FIPS Product: YES FIPS Kernel: NO FIPS Mode: NO NSS DB directory: sql:/etc/ipsec.d Initializing NSS Opening NSS database "sql:/etc/ipsec.d" read-only NSS initialized NSS crypto library initialized FIPS HMAC integrity support [enabled] FIPS mode disabled for pluto daemon FIPS HMAC integrity verification self-test FAILED libcap-ng support [enabled] Linux audit support [enabled] Linux audit activated Starting Pluto (Libreswan Version v3.28-685-gbfd5aef521-master-s2 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:12657 core dump dir: /var/tmp secrets file: /etc/ipsec.secrets leak-detective enabled NSS crypto [enabled] XAUTH PAM support [enabled] | libevent is using pluto's memory allocator Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800) | libevent_malloc: new ptr-libevent@0x560690162708 size 40 | libevent_malloc: new ptr-libevent@0x560690162688 size 40 | libevent_malloc: new ptr-libevent@0x560690162608 size 40 | creating event base | libevent_malloc: new ptr-libevent@0x560690154238 size 56 | libevent_malloc: new ptr-libevent@0x5606900dde08 size 664 | libevent_malloc: new ptr-libevent@0x56069019cd28 size 24 | libevent_malloc: new ptr-libevent@0x56069019cd78 size 384 | libevent_malloc: new ptr-libevent@0x56069019cce8 size 16 | libevent_malloc: new ptr-libevent@0x560690162588 size 40 | libevent_malloc: new ptr-libevent@0x560690162508 size 48 | libevent_realloc: new ptr-libevent@0x5606900dda98 size 256 | libevent_malloc: new ptr-libevent@0x56069019cf28 size 16 | libevent_free: release ptr-libevent@0x560690154238 | libevent initialized | libevent_realloc: new ptr-libevent@0x560690154238 size 64 | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds | init_nat_traversal() initialized with keep_alive=0s NAT-Traversal support [enabled] | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized | global one-shot timer EVENT_FREE_ROOT_CERTS initialized | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds | global one-shot timer EVENT_REVIVE_CONNS initialized | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds Encryption algorithms: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm, aes_ccm_c AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_b AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_a 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] 3des CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128} CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} camellia AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm, aes_gcm_c AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_b AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_a AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aesctr AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aes SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} serpent TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} twofish TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} twofish_cbc_ssh NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_gmac NULL IKEv1: ESP IKEv2: ESP [] CHACHA20_POLY1305 IKEv1: IKEv2: IKE ESP [*256] chacha20poly1305 Hash algorithms: MD5 IKEv1: IKE IKEv2: SHA1 IKEv1: IKE IKEv2: FIPS sha SHA2_256 IKEv1: IKE IKEv2: FIPS sha2, sha256 SHA2_384 IKEv1: IKE IKEv2: FIPS sha384 SHA2_512 IKEv1: IKE IKEv2: FIPS sha512 PRF algorithms: HMAC_MD5 IKEv1: IKE IKEv2: IKE md5 HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS sha, sha1 HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS sha2, sha256, sha2_256 HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS sha384, sha2_384 HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS sha512, sha2_512 AES_XCBC IKEv1: IKEv2: IKE aes128_xcbc Integrity algorithms: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH md5, hmac_md5 HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha, sha1, sha1_96, hmac_sha1 HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha512, sha2_512, sha2_512_256, hmac_sha2_512 HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha384, sha2_384, sha2_384_192, hmac_sha2_384 HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH aes_xcbc, aes128_xcbc, aes128_xcbc_96 AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac NONE IKEv1: ESP IKEv2: IKE ESP FIPS null DH algorithms: NONE IKEv1: IKEv2: IKE ESP AH FIPS null, dh0 MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh5 MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh14 MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh15 MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh16 MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh17 MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh18 DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_256, ecp256 DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_384, ecp384 DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_521, ecp521 DH31 IKEv1: IKE IKEv2: IKE ESP AH curve25519 testing CAMELLIA_CBC: Camellia: 16 bytes with 128-bit key Camellia: 16 bytes with 128-bit key Camellia: 16 bytes with 256-bit key Camellia: 16 bytes with 256-bit key testing AES_GCM_16: empty string one block two blocks two blocks with associated data testing AES_CTR: Encrypting 16 octets using AES-CTR with 128-bit key Encrypting 32 octets using AES-CTR with 128-bit key Encrypting 36 octets using AES-CTR with 128-bit key Encrypting 16 octets using AES-CTR with 192-bit key Encrypting 32 octets using AES-CTR with 192-bit key Encrypting 36 octets using AES-CTR with 192-bit key Encrypting 16 octets using AES-CTR with 256-bit key Encrypting 32 octets using AES-CTR with 256-bit key Encrypting 36 octets using AES-CTR with 256-bit key testing AES_CBC: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key testing AES_XCBC: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) testing HMAC_MD5: RFC 2104: MD5_HMAC test 1 RFC 2104: MD5_HMAC test 2 RFC 2104: MD5_HMAC test 3 8 CPU cores online starting up 7 crypto helpers started thread for crypto helper 0 | starting up helper thread 0 | status value returned by setting the priority of this thread (crypto helper 0) 22 | crypto helper 0 waiting (nothing to do) started thread for crypto helper 1 | starting up helper thread 1 | status value returned by setting the priority of this thread (crypto helper 1) 22 | crypto helper 1 waiting (nothing to do) started thread for crypto helper 2 | starting up helper thread 2 | status value returned by setting the priority of this thread (crypto helper 2) 22 | crypto helper 2 waiting (nothing to do) started thread for crypto helper 3 | starting up helper thread 3 | status value returned by setting the priority of this thread (crypto helper 3) 22 | crypto helper 3 waiting (nothing to do) started thread for crypto helper 4 | starting up helper thread 4 | status value returned by setting the priority of this thread (crypto helper 4) 22 | crypto helper 4 waiting (nothing to do) started thread for crypto helper 5 started thread for crypto helper 6 | checking IKEv1 state table | MAIN_R0: category: half-open IKE SA flags: 0: | -> MAIN_R1 EVENT_SO_DISCARD | MAIN_I1: category: half-open IKE SA flags: 0: | starting up helper thread 6 | starting up helper thread 5 | status value returned by setting the priority of this thread (crypto helper 5) 22 | -> MAIN_I2 EVENT_RETRANSMIT | status value returned by setting the priority of this thread (crypto helper 6) 22 | MAIN_R1: category: open IKE SA flags: 200: | -> MAIN_R2 EVENT_RETRANSMIT | -> UNDEFINED EVENT_RETRANSMIT | -> UNDEFINED EVENT_RETRANSMIT | MAIN_I2: category: open IKE SA flags: 0: | -> MAIN_I3 EVENT_RETRANSMIT | -> UNDEFINED EVENT_RETRANSMIT | -> UNDEFINED EVENT_RETRANSMIT | crypto helper 5 waiting (nothing to do) | MAIN_R2: category: open IKE SA flags: 0: | crypto helper 6 waiting (nothing to do) | -> MAIN_R3 EVENT_SA_REPLACE | -> MAIN_R3 EVENT_SA_REPLACE | -> UNDEFINED EVENT_SA_REPLACE | MAIN_I3: category: open IKE SA flags: 0: | -> MAIN_I4 EVENT_SA_REPLACE | -> MAIN_I4 EVENT_SA_REPLACE | -> UNDEFINED EVENT_SA_REPLACE | MAIN_R3: category: established IKE SA flags: 200: | -> UNDEFINED EVENT_NULL | MAIN_I4: category: established IKE SA flags: 0: | -> UNDEFINED EVENT_NULL | AGGR_R0: category: half-open IKE SA flags: 0: | -> AGGR_R1 EVENT_SO_DISCARD | AGGR_I1: category: half-open IKE SA flags: 0: | -> AGGR_I2 EVENT_SA_REPLACE | -> AGGR_I2 EVENT_SA_REPLACE | AGGR_R1: category: open IKE SA flags: 200: | -> AGGR_R2 EVENT_SA_REPLACE | -> AGGR_R2 EVENT_SA_REPLACE | AGGR_I2: category: established IKE SA flags: 200: | -> UNDEFINED EVENT_NULL | AGGR_R2: category: established IKE SA flags: 0: | -> UNDEFINED EVENT_NULL | QUICK_R0: category: established CHILD SA flags: 0: | -> QUICK_R1 EVENT_RETRANSMIT | QUICK_I1: category: established CHILD SA flags: 0: | -> QUICK_I2 EVENT_SA_REPLACE | QUICK_R1: category: established CHILD SA flags: 0: | -> QUICK_R2 EVENT_SA_REPLACE | QUICK_I2: category: established CHILD SA flags: 200: | -> UNDEFINED EVENT_NULL | QUICK_R2: category: established CHILD SA flags: 0: | -> UNDEFINED EVENT_NULL | INFO: category: informational flags: 0: | -> UNDEFINED EVENT_NULL | INFO_PROTECTED: category: informational flags: 0: | -> UNDEFINED EVENT_NULL | XAUTH_R0: category: established IKE SA flags: 0: | -> XAUTH_R1 EVENT_NULL | XAUTH_R1: category: established IKE SA flags: 0: | -> MAIN_R3 EVENT_SA_REPLACE | MODE_CFG_R0: category: informational flags: 0: | -> MODE_CFG_R1 EVENT_SA_REPLACE | MODE_CFG_R1: category: established IKE SA flags: 0: | -> MODE_CFG_R2 EVENT_SA_REPLACE | MODE_CFG_R2: category: established IKE SA flags: 0: | -> UNDEFINED EVENT_NULL | MODE_CFG_I1: category: established IKE SA flags: 0: | -> MAIN_I4 EVENT_SA_REPLACE | XAUTH_I0: category: established IKE SA flags: 0: | -> XAUTH_I1 EVENT_RETRANSMIT | XAUTH_I1: category: established IKE SA flags: 0: | -> MAIN_I4 EVENT_RETRANSMIT | checking IKEv2 state table | PARENT_I0: category: ignore flags: 0: | -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT) | PARENT_I1: category: half-open IKE SA flags: 0: | -> PARENT_I1 EVENT_RETAIN send-request (Initiator: process SA_INIT reply notification) | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH) | PARENT_I2: category: open IKE SA flags: 0: | -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification) | -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification) | -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification) | -> V2_IPSEC_I EVENT_SA_REPLACE (Initiator: process IKE_AUTH response) | -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification) | PARENT_I3: category: established IKE SA flags: 0: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Request) | -> PARENT_I3 EVENT_RETAIN (I3: Informational Response) | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Request) | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Response) | PARENT_R0: category: half-open IKE SA flags: 0: | -> PARENT_R1 EVENT_SO_DISCARD send-request (Respond to IKE_SA_INIT) | PARENT_R1: category: half-open IKE SA flags: 0: | -> PARENT_R1 EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request (no SKEYSEED)) | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request) | PARENT_R2: category: established IKE SA flags: 0: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Request) | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Response) | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Request) | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Response) | V2_CREATE_I0: category: established IKE SA flags: 0: | -> V2_CREATE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA) | V2_CREATE_I: category: established IKE SA flags: 0: | -> V2_IPSEC_I EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response) | V2_REKEY_IKE_I0: category: established IKE SA flags: 0: | -> V2_REKEY_IKE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey) | V2_REKEY_IKE_I: category: established IKE SA flags: 0: | -> PARENT_I3 EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response) | V2_REKEY_CHILD_I0: category: established IKE SA flags: 0: | -> V2_REKEY_CHILD_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA) | V2_REKEY_CHILD_I: category: established IKE SA flags: 0: | V2_CREATE_R: category: established IKE SA flags: 0: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IPsec SA Request) | V2_REKEY_IKE_R: category: established IKE SA flags: 0: | -> PARENT_R2 EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IKE Rekey) | V2_REKEY_CHILD_R: category: established IKE SA flags: 0: | V2_IPSEC_I: category: established CHILD SA flags: 0: | V2_IPSEC_R: category: established CHILD SA flags: 0: | IKESA_DEL: category: established IKE SA flags: 0: | -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) | CHILDSA_DEL: category: informational flags: 0: Using Linux XFRM/NETKEY IPsec interface code on 5.1.18-200.fc29.x86_64 | Hard-wiring algorithms | adding AES_CCM_16 to kernel algorithm db | adding AES_CCM_12 to kernel algorithm db | adding AES_CCM_8 to kernel algorithm db | adding 3DES_CBC to kernel algorithm db | adding CAMELLIA_CBC to kernel algorithm db | adding AES_GCM_16 to kernel algorithm db | adding AES_GCM_12 to kernel algorithm db | adding AES_GCM_8 to kernel algorithm db | adding AES_CTR to kernel algorithm db | adding AES_CBC to kernel algorithm db | adding SERPENT_CBC to kernel algorithm db | adding TWOFISH_CBC to kernel algorithm db | adding NULL_AUTH_AES_GMAC to kernel algorithm db | adding NULL to kernel algorithm db | adding CHACHA20_POLY1305 to kernel algorithm db | adding HMAC_MD5_96 to kernel algorithm db | adding HMAC_SHA1_96 to kernel algorithm db | adding HMAC_SHA2_512_256 to kernel algorithm db | adding HMAC_SHA2_384_192 to kernel algorithm db | adding HMAC_SHA2_256_128 to kernel algorithm db | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db | adding AES_XCBC_96 to kernel algorithm db | adding AES_CMAC_96 to kernel algorithm db | adding NONE to kernel algorithm db | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds | setup kernel fd callback | add_fd_read_event_handler: new KERNEL_XRM_FD-pe@0x56069015c428 | libevent_malloc: new ptr-libevent@0x56069019b498 size 128 | libevent_malloc: new ptr-libevent@0x5606901a2528 size 16 | add_fd_read_event_handler: new KERNEL_ROUTE_FD-pe@0x5606901a24b8 | libevent_malloc: new ptr-libevent@0x560690154ee8 size 128 | libevent_malloc: new ptr-libevent@0x5606901a2188 size 16 | global one-shot timer EVENT_CHECK_CRLS initialized selinux support is enabled. | unbound context created - setting debug level to 5 | /etc/hosts lookups activated | /etc/resolv.conf usage activated | outgoing-port-avoid set 0-65535 | outgoing-port-permit set 32768-60999 | Loading dnssec root key from:/var/lib/unbound/root.key | No additional dnssec trust anchors defined via dnssec-trusted= option | Setting up events, loop start | add_fd_read_event_handler: new PLUTO_CTL_FD-pe@0x5606901a2958 | libevent_malloc: new ptr-libevent@0x5606901ae838 size 128 | libevent_malloc: new ptr-libevent@0x5606901b9b28 size 16 | libevent_realloc: new ptr-libevent@0x5606901b9b68 size 256 | libevent_malloc: new ptr-libevent@0x5606901b9c98 size 8 | libevent_realloc: new ptr-libevent@0x5606901b9cd8 size 144 | libevent_malloc: new ptr-libevent@0x5606901609f8 size 152 | libevent_malloc: new ptr-libevent@0x5606901b9d98 size 16 | signal event handler PLUTO_SIGCHLD installed | libevent_malloc: new ptr-libevent@0x5606901b9dd8 size 8 | libevent_malloc: new ptr-libevent@0x5606900de778 size 152 | signal event handler PLUTO_SIGTERM installed | libevent_malloc: new ptr-libevent@0x5606901b9e18 size 8 | libevent_malloc: new ptr-libevent@0x5606901b9e58 size 152 | signal event handler PLUTO_SIGHUP installed | libevent_malloc: new ptr-libevent@0x5606901b9f28 size 8 | libevent_realloc: release ptr-libevent@0x5606901b9cd8 | libevent_realloc: new ptr-libevent@0x5606901b9f68 size 256 | libevent_malloc: new ptr-libevent@0x5606901ba098 size 152 | signal event handler PLUTO_SIGSYS installed | created addconn helper (pid:12706) using fork+execve | forked child 12706 | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) listening for IKE messages | Inspecting interface lo | found lo with address 127.0.0.1 | Inspecting interface eth0 | found eth0 with address 192.0.2.254 | Inspecting interface eth1 | found eth1 with address 192.1.2.23 Kernel supports NIC esp-hw-offload adding interface eth1/eth1 (esp-hw-offload not supported by kernel) 192.1.2.23:500 | NAT-Traversal: Trying sockopt style NAT-T | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 adding interface eth1/eth1 192.1.2.23:4500 adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.0.2.254:500 | NAT-Traversal: Trying sockopt style NAT-T | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 adding interface eth0/eth0 192.0.2.254:4500 adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500 | NAT-Traversal: Trying sockopt style NAT-T | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 adding interface lo/lo 127.0.0.1:4500 | no interfaces to sort | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations | add_fd_read_event_handler: new ethX-pe@0x5606901ba678 | libevent_malloc: new ptr-libevent@0x5606901ae788 size 128 | libevent_malloc: new ptr-libevent@0x5606901ba6e8 size 16 | setup callback for interface lo 127.0.0.1:4500 fd 22 | add_fd_read_event_handler: new ethX-pe@0x5606901ba728 | libevent_malloc: new ptr-libevent@0x560690154f98 size 128 | libevent_malloc: new ptr-libevent@0x5606901ba798 size 16 | setup callback for interface lo 127.0.0.1:500 fd 21 | add_fd_read_event_handler: new ethX-pe@0x5606901ba7d8 | libevent_malloc: new ptr-libevent@0x5606901548b8 size 128 | libevent_malloc: new ptr-libevent@0x5606901ba848 size 16 | setup callback for interface eth0 192.0.2.254:4500 fd 20 | add_fd_read_event_handler: new ethX-pe@0x5606901ba888 | libevent_malloc: new ptr-libevent@0x56069015c178 size 128 | libevent_malloc: new ptr-libevent@0x5606901ba8f8 size 16 | setup callback for interface eth0 192.0.2.254:500 fd 19 | add_fd_read_event_handler: new ethX-pe@0x5606901ba938 | libevent_malloc: new ptr-libevent@0x56069015c278 size 128 | libevent_malloc: new ptr-libevent@0x5606901ba9a8 size 16 | setup callback for interface eth1 192.1.2.23:4500 fd 18 | add_fd_read_event_handler: new ethX-pe@0x5606901ba9e8 | libevent_malloc: new ptr-libevent@0x56069015c378 size 128 | libevent_malloc: new ptr-libevent@0x5606901baa58 size 16 | setup callback for interface eth1 192.1.2.23:500 fd 17 | certs and keys locked by 'free_preshared_secrets' | certs and keys unlocked by 'free_preshared_secrets' loading secrets from "/etc/ipsec.secrets" | saving Modulus | saving PublicExponent | ignoring PrivateExponent | ignoring Prime1 | ignoring Prime2 | ignoring Exponent1 | ignoring Exponent2 | ignoring Coefficient | ignoring CKAIDNSS | computed rsa CKAID 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 | computed rsa CKAID 8a 82 25 f1 loaded private key for keyid: PKK_RSA:AQO9bJbr3 | certs and keys locked by 'process_secret' | certs and keys unlocked by 'process_secret' | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 1.22 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) listening for IKE messages | Inspecting interface lo | found lo with address 127.0.0.1 | Inspecting interface eth0 | found eth0 with address 192.0.2.254 | Inspecting interface eth1 | found eth1 with address 192.1.2.23 | no interfaces to sort | libevent_free: release ptr-libevent@0x5606901ae788 | free_event_entry: release EVENT_NULL-pe@0x5606901ba678 | add_fd_read_event_handler: new ethX-pe@0x5606901ba678 | libevent_malloc: new ptr-libevent@0x5606901ae788 size 128 | setup callback for interface lo 127.0.0.1:4500 fd 22 | libevent_free: release ptr-libevent@0x560690154f98 | free_event_entry: release EVENT_NULL-pe@0x5606901ba728 | add_fd_read_event_handler: new ethX-pe@0x5606901ba728 | libevent_malloc: new ptr-libevent@0x560690154f98 size 128 | setup callback for interface lo 127.0.0.1:500 fd 21 | libevent_free: release ptr-libevent@0x5606901548b8 | free_event_entry: release EVENT_NULL-pe@0x5606901ba7d8 | add_fd_read_event_handler: new ethX-pe@0x5606901ba7d8 | libevent_malloc: new ptr-libevent@0x5606901548b8 size 128 | setup callback for interface eth0 192.0.2.254:4500 fd 20 | libevent_free: release ptr-libevent@0x56069015c178 | free_event_entry: release EVENT_NULL-pe@0x5606901ba888 | add_fd_read_event_handler: new ethX-pe@0x5606901ba888 | libevent_malloc: new ptr-libevent@0x56069015c178 size 128 | setup callback for interface eth0 192.0.2.254:500 fd 19 | libevent_free: release ptr-libevent@0x56069015c278 | free_event_entry: release EVENT_NULL-pe@0x5606901ba938 | add_fd_read_event_handler: new ethX-pe@0x5606901ba938 | libevent_malloc: new ptr-libevent@0x56069015c278 size 128 | setup callback for interface eth1 192.1.2.23:4500 fd 18 | libevent_free: release ptr-libevent@0x56069015c378 | free_event_entry: release EVENT_NULL-pe@0x5606901ba9e8 | add_fd_read_event_handler: new ethX-pe@0x5606901ba9e8 | libevent_malloc: new ptr-libevent@0x56069015c378 size 128 | setup callback for interface eth1 192.1.2.23:500 fd 17 | certs and keys locked by 'free_preshared_secrets' forgetting secrets | certs and keys unlocked by 'free_preshared_secrets' loading secrets from "/etc/ipsec.secrets" | saving Modulus | saving PublicExponent | ignoring PrivateExponent | ignoring Prime1 | ignoring Prime2 | ignoring Exponent1 | ignoring Exponent2 | ignoring Coefficient | ignoring CKAIDNSS | computed rsa CKAID 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 | computed rsa CKAID 8a 82 25 f1 loaded private key for keyid: PKK_RSA:AQO9bJbr3 | certs and keys locked by 'process_secret' | certs and keys unlocked by 'process_secret' | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.261 milliseconds in whack | processing signal PLUTO_SIGCHLD | waitpid returned pid 12706 (exited with status 0) | reaped addconn helper child (status 0) | waitpid returned ECHILD (no child processes left) | spent 0.0132 milliseconds in signal handler PLUTO_SIGCHLD | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | Added new connection san with policy RSASIG+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | ASCII to DN <= "C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west.testing.libreswan.org, E=user-west@testing.libreswan.org" | ASCII to DN => 30 81 b4 31 0b 30 09 06 03 55 04 06 13 02 43 41 | ASCII to DN => 31 10 30 0e 06 03 55 04 08 13 07 4f 6e 74 61 72 | ASCII to DN => 69 6f 31 10 30 0e 06 03 55 04 07 13 07 54 6f 72 | ASCII to DN => 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 13 09 4c | ASCII to DN => 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 | ASCII to DN => 0b 13 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 | ASCII to DN => 6e 74 31 23 30 21 06 03 55 04 03 13 1a 77 65 73 | ASCII to DN => 74 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 | ASCII to DN => 77 61 6e 2e 6f 72 67 31 2e 30 2c 06 09 2a 86 48 | ASCII to DN => 86 f7 0d 01 09 01 16 1f 75 73 65 72 2d 77 65 73 | ASCII to DN => 74 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 | ASCII to DN => 77 61 6e 2e 6f 72 67 | counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west.testing.libreswan.org, E=user-west@testing.libreswan.org is 0 | ASCII to DN <= "C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org" | ASCII to DN => 30 81 b4 31 0b 30 09 06 03 55 04 06 13 02 43 41 | ASCII to DN => 31 10 30 0e 06 03 55 04 08 13 07 4f 6e 74 61 72 | ASCII to DN => 69 6f 31 10 30 0e 06 03 55 04 07 13 07 54 6f 72 | ASCII to DN => 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 13 09 4c | ASCII to DN => 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 | ASCII to DN => 0b 13 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 | ASCII to DN => 6e 74 31 23 30 21 06 03 55 04 03 13 1a 65 61 73 | ASCII to DN => 74 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 | ASCII to DN => 77 61 6e 2e 6f 72 67 31 2e 30 2c 06 09 2a 86 48 | ASCII to DN => 86 f7 0d 01 09 01 16 1f 75 73 65 72 2d 65 61 73 | ASCII to DN => 74 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 | ASCII to DN => 77 61 6e 2e 6f 72 67 | loading right certificate 'east' pubkey | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x5606901bd1f8 | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x5606901bd1a8 | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x5606901bd158 | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x5606901bcee8 | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x5606901bce98 | unreference key: 0x5606901bd248 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org cnt 1-- | certs and keys locked by 'lsw_add_rsa_secret' | certs and keys unlocked by 'lsw_add_rsa_secret' | counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org is 0 | connect_to_host_pair: 192.1.2.23:500 192.1.2.45:500 -> hp@(nil): none | new hp@0x5606901bd158 added connection description "san" | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | 192.1.2.23<192.1.2.23>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org]...192.1.2.45<192.1.2.45>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west.testing.libreswan.org, E=user-west@testing.libreswan.org] | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 1.13 milliseconds in whack | spent 0.00313 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 792 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 55 ac 6d cc 11 b1 6a d0 00 00 00 00 00 00 00 00 | 01 10 02 00 00 00 00 00 00 00 03 18 0d 00 02 84 | 00 00 00 01 00 00 00 01 00 00 02 78 00 01 00 12 | 03 00 00 24 00 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 07 80 02 00 04 80 03 00 03 80 04 00 0e | 80 0e 01 00 03 00 00 24 01 01 00 00 80 0b 00 01 | 80 0c 0e 10 80 01 00 07 80 02 00 04 80 03 00 03 | 80 04 00 0e 80 0e 00 80 03 00 00 24 02 01 00 00 | 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 06 | 80 03 00 03 80 04 00 0e 80 0e 01 00 03 00 00 24 | 03 01 00 00 80 0b 00 01 80 0c 0e 10 80 01 00 07 | 80 02 00 06 80 03 00 03 80 04 00 0e 80 0e 00 80 | 03 00 00 24 04 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 07 80 02 00 02 80 03 00 03 80 04 00 0e | 80 0e 01 00 03 00 00 24 05 01 00 00 80 0b 00 01 | 80 0c 0e 10 80 01 00 07 80 02 00 02 80 03 00 03 | 80 04 00 0e 80 0e 00 80 03 00 00 24 06 01 00 00 | 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 04 | 80 03 00 03 80 04 00 05 80 0e 01 00 03 00 00 24 | 07 01 00 00 80 0b 00 01 80 0c 0e 10 80 01 00 07 | 80 02 00 04 80 03 00 03 80 04 00 05 80 0e 00 80 | 03 00 00 24 08 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 07 80 02 00 06 80 03 00 03 80 04 00 05 | 80 0e 01 00 03 00 00 24 09 01 00 00 80 0b 00 01 | 80 0c 0e 10 80 01 00 07 80 02 00 06 80 03 00 03 | 80 04 00 05 80 0e 00 80 03 00 00 24 0a 01 00 00 | 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 02 | 80 03 00 03 80 04 00 05 80 0e 01 00 03 00 00 24 | 0b 01 00 00 80 0b 00 01 80 0c 0e 10 80 01 00 07 | 80 02 00 02 80 03 00 03 80 04 00 05 80 0e 00 80 | 03 00 00 20 0c 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 05 80 02 00 04 80 03 00 03 80 04 00 0e | 03 00 00 20 0d 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 05 80 02 00 06 80 03 00 03 80 04 00 0e | 03 00 00 20 0e 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 05 80 02 00 02 80 03 00 03 80 04 00 0e | 03 00 00 20 0f 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 05 80 02 00 04 80 03 00 03 80 04 00 05 | 03 00 00 20 10 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 05 80 02 00 06 80 03 00 03 80 04 00 05 | 00 00 00 20 11 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 05 80 02 00 02 80 03 00 03 80 04 00 05 | 0d 00 00 14 40 48 b7 d5 6e bc e8 85 25 e7 de 7f | 00 d6 c2 d3 0d 00 00 14 af ca d7 13 68 a1 f1 c9 | 6b 86 96 fc 77 57 01 00 0d 00 00 14 4a 13 1c 81 | 07 03 58 45 5c 57 28 f2 0e 95 45 2f 0d 00 00 14 | 7d 94 19 a6 53 10 ca 6f 2c 17 9d 92 15 52 9d 56 | 0d 00 00 14 90 cb 80 91 3e bb 69 6e 08 63 81 b5 | ec 42 7b 1f 00 00 00 14 cd 60 46 43 35 df 21 f8 | 7c fd b2 fc 68 b6 a4 48 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 55 ac 6d cc 11 b1 6a d0 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_SA (0x1) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 792 (0x318) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: IKEv1 state not found (find_state_ikev1_init) | #null state always idle | got payload 0x2 (ISAKMP_NEXT_SA) needed: 0x2 opt: 0x2080 | ***parse ISAKMP Security Association Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | length: 644 (0x284) | DOI: ISAKMP_DOI_IPSEC (0x1) | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 | ***parse ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | length: 20 (0x14) | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 | ***parse ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | length: 20 (0x14) | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 | ***parse ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | length: 20 (0x14) | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 | ***parse ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | length: 20 (0x14) | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 | ***parse ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | length: 20 (0x14) | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 | ***parse ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 20 (0x14) | message 'main_inI1_outR1' HASH payload not checked early | received Vendor ID payload [FRAGMENTATION] | received Vendor ID payload [Dead Peer Detection] | quirks.qnat_traversal_vid set to=117 [RFC 3947] | received Vendor ID payload [RFC 3947] | Ignoring older NAT-T Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] | ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] | Ignoring older NAT-T Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] | ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] | Ignoring older NAT-T Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] | ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] | in statetime_start() with no state | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=IKEV1_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=IKEV1_ALLOW | found policy = RSASIG+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (san) | find_next_host_connection returns san | find_next_host_connection policy=IKEV1_ALLOW | find_next_host_connection returns empty | creating state object #1 at 0x5606901c3e48 | State DB: adding IKEv1 state #1 in UNDEFINED | pstats #1 ikev1.isakmp started | #1 updating local interface from to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2669) | start processing: state #1 connection "san" from 192.1.2.45:500 (in main_inI1_outR1() at ikev1_main.c:667) | parent state #1: UNDEFINED(ignore) => MAIN_R0(half-open IKE SA) | sender checking NAT-T: enabled; VID 117 | returning NAT-T method NAT_TRAVERSAL_METHOD_IETF_RFC | enabling possible NAT-traversal with method RFC 3947 (NAT-Traversal) "san" #1: responding to Main Mode | **emit ISAKMP Message: | initiator cookie: | 55 ac 6d cc 11 b1 6a d0 | responder cookie: | 34 73 3a 56 31 f4 19 4a | next payload type: ISAKMP_NEXT_SA (0x1) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | next payload chain: ignoring supplied 'ISAKMP Message'.'next payload type' value 1:ISAKMP_NEXT_SA | ***emit ISAKMP Security Association Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | DOI: ISAKMP_DOI_IPSEC (0x1) | next payload chain: ignoring supplied 'ISAKMP Security Association Payload'.'next payload type' value 13:ISAKMP_NEXT_VID | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Security Association Payload (1:ISAKMP_NEXT_SA) | next payload chain: saving location 'ISAKMP Security Association Payload'.'next payload type' in 'reply packet' | ****parse IPsec DOI SIT: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) | ****parse ISAKMP Proposal Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 632 (0x278) | proposal number: 0 (0x0) | protocol ID: PROTO_ISAKMP (0x1) | SPI size: 0 (0x0) | number of transforms: 18 (0x12) | *****parse ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | length: 36 (0x24) | ISAKMP transform number: 0 (0x0) | ISAKMP transform ID: KEY_IKE (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | [7 is OAKLEY_AES_CBC] | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 4 (0x4) | [4 is OAKLEY_SHA2_256] | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 3 (0x3) | [3 is OAKLEY_RSA_SIG] | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | OAKLEY proposal verified unconditionally; no alg_info to check against | Oakley Transform 0 accepted | ****emit IPsec DOI SIT: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) | ****emit ISAKMP Proposal Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | proposal number: 0 (0x0) | protocol ID: PROTO_ISAKMP (0x1) | SPI size: 0 (0x0) | number of transforms: 1 (0x1) | last substructure: saving location 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP transform number: 0 (0x0) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | emitting 28 raw bytes of attributes into ISAKMP Transform Payload (ISAKMP) | attributes 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 04 | attributes 80 03 00 03 80 04 00 0e 80 0e 01 00 | emitting length of ISAKMP Transform Payload (ISAKMP): 36 | emitting length of ISAKMP Proposal Payload: 44 | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is 0 | emitting length of ISAKMP Security Association Payload: 56 | last substructure: checking 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' is 0 | out_vid(): sending [FRAGMENTATION] | ***emit ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | next payload chain: ignoring supplied 'ISAKMP Vendor ID Payload'.'next payload type' value 13:ISAKMP_NEXT_VID | next payload chain: setting previous 'ISAKMP Security Association Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload | V_ID 40 48 b7 d5 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3 | emitting length of ISAKMP Vendor ID Payload: 20 | out_vid(): sending [Dead Peer Detection] | ***emit ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload | V_ID af ca d7 13 68 a1 f1 c9 6b 86 96 fc 77 57 01 00 | emitting length of ISAKMP Vendor ID Payload: 20 | out_vid(): sending [RFC 3947] | ***emit ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload | V_ID 4a 13 1c 81 07 03 58 45 5c 57 28 f2 0e 95 45 2f | emitting length of ISAKMP Vendor ID Payload: 20 | no IKEv1 message padding required | emitting length of ISAKMP Message: 144 | complete v1 state transition with STF_OK | [RE]START processing: state #1 connection "san" from 192.1.2.45:500 (in complete_v1_state_transition() at ikev1.c:2673) | #1 is idle | doing_xauth:no, t_xauth_client_done:no | peer supports fragmentation | peer supports DPD | IKEv1: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 | parent state #1: MAIN_R0(half-open IKE SA) => MAIN_R1(open IKE SA) | event_already_set, deleting event | sending reply packet to 192.1.2.45:500 (from 192.1.2.23:500) | sending 144 bytes for STATE_MAIN_R0 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #1) | 55 ac 6d cc 11 b1 6a d0 34 73 3a 56 31 f4 19 4a | 01 10 02 00 00 00 00 00 00 00 00 90 0d 00 00 38 | 00 00 00 01 00 00 00 01 00 00 00 2c 00 01 00 01 | 00 00 00 24 00 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 07 80 02 00 04 80 03 00 03 80 04 00 0e | 80 0e 01 00 0d 00 00 14 40 48 b7 d5 6e bc e8 85 | 25 e7 de 7f 00 d6 c2 d3 0d 00 00 14 af ca d7 13 | 68 a1 f1 c9 6b 86 96 fc 77 57 01 00 00 00 00 14 | 4a 13 1c 81 07 03 58 45 5c 57 28 f2 0e 95 45 2f | !event_already_set at reschedule | event_schedule: new EVENT_SO_DISCARD-pe@0x5606901c09e8 | inserting event EVENT_SO_DISCARD, timeout in 60 seconds for #1 | libevent_malloc: new ptr-libevent@0x5606901bcde8 size 128 "san" #1: STATE_MAIN_R1: sent MR1, expecting MI2 | modecfg pull: noquirk policy:push not-client | phase 1 is done, looking for phase 2 to unpend | stop processing: from 192.1.2.45:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "san" from 192.1.2.45:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.485 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00234 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 396 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 55 ac 6d cc 11 b1 6a d0 34 73 3a 56 31 f4 19 4a | 04 10 02 00 00 00 00 00 00 00 01 8c 0a 00 01 04 | 6c 91 b6 1e bc 7a 9c e2 4f 3e 4e 6a 27 67 a4 f8 | 14 a3 60 ea 7e 7b b3 7f 42 45 12 3d 86 02 a9 33 | fa 86 68 6b c9 e4 6e 33 da 65 4e 36 5a 68 de 97 | dc 85 52 09 ad 84 37 83 1c ef 4e 1c 4d 19 2c 8d | c0 09 f0 e0 66 ba b6 14 c2 c5 2f f1 28 a3 8a 2e | de 2f 62 a4 9c c2 6d d6 b7 c5 02 0d 1e 84 ef cd | c4 a1 26 1d 90 44 07 63 75 70 11 a4 b9 85 ab 43 | e7 5d 09 90 b2 6c 88 7c 82 6e e5 58 bc 72 97 47 | 75 80 21 ab d2 60 83 6c 58 79 31 cd 22 14 46 2e | f5 ad 1e d0 fe bd d1 42 bf 04 ee 28 c9 8e 94 70 | 90 f1 6e 22 be 43 b1 16 12 8b 1e 99 3f 7b 40 dc | 64 0e fd 38 bb 77 cb 42 7e 50 f9 b5 6b b4 9a af | ea 5c 18 7d 04 ee 62 ce dc f8 e0 67 29 d8 9e 87 | 60 7c 6b a9 85 c6 9c cc 01 f7 23 42 81 65 78 99 | 9d c2 9a f5 0b 67 c6 24 e4 5f 40 cc 20 0c 47 da | 4b 24 1b 10 e7 d4 fd 7d fd 9a 41 c5 c5 04 a4 00 | 14 00 00 24 65 a4 69 8b 26 8f b8 66 94 be 75 39 | 2b 99 e4 bb 66 74 c0 62 38 06 88 fd 08 c4 44 6f | f4 bb 55 16 14 00 00 24 6d c9 b4 1c 6f 8e 59 50 | 3a 9d 6c 0f 2e 22 c4 33 35 11 8c 4a c9 01 d7 d7 | 44 12 7b c7 c1 95 74 6d 00 00 00 24 67 85 74 65 | 83 ff 78 4c 35 61 e3 c0 b8 df e6 a6 3a 92 cd 7f | c5 6b 98 64 1d 4a 08 04 60 4c f7 e8 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 55 ac 6d cc 11 b1 6a d0 | responder cookie: | 34 73 3a 56 31 f4 19 4a | next payload type: ISAKMP_NEXT_KE (0x4) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 396 (0x18c) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R1 (find_state_ikev1) | start processing: state #1 connection "san" from 192.1.2.45:500 (in process_v1_packet() at ikev1.c:1459) | #1 is idle | #1 idle | got payload 0x10 (ISAKMP_NEXT_KE) needed: 0x410 opt: 0x102080 | ***parse ISAKMP Key Exchange Payload: | next payload type: ISAKMP_NEXT_NONCE (0xa) | length: 260 (0x104) | got payload 0x400 (ISAKMP_NEXT_NONCE) needed: 0x400 opt: 0x102080 | ***parse ISAKMP Nonce Payload: | next payload type: ISAKMP_NEXT_NATD_RFC (0x14) | length: 36 (0x24) | got payload 0x100000 (ISAKMP_NEXT_NATD_RFC) needed: 0x0 opt: 0x102080 | ***parse ISAKMP NAT-D Payload: | next payload type: ISAKMP_NEXT_NATD_RFC (0x14) | length: 36 (0x24) | got payload 0x100000 (ISAKMP_NEXT_NATD_RFC) needed: 0x0 opt: 0x102080 | ***parse ISAKMP NAT-D Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 36 (0x24) | message 'main_inI2_outR2' HASH payload not checked early | init checking NAT-T: enabled; RFC 3947 (NAT-Traversal) | natd_hash: hasher=0x56068eb8aca0(32) | natd_hash: icookie= 55 ac 6d cc 11 b1 6a d0 | natd_hash: rcookie= 34 73 3a 56 31 f4 19 4a | natd_hash: ip= c0 01 02 17 | natd_hash: port=500 | natd_hash: hash= 6d c9 b4 1c 6f 8e 59 50 3a 9d 6c 0f 2e 22 c4 33 | natd_hash: hash= 35 11 8c 4a c9 01 d7 d7 44 12 7b c7 c1 95 74 6d | natd_hash: hasher=0x56068eb8aca0(32) | natd_hash: icookie= 55 ac 6d cc 11 b1 6a d0 | natd_hash: rcookie= 34 73 3a 56 31 f4 19 4a | natd_hash: ip= c0 01 02 2d | natd_hash: port=500 | natd_hash: hash= 67 85 74 65 83 ff 78 4c 35 61 e3 c0 b8 df e6 a6 | natd_hash: hash= 3a 92 cd 7f c5 6b 98 64 1d 4a 08 04 60 4c f7 e8 | expected NAT-D(me): 6d c9 b4 1c 6f 8e 59 50 3a 9d 6c 0f 2e 22 c4 33 | expected NAT-D(me): 35 11 8c 4a c9 01 d7 d7 44 12 7b c7 c1 95 74 6d | expected NAT-D(him): | 67 85 74 65 83 ff 78 4c 35 61 e3 c0 b8 df e6 a6 | 3a 92 cd 7f c5 6b 98 64 1d 4a 08 04 60 4c f7 e8 | received NAT-D: 6d c9 b4 1c 6f 8e 59 50 3a 9d 6c 0f 2e 22 c4 33 | received NAT-D: 35 11 8c 4a c9 01 d7 d7 44 12 7b c7 c1 95 74 6d | received NAT-D: 67 85 74 65 83 ff 78 4c 35 61 e3 c0 b8 df e6 a6 | received NAT-D: 3a 92 cd 7f c5 6b 98 64 1d 4a 08 04 60 4c f7 e8 | NAT_TRAVERSAL encaps using auto-detect | NAT_TRAVERSAL this end is NOT behind NAT | NAT_TRAVERSAL that end is NOT behind NAT | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.45 | NAT-Traversal: Result using RFC 3947 (NAT-Traversal) sender port 500: no NAT detected | NAT_T_WITH_KA detected | global one-shot timer EVENT_NAT_T_KEEPALIVE scheduled in 20 seconds | adding inI2_outR2 KE work-order 1 for state #1 | state #1 requesting EVENT_SO_DISCARD to be deleted | libevent_free: release ptr-libevent@0x5606901bcde8 | free_event_entry: release EVENT_SO_DISCARD-pe@0x5606901c09e8 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x5606901c09e8 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 | libevent_malloc: new ptr-libevent@0x5606901c1368 size 128 | complete v1 state transition with STF_SUSPEND | [RE]START processing: state #1 connection "san" from 192.1.2.45:500 (in complete_v1_state_transition() at ikev1.c:2648) | suspending state #1 and saving MD | #1 is busy; has a suspended MD | #1 spent 0.118 milliseconds in process_packet_tail() | stop processing: from 192.1.2.45:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "san" from 192.1.2.45:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.232 milliseconds in comm_handle_cb() reading and processing packet | crypto helper 0 resuming | crypto helper 0 starting work-order 1 for state #1 | crypto helper 0 doing build KE and nonce (inI2_outR2 KE); request ID 1 | crypto helper 0 finished build KE and nonce (inI2_outR2 KE); request ID 1 time elapsed 0.000882 seconds | (#1) spent 0.88 milliseconds in crypto helper computing work-order 1: inI2_outR2 KE (pcr) | crypto helper 0 sending results from work-order 1 for state #1 to event queue | scheduling resume sending helper answer for #1 | libevent_malloc: new ptr-libevent@0x7fee58002888 size 128 | crypto helper 0 waiting (nothing to do) | processing resume sending helper answer for #1 | start processing: state #1 connection "san" from 192.1.2.45:500 (in resume_handler() at server.c:797) | crypto helper 0 replies to request ID 1 | calling continuation function 0x56068eab5b50 | main_inI2_outR2_continue for #1: calculated ke+nonce, sending R2 | **emit ISAKMP Message: | initiator cookie: | 55 ac 6d cc 11 b1 6a d0 | responder cookie: | 34 73 3a 56 31 f4 19 4a | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit ISAKMP Key Exchange Payload: | next payload type: ISAKMP_NEXT_NONCE (0xa) | next payload chain: ignoring supplied 'ISAKMP Key Exchange Payload'.'next payload type' value 10:ISAKMP_NEXT_NONCE | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Key Exchange Payload (4:ISAKMP_NEXT_KE) | next payload chain: saving location 'ISAKMP Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of keyex value into ISAKMP Key Exchange Payload | keyex value ff bd 3c 3d df f3 93 0a ad dc c2 e8 c6 d3 ec 4e | keyex value 7d 2e 30 fc 7c 53 a4 5f 9e ba ea 18 5f e4 a2 db | keyex value 7a 9a 77 91 6e 9f 79 29 73 f9 6f 66 9e 0a 60 53 | keyex value e5 68 b0 71 29 30 d3 71 10 71 db 87 3c 5f b0 a6 | keyex value bc 5f 41 4c 03 d7 68 c0 97 f2 86 c3 52 83 ef e8 | keyex value f1 ab 63 a5 f0 2b f9 ca be 36 f7 6f c8 26 30 9c | keyex value a7 75 a1 b4 38 9e 74 cc 64 87 ef 60 28 d9 77 ec | keyex value f8 0a 59 9a bf 1d 1e 93 39 ab e0 e4 91 31 8b 62 | keyex value 14 f9 cb e9 89 02 1f ac b1 76 77 5e 42 6a 1c 4b | keyex value bb b4 e2 16 5f 59 0e 65 d0 d7 fc e2 eb 03 31 78 | keyex value d7 2a 52 d2 de 45 10 80 99 d4 0c d7 11 ab 1e cd | keyex value f6 f1 0f af df 16 6a b7 36 da 81 a0 d7 0e f9 65 | keyex value e3 0a e2 dd b8 f1 c5 c6 fa b6 f7 bc f6 c2 f7 36 | keyex value aa 25 3c ce ea ce d8 c3 be 44 d0 8d 87 02 67 0e | keyex value d6 01 d3 43 6d 7e af b2 b3 d5 c3 5b 93 37 b9 c8 | keyex value 05 e7 ca 97 67 42 b1 c5 29 0f 89 51 9f ac 73 56 | emitting length of ISAKMP Key Exchange Payload: 260 | ***emit ISAKMP Nonce Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Key Exchange Payload'.'next payload type' to current ISAKMP Nonce Payload (10:ISAKMP_NEXT_NONCE) | next payload chain: saving location 'ISAKMP Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of Nr into ISAKMP Nonce Payload | Nr b6 45 ee 15 e5 be 8f 6d 74 a9 2f a0 ad a3 43 74 | Nr 5a 59 d6 da 99 33 be ef 82 5c b4 c1 88 f3 19 00 | emitting length of ISAKMP Nonce Payload: 36 | sending NAT-D payloads | natd_hash: hasher=0x56068eb8aca0(32) | natd_hash: icookie= 55 ac 6d cc 11 b1 6a d0 | natd_hash: rcookie= 34 73 3a 56 31 f4 19 4a | natd_hash: ip= c0 01 02 2d | natd_hash: port=500 | natd_hash: hash= 67 85 74 65 83 ff 78 4c 35 61 e3 c0 b8 df e6 a6 | natd_hash: hash= 3a 92 cd 7f c5 6b 98 64 1d 4a 08 04 60 4c f7 e8 | ***emit ISAKMP NAT-D Payload: | next payload type: ISAKMP_NEXT_NATD_RFC (0x14) | next payload chain: ignoring supplied 'ISAKMP NAT-D Payload'.'next payload type' value 20:ISAKMP_NEXT_NATD_RFC | next payload chain: setting previous 'ISAKMP Nonce Payload'.'next payload type' to current ISAKMP NAT-D Payload (20:ISAKMP_NEXT_NATD_RFC) | next payload chain: saving location 'ISAKMP NAT-D Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of NAT-D into ISAKMP NAT-D Payload | NAT-D 67 85 74 65 83 ff 78 4c 35 61 e3 c0 b8 df e6 a6 | NAT-D 3a 92 cd 7f c5 6b 98 64 1d 4a 08 04 60 4c f7 e8 | emitting length of ISAKMP NAT-D Payload: 36 | natd_hash: hasher=0x56068eb8aca0(32) | natd_hash: icookie= 55 ac 6d cc 11 b1 6a d0 | natd_hash: rcookie= 34 73 3a 56 31 f4 19 4a | natd_hash: ip= c0 01 02 17 | natd_hash: port=500 | natd_hash: hash= 6d c9 b4 1c 6f 8e 59 50 3a 9d 6c 0f 2e 22 c4 33 | natd_hash: hash= 35 11 8c 4a c9 01 d7 d7 44 12 7b c7 c1 95 74 6d | ***emit ISAKMP NAT-D Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP NAT-D Payload'.'next payload type' to current ISAKMP NAT-D Payload (20:ISAKMP_NEXT_NATD_RFC) | next payload chain: saving location 'ISAKMP NAT-D Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of NAT-D into ISAKMP NAT-D Payload | NAT-D 6d c9 b4 1c 6f 8e 59 50 3a 9d 6c 0f 2e 22 c4 33 | NAT-D 35 11 8c 4a c9 01 d7 d7 44 12 7b c7 c1 95 74 6d | emitting length of ISAKMP NAT-D Payload: 36 | no IKEv1 message padding required | emitting length of ISAKMP Message: 396 | main inI2_outR2: starting async DH calculation (group=14) | started looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west.testing.libreswan.org, E=user-west@testing.libreswan.org of kind PKK_PSK | actually looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west.testing.libreswan.org, E=user-west@testing.libreswan.org of kind PKK_PSK | line 0: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org) to type PKK_RSA | line 1: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org) to type PKK_RSA | concluding with best_match=000 best=(nil) (lineno=-1) | no PreShared Key Found | adding main_inI2_outR2_tail work-order 2 for state #1 | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x5606901c1368 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x5606901c09e8 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x5606901c09e8 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 | libevent_malloc: new ptr-libevent@0x5606901c1418 size 128 | #1 main_inI2_outR2_continue1_tail:1165 st->st_calculating = FALSE; | complete v1 state transition with STF_OK | [RE]START processing: state #1 connection "san" from 192.1.2.45:500 (in complete_v1_state_transition() at ikev1.c:2673) | #1 is idle; has background offloaded task | doing_xauth:no, t_xauth_client_done:no | IKEv1: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2 | crypto helper 1 resuming | parent state #1: MAIN_R1(open IKE SA) => MAIN_R2(open IKE SA) | event_already_set, deleting event | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x5606901c1418 | crypto helper 1 starting work-order 2 for state #1 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x5606901c09e8 | crypto helper 1 doing compute dh+iv (V1 Phase 1) (main_inI2_outR2_tail); request ID 2 | sending reply packet to 192.1.2.45:500 (from 192.1.2.23:500) | sending 396 bytes for STATE_MAIN_R1 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #1) | 55 ac 6d cc 11 b1 6a d0 34 73 3a 56 31 f4 19 4a | 04 10 02 00 00 00 00 00 00 00 01 8c 0a 00 01 04 | ff bd 3c 3d df f3 93 0a ad dc c2 e8 c6 d3 ec 4e | 7d 2e 30 fc 7c 53 a4 5f 9e ba ea 18 5f e4 a2 db | 7a 9a 77 91 6e 9f 79 29 73 f9 6f 66 9e 0a 60 53 | e5 68 b0 71 29 30 d3 71 10 71 db 87 3c 5f b0 a6 | bc 5f 41 4c 03 d7 68 c0 97 f2 86 c3 52 83 ef e8 | f1 ab 63 a5 f0 2b f9 ca be 36 f7 6f c8 26 30 9c | a7 75 a1 b4 38 9e 74 cc 64 87 ef 60 28 d9 77 ec | f8 0a 59 9a bf 1d 1e 93 39 ab e0 e4 91 31 8b 62 | 14 f9 cb e9 89 02 1f ac b1 76 77 5e 42 6a 1c 4b | bb b4 e2 16 5f 59 0e 65 d0 d7 fc e2 eb 03 31 78 | d7 2a 52 d2 de 45 10 80 99 d4 0c d7 11 ab 1e cd | f6 f1 0f af df 16 6a b7 36 da 81 a0 d7 0e f9 65 | e3 0a e2 dd b8 f1 c5 c6 fa b6 f7 bc f6 c2 f7 36 | aa 25 3c ce ea ce d8 c3 be 44 d0 8d 87 02 67 0e | d6 01 d3 43 6d 7e af b2 b3 d5 c3 5b 93 37 b9 c8 | 05 e7 ca 97 67 42 b1 c5 29 0f 89 51 9f ac 73 56 | 14 00 00 24 b6 45 ee 15 e5 be 8f 6d 74 a9 2f a0 | ad a3 43 74 5a 59 d6 da 99 33 be ef 82 5c b4 c1 | 88 f3 19 00 14 00 00 24 67 85 74 65 83 ff 78 4c | 35 61 e3 c0 b8 df e6 a6 3a 92 cd 7f c5 6b 98 64 | 1d 4a 08 04 60 4c f7 e8 00 00 00 24 6d c9 b4 1c | 6f 8e 59 50 3a 9d 6c 0f 2e 22 c4 33 35 11 8c 4a | c9 01 d7 d7 44 12 7b c7 c1 95 74 6d | !event_already_set at reschedule | event_schedule: new EVENT_RETRANSMIT-pe@0x5606901c09e8 | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #1 | libevent_malloc: new ptr-libevent@0x5606901c1418 size 128 | #1 STATE_MAIN_R2: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 10466.723841 "san" #1: STATE_MAIN_R2: sent MR2, expecting MI3 | modecfg pull: noquirk policy:push not-client | phase 1 is done, looking for phase 2 to unpend | resume sending helper answer for #1 suppresed complete_v1_state_transition() | #1 spent 0.33 milliseconds in resume sending helper answer | stop processing: state #1 connection "san" from 192.1.2.45:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7fee58002888 | crypto helper 1 finished compute dh+iv (V1 Phase 1) (main_inI2_outR2_tail); request ID 2 time elapsed 0.000788 seconds | (#1) spent 0.783 milliseconds in crypto helper computing work-order 2: main_inI2_outR2_tail (pcr) | crypto helper 1 sending results from work-order 2 for state #1 to event queue | scheduling resume sending helper answer for #1 | libevent_malloc: new ptr-libevent@0x7fee50000f48 size 128 | crypto helper 1 waiting (nothing to do) | processing resume sending helper answer for #1 | start processing: state #1 connection "san" from 192.1.2.45:500 (in resume_handler() at server.c:797) | crypto helper 1 replies to request ID 2 | calling continuation function 0x56068eab5b50 | main_inI2_outR2_calcdone for #1: calculate DH finished | [RE]START processing: state #1 connection "san" from 192.1.2.45:500 (in main_inI2_outR2_continue2() at ikev1_main.c:1015) | stop processing: state #1 connection "san" from 192.1.2.45:500 (in main_inI2_outR2_continue2() at ikev1_main.c:1028) | resume sending helper answer for #1 suppresed complete_v1_state_transition() | #1 spent 0.0125 milliseconds in resume sending helper answer | processing: STOP state #0 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7fee50000f48 | spent 0.0026 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 1884 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 55 ac 6d cc 11 b1 6a d0 34 73 3a 56 31 f4 19 4a | 05 10 02 01 00 00 00 00 00 00 07 5c 06 bd 18 10 | c3 2e 2b a0 ab 87 f6 e9 e3 87 56 20 e2 9c ca f8 | 9e 59 2e e0 d1 e2 a0 fc af df d8 9d 2f bc 97 09 | 17 83 11 8e 6b 35 87 16 51 08 74 11 a8 79 09 0b | 9a 29 9c 9d 8a 69 c5 81 c4 4d 0a bd 98 87 ac 47 | eb b1 d2 ef d8 fe 3c 35 a9 3d 1c d4 57 9f 10 84 | 78 b9 db b5 cb 7b 03 9c db 7e 06 ce 47 6c 4b ca | 4b 30 ae e3 9d c8 09 ff 1a 6d b4 16 c0 39 33 2f | 2a 43 45 40 67 83 6d 93 22 22 8d 6b ee 7f 12 16 | 01 01 06 ad 46 62 1a 63 d8 0c 3b 36 a1 7e a2 3f | df f1 45 d6 28 00 ec e0 78 76 6e b5 4e 5e d3 11 | ae 3c f2 76 fb 73 50 9a 66 0e c1 a0 b4 9c 82 53 | 26 e5 b0 81 fb 0a 2a 46 c4 18 c6 4f 05 a5 75 f3 | 6f 01 25 2d 24 c1 cc cb 11 c0 66 fb 8b 34 a3 80 | 3f 3b 8e ee 24 46 8d 25 00 69 34 29 ff c9 a4 45 | 79 df 4c a2 c7 40 dd d9 47 10 03 8a 2a f1 0e c7 | 5e 78 d6 ea c3 90 e9 d1 a1 d0 5c 1a 0f 06 36 90 | 64 c8 d4 90 dc 43 dd d9 8c d1 fc 5b 18 84 47 c4 | c9 39 7c ca 74 9e 80 5d f8 52 26 af 95 ce cf f5 | f3 dd 0d bf 93 45 a8 29 87 85 7a 70 76 f5 af c2 | 72 92 bf da 59 2c 14 6a b1 3a ca 04 15 91 51 10 | d8 cf 09 ec 94 44 4f 11 ba b4 32 9a e8 1e d2 73 | dc 75 5a 4d ba 12 42 70 80 30 3d 7e f5 45 9f 7e | 57 c3 30 f8 83 68 9b 43 f5 c1 84 0d 76 50 cb 54 | 9d b2 ae cf 9b cf 1c eb 49 41 bc 71 e6 a1 67 5f | 00 4f f1 64 88 2b ec b1 44 4e f3 76 9d 74 94 3b | 28 c4 48 89 c6 e9 c1 44 5e 57 7b 53 6a b8 5a fe | 37 9e 7a 68 bb 1c fb 3e 15 01 96 cf d2 1d 59 83 | d9 89 88 98 3c c3 60 f2 b7 10 38 64 f2 bd b0 09 | e8 53 b4 39 9d 96 93 16 49 d1 11 69 80 e2 21 29 | 68 5b ba 7f 8a a7 9e d3 41 7a 50 51 b3 1e 7e f0 | 64 0d e5 ac 2e 7d d8 ae f3 08 b9 f6 ab 85 99 ef | 9f c1 3d de 2f d8 37 97 7e a0 96 09 4f 0a a3 e9 | d8 66 94 2c 4f 82 e7 61 26 95 c9 f7 da f2 52 ee | d2 29 e6 fc 90 30 60 c7 27 e1 c7 c1 52 5c 1b f4 | 69 0a 82 5d 62 d3 2a db 28 1a 2d df ae fe 8b 89 | 5f 99 4a 09 4e 1f 3c 1c e2 a5 9e 81 b7 c3 76 24 | a6 cf 2e 22 ba 1e 19 cc 7f de 6f 72 4e a0 ff a1 | 4d 3d f5 ad cd 7d 79 b6 c3 c5 0d 1d bb 01 b4 7a | 05 e8 58 49 e0 39 71 5b 6c fa 10 ca 62 fa 7a ee | 50 c7 fe ab 18 fd ca 92 ef f0 ae 90 83 8d a2 5f | 7a 3e 0a 58 c5 9a 14 c9 8d 6c 00 a9 93 c2 21 ab | 91 79 00 62 7d 5f 9a 2c 4d d0 5e ae 15 2f 62 f7 | 65 35 9b 8d 3a 15 ce d4 91 d4 05 14 ce 6d 4e b9 | 7d e1 e4 58 96 d6 73 bd 82 61 d6 d6 fa 63 ff 7a | 5b 08 b3 0c a8 1b 89 e8 29 29 8e cf 54 20 8a cb | 9a be f5 ab c1 90 67 cf 49 69 17 21 61 00 1b 78 | b9 3e be 70 7e fd fd d0 de 50 77 d6 36 ec d4 48 | 43 b2 09 d2 5b d2 47 22 c0 85 9b ee 93 e2 63 53 | b6 5c 62 f5 71 5a 2a d2 2f d2 70 e7 8e 56 21 c8 | 8b 72 51 a6 e2 68 13 72 2a 96 7d 38 07 cc 57 d2 | ba b2 ba 9f bf 1b 68 7c 9e 2b 5e 97 8d 11 30 46 | 2c e0 af cd fd c9 56 a3 35 04 38 70 a1 8e 25 7a | d6 aa ef b2 e3 ba 13 09 13 c1 ee 33 23 bb fa 81 | 88 f9 47 0e 1e 3a ff 42 aa 4d 06 4a 37 fc 9f 48 | 8a fa c3 35 d6 e9 36 03 d4 40 3f fb f6 93 61 85 | c6 c2 25 3a 19 e3 b4 da 15 a2 ce 1e 69 9e 66 e1 | ee 1b c0 3b 01 b2 e7 b9 fc 57 96 22 2d 13 f6 6e | b4 ef 8e da 79 7c 8f b5 98 c5 5a e1 65 ff 00 ed | cd e7 21 42 fd f1 9d 7e b0 ec ab 57 c5 38 f8 00 | a5 47 5e e7 41 47 ce d9 d3 5b 2b 04 13 d3 07 d8 | 21 ec ca 57 b7 c7 89 1f 11 eb 14 3a c1 59 c0 29 | c6 c4 94 11 92 e8 37 75 c8 19 43 90 8e 2d 05 44 | cd 17 73 5b b3 4b 39 7e 08 3f bf ab d1 5d aa 92 | 56 bb 2f db e2 d7 b3 90 f4 22 44 94 b0 75 4a 0d | 3a 3d 8a 0a 67 bc dc 6d f8 1f 83 c2 6c ea ef c5 | c2 e3 ed be 8e 1e 5d 54 54 64 7f 6a 1f a3 81 83 | 1f 88 84 21 d7 12 32 70 98 c7 03 05 7a 68 e8 45 | a5 99 66 64 82 79 c7 93 d5 9d e4 a4 41 cd 6f 32 | 90 cd a6 2d c3 ee f2 1b f6 6c db bb 60 fd d3 eb | 75 79 36 30 5e f9 9a 50 97 87 4f 32 0c 30 94 f6 | ac e6 1f 6d 4b 4e f5 91 85 3f aa 2a d3 48 f7 32 | ef 6a 25 ff b4 df 61 2d a8 ba 02 f3 f6 19 22 b0 | 2b 82 e3 72 21 16 9c 01 f4 d0 ab fc 12 b3 dd 13 | 29 d4 11 96 8d 83 3c 32 bf 92 79 ea 7c 5e a3 46 | 2c 96 9b b5 7b 17 9e fa 81 d6 47 3c cf 72 2e a2 | 14 d5 4a a3 07 21 e8 4b bc 46 55 ab 9a 6d fc e3 | 95 9a 1b f4 73 62 ed 78 0e d7 f0 c0 50 7c e8 56 | 86 f9 28 c3 56 de 2f f5 de c7 2d a1 25 43 1d a2 | 09 79 6b e8 ca aa 2f 1b 89 e7 0b f4 9c 19 ef 61 | 8f fa f3 08 65 69 f6 1c 3f 84 62 ef e7 0d be 21 | 10 f9 80 1e 40 55 65 4a 5b 8b ce 63 a5 69 b3 82 | 38 65 ae 3f d8 3a ec 49 cf a2 e9 d8 3c 66 9a 17 | 3b 07 1a 63 6d 86 aa 3b fe 37 aa d9 39 60 5d 65 | 7c a2 4d 49 f7 b7 bf 5f 7c 57 9b b5 b9 dd fe 4c | c1 d8 24 bd 29 f0 c8 39 24 70 c7 2f 51 db 55 c2 | 71 3f c9 87 a8 a2 8c 28 f1 61 04 be d7 15 a3 38 | 13 ca 69 26 1a 53 12 01 41 46 f3 6c 38 c9 75 0b | f5 e7 93 c8 f4 96 80 97 65 f8 66 da 5c 74 8a 34 | 3c c3 bf 11 50 dc 83 a9 0b 1a 37 1f 2b 09 aa 4e | 6a 73 78 0f c9 fe 9e cb f9 c9 47 30 64 1d 9e 2a | 58 4c 54 02 49 d7 ff 98 2c ed 78 1c 5a 73 e7 b8 | 75 21 b9 04 db cd 3c 07 8a 83 44 2e 4d f4 6e 11 | dc 11 20 e2 73 9d ef 28 67 52 f6 55 5b 05 f3 77 | 08 13 2e f5 e4 2c f3 5d f7 e9 58 3c 04 d5 83 0d | 72 6e d8 7b 1c 22 04 ee 59 46 fa ee 59 15 15 18 | 5f c1 82 af 19 2b b9 21 a5 53 74 11 97 f0 fc 10 | f0 26 dd b4 4d 69 70 e6 4b 47 58 b9 42 44 0a 8a | 7e bb 92 f8 a9 9c 7b 09 5f 9c 3c 64 af ed 84 12 | 0e 7a 4c 8c 76 07 0d c2 aa 10 8d 88 a0 9c 56 d3 | c4 32 cb d3 1f 2c 98 bf 26 8f 10 52 d8 2d 21 48 | c2 2a a6 56 57 32 26 68 8c f8 01 a5 63 2a be 66 | 7f 30 de 77 13 6d 10 e4 00 de fb 65 c2 9a 11 47 | dc d6 94 e7 cb b3 aa 95 62 02 05 55 22 fb e8 80 | f6 e3 08 f8 72 0b 2d 58 67 63 ca 68 fe 63 b9 02 | 6f 96 9c 6a 52 c0 df 24 9c c0 84 f1 6d a1 6e 8e | c1 ed 0d ea 9d 59 0b 96 d3 5a 66 42 b3 66 15 26 | fc 10 20 e8 3c 7e 37 a6 75 03 c5 b3 47 e5 fa ec | 46 6c f5 7f 97 e2 cc 11 51 00 eb 83 ea 99 07 ec | ba 7f af 66 37 a0 49 4f 13 c6 41 32 0c 08 38 8b | e5 53 8d e2 0a 15 b6 11 25 21 50 cd 49 44 e8 30 | d9 ee c0 9e f8 9a 1b 72 24 b7 9a 7b de 4c 81 c2 | 20 1f b2 bf 8b bd 37 01 02 26 cb 81 4f ab 4e a4 | 70 9a 00 56 6f a9 76 67 34 01 ee 10 98 d1 35 fa | 5a 4b a6 d8 c7 c8 e6 f0 c3 e3 e5 9e c6 15 e9 c1 | 90 28 7f 5c 5d d9 fc 83 75 fd 42 09 03 9f 63 32 | 66 77 9a 38 5a 80 cd 68 d4 42 5a c6 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 55 ac 6d cc 11 b1 6a d0 | responder cookie: | 34 73 3a 56 31 f4 19 4a | next payload type: ISAKMP_NEXT_ID (0x5) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 0 (0x0) | length: 1884 (0x75c) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) | start processing: state #1 connection "san" from 192.1.2.45:500 (in process_v1_packet() at ikev1.c:1459) | #1 is idle | #1 idle | received encrypted packet from 192.1.2.45:500 | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x220 opt: 0x20c0 | ***parse ISAKMP Identification Payload: | next payload type: ISAKMP_NEXT_CERT (0x6) | length: 191 (0xbf) | ID type: ID_DER_ASN1_DN (0x9) | DOI specific A: 0 (0x0) | DOI specific B: 0 (0x0) | obj: 30 81 b4 31 0b 30 09 06 03 55 04 06 13 02 43 41 | obj: 31 10 30 0e 06 03 55 04 08 13 07 4f 6e 74 61 72 | obj: 69 6f 31 10 30 0e 06 03 55 04 07 13 07 54 6f 72 | obj: 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 13 09 4c | obj: 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 | obj: 0b 13 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 | obj: 6e 74 31 23 30 21 06 03 55 04 03 13 1a 77 65 73 | obj: 74 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 | obj: 77 61 6e 2e 6f 72 67 31 2e 30 2c 06 09 2a 86 48 | obj: 86 f7 0d 01 09 01 16 1f 75 73 65 72 2d 77 65 73 | obj: 74 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 | obj: 77 61 6e 2e 6f 72 67 | got payload 0x40 (ISAKMP_NEXT_CERT) needed: 0x200 opt: 0x20c0 | ***parse ISAKMP Certificate Payload: | next payload type: ISAKMP_NEXT_CR (0x7) | length: 1265 (0x4f1) | cert encoding: CERT_X509_SIGNATURE (0x4) | got payload 0x80 (ISAKMP_NEXT_CR) needed: 0x200 opt: 0x20c0 | ***parse ISAKMP Certificate RequestPayload: | next payload type: ISAKMP_NEXT_SIG (0x9) | length: 5 (0x5) | cert type: CERT_X509_SIGNATURE (0x4) | got payload 0x200 (ISAKMP_NEXT_SIG) needed: 0x200 opt: 0x20c0 | ***parse ISAKMP Signature Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 388 (0x184) | removing 7 bytes of padding | message 'main_inI3_outR3' HASH payload not checked early | DER ASN1 DN: 30 81 b4 31 0b 30 09 06 03 55 04 06 13 02 43 41 | DER ASN1 DN: 31 10 30 0e 06 03 55 04 08 13 07 4f 6e 74 61 72 | DER ASN1 DN: 69 6f 31 10 30 0e 06 03 55 04 07 13 07 54 6f 72 | DER ASN1 DN: 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 13 09 4c | DER ASN1 DN: 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 | DER ASN1 DN: 0b 13 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 | DER ASN1 DN: 6e 74 31 23 30 21 06 03 55 04 03 13 1a 77 65 73 | DER ASN1 DN: 74 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 | DER ASN1 DN: 77 61 6e 2e 6f 72 67 31 2e 30 2c 06 09 2a 86 48 | DER ASN1 DN: 86 f7 0d 01 09 01 16 1f 75 73 65 72 2d 77 65 73 | DER ASN1 DN: 74 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 | DER ASN1 DN: 77 61 6e 2e 6f 72 67 "san" #1: Peer ID is ID_DER_ASN1_DN: 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west.testing.libreswan.org, E=user-west@testing.libreswan.org' | global one-shot timer EVENT_FREE_ROOT_CERTS scheduled in 300 seconds loading root certificate cache | spent 2.51 milliseconds in get_root_certs() calling PK11_ListCertsInSlot() | spent 0.0139 milliseconds in get_root_certs() filtering CAs | #1 spent 2.55 milliseconds in find_and_verify_certs() calling get_root_certs() | checking for known CERT payloads | saving certificate of type 'X509_SIGNATURE' | decoded cert: E=user-west@testing.libreswan.org,CN=west.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA | #1 spent 0.166 milliseconds in find_and_verify_certs() calling decode_cert_payloads() | cert_issuer_has_current_crl: looking for a CRL issued by E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA | #1 spent 0.0279 milliseconds in find_and_verify_certs() calling crl_update_check() | missing or expired CRL | crl_strict: 0, ocsp: 0, ocsp_strict: 0, ocsp_post: 0 | verify_end_cert trying profile IPsec "san" #1: Certificate E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA failed IPsec verification "san" #1: ERROR: The certificate was signed using a signature algorithm that is disabled because it is not secure. | #1 spent 0.361 milliseconds in find_and_verify_certs() calling verify_end_cert() "san" #1: X509: Certificate rejected for this connection "san" #1: X509: CERT payload bogus or revoked | Peer ID failed to decode | complete v1 state transition with INVALID_ID_INFORMATION | [RE]START processing: state #1 connection "san" from 192.1.2.45:500 (in complete_v1_state_transition() at ikev1.c:2673) | #1 is idle "san" #1: sending encrypted notification INVALID_ID_INFORMATION to 192.1.2.45:500 | **emit ISAKMP Message: | initiator cookie: | 55 ac 6d cc 11 b1 6a d0 | responder cookie: | 34 73 3a 56 31 f4 19 4a | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_INFO (0x5) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 1853605632 (0x6e7bc700) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'notification msg' | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload | emitting length of ISAKMP Hash Payload: 36 | ***emit ISAKMP Notification Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | DOI: ISAKMP_DOI_IPSEC (0x1) | protocol ID: 1 (0x1) | SPI size: 0 (0x0) | Notify Message Type: INVALID_ID_INFORMATION (0x12) | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Notification Payload (11:ISAKMP_NEXT_N) | next payload chain: saving location 'ISAKMP Notification Payload'.'next payload type' in 'notification msg' | emitting length of ISAKMP Notification Payload: 12 | send notification HASH(1): | 2c bf b4 37 c6 23 39 2d bc 1e ed 29 76 fa bb 60 | 45 03 34 5e 33 9e d4 7d f1 25 f1 d9 6c c1 4e 57 | no IKEv1 message padding required | emitting length of ISAKMP Message: 76 | sending 76 bytes for notification packet through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #1) | 55 ac 6d cc 11 b1 6a d0 34 73 3a 56 31 f4 19 4a | 08 10 05 01 6e 7b c7 00 00 00 00 4c 4f 03 b5 df | f8 af 55 d4 42 d3 29 e0 ee 1c 25 3d 1e d5 f5 fc | e1 93 bc 9e 3e dc 2d 30 18 52 b1 71 13 2b 27 43 | 03 84 2b b4 70 b1 74 c8 16 b8 be be | state transition function for STATE_MAIN_R2 failed: INVALID_ID_INFORMATION | #1 spent 3.76 milliseconds in process_packet_tail() | stop processing: from 192.1.2.45:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "san" from 192.1.2.45:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 4 milliseconds in comm_handle_cb() reading and processing packet | timer_event_cb: processing event@0x5606901c09e8 | handling event EVENT_RETRANSMIT for parent state #1 | start processing: state #1 connection "san" from 192.1.2.45:500 (in timer_event_cb() at timer.c:250) | IKEv1 retransmit event | [RE]START processing: state #1 connection "san" from 192.1.2.45:500 (in retransmit_v1_msg() at retry.c:61) | handling event EVENT_RETRANSMIT for 192.1.2.45 "san" #1 keying attempt 0 of 0; retransmit 1 | retransmits: current time 10467.227534; retransmit count 0 exceeds limit? NO; deltatime 0.5 exceeds limit? NO; monotime 0.503693 exceeds limit? NO | event_schedule: new EVENT_RETRANSMIT-pe@0x7fee58002b78 | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #1 | libevent_malloc: new ptr-libevent@0x5606901daa38 size 128 "san" #1: STATE_MAIN_R2: retransmission; will wait 0.5 seconds for response | sending 396 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #1) | 55 ac 6d cc 11 b1 6a d0 34 73 3a 56 31 f4 19 4a | 04 10 02 00 00 00 00 00 00 00 01 8c 0a 00 01 04 | ff bd 3c 3d df f3 93 0a ad dc c2 e8 c6 d3 ec 4e | 7d 2e 30 fc 7c 53 a4 5f 9e ba ea 18 5f e4 a2 db | 7a 9a 77 91 6e 9f 79 29 73 f9 6f 66 9e 0a 60 53 | e5 68 b0 71 29 30 d3 71 10 71 db 87 3c 5f b0 a6 | bc 5f 41 4c 03 d7 68 c0 97 f2 86 c3 52 83 ef e8 | f1 ab 63 a5 f0 2b f9 ca be 36 f7 6f c8 26 30 9c | a7 75 a1 b4 38 9e 74 cc 64 87 ef 60 28 d9 77 ec | f8 0a 59 9a bf 1d 1e 93 39 ab e0 e4 91 31 8b 62 | 14 f9 cb e9 89 02 1f ac b1 76 77 5e 42 6a 1c 4b | bb b4 e2 16 5f 59 0e 65 d0 d7 fc e2 eb 03 31 78 | d7 2a 52 d2 de 45 10 80 99 d4 0c d7 11 ab 1e cd | f6 f1 0f af df 16 6a b7 36 da 81 a0 d7 0e f9 65 | e3 0a e2 dd b8 f1 c5 c6 fa b6 f7 bc f6 c2 f7 36 | aa 25 3c ce ea ce d8 c3 be 44 d0 8d 87 02 67 0e | d6 01 d3 43 6d 7e af b2 b3 d5 c3 5b 93 37 b9 c8 | 05 e7 ca 97 67 42 b1 c5 29 0f 89 51 9f ac 73 56 | 14 00 00 24 b6 45 ee 15 e5 be 8f 6d 74 a9 2f a0 | ad a3 43 74 5a 59 d6 da 99 33 be ef 82 5c b4 c1 | 88 f3 19 00 14 00 00 24 67 85 74 65 83 ff 78 4c | 35 61 e3 c0 b8 df e6 a6 3a 92 cd 7f c5 6b 98 64 | 1d 4a 08 04 60 4c f7 e8 00 00 00 24 6d c9 b4 1c | 6f 8e 59 50 3a 9d 6c 0f 2e 22 c4 33 35 11 8c 4a | c9 01 d7 d7 44 12 7b c7 c1 95 74 6d | libevent_free: release ptr-libevent@0x5606901c1418 | free_event_entry: release EVENT_RETRANSMIT-pe@0x5606901c09e8 | #1 spent 0.14 milliseconds in timer_event_cb() EVENT_RETRANSMIT | stop processing: state #1 connection "san" from 192.1.2.45:500 (in timer_event_cb() at timer.c:557) | timer_event_cb: processing event@0x7fee58002b78 | handling event EVENT_RETRANSMIT for parent state #1 | start processing: state #1 connection "san" from 192.1.2.45:500 (in timer_event_cb() at timer.c:250) | IKEv1 retransmit event | [RE]START processing: state #1 connection "san" from 192.1.2.45:500 (in retransmit_v1_msg() at retry.c:61) | handling event EVENT_RETRANSMIT for 192.1.2.45 "san" #1 keying attempt 0 of 0; retransmit 2 | retransmits: current time 10467.727849; retransmit count 1 exceeds limit? NO; deltatime 1 exceeds limit? NO; monotime 1.004008 exceeds limit? NO | event_schedule: new EVENT_RETRANSMIT-pe@0x5606901c09e8 | inserting event EVENT_RETRANSMIT, timeout in 1 seconds for #1 | libevent_malloc: new ptr-libevent@0x5606901c1418 size 128 "san" #1: STATE_MAIN_R2: retransmission; will wait 1 seconds for response | sending 396 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #1) | 55 ac 6d cc 11 b1 6a d0 34 73 3a 56 31 f4 19 4a | 04 10 02 00 00 00 00 00 00 00 01 8c 0a 00 01 04 | ff bd 3c 3d df f3 93 0a ad dc c2 e8 c6 d3 ec 4e | 7d 2e 30 fc 7c 53 a4 5f 9e ba ea 18 5f e4 a2 db | 7a 9a 77 91 6e 9f 79 29 73 f9 6f 66 9e 0a 60 53 | e5 68 b0 71 29 30 d3 71 10 71 db 87 3c 5f b0 a6 | bc 5f 41 4c 03 d7 68 c0 97 f2 86 c3 52 83 ef e8 | f1 ab 63 a5 f0 2b f9 ca be 36 f7 6f c8 26 30 9c | a7 75 a1 b4 38 9e 74 cc 64 87 ef 60 28 d9 77 ec | f8 0a 59 9a bf 1d 1e 93 39 ab e0 e4 91 31 8b 62 | 14 f9 cb e9 89 02 1f ac b1 76 77 5e 42 6a 1c 4b | bb b4 e2 16 5f 59 0e 65 d0 d7 fc e2 eb 03 31 78 | d7 2a 52 d2 de 45 10 80 99 d4 0c d7 11 ab 1e cd | f6 f1 0f af df 16 6a b7 36 da 81 a0 d7 0e f9 65 | e3 0a e2 dd b8 f1 c5 c6 fa b6 f7 bc f6 c2 f7 36 | aa 25 3c ce ea ce d8 c3 be 44 d0 8d 87 02 67 0e | d6 01 d3 43 6d 7e af b2 b3 d5 c3 5b 93 37 b9 c8 | 05 e7 ca 97 67 42 b1 c5 29 0f 89 51 9f ac 73 56 | 14 00 00 24 b6 45 ee 15 e5 be 8f 6d 74 a9 2f a0 | ad a3 43 74 5a 59 d6 da 99 33 be ef 82 5c b4 c1 | 88 f3 19 00 14 00 00 24 67 85 74 65 83 ff 78 4c | 35 61 e3 c0 b8 df e6 a6 3a 92 cd 7f c5 6b 98 64 | 1d 4a 08 04 60 4c f7 e8 00 00 00 24 6d c9 b4 1c | 6f 8e 59 50 3a 9d 6c 0f 2e 22 c4 33 35 11 8c 4a | c9 01 d7 d7 44 12 7b c7 c1 95 74 6d | libevent_free: release ptr-libevent@0x5606901daa38 | free_event_entry: release EVENT_RETRANSMIT-pe@0x7fee58002b78 | #1 spent 0.543 milliseconds in timer_event_cb() EVENT_RETRANSMIT | stop processing: state #1 connection "san" from 192.1.2.45:500 (in timer_event_cb() at timer.c:557) | timer_event_cb: processing event@0x5606901c09e8 | handling event EVENT_RETRANSMIT for parent state #1 | start processing: state #1 connection "san" from 192.1.2.45:500 (in timer_event_cb() at timer.c:250) | IKEv1 retransmit event | [RE]START processing: state #1 connection "san" from 192.1.2.45:500 (in retransmit_v1_msg() at retry.c:61) | handling event EVENT_RETRANSMIT for 192.1.2.45 "san" #1 keying attempt 0 of 0; retransmit 3 | retransmits: current time 10468.72884; retransmit count 2 exceeds limit? NO; deltatime 2 exceeds limit? NO; monotime 2.004999 exceeds limit? NO | event_schedule: new EVENT_RETRANSMIT-pe@0x7fee58002b78 | inserting event EVENT_RETRANSMIT, timeout in 2 seconds for #1 | libevent_malloc: new ptr-libevent@0x5606901daa38 size 128 "san" #1: STATE_MAIN_R2: retransmission; will wait 2 seconds for response | sending 396 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #1) | 55 ac 6d cc 11 b1 6a d0 34 73 3a 56 31 f4 19 4a | 04 10 02 00 00 00 00 00 00 00 01 8c 0a 00 01 04 | ff bd 3c 3d df f3 93 0a ad dc c2 e8 c6 d3 ec 4e | 7d 2e 30 fc 7c 53 a4 5f 9e ba ea 18 5f e4 a2 db | 7a 9a 77 91 6e 9f 79 29 73 f9 6f 66 9e 0a 60 53 | e5 68 b0 71 29 30 d3 71 10 71 db 87 3c 5f b0 a6 | bc 5f 41 4c 03 d7 68 c0 97 f2 86 c3 52 83 ef e8 | f1 ab 63 a5 f0 2b f9 ca be 36 f7 6f c8 26 30 9c | a7 75 a1 b4 38 9e 74 cc 64 87 ef 60 28 d9 77 ec | f8 0a 59 9a bf 1d 1e 93 39 ab e0 e4 91 31 8b 62 | 14 f9 cb e9 89 02 1f ac b1 76 77 5e 42 6a 1c 4b | bb b4 e2 16 5f 59 0e 65 d0 d7 fc e2 eb 03 31 78 | d7 2a 52 d2 de 45 10 80 99 d4 0c d7 11 ab 1e cd | f6 f1 0f af df 16 6a b7 36 da 81 a0 d7 0e f9 65 | e3 0a e2 dd b8 f1 c5 c6 fa b6 f7 bc f6 c2 f7 36 | aa 25 3c ce ea ce d8 c3 be 44 d0 8d 87 02 67 0e | d6 01 d3 43 6d 7e af b2 b3 d5 c3 5b 93 37 b9 c8 | 05 e7 ca 97 67 42 b1 c5 29 0f 89 51 9f ac 73 56 | 14 00 00 24 b6 45 ee 15 e5 be 8f 6d 74 a9 2f a0 | ad a3 43 74 5a 59 d6 da 99 33 be ef 82 5c b4 c1 | 88 f3 19 00 14 00 00 24 67 85 74 65 83 ff 78 4c | 35 61 e3 c0 b8 df e6 a6 3a 92 cd 7f c5 6b 98 64 | 1d 4a 08 04 60 4c f7 e8 00 00 00 24 6d c9 b4 1c | 6f 8e 59 50 3a 9d 6c 0f 2e 22 c4 33 35 11 8c 4a | c9 01 d7 d7 44 12 7b c7 c1 95 74 6d | libevent_free: release ptr-libevent@0x5606901c1418 | free_event_entry: release EVENT_RETRANSMIT-pe@0x5606901c09e8 | #1 spent 0.164 milliseconds in timer_event_cb() EVENT_RETRANSMIT | stop processing: state #1 connection "san" from 192.1.2.45:500 (in timer_event_cb() at timer.c:557) | timer_event_cb: processing event@0x7fee58002b78 | handling event EVENT_RETRANSMIT for parent state #1 | start processing: state #1 connection "san" from 192.1.2.45:500 (in timer_event_cb() at timer.c:250) | IKEv1 retransmit event | [RE]START processing: state #1 connection "san" from 192.1.2.45:500 (in retransmit_v1_msg() at retry.c:61) | handling event EVENT_RETRANSMIT for 192.1.2.45 "san" #1 keying attempt 0 of 0; retransmit 4 | retransmits: current time 10470.730816; retransmit count 3 exceeds limit? NO; deltatime 4 exceeds limit? NO; monotime 4.006975 exceeds limit? NO | event_schedule: new EVENT_RETRANSMIT-pe@0x5606901c09e8 | inserting event EVENT_RETRANSMIT, timeout in 4 seconds for #1 | libevent_malloc: new ptr-libevent@0x5606901c1418 size 128 "san" #1: STATE_MAIN_R2: retransmission; will wait 4 seconds for response | sending 396 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #1) | 55 ac 6d cc 11 b1 6a d0 34 73 3a 56 31 f4 19 4a | 04 10 02 00 00 00 00 00 00 00 01 8c 0a 00 01 04 | ff bd 3c 3d df f3 93 0a ad dc c2 e8 c6 d3 ec 4e | 7d 2e 30 fc 7c 53 a4 5f 9e ba ea 18 5f e4 a2 db | 7a 9a 77 91 6e 9f 79 29 73 f9 6f 66 9e 0a 60 53 | e5 68 b0 71 29 30 d3 71 10 71 db 87 3c 5f b0 a6 | bc 5f 41 4c 03 d7 68 c0 97 f2 86 c3 52 83 ef e8 | f1 ab 63 a5 f0 2b f9 ca be 36 f7 6f c8 26 30 9c | a7 75 a1 b4 38 9e 74 cc 64 87 ef 60 28 d9 77 ec | f8 0a 59 9a bf 1d 1e 93 39 ab e0 e4 91 31 8b 62 | 14 f9 cb e9 89 02 1f ac b1 76 77 5e 42 6a 1c 4b | bb b4 e2 16 5f 59 0e 65 d0 d7 fc e2 eb 03 31 78 | d7 2a 52 d2 de 45 10 80 99 d4 0c d7 11 ab 1e cd | f6 f1 0f af df 16 6a b7 36 da 81 a0 d7 0e f9 65 | e3 0a e2 dd b8 f1 c5 c6 fa b6 f7 bc f6 c2 f7 36 | aa 25 3c ce ea ce d8 c3 be 44 d0 8d 87 02 67 0e | d6 01 d3 43 6d 7e af b2 b3 d5 c3 5b 93 37 b9 c8 | 05 e7 ca 97 67 42 b1 c5 29 0f 89 51 9f ac 73 56 | 14 00 00 24 b6 45 ee 15 e5 be 8f 6d 74 a9 2f a0 | ad a3 43 74 5a 59 d6 da 99 33 be ef 82 5c b4 c1 | 88 f3 19 00 14 00 00 24 67 85 74 65 83 ff 78 4c | 35 61 e3 c0 b8 df e6 a6 3a 92 cd 7f c5 6b 98 64 | 1d 4a 08 04 60 4c f7 e8 00 00 00 24 6d c9 b4 1c | 6f 8e 59 50 3a 9d 6c 0f 2e 22 c4 33 35 11 8c 4a | c9 01 d7 d7 44 12 7b c7 c1 95 74 6d | libevent_free: release ptr-libevent@0x5606901daa38 | free_event_entry: release EVENT_RETRANSMIT-pe@0x7fee58002b78 | #1 spent 0.121 milliseconds in timer_event_cb() EVENT_RETRANSMIT | stop processing: state #1 connection "san" from 192.1.2.45:500 (in timer_event_cb() at timer.c:557) | timer_event_cb: processing event@0x5606901c09e8 | handling event EVENT_RETRANSMIT for parent state #1 | start processing: state #1 connection "san" from 192.1.2.45:500 (in timer_event_cb() at timer.c:250) | IKEv1 retransmit event | [RE]START processing: state #1 connection "san" from 192.1.2.45:500 (in retransmit_v1_msg() at retry.c:61) | handling event EVENT_RETRANSMIT for 192.1.2.45 "san" #1 keying attempt 0 of 0; retransmit 5 | retransmits: current time 10474.734816; retransmit count 4 exceeds limit? NO; deltatime 8 exceeds limit? NO; monotime 8.010975 exceeds limit? NO | event_schedule: new EVENT_RETRANSMIT-pe@0x7fee58002b78 | inserting event EVENT_RETRANSMIT, timeout in 8 seconds for #1 | libevent_malloc: new ptr-libevent@0x5606901daa38 size 128 "san" #1: STATE_MAIN_R2: retransmission; will wait 8 seconds for response | sending 396 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #1) | 55 ac 6d cc 11 b1 6a d0 34 73 3a 56 31 f4 19 4a | 04 10 02 00 00 00 00 00 00 00 01 8c 0a 00 01 04 | ff bd 3c 3d df f3 93 0a ad dc c2 e8 c6 d3 ec 4e | 7d 2e 30 fc 7c 53 a4 5f 9e ba ea 18 5f e4 a2 db | 7a 9a 77 91 6e 9f 79 29 73 f9 6f 66 9e 0a 60 53 | e5 68 b0 71 29 30 d3 71 10 71 db 87 3c 5f b0 a6 | bc 5f 41 4c 03 d7 68 c0 97 f2 86 c3 52 83 ef e8 | f1 ab 63 a5 f0 2b f9 ca be 36 f7 6f c8 26 30 9c | a7 75 a1 b4 38 9e 74 cc 64 87 ef 60 28 d9 77 ec | f8 0a 59 9a bf 1d 1e 93 39 ab e0 e4 91 31 8b 62 | 14 f9 cb e9 89 02 1f ac b1 76 77 5e 42 6a 1c 4b | bb b4 e2 16 5f 59 0e 65 d0 d7 fc e2 eb 03 31 78 | d7 2a 52 d2 de 45 10 80 99 d4 0c d7 11 ab 1e cd | f6 f1 0f af df 16 6a b7 36 da 81 a0 d7 0e f9 65 | e3 0a e2 dd b8 f1 c5 c6 fa b6 f7 bc f6 c2 f7 36 | aa 25 3c ce ea ce d8 c3 be 44 d0 8d 87 02 67 0e | d6 01 d3 43 6d 7e af b2 b3 d5 c3 5b 93 37 b9 c8 | 05 e7 ca 97 67 42 b1 c5 29 0f 89 51 9f ac 73 56 | 14 00 00 24 b6 45 ee 15 e5 be 8f 6d 74 a9 2f a0 | ad a3 43 74 5a 59 d6 da 99 33 be ef 82 5c b4 c1 | 88 f3 19 00 14 00 00 24 67 85 74 65 83 ff 78 4c | 35 61 e3 c0 b8 df e6 a6 3a 92 cd 7f c5 6b 98 64 | 1d 4a 08 04 60 4c f7 e8 00 00 00 24 6d c9 b4 1c | 6f 8e 59 50 3a 9d 6c 0f 2e 22 c4 33 35 11 8c 4a | c9 01 d7 d7 44 12 7b c7 c1 95 74 6d | libevent_free: release ptr-libevent@0x5606901c1418 | free_event_entry: release EVENT_RETRANSMIT-pe@0x5606901c09e8 | #1 spent 0.142 milliseconds in timer_event_cb() EVENT_RETRANSMIT | stop processing: state #1 connection "san" from 192.1.2.45:500 (in timer_event_cb() at timer.c:557) | timer_event_cb: processing event@0x7fee58002b78 | handling event EVENT_RETRANSMIT for parent state #1 | start processing: state #1 connection "san" from 192.1.2.45:500 (in timer_event_cb() at timer.c:250) | IKEv1 retransmit event | [RE]START processing: state #1 connection "san" from 192.1.2.45:500 (in retransmit_v1_msg() at retry.c:61) | handling event EVENT_RETRANSMIT for 192.1.2.45 "san" #1 keying attempt 0 of 0; retransmit 6 | retransmits: current time 10482.742836; retransmit count 5 exceeds limit? NO; deltatime 16 exceeds limit? NO; monotime 16.018995 exceeds limit? NO | event_schedule: new EVENT_RETRANSMIT-pe@0x5606901c09e8 | inserting event EVENT_RETRANSMIT, timeout in 16 seconds for #1 | libevent_malloc: new ptr-libevent@0x5606901c1418 size 128 "san" #1: STATE_MAIN_R2: retransmission; will wait 16 seconds for response | sending 396 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #1) | 55 ac 6d cc 11 b1 6a d0 34 73 3a 56 31 f4 19 4a | 04 10 02 00 00 00 00 00 00 00 01 8c 0a 00 01 04 | ff bd 3c 3d df f3 93 0a ad dc c2 e8 c6 d3 ec 4e | 7d 2e 30 fc 7c 53 a4 5f 9e ba ea 18 5f e4 a2 db | 7a 9a 77 91 6e 9f 79 29 73 f9 6f 66 9e 0a 60 53 | e5 68 b0 71 29 30 d3 71 10 71 db 87 3c 5f b0 a6 | bc 5f 41 4c 03 d7 68 c0 97 f2 86 c3 52 83 ef e8 | f1 ab 63 a5 f0 2b f9 ca be 36 f7 6f c8 26 30 9c | a7 75 a1 b4 38 9e 74 cc 64 87 ef 60 28 d9 77 ec | f8 0a 59 9a bf 1d 1e 93 39 ab e0 e4 91 31 8b 62 | 14 f9 cb e9 89 02 1f ac b1 76 77 5e 42 6a 1c 4b | bb b4 e2 16 5f 59 0e 65 d0 d7 fc e2 eb 03 31 78 | d7 2a 52 d2 de 45 10 80 99 d4 0c d7 11 ab 1e cd | f6 f1 0f af df 16 6a b7 36 da 81 a0 d7 0e f9 65 | e3 0a e2 dd b8 f1 c5 c6 fa b6 f7 bc f6 c2 f7 36 | aa 25 3c ce ea ce d8 c3 be 44 d0 8d 87 02 67 0e | d6 01 d3 43 6d 7e af b2 b3 d5 c3 5b 93 37 b9 c8 | 05 e7 ca 97 67 42 b1 c5 29 0f 89 51 9f ac 73 56 | 14 00 00 24 b6 45 ee 15 e5 be 8f 6d 74 a9 2f a0 | ad a3 43 74 5a 59 d6 da 99 33 be ef 82 5c b4 c1 | 88 f3 19 00 14 00 00 24 67 85 74 65 83 ff 78 4c | 35 61 e3 c0 b8 df e6 a6 3a 92 cd 7f c5 6b 98 64 | 1d 4a 08 04 60 4c f7 e8 00 00 00 24 6d c9 b4 1c | 6f 8e 59 50 3a 9d 6c 0f 2e 22 c4 33 35 11 8c 4a | c9 01 d7 d7 44 12 7b c7 c1 95 74 6d | libevent_free: release ptr-libevent@0x5606901daa38 | free_event_entry: release EVENT_RETRANSMIT-pe@0x7fee58002b78 | #1 spent 0.33 milliseconds in timer_event_cb() EVENT_RETRANSMIT | stop processing: state #1 connection "san" from 192.1.2.45:500 (in timer_event_cb() at timer.c:557) | processing global timer EVENT_SHUNT_SCAN | expiring aged bare shunts from shunt table | spent 0.00786 milliseconds in global timer EVENT_SHUNT_SCAN | processing global timer EVENT_NAT_T_KEEPALIVE | FOR_EACH_STATE_... in nat_traversal_ka_event (for_each_state) | start processing: state #1 connection "san" from 192.1.2.45:500 (in for_each_state() at state.c:1575) | not behind NAT: no NAT-T KEEP-ALIVE required for conn san | stop processing: state #1 connection "san" from 192.1.2.45:500 (in for_each_state() at state.c:1577) | spent 0.018 milliseconds in global timer EVENT_NAT_T_KEEPALIVE | timer_event_cb: processing event@0x5606901c09e8 | handling event EVENT_RETRANSMIT for parent state #1 | start processing: state #1 connection "san" from 192.1.2.45:500 (in timer_event_cb() at timer.c:250) | IKEv1 retransmit event | [RE]START processing: state #1 connection "san" from 192.1.2.45:500 (in retransmit_v1_msg() at retry.c:61) | handling event EVENT_RETRANSMIT for 192.1.2.45 "san" #1 keying attempt 0 of 0; retransmit 7 | retransmits: current time 10498.746854; retransmit count 6 exceeds limit? NO; deltatime 32 exceeds limit? NO; monotime 32.023013 exceeds limit? NO | event_schedule: new EVENT_RETRANSMIT-pe@0x7fee58002b78 | inserting event EVENT_RETRANSMIT, timeout in 32 seconds for #1 | libevent_malloc: new ptr-libevent@0x5606901daa38 size 128 "san" #1: STATE_MAIN_R2: retransmission; will wait 32 seconds for response | sending 396 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #1) | 55 ac 6d cc 11 b1 6a d0 34 73 3a 56 31 f4 19 4a | 04 10 02 00 00 00 00 00 00 00 01 8c 0a 00 01 04 | ff bd 3c 3d df f3 93 0a ad dc c2 e8 c6 d3 ec 4e | 7d 2e 30 fc 7c 53 a4 5f 9e ba ea 18 5f e4 a2 db | 7a 9a 77 91 6e 9f 79 29 73 f9 6f 66 9e 0a 60 53 | e5 68 b0 71 29 30 d3 71 10 71 db 87 3c 5f b0 a6 | bc 5f 41 4c 03 d7 68 c0 97 f2 86 c3 52 83 ef e8 | f1 ab 63 a5 f0 2b f9 ca be 36 f7 6f c8 26 30 9c | a7 75 a1 b4 38 9e 74 cc 64 87 ef 60 28 d9 77 ec | f8 0a 59 9a bf 1d 1e 93 39 ab e0 e4 91 31 8b 62 | 14 f9 cb e9 89 02 1f ac b1 76 77 5e 42 6a 1c 4b | bb b4 e2 16 5f 59 0e 65 d0 d7 fc e2 eb 03 31 78 | d7 2a 52 d2 de 45 10 80 99 d4 0c d7 11 ab 1e cd | f6 f1 0f af df 16 6a b7 36 da 81 a0 d7 0e f9 65 | e3 0a e2 dd b8 f1 c5 c6 fa b6 f7 bc f6 c2 f7 36 | aa 25 3c ce ea ce d8 c3 be 44 d0 8d 87 02 67 0e | d6 01 d3 43 6d 7e af b2 b3 d5 c3 5b 93 37 b9 c8 | 05 e7 ca 97 67 42 b1 c5 29 0f 89 51 9f ac 73 56 | 14 00 00 24 b6 45 ee 15 e5 be 8f 6d 74 a9 2f a0 | ad a3 43 74 5a 59 d6 da 99 33 be ef 82 5c b4 c1 | 88 f3 19 00 14 00 00 24 67 85 74 65 83 ff 78 4c | 35 61 e3 c0 b8 df e6 a6 3a 92 cd 7f c5 6b 98 64 | 1d 4a 08 04 60 4c f7 e8 00 00 00 24 6d c9 b4 1c | 6f 8e 59 50 3a 9d 6c 0f 2e 22 c4 33 35 11 8c 4a | c9 01 d7 d7 44 12 7b c7 c1 95 74 6d | libevent_free: release ptr-libevent@0x5606901c1418 | free_event_entry: release EVENT_RETRANSMIT-pe@0x5606901c09e8 | #1 spent 0.346 milliseconds in timer_event_cb() EVENT_RETRANSMIT | stop processing: state #1 connection "san" from 192.1.2.45:500 (in timer_event_cb() at timer.c:557) | processing global timer EVENT_SHUNT_SCAN | expiring aged bare shunts from shunt table | spent 0.00356 milliseconds in global timer EVENT_SHUNT_SCAN | processing global timer EVENT_PENDING_DDNS | FOR_EACH_CONNECTION_... in connection_check_ddns | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations | elapsed time in connection_check_ddns for hostname lookup 0.000004 | spent 0.00807 milliseconds in global timer EVENT_PENDING_DDNS | processing global timer EVENT_SHUNT_SCAN | expiring aged bare shunts from shunt table | spent 0.00223 milliseconds in global timer EVENT_SHUNT_SCAN | spent 0.00503 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 792 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 59 ff 36 35 31 ff 74 f8 00 00 00 00 00 00 00 00 | 01 10 02 00 00 00 00 00 00 00 03 18 0d 00 02 84 | 00 00 00 01 00 00 00 01 00 00 02 78 00 01 00 12 | 03 00 00 24 00 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 07 80 02 00 04 80 03 00 03 80 04 00 0e | 80 0e 01 00 03 00 00 24 01 01 00 00 80 0b 00 01 | 80 0c 0e 10 80 01 00 07 80 02 00 04 80 03 00 03 | 80 04 00 0e 80 0e 00 80 03 00 00 24 02 01 00 00 | 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 06 | 80 03 00 03 80 04 00 0e 80 0e 01 00 03 00 00 24 | 03 01 00 00 80 0b 00 01 80 0c 0e 10 80 01 00 07 | 80 02 00 06 80 03 00 03 80 04 00 0e 80 0e 00 80 | 03 00 00 24 04 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 07 80 02 00 02 80 03 00 03 80 04 00 0e | 80 0e 01 00 03 00 00 24 05 01 00 00 80 0b 00 01 | 80 0c 0e 10 80 01 00 07 80 02 00 02 80 03 00 03 | 80 04 00 0e 80 0e 00 80 03 00 00 24 06 01 00 00 | 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 04 | 80 03 00 03 80 04 00 05 80 0e 01 00 03 00 00 24 | 07 01 00 00 80 0b 00 01 80 0c 0e 10 80 01 00 07 | 80 02 00 04 80 03 00 03 80 04 00 05 80 0e 00 80 | 03 00 00 24 08 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 07 80 02 00 06 80 03 00 03 80 04 00 05 | 80 0e 01 00 03 00 00 24 09 01 00 00 80 0b 00 01 | 80 0c 0e 10 80 01 00 07 80 02 00 06 80 03 00 03 | 80 04 00 05 80 0e 00 80 03 00 00 24 0a 01 00 00 | 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 02 | 80 03 00 03 80 04 00 05 80 0e 01 00 03 00 00 24 | 0b 01 00 00 80 0b 00 01 80 0c 0e 10 80 01 00 07 | 80 02 00 02 80 03 00 03 80 04 00 05 80 0e 00 80 | 03 00 00 20 0c 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 05 80 02 00 04 80 03 00 03 80 04 00 0e | 03 00 00 20 0d 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 05 80 02 00 06 80 03 00 03 80 04 00 0e | 03 00 00 20 0e 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 05 80 02 00 02 80 03 00 03 80 04 00 0e | 03 00 00 20 0f 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 05 80 02 00 04 80 03 00 03 80 04 00 05 | 03 00 00 20 10 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 05 80 02 00 06 80 03 00 03 80 04 00 05 | 00 00 00 20 11 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 05 80 02 00 02 80 03 00 03 80 04 00 05 | 0d 00 00 14 40 48 b7 d5 6e bc e8 85 25 e7 de 7f | 00 d6 c2 d3 0d 00 00 14 af ca d7 13 68 a1 f1 c9 | 6b 86 96 fc 77 57 01 00 0d 00 00 14 4a 13 1c 81 | 07 03 58 45 5c 57 28 f2 0e 95 45 2f 0d 00 00 14 | 7d 94 19 a6 53 10 ca 6f 2c 17 9d 92 15 52 9d 56 | 0d 00 00 14 90 cb 80 91 3e bb 69 6e 08 63 81 b5 | ec 42 7b 1f 00 00 00 14 cd 60 46 43 35 df 21 f8 | 7c fd b2 fc 68 b6 a4 48 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 59 ff 36 35 31 ff 74 f8 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_SA (0x1) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 792 (0x318) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: IKEv1 state not found (find_state_ikev1_init) | #null state always idle | got payload 0x2 (ISAKMP_NEXT_SA) needed: 0x2 opt: 0x2080 | ***parse ISAKMP Security Association Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | length: 644 (0x284) | DOI: ISAKMP_DOI_IPSEC (0x1) | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 | ***parse ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | length: 20 (0x14) | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 | ***parse ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | length: 20 (0x14) | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 | ***parse ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | length: 20 (0x14) | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 | ***parse ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | length: 20 (0x14) | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 | ***parse ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | length: 20 (0x14) | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 | ***parse ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 20 (0x14) | message 'main_inI1_outR1' HASH payload not checked early | received Vendor ID payload [FRAGMENTATION] | received Vendor ID payload [Dead Peer Detection] | quirks.qnat_traversal_vid set to=117 [RFC 3947] | received Vendor ID payload [RFC 3947] | Ignoring older NAT-T Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] | ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] | Ignoring older NAT-T Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] | ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] | Ignoring older NAT-T Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] | ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] | in statetime_start() with no state | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=IKEV1_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=IKEV1_ALLOW | found policy = RSASIG+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (san) | find_next_host_connection returns san | find_next_host_connection policy=IKEV1_ALLOW | find_next_host_connection returns empty | creating state object #2 at 0x5606901cfc28 | State DB: adding IKEv1 state #2 in UNDEFINED | pstats #2 ikev1.isakmp started | #2 updating local interface from to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2669) | start processing: state #2 connection "san" from 192.1.2.45:500 (in main_inI1_outR1() at ikev1_main.c:667) | parent state #2: UNDEFINED(ignore) => MAIN_R0(half-open IKE SA) | sender checking NAT-T: enabled; VID 117 | returning NAT-T method NAT_TRAVERSAL_METHOD_IETF_RFC | enabling possible NAT-traversal with method RFC 3947 (NAT-Traversal) "san" #2: responding to Main Mode | **emit ISAKMP Message: | initiator cookie: | 59 ff 36 35 31 ff 74 f8 | responder cookie: | 93 46 41 2c 3f fd 8e 71 | next payload type: ISAKMP_NEXT_SA (0x1) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | next payload chain: ignoring supplied 'ISAKMP Message'.'next payload type' value 1:ISAKMP_NEXT_SA | ***emit ISAKMP Security Association Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | DOI: ISAKMP_DOI_IPSEC (0x1) | next payload chain: ignoring supplied 'ISAKMP Security Association Payload'.'next payload type' value 13:ISAKMP_NEXT_VID | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Security Association Payload (1:ISAKMP_NEXT_SA) | next payload chain: saving location 'ISAKMP Security Association Payload'.'next payload type' in 'reply packet' | ****parse IPsec DOI SIT: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) | ****parse ISAKMP Proposal Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 632 (0x278) | proposal number: 0 (0x0) | protocol ID: PROTO_ISAKMP (0x1) | SPI size: 0 (0x0) | number of transforms: 18 (0x12) | *****parse ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | length: 36 (0x24) | ISAKMP transform number: 0 (0x0) | ISAKMP transform ID: KEY_IKE (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | [7 is OAKLEY_AES_CBC] | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 4 (0x4) | [4 is OAKLEY_SHA2_256] | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 3 (0x3) | [3 is OAKLEY_RSA_SIG] | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | OAKLEY proposal verified unconditionally; no alg_info to check against | Oakley Transform 0 accepted | ****emit IPsec DOI SIT: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) | ****emit ISAKMP Proposal Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | proposal number: 0 (0x0) | protocol ID: PROTO_ISAKMP (0x1) | SPI size: 0 (0x0) | number of transforms: 1 (0x1) | last substructure: saving location 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP transform number: 0 (0x0) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | emitting 28 raw bytes of attributes into ISAKMP Transform Payload (ISAKMP) | attributes 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 04 | attributes 80 03 00 03 80 04 00 0e 80 0e 01 00 | emitting length of ISAKMP Transform Payload (ISAKMP): 36 | emitting length of ISAKMP Proposal Payload: 44 | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is 0 | emitting length of ISAKMP Security Association Payload: 56 | last substructure: checking 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' is 0 | out_vid(): sending [FRAGMENTATION] | ***emit ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | next payload chain: ignoring supplied 'ISAKMP Vendor ID Payload'.'next payload type' value 13:ISAKMP_NEXT_VID | next payload chain: setting previous 'ISAKMP Security Association Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload | V_ID 40 48 b7 d5 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3 | emitting length of ISAKMP Vendor ID Payload: 20 | out_vid(): sending [Dead Peer Detection] | ***emit ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload | V_ID af ca d7 13 68 a1 f1 c9 6b 86 96 fc 77 57 01 00 | emitting length of ISAKMP Vendor ID Payload: 20 | out_vid(): sending [RFC 3947] | ***emit ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload | V_ID 4a 13 1c 81 07 03 58 45 5c 57 28 f2 0e 95 45 2f | emitting length of ISAKMP Vendor ID Payload: 20 | no IKEv1 message padding required | emitting length of ISAKMP Message: 144 | complete v1 state transition with STF_OK | [RE]START processing: state #2 connection "san" from 192.1.2.45:500 (in complete_v1_state_transition() at ikev1.c:2673) | #2 is idle | doing_xauth:no, t_xauth_client_done:no | peer supports fragmentation | peer supports DPD | IKEv1: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 | parent state #2: MAIN_R0(half-open IKE SA) => MAIN_R1(open IKE SA) | event_already_set, deleting event | sending reply packet to 192.1.2.45:500 (from 192.1.2.23:500) | sending 144 bytes for STATE_MAIN_R0 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #2) | 59 ff 36 35 31 ff 74 f8 93 46 41 2c 3f fd 8e 71 | 01 10 02 00 00 00 00 00 00 00 00 90 0d 00 00 38 | 00 00 00 01 00 00 00 01 00 00 00 2c 00 01 00 01 | 00 00 00 24 00 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 07 80 02 00 04 80 03 00 03 80 04 00 0e | 80 0e 01 00 0d 00 00 14 40 48 b7 d5 6e bc e8 85 | 25 e7 de 7f 00 d6 c2 d3 0d 00 00 14 af ca d7 13 | 68 a1 f1 c9 6b 86 96 fc 77 57 01 00 00 00 00 14 | 4a 13 1c 81 07 03 58 45 5c 57 28 f2 0e 95 45 2f | !event_already_set at reschedule | event_schedule: new EVENT_SO_DISCARD-pe@0x5606901c09e8 | inserting event EVENT_SO_DISCARD, timeout in 60 seconds for #2 | libevent_malloc: new ptr-libevent@0x5606901c1418 size 128 "san" #2: STATE_MAIN_R1: sent MR1, expecting MI2 | modecfg pull: noquirk policy:push not-client | phase 1 is done, looking for phase 2 to unpend | stop processing: from 192.1.2.45:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #2 connection "san" from 192.1.2.45:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.991 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00565 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 396 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 59 ff 36 35 31 ff 74 f8 93 46 41 2c 3f fd 8e 71 | 04 10 02 00 00 00 00 00 00 00 01 8c 0a 00 01 04 | 33 f4 df bd 42 f2 ff e9 bc 39 af 4e 81 7a ca db | 9f 99 2f d4 8e 04 0e 51 3f f1 d5 d1 7c 44 97 5f | 61 3c f7 a2 80 5d a9 fa ff 49 c4 81 ee e3 7d 60 | ff 73 55 fc 86 99 dd 8f 84 9b 2e 5f 38 70 89 a3 | e8 07 95 77 bb 24 3f 38 a0 2e 84 c2 ee 42 29 4d | 5e 3a 3c 09 91 92 5e fc 6e 72 09 49 2b 77 2f de | 2c ce fa 18 b4 f0 87 45 ab 2f c3 a7 59 8b 7e 64 | 16 f3 bf 7e f6 b9 3f 35 f4 ae 79 8a 78 14 3e b1 | 2e 3c b6 e0 12 05 53 2a 7c fa 6b 04 f0 49 e5 98 | 97 96 13 bc 84 e4 7a 08 23 1a af 1c 2a 55 77 54 | 5d dd 95 d5 37 d2 e5 60 c1 77 e1 74 4e 46 9c b2 | c8 97 0b 93 cb 58 0a 50 6b 95 29 e3 a7 3c 4d 3a | b5 69 11 d1 82 76 d6 29 4b 25 e7 2c 45 1c 98 f2 | 4d 3d 2d 37 e7 1b fe 73 0b 8a 79 d7 eb 6e be 53 | da db f3 63 83 e9 63 44 d0 a9 43 68 50 aa e4 9f | 83 e7 c2 f7 df 9c 1a 84 45 0d d7 85 4f d0 1c 61 | 14 00 00 24 19 ad 23 6b 7f 26 5f 14 c4 4e 31 7b | b6 49 5f b3 bc 09 e8 df 06 89 95 0a 76 f5 c2 ad | 81 08 e0 57 14 00 00 24 81 a5 5f 37 46 26 97 b5 | 4e b0 9d ef e4 39 72 25 10 f8 02 2c 12 04 08 5a | 8d d2 ee e0 cd 20 99 8c 00 00 00 24 0e 32 91 07 | 72 5a 4a 6c c8 78 1c ee e0 28 86 82 84 a4 07 6d | 3c 7c ee 7b 7f a1 80 eb d8 67 73 71 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 59 ff 36 35 31 ff 74 f8 | responder cookie: | 93 46 41 2c 3f fd 8e 71 | next payload type: ISAKMP_NEXT_KE (0x4) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 396 (0x18c) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #2 in MAIN_R1 (find_state_ikev1) | start processing: state #2 connection "san" from 192.1.2.45:500 (in process_v1_packet() at ikev1.c:1459) | #2 is idle | #2 idle | got payload 0x10 (ISAKMP_NEXT_KE) needed: 0x410 opt: 0x102080 | ***parse ISAKMP Key Exchange Payload: | next payload type: ISAKMP_NEXT_NONCE (0xa) | length: 260 (0x104) | got payload 0x400 (ISAKMP_NEXT_NONCE) needed: 0x400 opt: 0x102080 | ***parse ISAKMP Nonce Payload: | next payload type: ISAKMP_NEXT_NATD_RFC (0x14) | length: 36 (0x24) | got payload 0x100000 (ISAKMP_NEXT_NATD_RFC) needed: 0x0 opt: 0x102080 | ***parse ISAKMP NAT-D Payload: | next payload type: ISAKMP_NEXT_NATD_RFC (0x14) | length: 36 (0x24) | got payload 0x100000 (ISAKMP_NEXT_NATD_RFC) needed: 0x0 opt: 0x102080 | ***parse ISAKMP NAT-D Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 36 (0x24) | message 'main_inI2_outR2' HASH payload not checked early | init checking NAT-T: enabled; RFC 3947 (NAT-Traversal) | natd_hash: hasher=0x56068eb8aca0(32) | natd_hash: icookie= 59 ff 36 35 31 ff 74 f8 | natd_hash: rcookie= 93 46 41 2c 3f fd 8e 71 | natd_hash: ip= c0 01 02 17 | natd_hash: port=500 | natd_hash: hash= 81 a5 5f 37 46 26 97 b5 4e b0 9d ef e4 39 72 25 | natd_hash: hash= 10 f8 02 2c 12 04 08 5a 8d d2 ee e0 cd 20 99 8c | natd_hash: hasher=0x56068eb8aca0(32) | natd_hash: icookie= 59 ff 36 35 31 ff 74 f8 | natd_hash: rcookie= 93 46 41 2c 3f fd 8e 71 | natd_hash: ip= c0 01 02 2d | natd_hash: port=500 | natd_hash: hash= 0e 32 91 07 72 5a 4a 6c c8 78 1c ee e0 28 86 82 | natd_hash: hash= 84 a4 07 6d 3c 7c ee 7b 7f a1 80 eb d8 67 73 71 | expected NAT-D(me): 81 a5 5f 37 46 26 97 b5 4e b0 9d ef e4 39 72 25 | expected NAT-D(me): 10 f8 02 2c 12 04 08 5a 8d d2 ee e0 cd 20 99 8c | expected NAT-D(him): | 0e 32 91 07 72 5a 4a 6c c8 78 1c ee e0 28 86 82 | 84 a4 07 6d 3c 7c ee 7b 7f a1 80 eb d8 67 73 71 | received NAT-D: 81 a5 5f 37 46 26 97 b5 4e b0 9d ef e4 39 72 25 | received NAT-D: 10 f8 02 2c 12 04 08 5a 8d d2 ee e0 cd 20 99 8c | received NAT-D: 0e 32 91 07 72 5a 4a 6c c8 78 1c ee e0 28 86 82 | received NAT-D: 84 a4 07 6d 3c 7c ee 7b 7f a1 80 eb d8 67 73 71 | NAT_TRAVERSAL encaps using auto-detect | NAT_TRAVERSAL this end is NOT behind NAT | NAT_TRAVERSAL that end is NOT behind NAT | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.45 | NAT-Traversal: Result using RFC 3947 (NAT-Traversal) sender port 500: no NAT detected | NAT_T_WITH_KA detected | global one-shot timer EVENT_NAT_T_KEEPALIVE scheduled in 20 seconds | libevent_realloc: release ptr-libevent@0x560690154238 | libevent_realloc: new ptr-libevent@0x5606901c26e8 size 128 | adding inI2_outR2 KE work-order 3 for state #2 | state #2 requesting EVENT_SO_DISCARD to be deleted | libevent_free: release ptr-libevent@0x5606901c1418 | free_event_entry: release EVENT_SO_DISCARD-pe@0x5606901c09e8 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x5606901c09e8 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #2 | libevent_malloc: new ptr-libevent@0x5606901c1418 size 128 | complete v1 state transition with STF_SUSPEND | [RE]START processing: state #2 connection "san" from 192.1.2.45:500 (in complete_v1_state_transition() at ikev1.c:2648) | suspending state #2 and saving MD | #2 is busy; has a suspended MD | #2 spent 0.236 milliseconds in process_packet_tail() | stop processing: from 192.1.2.45:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #2 connection "san" from 192.1.2.45:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.521 milliseconds in comm_handle_cb() reading and processing packet | crypto helper 2 resuming | crypto helper 2 starting work-order 3 for state #2 | crypto helper 2 doing build KE and nonce (inI2_outR2 KE); request ID 3 | crypto helper 2 finished build KE and nonce (inI2_outR2 KE); request ID 3 time elapsed 0.001588 seconds | (#2) spent 1.6 milliseconds in crypto helper computing work-order 3: inI2_outR2 KE (pcr) | crypto helper 2 sending results from work-order 3 for state #2 to event queue | scheduling resume sending helper answer for #2 | libevent_malloc: new ptr-libevent@0x7fee54003f28 size 128 | crypto helper 2 waiting (nothing to do) | processing resume sending helper answer for #2 | start processing: state #2 connection "san" from 192.1.2.45:500 (in resume_handler() at server.c:797) | crypto helper 2 replies to request ID 3 | calling continuation function 0x56068eab5b50 | main_inI2_outR2_continue for #2: calculated ke+nonce, sending R2 | **emit ISAKMP Message: | initiator cookie: | 59 ff 36 35 31 ff 74 f8 | responder cookie: | 93 46 41 2c 3f fd 8e 71 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit ISAKMP Key Exchange Payload: | next payload type: ISAKMP_NEXT_NONCE (0xa) | next payload chain: ignoring supplied 'ISAKMP Key Exchange Payload'.'next payload type' value 10:ISAKMP_NEXT_NONCE | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Key Exchange Payload (4:ISAKMP_NEXT_KE) | next payload chain: saving location 'ISAKMP Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of keyex value into ISAKMP Key Exchange Payload | keyex value cd f6 c7 87 3d a3 6c 5c d5 b9 63 92 f1 a0 42 1e | keyex value 94 65 12 f4 b1 ed 7a 87 b7 a9 6d 83 39 14 d5 d8 | keyex value a2 ee f9 c0 f6 81 af 14 80 bc 0b 7e ff cd 47 d5 | keyex value 64 94 8f 23 2c f9 16 61 5e e2 b7 df 9b 6b e9 be | keyex value ee fa 7a 71 4f 29 fa eb 56 a6 b7 ce 55 25 27 59 | keyex value 73 d1 57 f9 08 80 37 d7 f3 1f 47 22 ef d7 70 b2 | keyex value 7e 4f 8f 55 d5 f1 21 46 89 80 ec 17 77 9d fa 20 | keyex value 57 d8 e8 73 ad f0 8f bf 49 49 ba c5 ef 82 3f 6a | keyex value 50 16 e0 d4 c6 a3 af 7b a9 b5 4e 32 49 2e f9 3d | keyex value c6 30 1a e6 f9 dc fb 97 2e 21 a1 83 46 0d 2c 7a | keyex value ce 0d b7 a4 fb 70 f2 b0 be 64 9d 5c 50 87 1f 33 | keyex value 30 51 34 3f c7 1c f6 da 83 e6 24 02 d4 01 2d e6 | keyex value 84 26 fd ca 5a f5 01 8d 72 a7 10 3d 59 a2 a4 b9 | keyex value 54 9c de ff 87 b1 e0 0f 9c b8 76 48 93 0e de a9 | keyex value 94 3b 00 91 9c 75 00 1c 62 40 9a 59 fa 8c 37 29 | keyex value a2 97 03 66 a1 d0 f5 25 68 08 13 f5 3e 02 d5 79 | emitting length of ISAKMP Key Exchange Payload: 260 | ***emit ISAKMP Nonce Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Key Exchange Payload'.'next payload type' to current ISAKMP Nonce Payload (10:ISAKMP_NEXT_NONCE) | next payload chain: saving location 'ISAKMP Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of Nr into ISAKMP Nonce Payload | Nr 0b 75 e4 b7 6a e7 e0 f5 99 d4 67 d2 dc af 6d 00 | Nr bd 44 a4 56 fb e8 f1 80 7e b4 b1 ea 2e ff 95 46 | emitting length of ISAKMP Nonce Payload: 36 | sending NAT-D payloads | natd_hash: hasher=0x56068eb8aca0(32) | natd_hash: icookie= 59 ff 36 35 31 ff 74 f8 | natd_hash: rcookie= 93 46 41 2c 3f fd 8e 71 | natd_hash: ip= c0 01 02 2d | natd_hash: port=500 | natd_hash: hash= 0e 32 91 07 72 5a 4a 6c c8 78 1c ee e0 28 86 82 | natd_hash: hash= 84 a4 07 6d 3c 7c ee 7b 7f a1 80 eb d8 67 73 71 | ***emit ISAKMP NAT-D Payload: | next payload type: ISAKMP_NEXT_NATD_RFC (0x14) | next payload chain: ignoring supplied 'ISAKMP NAT-D Payload'.'next payload type' value 20:ISAKMP_NEXT_NATD_RFC | next payload chain: setting previous 'ISAKMP Nonce Payload'.'next payload type' to current ISAKMP NAT-D Payload (20:ISAKMP_NEXT_NATD_RFC) | next payload chain: saving location 'ISAKMP NAT-D Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of NAT-D into ISAKMP NAT-D Payload | NAT-D 0e 32 91 07 72 5a 4a 6c c8 78 1c ee e0 28 86 82 | NAT-D 84 a4 07 6d 3c 7c ee 7b 7f a1 80 eb d8 67 73 71 | emitting length of ISAKMP NAT-D Payload: 36 | natd_hash: hasher=0x56068eb8aca0(32) | natd_hash: icookie= 59 ff 36 35 31 ff 74 f8 | natd_hash: rcookie= 93 46 41 2c 3f fd 8e 71 | natd_hash: ip= c0 01 02 17 | natd_hash: port=500 | natd_hash: hash= 81 a5 5f 37 46 26 97 b5 4e b0 9d ef e4 39 72 25 | natd_hash: hash= 10 f8 02 2c 12 04 08 5a 8d d2 ee e0 cd 20 99 8c | ***emit ISAKMP NAT-D Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP NAT-D Payload'.'next payload type' to current ISAKMP NAT-D Payload (20:ISAKMP_NEXT_NATD_RFC) | next payload chain: saving location 'ISAKMP NAT-D Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of NAT-D into ISAKMP NAT-D Payload | NAT-D 81 a5 5f 37 46 26 97 b5 4e b0 9d ef e4 39 72 25 | NAT-D 10 f8 02 2c 12 04 08 5a 8d d2 ee e0 cd 20 99 8c | emitting length of ISAKMP NAT-D Payload: 36 | no IKEv1 message padding required | emitting length of ISAKMP Message: 396 | main inI2_outR2: starting async DH calculation (group=14) | started looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west.testing.libreswan.org, E=user-west@testing.libreswan.org of kind PKK_PSK | actually looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west.testing.libreswan.org, E=user-west@testing.libreswan.org of kind PKK_PSK | line 0: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org) to type PKK_RSA | line 1: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org) to type PKK_RSA | concluding with best_match=000 best=(nil) (lineno=-1) | no PreShared Key Found | adding main_inI2_outR2_tail work-order 4 for state #2 | state #2 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x5606901c1418 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x5606901c09e8 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x5606901c09e8 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #2 | libevent_malloc: new ptr-libevent@0x5606901cf7b8 size 128 | #2 main_inI2_outR2_continue1_tail:1165 st->st_calculating = FALSE; | complete v1 state transition with STF_OK | crypto helper 3 resuming | [RE]START processing: state #2 connection "san" from 192.1.2.45:500 (in complete_v1_state_transition() at ikev1.c:2673) | #2 is idle; has background offloaded task | crypto helper 3 starting work-order 4 for state #2 | doing_xauth:no, t_xauth_client_done:no | crypto helper 3 doing compute dh+iv (V1 Phase 1) (main_inI2_outR2_tail); request ID 4 | IKEv1: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2 | parent state #2: MAIN_R1(open IKE SA) => MAIN_R2(open IKE SA) | event_already_set, deleting event | state #2 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x5606901cf7b8 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x5606901c09e8 | sending reply packet to 192.1.2.45:500 (from 192.1.2.23:500) | sending 396 bytes for STATE_MAIN_R1 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #2) | 59 ff 36 35 31 ff 74 f8 93 46 41 2c 3f fd 8e 71 | 04 10 02 00 00 00 00 00 00 00 01 8c 0a 00 01 04 | cd f6 c7 87 3d a3 6c 5c d5 b9 63 92 f1 a0 42 1e | 94 65 12 f4 b1 ed 7a 87 b7 a9 6d 83 39 14 d5 d8 | a2 ee f9 c0 f6 81 af 14 80 bc 0b 7e ff cd 47 d5 | 64 94 8f 23 2c f9 16 61 5e e2 b7 df 9b 6b e9 be | ee fa 7a 71 4f 29 fa eb 56 a6 b7 ce 55 25 27 59 | 73 d1 57 f9 08 80 37 d7 f3 1f 47 22 ef d7 70 b2 | 7e 4f 8f 55 d5 f1 21 46 89 80 ec 17 77 9d fa 20 | 57 d8 e8 73 ad f0 8f bf 49 49 ba c5 ef 82 3f 6a | 50 16 e0 d4 c6 a3 af 7b a9 b5 4e 32 49 2e f9 3d | c6 30 1a e6 f9 dc fb 97 2e 21 a1 83 46 0d 2c 7a | ce 0d b7 a4 fb 70 f2 b0 be 64 9d 5c 50 87 1f 33 | 30 51 34 3f c7 1c f6 da 83 e6 24 02 d4 01 2d e6 | 84 26 fd ca 5a f5 01 8d 72 a7 10 3d 59 a2 a4 b9 | 54 9c de ff 87 b1 e0 0f 9c b8 76 48 93 0e de a9 | 94 3b 00 91 9c 75 00 1c 62 40 9a 59 fa 8c 37 29 | a2 97 03 66 a1 d0 f5 25 68 08 13 f5 3e 02 d5 79 | 14 00 00 24 0b 75 e4 b7 6a e7 e0 f5 99 d4 67 d2 | dc af 6d 00 bd 44 a4 56 fb e8 f1 80 7e b4 b1 ea | 2e ff 95 46 14 00 00 24 0e 32 91 07 72 5a 4a 6c | c8 78 1c ee e0 28 86 82 84 a4 07 6d 3c 7c ee 7b | 7f a1 80 eb d8 67 73 71 00 00 00 24 81 a5 5f 37 | 46 26 97 b5 4e b0 9d ef e4 39 72 25 10 f8 02 2c | 12 04 08 5a 8d d2 ee e0 cd 20 99 8c | !event_already_set at reschedule | event_schedule: new EVENT_RETRANSMIT-pe@0x5606901c09e8 | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #2 | libevent_malloc: new ptr-libevent@0x5606901cf7b8 size 128 | #2 STATE_MAIN_R2: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 10526.735487 "san" #2: STATE_MAIN_R2: sent MR2, expecting MI3 | modecfg pull: noquirk policy:push not-client | phase 1 is done, looking for phase 2 to unpend | resume sending helper answer for #2 suppresed complete_v1_state_transition() | #2 spent 0.791 milliseconds in resume sending helper answer | stop processing: state #2 connection "san" from 192.1.2.45:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7fee54003f28 | crypto helper 3 finished compute dh+iv (V1 Phase 1) (main_inI2_outR2_tail); request ID 4 time elapsed 0.001372 seconds | (#2) spent 1.37 milliseconds in crypto helper computing work-order 4: main_inI2_outR2_tail (pcr) | crypto helper 3 sending results from work-order 4 for state #2 to event queue | scheduling resume sending helper answer for #2 | libevent_malloc: new ptr-libevent@0x7fee480051d8 size 128 | crypto helper 3 waiting (nothing to do) | processing resume sending helper answer for #2 | start processing: state #2 connection "san" from 192.1.2.45:500 (in resume_handler() at server.c:797) | crypto helper 3 replies to request ID 4 | calling continuation function 0x56068eab5b50 | main_inI2_outR2_calcdone for #2: calculate DH finished | [RE]START processing: state #2 connection "san" from 192.1.2.45:500 (in main_inI2_outR2_continue2() at ikev1_main.c:1015) | stop processing: state #2 connection "san" from 192.1.2.45:500 (in main_inI2_outR2_continue2() at ikev1_main.c:1028) | resume sending helper answer for #2 suppresed complete_v1_state_transition() | #2 spent 0.0506 milliseconds in resume sending helper answer | processing: STOP state #0 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7fee480051d8 | spent 0.00494 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 1884 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 59 ff 36 35 31 ff 74 f8 93 46 41 2c 3f fd 8e 71 | 05 10 02 01 00 00 00 00 00 00 07 5c e4 72 35 5f | 36 a5 43 83 ca bc b6 55 2f e9 99 e2 21 b8 7a 77 | 8c 62 28 25 ef c5 e8 48 d6 9f 68 da 51 b1 f7 81 | 80 7c 09 13 15 d9 72 70 39 a7 84 f5 16 26 c8 7e | 55 e4 18 0e a7 7a ed d8 57 da 4a e3 58 2f a0 16 | 4f f0 f8 9c e6 dc 98 23 a5 45 dc b6 e1 8e 5f f5 | 85 90 a8 4b 42 45 30 94 19 11 e9 ac b4 b7 a2 f0 | ee ea bc 57 74 96 7a 00 ff 79 0a 5b 0a d6 88 63 | 15 69 be 0d 81 fa b2 02 38 e6 ae 47 43 0d 94 f2 | 2f 32 72 ca 4f c8 68 1d 20 b0 8a 36 30 0e 57 9b | 1e 0e 1a 0e e9 a7 aa b9 cd 2e 1f 42 32 d5 02 c3 | 9d 1e a2 ca bf 01 c7 c7 84 46 c2 a0 6f 8f 92 c0 | 45 a3 fb 4e ee a1 93 2f e6 f9 64 6a 15 c8 c3 72 | 17 f4 16 e9 0c 26 47 df 11 56 39 1d 52 bb 2b a9 | ac dc 7a ec bf 57 34 02 3c 45 3b d7 2f 2f 9e db | fd 06 d6 49 e3 39 5d 97 fe 14 b1 48 92 20 2e f8 | fa b2 6e 75 30 51 ff 0d 9f bc 47 d5 e5 a8 c3 b7 | 6b 28 d9 eb ed a4 dc 78 ee bd 4f b1 b8 3c 00 15 | 86 ac 09 23 9c c7 3f 91 bb a1 ea 30 24 9b 2c f9 | 41 33 eb b4 df 49 6d c1 87 55 08 16 f8 cb 0c b7 | dd 7c 1d 12 a1 89 ae a0 77 c2 e4 f0 61 51 3e 89 | f0 5d c7 a3 92 e3 8e 30 a9 1c 89 fc bd db 34 a9 | 11 d3 06 7f 23 90 36 7b 39 65 11 f4 d2 fa a0 60 | 61 d8 f9 5d 3c a1 a3 0c e9 66 b0 62 78 7d 0d ec | 9a 2f 60 d0 c2 55 0b 88 29 0d 54 a1 6c 70 e8 04 | 56 81 e7 cf f2 42 f3 17 00 39 21 3a 89 c3 e2 ec | 7c c4 c2 37 04 e8 2c 33 91 94 d9 9b 70 3b 11 ee | a1 fe e2 e7 52 7f 41 25 5f f2 5f ea f9 22 bf fd | 16 a5 96 80 ce 6b 77 86 26 db 7e 86 e7 de 74 c8 | 0b 40 48 ed 56 f6 4d 39 44 5d 1b d6 f2 fa 43 d1 | 6d 05 9d 38 76 12 df 52 0c 17 28 b6 f9 fc 86 5a | a1 6b 40 2a 7e cc 2b 3b 59 a7 9e 11 4b 1c 03 f8 | 5b 74 61 5b a0 17 e4 dc 20 72 78 e7 59 99 a1 59 | 91 ac ac 54 7c 6b e9 09 3b eb 85 a9 3e d4 e2 52 | c7 05 f4 bc c7 31 51 39 b8 e6 e8 16 0e 49 ea b9 | 1f 94 30 de a7 c6 82 ab 82 71 30 44 13 69 28 99 | b3 f8 5b 2c f2 3c 46 27 cd ff 73 9a ae 16 71 2a | d3 20 3b fd cd 32 82 65 de dc 0d ac 4b 85 e4 cd | fd d4 c3 3b 25 85 c5 79 91 d7 1e 61 77 73 99 1e | 8d 04 87 7d 81 5c fe 17 73 55 5b 43 7f 03 97 bc | 61 54 8e 2e 42 12 05 53 39 d8 ca ba 64 e1 74 6c | dd 7a ca e5 58 ed 96 a3 ab d1 ef ab 6c 54 83 60 | f6 dc 77 20 60 9d 64 2e f0 ef 4d 64 4e a7 25 6c | 03 79 67 f8 c1 cb 78 89 8d 0b a4 a5 74 3f b0 2a | 1e 2c 03 82 27 0b eb 22 27 9b c7 8c b3 40 3c 88 | e0 08 02 66 8f af 9f 32 2b 26 8c 04 96 bc a1 34 | 21 de 24 73 14 17 a1 2a b2 c3 ec b7 51 61 00 a2 | 02 f2 c7 96 fa e4 76 21 4f 1a 6d 95 1d 98 2b b1 | 8c de a0 b3 e2 50 0e 64 30 70 1b b4 7c 15 b7 17 | de c4 ce 7c 3c 15 ee 64 bf 96 78 89 72 a4 84 49 | cc 75 9b 65 26 64 bb 1a 5c 6f a8 9e 63 d9 53 5e | f2 77 e3 6f 56 c8 0c f4 4a 11 57 5b b1 ba 1e 9e | be 19 3e 46 00 86 59 8a b7 ae 6e 01 26 83 a1 65 | da 69 b6 29 52 c5 37 85 7c 6e a5 01 f2 e8 d5 be | fc ac 1f 56 ea e2 39 42 74 6e 5e 6d 44 b5 2e 6b | ef 48 d9 52 59 97 98 cd 18 93 4d c3 93 e9 b1 cc | da ac 90 58 35 fd b9 ce 9a 3f 90 49 21 3f 58 65 | 34 26 a6 26 b5 38 e0 47 74 0b 3d a0 30 d4 4b d5 | 14 f4 6c 98 65 ad 23 5b 4d 5f e6 5b f6 63 c5 5a | 1e 18 fa dc 5c bb a0 c7 48 6d 9b e7 e2 bd f1 d9 | 7a 3d 05 f8 d1 f6 8d b5 8b 88 ec 2f a0 3b c5 56 | fb 6e 88 36 55 66 b4 cd fd 32 ac fa fc 96 e0 24 | 9f 4f 47 9e f9 08 4f d5 b0 b6 1c ba df e1 7c ce | eb fe 3d 6b 79 01 98 53 43 14 32 5f ab 66 f3 13 | 90 1b d9 48 ca 95 bd 27 d1 a9 f8 db e4 62 66 6f | f5 e3 6e d6 8d db 82 24 ec 02 ab fc b8 8b 40 ad | fb 04 84 31 c0 00 27 17 f7 08 ef 82 6a ac 75 71 | 02 f6 f5 05 dd 18 50 ca ef e4 82 73 33 ce 6f ae | 9e fa 69 17 b1 c2 14 28 48 1a c6 ee de d7 60 fd | f3 c0 25 60 7f 9d e4 ab 4a d1 1a 3d 6d 35 5b 6a | 5c 7b 65 f2 d8 d1 3b f0 5b 4b 23 55 bb f7 a4 dc | 2c 54 49 93 c1 ca 57 45 34 96 9e 0b c9 82 1d 27 | a3 98 4b f2 0a f5 1f d4 06 a2 42 4e 50 82 d0 3e | dd 36 35 24 a3 97 9a 1d 31 b5 19 8f 34 24 e2 53 | c7 d8 93 63 7b a4 7b 63 97 10 1a 15 6e 6f 90 46 | 7a 83 e6 c0 21 0d d7 c8 09 79 ee 59 5e 71 7e f1 | 11 6c 86 a3 3c d1 41 20 ce de b5 9a ef da 49 44 | 58 1b 73 f9 67 33 6d 4c ad ef ec 26 b6 21 9f ef | ef 36 63 0a f2 f1 28 e8 33 3a 1a 26 0c b6 c8 53 | d9 44 63 51 cf b4 c3 41 f4 10 a3 f2 49 c5 b4 85 | 60 5d 7f 71 57 24 c7 1b cd b0 34 26 af b7 3f 41 | c7 8a e1 88 e6 4a 1f 7f f3 b9 d2 84 ad d0 24 46 | 59 4e 3a f3 2e 62 67 04 46 c1 58 8e d9 13 ba 4d | 36 b5 d3 35 f5 ed a8 90 19 97 ce 53 16 4a ab b4 | 96 dc 4e e4 cb 12 aa ac 35 73 5e f9 39 c9 fb 17 | 15 9b 0a 56 bb e0 92 6d 7e d3 ee 33 bd e7 0b bc | 3e 9c 9c 23 1d e4 8c 04 66 e7 48 d8 48 c9 69 bc | 9a 06 18 2f 33 5b af 53 be 2e 52 e7 dd ec ac da | 39 0d 2c 1f 44 82 f5 36 5f da 91 05 37 6b 20 54 | d0 61 04 f0 ae 3b 20 e7 8e 1c 1d 53 a2 25 fd a8 | 6c 78 35 ab e0 8f 07 f5 4b 93 0d a8 39 7e 91 b0 | 50 14 22 9e 2b 09 ca dc e2 1a c5 d1 d9 7f e4 50 | f1 fb 9d b7 18 48 9e 78 34 0d c8 8f 80 ec da 98 | 04 6c 97 fe 50 2a 4b 93 7d fa b1 f6 cf a4 05 42 | c0 01 a1 ae 76 72 24 f1 00 b8 7f ec d0 a0 a7 08 | b6 6b ba 84 78 51 de 78 aa e2 e3 69 e3 9a 66 80 | 48 c3 6f eb e3 d8 81 bb 7f 84 a1 88 4f 1a 55 a6 | 30 8e 13 7b 71 46 43 07 56 34 df a2 2a 8f 2d 3a | 72 f8 c5 49 03 19 86 dc 1e fe 09 f9 3c 87 fb 6b | 1a b9 7f 5b 84 65 00 73 52 f6 e2 5a 81 53 24 59 | 32 15 d8 f0 cc 7d 3b 8d 51 2a 2e f8 f4 ac 32 7a | f5 11 be 29 ba 37 8f 20 bb 51 57 03 68 a9 da 33 | 2a a6 c6 d4 71 42 37 5d bd 00 4e d2 cc f5 54 fb | c5 3c ca 66 31 f9 11 b6 08 71 67 5c be 01 da 2f | 8c ba 77 13 a3 95 13 04 86 a7 7b 35 61 d5 6a 8f | c8 24 dc 26 49 ff 86 d4 0a b9 db 6b 72 56 a0 7f | f9 9c c5 1a c1 74 9e f7 ba 1d 58 a5 c5 06 58 fc | 83 d6 4b 9a 21 84 dc 90 59 cc 7a a0 3c da 2c 49 | 56 e0 da e8 eb 6b 1d 0c aa 88 01 d0 fe 24 2b 5c | cb 13 a5 cd 03 25 46 9f a4 40 2c 29 79 7c a1 c1 | c8 ea 38 41 d6 19 3c a2 00 8d 09 f9 c7 6a 3f 4c | 66 d7 dd 37 0c cd ba 0f ef 9a 58 76 dd 67 58 98 | a6 dc 65 1a b3 cd 5f dd 1d d1 a2 1a 89 24 4a 52 | bc aa 86 7c 59 1f 4f 33 73 c3 f3 7f 8c 1f 8c 51 | e2 0a ec 5d 01 d8 de 08 a4 9f 6d 1b 79 e0 a2 cd | 14 6b 1e 23 f7 e6 8f 6f 2f af e8 8a 2f 85 34 92 | 2a fd c0 e5 85 a8 8d ab 1a 54 8f 8e | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 59 ff 36 35 31 ff 74 f8 | responder cookie: | 93 46 41 2c 3f fd 8e 71 | next payload type: ISAKMP_NEXT_ID (0x5) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 0 (0x0) | length: 1884 (0x75c) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #2 in MAIN_R2 (find_state_ikev1) | start processing: state #2 connection "san" from 192.1.2.45:500 (in process_v1_packet() at ikev1.c:1459) | #2 is idle | #2 idle | received encrypted packet from 192.1.2.45:500 | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x220 opt: 0x20c0 | ***parse ISAKMP Identification Payload: | next payload type: ISAKMP_NEXT_CERT (0x6) | length: 191 (0xbf) | ID type: ID_DER_ASN1_DN (0x9) | DOI specific A: 0 (0x0) | DOI specific B: 0 (0x0) | obj: 30 81 b4 31 0b 30 09 06 03 55 04 06 13 02 43 41 | obj: 31 10 30 0e 06 03 55 04 08 13 07 4f 6e 74 61 72 | obj: 69 6f 31 10 30 0e 06 03 55 04 07 13 07 54 6f 72 | obj: 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 13 09 4c | obj: 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 | obj: 0b 13 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 | obj: 6e 74 31 23 30 21 06 03 55 04 03 13 1a 77 65 73 | obj: 74 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 | obj: 77 61 6e 2e 6f 72 67 31 2e 30 2c 06 09 2a 86 48 | obj: 86 f7 0d 01 09 01 16 1f 75 73 65 72 2d 77 65 73 | obj: 74 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 | obj: 77 61 6e 2e 6f 72 67 | got payload 0x40 (ISAKMP_NEXT_CERT) needed: 0x200 opt: 0x20c0 | ***parse ISAKMP Certificate Payload: | next payload type: ISAKMP_NEXT_CR (0x7) | length: 1265 (0x4f1) | cert encoding: CERT_X509_SIGNATURE (0x4) | got payload 0x80 (ISAKMP_NEXT_CR) needed: 0x200 opt: 0x20c0 | ***parse ISAKMP Certificate RequestPayload: | next payload type: ISAKMP_NEXT_SIG (0x9) | length: 5 (0x5) | cert type: CERT_X509_SIGNATURE (0x4) | got payload 0x200 (ISAKMP_NEXT_SIG) needed: 0x200 opt: 0x20c0 | ***parse ISAKMP Signature Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 388 (0x184) | removing 7 bytes of padding | message 'main_inI3_outR3' HASH payload not checked early | DER ASN1 DN: 30 81 b4 31 0b 30 09 06 03 55 04 06 13 02 43 41 | DER ASN1 DN: 31 10 30 0e 06 03 55 04 08 13 07 4f 6e 74 61 72 | DER ASN1 DN: 69 6f 31 10 30 0e 06 03 55 04 07 13 07 54 6f 72 | DER ASN1 DN: 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 13 09 4c | DER ASN1 DN: 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 | DER ASN1 DN: 0b 13 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 | DER ASN1 DN: 6e 74 31 23 30 21 06 03 55 04 03 13 1a 77 65 73 | DER ASN1 DN: 74 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 | DER ASN1 DN: 77 61 6e 2e 6f 72 67 31 2e 30 2c 06 09 2a 86 48 | DER ASN1 DN: 86 f7 0d 01 09 01 16 1f 75 73 65 72 2d 77 65 73 | DER ASN1 DN: 74 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 | DER ASN1 DN: 77 61 6e 2e 6f 72 67 "san" #2: Peer ID is ID_DER_ASN1_DN: 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west.testing.libreswan.org, E=user-west@testing.libreswan.org' | global one-shot timer EVENT_FREE_ROOT_CERTS scheduled in 300 seconds | #2 spent 0.0113 milliseconds in find_and_verify_certs() calling get_root_certs() | checking for known CERT payloads | saving certificate of type 'X509_SIGNATURE' | decoded cert: E=user-west@testing.libreswan.org,CN=west.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA | #2 spent 0.52 milliseconds in find_and_verify_certs() calling decode_cert_payloads() | cert_issuer_has_current_crl: looking for a CRL issued by E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA | #2 spent 0.0636 milliseconds in find_and_verify_certs() calling crl_update_check() | missing or expired CRL | crl_strict: 0, ocsp: 0, ocsp_strict: 0, ocsp_post: 0 | verify_end_cert trying profile IPsec "san" #2: Certificate E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA failed IPsec verification "san" #2: ERROR: The certificate was signed using a signature algorithm that is disabled because it is not secure. | #2 spent 0.635 milliseconds in find_and_verify_certs() calling verify_end_cert() "san" #2: X509: Certificate rejected for this connection "san" #2: X509: CERT payload bogus or revoked | Peer ID failed to decode | complete v1 state transition with INVALID_ID_INFORMATION | [RE]START processing: state #2 connection "san" from 192.1.2.45:500 (in complete_v1_state_transition() at ikev1.c:2673) | #2 is idle "san" #2: sending encrypted notification INVALID_ID_INFORMATION to 192.1.2.45:500 | **emit ISAKMP Message: | initiator cookie: | 59 ff 36 35 31 ff 74 f8 | responder cookie: | 93 46 41 2c 3f fd 8e 71 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_INFO (0x5) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 1755867482 (0x68a8695a) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'notification msg' | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload | emitting length of ISAKMP Hash Payload: 36 | ***emit ISAKMP Notification Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | DOI: ISAKMP_DOI_IPSEC (0x1) | protocol ID: 1 (0x1) | SPI size: 0 (0x0) | Notify Message Type: INVALID_ID_INFORMATION (0x12) | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Notification Payload (11:ISAKMP_NEXT_N) | next payload chain: saving location 'ISAKMP Notification Payload'.'next payload type' in 'notification msg' | emitting length of ISAKMP Notification Payload: 12 | send notification HASH(1): | 39 5b 71 7e 16 20 dc c0 64 de 8b 5c 63 06 50 76 | ca 32 15 cb 37 38 4f e1 ff 28 23 92 ee d5 1b 98 | no IKEv1 message padding required | emitting length of ISAKMP Message: 76 | sending 76 bytes for notification packet through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #2) | 59 ff 36 35 31 ff 74 f8 93 46 41 2c 3f fd 8e 71 | 08 10 05 01 68 a8 69 5a 00 00 00 4c 92 0a 9a 7c | 03 c6 55 a0 04 8c e2 a6 b3 b6 6d 49 b5 fb 78 7b | a2 f0 a9 e8 46 d2 5b 54 04 ad 73 3d 96 57 88 7f | bb 89 86 8b a7 44 74 8e 13 86 43 98 | state transition function for STATE_MAIN_R2 failed: INVALID_ID_INFORMATION | #2 spent 1.63 milliseconds in process_packet_tail() | stop processing: from 192.1.2.45:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #2 connection "san" from 192.1.2.45:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 2.15 milliseconds in comm_handle_cb() reading and processing packet | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | FOR_EACH_CONNECTION_... in show_connections_status | FOR_EACH_CONNECTION_... in show_connections_status | FOR_EACH_STATE_... in show_states_status (sort_states) | FOR_EACH_STATE_... in sort_states | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.389 milliseconds in whack | timer_event_cb: processing event@0x5606901c09e8 | handling event EVENT_RETRANSMIT for parent state #2 | start processing: state #2 connection "san" from 192.1.2.45:500 (in timer_event_cb() at timer.c:250) | IKEv1 retransmit event | [RE]START processing: state #2 connection "san" from 192.1.2.45:500 (in retransmit_v1_msg() at retry.c:61) | handling event EVENT_RETRANSMIT for 192.1.2.45 "san" #2 keying attempt 0 of 0; retransmit 1 | retransmits: current time 10527.235828; retransmit count 0 exceeds limit? NO; deltatime 0.5 exceeds limit? NO; monotime 0.500341 exceeds limit? NO | event_schedule: new EVENT_RETRANSMIT-pe@0x5606901c8b48 | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #2 | libevent_malloc: new ptr-libevent@0x7fee54003f28 size 128 "san" #2: STATE_MAIN_R2: retransmission; will wait 0.5 seconds for response | sending 396 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #2) | 59 ff 36 35 31 ff 74 f8 93 46 41 2c 3f fd 8e 71 | 04 10 02 00 00 00 00 00 00 00 01 8c 0a 00 01 04 | cd f6 c7 87 3d a3 6c 5c d5 b9 63 92 f1 a0 42 1e | 94 65 12 f4 b1 ed 7a 87 b7 a9 6d 83 39 14 d5 d8 | a2 ee f9 c0 f6 81 af 14 80 bc 0b 7e ff cd 47 d5 | 64 94 8f 23 2c f9 16 61 5e e2 b7 df 9b 6b e9 be | ee fa 7a 71 4f 29 fa eb 56 a6 b7 ce 55 25 27 59 | 73 d1 57 f9 08 80 37 d7 f3 1f 47 22 ef d7 70 b2 | 7e 4f 8f 55 d5 f1 21 46 89 80 ec 17 77 9d fa 20 | 57 d8 e8 73 ad f0 8f bf 49 49 ba c5 ef 82 3f 6a | 50 16 e0 d4 c6 a3 af 7b a9 b5 4e 32 49 2e f9 3d | c6 30 1a e6 f9 dc fb 97 2e 21 a1 83 46 0d 2c 7a | ce 0d b7 a4 fb 70 f2 b0 be 64 9d 5c 50 87 1f 33 | 30 51 34 3f c7 1c f6 da 83 e6 24 02 d4 01 2d e6 | 84 26 fd ca 5a f5 01 8d 72 a7 10 3d 59 a2 a4 b9 | 54 9c de ff 87 b1 e0 0f 9c b8 76 48 93 0e de a9 | 94 3b 00 91 9c 75 00 1c 62 40 9a 59 fa 8c 37 29 | a2 97 03 66 a1 d0 f5 25 68 08 13 f5 3e 02 d5 79 | 14 00 00 24 0b 75 e4 b7 6a e7 e0 f5 99 d4 67 d2 | dc af 6d 00 bd 44 a4 56 fb e8 f1 80 7e b4 b1 ea | 2e ff 95 46 14 00 00 24 0e 32 91 07 72 5a 4a 6c | c8 78 1c ee e0 28 86 82 84 a4 07 6d 3c 7c ee 7b | 7f a1 80 eb d8 67 73 71 00 00 00 24 81 a5 5f 37 | 46 26 97 b5 4e b0 9d ef e4 39 72 25 10 f8 02 2c | 12 04 08 5a 8d d2 ee e0 cd 20 99 8c | libevent_free: release ptr-libevent@0x5606901cf7b8 | free_event_entry: release EVENT_RETRANSMIT-pe@0x5606901c09e8 | #2 spent 0.386 milliseconds in timer_event_cb() EVENT_RETRANSMIT | stop processing: state #2 connection "san" from 192.1.2.45:500 (in timer_event_cb() at timer.c:557) | timer_event_cb: processing event@0x5606901c8b48 | handling event EVENT_RETRANSMIT for parent state #2 | start processing: state #2 connection "san" from 192.1.2.45:500 (in timer_event_cb() at timer.c:250) | IKEv1 retransmit event | [RE]START processing: state #2 connection "san" from 192.1.2.45:500 (in retransmit_v1_msg() at retry.c:61) | handling event EVENT_RETRANSMIT for 192.1.2.45 "san" #2 keying attempt 0 of 0; retransmit 2 | retransmits: current time 10527.737802; retransmit count 1 exceeds limit? NO; deltatime 1 exceeds limit? NO; monotime 1.002315 exceeds limit? NO | event_schedule: new EVENT_RETRANSMIT-pe@0x5606901c09e8 | inserting event EVENT_RETRANSMIT, timeout in 1 seconds for #2 | libevent_malloc: new ptr-libevent@0x5606901cf7b8 size 128 "san" #2: STATE_MAIN_R2: retransmission; will wait 1 seconds for response | sending 396 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #2) | 59 ff 36 35 31 ff 74 f8 93 46 41 2c 3f fd 8e 71 | 04 10 02 00 00 00 00 00 00 00 01 8c 0a 00 01 04 | cd f6 c7 87 3d a3 6c 5c d5 b9 63 92 f1 a0 42 1e | 94 65 12 f4 b1 ed 7a 87 b7 a9 6d 83 39 14 d5 d8 | a2 ee f9 c0 f6 81 af 14 80 bc 0b 7e ff cd 47 d5 | 64 94 8f 23 2c f9 16 61 5e e2 b7 df 9b 6b e9 be | ee fa 7a 71 4f 29 fa eb 56 a6 b7 ce 55 25 27 59 | 73 d1 57 f9 08 80 37 d7 f3 1f 47 22 ef d7 70 b2 | 7e 4f 8f 55 d5 f1 21 46 89 80 ec 17 77 9d fa 20 | 57 d8 e8 73 ad f0 8f bf 49 49 ba c5 ef 82 3f 6a | 50 16 e0 d4 c6 a3 af 7b a9 b5 4e 32 49 2e f9 3d | c6 30 1a e6 f9 dc fb 97 2e 21 a1 83 46 0d 2c 7a | ce 0d b7 a4 fb 70 f2 b0 be 64 9d 5c 50 87 1f 33 | 30 51 34 3f c7 1c f6 da 83 e6 24 02 d4 01 2d e6 | 84 26 fd ca 5a f5 01 8d 72 a7 10 3d 59 a2 a4 b9 | 54 9c de ff 87 b1 e0 0f 9c b8 76 48 93 0e de a9 | 94 3b 00 91 9c 75 00 1c 62 40 9a 59 fa 8c 37 29 | a2 97 03 66 a1 d0 f5 25 68 08 13 f5 3e 02 d5 79 | 14 00 00 24 0b 75 e4 b7 6a e7 e0 f5 99 d4 67 d2 | dc af 6d 00 bd 44 a4 56 fb e8 f1 80 7e b4 b1 ea | 2e ff 95 46 14 00 00 24 0e 32 91 07 72 5a 4a 6c | c8 78 1c ee e0 28 86 82 84 a4 07 6d 3c 7c ee 7b | 7f a1 80 eb d8 67 73 71 00 00 00 24 81 a5 5f 37 | 46 26 97 b5 4e b0 9d ef e4 39 72 25 10 f8 02 2c | 12 04 08 5a 8d d2 ee e0 cd 20 99 8c | libevent_free: release ptr-libevent@0x7fee54003f28 | free_event_entry: release EVENT_RETRANSMIT-pe@0x5606901c8b48 | #2 spent 0.101 milliseconds in timer_event_cb() EVENT_RETRANSMIT | stop processing: state #2 connection "san" from 192.1.2.45:500 (in timer_event_cb() at timer.c:557) | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) shutting down | processing: RESET whack log_fd (was fd@16) (in exit_pluto() at plutomain.c:1825) destroying root certificate cache | certs and keys locked by 'free_preshared_secrets' forgetting secrets | certs and keys unlocked by 'free_preshared_secrets' | unreference key: 0x5606901c2518 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org cnt 1-- | unreference key: 0x5606901c2078 user-east@testing.libreswan.org cnt 1-- | unreference key: 0x5606901c1af8 @east.testing.libreswan.org cnt 1-- | unreference key: 0x5606901c0388 east@testing.libreswan.org cnt 1-- | unreference key: 0x5606901c0168 192.1.2.23 cnt 1-- | start processing: connection "san" (in delete_connection() at connections.c:189) | Deleting states for connection - including all other IPsec SA's of this IKE SA | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | state #2 | suspend processing: connection "san" (in foreach_state_by_connection_func_delete() at state.c:1310) | start processing: state #2 connection "san" from 192.1.2.45:500 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #2 ikev1.isakmp deleted other | [RE]START processing: state #2 connection "san" from 192.1.2.45:500 (in delete_state() at state.c:879) "san" #2: deleting state (STATE_MAIN_R2) aged 1.014s and NOT sending notification | parent state #2: MAIN_R2(open IKE SA) => delete | state #2 requesting EVENT_RETRANSMIT to be deleted | #2 STATE_MAIN_R2: retransmits: cleared | libevent_free: release ptr-libevent@0x5606901cf7b8 | free_event_entry: release EVENT_RETRANSMIT-pe@0x5606901c09e8 | State DB: IKEv1 state not found (flush_incomplete_children) | stop processing: connection "san" (BACKGROUND) (in update_state_connection() at connections.c:4076) | start processing: connection NULL (in update_state_connection() at connections.c:4077) | in connection_discard for connection san | State DB: deleting IKEv1 state #2 in MAIN_R2 | parent state #2: MAIN_R2(open IKE SA) => UNDEFINED(ignore) | stop processing: state #2 from 192.1.2.45:500 (in delete_state() at state.c:1143) | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | state #1 | start processing: state #1 connection "san" from 192.1.2.45:500 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #1 ikev1.isakmp deleted other | [RE]START processing: state #1 connection "san" from 192.1.2.45:500 (in delete_state() at state.c:879) "san" #1: deleting state (STATE_MAIN_R2) aged 61.023s and NOT sending notification | parent state #1: MAIN_R2(open IKE SA) => delete | state #1 requesting EVENT_RETRANSMIT to be deleted | #1 STATE_MAIN_R2: retransmits: cleared | libevent_free: release ptr-libevent@0x5606901daa38 | free_event_entry: release EVENT_RETRANSMIT-pe@0x7fee58002b78 | State DB: IKEv1 state not found (flush_incomplete_children) | in connection_discard for connection san | State DB: deleting IKEv1 state #1 in MAIN_R2 | parent state #1: MAIN_R2(open IKE SA) => UNDEFINED(ignore) | stop processing: state #1 from 192.1.2.45:500 (in delete_state() at state.c:1143) | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | free hp@0x5606901bd158 | flush revival: connection 'san' wasn't on the list | processing: STOP connection NULL (in discard_connection() at connections.c:249) | crl fetch request list locked by 'free_crl_fetch' | crl fetch request list unlocked by 'free_crl_fetch' shutting down interface lo/lo 127.0.0.1:4500 shutting down interface lo/lo 127.0.0.1:500 shutting down interface eth0/eth0 192.0.2.254:4500 shutting down interface eth0/eth0 192.0.2.254:500 shutting down interface eth1/eth1 192.1.2.23:4500 shutting down interface eth1/eth1 192.1.2.23:500 | FOR_EACH_STATE_... in delete_states_dead_interfaces | libevent_free: release ptr-libevent@0x5606901ae788 | free_event_entry: release EVENT_NULL-pe@0x5606901ba678 | libevent_free: release ptr-libevent@0x560690154f98 | free_event_entry: release EVENT_NULL-pe@0x5606901ba728 | libevent_free: release ptr-libevent@0x5606901548b8 | free_event_entry: release EVENT_NULL-pe@0x5606901ba7d8 | libevent_free: release ptr-libevent@0x56069015c178 | free_event_entry: release EVENT_NULL-pe@0x5606901ba888 | libevent_free: release ptr-libevent@0x56069015c278 | free_event_entry: release EVENT_NULL-pe@0x5606901ba938 | libevent_free: release ptr-libevent@0x56069015c378 | free_event_entry: release EVENT_NULL-pe@0x5606901ba9e8 | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations | libevent_free: release ptr-libevent@0x5606901ae838 | free_event_entry: release EVENT_NULL-pe@0x5606901a2958 | libevent_free: release ptr-libevent@0x560690154ee8 | free_event_entry: release EVENT_NULL-pe@0x5606901a24b8 | libevent_free: release ptr-libevent@0x56069019b498 | free_event_entry: release EVENT_NULL-pe@0x56069015c428 | global timer EVENT_REINIT_SECRET uninitialized | global timer EVENT_SHUNT_SCAN uninitialized | global timer EVENT_PENDING_DDNS uninitialized | global timer EVENT_PENDING_PHASE2 uninitialized | global timer EVENT_CHECK_CRLS uninitialized | global timer EVENT_REVIVE_CONNS uninitialized | global timer EVENT_FREE_ROOT_CERTS uninitialized | global timer EVENT_RESET_LOG_RATE_LIMIT uninitialized | global timer EVENT_NAT_T_KEEPALIVE uninitialized | libevent_free: release ptr-libevent@0x5606901609f8 | signal event handler PLUTO_SIGCHLD uninstalled | libevent_free: release ptr-libevent@0x5606900de778 | signal event handler PLUTO_SIGTERM uninstalled | libevent_free: release ptr-libevent@0x5606901b9e58 | signal event handler PLUTO_SIGHUP uninstalled | libevent_free: release ptr-libevent@0x5606901ba098 | signal event handler PLUTO_SIGSYS uninstalled | releasing event base | libevent_free: release ptr-libevent@0x5606901b9f68 | libevent_free: release ptr-libevent@0x56069019cd78 | libevent_free: release ptr-libevent@0x56069019cd28 | libevent_free: release ptr-libevent@0x5606901c26e8 | libevent_free: release ptr-libevent@0x56069019cce8 | libevent_free: release ptr-libevent@0x5606901b9b28 | libevent_free: release ptr-libevent@0x5606901b9d98 | libevent_free: release ptr-libevent@0x56069019cf28 | libevent_free: release ptr-libevent@0x5606901a2528 | libevent_free: release ptr-libevent@0x5606901a2188 | libevent_free: release ptr-libevent@0x5606901baa58 | libevent_free: release ptr-libevent@0x5606901ba9a8 | libevent_free: release ptr-libevent@0x5606901ba8f8 | libevent_free: release ptr-libevent@0x5606901ba848 | libevent_free: release ptr-libevent@0x5606901ba798 | libevent_free: release ptr-libevent@0x5606901ba6e8 | libevent_free: release ptr-libevent@0x5606900dda98 | libevent_free: release ptr-libevent@0x5606901b9e18 | libevent_free: release ptr-libevent@0x5606901b9dd8 | libevent_free: release ptr-libevent@0x5606901b9c98 | libevent_free: release ptr-libevent@0x5606901b9f28 | libevent_free: release ptr-libevent@0x5606901b9b68 | libevent_free: release ptr-libevent@0x560690162588 | libevent_free: release ptr-libevent@0x560690162508 | libevent_free: release ptr-libevent@0x5606900dde08 | releasing global libevent data | libevent_free: release ptr-libevent@0x560690162708 | libevent_free: release ptr-libevent@0x560690162688 | libevent_free: release ptr-libevent@0x560690162608 leak detective found no leaks