FIPS Product: YES FIPS Kernel: NO FIPS Mode: NO NSS DB directory: sql:/etc/ipsec.d Initializing NSS Opening NSS database "sql:/etc/ipsec.d" read-only NSS initialized NSS crypto library initialized FIPS HMAC integrity support [enabled] FIPS mode disabled for pluto daemon FIPS HMAC integrity verification self-test FAILED libcap-ng support [enabled] Linux audit support [enabled] Linux audit activated Starting Pluto (Libreswan Version v3.28-685-gbfd5aef521-master-s2 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:10042 core dump dir: /run/pluto secrets file: /etc/ipsec.secrets leak-detective enabled NSS crypto [enabled] XAUTH PAM support [enabled] | libevent is using pluto's memory allocator Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800) | libevent_malloc: new ptr-libevent@0x5621c878f748 size 40 | libevent_malloc: new ptr-libevent@0x5621c878f6c8 size 40 | libevent_malloc: new ptr-libevent@0x5621c878f648 size 40 | creating event base | libevent_malloc: new ptr-libevent@0x5621c8781278 size 56 | libevent_malloc: new ptr-libevent@0x5621c870ae18 size 664 | libevent_malloc: new ptr-libevent@0x5621c87c9d68 size 24 | libevent_malloc: new ptr-libevent@0x5621c87c9db8 size 384 | libevent_malloc: new ptr-libevent@0x5621c87c9d28 size 16 | libevent_malloc: new ptr-libevent@0x5621c878f5c8 size 40 | libevent_malloc: new ptr-libevent@0x5621c878f548 size 48 | libevent_realloc: new ptr-libevent@0x5621c870aaa8 size 256 | libevent_malloc: new ptr-libevent@0x5621c87c9f68 size 16 | libevent_free: release ptr-libevent@0x5621c8781278 | libevent initialized | libevent_realloc: new ptr-libevent@0x5621c8781278 size 64 | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds | init_nat_traversal() initialized with keep_alive=0s NAT-Traversal support [enabled] | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized | global one-shot timer EVENT_FREE_ROOT_CERTS initialized | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds | global one-shot timer EVENT_REVIVE_CONNS initialized | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds Encryption algorithms: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm, aes_ccm_c AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_b AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_a 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] 3des CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128} CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} camellia AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm, aes_gcm_c AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_b AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_a AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aesctr AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aes SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} serpent TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} twofish TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} twofish_cbc_ssh NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_gmac NULL IKEv1: ESP IKEv2: ESP [] CHACHA20_POLY1305 IKEv1: IKEv2: IKE ESP [*256] chacha20poly1305 Hash algorithms: MD5 IKEv1: IKE IKEv2: SHA1 IKEv1: IKE IKEv2: FIPS sha SHA2_256 IKEv1: IKE IKEv2: FIPS sha2, sha256 SHA2_384 IKEv1: IKE IKEv2: FIPS sha384 SHA2_512 IKEv1: IKE IKEv2: FIPS sha512 PRF algorithms: HMAC_MD5 IKEv1: IKE IKEv2: IKE md5 HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS sha, sha1 HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS sha2, sha256, sha2_256 HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS sha384, sha2_384 HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS sha512, sha2_512 AES_XCBC IKEv1: IKEv2: IKE aes128_xcbc Integrity algorithms: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH md5, hmac_md5 HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha, sha1, sha1_96, hmac_sha1 HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha512, sha2_512, sha2_512_256, hmac_sha2_512 HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha384, sha2_384, sha2_384_192, hmac_sha2_384 HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH aes_xcbc, aes128_xcbc, aes128_xcbc_96 AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac NONE IKEv1: ESP IKEv2: IKE ESP FIPS null DH algorithms: NONE IKEv1: IKEv2: IKE ESP AH FIPS null, dh0 MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh5 MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh14 MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh15 MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh16 MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh17 MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh18 DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_256, ecp256 DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_384, ecp384 DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_521, ecp521 DH31 IKEv1: IKE IKEv2: IKE ESP AH curve25519 testing CAMELLIA_CBC: Camellia: 16 bytes with 128-bit key Camellia: 16 bytes with 128-bit key Camellia: 16 bytes with 256-bit key Camellia: 16 bytes with 256-bit key testing AES_GCM_16: empty string one block two blocks two blocks with associated data testing AES_CTR: Encrypting 16 octets using AES-CTR with 128-bit key Encrypting 32 octets using AES-CTR with 128-bit key Encrypting 36 octets using AES-CTR with 128-bit key Encrypting 16 octets using AES-CTR with 192-bit key Encrypting 32 octets using AES-CTR with 192-bit key Encrypting 36 octets using AES-CTR with 192-bit key Encrypting 16 octets using AES-CTR with 256-bit key Encrypting 32 octets using AES-CTR with 256-bit key Encrypting 36 octets using AES-CTR with 256-bit key testing AES_CBC: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key testing AES_XCBC: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) testing HMAC_MD5: RFC 2104: MD5_HMAC test 1 RFC 2104: MD5_HMAC test 2 RFC 2104: MD5_HMAC test 3 8 CPU cores online starting up 7 crypto helpers started thread for crypto helper 0 | starting up helper thread 0 | status value returned by setting the priority of this thread (crypto helper 0) 22 | crypto helper 0 waiting (nothing to do) started thread for crypto helper 1 started thread for crypto helper 2 started thread for crypto helper 3 | starting up helper thread 3 | starting up helper thread 1 | starting up helper thread 2 started thread for crypto helper 4 | status value returned by setting the priority of this thread (crypto helper 2) 22 | status value returned by setting the priority of this thread (crypto helper 3) 22 started thread for crypto helper 5 started thread for crypto helper 6 | starting up helper thread 6 | checking IKEv1 state table | status value returned by setting the priority of this thread (crypto helper 6) 22 | starting up helper thread 5 | MAIN_R0: category: half-open IKE SA flags: 0: | -> MAIN_R1 EVENT_SO_DISCARD | crypto helper 2 waiting (nothing to do) | starting up helper thread 4 | crypto helper 3 waiting (nothing to do) | MAIN_I1: category: half-open IKE SA flags: 0: | status value returned by setting the priority of this thread (crypto helper 4) 22 | status value returned by setting the priority of this thread (crypto helper 5) 22 | status value returned by setting the priority of this thread (crypto helper 1) 22 | crypto helper 6 waiting (nothing to do) | -> MAIN_I2 EVENT_RETRANSMIT | MAIN_R1: category: open IKE SA flags: 200: | -> MAIN_R2 EVENT_RETRANSMIT | crypto helper 4 waiting (nothing to do) | -> UNDEFINED EVENT_RETRANSMIT | -> UNDEFINED EVENT_RETRANSMIT | crypto helper 5 waiting (nothing to do) | MAIN_I2: category: open IKE SA flags: 0: | -> MAIN_I3 EVENT_RETRANSMIT | -> UNDEFINED EVENT_RETRANSMIT | -> UNDEFINED EVENT_RETRANSMIT | crypto helper 1 waiting (nothing to do) | MAIN_R2: category: open IKE SA flags: 0: | -> MAIN_R3 EVENT_SA_REPLACE | -> MAIN_R3 EVENT_SA_REPLACE | -> UNDEFINED EVENT_SA_REPLACE | MAIN_I3: category: open IKE SA flags: 0: | -> MAIN_I4 EVENT_SA_REPLACE | -> MAIN_I4 EVENT_SA_REPLACE | -> UNDEFINED EVENT_SA_REPLACE | MAIN_R3: category: established IKE SA flags: 200: | -> UNDEFINED EVENT_NULL | MAIN_I4: category: established IKE SA flags: 0: | -> UNDEFINED EVENT_NULL | AGGR_R0: category: half-open IKE SA flags: 0: | -> AGGR_R1 EVENT_SO_DISCARD | AGGR_I1: category: half-open IKE SA flags: 0: | -> AGGR_I2 EVENT_SA_REPLACE | -> AGGR_I2 EVENT_SA_REPLACE | AGGR_R1: category: open IKE SA flags: 200: | -> AGGR_R2 EVENT_SA_REPLACE | -> AGGR_R2 EVENT_SA_REPLACE | AGGR_I2: category: established IKE SA flags: 200: | -> UNDEFINED EVENT_NULL | AGGR_R2: category: established IKE SA flags: 0: | -> UNDEFINED EVENT_NULL | QUICK_R0: category: established CHILD SA flags: 0: | -> QUICK_R1 EVENT_RETRANSMIT | QUICK_I1: category: established CHILD SA flags: 0: | -> QUICK_I2 EVENT_SA_REPLACE | QUICK_R1: category: established CHILD SA flags: 0: | -> QUICK_R2 EVENT_SA_REPLACE | QUICK_I2: category: established CHILD SA flags: 200: | -> UNDEFINED EVENT_NULL | QUICK_R2: category: established CHILD SA flags: 0: | -> UNDEFINED EVENT_NULL | INFO: category: informational flags: 0: | -> UNDEFINED EVENT_NULL | INFO_PROTECTED: category: informational flags: 0: | -> UNDEFINED EVENT_NULL | XAUTH_R0: category: established IKE SA flags: 0: | -> XAUTH_R1 EVENT_NULL | XAUTH_R1: category: established IKE SA flags: 0: | -> MAIN_R3 EVENT_SA_REPLACE | MODE_CFG_R0: category: informational flags: 0: | -> MODE_CFG_R1 EVENT_SA_REPLACE | MODE_CFG_R1: category: established IKE SA flags: 0: | -> MODE_CFG_R2 EVENT_SA_REPLACE | MODE_CFG_R2: category: established IKE SA flags: 0: | -> UNDEFINED EVENT_NULL | MODE_CFG_I1: category: established IKE SA flags: 0: | -> MAIN_I4 EVENT_SA_REPLACE | XAUTH_I0: category: established IKE SA flags: 0: | -> XAUTH_I1 EVENT_RETRANSMIT | XAUTH_I1: category: established IKE SA flags: 0: | -> MAIN_I4 EVENT_RETRANSMIT | checking IKEv2 state table | PARENT_I0: category: ignore flags: 0: | -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT) | PARENT_I1: category: half-open IKE SA flags: 0: | -> PARENT_I1 EVENT_RETAIN send-request (Initiator: process SA_INIT reply notification) | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH) | PARENT_I2: category: open IKE SA flags: 0: | -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification) | -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification) | -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification) | -> V2_IPSEC_I EVENT_SA_REPLACE (Initiator: process IKE_AUTH response) | -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification) | PARENT_I3: category: established IKE SA flags: 0: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Request) | -> PARENT_I3 EVENT_RETAIN (I3: Informational Response) | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Request) | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Response) | PARENT_R0: category: half-open IKE SA flags: 0: | -> PARENT_R1 EVENT_SO_DISCARD send-request (Respond to IKE_SA_INIT) | PARENT_R1: category: half-open IKE SA flags: 0: | -> PARENT_R1 EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request (no SKEYSEED)) | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request) | PARENT_R2: category: established IKE SA flags: 0: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Request) | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Response) | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Request) | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Response) | V2_CREATE_I0: category: established IKE SA flags: 0: | -> V2_CREATE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA) | V2_CREATE_I: category: established IKE SA flags: 0: | -> V2_IPSEC_I EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response) | V2_REKEY_IKE_I0: category: established IKE SA flags: 0: | -> V2_REKEY_IKE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey) | V2_REKEY_IKE_I: category: established IKE SA flags: 0: | -> PARENT_I3 EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response) | V2_REKEY_CHILD_I0: category: established IKE SA flags: 0: | -> V2_REKEY_CHILD_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA) | V2_REKEY_CHILD_I: category: established IKE SA flags: 0: | V2_CREATE_R: category: established IKE SA flags: 0: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IPsec SA Request) | V2_REKEY_IKE_R: category: established IKE SA flags: 0: | -> PARENT_R2 EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IKE Rekey) | V2_REKEY_CHILD_R: category: established IKE SA flags: 0: | V2_IPSEC_I: category: established CHILD SA flags: 0: | V2_IPSEC_R: category: established CHILD SA flags: 0: | IKESA_DEL: category: established IKE SA flags: 0: | -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) | CHILDSA_DEL: category: informational flags: 0: Using Linux XFRM/NETKEY IPsec interface code on 5.1.18-200.fc29.x86_64 | Hard-wiring algorithms | adding AES_CCM_16 to kernel algorithm db | adding AES_CCM_12 to kernel algorithm db | adding AES_CCM_8 to kernel algorithm db | adding 3DES_CBC to kernel algorithm db | adding CAMELLIA_CBC to kernel algorithm db | adding AES_GCM_16 to kernel algorithm db | adding AES_GCM_12 to kernel algorithm db | adding AES_GCM_8 to kernel algorithm db | adding AES_CTR to kernel algorithm db | adding AES_CBC to kernel algorithm db | adding SERPENT_CBC to kernel algorithm db | adding TWOFISH_CBC to kernel algorithm db | adding NULL_AUTH_AES_GMAC to kernel algorithm db | adding NULL to kernel algorithm db | adding CHACHA20_POLY1305 to kernel algorithm db | adding HMAC_MD5_96 to kernel algorithm db | adding HMAC_SHA1_96 to kernel algorithm db | adding HMAC_SHA2_512_256 to kernel algorithm db | adding HMAC_SHA2_384_192 to kernel algorithm db | adding HMAC_SHA2_256_128 to kernel algorithm db | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db | adding AES_XCBC_96 to kernel algorithm db | adding AES_CMAC_96 to kernel algorithm db | adding NONE to kernel algorithm db | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds | setup kernel fd callback | add_fd_read_event_handler: new KERNEL_XRM_FD-pe@0x5621c8789468 | libevent_malloc: new ptr-libevent@0x5621c87c84d8 size 128 | libevent_malloc: new ptr-libevent@0x5621c87cf568 size 16 | add_fd_read_event_handler: new KERNEL_ROUTE_FD-pe@0x5621c87cf4f8 | libevent_malloc: new ptr-libevent@0x5621c8781f28 size 128 | libevent_malloc: new ptr-libevent@0x5621c87cf1c8 size 16 | global one-shot timer EVENT_CHECK_CRLS initialized selinux support is enabled. | unbound context created - setting debug level to 5 | /etc/hosts lookups activated | /etc/resolv.conf usage activated | outgoing-port-avoid set 0-65535 | outgoing-port-permit set 32768-60999 | Loading dnssec root key from:/var/lib/unbound/root.key | No additional dnssec trust anchors defined via dnssec-trusted= option | Setting up events, loop start | add_fd_read_event_handler: new PLUTO_CTL_FD-pe@0x5621c87cf998 | libevent_malloc: new ptr-libevent@0x5621c87db878 size 128 | libevent_malloc: new ptr-libevent@0x5621c87e6b68 size 16 | libevent_realloc: new ptr-libevent@0x5621c87e6ba8 size 256 | libevent_malloc: new ptr-libevent@0x5621c87e6cd8 size 8 | libevent_realloc: new ptr-libevent@0x5621c87e6d18 size 144 | libevent_malloc: new ptr-libevent@0x5621c878da38 size 152 | libevent_malloc: new ptr-libevent@0x5621c87e6dd8 size 16 | signal event handler PLUTO_SIGCHLD installed | libevent_malloc: new ptr-libevent@0x5621c87e6e18 size 8 | libevent_malloc: new ptr-libevent@0x5621c870b788 size 152 | signal event handler PLUTO_SIGTERM installed | libevent_malloc: new ptr-libevent@0x5621c87e6e58 size 8 | libevent_malloc: new ptr-libevent@0x5621c87e6e98 size 152 | signal event handler PLUTO_SIGHUP installed | libevent_malloc: new ptr-libevent@0x5621c87e6f68 size 8 | libevent_realloc: release ptr-libevent@0x5621c87e6d18 | libevent_realloc: new ptr-libevent@0x5621c87e6fa8 size 256 | libevent_malloc: new ptr-libevent@0x5621c87e70d8 size 152 | signal event handler PLUTO_SIGSYS installed | created addconn helper (pid:10105) using fork+execve | forked child 10105 | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) listening for IKE messages | Inspecting interface lo | found lo with address 127.0.0.1 | Inspecting interface eth0 | found eth0 with address 192.0.1.254 | Inspecting interface eth1 | found eth1 with address 192.1.2.45 Kernel supports NIC esp-hw-offload adding interface eth1/eth1 (esp-hw-offload not supported by kernel) 192.1.2.45:500 | NAT-Traversal: Trying sockopt style NAT-T | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 adding interface eth1/eth1 192.1.2.45:4500 adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.0.1.254:500 | NAT-Traversal: Trying sockopt style NAT-T | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 adding interface eth0/eth0 192.0.1.254:4500 adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500 | NAT-Traversal: Trying sockopt style NAT-T | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 adding interface lo/lo 127.0.0.1:4500 | no interfaces to sort | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations | add_fd_read_event_handler: new ethX-pe@0x5621c87e76b8 | libevent_malloc: new ptr-libevent@0x5621c87db7c8 size 128 | libevent_malloc: new ptr-libevent@0x5621c87e7728 size 16 | setup callback for interface lo 127.0.0.1:4500 fd 22 | add_fd_read_event_handler: new ethX-pe@0x5621c87e7768 | libevent_malloc: new ptr-libevent@0x5621c8781fd8 size 128 | libevent_malloc: new ptr-libevent@0x5621c87e77d8 size 16 | setup callback for interface lo 127.0.0.1:500 fd 21 | add_fd_read_event_handler: new ethX-pe@0x5621c87e7818 | libevent_malloc: new ptr-libevent@0x5621c87818f8 size 128 | libevent_malloc: new ptr-libevent@0x5621c87e7888 size 16 | setup callback for interface eth0 192.0.1.254:4500 fd 20 | add_fd_read_event_handler: new ethX-pe@0x5621c87e78c8 | libevent_malloc: new ptr-libevent@0x5621c87891b8 size 128 | libevent_malloc: new ptr-libevent@0x5621c87e7938 size 16 | setup callback for interface eth0 192.0.1.254:500 fd 19 | add_fd_read_event_handler: new ethX-pe@0x5621c87e7978 | libevent_malloc: new ptr-libevent@0x5621c87892b8 size 128 | libevent_malloc: new ptr-libevent@0x5621c87e79e8 size 16 | setup callback for interface eth1 192.1.2.45:4500 fd 18 | add_fd_read_event_handler: new ethX-pe@0x5621c87e7a28 | libevent_malloc: new ptr-libevent@0x5621c87893b8 size 128 | libevent_malloc: new ptr-libevent@0x5621c87e7a98 size 16 | setup callback for interface eth1 192.1.2.45:500 fd 17 | certs and keys locked by 'free_preshared_secrets' | certs and keys unlocked by 'free_preshared_secrets' loading secrets from "/etc/ipsec.secrets" | saving Modulus | saving PublicExponent | ignoring PrivateExponent | ignoring Prime1 | ignoring Prime2 | ignoring Exponent1 | ignoring Exponent2 | ignoring Coefficient | ignoring CKAIDNSS | computed rsa CKAID b4 9f 1a ac 9e 45 6e 79 29 c8 81 97 3a 0c 6a d3 | computed rsa CKAID 7f 0f 03 50 loaded private key for keyid: PKK_RSA:AQOm9dY/4 | certs and keys locked by 'process_secret' | certs and keys unlocked by 'process_secret' | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.992 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) listening for IKE messages | Inspecting interface lo | found lo with address 127.0.0.1 | Inspecting interface eth0 | found eth0 with address 192.0.1.254 | Inspecting interface eth1 | found eth1 with address 192.1.2.45 | no interfaces to sort | libevent_free: release ptr-libevent@0x5621c87db7c8 | free_event_entry: release EVENT_NULL-pe@0x5621c87e76b8 | add_fd_read_event_handler: new ethX-pe@0x5621c87e76b8 | libevent_malloc: new ptr-libevent@0x5621c87db7c8 size 128 | setup callback for interface lo 127.0.0.1:4500 fd 22 | libevent_free: release ptr-libevent@0x5621c8781fd8 | free_event_entry: release EVENT_NULL-pe@0x5621c87e7768 | add_fd_read_event_handler: new ethX-pe@0x5621c87e7768 | libevent_malloc: new ptr-libevent@0x5621c8781fd8 size 128 | setup callback for interface lo 127.0.0.1:500 fd 21 | libevent_free: release ptr-libevent@0x5621c87818f8 | free_event_entry: release EVENT_NULL-pe@0x5621c87e7818 | add_fd_read_event_handler: new ethX-pe@0x5621c87e7818 | libevent_malloc: new ptr-libevent@0x5621c87818f8 size 128 | setup callback for interface eth0 192.0.1.254:4500 fd 20 | libevent_free: release ptr-libevent@0x5621c87891b8 | free_event_entry: release EVENT_NULL-pe@0x5621c87e78c8 | add_fd_read_event_handler: new ethX-pe@0x5621c87e78c8 | libevent_malloc: new ptr-libevent@0x5621c87891b8 size 128 | setup callback for interface eth0 192.0.1.254:500 fd 19 | libevent_free: release ptr-libevent@0x5621c87892b8 | free_event_entry: release EVENT_NULL-pe@0x5621c87e7978 | add_fd_read_event_handler: new ethX-pe@0x5621c87e7978 | libevent_malloc: new ptr-libevent@0x5621c87892b8 size 128 | setup callback for interface eth1 192.1.2.45:4500 fd 18 | libevent_free: release ptr-libevent@0x5621c87893b8 | free_event_entry: release EVENT_NULL-pe@0x5621c87e7a28 | add_fd_read_event_handler: new ethX-pe@0x5621c87e7a28 | libevent_malloc: new ptr-libevent@0x5621c87893b8 size 128 | setup callback for interface eth1 192.1.2.45:500 fd 17 | certs and keys locked by 'free_preshared_secrets' forgetting secrets | certs and keys unlocked by 'free_preshared_secrets' loading secrets from "/etc/ipsec.secrets" | saving Modulus | saving PublicExponent | ignoring PrivateExponent | ignoring Prime1 | ignoring Prime2 | ignoring Exponent1 | ignoring Exponent2 | ignoring Coefficient | ignoring CKAIDNSS | computed rsa CKAID b4 9f 1a ac 9e 45 6e 79 29 c8 81 97 3a 0c 6a d3 | computed rsa CKAID 7f 0f 03 50 loaded private key for keyid: PKK_RSA:AQOm9dY/4 | certs and keys locked by 'process_secret' | certs and keys unlocked by 'process_secret' | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.254 milliseconds in whack | processing signal PLUTO_SIGCHLD | waitpid returned pid 10105 (exited with status 0) | reaped addconn helper child (status 0) | waitpid returned ECHILD (no child processes left) | spent 0.0144 milliseconds in signal handler PLUTO_SIGCHLD | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | Added new connection nss-cert-chain with policy ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | No AUTH policy was set - defaulting to RSASIG | setting ID to ID_DER_ASN1_DN: 'E=west_chain_endcert@testing.libreswan.org,CN=west_chain_endcert.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' | loading left certificate 'west_chain_endcert' pubkey | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x5621c87e9b68 | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x5621c87e9b18 | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x5621c87e9ac8 | unreference key: 0x5621c87e9c68 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west_chain_endcert.testing.libreswan.org, E=west_chain_endcert@testing.libreswan.org cnt 1-- | certs and keys locked by 'lsw_add_rsa_secret' | certs and keys unlocked by 'lsw_add_rsa_secret' | counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west_chain_endcert.testing.libreswan.org, E=west_chain_endcert@testing.libreswan.org is 0 | counting wild cards for %fromcert is 0 | connect_to_host_pair: 192.1.2.45:500 192.1.2.23:500 -> hp@(nil): none | new hp@0x5621c87ed638 added connection description "nss-cert-chain" | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | 192.0.1.254/32===192.1.2.45<192.1.2.45>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west_chain_endcert.testing.libreswan.org, E=west_chain_endcert@testing.libreswan.org]...192.1.2.23<192.1.2.23>[%fromcert]===192.0.2.254/32 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 1.09 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | FOR_EACH_CONNECTION_... in show_connections_status | FOR_EACH_CONNECTION_... in show_connections_status | FOR_EACH_STATE_... in show_states_status (sort_states) | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.798 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | old debugging base+cpu-usage + none | base debugging = base+cpu-usage | old impairing none + suppress-retransmits | base impairing = suppress-retransmits | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.195 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | dup_any(fd@16) -> fd@23 (in whack_process() at rcv_whack.c:590) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "nss-cert-chain" (in initiate_a_connection() at initiate.c:186) | empty esp_info, returning defaults for ENCRYPT | connection 'nss-cert-chain' +POLICY_UP | dup_any(fd@23) -> fd@24 (in initiate_a_connection() at initiate.c:342) | FOR_EACH_STATE_... in find_phase1_state | creating state object #1 at 0x5621c87edc08 | State DB: adding IKEv1 state #1 in UNDEFINED | pstats #1 ikev1.isakmp started | suspend processing: connection "nss-cert-chain" (in main_outI1() at ikev1_main.c:118) | start processing: state #1 connection "nss-cert-chain" from 192.1.2.23 (in main_outI1() at ikev1_main.c:118) | parent state #1: UNDEFINED(ignore) => MAIN_I1(half-open IKE SA) | dup_any(fd@24) -> fd@25 (in main_outI1() at ikev1_main.c:123) | Queuing pending IPsec SA negotiating with 192.1.2.23 "nss-cert-chain" IKE SA #1 "nss-cert-chain" "nss-cert-chain" #1: initiating Main Mode | **emit ISAKMP Message: | initiator cookie: | 80 d4 1f 09 81 82 24 5a | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_SA (0x1) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | next payload chain: ignoring supplied 'ISAKMP Message'.'next payload type' value 1:ISAKMP_NEXT_SA | no specific IKE algorithms specified - using defaults | oakley_alg_makedb() processing ealg=aes=7 halg=sha2_256=4 modp=MODP2048=14 eklen=0 | oakley_alg_makedb() processing ealg=aes=7 halg=sha2_512=6 modp=MODP2048=14 eklen=0 | oakley_alg_makedb() processing ealg=aes=7 halg=sha=2 modp=MODP2048=14 eklen=0 | oakley_alg_makedb() processing ealg=aes=7 halg=sha2_256=4 modp=MODP1536=5 eklen=0 | oakley_alg_makedb() processing ealg=aes=7 halg=sha2_512=6 modp=MODP1536=5 eklen=0 | oakley_alg_makedb() processing ealg=aes=7 halg=sha=2 modp=MODP1536=5 eklen=0 | oakley_alg_makedb() processing ealg=3des_cbc=5 halg=sha2_256=4 modp=MODP2048=14 eklen=0 | oakley_alg_makedb() processing ealg=3des_cbc=5 halg=sha2_512=6 modp=MODP2048=14 eklen=0 | oakley_alg_makedb() processing ealg=3des_cbc=5 halg=sha=2 modp=MODP2048=14 eklen=0 | oakley_alg_makedb() processing ealg=3des_cbc=5 halg=sha2_256=4 modp=MODP1536=5 eklen=0 | oakley_alg_makedb() processing ealg=3des_cbc=5 halg=sha2_512=6 modp=MODP1536=5 eklen=0 | oakley_alg_makedb() processing ealg=3des_cbc=5 halg=sha=2 modp=MODP1536=5 eklen=0 | oakley_alg_makedb() returning 0x5621c87efd28 | ***emit ISAKMP Security Association Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | DOI: ISAKMP_DOI_IPSEC (0x1) | next payload chain: ignoring supplied 'ISAKMP Security Association Payload'.'next payload type' value 13:ISAKMP_NEXT_VID | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Security Association Payload (1:ISAKMP_NEXT_SA) | next payload chain: saving location 'ISAKMP Security Association Payload'.'next payload type' in 'reply packet' | ****emit IPsec DOI SIT: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) | ikev1_out_sa pcn: 0 has 1 valid proposals | ikev1_out_sa pcn: 0 pn: 0<1 valid_count: 1 trans_cnt: 18 | ****emit ISAKMP Proposal Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | proposal number: 0 (0x0) | protocol ID: PROTO_ISAKMP (0x1) | SPI size: 0 (0x0) | number of transforms: 18 (0x12) | last substructure: saving location 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 0 (0x0) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | [7 is OAKLEY_AES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 4 (0x4) | [4 is OAKLEY_SHA2_256] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 3 (0x3) | [3 is OAKLEY_RSA_SIG] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | emitting length of ISAKMP Transform Payload (ISAKMP): 36 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 1 (0x1) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | [7 is OAKLEY_AES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 4 (0x4) | [4 is OAKLEY_SHA2_256] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 3 (0x3) | [3 is OAKLEY_RSA_SIG] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of ISAKMP Transform Payload (ISAKMP): 36 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 2 (0x2) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | [7 is OAKLEY_AES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 6 (0x6) | [6 is OAKLEY_SHA2_512] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 3 (0x3) | [3 is OAKLEY_RSA_SIG] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | emitting length of ISAKMP Transform Payload (ISAKMP): 36 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 3 (0x3) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | [7 is OAKLEY_AES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 6 (0x6) | [6 is OAKLEY_SHA2_512] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 3 (0x3) | [3 is OAKLEY_RSA_SIG] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of ISAKMP Transform Payload (ISAKMP): 36 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 4 (0x4) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | [7 is OAKLEY_AES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 2 (0x2) | [2 is OAKLEY_SHA1] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 3 (0x3) | [3 is OAKLEY_RSA_SIG] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | emitting length of ISAKMP Transform Payload (ISAKMP): 36 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 5 (0x5) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | [7 is OAKLEY_AES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 2 (0x2) | [2 is OAKLEY_SHA1] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 3 (0x3) | [3 is OAKLEY_RSA_SIG] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of ISAKMP Transform Payload (ISAKMP): 36 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 6 (0x6) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | [7 is OAKLEY_AES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 4 (0x4) | [4 is OAKLEY_SHA2_256] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 3 (0x3) | [3 is OAKLEY_RSA_SIG] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 5 (0x5) | [5 is OAKLEY_GROUP_MODP1536] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | emitting length of ISAKMP Transform Payload (ISAKMP): 36 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 7 (0x7) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | [7 is OAKLEY_AES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 4 (0x4) | [4 is OAKLEY_SHA2_256] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 3 (0x3) | [3 is OAKLEY_RSA_SIG] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 5 (0x5) | [5 is OAKLEY_GROUP_MODP1536] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of ISAKMP Transform Payload (ISAKMP): 36 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 8 (0x8) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | [7 is OAKLEY_AES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 6 (0x6) | [6 is OAKLEY_SHA2_512] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 3 (0x3) | [3 is OAKLEY_RSA_SIG] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 5 (0x5) | [5 is OAKLEY_GROUP_MODP1536] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | emitting length of ISAKMP Transform Payload (ISAKMP): 36 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 9 (0x9) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | [7 is OAKLEY_AES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 6 (0x6) | [6 is OAKLEY_SHA2_512] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 3 (0x3) | [3 is OAKLEY_RSA_SIG] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 5 (0x5) | [5 is OAKLEY_GROUP_MODP1536] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of ISAKMP Transform Payload (ISAKMP): 36 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 10 (0xa) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | [7 is OAKLEY_AES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 2 (0x2) | [2 is OAKLEY_SHA1] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 3 (0x3) | [3 is OAKLEY_RSA_SIG] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 5 (0x5) | [5 is OAKLEY_GROUP_MODP1536] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | emitting length of ISAKMP Transform Payload (ISAKMP): 36 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 11 (0xb) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | [7 is OAKLEY_AES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 2 (0x2) | [2 is OAKLEY_SHA1] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 3 (0x3) | [3 is OAKLEY_RSA_SIG] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 5 (0x5) | [5 is OAKLEY_GROUP_MODP1536] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of ISAKMP Transform Payload (ISAKMP): 36 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 12 (0xc) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 5 (0x5) | [5 is OAKLEY_3DES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 4 (0x4) | [4 is OAKLEY_SHA2_256] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 3 (0x3) | [3 is OAKLEY_RSA_SIG] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | emitting length of ISAKMP Transform Payload (ISAKMP): 32 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 13 (0xd) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 5 (0x5) | [5 is OAKLEY_3DES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 6 (0x6) | [6 is OAKLEY_SHA2_512] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 3 (0x3) | [3 is OAKLEY_RSA_SIG] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | emitting length of ISAKMP Transform Payload (ISAKMP): 32 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 14 (0xe) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 5 (0x5) | [5 is OAKLEY_3DES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 2 (0x2) | [2 is OAKLEY_SHA1] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 3 (0x3) | [3 is OAKLEY_RSA_SIG] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | emitting length of ISAKMP Transform Payload (ISAKMP): 32 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 15 (0xf) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 5 (0x5) | [5 is OAKLEY_3DES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 4 (0x4) | [4 is OAKLEY_SHA2_256] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 3 (0x3) | [3 is OAKLEY_RSA_SIG] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 5 (0x5) | [5 is OAKLEY_GROUP_MODP1536] | emitting length of ISAKMP Transform Payload (ISAKMP): 32 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 16 (0x10) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 5 (0x5) | [5 is OAKLEY_3DES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 6 (0x6) | [6 is OAKLEY_SHA2_512] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 3 (0x3) | [3 is OAKLEY_RSA_SIG] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 5 (0x5) | [5 is OAKLEY_GROUP_MODP1536] | emitting length of ISAKMP Transform Payload (ISAKMP): 32 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP transform number: 17 (0x11) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 5 (0x5) | [5 is OAKLEY_3DES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 2 (0x2) | [2 is OAKLEY_SHA1] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 3 (0x3) | [3 is OAKLEY_RSA_SIG] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 5 (0x5) | [5 is OAKLEY_GROUP_MODP1536] | emitting length of ISAKMP Transform Payload (ISAKMP): 32 | emitting length of ISAKMP Proposal Payload: 632 | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is 0 | emitting length of ISAKMP Security Association Payload: 644 | last substructure: checking 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' is 0 | out_vid(): sending [FRAGMENTATION] | ***emit ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | next payload chain: ignoring supplied 'ISAKMP Vendor ID Payload'.'next payload type' value 13:ISAKMP_NEXT_VID | next payload chain: setting previous 'ISAKMP Security Association Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload | V_ID 40 48 b7 d5 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3 | emitting length of ISAKMP Vendor ID Payload: 20 | out_vid(): sending [Dead Peer Detection] | ***emit ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload | V_ID af ca d7 13 68 a1 f1 c9 6b 86 96 fc 77 57 01 00 | emitting length of ISAKMP Vendor ID Payload: 20 | nat add vid | sending draft and RFC NATT VIDs | out_vid(): sending [RFC 3947] | ***emit ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | next payload chain: ignoring supplied 'ISAKMP Vendor ID Payload'.'next payload type' value 13:ISAKMP_NEXT_VID | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload | V_ID 4a 13 1c 81 07 03 58 45 5c 57 28 f2 0e 95 45 2f | emitting length of ISAKMP Vendor ID Payload: 20 | skipping VID_NATT_RFC | out_vid(): sending [draft-ietf-ipsec-nat-t-ike-03] | ***emit ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | next payload chain: ignoring supplied 'ISAKMP Vendor ID Payload'.'next payload type' value 13:ISAKMP_NEXT_VID | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload | V_ID 7d 94 19 a6 53 10 ca 6f 2c 17 9d 92 15 52 9d 56 | emitting length of ISAKMP Vendor ID Payload: 20 | out_vid(): sending [draft-ietf-ipsec-nat-t-ike-02_n] | ***emit ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | next payload chain: ignoring supplied 'ISAKMP Vendor ID Payload'.'next payload type' value 13:ISAKMP_NEXT_VID | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload | V_ID 90 cb 80 91 3e bb 69 6e 08 63 81 b5 ec 42 7b 1f | emitting length of ISAKMP Vendor ID Payload: 20 | out_vid(): sending [draft-ietf-ipsec-nat-t-ike-02] | ***emit ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload | V_ID cd 60 46 43 35 df 21 f8 7c fd b2 fc 68 b6 a4 48 | emitting length of ISAKMP Vendor ID Payload: 20 | no IKEv1 message padding required | emitting length of ISAKMP Message: 792 | sending 792 bytes for reply packet for main_outI1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1) | 80 d4 1f 09 81 82 24 5a 00 00 00 00 00 00 00 00 | 01 10 02 00 00 00 00 00 00 00 03 18 0d 00 02 84 | 00 00 00 01 00 00 00 01 00 00 02 78 00 01 00 12 | 03 00 00 24 00 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 07 80 02 00 04 80 03 00 03 80 04 00 0e | 80 0e 01 00 03 00 00 24 01 01 00 00 80 0b 00 01 | 80 0c 0e 10 80 01 00 07 80 02 00 04 80 03 00 03 | 80 04 00 0e 80 0e 00 80 03 00 00 24 02 01 00 00 | 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 06 | 80 03 00 03 80 04 00 0e 80 0e 01 00 03 00 00 24 | 03 01 00 00 80 0b 00 01 80 0c 0e 10 80 01 00 07 | 80 02 00 06 80 03 00 03 80 04 00 0e 80 0e 00 80 | 03 00 00 24 04 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 07 80 02 00 02 80 03 00 03 80 04 00 0e | 80 0e 01 00 03 00 00 24 05 01 00 00 80 0b 00 01 | 80 0c 0e 10 80 01 00 07 80 02 00 02 80 03 00 03 | 80 04 00 0e 80 0e 00 80 03 00 00 24 06 01 00 00 | 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 04 | 80 03 00 03 80 04 00 05 80 0e 01 00 03 00 00 24 | 07 01 00 00 80 0b 00 01 80 0c 0e 10 80 01 00 07 | 80 02 00 04 80 03 00 03 80 04 00 05 80 0e 00 80 | 03 00 00 24 08 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 07 80 02 00 06 80 03 00 03 80 04 00 05 | 80 0e 01 00 03 00 00 24 09 01 00 00 80 0b 00 01 | 80 0c 0e 10 80 01 00 07 80 02 00 06 80 03 00 03 | 80 04 00 05 80 0e 00 80 03 00 00 24 0a 01 00 00 | 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 02 | 80 03 00 03 80 04 00 05 80 0e 01 00 03 00 00 24 | 0b 01 00 00 80 0b 00 01 80 0c 0e 10 80 01 00 07 | 80 02 00 02 80 03 00 03 80 04 00 05 80 0e 00 80 | 03 00 00 20 0c 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 05 80 02 00 04 80 03 00 03 80 04 00 0e | 03 00 00 20 0d 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 05 80 02 00 06 80 03 00 03 80 04 00 0e | 03 00 00 20 0e 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 05 80 02 00 02 80 03 00 03 80 04 00 0e | 03 00 00 20 0f 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 05 80 02 00 04 80 03 00 03 80 04 00 05 | 03 00 00 20 10 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 05 80 02 00 06 80 03 00 03 80 04 00 05 | 00 00 00 20 11 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 05 80 02 00 02 80 03 00 03 80 04 00 05 | 0d 00 00 14 40 48 b7 d5 6e bc e8 85 25 e7 de 7f | 00 d6 c2 d3 0d 00 00 14 af ca d7 13 68 a1 f1 c9 | 6b 86 96 fc 77 57 01 00 0d 00 00 14 4a 13 1c 81 | 07 03 58 45 5c 57 28 f2 0e 95 45 2f 0d 00 00 14 | 7d 94 19 a6 53 10 ca 6f 2c 17 9d 92 15 52 9d 56 | 0d 00 00 14 90 cb 80 91 3e bb 69 6e 08 63 81 b5 | ec 42 7b 1f 00 00 00 14 cd 60 46 43 35 df 21 f8 | 7c fd b2 fc 68 b6 a4 48 "nss-cert-chain" #1: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds | event_schedule: new EVENT_RETRANSMIT-pe@0x5621c87f0878 | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #1 | libevent_malloc: new ptr-libevent@0x5621c87ed308 size 128 | #1 STATE_MAIN_I1: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 11422.177872 | #1 spent 1.41 milliseconds in main_outI1() | stop processing: state #1 connection "nss-cert-chain" from 192.1.2.23 (in main_outI1() at ikev1_main.c:228) | resume processing: connection "nss-cert-chain" (in main_outI1() at ikev1_main.c:228) | stop processing: connection "nss-cert-chain" (in initiate_a_connection() at initiate.c:349) | close_any(fd@23) (in initiate_connection() at initiate.c:372) | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 1.49 milliseconds in whack | spent 0.00198 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 144 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | 80 d4 1f 09 81 82 24 5a b3 8d 8e ff d7 a6 77 a5 | 01 10 02 00 00 00 00 00 00 00 00 90 0d 00 00 38 | 00 00 00 01 00 00 00 01 00 00 00 2c 00 01 00 01 | 00 00 00 24 00 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 07 80 02 00 04 80 03 00 03 80 04 00 0e | 80 0e 01 00 0d 00 00 14 40 48 b7 d5 6e bc e8 85 | 25 e7 de 7f 00 d6 c2 d3 0d 00 00 14 af ca d7 13 | 68 a1 f1 c9 6b 86 96 fc 77 57 01 00 00 00 00 14 | 4a 13 1c 81 07 03 58 45 5c 57 28 f2 0e 95 45 2f | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 80 d4 1f 09 81 82 24 5a | responder cookie: | b3 8d 8e ff d7 a6 77 a5 | next payload type: ISAKMP_NEXT_SA (0x1) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 144 (0x90) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: IKEv1 state not found (find_state_ikev1) | State DB: found IKEv1 state #1 in MAIN_I1 (find_state_ikev1_init) | start processing: state #1 connection "nss-cert-chain" from 192.1.2.23 (in process_v1_packet() at ikev1.c:1459) | #1 is idle | #1 idle | got payload 0x2 (ISAKMP_NEXT_SA) needed: 0x2 opt: 0x2080 | ***parse ISAKMP Security Association Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | length: 56 (0x38) | DOI: ISAKMP_DOI_IPSEC (0x1) | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 | ***parse ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | length: 20 (0x14) | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 | ***parse ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | length: 20 (0x14) | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 | ***parse ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 20 (0x14) | message 'main_inR1_outI2' HASH payload not checked early | received Vendor ID payload [FRAGMENTATION] | received Vendor ID payload [Dead Peer Detection] | quirks.qnat_traversal_vid set to=117 [RFC 3947] | received Vendor ID payload [RFC 3947] | ****parse IPsec DOI SIT: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) | ****parse ISAKMP Proposal Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 44 (0x2c) | proposal number: 0 (0x0) | protocol ID: PROTO_ISAKMP (0x1) | SPI size: 0 (0x0) | number of transforms: 1 (0x1) | *****parse ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 36 (0x24) | ISAKMP transform number: 0 (0x0) | ISAKMP transform ID: KEY_IKE (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | [7 is OAKLEY_AES_CBC] | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 4 (0x4) | [4 is OAKLEY_SHA2_256] | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 3 (0x3) | [3 is OAKLEY_RSA_SIG] | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | OAKLEY proposal verified unconditionally; no alg_info to check against | Oakley Transform 0 accepted | sender checking NAT-T: enabled; VID 117 | returning NAT-T method NAT_TRAVERSAL_METHOD_IETF_RFC | enabling possible NAT-traversal with method RFC 3947 (NAT-Traversal) | adding outI2 KE work-order 1 for state #1 | state #1 requesting EVENT_RETRANSMIT to be deleted | #1 STATE_MAIN_I1: retransmits: cleared | libevent_free: release ptr-libevent@0x5621c87ed308 | free_event_entry: release EVENT_RETRANSMIT-pe@0x5621c87f0878 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x5621c87f0878 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 | libevent_malloc: new ptr-libevent@0x5621c87ed308 size 128 | complete v1 state transition with STF_SUSPEND | [RE]START processing: state #1 connection "nss-cert-chain" from 192.1.2.23 (in complete_v1_state_transition() at ikev1.c:2648) | suspending state #1 and saving MD | #1 is busy; has a suspended MD | #1 spent 0.118 milliseconds in process_packet_tail() | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "nss-cert-chain" from 192.1.2.23 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.242 milliseconds in comm_handle_cb() reading and processing packet | crypto helper 0 resuming | crypto helper 0 starting work-order 1 for state #1 | crypto helper 0 doing build KE and nonce (outI2 KE); request ID 1 | crypto helper 0 finished build KE and nonce (outI2 KE); request ID 1 time elapsed 0.000604 seconds | (#1) spent 0.582 milliseconds in crypto helper computing work-order 1: outI2 KE (pcr) | crypto helper 0 sending results from work-order 1 for state #1 to event queue | scheduling resume sending helper answer for #1 | libevent_malloc: new ptr-libevent@0x7f6aec002888 size 128 | crypto helper 0 waiting (nothing to do) | processing resume sending helper answer for #1 | start processing: state #1 connection "nss-cert-chain" from 192.1.2.23 (in resume_handler() at server.c:797) | crypto helper 0 replies to request ID 1 | calling continuation function 0x5621c7019b50 | main_inR1_outI2_continue for #1: calculated ke+nonce, sending I2 | **emit ISAKMP Message: | initiator cookie: | 80 d4 1f 09 81 82 24 5a | responder cookie: | b3 8d 8e ff d7 a6 77 a5 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit ISAKMP Key Exchange Payload: | next payload type: ISAKMP_NEXT_NONCE (0xa) | next payload chain: ignoring supplied 'ISAKMP Key Exchange Payload'.'next payload type' value 10:ISAKMP_NEXT_NONCE | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Key Exchange Payload (4:ISAKMP_NEXT_KE) | next payload chain: saving location 'ISAKMP Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of keyex value into ISAKMP Key Exchange Payload | keyex value 1c 27 d3 f0 c1 3d 31 fc 97 cf 98 5d b4 b2 18 6f | keyex value 97 9b eb db a9 42 97 73 34 c9 26 eb 4e 5e a2 5b | keyex value 86 b6 48 f4 ba 71 ba 0c 63 4c 02 f7 3d 09 f3 40 | keyex value 04 fe 76 c7 03 47 24 76 d8 c8 e8 1b e3 79 7b 14 | keyex value a0 89 b9 7f 60 3d 91 19 0f 2e b8 b1 42 c8 4a 07 | keyex value 0c d1 13 82 f3 30 e1 ea a7 10 62 9b f7 42 25 58 | keyex value ea c8 b8 99 7d da d6 82 f2 e1 5f b0 d3 08 4e 2e | keyex value 11 9c 1a f5 7c 41 27 8e a3 72 99 0f ac 62 a5 16 | keyex value 50 71 09 2d 4d b0 e4 76 fc 06 ca 86 93 a9 10 93 | keyex value 19 3a 89 73 51 ab c5 a5 1a f9 92 c4 29 8a 67 d6 | keyex value 72 65 cf 57 58 48 c6 c4 44 90 41 97 84 a9 3c a5 | keyex value de 27 e7 bd 03 31 cd 4f 88 45 3a 9f 9a d6 4b ba | keyex value 89 64 81 4a 24 de 19 2a a1 09 24 db 54 ec 25 f2 | keyex value aa 37 39 d4 86 ef 9e 88 9b 67 e1 fe 18 ed 4b 39 | keyex value 9a 7e ab 6f 18 ca da 5f 83 de cd b4 da 62 04 a8 | keyex value 92 80 25 74 0b 5a 90 12 98 a3 60 dd 60 d6 0c 79 | emitting length of ISAKMP Key Exchange Payload: 260 | ***emit ISAKMP Nonce Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Key Exchange Payload'.'next payload type' to current ISAKMP Nonce Payload (10:ISAKMP_NEXT_NONCE) | next payload chain: saving location 'ISAKMP Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of Ni into ISAKMP Nonce Payload | Ni 4d 14 a0 c0 75 d0 24 50 13 97 e0 ff 02 f8 f6 d9 | Ni 61 89 5a 09 5d e9 8a 90 ca 23 bc fa 73 f4 5b fa | emitting length of ISAKMP Nonce Payload: 36 | NAT-T checking st_nat_traversal | NAT-T found (implies NAT_T_WITH_NATD) | sending NAT-D payloads | natd_hash: hasher=0x5621c70eeca0(32) | natd_hash: icookie= 80 d4 1f 09 81 82 24 5a | natd_hash: rcookie= b3 8d 8e ff d7 a6 77 a5 | natd_hash: ip= c0 01 02 17 | natd_hash: port=500 | natd_hash: hash= a9 e0 2a aa ac c2 d3 41 da 9c 3c 03 e5 bb 7a 32 | natd_hash: hash= 9d a2 dd ef 64 42 c4 82 f2 5a bc a7 74 d2 46 7a | ***emit ISAKMP NAT-D Payload: | next payload type: ISAKMP_NEXT_NATD_RFC (0x14) | next payload chain: ignoring supplied 'ISAKMP NAT-D Payload'.'next payload type' value 20:ISAKMP_NEXT_NATD_RFC | next payload chain: setting previous 'ISAKMP Nonce Payload'.'next payload type' to current ISAKMP NAT-D Payload (20:ISAKMP_NEXT_NATD_RFC) | next payload chain: saving location 'ISAKMP NAT-D Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of NAT-D into ISAKMP NAT-D Payload | NAT-D a9 e0 2a aa ac c2 d3 41 da 9c 3c 03 e5 bb 7a 32 | NAT-D 9d a2 dd ef 64 42 c4 82 f2 5a bc a7 74 d2 46 7a | emitting length of ISAKMP NAT-D Payload: 36 | natd_hash: hasher=0x5621c70eeca0(32) | natd_hash: icookie= 80 d4 1f 09 81 82 24 5a | natd_hash: rcookie= b3 8d 8e ff d7 a6 77 a5 | natd_hash: ip= c0 01 02 2d | natd_hash: port=500 | natd_hash: hash= 62 b8 04 3b d1 3e d8 88 22 72 13 a5 05 4d 8c 1b | natd_hash: hash= 60 58 2c 8d c4 ee e2 fc 99 45 b1 0b 91 ca ba 0b | ***emit ISAKMP NAT-D Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP NAT-D Payload'.'next payload type' to current ISAKMP NAT-D Payload (20:ISAKMP_NEXT_NATD_RFC) | next payload chain: saving location 'ISAKMP NAT-D Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of NAT-D into ISAKMP NAT-D Payload | NAT-D 62 b8 04 3b d1 3e d8 88 22 72 13 a5 05 4d 8c 1b | NAT-D 60 58 2c 8d c4 ee e2 fc 99 45 b1 0b 91 ca ba 0b | emitting length of ISAKMP NAT-D Payload: 36 | no IKEv1 message padding required | emitting length of ISAKMP Message: 396 | State DB: re-hashing IKEv1 state #1 IKE SPIi and SPI[ir] | complete v1 state transition with STF_OK | [RE]START processing: state #1 connection "nss-cert-chain" from 192.1.2.23 (in complete_v1_state_transition() at ikev1.c:2673) | #1 is idle | doing_xauth:no, t_xauth_client_done:no | peer supports fragmentation | peer supports DPD | IKEv1: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2 | parent state #1: MAIN_I1(half-open IKE SA) => MAIN_I2(open IKE SA) | event_already_set, deleting event | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x5621c87ed308 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x5621c87f0878 | sending reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending 396 bytes for STATE_MAIN_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1) | 80 d4 1f 09 81 82 24 5a b3 8d 8e ff d7 a6 77 a5 | 04 10 02 00 00 00 00 00 00 00 01 8c 0a 00 01 04 | 1c 27 d3 f0 c1 3d 31 fc 97 cf 98 5d b4 b2 18 6f | 97 9b eb db a9 42 97 73 34 c9 26 eb 4e 5e a2 5b | 86 b6 48 f4 ba 71 ba 0c 63 4c 02 f7 3d 09 f3 40 | 04 fe 76 c7 03 47 24 76 d8 c8 e8 1b e3 79 7b 14 | a0 89 b9 7f 60 3d 91 19 0f 2e b8 b1 42 c8 4a 07 | 0c d1 13 82 f3 30 e1 ea a7 10 62 9b f7 42 25 58 | ea c8 b8 99 7d da d6 82 f2 e1 5f b0 d3 08 4e 2e | 11 9c 1a f5 7c 41 27 8e a3 72 99 0f ac 62 a5 16 | 50 71 09 2d 4d b0 e4 76 fc 06 ca 86 93 a9 10 93 | 19 3a 89 73 51 ab c5 a5 1a f9 92 c4 29 8a 67 d6 | 72 65 cf 57 58 48 c6 c4 44 90 41 97 84 a9 3c a5 | de 27 e7 bd 03 31 cd 4f 88 45 3a 9f 9a d6 4b ba | 89 64 81 4a 24 de 19 2a a1 09 24 db 54 ec 25 f2 | aa 37 39 d4 86 ef 9e 88 9b 67 e1 fe 18 ed 4b 39 | 9a 7e ab 6f 18 ca da 5f 83 de cd b4 da 62 04 a8 | 92 80 25 74 0b 5a 90 12 98 a3 60 dd 60 d6 0c 79 | 14 00 00 24 4d 14 a0 c0 75 d0 24 50 13 97 e0 ff | 02 f8 f6 d9 61 89 5a 09 5d e9 8a 90 ca 23 bc fa | 73 f4 5b fa 14 00 00 24 a9 e0 2a aa ac c2 d3 41 | da 9c 3c 03 e5 bb 7a 32 9d a2 dd ef 64 42 c4 82 | f2 5a bc a7 74 d2 46 7a 00 00 00 24 62 b8 04 3b | d1 3e d8 88 22 72 13 a5 05 4d 8c 1b 60 58 2c 8d | c4 ee e2 fc 99 45 b1 0b 91 ca ba 0b | !event_already_set at reschedule "nss-cert-chain" #1: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds | event_schedule: new EVENT_RETRANSMIT-pe@0x5621c87f0878 | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #1 | libevent_malloc: new ptr-libevent@0x5621c87ef988 size 128 | #1 STATE_MAIN_I2: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 11422.179587 "nss-cert-chain" #1: STATE_MAIN_I2: sent MI2, expecting MR2 | modecfg pull: noquirk policy:push not-client | phase 1 is done, looking for phase 2 to unpend | resume sending helper answer for #1 suppresed complete_v1_state_transition() | #1 spent 0.309 milliseconds in resume sending helper answer | stop processing: state #1 connection "nss-cert-chain" from 192.1.2.23 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f6aec002888 | spent 0.00209 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 396 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | 80 d4 1f 09 81 82 24 5a b3 8d 8e ff d7 a6 77 a5 | 04 10 02 00 00 00 00 00 00 00 01 8c 0a 00 01 04 | f0 b0 55 a6 18 0b d7 cf f0 00 cc 87 c6 e9 d5 be | 2d 69 c7 51 1f 54 db 77 fa 23 f5 22 0f e3 db fd | 42 dd 6e 0d c1 3e fc 5e 8e f6 fc 35 b0 eb 5c eb | a9 b0 a8 cc 96 16 5a e0 47 6f 5a f6 96 d1 ff ef | 4f 8a f4 4b c3 cb 40 73 a7 30 7b 36 5e 23 06 d0 | 8d 54 a6 87 36 da 6a 6d d6 3e 3f cc 44 28 a1 ab | 84 47 13 bc 0e 8f f7 0f d7 ee d7 18 33 b6 76 b2 | ec d4 ce 9c a9 30 66 4d 94 4f 68 5a 6e 36 77 7f | b9 e9 ae 8d 58 8d 12 ec d3 7d da 4a f9 ec ed 97 | 0e cf 04 26 5e de 5a d0 27 bc 5d 3a b5 b1 d9 a1 | 27 e4 77 72 e6 19 35 f8 0c c9 32 6e 13 46 29 a8 | f0 aa 76 8e f4 a3 3b fd 2a 43 22 50 37 0f 15 b8 | f0 64 54 6f d1 d4 52 09 d8 40 a3 ed eb 0b d8 c3 | 0e 52 95 d3 28 53 95 4e 91 78 f2 5f ba 23 26 f6 | f6 ce d2 be bb ea 63 b8 da 30 ca 9c 17 e0 55 cf | 8f 66 bc d5 29 49 68 6d 38 05 74 ec f3 6d 29 75 | 14 00 00 24 11 2d 59 76 6a f8 b9 0c 3d 81 9c 24 | b6 dc 0a 86 63 c1 fe 4d 88 7e f0 8f 26 2b f7 1e | 11 96 7e 55 14 00 00 24 62 b8 04 3b d1 3e d8 88 | 22 72 13 a5 05 4d 8c 1b 60 58 2c 8d c4 ee e2 fc | 99 45 b1 0b 91 ca ba 0b 00 00 00 24 a9 e0 2a aa | ac c2 d3 41 da 9c 3c 03 e5 bb 7a 32 9d a2 dd ef | 64 42 c4 82 f2 5a bc a7 74 d2 46 7a | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 80 d4 1f 09 81 82 24 5a | responder cookie: | b3 8d 8e ff d7 a6 77 a5 | next payload type: ISAKMP_NEXT_KE (0x4) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 396 (0x18c) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_I2 (find_state_ikev1) | start processing: state #1 connection "nss-cert-chain" from 192.1.2.23 (in process_v1_packet() at ikev1.c:1459) | #1 is idle | #1 idle | got payload 0x10 (ISAKMP_NEXT_KE) needed: 0x410 opt: 0x102080 | ***parse ISAKMP Key Exchange Payload: | next payload type: ISAKMP_NEXT_NONCE (0xa) | length: 260 (0x104) | got payload 0x400 (ISAKMP_NEXT_NONCE) needed: 0x400 opt: 0x102080 | ***parse ISAKMP Nonce Payload: | next payload type: ISAKMP_NEXT_NATD_RFC (0x14) | length: 36 (0x24) | got payload 0x100000 (ISAKMP_NEXT_NATD_RFC) needed: 0x0 opt: 0x102080 | ***parse ISAKMP NAT-D Payload: | next payload type: ISAKMP_NEXT_NATD_RFC (0x14) | length: 36 (0x24) | got payload 0x100000 (ISAKMP_NEXT_NATD_RFC) needed: 0x0 opt: 0x102080 | ***parse ISAKMP NAT-D Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 36 (0x24) | message 'main_inR2_outI3' HASH payload not checked early | started looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west_chain_endcert.testing.libreswan.org, E=west_chain_endcert@testing.libreswan.org->%fromcert of kind PKK_PSK | actually looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west_chain_endcert.testing.libreswan.org, E=west_chain_endcert@testing.libreswan.org->%fromcert of kind PKK_PSK | line 0: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west_chain_endcert.testing.libreswan.org, E=west_chain_endcert@testing.libreswan.org) to type PKK_RSA | line 1: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west_chain_endcert.testing.libreswan.org, E=west_chain_endcert@testing.libreswan.org) to type PKK_RSA | concluding with best_match=000 best=(nil) (lineno=-1) | no PreShared Key Found | adding aggr outR1 DH work-order 2 for state #1 | state #1 requesting EVENT_RETRANSMIT to be deleted | #1 STATE_MAIN_I2: retransmits: cleared | libevent_free: release ptr-libevent@0x5621c87ef988 | free_event_entry: release EVENT_RETRANSMIT-pe@0x5621c87f0878 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x5621c87f0878 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 | libevent_malloc: new ptr-libevent@0x7f6aec002888 size 128 | complete v1 state transition with STF_SUSPEND | [RE]START processing: state #1 connection "nss-cert-chain" from 192.1.2.23 (in complete_v1_state_transition() at ikev1.c:2648) | suspending state #1 and saving MD | #1 is busy; has a suspended MD | crypto helper 2 resuming | #1 spent 0.0621 milliseconds in process_packet_tail() | crypto helper 2 starting work-order 2 for state #1 | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) | crypto helper 2 doing compute dh+iv (V1 Phase 1) (aggr outR1 DH); request ID 2 | stop processing: state #1 connection "nss-cert-chain" from 192.1.2.23 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.216 milliseconds in comm_handle_cb() reading and processing packet | crypto helper 2 finished compute dh+iv (V1 Phase 1) (aggr outR1 DH); request ID 2 time elapsed 0.001133 seconds | (#1) spent 1.13 milliseconds in crypto helper computing work-order 2: aggr outR1 DH (pcr) | crypto helper 2 sending results from work-order 2 for state #1 to event queue | scheduling resume sending helper answer for #1 | libevent_malloc: new ptr-libevent@0x7f6ae4000f48 size 128 | crypto helper 2 waiting (nothing to do) | processing resume sending helper answer for #1 | start processing: state #1 connection "nss-cert-chain" from 192.1.2.23 (in resume_handler() at server.c:797) | crypto helper 2 replies to request ID 2 | calling continuation function 0x5621c7019b50 | main_inR2_outI3_cryptotail for #1: calculated DH, sending R1 | **emit ISAKMP Message: | initiator cookie: | 80 d4 1f 09 81 82 24 5a | responder cookie: | b3 8d 8e ff d7 a6 77 a5 | next payload type: ISAKMP_NEXT_ID (0x5) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | next payload chain: ignoring supplied 'ISAKMP Message'.'next payload type' value 5:ISAKMP_NEXT_ID | thinking about whether to send my certificate: | I have RSA key: OAKLEY_RSA_SIG cert.type: CERT_X509_SIGNATURE | sendcert: CERT_ALWAYSSEND and I did not get a certificate request | so send cert. | Sending one or more authcerts | I am sending a certificate request | I will NOT send an initial contact payload | init checking NAT-T: enabled; RFC 3947 (NAT-Traversal) | natd_hash: hasher=0x5621c70eeca0(32) | natd_hash: icookie= 80 d4 1f 09 81 82 24 5a | natd_hash: rcookie= b3 8d 8e ff d7 a6 77 a5 | natd_hash: ip= c0 01 02 2d | natd_hash: port=500 | natd_hash: hash= 62 b8 04 3b d1 3e d8 88 22 72 13 a5 05 4d 8c 1b | natd_hash: hash= 60 58 2c 8d c4 ee e2 fc 99 45 b1 0b 91 ca ba 0b | natd_hash: hasher=0x5621c70eeca0(32) | natd_hash: icookie= 80 d4 1f 09 81 82 24 5a | natd_hash: rcookie= b3 8d 8e ff d7 a6 77 a5 | natd_hash: ip= c0 01 02 17 | natd_hash: port=500 | natd_hash: hash= a9 e0 2a aa ac c2 d3 41 da 9c 3c 03 e5 bb 7a 32 | natd_hash: hash= 9d a2 dd ef 64 42 c4 82 f2 5a bc a7 74 d2 46 7a | expected NAT-D(me): 62 b8 04 3b d1 3e d8 88 22 72 13 a5 05 4d 8c 1b | expected NAT-D(me): 60 58 2c 8d c4 ee e2 fc 99 45 b1 0b 91 ca ba 0b | expected NAT-D(him): | a9 e0 2a aa ac c2 d3 41 da 9c 3c 03 e5 bb 7a 32 | 9d a2 dd ef 64 42 c4 82 f2 5a bc a7 74 d2 46 7a | received NAT-D: 62 b8 04 3b d1 3e d8 88 22 72 13 a5 05 4d 8c 1b | received NAT-D: 60 58 2c 8d c4 ee e2 fc 99 45 b1 0b 91 ca ba 0b | received NAT-D: a9 e0 2a aa ac c2 d3 41 da 9c 3c 03 e5 bb 7a 32 | received NAT-D: 9d a2 dd ef 64 42 c4 82 f2 5a bc a7 74 d2 46 7a | NAT_TRAVERSAL encaps using auto-detect | NAT_TRAVERSAL this end is NOT behind NAT | NAT_TRAVERSAL that end is NOT behind NAT | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.23 | NAT-Traversal: Result using RFC 3947 (NAT-Traversal) sender port 500: no NAT detected | NAT_T_WITH_KA detected | global one-shot timer EVENT_NAT_T_KEEPALIVE scheduled in 20 seconds | ***emit ISAKMP Identification Payload (IPsec DOI): | next payload type: ISAKMP_NEXT_CERT (0x6) | ID type: ID_DER_ASN1_DN (0x9) | Protocol ID: 0 (0x0) | port: 0 (0x0) | next payload chain: ignoring supplied 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' value 6:ISAKMP_NEXT_CERT | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' | emitting 206 raw bytes of my identity into ISAKMP Identification Payload (IPsec DOI) | my identity 30 81 cb 31 0b 30 09 06 03 55 04 06 13 02 43 41 | my identity 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 | my identity 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 | my identity 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c | my identity 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 | my identity 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 | my identity 6e 74 31 31 30 2f 06 03 55 04 03 0c 28 77 65 73 | my identity 74 5f 63 68 61 69 6e 5f 65 6e 64 63 65 72 74 2e | my identity 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 | my identity 6e 2e 6f 72 67 31 37 30 35 06 09 2a 86 48 86 f7 | my identity 0d 01 09 01 16 28 77 65 73 74 5f 63 68 61 69 6e | my identity 5f 65 6e 64 63 65 72 74 40 74 65 73 74 69 6e 67 | my identity 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 | emitting length of ISAKMP Identification Payload (IPsec DOI): 214 "nss-cert-chain" #1: I am sending my cert | ***emit ISAKMP Certificate Payload: | next payload type: ISAKMP_NEXT_CERT (0x6) | cert encoding: CERT_X509_SIGNATURE (0x4) | next payload chain: ignoring supplied 'ISAKMP Certificate Payload'.'next payload type' value 6:ISAKMP_NEXT_CERT | next payload chain: setting previous 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' to current ISAKMP Certificate Payload (6:ISAKMP_NEXT_CERT) | next payload chain: saving location 'ISAKMP Certificate Payload'.'next payload type' in 'reply packet' | emitting 1028 raw bytes of CERT into ISAKMP Certificate Payload | CERT 30 82 04 00 30 82 03 69 a0 03 02 01 02 02 01 3f | CERT 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 | CERT 81 c7 31 0b 30 09 06 03 55 04 06 13 02 43 41 31 | CERT 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 69 | CERT 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 6f | CERT 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c 69 | CERT 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 0b | CERT 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 6e | CERT 74 31 2f 30 2d 06 03 55 04 03 0c 26 77 65 73 74 | CERT 5f 63 68 61 69 6e 5f 69 6e 74 5f 32 2e 74 65 73 | CERT 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f | CERT 72 67 31 35 30 33 06 09 2a 86 48 86 f7 0d 01 09 | CERT 01 16 26 77 65 73 74 5f 63 68 61 69 6e 5f 69 6e | CERT 74 5f 32 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 | CERT 65 73 77 61 6e 2e 6f 72 67 30 22 18 0f 32 30 31 | CERT 39 30 38 32 34 30 39 30 37 35 33 5a 18 0f 32 30 | CERT 32 30 30 38 32 33 30 39 30 37 35 33 5a 30 81 cb | CERT 31 0b 30 09 06 03 55 04 06 13 02 43 41 31 10 30 | CERT 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 69 6f 31 | CERT 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 6f 6e 74 | CERT 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c 69 62 72 | CERT 65 73 77 61 6e 31 18 30 16 06 03 55 04 0b 0c 0f | CERT 54 65 73 74 20 44 65 70 61 72 74 6d 65 6e 74 31 | CERT 31 30 2f 06 03 55 04 03 0c 28 77 65 73 74 5f 63 | CERT 68 61 69 6e 5f 65 6e 64 63 65 72 74 2e 74 65 73 | CERT 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f | CERT 72 67 31 37 30 35 06 09 2a 86 48 86 f7 0d 01 09 | CERT 01 16 28 77 65 73 74 5f 63 68 61 69 6e 5f 65 6e | CERT 64 63 65 72 74 40 74 65 73 74 69 6e 67 2e 6c 69 | CERT 62 72 65 73 77 61 6e 2e 6f 72 67 30 81 9f 30 0d | CERT 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 81 8d | CERT 00 30 81 89 02 81 81 00 b7 fb 78 d1 9e d3 c0 25 | CERT 56 75 61 cb e7 ec 40 0d 2f f0 a1 88 6b f5 70 20 | CERT b7 0d d7 b7 24 5c b2 22 21 46 d5 92 3e 79 51 9c | CERT e7 39 4a 60 c4 06 7f cb df 28 51 22 3c 58 f3 2b | CERT 74 0e 24 d9 70 fc 56 f1 cd 11 9c 43 a0 9a 05 62 | CERT 45 c0 bc e2 f0 38 fd 89 a2 75 fc 20 18 24 fd a6 | CERT da d2 97 44 a0 3e c6 4c 39 ea be a3 9e d5 91 4b | CERT 32 19 bc 39 94 9b 7b 67 7d d1 87 6b 54 24 f2 80 | CERT 00 64 93 26 08 5d bd cb 02 03 01 00 01 a3 81 f1 | CERT 30 81 ee 30 09 06 03 55 1d 13 04 02 30 00 30 33 | CERT 06 03 55 1d 11 04 2c 30 2a 82 28 77 65 73 74 5f | CERT 63 68 61 69 6e 5f 65 6e 64 63 65 72 74 2e 74 65 | CERT 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 6e 2e | CERT 6f 72 67 30 0b 06 03 55 1d 0f 04 04 03 02 07 80 | CERT 30 1d 06 03 55 1d 25 04 16 30 14 06 08 2b 06 01 | CERT 05 05 07 03 01 06 08 2b 06 01 05 05 07 03 02 30 | CERT 41 06 08 2b 06 01 05 05 07 01 01 04 35 30 33 30 | CERT 31 06 08 2b 06 01 05 05 07 30 01 86 25 68 74 74 | CERT 70 3a 2f 2f 6e 69 63 2e 74 65 73 74 69 6e 67 2e | CERT 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 3a 32 35 | CERT 36 30 30 3d 06 03 55 1d 1f 04 36 30 34 30 32 a0 | CERT 30 a0 2e 86 2c 68 74 74 70 3a 2f 2f 6e 69 63 2e | CERT 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 | CERT 6e 2e 6f 72 67 2f 72 65 76 6f 6b 65 64 2e 63 72 | CERT 6c 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 | CERT 03 81 81 00 25 29 7e 43 8c 14 5b e5 01 75 e7 b8 | CERT 7e 97 19 9c 9f 86 48 14 9e ca 8f ca 31 3e 6e 41 | CERT 26 d9 68 62 64 84 32 ac 17 69 ef 25 94 ef fe 21 | CERT 22 82 bb 2c 8c 63 9e bb 8a 67 94 af 81 9b fe c6 | CERT 00 ed e5 fb 7e 65 0c 04 4a d2 bb d5 2b 28 db 58 | CERT 36 66 d7 62 24 f7 08 1b 76 97 a6 90 97 9d 9a 68 | CERT 33 a1 ed 85 54 af e1 70 b6 94 96 7f b3 4d bf d8 | CERT 84 f9 c2 78 55 c5 ea 36 fd 36 c4 c1 cd 67 1b b4 | CERT 74 b2 4d 9f | emitting length of ISAKMP Certificate Payload: 1033 "nss-cert-chain" #1: I am sending a CA cert chain | ***emit ISAKMP Certificate Payload: | next payload type: ISAKMP_NEXT_CR (0x7) | cert encoding: CERT_X509_SIGNATURE (0x4) | next payload chain: ignoring supplied 'ISAKMP Certificate Payload'.'next payload type' value 7:ISAKMP_NEXT_CR | next payload chain: setting previous 'ISAKMP Certificate Payload'.'next payload type' to current ISAKMP Certificate Payload (6:ISAKMP_NEXT_CERT) | next payload chain: saving location 'ISAKMP Certificate Payload'.'next payload type' in 'reply packet' | emitting 974 raw bytes of CERT into ISAKMP Certificate Payload | CERT 30 82 03 ca 30 82 03 33 a0 03 02 01 02 02 01 3e | CERT 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 | CERT 81 c7 31 0b 30 09 06 03 55 04 06 13 02 43 41 31 | CERT 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 69 | CERT 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 6f | CERT 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c 69 | CERT 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 0b | CERT 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 6e | CERT 74 31 2f 30 2d 06 03 55 04 03 0c 26 77 65 73 74 | CERT 5f 63 68 61 69 6e 5f 69 6e 74 5f 31 2e 74 65 73 | CERT 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f | CERT 72 67 31 35 30 33 06 09 2a 86 48 86 f7 0d 01 09 | CERT 01 16 26 77 65 73 74 5f 63 68 61 69 6e 5f 69 6e | CERT 74 5f 31 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 | CERT 65 73 77 61 6e 2e 6f 72 67 30 22 18 0f 32 30 31 | CERT 39 30 38 32 34 30 39 30 37 35 33 5a 18 0f 32 30 | CERT 32 30 30 38 32 33 30 39 30 37 35 33 5a 30 81 c7 | CERT 31 0b 30 09 06 03 55 04 06 13 02 43 41 31 10 30 | CERT 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 69 6f 31 | CERT 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 6f 6e 74 | CERT 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c 69 62 72 | CERT 65 73 77 61 6e 31 18 30 16 06 03 55 04 0b 0c 0f | CERT 54 65 73 74 20 44 65 70 61 72 74 6d 65 6e 74 31 | CERT 2f 30 2d 06 03 55 04 03 0c 26 77 65 73 74 5f 63 | CERT 68 61 69 6e 5f 69 6e 74 5f 32 2e 74 65 73 74 69 | CERT 6e 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 | CERT 31 35 30 33 06 09 2a 86 48 86 f7 0d 01 09 01 16 | CERT 26 77 65 73 74 5f 63 68 61 69 6e 5f 69 6e 74 5f | CERT 32 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 | CERT 77 61 6e 2e 6f 72 67 30 81 9f 30 0d 06 09 2a 86 | CERT 48 86 f7 0d 01 01 01 05 00 03 81 8d 00 30 81 89 | CERT 02 81 81 00 b8 ce 02 f6 35 74 d9 aa 0d 4a 5e 74 | CERT 38 99 1e 34 bd f3 fe 56 b0 bb 52 dd 3f 31 42 4a | CERT bf 9c 0b 76 e2 98 35 11 83 f2 01 a4 15 cd d8 02 | CERT 7f d1 94 fe 7b b6 71 50 6a 44 a6 69 48 c6 2c ad | CERT ce fb de 01 27 93 ad e7 a7 92 57 9b 93 7f 9b 83 | CERT 9f 92 dd 3e 51 a0 d3 03 83 26 1f 29 65 36 de 68 | CERT ec 45 fb 4c 77 ed 63 e8 98 14 e9 3a 47 98 41 95 | CERT 81 4c 89 bd 9d 21 73 9a 63 38 8b 67 fb 54 7d d1 | CERT 74 41 fd ab 02 03 01 00 01 a3 81 bf 30 81 bc 30 | CERT 0c 06 03 55 1d 13 04 05 30 03 01 01 ff 30 0b 06 | CERT 03 55 1d 0f 04 04 03 02 01 86 30 1d 06 03 55 1d | CERT 25 04 16 30 14 06 08 2b 06 01 05 05 07 03 01 06 | CERT 08 2b 06 01 05 05 07 03 02 30 41 06 08 2b 06 01 | CERT 05 05 07 01 01 04 35 30 33 30 31 06 08 2b 06 01 | CERT 05 05 07 30 01 86 25 68 74 74 70 3a 2f 2f 6e 69 | CERT 63 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 | CERT 77 61 6e 2e 6f 72 67 3a 32 35 36 30 30 3d 06 03 | CERT 55 1d 1f 04 36 30 34 30 32 a0 30 a0 2e 86 2c 68 | CERT 74 74 70 3a 2f 2f 6e 69 63 2e 74 65 73 74 69 6e | CERT 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 2f | CERT 72 65 76 6f 6b 65 64 2e 63 72 6c 30 0d 06 09 2a | CERT 86 48 86 f7 0d 01 01 0b 05 00 03 81 81 00 80 ff | CERT f6 c9 1c 5d 88 04 22 fa 17 d0 f9 c0 50 a4 53 3f | CERT 0f 0b 51 8c e7 2f 23 a9 c8 5e 3d 8f 3e 74 07 c8 | CERT 2f b2 88 6d 2c 38 2b 69 ed 12 0e 8b 2f 25 bf 78 | CERT e8 16 bd 17 cd 33 aa 13 75 d0 e0 25 69 02 07 89 | CERT 76 b8 15 21 ff bc 17 76 9d 51 68 0c 02 22 51 e4 | CERT 50 c9 ff 9c 6a 7d 8a 8a a6 38 5e bc 4a 2c 30 1b | CERT fa 2a 5d ff 87 1c 02 04 2d 32 2a d8 87 e6 24 dc | CERT e0 8f d7 13 c5 85 5a f7 3c 32 64 6e c9 d3 | emitting length of ISAKMP Certificate Payload: 979 "nss-cert-chain" #1: I am sending a certificate request | ***emit ISAKMP Certificate RequestPayload: | next payload type: ISAKMP_NEXT_SIG (0x9) | cert type: CERT_X509_SIGNATURE (0x4) | next payload chain: ignoring supplied 'ISAKMP Certificate RequestPayload'.'next payload type' value 9:ISAKMP_NEXT_SIG | next payload chain: setting previous 'ISAKMP Certificate Payload'.'next payload type' to current ISAKMP Certificate RequestPayload (7:ISAKMP_NEXT_CR) | next payload chain: saving location 'ISAKMP Certificate RequestPayload'.'next payload type' in 'reply packet' | emitting length of ISAKMP Certificate RequestPayload: 5 | started looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west_chain_endcert.testing.libreswan.org, E=west_chain_endcert@testing.libreswan.org->%fromcert of kind PKK_RSA | searching for certificate PKK_RSA:AwEAAbf7e vs PKK_RSA:AwEAAbf7e | ***emit ISAKMP Signature Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Certificate RequestPayload'.'next payload type' to current ISAKMP Signature Payload (9:ISAKMP_NEXT_SIG) | next payload chain: saving location 'ISAKMP Signature Payload'.'next payload type' in 'reply packet' | emitting 128 raw bytes of SIG_I into ISAKMP Signature Payload | SIG_I 56 75 5e 0a f4 39 7c da 11 88 c8 49 7f 2f c1 82 | SIG_I 04 7a d2 90 59 1c b4 03 e4 4b a3 40 3b a5 86 38 | SIG_I 82 cb fd 3a b3 1c 84 fc 2e 1d a5 4e 1b 76 39 ad | SIG_I 9b 5e dc 1a 9b 76 2d 6f 72 69 b8 86 71 5b 3f f0 | SIG_I 1d ac 83 00 4f c7 cd cb ec 2c 4c 78 af 65 32 63 | SIG_I 27 00 c9 f4 04 02 9b 10 e8 92 df 38 86 9d 9c 30 | SIG_I c7 a5 9c af d9 85 13 9b 1f e0 14 fa 4c a3 8d 3d | SIG_I 2c 70 99 77 fe ac 47 37 ef 4e 6b 95 db d3 04 c9 | emitting length of ISAKMP Signature Payload: 132 | Not sending INITIAL_CONTACT | emitting 5 zero bytes of encryption padding into ISAKMP Message | no IKEv1 message padding required | emitting length of ISAKMP Message: 2396 | complete v1 state transition with STF_OK | [RE]START processing: state #1 connection "nss-cert-chain" from 192.1.2.23 (in complete_v1_state_transition() at ikev1.c:2673) | #1 is idle | doing_xauth:no, t_xauth_client_done:no | IKEv1: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3 | parent state #1: MAIN_I2(open IKE SA) => MAIN_I3(open IKE SA) | event_already_set, deleting event | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f6aec002888 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x5621c87f0878 | sending reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending 2396 bytes for STATE_MAIN_I2 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1) | 80 d4 1f 09 81 82 24 5a b3 8d 8e ff d7 a6 77 a5 | 05 10 02 01 00 00 00 00 00 00 09 5c 14 98 02 b0 | 18 16 ef 25 aa 13 c8 1f 83 52 3a 22 9b 76 42 22 | dc fb fa e3 aa 3a 41 72 ce 4a a9 14 99 5f 5f 61 | 11 3e 17 69 1c a3 96 81 53 1d 58 58 35 5b d5 8e | 76 f3 17 97 b4 b3 58 48 50 5f d7 c6 20 72 45 2a | 27 d6 71 a8 35 43 81 7f d4 d5 42 b4 2b 2c 4f 28 | 90 7f 54 be 53 36 3f 0b 64 04 93 34 e3 83 2a fc | 89 4c e6 6f c9 a0 39 f6 5e 16 09 d5 b1 0e a6 f9 | ff 8c eb e4 6e fd 14 57 15 d9 ba 1f 3e 8c 84 52 | f8 4f ce 09 bc b2 62 28 90 3c 1e b4 eb ec e9 16 | 14 6d dc 80 ba 83 6c 84 44 f3 ff bb 26 ea b5 6c | 2a 6f 52 55 3f ef 8a 29 71 c0 d8 cd 0c f8 21 9c | 4e 28 a9 77 1c ce aa 37 2e 8a 43 8d 09 af 41 62 | 98 55 f7 ad 3a 9f 4c fd 02 5c 65 c8 b1 ad f6 8c | b1 74 2c 4f d8 ca 45 24 d3 bb 14 db ab 33 ac 60 | 63 1e 22 21 db e4 81 ee d6 7e d3 c3 7c 62 43 3c | 20 a1 1a ad 5d 58 2c 38 e9 d2 57 ae 90 bf 62 1c | 2f ec b2 66 a3 7c 6b 94 39 eb 60 27 bd 54 eb 4a | 6e f1 64 09 32 10 28 3e b8 f9 a0 5d 56 c7 00 26 | a4 3b e3 41 a7 27 9c 80 14 09 67 51 ff a7 d4 8d | 8e 73 ed a4 69 d3 bc 2c 78 ee 18 95 78 32 ed 0d | aa aa 7a 6e 34 a1 4d e4 ba 94 21 1b be f7 aa fa | ba 78 4f 9e 1b ef 12 b4 24 9c bd 0b 5b d9 6a 68 | 6d fa fe 65 03 72 1f d1 70 d7 b1 80 00 8a b2 48 | c9 90 d2 df 94 f3 34 0c 2f 04 20 28 e0 85 71 8c | 6a 7c 3b eb 33 03 99 e8 12 ac 5d 95 94 2d ef cb | d9 58 56 14 64 ac 50 69 2d d7 b7 66 3e 12 a7 92 | 34 d1 ed 7e ad fa cd 87 85 59 34 40 f7 62 6f b0 | d6 0e 70 39 b2 d5 f8 43 f8 0f ad ca bb 76 34 ed | 40 72 26 cf 84 a7 4d d6 16 7b 55 07 a7 e0 60 ae | 0f 01 35 68 2f e0 31 9c aa 78 04 34 c4 36 fa 7d | b5 a3 09 e8 0b eb df 06 8d 2e ab 13 b5 fd b1 6e | bb eb 5f 6c de af 19 88 19 3b 2d 1b b5 3c 9c 51 | 43 7e 84 00 a0 2b 87 3c d4 33 cf b9 9c 81 7e 79 | fe bd 2d 54 c9 62 cf e2 0a 1f 45 ba 1e 05 13 0e | 0b 93 0c 3a b8 18 e9 b6 ca fb 5d 21 14 22 10 b4 | 7f 2a be 5a f7 dc 54 6a c0 51 11 29 a7 86 99 14 | c4 b6 8d 39 b0 44 59 1e e0 56 f9 33 68 76 3d 70 | f0 73 2b 12 64 db 27 aa 6f 76 2c 55 ab 20 cd f9 | 56 19 06 ef e0 7c 6e a2 68 15 d6 d5 9b 4d d0 92 | 58 f1 20 b9 9c 51 9d 92 fd 4c 0c d6 ce e5 1e be | a0 ce 4c 5f 6a 2f de 8a f0 5c b8 2b 25 62 ed 3e | ad 4d 66 7b 8f 88 c2 96 df 72 55 78 b1 dd ec 1a | 39 dc 41 a6 d9 95 98 8e 55 21 b4 3e 3a c2 df 76 | 5c 74 21 d1 bf ed 5a ce ac 90 0d 72 2a c0 13 d2 | ed 23 d5 bc 99 f0 66 60 b5 5c 19 60 50 16 ab 33 | 54 cc 54 34 6a 03 5c a5 da df 80 df 3e e3 2b b3 | ec 21 07 8b c8 04 5d 22 ae 32 a7 61 fe d2 76 36 | 76 fb 15 2a a2 7e d5 04 d4 f2 27 a7 8b 9f ee 49 | a4 b6 21 b4 7e e7 cd ec 83 15 5a 7e 19 c6 59 1f | 93 6e 13 9b b1 f8 5e 26 1e 71 3e 4c 2c b9 19 f7 | 3a eb c2 00 7a 19 46 96 85 d7 5d 65 29 42 20 50 | dc e6 e7 60 da 01 16 53 87 46 05 50 e7 af 31 97 | 1a a6 c7 f3 9f 53 d3 3d ad 30 0b cd 5b 1c a7 27 | 3b 76 8f 33 82 9f 74 dd 10 36 2f c2 f5 4f c3 85 | 62 77 cf 46 5a 0c 35 46 72 38 e1 01 c7 64 47 0c | b4 73 a3 f9 a1 7b 8a c9 87 e1 4b a5 28 6f 11 ff | 11 6f 83 ff ee 79 a6 9d 22 f1 02 b3 32 a3 51 35 | e1 94 9c 6c 91 ab c2 4b 47 4f 9a 37 8c f2 84 c7 | 94 eb 11 21 9b 89 4d 4c 04 5c 7a 20 50 98 53 f6 | 31 9f f6 12 f2 a6 a1 97 55 4b c0 5a 60 d0 24 56 | 33 e5 a6 1a c7 1e 8f a0 e4 03 0f a6 96 64 c6 b3 | b5 34 ae ce 4f bf 82 de ee 06 bb 3a 0b a6 e4 cc | b0 9b 07 92 13 ab 19 88 c7 db 1b f0 37 3f 43 ea | 85 83 41 38 2c 1f ca 1f 94 49 25 af 3b f2 68 0a | fb d2 2b 86 6d fb 26 4f 2c ad 7b db cb 21 7b b6 | 1c 0a c7 3a ba 7e 54 fa be 8a e6 05 39 c3 65 e4 | 64 44 48 0b d4 6b 71 9f 66 37 d2 92 e2 d3 86 db | 91 98 2c 5b 7d aa 4f 8f 3d 64 1e 74 cb 0c b2 6d | 21 c9 0b 10 15 c0 1f 86 3a bc fc 1a fa ad f0 a1 | e2 6a 5e 54 81 1d 9f 15 3d 28 43 e3 82 8d 32 5a | 2a a0 97 8e 3a 13 5b 2a 17 e6 97 58 8f da 81 ea | 5b fd 87 b1 e4 90 89 1b cb 75 4f 8f e7 af a0 53 | ca 89 3f 7a 61 eb 49 54 a1 8e f5 8c 78 8c 83 2c | 54 29 48 60 9c 17 cf ab 1f 77 1c a6 bd ec 1c 07 | 0b 99 9c ea f3 19 a7 d6 2d 2c 7b 94 ae 5b c7 b0 | 1c 25 65 84 67 47 43 79 9e 59 5d 4c 93 0b 4d 6a | dc 86 72 1e 44 9f 54 c4 1d e1 3b 69 8b 28 cc 89 | 81 92 60 72 b0 15 2d dd fb a1 81 bf c1 44 8d 94 | 93 11 07 c4 f3 ce 01 d9 45 12 6d 18 d5 73 b2 70 | 3d 51 2d 26 3e a3 8d 13 41 96 d6 40 a4 d4 34 0a | 23 4a ed 20 4d b5 e6 e8 0a b0 57 2f ff 2b 94 e0 | f0 e7 81 00 98 74 1f ea 70 91 b4 88 f1 5e 1e f7 | 09 05 c0 9f d8 ed c2 c1 c1 84 1d f3 88 ec ca 94 | cb ea 58 f2 59 e2 22 7c bd 97 94 f3 6d 6c 24 da | 15 53 83 d5 5a 0b d6 38 4c 65 57 3f ae 47 bb 9a | d5 42 84 82 97 8e 38 43 af f8 81 06 ed 6e f4 24 | da c3 49 b8 00 1b 9e 2f 43 de ff 0e ec 32 b0 f0 | 28 2b f5 6e b4 64 d7 ef 62 6d 12 f8 b9 6f 05 f1 | 9d a4 28 e4 60 58 8d 1f 8e e1 2d 32 92 34 cf 47 | 6d 5f ac ef 8c 7d d2 f7 af c9 a1 30 5a 62 fe f5 | 43 5e 2d 35 4f b2 6a c3 4b f8 f1 33 2b 5e 43 9a | 22 2d ac 41 da 32 14 d7 45 6f 77 20 36 dd 75 49 | c5 9e 0b b6 b3 24 4a d8 3f aa 3b 56 ca 1b 62 22 | 24 28 11 5a f8 35 fb 08 5d 72 91 c0 38 5d dd 7b | 92 17 2d 3a 05 02 2d 35 07 02 39 0c a8 74 45 cb | ce 30 95 c7 0c 5a df 28 db ab 7d bc 27 9b 64 fe | 1f 58 b8 d4 5e f7 65 80 52 e5 33 1d 20 19 7e 1c | 22 42 92 84 89 d4 bd 16 59 ab 7b 20 04 e6 c2 d4 | 78 01 d8 f0 bc 55 c4 60 41 f9 00 f4 c4 26 7f 65 | 9b 1f e2 fd 9a 16 58 db b5 df e2 94 e4 21 fb de | 48 4a 65 0a 26 56 86 31 60 29 4c 72 e4 7a 9d 46 | 6f a2 0b 07 5a eb f0 84 f1 32 8e eb 63 88 2e f8 | 6b 57 35 ce 43 34 1b a9 04 79 98 80 a6 2a 49 95 | 2c 83 ce 8b b8 f8 96 cd 5c a0 b6 33 78 0c 2a 4c | 6e 42 dc 57 d1 d5 cf ee 6c 89 3e 83 67 15 bf 49 | 65 20 f1 6b 99 be d6 b3 8a 66 96 e0 3d 94 d1 76 | 8d d2 92 b9 e4 17 ef 82 0e c5 7a d1 07 57 39 c2 | 9b 49 de 2e 31 1f 6c 0f 73 3e 5a 71 20 fa b9 bc | ce f5 1f 50 c2 b2 b9 bc 44 d8 5b 95 06 d4 00 50 | fe 2f 9b 40 d7 f4 b3 9e ad 23 c7 65 d1 cb b5 fc | a8 ec 45 3b 5f 3c be 79 ff f0 51 61 96 38 77 a0 | 6d 75 86 a0 53 f1 14 a9 a6 cc 9a d3 c5 4f ca 49 | 4d 25 15 21 a3 8a 18 56 c1 0b 0c ab 9d 5e 03 7c | 81 08 ba 45 4f 79 76 57 15 c8 99 73 d5 57 75 2b | 0a b0 0b 8b d2 42 57 6a df 68 db de d2 0e 42 9a | c0 8b 4a b3 1e 26 c0 fa ed 5b 7a 08 95 32 66 5d | b4 c2 87 5b d0 78 2e 1f b1 70 02 97 47 f9 bb 5b | 68 ca 8e 99 c7 41 09 4b 26 60 f8 3d b1 e9 38 d9 | 3f bf dd 8c a8 2b f9 dd 5c 6a 6e 55 d0 cb 2f 92 | 3f 5a 81 10 49 e3 77 a6 0b 86 88 ae 9d 9d 5f 5a | 3e 04 b7 37 c4 ff e6 a2 0e d5 9c 75 4b 6c d0 47 | fd 44 eb 99 e4 65 3a 5f c9 5c fc af 20 a7 4a 02 | bc 7a de f5 7d a2 3f 8b 06 fb 8c 6d 3f 4f f3 cb | 32 a7 c9 74 e0 64 9a bc 05 39 fc 77 22 46 8f 94 | fa 00 45 f9 ba 82 52 94 74 4d b0 02 94 a9 ab f8 | 12 c3 45 06 e6 d9 58 a7 1d 7c 8f 85 42 ed 92 be | fa c8 1d 2f b5 9a 84 aa f8 72 d3 09 8e 29 6a 54 | b6 65 9a 17 c5 48 85 ba 67 1b 62 10 c2 dc 8c 38 | ad 2e c2 a7 18 48 3e 96 8c c5 92 24 05 a0 7e 9c | df a9 0d 0d 90 2f df 8f 61 7a cd 2d 39 59 f2 56 | 8a 03 f0 62 46 10 2d 07 56 36 16 4f a8 a7 48 e8 | f4 ba 8a f4 0f c1 1c a3 ec 85 f4 4c 85 a5 6c f7 | 3f ec 96 b5 20 35 cc 84 b1 4b 7e c2 21 c8 96 1d | ca 08 70 5f da 52 5a d8 96 d8 fd f2 b1 b8 77 26 | b4 1e 1e 07 36 c9 1f fa 11 20 9f a3 57 b2 32 29 | df 6b 09 c0 a6 c4 6c 56 90 66 ea e2 21 db 75 db | ec 44 d7 7b 75 c5 23 e3 b9 fe c2 25 52 59 ef 43 | bb 82 03 82 fd 95 17 3f ec d9 cf b5 69 41 3e e4 | c4 3c 04 78 e1 eb ed cc b9 cf 00 12 79 51 65 43 | 16 bb f8 f7 6d bc 0f 22 de cc a4 14 88 34 d4 d1 | 9f 62 4e 94 d1 87 af 7a 7e a9 b8 31 99 73 54 38 | ec 58 90 67 72 62 7b 2a c9 d6 0e 12 20 d2 8a 8d | ae 0a 38 de 73 91 19 fa 20 4b 23 5b 35 e1 d4 45 | c1 ff 9c 63 ba 64 37 40 32 f0 8a ae 0c ce 3d 86 | 44 1b 73 04 bf 48 4e fa 33 b5 05 a4 5b 6b 28 d8 | 47 ba 2d 31 b9 af 7a b7 c2 94 f6 77 78 bc b1 92 | 25 9f 37 a0 26 ab d9 8a 97 92 33 7f 73 e4 b4 0d | e8 3e 58 9c 96 35 f3 03 a9 fb e0 2f | !event_already_set at reschedule "nss-cert-chain" #1: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds | event_schedule: new EVENT_RETRANSMIT-pe@0x5621c87f0878 | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #1 | libevent_malloc: new ptr-libevent@0x5621c87c3c38 size 128 | #1 STATE_MAIN_I3: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 11422.185535 "nss-cert-chain" #1: STATE_MAIN_I3: sent MI3, expecting MR3 | modecfg pull: noquirk policy:push not-client | phase 1 is done, looking for phase 2 to unpend | resume sending helper answer for #1 suppresed complete_v1_state_transition() | #1 spent 2.87 milliseconds in resume sending helper answer | stop processing: state #1 connection "nss-cert-chain" from 192.1.2.23 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f6ae4000f48 | spent 0.00308 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 76 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | 80 d4 1f 09 81 82 24 5a b3 8d 8e ff d7 a6 77 a5 | 08 10 05 01 22 bc da f0 00 00 00 4c 2f ce 58 7c | 0c 5a ab f4 75 f2 8e d3 e7 f8 24 89 a9 e2 59 b7 | 91 2e 5b 87 34 e9 2b 55 cf fe d7 a9 c6 e7 35 d2 | 66 e7 67 c3 06 a7 a4 2d 63 10 06 92 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 80 d4 1f 09 81 82 24 5a | responder cookie: | b3 8d 8e ff d7 a6 77 a5 | next payload type: ISAKMP_NEXT_HASH (0x8) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_INFO (0x5) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 582802160 (0x22bcdaf0) | length: 76 (0x4c) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_INFO (5) | peer and cookies match on #1; msgid=00000000 st_msgid=00000000 st_msgid_phase15=00000000 | p15 state object #1 found, in STATE_MAIN_I3 | State DB: found IKEv1 state #1 in MAIN_I3 (find_v1_info_state) | start processing: state #1 connection "nss-cert-chain" from 192.1.2.23 (in process_v1_packet() at ikev1.c:1479) | #1 is idle | #1 idle | received encrypted packet from 192.1.2.23:500 | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x100 opt: 0x0 | ***parse ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_N (0xb) | length: 36 (0x24) | got payload 0x800 (ISAKMP_NEXT_N) needed: 0x0 opt: 0x0 | ***parse ISAKMP Notification Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 12 (0xc) | DOI: ISAKMP_DOI_IPSEC (0x1) | protocol ID: 1 (0x1) | SPI size: 0 (0x0) | Notify Message Type: INVALID_ID_INFORMATION (0x12) | informational HASH(1): | 45 5e 66 e1 03 73 cc 43 53 2e ce d4 4f 6c 86 e1 | 70 c9 5d e6 ba 8f c0 e1 1a 10 bc 4b 76 95 8a 4d | received 'informational' message HASH(1) data ok "nss-cert-chain" #1: ignoring informational payload INVALID_ID_INFORMATION, msgid=00000000, length=12 | ISAKMP Notification Payload | 00 00 00 0c 00 00 00 01 01 00 00 12 | info: | processing informational INVALID_ID_INFORMATION (18) "nss-cert-chain" #1: received and ignored notification payload: INVALID_ID_INFORMATION | complete v1 state transition with STF_IGNORE | #1 spent 0.0108 milliseconds in process_packet_tail() | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "nss-cert-chain" from 192.1.2.23 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.2 milliseconds in comm_handle_cb() reading and processing packet | processing global timer EVENT_SHUNT_SCAN | expiring aged bare shunts from shunt table | spent 0.0133 milliseconds in global timer EVENT_SHUNT_SCAN | processing global timer EVENT_NAT_T_KEEPALIVE | FOR_EACH_STATE_... in nat_traversal_ka_event (for_each_state) | start processing: state #1 connection "nss-cert-chain" from 192.1.2.23 (in for_each_state() at state.c:1575) | not behind NAT: no NAT-T KEEP-ALIVE required for conn nss-cert-chain | stop processing: state #1 connection "nss-cert-chain" from 192.1.2.23 (in for_each_state() at state.c:1577) | spent 0.0113 milliseconds in global timer EVENT_NAT_T_KEEPALIVE | processing global timer EVENT_SHUNT_SCAN | expiring aged bare shunts from shunt table | spent 0.0049 milliseconds in global timer EVENT_SHUNT_SCAN | processing global timer EVENT_PENDING_DDNS | FOR_EACH_CONNECTION_... in connection_check_ddns | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations | elapsed time in connection_check_ddns for hostname lookup 0.000004 | spent 0.0084 milliseconds in global timer EVENT_PENDING_DDNS | processing global timer EVENT_SHUNT_SCAN | expiring aged bare shunts from shunt table | spent 0.00213 milliseconds in global timer EVENT_SHUNT_SCAN | timer_event_cb: processing event@0x5621c87f0878 | handling event EVENT_RETRANSMIT for parent state #1 | start processing: state #1 connection "nss-cert-chain" from 192.1.2.23 (in timer_event_cb() at timer.c:250) | IKEv1 retransmit event | [RE]START processing: state #1 connection "nss-cert-chain" from 192.1.2.23 (in retransmit_v1_msg() at retry.c:61) | handling event EVENT_RETRANSMIT for 192.1.2.23 "nss-cert-chain" #1 keying attempt 1 of 0; retransmit 1 | retransmits: current time 11482.183275; retransmit count 0 exceeds limit? NO; deltatime 60 exceeds limit? YES; monotime 59.99774 exceeds limit? NO "nss-cert-chain" #1: STATE_MAIN_I3: 60 second timeout exceeded after 0 retransmits. Possible authentication failure: no acceptable response to our first encrypted message "nss-cert-chain" #1: starting keying attempt 2 of an unlimited number, but releasing whack | release_pending_whacks: state #1 fd@24 .st_dev=9 .st_ino=9042295 | close_any(fd@24) (in release_whack() at state.c:654) | release_pending_whacks: IKE SA #1 fd@-1 has pending CHILD SA with socket fd@25 | close_any(fd@25) (in release_pending_whacks() at pending.c:223) | dup_any(fd@-1) -> fd@-1 (in ipsecdoi_replace() at ipsec_doi.c:310) | creating state object #2 at 0x5621c87f1cf8 | State DB: adding IKEv1 state #2 in UNDEFINED | pstats #2 ikev1.isakmp started | suspend processing: state #1 connection "nss-cert-chain" from 192.1.2.23 (in main_outI1() at ikev1_main.c:118) | start processing: state #2 connection "nss-cert-chain" from 192.1.2.23 (in main_outI1() at ikev1_main.c:118) | parent state #2: UNDEFINED(ignore) => MAIN_I1(half-open IKE SA) "nss-cert-chain" #2: initiating Main Mode to replace #1 | **emit ISAKMP Message: | initiator cookie: | 11 a9 0d be 27 ac 9c 21 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_SA (0x1) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | next payload chain: ignoring supplied 'ISAKMP Message'.'next payload type' value 1:ISAKMP_NEXT_SA | no specific IKE algorithms specified - using defaults | oakley_alg_makedb() processing ealg=aes=7 halg=sha2_256=4 modp=MODP2048=14 eklen=0 | oakley_alg_makedb() processing ealg=aes=7 halg=sha2_512=6 modp=MODP2048=14 eklen=0 | oakley_alg_makedb() processing ealg=aes=7 halg=sha=2 modp=MODP2048=14 eklen=0 | oakley_alg_makedb() processing ealg=aes=7 halg=sha2_256=4 modp=MODP1536=5 eklen=0 | oakley_alg_makedb() processing ealg=aes=7 halg=sha2_512=6 modp=MODP1536=5 eklen=0 | oakley_alg_makedb() processing ealg=aes=7 halg=sha=2 modp=MODP1536=5 eklen=0 | oakley_alg_makedb() processing ealg=3des_cbc=5 halg=sha2_256=4 modp=MODP2048=14 eklen=0 | oakley_alg_makedb() processing ealg=3des_cbc=5 halg=sha2_512=6 modp=MODP2048=14 eklen=0 | oakley_alg_makedb() processing ealg=3des_cbc=5 halg=sha=2 modp=MODP2048=14 eklen=0 | oakley_alg_makedb() processing ealg=3des_cbc=5 halg=sha2_256=4 modp=MODP1536=5 eklen=0 | oakley_alg_makedb() processing ealg=3des_cbc=5 halg=sha2_512=6 modp=MODP1536=5 eklen=0 | oakley_alg_makedb() processing ealg=3des_cbc=5 halg=sha=2 modp=MODP1536=5 eklen=0 | oakley_alg_makedb() returning 0x5621c87f6ee8 | ***emit ISAKMP Security Association Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | DOI: ISAKMP_DOI_IPSEC (0x1) | next payload chain: ignoring supplied 'ISAKMP Security Association Payload'.'next payload type' value 13:ISAKMP_NEXT_VID | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Security Association Payload (1:ISAKMP_NEXT_SA) | next payload chain: saving location 'ISAKMP Security Association Payload'.'next payload type' in 'reply packet' | ****emit IPsec DOI SIT: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) | ikev1_out_sa pcn: 0 has 1 valid proposals | ikev1_out_sa pcn: 0 pn: 0<1 valid_count: 1 trans_cnt: 18 | ****emit ISAKMP Proposal Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | proposal number: 0 (0x0) | protocol ID: PROTO_ISAKMP (0x1) | SPI size: 0 (0x0) | number of transforms: 18 (0x12) | last substructure: saving location 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 0 (0x0) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | [7 is OAKLEY_AES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 4 (0x4) | [4 is OAKLEY_SHA2_256] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 3 (0x3) | [3 is OAKLEY_RSA_SIG] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | emitting length of ISAKMP Transform Payload (ISAKMP): 36 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 1 (0x1) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | [7 is OAKLEY_AES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 4 (0x4) | [4 is OAKLEY_SHA2_256] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 3 (0x3) | [3 is OAKLEY_RSA_SIG] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of ISAKMP Transform Payload (ISAKMP): 36 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 2 (0x2) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | [7 is OAKLEY_AES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 6 (0x6) | [6 is OAKLEY_SHA2_512] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 3 (0x3) | [3 is OAKLEY_RSA_SIG] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | emitting length of ISAKMP Transform Payload (ISAKMP): 36 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 3 (0x3) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | [7 is OAKLEY_AES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 6 (0x6) | [6 is OAKLEY_SHA2_512] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 3 (0x3) | [3 is OAKLEY_RSA_SIG] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of ISAKMP Transform Payload (ISAKMP): 36 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 4 (0x4) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | [7 is OAKLEY_AES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 2 (0x2) | [2 is OAKLEY_SHA1] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 3 (0x3) | [3 is OAKLEY_RSA_SIG] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | emitting length of ISAKMP Transform Payload (ISAKMP): 36 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 5 (0x5) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | [7 is OAKLEY_AES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 2 (0x2) | [2 is OAKLEY_SHA1] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 3 (0x3) | [3 is OAKLEY_RSA_SIG] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of ISAKMP Transform Payload (ISAKMP): 36 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 6 (0x6) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | [7 is OAKLEY_AES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 4 (0x4) | [4 is OAKLEY_SHA2_256] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 3 (0x3) | [3 is OAKLEY_RSA_SIG] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 5 (0x5) | [5 is OAKLEY_GROUP_MODP1536] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | emitting length of ISAKMP Transform Payload (ISAKMP): 36 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 7 (0x7) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | [7 is OAKLEY_AES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 4 (0x4) | [4 is OAKLEY_SHA2_256] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 3 (0x3) | [3 is OAKLEY_RSA_SIG] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 5 (0x5) | [5 is OAKLEY_GROUP_MODP1536] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of ISAKMP Transform Payload (ISAKMP): 36 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 8 (0x8) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | [7 is OAKLEY_AES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 6 (0x6) | [6 is OAKLEY_SHA2_512] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 3 (0x3) | [3 is OAKLEY_RSA_SIG] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 5 (0x5) | [5 is OAKLEY_GROUP_MODP1536] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | emitting length of ISAKMP Transform Payload (ISAKMP): 36 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 9 (0x9) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | [7 is OAKLEY_AES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 6 (0x6) | [6 is OAKLEY_SHA2_512] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 3 (0x3) | [3 is OAKLEY_RSA_SIG] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 5 (0x5) | [5 is OAKLEY_GROUP_MODP1536] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of ISAKMP Transform Payload (ISAKMP): 36 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 10 (0xa) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | [7 is OAKLEY_AES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 2 (0x2) | [2 is OAKLEY_SHA1] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 3 (0x3) | [3 is OAKLEY_RSA_SIG] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 5 (0x5) | [5 is OAKLEY_GROUP_MODP1536] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | emitting length of ISAKMP Transform Payload (ISAKMP): 36 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 11 (0xb) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | [7 is OAKLEY_AES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 2 (0x2) | [2 is OAKLEY_SHA1] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 3 (0x3) | [3 is OAKLEY_RSA_SIG] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 5 (0x5) | [5 is OAKLEY_GROUP_MODP1536] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of ISAKMP Transform Payload (ISAKMP): 36 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 12 (0xc) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 5 (0x5) | [5 is OAKLEY_3DES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 4 (0x4) | [4 is OAKLEY_SHA2_256] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 3 (0x3) | [3 is OAKLEY_RSA_SIG] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | emitting length of ISAKMP Transform Payload (ISAKMP): 32 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 13 (0xd) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 5 (0x5) | [5 is OAKLEY_3DES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 6 (0x6) | [6 is OAKLEY_SHA2_512] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 3 (0x3) | [3 is OAKLEY_RSA_SIG] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | emitting length of ISAKMP Transform Payload (ISAKMP): 32 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 14 (0xe) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 5 (0x5) | [5 is OAKLEY_3DES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 2 (0x2) | [2 is OAKLEY_SHA1] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 3 (0x3) | [3 is OAKLEY_RSA_SIG] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | emitting length of ISAKMP Transform Payload (ISAKMP): 32 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 15 (0xf) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 5 (0x5) | [5 is OAKLEY_3DES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 4 (0x4) | [4 is OAKLEY_SHA2_256] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 3 (0x3) | [3 is OAKLEY_RSA_SIG] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 5 (0x5) | [5 is OAKLEY_GROUP_MODP1536] | emitting length of ISAKMP Transform Payload (ISAKMP): 32 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 16 (0x10) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 5 (0x5) | [5 is OAKLEY_3DES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 6 (0x6) | [6 is OAKLEY_SHA2_512] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 3 (0x3) | [3 is OAKLEY_RSA_SIG] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 5 (0x5) | [5 is OAKLEY_GROUP_MODP1536] | emitting length of ISAKMP Transform Payload (ISAKMP): 32 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP transform number: 17 (0x11) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 5 (0x5) | [5 is OAKLEY_3DES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 2 (0x2) | [2 is OAKLEY_SHA1] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 3 (0x3) | [3 is OAKLEY_RSA_SIG] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 5 (0x5) | [5 is OAKLEY_GROUP_MODP1536] | emitting length of ISAKMP Transform Payload (ISAKMP): 32 | emitting length of ISAKMP Proposal Payload: 632 | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is 0 | emitting length of ISAKMP Security Association Payload: 644 | last substructure: checking 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' is 0 | out_vid(): sending [FRAGMENTATION] | ***emit ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | next payload chain: ignoring supplied 'ISAKMP Vendor ID Payload'.'next payload type' value 13:ISAKMP_NEXT_VID | next payload chain: setting previous 'ISAKMP Security Association Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload | V_ID 40 48 b7 d5 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3 | emitting length of ISAKMP Vendor ID Payload: 20 | out_vid(): sending [Dead Peer Detection] | ***emit ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload | V_ID af ca d7 13 68 a1 f1 c9 6b 86 96 fc 77 57 01 00 | emitting length of ISAKMP Vendor ID Payload: 20 | nat add vid | sending draft and RFC NATT VIDs | out_vid(): sending [RFC 3947] | ***emit ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | next payload chain: ignoring supplied 'ISAKMP Vendor ID Payload'.'next payload type' value 13:ISAKMP_NEXT_VID | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload | V_ID 4a 13 1c 81 07 03 58 45 5c 57 28 f2 0e 95 45 2f | emitting length of ISAKMP Vendor ID Payload: 20 | skipping VID_NATT_RFC | out_vid(): sending [draft-ietf-ipsec-nat-t-ike-03] | ***emit ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | next payload chain: ignoring supplied 'ISAKMP Vendor ID Payload'.'next payload type' value 13:ISAKMP_NEXT_VID | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload | V_ID 7d 94 19 a6 53 10 ca 6f 2c 17 9d 92 15 52 9d 56 | emitting length of ISAKMP Vendor ID Payload: 20 | out_vid(): sending [draft-ietf-ipsec-nat-t-ike-02_n] | ***emit ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | next payload chain: ignoring supplied 'ISAKMP Vendor ID Payload'.'next payload type' value 13:ISAKMP_NEXT_VID | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload | V_ID 90 cb 80 91 3e bb 69 6e 08 63 81 b5 ec 42 7b 1f | emitting length of ISAKMP Vendor ID Payload: 20 | out_vid(): sending [draft-ietf-ipsec-nat-t-ike-02] | ***emit ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload | V_ID cd 60 46 43 35 df 21 f8 7c fd b2 fc 68 b6 a4 48 | emitting length of ISAKMP Vendor ID Payload: 20 | no IKEv1 message padding required | emitting length of ISAKMP Message: 792 | sending 792 bytes for reply packet for main_outI1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #2) | 11 a9 0d be 27 ac 9c 21 00 00 00 00 00 00 00 00 | 01 10 02 00 00 00 00 00 00 00 03 18 0d 00 02 84 | 00 00 00 01 00 00 00 01 00 00 02 78 00 01 00 12 | 03 00 00 24 00 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 07 80 02 00 04 80 03 00 03 80 04 00 0e | 80 0e 01 00 03 00 00 24 01 01 00 00 80 0b 00 01 | 80 0c 0e 10 80 01 00 07 80 02 00 04 80 03 00 03 | 80 04 00 0e 80 0e 00 80 03 00 00 24 02 01 00 00 | 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 06 | 80 03 00 03 80 04 00 0e 80 0e 01 00 03 00 00 24 | 03 01 00 00 80 0b 00 01 80 0c 0e 10 80 01 00 07 | 80 02 00 06 80 03 00 03 80 04 00 0e 80 0e 00 80 | 03 00 00 24 04 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 07 80 02 00 02 80 03 00 03 80 04 00 0e | 80 0e 01 00 03 00 00 24 05 01 00 00 80 0b 00 01 | 80 0c 0e 10 80 01 00 07 80 02 00 02 80 03 00 03 | 80 04 00 0e 80 0e 00 80 03 00 00 24 06 01 00 00 | 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 04 | 80 03 00 03 80 04 00 05 80 0e 01 00 03 00 00 24 | 07 01 00 00 80 0b 00 01 80 0c 0e 10 80 01 00 07 | 80 02 00 04 80 03 00 03 80 04 00 05 80 0e 00 80 | 03 00 00 24 08 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 07 80 02 00 06 80 03 00 03 80 04 00 05 | 80 0e 01 00 03 00 00 24 09 01 00 00 80 0b 00 01 | 80 0c 0e 10 80 01 00 07 80 02 00 06 80 03 00 03 | 80 04 00 05 80 0e 00 80 03 00 00 24 0a 01 00 00 | 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 02 | 80 03 00 03 80 04 00 05 80 0e 01 00 03 00 00 24 | 0b 01 00 00 80 0b 00 01 80 0c 0e 10 80 01 00 07 | 80 02 00 02 80 03 00 03 80 04 00 05 80 0e 00 80 | 03 00 00 20 0c 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 05 80 02 00 04 80 03 00 03 80 04 00 0e | 03 00 00 20 0d 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 05 80 02 00 06 80 03 00 03 80 04 00 0e | 03 00 00 20 0e 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 05 80 02 00 02 80 03 00 03 80 04 00 0e | 03 00 00 20 0f 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 05 80 02 00 04 80 03 00 03 80 04 00 05 | 03 00 00 20 10 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 05 80 02 00 06 80 03 00 03 80 04 00 05 | 00 00 00 20 11 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 05 80 02 00 02 80 03 00 03 80 04 00 05 | 0d 00 00 14 40 48 b7 d5 6e bc e8 85 25 e7 de 7f | 00 d6 c2 d3 0d 00 00 14 af ca d7 13 68 a1 f1 c9 | 6b 86 96 fc 77 57 01 00 0d 00 00 14 4a 13 1c 81 | 07 03 58 45 5c 57 28 f2 0e 95 45 2f 0d 00 00 14 | 7d 94 19 a6 53 10 ca 6f 2c 17 9d 92 15 52 9d 56 | 0d 00 00 14 90 cb 80 91 3e bb 69 6e 08 63 81 b5 | ec 42 7b 1f 00 00 00 14 cd 60 46 43 35 df 21 f8 | 7c fd b2 fc 68 b6 a4 48 "nss-cert-chain" #2: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds | event_schedule: new EVENT_RETRANSMIT-pe@0x5621c87ecb38 | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #2 | libevent_malloc: new ptr-libevent@0x7f6ae4000f48 size 128 | #2 STATE_MAIN_I1: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 11482.185002 | #2 spent 1.5 milliseconds in main_outI1() | stop processing: state #2 connection "nss-cert-chain" from 192.1.2.23 (in main_outI1() at ikev1_main.c:228) | start processing: state #1 connection "nss-cert-chain" from 192.1.2.23 (in retransmit_v1_msg() at retry.c:124) | pstats #1 ikev1.isakmp failed too-many-retransmits | pstats #1 ikev1.isakmp deleted too-many-retransmits | [RE]START processing: state #1 connection "nss-cert-chain" from 192.1.2.23 (in delete_state() at state.c:879) "nss-cert-chain" #1: deleting state (STATE_MAIN_I3) aged 60.008s and NOT sending notification | parent state #1: MAIN_I3(open IKE SA) => delete | State DB: IKEv1 state not found (flush_incomplete_children) | picked newest_isakmp_sa #0 for #1 "nss-cert-chain" #1: deleting IKE SA for connection 'nss-cert-chain' but connection is supposed to remain up; schedule EVENT_REVIVE_CONNS | add revival: connection 'nss-cert-chain' added to the list and scheduled for 0 seconds | global one-shot timer EVENT_REVIVE_CONNS scheduled in 0 seconds | in connection_discard for connection nss-cert-chain | State DB: deleting IKEv1 state #1 in MAIN_I3 | parent state #1: MAIN_I3(open IKE SA) => UNDEFINED(ignore) | stop processing: state #1 from 192.1.2.23 (in delete_state() at state.c:1143) | libevent_free: release ptr-libevent@0x5621c87c3c38 | free_event_entry: release EVENT_RETRANSMIT-pe@0x5621c87f0878 | in statetime_stop() and could not find #1 | processing: STOP state #0 (in timer_event_cb() at timer.c:557) | processing global timer EVENT_REVIVE_CONNS Initiating connection nss-cert-chain which received a Delete/Notify but must remain up per local policy | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "nss-cert-chain" (in initiate_a_connection() at initiate.c:186) | empty esp_info, returning defaults for ENCRYPT | connection 'nss-cert-chain' +POLICY_UP | dup_any(fd@-1) -> fd@-1 (in initiate_a_connection() at initiate.c:342) | FOR_EACH_STATE_... in find_phase1_state | same_id() received ID_FROMCERT - unexpected | Ignored already queued up pending IPsec SA negotiation with 192.1.2.23 "nss-cert-chain" | stop processing: connection "nss-cert-chain" (in initiate_a_connection() at initiate.c:349) | spent 0.034 milliseconds in global timer EVENT_REVIVE_CONNS | spent 0.00178 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 144 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | 11 a9 0d be 27 ac 9c 21 58 1c 29 27 61 fe 50 8b | 01 10 02 00 00 00 00 00 00 00 00 90 0d 00 00 38 | 00 00 00 01 00 00 00 01 00 00 00 2c 00 01 00 01 | 00 00 00 24 00 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 07 80 02 00 04 80 03 00 03 80 04 00 0e | 80 0e 01 00 0d 00 00 14 40 48 b7 d5 6e bc e8 85 | 25 e7 de 7f 00 d6 c2 d3 0d 00 00 14 af ca d7 13 | 68 a1 f1 c9 6b 86 96 fc 77 57 01 00 00 00 00 14 | 4a 13 1c 81 07 03 58 45 5c 57 28 f2 0e 95 45 2f | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 11 a9 0d be 27 ac 9c 21 | responder cookie: | 58 1c 29 27 61 fe 50 8b | next payload type: ISAKMP_NEXT_SA (0x1) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 144 (0x90) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: IKEv1 state not found (find_state_ikev1) | State DB: found IKEv1 state #2 in MAIN_I1 (find_state_ikev1_init) | start processing: state #2 connection "nss-cert-chain" from 192.1.2.23 (in process_v1_packet() at ikev1.c:1459) | #2 is idle | #2 idle | got payload 0x2 (ISAKMP_NEXT_SA) needed: 0x2 opt: 0x2080 | ***parse ISAKMP Security Association Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | length: 56 (0x38) | DOI: ISAKMP_DOI_IPSEC (0x1) | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 | ***parse ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | length: 20 (0x14) | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 | ***parse ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | length: 20 (0x14) | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 | ***parse ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 20 (0x14) | message 'main_inR1_outI2' HASH payload not checked early | received Vendor ID payload [FRAGMENTATION] | received Vendor ID payload [Dead Peer Detection] | quirks.qnat_traversal_vid set to=117 [RFC 3947] | received Vendor ID payload [RFC 3947] | ****parse IPsec DOI SIT: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) | ****parse ISAKMP Proposal Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 44 (0x2c) | proposal number: 0 (0x0) | protocol ID: PROTO_ISAKMP (0x1) | SPI size: 0 (0x0) | number of transforms: 1 (0x1) | *****parse ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 36 (0x24) | ISAKMP transform number: 0 (0x0) | ISAKMP transform ID: KEY_IKE (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | [7 is OAKLEY_AES_CBC] | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 4 (0x4) | [4 is OAKLEY_SHA2_256] | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 3 (0x3) | [3 is OAKLEY_RSA_SIG] | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | OAKLEY proposal verified unconditionally; no alg_info to check against | Oakley Transform 0 accepted | sender checking NAT-T: enabled; VID 117 | returning NAT-T method NAT_TRAVERSAL_METHOD_IETF_RFC | enabling possible NAT-traversal with method RFC 3947 (NAT-Traversal) | adding outI2 KE work-order 3 for state #2 | state #2 requesting EVENT_RETRANSMIT to be deleted | #2 STATE_MAIN_I1: retransmits: cleared | libevent_free: release ptr-libevent@0x7f6ae4000f48 | free_event_entry: release EVENT_RETRANSMIT-pe@0x5621c87ecb38 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x5621c87ecb38 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #2 | libevent_malloc: new ptr-libevent@0x7f6aec003878 size 128 | complete v1 state transition with STF_SUSPEND | [RE]START processing: state #2 connection "nss-cert-chain" from 192.1.2.23 (in complete_v1_state_transition() at ikev1.c:2648) | suspending state #2 and saving MD | #2 is busy; has a suspended MD | crypto helper 3 resuming | #2 spent 0.0854 milliseconds in process_packet_tail() | crypto helper 3 starting work-order 3 for state #2 | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) | crypto helper 3 doing build KE and nonce (outI2 KE); request ID 3 | stop processing: state #2 connection "nss-cert-chain" from 192.1.2.23 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.182 milliseconds in comm_handle_cb() reading and processing packet | crypto helper 3 finished build KE and nonce (outI2 KE); request ID 3 time elapsed 0.000686 seconds | (#2) spent 0.675 milliseconds in crypto helper computing work-order 3: outI2 KE (pcr) | crypto helper 3 sending results from work-order 3 for state #2 to event queue | scheduling resume sending helper answer for #2 | libevent_malloc: new ptr-libevent@0x7f6ae8002888 size 128 | crypto helper 3 waiting (nothing to do) | processing resume sending helper answer for #2 | start processing: state #2 connection "nss-cert-chain" from 192.1.2.23 (in resume_handler() at server.c:797) | crypto helper 3 replies to request ID 3 | calling continuation function 0x5621c7019b50 | main_inR1_outI2_continue for #2: calculated ke+nonce, sending I2 | **emit ISAKMP Message: | initiator cookie: | 11 a9 0d be 27 ac 9c 21 | responder cookie: | 58 1c 29 27 61 fe 50 8b | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit ISAKMP Key Exchange Payload: | next payload type: ISAKMP_NEXT_NONCE (0xa) | next payload chain: ignoring supplied 'ISAKMP Key Exchange Payload'.'next payload type' value 10:ISAKMP_NEXT_NONCE | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Key Exchange Payload (4:ISAKMP_NEXT_KE) | next payload chain: saving location 'ISAKMP Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of keyex value into ISAKMP Key Exchange Payload | keyex value 43 4d 93 3d 6d 1e e2 96 f3 5d 4a c6 98 13 8f 57 | keyex value a8 f9 62 99 be 56 c2 5d 60 32 84 cf 3d 93 3e 6e | keyex value 69 99 af 24 00 e2 36 db a6 d6 7f c0 7f e9 a7 42 | keyex value b0 01 0f 1c 61 d7 44 fa 0d 0c cf ea 39 92 85 b8 | keyex value 09 e5 44 e0 04 90 cd e6 8e 05 fe 1a cf a0 a3 c3 | keyex value 21 c8 70 be 65 da 2b c1 ed d7 98 28 82 ec 9a c1 | keyex value 8f fe 54 5b b8 9c bf 96 c9 9e 98 a5 30 70 88 dc | keyex value 3c 2d 66 7b 3b df 19 38 8b 9c 27 23 fc 48 bf f6 | keyex value ae d3 a8 dc ab 3b 33 17 47 65 05 bf 14 74 e9 fe | keyex value e6 3c a2 fe 81 ce 91 50 ba 48 55 8f 59 a0 8d d3 | keyex value cb 36 97 b6 9f d2 e8 57 84 fb 45 40 40 c4 e5 c2 | keyex value 26 ff 7b 0d cc 09 19 98 62 54 4f cb be 0d 0c d9 | keyex value 60 34 4e 8e 18 75 f7 0b a2 50 d2 60 80 6d 9a e9 | keyex value d8 b7 cb 25 aa e3 a8 78 c7 3f 1e 03 47 33 48 2f | keyex value 11 7b 90 45 63 fe f1 e2 f7 c2 bd 19 8c aa af 98 | keyex value eb 8c 2b 82 67 fe 2a a0 ae aa 3d 60 52 72 00 75 | emitting length of ISAKMP Key Exchange Payload: 260 | ***emit ISAKMP Nonce Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Key Exchange Payload'.'next payload type' to current ISAKMP Nonce Payload (10:ISAKMP_NEXT_NONCE) | next payload chain: saving location 'ISAKMP Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of Ni into ISAKMP Nonce Payload | Ni 29 77 8c 9d c8 16 0b 2b 35 58 b7 75 ed 01 bc 11 | Ni fd b9 c4 f2 2a d8 d2 fd f3 f8 29 47 f4 59 98 c0 | emitting length of ISAKMP Nonce Payload: 36 | NAT-T checking st_nat_traversal | NAT-T found (implies NAT_T_WITH_NATD) | sending NAT-D payloads | natd_hash: hasher=0x5621c70eeca0(32) | natd_hash: icookie= 11 a9 0d be 27 ac 9c 21 | natd_hash: rcookie= 58 1c 29 27 61 fe 50 8b | natd_hash: ip= c0 01 02 17 | natd_hash: port=500 | natd_hash: hash= 8b 9d 3a c3 38 95 7d 20 16 24 27 19 d3 6f 1b ef | natd_hash: hash= 38 28 ea 92 55 fe dd 05 fd 06 95 77 1f fe 13 33 | ***emit ISAKMP NAT-D Payload: | next payload type: ISAKMP_NEXT_NATD_RFC (0x14) | next payload chain: ignoring supplied 'ISAKMP NAT-D Payload'.'next payload type' value 20:ISAKMP_NEXT_NATD_RFC | next payload chain: setting previous 'ISAKMP Nonce Payload'.'next payload type' to current ISAKMP NAT-D Payload (20:ISAKMP_NEXT_NATD_RFC) | next payload chain: saving location 'ISAKMP NAT-D Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of NAT-D into ISAKMP NAT-D Payload | NAT-D 8b 9d 3a c3 38 95 7d 20 16 24 27 19 d3 6f 1b ef | NAT-D 38 28 ea 92 55 fe dd 05 fd 06 95 77 1f fe 13 33 | emitting length of ISAKMP NAT-D Payload: 36 | natd_hash: hasher=0x5621c70eeca0(32) | natd_hash: icookie= 11 a9 0d be 27 ac 9c 21 | natd_hash: rcookie= 58 1c 29 27 61 fe 50 8b | natd_hash: ip= c0 01 02 2d | natd_hash: port=500 | natd_hash: hash= 64 80 2a 74 9e 0a 6f 7d dd dc 81 6d fb 2f 2b b3 | natd_hash: hash= 70 f7 55 b6 53 90 49 54 ea cf 46 c6 35 91 d4 67 | ***emit ISAKMP NAT-D Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP NAT-D Payload'.'next payload type' to current ISAKMP NAT-D Payload (20:ISAKMP_NEXT_NATD_RFC) | next payload chain: saving location 'ISAKMP NAT-D Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of NAT-D into ISAKMP NAT-D Payload | NAT-D 64 80 2a 74 9e 0a 6f 7d dd dc 81 6d fb 2f 2b b3 | NAT-D 70 f7 55 b6 53 90 49 54 ea cf 46 c6 35 91 d4 67 | emitting length of ISAKMP NAT-D Payload: 36 | no IKEv1 message padding required | emitting length of ISAKMP Message: 396 | State DB: re-hashing IKEv1 state #2 IKE SPIi and SPI[ir] | complete v1 state transition with STF_OK | [RE]START processing: state #2 connection "nss-cert-chain" from 192.1.2.23 (in complete_v1_state_transition() at ikev1.c:2673) | #2 is idle | doing_xauth:no, t_xauth_client_done:no | peer supports fragmentation | peer supports DPD | IKEv1: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2 | parent state #2: MAIN_I1(half-open IKE SA) => MAIN_I2(open IKE SA) | event_already_set, deleting event | state #2 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f6aec003878 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x5621c87ecb38 | sending reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending 396 bytes for STATE_MAIN_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #2) | 11 a9 0d be 27 ac 9c 21 58 1c 29 27 61 fe 50 8b | 04 10 02 00 00 00 00 00 00 00 01 8c 0a 00 01 04 | 43 4d 93 3d 6d 1e e2 96 f3 5d 4a c6 98 13 8f 57 | a8 f9 62 99 be 56 c2 5d 60 32 84 cf 3d 93 3e 6e | 69 99 af 24 00 e2 36 db a6 d6 7f c0 7f e9 a7 42 | b0 01 0f 1c 61 d7 44 fa 0d 0c cf ea 39 92 85 b8 | 09 e5 44 e0 04 90 cd e6 8e 05 fe 1a cf a0 a3 c3 | 21 c8 70 be 65 da 2b c1 ed d7 98 28 82 ec 9a c1 | 8f fe 54 5b b8 9c bf 96 c9 9e 98 a5 30 70 88 dc | 3c 2d 66 7b 3b df 19 38 8b 9c 27 23 fc 48 bf f6 | ae d3 a8 dc ab 3b 33 17 47 65 05 bf 14 74 e9 fe | e6 3c a2 fe 81 ce 91 50 ba 48 55 8f 59 a0 8d d3 | cb 36 97 b6 9f d2 e8 57 84 fb 45 40 40 c4 e5 c2 | 26 ff 7b 0d cc 09 19 98 62 54 4f cb be 0d 0c d9 | 60 34 4e 8e 18 75 f7 0b a2 50 d2 60 80 6d 9a e9 | d8 b7 cb 25 aa e3 a8 78 c7 3f 1e 03 47 33 48 2f | 11 7b 90 45 63 fe f1 e2 f7 c2 bd 19 8c aa af 98 | eb 8c 2b 82 67 fe 2a a0 ae aa 3d 60 52 72 00 75 | 14 00 00 24 29 77 8c 9d c8 16 0b 2b 35 58 b7 75 | ed 01 bc 11 fd b9 c4 f2 2a d8 d2 fd f3 f8 29 47 | f4 59 98 c0 14 00 00 24 8b 9d 3a c3 38 95 7d 20 | 16 24 27 19 d3 6f 1b ef 38 28 ea 92 55 fe dd 05 | fd 06 95 77 1f fe 13 33 00 00 00 24 64 80 2a 74 | 9e 0a 6f 7d dd dc 81 6d fb 2f 2b b3 70 f7 55 b6 | 53 90 49 54 ea cf 46 c6 35 91 d4 67 | !event_already_set at reschedule "nss-cert-chain" #2: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds | event_schedule: new EVENT_RETRANSMIT-pe@0x5621c87ecb38 | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #2 | libevent_malloc: new ptr-libevent@0x5621c87ef458 size 128 | #2 STATE_MAIN_I2: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 11482.186687 "nss-cert-chain" #2: STATE_MAIN_I2: sent MI2, expecting MR2 | modecfg pull: noquirk policy:push not-client | phase 1 is done, looking for phase 2 to unpend | resume sending helper answer for #2 suppresed complete_v1_state_transition() | #2 spent 0.238 milliseconds in resume sending helper answer | stop processing: state #2 connection "nss-cert-chain" from 192.1.2.23 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f6ae8002888 | spent 0.00214 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 396 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | 11 a9 0d be 27 ac 9c 21 58 1c 29 27 61 fe 50 8b | 04 10 02 00 00 00 00 00 00 00 01 8c 0a 00 01 04 | f1 b8 e6 38 b5 59 27 25 ce 2c c7 52 60 3e c4 bc | 6e 85 4c 01 11 cb 0e 52 8c 8d 21 49 3b 3b 2d 79 | a3 3a ea f9 5d fe 14 53 69 ed 68 0d 9e 56 16 32 | 5a 76 38 fc a3 74 9c 85 bd eb da ee cc c8 25 cb | 51 f9 80 46 42 50 04 67 31 7c 0c 20 aa 58 d4 34 | c0 44 51 a4 f6 af d4 aa 43 fd 65 a5 7c a8 b9 bb | ef d4 70 ab 63 ab ac 6d 7b 42 e0 4c 89 62 3f 93 | a5 d7 cc 0d 29 6e 93 16 96 bb 58 b8 b2 bd 9b c1 | 01 0e 27 e2 3e 9e 1d e6 48 9a dd bb a8 68 38 50 | f1 4a b0 e9 8b fb 74 87 3a b5 05 8f 94 8c c3 b5 | 93 d2 78 35 5d 19 db 65 66 21 2f 8e 7d a2 1e 57 | 27 5f 50 f7 a4 45 0e 91 6d 5c e8 e2 9f 8d c4 00 | 79 83 e1 4e 93 1c 5a 2b 83 e8 4a 9b 5e bd f4 5c | 69 e3 5a 00 b7 90 1a a7 4f 94 b6 5b 00 fa 6a 9d | 45 37 60 c4 fa b4 64 70 b4 82 ed 52 2a a0 e6 10 | 38 9c 8c da 66 a9 a6 cf a1 ce a3 a5 d6 e9 95 ac | 14 00 00 24 bb e1 67 f1 77 a6 8a 61 c0 25 68 cc | c8 1b 2c 82 b6 d3 83 bf 68 d1 f5 bc b8 16 79 60 | d1 71 5e 68 14 00 00 24 64 80 2a 74 9e 0a 6f 7d | dd dc 81 6d fb 2f 2b b3 70 f7 55 b6 53 90 49 54 | ea cf 46 c6 35 91 d4 67 00 00 00 24 8b 9d 3a c3 | 38 95 7d 20 16 24 27 19 d3 6f 1b ef 38 28 ea 92 | 55 fe dd 05 fd 06 95 77 1f fe 13 33 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 11 a9 0d be 27 ac 9c 21 | responder cookie: | 58 1c 29 27 61 fe 50 8b | next payload type: ISAKMP_NEXT_KE (0x4) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 396 (0x18c) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #2 in MAIN_I2 (find_state_ikev1) | start processing: state #2 connection "nss-cert-chain" from 192.1.2.23 (in process_v1_packet() at ikev1.c:1459) | #2 is idle | #2 idle | got payload 0x10 (ISAKMP_NEXT_KE) needed: 0x410 opt: 0x102080 | ***parse ISAKMP Key Exchange Payload: | next payload type: ISAKMP_NEXT_NONCE (0xa) | length: 260 (0x104) | got payload 0x400 (ISAKMP_NEXT_NONCE) needed: 0x400 opt: 0x102080 | ***parse ISAKMP Nonce Payload: | next payload type: ISAKMP_NEXT_NATD_RFC (0x14) | length: 36 (0x24) | got payload 0x100000 (ISAKMP_NEXT_NATD_RFC) needed: 0x0 opt: 0x102080 | ***parse ISAKMP NAT-D Payload: | next payload type: ISAKMP_NEXT_NATD_RFC (0x14) | length: 36 (0x24) | got payload 0x100000 (ISAKMP_NEXT_NATD_RFC) needed: 0x0 opt: 0x102080 | ***parse ISAKMP NAT-D Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 36 (0x24) | message 'main_inR2_outI3' HASH payload not checked early | started looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west_chain_endcert.testing.libreswan.org, E=west_chain_endcert@testing.libreswan.org->%fromcert of kind PKK_PSK | actually looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west_chain_endcert.testing.libreswan.org, E=west_chain_endcert@testing.libreswan.org->%fromcert of kind PKK_PSK | line 0: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west_chain_endcert.testing.libreswan.org, E=west_chain_endcert@testing.libreswan.org) to type PKK_RSA | line 1: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west_chain_endcert.testing.libreswan.org, E=west_chain_endcert@testing.libreswan.org) to type PKK_RSA | concluding with best_match=000 best=(nil) (lineno=-1) | no PreShared Key Found | adding aggr outR1 DH work-order 4 for state #2 | state #2 requesting EVENT_RETRANSMIT to be deleted | #2 STATE_MAIN_I2: retransmits: cleared | libevent_free: release ptr-libevent@0x5621c87ef458 | free_event_entry: release EVENT_RETRANSMIT-pe@0x5621c87ecb38 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x5621c87ecb38 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #2 | libevent_malloc: new ptr-libevent@0x7f6ae8002888 size 128 | complete v1 state transition with STF_SUSPEND | [RE]START processing: state #2 connection "nss-cert-chain" from 192.1.2.23 (in complete_v1_state_transition() at ikev1.c:2648) | suspending state #2 and saving MD | #2 is busy; has a suspended MD | #2 spent 0.0562 milliseconds in process_packet_tail() | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #2 connection "nss-cert-chain" from 192.1.2.23 (in process_md() at demux.c:382) | crypto helper 6 resuming | crypto helper 6 starting work-order 4 for state #2 | processing: STOP connection NULL (in process_md() at demux.c:383) | crypto helper 6 doing compute dh+iv (V1 Phase 1) (aggr outR1 DH); request ID 4 | spent 0.176 milliseconds in comm_handle_cb() reading and processing packet | crypto helper 6 finished compute dh+iv (V1 Phase 1) (aggr outR1 DH); request ID 4 time elapsed 0.00072 seconds | (#2) spent 0.723 milliseconds in crypto helper computing work-order 4: aggr outR1 DH (pcr) | crypto helper 6 sending results from work-order 4 for state #2 to event queue | scheduling resume sending helper answer for #2 | libevent_malloc: new ptr-libevent@0x7f6adc000f48 size 128 | crypto helper 6 waiting (nothing to do) | processing resume sending helper answer for #2 | start processing: state #2 connection "nss-cert-chain" from 192.1.2.23 (in resume_handler() at server.c:797) | crypto helper 6 replies to request ID 4 | calling continuation function 0x5621c7019b50 | main_inR2_outI3_cryptotail for #2: calculated DH, sending R1 | **emit ISAKMP Message: | initiator cookie: | 11 a9 0d be 27 ac 9c 21 | responder cookie: | 58 1c 29 27 61 fe 50 8b | next payload type: ISAKMP_NEXT_ID (0x5) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | next payload chain: ignoring supplied 'ISAKMP Message'.'next payload type' value 5:ISAKMP_NEXT_ID | thinking about whether to send my certificate: | I have RSA key: OAKLEY_RSA_SIG cert.type: CERT_X509_SIGNATURE | sendcert: CERT_ALWAYSSEND and I did not get a certificate request | so send cert. | Sending one or more authcerts | I am sending a certificate request | I will NOT send an initial contact payload | init checking NAT-T: enabled; RFC 3947 (NAT-Traversal) | natd_hash: hasher=0x5621c70eeca0(32) | natd_hash: icookie= 11 a9 0d be 27 ac 9c 21 | natd_hash: rcookie= 58 1c 29 27 61 fe 50 8b | natd_hash: ip= c0 01 02 2d | natd_hash: port=500 | natd_hash: hash= 64 80 2a 74 9e 0a 6f 7d dd dc 81 6d fb 2f 2b b3 | natd_hash: hash= 70 f7 55 b6 53 90 49 54 ea cf 46 c6 35 91 d4 67 | natd_hash: hasher=0x5621c70eeca0(32) | natd_hash: icookie= 11 a9 0d be 27 ac 9c 21 | natd_hash: rcookie= 58 1c 29 27 61 fe 50 8b | natd_hash: ip= c0 01 02 17 | natd_hash: port=500 | natd_hash: hash= 8b 9d 3a c3 38 95 7d 20 16 24 27 19 d3 6f 1b ef | natd_hash: hash= 38 28 ea 92 55 fe dd 05 fd 06 95 77 1f fe 13 33 | expected NAT-D(me): 64 80 2a 74 9e 0a 6f 7d dd dc 81 6d fb 2f 2b b3 | expected NAT-D(me): 70 f7 55 b6 53 90 49 54 ea cf 46 c6 35 91 d4 67 | expected NAT-D(him): | 8b 9d 3a c3 38 95 7d 20 16 24 27 19 d3 6f 1b ef | 38 28 ea 92 55 fe dd 05 fd 06 95 77 1f fe 13 33 | received NAT-D: 64 80 2a 74 9e 0a 6f 7d dd dc 81 6d fb 2f 2b b3 | received NAT-D: 70 f7 55 b6 53 90 49 54 ea cf 46 c6 35 91 d4 67 | received NAT-D: 8b 9d 3a c3 38 95 7d 20 16 24 27 19 d3 6f 1b ef | received NAT-D: 38 28 ea 92 55 fe dd 05 fd 06 95 77 1f fe 13 33 | NAT_TRAVERSAL encaps using auto-detect | NAT_TRAVERSAL this end is NOT behind NAT | NAT_TRAVERSAL that end is NOT behind NAT | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.23 | NAT-Traversal: Result using RFC 3947 (NAT-Traversal) sender port 500: no NAT detected | NAT_T_WITH_KA detected | global one-shot timer EVENT_NAT_T_KEEPALIVE scheduled in 20 seconds | ***emit ISAKMP Identification Payload (IPsec DOI): | next payload type: ISAKMP_NEXT_CERT (0x6) | ID type: ID_DER_ASN1_DN (0x9) | Protocol ID: 0 (0x0) | port: 0 (0x0) | next payload chain: ignoring supplied 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' value 6:ISAKMP_NEXT_CERT | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' | emitting 206 raw bytes of my identity into ISAKMP Identification Payload (IPsec DOI) | my identity 30 81 cb 31 0b 30 09 06 03 55 04 06 13 02 43 41 | my identity 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 | my identity 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 | my identity 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c | my identity 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 | my identity 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 | my identity 6e 74 31 31 30 2f 06 03 55 04 03 0c 28 77 65 73 | my identity 74 5f 63 68 61 69 6e 5f 65 6e 64 63 65 72 74 2e | my identity 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 | my identity 6e 2e 6f 72 67 31 37 30 35 06 09 2a 86 48 86 f7 | my identity 0d 01 09 01 16 28 77 65 73 74 5f 63 68 61 69 6e | my identity 5f 65 6e 64 63 65 72 74 40 74 65 73 74 69 6e 67 | my identity 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 | emitting length of ISAKMP Identification Payload (IPsec DOI): 214 "nss-cert-chain" #2: I am sending my cert | ***emit ISAKMP Certificate Payload: | next payload type: ISAKMP_NEXT_CERT (0x6) | cert encoding: CERT_X509_SIGNATURE (0x4) | next payload chain: ignoring supplied 'ISAKMP Certificate Payload'.'next payload type' value 6:ISAKMP_NEXT_CERT | next payload chain: setting previous 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' to current ISAKMP Certificate Payload (6:ISAKMP_NEXT_CERT) | next payload chain: saving location 'ISAKMP Certificate Payload'.'next payload type' in 'reply packet' | emitting 1028 raw bytes of CERT into ISAKMP Certificate Payload | CERT 30 82 04 00 30 82 03 69 a0 03 02 01 02 02 01 3f | CERT 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 | CERT 81 c7 31 0b 30 09 06 03 55 04 06 13 02 43 41 31 | CERT 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 69 | CERT 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 6f | CERT 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c 69 | CERT 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 0b | CERT 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 6e | CERT 74 31 2f 30 2d 06 03 55 04 03 0c 26 77 65 73 74 | CERT 5f 63 68 61 69 6e 5f 69 6e 74 5f 32 2e 74 65 73 | CERT 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f | CERT 72 67 31 35 30 33 06 09 2a 86 48 86 f7 0d 01 09 | CERT 01 16 26 77 65 73 74 5f 63 68 61 69 6e 5f 69 6e | CERT 74 5f 32 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 | CERT 65 73 77 61 6e 2e 6f 72 67 30 22 18 0f 32 30 31 | CERT 39 30 38 32 34 30 39 30 37 35 33 5a 18 0f 32 30 | CERT 32 30 30 38 32 33 30 39 30 37 35 33 5a 30 81 cb | CERT 31 0b 30 09 06 03 55 04 06 13 02 43 41 31 10 30 | CERT 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 69 6f 31 | CERT 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 6f 6e 74 | CERT 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c 69 62 72 | CERT 65 73 77 61 6e 31 18 30 16 06 03 55 04 0b 0c 0f | CERT 54 65 73 74 20 44 65 70 61 72 74 6d 65 6e 74 31 | CERT 31 30 2f 06 03 55 04 03 0c 28 77 65 73 74 5f 63 | CERT 68 61 69 6e 5f 65 6e 64 63 65 72 74 2e 74 65 73 | CERT 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f | CERT 72 67 31 37 30 35 06 09 2a 86 48 86 f7 0d 01 09 | CERT 01 16 28 77 65 73 74 5f 63 68 61 69 6e 5f 65 6e | CERT 64 63 65 72 74 40 74 65 73 74 69 6e 67 2e 6c 69 | CERT 62 72 65 73 77 61 6e 2e 6f 72 67 30 81 9f 30 0d | CERT 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 81 8d | CERT 00 30 81 89 02 81 81 00 b7 fb 78 d1 9e d3 c0 25 | CERT 56 75 61 cb e7 ec 40 0d 2f f0 a1 88 6b f5 70 20 | CERT b7 0d d7 b7 24 5c b2 22 21 46 d5 92 3e 79 51 9c | CERT e7 39 4a 60 c4 06 7f cb df 28 51 22 3c 58 f3 2b | CERT 74 0e 24 d9 70 fc 56 f1 cd 11 9c 43 a0 9a 05 62 | CERT 45 c0 bc e2 f0 38 fd 89 a2 75 fc 20 18 24 fd a6 | CERT da d2 97 44 a0 3e c6 4c 39 ea be a3 9e d5 91 4b | CERT 32 19 bc 39 94 9b 7b 67 7d d1 87 6b 54 24 f2 80 | CERT 00 64 93 26 08 5d bd cb 02 03 01 00 01 a3 81 f1 | CERT 30 81 ee 30 09 06 03 55 1d 13 04 02 30 00 30 33 | CERT 06 03 55 1d 11 04 2c 30 2a 82 28 77 65 73 74 5f | CERT 63 68 61 69 6e 5f 65 6e 64 63 65 72 74 2e 74 65 | CERT 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 6e 2e | CERT 6f 72 67 30 0b 06 03 55 1d 0f 04 04 03 02 07 80 | CERT 30 1d 06 03 55 1d 25 04 16 30 14 06 08 2b 06 01 | CERT 05 05 07 03 01 06 08 2b 06 01 05 05 07 03 02 30 | CERT 41 06 08 2b 06 01 05 05 07 01 01 04 35 30 33 30 | CERT 31 06 08 2b 06 01 05 05 07 30 01 86 25 68 74 74 | CERT 70 3a 2f 2f 6e 69 63 2e 74 65 73 74 69 6e 67 2e | CERT 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 3a 32 35 | CERT 36 30 30 3d 06 03 55 1d 1f 04 36 30 34 30 32 a0 | CERT 30 a0 2e 86 2c 68 74 74 70 3a 2f 2f 6e 69 63 2e | CERT 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 | CERT 6e 2e 6f 72 67 2f 72 65 76 6f 6b 65 64 2e 63 72 | CERT 6c 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 | CERT 03 81 81 00 25 29 7e 43 8c 14 5b e5 01 75 e7 b8 | CERT 7e 97 19 9c 9f 86 48 14 9e ca 8f ca 31 3e 6e 41 | CERT 26 d9 68 62 64 84 32 ac 17 69 ef 25 94 ef fe 21 | CERT 22 82 bb 2c 8c 63 9e bb 8a 67 94 af 81 9b fe c6 | CERT 00 ed e5 fb 7e 65 0c 04 4a d2 bb d5 2b 28 db 58 | CERT 36 66 d7 62 24 f7 08 1b 76 97 a6 90 97 9d 9a 68 | CERT 33 a1 ed 85 54 af e1 70 b6 94 96 7f b3 4d bf d8 | CERT 84 f9 c2 78 55 c5 ea 36 fd 36 c4 c1 cd 67 1b b4 | CERT 74 b2 4d 9f | emitting length of ISAKMP Certificate Payload: 1033 "nss-cert-chain" #2: I am sending a CA cert chain | ***emit ISAKMP Certificate Payload: | next payload type: ISAKMP_NEXT_CR (0x7) | cert encoding: CERT_X509_SIGNATURE (0x4) | next payload chain: ignoring supplied 'ISAKMP Certificate Payload'.'next payload type' value 7:ISAKMP_NEXT_CR | next payload chain: setting previous 'ISAKMP Certificate Payload'.'next payload type' to current ISAKMP Certificate Payload (6:ISAKMP_NEXT_CERT) | next payload chain: saving location 'ISAKMP Certificate Payload'.'next payload type' in 'reply packet' | emitting 974 raw bytes of CERT into ISAKMP Certificate Payload | CERT 30 82 03 ca 30 82 03 33 a0 03 02 01 02 02 01 3e | CERT 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 | CERT 81 c7 31 0b 30 09 06 03 55 04 06 13 02 43 41 31 | CERT 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 69 | CERT 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 6f | CERT 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c 69 | CERT 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 0b | CERT 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 6e | CERT 74 31 2f 30 2d 06 03 55 04 03 0c 26 77 65 73 74 | CERT 5f 63 68 61 69 6e 5f 69 6e 74 5f 31 2e 74 65 73 | CERT 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f | CERT 72 67 31 35 30 33 06 09 2a 86 48 86 f7 0d 01 09 | CERT 01 16 26 77 65 73 74 5f 63 68 61 69 6e 5f 69 6e | CERT 74 5f 31 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 | CERT 65 73 77 61 6e 2e 6f 72 67 30 22 18 0f 32 30 31 | CERT 39 30 38 32 34 30 39 30 37 35 33 5a 18 0f 32 30 | CERT 32 30 30 38 32 33 30 39 30 37 35 33 5a 30 81 c7 | CERT 31 0b 30 09 06 03 55 04 06 13 02 43 41 31 10 30 | CERT 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 69 6f 31 | CERT 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 6f 6e 74 | CERT 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c 69 62 72 | CERT 65 73 77 61 6e 31 18 30 16 06 03 55 04 0b 0c 0f | CERT 54 65 73 74 20 44 65 70 61 72 74 6d 65 6e 74 31 | CERT 2f 30 2d 06 03 55 04 03 0c 26 77 65 73 74 5f 63 | CERT 68 61 69 6e 5f 69 6e 74 5f 32 2e 74 65 73 74 69 | CERT 6e 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 | CERT 31 35 30 33 06 09 2a 86 48 86 f7 0d 01 09 01 16 | CERT 26 77 65 73 74 5f 63 68 61 69 6e 5f 69 6e 74 5f | CERT 32 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 | CERT 77 61 6e 2e 6f 72 67 30 81 9f 30 0d 06 09 2a 86 | CERT 48 86 f7 0d 01 01 01 05 00 03 81 8d 00 30 81 89 | CERT 02 81 81 00 b8 ce 02 f6 35 74 d9 aa 0d 4a 5e 74 | CERT 38 99 1e 34 bd f3 fe 56 b0 bb 52 dd 3f 31 42 4a | CERT bf 9c 0b 76 e2 98 35 11 83 f2 01 a4 15 cd d8 02 | CERT 7f d1 94 fe 7b b6 71 50 6a 44 a6 69 48 c6 2c ad | CERT ce fb de 01 27 93 ad e7 a7 92 57 9b 93 7f 9b 83 | CERT 9f 92 dd 3e 51 a0 d3 03 83 26 1f 29 65 36 de 68 | CERT ec 45 fb 4c 77 ed 63 e8 98 14 e9 3a 47 98 41 95 | CERT 81 4c 89 bd 9d 21 73 9a 63 38 8b 67 fb 54 7d d1 | CERT 74 41 fd ab 02 03 01 00 01 a3 81 bf 30 81 bc 30 | CERT 0c 06 03 55 1d 13 04 05 30 03 01 01 ff 30 0b 06 | CERT 03 55 1d 0f 04 04 03 02 01 86 30 1d 06 03 55 1d | CERT 25 04 16 30 14 06 08 2b 06 01 05 05 07 03 01 06 | CERT 08 2b 06 01 05 05 07 03 02 30 41 06 08 2b 06 01 | CERT 05 05 07 01 01 04 35 30 33 30 31 06 08 2b 06 01 | CERT 05 05 07 30 01 86 25 68 74 74 70 3a 2f 2f 6e 69 | CERT 63 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 | CERT 77 61 6e 2e 6f 72 67 3a 32 35 36 30 30 3d 06 03 | CERT 55 1d 1f 04 36 30 34 30 32 a0 30 a0 2e 86 2c 68 | CERT 74 74 70 3a 2f 2f 6e 69 63 2e 74 65 73 74 69 6e | CERT 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 2f | CERT 72 65 76 6f 6b 65 64 2e 63 72 6c 30 0d 06 09 2a | CERT 86 48 86 f7 0d 01 01 0b 05 00 03 81 81 00 80 ff | CERT f6 c9 1c 5d 88 04 22 fa 17 d0 f9 c0 50 a4 53 3f | CERT 0f 0b 51 8c e7 2f 23 a9 c8 5e 3d 8f 3e 74 07 c8 | CERT 2f b2 88 6d 2c 38 2b 69 ed 12 0e 8b 2f 25 bf 78 | CERT e8 16 bd 17 cd 33 aa 13 75 d0 e0 25 69 02 07 89 | CERT 76 b8 15 21 ff bc 17 76 9d 51 68 0c 02 22 51 e4 | CERT 50 c9 ff 9c 6a 7d 8a 8a a6 38 5e bc 4a 2c 30 1b | CERT fa 2a 5d ff 87 1c 02 04 2d 32 2a d8 87 e6 24 dc | CERT e0 8f d7 13 c5 85 5a f7 3c 32 64 6e c9 d3 | emitting length of ISAKMP Certificate Payload: 979 "nss-cert-chain" #2: I am sending a certificate request | ***emit ISAKMP Certificate RequestPayload: | next payload type: ISAKMP_NEXT_SIG (0x9) | cert type: CERT_X509_SIGNATURE (0x4) | next payload chain: ignoring supplied 'ISAKMP Certificate RequestPayload'.'next payload type' value 9:ISAKMP_NEXT_SIG | next payload chain: setting previous 'ISAKMP Certificate Payload'.'next payload type' to current ISAKMP Certificate RequestPayload (7:ISAKMP_NEXT_CR) | next payload chain: saving location 'ISAKMP Certificate RequestPayload'.'next payload type' in 'reply packet' | emitting length of ISAKMP Certificate RequestPayload: 5 | started looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west_chain_endcert.testing.libreswan.org, E=west_chain_endcert@testing.libreswan.org->%fromcert of kind PKK_RSA | searching for certificate PKK_RSA:AwEAAbf7e vs PKK_RSA:AwEAAbf7e | ***emit ISAKMP Signature Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Certificate RequestPayload'.'next payload type' to current ISAKMP Signature Payload (9:ISAKMP_NEXT_SIG) | next payload chain: saving location 'ISAKMP Signature Payload'.'next payload type' in 'reply packet' | emitting 128 raw bytes of SIG_I into ISAKMP Signature Payload | SIG_I 21 b0 7d cf 45 9e a9 69 c3 17 5d 77 8b 6b 0f 49 | SIG_I e7 bb 64 b5 ee 12 8e e3 e1 4b 2e d7 8e 17 ee 0e | SIG_I 77 28 77 ac 91 61 d7 30 f4 0b 0c dd 8d 53 f2 dc | SIG_I 78 4c 26 54 cb 8c 61 83 77 aa 34 ba 67 dc 0f de | SIG_I 4a d9 2c 82 33 ca 45 34 97 39 04 d7 97 6a 2c 9f | SIG_I 62 02 ce 3f 40 3c 0b a4 d7 c4 09 bf 2c 4b e0 be | SIG_I a3 be eb 19 e4 44 d5 3d 75 45 5a 25 7f ca 92 94 | SIG_I 5d ba 49 a0 69 2f 06 e5 e6 e0 32 36 ff a5 92 1b | emitting length of ISAKMP Signature Payload: 132 | Not sending INITIAL_CONTACT | emitting 5 zero bytes of encryption padding into ISAKMP Message | no IKEv1 message padding required | emitting length of ISAKMP Message: 2396 | complete v1 state transition with STF_OK | [RE]START processing: state #2 connection "nss-cert-chain" from 192.1.2.23 (in complete_v1_state_transition() at ikev1.c:2673) | #2 is idle | doing_xauth:no, t_xauth_client_done:no | IKEv1: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3 | parent state #2: MAIN_I2(open IKE SA) => MAIN_I3(open IKE SA) | event_already_set, deleting event | state #2 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f6ae8002888 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x5621c87ecb38 | sending reply packet to 192.1.2.23:500 (from 192.1.2.45:500) | sending 2396 bytes for STATE_MAIN_I2 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #2) | 11 a9 0d be 27 ac 9c 21 58 1c 29 27 61 fe 50 8b | 05 10 02 01 00 00 00 00 00 00 09 5c b5 8e df dd | 19 ab 0a 40 01 4b 01 14 5f 6e 96 96 f0 de 49 8f | 78 64 79 3f ea 38 94 0b 12 4f 1a a3 3a 5e 92 ce | 52 6e 7a 0f d3 0c 0f 64 ff 6a a5 19 b3 99 a7 45 | a7 fb fe b6 23 97 e7 ef be c1 38 07 94 60 34 eb | 53 d2 38 ca f7 11 ea 66 7b 20 de 19 9a 19 c3 fa | 17 8c 10 73 b8 d1 e2 bb d5 2d 69 8f 2c f3 a4 8d | 28 4a ef 59 3a 0f 2d 33 cc 83 58 ca 57 d8 bb c5 | 30 ec 3a b4 3a a3 22 3d ea a3 7b 98 04 55 b2 65 | 6c 69 cc 81 24 87 b5 45 6c b2 2d 72 05 85 0a d7 | e9 78 eb 62 56 b9 49 80 af c6 5f cc 70 d8 8a 73 | 00 78 f3 a5 35 0e a2 5b 8a 6f 64 50 f4 e7 96 3c | 2a 63 55 22 b0 44 1f bf 6f 47 a9 61 09 6c 33 72 | 69 57 0b bf 2e 02 bb 39 c0 d9 ef fb 6b 32 b3 ac | d6 73 f4 6f b0 6f f8 86 7d 5f 5a 55 46 7b de 84 | 21 e3 18 7d 9e eb f9 59 f8 cd c2 06 2b 90 c8 79 | ff 75 ba ad 93 7d 21 82 17 0d ff 6e 90 ee 32 52 | 02 ab 6e e2 47 8a a6 83 4d cd e5 07 ac 01 c6 f5 | c1 fc e5 b1 b9 0e 3f dd 13 14 22 0f 53 13 c4 aa | c6 6d 88 6c 31 59 0a 1f 12 fd a5 e0 fe 4d 8e 9e | 0b 2b bc 77 46 10 0f 6f 98 d4 df eb a7 e1 26 73 | 6b 6b b3 a1 75 03 cb a7 4e 84 5f 18 dc 77 98 0d | 06 ff c6 1d fd 9f 65 b3 d5 f2 81 95 31 f8 93 4b | 97 b2 47 43 7b 78 e2 1f c4 df 48 6e d4 7c 60 9e | 68 d5 db d1 7b 58 5e 74 17 ef 3e c6 f5 c3 3c 7a | 88 ea c6 38 2e fb 2a 14 ec 59 b0 81 34 3a fb cc | f0 2e 37 76 1b 3e 48 8f 6d f4 0b a5 d5 74 4a 1e | a2 55 e7 5b a9 e0 84 8d b1 ed 2a 44 f5 27 d0 83 | 34 07 34 41 1f 62 d6 d0 3b 35 35 1d ab 10 a8 35 | 51 5e 2c 4f df bd 08 1f 9d 48 ac bf be 1d 1b f2 | b2 99 7f 1d 3a 2c e6 6e 42 6f f0 6a 67 73 88 fe | 7d 23 e0 ae e7 06 25 d2 ec 42 3c 3f 27 4c 78 71 | e2 f0 c9 fa ed 6c a2 a5 a8 69 93 30 2b fa b6 4f | fd 9e 8b a1 86 68 73 49 bf e0 5e a2 5a 44 3b 20 | 75 3f 7f e1 b1 00 a7 7a 16 8d df 2d 92 35 88 de | a8 0c 05 c4 2e e8 ec 50 d4 7c a6 75 5f 6e ee 50 | 7a fd 40 8a a4 fd c0 b5 48 9c 5f d7 c2 38 dc 52 | cd 13 23 03 6a 1f df 72 f6 fb b5 85 d2 42 84 69 | fd f4 53 db b9 35 6c 0b 1c 21 eb 74 14 41 91 e7 | cf 70 3f b9 16 3e c4 94 a2 54 87 3f d5 63 de 03 | 55 ee 7d 7f 67 f6 ca 06 64 4f 94 0c af 6e 97 69 | 97 12 42 c8 ae c7 a4 5a 42 d2 43 de 13 ab 58 3f | d3 1e 4b f6 e6 4e aa 95 9a 5e c8 fd 26 ca 6e 2a | 11 0c f6 5a 92 d0 b7 c5 25 9c 76 18 8a f1 ec 3a | 15 d8 05 f3 4d ca e1 91 eb 82 b1 a7 78 1a a2 33 | 9d ed 3b b0 95 c7 76 82 47 1a 28 4b 9d da ad 90 | a3 8e ec 1b 05 3b cd 6c 0b 1d 9d 00 10 ab 07 48 | e7 b6 fe fa c6 b4 da db 5d 6a f3 68 6f 48 09 5b | c1 5a ac c9 1e ac 77 ef d1 f2 71 bd 50 61 d6 82 | a4 84 ad c2 10 10 59 ad e2 e8 fb 37 28 6a 60 38 | ef b4 de 72 94 82 f2 2f 10 e9 85 a5 a8 84 25 21 | 26 a9 78 c1 12 f4 9c 3f f9 8e 64 ae e2 46 a2 09 | 12 21 77 95 06 5f fa 09 02 71 5a b7 ff 0e fc 50 | ad aa 7e 14 25 b0 6b e0 b1 cb 3b aa d3 d2 9f 06 | 50 b7 08 da eb dd b1 65 97 e0 31 71 d4 89 9c 92 | c6 f3 b8 ce d8 90 52 ac 59 cb 4f d1 45 1d 5c c2 | d0 8b 10 07 4d 81 76 5c be 3c 7c 69 aa e4 07 b1 | 42 17 bd 9e d5 0a f8 c6 c1 0f 72 50 d5 7d f1 94 | cc 9a 7b 18 5f 67 6a 97 0b 0e 1a 31 17 c1 7b 1c | ac cb 9d a1 6c 3e c1 8e b7 82 a7 0f a4 41 8c ef | 51 48 a3 3f a5 66 24 c5 db dc ce bf 36 51 1d aa | 48 1d e6 f9 68 26 7d f7 bb a8 a0 1a b5 41 f6 8a | c1 52 43 84 d3 77 94 b6 2d 20 ec c6 58 d5 e9 c4 | 3f 7e be 70 9b 24 d3 9e 15 a9 b6 f6 ed e3 3e 6c | be 22 f5 27 6b 3d d8 a8 f4 a6 5a 55 ad 4a 98 8c | 5c 06 9c 22 85 10 6e c2 37 fb d7 c9 e3 c4 67 6a | 2d 77 d1 50 9a 75 c6 8f 56 a6 00 b7 12 11 81 1a | 0e ac 77 7d 19 36 29 65 19 0d d0 a9 5b 4a 5b a8 | 58 c5 90 b0 96 3c 17 10 b3 b4 64 8d 87 08 9e 9b | 9f f6 76 0e 19 fe 07 6d 8e 00 c8 13 27 24 db 7c | bc 95 55 59 ed 85 b8 a2 ed 54 50 db 2d 91 5c d9 | 49 8f 0a 04 9c 16 4f a9 2e 78 0a a1 cf e2 f1 a1 | ad 54 dc 6e c5 18 6c 6e 79 bf 00 49 91 81 7c 8d | a0 05 ee 4f 18 6c 25 9e 28 57 53 18 b1 13 e3 65 | e6 ef f3 fa ef 0f 80 95 ec ed 7f 19 3b 2f 50 7a | e9 63 a2 48 50 85 bd 33 d8 c3 26 87 99 3a 94 74 | 39 0c 0c 9b 0b 9b f7 6e 26 ab 91 48 2e 5e 7b f7 | a9 df 21 ae b3 98 cc a0 20 e1 1d 0e 81 06 c1 8f | 5d 86 05 9e a8 a6 b7 66 3f 05 3e 82 13 a2 d3 5c | fe e1 ca 1b 39 b7 0d 0b bb f4 c2 f0 36 22 51 de | 01 e9 ad f4 c3 bc 72 26 59 b6 3d 5b 5a 41 fd ed | 94 8f a4 cb 6e b0 ab a9 83 a2 c8 56 fb f2 ef b3 | d6 9b fa 3d 2a 30 c8 02 34 0b d2 9a f3 38 9e 29 | 53 b7 9e a7 15 f8 b9 2a 4c b3 b0 73 da dc 0f 45 | 64 98 a5 30 5a fd fa cc c6 8d 6b de 4a ff 89 d7 | b2 f4 5c b8 df 39 2c 6b a4 dd 3f 25 d5 41 09 94 | 23 59 5c 3d 60 54 49 6d 5a 2e f3 19 10 14 29 17 | d8 a0 56 2a ff 9f f1 16 f7 79 b7 f3 ac cb 47 68 | cc c6 a2 3a 35 f2 16 96 a9 19 41 b1 b9 6e d6 ad | 21 15 3e de 69 da 9a dc 90 f3 ae 12 40 96 18 3a | 75 72 19 e0 66 7e a9 fb 6f 43 d9 41 98 27 04 e4 | d2 0a 8b e8 10 7f d4 ec 98 42 df 57 4b 66 be a4 | d8 f7 ee b9 29 76 36 d0 31 83 71 79 90 6d 78 45 | 62 29 3f a9 05 1e cd 49 21 d7 fd 10 7d e9 a1 f8 | 62 d1 76 19 95 2c 28 bd 5f b1 62 a0 91 8e 29 35 | fd ff 89 9f 87 70 fc 06 28 88 05 ba 99 b6 66 c7 | 8a 12 6f ed 46 2d d2 d4 a3 0a b4 92 2a 5a 7c 25 | 17 6c a0 b2 96 5f d3 22 2d c2 95 a7 ac d3 fb 9e | af 61 06 b2 f4 bc 4d dd 11 0e da 33 cd 10 a6 5b | f8 da 9a 1e ea 1e 76 96 bf 5f 35 7e f8 f3 2c a1 | 24 87 ff 6d c6 bf 1f b8 5e 03 bf 62 4a e6 ad 2f | 6c fa c2 f6 7a bb 3c e6 70 79 17 c7 3c 94 05 bb | 65 f7 2e cb 04 21 13 80 b2 4f b6 c5 c7 54 cf 55 | ac a9 d7 59 93 f6 25 47 0f d7 d9 86 24 66 e0 b8 | 5c 14 81 04 df ce 7b e4 e5 de d5 24 95 db 01 fa | ef 8f 6d 2f bf 7c f5 37 ee 92 3c 98 f9 9b a6 3e | 7b 63 5b e1 c8 63 f2 0a 09 ba b2 16 b3 0d 56 a8 | 3f 6d e5 be db 6b c6 d3 a3 ec 5e a4 17 ef f1 53 | 4c 0e f2 30 96 5c a5 19 e5 66 e3 66 d2 c3 ab 2f | 9a d3 1f 41 32 6b cd 87 46 ea f9 15 90 82 8d d2 | 73 7d 07 be 70 f3 c2 d9 11 88 70 c1 11 f4 e8 b0 | 76 47 c0 c6 80 a5 96 83 ce e3 d5 57 61 be 88 58 | e5 8d 92 e5 bd 78 a1 d1 09 cd ca b5 d4 ea 42 08 | 50 24 07 fa 0a f7 bb 7b 6a d9 f2 59 f5 7d c8 30 | ab ea 16 21 ed e2 f7 75 0b a1 1a 28 bc 78 53 d9 | 4b fe 00 fd f1 61 e6 06 38 99 a5 68 1b e2 71 1d | 1b 47 23 98 8f e1 f6 6d a3 ab da d5 b0 28 7b 33 | 30 8f 14 18 bc 71 5b a3 7b 24 79 6b a6 40 a8 58 | 78 96 8a 10 9d 2a 33 32 3f 4a 24 f9 31 64 b5 0a | 85 66 5e 36 e9 d0 99 ae 79 42 9d 65 c3 3c 33 f1 | 83 4a 65 76 2d 81 9d 2d fb 95 f8 3d 55 84 e0 29 | 5c 0d 92 ed 95 41 10 a2 a9 2f 6c 04 79 95 8f e6 | f1 6d 3c 98 b9 97 2d 39 f9 04 c9 d8 01 66 0b 93 | ca 5f e2 e3 35 97 f7 fa 24 db e6 9d d3 ca 45 b2 | 93 2f 05 1b 22 c9 ad 52 0c 1e 1d c1 8c 6a c2 d0 | a4 ed a9 04 53 ba 76 51 06 85 a0 a5 70 59 51 d3 | d4 df 57 86 b3 1c b2 40 65 5b fd ef 0d f7 ed 90 | 3d e0 9e 01 2c 07 63 e7 b0 1b 08 c2 09 7d c9 d4 | a3 44 64 8e ec 6e ea 6a 0f 29 6c b1 a9 a6 b6 b1 | a6 70 51 57 a0 6e de 9a ad da 1b 00 e2 95 cf 9d | 4d 7b a9 db 22 36 32 53 4b 54 52 c5 73 df 17 e6 | a7 f4 68 3b 3a e6 7f 93 3d e9 12 6f 93 ee 86 8d | 2e 9c 81 26 14 77 0a 27 5d 73 5a 1c da 05 37 ca | 91 db f9 26 58 8d a0 e1 24 46 c9 e6 f5 d4 88 72 | 22 6f 49 1a 8d 33 60 2e fd a6 8c bc 31 ee b0 dc | 7c 59 1f d9 2b fb 2e d1 60 40 a7 97 28 b4 55 f2 | d6 a0 21 27 41 d5 a3 13 53 a0 90 18 1f 1b b9 5f | fb 3f e9 f1 57 96 0d 4e ef 29 e0 fb 83 5b 89 4d | 2e 6d 5a f7 cc fa 2c bd 63 8f c3 1c cf 00 e5 06 | 68 f4 69 03 66 b9 47 5c 39 12 70 92 5f a8 fb 86 | 6c 92 b1 7f de 31 a2 d9 dc fd 85 1d f5 94 e0 7d | e5 fc 36 2f a4 9a 77 32 2c 13 70 5e ec d3 cb 3f | 3f c3 d9 f2 4c 4a 06 5d 65 bf 8e e6 2e ee e4 87 | aa 7e 48 24 95 47 fd b3 73 9b 1c 46 03 77 13 46 | e2 ef b5 cf 1a 1f cb 82 8e 5e 30 96 ba 6b 08 e8 | 2f 16 95 1e e2 a1 f4 2e e7 ae 68 a8 f0 4e 50 bc | 41 47 f6 96 4d 69 30 66 68 19 8f 2f 45 a9 2a 3e | 9c 5a aa aa 9f 0a e0 88 27 a0 9f 4b d0 22 87 00 | 3c d3 9d 62 88 3a f7 dc c3 38 d0 f9 | !event_already_set at reschedule "nss-cert-chain" #2: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds | event_schedule: new EVENT_RETRANSMIT-pe@0x5621c87ecb38 | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #2 | libevent_malloc: new ptr-libevent@0x5621c87c3c38 size 128 | #2 STATE_MAIN_I3: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 11482.191211 "nss-cert-chain" #2: STATE_MAIN_I3: sent MI3, expecting MR3 | modecfg pull: noquirk policy:push not-client | phase 1 is done, looking for phase 2 to unpend | resume sending helper answer for #2 suppresed complete_v1_state_transition() | #2 spent 2.29 milliseconds in resume sending helper answer | stop processing: state #2 connection "nss-cert-chain" from 192.1.2.23 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f6adc000f48 | spent 0.00256 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 76 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500) | 11 a9 0d be 27 ac 9c 21 58 1c 29 27 61 fe 50 8b | 08 10 05 01 a5 68 bd ae 00 00 00 4c e9 9d a7 32 | 55 8a d1 70 9b f8 ca e9 48 b2 d5 c3 4f a6 e0 bf | e8 f0 18 02 a7 33 8b 0a 65 ec 3a 1f 7b 8a 00 de | 90 19 77 e7 7d 22 44 a8 14 42 92 83 | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 11 a9 0d be 27 ac 9c 21 | responder cookie: | 58 1c 29 27 61 fe 50 8b | next payload type: ISAKMP_NEXT_HASH (0x8) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_INFO (0x5) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 2775104942 (0xa568bdae) | length: 76 (0x4c) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_INFO (5) | peer and cookies match on #2; msgid=00000000 st_msgid=00000000 st_msgid_phase15=00000000 | p15 state object #2 found, in STATE_MAIN_I3 | State DB: found IKEv1 state #2 in MAIN_I3 (find_v1_info_state) | start processing: state #2 connection "nss-cert-chain" from 192.1.2.23 (in process_v1_packet() at ikev1.c:1479) | #2 is idle | #2 idle | received encrypted packet from 192.1.2.23:500 | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x100 opt: 0x0 | ***parse ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_N (0xb) | length: 36 (0x24) | got payload 0x800 (ISAKMP_NEXT_N) needed: 0x0 opt: 0x0 | ***parse ISAKMP Notification Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 12 (0xc) | DOI: ISAKMP_DOI_IPSEC (0x1) | protocol ID: 1 (0x1) | SPI size: 0 (0x0) | Notify Message Type: INVALID_ID_INFORMATION (0x12) | informational HASH(1): | 40 8b 04 b8 d0 9d e9 11 fa 1a 1d 27 0e 85 c9 db | c0 a5 08 2e bf ae 03 88 cf d0 d2 65 3b 2b 8e 2c | received 'informational' message HASH(1) data ok "nss-cert-chain" #2: ignoring informational payload INVALID_ID_INFORMATION, msgid=00000000, length=12 | ISAKMP Notification Payload | 00 00 00 0c 00 00 00 01 01 00 00 12 | info: | processing informational INVALID_ID_INFORMATION (18) "nss-cert-chain" #2: received and ignored notification payload: INVALID_ID_INFORMATION | complete v1 state transition with STF_IGNORE | #2 spent 0.00766 milliseconds in process_packet_tail() | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #2 connection "nss-cert-chain" from 192.1.2.23 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.167 milliseconds in comm_handle_cb() reading and processing packet | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) shutting down | processing: RESET whack log_fd (was fd@16) (in exit_pluto() at plutomain.c:1825) | certs and keys locked by 'free_preshared_secrets' forgetting secrets | certs and keys unlocked by 'free_preshared_secrets' | unreference key: 0x5621c87ed3b8 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west_chain_endcert.testing.libreswan.org, E=west_chain_endcert@testing.libreswan.org cnt 1-- | unreference key: 0x5621c87ed048 west_chain_endcert@testing.libreswan.org cnt 1-- | unreference key: 0x5621c87eccc8 @west_chain_endcert.testing.libreswan.org cnt 1-- | start processing: connection "nss-cert-chain" (in delete_connection() at connections.c:189) | removing pending policy for no connection {0x5621c87d49b8} | Deleting states for connection - including all other IPsec SA's of this IKE SA | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | state #2 | suspend processing: connection "nss-cert-chain" (in foreach_state_by_connection_func_delete() at state.c:1310) | start processing: state #2 connection "nss-cert-chain" from 192.1.2.23 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #2 ikev1.isakmp deleted other | [RE]START processing: state #2 connection "nss-cert-chain" from 192.1.2.23 (in delete_state() at state.c:879) "nss-cert-chain" #2: deleting state (STATE_MAIN_I3) aged 1.427s and NOT sending notification | parent state #2: MAIN_I3(open IKE SA) => delete | state #2 requesting EVENT_RETRANSMIT to be deleted | #2 STATE_MAIN_I3: retransmits: cleared | libevent_free: release ptr-libevent@0x5621c87c3c38 | free_event_entry: release EVENT_RETRANSMIT-pe@0x5621c87ecb38 | State DB: IKEv1 state not found (flush_incomplete_children) | picked newest_isakmp_sa #0 for #2 "nss-cert-chain" #2: deleting IKE SA for connection 'nss-cert-chain' but connection is supposed to remain up; schedule EVENT_REVIVE_CONNS | add revival: connection 'nss-cert-chain' added to the list and scheduled for 5 seconds | global one-shot timer EVENT_REVIVE_CONNS scheduled in 5 seconds | stop processing: connection "nss-cert-chain" (BACKGROUND) (in update_state_connection() at connections.c:4076) | start processing: connection NULL (in update_state_connection() at connections.c:4077) | in connection_discard for connection nss-cert-chain | State DB: deleting IKEv1 state #2 in MAIN_I3 | parent state #2: MAIN_I3(open IKE SA) => UNDEFINED(ignore) | stop processing: state #2 from 192.1.2.23 (in delete_state() at state.c:1143) | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | free hp@0x5621c87ed638 | flush revival: connection 'nss-cert-chain' revival flushed | processing: STOP connection NULL (in discard_connection() at connections.c:249) | crl fetch request list locked by 'free_crl_fetch' | crl fetch request list unlocked by 'free_crl_fetch' shutting down interface lo/lo 127.0.0.1:4500 shutting down interface lo/lo 127.0.0.1:500 shutting down interface eth0/eth0 192.0.1.254:4500 shutting down interface eth0/eth0 192.0.1.254:500 shutting down interface eth1/eth1 192.1.2.45:4500 shutting down interface eth1/eth1 192.1.2.45:500 | FOR_EACH_STATE_... in delete_states_dead_interfaces | libevent_free: release ptr-libevent@0x5621c87db7c8 | free_event_entry: release EVENT_NULL-pe@0x5621c87e76b8 | libevent_free: release ptr-libevent@0x5621c8781fd8 | free_event_entry: release EVENT_NULL-pe@0x5621c87e7768 | libevent_free: release ptr-libevent@0x5621c87818f8 | free_event_entry: release EVENT_NULL-pe@0x5621c87e7818 | libevent_free: release ptr-libevent@0x5621c87891b8 | free_event_entry: release EVENT_NULL-pe@0x5621c87e78c8 | libevent_free: release ptr-libevent@0x5621c87892b8 | free_event_entry: release EVENT_NULL-pe@0x5621c87e7978 | libevent_free: release ptr-libevent@0x5621c87893b8 | free_event_entry: release EVENT_NULL-pe@0x5621c87e7a28 | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations | libevent_free: release ptr-libevent@0x5621c87db878 | free_event_entry: release EVENT_NULL-pe@0x5621c87cf998 | libevent_free: release ptr-libevent@0x5621c8781f28 | free_event_entry: release EVENT_NULL-pe@0x5621c87cf4f8 | libevent_free: release ptr-libevent@0x5621c87c84d8 | free_event_entry: release EVENT_NULL-pe@0x5621c8789468 | global timer EVENT_REINIT_SECRET uninitialized | global timer EVENT_SHUNT_SCAN uninitialized | global timer EVENT_PENDING_DDNS uninitialized | global timer EVENT_PENDING_PHASE2 uninitialized | global timer EVENT_CHECK_CRLS uninitialized | global timer EVENT_REVIVE_CONNS uninitialized | global timer EVENT_FREE_ROOT_CERTS uninitialized | global timer EVENT_RESET_LOG_RATE_LIMIT uninitialized | global timer EVENT_NAT_T_KEEPALIVE uninitialized | libevent_free: release ptr-libevent@0x5621c878da38 | signal event handler PLUTO_SIGCHLD uninstalled | libevent_free: release ptr-libevent@0x5621c870b788 | signal event handler PLUTO_SIGTERM uninstalled | libevent_free: release ptr-libevent@0x5621c87e6e98 | signal event handler PLUTO_SIGHUP uninstalled | libevent_free: release ptr-libevent@0x5621c87e70d8 | signal event handler PLUTO_SIGSYS uninstalled | releasing event base | libevent_free: release ptr-libevent@0x5621c87e6fa8 | libevent_free: release ptr-libevent@0x5621c87c9db8 | libevent_free: release ptr-libevent@0x5621c87c9d68 | libevent_free: release ptr-libevent@0x5621c8781278 | libevent_free: release ptr-libevent@0x5621c87c9d28 | libevent_free: release ptr-libevent@0x5621c87e6b68 | libevent_free: release ptr-libevent@0x5621c87e6dd8 | libevent_free: release ptr-libevent@0x5621c87c9f68 | libevent_free: release ptr-libevent@0x5621c87cf568 | libevent_free: release ptr-libevent@0x5621c87cf1c8 | libevent_free: release ptr-libevent@0x5621c87e7a98 | libevent_free: release ptr-libevent@0x5621c87e79e8 | libevent_free: release ptr-libevent@0x5621c87e7938 | libevent_free: release ptr-libevent@0x5621c87e7888 | libevent_free: release ptr-libevent@0x5621c87e77d8 | libevent_free: release ptr-libevent@0x5621c87e7728 | libevent_free: release ptr-libevent@0x5621c870aaa8 | libevent_free: release ptr-libevent@0x5621c87e6e58 | libevent_free: release ptr-libevent@0x5621c87e6e18 | libevent_free: release ptr-libevent@0x5621c87e6cd8 | libevent_free: release ptr-libevent@0x5621c87e6f68 | libevent_free: release ptr-libevent@0x5621c87e6ba8 | libevent_free: release ptr-libevent@0x5621c878f5c8 | libevent_free: release ptr-libevent@0x5621c878f548 | libevent_free: release ptr-libevent@0x5621c870ae18 | releasing global libevent data | libevent_free: release ptr-libevent@0x5621c878f748 | libevent_free: release ptr-libevent@0x5621c878f6c8 | libevent_free: release ptr-libevent@0x5621c878f648 leak detective found no leaks