22:43.788872: | received 'informational' message HASH(1) data ok Aug 26 13:22:43.788876: | parsing 8 raw bytes of ISAKMP Delete Payload into iCookie Aug 26 13:22:43.788879: | iCookie ff 46 30 fd 82 4a 54 6b Aug 26 13:22:43.788882: | parsing 8 raw bytes of ISAKMP Delete Payload into rCookie Aug 26 13:22:43.788885: | rCookie d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:43.788889: | State DB: found IKEv1 state #1 in MAIN_I4 (find_state_ikev1) Aug 26 13:22:43.788892: | del: Aug 26 13:22:43.788895: "north-dpd/0x2" #1: received Delete SA payload: self-deleting ISAKMP State #1 Aug 26 13:22:43.788899: | pstats #1 ikev1.isakmp deleted completed Aug 26 13:22:43.788905: | [RE]START processing: state #1 connection "north-dpd/0x2" from 192.1.2.23 (in delete_state() at state.c:879) Aug 26 13:22:43.788909: "north-dpd/0x2" #1: deleting state (STATE_MAIN_I4) aged 66.317s and sending notification Aug 26 13:22:43.788913: | parent state #1: MAIN_I4(established IKE SA) => delete Aug 26 13:22:43.788963: | #1 send IKEv1 delete notification for STATE_MAIN_I4 Aug 26 13:22:43.788973: | **emit ISAKMP Message: Aug 26 13:22:43.788976: | initiator cookie: Aug 26 13:22:43.788979: | ff 46 30 fd 82 4a 54 6b Aug 26 13:22:43.788982: | responder cookie: Aug 26 13:22:43.788985: | d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:43.788988: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:43.788991: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 13:22:43.788994: | exchange type: ISAKMP_XCHG_INFO (0x5) Aug 26 13:22:43.788998: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 13:22:43.789001: | Message ID: 878300707 (0x3459ce23) Aug 26 13:22:43.789005: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:22:43.789008: | ***emit ISAKMP Hash Payload: Aug 26 13:22:43.789011: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:43.789018: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Aug 26 13:22:43.789022: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'delete msg' Aug 26 13:22:43.789026: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Aug 26 13:22:43.789029: | emitting length of ISAKMP Hash Payload: 36 Aug 26 13:22:43.789032: | ***emit ISAKMP Delete Payload: Aug 26 13:22:43.789036: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:43.789039: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 13:22:43.789042: | protocol ID: 1 (0x1) Aug 26 13:22:43.789045: | SPI size: 16 (0x10) Aug 26 13:22:43.789048: | number of SPIs: 1 (0x1) Aug 26 13:22:43.789052: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Delete Payload (12:ISAKMP_NEXT_D) Aug 26 13:22:43.789056: | next payload chain: saving location 'ISAKMP Delete Payload'.'next payload type' in 'delete msg' Aug 26 13:22:43.789060: | emitting 8 raw bytes of initiator SPI into ISAKMP Delete Payload Aug 26 13:22:43.789063: | initiator SPI ff 46 30 fd 82 4a 54 6b Aug 26 13:22:43.789066: | emitting 8 raw bytes of responder SPI into ISAKMP Delete Payload Aug 26 13:22:43.789069: | responder SPI d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:43.789072: | emitting length of ISAKMP Delete Payload: 28 Aug 26 13:22:43.789089: | send delete HASH(1): Aug 26 13:22:43.789093: | e5 fd be 32 50 8b 8b c8 50 25 16 d3 f2 c3 7a a4 Aug 26 13:22:43.789096: | 0d c7 fd de f1 1e 25 91 b2 42 a7 4f 2d 42 22 7f Aug 26 13:22:43.789103: | no IKEv1 message padding required Aug 26 13:22:43.789106: | emitting length of ISAKMP Message: 92 Aug 26 13:22:43.789119: | sending 92 bytes for delete notify through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Aug 26 13:22:43.789123: | ff 46 30 fd 82 4a 54 6b d9 29 c1 51 cb 06 e4 0b Aug 26 13:22:43.789126: | 08 10 05 01 34 59 ce 23 00 00 00 5c f3 cb 72 99 Aug 26 13:22:43.789129: | 47 78 fc 7a bd 9f ff a4 e2 d3 90 fa 2d 02 a4 f9 Aug 26 13:22:43.789132: | 0a 88 41 e2 d2 90 3e 53 64 4c fc 99 f2 b3 85 c4 Aug 26 13:22:43.789135: | 83 63 ec 2f a9 eb 96 fa 6d d6 13 ff 6e 9b 73 6a Aug 26 13:22:43.789138: | e3 16 65 00 28 60 59 8c a3 bb 11 28 Aug 26 13:22:43.789160: | state #1 requesting EVENT_SA_REPLACE to be deleted Aug 26 13:22:43.789167: | libevent_free: release ptr-libevent@0x5649f9ae28c8 Aug 26 13:22:43.789172: | free_event_entry: release EVENT_SA_REPLACE-pe@0x5649f9abf408 Aug 26 13:22:43.789176: "north-dpd/0x2" #1: reschedule pending child #9 STATE_QUICK_I1 of connection "north-dpd/0x1" - the parent is going away Aug 26 13:22:43.789180: | state #9 requesting EVENT_RETRANSMIT to be deleted Aug 26 13:22:43.789183: | #9 STATE_QUICK_I1: retransmits: cleared Aug 26 13:22:43.789187: | libevent_free: release ptr-libevent@0x5649f9ad7a58 Aug 26 13:22:43.789190: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f83b00058b8 Aug 26 13:22:43.789194: | event_schedule: new EVENT_SA_REPLACE-pe@0x5649f9abf408 Aug 26 13:22:43.789199: | inserting event EVENT_SA_REPLACE, timeout in 0 seconds for #9 Aug 26 13:22:43.789203: | libevent_malloc: new ptr-libevent@0x7f83b8004fd8 size 128 Aug 26 13:22:43.789206: "north-dpd/0x2" #1: reschedule pending child #8 STATE_QUICK_I1 of connection "north-dpd/0x2" - the parent is going away Aug 26 13:22:43.789210: | state #8 requesting EVENT_RETRANSMIT to be deleted Aug 26 13:22:43.789213: | #8 STATE_QUICK_I1: retransmits: cleared Aug 26 13:22:43.789217: | libevent_free: release ptr-libevent@0x5649f9ad79a8 Aug 26 13:22:43.789222: | free_event_entry: release EVENT_RETRANSMIT-pe@0x5649f9ab9998 Aug 26 13:22:43.789225: | event_schedule: new EVENT_SA_REPLACE-pe@0x5649f9ab9998 Aug 26 13:22:43.789229: | inserting event EVENT_SA_REPLACE, timeout in 0 seconds for #8 Aug 26 13:22:43.789233: | libevent_malloc: new ptr-libevent@0x5649f9ad79a8 size 128 Aug 26 13:22:43.789237: "north-dpd/0x2" #1: reschedule pending child #5 STATE_QUICK_I1 of connection "north-dpd/0x1" - the parent is going away Aug 26 13:22:43.789243: | state #5 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:22:43.789247: | libevent_free: release ptr-libevent@0x5649f9ada878 Aug 26 13:22:43.789253: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f83c0002b78 Aug 26 13:22:43.789257: | event_schedule: new EVENT_SA_REPLACE-pe@0x7f83c0002b78 Aug 26 13:22:43.789262: | inserting event EVENT_SA_REPLACE, timeout in 0 seconds for #5 Aug 26 13:22:43.789265: | libevent_malloc: new ptr-libevent@0x5649f9ada878 size 128 Aug 26 13:22:43.789268: "north-dpd/0x2" #1: reschedule pending child #4 STATE_QUICK_I1 of connection "north-dpd/0x2" - the parent is going away Aug 26 13:22:43.789272: | state #4 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 13:22:43.789275: | libevent_free: release ptr-libevent@0x7f83ac002888 Aug 26 13:22:43.789281: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f83bc004218 Aug 26 13:22:43.789285: | event_schedule: new EVENT_SA_REPLACE-pe@0x7f83bc004218 Aug 26 13:22:43.789293: | inserting event EVENT_SA_REPLACE, timeout in 0 seconds for #4 Aug 26 13:22:43.789299: | libevent_malloc: new ptr-libevent@0x7f83ac002888 size 128 Aug 26 13:22:43.789302: | State DB: IKEv1 state not found (flush_incomplete_children) Aug 26 13:22:43.789307: | picked newest_isakmp_sa #0 for #1 Aug 26 13:22:43.789310: "north-dpd/0x2" #1: deleting IKE SA for connection 'north-dpd/0x2' but connection is supposed to remain up; schedule EVENT_REVIVE_CONNS Aug 26 13:22:43.789315: | add revival: connection 'north-dpd/0x2' added to the list and scheduled for 0 seconds Aug 26 13:22:43.789319: | global one-shot timer EVENT_REVIVE_CONNS scheduled in 0 seconds Aug 26 13:22:43.789323: | in connection_discard for connection north-dpd/0x2 Aug 26 13:22:43.789327: | State DB: deleting IKEv1 state #1 in MAIN_I4 Aug 26 13:22:43.789333: | parent state #1: MAIN_I4(established IKE SA) => UNDEFINED(ignore) Aug 26 13:22:43.789346: | unreference key: 0x5649f9ac08d8 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org cnt 2-- Aug 26 13:22:43.789369: | stop processing: state #1 from 192.1.2.23 (in delete_state() at state.c:1143) Aug 26 13:22:43.789380: | unreference key: 0x5649f9ac08d8 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org cnt 1-- Aug 26 13:22:43.789385: | unreference key: 0x5649f9acf3c8 user-east@testing.libreswan.org cnt 1-- Aug 26 13:22:43.789390: | unreference key: 0x5649f9ada9b8 @east.testing.libreswan.org cnt 1-- Aug 26 13:22:43.789395: | unreference key: 0x5649f9adc4e8 east@testing.libreswan.org cnt 1-- Aug 26 13:22:43.789401: | unreference key: 0x5649f9addf68 192.1.2.23 cnt 1-- Aug 26 13:22:43.789414: | in statetime_start() with no state Aug 26 13:22:43.789418: | complete v1 state transition with STF_IGNORE Aug 26 13:22:43.789423: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 13:22:43.789427: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 13:22:43.789431: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 13:22:43.789436: | spent 0.732 milliseconds in comm_handle_cb() reading and processing packet Aug 26 13:22:43.789443: | timer_event_cb: processing event@0x5649f9abf408 Aug 26 13:22:43.789446: | handling event EVENT_SA_REPLACE for child state #9 Aug 26 13:22:43.789452: | start processing: state #9 connection "north-dpd/0x1" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 13:22:43.789456: | picked newest_ipsec_sa #0 for #9 Aug 26 13:22:43.789459: | replacing stale IPsec SA Aug 26 13:22:43.789464: | dup_any(fd@-1) -> fd@-1 (in ipsecdoi_replace() at ipsec_doi.c:351) Aug 26 13:22:43.789468: | FOR_EACH_STATE_... in find_phase1_state Aug 26 13:22:43.789475: | creating state object #10 at 0x5649f9ac26a8 Aug 26 13:22:43.789479: | State DB: adding IKEv1 state #10 in UNDEFINED Aug 26 13:22:43.789485: | pstats #10 ikev1.isakmp started Aug 26 13:22:43.789494: | suspend processing: state #9 connection "north-dpd/0x1" from 192.1.2.23 (in main_outI1() at ikev1_main.c:118) Aug 26 13:22:43.789501: | start processing: state #10 connection "north-dpd/0x1" from 192.1.2.23 (in main_outI1() at ikev1_main.c:118) Aug 26 13:22:43.789506: | parent state #10: UNDEFINED(ignore) => MAIN_I1(half-open IKE SA) Aug 26 13:22:43.789510: | dup_any(fd@-1) -> fd@-1 (in main_outI1() at ikev1_main.c:123) Aug 26 13:22:43.789515: | Queuing pending IPsec SA negotiating with 192.1.2.23 "north-dpd/0x1" IKE SA #10 "north-dpd/0x1" Aug 26 13:22:43.789519: "north-dpd/0x1" #10: initiating Main Mode Aug 26 13:22:43.789524: | **emit ISAKMP Message: Aug 26 13:22:43.789528: | initiator cookie: Aug 26 13:22:43.789531: | a4 c4 f3 89 60 36 c2 61 Aug 26 13:22:43.789534: | responder cookie: Aug 26 13:22:43.789537: | 00 00 00 00 00 00 00 00 Aug 26 13:22:43.789540: | next payload type: ISAKMP_NEXT_SA (0x1) Aug 26 13:22:43.789543: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 13:22:43.789547: | exchange type: ISAKMP_XCHG_IDPROT (0x2) Aug 26 13:22:43.789550: | flags: none (0x0) Aug 26 13:22:43.789553: | Message ID: 0 (0x0) Aug 26 13:22:43.789556: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 13:22:43.789560: | next payload chain: ignoring supplied 'ISAKMP Message'.'next payload type' value 1:ISAKMP_NEXT_SA Aug 26 13:22:43.789564: | no specific IKE algorithms specified - using defaults Aug 26 13:22:43.789595: | oakley_alg_makedb() processing ealg=aes=7 halg=sha2_256=4 modp=MODP2048=14 eklen=0 Aug 26 13:22:43.789602: | oakley_alg_makedb() processing ealg=aes=7 halg=sha2_512=6 modp=MODP2048=14 eklen=0 Aug 26 13:22:43.789611: | oakley_alg_makedb() processing ealg=aes=7 halg=sha=2 modp=MODP2048=14 eklen=0 Aug 26 13:22:43.789618: | oakley_alg_makedb() processing ealg=aes=7 halg=sha2_256=4 modp=MODP1536=5 eklen=0 Aug 26 13:22:43.789626: | oakley_alg_makedb() processing ealg=aes=7 halg=sha2_512=6 modp=MODP1536=5 eklen=0 Aug 26 13:22:43.789636: | oakley_alg_makedb() processing ealg=aes=7 halg=sha=2 modp=MODP1536=5 eklen=0 Aug 26 13:22:43.789647: | oakley_alg_makedb() processing ealg=3des_cbc=5 halg=sha2_256=4 modp=MODP2048=14 eklen=0 Aug 26 13:22:43.789654: | oakley_alg_makedb() processing ealg=3des_cbc=5 halg=sha2_512=6 modp=MODP2048=14 eklen=0 Aug 26 13:22:43.789663: | oakley_alg_makedb() processing ealg=3des_cbc=5 halg=sha=2 modp=MODP2048=14 eklen=0 Aug 26 13:22:43.789670: | oakley_alg_makedb() processing ealg=3des_cbc=5 halg=sha2_256=4 modp=MODP1536=5 eklen=0 Aug 26 13:22:43.789678: | oakley_alg_makedb() processing ealg=3des_cbc=5 halg=sha2_512=6 modp=MODP1536=5 eklen=0 Aug 26 13:22:43.789686: | oakley_alg_makedb() processing ealg=3des_cbc=5 halg=sha=2 modp=MODP1536=5 eklen=0 Aug 26 13:22:43.789693: | oakley_alg_makedb() returning 0x5649f9ae0f48 Aug 26 13:22:43.789701: | ***emit ISAKMP Security Association Payload: Aug 26 13:22:43.789705: | next payload type: ISAKMP_NEXT_VID (0xd) Aug 26 13:22:43.789708: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 13:22:43.789712: | next payload chain: ignoring supplied 'ISAKMP Security Association Payload'.'next payload type' value 13:ISAKMP_NEXT_VID Aug 26 13:22:43.789717: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Security Association Payload (1:ISAKMP_NEXT_SA) Aug 26 13:22:43.789721: | next payload chain: saving location 'ISAKMP Security Association Payload'.'next payload type' in 'reply packet' Aug 26 13:22:43.789724: | ****emit IPsec DOI SIT: Aug 26 13:22:43.789728: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) Aug 26 13:22:43.789731: | ikev1_out_sa pcn: 0 has 1 valid proposals Aug 26 13:22:43.789735: | ikev1_out_sa pcn: 0 pn: 0<1 valid_count: 1 trans_cnt: 18 Aug 26 13:22:43.789738: | ****emit ISAKMP Proposal Payload: Aug 26 13:22:43.789741: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:43.789744: | proposal number: 0 (0x0) Aug 26 13:22:43.789747: | protocol ID: PROTO_ISAKMP (0x1) Aug 26 13:22:43.789750: | SPI size: 0 (0x0) Aug 26 13:22:43.789755: | number of transforms: 18 (0x12) Aug 26 13:22:43.789759: | last substructure: saving location 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' Aug 26 13:22:43.789763: | *****emit ISAKMP Transform Payload (ISAKMP): Aug 26 13:22:43.789766: | next payload type: ISAKMP_NEXT_T (0x3) Aug 26 13:22:43.789769: | ISAKMP transform number: 0 (0x0) Aug 26 13:22:43.789773: | ISAKMP transform ID: KEY_IKE (0x1) Aug 26 13:22:43.789777: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Aug 26 13:22:43.789780: | ******emit ISAKMP Oakley attribute: Aug 26 13:22:43.789784: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Aug 26 13:22:43.789787: | length/value: 1 (0x1) Aug 26 13:22:43.789791: | [1 is OAKLEY_LIFE_SECONDS] Aug 26 13:22:43.789794: | ******emit ISAKMP Oakley attribute: Aug 26 13:22:43.789798: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Aug 26 13:22:43.789801: | length/value: 3600 (0xe10) Aug 26 13:22:43.789804: | ******emit ISAKMP Oakley attribute: Aug 26 13:22:43.789807: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Aug 26 13:22:43.789810: | length/value: 7 (0x7) Aug 26 13:22:43.789813: | [7 is OAKLEY_AES_CBC] Aug 26 13:22:43.789816: | ******emit ISAKMP Oakley attribute: Aug 26 13:22:43.789820: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Aug 26 13:22:43.789823: | length/value: 4 (0x4) Aug 26 13:22:43.789826: | [4 is OAKLEY_SHA2_256] Aug 26 13:22:43.789829: | ******emit ISAKMP Oakley attribute: Aug 26 13:22:43.789832: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Aug 26 13:22:43.789835: | length/value: 3 (0x3) Aug 26 13:22:43.789838: | [3 is OAKLEY_RSA_SIG] Aug 26 13:22:43.789841: | ******emit ISAKMP Oakley attribute: Aug 26 13:22:43.789845: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Aug 26 13:22:43.789848: | length/value: 14 (0xe) Aug 26 13:22:43.789851: | [14 is OAKLEY_GROUP_MODP2048] Aug 26 13:22:43.789854: | ******emit ISAKMP Oakley attribute: Aug 26 13:22:43.789858: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) Aug 26 13:22:43.789861: | length/value: 256 (0x100) Aug 26 13:22:43.789864: | emitting length of ISAKMP Transform Payload (ISAKMP): 36 Aug 26 13:22:43.789867: | *****emit ISAKMP Transform Payload (ISAKMP): Aug 26 13:22:43.789871: | next payload type: ISAKMP_NEXT_T (0x3) Aug 26 13:22:43.789874: | ISAKMP transform number: 1 (0x1) Aug 26 13:22:43.789877: | ISAKMP transform ID: KEY_IKE (0x1) Aug 26 13:22:43.789881: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Aug 26 13:22:43.789885: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Aug 26 13:22:43.789889: | ******emit ISAKMP Oakley attribute: Aug 26 13:22:43.789892: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Aug 26 13:22:43.789895: | length/value: 1 (0x1) Aug 26 13:22:43.789898: | [1 is OAKLEY_LIFE_SECONDS] Aug 26 13:22:43.789901: | ******emit ISAKMP Oakley attribute: Aug 26 13:22:43.789905: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Aug 26 13:22:43.789908: | length/value: 3600 (0xe10) Aug 26 13:22:43.789911: | ******emit ISAKMP Oakley attribute: Aug 26 13:22:43.789914: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Aug 26 13:22:43.789917: | length/value: 7 (0x7) Aug 26 13:22:43.789921: | [7 is OAKLEY_AES_CBC] Aug 26 13:22:43.789924: | ******emit ISAKMP Oakley attribute: Aug 26 13:22:43.789927: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Aug 26 13:22:43.789930: | length/value: 4 (0x4) Aug 26 13:22:43.789933: | [4 is OAKLEY_SHA2_256] Aug 26 13:22:43.789936: | ******emit ISAKMP Oakley attribute: Aug 26 13:22:43.789939: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Aug 26 13:22:43.789942: | length/value: 3 (0x3) Aug 26 13:22:43.789945: | [3 is OAKLEY_RSA_SIG] Aug 26 13:22:43.789948: | ******emit ISAKMP Oakley attribute: Aug 26 13:22:43.789953: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Aug 26 13:22:43.789956: | length/value: 14 (0xe) Aug 26 13:22:43.789959: | [14 is OAKLEY_GROUP_MODP2048] Aug 26 13:22:43.789962: | ******emit ISAKMP Oakley attribute: Aug 26 13:22:43.789965: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) Aug 26 13:22:43.789968: | length/value: 128 (0x80) Aug 26 13:22:43.789972: | emitting length of ISAKMP Transform Payload (ISAKMP): 36 Aug 26 13:22:43.789975: | *****emit ISAKMP Transform Payload (ISAKMP): Aug 26 13:22:43.789979: | next payload type: ISAKMP_NEXT_T (0x3) Aug 26 13:22:43.789982: | ISAKMP transform number: 2 (0x2) Aug 26 13:22:43.789985: | ISAKMP transform ID: KEY_IKE (0x1) Aug 26 13:22:43.789989: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Aug 26 13:22:43.789993: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Aug 26 13:22:43.789997: | ******emit ISAKMP Oakley attribute: Aug 26 13:22:43.790000: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Aug 26 13:22:43.790003: | length/value: 1 (0x1) Aug 26 13:22:43.790006: | [1 is OAKLEY_LIFE_SECONDS] Aug 26 13:22:43.790009: | ******emit ISAKMP Oakley attribute: Aug 26 13:22:43.790012: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Aug 26 13:22:43.790015: | length/value: 3600 (0xe10) Aug 26 13:22:43.790019: | ******emit ISAKMP Oakley attribute: Aug 26 13:22:43.790022: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Aug 26 13:22:43.790025: | length/value: 7 (0x7) Aug 26 13:22:43.790028: | [7 is OAKLEY_AES_CBC] Aug 26 13:22:43.790031: | ******emit ISAKMP Oakley attribute: Aug 26 13:22:43.790034: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Aug 26 13:22:43.790037: | length/value: 6 (0x6) Aug 26 13:22:43.790040: | [6 is OAKLEY_SHA2_512] Aug 26 13:22:43.790044: | ******emit ISAKMP Oakley attribute: Aug 26 13:22:43.790047: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Aug 26 13:22:43.790050: | length/value: 3 (0x3) Aug 26 13:22:43.790053: | [3 is OAKLEY_RSA_SIG] Aug 26 13:22:43.790056: | ******emit ISAKMP Oakley attribute: Aug 26 13:22:43.790060: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Aug 26 13:22:43.790063: | length/value: 14 (0xe) Aug 26 13:22:43.790066: | [14 is OAKLEY_GROUP_MODP2048] Aug 26 13:22:43.790069: | ******emit ISAKMP Oakley attribute: Aug 26 13:22:43.790072: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) Aug 26 13:22:43.790075: | length/value: 256 (0x100) Aug 26 13:22:43.790079: | emitting length of ISAKMP Transform Payload (ISAKMP): 36 Aug 26 13:22:43.790082: | *****emit ISAKMP Transform Payload (ISAKMP): Aug 26 13:22:43.790085: | next payload type: ISAKMP_NEXT_T (0x3) Aug 26 13:22:43.790088: | ISAKMP transform number: 3 (0x3) Aug 26 13:22:43.790091: | ISAKMP transform ID: KEY_IKE (0x1) Aug 26 13:22:43.790095: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Aug 26 13:22:43.790099: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Aug 26 13:22:43.790103: | ******emit ISAKMP Oakley attribute: Aug 26 13:22:43.790106: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Aug 26 13:22:43.790109: | length/value: 1 (0x1) Aug 26 13:22:43.790112: | [1 is OAKLEY_LIFE_SECONDS] Aug 26 13:22:43.790115: | ******emit ISAKMP Oakley attribute: Aug 26 13:22:43.790119: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Aug 26 13:22:43.790122: | length/value: 3600 (0xe10) Aug 26 13:22:43.790125: | ******emit ISAKMP Oakley attribute: Aug 26 13:22:43.790128: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Aug 26 13:22:43.790131: | length/value: 7 (0x7) Aug 26 13:22:43.790134: | [7 is OAKLEY_AES_CBC] Aug 26 13:22:43.790137: | ******emit ISAKMP Oakley attribute: Aug 26 13:22:43.790141: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Aug 26 13:22:43.790149: | length/value: 6 (0x6) Aug 26 13:22:43.790152: | [6 is OAKLEY_SHA2_512] Aug 26 13:22:43.790155: | ******emit ISAKMP Oakley attribute: Aug 26 13:22:43.790159: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Aug 26 13:22:43.790162: | length/value: 3 (0x3) Aug 26 13:22:43.790165: | [3 is OAKLEY_RSA_SIG] Aug 26 13:22:43.790168: | ******emit ISAKMP Oakley attribute: Aug 26 13:22:43.790171: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Aug 26 13:22:43.790174: | length/value: 14 (0xe) Aug 26 13:22:43.790177: | [14 is OAKLEY_GROUP_MODP2048] Aug 26 13:22:43.790180: | ******emit ISAKMP Oakley attribute: Aug 26 13:22:43.790184: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) Aug 26 13:22:43.790187: | length/value: 128 (0x80) Aug 26 13:22:43.790190: | emitting length of ISAKMP Transform Payload (ISAKMP): 36 Aug 26 13:22:43.790193: | *****emit ISAKMP Transform Payload (ISAKMP): Aug 26 13:22:43.790196: | next payload type: ISAKMP_NEXT_T (0x3) Aug 26 13:22:43.790200: | ISAKMP transform number: 4 (0x4) Aug 26 13:22:43.790203: | ISAKMP transform ID: KEY_IKE (0x1) Aug 26 13:22:43.790207: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Aug 26 13:22:43.790211: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Aug 26 13:22:43.790214: | ******emit ISAKMP Oakley attribute: Aug 26 13:22:43.790217: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Aug 26 13:22:43.790220: | length/value: 1 (0x1) Aug 26 13:22:43.790224: | [1 is OAKLEY_LIFE_SECONDS] Aug 26 13:22:43.790227: | ******emit ISAKMP Oakley attribute: Aug 26 13:22:43.790230: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Aug 26 13:22:43.790233: | length/value: 3600 (0xe10) Aug 26 13:22:43.790236: | ******emit ISAKMP Oakley attribute: Aug 26 13:22:43.790240: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Aug 26 13:22:43.790243: | length/value: 7 (0x7) Aug 26 13:22:43.790246: | [7 is OAKLEY_AES_CBC] Aug 26 13:22:43.790249: | ******emit ISAKMP Oakley attribute: Aug 26 13:22:43.790252: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Aug 26 13:22:43.790255: | length/value: 2 (0x2) Aug 26 13:22:43.790258: | [2 is OAKLEY_SHA1] Aug 26 13:22:43.790261: | ******emit ISAKMP Oakley attribute: Aug 26 13:22:43.790264: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Aug 26 13:22:43.790267: | length/value: 3 (0x3) Aug 26 13:22:43.790270: | [3 is OAKLEY_RSA_SIG] Aug 26 13:22:43.790273: | ******emit ISAKMP Oakley attribute: Aug 26 13:22:43.790277: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Aug 26 13:22:43.790280: | length/value: 14 (0xe) Aug 26 13:22:43.790283: | [14 is OAKLEY_GROUP_MODP2048] Aug 26 13:22:43.790286: | ******emit ISAKMP Oakley attribute: Aug 26 13:22:43.790299: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) Aug 26 13:22:43.790305: | length/value: 256 (0x100) Aug 26 13:22:43.790309: | emitting length of ISAKMP Transform Payload (ISAKMP): 36 Aug 26 13:22:43.790312: | *****emit ISAKMP Transform Payload (ISAKMP): Aug 26 13:22:43.790315: | next payload type: ISAKMP_NEXT_T (0x3) Aug 26 13:22:43.790318: | ISAKMP transform number: 5 (0x5) Aug 26 13:22:43.790321: | ISAKMP transform ID: KEY_IKE (0x1) Aug 26 13:22:43.790326: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Aug 26 13:22:43.790330: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Aug 26 13:22:43.790333: | ******emit ISAKMP Oakley attribute: Aug 26 13:22:43.790336: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Aug 26 13:22:43.790339: | length/value: 1 (0x1) Aug 26 13:22:43.790342: | [1 is OAKLEY_LIFE_SECONDS] Aug 26 13:22:43.790345: | ******emit ISAKMP Oakley attribute: Aug 26 13:22:43.790349: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Aug 26 13:22:43.790352: | length/value: 3600 (0xe10) Aug 26 13:22:43.790357: | ******emit ISAKMP Oakley attribute: Aug 26 13:22:43.790361: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Aug 26 13:22:43.790364: | length/value: 7 (0x7) Aug 26 13:22:43.790367: | [7 is OAKLEY_AES_CBC] Aug 26 13:22:43.790370: | ******emit ISAKMP Oakley attribute: Aug 26 13:22:43.790373: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Aug 26 13:22:43.790376: | length/value: 2 (0x2) Aug 26 13:22:43.790379: | [2 is OAKLEY_SHA1] Aug 26 13:22:43.790382: | ******emit ISAKMP Oakley attribute: Aug 26 13:22:43.790386: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Aug 26 13:22:43.790389: | length/value: 3 (0x3) Aug 26 13:22:43.790392: | [3 is OAKLEY_RSA_SIG] Aug 26 13:22:43.790395: | ******emit ISAKMP Oakley attribute: Aug 26 13:22:43.790398: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Aug 26 13:22:43.790401: | length/value: 14 (0xe) Aug 26 13:22:43.790404: | [14 is OAKLEY_GROUP_MODP2048] Aug 26 13:22:43.790407: | ******emit ISAKMP Oakley attribute: Aug 26 13:22:43.790410: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) Aug 26 13:22:43.790413: | length/value: 128 (0x80) Aug 26 13:22:43.790416: | emitting length of ISAKMP Transform Payload (ISAKMP): 36 Aug 26 13:22:43.790420: | *****emit ISAKMP Transform Payload (ISAKMP): Aug 26 13:22:43.790423: | next payload type: ISAKMP_NEXT_T (0x3) Aug 26 13:22:43.790426: | ISAKMP transform number: 6 (0x6) Aug 26 13:22:43.790429: | ISAKMP transform ID: KEY_IKE (0x1) Aug 26 13:22:43.790433: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Aug 26 13:22:43.790437: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Aug 26 13:22:43.790441: | ******emit ISAKMP Oakley attribute: Aug 26 13:22:43.790444: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Aug 26 13:22:43.790447: | length/value: 1 (0x1) Aug 26 13:22:43.790450: | [1 is OAKLEY_LIFE_SECONDS] Aug 26 13:22:43.790453: | ******emit ISAKMP Oakley attribute: Aug 26 13:22:43.790457: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Aug 26 13:22:43.790460: | length/value: 3600 (0xe10) Aug 26 13:22:43.790463: | ******emit ISAKMP Oakley attribute: Aug 26 13:22:43.790466: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Aug 26 13:22:43.790469: | length/value: 7 (0x7) Aug 26 13:22:43.790472: | [7 is OAKLEY_AES_CBC] Aug 26 13:22:43.790475: | ******emit ISAKMP Oakley attribute: Aug 26 13:22:43.790478: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Aug 26 13:22:43.790481: | length/value: 4 (0x4) Aug 26 13:22:43.790484: | [4 is OAKLEY_SHA2_256] Aug 26 13:22:43.790487: | ******emit ISAKMP Oakley attribute: Aug 26 13:22:43.790491: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Aug 26 13:22:43.790494: | length/value: 3 (0x3) Aug 26 13:22:43.790497: | [3 is OAKLEY_RSA_SIG] Aug 26 13:22:43.790500: | ******emit ISAKMP Oakley attribute: Aug 26 13:22:43.790503: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Aug 26 13:22:43.790506: | length/value: 5 (0x5) Aug 26 13:22:43.790509: | [5 is OAKLEY_GROUP_MODP1536] Aug 26 13:22:43.790512: | ******emit ISAKMP Oakley attribute: Aug 26 13:22:43.790516: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) Aug 26 13:22:43.790519: | length/value: 256 (0x100) Aug 26 13:22:43.790522: | emitting length of ISAKMP Transform Payload (ISAKMP): 36 Aug 26 13:22:43.790525: | *****emit ISAKMP Transform Payload (ISAKMP): Aug 26 13:22:43.790528: | next payload type: ISAKMP_NEXT_T (0x3) Aug 26 13:22:43.790531: | ISAKMP transform number: 7 (0x7) Aug 26 13:22:43.790534: | ISAKMP transform ID: KEY_IKE (0x1) Aug 26 13:22:43.790539: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Aug 26 13:22:43.790542: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Aug 26 13:22:43.790546: | ******emit ISAKMP Oakley attribute: Aug 26 13:22:43.790550: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Aug 26 13:22:43.790553: | length/value: 1 (0x1) Aug 26 13:22:43.790556: | [1 is OAKLEY_LIFE_SECONDS] Aug 26 13:22:43.790560: | ******emit ISAKMP Oakley attribute: Aug 26 13:22:43.790563: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Aug 26 13:22:43.790566: | length/value: 3600 (0xe10) Aug 26 13:22:43.790570: | ******emit ISAKMP Oakley attribute: Aug 26 13:22:43.790573: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Aug 26 13:22:43.790576: | length/value: 7 (0x7) Aug 26 13:22:43.790579: | [7 is OAKLEY_AES_CBC] Aug 26 13:22:43.790582: | ******emit ISAKMP Oakley attribute: Aug 26 13:22:43.790585: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Aug 26 13:22:43.790588: | length/value: 4 (0x4) Aug 26 13:22:43.790591: | [4 is OAKLEY_SHA2_256] Aug 26 13:22:43.790594: | ******emit ISAKMP Oakley attribute: Aug 26 13:22:43.790597: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Aug 26 13:22:43.790600: | length/value: 3 (0x3) Aug 26 13:22:43.790603: | [3 is OAKLEY_RSA_SIG] Aug 26 13:22:43.790606: | ******emit ISAKMP Oakley attribute: Aug 26 13:22:43.790610: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Aug 26 13:22:43.790613: | length/value: 5 (0x5) Aug 26 13:22:43.790616: | [5 is OAKLEY_GROUP_MODP1536] Aug 26 13:22:43.790619: | ******emit ISAKMP Oakley attribute: Aug 26 13:22:43.790622: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) Aug 26 13:22:43.790625: | length/value: 128 (0x80) Aug 26 13:22:43.790628: | emitting length of ISAKMP Transform Payload (ISAKMP): 36 Aug 26 13:22:43.790632: | *****emit ISAKMP Transform Payload (ISAKMP): Aug 26 13:22:43.790635: | next payload type: ISAKMP_NEXT_T (0x3) Aug 26 13:22:43.790639: | ISAKMP transform number: 8 (0x8) Aug 26 13:22:43.790642: | ISAKMP transform ID: KEY_IKE (0x1) Aug 26 13:22:43.790646: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Aug 26 13:22:43.790650: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Aug 26 13:22:43.790653: | ******emit ISAKMP Oakley attribute: Aug 26 13:22:43.790656: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Aug 26 13:22:43.790659: | length/value: 1 (0x1) Aug 26 13:22:43.790662: | [1 is OAKLEY_LIFE_SECONDS] Aug 26 13:22:43.790665: | ******emit ISAKMP Oakley attribute: Aug 26 13:22:43.790669: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Aug 26 13:22:43.790672: | length/value: 3600 (0xe10) Aug 26 13:22:43.790675: | ******emit ISAKMP Oakley attribute: Aug 26 13:22:43.790678: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Aug 26 13:22:43.790681: | length/value: 7 (0x7) Aug 26 13:22:43.790684: | [7 is OAKLEY_AES_CBC] Aug 26 13:22:43.790687: | ******emit ISAKMP Oakley attribute: Aug 26 13:22:43.790690: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Aug 26 13:22:43.790693: | length/value: 6 (0x6) Aug 26 13:22:43.790696: | [6 is OAKLEY_SHA2_512] Aug 26 13:22:43.790699: | ******emit ISAKMP Oakley attribute: Aug 26 13:22:43.790703: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Aug 26 13:22:43.790706: | length/value: 3 (0x3) Aug 26 13:22:43.790709: | [3 is OAKLEY_RSA_SIG] Aug 26 13:22:43.790712: | ******emit ISAKMP Oakley attribute: Aug 26 13:22:43.790715: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Aug 26 13:22:43.790718: | length/value: 5 (0x5) Aug 26 13:22:43.790721: | [5 is OAKLEY_GROUP_MODP1536] Aug 26 13:22:43.790724: | ******emit ISAKMP Oakley attribute: Aug 26 13:22:43.790728: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) Aug 26 13:22:43.790731: | length/value: 256 (0x100) Aug 26 13:22:43.790734: | emitting length of ISAKMP Transform Payload (ISAKMP): 36 Aug 26 13:22:43.790737: | *****emit ISAKMP Transform Payload (ISAKMP): Aug 26 13:22:43.790740: | next payload type: ISAKMP_NEXT_T (0x3) Aug 26 13:22:43.790743: | ISAKMP transform number: 9 (0x9) Aug 26 13:22:43.790748: | ISAKMP transform ID: KEY_IKE (0x1) Aug 26 13:22:43.790752: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Aug 26 13:22:43.790756: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Aug 26 13:22:43.790759: | ******emit ISAKMP Oakley attribute: Aug 26 13:22:43.790762: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Aug 26 13:22:43.790765: | length/value: 1 (0x1) Aug 26 13:22:43.790769: | [1 is OAKLEY_LIFE_SECONDS] Aug 26 13:22:43.790772: | ******emit ISAKMP Oakley attribute: Aug 26 13:22:43.790775: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Aug 26 13:22:43.790779: | length/value: 3600 (0xe10) Aug 26 13:22:43.790782: | ******emit ISAKMP Oakley attribute: Aug 26 13:22:43.790785: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Aug 26 13:22:43.790788: | length/value: 7 (0x7) Aug 26 13:22:43.790791: | [7 is OAKLEY_AES_CBC] Aug 26 13:22:43.790794: | ******emit ISAKMP Oakley attribute: Aug 26 13:22:43.790797: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Aug 26 13:22:43.790800: | length/value: 6 (0x6) Aug 26 13:22:43.790803: | [6 is OAKLEY_SHA2_512] Aug 26 13:22:43.790806: | ******emit ISAKMP Oakley attribute: Aug 26 13:22:43.790809: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Aug 26 13:22:43.790812: | length/value: 3 (0x3) Aug 26 13:22:43.790815: | [3 is OAKLEY_RSA_SIG] Aug 26 13:22:43.790818: | ******emit ISAKMP Oakley attribute: Aug 26 13:22:43.790822: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Aug 26 13:22:43.790825: | length/value: 5 (0x5) Aug 26 13:22:43.790828: | [5 is OAKLEY_GROUP_MODP1536] Aug 26 13:22:43.790831: | ******emit ISAKMP Oakley attribute: Aug 26 13:22:43.790834: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) Aug 26 13:22:43.790837: | length/value: 128 (0x80) Aug 26 13:22:43.790841: | emitting length of ISAKMP Transform Payload (ISAKMP): 36 Aug 26 13:22:43.790844: | *****emit ISAKMP Transform Payload (ISAKMP): Aug 26 13:22:43.790847: | next payload type: ISAKMP_NEXT_T (0x3) Aug 26 13:22:43.790850: | ISAKMP transform number: 10 (0xa) Aug 26 13:22:43.790853: | ISAKMP transform ID: KEY_IKE (0x1) Aug 26 13:22:43.790858: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Aug 26 13:22:43.790862: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Aug 26 13:22:43.790865: | ******emit ISAKMP Oakley attribute: Aug 26 13:22:43.790868: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Aug 26 13:22:43.790871: | length/value: 1 (0x1) Aug 26 13:22:43.790874: | [1 is OAKLEY_LIFE_SECONDS] Aug 26 13:22:43.790877: | ******emit ISAKMP Oakley attribute: Aug 26 13:22:43.790881: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Aug 26 13:22:43.790884: | length/value: 3600 (0xe10) Aug 26 13:22:43.790887: | ******emit ISAKMP Oakley attribute: Aug 26 13:22:43.790890: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Aug 26 13:22:43.790893: | length/value: 7 (0x7) Aug 26 13:22:43.790896: | [7 is OAKLEY_AES_CBC] Aug 26 13:22:43.790899: | ******emit ISAKMP Oakley attribute: Aug 26 13:22:43.790903: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Aug 26 13:22:43.790906: | length/value: 2 (0x2) Aug 26 13:22:43.790909: | [2 is OAKLEY_SHA1] Aug 26 13:22:43.790912: | ******emit ISAKMP Oakley attribute: Aug 26 13:22:43.790915: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Aug 26 13:22:43.790918: | length/value: 3 (0x3) Aug 26 13:22:43.790921: | [3 is OAKLEY_RSA_SIG] Aug 26 13:22:43.790924: | ******emit ISAKMP Oakley attribute: Aug 26 13:22:43.790927: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Aug 26 13:22:43.790930: | length/value: 5 (0x5) Aug 26 13:22:43.790933: | [5 is OAKLEY_GROUP_MODP1536] Aug 26 13:22:43.790936: | ******emit ISAKMP Oakley attribute: Aug 26 13:22:43.790941: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) Aug 26 13:22:43.790944: | length/value: 256 (0x100) Aug 26 13:22:43.790947: | emitting length of ISAKMP Transform Payload (ISAKMP): 36 Aug 26 13:22:43.790950: | *****emit ISAKMP Transform Payload (ISAKMP): Aug 26 13:22:43.790953: | next payload type: ISAKMP_NEXT_T (0x3) Aug 26 13:22:43.790956: | ISAKMP transform number: 11 (0xb) Aug 26 13:22:43.790960: | ISAKMP transform ID: KEY_IKE (0x1) Aug 26 13:22:43.790964: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Aug 26 13:22:43.790968: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Aug 26 13:22:43.790971: | ******emit ISAKMP Oakley attribute: Aug 26 13:22:43.790974: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Aug 26 13:22:43.790977: | length/value: 1 (0x1) Aug 26 13:22:43.790981: | [1 is OAKLEY_LIFE_SECONDS] Aug 26 13:22:43.790984: | ******emit ISAKMP Oakley attribute: Aug 26 13:22:43.790987: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Aug 26 13:22:43.790990: | length/value: 3600 (0xe10) Aug 26 13:22:43.790993: | ******emit ISAKMP Oakley attribute: Aug 26 13:22:43.790996: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Aug 26 13:22:43.790999: | length/value: 7 (0x7) Aug 26 13:22:43.791002: | [7 is OAKLEY_AES_CBC] Aug 26 13:22:43.791005: | ******emit ISAKMP Oakley attribute: Aug 26 13:22:43.791009: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Aug 26 13:22:43.791012: | length/value: 2 (0x2) Aug 26 13:22:43.791015: | [2 is OAKLEY_SHA1] Aug 26 13:22:43.791018: | ******emit ISAKMP Oakley attribute: Aug 26 13:22:43.791021: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Aug 26 13:22:43.791024: | length/value: 3 (0x3) Aug 26 13:22:43.791027: | [3 is OAKLEY_RSA_SIG] Aug 26 13:22:43.791030: | ******emit ISAKMP Oakley attribute: Aug 26 13:22:43.791033: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Aug 26 13:22:43.791036: | length/value: 5 (0x5) Aug 26 13:22:43.791040: | [5 is OAKLEY_GROUP_MODP1536] Aug 26 13:22:43.791043: | ******emit ISAKMP Oakley attribute: Aug 26 13:22:43.791046: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) Aug 26 13:22:43.791049: | length/value: 128 (0x80) Aug 26 13:22:43.791052: | emitting length of ISAKMP Transform Payload (ISAKMP): 36 Aug 26 13:22:43.791055: | *****emit ISAKMP Transform Payload (ISAKMP): Aug 26 13:22:43.791058: | next payload type: ISAKMP_NEXT_T (0x3) Aug 26 13:22:43.791062: | ISAKMP transform number: 12 (0xc) Aug 26 13:22:43.791065: | ISAKMP transform ID: KEY_IKE (0x1) Aug 26 13:22:43.791069: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Aug 26 13:22:43.791073: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Aug 26 13:22:43.791076: | ******emit ISAKMP Oakley attribute: Aug 26 13:22:43.791079: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Aug 26 13:22:43.791082: | length/value: 1 (0x1) Aug 26 13:22:43.791085: | [1 is OAKLEY_LIFE_SECONDS] Aug 26 13:22:43.791088: | ******emit ISAKMP Oakley attribute: Aug 26 13:22:43.791092: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Aug 26 13:22:43.791095: | length/value: 3600 (0xe10) Aug 26 13:22:43.791098: | ******emit ISAKMP Oakley attribute: Aug 26 13:22:43.791102: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Aug 26 13:22:43.791105: | length/value: 5 (0x5) Aug 26 13:22:43.791108: | [5 is OAKLEY_3DES_CBC] Aug 26 13:22:43.791111: | ******emit ISAKMP Oakley attribute: Aug 26 13:22:43.791114: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Aug 26 13:22:43.791117: | length/value: 4 (0x4) Aug 26 13:22:43.791120: | [4 is OAKLEY_SHA2_256] Aug 26 13:22:43.791123: | ******emit ISAKMP Oakley attribute: Aug 26 13:22:43.791126: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Aug 26 13:22:43.791131: | length/value: 3 (0x3) Aug 26 13:22:43.791134: | [3 is OAKLEY_RSA_SIG] Aug 26 13:22:43.791137: | ******emit ISAKMP Oakley attribute: Aug 26 13:22:43.791140: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Aug 26 13:22:43.791143: | length/value: 14 (0xe) Aug 26 13:22:43.791146: | [14 is OAKLEY_GROUP_MODP2048] Aug 26 13:22:43.791149: | emitting length of ISAKMP Transform Payload (ISAKMP): 32 Aug 26 13:22:43.791152: | *****emit ISAKMP Transform Payload (ISAKMP): Aug 26 13:22:43.791365: | next payload type: ISAKMP_NEXT_T (0x3) Aug 26 13:22:43.791389: | ISAKMP transform number: 13 (0xd) Aug 26 13:22:43.791392: | ISAKMP transform ID: KEY_IKE (0x1) Aug 26 13:22:43.791396: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Aug 26 13:22:43.791400: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Aug 26 13:22:43.791404: | ******emit ISAKMP Oakley attribute: Aug 26 13:22:43.791407: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Aug 26 13:22:43.791410: | length/value: 1 (0x1) Aug 26 13:22:43.791413: | [1 is OAKLEY_LIFE_SECONDS] Aug 26 13:22:43.791416: | ******emit ISAKMP Oakley attribute: Aug 26 13:22:43.791420: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Aug 26 13:22:43.791423: | length/value: 3600 (0xe10) Aug 26 13:22:43.791426: | ******emit ISAKMP Oakley attribute: Aug 26 13:22:43.791430: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Aug 26 13:22:43.791433: | length/value: 5 (0x5) Aug 26 13:22:43.791436: | [5 is OAKLEY_3DES_CBC] Aug 26 13:22:43.791439: | ******emit ISAKMP Oakley attribute: Aug 26 13:22:43.791442: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Aug 26 13:22:43.791445: | length/value: 6 (0x6) Aug 26 13:22:43.791448: | [6 is OAKLEY_SHA2_512] Aug 26 13:22:43.791451: | ******emit ISAKMP Oakley attribute: Aug 26 13:22:43.791455: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Aug 26 13:22:43.791457: | length/value: 3 (0x3) Aug 26 13:22:43.791461: | [3 is OAKLEY_RSA_SIG] Aug 26 13:22:43.791463: | ******emit ISAKMP Oakley attribute: Aug 26 13:22:43.791467: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Aug 26 13:22:43.791470: | length/value: 14 (0xe) Aug 26 13:22:43.791473: | [14 is OAKLEY_GROUP_MODP2048] Aug 26 13:22:43.791476: | emitting length of ISAKMP Transform Payload (ISAKMP): 32 Aug 26 13:22:43.791479: | *****emit ISAKMP Transform Payload (ISAKMP): Aug 26 13:22:43.791483: | next payload type: ISAKMP_NEXT_T (0x3) Aug 26 13:22:43.791486: | ISAKMP transform number: 14 (0xe) Aug 26 13:22:43.791489: | ISAKMP transform ID: KEY_IKE (0x1) Aug 26 13:22:43.791494: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Aug 26 13:22:43.791498: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Aug 26 13:22:43.791501: | ******emit ISAKMP Oakley attribute: Aug 26 13:22:43.791504: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Aug 26 13:22:43.791507: | length/value: 1 (0x1) Aug 26 13:22:43.791510: | [1 is OAKLEY_LIFE_SECONDS] Aug 26 13:22:43.791513: | ******emit ISAKMP Oakley attribute: Aug 26 13:22:43.791517: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Aug 26 13:22:43.791520: | length/value: 3600 (0xe10) Aug 26 13:22:43.791523: | ******emit ISAKMP Oakley attribute: Aug 26 13:22:43.791526: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Aug 26 13:22:43.791529: | length/value: 5 (0x5) Aug 26 13:22:43.791532: | [5 is OAKLEY_3DES_CBC] Aug 26 13:22:43.791535: | ******emit ISAKMP Oakley attribute: Aug 26 13:22:43.791538: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Aug 26 13:22:43.791541: | length/value: 2 (0x2) Aug 26 13:22:43.791544: | [2 is OAKLEY_SHA1] Aug 26 13:22:43.791547: | ******emit ISAKMP Oakley attribute: Aug 26 13:22:43.791551: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Aug 26 13:22:43.791556: | length/value: 3 (0x3) Aug 26 13:22:43.791559: | [3 is OAKLEY_RSA_SIG] Aug 26 13:22:43.791563: | ******emit ISAKMP Oakley attribute: Aug 26 13:22:43.791566: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Aug 26 13:22:43.791569: | length/value: 14 (0xe) Aug 26 13:22:43.791572: | [14 is OAKLEY_GROUP_MODP2048] Aug 26 13:22:43.791575: | emitting length of ISAKMP Transform Payload (ISAKMP): 32 Aug 26 13:22:43.791578: | *****emit ISAKMP Transform Payload (ISAKMP): Aug 26 13:22:43.791582: | next payload type: ISAKMP_NEXT_T (0x3) Aug 26 13:22:43.791585: | ISAKMP transform number: 15 (0xf) Aug 26 13:22:43.791588: | ISAKMP transform ID: KEY_IKE (0x1) Aug 26 13:22:43.791592: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Aug 26 13:22:43.791596: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Aug 26 13:22:43.791599: | ******emit ISAKMP Oakley attribute: Aug 26 13:22:43.791603: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Aug 26 13:22:43.791606: | length/value: 1 (0x1) Aug 26 13:22:43.791609: | [1 is OAKLEY_LIFE_SECONDS] Aug 26 13:22:43.791612: | ******emit ISAKMP Oakley attribute: Aug 26 13:22:43.791615: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Aug 26 13:22:43.791619: | length/value: 3600 (0xe10) Aug 26 13:22:43.791622: | ******emit ISAKMP Oakley attribute: Aug 26 13:22:43.791625: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Aug 26 13:22:43.791628: | length/value: 5 (0x5) Aug 26 13:22:43.791632: | [5 is OAKLEY_3DES_CBC] Aug 26 13:22:43.791635: | ******emit ISAKMP Oakley attribute: Aug 26 13:22:43.791638: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Aug 26 13:22:43.791641: | length/value: 4 (0x4) Aug 26 13:22:43.791644: | [4 is OAKLEY_SHA2_256] Aug 26 13:22:43.791647: | ******emit ISAKMP Oakley attribute: Aug 26 13:22:43.791650: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Aug 26 13:22:43.791653: | length/value: 3 (0x3) Aug 26 13:22:43.791656: | [3 is OAKLEY_RSA_SIG] Aug 26 13:22:43.791659: | ******emit ISAKMP Oakley attribute: Aug 26 13:22:43.791662: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Aug 26 13:22:43.791665: | length/value: 5 (0x5) Aug 26 13:22:43.791668: | [5 is OAKLEY_GROUP_MODP1536] Aug 26 13:22:43.791672: | emitting length of ISAKMP Transform Payload (ISAKMP): 32 Aug 26 13:22:43.791675: | *****emit ISAKMP Transform Payload (ISAKMP): Aug 26 13:22:43.791678: | next payload type: ISAKMP_NEXT_T (0x3) Aug 26 13:22:43.791681: | ISAKMP transform number: 16 (0x10) Aug 26 13:22:43.791684: | ISAKMP transform ID: KEY_IKE (0x1) Aug 26 13:22:43.791689: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Aug 26 13:22:43.791693: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Aug 26 13:22:43.791696: | ******emit ISAKMP Oakley attribute: Aug 26 13:22:43.791699: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Aug 26 13:22:43.791702: | length/value: 1 (0x1) Aug 26 13:22:43.791706: | [1 is OAKLEY_LIFE_SECONDS] Aug 26 13:22:43.791709: | ******emit ISAKMP Oakley attribute: Aug 26 13:22:43.791712: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Aug 26 13:22:43.791715: | length/value: 3600 (0xe10) Aug 26 13:22:43.791718: | ******emit ISAKMP Oakley attribute: Aug 26 13:22:43.791722: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Aug 26 13:22:43.791725: | length/value: 5 (0x5) Aug 26 13:22:43.791728: | [5 is OAKLEY_3DES_CBC] Aug 26 13:22:43.791731: | ******emit ISAKMP Oakley attribute: Aug 26 13:22:43.791734: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Aug 26 13:22:43.791737: | length/value: 6 (0x6) Aug 26 13:22:43.791740: | [6 is OAKLEY_SHA2_512] Aug 26 13:22:43.791743: | ******emit ISAKMP Oakley attribute: Aug 26 13:22:43.791747: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Aug 26 13:22:43.791751: | length/value: 3 (0x3) Aug 26 13:22:43.791754: | [3 is OAKLEY_RSA_SIG] Aug 26 13:22:43.791757: | ******emit ISAKMP Oakley attribute: Aug 26 13:22:43.791760: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Aug 26 13:22:43.791763: | length/value: 5 (0x5) Aug 26 13:22:43.791766: | [5 is OAKLEY_GROUP_MODP1536] Aug 26 13:22:43.791770: | emitting length of ISAKMP Transform Payload (ISAKMP): 32 Aug 26 13:22:43.791773: | *****emit ISAKMP Transform Payload (ISAKMP): Aug 26 13:22:43.791776: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:43.791779: | ISAKMP transform number: 17 (0x11) Aug 26 13:22:43.791782: | ISAKMP transform ID: KEY_IKE (0x1) Aug 26 13:22:43.791787: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Aug 26 13:22:43.791791: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Aug 26 13:22:43.791794: | ******emit ISAKMP Oakley attribute: Aug 26 13:22:43.791797: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Aug 26 13:22:43.791800: | length/value: 1 (0x1) Aug 26 13:22:43.791803: | [1 is OAKLEY_LIFE_SECONDS] Aug 26 13:22:43.791806: | ******emit ISAKMP Oakley attribute: Aug 26 13:22:43.791810: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Aug 26 13:22:43.791813: | length/value: 3600 (0xe10) Aug 26 13:22:43.791816: | ******emit ISAKMP Oakley attribute: Aug 26 13:22:43.791820: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Aug 26 13:22:43.791823: | length/value: 5 (0x5) Aug 26 13:22:43.791826: | [5 is OAKLEY_3DES_CBC] Aug 26 13:22:43.791829: | ******emit ISAKMP Oakley attribute: Aug 26 13:22:43.791832: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Aug 26 13:22:43.791835: | length/value: 2 (0x2) Aug 26 13:22:43.791838: | [2 is OAKLEY_SHA1] Aug 26 13:22:43.791841: | ******emit ISAKMP Oakley attribute: Aug 26 13:22:43.791844: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Aug 26 13:22:43.791847: | length/value: 3 (0x3) Aug 26 13:22:43.791850: | [3 is OAKLEY_RSA_SIG] Aug 26 13:22:43.791853: | ******emit ISAKMP Oakley attribute: Aug 26 13:22:43.791856: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Aug 26 13:22:43.791859: | length/value: 5 (0x5) Aug 26 13:22:43.791863: | [5 is OAKLEY_GROUP_MODP1536] Aug 26 13:22:43.791866: | emitting length of ISAKMP Transform Payload (ISAKMP): 32 Aug 26 13:22:43.791869: | emitting length of ISAKMP Proposal Payload: 632 Aug 26 13:22:43.791873: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is 0 Aug 26 13:22:43.791877: | emitting length of ISAKMP Security Association Payload: 644 Aug 26 13:22:43.791880: | last substructure: checking 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' is 0 Aug 26 13:22:43.791887: | out_vid(): sending [FRAGMENTATION] Aug 26 13:22:43.791890: | ***emit ISAKMP Vendor ID Payload: Aug 26 13:22:43.791894: | next payload type: ISAKMP_NEXT_VID (0xd) Aug 26 13:22:43.791898: | next payload chain: ignoring supplied 'ISAKMP Vendor ID Payload'.'next payload type' value 13:ISAKMP_NEXT_VID Aug 26 13:22:43.791902: | next payload chain: setting previous 'ISAKMP Security Association Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) Aug 26 13:22:43.791906: | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' Aug 26 13:22:43.791910: | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload Aug 26 13:22:43.791914: | V_ID 40 48 b7 d5 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3 Aug 26 13:22:43.791917: | emitting length of ISAKMP Vendor ID Payload: 20 Aug 26 13:22:43.791921: | out_vid(): sending [Dead Peer Detection] Aug 26 13:22:43.791924: | ***emit ISAKMP Vendor ID Payload: Aug 26 13:22:43.791927: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:43.791932: | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) Aug 26 13:22:43.791936: | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' Aug 26 13:22:43.791940: | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload Aug 26 13:22:43.791943: | V_ID af ca d7 13 68 a1 f1 c9 6b 86 96 fc 77 57 01 00 Aug 26 13:22:43.791947: | emitting length of ISAKMP Vendor ID Payload: 20 Aug 26 13:22:43.791950: | nat add vid Aug 26 13:22:43.791953: | sending draft and RFC NATT VIDs Aug 26 13:22:43.791956: | out_vid(): sending [RFC 3947] Aug 26 13:22:43.791959: | ***emit ISAKMP Vendor ID Payload: Aug 26 13:22:43.791962: | next payload type: ISAKMP_NEXT_VID (0xd) Aug 26 13:22:43.791966: | next payload chain: ignoring supplied 'ISAKMP Vendor ID Payload'.'next payload type' value 13:ISAKMP_NEXT_VID Aug 26 13:22:43.791971: | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) Aug 26 13:22:43.791974: | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' Aug 26 13:22:43.791978: | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload Aug 26 13:22:43.791981: | V_ID 4a 13 1c 81 07 03 58 45 5c 57 28 f2 0e 95 45 2f Aug 26 13:22:43.791984: | emitting length of ISAKMP Vendor ID Payload: 20 Aug 26 13:22:43.791987: | skipping VID_NATT_RFC Aug 26 13:22:43.791991: | out_vid(): sending [draft-ietf-ipsec-nat-t-ike-03] Aug 26 13:22:43.791994: | ***emit ISAKMP Vendor ID Payload: Aug 26 13:22:43.791997: | next payload type: ISAKMP_NEXT_VID (0xd) Aug 26 13:22:43.792001: | next payload chain: ignoring supplied 'ISAKMP Vendor ID Payload'.'next payload type' value 13:ISAKMP_NEXT_VID Aug 26 13:22:43.792005: | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) Aug 26 13:22:43.792009: | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' Aug 26 13:22:43.792013: | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload Aug 26 13:22:43.792016: | V_ID 7d 94 19 a6 53 10 ca 6f 2c 17 9d 92 15 52 9d 56 Aug 26 13:22:43.792019: | emitting length of ISAKMP Vendor ID Payload: 20 Aug 26 13:22:43.792023: | out_vid(): sending [draft-ietf-ipsec-nat-t-ike-02_n] Aug 26 13:22:43.792026: | ***emit ISAKMP Vendor ID Payload: Aug 26 13:22:43.792029: | next payload type: ISAKMP_NEXT_VID (0xd) Aug 26 13:22:43.792033: | next payload chain: ignoring supplied 'ISAKMP Vendor ID Payload'.'next payload type' value 13:ISAKMP_NEXT_VID Aug 26 13:22:43.792037: | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) Aug 26 13:22:43.792041: | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' Aug 26 13:22:43.792044: | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload Aug 26 13:22:43.792048: | V_ID 90 cb 80 91 3e bb 69 6e 08 63 81 b5 ec 42 7b 1f Aug 26 13:22:43.792051: | emitting length of ISAKMP Vendor ID Payload: 20 Aug 26 13:22:43.792054: | out_vid(): sending [draft-ietf-ipsec-nat-t-ike-02] Aug 26 13:22:43.792057: | ***emit ISAKMP Vendor ID Payload: Aug 26 13:22:43.792060: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 13:22:43.792065: | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) Aug 26 13:22:43.792068: | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' Aug 26 13:22:43.792072: | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload Aug 26 13:22:43.792075: | V_ID cd 60 46 43 35 df 21 f8 7c fd b2 fc 68 b6 a4 48 Aug 26 13:22:43.792079: | emitting length of ISAKMP Vendor ID Payload: 20 Aug 26 13:22:43.792082: | no IKEv1 message padding required Aug 26 13:22:43.792087: | emitting length of ISAKMP Message: 792 Aug 26 13:22:43.792096: | sending 792 bytes for reply packet for main_outI1 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #10) Aug 26 13:22:43.792099: | a4 c4 f3 89 60 36 c2 61 00 00 00 00 00 00 00 00 Aug 26 13:22:43.792102: | 01 10 02 00 00 00 00 00 00 00 03 18 0d 00 02 84 Aug 26 13:22:43.792105: | 00 00 00 01 00 00 00 01 00 00 02 78 00 01 00 12 Aug 26 13:22:43.792108: | 03 00 00 24 00 01 00 00 80 0b 00 01 80 0c 0e 10 Aug 26 13:22:43.792111: | 80 01 00 07 80 02 00 04 80 03 00 03 80 04 00 0e Aug 26 13:22:43.792115: | 80 0e 01 00 03 00 00 24 01 01 00 00 80 0b 00 01 Aug 26 13:22:43.792118: | 80 0c 0e 10 80 01 00 07 80 02 00 04 80 03 00 03 Aug 26 13:22:43.792121: | 80 04 00 0e 80 0e 00 80 03 00 00 24 02 01 00 00 Aug 26 13:22:43.792124: | 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 06 Aug 26 13:22:43.792127: | 80 03 00 03 80 04 00 0e 80 0e 01 00 03 00 00 24 Aug 26 13:22:43.792130: | 03 01 00 00 80 0b 00 01 80 0c 0e 10 80 01 00 07 Aug 26 13:22:43.792133: | 80 02 00 06 80 03 00 03 80 04 00 0e 80 0e 00 80 Aug 26 13:22:43.792137: | 03 00 00 24 04 01 00 00 80 0b 00 01 80 0c 0e 10 Aug 26 13:22:43.792140: | 80 01 00 07 80 02 00 02 80 03 00 03 80 04 00 0e Aug 26 13:22:43.792143: | 80 0e 01 00 03 00 00 24 05 01 00 00 80 0b 00 01 Aug 26 13:22:43.792146: | 80 0c 0e 10 80 01 00 07 80 02 00 02 80 03 00 03 Aug 26 13:22:43.792149: | 80 04 00 0e 80 0e 00 80 03 00 00 24 06 01 00 00 Aug 26 13:22:43.792152: | 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 04 Aug 26 13:22:43.792156: | 80 03 00 03 80 04 00 05 80 0e 01 00 03 00 00 24 Aug 26 13:22:43.792159: | 07 01 00 00 80 0b 00 01 80 0c 0e 10 80 01 00 07 Aug 26 13:22:43.792162: | 80 02 00 04 80 03 00 03 80 04 00 05 80 0e 00 80 Aug 26 13:22:43.792165: | 03 00 00 24 08 01 00 00 80 0b 00 01 80 0c 0e 10 Aug 26 13:22:43.792168: | 80 01 00 07 80 02 00 06 80 03 00 03 80 04 00 05 Aug 26 13:22:43.792171: | 80 0e 01 00 03 00 00 24 09 01 00 00 80 0b 00 01 Aug 26 13:22:43.792174: | 80 0c 0e 10 80 01 00 07 80 02 00 06 80 03 00 03 Aug 26 13:22:43.792177: | 80 04 00 05 80 0e 00 80 03 00 00 24 0a 01 00 00 Aug 26 13:22:43.792181: | 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 02 Aug 26 13:22:43.792184: | 80 03 00 03 80 04 00 05 80 0e 01 00 03 00 00 24 Aug 26 13:22:43.792187: | 0b 01 00 00 80 0b 00 01 80 0c 0e 10 80 01 00 07 Aug 26 13:22:43.792190: | 80 02 00 02 80 03 00 03 80 04 00 05 80 0e 00 80 Aug 26 13:22:43.792193: | 03 00 00 20 0c 01 00 00 80 0b 00 01 80 0c 0e 10 Aug 26 13:22:43.792196: | 80 01 00 05 80 02 00 04 80 03 00 03 80 04 00 0e Aug 26 13:22:43.792199: | 03 00 00 20 0d 01 00 00 80 0b 00 01 80 0c 0e 10 Aug 26 13:22:43.792202: | 80 01 00 05 80 02 00 06 80 03 00 03 80 04 00 0e Aug 26 13:22:43.792205: | 03 00 00 20 0e 01 00 00 80 0b 00 01 80 0c 0e 10 Aug 26 13:22:43.792209: | 80 01 00 05 80 02 00 02 80 03 00 03 80 04 00 0e Aug 26 13:22:43.792212: | 03 00 00 20 0f 01 00 00 80 0b 00 01 80 0c 0e 10 Aug 26 13:22:43.792215: | 80 01 00 05 80 02 00 04 80 03 00 03 80 04 00 05 Aug 26 13:22:43.792218: | 03 00 00 20 10 01 00 00 80 0b 00 01 80 0c 0e 10 Aug 26 13:22:43.792221: | 80 01 00 05 80 02 00 06 80 03 00 03 80 04 00 05 Aug 26 13:22:43.792224: | 00 00 00 20 11 01 00 00 80 0b 00 01 80 0c 0e 10 Aug 26 13:22:43.792227: | 80 01 00 05 80 02 00 02 80 03 00 03 80 04 00 05 Aug 26 13:22:43.792231: | 0d 00 00 14 40 48 b7 d5 6e bc e8 85 25 e7 de 7f Aug 26 13:22:43.792234: | 00 d6 c2 d3 0d 00 00 14 af ca d7 13 68 a1 f1 c9 Aug 26 13:22:43.792237: | 6b 86 96 fc 77 57 01 00 0d 00 00 14 4a 13 1c 81 Aug 26 13:22:43.792240: | 07 03 58 45 5c 57 28 f2 0e 95 45 2f 0d 00 00 14 Aug 26 13:22:43.792243: | 7d 94 19 a6 53 10 ca 6f 2c 17 9d 92 15 52 9d 56 Aug 26 13:22:43.792246: | 0d 00 00 14 90 cb 80 91 3e bb 69 6e 08 63 81 b5 Aug 26 13:22:43.792249: | ec 42 7b 1f 00 00 00 14 cd 60 46 43 35 df 21 f8 Aug 26 13:22:43.792253: | 7c fd b2 fc 68 b6 a4 48 Aug 26 13:22:43.792286: | event_schedule: new EVENT_RETRANSMIT-pe@0x5649f9ac09c8 Aug 26 13:22:43.792298: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #10 Aug 26 13:22:43.792303: | libevent_malloc: new ptr-libevent@0x7f83c0003878 size 128 Aug 26 13:22:43.792310: | #10 STATE_MAIN_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 11049.534752 Aug 26 13:22:43.792317: | #10 spent 2.62 milliseconds in main_outI1() Aug 26 13:22:43.792324: | stop processing: state #10 connection "north-dpd/0x1" from 192.1.2.23 (in main_outI1() at ikev1_main.c:228) Aug 26 13:22:43.792328: | event_schedule: new EVENT_SA_EXPIRE-pe@0x7f83ac002b78 Aug 26 13:22:43.792333: | inserting event EVENT_SA_EXPIRE, timeout in 0 seconds for #9 Aug 26 13:22:43.792337: | libevent_malloc: new ptr-libevent@0x5649f9aca388 size 128 Aug 26 13:22:43.792341: | libevent_free: release ptr-libevent@0x7f83b8004fd8 Aug 26 13:22:43.792345: | free_event_entry: release EVENT_SA_REPLACE-pe@0x5649f9abf408 Aug 26 13:22:43.792350: | #9 spent 2.67 milliseconds in timer_event_cb() EVENT_SA_REPLACE Aug 26 13:22:43.792354: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Aug 26 13:22:43.792358: | processing global timer EVENT_REVIVE_CONNS Aug 26 13:22:43.792362: Initiating connection north-dpd/0x2 which received a Delete/Notify but must remain up per local policy Aug 26 13:22:43.792365: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 13:22:43.792371: | start processing: connection "north-dpd/0x2" (in initiate_a_connection() at initiate.c:186) Aug 26 13:22:43.792375: | empty esp_info, returning defaults for ENCRYPT Aug 26 13:22:43.792380: | connection 'north-dpd/0x2' +POLICY_UP Aug 26 13:22:43.792383: | dup_any(fd@-1) -> fd@-1 (in initiate_a_connection() at initiate.c:342) Aug 26 13:22:43.792387: | FOR_EACH_STATE_... in find_phase1_state Aug 26 13:22:43.792394: | Queuing pending IPsec SA negotiating with 192.1.2.23 "north-dpd/0x2" IKE SA #10 "north-dpd/0x1" Aug 26 13:22:43.792399: | stop processing: connection "north-dpd/0x2" (in initiate_a_connection() at initiate.c:349) Aug 26 13:22:43.792405: | spent 0.0418 milliseconds in global timer EVENT_REVIVE_CONNS Aug 26 13:22:43.792409: | timer_event_cb: processing event@0x7f83bc004218 Aug 26 13:22:43.792413: | handling event EVENT_SA_REPLACE for child state #4 Aug 26 13:22:43.792419: | start processing: state #4 connection "north-dpd/0x2" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 13:22:43.792423: | picked newest_ipsec_sa #0 for #4 Aug 26 13:22:43.792426: | replacing stale IPsec SA Aug 26 13:22:43.792430: | dup_any(fd@-1) -> fd@-1 (in ipsecdoi_replace() at ipsec_doi.c:351) Aug 26 13:22:43.792433: | FOR_EACH_STATE_... in find_phase1_state Aug 26 13:22:43.792438: | Ignored already queued up pending IPsec SA negotiation with 192.1.2.23 "north-dpd/0x2" Aug 26 13:22:43.792442: | event_schedule: new EVENT_SA_EXPIRE-pe@0x5649f9abf408 Aug 26 13:22:43.792446: | inserting event EVENT_SA_EXPIRE, timeout in 0 seconds for #4 Aug 26 13:22:43.792450: | libevent_malloc: new ptr-libevent@0x7f83b8004fd8 size 128 Aug 26 13:22:43.792454: | libevent_free: release ptr-libevent@0x7f83ac002888 Aug 26 13:22:43.792458: | free_event_entry: release EVENT_SA_REPLACE-pe@0x7f83bc004218 Aug 26 13:22:43.792463: | #4 spent 0.0536 milliseconds in timer_event_cb() EVENT_SA_REPLACE Aug 26 13:22:43.792469: | stop processing: state #4 connection "north-dpd/0x2" from 192.1.2.23 (in timer_event_cb() at timer.c:557) Aug 26 13:22:43.792473: | timer_event_cb: processing event@0x5649f9ab9998 Aug 26 13:22:43.792476: | handling event EVENT_SA_REPLACE for child state #8 Aug 26 13:22:43.792482: | start processing: state #8 connection "north-dpd/0x2" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 13:22:43.792486: | picked newest_ipsec_sa #0 for #8 Aug 26 13:22:43.792489: | replacing stale IPsec SA Aug 26 13:22:43.792493: | dup_any(fd@-1) -> fd@-1 (in ipsecdoi_replace() at ipsec_doi.c:351) Aug 26 13:22:43.792496: | FOR_EACH_STATE_... in find_phase1_state Aug 26 13:22:43.792503: | Ignored already queued up pending IPsec SA negotiation with 192.1.2.23 "north-dpd/0x2" Aug 26 13:22:43.792506: | event_schedule: new EVENT_SA_EXPIRE-pe@0x7f83bc004218 Aug 26 13:22:43.792511: | inserting event EVENT_SA_EXPIRE, timeout in 0 seconds for #8 Aug 26 13:22:43.792515: | libevent_malloc: new ptr-libevent@0x7f83ac002888 size 128 Aug 26 13:22:43.792518: | libevent_free: release ptr-libevent@0x5649f9ad79a8 Aug 26 13:22:43.792522: | free_event_entry: release EVENT_SA_REPLACE-pe@0x5649f9ab9998 Aug 26 13:22:43.792527: | #8 spent 0.0531 milliseconds in timer_event_cb() EVENT_SA_REPLACE Aug 26 13:22:43.792532: | stop processing: state #8 connection "north-dpd/0x2" from 192.1.2.23 (in timer_event_cb() at timer.c:557) Aug 26 13:22:43.792537: | timer_event_cb: processing event@0x7f83c0002b78 Aug 26 13:22:43.792540: | handling event EVENT_SA_REPLACE for child state #5 Aug 26 13:22:43.792546: | start processing: state #5 connection "north-dpd/0x1" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 13:22:43.792549: | picked newest_ipsec_sa #0 for #5 Aug 26 13:22:43.792552: | replacing stale IPsec SA Aug 26 13:22:43.792557: | dup_any(fd@-1) -> fd@-1 (in ipsecdoi_replace() at ipsec_doi.c:351) Aug 26 13:22:43.792560: | FOR_EACH_STATE_... in find_phase1_state Aug 26 13:22:43.792564: | Ignored already queued up pending IPsec SA negotiation with 192.1.2.23 "north-dpd/0x1" Aug 26 13:22:43.792568: | event_schedule: new EVENT_SA_EXPIRE-pe@0x5649f9ab9998 Aug 26 13:22:43.792572: | inserting event EVENT_SA_EXPIRE, timeout in 0 seconds for #5 Aug 26 13:22:43.792576: | libevent_malloc: new ptr-libevent@0x5649f9ad79a8 size 128 Aug 26 13:22:43.792580: | libevent_free: release ptr-libevent@0x5649f9ada878 Aug 26 13:22:43.792584: | free_event_entry: release EVENT_SA_REPLACE-pe@0x7f83c0002b78 Aug 26 13:22:43.792589: | #5 spent 0.0513 milliseconds in timer_event_cb() EVENT_SA_REPLACE Aug 26 13:22:43.792594: | stop processing: state #5 connection "north-dpd/0x1" from 192.1.2.23 (in timer_event_cb() at timer.c:557) Aug 26 13:22:43.792600: | timer_event_cb: processing event@0x7f83ac002b78 Aug 26 13:22:43.792604: | handling event EVENT_SA_EXPIRE for child state #9 Aug 26 13:22:43.792609: | start processing: state #9 connection "north-dpd/0x1" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 13:22:43.792613: | picked newest_ipsec_sa #0 for #9 Aug 26 13:22:43.792616: | un-established partial CHILD SA timeout (SA expired) Aug 26 13:22:43.792620: | pstats #9 ikev1.ipsec failed exchange-timeout Aug 26 13:22:43.792624: | pstats #9 ikev1.ipsec deleted exchange-timeout Aug 26 13:22:43.792629: | [RE]START processing: state #9 connection "north-dpd/0x1" from 192.1.2.23 (in delete_state() at state.c:879) Aug 26 13:22:43.792634: "north-dpd/0x1" #9: deleting state (STATE_QUICK_I1) aged 0.016s and NOT sending notification Aug 26 13:22:43.792637: | child state #9: QUICK_I1(established CHILD SA) => delete Aug 26 13:22:43.792642: | child state #9: QUICK_I1(established CHILD SA) => CHILDSA_DEL(informational) Aug 26 13:22:43.792647: | priority calculation of connection "north-dpd/0x1" is 0xfe7e7 Aug 26 13:22:43.792656: | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.3.0/24:0 => unk255.10000@192.1.3.33 (raw_eroute) Aug 26 13:22:43.792674: | raw_eroute result=success Aug 26 13:22:43.792678: | in connection_discard for connection north-dpd/0x1 Aug 26 13:22:43.792682: | State DB: deleting IKEv1 state #9 in CHILDSA_DEL Aug 26 13:22:43.792686: | child state #9: CHILDSA_DEL(informational) => UNDEFINED(ignore) Aug 26 13:22:43.792705: | stop processing: state #9 from 192.1.2.23 (in delete_state() at state.c:1143) Aug 26 13:22:43.792711: | libevent_free: release ptr-libevent@0x5649f9aca388 Aug 26 13:22:43.792715: | free_event_entry: release EVENT_SA_EXPIRE-pe@0x7f83ac002b78 Aug 26 13:22:43.792719: | in statetime_stop() and could not find #9 Aug 26 13:22:43.792722: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Aug 26 13:22:43.792726: | timer_event_cb: processing event@0x5649f9ab9998 Aug 26 13:22:43.792732: | handling event EVENT_SA_EXPIRE for child state #5 Aug 26 13:22:43.792737: | start processing: state #5 connection "north-dpd/0x1" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 13:22:43.792741: | picked newest_ipsec_sa #0 for #5 Aug 26 13:22:43.792744: | un-established partial CHILD SA timeout (SA expired) Aug 26 13:22:43.792748: | pstats #5 ikev1.ipsec failed exchange-timeout Aug 26 13:22:43.792751: | pstats #5 ikev1.ipsec deleted exchange-timeout Aug 26 13:22:43.792770: | [RE]START processing: state #5 connection "north-dpd/0x1" from 192.1.2.23 (in delete_state() at state.c:879) Aug 26 13:22:43.792773: "north-dpd/0x1" #5: deleting state (STATE_QUICK_I1) aged 53.270s and NOT sending notification Aug 26 13:22:43.792777: | child state #5: QUICK_I1(established CHILD SA) => delete Aug 26 13:22:43.792781: | child state #5: QUICK_I1(established CHILD SA) => CHILDSA_DEL(informational) Aug 26 13:22:43.792859: | delete esp.5b1ca772@192.1.2.23 Aug 26 13:22:43.792882: | netlink response for Del SA esp.5b1ca772@192.1.2.23 included non-error error Aug 26 13:22:43.792887: | priority calculation of connection "north-dpd/0x1" is 0xfe7e7 Aug 26 13:22:43.792895: | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.3.0/24:0 => unk255.10000@192.1.3.33 (raw_eroute) Aug 26 13:22:43.792904: | raw_eroute result=success Aug 26 13:22:43.792908: | delete esp.aad72ba6@192.1.3.33 Aug 26 13:22:43.792916: "north-dpd/0x1" #5: ERROR: netlink response for Del SA esp.aad72ba6@192.1.3.33 included errno 3: No such process Aug 26 13:22:43.792920: | in connection_discard for connection north-dpd/0x1 Aug 26 13:22:43.792923: | State DB: deleting IKEv1 state #5 in CHILDSA_DEL Aug 26 13:22:43.792927: | child state #5: CHILDSA_DEL(informational) => UNDEFINED(ignore) Aug 26 13:22:43.792947: | stop processing: state #5 from 192.1.2.23 (in delete_state() at state.c:1143) Aug 26 13:22:43.792961: | libevent_free: release ptr-libevent@0x5649f9ad79a8 Aug 26 13:22:43.792965: | free_event_entry: release EVENT_SA_EXPIRE-pe@0x5649f9ab9998 Aug 26 13:22:43.792968: | in statetime_stop() and could not find #5 Aug 26 13:22:43.792972: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Aug 26 13:22:43.792976: | timer_event_cb: processing event@0x5649f9abf408 Aug 26 13:22:43.792979: | handling event EVENT_SA_EXPIRE for child state #4 Aug 26 13:22:43.792985: | start processing: state #4 connection "north-dpd/0x2" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 13:22:43.792989: | picked newest_ipsec_sa #0 for #4 Aug 26 13:22:43.792992: | un-established partial CHILD SA timeout (SA expired) Aug 26 13:22:43.792995: | pstats #4 ikev1.ipsec failed exchange-timeout Aug 26 13:22:43.792999: | pstats #4 ikev1.ipsec deleted exchange-timeout Aug 26 13:22:43.793004: | [RE]START processing: state #4 connection "north-dpd/0x2" from 192.1.2.23 (in delete_state() at state.c:879) Aug 26 13:22:43.793008: "north-dpd/0x2" #4: deleting state (STATE_QUICK_I1) aged 53.270s and NOT sending notification Aug 26 13:22:43.793012: | child state #4: QUICK_I1(established CHILD SA) => delete Aug 26 13:22:43.793016: | child state #4: QUICK_I1(established CHILD SA) => CHILDSA_DEL(informational) Aug 26 13:22:43.793053: | delete esp.dfa7993f@192.1.2.23 Aug 26 13:22:43.793068: | netlink response for Del SA esp.dfa7993f@192.1.2.23 included non-error error Aug 26 13:22:43.793072: | priority calculation of connection "north-dpd/0x2" is 0xfe7e7 Aug 26 13:22:43.793080: | delete inbound eroute 192.0.22.0/24:0 --0-> 192.0.3.0/24:0 => unk255.10000@192.1.3.33 (raw_eroute) Aug 26 13:22:43.793089: | raw_eroute result=success Aug 26 13:22:43.793093: | delete esp.dcd59a6b@192.1.3.33 Aug 26 13:22:43.793100: "north-dpd/0x2" #4: ERROR: netlink response for Del SA esp.dcd59a6b@192.1.3.33 included errno 3: No such process Aug 26 13:22:43.793104: | in connection_discard for connection north-dpd/0x2 Aug 26 13:22:43.793107: | State DB: deleting IKEv1 state #4 in CHILDSA_DEL Aug 26 13:22:43.793111: | child state #4: CHILDSA_DEL(informational) => UNDEFINED(ignore) Aug 26 13:22:43.793129: | stop processing: state #4 from 192.1.2.23 (in delete_state() at state.c:1143) Aug 26 13:22:43.793139: | libevent_free: release ptr-libevent@0x7f83b8004fd8 Aug 26 13:22:43.793143: | free_event_entry: release EVENT_SA_EXPIRE-pe@0x5649f9abf408 Aug 26 13:22:43.793147: | in statetime_stop() and could not find #4 Aug 26 13:22:43.793150: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Aug 26 13:22:43.793154: | timer_event_cb: processing event@0x7f83bc004218 Aug 26 13:22:43.793158: | handling event EVENT_SA_EXPIRE for child state #8 Aug 26 13:22:43.793163: | start processing: state #8 connection "north-dpd/0x2" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 13:22:43.793167: | picked newest_ipsec_sa #0 for #8 Aug 26 13:22:43.793170: | un-established partial CHILD SA timeout (SA expired) Aug 26 13:22:43.793174: | pstats #8 ikev1.ipsec failed exchange-timeout Aug 26 13:22:43.793177: | pstats #8 ikev1.ipsec deleted exchange-timeout Aug 26 13:22:43.793182: | [RE]START processing: state #8 connection "north-dpd/0x2" from 192.1.2.23 (in delete_state() at state.c:879) Aug 26 13:22:43.793186: "north-dpd/0x2" #8: deleting state (STATE_QUICK_I1) aged 0.027s and NOT sending notification Aug 26 13:22:43.793190: | child state #8: QUICK_I1(established CHILD SA) => delete Aug 26 13:22:43.793194: | child state #8: QUICK_I1(established CHILD SA) => CHILDSA_DEL(informational) Aug 26 13:22:43.793198: | priority calculation of connection "north-dpd/0x2" is 0xfe7e7 Aug 26 13:22:43.793205: | delete inbound eroute 192.0.22.0/24:0 --0-> 192.0.3.0/24:0 => unk255.10000@192.1.3.33 (raw_eroute) Aug 26 13:22:43.793215: | raw_eroute result=success Aug 26 13:22:43.793219: | in connection_discard for connection north-dpd/0x2 Aug 26 13:22:43.793222: | State DB: deleting IKEv1 state #8 in CHILDSA_DEL Aug 26 13:22:43.793226: | child state #8: CHILDSA_DEL(informational) => UNDEFINED(ignore) Aug 26 13:22:43.793241: | stop processing: state #8 from 192.1.2.23 (in delete_state() at state.c:1143) Aug 26 13:22:43.793257: | libevent_free: release ptr-libevent@0x7f83ac002888 Aug 26 13:22:43.793261: | free_event_entry: release EVENT_SA_EXPIRE-pe@0x7f83bc004218 Aug 26 13:22:43.793265: | in statetime_stop() and could not find #8 Aug 26 13:22:43.793268: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Aug 26 13:22:44.235187: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 13:22:44.235211: shutting down Aug 26 13:22:44.235222: | processing: RESET whack log_fd (was fd@16) (in exit_pluto() at plutomain.c:1825) Aug 26 13:22:44.235225: destroying root certificate cache Aug 26 13:22:44.235253: | certs and keys locked by 'free_preshared_secrets' Aug 26 13:22:44.235257: forgetting secrets Aug 26 13:22:44.235265: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 13:22:44.235275: | unreference key: 0x5649f9ac0678 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org cnt 1-- Aug 26 13:22:44.235280: | unreference key: 0x5649f9ac0228 user-east@testing.libreswan.org cnt 1-- Aug 26 13:22:44.235284: | unreference key: 0x5649f9abe738 @east.testing.libreswan.org cnt 1-- Aug 26 13:22:44.235313: | unreference key: 0x5649f9abf478 east@testing.libreswan.org cnt 1-- Aug 26 13:22:44.235321: | unreference key: 0x5649f9abf6e8 192.1.2.23 cnt 1-- Aug 26 13:22:44.235342: | unreference key: 0x5649f9ab9ed8 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org cnt 1-- Aug 26 13:22:44.235346: | unreference key: 0x5649f9ab9cb8 user-north@testing.libreswan.org cnt 1-- Aug 26 13:22:44.235350: | unreference key: 0x5649f9ab6888 @north.testing.libreswan.org cnt 1-- Aug 26 13:22:44.235355: | start processing: connection "north-dpd/0x2" (in delete_connection() at connections.c:189) Aug 26 13:22:44.235359: | removing pending policy for no connection {0x5649f9ad1f68} Aug 26 13:22:44.235362: | Deleting states for connection - including all other IPsec SA's of this IKE SA Aug 26 13:22:44.235370: | pass 0 Aug 26 13:22:44.235373: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 13:22:44.235376: | state #10 Aug 26 13:22:44.235378: | pass 1 Aug 26 13:22:44.235381: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 13:22:44.235383: | state #10 Aug 26 13:22:44.235388: | shunt_eroute() called for connection 'north-dpd/0x2' to 'delete' for rt_kind 'unrouted' using protoports 0--0->-0 Aug 26 13:22:44.235391: | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 Aug 26 13:22:44.235395: | priority calculation of connection "north-dpd/0x2" is 0xfe7e7 Aug 26 13:22:44.235431: | priority calculation of connection "north-dpd/0x2" is 0xfe7e7 Aug 26 13:22:44.235444: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:22:44.235448: | conn north-dpd/0x2 mark 0/00000000, 0/00000000 vs Aug 26 13:22:44.235451: | conn north-dpd/0x2 mark 0/00000000, 0/00000000 Aug 26 13:22:44.235454: | conn north-dpd/0x2 mark 0/00000000, 0/00000000 vs Aug 26 13:22:44.235457: | conn north-dpd/0x1 mark 0/00000000, 0/00000000 Aug 26 13:22:44.235461: | route owner of "north-dpd/0x2" unrouted: NULL Aug 26 13:22:44.235465: | running updown command "ipsec _updown" for verb unroute Aug 26 13:22:44.235468: | command executing unroute-client Aug 26 13:22:44.235507: | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-dpd/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CO Aug 26 13:22:44.235511: | popen cmd is 1274 chars long Aug 26 13:22:44.235515: | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-dpd/0x2': Aug 26 13:22:44.235518: | cmd( 80): PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO: Aug 26 13:22:44.235521: | cmd( 160):_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.t: Aug 26 13:22:44.235524: | cmd( 240):esting.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0: Aug 26 13:22:44.235527: | cmd( 320):.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PL: Aug 26 13:22:44.235530: | cmd( 400):UTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='none: Aug 26 13:22:44.235533: | cmd( 480):' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswa: Aug 26 13:22:44.235536: | cmd( 560):n, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libres: Aug 26 13:22:44.235539: | cmd( 640):wan.org' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' PL: Aug 26 13:22:44.235542: | cmd( 720):UTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0': Aug 26 13:22:44.235545: | cmd( 800): PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSAS: Aug 26 13:22:44.235548: | cmd( 880):IG+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CO: Aug 26 13:22:44.235551: | cmd( 960):NN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER: Aug 26 13:22:44.235554: | cmd(1040):_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='': Aug 26 13:22:44.235559: | cmd(1120): PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' : Aug 26 13:22:44.235562: | cmd(1200):VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&1: Aug 26 13:22:44.243794: "north-dpd/0x2": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:22:44.243813: "north-dpd/0x2": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:22:44.243815: "north-dpd/0x2": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:22:44.243817: "north-dpd/0x2": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:22:44.243819: "north-dpd/0x2": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:22:44.243821: "north-dpd/0x2": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:22:44.243823: "north-dpd/0x2": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:22:44.243824: "north-dpd/0x2": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:22:44.243826: "north-dpd/0x2": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:22:44.243842: "north-dpd/0x2": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:22:44.243855: "north-dpd/0x2": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:22:44.243860: "north-dpd/0x2": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:22:44.243915: "north-dpd/0x2": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:22:44.243922: "north-dpd/0x2": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:22:44.243924: "north-dpd/0x2": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:22:44.243926: "north-dpd/0x2": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:22:44.243927: "north-dpd/0x2": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:22:44.243929: "north-dpd/0x2": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:22:44.243931: "north-dpd/0x2": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:22:44.243933: "north-dpd/0x2": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:22:44.243940: "north-dpd/0x2": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:22:44.243986: "north-dpd/0x2": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:22:44.243993: "north-dpd/0x2": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:22:44.243995: "north-dpd/0x2": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:22:44.243997: "north-dpd/0x2": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:22:44.243998: "north-dpd/0x2": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:22:44.244001: "north-dpd/0x2": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:22:44.244002: "north-dpd/0x2": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:22:44.244014: "north-dpd/0x2": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:22:44.244114: "north-dpd/0x2": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:22:44.244118: "north-dpd/0x2": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:22:44.244119: "north-dpd/0x2": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:22:44.244122: "north-dpd/0x2": unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:22:44.248238: | flush revival: connection 'north-dpd/0x2' wasn't on the list Aug 26 13:22:44.248249: | stop processing: connection "north-dpd/0x2" (in discard_connection() at connections.c:249) Aug 26 13:22:44.248261: | start processing: connection "north-dpd/0x1" (in delete_connection() at connections.c:189) Aug 26 13:22:44.248264: | removing pending policy for no connection {0x5649f99a2898} Aug 26 13:22:44.248266: | Deleting states for connection - including all other IPsec SA's of this IKE SA Aug 26 13:22:44.248271: | pass 0 Aug 26 13:22:44.248273: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 13:22:44.248275: | state #10 Aug 26 13:22:44.248278: | suspend processing: connection "north-dpd/0x1" (in foreach_state_by_connection_func_delete() at state.c:1310) Aug 26 13:22:44.248282: | start processing: state #10 connection "north-dpd/0x1" from 192.1.2.23 (in foreach_state_by_connection_func_delete() at state.c:1310) Aug 26 13:22:44.248284: | pstats #10 ikev1.isakmp deleted other Aug 26 13:22:44.248313: | [RE]START processing: state #10 connection "north-dpd/0x1" from 192.1.2.23 (in delete_state() at state.c:879) Aug 26 13:22:44.248318: "north-dpd/0x1" #10: deleting state (STATE_MAIN_I1) aged 0.458s and NOT sending notification Aug 26 13:22:44.248333: | parent state #10: MAIN_I1(half-open IKE SA) => delete Aug 26 13:22:44.248375: | state #10 requesting EVENT_RETRANSMIT to be deleted Aug 26 13:22:44.248378: | #10 STATE_MAIN_I1: retransmits: cleared Aug 26 13:22:44.248387: | libevent_free: release ptr-libevent@0x7f83c0003878 Aug 26 13:22:44.248391: | free_event_entry: release EVENT_RETRANSMIT-pe@0x5649f9ac09c8 Aug 26 13:22:44.248394: | State DB: IKEv1 state not found (flush_incomplete_children) Aug 26 13:22:44.248396: | picked newest_isakmp_sa #0 for #10 Aug 26 13:22:44.248398: "north-dpd/0x1" #10: deleting IKE SA for connection 'north-dpd/0x1' but connection is supposed to remain up; schedule EVENT_REVIVE_CONNS Aug 26 13:22:44.248401: | add revival: connection 'north-dpd/0x1' added to the list and scheduled for 0 seconds Aug 26 13:22:44.248404: | global one-shot timer EVENT_REVIVE_CONNS scheduled in 0 seconds Aug 26 13:22:44.248428: | stop processing: connection "north-dpd/0x1" (BACKGROUND) (in update_state_connection() at connections.c:4076) Aug 26 13:22:44.248431: | start processing: connection NULL (in update_state_connection() at connections.c:4077) Aug 26 13:22:44.248432: | in connection_discard for connection north-dpd/0x1 Aug 26 13:22:44.248434: | State DB: deleting IKEv1 state #10 in MAIN_I1 Aug 26 13:22:44.248452: | parent state #10: MAIN_I1(half-open IKE SA) => UNDEFINED(ignore) Aug 26 13:22:44.248456: | stop processing: state #10 from 192.1.2.23 (in delete_state() at state.c:1143) Aug 26 13:22:44.248460: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) Aug 26 13:22:44.248461: | pass 1 Aug 26 13:22:44.248463: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 13:22:44.248466: | shunt_eroute() called for connection 'north-dpd/0x1' to 'delete' for rt_kind 'unrouted' using protoports 0--0->-0 Aug 26 13:22:44.248468: | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 Aug 26 13:22:44.248470: | priority calculation of connection "north-dpd/0x1" is 0xfe7e7 Aug 26 13:22:44.248507: | priority calculation of connection "north-dpd/0x1" is 0xfe7e7 Aug 26 13:22:44.248515: | FOR_EACH_CONNECTION_... in route_owner Aug 26 13:22:44.248517: | conn north-dpd/0x1 mark 0/00000000, 0/00000000 vs Aug 26 13:22:44.248519: | conn north-dpd/0x1 mark 0/00000000, 0/00000000 Aug 26 13:22:44.248522: | route owner of "north-dpd/0x1" unrouted: NULL Aug 26 13:22:44.248524: | running updown command "ipsec _updown" for verb unroute Aug 26 13:22:44.248526: | command executing unroute-client Aug 26 13:22:44.248564: | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-dpd/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN Aug 26 13:22:44.248568: | popen cmd is 1272 chars long Aug 26 13:22:44.248570: | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-dpd/0x1': Aug 26 13:22:44.248572: | cmd( 80): PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO: Aug 26 13:22:44.248574: | cmd( 160):_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.t: Aug 26 13:22:44.248576: | cmd( 240):esting.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0: Aug 26 13:22:44.248577: | cmd( 320):.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PL: Aug 26 13:22:44.248579: | cmd( 400):UTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none: Aug 26 13:22:44.248581: | cmd( 480):' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswa: Aug 26 13:22:44.248582: | cmd( 560):n, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libres: Aug 26 13:22:44.248584: | cmd( 640):wan.org' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUT: Aug 26 13:22:44.248586: | cmd( 720):O_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' P: Aug 26 13:22:44.248587: | cmd( 800):LUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG: Aug 26 13:22:44.248589: | cmd( 880):+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN: Aug 26 13:22:44.248591: | cmd( 960):_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_C: Aug 26 13:22:44.248592: | cmd(1040):ISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' P: Aug 26 13:22:44.248594: | cmd(1120):LUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VT: Aug 26 13:22:44.248596: | cmd(1200):I_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&1: Aug 26 13:22:44.256568: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:22:44.256585: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:22:44.256587: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:22:44.256589: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:22:44.256591: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:22:44.256600: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:22:44.256613: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:22:44.256617: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:22:44.256683: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:22:44.256690: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:22:44.256692: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:22:44.256694: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:22:44.256696: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:22:44.256698: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:22:44.256705: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:22:44.256765: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:22:44.256769: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:22:44.256770: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:22:44.256772: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:22:44.256774: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:22:44.256782: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:22:44.256793: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:22:44.256803: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:22:44.256812: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:22:44.256821: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:22:44.256831: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:22:44.256841: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:22:44.256852: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:22:44.256861: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:22:44.256943: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:22:44.256953: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:22:44.256964: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:22:44.256974: unroute-client output: Error: Peer netns reference is invalid. Aug 26 13:22:44.263010: | free hp@0x5649f9abeef8 Aug 26 13:22:44.263028: | flush revival: connection 'north-dpd/0x1' revival flushed Aug 26 13:22:44.263036: | processing: STOP connection NULL (in discard_connection() at connections.c:249) Aug 26 13:22:44.263074: | crl fetch request list locked by 'free_crl_fetch' Aug 26 13:22:44.263079: | crl fetch request list unlocked by 'free_crl_fetch' Aug 26 13:22:44.263094: shutting down interface lo/lo 127.0.0.1:4500 Aug 26 13:22:44.263099: shutting down interface lo/lo 127.0.0.1:500 Aug 26 13:22:44.263103: shutting down interface eth0/eth0 192.0.3.254:4500 Aug 26 13:22:44.263107: shutting down interface eth0/eth0 192.0.3.254:500 Aug 26 13:22:44.263111: shutting down interface eth1/eth1 192.1.3.33:4500 Aug 26 13:22:44.263114: shutting down interface eth1/eth1 192.1.3.33:500 Aug 26 13:22:44.263119: | FOR_EACH_STATE_... in delete_states_dead_interfaces Aug 26 13:22:44.263133: | libevent_free: release ptr-libevent@0x5649f9aa8688 Aug 26 13:22:44.263137: | free_event_entry: release EVENT_NULL-pe@0x5649f9ab4358 Aug 26 13:22:44.263151: | libevent_free: release ptr-libevent@0x5649f9a4ef18 Aug 26 13:22:44.263155: | free_event_entry: release EVENT_NULL-pe@0x5649f9ab4408 Aug 26 13:22:44.263163: | libevent_free: release ptr-libevent@0x5649f9a4e838 Aug 26 13:22:44.263166: | free_event_entry: release EVENT_NULL-pe@0x5649f9ab44b8 Aug 26 13:22:44.263173: | libevent_free: release ptr-libevent@0x5649f9a560f8 Aug 26 13:22:44.263176: | free_event_entry: release EVENT_NULL-pe@0x5649f9ab4568 Aug 26 13:22:44.263183: | libevent_free: release ptr-libevent@0x5649f9a561f8 Aug 26 13:22:44.263187: | free_event_entry: release EVENT_NULL-pe@0x5649f9ab4618 Aug 26 13:22:44.263195: | libevent_free: release ptr-libevent@0x5649f9a562f8 Aug 26 13:22:44.263199: | free_event_entry: release EVENT_NULL-pe@0x5649f9ab46c8 Aug 26 13:22:44.263206: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Aug 26 13:22:44.264716: | libevent_free: release ptr-libevent@0x5649f9aa8738 Aug 26 13:22:44.264727: | free_event_entry: release EVENT_NULL-pe@0x5649f9a9c8d8 Aug 26 13:22:44.264734: | libevent_free: release ptr-libevent@0x5649f9a4ee68 Aug 26 13:22:44.264738: | free_event_entry: release EVENT_NULL-pe@0x5649f9a9c438 Aug 26 13:22:44.264742: | libevent_free: release ptr-libevent@0x5649f9a95418 Aug 26 13:22:44.264745: | free_event_entry: release EVENT_NULL-pe@0x5649f9a563a8 Aug 26 13:22:44.264749: | global timer EVENT_REINIT_SECRET uninitialized Aug 26 13:22:44.264752: | global timer EVENT_SHUNT_SCAN uninitialized Aug 26 13:22:44.264755: | global timer EVENT_PENDING_DDNS uninitialized Aug 26 13:22:44.264758: | global timer EVENT_PENDING_PHASE2 uninitialized Aug 26 13:22:44.264760: | global timer EVENT_CHECK_CRLS uninitialized Aug 26 13:22:44.264763: | global timer EVENT_REVIVE_CONNS uninitialized Aug 26 13:22:44.264766: | global timer EVENT_FREE_ROOT_CERTS uninitialized Aug 26 13:22:44.264768: | global timer EVENT_RESET_LOG_RATE_LIMIT uninitialized Aug 26 13:22:44.264771: | global timer EVENT_NAT_T_KEEPALIVE uninitialized Aug 26 13:22:44.264780: | libevent_free: release ptr-libevent@0x5649f9a5a978 Aug 26 13:22:44.264785: | signal event handler PLUTO_SIGCHLD uninstalled Aug 26 13:22:44.264789: | libevent_free: release ptr-libevent@0x5649f99d0758 Aug 26 13:22:44.264791: | signal event handler PLUTO_SIGTERM uninstalled Aug 26 13:22:44.264795: | libevent_free: release ptr-libevent@0x5649f99db988 Aug 26 13:22:44.264797: | signal event handler PLUTO_SIGHUP uninstalled Aug 26 13:22:44.264801: | libevent_free: release ptr-libevent@0x5649f99d37b8 Aug 26 13:22:44.264803: | signal event handler PLUTO_SIGSYS uninstalled Aug 26 13:22:44.264806: | releasing event base Aug 26 13:22:44.264818: | libevent_free: release ptr-libevent@0x5649f9ab3d98 Aug 26 13:22:44.264821: | libevent_free: release ptr-libevent@0x5649f9a96cf8 Aug 26 13:22:44.264826: | libevent_free: release ptr-libevent@0x5649f9a96ca8 Aug 26 13:22:44.264828: | libevent_free: release ptr-libevent@0x5649f9ab54d8 Aug 26 13:22:44.264831: | libevent_free: release ptr-libevent@0x5649f9a96c68 Aug 26 13:22:44.264834: | libevent_free: release ptr-libevent@0x5649f9ab3a28 Aug 26 13:22:44.264837: | libevent_free: release ptr-libevent@0x5649f9ab3c98 Aug 26 13:22:44.264840: | libevent_free: release ptr-libevent@0x5649f9a96ea8 Aug 26 13:22:44.264842: | libevent_free: release ptr-libevent@0x5649f9a9c4a8 Aug 26 13:22:44.264845: | libevent_free: release ptr-libevent@0x5649f9a9c108 Aug 26 13:22:44.264848: | libevent_free: release ptr-libevent@0x5649f9ab4738 Aug 26 13:22:44.264850: | libevent_free: release ptr-libevent@0x5649f9ab4688 Aug 26 13:22:44.264853: | libevent_free: release ptr-libevent@0x5649f9ab45d8 Aug 26 13:22:44.264876: | libevent_free: release ptr-libevent@0x5649f9ab4528 Aug 26 13:22:44.264879: | libevent_free: release ptr-libevent@0x5649f9ab4478 Aug 26 13:22:44.264882: | libevent_free: release ptr-libevent@0x5649f9ab43c8 Aug 26 13:22:44.264884: | libevent_free: release ptr-libevent@0x5649f99cf9a8 Aug 26 13:22:44.264887: | libevent_free: release ptr-libevent@0x5649f9ab3d18 Aug 26 13:22:44.264890: | libevent_free: release ptr-libevent@0x5649f9ab3cd8 Aug 26 13:22:44.264893: | libevent_free: release ptr-libevent@0x5649f9ab3b98 Aug 26 13:22:44.264896: | libevent_free: release ptr-libevent@0x5649f9ab3d58 Aug 26 13:22:44.264898: | libevent_free: release ptr-libevent@0x5649f9ab3a68 Aug 26 13:22:44.264901: | libevent_free: release ptr-libevent@0x5649f9a5c508 Aug 26 13:22:44.264904: | libevent_free: release ptr-libevent@0x5649f9a5c488 Aug 26 13:22:44.264907: | libevent_free: release ptr-libevent@0x5649f99cfd18 Aug 26 13:22:44.264909: | releasing global libevent data Aug 26 13:22:44.264912: | libevent_free: release ptr-libevent@0x5649f9a5c688 Aug 26 13:22:44.264916: | libevent_free: release ptr-libevent@0x5649f9a5c608 Aug 26 13:22:44.264919: | libevent_free: release ptr-libevent@0x5649f9a5c588 Aug 26 13:22:44.264981: leak detective found no leaks