FIPS Product: YES FIPS Kernel: NO FIPS Mode: NO NSS DB directory: sql:/etc/ipsec.d Initializing NSS Opening NSS database "sql:/etc/ipsec.d" read-only NSS initialized NSS crypto library initialized FIPS HMAC integrity support [enabled] FIPS mode disabled for pluto daemon FIPS HMAC integrity verification self-test FAILED libcap-ng support [enabled] Linux audit support [enabled] Linux audit activated Starting Pluto (Libreswan Version v3.28-685-gbfd5aef521-master-s2 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:24906 core dump dir: /var/tmp secrets file: /etc/ipsec.secrets leak-detective enabled NSS crypto [enabled] XAUTH PAM support [enabled] | libevent is using pluto's memory allocator Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800) | libevent_malloc: new ptr-libevent@0x55ebb7ea4ba8 size 40 | libevent_malloc: new ptr-libevent@0x55ebb7ea4cd8 size 40 | libevent_malloc: new ptr-libevent@0x55ebb7ea4dd8 size 40 | creating event base | libevent_malloc: new ptr-libevent@0x55ebb7f29558 size 56 | libevent_malloc: new ptr-libevent@0x55ebb7ecdce8 size 664 | libevent_malloc: new ptr-libevent@0x55ebb7f295c8 size 24 | libevent_malloc: new ptr-libevent@0x55ebb7f29618 size 384 | libevent_malloc: new ptr-libevent@0x55ebb7f29518 size 16 | libevent_malloc: new ptr-libevent@0x55ebb7ea4908 size 40 | libevent_malloc: new ptr-libevent@0x55ebb7ea4d38 size 48 | libevent_realloc: new ptr-libevent@0x55ebb7ecd978 size 256 | libevent_malloc: new ptr-libevent@0x55ebb7f297c8 size 16 | libevent_free: release ptr-libevent@0x55ebb7f29558 | libevent initialized | libevent_realloc: new ptr-libevent@0x55ebb7f29558 size 64 | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds | init_nat_traversal() initialized with keep_alive=0s NAT-Traversal support [enabled] | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized | global one-shot timer EVENT_FREE_ROOT_CERTS initialized | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds | global one-shot timer EVENT_REVIVE_CONNS initialized | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds Encryption algorithms: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm, aes_ccm_c AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_b AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_a 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] 3des CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128} CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} camellia AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm, aes_gcm_c AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_b AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_a AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aesctr AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aes SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} serpent TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} twofish TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} twofish_cbc_ssh NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_gmac NULL IKEv1: ESP IKEv2: ESP [] CHACHA20_POLY1305 IKEv1: IKEv2: IKE ESP [*256] chacha20poly1305 Hash algorithms: MD5 IKEv1: IKE IKEv2: SHA1 IKEv1: IKE IKEv2: FIPS sha SHA2_256 IKEv1: IKE IKEv2: FIPS sha2, sha256 SHA2_384 IKEv1: IKE IKEv2: FIPS sha384 SHA2_512 IKEv1: IKE IKEv2: FIPS sha512 PRF algorithms: HMAC_MD5 IKEv1: IKE IKEv2: IKE md5 HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS sha, sha1 HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS sha2, sha256, sha2_256 HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS sha384, sha2_384 HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS sha512, sha2_512 AES_XCBC IKEv1: IKEv2: IKE aes128_xcbc Integrity algorithms: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH md5, hmac_md5 HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha, sha1, sha1_96, hmac_sha1 HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha512, sha2_512, sha2_512_256, hmac_sha2_512 HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha384, sha2_384, sha2_384_192, hmac_sha2_384 HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH aes_xcbc, aes128_xcbc, aes128_xcbc_96 AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac NONE IKEv1: ESP IKEv2: IKE ESP FIPS null DH algorithms: NONE IKEv1: IKEv2: IKE ESP AH FIPS null, dh0 MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh5 MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh14 MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh15 MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh16 MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh17 MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh18 DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_256, ecp256 DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_384, ecp384 DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_521, ecp521 DH31 IKEv1: IKE IKEv2: IKE ESP AH curve25519 testing CAMELLIA_CBC: Camellia: 16 bytes with 128-bit key Camellia: 16 bytes with 128-bit key Camellia: 16 bytes with 256-bit key Camellia: 16 bytes with 256-bit key testing AES_GCM_16: empty string one block two blocks two blocks with associated data testing AES_CTR: Encrypting 16 octets using AES-CTR with 128-bit key Encrypting 32 octets using AES-CTR with 128-bit key Encrypting 36 octets using AES-CTR with 128-bit key Encrypting 16 octets using AES-CTR with 192-bit key Encrypting 32 octets using AES-CTR with 192-bit key Encrypting 36 octets using AES-CTR with 192-bit key Encrypting 16 octets using AES-CTR with 256-bit key Encrypting 32 octets using AES-CTR with 256-bit key Encrypting 36 octets using AES-CTR with 256-bit key testing AES_CBC: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key testing AES_XCBC: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) testing HMAC_MD5: RFC 2104: MD5_HMAC test 1 RFC 2104: MD5_HMAC test 2 RFC 2104: MD5_HMAC test 3 8 CPU cores online starting up 7 crypto helpers started thread for crypto helper 0 | starting up helper thread 0 | status value returned by setting the priority of this thread (crypto helper 0) 22 | crypto helper 0 waiting (nothing to do) started thread for crypto helper 1 | starting up helper thread 1 | status value returned by setting the priority of this thread (crypto helper 1) 22 | crypto helper 1 waiting (nothing to do) started thread for crypto helper 2 | starting up helper thread 2 | status value returned by setting the priority of this thread (crypto helper 2) 22 started thread for crypto helper 3 | starting up helper thread 3 | crypto helper 2 waiting (nothing to do) | status value returned by setting the priority of this thread (crypto helper 3) 22 | crypto helper 3 waiting (nothing to do) started thread for crypto helper 4 | starting up helper thread 4 | status value returned by setting the priority of this thread (crypto helper 4) 22 started thread for crypto helper 5 | crypto helper 4 waiting (nothing to do) | starting up helper thread 5 | status value returned by setting the priority of this thread (crypto helper 5) 22 | crypto helper 5 waiting (nothing to do) started thread for crypto helper 6 | checking IKEv1 state table | starting up helper thread 6 | status value returned by setting the priority of this thread (crypto helper 6) 22 | crypto helper 6 waiting (nothing to do) | MAIN_R0: category: half-open IKE SA flags: 0: | -> MAIN_R1 EVENT_SO_DISCARD | MAIN_I1: category: half-open IKE SA flags: 0: | -> MAIN_I2 EVENT_RETRANSMIT | MAIN_R1: category: open IKE SA flags: 200: | -> MAIN_R2 EVENT_RETRANSMIT | -> UNDEFINED EVENT_RETRANSMIT | -> UNDEFINED EVENT_RETRANSMIT | MAIN_I2: category: open IKE SA flags: 0: | -> MAIN_I3 EVENT_RETRANSMIT | -> UNDEFINED EVENT_RETRANSMIT | -> UNDEFINED EVENT_RETRANSMIT | MAIN_R2: category: open IKE SA flags: 0: | -> MAIN_R3 EVENT_SA_REPLACE | -> MAIN_R3 EVENT_SA_REPLACE | -> UNDEFINED EVENT_SA_REPLACE | MAIN_I3: category: open IKE SA flags: 0: | -> MAIN_I4 EVENT_SA_REPLACE | -> MAIN_I4 EVENT_SA_REPLACE | -> UNDEFINED EVENT_SA_REPLACE | MAIN_R3: category: established IKE SA flags: 200: | -> UNDEFINED EVENT_NULL | MAIN_I4: category: established IKE SA flags: 0: | -> UNDEFINED EVENT_NULL | AGGR_R0: category: half-open IKE SA flags: 0: | -> AGGR_R1 EVENT_SO_DISCARD | AGGR_I1: category: half-open IKE SA flags: 0: | -> AGGR_I2 EVENT_SA_REPLACE | -> AGGR_I2 EVENT_SA_REPLACE | AGGR_R1: category: open IKE SA flags: 200: | -> AGGR_R2 EVENT_SA_REPLACE | -> AGGR_R2 EVENT_SA_REPLACE | AGGR_I2: category: established IKE SA flags: 200: | -> UNDEFINED EVENT_NULL | AGGR_R2: category: established IKE SA flags: 0: | -> UNDEFINED EVENT_NULL | QUICK_R0: category: established CHILD SA flags: 0: | -> QUICK_R1 EVENT_RETRANSMIT | QUICK_I1: category: established CHILD SA flags: 0: | -> QUICK_I2 EVENT_SA_REPLACE | QUICK_R1: category: established CHILD SA flags: 0: | -> QUICK_R2 EVENT_SA_REPLACE | QUICK_I2: category: established CHILD SA flags: 200: | -> UNDEFINED EVENT_NULL | QUICK_R2: category: established CHILD SA flags: 0: | -> UNDEFINED EVENT_NULL | INFO: category: informational flags: 0: | -> UNDEFINED EVENT_NULL | INFO_PROTECTED: category: informational flags: 0: | -> UNDEFINED EVENT_NULL | XAUTH_R0: category: established IKE SA flags: 0: | -> XAUTH_R1 EVENT_NULL | XAUTH_R1: category: established IKE SA flags: 0: | -> MAIN_R3 EVENT_SA_REPLACE | MODE_CFG_R0: category: informational flags: 0: | -> MODE_CFG_R1 EVENT_SA_REPLACE | MODE_CFG_R1: category: established IKE SA flags: 0: | -> MODE_CFG_R2 EVENT_SA_REPLACE | MODE_CFG_R2: category: established IKE SA flags: 0: | -> UNDEFINED EVENT_NULL | MODE_CFG_I1: category: established IKE SA flags: 0: | -> MAIN_I4 EVENT_SA_REPLACE | XAUTH_I0: category: established IKE SA flags: 0: | -> XAUTH_I1 EVENT_RETRANSMIT | XAUTH_I1: category: established IKE SA flags: 0: | -> MAIN_I4 EVENT_RETRANSMIT | checking IKEv2 state table | PARENT_I0: category: ignore flags: 0: | -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT) | PARENT_I1: category: half-open IKE SA flags: 0: | -> PARENT_I1 EVENT_RETAIN send-request (Initiator: process SA_INIT reply notification) | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH) | PARENT_I2: category: open IKE SA flags: 0: | -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification) | -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification) | -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification) | -> V2_IPSEC_I EVENT_SA_REPLACE (Initiator: process IKE_AUTH response) | -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification) | PARENT_I3: category: established IKE SA flags: 0: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Request) | -> PARENT_I3 EVENT_RETAIN (I3: Informational Response) | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Request) | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Response) | PARENT_R0: category: half-open IKE SA flags: 0: | -> PARENT_R1 EVENT_SO_DISCARD send-request (Respond to IKE_SA_INIT) | PARENT_R1: category: half-open IKE SA flags: 0: | -> PARENT_R1 EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request (no SKEYSEED)) | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request) | PARENT_R2: category: established IKE SA flags: 0: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Request) | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Response) | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Request) | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Response) | V2_CREATE_I0: category: established IKE SA flags: 0: | -> V2_CREATE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA) | V2_CREATE_I: category: established IKE SA flags: 0: | -> V2_IPSEC_I EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response) | V2_REKEY_IKE_I0: category: established IKE SA flags: 0: | -> V2_REKEY_IKE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey) | V2_REKEY_IKE_I: category: established IKE SA flags: 0: | -> PARENT_I3 EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response) | V2_REKEY_CHILD_I0: category: established IKE SA flags: 0: | -> V2_REKEY_CHILD_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA) | V2_REKEY_CHILD_I: category: established IKE SA flags: 0: | V2_CREATE_R: category: established IKE SA flags: 0: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IPsec SA Request) | V2_REKEY_IKE_R: category: established IKE SA flags: 0: | -> PARENT_R2 EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IKE Rekey) | V2_REKEY_CHILD_R: category: established IKE SA flags: 0: | V2_IPSEC_I: category: established CHILD SA flags: 0: | V2_IPSEC_R: category: established CHILD SA flags: 0: | IKESA_DEL: category: established IKE SA flags: 0: | -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) | CHILDSA_DEL: category: informational flags: 0: Using Linux XFRM/NETKEY IPsec interface code on 5.1.18-200.fc29.x86_64 | Hard-wiring algorithms | adding AES_CCM_16 to kernel algorithm db | adding AES_CCM_12 to kernel algorithm db | adding AES_CCM_8 to kernel algorithm db | adding 3DES_CBC to kernel algorithm db | adding CAMELLIA_CBC to kernel algorithm db | adding AES_GCM_16 to kernel algorithm db | adding AES_GCM_12 to kernel algorithm db | adding AES_GCM_8 to kernel algorithm db | adding AES_CTR to kernel algorithm db | adding AES_CBC to kernel algorithm db | adding SERPENT_CBC to kernel algorithm db | adding TWOFISH_CBC to kernel algorithm db | adding NULL_AUTH_AES_GMAC to kernel algorithm db | adding NULL to kernel algorithm db | adding CHACHA20_POLY1305 to kernel algorithm db | adding HMAC_MD5_96 to kernel algorithm db | adding HMAC_SHA1_96 to kernel algorithm db | adding HMAC_SHA2_512_256 to kernel algorithm db | adding HMAC_SHA2_384_192 to kernel algorithm db | adding HMAC_SHA2_256_128 to kernel algorithm db | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db | adding AES_XCBC_96 to kernel algorithm db | adding AES_CMAC_96 to kernel algorithm db | adding NONE to kernel algorithm db | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds | setup kernel fd callback | add_fd_read_event_handler: new KERNEL_XRM_FD-pe@0x55ebb7f2e168 | libevent_malloc: new ptr-libevent@0x55ebb7f126f8 size 128 | libevent_malloc: new ptr-libevent@0x55ebb7f2e278 size 16 | add_fd_read_event_handler: new KERNEL_ROUTE_FD-pe@0x55ebb7f2eca8 | libevent_malloc: new ptr-libevent@0x55ebb7ecf1e8 size 128 | libevent_malloc: new ptr-libevent@0x55ebb7f2ec68 size 16 | global one-shot timer EVENT_CHECK_CRLS initialized selinux support is enabled. | unbound context created - setting debug level to 5 | /etc/hosts lookups activated | /etc/resolv.conf usage activated | outgoing-port-avoid set 0-65535 | outgoing-port-permit set 32768-60999 | Loading dnssec root key from:/var/lib/unbound/root.key | No additional dnssec trust anchors defined via dnssec-trusted= option | Setting up events, loop start | add_fd_read_event_handler: new PLUTO_CTL_FD-pe@0x55ebb7f2ed18 | libevent_malloc: new ptr-libevent@0x55ebb7f3afa8 size 128 | libevent_malloc: new ptr-libevent@0x55ebb7f46278 size 16 | libevent_realloc: new ptr-libevent@0x55ebb7f462b8 size 256 | libevent_malloc: new ptr-libevent@0x55ebb7f463e8 size 8 | libevent_realloc: new ptr-libevent@0x55ebb7ea0918 size 144 | libevent_malloc: new ptr-libevent@0x55ebb7ed9808 size 152 | libevent_malloc: new ptr-libevent@0x55ebb7f46428 size 16 | signal event handler PLUTO_SIGCHLD installed | libevent_malloc: new ptr-libevent@0x55ebb7f46468 size 8 | libevent_malloc: new ptr-libevent@0x55ebb7ed15d8 size 152 | signal event handler PLUTO_SIGTERM installed | libevent_malloc: new ptr-libevent@0x55ebb7f464a8 size 8 | libevent_malloc: new ptr-libevent@0x55ebb7f464e8 size 152 | signal event handler PLUTO_SIGHUP installed | libevent_malloc: new ptr-libevent@0x55ebb7f465b8 size 8 | libevent_realloc: release ptr-libevent@0x55ebb7ea0918 | libevent_realloc: new ptr-libevent@0x55ebb7f465f8 size 256 | libevent_malloc: new ptr-libevent@0x55ebb7f46728 size 152 | signal event handler PLUTO_SIGSYS installed | created addconn helper (pid:24997) using fork+execve | forked child 24997 | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) listening for IKE messages | Inspecting interface lo | found lo with address 127.0.0.1 | Inspecting interface eth0 | found eth0 with address 192.0.1.254 | Inspecting interface eth1 | found eth1 with address 192.1.2.45 Kernel supports NIC esp-hw-offload adding interface eth1/eth1 (esp-hw-offload not supported by kernel) 192.1.2.45:500 | NAT-Traversal: Trying sockopt style NAT-T | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 adding interface eth1/eth1 192.1.2.45:4500 adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.0.1.254:500 | NAT-Traversal: Trying sockopt style NAT-T | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 adding interface eth0/eth0 192.0.1.254:4500 adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500 | NAT-Traversal: Trying sockopt style NAT-T | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 adding interface lo/lo 127.0.0.1:4500 | no interfaces to sort | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations | add_fd_read_event_handler: new ethX-pe@0x55ebb7f46bf8 | libevent_malloc: new ptr-libevent@0x55ebb7f3aef8 size 128 | libevent_malloc: new ptr-libevent@0x55ebb7f46c68 size 16 | setup callback for interface lo 127.0.0.1:4500 fd 22 | add_fd_read_event_handler: new ethX-pe@0x55ebb7f46ca8 | libevent_malloc: new ptr-libevent@0x55ebb7ed0988 size 128 | libevent_malloc: new ptr-libevent@0x55ebb7f46d18 size 16 | setup callback for interface lo 127.0.0.1:500 fd 21 | add_fd_read_event_handler: new ethX-pe@0x55ebb7f46d58 | libevent_malloc: new ptr-libevent@0x55ebb7ed08d8 size 128 | libevent_malloc: new ptr-libevent@0x55ebb7f46dc8 size 16 | setup callback for interface eth0 192.0.1.254:4500 fd 20 | add_fd_read_event_handler: new ethX-pe@0x55ebb7f46e08 | libevent_malloc: new ptr-libevent@0x55ebb7ed1508 size 128 | libevent_malloc: new ptr-libevent@0x55ebb7f46e78 size 16 | setup callback for interface eth0 192.0.1.254:500 fd 19 | add_fd_read_event_handler: new ethX-pe@0x55ebb7f46eb8 | libevent_malloc: new ptr-libevent@0x55ebb7ea54e8 size 128 | libevent_malloc: new ptr-libevent@0x55ebb7f46f28 size 16 | setup callback for interface eth1 192.1.2.45:4500 fd 18 | add_fd_read_event_handler: new ethX-pe@0x55ebb7f46f68 | libevent_malloc: new ptr-libevent@0x55ebb7ea51d8 size 128 | libevent_malloc: new ptr-libevent@0x55ebb7f46fd8 size 16 | setup callback for interface eth1 192.1.2.45:500 fd 17 | certs and keys locked by 'free_preshared_secrets' | certs and keys unlocked by 'free_preshared_secrets' loading secrets from "/etc/ipsec.secrets" | saving Modulus | saving PublicExponent | ignoring PrivateExponent | ignoring Prime1 | ignoring Prime2 | ignoring Exponent1 | ignoring Exponent2 | ignoring Coefficient | ignoring CKAIDNSS | computed rsa CKAID b4 9f 1a ac 9e 45 6e 79 29 c8 81 97 3a 0c 6a d3 | computed rsa CKAID 7f 0f 03 50 loaded private key for keyid: PKK_RSA:AQOm9dY/4 | certs and keys locked by 'process_secret' | certs and keys unlocked by 'process_secret' | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 1.06 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) listening for IKE messages | Inspecting interface lo | found lo with address 127.0.0.1 | Inspecting interface eth0 | found eth0 with address 192.0.1.254 | Inspecting interface eth1 | found eth1 with address 192.1.2.45 | no interfaces to sort | libevent_free: release ptr-libevent@0x55ebb7f3aef8 | free_event_entry: release EVENT_NULL-pe@0x55ebb7f46bf8 | add_fd_read_event_handler: new ethX-pe@0x55ebb7f46bf8 | libevent_malloc: new ptr-libevent@0x55ebb7f3aef8 size 128 | setup callback for interface lo 127.0.0.1:4500 fd 22 | libevent_free: release ptr-libevent@0x55ebb7ed0988 | free_event_entry: release EVENT_NULL-pe@0x55ebb7f46ca8 | add_fd_read_event_handler: new ethX-pe@0x55ebb7f46ca8 | libevent_malloc: new ptr-libevent@0x55ebb7ed0988 size 128 | setup callback for interface lo 127.0.0.1:500 fd 21 | libevent_free: release ptr-libevent@0x55ebb7ed08d8 | free_event_entry: release EVENT_NULL-pe@0x55ebb7f46d58 | add_fd_read_event_handler: new ethX-pe@0x55ebb7f46d58 | libevent_malloc: new ptr-libevent@0x55ebb7ed08d8 size 128 | setup callback for interface eth0 192.0.1.254:4500 fd 20 | libevent_free: release ptr-libevent@0x55ebb7ed1508 | free_event_entry: release EVENT_NULL-pe@0x55ebb7f46e08 | add_fd_read_event_handler: new ethX-pe@0x55ebb7f46e08 | libevent_malloc: new ptr-libevent@0x55ebb7ed1508 size 128 | setup callback for interface eth0 192.0.1.254:500 fd 19 | libevent_free: release ptr-libevent@0x55ebb7ea54e8 | free_event_entry: release EVENT_NULL-pe@0x55ebb7f46eb8 | add_fd_read_event_handler: new ethX-pe@0x55ebb7f46eb8 | libevent_malloc: new ptr-libevent@0x55ebb7ea54e8 size 128 | setup callback for interface eth1 192.1.2.45:4500 fd 18 | libevent_free: release ptr-libevent@0x55ebb7ea51d8 | free_event_entry: release EVENT_NULL-pe@0x55ebb7f46f68 | add_fd_read_event_handler: new ethX-pe@0x55ebb7f46f68 | libevent_malloc: new ptr-libevent@0x55ebb7ea51d8 size 128 | setup callback for interface eth1 192.1.2.45:500 fd 17 | certs and keys locked by 'free_preshared_secrets' forgetting secrets | certs and keys unlocked by 'free_preshared_secrets' loading secrets from "/etc/ipsec.secrets" | saving Modulus | saving PublicExponent | ignoring PrivateExponent | ignoring Prime1 | ignoring Prime2 | ignoring Exponent1 | ignoring Exponent2 | ignoring Coefficient | ignoring CKAIDNSS | computed rsa CKAID b4 9f 1a ac 9e 45 6e 79 29 c8 81 97 3a 0c 6a d3 | computed rsa CKAID 7f 0f 03 50 loaded private key for keyid: PKK_RSA:AQOm9dY/4 | certs and keys locked by 'process_secret' | certs and keys unlocked by 'process_secret' | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.251 milliseconds in whack | processing signal PLUTO_SIGCHLD | waitpid returned pid 24997 (exited with status 0) | reaped addconn helper child (status 0) | waitpid returned ECHILD (no child processes left) | spent 0.031 milliseconds in signal handler PLUTO_SIGCHLD | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | Added new connection westnet-eastnet-subnets/1x1 with policy ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | No AUTH policy was set - defaulting to RSASIG | counting wild cards for @west is 0 | counting wild cards for @east is 0 | connect_to_host_pair: 192.1.2.45:500 192.1.2.23:500 -> hp@(nil): none | new hp@0x55ebb7f47ed8 added connection description "westnet-eastnet-subnets/1x1" | ike_life: 10s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | 192.0.1.0/28===192.1.2.45<192.1.2.45>[@west]...192.1.2.23<192.1.2.23>[@east]===192.0.2.16/28 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.104 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) add keyid @west | add pubkey 01 03 a6 f5 d6 3f e3 8f 6c 01 6a fc 7b 7c 6d 57 | add pubkey 8b 49 39 0d 77 f7 ac e2 85 f1 98 1e 4b 6d a5 3e | add pubkey b3 96 9a d1 99 5a bc 10 f2 97 de f2 28 f9 5f 92 | add pubkey 09 f0 c8 d4 12 e4 60 6e 9c 60 98 10 01 7d 26 b7 | add pubkey 8f 95 62 2d 87 dd cd de f6 d3 8f 35 b0 50 d0 18 | add pubkey f5 99 f8 04 f1 ff 61 5b bc 7f 1f c0 04 d8 e4 8c | add pubkey ac 34 ad 7a c1 da 3c 2d 8c 30 ae d6 3c 59 b1 3a | add pubkey 94 d3 d5 2a 73 91 bd 59 5f 3e 72 bf 4a 1b 9d c5 | add pubkey b2 2b 4d e7 0d 24 3e 77 f9 7f 2d d6 9d 29 ef 70 | add pubkey 7d 7a 6d a2 b8 61 0c 4b 09 4a 06 71 84 70 85 9a | add pubkey 8f 52 a1 80 06 fd c6 fc 3e 27 fa 16 fa 32 83 a9 | add pubkey ca 80 db 0f 4a bf f7 e9 55 8e bd 29 4d 23 a6 dc | add pubkey 2a b3 5d 62 a9 21 1e be 83 d8 69 3c 03 0a 48 8e | add pubkey d3 3a 11 f2 86 5a d1 30 65 bd c8 f4 83 87 ff 04 | add pubkey 87 33 05 4f e0 d8 8c fe b3 19 4c dd 85 40 f3 4d | add pubkey 6e e8 49 14 06 2c 1f 59 59 05 8f 20 b0 ca 46 3f | add pubkey c9 20 7e 04 30 7d 9a 80 6c 3f 0a 89 f7 d3 af d8 | add pubkey 15 04 37 f9 | computed rsa CKAID b4 9f 1a ac 9e 45 6e 79 29 c8 81 97 3a 0c 6a d3 | computed rsa CKAID 7f 0f 03 50 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0971 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) add keyid @east | add pubkey 01 03 bd 6c 96 eb df 78 89 b3 ed 77 0d a1 7f 7b | add pubkey e5 16 c2 c9 e4 7d 92 0a 90 9d 55 43 b4 62 13 03 | add pubkey 85 7a e0 26 7b 54 1f ca 09 93 cf ff 25 c9 02 4c | add pubkey 78 ca 94 e5 3e ac d1 f9 a8 e5 bb 7f cc 20 84 e0 | add pubkey 21 c9 f0 0d c5 44 ba f3 48 64 61 58 f6 0f 63 0d | add pubkey d2 67 1e 59 8b ec f3 50 39 71 fb 39 da 11 64 b6 | add pubkey 62 cd 5f d3 8d 2e c1 50 ed 9c 6e 22 0c 39 a7 ce | add pubkey 62 b5 af 8a 80 0f 2e 4c 05 5c 82 c7 8d 29 02 2e | add pubkey bb 23 5f db f2 9e b5 7d e2 20 70 1a 63 f3 8e 5d | add pubkey ac 47 f0 5c 26 4e b1 d0 42 60 52 4a b0 77 25 ce | add pubkey e0 98 2b 43 f4 c7 59 1a 64 01 83 ea 4e e3 1a 2a | add pubkey 92 b8 55 ab 63 dd 4b 70 47 29 dc e9 b4 60 bf 43 | add pubkey 4d 58 8f 64 73 95 70 ac 35 89 b2 c2 9c d4 62 c0 | add pubkey 5f 56 5f ad 1b e5 dd 49 93 6a f5 23 82 ed d4 e7 | add pubkey d5 f1 55 f2 2d a2 26 a6 36 53 2f 94 fb 99 22 5c | add pubkey 47 cc 6d 80 30 88 96 38 0c f5 f2 ed 37 d0 09 d5 | add pubkey 07 8f 69 ef a9 99 ce 4d 1a 77 9e 39 c4 38 f3 c5 | add pubkey 51 51 48 ef | computed rsa CKAID 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 | computed rsa CKAID 8a 82 25 f1 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0835 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | Added new connection westnet-eastnet-subnets/1x2 with policy ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | No AUTH policy was set - defaulting to RSASIG | counting wild cards for @west is 0 | counting wild cards for @east is 0 | find_host_pair: comparing 192.1.2.45:500 to 192.1.2.23:500 but ignoring ports | connect_to_host_pair: 192.1.2.45:500 192.1.2.23:500 -> hp@0x55ebb7f47ed8: westnet-eastnet-subnets/1x1 added connection description "westnet-eastnet-subnets/1x2" | ike_life: 10s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | 192.0.1.0/28===192.1.2.45<192.1.2.45>[@west]...192.1.2.23<192.1.2.23>[@east]===192.0.2.64/26 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0568 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) add keyid @west | unreference key: 0x55ebb7ea0b58 @west cnt 1-- | add pubkey 01 03 a6 f5 d6 3f e3 8f 6c 01 6a fc 7b 7c 6d 57 | add pubkey 8b 49 39 0d 77 f7 ac e2 85 f1 98 1e 4b 6d a5 3e | add pubkey b3 96 9a d1 99 5a bc 10 f2 97 de f2 28 f9 5f 92 | add pubkey 09 f0 c8 d4 12 e4 60 6e 9c 60 98 10 01 7d 26 b7 | add pubkey 8f 95 62 2d 87 dd cd de f6 d3 8f 35 b0 50 d0 18 | add pubkey f5 99 f8 04 f1 ff 61 5b bc 7f 1f c0 04 d8 e4 8c | add pubkey ac 34 ad 7a c1 da 3c 2d 8c 30 ae d6 3c 59 b1 3a | add pubkey 94 d3 d5 2a 73 91 bd 59 5f 3e 72 bf 4a 1b 9d c5 | add pubkey b2 2b 4d e7 0d 24 3e 77 f9 7f 2d d6 9d 29 ef 70 | add pubkey 7d 7a 6d a2 b8 61 0c 4b 09 4a 06 71 84 70 85 9a | add pubkey 8f 52 a1 80 06 fd c6 fc 3e 27 fa 16 fa 32 83 a9 | add pubkey ca 80 db 0f 4a bf f7 e9 55 8e bd 29 4d 23 a6 dc | add pubkey 2a b3 5d 62 a9 21 1e be 83 d8 69 3c 03 0a 48 8e | add pubkey d3 3a 11 f2 86 5a d1 30 65 bd c8 f4 83 87 ff 04 | add pubkey 87 33 05 4f e0 d8 8c fe b3 19 4c dd 85 40 f3 4d | add pubkey 6e e8 49 14 06 2c 1f 59 59 05 8f 20 b0 ca 46 3f | add pubkey c9 20 7e 04 30 7d 9a 80 6c 3f 0a 89 f7 d3 af d8 | add pubkey 15 04 37 f9 | computed rsa CKAID b4 9f 1a ac 9e 45 6e 79 29 c8 81 97 3a 0c 6a d3 | computed rsa CKAID 7f 0f 03 50 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0475 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) add keyid @east | unreference key: 0x55ebb7ea0c48 @east cnt 1-- | add pubkey 01 03 bd 6c 96 eb df 78 89 b3 ed 77 0d a1 7f 7b | add pubkey e5 16 c2 c9 e4 7d 92 0a 90 9d 55 43 b4 62 13 03 | add pubkey 85 7a e0 26 7b 54 1f ca 09 93 cf ff 25 c9 02 4c | add pubkey 78 ca 94 e5 3e ac d1 f9 a8 e5 bb 7f cc 20 84 e0 | add pubkey 21 c9 f0 0d c5 44 ba f3 48 64 61 58 f6 0f 63 0d | add pubkey d2 67 1e 59 8b ec f3 50 39 71 fb 39 da 11 64 b6 | add pubkey 62 cd 5f d3 8d 2e c1 50 ed 9c 6e 22 0c 39 a7 ce | add pubkey 62 b5 af 8a 80 0f 2e 4c 05 5c 82 c7 8d 29 02 2e | add pubkey bb 23 5f db f2 9e b5 7d e2 20 70 1a 63 f3 8e 5d | add pubkey ac 47 f0 5c 26 4e b1 d0 42 60 52 4a b0 77 25 ce | add pubkey e0 98 2b 43 f4 c7 59 1a 64 01 83 ea 4e e3 1a 2a | add pubkey 92 b8 55 ab 63 dd 4b 70 47 29 dc e9 b4 60 bf 43 | add pubkey 4d 58 8f 64 73 95 70 ac 35 89 b2 c2 9c d4 62 c0 | add pubkey 5f 56 5f ad 1b e5 dd 49 93 6a f5 23 82 ed d4 e7 | add pubkey d5 f1 55 f2 2d a2 26 a6 36 53 2f 94 fb 99 22 5c | add pubkey 47 cc 6d 80 30 88 96 38 0c f5 f2 ed 37 d0 09 d5 | add pubkey 07 8f 69 ef a9 99 ce 4d 1a 77 9e 39 c4 38 f3 c5 | add pubkey 51 51 48 ef | computed rsa CKAID 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 | computed rsa CKAID 8a 82 25 f1 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0513 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | Added new connection westnet-eastnet-subnets/2x1 with policy ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | No AUTH policy was set - defaulting to RSASIG | counting wild cards for @west is 0 | counting wild cards for @east is 0 | find_host_pair: comparing 192.1.2.45:500 to 192.1.2.23:500 but ignoring ports | connect_to_host_pair: 192.1.2.45:500 192.1.2.23:500 -> hp@0x55ebb7f47ed8: westnet-eastnet-subnets/1x2 added connection description "westnet-eastnet-subnets/2x1" | ike_life: 10s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | 192.0.1.128/28===192.1.2.45<192.1.2.45>[@west]...192.1.2.23<192.1.2.23>[@east]===192.0.2.16/28 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0519 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) add keyid @west | unreference key: 0x55ebb7ea0b58 @west cnt 1-- | add pubkey 01 03 a6 f5 d6 3f e3 8f 6c 01 6a fc 7b 7c 6d 57 | add pubkey 8b 49 39 0d 77 f7 ac e2 85 f1 98 1e 4b 6d a5 3e | add pubkey b3 96 9a d1 99 5a bc 10 f2 97 de f2 28 f9 5f 92 | add pubkey 09 f0 c8 d4 12 e4 60 6e 9c 60 98 10 01 7d 26 b7 | add pubkey 8f 95 62 2d 87 dd cd de f6 d3 8f 35 b0 50 d0 18 | add pubkey f5 99 f8 04 f1 ff 61 5b bc 7f 1f c0 04 d8 e4 8c | add pubkey ac 34 ad 7a c1 da 3c 2d 8c 30 ae d6 3c 59 b1 3a | add pubkey 94 d3 d5 2a 73 91 bd 59 5f 3e 72 bf 4a 1b 9d c5 | add pubkey b2 2b 4d e7 0d 24 3e 77 f9 7f 2d d6 9d 29 ef 70 | add pubkey 7d 7a 6d a2 b8 61 0c 4b 09 4a 06 71 84 70 85 9a | add pubkey 8f 52 a1 80 06 fd c6 fc 3e 27 fa 16 fa 32 83 a9 | add pubkey ca 80 db 0f 4a bf f7 e9 55 8e bd 29 4d 23 a6 dc | add pubkey 2a b3 5d 62 a9 21 1e be 83 d8 69 3c 03 0a 48 8e | add pubkey d3 3a 11 f2 86 5a d1 30 65 bd c8 f4 83 87 ff 04 | add pubkey 87 33 05 4f e0 d8 8c fe b3 19 4c dd 85 40 f3 4d | add pubkey 6e e8 49 14 06 2c 1f 59 59 05 8f 20 b0 ca 46 3f | add pubkey c9 20 7e 04 30 7d 9a 80 6c 3f 0a 89 f7 d3 af d8 | add pubkey 15 04 37 f9 | computed rsa CKAID b4 9f 1a ac 9e 45 6e 79 29 c8 81 97 3a 0c 6a d3 | computed rsa CKAID 7f 0f 03 50 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0582 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) add keyid @east | unreference key: 0x55ebb7ea0c48 @east cnt 1-- | add pubkey 01 03 bd 6c 96 eb df 78 89 b3 ed 77 0d a1 7f 7b | add pubkey e5 16 c2 c9 e4 7d 92 0a 90 9d 55 43 b4 62 13 03 | add pubkey 85 7a e0 26 7b 54 1f ca 09 93 cf ff 25 c9 02 4c | add pubkey 78 ca 94 e5 3e ac d1 f9 a8 e5 bb 7f cc 20 84 e0 | add pubkey 21 c9 f0 0d c5 44 ba f3 48 64 61 58 f6 0f 63 0d | add pubkey d2 67 1e 59 8b ec f3 50 39 71 fb 39 da 11 64 b6 | add pubkey 62 cd 5f d3 8d 2e c1 50 ed 9c 6e 22 0c 39 a7 ce | add pubkey 62 b5 af 8a 80 0f 2e 4c 05 5c 82 c7 8d 29 02 2e | add pubkey bb 23 5f db f2 9e b5 7d e2 20 70 1a 63 f3 8e 5d | add pubkey ac 47 f0 5c 26 4e b1 d0 42 60 52 4a b0 77 25 ce | add pubkey e0 98 2b 43 f4 c7 59 1a 64 01 83 ea 4e e3 1a 2a | add pubkey 92 b8 55 ab 63 dd 4b 70 47 29 dc e9 b4 60 bf 43 | add pubkey 4d 58 8f 64 73 95 70 ac 35 89 b2 c2 9c d4 62 c0 | add pubkey 5f 56 5f ad 1b e5 dd 49 93 6a f5 23 82 ed d4 e7 | add pubkey d5 f1 55 f2 2d a2 26 a6 36 53 2f 94 fb 99 22 5c | add pubkey 47 cc 6d 80 30 88 96 38 0c f5 f2 ed 37 d0 09 d5 | add pubkey 07 8f 69 ef a9 99 ce 4d 1a 77 9e 39 c4 38 f3 c5 | add pubkey 51 51 48 ef | computed rsa CKAID 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 | computed rsa CKAID 8a 82 25 f1 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0519 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | Added new connection westnet-eastnet-subnets/2x2 with policy ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | No AUTH policy was set - defaulting to RSASIG | counting wild cards for @west is 0 | counting wild cards for @east is 0 | find_host_pair: comparing 192.1.2.45:500 to 192.1.2.23:500 but ignoring ports | connect_to_host_pair: 192.1.2.45:500 192.1.2.23:500 -> hp@0x55ebb7f47ed8: westnet-eastnet-subnets/2x1 added connection description "westnet-eastnet-subnets/2x2" | ike_life: 10s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | 192.0.1.128/28===192.1.2.45<192.1.2.45>[@west]...192.1.2.23<192.1.2.23>[@east]===192.0.2.64/26 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0518 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) add keyid @west | unreference key: 0x55ebb7ea0b58 @west cnt 1-- | add pubkey 01 03 a6 f5 d6 3f e3 8f 6c 01 6a fc 7b 7c 6d 57 | add pubkey 8b 49 39 0d 77 f7 ac e2 85 f1 98 1e 4b 6d a5 3e | add pubkey b3 96 9a d1 99 5a bc 10 f2 97 de f2 28 f9 5f 92 | add pubkey 09 f0 c8 d4 12 e4 60 6e 9c 60 98 10 01 7d 26 b7 | add pubkey 8f 95 62 2d 87 dd cd de f6 d3 8f 35 b0 50 d0 18 | add pubkey f5 99 f8 04 f1 ff 61 5b bc 7f 1f c0 04 d8 e4 8c | add pubkey ac 34 ad 7a c1 da 3c 2d 8c 30 ae d6 3c 59 b1 3a | add pubkey 94 d3 d5 2a 73 91 bd 59 5f 3e 72 bf 4a 1b 9d c5 | add pubkey b2 2b 4d e7 0d 24 3e 77 f9 7f 2d d6 9d 29 ef 70 | add pubkey 7d 7a 6d a2 b8 61 0c 4b 09 4a 06 71 84 70 85 9a | add pubkey 8f 52 a1 80 06 fd c6 fc 3e 27 fa 16 fa 32 83 a9 | add pubkey ca 80 db 0f 4a bf f7 e9 55 8e bd 29 4d 23 a6 dc | add pubkey 2a b3 5d 62 a9 21 1e be 83 d8 69 3c 03 0a 48 8e | add pubkey d3 3a 11 f2 86 5a d1 30 65 bd c8 f4 83 87 ff 04 | add pubkey 87 33 05 4f e0 d8 8c fe b3 19 4c dd 85 40 f3 4d | add pubkey 6e e8 49 14 06 2c 1f 59 59 05 8f 20 b0 ca 46 3f | add pubkey c9 20 7e 04 30 7d 9a 80 6c 3f 0a 89 f7 d3 af d8 | add pubkey 15 04 37 f9 | computed rsa CKAID b4 9f 1a ac 9e 45 6e 79 29 c8 81 97 3a 0c 6a d3 | computed rsa CKAID 7f 0f 03 50 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.067 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) add keyid @east | unreference key: 0x55ebb7ea0c48 @east cnt 1-- | add pubkey 01 03 bd 6c 96 eb df 78 89 b3 ed 77 0d a1 7f 7b | add pubkey e5 16 c2 c9 e4 7d 92 0a 90 9d 55 43 b4 62 13 03 | add pubkey 85 7a e0 26 7b 54 1f ca 09 93 cf ff 25 c9 02 4c | add pubkey 78 ca 94 e5 3e ac d1 f9 a8 e5 bb 7f cc 20 84 e0 | add pubkey 21 c9 f0 0d c5 44 ba f3 48 64 61 58 f6 0f 63 0d | add pubkey d2 67 1e 59 8b ec f3 50 39 71 fb 39 da 11 64 b6 | add pubkey 62 cd 5f d3 8d 2e c1 50 ed 9c 6e 22 0c 39 a7 ce | add pubkey 62 b5 af 8a 80 0f 2e 4c 05 5c 82 c7 8d 29 02 2e | add pubkey bb 23 5f db f2 9e b5 7d e2 20 70 1a 63 f3 8e 5d | add pubkey ac 47 f0 5c 26 4e b1 d0 42 60 52 4a b0 77 25 ce | add pubkey e0 98 2b 43 f4 c7 59 1a 64 01 83 ea 4e e3 1a 2a | add pubkey 92 b8 55 ab 63 dd 4b 70 47 29 dc e9 b4 60 bf 43 | add pubkey 4d 58 8f 64 73 95 70 ac 35 89 b2 c2 9c d4 62 c0 | add pubkey 5f 56 5f ad 1b e5 dd 49 93 6a f5 23 82 ed d4 e7 | add pubkey d5 f1 55 f2 2d a2 26 a6 36 53 2f 94 fb 99 22 5c | add pubkey 47 cc 6d 80 30 88 96 38 0c f5 f2 ed 37 d0 09 d5 | add pubkey 07 8f 69 ef a9 99 ce 4d 1a 77 9e 39 c4 38 f3 c5 | add pubkey 51 51 48 ef | computed rsa CKAID 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 | computed rsa CKAID 8a 82 25 f1 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0575 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | FOR_EACH_CONNECTION_... in show_connections_status | FOR_EACH_CONNECTION_... in show_connections_status | FOR_EACH_STATE_... in show_states_status (sort_states) | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.41 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | dup_any(fd@16) -> fd@23 (in whack_process() at rcv_whack.c:590) | FOR_EACH_CONNECTION_... in conn_by_name initiating all conns with alias='westnet-eastnet-subnets' | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | start processing: connection "westnet-eastnet-subnets/2x2" (in initiate_a_connection() at initiate.c:186) | empty esp_info, returning defaults for ENCRYPT | connection 'westnet-eastnet-subnets/2x2' +POLICY_UP | dup_any(fd@23) -> fd@24 (in initiate_a_connection() at initiate.c:342) | FOR_EACH_STATE_... in find_phase1_state | creating state object #1 at 0x55ebb7f4a108 | State DB: adding IKEv1 state #1 in UNDEFINED | pstats #1 ikev1.isakmp started | suspend processing: connection "westnet-eastnet-subnets/2x2" (in main_outI1() at ikev1_main.c:118) | start processing: state #1 connection "westnet-eastnet-subnets/2x2" from 192.1.2.23 (in main_outI1() at ikev1_main.c:118) | parent state #1: UNDEFINED(ignore) => MAIN_I1(half-open IKE SA) | dup_any(fd@24) -> fd@25 (in main_outI1() at ikev1_main.c:123) | Queuing pending IPsec SA negotiating with 192.1.2.23 "westnet-eastnet-subnets/2x2" IKE SA #1 "westnet-eastnet-subnets/2x2" "westnet-eastnet-subnets/2x2" #1: initiating Main Mode | **emit ISAKMP Message: | initiator cookie: | 58 65 7e 03 6c d2 dc 8b | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_SA (0x1) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | next payload chain: ignoring supplied 'ISAKMP Message'.'next payload type' value 1:ISAKMP_NEXT_SA | no specific IKE algorithms specified - using defaults | oakley_alg_makedb() processing ealg=aes=7 halg=sha2_256=4 modp=MODP2048=14 eklen=0 | oakley_alg_makedb() processing ealg=aes=7 halg=sha2_512=6 modp=MODP2048=14 eklen=0 | oakley_alg_makedb() processing ealg=aes=7 halg=sha=2 modp=MODP2048=14 eklen=0 | oakley_alg_makedb() processing ealg=aes=7 halg=sha2_256=4 modp=MODP1536=5 eklen=0 | oakley_alg_makedb() processing ealg=aes=7 halg=sha2_512=6 modp=MODP1536=5 eklen=0 | oakley_alg_makedb() processing ealg=aes=7 halg=sha=2 modp=MODP1536=5 eklen=0 | oakley_alg_makedb() processing ealg=3des_cbc=5 halg=sha2_256=4 modp=MODP2048=14 eklen=0 | oakley_alg_makedb() processing ealg=3des_cbc=5 halg=sha2_512=6 modp=MODP2048=14 eklen=0 | oakley_alg_makedb() processing ealg=3des_cbc=5 halg=sha=2 modp=MODP2048=14 eklen=0 | oakley_alg_makedb() processing ealg=3des_cbc=5 halg=sha2_256=4 modp=MODP1536=5 eklen=0 | oakley_alg_makedb() processing ealg=3des_cbc=5 halg=sha2_512=6 modp=MODP1536=5 eklen=0 | oakley_alg_makedb() processing ealg=3des_cbc=5 halg=sha=2 modp=MODP1536=5 eklen=0 | oakley_alg_makedb() returning 0x55ebb7f4cff8 | ***emit ISAKMP Security Association Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | DOI: ISAKMP_DOI_IPSEC (0x1) | next payload chain: ignoring supplied 'ISAKMP Security Association Payload'.'next payload type' value 13:ISAKMP_NEXT_VID | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Security Association Payload (1:ISAKMP_NEXT_SA) | next payload chain: saving location 'ISAKMP Security Association Payload'.'next payload type' in 'reply packet' | ****emit IPsec DOI SIT: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) | ikev1_out_sa pcn: 0 has 1 valid proposals | ikev1_out_sa pcn: 0 pn: 0<1 valid_count: 1 trans_cnt: 18 | ****emit ISAKMP Proposal Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | proposal number: 0 (0x0) | protocol ID: PROTO_ISAKMP (0x1) | SPI size: 0 (0x0) | number of transforms: 18 (0x12) | last substructure: saving location 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 0 (0x0) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 10 (0xa) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | [7 is OAKLEY_AES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 4 (0x4) | [4 is OAKLEY_SHA2_256] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 3 (0x3) | [3 is OAKLEY_RSA_SIG] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | emitting length of ISAKMP Transform Payload (ISAKMP): 36 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 1 (0x1) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 10 (0xa) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | [7 is OAKLEY_AES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 4 (0x4) | [4 is OAKLEY_SHA2_256] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 3 (0x3) | [3 is OAKLEY_RSA_SIG] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of ISAKMP Transform Payload (ISAKMP): 36 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 2 (0x2) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 10 (0xa) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | [7 is OAKLEY_AES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 6 (0x6) | [6 is OAKLEY_SHA2_512] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 3 (0x3) | [3 is OAKLEY_RSA_SIG] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | emitting length of ISAKMP Transform Payload (ISAKMP): 36 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 3 (0x3) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 10 (0xa) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | [7 is OAKLEY_AES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 6 (0x6) | [6 is OAKLEY_SHA2_512] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 3 (0x3) | [3 is OAKLEY_RSA_SIG] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of ISAKMP Transform Payload (ISAKMP): 36 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 4 (0x4) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 10 (0xa) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | [7 is OAKLEY_AES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 2 (0x2) | [2 is OAKLEY_SHA1] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 3 (0x3) | [3 is OAKLEY_RSA_SIG] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | emitting length of ISAKMP Transform Payload (ISAKMP): 36 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 5 (0x5) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 10 (0xa) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | [7 is OAKLEY_AES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 2 (0x2) | [2 is OAKLEY_SHA1] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 3 (0x3) | [3 is OAKLEY_RSA_SIG] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of ISAKMP Transform Payload (ISAKMP): 36 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 6 (0x6) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 10 (0xa) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | [7 is OAKLEY_AES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 4 (0x4) | [4 is OAKLEY_SHA2_256] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 3 (0x3) | [3 is OAKLEY_RSA_SIG] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 5 (0x5) | [5 is OAKLEY_GROUP_MODP1536] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | emitting length of ISAKMP Transform Payload (ISAKMP): 36 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 7 (0x7) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 10 (0xa) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | [7 is OAKLEY_AES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 4 (0x4) | [4 is OAKLEY_SHA2_256] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 3 (0x3) | [3 is OAKLEY_RSA_SIG] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 5 (0x5) | [5 is OAKLEY_GROUP_MODP1536] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of ISAKMP Transform Payload (ISAKMP): 36 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 8 (0x8) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 10 (0xa) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | [7 is OAKLEY_AES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 6 (0x6) | [6 is OAKLEY_SHA2_512] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 3 (0x3) | [3 is OAKLEY_RSA_SIG] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 5 (0x5) | [5 is OAKLEY_GROUP_MODP1536] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | emitting length of ISAKMP Transform Payload (ISAKMP): 36 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 9 (0x9) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 10 (0xa) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | [7 is OAKLEY_AES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 6 (0x6) | [6 is OAKLEY_SHA2_512] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 3 (0x3) | [3 is OAKLEY_RSA_SIG] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 5 (0x5) | [5 is OAKLEY_GROUP_MODP1536] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of ISAKMP Transform Payload (ISAKMP): 36 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 10 (0xa) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 10 (0xa) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | [7 is OAKLEY_AES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 2 (0x2) | [2 is OAKLEY_SHA1] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 3 (0x3) | [3 is OAKLEY_RSA_SIG] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 5 (0x5) | [5 is OAKLEY_GROUP_MODP1536] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | emitting length of ISAKMP Transform Payload (ISAKMP): 36 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 11 (0xb) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 10 (0xa) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | [7 is OAKLEY_AES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 2 (0x2) | [2 is OAKLEY_SHA1] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 3 (0x3) | [3 is OAKLEY_RSA_SIG] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 5 (0x5) | [5 is OAKLEY_GROUP_MODP1536] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of ISAKMP Transform Payload (ISAKMP): 36 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 12 (0xc) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 10 (0xa) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 5 (0x5) | [5 is OAKLEY_3DES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 4 (0x4) | [4 is OAKLEY_SHA2_256] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 3 (0x3) | [3 is OAKLEY_RSA_SIG] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | emitting length of ISAKMP Transform Payload (ISAKMP): 32 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 13 (0xd) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 10 (0xa) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 5 (0x5) | [5 is OAKLEY_3DES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 6 (0x6) | [6 is OAKLEY_SHA2_512] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 3 (0x3) | [3 is OAKLEY_RSA_SIG] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | emitting length of ISAKMP Transform Payload (ISAKMP): 32 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 14 (0xe) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 10 (0xa) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 5 (0x5) | [5 is OAKLEY_3DES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 2 (0x2) | [2 is OAKLEY_SHA1] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 3 (0x3) | [3 is OAKLEY_RSA_SIG] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | emitting length of ISAKMP Transform Payload (ISAKMP): 32 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 15 (0xf) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 10 (0xa) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 5 (0x5) | [5 is OAKLEY_3DES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 4 (0x4) | [4 is OAKLEY_SHA2_256] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 3 (0x3) | [3 is OAKLEY_RSA_SIG] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 5 (0x5) | [5 is OAKLEY_GROUP_MODP1536] | emitting length of ISAKMP Transform Payload (ISAKMP): 32 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 16 (0x10) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 10 (0xa) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 5 (0x5) | [5 is OAKLEY_3DES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 6 (0x6) | [6 is OAKLEY_SHA2_512] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 3 (0x3) | [3 is OAKLEY_RSA_SIG] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 5 (0x5) | [5 is OAKLEY_GROUP_MODP1536] | emitting length of ISAKMP Transform Payload (ISAKMP): 32 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP transform number: 17 (0x11) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 10 (0xa) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 5 (0x5) | [5 is OAKLEY_3DES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 2 (0x2) | [2 is OAKLEY_SHA1] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 3 (0x3) | [3 is OAKLEY_RSA_SIG] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 5 (0x5) | [5 is OAKLEY_GROUP_MODP1536] | emitting length of ISAKMP Transform Payload (ISAKMP): 32 | emitting length of ISAKMP Proposal Payload: 632 | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is 0 | emitting length of ISAKMP Security Association Payload: 644 | last substructure: checking 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' is 0 | out_vid(): sending [FRAGMENTATION] | ***emit ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | next payload chain: ignoring supplied 'ISAKMP Vendor ID Payload'.'next payload type' value 13:ISAKMP_NEXT_VID | next payload chain: setting previous 'ISAKMP Security Association Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload | V_ID 40 48 b7 d5 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3 | emitting length of ISAKMP Vendor ID Payload: 20 | out_vid(): sending [Dead Peer Detection] | ***emit ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload | V_ID af ca d7 13 68 a1 f1 c9 6b 86 96 fc 77 57 01 00 | emitting length of ISAKMP Vendor ID Payload: 20 | nat add vid | sending draft and RFC NATT VIDs | out_vid(): sending [RFC 3947] | ***emit ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | next payload chain: ignoring supplied 'ISAKMP Vendor ID Payload'.'next payload type' value 13:ISAKMP_NEXT_VID | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload | V_ID 4a 13 1c 81 07 03 58 45 5c 57 28 f2 0e 95 45 2f | emitting length of ISAKMP Vendor ID Payload: 20 | skipping VID_NATT_RFC | out_vid(): sending [draft-ietf-ipsec-nat-t-ike-03] | ***emit ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | next payload chain: ignoring supplied 'ISAKMP Vendor ID Payload'.'next payload type' value 13:ISAKMP_NEXT_VID | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload | V_ID 7d 94 19 a6 53 10 ca 6f 2c 17 9d 92 15 52 9d 56 | emitting length of ISAKMP Vendor ID Payload: 20 | out_vid(): sending [draft-ietf-ipsec-nat-t-ike-02_n] | ***emit ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | next payload chain: ignoring supplied 'ISAKMP Vendor ID Payload'.'next payload type' value 13:ISAKMP_NEXT_VID | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload | V_ID 90 cb 80 91 3e bb 69 6e 08 63 81 b5 ec 42 7b 1f | emitting length of ISAKMP Vendor ID Payload: 20 | out_vid(): sending [draft-ietf-ipsec-nat-t-ike-02] | ***emit ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload | V_ID cd 60 46 43 35 df 21 f8 7c fd b2 fc 68 b6 a4 48 | emitting length of ISAKMP Vendor ID Payload: 20 | no IKEv1 message padding required | emitting length of ISAKMP Message: 792 | sending 792 bytes for reply packet for main_outI1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1) | 58 65 7e 03 6c d2 dc 8b 00 00 00 00 00 00 00 00 | 01 10 02 00 00 00 00 00 00 00 03 18 0d 00 02 84 | 00 00 00 01 00 00 00 01 00 00 02 78 00 01 00 12 | 03 00 00 24 00 01 00 00 80 0b 00 01 80 0c 00 0a | 80 01 00 07 80 02 00 04 80 03 00 03 80 04 00 0e | 80 0e 01 00 03 00 00 24 01 01 00 00 80 0b 00 01 | 80 0c 00 0a 80 01 00 07 80 02 00 04 80 03 00 03 | 80 04 00 0e 80 0e 00 80 03 00 00 24 02 01 00 00 | 80 0b 00 01 80 0c 00 0a 80 01 00 07 80 02 00 06 | 80 03 00 03 80 04 00 0e 80 0e 01 00 03 00 00 24 | 03 01 00 00 80 0b 00 01 80 0c 00 0a 80 01 00 07 | 80 02 00 06 80 03 00 03 80 04 00 0e 80 0e 00 80 | 03 00 00 24 04 01 00 00 80 0b 00 01 80 0c 00 0a | 80 01 00 07 80 02 00 02 80 03 00 03 80 04 00 0e | 80 0e 01 00 03 00 00 24 05 01 00 00 80 0b 00 01 | 80 0c 00 0a 80 01 00 07 80 02 00 02 80 03 00 03 | 80 04 00 0e 80 0e 00 80 03 00 00 24 06 01 00 00 | 80 0b 00 01 80 0c 00 0a 80 01 00 07 80 02 00 04 | 80 03 00 03 80 04 00 05 80 0e 01 00 03 00 00 24 | 07 01 00 00 80 0b 00 01 80 0c 00 0a 80 01 00 07 | 80 02 00 04 80 03 00 03 80 04 00 05 80 0e 00 80 | 03 00 00 24 08 01 00 00 80 0b 00 01 80 0c 00 0a | 80 01 00 07 80 02 00 06 80 03 00 03 80 04 00 05 | 80 0e 01 00 03 00 00 24 09 01 00 00 80 0b 00 01 | 80 0c 00 0a 80 01 00 07 80 02 00 06 80 03 00 03 | 80 04 00 05 80 0e 00 80 03 00 00 24 0a 01 00 00 | 80 0b 00 01 80 0c 00 0a 80 01 00 07 80 02 00 02 | 80 03 00 03 80 04 00 05 80 0e 01 00 03 00 00 24 | 0b 01 00 00 80 0b 00 01 80 0c 00 0a 80 01 00 07 | 80 02 00 02 80 03 00 03 80 04 00 05 80 0e 00 80 | 03 00 00 20 0c 01 00 00 80 0b 00 01 80 0c 00 0a | 80 01 00 05 80 02 00 04 80 03 00 03 80 04 00 0e | 03 00 00 20 0d 01 00 00 80 0b 00 01 80 0c 00 0a | 80 01 00 05 80 02 00 06 80 03 00 03 80 04 00 0e | 03 00 00 20 0e 01 00 00 80 0b 00 01 80 0c 00 0a | 80 01 00 05 80 02 00 02 80 03 00 03 80 04 00 0e | 03 00 00 20 0f 01 00 00 80 0b 00 01 80 0c 00 0a | 80 01 00 05 80 02 00 04 80 03 00 03 80 04 00 05 | 03 00 00 20 10 01 00 00 80 0b 00 01 80 0c 00 0a | 80 01 00 05 80 02 00 06 80 03 00 03 80 04 00 05 | 00 00 00 20 11 01 00 00 80 0b 00 01 80 0c 00 0a | 80 01 00 05 80 02 00 02 80 03 00 03 80 04 00 05 | 0d 00 00 14 40 48 b7 d5 6e bc e8 85 25 e7 de 7f | 00 d6 c2 d3 0d 00 00 14 af ca d7 13 68 a1 f1 c9 | 6b 86 96 fc 77 57 01 00 0d 00 00 14 4a 13 1c 81 | 07 03 58 45 5c 57 28 f2 0e 95 45 2f 0d 00 00 14 | 7d 94 19 a6 53 10 ca 6f 2c 17 9d 92 15 52 9d 56 | 0d 00 00 14 90 cb 80 91 3e bb 69 6e 08 63 81 b5 | ec 42 7b 1f 00 00 00 14 cd 60 46 43 35 df 21 f8 | 7c fd b2 fc 68 b6 a4 48 | event_schedule: new EVENT_RETRANSMIT-pe@0x55ebb7f47fb8 | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #1 | libevent_malloc: new ptr-libevent@0x55ebb7f48248 size 128 | #1 STATE_MAIN_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 11342.201671 | #1 spent 1.46 milliseconds in main_outI1() | stop processing: state #1 connection "westnet-eastnet-subnets/2x2" from 192.1.2.23 (in main_outI1() at ikev1_main.c:228) | resume processing: connection "westnet-eastnet-subnets/2x2" (in main_outI1() at ikev1_main.c:228) | stop processing: connection "westnet-eastnet-subnets/2x2" (in initiate_a_connection() at initiate.c:349) | start processing: connection "westnet-eastnet-subnets/2x1" (in initiate_a_connection() at initiate.c:186) | empty esp_info, returning defaults for ENCRYPT | connection 'westnet-eastnet-subnets/2x1' +POLICY_UP | dup_any(fd@23) -> fd@26 (in initiate_a_connection() at initiate.c:342) | FOR_EACH_STATE_... in find_phase1_state | Queuing pending IPsec SA negotiating with 192.1.2.23 "westnet-eastnet-subnets/2x1" IKE SA #1 "westnet-eastnet-subnets/2x2" | stop processing: connection "westnet-eastnet-subnets/2x1" (in initiate_a_connection() at initiate.c:349) | start processing: connection "westnet-eastnet-subnets/1x2" (in initiate_a_connection() at initiate.c:186) | empty esp_info, returning defaults for ENCRYPT | connection 'westnet-eastnet-subnets/1x2' +POLICY_UP | dup_any(fd@23) -> fd@27 (in initiate_a_connection() at initiate.c:342) | FOR_EACH_STATE_... in find_phase1_state | Queuing pending IPsec SA negotiating with 192.1.2.23 "westnet-eastnet-subnets/1x2" IKE SA #1 "westnet-eastnet-subnets/2x2" | stop processing: connection "westnet-eastnet-subnets/1x2" (in initiate_a_connection() at initiate.c:349) | start processing: connection "westnet-eastnet-subnets/1x1" (in initiate_a_connection() at initiate.c:186) | empty esp_info, returning defaults for ENCRYPT | connection 'westnet-eastnet-subnets/1x1' +POLICY_UP | dup_any(fd@23) -> fd@28 (in initiate_a_connection() at initiate.c:342) | FOR_EACH_STATE_... in find_phase1_state | Queuing pending IPsec SA negotiating with 192.1.2.23 "westnet-eastnet-subnets/1x1" IKE SA #1 "westnet-eastnet-subnets/2x2" | stop processing: connection "westnet-eastnet-subnets/1x1" (in initiate_a_connection() at initiate.c:349) | close_any(fd@23) (in initiate_connection() at initiate.c:384) | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 1.58 milliseconds in whack | spent 0.00233 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 144 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | 58 65 7e 03 6c d2 dc 8b 8c 79 d8 bb 28 3b 88 3a | 01 10 02 00 00 00 00 00 00 00 00 90 0d 00 00 38 | 00 00 00 01 00 00 00 01 00 00 00 2c 00 01 00 01 | 00 00 00 24 00 01 00 00 80 0b 00 01 80 0c 00 0a | 80 01 00 07 80 02 00 04 80 03 00 03 80 04 00 0e | 80 0e 01 00 0d 00 00 14 40 48 b7 d5 6e bc e8 85 | 25 e7 de 7f 00 d6 c2 d3 0d 00 00 14 af ca d7 13 | 68 a1 f1 c9 6b 86 96 fc 77 57 01 00 00 00 00 14 | 4a 13 1c 81 07 03 58 45 5c 57 28 f2 0e 95 45 2f | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 58 65 7e 03 6c d2 dc 8b | responder cookie: | 8c 79 d8 bb 28 3b 88 3a | next payload type: ISAKMP_NEXT_SA (0x1) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 144 (0x90) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: IKEv1 state not found (find_state_ikev1) | State DB: found IKEv1 state #1 in MAIN_I1 (find_state_ikev1_init) | start processing: state #1 connection "westnet-eastnet-subnets/2x2" from 192.1.2.23 (in process_v1_packet() at ikev1.c:1459) | #1 is idle | #1 idle | got payload 0x2 (ISAKMP_NEXT_SA) needed: 0x2 opt: 0x2080 | ***parse ISAKMP Security Association Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | length: 56 (0x38) | DOI: ISAKMP_DOI_IPSEC (0x1) | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 | ***parse ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | length: 20 (0x14) | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 | ***parse ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | length: 20 (0x14) | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 | ***parse ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 20 (0x14) | message 'main_inR1_outI2' HASH payload not checked early | received Vendor ID payload [FRAGMENTATION] | received Vendor ID payload [Dead Peer Detection] | quirks.qnat_traversal_vid set to=117 [RFC 3947] | received Vendor ID payload [RFC 3947] | ****parse IPsec DOI SIT: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) | ****parse ISAKMP Proposal Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 44 (0x2c) | proposal number: 0 (0x0) | protocol ID: PROTO_ISAKMP (0x1) | SPI size: 0 (0x0) | number of transforms: 1 (0x1) | *****parse ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 36 (0x24) | ISAKMP transform number: 0 (0x0) | ISAKMP transform ID: KEY_IKE (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 10 (0xa) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | [7 is OAKLEY_AES_CBC] | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 4 (0x4) | [4 is OAKLEY_SHA2_256] | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 3 (0x3) | [3 is OAKLEY_RSA_SIG] | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | OAKLEY proposal verified unconditionally; no alg_info to check against | Oakley Transform 0 accepted | sender checking NAT-T: enabled; VID 117 | returning NAT-T method NAT_TRAVERSAL_METHOD_IETF_RFC | enabling possible NAT-traversal with method RFC 3947 (NAT-Traversal) | adding outI2 KE work-order 1 for state #1 | state #1 requesting EVENT_RETRANSMIT to be deleted | #1 STATE_MAIN_I1: retransmits: cleared | libevent_free: release ptr-libevent@0x55ebb7f48248 | free_event_entry: release EVENT_RETRANSMIT-pe@0x55ebb7f47fb8 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55ebb7f47fb8 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 | libevent_malloc: new ptr-libevent@0x55ebb7f48248 size 128 | complete v1 state transition with STF_SUSPEND | [RE]START processing: state #1 connection "westnet-eastnet-subnets/2x2" from 192.1.2.23 (in complete_v1_state_transition() at ikev1.c:2648) | suspending state #1 and saving MD | #1 is busy; has a suspended MD | crypto helper 0 resuming | #1 spent 0.139 milliseconds in process_packet_tail() | crypto helper 0 starting work-order 1 for state #1 | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) | crypto helper 0 doing build KE and nonce (outI2 KE); request ID 1 | stop processing: state #1 connection "westnet-eastnet-subnets/2x2" from 192.1.2.23 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.296 milliseconds in comm_handle_cb() reading and processing packet | crypto helper 0 finished build KE and nonce (outI2 KE); request ID 1 time elapsed 0.000949 seconds | (#1) spent 0.952 milliseconds in crypto helper computing work-order 1: outI2 KE (pcr) | crypto helper 0 sending results from work-order 1 for state #1 to event queue | scheduling resume sending helper answer for #1 | libevent_malloc: new ptr-libevent@0x7f9970002888 size 128 | crypto helper 0 waiting (nothing to do) | processing resume sending helper answer for #1 | start processing: state #1 connection "westnet-eastnet-subnets/2x2" from 192.1.2.23 (in resume_handler() at server.c:797) | crypto helper 0 replies to request ID 1 | calling continuation function 0x55ebb72bcb50 | main_inR1_outI2_continue for #1: calculated ke+nonce, sending I2 | **emit ISAKMP Message: | initiator cookie: | 58 65 7e 03 6c d2 dc 8b | responder cookie: | 8c 79 d8 bb 28 3b 88 3a | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit ISAKMP Key Exchange Payload: | next payload type: ISAKMP_NEXT_NONCE (0xa) | next payload chain: ignoring supplied 'ISAKMP Key Exchange Payload'.'next payload type' value 10:ISAKMP_NEXT_NONCE | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Key Exchange Payload (4:ISAKMP_NEXT_KE) | next payload chain: saving location 'ISAKMP Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of keyex value into ISAKMP Key Exchange Payload | keyex value 78 ef 37 42 d7 36 18 bc 3b 61 f5 ee 85 42 28 b4 | keyex value 88 bf 42 1b 6a 41 62 76 6a f1 bb e7 20 a2 0b 7e | keyex value ed 4b 24 ee e3 04 56 1f 88 a1 03 e6 8e d1 01 de | keyex value aa b4 a9 89 4a 6f a7 e4 1c 48 77 bf ff 7d d5 5d | keyex value 25 33 bd 79 0e e9 22 25 37 b5 9c 8f 7d 5d 57 84 | keyex value 87 24 45 2c d8 39 3a f1 6f 1e 48 b2 4f 51 ea 2d | keyex value 75 61 1b 00 1a 0b d0 3d bf 65 4b ad 75 c6 39 87 | keyex value 3b cf 07 c6 39 09 65 ee d2 48 24 bf b5 e8 4a 20 | keyex value 15 af d5 5f bb 33 44 0c 2d a4 d7 80 d2 23 96 09 | keyex value 66 83 ef 9f 85 7c 52 d8 0b 62 90 93 89 c3 78 ee | keyex value 71 49 b9 fe b2 4e eb de aa b1 13 8a 14 31 7b 49 | keyex value 8a 45 4d 76 34 44 6d 02 d6 15 5c 3b a4 4e d7 67 | keyex value ae 1d 82 7b ad bd 2f c6 1d e8 a3 e7 da 81 c5 86 | keyex value 9f c7 43 4f d2 81 3c 89 b4 c8 a7 af 06 35 17 cf | keyex value 01 e2 b4 39 7b ac 8b 8d 32 87 00 ef 5d bc e1 5a | keyex value 53 4d 4c e6 a4 4e 2e b8 0c f8 84 ec f9 1d 23 bd | emitting length of ISAKMP Key Exchange Payload: 260 | ***emit ISAKMP Nonce Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Key Exchange Payload'.'next payload type' to current ISAKMP Nonce Payload (10:ISAKMP_NEXT_NONCE) | next payload chain: saving location 'ISAKMP Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of Ni into ISAKMP Nonce Payload | Ni 3a 45 5c a7 d4 16 90 ef 1c 0d ae 5a b9 28 71 8e | Ni fb 14 e5 c9 26 ff 63 49 45 c6 f9 10 4a 14 04 5c | emitting length of ISAKMP Nonce Payload: 36 | NAT-T checking st_nat_traversal | NAT-T found (implies NAT_T_WITH_NATD) | sending NAT-D payloads | natd_hash: hasher=0x55ebb7391ca0(32) | natd_hash: icookie= 58 65 7e 03 6c d2 dc 8b | natd_hash: rcookie= 8c 79 d8 bb 28 3b 88 3a | natd_hash: ip= c0 01 02 17 | natd_hash: port=500 | natd_hash: hash= be cc 77 e2 04 b0 3c 60 bd 4e 72 86 f9 8a 53 ec | natd_hash: hash= 97 d6 48 01 d2 e5 17 c4 a5 ad d6 49 9c 49 0a 47 | ***emit ISAKMP NAT-D Payload: | next payload type: ISAKMP_NEXT_NATD_RFC (0x14) | next payload chain: ignoring supplied 'ISAKMP NAT-D Payload'.'next payload type' value 20:ISAKMP_NEXT_NATD_RFC | next payload chain: setting previous 'ISAKMP Nonce Payload'.'next payload type' to current ISAKMP NAT-D Payload (20:ISAKMP_NEXT_NATD_RFC) | next payload chain: saving location 'ISAKMP NAT-D Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of NAT-D into ISAKMP NAT-D Payload | NAT-D be cc 77 e2 04 b0 3c 60 bd 4e 72 86 f9 8a 53 ec | NAT-D 97 d6 48 01 d2 e5 17 c4 a5 ad d6 49 9c 49 0a 47 | emitting length of ISAKMP NAT-D Payload: 36 | natd_hash: hasher=0x55ebb7391ca0(32) | natd_hash: icookie= 58 65 7e 03 6c d2 dc 8b | natd_hash: rcookie= 8c 79 d8 bb 28 3b 88 3a | natd_hash: ip= c0 01 02 2d | natd_hash: port=500 | natd_hash: hash= b0 ed 44 24 94 f9 a6 86 9d 45 65 c5 29 7b 3b 84 | natd_hash: hash= 74 44 30 d3 d0 ee f6 d6 01 82 d8 47 78 90 d8 fa | ***emit ISAKMP NAT-D Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP NAT-D Payload'.'next payload type' to current ISAKMP NAT-D Payload (20:ISAKMP_NEXT_NATD_RFC) | next payload chain: saving location 'ISAKMP NAT-D Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of NAT-D into ISAKMP NAT-D Payload | NAT-D b0 ed 44 24 94 f9 a6 86 9d 45 65 c5 29 7b 3b 84 | NAT-D 74 44 30 d3 d0 ee f6 d6 01 82 d8 47 78 90 d8 fa | emitting length of ISAKMP NAT-D Payload: 36 | no IKEv1 message padding required | emitting length of ISAKMP Message: 396 | State DB: re-hashing IKEv1 state #1 IKE SPIi and SPI[ir] | complete v1 state transition with STF_OK | [RE]START processing: state #1 connection "westnet-eastnet-subnets/2x2" from 192.1.2.23 (in complete_v1_state_transition() at ikev1.c:2673) | #1 is idle | doing_xauth:no, t_xauth_client_done:no | peer supports fragmentation | peer supports DPD | IKEv1: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2 | parent state #1: MAIN_I1(half-open IKE SA) => MAIN_I2(open IKE SA) | event_already_set, deleting event | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x55ebb7f48248 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55ebb7f47fb8 | sending reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending 396 bytes for STATE_MAIN_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1) | 58 65 7e 03 6c d2 dc 8b 8c 79 d8 bb 28 3b 88 3a | 04 10 02 00 00 00 00 00 00 00 01 8c 0a 00 01 04 | 78 ef 37 42 d7 36 18 bc 3b 61 f5 ee 85 42 28 b4 | 88 bf 42 1b 6a 41 62 76 6a f1 bb e7 20 a2 0b 7e | ed 4b 24 ee e3 04 56 1f 88 a1 03 e6 8e d1 01 de | aa b4 a9 89 4a 6f a7 e4 1c 48 77 bf ff 7d d5 5d | 25 33 bd 79 0e e9 22 25 37 b5 9c 8f 7d 5d 57 84 | 87 24 45 2c d8 39 3a f1 6f 1e 48 b2 4f 51 ea 2d | 75 61 1b 00 1a 0b d0 3d bf 65 4b ad 75 c6 39 87 | 3b cf 07 c6 39 09 65 ee d2 48 24 bf b5 e8 4a 20 | 15 af d5 5f bb 33 44 0c 2d a4 d7 80 d2 23 96 09 | 66 83 ef 9f 85 7c 52 d8 0b 62 90 93 89 c3 78 ee | 71 49 b9 fe b2 4e eb de aa b1 13 8a 14 31 7b 49 | 8a 45 4d 76 34 44 6d 02 d6 15 5c 3b a4 4e d7 67 | ae 1d 82 7b ad bd 2f c6 1d e8 a3 e7 da 81 c5 86 | 9f c7 43 4f d2 81 3c 89 b4 c8 a7 af 06 35 17 cf | 01 e2 b4 39 7b ac 8b 8d 32 87 00 ef 5d bc e1 5a | 53 4d 4c e6 a4 4e 2e b8 0c f8 84 ec f9 1d 23 bd | 14 00 00 24 3a 45 5c a7 d4 16 90 ef 1c 0d ae 5a | b9 28 71 8e fb 14 e5 c9 26 ff 63 49 45 c6 f9 10 | 4a 14 04 5c 14 00 00 24 be cc 77 e2 04 b0 3c 60 | bd 4e 72 86 f9 8a 53 ec 97 d6 48 01 d2 e5 17 c4 | a5 ad d6 49 9c 49 0a 47 00 00 00 24 b0 ed 44 24 | 94 f9 a6 86 9d 45 65 c5 29 7b 3b 84 74 44 30 d3 | d0 ee f6 d6 01 82 d8 47 78 90 d8 fa | !event_already_set at reschedule | event_schedule: new EVENT_RETRANSMIT-pe@0x55ebb7f47fb8 | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #1 | libevent_malloc: new ptr-libevent@0x55ebb7f4cc58 size 128 | #1 STATE_MAIN_I2: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 11342.203944 "westnet-eastnet-subnets/2x2" #1: STATE_MAIN_I2: sent MI2, expecting MR2 | modecfg pull: noquirk policy:push not-client | phase 1 is done, looking for phase 2 to unpend | resume sending helper answer for #1 suppresed complete_v1_state_transition() | #1 spent 0.301 milliseconds in resume sending helper answer | stop processing: state #1 connection "westnet-eastnet-subnets/2x2" from 192.1.2.23 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f9970002888 | spent 0.00247 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 396 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | 58 65 7e 03 6c d2 dc 8b 8c 79 d8 bb 28 3b 88 3a | 04 10 02 00 00 00 00 00 00 00 01 8c 0a 00 01 04 | da 63 cb 35 af 1e 5d de c8 bb a5 f5 94 0a 39 a0 | 2d 79 d4 05 8d f8 28 b8 3a 4d 4b a3 6d 7e 6e 1f | 23 45 7f e8 31 3e ee 5a c9 47 9b 6a 09 5f 26 2d | 4a 31 d1 48 18 d2 6b d3 f5 0a 0d 32 25 c8 37 8e | 0c c7 a2 c2 af a6 cc 43 a5 e7 ea ae d3 5e da a6 | 44 96 46 fd 08 68 6c 01 bb db 87 3a 43 d3 af 36 | 23 80 b4 b2 0d 2d 55 cf 8a 4c f6 26 46 86 2c f0 | 82 43 d7 14 6d 11 c3 5a 87 fd af 97 44 0d 5f f3 | 86 86 bf 52 dd c1 65 f2 e7 e8 28 58 72 b0 5b e5 | 56 d9 99 05 00 48 02 36 f4 bc 86 03 c4 76 f7 f1 | 20 bd 15 d0 7c 0b e4 71 cb 39 42 f6 35 50 f0 d7 | 6b 14 70 e7 28 0c cc 13 da d9 42 f6 31 8b f1 6e | 35 31 7e ee f5 40 e1 fa 3a fc 36 f8 c9 db 83 66 | 78 75 d8 68 15 62 7f 15 35 b8 78 05 9b e7 71 a8 | 71 3a 92 c7 88 29 4f 4a c9 a5 1f 8c 61 84 80 fd | d2 d7 52 65 cc 81 90 f6 0d 9f 36 1c 20 0a c8 01 | 14 00 00 24 56 66 d2 88 03 93 c1 66 53 a6 5d f5 | 9e a5 dd a4 66 e9 73 16 84 e4 5e 56 0a 2b ce 36 | 8a 63 87 f3 14 00 00 24 b0 ed 44 24 94 f9 a6 86 | 9d 45 65 c5 29 7b 3b 84 74 44 30 d3 d0 ee f6 d6 | 01 82 d8 47 78 90 d8 fa 00 00 00 24 be cc 77 e2 | 04 b0 3c 60 bd 4e 72 86 f9 8a 53 ec 97 d6 48 01 | d2 e5 17 c4 a5 ad d6 49 9c 49 0a 47 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 58 65 7e 03 6c d2 dc 8b | responder cookie: | 8c 79 d8 bb 28 3b 88 3a | next payload type: ISAKMP_NEXT_KE (0x4) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 396 (0x18c) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_I2 (find_state_ikev1) | start processing: state #1 connection "westnet-eastnet-subnets/2x2" from 192.1.2.23 (in process_v1_packet() at ikev1.c:1459) | #1 is idle | #1 idle | got payload 0x10 (ISAKMP_NEXT_KE) needed: 0x410 opt: 0x102080 | ***parse ISAKMP Key Exchange Payload: | next payload type: ISAKMP_NEXT_NONCE (0xa) | length: 260 (0x104) | got payload 0x400 (ISAKMP_NEXT_NONCE) needed: 0x400 opt: 0x102080 | ***parse ISAKMP Nonce Payload: | next payload type: ISAKMP_NEXT_NATD_RFC (0x14) | length: 36 (0x24) | got payload 0x100000 (ISAKMP_NEXT_NATD_RFC) needed: 0x0 opt: 0x102080 | ***parse ISAKMP NAT-D Payload: | next payload type: ISAKMP_NEXT_NATD_RFC (0x14) | length: 36 (0x24) | got payload 0x100000 (ISAKMP_NEXT_NATD_RFC) needed: 0x0 opt: 0x102080 | ***parse ISAKMP NAT-D Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 36 (0x24) | message 'main_inR2_outI3' HASH payload not checked early | started looking for secret for @west->@east of kind PKK_PSK | actually looking for secret for @west->@east of kind PKK_PSK | line 1: key type PKK_PSK(@west) to type PKK_RSA | concluding with best_match=000 best=(nil) (lineno=-1) | no PreShared Key Found | adding aggr outR1 DH work-order 2 for state #1 | state #1 requesting EVENT_RETRANSMIT to be deleted | #1 STATE_MAIN_I2: retransmits: cleared | libevent_free: release ptr-libevent@0x55ebb7f4cc58 | free_event_entry: release EVENT_RETRANSMIT-pe@0x55ebb7f47fb8 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55ebb7f47fb8 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 | libevent_malloc: new ptr-libevent@0x7f9970002888 size 128 | complete v1 state transition with STF_SUSPEND | [RE]START processing: state #1 connection "westnet-eastnet-subnets/2x2" from 192.1.2.23 (in complete_v1_state_transition() at ikev1.c:2648) | suspending state #1 and saving MD | crypto helper 1 resuming | #1 is busy; has a suspended MD | crypto helper 1 starting work-order 2 for state #1 | #1 spent 0.0547 milliseconds in process_packet_tail() | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) | crypto helper 1 doing compute dh+iv (V1 Phase 1) (aggr outR1 DH); request ID 2 | stop processing: state #1 connection "westnet-eastnet-subnets/2x2" from 192.1.2.23 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.2 milliseconds in comm_handle_cb() reading and processing packet | crypto helper 1 finished compute dh+iv (V1 Phase 1) (aggr outR1 DH); request ID 2 time elapsed 0.000783 seconds | (#1) spent 0.787 milliseconds in crypto helper computing work-order 2: aggr outR1 DH (pcr) | crypto helper 1 sending results from work-order 2 for state #1 to event queue | scheduling resume sending helper answer for #1 | libevent_malloc: new ptr-libevent@0x7f9968000f48 size 128 | crypto helper 1 waiting (nothing to do) | processing resume sending helper answer for #1 | start processing: state #1 connection "westnet-eastnet-subnets/2x2" from 192.1.2.23 (in resume_handler() at server.c:797) | crypto helper 1 replies to request ID 2 | calling continuation function 0x55ebb72bcb50 | main_inR2_outI3_cryptotail for #1: calculated DH, sending R1 | **emit ISAKMP Message: | initiator cookie: | 58 65 7e 03 6c d2 dc 8b | responder cookie: | 8c 79 d8 bb 28 3b 88 3a | next payload type: ISAKMP_NEXT_ID (0x5) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | next payload chain: ignoring supplied 'ISAKMP Message'.'next payload type' value 5:ISAKMP_NEXT_ID | thinking about whether to send my certificate: | I have RSA key: OAKLEY_RSA_SIG cert.type: 0?? | sendcert: CERT_ALWAYSSEND and I did not get a certificate request | so do not send cert. | I did not send a certificate because I do not have one. | I am not sending a certificate request | I will NOT send an initial contact payload | init checking NAT-T: enabled; RFC 3947 (NAT-Traversal) | natd_hash: hasher=0x55ebb7391ca0(32) | natd_hash: icookie= 58 65 7e 03 6c d2 dc 8b | natd_hash: rcookie= 8c 79 d8 bb 28 3b 88 3a | natd_hash: ip= c0 01 02 2d | natd_hash: port=500 | natd_hash: hash= b0 ed 44 24 94 f9 a6 86 9d 45 65 c5 29 7b 3b 84 | natd_hash: hash= 74 44 30 d3 d0 ee f6 d6 01 82 d8 47 78 90 d8 fa | natd_hash: hasher=0x55ebb7391ca0(32) | natd_hash: icookie= 58 65 7e 03 6c d2 dc 8b | natd_hash: rcookie= 8c 79 d8 bb 28 3b 88 3a | natd_hash: ip= c0 01 02 17 | natd_hash: port=500 | natd_hash: hash= be cc 77 e2 04 b0 3c 60 bd 4e 72 86 f9 8a 53 ec | natd_hash: hash= 97 d6 48 01 d2 e5 17 c4 a5 ad d6 49 9c 49 0a 47 | expected NAT-D(me): b0 ed 44 24 94 f9 a6 86 9d 45 65 c5 29 7b 3b 84 | expected NAT-D(me): 74 44 30 d3 d0 ee f6 d6 01 82 d8 47 78 90 d8 fa | expected NAT-D(him): | be cc 77 e2 04 b0 3c 60 bd 4e 72 86 f9 8a 53 ec | 97 d6 48 01 d2 e5 17 c4 a5 ad d6 49 9c 49 0a 47 | received NAT-D: b0 ed 44 24 94 f9 a6 86 9d 45 65 c5 29 7b 3b 84 | received NAT-D: 74 44 30 d3 d0 ee f6 d6 01 82 d8 47 78 90 d8 fa | received NAT-D: be cc 77 e2 04 b0 3c 60 bd 4e 72 86 f9 8a 53 ec | received NAT-D: 97 d6 48 01 d2 e5 17 c4 a5 ad d6 49 9c 49 0a 47 | NAT_TRAVERSAL encaps using auto-detect | NAT_TRAVERSAL this end is NOT behind NAT | NAT_TRAVERSAL that end is NOT behind NAT | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.23 | NAT-Traversal: Result using RFC 3947 (NAT-Traversal) sender port 500: no NAT detected | NAT_T_WITH_KA detected | global one-shot timer EVENT_NAT_T_KEEPALIVE scheduled in 20 seconds | ***emit ISAKMP Identification Payload (IPsec DOI): | next payload type: ISAKMP_NEXT_SIG (0x9) | ID type: ID_FQDN (0x2) | Protocol ID: 0 (0x0) | port: 0 (0x0) | next payload chain: ignoring supplied 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' value 9:ISAKMP_NEXT_SIG | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' | emitting 4 raw bytes of my identity into ISAKMP Identification Payload (IPsec DOI) | my identity 77 65 73 74 | emitting length of ISAKMP Identification Payload (IPsec DOI): 12 | started looking for secret for @west->@east of kind PKK_RSA | actually looking for secret for @west->@east of kind PKK_RSA | line 1: key type PKK_RSA(@west) to type PKK_RSA | 1: compared key (none) to @west / @east -> 002 | 2: compared key (none) to @west / @east -> 002 | line 1: match=002 | match 002 beats previous best_match 000 match=0x55ebb7e9f378 (line=1) | concluding with best_match=002 best=0x55ebb7e9f378 (lineno=1) | ***emit ISAKMP Signature Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' to current ISAKMP Signature Payload (9:ISAKMP_NEXT_SIG) | next payload chain: saving location 'ISAKMP Signature Payload'.'next payload type' in 'reply packet' | emitting 274 raw bytes of SIG_I into ISAKMP Signature Payload | SIG_I 4a ab 65 57 f9 99 7b 17 aa 66 0b 97 96 74 10 45 | SIG_I 2f 2c d9 b3 0f 16 0c c5 3c c8 2a e8 53 f9 44 ff | SIG_I cc 38 9a 73 d8 e0 c3 a5 7a 03 cc 8b bd 3d da bd | SIG_I d6 59 c9 37 ba d8 4e 47 d0 78 6d 87 20 32 1b 87 | SIG_I 5b c6 2a 75 2f ea 12 fb 9c 12 ca b7 7c 0c ff b6 | SIG_I 9f f1 18 d2 57 b3 3d da 37 32 35 0e cf 04 a9 f4 | SIG_I 64 f3 2f 49 f6 f0 f2 dd 05 fa 46 0e 45 cd 8d a5 | SIG_I 31 e8 03 b8 c9 bb 14 24 74 2a b8 15 6a 77 1b a6 | SIG_I 6d ea 7c 0c b6 d6 29 c7 c8 c0 bc ba 50 8b e4 46 | SIG_I 34 12 61 7e 1e 8a da 25 87 36 06 cf 84 2a 2d fc | SIG_I 48 bf 80 74 a7 82 f7 fc 26 24 5f b7 ed 34 33 ca | SIG_I da fc e6 c7 44 6e ba ca 3f 99 95 0d 7d f4 35 30 | SIG_I f6 5a 30 3e 8f c2 13 94 f6 39 ed df b9 51 48 51 | SIG_I 68 52 00 06 74 d6 62 d3 b9 20 45 4e dc 69 2a 6e | SIG_I c4 0c 96 5a 84 59 d1 fe 44 ca af 45 e7 5d c4 bd | SIG_I 67 71 1b 89 35 f8 4c f3 f5 4a d1 ed a1 9d 4c 95 | SIG_I 0d d7 16 13 b2 b9 a0 fa 0f e1 50 63 36 0e b6 73 | SIG_I ba 42 | emitting length of ISAKMP Signature Payload: 278 | Not sending INITIAL_CONTACT | emitting 14 zero bytes of encryption padding into ISAKMP Message | no IKEv1 message padding required | emitting length of ISAKMP Message: 332 | complete v1 state transition with STF_OK | [RE]START processing: state #1 connection "westnet-eastnet-subnets/2x2" from 192.1.2.23 (in complete_v1_state_transition() at ikev1.c:2673) | #1 is idle | doing_xauth:no, t_xauth_client_done:no | IKEv1: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3 | parent state #1: MAIN_I2(open IKE SA) => MAIN_I3(open IKE SA) | event_already_set, deleting event | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f9970002888 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55ebb7f47fb8 | sending reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending 332 bytes for STATE_MAIN_I2 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1) | 58 65 7e 03 6c d2 dc 8b 8c 79 d8 bb 28 3b 88 3a | 05 10 02 01 00 00 00 00 00 00 01 4c b9 7e ca a9 | 16 63 d7 fa 68 26 ef b0 a3 99 4d 1a 97 c9 b7 9b | 32 75 7c 41 b7 e2 bf d4 83 28 6c f2 57 22 97 2d | f3 3d 25 67 90 cb 39 c7 2b 6f 8c 0c 27 24 22 5f | bd 72 12 94 b5 f3 c3 1d ce 1e 5c da 50 57 08 6e | f2 02 5d 2a d0 ba 6b e1 c7 f3 05 c1 fc 5b 64 00 | c0 46 97 41 fe f9 d3 27 5f 9f 35 65 4d 08 45 72 | 27 fe 14 20 04 d3 b0 c1 e4 ee 4b 38 b1 f4 1c 89 | 3a 4f 94 ae 67 5a d7 49 cf 02 65 2b a0 a5 6d d8 | 0c 4d cf a3 b1 c3 9e e0 5b be 33 4d e6 b9 ea 8e | a9 d4 aa e3 d0 6b 01 d7 65 c1 05 37 36 7b bc b8 | 77 92 9a 5c 09 fe bb 94 12 1e 41 2b 30 d8 57 ef | 33 0e d5 1a fc 6d 02 d5 03 80 b4 8a 85 28 db 69 | a4 eb b0 64 25 d8 f6 1d 54 12 d4 77 2a a2 a7 88 | ab e8 ca d7 04 e6 c4 59 22 a6 5c 8c 85 9e 39 8f | 25 59 ec ae 97 73 41 ee 39 43 76 ba 38 87 79 c9 | f1 82 77 ce a4 c5 07 5c 44 11 8e 38 be 70 aa e5 | 8b 9d 9b c1 79 59 2a fc f5 52 09 ae 98 52 92 97 | 04 4d a8 9d 3d b7 eb 1e dd 67 fe 70 ed 2e 84 9c | 00 49 29 66 26 03 3a 1d 95 9f 36 9e | !event_already_set at reschedule | event_schedule: new EVENT_RETRANSMIT-pe@0x55ebb7f47fb8 | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #1 | libevent_malloc: new ptr-libevent@0x55ebb7f48248 size 128 | #1 STATE_MAIN_I3: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 11342.209993 "westnet-eastnet-subnets/2x2" #1: STATE_MAIN_I3: sent MI3, expecting MR3 | modecfg pull: noquirk policy:push not-client | phase 1 is done, looking for phase 2 to unpend | resume sending helper answer for #1 suppresed complete_v1_state_transition() | #1 spent 3.43 milliseconds in resume sending helper answer | stop processing: state #1 connection "westnet-eastnet-subnets/2x2" from 192.1.2.23 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f9968000f48 | spent 0.00318 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 332 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | 58 65 7e 03 6c d2 dc 8b 8c 79 d8 bb 28 3b 88 3a | 05 10 02 01 00 00 00 00 00 00 01 4c c3 c3 66 a0 | 0f 45 31 3d 38 36 7c 27 a5 0a 44 db 99 66 b3 99 | d6 17 28 7a 8d e4 8c b3 f8 36 02 16 88 9f b6 88 | f8 fc 3b d8 ac 9b 57 be 6d b3 88 77 69 5d e1 85 | 2b 3f 46 2d 5b 12 cf 23 eb ed 72 d4 3b 82 aa c0 | 29 fe 96 3b 84 5d 5b a5 61 49 ae ed d9 1a dd 4c | 1a c7 93 67 53 5b 40 9f b6 02 1f 3b 9c cb 02 c5 | a6 d1 a1 3b 26 2e b4 0c 06 d4 32 51 70 85 c0 e2 | 7a ac 24 61 04 f9 76 eb ab ca 9e 4f f3 b9 6e 95 | 8d 1d 14 33 44 38 16 86 2e 73 3b 11 50 f7 5a e5 | 87 62 c0 2c 13 8e d4 5a 9b 00 1f 57 33 ad cc 2f | 6b e2 15 34 c2 bb 32 db 01 c0 fc e9 f9 a2 39 d0 | 83 18 e3 26 e1 d5 73 c6 14 84 4b 20 23 68 9d 4b | 7e 1d c7 4e 01 f9 d1 6a 8e 46 cc 22 b0 b4 b6 d5 | 4e 7b ec 70 e7 21 37 04 f0 17 be 94 15 1a b4 66 | d7 4e 71 25 3c 01 7c f7 a6 61 be 63 63 b5 85 d4 | 74 e0 5d 18 56 80 bf 3d 52 0a 68 7b f5 b2 a8 33 | 11 b1 52 56 28 d1 8a 31 2e c7 82 42 b9 73 db b2 | 74 6a 14 73 65 9a cf e4 22 f6 ee 91 88 c1 f9 2b | 0e f3 d1 92 f2 78 bf e6 e9 de f9 5c | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 58 65 7e 03 6c d2 dc 8b | responder cookie: | 8c 79 d8 bb 28 3b 88 3a | next payload type: ISAKMP_NEXT_ID (0x5) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 0 (0x0) | length: 332 (0x14c) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_I3 (find_state_ikev1) | start processing: state #1 connection "westnet-eastnet-subnets/2x2" from 192.1.2.23 (in process_v1_packet() at ikev1.c:1459) | #1 is idle | #1 idle | received encrypted packet from 192.1.2.23:500 | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x220 opt: 0x20c0 | ***parse ISAKMP Identification Payload: | next payload type: ISAKMP_NEXT_SIG (0x9) | length: 12 (0xc) | ID type: ID_FQDN (0x2) | DOI specific A: 0 (0x0) | DOI specific B: 0 (0x0) | obj: 65 61 73 74 | got payload 0x200 (ISAKMP_NEXT_SIG) needed: 0x200 opt: 0x20c0 | ***parse ISAKMP Signature Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 278 (0x116) | removing 14 bytes of padding | message 'main_inR3' HASH payload not checked early "westnet-eastnet-subnets/2x2" #1: Peer ID is ID_FQDN: '@east' | X509: no CERT payloads to process | required RSA CA is '%any' | checking RSA keyid '@east' for match with '@east' | key issuer CA is '%any' | an RSA Sig check passed with *AQO9bJbr3 [preloaded key] | #1 spent 0.071 milliseconds in try_all_RSA_keys() trying a pubkey "westnet-eastnet-subnets/2x2" #1: Authenticated using RSA | FOR_EACH_CONNECTION_... in ISAKMP_SA_established | complete v1 state transition with STF_OK | [RE]START processing: state #1 connection "westnet-eastnet-subnets/2x2" from 192.1.2.23 (in complete_v1_state_transition() at ikev1.c:2673) | #1 is idle | doing_xauth:no, t_xauth_client_done:no | IKEv1: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4 | parent state #1: MAIN_I3(open IKE SA) => MAIN_I4(established IKE SA) | event_already_set, deleting event | state #1 requesting EVENT_RETRANSMIT to be deleted | #1 STATE_MAIN_I4: retransmits: cleared | libevent_free: release ptr-libevent@0x55ebb7f48248 | free_event_entry: release EVENT_RETRANSMIT-pe@0x55ebb7f47fb8 | !event_already_set at reschedule | event_schedule: new EVENT_SA_EXPIRE-pe@0x55ebb7f47fb8 | inserting event EVENT_SA_EXPIRE, timeout in 10 seconds for #1 | libevent_malloc: new ptr-libevent@0x7f9968000f48 size 128 | pstats #1 ikev1.isakmp established "westnet-eastnet-subnets/2x2" #1: STATE_MAIN_I4: ISAKMP SA established {auth=RSA_SIG cipher=AES_CBC_256 integ=HMAC_SHA2_256 group=MODP2048} | DPD: dpd_init() called on ISAKMP SA | DPD: Peer supports Dead Peer Detection | DPD: not initializing DPD because DPD is disabled locally | modecfg pull: noquirk policy:push not-client | phase 1 is done, looking for phase 2 to unpend | unpending state #1 | creating state object #2 at 0x55ebb7f4abf8 | State DB: adding IKEv1 state #2 in UNDEFINED | pstats #2 ikev1.ipsec started | duplicating state object #1 "westnet-eastnet-subnets/2x2" as #2 for IPSEC SA | #2 setting local endpoint to 192.1.2.45:500 from #1.st_localport (in duplicate_state() at state.c:1484) | in connection_discard for connection westnet-eastnet-subnets/2x2 | suspend processing: state #1 connection "westnet-eastnet-subnets/2x2" from 192.1.2.23 (in quick_outI1() at ikev1_quick.c:685) | start processing: state #2 connection "westnet-eastnet-subnets/1x1" from 192.1.2.23 (in quick_outI1() at ikev1_quick.c:685) | child state #2: UNDEFINED(ignore) => QUICK_I1(established CHILD SA) "westnet-eastnet-subnets/1x1" #2: initiating Quick Mode RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO {using isakmp#1 msgid:68f2343d proposal=defaults pfsgroup=MODP2048} | adding quick_outI1 KE work-order 3 for state #2 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f9970002b78 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #2 | libevent_malloc: new ptr-libevent@0x55ebb7f480d8 size 128 | stop processing: state #2 connection "westnet-eastnet-subnets/1x1" from 192.1.2.23 (in quick_outI1() at ikev1_quick.c:764) | resume processing: state #1 connection "westnet-eastnet-subnets/2x2" from 192.1.2.23 (in quick_outI1() at ikev1_quick.c:764) | unqueuing pending Quick Mode with 192.1.2.23 "westnet-eastnet-subnets/1x1" | removing pending policy for no connection {0x55ebb7f4db48} | crypto helper 2 resuming | creating state object #3 at 0x55ebb7f520f8 | State DB: adding IKEv1 state #3 in UNDEFINED | crypto helper 2 starting work-order 3 for state #2 | pstats #3 ikev1.ipsec started | duplicating state object #1 "westnet-eastnet-subnets/2x2" as #3 for IPSEC SA | crypto helper 2 doing build KE and nonce (quick_outI1 KE); request ID 3 | #3 setting local endpoint to 192.1.2.45:500 from #1.st_localport (in duplicate_state() at state.c:1484) | in connection_discard for connection westnet-eastnet-subnets/2x2 | suspend processing: state #1 connection "westnet-eastnet-subnets/2x2" from 192.1.2.23 (in quick_outI1() at ikev1_quick.c:685) | start processing: state #3 connection "westnet-eastnet-subnets/1x2" from 192.1.2.23 (in quick_outI1() at ikev1_quick.c:685) | child state #3: UNDEFINED(ignore) => QUICK_I1(established CHILD SA) "westnet-eastnet-subnets/1x2" #3: initiating Quick Mode RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO {using isakmp#1 msgid:8882f851 proposal=defaults pfsgroup=MODP2048} | adding quick_outI1 KE work-order 4 for state #3 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55ebb7f4cfa8 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #3 | libevent_malloc: new ptr-libevent@0x55ebb7f48028 size 128 | libevent_realloc: release ptr-libevent@0x55ebb7f29558 | libevent_realloc: new ptr-libevent@0x55ebb7f489c8 size 128 | stop processing: state #3 connection "westnet-eastnet-subnets/1x2" from 192.1.2.23 (in quick_outI1() at ikev1_quick.c:764) | resume processing: state #1 connection "westnet-eastnet-subnets/2x2" from 192.1.2.23 (in quick_outI1() at ikev1_quick.c:764) | crypto helper 3 resuming | unqueuing pending Quick Mode with 192.1.2.23 "westnet-eastnet-subnets/1x2" | removing pending policy for no connection {0x55ebb7f47698} | crypto helper 3 starting work-order 4 for state #3 | creating state object #4 at 0x55ebb7f57868 | State DB: adding IKEv1 state #4 in UNDEFINED | pstats #4 ikev1.ipsec started | crypto helper 3 doing build KE and nonce (quick_outI1 KE); request ID 4 | duplicating state object #1 "westnet-eastnet-subnets/2x2" as #4 for IPSEC SA | #4 setting local endpoint to 192.1.2.45:500 from #1.st_localport (in duplicate_state() at state.c:1484) | in connection_discard for connection westnet-eastnet-subnets/2x2 | suspend processing: state #1 connection "westnet-eastnet-subnets/2x2" from 192.1.2.23 (in quick_outI1() at ikev1_quick.c:685) | start processing: state #4 connection "westnet-eastnet-subnets/2x1" from 192.1.2.23 (in quick_outI1() at ikev1_quick.c:685) | child state #4: UNDEFINED(ignore) => QUICK_I1(established CHILD SA) "westnet-eastnet-subnets/2x1" #4: initiating Quick Mode RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO {using isakmp#1 msgid:9e8f68f5 proposal=defaults pfsgroup=MODP2048} | adding quick_outI1 KE work-order 5 for state #4 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55ebb7f29558 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #4 | libevent_malloc: new ptr-libevent@0x55ebb7f48918 size 128 | stop processing: state #4 connection "westnet-eastnet-subnets/2x1" from 192.1.2.23 (in quick_outI1() at ikev1_quick.c:764) | resume processing: state #1 connection "westnet-eastnet-subnets/2x2" from 192.1.2.23 (in quick_outI1() at ikev1_quick.c:764) | crypto helper 4 resuming | unqueuing pending Quick Mode with 192.1.2.23 "westnet-eastnet-subnets/2x1" | removing pending policy for no connection {0x55ebb7f3a308} | crypto helper 4 starting work-order 5 for state #4 | creating state object #5 at 0x55ebb7f58f28 | State DB: adding IKEv1 state #5 in UNDEFINED | pstats #5 ikev1.ipsec started | duplicating state object #1 "westnet-eastnet-subnets/2x2" as #5 for IPSEC SA | crypto helper 4 doing build KE and nonce (quick_outI1 KE); request ID 5 | #5 setting local endpoint to 192.1.2.45:500 from #1.st_localport (in duplicate_state() at state.c:1484) | suspend processing: state #1 connection "westnet-eastnet-subnets/2x2" from 192.1.2.23 (in quick_outI1() at ikev1_quick.c:685) | start processing: state #5 connection "westnet-eastnet-subnets/2x2" from 192.1.2.23 (in quick_outI1() at ikev1_quick.c:685) | child state #5: UNDEFINED(ignore) => QUICK_I1(established CHILD SA) "westnet-eastnet-subnets/2x2" #5: initiating Quick Mode RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO {using isakmp#1 msgid:1bee7841 proposal=defaults pfsgroup=MODP2048} | adding quick_outI1 KE work-order 6 for state #5 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55ebb7ecd6d8 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #5 | libevent_malloc: new ptr-libevent@0x55ebb7f48728 size 128 | stop processing: state #5 connection "westnet-eastnet-subnets/2x2" from 192.1.2.23 (in quick_outI1() at ikev1_quick.c:764) | resume processing: state #1 connection "westnet-eastnet-subnets/2x2" from 192.1.2.23 (in quick_outI1() at ikev1_quick.c:764) | unqueuing pending Quick Mode with 192.1.2.23 "westnet-eastnet-subnets/2x2" | removing pending policy for no connection {0x55ebb7f3a388} | crypto helper 5 resuming | close_any(fd@24) (in release_whack() at state.c:654) | crypto helper 5 starting work-order 6 for state #5 | #1 spent 0.597 milliseconds in process_packet_tail() | crypto helper 5 doing build KE and nonce (quick_outI1 KE); request ID 6 | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "westnet-eastnet-subnets/2x2" from 192.1.2.23 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.751 milliseconds in comm_handle_cb() reading and processing packet | crypto helper 5 finished build KE and nonce (quick_outI1 KE); request ID 6 time elapsed 0.002017 seconds | (#5) spent 0.617 milliseconds in crypto helper computing work-order 6: quick_outI1 KE (pcr) | crypto helper 5 sending results from work-order 6 for state #5 to event queue | scheduling resume sending helper answer for #5 | libevent_malloc: new ptr-libevent@0x7f99580055c8 size 128 | crypto helper 5 waiting (nothing to do) | processing resume sending helper answer for #5 | start processing: state #5 connection "westnet-eastnet-subnets/2x2" from 192.1.2.23 (in resume_handler() at server.c:797) | crypto helper 5 replies to request ID 6 | calling continuation function 0x55ebb72bcb50 | quick_outI1_continue for #5: calculated ke+nonce, sending I1 | **emit ISAKMP Message: | initiator cookie: | 58 65 7e 03 6c d2 dc 8b | responder cookie: | 8c 79 d8 bb 28 3b 88 3a | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_QUICK (0x20) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 468613185 (0x1bee7841) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'reply packet' | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload | emitting length of ISAKMP Hash Payload: 36 | emitting quick defaults using policy none | empty esp_info, returning defaults for ENCRYPT | ***emit ISAKMP Security Association Payload: | next payload type: ISAKMP_NEXT_NONCE (0xa) | DOI: ISAKMP_DOI_IPSEC (0x1) | next payload chain: ignoring supplied 'ISAKMP Security Association Payload'.'next payload type' value 10:ISAKMP_NEXT_NONCE | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Security Association Payload (1:ISAKMP_NEXT_SA) | next payload chain: saving location 'ISAKMP Security Association Payload'.'next payload type' in 'reply packet' | ****emit IPsec DOI SIT: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) | ikev1_out_sa pcn: 0 has 1 valid proposals | ikev1_out_sa pcn: 0 pn: 0<1 valid_count: 1 trans_cnt: 2 | ****emit ISAKMP Proposal Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | proposal number: 0 (0x0) | protocol ID: PROTO_IPSEC_ESP (0x3) | SPI size: 4 (0x4) | number of transforms: 2 (0x2) | last substructure: saving location 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' | netlink_get_spi: allocated 0xfae87546 for esp.0@192.1.2.45 | emitting 4 raw bytes of SPI into ISAKMP Proposal Payload | SPI fa e8 75 46 | *****emit ISAKMP Transform Payload (ESP): | next payload type: ISAKMP_NEXT_T (0x3) | ESP transform number: 0 (0x0) | ESP transform ID: ESP_AES (0xc) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+GROUP_DESCRIPTION (0x8003) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+ENCAPSULATION_MODE (0x8004) | length/value: 1 (0x1) | [1 is ENCAPSULATION_MODE_TUNNEL] | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+SA_LIFE_TYPE (0x8001) | length/value: 1 (0x1) | [1 is SA_LIFE_TYPE_SECONDS] | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) | length/value: 28800 (0x7080) | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+AUTH_ALGORITHM (0x8005) | length/value: 2 (0x2) | [2 is AUTH_ALGORITHM_HMAC_SHA1] | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+KEY_LENGTH (0x8006) | length/value: 128 (0x80) | emitting length of ISAKMP Transform Payload (ESP): 32 | *****emit ISAKMP Transform Payload (ESP): | next payload type: ISAKMP_NEXT_NONE (0x0) | ESP transform number: 1 (0x1) | ESP transform ID: ESP_3DES (0x3) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+GROUP_DESCRIPTION (0x8003) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+ENCAPSULATION_MODE (0x8004) | length/value: 1 (0x1) | [1 is ENCAPSULATION_MODE_TUNNEL] | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+SA_LIFE_TYPE (0x8001) | length/value: 1 (0x1) | [1 is SA_LIFE_TYPE_SECONDS] | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) | length/value: 28800 (0x7080) | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+AUTH_ALGORITHM (0x8005) | length/value: 2 (0x2) | [2 is AUTH_ALGORITHM_HMAC_SHA1] | emitting length of ISAKMP Transform Payload (ESP): 28 | emitting length of ISAKMP Proposal Payload: 72 | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' is 0 | emitting length of ISAKMP Security Association Payload: 84 | last substructure: checking 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' is 0 | ***emit ISAKMP Nonce Payload: | next payload type: ISAKMP_NEXT_KE (0x4) | next payload chain: ignoring supplied 'ISAKMP Nonce Payload'.'next payload type' value 4:ISAKMP_NEXT_KE | next payload chain: setting previous 'ISAKMP Security Association Payload'.'next payload type' to current ISAKMP Nonce Payload (10:ISAKMP_NEXT_NONCE) | next payload chain: saving location 'ISAKMP Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of Ni into ISAKMP Nonce Payload | Ni e3 f5 8f 6f 19 50 51 7d 6b 9c f6 23 c8 21 ef 08 | Ni 1c d2 01 0f e5 c3 75 3c 78 e5 51 2c 9f 22 35 66 | emitting length of ISAKMP Nonce Payload: 36 | ***emit ISAKMP Key Exchange Payload: | next payload type: ISAKMP_NEXT_ID (0x5) | next payload chain: ignoring supplied 'ISAKMP Key Exchange Payload'.'next payload type' value 5:ISAKMP_NEXT_ID | next payload chain: setting previous 'ISAKMP Nonce Payload'.'next payload type' to current ISAKMP Key Exchange Payload (4:ISAKMP_NEXT_KE) | next payload chain: saving location 'ISAKMP Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of keyex value into ISAKMP Key Exchange Payload | keyex value b0 a0 cb d7 17 c7 1f ff 0f 19 00 57 93 d2 00 c8 | keyex value 37 b5 30 e0 02 94 22 c0 f7 09 13 45 d6 75 81 ab | keyex value a4 82 2f 3e 8a 77 e5 da 09 a8 67 b7 68 3e 8b 1b | keyex value 5b 10 d0 34 00 1f f5 cc e2 ba e2 85 26 28 72 14 | keyex value 51 ef b0 92 5b 13 bb 2c 64 2a ce 85 3e 6c fc 50 | keyex value 1f 43 53 82 44 c1 f2 ee c6 3c 1b eb c7 61 84 48 | keyex value 6c cd 5a c9 af df 24 f5 5e 6f fb 53 b3 5c 42 53 | keyex value 71 52 36 4c c2 0f 2d 12 a7 ce 02 ea 9e f0 5a 13 | keyex value 58 fe 27 d2 39 b5 5d 47 4c 66 9f 61 37 ee e7 81 | keyex value 36 85 98 8b 10 1d b0 25 b6 a6 a2 3c 1f ac 8f 15 | keyex value 53 e5 df d2 b5 59 23 15 77 13 62 a0 f7 d6 c3 bd | keyex value 88 4d 13 39 4e a7 cd 37 f5 1e 8c dc 35 9c 89 33 | keyex value 73 f3 08 22 60 e6 3d 96 88 b8 e5 b4 ae 2f 65 8b | keyex value e5 bd df 85 c2 1d 4c c6 39 27 9b 4b d3 17 f9 16 | keyex value 3a 4b 6d de ca a2 4d 10 44 66 fe a6 29 19 1c 65 | keyex value 6b 7a 2f 5b 3b 49 9d ec 84 cd 43 55 c3 59 10 6d | emitting length of ISAKMP Key Exchange Payload: 260 | ***emit ISAKMP Identification Payload (IPsec DOI): | next payload type: ISAKMP_NEXT_ID (0x5) | ID type: ID_IPV4_ADDR_SUBNET (0x4) | Protocol ID: 0 (0x0) | port: 0 (0x0) | next payload chain: ignoring supplied 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' value 5:ISAKMP_NEXT_ID | next payload chain: setting previous 'ISAKMP Key Exchange Payload'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' | emitting 4 raw bytes of client network into ISAKMP Identification Payload (IPsec DOI) | client network c0 00 01 80 | emitting 4 raw bytes of client mask into ISAKMP Identification Payload (IPsec DOI) | client mask ff ff ff f0 | emitting length of ISAKMP Identification Payload (IPsec DOI): 16 | ***emit ISAKMP Identification Payload (IPsec DOI): | next payload type: ISAKMP_NEXT_NONE (0x0) | ID type: ID_IPV4_ADDR_SUBNET (0x4) | Protocol ID: 0 (0x0) | port: 0 (0x0) | next payload chain: setting previous 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' | emitting 4 raw bytes of client network into ISAKMP Identification Payload (IPsec DOI) | client network c0 00 02 40 | emitting 4 raw bytes of client mask into ISAKMP Identification Payload (IPsec DOI) | client mask ff ff ff c0 | emitting length of ISAKMP Identification Payload (IPsec DOI): 16 | outI1 HASH(1): | 01 a1 42 b2 de be 32 59 b9 35 1a 10 b5 a9 02 c5 | 19 65 a9 47 81 3b 9d 71 dd 98 3e 1b f9 95 ca 46 | no IKEv1 message padding required | emitting length of ISAKMP Message: 476 | sending 476 bytes for reply packet from quick_outI1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #5) | 58 65 7e 03 6c d2 dc 8b 8c 79 d8 bb 28 3b 88 3a | 08 10 20 01 1b ee 78 41 00 00 01 dc 15 55 55 7b | 8b 0a 20 4f 4e f8 21 29 38 de 19 4a 89 fb 20 5c | ed 98 41 22 d4 d3 ff 49 ff 30 97 21 75 7c 55 a3 | fd 0a 10 6c 53 f2 34 d0 55 40 48 5a 6a 45 f7 11 | 85 31 ca e1 1f 71 fc 0d 39 b2 7f 42 7f 80 0a bb | 7e d7 16 ce b7 50 52 38 dc ba 02 50 92 e4 77 b2 | 8d ca c9 96 93 ae 98 0c fe 28 e1 a6 34 a1 6b 20 | 5f 56 b9 56 72 d4 f2 50 c6 02 a4 4b b3 e0 56 d8 | 8b 1f 57 2d 8f 89 c7 83 2d 8a a4 99 3f d9 fd d7 | c1 22 ba 60 28 eb 09 0d 70 8b ac 15 d3 d3 e0 1c | 6f b6 ac 00 1d ec 58 2e 62 21 74 16 d7 e2 86 da | 1f e3 20 54 c0 44 fc ce 7b 00 d4 78 98 f9 1c eb | 16 48 3d 40 56 ce 3a 51 40 9d 37 5b 79 43 3e 73 | 6e 51 db 2c 13 07 9b df e9 c4 5b 04 29 0c 9c 96 | 02 b4 fb ee 86 55 6f 98 07 b8 c3 f0 2a a3 fc 17 | d5 cc 60 38 35 29 5a 6a ac 6c 06 5e a6 23 cd 7b | 40 76 a6 8f c5 d3 35 6b 68 94 f3 2a ab 4e 46 3b | a5 8b 65 4a b9 c7 64 c2 ba a3 de 89 96 65 ac 88 | c9 ae bd b5 35 7d 65 6a 2d fa 53 e4 64 53 a7 aa | fb 3a 3f 65 3b 51 7d f2 d6 ab 64 68 d4 39 5b 9b | 3d fc b1 ba c8 65 6e 56 b3 1d d0 a2 9c 3d 91 4e | 67 3a 7c d1 46 fb 3e ea 05 b2 50 37 0b 3e 21 a7 | 53 94 4e 4a b5 12 fb da 00 f7 bf a9 7e 48 2d 17 | 8f 63 94 df 6a 8a 75 cb 5d 8c a5 1d 57 db f3 6d | 81 41 1b 35 d3 b9 39 58 8e 2e c1 99 a2 8e c5 3f | 14 26 9a 69 b1 d7 67 82 9a 89 38 75 7d bc 5e 04 | 93 e0 75 ec 66 67 d9 84 ea e7 5a 9f dc 90 2b 88 | c1 46 27 b4 6e 03 d4 41 2b a0 fa 3b cd 5f 85 d4 | e5 a3 48 22 21 52 cd 39 2a bf 4f 23 | crypto helper 4 finished build KE and nonce (quick_outI1 KE); request ID 5 time elapsed 0.00268 seconds | (#4) spent 0.649 milliseconds in crypto helper computing work-order 5: quick_outI1 KE (pcr) | crypto helper 4 sending results from work-order 5 for state #4 to event queue | scheduling resume sending helper answer for #4 | libevent_malloc: new ptr-libevent@0x7f99640055c8 size 128 | crypto helper 4 waiting (nothing to do) | crypto helper 3 finished build KE and nonce (quick_outI1 KE); request ID 4 time elapsed 0.002775 seconds | state #5 requesting EVENT_CRYPTO_TIMEOUT to be deleted | (#3) spent 1.04 milliseconds in crypto helper computing work-order 4: quick_outI1 KE (pcr) | crypto helper 2 finished build KE and nonce (quick_outI1 KE); request ID 3 time elapsed 0.002852 seconds | libevent_free: release ptr-libevent@0x55ebb7f48728 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55ebb7ecd6d8 | crypto helper 3 sending results from work-order 4 for state #3 to event queue | (#2) spent 0.735 milliseconds in crypto helper computing work-order 3: quick_outI1 KE (pcr) | crypto helper 2 sending results from work-order 3 for state #2 to event queue | scheduling resume sending helper answer for #2 | libevent_malloc: new ptr-libevent@0x7f996c003f28 size 128 | crypto helper 2 waiting (nothing to do) | event_schedule: new EVENT_RETRANSMIT-pe@0x55ebb7f53638 | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #5 | libevent_malloc: new ptr-libevent@0x55ebb7f52be8 size 128 | scheduling resume sending helper answer for #3 | #5 STATE_QUICK_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 11342.219947 | libevent_malloc: new ptr-libevent@0x7f99600055c8 size 128 | crypto helper 3 waiting (nothing to do) | resume sending helper answer for #5 suppresed complete_v1_state_transition() | #5 spent 0.644 milliseconds in resume sending helper answer | stop processing: state #5 connection "westnet-eastnet-subnets/2x2" from 192.1.2.23 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f99580055c8 | processing resume sending helper answer for #4 | start processing: state #4 connection "westnet-eastnet-subnets/2x1" from 192.1.2.23 (in resume_handler() at server.c:797) | crypto helper 4 replies to request ID 5 | calling continuation function 0x55ebb72bcb50 | quick_outI1_continue for #4: calculated ke+nonce, sending I1 | **emit ISAKMP Message: | initiator cookie: | 58 65 7e 03 6c d2 dc 8b | responder cookie: | 8c 79 d8 bb 28 3b 88 3a | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_QUICK (0x20) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 2660198645 (0x9e8f68f5) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'reply packet' | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload | emitting length of ISAKMP Hash Payload: 36 | emitting quick defaults using policy none | empty esp_info, returning defaults for ENCRYPT | ***emit ISAKMP Security Association Payload: | next payload type: ISAKMP_NEXT_NONCE (0xa) | DOI: ISAKMP_DOI_IPSEC (0x1) | next payload chain: ignoring supplied 'ISAKMP Security Association Payload'.'next payload type' value 10:ISAKMP_NEXT_NONCE | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Security Association Payload (1:ISAKMP_NEXT_SA) | next payload chain: saving location 'ISAKMP Security Association Payload'.'next payload type' in 'reply packet' | ****emit IPsec DOI SIT: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) | ikev1_out_sa pcn: 0 has 1 valid proposals | ikev1_out_sa pcn: 0 pn: 0<1 valid_count: 1 trans_cnt: 2 | ****emit ISAKMP Proposal Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | proposal number: 0 (0x0) | protocol ID: PROTO_IPSEC_ESP (0x3) | SPI size: 4 (0x4) | number of transforms: 2 (0x2) | last substructure: saving location 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' | netlink_get_spi: allocated 0x95087394 for esp.0@192.1.2.45 | emitting 4 raw bytes of SPI into ISAKMP Proposal Payload | SPI 95 08 73 94 | *****emit ISAKMP Transform Payload (ESP): | next payload type: ISAKMP_NEXT_T (0x3) | ESP transform number: 0 (0x0) | ESP transform ID: ESP_AES (0xc) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+GROUP_DESCRIPTION (0x8003) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+ENCAPSULATION_MODE (0x8004) | length/value: 1 (0x1) | [1 is ENCAPSULATION_MODE_TUNNEL] | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+SA_LIFE_TYPE (0x8001) | length/value: 1 (0x1) | [1 is SA_LIFE_TYPE_SECONDS] | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) | length/value: 28800 (0x7080) | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+AUTH_ALGORITHM (0x8005) | length/value: 2 (0x2) | [2 is AUTH_ALGORITHM_HMAC_SHA1] | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+KEY_LENGTH (0x8006) | length/value: 128 (0x80) | emitting length of ISAKMP Transform Payload (ESP): 32 | *****emit ISAKMP Transform Payload (ESP): | next payload type: ISAKMP_NEXT_NONE (0x0) | ESP transform number: 1 (0x1) | ESP transform ID: ESP_3DES (0x3) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+GROUP_DESCRIPTION (0x8003) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+ENCAPSULATION_MODE (0x8004) | length/value: 1 (0x1) | [1 is ENCAPSULATION_MODE_TUNNEL] | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+SA_LIFE_TYPE (0x8001) | length/value: 1 (0x1) | [1 is SA_LIFE_TYPE_SECONDS] | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) | length/value: 28800 (0x7080) | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+AUTH_ALGORITHM (0x8005) | length/value: 2 (0x2) | [2 is AUTH_ALGORITHM_HMAC_SHA1] | emitting length of ISAKMP Transform Payload (ESP): 28 | emitting length of ISAKMP Proposal Payload: 72 | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' is 0 | emitting length of ISAKMP Security Association Payload: 84 | last substructure: checking 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' is 0 | ***emit ISAKMP Nonce Payload: | next payload type: ISAKMP_NEXT_KE (0x4) | next payload chain: ignoring supplied 'ISAKMP Nonce Payload'.'next payload type' value 4:ISAKMP_NEXT_KE | next payload chain: setting previous 'ISAKMP Security Association Payload'.'next payload type' to current ISAKMP Nonce Payload (10:ISAKMP_NEXT_NONCE) | next payload chain: saving location 'ISAKMP Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of Ni into ISAKMP Nonce Payload | Ni 52 8a 7d ca 79 ec 02 ab 2a 5c ec bc 15 c9 8a 6f | Ni 46 f6 9b 5d cc 27 2f 58 a8 89 93 5e 38 81 50 cf | emitting length of ISAKMP Nonce Payload: 36 | ***emit ISAKMP Key Exchange Payload: | next payload type: ISAKMP_NEXT_ID (0x5) | next payload chain: ignoring supplied 'ISAKMP Key Exchange Payload'.'next payload type' value 5:ISAKMP_NEXT_ID | next payload chain: setting previous 'ISAKMP Nonce Payload'.'next payload type' to current ISAKMP Key Exchange Payload (4:ISAKMP_NEXT_KE) | next payload chain: saving location 'ISAKMP Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of keyex value into ISAKMP Key Exchange Payload | keyex value 74 a5 bd c8 5c b5 fc da ae 62 02 f8 fa 81 82 87 | keyex value 38 bb 04 f5 e1 18 75 6c 63 89 8e b9 14 8f b3 d9 | keyex value 70 a2 01 dd 3c b6 61 e1 0d 65 39 26 8f 5b 7f 40 | keyex value a5 53 a4 40 fc d2 15 d6 5a 7b b4 33 40 35 dd 5e | keyex value 1f 40 f3 25 87 36 30 fd 73 26 4f 7c f3 02 89 a1 | keyex value 31 56 f0 7e 95 87 fc 70 83 4e e2 8b da f6 24 e8 | keyex value 56 3c 17 8e 7a 0f b1 50 5f ca 51 d4 5e 35 5d bc | keyex value fc ce 28 19 36 8b 7c a8 65 f5 5a b1 28 f3 c4 0d | keyex value 1c 26 65 c7 c2 e1 5f f2 bb 32 98 86 d6 fd 36 d0 | keyex value b6 e4 a3 b8 4b 1d 0b bb 90 62 d4 f6 7f c5 83 d7 | keyex value 08 90 f0 df 6b e9 aa a4 55 e9 de 68 48 fb 78 d1 | keyex value d2 92 36 ed 0c 64 a8 7c 5b 48 f0 1c 86 b3 49 1e | keyex value 20 86 ea d4 90 19 c7 42 c6 1c fe 7e 44 2f 2f 0f | keyex value ac 32 91 f2 fd 88 42 09 80 cc 79 b4 8e 94 67 3b | keyex value 39 b3 5b 4a 0b 8e 29 68 37 29 f7 c5 10 f7 2a 1a | keyex value b3 1f 50 69 5d 48 4f b5 31 64 6f f8 a5 b2 e8 e0 | emitting length of ISAKMP Key Exchange Payload: 260 | ***emit ISAKMP Identification Payload (IPsec DOI): | next payload type: ISAKMP_NEXT_ID (0x5) | ID type: ID_IPV4_ADDR_SUBNET (0x4) | Protocol ID: 0 (0x0) | port: 0 (0x0) | next payload chain: ignoring supplied 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' value 5:ISAKMP_NEXT_ID | next payload chain: setting previous 'ISAKMP Key Exchange Payload'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' | emitting 4 raw bytes of client network into ISAKMP Identification Payload (IPsec DOI) | client network c0 00 01 80 | emitting 4 raw bytes of client mask into ISAKMP Identification Payload (IPsec DOI) | client mask ff ff ff f0 | emitting length of ISAKMP Identification Payload (IPsec DOI): 16 | ***emit ISAKMP Identification Payload (IPsec DOI): | next payload type: ISAKMP_NEXT_NONE (0x0) | ID type: ID_IPV4_ADDR_SUBNET (0x4) | Protocol ID: 0 (0x0) | port: 0 (0x0) | next payload chain: setting previous 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' | emitting 4 raw bytes of client network into ISAKMP Identification Payload (IPsec DOI) | client network c0 00 02 10 | emitting 4 raw bytes of client mask into ISAKMP Identification Payload (IPsec DOI) | client mask ff ff ff f0 | emitting length of ISAKMP Identification Payload (IPsec DOI): 16 | outI1 HASH(1): | d0 cc 86 af af 91 04 0f 71 73 03 6d ec 5a 40 3f | 3e 57 b6 6a 37 66 ab 86 ac 20 69 80 51 0f 5c 55 | no IKEv1 message padding required | emitting length of ISAKMP Message: 476 | sending 476 bytes for reply packet from quick_outI1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #4) | 58 65 7e 03 6c d2 dc 8b 8c 79 d8 bb 28 3b 88 3a | 08 10 20 01 9e 8f 68 f5 00 00 01 dc 87 b4 93 ba | c5 b0 22 38 78 85 39 f3 ba c1 f1 2a af 0c 63 c3 | 76 6c 7f ec b4 e5 33 55 a0 2e b7 5e fd 48 60 23 | 9f 71 ce 66 c5 33 55 05 1b 40 da c9 3d 54 68 24 | b6 4d b3 01 92 89 d4 3d 96 68 52 c1 47 69 da 69 | ca 41 fa 0e 1d 3c 2b 32 89 56 fb 0e 39 a0 b9 c2 | 53 07 d9 df 32 71 c4 e2 d3 56 83 4c d3 48 fa 23 | a4 e7 f1 dd 19 d2 a4 fa 84 1c 8b e5 3e 59 9e ec | 89 56 ef 25 f4 10 d0 a9 e5 fb c0 1c cb 3d 22 77 | fc a1 55 ca dc c3 07 8e 62 00 f1 5a 1a 5d d3 74 | d1 a3 ef 9e cd d5 e9 0c 54 92 d5 d2 02 01 58 18 | f4 08 54 5b 33 20 d8 2d 91 24 ea 9f 1e eb 48 1c | d4 b6 50 da 95 e6 65 cd ba 72 13 75 bf 55 84 f3 | c2 69 84 a1 c1 54 7c af 64 5d 11 91 9d a4 6d ff | d2 55 7c 5b 92 cf 2a 27 fc 16 d0 1b 8a 71 86 2d | 12 ae c5 30 06 4b 66 68 ce b9 c7 24 47 31 83 a8 | 79 ff 18 b0 27 61 fa a6 e2 9e 41 61 b9 21 70 d9 | b5 d5 ba c0 37 44 8e 79 8c a6 1a a5 75 df 39 28 | 8e 11 3a 9d 98 ec 27 18 88 f3 e4 42 15 f3 24 dd | eb 9f 71 34 5d ec 38 ca ac 66 1f e1 36 06 09 f9 | ec 77 45 f0 a2 3f c5 1a 4f ab 3a f9 50 33 d0 d6 | 3c 05 0e 80 fc 77 42 5a 28 84 11 d9 ac 2e 9c 65 | 54 ff e5 c0 41 72 96 ad dc 79 44 a7 43 26 4c b8 | 0c b4 98 db c9 95 5e f6 bb 35 66 a8 33 50 84 0f | 20 05 8f e8 8f f7 20 1f 87 ba e1 56 6d 42 f5 f4 | 83 38 7f 05 03 91 ac 0f 4b 29 a4 ca 4f da 52 14 | d2 9e b0 23 cb 44 a5 0c 2b a0 bc c7 a8 d1 f7 70 | bf 43 c6 08 79 03 10 8f ee 2b 54 d6 6a 80 c3 10 | e6 cb 40 b1 e7 2c 2e 2e c1 c5 d6 f2 | state #4 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x55ebb7f48918 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55ebb7f29558 | event_schedule: new EVENT_RETRANSMIT-pe@0x55ebb7f29558 | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #4 | libevent_malloc: new ptr-libevent@0x7f99580055c8 size 128 | #4 STATE_QUICK_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 11342.220541 | resume sending helper answer for #4 suppresed complete_v1_state_transition() | #4 spent 0.437 milliseconds in resume sending helper answer | stop processing: state #4 connection "westnet-eastnet-subnets/2x1" from 192.1.2.23 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f99640055c8 | processing resume sending helper answer for #2 | start processing: state #2 connection "westnet-eastnet-subnets/1x1" from 192.1.2.23 (in resume_handler() at server.c:797) | crypto helper 2 replies to request ID 3 | calling continuation function 0x55ebb72bcb50 | quick_outI1_continue for #2: calculated ke+nonce, sending I1 | **emit ISAKMP Message: | initiator cookie: | 58 65 7e 03 6c d2 dc 8b | responder cookie: | 8c 79 d8 bb 28 3b 88 3a | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_QUICK (0x20) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 1760703549 (0x68f2343d) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'reply packet' | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload | emitting length of ISAKMP Hash Payload: 36 | emitting quick defaults using policy none | empty esp_info, returning defaults for ENCRYPT | ***emit ISAKMP Security Association Payload: | next payload type: ISAKMP_NEXT_NONCE (0xa) | DOI: ISAKMP_DOI_IPSEC (0x1) | next payload chain: ignoring supplied 'ISAKMP Security Association Payload'.'next payload type' value 10:ISAKMP_NEXT_NONCE | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Security Association Payload (1:ISAKMP_NEXT_SA) | next payload chain: saving location 'ISAKMP Security Association Payload'.'next payload type' in 'reply packet' | ****emit IPsec DOI SIT: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) | ikev1_out_sa pcn: 0 has 1 valid proposals | ikev1_out_sa pcn: 0 pn: 0<1 valid_count: 1 trans_cnt: 2 | ****emit ISAKMP Proposal Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | proposal number: 0 (0x0) | protocol ID: PROTO_IPSEC_ESP (0x3) | SPI size: 4 (0x4) | number of transforms: 2 (0x2) | last substructure: saving location 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' | netlink_get_spi: allocated 0x4a46f032 for esp.0@192.1.2.45 | emitting 4 raw bytes of SPI into ISAKMP Proposal Payload | SPI 4a 46 f0 32 | *****emit ISAKMP Transform Payload (ESP): | next payload type: ISAKMP_NEXT_T (0x3) | ESP transform number: 0 (0x0) | ESP transform ID: ESP_AES (0xc) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+GROUP_DESCRIPTION (0x8003) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+ENCAPSULATION_MODE (0x8004) | length/value: 1 (0x1) | [1 is ENCAPSULATION_MODE_TUNNEL] | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+SA_LIFE_TYPE (0x8001) | length/value: 1 (0x1) | [1 is SA_LIFE_TYPE_SECONDS] | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) | length/value: 28800 (0x7080) | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+AUTH_ALGORITHM (0x8005) | length/value: 2 (0x2) | [2 is AUTH_ALGORITHM_HMAC_SHA1] | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+KEY_LENGTH (0x8006) | length/value: 128 (0x80) | emitting length of ISAKMP Transform Payload (ESP): 32 | *****emit ISAKMP Transform Payload (ESP): | next payload type: ISAKMP_NEXT_NONE (0x0) | ESP transform number: 1 (0x1) | ESP transform ID: ESP_3DES (0x3) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+GROUP_DESCRIPTION (0x8003) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+ENCAPSULATION_MODE (0x8004) | length/value: 1 (0x1) | [1 is ENCAPSULATION_MODE_TUNNEL] | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+SA_LIFE_TYPE (0x8001) | length/value: 1 (0x1) | [1 is SA_LIFE_TYPE_SECONDS] | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) | length/value: 28800 (0x7080) | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+AUTH_ALGORITHM (0x8005) | length/value: 2 (0x2) | [2 is AUTH_ALGORITHM_HMAC_SHA1] | emitting length of ISAKMP Transform Payload (ESP): 28 | emitting length of ISAKMP Proposal Payload: 72 | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' is 0 | emitting length of ISAKMP Security Association Payload: 84 | last substructure: checking 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' is 0 | ***emit ISAKMP Nonce Payload: | next payload type: ISAKMP_NEXT_KE (0x4) | next payload chain: ignoring supplied 'ISAKMP Nonce Payload'.'next payload type' value 4:ISAKMP_NEXT_KE | next payload chain: setting previous 'ISAKMP Security Association Payload'.'next payload type' to current ISAKMP Nonce Payload (10:ISAKMP_NEXT_NONCE) | next payload chain: saving location 'ISAKMP Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of Ni into ISAKMP Nonce Payload | Ni 1f 4c 8c 8d b1 ce 44 9e c6 ef fe 8d 50 47 78 73 | Ni 49 d2 7d ca 16 e3 b3 e0 04 2c 7d ac 3e 25 5f 42 | emitting length of ISAKMP Nonce Payload: 36 | ***emit ISAKMP Key Exchange Payload: | next payload type: ISAKMP_NEXT_ID (0x5) | next payload chain: ignoring supplied 'ISAKMP Key Exchange Payload'.'next payload type' value 5:ISAKMP_NEXT_ID | next payload chain: setting previous 'ISAKMP Nonce Payload'.'next payload type' to current ISAKMP Key Exchange Payload (4:ISAKMP_NEXT_KE) | next payload chain: saving location 'ISAKMP Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of keyex value into ISAKMP Key Exchange Payload | keyex value da bb 20 b4 cf 82 a5 06 0a a2 59 c3 59 ab 8f 6c | keyex value 3a 76 fa 97 e0 6d 4f 19 8d 5f 57 73 88 92 0b cb | keyex value 5f 90 8b d7 b0 e9 a9 8a ed b6 7f 1b ac 48 5d b3 | keyex value 4d d7 d8 f2 a8 72 37 4e dc 8e 87 f3 22 40 da 2b | keyex value 24 4f 48 7b a5 08 f0 69 40 1b 50 9a a4 34 6c b4 | keyex value 08 ad 04 29 c3 67 61 be 96 2a 6a 13 52 06 aa 8e | keyex value a1 91 01 2d 95 71 85 14 4b ba c0 5d 0d 18 ae 29 | keyex value 4b 55 a3 5e f6 96 80 a0 40 43 b8 07 9d 48 94 9d | keyex value e2 c0 f6 ff 6b 4d 3b 36 43 01 9e 00 45 94 e0 c6 | keyex value 26 46 2b 13 a9 a7 d2 fe 93 d7 b3 fa 5e 25 e4 6e | keyex value 93 72 51 71 a2 65 a3 fa c9 db 18 f5 74 67 60 c8 | keyex value 06 ab 0a 6e c6 cc 32 5a 45 ed 7b f3 e4 9c de c3 | keyex value 17 b5 dc 93 5b b4 bc a8 4a e9 33 9a 7b ad 7c 3d | keyex value e3 7a c6 37 32 f8 aa 90 c0 68 78 79 1c 47 23 4b | keyex value f2 24 79 bc 28 e5 76 32 73 0f b8 35 3a 9c 1e c9 | keyex value 23 06 1c 92 c3 41 05 9d 78 5a aa 1f 35 4a 8c f3 | emitting length of ISAKMP Key Exchange Payload: 260 | ***emit ISAKMP Identification Payload (IPsec DOI): | next payload type: ISAKMP_NEXT_ID (0x5) | ID type: ID_IPV4_ADDR_SUBNET (0x4) | Protocol ID: 0 (0x0) | port: 0 (0x0) | next payload chain: ignoring supplied 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' value 5:ISAKMP_NEXT_ID | next payload chain: setting previous 'ISAKMP Key Exchange Payload'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' | emitting 4 raw bytes of client network into ISAKMP Identification Payload (IPsec DOI) | client network c0 00 01 00 | emitting 4 raw bytes of client mask into ISAKMP Identification Payload (IPsec DOI) | client mask ff ff ff f0 | emitting length of ISAKMP Identification Payload (IPsec DOI): 16 | ***emit ISAKMP Identification Payload (IPsec DOI): | next payload type: ISAKMP_NEXT_NONE (0x0) | ID type: ID_IPV4_ADDR_SUBNET (0x4) | Protocol ID: 0 (0x0) | port: 0 (0x0) | next payload chain: setting previous 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' | emitting 4 raw bytes of client network into ISAKMP Identification Payload (IPsec DOI) | client network c0 00 02 10 | emitting 4 raw bytes of client mask into ISAKMP Identification Payload (IPsec DOI) | client mask ff ff ff f0 | emitting length of ISAKMP Identification Payload (IPsec DOI): 16 | outI1 HASH(1): | 97 4e 74 dc 41 fe 02 70 8b 18 67 00 bf 56 50 20 | 6c 08 df 10 fc e7 04 e4 9e 70 6a 78 eb 71 e9 5a | no IKEv1 message padding required | emitting length of ISAKMP Message: 476 | sending 476 bytes for reply packet from quick_outI1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #2) | 58 65 7e 03 6c d2 dc 8b 8c 79 d8 bb 28 3b 88 3a | 08 10 20 01 68 f2 34 3d 00 00 01 dc 5b b5 92 19 | 59 aa 89 53 9f 80 85 c3 1a 26 1a cb 46 d0 6d e6 | 12 d0 06 b5 76 a0 81 e5 bb d7 98 ed 3f 08 05 c3 | 51 b6 69 b1 1d ad 0a 7e 4b 31 cb 10 c7 4f 35 ae | ad ad 60 01 1d e9 2b 1d 21 5b ed 81 22 aa 0c be | 2f 6f 63 fc 79 dc 51 0a 57 fc bb d4 7f 04 91 cd | 0c 53 6f c7 cb ad f6 09 44 e6 67 64 45 f3 61 41 | 48 7e 73 d7 aa d5 95 7b 03 fd 29 26 c3 fe b8 8f | bf ce af b4 96 4b 22 4b cc 7e c4 69 e6 14 76 ab | a2 94 42 39 5a 1c 69 3e 99 4b 68 b5 6f d6 50 77 | 78 a8 da f7 be 1f a1 9e a1 bf a2 e0 36 02 a5 77 | 51 a0 5c c0 87 08 f7 9d 27 94 34 2c 44 a7 7a 55 | 4d 29 c4 6f a7 28 d4 c1 53 34 c4 ac f7 5a 1d 69 | 7f c1 5b 49 1a 07 9d b0 d8 2e 76 78 74 c6 f6 a1 | a1 d1 0b e2 3d 4c 38 8a 22 d9 df 6c f5 af 58 28 | 10 2b 60 d3 d0 0d 50 00 36 27 b0 89 7b 20 41 7e | 31 5b 9e a6 43 64 cf 17 78 0f b2 10 34 51 f4 f0 | 77 e8 ac 05 be 67 e2 cc df 0b 6b 9f 7f de 68 c9 | b1 97 d1 19 d2 e0 bd c9 c7 1c 54 e4 b0 43 55 fe | 3f da 07 01 de fe 35 db 13 a5 9e 2d 70 14 50 4a | 0f be 34 f7 b8 04 cf 9f 98 88 49 74 8e 62 ac 0f | 16 2c 04 b4 c2 0b 65 5d 66 c2 ac e1 68 f1 7e 18 | 8f da 3e 79 09 6f 8e e6 84 1c f3 d8 26 4c ca b8 | 80 da 22 e9 06 4e 8f 0f 31 96 10 0d 53 d5 c4 17 | 39 cb ca 4e 2a ef 84 ac 8e e8 39 27 61 5f 60 c0 | 8e 75 0c bc 8c 46 56 2c b6 3b d9 b0 ed 2d 47 04 | 76 65 12 62 f4 fd 10 4b f7 92 6d b2 84 45 70 d6 | f2 86 06 3f 51 c1 75 e9 79 85 83 c8 4a 47 aa 0c | 35 5d dd 2c c9 83 1a 44 d0 80 d1 d8 | state #2 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x55ebb7f480d8 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f9970002b78 | event_schedule: new EVENT_RETRANSMIT-pe@0x7f9970002b78 | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #2 | libevent_malloc: new ptr-libevent@0x7f99640055c8 size 128 | #2 STATE_QUICK_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 11342.220914 | resume sending helper answer for #2 suppresed complete_v1_state_transition() | #2 spent 0.352 milliseconds in resume sending helper answer | stop processing: state #2 connection "westnet-eastnet-subnets/1x1" from 192.1.2.23 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f996c003f28 | processing resume sending helper answer for #3 | start processing: state #3 connection "westnet-eastnet-subnets/1x2" from 192.1.2.23 (in resume_handler() at server.c:797) | crypto helper 3 replies to request ID 4 | calling continuation function 0x55ebb72bcb50 | quick_outI1_continue for #3: calculated ke+nonce, sending I1 | **emit ISAKMP Message: | initiator cookie: | 58 65 7e 03 6c d2 dc 8b | responder cookie: | 8c 79 d8 bb 28 3b 88 3a | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_QUICK (0x20) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 2290284625 (0x8882f851) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'reply packet' | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload | emitting length of ISAKMP Hash Payload: 36 | emitting quick defaults using policy none | empty esp_info, returning defaults for ENCRYPT | ***emit ISAKMP Security Association Payload: | next payload type: ISAKMP_NEXT_NONCE (0xa) | DOI: ISAKMP_DOI_IPSEC (0x1) | next payload chain: ignoring supplied 'ISAKMP Security Association Payload'.'next payload type' value 10:ISAKMP_NEXT_NONCE | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Security Association Payload (1:ISAKMP_NEXT_SA) | next payload chain: saving location 'ISAKMP Security Association Payload'.'next payload type' in 'reply packet' | ****emit IPsec DOI SIT: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) | ikev1_out_sa pcn: 0 has 1 valid proposals | ikev1_out_sa pcn: 0 pn: 0<1 valid_count: 1 trans_cnt: 2 | ****emit ISAKMP Proposal Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | proposal number: 0 (0x0) | protocol ID: PROTO_IPSEC_ESP (0x3) | SPI size: 4 (0x4) | number of transforms: 2 (0x2) | last substructure: saving location 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' | netlink_get_spi: allocated 0x1b5f9f63 for esp.0@192.1.2.45 | emitting 4 raw bytes of SPI into ISAKMP Proposal Payload | SPI 1b 5f 9f 63 | *****emit ISAKMP Transform Payload (ESP): | next payload type: ISAKMP_NEXT_T (0x3) | ESP transform number: 0 (0x0) | ESP transform ID: ESP_AES (0xc) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+GROUP_DESCRIPTION (0x8003) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+ENCAPSULATION_MODE (0x8004) | length/value: 1 (0x1) | [1 is ENCAPSULATION_MODE_TUNNEL] | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+SA_LIFE_TYPE (0x8001) | length/value: 1 (0x1) | [1 is SA_LIFE_TYPE_SECONDS] | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) | length/value: 28800 (0x7080) | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+AUTH_ALGORITHM (0x8005) | length/value: 2 (0x2) | [2 is AUTH_ALGORITHM_HMAC_SHA1] | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+KEY_LENGTH (0x8006) | length/value: 128 (0x80) | emitting length of ISAKMP Transform Payload (ESP): 32 | *****emit ISAKMP Transform Payload (ESP): | next payload type: ISAKMP_NEXT_NONE (0x0) | ESP transform number: 1 (0x1) | ESP transform ID: ESP_3DES (0x3) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+GROUP_DESCRIPTION (0x8003) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+ENCAPSULATION_MODE (0x8004) | length/value: 1 (0x1) | [1 is ENCAPSULATION_MODE_TUNNEL] | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+SA_LIFE_TYPE (0x8001) | length/value: 1 (0x1) | [1 is SA_LIFE_TYPE_SECONDS] | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) | length/value: 28800 (0x7080) | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+AUTH_ALGORITHM (0x8005) | length/value: 2 (0x2) | [2 is AUTH_ALGORITHM_HMAC_SHA1] | emitting length of ISAKMP Transform Payload (ESP): 28 | emitting length of ISAKMP Proposal Payload: 72 | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' is 0 | emitting length of ISAKMP Security Association Payload: 84 | last substructure: checking 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' is 0 | ***emit ISAKMP Nonce Payload: | next payload type: ISAKMP_NEXT_KE (0x4) | next payload chain: ignoring supplied 'ISAKMP Nonce Payload'.'next payload type' value 4:ISAKMP_NEXT_KE | next payload chain: setting previous 'ISAKMP Security Association Payload'.'next payload type' to current ISAKMP Nonce Payload (10:ISAKMP_NEXT_NONCE) | next payload chain: saving location 'ISAKMP Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of Ni into ISAKMP Nonce Payload | Ni 61 e5 0b cc ac b1 db 3c 01 93 bd 3e 9a c0 61 6f | Ni f8 d7 15 e6 8a 13 f8 43 73 80 2f 08 cd b9 58 8c | emitting length of ISAKMP Nonce Payload: 36 | ***emit ISAKMP Key Exchange Payload: | next payload type: ISAKMP_NEXT_ID (0x5) | next payload chain: ignoring supplied 'ISAKMP Key Exchange Payload'.'next payload type' value 5:ISAKMP_NEXT_ID | next payload chain: setting previous 'ISAKMP Nonce Payload'.'next payload type' to current ISAKMP Key Exchange Payload (4:ISAKMP_NEXT_KE) | next payload chain: saving location 'ISAKMP Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of keyex value into ISAKMP Key Exchange Payload | keyex value c9 7d b9 58 d7 03 03 94 4e 4d 60 cd e9 98 56 0c | keyex value 31 4c d6 fc a2 fe 97 e0 58 a9 69 a6 0c ec 69 fc | keyex value 34 81 33 66 e0 91 77 7c a4 93 30 c1 3c 09 76 54 | keyex value 48 dc 4f df 5c df cd fb a8 50 95 47 77 13 4d 0e | keyex value b7 72 a4 78 6c e7 71 4c 8b ac 41 30 11 bb 7b 60 | keyex value b3 bb 10 30 a7 cd 92 a4 58 f2 f8 a0 5b b5 d1 16 | keyex value 58 5b ea e8 94 39 1e a0 6c 78 60 7a cd 91 3a 85 | keyex value 9c c3 b1 67 b0 0d ca c0 c2 74 e3 cc 04 8b f9 c4 | keyex value d3 57 21 0f d3 2c b0 e3 a0 09 ef 9d d1 7c 8e 9f | keyex value 25 79 1d 8e b2 97 3c 81 0c 25 36 a4 7a 26 0e 84 | keyex value 66 3f 0c 70 dc 21 d4 9a 87 ba fe cb 71 3f 55 f6 | keyex value 10 29 a5 19 f8 cc 5f 78 a3 12 6c ef 83 74 f5 49 | keyex value 86 ae 9b 35 69 b0 2c 3e e7 24 23 71 87 eb 60 d7 | keyex value 10 7d 53 ce f5 c9 77 c7 67 5b 4a 20 71 34 7c 24 | keyex value f7 ad b8 62 9b d0 d4 ef 83 dc 7f 84 5f 9d f8 38 | keyex value 42 e1 fc d2 0f 6a db 8d f6 97 3e 4a 6f c2 16 1c | emitting length of ISAKMP Key Exchange Payload: 260 | ***emit ISAKMP Identification Payload (IPsec DOI): | next payload type: ISAKMP_NEXT_ID (0x5) | ID type: ID_IPV4_ADDR_SUBNET (0x4) | Protocol ID: 0 (0x0) | port: 0 (0x0) | next payload chain: ignoring supplied 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' value 5:ISAKMP_NEXT_ID | next payload chain: setting previous 'ISAKMP Key Exchange Payload'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' | emitting 4 raw bytes of client network into ISAKMP Identification Payload (IPsec DOI) | client network c0 00 01 00 | emitting 4 raw bytes of client mask into ISAKMP Identification Payload (IPsec DOI) | client mask ff ff ff f0 | emitting length of ISAKMP Identification Payload (IPsec DOI): 16 | ***emit ISAKMP Identification Payload (IPsec DOI): | next payload type: ISAKMP_NEXT_NONE (0x0) | ID type: ID_IPV4_ADDR_SUBNET (0x4) | Protocol ID: 0 (0x0) | port: 0 (0x0) | next payload chain: setting previous 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' | emitting 4 raw bytes of client network into ISAKMP Identification Payload (IPsec DOI) | client network c0 00 02 40 | emitting 4 raw bytes of client mask into ISAKMP Identification Payload (IPsec DOI) | client mask ff ff ff c0 | emitting length of ISAKMP Identification Payload (IPsec DOI): 16 | outI1 HASH(1): | e5 03 7c 5c 95 50 e6 19 3a c2 f1 24 ab f1 ee 5c | b5 54 7c 3b cd ea 40 60 65 19 ae 68 1d cc 46 46 | no IKEv1 message padding required | emitting length of ISAKMP Message: 476 | sending 476 bytes for reply packet from quick_outI1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #3) | 58 65 7e 03 6c d2 dc 8b 8c 79 d8 bb 28 3b 88 3a | 08 10 20 01 88 82 f8 51 00 00 01 dc 9f 71 94 4d | a2 03 60 69 cc 85 c9 b6 52 bc 35 24 d0 18 39 be | 2d db 82 74 e7 d8 58 35 52 60 0c be 1c 91 f8 67 | 44 35 8f 90 59 cd f9 a6 3f 6a cd 65 34 cd 21 aa | 12 9c f9 04 cd d8 98 e1 73 a3 f2 95 1a 67 2d c0 | a0 cb fd 4c cc f1 21 64 d9 c9 1e c5 7d c5 cf a7 | 3b b4 8d b8 4d e5 21 9a 76 7e 81 fb 67 a5 fd 12 | 86 41 58 91 e8 6d f7 e0 f4 9a 78 e1 4b 2d ff 97 | 36 b8 6d 8a 03 fc 38 3c 3e 1f a0 7f b2 65 e0 6f | f9 e1 98 85 14 b6 00 a7 75 c6 eb 64 ed 14 b4 fc | c3 dd 04 f1 b8 98 d0 09 02 a5 46 5c 33 83 4f 03 | cd ea 9c 4c cc 2e 41 c9 c3 e1 e0 ef 03 80 92 f0 | 61 b7 ad e4 f9 96 01 ef df 31 5b 6c 9a a1 22 b3 | 31 c6 ed 55 60 75 7c e9 36 48 5a d8 28 9c 52 41 | 64 53 04 d1 47 e8 6a 3a 43 b5 1b 68 ad 21 b6 06 | 89 05 ec 56 9c 9e cf 60 0e 3a 16 76 5b f4 89 7c | 89 4e 68 e8 64 65 4c 37 34 51 9e 7e 80 af b3 ce | 40 4e 3c eb eb 72 75 eb 57 54 9b b4 f5 a8 79 7d | 03 68 20 bb 0f 25 2c 27 77 88 60 ac 9b 8f 9a b6 | 7a fd fe 7f 98 4d 38 c7 0b 4c 1c c4 84 3a e2 59 | 7c 89 c3 c8 f5 0c 78 6e 98 c9 ac 96 42 c8 3b df | f3 dd a4 78 cb bf ae 42 e0 e6 00 a0 55 28 32 9f | e0 72 96 34 14 d9 a8 78 ca b2 b9 36 68 42 27 ea | 1b 8d 24 57 90 47 02 b0 c7 cd ea 2c ec 80 df d1 | f0 2a 9e 84 95 4b bf ca 7d 3b 42 67 58 1d 7a f0 | a3 7a bb f3 5a 84 2e 0d c2 bc 11 e7 6b ad 48 55 | 58 b9 f4 89 a9 c0 5d d9 27 17 7f 54 43 6a af dc | e3 cd 8f 97 4b ab 88 43 12 84 75 f9 9d 1b 97 2e | a8 04 bb 99 c5 c6 42 7d 40 66 ad dc | state #3 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x55ebb7f48028 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55ebb7f4cfa8 | event_schedule: new EVENT_RETRANSMIT-pe@0x55ebb7f4cfa8 | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #3 | libevent_malloc: new ptr-libevent@0x7f996c003f28 size 128 | #3 STATE_QUICK_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 11342.221297 | resume sending helper answer for #3 suppresed complete_v1_state_transition() | #3 spent 0.354 milliseconds in resume sending helper answer | stop processing: state #3 connection "westnet-eastnet-subnets/1x2" from 192.1.2.23 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f99600055c8 | spent 0.00247 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 460 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | 58 65 7e 03 6c d2 dc 8b 8c 79 d8 bb 28 3b 88 3a | 08 10 20 01 1b ee 78 41 00 00 01 cc cd 89 46 7f | 39 70 5a f9 65 be 8a 2f a1 bb 2f 1e 0a 8a 01 17 | f1 50 0f 53 23 17 48 62 f1 5a 8a f2 49 32 60 5d | 49 32 a2 87 72 58 a9 50 9b d8 52 d4 21 b9 51 8b | 24 bd 43 07 7f a3 3b 82 0f 09 8b b9 a2 dd 04 bb | 9c 89 f7 d3 3e 76 9a 00 bd 9f 61 c3 ff 3d 9e 24 | a3 49 29 70 97 64 31 47 27 03 f9 80 49 96 ec 09 | 9b 49 da 87 f3 cc 9e 9c 8a a0 29 f4 a1 e0 dc 6d | b3 f4 9f 5d af 17 2f 3a ea c3 e1 62 7b 64 84 d9 | 5c 05 65 30 48 c5 b0 71 df 44 35 47 35 01 68 26 | bd e1 3d 2b 5d 8e 4a fd e0 66 57 c5 3e a1 c8 b2 | 92 40 38 3f f8 49 a6 ed 53 9f ff ba f4 3e f2 1a | a2 37 20 8e 5d ac cb 54 ee 92 e0 81 8f 68 2f 1e | 53 37 c2 5f 6b 19 81 b0 38 de d3 02 a1 c7 19 d2 | 81 60 ce 47 d0 a0 7e 96 75 43 cc 49 97 d8 27 76 | bd 9d 7b f6 23 c0 ee 9f df 76 18 10 ae 2e b0 58 | 39 11 08 85 78 fc b0 d2 74 e5 88 ec de 90 22 ae | 23 8b fb 13 26 34 31 5f e0 df a5 ac e5 ec c3 5f | f1 46 ae 7b a0 48 e9 3f e7 58 c3 a3 8f 6c 79 1a | f7 85 99 88 55 57 ce c6 a7 6c fd ab 9f 7b 3d 43 | 70 3f dd 4b 1d 9f 2c ac db f3 39 99 e8 e4 86 80 | 0a c2 9e 85 45 d0 62 28 5e 6d 47 d0 ec 24 4c 9c | 0a dd 0e ec 59 07 16 fb dc 7a f0 12 a5 90 58 02 | 3f 86 e4 d6 3f 5e 89 5f 0e ae d3 31 6c ab 3e 65 | d0 db c0 ac 25 92 be e3 25 e1 50 fe 3e c2 79 71 | 76 08 2f 01 56 76 8a e4 32 86 bf a7 b3 df 6e 73 | 99 ec 37 d9 0e 75 86 e7 c3 46 d0 2e 22 35 5c dd | 95 1e 4f f6 1d dc d5 72 d1 10 b5 de | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 58 65 7e 03 6c d2 dc 8b | responder cookie: | 8c 79 d8 bb 28 3b 88 3a | next payload type: ISAKMP_NEXT_HASH (0x8) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_QUICK (0x20) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 468613185 (0x1bee7841) | length: 460 (0x1cc) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32) | State DB: found IKEv1 state #5 in QUICK_I1 (find_state_ikev1) | start processing: state #5 connection "westnet-eastnet-subnets/2x2" from 192.1.2.23 (in process_v1_packet() at ikev1.c:1633) | #5 is idle | #5 idle | received encrypted packet from 192.1.2.23:500 | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x502 opt: 0x200030 | ***parse ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_SA (0x1) | length: 36 (0x24) | got payload 0x2 (ISAKMP_NEXT_SA) needed: 0x402 opt: 0x200030 | ***parse ISAKMP Security Association Payload: | next payload type: ISAKMP_NEXT_NONCE (0xa) | length: 56 (0x38) | DOI: ISAKMP_DOI_IPSEC (0x1) | got payload 0x400 (ISAKMP_NEXT_NONCE) needed: 0x400 opt: 0x200030 | ***parse ISAKMP Nonce Payload: | next payload type: ISAKMP_NEXT_KE (0x4) | length: 36 (0x24) | got payload 0x10 (ISAKMP_NEXT_KE) needed: 0x0 opt: 0x200030 | ***parse ISAKMP Key Exchange Payload: | next payload type: ISAKMP_NEXT_ID (0x5) | length: 260 (0x104) | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030 | ***parse ISAKMP Identification Payload (IPsec DOI): | next payload type: ISAKMP_NEXT_ID (0x5) | length: 16 (0x10) | ID type: ID_IPV4_ADDR_SUBNET (0x4) | Protocol ID: 0 (0x0) | port: 0 (0x0) | obj: c0 00 01 80 ff ff ff f0 | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030 | ***parse ISAKMP Identification Payload (IPsec DOI): | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 16 (0x10) | ID type: ID_IPV4_ADDR_SUBNET (0x4) | Protocol ID: 0 (0x0) | port: 0 (0x0) | obj: c0 00 02 40 ff ff ff c0 | removing 12 bytes of padding | quick_inR1_outI2 HASH(2): | 32 3b 66 5e 25 48 64 7f 15 73 eb 23 0c b2 b5 4e | 4b e1 68 d3 65 1c 28 29 d3 b6 3e 9d 34 8b ec 5d | received 'quick_inR1_outI2' message HASH(2) data ok | ****parse IPsec DOI SIT: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) | ****parse ISAKMP Proposal Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 44 (0x2c) | proposal number: 0 (0x0) | protocol ID: PROTO_IPSEC_ESP (0x3) | SPI size: 4 (0x4) | number of transforms: 1 (0x1) | parsing 4 raw bytes of ISAKMP Proposal Payload into SPI | SPI 70 04 02 af | *****parse ISAKMP Transform Payload (ESP): | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 32 (0x20) | ESP transform number: 0 (0x0) | ESP transform ID: ESP_AES (0xc) | ******parse ISAKMP IPsec DOI attribute: | af+type: AF+GROUP_DESCRIPTION (0x8003) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | ******parse ISAKMP IPsec DOI attribute: | af+type: AF+ENCAPSULATION_MODE (0x8004) | length/value: 1 (0x1) | [1 is ENCAPSULATION_MODE_TUNNEL] | NAT-T non-encap: Installing IPsec SA without ENCAP, st->hidden_variables.st_nat_traversal is none | ******parse ISAKMP IPsec DOI attribute: | af+type: AF+SA_LIFE_TYPE (0x8001) | length/value: 1 (0x1) | [1 is SA_LIFE_TYPE_SECONDS] | ******parse ISAKMP IPsec DOI attribute: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) | length/value: 28800 (0x7080) | ******parse ISAKMP IPsec DOI attribute: | af+type: AF+AUTH_ALGORITHM (0x8005) | length/value: 2 (0x2) | [2 is AUTH_ALGORITHM_HMAC_SHA1] | ******parse ISAKMP IPsec DOI attribute: | af+type: AF+KEY_LENGTH (0x8006) | length/value: 128 (0x80) | ESP IPsec Transform verified unconditionally; no alg_info to check against | started looking for secret for @west->@east of kind PKK_PSK | actually looking for secret for @west->@east of kind PKK_PSK | line 1: key type PKK_PSK(@west) to type PKK_RSA | concluding with best_match=000 best=(nil) (lineno=-1) | no PreShared Key Found | adding quick outI2 DH work-order 7 for state #5 | state #5 requesting EVENT_RETRANSMIT to be deleted | #5 STATE_QUICK_I1: retransmits: cleared | libevent_free: release ptr-libevent@0x55ebb7f52be8 | free_event_entry: release EVENT_RETRANSMIT-pe@0x55ebb7f53638 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55ebb7f53638 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #5 | libevent_malloc: new ptr-libevent@0x7f99600055c8 size 128 | complete v1 state transition with STF_SUSPEND | [RE]START processing: state #5 connection "westnet-eastnet-subnets/2x2" from 192.1.2.23 (in complete_v1_state_transition() at ikev1.c:2648) | crypto helper 6 resuming | suspending state #5 and saving MD | #5 is busy; has a suspended MD | crypto helper 6 starting work-order 7 for state #5 | #5 spent 0.124 milliseconds in process_packet_tail() | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) | crypto helper 6 doing compute dh (V1 Phase 2 PFS) (quick outI2 DH); request ID 7 | stop processing: state #5 connection "westnet-eastnet-subnets/2x2" from 192.1.2.23 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.324 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00209 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 460 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | 58 65 7e 03 6c d2 dc 8b 8c 79 d8 bb 28 3b 88 3a | 08 10 20 01 68 f2 34 3d 00 00 01 cc 65 3b 73 5e | 32 1f 40 2a 51 a6 51 29 13 bc ac 6f 19 95 69 9b | be 64 6a a8 0d 8d 94 43 da d8 75 42 6a b7 c5 eb | 14 59 91 b4 f6 85 90 5d b5 c4 22 ca a2 df 59 2f | a4 a2 79 9a d9 8a a2 25 7b 84 90 46 e4 bf e1 c8 | 88 70 ce 04 8a 60 79 9d 8a 58 20 3b fd dd 74 6b | af da 93 85 83 43 85 0a d8 ed 3f 47 91 21 0f d7 | 0e ae cb 88 f5 d6 2c 85 6b 37 e0 2e 10 89 1e d7 | ef 7e 5b 7e e4 b0 b3 ac 62 04 07 95 fa 21 2c be | 39 db 77 6a f4 49 09 17 4e 2f 10 14 e5 38 a8 a5 | e5 ee e8 ef 1e 16 7e ac ff 24 ae 1c 24 d9 76 24 | 5a 71 fa 5b 58 d2 9b c6 87 2b 84 5c 68 e4 5f 31 | 9f 05 23 e2 39 1a 3b 51 4d bb ca a7 8d 02 11 2e | c6 59 16 5d 57 fb 5e a1 f2 52 fc bd 98 32 34 c6 | 63 56 d2 da bd ae ab 9c f8 fd 65 6e d3 30 ea bb | d7 31 18 87 af 52 be 04 64 a3 ac c3 ec 06 8b 09 | 18 ed ef ae 36 21 bc 99 26 e1 69 d2 c0 36 bd 1d | be fd 6b 43 49 82 74 20 d4 d6 e0 cc 01 e2 bf 20 | 65 55 df 5d 50 29 19 8b 63 57 73 78 70 fd 66 1f | 1e 2b 92 ce c5 63 9b d4 e0 10 ac f9 c9 90 57 67 | bd 9d 83 38 ba d9 02 a9 79 eb 22 1e df 9f 69 0c | 79 fc 6a 60 45 a1 7d a9 5e d8 56 bb 9f 65 22 39 | 0c 84 c1 5c 70 3f 20 28 29 67 bd 92 97 82 6c 34 | 44 88 26 e4 e1 b7 c3 cc b4 72 ce 54 dd df d1 64 | 7e eb a5 6c ba 5a 9c 50 5f d9 9a 8d ac e9 2d d3 | 4b c3 23 02 79 c3 39 78 cb 7c 2e 86 b2 4e 20 aa | a8 61 3d 6f 2f 70 1d 3b e5 50 43 f8 0c 06 2f ff | c8 e5 f0 89 ff a2 17 04 d6 5e e2 f8 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 58 65 7e 03 6c d2 dc 8b | responder cookie: | 8c 79 d8 bb 28 3b 88 3a | next payload type: ISAKMP_NEXT_HASH (0x8) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_QUICK (0x20) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 1760703549 (0x68f2343d) | length: 460 (0x1cc) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32) | State DB: found IKEv1 state #2 in QUICK_I1 (find_state_ikev1) | start processing: state #2 connection "westnet-eastnet-subnets/1x1" from 192.1.2.23 (in process_v1_packet() at ikev1.c:1633) | #2 is idle | #2 idle | received encrypted packet from 192.1.2.23:500 | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x502 opt: 0x200030 | ***parse ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_SA (0x1) | length: 36 (0x24) | got payload 0x2 (ISAKMP_NEXT_SA) needed: 0x402 opt: 0x200030 | ***parse ISAKMP Security Association Payload: | next payload type: ISAKMP_NEXT_NONCE (0xa) | length: 56 (0x38) | DOI: ISAKMP_DOI_IPSEC (0x1) | got payload 0x400 (ISAKMP_NEXT_NONCE) needed: 0x400 opt: 0x200030 | ***parse ISAKMP Nonce Payload: | next payload type: ISAKMP_NEXT_KE (0x4) | length: 36 (0x24) | got payload 0x10 (ISAKMP_NEXT_KE) needed: 0x0 opt: 0x200030 | ***parse ISAKMP Key Exchange Payload: | next payload type: ISAKMP_NEXT_ID (0x5) | length: 260 (0x104) | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030 | ***parse ISAKMP Identification Payload (IPsec DOI): | next payload type: ISAKMP_NEXT_ID (0x5) | length: 16 (0x10) | ID type: ID_IPV4_ADDR_SUBNET (0x4) | Protocol ID: 0 (0x0) | port: 0 (0x0) | obj: c0 00 01 00 ff ff ff f0 | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030 | ***parse ISAKMP Identification Payload (IPsec DOI): | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 16 (0x10) | ID type: ID_IPV4_ADDR_SUBNET (0x4) | Protocol ID: 0 (0x0) | port: 0 (0x0) | obj: c0 00 02 10 ff ff ff f0 | removing 12 bytes of padding | quick_inR1_outI2 HASH(2): | c8 a4 da 38 3c a9 4e 7d 4f 2d de 4f d8 a3 ab 50 | 29 eb ef b0 82 94 14 ce 7c 5b 29 03 0a 1f 49 a3 | received 'quick_inR1_outI2' message HASH(2) data ok | ****parse IPsec DOI SIT: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) | ****parse ISAKMP Proposal Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 44 (0x2c) | proposal number: 0 (0x0) | protocol ID: PROTO_IPSEC_ESP (0x3) | SPI size: 4 (0x4) | number of transforms: 1 (0x1) | parsing 4 raw bytes of ISAKMP Proposal Payload into SPI | SPI b2 d9 84 7b | *****parse ISAKMP Transform Payload (ESP): | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 32 (0x20) | ESP transform number: 0 (0x0) | ESP transform ID: ESP_AES (0xc) | ******parse ISAKMP IPsec DOI attribute: | af+type: AF+GROUP_DESCRIPTION (0x8003) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | ******parse ISAKMP IPsec DOI attribute: | af+type: AF+ENCAPSULATION_MODE (0x8004) | length/value: 1 (0x1) | [1 is ENCAPSULATION_MODE_TUNNEL] | NAT-T non-encap: Installing IPsec SA without ENCAP, st->hidden_variables.st_nat_traversal is none | ******parse ISAKMP IPsec DOI attribute: | af+type: AF+SA_LIFE_TYPE (0x8001) | length/value: 1 (0x1) | [1 is SA_LIFE_TYPE_SECONDS] | ******parse ISAKMP IPsec DOI attribute: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) | length/value: 28800 (0x7080) | ******parse ISAKMP IPsec DOI attribute: | af+type: AF+AUTH_ALGORITHM (0x8005) | length/value: 2 (0x2) | [2 is AUTH_ALGORITHM_HMAC_SHA1] | ******parse ISAKMP IPsec DOI attribute: | af+type: AF+KEY_LENGTH (0x8006) | length/value: 128 (0x80) | ESP IPsec Transform verified unconditionally; no alg_info to check against | started looking for secret for @west->@east of kind PKK_PSK | actually looking for secret for @west->@east of kind PKK_PSK | line 1: key type PKK_PSK(@west) to type PKK_RSA | concluding with best_match=000 best=(nil) (lineno=-1) | no PreShared Key Found | adding quick outI2 DH work-order 8 for state #2 | state #2 requesting EVENT_RETRANSMIT to be deleted | #2 STATE_QUICK_I1: retransmits: cleared | libevent_free: release ptr-libevent@0x7f99640055c8 | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f9970002b78 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f9970002b78 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #2 | libevent_malloc: new ptr-libevent@0x55ebb7f48918 size 128 | complete v1 state transition with STF_SUSPEND | crypto helper 0 resuming | [RE]START processing: state #2 connection "westnet-eastnet-subnets/1x1" from 192.1.2.23 (in complete_v1_state_transition() at ikev1.c:2648) | crypto helper 0 starting work-order 8 for state #2 | suspending state #2 and saving MD | #2 is busy; has a suspended MD | crypto helper 0 doing compute dh (V1 Phase 2 PFS) (quick outI2 DH); request ID 8 | #2 spent 0.106 milliseconds in process_packet_tail() | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #2 connection "westnet-eastnet-subnets/1x1" from 192.1.2.23 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.275 milliseconds in comm_handle_cb() reading and processing packet | crypto helper 6 finished compute dh (V1 Phase 2 PFS) (quick outI2 DH); request ID 7 time elapsed 0.000932 seconds | (#5) spent 0.921 milliseconds in crypto helper computing work-order 7: quick outI2 DH (pcr) | crypto helper 6 sending results from work-order 7 for state #5 to event queue | scheduling resume sending helper answer for #5 | libevent_malloc: new ptr-libevent@0x7f995c001f78 size 128 | crypto helper 6 waiting (nothing to do) | processing resume sending helper answer for #5 | start processing: state #5 connection "westnet-eastnet-subnets/2x2" from 192.1.2.23 (in resume_handler() at server.c:797) | crypto helper 6 replies to request ID 7 | calling continuation function 0x55ebb72bcb50 | quick_inR1_outI2_continue for #5: calculated ke+nonce, calculating DH | **emit ISAKMP Message: | initiator cookie: | 58 65 7e 03 6c d2 dc 8b | responder cookie: | 8c 79 d8 bb 28 3b 88 3a | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_QUICK (0x20) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 468613185 (0x1bee7841) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address | ID address c0 00 01 80 | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID mask | ID mask ff ff ff f0 | our client is subnet 192.0.1.128/28 | our client protocol/port is 0/0 | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address | ID address c0 00 02 40 | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID mask | ID mask ff ff ff c0 | peer client is subnet 192.0.2.64/26 | peer client protocol/port is 0/0 | ***emit ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'reply packet' | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload | emitting length of ISAKMP Hash Payload: 36 | quick_inR1_outI2 HASH(3): | 6d b3 81 b7 95 a0 19 e6 16 d1 e4 3e 08 f3 99 89 | 68 df 0a ac 90 0c 3a 7c 36 1f 3e 19 14 3f 45 23 | compute_proto_keymat: needed_len (after ESP enc)=16 | compute_proto_keymat: needed_len (after ESP auth)=36 | install_ipsec_sa() for #5: inbound and outbound | could_route called for westnet-eastnet-subnets/2x2 (kind=CK_PERMANENT) | FOR_EACH_CONNECTION_... in route_owner | conn westnet-eastnet-subnets/2x2 mark 0/00000000, 0/00000000 vs | conn westnet-eastnet-subnets/2x2 mark 0/00000000, 0/00000000 | conn westnet-eastnet-subnets/2x2 mark 0/00000000, 0/00000000 vs | conn westnet-eastnet-subnets/2x1 mark 0/00000000, 0/00000000 | conn westnet-eastnet-subnets/2x2 mark 0/00000000, 0/00000000 vs | conn westnet-eastnet-subnets/1x2 mark 0/00000000, 0/00000000 | conn westnet-eastnet-subnets/2x2 mark 0/00000000, 0/00000000 vs | conn westnet-eastnet-subnets/1x1 mark 0/00000000, 0/00000000 | route owner of "westnet-eastnet-subnets/2x2" unrouted: NULL; eroute owner: NULL | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 | setting IPsec SA replay-window to 32 | NIC esp-hw-offload not for connection 'westnet-eastnet-subnets/2x2' not available on interface eth1 | netlink: enabling tunnel mode | netlink: setting IPsec SA replay-window to 32 using old-style req | netlink: esp-hw-offload not set for IPsec SA | netlink response for Add SA esp.700402af@192.1.2.23 included non-error error | set up outgoing SA, ref=0/0 | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 | setting IPsec SA replay-window to 32 | NIC esp-hw-offload not for connection 'westnet-eastnet-subnets/2x2' not available on interface eth1 | netlink: enabling tunnel mode | netlink: setting IPsec SA replay-window to 32 using old-style req | netlink: esp-hw-offload not set for IPsec SA | netlink response for Add SA esp.fae87546@192.1.2.45 included non-error error | priority calculation of connection "westnet-eastnet-subnets/2x2" is 0xfe3e5 | add inbound eroute 192.0.2.64/26:0 --0-> 192.0.1.128/28:0 => tun.10000@192.1.2.45 (raw_eroute) | IPsec Sa SPD priority set to 1041381 | raw_eroute result=success | set up incoming SA, ref=0/0 | sr for #5: unrouted | route_and_eroute() for proto 0, and source port 0 dest port 0 | FOR_EACH_CONNECTION_... in route_owner | conn westnet-eastnet-subnets/2x2 mark 0/00000000, 0/00000000 vs | conn westnet-eastnet-subnets/2x2 mark 0/00000000, 0/00000000 | conn westnet-eastnet-subnets/2x2 mark 0/00000000, 0/00000000 vs | conn westnet-eastnet-subnets/2x1 mark 0/00000000, 0/00000000 | conn westnet-eastnet-subnets/2x2 mark 0/00000000, 0/00000000 vs | conn westnet-eastnet-subnets/1x2 mark 0/00000000, 0/00000000 | conn westnet-eastnet-subnets/2x2 mark 0/00000000, 0/00000000 vs | conn westnet-eastnet-subnets/1x1 mark 0/00000000, 0/00000000 | route owner of "westnet-eastnet-subnets/2x2" unrouted: NULL; eroute owner: NULL | route_and_eroute with c: westnet-eastnet-subnets/2x2 (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #5 | priority calculation of connection "westnet-eastnet-subnets/2x2" is 0xfe3e5 | eroute_connection add eroute 192.0.1.128/28:0 --0-> 192.0.2.64/26:0 => tun.0@192.1.2.23 (raw_eroute) | IPsec Sa SPD priority set to 1041381 | raw_eroute result=success | running updown command "ipsec _updown" for verb up | command executing up-client | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-subnets/2x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.128/28' PLUTO_MY_CLIENT_NET='192.0.1.128' PLUTO_MY_CLIENT_MASK='255.255.255.240' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16400' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.64/26' PLUTO_PEER_CLIENT_NET='192.0.2.64' PLUTO_PEER_CLIENT_MASK='255.255.255.192' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHAR | popen cmd is 1059 chars long | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-sub: | cmd( 80):nets/2x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.4: | cmd( 160):5' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.128/28' PLUTO_MY_CLIENT_NET='192: | cmd( 240):.0.1.128' PLUTO_MY_CLIENT_MASK='255.255.255.240' PLUTO_MY_PORT='0' PLUTO_MY_PROT: | cmd( 320):OCOL='0' PLUTO_SA_REQID='16400' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUT: | cmd( 400):O_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.64/26' PLUTO_PEER_CLIENT_NET='192.0: | cmd( 480):.2.64' PLUTO_PEER_CLIENT_MASK='255.255.255.192' PLUTO_PEER_PORT='0' PLUTO_PEER_P: | cmd( 560):ROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_P: | cmd( 640):OLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_N: | cmd( 720):O' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PL: | cmd( 800):UTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEE: | cmd( 880):R_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VT: | cmd( 960):I_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x700402af SPI_OUT=0xfae87546: | cmd(1040): ipsec _updown 2>&1: | crypto helper 0 finished compute dh (V1 Phase 2 PFS) (quick outI2 DH); request ID 8 time elapsed 0.001367 seconds | (#2) spent 0.815 milliseconds in crypto helper computing work-order 8: quick outI2 DH (pcr) | crypto helper 0 sending results from work-order 8 for state #2 to event queue | scheduling resume sending helper answer for #2 | libevent_malloc: new ptr-libevent@0x7f99700027d8 size 128 | crypto helper 0 waiting (nothing to do) | route_and_eroute: firewall_notified: true | running updown command "ipsec _updown" for verb prepare | command executing prepare-client | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-subnets/2x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.128/28' PLUTO_MY_CLIENT_NET='192.0.1.128' PLUTO_MY_CLIENT_MASK='255.255.255.240' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16400' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.64/26' PLUTO_PEER_CLIENT_NET='192.0.2.64' PLUTO_PEER_CLIENT_MASK='255.255.255.192' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no | popen cmd is 1064 chars long | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastne: | cmd( 80):t-subnets/2x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.: | cmd( 160):1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.128/28' PLUTO_MY_CLIENT_NET: | cmd( 240):='192.0.1.128' PLUTO_MY_CLIENT_MASK='255.255.255.240' PLUTO_MY_PORT='0' PLUTO_MY: | cmd( 320):_PROTOCOL='0' PLUTO_SA_REQID='16400' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23': | cmd( 400): PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.64/26' PLUTO_PEER_CLIENT_NET=': | cmd( 480):192.0.2.64' PLUTO_PEER_CLIENT_MASK='255.255.255.192' PLUTO_PEER_PORT='0' PLUTO_P: | cmd( 560):EER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_C: | cmd( 640):ONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+: | cmd( 720):ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED: | cmd( 800):=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUT: | cmd( 880):O_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED=': | cmd( 960):0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x700402af SPI_OUT=0xfae: | cmd(1040):87546 ipsec _updown 2>&1: | running updown command "ipsec _updown" for verb route | command executing route-client | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-subnets/2x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.128/28' PLUTO_MY_CLIENT_NET='192.0.1.128' PLUTO_MY_CLIENT_MASK='255.255.255.240' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16400' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.64/26' PLUTO_PEER_CLIENT_NET='192.0.2.64' PLUTO_PEER_CLIENT_MASK='255.255.255.192' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VT | popen cmd is 1062 chars long | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-: | cmd( 80):subnets/2x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.: | cmd( 160):2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.128/28' PLUTO_MY_CLIENT_NET=': | cmd( 240):192.0.1.128' PLUTO_MY_CLIENT_MASK='255.255.255.240' PLUTO_MY_PORT='0' PLUTO_MY_P: | cmd( 320):ROTOCOL='0' PLUTO_SA_REQID='16400' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' P: | cmd( 400):LUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.64/26' PLUTO_PEER_CLIENT_NET='19: | cmd( 480):2.0.2.64' PLUTO_PEER_CLIENT_MASK='255.255.255.192' PLUTO_PEER_PORT='0' PLUTO_PEE: | cmd( 560):R_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CON: | cmd( 640):N_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ES: | cmd( 720):N_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0: | cmd( 800): PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_: | cmd( 880):PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0': | cmd( 960): VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x700402af SPI_OUT=0xfae87: | cmd(1040):546 ipsec _updown 2>&1: | route_and_eroute: instance "westnet-eastnet-subnets/2x2", setting eroute_owner {spd=0x55ebb7f498e8,sr=0x55ebb7f498e8} to #5 (was #0) (newest_ipsec_sa=#0) | #1 spent 1.67 milliseconds in install_ipsec_sa() | emitting 12 zero bytes of encryption padding into ISAKMP Message | no IKEv1 message padding required | emitting length of ISAKMP Message: 76 | inR1_outI2: instance westnet-eastnet-subnets/2x2[0], setting IKEv1 newest_ipsec_sa to #5 (was #0) (spd.eroute=#5) cloned from #1 | DPD: dpd_init() called on IPsec SA | DPD: Peer does not support Dead Peer Detection | complete v1 state transition with STF_OK | [RE]START processing: state #5 connection "westnet-eastnet-subnets/2x2" from 192.1.2.23 (in complete_v1_state_transition() at ikev1.c:2673) | #5 is idle | doing_xauth:no, t_xauth_client_done:no | IKEv1: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2 | child state #5: QUICK_I1(established CHILD SA) => QUICK_I2(established CHILD SA) | event_already_set, deleting event | state #5 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f99600055c8 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55ebb7f53638 | sending reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending 76 bytes for STATE_QUICK_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #5) | 58 65 7e 03 6c d2 dc 8b 8c 79 d8 bb 28 3b 88 3a | 08 10 20 01 1b ee 78 41 00 00 00 4c 5e be 11 84 | 10 33 5d f1 db 28 f2 83 33 2c 38 64 1f f1 01 d4 | 64 ba 58 a0 48 2d dc 51 b7 8b 3c b6 c9 f9 53 70 | 08 67 03 3e 2d 6e 5f 96 c8 45 54 1f | !event_already_set at reschedule | event_schedule: new EVENT_SA_REPLACE-pe@0x55ebb7f53638 | inserting event EVENT_SA_REPLACE, timeout in 28048 seconds for #5 | libevent_malloc: new ptr-libevent@0x55ebb7f51678 size 128 | pstats #5 ikev1.ipsec established | NAT-T: encaps is 'auto' "westnet-eastnet-subnets/2x2" #5: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode {ESP=>0x700402af <0xfae87546 xfrm=AES_CBC_128-HMAC_SHA1_96 NATOA=none NATD=none DPD=passive} | modecfg pull: noquirk policy:push not-client | phase 1 is done, looking for phase 2 to unpend | close_any(fd@25) (in release_whack() at state.c:654) | resume sending helper answer for #5 suppresed complete_v1_state_transition() | #5 spent 2.15 milliseconds in resume sending helper answer | stop processing: state #5 connection "westnet-eastnet-subnets/2x2" from 192.1.2.23 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f995c001f78 | spent 0.00211 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 460 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | 58 65 7e 03 6c d2 dc 8b 8c 79 d8 bb 28 3b 88 3a | 08 10 20 01 88 82 f8 51 00 00 01 cc 0d 49 de 76 | 9b e8 90 ab fa ae d8 b7 f1 bf 43 78 51 10 26 62 | 5f b4 97 01 2c b0 a9 ad de 85 03 83 a3 c0 19 51 | 43 4f ce 8f b9 e1 a2 9d cb c6 23 36 f4 26 ac 16 | 7c fc df 2f c4 95 c1 b1 1b 5f 77 af e6 4a ef bc | 13 50 f1 04 c4 7d c2 e4 4f 9e a4 0c 34 0e 11 56 | d0 e3 b8 8e e6 c7 8e 14 0a fb 73 f9 63 ed 39 6d | a2 2f 30 2b fe 0d b8 b0 57 6c 42 b6 e3 4d 8b 57 | cb bf 86 93 45 79 03 2f da f1 8b 4c e8 b2 70 44 | c9 49 56 c0 6e e6 a0 29 09 6b c1 ec 8d bb 2a 2b | 3a b7 8f d5 70 fe 6e 22 86 ec 0e b0 2a d2 bb 6b | c6 86 97 fb 66 7a f0 ea 59 73 18 a4 b0 20 f9 a5 | b8 8e 05 ff 58 03 8b 08 31 28 54 1c 97 43 9c 3e | d4 b3 4b 47 77 e7 e7 7f dd 1e 6f 8b 1b e9 52 f3 | be c7 cd 17 7d cf 72 19 17 3a c2 b9 63 e5 f2 7b | c7 34 07 2f 62 51 af 7c 61 fb 74 1c 8f 1e a9 37 | fe cc 3b 76 7b 34 f7 2c 4a 98 d4 c2 74 4d d3 63 | 9e 47 aa bc b9 aa 4a 98 f2 3b a0 bf 4d 15 60 51 | 78 48 0e 82 1f 7e 98 2f ae 7d 6b 01 c3 47 fb 0a | eb a0 ea 95 f5 d9 f2 a6 46 a0 f0 b7 f4 fd 66 8d | 90 fa 5c 66 f8 de 5b 4e 28 d2 cb 45 ad 03 fc 7f | 2a 4a 0e ef 40 47 10 45 05 da fd 84 f1 99 df 0b | c2 28 ba 71 25 cf 99 7d 17 c8 dd 4a 69 a9 a0 c8 | aa a9 4b c6 21 61 66 95 5c ab b7 60 29 d8 9c 06 | c8 0f 73 49 12 eb c3 3b cd ea 05 a8 6f 48 56 05 | 76 49 5b 74 25 ad 12 ce cd 84 28 bd 92 f9 e7 fd | 06 a0 36 e8 ec ed 67 69 00 94 e5 ed af 97 b7 70 | 45 af f8 29 bc 14 68 7e f6 3f b3 e2 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 58 65 7e 03 6c d2 dc 8b | responder cookie: | 8c 79 d8 bb 28 3b 88 3a | next payload type: ISAKMP_NEXT_HASH (0x8) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_QUICK (0x20) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 2290284625 (0x8882f851) | length: 460 (0x1cc) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32) | State DB: found IKEv1 state #3 in QUICK_I1 (find_state_ikev1) | start processing: state #3 connection "westnet-eastnet-subnets/1x2" from 192.1.2.23 (in process_v1_packet() at ikev1.c:1633) | #3 is idle | #3 idle | received encrypted packet from 192.1.2.23:500 | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x502 opt: 0x200030 | ***parse ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_SA (0x1) | length: 36 (0x24) | got payload 0x2 (ISAKMP_NEXT_SA) needed: 0x402 opt: 0x200030 | ***parse ISAKMP Security Association Payload: | next payload type: ISAKMP_NEXT_NONCE (0xa) | length: 56 (0x38) | DOI: ISAKMP_DOI_IPSEC (0x1) | got payload 0x400 (ISAKMP_NEXT_NONCE) needed: 0x400 opt: 0x200030 | ***parse ISAKMP Nonce Payload: | next payload type: ISAKMP_NEXT_KE (0x4) | length: 36 (0x24) | got payload 0x10 (ISAKMP_NEXT_KE) needed: 0x0 opt: 0x200030 | ***parse ISAKMP Key Exchange Payload: | next payload type: ISAKMP_NEXT_ID (0x5) | length: 260 (0x104) | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030 | ***parse ISAKMP Identification Payload (IPsec DOI): | next payload type: ISAKMP_NEXT_ID (0x5) | length: 16 (0x10) | ID type: ID_IPV4_ADDR_SUBNET (0x4) | Protocol ID: 0 (0x0) | port: 0 (0x0) | obj: c0 00 01 00 ff ff ff f0 | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030 | ***parse ISAKMP Identification Payload (IPsec DOI): | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 16 (0x10) | ID type: ID_IPV4_ADDR_SUBNET (0x4) | Protocol ID: 0 (0x0) | port: 0 (0x0) | obj: c0 00 02 40 ff ff ff c0 | removing 12 bytes of padding | quick_inR1_outI2 HASH(2): | 75 00 9b 50 52 f3 8d 1c d3 7a bf 4b f6 03 a6 88 | ab 70 3a cb 15 95 24 86 36 97 84 e7 52 ce 21 9a | received 'quick_inR1_outI2' message HASH(2) data ok | ****parse IPsec DOI SIT: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) | ****parse ISAKMP Proposal Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 44 (0x2c) | proposal number: 0 (0x0) | protocol ID: PROTO_IPSEC_ESP (0x3) | SPI size: 4 (0x4) | number of transforms: 1 (0x1) | parsing 4 raw bytes of ISAKMP Proposal Payload into SPI | SPI b6 7a f7 4a | *****parse ISAKMP Transform Payload (ESP): | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 32 (0x20) | ESP transform number: 0 (0x0) | ESP transform ID: ESP_AES (0xc) | ******parse ISAKMP IPsec DOI attribute: | af+type: AF+GROUP_DESCRIPTION (0x8003) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | ******parse ISAKMP IPsec DOI attribute: | af+type: AF+ENCAPSULATION_MODE (0x8004) | length/value: 1 (0x1) | [1 is ENCAPSULATION_MODE_TUNNEL] | NAT-T non-encap: Installing IPsec SA without ENCAP, st->hidden_variables.st_nat_traversal is none | ******parse ISAKMP IPsec DOI attribute: | af+type: AF+SA_LIFE_TYPE (0x8001) | length/value: 1 (0x1) | [1 is SA_LIFE_TYPE_SECONDS] | ******parse ISAKMP IPsec DOI attribute: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) | length/value: 28800 (0x7080) | ******parse ISAKMP IPsec DOI attribute: | af+type: AF+AUTH_ALGORITHM (0x8005) | length/value: 2 (0x2) | [2 is AUTH_ALGORITHM_HMAC_SHA1] | ******parse ISAKMP IPsec DOI attribute: | af+type: AF+KEY_LENGTH (0x8006) | length/value: 128 (0x80) | ESP IPsec Transform verified unconditionally; no alg_info to check against | started looking for secret for @west->@east of kind PKK_PSK | actually looking for secret for @west->@east of kind PKK_PSK | line 1: key type PKK_PSK(@west) to type PKK_RSA | concluding with best_match=000 best=(nil) (lineno=-1) | no PreShared Key Found | adding quick outI2 DH work-order 9 for state #3 | state #3 requesting EVENT_RETRANSMIT to be deleted | #3 STATE_QUICK_I1: retransmits: cleared | libevent_free: release ptr-libevent@0x7f996c003f28 | free_event_entry: release EVENT_RETRANSMIT-pe@0x55ebb7f4cfa8 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55ebb7f4cfa8 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #3 | libevent_malloc: new ptr-libevent@0x7f995c001f78 size 128 | complete v1 state transition with STF_SUSPEND | [RE]START processing: state #3 connection "westnet-eastnet-subnets/1x2" from 192.1.2.23 (in complete_v1_state_transition() at ikev1.c:2648) | suspending state #3 and saving MD | #3 is busy; has a suspended MD | #3 spent 0.157 milliseconds in process_packet_tail() | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #3 connection "westnet-eastnet-subnets/1x2" from 192.1.2.23 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.412 milliseconds in comm_handle_cb() reading and processing packet | processing resume sending helper answer for #2 | start processing: state #2 connection "westnet-eastnet-subnets/1x1" from 192.1.2.23 (in resume_handler() at server.c:797) | crypto helper 0 replies to request ID 8 | calling continuation function 0x55ebb72bcb50 | quick_inR1_outI2_continue for #2: calculated ke+nonce, calculating DH | **emit ISAKMP Message: | initiator cookie: | 58 65 7e 03 6c d2 dc 8b | responder cookie: | 8c 79 d8 bb 28 3b 88 3a | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_QUICK (0x20) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 1760703549 (0x68f2343d) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address | ID address c0 00 01 00 | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID mask | ID mask ff ff ff f0 | our client is subnet 192.0.1.0/28 | our client protocol/port is 0/0 | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address | ID address c0 00 02 10 | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID mask | ID mask ff ff ff f0 | peer client is subnet 192.0.2.16/28 | peer client protocol/port is 0/0 | ***emit ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'reply packet' | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload | emitting length of ISAKMP Hash Payload: 36 | quick_inR1_outI2 HASH(3): | af 1a 0c 3e 11 37 51 83 4f ee 44 65 03 25 ca f4 | 37 34 60 87 e9 80 8f 8d cc 98 3b c4 2b a4 d2 21 | compute_proto_keymat: needed_len (after ESP enc)=16 | compute_proto_keymat: needed_len (after ESP auth)=36 | install_ipsec_sa() for #2: inbound and outbound | could_route called for westnet-eastnet-subnets/1x1 (kind=CK_PERMANENT) | FOR_EACH_CONNECTION_... in route_owner | conn westnet-eastnet-subnets/1x1 mark 0/00000000, 0/00000000 vs | conn westnet-eastnet-subnets/2x2 mark 0/00000000, 0/00000000 | conn westnet-eastnet-subnets/1x1 mark 0/00000000, 0/00000000 vs | conn westnet-eastnet-subnets/2x1 mark 0/00000000, 0/00000000 | conn westnet-eastnet-subnets/1x1 mark 0/00000000, 0/00000000 vs | conn westnet-eastnet-subnets/1x2 mark 0/00000000, 0/00000000 | conn westnet-eastnet-subnets/1x1 mark 0/00000000, 0/00000000 vs | conn westnet-eastnet-subnets/1x1 mark 0/00000000, 0/00000000 | route owner of "westnet-eastnet-subnets/1x1" unrouted: NULL; eroute owner: NULL | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 | setting IPsec SA replay-window to 32 | NIC esp-hw-offload not for connection 'westnet-eastnet-subnets/1x1' not available on interface eth1 | netlink: enabling tunnel mode | netlink: setting IPsec SA replay-window to 32 using old-style req | netlink: esp-hw-offload not set for IPsec SA | netlink response for Add SA esp.b2d9847b@192.1.2.23 included non-error error | set up outgoing SA, ref=0/0 | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 | setting IPsec SA replay-window to 32 | NIC esp-hw-offload not for connection 'westnet-eastnet-subnets/1x1' not available on interface eth1 | netlink: enabling tunnel mode | netlink: setting IPsec SA replay-window to 32 using old-style req | netlink: esp-hw-offload not set for IPsec SA | netlink response for Add SA esp.4a46f032@192.1.2.45 included non-error error | priority calculation of connection "westnet-eastnet-subnets/1x1" is 0xfe3e3 | add inbound eroute 192.0.2.16/28:0 --0-> 192.0.1.0/28:0 => tun.10000@192.1.2.45 (raw_eroute) | IPsec Sa SPD priority set to 1041379 | raw_eroute result=success | set up incoming SA, ref=0/0 | sr for #2: unrouted | route_and_eroute() for proto 0, and source port 0 dest port 0 | FOR_EACH_CONNECTION_... in route_owner | conn westnet-eastnet-subnets/1x1 mark 0/00000000, 0/00000000 vs | conn westnet-eastnet-subnets/2x2 mark 0/00000000, 0/00000000 | conn westnet-eastnet-subnets/1x1 mark 0/00000000, 0/00000000 vs | conn westnet-eastnet-subnets/2x1 mark 0/00000000, 0/00000000 | conn westnet-eastnet-subnets/1x1 mark 0/00000000, 0/00000000 vs | conn westnet-eastnet-subnets/1x2 mark 0/00000000, 0/00000000 | conn westnet-eastnet-subnets/1x1 mark 0/00000000, 0/00000000 vs | conn westnet-eastnet-subnets/1x1 mark 0/00000000, 0/00000000 | route owner of "westnet-eastnet-subnets/1x1" unrouted: NULL; eroute owner: NULL | route_and_eroute with c: westnet-eastnet-subnets/1x1 (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #2 | priority calculation of connection "westnet-eastnet-subnets/1x1" is 0xfe3e3 | eroute_connection add eroute 192.0.1.0/28:0 --0-> 192.0.2.16/28:0 => tun.0@192.1.2.23 (raw_eroute) | IPsec Sa SPD priority set to 1041379 | raw_eroute result=success | running updown command "ipsec _updown" for verb up | command executing up-client | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-subnets/1x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/28' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.240' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.16/28' PLUTO_PEER_CLIENT_NET='192.0.2.16' PLUTO_PEER_CLIENT_MASK='255.255.255.240' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED=' | popen cmd is 1055 chars long | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-sub: | cmd( 80):nets/1x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.4: | cmd( 160):5' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/28' PLUTO_MY_CLIENT_NET='192.0: | cmd( 240):.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.240' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL: | cmd( 320):='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PE: | cmd( 400):ER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.16/28' PLUTO_PEER_CLIENT_NET='192.0.2.1: | cmd( 480):6' PLUTO_PEER_CLIENT_MASK='255.255.255.240' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTO: | cmd( 560):COL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLIC: | cmd( 640):Y='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' P: | cmd( 720):LUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_: | cmd( 800):IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BA: | cmd( 880):NNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IF: | cmd( 960):ACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xb2d9847b SPI_OUT=0x4a46f032 ips: | cmd(1040):ec _updown 2>&1: | crypto helper 1 resuming | crypto helper 1 starting work-order 9 for state #3 | crypto helper 1 doing compute dh (V1 Phase 2 PFS) (quick outI2 DH); request ID 9 | crypto helper 1 finished compute dh (V1 Phase 2 PFS) (quick outI2 DH); request ID 9 time elapsed 0.001067 seconds | (#3) spent 0.862 milliseconds in crypto helper computing work-order 9: quick outI2 DH (pcr) | crypto helper 1 sending results from work-order 9 for state #3 to event queue | scheduling resume sending helper answer for #3 | libevent_malloc: new ptr-libevent@0x7f9968000e98 size 128 | crypto helper 1 waiting (nothing to do) | route_and_eroute: firewall_notified: true | running updown command "ipsec _updown" for verb prepare | command executing prepare-client | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-subnets/1x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/28' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.240' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.16/28' PLUTO_PEER_CLIENT_NET='192.0.2.16' PLUTO_PEER_CLIENT_MASK='255.255.255.240' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VT | popen cmd is 1060 chars long | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastne: | cmd( 80):t-subnets/1x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.: | cmd( 160):1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/28' PLUTO_MY_CLIENT_NET=': | cmd( 240):192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.240' PLUTO_MY_PORT='0' PLUTO_MY_PRO: | cmd( 320):TOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLU: | cmd( 400):TO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.16/28' PLUTO_PEER_CLIENT_NET='192.: | cmd( 480):0.2.16' PLUTO_PEER_CLIENT_MASK='255.255.255.240' PLUTO_PEER_PORT='0' PLUTO_PEER_: | cmd( 560):PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_: | cmd( 640):POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_: | cmd( 720):NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 P: | cmd( 800):LUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PE: | cmd( 880):ER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' V: | cmd( 960):TI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xb2d9847b SPI_OUT=0x4a46f03: | cmd(1040):2 ipsec _updown 2>&1: | running updown command "ipsec _updown" for verb route | command executing route-client | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-subnets/1x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/28' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.240' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.16/28' PLUTO_PEER_CLIENT_NET='192.0.2.16' PLUTO_PEER_CLIENT_MASK='255.255.255.240' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SH | popen cmd is 1058 chars long | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-: | cmd( 80):subnets/1x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.: | cmd( 160):2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/28' PLUTO_MY_CLIENT_NET='19: | cmd( 240):2.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.240' PLUTO_MY_PORT='0' PLUTO_MY_PROTO: | cmd( 320):COL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO: | cmd( 400):_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.16/28' PLUTO_PEER_CLIENT_NET='192.0.: | cmd( 480):2.16' PLUTO_PEER_CLIENT_MASK='255.255.255.240' PLUTO_PEER_PORT='0' PLUTO_PEER_PR: | cmd( 560):OTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_PO: | cmd( 640):LICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO: | cmd( 720):' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLU: | cmd( 800):TO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER: | cmd( 880):_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI: | cmd( 960):_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xb2d9847b SPI_OUT=0x4a46f032 : | cmd(1040):ipsec _updown 2>&1: | route_and_eroute: instance "westnet-eastnet-subnets/1x1", setting eroute_owner {spd=0x55ebb7f47868,sr=0x55ebb7f47868} to #2 (was #0) (newest_ipsec_sa=#0) | #1 spent 1.86 milliseconds in install_ipsec_sa() | emitting 12 zero bytes of encryption padding into ISAKMP Message | no IKEv1 message padding required | emitting length of ISAKMP Message: 76 | inR1_outI2: instance westnet-eastnet-subnets/1x1[0], setting IKEv1 newest_ipsec_sa to #2 (was #0) (spd.eroute=#2) cloned from #1 | DPD: dpd_init() called on IPsec SA | DPD: Peer does not support Dead Peer Detection | complete v1 state transition with STF_OK | [RE]START processing: state #2 connection "westnet-eastnet-subnets/1x1" from 192.1.2.23 (in complete_v1_state_transition() at ikev1.c:2673) | #2 is idle | doing_xauth:no, t_xauth_client_done:no | IKEv1: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2 | child state #2: QUICK_I1(established CHILD SA) => QUICK_I2(established CHILD SA) | event_already_set, deleting event | state #2 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x55ebb7f48918 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f9970002b78 | sending reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending 76 bytes for STATE_QUICK_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #2) | 58 65 7e 03 6c d2 dc 8b 8c 79 d8 bb 28 3b 88 3a | 08 10 20 01 68 f2 34 3d 00 00 00 4c 9e 45 5a f7 | 4e b7 0a ac 75 15 7a 02 52 0a d3 ee a5 af d1 3a | e3 d7 85 4c 3f a0 2f ef b3 f5 6d da dd 89 99 a4 | 87 57 5d 60 fa ef 38 e6 8e 06 75 57 | !event_already_set at reschedule | event_schedule: new EVENT_SA_REPLACE-pe@0x7f9970002b78 | inserting event EVENT_SA_REPLACE, timeout in 27838 seconds for #2 | libevent_malloc: new ptr-libevent@0x55ebb7f5a1b8 size 128 | pstats #2 ikev1.ipsec established | NAT-T: encaps is 'auto' "westnet-eastnet-subnets/1x1" #2: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode {ESP=>0xb2d9847b <0x4a46f032 xfrm=AES_CBC_128-HMAC_SHA1_96 NATOA=none NATD=none DPD=passive} | modecfg pull: noquirk policy:push not-client | phase 1 is done, looking for phase 2 to unpend | close_any(fd@28) (in release_whack() at state.c:654) | resume sending helper answer for #2 suppresed complete_v1_state_transition() | #2 spent 2.32 milliseconds in resume sending helper answer | stop processing: state #2 connection "westnet-eastnet-subnets/1x1" from 192.1.2.23 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f99700027d8 | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00453 milliseconds in signal handler PLUTO_SIGCHLD | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00313 milliseconds in signal handler PLUTO_SIGCHLD | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00313 milliseconds in signal handler PLUTO_SIGCHLD | spent 0.00134 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 460 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | 58 65 7e 03 6c d2 dc 8b 8c 79 d8 bb 28 3b 88 3a | 08 10 20 01 9e 8f 68 f5 00 00 01 cc 87 71 35 2f | 5d e2 3c c9 01 73 14 87 a4 3d f0 17 a4 4c 75 09 | 85 71 aa 2f 71 a9 e7 84 fe 83 46 19 b5 64 7a 90 | 73 23 88 84 51 3e 38 c5 d7 ec 4e d9 3d 58 00 f1 | 95 0e 6e fd ec e8 9e 30 30 b7 cf 9c 5e e9 ff 20 | ab 55 ba 7c 9a 9f bd ec 7f fb 41 b6 02 22 f1 05 | 22 f4 19 dd e3 cf 12 0b ea 87 a3 b2 15 57 4e 25 | 98 de e1 02 65 31 ef 43 93 f1 2f ea 2b 0b ba 8e | c3 eb 70 fb f6 b2 44 90 b3 93 9b a3 10 1e ca ab | 4f 7e bb bf f4 a7 08 c2 9b 1e 43 02 78 4e 1f e2 | 10 04 f7 25 aa df 9d 5e a1 99 bf 1c a6 6f d1 c8 | b2 7d 59 65 94 60 7f a0 88 23 40 b5 ac 48 4d 73 | 69 09 80 56 52 7a 0b 5e 89 5f 13 7a 5a 0d cf 73 | 5d a7 23 17 56 ba 06 46 48 1e d4 50 b1 c2 61 79 | 7f 17 63 21 b5 b8 6c ca f2 d0 f9 2e 1d f8 05 10 | c2 79 0b db e7 d1 0c 7b 76 2c 27 36 79 c0 b8 fc | 5d 4e 2a a7 34 31 99 89 b9 5c fa 63 7b c5 7e bc | 3d 69 0f e4 d5 e7 f1 50 76 bb 09 bd 67 b4 bd 8d | dc 3b 60 f7 9b a8 70 54 4e 74 ef e7 14 8d a8 ea | 83 cb ba 35 65 ad 1f 10 32 dc 83 71 0f 26 da 2e | 43 cf 63 08 6b e6 67 7b 84 5f f1 ed 18 54 4c cf | 13 47 8d 64 f8 ab 05 ae 9f 16 87 0d 0f fe ba d6 | 94 93 48 d2 89 ce 1b fa d6 9d 1e 74 f1 f6 d7 46 | 38 4f 16 eb 5a a3 f8 34 3e 57 21 42 45 4e 92 0f | 3f 5f c3 c8 f9 5f b2 18 e6 e9 b6 13 5c e4 4d a5 | 46 fc 83 99 7d a3 0e dd 47 4c e3 67 22 06 19 61 | ce 92 b0 97 d4 f4 8f 06 6c 68 78 76 a7 5a e6 5e | 9a e1 d5 1d 61 d4 ba bd 75 19 62 ea | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 58 65 7e 03 6c d2 dc 8b | responder cookie: | 8c 79 d8 bb 28 3b 88 3a | next payload type: ISAKMP_NEXT_HASH (0x8) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_QUICK (0x20) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 2660198645 (0x9e8f68f5) | length: 460 (0x1cc) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32) | State DB: found IKEv1 state #4 in QUICK_I1 (find_state_ikev1) | start processing: state #4 connection "westnet-eastnet-subnets/2x1" from 192.1.2.23 (in process_v1_packet() at ikev1.c:1633) | #4 is idle | #4 idle | received encrypted packet from 192.1.2.23:500 | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x502 opt: 0x200030 | ***parse ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_SA (0x1) | length: 36 (0x24) | got payload 0x2 (ISAKMP_NEXT_SA) needed: 0x402 opt: 0x200030 | ***parse ISAKMP Security Association Payload: | next payload type: ISAKMP_NEXT_NONCE (0xa) | length: 56 (0x38) | DOI: ISAKMP_DOI_IPSEC (0x1) | got payload 0x400 (ISAKMP_NEXT_NONCE) needed: 0x400 opt: 0x200030 | ***parse ISAKMP Nonce Payload: | next payload type: ISAKMP_NEXT_KE (0x4) | length: 36 (0x24) | got payload 0x10 (ISAKMP_NEXT_KE) needed: 0x0 opt: 0x200030 | ***parse ISAKMP Key Exchange Payload: | next payload type: ISAKMP_NEXT_ID (0x5) | length: 260 (0x104) | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030 | ***parse ISAKMP Identification Payload (IPsec DOI): | next payload type: ISAKMP_NEXT_ID (0x5) | length: 16 (0x10) | ID type: ID_IPV4_ADDR_SUBNET (0x4) | Protocol ID: 0 (0x0) | port: 0 (0x0) | obj: c0 00 01 80 ff ff ff f0 | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030 | ***parse ISAKMP Identification Payload (IPsec DOI): | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 16 (0x10) | ID type: ID_IPV4_ADDR_SUBNET (0x4) | Protocol ID: 0 (0x0) | port: 0 (0x0) | obj: c0 00 02 10 ff ff ff f0 | removing 12 bytes of padding | quick_inR1_outI2 HASH(2): | 67 15 61 50 05 07 3b f8 a6 ff f6 f9 23 96 8b 27 | 49 43 97 3e 92 58 47 f4 ed 63 1d ec ce cf 8d 68 | received 'quick_inR1_outI2' message HASH(2) data ok | ****parse IPsec DOI SIT: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) | ****parse ISAKMP Proposal Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 44 (0x2c) | proposal number: 0 (0x0) | protocol ID: PROTO_IPSEC_ESP (0x3) | SPI size: 4 (0x4) | number of transforms: 1 (0x1) | parsing 4 raw bytes of ISAKMP Proposal Payload into SPI | SPI f4 45 51 62 | *****parse ISAKMP Transform Payload (ESP): | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 32 (0x20) | ESP transform number: 0 (0x0) | ESP transform ID: ESP_AES (0xc) | ******parse ISAKMP IPsec DOI attribute: | af+type: AF+GROUP_DESCRIPTION (0x8003) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | ******parse ISAKMP IPsec DOI attribute: | af+type: AF+ENCAPSULATION_MODE (0x8004) | length/value: 1 (0x1) | [1 is ENCAPSULATION_MODE_TUNNEL] | NAT-T non-encap: Installing IPsec SA without ENCAP, st->hidden_variables.st_nat_traversal is none | ******parse ISAKMP IPsec DOI attribute: | af+type: AF+SA_LIFE_TYPE (0x8001) | length/value: 1 (0x1) | [1 is SA_LIFE_TYPE_SECONDS] | ******parse ISAKMP IPsec DOI attribute: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) | length/value: 28800 (0x7080) | ******parse ISAKMP IPsec DOI attribute: | af+type: AF+AUTH_ALGORITHM (0x8005) | length/value: 2 (0x2) | [2 is AUTH_ALGORITHM_HMAC_SHA1] | ******parse ISAKMP IPsec DOI attribute: | af+type: AF+KEY_LENGTH (0x8006) | length/value: 128 (0x80) | ESP IPsec Transform verified unconditionally; no alg_info to check against | started looking for secret for @west->@east of kind PKK_PSK | actually looking for secret for @west->@east of kind PKK_PSK | line 1: key type PKK_PSK(@west) to type PKK_RSA | concluding with best_match=000 best=(nil) (lineno=-1) | no PreShared Key Found | adding quick outI2 DH work-order 10 for state #4 | state #4 requesting EVENT_RETRANSMIT to be deleted | #4 STATE_QUICK_I1: retransmits: cleared | libevent_free: release ptr-libevent@0x7f99580055c8 | free_event_entry: release EVENT_RETRANSMIT-pe@0x55ebb7f29558 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55ebb7f29558 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #4 | libevent_malloc: new ptr-libevent@0x7f99700027d8 size 128 | complete v1 state transition with STF_SUSPEND | [RE]START processing: state #4 connection "westnet-eastnet-subnets/2x1" from 192.1.2.23 (in complete_v1_state_transition() at ikev1.c:2648) | suspending state #4 and saving MD | #4 is busy; has a suspended MD | #4 spent 0.159 milliseconds in process_packet_tail() | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #4 connection "westnet-eastnet-subnets/2x1" from 192.1.2.23 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.434 milliseconds in comm_handle_cb() reading and processing packet | processing resume sending helper answer for #3 | start processing: state #3 connection "westnet-eastnet-subnets/1x2" from 192.1.2.23 (in resume_handler() at server.c:797) | crypto helper 1 replies to request ID 9 | calling continuation function 0x55ebb72bcb50 | quick_inR1_outI2_continue for #3: calculated ke+nonce, calculating DH | **emit ISAKMP Message: | initiator cookie: | 58 65 7e 03 6c d2 dc 8b | responder cookie: | 8c 79 d8 bb 28 3b 88 3a | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_QUICK (0x20) | crypto helper 5 resuming | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 2290284625 (0x8882f851) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address | ID address c0 00 01 00 | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID mask | ID mask ff ff ff f0 | our client is subnet 192.0.1.0/28 | our client protocol/port is 0/0 | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address | ID address c0 00 02 40 | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID mask | ID mask ff ff ff c0 | peer client is subnet 192.0.2.64/26 | peer client protocol/port is 0/0 | ***emit ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'reply packet' | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload | emitting length of ISAKMP Hash Payload: 36 | crypto helper 5 starting work-order 10 for state #4 | crypto helper 5 doing compute dh (V1 Phase 2 PFS) (quick outI2 DH); request ID 10 | quick_inR1_outI2 HASH(3): | ce 51 4c db e7 76 ac b9 99 c8 9d 33 41 7b c8 3c | ca 53 29 99 98 09 69 71 cd b7 22 45 66 fb d8 ae | compute_proto_keymat: needed_len (after ESP enc)=16 | compute_proto_keymat: needed_len (after ESP auth)=36 | install_ipsec_sa() for #3: inbound and outbound | could_route called for westnet-eastnet-subnets/1x2 (kind=CK_PERMANENT) | FOR_EACH_CONNECTION_... in route_owner | conn westnet-eastnet-subnets/1x2 mark 0/00000000, 0/00000000 vs | conn westnet-eastnet-subnets/2x2 mark 0/00000000, 0/00000000 | conn westnet-eastnet-subnets/1x2 mark 0/00000000, 0/00000000 vs | conn westnet-eastnet-subnets/2x1 mark 0/00000000, 0/00000000 | conn westnet-eastnet-subnets/1x2 mark 0/00000000, 0/00000000 vs | conn westnet-eastnet-subnets/1x2 mark 0/00000000, 0/00000000 | conn westnet-eastnet-subnets/1x2 mark 0/00000000, 0/00000000 vs | conn westnet-eastnet-subnets/1x1 mark 0/00000000, 0/00000000 | route owner of "westnet-eastnet-subnets/1x2" unrouted: "westnet-eastnet-subnets/2x2" erouted; eroute owner: NULL | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 | setting IPsec SA replay-window to 32 | NIC esp-hw-offload not for connection 'westnet-eastnet-subnets/1x2' not available on interface eth1 | netlink: enabling tunnel mode | netlink: setting IPsec SA replay-window to 32 using old-style req | netlink: esp-hw-offload not set for IPsec SA | netlink response for Add SA esp.b67af74a@192.1.2.23 included non-error error | set up outgoing SA, ref=0/0 | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 | setting IPsec SA replay-window to 32 | NIC esp-hw-offload not for connection 'westnet-eastnet-subnets/1x2' not available on interface eth1 | netlink: enabling tunnel mode | netlink: setting IPsec SA replay-window to 32 using old-style req | netlink: esp-hw-offload not set for IPsec SA | netlink response for Add SA esp.1b5f9f63@192.1.2.45 included non-error error | priority calculation of connection "westnet-eastnet-subnets/1x2" is 0xfe3e5 | add inbound eroute 192.0.2.64/26:0 --0-> 192.0.1.0/28:0 => tun.10000@192.1.2.45 (raw_eroute) | IPsec Sa SPD priority set to 1041381 | raw_eroute result=success | set up incoming SA, ref=0/0 | sr for #3: unrouted | route_and_eroute() for proto 0, and source port 0 dest port 0 | FOR_EACH_CONNECTION_... in route_owner | conn westnet-eastnet-subnets/1x2 mark 0/00000000, 0/00000000 vs | conn westnet-eastnet-subnets/2x2 mark 0/00000000, 0/00000000 | conn westnet-eastnet-subnets/1x2 mark 0/00000000, 0/00000000 vs | conn westnet-eastnet-subnets/2x1 mark 0/00000000, 0/00000000 | conn westnet-eastnet-subnets/1x2 mark 0/00000000, 0/00000000 vs | conn westnet-eastnet-subnets/1x2 mark 0/00000000, 0/00000000 | conn westnet-eastnet-subnets/1x2 mark 0/00000000, 0/00000000 vs | conn westnet-eastnet-subnets/1x1 mark 0/00000000, 0/00000000 | crypto helper 5 finished compute dh (V1 Phase 2 PFS) (quick outI2 DH); request ID 10 time elapsed 0.001161 seconds | (#4) spent 0.806 milliseconds in crypto helper computing work-order 10: quick outI2 DH (pcr) | crypto helper 5 sending results from work-order 10 for state #4 to event queue | scheduling resume sending helper answer for #4 | libevent_malloc: new ptr-libevent@0x7f9958005518 size 128 | crypto helper 5 waiting (nothing to do) | route owner of "westnet-eastnet-subnets/1x2" unrouted: "westnet-eastnet-subnets/2x2" erouted; eroute owner: NULL | route_and_eroute with c: westnet-eastnet-subnets/1x2 (next: none) ero:null esr:{(nil)} ro:westnet-eastnet-subnets/2x2 rosr:{0x55ebb7f498e8} and state: #3 | priority calculation of connection "westnet-eastnet-subnets/1x2" is 0xfe3e5 | eroute_connection add eroute 192.0.1.0/28:0 --0-> 192.0.2.64/26:0 => tun.0@192.1.2.23 (raw_eroute) | IPsec Sa SPD priority set to 1041381 | raw_eroute result=success | running updown command "ipsec _updown" for verb up | command executing up-client | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-subnets/1x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/28' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.240' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.64/26' PLUTO_PEER_CLIENT_NET='192.0.2.64' PLUTO_PEER_CLIENT_MASK='255.255.255.192' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED=' | popen cmd is 1055 chars long | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-sub: | cmd( 80):nets/1x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.4: | cmd( 160):5' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/28' PLUTO_MY_CLIENT_NET='192.0: | cmd( 240):.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.240' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL: | cmd( 320):='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PE: | cmd( 400):ER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.64/26' PLUTO_PEER_CLIENT_NET='192.0.2.6: | cmd( 480):4' PLUTO_PEER_CLIENT_MASK='255.255.255.192' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTO: | cmd( 560):COL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLIC: | cmd( 640):Y='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' P: | cmd( 720):LUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_: | cmd( 800):IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BA: | cmd( 880):NNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IF: | cmd( 960):ACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xb67af74a SPI_OUT=0x1b5f9f63 ips: | cmd(1040):ec _updown 2>&1: | route_and_eroute: firewall_notified: true | route_and_eroute: instance "westnet-eastnet-subnets/1x2", setting eroute_owner {spd=0x55ebb7f48bc8,sr=0x55ebb7f48bc8} to #3 (was #0) (newest_ipsec_sa=#0) | #1 spent 0.909 milliseconds in install_ipsec_sa() | emitting 12 zero bytes of encryption padding into ISAKMP Message | no IKEv1 message padding required | emitting length of ISAKMP Message: 76 | inR1_outI2: instance westnet-eastnet-subnets/1x2[0], setting IKEv1 newest_ipsec_sa to #3 (was #0) (spd.eroute=#3) cloned from #1 | DPD: dpd_init() called on IPsec SA | DPD: Peer does not support Dead Peer Detection | complete v1 state transition with STF_OK | [RE]START processing: state #3 connection "westnet-eastnet-subnets/1x2" from 192.1.2.23 (in complete_v1_state_transition() at ikev1.c:2673) | #3 is idle | doing_xauth:no, t_xauth_client_done:no | IKEv1: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2 | child state #3: QUICK_I1(established CHILD SA) => QUICK_I2(established CHILD SA) | event_already_set, deleting event | state #3 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f995c001f78 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55ebb7f4cfa8 | sending reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending 76 bytes for STATE_QUICK_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #3) | 58 65 7e 03 6c d2 dc 8b 8c 79 d8 bb 28 3b 88 3a | 08 10 20 01 88 82 f8 51 00 00 00 4c a8 28 aa 96 | 3a e1 56 ad d9 5e 9e dc 1d d0 e6 45 63 97 d9 ee | 02 90 14 e3 bf 40 d3 79 29 1d fe 44 8d 6d 29 4b | 89 85 33 4a ef de f1 06 30 6d 76 67 | !event_already_set at reschedule | event_schedule: new EVENT_SA_REPLACE-pe@0x55ebb7f4cfa8 | inserting event EVENT_SA_REPLACE, timeout in 27829 seconds for #3 | libevent_malloc: new ptr-libevent@0x55ebb7f48918 size 128 | pstats #3 ikev1.ipsec established | NAT-T: encaps is 'auto' "westnet-eastnet-subnets/1x2" #3: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode {ESP=>0xb67af74a <0x1b5f9f63 xfrm=AES_CBC_128-HMAC_SHA1_96 NATOA=none NATD=none DPD=passive} | modecfg pull: noquirk policy:push not-client | phase 1 is done, looking for phase 2 to unpend | close_any(fd@27) (in release_whack() at state.c:654) | resume sending helper answer for #3 suppresed complete_v1_state_transition() | #3 spent 1.43 milliseconds in resume sending helper answer | stop processing: state #3 connection "westnet-eastnet-subnets/1x2" from 192.1.2.23 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f9968000e98 | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00489 milliseconds in signal handler PLUTO_SIGCHLD | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.0034 milliseconds in signal handler PLUTO_SIGCHLD | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00691 milliseconds in signal handler PLUTO_SIGCHLD | processing resume sending helper answer for #4 | start processing: state #4 connection "westnet-eastnet-subnets/2x1" from 192.1.2.23 (in resume_handler() at server.c:797) | crypto helper 5 replies to request ID 10 | calling continuation function 0x55ebb72bcb50 | quick_inR1_outI2_continue for #4: calculated ke+nonce, calculating DH | **emit ISAKMP Message: | initiator cookie: | 58 65 7e 03 6c d2 dc 8b | responder cookie: | 8c 79 d8 bb 28 3b 88 3a | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_QUICK (0x20) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 2660198645 (0x9e8f68f5) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address | ID address c0 00 01 80 | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID mask | ID mask ff ff ff f0 | our client is subnet 192.0.1.128/28 | our client protocol/port is 0/0 | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address | ID address c0 00 02 10 | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID mask | ID mask ff ff ff f0 | peer client is subnet 192.0.2.16/28 | peer client protocol/port is 0/0 | ***emit ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'reply packet' | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload | emitting length of ISAKMP Hash Payload: 36 | quick_inR1_outI2 HASH(3): | b9 c3 75 e9 5e 12 b8 e8 7e 08 1d 4c 43 74 29 e9 | 5c 72 3c ab 6b 63 6a 43 10 6e 80 b4 c0 e0 25 a2 | compute_proto_keymat: needed_len (after ESP enc)=16 | compute_proto_keymat: needed_len (after ESP auth)=36 | install_ipsec_sa() for #4: inbound and outbound | could_route called for westnet-eastnet-subnets/2x1 (kind=CK_PERMANENT) | FOR_EACH_CONNECTION_... in route_owner | conn westnet-eastnet-subnets/2x1 mark 0/00000000, 0/00000000 vs | conn westnet-eastnet-subnets/2x2 mark 0/00000000, 0/00000000 | conn westnet-eastnet-subnets/2x1 mark 0/00000000, 0/00000000 vs | conn westnet-eastnet-subnets/2x1 mark 0/00000000, 0/00000000 | conn westnet-eastnet-subnets/2x1 mark 0/00000000, 0/00000000 vs | conn westnet-eastnet-subnets/1x2 mark 0/00000000, 0/00000000 | conn westnet-eastnet-subnets/2x1 mark 0/00000000, 0/00000000 vs | conn westnet-eastnet-subnets/1x1 mark 0/00000000, 0/00000000 | route owner of "westnet-eastnet-subnets/2x1" unrouted: "westnet-eastnet-subnets/1x1" erouted; eroute owner: NULL | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 | setting IPsec SA replay-window to 32 | NIC esp-hw-offload not for connection 'westnet-eastnet-subnets/2x1' not available on interface eth1 | netlink: enabling tunnel mode | netlink: setting IPsec SA replay-window to 32 using old-style req | netlink: esp-hw-offload not set for IPsec SA | netlink response for Add SA esp.f4455162@192.1.2.23 included non-error error | set up outgoing SA, ref=0/0 | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 | setting IPsec SA replay-window to 32 | NIC esp-hw-offload not for connection 'westnet-eastnet-subnets/2x1' not available on interface eth1 | netlink: enabling tunnel mode | netlink: setting IPsec SA replay-window to 32 using old-style req | netlink: esp-hw-offload not set for IPsec SA | netlink response for Add SA esp.95087394@192.1.2.45 included non-error error | priority calculation of connection "westnet-eastnet-subnets/2x1" is 0xfe3e3 | add inbound eroute 192.0.2.16/28:0 --0-> 192.0.1.128/28:0 => tun.10000@192.1.2.45 (raw_eroute) | IPsec Sa SPD priority set to 1041379 | raw_eroute result=success | set up incoming SA, ref=0/0 | sr for #4: unrouted | route_and_eroute() for proto 0, and source port 0 dest port 0 | FOR_EACH_CONNECTION_... in route_owner | conn westnet-eastnet-subnets/2x1 mark 0/00000000, 0/00000000 vs | conn westnet-eastnet-subnets/2x2 mark 0/00000000, 0/00000000 | conn westnet-eastnet-subnets/2x1 mark 0/00000000, 0/00000000 vs | conn westnet-eastnet-subnets/2x1 mark 0/00000000, 0/00000000 | conn westnet-eastnet-subnets/2x1 mark 0/00000000, 0/00000000 vs | conn westnet-eastnet-subnets/1x2 mark 0/00000000, 0/00000000 | conn westnet-eastnet-subnets/2x1 mark 0/00000000, 0/00000000 vs | conn westnet-eastnet-subnets/1x1 mark 0/00000000, 0/00000000 | route owner of "westnet-eastnet-subnets/2x1" unrouted: "westnet-eastnet-subnets/1x1" erouted; eroute owner: NULL | route_and_eroute with c: westnet-eastnet-subnets/2x1 (next: none) ero:null esr:{(nil)} ro:westnet-eastnet-subnets/1x1 rosr:{0x55ebb7f47868} and state: #4 | priority calculation of connection "westnet-eastnet-subnets/2x1" is 0xfe3e3 | eroute_connection add eroute 192.0.1.128/28:0 --0-> 192.0.2.16/28:0 => tun.0@192.1.2.23 (raw_eroute) | IPsec Sa SPD priority set to 1041379 | raw_eroute result=success | running updown command "ipsec _updown" for verb up | command executing up-client | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-subnets/2x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.128/28' PLUTO_MY_CLIENT_NET='192.0.1.128' PLUTO_MY_CLIENT_MASK='255.255.255.240' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16396' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.16/28' PLUTO_PEER_CLIENT_NET='192.0.2.16' PLUTO_PEER_CLIENT_MASK='255.255.255.240' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHAR | popen cmd is 1059 chars long | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-sub: | cmd( 80):nets/2x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.4: | cmd( 160):5' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.128/28' PLUTO_MY_CLIENT_NET='192: | cmd( 240):.0.1.128' PLUTO_MY_CLIENT_MASK='255.255.255.240' PLUTO_MY_PORT='0' PLUTO_MY_PROT: | cmd( 320):OCOL='0' PLUTO_SA_REQID='16396' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUT: | cmd( 400):O_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.16/28' PLUTO_PEER_CLIENT_NET='192.0: | cmd( 480):.2.16' PLUTO_PEER_CLIENT_MASK='255.255.255.240' PLUTO_PEER_PORT='0' PLUTO_PEER_P: | cmd( 560):ROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_P: | cmd( 640):OLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_N: | cmd( 720):O' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PL: | cmd( 800):UTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEE: | cmd( 880):R_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VT: | cmd( 960):I_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xf4455162 SPI_OUT=0x95087394: | cmd(1040): ipsec _updown 2>&1: | route_and_eroute: firewall_notified: true | route_and_eroute: instance "westnet-eastnet-subnets/2x1", setting eroute_owner {spd=0x55ebb7f491b8,sr=0x55ebb7f491b8} to #4 (was #0) (newest_ipsec_sa=#0) | #1 spent 0.957 milliseconds in install_ipsec_sa() | emitting 12 zero bytes of encryption padding into ISAKMP Message | no IKEv1 message padding required | emitting length of ISAKMP Message: 76 | inR1_outI2: instance westnet-eastnet-subnets/2x1[0], setting IKEv1 newest_ipsec_sa to #4 (was #0) (spd.eroute=#4) cloned from #1 | DPD: dpd_init() called on IPsec SA | DPD: Peer does not support Dead Peer Detection | complete v1 state transition with STF_OK | [RE]START processing: state #4 connection "westnet-eastnet-subnets/2x1" from 192.1.2.23 (in complete_v1_state_transition() at ikev1.c:2673) | #4 is idle | doing_xauth:no, t_xauth_client_done:no | IKEv1: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2 | child state #4: QUICK_I1(established CHILD SA) => QUICK_I2(established CHILD SA) | event_already_set, deleting event | state #4 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f99700027d8 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55ebb7f29558 | sending reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending 76 bytes for STATE_QUICK_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #4) | 58 65 7e 03 6c d2 dc 8b 8c 79 d8 bb 28 3b 88 3a | 08 10 20 01 9e 8f 68 f5 00 00 00 4c 92 c2 67 fa | 9c 21 19 ba 01 cd 92 0a 07 75 07 d0 0c ac ad be | b0 0a 52 3a 01 59 d9 9b 81 6b 38 f1 21 f1 b8 bf | 23 e3 ae 86 87 da 7b d5 5a 90 3a ac | !event_already_set at reschedule | event_schedule: new EVENT_SA_REPLACE-pe@0x55ebb7f29558 | inserting event EVENT_SA_REPLACE, timeout in 27768 seconds for #4 | libevent_malloc: new ptr-libevent@0x7f9968000e98 size 128 | pstats #4 ikev1.ipsec established | NAT-T: encaps is 'auto' "westnet-eastnet-subnets/2x1" #4: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode {ESP=>0xf4455162 <0x95087394 xfrm=AES_CBC_128-HMAC_SHA1_96 NATOA=none NATD=none DPD=passive} | modecfg pull: noquirk policy:push not-client | phase 1 is done, looking for phase 2 to unpend | close_any(fd@26) (in release_whack() at state.c:654) | resume sending helper answer for #4 suppresed complete_v1_state_transition() | #4 spent 1.48 milliseconds in resume sending helper answer | stop processing: state #4 connection "westnet-eastnet-subnets/2x1" from 192.1.2.23 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f9958005518 | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00483 milliseconds in signal handler PLUTO_SIGCHLD | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00338 milliseconds in signal handler PLUTO_SIGCHLD | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | FOR_EACH_STATE_... in show_traffic_status (sort_states) | FOR_EACH_STATE_... in sort_states | get_sa_info esp.4a46f032@192.1.2.45 | get_sa_info esp.b2d9847b@192.1.2.23 | get_sa_info esp.1b5f9f63@192.1.2.45 | get_sa_info esp.b67af74a@192.1.2.23 | get_sa_info esp.95087394@192.1.2.45 | get_sa_info esp.f4455162@192.1.2.23 | get_sa_info esp.fae87546@192.1.2.45 | get_sa_info esp.700402af@192.1.2.23 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.103 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | dup_any(fd@16) -> fd@23 (in whack_process() at rcv_whack.c:590) | FOR_EACH_CONNECTION_... in conn_by_name initiating all conns with alias='westnet-eastnet-subnets' | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | start processing: connection "westnet-eastnet-subnets/2x2" (in initiate_a_connection() at initiate.c:186) | empty esp_info, returning defaults for ENCRYPT | connection 'westnet-eastnet-subnets/2x2' +POLICY_UP | dup_any(fd@23) -> fd@24 (in initiate_a_connection() at initiate.c:342) | FOR_EACH_STATE_... in find_phase1_state | creating state object #6 at 0x55ebb7f58358 | State DB: adding IKEv1 state #6 in UNDEFINED | pstats #6 ikev1.ipsec started | duplicating state object #1 "westnet-eastnet-subnets/2x2" as #6 for IPSEC SA | #6 setting local endpoint to 192.1.2.45:500 from #1.st_localport (in duplicate_state() at state.c:1484) | suspend processing: connection "westnet-eastnet-subnets/2x2" (in quick_outI1() at ikev1_quick.c:685) | start processing: state #6 connection "westnet-eastnet-subnets/2x2" from 192.1.2.23 (in quick_outI1() at ikev1_quick.c:685) | child state #6: UNDEFINED(ignore) => QUICK_I1(established CHILD SA) "westnet-eastnet-subnets/2x2" #6: initiating Quick Mode RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO {using isakmp#1 msgid:c029f88b proposal=defaults pfsgroup=MODP2048} | adding quick_outI1 KE work-order 11 for state #6 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f99600058b8 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #6 | libevent_malloc: new ptr-libevent@0x7f9958005518 size 128 | stop processing: state #6 connection "westnet-eastnet-subnets/2x2" from 192.1.2.23 (in quick_outI1() at ikev1_quick.c:764) | resume processing: connection "westnet-eastnet-subnets/2x2" (in quick_outI1() at ikev1_quick.c:764) | stop processing: connection "westnet-eastnet-subnets/2x2" (in initiate_a_connection() at initiate.c:349) | crypto helper 4 resuming | start processing: connection "westnet-eastnet-subnets/2x1" (in initiate_a_connection() at initiate.c:186) | empty esp_info, returning defaults for ENCRYPT | crypto helper 4 starting work-order 11 for state #6 | connection 'westnet-eastnet-subnets/2x1' +POLICY_UP | crypto helper 4 doing build KE and nonce (quick_outI1 KE); request ID 11 | dup_any(fd@23) -> fd@25 (in initiate_a_connection() at initiate.c:342) | FOR_EACH_STATE_... in find_phase1_state | creating state object #7 at 0x55ebb7f66788 | State DB: adding IKEv1 state #7 in UNDEFINED | pstats #7 ikev1.ipsec started | duplicating state object #1 "westnet-eastnet-subnets/2x2" as #7 for IPSEC SA | #7 setting local endpoint to 192.1.2.45:500 from #1.st_localport (in duplicate_state() at state.c:1484) | in connection_discard for connection westnet-eastnet-subnets/2x2 | suspend processing: connection "westnet-eastnet-subnets/2x1" (in quick_outI1() at ikev1_quick.c:685) | start processing: state #7 connection "westnet-eastnet-subnets/2x1" from 192.1.2.23 (in quick_outI1() at ikev1_quick.c:685) | child state #7: UNDEFINED(ignore) => QUICK_I1(established CHILD SA) "westnet-eastnet-subnets/2x1" #7: initiating Quick Mode RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO {using isakmp#1 msgid:589c96ee proposal=defaults pfsgroup=MODP2048} | adding quick_outI1 KE work-order 12 for state #7 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f996c004218 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #7 | libevent_malloc: new ptr-libevent@0x55ebb7f537a8 size 128 | stop processing: state #7 connection "westnet-eastnet-subnets/2x1" from 192.1.2.23 (in quick_outI1() at ikev1_quick.c:764) | resume processing: connection "westnet-eastnet-subnets/2x1" (in quick_outI1() at ikev1_quick.c:764) | stop processing: connection "westnet-eastnet-subnets/2x1" (in initiate_a_connection() at initiate.c:349) | crypto helper 2 resuming | crypto helper 2 starting work-order 12 for state #7 | start processing: connection "westnet-eastnet-subnets/1x2" (in initiate_a_connection() at initiate.c:186) | crypto helper 2 doing build KE and nonce (quick_outI1 KE); request ID 12 | empty esp_info, returning defaults for ENCRYPT | connection 'westnet-eastnet-subnets/1x2' +POLICY_UP | dup_any(fd@23) -> fd@26 (in initiate_a_connection() at initiate.c:342) | FOR_EACH_STATE_... in find_phase1_state | creating state object #8 at 0x55ebb7f67e48 | State DB: adding IKEv1 state #8 in UNDEFINED | pstats #8 ikev1.ipsec started | duplicating state object #1 "westnet-eastnet-subnets/2x2" as #8 for IPSEC SA | #8 setting local endpoint to 192.1.2.45:500 from #1.st_localport (in duplicate_state() at state.c:1484) | in connection_discard for connection westnet-eastnet-subnets/2x2 | suspend processing: connection "westnet-eastnet-subnets/1x2" (in quick_outI1() at ikev1_quick.c:685) | start processing: state #8 connection "westnet-eastnet-subnets/1x2" from 192.1.2.23 (in quick_outI1() at ikev1_quick.c:685) | child state #8: UNDEFINED(ignore) => QUICK_I1(established CHILD SA) "westnet-eastnet-subnets/1x2" #8: initiating Quick Mode RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO {using isakmp#1 msgid:e65ab23a proposal=defaults pfsgroup=MODP2048} | adding quick_outI1 KE work-order 13 for state #8 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55ebb7f59a18 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #8 | libevent_malloc: new ptr-libevent@0x55ebb7f536f8 size 128 | stop processing: state #8 connection "westnet-eastnet-subnets/1x2" from 192.1.2.23 (in quick_outI1() at ikev1_quick.c:764) | resume processing: connection "westnet-eastnet-subnets/1x2" (in quick_outI1() at ikev1_quick.c:764) | stop processing: connection "westnet-eastnet-subnets/1x2" (in initiate_a_connection() at initiate.c:349) | crypto helper 3 resuming | crypto helper 3 starting work-order 13 for state #8 | start processing: connection "westnet-eastnet-subnets/1x1" (in initiate_a_connection() at initiate.c:186) | crypto helper 3 doing build KE and nonce (quick_outI1 KE); request ID 13 | empty esp_info, returning defaults for ENCRYPT | connection 'westnet-eastnet-subnets/1x1' +POLICY_UP | dup_any(fd@23) -> fd@27 (in initiate_a_connection() at initiate.c:342) | FOR_EACH_STATE_... in find_phase1_state | creating state object #9 at 0x55ebb7f69508 | State DB: adding IKEv1 state #9 in UNDEFINED | pstats #9 ikev1.ipsec started | duplicating state object #1 "westnet-eastnet-subnets/2x2" as #9 for IPSEC SA | #9 setting local endpoint to 192.1.2.45:500 from #1.st_localport (in duplicate_state() at state.c:1484) | in connection_discard for connection westnet-eastnet-subnets/2x2 | suspend processing: connection "westnet-eastnet-subnets/1x1" (in quick_outI1() at ikev1_quick.c:685) | start processing: state #9 connection "westnet-eastnet-subnets/1x1" from 192.1.2.23 (in quick_outI1() at ikev1_quick.c:685) | child state #9: UNDEFINED(ignore) => QUICK_I1(established CHILD SA) "westnet-eastnet-subnets/1x1" #9: initiating Quick Mode RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO {using isakmp#1 msgid:f697ebe2 proposal=defaults pfsgroup=MODP2048} | adding quick_outI1 KE work-order 14 for state #9 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55ebb7f51a28 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #9 | libevent_malloc: new ptr-libevent@0x55ebb7f4b6e8 size 128 | stop processing: state #9 connection "westnet-eastnet-subnets/1x1" from 192.1.2.23 (in quick_outI1() at ikev1_quick.c:764) | resume processing: connection "westnet-eastnet-subnets/1x1" (in quick_outI1() at ikev1_quick.c:764) | stop processing: connection "westnet-eastnet-subnets/1x1" (in initiate_a_connection() at initiate.c:349) | crypto helper 6 resuming | close_any(fd@23) (in initiate_connection() at initiate.c:384) | crypto helper 6 starting work-order 14 for state #9 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | crypto helper 6 doing build KE and nonce (quick_outI1 KE); request ID 14 | spent 0.702 milliseconds in whack | crypto helper 6 finished build KE and nonce (quick_outI1 KE); request ID 14 time elapsed 0.003038 seconds | (#9) spent 1.2 milliseconds in crypto helper computing work-order 14: quick_outI1 KE (pcr) | crypto helper 6 sending results from work-order 14 for state #9 to event queue | scheduling resume sending helper answer for #9 | libevent_malloc: new ptr-libevent@0x7f995c007858 size 128 | crypto helper 6 waiting (nothing to do) | processing resume sending helper answer for #9 | crypto helper 2 finished build KE and nonce (quick_outI1 KE); request ID 12 time elapsed 0.003235 seconds | start processing: state #9 connection "westnet-eastnet-subnets/1x1" from 192.1.2.23 (in resume_handler() at server.c:797) | crypto helper 3 finished build KE and nonce (quick_outI1 KE); request ID 13 time elapsed 0.003169 seconds | crypto helper 6 replies to request ID 14 | (#8) spent 0.654 milliseconds in crypto helper computing work-order 13: quick_outI1 KE (pcr) | crypto helper 3 sending results from work-order 13 for state #8 to event queue | (#7) spent 0.68 milliseconds in crypto helper computing work-order 12: quick_outI1 KE (pcr) | crypto helper 2 sending results from work-order 12 for state #7 to event queue | crypto helper 4 finished build KE and nonce (quick_outI1 KE); request ID 11 time elapsed 0.003331 seconds | calling continuation function 0x55ebb72bcb50 | (#6) spent 0.975 milliseconds in crypto helper computing work-order 11: quick_outI1 KE (pcr) | quick_outI1_continue for #9: calculated ke+nonce, sending I1 | scheduling resume sending helper answer for #7 | scheduling resume sending helper answer for #8 | libevent_malloc: new ptr-libevent@0x7f996000cd68 size 128 | libevent_malloc: new ptr-libevent@0x7f996c00a028 size 128 | libevent_realloc: release ptr-libevent@0x55ebb7f489c8 | **emit ISAKMP Message: | crypto helper 3 waiting (nothing to do) | crypto helper 4 sending results from work-order 11 for state #6 to event queue | libevent_realloc: new ptr-libevent@0x7f996c00a238 size 256 | crypto helper 2 waiting (nothing to do) | scheduling resume sending helper answer for #6 | initiator cookie: | 58 65 7e 03 6c d2 dc 8b | responder cookie: | 8c 79 d8 bb 28 3b 88 3a | libevent_malloc: new ptr-libevent@0x7f996400a038 size 128 | next payload type: ISAKMP_NEXT_NONE (0x0) | crypto helper 4 waiting (nothing to do) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_QUICK (0x20) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 4137151458 (0xf697ebe2) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'reply packet' | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload | emitting length of ISAKMP Hash Payload: 36 | emitting quick defaults using policy none | empty esp_info, returning defaults for ENCRYPT | ***emit ISAKMP Security Association Payload: | next payload type: ISAKMP_NEXT_NONCE (0xa) | DOI: ISAKMP_DOI_IPSEC (0x1) | next payload chain: ignoring supplied 'ISAKMP Security Association Payload'.'next payload type' value 10:ISAKMP_NEXT_NONCE | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Security Association Payload (1:ISAKMP_NEXT_SA) | next payload chain: saving location 'ISAKMP Security Association Payload'.'next payload type' in 'reply packet' | ****emit IPsec DOI SIT: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) | ikev1_out_sa pcn: 0 has 1 valid proposals | ikev1_out_sa pcn: 0 pn: 0<1 valid_count: 1 trans_cnt: 2 | ****emit ISAKMP Proposal Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | proposal number: 0 (0x0) | protocol ID: PROTO_IPSEC_ESP (0x3) | SPI size: 4 (0x4) | number of transforms: 2 (0x2) | last substructure: saving location 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' | netlink_get_spi: allocated 0xfbe27bd0 for esp.0@192.1.2.45 | emitting 4 raw bytes of SPI into ISAKMP Proposal Payload | SPI fb e2 7b d0 | *****emit ISAKMP Transform Payload (ESP): | next payload type: ISAKMP_NEXT_T (0x3) | ESP transform number: 0 (0x0) | ESP transform ID: ESP_AES (0xc) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+GROUP_DESCRIPTION (0x8003) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+ENCAPSULATION_MODE (0x8004) | length/value: 1 (0x1) | [1 is ENCAPSULATION_MODE_TUNNEL] | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+SA_LIFE_TYPE (0x8001) | length/value: 1 (0x1) | [1 is SA_LIFE_TYPE_SECONDS] | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) | length/value: 28800 (0x7080) | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+AUTH_ALGORITHM (0x8005) | length/value: 2 (0x2) | [2 is AUTH_ALGORITHM_HMAC_SHA1] | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+KEY_LENGTH (0x8006) | length/value: 128 (0x80) | emitting length of ISAKMP Transform Payload (ESP): 32 | *****emit ISAKMP Transform Payload (ESP): | next payload type: ISAKMP_NEXT_NONE (0x0) | ESP transform number: 1 (0x1) | ESP transform ID: ESP_3DES (0x3) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+GROUP_DESCRIPTION (0x8003) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+ENCAPSULATION_MODE (0x8004) | length/value: 1 (0x1) | [1 is ENCAPSULATION_MODE_TUNNEL] | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+SA_LIFE_TYPE (0x8001) | length/value: 1 (0x1) | [1 is SA_LIFE_TYPE_SECONDS] | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) | length/value: 28800 (0x7080) | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+AUTH_ALGORITHM (0x8005) | length/value: 2 (0x2) | [2 is AUTH_ALGORITHM_HMAC_SHA1] | emitting length of ISAKMP Transform Payload (ESP): 28 | emitting length of ISAKMP Proposal Payload: 72 | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' is 0 | emitting length of ISAKMP Security Association Payload: 84 | last substructure: checking 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' is 0 | ***emit ISAKMP Nonce Payload: | next payload type: ISAKMP_NEXT_KE (0x4) | next payload chain: ignoring supplied 'ISAKMP Nonce Payload'.'next payload type' value 4:ISAKMP_NEXT_KE | next payload chain: setting previous 'ISAKMP Security Association Payload'.'next payload type' to current ISAKMP Nonce Payload (10:ISAKMP_NEXT_NONCE) | next payload chain: saving location 'ISAKMP Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of Ni into ISAKMP Nonce Payload | Ni d2 d0 63 d7 cc f5 b3 87 02 bd d1 1f f3 6c 42 a5 | Ni 69 a1 1b 09 af b7 44 55 29 07 c7 2d 26 42 69 63 | emitting length of ISAKMP Nonce Payload: 36 | ***emit ISAKMP Key Exchange Payload: | next payload type: ISAKMP_NEXT_ID (0x5) | next payload chain: ignoring supplied 'ISAKMP Key Exchange Payload'.'next payload type' value 5:ISAKMP_NEXT_ID | next payload chain: setting previous 'ISAKMP Nonce Payload'.'next payload type' to current ISAKMP Key Exchange Payload (4:ISAKMP_NEXT_KE) | next payload chain: saving location 'ISAKMP Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of keyex value into ISAKMP Key Exchange Payload | keyex value 43 a1 ed cb ab 67 0d df d9 64 06 c5 9a 02 65 ca | keyex value 53 6b 33 d8 18 d0 c8 09 58 c2 f9 2e c3 e8 28 51 | keyex value 73 c2 0e 06 1f c8 ee 9a 2e 91 1c 4a 0f ec 09 65 | keyex value a0 eb 8c 62 25 d0 9c 26 f8 6a de d3 0a b9 00 17 | keyex value 99 57 c5 d9 37 ad d1 a8 89 02 15 82 fa da 32 50 | keyex value a4 0f ea 67 f8 47 cb ee 7f 0f d9 b3 81 5d 8f 09 | keyex value f2 1e 13 89 aa b1 77 f1 cc d1 02 0b 35 6b 70 c2 | keyex value 00 b0 04 8a 4b 51 e9 5b aa b3 11 b9 8d 9f 34 b0 | keyex value b2 07 5c 79 2d 20 14 eb 98 19 32 95 11 f0 fc 41 | keyex value 38 fe 57 f9 03 af 27 57 b8 f3 a9 67 99 9d 5b 71 | keyex value 68 bd 52 7b 59 36 a9 74 db 23 c9 a4 91 ba 5d b6 | keyex value 06 79 9c 6f a6 de be 03 56 c9 a5 d9 ad 37 bb 89 | keyex value 48 b3 fc 4e 1f 21 bc 59 d0 70 81 62 92 78 48 5f | keyex value 16 a9 5f 3c 79 e7 3a 80 c7 c1 ac 11 61 46 6c c6 | keyex value 54 f1 95 e8 c1 62 ec 6c d8 5f 1f ff 30 94 7f 22 | keyex value 6d d1 a3 fc 60 f7 f2 63 e5 51 ff 3d d6 17 ab f0 | emitting length of ISAKMP Key Exchange Payload: 260 | ***emit ISAKMP Identification Payload (IPsec DOI): | next payload type: ISAKMP_NEXT_ID (0x5) | ID type: ID_IPV4_ADDR_SUBNET (0x4) | Protocol ID: 0 (0x0) | port: 0 (0x0) | next payload chain: ignoring supplied 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' value 5:ISAKMP_NEXT_ID | next payload chain: setting previous 'ISAKMP Key Exchange Payload'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' | emitting 4 raw bytes of client network into ISAKMP Identification Payload (IPsec DOI) | client network c0 00 01 00 | emitting 4 raw bytes of client mask into ISAKMP Identification Payload (IPsec DOI) | client mask ff ff ff f0 | emitting length of ISAKMP Identification Payload (IPsec DOI): 16 | ***emit ISAKMP Identification Payload (IPsec DOI): | next payload type: ISAKMP_NEXT_NONE (0x0) | ID type: ID_IPV4_ADDR_SUBNET (0x4) | Protocol ID: 0 (0x0) | port: 0 (0x0) | next payload chain: setting previous 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' | emitting 4 raw bytes of client network into ISAKMP Identification Payload (IPsec DOI) | client network c0 00 02 10 | emitting 4 raw bytes of client mask into ISAKMP Identification Payload (IPsec DOI) | client mask ff ff ff f0 | emitting length of ISAKMP Identification Payload (IPsec DOI): 16 | outI1 HASH(1): | 4b 68 1f be 51 57 f9 d6 ac 88 fc 6f 3c f6 a3 22 | 0a 29 2b b0 43 2e 16 86 a3 89 44 fd 55 b2 49 e7 | no IKEv1 message padding required | emitting length of ISAKMP Message: 476 | sending 476 bytes for reply packet from quick_outI1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #9) | 58 65 7e 03 6c d2 dc 8b 8c 79 d8 bb 28 3b 88 3a | 08 10 20 01 f6 97 eb e2 00 00 01 dc e7 a4 ca ce | 12 fd d3 77 9c af 00 bd 83 26 a7 c1 f3 35 4b 7b | 06 8c a9 05 d1 6a a4 3c d1 2e b6 76 77 f8 64 34 | 6c e9 32 5c 78 ce 32 45 48 ca f6 f7 4e 56 51 15 | a5 d1 01 1c d3 c0 26 8e 95 34 9b d8 de a0 94 b2 | e7 bf c6 81 2a 8a 68 a5 92 76 e5 33 c9 b3 cc f8 | c2 7a ad 68 73 9e 56 70 d7 11 77 98 e5 5d 20 22 | 5d 79 f7 00 d1 92 e1 e1 20 af 9a a7 82 e9 0e 7f | 67 f1 d2 34 df c7 87 1c 02 ba 32 f1 57 fe e3 23 | f3 10 38 5e 27 ba a0 2a d8 95 1a 5b e2 4b 0a ee | 10 ce 38 91 65 d1 54 90 a4 e6 66 9f 34 8d 4d a7 | d7 0a e9 6e 8e c8 c4 c2 45 1b 51 8b 88 96 18 0b | 13 69 bf f4 8e 44 cd fc 61 ad 79 37 23 c8 69 74 | 10 25 81 cb c7 fe 67 c6 2d fc 16 6d 3a f3 a1 85 | 30 38 0e d3 27 47 f2 c8 a5 e9 40 fd fc 99 97 14 | 99 48 cf 42 39 ab 22 5d e3 4b 08 ab 3a 7b 2f f2 | f0 0e 14 7e 5d ab f3 e4 29 c9 3a de a9 d2 da 11 | cb a7 96 45 16 8c 4e 31 51 66 9f 52 87 74 4d 8a | 2e 9c aa 62 3a 0f f7 45 85 8e 6a e3 b1 4a 58 13 | ee 28 0b 27 7f 67 2e ea d3 37 1f 63 a3 59 ee 2c | 30 b8 e5 57 77 44 15 82 8c ac 0d 7f 10 67 83 80 | 77 37 3e 7b 5f 7d 07 e8 a7 f7 5c b5 58 27 25 60 | b0 a9 c8 da 89 e0 41 54 1d 76 15 24 46 73 8b 0a | f1 9b a0 c4 78 23 4f 36 d3 e4 73 cb d2 38 e9 35 | 36 03 ce 3c ac 3d 51 ce 07 64 a1 df 5b fe 1e fe | b9 60 9a f2 b8 06 17 c7 66 52 3c 1e 5e 79 26 81 | 16 bb 66 01 87 c4 c7 73 ac 7b b5 b4 79 28 ed 62 | c1 fa c5 74 fc b6 f4 a8 e1 b4 95 68 72 09 36 6f | f4 80 c9 76 7d 9f 6f 1e 13 89 d0 c2 | state #9 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x55ebb7f4b6e8 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55ebb7f51a28 | event_schedule: new EVENT_RETRANSMIT-pe@0x55ebb7f51a28 | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #9 | libevent_malloc: new ptr-libevent@0x55ebb7f62628 size 128 | #9 STATE_QUICK_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 11347.570571 | resume sending helper answer for #9 suppresed complete_v1_state_transition() | #9 spent 0.846 milliseconds in resume sending helper answer | stop processing: state #9 connection "westnet-eastnet-subnets/1x1" from 192.1.2.23 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f995c007858 | processing resume sending helper answer for #8 | start processing: state #8 connection "westnet-eastnet-subnets/1x2" from 192.1.2.23 (in resume_handler() at server.c:797) | crypto helper 3 replies to request ID 13 | calling continuation function 0x55ebb72bcb50 | quick_outI1_continue for #8: calculated ke+nonce, sending I1 | **emit ISAKMP Message: | initiator cookie: | 58 65 7e 03 6c d2 dc 8b | responder cookie: | 8c 79 d8 bb 28 3b 88 3a | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_QUICK (0x20) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 3864703546 (0xe65ab23a) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'reply packet' | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload | emitting length of ISAKMP Hash Payload: 36 | emitting quick defaults using policy none | empty esp_info, returning defaults for ENCRYPT | ***emit ISAKMP Security Association Payload: | next payload type: ISAKMP_NEXT_NONCE (0xa) | DOI: ISAKMP_DOI_IPSEC (0x1) | next payload chain: ignoring supplied 'ISAKMP Security Association Payload'.'next payload type' value 10:ISAKMP_NEXT_NONCE | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Security Association Payload (1:ISAKMP_NEXT_SA) | next payload chain: saving location 'ISAKMP Security Association Payload'.'next payload type' in 'reply packet' | ****emit IPsec DOI SIT: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) | ikev1_out_sa pcn: 0 has 1 valid proposals | ikev1_out_sa pcn: 0 pn: 0<1 valid_count: 1 trans_cnt: 2 | ****emit ISAKMP Proposal Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | proposal number: 0 (0x0) | protocol ID: PROTO_IPSEC_ESP (0x3) | SPI size: 4 (0x4) | number of transforms: 2 (0x2) | last substructure: saving location 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' | netlink_get_spi: allocated 0x5c64f478 for esp.0@192.1.2.45 | emitting 4 raw bytes of SPI into ISAKMP Proposal Payload | SPI 5c 64 f4 78 | *****emit ISAKMP Transform Payload (ESP): | next payload type: ISAKMP_NEXT_T (0x3) | ESP transform number: 0 (0x0) | ESP transform ID: ESP_AES (0xc) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+GROUP_DESCRIPTION (0x8003) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+ENCAPSULATION_MODE (0x8004) | length/value: 1 (0x1) | [1 is ENCAPSULATION_MODE_TUNNEL] | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+SA_LIFE_TYPE (0x8001) | length/value: 1 (0x1) | [1 is SA_LIFE_TYPE_SECONDS] | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) | length/value: 28800 (0x7080) | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+AUTH_ALGORITHM (0x8005) | length/value: 2 (0x2) | [2 is AUTH_ALGORITHM_HMAC_SHA1] | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+KEY_LENGTH (0x8006) | length/value: 128 (0x80) | emitting length of ISAKMP Transform Payload (ESP): 32 | *****emit ISAKMP Transform Payload (ESP): | next payload type: ISAKMP_NEXT_NONE (0x0) | ESP transform number: 1 (0x1) | ESP transform ID: ESP_3DES (0x3) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+GROUP_DESCRIPTION (0x8003) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+ENCAPSULATION_MODE (0x8004) | length/value: 1 (0x1) | [1 is ENCAPSULATION_MODE_TUNNEL] | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+SA_LIFE_TYPE (0x8001) | length/value: 1 (0x1) | [1 is SA_LIFE_TYPE_SECONDS] | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) | length/value: 28800 (0x7080) | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+AUTH_ALGORITHM (0x8005) | length/value: 2 (0x2) | [2 is AUTH_ALGORITHM_HMAC_SHA1] | emitting length of ISAKMP Transform Payload (ESP): 28 | emitting length of ISAKMP Proposal Payload: 72 | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' is 0 | emitting length of ISAKMP Security Association Payload: 84 | last substructure: checking 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' is 0 | ***emit ISAKMP Nonce Payload: | next payload type: ISAKMP_NEXT_KE (0x4) | next payload chain: ignoring supplied 'ISAKMP Nonce Payload'.'next payload type' value 4:ISAKMP_NEXT_KE | next payload chain: setting previous 'ISAKMP Security Association Payload'.'next payload type' to current ISAKMP Nonce Payload (10:ISAKMP_NEXT_NONCE) | next payload chain: saving location 'ISAKMP Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of Ni into ISAKMP Nonce Payload | Ni 4a b6 2f d3 30 1d 52 1c d4 64 11 40 31 f6 a2 33 | Ni 7d 5e eb 14 c2 28 47 ec 85 84 05 60 07 9f b7 9f | emitting length of ISAKMP Nonce Payload: 36 | ***emit ISAKMP Key Exchange Payload: | next payload type: ISAKMP_NEXT_ID (0x5) | next payload chain: ignoring supplied 'ISAKMP Key Exchange Payload'.'next payload type' value 5:ISAKMP_NEXT_ID | next payload chain: setting previous 'ISAKMP Nonce Payload'.'next payload type' to current ISAKMP Key Exchange Payload (4:ISAKMP_NEXT_KE) | next payload chain: saving location 'ISAKMP Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of keyex value into ISAKMP Key Exchange Payload | keyex value 60 62 58 e8 07 1d 7b ca 65 86 8f 93 59 a7 c4 af | keyex value ad e5 0a 30 5b 02 64 67 ef 91 6b 5a 46 2a 25 26 | keyex value 24 42 a7 32 51 81 d0 9d 74 70 ca 82 f1 ce 1f 47 | keyex value f9 4a 07 46 7d be 29 c5 1e cb 9c 20 cc 17 3a da | keyex value bb 60 ec 90 f2 af 18 a6 9e f2 02 7d 3b 0f 70 4d | keyex value d7 c7 6c 67 12 29 eb 0f c6 57 f4 e5 63 7e d9 94 | keyex value 5b f8 a0 15 c0 85 e7 76 45 4f 81 55 8e 57 e0 e0 | keyex value 25 14 2f 4e b1 b9 9a d4 76 05 f6 cc 2c a9 de 1a | keyex value 2f 85 be ec ce d3 21 f4 32 99 10 ec 6d 87 0b 1c | keyex value 79 16 44 9f 0e fb 94 af a9 71 43 64 05 fb 99 dd | keyex value 2f 26 c0 ee 61 34 ed b7 ba ac a9 be 1a 80 99 e1 | keyex value ad 49 7c 22 4b 66 a3 b9 68 62 9d ad 63 fe 74 de | keyex value 6b f1 6c 72 d9 0b 40 c0 3c 18 1e 3d ad 91 ac 1f | keyex value 69 09 69 96 2f c9 c9 f6 52 2b a4 d6 24 12 ec db | keyex value 69 5a 77 70 ed a7 ab 62 40 8b 5a 1e 0d 8b db 28 | keyex value ad 54 99 94 27 c7 cf d1 49 bc c6 41 ae 2d f7 aa | emitting length of ISAKMP Key Exchange Payload: 260 | ***emit ISAKMP Identification Payload (IPsec DOI): | next payload type: ISAKMP_NEXT_ID (0x5) | ID type: ID_IPV4_ADDR_SUBNET (0x4) | Protocol ID: 0 (0x0) | port: 0 (0x0) | next payload chain: ignoring supplied 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' value 5:ISAKMP_NEXT_ID | next payload chain: setting previous 'ISAKMP Key Exchange Payload'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' | emitting 4 raw bytes of client network into ISAKMP Identification Payload (IPsec DOI) | client network c0 00 01 00 | emitting 4 raw bytes of client mask into ISAKMP Identification Payload (IPsec DOI) | client mask ff ff ff f0 | emitting length of ISAKMP Identification Payload (IPsec DOI): 16 | ***emit ISAKMP Identification Payload (IPsec DOI): | next payload type: ISAKMP_NEXT_NONE (0x0) | ID type: ID_IPV4_ADDR_SUBNET (0x4) | Protocol ID: 0 (0x0) | port: 0 (0x0) | next payload chain: setting previous 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' | emitting 4 raw bytes of client network into ISAKMP Identification Payload (IPsec DOI) | client network c0 00 02 40 | emitting 4 raw bytes of client mask into ISAKMP Identification Payload (IPsec DOI) | client mask ff ff ff c0 | emitting length of ISAKMP Identification Payload (IPsec DOI): 16 | outI1 HASH(1): | e6 8b 6e 82 ca 45 d0 56 a3 99 e8 a4 92 26 86 72 | ef 3f 11 21 67 6a 7d 55 20 8a 04 19 33 6f c6 e1 | no IKEv1 message padding required | emitting length of ISAKMP Message: 476 | sending 476 bytes for reply packet from quick_outI1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #8) | 58 65 7e 03 6c d2 dc 8b 8c 79 d8 bb 28 3b 88 3a | 08 10 20 01 e6 5a b2 3a 00 00 01 dc 07 b3 49 35 | d9 67 e3 4f 6e 73 cd 0a 65 d2 44 9b a3 df b5 d5 | eb eb a6 6b 74 d0 2d 4d 35 83 2b a1 2c 6c a6 e8 | 3c bc 9c 5b 66 d8 b4 8e f5 04 64 2b 7e 5c 57 d4 | 18 21 8a e5 2a 34 58 0d ea a5 15 f3 46 04 96 74 | e6 b8 01 99 b9 eb 30 b2 21 0a 68 49 87 f1 4e 98 | 80 57 08 23 50 4a 2d a8 04 92 77 a5 7c 78 05 f9 | 35 c8 d0 f6 fd 98 24 96 2c e1 a4 20 4b 6d 1f d6 | 26 87 9f 40 e9 96 1a eb e6 76 db f9 9e e4 81 80 | cf b8 5a 19 07 ef 42 82 87 a8 e1 e6 c4 00 bd 52 | a0 81 6b 66 bf e4 8b f6 97 5a aa 31 9d a7 7a e6 | b8 7c 99 fd 72 54 52 7f a2 d0 b9 db dd 4d 06 e5 | e6 76 1a 9b cf 53 b2 7d 21 d2 c1 73 92 e0 85 24 | 0b d5 82 c3 e0 59 a7 12 f3 5e 1d 97 69 ca d3 33 | 03 1e 6e 3a 98 9c 24 95 2d e8 ef cd e9 de 78 ca | 27 69 47 e8 ce 2d c1 e2 fd 21 82 91 70 97 29 c1 | 24 ca 4f c1 6d 8e 98 94 9a 20 cb b6 3a 0a 2c 37 | 75 2e a6 5c 7a f9 8b 1c 74 55 77 fb df 4b e3 6e | 53 dd 71 b1 23 bc 4a 47 30 0b 34 b7 00 e4 a9 5e | 3c 12 0a 3c bb ac d9 06 7b 20 15 12 9f 2f cc 29 | cb ef fa 5f 1e f8 92 e2 04 90 73 16 57 01 8c f6 | cd 06 00 b5 da 5f 03 55 0b 75 bb 13 3e cb fd 2d | b5 ab 12 87 42 57 92 ca 1d 03 e0 b9 f3 c1 70 04 | 4a c6 76 37 fa 88 b3 f4 fb b3 19 67 68 70 de bb | 8e d4 37 b8 a8 4a dc dd 3e 48 67 6d ed d7 29 f0 | 42 96 01 52 48 ea 44 bb ef 71 b0 de 4d 10 ee 1e | ae e8 14 d8 72 e3 a3 8f cc 0c 04 5b 2f 91 58 1a | c0 96 ec 24 d8 2d 41 3d 1a e6 0c 49 34 92 e5 7e | 72 fe 6b 2a 13 8d b4 90 0d 65 9e 67 | state #8 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x55ebb7f536f8 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55ebb7f59a18 | event_schedule: new EVENT_RETRANSMIT-pe@0x55ebb7f59a18 | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #8 | libevent_malloc: new ptr-libevent@0x7f995c007858 size 128 | #8 STATE_QUICK_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 11347.571091 | resume sending helper answer for #8 suppresed complete_v1_state_transition() | #8 spent 0.484 milliseconds in resume sending helper answer | stop processing: state #8 connection "westnet-eastnet-subnets/1x2" from 192.1.2.23 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f996000cd68 | processing resume sending helper answer for #7 | start processing: state #7 connection "westnet-eastnet-subnets/2x1" from 192.1.2.23 (in resume_handler() at server.c:797) | crypto helper 2 replies to request ID 12 | calling continuation function 0x55ebb72bcb50 | quick_outI1_continue for #7: calculated ke+nonce, sending I1 | **emit ISAKMP Message: | initiator cookie: | 58 65 7e 03 6c d2 dc 8b | responder cookie: | 8c 79 d8 bb 28 3b 88 3a | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_QUICK (0x20) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 1486657262 (0x589c96ee) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'reply packet' | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload | emitting length of ISAKMP Hash Payload: 36 | emitting quick defaults using policy none | empty esp_info, returning defaults for ENCRYPT | ***emit ISAKMP Security Association Payload: | next payload type: ISAKMP_NEXT_NONCE (0xa) | DOI: ISAKMP_DOI_IPSEC (0x1) | next payload chain: ignoring supplied 'ISAKMP Security Association Payload'.'next payload type' value 10:ISAKMP_NEXT_NONCE | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Security Association Payload (1:ISAKMP_NEXT_SA) | next payload chain: saving location 'ISAKMP Security Association Payload'.'next payload type' in 'reply packet' | ****emit IPsec DOI SIT: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) | ikev1_out_sa pcn: 0 has 1 valid proposals | ikev1_out_sa pcn: 0 pn: 0<1 valid_count: 1 trans_cnt: 2 | ****emit ISAKMP Proposal Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | proposal number: 0 (0x0) | protocol ID: PROTO_IPSEC_ESP (0x3) | SPI size: 4 (0x4) | number of transforms: 2 (0x2) | last substructure: saving location 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' | netlink_get_spi: allocated 0xabe58c79 for esp.0@192.1.2.45 | emitting 4 raw bytes of SPI into ISAKMP Proposal Payload | SPI ab e5 8c 79 | *****emit ISAKMP Transform Payload (ESP): | next payload type: ISAKMP_NEXT_T (0x3) | ESP transform number: 0 (0x0) | ESP transform ID: ESP_AES (0xc) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+GROUP_DESCRIPTION (0x8003) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+ENCAPSULATION_MODE (0x8004) | length/value: 1 (0x1) | [1 is ENCAPSULATION_MODE_TUNNEL] | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+SA_LIFE_TYPE (0x8001) | length/value: 1 (0x1) | [1 is SA_LIFE_TYPE_SECONDS] | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) | length/value: 28800 (0x7080) | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+AUTH_ALGORITHM (0x8005) | length/value: 2 (0x2) | [2 is AUTH_ALGORITHM_HMAC_SHA1] | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+KEY_LENGTH (0x8006) | length/value: 128 (0x80) | emitting length of ISAKMP Transform Payload (ESP): 32 | *****emit ISAKMP Transform Payload (ESP): | next payload type: ISAKMP_NEXT_NONE (0x0) | ESP transform number: 1 (0x1) | ESP transform ID: ESP_3DES (0x3) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+GROUP_DESCRIPTION (0x8003) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+ENCAPSULATION_MODE (0x8004) | length/value: 1 (0x1) | [1 is ENCAPSULATION_MODE_TUNNEL] | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+SA_LIFE_TYPE (0x8001) | length/value: 1 (0x1) | [1 is SA_LIFE_TYPE_SECONDS] | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) | length/value: 28800 (0x7080) | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+AUTH_ALGORITHM (0x8005) | length/value: 2 (0x2) | [2 is AUTH_ALGORITHM_HMAC_SHA1] | emitting length of ISAKMP Transform Payload (ESP): 28 | emitting length of ISAKMP Proposal Payload: 72 | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' is 0 | emitting length of ISAKMP Security Association Payload: 84 | last substructure: checking 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' is 0 | ***emit ISAKMP Nonce Payload: | next payload type: ISAKMP_NEXT_KE (0x4) | next payload chain: ignoring supplied 'ISAKMP Nonce Payload'.'next payload type' value 4:ISAKMP_NEXT_KE | next payload chain: setting previous 'ISAKMP Security Association Payload'.'next payload type' to current ISAKMP Nonce Payload (10:ISAKMP_NEXT_NONCE) | next payload chain: saving location 'ISAKMP Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of Ni into ISAKMP Nonce Payload | Ni 34 fc df 27 5b 72 bb 60 e6 4c 4d 42 4f 8c f1 3b | Ni 6e 8d 6e c6 70 8d df 20 03 12 47 7b 07 39 ca aa | emitting length of ISAKMP Nonce Payload: 36 | ***emit ISAKMP Key Exchange Payload: | next payload type: ISAKMP_NEXT_ID (0x5) | next payload chain: ignoring supplied 'ISAKMP Key Exchange Payload'.'next payload type' value 5:ISAKMP_NEXT_ID | next payload chain: setting previous 'ISAKMP Nonce Payload'.'next payload type' to current ISAKMP Key Exchange Payload (4:ISAKMP_NEXT_KE) | next payload chain: saving location 'ISAKMP Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of keyex value into ISAKMP Key Exchange Payload | keyex value 03 a1 4e 73 eb 63 9c 68 67 f1 fa 6f 98 be 2b 72 | keyex value c7 0a 9b 59 3c 22 e4 4b 20 e7 6f 66 02 61 6e 7a | keyex value f5 17 25 66 1d 88 dd fd ec b2 9e a1 b7 64 d2 6f | keyex value 0b 22 8d d7 2d 85 3b 78 f9 49 e3 db 8a 21 23 49 | keyex value b8 2d 55 aa e1 1c 55 ef 86 20 3d e7 94 7c 55 15 | keyex value a3 66 54 8e 79 6c 76 db 3d fb 74 ac a3 58 88 2c | keyex value fc fa 95 f7 2d 97 4e 94 de 48 c7 29 7b ab 25 35 | keyex value db 7b e9 5b c3 fc b2 03 20 ce 41 b6 a2 96 3a 2a | keyex value 8b a4 06 6c 45 57 a9 43 5c 20 47 83 1d db bd bf | keyex value 22 0e 12 7b b3 de 16 48 f3 f2 6b c2 69 51 4c ea | keyex value c0 ec 2b e4 dd 0e 72 f9 e6 e6 1d fd 8e f6 fd af | keyex value 2a 61 b3 4f 68 3f 19 65 1e 71 4f 2d c7 64 18 86 | keyex value 81 b8 64 30 a6 a9 55 8b b7 05 7c c5 1f 93 64 28 | keyex value 0d cb 2b d2 ef 61 ab fe 28 b0 85 45 d4 47 7d a7 | keyex value 0c 31 85 a4 c4 44 51 60 21 8a 28 d7 52 9d 5e f3 | keyex value bc 34 6e e2 43 d6 34 d2 c9 31 bf 8a 98 b2 92 fb | emitting length of ISAKMP Key Exchange Payload: 260 | ***emit ISAKMP Identification Payload (IPsec DOI): | next payload type: ISAKMP_NEXT_ID (0x5) | ID type: ID_IPV4_ADDR_SUBNET (0x4) | Protocol ID: 0 (0x0) | port: 0 (0x0) | next payload chain: ignoring supplied 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' value 5:ISAKMP_NEXT_ID | next payload chain: setting previous 'ISAKMP Key Exchange Payload'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' | emitting 4 raw bytes of client network into ISAKMP Identification Payload (IPsec DOI) | client network c0 00 01 80 | emitting 4 raw bytes of client mask into ISAKMP Identification Payload (IPsec DOI) | client mask ff ff ff f0 | emitting length of ISAKMP Identification Payload (IPsec DOI): 16 | ***emit ISAKMP Identification Payload (IPsec DOI): | next payload type: ISAKMP_NEXT_NONE (0x0) | ID type: ID_IPV4_ADDR_SUBNET (0x4) | Protocol ID: 0 (0x0) | port: 0 (0x0) | next payload chain: setting previous 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' | emitting 4 raw bytes of client network into ISAKMP Identification Payload (IPsec DOI) | client network c0 00 02 10 | emitting 4 raw bytes of client mask into ISAKMP Identification Payload (IPsec DOI) | client mask ff ff ff f0 | emitting length of ISAKMP Identification Payload (IPsec DOI): 16 | outI1 HASH(1): | 5d 05 19 9c 7f 71 be a5 d0 a0 bf d7 29 8a a6 0f | 73 8c d5 dc 54 b1 d4 e2 71 a6 77 19 0b fe f5 15 | no IKEv1 message padding required | emitting length of ISAKMP Message: 476 | sending 476 bytes for reply packet from quick_outI1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #7) | 58 65 7e 03 6c d2 dc 8b 8c 79 d8 bb 28 3b 88 3a | 08 10 20 01 58 9c 96 ee 00 00 01 dc 5d ef c0 50 | 20 87 42 58 3c eb 8c b3 a6 00 43 21 d1 90 16 27 | 5d bb 89 8e 42 a3 50 21 39 c3 92 dc 87 a9 fe 2f | 55 80 1c 14 96 06 bf c2 eb 5a 28 65 c1 1c db 3c | 95 47 32 e4 61 6d 94 09 2e 00 a0 81 f3 d9 d3 0b | ed 5e 89 38 00 bf 81 09 4b 20 72 fd 7d 11 ff 4e | 9a 3b aa fd b5 a2 ab 89 1f 28 a5 0f b8 8a 5d 46 | 38 e5 d0 74 66 d3 d7 a2 56 f9 f1 9c 14 bb a0 c1 | 34 13 66 bc de a0 72 20 36 b9 11 e1 6e e3 c1 f1 | 57 f8 db 90 7b 95 e9 e5 b9 0f 11 c8 a0 22 2b f5 | 61 e7 dc 9b 90 90 96 7b f6 a1 3c a4 7d d3 b8 53 | db 32 4a ab c6 21 12 59 5f c4 ff 1d 5e 34 4a bd | e2 42 8b d8 31 48 56 c9 8d 0f fa df c8 e1 ee a8 | e4 c7 9b 2f 0d ba 59 67 1d 43 f7 a8 78 de ff 39 | 0a 93 2e a6 62 eb e0 88 12 1f a3 9f 6b 59 ea ac | 65 32 60 d3 f6 fd 16 af fc 21 30 9b a4 87 8e 21 | 52 37 dc 0c 5d de 61 cf 6b c0 ce 9f c9 7e 38 5a | e6 6a 76 f8 d2 c3 1d f0 bd 6e 90 e8 28 e8 1b f9 | 68 35 4e 8f 78 68 d9 45 8d e9 19 fd aa ef bd 0e | 3b 15 ba d5 86 18 b0 ef 59 66 a3 49 97 83 a9 3d | 6d 81 2f e6 c4 75 16 02 78 ff 5b 15 3f 33 71 dd | 4b fb dc 64 96 f8 78 ff 0f 29 62 3a 31 7a f8 52 | ae ed 4e a2 94 5d 58 c9 2d 78 a6 e2 51 92 c7 1d | a6 fc b9 2e 41 f7 c6 e4 be 0f 2c 9f 39 de c9 96 | d9 e2 bd 51 cf 12 a4 6e 51 3e 47 1b 93 3c 6a f9 | 74 f0 e0 4c 64 ba 65 4a a8 64 98 2f 90 eb 0b 68 | ab 7d 2d ee 6f f3 9f c9 43 51 1f 39 1f b6 47 dd | 83 38 d5 68 5e 01 87 3e 8e 44 39 3f b1 db d7 64 | 5b f1 b8 02 56 a2 8b 46 15 0e 68 d7 | state #7 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x55ebb7f537a8 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f996c004218 | event_schedule: new EVENT_RETRANSMIT-pe@0x7f996c004218 | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #7 | libevent_malloc: new ptr-libevent@0x7f996000cd68 size 128 | #7 STATE_QUICK_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 11347.571643 | resume sending helper answer for #7 suppresed complete_v1_state_transition() | #7 spent 0.523 milliseconds in resume sending helper answer | stop processing: state #7 connection "westnet-eastnet-subnets/2x1" from 192.1.2.23 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f996c00a028 | processing resume sending helper answer for #6 | start processing: state #6 connection "westnet-eastnet-subnets/2x2" from 192.1.2.23 (in resume_handler() at server.c:797) | crypto helper 4 replies to request ID 11 | calling continuation function 0x55ebb72bcb50 | quick_outI1_continue for #6: calculated ke+nonce, sending I1 | **emit ISAKMP Message: | initiator cookie: | 58 65 7e 03 6c d2 dc 8b | responder cookie: | 8c 79 d8 bb 28 3b 88 3a | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_QUICK (0x20) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 3223976075 (0xc029f88b) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'reply packet' | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload | emitting length of ISAKMP Hash Payload: 36 | emitting quick defaults using policy none | empty esp_info, returning defaults for ENCRYPT | ***emit ISAKMP Security Association Payload: | next payload type: ISAKMP_NEXT_NONCE (0xa) | DOI: ISAKMP_DOI_IPSEC (0x1) | next payload chain: ignoring supplied 'ISAKMP Security Association Payload'.'next payload type' value 10:ISAKMP_NEXT_NONCE | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Security Association Payload (1:ISAKMP_NEXT_SA) | next payload chain: saving location 'ISAKMP Security Association Payload'.'next payload type' in 'reply packet' | ****emit IPsec DOI SIT: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) | ikev1_out_sa pcn: 0 has 1 valid proposals | ikev1_out_sa pcn: 0 pn: 0<1 valid_count: 1 trans_cnt: 2 | ****emit ISAKMP Proposal Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | proposal number: 0 (0x0) | protocol ID: PROTO_IPSEC_ESP (0x3) | SPI size: 4 (0x4) | number of transforms: 2 (0x2) | last substructure: saving location 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' | netlink_get_spi: allocated 0xe50ff333 for esp.0@192.1.2.45 | emitting 4 raw bytes of SPI into ISAKMP Proposal Payload | SPI e5 0f f3 33 | *****emit ISAKMP Transform Payload (ESP): | next payload type: ISAKMP_NEXT_T (0x3) | ESP transform number: 0 (0x0) | ESP transform ID: ESP_AES (0xc) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+GROUP_DESCRIPTION (0x8003) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+ENCAPSULATION_MODE (0x8004) | length/value: 1 (0x1) | [1 is ENCAPSULATION_MODE_TUNNEL] | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+SA_LIFE_TYPE (0x8001) | length/value: 1 (0x1) | [1 is SA_LIFE_TYPE_SECONDS] | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) | length/value: 28800 (0x7080) | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+AUTH_ALGORITHM (0x8005) | length/value: 2 (0x2) | [2 is AUTH_ALGORITHM_HMAC_SHA1] | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+KEY_LENGTH (0x8006) | length/value: 128 (0x80) | emitting length of ISAKMP Transform Payload (ESP): 32 | *****emit ISAKMP Transform Payload (ESP): | next payload type: ISAKMP_NEXT_NONE (0x0) | ESP transform number: 1 (0x1) | ESP transform ID: ESP_3DES (0x3) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+GROUP_DESCRIPTION (0x8003) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+ENCAPSULATION_MODE (0x8004) | length/value: 1 (0x1) | [1 is ENCAPSULATION_MODE_TUNNEL] | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+SA_LIFE_TYPE (0x8001) | length/value: 1 (0x1) | [1 is SA_LIFE_TYPE_SECONDS] | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) | length/value: 28800 (0x7080) | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+AUTH_ALGORITHM (0x8005) | length/value: 2 (0x2) | [2 is AUTH_ALGORITHM_HMAC_SHA1] | emitting length of ISAKMP Transform Payload (ESP): 28 | emitting length of ISAKMP Proposal Payload: 72 | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' is 0 | emitting length of ISAKMP Security Association Payload: 84 | last substructure: checking 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' is 0 | ***emit ISAKMP Nonce Payload: | next payload type: ISAKMP_NEXT_KE (0x4) | next payload chain: ignoring supplied 'ISAKMP Nonce Payload'.'next payload type' value 4:ISAKMP_NEXT_KE | next payload chain: setting previous 'ISAKMP Security Association Payload'.'next payload type' to current ISAKMP Nonce Payload (10:ISAKMP_NEXT_NONCE) | next payload chain: saving location 'ISAKMP Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of Ni into ISAKMP Nonce Payload | Ni dc d3 af 23 69 b9 bc c4 9e 49 a2 1d ea d3 b8 38 | Ni 74 19 78 5a c2 cf 90 00 3d 5c e0 61 26 05 fb fe | emitting length of ISAKMP Nonce Payload: 36 | ***emit ISAKMP Key Exchange Payload: | next payload type: ISAKMP_NEXT_ID (0x5) | next payload chain: ignoring supplied 'ISAKMP Key Exchange Payload'.'next payload type' value 5:ISAKMP_NEXT_ID | next payload chain: setting previous 'ISAKMP Nonce Payload'.'next payload type' to current ISAKMP Key Exchange Payload (4:ISAKMP_NEXT_KE) | next payload chain: saving location 'ISAKMP Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of keyex value into ISAKMP Key Exchange Payload | keyex value e6 9d c5 b9 0b c7 0e 19 ee 18 53 5e d8 39 55 4a | keyex value 15 31 4f 66 88 cf 81 21 50 ce ce 8f e2 7d 23 69 | keyex value a2 09 dd 47 4a 28 67 9d 07 a6 4a 57 10 4a 72 bb | keyex value b3 f4 d8 99 6d 12 de 09 4f 6f 69 17 2d ab 4f ae | keyex value 2e ff 54 83 d6 01 d2 03 de 1e 6a ec 3d c8 3a 74 | keyex value 56 86 73 ab 8c 3e 68 38 8d 09 52 1a e4 62 d7 ca | keyex value f4 c1 e2 e9 ca af e1 9e 22 51 c5 b7 8b 21 0a df | keyex value 2f e0 97 3a 6a 7e e6 84 e6 cf c4 2f 99 4c 72 50 | keyex value b8 47 0e 38 39 dd a2 d9 78 6a 14 0c 20 d4 e3 23 | keyex value 73 f8 63 c6 54 92 fc 13 9e 7e c8 f7 42 e4 b3 2a | keyex value 90 ec 7b 83 27 2a 41 9f 1d 83 2b 89 4b 15 4a 0a | keyex value 71 c4 fc a0 5c 89 bc bd 3a 96 e9 3d f3 7a 5c b1 | keyex value 5b 37 1f 6f 39 b7 96 52 ab 84 6e 71 92 3a 18 47 | keyex value ac 4e 8d 87 e0 2a 8c d9 f4 3f 79 6f 43 89 98 79 | keyex value c5 04 99 30 44 d8 f2 d8 e8 08 a1 08 33 72 d9 ad | keyex value 63 d3 ce 44 a4 02 b3 56 87 04 19 70 02 cd 9a 86 | emitting length of ISAKMP Key Exchange Payload: 260 | ***emit ISAKMP Identification Payload (IPsec DOI): | next payload type: ISAKMP_NEXT_ID (0x5) | ID type: ID_IPV4_ADDR_SUBNET (0x4) | Protocol ID: 0 (0x0) | port: 0 (0x0) | next payload chain: ignoring supplied 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' value 5:ISAKMP_NEXT_ID | next payload chain: setting previous 'ISAKMP Key Exchange Payload'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' | emitting 4 raw bytes of client network into ISAKMP Identification Payload (IPsec DOI) | client network c0 00 01 80 | emitting 4 raw bytes of client mask into ISAKMP Identification Payload (IPsec DOI) | client mask ff ff ff f0 | emitting length of ISAKMP Identification Payload (IPsec DOI): 16 | ***emit ISAKMP Identification Payload (IPsec DOI): | next payload type: ISAKMP_NEXT_NONE (0x0) | ID type: ID_IPV4_ADDR_SUBNET (0x4) | Protocol ID: 0 (0x0) | port: 0 (0x0) | next payload chain: setting previous 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' | emitting 4 raw bytes of client network into ISAKMP Identification Payload (IPsec DOI) | client network c0 00 02 40 | emitting 4 raw bytes of client mask into ISAKMP Identification Payload (IPsec DOI) | client mask ff ff ff c0 | emitting length of ISAKMP Identification Payload (IPsec DOI): 16 | outI1 HASH(1): | 57 1b a4 e4 f4 dc 95 95 54 6e 2f cd 2b 65 86 43 | 5d 09 e9 57 c9 fc e7 34 66 b5 7f 5b 9f d7 ac 18 | no IKEv1 message padding required | emitting length of ISAKMP Message: 476 | sending 476 bytes for reply packet from quick_outI1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #6) | 58 65 7e 03 6c d2 dc 8b 8c 79 d8 bb 28 3b 88 3a | 08 10 20 01 c0 29 f8 8b 00 00 01 dc 86 38 f4 59 | b7 bd a2 0d 3f 19 48 9f 44 ba f0 16 6c 3f 30 e4 | 67 e1 06 73 34 90 03 af 7d 60 6c 07 6f 97 58 b1 | df 82 07 12 67 0f 21 90 2c 86 3d 54 7a f9 c0 b0 | 82 e1 d0 74 b0 15 94 54 3e a8 11 29 01 9a d2 cf | 88 e5 0d 20 c0 b6 f1 ae 5b c5 11 f2 25 66 85 3f | 23 59 60 2a a3 85 b1 d3 30 90 ff 6d 05 f0 7f 6a | 30 3f 2a 78 f0 e7 bf 03 9f 06 a5 59 14 90 a8 02 | bc e4 cc 6c f8 55 6e ac 0b 7c 26 1d 69 58 a5 96 | 8c 61 73 61 0a 25 d8 18 a3 cc 29 63 25 a3 02 b7 | 8e 0d 16 4b e3 c1 57 f6 02 b2 50 6c b3 62 6e 6a | 5b 28 e6 55 22 dc 50 ec 9e 50 17 00 ff 7c 84 3f | 9f 99 ee 84 fb e2 10 3a 5a 0a 15 60 72 42 32 a3 | 97 a7 52 ca 56 5d cb 6e af 09 0d 71 e2 c4 64 a7 | 4e e0 1f b0 f1 5b b1 8d 3f 18 85 de 02 be d9 15 | e0 f0 31 cf 67 0d 50 94 7a fc b0 46 15 5c 2c e0 | 7c f5 65 6b ba d7 82 49 93 f3 76 dd fd 31 9c d4 | 94 43 23 d1 9d 7c 9d 28 4e 1d 8b 99 4b bd 1f 8d | a2 c1 31 6c 61 31 51 10 20 d2 90 3e e3 a3 8b 77 | d4 b9 9e 1c 05 28 4b 07 b2 7a 2c 47 79 00 b0 3c | f0 24 4b 21 a7 b0 5d f5 cb 6f 11 bd 7f b9 cf 07 | 99 38 43 02 d1 d8 ac d2 28 36 b9 e1 a3 df 11 8c | dd 82 83 6e 6d 6c 7b d6 35 2b 3f 44 06 a9 6f cf | b6 33 03 99 4e f1 ac 12 43 b5 e5 89 eb ff 73 2e | cd cc cc 52 7f ee 62 ed a3 7a c8 14 92 ba 59 7c | 8f a7 17 e4 19 f0 1e d9 b5 65 fd 43 be 72 4e 5b | a2 25 eb c1 5a 6e ee 06 6e 20 fb e5 1a 90 66 ee | d1 c8 c5 50 ad e3 48 b3 27 54 1b a0 5c c7 15 2d | ee a2 99 e4 1a a8 1c ef 66 39 01 35 | state #6 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f9958005518 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f99600058b8 | event_schedule: new EVENT_RETRANSMIT-pe@0x7f99600058b8 | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #6 | libevent_malloc: new ptr-libevent@0x7f996c00a028 size 128 | #6 STATE_QUICK_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 11347.572125 | resume sending helper answer for #6 suppresed complete_v1_state_transition() | #6 spent 0.433 milliseconds in resume sending helper answer | stop processing: state #6 connection "westnet-eastnet-subnets/2x2" from 192.1.2.23 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f996400a038 | spent 0.00246 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 460 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | 58 65 7e 03 6c d2 dc 8b 8c 79 d8 bb 28 3b 88 3a | 08 10 20 01 58 9c 96 ee 00 00 01 cc 9e 56 e9 89 | 4e f5 d3 7d b2 ab ec 81 58 3f c6 ac 36 bc c4 b5 | 66 38 e0 e1 21 e2 c4 15 89 5d 9c 48 0d f8 3a ad | 85 66 8f 72 d0 f1 2e 5c 18 82 30 cc ea b5 b0 33 | 46 95 d9 b9 de 31 07 c7 6b 46 68 91 ab 9a a5 60 | 4e 44 4c 82 eb 5d 30 55 dc 14 5b a8 14 c9 cd d9 | 80 bd 53 f9 1c 76 bd 17 2d 06 c6 7f 00 27 be 43 | 0b 97 45 dc fe cc 47 d5 bd 4a de 70 8e 16 57 6c | e7 81 1b 5d 5a a7 7e 04 5f 04 71 ed 8d 07 89 5a | 32 cf f8 e6 7a e1 e7 dc 17 a8 a3 96 dd 08 b8 35 | c7 f7 1f 7c a8 d3 e9 f3 8e 3f 75 20 a8 cf cd 36 | 1d cf d3 cc 90 eb bb 58 ba c6 8c 7e d5 a1 5d 3a | 84 21 5e a2 3b 38 5d b0 bd 45 af 73 96 69 dd 6c | 04 1e b7 09 1f 37 68 03 2d a8 bb 15 b6 59 f8 0d | ea 69 36 f0 a1 e6 37 f5 94 58 c2 fd 8b b9 bb df | 34 9e 0c 1c 72 f3 d0 85 d7 00 9c 37 47 b7 8e 04 | a7 1c f2 6c b7 00 2a 50 e7 e7 8a b1 81 d7 2f e3 | 54 33 08 05 9c 4b 4a 0b d3 e5 7d 2d 3d fd 8f b4 | 24 cc 10 51 d5 12 1c 97 fe 59 f1 5c 4b bc b9 b1 | 51 20 be e9 f6 6f e8 22 cf 73 d8 49 0d 30 b5 10 | b6 62 82 d5 75 64 6c 53 44 2a e2 3a 6c 4e bf 8c | 28 22 73 18 30 d3 be ef ab 60 e4 24 d2 2f 1a 97 | f3 40 80 24 d0 9f cd a8 38 d5 31 fd 27 ad ac ad | 79 28 e3 ad b0 9e f7 e3 a9 61 fb 62 2a 96 c1 bd | 5a 47 e8 e2 89 d6 f0 c9 3c 8b 42 bd d1 f9 cf 13 | 4b 2c e5 1a 24 27 b4 d2 a0 b2 f6 44 04 ba bf 75 | 07 a5 99 90 1a 05 5c e4 8b ae 9c e8 9d 27 7b 43 | 07 77 59 b0 19 11 90 04 47 e9 72 d7 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 58 65 7e 03 6c d2 dc 8b | responder cookie: | 8c 79 d8 bb 28 3b 88 3a | next payload type: ISAKMP_NEXT_HASH (0x8) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_QUICK (0x20) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 1486657262 (0x589c96ee) | length: 460 (0x1cc) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32) | State DB: found IKEv1 state #7 in QUICK_I1 (find_state_ikev1) | start processing: state #7 connection "westnet-eastnet-subnets/2x1" from 192.1.2.23 (in process_v1_packet() at ikev1.c:1633) | #7 is idle | #7 idle | received encrypted packet from 192.1.2.23:500 | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x502 opt: 0x200030 | ***parse ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_SA (0x1) | length: 36 (0x24) | got payload 0x2 (ISAKMP_NEXT_SA) needed: 0x402 opt: 0x200030 | ***parse ISAKMP Security Association Payload: | next payload type: ISAKMP_NEXT_NONCE (0xa) | length: 56 (0x38) | DOI: ISAKMP_DOI_IPSEC (0x1) | got payload 0x400 (ISAKMP_NEXT_NONCE) needed: 0x400 opt: 0x200030 | ***parse ISAKMP Nonce Payload: | next payload type: ISAKMP_NEXT_KE (0x4) | length: 36 (0x24) | got payload 0x10 (ISAKMP_NEXT_KE) needed: 0x0 opt: 0x200030 | ***parse ISAKMP Key Exchange Payload: | next payload type: ISAKMP_NEXT_ID (0x5) | length: 260 (0x104) | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030 | ***parse ISAKMP Identification Payload (IPsec DOI): | next payload type: ISAKMP_NEXT_ID (0x5) | length: 16 (0x10) | ID type: ID_IPV4_ADDR_SUBNET (0x4) | Protocol ID: 0 (0x0) | port: 0 (0x0) | obj: c0 00 01 80 ff ff ff f0 | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030 | ***parse ISAKMP Identification Payload (IPsec DOI): | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 16 (0x10) | ID type: ID_IPV4_ADDR_SUBNET (0x4) | Protocol ID: 0 (0x0) | port: 0 (0x0) | obj: c0 00 02 10 ff ff ff f0 | removing 12 bytes of padding | quick_inR1_outI2 HASH(2): | 68 93 0b c0 ff 52 53 ac 64 9a 1c 9d 55 a5 6b 51 | 5a 5e 25 61 a6 bc e5 81 ff 74 6a c5 05 8b 2d 2c | received 'quick_inR1_outI2' message HASH(2) data ok | ****parse IPsec DOI SIT: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) | ****parse ISAKMP Proposal Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 44 (0x2c) | proposal number: 0 (0x0) | protocol ID: PROTO_IPSEC_ESP (0x3) | SPI size: 4 (0x4) | number of transforms: 1 (0x1) | parsing 4 raw bytes of ISAKMP Proposal Payload into SPI | SPI fd d8 5b d4 | *****parse ISAKMP Transform Payload (ESP): | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 32 (0x20) | ESP transform number: 0 (0x0) | ESP transform ID: ESP_AES (0xc) | ******parse ISAKMP IPsec DOI attribute: | af+type: AF+GROUP_DESCRIPTION (0x8003) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | ******parse ISAKMP IPsec DOI attribute: | af+type: AF+ENCAPSULATION_MODE (0x8004) | length/value: 1 (0x1) | [1 is ENCAPSULATION_MODE_TUNNEL] | NAT-T non-encap: Installing IPsec SA without ENCAP, st->hidden_variables.st_nat_traversal is none | ******parse ISAKMP IPsec DOI attribute: | af+type: AF+SA_LIFE_TYPE (0x8001) | length/value: 1 (0x1) | [1 is SA_LIFE_TYPE_SECONDS] | ******parse ISAKMP IPsec DOI attribute: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) | length/value: 28800 (0x7080) | ******parse ISAKMP IPsec DOI attribute: | af+type: AF+AUTH_ALGORITHM (0x8005) | length/value: 2 (0x2) | [2 is AUTH_ALGORITHM_HMAC_SHA1] | ******parse ISAKMP IPsec DOI attribute: | af+type: AF+KEY_LENGTH (0x8006) | length/value: 128 (0x80) | ESP IPsec Transform verified unconditionally; no alg_info to check against | started looking for secret for @west->@east of kind PKK_PSK | actually looking for secret for @west->@east of kind PKK_PSK | line 1: key type PKK_PSK(@west) to type PKK_RSA | concluding with best_match=000 best=(nil) (lineno=-1) | no PreShared Key Found | adding quick outI2 DH work-order 15 for state #7 | state #7 requesting EVENT_RETRANSMIT to be deleted | #7 STATE_QUICK_I1: retransmits: cleared | libevent_free: release ptr-libevent@0x7f996000cd68 | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f996c004218 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f996c004218 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #7 | libevent_malloc: new ptr-libevent@0x7f996400a038 size 128 | complete v1 state transition with STF_SUSPEND | [RE]START processing: state #7 connection "westnet-eastnet-subnets/2x1" from 192.1.2.23 (in complete_v1_state_transition() at ikev1.c:2648) | suspending state #7 and saving MD | #7 is busy; has a suspended MD | crypto helper 0 resuming | #7 spent 0.0946 milliseconds in process_packet_tail() | crypto helper 0 starting work-order 15 for state #7 | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) | crypto helper 0 doing compute dh (V1 Phase 2 PFS) (quick outI2 DH); request ID 15 | stop processing: state #7 connection "westnet-eastnet-subnets/2x1" from 192.1.2.23 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.27 milliseconds in comm_handle_cb() reading and processing packet | spent 0.0022 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 460 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | 58 65 7e 03 6c d2 dc 8b 8c 79 d8 bb 28 3b 88 3a | 08 10 20 01 f6 97 eb e2 00 00 01 cc 53 0e ff f3 | b2 dd 59 28 20 d6 3e d4 78 d6 a5 ec 04 fa 26 23 | 60 c4 4e 50 1a c0 cb 03 12 a8 2d 20 9b f5 d6 ca | 44 97 d4 60 bd 4e 26 eb 67 cd 10 7b 8c dd 94 20 | 86 69 6d b1 68 a6 fe c4 94 9e 44 29 6e 70 d6 fe | b8 16 48 36 15 6f 5a 5e ce be ee 84 30 e8 22 62 | c0 35 eb 6f 48 46 de 75 24 6f e6 fe 1a fa 0a b9 | 34 55 b3 81 14 26 d6 59 64 15 1d d7 95 59 1c 0e | f0 31 d8 47 15 61 9d 1b 81 73 f7 60 d4 cf a9 8e | 4e 9b a0 3c 35 2f c6 12 a2 c2 7d 82 2a 83 1a 59 | 27 8d 51 97 60 28 b5 9b a5 05 ef 3a 9a 06 ef 46 | 30 29 98 18 c5 d5 3d 19 b0 c6 e0 79 62 64 d6 df | 53 85 d6 33 23 46 2d 67 92 a2 43 e0 fa ef b0 0e | 0f ed d0 28 94 d3 6f d3 6d ce 3d 6f 34 42 d1 27 | ee 1c ed 85 c6 84 c0 ba 34 f7 43 82 53 b4 9c 6d | 23 d7 f2 06 42 a1 3e b6 d6 08 de 64 71 4e 00 14 | 8c e1 f2 45 1a 4c 97 81 79 8d d1 10 16 05 f5 12 | e9 ca cb b6 9f cd 17 d0 5b 5d 67 31 f8 55 34 e0 | 3a 5c ae cb f5 19 13 27 89 78 51 a4 a3 fb 3e 29 | a0 6a 60 c6 3f f2 f3 09 98 a1 da 9c 8b ac 86 6a | c5 c9 eb 1b fd ce e9 0a dd e8 43 43 47 c5 0b 45 | 61 10 6c 3d 47 25 c9 4b 93 52 9d 74 a5 0c 5c 14 | 00 dd a3 ee 51 5e 88 de 4f a7 d2 2a 57 eb a6 41 | 71 96 6c d3 6f cc b3 88 c1 2e 1b bf 04 ab 0c c8 | ec 8f 7d 65 f2 ed 08 27 d7 d8 3e 77 a2 a4 f0 b4 | 92 ff 42 80 71 6f f3 91 73 88 99 4a c9 39 de 58 | 29 74 d9 2d dc 80 32 a2 f1 67 7a 66 d7 81 1b 52 | ed 56 e1 67 5e 39 df 11 8f 42 ef ce | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 58 65 7e 03 6c d2 dc 8b | responder cookie: | 8c 79 d8 bb 28 3b 88 3a | next payload type: ISAKMP_NEXT_HASH (0x8) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_QUICK (0x20) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 4137151458 (0xf697ebe2) | length: 460 (0x1cc) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32) | State DB: found IKEv1 state #9 in QUICK_I1 (find_state_ikev1) | start processing: state #9 connection "westnet-eastnet-subnets/1x1" from 192.1.2.23 (in process_v1_packet() at ikev1.c:1633) | #9 is idle | #9 idle | received encrypted packet from 192.1.2.23:500 | crypto helper 0 finished compute dh (V1 Phase 2 PFS) (quick outI2 DH); request ID 15 time elapsed 0.000653 seconds | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x502 opt: 0x200030 | (#7) spent 0.656 milliseconds in crypto helper computing work-order 15: quick outI2 DH (pcr) | ***parse ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_SA (0x1) | length: 36 (0x24) | got payload 0x2 (ISAKMP_NEXT_SA) needed: 0x402 opt: 0x200030 | ***parse ISAKMP Security Association Payload: | next payload type: ISAKMP_NEXT_NONCE (0xa) | length: 56 (0x38) | DOI: ISAKMP_DOI_IPSEC (0x1) | crypto helper 0 sending results from work-order 15 for state #7 to event queue | got payload 0x400 (ISAKMP_NEXT_NONCE) needed: 0x400 opt: 0x200030 | scheduling resume sending helper answer for #7 | ***parse ISAKMP Nonce Payload: | libevent_malloc: new ptr-libevent@0x7f9970003a78 size 128 | next payload type: ISAKMP_NEXT_KE (0x4) | length: 36 (0x24) | crypto helper 0 waiting (nothing to do) | got payload 0x10 (ISAKMP_NEXT_KE) needed: 0x0 opt: 0x200030 | ***parse ISAKMP Key Exchange Payload: | next payload type: ISAKMP_NEXT_ID (0x5) | length: 260 (0x104) | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030 | ***parse ISAKMP Identification Payload (IPsec DOI): | next payload type: ISAKMP_NEXT_ID (0x5) | length: 16 (0x10) | ID type: ID_IPV4_ADDR_SUBNET (0x4) | Protocol ID: 0 (0x0) | port: 0 (0x0) | obj: c0 00 01 00 ff ff ff f0 | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030 | ***parse ISAKMP Identification Payload (IPsec DOI): | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 16 (0x10) | ID type: ID_IPV4_ADDR_SUBNET (0x4) | Protocol ID: 0 (0x0) | port: 0 (0x0) | obj: c0 00 02 10 ff ff ff f0 | removing 12 bytes of padding | quick_inR1_outI2 HASH(2): | 88 fe 86 30 b1 59 0e 62 ee 9f db 57 38 e5 5b 8c | fb 85 5d a1 2b 3d c1 88 80 c4 46 a6 de 27 2c 50 | received 'quick_inR1_outI2' message HASH(2) data ok | ****parse IPsec DOI SIT: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) | ****parse ISAKMP Proposal Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 44 (0x2c) | proposal number: 0 (0x0) | protocol ID: PROTO_IPSEC_ESP (0x3) | SPI size: 4 (0x4) | number of transforms: 1 (0x1) | parsing 4 raw bytes of ISAKMP Proposal Payload into SPI | SPI ac b2 97 c8 | *****parse ISAKMP Transform Payload (ESP): | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 32 (0x20) | ESP transform number: 0 (0x0) | ESP transform ID: ESP_AES (0xc) | ******parse ISAKMP IPsec DOI attribute: | af+type: AF+GROUP_DESCRIPTION (0x8003) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | ******parse ISAKMP IPsec DOI attribute: | af+type: AF+ENCAPSULATION_MODE (0x8004) | length/value: 1 (0x1) | [1 is ENCAPSULATION_MODE_TUNNEL] | NAT-T non-encap: Installing IPsec SA without ENCAP, st->hidden_variables.st_nat_traversal is none | ******parse ISAKMP IPsec DOI attribute: | af+type: AF+SA_LIFE_TYPE (0x8001) | length/value: 1 (0x1) | [1 is SA_LIFE_TYPE_SECONDS] | ******parse ISAKMP IPsec DOI attribute: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) | length/value: 28800 (0x7080) | ******parse ISAKMP IPsec DOI attribute: | af+type: AF+AUTH_ALGORITHM (0x8005) | length/value: 2 (0x2) | [2 is AUTH_ALGORITHM_HMAC_SHA1] | ******parse ISAKMP IPsec DOI attribute: | af+type: AF+KEY_LENGTH (0x8006) | length/value: 128 (0x80) | ESP IPsec Transform verified unconditionally; no alg_info to check against | started looking for secret for @west->@east of kind PKK_PSK | actually looking for secret for @west->@east of kind PKK_PSK | line 1: key type PKK_PSK(@west) to type PKK_RSA | concluding with best_match=000 best=(nil) (lineno=-1) | no PreShared Key Found | adding quick outI2 DH work-order 16 for state #9 | state #9 requesting EVENT_RETRANSMIT to be deleted | #9 STATE_QUICK_I1: retransmits: cleared | libevent_free: release ptr-libevent@0x55ebb7f62628 | free_event_entry: release EVENT_RETRANSMIT-pe@0x55ebb7f51a28 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55ebb7f51a28 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #9 | libevent_malloc: new ptr-libevent@0x55ebb7f62ad8 size 128 | complete v1 state transition with STF_SUSPEND | [RE]START processing: state #9 connection "westnet-eastnet-subnets/1x1" from 192.1.2.23 (in complete_v1_state_transition() at ikev1.c:2648) | suspending state #9 and saving MD | #9 is busy; has a suspended MD | #9 spent 0.127 milliseconds in process_packet_tail() | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #9 connection "westnet-eastnet-subnets/1x1" from 192.1.2.23 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.378 milliseconds in comm_handle_cb() reading and processing packet | processing resume sending helper answer for #7 | crypto helper 1 resuming | start processing: state #7 connection "westnet-eastnet-subnets/2x1" from 192.1.2.23 (in resume_handler() at server.c:797) | crypto helper 1 starting work-order 16 for state #9 | crypto helper 0 replies to request ID 15 | crypto helper 1 doing compute dh (V1 Phase 2 PFS) (quick outI2 DH); request ID 16 | calling continuation function 0x55ebb72bcb50 | quick_inR1_outI2_continue for #7: calculated ke+nonce, calculating DH | **emit ISAKMP Message: | initiator cookie: | 58 65 7e 03 6c d2 dc 8b | responder cookie: | 8c 79 d8 bb 28 3b 88 3a | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_QUICK (0x20) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 1486657262 (0x589c96ee) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address | ID address c0 00 01 80 | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID mask | ID mask ff ff ff f0 | our client is subnet 192.0.1.128/28 | our client protocol/port is 0/0 | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address | ID address c0 00 02 10 | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID mask | ID mask ff ff ff f0 | peer client is subnet 192.0.2.16/28 | peer client protocol/port is 0/0 | ***emit ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'reply packet' | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload | emitting length of ISAKMP Hash Payload: 36 | quick_inR1_outI2 HASH(3): | 08 b8 e3 e4 35 79 94 cb 0e 4f 56 81 bd a1 ac bd | 0c 5a 6e 6a f7 ec 61 e1 14 9e d2 57 76 38 0e 0a | compute_proto_keymat: needed_len (after ESP enc)=16 | compute_proto_keymat: needed_len (after ESP auth)=36 | install_ipsec_sa() for #7: inbound and outbound | could_route called for westnet-eastnet-subnets/2x1 (kind=CK_PERMANENT) | FOR_EACH_CONNECTION_... in route_owner | conn westnet-eastnet-subnets/2x1 mark 0/00000000, 0/00000000 vs | conn westnet-eastnet-subnets/2x2 mark 0/00000000, 0/00000000 | conn westnet-eastnet-subnets/2x1 mark 0/00000000, 0/00000000 vs | conn westnet-eastnet-subnets/2x1 mark 0/00000000, 0/00000000 | conn westnet-eastnet-subnets/2x1 mark 0/00000000, 0/00000000 vs | conn westnet-eastnet-subnets/1x2 mark 0/00000000, 0/00000000 | conn westnet-eastnet-subnets/2x1 mark 0/00000000, 0/00000000 vs | conn westnet-eastnet-subnets/1x1 mark 0/00000000, 0/00000000 | route owner of "westnet-eastnet-subnets/2x1" erouted: self; eroute owner: self | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 | setting IPsec SA replay-window to 32 | NIC esp-hw-offload not for connection 'westnet-eastnet-subnets/2x1' not available on interface eth1 | netlink: enabling tunnel mode | netlink: setting IPsec SA replay-window to 32 using old-style req | netlink: esp-hw-offload not set for IPsec SA | netlink response for Add SA esp.fdd85bd4@192.1.2.23 included non-error error | set up outgoing SA, ref=0/0 | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 | setting IPsec SA replay-window to 32 | NIC esp-hw-offload not for connection 'westnet-eastnet-subnets/2x1' not available on interface eth1 | netlink: enabling tunnel mode | netlink: setting IPsec SA replay-window to 32 using old-style req | netlink: esp-hw-offload not set for IPsec SA | netlink response for Add SA esp.abe58c79@192.1.2.45 included non-error error | set up incoming SA, ref=0/0 | sr for #7: erouted | route_and_eroute() for proto 0, and source port 0 dest port 0 | FOR_EACH_CONNECTION_... in route_owner | conn westnet-eastnet-subnets/2x1 mark 0/00000000, 0/00000000 vs | conn westnet-eastnet-subnets/2x2 mark 0/00000000, 0/00000000 | conn westnet-eastnet-subnets/2x1 mark 0/00000000, 0/00000000 vs | conn westnet-eastnet-subnets/2x1 mark 0/00000000, 0/00000000 | conn westnet-eastnet-subnets/2x1 mark 0/00000000, 0/00000000 vs | conn westnet-eastnet-subnets/1x2 mark 0/00000000, 0/00000000 | conn westnet-eastnet-subnets/2x1 mark 0/00000000, 0/00000000 vs | conn westnet-eastnet-subnets/1x1 mark 0/00000000, 0/00000000 | route owner of "westnet-eastnet-subnets/2x1" erouted: self; eroute owner: self | route_and_eroute with c: westnet-eastnet-subnets/2x1 (next: none) ero:westnet-eastnet-subnets/2x1 esr:{(nil)} ro:westnet-eastnet-subnets/2x1 rosr:{(nil)} and state: #7 | priority calculation of connection "westnet-eastnet-subnets/2x1" is 0xfe3e3 | eroute_connection replace eroute 192.0.1.128/28:0 --0-> 192.0.2.16/28:0 => tun.0@192.1.2.23>tun.0@192.1.2.23 (raw_eroute) | IPsec Sa SPD priority set to 1041379 | raw_eroute result=success | route_and_eroute: firewall_notified: true | route_and_eroute: instance "westnet-eastnet-subnets/2x1", setting eroute_owner {spd=0x55ebb7f491b8,sr=0x55ebb7f491b8} to #7 (was #4) (newest_ipsec_sa=#4) | #1 spent 0.244 milliseconds in install_ipsec_sa() | emitting 12 zero bytes of encryption padding into ISAKMP Message | no IKEv1 message padding required | emitting length of ISAKMP Message: 76 | inR1_outI2: instance westnet-eastnet-subnets/2x1[0], setting IKEv1 newest_ipsec_sa to #7 (was #4) (spd.eroute=#7) cloned from #1 | DPD: dpd_init() called on IPsec SA | DPD: Peer does not support Dead Peer Detection | complete v1 state transition with STF_OK | [RE]START processing: state #7 connection "westnet-eastnet-subnets/2x1" from 192.1.2.23 (in complete_v1_state_transition() at ikev1.c:2673) | #7 is idle | doing_xauth:no, t_xauth_client_done:no | IKEv1: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2 | child state #7: QUICK_I1(established CHILD SA) => QUICK_I2(established CHILD SA) | event_already_set, deleting event | state #7 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f996400a038 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f996c004218 | sending reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending 76 bytes for STATE_QUICK_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #7) | crypto helper 1 finished compute dh (V1 Phase 2 PFS) (quick outI2 DH); request ID 16 time elapsed 0.000527 seconds | 58 65 7e 03 6c d2 dc 8b 8c 79 d8 bb 28 3b 88 3a | 08 10 20 01 58 9c 96 ee 00 00 00 4c 75 2c 2c 32 | (#9) spent 0.529 milliseconds in crypto helper computing work-order 16: quick outI2 DH (pcr) | 5f 49 5f fb bc e5 b4 28 7b c4 f2 f5 8b 2b a6 f1 | 4e 28 c2 cd f6 d4 c7 7e 2e 88 d7 e7 bb 38 75 57 | 7d 18 87 31 2c 42 b2 df 4b c4 dc df | crypto helper 1 sending results from work-order 16 for state #9 to event queue | scheduling resume sending helper answer for #9 | libevent_malloc: new ptr-libevent@0x7f9968004dd8 size 128 | crypto helper 1 waiting (nothing to do) | !event_already_set at reschedule | event_schedule: new EVENT_SA_REPLACE-pe@0x7f996c004218 | inserting event EVENT_SA_REPLACE, timeout in 28154 seconds for #7 | libevent_malloc: new ptr-libevent@0x55ebb7f62ce8 size 128 | pstats #7 ikev1.ipsec established | NAT-T: encaps is 'auto' "westnet-eastnet-subnets/2x1" #7: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode {ESP=>0xfdd85bd4 <0xabe58c79 xfrm=AES_CBC_128-HMAC_SHA1_96 NATOA=none NATD=none DPD=passive} | modecfg pull: noquirk policy:push not-client | phase 1 is done, looking for phase 2 to unpend | close_any(fd@25) (in release_whack() at state.c:654) | resume sending helper answer for #7 suppresed complete_v1_state_transition() | #7 spent 0.581 milliseconds in resume sending helper answer | stop processing: state #7 connection "westnet-eastnet-subnets/2x1" from 192.1.2.23 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f9970003a78 | spent 0.00134 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 460 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | 58 65 7e 03 6c d2 dc 8b 8c 79 d8 bb 28 3b 88 3a | 08 10 20 01 e6 5a b2 3a 00 00 01 cc 61 cf 87 a0 | bf d6 2e ed 54 5c 22 1c 8c 2d f3 71 b2 12 30 dd | d9 a7 a2 e8 6e af 66 39 d4 ee 24 d5 65 63 56 90 | 13 12 cf 25 bc 9d 50 10 52 eb 71 2a c1 ff cb 1c | ea d9 39 46 5c 2a 89 06 37 fc d5 eb 8a ff 9f 50 | ec 5e f8 6f 09 26 58 e8 69 f1 11 1d af 09 e8 44 | 15 ea aa c0 d9 79 57 80 c9 78 f6 fd ea 0b 8a a0 | 42 39 9f aa 82 85 0d d3 37 28 1f f9 ed 85 99 b1 | 42 ff 8b 82 47 fc 40 f8 ca ed af 13 e6 52 17 2c | 77 de 2e 53 69 c6 ff a5 9a 5e e7 2e 45 39 6f 04 | 2f 73 9a 4d a5 4e 99 cc 45 0b 45 12 3a 59 ed 21 | 1e 40 a6 e0 d7 7c a8 d9 ce e7 8b 98 db ac 89 a9 | 57 1b a5 dd 9d 5e 11 da 7a 91 48 bd 00 dc 73 4a | 61 3b 0f 64 28 c0 19 d9 ce 74 ee 41 33 94 60 15 | 46 14 42 f3 3f a0 44 58 e5 9f c2 f9 97 7e 5e c6 | 8f 6f 8d 94 74 1c ec eb f8 74 79 15 1d d7 77 58 | 97 66 b6 e7 1a ad 66 5c 9a b4 82 8c cc c8 d6 d1 | 98 31 b0 12 50 db 7c c2 ce ca 65 63 43 c7 02 2e | 0e d8 7d cd 2e c6 41 0a 5d 9c 61 2a 05 31 d8 40 | ba 51 f9 19 b1 27 ef a5 dd d5 e8 f1 c3 6b 2e 20 | 62 b4 e9 bd 0a 73 c2 37 f7 1f 51 31 ab 16 82 3e | b9 d2 0c 74 df 19 c6 dd 8d cc d0 0d b6 df 44 b3 | 32 f0 da 96 ab 91 cd 21 4d 00 fc 44 ae 5a 1e 5b | 91 ef 18 87 c1 b4 ed e7 1a 43 cb b8 33 27 7d ac | 40 4b 69 99 34 c6 04 69 bf 0f 8f 32 b4 f6 eb 55 | c3 dc b3 59 03 44 3b 95 41 03 9a 53 84 e3 a9 5c | d8 da b9 97 cb 7c 8b 0d 42 c5 24 0f ea 72 7e e2 | 22 75 7a 29 b1 03 b5 bd bd 93 a6 85 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 58 65 7e 03 6c d2 dc 8b | responder cookie: | 8c 79 d8 bb 28 3b 88 3a | next payload type: ISAKMP_NEXT_HASH (0x8) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_QUICK (0x20) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 3864703546 (0xe65ab23a) | length: 460 (0x1cc) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32) | State DB: found IKEv1 state #8 in QUICK_I1 (find_state_ikev1) | start processing: state #8 connection "westnet-eastnet-subnets/1x2" from 192.1.2.23 (in process_v1_packet() at ikev1.c:1633) | #8 is idle | #8 idle | received encrypted packet from 192.1.2.23:500 | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x502 opt: 0x200030 | ***parse ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_SA (0x1) | length: 36 (0x24) | got payload 0x2 (ISAKMP_NEXT_SA) needed: 0x402 opt: 0x200030 | ***parse ISAKMP Security Association Payload: | next payload type: ISAKMP_NEXT_NONCE (0xa) | length: 56 (0x38) | DOI: ISAKMP_DOI_IPSEC (0x1) | got payload 0x400 (ISAKMP_NEXT_NONCE) needed: 0x400 opt: 0x200030 | ***parse ISAKMP Nonce Payload: | next payload type: ISAKMP_NEXT_KE (0x4) | length: 36 (0x24) | got payload 0x10 (ISAKMP_NEXT_KE) needed: 0x0 opt: 0x200030 | ***parse ISAKMP Key Exchange Payload: | next payload type: ISAKMP_NEXT_ID (0x5) | length: 260 (0x104) | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030 | ***parse ISAKMP Identification Payload (IPsec DOI): | next payload type: ISAKMP_NEXT_ID (0x5) | length: 16 (0x10) | ID type: ID_IPV4_ADDR_SUBNET (0x4) | Protocol ID: 0 (0x0) | port: 0 (0x0) | obj: c0 00 01 00 ff ff ff f0 | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030 | ***parse ISAKMP Identification Payload (IPsec DOI): | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 16 (0x10) | ID type: ID_IPV4_ADDR_SUBNET (0x4) | Protocol ID: 0 (0x0) | port: 0 (0x0) | obj: c0 00 02 40 ff ff ff c0 | removing 12 bytes of padding | quick_inR1_outI2 HASH(2): | 4b f5 42 6d 4a 13 51 22 45 1e 5c ce 19 67 87 a3 | 02 ba ba d9 31 c8 57 59 d1 b6 44 41 2f 4d 4d b8 | received 'quick_inR1_outI2' message HASH(2) data ok | ****parse IPsec DOI SIT: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) | ****parse ISAKMP Proposal Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 44 (0x2c) | proposal number: 0 (0x0) | protocol ID: PROTO_IPSEC_ESP (0x3) | SPI size: 4 (0x4) | number of transforms: 1 (0x1) | parsing 4 raw bytes of ISAKMP Proposal Payload into SPI | SPI 27 e8 39 d6 | *****parse ISAKMP Transform Payload (ESP): | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 32 (0x20) | ESP transform number: 0 (0x0) | ESP transform ID: ESP_AES (0xc) | ******parse ISAKMP IPsec DOI attribute: | af+type: AF+GROUP_DESCRIPTION (0x8003) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | ******parse ISAKMP IPsec DOI attribute: | af+type: AF+ENCAPSULATION_MODE (0x8004) | length/value: 1 (0x1) | [1 is ENCAPSULATION_MODE_TUNNEL] | NAT-T non-encap: Installing IPsec SA without ENCAP, st->hidden_variables.st_nat_traversal is none | ******parse ISAKMP IPsec DOI attribute: | af+type: AF+SA_LIFE_TYPE (0x8001) | length/value: 1 (0x1) | [1 is SA_LIFE_TYPE_SECONDS] | ******parse ISAKMP IPsec DOI attribute: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) | length/value: 28800 (0x7080) | ******parse ISAKMP IPsec DOI attribute: | af+type: AF+AUTH_ALGORITHM (0x8005) | length/value: 2 (0x2) | [2 is AUTH_ALGORITHM_HMAC_SHA1] | ******parse ISAKMP IPsec DOI attribute: | af+type: AF+KEY_LENGTH (0x8006) | length/value: 128 (0x80) | ESP IPsec Transform verified unconditionally; no alg_info to check against | started looking for secret for @west->@east of kind PKK_PSK | actually looking for secret for @west->@east of kind PKK_PSK | line 1: key type PKK_PSK(@west) to type PKK_RSA | concluding with best_match=000 best=(nil) (lineno=-1) | no PreShared Key Found | adding quick outI2 DH work-order 17 for state #8 | state #8 requesting EVENT_RETRANSMIT to be deleted | #8 STATE_QUICK_I1: retransmits: cleared | libevent_free: release ptr-libevent@0x7f995c007858 | free_event_entry: release EVENT_RETRANSMIT-pe@0x55ebb7f59a18 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55ebb7f59a18 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #8 | libevent_malloc: new ptr-libevent@0x7f9970003a78 size 128 | complete v1 state transition with STF_SUSPEND | [RE]START processing: state #8 connection "westnet-eastnet-subnets/1x2" from 192.1.2.23 (in complete_v1_state_transition() at ikev1.c:2648) | crypto helper 5 resuming | suspending state #8 and saving MD | #8 is busy; has a suspended MD | crypto helper 5 starting work-order 17 for state #8 | #8 spent 0.127 milliseconds in process_packet_tail() | crypto helper 5 doing compute dh (V1 Phase 2 PFS) (quick outI2 DH); request ID 17 | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #8 connection "westnet-eastnet-subnets/1x2" from 192.1.2.23 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.332 milliseconds in comm_handle_cb() reading and processing packet | processing resume sending helper answer for #9 | start processing: state #9 connection "westnet-eastnet-subnets/1x1" from 192.1.2.23 (in resume_handler() at server.c:797) | crypto helper 1 replies to request ID 16 | calling continuation function 0x55ebb72bcb50 | quick_inR1_outI2_continue for #9: calculated ke+nonce, calculating DH | **emit ISAKMP Message: | initiator cookie: | 58 65 7e 03 6c d2 dc 8b | responder cookie: | 8c 79 d8 bb 28 3b 88 3a | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_QUICK (0x20) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 4137151458 (0xf697ebe2) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address | ID address c0 00 01 00 | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID mask | ID mask ff ff ff f0 | our client is subnet 192.0.1.0/28 | our client protocol/port is 0/0 | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address | ID address c0 00 02 10 | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID mask | ID mask ff ff ff f0 | peer client is subnet 192.0.2.16/28 | peer client protocol/port is 0/0 | ***emit ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'reply packet' | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload | emitting length of ISAKMP Hash Payload: 36 | quick_inR1_outI2 HASH(3): | 62 7d 9c 8b 36 52 98 4d 13 01 08 1e 59 5a a0 52 | 1d a0 66 1c 37 ab f6 dc f8 93 1f 2a 72 8b 8b 79 | compute_proto_keymat: needed_len (after ESP enc)=16 | compute_proto_keymat: needed_len (after ESP auth)=36 | install_ipsec_sa() for #9: inbound and outbound | could_route called for westnet-eastnet-subnets/1x1 (kind=CK_PERMANENT) | FOR_EACH_CONNECTION_... in route_owner | conn westnet-eastnet-subnets/1x1 mark 0/00000000, 0/00000000 vs | conn westnet-eastnet-subnets/2x2 mark 0/00000000, 0/00000000 | conn westnet-eastnet-subnets/1x1 mark 0/00000000, 0/00000000 vs | conn westnet-eastnet-subnets/2x1 mark 0/00000000, 0/00000000 | conn westnet-eastnet-subnets/1x1 mark 0/00000000, 0/00000000 vs | conn westnet-eastnet-subnets/1x2 mark 0/00000000, 0/00000000 | conn westnet-eastnet-subnets/1x1 mark 0/00000000, 0/00000000 vs | conn westnet-eastnet-subnets/1x1 mark 0/00000000, 0/00000000 | route owner of "westnet-eastnet-subnets/1x1" erouted: self; eroute owner: self | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 | setting IPsec SA replay-window to 32 | NIC esp-hw-offload not for connection 'westnet-eastnet-subnets/1x1' not available on interface eth1 | netlink: enabling tunnel mode | netlink: setting IPsec SA replay-window to 32 using old-style req | netlink: esp-hw-offload not set for IPsec SA | netlink response for Add SA esp.acb297c8@192.1.2.23 included non-error error | set up outgoing SA, ref=0/0 | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 | setting IPsec SA replay-window to 32 | NIC esp-hw-offload not for connection 'westnet-eastnet-subnets/1x1' not available on interface eth1 | netlink: enabling tunnel mode | netlink: setting IPsec SA replay-window to 32 using old-style req | netlink: esp-hw-offload not set for IPsec SA | netlink response for Add SA esp.fbe27bd0@192.1.2.45 included non-error error | set up incoming SA, ref=0/0 | sr for #9: erouted | route_and_eroute() for proto 0, and source port 0 dest port 0 | FOR_EACH_CONNECTION_... in route_owner | conn westnet-eastnet-subnets/1x1 mark 0/00000000, 0/00000000 vs | conn westnet-eastnet-subnets/2x2 mark 0/00000000, 0/00000000 | conn westnet-eastnet-subnets/1x1 mark 0/00000000, 0/00000000 vs | conn westnet-eastnet-subnets/2x1 mark 0/00000000, 0/00000000 | conn westnet-eastnet-subnets/1x1 mark 0/00000000, 0/00000000 vs | conn westnet-eastnet-subnets/1x2 mark 0/00000000, 0/00000000 | conn westnet-eastnet-subnets/1x1 mark 0/00000000, 0/00000000 vs | conn westnet-eastnet-subnets/1x1 mark 0/00000000, 0/00000000 | route owner of "westnet-eastnet-subnets/1x1" erouted: self; eroute owner: self | route_and_eroute with c: westnet-eastnet-subnets/1x1 (next: none) ero:westnet-eastnet-subnets/1x1 esr:{(nil)} ro:westnet-eastnet-subnets/1x1 rosr:{(nil)} and state: #9 | priority calculation of connection "westnet-eastnet-subnets/1x1" is 0xfe3e3 | eroute_connection replace eroute 192.0.1.0/28:0 --0-> 192.0.2.16/28:0 => tun.0@192.1.2.23>tun.0@192.1.2.23 (raw_eroute) | IPsec Sa SPD priority set to 1041379 | raw_eroute result=success | route_and_eroute: firewall_notified: true | route_and_eroute: instance "westnet-eastnet-subnets/1x1", setting eroute_owner {spd=0x55ebb7f47868,sr=0x55ebb7f47868} to #9 (was #2) (newest_ipsec_sa=#2) | #1 spent 0.223 milliseconds in install_ipsec_sa() | emitting 12 zero bytes of encryption padding into ISAKMP Message | no IKEv1 message padding required | emitting length of ISAKMP Message: 76 | inR1_outI2: instance westnet-eastnet-subnets/1x1[0], setting IKEv1 newest_ipsec_sa to #9 (was #2) (spd.eroute=#9) cloned from #1 | DPD: dpd_init() called on IPsec SA | DPD: Peer does not support Dead Peer Detection | complete v1 state transition with STF_OK | [RE]START processing: state #9 connection "westnet-eastnet-subnets/1x1" from 192.1.2.23 (in complete_v1_state_transition() at ikev1.c:2673) | #9 is idle | doing_xauth:no, t_xauth_client_done:no | IKEv1: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2 | child state #9: QUICK_I1(established CHILD SA) => QUICK_I2(established CHILD SA) | event_already_set, deleting event | state #9 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x55ebb7f62ad8 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55ebb7f51a28 | sending reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending 76 bytes for STATE_QUICK_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #9) | 58 65 7e 03 6c d2 dc 8b 8c 79 d8 bb 28 3b 88 3a | 08 10 20 01 f6 97 eb e2 00 00 00 4c b6 8e 99 71 | 5c bd 3d 65 fb 46 09 ad 58 49 6c d5 79 da d9 83 | 1b 24 0e 53 21 98 91 a3 c8 01 01 de a4 3f 9c 8c | 60 dd 63 3b b7 2e 90 51 29 a6 1b 28 | !event_already_set at reschedule | event_schedule: new EVENT_SA_REPLACE-pe@0x55ebb7f51a28 | inserting event EVENT_SA_REPLACE, timeout in 28079 seconds for #9 | libevent_malloc: new ptr-libevent@0x55ebb7f69458 size 128 | pstats #9 ikev1.ipsec established | NAT-T: encaps is 'auto' "westnet-eastnet-subnets/1x1" #9: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode {ESP=>0xacb297c8 <0xfbe27bd0 xfrm=AES_CBC_128-HMAC_SHA1_96 NATOA=none NATD=none DPD=passive} | modecfg pull: noquirk policy:push not-client | phase 1 is done, looking for phase 2 to unpend | close_any(fd@27) (in release_whack() at state.c:654) | resume sending helper answer for #9 suppresed complete_v1_state_transition() | #9 spent 0.502 milliseconds in resume sending helper answer | stop processing: state #9 connection "westnet-eastnet-subnets/1x1" from 192.1.2.23 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f9968004dd8 | spent 0.00122 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 460 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | 58 65 7e 03 6c d2 dc 8b 8c 79 d8 bb 28 3b 88 3a | 08 10 20 01 c0 29 f8 8b 00 00 01 cc 98 17 b6 d8 | da e7 0b d6 9f 4b 38 22 ea e0 35 78 dc 61 aa 97 | crypto helper 5 finished compute dh (V1 Phase 2 PFS) (quick outI2 DH); request ID 17 time elapsed 0.000556 seconds | 76 19 a0 f9 ea ca df fb 2d 52 57 34 fe 15 5f fb | (#8) spent 0.554 milliseconds in crypto helper computing work-order 17: quick outI2 DH (pcr) | crypto helper 5 sending results from work-order 17 for state #8 to event queue | 36 da da 36 eb a0 14 6a 9d 7e 9c cd 24 a0 11 d2 | 79 17 90 e0 6f ea cd de f1 f2 f0 a8 e1 8a ca c9 | d2 4f 83 e8 8d a5 37 9f 07 3f 5e 00 90 c1 91 5d | scheduling resume sending helper answer for #8 | c7 f0 fd d4 3a 80 17 f5 13 92 23 38 ca 6f af 6a | d3 36 91 54 a5 5b 03 50 31 c7 19 92 de 84 c4 20 | 80 86 9d 84 48 db 1d 19 04 ae b1 73 db 50 fe d5 | libevent_malloc: new ptr-libevent@0x7f99580067b8 size 128 | 13 e4 71 71 b2 c7 72 65 59 7f 4d e9 0e 37 19 b8 | crypto helper 5 waiting (nothing to do) | 4b 44 3c b6 ae 18 63 98 e3 3e 40 08 4a 74 dd bf | 2c 1e 9e 7d ab 08 8a 98 b4 b7 38 56 2d 34 c8 78 | d4 18 cc b4 3a 28 27 90 d4 29 53 cf 85 b5 48 25 | ca 58 c1 4e 66 b7 66 8a b7 58 8f 7f bd dc c3 0f | a2 e5 30 3a 7d cc 56 29 38 f8 49 1b ae ab 3b 40 | 93 42 34 2b a1 ab 1e 41 1c c3 77 b8 f7 47 ae 02 | 23 fd 55 80 9a 62 78 aa 88 9a 2b 25 f3 e4 d2 65 | c4 df fe 03 11 de a9 26 19 38 d8 c8 05 21 02 76 | a0 90 a8 07 48 d5 e1 9c ab 98 d9 21 c5 21 ee 97 | 70 ff 83 a9 82 e3 50 78 67 6b 76 2b 65 99 1e d2 | 87 d4 84 d2 5e 25 76 0b 37 97 69 42 da 4b cc de | c1 47 da 0b 0f 10 fb e0 fe 74 9d 40 8e 57 5f 48 | 61 d9 62 55 47 3c 6e 6c 66 25 3b 3c 2a 36 54 92 | f9 cc 09 aa fb 8b 91 c4 c8 ba d7 8a a0 5f 51 ff | 39 39 ac b0 9a 04 b4 ad c2 d0 ea 46 4b d2 14 31 | ec ba cf 2c e5 b3 02 4a 20 72 c5 87 88 ac 71 a2 | 1d b7 86 4d 2d 1b c4 a6 bc 6d 11 24 6c 3a d6 c6 | 68 df df 00 7b 63 bf 96 24 e0 5e 3f | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 58 65 7e 03 6c d2 dc 8b | responder cookie: | 8c 79 d8 bb 28 3b 88 3a | next payload type: ISAKMP_NEXT_HASH (0x8) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_QUICK (0x20) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 3223976075 (0xc029f88b) | length: 460 (0x1cc) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32) | State DB: found IKEv1 state #6 in QUICK_I1 (find_state_ikev1) | start processing: state #6 connection "westnet-eastnet-subnets/2x2" from 192.1.2.23 (in process_v1_packet() at ikev1.c:1633) | #6 is idle | #6 idle | received encrypted packet from 192.1.2.23:500 | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x502 opt: 0x200030 | ***parse ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_SA (0x1) | length: 36 (0x24) | got payload 0x2 (ISAKMP_NEXT_SA) needed: 0x402 opt: 0x200030 | ***parse ISAKMP Security Association Payload: | next payload type: ISAKMP_NEXT_NONCE (0xa) | length: 56 (0x38) | DOI: ISAKMP_DOI_IPSEC (0x1) | got payload 0x400 (ISAKMP_NEXT_NONCE) needed: 0x400 opt: 0x200030 | ***parse ISAKMP Nonce Payload: | next payload type: ISAKMP_NEXT_KE (0x4) | length: 36 (0x24) | got payload 0x10 (ISAKMP_NEXT_KE) needed: 0x0 opt: 0x200030 | ***parse ISAKMP Key Exchange Payload: | next payload type: ISAKMP_NEXT_ID (0x5) | length: 260 (0x104) | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030 | ***parse ISAKMP Identification Payload (IPsec DOI): | next payload type: ISAKMP_NEXT_ID (0x5) | length: 16 (0x10) | ID type: ID_IPV4_ADDR_SUBNET (0x4) | Protocol ID: 0 (0x0) | port: 0 (0x0) | obj: c0 00 01 80 ff ff ff f0 | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030 | ***parse ISAKMP Identification Payload (IPsec DOI): | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 16 (0x10) | ID type: ID_IPV4_ADDR_SUBNET (0x4) | Protocol ID: 0 (0x0) | port: 0 (0x0) | obj: c0 00 02 40 ff ff ff c0 | removing 12 bytes of padding | quick_inR1_outI2 HASH(2): | 6c f5 3c 28 8d 2d 21 2f 5e a1 73 0c 0a 00 bf 72 | 57 ec 44 b0 ee 60 9b 24 85 20 d2 6a 9d 2f c7 a6 | received 'quick_inR1_outI2' message HASH(2) data ok | ****parse IPsec DOI SIT: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) | ****parse ISAKMP Proposal Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 44 (0x2c) | proposal number: 0 (0x0) | protocol ID: PROTO_IPSEC_ESP (0x3) | SPI size: 4 (0x4) | number of transforms: 1 (0x1) | parsing 4 raw bytes of ISAKMP Proposal Payload into SPI | SPI 6f 6c 28 c5 | *****parse ISAKMP Transform Payload (ESP): | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 32 (0x20) | ESP transform number: 0 (0x0) | ESP transform ID: ESP_AES (0xc) | ******parse ISAKMP IPsec DOI attribute: | af+type: AF+GROUP_DESCRIPTION (0x8003) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | ******parse ISAKMP IPsec DOI attribute: | af+type: AF+ENCAPSULATION_MODE (0x8004) | length/value: 1 (0x1) | [1 is ENCAPSULATION_MODE_TUNNEL] | NAT-T non-encap: Installing IPsec SA without ENCAP, st->hidden_variables.st_nat_traversal is none | ******parse ISAKMP IPsec DOI attribute: | af+type: AF+SA_LIFE_TYPE (0x8001) | length/value: 1 (0x1) | [1 is SA_LIFE_TYPE_SECONDS] | ******parse ISAKMP IPsec DOI attribute: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) | length/value: 28800 (0x7080) | ******parse ISAKMP IPsec DOI attribute: | af+type: AF+AUTH_ALGORITHM (0x8005) | length/value: 2 (0x2) | [2 is AUTH_ALGORITHM_HMAC_SHA1] | ******parse ISAKMP IPsec DOI attribute: | af+type: AF+KEY_LENGTH (0x8006) | length/value: 128 (0x80) | ESP IPsec Transform verified unconditionally; no alg_info to check against | started looking for secret for @west->@east of kind PKK_PSK | actually looking for secret for @west->@east of kind PKK_PSK | line 1: key type PKK_PSK(@west) to type PKK_RSA | concluding with best_match=000 best=(nil) (lineno=-1) | no PreShared Key Found | adding quick outI2 DH work-order 18 for state #6 | state #6 requesting EVENT_RETRANSMIT to be deleted | #6 STATE_QUICK_I1: retransmits: cleared | libevent_free: release ptr-libevent@0x7f996c00a028 | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f99600058b8 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f99600058b8 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #6 | libevent_malloc: new ptr-libevent@0x7f9968004dd8 size 128 | complete v1 state transition with STF_SUSPEND | crypto helper 6 resuming | [RE]START processing: state #6 connection "westnet-eastnet-subnets/2x2" from 192.1.2.23 (in complete_v1_state_transition() at ikev1.c:2648) | suspending state #6 and saving MD | crypto helper 6 starting work-order 18 for state #6 | #6 is busy; has a suspended MD | crypto helper 6 doing compute dh (V1 Phase 2 PFS) (quick outI2 DH); request ID 18 | #6 spent 0.0906 milliseconds in process_packet_tail() | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #6 connection "westnet-eastnet-subnets/2x2" from 192.1.2.23 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.253 milliseconds in comm_handle_cb() reading and processing packet | processing resume sending helper answer for #8 | start processing: state #8 connection "westnet-eastnet-subnets/1x2" from 192.1.2.23 (in resume_handler() at server.c:797) | crypto helper 5 replies to request ID 17 | calling continuation function 0x55ebb72bcb50 | quick_inR1_outI2_continue for #8: calculated ke+nonce, calculating DH | **emit ISAKMP Message: | initiator cookie: | 58 65 7e 03 6c d2 dc 8b | responder cookie: | 8c 79 d8 bb 28 3b 88 3a | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_QUICK (0x20) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 3864703546 (0xe65ab23a) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address | ID address c0 00 01 00 | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID mask | ID mask ff ff ff f0 | our client is subnet 192.0.1.0/28 | our client protocol/port is 0/0 | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address | ID address c0 00 02 40 | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID mask | ID mask ff ff ff c0 | peer client is subnet 192.0.2.64/26 | peer client protocol/port is 0/0 | ***emit ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'reply packet' | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload | emitting length of ISAKMP Hash Payload: 36 | quick_inR1_outI2 HASH(3): | e5 6e cf 53 da 83 1f 84 76 52 cb 7b 00 a8 dd ae | 7a 73 73 f7 8f 64 9a a5 1c 75 d2 26 31 63 2f 56 | compute_proto_keymat: needed_len (after ESP enc)=16 | compute_proto_keymat: needed_len (after ESP auth)=36 | install_ipsec_sa() for #8: inbound and outbound | could_route called for westnet-eastnet-subnets/1x2 (kind=CK_PERMANENT) | FOR_EACH_CONNECTION_... in route_owner | conn westnet-eastnet-subnets/1x2 mark 0/00000000, 0/00000000 vs | conn westnet-eastnet-subnets/2x2 mark 0/00000000, 0/00000000 | conn westnet-eastnet-subnets/1x2 mark 0/00000000, 0/00000000 vs | conn westnet-eastnet-subnets/2x1 mark 0/00000000, 0/00000000 | conn westnet-eastnet-subnets/1x2 mark 0/00000000, 0/00000000 vs | conn westnet-eastnet-subnets/1x2 mark 0/00000000, 0/00000000 | conn westnet-eastnet-subnets/1x2 mark 0/00000000, 0/00000000 vs | conn westnet-eastnet-subnets/1x1 mark 0/00000000, 0/00000000 | route owner of "westnet-eastnet-subnets/1x2" erouted: self; eroute owner: self | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 | setting IPsec SA replay-window to 32 | NIC esp-hw-offload not for connection 'westnet-eastnet-subnets/1x2' not available on interface eth1 | netlink: enabling tunnel mode | netlink: setting IPsec SA replay-window to 32 using old-style req | netlink: esp-hw-offload not set for IPsec SA | netlink response for Add SA esp.27e839d6@192.1.2.23 included non-error error | set up outgoing SA, ref=0/0 | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 | setting IPsec SA replay-window to 32 | NIC esp-hw-offload not for connection 'westnet-eastnet-subnets/1x2' not available on interface eth1 | netlink: enabling tunnel mode | netlink: setting IPsec SA replay-window to 32 using old-style req | netlink: esp-hw-offload not set for IPsec SA | netlink response for Add SA esp.5c64f478@192.1.2.45 included non-error error | set up incoming SA, ref=0/0 | sr for #8: erouted | route_and_eroute() for proto 0, and source port 0 dest port 0 | FOR_EACH_CONNECTION_... in route_owner | conn westnet-eastnet-subnets/1x2 mark 0/00000000, 0/00000000 vs | conn westnet-eastnet-subnets/2x2 mark 0/00000000, 0/00000000 | conn westnet-eastnet-subnets/1x2 mark 0/00000000, 0/00000000 vs | conn westnet-eastnet-subnets/2x1 mark 0/00000000, 0/00000000 | conn westnet-eastnet-subnets/1x2 mark 0/00000000, 0/00000000 vs | conn westnet-eastnet-subnets/1x2 mark 0/00000000, 0/00000000 | conn westnet-eastnet-subnets/1x2 mark 0/00000000, 0/00000000 vs | conn westnet-eastnet-subnets/1x1 mark 0/00000000, 0/00000000 | route owner of "westnet-eastnet-subnets/1x2" erouted: self; eroute owner: self | route_and_eroute with c: westnet-eastnet-subnets/1x2 (next: none) ero:westnet-eastnet-subnets/1x2 esr:{(nil)} ro:westnet-eastnet-subnets/1x2 rosr:{(nil)} and state: #8 | priority calculation of connection "westnet-eastnet-subnets/1x2" is 0xfe3e5 | eroute_connection replace eroute 192.0.1.0/28:0 --0-> 192.0.2.64/26:0 => tun.0@192.1.2.23>tun.0@192.1.2.23 (raw_eroute) | IPsec Sa SPD priority set to 1041381 | raw_eroute result=success | route_and_eroute: firewall_notified: true | route_and_eroute: instance "westnet-eastnet-subnets/1x2", setting eroute_owner {spd=0x55ebb7f48bc8,sr=0x55ebb7f48bc8} to #8 (was #3) (newest_ipsec_sa=#3) | #1 spent 0.161 milliseconds in install_ipsec_sa() | emitting 12 zero bytes of encryption padding into ISAKMP Message | no IKEv1 message padding required | emitting length of ISAKMP Message: 76 | inR1_outI2: instance westnet-eastnet-subnets/1x2[0], setting IKEv1 newest_ipsec_sa to #8 (was #3) (spd.eroute=#8) cloned from #1 | DPD: dpd_init() called on IPsec SA | DPD: Peer does not support Dead Peer Detection | complete v1 state transition with STF_OK | [RE]START processing: state #8 connection "westnet-eastnet-subnets/1x2" from 192.1.2.23 (in complete_v1_state_transition() at ikev1.c:2673) | #8 is idle | doing_xauth:no, t_xauth_client_done:no | IKEv1: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2 | child state #8: QUICK_I1(established CHILD SA) => QUICK_I2(established CHILD SA) | event_already_set, deleting event | state #8 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f9970003a78 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55ebb7f59a18 | sending reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending 76 bytes for STATE_QUICK_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #8) | 58 65 7e 03 6c d2 dc 8b 8c 79 d8 bb 28 3b 88 3a | 08 10 20 01 e6 5a b2 3a 00 00 00 4c 46 a9 fa e4 | 07 f5 f8 c9 0e b3 47 62 35 1d 82 ea 5e 50 31 f2 | 30 61 2e fd 21 d4 a3 40 51 03 f6 42 03 8c 45 90 | dc 0b f5 89 6a 8f 7d 6f 35 d4 c6 c4 | !event_already_set at reschedule | event_schedule: new EVENT_SA_REPLACE-pe@0x55ebb7f59a18 | inserting event EVENT_SA_REPLACE, timeout in 27846 seconds for #8 | libevent_malloc: new ptr-libevent@0x55ebb7f62d98 size 128 | pstats #8 ikev1.ipsec established | NAT-T: encaps is 'auto' "westnet-eastnet-subnets/1x2" #8: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode {ESP=>0x27e839d6 <0x5c64f478 xfrm=AES_CBC_128-HMAC_SHA1_96 NATOA=none NATD=none DPD=passive} | modecfg pull: noquirk policy:push not-client | phase 1 is done, looking for phase 2 to unpend | close_any(fd@26) (in release_whack() at state.c:654) | resume sending helper answer for #8 suppresed complete_v1_state_transition() | #8 spent 0.36 milliseconds in resume sending helper answer | stop processing: state #8 connection "westnet-eastnet-subnets/1x2" from 192.1.2.23 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f99580067b8 | crypto helper 6 finished compute dh (V1 Phase 2 PFS) (quick outI2 DH); request ID 18 time elapsed 0.000522 seconds | (#6) spent 0.525 milliseconds in crypto helper computing work-order 18: quick outI2 DH (pcr) | crypto helper 6 sending results from work-order 18 for state #6 to event queue | scheduling resume sending helper answer for #6 | libevent_malloc: new ptr-libevent@0x7f995c008f38 size 128 | crypto helper 6 waiting (nothing to do) | processing resume sending helper answer for #6 | start processing: state #6 connection "westnet-eastnet-subnets/2x2" from 192.1.2.23 (in resume_handler() at server.c:797) | crypto helper 6 replies to request ID 18 | calling continuation function 0x55ebb72bcb50 | quick_inR1_outI2_continue for #6: calculated ke+nonce, calculating DH | **emit ISAKMP Message: | initiator cookie: | 58 65 7e 03 6c d2 dc 8b | responder cookie: | 8c 79 d8 bb 28 3b 88 3a | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_QUICK (0x20) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 3223976075 (0xc029f88b) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address | ID address c0 00 01 80 | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID mask | ID mask ff ff ff f0 | our client is subnet 192.0.1.128/28 | our client protocol/port is 0/0 | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address | ID address c0 00 02 40 | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID mask | ID mask ff ff ff c0 | peer client is subnet 192.0.2.64/26 | peer client protocol/port is 0/0 | ***emit ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'reply packet' | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload | emitting length of ISAKMP Hash Payload: 36 | quick_inR1_outI2 HASH(3): | 7b 51 0a 91 af e9 bb b8 86 36 8f f5 0f ef 52 12 | ba 7d 69 4e 29 87 02 c6 36 ed dc ce 57 13 fd 88 | compute_proto_keymat: needed_len (after ESP enc)=16 | compute_proto_keymat: needed_len (after ESP auth)=36 | install_ipsec_sa() for #6: inbound and outbound | could_route called for westnet-eastnet-subnets/2x2 (kind=CK_PERMANENT) | FOR_EACH_CONNECTION_... in route_owner | conn westnet-eastnet-subnets/2x2 mark 0/00000000, 0/00000000 vs | conn westnet-eastnet-subnets/2x2 mark 0/00000000, 0/00000000 | conn westnet-eastnet-subnets/2x2 mark 0/00000000, 0/00000000 vs | conn westnet-eastnet-subnets/2x1 mark 0/00000000, 0/00000000 | conn westnet-eastnet-subnets/2x2 mark 0/00000000, 0/00000000 vs | conn westnet-eastnet-subnets/1x2 mark 0/00000000, 0/00000000 | conn westnet-eastnet-subnets/2x2 mark 0/00000000, 0/00000000 vs | conn westnet-eastnet-subnets/1x1 mark 0/00000000, 0/00000000 | route owner of "westnet-eastnet-subnets/2x2" erouted: self; eroute owner: self | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 | setting IPsec SA replay-window to 32 | NIC esp-hw-offload not for connection 'westnet-eastnet-subnets/2x2' not available on interface eth1 | netlink: enabling tunnel mode | netlink: setting IPsec SA replay-window to 32 using old-style req | netlink: esp-hw-offload not set for IPsec SA | netlink response for Add SA esp.6f6c28c5@192.1.2.23 included non-error error | set up outgoing SA, ref=0/0 | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 | setting IPsec SA replay-window to 32 | NIC esp-hw-offload not for connection 'westnet-eastnet-subnets/2x2' not available on interface eth1 | netlink: enabling tunnel mode | netlink: setting IPsec SA replay-window to 32 using old-style req | netlink: esp-hw-offload not set for IPsec SA | netlink response for Add SA esp.e50ff333@192.1.2.45 included non-error error | set up incoming SA, ref=0/0 | sr for #6: erouted | route_and_eroute() for proto 0, and source port 0 dest port 0 | FOR_EACH_CONNECTION_... in route_owner | conn westnet-eastnet-subnets/2x2 mark 0/00000000, 0/00000000 vs | conn westnet-eastnet-subnets/2x2 mark 0/00000000, 0/00000000 | conn westnet-eastnet-subnets/2x2 mark 0/00000000, 0/00000000 vs | conn westnet-eastnet-subnets/2x1 mark 0/00000000, 0/00000000 | conn westnet-eastnet-subnets/2x2 mark 0/00000000, 0/00000000 vs | conn westnet-eastnet-subnets/1x2 mark 0/00000000, 0/00000000 | conn westnet-eastnet-subnets/2x2 mark 0/00000000, 0/00000000 vs | conn westnet-eastnet-subnets/1x1 mark 0/00000000, 0/00000000 | route owner of "westnet-eastnet-subnets/2x2" erouted: self; eroute owner: self | route_and_eroute with c: westnet-eastnet-subnets/2x2 (next: none) ero:westnet-eastnet-subnets/2x2 esr:{(nil)} ro:westnet-eastnet-subnets/2x2 rosr:{(nil)} and state: #6 | priority calculation of connection "westnet-eastnet-subnets/2x2" is 0xfe3e5 | eroute_connection replace eroute 192.0.1.128/28:0 --0-> 192.0.2.64/26:0 => tun.0@192.1.2.23>tun.0@192.1.2.23 (raw_eroute) | IPsec Sa SPD priority set to 1041381 | raw_eroute result=success | route_and_eroute: firewall_notified: true | route_and_eroute: instance "westnet-eastnet-subnets/2x2", setting eroute_owner {spd=0x55ebb7f498e8,sr=0x55ebb7f498e8} to #6 (was #5) (newest_ipsec_sa=#5) | #1 spent 0.161 milliseconds in install_ipsec_sa() | emitting 12 zero bytes of encryption padding into ISAKMP Message | no IKEv1 message padding required | emitting length of ISAKMP Message: 76 | inR1_outI2: instance westnet-eastnet-subnets/2x2[0], setting IKEv1 newest_ipsec_sa to #6 (was #5) (spd.eroute=#6) cloned from #1 | DPD: dpd_init() called on IPsec SA | DPD: Peer does not support Dead Peer Detection | complete v1 state transition with STF_OK | [RE]START processing: state #6 connection "westnet-eastnet-subnets/2x2" from 192.1.2.23 (in complete_v1_state_transition() at ikev1.c:2673) | #6 is idle | doing_xauth:no, t_xauth_client_done:no | IKEv1: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2 | child state #6: QUICK_I1(established CHILD SA) => QUICK_I2(established CHILD SA) | event_already_set, deleting event | state #6 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f9968004dd8 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f99600058b8 | sending reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending 76 bytes for STATE_QUICK_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #6) | 58 65 7e 03 6c d2 dc 8b 8c 79 d8 bb 28 3b 88 3a | 08 10 20 01 c0 29 f8 8b 00 00 00 4c 8a 76 1d dd | e9 06 0c d6 f4 b8 91 70 e6 ce a7 c6 6d e5 fa 41 | 2a 73 81 81 23 3e 0d 8c ba 92 c2 6b 78 bc 06 96 | 7c 6d a4 a2 73 5f 68 9c 2c ca d7 08 | !event_already_set at reschedule | event_schedule: new EVENT_SA_REPLACE-pe@0x7f99600058b8 | inserting event EVENT_SA_REPLACE, timeout in 28111 seconds for #6 | libevent_malloc: new ptr-libevent@0x7f99580067b8 size 128 | pstats #6 ikev1.ipsec established | NAT-T: encaps is 'auto' "westnet-eastnet-subnets/2x2" #6: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode {ESP=>0x6f6c28c5 <0xe50ff333 xfrm=AES_CBC_128-HMAC_SHA1_96 NATOA=none NATD=none DPD=passive} | modecfg pull: noquirk policy:push not-client | phase 1 is done, looking for phase 2 to unpend | close_any(fd@24) (in release_whack() at state.c:654) | resume sending helper answer for #6 suppresed complete_v1_state_transition() | #6 spent 0.379 milliseconds in resume sending helper answer | stop processing: state #6 connection "westnet-eastnet-subnets/2x2" from 192.1.2.23 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f995c008f38 | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | FOR_EACH_STATE_... in show_traffic_status (sort_states) | FOR_EACH_STATE_... in sort_states | get_sa_info esp.4a46f032@192.1.2.45 | get_sa_info esp.b2d9847b@192.1.2.23 | get_sa_info esp.fbe27bd0@192.1.2.45 | get_sa_info esp.acb297c8@192.1.2.23 | get_sa_info esp.1b5f9f63@192.1.2.45 | get_sa_info esp.b67af74a@192.1.2.23 | get_sa_info esp.5c64f478@192.1.2.45 | get_sa_info esp.27e839d6@192.1.2.23 | get_sa_info esp.95087394@192.1.2.45 | get_sa_info esp.f4455162@192.1.2.23 | get_sa_info esp.abe58c79@192.1.2.45 | get_sa_info esp.fdd85bd4@192.1.2.23 | get_sa_info esp.fae87546@192.1.2.45 | get_sa_info esp.700402af@192.1.2.23 | get_sa_info esp.e50ff333@192.1.2.45 | get_sa_info esp.6f6c28c5@192.1.2.23 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.17 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | FOR_EACH_CONNECTION_... in show_connections_status | FOR_EACH_CONNECTION_... in show_connections_status | FOR_EACH_STATE_... in show_states_status (sort_states) | FOR_EACH_STATE_... in sort_states | get_sa_info esp.4a46f032@192.1.2.45 | get_sa_info esp.b2d9847b@192.1.2.23 | get_sa_info esp.fbe27bd0@192.1.2.45 | get_sa_info esp.acb297c8@192.1.2.23 | get_sa_info esp.1b5f9f63@192.1.2.45 | get_sa_info esp.b67af74a@192.1.2.23 | get_sa_info esp.5c64f478@192.1.2.45 | get_sa_info esp.27e839d6@192.1.2.23 | get_sa_info esp.95087394@192.1.2.45 | get_sa_info esp.f4455162@192.1.2.23 | get_sa_info esp.abe58c79@192.1.2.45 | get_sa_info esp.fdd85bd4@192.1.2.23 | get_sa_info esp.fae87546@192.1.2.45 | get_sa_info esp.700402af@192.1.2.23 | get_sa_info esp.e50ff333@192.1.2.45 | get_sa_info esp.6f6c28c5@192.1.2.23 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.56 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | FOR_EACH_CONNECTION_... in show_connections_status | FOR_EACH_CONNECTION_... in show_connections_status | FOR_EACH_STATE_... in show_states_status (sort_states) | FOR_EACH_STATE_... in sort_states | get_sa_info esp.4a46f032@192.1.2.45 | get_sa_info esp.b2d9847b@192.1.2.23 | get_sa_info esp.fbe27bd0@192.1.2.45 | get_sa_info esp.acb297c8@192.1.2.23 | get_sa_info esp.1b5f9f63@192.1.2.45 | get_sa_info esp.b67af74a@192.1.2.23 | get_sa_info esp.5c64f478@192.1.2.45 | get_sa_info esp.27e839d6@192.1.2.23 | get_sa_info esp.95087394@192.1.2.45 | get_sa_info esp.f4455162@192.1.2.23 | get_sa_info esp.abe58c79@192.1.2.45 | get_sa_info esp.fdd85bd4@192.1.2.23 | get_sa_info esp.fae87546@192.1.2.45 | get_sa_info esp.700402af@192.1.2.23 | get_sa_info esp.e50ff333@192.1.2.45 | get_sa_info esp.6f6c28c5@192.1.2.23 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 1.15 milliseconds in whack | spent 0.00283 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 92 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | 58 65 7e 03 6c d2 dc 8b 8c 79 d8 bb 28 3b 88 3a | 08 10 05 01 26 8a ea 7d 00 00 00 5c 3b 91 0a a4 | b3 36 e0 b4 fd cd c4 f2 78 4e 86 7a 3d 8e 7a 4a | 0b 20 84 f5 78 85 e9 ab 99 24 4c d9 3f 63 e2 7f | 4b 86 0e 10 c1 b2 de 9e 19 18 37 aa 96 92 20 74 | 2a 90 9d 21 3f 4f 6e 92 e7 cb 5a a0 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 58 65 7e 03 6c d2 dc 8b | responder cookie: | 8c 79 d8 bb 28 3b 88 3a | next payload type: ISAKMP_NEXT_HASH (0x8) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_INFO (0x5) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 646638205 (0x268aea7d) | length: 92 (0x5c) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_INFO (5) | peer and cookies match on #9; msgid=00000000 st_msgid=f697ebe2 st_msgid_phase15=00000000 | peer and cookies match on #8; msgid=00000000 st_msgid=e65ab23a st_msgid_phase15=00000000 | peer and cookies match on #7; msgid=00000000 st_msgid=589c96ee st_msgid_phase15=00000000 | peer and cookies match on #6; msgid=00000000 st_msgid=c029f88b st_msgid_phase15=00000000 | peer and cookies match on #5; msgid=00000000 st_msgid=1bee7841 st_msgid_phase15=00000000 | peer and cookies match on #4; msgid=00000000 st_msgid=9e8f68f5 st_msgid_phase15=00000000 | peer and cookies match on #3; msgid=00000000 st_msgid=8882f851 st_msgid_phase15=00000000 | peer and cookies match on #2; msgid=00000000 st_msgid=68f2343d st_msgid_phase15=00000000 | peer and cookies match on #1; msgid=00000000 st_msgid=00000000 st_msgid_phase15=00000000 | p15 state object #1 found, in STATE_MAIN_I4 | State DB: found IKEv1 state #1 in MAIN_I4 (find_v1_info_state) | start processing: state #1 connection "westnet-eastnet-subnets/2x2" from 192.1.2.23 (in process_v1_packet() at ikev1.c:1479) | #1 is idle | #1 idle | received encrypted packet from 192.1.2.23:500 | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x100 opt: 0x0 | ***parse ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_D (0xc) | length: 36 (0x24) | got payload 0x1000 (ISAKMP_NEXT_D) needed: 0x0 opt: 0x0 | ***parse ISAKMP Delete Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 16 (0x10) | DOI: ISAKMP_DOI_IPSEC (0x1) | protocol ID: 3 (0x3) | SPI size: 4 (0x4) | number of SPIs: 1 (0x1) | removing 12 bytes of padding | informational HASH(1): | f1 ca a8 fc 01 e3 e4 f6 38 f0 2d 28 17 5c 1d 54 | 52 85 e5 b9 9a 20 73 8e d2 23 4d 7f 31 09 80 9f | received 'informational' message HASH(1) data ok | parsing 4 raw bytes of ISAKMP Delete Payload into SPI | SPI 6f 6c 28 c5 | FOR_EACH_STATE_... in find_phase2_state_to_delete | start processing: connection "westnet-eastnet-subnets/2x2" (BACKGROUND) (in accept_delete() at ikev1_main.c:2515) "westnet-eastnet-subnets/2x2" #1: received Delete SA payload: replace IPsec State #6 now | state #6 requesting EVENT_SA_REPLACE to be deleted | libevent_free: release ptr-libevent@0x7f99580067b8 | free_event_entry: release EVENT_SA_REPLACE-pe@0x7f99600058b8 | event_schedule: new EVENT_SA_REPLACE-pe@0x7f99600058b8 | inserting event EVENT_SA_REPLACE, timeout in 0 seconds for #6 | libevent_malloc: new ptr-libevent@0x7f995c008f38 size 128 | stop processing: connection "westnet-eastnet-subnets/2x2" (BACKGROUND) (in accept_delete() at ikev1_main.c:2559) | del: | complete v1 state transition with STF_IGNORE | #1 spent 0.00106 milliseconds in process_packet_tail() | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "westnet-eastnet-subnets/2x2" from 192.1.2.23 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.242 milliseconds in comm_handle_cb() reading and processing packet | timer_event_cb: processing event@0x7f99600058b8 | handling event EVENT_SA_REPLACE for child state #6 | start processing: state #6 connection "westnet-eastnet-subnets/2x2" from 192.1.2.23 (in timer_event_cb() at timer.c:250) | picked newest_ipsec_sa #6 for #6 | replacing stale IPsec SA | dup_any(fd@-1) -> fd@-1 (in ipsecdoi_replace() at ipsec_doi.c:351) | FOR_EACH_STATE_... in find_phase1_state | creating state object #10 at 0x55ebb7f67278 | State DB: adding IKEv1 state #10 in UNDEFINED | pstats #10 ikev1.ipsec started | duplicating state object #1 "westnet-eastnet-subnets/2x2" as #10 for IPSEC SA | #10 setting local endpoint to 192.1.2.45:500 from #1.st_localport (in duplicate_state() at state.c:1484) | suspend processing: state #6 connection "westnet-eastnet-subnets/2x2" from 192.1.2.23 (in quick_outI1() at ikev1_quick.c:685) | start processing: state #10 connection "westnet-eastnet-subnets/2x2" from 192.1.2.23 (in quick_outI1() at ikev1_quick.c:685) | child state #10: UNDEFINED(ignore) => QUICK_I1(established CHILD SA) "westnet-eastnet-subnets/2x2" #10: initiating Quick Mode RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO to replace #6 {using isakmp#1 msgid:ef9d8949 proposal=defaults pfsgroup=MODP2048} | adding quick_outI1 KE work-order 19 for state #10 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55ebb7f572d8 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #10 | libevent_malloc: new ptr-libevent@0x55ebb7f574a8 size 128 | stop processing: state #10 connection "westnet-eastnet-subnets/2x2" from 192.1.2.23 (in quick_outI1() at ikev1_quick.c:764) | resume processing: state #6 connection "westnet-eastnet-subnets/2x2" from 192.1.2.23 (in quick_outI1() at ikev1_quick.c:764) | event_schedule: new EVENT_SA_EXPIRE-pe@0x55ebb7f68c48 | inserting event EVENT_SA_EXPIRE, timeout in 0 seconds for #6 | libevent_malloc: new ptr-libevent@0x55ebb7f573f8 size 128 | libevent_free: release ptr-libevent@0x7f995c008f38 | free_event_entry: release EVENT_SA_REPLACE-pe@0x7f99600058b8 | #6 spent 0.0964 milliseconds in timer_event_cb() EVENT_SA_REPLACE | stop processing: state #6 connection "westnet-eastnet-subnets/2x2" from 192.1.2.23 (in timer_event_cb() at timer.c:557) | timer_event_cb: processing event@0x55ebb7f68c48 | handling event EVENT_SA_EXPIRE for child state #6 | start processing: state #6 connection "westnet-eastnet-subnets/2x2" from 192.1.2.23 (in timer_event_cb() at timer.c:250) | picked newest_ipsec_sa #6 for #6 | un-established partial CHILD SA timeout (SA expired) | pstats #6 ikev1.ipsec re-failed exchange-timeout | pstats #6 ikev1.ipsec deleted completed | [RE]START processing: state #6 connection "westnet-eastnet-subnets/2x2" from 192.1.2.23 (in delete_state() at state.c:879) "westnet-eastnet-subnets/2x2" #6: deleting state (STATE_QUICK_I2) aged 1.385s and sending notification | child state #6: QUICK_I2(established CHILD SA) => delete | get_sa_info esp.6f6c28c5@192.1.2.23 | get_sa_info esp.e50ff333@192.1.2.45 "westnet-eastnet-subnets/2x2" #6: ESP traffic information: in=0B out=0B | #6 send IKEv1 delete notification for STATE_QUICK_I2 | FOR_EACH_STATE_... in find_phase1_state | **emit ISAKMP Message: | initiator cookie: | 58 65 7e 03 6c d2 dc 8b | responder cookie: | 8c 79 d8 bb 28 3b 88 3a | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_INFO (0x5) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 1148962903 (0x447bc857) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'delete msg' | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload | emitting length of ISAKMP Hash Payload: 36 | ***emit ISAKMP Delete Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | DOI: ISAKMP_DOI_IPSEC (0x1) | protocol ID: 3 (0x3) | SPI size: 4 (0x4) | number of SPIs: 1 (0x1) | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Delete Payload (12:ISAKMP_NEXT_D) | next payload chain: saving location 'ISAKMP Delete Payload'.'next payload type' in 'delete msg' | emitting 4 raw bytes of delete payload into ISAKMP Delete Payload | delete payload e5 0f f3 33 | emitting length of ISAKMP Delete Payload: 16 | send delete HASH(1): | 0b f9 b0 ef a6 79 ab 59 da 81 cf 83 db 2c f7 c8 | b1 24 cc 84 a2 5f 32 c4 55 83 01 9f ce 2b f5 94 | emitting 12 zero bytes of encryption padding into ISAKMP Message | no IKEv1 message padding required | emitting length of ISAKMP Message: 92 | sending 92 bytes for delete notify through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1) | 58 65 7e 03 6c d2 dc 8b 8c 79 d8 bb 28 3b 88 3a | 08 10 05 01 44 7b c8 57 00 00 00 5c 6a e1 8a 93 | b5 bc f4 6b 07 d9 3a 48 b6 7a f3 1c 22 28 99 e5 | ad 07 3b fd 19 f4 f6 78 3e ae 70 d0 98 fa 66 b0 | 80 23 99 4f f8 1c 19 90 b3 6e f1 5a ad 81 cb 92 | a3 52 b4 9b fe 15 93 d5 d3 57 f8 e5 | running updown command "ipsec _updown" for verb down | command executing down-client | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-subnets/2x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.128/28' PLUTO_MY_CLIENT_NET='192.0.1.128' PLUTO_MY_CLIENT_MASK='255.255.255.240' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16400' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.64/26' PLUTO_PEER_CLIENT_NET='192.0.2.64' PLUTO_PEER_CLIENT_MASK='255.255.255.192' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566826061' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING= | popen cmd is 1070 chars long | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-s: | cmd( 80):ubnets/2x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2: | cmd( 160):.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.128/28' PLUTO_MY_CLIENT_NET='1: | cmd( 240):92.0.1.128' PLUTO_MY_CLIENT_MASK='255.255.255.240' PLUTO_MY_PORT='0' PLUTO_MY_PR: | cmd( 320):OTOCOL='0' PLUTO_SA_REQID='16400' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PL: | cmd( 400):UTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.64/26' PLUTO_PEER_CLIENT_NET='192: | cmd( 480):.0.2.64' PLUTO_PEER_CLIENT_MASK='255.255.255.192' PLUTO_PEER_PORT='0' PLUTO_PEER: | cmd( 560):_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566826061' P: | cmd( 640):LUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_: | cmd( 720):ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_: | cmd( 800):FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO=': | cmd( 880):' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIG: | cmd( 960):URED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x6f6c28c5 SPI_OUT: | cmd(1040):=0xe50ff333 ipsec _updown 2>&1: | crypto helper 3 resuming | crypto helper 3 starting work-order 19 for state #10 | crypto helper 3 doing build KE and nonce (quick_outI1 KE); request ID 19 | crypto helper 3 finished build KE and nonce (quick_outI1 KE); request ID 19 time elapsed 0.00089 seconds | (#10) spent 0.898 milliseconds in crypto helper computing work-order 19: quick_outI1 KE (pcr) | crypto helper 3 sending results from work-order 19 for state #10 to event queue | scheduling resume sending helper answer for #10 | libevent_malloc: new ptr-libevent@0x7f996000f548 size 128 | crypto helper 3 waiting (nothing to do) | shunt_eroute() called for connection 'westnet-eastnet-subnets/2x2' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 0--0->-0 | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 | priority calculation of connection "westnet-eastnet-subnets/2x2" is 0xfe3e5 | IPsec Sa SPD priority set to 1041381 | delete esp.6f6c28c5@192.1.2.23 | netlink response for Del SA esp.6f6c28c5@192.1.2.23 included non-error error | priority calculation of connection "westnet-eastnet-subnets/2x2" is 0xfe3e5 | delete inbound eroute 192.0.2.64/26:0 --0-> 192.0.1.128/28:0 => unk255.10000@192.1.2.45 (raw_eroute) | raw_eroute result=success | delete esp.e50ff333@192.1.2.45 | netlink response for Del SA esp.e50ff333@192.1.2.45 included non-error error | in connection_discard for connection westnet-eastnet-subnets/2x2 | State DB: deleting IKEv1 state #6 in QUICK_I2 | child state #6: QUICK_I2(established CHILD SA) => UNDEFINED(ignore) | stop processing: state #6 from 192.1.2.23 (in delete_state() at state.c:1143) | libevent_free: release ptr-libevent@0x55ebb7f573f8 | free_event_entry: release EVENT_SA_EXPIRE-pe@0x55ebb7f68c48 | in statetime_stop() and could not find #6 | processing: STOP state #0 (in timer_event_cb() at timer.c:557) | processing resume sending helper answer for #10 | start processing: state #10 connection "westnet-eastnet-subnets/2x2" from 192.1.2.23 (in resume_handler() at server.c:797) | crypto helper 3 replies to request ID 19 | calling continuation function 0x55ebb72bcb50 | quick_outI1_continue for #10: calculated ke+nonce, sending I1 | **emit ISAKMP Message: | initiator cookie: | 58 65 7e 03 6c d2 dc 8b | responder cookie: | 8c 79 d8 bb 28 3b 88 3a | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_QUICK (0x20) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 4020078921 (0xef9d8949) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'reply packet' | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload | emitting length of ISAKMP Hash Payload: 36 | emitting quick defaults using policy none | empty esp_info, returning defaults for ENCRYPT | ***emit ISAKMP Security Association Payload: | next payload type: ISAKMP_NEXT_NONCE (0xa) | DOI: ISAKMP_DOI_IPSEC (0x1) | next payload chain: ignoring supplied 'ISAKMP Security Association Payload'.'next payload type' value 10:ISAKMP_NEXT_NONCE | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Security Association Payload (1:ISAKMP_NEXT_SA) | next payload chain: saving location 'ISAKMP Security Association Payload'.'next payload type' in 'reply packet' | ****emit IPsec DOI SIT: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) | ikev1_out_sa pcn: 0 has 1 valid proposals | ikev1_out_sa pcn: 0 pn: 0<1 valid_count: 1 trans_cnt: 2 | ****emit ISAKMP Proposal Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | proposal number: 0 (0x0) | protocol ID: PROTO_IPSEC_ESP (0x3) | SPI size: 4 (0x4) | number of transforms: 2 (0x2) | last substructure: saving location 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' | netlink_get_spi: allocated 0xe24a4503 for esp.0@192.1.2.45 | emitting 4 raw bytes of SPI into ISAKMP Proposal Payload | SPI e2 4a 45 03 | *****emit ISAKMP Transform Payload (ESP): | next payload type: ISAKMP_NEXT_T (0x3) | ESP transform number: 0 (0x0) | ESP transform ID: ESP_AES (0xc) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+GROUP_DESCRIPTION (0x8003) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+ENCAPSULATION_MODE (0x8004) | length/value: 1 (0x1) | [1 is ENCAPSULATION_MODE_TUNNEL] | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+SA_LIFE_TYPE (0x8001) | length/value: 1 (0x1) | [1 is SA_LIFE_TYPE_SECONDS] | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) | length/value: 28800 (0x7080) | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+AUTH_ALGORITHM (0x8005) | length/value: 2 (0x2) | [2 is AUTH_ALGORITHM_HMAC_SHA1] | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+KEY_LENGTH (0x8006) | length/value: 128 (0x80) | emitting length of ISAKMP Transform Payload (ESP): 32 | *****emit ISAKMP Transform Payload (ESP): | next payload type: ISAKMP_NEXT_NONE (0x0) | ESP transform number: 1 (0x1) | ESP transform ID: ESP_3DES (0x3) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+GROUP_DESCRIPTION (0x8003) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+ENCAPSULATION_MODE (0x8004) | length/value: 1 (0x1) | [1 is ENCAPSULATION_MODE_TUNNEL] | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+SA_LIFE_TYPE (0x8001) | length/value: 1 (0x1) | [1 is SA_LIFE_TYPE_SECONDS] | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) | length/value: 28800 (0x7080) | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+AUTH_ALGORITHM (0x8005) | length/value: 2 (0x2) | [2 is AUTH_ALGORITHM_HMAC_SHA1] | emitting length of ISAKMP Transform Payload (ESP): 28 | emitting length of ISAKMP Proposal Payload: 72 | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' is 0 | emitting length of ISAKMP Security Association Payload: 84 | last substructure: checking 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' is 0 | ***emit ISAKMP Nonce Payload: | next payload type: ISAKMP_NEXT_KE (0x4) | next payload chain: ignoring supplied 'ISAKMP Nonce Payload'.'next payload type' value 4:ISAKMP_NEXT_KE | next payload chain: setting previous 'ISAKMP Security Association Payload'.'next payload type' to current ISAKMP Nonce Payload (10:ISAKMP_NEXT_NONCE) | next payload chain: saving location 'ISAKMP Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of Ni into ISAKMP Nonce Payload | Ni 7d 17 7d 14 cd ac 8d fc 84 c0 c9 ba aa e9 be c6 | Ni 7d 9f c3 b4 42 60 84 ea c1 17 51 01 c8 d9 1e 59 | emitting length of ISAKMP Nonce Payload: 36 | ***emit ISAKMP Key Exchange Payload: | next payload type: ISAKMP_NEXT_ID (0x5) | next payload chain: ignoring supplied 'ISAKMP Key Exchange Payload'.'next payload type' value 5:ISAKMP_NEXT_ID | next payload chain: setting previous 'ISAKMP Nonce Payload'.'next payload type' to current ISAKMP Key Exchange Payload (4:ISAKMP_NEXT_KE) | next payload chain: saving location 'ISAKMP Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of keyex value into ISAKMP Key Exchange Payload | keyex value c7 d9 f5 7d 95 9e 02 b2 02 d1 23 da 90 32 63 2a | keyex value b1 5b 31 46 68 d2 e2 2f c6 cd 5a 71 fe f7 a3 38 | keyex value a8 0c 32 7d 1d 31 cb ed f3 c7 a0 47 6b 1d 2a 48 | keyex value ef 59 d8 56 2b 43 c4 58 06 8d ae 83 7e 4c a3 96 | keyex value e2 a9 93 8d 2d 97 14 c4 02 71 39 53 ad 2e c1 16 | keyex value 8c ba 96 c0 d9 e9 91 76 91 d1 54 71 13 c6 2e a5 | keyex value 28 43 b7 d5 95 2c e5 81 b2 95 95 60 c7 80 a4 db | keyex value 4d 0f ad 9a 81 2c d3 f6 eb 88 3c 13 f0 5b 8b 41 | keyex value b0 4a 90 cf f9 df 94 ba 05 19 9a da 29 4b 3b 8d | keyex value 3f 45 ab fa 50 ed 24 81 bb 74 31 cc cf d8 45 71 | keyex value 41 6c 7a 38 03 3b 7a 2d 5c ad 2c 16 31 cf b5 5b | keyex value 85 c4 87 f7 90 78 4e b6 b6 c7 15 9e 9e 8d 2b 25 | keyex value 04 37 e0 07 c5 23 a0 36 ed 60 2b fb af da cb f3 | keyex value 45 2a 8e 63 8b 10 e6 bc ac 94 fa 84 d7 fe a5 76 | keyex value 71 de 3a 8a 8b 27 cc c7 0c 88 cc 35 3b cf d7 68 | keyex value 86 fd c5 84 3d 94 86 af 5a 51 a1 dd da 90 c1 2d | emitting length of ISAKMP Key Exchange Payload: 260 | ***emit ISAKMP Identification Payload (IPsec DOI): | next payload type: ISAKMP_NEXT_ID (0x5) | ID type: ID_IPV4_ADDR_SUBNET (0x4) | Protocol ID: 0 (0x0) | port: 0 (0x0) | next payload chain: ignoring supplied 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' value 5:ISAKMP_NEXT_ID | next payload chain: setting previous 'ISAKMP Key Exchange Payload'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' | emitting 4 raw bytes of client network into ISAKMP Identification Payload (IPsec DOI) | client network c0 00 01 80 | emitting 4 raw bytes of client mask into ISAKMP Identification Payload (IPsec DOI) | client mask ff ff ff f0 | emitting length of ISAKMP Identification Payload (IPsec DOI): 16 | ***emit ISAKMP Identification Payload (IPsec DOI): | next payload type: ISAKMP_NEXT_NONE (0x0) | ID type: ID_IPV4_ADDR_SUBNET (0x4) | Protocol ID: 0 (0x0) | port: 0 (0x0) | next payload chain: setting previous 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' | emitting 4 raw bytes of client network into ISAKMP Identification Payload (IPsec DOI) | client network c0 00 02 40 | emitting 4 raw bytes of client mask into ISAKMP Identification Payload (IPsec DOI) | client mask ff ff ff c0 | emitting length of ISAKMP Identification Payload (IPsec DOI): 16 | outI1 HASH(1): | b5 3b 99 c1 f5 31 77 c0 72 bd fa cd 58 63 b7 5b | 66 93 d0 3e af 88 d3 26 b4 51 fc 3d 1a d5 95 b1 | no IKEv1 message padding required | emitting length of ISAKMP Message: 476 | sending 476 bytes for reply packet from quick_outI1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #10) | 58 65 7e 03 6c d2 dc 8b 8c 79 d8 bb 28 3b 88 3a | 08 10 20 01 ef 9d 89 49 00 00 01 dc a6 d8 84 05 | 0e 88 c6 87 2c 6a 14 16 d8 81 0c d4 e4 3a b0 d7 | 45 ef d9 b2 aa c2 c6 51 ca c1 9c 2e 89 9a 34 82 | ae 82 3f ab 1f 0b 66 e9 26 45 5f 4a 01 c9 72 a5 | f9 c1 26 0a 7b ca 93 13 57 88 3e 7f eb 52 7a 35 | 9a b4 e0 e3 ff a6 b3 c7 03 fd 59 51 38 d4 25 85 | 03 87 fd 90 5e 13 c0 3f 3a 3e 0d d9 87 aa eb 7b | 32 db d9 9c 86 be a5 1e 14 55 d9 b2 af 0d 32 4f | bb f9 ef 6f eb cf 2b 3d 21 2e a6 23 05 7d 10 22 | 60 94 56 c2 98 47 c2 59 dd f8 39 61 8c 3d bc f3 | d6 40 61 2f 7e 39 6a 71 22 f7 3e 17 4c dd 45 a1 | b2 98 c6 44 34 d5 ea 9e d9 44 71 9f 39 97 d7 82 | 7a 3c 2b 87 da 9c 49 20 0f 75 e4 34 d0 2f 9e e3 | f6 19 79 b5 13 8d ef a4 c1 51 3d 75 de 44 b4 44 | 6f f8 09 76 a0 a7 29 cc 69 53 3b f8 18 fb f6 fb | 66 b2 17 0e 88 c5 99 bb 39 75 34 9c 7b 8c 61 41 | 8f a8 a6 5a 1c 69 d0 ee 4e 46 a9 9a 23 9b 2d 62 | 0a b9 9b c9 c1 0e d5 6f 98 67 2c 74 64 45 b6 64 | 31 26 3e 00 b2 f1 36 62 c9 55 09 f3 9a 61 ad 90 | eb 84 a1 ce 07 11 4c 41 87 0b a3 a5 65 f4 52 ab | 00 1a 54 38 8b 23 5a 08 a9 e1 d8 97 55 f7 af 2a | e7 06 eb ba 38 38 2f 8b 8b c8 92 30 a7 18 80 cd | 16 bb 58 4d 78 b4 0b ac 78 c8 70 95 95 ee 37 ad | 2b 43 6f 5b da f5 d9 9e 6b 0e bf 2f 29 86 ee d7 | 7a db c8 7d 23 92 30 96 46 6e a1 a1 99 0f 3a 27 | 20 ff 23 35 dc 99 45 d8 ae 69 e4 e1 50 9a 70 17 | 53 3a 20 a9 65 43 8a d3 80 9e bd 6b 56 25 44 33 | 8b 5e 42 8f 6c 1c ef 40 12 33 ff e6 d8 b5 55 c6 | 99 71 20 02 ec bc dd 18 48 5f 98 56 | state #10 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x55ebb7f574a8 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55ebb7f572d8 | event_schedule: new EVENT_RETRANSMIT-pe@0x55ebb7f572d8 | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #10 | libevent_malloc: new ptr-libevent@0x55ebb7f72bf8 size 128 | #10 STATE_QUICK_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 11348.964055 | resume sending helper answer for #10 suppresed complete_v1_state_transition() | #10 spent 0.525 milliseconds in resume sending helper answer | stop processing: state #10 connection "westnet-eastnet-subnets/2x2" from 192.1.2.23 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f996000f548 | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00387 milliseconds in signal handler PLUTO_SIGCHLD | spent 0.00247 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 92 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | 58 65 7e 03 6c d2 dc 8b 8c 79 d8 bb 28 3b 88 3a | 08 10 05 01 4f 96 6c cf 00 00 00 5c 20 86 a4 e8 | 26 6e 44 fa 18 4c 1f b2 b8 d9 ef 86 c6 3f a9 00 | 93 d1 12 9b 79 4d 14 33 9a fc 08 87 ee 15 c8 39 | ba 30 ae d1 6f 41 59 79 4d 75 2b 77 03 52 a0 af | 9a 3e 84 ef c1 f6 ac 6d 9f 85 54 c2 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 58 65 7e 03 6c d2 dc 8b | responder cookie: | 8c 79 d8 bb 28 3b 88 3a | next payload type: ISAKMP_NEXT_HASH (0x8) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_INFO (0x5) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 1335258319 (0x4f966ccf) | length: 92 (0x5c) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_INFO (5) | peer and cookies match on #10; msgid=00000000 st_msgid=ef9d8949 st_msgid_phase15=00000000 | peer and cookies match on #9; msgid=00000000 st_msgid=f697ebe2 st_msgid_phase15=00000000 | peer and cookies match on #8; msgid=00000000 st_msgid=e65ab23a st_msgid_phase15=00000000 | peer and cookies match on #7; msgid=00000000 st_msgid=589c96ee st_msgid_phase15=00000000 | peer and cookies match on #5; msgid=00000000 st_msgid=1bee7841 st_msgid_phase15=00000000 | peer and cookies match on #4; msgid=00000000 st_msgid=9e8f68f5 st_msgid_phase15=00000000 | peer and cookies match on #3; msgid=00000000 st_msgid=8882f851 st_msgid_phase15=00000000 | peer and cookies match on #2; msgid=00000000 st_msgid=68f2343d st_msgid_phase15=00000000 | peer and cookies match on #1; msgid=00000000 st_msgid=00000000 st_msgid_phase15=00000000 | p15 state object #1 found, in STATE_MAIN_I4 | State DB: found IKEv1 state #1 in MAIN_I4 (find_v1_info_state) | start processing: state #1 connection "westnet-eastnet-subnets/2x2" from 192.1.2.23 (in process_v1_packet() at ikev1.c:1479) | #1 is idle | #1 idle | received encrypted packet from 192.1.2.23:500 | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x100 opt: 0x0 | ***parse ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_D (0xc) | length: 36 (0x24) | got payload 0x1000 (ISAKMP_NEXT_D) needed: 0x0 opt: 0x0 | ***parse ISAKMP Delete Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 16 (0x10) | DOI: ISAKMP_DOI_IPSEC (0x1) | protocol ID: 3 (0x3) | SPI size: 4 (0x4) | number of SPIs: 1 (0x1) | removing 12 bytes of padding | informational HASH(1): | bc 0f e8 46 bb 41 d8 76 f1 3e 97 2e a6 e2 19 15 | 06 8f 3b 76 9c bc 87 1c 81 6f e3 bc 4e 9e 2b ca | received 'informational' message HASH(1) data ok | parsing 4 raw bytes of ISAKMP Delete Payload into SPI | SPI fd d8 5b d4 | FOR_EACH_STATE_... in find_phase2_state_to_delete | start processing: connection "westnet-eastnet-subnets/2x1" (BACKGROUND) (in accept_delete() at ikev1_main.c:2515) "westnet-eastnet-subnets/2x2" #1: received Delete SA payload: replace IPsec State #7 now | state #7 requesting EVENT_SA_REPLACE to be deleted | libevent_free: release ptr-libevent@0x55ebb7f62ce8 | free_event_entry: release EVENT_SA_REPLACE-pe@0x7f996c004218 | event_schedule: new EVENT_SA_REPLACE-pe@0x7f996c004218 | inserting event EVENT_SA_REPLACE, timeout in 0 seconds for #7 | libevent_malloc: new ptr-libevent@0x7f996000f548 size 128 | stop processing: connection "westnet-eastnet-subnets/2x1" (BACKGROUND) (in accept_delete() at ikev1_main.c:2559) | del: | complete v1 state transition with STF_IGNORE | #1 spent 0.00531 milliseconds in process_packet_tail() | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "westnet-eastnet-subnets/2x2" from 192.1.2.23 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.222 milliseconds in comm_handle_cb() reading and processing packet | timer_event_cb: processing event@0x7f996c004218 | handling event EVENT_SA_REPLACE for child state #7 | start processing: state #7 connection "westnet-eastnet-subnets/2x1" from 192.1.2.23 (in timer_event_cb() at timer.c:250) | picked newest_ipsec_sa #7 for #7 | replacing stale IPsec SA | dup_any(fd@-1) -> fd@-1 (in ipsecdoi_replace() at ipsec_doi.c:351) | FOR_EACH_STATE_... in find_phase1_state | creating state object #11 at 0x55ebb7f58358 | State DB: adding IKEv1 state #11 in UNDEFINED | pstats #11 ikev1.ipsec started | duplicating state object #1 "westnet-eastnet-subnets/2x2" as #11 for IPSEC SA | #11 setting local endpoint to 192.1.2.45:500 from #1.st_localport (in duplicate_state() at state.c:1484) | in connection_discard for connection westnet-eastnet-subnets/2x2 | suspend processing: state #7 connection "westnet-eastnet-subnets/2x1" from 192.1.2.23 (in quick_outI1() at ikev1_quick.c:685) | start processing: state #11 connection "westnet-eastnet-subnets/2x1" from 192.1.2.23 (in quick_outI1() at ikev1_quick.c:685) | child state #11: UNDEFINED(ignore) => QUICK_I1(established CHILD SA) "westnet-eastnet-subnets/2x1" #11: initiating Quick Mode RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO to replace #7 {using isakmp#1 msgid:dc82534f proposal=defaults pfsgroup=MODP2048} | adding quick_outI1 KE work-order 20 for state #11 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55ebb7f68c48 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #11 | libevent_malloc: new ptr-libevent@0x55ebb7f67d68 size 128 | stop processing: state #11 connection "westnet-eastnet-subnets/2x1" from 192.1.2.23 (in quick_outI1() at ikev1_quick.c:764) | resume processing: state #7 connection "westnet-eastnet-subnets/2x1" from 192.1.2.23 (in quick_outI1() at ikev1_quick.c:764) | event_schedule: new EVENT_SA_EXPIRE-pe@0x55ebb7f65bb8 | crypto helper 2 resuming | inserting event EVENT_SA_EXPIRE, timeout in 0 seconds for #7 | libevent_malloc: new ptr-libevent@0x7f995c008f38 size 128 | crypto helper 2 starting work-order 20 for state #11 | libevent_free: release ptr-libevent@0x7f996000f548 | free_event_entry: release EVENT_SA_REPLACE-pe@0x7f996c004218 | crypto helper 2 doing build KE and nonce (quick_outI1 KE); request ID 20 | #7 spent 0.112 milliseconds in timer_event_cb() EVENT_SA_REPLACE | stop processing: state #7 connection "westnet-eastnet-subnets/2x1" from 192.1.2.23 (in timer_event_cb() at timer.c:557) | timer_event_cb: processing event@0x55ebb7f65bb8 | handling event EVENT_SA_EXPIRE for child state #7 | start processing: state #7 connection "westnet-eastnet-subnets/2x1" from 192.1.2.23 (in timer_event_cb() at timer.c:250) | picked newest_ipsec_sa #7 for #7 | un-established partial CHILD SA timeout (SA expired) | pstats #7 ikev1.ipsec re-failed exchange-timeout | pstats #7 ikev1.ipsec deleted completed | [RE]START processing: state #7 connection "westnet-eastnet-subnets/2x1" from 192.1.2.23 (in delete_state() at state.c:879) "westnet-eastnet-subnets/2x1" #7: deleting state (STATE_QUICK_I2) aged 1.398s and sending notification | child state #7: QUICK_I2(established CHILD SA) => delete | get_sa_info esp.fdd85bd4@192.1.2.23 | get_sa_info esp.abe58c79@192.1.2.45 "westnet-eastnet-subnets/2x1" #7: ESP traffic information: in=0B out=0B | #7 send IKEv1 delete notification for STATE_QUICK_I2 | FOR_EACH_STATE_... in find_phase1_state | **emit ISAKMP Message: | initiator cookie: | 58 65 7e 03 6c d2 dc 8b | responder cookie: | 8c 79 d8 bb 28 3b 88 3a | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_INFO (0x5) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 2642219368 (0x9d7d1168) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'delete msg' | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload | emitting length of ISAKMP Hash Payload: 36 | ***emit ISAKMP Delete Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | DOI: ISAKMP_DOI_IPSEC (0x1) | protocol ID: 3 (0x3) | SPI size: 4 (0x4) | number of SPIs: 1 (0x1) | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Delete Payload (12:ISAKMP_NEXT_D) | next payload chain: saving location 'ISAKMP Delete Payload'.'next payload type' in 'delete msg' | emitting 4 raw bytes of delete payload into ISAKMP Delete Payload | delete payload ab e5 8c 79 | emitting length of ISAKMP Delete Payload: 16 | send delete HASH(1): | c5 dc 59 0c 00 cd cf 62 b0 b0 e1 7f 50 a1 c3 f8 | 29 5d bd 32 cf de 7c 06 45 3f 04 0c 0a 75 5a ff | emitting 12 zero bytes of encryption padding into ISAKMP Message | no IKEv1 message padding required | emitting length of ISAKMP Message: 92 | sending 92 bytes for delete notify through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1) | 58 65 7e 03 6c d2 dc 8b 8c 79 d8 bb 28 3b 88 3a | 08 10 05 01 9d 7d 11 68 00 00 00 5c 65 57 c4 a1 | c7 da f0 2f 1f 03 c1 76 cd ab 19 2f 30 69 d4 e7 | 5f 6d 8f bf 3e 84 e7 5b b0 a5 47 a8 22 30 f6 80 | ee e2 e6 46 49 a6 ec 7e bf 03 10 f0 5a d7 97 8a | 36 33 99 63 30 cc 93 e3 1b 3f 20 77 | running updown command "ipsec _updown" for verb down | command executing down-client | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-subnets/2x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.128/28' PLUTO_MY_CLIENT_NET='192.0.1.128' PLUTO_MY_CLIENT_MASK='255.255.255.240' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16396' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.16/28' PLUTO_PEER_CLIENT_NET='192.0.2.16' PLUTO_PEER_CLIENT_MASK='255.255.255.240' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566826061' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING= | popen cmd is 1070 chars long | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-s: | cmd( 80):ubnets/2x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2: | cmd( 160):.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.128/28' PLUTO_MY_CLIENT_NET='1: | cmd( 240):92.0.1.128' PLUTO_MY_CLIENT_MASK='255.255.255.240' PLUTO_MY_PORT='0' PLUTO_MY_PR: | cmd( 320):OTOCOL='0' PLUTO_SA_REQID='16396' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PL: | cmd( 400):UTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.16/28' PLUTO_PEER_CLIENT_NET='192: | cmd( 480):.0.2.16' PLUTO_PEER_CLIENT_MASK='255.255.255.240' PLUTO_PEER_PORT='0' PLUTO_PEER: | cmd( 560):_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566826061' P: | cmd( 640):LUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_: | cmd( 720):ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_: | cmd( 800):FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO=': | cmd( 880):' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIG: | cmd( 960):URED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xfdd85bd4 SPI_OUT: | cmd(1040):=0xabe58c79 ipsec _updown 2>&1: | crypto helper 2 finished build KE and nonce (quick_outI1 KE); request ID 20 time elapsed 0.000877 seconds | (#11) spent 0.816 milliseconds in crypto helper computing work-order 20: quick_outI1 KE (pcr) | crypto helper 2 sending results from work-order 20 for state #11 to event queue | scheduling resume sending helper answer for #11 | libevent_malloc: new ptr-libevent@0x55ebb7f489c8 size 128 | crypto helper 2 waiting (nothing to do) | shunt_eroute() called for connection 'westnet-eastnet-subnets/2x1' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 0--0->-0 | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 | priority calculation of connection "westnet-eastnet-subnets/2x1" is 0xfe3e3 | IPsec Sa SPD priority set to 1041379 | delete esp.fdd85bd4@192.1.2.23 | netlink response for Del SA esp.fdd85bd4@192.1.2.23 included non-error error | priority calculation of connection "westnet-eastnet-subnets/2x1" is 0xfe3e3 | delete inbound eroute 192.0.2.16/28:0 --0-> 192.0.1.128/28:0 => unk255.10000@192.1.2.45 (raw_eroute) | raw_eroute result=success | delete esp.abe58c79@192.1.2.45 | netlink response for Del SA esp.abe58c79@192.1.2.45 included non-error error | in connection_discard for connection westnet-eastnet-subnets/2x1 | State DB: deleting IKEv1 state #7 in QUICK_I2 | child state #7: QUICK_I2(established CHILD SA) => UNDEFINED(ignore) | stop processing: state #7 from 192.1.2.23 (in delete_state() at state.c:1143) | libevent_free: release ptr-libevent@0x7f995c008f38 | free_event_entry: release EVENT_SA_EXPIRE-pe@0x55ebb7f65bb8 | in statetime_stop() and could not find #7 | processing: STOP state #0 (in timer_event_cb() at timer.c:557) | spent 0.00203 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 92 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | 58 65 7e 03 6c d2 dc 8b 8c 79 d8 bb 28 3b 88 3a | 08 10 05 01 32 a4 d3 e4 00 00 00 5c 0b d0 90 c8 | 67 53 36 81 f7 de 55 81 5b b7 f6 17 6a c9 77 ff | e6 da 0d ea 48 48 95 d7 32 0a 48 c5 3e c0 22 29 | 08 81 eb 8f 75 2a 7c f3 46 a4 43 09 64 dd 8f 58 | d2 d6 3c d5 42 3b c2 d2 08 eb f3 47 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 58 65 7e 03 6c d2 dc 8b | responder cookie: | 8c 79 d8 bb 28 3b 88 3a | next payload type: ISAKMP_NEXT_HASH (0x8) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_INFO (0x5) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 849662948 (0x32a4d3e4) | length: 92 (0x5c) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_INFO (5) | peer and cookies match on #11; msgid=00000000 st_msgid=dc82534f st_msgid_phase15=00000000 | peer and cookies match on #10; msgid=00000000 st_msgid=ef9d8949 st_msgid_phase15=00000000 | peer and cookies match on #9; msgid=00000000 st_msgid=f697ebe2 st_msgid_phase15=00000000 | peer and cookies match on #8; msgid=00000000 st_msgid=e65ab23a st_msgid_phase15=00000000 | peer and cookies match on #5; msgid=00000000 st_msgid=1bee7841 st_msgid_phase15=00000000 | peer and cookies match on #4; msgid=00000000 st_msgid=9e8f68f5 st_msgid_phase15=00000000 | peer and cookies match on #3; msgid=00000000 st_msgid=8882f851 st_msgid_phase15=00000000 | peer and cookies match on #2; msgid=00000000 st_msgid=68f2343d st_msgid_phase15=00000000 | peer and cookies match on #1; msgid=00000000 st_msgid=00000000 st_msgid_phase15=00000000 | p15 state object #1 found, in STATE_MAIN_I4 | State DB: found IKEv1 state #1 in MAIN_I4 (find_v1_info_state) | start processing: state #1 connection "westnet-eastnet-subnets/2x2" from 192.1.2.23 (in process_v1_packet() at ikev1.c:1479) | #1 is idle | #1 idle | received encrypted packet from 192.1.2.23:500 | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x100 opt: 0x0 | ***parse ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_D (0xc) | length: 36 (0x24) | got payload 0x1000 (ISAKMP_NEXT_D) needed: 0x0 opt: 0x0 | ***parse ISAKMP Delete Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 16 (0x10) | DOI: ISAKMP_DOI_IPSEC (0x1) | protocol ID: 3 (0x3) | SPI size: 4 (0x4) | number of SPIs: 1 (0x1) | removing 12 bytes of padding | informational HASH(1): | 80 cf 9f 4d 91 d0 f0 68 57 1d b6 b5 f0 c5 53 44 | 7c 29 5d 20 9e 28 48 34 83 e1 dd 8d 40 31 32 53 | received 'informational' message HASH(1) data ok | parsing 4 raw bytes of ISAKMP Delete Payload into SPI | SPI 27 e8 39 d6 | FOR_EACH_STATE_... in find_phase2_state_to_delete | start processing: connection "westnet-eastnet-subnets/1x2" (BACKGROUND) (in accept_delete() at ikev1_main.c:2515) "westnet-eastnet-subnets/2x2" #1: received Delete SA payload: replace IPsec State #8 now | state #8 requesting EVENT_SA_REPLACE to be deleted | libevent_free: release ptr-libevent@0x55ebb7f62d98 | free_event_entry: release EVENT_SA_REPLACE-pe@0x55ebb7f59a18 | event_schedule: new EVENT_SA_REPLACE-pe@0x55ebb7f59a18 | inserting event EVENT_SA_REPLACE, timeout in 0 seconds for #8 | libevent_malloc: new ptr-libevent@0x55ebb7f6a7c8 size 128 | stop processing: connection "westnet-eastnet-subnets/1x2" (BACKGROUND) (in accept_delete() at ikev1_main.c:2559) | del: | complete v1 state transition with STF_IGNORE | #1 spent 0.00498 milliseconds in process_packet_tail() | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "westnet-eastnet-subnets/2x2" from 192.1.2.23 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.227 milliseconds in comm_handle_cb() reading and processing packet | processing resume sending helper answer for #11 | start processing: state #11 connection "westnet-eastnet-subnets/2x1" from 192.1.2.23 (in resume_handler() at server.c:797) | crypto helper 2 replies to request ID 20 | calling continuation function 0x55ebb72bcb50 | quick_outI1_continue for #11: calculated ke+nonce, sending I1 | **emit ISAKMP Message: | initiator cookie: | 58 65 7e 03 6c d2 dc 8b | responder cookie: | 8c 79 d8 bb 28 3b 88 3a | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_QUICK (0x20) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 3699528527 (0xdc82534f) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'reply packet' | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload | emitting length of ISAKMP Hash Payload: 36 | emitting quick defaults using policy none | empty esp_info, returning defaults for ENCRYPT | ***emit ISAKMP Security Association Payload: | next payload type: ISAKMP_NEXT_NONCE (0xa) | DOI: ISAKMP_DOI_IPSEC (0x1) | next payload chain: ignoring supplied 'ISAKMP Security Association Payload'.'next payload type' value 10:ISAKMP_NEXT_NONCE | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Security Association Payload (1:ISAKMP_NEXT_SA) | next payload chain: saving location 'ISAKMP Security Association Payload'.'next payload type' in 'reply packet' | ****emit IPsec DOI SIT: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) | ikev1_out_sa pcn: 0 has 1 valid proposals | ikev1_out_sa pcn: 0 pn: 0<1 valid_count: 1 trans_cnt: 2 | ****emit ISAKMP Proposal Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | proposal number: 0 (0x0) | protocol ID: PROTO_IPSEC_ESP (0x3) | SPI size: 4 (0x4) | number of transforms: 2 (0x2) | last substructure: saving location 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' | netlink_get_spi: allocated 0xa338cb63 for esp.0@192.1.2.45 | emitting 4 raw bytes of SPI into ISAKMP Proposal Payload | SPI a3 38 cb 63 | *****emit ISAKMP Transform Payload (ESP): | next payload type: ISAKMP_NEXT_T (0x3) | ESP transform number: 0 (0x0) | ESP transform ID: ESP_AES (0xc) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+GROUP_DESCRIPTION (0x8003) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+ENCAPSULATION_MODE (0x8004) | length/value: 1 (0x1) | [1 is ENCAPSULATION_MODE_TUNNEL] | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+SA_LIFE_TYPE (0x8001) | length/value: 1 (0x1) | [1 is SA_LIFE_TYPE_SECONDS] | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) | length/value: 28800 (0x7080) | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+AUTH_ALGORITHM (0x8005) | length/value: 2 (0x2) | [2 is AUTH_ALGORITHM_HMAC_SHA1] | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+KEY_LENGTH (0x8006) | length/value: 128 (0x80) | emitting length of ISAKMP Transform Payload (ESP): 32 | *****emit ISAKMP Transform Payload (ESP): | next payload type: ISAKMP_NEXT_NONE (0x0) | ESP transform number: 1 (0x1) | ESP transform ID: ESP_3DES (0x3) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+GROUP_DESCRIPTION (0x8003) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+ENCAPSULATION_MODE (0x8004) | length/value: 1 (0x1) | [1 is ENCAPSULATION_MODE_TUNNEL] | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+SA_LIFE_TYPE (0x8001) | length/value: 1 (0x1) | [1 is SA_LIFE_TYPE_SECONDS] | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) | length/value: 28800 (0x7080) | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+AUTH_ALGORITHM (0x8005) | length/value: 2 (0x2) | [2 is AUTH_ALGORITHM_HMAC_SHA1] | emitting length of ISAKMP Transform Payload (ESP): 28 | emitting length of ISAKMP Proposal Payload: 72 | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' is 0 | emitting length of ISAKMP Security Association Payload: 84 | last substructure: checking 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' is 0 | ***emit ISAKMP Nonce Payload: | next payload type: ISAKMP_NEXT_KE (0x4) | next payload chain: ignoring supplied 'ISAKMP Nonce Payload'.'next payload type' value 4:ISAKMP_NEXT_KE | next payload chain: setting previous 'ISAKMP Security Association Payload'.'next payload type' to current ISAKMP Nonce Payload (10:ISAKMP_NEXT_NONCE) | next payload chain: saving location 'ISAKMP Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of Ni into ISAKMP Nonce Payload | Ni 1d 95 3b cc 20 f9 18 8c 1c c7 62 d0 9d 80 a2 f5 | Ni 4e e5 81 a4 87 09 7a 23 b4 5a 85 57 a6 16 1a da | emitting length of ISAKMP Nonce Payload: 36 | ***emit ISAKMP Key Exchange Payload: | next payload type: ISAKMP_NEXT_ID (0x5) | next payload chain: ignoring supplied 'ISAKMP Key Exchange Payload'.'next payload type' value 5:ISAKMP_NEXT_ID | next payload chain: setting previous 'ISAKMP Nonce Payload'.'next payload type' to current ISAKMP Key Exchange Payload (4:ISAKMP_NEXT_KE) | next payload chain: saving location 'ISAKMP Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of keyex value into ISAKMP Key Exchange Payload | keyex value 3f 9e cf a4 e0 36 54 05 af e8 25 2b fc 5d 37 2c | keyex value fc 28 16 68 a4 df 16 95 b0 0f f4 1f 83 1e 96 fb | keyex value 23 d2 2a 60 22 61 aa 94 c3 b1 f7 9a f3 9d 0c 10 | keyex value 39 41 e6 fa dd 98 41 9b 72 16 5a df 31 1a 08 cc | keyex value db ef d4 3d 1d 98 35 e1 4b 40 81 7b bc 26 f8 16 | keyex value c5 1b cd 80 3b 17 67 d0 7f 5d df b6 bb 0a a8 d0 | keyex value ab 07 ea 02 5f 76 b3 b3 d9 fa 59 53 08 8e d5 e1 | keyex value 87 72 69 7a 3e 66 a4 03 1a 29 16 06 2b 30 a3 f1 | keyex value 2c 07 be 83 b4 5a 61 09 73 2d 47 38 db b1 d1 20 | keyex value 16 22 3e 73 2f bf f4 0e 14 86 3e 52 ca a6 4f ae | keyex value 49 d0 84 2e 9e 69 13 1c dd ac 0d fd 14 70 24 26 | keyex value e3 0d 05 00 8a 5b a9 e4 65 4a 0e dc 1c da 86 62 | keyex value e4 35 76 b3 0f 1f 5b c5 7d 55 14 b0 dd 9a 5d bf | keyex value c9 a8 91 b3 70 36 93 a5 04 9c 7b a6 37 0a 8d af | keyex value 16 10 89 ba f1 18 20 97 8b 93 43 28 16 de 7f 63 | keyex value 5a e5 72 03 46 6e 91 a7 76 86 36 ac 8e 33 9d d7 | emitting length of ISAKMP Key Exchange Payload: 260 | ***emit ISAKMP Identification Payload (IPsec DOI): | next payload type: ISAKMP_NEXT_ID (0x5) | ID type: ID_IPV4_ADDR_SUBNET (0x4) | Protocol ID: 0 (0x0) | port: 0 (0x0) | next payload chain: ignoring supplied 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' value 5:ISAKMP_NEXT_ID | next payload chain: setting previous 'ISAKMP Key Exchange Payload'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' | emitting 4 raw bytes of client network into ISAKMP Identification Payload (IPsec DOI) | client network c0 00 01 80 | emitting 4 raw bytes of client mask into ISAKMP Identification Payload (IPsec DOI) | client mask ff ff ff f0 | emitting length of ISAKMP Identification Payload (IPsec DOI): 16 | ***emit ISAKMP Identification Payload (IPsec DOI): | next payload type: ISAKMP_NEXT_NONE (0x0) | ID type: ID_IPV4_ADDR_SUBNET (0x4) | Protocol ID: 0 (0x0) | port: 0 (0x0) | next payload chain: setting previous 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' | emitting 4 raw bytes of client network into ISAKMP Identification Payload (IPsec DOI) | client network c0 00 02 10 | emitting 4 raw bytes of client mask into ISAKMP Identification Payload (IPsec DOI) | client mask ff ff ff f0 | emitting length of ISAKMP Identification Payload (IPsec DOI): 16 | outI1 HASH(1): | 55 51 5c 91 87 0f 3d 73 0a 4e df b0 c5 97 19 d3 | 4c 3f 05 63 96 1d 49 0c 55 a2 a2 d3 7f 81 a4 d9 | no IKEv1 message padding required | emitting length of ISAKMP Message: 476 | sending 476 bytes for reply packet from quick_outI1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #11) | 58 65 7e 03 6c d2 dc 8b 8c 79 d8 bb 28 3b 88 3a | 08 10 20 01 dc 82 53 4f 00 00 01 dc 2b 07 f8 7b | c2 ba fe 89 15 2d a9 4f 40 a4 e8 8e 28 14 08 e0 | 5a 1e be 1b 2f 95 5a cb 40 c2 4a ee 28 4b a9 52 | 31 96 09 eb b9 ee d8 be 6a 4b 3a f6 78 52 15 c5 | ee 4b 3d ff d2 f7 5b 89 d3 01 48 fc 1c a5 cb d5 | 2f 67 7f 7f 9e a4 23 9c 02 2d 07 68 80 85 96 1e | 4c 3e d2 96 3c 0b 8f e1 fd 18 15 af 10 75 9c 24 | b6 9f 16 e2 e9 d6 85 32 89 e9 f2 d9 52 77 9f 19 | 6e a8 e7 ed a3 6a 4a 99 5f 33 c1 ab 7f ab 08 01 | 8b 39 00 2c cc 17 22 93 58 63 61 5b af 60 f3 35 | 3a 32 6b e6 13 0d 9f d9 a2 44 8e ae a4 4f 84 d7 | 87 b1 ca 10 bb ee 55 be 38 d7 2d b1 8e 9b 2f 61 | 33 51 11 1a 53 3f b5 e0 b7 05 a5 10 4f ab 3e 8b | 53 61 b5 fe 40 7a 1f 2a a9 55 4a 3d e8 4b 89 48 | 2a 21 5a f4 8e 90 3d 1e c0 f9 76 e5 21 36 2a aa | 60 54 8d 76 e8 3b eb 28 f8 84 b8 bc 96 9d 9d be | fc 04 83 81 5b ff c3 00 77 c6 ee 4a 12 ee a6 51 | 7c ce 53 6b 29 85 1b 45 9b 2f 51 be 25 62 f3 d7 | 45 17 47 b2 b5 2a e7 f9 41 d9 c0 06 95 6d ed ed | 19 08 67 a5 5f 15 fc cc b5 b1 da 0e 1c 5c 19 86 | fb ab a2 ce 33 b6 b0 3d 22 3a 1a 1f 04 8e aa 73 | e5 29 12 99 13 39 cb 54 8c 75 c0 d3 7a 49 1f 59 | d2 99 d0 a5 1c c1 e8 71 af 1b 57 cb aa d7 3b 0d | 8d 15 87 2f 6b ba d5 6e 89 fa 0b 68 ba 24 32 03 | d0 a8 68 09 11 64 7e af 2b 31 3f 45 92 ca e5 40 | 44 3a fb 1b 97 9e 39 be 5c 33 e7 6b d7 a0 c5 c5 | d6 f0 47 35 02 46 46 02 e0 5a 13 93 f8 fb ba fb | d1 1b 4f ac e0 06 a0 f4 79 5d 08 95 af 18 21 9f | af 7f a7 19 18 c3 55 bf e5 42 67 25 | state #11 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x55ebb7f67d68 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55ebb7f68c48 | event_schedule: new EVENT_RETRANSMIT-pe@0x55ebb7f68c48 | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #11 | libevent_malloc: new ptr-libevent@0x55ebb7f62d98 size 128 | #11 STATE_QUICK_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 11348.976877 | resume sending helper answer for #11 suppresed complete_v1_state_transition() | #11 spent 0.471 milliseconds in resume sending helper answer | stop processing: state #11 connection "westnet-eastnet-subnets/2x1" from 192.1.2.23 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x55ebb7f489c8 | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00322 milliseconds in signal handler PLUTO_SIGCHLD | timer_event_cb: processing event@0x55ebb7f59a18 | handling event EVENT_SA_REPLACE for child state #8 | start processing: state #8 connection "westnet-eastnet-subnets/1x2" from 192.1.2.23 (in timer_event_cb() at timer.c:250) | picked newest_ipsec_sa #8 for #8 | replacing stale IPsec SA | dup_any(fd@-1) -> fd@-1 (in ipsecdoi_replace() at ipsec_doi.c:351) | FOR_EACH_STATE_... in find_phase1_state | creating state object #12 at 0x55ebb7f65d38 | State DB: adding IKEv1 state #12 in UNDEFINED | pstats #12 ikev1.ipsec started | duplicating state object #1 "westnet-eastnet-subnets/2x2" as #12 for IPSEC SA | #12 setting local endpoint to 192.1.2.45:500 from #1.st_localport (in duplicate_state() at state.c:1484) | in connection_discard for connection westnet-eastnet-subnets/2x2 | suspend processing: state #8 connection "westnet-eastnet-subnets/1x2" from 192.1.2.23 (in quick_outI1() at ikev1_quick.c:685) | start processing: state #12 connection "westnet-eastnet-subnets/1x2" from 192.1.2.23 (in quick_outI1() at ikev1_quick.c:685) | child state #12: UNDEFINED(ignore) => QUICK_I1(established CHILD SA) "westnet-eastnet-subnets/1x2" #12: initiating Quick Mode RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO to replace #8 {using isakmp#1 msgid:a61bdbc4 proposal=defaults pfsgroup=MODP2048} | adding quick_outI1 KE work-order 21 for state #12 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55ebb7f65bb8 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #12 | libevent_malloc: new ptr-libevent@0x55ebb7f489c8 size 128 | stop processing: state #12 connection "westnet-eastnet-subnets/1x2" from 192.1.2.23 (in quick_outI1() at ikev1_quick.c:764) | resume processing: state #8 connection "westnet-eastnet-subnets/1x2" from 192.1.2.23 (in quick_outI1() at ikev1_quick.c:764) | crypto helper 4 resuming | event_schedule: new EVENT_SA_EXPIRE-pe@0x55ebb7f69048 | inserting event EVENT_SA_EXPIRE, timeout in 0 seconds for #8 | libevent_malloc: new ptr-libevent@0x55ebb7f62ce8 size 128 | libevent_free: release ptr-libevent@0x55ebb7f6a7c8 | free_event_entry: release EVENT_SA_REPLACE-pe@0x55ebb7f59a18 | crypto helper 4 starting work-order 21 for state #12 | #8 spent 0.11 milliseconds in timer_event_cb() EVENT_SA_REPLACE | crypto helper 4 doing build KE and nonce (quick_outI1 KE); request ID 21 | stop processing: state #8 connection "westnet-eastnet-subnets/1x2" from 192.1.2.23 (in timer_event_cb() at timer.c:557) | timer_event_cb: processing event@0x55ebb7f69048 | handling event EVENT_SA_EXPIRE for child state #8 | start processing: state #8 connection "westnet-eastnet-subnets/1x2" from 192.1.2.23 (in timer_event_cb() at timer.c:250) | picked newest_ipsec_sa #8 for #8 | un-established partial CHILD SA timeout (SA expired) | pstats #8 ikev1.ipsec re-failed exchange-timeout | pstats #8 ikev1.ipsec deleted completed | [RE]START processing: state #8 connection "westnet-eastnet-subnets/1x2" from 192.1.2.23 (in delete_state() at state.c:879) "westnet-eastnet-subnets/1x2" #8: deleting state (STATE_QUICK_I2) aged 1.410s and sending notification | child state #8: QUICK_I2(established CHILD SA) => delete | get_sa_info esp.27e839d6@192.1.2.23 | get_sa_info esp.5c64f478@192.1.2.45 "westnet-eastnet-subnets/1x2" #8: ESP traffic information: in=0B out=0B | #8 send IKEv1 delete notification for STATE_QUICK_I2 | FOR_EACH_STATE_... in find_phase1_state | **emit ISAKMP Message: | initiator cookie: | 58 65 7e 03 6c d2 dc 8b | responder cookie: | 8c 79 d8 bb 28 3b 88 3a | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_INFO (0x5) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 194586965 (0xb992955) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'delete msg' | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload | emitting length of ISAKMP Hash Payload: 36 | ***emit ISAKMP Delete Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | DOI: ISAKMP_DOI_IPSEC (0x1) | protocol ID: 3 (0x3) | SPI size: 4 (0x4) | number of SPIs: 1 (0x1) | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Delete Payload (12:ISAKMP_NEXT_D) | next payload chain: saving location 'ISAKMP Delete Payload'.'next payload type' in 'delete msg' | emitting 4 raw bytes of delete payload into ISAKMP Delete Payload | delete payload 5c 64 f4 78 | emitting length of ISAKMP Delete Payload: 16 | send delete HASH(1): | ec 98 d5 57 83 88 f8 07 6e ab 51 70 50 18 2f 65 | 01 23 6a 09 67 67 bb 0a 86 2b f1 28 ea e4 9f ee | emitting 12 zero bytes of encryption padding into ISAKMP Message | no IKEv1 message padding required | emitting length of ISAKMP Message: 92 | sending 92 bytes for delete notify through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1) | 58 65 7e 03 6c d2 dc 8b 8c 79 d8 bb 28 3b 88 3a | 08 10 05 01 0b 99 29 55 00 00 00 5c 75 3c 39 3b | 17 87 61 cd 11 bf 95 d5 b8 d6 25 fc b0 0b 6c 1f | 85 09 68 95 d0 a1 00 b1 4f 15 8b 91 b2 f5 b1 ec | 05 83 92 07 91 96 2c e8 41 d2 e0 95 14 cf 52 b6 | d4 dc f8 f1 09 a0 9d 83 28 f8 ec 4f | running updown command "ipsec _updown" for verb down | command executing down-client | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-subnets/1x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/28' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.240' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.64/26' PLUTO_PEER_CLIENT_NET='192.0.2.64' PLUTO_PEER_CLIENT_MASK='255.255.255.192' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566826061' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' | popen cmd is 1066 chars long | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-s: | cmd( 80):ubnets/1x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2: | cmd( 160):.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/28' PLUTO_MY_CLIENT_NET='192: | cmd( 240):.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.240' PLUTO_MY_PORT='0' PLUTO_MY_PROTOC: | cmd( 320):OL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_: | cmd( 400):PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.64/26' PLUTO_PEER_CLIENT_NET='192.0.2: | cmd( 480):.64' PLUTO_PEER_CLIENT_MASK='255.255.255.192' PLUTO_PEER_PORT='0' PLUTO_PEER_PRO: | cmd( 560):TOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566826061' PLUTO: | cmd( 640):_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLO: | cmd( 720):W+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAIL: | cmd( 800):ED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PL: | cmd( 880):UTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED: | cmd( 960):='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x27e839d6 SPI_OUT=0x5: | cmd(1040):c64f478 ipsec _updown 2>&1: | crypto helper 4 finished build KE and nonce (quick_outI1 KE); request ID 21 time elapsed 0.001093 seconds | (#12) spent 1.1 milliseconds in crypto helper computing work-order 21: quick_outI1 KE (pcr) | crypto helper 4 sending results from work-order 21 for state #12 to event queue | scheduling resume sending helper answer for #12 | libevent_malloc: new ptr-libevent@0x7f9964009cd8 size 128 | crypto helper 4 waiting (nothing to do) | shunt_eroute() called for connection 'westnet-eastnet-subnets/1x2' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 0--0->-0 | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 | priority calculation of connection "westnet-eastnet-subnets/1x2" is 0xfe3e5 | IPsec Sa SPD priority set to 1041381 | delete esp.27e839d6@192.1.2.23 | netlink response for Del SA esp.27e839d6@192.1.2.23 included non-error error | priority calculation of connection "westnet-eastnet-subnets/1x2" is 0xfe3e5 | delete inbound eroute 192.0.2.64/26:0 --0-> 192.0.1.0/28:0 => unk255.10000@192.1.2.45 (raw_eroute) | raw_eroute result=success | delete esp.5c64f478@192.1.2.45 | netlink response for Del SA esp.5c64f478@192.1.2.45 included non-error error | in connection_discard for connection westnet-eastnet-subnets/1x2 | State DB: deleting IKEv1 state #8 in QUICK_I2 | child state #8: QUICK_I2(established CHILD SA) => UNDEFINED(ignore) | stop processing: state #8 from 192.1.2.23 (in delete_state() at state.c:1143) | libevent_free: release ptr-libevent@0x55ebb7f62ce8 | free_event_entry: release EVENT_SA_EXPIRE-pe@0x55ebb7f69048 | in statetime_stop() and could not find #8 | processing: STOP state #0 (in timer_event_cb() at timer.c:557) | spent 0.00269 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 92 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | 58 65 7e 03 6c d2 dc 8b 8c 79 d8 bb 28 3b 88 3a | 08 10 05 01 2e 9a ae 6c 00 00 00 5c 75 1a 7f ba | 07 6d ca f4 0b 53 0f 7c e1 41 ed 9d 19 0c 05 4b | fa 91 b0 6c 4c 4f dd 8a d2 e9 68 d3 9a a8 25 97 | a7 3e e6 5f a9 d5 5b f5 93 aa 01 71 30 9b 60 09 | 65 a9 13 c1 3c 8b 06 ec 03 68 81 3c | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 58 65 7e 03 6c d2 dc 8b | responder cookie: | 8c 79 d8 bb 28 3b 88 3a | next payload type: ISAKMP_NEXT_HASH (0x8) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_INFO (0x5) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 781889132 (0x2e9aae6c) | length: 92 (0x5c) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_INFO (5) | peer and cookies match on #12; msgid=00000000 st_msgid=a61bdbc4 st_msgid_phase15=00000000 | peer and cookies match on #11; msgid=00000000 st_msgid=dc82534f st_msgid_phase15=00000000 | peer and cookies match on #10; msgid=00000000 st_msgid=ef9d8949 st_msgid_phase15=00000000 | peer and cookies match on #9; msgid=00000000 st_msgid=f697ebe2 st_msgid_phase15=00000000 | peer and cookies match on #5; msgid=00000000 st_msgid=1bee7841 st_msgid_phase15=00000000 | peer and cookies match on #4; msgid=00000000 st_msgid=9e8f68f5 st_msgid_phase15=00000000 | peer and cookies match on #3; msgid=00000000 st_msgid=8882f851 st_msgid_phase15=00000000 | peer and cookies match on #2; msgid=00000000 st_msgid=68f2343d st_msgid_phase15=00000000 | peer and cookies match on #1; msgid=00000000 st_msgid=00000000 st_msgid_phase15=00000000 | p15 state object #1 found, in STATE_MAIN_I4 | State DB: found IKEv1 state #1 in MAIN_I4 (find_v1_info_state) | start processing: state #1 connection "westnet-eastnet-subnets/2x2" from 192.1.2.23 (in process_v1_packet() at ikev1.c:1479) | #1 is idle | #1 idle | received encrypted packet from 192.1.2.23:500 | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x100 opt: 0x0 | ***parse ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_D (0xc) | length: 36 (0x24) | got payload 0x1000 (ISAKMP_NEXT_D) needed: 0x0 opt: 0x0 | ***parse ISAKMP Delete Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 16 (0x10) | DOI: ISAKMP_DOI_IPSEC (0x1) | protocol ID: 3 (0x3) | SPI size: 4 (0x4) | number of SPIs: 1 (0x1) | removing 12 bytes of padding | informational HASH(1): | a4 b1 dc 35 db 97 da 43 07 5e d5 a8 55 7e 64 22 | 04 b4 45 6b 6e e5 bb 97 d7 8e ef 65 30 59 81 24 | received 'informational' message HASH(1) data ok | parsing 4 raw bytes of ISAKMP Delete Payload into SPI | SPI ac b2 97 c8 | FOR_EACH_STATE_... in find_phase2_state_to_delete | start processing: connection "westnet-eastnet-subnets/1x1" (BACKGROUND) (in accept_delete() at ikev1_main.c:2515) "westnet-eastnet-subnets/2x2" #1: received Delete SA payload: replace IPsec State #9 now | state #9 requesting EVENT_SA_REPLACE to be deleted | libevent_free: release ptr-libevent@0x55ebb7f69458 | free_event_entry: release EVENT_SA_REPLACE-pe@0x55ebb7f51a28 | event_schedule: new EVENT_SA_REPLACE-pe@0x55ebb7f51a28 | inserting event EVENT_SA_REPLACE, timeout in 0 seconds for #9 | libevent_malloc: new ptr-libevent@0x55ebb7f67d68 size 128 | stop processing: connection "westnet-eastnet-subnets/1x1" (BACKGROUND) (in accept_delete() at ikev1_main.c:2559) | del: | complete v1 state transition with STF_IGNORE | #1 spent 0.00461 milliseconds in process_packet_tail() | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "westnet-eastnet-subnets/2x2" from 192.1.2.23 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.253 milliseconds in comm_handle_cb() reading and processing packet | processing resume sending helper answer for #12 | start processing: state #12 connection "westnet-eastnet-subnets/1x2" from 192.1.2.23 (in resume_handler() at server.c:797) | crypto helper 4 replies to request ID 21 | calling continuation function 0x55ebb72bcb50 | quick_outI1_continue for #12: calculated ke+nonce, sending I1 | **emit ISAKMP Message: | initiator cookie: | 58 65 7e 03 6c d2 dc 8b | responder cookie: | 8c 79 d8 bb 28 3b 88 3a | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_QUICK (0x20) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 2786843588 (0xa61bdbc4) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'reply packet' | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload | emitting length of ISAKMP Hash Payload: 36 | emitting quick defaults using policy none | empty esp_info, returning defaults for ENCRYPT | ***emit ISAKMP Security Association Payload: | next payload type: ISAKMP_NEXT_NONCE (0xa) | DOI: ISAKMP_DOI_IPSEC (0x1) | next payload chain: ignoring supplied 'ISAKMP Security Association Payload'.'next payload type' value 10:ISAKMP_NEXT_NONCE | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Security Association Payload (1:ISAKMP_NEXT_SA) | next payload chain: saving location 'ISAKMP Security Association Payload'.'next payload type' in 'reply packet' | ****emit IPsec DOI SIT: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) | ikev1_out_sa pcn: 0 has 1 valid proposals | ikev1_out_sa pcn: 0 pn: 0<1 valid_count: 1 trans_cnt: 2 | ****emit ISAKMP Proposal Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | proposal number: 0 (0x0) | protocol ID: PROTO_IPSEC_ESP (0x3) | SPI size: 4 (0x4) | number of transforms: 2 (0x2) | last substructure: saving location 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' | netlink_get_spi: allocated 0xb0ec7d92 for esp.0@192.1.2.45 | emitting 4 raw bytes of SPI into ISAKMP Proposal Payload | SPI b0 ec 7d 92 | *****emit ISAKMP Transform Payload (ESP): | next payload type: ISAKMP_NEXT_T (0x3) | ESP transform number: 0 (0x0) | ESP transform ID: ESP_AES (0xc) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+GROUP_DESCRIPTION (0x8003) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+ENCAPSULATION_MODE (0x8004) | length/value: 1 (0x1) | [1 is ENCAPSULATION_MODE_TUNNEL] | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+SA_LIFE_TYPE (0x8001) | length/value: 1 (0x1) | [1 is SA_LIFE_TYPE_SECONDS] | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) | length/value: 28800 (0x7080) | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+AUTH_ALGORITHM (0x8005) | length/value: 2 (0x2) | [2 is AUTH_ALGORITHM_HMAC_SHA1] | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+KEY_LENGTH (0x8006) | length/value: 128 (0x80) | emitting length of ISAKMP Transform Payload (ESP): 32 | *****emit ISAKMP Transform Payload (ESP): | next payload type: ISAKMP_NEXT_NONE (0x0) | ESP transform number: 1 (0x1) | ESP transform ID: ESP_3DES (0x3) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+GROUP_DESCRIPTION (0x8003) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+ENCAPSULATION_MODE (0x8004) | length/value: 1 (0x1) | [1 is ENCAPSULATION_MODE_TUNNEL] | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+SA_LIFE_TYPE (0x8001) | length/value: 1 (0x1) | [1 is SA_LIFE_TYPE_SECONDS] | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) | length/value: 28800 (0x7080) | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+AUTH_ALGORITHM (0x8005) | length/value: 2 (0x2) | [2 is AUTH_ALGORITHM_HMAC_SHA1] | emitting length of ISAKMP Transform Payload (ESP): 28 | emitting length of ISAKMP Proposal Payload: 72 | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' is 0 | emitting length of ISAKMP Security Association Payload: 84 | last substructure: checking 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' is 0 | ***emit ISAKMP Nonce Payload: | next payload type: ISAKMP_NEXT_KE (0x4) | next payload chain: ignoring supplied 'ISAKMP Nonce Payload'.'next payload type' value 4:ISAKMP_NEXT_KE | next payload chain: setting previous 'ISAKMP Security Association Payload'.'next payload type' to current ISAKMP Nonce Payload (10:ISAKMP_NEXT_NONCE) | next payload chain: saving location 'ISAKMP Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of Ni into ISAKMP Nonce Payload | Ni aa b9 bf 0a 35 ef 0c ac 8f 15 ef 7e ee 1e 1b 8c | Ni e4 ec ba ba 0e a0 72 2d c3 20 d6 03 d8 ae ee 3c | emitting length of ISAKMP Nonce Payload: 36 | ***emit ISAKMP Key Exchange Payload: | next payload type: ISAKMP_NEXT_ID (0x5) | next payload chain: ignoring supplied 'ISAKMP Key Exchange Payload'.'next payload type' value 5:ISAKMP_NEXT_ID | next payload chain: setting previous 'ISAKMP Nonce Payload'.'next payload type' to current ISAKMP Key Exchange Payload (4:ISAKMP_NEXT_KE) | next payload chain: saving location 'ISAKMP Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of keyex value into ISAKMP Key Exchange Payload | keyex value c9 a6 25 11 48 77 8d dc 3b bd 3d 01 be 4c 0d 36 | keyex value ed 31 d5 53 5a b0 67 49 ea b9 86 bb b7 67 6e 5e | keyex value 16 ad b6 0a 7f fa e7 c4 12 f5 b0 d6 22 fd 1f 30 | keyex value 87 f8 51 c5 c9 47 54 4d 67 fd 27 6a 6e c6 4a 7c | keyex value f6 9e e9 7c 42 e4 22 bc 2c e5 a9 7f 4f 84 1d 92 | keyex value 8f 68 98 1c 6e 7f 41 bd 16 a6 77 51 56 fa a3 11 | keyex value 08 4d d6 03 0a 38 0b 34 ce 60 5f c7 57 f4 0a e5 | keyex value 53 90 d4 08 b4 ec d8 61 ca 89 93 13 c1 db 0e eb | keyex value 83 32 3e 0d c1 35 eb 24 6e b1 32 60 9e 50 c6 10 | keyex value de a4 99 85 28 a4 e5 1e 67 a0 ea 0e 5c 24 6a 39 | keyex value 17 f6 a6 d5 a0 92 5e 92 13 0b 99 49 39 79 47 81 | keyex value 17 8c ba 2a de 07 89 be e8 32 a6 c5 c6 0a ce 9e | keyex value 9e 1a 4a 4d c3 16 e7 fa 1e e4 a6 c7 50 73 8e c7 | keyex value 99 c7 65 e9 c7 ac dd 48 78 a1 e2 1c a4 f5 1e b9 | keyex value e0 5f 93 0f db 79 5e d8 6d 7c 65 90 e0 1c 91 e7 | keyex value d6 79 d5 d7 28 3d 93 e1 39 f1 f9 03 3d 73 79 ca | emitting length of ISAKMP Key Exchange Payload: 260 | ***emit ISAKMP Identification Payload (IPsec DOI): | next payload type: ISAKMP_NEXT_ID (0x5) | ID type: ID_IPV4_ADDR_SUBNET (0x4) | Protocol ID: 0 (0x0) | port: 0 (0x0) | next payload chain: ignoring supplied 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' value 5:ISAKMP_NEXT_ID | next payload chain: setting previous 'ISAKMP Key Exchange Payload'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' | emitting 4 raw bytes of client network into ISAKMP Identification Payload (IPsec DOI) | client network c0 00 01 00 | emitting 4 raw bytes of client mask into ISAKMP Identification Payload (IPsec DOI) | client mask ff ff ff f0 | emitting length of ISAKMP Identification Payload (IPsec DOI): 16 | ***emit ISAKMP Identification Payload (IPsec DOI): | next payload type: ISAKMP_NEXT_NONE (0x0) | ID type: ID_IPV4_ADDR_SUBNET (0x4) | Protocol ID: 0 (0x0) | port: 0 (0x0) | next payload chain: setting previous 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' | emitting 4 raw bytes of client network into ISAKMP Identification Payload (IPsec DOI) | client network c0 00 02 40 | emitting 4 raw bytes of client mask into ISAKMP Identification Payload (IPsec DOI) | client mask ff ff ff c0 | emitting length of ISAKMP Identification Payload (IPsec DOI): 16 | outI1 HASH(1): | 93 32 1d 07 58 33 1a f0 51 96 0e d0 15 55 dd 84 | 4f 0b 00 a7 f8 43 75 c7 10 09 68 fe c2 43 41 58 | no IKEv1 message padding required | emitting length of ISAKMP Message: 476 | sending 476 bytes for reply packet from quick_outI1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #12) | 58 65 7e 03 6c d2 dc 8b 8c 79 d8 bb 28 3b 88 3a | 08 10 20 01 a6 1b db c4 00 00 01 dc 38 60 60 ba | 08 30 90 3d 1e a9 98 54 6d a8 c4 fa 9b 6b fe 3c | d9 e5 52 94 77 10 69 39 ae 06 23 b0 c7 9c d7 56 | 9a 9f 12 f0 93 78 5e 50 4b 4b d7 b1 2d 57 00 37 | fe 14 0b 35 c7 51 7d dd 97 7b f7 54 fa 94 a0 94 | 9a 7c 12 8e 7b 57 ea 4c 8e 7d d6 ed c1 0f 07 e8 | 6b ac 77 b0 93 bc a5 00 0b 64 8a ca 96 aa c4 ba | a7 35 97 79 86 e1 44 b4 18 cf 31 df aa eb e6 b4 | 6a cc d5 ec a0 d4 9a 95 ec 19 fc a3 07 49 b4 b4 | 5a b2 5f 9c 0b 2f 2b 04 f2 c2 c2 04 87 be 52 aa | 35 02 4f 24 e1 01 12 73 b9 51 6c aa b1 68 a6 89 | 30 12 17 3f 6e ad 9e 56 e4 24 9d 76 7b 1f c2 c9 | f1 12 9e 80 27 9f db b4 68 e5 2a b1 5c dd 1b 7c | b2 d5 a4 7b 2e 84 2b f3 45 a9 41 15 e6 23 74 a6 | c4 30 ec 76 da 4b ff d8 61 32 78 a3 6b 0a 68 27 | d0 4d 14 ed f5 66 e9 86 9b d0 ce 38 b2 c9 e5 6e | db a8 03 29 97 1d d8 c0 a7 21 93 3e 9b c6 0d e3 | 55 dc 94 86 17 26 90 f1 af 59 26 66 bf 67 51 97 | 34 e5 c5 76 bd 1a 4e 44 6d 48 db 1e 2e 96 21 62 | e5 65 50 57 a7 7e eb 93 59 33 b8 23 26 ca 30 70 | 38 d0 b0 cc 3f a3 be a3 b1 66 f6 da 50 71 41 85 | d1 9b f5 ed 78 4d df 3b c2 6f 11 41 e4 5d 52 52 | c5 76 4b 5a 0b f1 96 48 a8 ed 90 55 12 aa fc 18 | db b5 fd 8d 46 ea 83 cf 20 33 3f 79 d6 e9 e8 fd | 71 12 40 ac 41 bb 6b 64 d6 eb 83 eb 85 12 e2 4d | 2c 2c 89 1d bd 17 d6 93 b6 6d 9e bb 70 81 c2 b5 | d9 d4 0b ba 1e 3a 27 25 c0 71 01 bf d0 c8 a9 94 | bd af 14 d8 a9 25 ed 03 92 4c fa 16 d0 ef 62 c8 | 47 43 25 ef b6 8c 13 d2 db 64 c5 86 | state #12 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x55ebb7f489c8 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55ebb7f65bb8 | event_schedule: new EVENT_RETRANSMIT-pe@0x55ebb7f65bb8 | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #12 | libevent_malloc: new ptr-libevent@0x55ebb7f62ce8 size 128 | #12 STATE_QUICK_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 11348.991743 | resume sending helper answer for #12 suppresed complete_v1_state_transition() | #12 spent 0.511 milliseconds in resume sending helper answer | stop processing: state #12 connection "westnet-eastnet-subnets/1x2" from 192.1.2.23 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f9964009cd8 | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00434 milliseconds in signal handler PLUTO_SIGCHLD | timer_event_cb: processing event@0x55ebb7f51a28 | handling event EVENT_SA_REPLACE for child state #9 | start processing: state #9 connection "westnet-eastnet-subnets/1x1" from 192.1.2.23 (in timer_event_cb() at timer.c:250) | picked newest_ipsec_sa #9 for #9 | replacing stale IPsec SA | dup_any(fd@-1) -> fd@-1 (in ipsecdoi_replace() at ipsec_doi.c:351) | FOR_EACH_STATE_... in find_phase1_state | creating state object #13 at 0x55ebb7f67e18 | State DB: adding IKEv1 state #13 in UNDEFINED | pstats #13 ikev1.ipsec started | duplicating state object #1 "westnet-eastnet-subnets/2x2" as #13 for IPSEC SA | #13 setting local endpoint to 192.1.2.45:500 from #1.st_localport (in duplicate_state() at state.c:1484) | in connection_discard for connection westnet-eastnet-subnets/2x2 | suspend processing: state #9 connection "westnet-eastnet-subnets/1x1" from 192.1.2.23 (in quick_outI1() at ikev1_quick.c:685) | start processing: state #13 connection "westnet-eastnet-subnets/1x1" from 192.1.2.23 (in quick_outI1() at ikev1_quick.c:685) | child state #13: UNDEFINED(ignore) => QUICK_I1(established CHILD SA) "westnet-eastnet-subnets/1x1" #13: initiating Quick Mode RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO to replace #9 {using isakmp#1 msgid:c38d4499 proposal=defaults pfsgroup=MODP2048} | adding quick_outI1 KE work-order 22 for state #13 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55ebb7f69048 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #13 | libevent_malloc: new ptr-libevent@0x7f9964009cd8 size 128 | stop processing: state #13 connection "westnet-eastnet-subnets/1x1" from 192.1.2.23 (in quick_outI1() at ikev1_quick.c:764) | resume processing: state #9 connection "westnet-eastnet-subnets/1x1" from 192.1.2.23 (in quick_outI1() at ikev1_quick.c:764) | crypto helper 0 resuming | crypto helper 0 starting work-order 22 for state #13 | event_schedule: new EVENT_SA_EXPIRE-pe@0x55ebb7f59a18 | inserting event EVENT_SA_EXPIRE, timeout in 0 seconds for #9 | libevent_malloc: new ptr-libevent@0x55ebb7f6a7c8 size 128 | libevent_free: release ptr-libevent@0x55ebb7f67d68 | free_event_entry: release EVENT_SA_REPLACE-pe@0x55ebb7f51a28 | #9 spent 0.12 milliseconds in timer_event_cb() EVENT_SA_REPLACE | stop processing: state #9 connection "westnet-eastnet-subnets/1x1" from 192.1.2.23 (in timer_event_cb() at timer.c:557) | timer_event_cb: processing event@0x55ebb7f59a18 | handling event EVENT_SA_EXPIRE for child state #9 | start processing: state #9 connection "westnet-eastnet-subnets/1x1" from 192.1.2.23 (in timer_event_cb() at timer.c:250) | picked newest_ipsec_sa #9 for #9 | un-established partial CHILD SA timeout (SA expired) | pstats #9 ikev1.ipsec re-failed exchange-timeout | pstats #9 ikev1.ipsec deleted completed | [RE]START processing: state #9 connection "westnet-eastnet-subnets/1x1" from 192.1.2.23 (in delete_state() at state.c:879) "westnet-eastnet-subnets/1x1" #9: deleting state (STATE_QUICK_I2) aged 1.425s and sending notification | child state #9: QUICK_I2(established CHILD SA) => delete | get_sa_info esp.acb297c8@192.1.2.23 | get_sa_info esp.fbe27bd0@192.1.2.45 "westnet-eastnet-subnets/1x1" #9: ESP traffic information: in=0B out=0B | #9 send IKEv1 delete notification for STATE_QUICK_I2 | FOR_EACH_STATE_... in find_phase1_state | **emit ISAKMP Message: | initiator cookie: | 58 65 7e 03 6c d2 dc 8b | responder cookie: | 8c 79 d8 bb 28 3b 88 3a | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_INFO (0x5) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 1318739942 (0x4e9a5fe6) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'delete msg' | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload | emitting length of ISAKMP Hash Payload: 36 | ***emit ISAKMP Delete Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | DOI: ISAKMP_DOI_IPSEC (0x1) | protocol ID: 3 (0x3) | SPI size: 4 (0x4) | number of SPIs: 1 (0x1) | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Delete Payload (12:ISAKMP_NEXT_D) | next payload chain: saving location 'ISAKMP Delete Payload'.'next payload type' in 'delete msg' | emitting 4 raw bytes of delete payload into ISAKMP Delete Payload | delete payload fb e2 7b d0 | emitting length of ISAKMP Delete Payload: 16 | send delete HASH(1): | 49 93 7b 55 c6 9f 16 11 70 0d 77 94 be cd e3 76 | e6 19 d8 02 1c c5 b1 6d 42 c8 65 06 70 e8 8c 7d | emitting 12 zero bytes of encryption padding into ISAKMP Message | no IKEv1 message padding required | emitting length of ISAKMP Message: 92 | sending 92 bytes for delete notify through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1) | 58 65 7e 03 6c d2 dc 8b 8c 79 d8 bb 28 3b 88 3a | 08 10 05 01 4e 9a 5f e6 00 00 00 5c 24 6e a3 d3 | 08 18 85 18 b7 1e f3 6e 39 db d2 42 cf 28 77 70 | 68 41 cb 8b 57 ce 6b 26 33 a6 bb b1 92 bd ba a5 | eb a6 22 9b 27 db d5 9e 25 5d 95 f1 9c 90 84 89 | 0f 68 1e 01 91 d3 25 18 84 2c 71 9b | running updown command "ipsec _updown" for verb down | command executing down-client | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-subnets/1x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/28' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.240' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.16/28' PLUTO_PEER_CLIENT_NET='192.0.2.16' PLUTO_PEER_CLIENT_MASK='255.255.255.240' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566826061' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' | popen cmd is 1066 chars long | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-s: | cmd( 80):ubnets/1x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2: | cmd( 160):.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/28' PLUTO_MY_CLIENT_NET='192: | cmd( 240):.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.240' PLUTO_MY_PORT='0' PLUTO_MY_PROTOC: | cmd( 320):OL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_: | cmd( 400):PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.16/28' PLUTO_PEER_CLIENT_NET='192.0.2: | cmd( 480):.16' PLUTO_PEER_CLIENT_MASK='255.255.255.240' PLUTO_PEER_PORT='0' PLUTO_PEER_PRO: | cmd( 560):TOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566826061' PLUTO: | cmd( 640):_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLO: | cmd( 720):W+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAIL: | cmd( 800):ED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PL: | cmd( 880):UTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED: | cmd( 960):='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xacb297c8 SPI_OUT=0xf: | cmd(1040):be27bd0 ipsec _updown 2>&1: | crypto helper 0 doing build KE and nonce (quick_outI1 KE); request ID 22 | crypto helper 0 finished build KE and nonce (quick_outI1 KE); request ID 22 time elapsed 0.001825 seconds | (#13) spent 1.04 milliseconds in crypto helper computing work-order 22: quick_outI1 KE (pcr) | crypto helper 0 sending results from work-order 22 for state #13 to event queue | scheduling resume sending helper answer for #13 | libevent_malloc: new ptr-libevent@0x7f9970008d88 size 128 | crypto helper 0 waiting (nothing to do) | shunt_eroute() called for connection 'westnet-eastnet-subnets/1x1' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 0--0->-0 | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 | priority calculation of connection "westnet-eastnet-subnets/1x1" is 0xfe3e3 | IPsec Sa SPD priority set to 1041379 | delete esp.acb297c8@192.1.2.23 | netlink response for Del SA esp.acb297c8@192.1.2.23 included non-error error | priority calculation of connection "westnet-eastnet-subnets/1x1" is 0xfe3e3 | delete inbound eroute 192.0.2.16/28:0 --0-> 192.0.1.0/28:0 => unk255.10000@192.1.2.45 (raw_eroute) | raw_eroute result=success | delete esp.fbe27bd0@192.1.2.45 | netlink response for Del SA esp.fbe27bd0@192.1.2.45 included non-error error | in connection_discard for connection westnet-eastnet-subnets/1x1 | State DB: deleting IKEv1 state #9 in QUICK_I2 | child state #9: QUICK_I2(established CHILD SA) => UNDEFINED(ignore) | stop processing: state #9 from 192.1.2.23 (in delete_state() at state.c:1143) | libevent_free: release ptr-libevent@0x55ebb7f6a7c8 | free_event_entry: release EVENT_SA_EXPIRE-pe@0x55ebb7f59a18 | in statetime_stop() and could not find #9 | processing: STOP state #0 (in timer_event_cb() at timer.c:557) | spent 0.00209 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 92 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | 58 65 7e 03 6c d2 dc 8b 8c 79 d8 bb 28 3b 88 3a | 08 10 05 01 25 e1 f1 82 00 00 00 5c 9c 79 91 16 | e1 12 2e e5 95 77 1b 80 9e 7e 42 80 b7 c5 a2 fa | c7 7c e5 96 bd 84 1f 7b ce fd cf 5c 42 86 cc e6 | 8d 40 e9 38 ed fa 37 9c 4b af f2 42 1e 1d a1 f0 | 55 fb 8d 43 fd 91 46 d9 b8 9e f7 99 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 58 65 7e 03 6c d2 dc 8b | responder cookie: | 8c 79 d8 bb 28 3b 88 3a | next payload type: ISAKMP_NEXT_HASH (0x8) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_INFO (0x5) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 635564418 (0x25e1f182) | length: 92 (0x5c) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_INFO (5) | peer and cookies match on #13; msgid=00000000 st_msgid=c38d4499 st_msgid_phase15=00000000 | peer and cookies match on #12; msgid=00000000 st_msgid=a61bdbc4 st_msgid_phase15=00000000 | peer and cookies match on #11; msgid=00000000 st_msgid=dc82534f st_msgid_phase15=00000000 | peer and cookies match on #10; msgid=00000000 st_msgid=ef9d8949 st_msgid_phase15=00000000 | peer and cookies match on #5; msgid=00000000 st_msgid=1bee7841 st_msgid_phase15=00000000 | peer and cookies match on #4; msgid=00000000 st_msgid=9e8f68f5 st_msgid_phase15=00000000 | peer and cookies match on #3; msgid=00000000 st_msgid=8882f851 st_msgid_phase15=00000000 | peer and cookies match on #2; msgid=00000000 st_msgid=68f2343d st_msgid_phase15=00000000 | peer and cookies match on #1; msgid=00000000 st_msgid=00000000 st_msgid_phase15=00000000 | p15 state object #1 found, in STATE_MAIN_I4 | State DB: found IKEv1 state #1 in MAIN_I4 (find_v1_info_state) | start processing: state #1 connection "westnet-eastnet-subnets/2x2" from 192.1.2.23 (in process_v1_packet() at ikev1.c:1479) | #1 is idle | #1 idle | received encrypted packet from 192.1.2.23:500 | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x100 opt: 0x0 | ***parse ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_D (0xc) | length: 36 (0x24) | got payload 0x1000 (ISAKMP_NEXT_D) needed: 0x0 opt: 0x0 | ***parse ISAKMP Delete Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 16 (0x10) | DOI: ISAKMP_DOI_IPSEC (0x1) | protocol ID: 3 (0x3) | SPI size: 4 (0x4) | number of SPIs: 1 (0x1) | removing 12 bytes of padding | informational HASH(1): | 9e f9 0f 0f 66 55 c3 b8 55 d0 cd 23 83 e3 d3 5e | 66 76 38 a3 2f d8 37 97 7c a4 4c 37 12 29 ff 93 | received 'informational' message HASH(1) data ok | parsing 4 raw bytes of ISAKMP Delete Payload into SPI | SPI b6 7a f7 4a | FOR_EACH_STATE_... in find_phase2_state_to_delete | start processing: connection "westnet-eastnet-subnets/1x2" (BACKGROUND) (in accept_delete() at ikev1_main.c:2515) "westnet-eastnet-subnets/2x2" #1: received Delete SA(0xb67af74a) payload: deleting IPsec State #3 | pstats #3 ikev1.ipsec deleted completed | suspend processing: state #1 connection "westnet-eastnet-subnets/2x2" from 192.1.2.23 (in delete_state() at state.c:879) | start processing: state #3 connection "westnet-eastnet-subnets/1x2" from 192.1.2.23 (in delete_state() at state.c:879) "westnet-eastnet-subnets/1x2" #3: deleting other state #3 connection (STATE_QUICK_I2) "westnet-eastnet-subnets/1x2" aged 6.791s and sending notification | child state #3: QUICK_I2(established CHILD SA) => delete | get_sa_info esp.b67af74a@192.1.2.23 | get_sa_info esp.1b5f9f63@192.1.2.45 "westnet-eastnet-subnets/1x2" #3: ESP traffic information: in=0B out=0B | #3 send IKEv1 delete notification for STATE_QUICK_I2 | FOR_EACH_STATE_... in find_phase1_state | **emit ISAKMP Message: | initiator cookie: | 58 65 7e 03 6c d2 dc 8b | responder cookie: | 8c 79 d8 bb 28 3b 88 3a | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_INFO (0x5) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 1361752226 (0x512ab0a2) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'delete msg' | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload | emitting length of ISAKMP Hash Payload: 36 | ***emit ISAKMP Delete Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | DOI: ISAKMP_DOI_IPSEC (0x1) | protocol ID: 3 (0x3) | SPI size: 4 (0x4) | number of SPIs: 1 (0x1) | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Delete Payload (12:ISAKMP_NEXT_D) | next payload chain: saving location 'ISAKMP Delete Payload'.'next payload type' in 'delete msg' | emitting 4 raw bytes of delete payload into ISAKMP Delete Payload | delete payload 1b 5f 9f 63 | emitting length of ISAKMP Delete Payload: 16 | send delete HASH(1): | 5f 43 71 88 80 45 27 ba bb 0e 89 55 85 60 0b cd | 13 5a 41 f5 4b bf 4a ec 70 e4 7b 42 38 f5 81 78 | emitting 12 zero bytes of encryption padding into ISAKMP Message | no IKEv1 message padding required | emitting length of ISAKMP Message: 92 | sending 92 bytes for delete notify through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1) | 58 65 7e 03 6c d2 dc 8b 8c 79 d8 bb 28 3b 88 3a | 08 10 05 01 51 2a b0 a2 00 00 00 5c d5 61 5d f0 | c6 ff e4 92 e4 80 aa 47 57 53 cf 0d c0 f6 5f c4 | a7 63 5c 7f 25 da c3 d2 7f 17 1f e7 d1 81 50 50 | fb 29 1f 2f 18 94 f3 5b a9 ec 17 52 46 c8 51 d4 | 87 f1 e3 df d6 c3 08 9a b9 03 08 fe | state #3 requesting EVENT_SA_REPLACE to be deleted | libevent_free: release ptr-libevent@0x55ebb7f48918 | free_event_entry: release EVENT_SA_REPLACE-pe@0x55ebb7f4cfa8 | delete esp.b67af74a@192.1.2.23 | netlink response for Del SA esp.b67af74a@192.1.2.23 included non-error error | priority calculation of connection "westnet-eastnet-subnets/1x2" is 0xfe3e5 | delete inbound eroute 192.0.2.64/26:0 --0-> 192.0.1.0/28:0 => unk255.10000@192.1.2.45 (raw_eroute) | raw_eroute result=success | delete esp.1b5f9f63@192.1.2.45 | netlink response for Del SA esp.1b5f9f63@192.1.2.45 included non-error error | stop processing: connection "westnet-eastnet-subnets/1x2" (BACKGROUND) (in update_state_connection() at connections.c:4076) | start processing: connection NULL (in update_state_connection() at connections.c:4077) | in connection_discard for connection westnet-eastnet-subnets/1x2 | State DB: deleting IKEv1 state #3 in QUICK_I2 | child state #3: QUICK_I2(established CHILD SA) => UNDEFINED(ignore) | stop processing: state #3 from 192.1.2.23 (in delete_state() at state.c:1143) | resume processing: state #1 connection "westnet-eastnet-subnets/2x2" from 192.1.2.23 (in delete_state() at state.c:1143) | connection 'westnet-eastnet-subnets/1x2' -POLICY_UP | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | state #13 | state #12 | suspend processing: state #1 connection "westnet-eastnet-subnets/2x2" from 192.1.2.23 (in foreach_state_by_connection_func_delete() at state.c:1310) | start processing: state #12 connection "westnet-eastnet-subnets/1x2" from 192.1.2.23 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #12 ikev1.ipsec deleted other | [RE]START processing: state #12 connection "westnet-eastnet-subnets/1x2" from 192.1.2.23 (in delete_state() at state.c:879) "westnet-eastnet-subnets/1x2" #12: deleting state (STATE_QUICK_I1) aged 0.032s and NOT sending notification | child state #12: QUICK_I1(established CHILD SA) => delete | child state #12: QUICK_I1(established CHILD SA) => CHILDSA_DEL(informational) | state #12 requesting EVENT_RETRANSMIT to be deleted | #12 STATE_CHILDSA_DEL: retransmits: cleared | libevent_free: release ptr-libevent@0x55ebb7f62ce8 | free_event_entry: release EVENT_RETRANSMIT-pe@0x55ebb7f65bb8 | priority calculation of connection "westnet-eastnet-subnets/1x2" is 0xfe3e5 | delete inbound eroute 192.0.2.64/26:0 --0-> 192.0.1.0/28:0 => unk255.10000@192.1.2.45 (raw_eroute) | raw_eroute result=success | in connection_discard for connection westnet-eastnet-subnets/1x2 | State DB: deleting IKEv1 state #12 in CHILDSA_DEL | child state #12: CHILDSA_DEL(informational) => UNDEFINED(ignore) | stop processing: state #12 from 192.1.2.23 (in delete_state() at state.c:1143) | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | resume processing: state #1 connection "westnet-eastnet-subnets/2x2" from 192.1.2.23 (in foreach_state_by_connection_func_delete() at state.c:1312) | state #11 | state #10 | state #5 | state #4 | state #2 | state #1 | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | state #13 | state #11 | state #10 | state #5 | state #4 | state #2 | state #1 | processing: STOP connection NULL (in accept_delete() at ikev1_main.c:2556) | processing: STOP connection NULL (in accept_delete() at ikev1_main.c:2559) | del: | in statetime_start() with no state | complete v1 state transition with STF_IGNORE | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "westnet-eastnet-subnets/2x2" from 192.1.2.23 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.577 milliseconds in comm_handle_cb() reading and processing packet | processing resume sending helper answer for #13 | start processing: state #13 connection "westnet-eastnet-subnets/1x1" from 192.1.2.23 (in resume_handler() at server.c:797) | crypto helper 0 replies to request ID 22 | calling continuation function 0x55ebb72bcb50 | quick_outI1_continue for #13: calculated ke+nonce, sending I1 | **emit ISAKMP Message: | initiator cookie: | 58 65 7e 03 6c d2 dc 8b | responder cookie: | 8c 79 d8 bb 28 3b 88 3a | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_QUICK (0x20) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 3280815257 (0xc38d4499) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'reply packet' | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload | emitting length of ISAKMP Hash Payload: 36 | emitting quick defaults using policy none | empty esp_info, returning defaults for ENCRYPT | ***emit ISAKMP Security Association Payload: | next payload type: ISAKMP_NEXT_NONCE (0xa) | DOI: ISAKMP_DOI_IPSEC (0x1) | next payload chain: ignoring supplied 'ISAKMP Security Association Payload'.'next payload type' value 10:ISAKMP_NEXT_NONCE | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Security Association Payload (1:ISAKMP_NEXT_SA) | next payload chain: saving location 'ISAKMP Security Association Payload'.'next payload type' in 'reply packet' | ****emit IPsec DOI SIT: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) | ikev1_out_sa pcn: 0 has 1 valid proposals | ikev1_out_sa pcn: 0 pn: 0<1 valid_count: 1 trans_cnt: 2 | ****emit ISAKMP Proposal Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | proposal number: 0 (0x0) | protocol ID: PROTO_IPSEC_ESP (0x3) | SPI size: 4 (0x4) | number of transforms: 2 (0x2) | last substructure: saving location 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' | netlink_get_spi: allocated 0x9401cb9c for esp.0@192.1.2.45 | emitting 4 raw bytes of SPI into ISAKMP Proposal Payload | SPI 94 01 cb 9c | *****emit ISAKMP Transform Payload (ESP): | next payload type: ISAKMP_NEXT_T (0x3) | ESP transform number: 0 (0x0) | ESP transform ID: ESP_AES (0xc) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+GROUP_DESCRIPTION (0x8003) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+ENCAPSULATION_MODE (0x8004) | length/value: 1 (0x1) | [1 is ENCAPSULATION_MODE_TUNNEL] | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+SA_LIFE_TYPE (0x8001) | length/value: 1 (0x1) | [1 is SA_LIFE_TYPE_SECONDS] | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) | length/value: 28800 (0x7080) | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+AUTH_ALGORITHM (0x8005) | length/value: 2 (0x2) | [2 is AUTH_ALGORITHM_HMAC_SHA1] | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+KEY_LENGTH (0x8006) | length/value: 128 (0x80) | emitting length of ISAKMP Transform Payload (ESP): 32 | *****emit ISAKMP Transform Payload (ESP): | next payload type: ISAKMP_NEXT_NONE (0x0) | ESP transform number: 1 (0x1) | ESP transform ID: ESP_3DES (0x3) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+GROUP_DESCRIPTION (0x8003) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+ENCAPSULATION_MODE (0x8004) | length/value: 1 (0x1) | [1 is ENCAPSULATION_MODE_TUNNEL] | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+SA_LIFE_TYPE (0x8001) | length/value: 1 (0x1) | [1 is SA_LIFE_TYPE_SECONDS] | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) | length/value: 28800 (0x7080) | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+AUTH_ALGORITHM (0x8005) | length/value: 2 (0x2) | [2 is AUTH_ALGORITHM_HMAC_SHA1] | emitting length of ISAKMP Transform Payload (ESP): 28 | emitting length of ISAKMP Proposal Payload: 72 | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' is 0 | emitting length of ISAKMP Security Association Payload: 84 | last substructure: checking 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' is 0 | ***emit ISAKMP Nonce Payload: | next payload type: ISAKMP_NEXT_KE (0x4) | next payload chain: ignoring supplied 'ISAKMP Nonce Payload'.'next payload type' value 4:ISAKMP_NEXT_KE | next payload chain: setting previous 'ISAKMP Security Association Payload'.'next payload type' to current ISAKMP Nonce Payload (10:ISAKMP_NEXT_NONCE) | next payload chain: saving location 'ISAKMP Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of Ni into ISAKMP Nonce Payload | Ni 07 68 d6 a1 e7 0a e2 d2 a7 fd 0f 59 6b 92 02 d6 | Ni 38 c1 c9 02 f5 c7 10 7f b8 51 fc 8d 35 06 92 c5 | emitting length of ISAKMP Nonce Payload: 36 | ***emit ISAKMP Key Exchange Payload: | next payload type: ISAKMP_NEXT_ID (0x5) | next payload chain: ignoring supplied 'ISAKMP Key Exchange Payload'.'next payload type' value 5:ISAKMP_NEXT_ID | next payload chain: setting previous 'ISAKMP Nonce Payload'.'next payload type' to current ISAKMP Key Exchange Payload (4:ISAKMP_NEXT_KE) | next payload chain: saving location 'ISAKMP Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of keyex value into ISAKMP Key Exchange Payload | keyex value 37 d2 95 dd 52 ec 75 1e b7 88 fb 54 86 aa ab 00 | keyex value 67 68 ae 0c 85 ec 04 1f 91 82 0c 19 74 1a dd 31 | keyex value 6c 57 48 14 ff 2c d6 af 93 27 91 86 be 4c e6 e2 | keyex value be ab bf 87 01 f8 60 ba 14 d3 a1 68 a4 71 51 95 | keyex value 63 a3 f0 d4 bb d8 bc 92 0e c2 42 33 4b 05 26 ca | keyex value 95 76 0b 4b 46 f7 43 74 26 b1 84 af 34 a4 fd e8 | keyex value 88 ac 2e 57 7f d0 e2 20 6f 6d cd 17 71 a5 b5 35 | keyex value d2 ec 59 e9 3f 20 7e c6 bf 75 26 3c 97 91 0c ee | keyex value 6c f0 86 bd a7 95 9d 73 a9 0d 34 78 dd 27 77 da | keyex value f7 d3 a1 21 d9 94 86 e1 a2 fe 77 9d e1 be 5e 44 | keyex value 6d 63 bd 43 c4 cc 45 61 de 84 f9 61 fe 55 4f bf | keyex value 74 6a cc fd 5e e0 c4 b4 77 0e 2c 30 69 a3 ac 45 | keyex value cb 5c f6 ac b6 85 83 2c dc 79 38 c5 41 e8 3e ac | keyex value 48 a0 67 06 de 73 dd fb 20 ac be ff c0 1c 9b 32 | keyex value 06 97 b8 85 49 07 8b 2a 28 91 0f 3f 32 12 ab dc | keyex value f0 54 f6 57 bc c4 a8 fe 23 71 ec 58 db 4b f8 ca | emitting length of ISAKMP Key Exchange Payload: 260 | ***emit ISAKMP Identification Payload (IPsec DOI): | next payload type: ISAKMP_NEXT_ID (0x5) | ID type: ID_IPV4_ADDR_SUBNET (0x4) | Protocol ID: 0 (0x0) | port: 0 (0x0) | next payload chain: ignoring supplied 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' value 5:ISAKMP_NEXT_ID | next payload chain: setting previous 'ISAKMP Key Exchange Payload'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' | emitting 4 raw bytes of client network into ISAKMP Identification Payload (IPsec DOI) | client network c0 00 01 00 | emitting 4 raw bytes of client mask into ISAKMP Identification Payload (IPsec DOI) | client mask ff ff ff f0 | emitting length of ISAKMP Identification Payload (IPsec DOI): 16 | ***emit ISAKMP Identification Payload (IPsec DOI): | next payload type: ISAKMP_NEXT_NONE (0x0) | ID type: ID_IPV4_ADDR_SUBNET (0x4) | Protocol ID: 0 (0x0) | port: 0 (0x0) | next payload chain: setting previous 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' | emitting 4 raw bytes of client network into ISAKMP Identification Payload (IPsec DOI) | client network c0 00 02 10 | emitting 4 raw bytes of client mask into ISAKMP Identification Payload (IPsec DOI) | client mask ff ff ff f0 | emitting length of ISAKMP Identification Payload (IPsec DOI): 16 | outI1 HASH(1): | 7d 4a 23 ac 45 03 7b fd 77 69 b9 1f 87 85 2a 95 | 01 ab a0 68 7c 40 e2 05 b3 d9 b2 d9 dd e2 9b a4 | no IKEv1 message padding required | emitting length of ISAKMP Message: 476 | sending 476 bytes for reply packet from quick_outI1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #13) | 58 65 7e 03 6c d2 dc 8b 8c 79 d8 bb 28 3b 88 3a | 08 10 20 01 c3 8d 44 99 00 00 01 dc 9c 3f c9 e2 | 50 1b f6 16 0e 95 ec 8d 08 73 7a ad 52 a6 0b 6d | 15 c3 eb d2 98 fe 37 be 0d 78 f4 e9 e4 a9 63 f7 | 69 db 3f 17 94 fb 34 b0 b8 f0 02 a1 02 f3 be fa | 57 da 31 76 47 cc 22 19 e5 79 8e 99 4c 60 5c 17 | 39 9e b6 ba 8b 28 3d d3 9d 5a cd 0d fe c3 1c af | 94 51 54 3b 12 f4 52 f3 55 38 5d 26 7d d7 53 97 | 21 57 bb d5 25 4b 4e 68 ea 07 ba b0 d0 1b d5 85 | 8d ba 9f f3 0e b3 d0 4a 5b 83 b0 8f 43 11 a8 38 | d5 54 df 9a bb 1d 9c 25 12 1f 4a fc dc bb d4 fd | 1c 87 0d 2c b7 14 59 b8 e4 58 f6 90 35 c5 ad e2 | f1 9a 93 b0 ad 68 cc 0f 86 a0 01 9c 8d de c7 2e | c4 64 2a 84 b3 61 a0 b7 69 5d e5 01 96 b6 b9 1a | cf a3 87 81 bd 49 e9 b9 16 0f 87 3f dc c9 f9 cd | f7 ef f5 07 87 c7 27 fb e8 6e 76 ae 35 1a c2 d8 | ec 2c c4 ca 1a 41 2e 04 41 6d 8b ee cc 17 1f 08 | 90 a0 e5 68 08 50 32 b7 94 7e 5f a7 1d f3 5d f5 | dc e4 a7 b6 17 f7 dd 2c 31 44 af 14 78 c3 d8 e5 | ea 67 39 7d f3 45 6e f1 c5 e8 42 9b c3 74 e6 e5 | be d2 1a c9 8b 59 a7 75 8b cb 8a de 92 26 a2 5f | 95 6c 1e c4 f8 7b 48 91 ac 41 ee 77 5f 34 5c 42 | 10 49 14 3b fd d5 49 ac 8b 95 9d 15 67 db 19 56 | b2 f3 25 9d 5d 12 68 af 39 f7 47 49 a0 63 65 16 | 56 c8 46 4a 22 62 55 99 58 3a 04 13 8d 7f 03 97 | 26 cb 07 b0 20 a5 aa 70 09 d3 99 62 ad d9 ac 3a | 90 ff ca 28 ab 17 d3 78 1b b1 96 97 47 b3 16 5e | ec ff a6 0b 82 4f a7 b4 0d 19 ce b8 01 03 11 53 | f5 7b 4c b4 e9 ca 3b 4b e9 ad 8a f7 14 04 9d 11 | 7a f7 73 69 7f 87 de e5 18 30 97 1f | state #13 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f9964009cd8 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55ebb7f69048 | event_schedule: new EVENT_RETRANSMIT-pe@0x55ebb7f6a5f8 | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #13 | libevent_malloc: new ptr-libevent@0x55ebb7f489c8 size 128 | #13 STATE_QUICK_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 11349.009855 | resume sending helper answer for #13 suppresed complete_v1_state_transition() | #13 spent 0.472 milliseconds in resume sending helper answer | stop processing: state #13 connection "westnet-eastnet-subnets/1x1" from 192.1.2.23 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f9970008d88 | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00697 milliseconds in signal handler PLUTO_SIGCHLD | spent 0.00163 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 92 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | 58 65 7e 03 6c d2 dc 8b 8c 79 d8 bb 28 3b 88 3a | 08 10 05 01 50 a5 22 2a 00 00 00 5c 21 71 af 0b | b9 e4 09 65 6d da 75 f3 f1 90 1d 31 f2 bf 69 8b | 35 33 cb 77 41 c1 66 e7 c2 39 ae c1 47 92 14 34 | e0 c4 99 d2 33 d7 5e 85 ee 5f 3f 69 91 0e 58 32 | 0f c1 6a 85 08 09 d9 96 56 ba 34 ca | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 58 65 7e 03 6c d2 dc 8b | responder cookie: | 8c 79 d8 bb 28 3b 88 3a | next payload type: ISAKMP_NEXT_HASH (0x8) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_INFO (0x5) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 1352999466 (0x50a5222a) | length: 92 (0x5c) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_INFO (5) | peer and cookies match on #13; msgid=00000000 st_msgid=c38d4499 st_msgid_phase15=00000000 | peer and cookies match on #11; msgid=00000000 st_msgid=dc82534f st_msgid_phase15=00000000 | peer and cookies match on #10; msgid=00000000 st_msgid=ef9d8949 st_msgid_phase15=00000000 | peer and cookies match on #5; msgid=00000000 st_msgid=1bee7841 st_msgid_phase15=00000000 | peer and cookies match on #4; msgid=00000000 st_msgid=9e8f68f5 st_msgid_phase15=00000000 | peer and cookies match on #2; msgid=00000000 st_msgid=68f2343d st_msgid_phase15=00000000 | peer and cookies match on #1; msgid=00000000 st_msgid=00000000 st_msgid_phase15=00000000 | p15 state object #1 found, in STATE_MAIN_I4 | State DB: found IKEv1 state #1 in MAIN_I4 (find_v1_info_state) | start processing: state #1 connection "westnet-eastnet-subnets/2x2" from 192.1.2.23 (in process_v1_packet() at ikev1.c:1479) | #1 is idle | #1 idle | received encrypted packet from 192.1.2.23:500 | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x100 opt: 0x0 | ***parse ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_D (0xc) | length: 36 (0x24) | got payload 0x1000 (ISAKMP_NEXT_D) needed: 0x0 opt: 0x0 | ***parse ISAKMP Delete Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 16 (0x10) | DOI: ISAKMP_DOI_IPSEC (0x1) | protocol ID: 3 (0x3) | SPI size: 4 (0x4) | number of SPIs: 1 (0x1) | removing 12 bytes of padding | informational HASH(1): | fa 1c 8b 55 c1 14 97 1f 8b 8e 99 0d 8b 52 c6 98 | 55 05 d8 28 bd 85 46 45 fb d5 4f 80 d8 d2 3f ee | received 'informational' message HASH(1) data ok | parsing 4 raw bytes of ISAKMP Delete Payload into SPI | SPI b2 d9 84 7b | FOR_EACH_STATE_... in find_phase2_state_to_delete | start processing: connection "westnet-eastnet-subnets/1x1" (BACKGROUND) (in accept_delete() at ikev1_main.c:2515) "westnet-eastnet-subnets/2x2" #1: received Delete SA(0xb2d9847b) payload: deleting IPsec State #2 | pstats #2 ikev1.ipsec deleted completed | suspend processing: state #1 connection "westnet-eastnet-subnets/2x2" from 192.1.2.23 (in delete_state() at state.c:879) | start processing: state #2 connection "westnet-eastnet-subnets/1x1" from 192.1.2.23 (in delete_state() at state.c:879) "westnet-eastnet-subnets/1x1" #2: deleting other state #2 connection (STATE_QUICK_I2) "westnet-eastnet-subnets/1x1" aged 6.793s and sending notification | child state #2: QUICK_I2(established CHILD SA) => delete | get_sa_info esp.b2d9847b@192.1.2.23 | get_sa_info esp.4a46f032@192.1.2.45 "westnet-eastnet-subnets/1x1" #2: ESP traffic information: in=0B out=0B | #2 send IKEv1 delete notification for STATE_QUICK_I2 | FOR_EACH_STATE_... in find_phase1_state | **emit ISAKMP Message: | initiator cookie: | 58 65 7e 03 6c d2 dc 8b | responder cookie: | 8c 79 d8 bb 28 3b 88 3a | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_INFO (0x5) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 565238095 (0x21b0d94f) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'delete msg' | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload | emitting length of ISAKMP Hash Payload: 36 | ***emit ISAKMP Delete Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | DOI: ISAKMP_DOI_IPSEC (0x1) | protocol ID: 3 (0x3) | SPI size: 4 (0x4) | number of SPIs: 1 (0x1) | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Delete Payload (12:ISAKMP_NEXT_D) | next payload chain: saving location 'ISAKMP Delete Payload'.'next payload type' in 'delete msg' | emitting 4 raw bytes of delete payload into ISAKMP Delete Payload | delete payload 4a 46 f0 32 | emitting length of ISAKMP Delete Payload: 16 | send delete HASH(1): | 60 b9 f2 4c d3 20 3f d7 3e 24 18 f7 39 f1 14 95 | 4e 0c 6f e0 7b 3d d3 64 25 18 38 ae d5 49 d5 6b | emitting 12 zero bytes of encryption padding into ISAKMP Message | no IKEv1 message padding required | emitting length of ISAKMP Message: 92 | sending 92 bytes for delete notify through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1) | 58 65 7e 03 6c d2 dc 8b 8c 79 d8 bb 28 3b 88 3a | 08 10 05 01 21 b0 d9 4f 00 00 00 5c a2 0c 2e 1e | 08 a3 8d 69 87 aa 14 b1 d8 a9 fe 5d 47 eb 26 21 | 97 18 67 47 4e 83 3f 96 fe 8a 82 68 4e 81 ce d4 | ba cc e2 4a 39 28 33 7c 91 5e 97 40 75 d5 7d c8 | a5 7a f7 4f 84 b3 f0 5b 9e ec fa 8d | state #2 requesting EVENT_SA_REPLACE to be deleted | libevent_free: release ptr-libevent@0x55ebb7f5a1b8 | free_event_entry: release EVENT_SA_REPLACE-pe@0x7f9970002b78 | delete esp.b2d9847b@192.1.2.23 | netlink response for Del SA esp.b2d9847b@192.1.2.23 included non-error error | priority calculation of connection "westnet-eastnet-subnets/1x1" is 0xfe3e3 | delete inbound eroute 192.0.2.16/28:0 --0-> 192.0.1.0/28:0 => unk255.10000@192.1.2.45 (raw_eroute) | raw_eroute result=success | delete esp.4a46f032@192.1.2.45 | netlink response for Del SA esp.4a46f032@192.1.2.45 included non-error error | stop processing: connection "westnet-eastnet-subnets/1x1" (BACKGROUND) (in update_state_connection() at connections.c:4076) | start processing: connection NULL (in update_state_connection() at connections.c:4077) | in connection_discard for connection westnet-eastnet-subnets/1x1 | State DB: deleting IKEv1 state #2 in QUICK_I2 | child state #2: QUICK_I2(established CHILD SA) => UNDEFINED(ignore) | stop processing: state #2 from 192.1.2.23 (in delete_state() at state.c:1143) | resume processing: state #1 connection "westnet-eastnet-subnets/2x2" from 192.1.2.23 (in delete_state() at state.c:1143) | connection 'westnet-eastnet-subnets/1x1' -POLICY_UP | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | state #13 | suspend processing: state #1 connection "westnet-eastnet-subnets/2x2" from 192.1.2.23 (in foreach_state_by_connection_func_delete() at state.c:1310) | start processing: state #13 connection "westnet-eastnet-subnets/1x1" from 192.1.2.23 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #13 ikev1.ipsec deleted other | [RE]START processing: state #13 connection "westnet-eastnet-subnets/1x1" from 192.1.2.23 (in delete_state() at state.c:879) "westnet-eastnet-subnets/1x1" #13: deleting state (STATE_QUICK_I1) aged 0.018s and NOT sending notification | child state #13: QUICK_I1(established CHILD SA) => delete | child state #13: QUICK_I1(established CHILD SA) => CHILDSA_DEL(informational) | state #13 requesting EVENT_RETRANSMIT to be deleted | #13 STATE_CHILDSA_DEL: retransmits: cleared | libevent_free: release ptr-libevent@0x55ebb7f489c8 | free_event_entry: release EVENT_RETRANSMIT-pe@0x55ebb7f6a5f8 | priority calculation of connection "westnet-eastnet-subnets/1x1" is 0xfe3e3 | delete inbound eroute 192.0.2.16/28:0 --0-> 192.0.1.0/28:0 => unk255.10000@192.1.2.45 (raw_eroute) | raw_eroute result=success | in connection_discard for connection westnet-eastnet-subnets/1x1 | State DB: deleting IKEv1 state #13 in CHILDSA_DEL | child state #13: CHILDSA_DEL(informational) => UNDEFINED(ignore) | stop processing: state #13 from 192.1.2.23 (in delete_state() at state.c:1143) | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | resume processing: state #1 connection "westnet-eastnet-subnets/2x2" from 192.1.2.23 (in foreach_state_by_connection_func_delete() at state.c:1312) | state #11 | state #10 | state #5 | state #4 | state #1 | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | state #11 | state #10 | state #5 | state #4 | state #1 | processing: STOP connection NULL (in accept_delete() at ikev1_main.c:2556) | processing: STOP connection NULL (in accept_delete() at ikev1_main.c:2559) | del: | in statetime_start() with no state | complete v1 state transition with STF_IGNORE | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "westnet-eastnet-subnets/2x2" from 192.1.2.23 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.658 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00189 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 92 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | 58 65 7e 03 6c d2 dc 8b 8c 79 d8 bb 28 3b 88 3a | 08 10 05 01 39 be 76 54 00 00 00 5c 5e 93 bc 1e | db ed 55 9e 51 5e f2 df b7 9b a8 78 2a 98 88 5b | 7a 75 85 9f 43 ec 0d 39 29 f1 df c0 0e 7c 59 6c | c7 c8 d1 4f b7 8f ce df bc 2f 7e a6 c1 90 3e 29 | a0 3a eb 89 db 7c e0 43 4b c9 e5 e1 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 58 65 7e 03 6c d2 dc 8b | responder cookie: | 8c 79 d8 bb 28 3b 88 3a | next payload type: ISAKMP_NEXT_HASH (0x8) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_INFO (0x5) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 968783444 (0x39be7654) | length: 92 (0x5c) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_INFO (5) | peer and cookies match on #11; msgid=00000000 st_msgid=dc82534f st_msgid_phase15=00000000 | peer and cookies match on #10; msgid=00000000 st_msgid=ef9d8949 st_msgid_phase15=00000000 | peer and cookies match on #5; msgid=00000000 st_msgid=1bee7841 st_msgid_phase15=00000000 | peer and cookies match on #4; msgid=00000000 st_msgid=9e8f68f5 st_msgid_phase15=00000000 | peer and cookies match on #1; msgid=00000000 st_msgid=00000000 st_msgid_phase15=00000000 | p15 state object #1 found, in STATE_MAIN_I4 | State DB: found IKEv1 state #1 in MAIN_I4 (find_v1_info_state) | start processing: state #1 connection "westnet-eastnet-subnets/2x2" from 192.1.2.23 (in process_v1_packet() at ikev1.c:1479) | #1 is idle | #1 idle | received encrypted packet from 192.1.2.23:500 | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x100 opt: 0x0 | ***parse ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_D (0xc) | length: 36 (0x24) | got payload 0x1000 (ISAKMP_NEXT_D) needed: 0x0 opt: 0x0 | ***parse ISAKMP Delete Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 16 (0x10) | DOI: ISAKMP_DOI_IPSEC (0x1) | protocol ID: 3 (0x3) | SPI size: 4 (0x4) | number of SPIs: 1 (0x1) | removing 12 bytes of padding | informational HASH(1): | db cf 07 ad 8f 98 58 7f d9 37 ba 21 b5 e5 3c 55 | 64 7b 00 1e 26 2d 9f 7c 46 5c 89 68 cd d9 4f 2e | received 'informational' message HASH(1) data ok | parsing 4 raw bytes of ISAKMP Delete Payload into SPI | SPI f4 45 51 62 | FOR_EACH_STATE_... in find_phase2_state_to_delete | start processing: connection "westnet-eastnet-subnets/2x1" (BACKGROUND) (in accept_delete() at ikev1_main.c:2515) "westnet-eastnet-subnets/2x2" #1: received Delete SA(0xf4455162) payload: deleting IPsec State #4 | pstats #4 ikev1.ipsec deleted completed | suspend processing: state #1 connection "westnet-eastnet-subnets/2x2" from 192.1.2.23 (in delete_state() at state.c:879) | start processing: state #4 connection "westnet-eastnet-subnets/2x1" from 192.1.2.23 (in delete_state() at state.c:879) "westnet-eastnet-subnets/2x1" #4: deleting other state #4 connection (STATE_QUICK_I2) "westnet-eastnet-subnets/2x1" aged 6.794s and sending notification | child state #4: QUICK_I2(established CHILD SA) => delete | get_sa_info esp.f4455162@192.1.2.23 | get_sa_info esp.95087394@192.1.2.45 "westnet-eastnet-subnets/2x1" #4: ESP traffic information: in=0B out=0B | #4 send IKEv1 delete notification for STATE_QUICK_I2 | FOR_EACH_STATE_... in find_phase1_state | **emit ISAKMP Message: | initiator cookie: | 58 65 7e 03 6c d2 dc 8b | responder cookie: | 8c 79 d8 bb 28 3b 88 3a | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_INFO (0x5) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 2585095174 (0x9a156c06) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'delete msg' | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload | emitting length of ISAKMP Hash Payload: 36 | ***emit ISAKMP Delete Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | DOI: ISAKMP_DOI_IPSEC (0x1) | protocol ID: 3 (0x3) | SPI size: 4 (0x4) | number of SPIs: 1 (0x1) | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Delete Payload (12:ISAKMP_NEXT_D) | next payload chain: saving location 'ISAKMP Delete Payload'.'next payload type' in 'delete msg' | emitting 4 raw bytes of delete payload into ISAKMP Delete Payload | delete payload 95 08 73 94 | emitting length of ISAKMP Delete Payload: 16 | send delete HASH(1): | a8 ee b8 a6 8c ff f0 b3 57 96 2d 5d 29 bb 2d 5c | b9 be 70 71 da 93 89 83 b7 3c 77 a2 a5 bc 0e b3 | emitting 12 zero bytes of encryption padding into ISAKMP Message | no IKEv1 message padding required | emitting length of ISAKMP Message: 92 | sending 92 bytes for delete notify through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1) | 58 65 7e 03 6c d2 dc 8b 8c 79 d8 bb 28 3b 88 3a | 08 10 05 01 9a 15 6c 06 00 00 00 5c 6c 72 a1 fc | 51 cc 94 36 88 02 e4 d6 ba ae 34 af da c8 d5 f5 | 94 78 9c 7c 27 36 4d b5 93 09 1e ca 29 39 31 fd | c7 02 2b 91 24 6e e7 4d b4 c5 ff e7 fa af 09 da | 9c ea 79 e5 a3 93 a1 74 f9 d3 f3 4e | state #4 requesting EVENT_SA_REPLACE to be deleted | libevent_free: release ptr-libevent@0x7f9968000e98 | free_event_entry: release EVENT_SA_REPLACE-pe@0x55ebb7f29558 | delete esp.f4455162@192.1.2.23 | netlink response for Del SA esp.f4455162@192.1.2.23 included non-error error | priority calculation of connection "westnet-eastnet-subnets/2x1" is 0xfe3e3 | delete inbound eroute 192.0.2.16/28:0 --0-> 192.0.1.128/28:0 => unk255.10000@192.1.2.45 (raw_eroute) | raw_eroute result=success | delete esp.95087394@192.1.2.45 | netlink response for Del SA esp.95087394@192.1.2.45 included non-error error | stop processing: connection "westnet-eastnet-subnets/2x1" (BACKGROUND) (in update_state_connection() at connections.c:4076) | start processing: connection NULL (in update_state_connection() at connections.c:4077) | in connection_discard for connection westnet-eastnet-subnets/2x1 | State DB: deleting IKEv1 state #4 in QUICK_I2 | child state #4: QUICK_I2(established CHILD SA) => UNDEFINED(ignore) | stop processing: state #4 from 192.1.2.23 (in delete_state() at state.c:1143) | resume processing: state #1 connection "westnet-eastnet-subnets/2x2" from 192.1.2.23 (in delete_state() at state.c:1143) | connection 'westnet-eastnet-subnets/2x1' -POLICY_UP | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | state #11 | suspend processing: state #1 connection "westnet-eastnet-subnets/2x2" from 192.1.2.23 (in foreach_state_by_connection_func_delete() at state.c:1310) | start processing: state #11 connection "westnet-eastnet-subnets/2x1" from 192.1.2.23 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #11 ikev1.ipsec deleted other | [RE]START processing: state #11 connection "westnet-eastnet-subnets/2x1" from 192.1.2.23 (in delete_state() at state.c:879) "westnet-eastnet-subnets/2x1" #11: deleting state (STATE_QUICK_I1) aged 0.047s and NOT sending notification | child state #11: QUICK_I1(established CHILD SA) => delete | child state #11: QUICK_I1(established CHILD SA) => CHILDSA_DEL(informational) | state #11 requesting EVENT_RETRANSMIT to be deleted | #11 STATE_CHILDSA_DEL: retransmits: cleared | libevent_free: release ptr-libevent@0x55ebb7f62d98 | free_event_entry: release EVENT_RETRANSMIT-pe@0x55ebb7f68c48 | priority calculation of connection "westnet-eastnet-subnets/2x1" is 0xfe3e3 | delete inbound eroute 192.0.2.16/28:0 --0-> 192.0.1.128/28:0 => unk255.10000@192.1.2.45 (raw_eroute) | raw_eroute result=success | in connection_discard for connection westnet-eastnet-subnets/2x1 | State DB: deleting IKEv1 state #11 in CHILDSA_DEL | child state #11: CHILDSA_DEL(informational) => UNDEFINED(ignore) | stop processing: state #11 from 192.1.2.23 (in delete_state() at state.c:1143) | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | resume processing: state #1 connection "westnet-eastnet-subnets/2x2" from 192.1.2.23 (in foreach_state_by_connection_func_delete() at state.c:1312) | state #10 | state #5 | state #1 | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | state #10 | state #5 | state #1 | processing: STOP connection NULL (in accept_delete() at ikev1_main.c:2556) | processing: STOP connection NULL (in accept_delete() at ikev1_main.c:2559) | del: | in statetime_start() with no state | complete v1 state transition with STF_IGNORE | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "westnet-eastnet-subnets/2x2" from 192.1.2.23 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.521 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00129 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 92 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | 58 65 7e 03 6c d2 dc 8b 8c 79 d8 bb 28 3b 88 3a | 08 10 05 01 bb d3 42 3b 00 00 00 5c 93 ad bb 51 | f6 31 0a 20 43 ca 1f 16 8c 80 69 5d 7a 71 3c 4b | 2c a5 81 3a 0f ca 11 b6 c2 ed e9 c9 77 a2 18 d9 | d6 2d 96 d5 5a ea 38 47 97 e7 59 18 42 68 c4 93 | 99 eb ea 1d 6c a0 8f f1 bf 16 f8 80 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 58 65 7e 03 6c d2 dc 8b | responder cookie: | 8c 79 d8 bb 28 3b 88 3a | next payload type: ISAKMP_NEXT_HASH (0x8) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_INFO (0x5) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 3151184443 (0xbbd3423b) | length: 92 (0x5c) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_INFO (5) | peer and cookies match on #10; msgid=00000000 st_msgid=ef9d8949 st_msgid_phase15=00000000 | peer and cookies match on #5; msgid=00000000 st_msgid=1bee7841 st_msgid_phase15=00000000 | peer and cookies match on #1; msgid=00000000 st_msgid=00000000 st_msgid_phase15=00000000 | p15 state object #1 found, in STATE_MAIN_I4 | State DB: found IKEv1 state #1 in MAIN_I4 (find_v1_info_state) | start processing: state #1 connection "westnet-eastnet-subnets/2x2" from 192.1.2.23 (in process_v1_packet() at ikev1.c:1479) | #1 is idle | #1 idle | received encrypted packet from 192.1.2.23:500 | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x100 opt: 0x0 | ***parse ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_D (0xc) | length: 36 (0x24) | got payload 0x1000 (ISAKMP_NEXT_D) needed: 0x0 opt: 0x0 | ***parse ISAKMP Delete Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 16 (0x10) | DOI: ISAKMP_DOI_IPSEC (0x1) | protocol ID: 3 (0x3) | SPI size: 4 (0x4) | number of SPIs: 1 (0x1) | removing 12 bytes of padding | informational HASH(1): | 34 28 fd ed 28 69 9a 81 3e a0 44 61 1d 94 1c e3 | f4 78 1a 74 22 d3 06 f3 f8 93 c1 90 7d 8e e3 a7 | received 'informational' message HASH(1) data ok | parsing 4 raw bytes of ISAKMP Delete Payload into SPI | SPI 70 04 02 af | FOR_EACH_STATE_... in find_phase2_state_to_delete | start processing: connection "westnet-eastnet-subnets/2x2" (BACKGROUND) (in accept_delete() at ikev1_main.c:2515) "westnet-eastnet-subnets/2x2" #1: received Delete SA(0x700402af) payload: deleting IPsec State #5 | pstats #5 ikev1.ipsec deleted completed | suspend processing: state #1 connection "westnet-eastnet-subnets/2x2" from 192.1.2.23 (in delete_state() at state.c:879) | start processing: state #5 connection "westnet-eastnet-subnets/2x2" from 192.1.2.23 (in delete_state() at state.c:879) "westnet-eastnet-subnets/2x2" #5: deleting other state #5 (STATE_QUICK_I2) aged 6.795s and sending notification | child state #5: QUICK_I2(established CHILD SA) => delete | get_sa_info esp.700402af@192.1.2.23 | get_sa_info esp.fae87546@192.1.2.45 "westnet-eastnet-subnets/2x2" #5: ESP traffic information: in=0B out=0B | #5 send IKEv1 delete notification for STATE_QUICK_I2 | FOR_EACH_STATE_... in find_phase1_state | **emit ISAKMP Message: | initiator cookie: | 58 65 7e 03 6c d2 dc 8b | responder cookie: | 8c 79 d8 bb 28 3b 88 3a | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_INFO (0x5) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 73912678 (0x467d166) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'delete msg' | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload | emitting length of ISAKMP Hash Payload: 36 | ***emit ISAKMP Delete Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | DOI: ISAKMP_DOI_IPSEC (0x1) | protocol ID: 3 (0x3) | SPI size: 4 (0x4) | number of SPIs: 1 (0x1) | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Delete Payload (12:ISAKMP_NEXT_D) | next payload chain: saving location 'ISAKMP Delete Payload'.'next payload type' in 'delete msg' | emitting 4 raw bytes of delete payload into ISAKMP Delete Payload | delete payload fa e8 75 46 | emitting length of ISAKMP Delete Payload: 16 | send delete HASH(1): | f9 7c 6a c1 5b 3d 84 a8 b5 3c a7 73 34 49 68 f9 | 56 22 fa be 22 cf a6 4b d7 26 07 0c c6 1d e4 e0 | emitting 12 zero bytes of encryption padding into ISAKMP Message | no IKEv1 message padding required | emitting length of ISAKMP Message: 92 | sending 92 bytes for delete notify through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1) | 58 65 7e 03 6c d2 dc 8b 8c 79 d8 bb 28 3b 88 3a | 08 10 05 01 04 67 d1 66 00 00 00 5c 5c 10 b1 b0 | 14 e1 4b 16 b9 95 36 6f b0 56 41 da 9f d4 fb 2a | 95 b3 b1 8f 7c 97 c2 d4 3d c5 b6 5a f2 46 66 4b | 92 d0 5f 83 4e 45 b2 a6 2d c0 3b ea e6 bc 3a 25 | fe 10 59 f5 76 18 09 fe 6a c4 c5 8e | state #5 requesting EVENT_SA_REPLACE to be deleted | libevent_free: release ptr-libevent@0x55ebb7f51678 | free_event_entry: release EVENT_SA_REPLACE-pe@0x55ebb7f53638 | delete esp.700402af@192.1.2.23 | netlink response for Del SA esp.700402af@192.1.2.23 included non-error error | priority calculation of connection "westnet-eastnet-subnets/2x2" is 0xfe3e5 | delete inbound eroute 192.0.2.64/26:0 --0-> 192.0.1.128/28:0 => unk255.10000@192.1.2.45 (raw_eroute) | raw_eroute result=success | delete esp.fae87546@192.1.2.45 | netlink response for Del SA esp.fae87546@192.1.2.45 included non-error error | stop processing: connection "westnet-eastnet-subnets/2x2" (BACKGROUND) (in update_state_connection() at connections.c:4076) | start processing: connection NULL (in update_state_connection() at connections.c:4077) | in connection_discard for connection westnet-eastnet-subnets/2x2 | State DB: deleting IKEv1 state #5 in QUICK_I2 | child state #5: QUICK_I2(established CHILD SA) => UNDEFINED(ignore) | stop processing: state #5 from 192.1.2.23 (in delete_state() at state.c:1143) | resume processing: state #1 connection "westnet-eastnet-subnets/2x2" from 192.1.2.23 (in delete_state() at state.c:1143) | connection 'westnet-eastnet-subnets/2x2' -POLICY_UP | FOR_EACH_STATE_... in shared_phase1_connection | Deleting states for connection - not including other IPsec SA's | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | state #10 | suspend processing: state #1 connection "westnet-eastnet-subnets/2x2" from 192.1.2.23 (in foreach_state_by_connection_func_delete() at state.c:1310) | start processing: state #10 connection "westnet-eastnet-subnets/2x2" from 192.1.2.23 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #10 ikev1.ipsec deleted other | [RE]START processing: state #10 connection "westnet-eastnet-subnets/2x2" from 192.1.2.23 (in delete_state() at state.c:879) "westnet-eastnet-subnets/2x2" #10: deleting state (STATE_QUICK_I1) aged 0.061s and NOT sending notification | child state #10: QUICK_I1(established CHILD SA) => delete | child state #10: QUICK_I1(established CHILD SA) => CHILDSA_DEL(informational) | state #10 requesting EVENT_RETRANSMIT to be deleted | #10 STATE_CHILDSA_DEL: retransmits: cleared | libevent_free: release ptr-libevent@0x55ebb7f72bf8 | free_event_entry: release EVENT_RETRANSMIT-pe@0x55ebb7f572d8 | priority calculation of connection "westnet-eastnet-subnets/2x2" is 0xfe3e5 | delete inbound eroute 192.0.2.64/26:0 --0-> 192.0.1.128/28:0 => unk255.10000@192.1.2.45 (raw_eroute) | raw_eroute result=success | in connection_discard for connection westnet-eastnet-subnets/2x2 | State DB: deleting IKEv1 state #10 in CHILDSA_DEL | child state #10: CHILDSA_DEL(informational) => UNDEFINED(ignore) | stop processing: state #10 from 192.1.2.23 (in delete_state() at state.c:1143) | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | resume processing: state #1 connection "westnet-eastnet-subnets/2x2" from 192.1.2.23 (in foreach_state_by_connection_func_delete() at state.c:1312) | state #1 | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | state #1 | [RE]START processing: state #1 connection "westnet-eastnet-subnets/2x2" from 192.1.2.23 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #1 ikev1.isakmp deleted completed | [RE]START processing: state #1 connection "westnet-eastnet-subnets/2x2" from 192.1.2.23 (in delete_state() at state.c:879) "westnet-eastnet-subnets/2x2" #1: deleting state (STATE_MAIN_I4) aged 6.813s and sending notification | parent state #1: MAIN_I4(established IKE SA) => delete | #1 send IKEv1 delete notification for STATE_MAIN_I4 | **emit ISAKMP Message: | initiator cookie: | 58 65 7e 03 6c d2 dc 8b | responder cookie: | 8c 79 d8 bb 28 3b 88 3a | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_INFO (0x5) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 2530872613 (0x96da0d25) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'delete msg' | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload | emitting length of ISAKMP Hash Payload: 36 | ***emit ISAKMP Delete Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | DOI: ISAKMP_DOI_IPSEC (0x1) | protocol ID: 1 (0x1) | SPI size: 16 (0x10) | number of SPIs: 1 (0x1) | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Delete Payload (12:ISAKMP_NEXT_D) | next payload chain: saving location 'ISAKMP Delete Payload'.'next payload type' in 'delete msg' | emitting 8 raw bytes of initiator SPI into ISAKMP Delete Payload | initiator SPI 58 65 7e 03 6c d2 dc 8b | emitting 8 raw bytes of responder SPI into ISAKMP Delete Payload | responder SPI 8c 79 d8 bb 28 3b 88 3a | emitting length of ISAKMP Delete Payload: 28 | send delete HASH(1): | d3 fd 1b d8 65 00 6b e8 9c b4 32 0b 21 23 3e 4d | 04 a1 4a 96 29 af c5 98 97 ca 3f bd 34 d4 4f 2b | no IKEv1 message padding required | emitting length of ISAKMP Message: 92 | sending 92 bytes for delete notify through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1) | 58 65 7e 03 6c d2 dc 8b 8c 79 d8 bb 28 3b 88 3a | 08 10 05 01 96 da 0d 25 00 00 00 5c 47 4f 1c 99 | ea b4 bd 3f e5 29 d5 fd 15 1e 05 e5 0f be 36 c5 | 7d e2 49 a1 aa 87 24 ef f5 60 63 7e 86 e9 d6 21 | 8b 23 be 2c 32 2d fb cf 7f fb 63 db 50 60 72 f1 | 3a ca e3 8f 93 bc 4f c0 95 52 6e 07 | state #1 requesting EVENT_SA_EXPIRE to be deleted | libevent_free: release ptr-libevent@0x7f9968000f48 | free_event_entry: release EVENT_SA_EXPIRE-pe@0x55ebb7f47fb8 | State DB: IKEv1 state not found (flush_incomplete_children) | in connection_discard for connection westnet-eastnet-subnets/2x2 | State DB: deleting IKEv1 state #1 in MAIN_I4 | parent state #1: MAIN_I4(established IKE SA) => UNDEFINED(ignore) | unreference key: 0x55ebb7ea0c48 @east cnt 2-- | stop processing: state #1 from 192.1.2.23 (in delete_state() at state.c:1143) | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | processing: STOP connection NULL (in accept_delete() at ikev1_main.c:2556) | processing: STOP connection NULL (in accept_delete() at ikev1_main.c:2559) | del: | in statetime_start() with no state | complete v1 state transition with STF_IGNORE | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.784 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00174 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 92 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | 58 65 7e 03 6c d2 dc 8b 8c 79 d8 bb 28 3b 88 3a | 08 10 05 01 4f 3e 8e d3 00 00 00 5c 61 ae 68 77 | ab 21 77 e1 0f d3 eb d5 aa 7f 5c 2b 20 69 0e 0e | c8 bf 60 d5 08 81 49 41 3a d9 73 f2 94 eb 13 06 | 15 af 45 34 f5 11 b7 40 83 df 44 25 b9 81 5b 1b | aa 77 2d d1 e4 81 da d9 a6 5f 43 d1 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 58 65 7e 03 6c d2 dc 8b | responder cookie: | 8c 79 d8 bb 28 3b 88 3a | next payload type: ISAKMP_NEXT_HASH (0x8) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_INFO (0x5) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 1329499859 (0x4f3e8ed3) | length: 92 (0x5c) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_INFO (5) | State DB: IKEv1 state not found (find_v1_info_state) | State DB: IKEv1 state not found (find_state_ikev1_init) | Informational Exchange is for an unknown (expired?) SA with MSGID:0x4f3e8ed3 | - unknown SA's md->hdr.isa_ike_initiator_spi.bytes: | 58 65 7e 03 6c d2 dc 8b | - unknown SA's md->hdr.isa_ike_responder_spi.bytes: | 8c 79 d8 bb 28 3b 88 3a | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.0816 milliseconds in comm_handle_cb() reading and processing packet | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) shutting down | processing: RESET whack log_fd (was fd@16) (in exit_pluto() at plutomain.c:1825) | certs and keys locked by 'free_preshared_secrets' forgetting secrets | certs and keys unlocked by 'free_preshared_secrets' | unreference key: 0x55ebb7ea0c48 @east cnt 1-- | unreference key: 0x55ebb7ea0b58 @west cnt 1-- | start processing: connection "westnet-eastnet-subnets/2x2" (in delete_connection() at connections.c:189) | Deleting states for connection - including all other IPsec SA's of this IKE SA | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | shunt_eroute() called for connection 'westnet-eastnet-subnets/2x2' to 'delete' for rt_kind 'unrouted' using protoports 0--0->-0 | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 | priority calculation of connection "westnet-eastnet-subnets/2x2" is 0xfe3e5 | priority calculation of connection "westnet-eastnet-subnets/2x2" is 0xfe3e5 | FOR_EACH_CONNECTION_... in route_owner | conn westnet-eastnet-subnets/2x2 mark 0/00000000, 0/00000000 vs | conn westnet-eastnet-subnets/2x2 mark 0/00000000, 0/00000000 | conn westnet-eastnet-subnets/2x2 mark 0/00000000, 0/00000000 vs | conn westnet-eastnet-subnets/2x1 mark 0/00000000, 0/00000000 | conn westnet-eastnet-subnets/2x2 mark 0/00000000, 0/00000000 vs | conn westnet-eastnet-subnets/1x2 mark 0/00000000, 0/00000000 | conn westnet-eastnet-subnets/2x2 mark 0/00000000, 0/00000000 vs | conn westnet-eastnet-subnets/1x1 mark 0/00000000, 0/00000000 | route owner of "westnet-eastnet-subnets/2x2" unrouted: "westnet-eastnet-subnets/1x2" prospective erouted | flush revival: connection 'westnet-eastnet-subnets/2x2' wasn't on the list | stop processing: connection "westnet-eastnet-subnets/2x2" (in discard_connection() at connections.c:249) | start processing: connection "westnet-eastnet-subnets/2x1" (in delete_connection() at connections.c:189) | Deleting states for connection - including all other IPsec SA's of this IKE SA | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | shunt_eroute() called for connection 'westnet-eastnet-subnets/2x1' to 'delete' for rt_kind 'unrouted' using protoports 0--0->-0 | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 | priority calculation of connection "westnet-eastnet-subnets/2x1" is 0xfe3e3 | priority calculation of connection "westnet-eastnet-subnets/2x1" is 0xfe3e3 | FOR_EACH_CONNECTION_... in route_owner | conn westnet-eastnet-subnets/2x1 mark 0/00000000, 0/00000000 vs | conn westnet-eastnet-subnets/2x1 mark 0/00000000, 0/00000000 | conn westnet-eastnet-subnets/2x1 mark 0/00000000, 0/00000000 vs | conn westnet-eastnet-subnets/1x2 mark 0/00000000, 0/00000000 | conn westnet-eastnet-subnets/2x1 mark 0/00000000, 0/00000000 vs | conn westnet-eastnet-subnets/1x1 mark 0/00000000, 0/00000000 | route owner of "westnet-eastnet-subnets/2x1" unrouted: "westnet-eastnet-subnets/1x1" prospective erouted | flush revival: connection 'westnet-eastnet-subnets/2x1' wasn't on the list | stop processing: connection "westnet-eastnet-subnets/2x1" (in discard_connection() at connections.c:249) | start processing: connection "westnet-eastnet-subnets/1x2" (in delete_connection() at connections.c:189) | Deleting states for connection - including all other IPsec SA's of this IKE SA | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | shunt_eroute() called for connection 'westnet-eastnet-subnets/1x2' to 'delete' for rt_kind 'unrouted' using protoports 0--0->-0 | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 | priority calculation of connection "westnet-eastnet-subnets/1x2" is 0xfe3e5 | priority calculation of connection "westnet-eastnet-subnets/1x2" is 0xfe3e5 | FOR_EACH_CONNECTION_... in route_owner | conn westnet-eastnet-subnets/1x2 mark 0/00000000, 0/00000000 vs | conn westnet-eastnet-subnets/1x2 mark 0/00000000, 0/00000000 | conn westnet-eastnet-subnets/1x2 mark 0/00000000, 0/00000000 vs | conn westnet-eastnet-subnets/1x1 mark 0/00000000, 0/00000000 | route owner of "westnet-eastnet-subnets/1x2" unrouted: NULL | running updown command "ipsec _updown" for verb unroute | command executing unroute-client | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-subnets/1x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/28' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.240' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.64/26' PLUTO_PEER_CLIENT_NET='192.0.2.64' PLUTO_PEER_CLIENT_MASK='255.255.255.192' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_ | popen cmd is 1044 chars long | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastne: | cmd( 80):t-subnets/1x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.: | cmd( 160):1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/28' PLUTO_MY_CLIENT_NET=': | cmd( 240):192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.240' PLUTO_MY_PORT='0' PLUTO_MY_PRO: | cmd( 320):TOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PL: | cmd( 400):UTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.64/26' PLUTO_PEER_CLIENT_NET='192: | cmd( 480):.0.2.64' PLUTO_PEER_CLIENT_MASK='255.255.255.192' PLUTO_PEER_PORT='0' PLUTO_PEER: | cmd( 560):_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN: | cmd( 640):_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO: | cmd( 720):' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLU: | cmd( 800):TO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER: | cmd( 880):_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI: | cmd( 960):_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown : | cmd(1040):2>&1: "westnet-eastnet-subnets/1x2": unroute-client output: Error: Peer netns reference is invalid. "westnet-eastnet-subnets/1x2": unroute-client output: Error: Peer netns reference is invalid. "westnet-eastnet-subnets/1x2": unroute-client output: Error: Peer netns reference is invalid. "westnet-eastnet-subnets/1x2": unroute-client output: Error: Peer netns reference is invalid. "westnet-eastnet-subnets/1x2": unroute-client output: Error: Peer netns reference is invalid. "westnet-eastnet-subnets/1x2": unroute-client output: Error: Peer netns reference is invalid. "westnet-eastnet-subnets/1x2": unroute-client output: Error: Peer netns reference is invalid. "westnet-eastnet-subnets/1x2": unroute-client output: Error: Peer netns reference is invalid. "westnet-eastnet-subnets/1x2": unroute-client output: Error: Peer netns reference is invalid. "westnet-eastnet-subnets/1x2": unroute-client output: Error: Peer netns reference is invalid. "westnet-eastnet-subnets/1x2": unroute-client output: Error: Peer netns reference is invalid. "westnet-eastnet-subnets/1x2": unroute-client output: Error: Peer netns reference is invalid. "westnet-eastnet-subnets/1x2": unroute-client output: Error: Peer netns reference is invalid. "westnet-eastnet-subnets/1x2": unroute-client output: Error: Peer netns reference is invalid. "westnet-eastnet-subnets/1x2": unroute-client output: Error: Peer netns reference is invalid. "westnet-eastnet-subnets/1x2": unroute-client output: Error: Peer netns reference is invalid. "westnet-eastnet-subnets/1x2": unroute-client output: Error: Peer netns reference is invalid. "westnet-eastnet-subnets/1x2": unroute-client output: Error: Peer netns reference is invalid. "westnet-eastnet-subnets/1x2": unroute-client output: Error: Peer netns reference is invalid. "westnet-eastnet-subnets/1x2": unroute-client output: Error: Peer netns reference is invalid. "westnet-eastnet-subnets/1x2": unroute-client output: Error: Peer netns reference is invalid. "westnet-eastnet-subnets/1x2": unroute-client output: Error: Peer netns reference is invalid. "westnet-eastnet-subnets/1x2": unroute-client output: Error: Peer netns reference is invalid. "westnet-eastnet-subnets/1x2": unroute-client output: Error: Peer netns reference is invalid. "westnet-eastnet-subnets/1x2": unroute-client output: Error: Peer netns reference is invalid. | flush revival: connection 'westnet-eastnet-subnets/1x2' wasn't on the list | stop processing: connection "westnet-eastnet-subnets/1x2" (in discard_connection() at connections.c:249) | start processing: connection "westnet-eastnet-subnets/1x1" (in delete_connection() at connections.c:189) | Deleting states for connection - including all other IPsec SA's of this IKE SA | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | shunt_eroute() called for connection 'westnet-eastnet-subnets/1x1' to 'delete' for rt_kind 'unrouted' using protoports 0--0->-0 | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 | priority calculation of connection "westnet-eastnet-subnets/1x1" is 0xfe3e3 | priority calculation of connection "westnet-eastnet-subnets/1x1" is 0xfe3e3 | FOR_EACH_CONNECTION_... in route_owner | conn westnet-eastnet-subnets/1x1 mark 0/00000000, 0/00000000 vs | conn westnet-eastnet-subnets/1x1 mark 0/00000000, 0/00000000 | route owner of "westnet-eastnet-subnets/1x1" unrouted: NULL | running updown command "ipsec _updown" for verb unroute | command executing unroute-client | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastnet-subnets/1x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/28' PLUTO_MY_CLIENT_NET='192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.240' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.16/28' PLUTO_PEER_CLIENT_NET='192.0.2.16' PLUTO_PEER_CLIENT_MASK='255.255.255.240' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_ | popen cmd is 1044 chars long | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='westnet-eastne: | cmd( 80):t-subnets/1x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.23' PLUTO_ME='192.: | cmd( 160):1.2.45' PLUTO_MY_ID='@west' PLUTO_MY_CLIENT='192.0.1.0/28' PLUTO_MY_CLIENT_NET=': | cmd( 240):192.0.1.0' PLUTO_MY_CLIENT_MASK='255.255.255.240' PLUTO_MY_PORT='0' PLUTO_MY_PRO: | cmd( 320):TOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PL: | cmd( 400):UTO_PEER_ID='@east' PLUTO_PEER_CLIENT='192.0.2.16/28' PLUTO_PEER_CLIENT_NET='192: | cmd( 480):.0.2.16' PLUTO_PEER_CLIENT_MASK='255.255.255.240' PLUTO_PEER_PORT='0' PLUTO_PEER: | cmd( 560):_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN: | cmd( 640):_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO: | cmd( 720):' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLU: | cmd( 800):TO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER: | cmd( 880):_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI: | cmd( 960):_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown : | cmd(1040):2>&1: "westnet-eastnet-subnets/1x1": unroute-client output: Error: Peer netns reference is invalid. "westnet-eastnet-subnets/1x1": unroute-client output: Error: Peer netns reference is invalid. "westnet-eastnet-subnets/1x1": unroute-client output: Error: Peer netns reference is invalid. "westnet-eastnet-subnets/1x1": unroute-client output: Error: Peer netns reference is invalid. "westnet-eastnet-subnets/1x1": unroute-client output: Error: Peer netns reference is invalid. "westnet-eastnet-subnets/1x1": unroute-client output: Error: Peer netns reference is invalid. "westnet-eastnet-subnets/1x1": unroute-client output: Error: Peer netns reference is invalid. "westnet-eastnet-subnets/1x1": unroute-client output: Error: Peer netns reference is invalid. "westnet-eastnet-subnets/1x1": unroute-client output: Error: Peer netns reference is invalid. "westnet-eastnet-subnets/1x1": unroute-client output: Error: Peer netns reference is invalid. "westnet-eastnet-subnets/1x1": unroute-client output: Error: Peer netns reference is invalid. "westnet-eastnet-subnets/1x1": unroute-client output: Error: Peer netns reference is invalid. "westnet-eastnet-subnets/1x1": unroute-client output: Error: Peer netns reference is invalid. "westnet-eastnet-subnets/1x1": unroute-client output: Error: Peer netns reference is invalid. "westnet-eastnet-subnets/1x1": unroute-client output: Error: Peer netns reference is invalid. "westnet-eastnet-subnets/1x1": unroute-client output: Error: Peer netns reference is invalid. "westnet-eastnet-subnets/1x1": unroute-client output: Error: Peer netns reference is invalid. "westnet-eastnet-subnets/1x1": unroute-client output: Error: Peer netns reference is invalid. "westnet-eastnet-subnets/1x1": unroute-client output: Error: Peer netns reference is invalid. "westnet-eastnet-subnets/1x1": unroute-client output: Error: Peer netns reference is invalid. "westnet-eastnet-subnets/1x1": unroute-client output: Error: Peer netns reference is invalid. "westnet-eastnet-subnets/1x1": unroute-client output: Error: Peer netns reference is invalid. "westnet-eastnet-subnets/1x1": unroute-client output: Error: Peer netns reference is invalid. "westnet-eastnet-subnets/1x1": unroute-client output: Error: Peer netns reference is invalid. "westnet-eastnet-subnets/1x1": unroute-client output: Error: Peer netns reference is invalid. | free hp@0x55ebb7f47ed8 | flush revival: connection 'westnet-eastnet-subnets/1x1' wasn't on the list | stop processing: connection "westnet-eastnet-subnets/1x1" (in discard_connection() at connections.c:249) | crl fetch request list locked by 'free_crl_fetch' | crl fetch request list unlocked by 'free_crl_fetch' shutting down interface lo/lo 127.0.0.1:4500 shutting down interface lo/lo 127.0.0.1:500 shutting down interface eth0/eth0 192.0.1.254:4500 shutting down interface eth0/eth0 192.0.1.254:500 shutting down interface eth1/eth1 192.1.2.45:4500 shutting down interface eth1/eth1 192.1.2.45:500 | FOR_EACH_STATE_... in delete_states_dead_interfaces | libevent_free: release ptr-libevent@0x55ebb7f3aef8 | free_event_entry: release EVENT_NULL-pe@0x55ebb7f46bf8 | libevent_free: release ptr-libevent@0x55ebb7ed0988 | free_event_entry: release EVENT_NULL-pe@0x55ebb7f46ca8 | libevent_free: release ptr-libevent@0x55ebb7ed08d8 | free_event_entry: release EVENT_NULL-pe@0x55ebb7f46d58 | libevent_free: release ptr-libevent@0x55ebb7ed1508 | free_event_entry: release EVENT_NULL-pe@0x55ebb7f46e08 | libevent_free: release ptr-libevent@0x55ebb7ea54e8 | free_event_entry: release EVENT_NULL-pe@0x55ebb7f46eb8 | libevent_free: release ptr-libevent@0x55ebb7ea51d8 | free_event_entry: release EVENT_NULL-pe@0x55ebb7f46f68 | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations | libevent_free: release ptr-libevent@0x55ebb7f3afa8 | free_event_entry: release EVENT_NULL-pe@0x55ebb7f2ed18 | libevent_free: release ptr-libevent@0x55ebb7ecf1e8 | free_event_entry: release EVENT_NULL-pe@0x55ebb7f2eca8 | libevent_free: release ptr-libevent@0x55ebb7f126f8 | free_event_entry: release EVENT_NULL-pe@0x55ebb7f2e168 | global timer EVENT_REINIT_SECRET uninitialized | global timer EVENT_SHUNT_SCAN uninitialized | global timer EVENT_PENDING_DDNS uninitialized | global timer EVENT_PENDING_PHASE2 uninitialized | global timer EVENT_CHECK_CRLS uninitialized | global timer EVENT_REVIVE_CONNS uninitialized | global timer EVENT_FREE_ROOT_CERTS uninitialized | global timer EVENT_RESET_LOG_RATE_LIMIT uninitialized | global timer EVENT_NAT_T_KEEPALIVE uninitialized | libevent_free: release ptr-libevent@0x55ebb7ed9808 | signal event handler PLUTO_SIGCHLD uninstalled | libevent_free: release ptr-libevent@0x55ebb7ed15d8 | signal event handler PLUTO_SIGTERM uninstalled | libevent_free: release ptr-libevent@0x55ebb7f464e8 | signal event handler PLUTO_SIGHUP uninstalled | libevent_free: release ptr-libevent@0x55ebb7f46728 | signal event handler PLUTO_SIGSYS uninstalled | releasing event base | libevent_free: release ptr-libevent@0x55ebb7f465f8 | libevent_free: release ptr-libevent@0x55ebb7f29618 | libevent_free: release ptr-libevent@0x55ebb7f295c8 | libevent_free: release ptr-libevent@0x7f996c00a238 | libevent_free: release ptr-libevent@0x55ebb7f29518 | libevent_free: release ptr-libevent@0x55ebb7f46278 | libevent_free: release ptr-libevent@0x55ebb7f46428 | libevent_free: release ptr-libevent@0x55ebb7f297c8 | libevent_free: release ptr-libevent@0x55ebb7f2e278 | libevent_free: release ptr-libevent@0x55ebb7f2ec68 | libevent_free: release ptr-libevent@0x55ebb7f46fd8 | libevent_free: release ptr-libevent@0x55ebb7f46f28 | libevent_free: release ptr-libevent@0x55ebb7f46e78 | libevent_free: release ptr-libevent@0x55ebb7f46dc8 | libevent_free: release ptr-libevent@0x55ebb7f46d18 | libevent_free: release ptr-libevent@0x55ebb7f46c68 | libevent_free: release ptr-libevent@0x55ebb7ecd978 | libevent_free: release ptr-libevent@0x55ebb7f464a8 | libevent_free: release ptr-libevent@0x55ebb7f46468 | libevent_free: release ptr-libevent@0x55ebb7f463e8 | libevent_free: release ptr-libevent@0x55ebb7f465b8 | libevent_free: release ptr-libevent@0x55ebb7f462b8 | libevent_free: release ptr-libevent@0x55ebb7ea4908 | libevent_free: release ptr-libevent@0x55ebb7ea4d38 | libevent_free: release ptr-libevent@0x55ebb7ecdce8 | releasing global libevent data | libevent_free: release ptr-libevent@0x55ebb7ea4ba8 | libevent_free: release ptr-libevent@0x55ebb7ea4cd8 | libevent_free: release ptr-libevent@0x55ebb7ea4dd8 leak detective found no leaks