Aug 26 18:32:52.263093: FIPS Product: YES Aug 26 18:32:52.263137: FIPS Kernel: NO Aug 26 18:32:52.263141: FIPS Mode: NO Aug 26 18:32:52.263144: NSS DB directory: sql:/etc/ipsec.d Aug 26 18:32:52.263303: Initializing NSS Aug 26 18:32:52.263314: Opening NSS database "sql:/etc/ipsec.d" read-only Aug 26 18:32:52.289163: NSS initialized Aug 26 18:32:52.289181: NSS crypto library initialized Aug 26 18:32:52.289197: FIPS HMAC integrity support [enabled] Aug 26 18:32:52.289200: FIPS mode disabled for pluto daemon Aug 26 18:32:52.324246: FIPS HMAC integrity verification self-test FAILED Aug 26 18:32:52.324355: libcap-ng support [enabled] Aug 26 18:32:52.324365: Linux audit support [enabled] Aug 26 18:32:52.324385: Linux audit activated Aug 26 18:32:52.324389: Starting Pluto (Libreswan Version v3.28-685-gbfd5aef521-master-s2 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:18083 Aug 26 18:32:52.324391: core dump dir: /tmp Aug 26 18:32:52.324392: secrets file: /etc/ipsec.secrets Aug 26 18:32:52.324394: leak-detective enabled Aug 26 18:32:52.324395: NSS crypto [enabled] Aug 26 18:32:52.324396: XAUTH PAM support [enabled] Aug 26 18:32:52.324453: | libevent is using pluto's memory allocator Aug 26 18:32:52.324459: Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800) Aug 26 18:32:52.324473: | libevent_malloc: new ptr-libevent@0x55e211505708 size 40 Aug 26 18:32:52.324476: | libevent_malloc: new ptr-libevent@0x55e211505688 size 40 Aug 26 18:32:52.324478: | libevent_malloc: new ptr-libevent@0x55e211505608 size 40 Aug 26 18:32:52.324480: | creating event base Aug 26 18:32:52.324483: | libevent_malloc: new ptr-libevent@0x55e2114f7238 size 56 Aug 26 18:32:52.324486: | libevent_malloc: new ptr-libevent@0x55e211478868 size 664 Aug 26 18:32:52.324495: | libevent_malloc: new ptr-libevent@0x55e21153fd28 size 24 Aug 26 18:32:52.324497: | libevent_malloc: new ptr-libevent@0x55e21153fd78 size 384 Aug 26 18:32:52.324505: | libevent_malloc: new ptr-libevent@0x55e21153fce8 size 16 Aug 26 18:32:52.324506: | libevent_malloc: new ptr-libevent@0x55e211505588 size 40 Aug 26 18:32:52.324508: | libevent_malloc: new ptr-libevent@0x55e211505508 size 48 Aug 26 18:32:52.324512: | libevent_realloc: new ptr-libevent@0x55e2114784f8 size 256 Aug 26 18:32:52.324513: | libevent_malloc: new ptr-libevent@0x55e21153ff28 size 16 Aug 26 18:32:52.324518: | libevent_free: release ptr-libevent@0x55e2114f7238 Aug 26 18:32:52.324520: | libevent initialized Aug 26 18:32:52.324523: | libevent_realloc: new ptr-libevent@0x55e2114f7238 size 64 Aug 26 18:32:52.324525: | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds Aug 26 18:32:52.324536: | init_nat_traversal() initialized with keep_alive=0s Aug 26 18:32:52.324538: NAT-Traversal support [enabled] Aug 26 18:32:52.324539: | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized Aug 26 18:32:52.324544: | global one-shot timer EVENT_FREE_ROOT_CERTS initialized Aug 26 18:32:52.324549: | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds Aug 26 18:32:52.324576: | global one-shot timer EVENT_REVIVE_CONNS initialized Aug 26 18:32:52.324578: | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds Aug 26 18:32:52.324580: | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds Aug 26 18:32:52.324613: Encryption algorithms: Aug 26 18:32:52.324619: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm, aes_ccm_c Aug 26 18:32:52.324622: AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_b Aug 26 18:32:52.324624: AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_a Aug 26 18:32:52.324626: 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] 3des Aug 26 18:32:52.324629: CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128} Aug 26 18:32:52.324637: CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} camellia Aug 26 18:32:52.324639: AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm, aes_gcm_c Aug 26 18:32:52.324642: AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_b Aug 26 18:32:52.324644: AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_a Aug 26 18:32:52.324646: AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aesctr Aug 26 18:32:52.324648: AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aes Aug 26 18:32:52.324651: SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} serpent Aug 26 18:32:52.324653: TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} twofish Aug 26 18:32:52.324655: TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} twofish_cbc_ssh Aug 26 18:32:52.324657: NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_gmac Aug 26 18:32:52.324659: NULL IKEv1: ESP IKEv2: ESP [] Aug 26 18:32:52.324661: CHACHA20_POLY1305 IKEv1: IKEv2: IKE ESP [*256] chacha20poly1305 Aug 26 18:32:52.324666: Hash algorithms: Aug 26 18:32:52.324668: MD5 IKEv1: IKE IKEv2: Aug 26 18:32:52.324670: SHA1 IKEv1: IKE IKEv2: FIPS sha Aug 26 18:32:52.324672: SHA2_256 IKEv1: IKE IKEv2: FIPS sha2, sha256 Aug 26 18:32:52.324674: SHA2_384 IKEv1: IKE IKEv2: FIPS sha384 Aug 26 18:32:52.324676: SHA2_512 IKEv1: IKE IKEv2: FIPS sha512 Aug 26 18:32:52.324685: PRF algorithms: Aug 26 18:32:52.324687: HMAC_MD5 IKEv1: IKE IKEv2: IKE md5 Aug 26 18:32:52.324689: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS sha, sha1 Aug 26 18:32:52.324691: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS sha2, sha256, sha2_256 Aug 26 18:32:52.324693: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS sha384, sha2_384 Aug 26 18:32:52.324695: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS sha512, sha2_512 Aug 26 18:32:52.324697: AES_XCBC IKEv1: IKEv2: IKE aes128_xcbc Aug 26 18:32:52.324713: Integrity algorithms: Aug 26 18:32:52.324715: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH md5, hmac_md5 Aug 26 18:32:52.324718: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha, sha1, sha1_96, hmac_sha1 Aug 26 18:32:52.324720: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha512, sha2_512, sha2_512_256, hmac_sha2_512 Aug 26 18:32:52.324723: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha384, sha2_384, sha2_384_192, hmac_sha2_384 Aug 26 18:32:52.324725: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 Aug 26 18:32:52.324727: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH Aug 26 18:32:52.324729: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH aes_xcbc, aes128_xcbc, aes128_xcbc_96 Aug 26 18:32:52.324731: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac Aug 26 18:32:52.324733: NONE IKEv1: ESP IKEv2: IKE ESP FIPS null Aug 26 18:32:52.324741: DH algorithms: Aug 26 18:32:52.324743: NONE IKEv1: IKEv2: IKE ESP AH FIPS null, dh0 Aug 26 18:32:52.324745: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh5 Aug 26 18:32:52.324747: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh14 Aug 26 18:32:52.324750: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh15 Aug 26 18:32:52.324752: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh16 Aug 26 18:32:52.324754: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh17 Aug 26 18:32:52.324756: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh18 Aug 26 18:32:52.324758: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_256, ecp256 Aug 26 18:32:52.324760: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_384, ecp384 Aug 26 18:32:52.324762: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_521, ecp521 Aug 26 18:32:52.324764: DH31 IKEv1: IKE IKEv2: IKE ESP AH curve25519 Aug 26 18:32:52.324765: testing CAMELLIA_CBC: Aug 26 18:32:52.324768: Camellia: 16 bytes with 128-bit key Aug 26 18:32:52.324859: Camellia: 16 bytes with 128-bit key Aug 26 18:32:52.324881: Camellia: 16 bytes with 256-bit key Aug 26 18:32:52.324901: Camellia: 16 bytes with 256-bit key Aug 26 18:32:52.324918: testing AES_GCM_16: Aug 26 18:32:52.324920: empty string Aug 26 18:32:52.324939: one block Aug 26 18:32:52.324955: two blocks Aug 26 18:32:52.324971: two blocks with associated data Aug 26 18:32:52.324987: testing AES_CTR: Aug 26 18:32:52.324989: Encrypting 16 octets using AES-CTR with 128-bit key Aug 26 18:32:52.325005: Encrypting 32 octets using AES-CTR with 128-bit key Aug 26 18:32:52.325024: Encrypting 36 octets using AES-CTR with 128-bit key Aug 26 18:32:52.325041: Encrypting 16 octets using AES-CTR with 192-bit key Aug 26 18:32:52.325057: Encrypting 32 octets using AES-CTR with 192-bit key Aug 26 18:32:52.325074: Encrypting 36 octets using AES-CTR with 192-bit key Aug 26 18:32:52.325091: Encrypting 16 octets using AES-CTR with 256-bit key Aug 26 18:32:52.325107: Encrypting 32 octets using AES-CTR with 256-bit key Aug 26 18:32:52.325124: Encrypting 36 octets using AES-CTR with 256-bit key Aug 26 18:32:52.325141: testing AES_CBC: Aug 26 18:32:52.325143: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key Aug 26 18:32:52.325159: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key Aug 26 18:32:52.325177: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key Aug 26 18:32:52.325194: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key Aug 26 18:32:52.325214: testing AES_XCBC: Aug 26 18:32:52.325216: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input Aug 26 18:32:52.325296: RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input Aug 26 18:32:52.325378: RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input Aug 26 18:32:52.325455: RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input Aug 26 18:32:52.325533: RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input Aug 26 18:32:52.325609: RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input Aug 26 18:32:52.325687: RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input Aug 26 18:32:52.325866: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) Aug 26 18:32:52.325963: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) Aug 26 18:32:52.326085: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) Aug 26 18:32:52.326299: testing HMAC_MD5: Aug 26 18:32:52.326306: RFC 2104: MD5_HMAC test 1 Aug 26 18:32:52.326456: RFC 2104: MD5_HMAC test 2 Aug 26 18:32:52.326592: RFC 2104: MD5_HMAC test 3 Aug 26 18:32:52.326760: 8 CPU cores online Aug 26 18:32:52.326764: starting up 7 crypto helpers Aug 26 18:32:52.326797: started thread for crypto helper 0 Aug 26 18:32:52.326803: | starting up helper thread 0 Aug 26 18:32:52.326822: | status value returned by setting the priority of this thread (crypto helper 0) 22 Aug 26 18:32:52.326826: | crypto helper 0 waiting (nothing to do) Aug 26 18:32:52.326827: started thread for crypto helper 1 Aug 26 18:32:52.326832: | starting up helper thread 1 Aug 26 18:32:52.326848: | status value returned by setting the priority of this thread (crypto helper 1) 22 Aug 26 18:32:52.326852: | crypto helper 1 waiting (nothing to do) Aug 26 18:32:52.326862: started thread for crypto helper 2 Aug 26 18:32:52.326864: | starting up helper thread 2 Aug 26 18:32:52.326873: | status value returned by setting the priority of this thread (crypto helper 2) 22 Aug 26 18:32:52.326876: | crypto helper 2 waiting (nothing to do) Aug 26 18:32:52.326881: started thread for crypto helper 3 Aug 26 18:32:52.326884: | starting up helper thread 3 Aug 26 18:32:52.326898: | status value returned by setting the priority of this thread (crypto helper 3) 22 Aug 26 18:32:52.326901: | crypto helper 3 waiting (nothing to do) Aug 26 18:32:52.326909: started thread for crypto helper 4 Aug 26 18:32:52.326911: | starting up helper thread 4 Aug 26 18:32:52.326917: | status value returned by setting the priority of this thread (crypto helper 4) 22 Aug 26 18:32:52.326920: | crypto helper 4 waiting (nothing to do) Aug 26 18:32:52.326928: started thread for crypto helper 5 Aug 26 18:32:52.326942: started thread for crypto helper 6 Aug 26 18:32:52.326945: | starting up helper thread 6 Aug 26 18:32:52.326956: | status value returned by setting the priority of this thread (crypto helper 6) 22 Aug 26 18:32:52.326945: | checking IKEv1 state table Aug 26 18:32:52.326949: | starting up helper thread 5 Aug 26 18:32:52.326968: | MAIN_R0: category: half-open IKE SA flags: 0: Aug 26 18:32:52.326960: | crypto helper 6 waiting (nothing to do) Aug 26 18:32:52.326970: | status value returned by setting the priority of this thread (crypto helper 5) 22 Aug 26 18:32:52.326970: | -> MAIN_R1 EVENT_SO_DISCARD Aug 26 18:32:52.326974: | crypto helper 5 waiting (nothing to do) Aug 26 18:32:52.326978: | MAIN_I1: category: half-open IKE SA flags: 0: Aug 26 18:32:52.326985: | -> MAIN_I2 EVENT_RETRANSMIT Aug 26 18:32:52.326986: | MAIN_R1: category: open IKE SA flags: 200: Aug 26 18:32:52.326988: | -> MAIN_R2 EVENT_RETRANSMIT Aug 26 18:32:52.326990: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 18:32:52.326991: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 18:32:52.326993: | MAIN_I2: category: open IKE SA flags: 0: Aug 26 18:32:52.326994: | -> MAIN_I3 EVENT_RETRANSMIT Aug 26 18:32:52.326996: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 18:32:52.326997: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 18:32:52.326999: | MAIN_R2: category: open IKE SA flags: 0: Aug 26 18:32:52.327001: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 18:32:52.327002: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 18:32:52.327003: | -> UNDEFINED EVENT_SA_REPLACE Aug 26 18:32:52.327005: | MAIN_I3: category: open IKE SA flags: 0: Aug 26 18:32:52.327007: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 18:32:52.327008: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 18:32:52.327010: | -> UNDEFINED EVENT_SA_REPLACE Aug 26 18:32:52.327011: | MAIN_R3: category: established IKE SA flags: 200: Aug 26 18:32:52.327013: | -> UNDEFINED EVENT_NULL Aug 26 18:32:52.327015: | MAIN_I4: category: established IKE SA flags: 0: Aug 26 18:32:52.327016: | -> UNDEFINED EVENT_NULL Aug 26 18:32:52.327018: | AGGR_R0: category: half-open IKE SA flags: 0: Aug 26 18:32:52.327019: | -> AGGR_R1 EVENT_SO_DISCARD Aug 26 18:32:52.327021: | AGGR_I1: category: half-open IKE SA flags: 0: Aug 26 18:32:52.327022: | -> AGGR_I2 EVENT_SA_REPLACE Aug 26 18:32:52.327024: | -> AGGR_I2 EVENT_SA_REPLACE Aug 26 18:32:52.327026: | AGGR_R1: category: open IKE SA flags: 200: Aug 26 18:32:52.327027: | -> AGGR_R2 EVENT_SA_REPLACE Aug 26 18:32:52.327029: | -> AGGR_R2 EVENT_SA_REPLACE Aug 26 18:32:52.327030: | AGGR_I2: category: established IKE SA flags: 200: Aug 26 18:32:52.327032: | -> UNDEFINED EVENT_NULL Aug 26 18:32:52.327033: | AGGR_R2: category: established IKE SA flags: 0: Aug 26 18:32:52.327035: | -> UNDEFINED EVENT_NULL Aug 26 18:32:52.327037: | QUICK_R0: category: established CHILD SA flags: 0: Aug 26 18:32:52.327038: | -> QUICK_R1 EVENT_RETRANSMIT Aug 26 18:32:52.327042: | QUICK_I1: category: established CHILD SA flags: 0: Aug 26 18:32:52.327044: | -> QUICK_I2 EVENT_SA_REPLACE Aug 26 18:32:52.327046: | QUICK_R1: category: established CHILD SA flags: 0: Aug 26 18:32:52.327047: | -> QUICK_R2 EVENT_SA_REPLACE Aug 26 18:32:52.327049: | QUICK_I2: category: established CHILD SA flags: 200: Aug 26 18:32:52.327050: | -> UNDEFINED EVENT_NULL Aug 26 18:32:52.327052: | QUICK_R2: category: established CHILD SA flags: 0: Aug 26 18:32:52.327054: | -> UNDEFINED EVENT_NULL Aug 26 18:32:52.327055: | INFO: category: informational flags: 0: Aug 26 18:32:52.327057: | -> UNDEFINED EVENT_NULL Aug 26 18:32:52.327059: | INFO_PROTECTED: category: informational flags: 0: Aug 26 18:32:52.327060: | -> UNDEFINED EVENT_NULL Aug 26 18:32:52.327062: | XAUTH_R0: category: established IKE SA flags: 0: Aug 26 18:32:52.327063: | -> XAUTH_R1 EVENT_NULL Aug 26 18:32:52.327065: | XAUTH_R1: category: established IKE SA flags: 0: Aug 26 18:32:52.327067: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 18:32:52.327070: | MODE_CFG_R0: category: informational flags: 0: Aug 26 18:32:52.327072: | -> MODE_CFG_R1 EVENT_SA_REPLACE Aug 26 18:32:52.327075: | MODE_CFG_R1: category: established IKE SA flags: 0: Aug 26 18:32:52.327077: | -> MODE_CFG_R2 EVENT_SA_REPLACE Aug 26 18:32:52.327080: | MODE_CFG_R2: category: established IKE SA flags: 0: Aug 26 18:32:52.327083: | -> UNDEFINED EVENT_NULL Aug 26 18:32:52.327085: | MODE_CFG_I1: category: established IKE SA flags: 0: Aug 26 18:32:52.327088: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 18:32:52.327090: | XAUTH_I0: category: established IKE SA flags: 0: Aug 26 18:32:52.327093: | -> XAUTH_I1 EVENT_RETRANSMIT Aug 26 18:32:52.327096: | XAUTH_I1: category: established IKE SA flags: 0: Aug 26 18:32:52.327098: | -> MAIN_I4 EVENT_RETRANSMIT Aug 26 18:32:52.327104: | checking IKEv2 state table Aug 26 18:32:52.327111: | PARENT_I0: category: ignore flags: 0: Aug 26 18:32:52.327114: | -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT) Aug 26 18:32:52.327117: | PARENT_I1: category: half-open IKE SA flags: 0: Aug 26 18:32:52.327120: | -> PARENT_I1 EVENT_RETAIN send-request (Initiator: process SA_INIT reply notification) Aug 26 18:32:52.327123: | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH) Aug 26 18:32:52.327126: | PARENT_I2: category: open IKE SA flags: 0: Aug 26 18:32:52.327129: | -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification) Aug 26 18:32:52.327132: | -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification) Aug 26 18:32:52.327135: | -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification) Aug 26 18:32:52.327138: | -> V2_IPSEC_I EVENT_SA_REPLACE (Initiator: process IKE_AUTH response) Aug 26 18:32:52.327140: | -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification) Aug 26 18:32:52.327143: | PARENT_I3: category: established IKE SA flags: 0: Aug 26 18:32:52.327146: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Request) Aug 26 18:32:52.327148: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Response) Aug 26 18:32:52.327151: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Request) Aug 26 18:32:52.327154: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Response) Aug 26 18:32:52.327157: | PARENT_R0: category: half-open IKE SA flags: 0: Aug 26 18:32:52.327159: | -> PARENT_R1 EVENT_SO_DISCARD send-request (Respond to IKE_SA_INIT) Aug 26 18:32:52.327160: | PARENT_R1: category: half-open IKE SA flags: 0: Aug 26 18:32:52.327162: | -> PARENT_R1 EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request (no SKEYSEED)) Aug 26 18:32:52.327164: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request) Aug 26 18:32:52.327166: | PARENT_R2: category: established IKE SA flags: 0: Aug 26 18:32:52.327167: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Request) Aug 26 18:32:52.327171: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Response) Aug 26 18:32:52.327173: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Request) Aug 26 18:32:52.327174: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Response) Aug 26 18:32:52.327176: | V2_CREATE_I0: category: established IKE SA flags: 0: Aug 26 18:32:52.327178: | -> V2_CREATE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA) Aug 26 18:32:52.327180: | V2_CREATE_I: category: established IKE SA flags: 0: Aug 26 18:32:52.327182: | -> V2_IPSEC_I EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response) Aug 26 18:32:52.327183: | V2_REKEY_IKE_I0: category: established IKE SA flags: 0: Aug 26 18:32:52.327185: | -> V2_REKEY_IKE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey) Aug 26 18:32:52.327187: | V2_REKEY_IKE_I: category: established IKE SA flags: 0: Aug 26 18:32:52.327189: | -> PARENT_I3 EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response) Aug 26 18:32:52.327191: | V2_REKEY_CHILD_I0: category: established IKE SA flags: 0: Aug 26 18:32:52.327193: | -> V2_REKEY_CHILD_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA) Aug 26 18:32:52.327195: | V2_REKEY_CHILD_I: category: established IKE SA flags: 0: Aug 26 18:32:52.327196: | V2_CREATE_R: category: established IKE SA flags: 0: Aug 26 18:32:52.327198: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IPsec SA Request) Aug 26 18:32:52.327200: | V2_REKEY_IKE_R: category: established IKE SA flags: 0: Aug 26 18:32:52.327202: | -> PARENT_R2 EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IKE Rekey) Aug 26 18:32:52.327204: | V2_REKEY_CHILD_R: category: established IKE SA flags: 0: Aug 26 18:32:52.327205: | V2_IPSEC_I: category: established CHILD SA flags: 0: Aug 26 18:32:52.327207: | V2_IPSEC_R: category: established CHILD SA flags: 0: Aug 26 18:32:52.327209: | IKESA_DEL: category: established IKE SA flags: 0: Aug 26 18:32:52.327211: | -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) Aug 26 18:32:52.327213: | CHILDSA_DEL: category: informational flags: 0: Aug 26 18:32:52.327222: Using Linux XFRM/NETKEY IPsec interface code on 5.1.18-200.fc29.x86_64 Aug 26 18:32:52.327547: | Hard-wiring algorithms Aug 26 18:32:52.327553: | adding AES_CCM_16 to kernel algorithm db Aug 26 18:32:52.327557: | adding AES_CCM_12 to kernel algorithm db Aug 26 18:32:52.327559: | adding AES_CCM_8 to kernel algorithm db Aug 26 18:32:52.327560: | adding 3DES_CBC to kernel algorithm db Aug 26 18:32:52.327562: | adding CAMELLIA_CBC to kernel algorithm db Aug 26 18:32:52.327564: | adding AES_GCM_16 to kernel algorithm db Aug 26 18:32:52.327565: | adding AES_GCM_12 to kernel algorithm db Aug 26 18:32:52.327567: | adding AES_GCM_8 to kernel algorithm db Aug 26 18:32:52.327568: | adding AES_CTR to kernel algorithm db Aug 26 18:32:52.327570: | adding AES_CBC to kernel algorithm db Aug 26 18:32:52.327572: | adding SERPENT_CBC to kernel algorithm db Aug 26 18:32:52.327574: | adding TWOFISH_CBC to kernel algorithm db Aug 26 18:32:52.327575: | adding NULL_AUTH_AES_GMAC to kernel algorithm db Aug 26 18:32:52.327577: | adding NULL to kernel algorithm db Aug 26 18:32:52.327579: | adding CHACHA20_POLY1305 to kernel algorithm db Aug 26 18:32:52.327581: | adding HMAC_MD5_96 to kernel algorithm db Aug 26 18:32:52.327582: | adding HMAC_SHA1_96 to kernel algorithm db Aug 26 18:32:52.327584: | adding HMAC_SHA2_512_256 to kernel algorithm db Aug 26 18:32:52.327585: | adding HMAC_SHA2_384_192 to kernel algorithm db Aug 26 18:32:52.327587: | adding HMAC_SHA2_256_128 to kernel algorithm db Aug 26 18:32:52.327589: | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db Aug 26 18:32:52.327590: | adding AES_XCBC_96 to kernel algorithm db Aug 26 18:32:52.327592: | adding AES_CMAC_96 to kernel algorithm db Aug 26 18:32:52.327593: | adding NONE to kernel algorithm db Aug 26 18:32:52.327611: | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes Aug 26 18:32:52.327616: | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds Aug 26 18:32:52.327618: | setup kernel fd callback Aug 26 18:32:52.327620: | add_fd_read_event_handler: new KERNEL_XRM_FD-pe@0x55e2114ff428 Aug 26 18:32:52.327622: | libevent_malloc: new ptr-libevent@0x55e21153e388 size 128 Aug 26 18:32:52.327624: | libevent_malloc: new ptr-libevent@0x55e211545528 size 16 Aug 26 18:32:52.327629: | add_fd_read_event_handler: new KERNEL_ROUTE_FD-pe@0x55e2115454b8 Aug 26 18:32:52.327631: | libevent_malloc: new ptr-libevent@0x55e21153e438 size 128 Aug 26 18:32:52.327632: | libevent_malloc: new ptr-libevent@0x55e211545188 size 16 Aug 26 18:32:52.327775: | global one-shot timer EVENT_CHECK_CRLS initialized Aug 26 18:32:52.327781: selinux support is enabled. Aug 26 18:32:52.327954: | unbound context created - setting debug level to 5 Aug 26 18:32:52.327973: | /etc/hosts lookups activated Aug 26 18:32:52.327984: | /etc/resolv.conf usage activated Aug 26 18:32:52.328020: | outgoing-port-avoid set 0-65535 Aug 26 18:32:52.328037: | outgoing-port-permit set 32768-60999 Aug 26 18:32:52.328039: | Loading dnssec root key from:/var/lib/unbound/root.key Aug 26 18:32:52.328041: | No additional dnssec trust anchors defined via dnssec-trusted= option Aug 26 18:32:52.328043: | Setting up events, loop start Aug 26 18:32:52.328045: | add_fd_read_event_handler: new PLUTO_CTL_FD-pe@0x55e211545958 Aug 26 18:32:52.328047: | libevent_malloc: new ptr-libevent@0x55e2115517b8 size 128 Aug 26 18:32:52.328050: | libevent_malloc: new ptr-libevent@0x55e21155ca28 size 16 Aug 26 18:32:52.328054: | libevent_realloc: new ptr-libevent@0x55e21155ca68 size 256 Aug 26 18:32:52.328056: | libevent_malloc: new ptr-libevent@0x55e21155cb98 size 8 Aug 26 18:32:52.328058: | libevent_realloc: new ptr-libevent@0x55e21155cbd8 size 144 Aug 26 18:32:52.328060: | libevent_malloc: new ptr-libevent@0x55e2115039f8 size 152 Aug 26 18:32:52.328063: | libevent_malloc: new ptr-libevent@0x55e21155cc98 size 16 Aug 26 18:32:52.328065: | signal event handler PLUTO_SIGCHLD installed Aug 26 18:32:52.328067: | libevent_malloc: new ptr-libevent@0x55e21155ccd8 size 8 Aug 26 18:32:52.328069: | libevent_malloc: new ptr-libevent@0x55e21147b638 size 152 Aug 26 18:32:52.328071: | signal event handler PLUTO_SIGTERM installed Aug 26 18:32:52.328073: | libevent_malloc: new ptr-libevent@0x55e21155cd18 size 8 Aug 26 18:32:52.328076: | libevent_malloc: new ptr-libevent@0x55e21147ce18 size 152 Aug 26 18:32:52.328078: | signal event handler PLUTO_SIGHUP installed Aug 26 18:32:52.328079: | libevent_malloc: new ptr-libevent@0x55e21155cd58 size 8 Aug 26 18:32:52.328081: | libevent_realloc: release ptr-libevent@0x55e21155cbd8 Aug 26 18:32:52.328083: | libevent_realloc: new ptr-libevent@0x55e21155cd98 size 256 Aug 26 18:32:52.328085: | libevent_malloc: new ptr-libevent@0x55e21155cec8 size 152 Aug 26 18:32:52.328087: | signal event handler PLUTO_SIGSYS installed Aug 26 18:32:52.328349: | created addconn helper (pid:18203) using fork+execve Aug 26 18:32:52.328370: | forked child 18203 Aug 26 18:32:52.328413: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:32:52.328431: listening for IKE messages Aug 26 18:32:52.328462: | Inspecting interface lo Aug 26 18:32:52.328467: | found lo with address 127.0.0.1 Aug 26 18:32:52.328473: | Inspecting interface eth0 Aug 26 18:32:52.328476: | found eth0 with address 192.0.2.254 Aug 26 18:32:52.328479: | Inspecting interface eth1 Aug 26 18:32:52.328482: | found eth1 with address 192.1.2.23 Aug 26 18:32:52.328562: Kernel supports NIC esp-hw-offload Aug 26 18:32:52.328571: adding interface eth1/eth1 (esp-hw-offload not supported by kernel) 192.1.2.23:500 Aug 26 18:32:52.328589: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 18:32:52.328593: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 18:32:52.328595: adding interface eth1/eth1 192.1.2.23:4500 Aug 26 18:32:52.328616: adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.0.2.254:500 Aug 26 18:32:52.328632: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 18:32:52.328635: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 18:32:52.328637: adding interface eth0/eth0 192.0.2.254:4500 Aug 26 18:32:52.328656: adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500 Aug 26 18:32:52.328672: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 18:32:52.328675: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 18:32:52.328677: adding interface lo/lo 127.0.0.1:4500 Aug 26 18:32:52.328726: | no interfaces to sort Aug 26 18:32:52.328730: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Aug 26 18:32:52.328735: | add_fd_read_event_handler: new ethX-pe@0x55e21155d428 Aug 26 18:32:52.328738: | libevent_malloc: new ptr-libevent@0x55e211551708 size 128 Aug 26 18:32:52.328740: | libevent_malloc: new ptr-libevent@0x55e21155d498 size 16 Aug 26 18:32:52.328744: | setup callback for interface lo 127.0.0.1:4500 fd 22 Aug 26 18:32:52.328746: | add_fd_read_event_handler: new ethX-pe@0x55e21155d4d8 Aug 26 18:32:52.328750: | libevent_malloc: new ptr-libevent@0x55e2114f7ee8 size 128 Aug 26 18:32:52.328752: | libevent_malloc: new ptr-libevent@0x55e21155d548 size 16 Aug 26 18:32:52.328755: | setup callback for interface lo 127.0.0.1:500 fd 21 Aug 26 18:32:52.328756: | add_fd_read_event_handler: new ethX-pe@0x55e21155d588 Aug 26 18:32:52.328760: | libevent_malloc: new ptr-libevent@0x55e2114f7f98 size 128 Aug 26 18:32:52.328762: | libevent_malloc: new ptr-libevent@0x55e21155d5f8 size 16 Aug 26 18:32:52.328765: | setup callback for interface eth0 192.0.2.254:4500 fd 20 Aug 26 18:32:52.328766: | add_fd_read_event_handler: new ethX-pe@0x55e21155d638 Aug 26 18:32:52.328770: | libevent_malloc: new ptr-libevent@0x55e2114f6f58 size 128 Aug 26 18:32:52.328772: | libevent_malloc: new ptr-libevent@0x55e21155d6a8 size 16 Aug 26 18:32:52.328775: | setup callback for interface eth0 192.0.2.254:500 fd 19 Aug 26 18:32:52.328777: | add_fd_read_event_handler: new ethX-pe@0x55e21155d6e8 Aug 26 18:32:52.328780: | libevent_malloc: new ptr-libevent@0x55e2114ff268 size 128 Aug 26 18:32:52.328782: | libevent_malloc: new ptr-libevent@0x55e21155d758 size 16 Aug 26 18:32:52.328785: | setup callback for interface eth1 192.1.2.23:4500 fd 18 Aug 26 18:32:52.328787: | add_fd_read_event_handler: new ethX-pe@0x55e21155d798 Aug 26 18:32:52.328788: | libevent_malloc: new ptr-libevent@0x55e2114ffd88 size 128 Aug 26 18:32:52.328790: | libevent_malloc: new ptr-libevent@0x55e21155d808 size 16 Aug 26 18:32:52.328793: | setup callback for interface eth1 192.1.2.23:500 fd 17 Aug 26 18:32:52.328797: | certs and keys locked by 'free_preshared_secrets' Aug 26 18:32:52.328799: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 18:32:52.328812: loading secrets from "/etc/ipsec.secrets" Aug 26 18:32:52.328823: | saving Modulus Aug 26 18:32:52.328826: | saving PublicExponent Aug 26 18:32:52.328828: | ignoring PrivateExponent Aug 26 18:32:52.328830: | ignoring Prime1 Aug 26 18:32:52.328832: | ignoring Prime2 Aug 26 18:32:52.328834: | ignoring Exponent1 Aug 26 18:32:52.328836: | ignoring Exponent2 Aug 26 18:32:52.328838: | ignoring Coefficient Aug 26 18:32:52.328840: | ignoring CKAIDNSS Aug 26 18:32:52.328870: | computed rsa CKAID 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Aug 26 18:32:52.328873: | computed rsa CKAID 8a 82 25 f1 Aug 26 18:32:52.328875: loaded private key for keyid: PKK_RSA:AQO9bJbr3 Aug 26 18:32:52.328880: | certs and keys locked by 'process_secret' Aug 26 18:32:52.328884: | certs and keys unlocked by 'process_secret' Aug 26 18:32:52.328891: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:32:52.328897: | spent 0.493 milliseconds in whack Aug 26 18:32:52.362199: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:32:52.362217: listening for IKE messages Aug 26 18:32:52.362250: | Inspecting interface lo Aug 26 18:32:52.362255: | found lo with address 127.0.0.1 Aug 26 18:32:52.362257: | Inspecting interface eth0 Aug 26 18:32:52.362260: | found eth0 with address 192.0.2.254 Aug 26 18:32:52.362262: | Inspecting interface eth1 Aug 26 18:32:52.362264: | found eth1 with address 192.1.2.23 Aug 26 18:32:52.362324: | no interfaces to sort Aug 26 18:32:52.362332: | libevent_free: release ptr-libevent@0x55e211551708 Aug 26 18:32:52.362335: | free_event_entry: release EVENT_NULL-pe@0x55e21155d428 Aug 26 18:32:52.362337: | add_fd_read_event_handler: new ethX-pe@0x55e21155d428 Aug 26 18:32:52.362339: | libevent_malloc: new ptr-libevent@0x55e211551708 size 128 Aug 26 18:32:52.362344: | setup callback for interface lo 127.0.0.1:4500 fd 22 Aug 26 18:32:52.362346: | libevent_free: release ptr-libevent@0x55e2114f7ee8 Aug 26 18:32:52.362348: | free_event_entry: release EVENT_NULL-pe@0x55e21155d4d8 Aug 26 18:32:52.362350: | add_fd_read_event_handler: new ethX-pe@0x55e21155d4d8 Aug 26 18:32:52.362352: | libevent_malloc: new ptr-libevent@0x55e2114f7ee8 size 128 Aug 26 18:32:52.362355: | setup callback for interface lo 127.0.0.1:500 fd 21 Aug 26 18:32:52.362357: | libevent_free: release ptr-libevent@0x55e2114f7f98 Aug 26 18:32:52.362359: | free_event_entry: release EVENT_NULL-pe@0x55e21155d588 Aug 26 18:32:52.362361: | add_fd_read_event_handler: new ethX-pe@0x55e21155d588 Aug 26 18:32:52.362362: | libevent_malloc: new ptr-libevent@0x55e2114f7f98 size 128 Aug 26 18:32:52.362365: | setup callback for interface eth0 192.0.2.254:4500 fd 20 Aug 26 18:32:52.362368: | libevent_free: release ptr-libevent@0x55e2114f6f58 Aug 26 18:32:52.362370: | free_event_entry: release EVENT_NULL-pe@0x55e21155d638 Aug 26 18:32:52.362371: | add_fd_read_event_handler: new ethX-pe@0x55e21155d638 Aug 26 18:32:52.362373: | libevent_malloc: new ptr-libevent@0x55e2114f6f58 size 128 Aug 26 18:32:52.362376: | setup callback for interface eth0 192.0.2.254:500 fd 19 Aug 26 18:32:52.362379: | libevent_free: release ptr-libevent@0x55e2114ff268 Aug 26 18:32:52.362380: | free_event_entry: release EVENT_NULL-pe@0x55e21155d6e8 Aug 26 18:32:52.362382: | add_fd_read_event_handler: new ethX-pe@0x55e21155d6e8 Aug 26 18:32:52.362384: | libevent_malloc: new ptr-libevent@0x55e2114ff268 size 128 Aug 26 18:32:52.362387: | setup callback for interface eth1 192.1.2.23:4500 fd 18 Aug 26 18:32:52.362389: | libevent_free: release ptr-libevent@0x55e2114ffd88 Aug 26 18:32:52.362391: | free_event_entry: release EVENT_NULL-pe@0x55e21155d798 Aug 26 18:32:52.362393: | add_fd_read_event_handler: new ethX-pe@0x55e21155d798 Aug 26 18:32:52.362394: | libevent_malloc: new ptr-libevent@0x55e2114ffd88 size 128 Aug 26 18:32:52.362397: | setup callback for interface eth1 192.1.2.23:500 fd 17 Aug 26 18:32:52.362400: | certs and keys locked by 'free_preshared_secrets' Aug 26 18:32:52.362401: forgetting secrets Aug 26 18:32:52.362408: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 18:32:52.362419: loading secrets from "/etc/ipsec.secrets" Aug 26 18:32:52.362429: | saving Modulus Aug 26 18:32:52.362431: | saving PublicExponent Aug 26 18:32:52.362433: | ignoring PrivateExponent Aug 26 18:32:52.362435: | ignoring Prime1 Aug 26 18:32:52.362437: | ignoring Prime2 Aug 26 18:32:52.362439: | ignoring Exponent1 Aug 26 18:32:52.362441: | ignoring Exponent2 Aug 26 18:32:52.362443: | ignoring Coefficient Aug 26 18:32:52.362445: | ignoring CKAIDNSS Aug 26 18:32:52.362460: | computed rsa CKAID 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Aug 26 18:32:52.362462: | computed rsa CKAID 8a 82 25 f1 Aug 26 18:32:52.362465: loaded private key for keyid: PKK_RSA:AQO9bJbr3 Aug 26 18:32:52.362469: | certs and keys locked by 'process_secret' Aug 26 18:32:52.362471: | certs and keys unlocked by 'process_secret' Aug 26 18:32:52.362478: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:32:52.362482: | spent 0.288 milliseconds in whack Aug 26 18:32:52.363003: | processing signal PLUTO_SIGCHLD Aug 26 18:32:52.363017: | waitpid returned pid 18203 (exited with status 0) Aug 26 18:32:52.363024: | reaped addconn helper child (status 0) Aug 26 18:32:52.363030: | waitpid returned ECHILD (no child processes left) Aug 26 18:32:52.363035: | spent 0.0231 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 18:32:52.416701: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:32:52.416722: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 18:32:52.416726: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 18:32:52.416729: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 18:32:52.416732: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 18:32:52.416736: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 18:32:52.416743: | Added new connection northnet-eastnets/0x1 with policy ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 18:32:52.416747: | No AUTH policy was set - defaulting to RSASIG Aug 26 18:32:52.417786: | setting ID to ID_DER_ASN1_DN: 'E=user-north@testing.libreswan.org,CN=north.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' Aug 26 18:32:52.417806: | loading left certificate 'north' pubkey Aug 26 18:32:52.417906: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55e211563058 Aug 26 18:32:52.417912: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55e211563158 Aug 26 18:32:52.417915: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55e211563b68 Aug 26 18:32:52.418043: | unreference key: 0x55e21144bc48 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org cnt 1-- Aug 26 18:32:52.418173: | warning: no secret key loaded for left certificate with nickname north: NSS: cert private key not found Aug 26 18:32:52.418184: | counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org is 0 Aug 26 18:32:52.418495: | setting ID to ID_DER_ASN1_DN: 'E=user-east@testing.libreswan.org,CN=east.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' Aug 26 18:32:52.418505: | loading right certificate 'east' pubkey Aug 26 18:32:52.418584: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55e211563158 Aug 26 18:32:52.418589: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55e211563b68 Aug 26 18:32:52.418592: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55e2115639f8 Aug 26 18:32:52.418595: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55e211563a68 Aug 26 18:32:52.418597: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55e21155f538 Aug 26 18:32:52.418795: | unreference key: 0x55e211567d68 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org cnt 1-- Aug 26 18:32:52.418959: | certs and keys locked by 'lsw_add_rsa_secret' Aug 26 18:32:52.418964: | certs and keys unlocked by 'lsw_add_rsa_secret' Aug 26 18:32:52.418972: | counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org is 0 Aug 26 18:32:52.418983: | connect_to_host_pair: 192.1.2.23:500 192.1.3.33:500 -> hp@(nil): none Aug 26 18:32:52.418986: | new hp@0x55e21156a6a8 Aug 26 18:32:52.418992: added connection description "northnet-eastnets/0x1" Aug 26 18:32:52.419004: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 18:32:52.419023: | 192.0.2.0/24===192.1.2.23<192.1.2.23>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org]---192.1.2.254...192.1.3.33<192.1.3.33>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org]===192.0.3.0/24 Aug 26 18:32:52.419032: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:32:52.419041: | spent 2.33 milliseconds in whack Aug 26 18:32:52.419078: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:32:52.419088: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 18:32:52.419091: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 18:32:52.419094: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 18:32:52.419096: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 18:32:52.419100: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 18:32:52.419105: | Added new connection northnet-eastnets/0x2 with policy ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 18:32:52.419108: | No AUTH policy was set - defaulting to RSASIG Aug 26 18:32:52.419192: | setting ID to ID_DER_ASN1_DN: 'E=user-north@testing.libreswan.org,CN=north.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' Aug 26 18:32:52.419198: | loading left certificate 'north' pubkey Aug 26 18:32:52.419248: | unreference key: 0x55e211563fd8 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org cnt 1-- Aug 26 18:32:52.419261: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55e211568a78 Aug 26 18:32:52.419264: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55e211569368 Aug 26 18:32:52.419267: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55e211563b68 Aug 26 18:32:52.419317: | unreference key: 0x55e211562bc8 @north.testing.libreswan.org cnt 1-- Aug 26 18:32:52.419365: | unreference key: 0x55e211563e08 user-north@testing.libreswan.org cnt 1-- Aug 26 18:32:52.419411: | unreference key: 0x55e211568cc8 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org cnt 1-- Aug 26 18:32:52.419515: | warning: no secret key loaded for left certificate with nickname north: NSS: cert private key not found Aug 26 18:32:52.419525: | counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org is 0 Aug 26 18:32:52.419601: | setting ID to ID_DER_ASN1_DN: 'E=user-east@testing.libreswan.org,CN=east.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' Aug 26 18:32:52.419606: | loading right certificate 'east' pubkey Aug 26 18:32:52.419653: | unreference key: 0x55e21156a328 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org cnt 1-- Aug 26 18:32:52.419665: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55e211563b68 Aug 26 18:32:52.419668: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55e211568db8 Aug 26 18:32:52.419671: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55e211568838 Aug 26 18:32:52.419674: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55e211569148 Aug 26 18:32:52.419676: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55e2115690f8 Aug 26 18:32:52.419722: | unreference key: 0x55e211569198 192.1.2.23 cnt 1-- Aug 26 18:32:52.419768: | unreference key: 0x55e2115696a8 east@testing.libreswan.org cnt 1-- Aug 26 18:32:52.419813: | unreference key: 0x55e211569908 @east.testing.libreswan.org cnt 1-- Aug 26 18:32:52.419860: | unreference key: 0x55e21156a028 user-east@testing.libreswan.org cnt 1-- Aug 26 18:32:52.419907: | unreference key: 0x55e211568ee8 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org cnt 1-- Aug 26 18:32:52.419952: | secrets entry for east already exists Aug 26 18:32:52.419962: | counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org is 0 Aug 26 18:32:52.419969: | find_host_pair: comparing 192.1.2.23:500 to 192.1.3.33:500 but ignoring ports Aug 26 18:32:52.419975: | connect_to_host_pair: 192.1.2.23:500 192.1.3.33:500 -> hp@0x55e21156a6a8: northnet-eastnets/0x1 Aug 26 18:32:52.419981: added connection description "northnet-eastnets/0x2" Aug 26 18:32:52.419992: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 18:32:52.420009: | 192.0.22.0/24===192.1.2.23<192.1.2.23>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org]---192.1.2.254...192.1.3.33<192.1.3.33>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org]===192.0.3.0/24 Aug 26 18:32:52.420016: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:32:52.420022: | spent 0.944 milliseconds in whack Aug 26 18:32:52.481047: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:32:52.481287: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 18:32:52.481301: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 18:32:52.481468: | FOR_EACH_STATE_... in show_states_status (sort_states) Aug 26 18:32:52.481492: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:32:52.481500: | spent 0.473 milliseconds in whack Aug 26 18:32:54.310937: | spent 0.0027 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:32:54.310976: | *received 792 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) Aug 26 18:32:54.310979: | b4 b9 92 b1 8c d6 51 ed 00 00 00 00 00 00 00 00 Aug 26 18:32:54.310980: | 01 10 02 00 00 00 00 00 00 00 03 18 0d 00 02 84 Aug 26 18:32:54.310982: | 00 00 00 01 00 00 00 01 00 00 02 78 00 01 00 12 Aug 26 18:32:54.310983: | 03 00 00 24 00 01 00 00 80 0b 00 01 80 0c 0e 10 Aug 26 18:32:54.310985: | 80 01 00 07 80 02 00 04 80 03 00 03 80 04 00 0e Aug 26 18:32:54.310986: | 80 0e 01 00 03 00 00 24 01 01 00 00 80 0b 00 01 Aug 26 18:32:54.310988: | 80 0c 0e 10 80 01 00 07 80 02 00 04 80 03 00 03 Aug 26 18:32:54.310989: | 80 04 00 0e 80 0e 00 80 03 00 00 24 02 01 00 00 Aug 26 18:32:54.310990: | 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 06 Aug 26 18:32:54.310992: | 80 03 00 03 80 04 00 0e 80 0e 01 00 03 00 00 24 Aug 26 18:32:54.310993: | 03 01 00 00 80 0b 00 01 80 0c 0e 10 80 01 00 07 Aug 26 18:32:54.310995: | 80 02 00 06 80 03 00 03 80 04 00 0e 80 0e 00 80 Aug 26 18:32:54.310996: | 03 00 00 24 04 01 00 00 80 0b 00 01 80 0c 0e 10 Aug 26 18:32:54.310998: | 80 01 00 07 80 02 00 02 80 03 00 03 80 04 00 0e Aug 26 18:32:54.310999: | 80 0e 01 00 03 00 00 24 05 01 00 00 80 0b 00 01 Aug 26 18:32:54.311001: | 80 0c 0e 10 80 01 00 07 80 02 00 02 80 03 00 03 Aug 26 18:32:54.311002: | 80 04 00 0e 80 0e 00 80 03 00 00 24 06 01 00 00 Aug 26 18:32:54.311003: | 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 04 Aug 26 18:32:54.311005: | 80 03 00 03 80 04 00 05 80 0e 01 00 03 00 00 24 Aug 26 18:32:54.311006: | 07 01 00 00 80 0b 00 01 80 0c 0e 10 80 01 00 07 Aug 26 18:32:54.311008: | 80 02 00 04 80 03 00 03 80 04 00 05 80 0e 00 80 Aug 26 18:32:54.311009: | 03 00 00 24 08 01 00 00 80 0b 00 01 80 0c 0e 10 Aug 26 18:32:54.311011: | 80 01 00 07 80 02 00 06 80 03 00 03 80 04 00 05 Aug 26 18:32:54.311012: | 80 0e 01 00 03 00 00 24 09 01 00 00 80 0b 00 01 Aug 26 18:32:54.311014: | 80 0c 0e 10 80 01 00 07 80 02 00 06 80 03 00 03 Aug 26 18:32:54.311015: | 80 04 00 05 80 0e 00 80 03 00 00 24 0a 01 00 00 Aug 26 18:32:54.311017: | 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 02 Aug 26 18:32:54.311018: | 80 03 00 03 80 04 00 05 80 0e 01 00 03 00 00 24 Aug 26 18:32:54.311019: | 0b 01 00 00 80 0b 00 01 80 0c 0e 10 80 01 00 07 Aug 26 18:32:54.311021: | 80 02 00 02 80 03 00 03 80 04 00 05 80 0e 00 80 Aug 26 18:32:54.311022: | 03 00 00 20 0c 01 00 00 80 0b 00 01 80 0c 0e 10 Aug 26 18:32:54.311024: | 80 01 00 05 80 02 00 04 80 03 00 03 80 04 00 0e Aug 26 18:32:54.311025: | 03 00 00 20 0d 01 00 00 80 0b 00 01 80 0c 0e 10 Aug 26 18:32:54.311029: | 80 01 00 05 80 02 00 06 80 03 00 03 80 04 00 0e Aug 26 18:32:54.311031: | 03 00 00 20 0e 01 00 00 80 0b 00 01 80 0c 0e 10 Aug 26 18:32:54.311032: | 80 01 00 05 80 02 00 02 80 03 00 03 80 04 00 0e Aug 26 18:32:54.311033: | 03 00 00 20 0f 01 00 00 80 0b 00 01 80 0c 0e 10 Aug 26 18:32:54.311035: | 80 01 00 05 80 02 00 04 80 03 00 03 80 04 00 05 Aug 26 18:32:54.311036: | 03 00 00 20 10 01 00 00 80 0b 00 01 80 0c 0e 10 Aug 26 18:32:54.311038: | 80 01 00 05 80 02 00 06 80 03 00 03 80 04 00 05 Aug 26 18:32:54.311039: | 00 00 00 20 11 01 00 00 80 0b 00 01 80 0c 0e 10 Aug 26 18:32:54.311041: | 80 01 00 05 80 02 00 02 80 03 00 03 80 04 00 05 Aug 26 18:32:54.311042: | 0d 00 00 14 40 48 b7 d5 6e bc e8 85 25 e7 de 7f Aug 26 18:32:54.311044: | 00 d6 c2 d3 0d 00 00 14 af ca d7 13 68 a1 f1 c9 Aug 26 18:32:54.311045: | 6b 86 96 fc 77 57 01 00 0d 00 00 14 4a 13 1c 81 Aug 26 18:32:54.311047: | 07 03 58 45 5c 57 28 f2 0e 95 45 2f 0d 00 00 14 Aug 26 18:32:54.311048: | 7d 94 19 a6 53 10 ca 6f 2c 17 9d 92 15 52 9d 56 Aug 26 18:32:54.311049: | 0d 00 00 14 90 cb 80 91 3e bb 69 6e 08 63 81 b5 Aug 26 18:32:54.311051: | ec 42 7b 1f 00 00 00 14 cd 60 46 43 35 df 21 f8 Aug 26 18:32:54.311052: | 7c fd b2 fc 68 b6 a4 48 Aug 26 18:32:54.311057: | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) Aug 26 18:32:54.311060: | **parse ISAKMP Message: Aug 26 18:32:54.311062: | initiator cookie: Aug 26 18:32:54.311063: | b4 b9 92 b1 8c d6 51 ed Aug 26 18:32:54.311065: | responder cookie: Aug 26 18:32:54.311066: | 00 00 00 00 00 00 00 00 Aug 26 18:32:54.311068: | next payload type: ISAKMP_NEXT_SA (0x1) Aug 26 18:32:54.311070: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 18:32:54.311071: | exchange type: ISAKMP_XCHG_IDPROT (0x2) Aug 26 18:32:54.311073: | flags: none (0x0) Aug 26 18:32:54.311075: | Message ID: 0 (0x0) Aug 26 18:32:54.311076: | length: 792 (0x318) Aug 26 18:32:54.311078: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) Aug 26 18:32:54.311081: | State DB: IKEv1 state not found (find_state_ikev1_init) Aug 26 18:32:54.311082: | #null state always idle Aug 26 18:32:54.311085: | got payload 0x2 (ISAKMP_NEXT_SA) needed: 0x2 opt: 0x2080 Aug 26 18:32:54.311087: | ***parse ISAKMP Security Association Payload: Aug 26 18:32:54.311089: | next payload type: ISAKMP_NEXT_VID (0xd) Aug 26 18:32:54.311090: | length: 644 (0x284) Aug 26 18:32:54.311092: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 18:32:54.311094: | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 Aug 26 18:32:54.311095: | ***parse ISAKMP Vendor ID Payload: Aug 26 18:32:54.311097: | next payload type: ISAKMP_NEXT_VID (0xd) Aug 26 18:32:54.311099: | length: 20 (0x14) Aug 26 18:32:54.311100: | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 Aug 26 18:32:54.311102: | ***parse ISAKMP Vendor ID Payload: Aug 26 18:32:54.311103: | next payload type: ISAKMP_NEXT_VID (0xd) Aug 26 18:32:54.311105: | length: 20 (0x14) Aug 26 18:32:54.311106: | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 Aug 26 18:32:54.311108: | ***parse ISAKMP Vendor ID Payload: Aug 26 18:32:54.311109: | next payload type: ISAKMP_NEXT_VID (0xd) Aug 26 18:32:54.311111: | length: 20 (0x14) Aug 26 18:32:54.311112: | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 Aug 26 18:32:54.311114: | ***parse ISAKMP Vendor ID Payload: Aug 26 18:32:54.311115: | next payload type: ISAKMP_NEXT_VID (0xd) Aug 26 18:32:54.311117: | length: 20 (0x14) Aug 26 18:32:54.311118: | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 Aug 26 18:32:54.311120: | ***parse ISAKMP Vendor ID Payload: Aug 26 18:32:54.311121: | next payload type: ISAKMP_NEXT_VID (0xd) Aug 26 18:32:54.311123: | length: 20 (0x14) Aug 26 18:32:54.311124: | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 Aug 26 18:32:54.311126: | ***parse ISAKMP Vendor ID Payload: Aug 26 18:32:54.311129: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:32:54.311130: | length: 20 (0x14) Aug 26 18:32:54.311132: | message 'main_inI1_outR1' HASH payload not checked early Aug 26 18:32:54.311136: | received Vendor ID payload [FRAGMENTATION] Aug 26 18:32:54.311138: | received Vendor ID payload [Dead Peer Detection] Aug 26 18:32:54.311140: | quirks.qnat_traversal_vid set to=117 [RFC 3947] Aug 26 18:32:54.311142: | received Vendor ID payload [RFC 3947] Aug 26 18:32:54.311144: | Ignoring older NAT-T Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] Aug 26 18:32:54.311145: | ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] Aug 26 18:32:54.311147: | Ignoring older NAT-T Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] Aug 26 18:32:54.311149: | ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] Aug 26 18:32:54.311151: | Ignoring older NAT-T Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] Aug 26 18:32:54.311152: | ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] Aug 26 18:32:54.311154: | in statetime_start() with no state Aug 26 18:32:54.311158: | find_host_connection local=192.1.2.23:500 remote=192.1.3.33:500 policy=IKEV1_ALLOW but ignoring ports Aug 26 18:32:54.311161: | find_host_pair: comparing 192.1.2.23:500 to 192.1.3.33:500 but ignoring ports Aug 26 18:32:54.311163: | find_next_host_connection policy=IKEV1_ALLOW Aug 26 18:32:54.311166: | found policy = RSASIG+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (northnet-eastnets/0x2) Aug 26 18:32:54.311168: | find_next_host_connection returns northnet-eastnets/0x2 Aug 26 18:32:54.311169: | find_next_host_connection policy=IKEV1_ALLOW Aug 26 18:32:54.311171: | found policy = RSASIG+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (northnet-eastnets/0x1) Aug 26 18:32:54.311173: | find_next_host_connection returns northnet-eastnets/0x1 Aug 26 18:32:54.311174: | find_next_host_connection policy=IKEV1_ALLOW Aug 26 18:32:54.311176: | find_next_host_connection returns empty Aug 26 18:32:54.311192: | creating state object #1 at 0x55e21156c7c8 Aug 26 18:32:54.311194: | State DB: adding IKEv1 state #1 in UNDEFINED Aug 26 18:32:54.311199: | pstats #1 ikev1.isakmp started Aug 26 18:32:54.311202: | #1 updating local interface from to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2669) Aug 26 18:32:54.311206: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in main_inI1_outR1() at ikev1_main.c:667) Aug 26 18:32:54.311208: | parent state #1: UNDEFINED(ignore) => MAIN_R0(half-open IKE SA) Aug 26 18:32:54.311210: | sender checking NAT-T: enabled; VID 117 Aug 26 18:32:54.311212: | returning NAT-T method NAT_TRAVERSAL_METHOD_IETF_RFC Aug 26 18:32:54.311213: | enabling possible NAT-traversal with method RFC 3947 (NAT-Traversal) Aug 26 18:32:54.311215: "northnet-eastnets/0x2" #1: responding to Main Mode Aug 26 18:32:54.311236: | **emit ISAKMP Message: Aug 26 18:32:54.311238: | initiator cookie: Aug 26 18:32:54.311240: | b4 b9 92 b1 8c d6 51 ed Aug 26 18:32:54.311241: | responder cookie: Aug 26 18:32:54.311243: | 11 de db 08 7f 65 6e 7d Aug 26 18:32:54.311244: | next payload type: ISAKMP_NEXT_SA (0x1) Aug 26 18:32:54.311246: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 18:32:54.311248: | exchange type: ISAKMP_XCHG_IDPROT (0x2) Aug 26 18:32:54.311249: | flags: none (0x0) Aug 26 18:32:54.311251: | Message ID: 0 (0x0) Aug 26 18:32:54.311253: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:32:54.311254: | next payload chain: ignoring supplied 'ISAKMP Message'.'next payload type' value 1:ISAKMP_NEXT_SA Aug 26 18:32:54.311256: | ***emit ISAKMP Security Association Payload: Aug 26 18:32:54.311258: | next payload type: ISAKMP_NEXT_VID (0xd) Aug 26 18:32:54.311259: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 18:32:54.311261: | next payload chain: ignoring supplied 'ISAKMP Security Association Payload'.'next payload type' value 13:ISAKMP_NEXT_VID Aug 26 18:32:54.311265: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Security Association Payload (1:ISAKMP_NEXT_SA) Aug 26 18:32:54.311267: | next payload chain: saving location 'ISAKMP Security Association Payload'.'next payload type' in 'reply packet' Aug 26 18:32:54.311269: | ****parse IPsec DOI SIT: Aug 26 18:32:54.311271: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) Aug 26 18:32:54.311272: | ****parse ISAKMP Proposal Payload: Aug 26 18:32:54.311274: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:32:54.311276: | length: 632 (0x278) Aug 26 18:32:54.311277: | proposal number: 0 (0x0) Aug 26 18:32:54.311279: | protocol ID: PROTO_ISAKMP (0x1) Aug 26 18:32:54.311280: | SPI size: 0 (0x0) Aug 26 18:32:54.311282: | number of transforms: 18 (0x12) Aug 26 18:32:54.311284: | *****parse ISAKMP Transform Payload (ISAKMP): Aug 26 18:32:54.311285: | next payload type: ISAKMP_NEXT_T (0x3) Aug 26 18:32:54.311287: | length: 36 (0x24) Aug 26 18:32:54.311292: | ISAKMP transform number: 0 (0x0) Aug 26 18:32:54.311308: | ISAKMP transform ID: KEY_IKE (0x1) Aug 26 18:32:54.311310: | ******parse ISAKMP Oakley attribute: Aug 26 18:32:54.311312: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Aug 26 18:32:54.311313: | length/value: 1 (0x1) Aug 26 18:32:54.311315: | [1 is OAKLEY_LIFE_SECONDS] Aug 26 18:32:54.311317: | ******parse ISAKMP Oakley attribute: Aug 26 18:32:54.311319: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Aug 26 18:32:54.311320: | length/value: 3600 (0xe10) Aug 26 18:32:54.311322: | ******parse ISAKMP Oakley attribute: Aug 26 18:32:54.311324: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Aug 26 18:32:54.311325: | length/value: 7 (0x7) Aug 26 18:32:54.311327: | [7 is OAKLEY_AES_CBC] Aug 26 18:32:54.311342: | ******parse ISAKMP Oakley attribute: Aug 26 18:32:54.311343: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Aug 26 18:32:54.311345: | length/value: 4 (0x4) Aug 26 18:32:54.311346: | [4 is OAKLEY_SHA2_256] Aug 26 18:32:54.311348: | ******parse ISAKMP Oakley attribute: Aug 26 18:32:54.311350: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Aug 26 18:32:54.311351: | length/value: 3 (0x3) Aug 26 18:32:54.311353: | [3 is OAKLEY_RSA_SIG] Aug 26 18:32:54.311354: | ******parse ISAKMP Oakley attribute: Aug 26 18:32:54.311356: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Aug 26 18:32:54.311357: | length/value: 14 (0xe) Aug 26 18:32:54.311359: | [14 is OAKLEY_GROUP_MODP2048] Aug 26 18:32:54.311361: | ******parse ISAKMP Oakley attribute: Aug 26 18:32:54.311362: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) Aug 26 18:32:54.311364: | length/value: 256 (0x100) Aug 26 18:32:54.311365: | OAKLEY proposal verified unconditionally; no alg_info to check against Aug 26 18:32:54.311367: | Oakley Transform 0 accepted Aug 26 18:32:54.311369: | ****emit IPsec DOI SIT: Aug 26 18:32:54.311370: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) Aug 26 18:32:54.311372: | ****emit ISAKMP Proposal Payload: Aug 26 18:32:54.311374: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:32:54.311375: | proposal number: 0 (0x0) Aug 26 18:32:54.311377: | protocol ID: PROTO_ISAKMP (0x1) Aug 26 18:32:54.311378: | SPI size: 0 (0x0) Aug 26 18:32:54.311380: | number of transforms: 1 (0x1) Aug 26 18:32:54.311382: | last substructure: saving location 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' Aug 26 18:32:54.311383: | *****emit ISAKMP Transform Payload (ISAKMP): Aug 26 18:32:54.311385: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:32:54.311386: | ISAKMP transform number: 0 (0x0) Aug 26 18:32:54.311388: | ISAKMP transform ID: KEY_IKE (0x1) Aug 26 18:32:54.311390: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Aug 26 18:32:54.311392: | emitting 28 raw bytes of attributes into ISAKMP Transform Payload (ISAKMP) Aug 26 18:32:54.311394: | attributes 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 04 Aug 26 18:32:54.311396: | attributes 80 03 00 03 80 04 00 0e 80 0e 01 00 Aug 26 18:32:54.311398: | emitting length of ISAKMP Transform Payload (ISAKMP): 36 Aug 26 18:32:54.311400: | emitting length of ISAKMP Proposal Payload: 44 Aug 26 18:32:54.311402: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is 0 Aug 26 18:32:54.311403: | emitting length of ISAKMP Security Association Payload: 56 Aug 26 18:32:54.311405: | last substructure: checking 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' is 0 Aug 26 18:32:54.311407: | out_vid(): sending [FRAGMENTATION] Aug 26 18:32:54.311408: | ***emit ISAKMP Vendor ID Payload: Aug 26 18:32:54.311410: | next payload type: ISAKMP_NEXT_VID (0xd) Aug 26 18:32:54.311412: | next payload chain: ignoring supplied 'ISAKMP Vendor ID Payload'.'next payload type' value 13:ISAKMP_NEXT_VID Aug 26 18:32:54.311414: | next payload chain: setting previous 'ISAKMP Security Association Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) Aug 26 18:32:54.311416: | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' Aug 26 18:32:54.311417: | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload Aug 26 18:32:54.311419: | V_ID 40 48 b7 d5 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3 Aug 26 18:32:54.311421: | emitting length of ISAKMP Vendor ID Payload: 20 Aug 26 18:32:54.311422: | out_vid(): sending [Dead Peer Detection] Aug 26 18:32:54.311424: | ***emit ISAKMP Vendor ID Payload: Aug 26 18:32:54.311425: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:32:54.311427: | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) Aug 26 18:32:54.311429: | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' Aug 26 18:32:54.311431: | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload Aug 26 18:32:54.311432: | V_ID af ca d7 13 68 a1 f1 c9 6b 86 96 fc 77 57 01 00 Aug 26 18:32:54.311434: | emitting length of ISAKMP Vendor ID Payload: 20 Aug 26 18:32:54.311435: | out_vid(): sending [RFC 3947] Aug 26 18:32:54.311437: | ***emit ISAKMP Vendor ID Payload: Aug 26 18:32:54.311438: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:32:54.311440: | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) Aug 26 18:32:54.311442: | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' Aug 26 18:32:54.311443: | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload Aug 26 18:32:54.311445: | V_ID 4a 13 1c 81 07 03 58 45 5c 57 28 f2 0e 95 45 2f Aug 26 18:32:54.311446: | emitting length of ISAKMP Vendor ID Payload: 20 Aug 26 18:32:54.311448: | no IKEv1 message padding required Aug 26 18:32:54.311450: | emitting length of ISAKMP Message: 144 Aug 26 18:32:54.311453: | complete v1 state transition with STF_OK Aug 26 18:32:54.311456: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in complete_v1_state_transition() at ikev1.c:2673) Aug 26 18:32:54.311458: | #1 is idle Aug 26 18:32:54.311460: | doing_xauth:no, t_xauth_client_done:no Aug 26 18:32:54.311461: | peer supports fragmentation Aug 26 18:32:54.311463: | peer supports DPD Aug 26 18:32:54.311465: | IKEv1: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 Aug 26 18:32:54.311467: | parent state #1: MAIN_R0(half-open IKE SA) => MAIN_R1(open IKE SA) Aug 26 18:32:54.311468: | event_already_set, deleting event Aug 26 18:32:54.311472: | sending reply packet to 192.1.3.33:500 (from 192.1.2.23:500) Aug 26 18:32:54.311476: | sending 144 bytes for STATE_MAIN_R0 through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) Aug 26 18:32:54.311478: | b4 b9 92 b1 8c d6 51 ed 11 de db 08 7f 65 6e 7d Aug 26 18:32:54.311479: | 01 10 02 00 00 00 00 00 00 00 00 90 0d 00 00 38 Aug 26 18:32:54.311483: | 00 00 00 01 00 00 00 01 00 00 00 2c 00 01 00 01 Aug 26 18:32:54.311485: | 00 00 00 24 00 01 00 00 80 0b 00 01 80 0c 0e 10 Aug 26 18:32:54.311486: | 80 01 00 07 80 02 00 04 80 03 00 03 80 04 00 0e Aug 26 18:32:54.311488: | 80 0e 01 00 0d 00 00 14 40 48 b7 d5 6e bc e8 85 Aug 26 18:32:54.311489: | 25 e7 de 7f 00 d6 c2 d3 0d 00 00 14 af ca d7 13 Aug 26 18:32:54.311491: | 68 a1 f1 c9 6b 86 96 fc 77 57 01 00 00 00 00 14 Aug 26 18:32:54.311492: | 4a 13 1c 81 07 03 58 45 5c 57 28 f2 0e 95 45 2f Aug 26 18:32:54.311516: | !event_already_set at reschedule Aug 26 18:32:54.311519: | event_schedule: new EVENT_SO_DISCARD-pe@0x55e211568fd8 Aug 26 18:32:54.311522: | inserting event EVENT_SO_DISCARD, timeout in 60 seconds for #1 Aug 26 18:32:54.311524: | libevent_malloc: new ptr-libevent@0x55e211563ab8 size 128 Aug 26 18:32:54.311526: "northnet-eastnets/0x2" #1: STATE_MAIN_R1: sent MR1, expecting MI2 Aug 26 18:32:54.311528: | modecfg pull: noquirk policy:push not-client Aug 26 18:32:54.311530: | phase 1 is done, looking for phase 2 to unpend Aug 26 18:32:54.311533: | stop processing: from 192.1.3.33:500 (BACKGROUND) (in process_md() at demux.c:380) Aug 26 18:32:54.311536: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in process_md() at demux.c:382) Aug 26 18:32:54.311538: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 18:32:54.311541: | spent 0.577 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:32:54.312767: | spent 0.0167 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:32:54.312782: | *received 396 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) Aug 26 18:32:54.312785: | b4 b9 92 b1 8c d6 51 ed 11 de db 08 7f 65 6e 7d Aug 26 18:32:54.312786: | 04 10 02 00 00 00 00 00 00 00 01 8c 0a 00 01 04 Aug 26 18:32:54.312801: | 3b 2d 96 60 ff 04 8d ac 0f 38 64 14 7a 2d 6a 21 Aug 26 18:32:54.312802: | a9 74 77 89 4b 03 0a 44 12 77 59 a5 dc ae c2 1e Aug 26 18:32:54.312804: | 1d 14 1f 0e 3c 54 af d6 05 28 38 7b 30 05 81 20 Aug 26 18:32:54.312805: | c4 2c eb ed 67 03 42 ed 8f 3c f8 48 49 6c 24 84 Aug 26 18:32:54.312807: | 71 b7 8c ac 5d 3a 6d 6c 9c ef 82 e6 4b 90 17 98 Aug 26 18:32:54.312808: | 19 ff a2 26 e0 f1 31 b1 d1 7b a6 1c 3e d3 81 f7 Aug 26 18:32:54.312810: | db e6 6b 10 62 b7 7e 54 8e 79 af 04 1a 6b 36 8e Aug 26 18:32:54.312811: | f2 b8 d8 95 ce 95 cf 68 6d f1 fe 96 9d c9 f7 c6 Aug 26 18:32:54.312813: | 52 5b 0c 96 31 33 b4 90 62 b0 8d 15 95 de a2 86 Aug 26 18:32:54.312814: | f1 76 cd 97 11 7a 16 89 6f 73 b0 35 1f 7b e4 fa Aug 26 18:32:54.312815: | 07 59 f9 09 69 15 c5 67 69 a4 11 a9 d7 1a 17 9a Aug 26 18:32:54.312817: | cf 70 e3 ef 35 ef f9 1d 81 3d 1d 7b 8e d5 da d5 Aug 26 18:32:54.312818: | 10 76 ce 5e a7 23 be cc 94 b5 f0 d5 7f 97 11 48 Aug 26 18:32:54.312820: | 22 c2 fb 89 0d 9f 50 ef db 79 03 e7 b1 e7 3d b8 Aug 26 18:32:54.312821: | 0e 48 c7 b2 d7 0d 25 77 52 ee b9 b2 02 43 06 bc Aug 26 18:32:54.312823: | b8 10 31 5c 11 7e 26 7c 04 3e e7 e4 17 d5 64 33 Aug 26 18:32:54.312824: | 14 00 00 24 40 81 cb 4a 7a e5 3a d8 4a 41 1f 93 Aug 26 18:32:54.312826: | 82 c3 2b 14 38 62 fe 94 7b 3a 8a 16 92 65 8d bd Aug 26 18:32:54.312827: | 5a 34 d1 9f 14 00 00 24 05 09 41 5f 35 ec 64 03 Aug 26 18:32:54.312829: | f2 4e 38 f1 09 1d 27 17 17 33 7c 9a 57 ec f9 72 Aug 26 18:32:54.312830: | 34 c1 a8 85 8e d7 d8 2d 00 00 00 24 99 e4 e5 a0 Aug 26 18:32:54.312831: | 37 cb dd 94 28 74 d4 01 c4 09 9e a5 a4 6b 9c 45 Aug 26 18:32:54.312833: | ef f4 bd 77 7e ee 3a d0 ba 11 65 8b Aug 26 18:32:54.312836: | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) Aug 26 18:32:54.312838: | **parse ISAKMP Message: Aug 26 18:32:54.312840: | initiator cookie: Aug 26 18:32:54.312841: | b4 b9 92 b1 8c d6 51 ed Aug 26 18:32:54.312843: | responder cookie: Aug 26 18:32:54.312844: | 11 de db 08 7f 65 6e 7d Aug 26 18:32:54.312848: | next payload type: ISAKMP_NEXT_KE (0x4) Aug 26 18:32:54.312850: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 18:32:54.312852: | exchange type: ISAKMP_XCHG_IDPROT (0x2) Aug 26 18:32:54.312853: | flags: none (0x0) Aug 26 18:32:54.312855: | Message ID: 0 (0x0) Aug 26 18:32:54.312856: | length: 396 (0x18c) Aug 26 18:32:54.312858: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) Aug 26 18:32:54.312861: | State DB: found IKEv1 state #1 in MAIN_R1 (find_state_ikev1) Aug 26 18:32:54.312864: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in process_v1_packet() at ikev1.c:1459) Aug 26 18:32:54.312865: | #1 is idle Aug 26 18:32:54.312867: | #1 idle Aug 26 18:32:54.312869: | got payload 0x10 (ISAKMP_NEXT_KE) needed: 0x410 opt: 0x102080 Aug 26 18:32:54.312871: | ***parse ISAKMP Key Exchange Payload: Aug 26 18:32:54.312872: | next payload type: ISAKMP_NEXT_NONCE (0xa) Aug 26 18:32:54.312874: | length: 260 (0x104) Aug 26 18:32:54.312876: | got payload 0x400 (ISAKMP_NEXT_NONCE) needed: 0x400 opt: 0x102080 Aug 26 18:32:54.312877: | ***parse ISAKMP Nonce Payload: Aug 26 18:32:54.312879: | next payload type: ISAKMP_NEXT_NATD_RFC (0x14) Aug 26 18:32:54.312880: | length: 36 (0x24) Aug 26 18:32:54.312882: | got payload 0x100000 (ISAKMP_NEXT_NATD_RFC) needed: 0x0 opt: 0x102080 Aug 26 18:32:54.312884: | ***parse ISAKMP NAT-D Payload: Aug 26 18:32:54.312885: | next payload type: ISAKMP_NEXT_NATD_RFC (0x14) Aug 26 18:32:54.312887: | length: 36 (0x24) Aug 26 18:32:54.312888: | got payload 0x100000 (ISAKMP_NEXT_NATD_RFC) needed: 0x0 opt: 0x102080 Aug 26 18:32:54.312890: | ***parse ISAKMP NAT-D Payload: Aug 26 18:32:54.312892: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:32:54.312893: | length: 36 (0x24) Aug 26 18:32:54.312895: | message 'main_inI2_outR2' HASH payload not checked early Aug 26 18:32:54.312898: | init checking NAT-T: enabled; RFC 3947 (NAT-Traversal) Aug 26 18:32:54.312908: | natd_hash: hasher=0x55e2103e1ca0(32) Aug 26 18:32:54.312910: | natd_hash: icookie= b4 b9 92 b1 8c d6 51 ed Aug 26 18:32:54.312912: | natd_hash: rcookie= 11 de db 08 7f 65 6e 7d Aug 26 18:32:54.312913: | natd_hash: ip= c0 01 02 17 Aug 26 18:32:54.312915: | natd_hash: port=500 Aug 26 18:32:54.312916: | natd_hash: hash= 05 09 41 5f 35 ec 64 03 f2 4e 38 f1 09 1d 27 17 Aug 26 18:32:54.312918: | natd_hash: hash= 17 33 7c 9a 57 ec f9 72 34 c1 a8 85 8e d7 d8 2d Aug 26 18:32:54.312922: | natd_hash: hasher=0x55e2103e1ca0(32) Aug 26 18:32:54.312923: | natd_hash: icookie= b4 b9 92 b1 8c d6 51 ed Aug 26 18:32:54.312925: | natd_hash: rcookie= 11 de db 08 7f 65 6e 7d Aug 26 18:32:54.312926: | natd_hash: ip= c0 01 03 21 Aug 26 18:32:54.312928: | natd_hash: port=500 Aug 26 18:32:54.312929: | natd_hash: hash= 99 e4 e5 a0 37 cb dd 94 28 74 d4 01 c4 09 9e a5 Aug 26 18:32:54.312931: | natd_hash: hash= a4 6b 9c 45 ef f4 bd 77 7e ee 3a d0 ba 11 65 8b Aug 26 18:32:54.312932: | expected NAT-D(me): 05 09 41 5f 35 ec 64 03 f2 4e 38 f1 09 1d 27 17 Aug 26 18:32:54.312934: | expected NAT-D(me): 17 33 7c 9a 57 ec f9 72 34 c1 a8 85 8e d7 d8 2d Aug 26 18:32:54.312936: | expected NAT-D(him): Aug 26 18:32:54.312937: | 99 e4 e5 a0 37 cb dd 94 28 74 d4 01 c4 09 9e a5 Aug 26 18:32:54.312939: | a4 6b 9c 45 ef f4 bd 77 7e ee 3a d0 ba 11 65 8b Aug 26 18:32:54.312940: | received NAT-D: 05 09 41 5f 35 ec 64 03 f2 4e 38 f1 09 1d 27 17 Aug 26 18:32:54.312942: | received NAT-D: 17 33 7c 9a 57 ec f9 72 34 c1 a8 85 8e d7 d8 2d Aug 26 18:32:54.312944: | received NAT-D: 99 e4 e5 a0 37 cb dd 94 28 74 d4 01 c4 09 9e a5 Aug 26 18:32:54.312945: | received NAT-D: a4 6b 9c 45 ef f4 bd 77 7e ee 3a d0 ba 11 65 8b Aug 26 18:32:54.312947: | NAT_TRAVERSAL encaps using auto-detect Aug 26 18:32:54.312948: | NAT_TRAVERSAL this end is NOT behind NAT Aug 26 18:32:54.312950: | NAT_TRAVERSAL that end is NOT behind NAT Aug 26 18:32:54.312952: | NAT_TRAVERSAL nat-keepalive enabled 192.1.3.33 Aug 26 18:32:54.312954: | NAT-Traversal: Result using RFC 3947 (NAT-Traversal) sender port 500: no NAT detected Aug 26 18:32:54.312956: | NAT_T_WITH_KA detected Aug 26 18:32:54.312959: | global one-shot timer EVENT_NAT_T_KEEPALIVE scheduled in 20 seconds Aug 26 18:32:54.312963: | adding inI2_outR2 KE work-order 1 for state #1 Aug 26 18:32:54.312965: | state #1 requesting EVENT_SO_DISCARD to be deleted Aug 26 18:32:54.312967: | libevent_free: release ptr-libevent@0x55e211563ab8 Aug 26 18:32:54.312969: | free_event_entry: release EVENT_SO_DISCARD-pe@0x55e211568fd8 Aug 26 18:32:54.312971: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55e211568fd8 Aug 26 18:32:54.312974: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Aug 26 18:32:54.312976: | libevent_malloc: new ptr-libevent@0x55e21156d8c8 size 128 Aug 26 18:32:54.312981: | complete v1 state transition with STF_SUSPEND Aug 26 18:32:54.312985: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in complete_v1_state_transition() at ikev1.c:2648) Aug 26 18:32:54.312986: | suspending state #1 and saving MD Aug 26 18:32:54.312988: | #1 is busy; has a suspended MD Aug 26 18:32:54.312991: | #1 spent 0.0933 milliseconds in process_packet_tail() Aug 26 18:32:54.312989: | crypto helper 0 resuming Aug 26 18:32:54.313004: | crypto helper 0 starting work-order 1 for state #1 Aug 26 18:32:54.312997: | stop processing: from 192.1.3.33:500 (BACKGROUND) (in process_md() at demux.c:380) Aug 26 18:32:54.313008: | crypto helper 0 doing build KE and nonce (inI2_outR2 KE); request ID 1 Aug 26 18:32:54.313013: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in process_md() at demux.c:382) Aug 26 18:32:54.313017: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 18:32:54.313020: | spent 0.239 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:32:54.313602: | crypto helper 0 finished build KE and nonce (inI2_outR2 KE); request ID 1 time elapsed 0.000593 seconds Aug 26 18:32:54.313611: | (#1) spent 0.598 milliseconds in crypto helper computing work-order 1: inI2_outR2 KE (pcr) Aug 26 18:32:54.313613: | crypto helper 0 sending results from work-order 1 for state #1 to event queue Aug 26 18:32:54.313615: | scheduling resume sending helper answer for #1 Aug 26 18:32:54.313617: | libevent_malloc: new ptr-libevent@0x7f49a0002888 size 128 Aug 26 18:32:54.313623: | crypto helper 0 waiting (nothing to do) Aug 26 18:32:54.313657: | processing resume sending helper answer for #1 Aug 26 18:32:54.313666: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:797) Aug 26 18:32:54.313670: | crypto helper 0 replies to request ID 1 Aug 26 18:32:54.313671: | calling continuation function 0x55e21030cb50 Aug 26 18:32:54.313673: | main_inI2_outR2_continue for #1: calculated ke+nonce, sending R2 Aug 26 18:32:54.313677: | **emit ISAKMP Message: Aug 26 18:32:54.313679: | initiator cookie: Aug 26 18:32:54.313680: | b4 b9 92 b1 8c d6 51 ed Aug 26 18:32:54.313682: | responder cookie: Aug 26 18:32:54.313683: | 11 de db 08 7f 65 6e 7d Aug 26 18:32:54.313685: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:32:54.313687: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 18:32:54.313689: | exchange type: ISAKMP_XCHG_IDPROT (0x2) Aug 26 18:32:54.313690: | flags: none (0x0) Aug 26 18:32:54.313692: | Message ID: 0 (0x0) Aug 26 18:32:54.313694: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:32:54.313696: | ***emit ISAKMP Key Exchange Payload: Aug 26 18:32:54.313697: | next payload type: ISAKMP_NEXT_NONCE (0xa) Aug 26 18:32:54.313699: | next payload chain: ignoring supplied 'ISAKMP Key Exchange Payload'.'next payload type' value 10:ISAKMP_NEXT_NONCE Aug 26 18:32:54.313701: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Key Exchange Payload (4:ISAKMP_NEXT_KE) Aug 26 18:32:54.313703: | next payload chain: saving location 'ISAKMP Key Exchange Payload'.'next payload type' in 'reply packet' Aug 26 18:32:54.313707: | emitting 256 raw bytes of keyex value into ISAKMP Key Exchange Payload Aug 26 18:32:54.313709: | keyex value 83 8d 70 1a 7b 14 74 8a 80 d3 01 79 ec 9a 1a a7 Aug 26 18:32:54.313711: | keyex value 6f 15 b2 23 f2 81 23 c3 b1 ad 65 8e 71 29 5f 4f Aug 26 18:32:54.313712: | keyex value 91 70 35 c3 fd 8f c1 d1 ee a6 51 18 e0 b0 27 9d Aug 26 18:32:54.313714: | keyex value 3d 64 9a 64 20 6c 25 6d 7a dd 56 7b 35 7a 68 38 Aug 26 18:32:54.313715: | keyex value 3a d9 d7 18 32 cd f2 32 a4 d0 53 eb 33 43 27 18 Aug 26 18:32:54.313717: | keyex value 68 bf e0 8d 55 db 8b a5 8f 60 4a 00 f1 14 98 46 Aug 26 18:32:54.313718: | keyex value 73 b6 9a fc e2 b9 34 3f 38 d2 8e 9b 5f 91 cd 5f Aug 26 18:32:54.313720: | keyex value 7d cd 1c fd 4c 76 ec 7b 93 71 d9 7a ef 47 19 c5 Aug 26 18:32:54.313721: | keyex value ff d9 ac 7e d4 6e ee c5 dd 15 96 5c d3 d7 8b 0f Aug 26 18:32:54.313723: | keyex value 40 93 63 6b 23 a4 1f d7 ce c6 4e c7 a0 db cd 31 Aug 26 18:32:54.313724: | keyex value c8 ce 3c 03 b9 79 ac 6a 95 db b7 d6 ab 22 2c b3 Aug 26 18:32:54.313726: | keyex value 30 77 c1 53 84 f2 43 35 7b 38 62 90 3d 5e 38 27 Aug 26 18:32:54.313727: | keyex value 06 b8 ca 54 69 39 87 60 e1 2e 5e 83 fc 02 0b 9b Aug 26 18:32:54.313729: | keyex value 54 7a 7f 67 c6 31 b8 43 38 e8 c3 8b 0b d1 38 87 Aug 26 18:32:54.313730: | keyex value 8a 0f 8f b5 22 cc 55 7c ac d5 69 d8 f1 9f c9 22 Aug 26 18:32:54.313732: | keyex value 82 94 d5 89 b1 d9 b3 95 00 05 08 85 fa 8d 5f 85 Aug 26 18:32:54.313733: | emitting length of ISAKMP Key Exchange Payload: 260 Aug 26 18:32:54.313735: | ***emit ISAKMP Nonce Payload: Aug 26 18:32:54.313737: | next payload type: ISAKMP_NEXT_CR (0x7) Aug 26 18:32:54.313739: | next payload chain: ignoring supplied 'ISAKMP Nonce Payload'.'next payload type' value 7:ISAKMP_NEXT_CR Aug 26 18:32:54.313741: | next payload chain: setting previous 'ISAKMP Key Exchange Payload'.'next payload type' to current ISAKMP Nonce Payload (10:ISAKMP_NEXT_NONCE) Aug 26 18:32:54.313742: | next payload chain: saving location 'ISAKMP Nonce Payload'.'next payload type' in 'reply packet' Aug 26 18:32:54.313744: | emitting 32 raw bytes of Nr into ISAKMP Nonce Payload Aug 26 18:32:54.313746: | Nr a2 32 48 3c a6 83 6e 86 91 b0 7b 4b f5 9f 10 b3 Aug 26 18:32:54.313747: | Nr 16 ce 2d d0 4f a5 1d 09 0b 44 6a 9e 7f a6 7f cb Aug 26 18:32:54.313749: | emitting length of ISAKMP Nonce Payload: 36 Aug 26 18:32:54.313751: | ***emit ISAKMP Certificate RequestPayload: Aug 26 18:32:54.313752: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:32:54.313754: | cert type: CERT_X509_SIGNATURE (0x4) Aug 26 18:32:54.313756: | next payload chain: setting previous 'ISAKMP Nonce Payload'.'next payload type' to current ISAKMP Certificate RequestPayload (7:ISAKMP_NEXT_CR) Aug 26 18:32:54.313758: | next payload chain: saving location 'ISAKMP Certificate RequestPayload'.'next payload type' in 'reply packet' Aug 26 18:32:54.313760: | emitting 175 raw bytes of CA into ISAKMP Certificate RequestPayload Aug 26 18:32:54.313761: | CA 30 81 ac 31 0b 30 09 06 03 55 04 06 13 02 43 41 Aug 26 18:32:54.313763: | CA 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 Aug 26 18:32:54.313764: | CA 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 Aug 26 18:32:54.313766: | CA 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c Aug 26 18:32:54.313767: | CA 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 Aug 26 18:32:54.313768: | CA 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 Aug 26 18:32:54.313770: | CA 6e 74 31 25 30 23 06 03 55 04 03 0c 1c 4c 69 62 Aug 26 18:32:54.313771: | CA 72 65 73 77 61 6e 20 74 65 73 74 20 43 41 20 66 Aug 26 18:32:54.313773: | CA 6f 72 20 6d 61 69 6e 63 61 31 24 30 22 06 09 2a Aug 26 18:32:54.313774: | CA 86 48 86 f7 0d 01 09 01 16 15 74 65 73 74 69 6e Aug 26 18:32:54.313776: | CA 67 40 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 Aug 26 18:32:54.313777: | emitting length of ISAKMP Certificate RequestPayload: 180 Aug 26 18:32:54.313780: | sending NAT-D payloads Aug 26 18:32:54.313787: | natd_hash: hasher=0x55e2103e1ca0(32) Aug 26 18:32:54.313789: | natd_hash: icookie= b4 b9 92 b1 8c d6 51 ed Aug 26 18:32:54.313791: | natd_hash: rcookie= 11 de db 08 7f 65 6e 7d Aug 26 18:32:54.313792: | natd_hash: ip= c0 01 03 21 Aug 26 18:32:54.313794: | natd_hash: port=500 Aug 26 18:32:54.313795: | natd_hash: hash= 99 e4 e5 a0 37 cb dd 94 28 74 d4 01 c4 09 9e a5 Aug 26 18:32:54.313797: | natd_hash: hash= a4 6b 9c 45 ef f4 bd 77 7e ee 3a d0 ba 11 65 8b Aug 26 18:32:54.313799: | ***emit ISAKMP NAT-D Payload: Aug 26 18:32:54.313800: | next payload type: ISAKMP_NEXT_NATD_RFC (0x14) Aug 26 18:32:54.313802: | next payload chain: ignoring supplied 'ISAKMP NAT-D Payload'.'next payload type' value 20:ISAKMP_NEXT_NATD_RFC Aug 26 18:32:54.313804: | next payload chain: setting previous 'ISAKMP Certificate RequestPayload'.'next payload type' to current ISAKMP NAT-D Payload (20:ISAKMP_NEXT_NATD_RFC) Aug 26 18:32:54.313806: | next payload chain: saving location 'ISAKMP NAT-D Payload'.'next payload type' in 'reply packet' Aug 26 18:32:54.313808: | emitting 32 raw bytes of NAT-D into ISAKMP NAT-D Payload Aug 26 18:32:54.313809: | NAT-D 99 e4 e5 a0 37 cb dd 94 28 74 d4 01 c4 09 9e a5 Aug 26 18:32:54.313811: | NAT-D a4 6b 9c 45 ef f4 bd 77 7e ee 3a d0 ba 11 65 8b Aug 26 18:32:54.313812: | emitting length of ISAKMP NAT-D Payload: 36 Aug 26 18:32:54.313816: | natd_hash: hasher=0x55e2103e1ca0(32) Aug 26 18:32:54.313818: | natd_hash: icookie= b4 b9 92 b1 8c d6 51 ed Aug 26 18:32:54.313819: | natd_hash: rcookie= 11 de db 08 7f 65 6e 7d Aug 26 18:32:54.313821: | natd_hash: ip= c0 01 02 17 Aug 26 18:32:54.313822: | natd_hash: port=500 Aug 26 18:32:54.313824: | natd_hash: hash= 05 09 41 5f 35 ec 64 03 f2 4e 38 f1 09 1d 27 17 Aug 26 18:32:54.313825: | natd_hash: hash= 17 33 7c 9a 57 ec f9 72 34 c1 a8 85 8e d7 d8 2d Aug 26 18:32:54.313827: | ***emit ISAKMP NAT-D Payload: Aug 26 18:32:54.313828: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:32:54.313830: | next payload chain: setting previous 'ISAKMP NAT-D Payload'.'next payload type' to current ISAKMP NAT-D Payload (20:ISAKMP_NEXT_NATD_RFC) Aug 26 18:32:54.313832: | next payload chain: saving location 'ISAKMP NAT-D Payload'.'next payload type' in 'reply packet' Aug 26 18:32:54.313834: | emitting 32 raw bytes of NAT-D into ISAKMP NAT-D Payload Aug 26 18:32:54.313835: | NAT-D 05 09 41 5f 35 ec 64 03 f2 4e 38 f1 09 1d 27 17 Aug 26 18:32:54.313837: | NAT-D 17 33 7c 9a 57 ec f9 72 34 c1 a8 85 8e d7 d8 2d Aug 26 18:32:54.313838: | emitting length of ISAKMP NAT-D Payload: 36 Aug 26 18:32:54.313840: | no IKEv1 message padding required Aug 26 18:32:54.313841: | emitting length of ISAKMP Message: 576 Aug 26 18:32:54.313843: | main inI2_outR2: starting async DH calculation (group=14) Aug 26 18:32:54.313851: | started looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org of kind PKK_PSK Aug 26 18:32:54.313856: | actually looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org of kind PKK_PSK Aug 26 18:32:54.313862: | line 0: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org) to type PKK_RSA Aug 26 18:32:54.313864: | line 1: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org) to type PKK_RSA Aug 26 18:32:54.313866: | concluding with best_match=000 best=(nil) (lineno=-1) Aug 26 18:32:54.313867: | no PreShared Key Found Aug 26 18:32:54.313872: | adding main_inI2_outR2_tail work-order 2 for state #1 Aug 26 18:32:54.313877: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 18:32:54.313879: | libevent_free: release ptr-libevent@0x55e21156d8c8 Aug 26 18:32:54.313881: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55e211568fd8 Aug 26 18:32:54.313883: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55e211568fd8 Aug 26 18:32:54.313885: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Aug 26 18:32:54.313887: | libevent_malloc: new ptr-libevent@0x55e21156d978 size 128 Aug 26 18:32:54.313893: | #1 main_inI2_outR2_continue1_tail:1165 st->st_calculating = FALSE; Aug 26 18:32:54.313895: | complete v1 state transition with STF_OK Aug 26 18:32:54.313899: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in complete_v1_state_transition() at ikev1.c:2673) Aug 26 18:32:54.313900: | #1 is idle; has background offloaded task Aug 26 18:32:54.313902: | doing_xauth:no, t_xauth_client_done:no Aug 26 18:32:54.313904: | IKEv1: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2 Aug 26 18:32:54.313906: | parent state #1: MAIN_R1(open IKE SA) => MAIN_R2(open IKE SA) Aug 26 18:32:54.313907: | event_already_set, deleting event Aug 26 18:32:54.313909: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 18:32:54.313910: | libevent_free: release ptr-libevent@0x55e21156d978 Aug 26 18:32:54.313912: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55e211568fd8 Aug 26 18:32:54.313916: | sending reply packet to 192.1.3.33:500 (from 192.1.2.23:500) Aug 26 18:32:54.313920: | sending 576 bytes for STATE_MAIN_R1 through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) Aug 26 18:32:54.313924: | b4 b9 92 b1 8c d6 51 ed 11 de db 08 7f 65 6e 7d Aug 26 18:32:54.313926: | 04 10 02 00 00 00 00 00 00 00 02 40 0a 00 01 04 Aug 26 18:32:54.313927: | 83 8d 70 1a 7b 14 74 8a 80 d3 01 79 ec 9a 1a a7 Aug 26 18:32:54.313928: | crypto helper 1 resuming Aug 26 18:32:54.313929: | 6f 15 b2 23 f2 81 23 c3 b1 ad 65 8e 71 29 5f 4f Aug 26 18:32:54.313945: | 91 70 35 c3 fd 8f c1 d1 ee a6 51 18 e0 b0 27 9d Aug 26 18:32:54.313940: | crypto helper 1 starting work-order 2 for state #1 Aug 26 18:32:54.313952: | crypto helper 1 doing compute dh+iv (V1 Phase 1) (main_inI2_outR2_tail); request ID 2 Aug 26 18:32:54.313947: | 3d 64 9a 64 20 6c 25 6d 7a dd 56 7b 35 7a 68 38 Aug 26 18:32:54.313959: | 3a d9 d7 18 32 cd f2 32 a4 d0 53 eb 33 43 27 18 Aug 26 18:32:54.313961: | 68 bf e0 8d 55 db 8b a5 8f 60 4a 00 f1 14 98 46 Aug 26 18:32:54.313962: | 73 b6 9a fc e2 b9 34 3f 38 d2 8e 9b 5f 91 cd 5f Aug 26 18:32:54.313964: | 7d cd 1c fd 4c 76 ec 7b 93 71 d9 7a ef 47 19 c5 Aug 26 18:32:54.313965: | ff d9 ac 7e d4 6e ee c5 dd 15 96 5c d3 d7 8b 0f Aug 26 18:32:54.313967: | 40 93 63 6b 23 a4 1f d7 ce c6 4e c7 a0 db cd 31 Aug 26 18:32:54.313968: | c8 ce 3c 03 b9 79 ac 6a 95 db b7 d6 ab 22 2c b3 Aug 26 18:32:54.313970: | 30 77 c1 53 84 f2 43 35 7b 38 62 90 3d 5e 38 27 Aug 26 18:32:54.313971: | 06 b8 ca 54 69 39 87 60 e1 2e 5e 83 fc 02 0b 9b Aug 26 18:32:54.313973: | 54 7a 7f 67 c6 31 b8 43 38 e8 c3 8b 0b d1 38 87 Aug 26 18:32:54.313974: | 8a 0f 8f b5 22 cc 55 7c ac d5 69 d8 f1 9f c9 22 Aug 26 18:32:54.313975: | 82 94 d5 89 b1 d9 b3 95 00 05 08 85 fa 8d 5f 85 Aug 26 18:32:54.313977: | 07 00 00 24 a2 32 48 3c a6 83 6e 86 91 b0 7b 4b Aug 26 18:32:54.313978: | f5 9f 10 b3 16 ce 2d d0 4f a5 1d 09 0b 44 6a 9e Aug 26 18:32:54.313980: | 7f a6 7f cb 14 00 00 b4 04 30 81 ac 31 0b 30 09 Aug 26 18:32:54.313981: | 06 03 55 04 06 13 02 43 41 31 10 30 0e 06 03 55 Aug 26 18:32:54.313983: | 04 08 0c 07 4f 6e 74 61 72 69 6f 31 10 30 0e 06 Aug 26 18:32:54.313984: | 03 55 04 07 0c 07 54 6f 72 6f 6e 74 6f 31 12 30 Aug 26 18:32:54.313986: | 10 06 03 55 04 0a 0c 09 4c 69 62 72 65 73 77 61 Aug 26 18:32:54.313987: | 6e 31 18 30 16 06 03 55 04 0b 0c 0f 54 65 73 74 Aug 26 18:32:54.313988: | 20 44 65 70 61 72 74 6d 65 6e 74 31 25 30 23 06 Aug 26 18:32:54.313991: | 03 55 04 03 0c 1c 4c 69 62 72 65 73 77 61 6e 20 Aug 26 18:32:54.313993: | 74 65 73 74 20 43 41 20 66 6f 72 20 6d 61 69 6e Aug 26 18:32:54.313994: | 63 61 31 24 30 22 06 09 2a 86 48 86 f7 0d 01 09 Aug 26 18:32:54.313996: | 01 16 15 74 65 73 74 69 6e 67 40 6c 69 62 72 65 Aug 26 18:32:54.313997: | 73 77 61 6e 2e 6f 72 67 14 00 00 24 99 e4 e5 a0 Aug 26 18:32:54.313999: | 37 cb dd 94 28 74 d4 01 c4 09 9e a5 a4 6b 9c 45 Aug 26 18:32:54.314000: | ef f4 bd 77 7e ee 3a d0 ba 11 65 8b 00 00 00 24 Aug 26 18:32:54.314001: | 05 09 41 5f 35 ec 64 03 f2 4e 38 f1 09 1d 27 17 Aug 26 18:32:54.314003: | 17 33 7c 9a 57 ec f9 72 34 c1 a8 85 8e d7 d8 2d Aug 26 18:32:54.314020: | !event_already_set at reschedule Aug 26 18:32:54.314039: | event_schedule: new EVENT_RETRANSMIT-pe@0x55e211568fd8 Aug 26 18:32:54.314042: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #1 Aug 26 18:32:54.314044: | libevent_malloc: new ptr-libevent@0x55e21156d978 size 128 Aug 26 18:32:54.314047: | #1 STATE_MAIN_R2: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 29660.05649 Aug 26 18:32:54.314049: "northnet-eastnets/0x2" #1: STATE_MAIN_R2: sent MR2, expecting MI3 Aug 26 18:32:54.314051: | modecfg pull: noquirk policy:push not-client Aug 26 18:32:54.314053: | phase 1 is done, looking for phase 2 to unpend Aug 26 18:32:54.314055: | resume sending helper answer for #1 suppresed complete_v1_state_transition() Aug 26 18:32:54.314059: | #1 spent 0.376 milliseconds in resume sending helper answer Aug 26 18:32:54.314062: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:833) Aug 26 18:32:54.314065: | libevent_free: release ptr-libevent@0x7f49a0002888 Aug 26 18:32:54.314645: | crypto helper 1 finished compute dh+iv (V1 Phase 1) (main_inI2_outR2_tail); request ID 2 time elapsed 0.000694 seconds Aug 26 18:32:54.314655: | (#1) spent 0.695 milliseconds in crypto helper computing work-order 2: main_inI2_outR2_tail (pcr) Aug 26 18:32:54.314657: | crypto helper 1 sending results from work-order 2 for state #1 to event queue Aug 26 18:32:54.314659: | scheduling resume sending helper answer for #1 Aug 26 18:32:54.314661: | libevent_malloc: new ptr-libevent@0x7f4998000f48 size 128 Aug 26 18:32:54.314666: | crypto helper 1 waiting (nothing to do) Aug 26 18:32:54.314673: | processing resume sending helper answer for #1 Aug 26 18:32:54.314681: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:797) Aug 26 18:32:54.314685: | crypto helper 1 replies to request ID 2 Aug 26 18:32:54.314688: | calling continuation function 0x55e21030cb50 Aug 26 18:32:54.314690: | main_inI2_outR2_calcdone for #1: calculate DH finished Aug 26 18:32:54.314695: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in main_inI2_outR2_continue2() at ikev1_main.c:1015) Aug 26 18:32:54.314700: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in main_inI2_outR2_continue2() at ikev1_main.c:1028) Aug 26 18:32:54.314704: | resume sending helper answer for #1 suppresed complete_v1_state_transition() Aug 26 18:32:54.314709: | #1 spent 0.0225 milliseconds in resume sending helper answer Aug 26 18:32:54.314712: | processing: STOP state #0 (in resume_handler() at server.c:833) Aug 26 18:32:54.314715: | libevent_free: release ptr-libevent@0x7f4998000f48 Aug 26 18:32:54.321395: | spent 0.00237 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:32:54.321420: | *received 2028 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) Aug 26 18:32:54.321424: | b4 b9 92 b1 8c d6 51 ed 11 de db 08 7f 65 6e 7d Aug 26 18:32:54.321427: | 05 10 02 01 00 00 00 00 00 00 07 ec d8 f5 ce ff Aug 26 18:32:54.321429: | 18 7e 5f 88 c9 d3 4d a8 a3 60 88 b3 80 47 21 31 Aug 26 18:32:54.321431: | 69 0a eb 52 89 00 6f 49 54 52 04 19 fa b5 a5 71 Aug 26 18:32:54.321432: | 41 07 32 7a 89 97 bb 17 5c f9 07 a6 10 41 1e 7b Aug 26 18:32:54.321436: | 78 05 2d a3 04 d1 f9 ca f8 3d a8 48 52 29 75 d6 Aug 26 18:32:54.321437: | 28 92 83 5e 53 67 3c 4a 99 f0 bd f8 72 05 c6 4f Aug 26 18:32:54.321439: | 6d 6e 75 22 4e 99 5e ee 46 df ba a6 4d 47 e3 1e Aug 26 18:32:54.321440: | 17 a9 8a 80 81 ff 30 7a f7 0e 2f dc e9 22 1f f1 Aug 26 18:32:54.321442: | f9 3c 8a eb a0 1a 6c 8b 58 a1 0a e9 1a cf 16 d3 Aug 26 18:32:54.321456: | 90 8e e6 ea f4 e6 e6 ac 92 df a4 bb 3d 19 17 24 Aug 26 18:32:54.321457: | be 85 db fd 02 e5 3c db 68 0c 3f d2 89 5f 9f aa Aug 26 18:32:54.321459: | af 7e 54 b0 19 3d 4b 1f 83 e5 e8 73 9b 94 da fe Aug 26 18:32:54.321460: | 43 f7 6c 10 05 11 0f 00 0e cc 00 22 2b f5 8d 50 Aug 26 18:32:54.321462: | 0a 9b 82 99 37 37 98 e3 cd 5a 32 c6 08 ed f1 08 Aug 26 18:32:54.321463: | 6d 8a 76 89 bc cf ca 3d 04 6a e0 b5 f6 ef 50 12 Aug 26 18:32:54.321465: | 60 63 c2 70 f1 19 36 9c 01 11 6f 1b d0 50 84 3d Aug 26 18:32:54.321466: | 01 e1 39 f4 2c 42 48 a0 2e 0e c3 95 9c 91 13 ad Aug 26 18:32:54.321468: | 81 37 ac 18 f0 fe e1 26 f5 d6 ac 73 ca a9 9c 54 Aug 26 18:32:54.321469: | 1d b3 20 aa 99 f6 9e 7f 92 06 c7 06 e9 1e 97 e1 Aug 26 18:32:54.321471: | 54 9d 83 ce 6f 43 76 1a ab bc 7c 5b aa e4 13 bb Aug 26 18:32:54.321472: | 08 73 4e aa 99 61 fb 23 7c 29 62 88 f9 55 05 12 Aug 26 18:32:54.321473: | 5c db 7d 38 4e 11 b0 df 68 e9 72 38 26 d6 cf 26 Aug 26 18:32:54.321475: | 05 a9 df c9 ad 27 b8 55 80 b7 10 b6 3d bf 9f 05 Aug 26 18:32:54.321476: | 9c e9 f8 aa ee 69 42 9c 7f 3f 22 e7 19 34 11 89 Aug 26 18:32:54.321478: | c9 92 bf 46 f8 13 51 2f 06 01 ab ee 13 e6 bc e6 Aug 26 18:32:54.321479: | 3a 63 09 f5 3f d8 4c 72 ae 16 23 0e 70 b4 82 c1 Aug 26 18:32:54.321481: | 25 83 7d 53 d3 c5 cf 92 53 aa c2 98 a1 2e 47 cc Aug 26 18:32:54.321482: | cf 2c 99 27 b3 1b 79 68 c2 bd 3e 70 42 2e 1e 03 Aug 26 18:32:54.321484: | 40 3c d3 b9 a1 b4 fe 9f a6 03 5b 5b c8 62 a9 66 Aug 26 18:32:54.321485: | 26 f3 c6 e4 a3 d8 f7 c7 3a 4f 44 f8 d3 77 e5 e5 Aug 26 18:32:54.321486: | 79 42 d4 cb 47 4f 64 1a 82 c3 3e 62 d7 01 79 3f Aug 26 18:32:54.321488: | 7a 90 bd 41 19 f5 b8 ba fd 45 de 3a 62 84 51 4c Aug 26 18:32:54.321489: | 69 15 9d 81 f9 a2 d3 9f 8b 68 e7 8f 31 4f e7 77 Aug 26 18:32:54.321491: | 37 33 50 cd f2 d5 d4 11 31 0b 0e c3 b1 a4 38 39 Aug 26 18:32:54.321492: | e6 11 58 83 bc 3b be 9c 1a cd 18 28 72 fd da c6 Aug 26 18:32:54.321494: | f9 1d eb f4 9c c1 cc 9b ed 19 b5 44 80 4d e9 b3 Aug 26 18:32:54.321495: | 9a 12 38 f4 15 1e 78 4f 44 1e d8 be 3c d5 23 29 Aug 26 18:32:54.321497: | 9f ec a1 39 e2 b0 4b fc b9 aa 9c b7 76 95 e5 d2 Aug 26 18:32:54.321498: | 45 88 89 5b a7 6f ef f1 e9 0c 9f 32 66 47 71 82 Aug 26 18:32:54.321500: | cc 93 f7 cd ad e7 df dd d2 00 73 11 91 fe 5a a9 Aug 26 18:32:54.321501: | 3b 0d c2 5f 7a e6 82 b8 7b e1 02 8a 9a ed 1c 21 Aug 26 18:32:54.321502: | ac 42 c5 c1 db a0 ce 7a 30 60 ed 58 70 5f ca 45 Aug 26 18:32:54.321504: | 1e 5f 2c ee 83 a5 9b 0c d8 b9 03 f1 a4 be 0c fd Aug 26 18:32:54.321505: | 34 0b ff 95 67 40 b4 95 34 8f 38 0b 7b 20 ae f7 Aug 26 18:32:54.321507: | 6d 58 d4 59 4f 14 32 44 cd 22 1e 09 22 86 05 b6 Aug 26 18:32:54.321508: | 7b cf f2 e1 8e 58 e2 c1 3b e9 88 4e d8 70 f4 e6 Aug 26 18:32:54.321510: | f9 42 82 76 49 a5 20 4b 6e 71 7c fd 08 c9 d0 56 Aug 26 18:32:54.321511: | 67 14 2c 4d bf 67 53 85 a7 77 65 a9 3a 1b 3d 77 Aug 26 18:32:54.321513: | 39 d6 8a b7 fd ee 6b 4d e8 b1 91 4a 81 ca 6d 50 Aug 26 18:32:54.321514: | 1b 3e be d2 4a c1 05 57 d3 3d fa 50 b9 9d eb 61 Aug 26 18:32:54.321515: | 4b a2 13 73 5b ab 60 d1 dd 09 e4 fc fc e6 84 02 Aug 26 18:32:54.321517: | 9e 7c 09 5c b8 b6 00 ed 77 06 60 8d 0c b6 f6 07 Aug 26 18:32:54.321518: | aa 1f df db 6d 1a 18 b7 3f 67 06 d9 a0 bb f0 b8 Aug 26 18:32:54.321520: | 87 58 4b 52 09 67 28 73 a6 2c 2f aa 15 22 19 dd Aug 26 18:32:54.321521: | c9 d6 b0 32 48 e7 3d a6 2b 45 48 49 96 5f bf 22 Aug 26 18:32:54.321524: | 4f 96 43 ca eb a5 32 0f 81 76 e4 b8 55 ba ce 8c Aug 26 18:32:54.321525: | f4 06 b7 71 7f 63 dc 8c fa bb cb 44 9d 03 cb 97 Aug 26 18:32:54.321527: | b4 62 9b bd e1 6c 69 88 f8 66 6c 00 11 e7 9f e5 Aug 26 18:32:54.321528: | 0a d7 f4 1f 8f 99 d9 36 ff 7d 82 6d 95 d1 15 aa Aug 26 18:32:54.321529: | 22 ef e3 ab ff d6 14 2a 20 20 61 ea cc af f3 27 Aug 26 18:32:54.321531: | 0f 15 b8 42 ca 3f c5 c1 5b 7a 54 a6 92 c7 6b ef Aug 26 18:32:54.321532: | a3 ac 75 fc 66 56 ef fe 7e e3 00 68 ac 7c bc 6f Aug 26 18:32:54.321534: | e5 cd d2 21 00 5d ff 06 f7 76 f4 bc 74 d1 17 42 Aug 26 18:32:54.321535: | dc f0 af 97 62 d4 b5 3d 0e 5f da 64 6d ca e1 ac Aug 26 18:32:54.321537: | e3 e4 f4 4d 13 12 39 d3 5a e3 07 d5 30 fb 81 b9 Aug 26 18:32:54.321538: | 94 7a 65 2e f6 57 7c ff 3b 3e a4 02 57 ca b2 2b Aug 26 18:32:54.321540: | 7f b3 cc b9 f6 86 80 27 9b 8b 8a d4 e2 c5 69 60 Aug 26 18:32:54.321541: | 6d ab 0c 0a 01 6d 8a 3f 32 6f 50 21 ff 28 c9 f3 Aug 26 18:32:54.321542: | 7a 99 6d 49 51 4e e9 11 8a 66 d4 b6 cf ca d7 ae Aug 26 18:32:54.321544: | e2 c0 a4 98 ce 0f b3 62 6d 18 fe 7b 84 23 7c 93 Aug 26 18:32:54.321545: | 77 31 1c 38 f9 f6 e5 95 ef 81 c5 4b b8 bb 4c f8 Aug 26 18:32:54.321547: | 06 15 24 61 51 63 20 d0 67 59 b5 56 64 dc 39 27 Aug 26 18:32:54.321548: | e0 92 6a 2e 1c 94 ce 6b 16 5a 2a d8 c2 af ae b6 Aug 26 18:32:54.321550: | 8f 6a 82 c6 a8 fc 90 9e 1b 95 fd 2b b2 d7 6d 7e Aug 26 18:32:54.321551: | 2e eb a6 8b ef f7 20 cd 1a 13 09 e1 3f d3 a6 0c Aug 26 18:32:54.321553: | 6c 4d ef 24 3b e1 3a ec 93 65 06 26 cd 1f 31 a5 Aug 26 18:32:54.321554: | 5a d0 1c 53 12 0a d0 89 75 fd e0 b2 33 67 d4 33 Aug 26 18:32:54.321556: | 30 d5 ad 38 ff 42 2e c5 66 0b 79 12 69 b2 4c 6f Aug 26 18:32:54.321557: | 00 d6 75 2c 2c b1 2b 0d cf 48 6e e3 e4 0e 5c 39 Aug 26 18:32:54.321558: | 00 10 af 9d ff 06 53 42 92 44 8f 47 64 1f 74 b9 Aug 26 18:32:54.321560: | 51 0a 88 01 26 da 95 98 25 87 24 c4 1d 86 71 79 Aug 26 18:32:54.321561: | 1c 0b 9b e9 c2 47 fd 96 a1 eb c3 8d e7 dd e3 11 Aug 26 18:32:54.321563: | 9f 22 e8 d0 d8 58 04 8b 3a ab 33 98 9d be d2 8f Aug 26 18:32:54.321564: | bc 78 e9 bf 7e 5b 28 39 5a 9b 13 42 ec 2e d6 00 Aug 26 18:32:54.321566: | a4 73 a4 b6 6e 79 0c 8b 1e a8 9e e9 b6 ea 24 d1 Aug 26 18:32:54.321567: | f1 b7 75 23 b8 93 c9 1c 5d 7c cf 9a ad 2e 32 ae Aug 26 18:32:54.321569: | 64 63 a8 e5 d0 e5 a4 80 52 af 61 0d ab ce 30 4d Aug 26 18:32:54.321570: | b0 d5 9b fd f8 d1 fa 85 a0 ad 38 c3 ca 68 f8 65 Aug 26 18:32:54.321571: | 79 ce cc 10 d4 c9 6a 3e e0 f2 fb 19 fd 9a 1f b9 Aug 26 18:32:54.321573: | 38 17 5a 43 c7 6e 9a fa d2 1a f4 b1 d9 1b 26 c9 Aug 26 18:32:54.321574: | 56 d9 8e 43 b1 29 96 0a 15 59 5b 88 08 4f 36 d4 Aug 26 18:32:54.321576: | c7 3d fe d7 f3 54 f1 3c c0 2f 14 3e eb 8a ad c3 Aug 26 18:32:54.321577: | e4 31 f4 02 7f 92 8a df 16 09 c1 5d bd b3 fd ca Aug 26 18:32:54.321579: | 60 98 9d 15 d8 90 aa c8 0d e2 18 57 92 a6 17 6e Aug 26 18:32:54.321580: | 4f c7 c6 56 e7 ee 77 28 09 b9 fb eb 3a ff d3 2e Aug 26 18:32:54.321582: | 3d 18 5a db 5a 15 d1 68 e0 04 87 45 d2 4a 60 52 Aug 26 18:32:54.321583: | bf 80 38 77 db 84 bf 91 01 c5 5b da 36 5b 5f cf Aug 26 18:32:54.321584: | 2a bc 84 69 40 6b c7 62 c0 23 43 0c 9f 52 c9 a9 Aug 26 18:32:54.321586: | 3a 5a 19 22 6f 10 c8 0f 08 22 c9 15 c3 6e e6 c0 Aug 26 18:32:54.321587: | 57 06 99 37 d2 50 30 2f c1 b0 d8 8f 98 1e e2 fd Aug 26 18:32:54.321589: | 17 12 be 19 3a 8e b6 cd 35 5e e5 4d fe 29 e7 3a Aug 26 18:32:54.321590: | 3a 70 83 df 64 07 5b 65 ad 73 22 e1 b5 9b 87 3d Aug 26 18:32:54.321592: | 3f 18 e6 3f 00 4f fa e5 f8 82 d3 b6 5d c9 84 b1 Aug 26 18:32:54.321593: | 4b a1 80 83 60 c9 3b 83 31 01 51 8a 58 64 a5 ba Aug 26 18:32:54.321595: | 37 96 cf 62 0a ed e2 88 d9 47 48 bc 0e 2c b8 54 Aug 26 18:32:54.321596: | f5 0d e7 1d bf c5 09 b2 50 f9 03 cb 1e 34 0f d3 Aug 26 18:32:54.321598: | 79 08 2a 21 e2 c6 9d 0e 74 ca a0 44 4b 4e b8 c9 Aug 26 18:32:54.321600: | 6a cb 70 f1 f9 c0 29 ba aa 78 47 ea b5 2a f6 6d Aug 26 18:32:54.321601: | 90 a5 25 e5 48 48 f4 07 c5 ab f7 45 e9 e3 89 dc Aug 26 18:32:54.321603: | e5 6a 32 a2 9a fd 29 6a 45 b6 eb ca 41 49 25 64 Aug 26 18:32:54.321604: | 47 d6 bf df 24 54 4a 7a f1 59 17 1b a4 1b ca 35 Aug 26 18:32:54.321606: | 18 4b ba 70 75 ad 27 ab 80 a4 5a fe 47 f2 be 1f Aug 26 18:32:54.321607: | b2 65 2d 62 1e de 76 e1 9a bb cf ba 23 4a 40 9e Aug 26 18:32:54.321608: | 87 41 67 1c 16 78 7c 50 85 3a da 2f 02 a2 11 a2 Aug 26 18:32:54.321610: | 27 e0 db 8f 49 05 ea 4c d6 ee 6e bd db 17 73 15 Aug 26 18:32:54.321611: | 0f 96 63 09 9b 08 b8 a1 62 6e 4e 6d 0a 88 91 26 Aug 26 18:32:54.321613: | 96 9c f7 10 88 cb 15 9e b6 43 7a d5 c5 45 f7 e3 Aug 26 18:32:54.321614: | 7e a1 b6 d0 e4 d0 51 5a 23 e2 05 ab c2 f2 bb 97 Aug 26 18:32:54.321616: | 5d b4 d5 56 8d 54 f7 a4 0e 9e 78 23 ca 9d 00 dd Aug 26 18:32:54.321617: | 45 7e 79 45 64 dc 8e be b9 f7 ad e2 84 7d 02 a6 Aug 26 18:32:54.321619: | ac d1 44 b0 ee 24 64 c5 ce 45 56 a7 b0 49 49 06 Aug 26 18:32:54.321635: | de 54 24 2f 33 60 fb de bb 52 d4 cd fa cc 57 36 Aug 26 18:32:54.321637: | 9c b2 dd 78 01 2e 61 7e 44 c5 d1 25 fa 70 c1 69 Aug 26 18:32:54.321638: | ed 2a 0c 5f 80 65 57 99 50 f7 2d 46 03 3c e4 ea Aug 26 18:32:54.321640: | fd d8 a9 54 20 e6 bb cb c5 b7 cf 94 c7 3c 78 13 Aug 26 18:32:54.321641: | fb f0 5f bf 7f 63 38 dd 40 bd 74 f1 Aug 26 18:32:54.321645: | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) Aug 26 18:32:54.321647: | **parse ISAKMP Message: Aug 26 18:32:54.321649: | initiator cookie: Aug 26 18:32:54.321651: | b4 b9 92 b1 8c d6 51 ed Aug 26 18:32:54.321652: | responder cookie: Aug 26 18:32:54.321654: | 11 de db 08 7f 65 6e 7d Aug 26 18:32:54.321655: | next payload type: ISAKMP_NEXT_ID (0x5) Aug 26 18:32:54.321657: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 18:32:54.321659: | exchange type: ISAKMP_XCHG_IDPROT (0x2) Aug 26 18:32:54.321661: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 18:32:54.321663: | Message ID: 0 (0x0) Aug 26 18:32:54.321664: | length: 2028 (0x7ec) Aug 26 18:32:54.321666: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) Aug 26 18:32:54.321669: | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) Aug 26 18:32:54.321673: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in process_v1_packet() at ikev1.c:1459) Aug 26 18:32:54.321675: | #1 is idle Aug 26 18:32:54.321676: | #1 idle Aug 26 18:32:54.321678: | received encrypted packet from 192.1.3.33:500 Aug 26 18:32:54.321691: | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x220 opt: 0x20c0 Aug 26 18:32:54.321694: | ***parse ISAKMP Identification Payload: Aug 26 18:32:54.321695: | next payload type: ISAKMP_NEXT_CERT (0x6) Aug 26 18:32:54.321697: | length: 193 (0xc1) Aug 26 18:32:54.321699: | ID type: ID_DER_ASN1_DN (0x9) Aug 26 18:32:54.321700: | DOI specific A: 0 (0x0) Aug 26 18:32:54.321702: | DOI specific B: 0 (0x0) Aug 26 18:32:54.321704: | obj: 30 81 b6 31 0b 30 09 06 03 55 04 06 13 02 43 41 Aug 26 18:32:54.321705: | obj: 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 Aug 26 18:32:54.321707: | obj: 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 Aug 26 18:32:54.321708: | obj: 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c Aug 26 18:32:54.321710: | obj: 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 Aug 26 18:32:54.321711: | obj: 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 Aug 26 18:32:54.321713: | obj: 6e 74 31 24 30 22 06 03 55 04 03 0c 1b 6e 6f 72 Aug 26 18:32:54.321714: | obj: 74 68 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 Aug 26 18:32:54.321716: | obj: 73 77 61 6e 2e 6f 72 67 31 2f 30 2d 06 09 2a 86 Aug 26 18:32:54.321717: | obj: 48 86 f7 0d 01 09 01 16 20 75 73 65 72 2d 6e 6f Aug 26 18:32:54.321719: | obj: 72 74 68 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 Aug 26 18:32:54.321722: | obj: 65 73 77 61 6e 2e 6f 72 67 Aug 26 18:32:54.321724: | got payload 0x40 (ISAKMP_NEXT_CERT) needed: 0x200 opt: 0x20c0 Aug 26 18:32:54.321738: | ***parse ISAKMP Certificate Payload: Aug 26 18:32:54.321740: | next payload type: ISAKMP_NEXT_CR (0x7) Aug 26 18:32:54.321742: | length: 1232 (0x4d0) Aug 26 18:32:54.321743: | cert encoding: CERT_X509_SIGNATURE (0x4) Aug 26 18:32:54.321745: | got payload 0x80 (ISAKMP_NEXT_CR) needed: 0x200 opt: 0x20c0 Aug 26 18:32:54.321747: | ***parse ISAKMP Certificate RequestPayload: Aug 26 18:32:54.321765: | next payload type: ISAKMP_NEXT_SIG (0x9) Aug 26 18:32:54.321767: | length: 180 (0xb4) Aug 26 18:32:54.321768: | cert type: CERT_X509_SIGNATURE (0x4) Aug 26 18:32:54.321770: | got payload 0x200 (ISAKMP_NEXT_SIG) needed: 0x200 opt: 0x20c0 Aug 26 18:32:54.321772: | ***parse ISAKMP Signature Payload: Aug 26 18:32:54.321786: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:32:54.321788: | length: 388 (0x184) Aug 26 18:32:54.321789: | removing 7 bytes of padding Aug 26 18:32:54.321791: | message 'main_inI3_outR3' HASH payload not checked early Aug 26 18:32:54.321794: | DER ASN1 DN: 30 81 b6 31 0b 30 09 06 03 55 04 06 13 02 43 41 Aug 26 18:32:54.321796: | DER ASN1 DN: 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 Aug 26 18:32:54.321797: | DER ASN1 DN: 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 Aug 26 18:32:54.321799: | DER ASN1 DN: 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c Aug 26 18:32:54.321800: | DER ASN1 DN: 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 Aug 26 18:32:54.321802: | DER ASN1 DN: 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 Aug 26 18:32:54.321803: | DER ASN1 DN: 6e 74 31 24 30 22 06 03 55 04 03 0c 1b 6e 6f 72 Aug 26 18:32:54.321805: | DER ASN1 DN: 74 68 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 Aug 26 18:32:54.321806: | DER ASN1 DN: 73 77 61 6e 2e 6f 72 67 31 2f 30 2d 06 09 2a 86 Aug 26 18:32:54.321808: | DER ASN1 DN: 48 86 f7 0d 01 09 01 16 20 75 73 65 72 2d 6e 6f Aug 26 18:32:54.321809: | DER ASN1 DN: 72 74 68 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 Aug 26 18:32:54.321811: | DER ASN1 DN: 65 73 77 61 6e 2e 6f 72 67 Aug 26 18:32:54.321817: "northnet-eastnets/0x2" #1: Peer ID is ID_DER_ASN1_DN: 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' Aug 26 18:32:54.321821: | global one-shot timer EVENT_FREE_ROOT_CERTS scheduled in 300 seconds Aug 26 18:32:54.321824: loading root certificate cache Aug 26 18:32:54.324202: | spent 2.34 milliseconds in get_root_certs() calling PK11_ListCertsInSlot() Aug 26 18:32:54.324225: | spent 0.0135 milliseconds in get_root_certs() filtering CAs Aug 26 18:32:54.324230: | #1 spent 2.38 milliseconds in find_and_verify_certs() calling get_root_certs() Aug 26 18:32:54.324233: | checking for known CERT payloads Aug 26 18:32:54.324235: | saving certificate of type 'X509_SIGNATURE' Aug 26 18:32:54.324261: | decoded cert: E=user-north@testing.libreswan.org,CN=north.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA Aug 26 18:32:54.324265: | #1 spent 0.0317 milliseconds in find_and_verify_certs() calling decode_cert_payloads() Aug 26 18:32:54.324268: | cert_issuer_has_current_crl: looking for a CRL issued by E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA Aug 26 18:32:54.324322: | #1 spent 0.0321 milliseconds in find_and_verify_certs() calling crl_update_check() Aug 26 18:32:54.324326: | missing or expired CRL Aug 26 18:32:54.324330: | crl_strict: 0, ocsp: 0, ocsp_strict: 0, ocsp_post: 0 Aug 26 18:32:54.324332: | verify_end_cert trying profile IPsec Aug 26 18:32:54.324445: | certificate is valid (profile IPsec) Aug 26 18:32:54.324451: | #1 spent 0.12 milliseconds in find_and_verify_certs() calling verify_end_cert() Aug 26 18:32:54.324454: "northnet-eastnets/0x2" #1: certificate verified OK: E=user-north@testing.libreswan.org,CN=north.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA Aug 26 18:32:54.324503: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55e2115821d8 Aug 26 18:32:54.324508: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55e211582028 Aug 26 18:32:54.324509: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55e211581e78 Aug 26 18:32:54.324598: | unreference key: 0x55e2115824d8 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org cnt 1-- Aug 26 18:32:54.324605: | #1 spent 0.145 milliseconds in decode_certs() calling add_pubkey_from_nss_cert() Aug 26 18:32:54.324608: | #1 spent 2.76 milliseconds in decode_certs() Aug 26 18:32:54.324615: | ID_DER_ASN1_DN 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' needs further ID comparison against 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' Aug 26 18:32:54.324617: | ID_DER_ASN1_DN 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' matched our ID Aug 26 18:32:54.324619: | SAN ID matched, updating that.cert Aug 26 18:32:54.324621: | X509: CERT and ID matches current connection Aug 26 18:32:54.324623: | CR 30 81 ac 31 0b 30 09 06 03 55 04 06 13 02 43 41 Aug 26 18:32:54.324624: | CR 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 Aug 26 18:32:54.324626: | CR 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 Aug 26 18:32:54.324627: | CR 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c Aug 26 18:32:54.324629: | CR 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 Aug 26 18:32:54.324630: | CR 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 Aug 26 18:32:54.324632: | CR 6e 74 31 25 30 23 06 03 55 04 03 0c 1c 4c 69 62 Aug 26 18:32:54.324633: | CR 72 65 73 77 61 6e 20 74 65 73 74 20 43 41 20 66 Aug 26 18:32:54.324635: | CR 6f 72 20 6d 61 69 6e 63 61 31 24 30 22 06 09 2a Aug 26 18:32:54.324636: | CR 86 48 86 f7 0d 01 09 01 16 15 74 65 73 74 69 6e Aug 26 18:32:54.324637: | CR 67 40 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 Aug 26 18:32:54.324641: | requested CA: 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:32:54.324644: | refine_host_connection for IKEv1: starting with "northnet-eastnets/0x2" Aug 26 18:32:54.324648: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:32:54.324651: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:32:54.324655: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:32:54.324658: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:32:54.324660: | refine_host_connection: happy with starting point: "northnet-eastnets/0x2" Aug 26 18:32:54.324661: | The remote did not specify an IDr and our current connection is good enough Aug 26 18:32:54.324665: | offered CA: 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:32:54.324690: | required RSA CA is 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:32:54.324697: | checking RSA keyid 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' for match with 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' Aug 26 18:32:54.324702: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:32:54.324706: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:32:54.324709: | key issuer CA is 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:32:54.324815: | an RSA Sig check passed with *AwEAAcBZv [remote certificates] Aug 26 18:32:54.324819: | #1 spent 0.106 milliseconds in try_all_RSA_keys() trying a pubkey Aug 26 18:32:54.324821: "northnet-eastnets/0x2" #1: Authenticated using RSA Aug 26 18:32:54.324823: | thinking about whether to send my certificate: Aug 26 18:32:54.324825: | I have RSA key: OAKLEY_RSA_SIG cert.type: CERT_X509_SIGNATURE Aug 26 18:32:54.324827: | sendcert: CERT_ALWAYSSEND and I did not get a certificate request Aug 26 18:32:54.324828: | so send cert. Aug 26 18:32:54.324832: | **emit ISAKMP Message: Aug 26 18:32:54.324834: | initiator cookie: Aug 26 18:32:54.324836: | b4 b9 92 b1 8c d6 51 ed Aug 26 18:32:54.324837: | responder cookie: Aug 26 18:32:54.324839: | 11 de db 08 7f 65 6e 7d Aug 26 18:32:54.324841: | next payload type: ISAKMP_NEXT_ID (0x5) Aug 26 18:32:54.324842: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 18:32:54.324844: | exchange type: ISAKMP_XCHG_IDPROT (0x2) Aug 26 18:32:54.324846: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 18:32:54.324848: | Message ID: 0 (0x0) Aug 26 18:32:54.324850: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:32:54.324851: | next payload chain: ignoring supplied 'ISAKMP Message'.'next payload type' value 5:ISAKMP_NEXT_ID Aug 26 18:32:54.324854: | ***emit ISAKMP Identification Payload (IPsec DOI): Aug 26 18:32:54.324856: | next payload type: ISAKMP_NEXT_CERT (0x6) Aug 26 18:32:54.324857: | ID type: ID_DER_ASN1_DN (0x9) Aug 26 18:32:54.324859: | Protocol ID: 0 (0x0) Aug 26 18:32:54.324860: | port: 0 (0x0) Aug 26 18:32:54.324862: | next payload chain: ignoring supplied 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' value 6:ISAKMP_NEXT_CERT Aug 26 18:32:54.324864: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) Aug 26 18:32:54.324866: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' Aug 26 18:32:54.324869: | emitting 183 raw bytes of my identity into ISAKMP Identification Payload (IPsec DOI) Aug 26 18:32:54.324870: | my identity 30 81 b4 31 0b 30 09 06 03 55 04 06 13 02 43 41 Aug 26 18:32:54.324872: | my identity 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 Aug 26 18:32:54.324873: | my identity 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 Aug 26 18:32:54.324875: | my identity 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c Aug 26 18:32:54.324876: | my identity 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 Aug 26 18:32:54.324878: | my identity 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 Aug 26 18:32:54.324879: | my identity 6e 74 31 23 30 21 06 03 55 04 03 0c 1a 65 61 73 Aug 26 18:32:54.324881: | my identity 74 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 Aug 26 18:32:54.324882: | my identity 77 61 6e 2e 6f 72 67 31 2e 30 2c 06 09 2a 86 48 Aug 26 18:32:54.324884: | my identity 86 f7 0d 01 09 01 16 1f 75 73 65 72 2d 65 61 73 Aug 26 18:32:54.324885: | my identity 74 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 Aug 26 18:32:54.324887: | my identity 77 61 6e 2e 6f 72 67 Aug 26 18:32:54.324888: | emitting length of ISAKMP Identification Payload (IPsec DOI): 191 Aug 26 18:32:54.324890: "northnet-eastnets/0x2" #1: I am sending my cert Aug 26 18:32:54.324892: | ***emit ISAKMP Certificate Payload: Aug 26 18:32:54.324894: | next payload type: ISAKMP_NEXT_SIG (0x9) Aug 26 18:32:54.324897: | cert encoding: CERT_X509_SIGNATURE (0x4) Aug 26 18:32:54.324899: | next payload chain: ignoring supplied 'ISAKMP Certificate Payload'.'next payload type' value 9:ISAKMP_NEXT_SIG Aug 26 18:32:54.324901: | next payload chain: setting previous 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' to current ISAKMP Certificate Payload (6:ISAKMP_NEXT_CERT) Aug 26 18:32:54.324903: | next payload chain: saving location 'ISAKMP Certificate Payload'.'next payload type' in 'reply packet' Aug 26 18:32:54.324905: | emitting 1260 raw bytes of CERT into ISAKMP Certificate Payload Aug 26 18:32:54.324907: | CERT 30 82 04 e8 30 82 04 51 a0 03 02 01 02 02 01 03 Aug 26 18:32:54.324908: | CERT 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 Aug 26 18:32:54.324910: | CERT 81 ac 31 0b 30 09 06 03 55 04 06 13 02 43 41 31 Aug 26 18:32:54.324911: | CERT 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 69 Aug 26 18:32:54.324913: | CERT 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 6f Aug 26 18:32:54.324914: | CERT 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c 69 Aug 26 18:32:54.324915: | CERT 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 0b Aug 26 18:32:54.324917: | CERT 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 6e Aug 26 18:32:54.324918: | CERT 74 31 25 30 23 06 03 55 04 03 0c 1c 4c 69 62 72 Aug 26 18:32:54.324920: | CERT 65 73 77 61 6e 20 74 65 73 74 20 43 41 20 66 6f Aug 26 18:32:54.324921: | CERT 72 20 6d 61 69 6e 63 61 31 24 30 22 06 09 2a 86 Aug 26 18:32:54.324923: | CERT 48 86 f7 0d 01 09 01 16 15 74 65 73 74 69 6e 67 Aug 26 18:32:54.324924: | CERT 40 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 30 22 Aug 26 18:32:54.324926: | CERT 18 0f 32 30 31 39 30 38 32 34 30 39 30 37 35 33 Aug 26 18:32:54.324927: | CERT 5a 18 0f 32 30 32 32 30 38 32 33 30 39 30 37 35 Aug 26 18:32:54.324929: | CERT 33 5a 30 81 b4 31 0b 30 09 06 03 55 04 06 13 02 Aug 26 18:32:54.324930: | CERT 43 41 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 Aug 26 18:32:54.324932: | CERT 61 72 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 Aug 26 18:32:54.324933: | CERT 6f 72 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c Aug 26 18:32:54.324935: | CERT 09 4c 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 Aug 26 18:32:54.324936: | CERT 55 04 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 Aug 26 18:32:54.324955: | CERT 6d 65 6e 74 31 23 30 21 06 03 55 04 03 0c 1a 65 Aug 26 18:32:54.324957: | CERT 61 73 74 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 Aug 26 18:32:54.324958: | CERT 65 73 77 61 6e 2e 6f 72 67 31 2e 30 2c 06 09 2a Aug 26 18:32:54.324960: | CERT 86 48 86 f7 0d 01 09 01 16 1f 75 73 65 72 2d 65 Aug 26 18:32:54.324961: | CERT 61 73 74 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 Aug 26 18:32:54.324963: | CERT 65 73 77 61 6e 2e 6f 72 67 30 82 01 a2 30 0d 06 Aug 26 18:32:54.324977: | CERT 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 8f Aug 26 18:32:54.324978: | CERT 00 30 82 01 8a 02 82 01 81 00 b1 1e 7c b3 bf 11 Aug 26 18:32:54.324980: | CERT 96 94 23 ca 97 5e c7 66 36 55 71 49 95 8d 0c 2a Aug 26 18:32:54.324981: | CERT 5c 30 4d 58 29 a3 7b 4d 3b 3f 03 06 46 a6 04 63 Aug 26 18:32:54.324983: | CERT 71 0d e1 59 4f 9c ec 3a 17 24 8d 91 6a a8 e2 da Aug 26 18:32:54.324984: | CERT 57 41 de f4 ff 65 bf f6 11 34 d3 7d 5a 7f 6e 3a Aug 26 18:32:54.324986: | CERT 3b 74 3c 51 2b e4 bf ce 6b b2 14 47 26 52 f5 57 Aug 26 18:32:54.324987: | CERT 28 bc c5 fb f9 bc 2d 4e b9 f8 46 54 c7 95 41 a7 Aug 26 18:32:54.324989: | CERT a4 b4 d3 b3 fe 55 4b df f5 c3 78 39 8b 4e 04 57 Aug 26 18:32:54.324990: | CERT c0 1d 5b 17 3c 28 eb 40 9d 1d 7c b3 bb 0f f0 63 Aug 26 18:32:54.324992: | CERT c7 c0 84 b0 4e e4 a9 7c c5 4b 08 43 a6 2d 00 22 Aug 26 18:32:54.324993: | CERT fd 98 d4 03 d0 ad 97 85 d1 48 15 d3 e4 e5 2d 46 Aug 26 18:32:54.324995: | CERT 7c ab 41 97 05 27 61 77 3d b6 b1 58 a0 5f e0 8d Aug 26 18:32:54.324996: | CERT 26 84 9b 03 20 ce 5e 27 7f 7d 14 03 b6 9d 6b 9f Aug 26 18:32:54.324998: | CERT fd 0c d4 c7 2d eb be ea 62 87 fa 99 e0 a6 1c 85 Aug 26 18:32:54.325000: | CERT 4f 34 da 93 2e 5f db 03 10 58 a8 c4 99 17 2d b1 Aug 26 18:32:54.325002: | CERT bc e5 7b bd af 0e 28 aa a5 74 ea 69 74 5e fa 2c Aug 26 18:32:54.325003: | CERT c3 00 3c 2f 58 d0 20 cf e3 46 8d de aa f9 f7 30 Aug 26 18:32:54.325005: | CERT 5c 16 05 04 89 4c 92 9b 8a 33 11 70 83 17 58 24 Aug 26 18:32:54.325006: | CERT 2a 4b ab be b6 ec 84 9c 78 9c 11 04 2a 02 ce 27 Aug 26 18:32:54.325007: | CERT 83 a1 1f 2b 38 3f 27 7d 46 94 63 ff 64 59 4e 6c Aug 26 18:32:54.325009: | CERT 87 ca 3e e6 31 df 1e 7d 48 88 02 c7 9d fa 4a d7 Aug 26 18:32:54.325010: | CERT f2 5b a5 fd 7f 1b c6 dc 1a bb a6 c4 f8 32 cd bf Aug 26 18:32:54.325012: | CERT a7 0b 71 8b 2b 31 41 17 25 a4 18 52 7d 32 fc 0f Aug 26 18:32:54.325013: | CERT 5f b8 bb ca e1 94 1a 42 4d 1f 37 16 67 84 ae b4 Aug 26 18:32:54.325015: | CERT 32 42 9c 5a 91 71 62 b4 4b 07 02 03 01 00 01 a3 Aug 26 18:32:54.325016: | CERT 82 01 06 30 82 01 02 30 09 06 03 55 1d 13 04 02 Aug 26 18:32:54.325018: | CERT 30 00 30 47 06 03 55 1d 11 04 40 30 3e 82 1a 65 Aug 26 18:32:54.325019: | CERT 61 73 74 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 Aug 26 18:32:54.325021: | CERT 65 73 77 61 6e 2e 6f 72 67 81 1a 65 61 73 74 40 Aug 26 18:32:54.325022: | CERT 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 Aug 26 18:32:54.325024: | CERT 6e 2e 6f 72 67 87 04 c0 01 02 17 30 0b 06 03 55 Aug 26 18:32:54.325025: | CERT 1d 0f 04 04 03 02 07 80 30 1d 06 03 55 1d 25 04 Aug 26 18:32:54.325027: | CERT 16 30 14 06 08 2b 06 01 05 05 07 03 01 06 08 2b Aug 26 18:32:54.325028: | CERT 06 01 05 05 07 03 02 30 41 06 08 2b 06 01 05 05 Aug 26 18:32:54.325029: | CERT 07 01 01 04 35 30 33 30 31 06 08 2b 06 01 05 05 Aug 26 18:32:54.325031: | CERT 07 30 01 86 25 68 74 74 70 3a 2f 2f 6e 69 63 2e Aug 26 18:32:54.325032: | CERT 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 Aug 26 18:32:54.325034: | CERT 6e 2e 6f 72 67 3a 32 35 36 30 30 3d 06 03 55 1d Aug 26 18:32:54.325035: | CERT 1f 04 36 30 34 30 32 a0 30 a0 2e 86 2c 68 74 74 Aug 26 18:32:54.325037: | CERT 70 3a 2f 2f 6e 69 63 2e 74 65 73 74 69 6e 67 2e Aug 26 18:32:54.325038: | CERT 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 2f 72 65 Aug 26 18:32:54.325040: | CERT 76 6f 6b 65 64 2e 63 72 6c 30 0d 06 09 2a 86 48 Aug 26 18:32:54.325041: | CERT 86 f7 0d 01 01 0b 05 00 03 81 81 00 3a 56 a3 7d Aug 26 18:32:54.325043: | CERT b1 4e 62 2f 82 0d e3 fe 74 40 ef cb eb 93 ea ad Aug 26 18:32:54.325044: | CERT e4 74 8b 80 6f ae 8b 65 87 12 a6 24 0d 21 9c 5f Aug 26 18:32:54.325046: | CERT 70 5c 6f d9 66 8d 98 8b ea 59 f8 96 52 6a 6c 86 Aug 26 18:32:54.325047: | CERT d6 7d ba 37 a9 8c 33 8c 77 18 23 0b 1b 2a 66 47 Aug 26 18:32:54.325048: | CERT e7 95 94 e6 75 84 30 d4 db b8 23 eb 89 82 a9 fd Aug 26 18:32:54.325050: | CERT ed 46 8b ce 46 7f f9 19 8f 49 da 29 2e 1e 97 cd Aug 26 18:32:54.325051: | CERT 12 42 86 c7 57 fc 4f 0a 19 26 8a a1 0d 26 81 4d Aug 26 18:32:54.325053: | CERT 53 f4 5c 92 a1 03 03 8d 6c 51 33 cc Aug 26 18:32:54.325055: | emitting length of ISAKMP Certificate Payload: 1265 Aug 26 18:32:54.325077: | started looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org of kind PKK_RSA Aug 26 18:32:54.325115: | searching for certificate PKK_RSA:AwEAAbEef vs PKK_RSA:AwEAAbEef Aug 26 18:32:54.330743: | ***emit ISAKMP Signature Payload: Aug 26 18:32:54.330753: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:32:54.330756: | next payload chain: setting previous 'ISAKMP Certificate Payload'.'next payload type' to current ISAKMP Signature Payload (9:ISAKMP_NEXT_SIG) Aug 26 18:32:54.330758: | next payload chain: saving location 'ISAKMP Signature Payload'.'next payload type' in 'reply packet' Aug 26 18:32:54.330760: | emitting 384 raw bytes of SIG_R into ISAKMP Signature Payload Aug 26 18:32:54.330764: | SIG_R 78 2d 64 88 e7 45 fc 23 df 30 3c c5 d1 b0 49 15 Aug 26 18:32:54.330766: | SIG_R 2d f0 23 23 15 da fd 37 ca de 01 b9 93 84 30 72 Aug 26 18:32:54.330767: | SIG_R f6 7b 7e d4 37 68 cb a9 7d 08 5f 91 8f ce 61 8f Aug 26 18:32:54.330769: | SIG_R fe d5 f8 ed e8 8d f9 13 7b dd f2 04 c4 3f 62 44 Aug 26 18:32:54.330770: | SIG_R 0a 60 f9 b9 37 5a 91 fd a9 63 00 23 0b dc 31 dd Aug 26 18:32:54.330772: | SIG_R c9 4a 29 fb 01 7c 55 cd ab 77 e2 c7 3b a1 d0 38 Aug 26 18:32:54.330773: | SIG_R 10 53 95 7b 5f a4 1b 4f 14 ab de 4c 6b 55 b8 2a Aug 26 18:32:54.330775: | SIG_R 82 4a 98 ab b3 e8 83 c8 7f 3f d0 81 9a 86 0e 0d Aug 26 18:32:54.330776: | SIG_R 3b ec 5f 78 1f 65 03 4b bc ad 29 40 9c b8 74 b1 Aug 26 18:32:54.330778: | SIG_R 86 64 ec 94 29 1c eb 1e d2 36 c6 ac 25 2c 13 48 Aug 26 18:32:54.330779: | SIG_R bf 1e 62 cf 57 c0 f8 27 c1 8e 99 25 48 8a 6c 85 Aug 26 18:32:54.330781: | SIG_R 3e a1 35 c8 7a 11 47 21 ad b5 4c b2 ce 2c 80 62 Aug 26 18:32:54.330782: | SIG_R 9f b6 d7 d4 1c 66 42 c9 10 3d 9e a9 39 52 64 2f Aug 26 18:32:54.330783: | SIG_R 00 53 a9 e3 7c e8 9c 98 8f 3e ad da 02 09 0f db Aug 26 18:32:54.330785: | SIG_R 75 55 ef 40 74 64 78 fa 86 0f a2 45 ba 8c 27 8a Aug 26 18:32:54.330786: | SIG_R 34 e0 43 b2 9d 09 66 25 87 39 08 de 61 75 37 7d Aug 26 18:32:54.330788: | SIG_R 55 c3 4e 1f bb bd 33 14 ff 6f ae e3 62 32 96 f4 Aug 26 18:32:54.330789: | SIG_R 22 51 f3 42 c2 29 e1 e1 fa 79 dc c8 46 6d 51 8e Aug 26 18:32:54.330791: | SIG_R 84 36 71 5d f5 be 03 b6 00 64 d2 bd 57 5d 16 fd Aug 26 18:32:54.330792: | SIG_R 0e 74 57 ba d8 fc fe a1 53 33 30 cd 4a 4f 8f c3 Aug 26 18:32:54.330794: | SIG_R c2 d3 fd 99 fb 14 9f f3 8f 4b 67 90 b4 91 ef 66 Aug 26 18:32:54.330795: | SIG_R 5f ff 2a f6 2c e4 8f 4f 30 32 80 8c 18 3c 53 2d Aug 26 18:32:54.330797: | SIG_R 41 0d 26 d5 0a d9 52 38 72 97 4e 3b 24 5d 07 d0 Aug 26 18:32:54.330798: | SIG_R 6e 54 a4 55 98 e1 59 69 8f cd 09 64 6e ad bb c2 Aug 26 18:32:54.330800: | emitting length of ISAKMP Signature Payload: 388 Aug 26 18:32:54.330802: | emitting 12 zero bytes of encryption padding into ISAKMP Message Aug 26 18:32:54.330804: | no IKEv1 message padding required Aug 26 18:32:54.330805: | emitting length of ISAKMP Message: 1884 Aug 26 18:32:54.330816: | FOR_EACH_CONNECTION_... in ISAKMP_SA_established Aug 26 18:32:54.330890: | complete v1 state transition with STF_OK Aug 26 18:32:54.330896: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in complete_v1_state_transition() at ikev1.c:2673) Aug 26 18:32:54.330898: | #1 is idle Aug 26 18:32:54.330900: | doing_xauth:no, t_xauth_client_done:no Aug 26 18:32:54.330902: | IKEv1: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3 Aug 26 18:32:54.330904: | parent state #1: MAIN_R2(open IKE SA) => MAIN_R3(established IKE SA) Aug 26 18:32:54.330906: | event_already_set, deleting event Aug 26 18:32:54.330908: | state #1 requesting EVENT_RETRANSMIT to be deleted Aug 26 18:32:54.330910: | #1 STATE_MAIN_R3: retransmits: cleared Aug 26 18:32:54.330914: | libevent_free: release ptr-libevent@0x55e21156d978 Aug 26 18:32:54.330916: | free_event_entry: release EVENT_RETRANSMIT-pe@0x55e211568fd8 Aug 26 18:32:54.330920: | sending reply packet to 192.1.3.33:500 (from 192.1.2.23:500) Aug 26 18:32:54.330929: | sending 1884 bytes for STATE_MAIN_R2 through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) Aug 26 18:32:54.330935: | b4 b9 92 b1 8c d6 51 ed 11 de db 08 7f 65 6e 7d Aug 26 18:32:54.330938: | 05 10 02 01 00 00 00 00 00 00 07 5c e9 8b c1 ae Aug 26 18:32:54.330941: | b6 51 e2 77 bc 41 d2 dc 15 3f dc 00 3e e9 07 ae Aug 26 18:32:54.330944: | fa 64 2d cd f1 13 a1 aa 6a cd 95 07 1f 78 ef 0b Aug 26 18:32:54.330947: | 54 6e 32 5e 41 28 fa 9f 04 02 17 f5 ed 97 90 da Aug 26 18:32:54.330949: | ee 4a ff d8 1a fb 94 c8 88 98 25 95 5e 8c 26 d8 Aug 26 18:32:54.330952: | 95 3b 44 3f e3 61 7b b8 fe 11 e7 f2 54 4a 2b ae Aug 26 18:32:54.330955: | f2 c2 c0 16 16 50 f2 af f8 7d f7 23 12 a8 ef 0e Aug 26 18:32:54.330960: | 75 eb d8 34 b4 13 8b 1f 4d cd 80 84 c4 ca 86 9b Aug 26 18:32:54.330963: | 80 54 f3 04 9a 50 2e b1 f6 36 c4 8a ea 34 f6 d3 Aug 26 18:32:54.330965: | ac cd 20 25 da 38 b7 3e 19 6c 06 ae 79 32 d7 77 Aug 26 18:32:54.330968: | 8b de 4d fe e1 1c 94 40 b4 94 c9 92 e5 bc 98 53 Aug 26 18:32:54.330971: | b4 aa 18 1f 40 76 a5 6e c7 ad bd d8 38 dd 13 ba Aug 26 18:32:54.330974: | 7b 8f 9c bd 0e 38 83 d9 d1 d0 fa 01 43 f2 fd 50 Aug 26 18:32:54.330977: | 65 ae 37 d2 cc e4 19 57 54 26 b5 c2 dd 41 56 2b Aug 26 18:32:54.330980: | d7 a1 21 15 41 40 54 8e 03 8e 16 f9 fe 45 91 47 Aug 26 18:32:54.330983: | 13 14 38 e7 f8 ff fa de 0c 62 e3 fa 63 9f f6 4c Aug 26 18:32:54.330985: | 82 a5 a3 2f 76 61 b5 17 dd dd 3f fb 8d b6 ca 00 Aug 26 18:32:54.330988: | 74 38 59 a5 82 a9 b5 48 d9 dc 24 08 c5 b3 d2 e3 Aug 26 18:32:54.330991: | d8 a2 dc 4c 15 52 e8 58 4b 29 27 b9 8a 72 53 26 Aug 26 18:32:54.330994: | 4e f6 0c 42 3d 72 6d 7c 43 7b dd 99 34 72 f1 24 Aug 26 18:32:54.330996: | 8d b4 1d 26 e8 3e 41 dc f2 50 1f 5c e0 93 5c 29 Aug 26 18:32:54.330997: | 6b e7 69 ca 6e ad 8f 68 15 02 1f dc 74 c0 28 fd Aug 26 18:32:54.330999: | 86 ae 94 2d 93 2a e7 f9 2f 12 51 46 06 fa b5 6f Aug 26 18:32:54.331000: | 22 f9 46 c3 85 1d 72 db a3 5b 37 e3 ad f0 cd d3 Aug 26 18:32:54.331002: | 79 e6 0f a0 d5 bd 9c d4 43 f6 2e fb 82 69 46 af Aug 26 18:32:54.331003: | f8 6c b7 80 87 07 33 14 86 34 32 e0 a2 ac 9c 94 Aug 26 18:32:54.331004: | 81 6a 4a 98 b6 05 eb ee a3 46 79 dc 64 47 1b 92 Aug 26 18:32:54.331006: | 2b 27 7c d5 49 e0 4f f7 9a ff dd 92 2a 08 e2 f8 Aug 26 18:32:54.331007: | e7 2f e7 94 c5 33 fe f7 d5 06 24 3f c5 07 0f 2c Aug 26 18:32:54.331009: | 2a 26 6f 50 cd eb 17 e2 96 b5 10 27 7c e0 ac ea Aug 26 18:32:54.331010: | d5 43 3a f8 2f f1 67 ed 6d 39 53 cc 33 8a ab bf Aug 26 18:32:54.331012: | 2f 06 fa 78 79 09 9d c6 60 47 73 3d 8d d3 5d e5 Aug 26 18:32:54.331013: | 86 12 51 3e 85 09 33 a0 80 41 5f 4f 5a d9 20 39 Aug 26 18:32:54.331015: | 99 7a 90 e1 06 34 72 04 e7 07 a9 d3 a9 79 45 b8 Aug 26 18:32:54.331016: | 92 47 50 e6 a3 77 31 75 bb e2 25 3c a3 be 5c 7d Aug 26 18:32:54.331018: | 1f 5e 3a 2f ea 32 a2 2b 7c e9 09 10 db 50 69 98 Aug 26 18:32:54.331019: | ec 66 e3 8b 5a 4e 3d 49 67 de c5 d1 f7 ba c0 ca Aug 26 18:32:54.331020: | 14 2f 85 f5 ae 1e 0a 15 37 25 a7 c3 e3 3a aa 3c Aug 26 18:32:54.331022: | cf 38 42 0d 37 57 59 8f 65 0a e8 e2 8b cd 27 d2 Aug 26 18:32:54.331023: | 44 d2 db 6d fb 06 d1 77 9d c5 c0 50 9e 60 f9 7b Aug 26 18:32:54.331025: | 9f 7c 18 56 ff a1 93 8a 52 3b 00 07 b1 ef ab 83 Aug 26 18:32:54.331026: | 20 00 b4 01 2e 8c b0 53 bc c0 ca cb ee 8d 6a 04 Aug 26 18:32:54.331028: | 3b 1a 59 38 16 57 80 97 db 8b 36 63 fc 79 c0 fb Aug 26 18:32:54.331029: | e6 84 c5 ac 8e a3 d6 d2 50 f9 5f bc 4b 53 f4 a2 Aug 26 18:32:54.331031: | 7a 1c cc e0 17 4a 0d 59 30 f2 ae 85 89 42 8f 84 Aug 26 18:32:54.331032: | 36 28 0d 58 29 dc 87 03 d5 ad b3 1d 8c ee 8e 25 Aug 26 18:32:54.331034: | 97 3a a8 33 1b 7b b2 ae a9 2f a1 f4 51 7b 61 8d Aug 26 18:32:54.331035: | 9c 62 02 69 ac ac 7d e7 83 81 7c 7a d4 65 f0 f8 Aug 26 18:32:54.331036: | 64 6b 17 85 2b ae 8c 72 19 67 b0 1a 06 01 c5 f5 Aug 26 18:32:54.331038: | 2b c3 f8 56 1a ae 28 09 50 2c b8 95 20 ef ff 98 Aug 26 18:32:54.331039: | 4f 90 a6 22 9b 8e f5 b7 d4 c5 25 e1 d3 44 23 a4 Aug 26 18:32:54.331041: | 1d 17 a7 9f 30 0e 77 04 23 0c 33 77 d0 dc f3 aa Aug 26 18:32:54.331042: | 6b 21 df 55 27 d9 29 0e 2b a5 9f 3d 51 7e 1e c8 Aug 26 18:32:54.331044: | 64 23 3a fb 9e 09 00 cc 2a 71 7c 87 60 3d 4d 63 Aug 26 18:32:54.331045: | 6d 42 d5 bc ea b8 ec 0e 60 73 b7 e4 e4 9c 24 7c Aug 26 18:32:54.331047: | e6 dc 56 88 3c 42 05 8d cb 69 62 4b 7c ce 2f 6e Aug 26 18:32:54.331048: | 22 33 1d 0f 69 20 4d 10 8f d9 9e 84 84 94 d5 34 Aug 26 18:32:54.331049: | 5b 32 fd b6 ed 1f bb 1c 9e ea d9 0d e7 aa 4c 51 Aug 26 18:32:54.331051: | 34 52 f9 f1 32 b5 d2 62 ae f7 1a cb 81 ec e9 34 Aug 26 18:32:54.331054: | 7b 5b 10 33 45 40 2f 29 bb 7d a7 07 2a 15 54 df Aug 26 18:32:54.331055: | 54 05 9c 05 dc d9 9f 71 78 c5 9b ed f8 14 dd de Aug 26 18:32:54.331057: | 48 5b d6 94 dc 61 9d a6 00 e0 fa 00 bd 4d 64 99 Aug 26 18:32:54.331058: | 08 6c b4 93 4d 60 9b 44 58 52 d4 59 11 06 6c 4e Aug 26 18:32:54.331060: | b0 97 d7 02 5c 24 cb 4a 78 2a 93 c4 c0 4a c0 af Aug 26 18:32:54.331061: | 1b a1 01 6e 87 81 a8 14 96 e8 9e 98 ba 45 23 eb Aug 26 18:32:54.331063: | 09 72 cb 20 ff ac 16 2c d0 ab eb db fd b9 04 e3 Aug 26 18:32:54.331064: | fc ac fa 28 4c de 16 cc df 1b 1b b3 c4 99 0c c2 Aug 26 18:32:54.331065: | 87 ee 44 a6 4c 7a f7 75 f8 52 49 9e 73 f4 69 7f Aug 26 18:32:54.331067: | 2c 37 4d b3 d0 0c fc 63 95 36 83 e7 3d 6d 03 89 Aug 26 18:32:54.331068: | d2 34 c2 25 65 51 18 66 03 90 7e c7 c2 4e f9 c7 Aug 26 18:32:54.331070: | b1 f2 cd 67 95 bb 3f 1b 7d 62 f6 4f 77 6f 50 11 Aug 26 18:32:54.331071: | 22 cf f0 50 81 a2 ae 7a 6d df ed 01 b1 2f 64 b7 Aug 26 18:32:54.331073: | 84 25 0e 72 11 25 0d 93 03 78 b9 df e2 71 f1 54 Aug 26 18:32:54.331074: | 73 2a ca 06 18 61 4f 19 f9 dc d2 ec e2 ab c5 36 Aug 26 18:32:54.331076: | 52 c9 67 a4 f8 1c dd 64 ed ba 6a 2d 71 02 59 ab Aug 26 18:32:54.331077: | 39 0b f7 a7 53 c4 01 f6 82 1c 46 fa 1a d7 b1 2e Aug 26 18:32:54.331079: | f1 25 f3 bb 8c 32 8a 76 51 0a 23 b3 e9 a3 78 53 Aug 26 18:32:54.331080: | 32 92 ec e5 8d 63 4b 78 7a 72 43 cd be ca c3 e0 Aug 26 18:32:54.331082: | da 97 29 d7 41 ff c1 11 8f 8a 14 ef 1a f3 9e 1a Aug 26 18:32:54.331083: | 02 42 96 cc 82 a2 12 2c 60 f0 fc 56 56 45 a9 fe Aug 26 18:32:54.331084: | 47 ff 96 4a ba 09 39 a3 38 06 0e e7 ba c7 d4 d8 Aug 26 18:32:54.331086: | 1f 05 89 b2 14 61 80 11 91 08 b2 f0 a2 c7 66 99 Aug 26 18:32:54.331087: | 37 18 26 9e e2 50 e4 46 63 2d f3 77 65 94 96 27 Aug 26 18:32:54.331089: | 8d dd f6 a4 5c b4 8b b4 41 08 50 b7 91 6c d3 b2 Aug 26 18:32:54.331090: | 13 46 d7 e6 80 01 5a b7 35 a7 69 1f 90 ff 02 82 Aug 26 18:32:54.331092: | 74 f6 b7 41 d0 fb a3 ad f3 74 89 21 64 bf 00 9c Aug 26 18:32:54.331093: | 6c 18 35 97 5e e9 1f 2a ac c7 73 a3 d6 d1 6a b6 Aug 26 18:32:54.331095: | a8 32 86 b9 a5 98 ff 0b 39 e6 fb 8a 49 12 dd c7 Aug 26 18:32:54.331096: | 1b 8b 56 56 90 15 da 76 38 72 90 22 50 cf d7 4f Aug 26 18:32:54.331098: | 3f ff 93 29 a3 1d 19 ef cf 0e 1a ac 0e 46 18 a4 Aug 26 18:32:54.331099: | 1f 5c 03 b7 6a 07 1d 8f a9 70 9c 0a f3 5a a0 e0 Aug 26 18:32:54.331101: | 19 c7 78 fe 2b cc 22 b6 5a 8c 93 b4 f1 32 3d a0 Aug 26 18:32:54.331106: | 0a dd ab 3f 53 7d 31 20 56 47 a6 2a dd d1 c8 ec Aug 26 18:32:54.331124: | 3f c3 f7 85 36 8f 2f b2 49 95 88 ea 5f c2 c0 f9 Aug 26 18:32:54.331126: | ff bd c9 22 bc 30 30 e4 01 ed 7a a4 66 62 9e 0c Aug 26 18:32:54.331128: | 7c b1 ae 90 4c c6 2f 2b 1f 32 66 c6 d6 52 8e fb Aug 26 18:32:54.331130: | 3e f9 0a fd 23 07 5d 44 9b 2f 92 a0 1a fb 65 f6 Aug 26 18:32:54.331133: | 90 fe db 09 5a 06 aa 33 2b 91 70 26 93 01 19 de Aug 26 18:32:54.331135: | 9d fd c7 4c 1e 92 94 ef cd c6 00 27 4c 7e bc 3e Aug 26 18:32:54.331137: | 88 ff b3 e0 4b 2c 89 7e b5 3b bf 57 09 d3 41 96 Aug 26 18:32:54.331139: | 5f 2a c7 d8 84 17 47 9e 7b 70 74 19 f5 ca ec 29 Aug 26 18:32:54.331141: | 16 5e c0 24 29 c4 a8 46 0a 8c 12 18 6d d0 9c be Aug 26 18:32:54.331143: | 08 f8 54 47 8a 95 79 26 f3 af 0e 13 8d 8f 8f d7 Aug 26 18:32:54.331146: | 79 ef 42 de d9 e0 9e fd 2f 01 e4 8b 3f 65 fa 81 Aug 26 18:32:54.331148: | 4d 46 59 70 e3 0a f6 59 79 26 6a 39 33 3e c9 87 Aug 26 18:32:54.331150: | 09 29 7b 58 9f 9c 5f 63 e7 77 ec 4b 68 7d e5 c4 Aug 26 18:32:54.331152: | 7e 3b 47 b8 1c 9a 68 22 ce 15 bf 3d 42 65 71 36 Aug 26 18:32:54.331154: | 61 21 2a b5 70 d7 7b 8f 07 37 5e 2b 10 e8 3a fc Aug 26 18:32:54.331157: | 06 d8 58 99 00 b3 31 be 56 8b ff da c9 05 99 09 Aug 26 18:32:54.331159: | 9a 50 8a 3f e8 eb 37 7e fc 14 8f 17 2c fe fb 14 Aug 26 18:32:54.331162: | 0d e6 69 0e 00 92 fb ea c4 3a 6b 5f 52 98 52 60 Aug 26 18:32:54.331168: | 56 ee 49 db e9 5e 6b b8 84 c3 1b cb 7f 48 d2 63 Aug 26 18:32:54.331172: | 2a 3f 6e 6d a9 0e df 40 e1 02 4e 2a 6d a1 71 26 Aug 26 18:32:54.331174: | ab 5e eb 5b fa f4 b7 6c 8d eb 1c ab 2f 8b 20 11 Aug 26 18:32:54.331176: | c7 29 85 fa 79 d4 b5 e1 c8 00 b1 94 2d a6 18 25 Aug 26 18:32:54.331178: | d0 69 3d c4 e2 f1 cd da 7d f9 6c c5 96 e2 c4 87 Aug 26 18:32:54.331180: | 60 54 74 49 36 14 60 6e 87 af cf b5 Aug 26 18:32:54.331238: | !event_already_set at reschedule Aug 26 18:32:54.331242: | event_schedule: new EVENT_SA_REPLACE-pe@0x55e211568fd8 Aug 26 18:32:54.331245: | inserting event EVENT_SA_REPLACE, timeout in 3330 seconds for #1 Aug 26 18:32:54.331247: | libevent_malloc: new ptr-libevent@0x55e211584118 size 128 Aug 26 18:32:54.331250: | pstats #1 ikev1.isakmp established Aug 26 18:32:54.331254: "northnet-eastnets/0x2" #1: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=RSA_SIG cipher=AES_CBC_256 integ=HMAC_SHA2_256 group=MODP2048} Aug 26 18:32:54.331256: | DPD: dpd_init() called on ISAKMP SA Aug 26 18:32:54.331258: | DPD: Peer supports Dead Peer Detection Aug 26 18:32:54.331259: | DPD: not initializing DPD because DPD is disabled locally Aug 26 18:32:54.331261: | modecfg pull: noquirk policy:push not-client Aug 26 18:32:54.331263: | phase 1 is done, looking for phase 2 to unpend Aug 26 18:32:54.331265: | unpending state #1 Aug 26 18:32:54.331268: | #1 spent 6.4 milliseconds Aug 26 18:32:54.331271: | #1 spent 9.39 milliseconds in process_packet_tail() Aug 26 18:32:54.331274: | stop processing: from 192.1.3.33:500 (BACKGROUND) (in process_md() at demux.c:380) Aug 26 18:32:54.331278: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in process_md() at demux.c:382) Aug 26 18:32:54.331280: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 18:32:54.331283: | spent 9.79 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:32:54.337747: | spent 0.00315 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:32:54.337770: | *received 476 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) Aug 26 18:32:54.337776: | b4 b9 92 b1 8c d6 51 ed 11 de db 08 7f 65 6e 7d Aug 26 18:32:54.337782: | 08 10 20 01 36 43 2f d8 00 00 01 dc e9 cb c5 15 Aug 26 18:32:54.337784: | 5c a1 82 06 ad 2c 45 ea 09 e6 fa 68 bc 86 0b 62 Aug 26 18:32:54.337786: | 15 d2 2d 3b 91 c8 8e fe 0d 2e f2 54 db e8 3f d9 Aug 26 18:32:54.337788: | ec 86 e2 a9 36 51 c0 43 3c cb 98 48 9c 4b 20 e0 Aug 26 18:32:54.337791: | 2e d6 8e 60 a6 7f af 52 74 47 67 9c 60 68 3c 6f Aug 26 18:32:54.337793: | b9 fd b2 e3 90 44 4e 73 7f 25 4e 1e 7d 9b d3 eb Aug 26 18:32:54.337795: | 9c e0 32 7f d5 ae 88 0e 9d db ec 48 d3 a8 0a 28 Aug 26 18:32:54.337798: | 8f 96 5f 24 fa 54 b8 d0 59 19 7e cc 7b db 9e b7 Aug 26 18:32:54.337800: | 0c 23 a3 35 15 e3 8e 7a d2 05 99 97 5a d9 86 e9 Aug 26 18:32:54.337802: | 6a 73 2c 85 f7 8b 0f 5b 35 02 60 09 da b9 03 ff Aug 26 18:32:54.337804: | 71 7c 73 2a 11 d5 a9 92 c9 44 c6 11 91 d6 2d b1 Aug 26 18:32:54.337807: | 6a 26 7a 98 c8 c6 9e 8d 43 86 27 6f 93 3c 72 dd Aug 26 18:32:54.337809: | e2 a6 2b 32 f5 4d 0b cb b8 93 e8 4a 3f a1 90 8f Aug 26 18:32:54.337811: | f8 e5 e3 90 a6 d8 b1 8a 2a 2e f7 cc 92 e5 82 7c Aug 26 18:32:54.337813: | a1 00 e3 0a 6d 62 78 6c 87 10 4f 43 bf 2c 7b 76 Aug 26 18:32:54.337815: | 59 52 35 9d 6a 60 6b 61 01 a5 80 60 73 94 36 66 Aug 26 18:32:54.337817: | aa fb ea de 1a cb 64 dc f8 7d c4 a1 cf ea 53 84 Aug 26 18:32:54.337819: | ce c4 52 ab fc ab 62 11 e3 ac 2f 46 95 31 76 e3 Aug 26 18:32:54.337821: | 4e 4f 35 fc 82 2b 55 e8 55 bb 39 b8 a5 c9 9a da Aug 26 18:32:54.337824: | 9b c1 06 18 8b 6d bb fd b4 3e 9f 93 6b 00 38 09 Aug 26 18:32:54.337826: | e9 bc 79 d2 a0 c2 f3 3a ad 51 f5 dd c7 f7 2f 80 Aug 26 18:32:54.337828: | 8a cd 44 9f 68 f9 5b 75 ee 9c d6 e3 ec c4 4c 15 Aug 26 18:32:54.337831: | b7 3c bb fd fa f1 2c f3 10 36 ad 9a 9c 49 d0 06 Aug 26 18:32:54.337836: | 60 b5 d2 a8 57 50 c4 bf a5 9b 5b 0f 67 a1 c9 d8 Aug 26 18:32:54.337839: | 5e 99 82 38 57 ae af c4 1c 66 ef de d5 05 72 b3 Aug 26 18:32:54.337841: | f1 f3 13 4a 4a 39 bc c8 7f 07 18 da 5a d3 f5 ea Aug 26 18:32:54.337843: | f4 07 31 a6 94 e9 78 ac 45 b2 76 15 76 3c 2a a5 Aug 26 18:32:54.337845: | 24 59 20 d9 4a 27 09 b1 77 f2 a9 6b 87 43 fe cb Aug 26 18:32:54.337847: | 87 15 1c ed 77 cf 1f 7f fa a5 43 a5 Aug 26 18:32:54.337852: | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) Aug 26 18:32:54.337855: | **parse ISAKMP Message: Aug 26 18:32:54.337858: | initiator cookie: Aug 26 18:32:54.337861: | b4 b9 92 b1 8c d6 51 ed Aug 26 18:32:54.337863: | responder cookie: Aug 26 18:32:54.337865: | 11 de db 08 7f 65 6e 7d Aug 26 18:32:54.337868: | next payload type: ISAKMP_NEXT_HASH (0x8) Aug 26 18:32:54.337871: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 18:32:54.337873: | exchange type: ISAKMP_XCHG_QUICK (0x20) Aug 26 18:32:54.337876: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 18:32:54.337879: | Message ID: 910372824 (0x36432fd8) Aug 26 18:32:54.337882: | length: 476 (0x1dc) Aug 26 18:32:54.337885: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32) Aug 26 18:32:54.337889: | State DB: IKEv1 state not found (find_state_ikev1) Aug 26 18:32:54.337892: | State DB: found IKEv1 state #1 in MAIN_R3 (find_state_ikev1) Aug 26 18:32:54.337898: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in process_v1_packet() at ikev1.c:1607) Aug 26 18:32:54.337914: | #1 is idle Aug 26 18:32:54.337918: | #1 idle Aug 26 18:32:54.337922: | received encrypted packet from 192.1.3.33:500 Aug 26 18:32:54.337933: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x502 opt: 0x200030 Aug 26 18:32:54.337937: | ***parse ISAKMP Hash Payload: Aug 26 18:32:54.337938: | next payload type: ISAKMP_NEXT_SA (0x1) Aug 26 18:32:54.337940: | length: 36 (0x24) Aug 26 18:32:54.337942: | got payload 0x2 (ISAKMP_NEXT_SA) needed: 0x402 opt: 0x200030 Aug 26 18:32:54.337944: | ***parse ISAKMP Security Association Payload: Aug 26 18:32:54.337946: | next payload type: ISAKMP_NEXT_NONCE (0xa) Aug 26 18:32:54.337947: | length: 84 (0x54) Aug 26 18:32:54.337949: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 18:32:54.337951: | got payload 0x400 (ISAKMP_NEXT_NONCE) needed: 0x400 opt: 0x200030 Aug 26 18:32:54.337952: | ***parse ISAKMP Nonce Payload: Aug 26 18:32:54.337954: | next payload type: ISAKMP_NEXT_KE (0x4) Aug 26 18:32:54.337955: | length: 36 (0x24) Aug 26 18:32:54.337957: | got payload 0x10 (ISAKMP_NEXT_KE) needed: 0x0 opt: 0x200030 Aug 26 18:32:54.337959: | ***parse ISAKMP Key Exchange Payload: Aug 26 18:32:54.337960: | next payload type: ISAKMP_NEXT_ID (0x5) Aug 26 18:32:54.337962: | length: 260 (0x104) Aug 26 18:32:54.337964: | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030 Aug 26 18:32:54.337965: | ***parse ISAKMP Identification Payload (IPsec DOI): Aug 26 18:32:54.337967: | next payload type: ISAKMP_NEXT_ID (0x5) Aug 26 18:32:54.337968: | length: 16 (0x10) Aug 26 18:32:54.337970: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Aug 26 18:32:54.337972: | Protocol ID: 0 (0x0) Aug 26 18:32:54.337973: | port: 0 (0x0) Aug 26 18:32:54.337975: | obj: c0 00 03 00 ff ff ff 00 Aug 26 18:32:54.337977: | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030 Aug 26 18:32:54.337978: | ***parse ISAKMP Identification Payload (IPsec DOI): Aug 26 18:32:54.337980: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:32:54.337981: | length: 16 (0x10) Aug 26 18:32:54.337983: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Aug 26 18:32:54.337985: | Protocol ID: 0 (0x0) Aug 26 18:32:54.337986: | port: 0 (0x0) Aug 26 18:32:54.337988: | obj: c0 00 16 00 ff ff ff 00 Aug 26 18:32:54.338003: | quick_inI1_outR1 HASH(1): Aug 26 18:32:54.338005: | 19 0d 1f 70 92 de 18 0e bc 4f 53 1d 2f 68 1e 57 Aug 26 18:32:54.338007: | 3c 13 84 96 20 63 8d 80 c4 c2 50 ea 65 03 a3 18 Aug 26 18:32:54.338011: | received 'quick_inI1_outR1' message HASH(1) data ok Aug 26 18:32:54.338014: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address Aug 26 18:32:54.338016: | ID address c0 00 03 00 Aug 26 18:32:54.338018: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID mask Aug 26 18:32:54.338020: | ID mask ff ff ff 00 Aug 26 18:32:54.338023: | peer client is subnet 192.0.3.0/24 Aug 26 18:32:54.338024: | peer client protocol/port is 0/0 Aug 26 18:32:54.338026: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address Aug 26 18:32:54.338028: | ID address c0 00 16 00 Aug 26 18:32:54.338029: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID mask Aug 26 18:32:54.338031: | ID mask ff ff ff 00 Aug 26 18:32:54.338033: | our client is subnet 192.0.22.0/24 Aug 26 18:32:54.338035: | our client protocol/port is 0/0 Aug 26 18:32:54.338038: "northnet-eastnets/0x2" #1: the peer proposed: 192.0.22.0/24:0/0 -> 192.0.3.0/24:0/0 Aug 26 18:32:54.338041: | find_client_connection starting with northnet-eastnets/0x2 Aug 26 18:32:54.338043: | looking for 192.0.22.0/24:0/0 -> 192.0.3.0/24:0/0 Aug 26 18:32:54.338046: | concrete checking against sr#0 192.0.22.0/24 -> 192.0.3.0/24 Aug 26 18:32:54.338056: | match_id a=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org Aug 26 18:32:54.338058: | b=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org Aug 26 18:32:54.338059: | results matched Aug 26 18:32:54.338063: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:32:54.338067: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:32:54.338071: | fc_try trying northnet-eastnets/0x2:192.0.22.0/24:0/0 -> 192.0.3.0/24:0/0 vs northnet-eastnets/0x2:192.0.22.0/24:0/0 -> 192.0.3.0/24:0/0 Aug 26 18:32:54.338077: | match_id a=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org Aug 26 18:32:54.338080: | b=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org Aug 26 18:32:54.338082: | results matched Aug 26 18:32:54.338088: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:32:54.338093: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:32:54.338098: | fc_try trying northnet-eastnets/0x2:192.0.22.0/24:0/0 -> 192.0.3.0/24:0/0 vs northnet-eastnets/0x1:192.0.2.0/24:0/0 -> 192.0.3.0/24:0/0 Aug 26 18:32:54.338102: | our client (192.0.2.0/24) not in our_net (192.0.22.0/24) Aug 26 18:32:54.338105: | fc_try concluding with northnet-eastnets/0x2 [129] Aug 26 18:32:54.338108: | fc_try northnet-eastnets/0x2 gives northnet-eastnets/0x2 Aug 26 18:32:54.338110: | concluding with d = northnet-eastnets/0x2 Aug 26 18:32:54.338113: | client wildcard: no port wildcard: no virtual: no Aug 26 18:32:54.338118: | creating state object #2 at 0x55e2115729b8 Aug 26 18:32:54.338121: | State DB: adding IKEv1 state #2 in UNDEFINED Aug 26 18:32:54.338125: | pstats #2 ikev1.ipsec started Aug 26 18:32:54.338128: | duplicating state object #1 "northnet-eastnets/0x2" as #2 for IPSEC SA Aug 26 18:32:54.338132: | #2 setting local endpoint to 192.1.2.23:500 from #1.st_localport (in duplicate_state() at state.c:1484) Aug 26 18:32:54.338136: | suspend processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in quick_inI1_outR1_tail() at ikev1_quick.c:1295) Aug 26 18:32:54.338140: | start processing: state #2 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in quick_inI1_outR1_tail() at ikev1_quick.c:1295) Aug 26 18:32:54.338143: | child state #2: UNDEFINED(ignore) => QUICK_R0(established CHILD SA) Aug 26 18:32:54.338145: | ****parse IPsec DOI SIT: Aug 26 18:32:54.338147: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) Aug 26 18:32:54.338149: | ****parse ISAKMP Proposal Payload: Aug 26 18:32:54.338151: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:32:54.338152: | length: 72 (0x48) Aug 26 18:32:54.338154: | proposal number: 0 (0x0) Aug 26 18:32:54.338156: | protocol ID: PROTO_IPSEC_ESP (0x3) Aug 26 18:32:54.338157: | SPI size: 4 (0x4) Aug 26 18:32:54.338159: | number of transforms: 2 (0x2) Aug 26 18:32:54.338161: | parsing 4 raw bytes of ISAKMP Proposal Payload into SPI Aug 26 18:32:54.338162: | SPI 9b f3 7c d9 Aug 26 18:32:54.338164: | *****parse ISAKMP Transform Payload (ESP): Aug 26 18:32:54.338166: | next payload type: ISAKMP_NEXT_T (0x3) Aug 26 18:32:54.338168: | length: 32 (0x20) Aug 26 18:32:54.338169: | ESP transform number: 0 (0x0) Aug 26 18:32:54.338171: | ESP transform ID: ESP_AES (0xc) Aug 26 18:32:54.338173: | ******parse ISAKMP IPsec DOI attribute: Aug 26 18:32:54.338176: | af+type: AF+GROUP_DESCRIPTION (0x8003) Aug 26 18:32:54.338178: | length/value: 14 (0xe) Aug 26 18:32:54.338181: | [14 is OAKLEY_GROUP_MODP2048] Aug 26 18:32:54.338184: | ******parse ISAKMP IPsec DOI attribute: Aug 26 18:32:54.338187: | af+type: AF+ENCAPSULATION_MODE (0x8004) Aug 26 18:32:54.338189: | length/value: 1 (0x1) Aug 26 18:32:54.338192: | [1 is ENCAPSULATION_MODE_TUNNEL] Aug 26 18:32:54.338195: | NAT-T non-encap: Installing IPsec SA without ENCAP, st->hidden_variables.st_nat_traversal is none Aug 26 18:32:54.338198: | ******parse ISAKMP IPsec DOI attribute: Aug 26 18:32:54.338199: | af+type: AF+SA_LIFE_TYPE (0x8001) Aug 26 18:32:54.338201: | length/value: 1 (0x1) Aug 26 18:32:54.338202: | [1 is SA_LIFE_TYPE_SECONDS] Aug 26 18:32:54.338204: | ******parse ISAKMP IPsec DOI attribute: Aug 26 18:32:54.338206: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) Aug 26 18:32:54.338207: | length/value: 28800 (0x7080) Aug 26 18:32:54.338209: | ******parse ISAKMP IPsec DOI attribute: Aug 26 18:32:54.338211: | af+type: AF+AUTH_ALGORITHM (0x8005) Aug 26 18:32:54.338212: | length/value: 2 (0x2) Aug 26 18:32:54.338214: | [2 is AUTH_ALGORITHM_HMAC_SHA1] Aug 26 18:32:54.338216: | ******parse ISAKMP IPsec DOI attribute: Aug 26 18:32:54.338217: | af+type: AF+KEY_LENGTH (0x8006) Aug 26 18:32:54.338219: | length/value: 128 (0x80) Aug 26 18:32:54.338221: | ESP IPsec Transform verified unconditionally; no alg_info to check against Aug 26 18:32:54.338226: | adding quick_outI1 KE work-order 3 for state #2 Aug 26 18:32:54.338228: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55e2115723a8 Aug 26 18:32:54.338230: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #2 Aug 26 18:32:54.338233: | libevent_malloc: new ptr-libevent@0x55e211571278 size 128 Aug 26 18:32:54.338235: | libevent_realloc: release ptr-libevent@0x55e2114f7238 Aug 26 18:32:54.338238: | libevent_realloc: new ptr-libevent@0x55e21155f218 size 128 Aug 26 18:32:54.338244: | complete v1 state transition with STF_SUSPEND Aug 26 18:32:54.338249: | [RE]START processing: state #2 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in complete_v1_state_transition() at ikev1.c:2648) Aug 26 18:32:54.338250: | crypto helper 2 resuming Aug 26 18:32:54.338252: | suspending state #2 and saving MD Aug 26 18:32:54.338263: | crypto helper 2 starting work-order 3 for state #2 Aug 26 18:32:54.338265: | #2 is busy; has a suspended MD Aug 26 18:32:54.338268: | crypto helper 2 doing build KE and nonce (quick_outI1 KE); request ID 3 Aug 26 18:32:54.338270: | #1 spent 0.251 milliseconds in process_packet_tail() Aug 26 18:32:54.338275: | stop processing: from 192.1.3.33:500 (BACKGROUND) (in process_md() at demux.c:380) Aug 26 18:32:54.338279: | stop processing: state #2 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in process_md() at demux.c:382) Aug 26 18:32:54.338284: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 18:32:54.338294: | spent 0.523 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:32:54.338306: | spent 0.00182 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:32:54.338318: | *received 476 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) Aug 26 18:32:54.338321: | b4 b9 92 b1 8c d6 51 ed 11 de db 08 7f 65 6e 7d Aug 26 18:32:54.338324: | 08 10 20 01 f1 9e c5 42 00 00 01 dc 8f 03 06 5b Aug 26 18:32:54.338326: | f0 49 5f de 0c 96 8b d3 65 b6 5b 12 25 34 10 d9 Aug 26 18:32:54.338329: | 83 9d ea f9 3b c9 3d 75 a6 c9 27 c6 f7 19 7d 05 Aug 26 18:32:54.338331: | 53 89 f1 45 ef 7e 32 73 e6 1b 77 9d db 9d a9 d5 Aug 26 18:32:54.338334: | af 4e b3 9d 76 0c 03 14 76 66 d2 24 0a 5d 7a 49 Aug 26 18:32:54.338336: | b8 c9 23 7d 5d 40 c1 0e 19 16 35 ec 2d 0e 26 4a Aug 26 18:32:54.338338: | 60 6c 5d ce bb 31 e5 6b 2b c9 0a 7e 78 b8 df ad Aug 26 18:32:54.338341: | 99 06 6f 29 99 33 c8 7e e9 f0 ad e0 ce 32 92 85 Aug 26 18:32:54.338343: | 73 d4 2e bd de ab da 3c 32 bb f1 f5 4a 05 4d a9 Aug 26 18:32:54.338346: | 24 c7 73 16 ca 8a af 85 f3 64 9f 60 3c 15 27 94 Aug 26 18:32:54.338348: | a7 82 5d f6 05 75 6e ba 86 ce ad 67 b3 0d b9 47 Aug 26 18:32:54.338350: | 48 8a 02 ca 8f cf 58 d2 36 04 43 43 21 02 d3 97 Aug 26 18:32:54.338352: | 47 20 50 60 82 83 f6 a8 36 2b 7d ae e7 81 0f 90 Aug 26 18:32:54.338355: | bf ae 86 7e 75 c7 dc 4e c7 5c d9 a4 89 cf ed fb Aug 26 18:32:54.338357: | 9b f2 ad 1d 53 6f 9e 01 be 34 f9 fc 2e a8 c9 fe Aug 26 18:32:54.338360: | 0e 38 50 97 11 53 97 fa c9 1f 79 4f f8 1e 3d 02 Aug 26 18:32:54.338362: | e4 83 10 4e d5 d0 84 55 b3 34 8b 99 3d cc 15 e6 Aug 26 18:32:54.338365: | d1 8e 23 03 96 fa 33 e4 a7 37 44 26 1e 25 71 64 Aug 26 18:32:54.338367: | 72 d8 05 67 2f bd 8d 58 bb 2f 3d 53 0a 31 9d 9d Aug 26 18:32:54.338369: | 8f 6e 29 52 83 5e 98 5e d7 1e aa ce 91 4e 97 12 Aug 26 18:32:54.338372: | 30 aa 23 1a 80 a3 61 1e 35 28 d9 76 42 12 00 08 Aug 26 18:32:54.338374: | 64 ee 8c 77 1e c5 c5 5a 6d 0e 7e 96 47 3d 4f d0 Aug 26 18:32:54.338377: | 54 d3 9a 21 7d 02 26 e7 33 f9 9c 02 c1 89 97 c5 Aug 26 18:32:54.338379: | 36 65 12 cf 5f c0 43 27 79 f6 c1 e7 fe a1 d4 78 Aug 26 18:32:54.338381: | 03 48 9c f0 f0 7e 37 8a 1b a2 55 bf 22 02 6b f6 Aug 26 18:32:54.338384: | 76 e4 13 d8 76 c7 1f 2c ec a2 95 9b 07 be 25 91 Aug 26 18:32:54.338386: | b9 5e 9c 23 65 5c 25 c7 cb 7e dd 8d dc c5 33 d3 Aug 26 18:32:54.338389: | a7 a1 cb 9a 5b 88 1b b7 92 f5 7a fc 0c a2 3d 06 Aug 26 18:32:54.338391: | a9 83 54 17 b5 9f 60 38 fa 24 a8 d9 Aug 26 18:32:54.338396: | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) Aug 26 18:32:54.338399: | **parse ISAKMP Message: Aug 26 18:32:54.338401: | initiator cookie: Aug 26 18:32:54.338404: | b4 b9 92 b1 8c d6 51 ed Aug 26 18:32:54.338406: | responder cookie: Aug 26 18:32:54.338409: | 11 de db 08 7f 65 6e 7d Aug 26 18:32:54.338411: | next payload type: ISAKMP_NEXT_HASH (0x8) Aug 26 18:32:54.338414: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 18:32:54.338417: | exchange type: ISAKMP_XCHG_QUICK (0x20) Aug 26 18:32:54.338419: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 18:32:54.338422: | Message ID: 4053714242 (0xf19ec542) Aug 26 18:32:54.338425: | length: 476 (0x1dc) Aug 26 18:32:54.338428: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32) Aug 26 18:32:54.338431: | State DB: IKEv1 state not found (find_state_ikev1) Aug 26 18:32:54.338434: | State DB: found IKEv1 state #1 in MAIN_R3 (find_state_ikev1) Aug 26 18:32:54.338438: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in process_v1_packet() at ikev1.c:1607) Aug 26 18:32:54.338447: | #1 is idle Aug 26 18:32:54.338450: | #1 idle Aug 26 18:32:54.338456: | received encrypted packet from 192.1.3.33:500 Aug 26 18:32:54.338464: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x502 opt: 0x200030 Aug 26 18:32:54.338467: | ***parse ISAKMP Hash Payload: Aug 26 18:32:54.338470: | next payload type: ISAKMP_NEXT_SA (0x1) Aug 26 18:32:54.338473: | length: 36 (0x24) Aug 26 18:32:54.338475: | got payload 0x2 (ISAKMP_NEXT_SA) needed: 0x402 opt: 0x200030 Aug 26 18:32:54.338478: | ***parse ISAKMP Security Association Payload: Aug 26 18:32:54.338481: | next payload type: ISAKMP_NEXT_NONCE (0xa) Aug 26 18:32:54.338483: | length: 84 (0x54) Aug 26 18:32:54.338486: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 18:32:54.338489: | got payload 0x400 (ISAKMP_NEXT_NONCE) needed: 0x400 opt: 0x200030 Aug 26 18:32:54.338491: | ***parse ISAKMP Nonce Payload: Aug 26 18:32:54.338494: | next payload type: ISAKMP_NEXT_KE (0x4) Aug 26 18:32:54.338496: | length: 36 (0x24) Aug 26 18:32:54.338499: | got payload 0x10 (ISAKMP_NEXT_KE) needed: 0x0 opt: 0x200030 Aug 26 18:32:54.338502: | ***parse ISAKMP Key Exchange Payload: Aug 26 18:32:54.338504: | next payload type: ISAKMP_NEXT_ID (0x5) Aug 26 18:32:54.338507: | length: 260 (0x104) Aug 26 18:32:54.338510: | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030 Aug 26 18:32:54.338512: | ***parse ISAKMP Identification Payload (IPsec DOI): Aug 26 18:32:54.338515: | next payload type: ISAKMP_NEXT_ID (0x5) Aug 26 18:32:54.338518: | length: 16 (0x10) Aug 26 18:32:54.338520: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Aug 26 18:32:54.338523: | Protocol ID: 0 (0x0) Aug 26 18:32:54.338525: | port: 0 (0x0) Aug 26 18:32:54.338528: | obj: c0 00 03 00 ff ff ff 00 Aug 26 18:32:54.338530: | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030 Aug 26 18:32:54.338533: | ***parse ISAKMP Identification Payload (IPsec DOI): Aug 26 18:32:54.338536: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:32:54.338538: | length: 16 (0x10) Aug 26 18:32:54.338541: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Aug 26 18:32:54.338543: | Protocol ID: 0 (0x0) Aug 26 18:32:54.338546: | port: 0 (0x0) Aug 26 18:32:54.338548: | obj: c0 00 02 00 ff ff ff 00 Aug 26 18:32:54.338568: | quick_inI1_outR1 HASH(1): Aug 26 18:32:54.338572: | 9c 59 67 c5 36 7e 0e 56 f2 83 ea 37 86 92 b2 50 Aug 26 18:32:54.338574: | 2d b3 e9 f5 0c 7c a1 84 df 57 0c ba 1a eb c1 fa Aug 26 18:32:54.338577: | received 'quick_inI1_outR1' message HASH(1) data ok Aug 26 18:32:54.338581: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address Aug 26 18:32:54.338583: | ID address c0 00 03 00 Aug 26 18:32:54.338586: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID mask Aug 26 18:32:54.338589: | ID mask ff ff ff 00 Aug 26 18:32:54.338593: | peer client is subnet 192.0.3.0/24 Aug 26 18:32:54.338596: | peer client protocol/port is 0/0 Aug 26 18:32:54.338598: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address Aug 26 18:32:54.338601: | ID address c0 00 02 00 Aug 26 18:32:54.338603: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID mask Aug 26 18:32:54.338606: | ID mask ff ff ff 00 Aug 26 18:32:54.338609: | our client is subnet 192.0.2.0/24 Aug 26 18:32:54.338612: | our client protocol/port is 0/0 Aug 26 18:32:54.338617: "northnet-eastnets/0x2" #1: the peer proposed: 192.0.2.0/24:0/0 -> 192.0.3.0/24:0/0 Aug 26 18:32:54.338622: | find_client_connection starting with northnet-eastnets/0x2 Aug 26 18:32:54.338625: | looking for 192.0.2.0/24:0/0 -> 192.0.3.0/24:0/0 Aug 26 18:32:54.338629: | concrete checking against sr#0 192.0.22.0/24 -> 192.0.3.0/24 Aug 26 18:32:54.338643: | match_id a=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org Aug 26 18:32:54.338646: | b=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org Aug 26 18:32:54.338649: | results matched Aug 26 18:32:54.338657: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:32:54.338663: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:32:54.338668: | fc_try trying northnet-eastnets/0x2:192.0.2.0/24:0/0 -> 192.0.3.0/24:0/0 vs northnet-eastnets/0x2:192.0.22.0/24:0/0 -> 192.0.3.0/24:0/0 Aug 26 18:32:54.338672: | our client (192.0.22.0/24) not in our_net (192.0.2.0/24) Aug 26 18:32:54.338682: | match_id a=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org Aug 26 18:32:54.338685: | b=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org Aug 26 18:32:54.338688: | results matched Aug 26 18:32:54.338693: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:32:54.338699: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:32:54.338705: | fc_try trying northnet-eastnets/0x2:192.0.2.0/24:0/0 -> 192.0.3.0/24:0/0 vs northnet-eastnets/0x1:192.0.2.0/24:0/0 -> 192.0.3.0/24:0/0 Aug 26 18:32:54.338708: | fc_try concluding with northnet-eastnets/0x1 [128] Aug 26 18:32:54.338710: | fc_try northnet-eastnets/0x2 gives northnet-eastnets/0x1 Aug 26 18:32:54.338713: | concluding with d = northnet-eastnets/0x1 Aug 26 18:32:54.338715: | using connection "northnet-eastnets/0x1" Aug 26 18:32:54.338718: | client wildcard: no port wildcard: no virtual: no Aug 26 18:32:54.338722: | creating state object #3 at 0x55e211579688 Aug 26 18:32:54.338725: | State DB: adding IKEv1 state #3 in UNDEFINED Aug 26 18:32:54.338731: | pstats #3 ikev1.ipsec started Aug 26 18:32:54.338734: | duplicating state object #1 "northnet-eastnets/0x2" as #3 for IPSEC SA Aug 26 18:32:54.338738: | #3 setting local endpoint to 192.1.2.23:500 from #1.st_localport (in duplicate_state() at state.c:1484) Aug 26 18:32:54.338743: | in connection_discard for connection northnet-eastnets/0x2 Aug 26 18:32:54.338747: | start processing: connection "northnet-eastnets/0x1" (BACKGROUND) (in quick_inI1_outR1_tail() at ikev1_quick.c:1286) Aug 26 18:32:54.338752: | suspend processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in quick_inI1_outR1_tail() at ikev1_quick.c:1295) Aug 26 18:32:54.338756: | start processing: state #3 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in quick_inI1_outR1_tail() at ikev1_quick.c:1295) Aug 26 18:32:54.338759: | child state #3: UNDEFINED(ignore) => QUICK_R0(established CHILD SA) Aug 26 18:32:54.338762: | ****parse IPsec DOI SIT: Aug 26 18:32:54.338765: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) Aug 26 18:32:54.338768: | ****parse ISAKMP Proposal Payload: Aug 26 18:32:54.338771: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:32:54.338773: | length: 72 (0x48) Aug 26 18:32:54.338776: | proposal number: 0 (0x0) Aug 26 18:32:54.338778: | protocol ID: PROTO_IPSEC_ESP (0x3) Aug 26 18:32:54.338781: | SPI size: 4 (0x4) Aug 26 18:32:54.338783: | number of transforms: 2 (0x2) Aug 26 18:32:54.338786: | parsing 4 raw bytes of ISAKMP Proposal Payload into SPI Aug 26 18:32:54.338788: | SPI 07 29 e9 9e Aug 26 18:32:54.338791: | *****parse ISAKMP Transform Payload (ESP): Aug 26 18:32:54.338794: | next payload type: ISAKMP_NEXT_T (0x3) Aug 26 18:32:54.338796: | length: 32 (0x20) Aug 26 18:32:54.338799: | ESP transform number: 0 (0x0) Aug 26 18:32:54.338801: | ESP transform ID: ESP_AES (0xc) Aug 26 18:32:54.338805: | ******parse ISAKMP IPsec DOI attribute: Aug 26 18:32:54.338807: | af+type: AF+GROUP_DESCRIPTION (0x8003) Aug 26 18:32:54.338810: | length/value: 14 (0xe) Aug 26 18:32:54.338813: | [14 is OAKLEY_GROUP_MODP2048] Aug 26 18:32:54.338817: | ******parse ISAKMP IPsec DOI attribute: Aug 26 18:32:54.338820: | af+type: AF+ENCAPSULATION_MODE (0x8004) Aug 26 18:32:54.338822: | length/value: 1 (0x1) Aug 26 18:32:54.338825: | [1 is ENCAPSULATION_MODE_TUNNEL] Aug 26 18:32:54.338828: | NAT-T non-encap: Installing IPsec SA without ENCAP, st->hidden_variables.st_nat_traversal is none Aug 26 18:32:54.338830: | ******parse ISAKMP IPsec DOI attribute: Aug 26 18:32:54.338833: | af+type: AF+SA_LIFE_TYPE (0x8001) Aug 26 18:32:54.338835: | length/value: 1 (0x1) Aug 26 18:32:54.338838: | [1 is SA_LIFE_TYPE_SECONDS] Aug 26 18:32:54.338840: | ******parse ISAKMP IPsec DOI attribute: Aug 26 18:32:54.338843: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) Aug 26 18:32:54.338845: | length/value: 28800 (0x7080) Aug 26 18:32:54.338848: | ******parse ISAKMP IPsec DOI attribute: Aug 26 18:32:54.338851: | af+type: AF+AUTH_ALGORITHM (0x8005) Aug 26 18:32:54.338853: | length/value: 2 (0x2) Aug 26 18:32:54.338856: | [2 is AUTH_ALGORITHM_HMAC_SHA1] Aug 26 18:32:54.338858: | ******parse ISAKMP IPsec DOI attribute: Aug 26 18:32:54.338861: | af+type: AF+KEY_LENGTH (0x8006) Aug 26 18:32:54.338863: | length/value: 128 (0x80) Aug 26 18:32:54.338866: | ESP IPsec Transform verified unconditionally; no alg_info to check against Aug 26 18:32:54.338871: | adding quick_outI1 KE work-order 4 for state #3 Aug 26 18:32:54.338874: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55e2114f7238 Aug 26 18:32:54.338878: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #3 Aug 26 18:32:54.338881: | libevent_malloc: new ptr-libevent@0x55e21156d978 size 128 Aug 26 18:32:54.338887: | complete v1 state transition with STF_SUSPEND Aug 26 18:32:54.338893: | [RE]START processing: state #3 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in complete_v1_state_transition() at ikev1.c:2648) Aug 26 18:32:54.338895: | suspending state #3 and saving MD Aug 26 18:32:54.338898: | #3 is busy; has a suspended MD Aug 26 18:32:54.338898: | crypto helper 3 resuming Aug 26 18:32:54.338902: | #1 spent 0.321 milliseconds in process_packet_tail() Aug 26 18:32:54.338912: | crypto helper 3 starting work-order 4 for state #3 Aug 26 18:32:54.338916: | stop processing: from 192.1.3.33:500 (BACKGROUND) (in process_md() at demux.c:380) Aug 26 18:32:54.338920: | crypto helper 3 doing build KE and nonce (quick_outI1 KE); request ID 4 Aug 26 18:32:54.338921: | stop processing: state #3 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in process_md() at demux.c:382) Aug 26 18:32:54.338929: | resume processing: connection "northnet-eastnets/0x1" (in process_md() at demux.c:382) Aug 26 18:32:54.338933: | stop processing: connection "northnet-eastnets/0x1" (in process_md() at demux.c:383) Aug 26 18:32:54.338937: | spent 0.619 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:32:54.340028: | crypto helper 2 finished build KE and nonce (quick_outI1 KE); request ID 3 time elapsed 0.001758 seconds Aug 26 18:32:54.340032: | crypto helper 3 finished build KE and nonce (quick_outI1 KE); request ID 4 time elapsed 0.001113 seconds Aug 26 18:32:54.340045: | (#2) spent 0.89 milliseconds in crypto helper computing work-order 3: quick_outI1 KE (pcr) Aug 26 18:32:54.340051: | crypto helper 2 sending results from work-order 3 for state #2 to event queue Aug 26 18:32:54.340052: | (#3) spent 0.969 milliseconds in crypto helper computing work-order 4: quick_outI1 KE (pcr) Aug 26 18:32:54.340055: | scheduling resume sending helper answer for #2 Aug 26 18:32:54.340057: | crypto helper 3 sending results from work-order 4 for state #3 to event queue Aug 26 18:32:54.340059: | libevent_malloc: new ptr-libevent@0x7f499c003f28 size 128 Aug 26 18:32:54.340062: | scheduling resume sending helper answer for #3 Aug 26 18:32:54.340067: | libevent_malloc: new ptr-libevent@0x7f4990003f28 size 128 Aug 26 18:32:54.340069: | crypto helper 2 waiting (nothing to do) Aug 26 18:32:54.340077: | crypto helper 3 waiting (nothing to do) Aug 26 18:32:54.340078: | processing resume sending helper answer for #2 Aug 26 18:32:54.340096: | start processing: state #2 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:797) Aug 26 18:32:54.340101: | crypto helper 2 replies to request ID 3 Aug 26 18:32:54.340103: | calling continuation function 0x55e21030cb50 Aug 26 18:32:54.340105: | quick_inI1_outR1_cryptocontinue1 for #2: calculated ke+nonce, calculating DH Aug 26 18:32:54.340114: | started looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org of kind PKK_PSK Aug 26 18:32:54.340118: | actually looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org of kind PKK_PSK Aug 26 18:32:54.340124: | line 0: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org) to type PKK_RSA Aug 26 18:32:54.340127: | line 1: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org) to type PKK_RSA Aug 26 18:32:54.340129: | concluding with best_match=000 best=(nil) (lineno=-1) Aug 26 18:32:54.340130: | no PreShared Key Found Aug 26 18:32:54.340133: | adding quick outR1 DH work-order 5 for state #2 Aug 26 18:32:54.340135: | state #2 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 18:32:54.340138: | libevent_free: release ptr-libevent@0x55e211571278 Aug 26 18:32:54.340140: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55e2115723a8 Aug 26 18:32:54.340142: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55e2115723a8 Aug 26 18:32:54.340145: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #2 Aug 26 18:32:54.340148: | libevent_malloc: new ptr-libevent@0x55e211571278 size 128 Aug 26 18:32:54.340154: | suspending state #2 and saving MD Aug 26 18:32:54.340156: | #2 is busy; has a suspended MD Aug 26 18:32:54.340159: | crypto helper 4 resuming Aug 26 18:32:54.340160: | resume sending helper answer for #2 suppresed complete_v1_state_transition() and stole MD Aug 26 18:32:54.340171: | crypto helper 4 starting work-order 5 for state #2 Aug 26 18:32:54.340174: | #2 spent 0.0681 milliseconds in resume sending helper answer Aug 26 18:32:54.340176: | crypto helper 4 doing compute dh (V1 Phase 2 PFS) (quick outR1 DH); request ID 5 Aug 26 18:32:54.340177: | stop processing: state #2 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:833) Aug 26 18:32:54.340184: | libevent_free: release ptr-libevent@0x7f499c003f28 Aug 26 18:32:54.340186: | processing resume sending helper answer for #3 Aug 26 18:32:54.340190: | start processing: state #3 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in resume_handler() at server.c:797) Aug 26 18:32:54.340192: | crypto helper 3 replies to request ID 4 Aug 26 18:32:54.340194: | calling continuation function 0x55e21030cb50 Aug 26 18:32:54.340195: | quick_inI1_outR1_cryptocontinue1 for #3: calculated ke+nonce, calculating DH Aug 26 18:32:54.340202: | started looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org of kind PKK_PSK Aug 26 18:32:54.340206: | actually looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org of kind PKK_PSK Aug 26 18:32:54.340214: | line 0: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org) to type PKK_RSA Aug 26 18:32:54.340217: | line 1: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org) to type PKK_RSA Aug 26 18:32:54.340218: | concluding with best_match=000 best=(nil) (lineno=-1) Aug 26 18:32:54.340220: | no PreShared Key Found Aug 26 18:32:54.340222: | adding quick outR1 DH work-order 6 for state #3 Aug 26 18:32:54.340224: | state #3 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 18:32:54.340226: | libevent_free: release ptr-libevent@0x55e21156d978 Aug 26 18:32:54.340228: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55e2114f7238 Aug 26 18:32:54.340229: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55e2114f7238 Aug 26 18:32:54.340232: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #3 Aug 26 18:32:54.340234: | libevent_malloc: new ptr-libevent@0x7f499c003f28 size 128 Aug 26 18:32:54.340239: | suspending state #3 and saving MD Aug 26 18:32:54.340240: | #3 is busy; has a suspended MD Aug 26 18:32:54.340243: | resume sending helper answer for #3 suppresed complete_v1_state_transition() and stole MD Aug 26 18:32:54.340246: | #3 spent 0.0531 milliseconds in resume sending helper answer Aug 26 18:32:54.340247: | crypto helper 6 resuming Aug 26 18:32:54.340249: | stop processing: state #3 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in resume_handler() at server.c:833) Aug 26 18:32:54.340260: | crypto helper 6 starting work-order 6 for state #3 Aug 26 18:32:54.340261: | libevent_free: release ptr-libevent@0x7f4990003f28 Aug 26 18:32:54.340267: | crypto helper 6 doing compute dh (V1 Phase 2 PFS) (quick outR1 DH); request ID 6 Aug 26 18:32:54.340883: | crypto helper 6 finished compute dh (V1 Phase 2 PFS) (quick outR1 DH); request ID 6 time elapsed 0.000617 seconds Aug 26 18:32:54.340894: | (#3) spent 0.62 milliseconds in crypto helper computing work-order 6: quick outR1 DH (pcr) Aug 26 18:32:54.340896: | crypto helper 6 sending results from work-order 6 for state #3 to event queue Aug 26 18:32:54.340898: | scheduling resume sending helper answer for #3 Aug 26 18:32:54.340901: | libevent_malloc: new ptr-libevent@0x7f49880037f8 size 128 Aug 26 18:32:54.340906: | crypto helper 6 waiting (nothing to do) Aug 26 18:32:54.340911: | processing resume sending helper answer for #3 Aug 26 18:32:54.340918: | start processing: state #3 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in resume_handler() at server.c:797) Aug 26 18:32:54.340920: | crypto helper 6 replies to request ID 6 Aug 26 18:32:54.340922: | calling continuation function 0x55e21030cb50 Aug 26 18:32:54.340924: | quick_inI1_outR1_cryptocontinue2 for #3: calculated DH, sending R1 Aug 26 18:32:54.340928: | **emit ISAKMP Message: Aug 26 18:32:54.340943: | initiator cookie: Aug 26 18:32:54.340945: | b4 b9 92 b1 8c d6 51 ed Aug 26 18:32:54.340947: | responder cookie: Aug 26 18:32:54.340948: | 11 de db 08 7f 65 6e 7d Aug 26 18:32:54.340950: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:32:54.340952: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 18:32:54.340954: | exchange type: ISAKMP_XCHG_QUICK (0x20) Aug 26 18:32:54.340956: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 18:32:54.340957: | Message ID: 4053714242 (0xf19ec542) Aug 26 18:32:54.340959: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:32:54.340962: | ***emit ISAKMP Hash Payload: Aug 26 18:32:54.340963: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:32:54.340965: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Aug 26 18:32:54.340967: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'reply packet' Aug 26 18:32:54.340970: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Aug 26 18:32:54.340973: | emitting length of ISAKMP Hash Payload: 36 Aug 26 18:32:54.340975: | ***emit ISAKMP Security Association Payload: Aug 26 18:32:54.340977: | next payload type: ISAKMP_NEXT_NONCE (0xa) Aug 26 18:32:54.340978: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 18:32:54.340980: | next payload chain: ignoring supplied 'ISAKMP Security Association Payload'.'next payload type' value 10:ISAKMP_NEXT_NONCE Aug 26 18:32:54.340982: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Security Association Payload (1:ISAKMP_NEXT_SA) Aug 26 18:32:54.340984: | next payload chain: saving location 'ISAKMP Security Association Payload'.'next payload type' in 'reply packet' Aug 26 18:32:54.340986: | ****parse IPsec DOI SIT: Aug 26 18:32:54.340988: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) Aug 26 18:32:54.340990: | ****parse ISAKMP Proposal Payload: Aug 26 18:32:54.340991: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:32:54.340993: | length: 72 (0x48) Aug 26 18:32:54.340994: | proposal number: 0 (0x0) Aug 26 18:32:54.340996: | protocol ID: PROTO_IPSEC_ESP (0x3) Aug 26 18:32:54.340998: | SPI size: 4 (0x4) Aug 26 18:32:54.340999: | number of transforms: 2 (0x2) Aug 26 18:32:54.341001: | parsing 4 raw bytes of ISAKMP Proposal Payload into SPI Aug 26 18:32:54.341003: | SPI 07 29 e9 9e Aug 26 18:32:54.341005: | *****parse ISAKMP Transform Payload (ESP): Aug 26 18:32:54.341006: | next payload type: ISAKMP_NEXT_T (0x3) Aug 26 18:32:54.341008: | length: 32 (0x20) Aug 26 18:32:54.341009: | ESP transform number: 0 (0x0) Aug 26 18:32:54.341011: | ESP transform ID: ESP_AES (0xc) Aug 26 18:32:54.341013: | ******parse ISAKMP IPsec DOI attribute: Aug 26 18:32:54.341015: | af+type: AF+GROUP_DESCRIPTION (0x8003) Aug 26 18:32:54.341016: | length/value: 14 (0xe) Aug 26 18:32:54.341018: | [14 is OAKLEY_GROUP_MODP2048] Aug 26 18:32:54.341020: | ******parse ISAKMP IPsec DOI attribute: Aug 26 18:32:54.341022: | af+type: AF+ENCAPSULATION_MODE (0x8004) Aug 26 18:32:54.341024: | length/value: 1 (0x1) Aug 26 18:32:54.341025: | [1 is ENCAPSULATION_MODE_TUNNEL] Aug 26 18:32:54.341027: | NAT-T non-encap: Installing IPsec SA without ENCAP, st->hidden_variables.st_nat_traversal is none Aug 26 18:32:54.341029: | ******parse ISAKMP IPsec DOI attribute: Aug 26 18:32:54.341030: | af+type: AF+SA_LIFE_TYPE (0x8001) Aug 26 18:32:54.341032: | length/value: 1 (0x1) Aug 26 18:32:54.341033: | [1 is SA_LIFE_TYPE_SECONDS] Aug 26 18:32:54.341035: | ******parse ISAKMP IPsec DOI attribute: Aug 26 18:32:54.341037: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) Aug 26 18:32:54.341038: | length/value: 28800 (0x7080) Aug 26 18:32:54.341040: | ******parse ISAKMP IPsec DOI attribute: Aug 26 18:32:54.341041: | af+type: AF+AUTH_ALGORITHM (0x8005) Aug 26 18:32:54.341043: | length/value: 2 (0x2) Aug 26 18:32:54.341045: | [2 is AUTH_ALGORITHM_HMAC_SHA1] Aug 26 18:32:54.341046: | ******parse ISAKMP IPsec DOI attribute: Aug 26 18:32:54.341048: | af+type: AF+KEY_LENGTH (0x8006) Aug 26 18:32:54.341049: | length/value: 128 (0x80) Aug 26 18:32:54.341051: | ESP IPsec Transform verified unconditionally; no alg_info to check against Aug 26 18:32:54.341053: | ****emit IPsec DOI SIT: Aug 26 18:32:54.341055: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) Aug 26 18:32:54.341056: | ****emit ISAKMP Proposal Payload: Aug 26 18:32:54.341058: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:32:54.341060: | proposal number: 0 (0x0) Aug 26 18:32:54.341061: | protocol ID: PROTO_IPSEC_ESP (0x3) Aug 26 18:32:54.341063: | SPI size: 4 (0x4) Aug 26 18:32:54.341064: | number of transforms: 1 (0x1) Aug 26 18:32:54.341066: | last substructure: saving location 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' Aug 26 18:32:54.341084: | netlink_get_spi: allocated 0xa6dbcb71 for esp.0@192.1.2.23 Aug 26 18:32:54.341086: | emitting 4 raw bytes of SPI into ISAKMP Proposal Payload Aug 26 18:32:54.341091: | SPI a6 db cb 71 Aug 26 18:32:54.341093: | *****emit ISAKMP Transform Payload (ESP): Aug 26 18:32:54.341095: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:32:54.341096: | ESP transform number: 0 (0x0) Aug 26 18:32:54.341098: | ESP transform ID: ESP_AES (0xc) Aug 26 18:32:54.341100: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' Aug 26 18:32:54.341102: | emitting 24 raw bytes of attributes into ISAKMP Transform Payload (ESP) Aug 26 18:32:54.341103: | attributes 80 03 00 0e 80 04 00 01 80 01 00 01 80 02 70 80 Aug 26 18:32:54.341105: | attributes 80 05 00 02 80 06 00 80 Aug 26 18:32:54.341106: | emitting length of ISAKMP Transform Payload (ESP): 32 Aug 26 18:32:54.341108: | emitting length of ISAKMP Proposal Payload: 44 Aug 26 18:32:54.341110: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' is 0 Aug 26 18:32:54.341111: | emitting length of ISAKMP Security Association Payload: 56 Aug 26 18:32:54.341113: | last substructure: checking 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' is 0 Aug 26 18:32:54.341116: "northnet-eastnets/0x1" #3: responding to Quick Mode proposal {msgid:f19ec542} Aug 26 18:32:54.341124: "northnet-eastnets/0x1" #3: us: 192.0.2.0/24===192.1.2.23<192.1.2.23>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org] Aug 26 18:32:54.341130: "northnet-eastnets/0x1" #3: them: 192.1.3.33<192.1.3.33>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org]===192.0.3.0/24 Aug 26 18:32:54.341131: | crypto helper 4 finished compute dh (V1 Phase 2 PFS) (quick outR1 DH); request ID 5 time elapsed 0.000954 seconds Aug 26 18:32:54.341131: | ***emit ISAKMP Nonce Payload: Aug 26 18:32:54.341143: | next payload type: ISAKMP_NEXT_KE (0x4) Aug 26 18:32:54.341144: | (#2) spent 0.955 milliseconds in crypto helper computing work-order 5: quick outR1 DH (pcr) Aug 26 18:32:54.341145: | next payload chain: ignoring supplied 'ISAKMP Nonce Payload'.'next payload type' value 4:ISAKMP_NEXT_KE Aug 26 18:32:54.341151: | crypto helper 4 sending results from work-order 5 for state #2 to event queue Aug 26 18:32:54.341152: | next payload chain: setting previous 'ISAKMP Security Association Payload'.'next payload type' to current ISAKMP Nonce Payload (10:ISAKMP_NEXT_NONCE) Aug 26 18:32:54.341157: | scheduling resume sending helper answer for #2 Aug 26 18:32:54.341158: | next payload chain: saving location 'ISAKMP Nonce Payload'.'next payload type' in 'reply packet' Aug 26 18:32:54.341163: | libevent_malloc: new ptr-libevent@0x7f4994003618 size 128 Aug 26 18:32:54.341164: | emitting 32 raw bytes of Nr into ISAKMP Nonce Payload Aug 26 18:32:54.341169: | Nr d9 31 43 98 08 76 70 ac 3f 24 a3 cb c2 fd 45 28 Aug 26 18:32:54.341170: | crypto helper 4 waiting (nothing to do) Aug 26 18:32:54.341171: | Nr c7 39 5c 3c 50 65 1e 22 81 7e 15 db b1 15 3b b9 Aug 26 18:32:54.341176: | emitting length of ISAKMP Nonce Payload: 36 Aug 26 18:32:54.341179: | ***emit ISAKMP Key Exchange Payload: Aug 26 18:32:54.341182: | next payload type: ISAKMP_NEXT_ID (0x5) Aug 26 18:32:54.341184: | next payload chain: ignoring supplied 'ISAKMP Key Exchange Payload'.'next payload type' value 5:ISAKMP_NEXT_ID Aug 26 18:32:54.341187: | next payload chain: setting previous 'ISAKMP Nonce Payload'.'next payload type' to current ISAKMP Key Exchange Payload (4:ISAKMP_NEXT_KE) Aug 26 18:32:54.341190: | next payload chain: saving location 'ISAKMP Key Exchange Payload'.'next payload type' in 'reply packet' Aug 26 18:32:54.341193: | emitting 256 raw bytes of keyex value into ISAKMP Key Exchange Payload Aug 26 18:32:54.341195: | keyex value 82 b1 8b 7c 50 9b 38 fa 72 72 7b af 0e 7f 2e 5e Aug 26 18:32:54.341197: | keyex value 23 50 39 07 ac 08 c5 12 72 47 41 0b 74 bf 3d 67 Aug 26 18:32:54.341198: | keyex value 17 10 03 95 d6 c5 2b 4f 33 59 5e dd 85 03 98 c6 Aug 26 18:32:54.341201: | keyex value 28 26 0d 65 11 5d 21 18 83 94 7b b9 20 12 a1 d9 Aug 26 18:32:54.341203: | keyex value 36 3d 79 c0 db bf 0e ff 50 cd ba f4 d2 88 aa 86 Aug 26 18:32:54.341204: | keyex value 23 bf 50 65 64 ba d7 7d 16 94 6f 00 8b 1f ca 97 Aug 26 18:32:54.341206: | keyex value a3 08 16 3f ac c6 e8 f3 30 56 4d 57 f5 7a cb fd Aug 26 18:32:54.341207: | keyex value 7a f1 39 91 3c 9b 54 ab fc 08 ca f0 bf b6 5a b0 Aug 26 18:32:54.341209: | keyex value 4e 72 51 e6 97 e1 bb 19 88 ab 17 56 6c 4f 7e 1d Aug 26 18:32:54.341210: | keyex value 88 e0 39 4f 16 1e 6f 46 2f 7d 6b 40 2b 31 a5 4d Aug 26 18:32:54.341212: | keyex value fe 30 4f e5 ab 45 76 0f f5 f2 9a 5b 46 9a 0d 9a Aug 26 18:32:54.341213: | keyex value f1 3e 87 23 6c 8d de 7a 9b 28 d6 48 15 d1 74 9a Aug 26 18:32:54.341215: | keyex value 35 49 1a 0f 59 de a5 0c 29 e9 3a 46 fc c7 ba c7 Aug 26 18:32:54.341216: | keyex value 20 7b 47 97 df 7e 71 be 59 4f 65 ec cb ae 1c f3 Aug 26 18:32:54.341218: | keyex value 9d 28 bb 07 ac 69 43 98 a1 f2 e7 fc 78 5d 7e 7a Aug 26 18:32:54.341219: | keyex value 42 f2 6c 2f 54 77 13 0a 34 5a ea c5 a8 66 12 3b Aug 26 18:32:54.341221: | emitting length of ISAKMP Key Exchange Payload: 260 Aug 26 18:32:54.341223: | ***emit ISAKMP Identification Payload (IPsec DOI): Aug 26 18:32:54.341224: | next payload type: ISAKMP_NEXT_ID (0x5) Aug 26 18:32:54.341226: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Aug 26 18:32:54.341228: | Protocol ID: 0 (0x0) Aug 26 18:32:54.341229: | port: 0 (0x0) Aug 26 18:32:54.341231: | next payload chain: ignoring supplied 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' value 5:ISAKMP_NEXT_ID Aug 26 18:32:54.341233: | next payload chain: setting previous 'ISAKMP Key Exchange Payload'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) Aug 26 18:32:54.341235: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' Aug 26 18:32:54.341237: | emitting 8 raw bytes of ID body into ISAKMP Identification Payload (IPsec DOI) Aug 26 18:32:54.341238: | ID body c0 00 03 00 ff ff ff 00 Aug 26 18:32:54.341240: | emitting length of ISAKMP Identification Payload (IPsec DOI): 16 Aug 26 18:32:54.341242: | ***emit ISAKMP Identification Payload (IPsec DOI): Aug 26 18:32:54.341243: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:32:54.341245: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Aug 26 18:32:54.341246: | Protocol ID: 0 (0x0) Aug 26 18:32:54.341248: | port: 0 (0x0) Aug 26 18:32:54.341250: | next payload chain: setting previous 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) Aug 26 18:32:54.341251: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' Aug 26 18:32:54.341253: | emitting 8 raw bytes of ID body into ISAKMP Identification Payload (IPsec DOI) Aug 26 18:32:54.341255: | ID body c0 00 02 00 ff ff ff 00 Aug 26 18:32:54.341256: | emitting length of ISAKMP Identification Payload (IPsec DOI): 16 Aug 26 18:32:54.341283: | quick inR1 outI2 HASH(2): Aug 26 18:32:54.341286: | 25 99 89 97 58 b8 b4 90 aa aa 06 e2 c4 10 4a 60 Aug 26 18:32:54.341287: | a4 c2 a0 f3 1b e3 0b b0 94 4f 93 f0 47 0d b2 e2 Aug 26 18:32:54.341296: | compute_proto_keymat: needed_len (after ESP enc)=16 Aug 26 18:32:54.341311: | compute_proto_keymat: needed_len (after ESP auth)=36 Aug 26 18:32:54.341392: | FOR_EACH_CONNECTION_... in route_owner Aug 26 18:32:54.341396: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Aug 26 18:32:54.341398: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Aug 26 18:32:54.341399: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Aug 26 18:32:54.341401: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Aug 26 18:32:54.341403: | route owner of "northnet-eastnets/0x1" unrouted: NULL Aug 26 18:32:54.341407: | install_inbound_ipsec_sa() checking if we can route Aug 26 18:32:54.341409: | could_route called for northnet-eastnets/0x1 (kind=CK_PERMANENT) Aug 26 18:32:54.341410: | FOR_EACH_CONNECTION_... in route_owner Aug 26 18:32:54.341412: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Aug 26 18:32:54.341414: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Aug 26 18:32:54.341415: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Aug 26 18:32:54.341417: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Aug 26 18:32:54.341419: | route owner of "northnet-eastnets/0x1" unrouted: NULL; eroute owner: NULL Aug 26 18:32:54.341421: | routing is easy, or has resolvable near-conflict Aug 26 18:32:54.341422: | checking if this is a replacement state Aug 26 18:32:54.341424: | st=0x55e211579688 ost=(nil) st->serialno=#3 ost->serialno=#0 Aug 26 18:32:54.341426: | installing outgoing SA now as refhim=0 Aug 26 18:32:54.341428: | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 Aug 26 18:32:54.341430: | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 Aug 26 18:32:54.341432: | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 Aug 26 18:32:54.341435: | setting IPsec SA replay-window to 32 Aug 26 18:32:54.341437: | NIC esp-hw-offload not for connection 'northnet-eastnets/0x1' not available on interface eth1 Aug 26 18:32:54.341439: | netlink: enabling tunnel mode Aug 26 18:32:54.341441: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 18:32:54.341443: | netlink: esp-hw-offload not set for IPsec SA Aug 26 18:32:54.341523: | netlink response for Add SA esp.729e99e@192.1.3.33 included non-error error Aug 26 18:32:54.341526: | outgoing SA has refhim=0 Aug 26 18:32:54.341528: | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 Aug 26 18:32:54.341530: | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 Aug 26 18:32:54.341532: | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 Aug 26 18:32:54.341538: | setting IPsec SA replay-window to 32 Aug 26 18:32:54.341544: | NIC esp-hw-offload not for connection 'northnet-eastnets/0x1' not available on interface eth1 Aug 26 18:32:54.341547: | netlink: enabling tunnel mode Aug 26 18:32:54.341550: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 18:32:54.341553: | netlink: esp-hw-offload not set for IPsec SA Aug 26 18:32:54.341620: | netlink response for Add SA esp.a6dbcb71@192.1.2.23 included non-error error Aug 26 18:32:54.341625: | priority calculation of connection "northnet-eastnets/0x1" is 0xfe7e7 Aug 26 18:32:54.341631: | add inbound eroute 192.0.3.0/24:0 --0-> 192.0.2.0/24:0 => tun.10000@192.1.2.23 (raw_eroute) Aug 26 18:32:54.341635: | IPsec Sa SPD priority set to 1042407 Aug 26 18:32:54.341687: | raw_eroute result=success Aug 26 18:32:54.341776: | emitting 12 zero bytes of encryption padding into ISAKMP Message Aug 26 18:32:54.341780: | no IKEv1 message padding required Aug 26 18:32:54.341783: | emitting length of ISAKMP Message: 460 Aug 26 18:32:54.341795: | finished processing quick inI1 Aug 26 18:32:54.341811: | complete v1 state transition with STF_OK Aug 26 18:32:54.341818: | [RE]START processing: state #3 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in complete_v1_state_transition() at ikev1.c:2673) Aug 26 18:32:54.341821: | #3 is idle Aug 26 18:32:54.341825: | doing_xauth:no, t_xauth_client_done:no Aug 26 18:32:54.341828: | IKEv1: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1 Aug 26 18:32:54.341831: | child state #3: QUICK_R0(established CHILD SA) => QUICK_R1(established CHILD SA) Aug 26 18:32:54.341833: | event_already_set, deleting event Aug 26 18:32:54.341834: | state #3 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 18:32:54.341837: | libevent_free: release ptr-libevent@0x7f499c003f28 Aug 26 18:32:54.341839: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55e2114f7238 Aug 26 18:32:54.341842: | sending reply packet to 192.1.3.33:500 (from 192.1.2.23:500) Aug 26 18:32:54.341851: | sending 460 bytes for STATE_QUICK_R0 through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #3) Aug 26 18:32:54.341853: | b4 b9 92 b1 8c d6 51 ed 11 de db 08 7f 65 6e 7d Aug 26 18:32:54.341854: | 08 10 20 01 f1 9e c5 42 00 00 01 cc 4e 4e eb c6 Aug 26 18:32:54.341856: | aa 8c 34 12 f1 dd ec 20 fa bf e4 0e 0a 7f a2 42 Aug 26 18:32:54.341857: | d2 d6 7c 5d 85 4e 14 17 c5 05 73 99 44 26 fa 06 Aug 26 18:32:54.341859: | 20 21 5c d7 de 16 db 7b 88 50 4e 74 ce 46 e2 93 Aug 26 18:32:54.341860: | 91 bb 8a b7 b1 f4 10 e5 70 32 87 91 f1 7f d8 61 Aug 26 18:32:54.341862: | 37 8f 4a 97 0b 81 6f f7 f2 fa ce 22 0c d5 1a 33 Aug 26 18:32:54.341863: | f5 d1 2f da 99 b0 5c f3 7f eb 71 8f 6c 51 46 43 Aug 26 18:32:54.341864: | ee a0 9a 7a 8c 15 e9 f1 d1 33 ac fa 97 95 79 12 Aug 26 18:32:54.341866: | 3f 05 8b 17 68 40 2d c1 cd 05 b4 8f 7a 3c f6 f2 Aug 26 18:32:54.341867: | 23 16 ea 5e 9f f2 3d 66 d7 af 60 26 c1 82 a6 22 Aug 26 18:32:54.341869: | 44 64 2e 6c fe 10 3a 30 54 89 6b 02 68 40 5b 13 Aug 26 18:32:54.341870: | bb a4 a2 b4 e9 33 12 c5 34 bc 5d 95 53 4e 14 a5 Aug 26 18:32:54.341872: | 20 b4 1e ef 96 5a 00 54 51 99 92 87 93 a8 30 04 Aug 26 18:32:54.341873: | 1f 5e 98 5a ed 78 04 fe cd b8 17 6e 59 8f c6 28 Aug 26 18:32:54.341875: | c0 b8 82 79 7e 21 b0 af 3f 37 92 04 66 aa 15 f1 Aug 26 18:32:54.341876: | 76 59 d3 26 f4 4e 12 1a 2f e4 e3 fa 26 b5 9e 9b Aug 26 18:32:54.341877: | c3 8f 7d 99 7f dd c5 96 34 aa 6f de e3 57 a5 bf Aug 26 18:32:54.341879: | 96 6c 9d 91 c8 eb 18 05 4a 0e 15 73 87 e3 54 57 Aug 26 18:32:54.341880: | b0 d6 51 25 a5 b0 73 53 e2 9f be 5e df 50 c5 55 Aug 26 18:32:54.341882: | de 66 ed 8b ec 04 59 4e 3f 65 11 5a a3 58 4c 25 Aug 26 18:32:54.341883: | c0 4a 8b 45 ef bf 66 01 92 9e d8 64 45 24 a1 93 Aug 26 18:32:54.341885: | f1 c9 28 36 1a 66 d3 f3 a2 83 ab 33 31 65 6d 38 Aug 26 18:32:54.341886: | 7d 64 6b f1 2b e3 cd 97 4d 07 cb c6 ff 9d 39 2d Aug 26 18:32:54.341888: | d6 50 90 87 d0 bb 72 48 ac 6a 6e 76 9b 78 8f 68 Aug 26 18:32:54.341889: | 48 bf e3 aa 39 aa 5f 7b 8b 8c c0 c2 6d 0b 32 7a Aug 26 18:32:54.341891: | 55 f7 78 f3 d2 b3 2b 73 cb 7c b1 28 72 b1 4b 91 Aug 26 18:32:54.341892: | ff 01 fe 5e 3f 8a be 48 ee 89 6e 7a ba 76 a3 41 Aug 26 18:32:54.341893: | f5 7c 27 bf 4c 49 5f b7 49 46 3e e3 Aug 26 18:32:54.341937: | !event_already_set at reschedule Aug 26 18:32:54.341954: | event_schedule: new EVENT_RETRANSMIT-pe@0x55e2114f7238 Aug 26 18:32:54.341957: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #3 Aug 26 18:32:54.341959: | libevent_malloc: new ptr-libevent@0x7f4990003f28 size 128 Aug 26 18:32:54.341962: | #3 STATE_QUICK_R1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 29660.08442 Aug 26 18:32:54.341965: | pstats #3 ikev1.ipsec established Aug 26 18:32:54.341967: | NAT-T: encaps is 'auto' Aug 26 18:32:54.341970: "northnet-eastnets/0x1" #3: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2 tunnel mode {ESP=>0x0729e99e <0xa6dbcb71 xfrm=AES_CBC_128-HMAC_SHA1_96 NATOA=none NATD=none DPD=passive} Aug 26 18:32:54.341972: | modecfg pull: noquirk policy:push not-client Aug 26 18:32:54.341974: | phase 1 is done, looking for phase 2 to unpend Aug 26 18:32:54.341976: | resume sending helper answer for #3 suppresed complete_v1_state_transition() Aug 26 18:32:54.341981: | #3 spent 1.02 milliseconds in resume sending helper answer Aug 26 18:32:54.341984: | stop processing: state #3 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in resume_handler() at server.c:833) Aug 26 18:32:54.341986: | libevent_free: release ptr-libevent@0x7f49880037f8 Aug 26 18:32:54.341991: | processing resume sending helper answer for #2 Aug 26 18:32:54.341994: | start processing: state #2 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:797) Aug 26 18:32:54.341998: | crypto helper 4 replies to request ID 5 Aug 26 18:32:54.342002: | calling continuation function 0x55e21030cb50 Aug 26 18:32:54.342005: | quick_inI1_outR1_cryptocontinue2 for #2: calculated DH, sending R1 Aug 26 18:32:54.342009: | **emit ISAKMP Message: Aug 26 18:32:54.342012: | initiator cookie: Aug 26 18:32:54.342013: | b4 b9 92 b1 8c d6 51 ed Aug 26 18:32:54.342015: | responder cookie: Aug 26 18:32:54.342016: | 11 de db 08 7f 65 6e 7d Aug 26 18:32:54.342018: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:32:54.342020: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 18:32:54.342022: | exchange type: ISAKMP_XCHG_QUICK (0x20) Aug 26 18:32:54.342023: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 18:32:54.342025: | Message ID: 910372824 (0x36432fd8) Aug 26 18:32:54.342027: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:32:54.342029: | ***emit ISAKMP Hash Payload: Aug 26 18:32:54.342031: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:32:54.342033: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Aug 26 18:32:54.342035: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'reply packet' Aug 26 18:32:54.342037: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Aug 26 18:32:54.342038: | emitting length of ISAKMP Hash Payload: 36 Aug 26 18:32:54.342040: | ***emit ISAKMP Security Association Payload: Aug 26 18:32:54.342042: | next payload type: ISAKMP_NEXT_NONCE (0xa) Aug 26 18:32:54.342043: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 18:32:54.342045: | next payload chain: ignoring supplied 'ISAKMP Security Association Payload'.'next payload type' value 10:ISAKMP_NEXT_NONCE Aug 26 18:32:54.342047: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Security Association Payload (1:ISAKMP_NEXT_SA) Aug 26 18:32:54.342049: | next payload chain: saving location 'ISAKMP Security Association Payload'.'next payload type' in 'reply packet' Aug 26 18:32:54.342051: | ****parse IPsec DOI SIT: Aug 26 18:32:54.342053: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) Aug 26 18:32:54.342055: | ****parse ISAKMP Proposal Payload: Aug 26 18:32:54.342056: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:32:54.342058: | length: 72 (0x48) Aug 26 18:32:54.342060: | proposal number: 0 (0x0) Aug 26 18:32:54.342061: | protocol ID: PROTO_IPSEC_ESP (0x3) Aug 26 18:32:54.342063: | SPI size: 4 (0x4) Aug 26 18:32:54.342064: | number of transforms: 2 (0x2) Aug 26 18:32:54.342066: | parsing 4 raw bytes of ISAKMP Proposal Payload into SPI Aug 26 18:32:54.342068: | SPI 9b f3 7c d9 Aug 26 18:32:54.342070: | *****parse ISAKMP Transform Payload (ESP): Aug 26 18:32:54.342071: | next payload type: ISAKMP_NEXT_T (0x3) Aug 26 18:32:54.342073: | length: 32 (0x20) Aug 26 18:32:54.342074: | ESP transform number: 0 (0x0) Aug 26 18:32:54.342076: | ESP transform ID: ESP_AES (0xc) Aug 26 18:32:54.342078: | ******parse ISAKMP IPsec DOI attribute: Aug 26 18:32:54.342080: | af+type: AF+GROUP_DESCRIPTION (0x8003) Aug 26 18:32:54.342081: | length/value: 14 (0xe) Aug 26 18:32:54.342083: | [14 is OAKLEY_GROUP_MODP2048] Aug 26 18:32:54.342085: | ******parse ISAKMP IPsec DOI attribute: Aug 26 18:32:54.342087: | af+type: AF+ENCAPSULATION_MODE (0x8004) Aug 26 18:32:54.342088: | length/value: 1 (0x1) Aug 26 18:32:54.342090: | [1 is ENCAPSULATION_MODE_TUNNEL] Aug 26 18:32:54.342092: | NAT-T non-encap: Installing IPsec SA without ENCAP, st->hidden_variables.st_nat_traversal is none Aug 26 18:32:54.342093: | ******parse ISAKMP IPsec DOI attribute: Aug 26 18:32:54.342095: | af+type: AF+SA_LIFE_TYPE (0x8001) Aug 26 18:32:54.342096: | length/value: 1 (0x1) Aug 26 18:32:54.342098: | [1 is SA_LIFE_TYPE_SECONDS] Aug 26 18:32:54.342100: | ******parse ISAKMP IPsec DOI attribute: Aug 26 18:32:54.342101: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) Aug 26 18:32:54.342103: | length/value: 28800 (0x7080) Aug 26 18:32:54.342106: | ******parse ISAKMP IPsec DOI attribute: Aug 26 18:32:54.342108: | af+type: AF+AUTH_ALGORITHM (0x8005) Aug 26 18:32:54.342109: | length/value: 2 (0x2) Aug 26 18:32:54.342111: | [2 is AUTH_ALGORITHM_HMAC_SHA1] Aug 26 18:32:54.342112: | ******parse ISAKMP IPsec DOI attribute: Aug 26 18:32:54.342114: | af+type: AF+KEY_LENGTH (0x8006) Aug 26 18:32:54.342116: | length/value: 128 (0x80) Aug 26 18:32:54.342118: | ESP IPsec Transform verified unconditionally; no alg_info to check against Aug 26 18:32:54.342119: | ****emit IPsec DOI SIT: Aug 26 18:32:54.342121: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) Aug 26 18:32:54.342123: | ****emit ISAKMP Proposal Payload: Aug 26 18:32:54.342124: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:32:54.342126: | proposal number: 0 (0x0) Aug 26 18:32:54.342128: | protocol ID: PROTO_IPSEC_ESP (0x3) Aug 26 18:32:54.342129: | SPI size: 4 (0x4) Aug 26 18:32:54.342131: | number of transforms: 1 (0x1) Aug 26 18:32:54.342132: | last substructure: saving location 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' Aug 26 18:32:54.342141: | netlink_get_spi: allocated 0x8b8a5569 for esp.0@192.1.2.23 Aug 26 18:32:54.342143: | emitting 4 raw bytes of SPI into ISAKMP Proposal Payload Aug 26 18:32:54.342145: | SPI 8b 8a 55 69 Aug 26 18:32:54.342147: | *****emit ISAKMP Transform Payload (ESP): Aug 26 18:32:54.342148: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:32:54.342150: | ESP transform number: 0 (0x0) Aug 26 18:32:54.342151: | ESP transform ID: ESP_AES (0xc) Aug 26 18:32:54.342153: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' Aug 26 18:32:54.342155: | emitting 24 raw bytes of attributes into ISAKMP Transform Payload (ESP) Aug 26 18:32:54.342157: | attributes 80 03 00 0e 80 04 00 01 80 01 00 01 80 02 70 80 Aug 26 18:32:54.342159: | attributes 80 05 00 02 80 06 00 80 Aug 26 18:32:54.342160: | emitting length of ISAKMP Transform Payload (ESP): 32 Aug 26 18:32:54.342162: | emitting length of ISAKMP Proposal Payload: 44 Aug 26 18:32:54.342164: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' is 0 Aug 26 18:32:54.342165: | emitting length of ISAKMP Security Association Payload: 56 Aug 26 18:32:54.342167: | last substructure: checking 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' is 0 Aug 26 18:32:54.342170: "northnet-eastnets/0x2" #2: responding to Quick Mode proposal {msgid:36432fd8} Aug 26 18:32:54.342178: "northnet-eastnets/0x2" #2: us: 192.0.22.0/24===192.1.2.23<192.1.2.23>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org] Aug 26 18:32:54.342183: "northnet-eastnets/0x2" #2: them: 192.1.3.33<192.1.3.33>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org]===192.0.3.0/24 Aug 26 18:32:54.342185: | ***emit ISAKMP Nonce Payload: Aug 26 18:32:54.342187: | next payload type: ISAKMP_NEXT_KE (0x4) Aug 26 18:32:54.342189: | next payload chain: ignoring supplied 'ISAKMP Nonce Payload'.'next payload type' value 4:ISAKMP_NEXT_KE Aug 26 18:32:54.342191: | next payload chain: setting previous 'ISAKMP Security Association Payload'.'next payload type' to current ISAKMP Nonce Payload (10:ISAKMP_NEXT_NONCE) Aug 26 18:32:54.342193: | next payload chain: saving location 'ISAKMP Nonce Payload'.'next payload type' in 'reply packet' Aug 26 18:32:54.342195: | emitting 32 raw bytes of Nr into ISAKMP Nonce Payload Aug 26 18:32:54.342196: | Nr d9 56 ab 07 ee fc bc 6c 78 94 d6 62 09 8b b8 64 Aug 26 18:32:54.342198: | Nr 92 16 c3 79 90 da 02 03 3f be 55 e9 8a 6c d5 4b Aug 26 18:32:54.342200: | emitting length of ISAKMP Nonce Payload: 36 Aug 26 18:32:54.342201: | ***emit ISAKMP Key Exchange Payload: Aug 26 18:32:54.342203: | next payload type: ISAKMP_NEXT_ID (0x5) Aug 26 18:32:54.342205: | next payload chain: ignoring supplied 'ISAKMP Key Exchange Payload'.'next payload type' value 5:ISAKMP_NEXT_ID Aug 26 18:32:54.342208: | next payload chain: setting previous 'ISAKMP Nonce Payload'.'next payload type' to current ISAKMP Key Exchange Payload (4:ISAKMP_NEXT_KE) Aug 26 18:32:54.342210: | next payload chain: saving location 'ISAKMP Key Exchange Payload'.'next payload type' in 'reply packet' Aug 26 18:32:54.342212: | emitting 256 raw bytes of keyex value into ISAKMP Key Exchange Payload Aug 26 18:32:54.342214: | keyex value c1 6a 23 0d af 83 56 c8 b3 22 f5 4f 21 7f b3 59 Aug 26 18:32:54.342215: | keyex value ef b4 55 47 b2 f1 ac e7 d0 c1 ee c7 96 dc e7 3d Aug 26 18:32:54.342217: | keyex value 32 1e c9 73 b0 d7 3d 85 0c 51 e9 b5 e3 0a 43 35 Aug 26 18:32:54.342218: | keyex value f7 95 3f b6 97 e5 17 9d e6 3e 88 57 ec a7 58 81 Aug 26 18:32:54.342220: | keyex value 5f b1 01 69 df 35 f5 e4 fe f2 b4 5c 1b f9 c0 8d Aug 26 18:32:54.342221: | keyex value fd 9d b6 21 1c 1b ca 68 20 bb c7 6a b5 a9 a1 35 Aug 26 18:32:54.342223: | keyex value a3 dd d8 d0 7b 8f 49 28 cc db 3f 5a 12 31 37 93 Aug 26 18:32:54.342224: | keyex value 2c 85 67 db 15 3d ad fb d3 57 78 60 41 b0 41 41 Aug 26 18:32:54.342226: | keyex value 15 90 80 ed 99 b0 0c 67 31 b9 8f ac bc 02 ad ad Aug 26 18:32:54.342227: | keyex value 4d 49 63 98 f1 02 25 29 e7 3a 39 06 89 e4 1f d1 Aug 26 18:32:54.342229: | keyex value 52 b5 12 f0 16 5c 17 81 c6 90 e9 3d 81 34 0c b7 Aug 26 18:32:54.342230: | keyex value cf d0 de ac 4c 79 15 73 3a 5d 37 bc eb 40 20 82 Aug 26 18:32:54.342232: | keyex value 70 41 9b 84 c7 87 43 ce 50 5b 59 cf e8 67 7f 30 Aug 26 18:32:54.342233: | keyex value 45 0d 8f 0f f5 86 95 55 6c 8c f6 64 d4 8f 4d b2 Aug 26 18:32:54.342235: | keyex value cc 23 4a 61 78 91 3f cc 6e ec 0d e3 70 ff 5b 82 Aug 26 18:32:54.342237: | keyex value 5f 57 15 dc 48 d1 a6 b2 92 e6 65 79 0b 80 b5 a4 Aug 26 18:32:54.342238: | emitting length of ISAKMP Key Exchange Payload: 260 Aug 26 18:32:54.342240: | ***emit ISAKMP Identification Payload (IPsec DOI): Aug 26 18:32:54.342242: | next payload type: ISAKMP_NEXT_ID (0x5) Aug 26 18:32:54.342243: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Aug 26 18:32:54.342245: | Protocol ID: 0 (0x0) Aug 26 18:32:54.342246: | port: 0 (0x0) Aug 26 18:32:54.342248: | next payload chain: ignoring supplied 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' value 5:ISAKMP_NEXT_ID Aug 26 18:32:54.342250: | next payload chain: setting previous 'ISAKMP Key Exchange Payload'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) Aug 26 18:32:54.342252: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' Aug 26 18:32:54.342254: | emitting 8 raw bytes of ID body into ISAKMP Identification Payload (IPsec DOI) Aug 26 18:32:54.342256: | ID body c0 00 03 00 ff ff ff 00 Aug 26 18:32:54.342257: | emitting length of ISAKMP Identification Payload (IPsec DOI): 16 Aug 26 18:32:54.342259: | ***emit ISAKMP Identification Payload (IPsec DOI): Aug 26 18:32:54.342261: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:32:54.342262: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Aug 26 18:32:54.342264: | Protocol ID: 0 (0x0) Aug 26 18:32:54.342265: | port: 0 (0x0) Aug 26 18:32:54.342267: | next payload chain: setting previous 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) Aug 26 18:32:54.342269: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' Aug 26 18:32:54.342271: | emitting 8 raw bytes of ID body into ISAKMP Identification Payload (IPsec DOI) Aug 26 18:32:54.342272: | ID body c0 00 16 00 ff ff ff 00 Aug 26 18:32:54.342274: | emitting length of ISAKMP Identification Payload (IPsec DOI): 16 Aug 26 18:32:54.342294: | quick inR1 outI2 HASH(2): Aug 26 18:32:54.342299: | 11 a5 3d 3e af 48 c7 59 f9 4f b5 52 5f 53 15 ea Aug 26 18:32:54.342302: | 98 8b 0d d4 4b a3 b0 8a 09 85 0e b2 1c 1d 00 8e Aug 26 18:32:54.342303: | compute_proto_keymat: needed_len (after ESP enc)=16 Aug 26 18:32:54.342305: | compute_proto_keymat: needed_len (after ESP auth)=36 Aug 26 18:32:54.342364: | FOR_EACH_CONNECTION_... in route_owner Aug 26 18:32:54.342367: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Aug 26 18:32:54.342369: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Aug 26 18:32:54.342371: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Aug 26 18:32:54.342373: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Aug 26 18:32:54.342375: | route owner of "northnet-eastnets/0x2" unrouted: NULL Aug 26 18:32:54.342377: | install_inbound_ipsec_sa() checking if we can route Aug 26 18:32:54.342378: | could_route called for northnet-eastnets/0x2 (kind=CK_PERMANENT) Aug 26 18:32:54.342380: | FOR_EACH_CONNECTION_... in route_owner Aug 26 18:32:54.342382: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Aug 26 18:32:54.342384: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Aug 26 18:32:54.342385: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Aug 26 18:32:54.342387: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Aug 26 18:32:54.342389: | route owner of "northnet-eastnets/0x2" unrouted: NULL; eroute owner: NULL Aug 26 18:32:54.342391: | routing is easy, or has resolvable near-conflict Aug 26 18:32:54.342393: | checking if this is a replacement state Aug 26 18:32:54.342395: | st=0x55e2115729b8 ost=(nil) st->serialno=#2 ost->serialno=#0 Aug 26 18:32:54.342396: | installing outgoing SA now as refhim=0 Aug 26 18:32:54.342398: | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 Aug 26 18:32:54.342400: | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 Aug 26 18:32:54.342402: | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 Aug 26 18:32:54.342405: | setting IPsec SA replay-window to 32 Aug 26 18:32:54.342407: | NIC esp-hw-offload not for connection 'northnet-eastnets/0x2' not available on interface eth1 Aug 26 18:32:54.342409: | netlink: enabling tunnel mode Aug 26 18:32:54.342410: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 18:32:54.342412: | netlink: esp-hw-offload not set for IPsec SA Aug 26 18:32:54.342445: | netlink response for Add SA esp.9bf37cd9@192.1.3.33 included non-error error Aug 26 18:32:54.342453: | outgoing SA has refhim=0 Aug 26 18:32:54.342458: | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 Aug 26 18:32:54.342463: | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 Aug 26 18:32:54.342466: | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 Aug 26 18:32:54.342471: | setting IPsec SA replay-window to 32 Aug 26 18:32:54.342475: | NIC esp-hw-offload not for connection 'northnet-eastnets/0x2' not available on interface eth1 Aug 26 18:32:54.342478: | netlink: enabling tunnel mode Aug 26 18:32:54.342482: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 18:32:54.342485: | netlink: esp-hw-offload not set for IPsec SA Aug 26 18:32:54.342522: | netlink response for Add SA esp.8b8a5569@192.1.2.23 included non-error error Aug 26 18:32:54.342528: | priority calculation of connection "northnet-eastnets/0x2" is 0xfe7e7 Aug 26 18:32:54.342536: | add inbound eroute 192.0.3.0/24:0 --0-> 192.0.22.0/24:0 => tun.10000@192.1.2.23 (raw_eroute) Aug 26 18:32:54.342540: | IPsec Sa SPD priority set to 1042407 Aug 26 18:32:54.342565: | raw_eroute result=success Aug 26 18:32:54.342603: | emitting 12 zero bytes of encryption padding into ISAKMP Message Aug 26 18:32:54.342608: | no IKEv1 message padding required Aug 26 18:32:54.342612: | emitting length of ISAKMP Message: 460 Aug 26 18:32:54.342622: | finished processing quick inI1 Aug 26 18:32:54.342627: | complete v1 state transition with STF_OK Aug 26 18:32:54.342634: | [RE]START processing: state #2 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in complete_v1_state_transition() at ikev1.c:2673) Aug 26 18:32:54.342639: | #2 is idle Aug 26 18:32:54.342642: | doing_xauth:no, t_xauth_client_done:no Aug 26 18:32:54.342647: | IKEv1: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1 Aug 26 18:32:54.342651: | child state #2: QUICK_R0(established CHILD SA) => QUICK_R1(established CHILD SA) Aug 26 18:32:54.342654: | event_already_set, deleting event Aug 26 18:32:54.342658: | state #2 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 18:32:54.342662: | libevent_free: release ptr-libevent@0x55e211571278 Aug 26 18:32:54.342666: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55e2115723a8 Aug 26 18:32:54.342673: | sending reply packet to 192.1.3.33:500 (from 192.1.2.23:500) Aug 26 18:32:54.342681: | sending 460 bytes for STATE_QUICK_R0 through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #2) Aug 26 18:32:54.342684: | b4 b9 92 b1 8c d6 51 ed 11 de db 08 7f 65 6e 7d Aug 26 18:32:54.342688: | 08 10 20 01 36 43 2f d8 00 00 01 cc 25 6a dc 0c Aug 26 18:32:54.342691: | 72 18 b3 5c 7b 43 35 42 8e 09 de 2a 4a 1e 79 4f Aug 26 18:32:54.342694: | 3b 95 d2 ad 3a a4 a2 1b 60 31 85 68 34 4d 85 c3 Aug 26 18:32:54.342697: | 11 1d 7e b7 44 e1 77 09 10 21 9f 28 07 3e 52 3e Aug 26 18:32:54.342700: | 79 3d c0 e2 61 1d 89 7e d7 e7 2f 8f c0 c9 58 d1 Aug 26 18:32:54.342704: | 63 c8 93 7a 3c be 7c a6 7d 1b 37 cb 98 ae d8 df Aug 26 18:32:54.342707: | 56 98 15 d2 21 33 bd 5f ad 64 ff 41 42 89 5a fe Aug 26 18:32:54.342710: | ca f2 72 34 4c 7c 74 a5 21 79 61 fb f7 df bd 46 Aug 26 18:32:54.342713: | 61 b1 55 22 e6 0b ec e2 cb f9 86 ef e2 31 c7 a8 Aug 26 18:32:54.342717: | 13 76 c6 24 f7 ed 6e 71 91 76 b4 ea 79 85 96 e5 Aug 26 18:32:54.342720: | 58 4a 1a 86 41 29 d5 86 81 55 66 66 ca 2c b8 58 Aug 26 18:32:54.342723: | 2f a0 b0 df 10 95 7e 62 92 da e9 03 11 da fc 82 Aug 26 18:32:54.342726: | 17 f9 da b0 1b 3b 6c 5e 77 c8 91 bd 19 3a 07 14 Aug 26 18:32:54.342729: | 6e a1 f3 d2 71 ee 83 74 ff 29 ba 49 f3 b3 4d 7a Aug 26 18:32:54.342732: | 84 4b e4 e7 db e2 87 8a 23 f5 19 26 c6 73 ea ea Aug 26 18:32:54.342735: | cf 7c bd b7 e9 a2 f4 77 00 20 11 25 0a 94 16 b5 Aug 26 18:32:54.342738: | 17 03 d2 35 b4 2f 44 ee 04 12 39 4a 7c b6 0d ec Aug 26 18:32:54.342741: | c6 7e 1e 2c fd e6 20 e3 4b 0b 94 c4 21 35 6a 23 Aug 26 18:32:54.342743: | db 48 80 fe e5 1b 62 e4 f6 b3 3c cb 58 5c ad 72 Aug 26 18:32:54.342745: | 56 bc fa 8f bd 31 16 5b bf c1 b3 ed f6 7b f0 e4 Aug 26 18:32:54.342747: | 09 68 13 e2 d5 bf d8 27 31 71 5d f8 fd 54 ca 8a Aug 26 18:32:54.342748: | 53 4c 26 cd 00 a3 25 ac 59 25 35 c0 a0 7c ea 55 Aug 26 18:32:54.342750: | 19 67 e4 6f a1 ae f5 38 ad 41 2f 6a 3f d9 a7 b8 Aug 26 18:32:54.342751: | 95 d4 c6 95 5b e6 1e c1 81 86 c3 c7 6f 7d 90 74 Aug 26 18:32:54.342753: | 76 2a b1 50 84 94 47 31 35 6e 49 ff 6e c9 e6 72 Aug 26 18:32:54.342754: | c6 71 f0 d2 b8 c6 ce f7 a3 2b 78 0c 0d 75 c3 b7 Aug 26 18:32:54.342756: | 62 be c5 07 64 1e 07 e1 fd a1 bb e0 cf 77 5c 81 Aug 26 18:32:54.342757: | 0e 5e fd ec c8 97 09 82 08 e5 3f a3 Aug 26 18:32:54.342777: | !event_already_set at reschedule Aug 26 18:32:54.342781: | event_schedule: new EVENT_RETRANSMIT-pe@0x55e2115723a8 Aug 26 18:32:54.342784: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #2 Aug 26 18:32:54.342786: | libevent_malloc: new ptr-libevent@0x7f49880037f8 size 128 Aug 26 18:32:54.342789: | #2 STATE_QUICK_R1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 29660.085247 Aug 26 18:32:54.342791: | pstats #2 ikev1.ipsec established Aug 26 18:32:54.342793: | NAT-T: encaps is 'auto' Aug 26 18:32:54.342796: "northnet-eastnets/0x2" #2: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2 tunnel mode {ESP=>0x9bf37cd9 <0x8b8a5569 xfrm=AES_CBC_128-HMAC_SHA1_96 NATOA=none NATD=none DPD=passive} Aug 26 18:32:54.342798: | modecfg pull: noquirk policy:push not-client Aug 26 18:32:54.342800: | phase 1 is done, looking for phase 2 to unpend Aug 26 18:32:54.342804: | resume sending helper answer for #2 suppresed complete_v1_state_transition() Aug 26 18:32:54.342809: | #2 spent 0.797 milliseconds in resume sending helper answer Aug 26 18:32:54.342812: | stop processing: state #2 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:833) Aug 26 18:32:54.342814: | libevent_free: release ptr-libevent@0x7f4994003618 Aug 26 18:32:54.376142: | spent 0.00281 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:32:54.376162: | *received 76 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) Aug 26 18:32:54.376165: | b4 b9 92 b1 8c d6 51 ed 11 de db 08 7f 65 6e 7d Aug 26 18:32:54.376167: | 08 10 20 01 f1 9e c5 42 00 00 00 4c 11 c2 8a 8b Aug 26 18:32:54.376168: | 11 67 3e e8 fc 7e 05 fe c4 06 79 0c 29 55 54 66 Aug 26 18:32:54.376170: | 6e 07 6e 68 30 c4 24 2a 3f 36 93 4a 20 65 c9 6d Aug 26 18:32:54.376171: | 26 02 8b 1e c5 99 79 4b f2 6c 30 45 Aug 26 18:32:54.376174: | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) Aug 26 18:32:54.376177: | **parse ISAKMP Message: Aug 26 18:32:54.376179: | initiator cookie: Aug 26 18:32:54.376181: | b4 b9 92 b1 8c d6 51 ed Aug 26 18:32:54.376182: | responder cookie: Aug 26 18:32:54.376184: | 11 de db 08 7f 65 6e 7d Aug 26 18:32:54.376186: | next payload type: ISAKMP_NEXT_HASH (0x8) Aug 26 18:32:54.376188: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 18:32:54.376189: | exchange type: ISAKMP_XCHG_QUICK (0x20) Aug 26 18:32:54.376191: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 18:32:54.376193: | Message ID: 4053714242 (0xf19ec542) Aug 26 18:32:54.376195: | length: 76 (0x4c) Aug 26 18:32:54.376197: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32) Aug 26 18:32:54.376200: | State DB: found IKEv1 state #3 in QUICK_R1 (find_state_ikev1) Aug 26 18:32:54.376203: | start processing: state #3 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in process_v1_packet() at ikev1.c:1633) Aug 26 18:32:54.376205: | #3 is idle Aug 26 18:32:54.376207: | #3 idle Aug 26 18:32:54.376209: | received encrypted packet from 192.1.3.33:500 Aug 26 18:32:54.376223: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x100 opt: 0x0 Aug 26 18:32:54.376226: | ***parse ISAKMP Hash Payload: Aug 26 18:32:54.376227: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:32:54.376229: | length: 36 (0x24) Aug 26 18:32:54.376231: | removing 12 bytes of padding Aug 26 18:32:54.376250: | quick_inI2 HASH(3): Aug 26 18:32:54.376252: | b6 ee 9e c5 0d 8a 2e fd 7b ef d9 aa ab 75 b5 ab Aug 26 18:32:54.376253: | 3c a2 5f 50 eb af bf 3f 86 a8 2a ad a7 e3 5e 6c Aug 26 18:32:54.376255: | received 'quick_inI2' message HASH(3) data ok Aug 26 18:32:54.376259: | install_ipsec_sa() for #3: outbound only Aug 26 18:32:54.376261: | could_route called for northnet-eastnets/0x1 (kind=CK_PERMANENT) Aug 26 18:32:54.376263: | FOR_EACH_CONNECTION_... in route_owner Aug 26 18:32:54.376265: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Aug 26 18:32:54.376267: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Aug 26 18:32:54.376269: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Aug 26 18:32:54.376271: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Aug 26 18:32:54.376274: | route owner of "northnet-eastnets/0x1" unrouted: NULL; eroute owner: NULL Aug 26 18:32:54.376275: | sr for #3: unrouted Aug 26 18:32:54.376278: | route_and_eroute() for proto 0, and source port 0 dest port 0 Aug 26 18:32:54.376279: | FOR_EACH_CONNECTION_... in route_owner Aug 26 18:32:54.376281: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Aug 26 18:32:54.376283: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Aug 26 18:32:54.376285: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Aug 26 18:32:54.376287: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Aug 26 18:32:54.376301: | route owner of "northnet-eastnets/0x1" unrouted: NULL; eroute owner: NULL Aug 26 18:32:54.376308: | route_and_eroute with c: northnet-eastnets/0x1 (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #3 Aug 26 18:32:54.376311: | priority calculation of connection "northnet-eastnets/0x1" is 0xfe7e7 Aug 26 18:32:54.376317: | eroute_connection add eroute 192.0.2.0/24:0 --0-> 192.0.3.0/24:0 => tun.0@192.1.3.33 (raw_eroute) Aug 26 18:32:54.376320: | IPsec Sa SPD priority set to 1042407 Aug 26 18:32:54.376346: | raw_eroute result=success Aug 26 18:32:54.376349: | running updown command "ipsec _updown" for verb up Aug 26 18:32:54.376351: | command executing up-client Aug 26 18:32:54.376370: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:32:54.376374: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:32:54.376387: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RS Aug 26 18:32:54.376389: | popen cmd is 1402 chars long Aug 26 18:32:54.376395: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0: Aug 26 18:32:54.376399: | cmd( 80):x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PL: Aug 26 18:32:54.376402: | cmd( 160):UTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east: Aug 26 18:32:54.376404: | cmd( 240):.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='192.: Aug 26 18:32:54.376406: | cmd( 320):0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' P: Aug 26 18:32:54.376409: | cmd( 400):LUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP: Aug 26 18:32:54.376411: | cmd( 480):' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswa: Aug 26 18:32:54.376414: | cmd( 560):n, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libr: Aug 26 18:32:54.376416: | cmd( 640):eswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PL: Aug 26 18:32:54.376418: | cmd( 720):UTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0': Aug 26 18:32:54.376421: | cmd( 800): PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN: Aug 26 18:32:54.376423: | cmd( 880):=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLU: Aug 26 18:32:54.376426: | cmd( 960):TO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TR: Aug 26 18:32:54.376428: | cmd(1040):ACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY=: Aug 26 18:32:54.376431: | cmd(1120):'ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_: Aug 26 18:32:54.376433: | cmd(1200):DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PL: Aug 26 18:32:54.376435: | cmd(1280):UTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x729: Aug 26 18:32:54.376440: | cmd(1360):e99e SPI_OUT=0xa6dbcb71 ipsec _updown 2>&1: Aug 26 18:32:54.384084: | route_and_eroute: firewall_notified: true Aug 26 18:32:54.384100: | running updown command "ipsec _updown" for verb prepare Aug 26 18:32:54.384103: | command executing prepare-client Aug 26 18:32:54.384125: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:32:54.384131: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:32:54.384145: | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_ Aug 26 18:32:54.384148: | popen cmd is 1407 chars long Aug 26 18:32:54.384150: | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastn: Aug 26 18:32:54.384151: | cmd( 80):ets/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.2: Aug 26 18:32:54.384153: | cmd( 160):3' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN: Aug 26 18:32:54.384155: | cmd( 240):=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT=: Aug 26 18:32:54.384157: | cmd( 320):'192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255: Aug 26 18:32:54.384158: | cmd( 400):.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE: Aug 26 18:32:54.384160: | cmd( 480):='ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Lib: Aug 26 18:32:54.384161: | cmd( 560):reswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing: Aug 26 18:32:54.384163: | cmd( 640):.libreswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.: Aug 26 18:32:54.384165: | cmd( 720):0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCO: Aug 26 18:32:54.384166: | cmd( 800):L='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Departmen: Aug 26 18:32:54.384168: | cmd( 880):t, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey: Aug 26 18:32:54.384170: | cmd( 960):' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAR: Aug 26 18:32:54.384171: | cmd(1040):EF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFA: Aug 26 18:32:54.384173: | cmd(1120):MILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_: Aug 26 18:32:54.384175: | cmd(1200):PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT=': Aug 26 18:32:54.384176: | cmd(1280):0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=: Aug 26 18:32:54.384178: | cmd(1360):0x729e99e SPI_OUT=0xa6dbcb71 ipsec _updown 2>&1: Aug 26 18:32:54.391276: | running updown command "ipsec _updown" for verb route Aug 26 18:32:54.391298: | command executing route-client Aug 26 18:32:54.391322: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:32:54.391331: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:32:54.391346: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLI Aug 26 18:32:54.391349: | popen cmd is 1405 chars long Aug 26 18:32:54.391351: | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet: Aug 26 18:32:54.391352: | cmd( 80):s/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23': Aug 26 18:32:54.391354: | cmd( 160): PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=e: Aug 26 18:32:54.391356: | cmd( 240):ast.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='1: Aug 26 18:32:54.391358: | cmd( 320):92.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0: Aug 26 18:32:54.391359: | cmd( 400):' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE=': Aug 26 18:32:54.391361: | cmd( 480):ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libre: Aug 26 18:32:54.391363: | cmd( 560):swan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.l: Aug 26 18:32:54.391364: | cmd( 640):ibreswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0': Aug 26 18:32:54.391366: | cmd( 720): PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL=: Aug 26 18:32:54.391368: | cmd( 800):'0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department,: Aug 26 18:32:54.391369: | cmd( 880): CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' : Aug 26 18:32:54.391371: | cmd( 960):PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF: Aug 26 18:32:54.391372: | cmd(1040):_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMI: Aug 26 18:32:54.391374: | cmd(1120):LY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PE: Aug 26 18:32:54.391376: | cmd(1200):ER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0': Aug 26 18:32:54.391377: | cmd(1280): PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x: Aug 26 18:32:54.391379: | cmd(1360):729e99e SPI_OUT=0xa6dbcb71 ipsec _updown 2>&1: Aug 26 18:32:54.401351: | route_and_eroute: instance "northnet-eastnets/0x1", setting eroute_owner {spd=0x55e21155df58,sr=0x55e21155df58} to #3 (was #0) (newest_ipsec_sa=#0) Aug 26 18:32:54.401370: | #1 spent 1.49 milliseconds in install_ipsec_sa() Aug 26 18:32:54.401375: | inI2: instance northnet-eastnets/0x1[0], setting IKEv1 newest_ipsec_sa to #3 (was #0) (spd.eroute=#3) cloned from #1 Aug 26 18:32:54.401378: | DPD: dpd_init() called on IPsec SA Aug 26 18:32:54.401379: | DPD: Peer does not support Dead Peer Detection Aug 26 18:32:54.401383: | complete v1 state transition with STF_OK Aug 26 18:32:54.401388: | [RE]START processing: state #3 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in complete_v1_state_transition() at ikev1.c:2673) Aug 26 18:32:54.401392: | #3 is idle Aug 26 18:32:54.401394: | doing_xauth:no, t_xauth_client_done:no Aug 26 18:32:54.401396: | IKEv1: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2 Aug 26 18:32:54.401399: | child state #3: QUICK_R1(established CHILD SA) => QUICK_R2(established CHILD SA) Aug 26 18:32:54.401401: | event_already_set, deleting event Aug 26 18:32:54.401403: | state #3 requesting EVENT_RETRANSMIT to be deleted Aug 26 18:32:54.401405: | #3 STATE_QUICK_R2: retransmits: cleared Aug 26 18:32:54.401415: | libevent_free: release ptr-libevent@0x7f4990003f28 Aug 26 18:32:54.401420: | free_event_entry: release EVENT_RETRANSMIT-pe@0x55e2114f7238 Aug 26 18:32:54.401426: | !event_already_set at reschedule Aug 26 18:32:54.401430: | event_schedule: new EVENT_SA_REPLACE-pe@0x55e2114f7238 Aug 26 18:32:54.401432: | inserting event EVENT_SA_REPLACE, timeout in 28530 seconds for #3 Aug 26 18:32:54.401436: | libevent_malloc: new ptr-libevent@0x7f4994003618 size 128 Aug 26 18:32:54.401439: | pstats #3 ikev1.ipsec established Aug 26 18:32:54.401444: | NAT-T: encaps is 'auto' Aug 26 18:32:54.401447: "northnet-eastnets/0x1" #3: STATE_QUICK_R2: IPsec SA established tunnel mode {ESP=>0x0729e99e <0xa6dbcb71 xfrm=AES_CBC_128-HMAC_SHA1_96 NATOA=none NATD=none DPD=passive} Aug 26 18:32:54.401450: | modecfg pull: noquirk policy:push not-client Aug 26 18:32:54.401451: | phase 1 is done, looking for phase 2 to unpend Aug 26 18:32:54.401454: | #3 spent 1.58 milliseconds in process_packet_tail() Aug 26 18:32:54.401458: | stop processing: from 192.1.3.33:500 (BACKGROUND) (in process_md() at demux.c:380) Aug 26 18:32:54.401461: | stop processing: state #3 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in process_md() at demux.c:382) Aug 26 18:32:54.401464: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 18:32:54.401468: | spent 1.7 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:32:54.401480: | processing signal PLUTO_SIGCHLD Aug 26 18:32:54.401484: | waitpid returned ECHILD (no child processes left) Aug 26 18:32:54.401487: | spent 0.00381 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 18:32:54.401489: | processing signal PLUTO_SIGCHLD Aug 26 18:32:54.401491: | waitpid returned ECHILD (no child processes left) Aug 26 18:32:54.401493: | spent 0.00244 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 18:32:54.401495: | processing signal PLUTO_SIGCHLD Aug 26 18:32:54.401497: | waitpid returned ECHILD (no child processes left) Aug 26 18:32:54.401500: | spent 0.00236 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 18:32:54.405896: | spent 0.00266 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:32:54.405917: | *received 76 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) Aug 26 18:32:54.405920: | b4 b9 92 b1 8c d6 51 ed 11 de db 08 7f 65 6e 7d Aug 26 18:32:54.405922: | 08 10 20 01 36 43 2f d8 00 00 00 4c d9 f3 13 89 Aug 26 18:32:54.405923: | 59 75 26 0f 48 03 ca ef e1 09 3d d5 d0 dc a5 21 Aug 26 18:32:54.405925: | f6 90 ed a3 3c be c2 68 7b f2 55 57 98 be 9c 26 Aug 26 18:32:54.405926: | 31 4b 86 55 e1 13 af 07 d9 84 99 41 Aug 26 18:32:54.405930: | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) Aug 26 18:32:54.405933: | **parse ISAKMP Message: Aug 26 18:32:54.405935: | initiator cookie: Aug 26 18:32:54.405936: | b4 b9 92 b1 8c d6 51 ed Aug 26 18:32:54.405938: | responder cookie: Aug 26 18:32:54.405939: | 11 de db 08 7f 65 6e 7d Aug 26 18:32:54.405942: | next payload type: ISAKMP_NEXT_HASH (0x8) Aug 26 18:32:54.405943: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 18:32:54.405946: | exchange type: ISAKMP_XCHG_QUICK (0x20) Aug 26 18:32:54.405955: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 18:32:54.405958: | Message ID: 910372824 (0x36432fd8) Aug 26 18:32:54.405961: | length: 76 (0x4c) Aug 26 18:32:54.405964: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32) Aug 26 18:32:54.405971: | State DB: found IKEv1 state #2 in QUICK_R1 (find_state_ikev1) Aug 26 18:32:54.405977: | start processing: state #2 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in process_v1_packet() at ikev1.c:1633) Aug 26 18:32:54.405980: | #2 is idle Aug 26 18:32:54.405983: | #2 idle Aug 26 18:32:54.405987: | received encrypted packet from 192.1.3.33:500 Aug 26 18:32:54.406020: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x100 opt: 0x0 Aug 26 18:32:54.406024: | ***parse ISAKMP Hash Payload: Aug 26 18:32:54.406027: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:32:54.406030: | length: 36 (0x24) Aug 26 18:32:54.406032: | removing 12 bytes of padding Aug 26 18:32:54.406067: | quick_inI2 HASH(3): Aug 26 18:32:54.406071: | 42 c4 fa 68 06 2f b4 de 9a 1e c2 aa d2 32 66 5d Aug 26 18:32:54.406073: | f8 a7 81 7e 49 59 a3 7e 44 dd a9 35 b3 b1 49 c6 Aug 26 18:32:54.406076: | received 'quick_inI2' message HASH(3) data ok Aug 26 18:32:54.406082: | install_ipsec_sa() for #2: outbound only Aug 26 18:32:54.406085: | could_route called for northnet-eastnets/0x2 (kind=CK_PERMANENT) Aug 26 18:32:54.406088: | FOR_EACH_CONNECTION_... in route_owner Aug 26 18:32:54.406091: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Aug 26 18:32:54.406094: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Aug 26 18:32:54.406097: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Aug 26 18:32:54.406099: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Aug 26 18:32:54.406104: | route owner of "northnet-eastnets/0x2" unrouted: "northnet-eastnets/0x1" erouted; eroute owner: NULL Aug 26 18:32:54.406107: | sr for #2: unrouted Aug 26 18:32:54.406110: | route_and_eroute() for proto 0, and source port 0 dest port 0 Aug 26 18:32:54.406112: | FOR_EACH_CONNECTION_... in route_owner Aug 26 18:32:54.406114: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Aug 26 18:32:54.406116: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Aug 26 18:32:54.406118: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Aug 26 18:32:54.406119: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Aug 26 18:32:54.406122: | route owner of "northnet-eastnets/0x2" unrouted: "northnet-eastnets/0x1" erouted; eroute owner: NULL Aug 26 18:32:54.406124: | route_and_eroute with c: northnet-eastnets/0x2 (next: none) ero:null esr:{(nil)} ro:northnet-eastnets/0x1 rosr:{0x55e21155df58} and state: #2 Aug 26 18:32:54.406127: | priority calculation of connection "northnet-eastnets/0x2" is 0xfe7e7 Aug 26 18:32:54.406133: | eroute_connection add eroute 192.0.22.0/24:0 --0-> 192.0.3.0/24:0 => tun.0@192.1.3.33 (raw_eroute) Aug 26 18:32:54.406136: | IPsec Sa SPD priority set to 1042407 Aug 26 18:32:54.406164: | raw_eroute result=success Aug 26 18:32:54.406168: | running updown command "ipsec _updown" for verb up Aug 26 18:32:54.406169: | command executing up-client Aug 26 18:32:54.406194: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:32:54.406205: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:32:54.406230: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.22.0/24' PLUTO_MY_CLIENT_NET='192.0.22.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY=' Aug 26 18:32:54.406235: | popen cmd is 1405 chars long Aug 26 18:32:54.406238: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0: Aug 26 18:32:54.406239: | cmd( 80):x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PL: Aug 26 18:32:54.406241: | cmd( 160):UTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east: Aug 26 18:32:54.406243: | cmd( 240):.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='192.: Aug 26 18:32:54.406244: | cmd( 320):0.22.0/24' PLUTO_MY_CLIENT_NET='192.0.22.0' PLUTO_MY_CLIENT_MASK='255.255.255.0': Aug 26 18:32:54.406246: | cmd( 400): PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='E: Aug 26 18:32:54.406248: | cmd( 480):SP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libres: Aug 26 18:32:54.406249: | cmd( 560):wan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.li: Aug 26 18:32:54.406251: | cmd( 640):breswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' : Aug 26 18:32:54.406253: | cmd( 720):PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL=': Aug 26 18:32:54.406254: | cmd( 800):0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, : Aug 26 18:32:54.406256: | cmd( 880):CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' P: Aug 26 18:32:54.406258: | cmd( 960):LUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_: Aug 26 18:32:54.406259: | cmd(1040):TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMIL: Aug 26 18:32:54.406261: | cmd(1120):Y='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEE: Aug 26 18:32:54.406263: | cmd(1200):R_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' : Aug 26 18:32:54.406264: | cmd(1280):PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x9: Aug 26 18:32:54.406266: | cmd(1360):bf37cd9 SPI_OUT=0x8b8a5569 ipsec _updown 2>&1: Aug 26 18:32:54.413591: | route_and_eroute: firewall_notified: true Aug 26 18:32:54.413608: | route_and_eroute: instance "northnet-eastnets/0x2", setting eroute_owner {spd=0x55e21156a8d8,sr=0x55e21156a8d8} to #2 (was #0) (newest_ipsec_sa=#0) Aug 26 18:32:54.413615: | #1 spent 0.598 milliseconds in install_ipsec_sa() Aug 26 18:32:54.413619: | inI2: instance northnet-eastnets/0x2[0], setting IKEv1 newest_ipsec_sa to #2 (was #0) (spd.eroute=#2) cloned from #1 Aug 26 18:32:54.413622: | DPD: dpd_init() called on IPsec SA Aug 26 18:32:54.413624: | DPD: Peer does not support Dead Peer Detection Aug 26 18:32:54.413627: | complete v1 state transition with STF_OK Aug 26 18:32:54.413632: | [RE]START processing: state #2 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in complete_v1_state_transition() at ikev1.c:2673) Aug 26 18:32:54.413634: | #2 is idle Aug 26 18:32:54.413636: | doing_xauth:no, t_xauth_client_done:no Aug 26 18:32:54.413638: | IKEv1: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2 Aug 26 18:32:54.413642: | child state #2: QUICK_R1(established CHILD SA) => QUICK_R2(established CHILD SA) Aug 26 18:32:54.413645: | event_already_set, deleting event Aug 26 18:32:54.413647: | state #2 requesting EVENT_RETRANSMIT to be deleted Aug 26 18:32:54.413649: | #2 STATE_QUICK_R2: retransmits: cleared Aug 26 18:32:54.413659: | libevent_free: release ptr-libevent@0x7f49880037f8 Aug 26 18:32:54.413663: | free_event_entry: release EVENT_RETRANSMIT-pe@0x55e2115723a8 Aug 26 18:32:54.413668: | !event_already_set at reschedule Aug 26 18:32:54.413672: | event_schedule: new EVENT_SA_REPLACE-pe@0x55e2115723a8 Aug 26 18:32:54.413675: | inserting event EVENT_SA_REPLACE, timeout in 28530 seconds for #2 Aug 26 18:32:54.413681: | libevent_malloc: new ptr-libevent@0x55e211571278 size 128 Aug 26 18:32:54.413684: | pstats #2 ikev1.ipsec established Aug 26 18:32:54.413689: | NAT-T: encaps is 'auto' Aug 26 18:32:54.413692: "northnet-eastnets/0x2" #2: STATE_QUICK_R2: IPsec SA established tunnel mode {ESP=>0x9bf37cd9 <0x8b8a5569 xfrm=AES_CBC_128-HMAC_SHA1_96 NATOA=none NATD=none DPD=passive} Aug 26 18:32:54.413694: | modecfg pull: noquirk policy:push not-client Aug 26 18:32:54.413696: | phase 1 is done, looking for phase 2 to unpend Aug 26 18:32:54.413699: | #2 spent 0.685 milliseconds in process_packet_tail() Aug 26 18:32:54.413702: | stop processing: from 192.1.3.33:500 (BACKGROUND) (in process_md() at demux.c:380) Aug 26 18:32:54.413706: | stop processing: state #2 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in process_md() at demux.c:382) Aug 26 18:32:54.413709: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 18:32:54.413712: | spent 0.871 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:32:54.413723: | processing signal PLUTO_SIGCHLD Aug 26 18:32:54.413727: | waitpid returned ECHILD (no child processes left) Aug 26 18:32:54.413730: | spent 0.00387 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 18:33:12.346344: | processing global timer EVENT_SHUNT_SCAN Aug 26 18:33:12.346375: | expiring aged bare shunts from shunt table Aug 26 18:33:12.346381: | spent 0.00391 milliseconds in global timer EVENT_SHUNT_SCAN Aug 26 18:33:14.314323: | processing global timer EVENT_NAT_T_KEEPALIVE Aug 26 18:33:14.314339: | FOR_EACH_STATE_... in nat_traversal_ka_event (for_each_state) Aug 26 18:33:14.314345: | start processing: state #3 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in for_each_state() at state.c:1575) Aug 26 18:33:14.314348: | not behind NAT: no NAT-T KEEP-ALIVE required for conn northnet-eastnets/0x1 Aug 26 18:33:14.314364: | [RE]START processing: state #3 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in nat_traversal_send_ka() at nat_traversal.c:774) Aug 26 18:33:14.314366: | ka_event: send NAT-KA to 192.1.3.33:500 (state=#3) Aug 26 18:33:14.314368: | sending NAT-T Keep Alive Aug 26 18:33:14.314376: | sending 1 bytes for NAT-T Keep Alive through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #3) Aug 26 18:33:14.314378: | ff Aug 26 18:33:14.314399: | stop processing: state #3 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in nat_traversal_send_ka() at nat_traversal.c:786) Aug 26 18:33:14.314402: | processing: STOP state #0 (in for_each_state() at state.c:1577) Aug 26 18:33:14.314406: | start processing: state #2 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in for_each_state() at state.c:1575) Aug 26 18:33:14.314407: | not behind NAT: no NAT-T KEEP-ALIVE required for conn northnet-eastnets/0x2 Aug 26 18:33:14.314410: | [RE]START processing: state #2 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in nat_traversal_send_ka() at nat_traversal.c:774) Aug 26 18:33:14.314412: | ka_event: send NAT-KA to 192.1.3.33:500 (state=#2) Aug 26 18:33:14.314414: | sending NAT-T Keep Alive Aug 26 18:33:14.314417: | sending 1 bytes for NAT-T Keep Alive through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #2) Aug 26 18:33:14.314418: | ff Aug 26 18:33:14.314423: | stop processing: state #2 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in nat_traversal_send_ka() at nat_traversal.c:786) Aug 26 18:33:14.314425: | processing: STOP state #0 (in for_each_state() at state.c:1577) Aug 26 18:33:14.314428: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in for_each_state() at state.c:1575) Aug 26 18:33:14.314430: | not behind NAT: no NAT-T KEEP-ALIVE required for conn northnet-eastnets/0x2 Aug 26 18:33:14.314432: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in for_each_state() at state.c:1577) Aug 26 18:33:14.314435: | global one-shot timer EVENT_NAT_T_KEEPALIVE scheduled in 20 seconds Aug 26 18:33:14.314442: | spent 0.101 milliseconds in global timer EVENT_NAT_T_KEEPALIVE Aug 26 18:33:32.340467: | processing global timer EVENT_SHUNT_SCAN Aug 26 18:33:32.340524: | expiring aged bare shunts from shunt table Aug 26 18:33:32.340547: | spent 0.0178 milliseconds in global timer EVENT_SHUNT_SCAN Aug 26 18:33:34.316367: | processing global timer EVENT_NAT_T_KEEPALIVE Aug 26 18:33:34.316381: | FOR_EACH_STATE_... in nat_traversal_ka_event (for_each_state) Aug 26 18:33:34.316387: | start processing: state #3 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in for_each_state() at state.c:1575) Aug 26 18:33:34.316389: | not behind NAT: no NAT-T KEEP-ALIVE required for conn northnet-eastnets/0x1 Aug 26 18:33:34.316393: | [RE]START processing: state #3 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in nat_traversal_send_ka() at nat_traversal.c:774) Aug 26 18:33:34.316395: | ka_event: send NAT-KA to 192.1.3.33:500 (state=#3) Aug 26 18:33:34.316396: | sending NAT-T Keep Alive Aug 26 18:33:34.316400: | sending 1 bytes for NAT-T Keep Alive through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #3) Aug 26 18:33:34.316402: | ff Aug 26 18:33:34.316439: | stop processing: state #3 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in nat_traversal_send_ka() at nat_traversal.c:786) Aug 26 18:33:34.316442: | processing: STOP state #0 (in for_each_state() at state.c:1577) Aug 26 18:33:34.316446: | start processing: state #2 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in for_each_state() at state.c:1575) Aug 26 18:33:34.316448: | not behind NAT: no NAT-T KEEP-ALIVE required for conn northnet-eastnets/0x2 Aug 26 18:33:34.316450: | [RE]START processing: state #2 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in nat_traversal_send_ka() at nat_traversal.c:774) Aug 26 18:33:34.316452: | ka_event: send NAT-KA to 192.1.3.33:500 (state=#2) Aug 26 18:33:34.316454: | sending NAT-T Keep Alive Aug 26 18:33:34.316457: | sending 1 bytes for NAT-T Keep Alive through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #2) Aug 26 18:33:34.316458: | ff Aug 26 18:33:34.316468: | stop processing: state #2 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in nat_traversal_send_ka() at nat_traversal.c:786) Aug 26 18:33:34.316470: | processing: STOP state #0 (in for_each_state() at state.c:1577) Aug 26 18:33:34.316473: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in for_each_state() at state.c:1575) Aug 26 18:33:34.316475: | not behind NAT: no NAT-T KEEP-ALIVE required for conn northnet-eastnets/0x2 Aug 26 18:33:34.316477: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in for_each_state() at state.c:1577) Aug 26 18:33:34.316479: | global one-shot timer EVENT_NAT_T_KEEPALIVE scheduled in 20 seconds Aug 26 18:33:34.316484: | spent 0.0799 milliseconds in global timer EVENT_NAT_T_KEEPALIVE Aug 26 18:33:37.172169: | spent 0.00352 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:33:37.172198: | *received 476 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) Aug 26 18:33:37.172203: | b4 b9 92 b1 8c d6 51 ed 11 de db 08 7f 65 6e 7d Aug 26 18:33:37.172206: | 08 10 20 01 4e 17 d4 82 00 00 01 dc 78 87 4a 2e Aug 26 18:33:37.172209: | 3d f4 2c 41 85 3b 3d 39 44 0a 17 6c da 2c 38 ae Aug 26 18:33:37.172212: | 20 01 2a de 28 c5 d1 63 3d 8f 49 79 cc b3 c6 fe Aug 26 18:33:37.172214: | bd a1 03 61 6f 82 ff 08 e9 52 f7 01 df 20 cb 28 Aug 26 18:33:37.172217: | 79 08 8b 6c 0b 70 92 d8 dd 94 89 a0 47 a5 05 a6 Aug 26 18:33:37.172221: | 86 70 2d 67 5a 8f 98 b9 1e 1a d7 34 df f7 64 fb Aug 26 18:33:37.172223: | 30 5f 31 5a 65 5b 9f 91 e9 b1 52 8e 24 6a c9 3a Aug 26 18:33:37.172226: | 18 17 1b 85 57 ee 46 26 1f cb 85 f1 f9 c7 ac 1f Aug 26 18:33:37.172229: | db 88 b5 59 36 6b ec 65 fe ee 08 aa 00 34 6a ae Aug 26 18:33:37.172232: | 34 e0 d7 05 9c f3 e4 0d 06 99 be 9b 82 9f 69 95 Aug 26 18:33:37.172234: | 31 b6 54 9e f4 b3 74 99 60 7c 4c 6b 04 9f e7 3b Aug 26 18:33:37.172237: | 57 25 83 3c e3 ce a1 59 e9 b4 6b 4d cd 92 09 be Aug 26 18:33:37.172243: | 0a 89 87 53 15 74 a4 59 fd d5 ac 20 5b fc ad 60 Aug 26 18:33:37.172246: | d7 6d ee 57 4c 66 d3 48 51 66 a4 f0 3d b4 94 03 Aug 26 18:33:37.172249: | b8 11 d5 1f b7 b7 6e c0 96 b2 94 39 49 04 45 a4 Aug 26 18:33:37.172252: | 3e 0b 55 af 11 73 fa 94 a5 6a 30 b5 32 51 fc 6f Aug 26 18:33:37.172254: | 28 32 f3 d9 f5 90 65 cb 1e aa f9 a1 b2 02 86 ea Aug 26 18:33:37.172257: | a0 cb ff d0 cb 0c 29 44 7b dd 3f 17 ae 8e e8 ee Aug 26 18:33:37.172260: | 1a bb 0d f2 d2 51 c0 33 61 4e b6 db 84 10 aa 78 Aug 26 18:33:37.172262: | d8 80 80 57 e4 c4 de 1a 2d dc ee 99 48 6f bc 56 Aug 26 18:33:37.172265: | bd 77 16 0d 8e 7b 9e 4d f1 58 3d b2 c3 2e 26 2d Aug 26 18:33:37.172267: | 63 a6 d6 e3 59 3b 79 2d 8c 5c 6e 2f 55 68 c6 e7 Aug 26 18:33:37.172270: | f9 fd b7 3a 34 31 60 8a 09 31 a1 ea ef 7d 7d 8c Aug 26 18:33:37.172273: | 19 ed 52 c9 18 5d 91 f4 e8 73 af 61 85 1e 26 b3 Aug 26 18:33:37.172276: | d5 88 8f 5e c6 60 da 95 b0 9b bc 9c b9 d5 da d5 Aug 26 18:33:37.172278: | a9 9a 14 01 68 20 bb 74 2a 85 27 4d f3 81 2a 3e Aug 26 18:33:37.172281: | 60 bd 9f f3 5b 69 51 f2 1c d3 bc 32 68 84 01 38 Aug 26 18:33:37.172284: | 1a 73 51 e1 6c 55 e9 0e 40 b9 18 9d ae 8b 0b d3 Aug 26 18:33:37.172286: | 74 e6 17 9c 88 aa 16 9e e8 29 bd 5a Aug 26 18:33:37.172303: | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) Aug 26 18:33:37.172310: | **parse ISAKMP Message: Aug 26 18:33:37.172313: | initiator cookie: Aug 26 18:33:37.172316: | b4 b9 92 b1 8c d6 51 ed Aug 26 18:33:37.172319: | responder cookie: Aug 26 18:33:37.172321: | 11 de db 08 7f 65 6e 7d Aug 26 18:33:37.172324: | next payload type: ISAKMP_NEXT_HASH (0x8) Aug 26 18:33:37.172327: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 18:33:37.172330: | exchange type: ISAKMP_XCHG_QUICK (0x20) Aug 26 18:33:37.172334: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 18:33:37.172338: | Message ID: 1310184578 (0x4e17d482) Aug 26 18:33:37.172341: | length: 476 (0x1dc) Aug 26 18:33:37.172344: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32) Aug 26 18:33:37.172349: | State DB: IKEv1 state not found (find_state_ikev1) Aug 26 18:33:37.172353: | State DB: found IKEv1 state #1 in MAIN_R3 (find_state_ikev1) Aug 26 18:33:37.172360: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in process_v1_packet() at ikev1.c:1607) Aug 26 18:33:37.172389: | #1 is idle Aug 26 18:33:37.172393: | #1 idle Aug 26 18:33:37.172398: | received encrypted packet from 192.1.3.33:500 Aug 26 18:33:37.172423: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x502 opt: 0x200030 Aug 26 18:33:37.172427: | ***parse ISAKMP Hash Payload: Aug 26 18:33:37.172430: | next payload type: ISAKMP_NEXT_SA (0x1) Aug 26 18:33:37.172433: | length: 36 (0x24) Aug 26 18:33:37.172437: | got payload 0x2 (ISAKMP_NEXT_SA) needed: 0x402 opt: 0x200030 Aug 26 18:33:37.172440: | ***parse ISAKMP Security Association Payload: Aug 26 18:33:37.172443: | next payload type: ISAKMP_NEXT_NONCE (0xa) Aug 26 18:33:37.172446: | length: 84 (0x54) Aug 26 18:33:37.172449: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 18:33:37.172452: | got payload 0x400 (ISAKMP_NEXT_NONCE) needed: 0x400 opt: 0x200030 Aug 26 18:33:37.172456: | ***parse ISAKMP Nonce Payload: Aug 26 18:33:37.172458: | next payload type: ISAKMP_NEXT_KE (0x4) Aug 26 18:33:37.172461: | length: 36 (0x24) Aug 26 18:33:37.172464: | got payload 0x10 (ISAKMP_NEXT_KE) needed: 0x0 opt: 0x200030 Aug 26 18:33:37.172468: | ***parse ISAKMP Key Exchange Payload: Aug 26 18:33:37.172471: | next payload type: ISAKMP_NEXT_ID (0x5) Aug 26 18:33:37.172474: | length: 260 (0x104) Aug 26 18:33:37.172477: | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030 Aug 26 18:33:37.172480: | ***parse ISAKMP Identification Payload (IPsec DOI): Aug 26 18:33:37.172483: | next payload type: ISAKMP_NEXT_ID (0x5) Aug 26 18:33:37.172486: | length: 16 (0x10) Aug 26 18:33:37.172493: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Aug 26 18:33:37.172496: | Protocol ID: 0 (0x0) Aug 26 18:33:37.172499: | port: 0 (0x0) Aug 26 18:33:37.172502: | obj: c0 00 03 00 ff ff ff 00 Aug 26 18:33:37.172506: | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030 Aug 26 18:33:37.172509: | ***parse ISAKMP Identification Payload (IPsec DOI): Aug 26 18:33:37.172512: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:33:37.172514: | length: 16 (0x10) Aug 26 18:33:37.172518: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Aug 26 18:33:37.172521: | Protocol ID: 0 (0x0) Aug 26 18:33:37.172523: | port: 0 (0x0) Aug 26 18:33:37.172526: | obj: c0 00 02 00 ff ff ff 00 Aug 26 18:33:37.172565: | quick_inI1_outR1 HASH(1): Aug 26 18:33:37.172570: | 2f d1 ef 83 70 0f 8c 56 a3 f5 3c 3a 4f 15 f8 d7 Aug 26 18:33:37.172573: | 7e 30 74 fb e2 35 84 27 27 9e 1f db 69 c3 01 84 Aug 26 18:33:37.172576: | received 'quick_inI1_outR1' message HASH(1) data ok Aug 26 18:33:37.172582: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address Aug 26 18:33:37.172586: | ID address c0 00 03 00 Aug 26 18:33:37.172589: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID mask Aug 26 18:33:37.172592: | ID mask ff ff ff 00 Aug 26 18:33:37.172597: | peer client is subnet 192.0.3.0/24 Aug 26 18:33:37.172601: | peer client protocol/port is 0/0 Aug 26 18:33:37.172604: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address Aug 26 18:33:37.172607: | ID address c0 00 02 00 Aug 26 18:33:37.172610: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID mask Aug 26 18:33:37.172613: | ID mask ff ff ff 00 Aug 26 18:33:37.172618: | our client is subnet 192.0.2.0/24 Aug 26 18:33:37.172621: | our client protocol/port is 0/0 Aug 26 18:33:37.172628: "northnet-eastnets/0x2" #1: the peer proposed: 192.0.2.0/24:0/0 -> 192.0.3.0/24:0/0 Aug 26 18:33:37.172634: | find_client_connection starting with northnet-eastnets/0x2 Aug 26 18:33:37.172637: | looking for 192.0.2.0/24:0/0 -> 192.0.3.0/24:0/0 Aug 26 18:33:37.172642: | concrete checking against sr#0 192.0.22.0/24 -> 192.0.3.0/24 Aug 26 18:33:37.172659: | match_id a=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org Aug 26 18:33:37.172663: | b=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org Aug 26 18:33:37.172666: | results matched Aug 26 18:33:37.172673: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:33:37.172679: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:33:37.172686: | fc_try trying northnet-eastnets/0x2:192.0.2.0/24:0/0 -> 192.0.3.0/24:0/0 vs northnet-eastnets/0x2:192.0.22.0/24:0/0 -> 192.0.3.0/24:0/0 Aug 26 18:33:37.172691: | our client (192.0.22.0/24) not in our_net (192.0.2.0/24) Aug 26 18:33:37.172702: | match_id a=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org Aug 26 18:33:37.172706: | b=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org Aug 26 18:33:37.172709: | results matched Aug 26 18:33:37.172715: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:33:37.172721: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:33:37.172727: | fc_try trying northnet-eastnets/0x2:192.0.2.0/24:0/0 -> 192.0.3.0/24:0/0 vs northnet-eastnets/0x1:192.0.2.0/24:0/0 -> 192.0.3.0/24:0/0 Aug 26 18:33:37.172732: | fc_try concluding with northnet-eastnets/0x1 [256] Aug 26 18:33:37.172734: | fc_try northnet-eastnets/0x2 gives northnet-eastnets/0x1 Aug 26 18:33:37.172735: | concluding with d = northnet-eastnets/0x1 Aug 26 18:33:37.172738: | using connection "northnet-eastnets/0x1" Aug 26 18:33:37.172740: | client wildcard: no port wildcard: no virtual: no Aug 26 18:33:37.172744: | creating state object #4 at 0x55e2115841c8 Aug 26 18:33:37.172746: | State DB: adding IKEv1 state #4 in UNDEFINED Aug 26 18:33:37.172753: | pstats #4 ikev1.ipsec started Aug 26 18:33:37.172756: | duplicating state object #1 "northnet-eastnets/0x2" as #4 for IPSEC SA Aug 26 18:33:37.172759: | #4 setting local endpoint to 192.1.2.23:500 from #1.st_localport (in duplicate_state() at state.c:1484) Aug 26 18:33:37.172766: | in connection_discard for connection northnet-eastnets/0x2 Aug 26 18:33:37.172770: | start processing: connection "northnet-eastnets/0x1" (BACKGROUND) (in quick_inI1_outR1_tail() at ikev1_quick.c:1286) Aug 26 18:33:37.172774: | suspend processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in quick_inI1_outR1_tail() at ikev1_quick.c:1295) Aug 26 18:33:37.172777: | start processing: state #4 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in quick_inI1_outR1_tail() at ikev1_quick.c:1295) Aug 26 18:33:37.172779: | child state #4: UNDEFINED(ignore) => QUICK_R0(established CHILD SA) Aug 26 18:33:37.172782: | ****parse IPsec DOI SIT: Aug 26 18:33:37.172784: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) Aug 26 18:33:37.172786: | ****parse ISAKMP Proposal Payload: Aug 26 18:33:37.172788: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:33:37.172790: | length: 72 (0x48) Aug 26 18:33:37.172791: | proposal number: 0 (0x0) Aug 26 18:33:37.172793: | protocol ID: PROTO_IPSEC_ESP (0x3) Aug 26 18:33:37.172795: | SPI size: 4 (0x4) Aug 26 18:33:37.172797: | number of transforms: 2 (0x2) Aug 26 18:33:37.172799: | parsing 4 raw bytes of ISAKMP Proposal Payload into SPI Aug 26 18:33:37.172800: | SPI 1c 27 63 40 Aug 26 18:33:37.172803: | *****parse ISAKMP Transform Payload (ESP): Aug 26 18:33:37.172805: | next payload type: ISAKMP_NEXT_T (0x3) Aug 26 18:33:37.172806: | length: 32 (0x20) Aug 26 18:33:37.172808: | ESP transform number: 0 (0x0) Aug 26 18:33:37.172810: | ESP transform ID: ESP_AES (0xc) Aug 26 18:33:37.172812: | ******parse ISAKMP IPsec DOI attribute: Aug 26 18:33:37.172814: | af+type: AF+GROUP_DESCRIPTION (0x8003) Aug 26 18:33:37.172816: | length/value: 14 (0xe) Aug 26 18:33:37.172818: | [14 is OAKLEY_GROUP_MODP2048] Aug 26 18:33:37.172820: | ******parse ISAKMP IPsec DOI attribute: Aug 26 18:33:37.172822: | af+type: AF+ENCAPSULATION_MODE (0x8004) Aug 26 18:33:37.172824: | length/value: 1 (0x1) Aug 26 18:33:37.172826: | [1 is ENCAPSULATION_MODE_TUNNEL] Aug 26 18:33:37.172828: | NAT-T non-encap: Installing IPsec SA without ENCAP, st->hidden_variables.st_nat_traversal is none Aug 26 18:33:37.172830: | ******parse ISAKMP IPsec DOI attribute: Aug 26 18:33:37.172831: | af+type: AF+SA_LIFE_TYPE (0x8001) Aug 26 18:33:37.172833: | length/value: 1 (0x1) Aug 26 18:33:37.172835: | [1 is SA_LIFE_TYPE_SECONDS] Aug 26 18:33:37.172836: | ******parse ISAKMP IPsec DOI attribute: Aug 26 18:33:37.172838: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) Aug 26 18:33:37.172840: | length/value: 28800 (0x7080) Aug 26 18:33:37.172842: | ******parse ISAKMP IPsec DOI attribute: Aug 26 18:33:37.172844: | af+type: AF+AUTH_ALGORITHM (0x8005) Aug 26 18:33:37.172845: | length/value: 2 (0x2) Aug 26 18:33:37.172847: | [2 is AUTH_ALGORITHM_HMAC_SHA1] Aug 26 18:33:37.172849: | ******parse ISAKMP IPsec DOI attribute: Aug 26 18:33:37.172851: | af+type: AF+KEY_LENGTH (0x8006) Aug 26 18:33:37.172853: | length/value: 128 (0x80) Aug 26 18:33:37.172855: | ESP IPsec Transform verified unconditionally; no alg_info to check against Aug 26 18:33:37.172860: | adding quick_outI1 KE work-order 7 for state #4 Aug 26 18:33:37.172863: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f4990004218 Aug 26 18:33:37.172867: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #4 Aug 26 18:33:37.172870: | libevent_malloc: new ptr-libevent@0x55e211581528 size 128 Aug 26 18:33:37.172877: | complete v1 state transition with STF_SUSPEND Aug 26 18:33:37.172881: | [RE]START processing: state #4 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in complete_v1_state_transition() at ikev1.c:2648) Aug 26 18:33:37.172883: | suspending state #4 and saving MD Aug 26 18:33:37.172885: | #4 is busy; has a suspended MD Aug 26 18:33:37.172889: | #1 spent 0.307 milliseconds in process_packet_tail() Aug 26 18:33:37.172892: | stop processing: from 192.1.3.33:500 (BACKGROUND) (in process_md() at demux.c:380) Aug 26 18:33:37.172895: | stop processing: state #4 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in process_md() at demux.c:382) Aug 26 18:33:37.172898: | resume processing: connection "northnet-eastnets/0x1" (in process_md() at demux.c:382) Aug 26 18:33:37.172900: | stop processing: connection "northnet-eastnets/0x1" (in process_md() at demux.c:383) Aug 26 18:33:37.172903: | spent 0.707 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:33:37.172917: | crypto helper 5 resuming Aug 26 18:33:37.172928: | crypto helper 5 starting work-order 7 for state #4 Aug 26 18:33:37.172932: | crypto helper 5 doing build KE and nonce (quick_outI1 KE); request ID 7 Aug 26 18:33:37.173670: | crypto helper 5 finished build KE and nonce (quick_outI1 KE); request ID 7 time elapsed 0.000738 seconds Aug 26 18:33:37.173682: | (#4) spent 0.746 milliseconds in crypto helper computing work-order 7: quick_outI1 KE (pcr) Aug 26 18:33:37.173685: | crypto helper 5 sending results from work-order 7 for state #4 to event queue Aug 26 18:33:37.173687: | scheduling resume sending helper answer for #4 Aug 26 18:33:37.173690: | libevent_malloc: new ptr-libevent@0x7f498c002888 size 128 Aug 26 18:33:37.173698: | crypto helper 5 waiting (nothing to do) Aug 26 18:33:37.173742: | processing resume sending helper answer for #4 Aug 26 18:33:37.173752: | start processing: state #4 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in resume_handler() at server.c:797) Aug 26 18:33:37.173756: | crypto helper 5 replies to request ID 7 Aug 26 18:33:37.173758: | calling continuation function 0x55e21030cb50 Aug 26 18:33:37.173760: | quick_inI1_outR1_cryptocontinue1 for #4: calculated ke+nonce, calculating DH Aug 26 18:33:37.173769: | started looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org of kind PKK_PSK Aug 26 18:33:37.173774: | actually looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org of kind PKK_PSK Aug 26 18:33:37.173781: | line 0: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org) to type PKK_RSA Aug 26 18:33:37.173783: | line 1: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org) to type PKK_RSA Aug 26 18:33:37.173785: | concluding with best_match=000 best=(nil) (lineno=-1) Aug 26 18:33:37.173787: | no PreShared Key Found Aug 26 18:33:37.173790: | adding quick outR1 DH work-order 8 for state #4 Aug 26 18:33:37.173792: | state #4 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 18:33:37.173795: | libevent_free: release ptr-libevent@0x55e211581528 Aug 26 18:33:37.173797: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f4990004218 Aug 26 18:33:37.173799: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f4990004218 Aug 26 18:33:37.173802: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #4 Aug 26 18:33:37.173806: | libevent_malloc: new ptr-libevent@0x55e211581528 size 128 Aug 26 18:33:37.173813: | suspending state #4 and saving MD Aug 26 18:33:37.173815: | #4 is busy; has a suspended MD Aug 26 18:33:37.173818: | resume sending helper answer for #4 suppresed complete_v1_state_transition() and stole MD Aug 26 18:33:37.173822: | #4 spent 0.0655 milliseconds in resume sending helper answer Aug 26 18:33:37.173824: | crypto helper 0 resuming Aug 26 18:33:37.173826: | stop processing: state #4 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in resume_handler() at server.c:833) Aug 26 18:33:37.173840: | crypto helper 0 starting work-order 8 for state #4 Aug 26 18:33:37.173843: | libevent_free: release ptr-libevent@0x7f498c002888 Aug 26 18:33:37.173849: | crypto helper 0 doing compute dh (V1 Phase 2 PFS) (quick outR1 DH); request ID 8 Aug 26 18:33:37.174810: | crypto helper 0 finished compute dh (V1 Phase 2 PFS) (quick outR1 DH); request ID 8 time elapsed 0.000961 seconds Aug 26 18:33:37.174827: | (#4) spent 0.972 milliseconds in crypto helper computing work-order 8: quick outR1 DH (pcr) Aug 26 18:33:37.174832: | crypto helper 0 sending results from work-order 8 for state #4 to event queue Aug 26 18:33:37.174836: | scheduling resume sending helper answer for #4 Aug 26 18:33:37.174840: | libevent_malloc: new ptr-libevent@0x7f49a00027d8 size 128 Aug 26 18:33:37.174849: | crypto helper 0 waiting (nothing to do) Aug 26 18:33:37.174858: | processing resume sending helper answer for #4 Aug 26 18:33:37.174869: | start processing: state #4 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in resume_handler() at server.c:797) Aug 26 18:33:37.174875: | crypto helper 0 replies to request ID 8 Aug 26 18:33:37.174878: | calling continuation function 0x55e21030cb50 Aug 26 18:33:37.174881: | quick_inI1_outR1_cryptocontinue2 for #4: calculated DH, sending R1 Aug 26 18:33:37.174909: | **emit ISAKMP Message: Aug 26 18:33:37.174913: | initiator cookie: Aug 26 18:33:37.174916: | b4 b9 92 b1 8c d6 51 ed Aug 26 18:33:37.174919: | responder cookie: Aug 26 18:33:37.174922: | 11 de db 08 7f 65 6e 7d Aug 26 18:33:37.174925: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:33:37.174928: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 18:33:37.174930: | exchange type: ISAKMP_XCHG_QUICK (0x20) Aug 26 18:33:37.174932: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 18:33:37.174934: | Message ID: 1310184578 (0x4e17d482) Aug 26 18:33:37.174936: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:33:37.174939: | ***emit ISAKMP Hash Payload: Aug 26 18:33:37.174941: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:33:37.174943: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Aug 26 18:33:37.174945: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'reply packet' Aug 26 18:33:37.174948: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Aug 26 18:33:37.174950: | emitting length of ISAKMP Hash Payload: 36 Aug 26 18:33:37.174952: | ***emit ISAKMP Security Association Payload: Aug 26 18:33:37.174953: | next payload type: ISAKMP_NEXT_NONCE (0xa) Aug 26 18:33:37.174955: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 18:33:37.174957: | next payload chain: ignoring supplied 'ISAKMP Security Association Payload'.'next payload type' value 10:ISAKMP_NEXT_NONCE Aug 26 18:33:37.174960: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Security Association Payload (1:ISAKMP_NEXT_SA) Aug 26 18:33:37.174962: | next payload chain: saving location 'ISAKMP Security Association Payload'.'next payload type' in 'reply packet' Aug 26 18:33:37.174964: | ****parse IPsec DOI SIT: Aug 26 18:33:37.174966: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) Aug 26 18:33:37.174968: | ****parse ISAKMP Proposal Payload: Aug 26 18:33:37.174970: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:33:37.174974: | length: 72 (0x48) Aug 26 18:33:37.174976: | proposal number: 0 (0x0) Aug 26 18:33:37.174978: | protocol ID: PROTO_IPSEC_ESP (0x3) Aug 26 18:33:37.174980: | SPI size: 4 (0x4) Aug 26 18:33:37.174981: | number of transforms: 2 (0x2) Aug 26 18:33:37.174983: | parsing 4 raw bytes of ISAKMP Proposal Payload into SPI Aug 26 18:33:37.174985: | SPI 1c 27 63 40 Aug 26 18:33:37.174987: | *****parse ISAKMP Transform Payload (ESP): Aug 26 18:33:37.174989: | next payload type: ISAKMP_NEXT_T (0x3) Aug 26 18:33:37.174991: | length: 32 (0x20) Aug 26 18:33:37.174993: | ESP transform number: 0 (0x0) Aug 26 18:33:37.174994: | ESP transform ID: ESP_AES (0xc) Aug 26 18:33:37.174997: | ******parse ISAKMP IPsec DOI attribute: Aug 26 18:33:37.174999: | af+type: AF+GROUP_DESCRIPTION (0x8003) Aug 26 18:33:37.175000: | length/value: 14 (0xe) Aug 26 18:33:37.175002: | [14 is OAKLEY_GROUP_MODP2048] Aug 26 18:33:37.175004: | ******parse ISAKMP IPsec DOI attribute: Aug 26 18:33:37.175006: | af+type: AF+ENCAPSULATION_MODE (0x8004) Aug 26 18:33:37.175008: | length/value: 1 (0x1) Aug 26 18:33:37.175010: | [1 is ENCAPSULATION_MODE_TUNNEL] Aug 26 18:33:37.175012: | NAT-T non-encap: Installing IPsec SA without ENCAP, st->hidden_variables.st_nat_traversal is none Aug 26 18:33:37.175014: | ******parse ISAKMP IPsec DOI attribute: Aug 26 18:33:37.175015: | af+type: AF+SA_LIFE_TYPE (0x8001) Aug 26 18:33:37.175017: | length/value: 1 (0x1) Aug 26 18:33:37.175019: | [1 is SA_LIFE_TYPE_SECONDS] Aug 26 18:33:37.175020: | ******parse ISAKMP IPsec DOI attribute: Aug 26 18:33:37.175022: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) Aug 26 18:33:37.175024: | length/value: 28800 (0x7080) Aug 26 18:33:37.175026: | ******parse ISAKMP IPsec DOI attribute: Aug 26 18:33:37.175028: | af+type: AF+AUTH_ALGORITHM (0x8005) Aug 26 18:33:37.175030: | length/value: 2 (0x2) Aug 26 18:33:37.175031: | [2 is AUTH_ALGORITHM_HMAC_SHA1] Aug 26 18:33:37.175033: | ******parse ISAKMP IPsec DOI attribute: Aug 26 18:33:37.175035: | af+type: AF+KEY_LENGTH (0x8006) Aug 26 18:33:37.175037: | length/value: 128 (0x80) Aug 26 18:33:37.175039: | ESP IPsec Transform verified unconditionally; no alg_info to check against Aug 26 18:33:37.175041: | ****emit IPsec DOI SIT: Aug 26 18:33:37.175043: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) Aug 26 18:33:37.175044: | ****emit ISAKMP Proposal Payload: Aug 26 18:33:37.175046: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:33:37.175048: | proposal number: 0 (0x0) Aug 26 18:33:37.175050: | protocol ID: PROTO_IPSEC_ESP (0x3) Aug 26 18:33:37.175051: | SPI size: 4 (0x4) Aug 26 18:33:37.175053: | number of transforms: 1 (0x1) Aug 26 18:33:37.175055: | last substructure: saving location 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' Aug 26 18:33:37.175077: | netlink_get_spi: allocated 0xe0d54674 for esp.0@192.1.2.23 Aug 26 18:33:37.175080: | emitting 4 raw bytes of SPI into ISAKMP Proposal Payload Aug 26 18:33:37.175081: | SPI e0 d5 46 74 Aug 26 18:33:37.175083: | *****emit ISAKMP Transform Payload (ESP): Aug 26 18:33:37.175085: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:33:37.175087: | ESP transform number: 0 (0x0) Aug 26 18:33:37.175088: | ESP transform ID: ESP_AES (0xc) Aug 26 18:33:37.175090: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' Aug 26 18:33:37.175093: | emitting 24 raw bytes of attributes into ISAKMP Transform Payload (ESP) Aug 26 18:33:37.175095: | attributes 80 03 00 0e 80 04 00 01 80 01 00 01 80 02 70 80 Aug 26 18:33:37.175096: | attributes 80 05 00 02 80 06 00 80 Aug 26 18:33:37.175098: | emitting length of ISAKMP Transform Payload (ESP): 32 Aug 26 18:33:37.175100: | emitting length of ISAKMP Proposal Payload: 44 Aug 26 18:33:37.175102: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' is 0 Aug 26 18:33:37.175105: | emitting length of ISAKMP Security Association Payload: 56 Aug 26 18:33:37.175107: | last substructure: checking 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' is 0 Aug 26 18:33:37.175111: "northnet-eastnets/0x1" #4: responding to Quick Mode proposal {msgid:4e17d482} Aug 26 18:33:37.175120: "northnet-eastnets/0x1" #4: us: 192.0.2.0/24===192.1.2.23<192.1.2.23>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org] Aug 26 18:33:37.175126: "northnet-eastnets/0x1" #4: them: 192.1.3.33<192.1.3.33>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org]===192.0.3.0/24 Aug 26 18:33:37.175128: | ***emit ISAKMP Nonce Payload: Aug 26 18:33:37.175130: | next payload type: ISAKMP_NEXT_KE (0x4) Aug 26 18:33:37.175132: | next payload chain: ignoring supplied 'ISAKMP Nonce Payload'.'next payload type' value 4:ISAKMP_NEXT_KE Aug 26 18:33:37.175135: | next payload chain: setting previous 'ISAKMP Security Association Payload'.'next payload type' to current ISAKMP Nonce Payload (10:ISAKMP_NEXT_NONCE) Aug 26 18:33:37.175137: | next payload chain: saving location 'ISAKMP Nonce Payload'.'next payload type' in 'reply packet' Aug 26 18:33:37.175139: | emitting 32 raw bytes of Nr into ISAKMP Nonce Payload Aug 26 18:33:37.175140: | Nr 0e 84 f5 ff d2 70 ec 7f fd 2b fa 3e c3 65 43 a4 Aug 26 18:33:37.175142: | Nr c7 be 16 75 31 06 be aa ae 36 c3 33 71 0b 09 4f Aug 26 18:33:37.175144: | emitting length of ISAKMP Nonce Payload: 36 Aug 26 18:33:37.175146: | ***emit ISAKMP Key Exchange Payload: Aug 26 18:33:37.175148: | next payload type: ISAKMP_NEXT_ID (0x5) Aug 26 18:33:37.175150: | next payload chain: ignoring supplied 'ISAKMP Key Exchange Payload'.'next payload type' value 5:ISAKMP_NEXT_ID Aug 26 18:33:37.175152: | next payload chain: setting previous 'ISAKMP Nonce Payload'.'next payload type' to current ISAKMP Key Exchange Payload (4:ISAKMP_NEXT_KE) Aug 26 18:33:37.175154: | next payload chain: saving location 'ISAKMP Key Exchange Payload'.'next payload type' in 'reply packet' Aug 26 18:33:37.175156: | emitting 256 raw bytes of keyex value into ISAKMP Key Exchange Payload Aug 26 18:33:37.175158: | keyex value e0 63 45 7a 56 31 27 1c 42 07 d5 1c 58 a3 89 09 Aug 26 18:33:37.175160: | keyex value c9 8f 72 b0 e0 57 68 48 ea f4 3a 44 e3 da ed f6 Aug 26 18:33:37.175161: | keyex value 72 37 dd 58 bf 0d de e8 65 2c c8 e1 76 d0 50 d5 Aug 26 18:33:37.175163: | keyex value a7 46 cc 89 87 32 e5 a4 d4 9e f2 3f 0e 48 b5 dc Aug 26 18:33:37.175165: | keyex value 4a ef 23 41 ea 49 f7 da 7e df e2 b6 eb 4d aa 43 Aug 26 18:33:37.175166: | keyex value 37 44 3e 31 be 97 c0 05 c8 ea e0 a6 c1 c4 b4 44 Aug 26 18:33:37.175168: | keyex value 34 64 86 31 90 0a 86 8d 45 f1 96 e2 f8 ff 9a 1e Aug 26 18:33:37.175170: | keyex value c3 3d f8 b9 52 7b 09 0c 55 21 c6 a1 70 b0 b1 23 Aug 26 18:33:37.175171: | keyex value 47 12 c0 38 e8 ce 52 5c 43 72 df 89 63 f4 56 25 Aug 26 18:33:37.175173: | keyex value 4e 43 e6 d3 ad a4 4c a5 63 89 ad 58 c5 64 b7 f2 Aug 26 18:33:37.175175: | keyex value 1e 57 ca 1d 87 82 56 bb 0a 09 bc 68 05 17 b4 29 Aug 26 18:33:37.175176: | keyex value ef f5 7a 71 14 13 b4 2c 8d ee 17 b4 67 e5 5c e2 Aug 26 18:33:37.175178: | keyex value 10 de c2 f7 37 05 c7 03 a8 36 63 1e 2a 4a d8 a0 Aug 26 18:33:37.175180: | keyex value 0e c4 7c b7 36 18 ab 48 54 64 63 c8 27 11 15 5f Aug 26 18:33:37.175181: | keyex value f7 b0 97 0d 31 1e 93 e0 79 0b 2a 86 67 85 e9 ef Aug 26 18:33:37.175183: | keyex value 22 4f 7d a5 30 b5 bb ba 58 5e fd 24 d8 21 4d 0c Aug 26 18:33:37.175185: | emitting length of ISAKMP Key Exchange Payload: 260 Aug 26 18:33:37.175187: | ***emit ISAKMP Identification Payload (IPsec DOI): Aug 26 18:33:37.175188: | next payload type: ISAKMP_NEXT_ID (0x5) Aug 26 18:33:37.175190: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Aug 26 18:33:37.175192: | Protocol ID: 0 (0x0) Aug 26 18:33:37.175195: | port: 0 (0x0) Aug 26 18:33:37.175197: | next payload chain: ignoring supplied 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' value 5:ISAKMP_NEXT_ID Aug 26 18:33:37.175199: | next payload chain: setting previous 'ISAKMP Key Exchange Payload'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) Aug 26 18:33:37.175201: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' Aug 26 18:33:37.175203: | emitting 8 raw bytes of ID body into ISAKMP Identification Payload (IPsec DOI) Aug 26 18:33:37.175205: | ID body c0 00 03 00 ff ff ff 00 Aug 26 18:33:37.175207: | emitting length of ISAKMP Identification Payload (IPsec DOI): 16 Aug 26 18:33:37.175209: | ***emit ISAKMP Identification Payload (IPsec DOI): Aug 26 18:33:37.175210: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:33:37.175212: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Aug 26 18:33:37.175214: | Protocol ID: 0 (0x0) Aug 26 18:33:37.175215: | port: 0 (0x0) Aug 26 18:33:37.175218: | next payload chain: setting previous 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) Aug 26 18:33:37.175219: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' Aug 26 18:33:37.175221: | emitting 8 raw bytes of ID body into ISAKMP Identification Payload (IPsec DOI) Aug 26 18:33:37.175223: | ID body c0 00 02 00 ff ff ff 00 Aug 26 18:33:37.175225: | emitting length of ISAKMP Identification Payload (IPsec DOI): 16 Aug 26 18:33:37.175251: | quick inR1 outI2 HASH(2): Aug 26 18:33:37.175254: | 79 15 81 fa a5 7f d6 24 2b 47 8a a0 c7 36 c6 07 Aug 26 18:33:37.175256: | 9d a5 d0 cb 2f b8 53 f6 4f bd aa 6e d5 4a b6 f0 Aug 26 18:33:37.175258: | compute_proto_keymat: needed_len (after ESP enc)=16 Aug 26 18:33:37.175259: | compute_proto_keymat: needed_len (after ESP auth)=36 Aug 26 18:33:37.175351: | FOR_EACH_CONNECTION_... in route_owner Aug 26 18:33:37.175359: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Aug 26 18:33:37.175362: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Aug 26 18:33:37.175364: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Aug 26 18:33:37.175366: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Aug 26 18:33:37.175368: | route owner of "northnet-eastnets/0x1" erouted: self Aug 26 18:33:37.175370: | install_inbound_ipsec_sa() checking if we can route Aug 26 18:33:37.175372: | could_route called for northnet-eastnets/0x1 (kind=CK_PERMANENT) Aug 26 18:33:37.175374: | FOR_EACH_CONNECTION_... in route_owner Aug 26 18:33:37.175376: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Aug 26 18:33:37.175378: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Aug 26 18:33:37.175380: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Aug 26 18:33:37.175382: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Aug 26 18:33:37.175384: | route owner of "northnet-eastnets/0x1" erouted: self; eroute owner: self Aug 26 18:33:37.175386: | routing is easy, or has resolvable near-conflict Aug 26 18:33:37.175388: | checking if this is a replacement state Aug 26 18:33:37.175390: | st=0x55e2115841c8 ost=0x55e211579688 st->serialno=#4 ost->serialno=#3 Aug 26 18:33:37.175392: "northnet-eastnets/0x1" #4: keeping refhim=0 during rekey Aug 26 18:33:37.175394: | installing outgoing SA now as refhim=0 Aug 26 18:33:37.175397: | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 Aug 26 18:33:37.175399: | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 Aug 26 18:33:37.175401: | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 Aug 26 18:33:37.175404: | setting IPsec SA replay-window to 32 Aug 26 18:33:37.175407: | NIC esp-hw-offload not for connection 'northnet-eastnets/0x1' not available on interface eth1 Aug 26 18:33:37.175409: | netlink: enabling tunnel mode Aug 26 18:33:37.175413: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 18:33:37.175416: | netlink: esp-hw-offload not set for IPsec SA Aug 26 18:33:37.175485: | netlink response for Add SA esp.1c276340@192.1.3.33 included non-error error Aug 26 18:33:37.175489: | outgoing SA has refhim=0 Aug 26 18:33:37.175491: | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 Aug 26 18:33:37.175493: | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 Aug 26 18:33:37.175495: | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 Aug 26 18:33:37.175498: | setting IPsec SA replay-window to 32 Aug 26 18:33:37.175500: | NIC esp-hw-offload not for connection 'northnet-eastnets/0x1' not available on interface eth1 Aug 26 18:33:37.175502: | netlink: enabling tunnel mode Aug 26 18:33:37.175504: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 18:33:37.175506: | netlink: esp-hw-offload not set for IPsec SA Aug 26 18:33:37.175546: | netlink response for Add SA esp.e0d54674@192.1.2.23 included non-error error Aug 26 18:33:37.175604: | emitting 12 zero bytes of encryption padding into ISAKMP Message Aug 26 18:33:37.175609: | no IKEv1 message padding required Aug 26 18:33:37.175611: | emitting length of ISAKMP Message: 460 Aug 26 18:33:37.175620: | finished processing quick inI1 Aug 26 18:33:37.175622: | complete v1 state transition with STF_OK Aug 26 18:33:37.175626: | [RE]START processing: state #4 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in complete_v1_state_transition() at ikev1.c:2673) Aug 26 18:33:37.175628: | #4 is idle Aug 26 18:33:37.175631: | doing_xauth:no, t_xauth_client_done:no Aug 26 18:33:37.175635: | IKEv1: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1 Aug 26 18:33:37.175639: | child state #4: QUICK_R0(established CHILD SA) => QUICK_R1(established CHILD SA) Aug 26 18:33:37.175643: | event_already_set, deleting event Aug 26 18:33:37.175647: | state #4 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 18:33:37.175652: | libevent_free: release ptr-libevent@0x55e211581528 Aug 26 18:33:37.175656: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f4990004218 Aug 26 18:33:37.175663: | sending reply packet to 192.1.3.33:500 (from 192.1.2.23:500) Aug 26 18:33:37.175671: | sending 460 bytes for STATE_QUICK_R0 through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #4) Aug 26 18:33:37.175680: | b4 b9 92 b1 8c d6 51 ed 11 de db 08 7f 65 6e 7d Aug 26 18:33:37.175684: | 08 10 20 01 4e 17 d4 82 00 00 01 cc a4 66 91 81 Aug 26 18:33:37.175687: | 5e 8e ab 69 f6 d5 d4 26 27 53 3b fc a9 53 20 ab Aug 26 18:33:37.175689: | a0 13 07 af fe 45 e8 3c 6a af a9 ff a4 76 4c a3 Aug 26 18:33:37.175690: | f7 4e c7 b0 9d 93 8e fa 4f 97 8a 19 17 d8 2b ba Aug 26 18:33:37.175692: | 49 1c d9 f3 9d 2d bc 70 88 75 e9 ef 99 3f cc b4 Aug 26 18:33:37.175693: | d7 fc da da fd 17 a9 19 80 ff 8d 04 8c ff 28 d9 Aug 26 18:33:37.175695: | a3 df 21 54 84 a8 f0 19 db 88 7d 45 cb 39 50 6c Aug 26 18:33:37.175697: | 7e aa ef 37 4a 20 6c 34 88 3b b9 46 de 3f c6 08 Aug 26 18:33:37.175698: | 4c 50 db 3f 7e 75 9c 3a fc d7 09 be 25 57 d1 a7 Aug 26 18:33:37.175700: | 1f 8c 62 39 5b c7 2c 8a f5 5c 41 18 c9 4f a9 c2 Aug 26 18:33:37.175702: | e4 84 99 91 4d 81 d8 f0 6d a7 1e 86 07 b7 d8 db Aug 26 18:33:37.175703: | 5b a9 74 3d 0f c2 33 ea 0b 51 ca 0f 4f f6 9a 14 Aug 26 18:33:37.175705: | 25 41 db d4 ed cd 6b 2f 7a 44 d5 4b 89 7e 73 d0 Aug 26 18:33:37.175706: | 40 c9 27 d4 06 c5 50 51 83 12 6b cc f6 a0 54 40 Aug 26 18:33:37.175708: | d3 59 de 69 48 8b 2e fa 74 5c 3a de f5 2d 4e 10 Aug 26 18:33:37.175710: | fc 9b 5e cf c8 f5 22 5b 9e da 7e 5b a0 07 d6 b8 Aug 26 18:33:37.175711: | 98 79 98 59 ad e6 a4 1b dd 06 c2 10 79 2e 78 4e Aug 26 18:33:37.175713: | ee cd 04 a1 1b c4 59 5d c8 ba d2 64 a3 f8 b1 49 Aug 26 18:33:37.175714: | 26 63 88 a4 8b f4 e5 80 6e a2 fb f9 00 a7 5b 40 Aug 26 18:33:37.175716: | 54 de d2 d1 f6 ce 83 38 06 bb 73 5b 8a 0b 29 58 Aug 26 18:33:37.175720: | 41 4a 14 bf 02 c5 d9 43 ca b2 41 1e 4d b2 97 9c Aug 26 18:33:37.175721: | c0 74 74 1e f3 a5 db cd d8 42 ee f9 29 8d 93 25 Aug 26 18:33:37.175723: | 2f 43 9b 5b a7 9c 14 c7 7f 34 65 85 8b 9e 8a 98 Aug 26 18:33:37.175725: | 01 04 c7 2f 45 55 7e 0b da 90 65 0e 8d 55 e9 fb Aug 26 18:33:37.175726: | e3 81 50 1f 68 83 7c 3c 5c ed 0c be ec 9d 1b fc Aug 26 18:33:37.175728: | 32 a2 69 b3 e9 1e 08 b6 2a ef a7 65 be fe 01 2a Aug 26 18:33:37.175730: | 43 c1 71 f3 b6 ad 2e c0 9a fd 67 70 b9 d7 8b 10 Aug 26 18:33:37.175731: | fa fb 07 11 65 22 34 cc e4 60 95 d6 Aug 26 18:33:37.175777: | !event_already_set at reschedule Aug 26 18:33:37.175782: | event_schedule: new EVENT_RETRANSMIT-pe@0x7f4990004218 Aug 26 18:33:37.175785: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #4 Aug 26 18:33:37.175787: | libevent_malloc: new ptr-libevent@0x7f498c002888 size 128 Aug 26 18:33:37.175791: | #4 STATE_QUICK_R1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 29702.918248 Aug 26 18:33:37.175793: | pstats #4 ikev1.ipsec established Aug 26 18:33:37.175796: | NAT-T: encaps is 'auto' Aug 26 18:33:37.175799: "northnet-eastnets/0x1" #4: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2 tunnel mode {ESP=>0x1c276340 <0xe0d54674 xfrm=AES_CBC_128-HMAC_SHA1_96 NATOA=none NATD=none DPD=passive} Aug 26 18:33:37.175802: | modecfg pull: noquirk policy:push not-client Aug 26 18:33:37.175804: | phase 1 is done, looking for phase 2 to unpend Aug 26 18:33:37.175806: | resume sending helper answer for #4 suppresed complete_v1_state_transition() Aug 26 18:33:37.175811: | #4 spent 0.905 milliseconds in resume sending helper answer Aug 26 18:33:37.175815: | stop processing: state #4 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in resume_handler() at server.c:833) Aug 26 18:33:37.175817: | libevent_free: release ptr-libevent@0x7f49a00027d8 Aug 26 18:33:37.188902: | spent 0.00273 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:33:37.188930: | *received 76 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) Aug 26 18:33:37.188934: | b4 b9 92 b1 8c d6 51 ed 11 de db 08 7f 65 6e 7d Aug 26 18:33:37.188937: | 08 10 20 01 4e 17 d4 82 00 00 00 4c 2f af 4e 48 Aug 26 18:33:37.188940: | 09 bf c7 bf 19 30 50 07 4d a5 70 09 62 af af c1 Aug 26 18:33:37.188942: | 1b 53 4a e5 e1 aa 5d 28 1e 28 3b 14 ae 67 52 21 Aug 26 18:33:37.188945: | ee 5a 47 21 67 9e e9 6f 29 6d 85 82 Aug 26 18:33:37.188950: | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) Aug 26 18:33:37.188955: | **parse ISAKMP Message: Aug 26 18:33:37.188958: | initiator cookie: Aug 26 18:33:37.188961: | b4 b9 92 b1 8c d6 51 ed Aug 26 18:33:37.188963: | responder cookie: Aug 26 18:33:37.188966: | 11 de db 08 7f 65 6e 7d Aug 26 18:33:37.188969: | next payload type: ISAKMP_NEXT_HASH (0x8) Aug 26 18:33:37.188972: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 18:33:37.188974: | exchange type: ISAKMP_XCHG_QUICK (0x20) Aug 26 18:33:37.188977: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 18:33:37.188979: | Message ID: 1310184578 (0x4e17d482) Aug 26 18:33:37.188982: | length: 76 (0x4c) Aug 26 18:33:37.188985: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32) Aug 26 18:33:37.188989: | State DB: found IKEv1 state #4 in QUICK_R1 (find_state_ikev1) Aug 26 18:33:37.188995: | start processing: state #4 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in process_v1_packet() at ikev1.c:1633) Aug 26 18:33:37.188998: | #4 is idle Aug 26 18:33:37.189000: | #4 idle Aug 26 18:33:37.189004: | received encrypted packet from 192.1.3.33:500 Aug 26 18:33:37.189021: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x100 opt: 0x0 Aug 26 18:33:37.189025: | ***parse ISAKMP Hash Payload: Aug 26 18:33:37.189028: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:33:37.189030: | length: 36 (0x24) Aug 26 18:33:37.189033: | removing 12 bytes of padding Aug 26 18:33:37.189069: | quick_inI2 HASH(3): Aug 26 18:33:37.189074: | 35 ed 92 8d f9 fd b9 fb ca 33 73 6a 29 b1 c1 d5 Aug 26 18:33:37.189077: | a5 a1 7d 84 ba 2b c2 27 bf 46 46 d5 06 99 53 65 Aug 26 18:33:37.189080: | received 'quick_inI2' message HASH(3) data ok Aug 26 18:33:37.189085: | install_ipsec_sa() for #4: outbound only Aug 26 18:33:37.189088: | could_route called for northnet-eastnets/0x1 (kind=CK_PERMANENT) Aug 26 18:33:37.189091: | FOR_EACH_CONNECTION_... in route_owner Aug 26 18:33:37.189094: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Aug 26 18:33:37.189098: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Aug 26 18:33:37.189102: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Aug 26 18:33:37.189105: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Aug 26 18:33:37.189110: | route owner of "northnet-eastnets/0x1" erouted: self; eroute owner: self Aug 26 18:33:37.189113: | sr for #4: erouted Aug 26 18:33:37.189117: | route_and_eroute() for proto 0, and source port 0 dest port 0 Aug 26 18:33:37.189120: | FOR_EACH_CONNECTION_... in route_owner Aug 26 18:33:37.189123: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Aug 26 18:33:37.189127: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Aug 26 18:33:37.189130: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Aug 26 18:33:37.189134: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Aug 26 18:33:37.189138: | route owner of "northnet-eastnets/0x1" erouted: self; eroute owner: self Aug 26 18:33:37.189142: | route_and_eroute with c: northnet-eastnets/0x1 (next: none) ero:northnet-eastnets/0x1 esr:{(nil)} ro:northnet-eastnets/0x1 rosr:{(nil)} and state: #4 Aug 26 18:33:37.189146: | priority calculation of connection "northnet-eastnets/0x1" is 0xfe7e7 Aug 26 18:33:37.189156: | eroute_connection replace eroute 192.0.2.0/24:0 --0-> 192.0.3.0/24:0 => tun.0@192.1.3.33>tun.0@192.1.3.33 (raw_eroute) Aug 26 18:33:37.189160: | IPsec Sa SPD priority set to 1042407 Aug 26 18:33:37.189193: | raw_eroute result=success Aug 26 18:33:37.189197: | route_and_eroute: firewall_notified: true Aug 26 18:33:37.189201: | route_and_eroute: instance "northnet-eastnets/0x1", setting eroute_owner {spd=0x55e21155df58,sr=0x55e21155df58} to #4 (was #3) (newest_ipsec_sa=#3) Aug 26 18:33:37.189206: | #1 spent 0.12 milliseconds in install_ipsec_sa() Aug 26 18:33:37.189210: | inI2: instance northnet-eastnets/0x1[0], setting IKEv1 newest_ipsec_sa to #4 (was #3) (spd.eroute=#4) cloned from #1 Aug 26 18:33:37.189213: | DPD: dpd_init() called on IPsec SA Aug 26 18:33:37.189215: | DPD: Peer does not support Dead Peer Detection Aug 26 18:33:37.189218: | complete v1 state transition with STF_OK Aug 26 18:33:37.189223: | [RE]START processing: state #4 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in complete_v1_state_transition() at ikev1.c:2673) Aug 26 18:33:37.189226: | #4 is idle Aug 26 18:33:37.189228: | doing_xauth:no, t_xauth_client_done:no Aug 26 18:33:37.189231: | IKEv1: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2 Aug 26 18:33:37.189234: | child state #4: QUICK_R1(established CHILD SA) => QUICK_R2(established CHILD SA) Aug 26 18:33:37.189237: | event_already_set, deleting event Aug 26 18:33:37.189241: | state #4 requesting EVENT_RETRANSMIT to be deleted Aug 26 18:33:37.189243: | #4 STATE_QUICK_R2: retransmits: cleared Aug 26 18:33:37.189247: | libevent_free: release ptr-libevent@0x7f498c002888 Aug 26 18:33:37.189251: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f4990004218 Aug 26 18:33:37.189254: | !event_already_set at reschedule Aug 26 18:33:37.189258: | event_schedule: new EVENT_SA_REPLACE-pe@0x7f4990004218 Aug 26 18:33:37.189263: | inserting event EVENT_SA_REPLACE, timeout in 28530 seconds for #4 Aug 26 18:33:37.189267: | libevent_malloc: new ptr-libevent@0x7f49a00027d8 size 128 Aug 26 18:33:37.189271: | pstats #4 ikev1.ipsec established Aug 26 18:33:37.189275: | NAT-T: encaps is 'auto' Aug 26 18:33:37.189280: "northnet-eastnets/0x1" #4: STATE_QUICK_R2: IPsec SA established tunnel mode {ESP=>0x1c276340 <0xe0d54674 xfrm=AES_CBC_128-HMAC_SHA1_96 NATOA=none NATD=none DPD=passive} Aug 26 18:33:37.189287: | modecfg pull: noquirk policy:push not-client Aug 26 18:33:37.189297: | phase 1 is done, looking for phase 2 to unpend Aug 26 18:33:37.189303: | #4 spent 0.214 milliseconds in process_packet_tail() Aug 26 18:33:37.189309: | stop processing: from 192.1.3.33:500 (BACKGROUND) (in process_md() at demux.c:380) Aug 26 18:33:37.189315: | stop processing: state #4 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in process_md() at demux.c:382) Aug 26 18:33:37.189318: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 18:33:37.189322: | spent 0.402 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:33:39.421611: | spent 0.00348 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:33:39.421637: | *received 476 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) Aug 26 18:33:39.421641: | b4 b9 92 b1 8c d6 51 ed 11 de db 08 7f 65 6e 7d Aug 26 18:33:39.421643: | 08 10 20 01 b6 39 03 a6 00 00 01 dc 54 ea 7c 43 Aug 26 18:33:39.421645: | 1c 97 7f e6 69 37 b5 08 79 79 fc 5f 77 3e a4 6e Aug 26 18:33:39.421647: | a9 ce 78 52 9c 8d 22 6f a7 b9 f0 f4 fa 2e 96 50 Aug 26 18:33:39.421650: | 5b 44 12 c0 cf 98 1b 09 86 21 6a d8 dc af 84 f9 Aug 26 18:33:39.421652: | 0b 00 e6 c1 30 f5 48 b8 34 eb 70 09 9d 20 7a a8 Aug 26 18:33:39.421654: | c8 71 39 5a 82 10 df bb 54 cf 90 06 f1 d6 8c dd Aug 26 18:33:39.421656: | ae 5a 47 3a 09 40 f8 56 59 d1 72 bd ec bf 36 61 Aug 26 18:33:39.421658: | d9 d3 9d 05 5e 5e 89 87 aa 38 25 64 b8 b2 d5 57 Aug 26 18:33:39.421660: | 40 31 68 fe 09 1a 92 5d b1 1d a6 0e b5 a5 c7 69 Aug 26 18:33:39.421662: | 1b 80 fa 85 0c e2 1e f4 2c aa 61 ee df 5e d0 23 Aug 26 18:33:39.421664: | db 16 08 4d 6c 57 e7 f3 e3 ee 12 67 c3 65 1c e4 Aug 26 18:33:39.421666: | 17 95 6b 5c 49 a7 af 59 a1 ca 7f 40 e2 7c 7c 6a Aug 26 18:33:39.421668: | af 2d a8 4e af 7e 82 70 58 c8 be 62 70 40 09 f1 Aug 26 18:33:39.421670: | bf a6 a3 53 91 4d 60 fb 52 6f 83 1b c8 ca 95 8d Aug 26 18:33:39.421673: | 31 ab 51 d3 da 0f 7e e5 a3 a2 43 2f 70 40 64 77 Aug 26 18:33:39.421675: | 1b 23 29 ea 31 1e 9e 8f 84 47 50 43 b0 15 10 54 Aug 26 18:33:39.421677: | 99 74 78 97 39 37 ec 1a 5f 89 ef c3 5d 06 02 4b Aug 26 18:33:39.421679: | 9c 04 7f ab 23 1c 61 15 9a 3d 07 a4 cb 61 f9 33 Aug 26 18:33:39.421681: | 83 a9 81 d9 c9 e1 75 05 e5 af 86 50 d5 8f 3a fd Aug 26 18:33:39.421683: | b6 92 2e a3 86 a5 36 7b cc 81 89 1b cc 34 06 0b Aug 26 18:33:39.421685: | db d1 8a 5d f7 20 27 d6 5d 0a de 76 f7 c2 f1 e2 Aug 26 18:33:39.421687: | 0d 5b 6e ba a6 51 5d cb b3 7b 51 38 68 1a 2c 5a Aug 26 18:33:39.421689: | 8c 5a f8 d0 8e 7a 96 cf 3b 27 03 12 11 9c ea f6 Aug 26 18:33:39.421691: | d2 e1 a5 a9 0f e8 a5 e6 cb d6 1e 83 46 49 78 49 Aug 26 18:33:39.421693: | df c0 6f 82 80 91 38 46 15 ce c7 5c ce 3e b3 3b Aug 26 18:33:39.421695: | 56 b8 6b 70 db 53 d8 05 c1 94 bd 48 39 c8 1b 59 Aug 26 18:33:39.421697: | 62 0d 11 84 e2 57 00 bc 3b 9c 3e 4b 86 f6 25 22 Aug 26 18:33:39.421700: | 9f 44 3b a7 0c 6b 5d f0 24 30 01 14 f2 a2 63 8a Aug 26 18:33:39.421702: | f3 39 60 c7 e5 ad 00 bc df a1 b5 34 Aug 26 18:33:39.421706: | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) Aug 26 18:33:39.421710: | **parse ISAKMP Message: Aug 26 18:33:39.421712: | initiator cookie: Aug 26 18:33:39.421714: | b4 b9 92 b1 8c d6 51 ed Aug 26 18:33:39.421717: | responder cookie: Aug 26 18:33:39.421719: | 11 de db 08 7f 65 6e 7d Aug 26 18:33:39.421721: | next payload type: ISAKMP_NEXT_HASH (0x8) Aug 26 18:33:39.421724: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 18:33:39.421726: | exchange type: ISAKMP_XCHG_QUICK (0x20) Aug 26 18:33:39.421729: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 18:33:39.421732: | Message ID: 3057189798 (0xb63903a6) Aug 26 18:33:39.421734: | length: 476 (0x1dc) Aug 26 18:33:39.421740: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32) Aug 26 18:33:39.421744: | State DB: IKEv1 state not found (find_state_ikev1) Aug 26 18:33:39.421747: | State DB: found IKEv1 state #1 in MAIN_R3 (find_state_ikev1) Aug 26 18:33:39.421752: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in process_v1_packet() at ikev1.c:1607) Aug 26 18:33:39.421773: | #1 is idle Aug 26 18:33:39.421776: | #1 idle Aug 26 18:33:39.421780: | received encrypted packet from 192.1.3.33:500 Aug 26 18:33:39.421792: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x502 opt: 0x200030 Aug 26 18:33:39.421795: | ***parse ISAKMP Hash Payload: Aug 26 18:33:39.421797: | next payload type: ISAKMP_NEXT_SA (0x1) Aug 26 18:33:39.421800: | length: 36 (0x24) Aug 26 18:33:39.421802: | got payload 0x2 (ISAKMP_NEXT_SA) needed: 0x402 opt: 0x200030 Aug 26 18:33:39.421805: | ***parse ISAKMP Security Association Payload: Aug 26 18:33:39.421807: | next payload type: ISAKMP_NEXT_NONCE (0xa) Aug 26 18:33:39.421810: | length: 84 (0x54) Aug 26 18:33:39.421812: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 18:33:39.421814: | got payload 0x400 (ISAKMP_NEXT_NONCE) needed: 0x400 opt: 0x200030 Aug 26 18:33:39.421817: | ***parse ISAKMP Nonce Payload: Aug 26 18:33:39.421819: | next payload type: ISAKMP_NEXT_KE (0x4) Aug 26 18:33:39.421821: | length: 36 (0x24) Aug 26 18:33:39.421824: | got payload 0x10 (ISAKMP_NEXT_KE) needed: 0x0 opt: 0x200030 Aug 26 18:33:39.421826: | ***parse ISAKMP Key Exchange Payload: Aug 26 18:33:39.421828: | next payload type: ISAKMP_NEXT_ID (0x5) Aug 26 18:33:39.421831: | length: 260 (0x104) Aug 26 18:33:39.421833: | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030 Aug 26 18:33:39.421836: | ***parse ISAKMP Identification Payload (IPsec DOI): Aug 26 18:33:39.421838: | next payload type: ISAKMP_NEXT_ID (0x5) Aug 26 18:33:39.421840: | length: 16 (0x10) Aug 26 18:33:39.421843: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Aug 26 18:33:39.421845: | Protocol ID: 0 (0x0) Aug 26 18:33:39.421847: | port: 0 (0x0) Aug 26 18:33:39.421849: | obj: c0 00 03 00 ff ff ff 00 Aug 26 18:33:39.421852: | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030 Aug 26 18:33:39.421854: | ***parse ISAKMP Identification Payload (IPsec DOI): Aug 26 18:33:39.421857: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:33:39.421859: | length: 16 (0x10) Aug 26 18:33:39.421861: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Aug 26 18:33:39.421863: | Protocol ID: 0 (0x0) Aug 26 18:33:39.421865: | port: 0 (0x0) Aug 26 18:33:39.421867: | obj: c0 00 16 00 ff ff ff 00 Aug 26 18:33:39.421894: | quick_inI1_outR1 HASH(1): Aug 26 18:33:39.421897: | 2e 10 7d e6 1a 08 c7 a9 e7 ec 72 3d 72 8b e3 0a Aug 26 18:33:39.421899: | 3b 26 23 51 94 25 6e da 22 08 84 eb 36 1e 31 f8 Aug 26 18:33:39.421902: | received 'quick_inI1_outR1' message HASH(1) data ok Aug 26 18:33:39.421906: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address Aug 26 18:33:39.421909: | ID address c0 00 03 00 Aug 26 18:33:39.421912: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID mask Aug 26 18:33:39.421914: | ID mask ff ff ff 00 Aug 26 18:33:39.421918: | peer client is subnet 192.0.3.0/24 Aug 26 18:33:39.421921: | peer client protocol/port is 0/0 Aug 26 18:33:39.421923: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address Aug 26 18:33:39.421925: | ID address c0 00 16 00 Aug 26 18:33:39.421927: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID mask Aug 26 18:33:39.421929: | ID mask ff ff ff 00 Aug 26 18:33:39.421933: | our client is subnet 192.0.22.0/24 Aug 26 18:33:39.421935: | our client protocol/port is 0/0 Aug 26 18:33:39.421939: "northnet-eastnets/0x2" #1: the peer proposed: 192.0.22.0/24:0/0 -> 192.0.3.0/24:0/0 Aug 26 18:33:39.421943: | find_client_connection starting with northnet-eastnets/0x2 Aug 26 18:33:39.421946: | looking for 192.0.22.0/24:0/0 -> 192.0.3.0/24:0/0 Aug 26 18:33:39.421954: | concrete checking against sr#0 192.0.22.0/24 -> 192.0.3.0/24 Aug 26 18:33:39.421960: | client wildcard: no port wildcard: no virtual: no Aug 26 18:33:39.421967: | creating state object #5 at 0x55e21157a178 Aug 26 18:33:39.421971: | State DB: adding IKEv1 state #5 in UNDEFINED Aug 26 18:33:39.421977: | pstats #5 ikev1.ipsec started Aug 26 18:33:39.421981: | duplicating state object #1 "northnet-eastnets/0x2" as #5 for IPSEC SA Aug 26 18:33:39.421988: | #5 setting local endpoint to 192.1.2.23:500 from #1.st_localport (in duplicate_state() at state.c:1484) Aug 26 18:33:39.421998: | suspend processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in quick_inI1_outR1_tail() at ikev1_quick.c:1295) Aug 26 18:33:39.422006: | start processing: state #5 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in quick_inI1_outR1_tail() at ikev1_quick.c:1295) Aug 26 18:33:39.422011: | child state #5: UNDEFINED(ignore) => QUICK_R0(established CHILD SA) Aug 26 18:33:39.422015: | ****parse IPsec DOI SIT: Aug 26 18:33:39.422020: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) Aug 26 18:33:39.422024: | ****parse ISAKMP Proposal Payload: Aug 26 18:33:39.422028: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:33:39.422032: | length: 72 (0x48) Aug 26 18:33:39.422036: | proposal number: 0 (0x0) Aug 26 18:33:39.422040: | protocol ID: PROTO_IPSEC_ESP (0x3) Aug 26 18:33:39.422044: | SPI size: 4 (0x4) Aug 26 18:33:39.422047: | number of transforms: 2 (0x2) Aug 26 18:33:39.422051: | parsing 4 raw bytes of ISAKMP Proposal Payload into SPI Aug 26 18:33:39.422054: | SPI ab e7 ff 90 Aug 26 18:33:39.422060: | *****parse ISAKMP Transform Payload (ESP): Aug 26 18:33:39.422064: | next payload type: ISAKMP_NEXT_T (0x3) Aug 26 18:33:39.422067: | length: 32 (0x20) Aug 26 18:33:39.422071: | ESP transform number: 0 (0x0) Aug 26 18:33:39.422075: | ESP transform ID: ESP_AES (0xc) Aug 26 18:33:39.422080: | ******parse ISAKMP IPsec DOI attribute: Aug 26 18:33:39.422085: | af+type: AF+GROUP_DESCRIPTION (0x8003) Aug 26 18:33:39.422088: | length/value: 14 (0xe) Aug 26 18:33:39.422092: | [14 is OAKLEY_GROUP_MODP2048] Aug 26 18:33:39.422097: | ******parse ISAKMP IPsec DOI attribute: Aug 26 18:33:39.422101: | af+type: AF+ENCAPSULATION_MODE (0x8004) Aug 26 18:33:39.422105: | length/value: 1 (0x1) Aug 26 18:33:39.422108: | [1 is ENCAPSULATION_MODE_TUNNEL] Aug 26 18:33:39.422113: | NAT-T non-encap: Installing IPsec SA without ENCAP, st->hidden_variables.st_nat_traversal is none Aug 26 18:33:39.422117: | ******parse ISAKMP IPsec DOI attribute: Aug 26 18:33:39.422121: | af+type: AF+SA_LIFE_TYPE (0x8001) Aug 26 18:33:39.422125: | length/value: 1 (0x1) Aug 26 18:33:39.422129: | [1 is SA_LIFE_TYPE_SECONDS] Aug 26 18:33:39.422134: | ******parse ISAKMP IPsec DOI attribute: Aug 26 18:33:39.422138: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) Aug 26 18:33:39.422143: | length/value: 28800 (0x7080) Aug 26 18:33:39.422148: | ******parse ISAKMP IPsec DOI attribute: Aug 26 18:33:39.422152: | af+type: AF+AUTH_ALGORITHM (0x8005) Aug 26 18:33:39.422155: | length/value: 2 (0x2) Aug 26 18:33:39.422159: | [2 is AUTH_ALGORITHM_HMAC_SHA1] Aug 26 18:33:39.422163: | ******parse ISAKMP IPsec DOI attribute: Aug 26 18:33:39.422167: | af+type: AF+KEY_LENGTH (0x8006) Aug 26 18:33:39.422170: | length/value: 128 (0x80) Aug 26 18:33:39.422175: | ESP IPsec Transform verified unconditionally; no alg_info to check against Aug 26 18:33:39.422183: | adding quick_outI1 KE work-order 9 for state #5 Aug 26 18:33:39.422188: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f498c002b78 Aug 26 18:33:39.422193: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #5 Aug 26 18:33:39.422198: | libevent_malloc: new ptr-libevent@0x55e21157ecf8 size 128 Aug 26 18:33:39.422210: | complete v1 state transition with STF_SUSPEND Aug 26 18:33:39.422218: | [RE]START processing: state #5 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in complete_v1_state_transition() at ikev1.c:2648) Aug 26 18:33:39.422224: | suspending state #5 and saving MD Aug 26 18:33:39.422228: | #5 is busy; has a suspended MD Aug 26 18:33:39.422235: | #1 spent 0.327 milliseconds in process_packet_tail() Aug 26 18:33:39.422242: | stop processing: from 192.1.3.33:500 (BACKGROUND) (in process_md() at demux.c:380) Aug 26 18:33:39.422248: | stop processing: state #5 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in process_md() at demux.c:382) Aug 26 18:33:39.422251: | crypto helper 1 resuming Aug 26 18:33:39.422253: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 18:33:39.422271: | crypto helper 1 starting work-order 9 for state #5 Aug 26 18:33:39.422281: | spent 0.646 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:33:39.422285: | crypto helper 1 doing build KE and nonce (quick_outI1 KE); request ID 9 Aug 26 18:33:39.422305: | spent 0.00241 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:33:39.422328: | *received 476 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) Aug 26 18:33:39.422334: | b4 b9 92 b1 8c d6 51 ed 11 de db 08 7f 65 6e 7d Aug 26 18:33:39.422337: | 08 10 20 01 78 d8 34 18 00 00 01 dc 00 05 b1 cf Aug 26 18:33:39.422341: | eb ef e6 6d c3 4a 16 06 66 f9 4f f8 43 34 29 3d Aug 26 18:33:39.422344: | ca 06 34 94 ca 10 c3 6f 07 6f 75 8a 79 08 90 26 Aug 26 18:33:39.422348: | bc a3 57 e4 ad b5 fb e1 fb 3c cc 06 d6 d2 1f c4 Aug 26 18:33:39.422351: | ac 43 4b a4 18 cf 9f 14 06 33 55 cd f1 ae 7f 1f Aug 26 18:33:39.422355: | 30 48 6c 80 d8 3b 6b 03 91 f2 13 55 38 79 0e e8 Aug 26 18:33:39.422359: | d0 32 c6 56 75 ce f8 86 eb 24 03 a3 6c 44 02 a1 Aug 26 18:33:39.422362: | 05 ef 7c 86 82 b6 87 e1 9e 36 7d 43 1d b6 0f c9 Aug 26 18:33:39.422366: | 5d ef 73 03 63 5b a6 2d b6 29 9e 39 0d e2 a8 06 Aug 26 18:33:39.422369: | 9b a0 12 04 23 17 96 20 4b 5e 9e 7f ea fa aa 2f Aug 26 18:33:39.422373: | 68 54 d4 72 9c 92 68 ca 33 1a 3b a9 6a 88 92 a5 Aug 26 18:33:39.422376: | 83 b1 e0 ef 71 07 7e f3 9b f8 db 4f 87 4b af b0 Aug 26 18:33:39.422379: | 6c f7 7d f9 32 82 bd be 78 78 4a ac 5e 3e 1e 27 Aug 26 18:33:39.422383: | c2 a4 9b d2 23 63 20 95 8c 83 5e 95 96 15 69 c2 Aug 26 18:33:39.422386: | 88 dc fd e7 8b a4 be b8 9e 49 7b 0a b5 97 25 49 Aug 26 18:33:39.422390: | 04 18 51 00 6b 4d 7f 2d 73 f8 68 5a f9 e2 bb d9 Aug 26 18:33:39.422393: | 73 cf 23 b7 c4 fc af cb 83 ff b7 85 70 39 ab 84 Aug 26 18:33:39.422397: | a1 b5 42 47 b4 ab a2 03 9a dc cd ae 11 0d 20 73 Aug 26 18:33:39.422400: | 63 fa 94 d6 8a 04 dc 2d cb d8 bf b9 81 cb 3e 69 Aug 26 18:33:39.422404: | 4f 93 5c fd f4 b1 39 f4 c3 6a 5a 2b f9 28 8f 14 Aug 26 18:33:39.422408: | 6f bb ac d3 9c b9 55 a1 11 15 e7 85 c0 32 35 ef Aug 26 18:33:39.422411: | 3e f4 3a 46 0a 1f 6f ea 5e bb 65 af bc 84 bf 8b Aug 26 18:33:39.422415: | 19 30 7b 44 7b 85 27 b6 a8 df 82 2a 61 a7 37 f5 Aug 26 18:33:39.422419: | 1c db 52 f2 2e 09 8f f8 a5 f1 c5 80 ed d5 d3 3d Aug 26 18:33:39.422423: | e0 ce a9 a6 1b 5d e2 41 08 ec 9a 97 e7 20 f4 00 Aug 26 18:33:39.422426: | 74 76 1a bf c1 c7 07 33 86 4e cb a4 f5 d5 34 c7 Aug 26 18:33:39.422430: | 33 0a 4b eb f1 25 dd 34 2c c6 b5 99 a5 51 55 fc Aug 26 18:33:39.422434: | 54 cb 9d 3e cc ca 48 80 61 e2 bd 5f 3e 98 44 37 Aug 26 18:33:39.422437: | 6f 66 87 3b cc 1c e2 99 85 ff ec 45 Aug 26 18:33:39.422443: | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) Aug 26 18:33:39.422448: | **parse ISAKMP Message: Aug 26 18:33:39.422452: | initiator cookie: Aug 26 18:33:39.422456: | b4 b9 92 b1 8c d6 51 ed Aug 26 18:33:39.422460: | responder cookie: Aug 26 18:33:39.422463: | 11 de db 08 7f 65 6e 7d Aug 26 18:33:39.422467: | next payload type: ISAKMP_NEXT_HASH (0x8) Aug 26 18:33:39.422471: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 18:33:39.422475: | exchange type: ISAKMP_XCHG_QUICK (0x20) Aug 26 18:33:39.422479: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 18:33:39.422486: | Message ID: 2027435032 (0x78d83418) Aug 26 18:33:39.422490: | length: 476 (0x1dc) Aug 26 18:33:39.422495: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32) Aug 26 18:33:39.422499: | State DB: IKEv1 state not found (find_state_ikev1) Aug 26 18:33:39.422503: | State DB: found IKEv1 state #1 in MAIN_R3 (find_state_ikev1) Aug 26 18:33:39.422510: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in process_v1_packet() at ikev1.c:1607) Aug 26 18:33:39.422524: | #1 is idle Aug 26 18:33:39.422528: | #1 idle Aug 26 18:33:39.422534: | received encrypted packet from 192.1.3.33:500 Aug 26 18:33:39.422545: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x502 opt: 0x200030 Aug 26 18:33:39.422550: | ***parse ISAKMP Hash Payload: Aug 26 18:33:39.422554: | next payload type: ISAKMP_NEXT_SA (0x1) Aug 26 18:33:39.422558: | length: 36 (0x24) Aug 26 18:33:39.422562: | got payload 0x2 (ISAKMP_NEXT_SA) needed: 0x402 opt: 0x200030 Aug 26 18:33:39.422565: | ***parse ISAKMP Security Association Payload: Aug 26 18:33:39.422569: | next payload type: ISAKMP_NEXT_NONCE (0xa) Aug 26 18:33:39.422572: | length: 84 (0x54) Aug 26 18:33:39.422576: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 18:33:39.422580: | got payload 0x400 (ISAKMP_NEXT_NONCE) needed: 0x400 opt: 0x200030 Aug 26 18:33:39.422584: | ***parse ISAKMP Nonce Payload: Aug 26 18:33:39.422588: | next payload type: ISAKMP_NEXT_KE (0x4) Aug 26 18:33:39.422591: | length: 36 (0x24) Aug 26 18:33:39.422595: | got payload 0x10 (ISAKMP_NEXT_KE) needed: 0x0 opt: 0x200030 Aug 26 18:33:39.422599: | ***parse ISAKMP Key Exchange Payload: Aug 26 18:33:39.422603: | next payload type: ISAKMP_NEXT_ID (0x5) Aug 26 18:33:39.422607: | length: 260 (0x104) Aug 26 18:33:39.422611: | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030 Aug 26 18:33:39.422614: | ***parse ISAKMP Identification Payload (IPsec DOI): Aug 26 18:33:39.422618: | next payload type: ISAKMP_NEXT_ID (0x5) Aug 26 18:33:39.422621: | length: 16 (0x10) Aug 26 18:33:39.422625: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Aug 26 18:33:39.422628: | Protocol ID: 0 (0x0) Aug 26 18:33:39.422632: | port: 0 (0x0) Aug 26 18:33:39.422635: | obj: c0 00 03 00 ff ff ff 00 Aug 26 18:33:39.422639: | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030 Aug 26 18:33:39.422642: | ***parse ISAKMP Identification Payload (IPsec DOI): Aug 26 18:33:39.422646: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:33:39.422650: | length: 16 (0x10) Aug 26 18:33:39.422654: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Aug 26 18:33:39.422658: | Protocol ID: 0 (0x0) Aug 26 18:33:39.422661: | port: 0 (0x0) Aug 26 18:33:39.422665: | obj: c0 00 02 00 ff ff ff 00 Aug 26 18:33:39.422695: | quick_inI1_outR1 HASH(1): Aug 26 18:33:39.422700: | 53 b5 21 e5 77 af 9b 1c 06 24 01 3d 4f cc c2 f5 Aug 26 18:33:39.422704: | b1 1e 8c 88 45 77 3a 6a 2d 00 85 10 95 d8 96 89 Aug 26 18:33:39.422708: | received 'quick_inI1_outR1' message HASH(1) data ok Aug 26 18:33:39.422714: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address Aug 26 18:33:39.422718: | ID address c0 00 03 00 Aug 26 18:33:39.422723: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID mask Aug 26 18:33:39.422727: | ID mask ff ff ff 00 Aug 26 18:33:39.422733: | peer client is subnet 192.0.3.0/24 Aug 26 18:33:39.422737: | peer client protocol/port is 0/0 Aug 26 18:33:39.422741: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address Aug 26 18:33:39.422745: | ID address c0 00 02 00 Aug 26 18:33:39.422749: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID mask Aug 26 18:33:39.422753: | ID mask ff ff ff 00 Aug 26 18:33:39.422758: | our client is subnet 192.0.2.0/24 Aug 26 18:33:39.422763: | our client protocol/port is 0/0 Aug 26 18:33:39.422771: "northnet-eastnets/0x2" #1: the peer proposed: 192.0.2.0/24:0/0 -> 192.0.3.0/24:0/0 Aug 26 18:33:39.422781: | find_client_connection starting with northnet-eastnets/0x2 Aug 26 18:33:39.422786: | looking for 192.0.2.0/24:0/0 -> 192.0.3.0/24:0/0 Aug 26 18:33:39.422793: | concrete checking against sr#0 192.0.22.0/24 -> 192.0.3.0/24 Aug 26 18:33:39.422816: | match_id a=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org Aug 26 18:33:39.422822: | b=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org Aug 26 18:33:39.422825: | results matched Aug 26 18:33:39.422836: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:33:39.422845: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:33:39.422855: | fc_try trying northnet-eastnets/0x2:192.0.2.0/24:0/0 -> 192.0.3.0/24:0/0 vs northnet-eastnets/0x2:192.0.22.0/24:0/0 -> 192.0.3.0/24:0/0 Aug 26 18:33:39.422861: | our client (192.0.22.0/24) not in our_net (192.0.2.0/24) Aug 26 18:33:39.422877: | match_id a=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org Aug 26 18:33:39.422883: | b=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org Aug 26 18:33:39.422887: | results matched Aug 26 18:33:39.422895: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:33:39.422905: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:33:39.422914: | fc_try trying northnet-eastnets/0x2:192.0.2.0/24:0/0 -> 192.0.3.0/24:0/0 vs northnet-eastnets/0x1:192.0.2.0/24:0/0 -> 192.0.3.0/24:0/0 Aug 26 18:33:39.422919: | fc_try concluding with northnet-eastnets/0x1 [256] Aug 26 18:33:39.422923: | fc_try northnet-eastnets/0x2 gives northnet-eastnets/0x1 Aug 26 18:33:39.422927: | concluding with d = northnet-eastnets/0x1 Aug 26 18:33:39.422931: | using connection "northnet-eastnets/0x1" Aug 26 18:33:39.422935: | client wildcard: no port wildcard: no virtual: no Aug 26 18:33:39.422943: | creating state object #6 at 0x55e21158cd18 Aug 26 18:33:39.422948: | State DB: adding IKEv1 state #6 in UNDEFINED Aug 26 18:33:39.422953: | pstats #6 ikev1.ipsec started Aug 26 18:33:39.422958: | duplicating state object #1 "northnet-eastnets/0x2" as #6 for IPSEC SA Aug 26 18:33:39.422964: | #6 setting local endpoint to 192.1.2.23:500 from #1.st_localport (in duplicate_state() at state.c:1484) Aug 26 18:33:39.422970: | in connection_discard for connection northnet-eastnets/0x2 Aug 26 18:33:39.422976: | start processing: connection "northnet-eastnets/0x1" (BACKGROUND) (in quick_inI1_outR1_tail() at ikev1_quick.c:1286) Aug 26 18:33:39.422982: | suspend processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in quick_inI1_outR1_tail() at ikev1_quick.c:1295) Aug 26 18:33:39.422989: | start processing: state #6 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in quick_inI1_outR1_tail() at ikev1_quick.c:1295) Aug 26 18:33:39.422994: | child state #6: UNDEFINED(ignore) => QUICK_R0(established CHILD SA) Aug 26 18:33:39.422998: | ****parse IPsec DOI SIT: Aug 26 18:33:39.423002: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) Aug 26 18:33:39.423006: | ****parse ISAKMP Proposal Payload: Aug 26 18:33:39.423010: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:33:39.423014: | length: 72 (0x48) Aug 26 18:33:39.423018: | proposal number: 0 (0x0) Aug 26 18:33:39.423021: | protocol ID: PROTO_IPSEC_ESP (0x3) Aug 26 18:33:39.423025: | SPI size: 4 (0x4) Aug 26 18:33:39.423028: | number of transforms: 2 (0x2) Aug 26 18:33:39.423035: | parsing 4 raw bytes of ISAKMP Proposal Payload into SPI Aug 26 18:33:39.423038: | crypto helper 1 finished build KE and nonce (quick_outI1 KE); request ID 9 time elapsed 0.000753 seconds Aug 26 18:33:39.423038: | SPI 4a e3 1a b3 Aug 26 18:33:39.423051: | (#5) spent 0.761 milliseconds in crypto helper computing work-order 9: quick_outI1 KE (pcr) Aug 26 18:33:39.423066: | crypto helper 1 sending results from work-order 9 for state #5 to event queue Aug 26 18:33:39.423069: | scheduling resume sending helper answer for #5 Aug 26 18:33:39.423058: | *****parse ISAKMP Transform Payload (ESP): Aug 26 18:33:39.423080: | next payload type: ISAKMP_NEXT_T (0x3) Aug 26 18:33:39.423083: | length: 32 (0x20) Aug 26 18:33:39.423074: | libevent_malloc: new ptr-libevent@0x7f4998004fd8 size 128 Aug 26 18:33:39.423086: | ESP transform number: 0 (0x0) Aug 26 18:33:39.423095: | ESP transform ID: ESP_AES (0xc) Aug 26 18:33:39.423096: | crypto helper 1 waiting (nothing to do) Aug 26 18:33:39.423098: | ******parse ISAKMP IPsec DOI attribute: Aug 26 18:33:39.423106: | af+type: AF+GROUP_DESCRIPTION (0x8003) Aug 26 18:33:39.423108: | length/value: 14 (0xe) Aug 26 18:33:39.423111: | [14 is OAKLEY_GROUP_MODP2048] Aug 26 18:33:39.423113: | ******parse ISAKMP IPsec DOI attribute: Aug 26 18:33:39.423115: | af+type: AF+ENCAPSULATION_MODE (0x8004) Aug 26 18:33:39.423118: | length/value: 1 (0x1) Aug 26 18:33:39.423120: | [1 is ENCAPSULATION_MODE_TUNNEL] Aug 26 18:33:39.423123: | NAT-T non-encap: Installing IPsec SA without ENCAP, st->hidden_variables.st_nat_traversal is none Aug 26 18:33:39.423125: | ******parse ISAKMP IPsec DOI attribute: Aug 26 18:33:39.423127: | af+type: AF+SA_LIFE_TYPE (0x8001) Aug 26 18:33:39.423129: | length/value: 1 (0x1) Aug 26 18:33:39.423131: | [1 is SA_LIFE_TYPE_SECONDS] Aug 26 18:33:39.423134: | ******parse ISAKMP IPsec DOI attribute: Aug 26 18:33:39.423136: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) Aug 26 18:33:39.423138: | length/value: 28800 (0x7080) Aug 26 18:33:39.423141: | ******parse ISAKMP IPsec DOI attribute: Aug 26 18:33:39.423143: | af+type: AF+AUTH_ALGORITHM (0x8005) Aug 26 18:33:39.423145: | length/value: 2 (0x2) Aug 26 18:33:39.423147: | [2 is AUTH_ALGORITHM_HMAC_SHA1] Aug 26 18:33:39.423150: | ******parse ISAKMP IPsec DOI attribute: Aug 26 18:33:39.423152: | af+type: AF+KEY_LENGTH (0x8006) Aug 26 18:33:39.423154: | length/value: 128 (0x80) Aug 26 18:33:39.423157: | ESP IPsec Transform verified unconditionally; no alg_info to check against Aug 26 18:33:39.423165: | adding quick_outI1 KE work-order 10 for state #6 Aug 26 18:33:39.423168: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f499c004218 Aug 26 18:33:39.423172: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #6 Aug 26 18:33:39.423175: | libevent_malloc: new ptr-libevent@0x55e211583348 size 128 Aug 26 18:33:39.423181: | complete v1 state transition with STF_SUSPEND Aug 26 18:33:39.423186: | [RE]START processing: state #6 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in complete_v1_state_transition() at ikev1.c:2648) Aug 26 18:33:39.423188: | suspending state #6 and saving MD Aug 26 18:33:39.423191: | #6 is busy; has a suspended MD Aug 26 18:33:39.423196: | #1 spent 0.47 milliseconds in process_packet_tail() Aug 26 18:33:39.423200: | stop processing: from 192.1.3.33:500 (BACKGROUND) (in process_md() at demux.c:380) Aug 26 18:33:39.423204: | stop processing: state #6 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in process_md() at demux.c:382) Aug 26 18:33:39.423207: | resume processing: connection "northnet-eastnets/0x1" (in process_md() at demux.c:382) Aug 26 18:33:39.423210: | stop processing: connection "northnet-eastnets/0x1" (in process_md() at demux.c:383) Aug 26 18:33:39.423212: | crypto helper 2 resuming Aug 26 18:33:39.423214: | spent 0.886 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:33:39.423221: | crypto helper 2 starting work-order 10 for state #6 Aug 26 18:33:39.423230: | crypto helper 2 doing build KE and nonce (quick_outI1 KE); request ID 10 Aug 26 18:33:39.423231: | processing resume sending helper answer for #5 Aug 26 18:33:39.423243: | start processing: state #5 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:797) Aug 26 18:33:39.423247: | crypto helper 1 replies to request ID 9 Aug 26 18:33:39.423249: | calling continuation function 0x55e21030cb50 Aug 26 18:33:39.423252: | quick_inI1_outR1_cryptocontinue1 for #5: calculated ke+nonce, calculating DH Aug 26 18:33:39.423262: | started looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org of kind PKK_PSK Aug 26 18:33:39.423268: | actually looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org of kind PKK_PSK Aug 26 18:33:39.423277: | line 0: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org) to type PKK_RSA Aug 26 18:33:39.423279: | line 1: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org) to type PKK_RSA Aug 26 18:33:39.423282: | concluding with best_match=000 best=(nil) (lineno=-1) Aug 26 18:33:39.423284: | no PreShared Key Found Aug 26 18:33:39.423297: | adding quick outR1 DH work-order 11 for state #5 Aug 26 18:33:39.423305: | state #5 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 18:33:39.423308: | libevent_free: release ptr-libevent@0x55e21157ecf8 Aug 26 18:33:39.423311: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f498c002b78 Aug 26 18:33:39.423314: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f498c002b78 Aug 26 18:33:39.423317: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #5 Aug 26 18:33:39.423320: | libevent_malloc: new ptr-libevent@0x55e21157ecf8 size 128 Aug 26 18:33:39.423325: | suspending state #5 and saving MD Aug 26 18:33:39.423328: | #5 is busy; has a suspended MD Aug 26 18:33:39.423331: | resume sending helper answer for #5 suppresed complete_v1_state_transition() and stole MD Aug 26 18:33:39.423336: | #5 spent 0.0801 milliseconds in resume sending helper answer Aug 26 18:33:39.423340: | stop processing: state #5 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:833) Aug 26 18:33:39.423343: | libevent_free: release ptr-libevent@0x7f4998004fd8 Aug 26 18:33:39.423374: | crypto helper 3 resuming Aug 26 18:33:39.423386: | crypto helper 3 starting work-order 11 for state #5 Aug 26 18:33:39.423391: | crypto helper 3 doing compute dh (V1 Phase 2 PFS) (quick outR1 DH); request ID 11 Aug 26 18:33:39.424200: | crypto helper 3 finished compute dh (V1 Phase 2 PFS) (quick outR1 DH); request ID 11 time elapsed 0.000809 seconds Aug 26 18:33:39.424210: | (#5) spent 0.818 milliseconds in crypto helper computing work-order 11: quick outR1 DH (pcr) Aug 26 18:33:39.424213: | crypto helper 3 sending results from work-order 11 for state #5 to event queue Aug 26 18:33:39.424216: | scheduling resume sending helper answer for #5 Aug 26 18:33:39.424226: | libevent_malloc: new ptr-libevent@0x7f4990003e78 size 128 Aug 26 18:33:39.424214: | crypto helper 2 finished build KE and nonce (quick_outI1 KE); request ID 10 time elapsed 0.000981 seconds Aug 26 18:33:39.424239: | processing resume sending helper answer for #5 Aug 26 18:33:39.424235: | crypto helper 3 waiting (nothing to do) Aug 26 18:33:39.424244: | start processing: state #5 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:797) Aug 26 18:33:39.424246: | (#6) spent 0.99 milliseconds in crypto helper computing work-order 10: quick_outI1 KE (pcr) Aug 26 18:33:39.424249: | crypto helper 3 replies to request ID 11 Aug 26 18:33:39.424258: | crypto helper 2 sending results from work-order 10 for state #6 to event queue Aug 26 18:33:39.424260: | calling continuation function 0x55e21030cb50 Aug 26 18:33:39.424267: | scheduling resume sending helper answer for #6 Aug 26 18:33:39.424269: | quick_inI1_outR1_cryptocontinue2 for #5: calculated DH, sending R1 Aug 26 18:33:39.424275: | libevent_malloc: new ptr-libevent@0x7f499c00a028 size 128 Aug 26 18:33:39.424280: | **emit ISAKMP Message: Aug 26 18:33:39.424282: | crypto helper 2 waiting (nothing to do) Aug 26 18:33:39.424283: | initiator cookie: Aug 26 18:33:39.424300: | b4 b9 92 b1 8c d6 51 ed Aug 26 18:33:39.424303: | responder cookie: Aug 26 18:33:39.424305: | 11 de db 08 7f 65 6e 7d Aug 26 18:33:39.424308: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:33:39.424310: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 18:33:39.424313: | exchange type: ISAKMP_XCHG_QUICK (0x20) Aug 26 18:33:39.424315: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 18:33:39.424318: | Message ID: 3057189798 (0xb63903a6) Aug 26 18:33:39.424320: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:33:39.424323: | ***emit ISAKMP Hash Payload: Aug 26 18:33:39.424326: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:33:39.424328: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Aug 26 18:33:39.424331: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'reply packet' Aug 26 18:33:39.424334: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Aug 26 18:33:39.424336: | emitting length of ISAKMP Hash Payload: 36 Aug 26 18:33:39.424339: | ***emit ISAKMP Security Association Payload: Aug 26 18:33:39.424341: | next payload type: ISAKMP_NEXT_NONCE (0xa) Aug 26 18:33:39.424343: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 18:33:39.424346: | next payload chain: ignoring supplied 'ISAKMP Security Association Payload'.'next payload type' value 10:ISAKMP_NEXT_NONCE Aug 26 18:33:39.424349: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Security Association Payload (1:ISAKMP_NEXT_SA) Aug 26 18:33:39.424352: | next payload chain: saving location 'ISAKMP Security Association Payload'.'next payload type' in 'reply packet' Aug 26 18:33:39.424354: | ****parse IPsec DOI SIT: Aug 26 18:33:39.424357: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) Aug 26 18:33:39.424359: | ****parse ISAKMP Proposal Payload: Aug 26 18:33:39.424362: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:33:39.424364: | length: 72 (0x48) Aug 26 18:33:39.424366: | proposal number: 0 (0x0) Aug 26 18:33:39.424368: | protocol ID: PROTO_IPSEC_ESP (0x3) Aug 26 18:33:39.424371: | SPI size: 4 (0x4) Aug 26 18:33:39.424373: | number of transforms: 2 (0x2) Aug 26 18:33:39.424375: | parsing 4 raw bytes of ISAKMP Proposal Payload into SPI Aug 26 18:33:39.424377: | SPI ab e7 ff 90 Aug 26 18:33:39.424380: | *****parse ISAKMP Transform Payload (ESP): Aug 26 18:33:39.424382: | next payload type: ISAKMP_NEXT_T (0x3) Aug 26 18:33:39.424384: | length: 32 (0x20) Aug 26 18:33:39.424386: | ESP transform number: 0 (0x0) Aug 26 18:33:39.424389: | ESP transform ID: ESP_AES (0xc) Aug 26 18:33:39.424391: | ******parse ISAKMP IPsec DOI attribute: Aug 26 18:33:39.424393: | af+type: AF+GROUP_DESCRIPTION (0x8003) Aug 26 18:33:39.424396: | length/value: 14 (0xe) Aug 26 18:33:39.424398: | [14 is OAKLEY_GROUP_MODP2048] Aug 26 18:33:39.424400: | ******parse ISAKMP IPsec DOI attribute: Aug 26 18:33:39.424403: | af+type: AF+ENCAPSULATION_MODE (0x8004) Aug 26 18:33:39.424405: | length/value: 1 (0x1) Aug 26 18:33:39.424407: | [1 is ENCAPSULATION_MODE_TUNNEL] Aug 26 18:33:39.424409: | NAT-T non-encap: Installing IPsec SA without ENCAP, st->hidden_variables.st_nat_traversal is none Aug 26 18:33:39.424412: | ******parse ISAKMP IPsec DOI attribute: Aug 26 18:33:39.424416: | af+type: AF+SA_LIFE_TYPE (0x8001) Aug 26 18:33:39.424418: | length/value: 1 (0x1) Aug 26 18:33:39.424421: | [1 is SA_LIFE_TYPE_SECONDS] Aug 26 18:33:39.424423: | ******parse ISAKMP IPsec DOI attribute: Aug 26 18:33:39.424425: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) Aug 26 18:33:39.424427: | length/value: 28800 (0x7080) Aug 26 18:33:39.424430: | ******parse ISAKMP IPsec DOI attribute: Aug 26 18:33:39.424432: | af+type: AF+AUTH_ALGORITHM (0x8005) Aug 26 18:33:39.424434: | length/value: 2 (0x2) Aug 26 18:33:39.424437: | [2 is AUTH_ALGORITHM_HMAC_SHA1] Aug 26 18:33:39.424439: | ******parse ISAKMP IPsec DOI attribute: Aug 26 18:33:39.424441: | af+type: AF+KEY_LENGTH (0x8006) Aug 26 18:33:39.424443: | length/value: 128 (0x80) Aug 26 18:33:39.424446: | ESP IPsec Transform verified unconditionally; no alg_info to check against Aug 26 18:33:39.424448: | ****emit IPsec DOI SIT: Aug 26 18:33:39.424451: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) Aug 26 18:33:39.424453: | ****emit ISAKMP Proposal Payload: Aug 26 18:33:39.424455: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:33:39.424458: | proposal number: 0 (0x0) Aug 26 18:33:39.424460: | protocol ID: PROTO_IPSEC_ESP (0x3) Aug 26 18:33:39.424462: | SPI size: 4 (0x4) Aug 26 18:33:39.424464: | number of transforms: 1 (0x1) Aug 26 18:33:39.424467: | last substructure: saving location 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' Aug 26 18:33:39.424486: | netlink_get_spi: allocated 0x698e3888 for esp.0@192.1.2.23 Aug 26 18:33:39.424490: | emitting 4 raw bytes of SPI into ISAKMP Proposal Payload Aug 26 18:33:39.424492: | SPI 69 8e 38 88 Aug 26 18:33:39.424494: | *****emit ISAKMP Transform Payload (ESP): Aug 26 18:33:39.424496: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:33:39.424499: | ESP transform number: 0 (0x0) Aug 26 18:33:39.424501: | ESP transform ID: ESP_AES (0xc) Aug 26 18:33:39.424503: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' Aug 26 18:33:39.424506: | emitting 24 raw bytes of attributes into ISAKMP Transform Payload (ESP) Aug 26 18:33:39.424509: | attributes 80 03 00 0e 80 04 00 01 80 01 00 01 80 02 70 80 Aug 26 18:33:39.424511: | attributes 80 05 00 02 80 06 00 80 Aug 26 18:33:39.424513: | emitting length of ISAKMP Transform Payload (ESP): 32 Aug 26 18:33:39.424515: | emitting length of ISAKMP Proposal Payload: 44 Aug 26 18:33:39.424518: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' is 0 Aug 26 18:33:39.424520: | emitting length of ISAKMP Security Association Payload: 56 Aug 26 18:33:39.424523: | last substructure: checking 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' is 0 Aug 26 18:33:39.424527: "northnet-eastnets/0x2" #5: responding to Quick Mode proposal {msgid:b63903a6} Aug 26 18:33:39.424537: "northnet-eastnets/0x2" #5: us: 192.0.22.0/24===192.1.2.23<192.1.2.23>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org] Aug 26 18:33:39.424544: "northnet-eastnets/0x2" #5: them: 192.1.3.33<192.1.3.33>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org]===192.0.3.0/24 Aug 26 18:33:39.424547: | ***emit ISAKMP Nonce Payload: Aug 26 18:33:39.424549: | next payload type: ISAKMP_NEXT_KE (0x4) Aug 26 18:33:39.424552: | next payload chain: ignoring supplied 'ISAKMP Nonce Payload'.'next payload type' value 4:ISAKMP_NEXT_KE Aug 26 18:33:39.424555: | next payload chain: setting previous 'ISAKMP Security Association Payload'.'next payload type' to current ISAKMP Nonce Payload (10:ISAKMP_NEXT_NONCE) Aug 26 18:33:39.424558: | next payload chain: saving location 'ISAKMP Nonce Payload'.'next payload type' in 'reply packet' Aug 26 18:33:39.424560: | emitting 32 raw bytes of Nr into ISAKMP Nonce Payload Aug 26 18:33:39.424564: | Nr b0 20 c5 fb ad bb c6 29 21 2f ac ec b1 fc 58 2b Aug 26 18:33:39.424567: | Nr 70 d1 e0 21 a0 42 6e d9 8e 98 5d c9 ad 28 78 d2 Aug 26 18:33:39.424569: | emitting length of ISAKMP Nonce Payload: 36 Aug 26 18:33:39.424571: | ***emit ISAKMP Key Exchange Payload: Aug 26 18:33:39.424574: | next payload type: ISAKMP_NEXT_ID (0x5) Aug 26 18:33:39.424576: | next payload chain: ignoring supplied 'ISAKMP Key Exchange Payload'.'next payload type' value 5:ISAKMP_NEXT_ID Aug 26 18:33:39.424579: | next payload chain: setting previous 'ISAKMP Nonce Payload'.'next payload type' to current ISAKMP Key Exchange Payload (4:ISAKMP_NEXT_KE) Aug 26 18:33:39.424581: | next payload chain: saving location 'ISAKMP Key Exchange Payload'.'next payload type' in 'reply packet' Aug 26 18:33:39.424584: | emitting 256 raw bytes of keyex value into ISAKMP Key Exchange Payload Aug 26 18:33:39.424586: | keyex value c4 21 b9 b6 6e 2d 0f c1 b9 82 a8 ce f8 7f 98 f6 Aug 26 18:33:39.424589: | keyex value 00 f7 37 8e 8a b5 c0 71 0f cc 91 cd b2 ee bf d4 Aug 26 18:33:39.424591: | keyex value f1 32 0b 79 68 d2 da 51 4f 02 52 14 ca 3b 7a 78 Aug 26 18:33:39.424593: | keyex value 02 3d 93 b2 d6 d2 91 1b ea c3 70 38 2a 44 36 e9 Aug 26 18:33:39.424595: | keyex value da 6a 33 c7 0b 01 99 8f 9b e6 a1 93 2c c4 2f ae Aug 26 18:33:39.424597: | keyex value 63 29 f2 46 b1 5c 82 9f 55 c4 45 7e ba 30 b4 45 Aug 26 18:33:39.424599: | keyex value 17 20 1a 62 05 0c ff 76 b6 cf 21 e0 2a 1d e8 6a Aug 26 18:33:39.424601: | keyex value 5f d1 ec 1a 6c 64 ba 8d 86 2b 3d 54 2f 29 1c 94 Aug 26 18:33:39.424604: | keyex value 9d 4f 6f 7b d1 ae fa d0 13 1e bb b8 5e 02 8e 49 Aug 26 18:33:39.424606: | keyex value 60 be e7 07 d8 d0 be dd 4c 66 49 01 8c 69 1d 70 Aug 26 18:33:39.424608: | keyex value 74 a5 2d a0 aa 70 81 02 f8 41 10 09 93 f8 df f9 Aug 26 18:33:39.424610: | keyex value 08 1a f1 44 ad 91 58 ba a4 1e 11 43 1d ae e6 d5 Aug 26 18:33:39.424612: | keyex value 57 48 4e e7 dd e1 0d 8f 9c a0 c4 d5 9b 86 13 04 Aug 26 18:33:39.424614: | keyex value b0 a5 f6 5e 83 ed f0 71 76 49 32 f3 bb b7 67 ca Aug 26 18:33:39.424616: | keyex value 92 f5 a1 fa 60 e1 7a ae 47 a5 ed 07 64 e7 49 9e Aug 26 18:33:39.424618: | keyex value 67 1c d7 39 40 11 1a b5 20 69 e7 f7 f7 b7 66 1b Aug 26 18:33:39.424621: | emitting length of ISAKMP Key Exchange Payload: 260 Aug 26 18:33:39.424623: | ***emit ISAKMP Identification Payload (IPsec DOI): Aug 26 18:33:39.424625: | next payload type: ISAKMP_NEXT_ID (0x5) Aug 26 18:33:39.424628: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Aug 26 18:33:39.424630: | Protocol ID: 0 (0x0) Aug 26 18:33:39.424632: | port: 0 (0x0) Aug 26 18:33:39.424635: | next payload chain: ignoring supplied 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' value 5:ISAKMP_NEXT_ID Aug 26 18:33:39.424637: | next payload chain: setting previous 'ISAKMP Key Exchange Payload'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) Aug 26 18:33:39.424640: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' Aug 26 18:33:39.424643: | emitting 8 raw bytes of ID body into ISAKMP Identification Payload (IPsec DOI) Aug 26 18:33:39.424645: | ID body c0 00 03 00 ff ff ff 00 Aug 26 18:33:39.424647: | emitting length of ISAKMP Identification Payload (IPsec DOI): 16 Aug 26 18:33:39.424649: | ***emit ISAKMP Identification Payload (IPsec DOI): Aug 26 18:33:39.424652: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:33:39.424654: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Aug 26 18:33:39.424656: | Protocol ID: 0 (0x0) Aug 26 18:33:39.424658: | port: 0 (0x0) Aug 26 18:33:39.424661: | next payload chain: setting previous 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) Aug 26 18:33:39.424663: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' Aug 26 18:33:39.424667: | emitting 8 raw bytes of ID body into ISAKMP Identification Payload (IPsec DOI) Aug 26 18:33:39.424669: | ID body c0 00 16 00 ff ff ff 00 Aug 26 18:33:39.424671: | emitting length of ISAKMP Identification Payload (IPsec DOI): 16 Aug 26 18:33:39.424700: | quick inR1 outI2 HASH(2): Aug 26 18:33:39.424704: | d5 f1 9e 2e de e4 17 7a a9 79 4c c5 ac a5 de 3a Aug 26 18:33:39.424706: | 53 41 92 8f 49 f8 8a 24 2b 36 ac a3 b1 58 a6 dd Aug 26 18:33:39.424708: | compute_proto_keymat: needed_len (after ESP enc)=16 Aug 26 18:33:39.424711: | compute_proto_keymat: needed_len (after ESP auth)=36 Aug 26 18:33:39.424799: | FOR_EACH_CONNECTION_... in route_owner Aug 26 18:33:39.424804: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Aug 26 18:33:39.424807: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Aug 26 18:33:39.424809: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Aug 26 18:33:39.424812: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Aug 26 18:33:39.424815: | route owner of "northnet-eastnets/0x2" erouted: self Aug 26 18:33:39.424818: | install_inbound_ipsec_sa() checking if we can route Aug 26 18:33:39.424820: | could_route called for northnet-eastnets/0x2 (kind=CK_PERMANENT) Aug 26 18:33:39.424823: | FOR_EACH_CONNECTION_... in route_owner Aug 26 18:33:39.424825: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Aug 26 18:33:39.424827: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Aug 26 18:33:39.424830: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Aug 26 18:33:39.424832: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Aug 26 18:33:39.424835: | route owner of "northnet-eastnets/0x2" erouted: self; eroute owner: self Aug 26 18:33:39.424838: | routing is easy, or has resolvable near-conflict Aug 26 18:33:39.424840: | checking if this is a replacement state Aug 26 18:33:39.424843: | st=0x55e21157a178 ost=0x55e2115729b8 st->serialno=#5 ost->serialno=#2 Aug 26 18:33:39.424845: "northnet-eastnets/0x2" #5: keeping refhim=0 during rekey Aug 26 18:33:39.424848: | installing outgoing SA now as refhim=0 Aug 26 18:33:39.424851: | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 Aug 26 18:33:39.424854: | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 Aug 26 18:33:39.424856: | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 Aug 26 18:33:39.424860: | setting IPsec SA replay-window to 32 Aug 26 18:33:39.424863: | NIC esp-hw-offload not for connection 'northnet-eastnets/0x2' not available on interface eth1 Aug 26 18:33:39.424865: | netlink: enabling tunnel mode Aug 26 18:33:39.424868: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 18:33:39.424871: | netlink: esp-hw-offload not set for IPsec SA Aug 26 18:33:39.424946: | netlink response for Add SA esp.abe7ff90@192.1.3.33 included non-error error Aug 26 18:33:39.424951: | outgoing SA has refhim=0 Aug 26 18:33:39.424954: | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 Aug 26 18:33:39.424957: | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 Aug 26 18:33:39.424959: | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 Aug 26 18:33:39.424962: | setting IPsec SA replay-window to 32 Aug 26 18:33:39.424965: | NIC esp-hw-offload not for connection 'northnet-eastnets/0x2' not available on interface eth1 Aug 26 18:33:39.424967: | netlink: enabling tunnel mode Aug 26 18:33:39.424969: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 18:33:39.424972: | netlink: esp-hw-offload not set for IPsec SA Aug 26 18:33:39.425018: | netlink response for Add SA esp.698e3888@192.1.2.23 included non-error error Aug 26 18:33:39.425511: | emitting 12 zero bytes of encryption padding into ISAKMP Message Aug 26 18:33:39.425524: | no IKEv1 message padding required Aug 26 18:33:39.425529: | emitting length of ISAKMP Message: 460 Aug 26 18:33:39.425544: | finished processing quick inI1 Aug 26 18:33:39.425553: | complete v1 state transition with STF_OK Aug 26 18:33:39.425562: | [RE]START processing: state #5 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in complete_v1_state_transition() at ikev1.c:2673) Aug 26 18:33:39.425567: | #5 is idle Aug 26 18:33:39.425571: | doing_xauth:no, t_xauth_client_done:no Aug 26 18:33:39.425576: | IKEv1: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1 Aug 26 18:33:39.425581: | child state #5: QUICK_R0(established CHILD SA) => QUICK_R1(established CHILD SA) Aug 26 18:33:39.425585: | event_already_set, deleting event Aug 26 18:33:39.425589: | state #5 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 18:33:39.425595: | libevent_free: release ptr-libevent@0x55e21157ecf8 Aug 26 18:33:39.425600: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f498c002b78 Aug 26 18:33:39.425609: | sending reply packet to 192.1.3.33:500 (from 192.1.2.23:500) Aug 26 18:33:39.425619: | sending 460 bytes for STATE_QUICK_R0 through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #5) Aug 26 18:33:39.425623: | b4 b9 92 b1 8c d6 51 ed 11 de db 08 7f 65 6e 7d Aug 26 18:33:39.425627: | 08 10 20 01 b6 39 03 a6 00 00 01 cc fc c3 8f 1b Aug 26 18:33:39.425631: | 2e 15 81 44 14 2d 3a a1 34 d3 55 d4 b3 cd bb 21 Aug 26 18:33:39.425634: | 77 8b 76 93 ac f0 77 b2 bd 6a 25 8f 46 9a a0 50 Aug 26 18:33:39.425638: | 3e 1e 1b 7d 0e 13 69 9d e7 06 23 f1 63 9a 34 d3 Aug 26 18:33:39.425642: | f3 13 e8 34 81 4d 13 76 5b c9 91 75 f9 cf 31 4c Aug 26 18:33:39.425645: | 5a 69 ae 18 d9 25 88 dc 66 0c 28 cb 61 df 2c db Aug 26 18:33:39.425649: | 1c 20 6e f4 95 dc 7f 89 f9 35 6d f5 14 e4 ff 04 Aug 26 18:33:39.425653: | 3b 21 45 db 20 7c a5 0e 3c 24 b9 0e 04 21 ec 45 Aug 26 18:33:39.425657: | 9a 50 40 b1 51 4d bd ba 4f 88 9c de 30 dd 3e 38 Aug 26 18:33:39.425661: | 94 b8 7c ed 96 9d 2f 7a f5 14 7f 86 f4 26 4a cb Aug 26 18:33:39.425664: | 67 2e ef 16 8f 69 4d 87 aa f6 9c 0d ce b6 6b d7 Aug 26 18:33:39.425667: | db 20 18 96 8d fa e3 e5 49 8a 33 cd 28 52 f2 03 Aug 26 18:33:39.425671: | 0e 6c ef 26 4f ea 28 40 4b a3 2e 99 03 d5 ae b7 Aug 26 18:33:39.425675: | 51 91 17 1b db 22 49 6b cf ba f6 64 c1 8a 82 2e Aug 26 18:33:39.425679: | 13 3a e7 31 5b 22 89 02 1e 40 c6 ee 29 31 0d 29 Aug 26 18:33:39.425682: | b8 8d c9 5f 14 f9 be b3 68 51 4a 1a b3 e6 04 ed Aug 26 18:33:39.425686: | 76 15 c9 cb 54 b2 2b 9b 0e a8 e3 ac 96 e7 d7 3f Aug 26 18:33:39.425690: | ad a4 50 1a 1d f6 2d 5a dd ad 4f b3 83 9f 77 23 Aug 26 18:33:39.425694: | 62 63 a2 ad a4 7e cc da 14 d6 f4 82 d5 7d 2b fe Aug 26 18:33:39.425697: | 97 60 97 f3 ab 50 ed ea 65 ca 45 b8 79 ec dc e1 Aug 26 18:33:39.425701: | dd 1a a6 e4 90 71 e8 7a 54 15 08 9f 3d a4 d2 a9 Aug 26 18:33:39.425704: | bc a5 a3 57 30 87 93 20 ed 57 f5 fb 02 f4 b3 34 Aug 26 18:33:39.425708: | 4b d9 c1 01 ab 2f c4 26 a1 5b b5 e8 9b ec cd 37 Aug 26 18:33:39.425712: | 08 44 7e 37 e7 7c 5f 2e 6f 49 74 78 19 65 72 d8 Aug 26 18:33:39.425716: | b9 fb 70 c9 55 e0 e6 84 24 3f 42 38 3b 6d d8 9c Aug 26 18:33:39.425719: | d3 b0 45 10 71 0d 79 75 0c f7 d4 c7 2c ea 36 29 Aug 26 18:33:39.425723: | 90 e6 91 37 a0 61 2c ab 2c d7 66 93 d2 cd e4 c9 Aug 26 18:33:39.425727: | 58 24 3e 35 3a 25 64 15 eb 8e 6b c9 Aug 26 18:33:39.425783: | !event_already_set at reschedule Aug 26 18:33:39.425792: | event_schedule: new EVENT_RETRANSMIT-pe@0x7f498c002b78 Aug 26 18:33:39.425799: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #5 Aug 26 18:33:39.425804: | libevent_malloc: new ptr-libevent@0x7f4998004fd8 size 128 Aug 26 18:33:39.425812: | #5 STATE_QUICK_R1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 29705.168257 Aug 26 18:33:39.425817: | pstats #5 ikev1.ipsec established Aug 26 18:33:39.425823: | NAT-T: encaps is 'auto' Aug 26 18:33:39.425830: "northnet-eastnets/0x2" #5: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2 tunnel mode {ESP=>0xabe7ff90 <0x698e3888 xfrm=AES_CBC_128-HMAC_SHA1_96 NATOA=none NATD=none DPD=passive} Aug 26 18:33:39.425838: | modecfg pull: noquirk policy:push not-client Aug 26 18:33:39.425842: | phase 1 is done, looking for phase 2 to unpend Aug 26 18:33:39.425848: | resume sending helper answer for #5 suppresed complete_v1_state_transition() Aug 26 18:33:39.425857: | #5 spent 1.54 milliseconds in resume sending helper answer Aug 26 18:33:39.425865: | stop processing: state #5 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:833) Aug 26 18:33:39.425870: | libevent_free: release ptr-libevent@0x7f4990003e78 Aug 26 18:33:39.425880: | processing resume sending helper answer for #6 Aug 26 18:33:39.425888: | start processing: state #6 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in resume_handler() at server.c:797) Aug 26 18:33:39.425894: | crypto helper 2 replies to request ID 10 Aug 26 18:33:39.425898: | calling continuation function 0x55e21030cb50 Aug 26 18:33:39.425902: | quick_inI1_outR1_cryptocontinue1 for #6: calculated ke+nonce, calculating DH Aug 26 18:33:39.425920: | started looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org of kind PKK_PSK Aug 26 18:33:39.425932: | actually looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org of kind PKK_PSK Aug 26 18:33:39.425946: | line 0: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org) to type PKK_RSA Aug 26 18:33:39.425951: | line 1: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org) to type PKK_RSA Aug 26 18:33:39.425956: | concluding with best_match=000 best=(nil) (lineno=-1) Aug 26 18:33:39.425959: | no PreShared Key Found Aug 26 18:33:39.425965: | adding quick outR1 DH work-order 12 for state #6 Aug 26 18:33:39.425969: | state #6 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 18:33:39.425974: | libevent_free: release ptr-libevent@0x55e211583348 Aug 26 18:33:39.425978: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f499c004218 Aug 26 18:33:39.425982: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f499c004218 Aug 26 18:33:39.425988: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #6 Aug 26 18:33:39.425992: | libevent_malloc: new ptr-libevent@0x7f4990003e78 size 128 Aug 26 18:33:39.426002: | suspending state #6 and saving MD Aug 26 18:33:39.426006: | #6 is busy; has a suspended MD Aug 26 18:33:39.426011: | crypto helper 6 resuming Aug 26 18:33:39.426028: | crypto helper 6 starting work-order 12 for state #6 Aug 26 18:33:39.426035: | crypto helper 6 doing compute dh (V1 Phase 2 PFS) (quick outR1 DH); request ID 12 Aug 26 18:33:39.426011: | resume sending helper answer for #6 suppresed complete_v1_state_transition() and stole MD Aug 26 18:33:39.426063: | #6 spent 0.161 milliseconds in resume sending helper answer Aug 26 18:33:39.426069: | stop processing: state #6 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in resume_handler() at server.c:833) Aug 26 18:33:39.426073: | libevent_free: release ptr-libevent@0x7f499c00a028 Aug 26 18:33:39.426933: | crypto helper 6 finished compute dh (V1 Phase 2 PFS) (quick outR1 DH); request ID 12 time elapsed 0.000898 seconds Aug 26 18:33:39.426945: | (#6) spent 0.903 milliseconds in crypto helper computing work-order 12: quick outR1 DH (pcr) Aug 26 18:33:39.426948: | crypto helper 6 sending results from work-order 12 for state #6 to event queue Aug 26 18:33:39.426951: | scheduling resume sending helper answer for #6 Aug 26 18:33:39.426955: | libevent_malloc: new ptr-libevent@0x7f4988002f58 size 128 Aug 26 18:33:39.426964: | crypto helper 6 waiting (nothing to do) Aug 26 18:33:39.426972: | processing resume sending helper answer for #6 Aug 26 18:33:39.426982: | start processing: state #6 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in resume_handler() at server.c:797) Aug 26 18:33:39.426987: | crypto helper 6 replies to request ID 12 Aug 26 18:33:39.426991: | calling continuation function 0x55e21030cb50 Aug 26 18:33:39.426995: | quick_inI1_outR1_cryptocontinue2 for #6: calculated DH, sending R1 Aug 26 18:33:39.427002: | **emit ISAKMP Message: Aug 26 18:33:39.427006: | initiator cookie: Aug 26 18:33:39.427010: | b4 b9 92 b1 8c d6 51 ed Aug 26 18:33:39.427013: | responder cookie: Aug 26 18:33:39.427016: | 11 de db 08 7f 65 6e 7d Aug 26 18:33:39.427020: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:33:39.427024: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 18:33:39.427028: | exchange type: ISAKMP_XCHG_QUICK (0x20) Aug 26 18:33:39.427032: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 18:33:39.427036: | Message ID: 2027435032 (0x78d83418) Aug 26 18:33:39.427040: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:33:39.427044: | ***emit ISAKMP Hash Payload: Aug 26 18:33:39.427048: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:33:39.427053: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Aug 26 18:33:39.427057: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'reply packet' Aug 26 18:33:39.427062: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Aug 26 18:33:39.427066: | emitting length of ISAKMP Hash Payload: 36 Aug 26 18:33:39.427069: | ***emit ISAKMP Security Association Payload: Aug 26 18:33:39.427073: | next payload type: ISAKMP_NEXT_NONCE (0xa) Aug 26 18:33:39.427077: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 18:33:39.427081: | next payload chain: ignoring supplied 'ISAKMP Security Association Payload'.'next payload type' value 10:ISAKMP_NEXT_NONCE Aug 26 18:33:39.427085: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Security Association Payload (1:ISAKMP_NEXT_SA) Aug 26 18:33:39.427089: | next payload chain: saving location 'ISAKMP Security Association Payload'.'next payload type' in 'reply packet' Aug 26 18:33:39.427094: | ****parse IPsec DOI SIT: Aug 26 18:33:39.427097: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) Aug 26 18:33:39.427101: | ****parse ISAKMP Proposal Payload: Aug 26 18:33:39.427105: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:33:39.427109: | length: 72 (0x48) Aug 26 18:33:39.427112: | proposal number: 0 (0x0) Aug 26 18:33:39.427116: | protocol ID: PROTO_IPSEC_ESP (0x3) Aug 26 18:33:39.427119: | SPI size: 4 (0x4) Aug 26 18:33:39.427123: | number of transforms: 2 (0x2) Aug 26 18:33:39.427127: | parsing 4 raw bytes of ISAKMP Proposal Payload into SPI Aug 26 18:33:39.427130: | SPI 4a e3 1a b3 Aug 26 18:33:39.427134: | *****parse ISAKMP Transform Payload (ESP): Aug 26 18:33:39.427138: | next payload type: ISAKMP_NEXT_T (0x3) Aug 26 18:33:39.427142: | length: 32 (0x20) Aug 26 18:33:39.427145: | ESP transform number: 0 (0x0) Aug 26 18:33:39.427149: | ESP transform ID: ESP_AES (0xc) Aug 26 18:33:39.427153: | ******parse ISAKMP IPsec DOI attribute: Aug 26 18:33:39.427157: | af+type: AF+GROUP_DESCRIPTION (0x8003) Aug 26 18:33:39.427160: | length/value: 14 (0xe) Aug 26 18:33:39.427164: | [14 is OAKLEY_GROUP_MODP2048] Aug 26 18:33:39.427168: | ******parse ISAKMP IPsec DOI attribute: Aug 26 18:33:39.427172: | af+type: AF+ENCAPSULATION_MODE (0x8004) Aug 26 18:33:39.427175: | length/value: 1 (0x1) Aug 26 18:33:39.427179: | [1 is ENCAPSULATION_MODE_TUNNEL] Aug 26 18:33:39.427183: | NAT-T non-encap: Installing IPsec SA without ENCAP, st->hidden_variables.st_nat_traversal is none Aug 26 18:33:39.427187: | ******parse ISAKMP IPsec DOI attribute: Aug 26 18:33:39.427193: | af+type: AF+SA_LIFE_TYPE (0x8001) Aug 26 18:33:39.427197: | length/value: 1 (0x1) Aug 26 18:33:39.427201: | [1 is SA_LIFE_TYPE_SECONDS] Aug 26 18:33:39.427204: | ******parse ISAKMP IPsec DOI attribute: Aug 26 18:33:39.427208: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) Aug 26 18:33:39.427212: | length/value: 28800 (0x7080) Aug 26 18:33:39.427215: | ******parse ISAKMP IPsec DOI attribute: Aug 26 18:33:39.427219: | af+type: AF+AUTH_ALGORITHM (0x8005) Aug 26 18:33:39.427223: | length/value: 2 (0x2) Aug 26 18:33:39.427226: | [2 is AUTH_ALGORITHM_HMAC_SHA1] Aug 26 18:33:39.427230: | ******parse ISAKMP IPsec DOI attribute: Aug 26 18:33:39.427234: | af+type: AF+KEY_LENGTH (0x8006) Aug 26 18:33:39.427237: | length/value: 128 (0x80) Aug 26 18:33:39.427241: | ESP IPsec Transform verified unconditionally; no alg_info to check against Aug 26 18:33:39.427245: | ****emit IPsec DOI SIT: Aug 26 18:33:39.427249: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) Aug 26 18:33:39.427252: | ****emit ISAKMP Proposal Payload: Aug 26 18:33:39.427256: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:33:39.427260: | proposal number: 0 (0x0) Aug 26 18:33:39.427263: | protocol ID: PROTO_IPSEC_ESP (0x3) Aug 26 18:33:39.427267: | SPI size: 4 (0x4) Aug 26 18:33:39.427270: | number of transforms: 1 (0x1) Aug 26 18:33:39.427274: | last substructure: saving location 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' Aug 26 18:33:39.427298: | netlink_get_spi: allocated 0x1e867a01 for esp.0@192.1.2.23 Aug 26 18:33:39.427307: | emitting 4 raw bytes of SPI into ISAKMP Proposal Payload Aug 26 18:33:39.427311: | SPI 1e 86 7a 01 Aug 26 18:33:39.427315: | *****emit ISAKMP Transform Payload (ESP): Aug 26 18:33:39.427318: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:33:39.427322: | ESP transform number: 0 (0x0) Aug 26 18:33:39.427325: | ESP transform ID: ESP_AES (0xc) Aug 26 18:33:39.427329: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' Aug 26 18:33:39.427334: | emitting 24 raw bytes of attributes into ISAKMP Transform Payload (ESP) Aug 26 18:33:39.427338: | attributes 80 03 00 0e 80 04 00 01 80 01 00 01 80 02 70 80 Aug 26 18:33:39.427341: | attributes 80 05 00 02 80 06 00 80 Aug 26 18:33:39.427345: | emitting length of ISAKMP Transform Payload (ESP): 32 Aug 26 18:33:39.427348: | emitting length of ISAKMP Proposal Payload: 44 Aug 26 18:33:39.427352: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' is 0 Aug 26 18:33:39.427356: | emitting length of ISAKMP Security Association Payload: 56 Aug 26 18:33:39.427360: | last substructure: checking 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' is 0 Aug 26 18:33:39.427366: "northnet-eastnets/0x1" #6: responding to Quick Mode proposal {msgid:78d83418} Aug 26 18:33:39.427382: "northnet-eastnets/0x1" #6: us: 192.0.2.0/24===192.1.2.23<192.1.2.23>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org] Aug 26 18:33:39.427397: "northnet-eastnets/0x1" #6: them: 192.1.3.33<192.1.3.33>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org]===192.0.3.0/24 Aug 26 18:33:39.427401: | ***emit ISAKMP Nonce Payload: Aug 26 18:33:39.427405: | next payload type: ISAKMP_NEXT_KE (0x4) Aug 26 18:33:39.427410: | next payload chain: ignoring supplied 'ISAKMP Nonce Payload'.'next payload type' value 4:ISAKMP_NEXT_KE Aug 26 18:33:39.427414: | next payload chain: setting previous 'ISAKMP Security Association Payload'.'next payload type' to current ISAKMP Nonce Payload (10:ISAKMP_NEXT_NONCE) Aug 26 18:33:39.427418: | next payload chain: saving location 'ISAKMP Nonce Payload'.'next payload type' in 'reply packet' Aug 26 18:33:39.427421: | emitting 32 raw bytes of Nr into ISAKMP Nonce Payload Aug 26 18:33:39.427426: | Nr 1b 02 a2 68 57 52 cc cd 41 7e f9 6c c1 11 a6 58 Aug 26 18:33:39.427428: | Nr b6 1e bb 74 db 80 ed 8b 76 6f 20 45 d7 a4 66 f9 Aug 26 18:33:39.427431: | emitting length of ISAKMP Nonce Payload: 36 Aug 26 18:33:39.427433: | ***emit ISAKMP Key Exchange Payload: Aug 26 18:33:39.427435: | next payload type: ISAKMP_NEXT_ID (0x5) Aug 26 18:33:39.427438: | next payload chain: ignoring supplied 'ISAKMP Key Exchange Payload'.'next payload type' value 5:ISAKMP_NEXT_ID Aug 26 18:33:39.427441: | next payload chain: setting previous 'ISAKMP Nonce Payload'.'next payload type' to current ISAKMP Key Exchange Payload (4:ISAKMP_NEXT_KE) Aug 26 18:33:39.427443: | next payload chain: saving location 'ISAKMP Key Exchange Payload'.'next payload type' in 'reply packet' Aug 26 18:33:39.427446: | emitting 256 raw bytes of keyex value into ISAKMP Key Exchange Payload Aug 26 18:33:39.427448: | keyex value bd 29 65 c6 e7 7b 53 88 7c 01 c0 7d 32 26 6f 08 Aug 26 18:33:39.427450: | keyex value fd 8e e4 50 ff f4 86 01 99 82 68 26 39 0b da fe Aug 26 18:33:39.427453: | keyex value 9a 0f 6f a3 f5 1e b9 eb d6 5f 22 e8 74 a5 f3 8d Aug 26 18:33:39.427455: | keyex value d7 1c c3 92 99 fb 22 6f e7 14 f5 09 2f 35 be 6e Aug 26 18:33:39.427457: | keyex value 85 69 77 ad 6f 6a 50 fa 82 3d bd 03 4f f3 3a fa Aug 26 18:33:39.427459: | keyex value 92 02 e1 c1 c9 bf d2 13 2b 15 ac bd 84 a2 d8 12 Aug 26 18:33:39.427461: | keyex value ec 99 24 c1 a8 31 7e 8c 61 75 83 c0 19 9a 3c e9 Aug 26 18:33:39.427463: | keyex value c0 fc 76 d1 9a a0 8c ed 48 d7 2d 06 d4 bc 02 8b Aug 26 18:33:39.427465: | keyex value 39 b1 b0 86 51 31 ce 87 13 f2 b3 f0 41 94 c9 69 Aug 26 18:33:39.427468: | keyex value 76 6c d0 ff 89 30 ed de ce 00 78 25 84 44 b3 86 Aug 26 18:33:39.427470: | keyex value eb ee d5 0f 06 6f 74 28 9a 9a 6b f8 72 4a 34 23 Aug 26 18:33:39.427472: | keyex value 53 4a eb 88 a6 85 57 7e 35 bf d9 fa 3c 6f 7b 45 Aug 26 18:33:39.427474: | keyex value b7 e4 de 8b 47 20 b3 93 f8 15 d1 3b e4 30 6e 00 Aug 26 18:33:39.427476: | keyex value 04 7b 58 4c ac 0a b4 ea 35 68 31 fe d3 72 bb 03 Aug 26 18:33:39.427478: | keyex value 2e 14 3f 34 7a f0 86 16 a4 5b 4c de 73 13 ec f6 Aug 26 18:33:39.427480: | keyex value 50 2d d5 36 08 c3 70 6c 7c 7b d9 7f a1 ef f7 99 Aug 26 18:33:39.427483: | emitting length of ISAKMP Key Exchange Payload: 260 Aug 26 18:33:39.427485: | ***emit ISAKMP Identification Payload (IPsec DOI): Aug 26 18:33:39.427487: | next payload type: ISAKMP_NEXT_ID (0x5) Aug 26 18:33:39.427490: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Aug 26 18:33:39.427492: | Protocol ID: 0 (0x0) Aug 26 18:33:39.427494: | port: 0 (0x0) Aug 26 18:33:39.427497: | next payload chain: ignoring supplied 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' value 5:ISAKMP_NEXT_ID Aug 26 18:33:39.427500: | next payload chain: setting previous 'ISAKMP Key Exchange Payload'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) Aug 26 18:33:39.427502: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' Aug 26 18:33:39.427505: | emitting 8 raw bytes of ID body into ISAKMP Identification Payload (IPsec DOI) Aug 26 18:33:39.427507: | ID body c0 00 03 00 ff ff ff 00 Aug 26 18:33:39.427510: | emitting length of ISAKMP Identification Payload (IPsec DOI): 16 Aug 26 18:33:39.427512: | ***emit ISAKMP Identification Payload (IPsec DOI): Aug 26 18:33:39.427514: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:33:39.427516: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Aug 26 18:33:39.427518: | Protocol ID: 0 (0x0) Aug 26 18:33:39.427521: | port: 0 (0x0) Aug 26 18:33:39.427523: | next payload chain: setting previous 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) Aug 26 18:33:39.427526: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' Aug 26 18:33:39.427530: | emitting 8 raw bytes of ID body into ISAKMP Identification Payload (IPsec DOI) Aug 26 18:33:39.427532: | ID body c0 00 02 00 ff ff ff 00 Aug 26 18:33:39.427534: | emitting length of ISAKMP Identification Payload (IPsec DOI): 16 Aug 26 18:33:39.427557: | quick inR1 outI2 HASH(2): Aug 26 18:33:39.427561: | 29 bb 02 f6 09 2c c9 04 aa fd 04 af 93 e2 9d e7 Aug 26 18:33:39.427563: | 15 01 00 d9 1f 56 eb 1c 07 cd 34 54 a0 e6 16 88 Aug 26 18:33:39.427565: | compute_proto_keymat: needed_len (after ESP enc)=16 Aug 26 18:33:39.427568: | compute_proto_keymat: needed_len (after ESP auth)=36 Aug 26 18:33:39.427654: | FOR_EACH_CONNECTION_... in route_owner Aug 26 18:33:39.427659: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Aug 26 18:33:39.427662: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Aug 26 18:33:39.427665: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Aug 26 18:33:39.427667: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Aug 26 18:33:39.427670: | route owner of "northnet-eastnets/0x1" erouted: self Aug 26 18:33:39.427673: | install_inbound_ipsec_sa() checking if we can route Aug 26 18:33:39.427675: | could_route called for northnet-eastnets/0x1 (kind=CK_PERMANENT) Aug 26 18:33:39.427678: | FOR_EACH_CONNECTION_... in route_owner Aug 26 18:33:39.427680: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Aug 26 18:33:39.427683: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Aug 26 18:33:39.427685: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Aug 26 18:33:39.427688: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Aug 26 18:33:39.427691: | route owner of "northnet-eastnets/0x1" erouted: self; eroute owner: self Aug 26 18:33:39.427693: | routing is easy, or has resolvable near-conflict Aug 26 18:33:39.427696: | checking if this is a replacement state Aug 26 18:33:39.427699: | st=0x55e21158cd18 ost=0x55e2115841c8 st->serialno=#6 ost->serialno=#4 Aug 26 18:33:39.427701: "northnet-eastnets/0x1" #6: keeping refhim=0 during rekey Aug 26 18:33:39.427704: | installing outgoing SA now as refhim=0 Aug 26 18:33:39.427706: | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 Aug 26 18:33:39.427709: | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 Aug 26 18:33:39.427712: | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 Aug 26 18:33:39.427715: | setting IPsec SA replay-window to 32 Aug 26 18:33:39.427718: | NIC esp-hw-offload not for connection 'northnet-eastnets/0x1' not available on interface eth1 Aug 26 18:33:39.427721: | netlink: enabling tunnel mode Aug 26 18:33:39.427723: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 18:33:39.427726: | netlink: esp-hw-offload not set for IPsec SA Aug 26 18:33:39.427787: | netlink response for Add SA esp.4ae31ab3@192.1.3.33 included non-error error Aug 26 18:33:39.427791: | outgoing SA has refhim=0 Aug 26 18:33:39.427794: | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 Aug 26 18:33:39.427797: | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 Aug 26 18:33:39.427799: | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 Aug 26 18:33:39.427802: | setting IPsec SA replay-window to 32 Aug 26 18:33:39.427805: | NIC esp-hw-offload not for connection 'northnet-eastnets/0x1' not available on interface eth1 Aug 26 18:33:39.427807: | netlink: enabling tunnel mode Aug 26 18:33:39.427810: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 18:33:39.427812: | netlink: esp-hw-offload not set for IPsec SA Aug 26 18:33:39.427861: | netlink response for Add SA esp.1e867a01@192.1.2.23 included non-error error Aug 26 18:33:39.427921: | emitting 12 zero bytes of encryption padding into ISAKMP Message Aug 26 18:33:39.427929: | no IKEv1 message padding required Aug 26 18:33:39.427934: | emitting length of ISAKMP Message: 460 Aug 26 18:33:39.427948: | finished processing quick inI1 Aug 26 18:33:39.427957: | complete v1 state transition with STF_OK Aug 26 18:33:39.427966: | [RE]START processing: state #6 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in complete_v1_state_transition() at ikev1.c:2673) Aug 26 18:33:39.427971: | #6 is idle Aug 26 18:33:39.427976: | doing_xauth:no, t_xauth_client_done:no Aug 26 18:33:39.427981: | IKEv1: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1 Aug 26 18:33:39.427987: | child state #6: QUICK_R0(established CHILD SA) => QUICK_R1(established CHILD SA) Aug 26 18:33:39.427992: | event_already_set, deleting event Aug 26 18:33:39.427997: | state #6 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 18:33:39.428002: | libevent_free: release ptr-libevent@0x7f4990003e78 Aug 26 18:33:39.428008: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f499c004218 Aug 26 18:33:39.428016: | sending reply packet to 192.1.3.33:500 (from 192.1.2.23:500) Aug 26 18:33:39.428023: | sending 460 bytes for STATE_QUICK_R0 through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #6) Aug 26 18:33:39.428025: | b4 b9 92 b1 8c d6 51 ed 11 de db 08 7f 65 6e 7d Aug 26 18:33:39.428028: | 08 10 20 01 78 d8 34 18 00 00 01 cc a3 5a 90 15 Aug 26 18:33:39.428030: | 6a 26 b4 ac cb 38 13 42 12 da f7 37 61 8e e3 26 Aug 26 18:33:39.428032: | 4a e8 57 8f 42 3a d5 17 74 ac 6e 21 3b b9 55 84 Aug 26 18:33:39.428034: | 27 a7 db 5a 64 ee 2e 76 45 a9 96 69 51 ee 23 d3 Aug 26 18:33:39.428036: | fb 42 f2 81 c1 1a 31 87 f3 09 d3 de 29 2d e6 d2 Aug 26 18:33:39.428038: | c3 d6 d0 dd 21 ee 37 fd 0c 70 14 f5 57 fb 00 c3 Aug 26 18:33:39.428040: | 5e 2d 67 50 8e f6 28 ab 21 06 7a 98 23 cf a3 ee Aug 26 18:33:39.428042: | b2 91 d4 75 79 26 18 9c f0 4a c9 cf 96 58 e9 f5 Aug 26 18:33:39.428044: | 8a ff f8 f2 1e 3d e2 fb a2 34 32 07 be 6c 55 8e Aug 26 18:33:39.428046: | 08 6b f5 67 87 b2 52 71 93 e0 5e d3 c5 f6 27 82 Aug 26 18:33:39.428048: | 93 68 00 73 1b ee 67 f4 fb 12 01 4e 7e cb ee cf Aug 26 18:33:39.428051: | 55 3a 59 b0 af f0 e6 bb b8 b9 aa 41 f7 d4 d6 0e Aug 26 18:33:39.428053: | 88 86 3d a4 0a e7 10 cb ca 22 42 8e f3 e6 34 73 Aug 26 18:33:39.428055: | 3a c3 ec 81 d7 5b 97 b3 51 72 e7 84 84 6b 13 71 Aug 26 18:33:39.428057: | e7 a9 cf 23 a4 b2 73 67 0c dd d2 e4 87 cb cc bb Aug 26 18:33:39.428059: | ee d2 0a b4 d0 bf 3f 90 d5 1f 6f 22 d5 ed 3f ba Aug 26 18:33:39.428061: | bb cc 43 3b a8 99 b0 d7 b3 26 42 16 5d 94 ce d1 Aug 26 18:33:39.428063: | 7f 14 6d 8e 69 f5 2e 61 15 48 c2 27 84 f4 76 36 Aug 26 18:33:39.428065: | 52 a3 33 f6 d4 b0 a8 c7 44 8c 35 3c fd 97 8d ae Aug 26 18:33:39.428067: | fb 23 22 81 01 f9 da a5 fd 90 55 b6 a5 4f f2 e2 Aug 26 18:33:39.428069: | 5a 4e 8e da 34 4b 6c 7a 29 61 52 80 be 0e 03 f4 Aug 26 18:33:39.428071: | 1d 66 33 38 4b a9 97 05 54 6c e8 67 04 aa a7 f6 Aug 26 18:33:39.428073: | f1 d3 c9 de cd 63 54 49 82 02 d1 38 f8 3a c6 75 Aug 26 18:33:39.428075: | 02 eb 7d d8 02 c7 8a d9 1a 18 16 83 c9 60 67 9e Aug 26 18:33:39.428078: | cd 43 df 34 68 6e a4 90 42 f1 01 9a ae 5a fa a1 Aug 26 18:33:39.428080: | 29 7b 39 4f 9c a1 6c 5f a4 93 09 fe e7 07 87 01 Aug 26 18:33:39.428082: | e6 65 0a ad 2f c4 70 c3 12 7a b9 e9 27 b1 c2 e3 Aug 26 18:33:39.428084: | 8a 4e 4a 7b e9 7b 0a 0d 98 0a f4 81 Aug 26 18:33:39.428120: | !event_already_set at reschedule Aug 26 18:33:39.428126: | event_schedule: new EVENT_RETRANSMIT-pe@0x7f499c004218 Aug 26 18:33:39.428130: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #6 Aug 26 18:33:39.428133: | libevent_malloc: new ptr-libevent@0x7f499c00a028 size 128 Aug 26 18:33:39.428137: | #6 STATE_QUICK_R1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 29705.170592 Aug 26 18:33:39.428140: | pstats #6 ikev1.ipsec established Aug 26 18:33:39.428143: | NAT-T: encaps is 'auto' Aug 26 18:33:39.428147: "northnet-eastnets/0x1" #6: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2 tunnel mode {ESP=>0x4ae31ab3 <0x1e867a01 xfrm=AES_CBC_128-HMAC_SHA1_96 NATOA=none NATD=none DPD=passive} Aug 26 18:33:39.428153: | modecfg pull: noquirk policy:push not-client Aug 26 18:33:39.428155: | phase 1 is done, looking for phase 2 to unpend Aug 26 18:33:39.428159: | resume sending helper answer for #6 suppresed complete_v1_state_transition() Aug 26 18:33:39.428164: | #6 spent 1.15 milliseconds in resume sending helper answer Aug 26 18:33:39.428169: | stop processing: state #6 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in resume_handler() at server.c:833) Aug 26 18:33:39.428172: | libevent_free: release ptr-libevent@0x7f4988002f58 Aug 26 18:33:39.925324: | timer_event_cb: processing event@0x7f498c002b78 Aug 26 18:33:39.925344: | handling event EVENT_RETRANSMIT for child state #5 Aug 26 18:33:39.925365: | start processing: state #5 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in timer_event_cb() at timer.c:250) Aug 26 18:33:39.925369: | IKEv1 retransmit event Aug 26 18:33:39.925375: | [RE]START processing: state #5 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in retransmit_v1_msg() at retry.c:61) Aug 26 18:33:39.925380: | handling event EVENT_RETRANSMIT for 192.1.3.33 "northnet-eastnets/0x2" #5 keying attempt 0 of 0; retransmit 1 Aug 26 18:33:39.925387: | retransmits: current time 29705.66785; retransmit count 0 exceeds limit? NO; deltatime 0.5 exceeds limit? NO; monotime 0.499593 exceeds limit? NO Aug 26 18:33:39.925391: | event_schedule: new EVENT_RETRANSMIT-pe@0x55e211581a88 Aug 26 18:33:39.925395: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #5 Aug 26 18:33:39.925399: | libevent_malloc: new ptr-libevent@0x7f4988002f58 size 128 Aug 26 18:33:39.925404: "northnet-eastnets/0x2" #5: STATE_QUICK_R1: retransmission; will wait 0.5 seconds for response Aug 26 18:33:39.925412: | sending 460 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #5) Aug 26 18:33:39.925415: | b4 b9 92 b1 8c d6 51 ed 11 de db 08 7f 65 6e 7d Aug 26 18:33:39.925417: | 08 10 20 01 b6 39 03 a6 00 00 01 cc fc c3 8f 1b Aug 26 18:33:39.925420: | 2e 15 81 44 14 2d 3a a1 34 d3 55 d4 b3 cd bb 21 Aug 26 18:33:39.925422: | 77 8b 76 93 ac f0 77 b2 bd 6a 25 8f 46 9a a0 50 Aug 26 18:33:39.925424: | 3e 1e 1b 7d 0e 13 69 9d e7 06 23 f1 63 9a 34 d3 Aug 26 18:33:39.925427: | f3 13 e8 34 81 4d 13 76 5b c9 91 75 f9 cf 31 4c Aug 26 18:33:39.925429: | 5a 69 ae 18 d9 25 88 dc 66 0c 28 cb 61 df 2c db Aug 26 18:33:39.925431: | 1c 20 6e f4 95 dc 7f 89 f9 35 6d f5 14 e4 ff 04 Aug 26 18:33:39.925433: | 3b 21 45 db 20 7c a5 0e 3c 24 b9 0e 04 21 ec 45 Aug 26 18:33:39.925436: | 9a 50 40 b1 51 4d bd ba 4f 88 9c de 30 dd 3e 38 Aug 26 18:33:39.925438: | 94 b8 7c ed 96 9d 2f 7a f5 14 7f 86 f4 26 4a cb Aug 26 18:33:39.925441: | 67 2e ef 16 8f 69 4d 87 aa f6 9c 0d ce b6 6b d7 Aug 26 18:33:39.925443: | db 20 18 96 8d fa e3 e5 49 8a 33 cd 28 52 f2 03 Aug 26 18:33:39.925446: | 0e 6c ef 26 4f ea 28 40 4b a3 2e 99 03 d5 ae b7 Aug 26 18:33:39.925448: | 51 91 17 1b db 22 49 6b cf ba f6 64 c1 8a 82 2e Aug 26 18:33:39.925451: | 13 3a e7 31 5b 22 89 02 1e 40 c6 ee 29 31 0d 29 Aug 26 18:33:39.925453: | b8 8d c9 5f 14 f9 be b3 68 51 4a 1a b3 e6 04 ed Aug 26 18:33:39.925456: | 76 15 c9 cb 54 b2 2b 9b 0e a8 e3 ac 96 e7 d7 3f Aug 26 18:33:39.925459: | ad a4 50 1a 1d f6 2d 5a dd ad 4f b3 83 9f 77 23 Aug 26 18:33:39.925476: | 62 63 a2 ad a4 7e cc da 14 d6 f4 82 d5 7d 2b fe Aug 26 18:33:39.925478: | 97 60 97 f3 ab 50 ed ea 65 ca 45 b8 79 ec dc e1 Aug 26 18:33:39.925481: | dd 1a a6 e4 90 71 e8 7a 54 15 08 9f 3d a4 d2 a9 Aug 26 18:33:39.925483: | bc a5 a3 57 30 87 93 20 ed 57 f5 fb 02 f4 b3 34 Aug 26 18:33:39.925485: | 4b d9 c1 01 ab 2f c4 26 a1 5b b5 e8 9b ec cd 37 Aug 26 18:33:39.925488: | 08 44 7e 37 e7 7c 5f 2e 6f 49 74 78 19 65 72 d8 Aug 26 18:33:39.925490: | b9 fb 70 c9 55 e0 e6 84 24 3f 42 38 3b 6d d8 9c Aug 26 18:33:39.925492: | d3 b0 45 10 71 0d 79 75 0c f7 d4 c7 2c ea 36 29 Aug 26 18:33:39.925495: | 90 e6 91 37 a0 61 2c ab 2c d7 66 93 d2 cd e4 c9 Aug 26 18:33:39.925502: | 58 24 3e 35 3a 25 64 15 eb 8e 6b c9 Aug 26 18:33:39.925561: | libevent_free: release ptr-libevent@0x7f4998004fd8 Aug 26 18:33:39.925566: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f498c002b78 Aug 26 18:33:39.925575: | #5 spent 0.218 milliseconds in timer_event_cb() EVENT_RETRANSMIT Aug 26 18:33:39.925581: | stop processing: state #5 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in timer_event_cb() at timer.c:557) Aug 26 18:33:39.928674: | timer_event_cb: processing event@0x7f499c004218 Aug 26 18:33:39.928690: | handling event EVENT_RETRANSMIT for child state #6 Aug 26 18:33:39.928696: | start processing: state #6 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in timer_event_cb() at timer.c:250) Aug 26 18:33:39.928699: | IKEv1 retransmit event Aug 26 18:33:39.928702: | [RE]START processing: state #6 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in retransmit_v1_msg() at retry.c:61) Aug 26 18:33:39.928705: | handling event EVENT_RETRANSMIT for 192.1.3.33 "northnet-eastnets/0x1" #6 keying attempt 0 of 0; retransmit 1 Aug 26 18:33:39.928710: | retransmits: current time 29705.671174; retransmit count 0 exceeds limit? NO; deltatime 0.5 exceeds limit? NO; monotime 0.500582 exceeds limit? NO Aug 26 18:33:39.928713: | event_schedule: new EVENT_RETRANSMIT-pe@0x7f498c002b78 Aug 26 18:33:39.928715: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #6 Aug 26 18:33:39.928718: | libevent_malloc: new ptr-libevent@0x7f4998004fd8 size 128 Aug 26 18:33:39.928721: "northnet-eastnets/0x1" #6: STATE_QUICK_R1: retransmission; will wait 0.5 seconds for response Aug 26 18:33:39.928726: | sending 460 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #6) Aug 26 18:33:39.928728: | b4 b9 92 b1 8c d6 51 ed 11 de db 08 7f 65 6e 7d Aug 26 18:33:39.928730: | 08 10 20 01 78 d8 34 18 00 00 01 cc a3 5a 90 15 Aug 26 18:33:39.928731: | 6a 26 b4 ac cb 38 13 42 12 da f7 37 61 8e e3 26 Aug 26 18:33:39.928733: | 4a e8 57 8f 42 3a d5 17 74 ac 6e 21 3b b9 55 84 Aug 26 18:33:39.928734: | 27 a7 db 5a 64 ee 2e 76 45 a9 96 69 51 ee 23 d3 Aug 26 18:33:39.928736: | fb 42 f2 81 c1 1a 31 87 f3 09 d3 de 29 2d e6 d2 Aug 26 18:33:39.928738: | c3 d6 d0 dd 21 ee 37 fd 0c 70 14 f5 57 fb 00 c3 Aug 26 18:33:39.928739: | 5e 2d 67 50 8e f6 28 ab 21 06 7a 98 23 cf a3 ee Aug 26 18:33:39.928741: | b2 91 d4 75 79 26 18 9c f0 4a c9 cf 96 58 e9 f5 Aug 26 18:33:39.928742: | 8a ff f8 f2 1e 3d e2 fb a2 34 32 07 be 6c 55 8e Aug 26 18:33:39.928744: | 08 6b f5 67 87 b2 52 71 93 e0 5e d3 c5 f6 27 82 Aug 26 18:33:39.928745: | 93 68 00 73 1b ee 67 f4 fb 12 01 4e 7e cb ee cf Aug 26 18:33:39.928747: | 55 3a 59 b0 af f0 e6 bb b8 b9 aa 41 f7 d4 d6 0e Aug 26 18:33:39.928748: | 88 86 3d a4 0a e7 10 cb ca 22 42 8e f3 e6 34 73 Aug 26 18:33:39.928750: | 3a c3 ec 81 d7 5b 97 b3 51 72 e7 84 84 6b 13 71 Aug 26 18:33:39.928751: | e7 a9 cf 23 a4 b2 73 67 0c dd d2 e4 87 cb cc bb Aug 26 18:33:39.928753: | ee d2 0a b4 d0 bf 3f 90 d5 1f 6f 22 d5 ed 3f ba Aug 26 18:33:39.928754: | bb cc 43 3b a8 99 b0 d7 b3 26 42 16 5d 94 ce d1 Aug 26 18:33:39.928756: | 7f 14 6d 8e 69 f5 2e 61 15 48 c2 27 84 f4 76 36 Aug 26 18:33:39.928757: | 52 a3 33 f6 d4 b0 a8 c7 44 8c 35 3c fd 97 8d ae Aug 26 18:33:39.928759: | fb 23 22 81 01 f9 da a5 fd 90 55 b6 a5 4f f2 e2 Aug 26 18:33:39.928760: | 5a 4e 8e da 34 4b 6c 7a 29 61 52 80 be 0e 03 f4 Aug 26 18:33:39.928762: | 1d 66 33 38 4b a9 97 05 54 6c e8 67 04 aa a7 f6 Aug 26 18:33:39.928763: | f1 d3 c9 de cd 63 54 49 82 02 d1 38 f8 3a c6 75 Aug 26 18:33:39.928765: | 02 eb 7d d8 02 c7 8a d9 1a 18 16 83 c9 60 67 9e Aug 26 18:33:39.928766: | cd 43 df 34 68 6e a4 90 42 f1 01 9a ae 5a fa a1 Aug 26 18:33:39.928768: | 29 7b 39 4f 9c a1 6c 5f a4 93 09 fe e7 07 87 01 Aug 26 18:33:39.928769: | e6 65 0a ad 2f c4 70 c3 12 7a b9 e9 27 b1 c2 e3 Aug 26 18:33:39.928771: | 8a 4e 4a 7b e9 7b 0a 0d 98 0a f4 81 Aug 26 18:33:39.928809: | libevent_free: release ptr-libevent@0x7f499c00a028 Aug 26 18:33:39.928817: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f499c004218 Aug 26 18:33:39.928822: | #6 spent 0.128 milliseconds in timer_event_cb() EVENT_RETRANSMIT Aug 26 18:33:39.928825: | stop processing: state #6 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in timer_event_cb() at timer.c:557) Aug 26 18:33:40.425485: | timer_event_cb: processing event@0x55e211581a88 Aug 26 18:33:40.425511: | handling event EVENT_RETRANSMIT for child state #5 Aug 26 18:33:40.425518: | start processing: state #5 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in timer_event_cb() at timer.c:250) Aug 26 18:33:40.425522: | IKEv1 retransmit event Aug 26 18:33:40.425526: | [RE]START processing: state #5 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in retransmit_v1_msg() at retry.c:61) Aug 26 18:33:40.425530: | handling event EVENT_RETRANSMIT for 192.1.3.33 "northnet-eastnets/0x2" #5 keying attempt 0 of 0; retransmit 2 Aug 26 18:33:40.425536: | retransmits: current time 29706.168; retransmit count 1 exceeds limit? NO; deltatime 1 exceeds limit? NO; monotime 0.999743 exceeds limit? NO Aug 26 18:33:40.425540: | event_schedule: new EVENT_RETRANSMIT-pe@0x7f499c004218 Aug 26 18:33:40.425543: | inserting event EVENT_RETRANSMIT, timeout in 1 seconds for #5 Aug 26 18:33:40.425546: | libevent_malloc: new ptr-libevent@0x7f499c00a028 size 128 Aug 26 18:33:40.425550: "northnet-eastnets/0x2" #5: STATE_QUICK_R1: retransmission; will wait 1 seconds for response Aug 26 18:33:40.425556: | sending 460 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #5) Aug 26 18:33:40.425558: | b4 b9 92 b1 8c d6 51 ed 11 de db 08 7f 65 6e 7d Aug 26 18:33:40.425560: | 08 10 20 01 b6 39 03 a6 00 00 01 cc fc c3 8f 1b Aug 26 18:33:40.425562: | 2e 15 81 44 14 2d 3a a1 34 d3 55 d4 b3 cd bb 21 Aug 26 18:33:40.425564: | 77 8b 76 93 ac f0 77 b2 bd 6a 25 8f 46 9a a0 50 Aug 26 18:33:40.425566: | 3e 1e 1b 7d 0e 13 69 9d e7 06 23 f1 63 9a 34 d3 Aug 26 18:33:40.425568: | f3 13 e8 34 81 4d 13 76 5b c9 91 75 f9 cf 31 4c Aug 26 18:33:40.425570: | 5a 69 ae 18 d9 25 88 dc 66 0c 28 cb 61 df 2c db Aug 26 18:33:40.425572: | 1c 20 6e f4 95 dc 7f 89 f9 35 6d f5 14 e4 ff 04 Aug 26 18:33:40.425574: | 3b 21 45 db 20 7c a5 0e 3c 24 b9 0e 04 21 ec 45 Aug 26 18:33:40.425576: | 9a 50 40 b1 51 4d bd ba 4f 88 9c de 30 dd 3e 38 Aug 26 18:33:40.425577: | 94 b8 7c ed 96 9d 2f 7a f5 14 7f 86 f4 26 4a cb Aug 26 18:33:40.425579: | 67 2e ef 16 8f 69 4d 87 aa f6 9c 0d ce b6 6b d7 Aug 26 18:33:40.425581: | db 20 18 96 8d fa e3 e5 49 8a 33 cd 28 52 f2 03 Aug 26 18:33:40.425583: | 0e 6c ef 26 4f ea 28 40 4b a3 2e 99 03 d5 ae b7 Aug 26 18:33:40.425585: | 51 91 17 1b db 22 49 6b cf ba f6 64 c1 8a 82 2e Aug 26 18:33:40.425587: | 13 3a e7 31 5b 22 89 02 1e 40 c6 ee 29 31 0d 29 Aug 26 18:33:40.425589: | b8 8d c9 5f 14 f9 be b3 68 51 4a 1a b3 e6 04 ed Aug 26 18:33:40.425591: | 76 15 c9 cb 54 b2 2b 9b 0e a8 e3 ac 96 e7 d7 3f Aug 26 18:33:40.425592: | ad a4 50 1a 1d f6 2d 5a dd ad 4f b3 83 9f 77 23 Aug 26 18:33:40.425594: | 62 63 a2 ad a4 7e cc da 14 d6 f4 82 d5 7d 2b fe Aug 26 18:33:40.425596: | 97 60 97 f3 ab 50 ed ea 65 ca 45 b8 79 ec dc e1 Aug 26 18:33:40.425598: | dd 1a a6 e4 90 71 e8 7a 54 15 08 9f 3d a4 d2 a9 Aug 26 18:33:40.425600: | bc a5 a3 57 30 87 93 20 ed 57 f5 fb 02 f4 b3 34 Aug 26 18:33:40.425602: | 4b d9 c1 01 ab 2f c4 26 a1 5b b5 e8 9b ec cd 37 Aug 26 18:33:40.425604: | 08 44 7e 37 e7 7c 5f 2e 6f 49 74 78 19 65 72 d8 Aug 26 18:33:40.425606: | b9 fb 70 c9 55 e0 e6 84 24 3f 42 38 3b 6d d8 9c Aug 26 18:33:40.425607: | d3 b0 45 10 71 0d 79 75 0c f7 d4 c7 2c ea 36 29 Aug 26 18:33:40.425609: | 90 e6 91 37 a0 61 2c ab 2c d7 66 93 d2 cd e4 c9 Aug 26 18:33:40.425611: | 58 24 3e 35 3a 25 64 15 eb 8e 6b c9 Aug 26 18:33:40.425668: | libevent_free: release ptr-libevent@0x7f4988002f58 Aug 26 18:33:40.425672: | free_event_entry: release EVENT_RETRANSMIT-pe@0x55e211581a88 Aug 26 18:33:40.425685: | #5 spent 0.174 milliseconds in timer_event_cb() EVENT_RETRANSMIT Aug 26 18:33:40.425690: | stop processing: state #5 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in timer_event_cb() at timer.c:557) Aug 26 18:33:40.429862: | timer_event_cb: processing event@0x7f498c002b78 Aug 26 18:33:40.429877: | handling event EVENT_RETRANSMIT for child state #6 Aug 26 18:33:40.429886: | start processing: state #6 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in timer_event_cb() at timer.c:250) Aug 26 18:33:40.429889: | IKEv1 retransmit event Aug 26 18:33:40.429893: | [RE]START processing: state #6 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in retransmit_v1_msg() at retry.c:61) Aug 26 18:33:40.429897: | handling event EVENT_RETRANSMIT for 192.1.3.33 "northnet-eastnets/0x1" #6 keying attempt 0 of 0; retransmit 2 Aug 26 18:33:40.429903: | retransmits: current time 29706.172367; retransmit count 1 exceeds limit? NO; deltatime 1 exceeds limit? NO; monotime 1.001775 exceeds limit? NO Aug 26 18:33:40.429906: | event_schedule: new EVENT_RETRANSMIT-pe@0x55e211581a88 Aug 26 18:33:40.429909: | inserting event EVENT_RETRANSMIT, timeout in 1 seconds for #6 Aug 26 18:33:40.429913: | libevent_malloc: new ptr-libevent@0x7f4988002f58 size 128 Aug 26 18:33:40.429916: "northnet-eastnets/0x1" #6: STATE_QUICK_R1: retransmission; will wait 1 seconds for response Aug 26 18:33:40.429922: | sending 460 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #6) Aug 26 18:33:40.429925: | b4 b9 92 b1 8c d6 51 ed 11 de db 08 7f 65 6e 7d Aug 26 18:33:40.429927: | 08 10 20 01 78 d8 34 18 00 00 01 cc a3 5a 90 15 Aug 26 18:33:40.429929: | 6a 26 b4 ac cb 38 13 42 12 da f7 37 61 8e e3 26 Aug 26 18:33:40.429931: | 4a e8 57 8f 42 3a d5 17 74 ac 6e 21 3b b9 55 84 Aug 26 18:33:40.429933: | 27 a7 db 5a 64 ee 2e 76 45 a9 96 69 51 ee 23 d3 Aug 26 18:33:40.429934: | fb 42 f2 81 c1 1a 31 87 f3 09 d3 de 29 2d e6 d2 Aug 26 18:33:40.429936: | c3 d6 d0 dd 21 ee 37 fd 0c 70 14 f5 57 fb 00 c3 Aug 26 18:33:40.429938: | 5e 2d 67 50 8e f6 28 ab 21 06 7a 98 23 cf a3 ee Aug 26 18:33:40.429940: | b2 91 d4 75 79 26 18 9c f0 4a c9 cf 96 58 e9 f5 Aug 26 18:33:40.429942: | 8a ff f8 f2 1e 3d e2 fb a2 34 32 07 be 6c 55 8e Aug 26 18:33:40.429944: | 08 6b f5 67 87 b2 52 71 93 e0 5e d3 c5 f6 27 82 Aug 26 18:33:40.429946: | 93 68 00 73 1b ee 67 f4 fb 12 01 4e 7e cb ee cf Aug 26 18:33:40.429948: | 55 3a 59 b0 af f0 e6 bb b8 b9 aa 41 f7 d4 d6 0e Aug 26 18:33:40.429949: | 88 86 3d a4 0a e7 10 cb ca 22 42 8e f3 e6 34 73 Aug 26 18:33:40.429951: | 3a c3 ec 81 d7 5b 97 b3 51 72 e7 84 84 6b 13 71 Aug 26 18:33:40.429953: | e7 a9 cf 23 a4 b2 73 67 0c dd d2 e4 87 cb cc bb Aug 26 18:33:40.429955: | ee d2 0a b4 d0 bf 3f 90 d5 1f 6f 22 d5 ed 3f ba Aug 26 18:33:40.429957: | bb cc 43 3b a8 99 b0 d7 b3 26 42 16 5d 94 ce d1 Aug 26 18:33:40.429959: | 7f 14 6d 8e 69 f5 2e 61 15 48 c2 27 84 f4 76 36 Aug 26 18:33:40.429961: | 52 a3 33 f6 d4 b0 a8 c7 44 8c 35 3c fd 97 8d ae Aug 26 18:33:40.429963: | fb 23 22 81 01 f9 da a5 fd 90 55 b6 a5 4f f2 e2 Aug 26 18:33:40.429965: | 5a 4e 8e da 34 4b 6c 7a 29 61 52 80 be 0e 03 f4 Aug 26 18:33:40.429966: | 1d 66 33 38 4b a9 97 05 54 6c e8 67 04 aa a7 f6 Aug 26 18:33:40.429968: | f1 d3 c9 de cd 63 54 49 82 02 d1 38 f8 3a c6 75 Aug 26 18:33:40.429970: | 02 eb 7d d8 02 c7 8a d9 1a 18 16 83 c9 60 67 9e Aug 26 18:33:40.429972: | cd 43 df 34 68 6e a4 90 42 f1 01 9a ae 5a fa a1 Aug 26 18:33:40.429974: | 29 7b 39 4f 9c a1 6c 5f a4 93 09 fe e7 07 87 01 Aug 26 18:33:40.429976: | e6 65 0a ad 2f c4 70 c3 12 7a b9 e9 27 b1 c2 e3 Aug 26 18:33:40.429978: | 8a 4e 4a 7b e9 7b 0a 0d 98 0a f4 81 Aug 26 18:33:40.430027: | libevent_free: release ptr-libevent@0x7f4998004fd8 Aug 26 18:33:40.430032: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f498c002b78 Aug 26 18:33:40.430037: | #6 spent 0.151 milliseconds in timer_event_cb() EVENT_RETRANSMIT Aug 26 18:33:40.430041: | stop processing: state #6 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in timer_event_cb() at timer.c:557) Aug 26 18:33:41.427357: | timer_event_cb: processing event@0x7f499c004218 Aug 26 18:33:41.427394: | handling event EVENT_RETRANSMIT for child state #5 Aug 26 18:33:41.427420: | start processing: state #5 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in timer_event_cb() at timer.c:250) Aug 26 18:33:41.427435: | IKEv1 retransmit event Aug 26 18:33:41.427451: | [RE]START processing: state #5 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in retransmit_v1_msg() at retry.c:61) Aug 26 18:33:41.427466: | handling event EVENT_RETRANSMIT for 192.1.3.33 "northnet-eastnets/0x2" #5 keying attempt 0 of 0; retransmit 3 Aug 26 18:33:41.427487: | retransmits: current time 29707.169943; retransmit count 2 exceeds limit? NO; deltatime 2 exceeds limit? NO; monotime 2.001686 exceeds limit? NO Aug 26 18:33:41.427501: | event_schedule: new EVENT_RETRANSMIT-pe@0x7f498c002b78 Aug 26 18:33:41.427515: | inserting event EVENT_RETRANSMIT, timeout in 2 seconds for #5 Aug 26 18:33:41.427527: | libevent_malloc: new ptr-libevent@0x7f4998004fd8 size 128 Aug 26 18:33:41.427542: "northnet-eastnets/0x2" #5: STATE_QUICK_R1: retransmission; will wait 2 seconds for response Aug 26 18:33:41.427565: | sending 460 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #5) Aug 26 18:33:41.427576: | b4 b9 92 b1 8c d6 51 ed 11 de db 08 7f 65 6e 7d Aug 26 18:33:41.427585: | 08 10 20 01 b6 39 03 a6 00 00 01 cc fc c3 8f 1b Aug 26 18:33:41.427593: | 2e 15 81 44 14 2d 3a a1 34 d3 55 d4 b3 cd bb 21 Aug 26 18:33:41.427601: | 77 8b 76 93 ac f0 77 b2 bd 6a 25 8f 46 9a a0 50 Aug 26 18:33:41.427609: | 3e 1e 1b 7d 0e 13 69 9d e7 06 23 f1 63 9a 34 d3 Aug 26 18:33:41.427617: | f3 13 e8 34 81 4d 13 76 5b c9 91 75 f9 cf 31 4c Aug 26 18:33:41.427625: | 5a 69 ae 18 d9 25 88 dc 66 0c 28 cb 61 df 2c db Aug 26 18:33:41.427633: | 1c 20 6e f4 95 dc 7f 89 f9 35 6d f5 14 e4 ff 04 Aug 26 18:33:41.427640: | 3b 21 45 db 20 7c a5 0e 3c 24 b9 0e 04 21 ec 45 Aug 26 18:33:41.427648: | 9a 50 40 b1 51 4d bd ba 4f 88 9c de 30 dd 3e 38 Aug 26 18:33:41.427655: | 94 b8 7c ed 96 9d 2f 7a f5 14 7f 86 f4 26 4a cb Aug 26 18:33:41.427663: | 67 2e ef 16 8f 69 4d 87 aa f6 9c 0d ce b6 6b d7 Aug 26 18:33:41.427671: | db 20 18 96 8d fa e3 e5 49 8a 33 cd 28 52 f2 03 Aug 26 18:33:41.427679: | 0e 6c ef 26 4f ea 28 40 4b a3 2e 99 03 d5 ae b7 Aug 26 18:33:41.427687: | 51 91 17 1b db 22 49 6b cf ba f6 64 c1 8a 82 2e Aug 26 18:33:41.427695: | 13 3a e7 31 5b 22 89 02 1e 40 c6 ee 29 31 0d 29 Aug 26 18:33:41.427703: | b8 8d c9 5f 14 f9 be b3 68 51 4a 1a b3 e6 04 ed Aug 26 18:33:41.427711: | 76 15 c9 cb 54 b2 2b 9b 0e a8 e3 ac 96 e7 d7 3f Aug 26 18:33:41.427719: | ad a4 50 1a 1d f6 2d 5a dd ad 4f b3 83 9f 77 23 Aug 26 18:33:41.427727: | 62 63 a2 ad a4 7e cc da 14 d6 f4 82 d5 7d 2b fe Aug 26 18:33:41.427735: | 97 60 97 f3 ab 50 ed ea 65 ca 45 b8 79 ec dc e1 Aug 26 18:33:41.427743: | dd 1a a6 e4 90 71 e8 7a 54 15 08 9f 3d a4 d2 a9 Aug 26 18:33:41.427753: | bc a5 a3 57 30 87 93 20 ed 57 f5 fb 02 f4 b3 34 Aug 26 18:33:41.427762: | 4b d9 c1 01 ab 2f c4 26 a1 5b b5 e8 9b ec cd 37 Aug 26 18:33:41.427770: | 08 44 7e 37 e7 7c 5f 2e 6f 49 74 78 19 65 72 d8 Aug 26 18:33:41.427779: | b9 fb 70 c9 55 e0 e6 84 24 3f 42 38 3b 6d d8 9c Aug 26 18:33:41.427787: | d3 b0 45 10 71 0d 79 75 0c f7 d4 c7 2c ea 36 29 Aug 26 18:33:41.427795: | 90 e6 91 37 a0 61 2c ab 2c d7 66 93 d2 cd e4 c9 Aug 26 18:33:41.427803: | 58 24 3e 35 3a 25 64 15 eb 8e 6b c9 Aug 26 18:33:41.427935: | libevent_free: release ptr-libevent@0x7f499c00a028 Aug 26 18:33:41.427955: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f499c004218 Aug 26 18:33:41.427977: | #5 spent 0.555 milliseconds in timer_event_cb() EVENT_RETRANSMIT Aug 26 18:33:41.427998: | stop processing: state #5 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in timer_event_cb() at timer.c:557) Aug 26 18:33:41.431094: | timer_event_cb: processing event@0x55e211581a88 Aug 26 18:33:41.431119: | handling event EVENT_RETRANSMIT for child state #6 Aug 26 18:33:41.431132: | start processing: state #6 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in timer_event_cb() at timer.c:250) Aug 26 18:33:41.431138: | IKEv1 retransmit event Aug 26 18:33:41.431146: | [RE]START processing: state #6 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in retransmit_v1_msg() at retry.c:61) Aug 26 18:33:41.431154: | handling event EVENT_RETRANSMIT for 192.1.3.33 "northnet-eastnets/0x1" #6 keying attempt 0 of 0; retransmit 3 Aug 26 18:33:41.431164: | retransmits: current time 29707.173625; retransmit count 2 exceeds limit? NO; deltatime 2 exceeds limit? NO; monotime 2.003033 exceeds limit? NO Aug 26 18:33:41.431170: | event_schedule: new EVENT_RETRANSMIT-pe@0x7f499c004218 Aug 26 18:33:41.431176: | inserting event EVENT_RETRANSMIT, timeout in 2 seconds for #6 Aug 26 18:33:41.431182: | libevent_malloc: new ptr-libevent@0x7f499c00a028 size 128 Aug 26 18:33:41.431189: "northnet-eastnets/0x1" #6: STATE_QUICK_R1: retransmission; will wait 2 seconds for response Aug 26 18:33:41.431199: | sending 460 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #6) Aug 26 18:33:41.431203: | b4 b9 92 b1 8c d6 51 ed 11 de db 08 7f 65 6e 7d Aug 26 18:33:41.431207: | 08 10 20 01 78 d8 34 18 00 00 01 cc a3 5a 90 15 Aug 26 18:33:41.431211: | 6a 26 b4 ac cb 38 13 42 12 da f7 37 61 8e e3 26 Aug 26 18:33:41.431214: | 4a e8 57 8f 42 3a d5 17 74 ac 6e 21 3b b9 55 84 Aug 26 18:33:41.431218: | 27 a7 db 5a 64 ee 2e 76 45 a9 96 69 51 ee 23 d3 Aug 26 18:33:41.431222: | fb 42 f2 81 c1 1a 31 87 f3 09 d3 de 29 2d e6 d2 Aug 26 18:33:41.431225: | c3 d6 d0 dd 21 ee 37 fd 0c 70 14 f5 57 fb 00 c3 Aug 26 18:33:41.431229: | 5e 2d 67 50 8e f6 28 ab 21 06 7a 98 23 cf a3 ee Aug 26 18:33:41.431233: | b2 91 d4 75 79 26 18 9c f0 4a c9 cf 96 58 e9 f5 Aug 26 18:33:41.431236: | 8a ff f8 f2 1e 3d e2 fb a2 34 32 07 be 6c 55 8e Aug 26 18:33:41.431240: | 08 6b f5 67 87 b2 52 71 93 e0 5e d3 c5 f6 27 82 Aug 26 18:33:41.431244: | 93 68 00 73 1b ee 67 f4 fb 12 01 4e 7e cb ee cf Aug 26 18:33:41.431247: | 55 3a 59 b0 af f0 e6 bb b8 b9 aa 41 f7 d4 d6 0e Aug 26 18:33:41.431251: | 88 86 3d a4 0a e7 10 cb ca 22 42 8e f3 e6 34 73 Aug 26 18:33:41.431255: | 3a c3 ec 81 d7 5b 97 b3 51 72 e7 84 84 6b 13 71 Aug 26 18:33:41.431258: | e7 a9 cf 23 a4 b2 73 67 0c dd d2 e4 87 cb cc bb Aug 26 18:33:41.431262: | ee d2 0a b4 d0 bf 3f 90 d5 1f 6f 22 d5 ed 3f ba Aug 26 18:33:41.431266: | bb cc 43 3b a8 99 b0 d7 b3 26 42 16 5d 94 ce d1 Aug 26 18:33:41.431269: | 7f 14 6d 8e 69 f5 2e 61 15 48 c2 27 84 f4 76 36 Aug 26 18:33:41.431273: | 52 a3 33 f6 d4 b0 a8 c7 44 8c 35 3c fd 97 8d ae Aug 26 18:33:41.431277: | fb 23 22 81 01 f9 da a5 fd 90 55 b6 a5 4f f2 e2 Aug 26 18:33:41.431280: | 5a 4e 8e da 34 4b 6c 7a 29 61 52 80 be 0e 03 f4 Aug 26 18:33:41.431284: | 1d 66 33 38 4b a9 97 05 54 6c e8 67 04 aa a7 f6 Aug 26 18:33:41.431297: | f1 d3 c9 de cd 63 54 49 82 02 d1 38 f8 3a c6 75 Aug 26 18:33:41.431309: | 02 eb 7d d8 02 c7 8a d9 1a 18 16 83 c9 60 67 9e Aug 26 18:33:41.431314: | cd 43 df 34 68 6e a4 90 42 f1 01 9a ae 5a fa a1 Aug 26 18:33:41.431318: | 29 7b 39 4f 9c a1 6c 5f a4 93 09 fe e7 07 87 01 Aug 26 18:33:41.431321: | e6 65 0a ad 2f c4 70 c3 12 7a b9 e9 27 b1 c2 e3 Aug 26 18:33:41.431325: | 8a 4e 4a 7b e9 7b 0a 0d 98 0a f4 81 Aug 26 18:33:41.431394: | libevent_free: release ptr-libevent@0x7f4988002f58 Aug 26 18:33:41.431403: | free_event_entry: release EVENT_RETRANSMIT-pe@0x55e211581a88 Aug 26 18:33:41.431418: | #6 spent 0.278 milliseconds in timer_event_cb() EVENT_RETRANSMIT Aug 26 18:33:41.431432: | stop processing: state #6 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in timer_event_cb() at timer.c:557) Aug 26 18:33:43.431573: | timer_event_cb: processing event@0x7f498c002b78 Aug 26 18:33:43.431637: | handling event EVENT_RETRANSMIT for child state #5 Aug 26 18:33:43.431680: | start processing: state #5 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in timer_event_cb() at timer.c:250) Aug 26 18:33:43.431693: | IKEv1 retransmit event Aug 26 18:33:43.431708: | [RE]START processing: state #5 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in retransmit_v1_msg() at retry.c:61) Aug 26 18:33:43.431723: | handling event EVENT_RETRANSMIT for 192.1.3.33 "northnet-eastnets/0x2" #5 keying attempt 0 of 0; retransmit 4 Aug 26 18:33:43.431742: | retransmits: current time 29709.174198; retransmit count 3 exceeds limit? NO; deltatime 4 exceeds limit? NO; monotime 4.005941 exceeds limit? NO Aug 26 18:33:43.431755: | event_schedule: new EVENT_RETRANSMIT-pe@0x55e211581a88 Aug 26 18:33:43.431767: | inserting event EVENT_RETRANSMIT, timeout in 4 seconds for #5 Aug 26 18:33:43.431778: | libevent_malloc: new ptr-libevent@0x7f4988002f58 size 128 Aug 26 18:33:43.431791: "northnet-eastnets/0x2" #5: STATE_QUICK_R1: retransmission; will wait 4 seconds for response Aug 26 18:33:43.431812: | sending 460 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #5) Aug 26 18:33:43.431821: | b4 b9 92 b1 8c d6 51 ed 11 de db 08 7f 65 6e 7d Aug 26 18:33:43.431829: | 08 10 20 01 b6 39 03 a6 00 00 01 cc fc c3 8f 1b Aug 26 18:33:43.431836: | 2e 15 81 44 14 2d 3a a1 34 d3 55 d4 b3 cd bb 21 Aug 26 18:33:43.431843: | 77 8b 76 93 ac f0 77 b2 bd 6a 25 8f 46 9a a0 50 Aug 26 18:33:43.431851: | 3e 1e 1b 7d 0e 13 69 9d e7 06 23 f1 63 9a 34 d3 Aug 26 18:33:43.431858: | f3 13 e8 34 81 4d 13 76 5b c9 91 75 f9 cf 31 4c Aug 26 18:33:43.431865: | 5a 69 ae 18 d9 25 88 dc 66 0c 28 cb 61 df 2c db Aug 26 18:33:43.431872: | 1c 20 6e f4 95 dc 7f 89 f9 35 6d f5 14 e4 ff 04 Aug 26 18:33:43.431880: | 3b 21 45 db 20 7c a5 0e 3c 24 b9 0e 04 21 ec 45 Aug 26 18:33:43.431887: | 9a 50 40 b1 51 4d bd ba 4f 88 9c de 30 dd 3e 38 Aug 26 18:33:43.431894: | 94 b8 7c ed 96 9d 2f 7a f5 14 7f 86 f4 26 4a cb Aug 26 18:33:43.431901: | 67 2e ef 16 8f 69 4d 87 aa f6 9c 0d ce b6 6b d7 Aug 26 18:33:43.431909: | db 20 18 96 8d fa e3 e5 49 8a 33 cd 28 52 f2 03 Aug 26 18:33:43.431916: | 0e 6c ef 26 4f ea 28 40 4b a3 2e 99 03 d5 ae b7 Aug 26 18:33:43.431923: | 51 91 17 1b db 22 49 6b cf ba f6 64 c1 8a 82 2e Aug 26 18:33:43.431931: | 13 3a e7 31 5b 22 89 02 1e 40 c6 ee 29 31 0d 29 Aug 26 18:33:43.431938: | b8 8d c9 5f 14 f9 be b3 68 51 4a 1a b3 e6 04 ed Aug 26 18:33:43.431945: | 76 15 c9 cb 54 b2 2b 9b 0e a8 e3 ac 96 e7 d7 3f Aug 26 18:33:43.431952: | ad a4 50 1a 1d f6 2d 5a dd ad 4f b3 83 9f 77 23 Aug 26 18:33:43.431960: | 62 63 a2 ad a4 7e cc da 14 d6 f4 82 d5 7d 2b fe Aug 26 18:33:43.431967: | 97 60 97 f3 ab 50 ed ea 65 ca 45 b8 79 ec dc e1 Aug 26 18:33:43.431974: | dd 1a a6 e4 90 71 e8 7a 54 15 08 9f 3d a4 d2 a9 Aug 26 18:33:43.431982: | bc a5 a3 57 30 87 93 20 ed 57 f5 fb 02 f4 b3 34 Aug 26 18:33:43.431989: | 4b d9 c1 01 ab 2f c4 26 a1 5b b5 e8 9b ec cd 37 Aug 26 18:33:43.431996: | 08 44 7e 37 e7 7c 5f 2e 6f 49 74 78 19 65 72 d8 Aug 26 18:33:43.432003: | b9 fb 70 c9 55 e0 e6 84 24 3f 42 38 3b 6d d8 9c Aug 26 18:33:43.432011: | d3 b0 45 10 71 0d 79 75 0c f7 d4 c7 2c ea 36 29 Aug 26 18:33:43.432018: | 90 e6 91 37 a0 61 2c ab 2c d7 66 93 d2 cd e4 c9 Aug 26 18:33:43.432025: | 58 24 3e 35 3a 25 64 15 eb 8e 6b c9 Aug 26 18:33:43.432158: | libevent_free: release ptr-libevent@0x7f4998004fd8 Aug 26 18:33:43.432174: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f498c002b78 Aug 26 18:33:43.432196: | #5 spent 0.56 milliseconds in timer_event_cb() EVENT_RETRANSMIT Aug 26 18:33:43.432212: | stop processing: state #5 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in timer_event_cb() at timer.c:557) Aug 26 18:33:43.432225: | timer_event_cb: processing event@0x7f499c004218 Aug 26 18:33:43.432234: | handling event EVENT_RETRANSMIT for child state #6 Aug 26 18:33:43.432248: | start processing: state #6 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in timer_event_cb() at timer.c:250) Aug 26 18:33:43.432266: | IKEv1 retransmit event Aug 26 18:33:43.432281: | [RE]START processing: state #6 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in retransmit_v1_msg() at retry.c:61) Aug 26 18:33:43.432316: | handling event EVENT_RETRANSMIT for 192.1.3.33 "northnet-eastnets/0x1" #6 keying attempt 0 of 0; retransmit 4 Aug 26 18:33:43.432336: | retransmits: current time 29709.174794; retransmit count 3 exceeds limit? NO; deltatime 4 exceeds limit? NO; monotime 4.004202 exceeds limit? NO Aug 26 18:33:43.432354: | event_schedule: new EVENT_RETRANSMIT-pe@0x7f498c002b78 Aug 26 18:33:43.432367: | inserting event EVENT_RETRANSMIT, timeout in 4 seconds for #6 Aug 26 18:33:43.432377: | libevent_malloc: new ptr-libevent@0x7f4998004fd8 size 128 Aug 26 18:33:43.432391: "northnet-eastnets/0x1" #6: STATE_QUICK_R1: retransmission; will wait 4 seconds for response Aug 26 18:33:43.432407: | sending 460 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #6) Aug 26 18:33:43.432416: | b4 b9 92 b1 8c d6 51 ed 11 de db 08 7f 65 6e 7d Aug 26 18:33:43.432423: | 08 10 20 01 78 d8 34 18 00 00 01 cc a3 5a 90 15 Aug 26 18:33:43.432431: | 6a 26 b4 ac cb 38 13 42 12 da f7 37 61 8e e3 26 Aug 26 18:33:43.432438: | 4a e8 57 8f 42 3a d5 17 74 ac 6e 21 3b b9 55 84 Aug 26 18:33:43.432445: | 27 a7 db 5a 64 ee 2e 76 45 a9 96 69 51 ee 23 d3 Aug 26 18:33:43.432453: | fb 42 f2 81 c1 1a 31 87 f3 09 d3 de 29 2d e6 d2 Aug 26 18:33:43.432460: | c3 d6 d0 dd 21 ee 37 fd 0c 70 14 f5 57 fb 00 c3 Aug 26 18:33:43.432467: | 5e 2d 67 50 8e f6 28 ab 21 06 7a 98 23 cf a3 ee Aug 26 18:33:43.432474: | b2 91 d4 75 79 26 18 9c f0 4a c9 cf 96 58 e9 f5 Aug 26 18:33:43.432482: | 8a ff f8 f2 1e 3d e2 fb a2 34 32 07 be 6c 55 8e Aug 26 18:33:43.432489: | 08 6b f5 67 87 b2 52 71 93 e0 5e d3 c5 f6 27 82 Aug 26 18:33:43.432496: | 93 68 00 73 1b ee 67 f4 fb 12 01 4e 7e cb ee cf Aug 26 18:33:43.432504: | 55 3a 59 b0 af f0 e6 bb b8 b9 aa 41 f7 d4 d6 0e Aug 26 18:33:43.432511: | 88 86 3d a4 0a e7 10 cb ca 22 42 8e f3 e6 34 73 Aug 26 18:33:43.432518: | 3a c3 ec 81 d7 5b 97 b3 51 72 e7 84 84 6b 13 71 Aug 26 18:33:43.432525: | e7 a9 cf 23 a4 b2 73 67 0c dd d2 e4 87 cb cc bb Aug 26 18:33:43.432533: | ee d2 0a b4 d0 bf 3f 90 d5 1f 6f 22 d5 ed 3f ba Aug 26 18:33:43.432540: | bb cc 43 3b a8 99 b0 d7 b3 26 42 16 5d 94 ce d1 Aug 26 18:33:43.432547: | 7f 14 6d 8e 69 f5 2e 61 15 48 c2 27 84 f4 76 36 Aug 26 18:33:43.432554: | 52 a3 33 f6 d4 b0 a8 c7 44 8c 35 3c fd 97 8d ae Aug 26 18:33:43.432562: | fb 23 22 81 01 f9 da a5 fd 90 55 b6 a5 4f f2 e2 Aug 26 18:33:43.432569: | 5a 4e 8e da 34 4b 6c 7a 29 61 52 80 be 0e 03 f4 Aug 26 18:33:43.432576: | 1d 66 33 38 4b a9 97 05 54 6c e8 67 04 aa a7 f6 Aug 26 18:33:43.432584: | f1 d3 c9 de cd 63 54 49 82 02 d1 38 f8 3a c6 75 Aug 26 18:33:43.432591: | 02 eb 7d d8 02 c7 8a d9 1a 18 16 83 c9 60 67 9e Aug 26 18:33:43.432598: | cd 43 df 34 68 6e a4 90 42 f1 01 9a ae 5a fa a1 Aug 26 18:33:43.432605: | 29 7b 39 4f 9c a1 6c 5f a4 93 09 fe e7 07 87 01 Aug 26 18:33:43.432613: | e6 65 0a ad 2f c4 70 c3 12 7a b9 e9 27 b1 c2 e3 Aug 26 18:33:43.432620: | 8a 4e 4a 7b e9 7b 0a 0d 98 0a f4 81 Aug 26 18:33:43.432679: | libevent_free: release ptr-libevent@0x7f499c00a028 Aug 26 18:33:43.432691: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f499c004218 Aug 26 18:33:43.432708: | #6 spent 0.442 milliseconds in timer_event_cb() EVENT_RETRANSMIT Aug 26 18:33:43.432723: | stop processing: state #6 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in timer_event_cb() at timer.c:557) Aug 26 18:33:47.436782: | timer_event_cb: processing event@0x55e211581a88 Aug 26 18:33:47.436799: | handling event EVENT_RETRANSMIT for child state #5 Aug 26 18:33:47.436806: | start processing: state #5 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in timer_event_cb() at timer.c:250) Aug 26 18:33:47.436809: | IKEv1 retransmit event Aug 26 18:33:47.436817: | [RE]START processing: state #5 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in retransmit_v1_msg() at retry.c:61) Aug 26 18:33:47.436820: | handling event EVENT_RETRANSMIT for 192.1.3.33 "northnet-eastnets/0x2" #5 keying attempt 0 of 0; retransmit 5 Aug 26 18:33:47.436825: | retransmits: current time 29713.179289; retransmit count 4 exceeds limit? NO; deltatime 8 exceeds limit? NO; monotime 8.011032 exceeds limit? NO Aug 26 18:33:47.436828: | event_schedule: new EVENT_RETRANSMIT-pe@0x7f499c004218 Aug 26 18:33:47.436830: | inserting event EVENT_RETRANSMIT, timeout in 8 seconds for #5 Aug 26 18:33:47.436833: | libevent_malloc: new ptr-libevent@0x7f499c00a028 size 128 Aug 26 18:33:47.436836: "northnet-eastnets/0x2" #5: STATE_QUICK_R1: retransmission; will wait 8 seconds for response Aug 26 18:33:47.436841: | sending 460 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #5) Aug 26 18:33:47.436843: | b4 b9 92 b1 8c d6 51 ed 11 de db 08 7f 65 6e 7d Aug 26 18:33:47.436845: | 08 10 20 01 b6 39 03 a6 00 00 01 cc fc c3 8f 1b Aug 26 18:33:47.436846: | 2e 15 81 44 14 2d 3a a1 34 d3 55 d4 b3 cd bb 21 Aug 26 18:33:47.436848: | 77 8b 76 93 ac f0 77 b2 bd 6a 25 8f 46 9a a0 50 Aug 26 18:33:47.436849: | 3e 1e 1b 7d 0e 13 69 9d e7 06 23 f1 63 9a 34 d3 Aug 26 18:33:47.436851: | f3 13 e8 34 81 4d 13 76 5b c9 91 75 f9 cf 31 4c Aug 26 18:33:47.436852: | 5a 69 ae 18 d9 25 88 dc 66 0c 28 cb 61 df 2c db Aug 26 18:33:47.436854: | 1c 20 6e f4 95 dc 7f 89 f9 35 6d f5 14 e4 ff 04 Aug 26 18:33:47.436855: | 3b 21 45 db 20 7c a5 0e 3c 24 b9 0e 04 21 ec 45 Aug 26 18:33:47.436857: | 9a 50 40 b1 51 4d bd ba 4f 88 9c de 30 dd 3e 38 Aug 26 18:33:47.436858: | 94 b8 7c ed 96 9d 2f 7a f5 14 7f 86 f4 26 4a cb Aug 26 18:33:47.436860: | 67 2e ef 16 8f 69 4d 87 aa f6 9c 0d ce b6 6b d7 Aug 26 18:33:47.436861: | db 20 18 96 8d fa e3 e5 49 8a 33 cd 28 52 f2 03 Aug 26 18:33:47.436862: | 0e 6c ef 26 4f ea 28 40 4b a3 2e 99 03 d5 ae b7 Aug 26 18:33:47.436864: | 51 91 17 1b db 22 49 6b cf ba f6 64 c1 8a 82 2e Aug 26 18:33:47.436865: | 13 3a e7 31 5b 22 89 02 1e 40 c6 ee 29 31 0d 29 Aug 26 18:33:47.436867: | b8 8d c9 5f 14 f9 be b3 68 51 4a 1a b3 e6 04 ed Aug 26 18:33:47.436868: | 76 15 c9 cb 54 b2 2b 9b 0e a8 e3 ac 96 e7 d7 3f Aug 26 18:33:47.436870: | ad a4 50 1a 1d f6 2d 5a dd ad 4f b3 83 9f 77 23 Aug 26 18:33:47.436871: | 62 63 a2 ad a4 7e cc da 14 d6 f4 82 d5 7d 2b fe Aug 26 18:33:47.436873: | 97 60 97 f3 ab 50 ed ea 65 ca 45 b8 79 ec dc e1 Aug 26 18:33:47.436874: | dd 1a a6 e4 90 71 e8 7a 54 15 08 9f 3d a4 d2 a9 Aug 26 18:33:47.436876: | bc a5 a3 57 30 87 93 20 ed 57 f5 fb 02 f4 b3 34 Aug 26 18:33:47.436877: | 4b d9 c1 01 ab 2f c4 26 a1 5b b5 e8 9b ec cd 37 Aug 26 18:33:47.436878: | 08 44 7e 37 e7 7c 5f 2e 6f 49 74 78 19 65 72 d8 Aug 26 18:33:47.436880: | b9 fb 70 c9 55 e0 e6 84 24 3f 42 38 3b 6d d8 9c Aug 26 18:33:47.436881: | d3 b0 45 10 71 0d 79 75 0c f7 d4 c7 2c ea 36 29 Aug 26 18:33:47.436883: | 90 e6 91 37 a0 61 2c ab 2c d7 66 93 d2 cd e4 c9 Aug 26 18:33:47.436884: | 58 24 3e 35 3a 25 64 15 eb 8e 6b c9 Aug 26 18:33:47.436932: | libevent_free: release ptr-libevent@0x7f4988002f58 Aug 26 18:33:47.436951: | free_event_entry: release EVENT_RETRANSMIT-pe@0x55e211581a88 Aug 26 18:33:47.436957: | #5 spent 0.151 milliseconds in timer_event_cb() EVENT_RETRANSMIT Aug 26 18:33:47.436961: | stop processing: state #5 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in timer_event_cb() at timer.c:557) Aug 26 18:33:47.436963: | timer_event_cb: processing event@0x7f498c002b78 Aug 26 18:33:47.436965: | handling event EVENT_RETRANSMIT for child state #6 Aug 26 18:33:47.436968: | start processing: state #6 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in timer_event_cb() at timer.c:250) Aug 26 18:33:47.436971: | IKEv1 retransmit event Aug 26 18:33:47.436973: | [RE]START processing: state #6 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in retransmit_v1_msg() at retry.c:61) Aug 26 18:33:47.436978: | handling event EVENT_RETRANSMIT for 192.1.3.33 "northnet-eastnets/0x1" #6 keying attempt 0 of 0; retransmit 5 Aug 26 18:33:47.436981: | retransmits: current time 29713.179447; retransmit count 4 exceeds limit? NO; deltatime 8 exceeds limit? NO; monotime 8.008855 exceeds limit? NO Aug 26 18:33:47.436983: | event_schedule: new EVENT_RETRANSMIT-pe@0x55e211581a88 Aug 26 18:33:47.436986: | inserting event EVENT_RETRANSMIT, timeout in 8 seconds for #6 Aug 26 18:33:47.436988: | libevent_malloc: new ptr-libevent@0x7f4988002f58 size 128 Aug 26 18:33:47.436990: "northnet-eastnets/0x1" #6: STATE_QUICK_R1: retransmission; will wait 8 seconds for response Aug 26 18:33:47.436993: | sending 460 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #6) Aug 26 18:33:47.436995: | b4 b9 92 b1 8c d6 51 ed 11 de db 08 7f 65 6e 7d Aug 26 18:33:47.436997: | 08 10 20 01 78 d8 34 18 00 00 01 cc a3 5a 90 15 Aug 26 18:33:47.436998: | 6a 26 b4 ac cb 38 13 42 12 da f7 37 61 8e e3 26 Aug 26 18:33:47.437000: | 4a e8 57 8f 42 3a d5 17 74 ac 6e 21 3b b9 55 84 Aug 26 18:33:47.437001: | 27 a7 db 5a 64 ee 2e 76 45 a9 96 69 51 ee 23 d3 Aug 26 18:33:47.437003: | fb 42 f2 81 c1 1a 31 87 f3 09 d3 de 29 2d e6 d2 Aug 26 18:33:47.437004: | c3 d6 d0 dd 21 ee 37 fd 0c 70 14 f5 57 fb 00 c3 Aug 26 18:33:47.437006: | 5e 2d 67 50 8e f6 28 ab 21 06 7a 98 23 cf a3 ee Aug 26 18:33:47.437007: | b2 91 d4 75 79 26 18 9c f0 4a c9 cf 96 58 e9 f5 Aug 26 18:33:47.437009: | 8a ff f8 f2 1e 3d e2 fb a2 34 32 07 be 6c 55 8e Aug 26 18:33:47.437010: | 08 6b f5 67 87 b2 52 71 93 e0 5e d3 c5 f6 27 82 Aug 26 18:33:47.437012: | 93 68 00 73 1b ee 67 f4 fb 12 01 4e 7e cb ee cf Aug 26 18:33:47.437013: | 55 3a 59 b0 af f0 e6 bb b8 b9 aa 41 f7 d4 d6 0e Aug 26 18:33:47.437015: | 88 86 3d a4 0a e7 10 cb ca 22 42 8e f3 e6 34 73 Aug 26 18:33:47.437016: | 3a c3 ec 81 d7 5b 97 b3 51 72 e7 84 84 6b 13 71 Aug 26 18:33:47.437018: | e7 a9 cf 23 a4 b2 73 67 0c dd d2 e4 87 cb cc bb Aug 26 18:33:47.437019: | ee d2 0a b4 d0 bf 3f 90 d5 1f 6f 22 d5 ed 3f ba Aug 26 18:33:47.437021: | bb cc 43 3b a8 99 b0 d7 b3 26 42 16 5d 94 ce d1 Aug 26 18:33:47.437022: | 7f 14 6d 8e 69 f5 2e 61 15 48 c2 27 84 f4 76 36 Aug 26 18:33:47.437024: | 52 a3 33 f6 d4 b0 a8 c7 44 8c 35 3c fd 97 8d ae Aug 26 18:33:47.437025: | fb 23 22 81 01 f9 da a5 fd 90 55 b6 a5 4f f2 e2 Aug 26 18:33:47.437027: | 5a 4e 8e da 34 4b 6c 7a 29 61 52 80 be 0e 03 f4 Aug 26 18:33:47.437028: | 1d 66 33 38 4b a9 97 05 54 6c e8 67 04 aa a7 f6 Aug 26 18:33:47.437030: | f1 d3 c9 de cd 63 54 49 82 02 d1 38 f8 3a c6 75 Aug 26 18:33:47.437031: | 02 eb 7d d8 02 c7 8a d9 1a 18 16 83 c9 60 67 9e Aug 26 18:33:47.437033: | cd 43 df 34 68 6e a4 90 42 f1 01 9a ae 5a fa a1 Aug 26 18:33:47.437034: | 29 7b 39 4f 9c a1 6c 5f a4 93 09 fe e7 07 87 01 Aug 26 18:33:47.437036: | e6 65 0a ad 2f c4 70 c3 12 7a b9 e9 27 b1 c2 e3 Aug 26 18:33:47.437037: | 8a 4e 4a 7b e9 7b 0a 0d 98 0a f4 81 Aug 26 18:33:47.437048: | libevent_free: release ptr-libevent@0x7f4998004fd8 Aug 26 18:33:47.437051: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f498c002b78 Aug 26 18:33:47.437054: | #6 spent 0.0852 milliseconds in timer_event_cb() EVENT_RETRANSMIT Aug 26 18:33:47.437057: | stop processing: state #6 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in timer_event_cb() at timer.c:557) Aug 26 18:33:48.256963: | spent 0.00269 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:33:48.256983: | *received 476 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) Aug 26 18:33:48.256986: | b4 b9 92 b1 8c d6 51 ed 11 de db 08 7f 65 6e 7d Aug 26 18:33:48.256988: | 08 10 20 01 54 26 ec 6b 00 00 01 dc 00 13 05 e2 Aug 26 18:33:48.256990: | 74 31 d9 c0 a9 36 c2 80 9b ea e8 ac 5a ac e0 40 Aug 26 18:33:48.256992: | 7a 21 34 4d bd 0a 0c f6 51 b7 57 7f fe 08 c0 c0 Aug 26 18:33:48.256993: | 65 8b 53 4f 08 8a a0 3d d2 61 88 d9 7d ca 30 e1 Aug 26 18:33:48.256997: | 37 9b 74 37 00 2d 55 41 d3 c2 47 ac f0 3a f4 d3 Aug 26 18:33:48.256999: | b1 92 4b 23 15 b8 73 b4 62 fb a0 e0 6c ee 00 a7 Aug 26 18:33:48.257001: | ba f5 22 2a c4 54 98 18 8a f4 c5 d6 2c 69 5a 50 Aug 26 18:33:48.257002: | 5e 6a 29 b4 64 a3 1f 46 e7 e2 f1 2b b4 76 d1 24 Aug 26 18:33:48.257004: | cc 3c ee d0 fd 62 2a 86 d7 7f 5f 38 c5 78 69 ec Aug 26 18:33:48.257005: | 13 dd 7b 81 58 a7 1f f3 99 95 2c fa a4 2a 51 f6 Aug 26 18:33:48.257007: | be 2b 68 18 07 b6 06 55 3a 1f 8c 71 08 78 85 cc Aug 26 18:33:48.257008: | d3 12 21 28 00 b8 4e 5f 99 8f 37 a1 14 19 20 f9 Aug 26 18:33:48.257010: | 44 bb 3b 45 34 3d 46 ec a9 7a 7b 30 66 aa b8 cf Aug 26 18:33:48.257012: | 7c ab 1a 40 2e 8e 80 00 35 2a 51 06 c9 50 78 eb Aug 26 18:33:48.257013: | a9 1b 51 61 5e 5e e3 6c fa 23 cf 7c 5c 3a 41 09 Aug 26 18:33:48.257015: | d7 51 aa 8c 4d b2 a5 46 7f 25 5f c0 3d 7e 8e 59 Aug 26 18:33:48.257016: | 7f c8 e3 88 5b ed 2d 25 2e 2f 33 4c e2 76 a5 34 Aug 26 18:33:48.257018: | 9b ca b7 15 7a f6 b0 4d 07 7a 31 ff 9a 3b 93 93 Aug 26 18:33:48.257019: | 89 3d b6 e8 5b b3 d3 df 3b 34 21 e0 3e 93 33 c0 Aug 26 18:33:48.257021: | ca fa 3c 3a 80 07 e7 e2 e4 37 2f 26 b1 75 af bc Aug 26 18:33:48.257022: | e6 ea 3c 40 6e d6 f2 1a 56 1a bb ae 02 50 0b d5 Aug 26 18:33:48.257024: | db e0 22 4f 64 60 05 91 d5 ea 67 32 89 92 56 35 Aug 26 18:33:48.257026: | b8 d9 d5 07 3a 8d 6e 79 fc a8 ca 5e ce b9 b2 4c Aug 26 18:33:48.257027: | bb 98 01 5b 30 24 4c 56 b4 d6 5b 04 f0 cc 28 d1 Aug 26 18:33:48.257029: | 3c 82 8d 02 2b 63 03 26 04 6c 3d d2 44 af 90 8c Aug 26 18:33:48.257030: | 0e d7 29 0f 12 21 c4 dd 99 96 ca 51 e9 fe fa e3 Aug 26 18:33:48.257032: | 12 28 1a ce 6d 9d 80 b3 f2 23 34 dd 57 0b 25 5a Aug 26 18:33:48.257033: | ad e6 ce 54 74 94 fe 2f c6 49 8a 86 01 0f 08 89 Aug 26 18:33:48.257035: | 4e d8 6c f4 75 26 f8 41 9d d6 02 42 Aug 26 18:33:48.257038: | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) Aug 26 18:33:48.257041: | **parse ISAKMP Message: Aug 26 18:33:48.257043: | initiator cookie: Aug 26 18:33:48.257044: | b4 b9 92 b1 8c d6 51 ed Aug 26 18:33:48.257046: | responder cookie: Aug 26 18:33:48.257047: | 11 de db 08 7f 65 6e 7d Aug 26 18:33:48.257049: | next payload type: ISAKMP_NEXT_HASH (0x8) Aug 26 18:33:48.257051: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 18:33:48.257053: | exchange type: ISAKMP_XCHG_QUICK (0x20) Aug 26 18:33:48.257055: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 18:33:48.257056: | Message ID: 1411837035 (0x5426ec6b) Aug 26 18:33:48.257058: | length: 476 (0x1dc) Aug 26 18:33:48.257060: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32) Aug 26 18:33:48.257064: | State DB: IKEv1 state not found (find_state_ikev1) Aug 26 18:33:48.257066: | State DB: found IKEv1 state #1 in MAIN_R3 (find_state_ikev1) Aug 26 18:33:48.257070: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in process_v1_packet() at ikev1.c:1607) Aug 26 18:33:48.257082: | #1 is idle Aug 26 18:33:48.257084: | #1 idle Aug 26 18:33:48.257087: | received encrypted packet from 192.1.3.33:500 Aug 26 18:33:48.257095: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x502 opt: 0x200030 Aug 26 18:33:48.257097: | ***parse ISAKMP Hash Payload: Aug 26 18:33:48.257099: | next payload type: ISAKMP_NEXT_SA (0x1) Aug 26 18:33:48.257100: | length: 36 (0x24) Aug 26 18:33:48.257102: | got payload 0x2 (ISAKMP_NEXT_SA) needed: 0x402 opt: 0x200030 Aug 26 18:33:48.257104: | ***parse ISAKMP Security Association Payload: Aug 26 18:33:48.257106: | next payload type: ISAKMP_NEXT_NONCE (0xa) Aug 26 18:33:48.257108: | length: 84 (0x54) Aug 26 18:33:48.257109: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 18:33:48.257111: | got payload 0x400 (ISAKMP_NEXT_NONCE) needed: 0x400 opt: 0x200030 Aug 26 18:33:48.257113: | ***parse ISAKMP Nonce Payload: Aug 26 18:33:48.257114: | next payload type: ISAKMP_NEXT_KE (0x4) Aug 26 18:33:48.257118: | length: 36 (0x24) Aug 26 18:33:48.257120: | got payload 0x10 (ISAKMP_NEXT_KE) needed: 0x0 opt: 0x200030 Aug 26 18:33:48.257121: | ***parse ISAKMP Key Exchange Payload: Aug 26 18:33:48.257123: | next payload type: ISAKMP_NEXT_ID (0x5) Aug 26 18:33:48.257125: | length: 260 (0x104) Aug 26 18:33:48.257126: | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030 Aug 26 18:33:48.257128: | ***parse ISAKMP Identification Payload (IPsec DOI): Aug 26 18:33:48.257130: | next payload type: ISAKMP_NEXT_ID (0x5) Aug 26 18:33:48.257131: | length: 16 (0x10) Aug 26 18:33:48.257133: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Aug 26 18:33:48.257135: | Protocol ID: 0 (0x0) Aug 26 18:33:48.257136: | port: 0 (0x0) Aug 26 18:33:48.257138: | obj: c0 00 03 00 ff ff ff 00 Aug 26 18:33:48.257140: | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030 Aug 26 18:33:48.257142: | ***parse ISAKMP Identification Payload (IPsec DOI): Aug 26 18:33:48.257143: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:33:48.257145: | length: 16 (0x10) Aug 26 18:33:48.257147: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Aug 26 18:33:48.257148: | Protocol ID: 0 (0x0) Aug 26 18:33:48.257150: | port: 0 (0x0) Aug 26 18:33:48.257151: | obj: c0 00 16 00 ff ff ff 00 Aug 26 18:33:48.257166: | quick_inI1_outR1 HASH(1): Aug 26 18:33:48.257168: | 4b 5e 1c 7b 75 61 43 09 25 03 f8 6b d5 5e e2 78 Aug 26 18:33:48.257170: | 7a 6c 82 3f e4 9b d5 8f 68 64 ec a1 83 9b cf 5f Aug 26 18:33:48.257172: | received 'quick_inI1_outR1' message HASH(1) data ok Aug 26 18:33:48.257175: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address Aug 26 18:33:48.257177: | ID address c0 00 03 00 Aug 26 18:33:48.257179: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID mask Aug 26 18:33:48.257180: | ID mask ff ff ff 00 Aug 26 18:33:48.257183: | peer client is subnet 192.0.3.0/24 Aug 26 18:33:48.257185: | peer client protocol/port is 0/0 Aug 26 18:33:48.257187: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address Aug 26 18:33:48.257188: | ID address c0 00 16 00 Aug 26 18:33:48.257190: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID mask Aug 26 18:33:48.257192: | ID mask ff ff ff 00 Aug 26 18:33:48.257194: | our client is subnet 192.0.22.0/24 Aug 26 18:33:48.257196: | our client protocol/port is 0/0 Aug 26 18:33:48.257199: "northnet-eastnets/0x2" #1: the peer proposed: 192.0.22.0/24:0/0 -> 192.0.3.0/24:0/0 Aug 26 18:33:48.257202: | find_client_connection starting with northnet-eastnets/0x2 Aug 26 18:33:48.257204: | looking for 192.0.22.0/24:0/0 -> 192.0.3.0/24:0/0 Aug 26 18:33:48.257207: | concrete checking against sr#0 192.0.22.0/24 -> 192.0.3.0/24 Aug 26 18:33:48.257209: | client wildcard: no port wildcard: no virtual: no Aug 26 18:33:48.257213: | creating state object #7 at 0x55e2115734a8 Aug 26 18:33:48.257214: | State DB: adding IKEv1 state #7 in UNDEFINED Aug 26 18:33:48.257217: | pstats #7 ikev1.ipsec started Aug 26 18:33:48.257219: | duplicating state object #1 "northnet-eastnets/0x2" as #7 for IPSEC SA Aug 26 18:33:48.257222: | #7 setting local endpoint to 192.1.2.23:500 from #1.st_localport (in duplicate_state() at state.c:1484) Aug 26 18:33:48.257226: | suspend processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in quick_inI1_outR1_tail() at ikev1_quick.c:1295) Aug 26 18:33:48.257230: | start processing: state #7 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in quick_inI1_outR1_tail() at ikev1_quick.c:1295) Aug 26 18:33:48.257232: | child state #7: UNDEFINED(ignore) => QUICK_R0(established CHILD SA) Aug 26 18:33:48.257234: | ****parse IPsec DOI SIT: Aug 26 18:33:48.257236: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) Aug 26 18:33:48.257238: | ****parse ISAKMP Proposal Payload: Aug 26 18:33:48.257240: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:33:48.257242: | length: 72 (0x48) Aug 26 18:33:48.257243: | proposal number: 0 (0x0) Aug 26 18:33:48.257246: | protocol ID: PROTO_IPSEC_ESP (0x3) Aug 26 18:33:48.257248: | SPI size: 4 (0x4) Aug 26 18:33:48.257250: | number of transforms: 2 (0x2) Aug 26 18:33:48.257252: | parsing 4 raw bytes of ISAKMP Proposal Payload into SPI Aug 26 18:33:48.257253: | SPI f2 4d 08 cd Aug 26 18:33:48.257255: | *****parse ISAKMP Transform Payload (ESP): Aug 26 18:33:48.257257: | next payload type: ISAKMP_NEXT_T (0x3) Aug 26 18:33:48.257259: | length: 32 (0x20) Aug 26 18:33:48.257260: | ESP transform number: 0 (0x0) Aug 26 18:33:48.257262: | ESP transform ID: ESP_AES (0xc) Aug 26 18:33:48.257264: | ******parse ISAKMP IPsec DOI attribute: Aug 26 18:33:48.257266: | af+type: AF+GROUP_DESCRIPTION (0x8003) Aug 26 18:33:48.257268: | length/value: 14 (0xe) Aug 26 18:33:48.257269: | [14 is OAKLEY_GROUP_MODP2048] Aug 26 18:33:48.257271: | ******parse ISAKMP IPsec DOI attribute: Aug 26 18:33:48.257273: | af+type: AF+ENCAPSULATION_MODE (0x8004) Aug 26 18:33:48.257275: | length/value: 1 (0x1) Aug 26 18:33:48.257276: | [1 is ENCAPSULATION_MODE_TUNNEL] Aug 26 18:33:48.257278: | NAT-T non-encap: Installing IPsec SA without ENCAP, st->hidden_variables.st_nat_traversal is none Aug 26 18:33:48.257280: | ******parse ISAKMP IPsec DOI attribute: Aug 26 18:33:48.257282: | af+type: AF+SA_LIFE_TYPE (0x8001) Aug 26 18:33:48.257283: | length/value: 1 (0x1) Aug 26 18:33:48.257285: | [1 is SA_LIFE_TYPE_SECONDS] Aug 26 18:33:48.257287: | ******parse ISAKMP IPsec DOI attribute: Aug 26 18:33:48.257302: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) Aug 26 18:33:48.257319: | length/value: 28800 (0x7080) Aug 26 18:33:48.257322: | ******parse ISAKMP IPsec DOI attribute: Aug 26 18:33:48.257325: | af+type: AF+AUTH_ALGORITHM (0x8005) Aug 26 18:33:48.257327: | length/value: 2 (0x2) Aug 26 18:33:48.257328: | [2 is AUTH_ALGORITHM_HMAC_SHA1] Aug 26 18:33:48.257330: | ******parse ISAKMP IPsec DOI attribute: Aug 26 18:33:48.257332: | af+type: AF+KEY_LENGTH (0x8006) Aug 26 18:33:48.257333: | length/value: 128 (0x80) Aug 26 18:33:48.257336: | ESP IPsec Transform verified unconditionally; no alg_info to check against Aug 26 18:33:48.257340: | adding quick_outI1 KE work-order 13 for state #7 Aug 26 18:33:48.257342: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f498c002b78 Aug 26 18:33:48.257346: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #7 Aug 26 18:33:48.257362: | libevent_malloc: new ptr-libevent@0x7f4998004fd8 size 128 Aug 26 18:33:48.257370: | complete v1 state transition with STF_SUSPEND Aug 26 18:33:48.257376: | [RE]START processing: state #7 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in complete_v1_state_transition() at ikev1.c:2648) Aug 26 18:33:48.257379: | suspending state #7 and saving MD Aug 26 18:33:48.257381: | #7 is busy; has a suspended MD Aug 26 18:33:48.257386: | #1 spent 0.2 milliseconds in process_packet_tail() Aug 26 18:33:48.257391: | stop processing: from 192.1.3.33:500 (BACKGROUND) (in process_md() at demux.c:380) Aug 26 18:33:48.257396: | stop processing: state #7 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in process_md() at demux.c:382) Aug 26 18:33:48.257400: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 18:33:48.257405: | spent 0.419 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:33:48.257409: | crypto helper 4 resuming Aug 26 18:33:48.257419: | crypto helper 4 starting work-order 13 for state #7 Aug 26 18:33:48.257422: | crypto helper 4 doing build KE and nonce (quick_outI1 KE); request ID 13 Aug 26 18:33:48.258269: | crypto helper 4 finished build KE and nonce (quick_outI1 KE); request ID 13 time elapsed 0.000846 seconds Aug 26 18:33:48.258279: | (#7) spent 0.855 milliseconds in crypto helper computing work-order 13: quick_outI1 KE (pcr) Aug 26 18:33:48.258282: | crypto helper 4 sending results from work-order 13 for state #7 to event queue Aug 26 18:33:48.258286: | scheduling resume sending helper answer for #7 Aug 26 18:33:48.258292: | libevent_malloc: new ptr-libevent@0x7f4994007708 size 128 Aug 26 18:33:48.258333: | crypto helper 4 waiting (nothing to do) Aug 26 18:33:48.258339: | processing resume sending helper answer for #7 Aug 26 18:33:48.258346: | start processing: state #7 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:797) Aug 26 18:33:48.258349: | crypto helper 4 replies to request ID 13 Aug 26 18:33:48.258351: | calling continuation function 0x55e21030cb50 Aug 26 18:33:48.258353: | quick_inI1_outR1_cryptocontinue1 for #7: calculated ke+nonce, calculating DH Aug 26 18:33:48.258362: | started looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org of kind PKK_PSK Aug 26 18:33:48.258366: | actually looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org of kind PKK_PSK Aug 26 18:33:48.258372: | line 0: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org) to type PKK_RSA Aug 26 18:33:48.258374: | line 1: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org) to type PKK_RSA Aug 26 18:33:48.258376: | concluding with best_match=000 best=(nil) (lineno=-1) Aug 26 18:33:48.258378: | no PreShared Key Found Aug 26 18:33:48.258380: | adding quick outR1 DH work-order 14 for state #7 Aug 26 18:33:48.258382: | state #7 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 18:33:48.258384: | libevent_free: release ptr-libevent@0x7f4998004fd8 Aug 26 18:33:48.258386: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f498c002b78 Aug 26 18:33:48.258388: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f498c002b78 Aug 26 18:33:48.258390: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #7 Aug 26 18:33:48.258392: | libevent_malloc: new ptr-libevent@0x7f4998004fd8 size 128 Aug 26 18:33:48.258397: | suspending state #7 and saving MD Aug 26 18:33:48.258399: | #7 is busy; has a suspended MD Aug 26 18:33:48.258401: | resume sending helper answer for #7 suppresed complete_v1_state_transition() and stole MD Aug 26 18:33:48.258405: | #7 spent 0.055 milliseconds in resume sending helper answer Aug 26 18:33:48.258407: | stop processing: state #7 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:833) Aug 26 18:33:48.258409: | libevent_free: release ptr-libevent@0x7f4994007708 Aug 26 18:33:48.258429: | crypto helper 5 resuming Aug 26 18:33:48.258437: | crypto helper 5 starting work-order 14 for state #7 Aug 26 18:33:48.258441: | crypto helper 5 doing compute dh (V1 Phase 2 PFS) (quick outR1 DH); request ID 14 Aug 26 18:33:48.259002: | crypto helper 5 finished compute dh (V1 Phase 2 PFS) (quick outR1 DH); request ID 14 time elapsed 0.000561 seconds Aug 26 18:33:48.259007: | (#7) spent 0.565 milliseconds in crypto helper computing work-order 14: quick outR1 DH (pcr) Aug 26 18:33:48.259021: | crypto helper 5 sending results from work-order 14 for state #7 to event queue Aug 26 18:33:48.259024: | scheduling resume sending helper answer for #7 Aug 26 18:33:48.259026: | libevent_malloc: new ptr-libevent@0x7f498c0027d8 size 128 Aug 26 18:33:48.259032: | crypto helper 5 waiting (nothing to do) Aug 26 18:33:48.259036: | processing resume sending helper answer for #7 Aug 26 18:33:48.259040: | start processing: state #7 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:797) Aug 26 18:33:48.259043: | crypto helper 5 replies to request ID 14 Aug 26 18:33:48.259044: | calling continuation function 0x55e21030cb50 Aug 26 18:33:48.259059: | quick_inI1_outR1_cryptocontinue2 for #7: calculated DH, sending R1 Aug 26 18:33:48.259065: | **emit ISAKMP Message: Aug 26 18:33:48.259067: | initiator cookie: Aug 26 18:33:48.259068: | b4 b9 92 b1 8c d6 51 ed Aug 26 18:33:48.259070: | responder cookie: Aug 26 18:33:48.259071: | 11 de db 08 7f 65 6e 7d Aug 26 18:33:48.259073: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:33:48.259075: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 18:33:48.259077: | exchange type: ISAKMP_XCHG_QUICK (0x20) Aug 26 18:33:48.259078: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 18:33:48.259080: | Message ID: 1411837035 (0x5426ec6b) Aug 26 18:33:48.259082: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:33:48.259084: | ***emit ISAKMP Hash Payload: Aug 26 18:33:48.259086: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:33:48.259088: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Aug 26 18:33:48.259090: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'reply packet' Aug 26 18:33:48.259092: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Aug 26 18:33:48.259094: | emitting length of ISAKMP Hash Payload: 36 Aug 26 18:33:48.259095: | ***emit ISAKMP Security Association Payload: Aug 26 18:33:48.259097: | next payload type: ISAKMP_NEXT_NONCE (0xa) Aug 26 18:33:48.259098: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 18:33:48.259100: | next payload chain: ignoring supplied 'ISAKMP Security Association Payload'.'next payload type' value 10:ISAKMP_NEXT_NONCE Aug 26 18:33:48.259102: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Security Association Payload (1:ISAKMP_NEXT_SA) Aug 26 18:33:48.259104: | next payload chain: saving location 'ISAKMP Security Association Payload'.'next payload type' in 'reply packet' Aug 26 18:33:48.259106: | ****parse IPsec DOI SIT: Aug 26 18:33:48.259108: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) Aug 26 18:33:48.259110: | ****parse ISAKMP Proposal Payload: Aug 26 18:33:48.259111: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:33:48.259113: | length: 72 (0x48) Aug 26 18:33:48.259115: | proposal number: 0 (0x0) Aug 26 18:33:48.259116: | protocol ID: PROTO_IPSEC_ESP (0x3) Aug 26 18:33:48.259118: | SPI size: 4 (0x4) Aug 26 18:33:48.259119: | number of transforms: 2 (0x2) Aug 26 18:33:48.259121: | parsing 4 raw bytes of ISAKMP Proposal Payload into SPI Aug 26 18:33:48.259123: | SPI f2 4d 08 cd Aug 26 18:33:48.259125: | *****parse ISAKMP Transform Payload (ESP): Aug 26 18:33:48.259126: | next payload type: ISAKMP_NEXT_T (0x3) Aug 26 18:33:48.259128: | length: 32 (0x20) Aug 26 18:33:48.259129: | ESP transform number: 0 (0x0) Aug 26 18:33:48.259131: | ESP transform ID: ESP_AES (0xc) Aug 26 18:33:48.259133: | ******parse ISAKMP IPsec DOI attribute: Aug 26 18:33:48.259134: | af+type: AF+GROUP_DESCRIPTION (0x8003) Aug 26 18:33:48.259136: | length/value: 14 (0xe) Aug 26 18:33:48.259138: | [14 is OAKLEY_GROUP_MODP2048] Aug 26 18:33:48.259139: | ******parse ISAKMP IPsec DOI attribute: Aug 26 18:33:48.259141: | af+type: AF+ENCAPSULATION_MODE (0x8004) Aug 26 18:33:48.259143: | length/value: 1 (0x1) Aug 26 18:33:48.259144: | [1 is ENCAPSULATION_MODE_TUNNEL] Aug 26 18:33:48.259146: | NAT-T non-encap: Installing IPsec SA without ENCAP, st->hidden_variables.st_nat_traversal is none Aug 26 18:33:48.259148: | ******parse ISAKMP IPsec DOI attribute: Aug 26 18:33:48.259149: | af+type: AF+SA_LIFE_TYPE (0x8001) Aug 26 18:33:48.259151: | length/value: 1 (0x1) Aug 26 18:33:48.259152: | [1 is SA_LIFE_TYPE_SECONDS] Aug 26 18:33:48.259154: | ******parse ISAKMP IPsec DOI attribute: Aug 26 18:33:48.259155: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) Aug 26 18:33:48.259157: | length/value: 28800 (0x7080) Aug 26 18:33:48.259159: | ******parse ISAKMP IPsec DOI attribute: Aug 26 18:33:48.259160: | af+type: AF+AUTH_ALGORITHM (0x8005) Aug 26 18:33:48.259163: | length/value: 2 (0x2) Aug 26 18:33:48.259164: | [2 is AUTH_ALGORITHM_HMAC_SHA1] Aug 26 18:33:48.259166: | ******parse ISAKMP IPsec DOI attribute: Aug 26 18:33:48.259168: | af+type: AF+KEY_LENGTH (0x8006) Aug 26 18:33:48.259169: | length/value: 128 (0x80) Aug 26 18:33:48.259171: | ESP IPsec Transform verified unconditionally; no alg_info to check against Aug 26 18:33:48.259173: | ****emit IPsec DOI SIT: Aug 26 18:33:48.259174: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) Aug 26 18:33:48.259176: | ****emit ISAKMP Proposal Payload: Aug 26 18:33:48.259178: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:33:48.259179: | proposal number: 0 (0x0) Aug 26 18:33:48.259181: | protocol ID: PROTO_IPSEC_ESP (0x3) Aug 26 18:33:48.259182: | SPI size: 4 (0x4) Aug 26 18:33:48.259184: | number of transforms: 1 (0x1) Aug 26 18:33:48.259186: | last substructure: saving location 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' Aug 26 18:33:48.259198: | netlink_get_spi: allocated 0x1a434109 for esp.0@192.1.2.23 Aug 26 18:33:48.259201: | emitting 4 raw bytes of SPI into ISAKMP Proposal Payload Aug 26 18:33:48.259202: | SPI 1a 43 41 09 Aug 26 18:33:48.259204: | *****emit ISAKMP Transform Payload (ESP): Aug 26 18:33:48.259205: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:33:48.259207: | ESP transform number: 0 (0x0) Aug 26 18:33:48.259209: | ESP transform ID: ESP_AES (0xc) Aug 26 18:33:48.259210: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' Aug 26 18:33:48.259212: | emitting 24 raw bytes of attributes into ISAKMP Transform Payload (ESP) Aug 26 18:33:48.259214: | attributes 80 03 00 0e 80 04 00 01 80 01 00 01 80 02 70 80 Aug 26 18:33:48.259216: | attributes 80 05 00 02 80 06 00 80 Aug 26 18:33:48.259217: | emitting length of ISAKMP Transform Payload (ESP): 32 Aug 26 18:33:48.259219: | emitting length of ISAKMP Proposal Payload: 44 Aug 26 18:33:48.259221: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' is 0 Aug 26 18:33:48.259222: | emitting length of ISAKMP Security Association Payload: 56 Aug 26 18:33:48.259224: | last substructure: checking 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' is 0 Aug 26 18:33:48.259227: "northnet-eastnets/0x2" #7: responding to Quick Mode proposal {msgid:5426ec6b} Aug 26 18:33:48.259234: "northnet-eastnets/0x2" #7: us: 192.0.22.0/24===192.1.2.23<192.1.2.23>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org] Aug 26 18:33:48.259240: "northnet-eastnets/0x2" #7: them: 192.1.3.33<192.1.3.33>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org]===192.0.3.0/24 Aug 26 18:33:48.259242: | ***emit ISAKMP Nonce Payload: Aug 26 18:33:48.259243: | next payload type: ISAKMP_NEXT_KE (0x4) Aug 26 18:33:48.259245: | next payload chain: ignoring supplied 'ISAKMP Nonce Payload'.'next payload type' value 4:ISAKMP_NEXT_KE Aug 26 18:33:48.259247: | next payload chain: setting previous 'ISAKMP Security Association Payload'.'next payload type' to current ISAKMP Nonce Payload (10:ISAKMP_NEXT_NONCE) Aug 26 18:33:48.259249: | next payload chain: saving location 'ISAKMP Nonce Payload'.'next payload type' in 'reply packet' Aug 26 18:33:48.259251: | emitting 32 raw bytes of Nr into ISAKMP Nonce Payload Aug 26 18:33:48.259253: | Nr 23 22 37 82 d7 35 9a fd cb 1a 4c bc c6 5b 36 b7 Aug 26 18:33:48.259254: | Nr 0d 21 3c a5 c2 57 f7 79 ca 1b b9 c5 93 24 b0 c4 Aug 26 18:33:48.259256: | emitting length of ISAKMP Nonce Payload: 36 Aug 26 18:33:48.259257: | ***emit ISAKMP Key Exchange Payload: Aug 26 18:33:48.259259: | next payload type: ISAKMP_NEXT_ID (0x5) Aug 26 18:33:48.259261: | next payload chain: ignoring supplied 'ISAKMP Key Exchange Payload'.'next payload type' value 5:ISAKMP_NEXT_ID Aug 26 18:33:48.259264: | next payload chain: setting previous 'ISAKMP Nonce Payload'.'next payload type' to current ISAKMP Key Exchange Payload (4:ISAKMP_NEXT_KE) Aug 26 18:33:48.259266: | next payload chain: saving location 'ISAKMP Key Exchange Payload'.'next payload type' in 'reply packet' Aug 26 18:33:48.259268: | emitting 256 raw bytes of keyex value into ISAKMP Key Exchange Payload Aug 26 18:33:48.259269: | keyex value c8 50 74 04 bd 99 d1 b3 b1 bc bd 7b 56 1c 7f 59 Aug 26 18:33:48.259271: | keyex value c8 41 2e 3f 16 a4 5b 46 53 b3 c3 ad cf 2a 66 4b Aug 26 18:33:48.259272: | keyex value a3 12 b7 4b e7 3a 37 22 68 48 41 ea 0e a2 5f cb Aug 26 18:33:48.259274: | keyex value 51 a3 6f 27 48 cc 1b 60 13 68 fb a5 0a 0e 18 2e Aug 26 18:33:48.259275: | keyex value 9a 2f 5e b2 d7 51 b4 ee 7f 69 65 98 59 8c 8d c1 Aug 26 18:33:48.259277: | keyex value 21 bb 5e 9a fb 1c d7 0d 5d 70 03 a5 01 00 54 1e Aug 26 18:33:48.259278: | keyex value 0c 47 84 b7 11 84 e6 83 0a 9d b4 44 1a 2e e0 91 Aug 26 18:33:48.259280: | keyex value b4 4f 5c f4 c9 40 2d a7 0a 39 18 6b d2 e1 95 5e Aug 26 18:33:48.259281: | keyex value 42 75 00 cb c2 4e d4 b4 75 52 b6 27 1b 96 ff 76 Aug 26 18:33:48.259283: | keyex value 12 29 da 85 f2 ce 0d 94 c1 fb a6 ec df 2c 2a 1b Aug 26 18:33:48.259284: | keyex value a6 5a 88 5b d5 49 56 75 09 e6 ae 3e fe b0 ca 39 Aug 26 18:33:48.259286: | keyex value 70 3e 4c c2 ec 4d 79 75 4b 27 69 41 44 ca b1 fa Aug 26 18:33:48.259318: | keyex value 49 3c ba 00 ed 29 45 ca a7 00 a9 b7 4e d8 c9 1b Aug 26 18:33:48.259323: | keyex value ac 7e 2b 4b 4a 1c 93 30 3d 2e c2 fb aa 24 43 83 Aug 26 18:33:48.259325: | keyex value ba c9 71 01 77 90 31 6b f2 7f 9c 40 12 79 aa fe Aug 26 18:33:48.259327: | keyex value ce bd 33 72 c8 db 7f db af 0e 3e 5a 68 54 d1 4a Aug 26 18:33:48.259328: | emitting length of ISAKMP Key Exchange Payload: 260 Aug 26 18:33:48.259330: | ***emit ISAKMP Identification Payload (IPsec DOI): Aug 26 18:33:48.259332: | next payload type: ISAKMP_NEXT_ID (0x5) Aug 26 18:33:48.259334: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Aug 26 18:33:48.259335: | Protocol ID: 0 (0x0) Aug 26 18:33:48.259337: | port: 0 (0x0) Aug 26 18:33:48.259339: | next payload chain: ignoring supplied 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' value 5:ISAKMP_NEXT_ID Aug 26 18:33:48.259341: | next payload chain: setting previous 'ISAKMP Key Exchange Payload'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) Aug 26 18:33:48.259343: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' Aug 26 18:33:48.259345: | emitting 8 raw bytes of ID body into ISAKMP Identification Payload (IPsec DOI) Aug 26 18:33:48.259347: | ID body c0 00 03 00 ff ff ff 00 Aug 26 18:33:48.259348: | emitting length of ISAKMP Identification Payload (IPsec DOI): 16 Aug 26 18:33:48.259350: | ***emit ISAKMP Identification Payload (IPsec DOI): Aug 26 18:33:48.259351: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:33:48.259353: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Aug 26 18:33:48.259355: | Protocol ID: 0 (0x0) Aug 26 18:33:48.259356: | port: 0 (0x0) Aug 26 18:33:48.259358: | next payload chain: setting previous 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) Aug 26 18:33:48.259360: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' Aug 26 18:33:48.259375: | emitting 8 raw bytes of ID body into ISAKMP Identification Payload (IPsec DOI) Aug 26 18:33:48.259376: | ID body c0 00 16 00 ff ff ff 00 Aug 26 18:33:48.259378: | emitting length of ISAKMP Identification Payload (IPsec DOI): 16 Aug 26 18:33:48.259397: | quick inR1 outI2 HASH(2): Aug 26 18:33:48.259399: | 8d 85 85 c1 5b 25 79 24 68 37 96 f5 66 dc 05 6e Aug 26 18:33:48.259401: | 20 ea 1c ac 0a ac e3 c1 4f e7 cd b4 6d 28 67 54 Aug 26 18:33:48.259403: | compute_proto_keymat: needed_len (after ESP enc)=16 Aug 26 18:33:48.259405: | compute_proto_keymat: needed_len (after ESP auth)=36 Aug 26 18:33:48.259472: | FOR_EACH_CONNECTION_... in route_owner Aug 26 18:33:48.259475: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Aug 26 18:33:48.259477: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Aug 26 18:33:48.259479: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Aug 26 18:33:48.259481: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Aug 26 18:33:48.259485: | route owner of "northnet-eastnets/0x2" erouted: self Aug 26 18:33:48.259487: | install_inbound_ipsec_sa() checking if we can route Aug 26 18:33:48.259489: | could_route called for northnet-eastnets/0x2 (kind=CK_PERMANENT) Aug 26 18:33:48.259491: | FOR_EACH_CONNECTION_... in route_owner Aug 26 18:33:48.259493: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Aug 26 18:33:48.259494: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Aug 26 18:33:48.259496: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Aug 26 18:33:48.259498: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Aug 26 18:33:48.259501: | route owner of "northnet-eastnets/0x2" erouted: self; eroute owner: self Aug 26 18:33:48.259504: | routing is easy, or has resolvable near-conflict Aug 26 18:33:48.259506: | checking if this is a replacement state Aug 26 18:33:48.259507: | st=0x55e2115734a8 ost=0x55e2115729b8 st->serialno=#7 ost->serialno=#2 Aug 26 18:33:48.259510: "northnet-eastnets/0x2" #7: keeping refhim=0 during rekey Aug 26 18:33:48.259512: | installing outgoing SA now as refhim=0 Aug 26 18:33:48.259516: | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 Aug 26 18:33:48.259519: | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 Aug 26 18:33:48.259522: | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 Aug 26 18:33:48.259526: | setting IPsec SA replay-window to 32 Aug 26 18:33:48.259528: | NIC esp-hw-offload not for connection 'northnet-eastnets/0x2' not available on interface eth1 Aug 26 18:33:48.259530: | netlink: enabling tunnel mode Aug 26 18:33:48.259532: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 18:33:48.259534: | netlink: esp-hw-offload not set for IPsec SA Aug 26 18:33:48.259599: | netlink response for Add SA esp.f24d08cd@192.1.3.33 included non-error error Aug 26 18:33:48.259603: | outgoing SA has refhim=0 Aug 26 18:33:48.259607: | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 Aug 26 18:33:48.259610: | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 Aug 26 18:33:48.259612: | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 Aug 26 18:33:48.259616: | setting IPsec SA replay-window to 32 Aug 26 18:33:48.259636: | NIC esp-hw-offload not for connection 'northnet-eastnets/0x2' not available on interface eth1 Aug 26 18:33:48.259638: | netlink: enabling tunnel mode Aug 26 18:33:48.259641: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 18:33:48.259644: | netlink: esp-hw-offload not set for IPsec SA Aug 26 18:33:48.259682: | netlink response for Add SA esp.1a434109@192.1.2.23 included non-error error Aug 26 18:33:48.259783: | emitting 12 zero bytes of encryption padding into ISAKMP Message Aug 26 18:33:48.259790: | no IKEv1 message padding required Aug 26 18:33:48.259793: | emitting length of ISAKMP Message: 460 Aug 26 18:33:48.259802: | finished processing quick inI1 Aug 26 18:33:48.259804: | complete v1 state transition with STF_OK Aug 26 18:33:48.259808: | [RE]START processing: state #7 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in complete_v1_state_transition() at ikev1.c:2673) Aug 26 18:33:48.259810: | #7 is idle Aug 26 18:33:48.259812: | doing_xauth:no, t_xauth_client_done:no Aug 26 18:33:48.259815: | IKEv1: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1 Aug 26 18:33:48.259818: | child state #7: QUICK_R0(established CHILD SA) => QUICK_R1(established CHILD SA) Aug 26 18:33:48.259822: | event_already_set, deleting event Aug 26 18:33:48.259824: | state #7 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 18:33:48.259827: | libevent_free: release ptr-libevent@0x7f4998004fd8 Aug 26 18:33:48.259829: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f498c002b78 Aug 26 18:33:48.259833: | sending reply packet to 192.1.3.33:500 (from 192.1.2.23:500) Aug 26 18:33:48.259838: | sending 460 bytes for STATE_QUICK_R0 through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #7) Aug 26 18:33:48.259840: | b4 b9 92 b1 8c d6 51 ed 11 de db 08 7f 65 6e 7d Aug 26 18:33:48.259841: | 08 10 20 01 54 26 ec 6b 00 00 01 cc 62 54 20 68 Aug 26 18:33:48.259843: | 82 90 1e 2d d1 a5 33 ea ad 6c 50 22 63 95 30 b2 Aug 26 18:33:48.259845: | 3f 74 61 86 00 2b 6a c3 90 50 6c c5 08 53 d8 dc Aug 26 18:33:48.259846: | e7 c5 31 0d 62 c6 33 fc 11 c1 d1 f2 0f 9a 9d cf Aug 26 18:33:48.259848: | a5 b5 b7 88 6c 97 fe 04 cc 59 31 25 54 70 58 d1 Aug 26 18:33:48.259850: | 61 ce 0a 87 b2 25 19 98 3b 17 5e 82 24 f9 0b 92 Aug 26 18:33:48.259851: | a8 12 30 8b 83 2a ae db 12 83 9e c1 1f 7b e2 a3 Aug 26 18:33:48.259853: | 56 03 58 f1 9b 81 a8 87 85 54 17 65 a6 14 9b 7c Aug 26 18:33:48.259854: | 0e 8d 64 45 1d ec bc 0c da 29 c9 14 4d 21 8f c6 Aug 26 18:33:48.259856: | 8c e5 4f bb 75 42 1e 38 d5 ba 41 1f 37 28 d3 4f Aug 26 18:33:48.259858: | 3b 86 f2 f5 5b cc a9 41 f7 df 26 99 71 47 9c 2c Aug 26 18:33:48.259859: | 3f 6e 17 c4 6e 17 44 5a 77 23 17 80 07 03 a0 28 Aug 26 18:33:48.259861: | 8a 4d d2 93 3d 57 6d b7 3b 6f 87 b7 41 4d cf 72 Aug 26 18:33:48.259862: | 02 78 06 f7 37 eb 27 f6 80 f5 43 0c 3f 72 bb 6f Aug 26 18:33:48.259864: | 12 1a 71 6e e3 72 26 2b 56 0d f1 1c 83 12 ce 19 Aug 26 18:33:48.259865: | 37 91 0e 07 fb 9c d8 cb 29 06 78 23 14 7b 21 44 Aug 26 18:33:48.259868: | f4 e4 1b 54 1b b1 d2 43 a0 d0 f1 b1 93 7a cb a2 Aug 26 18:33:48.259870: | 3b c0 f1 2e c2 41 ec e3 9f ed 28 e8 1f 0b 0c bb Aug 26 18:33:48.259873: | d9 16 31 3d bc 7b b6 af 4c 70 c3 ca 78 51 ae f6 Aug 26 18:33:48.259875: | 57 f4 88 10 f1 95 8b 90 7f 57 23 7d 9e 3d 39 0c Aug 26 18:33:48.259877: | ec 8a e0 53 96 1f bd e9 7b 04 6f 5e fe 9d 05 4c Aug 26 18:33:48.259880: | 48 b1 bf b1 41 1c 76 fd 8d 46 e5 4b 7d 73 64 62 Aug 26 18:33:48.259883: | f1 18 fd 1f 2d b8 80 f4 58 1f d4 52 17 1e 85 d0 Aug 26 18:33:48.259885: | 93 21 34 2f ce 6a 67 4d 01 38 6c f9 b7 de ce 62 Aug 26 18:33:48.259888: | 9b ea 53 e5 38 93 86 f4 01 c4 b1 04 d5 4c 2e ca Aug 26 18:33:48.259890: | c4 b2 06 d6 a2 51 82 9e 8d ee c5 39 b8 b4 58 c6 Aug 26 18:33:48.259893: | a5 62 d3 c5 22 c2 f3 65 7c 85 9f b2 7f 14 fd 56 Aug 26 18:33:48.259895: | 52 59 64 0a 64 bb 34 f7 5b eb f6 bd Aug 26 18:33:48.259951: | !event_already_set at reschedule Aug 26 18:33:48.259957: | event_schedule: new EVENT_RETRANSMIT-pe@0x7f498c002b78 Aug 26 18:33:48.259962: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #7 Aug 26 18:33:48.259965: | libevent_malloc: new ptr-libevent@0x7f4994007708 size 128 Aug 26 18:33:48.259971: | #7 STATE_QUICK_R1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 29714.002423 Aug 26 18:33:48.259974: | pstats #7 ikev1.ipsec established Aug 26 18:33:48.259978: | NAT-T: encaps is 'auto' Aug 26 18:33:48.259982: "northnet-eastnets/0x2" #7: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2 tunnel mode {ESP=>0xf24d08cd <0x1a434109 xfrm=AES_CBC_128-HMAC_SHA1_96 NATOA=none NATD=none DPD=passive} Aug 26 18:33:48.259985: | modecfg pull: noquirk policy:push not-client Aug 26 18:33:48.259988: | phase 1 is done, looking for phase 2 to unpend Aug 26 18:33:48.259992: | resume sending helper answer for #7 suppresed complete_v1_state_transition() Aug 26 18:33:48.259997: | #7 spent 0.883 milliseconds in resume sending helper answer Aug 26 18:33:48.260003: | stop processing: state #7 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:833) Aug 26 18:33:48.260010: | libevent_free: release ptr-libevent@0x7f498c0027d8 Aug 26 18:33:48.270444: | spent 0.00304 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:33:48.270470: | *received 76 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) Aug 26 18:33:48.270475: | b4 b9 92 b1 8c d6 51 ed 11 de db 08 7f 65 6e 7d Aug 26 18:33:48.270478: | 08 10 20 01 54 26 ec 6b 00 00 00 4c 75 eb 8b 45 Aug 26 18:33:48.270480: | c3 0e 15 c0 54 69 86 5f 95 6f d6 b9 fd 22 16 b9 Aug 26 18:33:48.270483: | ac b7 b0 07 ff 78 9b eb 19 9b c0 9a 13 5d b6 41 Aug 26 18:33:48.270485: | f3 80 95 4c d6 79 ea 7e 08 94 20 02 Aug 26 18:33:48.270491: | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) Aug 26 18:33:48.270495: | **parse ISAKMP Message: Aug 26 18:33:48.270498: | initiator cookie: Aug 26 18:33:48.270500: | b4 b9 92 b1 8c d6 51 ed Aug 26 18:33:48.270503: | responder cookie: Aug 26 18:33:48.270505: | 11 de db 08 7f 65 6e 7d Aug 26 18:33:48.270508: | next payload type: ISAKMP_NEXT_HASH (0x8) Aug 26 18:33:48.270511: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 18:33:48.270514: | exchange type: ISAKMP_XCHG_QUICK (0x20) Aug 26 18:33:48.270516: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 18:33:48.270519: | Message ID: 1411837035 (0x5426ec6b) Aug 26 18:33:48.270522: | length: 76 (0x4c) Aug 26 18:33:48.270525: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32) Aug 26 18:33:48.270529: | State DB: found IKEv1 state #7 in QUICK_R1 (find_state_ikev1) Aug 26 18:33:48.270535: | start processing: state #7 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in process_v1_packet() at ikev1.c:1633) Aug 26 18:33:48.270538: | #7 is idle Aug 26 18:33:48.270541: | #7 idle Aug 26 18:33:48.270545: | received encrypted packet from 192.1.3.33:500 Aug 26 18:33:48.270563: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x100 opt: 0x0 Aug 26 18:33:48.270566: | ***parse ISAKMP Hash Payload: Aug 26 18:33:48.270569: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:33:48.270572: | length: 36 (0x24) Aug 26 18:33:48.270575: | removing 12 bytes of padding Aug 26 18:33:48.270603: | quick_inI2 HASH(3): Aug 26 18:33:48.270606: | b3 6d 71 6c 7e d7 68 7e e3 08 09 56 eb ab 91 fc Aug 26 18:33:48.270609: | 2f ce d2 36 14 f4 4e 66 a4 c4 d1 64 8a 8f e9 03 Aug 26 18:33:48.270612: | received 'quick_inI2' message HASH(3) data ok Aug 26 18:33:48.270617: | install_ipsec_sa() for #7: outbound only Aug 26 18:33:48.270621: | could_route called for northnet-eastnets/0x2 (kind=CK_PERMANENT) Aug 26 18:33:48.270624: | FOR_EACH_CONNECTION_... in route_owner Aug 26 18:33:48.270627: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Aug 26 18:33:48.270630: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Aug 26 18:33:48.270634: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Aug 26 18:33:48.270637: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Aug 26 18:33:48.270641: | route owner of "northnet-eastnets/0x2" erouted: self; eroute owner: self Aug 26 18:33:48.270644: | sr for #7: erouted Aug 26 18:33:48.270647: | route_and_eroute() for proto 0, and source port 0 dest port 0 Aug 26 18:33:48.270650: | FOR_EACH_CONNECTION_... in route_owner Aug 26 18:33:48.270653: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Aug 26 18:33:48.270656: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Aug 26 18:33:48.270659: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Aug 26 18:33:48.270662: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Aug 26 18:33:48.270666: | route owner of "northnet-eastnets/0x2" erouted: self; eroute owner: self Aug 26 18:33:48.270669: | route_and_eroute with c: northnet-eastnets/0x2 (next: none) ero:northnet-eastnets/0x2 esr:{(nil)} ro:northnet-eastnets/0x2 rosr:{(nil)} and state: #7 Aug 26 18:33:48.270689: | priority calculation of connection "northnet-eastnets/0x2" is 0xfe7e7 Aug 26 18:33:48.270699: | eroute_connection replace eroute 192.0.22.0/24:0 --0-> 192.0.3.0/24:0 => tun.0@192.1.3.33>tun.0@192.1.3.33 (raw_eroute) Aug 26 18:33:48.270707: | IPsec Sa SPD priority set to 1042407 Aug 26 18:33:48.270743: | raw_eroute result=success Aug 26 18:33:48.270748: | route_and_eroute: firewall_notified: true Aug 26 18:33:48.270752: | route_and_eroute: instance "northnet-eastnets/0x2", setting eroute_owner {spd=0x55e21156a8d8,sr=0x55e21156a8d8} to #7 (was #2) (newest_ipsec_sa=#2) Aug 26 18:33:48.270759: | #1 spent 0.139 milliseconds in install_ipsec_sa() Aug 26 18:33:48.270763: | inI2: instance northnet-eastnets/0x2[0], setting IKEv1 newest_ipsec_sa to #7 (was #2) (spd.eroute=#7) cloned from #1 Aug 26 18:33:48.270766: | DPD: dpd_init() called on IPsec SA Aug 26 18:33:48.270769: | DPD: Peer does not support Dead Peer Detection Aug 26 18:33:48.270772: | complete v1 state transition with STF_OK Aug 26 18:33:48.270778: | [RE]START processing: state #7 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in complete_v1_state_transition() at ikev1.c:2673) Aug 26 18:33:48.270781: | #7 is idle Aug 26 18:33:48.270784: | doing_xauth:no, t_xauth_client_done:no Aug 26 18:33:48.270787: | IKEv1: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2 Aug 26 18:33:48.270791: | child state #7: QUICK_R1(established CHILD SA) => QUICK_R2(established CHILD SA) Aug 26 18:33:48.270794: | event_already_set, deleting event Aug 26 18:33:48.270797: | state #7 requesting EVENT_RETRANSMIT to be deleted Aug 26 18:33:48.270801: | #7 STATE_QUICK_R2: retransmits: cleared Aug 26 18:33:48.270805: | libevent_free: release ptr-libevent@0x7f4994007708 Aug 26 18:33:48.270809: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f498c002b78 Aug 26 18:33:48.270813: | !event_already_set at reschedule Aug 26 18:33:48.270817: | event_schedule: new EVENT_SA_REPLACE-pe@0x7f498c002b78 Aug 26 18:33:48.270821: | inserting event EVENT_SA_REPLACE, timeout in 28530 seconds for #7 Aug 26 18:33:48.270824: | libevent_malloc: new ptr-libevent@0x7f498c0027d8 size 128 Aug 26 18:33:48.270828: | pstats #7 ikev1.ipsec established Aug 26 18:33:48.270833: | NAT-T: encaps is 'auto' Aug 26 18:33:48.270838: "northnet-eastnets/0x2" #7: STATE_QUICK_R2: IPsec SA established tunnel mode {ESP=>0xf24d08cd <0x1a434109 xfrm=AES_CBC_128-HMAC_SHA1_96 NATOA=none NATD=none DPD=passive} Aug 26 18:33:48.270842: | modecfg pull: noquirk policy:push not-client Aug 26 18:33:48.270844: | phase 1 is done, looking for phase 2 to unpend Aug 26 18:33:48.270850: | #7 spent 0.233 milliseconds in process_packet_tail() Aug 26 18:33:48.270855: | stop processing: from 192.1.3.33:500 (BACKGROUND) (in process_md() at demux.c:380) Aug 26 18:33:48.270860: | stop processing: state #7 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in process_md() at demux.c:382) Aug 26 18:33:48.270864: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 18:33:48.270869: | spent 0.41 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:33:51.263639: | spent 0.00262 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:33:51.263659: | *received 108 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) Aug 26 18:33:51.263662: | b4 b9 92 b1 8c d6 51 ed 11 de db 08 7f 65 6e 7d Aug 26 18:33:51.263664: | 08 10 05 01 97 10 c9 9c 00 00 00 6c c1 79 ba 9a Aug 26 18:33:51.263666: | 2c fb cd 41 5b 35 ef 85 1a f7 40 6a 09 15 9f 73 Aug 26 18:33:51.263667: | 26 b0 08 3e 7b 26 2a 7c c6 20 87 26 47 1e 75 66 Aug 26 18:33:51.263669: | d8 3c ef 6d 79 49 04 63 37 ea b7 3e 2a 36 cb 7d Aug 26 18:33:51.263670: | 68 f5 ee cc f0 3e 8e 00 ca 9c 82 51 e1 59 06 d6 Aug 26 18:33:51.263672: | a9 0f 0e b3 c8 9c 0a 0c 3e d4 68 cb Aug 26 18:33:51.263675: | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) Aug 26 18:33:51.263677: | **parse ISAKMP Message: Aug 26 18:33:51.263679: | initiator cookie: Aug 26 18:33:51.263681: | b4 b9 92 b1 8c d6 51 ed Aug 26 18:33:51.263683: | responder cookie: Aug 26 18:33:51.263684: | 11 de db 08 7f 65 6e 7d Aug 26 18:33:51.263686: | next payload type: ISAKMP_NEXT_HASH (0x8) Aug 26 18:33:51.263690: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 18:33:51.263692: | exchange type: ISAKMP_XCHG_INFO (0x5) Aug 26 18:33:51.263694: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 18:33:51.263695: | Message ID: 2534459804 (0x9710c99c) Aug 26 18:33:51.263697: | length: 108 (0x6c) Aug 26 18:33:51.263699: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_INFO (5) Aug 26 18:33:51.263702: | peer and cookies match on #7; msgid=00000000 st_msgid=5426ec6b st_msgid_phase15=00000000 Aug 26 18:33:51.263705: | peer and cookies match on #6; msgid=00000000 st_msgid=78d83418 st_msgid_phase15=00000000 Aug 26 18:33:51.263707: | peer and cookies match on #5; msgid=00000000 st_msgid=b63903a6 st_msgid_phase15=00000000 Aug 26 18:33:51.263708: | peer and cookies match on #4; msgid=00000000 st_msgid=4e17d482 st_msgid_phase15=00000000 Aug 26 18:33:51.263710: | peer and cookies match on #3; msgid=00000000 st_msgid=f19ec542 st_msgid_phase15=00000000 Aug 26 18:33:51.263712: | peer and cookies match on #2; msgid=00000000 st_msgid=36432fd8 st_msgid_phase15=00000000 Aug 26 18:33:51.263714: | peer and cookies match on #1; msgid=00000000 st_msgid=00000000 st_msgid_phase15=00000000 Aug 26 18:33:51.263716: | p15 state object #1 found, in STATE_MAIN_R3 Aug 26 18:33:51.263718: | State DB: found IKEv1 state #1 in MAIN_R3 (find_v1_info_state) Aug 26 18:33:51.263722: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in process_v1_packet() at ikev1.c:1479) Aug 26 18:33:51.263735: | #1 is idle Aug 26 18:33:51.263737: | #1 idle Aug 26 18:33:51.263739: | received encrypted packet from 192.1.3.33:500 Aug 26 18:33:51.263747: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x100 opt: 0x0 Aug 26 18:33:51.263749: | ***parse ISAKMP Hash Payload: Aug 26 18:33:51.263751: | next payload type: ISAKMP_NEXT_N (0xb) Aug 26 18:33:51.263753: | length: 36 (0x24) Aug 26 18:33:51.263755: | got payload 0x800 (ISAKMP_NEXT_N) needed: 0x0 opt: 0x0 Aug 26 18:33:51.263757: | ***parse ISAKMP Notification Payload: Aug 26 18:33:51.263758: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:33:51.263760: | length: 32 (0x20) Aug 26 18:33:51.263762: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 18:33:51.263763: | protocol ID: 1 (0x1) Aug 26 18:33:51.263765: | SPI size: 16 (0x10) Aug 26 18:33:51.263767: | Notify Message Type: R_U_THERE (0x8d28) Aug 26 18:33:51.263768: | removing 12 bytes of padding Aug 26 18:33:51.263782: | informational HASH(1): Aug 26 18:33:51.263784: | 54 8e bf 10 18 ac bd 48 68 1c bd e6 5d 51 52 63 Aug 26 18:33:51.263786: | 34 2b a7 ee bd 6e 97 ee 49 f6 16 b4 23 83 00 9e Aug 26 18:33:51.263788: | received 'informational' message HASH(1) data ok Aug 26 18:33:51.263790: | info: b4 b9 92 b1 8c d6 51 ed 11 de db 08 7f 65 6e 7d Aug 26 18:33:51.263791: | info: 00 00 66 cd Aug 26 18:33:51.263794: | processing informational R_U_THERE (36136) Aug 26 18:33:51.263796: | pstats ikev1_recv_notifies_e 36136 Aug 26 18:33:51.263799: | DPD: received R_U_THERE seq:26317 monotime:29717.006265 (state=#1 name="northnet-eastnets/0x2") Aug 26 18:33:51.263804: | **emit ISAKMP Message: Aug 26 18:33:51.263806: | initiator cookie: Aug 26 18:33:51.263808: | b4 b9 92 b1 8c d6 51 ed Aug 26 18:33:51.263809: | responder cookie: Aug 26 18:33:51.263811: | 11 de db 08 7f 65 6e 7d Aug 26 18:33:51.263812: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:33:51.263814: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 18:33:51.263816: | exchange type: ISAKMP_XCHG_INFO (0x5) Aug 26 18:33:51.263818: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 18:33:51.263819: | Message ID: 1167599871 (0x459828ff) Aug 26 18:33:51.263821: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:33:51.263823: | ***emit ISAKMP Hash Payload: Aug 26 18:33:51.263825: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:33:51.263827: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Aug 26 18:33:51.263830: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'ISAKMP notify' Aug 26 18:33:51.263833: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Aug 26 18:33:51.263834: | emitting length of ISAKMP Hash Payload: 36 Aug 26 18:33:51.263836: | ***emit ISAKMP Notification Payload: Aug 26 18:33:51.263838: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:33:51.263839: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 18:33:51.263841: | protocol ID: 1 (0x1) Aug 26 18:33:51.263843: | SPI size: 16 (0x10) Aug 26 18:33:51.263845: | Notify Message Type: R_U_THERE_ACK (0x8d29) Aug 26 18:33:51.263847: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Notification Payload (11:ISAKMP_NEXT_N) Aug 26 18:33:51.263849: | next payload chain: saving location 'ISAKMP Notification Payload'.'next payload type' in 'ISAKMP notify' Aug 26 18:33:51.263851: | emitting 8 raw bytes of notify icookie into ISAKMP Notification Payload Aug 26 18:33:51.263852: | notify icookie b4 b9 92 b1 8c d6 51 ed Aug 26 18:33:51.263854: | emitting 8 raw bytes of notify rcookie into ISAKMP Notification Payload Aug 26 18:33:51.263856: | notify rcookie 11 de db 08 7f 65 6e 7d Aug 26 18:33:51.263858: | emitting 4 raw bytes of notify data into ISAKMP Notification Payload Aug 26 18:33:51.263859: | notify data 00 00 66 cd Aug 26 18:33:51.263861: | emitting length of ISAKMP Notification Payload: 32 Aug 26 18:33:51.263871: | notification HASH(1): Aug 26 18:33:51.263873: | 20 8d 48 b0 7a e1 9a 0c 15 65 7b b5 8e 40 6b 6f Aug 26 18:33:51.263874: | a1 57 02 8a 99 07 43 19 f4 aa 07 a2 c4 81 5d 1f Aug 26 18:33:51.263879: | emitting 12 zero bytes of encryption padding into ISAKMP Message Aug 26 18:33:51.263880: | no IKEv1 message padding required Aug 26 18:33:51.263882: | emitting length of ISAKMP Message: 108 Aug 26 18:33:51.263888: | sending 108 bytes for ISAKMP notify through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) Aug 26 18:33:51.263890: | b4 b9 92 b1 8c d6 51 ed 11 de db 08 7f 65 6e 7d Aug 26 18:33:51.263891: | 08 10 05 01 45 98 28 ff 00 00 00 6c ef 6d 49 10 Aug 26 18:33:51.263893: | 2d bf 3e 03 14 0e e2 32 81 d1 65 85 de fd dc 46 Aug 26 18:33:51.263895: | 0b 99 03 65 af 02 43 c1 76 40 09 ac 82 ed 12 b4 Aug 26 18:33:51.263896: | bf 1e e1 0c ed 5e 8b 41 95 dc 87 f2 dd 59 14 07 Aug 26 18:33:51.263898: | b6 23 49 10 32 3a 4c 19 8b 29 2b af fb 76 42 97 Aug 26 18:33:51.263899: | 66 b1 6e 90 72 25 0b 83 67 a9 76 af Aug 26 18:33:51.263926: | complete v1 state transition with STF_IGNORE Aug 26 18:33:51.263931: | #1 spent 0.121 milliseconds in process_packet_tail() Aug 26 18:33:51.263934: | stop processing: from 192.1.3.33:500 (BACKGROUND) (in process_md() at demux.c:380) Aug 26 18:33:51.263937: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in process_md() at demux.c:382) Aug 26 18:33:51.263939: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 18:33:51.263942: | spent 0.276 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:33:52.326348: | processing global timer EVENT_PENDING_DDNS Aug 26 18:33:52.326370: | FOR_EACH_CONNECTION_... in connection_check_ddns Aug 26 18:33:52.326375: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Aug 26 18:33:52.326381: | elapsed time in connection_check_ddns for hostname lookup 0.000009 Aug 26 18:33:52.326388: | spent 0.0159 milliseconds in global timer EVENT_PENDING_DDNS Aug 26 18:33:52.328457: | processing global timer EVENT_SHUNT_SCAN Aug 26 18:33:52.328475: | expiring aged bare shunts from shunt table Aug 26 18:33:52.328483: | spent 0.00638 milliseconds in global timer EVENT_SHUNT_SCAN Aug 26 18:33:54.265223: | spent 0.0026 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:33:54.265243: | *received 108 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) Aug 26 18:33:54.265249: | b4 b9 92 b1 8c d6 51 ed 11 de db 08 7f 65 6e 7d Aug 26 18:33:54.265251: | 08 10 05 01 f7 45 36 10 00 00 00 6c 36 27 37 86 Aug 26 18:33:54.265252: | 2f 43 a3 f9 bb ac 44 8f 62 ae 47 88 9d fb 03 1d Aug 26 18:33:54.265254: | 89 58 88 bc 31 1b 1b 1b 3f d1 1e dd 92 90 7b f5 Aug 26 18:33:54.265255: | ee 0b 5e aa bf 76 72 36 27 aa 9a e8 dc 7c cd 13 Aug 26 18:33:54.265257: | 6c 1f 39 44 80 e4 e4 0c d7 e7 34 0c e3 81 58 fe Aug 26 18:33:54.265258: | e8 22 87 e3 3f 06 9f d9 1e 22 e3 7a Aug 26 18:33:54.265261: | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) Aug 26 18:33:54.265264: | **parse ISAKMP Message: Aug 26 18:33:54.265266: | initiator cookie: Aug 26 18:33:54.265268: | b4 b9 92 b1 8c d6 51 ed Aug 26 18:33:54.265269: | responder cookie: Aug 26 18:33:54.265271: | 11 de db 08 7f 65 6e 7d Aug 26 18:33:54.265273: | next payload type: ISAKMP_NEXT_HASH (0x8) Aug 26 18:33:54.265274: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 18:33:54.265276: | exchange type: ISAKMP_XCHG_INFO (0x5) Aug 26 18:33:54.265278: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 18:33:54.265280: | Message ID: 4148508176 (0xf7453610) Aug 26 18:33:54.265281: | length: 108 (0x6c) Aug 26 18:33:54.265283: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_INFO (5) Aug 26 18:33:54.265286: | peer and cookies match on #7; msgid=00000000 st_msgid=5426ec6b st_msgid_phase15=00000000 Aug 26 18:33:54.265308: | peer and cookies match on #6; msgid=00000000 st_msgid=78d83418 st_msgid_phase15=00000000 Aug 26 18:33:54.265312: | peer and cookies match on #5; msgid=00000000 st_msgid=b63903a6 st_msgid_phase15=00000000 Aug 26 18:33:54.265314: | peer and cookies match on #4; msgid=00000000 st_msgid=4e17d482 st_msgid_phase15=00000000 Aug 26 18:33:54.265316: | peer and cookies match on #3; msgid=00000000 st_msgid=f19ec542 st_msgid_phase15=00000000 Aug 26 18:33:54.265318: | peer and cookies match on #2; msgid=00000000 st_msgid=36432fd8 st_msgid_phase15=00000000 Aug 26 18:33:54.265320: | peer and cookies match on #1; msgid=00000000 st_msgid=00000000 st_msgid_phase15=00000000 Aug 26 18:33:54.265322: | p15 state object #1 found, in STATE_MAIN_R3 Aug 26 18:33:54.265324: | State DB: found IKEv1 state #1 in MAIN_R3 (find_v1_info_state) Aug 26 18:33:54.265327: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in process_v1_packet() at ikev1.c:1479) Aug 26 18:33:54.265353: | #1 is idle Aug 26 18:33:54.265355: | #1 idle Aug 26 18:33:54.265358: | received encrypted packet from 192.1.3.33:500 Aug 26 18:33:54.265366: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x100 opt: 0x0 Aug 26 18:33:54.265368: | ***parse ISAKMP Hash Payload: Aug 26 18:33:54.265370: | next payload type: ISAKMP_NEXT_N (0xb) Aug 26 18:33:54.265371: | length: 36 (0x24) Aug 26 18:33:54.265373: | got payload 0x800 (ISAKMP_NEXT_N) needed: 0x0 opt: 0x0 Aug 26 18:33:54.265375: | ***parse ISAKMP Notification Payload: Aug 26 18:33:54.265376: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:33:54.265378: | length: 32 (0x20) Aug 26 18:33:54.265379: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 18:33:54.265381: | protocol ID: 1 (0x1) Aug 26 18:33:54.265383: | SPI size: 16 (0x10) Aug 26 18:33:54.265384: | Notify Message Type: R_U_THERE (0x8d28) Aug 26 18:33:54.265386: | removing 12 bytes of padding Aug 26 18:33:54.265399: | informational HASH(1): Aug 26 18:33:54.265401: | 32 bf db af ce 7d eb f6 fd 12 13 62 04 53 69 80 Aug 26 18:33:54.265403: | aa 4d 84 5d 4a 32 5d 26 48 13 66 e9 a4 44 16 c7 Aug 26 18:33:54.265405: | received 'informational' message HASH(1) data ok Aug 26 18:33:54.265406: | info: b4 b9 92 b1 8c d6 51 ed 11 de db 08 7f 65 6e 7d Aug 26 18:33:54.265408: | info: 00 00 66 ce Aug 26 18:33:54.265411: | processing informational R_U_THERE (36136) Aug 26 18:33:54.265412: | pstats ikev1_recv_notifies_e 36136 Aug 26 18:33:54.265416: | DPD: received R_U_THERE seq:26318 monotime:29720.007881 (state=#1 name="northnet-eastnets/0x2") Aug 26 18:33:54.265424: | **emit ISAKMP Message: Aug 26 18:33:54.265426: | initiator cookie: Aug 26 18:33:54.265427: | b4 b9 92 b1 8c d6 51 ed Aug 26 18:33:54.265429: | responder cookie: Aug 26 18:33:54.265430: | 11 de db 08 7f 65 6e 7d Aug 26 18:33:54.265432: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:33:54.265434: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 18:33:54.265435: | exchange type: ISAKMP_XCHG_INFO (0x5) Aug 26 18:33:54.265437: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 18:33:54.265439: | Message ID: 4292521174 (0xffdaacd6) Aug 26 18:33:54.265441: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:33:54.265443: | ***emit ISAKMP Hash Payload: Aug 26 18:33:54.265444: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:33:54.265446: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Aug 26 18:33:54.265448: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'ISAKMP notify' Aug 26 18:33:54.265450: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Aug 26 18:33:54.265452: | emitting length of ISAKMP Hash Payload: 36 Aug 26 18:33:54.265454: | ***emit ISAKMP Notification Payload: Aug 26 18:33:54.265455: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:33:54.265457: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 18:33:54.265458: | protocol ID: 1 (0x1) Aug 26 18:33:54.265460: | SPI size: 16 (0x10) Aug 26 18:33:54.265461: | Notify Message Type: R_U_THERE_ACK (0x8d29) Aug 26 18:33:54.265463: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Notification Payload (11:ISAKMP_NEXT_N) Aug 26 18:33:54.265465: | next payload chain: saving location 'ISAKMP Notification Payload'.'next payload type' in 'ISAKMP notify' Aug 26 18:33:54.265467: | emitting 8 raw bytes of notify icookie into ISAKMP Notification Payload Aug 26 18:33:54.265469: | notify icookie b4 b9 92 b1 8c d6 51 ed Aug 26 18:33:54.265471: | emitting 8 raw bytes of notify rcookie into ISAKMP Notification Payload Aug 26 18:33:54.265472: | notify rcookie 11 de db 08 7f 65 6e 7d Aug 26 18:33:54.265474: | emitting 4 raw bytes of notify data into ISAKMP Notification Payload Aug 26 18:33:54.265475: | notify data 00 00 66 ce Aug 26 18:33:54.265477: | emitting length of ISAKMP Notification Payload: 32 Aug 26 18:33:54.265487: | notification HASH(1): Aug 26 18:33:54.265489: | d1 1b fc b6 af 10 a6 0a 3f c4 ce 66 b6 19 25 25 Aug 26 18:33:54.265490: | e1 92 85 b3 74 8f 47 af 25 1a a8 01 4f cc 86 38 Aug 26 18:33:54.265494: | emitting 12 zero bytes of encryption padding into ISAKMP Message Aug 26 18:33:54.265496: | no IKEv1 message padding required Aug 26 18:33:54.265498: | emitting length of ISAKMP Message: 108 Aug 26 18:33:54.265504: | sending 108 bytes for ISAKMP notify through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) Aug 26 18:33:54.265505: | b4 b9 92 b1 8c d6 51 ed 11 de db 08 7f 65 6e 7d Aug 26 18:33:54.265507: | 08 10 05 01 ff da ac d6 00 00 00 6c b7 c1 b7 62 Aug 26 18:33:54.265508: | d8 26 b2 4e 2e 26 dc 0c 19 15 8c 02 47 e5 2d 9d Aug 26 18:33:54.265510: | 69 d2 cc b9 70 fb 49 d5 eb 1f 2a 37 06 71 e7 2d Aug 26 18:33:54.265511: | 11 4a 66 08 bb 92 d0 6c 80 bd 1b 67 d3 65 8e bb Aug 26 18:33:54.265513: | 57 8a c5 3b c7 04 35 e0 fb 94 95 23 61 b4 a8 b8 Aug 26 18:33:54.265514: | 0e 64 c1 33 19 69 36 25 c5 39 65 3b Aug 26 18:33:54.265541: | complete v1 state transition with STF_IGNORE Aug 26 18:33:54.265546: | #1 spent 0.12 milliseconds in process_packet_tail() Aug 26 18:33:54.265549: | stop processing: from 192.1.3.33:500 (BACKGROUND) (in process_md() at demux.c:380) Aug 26 18:33:54.265552: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in process_md() at demux.c:382) Aug 26 18:33:54.265554: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 18:33:54.265557: | spent 0.304 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:33:54.318631: | processing global timer EVENT_NAT_T_KEEPALIVE Aug 26 18:33:54.318654: | FOR_EACH_STATE_... in nat_traversal_ka_event (for_each_state) Aug 26 18:33:54.318663: | start processing: state #7 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in for_each_state() at state.c:1575) Aug 26 18:33:54.318667: | not behind NAT: no NAT-T KEEP-ALIVE required for conn northnet-eastnets/0x2 Aug 26 18:33:54.318672: | [RE]START processing: state #7 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in nat_traversal_send_ka() at nat_traversal.c:774) Aug 26 18:33:54.318676: | ka_event: send NAT-KA to 192.1.3.33:500 (state=#7) Aug 26 18:33:54.318679: | sending NAT-T Keep Alive Aug 26 18:33:54.318686: | sending 1 bytes for NAT-T Keep Alive through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #7) Aug 26 18:33:54.318689: | ff Aug 26 18:33:54.318740: | stop processing: state #7 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in nat_traversal_send_ka() at nat_traversal.c:786) Aug 26 18:33:54.318745: | processing: STOP state #0 (in for_each_state() at state.c:1577) Aug 26 18:33:54.318750: | start processing: state #6 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in for_each_state() at state.c:1575) Aug 26 18:33:54.318753: | not behind NAT: no NAT-T KEEP-ALIVE required for conn northnet-eastnets/0x1 Aug 26 18:33:54.318757: | stop processing: state #6 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in for_each_state() at state.c:1577) Aug 26 18:33:54.318762: | start processing: state #5 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in for_each_state() at state.c:1575) Aug 26 18:33:54.318765: | not behind NAT: no NAT-T KEEP-ALIVE required for conn northnet-eastnets/0x2 Aug 26 18:33:54.318769: | stop processing: state #5 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in for_each_state() at state.c:1577) Aug 26 18:33:54.318774: | start processing: state #4 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in for_each_state() at state.c:1575) Aug 26 18:33:54.318777: | not behind NAT: no NAT-T KEEP-ALIVE required for conn northnet-eastnets/0x1 Aug 26 18:33:54.318781: | [RE]START processing: state #4 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in nat_traversal_send_ka() at nat_traversal.c:774) Aug 26 18:33:54.318785: | ka_event: send NAT-KA to 192.1.3.33:500 (state=#4) Aug 26 18:33:54.318787: | sending NAT-T Keep Alive Aug 26 18:33:54.318793: | sending 1 bytes for NAT-T Keep Alive through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #4) Aug 26 18:33:54.318795: | ff Aug 26 18:33:54.318812: | stop processing: state #4 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in nat_traversal_send_ka() at nat_traversal.c:786) Aug 26 18:33:54.318816: | processing: STOP state #0 (in for_each_state() at state.c:1577) Aug 26 18:33:54.318821: | start processing: state #3 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in for_each_state() at state.c:1575) Aug 26 18:33:54.318824: | not behind NAT: no NAT-T KEEP-ALIVE required for conn northnet-eastnets/0x1 Aug 26 18:33:54.318828: | stop processing: state #3 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in for_each_state() at state.c:1577) Aug 26 18:33:54.318833: | start processing: state #2 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in for_each_state() at state.c:1575) Aug 26 18:33:54.318836: | not behind NAT: no NAT-T KEEP-ALIVE required for conn northnet-eastnets/0x2 Aug 26 18:33:54.318840: | stop processing: state #2 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in for_each_state() at state.c:1577) Aug 26 18:33:54.318845: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in for_each_state() at state.c:1575) Aug 26 18:33:54.318848: | not behind NAT: no NAT-T KEEP-ALIVE required for conn northnet-eastnets/0x2 Aug 26 18:33:54.318852: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in for_each_state() at state.c:1577) Aug 26 18:33:54.318856: | global one-shot timer EVENT_NAT_T_KEEPALIVE scheduled in 20 seconds Aug 26 18:33:54.318867: | spent 0.18 milliseconds in global timer EVENT_NAT_T_KEEPALIVE Aug 26 18:33:55.438317: | timer_event_cb: processing event@0x7f499c004218 Aug 26 18:33:55.438342: | handling event EVENT_RETRANSMIT for child state #5 Aug 26 18:33:55.438352: | start processing: state #5 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in timer_event_cb() at timer.c:250) Aug 26 18:33:55.438357: | IKEv1 retransmit event Aug 26 18:33:55.438363: | [RE]START processing: state #5 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in retransmit_v1_msg() at retry.c:61) Aug 26 18:33:55.438369: | handling event EVENT_RETRANSMIT for 192.1.3.33 "northnet-eastnets/0x2" #5 keying attempt 0 of 0; retransmit 6 Aug 26 18:33:55.438376: | retransmits: current time 29721.18084; retransmit count 5 exceeds limit? NO; deltatime 16 exceeds limit? NO; monotime 16.012583 exceeds limit? NO Aug 26 18:33:55.438382: | event_schedule: new EVENT_RETRANSMIT-pe@0x55e21157afc8 Aug 26 18:33:55.438386: | inserting event EVENT_RETRANSMIT, timeout in 16 seconds for #5 Aug 26 18:33:55.438391: | libevent_malloc: new ptr-libevent@0x55e21157aea8 size 128 Aug 26 18:33:55.438396: "northnet-eastnets/0x2" #5: STATE_QUICK_R1: retransmission; will wait 16 seconds for response Aug 26 18:33:55.438404: | sending 460 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #5) Aug 26 18:33:55.438407: | b4 b9 92 b1 8c d6 51 ed 11 de db 08 7f 65 6e 7d Aug 26 18:33:55.438410: | 08 10 20 01 b6 39 03 a6 00 00 01 cc fc c3 8f 1b Aug 26 18:33:55.438413: | 2e 15 81 44 14 2d 3a a1 34 d3 55 d4 b3 cd bb 21 Aug 26 18:33:55.438416: | 77 8b 76 93 ac f0 77 b2 bd 6a 25 8f 46 9a a0 50 Aug 26 18:33:55.438418: | 3e 1e 1b 7d 0e 13 69 9d e7 06 23 f1 63 9a 34 d3 Aug 26 18:33:55.438421: | f3 13 e8 34 81 4d 13 76 5b c9 91 75 f9 cf 31 4c Aug 26 18:33:55.438423: | 5a 69 ae 18 d9 25 88 dc 66 0c 28 cb 61 df 2c db Aug 26 18:33:55.438426: | 1c 20 6e f4 95 dc 7f 89 f9 35 6d f5 14 e4 ff 04 Aug 26 18:33:55.438429: | 3b 21 45 db 20 7c a5 0e 3c 24 b9 0e 04 21 ec 45 Aug 26 18:33:55.438431: | 9a 50 40 b1 51 4d bd ba 4f 88 9c de 30 dd 3e 38 Aug 26 18:33:55.438434: | 94 b8 7c ed 96 9d 2f 7a f5 14 7f 86 f4 26 4a cb Aug 26 18:33:55.438437: | 67 2e ef 16 8f 69 4d 87 aa f6 9c 0d ce b6 6b d7 Aug 26 18:33:55.438439: | db 20 18 96 8d fa e3 e5 49 8a 33 cd 28 52 f2 03 Aug 26 18:33:55.438442: | 0e 6c ef 26 4f ea 28 40 4b a3 2e 99 03 d5 ae b7 Aug 26 18:33:55.438445: | 51 91 17 1b db 22 49 6b cf ba f6 64 c1 8a 82 2e Aug 26 18:33:55.438447: | 13 3a e7 31 5b 22 89 02 1e 40 c6 ee 29 31 0d 29 Aug 26 18:33:55.438450: | b8 8d c9 5f 14 f9 be b3 68 51 4a 1a b3 e6 04 ed Aug 26 18:33:55.438452: | 76 15 c9 cb 54 b2 2b 9b 0e a8 e3 ac 96 e7 d7 3f Aug 26 18:33:55.438455: | ad a4 50 1a 1d f6 2d 5a dd ad 4f b3 83 9f 77 23 Aug 26 18:33:55.438458: | 62 63 a2 ad a4 7e cc da 14 d6 f4 82 d5 7d 2b fe Aug 26 18:33:55.438460: | 97 60 97 f3 ab 50 ed ea 65 ca 45 b8 79 ec dc e1 Aug 26 18:33:55.438463: | dd 1a a6 e4 90 71 e8 7a 54 15 08 9f 3d a4 d2 a9 Aug 26 18:33:55.438465: | bc a5 a3 57 30 87 93 20 ed 57 f5 fb 02 f4 b3 34 Aug 26 18:33:55.438468: | 4b d9 c1 01 ab 2f c4 26 a1 5b b5 e8 9b ec cd 37 Aug 26 18:33:55.438471: | 08 44 7e 37 e7 7c 5f 2e 6f 49 74 78 19 65 72 d8 Aug 26 18:33:55.438473: | b9 fb 70 c9 55 e0 e6 84 24 3f 42 38 3b 6d d8 9c Aug 26 18:33:55.438476: | d3 b0 45 10 71 0d 79 75 0c f7 d4 c7 2c ea 36 29 Aug 26 18:33:55.438479: | 90 e6 91 37 a0 61 2c ab 2c d7 66 93 d2 cd e4 c9 Aug 26 18:33:55.438481: | 58 24 3e 35 3a 25 64 15 eb 8e 6b c9 Aug 26 18:33:55.438543: | libevent_free: release ptr-libevent@0x7f499c00a028 Aug 26 18:33:55.438548: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f499c004218 Aug 26 18:33:55.438557: | #5 spent 0.21 milliseconds in timer_event_cb() EVENT_RETRANSMIT Aug 26 18:33:55.438563: | stop processing: state #5 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in timer_event_cb() at timer.c:557) Aug 26 18:33:55.438572: | timer_event_cb: processing event@0x55e211581a88 Aug 26 18:33:55.438575: | handling event EVENT_RETRANSMIT for child state #6 Aug 26 18:33:55.438581: | start processing: state #6 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in timer_event_cb() at timer.c:250) Aug 26 18:33:55.438584: | IKEv1 retransmit event Aug 26 18:33:55.438589: | [RE]START processing: state #6 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in retransmit_v1_msg() at retry.c:61) Aug 26 18:33:55.438595: | handling event EVENT_RETRANSMIT for 192.1.3.33 "northnet-eastnets/0x1" #6 keying attempt 0 of 0; retransmit 6 Aug 26 18:33:55.438601: | retransmits: current time 29721.181064; retransmit count 5 exceeds limit? NO; deltatime 16 exceeds limit? NO; monotime 16.010472 exceeds limit? NO Aug 26 18:33:55.438604: | event_schedule: new EVENT_RETRANSMIT-pe@0x7f499c004218 Aug 26 18:33:55.438608: | inserting event EVENT_RETRANSMIT, timeout in 16 seconds for #6 Aug 26 18:33:55.438611: | libevent_malloc: new ptr-libevent@0x7f499c00a028 size 128 Aug 26 18:33:55.438615: "northnet-eastnets/0x1" #6: STATE_QUICK_R1: retransmission; will wait 16 seconds for response Aug 26 18:33:55.438622: | sending 460 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #6) Aug 26 18:33:55.438625: | b4 b9 92 b1 8c d6 51 ed 11 de db 08 7f 65 6e 7d Aug 26 18:33:55.438627: | 08 10 20 01 78 d8 34 18 00 00 01 cc a3 5a 90 15 Aug 26 18:33:55.438630: | 6a 26 b4 ac cb 38 13 42 12 da f7 37 61 8e e3 26 Aug 26 18:33:55.438632: | 4a e8 57 8f 42 3a d5 17 74 ac 6e 21 3b b9 55 84 Aug 26 18:33:55.438635: | 27 a7 db 5a 64 ee 2e 76 45 a9 96 69 51 ee 23 d3 Aug 26 18:33:55.438637: | fb 42 f2 81 c1 1a 31 87 f3 09 d3 de 29 2d e6 d2 Aug 26 18:33:55.438640: | c3 d6 d0 dd 21 ee 37 fd 0c 70 14 f5 57 fb 00 c3 Aug 26 18:33:55.438642: | 5e 2d 67 50 8e f6 28 ab 21 06 7a 98 23 cf a3 ee Aug 26 18:33:55.438645: | b2 91 d4 75 79 26 18 9c f0 4a c9 cf 96 58 e9 f5 Aug 26 18:33:55.438647: | 8a ff f8 f2 1e 3d e2 fb a2 34 32 07 be 6c 55 8e Aug 26 18:33:55.438650: | 08 6b f5 67 87 b2 52 71 93 e0 5e d3 c5 f6 27 82 Aug 26 18:33:55.438653: | 93 68 00 73 1b ee 67 f4 fb 12 01 4e 7e cb ee cf Aug 26 18:33:55.438655: | 55 3a 59 b0 af f0 e6 bb b8 b9 aa 41 f7 d4 d6 0e Aug 26 18:33:55.438658: | 88 86 3d a4 0a e7 10 cb ca 22 42 8e f3 e6 34 73 Aug 26 18:33:55.438661: | 3a c3 ec 81 d7 5b 97 b3 51 72 e7 84 84 6b 13 71 Aug 26 18:33:55.438663: | e7 a9 cf 23 a4 b2 73 67 0c dd d2 e4 87 cb cc bb Aug 26 18:33:55.438666: | ee d2 0a b4 d0 bf 3f 90 d5 1f 6f 22 d5 ed 3f ba Aug 26 18:33:55.438668: | bb cc 43 3b a8 99 b0 d7 b3 26 42 16 5d 94 ce d1 Aug 26 18:33:55.438671: | 7f 14 6d 8e 69 f5 2e 61 15 48 c2 27 84 f4 76 36 Aug 26 18:33:55.438674: | 52 a3 33 f6 d4 b0 a8 c7 44 8c 35 3c fd 97 8d ae Aug 26 18:33:55.438677: | fb 23 22 81 01 f9 da a5 fd 90 55 b6 a5 4f f2 e2 Aug 26 18:33:55.438679: | 5a 4e 8e da 34 4b 6c 7a 29 61 52 80 be 0e 03 f4 Aug 26 18:33:55.438682: | 1d 66 33 38 4b a9 97 05 54 6c e8 67 04 aa a7 f6 Aug 26 18:33:55.438685: | f1 d3 c9 de cd 63 54 49 82 02 d1 38 f8 3a c6 75 Aug 26 18:33:55.438687: | 02 eb 7d d8 02 c7 8a d9 1a 18 16 83 c9 60 67 9e Aug 26 18:33:55.438690: | cd 43 df 34 68 6e a4 90 42 f1 01 9a ae 5a fa a1 Aug 26 18:33:55.438693: | 29 7b 39 4f 9c a1 6c 5f a4 93 09 fe e7 07 87 01 Aug 26 18:33:55.438695: | e6 65 0a ad 2f c4 70 c3 12 7a b9 e9 27 b1 c2 e3 Aug 26 18:33:55.438698: | 8a 4e 4a 7b e9 7b 0a 0d 98 0a f4 81 Aug 26 18:33:55.438719: | libevent_free: release ptr-libevent@0x7f4988002f58 Aug 26 18:33:55.438724: | free_event_entry: release EVENT_RETRANSMIT-pe@0x55e211581a88 Aug 26 18:33:55.438730: | #6 spent 0.148 milliseconds in timer_event_cb() EVENT_RETRANSMIT Aug 26 18:33:55.438736: | stop processing: state #6 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in timer_event_cb() at timer.c:557) Aug 26 18:33:57.267553: | spent 0.00334 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:33:57.267579: | *received 108 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) Aug 26 18:33:57.267583: | b4 b9 92 b1 8c d6 51 ed 11 de db 08 7f 65 6e 7d Aug 26 18:33:57.267586: | 08 10 05 01 d9 dc a3 43 00 00 00 6c 25 85 e3 0f Aug 26 18:33:57.267589: | f2 09 15 8a db 66 b8 c0 6d 1e 67 1e 23 02 6e 86 Aug 26 18:33:57.267591: | 5c 2f a8 f7 f8 b0 26 17 9c 87 c4 7a 0a 50 10 68 Aug 26 18:33:57.267594: | a1 8d 58 92 22 ab 67 64 21 d2 c6 d7 6e 15 c6 d3 Aug 26 18:33:57.267596: | 6e ad 87 8b f2 69 52 6f 0c 8f a0 a0 0d 88 45 cf Aug 26 18:33:57.267598: | dc b0 4a e3 df 3e 51 06 db 02 e1 a8 Aug 26 18:33:57.267603: | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) Aug 26 18:33:57.267607: | **parse ISAKMP Message: Aug 26 18:33:57.267609: | initiator cookie: Aug 26 18:33:57.267612: | b4 b9 92 b1 8c d6 51 ed Aug 26 18:33:57.267615: | responder cookie: Aug 26 18:33:57.267617: | 11 de db 08 7f 65 6e 7d Aug 26 18:33:57.267620: | next payload type: ISAKMP_NEXT_HASH (0x8) Aug 26 18:33:57.267623: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 18:33:57.267625: | exchange type: ISAKMP_XCHG_INFO (0x5) Aug 26 18:33:57.267628: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 18:33:57.267631: | Message ID: 3655115587 (0xd9dca343) Aug 26 18:33:57.267634: | length: 108 (0x6c) Aug 26 18:33:57.267637: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_INFO (5) Aug 26 18:33:57.267641: | peer and cookies match on #7; msgid=00000000 st_msgid=5426ec6b st_msgid_phase15=00000000 Aug 26 18:33:57.267644: | peer and cookies match on #6; msgid=00000000 st_msgid=78d83418 st_msgid_phase15=00000000 Aug 26 18:33:57.267647: | peer and cookies match on #5; msgid=00000000 st_msgid=b63903a6 st_msgid_phase15=00000000 Aug 26 18:33:57.267651: | peer and cookies match on #4; msgid=00000000 st_msgid=4e17d482 st_msgid_phase15=00000000 Aug 26 18:33:57.267654: | peer and cookies match on #3; msgid=00000000 st_msgid=f19ec542 st_msgid_phase15=00000000 Aug 26 18:33:57.267657: | peer and cookies match on #2; msgid=00000000 st_msgid=36432fd8 st_msgid_phase15=00000000 Aug 26 18:33:57.267660: | peer and cookies match on #1; msgid=00000000 st_msgid=00000000 st_msgid_phase15=00000000 Aug 26 18:33:57.267663: | p15 state object #1 found, in STATE_MAIN_R3 Aug 26 18:33:57.267665: | State DB: found IKEv1 state #1 in MAIN_R3 (find_v1_info_state) Aug 26 18:33:57.267669: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in process_v1_packet() at ikev1.c:1479) Aug 26 18:33:57.267682: | #1 is idle Aug 26 18:33:57.267684: | #1 idle Aug 26 18:33:57.267686: | received encrypted packet from 192.1.3.33:500 Aug 26 18:33:57.267694: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x100 opt: 0x0 Aug 26 18:33:57.267696: | ***parse ISAKMP Hash Payload: Aug 26 18:33:57.267698: | next payload type: ISAKMP_NEXT_N (0xb) Aug 26 18:33:57.267700: | length: 36 (0x24) Aug 26 18:33:57.267701: | got payload 0x800 (ISAKMP_NEXT_N) needed: 0x0 opt: 0x0 Aug 26 18:33:57.267704: | ***parse ISAKMP Notification Payload: Aug 26 18:33:57.267705: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:33:57.267707: | length: 32 (0x20) Aug 26 18:33:57.267708: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 18:33:57.267710: | protocol ID: 1 (0x1) Aug 26 18:33:57.267712: | SPI size: 16 (0x10) Aug 26 18:33:57.267713: | Notify Message Type: R_U_THERE (0x8d28) Aug 26 18:33:57.267715: | removing 12 bytes of padding Aug 26 18:33:57.267728: | informational HASH(1): Aug 26 18:33:57.267731: | dd 9c 42 4f 95 05 2b d0 00 3d 84 49 3a 2d f1 8a Aug 26 18:33:57.267732: | 93 4c 66 30 d5 87 98 f2 46 1b f0 f2 ca d8 27 3d Aug 26 18:33:57.267734: | received 'informational' message HASH(1) data ok Aug 26 18:33:57.267736: | info: b4 b9 92 b1 8c d6 51 ed 11 de db 08 7f 65 6e 7d Aug 26 18:33:57.267737: | info: 00 00 66 cf Aug 26 18:33:57.267740: | processing informational R_U_THERE (36136) Aug 26 18:33:57.267742: | pstats ikev1_recv_notifies_e 36136 Aug 26 18:33:57.267747: | DPD: received R_U_THERE seq:26319 monotime:29723.010213 (state=#1 name="northnet-eastnets/0x2") Aug 26 18:33:57.267752: | **emit ISAKMP Message: Aug 26 18:33:57.267754: | initiator cookie: Aug 26 18:33:57.267756: | b4 b9 92 b1 8c d6 51 ed Aug 26 18:33:57.267757: | responder cookie: Aug 26 18:33:57.267759: | 11 de db 08 7f 65 6e 7d Aug 26 18:33:57.267761: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:33:57.267762: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 18:33:57.267764: | exchange type: ISAKMP_XCHG_INFO (0x5) Aug 26 18:33:57.267766: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 18:33:57.267767: | Message ID: 2324413286 (0x8a8bbb66) Aug 26 18:33:57.267769: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:33:57.267771: | ***emit ISAKMP Hash Payload: Aug 26 18:33:57.267773: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:33:57.267775: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Aug 26 18:33:57.267777: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'ISAKMP notify' Aug 26 18:33:57.267779: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Aug 26 18:33:57.267781: | emitting length of ISAKMP Hash Payload: 36 Aug 26 18:33:57.267783: | ***emit ISAKMP Notification Payload: Aug 26 18:33:57.267784: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:33:57.267786: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 18:33:57.267787: | protocol ID: 1 (0x1) Aug 26 18:33:57.267789: | SPI size: 16 (0x10) Aug 26 18:33:57.267791: | Notify Message Type: R_U_THERE_ACK (0x8d29) Aug 26 18:33:57.267793: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Notification Payload (11:ISAKMP_NEXT_N) Aug 26 18:33:57.267795: | next payload chain: saving location 'ISAKMP Notification Payload'.'next payload type' in 'ISAKMP notify' Aug 26 18:33:57.267797: | emitting 8 raw bytes of notify icookie into ISAKMP Notification Payload Aug 26 18:33:57.267798: | notify icookie b4 b9 92 b1 8c d6 51 ed Aug 26 18:33:57.267800: | emitting 8 raw bytes of notify rcookie into ISAKMP Notification Payload Aug 26 18:33:57.267802: | notify rcookie 11 de db 08 7f 65 6e 7d Aug 26 18:33:57.267804: | emitting 4 raw bytes of notify data into ISAKMP Notification Payload Aug 26 18:33:57.267805: | notify data 00 00 66 cf Aug 26 18:33:57.267807: | emitting length of ISAKMP Notification Payload: 32 Aug 26 18:33:57.267816: | notification HASH(1): Aug 26 18:33:57.267818: | 3d 13 1e 13 3b d3 42 5d 37 1f 18 27 be 7c ba ad Aug 26 18:33:57.267820: | e8 5c 8a 82 02 0d 7b d2 8a 1d 38 a9 54 5a 0c cd Aug 26 18:33:57.267824: | emitting 12 zero bytes of encryption padding into ISAKMP Message Aug 26 18:33:57.267826: | no IKEv1 message padding required Aug 26 18:33:57.267827: | emitting length of ISAKMP Message: 108 Aug 26 18:33:57.267836: | sending 108 bytes for ISAKMP notify through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) Aug 26 18:33:57.267838: | b4 b9 92 b1 8c d6 51 ed 11 de db 08 7f 65 6e 7d Aug 26 18:33:57.267840: | 08 10 05 01 8a 8b bb 66 00 00 00 6c 4b 97 31 e4 Aug 26 18:33:57.267841: | 22 74 e0 8a a6 9b 95 3f 18 5e b0 12 05 cc b1 c5 Aug 26 18:33:57.267843: | 60 27 89 aa 81 20 c9 ba 00 ae da 0f e2 b0 10 36 Aug 26 18:33:57.267844: | 75 6c 09 4d 52 bc d2 fd 96 7e 07 92 0e ff 5b 21 Aug 26 18:33:57.267846: | fa 00 54 35 4f e8 2c 2b 34 93 f7 f9 98 ab a4 99 Aug 26 18:33:57.267847: | f5 c4 79 10 3f 60 b8 fa 57 32 a0 33 Aug 26 18:33:57.267874: | complete v1 state transition with STF_IGNORE Aug 26 18:33:57.267879: | #1 spent 0.124 milliseconds in process_packet_tail() Aug 26 18:33:57.267883: | stop processing: from 192.1.3.33:500 (BACKGROUND) (in process_md() at demux.c:380) Aug 26 18:33:57.267886: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in process_md() at demux.c:382) Aug 26 18:33:57.267889: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 18:33:57.267892: | spent 0.308 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:33:59.531948: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:33:59.532130: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 18:33:59.532137: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 18:33:59.532280: | FOR_EACH_STATE_... in show_states_status (sort_states) Aug 26 18:33:59.532287: | FOR_EACH_STATE_... in sort_states Aug 26 18:33:59.532313: | get_sa_info esp.a6dbcb71@192.1.2.23 Aug 26 18:33:59.532338: | get_sa_info esp.729e99e@192.1.3.33 Aug 26 18:33:59.532360: | get_sa_info esp.e0d54674@192.1.2.23 Aug 26 18:33:59.532370: | get_sa_info esp.1c276340@192.1.3.33 Aug 26 18:33:59.532383: | get_sa_info esp.1e867a01@192.1.2.23 Aug 26 18:33:59.532389: | get_sa_info esp.4ae31ab3@192.1.3.33 Aug 26 18:33:59.532402: | get_sa_info esp.8b8a5569@192.1.2.23 Aug 26 18:33:59.532408: | get_sa_info esp.9bf37cd9@192.1.3.33 Aug 26 18:33:59.532419: | get_sa_info esp.698e3888@192.1.2.23 Aug 26 18:33:59.532424: | get_sa_info esp.abe7ff90@192.1.3.33 Aug 26 18:33:59.532435: | get_sa_info esp.1a434109@192.1.2.23 Aug 26 18:33:59.532441: | get_sa_info esp.f24d08cd@192.1.3.33 Aug 26 18:33:59.532458: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:33:59.532464: | spent 0.514 milliseconds in whack Aug 26 18:34:00.268824: | spent 0.00279 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:34:00.268857: | *received 108 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) Aug 26 18:34:00.268860: | b4 b9 92 b1 8c d6 51 ed 11 de db 08 7f 65 6e 7d Aug 26 18:34:00.268862: | 08 10 05 01 70 9e b8 3a 00 00 00 6c 7f f4 56 86 Aug 26 18:34:00.268863: | fc dc ca 64 24 61 71 1c 47 c5 1a ad 58 6f 37 e5 Aug 26 18:34:00.268865: | 49 96 95 6c a4 73 e4 4d bb 22 59 65 f9 ee 70 ad Aug 26 18:34:00.268866: | a1 1c ce cf b7 67 c7 ed 32 9b b9 b2 e6 b0 c9 9b Aug 26 18:34:00.268868: | 64 dd 3e 22 a1 98 af bf f8 f9 15 6b 2a 97 e0 d3 Aug 26 18:34:00.268869: | f7 e0 67 ce 45 31 8e f5 35 57 7f c2 Aug 26 18:34:00.268872: | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) Aug 26 18:34:00.268875: | **parse ISAKMP Message: Aug 26 18:34:00.268877: | initiator cookie: Aug 26 18:34:00.268878: | b4 b9 92 b1 8c d6 51 ed Aug 26 18:34:00.268880: | responder cookie: Aug 26 18:34:00.268881: | 11 de db 08 7f 65 6e 7d Aug 26 18:34:00.268883: | next payload type: ISAKMP_NEXT_HASH (0x8) Aug 26 18:34:00.268885: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 18:34:00.268886: | exchange type: ISAKMP_XCHG_INFO (0x5) Aug 26 18:34:00.268888: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 18:34:00.268890: | Message ID: 1889450042 (0x709eb83a) Aug 26 18:34:00.268891: | length: 108 (0x6c) Aug 26 18:34:00.268893: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_INFO (5) Aug 26 18:34:00.268897: | peer and cookies match on #7; msgid=00000000 st_msgid=5426ec6b st_msgid_phase15=00000000 Aug 26 18:34:00.268899: | peer and cookies match on #6; msgid=00000000 st_msgid=78d83418 st_msgid_phase15=00000000 Aug 26 18:34:00.268901: | peer and cookies match on #5; msgid=00000000 st_msgid=b63903a6 st_msgid_phase15=00000000 Aug 26 18:34:00.268902: | peer and cookies match on #4; msgid=00000000 st_msgid=4e17d482 st_msgid_phase15=00000000 Aug 26 18:34:00.268904: | peer and cookies match on #3; msgid=00000000 st_msgid=f19ec542 st_msgid_phase15=00000000 Aug 26 18:34:00.268906: | peer and cookies match on #2; msgid=00000000 st_msgid=36432fd8 st_msgid_phase15=00000000 Aug 26 18:34:00.268908: | peer and cookies match on #1; msgid=00000000 st_msgid=00000000 st_msgid_phase15=00000000 Aug 26 18:34:00.268910: | p15 state object #1 found, in STATE_MAIN_R3 Aug 26 18:34:00.268912: | State DB: found IKEv1 state #1 in MAIN_R3 (find_v1_info_state) Aug 26 18:34:00.268915: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in process_v1_packet() at ikev1.c:1479) Aug 26 18:34:00.268931: | #1 is idle Aug 26 18:34:00.268933: | #1 idle Aug 26 18:34:00.268936: | received encrypted packet from 192.1.3.33:500 Aug 26 18:34:00.268943: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x100 opt: 0x0 Aug 26 18:34:00.268945: | ***parse ISAKMP Hash Payload: Aug 26 18:34:00.268947: | next payload type: ISAKMP_NEXT_N (0xb) Aug 26 18:34:00.268949: | length: 36 (0x24) Aug 26 18:34:00.268951: | got payload 0x800 (ISAKMP_NEXT_N) needed: 0x0 opt: 0x0 Aug 26 18:34:00.268953: | ***parse ISAKMP Notification Payload: Aug 26 18:34:00.268954: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:34:00.268956: | length: 32 (0x20) Aug 26 18:34:00.268958: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 18:34:00.268959: | protocol ID: 1 (0x1) Aug 26 18:34:00.268961: | SPI size: 16 (0x10) Aug 26 18:34:00.268963: | Notify Message Type: R_U_THERE (0x8d28) Aug 26 18:34:00.268964: | removing 12 bytes of padding Aug 26 18:34:00.268977: | informational HASH(1): Aug 26 18:34:00.268979: | 5e 84 04 e3 69 eb 77 fb 7b 2c e5 7b 66 3a 6e 82 Aug 26 18:34:00.268981: | b4 db d3 87 fd d2 d4 45 a8 31 e8 ff 4a 17 7d c8 Aug 26 18:34:00.268983: | received 'informational' message HASH(1) data ok Aug 26 18:34:00.268984: | info: b4 b9 92 b1 8c d6 51 ed 11 de db 08 7f 65 6e 7d Aug 26 18:34:00.268986: | info: 00 00 66 d0 Aug 26 18:34:00.268989: | processing informational R_U_THERE (36136) Aug 26 18:34:00.268990: | pstats ikev1_recv_notifies_e 36136 Aug 26 18:34:00.268993: | DPD: received R_U_THERE seq:26320 monotime:29726.011459 (state=#1 name="northnet-eastnets/0x2") Aug 26 18:34:00.268998: | **emit ISAKMP Message: Aug 26 18:34:00.269001: | initiator cookie: Aug 26 18:34:00.269002: | b4 b9 92 b1 8c d6 51 ed Aug 26 18:34:00.269004: | responder cookie: Aug 26 18:34:00.269005: | 11 de db 08 7f 65 6e 7d Aug 26 18:34:00.269007: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:34:00.269008: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 18:34:00.269010: | exchange type: ISAKMP_XCHG_INFO (0x5) Aug 26 18:34:00.269012: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 18:34:00.269013: | Message ID: 567430279 (0x21d24c87) Aug 26 18:34:00.269015: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:34:00.269017: | ***emit ISAKMP Hash Payload: Aug 26 18:34:00.269019: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:34:00.269021: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Aug 26 18:34:00.269023: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'ISAKMP notify' Aug 26 18:34:00.269025: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Aug 26 18:34:00.269026: | emitting length of ISAKMP Hash Payload: 36 Aug 26 18:34:00.269028: | ***emit ISAKMP Notification Payload: Aug 26 18:34:00.269029: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:34:00.269031: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 18:34:00.269033: | protocol ID: 1 (0x1) Aug 26 18:34:00.269034: | SPI size: 16 (0x10) Aug 26 18:34:00.269036: | Notify Message Type: R_U_THERE_ACK (0x8d29) Aug 26 18:34:00.269038: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Notification Payload (11:ISAKMP_NEXT_N) Aug 26 18:34:00.269040: | next payload chain: saving location 'ISAKMP Notification Payload'.'next payload type' in 'ISAKMP notify' Aug 26 18:34:00.269042: | emitting 8 raw bytes of notify icookie into ISAKMP Notification Payload Aug 26 18:34:00.269044: | notify icookie b4 b9 92 b1 8c d6 51 ed Aug 26 18:34:00.269046: | emitting 8 raw bytes of notify rcookie into ISAKMP Notification Payload Aug 26 18:34:00.269047: | notify rcookie 11 de db 08 7f 65 6e 7d Aug 26 18:34:00.269049: | emitting 4 raw bytes of notify data into ISAKMP Notification Payload Aug 26 18:34:00.269050: | notify data 00 00 66 d0 Aug 26 18:34:00.269053: | emitting length of ISAKMP Notification Payload: 32 Aug 26 18:34:00.269063: | notification HASH(1): Aug 26 18:34:00.269065: | ac a1 ba 5f 56 c2 7b e5 13 5d bb ab ab 7e e6 3c Aug 26 18:34:00.269066: | 18 7c db 90 6a 83 86 39 f7 3c 5a 92 ca 05 f8 b3 Aug 26 18:34:00.269070: | emitting 12 zero bytes of encryption padding into ISAKMP Message Aug 26 18:34:00.269072: | no IKEv1 message padding required Aug 26 18:34:00.269074: | emitting length of ISAKMP Message: 108 Aug 26 18:34:00.269079: | sending 108 bytes for ISAKMP notify through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) Aug 26 18:34:00.269081: | b4 b9 92 b1 8c d6 51 ed 11 de db 08 7f 65 6e 7d Aug 26 18:34:00.269083: | 08 10 05 01 21 d2 4c 87 00 00 00 6c 33 cd ec a3 Aug 26 18:34:00.269084: | 4b c0 35 b1 1e c5 0a 82 fa 43 eb e6 3a 37 1f dc Aug 26 18:34:00.269086: | bd dd e6 66 c4 1b d9 21 41 c3 21 cb d6 7e ac 43 Aug 26 18:34:00.269087: | cd eb 8d d0 bb b4 dc 01 3b 2a 62 64 27 72 1c 2b Aug 26 18:34:00.269089: | e5 17 c2 5b 95 2c 77 16 59 ac 00 a4 91 8d 40 d4 Aug 26 18:34:00.269090: | 37 31 8f e2 f4 0d 9c 9a f2 5f 10 fd Aug 26 18:34:00.269131: | complete v1 state transition with STF_IGNORE Aug 26 18:34:00.269136: | #1 spent 0.118 milliseconds in process_packet_tail() Aug 26 18:34:00.269139: | stop processing: from 192.1.3.33:500 (BACKGROUND) (in process_md() at demux.c:380) Aug 26 18:34:00.269142: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in process_md() at demux.c:382) Aug 26 18:34:00.269145: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 18:34:00.269147: | spent 0.282 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:34:00.467205: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:34:00.467237: shutting down Aug 26 18:34:00.467249: | processing: RESET whack log_fd (was fd@16) (in exit_pluto() at plutomain.c:1825) Aug 26 18:34:00.467253: destroying root certificate cache Aug 26 18:34:00.467281: | certs and keys locked by 'free_preshared_secrets' Aug 26 18:34:00.467284: forgetting secrets Aug 26 18:34:00.467297: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 18:34:00.467310: | unreference key: 0x55e21156a028 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org cnt 1-- Aug 26 18:34:00.467315: | unreference key: 0x55e211569908 user-east@testing.libreswan.org cnt 1-- Aug 26 18:34:00.467319: | unreference key: 0x55e2115696a8 @east.testing.libreswan.org cnt 1-- Aug 26 18:34:00.467323: | unreference key: 0x55e211569198 east@testing.libreswan.org cnt 1-- Aug 26 18:34:00.467328: | unreference key: 0x55e211567d68 192.1.2.23 cnt 1-- Aug 26 18:34:00.467336: | unreference key: 0x55e211563e08 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org cnt 1-- Aug 26 18:34:00.467340: | unreference key: 0x55e211562bc8 user-north@testing.libreswan.org cnt 1-- Aug 26 18:34:00.467342: | unreference key: 0x55e21144bc48 @north.testing.libreswan.org cnt 1-- Aug 26 18:34:00.467346: | start processing: connection "northnet-eastnets/0x2" (in delete_connection() at connections.c:189) Aug 26 18:34:00.467349: | Deleting states for connection - including all other IPsec SA's of this IKE SA Aug 26 18:34:00.467350: | pass 0 Aug 26 18:34:00.467352: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 18:34:00.467354: | state #7 Aug 26 18:34:00.467357: | suspend processing: connection "northnet-eastnets/0x2" (in foreach_state_by_connection_func_delete() at state.c:1310) Aug 26 18:34:00.467361: | start processing: state #7 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in foreach_state_by_connection_func_delete() at state.c:1310) Aug 26 18:34:00.467363: | pstats #7 ikev1.ipsec deleted completed Aug 26 18:34:00.467366: | [RE]START processing: state #7 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in delete_state() at state.c:879) Aug 26 18:34:00.467372: "northnet-eastnets/0x2" #7: deleting state (STATE_QUICK_R2) aged 12.210s and sending notification Aug 26 18:34:00.467375: | child state #7: QUICK_R2(established CHILD SA) => delete Aug 26 18:34:00.467379: | get_sa_info esp.f24d08cd@192.1.3.33 Aug 26 18:34:00.467390: | get_sa_info esp.1a434109@192.1.2.23 Aug 26 18:34:00.467396: "northnet-eastnets/0x2" #7: ESP traffic information: in=84B out=0B Aug 26 18:34:00.467399: | #7 send IKEv1 delete notification for STATE_QUICK_R2 Aug 26 18:34:00.467401: | FOR_EACH_STATE_... in find_phase1_state Aug 26 18:34:00.467410: | **emit ISAKMP Message: Aug 26 18:34:00.467412: | initiator cookie: Aug 26 18:34:00.467414: | b4 b9 92 b1 8c d6 51 ed Aug 26 18:34:00.467416: | responder cookie: Aug 26 18:34:00.467417: | 11 de db 08 7f 65 6e 7d Aug 26 18:34:00.467419: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:34:00.467421: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 18:34:00.467423: | exchange type: ISAKMP_XCHG_INFO (0x5) Aug 26 18:34:00.467425: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 18:34:00.467427: | Message ID: 2193847987 (0x82c376b3) Aug 26 18:34:00.467429: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:34:00.467431: | ***emit ISAKMP Hash Payload: Aug 26 18:34:00.467433: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:34:00.467435: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Aug 26 18:34:00.467437: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'delete msg' Aug 26 18:34:00.467439: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Aug 26 18:34:00.467441: | emitting length of ISAKMP Hash Payload: 36 Aug 26 18:34:00.467443: | ***emit ISAKMP Delete Payload: Aug 26 18:34:00.467444: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:34:00.467446: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 18:34:00.467448: | protocol ID: 3 (0x3) Aug 26 18:34:00.467449: | SPI size: 4 (0x4) Aug 26 18:34:00.467451: | number of SPIs: 1 (0x1) Aug 26 18:34:00.467453: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Delete Payload (12:ISAKMP_NEXT_D) Aug 26 18:34:00.467455: | next payload chain: saving location 'ISAKMP Delete Payload'.'next payload type' in 'delete msg' Aug 26 18:34:00.467457: | emitting 4 raw bytes of delete payload into ISAKMP Delete Payload Aug 26 18:34:00.467459: | delete payload 1a 43 41 09 Aug 26 18:34:00.467460: | emitting length of ISAKMP Delete Payload: 16 Aug 26 18:34:00.467485: | send delete HASH(1): Aug 26 18:34:00.467487: | ec fb 59 85 1b 2b 65 89 1d 84 5d 99 df 13 d3 49 Aug 26 18:34:00.467489: | 68 83 05 df 1d 65 93 c9 ec 28 35 34 ac 09 ea 85 Aug 26 18:34:00.467496: | emitting 12 zero bytes of encryption padding into ISAKMP Message Aug 26 18:34:00.467497: | no IKEv1 message padding required Aug 26 18:34:00.467499: | emitting length of ISAKMP Message: 92 Aug 26 18:34:00.467512: | sending 92 bytes for delete notify through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) Aug 26 18:34:00.467516: | b4 b9 92 b1 8c d6 51 ed 11 de db 08 7f 65 6e 7d Aug 26 18:34:00.467519: | 08 10 05 01 82 c3 76 b3 00 00 00 5c 3b ed 13 de Aug 26 18:34:00.467521: | 49 38 ce 81 00 95 b5 2a 84 63 19 2e 37 cb e5 b9 Aug 26 18:34:00.467524: | 0b 12 01 20 d9 d5 05 e7 02 67 98 23 b3 9c 47 12 Aug 26 18:34:00.467526: | 00 69 dc d0 8b 01 ef a1 30 0c d8 a8 a6 c7 ae 71 Aug 26 18:34:00.467528: | d7 03 89 ab 8e f6 f0 7b f4 d4 98 dc Aug 26 18:34:00.467586: | state #7 requesting EVENT_SA_REPLACE to be deleted Aug 26 18:34:00.467592: | libevent_free: release ptr-libevent@0x7f498c0027d8 Aug 26 18:34:00.467596: | free_event_entry: release EVENT_SA_REPLACE-pe@0x7f498c002b78 Aug 26 18:34:00.467668: | running updown command "ipsec _updown" for verb down Aug 26 18:34:00.467678: | command executing down-client Aug 26 18:34:00.467719: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.22.0/24' PLUTO_MY_CLIENT_NET='192.0.22.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566844428' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' P Aug 26 18:34:00.467725: | popen cmd is 1298 chars long Aug 26 18:34:00.467728: | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets: Aug 26 18:34:00.467732: | cmd( 80):/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' : Aug 26 18:34:00.467735: | cmd( 160):PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=ea: Aug 26 18:34:00.467737: | cmd( 240):st.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='19: Aug 26 18:34:00.467740: | cmd( 320):2.0.22.0/24' PLUTO_MY_CLIENT_NET='192.0.22.0' PLUTO_MY_CLIENT_MASK='255.255.255.: Aug 26 18:34:00.467743: | cmd( 400):0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE=: Aug 26 18:34:00.467746: | cmd( 480):'ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libr: Aug 26 18:34:00.467748: | cmd( 560):eswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.: Aug 26 18:34:00.467751: | cmd( 640):libreswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0: Aug 26 18:34:00.467754: | cmd( 720):' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL: Aug 26 18:34:00.467757: | cmd( 800):='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566844428' PLUTO_CONN: Aug 26 18:34:00.467759: | cmd( 880):_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO: Aug 26 18:34:00.467762: | cmd( 960):' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLU: Aug 26 18:34:00.467765: | cmd(1040):TO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER: Aug 26 18:34:00.467767: | cmd(1120):_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI: Aug 26 18:34:00.467770: | cmd(1200):_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xf24d08cd SPI_OUT=0x1a434109 : Aug 26 18:34:00.467773: | cmd(1280):ipsec _updown 2>&1: Aug 26 18:34:00.478680: | shunt_eroute() called for connection 'northnet-eastnets/0x2' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 0--0->-0 Aug 26 18:34:00.478699: | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 Aug 26 18:34:00.478705: | priority calculation of connection "northnet-eastnets/0x2" is 0xfe7e7 Aug 26 18:34:00.478709: | IPsec Sa SPD priority set to 1042407 Aug 26 18:34:00.479113: | delete esp.f24d08cd@192.1.3.33 Aug 26 18:34:00.479135: | netlink response for Del SA esp.f24d08cd@192.1.3.33 included non-error error Aug 26 18:34:00.479140: | priority calculation of connection "northnet-eastnets/0x2" is 0xfe7e7 Aug 26 18:34:00.479148: | delete inbound eroute 192.0.3.0/24:0 --0-> 192.0.22.0/24:0 => unk255.10000@192.1.2.23 (raw_eroute) Aug 26 18:34:00.479171: | raw_eroute result=success Aug 26 18:34:00.479177: | delete esp.1a434109@192.1.2.23 Aug 26 18:34:00.479187: | netlink response for Del SA esp.1a434109@192.1.2.23 included non-error error Aug 26 18:34:00.479199: | stop processing: connection "northnet-eastnets/0x2" (BACKGROUND) (in update_state_connection() at connections.c:4076) Aug 26 18:34:00.479211: | start processing: connection NULL (in update_state_connection() at connections.c:4077) Aug 26 18:34:00.479213: | in connection_discard for connection northnet-eastnets/0x2 Aug 26 18:34:00.479217: | State DB: deleting IKEv1 state #7 in QUICK_R2 Aug 26 18:34:00.479225: | child state #7: QUICK_R2(established CHILD SA) => UNDEFINED(ignore) Aug 26 18:34:00.479267: | stop processing: state #7 from 192.1.3.33:500 (in delete_state() at state.c:1143) Aug 26 18:34:00.479296: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) Aug 26 18:34:00.479303: | state #6 Aug 26 18:34:00.479309: | start processing: state #6 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in foreach_state_by_connection_func_delete() at state.c:1310) Aug 26 18:34:00.479313: | pstats #6 ikev1.ipsec deleted completed Aug 26 18:34:00.479319: | [RE]START processing: state #6 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in delete_state() at state.c:879) Aug 26 18:34:00.479325: "northnet-eastnets/0x1" #6: deleting state (STATE_QUICK_R1) aged 21.056s and sending notification Aug 26 18:34:00.479328: | child state #6: QUICK_R1(established CHILD SA) => delete Aug 26 18:34:00.479333: | get_sa_info esp.4ae31ab3@192.1.3.33 Aug 26 18:34:00.479344: | get_sa_info esp.1e867a01@192.1.2.23 Aug 26 18:34:00.479353: "northnet-eastnets/0x1" #6: ESP traffic information: in=0B out=0B Aug 26 18:34:00.479358: | #6 send IKEv1 delete notification for STATE_QUICK_R1 Aug 26 18:34:00.479362: | FOR_EACH_STATE_... in find_phase1_state Aug 26 18:34:00.479381: | **emit ISAKMP Message: Aug 26 18:34:00.479384: | initiator cookie: Aug 26 18:34:00.479387: | b4 b9 92 b1 8c d6 51 ed Aug 26 18:34:00.479389: | responder cookie: Aug 26 18:34:00.479392: | 11 de db 08 7f 65 6e 7d Aug 26 18:34:00.479395: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:34:00.479397: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 18:34:00.479400: | exchange type: ISAKMP_XCHG_INFO (0x5) Aug 26 18:34:00.479404: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 18:34:00.479407: | Message ID: 3674571231 (0xdb0581df) Aug 26 18:34:00.479409: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:34:00.479413: | ***emit ISAKMP Hash Payload: Aug 26 18:34:00.479415: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:34:00.479419: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Aug 26 18:34:00.479422: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'delete msg' Aug 26 18:34:00.479425: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Aug 26 18:34:00.479427: | emitting length of ISAKMP Hash Payload: 36 Aug 26 18:34:00.479430: | ***emit ISAKMP Delete Payload: Aug 26 18:34:00.479433: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:34:00.479435: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 18:34:00.479438: | protocol ID: 3 (0x3) Aug 26 18:34:00.479440: | SPI size: 4 (0x4) Aug 26 18:34:00.479442: | number of SPIs: 1 (0x1) Aug 26 18:34:00.479446: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Delete Payload (12:ISAKMP_NEXT_D) Aug 26 18:34:00.479449: | next payload chain: saving location 'ISAKMP Delete Payload'.'next payload type' in 'delete msg' Aug 26 18:34:00.479452: | emitting 4 raw bytes of delete payload into ISAKMP Delete Payload Aug 26 18:34:00.479454: | delete payload 1e 86 7a 01 Aug 26 18:34:00.479457: | emitting length of ISAKMP Delete Payload: 16 Aug 26 18:34:00.479491: | send delete HASH(1): Aug 26 18:34:00.479495: | 05 4f 84 b8 fd a3 9e 24 2d 6d 8a 03 5d 37 15 93 Aug 26 18:34:00.479497: | e5 d1 b0 9a 9b 4a 37 dc a5 fe 5d 78 80 90 db 1f Aug 26 18:34:00.479508: | emitting 12 zero bytes of encryption padding into ISAKMP Message Aug 26 18:34:00.479514: | no IKEv1 message padding required Aug 26 18:34:00.479517: | emitting length of ISAKMP Message: 92 Aug 26 18:34:00.479537: | sending 92 bytes for delete notify through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) Aug 26 18:34:00.479542: | b4 b9 92 b1 8c d6 51 ed 11 de db 08 7f 65 6e 7d Aug 26 18:34:00.479545: | 08 10 05 01 db 05 81 df 00 00 00 5c 82 13 cf 67 Aug 26 18:34:00.479547: | 80 18 36 02 59 fd 39 c8 d3 14 f9 59 8b 1c ea 7b Aug 26 18:34:00.479549: | 09 30 7d 82 4c fe f3 63 7c 66 fe 9e 8b 21 db db Aug 26 18:34:00.479552: | 25 69 78 89 72 84 70 d9 d7 a8 47 23 ef 77 0d 3f Aug 26 18:34:00.479554: | 2b 74 fe 1e b3 e0 3e d1 6e 90 f1 fd Aug 26 18:34:00.479605: | state #6 requesting EVENT_RETRANSMIT to be deleted Aug 26 18:34:00.479610: | #6 STATE_QUICK_R1: retransmits: cleared Aug 26 18:34:00.479619: | libevent_free: release ptr-libevent@0x7f499c00a028 Aug 26 18:34:00.479625: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f499c004218 Aug 26 18:34:00.479688: | delete esp.4ae31ab3@192.1.3.33 Aug 26 18:34:00.479705: | netlink response for Del SA esp.4ae31ab3@192.1.3.33 included non-error error Aug 26 18:34:00.479710: | delete esp.1e867a01@192.1.2.23 Aug 26 18:34:00.479721: | netlink response for Del SA esp.1e867a01@192.1.2.23 included non-error error Aug 26 18:34:00.479728: | in connection_discard for connection northnet-eastnets/0x1 Aug 26 18:34:00.479731: | State DB: deleting IKEv1 state #6 in QUICK_R1 Aug 26 18:34:00.479735: | child state #6: QUICK_R1(established CHILD SA) => UNDEFINED(ignore) Aug 26 18:34:00.479755: | stop processing: state #6 from 192.1.3.33:500 (in delete_state() at state.c:1143) Aug 26 18:34:00.479772: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) Aug 26 18:34:00.479775: | state #5 Aug 26 18:34:00.479780: | start processing: state #5 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in foreach_state_by_connection_func_delete() at state.c:1310) Aug 26 18:34:00.479783: | pstats #5 ikev1.ipsec deleted completed Aug 26 18:34:00.479788: | [RE]START processing: state #5 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in delete_state() at state.c:879) Aug 26 18:34:00.479792: "northnet-eastnets/0x2" #5: deleting state (STATE_QUICK_R1) aged 21.057s and sending notification Aug 26 18:34:00.479795: | child state #5: QUICK_R1(established CHILD SA) => delete Aug 26 18:34:00.479799: | get_sa_info esp.abe7ff90@192.1.3.33 Aug 26 18:34:00.479808: | get_sa_info esp.698e3888@192.1.2.23 Aug 26 18:34:00.479816: "northnet-eastnets/0x2" #5: ESP traffic information: in=0B out=0B Aug 26 18:34:00.479820: | #5 send IKEv1 delete notification for STATE_QUICK_R1 Aug 26 18:34:00.479823: | FOR_EACH_STATE_... in find_phase1_state Aug 26 18:34:00.479828: | **emit ISAKMP Message: Aug 26 18:34:00.479831: | initiator cookie: Aug 26 18:34:00.479833: | b4 b9 92 b1 8c d6 51 ed Aug 26 18:34:00.479836: | responder cookie: Aug 26 18:34:00.479838: | 11 de db 08 7f 65 6e 7d Aug 26 18:34:00.479841: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:34:00.479844: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 18:34:00.479847: | exchange type: ISAKMP_XCHG_INFO (0x5) Aug 26 18:34:00.479850: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 18:34:00.479853: | Message ID: 2418223107 (0x90232803) Aug 26 18:34:00.479856: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:34:00.479859: | ***emit ISAKMP Hash Payload: Aug 26 18:34:00.479862: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:34:00.479865: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Aug 26 18:34:00.479869: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'delete msg' Aug 26 18:34:00.479872: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Aug 26 18:34:00.479875: | emitting length of ISAKMP Hash Payload: 36 Aug 26 18:34:00.479878: | ***emit ISAKMP Delete Payload: Aug 26 18:34:00.479883: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:34:00.479886: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 18:34:00.479888: | protocol ID: 3 (0x3) Aug 26 18:34:00.479891: | SPI size: 4 (0x4) Aug 26 18:34:00.479894: | number of SPIs: 1 (0x1) Aug 26 18:34:00.479897: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Delete Payload (12:ISAKMP_NEXT_D) Aug 26 18:34:00.479900: | next payload chain: saving location 'ISAKMP Delete Payload'.'next payload type' in 'delete msg' Aug 26 18:34:00.479903: | emitting 4 raw bytes of delete payload into ISAKMP Delete Payload Aug 26 18:34:00.479906: | delete payload 69 8e 38 88 Aug 26 18:34:00.479908: | emitting length of ISAKMP Delete Payload: 16 Aug 26 18:34:00.479928: | send delete HASH(1): Aug 26 18:34:00.479931: | fc d5 92 27 00 a2 3c ed 5e d1 3f 82 5f 8a f0 37 Aug 26 18:34:00.479934: | a3 77 97 ad 44 0a e7 97 5e c5 c7 36 9a f2 32 9b Aug 26 18:34:00.479941: | emitting 12 zero bytes of encryption padding into ISAKMP Message Aug 26 18:34:00.479944: | no IKEv1 message padding required Aug 26 18:34:00.479946: | emitting length of ISAKMP Message: 92 Aug 26 18:34:00.479957: | sending 92 bytes for delete notify through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) Aug 26 18:34:00.479960: | b4 b9 92 b1 8c d6 51 ed 11 de db 08 7f 65 6e 7d Aug 26 18:34:00.479962: | 08 10 05 01 90 23 28 03 00 00 00 5c e1 b7 23 83 Aug 26 18:34:00.479964: | ef 1e 4c c8 f1 8f 32 8b cb 98 25 b7 67 f5 0e 08 Aug 26 18:34:00.479967: | 5e 34 d6 1a cd 63 13 0e c4 4a 9b 45 ef 6e dc b4 Aug 26 18:34:00.479970: | 20 0f 6d 67 c9 5c a9 d3 ea e5 7c 9c e3 50 a0 db Aug 26 18:34:00.479972: | c7 4d 95 65 c3 f4 36 09 e1 3f 09 87 Aug 26 18:34:00.479999: | state #5 requesting EVENT_RETRANSMIT to be deleted Aug 26 18:34:00.480003: | #5 STATE_QUICK_R1: retransmits: cleared Aug 26 18:34:00.480008: | libevent_free: release ptr-libevent@0x55e21157aea8 Aug 26 18:34:00.480012: | free_event_entry: release EVENT_RETRANSMIT-pe@0x55e21157afc8 Aug 26 18:34:00.480052: | delete esp.abe7ff90@192.1.3.33 Aug 26 18:34:00.480067: | netlink response for Del SA esp.abe7ff90@192.1.3.33 included non-error error Aug 26 18:34:00.480072: | priority calculation of connection "northnet-eastnets/0x2" is 0xfe7e7 Aug 26 18:34:00.480078: | delete inbound eroute 192.0.3.0/24:0 --0-> 192.0.22.0/24:0 => unk255.10000@192.1.2.23 (raw_eroute) Aug 26 18:34:00.480089: | raw_eroute result=success Aug 26 18:34:00.480093: | delete esp.698e3888@192.1.2.23 Aug 26 18:34:00.480104: | netlink response for Del SA esp.698e3888@192.1.2.23 included non-error error Aug 26 18:34:00.480108: | in connection_discard for connection northnet-eastnets/0x2 Aug 26 18:34:00.480111: | State DB: deleting IKEv1 state #5 in QUICK_R1 Aug 26 18:34:00.480115: | child state #5: QUICK_R1(established CHILD SA) => UNDEFINED(ignore) Aug 26 18:34:00.480138: | stop processing: state #5 from 192.1.3.33:500 (in delete_state() at state.c:1143) Aug 26 18:34:00.480154: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) Aug 26 18:34:00.480157: | state #4 Aug 26 18:34:00.480162: | start processing: state #4 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in foreach_state_by_connection_func_delete() at state.c:1310) Aug 26 18:34:00.480166: | pstats #4 ikev1.ipsec deleted completed Aug 26 18:34:00.480171: | [RE]START processing: state #4 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in delete_state() at state.c:879) Aug 26 18:34:00.480175: "northnet-eastnets/0x1" #4: deleting state (STATE_QUICK_R2) aged 23.307s and sending notification Aug 26 18:34:00.480178: | child state #4: QUICK_R2(established CHILD SA) => delete Aug 26 18:34:00.480182: | get_sa_info esp.1c276340@192.1.3.33 Aug 26 18:34:00.480191: | get_sa_info esp.e0d54674@192.1.2.23 Aug 26 18:34:00.480200: "northnet-eastnets/0x1" #4: ESP traffic information: in=84B out=84B Aug 26 18:34:00.480204: | #4 send IKEv1 delete notification for STATE_QUICK_R2 Aug 26 18:34:00.480207: | FOR_EACH_STATE_... in find_phase1_state Aug 26 18:34:00.480215: | **emit ISAKMP Message: Aug 26 18:34:00.480218: | initiator cookie: Aug 26 18:34:00.480221: | b4 b9 92 b1 8c d6 51 ed Aug 26 18:34:00.480224: | responder cookie: Aug 26 18:34:00.480227: | 11 de db 08 7f 65 6e 7d Aug 26 18:34:00.480230: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:34:00.480232: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 18:34:00.480235: | exchange type: ISAKMP_XCHG_INFO (0x5) Aug 26 18:34:00.480238: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 18:34:00.480241: | Message ID: 65736089 (0x3eb0d99) Aug 26 18:34:00.480244: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:34:00.480248: | ***emit ISAKMP Hash Payload: Aug 26 18:34:00.480251: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:34:00.480254: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Aug 26 18:34:00.480257: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'delete msg' Aug 26 18:34:00.480260: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Aug 26 18:34:00.480263: | emitting length of ISAKMP Hash Payload: 36 Aug 26 18:34:00.480266: | ***emit ISAKMP Delete Payload: Aug 26 18:34:00.480269: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:34:00.480272: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 18:34:00.480275: | protocol ID: 3 (0x3) Aug 26 18:34:00.480277: | SPI size: 4 (0x4) Aug 26 18:34:00.480280: | number of SPIs: 1 (0x1) Aug 26 18:34:00.480283: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Delete Payload (12:ISAKMP_NEXT_D) Aug 26 18:34:00.480286: | next payload chain: saving location 'ISAKMP Delete Payload'.'next payload type' in 'delete msg' Aug 26 18:34:00.480458: | emitting 4 raw bytes of delete payload into ISAKMP Delete Payload Aug 26 18:34:00.480465: | delete payload e0 d5 46 74 Aug 26 18:34:00.480469: | emitting length of ISAKMP Delete Payload: 16 Aug 26 18:34:00.480488: | send delete HASH(1): Aug 26 18:34:00.480493: | ef 74 8c 6c 8d dd 03 8c bd 75 de 9f c6 0e 52 80 Aug 26 18:34:00.480496: | b5 3f 33 ed cd 92 f0 7f 2f 77 f1 b2 fd b3 40 95 Aug 26 18:34:00.480504: | emitting 12 zero bytes of encryption padding into ISAKMP Message Aug 26 18:34:00.480507: | no IKEv1 message padding required Aug 26 18:34:00.480510: | emitting length of ISAKMP Message: 92 Aug 26 18:34:00.480520: | sending 92 bytes for delete notify through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) Aug 26 18:34:00.480524: | b4 b9 92 b1 8c d6 51 ed 11 de db 08 7f 65 6e 7d Aug 26 18:34:00.480527: | 08 10 05 01 03 eb 0d 99 00 00 00 5c 15 ef b5 25 Aug 26 18:34:00.480529: | 70 a5 70 5a 1f 4e 01 90 6d 0c c4 25 f0 2b 28 03 Aug 26 18:34:00.480532: | 05 38 66 de 54 33 81 d0 40 c9 ab 84 47 35 19 f7 Aug 26 18:34:00.480535: | dd ee a6 4e 61 d1 f6 3d 8e 46 66 10 53 37 83 6e Aug 26 18:34:00.480538: | be da 73 28 07 03 f4 8b a3 79 31 91 Aug 26 18:34:00.480559: | state #4 requesting EVENT_SA_REPLACE to be deleted Aug 26 18:34:00.480563: | libevent_free: release ptr-libevent@0x7f49a00027d8 Aug 26 18:34:00.480568: | free_event_entry: release EVENT_SA_REPLACE-pe@0x7f4990004218 Aug 26 18:34:00.480654: | running updown command "ipsec _updown" for verb down Aug 26 18:34:00.480661: | command executing down-client Aug 26 18:34:00.480700: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566844417' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLU Aug 26 18:34:00.480707: | popen cmd is 1296 chars long Aug 26 18:34:00.480711: | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets: Aug 26 18:34:00.480714: | cmd( 80):/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' : Aug 26 18:34:00.480717: | cmd( 160):PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=ea: Aug 26 18:34:00.480720: | cmd( 240):st.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='19: Aug 26 18:34:00.480723: | cmd( 320):2.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0': Aug 26 18:34:00.480726: | cmd( 400): PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='E: Aug 26 18:34:00.480729: | cmd( 480):SP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libres: Aug 26 18:34:00.480732: | cmd( 560):wan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.li: Aug 26 18:34:00.480735: | cmd( 640):breswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' : Aug 26 18:34:00.480738: | cmd( 720):PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL=': Aug 26 18:34:00.480741: | cmd( 800):0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566844417' PLUTO_CONN_P: Aug 26 18:34:00.480744: | cmd( 880):OLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' : Aug 26 18:34:00.480747: | cmd( 960):PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO: Aug 26 18:34:00.480750: | cmd(1040):_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_B: Aug 26 18:34:00.480753: | cmd(1120):ANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_I: Aug 26 18:34:00.480756: | cmd(1200):FACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x1c276340 SPI_OUT=0xe0d54674 ip: Aug 26 18:34:00.480758: | cmd(1280):sec _updown 2>&1: Aug 26 18:34:00.493398: | shunt_eroute() called for connection 'northnet-eastnets/0x1' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 0--0->-0 Aug 26 18:34:00.493422: | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 Aug 26 18:34:00.493429: | priority calculation of connection "northnet-eastnets/0x1" is 0xfe7e7 Aug 26 18:34:00.493433: | IPsec Sa SPD priority set to 1042407 Aug 26 18:34:00.493480: | delete esp.1c276340@192.1.3.33 Aug 26 18:34:00.493503: | netlink response for Del SA esp.1c276340@192.1.3.33 included non-error error Aug 26 18:34:00.493508: | priority calculation of connection "northnet-eastnets/0x1" is 0xfe7e7 Aug 26 18:34:00.493516: | delete inbound eroute 192.0.3.0/24:0 --0-> 192.0.2.0/24:0 => unk255.10000@192.1.2.23 (raw_eroute) Aug 26 18:34:00.493542: | raw_eroute result=success Aug 26 18:34:00.493548: | delete esp.e0d54674@192.1.2.23 Aug 26 18:34:00.493561: | netlink response for Del SA esp.e0d54674@192.1.2.23 included non-error error Aug 26 18:34:00.493576: | in connection_discard for connection northnet-eastnets/0x1 Aug 26 18:34:00.493581: | State DB: deleting IKEv1 state #4 in QUICK_R2 Aug 26 18:34:00.493590: | child state #4: QUICK_R2(established CHILD SA) => UNDEFINED(ignore) Aug 26 18:34:00.493630: | stop processing: state #4 from 192.1.3.33:500 (in delete_state() at state.c:1143) Aug 26 18:34:00.493655: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) Aug 26 18:34:00.493659: | state #3 Aug 26 18:34:00.493665: | start processing: state #3 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in foreach_state_by_connection_func_delete() at state.c:1310) Aug 26 18:34:00.493672: | pstats #3 ikev1.ipsec deleted completed Aug 26 18:34:00.493678: | [RE]START processing: state #3 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in delete_state() at state.c:879) Aug 26 18:34:00.493682: "northnet-eastnets/0x1" #3: deleting state (STATE_QUICK_R2) aged 66.154s and sending notification Aug 26 18:34:00.493685: | child state #3: QUICK_R2(established CHILD SA) => delete Aug 26 18:34:00.493690: | get_sa_info esp.729e99e@192.1.3.33 Aug 26 18:34:00.493700: | get_sa_info esp.a6dbcb71@192.1.2.23 Aug 26 18:34:00.493709: "northnet-eastnets/0x1" #3: ESP traffic information: in=168B out=168B Aug 26 18:34:00.493714: | #3 send IKEv1 delete notification for STATE_QUICK_R2 Aug 26 18:34:00.493717: | FOR_EACH_STATE_... in find_phase1_state Aug 26 18:34:00.493736: | **emit ISAKMP Message: Aug 26 18:34:00.493742: | initiator cookie: Aug 26 18:34:00.493745: | b4 b9 92 b1 8c d6 51 ed Aug 26 18:34:00.493748: | responder cookie: Aug 26 18:34:00.493751: | 11 de db 08 7f 65 6e 7d Aug 26 18:34:00.493755: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:34:00.493758: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 18:34:00.493762: | exchange type: ISAKMP_XCHG_INFO (0x5) Aug 26 18:34:00.493767: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 18:34:00.493770: | Message ID: 3235859201 (0xc0df4b01) Aug 26 18:34:00.493774: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:34:00.493778: | ***emit ISAKMP Hash Payload: Aug 26 18:34:00.493781: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:34:00.493785: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Aug 26 18:34:00.493789: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'delete msg' Aug 26 18:34:00.493794: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Aug 26 18:34:00.493797: | emitting length of ISAKMP Hash Payload: 36 Aug 26 18:34:00.493800: | ***emit ISAKMP Delete Payload: Aug 26 18:34:00.493803: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:34:00.493807: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 18:34:00.493810: | protocol ID: 3 (0x3) Aug 26 18:34:00.493813: | SPI size: 4 (0x4) Aug 26 18:34:00.493816: | number of SPIs: 1 (0x1) Aug 26 18:34:00.493820: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Delete Payload (12:ISAKMP_NEXT_D) Aug 26 18:34:00.493824: | next payload chain: saving location 'ISAKMP Delete Payload'.'next payload type' in 'delete msg' Aug 26 18:34:00.493828: | emitting 4 raw bytes of delete payload into ISAKMP Delete Payload Aug 26 18:34:00.493831: | delete payload a6 db cb 71 Aug 26 18:34:00.493834: | emitting length of ISAKMP Delete Payload: 16 Aug 26 18:34:00.493869: | send delete HASH(1): Aug 26 18:34:00.493873: | 93 e8 37 51 c1 b6 6b 3d 8a d5 2c a5 01 95 c7 29 Aug 26 18:34:00.493876: | 91 80 02 0a 38 55 64 45 46 47 84 84 fc eb 36 49 Aug 26 18:34:00.493888: | emitting 12 zero bytes of encryption padding into ISAKMP Message Aug 26 18:34:00.493891: | no IKEv1 message padding required Aug 26 18:34:00.493894: | emitting length of ISAKMP Message: 92 Aug 26 18:34:00.493918: | sending 92 bytes for delete notify through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) Aug 26 18:34:00.493923: | b4 b9 92 b1 8c d6 51 ed 11 de db 08 7f 65 6e 7d Aug 26 18:34:00.493926: | 08 10 05 01 c0 df 4b 01 00 00 00 5c 15 54 54 1c Aug 26 18:34:00.493929: | 6e f6 7a 1a cf 72 b2 d5 3a c5 e0 76 d4 81 99 a6 Aug 26 18:34:00.493932: | 56 59 46 5a 8d c1 ba c6 81 c8 93 28 89 30 73 b2 Aug 26 18:34:00.493936: | 14 e9 57 48 d5 33 89 dc af 19 ea af 36 c0 d5 c0 Aug 26 18:34:00.493938: | 6e 2c 1b 00 26 eb 8c b3 fd 97 23 a0 Aug 26 18:34:00.493988: | state #3 requesting EVENT_SA_REPLACE to be deleted Aug 26 18:34:00.493999: | libevent_free: release ptr-libevent@0x7f4994003618 Aug 26 18:34:00.494008: | free_event_entry: release EVENT_SA_REPLACE-pe@0x55e2114f7238 Aug 26 18:34:00.494236: | delete esp.729e99e@192.1.3.33 Aug 26 18:34:00.494297: | netlink response for Del SA esp.729e99e@192.1.3.33 included non-error error Aug 26 18:34:00.494307: | priority calculation of connection "northnet-eastnets/0x1" is 0xfe7e7 Aug 26 18:34:00.494316: | delete inbound eroute 192.0.3.0/24:0 --0-> 192.0.2.0/24:0 => unk255.10000@192.1.2.23 (raw_eroute) Aug 26 18:34:00.494327: | raw_eroute result=success Aug 26 18:34:00.494331: | delete esp.a6dbcb71@192.1.2.23 Aug 26 18:34:00.494346: | netlink response for Del SA esp.a6dbcb71@192.1.2.23 included non-error error Aug 26 18:34:00.494351: | in connection_discard for connection northnet-eastnets/0x1 Aug 26 18:34:00.494380: | State DB: deleting IKEv1 state #3 in QUICK_R2 Aug 26 18:34:00.494389: | child state #3: QUICK_R2(established CHILD SA) => UNDEFINED(ignore) Aug 26 18:34:00.494414: | stop processing: state #3 from 192.1.3.33:500 (in delete_state() at state.c:1143) Aug 26 18:34:00.494429: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) Aug 26 18:34:00.494432: | state #2 Aug 26 18:34:00.494438: | start processing: state #2 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in foreach_state_by_connection_func_delete() at state.c:1310) Aug 26 18:34:00.494442: | pstats #2 ikev1.ipsec deleted completed Aug 26 18:34:00.494448: | [RE]START processing: state #2 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in delete_state() at state.c:879) Aug 26 18:34:00.494452: "northnet-eastnets/0x2" #2: deleting state (STATE_QUICK_R2) aged 66.156s and sending notification Aug 26 18:34:00.494456: | child state #2: QUICK_R2(established CHILD SA) => delete Aug 26 18:34:00.494461: | get_sa_info esp.9bf37cd9@192.1.3.33 Aug 26 18:34:00.494471: | get_sa_info esp.8b8a5569@192.1.2.23 Aug 26 18:34:00.494479: "northnet-eastnets/0x2" #2: ESP traffic information: in=168B out=0B Aug 26 18:34:00.494483: | #2 send IKEv1 delete notification for STATE_QUICK_R2 Aug 26 18:34:00.494486: | FOR_EACH_STATE_... in find_phase1_state Aug 26 18:34:00.494495: | **emit ISAKMP Message: Aug 26 18:34:00.494498: | initiator cookie: Aug 26 18:34:00.494501: | b4 b9 92 b1 8c d6 51 ed Aug 26 18:34:00.494504: | responder cookie: Aug 26 18:34:00.494507: | 11 de db 08 7f 65 6e 7d Aug 26 18:34:00.494511: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:34:00.494514: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 18:34:00.494518: | exchange type: ISAKMP_XCHG_INFO (0x5) Aug 26 18:34:00.494521: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 18:34:00.494524: | Message ID: 3127230314 (0xba65bf6a) Aug 26 18:34:00.494528: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:34:00.494532: | ***emit ISAKMP Hash Payload: Aug 26 18:34:00.494535: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:34:00.494539: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Aug 26 18:34:00.494543: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'delete msg' Aug 26 18:34:00.494547: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Aug 26 18:34:00.494550: | emitting length of ISAKMP Hash Payload: 36 Aug 26 18:34:00.494553: | ***emit ISAKMP Delete Payload: Aug 26 18:34:00.494557: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:34:00.494560: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 18:34:00.494563: | protocol ID: 3 (0x3) Aug 26 18:34:00.494566: | SPI size: 4 (0x4) Aug 26 18:34:00.494569: | number of SPIs: 1 (0x1) Aug 26 18:34:00.494573: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Delete Payload (12:ISAKMP_NEXT_D) Aug 26 18:34:00.494577: | next payload chain: saving location 'ISAKMP Delete Payload'.'next payload type' in 'delete msg' Aug 26 18:34:00.494581: | emitting 4 raw bytes of delete payload into ISAKMP Delete Payload Aug 26 18:34:00.494587: | delete payload 8b 8a 55 69 Aug 26 18:34:00.494590: | emitting length of ISAKMP Delete Payload: 16 Aug 26 18:34:00.494608: | send delete HASH(1): Aug 26 18:34:00.494612: | 57 b7 89 43 ec 1e c3 23 e2 b8 47 61 48 a8 c2 a0 Aug 26 18:34:00.494615: | 2b 0e 58 73 13 04 21 3b 82 40 83 36 49 d1 9a be Aug 26 18:34:00.494623: | emitting 12 zero bytes of encryption padding into ISAKMP Message Aug 26 18:34:00.494626: | no IKEv1 message padding required Aug 26 18:34:00.494630: | emitting length of ISAKMP Message: 92 Aug 26 18:34:00.494641: | sending 92 bytes for delete notify through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) Aug 26 18:34:00.494645: | b4 b9 92 b1 8c d6 51 ed 11 de db 08 7f 65 6e 7d Aug 26 18:34:00.494648: | 08 10 05 01 ba 65 bf 6a 00 00 00 5c 37 e4 19 d3 Aug 26 18:34:00.494651: | 48 91 8c da b0 eb f0 2d b6 a2 45 d0 4f dd 8a 4d Aug 26 18:34:00.494654: | 78 65 21 73 31 61 71 e4 4a 60 b2 6b 9e ae 07 7d Aug 26 18:34:00.494657: | 39 1c 85 e9 e8 cd e0 fb 6d ce 29 c2 b9 73 06 9c Aug 26 18:34:00.494660: | cb a1 82 26 40 e7 37 a0 10 d0 20 ca Aug 26 18:34:00.494687: | state #2 requesting EVENT_SA_REPLACE to be deleted Aug 26 18:34:00.494692: | libevent_free: release ptr-libevent@0x55e211571278 Aug 26 18:34:00.494696: | free_event_entry: release EVENT_SA_REPLACE-pe@0x55e2115723a8 Aug 26 18:34:00.494750: | delete esp.9bf37cd9@192.1.3.33 Aug 26 18:34:00.494777: | netlink response for Del SA esp.9bf37cd9@192.1.3.33 included non-error error Aug 26 18:34:00.494784: | priority calculation of connection "northnet-eastnets/0x2" is 0xfe7e7 Aug 26 18:34:00.494793: | delete inbound eroute 192.0.3.0/24:0 --0-> 192.0.22.0/24:0 => unk255.10000@192.1.2.23 (raw_eroute) Aug 26 18:34:00.494804: | raw_eroute result=success Aug 26 18:34:00.494809: | delete esp.8b8a5569@192.1.2.23 Aug 26 18:34:00.494822: | netlink response for Del SA esp.8b8a5569@192.1.2.23 included non-error error Aug 26 18:34:00.494827: | in connection_discard for connection northnet-eastnets/0x2 Aug 26 18:34:00.494830: | State DB: deleting IKEv1 state #2 in QUICK_R2 Aug 26 18:34:00.494835: | child state #2: QUICK_R2(established CHILD SA) => UNDEFINED(ignore) Aug 26 18:34:00.494856: | stop processing: state #2 from 192.1.3.33:500 (in delete_state() at state.c:1143) Aug 26 18:34:00.494868: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) Aug 26 18:34:00.494870: | state #1 Aug 26 18:34:00.494872: | pass 1 Aug 26 18:34:00.494873: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 18:34:00.494875: | state #1 Aug 26 18:34:00.494878: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in foreach_state_by_connection_func_delete() at state.c:1310) Aug 26 18:34:00.494880: | pstats #1 ikev1.isakmp deleted completed Aug 26 18:34:00.494884: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in delete_state() at state.c:879) Aug 26 18:34:00.494887: "northnet-eastnets/0x2" #1: deleting state (STATE_MAIN_R3) aged 66.183s and sending notification Aug 26 18:34:00.494889: | parent state #1: MAIN_R3(established IKE SA) => delete Aug 26 18:34:00.494917: | #1 send IKEv1 delete notification for STATE_MAIN_R3 Aug 26 18:34:00.494922: | **emit ISAKMP Message: Aug 26 18:34:00.494924: | initiator cookie: Aug 26 18:34:00.494926: | b4 b9 92 b1 8c d6 51 ed Aug 26 18:34:00.494927: | responder cookie: Aug 26 18:34:00.494929: | 11 de db 08 7f 65 6e 7d Aug 26 18:34:00.494931: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:34:00.494933: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 18:34:00.494934: | exchange type: ISAKMP_XCHG_INFO (0x5) Aug 26 18:34:00.494936: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 18:34:00.494938: | Message ID: 551324899 (0x20dc8ce3) Aug 26 18:34:00.494940: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:34:00.494942: | ***emit ISAKMP Hash Payload: Aug 26 18:34:00.494944: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:34:00.494948: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Aug 26 18:34:00.494950: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'delete msg' Aug 26 18:34:00.494952: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Aug 26 18:34:00.494954: | emitting length of ISAKMP Hash Payload: 36 Aug 26 18:34:00.494955: | ***emit ISAKMP Delete Payload: Aug 26 18:34:00.494957: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:34:00.494958: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 18:34:00.494960: | protocol ID: 1 (0x1) Aug 26 18:34:00.494962: | SPI size: 16 (0x10) Aug 26 18:34:00.494963: | number of SPIs: 1 (0x1) Aug 26 18:34:00.494965: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Delete Payload (12:ISAKMP_NEXT_D) Aug 26 18:34:00.494967: | next payload chain: saving location 'ISAKMP Delete Payload'.'next payload type' in 'delete msg' Aug 26 18:34:00.494969: | emitting 8 raw bytes of initiator SPI into ISAKMP Delete Payload Aug 26 18:34:00.494971: | initiator SPI b4 b9 92 b1 8c d6 51 ed Aug 26 18:34:00.494973: | emitting 8 raw bytes of responder SPI into ISAKMP Delete Payload Aug 26 18:34:00.494974: | responder SPI 11 de db 08 7f 65 6e 7d Aug 26 18:34:00.494976: | emitting length of ISAKMP Delete Payload: 28 Aug 26 18:34:00.494990: | send delete HASH(1): Aug 26 18:34:00.494992: | b2 15 f4 76 5a b3 3c 08 db 52 fc 5c 62 0d b5 e2 Aug 26 18:34:00.494994: | 0f f4 12 28 8d 8a fa df 5b ea 52 f5 62 af fb 1b Aug 26 18:34:00.494998: | no IKEv1 message padding required Aug 26 18:34:00.495000: | emitting length of ISAKMP Message: 92 Aug 26 18:34:00.495009: | sending 92 bytes for delete notify through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) Aug 26 18:34:00.495011: | b4 b9 92 b1 8c d6 51 ed 11 de db 08 7f 65 6e 7d Aug 26 18:34:00.495013: | 08 10 05 01 20 dc 8c e3 00 00 00 5c e6 76 22 ec Aug 26 18:34:00.495014: | 46 54 c4 f7 a3 48 59 93 47 01 72 e7 22 ab 79 2e Aug 26 18:34:00.495016: | c0 d4 b1 b8 eb 2e 54 20 c0 1c 49 17 25 e5 6e 0a Aug 26 18:34:00.495018: | f4 ef e8 6e 91 8e 57 8b ed 96 6e c4 75 81 ef a7 Aug 26 18:34:00.495019: | ea 73 59 4b dd 4b 31 b9 3a 66 24 25 Aug 26 18:34:00.495040: | state #1 requesting EVENT_SA_REPLACE to be deleted Aug 26 18:34:00.495044: | libevent_free: release ptr-libevent@0x55e211584118 Aug 26 18:34:00.495047: | free_event_entry: release EVENT_SA_REPLACE-pe@0x55e211568fd8 Aug 26 18:34:00.495049: | State DB: IKEv1 state not found (flush_incomplete_children) Aug 26 18:34:00.495051: | in connection_discard for connection northnet-eastnets/0x2 Aug 26 18:34:00.495053: | State DB: deleting IKEv1 state #1 in MAIN_R3 Aug 26 18:34:00.495055: | parent state #1: MAIN_R3(established IKE SA) => UNDEFINED(ignore) Aug 26 18:34:00.495062: | unreference key: 0x55e21157d3f8 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org cnt 2-- Aug 26 18:34:00.495078: | stop processing: state #1 from 192.1.3.33:500 (in delete_state() at state.c:1143) Aug 26 18:34:00.495087: | unreference key: 0x55e21157d3f8 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org cnt 1-- Aug 26 18:34:00.495092: | unreference key: 0x55e21157ef28 user-north@testing.libreswan.org cnt 1-- Aug 26 18:34:00.495097: | unreference key: 0x55e211572668 @north.testing.libreswan.org cnt 1-- Aug 26 18:34:00.495118: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) Aug 26 18:34:00.495121: | shunt_eroute() called for connection 'northnet-eastnets/0x2' to 'delete' for rt_kind 'unrouted' using protoports 0--0->-0 Aug 26 18:34:00.495123: | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 Aug 26 18:34:00.495125: | priority calculation of connection "northnet-eastnets/0x2" is 0xfe7e7 Aug 26 18:34:00.495139: | priority calculation of connection "northnet-eastnets/0x2" is 0xfe7e7 Aug 26 18:34:00.495147: | FOR_EACH_CONNECTION_... in route_owner Aug 26 18:34:00.495149: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Aug 26 18:34:00.495151: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Aug 26 18:34:00.495153: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Aug 26 18:34:00.495155: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Aug 26 18:34:00.495158: | route owner of "northnet-eastnets/0x2" unrouted: "northnet-eastnets/0x1" prospective erouted Aug 26 18:34:00.495161: | flush revival: connection 'northnet-eastnets/0x2' wasn't on the list Aug 26 18:34:00.495163: | processing: STOP connection NULL (in discard_connection() at connections.c:249) Aug 26 18:34:00.495168: | start processing: connection "northnet-eastnets/0x1" (in delete_connection() at connections.c:189) Aug 26 18:34:00.495170: | Deleting states for connection - including all other IPsec SA's of this IKE SA Aug 26 18:34:00.495172: | pass 0 Aug 26 18:34:00.495173: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 18:34:00.495175: | pass 1 Aug 26 18:34:00.495176: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 18:34:00.495178: | shunt_eroute() called for connection 'northnet-eastnets/0x1' to 'delete' for rt_kind 'unrouted' using protoports 0--0->-0 Aug 26 18:34:00.495180: | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 Aug 26 18:34:00.495182: | priority calculation of connection "northnet-eastnets/0x1" is 0xfe7e7 Aug 26 18:34:00.495191: | priority calculation of connection "northnet-eastnets/0x1" is 0xfe7e7 Aug 26 18:34:00.495197: | FOR_EACH_CONNECTION_... in route_owner Aug 26 18:34:00.495199: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Aug 26 18:34:00.495201: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Aug 26 18:34:00.495203: | route owner of "northnet-eastnets/0x1" unrouted: NULL Aug 26 18:34:00.495205: | running updown command "ipsec _updown" for verb unroute Aug 26 18:34:00.495207: | command executing unroute-client Aug 26 18:34:00.495229: | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO Aug 26 18:34:00.495232: | popen cmd is 1277 chars long Aug 26 18:34:00.495234: | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastn: Aug 26 18:34:00.495236: | cmd( 80):ets/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.2: Aug 26 18:34:00.495237: | cmd( 160):3' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN: Aug 26 18:34:00.495239: | cmd( 240):=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT=: Aug 26 18:34:00.495241: | cmd( 320):'192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255: Aug 26 18:34:00.495242: | cmd( 400):.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE: Aug 26 18:34:00.495244: | cmd( 480):='none' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Li: Aug 26 18:34:00.495247: | cmd( 560):breswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testin: Aug 26 18:34:00.495249: | cmd( 640):g.libreswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3: Aug 26 18:34:00.495251: | cmd( 720):.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOC: Aug 26 18:34:00.495252: | cmd( 800):OL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY: Aug 26 18:34:00.495254: | cmd( 880):='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO: Aug 26 18:34:00.495256: | cmd( 960):_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_P: Aug 26 18:34:00.495257: | cmd(1040):EER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER: Aug 26 18:34:00.495259: | cmd(1120):='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE=: Aug 26 18:34:00.495261: | cmd(1200):'' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&1: Aug 26 18:34:00.510388: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:34:00.510419: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:34:00.510424: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:34:00.510427: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:34:00.510431: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:34:00.510436: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:34:00.510447: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:34:00.510459: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:34:00.510470: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:34:00.510482: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:34:00.510493: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:34:00.510507: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:34:00.510521: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:34:00.510533: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:34:00.510544: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:34:00.510556: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:34:00.510570: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:34:00.510582: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:34:00.510594: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:34:00.510605: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:34:00.510618: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:34:00.510632: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:34:00.510644: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:34:00.510656: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:34:00.510668: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:34:00.510679: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:34:00.510693: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:34:00.510706: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:34:00.510719: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:34:00.510730: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:34:00.510743: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:34:00.510757: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:34:00.510769: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:34:00.510781: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:34:00.510793: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:34:00.510805: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:34:00.510818: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:34:00.510998: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:34:00.511010: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:34:00.519635: | free hp@0x55e21156a6a8 Aug 26 18:34:00.519652: | flush revival: connection 'northnet-eastnets/0x1' wasn't on the list Aug 26 18:34:00.519657: | stop processing: connection "northnet-eastnets/0x1" (in discard_connection() at connections.c:249) Aug 26 18:34:00.519688: | crl fetch request list locked by 'free_crl_fetch' Aug 26 18:34:00.519692: | crl fetch request list unlocked by 'free_crl_fetch' Aug 26 18:34:00.519707: shutting down interface lo/lo 127.0.0.1:4500 Aug 26 18:34:00.519711: shutting down interface lo/lo 127.0.0.1:500 Aug 26 18:34:00.519715: shutting down interface eth0/eth0 192.0.2.254:4500 Aug 26 18:34:00.519718: shutting down interface eth0/eth0 192.0.2.254:500 Aug 26 18:34:00.519721: shutting down interface eth1/eth1 192.1.2.23:4500 Aug 26 18:34:00.519724: shutting down interface eth1/eth1 192.1.2.23:500 Aug 26 18:34:00.519729: | FOR_EACH_STATE_... in delete_states_dead_interfaces Aug 26 18:34:00.519742: | libevent_free: release ptr-libevent@0x55e211551708 Aug 26 18:34:00.519746: | free_event_entry: release EVENT_NULL-pe@0x55e21155d428 Aug 26 18:34:00.519757: | libevent_free: release ptr-libevent@0x55e2114f7ee8 Aug 26 18:34:00.519761: | free_event_entry: release EVENT_NULL-pe@0x55e21155d4d8 Aug 26 18:34:00.519769: | libevent_free: release ptr-libevent@0x55e2114f7f98 Aug 26 18:34:00.519773: | free_event_entry: release EVENT_NULL-pe@0x55e21155d588 Aug 26 18:34:00.519781: | libevent_free: release ptr-libevent@0x55e2114f6f58 Aug 26 18:34:00.519783: | free_event_entry: release EVENT_NULL-pe@0x55e21155d638 Aug 26 18:34:00.519788: | libevent_free: release ptr-libevent@0x55e2114ff268 Aug 26 18:34:00.519790: | free_event_entry: release EVENT_NULL-pe@0x55e21155d6e8 Aug 26 18:34:00.519795: | libevent_free: release ptr-libevent@0x55e2114ffd88 Aug 26 18:34:00.519796: | free_event_entry: release EVENT_NULL-pe@0x55e21155d798 Aug 26 18:34:00.519801: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Aug 26 18:34:00.520356: | libevent_free: release ptr-libevent@0x55e2115517b8 Aug 26 18:34:00.520366: | free_event_entry: release EVENT_NULL-pe@0x55e211545958 Aug 26 18:34:00.520373: | libevent_free: release ptr-libevent@0x55e21153e438 Aug 26 18:34:00.520375: | free_event_entry: release EVENT_NULL-pe@0x55e2115454b8 Aug 26 18:34:00.520379: | libevent_free: release ptr-libevent@0x55e21153e388 Aug 26 18:34:00.520382: | free_event_entry: release EVENT_NULL-pe@0x55e2114ff428 Aug 26 18:34:00.520386: | global timer EVENT_REINIT_SECRET uninitialized Aug 26 18:34:00.520389: | global timer EVENT_SHUNT_SCAN uninitialized Aug 26 18:34:00.520392: | global timer EVENT_PENDING_DDNS uninitialized Aug 26 18:34:00.520394: | global timer EVENT_PENDING_PHASE2 uninitialized Aug 26 18:34:00.520397: | global timer EVENT_CHECK_CRLS uninitialized Aug 26 18:34:00.520403: | global timer EVENT_REVIVE_CONNS uninitialized Aug 26 18:34:00.520405: | global timer EVENT_FREE_ROOT_CERTS uninitialized Aug 26 18:34:00.520408: | global timer EVENT_RESET_LOG_RATE_LIMIT uninitialized Aug 26 18:34:00.520411: | global timer EVENT_NAT_T_KEEPALIVE uninitialized Aug 26 18:34:00.520416: | libevent_free: release ptr-libevent@0x55e2115039f8 Aug 26 18:34:00.520419: | signal event handler PLUTO_SIGCHLD uninstalled Aug 26 18:34:00.520423: | libevent_free: release ptr-libevent@0x55e21147b638 Aug 26 18:34:00.520425: | signal event handler PLUTO_SIGTERM uninstalled Aug 26 18:34:00.520429: | libevent_free: release ptr-libevent@0x55e21147ce18 Aug 26 18:34:00.520431: | signal event handler PLUTO_SIGHUP uninstalled Aug 26 18:34:00.520434: | libevent_free: release ptr-libevent@0x55e21155cec8 Aug 26 18:34:00.520437: | signal event handler PLUTO_SIGSYS uninstalled Aug 26 18:34:00.520440: | releasing event base Aug 26 18:34:00.520453: | libevent_free: release ptr-libevent@0x55e21155cd98 Aug 26 18:34:00.520456: | libevent_free: release ptr-libevent@0x55e21153fd78 Aug 26 18:34:00.520460: | libevent_free: release ptr-libevent@0x55e21153fd28 Aug 26 18:34:00.520463: | libevent_free: release ptr-libevent@0x55e21155f218 Aug 26 18:34:00.520466: | libevent_free: release ptr-libevent@0x55e21153fce8 Aug 26 18:34:00.520469: | libevent_free: release ptr-libevent@0x55e21155ca28 Aug 26 18:34:00.520471: | libevent_free: release ptr-libevent@0x55e21155cc98 Aug 26 18:34:00.520474: | libevent_free: release ptr-libevent@0x55e21153ff28 Aug 26 18:34:00.520476: | libevent_free: release ptr-libevent@0x55e211545528 Aug 26 18:34:00.520479: | libevent_free: release ptr-libevent@0x55e211545188 Aug 26 18:34:00.520481: | libevent_free: release ptr-libevent@0x55e21155d808 Aug 26 18:34:00.520484: | libevent_free: release ptr-libevent@0x55e21155d758 Aug 26 18:34:00.520487: | libevent_free: release ptr-libevent@0x55e21155d6a8 Aug 26 18:34:00.520489: | libevent_free: release ptr-libevent@0x55e21155d5f8 Aug 26 18:34:00.520492: | libevent_free: release ptr-libevent@0x55e21155d548 Aug 26 18:34:00.520494: | libevent_free: release ptr-libevent@0x55e21155d498 Aug 26 18:34:00.520497: | libevent_free: release ptr-libevent@0x55e2114784f8 Aug 26 18:34:00.520499: | libevent_free: release ptr-libevent@0x55e21155cd18 Aug 26 18:34:00.520502: | libevent_free: release ptr-libevent@0x55e21155ccd8 Aug 26 18:34:00.520504: | libevent_free: release ptr-libevent@0x55e21155cb98 Aug 26 18:34:00.520507: | libevent_free: release ptr-libevent@0x55e21155cd58 Aug 26 18:34:00.520510: | libevent_free: release ptr-libevent@0x55e21155ca68 Aug 26 18:34:00.520512: | libevent_free: release ptr-libevent@0x55e211505588 Aug 26 18:34:00.520515: | libevent_free: release ptr-libevent@0x55e211505508 Aug 26 18:34:00.520518: | libevent_free: release ptr-libevent@0x55e211478868 Aug 26 18:34:00.520520: | releasing global libevent data Aug 26 18:34:00.520524: | libevent_free: release ptr-libevent@0x55e211505708 Aug 26 18:34:00.520526: | libevent_free: release ptr-libevent@0x55e211505688 Aug 26 18:34:00.520529: | libevent_free: release ptr-libevent@0x55e211505608 Aug 26 18:34:00.520577: leak detective found no leaks