FIPS Product: YES FIPS Kernel: NO FIPS Mode: NO NSS DB directory: sql:/etc/ipsec.d Initializing NSS Opening NSS database "sql:/etc/ipsec.d" read-only NSS initialized NSS crypto library initialized FIPS HMAC integrity support [enabled] FIPS mode disabled for pluto daemon FIPS HMAC integrity verification self-test FAILED libcap-ng support [enabled] Linux audit support [enabled] Linux audit activated Starting Pluto (Libreswan Version v3.28-685-gbfd5aef521-master-s2 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:30527 core dump dir: /tmp/ secrets file: /etc/ipsec.secrets leak-detective enabled NSS crypto [enabled] XAUTH PAM support [enabled] | libevent is using pluto's memory allocator Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800) | libevent_malloc: new ptr-libevent@0x556cec4ae668 size 40 | libevent_malloc: new ptr-libevent@0x556cec4ae5e8 size 40 | libevent_malloc: new ptr-libevent@0x556cec4ae568 size 40 | creating event base | libevent_malloc: new ptr-libevent@0x556cec4a0198 size 56 | libevent_malloc: new ptr-libevent@0x556cec421698 size 664 | libevent_malloc: new ptr-libevent@0x556cec4e8c88 size 24 | libevent_malloc: new ptr-libevent@0x556cec4e8cd8 size 384 | libevent_malloc: new ptr-libevent@0x556cec4e8c48 size 16 | libevent_malloc: new ptr-libevent@0x556cec4ae4e8 size 40 | libevent_malloc: new ptr-libevent@0x556cec4ae468 size 48 | libevent_realloc: new ptr-libevent@0x556cec421328 size 256 | libevent_malloc: new ptr-libevent@0x556cec4e8e88 size 16 | libevent_free: release ptr-libevent@0x556cec4a0198 | libevent initialized | libevent_realloc: new ptr-libevent@0x556cec4a0198 size 64 | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds | init_nat_traversal() initialized with keep_alive=0s NAT-Traversal support [enabled] | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized | global one-shot timer EVENT_FREE_ROOT_CERTS initialized | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds | global one-shot timer EVENT_REVIVE_CONNS initialized | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds Encryption algorithms: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm, aes_ccm_c AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_b AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_a 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] 3des CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128} CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} camellia AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm, aes_gcm_c AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_b AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_a AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aesctr AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aes SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} serpent TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} twofish TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} twofish_cbc_ssh NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_gmac NULL IKEv1: ESP IKEv2: ESP [] CHACHA20_POLY1305 IKEv1: IKEv2: IKE ESP [*256] chacha20poly1305 Hash algorithms: MD5 IKEv1: IKE IKEv2: SHA1 IKEv1: IKE IKEv2: FIPS sha SHA2_256 IKEv1: IKE IKEv2: FIPS sha2, sha256 SHA2_384 IKEv1: IKE IKEv2: FIPS sha384 SHA2_512 IKEv1: IKE IKEv2: FIPS sha512 PRF algorithms: HMAC_MD5 IKEv1: IKE IKEv2: IKE md5 HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS sha, sha1 HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS sha2, sha256, sha2_256 HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS sha384, sha2_384 HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS sha512, sha2_512 AES_XCBC IKEv1: IKEv2: IKE aes128_xcbc Integrity algorithms: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH md5, hmac_md5 HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha, sha1, sha1_96, hmac_sha1 HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha512, sha2_512, sha2_512_256, hmac_sha2_512 HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha384, sha2_384, sha2_384_192, hmac_sha2_384 HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH aes_xcbc, aes128_xcbc, aes128_xcbc_96 AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac NONE IKEv1: ESP IKEv2: IKE ESP FIPS null DH algorithms: NONE IKEv1: IKEv2: IKE ESP AH FIPS null, dh0 MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh5 MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh14 MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh15 MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh16 MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh17 MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh18 DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_256, ecp256 DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_384, ecp384 DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_521, ecp521 DH31 IKEv1: IKE IKEv2: IKE ESP AH curve25519 testing CAMELLIA_CBC: Camellia: 16 bytes with 128-bit key Camellia: 16 bytes with 128-bit key Camellia: 16 bytes with 256-bit key Camellia: 16 bytes with 256-bit key testing AES_GCM_16: empty string one block two blocks two blocks with associated data testing AES_CTR: Encrypting 16 octets using AES-CTR with 128-bit key Encrypting 32 octets using AES-CTR with 128-bit key Encrypting 36 octets using AES-CTR with 128-bit key Encrypting 16 octets using AES-CTR with 192-bit key Encrypting 32 octets using AES-CTR with 192-bit key Encrypting 36 octets using AES-CTR with 192-bit key Encrypting 16 octets using AES-CTR with 256-bit key Encrypting 32 octets using AES-CTR with 256-bit key Encrypting 36 octets using AES-CTR with 256-bit key testing AES_CBC: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key testing AES_XCBC: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) testing HMAC_MD5: RFC 2104: MD5_HMAC test 1 RFC 2104: MD5_HMAC test 2 RFC 2104: MD5_HMAC test 3 8 CPU cores online starting up 7 crypto helpers started thread for crypto helper 0 | starting up helper thread 0 | status value returned by setting the priority of this thread (crypto helper 0) 22 | crypto helper 0 waiting (nothing to do) started thread for crypto helper 1 started thread for crypto helper 2 | starting up helper thread 2 | status value returned by setting the priority of this thread (crypto helper 2) 22 | crypto helper 2 waiting (nothing to do) started thread for crypto helper 3 | starting up helper thread 3 | status value returned by setting the priority of this thread (crypto helper 3) 22 | crypto helper 3 waiting (nothing to do) | starting up helper thread 1 started thread for crypto helper 4 | status value returned by setting the priority of this thread (crypto helper 1) 22 | crypto helper 1 waiting (nothing to do) | starting up helper thread 4 | status value returned by setting the priority of this thread (crypto helper 4) 22 | crypto helper 4 waiting (nothing to do) started thread for crypto helper 5 | starting up helper thread 5 | status value returned by setting the priority of this thread (crypto helper 5) 22 | crypto helper 5 waiting (nothing to do) started thread for crypto helper 6 | checking IKEv1 state table | starting up helper thread 6 | status value returned by setting the priority of this thread (crypto helper 6) 22 | MAIN_R0: category: half-open IKE SA flags: 0: | -> MAIN_R1 EVENT_SO_DISCARD | MAIN_I1: category: half-open IKE SA flags: 0: | -> MAIN_I2 EVENT_RETRANSMIT | MAIN_R1: category: open IKE SA flags: 200: | -> MAIN_R2 EVENT_RETRANSMIT | crypto helper 6 waiting (nothing to do) | -> UNDEFINED EVENT_RETRANSMIT | -> UNDEFINED EVENT_RETRANSMIT | MAIN_I2: category: open IKE SA flags: 0: | -> MAIN_I3 EVENT_RETRANSMIT | -> UNDEFINED EVENT_RETRANSMIT | -> UNDEFINED EVENT_RETRANSMIT | MAIN_R2: category: open IKE SA flags: 0: | -> MAIN_R3 EVENT_SA_REPLACE | -> MAIN_R3 EVENT_SA_REPLACE | -> UNDEFINED EVENT_SA_REPLACE | MAIN_I3: category: open IKE SA flags: 0: | -> MAIN_I4 EVENT_SA_REPLACE | -> MAIN_I4 EVENT_SA_REPLACE | -> UNDEFINED EVENT_SA_REPLACE | MAIN_R3: category: established IKE SA flags: 200: | -> UNDEFINED EVENT_NULL | MAIN_I4: category: established IKE SA flags: 0: | -> UNDEFINED EVENT_NULL | AGGR_R0: category: half-open IKE SA flags: 0: | -> AGGR_R1 EVENT_SO_DISCARD | AGGR_I1: category: half-open IKE SA flags: 0: | -> AGGR_I2 EVENT_SA_REPLACE | -> AGGR_I2 EVENT_SA_REPLACE | AGGR_R1: category: open IKE SA flags: 200: | -> AGGR_R2 EVENT_SA_REPLACE | -> AGGR_R2 EVENT_SA_REPLACE | AGGR_I2: category: established IKE SA flags: 200: | -> UNDEFINED EVENT_NULL | AGGR_R2: category: established IKE SA flags: 0: | -> UNDEFINED EVENT_NULL | QUICK_R0: category: established CHILD SA flags: 0: | -> QUICK_R1 EVENT_RETRANSMIT | QUICK_I1: category: established CHILD SA flags: 0: | -> QUICK_I2 EVENT_SA_REPLACE | QUICK_R1: category: established CHILD SA flags: 0: | -> QUICK_R2 EVENT_SA_REPLACE | QUICK_I2: category: established CHILD SA flags: 200: | -> UNDEFINED EVENT_NULL | QUICK_R2: category: established CHILD SA flags: 0: | -> UNDEFINED EVENT_NULL | INFO: category: informational flags: 0: | -> UNDEFINED EVENT_NULL | INFO_PROTECTED: category: informational flags: 0: | -> UNDEFINED EVENT_NULL | XAUTH_R0: category: established IKE SA flags: 0: | -> XAUTH_R1 EVENT_NULL | XAUTH_R1: category: established IKE SA flags: 0: | -> MAIN_R3 EVENT_SA_REPLACE | MODE_CFG_R0: category: informational flags: 0: | -> MODE_CFG_R1 EVENT_SA_REPLACE | MODE_CFG_R1: category: established IKE SA flags: 0: | -> MODE_CFG_R2 EVENT_SA_REPLACE | MODE_CFG_R2: category: established IKE SA flags: 0: | -> UNDEFINED EVENT_NULL | MODE_CFG_I1: category: established IKE SA flags: 0: | -> MAIN_I4 EVENT_SA_REPLACE | XAUTH_I0: category: established IKE SA flags: 0: | -> XAUTH_I1 EVENT_RETRANSMIT | XAUTH_I1: category: established IKE SA flags: 0: | -> MAIN_I4 EVENT_RETRANSMIT | checking IKEv2 state table | PARENT_I0: category: ignore flags: 0: | -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT) | PARENT_I1: category: half-open IKE SA flags: 0: | -> PARENT_I1 EVENT_RETAIN send-request (Initiator: process SA_INIT reply notification) | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH) | PARENT_I2: category: open IKE SA flags: 0: | -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification) | -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification) | -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification) | -> V2_IPSEC_I EVENT_SA_REPLACE (Initiator: process IKE_AUTH response) | -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification) | PARENT_I3: category: established IKE SA flags: 0: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Request) | -> PARENT_I3 EVENT_RETAIN (I3: Informational Response) | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Request) | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Response) | PARENT_R0: category: half-open IKE SA flags: 0: | -> PARENT_R1 EVENT_SO_DISCARD send-request (Respond to IKE_SA_INIT) | PARENT_R1: category: half-open IKE SA flags: 0: | -> PARENT_R1 EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request (no SKEYSEED)) | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request) | PARENT_R2: category: established IKE SA flags: 0: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Request) | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Response) | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Request) | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Response) | V2_CREATE_I0: category: established IKE SA flags: 0: | -> V2_CREATE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA) | V2_CREATE_I: category: established IKE SA flags: 0: | -> V2_IPSEC_I EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response) | V2_REKEY_IKE_I0: category: established IKE SA flags: 0: | -> V2_REKEY_IKE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey) | V2_REKEY_IKE_I: category: established IKE SA flags: 0: | -> PARENT_I3 EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response) | V2_REKEY_CHILD_I0: category: established IKE SA flags: 0: | -> V2_REKEY_CHILD_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA) | V2_REKEY_CHILD_I: category: established IKE SA flags: 0: | V2_CREATE_R: category: established IKE SA flags: 0: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IPsec SA Request) | V2_REKEY_IKE_R: category: established IKE SA flags: 0: | -> PARENT_R2 EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IKE Rekey) | V2_REKEY_CHILD_R: category: established IKE SA flags: 0: | V2_IPSEC_I: category: established CHILD SA flags: 0: | V2_IPSEC_R: category: established CHILD SA flags: 0: | IKESA_DEL: category: established IKE SA flags: 0: | -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) | CHILDSA_DEL: category: informational flags: 0: Using Linux XFRM/NETKEY IPsec interface code on 5.1.18-200.fc29.x86_64 | Hard-wiring algorithms | adding AES_CCM_16 to kernel algorithm db | adding AES_CCM_12 to kernel algorithm db | adding AES_CCM_8 to kernel algorithm db | adding 3DES_CBC to kernel algorithm db | adding CAMELLIA_CBC to kernel algorithm db | adding AES_GCM_16 to kernel algorithm db | adding AES_GCM_12 to kernel algorithm db | adding AES_GCM_8 to kernel algorithm db | adding AES_CTR to kernel algorithm db | adding AES_CBC to kernel algorithm db | adding SERPENT_CBC to kernel algorithm db | adding TWOFISH_CBC to kernel algorithm db | adding NULL_AUTH_AES_GMAC to kernel algorithm db | adding NULL to kernel algorithm db | adding CHACHA20_POLY1305 to kernel algorithm db | adding HMAC_MD5_96 to kernel algorithm db | adding HMAC_SHA1_96 to kernel algorithm db | adding HMAC_SHA2_512_256 to kernel algorithm db | adding HMAC_SHA2_384_192 to kernel algorithm db | adding HMAC_SHA2_256_128 to kernel algorithm db | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db | adding AES_XCBC_96 to kernel algorithm db | adding AES_CMAC_96 to kernel algorithm db | adding NONE to kernel algorithm db | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds | setup kernel fd callback | add_fd_read_event_handler: new KERNEL_XRM_FD-pe@0x556cec4a8388 | libevent_malloc: new ptr-libevent@0x556cec4e72e8 size 128 | libevent_malloc: new ptr-libevent@0x556cec4ee488 size 16 | add_fd_read_event_handler: new KERNEL_ROUTE_FD-pe@0x556cec4ee418 | libevent_malloc: new ptr-libevent@0x556cec4e7398 size 128 | libevent_malloc: new ptr-libevent@0x556cec4ee0e8 size 16 | global one-shot timer EVENT_CHECK_CRLS initialized selinux support is enabled. | unbound context created - setting debug level to 5 | /etc/hosts lookups activated | /etc/resolv.conf usage activated | outgoing-port-avoid set 0-65535 | outgoing-port-permit set 32768-60999 | Loading dnssec root key from:/var/lib/unbound/root.key | No additional dnssec trust anchors defined via dnssec-trusted= option | Setting up events, loop start | add_fd_read_event_handler: new PLUTO_CTL_FD-pe@0x556cec4ee8b8 | libevent_malloc: new ptr-libevent@0x556cec4fa798 size 128 | libevent_malloc: new ptr-libevent@0x556cec505a88 size 16 | libevent_realloc: new ptr-libevent@0x556cec505ac8 size 256 | libevent_malloc: new ptr-libevent@0x556cec505bf8 size 8 | libevent_realloc: new ptr-libevent@0x556cec505c38 size 144 | libevent_malloc: new ptr-libevent@0x556cec4ac958 size 152 | libevent_malloc: new ptr-libevent@0x556cec505cf8 size 16 | signal event handler PLUTO_SIGCHLD installed | libevent_malloc: new ptr-libevent@0x556cec505d38 size 8 | libevent_malloc: new ptr-libevent@0x556cec421ea8 size 152 | signal event handler PLUTO_SIGTERM installed | libevent_malloc: new ptr-libevent@0x556cec505d78 size 8 | libevent_malloc: new ptr-libevent@0x556cec425e78 size 152 | signal event handler PLUTO_SIGHUP installed | libevent_malloc: new ptr-libevent@0x556cec505db8 size 8 | libevent_realloc: release ptr-libevent@0x556cec505c38 | libevent_realloc: new ptr-libevent@0x556cec505df8 size 256 | libevent_malloc: new ptr-libevent@0x556cec505f28 size 152 | signal event handler PLUTO_SIGSYS installed | created addconn helper (pid:30542) using fork+execve | forked child 30542 | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) listening for IKE messages | Inspecting interface lo | found lo with address 127.0.0.1 | Inspecting interface eth0 | found eth0 with address 192.0.2.254 | Inspecting interface eth1 | found eth1 with address 192.1.2.23 Kernel supports NIC esp-hw-offload adding interface eth1/eth1 (esp-hw-offload not supported by kernel) 192.1.2.23:500 | NAT-Traversal: Trying sockopt style NAT-T | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 adding interface eth1/eth1 192.1.2.23:4500 adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.0.2.254:500 | NAT-Traversal: Trying sockopt style NAT-T | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 adding interface eth0/eth0 192.0.2.254:4500 adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500 | NAT-Traversal: Trying sockopt style NAT-T | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 adding interface lo/lo 127.0.0.1:4500 | no interfaces to sort | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations | add_fd_read_event_handler: new ethX-pe@0x556cec506508 | libevent_malloc: new ptr-libevent@0x556cec4fa6e8 size 128 | libevent_malloc: new ptr-libevent@0x556cec506578 size 16 | setup callback for interface lo 127.0.0.1:4500 fd 22 | add_fd_read_event_handler: new ethX-pe@0x556cec5065b8 | libevent_malloc: new ptr-libevent@0x556cec4a0ed8 size 128 | libevent_malloc: new ptr-libevent@0x556cec506628 size 16 | setup callback for interface lo 127.0.0.1:500 fd 21 | add_fd_read_event_handler: new ethX-pe@0x556cec506668 | libevent_malloc: new ptr-libevent@0x556cec4a0f88 size 128 | libevent_malloc: new ptr-libevent@0x556cec5066d8 size 16 | setup callback for interface eth0 192.0.2.254:4500 fd 20 | add_fd_read_event_handler: new ethX-pe@0x556cec506718 | libevent_malloc: new ptr-libevent@0x556cec49feb8 size 128 | libevent_malloc: new ptr-libevent@0x556cec506788 size 16 | setup callback for interface eth0 192.0.2.254:500 fd 19 | add_fd_read_event_handler: new ethX-pe@0x556cec5067c8 | libevent_malloc: new ptr-libevent@0x556cec4a81c8 size 128 | libevent_malloc: new ptr-libevent@0x556cec506838 size 16 | setup callback for interface eth1 192.1.2.23:4500 fd 18 | add_fd_read_event_handler: new ethX-pe@0x556cec506878 | libevent_malloc: new ptr-libevent@0x556cec4a8ce8 size 128 | libevent_malloc: new ptr-libevent@0x556cec5068e8 size 16 | setup callback for interface eth1 192.1.2.23:500 fd 17 | certs and keys locked by 'free_preshared_secrets' | certs and keys unlocked by 'free_preshared_secrets' loading secrets from "/etc/ipsec.secrets" | saving Modulus | saving PublicExponent | ignoring PrivateExponent | ignoring Prime1 | ignoring Prime2 | ignoring Exponent1 | ignoring Exponent2 | ignoring Coefficient | ignoring CKAIDNSS | computed rsa CKAID 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 | computed rsa CKAID 8a 82 25 f1 loaded private key for keyid: PKK_RSA:AQO9bJbr3 | certs and keys locked by 'process_secret' | certs and keys unlocked by 'process_secret' | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.929 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) listening for IKE messages | Inspecting interface lo | found lo with address 127.0.0.1 | Inspecting interface eth0 | found eth0 with address 192.0.2.254 | Inspecting interface eth1 | found eth1 with address 192.1.2.23 | no interfaces to sort | libevent_free: release ptr-libevent@0x556cec4fa6e8 | free_event_entry: release EVENT_NULL-pe@0x556cec506508 | add_fd_read_event_handler: new ethX-pe@0x556cec506508 | libevent_malloc: new ptr-libevent@0x556cec4fa6e8 size 128 | setup callback for interface lo 127.0.0.1:4500 fd 22 | libevent_free: release ptr-libevent@0x556cec4a0ed8 | free_event_entry: release EVENT_NULL-pe@0x556cec5065b8 | add_fd_read_event_handler: new ethX-pe@0x556cec5065b8 | libevent_malloc: new ptr-libevent@0x556cec4a0ed8 size 128 | setup callback for interface lo 127.0.0.1:500 fd 21 | libevent_free: release ptr-libevent@0x556cec4a0f88 | free_event_entry: release EVENT_NULL-pe@0x556cec506668 | add_fd_read_event_handler: new ethX-pe@0x556cec506668 | libevent_malloc: new ptr-libevent@0x556cec4a0f88 size 128 | setup callback for interface eth0 192.0.2.254:4500 fd 20 | libevent_free: release ptr-libevent@0x556cec49feb8 | free_event_entry: release EVENT_NULL-pe@0x556cec506718 | add_fd_read_event_handler: new ethX-pe@0x556cec506718 | libevent_malloc: new ptr-libevent@0x556cec49feb8 size 128 | setup callback for interface eth0 192.0.2.254:500 fd 19 | libevent_free: release ptr-libevent@0x556cec4a81c8 | free_event_entry: release EVENT_NULL-pe@0x556cec5067c8 | add_fd_read_event_handler: new ethX-pe@0x556cec5067c8 | libevent_malloc: new ptr-libevent@0x556cec4a81c8 size 128 | setup callback for interface eth1 192.1.2.23:4500 fd 18 | libevent_free: release ptr-libevent@0x556cec4a8ce8 | free_event_entry: release EVENT_NULL-pe@0x556cec506878 | add_fd_read_event_handler: new ethX-pe@0x556cec506878 | libevent_malloc: new ptr-libevent@0x556cec4a8ce8 size 128 | setup callback for interface eth1 192.1.2.23:500 fd 17 | certs and keys locked by 'free_preshared_secrets' forgetting secrets | certs and keys unlocked by 'free_preshared_secrets' loading secrets from "/etc/ipsec.secrets" | saving Modulus | saving PublicExponent | ignoring PrivateExponent | ignoring Prime1 | ignoring Prime2 | ignoring Exponent1 | ignoring Exponent2 | ignoring Coefficient | ignoring CKAIDNSS | computed rsa CKAID 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 | computed rsa CKAID 8a 82 25 f1 loaded private key for keyid: PKK_RSA:AQO9bJbr3 | certs and keys locked by 'process_secret' | certs and keys unlocked by 'process_secret' | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.276 milliseconds in whack | processing signal PLUTO_SIGCHLD | waitpid returned pid 30542 (exited with status 0) | reaped addconn helper child (status 0) | waitpid returned ECHILD (no child processes left) | spent 0.0112 milliseconds in signal handler PLUTO_SIGCHLD | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | Added new connection north-east-x509-pluto-02 with policy ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | No AUTH policy was set - defaulting to RSASIG | ASCII to DN <= "C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=*, E=*" | ASCII to DN => 30 7d 31 0b 30 09 06 03 55 04 06 13 02 43 41 31 | ASCII to DN => 10 30 0e 06 03 55 04 08 13 07 4f 6e 74 61 72 69 | ASCII to DN => 6f 31 10 30 0e 06 03 55 04 07 13 07 54 6f 72 6f | ASCII to DN => 6e 74 6f 31 12 30 10 06 03 55 04 0a 13 09 4c 69 | ASCII to DN => 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 0b | ASCII to DN => 13 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 6e | ASCII to DN => 74 31 0a 30 08 06 03 55 04 03 14 01 2a 31 10 30 | ASCII to DN => 0e 06 09 2a 86 48 86 f7 0d 01 09 01 16 01 2a | ASCII to DN <= "C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org" | ASCII to DN => 30 81 ac 31 0b 30 09 06 03 55 04 06 13 02 43 41 | ASCII to DN => 31 10 30 0e 06 03 55 04 08 13 07 4f 6e 74 61 72 | ASCII to DN => 69 6f 31 10 30 0e 06 03 55 04 07 13 07 54 6f 72 | ASCII to DN => 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 13 09 4c | ASCII to DN => 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 | ASCII to DN => 0b 13 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 | ASCII to DN => 6e 74 31 25 30 23 06 03 55 04 03 13 1c 4c 69 62 | ASCII to DN => 72 65 73 77 61 6e 20 74 65 73 74 20 43 41 20 66 | ASCII to DN => 6f 72 20 6d 61 69 6e 63 61 31 24 30 22 06 09 2a | ASCII to DN => 86 48 86 f7 0d 01 09 01 16 15 74 65 73 74 69 6e | ASCII to DN => 67 40 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 | counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=*, E=* is 2 | ASCII to DN <= "C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org" | ASCII to DN => 30 81 ac 31 0b 30 09 06 03 55 04 06 13 02 43 41 | ASCII to DN => 31 10 30 0e 06 03 55 04 08 13 07 4f 6e 74 61 72 | ASCII to DN => 69 6f 31 10 30 0e 06 03 55 04 07 13 07 54 6f 72 | ASCII to DN => 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 13 09 4c | ASCII to DN => 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 | ASCII to DN => 0b 13 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 | ASCII to DN => 6e 74 31 25 30 23 06 03 55 04 03 13 1c 4c 69 62 | ASCII to DN => 72 65 73 77 61 6e 20 74 65 73 74 20 43 41 20 66 | ASCII to DN => 6f 72 20 6d 61 69 6e 63 61 31 24 30 22 06 09 2a | ASCII to DN => 86 48 86 f7 0d 01 09 01 16 15 74 65 73 74 69 6e | ASCII to DN => 67 40 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 | setting ID to ID_DER_ASN1_DN: 'E=user-east@testing.libreswan.org,CN=east.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' | loading right certificate 'east' pubkey | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x556cec5091a8 | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x556cec509158 | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x556cec509108 | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x556cec508e78 | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x556cec508e28 | unreference key: 0x556cec5091f8 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org cnt 1-- | certs and keys locked by 'lsw_add_rsa_secret' | certs and keys unlocked by 'lsw_add_rsa_secret' | counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org is 0 | based upon policy, the connection is a template. | connect_to_host_pair: 192.1.2.23:500 192.1.3.33:500 -> hp@(nil): none | new hp@0x556cec509108 added connection description "north-east-x509-pluto-02" | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | 192.0.2.0/24===192.1.2.23<192.1.2.23>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org]---192.1.2.254...192.1.3.33<192.1.3.33>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=*, E=*]===192.0.3.0/24 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.981 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | FOR_EACH_CONNECTION_... in show_connections_status | FOR_EACH_CONNECTION_... in show_connections_status | FOR_EACH_STATE_... in show_states_status (sort_states) | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.353 milliseconds in whack | spent 0.00287 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 792 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) | 36 67 48 ca 2c 02 e3 76 00 00 00 00 00 00 00 00 | 01 10 02 00 00 00 00 00 00 00 03 18 0d 00 02 84 | 00 00 00 01 00 00 00 01 00 00 02 78 00 01 00 12 | 03 00 00 24 00 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 07 80 02 00 04 80 03 00 03 80 04 00 0e | 80 0e 01 00 03 00 00 24 01 01 00 00 80 0b 00 01 | 80 0c 0e 10 80 01 00 07 80 02 00 04 80 03 00 03 | 80 04 00 0e 80 0e 00 80 03 00 00 24 02 01 00 00 | 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 06 | 80 03 00 03 80 04 00 0e 80 0e 01 00 03 00 00 24 | 03 01 00 00 80 0b 00 01 80 0c 0e 10 80 01 00 07 | 80 02 00 06 80 03 00 03 80 04 00 0e 80 0e 00 80 | 03 00 00 24 04 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 07 80 02 00 02 80 03 00 03 80 04 00 0e | 80 0e 01 00 03 00 00 24 05 01 00 00 80 0b 00 01 | 80 0c 0e 10 80 01 00 07 80 02 00 02 80 03 00 03 | 80 04 00 0e 80 0e 00 80 03 00 00 24 06 01 00 00 | 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 04 | 80 03 00 03 80 04 00 05 80 0e 01 00 03 00 00 24 | 07 01 00 00 80 0b 00 01 80 0c 0e 10 80 01 00 07 | 80 02 00 04 80 03 00 03 80 04 00 05 80 0e 00 80 | 03 00 00 24 08 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 07 80 02 00 06 80 03 00 03 80 04 00 05 | 80 0e 01 00 03 00 00 24 09 01 00 00 80 0b 00 01 | 80 0c 0e 10 80 01 00 07 80 02 00 06 80 03 00 03 | 80 04 00 05 80 0e 00 80 03 00 00 24 0a 01 00 00 | 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 02 | 80 03 00 03 80 04 00 05 80 0e 01 00 03 00 00 24 | 0b 01 00 00 80 0b 00 01 80 0c 0e 10 80 01 00 07 | 80 02 00 02 80 03 00 03 80 04 00 05 80 0e 00 80 | 03 00 00 20 0c 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 05 80 02 00 04 80 03 00 03 80 04 00 0e | 03 00 00 20 0d 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 05 80 02 00 06 80 03 00 03 80 04 00 0e | 03 00 00 20 0e 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 05 80 02 00 02 80 03 00 03 80 04 00 0e | 03 00 00 20 0f 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 05 80 02 00 04 80 03 00 03 80 04 00 05 | 03 00 00 20 10 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 05 80 02 00 06 80 03 00 03 80 04 00 05 | 00 00 00 20 11 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 05 80 02 00 02 80 03 00 03 80 04 00 05 | 0d 00 00 14 40 48 b7 d5 6e bc e8 85 25 e7 de 7f | 00 d6 c2 d3 0d 00 00 14 af ca d7 13 68 a1 f1 c9 | 6b 86 96 fc 77 57 01 00 0d 00 00 14 4a 13 1c 81 | 07 03 58 45 5c 57 28 f2 0e 95 45 2f 0d 00 00 14 | 7d 94 19 a6 53 10 ca 6f 2c 17 9d 92 15 52 9d 56 | 0d 00 00 14 90 cb 80 91 3e bb 69 6e 08 63 81 b5 | ec 42 7b 1f 00 00 00 14 cd 60 46 43 35 df 21 f8 | 7c fd b2 fc 68 b6 a4 48 | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 36 67 48 ca 2c 02 e3 76 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_SA (0x1) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 792 (0x318) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: IKEv1 state not found (find_state_ikev1_init) | #null state always idle | got payload 0x2 (ISAKMP_NEXT_SA) needed: 0x2 opt: 0x2080 | ***parse ISAKMP Security Association Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | length: 644 (0x284) | DOI: ISAKMP_DOI_IPSEC (0x1) | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 | ***parse ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | length: 20 (0x14) | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 | ***parse ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | length: 20 (0x14) | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 | ***parse ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | length: 20 (0x14) | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 | ***parse ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | length: 20 (0x14) | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 | ***parse ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | length: 20 (0x14) | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 | ***parse ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 20 (0x14) | message 'main_inI1_outR1' HASH payload not checked early | received Vendor ID payload [FRAGMENTATION] | received Vendor ID payload [Dead Peer Detection] | quirks.qnat_traversal_vid set to=117 [RFC 3947] | received Vendor ID payload [RFC 3947] | Ignoring older NAT-T Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] | ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] | Ignoring older NAT-T Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] | ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] | Ignoring older NAT-T Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] | ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] | in statetime_start() with no state | find_host_connection local=192.1.2.23:500 remote=192.1.3.33:500 policy=IKEV1_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.3.33:500 but ignoring ports | find_next_host_connection policy=IKEV1_ALLOW | found policy = RSASIG+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (north-east-x509-pluto-02) | find_next_host_connection returns north-east-x509-pluto-02 | find_next_host_connection policy=IKEV1_ALLOW | find_next_host_connection returns empty | remote end has wildcard ID, needs instantiation | find_host_pair: comparing 192.1.2.23:500 to 192.1.3.33:500 but ignoring ports | connect_to_host_pair: 192.1.2.23:500 192.1.3.33:500 -> hp@0x556cec509108: north-east-x509-pluto-02 | rw_instantiate() instantiated "north-east-x509-pluto-02"[1] 192.1.3.33 for 192.1.3.33 | creating state object #1 at 0x556cec50fd68 | State DB: adding IKEv1 state #1 in UNDEFINED | pstats #1 ikev1.isakmp started | #1 updating local interface from to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2669) | start processing: state #1 connection "north-east-x509-pluto-02"[1] 192.1.3.33 from 192.1.3.33:500 (in main_inI1_outR1() at ikev1_main.c:667) | parent state #1: UNDEFINED(ignore) => MAIN_R0(half-open IKE SA) | sender checking NAT-T: enabled; VID 117 | returning NAT-T method NAT_TRAVERSAL_METHOD_IETF_RFC | enabling possible NAT-traversal with method RFC 3947 (NAT-Traversal) "north-east-x509-pluto-02"[1] 192.1.3.33 #1: responding to Main Mode from unknown peer 192.1.3.33 on port 500 | ICOOKIE-DUMP: 36 67 48 ca 2c 02 e3 76 | **emit ISAKMP Message: | initiator cookie: | 36 67 48 ca 2c 02 e3 76 | responder cookie: | c5 5c 56 42 8e f1 f9 30 | next payload type: ISAKMP_NEXT_SA (0x1) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | next payload chain: ignoring supplied 'ISAKMP Message'.'next payload type' value 1:ISAKMP_NEXT_SA | ***emit ISAKMP Security Association Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | DOI: ISAKMP_DOI_IPSEC (0x1) | next payload chain: ignoring supplied 'ISAKMP Security Association Payload'.'next payload type' value 13:ISAKMP_NEXT_VID | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Security Association Payload (1:ISAKMP_NEXT_SA) | next payload chain: saving location 'ISAKMP Security Association Payload'.'next payload type' in 'reply packet' | ****parse IPsec DOI SIT: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) | ****parse ISAKMP Proposal Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 632 (0x278) | proposal number: 0 (0x0) | protocol ID: PROTO_ISAKMP (0x1) | SPI size: 0 (0x0) | number of transforms: 18 (0x12) | *****parse ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | length: 36 (0x24) | ISAKMP transform number: 0 (0x0) | ISAKMP transform ID: KEY_IKE (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | [7 is OAKLEY_AES_CBC] | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 4 (0x4) | [4 is OAKLEY_SHA2_256] | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 3 (0x3) | [3 is OAKLEY_RSA_SIG] | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | OAKLEY proposal verified unconditionally; no alg_info to check against | Oakley Transform 0 accepted | ****emit IPsec DOI SIT: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) | ****emit ISAKMP Proposal Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | proposal number: 0 (0x0) | protocol ID: PROTO_ISAKMP (0x1) | SPI size: 0 (0x0) | number of transforms: 1 (0x1) | last substructure: saving location 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP transform number: 0 (0x0) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | emitting 28 raw bytes of attributes into ISAKMP Transform Payload (ISAKMP) | attributes 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 04 | attributes 80 03 00 03 80 04 00 0e 80 0e 01 00 | emitting length of ISAKMP Transform Payload (ISAKMP): 36 | emitting length of ISAKMP Proposal Payload: 44 | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is 0 | emitting length of ISAKMP Security Association Payload: 56 | last substructure: checking 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' is 0 | out_vid(): sending [FRAGMENTATION] | ***emit ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | next payload chain: ignoring supplied 'ISAKMP Vendor ID Payload'.'next payload type' value 13:ISAKMP_NEXT_VID | next payload chain: setting previous 'ISAKMP Security Association Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload | V_ID 40 48 b7 d5 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3 | emitting length of ISAKMP Vendor ID Payload: 20 | out_vid(): sending [Dead Peer Detection] | ***emit ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload | V_ID af ca d7 13 68 a1 f1 c9 6b 86 96 fc 77 57 01 00 | emitting length of ISAKMP Vendor ID Payload: 20 | out_vid(): sending [RFC 3947] | ***emit ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload | V_ID 4a 13 1c 81 07 03 58 45 5c 57 28 f2 0e 95 45 2f | emitting length of ISAKMP Vendor ID Payload: 20 | no IKEv1 message padding required | emitting length of ISAKMP Message: 144 | complete v1 state transition with STF_OK | [RE]START processing: state #1 connection "north-east-x509-pluto-02"[1] 192.1.3.33 from 192.1.3.33:500 (in complete_v1_state_transition() at ikev1.c:2673) | #1 is idle | doing_xauth:no, t_xauth_client_done:no | peer supports fragmentation | peer supports DPD | IKEv1: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 | parent state #1: MAIN_R0(half-open IKE SA) => MAIN_R1(open IKE SA) | event_already_set, deleting event | sending reply packet to 192.1.3.33:500 (from 192.1.2.23:500) | sending 144 bytes for STATE_MAIN_R0 through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) | 36 67 48 ca 2c 02 e3 76 c5 5c 56 42 8e f1 f9 30 | 01 10 02 00 00 00 00 00 00 00 00 90 0d 00 00 38 | 00 00 00 01 00 00 00 01 00 00 00 2c 00 01 00 01 | 00 00 00 24 00 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 07 80 02 00 04 80 03 00 03 80 04 00 0e | 80 0e 01 00 0d 00 00 14 40 48 b7 d5 6e bc e8 85 | 25 e7 de 7f 00 d6 c2 d3 0d 00 00 14 af ca d7 13 | 68 a1 f1 c9 6b 86 96 fc 77 57 01 00 00 00 00 14 | 4a 13 1c 81 07 03 58 45 5c 57 28 f2 0e 95 45 2f | !event_already_set at reschedule | event_schedule: new EVENT_SO_DISCARD-pe@0x556cec50cef8 | inserting event EVENT_SO_DISCARD, timeout in 60 seconds for #1 | libevent_malloc: new ptr-libevent@0x556cec50cf68 size 128 "north-east-x509-pluto-02"[1] 192.1.3.33 #1: STATE_MAIN_R1: sent MR1, expecting MI2 | modecfg pull: noquirk policy:push not-client | phase 1 is done, looking for phase 2 to unpend | stop processing: from 192.1.3.33:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "north-east-x509-pluto-02"[1] 192.1.3.33 from 192.1.3.33:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.457 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00223 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 396 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) | 36 67 48 ca 2c 02 e3 76 c5 5c 56 42 8e f1 f9 30 | 04 10 02 00 00 00 00 00 00 00 01 8c 0a 00 01 04 | b1 1f 13 40 b4 3e 6b 41 3c 80 c4 0d e4 33 62 9d | 2c 7f 3c 0e 81 52 91 e4 8d 26 94 a2 e7 66 25 1f | 84 8f 8a be 70 df b8 39 14 c7 d6 19 7e 30 01 bd | eb c1 40 8f 87 c1 a9 0e b7 e9 2d f4 56 bc cf 67 | 28 d4 4a 59 85 06 10 12 d5 cd a2 5f 3c ae 21 a6 | b4 b5 4a 65 be c0 33 2c aa 4c a5 84 83 37 66 ed | 6c 36 11 81 62 13 03 73 d2 0b da 8c 62 fa 8f aa | 52 8f cd c8 6d 86 c8 f0 c0 86 52 b2 86 8e ac 1e | 61 27 bc 82 ce 9d 4b 7e 5e 86 cc 00 32 41 c7 95 | 57 2c 61 cc 5a f1 53 33 fd 11 e3 7b b5 d5 93 f3 | 3d 5e 4f a0 1e 6b 98 64 38 7a 27 e2 70 d2 4f 33 | 32 8f 4e ad 43 9b 3a 6e 73 db bc 3d 28 eb 86 ae | cb 44 ca 2f 5f 40 26 03 4a d6 18 db 29 c3 3d 95 | a4 07 79 e1 86 ea fa 40 6c 5d d7 29 88 00 0e ab | 8e 05 6a c3 cf 84 12 07 58 dd 85 f3 ac 2b f8 47 | 48 42 f4 71 fb c9 97 76 c3 b3 9e 4d d0 eb b1 51 | 14 00 00 24 de 46 04 f7 59 88 a0 3b 10 e1 14 4e | 6d 2e 18 5f 8b 29 2e 4a 67 a2 04 86 7a ae c5 a0 | ac e8 27 4b 14 00 00 24 e8 58 67 59 b3 4c 19 e4 | d1 e2 68 8e 0b 5b b6 b7 b3 9f b9 e9 82 3b a8 19 | 75 f6 bc e9 16 f4 39 f1 00 00 00 24 79 53 e5 e4 | 2a 88 1f 82 b1 01 e5 0c 51 b3 99 6d ec 6f c2 ae | 88 c6 66 3c 31 ad 23 5c 96 0a eb 7b | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 36 67 48 ca 2c 02 e3 76 | responder cookie: | c5 5c 56 42 8e f1 f9 30 | next payload type: ISAKMP_NEXT_KE (0x4) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 396 (0x18c) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R1 (find_state_ikev1) | start processing: state #1 connection "north-east-x509-pluto-02"[1] 192.1.3.33 from 192.1.3.33:500 (in process_v1_packet() at ikev1.c:1459) | #1 is idle | #1 idle | got payload 0x10 (ISAKMP_NEXT_KE) needed: 0x410 opt: 0x102080 | ***parse ISAKMP Key Exchange Payload: | next payload type: ISAKMP_NEXT_NONCE (0xa) | length: 260 (0x104) | got payload 0x400 (ISAKMP_NEXT_NONCE) needed: 0x400 opt: 0x102080 | ***parse ISAKMP Nonce Payload: | next payload type: ISAKMP_NEXT_NATD_RFC (0x14) | length: 36 (0x24) | got payload 0x100000 (ISAKMP_NEXT_NATD_RFC) needed: 0x0 opt: 0x102080 | ***parse ISAKMP NAT-D Payload: | next payload type: ISAKMP_NEXT_NATD_RFC (0x14) | length: 36 (0x24) | got payload 0x100000 (ISAKMP_NEXT_NATD_RFC) needed: 0x0 opt: 0x102080 | ***parse ISAKMP NAT-D Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 36 (0x24) | message 'main_inI2_outR2' HASH payload not checked early | init checking NAT-T: enabled; RFC 3947 (NAT-Traversal) | natd_hash: hasher=0x556ceab84ca0(32) | natd_hash: icookie= 36 67 48 ca 2c 02 e3 76 | natd_hash: rcookie= c5 5c 56 42 8e f1 f9 30 | natd_hash: ip= c0 01 02 17 | natd_hash: port=500 | natd_hash: hash= e8 58 67 59 b3 4c 19 e4 d1 e2 68 8e 0b 5b b6 b7 | natd_hash: hash= b3 9f b9 e9 82 3b a8 19 75 f6 bc e9 16 f4 39 f1 | natd_hash: hasher=0x556ceab84ca0(32) | natd_hash: icookie= 36 67 48 ca 2c 02 e3 76 | natd_hash: rcookie= c5 5c 56 42 8e f1 f9 30 | natd_hash: ip= c0 01 03 21 | natd_hash: port=500 | natd_hash: hash= 79 53 e5 e4 2a 88 1f 82 b1 01 e5 0c 51 b3 99 6d | natd_hash: hash= ec 6f c2 ae 88 c6 66 3c 31 ad 23 5c 96 0a eb 7b | expected NAT-D(me): e8 58 67 59 b3 4c 19 e4 d1 e2 68 8e 0b 5b b6 b7 | expected NAT-D(me): b3 9f b9 e9 82 3b a8 19 75 f6 bc e9 16 f4 39 f1 | expected NAT-D(him): | 79 53 e5 e4 2a 88 1f 82 b1 01 e5 0c 51 b3 99 6d | ec 6f c2 ae 88 c6 66 3c 31 ad 23 5c 96 0a eb 7b | received NAT-D: e8 58 67 59 b3 4c 19 e4 d1 e2 68 8e 0b 5b b6 b7 | received NAT-D: b3 9f b9 e9 82 3b a8 19 75 f6 bc e9 16 f4 39 f1 | received NAT-D: 79 53 e5 e4 2a 88 1f 82 b1 01 e5 0c 51 b3 99 6d | received NAT-D: ec 6f c2 ae 88 c6 66 3c 31 ad 23 5c 96 0a eb 7b | NAT_TRAVERSAL encaps using auto-detect | NAT_TRAVERSAL this end is NOT behind NAT | NAT_TRAVERSAL that end is NOT behind NAT | NAT_TRAVERSAL nat-keepalive enabled 192.1.3.33 | NAT-Traversal: Result using RFC 3947 (NAT-Traversal) sender port 500: no NAT detected | NAT_T_WITH_KA detected | global one-shot timer EVENT_NAT_T_KEEPALIVE scheduled in 20 seconds | adding inI2_outR2 KE work-order 1 for state #1 | state #1 requesting EVENT_SO_DISCARD to be deleted | libevent_free: release ptr-libevent@0x556cec50cf68 | free_event_entry: release EVENT_SO_DISCARD-pe@0x556cec50cef8 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x556cec50cef8 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 | libevent_malloc: new ptr-libevent@0x556cec50d4b8 size 128 | complete v1 state transition with STF_SUSPEND | [RE]START processing: state #1 connection "north-east-x509-pluto-02"[1] 192.1.3.33 from 192.1.3.33:500 (in complete_v1_state_transition() at ikev1.c:2648) | crypto helper 0 resuming | suspending state #1 and saving MD | #1 is busy; has a suspended MD | crypto helper 0 starting work-order 1 for state #1 | #1 spent 0.0897 milliseconds in process_packet_tail() | stop processing: from 192.1.3.33:500 (BACKGROUND) (in process_md() at demux.c:380) | crypto helper 0 doing build KE and nonce (inI2_outR2 KE); request ID 1 | stop processing: state #1 connection "north-east-x509-pluto-02"[1] 192.1.3.33 from 192.1.3.33:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.189 milliseconds in comm_handle_cb() reading and processing packet | crypto helper 0 finished build KE and nonce (inI2_outR2 KE); request ID 1 time elapsed 0.000566 seconds | (#1) spent 0.57 milliseconds in crypto helper computing work-order 1: inI2_outR2 KE (pcr) | crypto helper 0 sending results from work-order 1 for state #1 to event queue | scheduling resume sending helper answer for #1 | libevent_malloc: new ptr-libevent@0x7f5770002888 size 128 | crypto helper 0 waiting (nothing to do) | processing resume sending helper answer for #1 | start processing: state #1 connection "north-east-x509-pluto-02"[1] 192.1.3.33 from 192.1.3.33:500 (in resume_handler() at server.c:797) | crypto helper 0 replies to request ID 1 | calling continuation function 0x556ceaaafb50 | main_inI2_outR2_continue for #1: calculated ke+nonce, sending R2 | **emit ISAKMP Message: | initiator cookie: | 36 67 48 ca 2c 02 e3 76 | responder cookie: | c5 5c 56 42 8e f1 f9 30 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit ISAKMP Key Exchange Payload: | next payload type: ISAKMP_NEXT_NONCE (0xa) | next payload chain: ignoring supplied 'ISAKMP Key Exchange Payload'.'next payload type' value 10:ISAKMP_NEXT_NONCE | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Key Exchange Payload (4:ISAKMP_NEXT_KE) | next payload chain: saving location 'ISAKMP Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of keyex value into ISAKMP Key Exchange Payload | keyex value e4 a7 5e b6 09 c0 05 f7 6d e2 73 f5 d5 ed bc 91 | keyex value 5a da 6a 8a e3 32 9e e8 00 12 4e 52 c4 5c a2 f9 | keyex value f3 57 ed b1 13 7f 9f d8 14 d2 f9 23 ef 49 f0 49 | keyex value 39 9b 6e 08 6c 34 e6 52 31 d3 09 14 91 a9 e4 29 | keyex value 7e 8c c5 36 af 6e 12 46 c2 17 6d 03 55 8c f5 45 | keyex value be 73 18 90 dc fb 56 6e 44 70 1a 54 99 90 73 f7 | keyex value b3 54 6e 20 ef ac 65 56 c0 63 de 33 66 d6 15 9c | keyex value 70 be d8 c8 ba a7 93 13 8e fb b9 d5 02 ad 29 94 | keyex value 56 89 3b 4d 96 e3 59 53 8d 24 ff 73 83 bc e2 d7 | keyex value 0a 16 0d c1 7d a9 25 24 c1 51 ec 08 6d d1 47 50 | keyex value e0 0d f8 04 69 71 2b db af b2 b5 56 79 b5 ce df | keyex value fe 60 f5 f9 b9 92 15 a4 50 8a d8 4b aa 9e 1d bc | keyex value 90 c5 25 f6 e8 1c fc a9 03 6a 6f b5 c2 19 2a 1f | keyex value eb 40 f9 3c ff 65 64 ad c6 94 49 9e eb 31 93 61 | keyex value 58 68 af 41 9c 46 52 00 c6 ac e1 5e 20 82 2c 0a | keyex value 43 34 5c 6b 24 f9 0d 6a d5 9b 47 75 da 93 3e a3 | emitting length of ISAKMP Key Exchange Payload: 260 | ***emit ISAKMP Nonce Payload: | next payload type: ISAKMP_NEXT_CR (0x7) | next payload chain: ignoring supplied 'ISAKMP Nonce Payload'.'next payload type' value 7:ISAKMP_NEXT_CR | next payload chain: setting previous 'ISAKMP Key Exchange Payload'.'next payload type' to current ISAKMP Nonce Payload (10:ISAKMP_NEXT_NONCE) | next payload chain: saving location 'ISAKMP Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of Nr into ISAKMP Nonce Payload | Nr 44 bb 04 8f 39 f7 74 7e 0f d2 ff 5e 73 21 b6 30 | Nr 82 2e 44 24 69 ca da 28 31 81 f9 be 9a df cd b2 | emitting length of ISAKMP Nonce Payload: 36 | ***emit ISAKMP Certificate RequestPayload: | next payload type: ISAKMP_NEXT_NONE (0x0) | cert type: CERT_X509_SIGNATURE (0x4) | next payload chain: setting previous 'ISAKMP Nonce Payload'.'next payload type' to current ISAKMP Certificate RequestPayload (7:ISAKMP_NEXT_CR) | next payload chain: saving location 'ISAKMP Certificate RequestPayload'.'next payload type' in 'reply packet' | emitting length of ISAKMP Certificate RequestPayload: 5 | sending NAT-D payloads | natd_hash: hasher=0x556ceab84ca0(32) | natd_hash: icookie= 36 67 48 ca 2c 02 e3 76 | natd_hash: rcookie= c5 5c 56 42 8e f1 f9 30 | natd_hash: ip= c0 01 03 21 | natd_hash: port=500 | natd_hash: hash= 79 53 e5 e4 2a 88 1f 82 b1 01 e5 0c 51 b3 99 6d | natd_hash: hash= ec 6f c2 ae 88 c6 66 3c 31 ad 23 5c 96 0a eb 7b | ***emit ISAKMP NAT-D Payload: | next payload type: ISAKMP_NEXT_NATD_RFC (0x14) | next payload chain: ignoring supplied 'ISAKMP NAT-D Payload'.'next payload type' value 20:ISAKMP_NEXT_NATD_RFC | next payload chain: setting previous 'ISAKMP Certificate RequestPayload'.'next payload type' to current ISAKMP NAT-D Payload (20:ISAKMP_NEXT_NATD_RFC) | next payload chain: saving location 'ISAKMP NAT-D Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of NAT-D into ISAKMP NAT-D Payload | NAT-D 79 53 e5 e4 2a 88 1f 82 b1 01 e5 0c 51 b3 99 6d | NAT-D ec 6f c2 ae 88 c6 66 3c 31 ad 23 5c 96 0a eb 7b | emitting length of ISAKMP NAT-D Payload: 36 | natd_hash: hasher=0x556ceab84ca0(32) | natd_hash: icookie= 36 67 48 ca 2c 02 e3 76 | natd_hash: rcookie= c5 5c 56 42 8e f1 f9 30 | natd_hash: ip= c0 01 02 17 | natd_hash: port=500 | natd_hash: hash= e8 58 67 59 b3 4c 19 e4 d1 e2 68 8e 0b 5b b6 b7 | natd_hash: hash= b3 9f b9 e9 82 3b a8 19 75 f6 bc e9 16 f4 39 f1 | ***emit ISAKMP NAT-D Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP NAT-D Payload'.'next payload type' to current ISAKMP NAT-D Payload (20:ISAKMP_NEXT_NATD_RFC) | next payload chain: saving location 'ISAKMP NAT-D Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of NAT-D into ISAKMP NAT-D Payload | NAT-D e8 58 67 59 b3 4c 19 e4 d1 e2 68 8e 0b 5b b6 b7 | NAT-D b3 9f b9 e9 82 3b a8 19 75 f6 bc e9 16 f4 39 f1 | emitting length of ISAKMP NAT-D Payload: 36 | padding IKEv1 message with 3 bytes | emitting 3 zero bytes of message padding into ISAKMP Message | emitting length of ISAKMP Message: 404 | main inI2_outR2: starting async DH calculation (group=14) | started looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=*, E=* of kind PKK_PSK | actually looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=*, E=* of kind PKK_PSK | line 0: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org) to type PKK_RSA | line 1: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org) to type PKK_RSA | concluding with best_match=000 best=(nil) (lineno=-1) | no PreShared Key Found | adding main_inI2_outR2_tail work-order 2 for state #1 | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x556cec50d4b8 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x556cec50cef8 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x556cec50cef8 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 | libevent_malloc: new ptr-libevent@0x556cec510ba8 size 128 | #1 main_inI2_outR2_continue1_tail:1165 st->st_calculating = FALSE; | complete v1 state transition with STF_OK | [RE]START processing: state #1 connection "north-east-x509-pluto-02"[1] 192.1.3.33 from 192.1.3.33:500 (in complete_v1_state_transition() at ikev1.c:2673) | #1 is idle; has background offloaded task | doing_xauth:no, t_xauth_client_done:no | IKEv1: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2 | crypto helper 2 resuming | crypto helper 2 starting work-order 2 for state #1 | parent state #1: MAIN_R1(open IKE SA) => MAIN_R2(open IKE SA) | event_already_set, deleting event | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted | crypto helper 2 doing compute dh+iv (V1 Phase 1) (main_inI2_outR2_tail); request ID 2 | libevent_free: release ptr-libevent@0x556cec510ba8 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x556cec50cef8 | sending reply packet to 192.1.3.33:500 (from 192.1.2.23:500) | sending 404 bytes for STATE_MAIN_R1 through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) | 36 67 48 ca 2c 02 e3 76 c5 5c 56 42 8e f1 f9 30 | 04 10 02 00 00 00 00 00 00 00 01 94 0a 00 01 04 | e4 a7 5e b6 09 c0 05 f7 6d e2 73 f5 d5 ed bc 91 | 5a da 6a 8a e3 32 9e e8 00 12 4e 52 c4 5c a2 f9 | f3 57 ed b1 13 7f 9f d8 14 d2 f9 23 ef 49 f0 49 | 39 9b 6e 08 6c 34 e6 52 31 d3 09 14 91 a9 e4 29 | 7e 8c c5 36 af 6e 12 46 c2 17 6d 03 55 8c f5 45 | be 73 18 90 dc fb 56 6e 44 70 1a 54 99 90 73 f7 | b3 54 6e 20 ef ac 65 56 c0 63 de 33 66 d6 15 9c | 70 be d8 c8 ba a7 93 13 8e fb b9 d5 02 ad 29 94 | 56 89 3b 4d 96 e3 59 53 8d 24 ff 73 83 bc e2 d7 | 0a 16 0d c1 7d a9 25 24 c1 51 ec 08 6d d1 47 50 | e0 0d f8 04 69 71 2b db af b2 b5 56 79 b5 ce df | fe 60 f5 f9 b9 92 15 a4 50 8a d8 4b aa 9e 1d bc | 90 c5 25 f6 e8 1c fc a9 03 6a 6f b5 c2 19 2a 1f | eb 40 f9 3c ff 65 64 ad c6 94 49 9e eb 31 93 61 | 58 68 af 41 9c 46 52 00 c6 ac e1 5e 20 82 2c 0a | 43 34 5c 6b 24 f9 0d 6a d5 9b 47 75 da 93 3e a3 | 07 00 00 24 44 bb 04 8f 39 f7 74 7e 0f d2 ff 5e | 73 21 b6 30 82 2e 44 24 69 ca da 28 31 81 f9 be | 9a df cd b2 14 00 00 05 04 14 00 00 24 79 53 e5 | e4 2a 88 1f 82 b1 01 e5 0c 51 b3 99 6d ec 6f c2 | ae 88 c6 66 3c 31 ad 23 5c 96 0a eb 7b 00 00 00 | 24 e8 58 67 59 b3 4c 19 e4 d1 e2 68 8e 0b 5b b6 | b7 b3 9f b9 e9 82 3b a8 19 75 f6 bc e9 16 f4 39 | f1 00 00 00 | !event_already_set at reschedule | event_schedule: new EVENT_RETRANSMIT-pe@0x556cec50cef8 | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #1 | libevent_malloc: new ptr-libevent@0x556cec510ba8 size 128 | #1 STATE_MAIN_R2: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 11214.186051 "north-east-x509-pluto-02"[1] 192.1.3.33 #1: STATE_MAIN_R2: sent MR2, expecting MI3 | modecfg pull: noquirk policy:push not-client | phase 1 is done, looking for phase 2 to unpend | resume sending helper answer for #1 suppresed complete_v1_state_transition() | #1 spent 0.266 milliseconds in resume sending helper answer | stop processing: state #1 connection "north-east-x509-pluto-02"[1] 192.1.3.33 from 192.1.3.33:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f5770002888 | crypto helper 2 finished compute dh+iv (V1 Phase 1) (main_inI2_outR2_tail); request ID 2 time elapsed 0.001163 seconds | (#1) spent 1.16 milliseconds in crypto helper computing work-order 2: main_inI2_outR2_tail (pcr) | crypto helper 2 sending results from work-order 2 for state #1 to event queue | scheduling resume sending helper answer for #1 | libevent_malloc: new ptr-libevent@0x7f5768000f48 size 128 | crypto helper 2 waiting (nothing to do) | processing resume sending helper answer for #1 | start processing: state #1 connection "north-east-x509-pluto-02"[1] 192.1.3.33 from 192.1.3.33:500 (in resume_handler() at server.c:797) | crypto helper 2 replies to request ID 2 | calling continuation function 0x556ceaaafb50 | main_inI2_outR2_calcdone for #1: calculate DH finished | [RE]START processing: state #1 connection "north-east-x509-pluto-02"[1] 192.1.3.33 from 192.1.3.33:500 (in main_inI2_outR2_continue2() at ikev1_main.c:1015) | stop processing: state #1 connection "north-east-x509-pluto-02"[1] 192.1.3.33 from 192.1.3.33:500 (in main_inI2_outR2_continue2() at ikev1_main.c:1028) | resume sending helper answer for #1 suppresed complete_v1_state_transition() | #1 spent 0.0199 milliseconds in resume sending helper answer | processing: STOP state #0 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f5768000f48 | spent 0.00281 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 2028 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) | 36 67 48 ca 2c 02 e3 76 c5 5c 56 42 8e f1 f9 30 | 05 10 02 01 00 00 00 00 00 00 07 ec b3 33 97 db | 3b b6 7f 78 5d 78 24 38 3c f5 7c 90 29 4a 65 40 | 3d 9d 57 13 6b c9 44 1d 73 b1 90 7d f8 2d 13 de | eb 7d 6d 39 64 c9 bb 04 d2 e4 ad 31 56 42 75 9e | 25 b4 3f 14 df 41 4e f3 27 49 e9 2d c1 1b 65 e7 | f6 93 3e 31 cd 35 81 f3 8f ce 49 d9 1e ba 7e 7f | 5f d5 16 e6 98 d6 26 06 8f 9d 00 16 28 04 21 40 | 7f 56 44 b7 b7 7f b7 3f 42 6f 8d 08 f4 b9 e0 1b | db 25 f7 81 44 10 ce 10 b7 67 64 af 74 aa 3a 78 | 64 76 fc 3a 30 6f 89 c7 56 0d 96 09 9c b8 96 50 | 47 d9 05 75 91 66 b4 94 b8 70 1f 55 ea 4c 0d 23 | f2 ca 3a 89 bb f4 b5 b5 b9 1d ba 5f a7 49 6f c1 | f9 4f 53 b9 1b 94 85 ca 2f 59 c9 64 1c c1 32 5c | d8 bb a7 a3 de 80 53 65 81 62 15 e6 74 06 ae 76 | f6 84 45 6f 16 38 67 2c ce 8a c0 12 3d a2 b5 8f | 16 8a 15 be 22 ec 60 24 64 71 0f bd b3 27 24 b3 | 1a 60 b0 8c 61 34 5b 41 0e 9f 48 ad 74 c9 11 0d | 96 52 a5 b5 d1 4a cb 2e e9 f0 94 49 99 60 b7 3c | 63 7c 97 41 0f 17 08 be 34 80 ef e2 d1 d7 6a 70 | c9 03 eb 76 56 b0 92 42 f5 62 ef 10 c0 1b 3b eb | c2 54 e0 b7 25 ae cc db c8 22 3f 74 7e e4 33 32 | fe e8 8f f7 f9 70 73 c9 42 a3 04 c3 e4 9e bf 6e | d5 75 14 53 95 76 bd a3 a0 8d 26 73 f5 17 1a e2 | b5 e9 7a aa f0 a9 5b e6 8c 2a 0b f6 b9 97 56 23 | d5 9a 08 6d 93 f1 8c 30 0c 04 28 93 82 8e 3b c7 | dd b6 3f 45 4f 2f 6f 3e cd 93 30 0e b0 cd 44 7c | c8 35 34 b3 93 3d 88 c5 ec 4c 83 6b 4c ce 21 9e | 91 75 93 aa 2c f2 12 06 4c 2d bd 02 e1 c4 1c 2b | 3a 5a 6a 03 6f 54 28 4a 91 5b ea 7b a5 27 3b 0b | d5 e8 84 6c b7 b8 77 86 ca 6b d7 b3 a4 83 c3 11 | 10 a1 55 d7 32 ec d5 34 ba 9c 2a 38 be 35 c0 b7 | 0b 87 cf 86 87 52 35 42 95 16 95 cc a1 b7 6b 19 | f2 bf 5e a1 6e 33 bd c0 4e 92 ca 7c 4c 35 75 db | c0 4b 1b 07 55 1f 3f c4 e1 74 fa d1 31 66 82 b6 | 72 d6 a9 5c 71 3d 4b 49 93 d9 df 7c 5d 79 91 4c | 4d b5 60 db a8 ed 8d ad f8 fd a3 33 d8 d5 23 99 | 98 67 20 9c f7 16 4a 7f 2b 5e 23 47 76 3c 91 bf | a7 64 46 da cf ff b8 80 59 e7 11 6b 1d 8a 07 a5 | e0 1f 1f 85 76 ed 3a 2a 37 16 b0 e1 cc f4 5f 16 | 05 2c 4c a5 05 0d a6 12 ae 9f 2f a8 8a 4c bc ad | 48 c1 c7 7b fd 0f 9b 4d 0d 22 d3 94 d2 c5 06 62 | 4a fa e2 03 6b a3 12 6a 7d 9f a8 d9 57 2a 9b c9 | ab 87 18 45 00 27 4b cf e3 33 c3 2d 23 17 b9 b6 | d3 dc cd 18 4f ac fe f1 31 5f 8c 0d bf 46 db 51 | 89 f1 61 96 a7 5d 7c 84 e7 1f 93 54 7c 80 a8 d7 | 42 c8 22 d2 a9 b7 5b a4 eb 80 65 fa a8 b7 0d 48 | b3 c2 59 dd 81 f0 f4 fa f1 a3 44 8d 52 3f e4 09 | f7 6d 4c 99 34 42 a9 4f 33 e8 c2 7c ab ab c9 f0 | 77 1b 65 2c 5c fa da 76 22 1a 8f 89 fe 3c b6 2a | ca e9 c8 ea 74 18 cc 95 98 21 c9 8e 5e a7 76 ba | 39 da 41 df db 6b f1 25 d3 98 73 8d b1 71 d3 a3 | 42 ff 1f f7 3e 82 04 e0 b5 a3 cb 6e 53 46 62 e0 | 34 39 52 33 0d 28 bc ec 8a 25 af d3 bc 3e a2 1d | 22 12 de 57 40 bf ce ac 68 ca 91 6f 4c 94 f6 82 | 69 34 4e 9d ff f5 40 e6 fb f4 99 a6 49 e9 b8 a6 | 4f 4d 96 ae 80 5e ff 50 16 27 f1 c0 38 5b 0c a0 | 89 3e 4e c1 f3 01 40 d9 c0 bf d0 53 9f 23 86 41 | 8f 16 29 e3 3d 74 b9 99 95 e8 b1 f4 b7 bd be 45 | 36 10 c4 db b5 77 a0 46 75 82 f5 af 1a 35 ad 00 | b0 74 cb 22 43 36 24 09 e8 9f 55 c0 03 11 1b 1d | b1 e0 fe 2e 8f d8 ba 9f 06 e0 16 22 23 2f 9e 14 | 26 35 ba da 39 8d 94 7a 58 6e 05 9a f5 6e e3 9b | 12 2e a8 09 73 46 f1 b8 fb 6e 6c bc 4b c5 32 12 | fb e5 a5 9d 52 af 87 3d a6 f2 f1 d0 e5 74 21 ec | 5a 37 ef 2d 4a a7 dd 3b 18 ae 9f cc f8 52 db f7 | a3 58 3d 56 37 90 e8 4a f5 c8 72 d6 83 e0 8c 88 | 55 b1 e7 91 88 58 b6 c4 d5 73 99 31 90 01 88 d4 | 21 32 a6 46 53 3f 8b 26 12 a8 30 e7 40 01 56 83 | 72 ee 97 b5 1c 4a f3 f9 7a b3 04 fa cb 20 77 f8 | 7a 8f c8 09 be cf ff eb 9c da 01 d5 89 8f f9 84 | 01 2c b2 8a 34 22 81 a7 db 54 4a 91 83 f6 12 7e | 14 c6 f1 fc e2 b9 65 b6 6a 6d 5d 09 f5 04 dd 8e | ea 8f d8 98 30 23 9b 80 13 ec 33 d3 54 6c 4b 27 | 64 c9 a9 c7 51 3f 1c 6a 6d 54 1c 09 c6 06 1c f7 | 98 38 4e 45 96 82 a9 70 a9 2c 5e 20 d4 03 4a 3d | 65 19 d3 25 f9 75 9b 93 4f 87 93 23 50 12 84 f0 | e2 88 f5 76 7a c1 7e ac c5 33 4e 21 a4 ff 9c 24 | 1c 2e 65 9e 9f e1 27 04 30 37 0f 27 cb 90 a1 5d | 68 67 73 80 40 c0 c5 ad 57 f3 85 6a 49 3d 06 dd | 26 bc 80 fe 34 5b cd 9a 42 95 f7 d3 b0 d1 37 09 | b1 e7 fb 21 ce e4 da 8d 44 ab 98 11 12 dc b4 54 | 15 e6 4d 53 25 ca 6c 8f 9b 0e e6 48 19 33 84 95 | a0 22 ab 6b bf 9e 8c 82 aa f1 e5 35 72 73 12 e1 | 15 7f 59 b2 04 65 1c 21 4f c7 f9 16 0e 87 06 e1 | 35 62 d1 ba a3 76 e7 90 94 9a ae 76 de 8b 8d fc | 1b e6 c6 23 e5 ba 99 a8 8b 98 4c 7c f9 10 c4 5a | c6 9e 3f 99 f3 69 6c 02 c6 2f f6 7a 7c a7 26 6c | 52 37 14 6d 21 8f 3a 67 dc 77 5b ad 31 5d 67 2d | ba 16 2f 07 93 1e 15 d0 80 ac 57 8a c8 55 16 b5 | 54 84 3b e2 c1 7d 19 28 7a 4e e3 81 f9 74 7a 28 | d5 99 7a 0a d8 36 57 65 2b 63 26 b8 0c 60 32 8c | 9f 0f de 3a c9 1f 8d c6 63 57 40 b1 e7 94 a2 28 | 62 76 3d 1f 94 3f 56 d6 04 a1 2b bc ad 14 60 fb | 09 56 bb db 0a c5 5a cd 97 11 fe 6e 29 dc 1b 8a | cc 13 81 29 0d 26 5a c1 3b 22 a6 3b 9d b1 28 b9 | aa 27 37 38 5d eb c7 1a 33 3e b4 ae 85 ca a0 b5 | f3 3c 94 7a 7a a0 ef 9b d9 94 22 82 a8 e3 5d 0e | 6d ec f8 45 71 b8 12 82 62 a3 92 61 a8 f9 f1 4e | 1d 52 0f 3a 59 30 32 34 7a ee a6 22 14 29 d9 19 | cd 24 22 09 f5 07 75 8d 93 37 2a 46 7e 40 26 74 | 71 b5 76 fc 9a 93 35 46 ce 00 d2 03 f8 8a 56 f6 | ac 4f a8 b4 25 f0 d2 e4 e4 5d 6d 0d 45 6c 82 92 | a4 7f 14 ec e0 5f bf e1 37 06 f6 c6 9a 3a 8a 0a | e9 0f c1 ea fc 82 b0 c5 a8 53 0b b3 bb 54 2c a1 | 1e b2 3d e5 52 95 8c 02 49 c2 22 cf e1 cc cc 04 | 40 e5 5b 81 c4 2e 00 98 d9 7d 91 f8 09 6b 56 e0 | c6 91 61 00 f9 d1 9f 04 c7 d7 03 fb 78 38 26 61 | 15 d8 59 16 8c b0 a6 d2 67 d6 40 d9 c9 bb 86 21 | 37 5b f9 0a 52 0e 55 98 8e 67 64 95 75 a9 49 01 | 8c 7e ef d5 21 4d 58 6a 62 52 09 21 3e 9e fd 8f | 9d d5 8b 85 fb 47 0f ef 08 de 54 63 9c 19 83 52 | 1e 38 0f f1 47 f0 a6 3b 5e e0 61 96 99 bf 9d 0e | d0 b1 fb e5 64 ce 6e 95 4b e6 09 38 01 47 74 6c | a0 e6 55 33 af 68 85 3f dc 44 3c 92 98 34 c1 24 | 5e 74 30 d3 a7 50 ae 14 a2 3b fb 67 fd 7a 1a 44 | 3b 3d 3f 39 95 df c7 8f 00 2d 62 8f db 7f 9e d2 | 70 a2 e1 22 cd 16 dc b6 aa 02 5f 7c 68 d9 3a aa | 55 e9 d0 aa 1e 2f ec 84 88 f9 f4 d8 ff 58 e2 20 | b6 6e 2c fb 92 0b 5c e2 59 30 24 7b dd 42 60 31 | 1c 9b 0e a5 ba 38 80 fa c5 25 4c 84 db b0 2e 6f | 70 88 88 d1 09 0f 12 e4 61 23 6d 0f 8f 23 ae 2b | ae e6 a8 8f 28 a5 1c bd 5a b1 76 04 81 68 c7 f8 | f4 a6 5e 0e cf 82 5b 49 47 b8 73 6b c0 e8 a8 ae | d6 f4 d5 46 f0 e9 8d f1 3d fc 21 0b cb 24 c8 14 | c9 de f5 2f 0e e3 a9 24 fc 17 b8 3c bb 0f e0 18 | d2 9f 5c 57 7a 51 13 e9 07 f7 1c 1d | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 36 67 48 ca 2c 02 e3 76 | responder cookie: | c5 5c 56 42 8e f1 f9 30 | next payload type: ISAKMP_NEXT_ID (0x5) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 0 (0x0) | length: 2028 (0x7ec) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) | start processing: state #1 connection "north-east-x509-pluto-02"[1] 192.1.3.33 from 192.1.3.33:500 (in process_v1_packet() at ikev1.c:1459) | #1 is idle | #1 idle | received encrypted packet from 192.1.3.33:500 | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x220 opt: 0x20c0 | ***parse ISAKMP Identification Payload: | next payload type: ISAKMP_NEXT_CERT (0x6) | length: 193 (0xc1) | ID type: ID_DER_ASN1_DN (0x9) | DOI specific A: 0 (0x0) | DOI specific B: 0 (0x0) | obj: 30 81 b6 31 0b 30 09 06 03 55 04 06 13 02 43 41 | obj: 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 | obj: 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 | obj: 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c | obj: 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 | obj: 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 | obj: 6e 74 31 24 30 22 06 03 55 04 03 0c 1b 6e 6f 72 | obj: 74 68 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 | obj: 73 77 61 6e 2e 6f 72 67 31 2f 30 2d 06 09 2a 86 | obj: 48 86 f7 0d 01 09 01 16 20 75 73 65 72 2d 6e 6f | obj: 72 74 68 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 | obj: 65 73 77 61 6e 2e 6f 72 67 | got payload 0x40 (ISAKMP_NEXT_CERT) needed: 0x200 opt: 0x20c0 | ***parse ISAKMP Certificate Payload: | next payload type: ISAKMP_NEXT_CR (0x7) | length: 1232 (0x4d0) | cert encoding: CERT_X509_SIGNATURE (0x4) | got payload 0x80 (ISAKMP_NEXT_CR) needed: 0x200 opt: 0x20c0 | ***parse ISAKMP Certificate RequestPayload: | next payload type: ISAKMP_NEXT_SIG (0x9) | length: 180 (0xb4) | cert type: CERT_X509_SIGNATURE (0x4) | got payload 0x200 (ISAKMP_NEXT_SIG) needed: 0x200 opt: 0x20c0 | ***parse ISAKMP Signature Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 388 (0x184) | removing 7 bytes of padding | message 'main_inI3_outR3' HASH payload not checked early | DER ASN1 DN: 30 81 b6 31 0b 30 09 06 03 55 04 06 13 02 43 41 | DER ASN1 DN: 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 | DER ASN1 DN: 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 | DER ASN1 DN: 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c | DER ASN1 DN: 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 | DER ASN1 DN: 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 | DER ASN1 DN: 6e 74 31 24 30 22 06 03 55 04 03 0c 1b 6e 6f 72 | DER ASN1 DN: 74 68 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 | DER ASN1 DN: 73 77 61 6e 2e 6f 72 67 31 2f 30 2d 06 09 2a 86 | DER ASN1 DN: 48 86 f7 0d 01 09 01 16 20 75 73 65 72 2d 6e 6f | DER ASN1 DN: 72 74 68 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 | DER ASN1 DN: 65 73 77 61 6e 2e 6f 72 67 "north-east-x509-pluto-02"[1] 192.1.3.33 #1: Peer ID is ID_DER_ASN1_DN: 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' | global one-shot timer EVENT_FREE_ROOT_CERTS scheduled in 300 seconds loading root certificate cache | spent 2.47 milliseconds in get_root_certs() calling PK11_ListCertsInSlot() | spent 0.0139 milliseconds in get_root_certs() filtering CAs | #1 spent 2.5 milliseconds in find_and_verify_certs() calling get_root_certs() | checking for known CERT payloads | saving certificate of type 'X509_SIGNATURE' | decoded cert: E=user-north@testing.libreswan.org,CN=north.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA | #1 spent 0.139 milliseconds in find_and_verify_certs() calling decode_cert_payloads() | cert_issuer_has_current_crl: looking for a CRL issued by E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA | #1 spent 0.028 milliseconds in find_and_verify_certs() calling crl_update_check() | missing or expired CRL | crl_strict: 0, ocsp: 0, ocsp_strict: 0, ocsp_post: 0 | verify_end_cert trying profile IPsec "north-east-x509-pluto-02"[1] 192.1.3.33 #1: Certificate E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA failed IPsec verification "north-east-x509-pluto-02"[1] 192.1.3.33 #1: ERROR: The certificate was signed using a signature algorithm that is disabled because it is not secure. | #1 spent 0.29 milliseconds in find_and_verify_certs() calling verify_end_cert() "north-east-x509-pluto-02"[1] 192.1.3.33 #1: X509: Certificate rejected for this connection "north-east-x509-pluto-02"[1] 192.1.3.33 #1: X509: CERT payload bogus or revoked | Peer ID failed to decode | complete v1 state transition with INVALID_ID_INFORMATION | [RE]START processing: state #1 connection "north-east-x509-pluto-02"[1] 192.1.3.33 from 192.1.3.33:500 (in complete_v1_state_transition() at ikev1.c:2673) | #1 is idle "north-east-x509-pluto-02"[1] 192.1.3.33 #1: sending encrypted notification INVALID_ID_INFORMATION to 192.1.3.33:500 | **emit ISAKMP Message: | initiator cookie: | 36 67 48 ca 2c 02 e3 76 | responder cookie: | c5 5c 56 42 8e f1 f9 30 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_INFO (0x5) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 3524436931 (0xd212a3c3) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'notification msg' | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload | emitting length of ISAKMP Hash Payload: 36 | ***emit ISAKMP Notification Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | DOI: ISAKMP_DOI_IPSEC (0x1) | protocol ID: 1 (0x1) | SPI size: 0 (0x0) | Notify Message Type: INVALID_ID_INFORMATION (0x12) | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Notification Payload (11:ISAKMP_NEXT_N) | next payload chain: saving location 'ISAKMP Notification Payload'.'next payload type' in 'notification msg' | emitting length of ISAKMP Notification Payload: 12 | send notification HASH(1): | 8f 24 51 de 88 7d 07 26 25 31 ba 36 66 83 12 db | d5 25 65 32 d6 95 a8 86 d9 45 82 f3 46 b6 e4 ea | no IKEv1 message padding required | emitting length of ISAKMP Message: 76 | sending 76 bytes for notification packet through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) | 36 67 48 ca 2c 02 e3 76 c5 5c 56 42 8e f1 f9 30 | 08 10 05 01 d2 12 a3 c3 00 00 00 4c 35 20 7d 71 | 6e d1 51 f4 c0 de ff f9 18 2a 6c 02 36 3c 1e 97 | cb d9 87 3e 5c eb e0 af e9 7c fe e0 cf 48 0e fe | 35 f6 7a 11 8a d0 72 9e f4 6d 0e 40 | state transition function for STATE_MAIN_R2 failed: INVALID_ID_INFORMATION | #1 spent 3.68 milliseconds in process_packet_tail() | stop processing: from 192.1.3.33:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "north-east-x509-pluto-02"[1] 192.1.3.33 from 192.1.3.33:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 4.01 milliseconds in comm_handle_cb() reading and processing packet | timer_event_cb: processing event@0x556cec50cef8 | handling event EVENT_RETRANSMIT for parent state #1 | start processing: state #1 connection "north-east-x509-pluto-02"[1] 192.1.3.33 from 192.1.3.33:500 (in timer_event_cb() at timer.c:250) | IKEv1 retransmit event | [RE]START processing: state #1 connection "north-east-x509-pluto-02"[1] 192.1.3.33 from 192.1.3.33:500 (in retransmit_v1_msg() at retry.c:61) | handling event EVENT_RETRANSMIT for 192.1.3.33 "north-east-x509-pluto-02"[1] 192.1.3.33 #1 keying attempt 0 of 0; retransmit 1 | retransmits: current time 11214.690636; retransmit count 0 exceeds limit? NO; deltatime 0.5 exceeds limit? NO; monotime 0.504585 exceeds limit? NO | event_schedule: new EVENT_RETRANSMIT-pe@0x556cec515478 | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #1 | libevent_malloc: new ptr-libevent@0x556cec527588 size 128 "north-east-x509-pluto-02"[1] 192.1.3.33 #1: STATE_MAIN_R2: retransmission; will wait 0.5 seconds for response | sending 404 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) | 36 67 48 ca 2c 02 e3 76 c5 5c 56 42 8e f1 f9 30 | 04 10 02 00 00 00 00 00 00 00 01 94 0a 00 01 04 | e4 a7 5e b6 09 c0 05 f7 6d e2 73 f5 d5 ed bc 91 | 5a da 6a 8a e3 32 9e e8 00 12 4e 52 c4 5c a2 f9 | f3 57 ed b1 13 7f 9f d8 14 d2 f9 23 ef 49 f0 49 | 39 9b 6e 08 6c 34 e6 52 31 d3 09 14 91 a9 e4 29 | 7e 8c c5 36 af 6e 12 46 c2 17 6d 03 55 8c f5 45 | be 73 18 90 dc fb 56 6e 44 70 1a 54 99 90 73 f7 | b3 54 6e 20 ef ac 65 56 c0 63 de 33 66 d6 15 9c | 70 be d8 c8 ba a7 93 13 8e fb b9 d5 02 ad 29 94 | 56 89 3b 4d 96 e3 59 53 8d 24 ff 73 83 bc e2 d7 | 0a 16 0d c1 7d a9 25 24 c1 51 ec 08 6d d1 47 50 | e0 0d f8 04 69 71 2b db af b2 b5 56 79 b5 ce df | fe 60 f5 f9 b9 92 15 a4 50 8a d8 4b aa 9e 1d bc | 90 c5 25 f6 e8 1c fc a9 03 6a 6f b5 c2 19 2a 1f | eb 40 f9 3c ff 65 64 ad c6 94 49 9e eb 31 93 61 | 58 68 af 41 9c 46 52 00 c6 ac e1 5e 20 82 2c 0a | 43 34 5c 6b 24 f9 0d 6a d5 9b 47 75 da 93 3e a3 | 07 00 00 24 44 bb 04 8f 39 f7 74 7e 0f d2 ff 5e | 73 21 b6 30 82 2e 44 24 69 ca da 28 31 81 f9 be | 9a df cd b2 14 00 00 05 04 14 00 00 24 79 53 e5 | e4 2a 88 1f 82 b1 01 e5 0c 51 b3 99 6d ec 6f c2 | ae 88 c6 66 3c 31 ad 23 5c 96 0a eb 7b 00 00 00 | 24 e8 58 67 59 b3 4c 19 e4 d1 e2 68 8e 0b 5b b6 | b7 b3 9f b9 e9 82 3b a8 19 75 f6 bc e9 16 f4 39 | f1 00 00 00 | libevent_free: release ptr-libevent@0x556cec510ba8 | free_event_entry: release EVENT_RETRANSMIT-pe@0x556cec50cef8 | #1 spent 0.159 milliseconds in timer_event_cb() EVENT_RETRANSMIT | stop processing: state #1 connection "north-east-x509-pluto-02"[1] 192.1.3.33 from 192.1.3.33:500 (in timer_event_cb() at timer.c:557) | timer_event_cb: processing event@0x556cec515478 | handling event EVENT_RETRANSMIT for parent state #1 | start processing: state #1 connection "north-east-x509-pluto-02"[1] 192.1.3.33 from 192.1.3.33:500 (in timer_event_cb() at timer.c:250) | IKEv1 retransmit event | [RE]START processing: state #1 connection "north-east-x509-pluto-02"[1] 192.1.3.33 from 192.1.3.33:500 (in retransmit_v1_msg() at retry.c:61) | handling event EVENT_RETRANSMIT for 192.1.3.33 "north-east-x509-pluto-02"[1] 192.1.3.33 #1 keying attempt 0 of 0; retransmit 2 | retransmits: current time 11215.191426; retransmit count 1 exceeds limit? NO; deltatime 1 exceeds limit? NO; monotime 1.005375 exceeds limit? NO | event_schedule: new EVENT_RETRANSMIT-pe@0x556cec50cef8 | inserting event EVENT_RETRANSMIT, timeout in 1 seconds for #1 | libevent_malloc: new ptr-libevent@0x556cec510ba8 size 128 "north-east-x509-pluto-02"[1] 192.1.3.33 #1: STATE_MAIN_R2: retransmission; will wait 1 seconds for response | sending 404 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) | 36 67 48 ca 2c 02 e3 76 c5 5c 56 42 8e f1 f9 30 | 04 10 02 00 00 00 00 00 00 00 01 94 0a 00 01 04 | e4 a7 5e b6 09 c0 05 f7 6d e2 73 f5 d5 ed bc 91 | 5a da 6a 8a e3 32 9e e8 00 12 4e 52 c4 5c a2 f9 | f3 57 ed b1 13 7f 9f d8 14 d2 f9 23 ef 49 f0 49 | 39 9b 6e 08 6c 34 e6 52 31 d3 09 14 91 a9 e4 29 | 7e 8c c5 36 af 6e 12 46 c2 17 6d 03 55 8c f5 45 | be 73 18 90 dc fb 56 6e 44 70 1a 54 99 90 73 f7 | b3 54 6e 20 ef ac 65 56 c0 63 de 33 66 d6 15 9c | 70 be d8 c8 ba a7 93 13 8e fb b9 d5 02 ad 29 94 | 56 89 3b 4d 96 e3 59 53 8d 24 ff 73 83 bc e2 d7 | 0a 16 0d c1 7d a9 25 24 c1 51 ec 08 6d d1 47 50 | e0 0d f8 04 69 71 2b db af b2 b5 56 79 b5 ce df | fe 60 f5 f9 b9 92 15 a4 50 8a d8 4b aa 9e 1d bc | 90 c5 25 f6 e8 1c fc a9 03 6a 6f b5 c2 19 2a 1f | eb 40 f9 3c ff 65 64 ad c6 94 49 9e eb 31 93 61 | 58 68 af 41 9c 46 52 00 c6 ac e1 5e 20 82 2c 0a | 43 34 5c 6b 24 f9 0d 6a d5 9b 47 75 da 93 3e a3 | 07 00 00 24 44 bb 04 8f 39 f7 74 7e 0f d2 ff 5e | 73 21 b6 30 82 2e 44 24 69 ca da 28 31 81 f9 be | 9a df cd b2 14 00 00 05 04 14 00 00 24 79 53 e5 | e4 2a 88 1f 82 b1 01 e5 0c 51 b3 99 6d ec 6f c2 | ae 88 c6 66 3c 31 ad 23 5c 96 0a eb 7b 00 00 00 | 24 e8 58 67 59 b3 4c 19 e4 d1 e2 68 8e 0b 5b b6 | b7 b3 9f b9 e9 82 3b a8 19 75 f6 bc e9 16 f4 39 | f1 00 00 00 | libevent_free: release ptr-libevent@0x556cec527588 | free_event_entry: release EVENT_RETRANSMIT-pe@0x556cec515478 | #1 spent 0.541 milliseconds in timer_event_cb() EVENT_RETRANSMIT | stop processing: state #1 connection "north-east-x509-pluto-02"[1] 192.1.3.33 from 192.1.3.33:500 (in timer_event_cb() at timer.c:557) | timer_event_cb: processing event@0x556cec50cef8 | handling event EVENT_RETRANSMIT for parent state #1 | start processing: state #1 connection "north-east-x509-pluto-02"[1] 192.1.3.33 from 192.1.3.33:500 (in timer_event_cb() at timer.c:250) | IKEv1 retransmit event | [RE]START processing: state #1 connection "north-east-x509-pluto-02"[1] 192.1.3.33 from 192.1.3.33:500 (in retransmit_v1_msg() at retry.c:61) | handling event EVENT_RETRANSMIT for 192.1.3.33 "north-east-x509-pluto-02"[1] 192.1.3.33 #1 keying attempt 0 of 0; retransmit 3 | retransmits: current time 11216.192896; retransmit count 2 exceeds limit? NO; deltatime 2 exceeds limit? NO; monotime 2.006845 exceeds limit? NO | event_schedule: new EVENT_RETRANSMIT-pe@0x556cec515478 | inserting event EVENT_RETRANSMIT, timeout in 2 seconds for #1 | libevent_malloc: new ptr-libevent@0x556cec527588 size 128 "north-east-x509-pluto-02"[1] 192.1.3.33 #1: STATE_MAIN_R2: retransmission; will wait 2 seconds for response | sending 404 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) | 36 67 48 ca 2c 02 e3 76 c5 5c 56 42 8e f1 f9 30 | 04 10 02 00 00 00 00 00 00 00 01 94 0a 00 01 04 | e4 a7 5e b6 09 c0 05 f7 6d e2 73 f5 d5 ed bc 91 | 5a da 6a 8a e3 32 9e e8 00 12 4e 52 c4 5c a2 f9 | f3 57 ed b1 13 7f 9f d8 14 d2 f9 23 ef 49 f0 49 | 39 9b 6e 08 6c 34 e6 52 31 d3 09 14 91 a9 e4 29 | 7e 8c c5 36 af 6e 12 46 c2 17 6d 03 55 8c f5 45 | be 73 18 90 dc fb 56 6e 44 70 1a 54 99 90 73 f7 | b3 54 6e 20 ef ac 65 56 c0 63 de 33 66 d6 15 9c | 70 be d8 c8 ba a7 93 13 8e fb b9 d5 02 ad 29 94 | 56 89 3b 4d 96 e3 59 53 8d 24 ff 73 83 bc e2 d7 | 0a 16 0d c1 7d a9 25 24 c1 51 ec 08 6d d1 47 50 | e0 0d f8 04 69 71 2b db af b2 b5 56 79 b5 ce df | fe 60 f5 f9 b9 92 15 a4 50 8a d8 4b aa 9e 1d bc | 90 c5 25 f6 e8 1c fc a9 03 6a 6f b5 c2 19 2a 1f | eb 40 f9 3c ff 65 64 ad c6 94 49 9e eb 31 93 61 | 58 68 af 41 9c 46 52 00 c6 ac e1 5e 20 82 2c 0a | 43 34 5c 6b 24 f9 0d 6a d5 9b 47 75 da 93 3e a3 | 07 00 00 24 44 bb 04 8f 39 f7 74 7e 0f d2 ff 5e | 73 21 b6 30 82 2e 44 24 69 ca da 28 31 81 f9 be | 9a df cd b2 14 00 00 05 04 14 00 00 24 79 53 e5 | e4 2a 88 1f 82 b1 01 e5 0c 51 b3 99 6d ec 6f c2 | ae 88 c6 66 3c 31 ad 23 5c 96 0a eb 7b 00 00 00 | 24 e8 58 67 59 b3 4c 19 e4 d1 e2 68 8e 0b 5b b6 | b7 b3 9f b9 e9 82 3b a8 19 75 f6 bc e9 16 f4 39 | f1 00 00 00 | libevent_free: release ptr-libevent@0x556cec510ba8 | free_event_entry: release EVENT_RETRANSMIT-pe@0x556cec50cef8 | #1 spent 0.419 milliseconds in timer_event_cb() EVENT_RETRANSMIT | stop processing: state #1 connection "north-east-x509-pluto-02"[1] 192.1.3.33 from 192.1.3.33:500 (in timer_event_cb() at timer.c:557) | timer_event_cb: processing event@0x556cec515478 | handling event EVENT_RETRANSMIT for parent state #1 | start processing: state #1 connection "north-east-x509-pluto-02"[1] 192.1.3.33 from 192.1.3.33:500 (in timer_event_cb() at timer.c:250) | IKEv1 retransmit event | [RE]START processing: state #1 connection "north-east-x509-pluto-02"[1] 192.1.3.33 from 192.1.3.33:500 (in retransmit_v1_msg() at retry.c:61) | handling event EVENT_RETRANSMIT for 192.1.3.33 "north-east-x509-pluto-02"[1] 192.1.3.33 #1 keying attempt 0 of 0; retransmit 4 | retransmits: current time 11218.194842; retransmit count 3 exceeds limit? NO; deltatime 4 exceeds limit? NO; monotime 4.008791 exceeds limit? NO | event_schedule: new EVENT_RETRANSMIT-pe@0x556cec50cef8 | inserting event EVENT_RETRANSMIT, timeout in 4 seconds for #1 | libevent_malloc: new ptr-libevent@0x556cec510ba8 size 128 "north-east-x509-pluto-02"[1] 192.1.3.33 #1: STATE_MAIN_R2: retransmission; will wait 4 seconds for response | sending 404 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) | 36 67 48 ca 2c 02 e3 76 c5 5c 56 42 8e f1 f9 30 | 04 10 02 00 00 00 00 00 00 00 01 94 0a 00 01 04 | e4 a7 5e b6 09 c0 05 f7 6d e2 73 f5 d5 ed bc 91 | 5a da 6a 8a e3 32 9e e8 00 12 4e 52 c4 5c a2 f9 | f3 57 ed b1 13 7f 9f d8 14 d2 f9 23 ef 49 f0 49 | 39 9b 6e 08 6c 34 e6 52 31 d3 09 14 91 a9 e4 29 | 7e 8c c5 36 af 6e 12 46 c2 17 6d 03 55 8c f5 45 | be 73 18 90 dc fb 56 6e 44 70 1a 54 99 90 73 f7 | b3 54 6e 20 ef ac 65 56 c0 63 de 33 66 d6 15 9c | 70 be d8 c8 ba a7 93 13 8e fb b9 d5 02 ad 29 94 | 56 89 3b 4d 96 e3 59 53 8d 24 ff 73 83 bc e2 d7 | 0a 16 0d c1 7d a9 25 24 c1 51 ec 08 6d d1 47 50 | e0 0d f8 04 69 71 2b db af b2 b5 56 79 b5 ce df | fe 60 f5 f9 b9 92 15 a4 50 8a d8 4b aa 9e 1d bc | 90 c5 25 f6 e8 1c fc a9 03 6a 6f b5 c2 19 2a 1f | eb 40 f9 3c ff 65 64 ad c6 94 49 9e eb 31 93 61 | 58 68 af 41 9c 46 52 00 c6 ac e1 5e 20 82 2c 0a | 43 34 5c 6b 24 f9 0d 6a d5 9b 47 75 da 93 3e a3 | 07 00 00 24 44 bb 04 8f 39 f7 74 7e 0f d2 ff 5e | 73 21 b6 30 82 2e 44 24 69 ca da 28 31 81 f9 be | 9a df cd b2 14 00 00 05 04 14 00 00 24 79 53 e5 | e4 2a 88 1f 82 b1 01 e5 0c 51 b3 99 6d ec 6f c2 | ae 88 c6 66 3c 31 ad 23 5c 96 0a eb 7b 00 00 00 | 24 e8 58 67 59 b3 4c 19 e4 d1 e2 68 8e 0b 5b b6 | b7 b3 9f b9 e9 82 3b a8 19 75 f6 bc e9 16 f4 39 | f1 00 00 00 | libevent_free: release ptr-libevent@0x556cec527588 | free_event_entry: release EVENT_RETRANSMIT-pe@0x556cec515478 | #1 spent 0.165 milliseconds in timer_event_cb() EVENT_RETRANSMIT | stop processing: state #1 connection "north-east-x509-pluto-02"[1] 192.1.3.33 from 192.1.3.33:500 (in timer_event_cb() at timer.c:557) | timer_event_cb: processing event@0x556cec50cef8 | handling event EVENT_RETRANSMIT for parent state #1 | start processing: state #1 connection "north-east-x509-pluto-02"[1] 192.1.3.33 from 192.1.3.33:500 (in timer_event_cb() at timer.c:250) | IKEv1 retransmit event | [RE]START processing: state #1 connection "north-east-x509-pluto-02"[1] 192.1.3.33 from 192.1.3.33:500 (in retransmit_v1_msg() at retry.c:61) | handling event EVENT_RETRANSMIT for 192.1.3.33 "north-east-x509-pluto-02"[1] 192.1.3.33 #1 keying attempt 0 of 0; retransmit 5 | retransmits: current time 11222.198825; retransmit count 4 exceeds limit? NO; deltatime 8 exceeds limit? NO; monotime 8.012774 exceeds limit? NO | event_schedule: new EVENT_RETRANSMIT-pe@0x556cec515478 | inserting event EVENT_RETRANSMIT, timeout in 8 seconds for #1 | libevent_malloc: new ptr-libevent@0x556cec527588 size 128 "north-east-x509-pluto-02"[1] 192.1.3.33 #1: STATE_MAIN_R2: retransmission; will wait 8 seconds for response | sending 404 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) | 36 67 48 ca 2c 02 e3 76 c5 5c 56 42 8e f1 f9 30 | 04 10 02 00 00 00 00 00 00 00 01 94 0a 00 01 04 | e4 a7 5e b6 09 c0 05 f7 6d e2 73 f5 d5 ed bc 91 | 5a da 6a 8a e3 32 9e e8 00 12 4e 52 c4 5c a2 f9 | f3 57 ed b1 13 7f 9f d8 14 d2 f9 23 ef 49 f0 49 | 39 9b 6e 08 6c 34 e6 52 31 d3 09 14 91 a9 e4 29 | 7e 8c c5 36 af 6e 12 46 c2 17 6d 03 55 8c f5 45 | be 73 18 90 dc fb 56 6e 44 70 1a 54 99 90 73 f7 | b3 54 6e 20 ef ac 65 56 c0 63 de 33 66 d6 15 9c | 70 be d8 c8 ba a7 93 13 8e fb b9 d5 02 ad 29 94 | 56 89 3b 4d 96 e3 59 53 8d 24 ff 73 83 bc e2 d7 | 0a 16 0d c1 7d a9 25 24 c1 51 ec 08 6d d1 47 50 | e0 0d f8 04 69 71 2b db af b2 b5 56 79 b5 ce df | fe 60 f5 f9 b9 92 15 a4 50 8a d8 4b aa 9e 1d bc | 90 c5 25 f6 e8 1c fc a9 03 6a 6f b5 c2 19 2a 1f | eb 40 f9 3c ff 65 64 ad c6 94 49 9e eb 31 93 61 | 58 68 af 41 9c 46 52 00 c6 ac e1 5e 20 82 2c 0a | 43 34 5c 6b 24 f9 0d 6a d5 9b 47 75 da 93 3e a3 | 07 00 00 24 44 bb 04 8f 39 f7 74 7e 0f d2 ff 5e | 73 21 b6 30 82 2e 44 24 69 ca da 28 31 81 f9 be | 9a df cd b2 14 00 00 05 04 14 00 00 24 79 53 e5 | e4 2a 88 1f 82 b1 01 e5 0c 51 b3 99 6d ec 6f c2 | ae 88 c6 66 3c 31 ad 23 5c 96 0a eb 7b 00 00 00 | 24 e8 58 67 59 b3 4c 19 e4 d1 e2 68 8e 0b 5b b6 | b7 b3 9f b9 e9 82 3b a8 19 75 f6 bc e9 16 f4 39 | f1 00 00 00 | libevent_free: release ptr-libevent@0x556cec510ba8 | free_event_entry: release EVENT_RETRANSMIT-pe@0x556cec50cef8 | #1 spent 0.162 milliseconds in timer_event_cb() EVENT_RETRANSMIT | stop processing: state #1 connection "north-east-x509-pluto-02"[1] 192.1.3.33 from 192.1.3.33:500 (in timer_event_cb() at timer.c:557) | processing global timer EVENT_SHUNT_SCAN | expiring aged bare shunts from shunt table | spent 0.0035 milliseconds in global timer EVENT_SHUNT_SCAN | timer_event_cb: processing event@0x556cec515478 | handling event EVENT_RETRANSMIT for parent state #1 | start processing: state #1 connection "north-east-x509-pluto-02"[1] 192.1.3.33 from 192.1.3.33:500 (in timer_event_cb() at timer.c:250) | IKEv1 retransmit event | [RE]START processing: state #1 connection "north-east-x509-pluto-02"[1] 192.1.3.33 from 192.1.3.33:500 (in retransmit_v1_msg() at retry.c:61) | handling event EVENT_RETRANSMIT for 192.1.3.33 "north-east-x509-pluto-02"[1] 192.1.3.33 #1 keying attempt 0 of 0; retransmit 6 | retransmits: current time 11230.200831; retransmit count 5 exceeds limit? NO; deltatime 16 exceeds limit? NO; monotime 16.01478 exceeds limit? NO | event_schedule: new EVENT_RETRANSMIT-pe@0x556cec50cef8 | inserting event EVENT_RETRANSMIT, timeout in 16 seconds for #1 | libevent_malloc: new ptr-libevent@0x556cec510ba8 size 128 "north-east-x509-pluto-02"[1] 192.1.3.33 #1: STATE_MAIN_R2: retransmission; will wait 16 seconds for response | sending 404 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) | 36 67 48 ca 2c 02 e3 76 c5 5c 56 42 8e f1 f9 30 | 04 10 02 00 00 00 00 00 00 00 01 94 0a 00 01 04 | e4 a7 5e b6 09 c0 05 f7 6d e2 73 f5 d5 ed bc 91 | 5a da 6a 8a e3 32 9e e8 00 12 4e 52 c4 5c a2 f9 | f3 57 ed b1 13 7f 9f d8 14 d2 f9 23 ef 49 f0 49 | 39 9b 6e 08 6c 34 e6 52 31 d3 09 14 91 a9 e4 29 | 7e 8c c5 36 af 6e 12 46 c2 17 6d 03 55 8c f5 45 | be 73 18 90 dc fb 56 6e 44 70 1a 54 99 90 73 f7 | b3 54 6e 20 ef ac 65 56 c0 63 de 33 66 d6 15 9c | 70 be d8 c8 ba a7 93 13 8e fb b9 d5 02 ad 29 94 | 56 89 3b 4d 96 e3 59 53 8d 24 ff 73 83 bc e2 d7 | 0a 16 0d c1 7d a9 25 24 c1 51 ec 08 6d d1 47 50 | e0 0d f8 04 69 71 2b db af b2 b5 56 79 b5 ce df | fe 60 f5 f9 b9 92 15 a4 50 8a d8 4b aa 9e 1d bc | 90 c5 25 f6 e8 1c fc a9 03 6a 6f b5 c2 19 2a 1f | eb 40 f9 3c ff 65 64 ad c6 94 49 9e eb 31 93 61 | 58 68 af 41 9c 46 52 00 c6 ac e1 5e 20 82 2c 0a | 43 34 5c 6b 24 f9 0d 6a d5 9b 47 75 da 93 3e a3 | 07 00 00 24 44 bb 04 8f 39 f7 74 7e 0f d2 ff 5e | 73 21 b6 30 82 2e 44 24 69 ca da 28 31 81 f9 be | 9a df cd b2 14 00 00 05 04 14 00 00 24 79 53 e5 | e4 2a 88 1f 82 b1 01 e5 0c 51 b3 99 6d ec 6f c2 | ae 88 c6 66 3c 31 ad 23 5c 96 0a eb 7b 00 00 00 | 24 e8 58 67 59 b3 4c 19 e4 d1 e2 68 8e 0b 5b b6 | b7 b3 9f b9 e9 82 3b a8 19 75 f6 bc e9 16 f4 39 | f1 00 00 00 | libevent_free: release ptr-libevent@0x556cec527588 | free_event_entry: release EVENT_RETRANSMIT-pe@0x556cec515478 | #1 spent 0.136 milliseconds in timer_event_cb() EVENT_RETRANSMIT | stop processing: state #1 connection "north-east-x509-pluto-02"[1] 192.1.3.33 from 192.1.3.33:500 (in timer_event_cb() at timer.c:557) | processing global timer EVENT_NAT_T_KEEPALIVE | FOR_EACH_STATE_... in nat_traversal_ka_event (for_each_state) | start processing: state #1 connection "north-east-x509-pluto-02"[1] 192.1.3.33 from 192.1.3.33:500 (in for_each_state() at state.c:1575) | not behind NAT: no NAT-T KEEP-ALIVE required for conn north-east-x509-pluto-02 | stop processing: state #1 connection "north-east-x509-pluto-02"[1] 192.1.3.33 from 192.1.3.33:500 (in for_each_state() at state.c:1577) | spent 0.018 milliseconds in global timer EVENT_NAT_T_KEEPALIVE | timer_event_cb: processing event@0x556cec50cef8 | handling event EVENT_RETRANSMIT for parent state #1 | start processing: state #1 connection "north-east-x509-pluto-02"[1] 192.1.3.33 from 192.1.3.33:500 (in timer_event_cb() at timer.c:250) | IKEv1 retransmit event | [RE]START processing: state #1 connection "north-east-x509-pluto-02"[1] 192.1.3.33 from 192.1.3.33:500 (in retransmit_v1_msg() at retry.c:61) | handling event EVENT_RETRANSMIT for 192.1.3.33 "north-east-x509-pluto-02"[1] 192.1.3.33 #1 keying attempt 0 of 0; retransmit 7 | retransmits: current time 11246.213867; retransmit count 6 exceeds limit? NO; deltatime 32 exceeds limit? NO; monotime 32.027816 exceeds limit? NO | event_schedule: new EVENT_RETRANSMIT-pe@0x556cec515478 | inserting event EVENT_RETRANSMIT, timeout in 32 seconds for #1 | libevent_malloc: new ptr-libevent@0x556cec527588 size 128 "north-east-x509-pluto-02"[1] 192.1.3.33 #1: STATE_MAIN_R2: retransmission; will wait 32 seconds for response | sending 404 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) | 36 67 48 ca 2c 02 e3 76 c5 5c 56 42 8e f1 f9 30 | 04 10 02 00 00 00 00 00 00 00 01 94 0a 00 01 04 | e4 a7 5e b6 09 c0 05 f7 6d e2 73 f5 d5 ed bc 91 | 5a da 6a 8a e3 32 9e e8 00 12 4e 52 c4 5c a2 f9 | f3 57 ed b1 13 7f 9f d8 14 d2 f9 23 ef 49 f0 49 | 39 9b 6e 08 6c 34 e6 52 31 d3 09 14 91 a9 e4 29 | 7e 8c c5 36 af 6e 12 46 c2 17 6d 03 55 8c f5 45 | be 73 18 90 dc fb 56 6e 44 70 1a 54 99 90 73 f7 | b3 54 6e 20 ef ac 65 56 c0 63 de 33 66 d6 15 9c | 70 be d8 c8 ba a7 93 13 8e fb b9 d5 02 ad 29 94 | 56 89 3b 4d 96 e3 59 53 8d 24 ff 73 83 bc e2 d7 | 0a 16 0d c1 7d a9 25 24 c1 51 ec 08 6d d1 47 50 | e0 0d f8 04 69 71 2b db af b2 b5 56 79 b5 ce df | fe 60 f5 f9 b9 92 15 a4 50 8a d8 4b aa 9e 1d bc | 90 c5 25 f6 e8 1c fc a9 03 6a 6f b5 c2 19 2a 1f | eb 40 f9 3c ff 65 64 ad c6 94 49 9e eb 31 93 61 | 58 68 af 41 9c 46 52 00 c6 ac e1 5e 20 82 2c 0a | 43 34 5c 6b 24 f9 0d 6a d5 9b 47 75 da 93 3e a3 | 07 00 00 24 44 bb 04 8f 39 f7 74 7e 0f d2 ff 5e | 73 21 b6 30 82 2e 44 24 69 ca da 28 31 81 f9 be | 9a df cd b2 14 00 00 05 04 14 00 00 24 79 53 e5 | e4 2a 88 1f 82 b1 01 e5 0c 51 b3 99 6d ec 6f c2 | ae 88 c6 66 3c 31 ad 23 5c 96 0a eb 7b 00 00 00 | 24 e8 58 67 59 b3 4c 19 e4 d1 e2 68 8e 0b 5b b6 | b7 b3 9f b9 e9 82 3b a8 19 75 f6 bc e9 16 f4 39 | f1 00 00 00 | libevent_free: release ptr-libevent@0x556cec510ba8 | free_event_entry: release EVENT_RETRANSMIT-pe@0x556cec50cef8 | #1 spent 0.121 milliseconds in timer_event_cb() EVENT_RETRANSMIT | stop processing: state #1 connection "north-east-x509-pluto-02"[1] 192.1.3.33 from 192.1.3.33:500 (in timer_event_cb() at timer.c:557) | processing global timer EVENT_SHUNT_SCAN | expiring aged bare shunts from shunt table | spent 0.00528 milliseconds in global timer EVENT_SHUNT_SCAN | processing global timer EVENT_PENDING_DDNS | FOR_EACH_CONNECTION_... in connection_check_ddns | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations | elapsed time in connection_check_ddns for hostname lookup 0.000004 | spent 0.00796 milliseconds in global timer EVENT_PENDING_DDNS | processing global timer EVENT_SHUNT_SCAN | expiring aged bare shunts from shunt table | spent 0.0025 milliseconds in global timer EVENT_SHUNT_SCAN | spent 0.00877 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 792 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) | 7d 87 48 0f e9 5b bb 18 00 00 00 00 00 00 00 00 | 01 10 02 00 00 00 00 00 00 00 03 18 0d 00 02 84 | 00 00 00 01 00 00 00 01 00 00 02 78 00 01 00 12 | 03 00 00 24 00 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 07 80 02 00 04 80 03 00 03 80 04 00 0e | 80 0e 01 00 03 00 00 24 01 01 00 00 80 0b 00 01 | 80 0c 0e 10 80 01 00 07 80 02 00 04 80 03 00 03 | 80 04 00 0e 80 0e 00 80 03 00 00 24 02 01 00 00 | 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 06 | 80 03 00 03 80 04 00 0e 80 0e 01 00 03 00 00 24 | 03 01 00 00 80 0b 00 01 80 0c 0e 10 80 01 00 07 | 80 02 00 06 80 03 00 03 80 04 00 0e 80 0e 00 80 | 03 00 00 24 04 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 07 80 02 00 02 80 03 00 03 80 04 00 0e | 80 0e 01 00 03 00 00 24 05 01 00 00 80 0b 00 01 | 80 0c 0e 10 80 01 00 07 80 02 00 02 80 03 00 03 | 80 04 00 0e 80 0e 00 80 03 00 00 24 06 01 00 00 | 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 04 | 80 03 00 03 80 04 00 05 80 0e 01 00 03 00 00 24 | 07 01 00 00 80 0b 00 01 80 0c 0e 10 80 01 00 07 | 80 02 00 04 80 03 00 03 80 04 00 05 80 0e 00 80 | 03 00 00 24 08 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 07 80 02 00 06 80 03 00 03 80 04 00 05 | 80 0e 01 00 03 00 00 24 09 01 00 00 80 0b 00 01 | 80 0c 0e 10 80 01 00 07 80 02 00 06 80 03 00 03 | 80 04 00 05 80 0e 00 80 03 00 00 24 0a 01 00 00 | 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 02 | 80 03 00 03 80 04 00 05 80 0e 01 00 03 00 00 24 | 0b 01 00 00 80 0b 00 01 80 0c 0e 10 80 01 00 07 | 80 02 00 02 80 03 00 03 80 04 00 05 80 0e 00 80 | 03 00 00 20 0c 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 05 80 02 00 04 80 03 00 03 80 04 00 0e | 03 00 00 20 0d 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 05 80 02 00 06 80 03 00 03 80 04 00 0e | 03 00 00 20 0e 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 05 80 02 00 02 80 03 00 03 80 04 00 0e | 03 00 00 20 0f 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 05 80 02 00 04 80 03 00 03 80 04 00 05 | 03 00 00 20 10 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 05 80 02 00 06 80 03 00 03 80 04 00 05 | 00 00 00 20 11 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 05 80 02 00 02 80 03 00 03 80 04 00 05 | 0d 00 00 14 40 48 b7 d5 6e bc e8 85 25 e7 de 7f | 00 d6 c2 d3 0d 00 00 14 af ca d7 13 68 a1 f1 c9 | 6b 86 96 fc 77 57 01 00 0d 00 00 14 4a 13 1c 81 | 07 03 58 45 5c 57 28 f2 0e 95 45 2f 0d 00 00 14 | 7d 94 19 a6 53 10 ca 6f 2c 17 9d 92 15 52 9d 56 | 0d 00 00 14 90 cb 80 91 3e bb 69 6e 08 63 81 b5 | ec 42 7b 1f 00 00 00 14 cd 60 46 43 35 df 21 f8 | 7c fd b2 fc 68 b6 a4 48 | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 7d 87 48 0f e9 5b bb 18 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_SA (0x1) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 792 (0x318) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: IKEv1 state not found (find_state_ikev1_init) | #null state always idle | got payload 0x2 (ISAKMP_NEXT_SA) needed: 0x2 opt: 0x2080 | ***parse ISAKMP Security Association Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | length: 644 (0x284) | DOI: ISAKMP_DOI_IPSEC (0x1) | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 | ***parse ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | length: 20 (0x14) | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 | ***parse ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | length: 20 (0x14) | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 | ***parse ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | length: 20 (0x14) | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 | ***parse ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | length: 20 (0x14) | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 | ***parse ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | length: 20 (0x14) | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 | ***parse ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 20 (0x14) | message 'main_inI1_outR1' HASH payload not checked early | received Vendor ID payload [FRAGMENTATION] | received Vendor ID payload [Dead Peer Detection] | quirks.qnat_traversal_vid set to=117 [RFC 3947] | received Vendor ID payload [RFC 3947] | Ignoring older NAT-T Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] | ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] | Ignoring older NAT-T Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] | ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] | Ignoring older NAT-T Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] | ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] | in statetime_start() with no state | find_host_connection local=192.1.2.23:500 remote=192.1.3.33:500 policy=IKEV1_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.3.33:500 but ignoring ports | find_next_host_connection policy=IKEV1_ALLOW | found policy = RSASIG+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (north-east-x509-pluto-02) | find_next_host_connection returns north-east-x509-pluto-02[1] 192.1.3.33 | find_next_host_connection policy=IKEV1_ALLOW | found policy = RSASIG+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (north-east-x509-pluto-02) | find_next_host_connection returns north-east-x509-pluto-02 | find_next_host_connection policy=IKEV1_ALLOW | find_next_host_connection returns empty | creating state object #2 at 0x556cec51cb58 | State DB: adding IKEv1 state #2 in UNDEFINED | pstats #2 ikev1.isakmp started | #2 updating local interface from to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2669) | start processing: state #2 connection "north-east-x509-pluto-02"[1] 192.1.3.33 from 192.1.3.33:500 (in main_inI1_outR1() at ikev1_main.c:667) | parent state #2: UNDEFINED(ignore) => MAIN_R0(half-open IKE SA) | sender checking NAT-T: enabled; VID 117 | returning NAT-T method NAT_TRAVERSAL_METHOD_IETF_RFC | enabling possible NAT-traversal with method RFC 3947 (NAT-Traversal) "north-east-x509-pluto-02"[1] 192.1.3.33 #2: responding to Main Mode from unknown peer 192.1.3.33 on port 500 | ICOOKIE-DUMP: 7d 87 48 0f e9 5b bb 18 | **emit ISAKMP Message: | initiator cookie: | 7d 87 48 0f e9 5b bb 18 | responder cookie: | a7 1a e6 24 6c 83 28 76 | next payload type: ISAKMP_NEXT_SA (0x1) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | next payload chain: ignoring supplied 'ISAKMP Message'.'next payload type' value 1:ISAKMP_NEXT_SA | ***emit ISAKMP Security Association Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | DOI: ISAKMP_DOI_IPSEC (0x1) | next payload chain: ignoring supplied 'ISAKMP Security Association Payload'.'next payload type' value 13:ISAKMP_NEXT_VID | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Security Association Payload (1:ISAKMP_NEXT_SA) | next payload chain: saving location 'ISAKMP Security Association Payload'.'next payload type' in 'reply packet' | ****parse IPsec DOI SIT: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) | ****parse ISAKMP Proposal Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 632 (0x278) | proposal number: 0 (0x0) | protocol ID: PROTO_ISAKMP (0x1) | SPI size: 0 (0x0) | number of transforms: 18 (0x12) | *****parse ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | length: 36 (0x24) | ISAKMP transform number: 0 (0x0) | ISAKMP transform ID: KEY_IKE (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | [7 is OAKLEY_AES_CBC] | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 4 (0x4) | [4 is OAKLEY_SHA2_256] | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 3 (0x3) | [3 is OAKLEY_RSA_SIG] | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | OAKLEY proposal verified unconditionally; no alg_info to check against | Oakley Transform 0 accepted | ****emit IPsec DOI SIT: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) | ****emit ISAKMP Proposal Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | proposal number: 0 (0x0) | protocol ID: PROTO_ISAKMP (0x1) | SPI size: 0 (0x0) | number of transforms: 1 (0x1) | last substructure: saving location 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP transform number: 0 (0x0) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | emitting 28 raw bytes of attributes into ISAKMP Transform Payload (ISAKMP) | attributes 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 04 | attributes 80 03 00 03 80 04 00 0e 80 0e 01 00 | emitting length of ISAKMP Transform Payload (ISAKMP): 36 | emitting length of ISAKMP Proposal Payload: 44 | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is 0 | emitting length of ISAKMP Security Association Payload: 56 | last substructure: checking 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' is 0 | out_vid(): sending [FRAGMENTATION] | ***emit ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | next payload chain: ignoring supplied 'ISAKMP Vendor ID Payload'.'next payload type' value 13:ISAKMP_NEXT_VID | next payload chain: setting previous 'ISAKMP Security Association Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload | V_ID 40 48 b7 d5 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3 | emitting length of ISAKMP Vendor ID Payload: 20 | out_vid(): sending [Dead Peer Detection] | ***emit ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload | V_ID af ca d7 13 68 a1 f1 c9 6b 86 96 fc 77 57 01 00 | emitting length of ISAKMP Vendor ID Payload: 20 | out_vid(): sending [RFC 3947] | ***emit ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload | V_ID 4a 13 1c 81 07 03 58 45 5c 57 28 f2 0e 95 45 2f | emitting length of ISAKMP Vendor ID Payload: 20 | no IKEv1 message padding required | emitting length of ISAKMP Message: 144 | complete v1 state transition with STF_OK | [RE]START processing: state #2 connection "north-east-x509-pluto-02"[1] 192.1.3.33 from 192.1.3.33:500 (in complete_v1_state_transition() at ikev1.c:2673) | #2 is idle | doing_xauth:no, t_xauth_client_done:no | peer supports fragmentation | peer supports DPD | IKEv1: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 | parent state #2: MAIN_R0(half-open IKE SA) => MAIN_R1(open IKE SA) | event_already_set, deleting event | sending reply packet to 192.1.3.33:500 (from 192.1.2.23:500) | sending 144 bytes for STATE_MAIN_R0 through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #2) | 7d 87 48 0f e9 5b bb 18 a7 1a e6 24 6c 83 28 76 | 01 10 02 00 00 00 00 00 00 00 00 90 0d 00 00 38 | 00 00 00 01 00 00 00 01 00 00 00 2c 00 01 00 01 | 00 00 00 24 00 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 07 80 02 00 04 80 03 00 03 80 04 00 0e | 80 0e 01 00 0d 00 00 14 40 48 b7 d5 6e bc e8 85 | 25 e7 de 7f 00 d6 c2 d3 0d 00 00 14 af ca d7 13 | 68 a1 f1 c9 6b 86 96 fc 77 57 01 00 00 00 00 14 | 4a 13 1c 81 07 03 58 45 5c 57 28 f2 0e 95 45 2f | !event_already_set at reschedule | event_schedule: new EVENT_SO_DISCARD-pe@0x556cec50cef8 | inserting event EVENT_SO_DISCARD, timeout in 60 seconds for #2 | libevent_malloc: new ptr-libevent@0x556cec510ba8 size 128 "north-east-x509-pluto-02"[1] 192.1.3.33 #2: STATE_MAIN_R1: sent MR1, expecting MI2 | modecfg pull: noquirk policy:push not-client | phase 1 is done, looking for phase 2 to unpend | stop processing: from 192.1.3.33:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #2 connection "north-east-x509-pluto-02"[1] 192.1.3.33 from 192.1.3.33:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 2.79 milliseconds in comm_handle_cb() reading and processing packet | spent 0.0099 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 396 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) | 7d 87 48 0f e9 5b bb 18 a7 1a e6 24 6c 83 28 76 | 04 10 02 00 00 00 00 00 00 00 01 8c 0a 00 01 04 | 8a fa 96 4c af ae 99 58 a4 3c 0d af a5 77 e1 c6 | 62 45 fe 7d 47 ff 4d a9 e2 6e 09 26 c9 31 a7 46 | c2 15 87 da c4 c2 e7 66 43 0e e9 e9 52 d5 78 48 | 98 b9 62 52 4e 75 a8 d7 7d 63 4d ab e3 b9 c1 83 | e5 86 89 91 81 07 b8 df 84 8c d8 69 73 36 92 2d | 8d 9c 19 06 d4 62 fc b6 55 d6 56 7f 5f c2 81 c3 | eb 0e dd f1 2e e1 a0 5b 5f 31 9d 35 04 a5 b5 be | c1 34 5b 2a a5 00 84 21 1e 30 fe 18 70 a8 ab b7 | 32 30 bc f8 32 31 3c d3 e3 e1 2f 6e 56 76 a1 ff | 1e b6 8b cc 15 d4 ac 49 df eb 5d b6 0c a2 69 db | f7 91 81 f0 b3 90 1a b7 51 10 ff b6 5c 6e a6 f8 | 65 c1 f9 a7 a4 60 01 51 a6 39 ba 6f d4 03 a0 df | 69 04 00 cb c3 f8 f4 88 7c 16 d1 30 00 b2 3e 30 | ea 73 07 06 63 62 b2 60 0d 0c 28 89 bb b3 e0 ed | fc bc cc da 4f e9 e7 e5 20 f7 cf 70 56 d3 5b 37 | 3d 68 4d 53 18 70 e3 c0 15 82 96 ac 34 29 fe bd | 14 00 00 24 b6 7b 91 16 9a a8 7d 95 03 27 b0 57 | d0 f5 e5 1c f9 6d dd 0d 74 76 07 da 43 75 47 9b | a4 65 1c cd 14 00 00 24 cb 5b 8c c4 1c b8 1e 1f | 57 da da 2a 1d 40 f2 e3 21 40 2f cb 06 d1 af 9e | fa d5 11 9e 99 e4 9a ea 00 00 00 24 92 a3 aa 59 | 15 b7 5f c8 68 78 7e 3b 4b 5b af 07 e3 e8 ec 9d | a8 cb fc 72 98 11 39 ca 14 2a ad de | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 7d 87 48 0f e9 5b bb 18 | responder cookie: | a7 1a e6 24 6c 83 28 76 | next payload type: ISAKMP_NEXT_KE (0x4) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 396 (0x18c) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #2 in MAIN_R1 (find_state_ikev1) | start processing: state #2 connection "north-east-x509-pluto-02"[1] 192.1.3.33 from 192.1.3.33:500 (in process_v1_packet() at ikev1.c:1459) | #2 is idle | #2 idle | got payload 0x10 (ISAKMP_NEXT_KE) needed: 0x410 opt: 0x102080 | ***parse ISAKMP Key Exchange Payload: | next payload type: ISAKMP_NEXT_NONCE (0xa) | length: 260 (0x104) | got payload 0x400 (ISAKMP_NEXT_NONCE) needed: 0x400 opt: 0x102080 | ***parse ISAKMP Nonce Payload: | next payload type: ISAKMP_NEXT_NATD_RFC (0x14) | length: 36 (0x24) | got payload 0x100000 (ISAKMP_NEXT_NATD_RFC) needed: 0x0 opt: 0x102080 | ***parse ISAKMP NAT-D Payload: | next payload type: ISAKMP_NEXT_NATD_RFC (0x14) | length: 36 (0x24) | got payload 0x100000 (ISAKMP_NEXT_NATD_RFC) needed: 0x0 opt: 0x102080 | ***parse ISAKMP NAT-D Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 36 (0x24) | message 'main_inI2_outR2' HASH payload not checked early | init checking NAT-T: enabled; RFC 3947 (NAT-Traversal) | natd_hash: hasher=0x556ceab84ca0(32) | natd_hash: icookie= 7d 87 48 0f e9 5b bb 18 | natd_hash: rcookie= a7 1a e6 24 6c 83 28 76 | natd_hash: ip= c0 01 02 17 | natd_hash: port=500 | natd_hash: hash= cb 5b 8c c4 1c b8 1e 1f 57 da da 2a 1d 40 f2 e3 | natd_hash: hash= 21 40 2f cb 06 d1 af 9e fa d5 11 9e 99 e4 9a ea | natd_hash: hasher=0x556ceab84ca0(32) | natd_hash: icookie= 7d 87 48 0f e9 5b bb 18 | natd_hash: rcookie= a7 1a e6 24 6c 83 28 76 | natd_hash: ip= c0 01 03 21 | natd_hash: port=500 | natd_hash: hash= 92 a3 aa 59 15 b7 5f c8 68 78 7e 3b 4b 5b af 07 | natd_hash: hash= e3 e8 ec 9d a8 cb fc 72 98 11 39 ca 14 2a ad de | expected NAT-D(me): cb 5b 8c c4 1c b8 1e 1f 57 da da 2a 1d 40 f2 e3 | expected NAT-D(me): 21 40 2f cb 06 d1 af 9e fa d5 11 9e 99 e4 9a ea | expected NAT-D(him): | 92 a3 aa 59 15 b7 5f c8 68 78 7e 3b 4b 5b af 07 | e3 e8 ec 9d a8 cb fc 72 98 11 39 ca 14 2a ad de | received NAT-D: cb 5b 8c c4 1c b8 1e 1f 57 da da 2a 1d 40 f2 e3 | received NAT-D: 21 40 2f cb 06 d1 af 9e fa d5 11 9e 99 e4 9a ea | received NAT-D: 92 a3 aa 59 15 b7 5f c8 68 78 7e 3b 4b 5b af 07 | received NAT-D: e3 e8 ec 9d a8 cb fc 72 98 11 39 ca 14 2a ad de | NAT_TRAVERSAL encaps using auto-detect | NAT_TRAVERSAL this end is NOT behind NAT | NAT_TRAVERSAL that end is NOT behind NAT | NAT_TRAVERSAL nat-keepalive enabled 192.1.3.33 | NAT-Traversal: Result using RFC 3947 (NAT-Traversal) sender port 500: no NAT detected | NAT_T_WITH_KA detected | global one-shot timer EVENT_NAT_T_KEEPALIVE scheduled in 20 seconds | libevent_realloc: release ptr-libevent@0x556cec4a0198 | libevent_realloc: new ptr-libevent@0x556cec52c9a8 size 128 | adding inI2_outR2 KE work-order 3 for state #2 | state #2 requesting EVENT_SO_DISCARD to be deleted | libevent_free: release ptr-libevent@0x556cec510ba8 | free_event_entry: release EVENT_SO_DISCARD-pe@0x556cec50cef8 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x556cec50cef8 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #2 | libevent_malloc: new ptr-libevent@0x556cec510ba8 size 128 | complete v1 state transition with STF_SUSPEND | [RE]START processing: state #2 connection "north-east-x509-pluto-02"[1] 192.1.3.33 from 192.1.3.33:500 (in complete_v1_state_transition() at ikev1.c:2648) | suspending state #2 and saving MD | #2 is busy; has a suspended MD | #2 spent 0.363 milliseconds in process_packet_tail() | stop processing: from 192.1.3.33:500 (BACKGROUND) (in process_md() at demux.c:380) | crypto helper 3 resuming | crypto helper 3 starting work-order 3 for state #2 | stop processing: state #2 connection "north-east-x509-pluto-02"[1] 192.1.3.33 from 192.1.3.33:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | crypto helper 3 doing build KE and nonce (inI2_outR2 KE); request ID 3 | spent 0.947 milliseconds in comm_handle_cb() reading and processing packet | crypto helper 3 finished build KE and nonce (inI2_outR2 KE); request ID 3 time elapsed 0.003515 seconds | (#2) spent 3.48 milliseconds in crypto helper computing work-order 3: inI2_outR2 KE (pcr) | crypto helper 3 sending results from work-order 3 for state #2 to event queue | scheduling resume sending helper answer for #2 | libevent_malloc: new ptr-libevent@0x7f576c003f28 size 128 | crypto helper 3 waiting (nothing to do) | processing resume sending helper answer for #2 | start processing: state #2 connection "north-east-x509-pluto-02"[1] 192.1.3.33 from 192.1.3.33:500 (in resume_handler() at server.c:797) | crypto helper 3 replies to request ID 3 | calling continuation function 0x556ceaaafb50 | main_inI2_outR2_continue for #2: calculated ke+nonce, sending R2 | **emit ISAKMP Message: | initiator cookie: | 7d 87 48 0f e9 5b bb 18 | responder cookie: | a7 1a e6 24 6c 83 28 76 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit ISAKMP Key Exchange Payload: | next payload type: ISAKMP_NEXT_NONCE (0xa) | next payload chain: ignoring supplied 'ISAKMP Key Exchange Payload'.'next payload type' value 10:ISAKMP_NEXT_NONCE | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Key Exchange Payload (4:ISAKMP_NEXT_KE) | next payload chain: saving location 'ISAKMP Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of keyex value into ISAKMP Key Exchange Payload | keyex value 5d 0a e8 9b 3f 99 dc 92 3c e7 66 85 a8 d7 09 64 | keyex value 28 45 1a d3 1b 29 f5 fc 8c a4 45 a6 53 5b c3 49 | keyex value a1 ff f0 b6 f5 38 e5 0a 69 e3 1c 48 c0 57 7d 95 | keyex value 08 01 57 ea 26 83 53 0e 56 85 5a 84 57 88 4a ce | keyex value 79 1f bb 93 82 a6 33 54 10 63 ea be ac 8e cd 88 | keyex value 49 c8 d1 21 f6 48 ea 81 c5 b7 00 55 c9 be 60 55 | keyex value 17 86 ee c0 ff e3 90 c1 d6 2e cc 89 b9 42 c3 b3 | keyex value 1d 81 28 b5 ad 21 b6 6b 48 b9 08 07 86 03 f9 f8 | keyex value f1 7f ab a4 53 59 99 3c 72 8e 8b 75 e4 ad d4 b1 | keyex value 94 92 00 f8 ee 07 14 15 69 68 9b 3f 65 a3 19 09 | keyex value 5d c6 1b 8d 2f 23 8d b7 bd 2e 9d 9c 11 28 2e 4d | keyex value 2a 96 c6 79 d2 0b ba e2 eb 77 c8 13 fc b2 89 66 | keyex value 1c 0f e1 9c ec f5 ea 12 32 a3 46 79 ce 1d 7d fe | keyex value b4 fa 78 7d 75 b1 e0 1c 5b 2e f8 2b 37 a0 5e c9 | keyex value c3 61 1a de d8 38 37 5e 9b 3c ed 38 c6 2e 25 6f | keyex value 12 b0 94 c5 44 ab a9 60 8d bb 48 82 86 db cc 34 | emitting length of ISAKMP Key Exchange Payload: 260 | ***emit ISAKMP Nonce Payload: | next payload type: ISAKMP_NEXT_CR (0x7) | next payload chain: ignoring supplied 'ISAKMP Nonce Payload'.'next payload type' value 7:ISAKMP_NEXT_CR | next payload chain: setting previous 'ISAKMP Key Exchange Payload'.'next payload type' to current ISAKMP Nonce Payload (10:ISAKMP_NEXT_NONCE) | next payload chain: saving location 'ISAKMP Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of Nr into ISAKMP Nonce Payload | Nr 3d 08 37 26 45 01 6d c1 ee 9d ac 06 72 61 ea 05 | Nr 92 c3 08 c2 48 de cf fb 64 cc d2 7f 37 7e 1d e6 | emitting length of ISAKMP Nonce Payload: 36 | ***emit ISAKMP Certificate RequestPayload: | next payload type: ISAKMP_NEXT_NONE (0x0) | cert type: CERT_X509_SIGNATURE (0x4) | next payload chain: setting previous 'ISAKMP Nonce Payload'.'next payload type' to current ISAKMP Certificate RequestPayload (7:ISAKMP_NEXT_CR) | next payload chain: saving location 'ISAKMP Certificate RequestPayload'.'next payload type' in 'reply packet' | emitting length of ISAKMP Certificate RequestPayload: 5 | sending NAT-D payloads | natd_hash: hasher=0x556ceab84ca0(32) | natd_hash: icookie= 7d 87 48 0f e9 5b bb 18 | natd_hash: rcookie= a7 1a e6 24 6c 83 28 76 | natd_hash: ip= c0 01 03 21 | natd_hash: port=500 | natd_hash: hash= 92 a3 aa 59 15 b7 5f c8 68 78 7e 3b 4b 5b af 07 | natd_hash: hash= e3 e8 ec 9d a8 cb fc 72 98 11 39 ca 14 2a ad de | ***emit ISAKMP NAT-D Payload: | next payload type: ISAKMP_NEXT_NATD_RFC (0x14) | next payload chain: ignoring supplied 'ISAKMP NAT-D Payload'.'next payload type' value 20:ISAKMP_NEXT_NATD_RFC | next payload chain: setting previous 'ISAKMP Certificate RequestPayload'.'next payload type' to current ISAKMP NAT-D Payload (20:ISAKMP_NEXT_NATD_RFC) | next payload chain: saving location 'ISAKMP NAT-D Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of NAT-D into ISAKMP NAT-D Payload | NAT-D 92 a3 aa 59 15 b7 5f c8 68 78 7e 3b 4b 5b af 07 | NAT-D e3 e8 ec 9d a8 cb fc 72 98 11 39 ca 14 2a ad de | emitting length of ISAKMP NAT-D Payload: 36 | natd_hash: hasher=0x556ceab84ca0(32) | natd_hash: icookie= 7d 87 48 0f e9 5b bb 18 | natd_hash: rcookie= a7 1a e6 24 6c 83 28 76 | natd_hash: ip= c0 01 02 17 | natd_hash: port=500 | natd_hash: hash= cb 5b 8c c4 1c b8 1e 1f 57 da da 2a 1d 40 f2 e3 | natd_hash: hash= 21 40 2f cb 06 d1 af 9e fa d5 11 9e 99 e4 9a ea | ***emit ISAKMP NAT-D Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP NAT-D Payload'.'next payload type' to current ISAKMP NAT-D Payload (20:ISAKMP_NEXT_NATD_RFC) | next payload chain: saving location 'ISAKMP NAT-D Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of NAT-D into ISAKMP NAT-D Payload | NAT-D cb 5b 8c c4 1c b8 1e 1f 57 da da 2a 1d 40 f2 e3 | NAT-D 21 40 2f cb 06 d1 af 9e fa d5 11 9e 99 e4 9a ea | emitting length of ISAKMP NAT-D Payload: 36 | padding IKEv1 message with 3 bytes | emitting 3 zero bytes of message padding into ISAKMP Message | emitting length of ISAKMP Message: 404 | main inI2_outR2: starting async DH calculation (group=14) | started looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=*, E=* of kind PKK_PSK | actually looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=*, E=* of kind PKK_PSK | line 0: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org) to type PKK_RSA | line 1: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org) to type PKK_RSA | concluding with best_match=000 best=(nil) (lineno=-1) | no PreShared Key Found | adding main_inI2_outR2_tail work-order 4 for state #2 | state #2 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x556cec510ba8 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x556cec50cef8 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x556cec50cef8 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #2 | libevent_malloc: new ptr-libevent@0x556cec518318 size 128 | #2 main_inI2_outR2_continue1_tail:1165 st->st_calculating = FALSE; | complete v1 state transition with STF_OK | [RE]START processing: state #2 connection "north-east-x509-pluto-02"[1] 192.1.3.33 from 192.1.3.33:500 (in complete_v1_state_transition() at ikev1.c:2673) | crypto helper 1 resuming | crypto helper 1 starting work-order 4 for state #2 | crypto helper 1 doing compute dh+iv (V1 Phase 1) (main_inI2_outR2_tail); request ID 4 | #2 is idle; has background offloaded task | doing_xauth:no, t_xauth_client_done:no | IKEv1: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2 | parent state #2: MAIN_R1(open IKE SA) => MAIN_R2(open IKE SA) | event_already_set, deleting event | state #2 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x556cec518318 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x556cec50cef8 | sending reply packet to 192.1.3.33:500 (from 192.1.2.23:500) | sending 404 bytes for STATE_MAIN_R1 through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #2) | 7d 87 48 0f e9 5b bb 18 a7 1a e6 24 6c 83 28 76 | 04 10 02 00 00 00 00 00 00 00 01 94 0a 00 01 04 | 5d 0a e8 9b 3f 99 dc 92 3c e7 66 85 a8 d7 09 64 | 28 45 1a d3 1b 29 f5 fc 8c a4 45 a6 53 5b c3 49 | a1 ff f0 b6 f5 38 e5 0a 69 e3 1c 48 c0 57 7d 95 | 08 01 57 ea 26 83 53 0e 56 85 5a 84 57 88 4a ce | 79 1f bb 93 82 a6 33 54 10 63 ea be ac 8e cd 88 | 49 c8 d1 21 f6 48 ea 81 c5 b7 00 55 c9 be 60 55 | 17 86 ee c0 ff e3 90 c1 d6 2e cc 89 b9 42 c3 b3 | 1d 81 28 b5 ad 21 b6 6b 48 b9 08 07 86 03 f9 f8 | f1 7f ab a4 53 59 99 3c 72 8e 8b 75 e4 ad d4 b1 | 94 92 00 f8 ee 07 14 15 69 68 9b 3f 65 a3 19 09 | 5d c6 1b 8d 2f 23 8d b7 bd 2e 9d 9c 11 28 2e 4d | 2a 96 c6 79 d2 0b ba e2 eb 77 c8 13 fc b2 89 66 | 1c 0f e1 9c ec f5 ea 12 32 a3 46 79 ce 1d 7d fe | b4 fa 78 7d 75 b1 e0 1c 5b 2e f8 2b 37 a0 5e c9 | c3 61 1a de d8 38 37 5e 9b 3c ed 38 c6 2e 25 6f | 12 b0 94 c5 44 ab a9 60 8d bb 48 82 86 db cc 34 | 07 00 00 24 3d 08 37 26 45 01 6d c1 ee 9d ac 06 | 72 61 ea 05 92 c3 08 c2 48 de cf fb 64 cc d2 7f | 37 7e 1d e6 14 00 00 05 04 14 00 00 24 92 a3 aa | 59 15 b7 5f c8 68 78 7e 3b 4b 5b af 07 e3 e8 ec | 9d a8 cb fc 72 98 11 39 ca 14 2a ad de 00 00 00 | 24 cb 5b 8c c4 1c b8 1e 1f 57 da da 2a 1d 40 f2 | e3 21 40 2f cb 06 d1 af 9e fa d5 11 9e 99 e4 9a | ea 00 00 00 | !event_already_set at reschedule | event_schedule: new EVENT_RETRANSMIT-pe@0x556cec50cef8 | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #2 | libevent_malloc: new ptr-libevent@0x556cec518318 size 128 | #2 STATE_MAIN_R2: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 11274.207636 "north-east-x509-pluto-02"[1] 192.1.3.33 #2: STATE_MAIN_R2: sent MR2, expecting MI3 | modecfg pull: noquirk policy:push not-client | phase 1 is done, looking for phase 2 to unpend | resume sending helper answer for #2 suppresed complete_v1_state_transition() | #2 spent 1.37 milliseconds in resume sending helper answer | stop processing: state #2 connection "north-east-x509-pluto-02"[1] 192.1.3.33 from 192.1.3.33:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f576c003f28 | crypto helper 1 finished compute dh+iv (V1 Phase 1) (main_inI2_outR2_tail); request ID 4 time elapsed 0.00551 seconds | (#2) spent 5.48 milliseconds in crypto helper computing work-order 4: main_inI2_outR2_tail (pcr) | crypto helper 1 sending results from work-order 4 for state #2 to event queue | scheduling resume sending helper answer for #2 | libevent_malloc: new ptr-libevent@0x7f57600051d8 size 128 | crypto helper 1 waiting (nothing to do) | processing resume sending helper answer for #2 | start processing: state #2 connection "north-east-x509-pluto-02"[1] 192.1.3.33 from 192.1.3.33:500 (in resume_handler() at server.c:797) | crypto helper 1 replies to request ID 4 | calling continuation function 0x556ceaaafb50 | main_inI2_outR2_calcdone for #2: calculate DH finished | [RE]START processing: state #2 connection "north-east-x509-pluto-02"[1] 192.1.3.33 from 192.1.3.33:500 (in main_inI2_outR2_continue2() at ikev1_main.c:1015) | stop processing: state #2 connection "north-east-x509-pluto-02"[1] 192.1.3.33 from 192.1.3.33:500 (in main_inI2_outR2_continue2() at ikev1_main.c:1028) | resume sending helper answer for #2 suppresed complete_v1_state_transition() | #2 spent 0.113 milliseconds in resume sending helper answer | processing: STOP state #0 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f57600051d8 | spent 0.00633 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 2028 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) | 7d 87 48 0f e9 5b bb 18 a7 1a e6 24 6c 83 28 76 | 05 10 02 01 00 00 00 00 00 00 07 ec e8 d2 bf a3 | d2 7e 70 6b 75 22 e2 e8 02 1a 56 ec 15 dc c8 4c | 11 47 d0 1b 6d ef e9 d9 8f d6 2e e3 a5 ea 31 28 | 03 28 07 3b cf 27 00 8c bf 85 07 65 83 6d 86 8d | fc e3 3d 4e 61 3a 0d 54 d4 fc ba d5 63 71 1b 22 | c1 39 64 71 a8 a1 94 70 9b 03 c4 bb a3 3d 20 11 | 55 82 dc 72 4f 32 13 cf 3e 4d d7 58 9f da ea 09 | 08 48 70 72 a3 26 28 93 36 17 aa c3 76 94 88 9b | 44 e1 a0 27 a2 71 ac 72 fd e2 93 bb 00 09 cc 7e | 52 58 8d 6e 41 0e 54 af db 00 22 ec 69 be 93 05 | d7 92 41 12 2f 38 cf 22 2f 2c b4 3b 39 cb 3f 75 | 2a e0 70 0d a1 c6 69 f9 79 cf 01 8c a5 ce 2f b8 | 9a 10 00 28 8d b1 ed d8 b5 8e f3 96 59 d5 39 56 | 5a 7c 9a 21 49 37 2b 95 d4 ef a8 f7 14 6c 79 ce | f1 9a ca 6d 92 c6 60 6d ef f9 fd c9 19 2f ae 02 | 28 46 de 7c ad b9 2e 2a 33 b2 3d 8e 63 04 a8 83 | fe f1 51 84 11 9b 6d 54 48 22 fa f2 40 22 92 7c | a7 98 f2 a4 63 65 2e d3 cf ed bc 1f e0 2a a1 a8 | 2f b3 46 08 1d 95 4f 44 df 96 75 a4 ba 07 50 a6 | 73 b9 fa 4c c4 97 70 fb b7 a7 2c 45 5a 3e 07 e4 | 99 58 e9 00 7e 2a 25 e9 f0 f3 47 97 df c5 bd 15 | 90 53 10 83 8a bc af 6e 8e bc 75 ff 64 1c 2d eb | 4a 87 3c fc 44 db 5d b4 bb 53 91 3c de f4 6a 52 | d8 25 33 6e 9d 20 15 91 16 a0 d6 bc a4 45 e8 36 | 5a 25 28 fa 23 e5 64 01 65 2b 30 07 7f 6f 68 00 | 08 10 cc 4b 23 85 09 81 5e 22 99 f6 46 ad 5e 17 | 83 ea 9e 4f 04 dc 52 be fc 0d 07 b4 59 41 62 9c | ee 75 64 ca 80 83 9c 10 af d4 50 55 21 ed 8e 2c | 1a e9 28 10 c2 ec 07 7d 8c f8 8b 0f d0 8b 32 67 | 2d 84 fd 9e e9 54 e7 21 08 9c 7e 77 b2 4f 93 65 | b9 2f ea 8d 33 a5 1c d9 d4 66 c5 88 f7 1c a9 39 | 05 6a 3a 3a 37 82 9a 15 cc be ee e3 0c a8 0a 03 | ab 7c b0 fb b1 74 f4 e9 d0 fd e1 69 5f 52 1b 12 | 43 bb db 4c 0b 8c 0e fb 3e 33 1d fa ec 27 6a 67 | e7 65 79 23 0c bc fb a4 ed 32 87 4e c1 65 81 a4 | d9 9e 22 fc e9 3e e1 ed de be 20 62 d7 cb e0 1f | d8 54 c5 00 7c 41 72 93 08 e6 84 e6 cc 4d 54 e5 | 13 2a e0 50 44 f7 42 5c 37 ae 17 f7 e6 93 ac dc | d1 e4 1d 95 05 c6 7f 63 42 dc b0 f7 c2 ad e2 b1 | a7 07 c1 ff e3 13 f7 d5 1f 11 bc 50 cc 58 6f 2a | 1e e2 6a 88 73 4a 65 60 cb 3d b9 d3 25 f8 11 64 | c1 ef 17 19 d2 52 d4 19 ee 12 8e 16 c2 34 7c 1e | 74 c7 22 3c 1d a7 ad 53 b4 89 09 09 18 eb d1 5a | 70 b3 88 1a 02 4c 55 5c 85 c5 88 bd ac 1b 91 68 | 79 70 68 f6 79 68 18 c9 38 0c e5 55 04 0f 82 ff | 7b b8 38 98 5b 71 d0 09 64 49 be 72 fa 27 3f 9b | 63 b1 b9 38 76 93 ed c8 c0 82 53 56 c5 cd c2 86 | 8d 42 bb f2 92 a6 6d ce dc fc c8 fb 99 c2 e6 d6 | 15 40 10 15 91 b4 dc c5 c3 9a b8 df d3 be 0c 08 | ea b8 26 89 e6 be 3f 38 83 a1 d8 9f a2 f9 7f bd | d1 35 71 50 c5 5b b7 20 83 e3 d3 ff c7 57 fb 13 | 01 50 0d 47 de 74 f8 46 a6 44 6c 4f 48 de 43 7e | a7 e0 b5 b6 e6 93 da ac c9 65 20 0a a2 9b 07 7c | ac 99 ae 52 1a 85 c0 e6 db 3b cd 6f 2f 7b 08 bb | 73 e4 c6 5f 32 06 6c 49 1e 41 33 cb b0 e4 05 0f | 96 fe 32 41 be d4 ae 6b 3d 01 dd 55 15 74 ed cd | 37 10 62 5a 10 4a 81 64 e4 4b 58 9a 9f d2 39 6c | b6 b1 af 2d b9 cf 6b e3 33 5e d7 c4 93 eb 95 76 | 7a 96 e4 bf 89 12 89 9f 16 66 d0 d5 f8 71 ad da | 00 c6 12 a9 57 f6 12 33 fd 59 71 35 92 94 99 ea | e8 49 67 5c 9f f2 79 3f 42 08 69 19 b7 3b 4a 64 | 3c a4 da fa ae 3b ed ce c2 09 7b 0b 30 c0 b0 68 | bc de af 2a 26 c8 78 7c 7f fd 84 6d 01 41 85 72 | 9d 53 b7 04 7c c1 83 48 cd 29 bd 19 7f 21 75 b2 | 37 45 33 8f 1e f2 31 55 7a 43 41 cf 5d 24 eb 76 | 93 f3 fc 5e 5a cd bb ab 5f 05 e6 7d 60 2b 69 68 | 84 30 02 b7 e6 de 9c f4 c2 8f 1c d1 e0 96 b2 f3 | b2 8a 07 2d ac 90 be 66 05 8e fa 4a b5 ad 7c 05 | 1b fd 06 19 5f 47 bf 19 2a 71 85 d1 3f cb d8 d6 | 62 04 40 5a ee 79 e5 c4 3d db d8 fc 67 71 61 50 | 19 78 2c 7e 1b 6f 0c 09 0a 69 6a 04 8b 00 45 c1 | ca 39 82 43 fc db 9d 84 7e 41 e1 5a cd 45 97 f0 | 33 d1 56 d3 21 85 e5 11 e6 29 75 0a 2e 17 3e 72 | cd 26 dd 1c 9a a2 a8 89 8a 11 46 ae 85 cb 3d e3 | d7 7d 7b 1e b0 03 b4 e6 dd cc c6 73 8d 44 9b 71 | 69 cc 51 8e 72 b0 2f 7b f7 d6 d1 0e 28 14 18 99 | 2f 29 7c e8 b2 0c 25 d0 9a d3 7b 94 90 48 50 92 | 14 f3 83 90 a0 0a 69 a6 7e 9c 3c b5 28 c7 5b 36 | f0 de b9 ce 66 36 d4 ca 98 43 73 23 2d 42 b9 34 | c0 92 3d ef 94 3a b9 c0 17 b6 9d 64 ee e5 c2 62 | 75 74 52 38 b0 0c 7e b5 bf 6e 51 73 ec 79 8c 0c | c9 07 52 87 4f 80 4b 47 5e 9b e8 e1 35 6e c2 93 | 71 39 39 2b df 1b 49 b5 76 37 08 aa 85 3e b5 db | 19 93 70 8c 45 0c 22 40 46 49 1d d0 a7 6f 84 6a | 8f a4 77 b3 b6 51 ac ae b1 30 be 5e 52 2f a8 8b | 0c 70 d6 2a 64 d1 97 cd d6 a2 dd e3 ae 97 1a e2 | 95 0f 62 b2 f9 cd 69 83 df 0f c5 78 43 76 2b 71 | e6 2e f5 c2 e0 81 49 cc 22 56 b1 0c 6c 9f c1 88 | c8 7a 9c 6a e0 bb 7d d4 1a 62 bf 75 56 97 cc 12 | 1e f6 23 6e 06 0f cb b2 91 18 f8 2a df 57 73 04 | b0 a9 32 e9 32 fd d3 a0 d8 af 20 3e af cd a3 0c | 25 99 f1 8b 5d 88 01 c8 eb 8d f2 1d 03 4f 43 39 | e7 8d ec 03 3e 6a c0 cf 8b 05 7f 7c 1a c8 1f 8d | 66 21 52 99 21 bb b7 43 c8 8b 8b 4e 71 b5 b9 c0 | 7c 10 32 03 8b 92 ab bf 61 bc 72 3e 38 95 13 3b | e5 6c 92 06 c4 69 ad 28 fb 23 35 b3 d8 e5 43 83 | a3 06 f6 8b 7c 5f 19 44 7a 7b 13 37 cb 78 31 fb | bd aa 4b 6b 5a 55 68 98 e3 a9 cb 5d 2e 5f 5f c4 | 79 e3 06 f8 ef 12 04 cb 96 ce 16 80 fb 7a 97 73 | 50 33 1e d7 a2 7f 62 79 09 5f 57 e5 39 cc 7c b2 | 19 f1 67 97 2f 94 5e b2 b8 6d 08 9e c6 df 46 58 | 06 30 45 a0 ed 37 aa f5 18 93 69 92 42 b1 96 8b | 50 cc 1d 94 1a 2f 4d 77 9d 9b 68 e2 ef 34 f8 d0 | 20 74 53 5f 46 35 96 db 17 22 07 2f 61 9d 5f 1d | a1 64 c4 bd da 7d 48 3f 44 89 04 60 ea c3 1c 91 | 58 05 fb b6 92 83 13 f3 70 47 32 a4 1e 9d 1e df | ee d1 5c 11 da f7 24 75 7b d1 57 c8 a3 2a 3c 24 | bf 8f 05 6a 2e 97 74 fb 48 7e 73 79 6a 09 aa 08 | 42 30 ad e5 be 2e 98 7d cb a6 e9 24 1b 33 72 c3 | 64 5d ff 88 71 8d d1 8f bc 5c ad 95 47 fe 8f 3a | 03 ed 0d 8e 35 bb a1 6b 6b f4 01 e7 65 7a ad e4 | 9f a6 8a c2 c9 d0 0c 0a 18 0b 24 4c 52 32 e9 7c | 09 65 8c e1 64 46 56 af d0 ee 6e 1c 45 73 94 26 | 2c b4 a5 af 0c fc 79 2e 79 e3 5c ce 40 88 78 79 | e3 42 3d f6 4e 49 84 d7 9d 6a dc 88 e6 3f 81 71 | 88 73 17 65 fe da cc 1f 9f 28 d2 36 1e dd 6d dd | 3c 4b 9a 4e 6e 18 e1 7d 7c 97 29 a3 88 0a c3 6e | f7 04 48 ee 37 46 9d 4c 8d 6c bd a5 83 ec 3d a1 | df 10 f4 1c 1c 5f 54 a9 2d 50 c4 6b 4d 7d cb 8a | 2e 4c 69 b5 c5 c1 a5 4e c3 21 3a 1c 11 34 78 76 | 09 13 17 47 17 ab 65 17 b5 3c 40 29 84 b5 19 08 | c5 3d 4d cf 20 de 9c d5 e4 59 f5 e7 2d 67 90 4c | 1f 9b 6e ff a9 ae 12 6f 7b fe 21 fe c0 da 49 2d | 3d dd 96 5b a7 16 7b 81 dd 91 e9 75 4e 38 be 45 | f2 e7 d5 52 4d ae c4 cd 7a f1 3d 9e 50 4b 7a ea | 08 3f 71 31 58 d4 c8 3c 11 31 63 97 | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 7d 87 48 0f e9 5b bb 18 | responder cookie: | a7 1a e6 24 6c 83 28 76 | next payload type: ISAKMP_NEXT_ID (0x5) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 0 (0x0) | length: 2028 (0x7ec) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #2 in MAIN_R2 (find_state_ikev1) | start processing: state #2 connection "north-east-x509-pluto-02"[1] 192.1.3.33 from 192.1.3.33:500 (in process_v1_packet() at ikev1.c:1459) | #2 is idle | #2 idle | received encrypted packet from 192.1.3.33:500 | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x220 opt: 0x20c0 | ***parse ISAKMP Identification Payload: | next payload type: ISAKMP_NEXT_CERT (0x6) | length: 193 (0xc1) | ID type: ID_DER_ASN1_DN (0x9) | DOI specific A: 0 (0x0) | DOI specific B: 0 (0x0) | obj: 30 81 b6 31 0b 30 09 06 03 55 04 06 13 02 43 41 | obj: 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 | obj: 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 | obj: 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c | obj: 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 | obj: 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 | obj: 6e 74 31 24 30 22 06 03 55 04 03 0c 1b 6e 6f 72 | obj: 74 68 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 | obj: 73 77 61 6e 2e 6f 72 67 31 2f 30 2d 06 09 2a 86 | obj: 48 86 f7 0d 01 09 01 16 20 75 73 65 72 2d 6e 6f | obj: 72 74 68 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 | obj: 65 73 77 61 6e 2e 6f 72 67 | got payload 0x40 (ISAKMP_NEXT_CERT) needed: 0x200 opt: 0x20c0 | ***parse ISAKMP Certificate Payload: | next payload type: ISAKMP_NEXT_CR (0x7) | length: 1232 (0x4d0) | cert encoding: CERT_X509_SIGNATURE (0x4) | got payload 0x80 (ISAKMP_NEXT_CR) needed: 0x200 opt: 0x20c0 | ***parse ISAKMP Certificate RequestPayload: | next payload type: ISAKMP_NEXT_SIG (0x9) | length: 180 (0xb4) | cert type: CERT_X509_SIGNATURE (0x4) | got payload 0x200 (ISAKMP_NEXT_SIG) needed: 0x200 opt: 0x20c0 | ***parse ISAKMP Signature Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 388 (0x184) | removing 7 bytes of padding | message 'main_inI3_outR3' HASH payload not checked early | DER ASN1 DN: 30 81 b6 31 0b 30 09 06 03 55 04 06 13 02 43 41 | DER ASN1 DN: 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 | DER ASN1 DN: 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 | DER ASN1 DN: 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c | DER ASN1 DN: 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 | DER ASN1 DN: 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 | DER ASN1 DN: 6e 74 31 24 30 22 06 03 55 04 03 0c 1b 6e 6f 72 | DER ASN1 DN: 74 68 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 | DER ASN1 DN: 73 77 61 6e 2e 6f 72 67 31 2f 30 2d 06 09 2a 86 | DER ASN1 DN: 48 86 f7 0d 01 09 01 16 20 75 73 65 72 2d 6e 6f | DER ASN1 DN: 72 74 68 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 | DER ASN1 DN: 65 73 77 61 6e 2e 6f 72 67 "north-east-x509-pluto-02"[1] 192.1.3.33 #2: Peer ID is ID_DER_ASN1_DN: 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' | global one-shot timer EVENT_FREE_ROOT_CERTS scheduled in 300 seconds | #2 spent 0.0236 milliseconds in find_and_verify_certs() calling get_root_certs() | checking for known CERT payloads | saving certificate of type 'X509_SIGNATURE' | decoded cert: E=user-north@testing.libreswan.org,CN=north.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA | #2 spent 1.2 milliseconds in find_and_verify_certs() calling decode_cert_payloads() | cert_issuer_has_current_crl: looking for a CRL issued by E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA | #2 spent 0.203 milliseconds in find_and_verify_certs() calling crl_update_check() | missing or expired CRL | crl_strict: 0, ocsp: 0, ocsp_strict: 0, ocsp_post: 0 | verify_end_cert trying profile IPsec "north-east-x509-pluto-02"[1] 192.1.3.33 #2: Certificate E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA failed IPsec verification "north-east-x509-pluto-02"[1] 192.1.3.33 #2: ERROR: The certificate was signed using a signature algorithm that is disabled because it is not secure. | #2 spent 1.73 milliseconds in find_and_verify_certs() calling verify_end_cert() "north-east-x509-pluto-02"[1] 192.1.3.33 #2: X509: Certificate rejected for this connection "north-east-x509-pluto-02"[1] 192.1.3.33 #2: X509: CERT payload bogus or revoked | Peer ID failed to decode | complete v1 state transition with INVALID_ID_INFORMATION | [RE]START processing: state #2 connection "north-east-x509-pluto-02"[1] 192.1.3.33 from 192.1.3.33:500 (in complete_v1_state_transition() at ikev1.c:2673) | #2 is idle "north-east-x509-pluto-02"[1] 192.1.3.33 #2: sending encrypted notification INVALID_ID_INFORMATION to 192.1.3.33:500 | **emit ISAKMP Message: | initiator cookie: | 7d 87 48 0f e9 5b bb 18 | responder cookie: | a7 1a e6 24 6c 83 28 76 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_INFO (0x5) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 1247696925 (0x4a5e581d) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'notification msg' | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload | emitting length of ISAKMP Hash Payload: 36 | ***emit ISAKMP Notification Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | DOI: ISAKMP_DOI_IPSEC (0x1) | protocol ID: 1 (0x1) | SPI size: 0 (0x0) | Notify Message Type: INVALID_ID_INFORMATION (0x12) | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Notification Payload (11:ISAKMP_NEXT_N) | next payload chain: saving location 'ISAKMP Notification Payload'.'next payload type' in 'notification msg' | emitting length of ISAKMP Notification Payload: 12 | send notification HASH(1): | 98 19 57 e5 0b b9 fa 45 a0 2b b4 54 bd 73 58 70 | b0 d4 5c ec 89 7e d2 cc 1f a0 d5 e4 60 e8 5f 8e | no IKEv1 message padding required | emitting length of ISAKMP Message: 76 | sending 76 bytes for notification packet through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #2) | 7d 87 48 0f e9 5b bb 18 a7 1a e6 24 6c 83 28 76 | 08 10 05 01 4a 5e 58 1d 00 00 00 4c 10 58 e3 aa | 2d 1a c6 ce f4 5d e2 f2 37 80 ed 4d 6b 1e 50 56 | 13 08 36 e6 e9 32 96 cf 0d ca cf fa 01 33 db 9b | 50 f0 2a 4f d6 05 1c 49 91 9e 85 ef | state transition function for STATE_MAIN_R2 failed: INVALID_ID_INFORMATION | #2 spent 1.02 milliseconds | #2 spent 4.43 milliseconds in process_packet_tail() | stop processing: from 192.1.3.33:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #2 connection "north-east-x509-pluto-02"[1] 192.1.3.33 from 192.1.3.33:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 6.31 milliseconds in comm_handle_cb() reading and processing packet | timer_event_cb: processing event@0x556cec50cef8 | handling event EVENT_RETRANSMIT for parent state #2 | start processing: state #2 connection "north-east-x509-pluto-02"[1] 192.1.3.33 from 192.1.3.33:500 (in timer_event_cb() at timer.c:250) | IKEv1 retransmit event | [RE]START processing: state #2 connection "north-east-x509-pluto-02"[1] 192.1.3.33 from 192.1.3.33:500 (in retransmit_v1_msg() at retry.c:61) | handling event EVENT_RETRANSMIT for 192.1.3.33 "north-east-x509-pluto-02"[1] 192.1.3.33 #2 keying attempt 0 of 0; retransmit 1 | retransmits: current time 11274.714735; retransmit count 0 exceeds limit? NO; deltatime 0.5 exceeds limit? NO; monotime 0.507099 exceeds limit? NO | event_schedule: new EVENT_RETRANSMIT-pe@0x7f576c004218 | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #2 | libevent_malloc: new ptr-libevent@0x7f576c003f28 size 128 "north-east-x509-pluto-02"[1] 192.1.3.33 #2: STATE_MAIN_R2: retransmission; will wait 0.5 seconds for response | sending 404 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #2) | 7d 87 48 0f e9 5b bb 18 a7 1a e6 24 6c 83 28 76 | 04 10 02 00 00 00 00 00 00 00 01 94 0a 00 01 04 | 5d 0a e8 9b 3f 99 dc 92 3c e7 66 85 a8 d7 09 64 | 28 45 1a d3 1b 29 f5 fc 8c a4 45 a6 53 5b c3 49 | a1 ff f0 b6 f5 38 e5 0a 69 e3 1c 48 c0 57 7d 95 | 08 01 57 ea 26 83 53 0e 56 85 5a 84 57 88 4a ce | 79 1f bb 93 82 a6 33 54 10 63 ea be ac 8e cd 88 | 49 c8 d1 21 f6 48 ea 81 c5 b7 00 55 c9 be 60 55 | 17 86 ee c0 ff e3 90 c1 d6 2e cc 89 b9 42 c3 b3 | 1d 81 28 b5 ad 21 b6 6b 48 b9 08 07 86 03 f9 f8 | f1 7f ab a4 53 59 99 3c 72 8e 8b 75 e4 ad d4 b1 | 94 92 00 f8 ee 07 14 15 69 68 9b 3f 65 a3 19 09 | 5d c6 1b 8d 2f 23 8d b7 bd 2e 9d 9c 11 28 2e 4d | 2a 96 c6 79 d2 0b ba e2 eb 77 c8 13 fc b2 89 66 | 1c 0f e1 9c ec f5 ea 12 32 a3 46 79 ce 1d 7d fe | b4 fa 78 7d 75 b1 e0 1c 5b 2e f8 2b 37 a0 5e c9 | c3 61 1a de d8 38 37 5e 9b 3c ed 38 c6 2e 25 6f | 12 b0 94 c5 44 ab a9 60 8d bb 48 82 86 db cc 34 | 07 00 00 24 3d 08 37 26 45 01 6d c1 ee 9d ac 06 | 72 61 ea 05 92 c3 08 c2 48 de cf fb 64 cc d2 7f | 37 7e 1d e6 14 00 00 05 04 14 00 00 24 92 a3 aa | 59 15 b7 5f c8 68 78 7e 3b 4b 5b af 07 e3 e8 ec | 9d a8 cb fc 72 98 11 39 ca 14 2a ad de 00 00 00 | 24 cb 5b 8c c4 1c b8 1e 1f 57 da da 2a 1d 40 f2 | e3 21 40 2f cb 06 d1 af 9e fa d5 11 9e 99 e4 9a | ea 00 00 00 | libevent_free: release ptr-libevent@0x556cec518318 | free_event_entry: release EVENT_RETRANSMIT-pe@0x556cec50cef8 | #2 spent 0.314 milliseconds in timer_event_cb() EVENT_RETRANSMIT | stop processing: state #2 connection "north-east-x509-pluto-02"[1] 192.1.3.33 from 192.1.3.33:500 (in timer_event_cb() at timer.c:557) | timer_event_cb: processing event@0x7f576c004218 | handling event EVENT_RETRANSMIT for parent state #2 | start processing: state #2 connection "north-east-x509-pluto-02"[1] 192.1.3.33 from 192.1.3.33:500 (in timer_event_cb() at timer.c:250) | IKEv1 retransmit event | [RE]START processing: state #2 connection "north-east-x509-pluto-02"[1] 192.1.3.33 from 192.1.3.33:500 (in retransmit_v1_msg() at retry.c:61) | handling event EVENT_RETRANSMIT for 192.1.3.33 "north-east-x509-pluto-02"[1] 192.1.3.33 #2 keying attempt 0 of 0; retransmit 2 | retransmits: current time 11275.215611; retransmit count 1 exceeds limit? NO; deltatime 1 exceeds limit? NO; monotime 1.007975 exceeds limit? NO | event_schedule: new EVENT_RETRANSMIT-pe@0x556cec50cef8 | inserting event EVENT_RETRANSMIT, timeout in 1 seconds for #2 | libevent_malloc: new ptr-libevent@0x556cec518318 size 128 "north-east-x509-pluto-02"[1] 192.1.3.33 #2: STATE_MAIN_R2: retransmission; will wait 1 seconds for response | sending 404 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #2) | 7d 87 48 0f e9 5b bb 18 a7 1a e6 24 6c 83 28 76 | 04 10 02 00 00 00 00 00 00 00 01 94 0a 00 01 04 | 5d 0a e8 9b 3f 99 dc 92 3c e7 66 85 a8 d7 09 64 | 28 45 1a d3 1b 29 f5 fc 8c a4 45 a6 53 5b c3 49 | a1 ff f0 b6 f5 38 e5 0a 69 e3 1c 48 c0 57 7d 95 | 08 01 57 ea 26 83 53 0e 56 85 5a 84 57 88 4a ce | 79 1f bb 93 82 a6 33 54 10 63 ea be ac 8e cd 88 | 49 c8 d1 21 f6 48 ea 81 c5 b7 00 55 c9 be 60 55 | 17 86 ee c0 ff e3 90 c1 d6 2e cc 89 b9 42 c3 b3 | 1d 81 28 b5 ad 21 b6 6b 48 b9 08 07 86 03 f9 f8 | f1 7f ab a4 53 59 99 3c 72 8e 8b 75 e4 ad d4 b1 | 94 92 00 f8 ee 07 14 15 69 68 9b 3f 65 a3 19 09 | 5d c6 1b 8d 2f 23 8d b7 bd 2e 9d 9c 11 28 2e 4d | 2a 96 c6 79 d2 0b ba e2 eb 77 c8 13 fc b2 89 66 | 1c 0f e1 9c ec f5 ea 12 32 a3 46 79 ce 1d 7d fe | b4 fa 78 7d 75 b1 e0 1c 5b 2e f8 2b 37 a0 5e c9 | c3 61 1a de d8 38 37 5e 9b 3c ed 38 c6 2e 25 6f | 12 b0 94 c5 44 ab a9 60 8d bb 48 82 86 db cc 34 | 07 00 00 24 3d 08 37 26 45 01 6d c1 ee 9d ac 06 | 72 61 ea 05 92 c3 08 c2 48 de cf fb 64 cc d2 7f | 37 7e 1d e6 14 00 00 05 04 14 00 00 24 92 a3 aa | 59 15 b7 5f c8 68 78 7e 3b 4b 5b af 07 e3 e8 ec | 9d a8 cb fc 72 98 11 39 ca 14 2a ad de 00 00 00 | 24 cb 5b 8c c4 1c b8 1e 1f 57 da da 2a 1d 40 f2 | e3 21 40 2f cb 06 d1 af 9e fa d5 11 9e 99 e4 9a | ea 00 00 00 | libevent_free: release ptr-libevent@0x7f576c003f28 | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f576c004218 | #2 spent 0.511 milliseconds in timer_event_cb() EVENT_RETRANSMIT | stop processing: state #2 connection "north-east-x509-pluto-02"[1] 192.1.3.33 from 192.1.3.33:500 (in timer_event_cb() at timer.c:557) | timer_event_cb: processing event@0x556cec50cef8 | handling event EVENT_RETRANSMIT for parent state #2 | start processing: state #2 connection "north-east-x509-pluto-02"[1] 192.1.3.33 from 192.1.3.33:500 (in timer_event_cb() at timer.c:250) | IKEv1 retransmit event | [RE]START processing: state #2 connection "north-east-x509-pluto-02"[1] 192.1.3.33 from 192.1.3.33:500 (in retransmit_v1_msg() at retry.c:61) | handling event EVENT_RETRANSMIT for 192.1.3.33 "north-east-x509-pluto-02"[1] 192.1.3.33 #2 keying attempt 0 of 0; retransmit 3 | retransmits: current time 11276.216842; retransmit count 2 exceeds limit? NO; deltatime 2 exceeds limit? NO; monotime 2.009206 exceeds limit? NO | event_schedule: new EVENT_RETRANSMIT-pe@0x7f576c004218 | inserting event EVENT_RETRANSMIT, timeout in 2 seconds for #2 | libevent_malloc: new ptr-libevent@0x7f576c003f28 size 128 "north-east-x509-pluto-02"[1] 192.1.3.33 #2: STATE_MAIN_R2: retransmission; will wait 2 seconds for response | sending 404 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #2) | 7d 87 48 0f e9 5b bb 18 a7 1a e6 24 6c 83 28 76 | 04 10 02 00 00 00 00 00 00 00 01 94 0a 00 01 04 | 5d 0a e8 9b 3f 99 dc 92 3c e7 66 85 a8 d7 09 64 | 28 45 1a d3 1b 29 f5 fc 8c a4 45 a6 53 5b c3 49 | a1 ff f0 b6 f5 38 e5 0a 69 e3 1c 48 c0 57 7d 95 | 08 01 57 ea 26 83 53 0e 56 85 5a 84 57 88 4a ce | 79 1f bb 93 82 a6 33 54 10 63 ea be ac 8e cd 88 | 49 c8 d1 21 f6 48 ea 81 c5 b7 00 55 c9 be 60 55 | 17 86 ee c0 ff e3 90 c1 d6 2e cc 89 b9 42 c3 b3 | 1d 81 28 b5 ad 21 b6 6b 48 b9 08 07 86 03 f9 f8 | f1 7f ab a4 53 59 99 3c 72 8e 8b 75 e4 ad d4 b1 | 94 92 00 f8 ee 07 14 15 69 68 9b 3f 65 a3 19 09 | 5d c6 1b 8d 2f 23 8d b7 bd 2e 9d 9c 11 28 2e 4d | 2a 96 c6 79 d2 0b ba e2 eb 77 c8 13 fc b2 89 66 | 1c 0f e1 9c ec f5 ea 12 32 a3 46 79 ce 1d 7d fe | b4 fa 78 7d 75 b1 e0 1c 5b 2e f8 2b 37 a0 5e c9 | c3 61 1a de d8 38 37 5e 9b 3c ed 38 c6 2e 25 6f | 12 b0 94 c5 44 ab a9 60 8d bb 48 82 86 db cc 34 | 07 00 00 24 3d 08 37 26 45 01 6d c1 ee 9d ac 06 | 72 61 ea 05 92 c3 08 c2 48 de cf fb 64 cc d2 7f | 37 7e 1d e6 14 00 00 05 04 14 00 00 24 92 a3 aa | 59 15 b7 5f c8 68 78 7e 3b 4b 5b af 07 e3 e8 ec | 9d a8 cb fc 72 98 11 39 ca 14 2a ad de 00 00 00 | 24 cb 5b 8c c4 1c b8 1e 1f 57 da da 2a 1d 40 f2 | e3 21 40 2f cb 06 d1 af 9e fa d5 11 9e 99 e4 9a | ea 00 00 00 | libevent_free: release ptr-libevent@0x556cec518318 | free_event_entry: release EVENT_RETRANSMIT-pe@0x556cec50cef8 | #2 spent 0.145 milliseconds in timer_event_cb() EVENT_RETRANSMIT | stop processing: state #2 connection "north-east-x509-pluto-02"[1] 192.1.3.33 from 192.1.3.33:500 (in timer_event_cb() at timer.c:557) | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | FOR_EACH_CONNECTION_... in show_connections_status | FOR_EACH_CONNECTION_... in show_connections_status | FOR_EACH_STATE_... in show_states_status (sort_states) | FOR_EACH_STATE_... in sort_states | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.893 milliseconds in whack | timer_event_cb: processing event@0x556cec515478 | handling event EVENT_RETRANSMIT for parent state #1 | start processing: state #1 connection "north-east-x509-pluto-02"[1] 192.1.3.33 from 192.1.3.33:500 (in timer_event_cb() at timer.c:250) | IKEv1 retransmit event | [RE]START processing: state #1 connection "north-east-x509-pluto-02"[1] 192.1.3.33 from 192.1.3.33:500 (in retransmit_v1_msg() at retry.c:61) | handling event EVENT_RETRANSMIT for 192.1.3.33 "north-east-x509-pluto-02"[1] 192.1.3.33 #1 keying attempt 0 of 0; retransmit 8 | retransmits: current time 11278.216633; retransmit count 7 exceeds limit? NO; deltatime 64 exceeds limit? YES; monotime 64.030582 exceeds limit? YES "north-east-x509-pluto-02"[1] 192.1.3.33 #1: STATE_MAIN_R2: 60 second timeout exceeded after 7 retransmits. No response (or no acceptable response) to our IKEv1 message | [RE]START processing: state #1 connection "north-east-x509-pluto-02"[1] 192.1.3.33 from 192.1.3.33:500 (in retransmit_v1_msg() at retry.c:124) | pstats #1 ikev1.isakmp failed too-many-retransmits | pstats #1 ikev1.isakmp deleted too-many-retransmits | [RE]START processing: state #1 connection "north-east-x509-pluto-02"[1] 192.1.3.33 from 192.1.3.33:500 (in delete_state() at state.c:879) "north-east-x509-pluto-02"[1] 192.1.3.33 #1: deleting state (STATE_MAIN_R2) aged 64.033s and NOT sending notification | parent state #1: MAIN_R2(open IKE SA) => delete | State DB: IKEv1 state not found (flush_incomplete_children) | in connection_discard for connection north-east-x509-pluto-02 | connection is instance | not in pending use | State DB: found state #2 in MAIN_R2 (connection_discard) | states still using this connection instance, retaining | State DB: deleting IKEv1 state #1 in MAIN_R2 | parent state #1: MAIN_R2(open IKE SA) => UNDEFINED(ignore) | stop processing: state #1 from 192.1.3.33:500 (in delete_state() at state.c:1143) | libevent_free: release ptr-libevent@0x556cec527588 | free_event_entry: release EVENT_RETRANSMIT-pe@0x556cec515478 | in statetime_stop() and could not find #1 | processing: STOP state #0 (in timer_event_cb() at timer.c:557) | timer_event_cb: processing event@0x7f576c004218 | handling event EVENT_RETRANSMIT for parent state #2 | start processing: state #2 connection "north-east-x509-pluto-02"[1] 192.1.3.33 from 192.1.3.33:500 (in timer_event_cb() at timer.c:250) | IKEv1 retransmit event | [RE]START processing: state #2 connection "north-east-x509-pluto-02"[1] 192.1.3.33 from 192.1.3.33:500 (in retransmit_v1_msg() at retry.c:61) | handling event EVENT_RETRANSMIT for 192.1.3.33 "north-east-x509-pluto-02"[1] 192.1.3.33 #2 keying attempt 0 of 0; retransmit 4 | retransmits: current time 11278.219572; retransmit count 3 exceeds limit? NO; deltatime 4 exceeds limit? NO; monotime 4.011936 exceeds limit? NO | event_schedule: new EVENT_RETRANSMIT-pe@0x556cec515478 | inserting event EVENT_RETRANSMIT, timeout in 4 seconds for #2 | libevent_malloc: new ptr-libevent@0x556cec518318 size 128 "north-east-x509-pluto-02"[1] 192.1.3.33 #2: STATE_MAIN_R2: retransmission; will wait 4 seconds for response | sending 404 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #2) | 7d 87 48 0f e9 5b bb 18 a7 1a e6 24 6c 83 28 76 | 04 10 02 00 00 00 00 00 00 00 01 94 0a 00 01 04 | 5d 0a e8 9b 3f 99 dc 92 3c e7 66 85 a8 d7 09 64 | 28 45 1a d3 1b 29 f5 fc 8c a4 45 a6 53 5b c3 49 | a1 ff f0 b6 f5 38 e5 0a 69 e3 1c 48 c0 57 7d 95 | 08 01 57 ea 26 83 53 0e 56 85 5a 84 57 88 4a ce | 79 1f bb 93 82 a6 33 54 10 63 ea be ac 8e cd 88 | 49 c8 d1 21 f6 48 ea 81 c5 b7 00 55 c9 be 60 55 | 17 86 ee c0 ff e3 90 c1 d6 2e cc 89 b9 42 c3 b3 | 1d 81 28 b5 ad 21 b6 6b 48 b9 08 07 86 03 f9 f8 | f1 7f ab a4 53 59 99 3c 72 8e 8b 75 e4 ad d4 b1 | 94 92 00 f8 ee 07 14 15 69 68 9b 3f 65 a3 19 09 | 5d c6 1b 8d 2f 23 8d b7 bd 2e 9d 9c 11 28 2e 4d | 2a 96 c6 79 d2 0b ba e2 eb 77 c8 13 fc b2 89 66 | 1c 0f e1 9c ec f5 ea 12 32 a3 46 79 ce 1d 7d fe | b4 fa 78 7d 75 b1 e0 1c 5b 2e f8 2b 37 a0 5e c9 | c3 61 1a de d8 38 37 5e 9b 3c ed 38 c6 2e 25 6f | 12 b0 94 c5 44 ab a9 60 8d bb 48 82 86 db cc 34 | 07 00 00 24 3d 08 37 26 45 01 6d c1 ee 9d ac 06 | 72 61 ea 05 92 c3 08 c2 48 de cf fb 64 cc d2 7f | 37 7e 1d e6 14 00 00 05 04 14 00 00 24 92 a3 aa | 59 15 b7 5f c8 68 78 7e 3b 4b 5b af 07 e3 e8 ec | 9d a8 cb fc 72 98 11 39 ca 14 2a ad de 00 00 00 | 24 cb 5b 8c c4 1c b8 1e 1f 57 da da 2a 1d 40 f2 | e3 21 40 2f cb 06 d1 af 9e fa d5 11 9e 99 e4 9a | ea 00 00 00 | libevent_free: release ptr-libevent@0x7f576c003f28 | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f576c004218 | #2 spent 0.144 milliseconds in timer_event_cb() EVENT_RETRANSMIT | stop processing: state #2 connection "north-east-x509-pluto-02"[1] 192.1.3.33 from 192.1.3.33:500 (in timer_event_cb() at timer.c:557) | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) shutting down | processing: RESET whack log_fd (was fd@16) (in exit_pluto() at plutomain.c:1825) destroying root certificate cache | certs and keys locked by 'free_preshared_secrets' forgetting secrets | certs and keys unlocked by 'free_preshared_secrets' | unreference key: 0x556cec50e458 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org cnt 1-- | unreference key: 0x556cec50df98 user-east@testing.libreswan.org cnt 1-- | unreference key: 0x556cec50da78 @east.testing.libreswan.org cnt 1-- | unreference key: 0x556cec50d598 east@testing.libreswan.org cnt 1-- | unreference key: 0x556cec50c138 192.1.2.23 cnt 1-- | start processing: connection "north-east-x509-pluto-02"[1] 192.1.3.33 (in delete_connection() at connections.c:189) "north-east-x509-pluto-02"[1] 192.1.3.33: deleting connection "north-east-x509-pluto-02"[1] 192.1.3.33 instance with peer 192.1.3.33 {isakmp=#0/ipsec=#0} | Deleting states for connection - including all other IPsec SA's of this IKE SA | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | state #2 | suspend processing: connection "north-east-x509-pluto-02"[1] 192.1.3.33 (in foreach_state_by_connection_func_delete() at state.c:1310) | start processing: state #2 connection "north-east-x509-pluto-02"[1] 192.1.3.33 from 192.1.3.33:500 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #2 ikev1.isakmp deleted other | [RE]START processing: state #2 connection "north-east-x509-pluto-02"[1] 192.1.3.33 from 192.1.3.33:500 (in delete_state() at state.c:879) "north-east-x509-pluto-02"[1] 192.1.3.33 #2: deleting state (STATE_MAIN_R2) aged 4.912s and NOT sending notification | parent state #2: MAIN_R2(open IKE SA) => delete | state #2 requesting EVENT_RETRANSMIT to be deleted | #2 STATE_MAIN_R2: retransmits: cleared | libevent_free: release ptr-libevent@0x556cec518318 | free_event_entry: release EVENT_RETRANSMIT-pe@0x556cec515478 | State DB: IKEv1 state not found (flush_incomplete_children) | stop processing: connection "north-east-x509-pluto-02"[1] 192.1.3.33 (BACKGROUND) (in update_state_connection() at connections.c:4076) | start processing: connection NULL (in update_state_connection() at connections.c:4077) | in connection_discard for connection north-east-x509-pluto-02 | State DB: deleting IKEv1 state #2 in MAIN_R2 | parent state #2: MAIN_R2(open IKE SA) => UNDEFINED(ignore) | stop processing: state #2 from 192.1.3.33:500 (in delete_state() at state.c:1143) | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | flush revival: connection 'north-east-x509-pluto-02' wasn't on the list | processing: STOP connection NULL (in discard_connection() at connections.c:249) | start processing: connection "north-east-x509-pluto-02" (in delete_connection() at connections.c:189) | Deleting states for connection - including all other IPsec SA's of this IKE SA | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | free hp@0x556cec509108 | flush revival: connection 'north-east-x509-pluto-02' wasn't on the list | stop processing: connection "north-east-x509-pluto-02" (in discard_connection() at connections.c:249) | crl fetch request list locked by 'free_crl_fetch' | crl fetch request list unlocked by 'free_crl_fetch' shutting down interface lo/lo 127.0.0.1:4500 shutting down interface lo/lo 127.0.0.1:500 shutting down interface eth0/eth0 192.0.2.254:4500 shutting down interface eth0/eth0 192.0.2.254:500 shutting down interface eth1/eth1 192.1.2.23:4500 shutting down interface eth1/eth1 192.1.2.23:500 | FOR_EACH_STATE_... in delete_states_dead_interfaces | libevent_free: release ptr-libevent@0x556cec4fa6e8 | free_event_entry: release EVENT_NULL-pe@0x556cec506508 | libevent_free: release ptr-libevent@0x556cec4a0ed8 | free_event_entry: release EVENT_NULL-pe@0x556cec5065b8 | libevent_free: release ptr-libevent@0x556cec4a0f88 | free_event_entry: release EVENT_NULL-pe@0x556cec506668 | libevent_free: release ptr-libevent@0x556cec49feb8 | free_event_entry: release EVENT_NULL-pe@0x556cec506718 | libevent_free: release ptr-libevent@0x556cec4a81c8 | free_event_entry: release EVENT_NULL-pe@0x556cec5067c8 | libevent_free: release ptr-libevent@0x556cec4a8ce8 | free_event_entry: release EVENT_NULL-pe@0x556cec506878 | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations | libevent_free: release ptr-libevent@0x556cec4fa798 | free_event_entry: release EVENT_NULL-pe@0x556cec4ee8b8 | libevent_free: release ptr-libevent@0x556cec4e7398 | free_event_entry: release EVENT_NULL-pe@0x556cec4ee418 | libevent_free: release ptr-libevent@0x556cec4e72e8 | free_event_entry: release EVENT_NULL-pe@0x556cec4a8388 | global timer EVENT_REINIT_SECRET uninitialized | global timer EVENT_SHUNT_SCAN uninitialized | global timer EVENT_PENDING_DDNS uninitialized | global timer EVENT_PENDING_PHASE2 uninitialized | global timer EVENT_CHECK_CRLS uninitialized | global timer EVENT_REVIVE_CONNS uninitialized | global timer EVENT_FREE_ROOT_CERTS uninitialized | global timer EVENT_RESET_LOG_RATE_LIMIT uninitialized | global timer EVENT_NAT_T_KEEPALIVE uninitialized | libevent_free: release ptr-libevent@0x556cec4ac958 | signal event handler PLUTO_SIGCHLD uninstalled | libevent_free: release ptr-libevent@0x556cec421ea8 | signal event handler PLUTO_SIGTERM uninstalled | libevent_free: release ptr-libevent@0x556cec425e78 | signal event handler PLUTO_SIGHUP uninstalled | libevent_free: release ptr-libevent@0x556cec505f28 | signal event handler PLUTO_SIGSYS uninstalled | releasing event base | libevent_free: release ptr-libevent@0x556cec505df8 | libevent_free: release ptr-libevent@0x556cec4e8cd8 | libevent_free: release ptr-libevent@0x556cec4e8c88 | libevent_free: release ptr-libevent@0x556cec52c9a8 | libevent_free: release ptr-libevent@0x556cec4e8c48 | libevent_free: release ptr-libevent@0x556cec505a88 | libevent_free: release ptr-libevent@0x556cec505cf8 | libevent_free: release ptr-libevent@0x556cec4e8e88 | libevent_free: release ptr-libevent@0x556cec4ee488 | libevent_free: release ptr-libevent@0x556cec4ee0e8 | libevent_free: release ptr-libevent@0x556cec5068e8 | libevent_free: release ptr-libevent@0x556cec506838 | libevent_free: release ptr-libevent@0x556cec506788 | libevent_free: release ptr-libevent@0x556cec5066d8 | libevent_free: release ptr-libevent@0x556cec506628 | libevent_free: release ptr-libevent@0x556cec506578 | libevent_free: release ptr-libevent@0x556cec421328 | libevent_free: release ptr-libevent@0x556cec505d78 | libevent_free: release ptr-libevent@0x556cec505d38 | libevent_free: release ptr-libevent@0x556cec505bf8 | libevent_free: release ptr-libevent@0x556cec505db8 | libevent_free: release ptr-libevent@0x556cec505ac8 | libevent_free: release ptr-libevent@0x556cec4ae4e8 | libevent_free: release ptr-libevent@0x556cec4ae468 | libevent_free: release ptr-libevent@0x556cec421698 | releasing global libevent data | libevent_free: release ptr-libevent@0x556cec4ae668 | libevent_free: release ptr-libevent@0x556cec4ae5e8 | libevent_free: release ptr-libevent@0x556cec4ae568 leak detective found no leaks