Aug 26 18:32:54.045467: FIPS Product: YES Aug 26 18:32:54.045562: FIPS Kernel: NO Aug 26 18:32:54.045565: FIPS Mode: NO Aug 26 18:32:54.045567: NSS DB directory: sql:/etc/ipsec.d Aug 26 18:32:54.045695: Initializing NSS Aug 26 18:32:54.045700: Opening NSS database "sql:/etc/ipsec.d" read-only Aug 26 18:32:54.079100: NSS initialized Aug 26 18:32:54.079120: NSS crypto library initialized Aug 26 18:32:54.079124: FIPS HMAC integrity support [enabled] Aug 26 18:32:54.079127: FIPS mode disabled for pluto daemon Aug 26 18:32:54.106886: FIPS HMAC integrity verification self-test FAILED Aug 26 18:32:54.107443: libcap-ng support [enabled] Aug 26 18:32:54.107452: Linux audit support [enabled] Aug 26 18:32:54.107678: Linux audit activated Aug 26 18:32:54.107687: Starting Pluto (Libreswan Version v3.28-685-gbfd5aef521-master-s2 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:20146 Aug 26 18:32:54.107689: core dump dir: /tmp Aug 26 18:32:54.107691: secrets file: /etc/ipsec.secrets Aug 26 18:32:54.107692: leak-detective enabled Aug 26 18:32:54.107694: NSS crypto [enabled] Aug 26 18:32:54.107695: XAUTH PAM support [enabled] Aug 26 18:32:54.107751: | libevent is using pluto's memory allocator Aug 26 18:32:54.107756: Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800) Aug 26 18:32:54.107772: | libevent_malloc: new ptr-libevent@0x55a94fb69708 size 40 Aug 26 18:32:54.107774: | libevent_malloc: new ptr-libevent@0x55a94fb69688 size 40 Aug 26 18:32:54.107777: | libevent_malloc: new ptr-libevent@0x55a94fb69608 size 40 Aug 26 18:32:54.107778: | creating event base Aug 26 18:32:54.107781: | libevent_malloc: new ptr-libevent@0x55a94fb5b238 size 56 Aug 26 18:32:54.107784: | libevent_malloc: new ptr-libevent@0x55a94fadc748 size 664 Aug 26 18:32:54.107793: | libevent_malloc: new ptr-libevent@0x55a94fba3d08 size 24 Aug 26 18:32:54.107795: | libevent_malloc: new ptr-libevent@0x55a94fba3d58 size 384 Aug 26 18:32:54.107803: | libevent_malloc: new ptr-libevent@0x55a94fba3cc8 size 16 Aug 26 18:32:54.107804: | libevent_malloc: new ptr-libevent@0x55a94fb69588 size 40 Aug 26 18:32:54.107806: | libevent_malloc: new ptr-libevent@0x55a94fb69508 size 48 Aug 26 18:32:54.107810: | libevent_realloc: new ptr-libevent@0x55a94fadf868 size 256 Aug 26 18:32:54.107812: | libevent_malloc: new ptr-libevent@0x55a94fba3f08 size 16 Aug 26 18:32:54.107816: | libevent_free: release ptr-libevent@0x55a94fb5b238 Aug 26 18:32:54.107818: | libevent initialized Aug 26 18:32:54.107821: | libevent_realloc: new ptr-libevent@0x55a94fb5b238 size 64 Aug 26 18:32:54.107825: | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds Aug 26 18:32:54.107837: | init_nat_traversal() initialized with keep_alive=0s Aug 26 18:32:54.107839: NAT-Traversal support [enabled] Aug 26 18:32:54.107841: | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized Aug 26 18:32:54.107846: | global one-shot timer EVENT_FREE_ROOT_CERTS initialized Aug 26 18:32:54.107848: | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds Aug 26 18:32:54.107875: | global one-shot timer EVENT_REVIVE_CONNS initialized Aug 26 18:32:54.107877: | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds Aug 26 18:32:54.107880: | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds Aug 26 18:32:54.107912: Encryption algorithms: Aug 26 18:32:54.107919: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm, aes_ccm_c Aug 26 18:32:54.107921: AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_b Aug 26 18:32:54.107924: AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_a Aug 26 18:32:54.107926: 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] 3des Aug 26 18:32:54.107928: CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128} Aug 26 18:32:54.107936: CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} camellia Aug 26 18:32:54.107938: AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm, aes_gcm_c Aug 26 18:32:54.107940: AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_b Aug 26 18:32:54.107943: AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_a Aug 26 18:32:54.107945: AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aesctr Aug 26 18:32:54.107947: AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aes Aug 26 18:32:54.107950: SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} serpent Aug 26 18:32:54.107952: TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} twofish Aug 26 18:32:54.107954: TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} twofish_cbc_ssh Aug 26 18:32:54.107957: NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_gmac Aug 26 18:32:54.107958: NULL IKEv1: ESP IKEv2: ESP [] Aug 26 18:32:54.107961: CHACHA20_POLY1305 IKEv1: IKEv2: IKE ESP [*256] chacha20poly1305 Aug 26 18:32:54.107965: Hash algorithms: Aug 26 18:32:54.107967: MD5 IKEv1: IKE IKEv2: Aug 26 18:32:54.107969: SHA1 IKEv1: IKE IKEv2: FIPS sha Aug 26 18:32:54.107971: SHA2_256 IKEv1: IKE IKEv2: FIPS sha2, sha256 Aug 26 18:32:54.107973: SHA2_384 IKEv1: IKE IKEv2: FIPS sha384 Aug 26 18:32:54.107975: SHA2_512 IKEv1: IKE IKEv2: FIPS sha512 Aug 26 18:32:54.107983: PRF algorithms: Aug 26 18:32:54.107985: HMAC_MD5 IKEv1: IKE IKEv2: IKE md5 Aug 26 18:32:54.107987: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS sha, sha1 Aug 26 18:32:54.107989: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS sha2, sha256, sha2_256 Aug 26 18:32:54.107991: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS sha384, sha2_384 Aug 26 18:32:54.107993: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS sha512, sha2_512 Aug 26 18:32:54.107995: AES_XCBC IKEv1: IKEv2: IKE aes128_xcbc Aug 26 18:32:54.108012: Integrity algorithms: Aug 26 18:32:54.108014: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH md5, hmac_md5 Aug 26 18:32:54.108016: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha, sha1, sha1_96, hmac_sha1 Aug 26 18:32:54.108019: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha512, sha2_512, sha2_512_256, hmac_sha2_512 Aug 26 18:32:54.108021: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha384, sha2_384, sha2_384_192, hmac_sha2_384 Aug 26 18:32:54.108024: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 Aug 26 18:32:54.108026: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH Aug 26 18:32:54.108028: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH aes_xcbc, aes128_xcbc, aes128_xcbc_96 Aug 26 18:32:54.108030: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac Aug 26 18:32:54.108032: NONE IKEv1: ESP IKEv2: IKE ESP FIPS null Aug 26 18:32:54.108039: DH algorithms: Aug 26 18:32:54.108042: NONE IKEv1: IKEv2: IKE ESP AH FIPS null, dh0 Aug 26 18:32:54.108043: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh5 Aug 26 18:32:54.108045: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh14 Aug 26 18:32:54.108049: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh15 Aug 26 18:32:54.108051: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh16 Aug 26 18:32:54.108053: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh17 Aug 26 18:32:54.108054: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh18 Aug 26 18:32:54.108056: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_256, ecp256 Aug 26 18:32:54.108058: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_384, ecp384 Aug 26 18:32:54.108060: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_521, ecp521 Aug 26 18:32:54.108062: DH31 IKEv1: IKE IKEv2: IKE ESP AH curve25519 Aug 26 18:32:54.108064: testing CAMELLIA_CBC: Aug 26 18:32:54.108066: Camellia: 16 bytes with 128-bit key Aug 26 18:32:54.108160: Camellia: 16 bytes with 128-bit key Aug 26 18:32:54.108182: Camellia: 16 bytes with 256-bit key Aug 26 18:32:54.108202: Camellia: 16 bytes with 256-bit key Aug 26 18:32:54.108219: testing AES_GCM_16: Aug 26 18:32:54.108222: empty string Aug 26 18:32:54.108240: one block Aug 26 18:32:54.108256: two blocks Aug 26 18:32:54.108272: two blocks with associated data Aug 26 18:32:54.108303: testing AES_CTR: Aug 26 18:32:54.108307: Encrypting 16 octets using AES-CTR with 128-bit key Aug 26 18:32:54.108326: Encrypting 32 octets using AES-CTR with 128-bit key Aug 26 18:32:54.108344: Encrypting 36 octets using AES-CTR with 128-bit key Aug 26 18:32:54.108362: Encrypting 16 octets using AES-CTR with 192-bit key Aug 26 18:32:54.108379: Encrypting 32 octets using AES-CTR with 192-bit key Aug 26 18:32:54.108396: Encrypting 36 octets using AES-CTR with 192-bit key Aug 26 18:32:54.108413: Encrypting 16 octets using AES-CTR with 256-bit key Aug 26 18:32:54.108429: Encrypting 32 octets using AES-CTR with 256-bit key Aug 26 18:32:54.108446: Encrypting 36 octets using AES-CTR with 256-bit key Aug 26 18:32:54.108463: testing AES_CBC: Aug 26 18:32:54.108465: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key Aug 26 18:32:54.108481: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key Aug 26 18:32:54.108499: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key Aug 26 18:32:54.108517: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key Aug 26 18:32:54.108537: testing AES_XCBC: Aug 26 18:32:54.108539: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input Aug 26 18:32:54.108615: RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input Aug 26 18:32:54.108709: RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input Aug 26 18:32:54.108796: RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input Aug 26 18:32:54.108927: RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input Aug 26 18:32:54.109045: RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input Aug 26 18:32:54.109179: RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input Aug 26 18:32:54.109482: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) Aug 26 18:32:54.109586: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) Aug 26 18:32:54.109673: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) Aug 26 18:32:54.109820: testing HMAC_MD5: Aug 26 18:32:54.109822: RFC 2104: MD5_HMAC test 1 Aug 26 18:32:54.109929: RFC 2104: MD5_HMAC test 2 Aug 26 18:32:54.110023: RFC 2104: MD5_HMAC test 3 Aug 26 18:32:54.110164: 8 CPU cores online Aug 26 18:32:54.110168: starting up 7 crypto helpers Aug 26 18:32:54.110195: started thread for crypto helper 0 Aug 26 18:32:54.110201: | starting up helper thread 0 Aug 26 18:32:54.110213: started thread for crypto helper 1 Aug 26 18:32:54.110213: | status value returned by setting the priority of this thread (crypto helper 0) 22 Aug 26 18:32:54.110226: | crypto helper 0 waiting (nothing to do) Aug 26 18:32:54.110217: | starting up helper thread 1 Aug 26 18:32:54.110241: | status value returned by setting the priority of this thread (crypto helper 1) 22 Aug 26 18:32:54.110243: | starting up helper thread 2 Aug 26 18:32:54.110242: started thread for crypto helper 2 Aug 26 18:32:54.110247: | crypto helper 1 waiting (nothing to do) Aug 26 18:32:54.110248: | status value returned by setting the priority of this thread (crypto helper 2) 22 Aug 26 18:32:54.110258: | crypto helper 2 waiting (nothing to do) Aug 26 18:32:54.110266: started thread for crypto helper 3 Aug 26 18:32:54.110268: | starting up helper thread 3 Aug 26 18:32:54.110274: | status value returned by setting the priority of this thread (crypto helper 3) 22 Aug 26 18:32:54.110277: | crypto helper 3 waiting (nothing to do) Aug 26 18:32:54.110284: started thread for crypto helper 4 Aug 26 18:32:54.110286: | starting up helper thread 4 Aug 26 18:32:54.110299: | status value returned by setting the priority of this thread (crypto helper 4) 22 Aug 26 18:32:54.110301: | crypto helper 4 waiting (nothing to do) Aug 26 18:32:54.110330: started thread for crypto helper 5 Aug 26 18:32:54.110353: started thread for crypto helper 6 Aug 26 18:32:54.110362: | checking IKEv1 state table Aug 26 18:32:54.110371: | MAIN_R0: category: half-open IKE SA flags: 0: Aug 26 18:32:54.110374: | -> MAIN_R1 EVENT_SO_DISCARD Aug 26 18:32:54.110378: | MAIN_I1: category: half-open IKE SA flags: 0: Aug 26 18:32:54.110381: | -> MAIN_I2 EVENT_RETRANSMIT Aug 26 18:32:54.110383: | MAIN_R1: category: open IKE SA flags: 200: Aug 26 18:32:54.110384: | -> MAIN_R2 EVENT_RETRANSMIT Aug 26 18:32:54.110386: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 18:32:54.110388: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 18:32:54.110389: | MAIN_I2: category: open IKE SA flags: 0: Aug 26 18:32:54.110391: | -> MAIN_I3 EVENT_RETRANSMIT Aug 26 18:32:54.110392: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 18:32:54.110394: | -> UNDEFINED EVENT_RETRANSMIT Aug 26 18:32:54.110395: | MAIN_R2: category: open IKE SA flags: 0: Aug 26 18:32:54.110397: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 18:32:54.110398: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 18:32:54.110400: | -> UNDEFINED EVENT_SA_REPLACE Aug 26 18:32:54.110402: | MAIN_I3: category: open IKE SA flags: 0: Aug 26 18:32:54.110403: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 18:32:54.110404: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 18:32:54.110406: | -> UNDEFINED EVENT_SA_REPLACE Aug 26 18:32:54.110408: | MAIN_R3: category: established IKE SA flags: 200: Aug 26 18:32:54.110409: | -> UNDEFINED EVENT_NULL Aug 26 18:32:54.110411: | MAIN_I4: category: established IKE SA flags: 0: Aug 26 18:32:54.110412: | -> UNDEFINED EVENT_NULL Aug 26 18:32:54.110414: | AGGR_R0: category: half-open IKE SA flags: 0: Aug 26 18:32:54.110415: | -> AGGR_R1 EVENT_SO_DISCARD Aug 26 18:32:54.110417: | AGGR_I1: category: half-open IKE SA flags: 0: Aug 26 18:32:54.110419: | -> AGGR_I2 EVENT_SA_REPLACE Aug 26 18:32:54.110420: | -> AGGR_I2 EVENT_SA_REPLACE Aug 26 18:32:54.110422: | AGGR_R1: category: open IKE SA flags: 200: Aug 26 18:32:54.110423: | -> AGGR_R2 EVENT_SA_REPLACE Aug 26 18:32:54.110425: | -> AGGR_R2 EVENT_SA_REPLACE Aug 26 18:32:54.110426: | AGGR_I2: category: established IKE SA flags: 200: Aug 26 18:32:54.110428: | -> UNDEFINED EVENT_NULL Aug 26 18:32:54.110430: | AGGR_R2: category: established IKE SA flags: 0: Aug 26 18:32:54.110431: | -> UNDEFINED EVENT_NULL Aug 26 18:32:54.110433: | QUICK_R0: category: established CHILD SA flags: 0: Aug 26 18:32:54.110434: | -> QUICK_R1 EVENT_RETRANSMIT Aug 26 18:32:54.110436: | QUICK_I1: category: established CHILD SA flags: 0: Aug 26 18:32:54.110438: | -> QUICK_I2 EVENT_SA_REPLACE Aug 26 18:32:54.110439: | QUICK_R1: category: established CHILD SA flags: 0: Aug 26 18:32:54.110441: | -> QUICK_R2 EVENT_SA_REPLACE Aug 26 18:32:54.110442: | QUICK_I2: category: established CHILD SA flags: 200: Aug 26 18:32:54.110444: | -> UNDEFINED EVENT_NULL Aug 26 18:32:54.110449: | QUICK_R2: category: established CHILD SA flags: 0: Aug 26 18:32:54.110450: | -> UNDEFINED EVENT_NULL Aug 26 18:32:54.110452: | INFO: category: informational flags: 0: Aug 26 18:32:54.110457: | starting up helper thread 5 Aug 26 18:32:54.110453: | starting up helper thread 6 Aug 26 18:32:54.110467: | status value returned by setting the priority of this thread (crypto helper 6) 22 Aug 26 18:32:54.110462: | status value returned by setting the priority of this thread (crypto helper 5) 22 Aug 26 18:32:54.110454: | -> UNDEFINED EVENT_NULL Aug 26 18:32:54.110472: | crypto helper 6 waiting (nothing to do) Aug 26 18:32:54.110485: | INFO_PROTECTED: category: informational flags: 0: Aug 26 18:32:54.110492: | -> UNDEFINED EVENT_NULL Aug 26 18:32:54.110497: | XAUTH_R0: category: established IKE SA flags: 0: Aug 26 18:32:54.110500: | -> XAUTH_R1 EVENT_NULL Aug 26 18:32:54.110492: | crypto helper 5 waiting (nothing to do) Aug 26 18:32:54.110502: | XAUTH_R1: category: established IKE SA flags: 0: Aug 26 18:32:54.110508: | -> MAIN_R3 EVENT_SA_REPLACE Aug 26 18:32:54.110510: | MODE_CFG_R0: category: informational flags: 0: Aug 26 18:32:54.110511: | -> MODE_CFG_R1 EVENT_SA_REPLACE Aug 26 18:32:54.110513: | MODE_CFG_R1: category: established IKE SA flags: 0: Aug 26 18:32:54.110515: | -> MODE_CFG_R2 EVENT_SA_REPLACE Aug 26 18:32:54.110516: | MODE_CFG_R2: category: established IKE SA flags: 0: Aug 26 18:32:54.110518: | -> UNDEFINED EVENT_NULL Aug 26 18:32:54.110520: | MODE_CFG_I1: category: established IKE SA flags: 0: Aug 26 18:32:54.110521: | -> MAIN_I4 EVENT_SA_REPLACE Aug 26 18:32:54.110523: | XAUTH_I0: category: established IKE SA flags: 0: Aug 26 18:32:54.110524: | -> XAUTH_I1 EVENT_RETRANSMIT Aug 26 18:32:54.110526: | XAUTH_I1: category: established IKE SA flags: 0: Aug 26 18:32:54.110528: | -> MAIN_I4 EVENT_RETRANSMIT Aug 26 18:32:54.110532: | checking IKEv2 state table Aug 26 18:32:54.110537: | PARENT_I0: category: ignore flags: 0: Aug 26 18:32:54.110539: | -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT) Aug 26 18:32:54.110541: | PARENT_I1: category: half-open IKE SA flags: 0: Aug 26 18:32:54.110543: | -> PARENT_I1 EVENT_RETAIN send-request (Initiator: process SA_INIT reply notification) Aug 26 18:32:54.110545: | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH) Aug 26 18:32:54.110547: | PARENT_I2: category: open IKE SA flags: 0: Aug 26 18:32:54.110549: | -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification) Aug 26 18:32:54.110550: | -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification) Aug 26 18:32:54.110552: | -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification) Aug 26 18:32:54.110554: | -> V2_IPSEC_I EVENT_SA_REPLACE (Initiator: process IKE_AUTH response) Aug 26 18:32:54.110555: | -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification) Aug 26 18:32:54.110557: | PARENT_I3: category: established IKE SA flags: 0: Aug 26 18:32:54.110559: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Request) Aug 26 18:32:54.110561: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Response) Aug 26 18:32:54.110562: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Request) Aug 26 18:32:54.110564: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Response) Aug 26 18:32:54.110566: | PARENT_R0: category: half-open IKE SA flags: 0: Aug 26 18:32:54.110567: | -> PARENT_R1 EVENT_SO_DISCARD send-request (Respond to IKE_SA_INIT) Aug 26 18:32:54.110569: | PARENT_R1: category: half-open IKE SA flags: 0: Aug 26 18:32:54.110571: | -> PARENT_R1 EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request (no SKEYSEED)) Aug 26 18:32:54.110573: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request) Aug 26 18:32:54.110574: | PARENT_R2: category: established IKE SA flags: 0: Aug 26 18:32:54.110576: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Request) Aug 26 18:32:54.110580: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Response) Aug 26 18:32:54.110582: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Request) Aug 26 18:32:54.110584: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Response) Aug 26 18:32:54.110586: | V2_CREATE_I0: category: established IKE SA flags: 0: Aug 26 18:32:54.110587: | -> V2_CREATE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA) Aug 26 18:32:54.110589: | V2_CREATE_I: category: established IKE SA flags: 0: Aug 26 18:32:54.110591: | -> V2_IPSEC_I EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response) Aug 26 18:32:54.110593: | V2_REKEY_IKE_I0: category: established IKE SA flags: 0: Aug 26 18:32:54.110595: | -> V2_REKEY_IKE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey) Aug 26 18:32:54.110596: | V2_REKEY_IKE_I: category: established IKE SA flags: 0: Aug 26 18:32:54.110598: | -> PARENT_I3 EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response) Aug 26 18:32:54.110600: | V2_REKEY_CHILD_I0: category: established IKE SA flags: 0: Aug 26 18:32:54.110602: | -> V2_REKEY_CHILD_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA) Aug 26 18:32:54.110604: | V2_REKEY_CHILD_I: category: established IKE SA flags: 0: Aug 26 18:32:54.110606: | V2_CREATE_R: category: established IKE SA flags: 0: Aug 26 18:32:54.110607: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IPsec SA Request) Aug 26 18:32:54.110609: | V2_REKEY_IKE_R: category: established IKE SA flags: 0: Aug 26 18:32:54.110611: | -> PARENT_R2 EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IKE Rekey) Aug 26 18:32:54.110613: | V2_REKEY_CHILD_R: category: established IKE SA flags: 0: Aug 26 18:32:54.110614: | V2_IPSEC_I: category: established CHILD SA flags: 0: Aug 26 18:32:54.110616: | V2_IPSEC_R: category: established CHILD SA flags: 0: Aug 26 18:32:54.110618: | IKESA_DEL: category: established IKE SA flags: 0: Aug 26 18:32:54.110620: | -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) Aug 26 18:32:54.110622: | CHILDSA_DEL: category: informational flags: 0: Aug 26 18:32:54.110632: Using Linux XFRM/NETKEY IPsec interface code on 5.1.18-200.fc29.x86_64 Aug 26 18:32:54.110954: | Hard-wiring algorithms Aug 26 18:32:54.110961: | adding AES_CCM_16 to kernel algorithm db Aug 26 18:32:54.110966: | adding AES_CCM_12 to kernel algorithm db Aug 26 18:32:54.110969: | adding AES_CCM_8 to kernel algorithm db Aug 26 18:32:54.110972: | adding 3DES_CBC to kernel algorithm db Aug 26 18:32:54.110975: | adding CAMELLIA_CBC to kernel algorithm db Aug 26 18:32:54.110977: | adding AES_GCM_16 to kernel algorithm db Aug 26 18:32:54.110980: | adding AES_GCM_12 to kernel algorithm db Aug 26 18:32:54.110983: | adding AES_GCM_8 to kernel algorithm db Aug 26 18:32:54.110985: | adding AES_CTR to kernel algorithm db Aug 26 18:32:54.110988: | adding AES_CBC to kernel algorithm db Aug 26 18:32:54.110991: | adding SERPENT_CBC to kernel algorithm db Aug 26 18:32:54.110994: | adding TWOFISH_CBC to kernel algorithm db Aug 26 18:32:54.110997: | adding NULL_AUTH_AES_GMAC to kernel algorithm db Aug 26 18:32:54.111000: | adding NULL to kernel algorithm db Aug 26 18:32:54.111002: | adding CHACHA20_POLY1305 to kernel algorithm db Aug 26 18:32:54.111005: | adding HMAC_MD5_96 to kernel algorithm db Aug 26 18:32:54.111008: | adding HMAC_SHA1_96 to kernel algorithm db Aug 26 18:32:54.111011: | adding HMAC_SHA2_512_256 to kernel algorithm db Aug 26 18:32:54.111014: | adding HMAC_SHA2_384_192 to kernel algorithm db Aug 26 18:32:54.111016: | adding HMAC_SHA2_256_128 to kernel algorithm db Aug 26 18:32:54.111019: | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db Aug 26 18:32:54.111022: | adding AES_XCBC_96 to kernel algorithm db Aug 26 18:32:54.111026: | adding AES_CMAC_96 to kernel algorithm db Aug 26 18:32:54.111029: | adding NONE to kernel algorithm db Aug 26 18:32:54.111053: | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes Aug 26 18:32:54.111061: | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds Aug 26 18:32:54.111064: | setup kernel fd callback Aug 26 18:32:54.111067: | add_fd_read_event_handler: new KERNEL_XRM_FD-pe@0x55a94fb63428 Aug 26 18:32:54.111071: | libevent_malloc: new ptr-libevent@0x55a94fba2388 size 128 Aug 26 18:32:54.111075: | libevent_malloc: new ptr-libevent@0x55a94fba9508 size 16 Aug 26 18:32:54.111081: | add_fd_read_event_handler: new KERNEL_ROUTE_FD-pe@0x55a94fba9498 Aug 26 18:32:54.111085: | libevent_malloc: new ptr-libevent@0x55a94fba2438 size 128 Aug 26 18:32:54.111088: | libevent_malloc: new ptr-libevent@0x55a94fba9168 size 16 Aug 26 18:32:54.111363: | global one-shot timer EVENT_CHECK_CRLS initialized Aug 26 18:32:54.111377: selinux support is enabled. Aug 26 18:32:54.111947: | unbound context created - setting debug level to 5 Aug 26 18:32:54.111981: | /etc/hosts lookups activated Aug 26 18:32:54.111994: | /etc/resolv.conf usage activated Aug 26 18:32:54.112030: | outgoing-port-avoid set 0-65535 Aug 26 18:32:54.112048: | outgoing-port-permit set 32768-60999 Aug 26 18:32:54.112050: | Loading dnssec root key from:/var/lib/unbound/root.key Aug 26 18:32:54.112052: | No additional dnssec trust anchors defined via dnssec-trusted= option Aug 26 18:32:54.112054: | Setting up events, loop start Aug 26 18:32:54.112056: | add_fd_read_event_handler: new PLUTO_CTL_FD-pe@0x55a94fba9938 Aug 26 18:32:54.112059: | libevent_malloc: new ptr-libevent@0x55a94fbb5798 size 128 Aug 26 18:32:54.112061: | libevent_malloc: new ptr-libevent@0x55a94fbc0a08 size 16 Aug 26 18:32:54.112066: | libevent_realloc: new ptr-libevent@0x55a94fadc3d8 size 256 Aug 26 18:32:54.112068: | libevent_malloc: new ptr-libevent@0x55a94fbc0a48 size 8 Aug 26 18:32:54.112071: | libevent_realloc: new ptr-libevent@0x55a94fbc0a88 size 144 Aug 26 18:32:54.112072: | libevent_malloc: new ptr-libevent@0x55a94fb679f8 size 152 Aug 26 18:32:54.112075: | libevent_malloc: new ptr-libevent@0x55a94fbc0b48 size 16 Aug 26 18:32:54.112078: | signal event handler PLUTO_SIGCHLD installed Aug 26 18:32:54.112080: | libevent_malloc: new ptr-libevent@0x55a94fbc0b88 size 8 Aug 26 18:32:54.112081: | libevent_malloc: new ptr-libevent@0x55a94fadd198 size 152 Aug 26 18:32:54.112083: | signal event handler PLUTO_SIGTERM installed Aug 26 18:32:54.112085: | libevent_malloc: new ptr-libevent@0x55a94fbc0bc8 size 8 Aug 26 18:32:54.112088: | libevent_malloc: new ptr-libevent@0x55a94fae0dd8 size 152 Aug 26 18:32:54.112090: | signal event handler PLUTO_SIGHUP installed Aug 26 18:32:54.112092: | libevent_malloc: new ptr-libevent@0x55a94fbc0c08 size 8 Aug 26 18:32:54.112094: | libevent_realloc: release ptr-libevent@0x55a94fbc0a88 Aug 26 18:32:54.112095: | libevent_realloc: new ptr-libevent@0x55a94fbc0c48 size 256 Aug 26 18:32:54.112097: | libevent_malloc: new ptr-libevent@0x55a94fbc0d78 size 152 Aug 26 18:32:54.112099: | signal event handler PLUTO_SIGSYS installed Aug 26 18:32:54.112455: | created addconn helper (pid:20197) using fork+execve Aug 26 18:32:54.112474: | forked child 20197 Aug 26 18:32:54.112530: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:32:54.112560: listening for IKE messages Aug 26 18:32:54.112629: | Inspecting interface lo Aug 26 18:32:54.112635: | found lo with address 127.0.0.1 Aug 26 18:32:54.112641: | Inspecting interface eth0 Aug 26 18:32:54.112644: | found eth0 with address 192.0.3.254 Aug 26 18:32:54.112648: | Inspecting interface eth1 Aug 26 18:32:54.112650: | found eth1 with address 192.1.3.33 Aug 26 18:32:54.112717: Kernel supports NIC esp-hw-offload Aug 26 18:32:54.112726: adding interface eth1/eth1 (esp-hw-offload not supported by kernel) 192.1.3.33:500 Aug 26 18:32:54.112764: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 18:32:54.112768: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 18:32:54.112771: adding interface eth1/eth1 192.1.3.33:4500 Aug 26 18:32:54.112797: adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.0.3.254:500 Aug 26 18:32:54.112825: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 18:32:54.112831: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 18:32:54.112836: adding interface eth0/eth0 192.0.3.254:4500 Aug 26 18:32:54.112868: adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500 Aug 26 18:32:54.112892: | NAT-Traversal: Trying sockopt style NAT-T Aug 26 18:32:54.112898: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Aug 26 18:32:54.112902: adding interface lo/lo 127.0.0.1:4500 Aug 26 18:32:54.112989: | no interfaces to sort Aug 26 18:32:54.112996: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Aug 26 18:32:54.113006: | add_fd_read_event_handler: new ethX-pe@0x55a94fbc1298 Aug 26 18:32:54.113010: | libevent_malloc: new ptr-libevent@0x55a94fbb56e8 size 128 Aug 26 18:32:54.113014: | libevent_malloc: new ptr-libevent@0x55a94fbc1308 size 16 Aug 26 18:32:54.113021: | setup callback for interface lo 127.0.0.1:4500 fd 22 Aug 26 18:32:54.113024: | add_fd_read_event_handler: new ethX-pe@0x55a94fbc1348 Aug 26 18:32:54.113029: | libevent_malloc: new ptr-libevent@0x55a94fb5bf78 size 128 Aug 26 18:32:54.113033: | libevent_malloc: new ptr-libevent@0x55a94fbc13b8 size 16 Aug 26 18:32:54.113039: | setup callback for interface lo 127.0.0.1:500 fd 21 Aug 26 18:32:54.113043: | add_fd_read_event_handler: new ethX-pe@0x55a94fbc13f8 Aug 26 18:32:54.113047: | libevent_malloc: new ptr-libevent@0x55a94fb5c028 size 128 Aug 26 18:32:54.113051: | libevent_malloc: new ptr-libevent@0x55a94fbc1468 size 16 Aug 26 18:32:54.113056: | setup callback for interface eth0 192.0.3.254:4500 fd 20 Aug 26 18:32:54.113060: | add_fd_read_event_handler: new ethX-pe@0x55a94fbc14a8 Aug 26 18:32:54.113065: | libevent_malloc: new ptr-libevent@0x55a94fb5af58 size 128 Aug 26 18:32:54.113069: | libevent_malloc: new ptr-libevent@0x55a94fbc1518 size 16 Aug 26 18:32:54.113075: | setup callback for interface eth0 192.0.3.254:500 fd 19 Aug 26 18:32:54.113079: | add_fd_read_event_handler: new ethX-pe@0x55a94fbc1558 Aug 26 18:32:54.113083: | libevent_malloc: new ptr-libevent@0x55a94fb63268 size 128 Aug 26 18:32:54.113087: | libevent_malloc: new ptr-libevent@0x55a94fbc15c8 size 16 Aug 26 18:32:54.113092: | setup callback for interface eth1 192.1.3.33:4500 fd 18 Aug 26 18:32:54.113095: | add_fd_read_event_handler: new ethX-pe@0x55a94fbc1608 Aug 26 18:32:54.113099: | libevent_malloc: new ptr-libevent@0x55a94fb63d88 size 128 Aug 26 18:32:54.113103: | libevent_malloc: new ptr-libevent@0x55a94fbc1678 size 16 Aug 26 18:32:54.113109: | setup callback for interface eth1 192.1.3.33:500 fd 17 Aug 26 18:32:54.113114: | certs and keys locked by 'free_preshared_secrets' Aug 26 18:32:54.113117: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 18:32:54.113139: loading secrets from "/etc/ipsec.secrets" Aug 26 18:32:54.113163: | saving Modulus Aug 26 18:32:54.113167: | saving PublicExponent Aug 26 18:32:54.113170: | ignoring PrivateExponent Aug 26 18:32:54.113173: | ignoring Prime1 Aug 26 18:32:54.113175: | ignoring Prime2 Aug 26 18:32:54.113177: | ignoring Exponent1 Aug 26 18:32:54.113179: | ignoring Exponent2 Aug 26 18:32:54.113180: | ignoring Coefficient Aug 26 18:32:54.113182: | ignoring CKAIDNSS Aug 26 18:32:54.113213: | computed rsa CKAID 90 5d fc a1 08 68 74 7c 6f 20 d3 1b 2d 20 4b 8f Aug 26 18:32:54.113216: | computed rsa CKAID 88 aa 7c 5d Aug 26 18:32:54.113219: loaded private key for keyid: PKK_RSA:AQPl33O2P Aug 26 18:32:54.113223: | certs and keys locked by 'process_secret' Aug 26 18:32:54.113225: | certs and keys unlocked by 'process_secret' Aug 26 18:32:54.113233: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:32:54.113239: | spent 0.716 milliseconds in whack Aug 26 18:32:54.136541: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:32:54.136566: listening for IKE messages Aug 26 18:32:54.136599: | Inspecting interface lo Aug 26 18:32:54.136605: | found lo with address 127.0.0.1 Aug 26 18:32:54.136607: | Inspecting interface eth0 Aug 26 18:32:54.136610: | found eth0 with address 192.0.3.254 Aug 26 18:32:54.136612: | Inspecting interface eth1 Aug 26 18:32:54.136614: | found eth1 with address 192.1.3.33 Aug 26 18:32:54.136668: | no interfaces to sort Aug 26 18:32:54.136675: | libevent_free: release ptr-libevent@0x55a94fbb56e8 Aug 26 18:32:54.136678: | free_event_entry: release EVENT_NULL-pe@0x55a94fbc1298 Aug 26 18:32:54.136680: | add_fd_read_event_handler: new ethX-pe@0x55a94fbc1298 Aug 26 18:32:54.136682: | libevent_malloc: new ptr-libevent@0x55a94fbb56e8 size 128 Aug 26 18:32:54.136687: | setup callback for interface lo 127.0.0.1:4500 fd 22 Aug 26 18:32:54.136690: | libevent_free: release ptr-libevent@0x55a94fb5bf78 Aug 26 18:32:54.136692: | free_event_entry: release EVENT_NULL-pe@0x55a94fbc1348 Aug 26 18:32:54.136693: | add_fd_read_event_handler: new ethX-pe@0x55a94fbc1348 Aug 26 18:32:54.136695: | libevent_malloc: new ptr-libevent@0x55a94fb5bf78 size 128 Aug 26 18:32:54.136698: | setup callback for interface lo 127.0.0.1:500 fd 21 Aug 26 18:32:54.136701: | libevent_free: release ptr-libevent@0x55a94fb5c028 Aug 26 18:32:54.136703: | free_event_entry: release EVENT_NULL-pe@0x55a94fbc13f8 Aug 26 18:32:54.136705: | add_fd_read_event_handler: new ethX-pe@0x55a94fbc13f8 Aug 26 18:32:54.136706: | libevent_malloc: new ptr-libevent@0x55a94fb5c028 size 128 Aug 26 18:32:54.136709: | setup callback for interface eth0 192.0.3.254:4500 fd 20 Aug 26 18:32:54.136712: | libevent_free: release ptr-libevent@0x55a94fb5af58 Aug 26 18:32:54.136714: | free_event_entry: release EVENT_NULL-pe@0x55a94fbc14a8 Aug 26 18:32:54.136715: | add_fd_read_event_handler: new ethX-pe@0x55a94fbc14a8 Aug 26 18:32:54.136717: | libevent_malloc: new ptr-libevent@0x55a94fb5af58 size 128 Aug 26 18:32:54.136720: | setup callback for interface eth0 192.0.3.254:500 fd 19 Aug 26 18:32:54.136722: | libevent_free: release ptr-libevent@0x55a94fb63268 Aug 26 18:32:54.136724: | free_event_entry: release EVENT_NULL-pe@0x55a94fbc1558 Aug 26 18:32:54.136726: | add_fd_read_event_handler: new ethX-pe@0x55a94fbc1558 Aug 26 18:32:54.136727: | libevent_malloc: new ptr-libevent@0x55a94fb63268 size 128 Aug 26 18:32:54.136731: | setup callback for interface eth1 192.1.3.33:4500 fd 18 Aug 26 18:32:54.136733: | libevent_free: release ptr-libevent@0x55a94fb63d88 Aug 26 18:32:54.136735: | free_event_entry: release EVENT_NULL-pe@0x55a94fbc1608 Aug 26 18:32:54.136737: | add_fd_read_event_handler: new ethX-pe@0x55a94fbc1608 Aug 26 18:32:54.136738: | libevent_malloc: new ptr-libevent@0x55a94fb63d88 size 128 Aug 26 18:32:54.136741: | setup callback for interface eth1 192.1.3.33:500 fd 17 Aug 26 18:32:54.136744: | certs and keys locked by 'free_preshared_secrets' Aug 26 18:32:54.136745: forgetting secrets Aug 26 18:32:54.136752: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 18:32:54.136764: loading secrets from "/etc/ipsec.secrets" Aug 26 18:32:54.136775: | saving Modulus Aug 26 18:32:54.136777: | saving PublicExponent Aug 26 18:32:54.136779: | ignoring PrivateExponent Aug 26 18:32:54.136781: | ignoring Prime1 Aug 26 18:32:54.136783: | ignoring Prime2 Aug 26 18:32:54.136785: | ignoring Exponent1 Aug 26 18:32:54.136787: | ignoring Exponent2 Aug 26 18:32:54.136789: | ignoring Coefficient Aug 26 18:32:54.136791: | ignoring CKAIDNSS Aug 26 18:32:54.136812: | computed rsa CKAID 90 5d fc a1 08 68 74 7c 6f 20 d3 1b 2d 20 4b 8f Aug 26 18:32:54.136814: | computed rsa CKAID 88 aa 7c 5d Aug 26 18:32:54.136816: loaded private key for keyid: PKK_RSA:AQPl33O2P Aug 26 18:32:54.136821: | certs and keys locked by 'process_secret' Aug 26 18:32:54.136822: | certs and keys unlocked by 'process_secret' Aug 26 18:32:54.136829: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:32:54.136835: | spent 0.301 milliseconds in whack Aug 26 18:32:54.137417: | processing signal PLUTO_SIGCHLD Aug 26 18:32:54.137432: | waitpid returned pid 20197 (exited with status 0) Aug 26 18:32:54.137438: | reaped addconn helper child (status 0) Aug 26 18:32:54.137442: | waitpid returned ECHILD (no child processes left) Aug 26 18:32:54.137446: | spent 0.0172 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 18:32:54.195984: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:32:54.196006: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 18:32:54.196009: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 18:32:54.196011: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 18:32:54.196012: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 18:32:54.196016: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 18:32:54.196021: | Added new connection north-dpd/0x1 with policy ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 18:32:54.196023: | No AUTH policy was set - defaulting to RSASIG Aug 26 18:32:54.196484: | setting ID to ID_DER_ASN1_DN: 'E=user-north@testing.libreswan.org,CN=north.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' Aug 26 18:32:54.196497: | loading left certificate 'north' pubkey Aug 26 18:32:54.196567: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55a94fbc37b8 Aug 26 18:32:54.196572: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55a94fbc3768 Aug 26 18:32:54.196573: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55a94fbc3718 Aug 26 18:32:54.196666: | unreference key: 0x55a94fbc3808 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org cnt 1-- Aug 26 18:32:54.196802: | certs and keys locked by 'lsw_add_rsa_secret' Aug 26 18:32:54.196806: | certs and keys unlocked by 'lsw_add_rsa_secret' Aug 26 18:32:54.196811: | counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org is 0 Aug 26 18:32:54.197214: | setting ID to ID_DER_ASN1_DN: 'E=user-east@testing.libreswan.org,CN=east.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' Aug 26 18:32:54.197219: | loading right certificate 'east' pubkey Aug 26 18:32:54.197277: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55a94fbc6838 Aug 26 18:32:54.197281: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55a94fbc7a48 Aug 26 18:32:54.197283: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55a94fbc6e08 Aug 26 18:32:54.197285: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55a94fbc6938 Aug 26 18:32:54.197286: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55a94fbc3468 Aug 26 18:32:54.197465: | unreference key: 0x55a94fbcc668 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org cnt 1-- Aug 26 18:32:54.197544: | warning: no secret key loaded for right certificate with nickname east: NSS: cert private key not found Aug 26 18:32:54.197550: | counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org is 0 Aug 26 18:32:54.197558: | connect_to_host_pair: 192.1.3.33:500 192.1.2.23:500 -> hp@(nil): none Aug 26 18:32:54.197560: | new hp@0x55a94fbcbe78 Aug 26 18:32:54.197563: added connection description "north-dpd/0x1" Aug 26 18:32:54.197573: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 18:32:54.197601: | 192.0.3.0/24===192.1.3.33<192.1.3.33>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org]---192.1.3.254...192.1.2.23<192.1.2.23>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org]===192.0.2.0/24 Aug 26 18:32:54.197607: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:32:54.197619: | spent 1.78 milliseconds in whack Aug 26 18:32:54.197702: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:32:54.197713: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 18:32:54.197729: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 18:32:54.197732: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 18:32:54.197734: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 18:32:54.197737: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 18:32:54.197756: | Added new connection north-dpd/0x2 with policy ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 18:32:54.197759: | No AUTH policy was set - defaulting to RSASIG Aug 26 18:32:54.197856: | setting ID to ID_DER_ASN1_DN: 'E=user-north@testing.libreswan.org,CN=north.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' Aug 26 18:32:54.197862: | loading left certificate 'north' pubkey Aug 26 18:32:54.197899: | unreference key: 0x55a94fbc7d88 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org cnt 1-- Aug 26 18:32:54.197908: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55a94fbc6e08 Aug 26 18:32:54.197911: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55a94fbc6938 Aug 26 18:32:54.197912: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55a94fbc3468 Aug 26 18:32:54.197945: | unreference key: 0x55a94fbc6c38 @north.testing.libreswan.org cnt 1-- Aug 26 18:32:54.197979: | unreference key: 0x55a94fbc6e58 user-north@testing.libreswan.org cnt 1-- Aug 26 18:32:54.198031: | unreference key: 0x55a94fbce1e8 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org cnt 1-- Aug 26 18:32:54.198068: | secrets entry for north already exists Aug 26 18:32:54.198074: | counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org is 0 Aug 26 18:32:54.198132: | setting ID to ID_DER_ASN1_DN: 'E=user-east@testing.libreswan.org,CN=east.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' Aug 26 18:32:54.198136: | loading right certificate 'east' pubkey Aug 26 18:32:54.198170: | unreference key: 0x55a94fbcd858 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org cnt 1-- Aug 26 18:32:54.198179: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55a94fbc6938 Aug 26 18:32:54.198181: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55a94fbcc0a8 Aug 26 18:32:54.198183: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55a94fbce2d8 Aug 26 18:32:54.198184: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55a94fbcc4e8 Aug 26 18:32:54.198186: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55a94fbcd808 Aug 26 18:32:54.198218: | unreference key: 0x55a94fbcc3f8 192.1.2.23 cnt 1-- Aug 26 18:32:54.198251: | unreference key: 0x55a94fbcb6b8 east@testing.libreswan.org cnt 1-- Aug 26 18:32:54.198283: | unreference key: 0x55a94fbcd1a8 @east.testing.libreswan.org cnt 1-- Aug 26 18:32:54.198351: | unreference key: 0x55a94fbcd5f8 user-east@testing.libreswan.org cnt 1-- Aug 26 18:32:54.198388: | unreference key: 0x55a94fbcc278 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org cnt 1-- Aug 26 18:32:54.198466: | warning: no secret key loaded for right certificate with nickname east: NSS: cert private key not found Aug 26 18:32:54.198473: | counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org is 0 Aug 26 18:32:54.198478: | find_host_pair: comparing 192.1.3.33:500 to 192.1.2.23:500 but ignoring ports Aug 26 18:32:54.198481: | connect_to_host_pair: 192.1.3.33:500 192.1.2.23:500 -> hp@0x55a94fbcbe78: north-dpd/0x1 Aug 26 18:32:54.198482: added connection description "north-dpd/0x2" Aug 26 18:32:54.198493: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Aug 26 18:32:54.198520: | 192.0.3.0/24===192.1.3.33<192.1.3.33>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org]---192.1.3.254...192.1.2.23<192.1.2.23>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org]===192.0.22.0/24 Aug 26 18:32:54.198525: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:32:54.198530: | spent 0.813 milliseconds in whack Aug 26 18:32:54.309340: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:32:54.309371: | dup_any(fd@16) -> fd@23 (in whack_process() at rcv_whack.c:590) Aug 26 18:32:54.309374: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 18:32:54.309377: initiating all conns with alias='north-dpd' Aug 26 18:32:54.309382: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Aug 26 18:32:54.309386: | start processing: connection "north-dpd/0x2" (in initiate_a_connection() at initiate.c:186) Aug 26 18:32:54.309388: | empty esp_info, returning defaults for ENCRYPT Aug 26 18:32:54.309392: | connection 'north-dpd/0x2' +POLICY_UP Aug 26 18:32:54.309394: | dup_any(fd@23) -> fd@24 (in initiate_a_connection() at initiate.c:342) Aug 26 18:32:54.309396: | FOR_EACH_STATE_... in find_phase1_state Aug 26 18:32:54.309412: | creating state object #1 at 0x55a94fbcf628 Aug 26 18:32:54.309416: | State DB: adding IKEv1 state #1 in UNDEFINED Aug 26 18:32:54.309423: | pstats #1 ikev1.isakmp started Aug 26 18:32:54.309431: | suspend processing: connection "north-dpd/0x2" (in main_outI1() at ikev1_main.c:118) Aug 26 18:32:54.309436: | start processing: state #1 connection "north-dpd/0x2" from 192.1.2.23 (in main_outI1() at ikev1_main.c:118) Aug 26 18:32:54.309440: | parent state #1: UNDEFINED(ignore) => MAIN_I1(half-open IKE SA) Aug 26 18:32:54.309443: | dup_any(fd@24) -> fd@25 (in main_outI1() at ikev1_main.c:123) Aug 26 18:32:54.309447: | Queuing pending IPsec SA negotiating with 192.1.2.23 "north-dpd/0x2" IKE SA #1 "north-dpd/0x2" Aug 26 18:32:54.309451: "north-dpd/0x2" #1: initiating Main Mode Aug 26 18:32:54.309482: | **emit ISAKMP Message: Aug 26 18:32:54.309486: | initiator cookie: Aug 26 18:32:54.309488: | b4 b9 92 b1 8c d6 51 ed Aug 26 18:32:54.309491: | responder cookie: Aug 26 18:32:54.309493: | 00 00 00 00 00 00 00 00 Aug 26 18:32:54.309496: | next payload type: ISAKMP_NEXT_SA (0x1) Aug 26 18:32:54.309499: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 18:32:54.309501: | exchange type: ISAKMP_XCHG_IDPROT (0x2) Aug 26 18:32:54.309504: | flags: none (0x0) Aug 26 18:32:54.309506: | Message ID: 0 (0x0) Aug 26 18:32:54.309509: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:32:54.309512: | next payload chain: ignoring supplied 'ISAKMP Message'.'next payload type' value 1:ISAKMP_NEXT_SA Aug 26 18:32:54.309515: | no specific IKE algorithms specified - using defaults Aug 26 18:32:54.309536: | oakley_alg_makedb() processing ealg=aes=7 halg=sha2_256=4 modp=MODP2048=14 eklen=0 Aug 26 18:32:54.309543: | oakley_alg_makedb() processing ealg=aes=7 halg=sha2_512=6 modp=MODP2048=14 eklen=0 Aug 26 18:32:54.309548: | oakley_alg_makedb() processing ealg=aes=7 halg=sha=2 modp=MODP2048=14 eklen=0 Aug 26 18:32:54.309555: | oakley_alg_makedb() processing ealg=aes=7 halg=sha2_256=4 modp=MODP1536=5 eklen=0 Aug 26 18:32:54.309561: | oakley_alg_makedb() processing ealg=aes=7 halg=sha2_512=6 modp=MODP1536=5 eklen=0 Aug 26 18:32:54.309565: | oakley_alg_makedb() processing ealg=aes=7 halg=sha=2 modp=MODP1536=5 eklen=0 Aug 26 18:32:54.309569: | oakley_alg_makedb() processing ealg=3des_cbc=5 halg=sha2_256=4 modp=MODP2048=14 eklen=0 Aug 26 18:32:54.309576: | oakley_alg_makedb() processing ealg=3des_cbc=5 halg=sha2_512=6 modp=MODP2048=14 eklen=0 Aug 26 18:32:54.309579: | oakley_alg_makedb() processing ealg=3des_cbc=5 halg=sha=2 modp=MODP2048=14 eklen=0 Aug 26 18:32:54.309582: | oakley_alg_makedb() processing ealg=3des_cbc=5 halg=sha2_256=4 modp=MODP1536=5 eklen=0 Aug 26 18:32:54.309586: | oakley_alg_makedb() processing ealg=3des_cbc=5 halg=sha2_512=6 modp=MODP1536=5 eklen=0 Aug 26 18:32:54.309589: | oakley_alg_makedb() processing ealg=3des_cbc=5 halg=sha=2 modp=MODP1536=5 eklen=0 Aug 26 18:32:54.309592: | oakley_alg_makedb() returning 0x55a94fbd1918 Aug 26 18:32:54.309597: | ***emit ISAKMP Security Association Payload: Aug 26 18:32:54.309599: | next payload type: ISAKMP_NEXT_VID (0xd) Aug 26 18:32:54.309601: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 18:32:54.309603: | next payload chain: ignoring supplied 'ISAKMP Security Association Payload'.'next payload type' value 13:ISAKMP_NEXT_VID Aug 26 18:32:54.309605: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Security Association Payload (1:ISAKMP_NEXT_SA) Aug 26 18:32:54.309607: | next payload chain: saving location 'ISAKMP Security Association Payload'.'next payload type' in 'reply packet' Aug 26 18:32:54.309609: | ****emit IPsec DOI SIT: Aug 26 18:32:54.309611: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) Aug 26 18:32:54.309613: | ikev1_out_sa pcn: 0 has 1 valid proposals Aug 26 18:32:54.309614: | ikev1_out_sa pcn: 0 pn: 0<1 valid_count: 1 trans_cnt: 18 Aug 26 18:32:54.309616: | ****emit ISAKMP Proposal Payload: Aug 26 18:32:54.309618: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:32:54.309619: | proposal number: 0 (0x0) Aug 26 18:32:54.309621: | protocol ID: PROTO_ISAKMP (0x1) Aug 26 18:32:54.309623: | SPI size: 0 (0x0) Aug 26 18:32:54.309624: | number of transforms: 18 (0x12) Aug 26 18:32:54.309626: | last substructure: saving location 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' Aug 26 18:32:54.309628: | *****emit ISAKMP Transform Payload (ISAKMP): Aug 26 18:32:54.309630: | next payload type: ISAKMP_NEXT_T (0x3) Aug 26 18:32:54.309631: | ISAKMP transform number: 0 (0x0) Aug 26 18:32:54.309633: | ISAKMP transform ID: KEY_IKE (0x1) Aug 26 18:32:54.309634: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Aug 26 18:32:54.309636: | ******emit ISAKMP Oakley attribute: Aug 26 18:32:54.309638: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Aug 26 18:32:54.309640: | length/value: 1 (0x1) Aug 26 18:32:54.309642: | [1 is OAKLEY_LIFE_SECONDS] Aug 26 18:32:54.309644: | ******emit ISAKMP Oakley attribute: Aug 26 18:32:54.309645: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Aug 26 18:32:54.309647: | length/value: 3600 (0xe10) Aug 26 18:32:54.309649: | ******emit ISAKMP Oakley attribute: Aug 26 18:32:54.309650: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Aug 26 18:32:54.309652: | length/value: 7 (0x7) Aug 26 18:32:54.309653: | [7 is OAKLEY_AES_CBC] Aug 26 18:32:54.309655: | ******emit ISAKMP Oakley attribute: Aug 26 18:32:54.309657: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Aug 26 18:32:54.309658: | length/value: 4 (0x4) Aug 26 18:32:54.309660: | [4 is OAKLEY_SHA2_256] Aug 26 18:32:54.309661: | ******emit ISAKMP Oakley attribute: Aug 26 18:32:54.309663: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Aug 26 18:32:54.309664: | length/value: 3 (0x3) Aug 26 18:32:54.309666: | [3 is OAKLEY_RSA_SIG] Aug 26 18:32:54.309667: | ******emit ISAKMP Oakley attribute: Aug 26 18:32:54.309669: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Aug 26 18:32:54.309670: | length/value: 14 (0xe) Aug 26 18:32:54.309672: | [14 is OAKLEY_GROUP_MODP2048] Aug 26 18:32:54.309673: | ******emit ISAKMP Oakley attribute: Aug 26 18:32:54.309675: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) Aug 26 18:32:54.309676: | length/value: 256 (0x100) Aug 26 18:32:54.309678: | emitting length of ISAKMP Transform Payload (ISAKMP): 36 Aug 26 18:32:54.309681: | *****emit ISAKMP Transform Payload (ISAKMP): Aug 26 18:32:54.309683: | next payload type: ISAKMP_NEXT_T (0x3) Aug 26 18:32:54.309684: | ISAKMP transform number: 1 (0x1) Aug 26 18:32:54.309686: | ISAKMP transform ID: KEY_IKE (0x1) Aug 26 18:32:54.309688: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Aug 26 18:32:54.309690: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Aug 26 18:32:54.309691: | ******emit ISAKMP Oakley attribute: Aug 26 18:32:54.309693: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Aug 26 18:32:54.309694: | length/value: 1 (0x1) Aug 26 18:32:54.309696: | [1 is OAKLEY_LIFE_SECONDS] Aug 26 18:32:54.309697: | ******emit ISAKMP Oakley attribute: Aug 26 18:32:54.309699: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Aug 26 18:32:54.309701: | length/value: 3600 (0xe10) Aug 26 18:32:54.309702: | ******emit ISAKMP Oakley attribute: Aug 26 18:32:54.309704: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Aug 26 18:32:54.309706: | length/value: 7 (0x7) Aug 26 18:32:54.309708: | [7 is OAKLEY_AES_CBC] Aug 26 18:32:54.309711: | ******emit ISAKMP Oakley attribute: Aug 26 18:32:54.309713: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Aug 26 18:32:54.309715: | length/value: 4 (0x4) Aug 26 18:32:54.309717: | [4 is OAKLEY_SHA2_256] Aug 26 18:32:54.309720: | ******emit ISAKMP Oakley attribute: Aug 26 18:32:54.309722: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Aug 26 18:32:54.309724: | length/value: 3 (0x3) Aug 26 18:32:54.309726: | [3 is OAKLEY_RSA_SIG] Aug 26 18:32:54.309729: | ******emit ISAKMP Oakley attribute: Aug 26 18:32:54.309731: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Aug 26 18:32:54.309733: | length/value: 14 (0xe) Aug 26 18:32:54.309735: | [14 is OAKLEY_GROUP_MODP2048] Aug 26 18:32:54.309738: | ******emit ISAKMP Oakley attribute: Aug 26 18:32:54.309740: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) Aug 26 18:32:54.309743: | length/value: 128 (0x80) Aug 26 18:32:54.309745: | emitting length of ISAKMP Transform Payload (ISAKMP): 36 Aug 26 18:32:54.309748: | *****emit ISAKMP Transform Payload (ISAKMP): Aug 26 18:32:54.309750: | next payload type: ISAKMP_NEXT_T (0x3) Aug 26 18:32:54.309753: | ISAKMP transform number: 2 (0x2) Aug 26 18:32:54.309755: | ISAKMP transform ID: KEY_IKE (0x1) Aug 26 18:32:54.309758: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Aug 26 18:32:54.309761: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Aug 26 18:32:54.309764: | ******emit ISAKMP Oakley attribute: Aug 26 18:32:54.309767: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Aug 26 18:32:54.309769: | length/value: 1 (0x1) Aug 26 18:32:54.309772: | [1 is OAKLEY_LIFE_SECONDS] Aug 26 18:32:54.309774: | ******emit ISAKMP Oakley attribute: Aug 26 18:32:54.309776: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Aug 26 18:32:54.309779: | length/value: 3600 (0xe10) Aug 26 18:32:54.309782: | ******emit ISAKMP Oakley attribute: Aug 26 18:32:54.309784: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Aug 26 18:32:54.309787: | length/value: 7 (0x7) Aug 26 18:32:54.309789: | [7 is OAKLEY_AES_CBC] Aug 26 18:32:54.309792: | ******emit ISAKMP Oakley attribute: Aug 26 18:32:54.309794: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Aug 26 18:32:54.309797: | length/value: 6 (0x6) Aug 26 18:32:54.309799: | [6 is OAKLEY_SHA2_512] Aug 26 18:32:54.309801: | ******emit ISAKMP Oakley attribute: Aug 26 18:32:54.309804: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Aug 26 18:32:54.309806: | length/value: 3 (0x3) Aug 26 18:32:54.309809: | [3 is OAKLEY_RSA_SIG] Aug 26 18:32:54.309811: | ******emit ISAKMP Oakley attribute: Aug 26 18:32:54.309814: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Aug 26 18:32:54.309819: | length/value: 14 (0xe) Aug 26 18:32:54.309821: | [14 is OAKLEY_GROUP_MODP2048] Aug 26 18:32:54.309823: | ******emit ISAKMP Oakley attribute: Aug 26 18:32:54.309824: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) Aug 26 18:32:54.309826: | length/value: 256 (0x100) Aug 26 18:32:54.309827: | emitting length of ISAKMP Transform Payload (ISAKMP): 36 Aug 26 18:32:54.309829: | *****emit ISAKMP Transform Payload (ISAKMP): Aug 26 18:32:54.309831: | next payload type: ISAKMP_NEXT_T (0x3) Aug 26 18:32:54.309832: | ISAKMP transform number: 3 (0x3) Aug 26 18:32:54.309834: | ISAKMP transform ID: KEY_IKE (0x1) Aug 26 18:32:54.309836: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Aug 26 18:32:54.309837: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Aug 26 18:32:54.309839: | ******emit ISAKMP Oakley attribute: Aug 26 18:32:54.309841: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Aug 26 18:32:54.309842: | length/value: 1 (0x1) Aug 26 18:32:54.309844: | [1 is OAKLEY_LIFE_SECONDS] Aug 26 18:32:54.309845: | ******emit ISAKMP Oakley attribute: Aug 26 18:32:54.309847: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Aug 26 18:32:54.309848: | length/value: 3600 (0xe10) Aug 26 18:32:54.309850: | ******emit ISAKMP Oakley attribute: Aug 26 18:32:54.309851: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Aug 26 18:32:54.309853: | length/value: 7 (0x7) Aug 26 18:32:54.309854: | [7 is OAKLEY_AES_CBC] Aug 26 18:32:54.309856: | ******emit ISAKMP Oakley attribute: Aug 26 18:32:54.309857: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Aug 26 18:32:54.309859: | length/value: 6 (0x6) Aug 26 18:32:54.309860: | [6 is OAKLEY_SHA2_512] Aug 26 18:32:54.309862: | ******emit ISAKMP Oakley attribute: Aug 26 18:32:54.309863: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Aug 26 18:32:54.309865: | length/value: 3 (0x3) Aug 26 18:32:54.309866: | [3 is OAKLEY_RSA_SIG] Aug 26 18:32:54.309868: | ******emit ISAKMP Oakley attribute: Aug 26 18:32:54.309869: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Aug 26 18:32:54.309871: | length/value: 14 (0xe) Aug 26 18:32:54.309872: | [14 is OAKLEY_GROUP_MODP2048] Aug 26 18:32:54.309874: | ******emit ISAKMP Oakley attribute: Aug 26 18:32:54.309875: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) Aug 26 18:32:54.309877: | length/value: 128 (0x80) Aug 26 18:32:54.309879: | emitting length of ISAKMP Transform Payload (ISAKMP): 36 Aug 26 18:32:54.309880: | *****emit ISAKMP Transform Payload (ISAKMP): Aug 26 18:32:54.309882: | next payload type: ISAKMP_NEXT_T (0x3) Aug 26 18:32:54.309883: | ISAKMP transform number: 4 (0x4) Aug 26 18:32:54.309885: | ISAKMP transform ID: KEY_IKE (0x1) Aug 26 18:32:54.309886: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Aug 26 18:32:54.309888: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Aug 26 18:32:54.309890: | ******emit ISAKMP Oakley attribute: Aug 26 18:32:54.309891: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Aug 26 18:32:54.309893: | length/value: 1 (0x1) Aug 26 18:32:54.309894: | [1 is OAKLEY_LIFE_SECONDS] Aug 26 18:32:54.309896: | ******emit ISAKMP Oakley attribute: Aug 26 18:32:54.309897: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Aug 26 18:32:54.309899: | length/value: 3600 (0xe10) Aug 26 18:32:54.309900: | ******emit ISAKMP Oakley attribute: Aug 26 18:32:54.309902: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Aug 26 18:32:54.309903: | length/value: 7 (0x7) Aug 26 18:32:54.309905: | [7 is OAKLEY_AES_CBC] Aug 26 18:32:54.309906: | ******emit ISAKMP Oakley attribute: Aug 26 18:32:54.309908: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Aug 26 18:32:54.309909: | length/value: 2 (0x2) Aug 26 18:32:54.309912: | [2 is OAKLEY_SHA1] Aug 26 18:32:54.309913: | ******emit ISAKMP Oakley attribute: Aug 26 18:32:54.309915: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Aug 26 18:32:54.309917: | length/value: 3 (0x3) Aug 26 18:32:54.309918: | [3 is OAKLEY_RSA_SIG] Aug 26 18:32:54.309919: | ******emit ISAKMP Oakley attribute: Aug 26 18:32:54.309921: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Aug 26 18:32:54.309922: | length/value: 14 (0xe) Aug 26 18:32:54.309924: | [14 is OAKLEY_GROUP_MODP2048] Aug 26 18:32:54.309925: | ******emit ISAKMP Oakley attribute: Aug 26 18:32:54.309927: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) Aug 26 18:32:54.309928: | length/value: 256 (0x100) Aug 26 18:32:54.309930: | emitting length of ISAKMP Transform Payload (ISAKMP): 36 Aug 26 18:32:54.309932: | *****emit ISAKMP Transform Payload (ISAKMP): Aug 26 18:32:54.309933: | next payload type: ISAKMP_NEXT_T (0x3) Aug 26 18:32:54.309935: | ISAKMP transform number: 5 (0x5) Aug 26 18:32:54.309936: | ISAKMP transform ID: KEY_IKE (0x1) Aug 26 18:32:54.309938: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Aug 26 18:32:54.309940: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Aug 26 18:32:54.309941: | ******emit ISAKMP Oakley attribute: Aug 26 18:32:54.309943: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Aug 26 18:32:54.309944: | length/value: 1 (0x1) Aug 26 18:32:54.309946: | [1 is OAKLEY_LIFE_SECONDS] Aug 26 18:32:54.309947: | ******emit ISAKMP Oakley attribute: Aug 26 18:32:54.309949: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Aug 26 18:32:54.309950: | length/value: 3600 (0xe10) Aug 26 18:32:54.309952: | ******emit ISAKMP Oakley attribute: Aug 26 18:32:54.309953: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Aug 26 18:32:54.309955: | length/value: 7 (0x7) Aug 26 18:32:54.309956: | [7 is OAKLEY_AES_CBC] Aug 26 18:32:54.309958: | ******emit ISAKMP Oakley attribute: Aug 26 18:32:54.309959: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Aug 26 18:32:54.309961: | length/value: 2 (0x2) Aug 26 18:32:54.309962: | [2 is OAKLEY_SHA1] Aug 26 18:32:54.309964: | ******emit ISAKMP Oakley attribute: Aug 26 18:32:54.309966: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Aug 26 18:32:54.309968: | length/value: 3 (0x3) Aug 26 18:32:54.309971: | [3 is OAKLEY_RSA_SIG] Aug 26 18:32:54.309973: | ******emit ISAKMP Oakley attribute: Aug 26 18:32:54.309975: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Aug 26 18:32:54.309978: | length/value: 14 (0xe) Aug 26 18:32:54.309980: | [14 is OAKLEY_GROUP_MODP2048] Aug 26 18:32:54.309983: | ******emit ISAKMP Oakley attribute: Aug 26 18:32:54.309986: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) Aug 26 18:32:54.309988: | length/value: 128 (0x80) Aug 26 18:32:54.309991: | emitting length of ISAKMP Transform Payload (ISAKMP): 36 Aug 26 18:32:54.309993: | *****emit ISAKMP Transform Payload (ISAKMP): Aug 26 18:32:54.309996: | next payload type: ISAKMP_NEXT_T (0x3) Aug 26 18:32:54.309998: | ISAKMP transform number: 6 (0x6) Aug 26 18:32:54.309999: | ISAKMP transform ID: KEY_IKE (0x1) Aug 26 18:32:54.310001: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Aug 26 18:32:54.310003: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Aug 26 18:32:54.310004: | ******emit ISAKMP Oakley attribute: Aug 26 18:32:54.310006: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Aug 26 18:32:54.310008: | length/value: 1 (0x1) Aug 26 18:32:54.310009: | [1 is OAKLEY_LIFE_SECONDS] Aug 26 18:32:54.310011: | ******emit ISAKMP Oakley attribute: Aug 26 18:32:54.310012: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Aug 26 18:32:54.310014: | length/value: 3600 (0xe10) Aug 26 18:32:54.310018: | ******emit ISAKMP Oakley attribute: Aug 26 18:32:54.310020: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Aug 26 18:32:54.310022: | length/value: 7 (0x7) Aug 26 18:32:54.310023: | [7 is OAKLEY_AES_CBC] Aug 26 18:32:54.310025: | ******emit ISAKMP Oakley attribute: Aug 26 18:32:54.310026: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Aug 26 18:32:54.310028: | length/value: 4 (0x4) Aug 26 18:32:54.310029: | [4 is OAKLEY_SHA2_256] Aug 26 18:32:54.310031: | ******emit ISAKMP Oakley attribute: Aug 26 18:32:54.310032: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Aug 26 18:32:54.310034: | length/value: 3 (0x3) Aug 26 18:32:54.310035: | [3 is OAKLEY_RSA_SIG] Aug 26 18:32:54.310037: | ******emit ISAKMP Oakley attribute: Aug 26 18:32:54.310038: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Aug 26 18:32:54.310040: | length/value: 5 (0x5) Aug 26 18:32:54.310041: | [5 is OAKLEY_GROUP_MODP1536] Aug 26 18:32:54.310043: | ******emit ISAKMP Oakley attribute: Aug 26 18:32:54.310044: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) Aug 26 18:32:54.310046: | length/value: 256 (0x100) Aug 26 18:32:54.310047: | emitting length of ISAKMP Transform Payload (ISAKMP): 36 Aug 26 18:32:54.310049: | *****emit ISAKMP Transform Payload (ISAKMP): Aug 26 18:32:54.310050: | next payload type: ISAKMP_NEXT_T (0x3) Aug 26 18:32:54.310052: | ISAKMP transform number: 7 (0x7) Aug 26 18:32:54.310053: | ISAKMP transform ID: KEY_IKE (0x1) Aug 26 18:32:54.310055: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Aug 26 18:32:54.310057: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Aug 26 18:32:54.310058: | ******emit ISAKMP Oakley attribute: Aug 26 18:32:54.310060: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Aug 26 18:32:54.310061: | length/value: 1 (0x1) Aug 26 18:32:54.310063: | [1 is OAKLEY_LIFE_SECONDS] Aug 26 18:32:54.310064: | ******emit ISAKMP Oakley attribute: Aug 26 18:32:54.310066: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Aug 26 18:32:54.310067: | length/value: 3600 (0xe10) Aug 26 18:32:54.310069: | ******emit ISAKMP Oakley attribute: Aug 26 18:32:54.310071: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Aug 26 18:32:54.310072: | length/value: 7 (0x7) Aug 26 18:32:54.310073: | [7 is OAKLEY_AES_CBC] Aug 26 18:32:54.310075: | ******emit ISAKMP Oakley attribute: Aug 26 18:32:54.310076: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Aug 26 18:32:54.310078: | length/value: 4 (0x4) Aug 26 18:32:54.310079: | [4 is OAKLEY_SHA2_256] Aug 26 18:32:54.310081: | ******emit ISAKMP Oakley attribute: Aug 26 18:32:54.310082: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Aug 26 18:32:54.310084: | length/value: 3 (0x3) Aug 26 18:32:54.310085: | [3 is OAKLEY_RSA_SIG] Aug 26 18:32:54.310087: | ******emit ISAKMP Oakley attribute: Aug 26 18:32:54.310088: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Aug 26 18:32:54.310090: | length/value: 5 (0x5) Aug 26 18:32:54.310091: | [5 is OAKLEY_GROUP_MODP1536] Aug 26 18:32:54.310093: | ******emit ISAKMP Oakley attribute: Aug 26 18:32:54.310094: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) Aug 26 18:32:54.310096: | length/value: 128 (0x80) Aug 26 18:32:54.310097: | emitting length of ISAKMP Transform Payload (ISAKMP): 36 Aug 26 18:32:54.310099: | *****emit ISAKMP Transform Payload (ISAKMP): Aug 26 18:32:54.310100: | next payload type: ISAKMP_NEXT_T (0x3) Aug 26 18:32:54.310102: | ISAKMP transform number: 8 (0x8) Aug 26 18:32:54.310103: | ISAKMP transform ID: KEY_IKE (0x1) Aug 26 18:32:54.310105: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Aug 26 18:32:54.310107: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Aug 26 18:32:54.310109: | ******emit ISAKMP Oakley attribute: Aug 26 18:32:54.310111: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Aug 26 18:32:54.310112: | length/value: 1 (0x1) Aug 26 18:32:54.310114: | [1 is OAKLEY_LIFE_SECONDS] Aug 26 18:32:54.310115: | ******emit ISAKMP Oakley attribute: Aug 26 18:32:54.310117: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Aug 26 18:32:54.310118: | length/value: 3600 (0xe10) Aug 26 18:32:54.310120: | ******emit ISAKMP Oakley attribute: Aug 26 18:32:54.310122: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Aug 26 18:32:54.310123: | length/value: 7 (0x7) Aug 26 18:32:54.310124: | [7 is OAKLEY_AES_CBC] Aug 26 18:32:54.310126: | ******emit ISAKMP Oakley attribute: Aug 26 18:32:54.310127: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Aug 26 18:32:54.310129: | length/value: 6 (0x6) Aug 26 18:32:54.310130: | [6 is OAKLEY_SHA2_512] Aug 26 18:32:54.310132: | ******emit ISAKMP Oakley attribute: Aug 26 18:32:54.310133: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Aug 26 18:32:54.310135: | length/value: 3 (0x3) Aug 26 18:32:54.310136: | [3 is OAKLEY_RSA_SIG] Aug 26 18:32:54.310138: | ******emit ISAKMP Oakley attribute: Aug 26 18:32:54.310139: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Aug 26 18:32:54.310141: | length/value: 5 (0x5) Aug 26 18:32:54.310142: | [5 is OAKLEY_GROUP_MODP1536] Aug 26 18:32:54.310144: | ******emit ISAKMP Oakley attribute: Aug 26 18:32:54.310145: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) Aug 26 18:32:54.310147: | length/value: 256 (0x100) Aug 26 18:32:54.310148: | emitting length of ISAKMP Transform Payload (ISAKMP): 36 Aug 26 18:32:54.310150: | *****emit ISAKMP Transform Payload (ISAKMP): Aug 26 18:32:54.310151: | next payload type: ISAKMP_NEXT_T (0x3) Aug 26 18:32:54.310153: | ISAKMP transform number: 9 (0x9) Aug 26 18:32:54.310154: | ISAKMP transform ID: KEY_IKE (0x1) Aug 26 18:32:54.310156: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Aug 26 18:32:54.310158: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Aug 26 18:32:54.310160: | ******emit ISAKMP Oakley attribute: Aug 26 18:32:54.310161: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Aug 26 18:32:54.310163: | length/value: 1 (0x1) Aug 26 18:32:54.310164: | [1 is OAKLEY_LIFE_SECONDS] Aug 26 18:32:54.310166: | ******emit ISAKMP Oakley attribute: Aug 26 18:32:54.310167: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Aug 26 18:32:54.310169: | length/value: 3600 (0xe10) Aug 26 18:32:54.310170: | ******emit ISAKMP Oakley attribute: Aug 26 18:32:54.310172: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Aug 26 18:32:54.310173: | length/value: 7 (0x7) Aug 26 18:32:54.310175: | [7 is OAKLEY_AES_CBC] Aug 26 18:32:54.310176: | ******emit ISAKMP Oakley attribute: Aug 26 18:32:54.310178: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Aug 26 18:32:54.310179: | length/value: 6 (0x6) Aug 26 18:32:54.310181: | [6 is OAKLEY_SHA2_512] Aug 26 18:32:54.310182: | ******emit ISAKMP Oakley attribute: Aug 26 18:32:54.310184: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Aug 26 18:32:54.310185: | length/value: 3 (0x3) Aug 26 18:32:54.310187: | [3 is OAKLEY_RSA_SIG] Aug 26 18:32:54.310188: | ******emit ISAKMP Oakley attribute: Aug 26 18:32:54.310190: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Aug 26 18:32:54.310191: | length/value: 5 (0x5) Aug 26 18:32:54.310192: | [5 is OAKLEY_GROUP_MODP1536] Aug 26 18:32:54.310194: | ******emit ISAKMP Oakley attribute: Aug 26 18:32:54.310195: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) Aug 26 18:32:54.310197: | length/value: 128 (0x80) Aug 26 18:32:54.310199: | emitting length of ISAKMP Transform Payload (ISAKMP): 36 Aug 26 18:32:54.310200: | *****emit ISAKMP Transform Payload (ISAKMP): Aug 26 18:32:54.310202: | next payload type: ISAKMP_NEXT_T (0x3) Aug 26 18:32:54.310203: | ISAKMP transform number: 10 (0xa) Aug 26 18:32:54.310205: | ISAKMP transform ID: KEY_IKE (0x1) Aug 26 18:32:54.310207: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Aug 26 18:32:54.310209: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Aug 26 18:32:54.310210: | ******emit ISAKMP Oakley attribute: Aug 26 18:32:54.310212: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Aug 26 18:32:54.310213: | length/value: 1 (0x1) Aug 26 18:32:54.310215: | [1 is OAKLEY_LIFE_SECONDS] Aug 26 18:32:54.310216: | ******emit ISAKMP Oakley attribute: Aug 26 18:32:54.310218: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Aug 26 18:32:54.310220: | length/value: 3600 (0xe10) Aug 26 18:32:54.310221: | ******emit ISAKMP Oakley attribute: Aug 26 18:32:54.310223: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Aug 26 18:32:54.310224: | length/value: 7 (0x7) Aug 26 18:32:54.310226: | [7 is OAKLEY_AES_CBC] Aug 26 18:32:54.310227: | ******emit ISAKMP Oakley attribute: Aug 26 18:32:54.310229: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Aug 26 18:32:54.310230: | length/value: 2 (0x2) Aug 26 18:32:54.310231: | [2 is OAKLEY_SHA1] Aug 26 18:32:54.310233: | ******emit ISAKMP Oakley attribute: Aug 26 18:32:54.310234: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Aug 26 18:32:54.310236: | length/value: 3 (0x3) Aug 26 18:32:54.310237: | [3 is OAKLEY_RSA_SIG] Aug 26 18:32:54.310239: | ******emit ISAKMP Oakley attribute: Aug 26 18:32:54.310240: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Aug 26 18:32:54.310242: | length/value: 5 (0x5) Aug 26 18:32:54.310243: | [5 is OAKLEY_GROUP_MODP1536] Aug 26 18:32:54.310245: | ******emit ISAKMP Oakley attribute: Aug 26 18:32:54.310246: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) Aug 26 18:32:54.310248: | length/value: 256 (0x100) Aug 26 18:32:54.310249: | emitting length of ISAKMP Transform Payload (ISAKMP): 36 Aug 26 18:32:54.310251: | *****emit ISAKMP Transform Payload (ISAKMP): Aug 26 18:32:54.310252: | next payload type: ISAKMP_NEXT_T (0x3) Aug 26 18:32:54.310254: | ISAKMP transform number: 11 (0xb) Aug 26 18:32:54.310256: | ISAKMP transform ID: KEY_IKE (0x1) Aug 26 18:32:54.310257: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Aug 26 18:32:54.310259: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Aug 26 18:32:54.310261: | ******emit ISAKMP Oakley attribute: Aug 26 18:32:54.310262: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Aug 26 18:32:54.310264: | length/value: 1 (0x1) Aug 26 18:32:54.310265: | [1 is OAKLEY_LIFE_SECONDS] Aug 26 18:32:54.310267: | ******emit ISAKMP Oakley attribute: Aug 26 18:32:54.310268: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Aug 26 18:32:54.310270: | length/value: 3600 (0xe10) Aug 26 18:32:54.310271: | ******emit ISAKMP Oakley attribute: Aug 26 18:32:54.310273: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Aug 26 18:32:54.310274: | length/value: 7 (0x7) Aug 26 18:32:54.310276: | [7 is OAKLEY_AES_CBC] Aug 26 18:32:54.310277: | ******emit ISAKMP Oakley attribute: Aug 26 18:32:54.310279: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Aug 26 18:32:54.310280: | length/value: 2 (0x2) Aug 26 18:32:54.310282: | [2 is OAKLEY_SHA1] Aug 26 18:32:54.310283: | ******emit ISAKMP Oakley attribute: Aug 26 18:32:54.310285: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Aug 26 18:32:54.310286: | length/value: 3 (0x3) Aug 26 18:32:54.310291: | [3 is OAKLEY_RSA_SIG] Aug 26 18:32:54.310293: | ******emit ISAKMP Oakley attribute: Aug 26 18:32:54.310295: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Aug 26 18:32:54.310296: | length/value: 5 (0x5) Aug 26 18:32:54.310298: | [5 is OAKLEY_GROUP_MODP1536] Aug 26 18:32:54.310299: | ******emit ISAKMP Oakley attribute: Aug 26 18:32:54.310302: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) Aug 26 18:32:54.310303: | length/value: 128 (0x80) Aug 26 18:32:54.310322: | emitting length of ISAKMP Transform Payload (ISAKMP): 36 Aug 26 18:32:54.310324: | *****emit ISAKMP Transform Payload (ISAKMP): Aug 26 18:32:54.310325: | next payload type: ISAKMP_NEXT_T (0x3) Aug 26 18:32:54.310329: | ISAKMP transform number: 12 (0xc) Aug 26 18:32:54.310331: | ISAKMP transform ID: KEY_IKE (0x1) Aug 26 18:32:54.310333: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Aug 26 18:32:54.310335: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Aug 26 18:32:54.310336: | ******emit ISAKMP Oakley attribute: Aug 26 18:32:54.310338: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Aug 26 18:32:54.310339: | length/value: 1 (0x1) Aug 26 18:32:54.310341: | [1 is OAKLEY_LIFE_SECONDS] Aug 26 18:32:54.310342: | ******emit ISAKMP Oakley attribute: Aug 26 18:32:54.310357: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Aug 26 18:32:54.310358: | length/value: 3600 (0xe10) Aug 26 18:32:54.310360: | ******emit ISAKMP Oakley attribute: Aug 26 18:32:54.310361: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Aug 26 18:32:54.310363: | length/value: 5 (0x5) Aug 26 18:32:54.310364: | [5 is OAKLEY_3DES_CBC] Aug 26 18:32:54.310366: | ******emit ISAKMP Oakley attribute: Aug 26 18:32:54.310367: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Aug 26 18:32:54.310369: | length/value: 4 (0x4) Aug 26 18:32:54.310370: | [4 is OAKLEY_SHA2_256] Aug 26 18:32:54.310372: | ******emit ISAKMP Oakley attribute: Aug 26 18:32:54.310373: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Aug 26 18:32:54.310375: | length/value: 3 (0x3) Aug 26 18:32:54.310376: | [3 is OAKLEY_RSA_SIG] Aug 26 18:32:54.310378: | ******emit ISAKMP Oakley attribute: Aug 26 18:32:54.310379: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Aug 26 18:32:54.310381: | length/value: 14 (0xe) Aug 26 18:32:54.310382: | [14 is OAKLEY_GROUP_MODP2048] Aug 26 18:32:54.310384: | emitting length of ISAKMP Transform Payload (ISAKMP): 32 Aug 26 18:32:54.310385: | *****emit ISAKMP Transform Payload (ISAKMP): Aug 26 18:32:54.310387: | next payload type: ISAKMP_NEXT_T (0x3) Aug 26 18:32:54.310388: | ISAKMP transform number: 13 (0xd) Aug 26 18:32:54.310390: | ISAKMP transform ID: KEY_IKE (0x1) Aug 26 18:32:54.310392: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Aug 26 18:32:54.310393: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Aug 26 18:32:54.310395: | ******emit ISAKMP Oakley attribute: Aug 26 18:32:54.310397: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Aug 26 18:32:54.310398: | length/value: 1 (0x1) Aug 26 18:32:54.310399: | [1 is OAKLEY_LIFE_SECONDS] Aug 26 18:32:54.310401: | ******emit ISAKMP Oakley attribute: Aug 26 18:32:54.310403: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Aug 26 18:32:54.310404: | length/value: 3600 (0xe10) Aug 26 18:32:54.310406: | ******emit ISAKMP Oakley attribute: Aug 26 18:32:54.310407: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Aug 26 18:32:54.310409: | length/value: 5 (0x5) Aug 26 18:32:54.310410: | [5 is OAKLEY_3DES_CBC] Aug 26 18:32:54.310412: | ******emit ISAKMP Oakley attribute: Aug 26 18:32:54.310413: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Aug 26 18:32:54.310415: | length/value: 6 (0x6) Aug 26 18:32:54.310416: | [6 is OAKLEY_SHA2_512] Aug 26 18:32:54.310417: | ******emit ISAKMP Oakley attribute: Aug 26 18:32:54.310419: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Aug 26 18:32:54.310420: | length/value: 3 (0x3) Aug 26 18:32:54.310422: | [3 is OAKLEY_RSA_SIG] Aug 26 18:32:54.310423: | ******emit ISAKMP Oakley attribute: Aug 26 18:32:54.310425: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Aug 26 18:32:54.310427: | length/value: 14 (0xe) Aug 26 18:32:54.310429: | [14 is OAKLEY_GROUP_MODP2048] Aug 26 18:32:54.310430: | emitting length of ISAKMP Transform Payload (ISAKMP): 32 Aug 26 18:32:54.310432: | *****emit ISAKMP Transform Payload (ISAKMP): Aug 26 18:32:54.310433: | next payload type: ISAKMP_NEXT_T (0x3) Aug 26 18:32:54.310435: | ISAKMP transform number: 14 (0xe) Aug 26 18:32:54.310436: | ISAKMP transform ID: KEY_IKE (0x1) Aug 26 18:32:54.310438: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Aug 26 18:32:54.310440: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Aug 26 18:32:54.310441: | ******emit ISAKMP Oakley attribute: Aug 26 18:32:54.310443: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Aug 26 18:32:54.310444: | length/value: 1 (0x1) Aug 26 18:32:54.310446: | [1 is OAKLEY_LIFE_SECONDS] Aug 26 18:32:54.310447: | ******emit ISAKMP Oakley attribute: Aug 26 18:32:54.310449: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Aug 26 18:32:54.310451: | length/value: 3600 (0xe10) Aug 26 18:32:54.310452: | ******emit ISAKMP Oakley attribute: Aug 26 18:32:54.310454: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Aug 26 18:32:54.310455: | length/value: 5 (0x5) Aug 26 18:32:54.310456: | [5 is OAKLEY_3DES_CBC] Aug 26 18:32:54.310458: | ******emit ISAKMP Oakley attribute: Aug 26 18:32:54.310460: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Aug 26 18:32:54.310461: | length/value: 2 (0x2) Aug 26 18:32:54.310462: | [2 is OAKLEY_SHA1] Aug 26 18:32:54.310464: | ******emit ISAKMP Oakley attribute: Aug 26 18:32:54.310465: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Aug 26 18:32:54.310467: | length/value: 3 (0x3) Aug 26 18:32:54.310468: | [3 is OAKLEY_RSA_SIG] Aug 26 18:32:54.310470: | ******emit ISAKMP Oakley attribute: Aug 26 18:32:54.310471: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Aug 26 18:32:54.310473: | length/value: 14 (0xe) Aug 26 18:32:54.310474: | [14 is OAKLEY_GROUP_MODP2048] Aug 26 18:32:54.310476: | emitting length of ISAKMP Transform Payload (ISAKMP): 32 Aug 26 18:32:54.310477: | *****emit ISAKMP Transform Payload (ISAKMP): Aug 26 18:32:54.310479: | next payload type: ISAKMP_NEXT_T (0x3) Aug 26 18:32:54.310480: | ISAKMP transform number: 15 (0xf) Aug 26 18:32:54.310482: | ISAKMP transform ID: KEY_IKE (0x1) Aug 26 18:32:54.310484: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Aug 26 18:32:54.310485: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Aug 26 18:32:54.310487: | ******emit ISAKMP Oakley attribute: Aug 26 18:32:54.310489: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Aug 26 18:32:54.310490: | length/value: 1 (0x1) Aug 26 18:32:54.310492: | [1 is OAKLEY_LIFE_SECONDS] Aug 26 18:32:54.310493: | ******emit ISAKMP Oakley attribute: Aug 26 18:32:54.310495: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Aug 26 18:32:54.310496: | length/value: 3600 (0xe10) Aug 26 18:32:54.310498: | ******emit ISAKMP Oakley attribute: Aug 26 18:32:54.310499: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Aug 26 18:32:54.310501: | length/value: 5 (0x5) Aug 26 18:32:54.310502: | [5 is OAKLEY_3DES_CBC] Aug 26 18:32:54.310504: | ******emit ISAKMP Oakley attribute: Aug 26 18:32:54.310505: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Aug 26 18:32:54.310507: | length/value: 4 (0x4) Aug 26 18:32:54.310508: | [4 is OAKLEY_SHA2_256] Aug 26 18:32:54.310509: | ******emit ISAKMP Oakley attribute: Aug 26 18:32:54.310511: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Aug 26 18:32:54.310512: | length/value: 3 (0x3) Aug 26 18:32:54.310514: | [3 is OAKLEY_RSA_SIG] Aug 26 18:32:54.310515: | ******emit ISAKMP Oakley attribute: Aug 26 18:32:54.310517: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Aug 26 18:32:54.310519: | length/value: 5 (0x5) Aug 26 18:32:54.310521: | [5 is OAKLEY_GROUP_MODP1536] Aug 26 18:32:54.310522: | emitting length of ISAKMP Transform Payload (ISAKMP): 32 Aug 26 18:32:54.310524: | *****emit ISAKMP Transform Payload (ISAKMP): Aug 26 18:32:54.310525: | next payload type: ISAKMP_NEXT_T (0x3) Aug 26 18:32:54.310527: | ISAKMP transform number: 16 (0x10) Aug 26 18:32:54.310528: | ISAKMP transform ID: KEY_IKE (0x1) Aug 26 18:32:54.310530: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Aug 26 18:32:54.310532: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Aug 26 18:32:54.310533: | ******emit ISAKMP Oakley attribute: Aug 26 18:32:54.310535: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Aug 26 18:32:54.310536: | length/value: 1 (0x1) Aug 26 18:32:54.310538: | [1 is OAKLEY_LIFE_SECONDS] Aug 26 18:32:54.310539: | ******emit ISAKMP Oakley attribute: Aug 26 18:32:54.310541: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Aug 26 18:32:54.310542: | length/value: 3600 (0xe10) Aug 26 18:32:54.310544: | ******emit ISAKMP Oakley attribute: Aug 26 18:32:54.310545: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Aug 26 18:32:54.310547: | length/value: 5 (0x5) Aug 26 18:32:54.310548: | [5 is OAKLEY_3DES_CBC] Aug 26 18:32:54.310550: | ******emit ISAKMP Oakley attribute: Aug 26 18:32:54.310551: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Aug 26 18:32:54.310553: | length/value: 6 (0x6) Aug 26 18:32:54.310554: | [6 is OAKLEY_SHA2_512] Aug 26 18:32:54.310556: | ******emit ISAKMP Oakley attribute: Aug 26 18:32:54.310557: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Aug 26 18:32:54.310559: | length/value: 3 (0x3) Aug 26 18:32:54.310560: | [3 is OAKLEY_RSA_SIG] Aug 26 18:32:54.310562: | ******emit ISAKMP Oakley attribute: Aug 26 18:32:54.310563: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Aug 26 18:32:54.310565: | length/value: 5 (0x5) Aug 26 18:32:54.310566: | [5 is OAKLEY_GROUP_MODP1536] Aug 26 18:32:54.310568: | emitting length of ISAKMP Transform Payload (ISAKMP): 32 Aug 26 18:32:54.310569: | *****emit ISAKMP Transform Payload (ISAKMP): Aug 26 18:32:54.310571: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:32:54.310572: | ISAKMP transform number: 17 (0x11) Aug 26 18:32:54.310574: | ISAKMP transform ID: KEY_IKE (0x1) Aug 26 18:32:54.310576: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Aug 26 18:32:54.310577: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Aug 26 18:32:54.310579: | ******emit ISAKMP Oakley attribute: Aug 26 18:32:54.310580: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Aug 26 18:32:54.310582: | length/value: 1 (0x1) Aug 26 18:32:54.310583: | [1 is OAKLEY_LIFE_SECONDS] Aug 26 18:32:54.310585: | ******emit ISAKMP Oakley attribute: Aug 26 18:32:54.310586: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Aug 26 18:32:54.310588: | length/value: 3600 (0xe10) Aug 26 18:32:54.310589: | ******emit ISAKMP Oakley attribute: Aug 26 18:32:54.310591: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Aug 26 18:32:54.310592: | length/value: 5 (0x5) Aug 26 18:32:54.310594: | [5 is OAKLEY_3DES_CBC] Aug 26 18:32:54.310595: | ******emit ISAKMP Oakley attribute: Aug 26 18:32:54.310597: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Aug 26 18:32:54.310598: | length/value: 2 (0x2) Aug 26 18:32:54.310600: | [2 is OAKLEY_SHA1] Aug 26 18:32:54.310601: | ******emit ISAKMP Oakley attribute: Aug 26 18:32:54.310603: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Aug 26 18:32:54.310604: | length/value: 3 (0x3) Aug 26 18:32:54.310606: | [3 is OAKLEY_RSA_SIG] Aug 26 18:32:54.310608: | ******emit ISAKMP Oakley attribute: Aug 26 18:32:54.310609: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Aug 26 18:32:54.310611: | length/value: 5 (0x5) Aug 26 18:32:54.310612: | [5 is OAKLEY_GROUP_MODP1536] Aug 26 18:32:54.310614: | emitting length of ISAKMP Transform Payload (ISAKMP): 32 Aug 26 18:32:54.310616: | emitting length of ISAKMP Proposal Payload: 632 Aug 26 18:32:54.310617: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is 0 Aug 26 18:32:54.310619: | emitting length of ISAKMP Security Association Payload: 644 Aug 26 18:32:54.310621: | last substructure: checking 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' is 0 Aug 26 18:32:54.310626: | out_vid(): sending [FRAGMENTATION] Aug 26 18:32:54.310628: | ***emit ISAKMP Vendor ID Payload: Aug 26 18:32:54.310629: | next payload type: ISAKMP_NEXT_VID (0xd) Aug 26 18:32:54.310631: | next payload chain: ignoring supplied 'ISAKMP Vendor ID Payload'.'next payload type' value 13:ISAKMP_NEXT_VID Aug 26 18:32:54.310633: | next payload chain: setting previous 'ISAKMP Security Association Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) Aug 26 18:32:54.310635: | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' Aug 26 18:32:54.310638: | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload Aug 26 18:32:54.310640: | V_ID 40 48 b7 d5 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3 Aug 26 18:32:54.310641: | emitting length of ISAKMP Vendor ID Payload: 20 Aug 26 18:32:54.310643: | out_vid(): sending [Dead Peer Detection] Aug 26 18:32:54.310645: | ***emit ISAKMP Vendor ID Payload: Aug 26 18:32:54.310646: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:32:54.310648: | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) Aug 26 18:32:54.310650: | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' Aug 26 18:32:54.310652: | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload Aug 26 18:32:54.310653: | V_ID af ca d7 13 68 a1 f1 c9 6b 86 96 fc 77 57 01 00 Aug 26 18:32:54.310655: | emitting length of ISAKMP Vendor ID Payload: 20 Aug 26 18:32:54.310656: | nat add vid Aug 26 18:32:54.310658: | sending draft and RFC NATT VIDs Aug 26 18:32:54.310659: | out_vid(): sending [RFC 3947] Aug 26 18:32:54.310661: | ***emit ISAKMP Vendor ID Payload: Aug 26 18:32:54.310662: | next payload type: ISAKMP_NEXT_VID (0xd) Aug 26 18:32:54.310664: | next payload chain: ignoring supplied 'ISAKMP Vendor ID Payload'.'next payload type' value 13:ISAKMP_NEXT_VID Aug 26 18:32:54.310666: | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) Aug 26 18:32:54.310668: | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' Aug 26 18:32:54.310670: | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload Aug 26 18:32:54.310671: | V_ID 4a 13 1c 81 07 03 58 45 5c 57 28 f2 0e 95 45 2f Aug 26 18:32:54.310673: | emitting length of ISAKMP Vendor ID Payload: 20 Aug 26 18:32:54.310674: | skipping VID_NATT_RFC Aug 26 18:32:54.310676: | out_vid(): sending [draft-ietf-ipsec-nat-t-ike-03] Aug 26 18:32:54.310677: | ***emit ISAKMP Vendor ID Payload: Aug 26 18:32:54.310679: | next payload type: ISAKMP_NEXT_VID (0xd) Aug 26 18:32:54.310680: | next payload chain: ignoring supplied 'ISAKMP Vendor ID Payload'.'next payload type' value 13:ISAKMP_NEXT_VID Aug 26 18:32:54.310682: | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) Aug 26 18:32:54.310684: | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' Aug 26 18:32:54.310686: | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload Aug 26 18:32:54.310689: | V_ID 7d 94 19 a6 53 10 ca 6f 2c 17 9d 92 15 52 9d 56 Aug 26 18:32:54.310691: | emitting length of ISAKMP Vendor ID Payload: 20 Aug 26 18:32:54.310693: | out_vid(): sending [draft-ietf-ipsec-nat-t-ike-02_n] Aug 26 18:32:54.310694: | ***emit ISAKMP Vendor ID Payload: Aug 26 18:32:54.310696: | next payload type: ISAKMP_NEXT_VID (0xd) Aug 26 18:32:54.310697: | next payload chain: ignoring supplied 'ISAKMP Vendor ID Payload'.'next payload type' value 13:ISAKMP_NEXT_VID Aug 26 18:32:54.310699: | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) Aug 26 18:32:54.310701: | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' Aug 26 18:32:54.310703: | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload Aug 26 18:32:54.310704: | V_ID 90 cb 80 91 3e bb 69 6e 08 63 81 b5 ec 42 7b 1f Aug 26 18:32:54.310706: | emitting length of ISAKMP Vendor ID Payload: 20 Aug 26 18:32:54.310707: | out_vid(): sending [draft-ietf-ipsec-nat-t-ike-02] Aug 26 18:32:54.310709: | ***emit ISAKMP Vendor ID Payload: Aug 26 18:32:54.310710: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:32:54.310712: | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) Aug 26 18:32:54.310714: | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' Aug 26 18:32:54.310715: | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload Aug 26 18:32:54.310717: | V_ID cd 60 46 43 35 df 21 f8 7c fd b2 fc 68 b6 a4 48 Aug 26 18:32:54.310719: | emitting length of ISAKMP Vendor ID Payload: 20 Aug 26 18:32:54.310720: | no IKEv1 message padding required Aug 26 18:32:54.310722: | emitting length of ISAKMP Message: 792 Aug 26 18:32:54.310732: | sending 792 bytes for reply packet for main_outI1 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Aug 26 18:32:54.310733: | b4 b9 92 b1 8c d6 51 ed 00 00 00 00 00 00 00 00 Aug 26 18:32:54.310735: | 01 10 02 00 00 00 00 00 00 00 03 18 0d 00 02 84 Aug 26 18:32:54.310736: | 00 00 00 01 00 00 00 01 00 00 02 78 00 01 00 12 Aug 26 18:32:54.310738: | 03 00 00 24 00 01 00 00 80 0b 00 01 80 0c 0e 10 Aug 26 18:32:54.310739: | 80 01 00 07 80 02 00 04 80 03 00 03 80 04 00 0e Aug 26 18:32:54.310741: | 80 0e 01 00 03 00 00 24 01 01 00 00 80 0b 00 01 Aug 26 18:32:54.310742: | 80 0c 0e 10 80 01 00 07 80 02 00 04 80 03 00 03 Aug 26 18:32:54.310744: | 80 04 00 0e 80 0e 00 80 03 00 00 24 02 01 00 00 Aug 26 18:32:54.310745: | 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 06 Aug 26 18:32:54.310747: | 80 03 00 03 80 04 00 0e 80 0e 01 00 03 00 00 24 Aug 26 18:32:54.310748: | 03 01 00 00 80 0b 00 01 80 0c 0e 10 80 01 00 07 Aug 26 18:32:54.310749: | 80 02 00 06 80 03 00 03 80 04 00 0e 80 0e 00 80 Aug 26 18:32:54.310751: | 03 00 00 24 04 01 00 00 80 0b 00 01 80 0c 0e 10 Aug 26 18:32:54.310752: | 80 01 00 07 80 02 00 02 80 03 00 03 80 04 00 0e Aug 26 18:32:54.310754: | 80 0e 01 00 03 00 00 24 05 01 00 00 80 0b 00 01 Aug 26 18:32:54.310755: | 80 0c 0e 10 80 01 00 07 80 02 00 02 80 03 00 03 Aug 26 18:32:54.310757: | 80 04 00 0e 80 0e 00 80 03 00 00 24 06 01 00 00 Aug 26 18:32:54.310758: | 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 04 Aug 26 18:32:54.310760: | 80 03 00 03 80 04 00 05 80 0e 01 00 03 00 00 24 Aug 26 18:32:54.310761: | 07 01 00 00 80 0b 00 01 80 0c 0e 10 80 01 00 07 Aug 26 18:32:54.310762: | 80 02 00 04 80 03 00 03 80 04 00 05 80 0e 00 80 Aug 26 18:32:54.310764: | 03 00 00 24 08 01 00 00 80 0b 00 01 80 0c 0e 10 Aug 26 18:32:54.310765: | 80 01 00 07 80 02 00 06 80 03 00 03 80 04 00 05 Aug 26 18:32:54.310767: | 80 0e 01 00 03 00 00 24 09 01 00 00 80 0b 00 01 Aug 26 18:32:54.310768: | 80 0c 0e 10 80 01 00 07 80 02 00 06 80 03 00 03 Aug 26 18:32:54.310770: | 80 04 00 05 80 0e 00 80 03 00 00 24 0a 01 00 00 Aug 26 18:32:54.310772: | 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 02 Aug 26 18:32:54.310773: | 80 03 00 03 80 04 00 05 80 0e 01 00 03 00 00 24 Aug 26 18:32:54.310775: | 0b 01 00 00 80 0b 00 01 80 0c 0e 10 80 01 00 07 Aug 26 18:32:54.310776: | 80 02 00 02 80 03 00 03 80 04 00 05 80 0e 00 80 Aug 26 18:32:54.310778: | 03 00 00 20 0c 01 00 00 80 0b 00 01 80 0c 0e 10 Aug 26 18:32:54.310779: | 80 01 00 05 80 02 00 04 80 03 00 03 80 04 00 0e Aug 26 18:32:54.310781: | 03 00 00 20 0d 01 00 00 80 0b 00 01 80 0c 0e 10 Aug 26 18:32:54.310782: | 80 01 00 05 80 02 00 06 80 03 00 03 80 04 00 0e Aug 26 18:32:54.310784: | 03 00 00 20 0e 01 00 00 80 0b 00 01 80 0c 0e 10 Aug 26 18:32:54.310785: | 80 01 00 05 80 02 00 02 80 03 00 03 80 04 00 0e Aug 26 18:32:54.310787: | 03 00 00 20 0f 01 00 00 80 0b 00 01 80 0c 0e 10 Aug 26 18:32:54.310788: | 80 01 00 05 80 02 00 04 80 03 00 03 80 04 00 05 Aug 26 18:32:54.310789: | 03 00 00 20 10 01 00 00 80 0b 00 01 80 0c 0e 10 Aug 26 18:32:54.310791: | 80 01 00 05 80 02 00 06 80 03 00 03 80 04 00 05 Aug 26 18:32:54.310792: | 00 00 00 20 11 01 00 00 80 0b 00 01 80 0c 0e 10 Aug 26 18:32:54.310794: | 80 01 00 05 80 02 00 02 80 03 00 03 80 04 00 05 Aug 26 18:32:54.310795: | 0d 00 00 14 40 48 b7 d5 6e bc e8 85 25 e7 de 7f Aug 26 18:32:54.310797: | 00 d6 c2 d3 0d 00 00 14 af ca d7 13 68 a1 f1 c9 Aug 26 18:32:54.310798: | 6b 86 96 fc 77 57 01 00 0d 00 00 14 4a 13 1c 81 Aug 26 18:32:54.310800: | 07 03 58 45 5c 57 28 f2 0e 95 45 2f 0d 00 00 14 Aug 26 18:32:54.310801: | 7d 94 19 a6 53 10 ca 6f 2c 17 9d 92 15 52 9d 56 Aug 26 18:32:54.310802: | 0d 00 00 14 90 cb 80 91 3e bb 69 6e 08 63 81 b5 Aug 26 18:32:54.310804: | ec 42 7b 1f 00 00 00 14 cd 60 46 43 35 df 21 f8 Aug 26 18:32:54.310805: | 7c fd b2 fc 68 b6 a4 48 Aug 26 18:32:54.310881: | event_schedule: new EVENT_RETRANSMIT-pe@0x55a94fbcc388 Aug 26 18:32:54.310886: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #1 Aug 26 18:32:54.310889: | libevent_malloc: new ptr-libevent@0x55a94fbcc5b8 size 128 Aug 26 18:32:54.310893: | #1 STATE_MAIN_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 29660.053347 Aug 26 18:32:54.310903: | #1 spent 1.46 milliseconds in main_outI1() Aug 26 18:32:54.310929: | stop processing: state #1 connection "north-dpd/0x2" from 192.1.2.23 (in main_outI1() at ikev1_main.c:228) Aug 26 18:32:54.310931: | resume processing: connection "north-dpd/0x2" (in main_outI1() at ikev1_main.c:228) Aug 26 18:32:54.310933: | stop processing: connection "north-dpd/0x2" (in initiate_a_connection() at initiate.c:349) Aug 26 18:32:54.310936: | start processing: connection "north-dpd/0x1" (in initiate_a_connection() at initiate.c:186) Aug 26 18:32:54.310938: | empty esp_info, returning defaults for ENCRYPT Aug 26 18:32:54.310941: | connection 'north-dpd/0x1' +POLICY_UP Aug 26 18:32:54.310945: | dup_any(fd@23) -> fd@26 (in initiate_a_connection() at initiate.c:342) Aug 26 18:32:54.310948: | FOR_EACH_STATE_... in find_phase1_state Aug 26 18:32:54.310952: | Queuing pending IPsec SA negotiating with 192.1.2.23 "north-dpd/0x1" IKE SA #1 "north-dpd/0x2" Aug 26 18:32:54.310969: | stop processing: connection "north-dpd/0x1" (in initiate_a_connection() at initiate.c:349) Aug 26 18:32:54.310973: | close_any(fd@23) (in initiate_connection() at initiate.c:384) Aug 26 18:32:54.310976: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:32:54.310981: | spent 1.59 milliseconds in whack Aug 26 18:32:54.311559: | spent 0.00193 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:32:54.311581: | *received 144 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 18:32:54.311583: | b4 b9 92 b1 8c d6 51 ed 11 de db 08 7f 65 6e 7d Aug 26 18:32:54.311585: | 01 10 02 00 00 00 00 00 00 00 00 90 0d 00 00 38 Aug 26 18:32:54.311587: | 00 00 00 01 00 00 00 01 00 00 00 2c 00 01 00 01 Aug 26 18:32:54.311588: | 00 00 00 24 00 01 00 00 80 0b 00 01 80 0c 0e 10 Aug 26 18:32:54.311591: | 80 01 00 07 80 02 00 04 80 03 00 03 80 04 00 0e Aug 26 18:32:54.311593: | 80 0e 01 00 0d 00 00 14 40 48 b7 d5 6e bc e8 85 Aug 26 18:32:54.311594: | 25 e7 de 7f 00 d6 c2 d3 0d 00 00 14 af ca d7 13 Aug 26 18:32:54.311596: | 68 a1 f1 c9 6b 86 96 fc 77 57 01 00 00 00 00 14 Aug 26 18:32:54.311597: | 4a 13 1c 81 07 03 58 45 5c 57 28 f2 0e 95 45 2f Aug 26 18:32:54.311600: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 18:32:54.311603: | **parse ISAKMP Message: Aug 26 18:32:54.311604: | initiator cookie: Aug 26 18:32:54.311606: | b4 b9 92 b1 8c d6 51 ed Aug 26 18:32:54.311607: | responder cookie: Aug 26 18:32:54.311609: | 11 de db 08 7f 65 6e 7d Aug 26 18:32:54.311611: | next payload type: ISAKMP_NEXT_SA (0x1) Aug 26 18:32:54.311612: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 18:32:54.311614: | exchange type: ISAKMP_XCHG_IDPROT (0x2) Aug 26 18:32:54.311616: | flags: none (0x0) Aug 26 18:32:54.311617: | Message ID: 0 (0x0) Aug 26 18:32:54.311619: | length: 144 (0x90) Aug 26 18:32:54.311621: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) Aug 26 18:32:54.311623: | State DB: IKEv1 state not found (find_state_ikev1) Aug 26 18:32:54.311625: | State DB: found IKEv1 state #1 in MAIN_I1 (find_state_ikev1_init) Aug 26 18:32:54.311628: | start processing: state #1 connection "north-dpd/0x2" from 192.1.2.23 (in process_v1_packet() at ikev1.c:1459) Aug 26 18:32:54.311630: | #1 is idle Aug 26 18:32:54.311631: | #1 idle Aug 26 18:32:54.311634: | got payload 0x2 (ISAKMP_NEXT_SA) needed: 0x2 opt: 0x2080 Aug 26 18:32:54.311636: | ***parse ISAKMP Security Association Payload: Aug 26 18:32:54.311637: | next payload type: ISAKMP_NEXT_VID (0xd) Aug 26 18:32:54.311639: | length: 56 (0x38) Aug 26 18:32:54.311641: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 18:32:54.311642: | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 Aug 26 18:32:54.311644: | ***parse ISAKMP Vendor ID Payload: Aug 26 18:32:54.311646: | next payload type: ISAKMP_NEXT_VID (0xd) Aug 26 18:32:54.311647: | length: 20 (0x14) Aug 26 18:32:54.311649: | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 Aug 26 18:32:54.311650: | ***parse ISAKMP Vendor ID Payload: Aug 26 18:32:54.311652: | next payload type: ISAKMP_NEXT_VID (0xd) Aug 26 18:32:54.311653: | length: 20 (0x14) Aug 26 18:32:54.311655: | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 Aug 26 18:32:54.311656: | ***parse ISAKMP Vendor ID Payload: Aug 26 18:32:54.311658: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:32:54.311659: | length: 20 (0x14) Aug 26 18:32:54.311661: | message 'main_inR1_outI2' HASH payload not checked early Aug 26 18:32:54.311664: | received Vendor ID payload [FRAGMENTATION] Aug 26 18:32:54.311666: | received Vendor ID payload [Dead Peer Detection] Aug 26 18:32:54.311668: | quirks.qnat_traversal_vid set to=117 [RFC 3947] Aug 26 18:32:54.311670: | received Vendor ID payload [RFC 3947] Aug 26 18:32:54.311672: | ****parse IPsec DOI SIT: Aug 26 18:32:54.311674: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) Aug 26 18:32:54.311676: | ****parse ISAKMP Proposal Payload: Aug 26 18:32:54.311677: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:32:54.311679: | length: 44 (0x2c) Aug 26 18:32:54.311680: | proposal number: 0 (0x0) Aug 26 18:32:54.311682: | protocol ID: PROTO_ISAKMP (0x1) Aug 26 18:32:54.311683: | SPI size: 0 (0x0) Aug 26 18:32:54.311685: | number of transforms: 1 (0x1) Aug 26 18:32:54.311687: | *****parse ISAKMP Transform Payload (ISAKMP): Aug 26 18:32:54.311688: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:32:54.311690: | length: 36 (0x24) Aug 26 18:32:54.311691: | ISAKMP transform number: 0 (0x0) Aug 26 18:32:54.311693: | ISAKMP transform ID: KEY_IKE (0x1) Aug 26 18:32:54.311694: | ******parse ISAKMP Oakley attribute: Aug 26 18:32:54.311696: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Aug 26 18:32:54.311699: | length/value: 1 (0x1) Aug 26 18:32:54.311700: | [1 is OAKLEY_LIFE_SECONDS] Aug 26 18:32:54.311702: | ******parse ISAKMP Oakley attribute: Aug 26 18:32:54.311704: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Aug 26 18:32:54.311705: | length/value: 3600 (0xe10) Aug 26 18:32:54.311707: | ******parse ISAKMP Oakley attribute: Aug 26 18:32:54.311709: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Aug 26 18:32:54.311710: | length/value: 7 (0x7) Aug 26 18:32:54.311712: | [7 is OAKLEY_AES_CBC] Aug 26 18:32:54.311713: | ******parse ISAKMP Oakley attribute: Aug 26 18:32:54.311715: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Aug 26 18:32:54.311716: | length/value: 4 (0x4) Aug 26 18:32:54.311718: | [4 is OAKLEY_SHA2_256] Aug 26 18:32:54.311719: | ******parse ISAKMP Oakley attribute: Aug 26 18:32:54.311721: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Aug 26 18:32:54.311723: | length/value: 3 (0x3) Aug 26 18:32:54.311724: | [3 is OAKLEY_RSA_SIG] Aug 26 18:32:54.311726: | ******parse ISAKMP Oakley attribute: Aug 26 18:32:54.311727: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Aug 26 18:32:54.311729: | length/value: 14 (0xe) Aug 26 18:32:54.311730: | [14 is OAKLEY_GROUP_MODP2048] Aug 26 18:32:54.311732: | ******parse ISAKMP Oakley attribute: Aug 26 18:32:54.311733: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) Aug 26 18:32:54.311735: | length/value: 256 (0x100) Aug 26 18:32:54.311737: | OAKLEY proposal verified unconditionally; no alg_info to check against Aug 26 18:32:54.311738: | Oakley Transform 0 accepted Aug 26 18:32:54.311740: | sender checking NAT-T: enabled; VID 117 Aug 26 18:32:54.311742: | returning NAT-T method NAT_TRAVERSAL_METHOD_IETF_RFC Aug 26 18:32:54.311744: | enabling possible NAT-traversal with method RFC 3947 (NAT-Traversal) Aug 26 18:32:54.311747: | adding outI2 KE work-order 1 for state #1 Aug 26 18:32:54.311749: | state #1 requesting EVENT_RETRANSMIT to be deleted Aug 26 18:32:54.311751: | #1 STATE_MAIN_I1: retransmits: cleared Aug 26 18:32:54.311753: | libevent_free: release ptr-libevent@0x55a94fbcc5b8 Aug 26 18:32:54.311755: | free_event_entry: release EVENT_RETRANSMIT-pe@0x55a94fbcc388 Aug 26 18:32:54.311757: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55a94fbcc388 Aug 26 18:32:54.311760: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Aug 26 18:32:54.311762: | libevent_malloc: new ptr-libevent@0x55a94fbcc5b8 size 128 Aug 26 18:32:54.311770: | complete v1 state transition with STF_SUSPEND Aug 26 18:32:54.311774: | [RE]START processing: state #1 connection "north-dpd/0x2" from 192.1.2.23 (in complete_v1_state_transition() at ikev1.c:2648) Aug 26 18:32:54.311775: | suspending state #1 and saving MD Aug 26 18:32:54.311777: | #1 is busy; has a suspended MD Aug 26 18:32:54.311780: | #1 spent 0.107 milliseconds in process_packet_tail() Aug 26 18:32:54.311783: | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) Aug 26 18:32:54.311786: | stop processing: state #1 connection "north-dpd/0x2" from 192.1.2.23 (in process_md() at demux.c:382) Aug 26 18:32:54.311788: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 18:32:54.311790: | spent 0.222 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:32:54.311803: | crypto helper 0 resuming Aug 26 18:32:54.311812: | crypto helper 0 starting work-order 1 for state #1 Aug 26 18:32:54.311816: | crypto helper 0 doing build KE and nonce (outI2 KE); request ID 1 Aug 26 18:32:54.312407: | crypto helper 0 finished build KE and nonce (outI2 KE); request ID 1 time elapsed 0.000592 seconds Aug 26 18:32:54.312416: | (#1) spent 0.596 milliseconds in crypto helper computing work-order 1: outI2 KE (pcr) Aug 26 18:32:54.312418: | crypto helper 0 sending results from work-order 1 for state #1 to event queue Aug 26 18:32:54.312420: | scheduling resume sending helper answer for #1 Aug 26 18:32:54.312423: | libevent_malloc: new ptr-libevent@0x7f54a0002888 size 128 Aug 26 18:32:54.312428: | crypto helper 0 waiting (nothing to do) Aug 26 18:32:54.312462: | processing resume sending helper answer for #1 Aug 26 18:32:54.312471: | start processing: state #1 connection "north-dpd/0x2" from 192.1.2.23 (in resume_handler() at server.c:797) Aug 26 18:32:54.312475: | crypto helper 0 replies to request ID 1 Aug 26 18:32:54.312477: | calling continuation function 0x55a94f4e2b50 Aug 26 18:32:54.312479: | main_inR1_outI2_continue for #1: calculated ke+nonce, sending I2 Aug 26 18:32:54.312483: | **emit ISAKMP Message: Aug 26 18:32:54.312485: | initiator cookie: Aug 26 18:32:54.312486: | b4 b9 92 b1 8c d6 51 ed Aug 26 18:32:54.312488: | responder cookie: Aug 26 18:32:54.312489: | 11 de db 08 7f 65 6e 7d Aug 26 18:32:54.312491: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:32:54.312493: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 18:32:54.312494: | exchange type: ISAKMP_XCHG_IDPROT (0x2) Aug 26 18:32:54.312496: | flags: none (0x0) Aug 26 18:32:54.312498: | Message ID: 0 (0x0) Aug 26 18:32:54.312500: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:32:54.312502: | ***emit ISAKMP Key Exchange Payload: Aug 26 18:32:54.312503: | next payload type: ISAKMP_NEXT_NONCE (0xa) Aug 26 18:32:54.312505: | next payload chain: ignoring supplied 'ISAKMP Key Exchange Payload'.'next payload type' value 10:ISAKMP_NEXT_NONCE Aug 26 18:32:54.312507: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Key Exchange Payload (4:ISAKMP_NEXT_KE) Aug 26 18:32:54.312509: | next payload chain: saving location 'ISAKMP Key Exchange Payload'.'next payload type' in 'reply packet' Aug 26 18:32:54.312511: | emitting 256 raw bytes of keyex value into ISAKMP Key Exchange Payload Aug 26 18:32:54.312513: | keyex value 3b 2d 96 60 ff 04 8d ac 0f 38 64 14 7a 2d 6a 21 Aug 26 18:32:54.312515: | keyex value a9 74 77 89 4b 03 0a 44 12 77 59 a5 dc ae c2 1e Aug 26 18:32:54.312516: | keyex value 1d 14 1f 0e 3c 54 af d6 05 28 38 7b 30 05 81 20 Aug 26 18:32:54.312518: | keyex value c4 2c eb ed 67 03 42 ed 8f 3c f8 48 49 6c 24 84 Aug 26 18:32:54.312519: | keyex value 71 b7 8c ac 5d 3a 6d 6c 9c ef 82 e6 4b 90 17 98 Aug 26 18:32:54.312521: | keyex value 19 ff a2 26 e0 f1 31 b1 d1 7b a6 1c 3e d3 81 f7 Aug 26 18:32:54.312522: | keyex value db e6 6b 10 62 b7 7e 54 8e 79 af 04 1a 6b 36 8e Aug 26 18:32:54.312524: | keyex value f2 b8 d8 95 ce 95 cf 68 6d f1 fe 96 9d c9 f7 c6 Aug 26 18:32:54.312525: | keyex value 52 5b 0c 96 31 33 b4 90 62 b0 8d 15 95 de a2 86 Aug 26 18:32:54.312527: | keyex value f1 76 cd 97 11 7a 16 89 6f 73 b0 35 1f 7b e4 fa Aug 26 18:32:54.312528: | keyex value 07 59 f9 09 69 15 c5 67 69 a4 11 a9 d7 1a 17 9a Aug 26 18:32:54.312530: | keyex value cf 70 e3 ef 35 ef f9 1d 81 3d 1d 7b 8e d5 da d5 Aug 26 18:32:54.312531: | keyex value 10 76 ce 5e a7 23 be cc 94 b5 f0 d5 7f 97 11 48 Aug 26 18:32:54.312533: | keyex value 22 c2 fb 89 0d 9f 50 ef db 79 03 e7 b1 e7 3d b8 Aug 26 18:32:54.312535: | keyex value 0e 48 c7 b2 d7 0d 25 77 52 ee b9 b2 02 43 06 bc Aug 26 18:32:54.312536: | keyex value b8 10 31 5c 11 7e 26 7c 04 3e e7 e4 17 d5 64 33 Aug 26 18:32:54.312538: | emitting length of ISAKMP Key Exchange Payload: 260 Aug 26 18:32:54.312539: | ***emit ISAKMP Nonce Payload: Aug 26 18:32:54.312541: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:32:54.312543: | next payload chain: setting previous 'ISAKMP Key Exchange Payload'.'next payload type' to current ISAKMP Nonce Payload (10:ISAKMP_NEXT_NONCE) Aug 26 18:32:54.312545: | next payload chain: saving location 'ISAKMP Nonce Payload'.'next payload type' in 'reply packet' Aug 26 18:32:54.312547: | emitting 32 raw bytes of Ni into ISAKMP Nonce Payload Aug 26 18:32:54.312548: | Ni 40 81 cb 4a 7a e5 3a d8 4a 41 1f 93 82 c3 2b 14 Aug 26 18:32:54.312550: | Ni 38 62 fe 94 7b 3a 8a 16 92 65 8d bd 5a 34 d1 9f Aug 26 18:32:54.312551: | emitting length of ISAKMP Nonce Payload: 36 Aug 26 18:32:54.312553: | NAT-T checking st_nat_traversal Aug 26 18:32:54.312556: | NAT-T found (implies NAT_T_WITH_NATD) Aug 26 18:32:54.312558: | sending NAT-D payloads Aug 26 18:32:54.312568: | natd_hash: hasher=0x55a94f5b7ca0(32) Aug 26 18:32:54.312570: | natd_hash: icookie= b4 b9 92 b1 8c d6 51 ed Aug 26 18:32:54.312571: | natd_hash: rcookie= 11 de db 08 7f 65 6e 7d Aug 26 18:32:54.312573: | natd_hash: ip= c0 01 02 17 Aug 26 18:32:54.312574: | natd_hash: port=500 Aug 26 18:32:54.312576: | natd_hash: hash= 05 09 41 5f 35 ec 64 03 f2 4e 38 f1 09 1d 27 17 Aug 26 18:32:54.312577: | natd_hash: hash= 17 33 7c 9a 57 ec f9 72 34 c1 a8 85 8e d7 d8 2d Aug 26 18:32:54.312579: | ***emit ISAKMP NAT-D Payload: Aug 26 18:32:54.312581: | next payload type: ISAKMP_NEXT_NATD_RFC (0x14) Aug 26 18:32:54.312583: | next payload chain: ignoring supplied 'ISAKMP NAT-D Payload'.'next payload type' value 20:ISAKMP_NEXT_NATD_RFC Aug 26 18:32:54.312585: | next payload chain: setting previous 'ISAKMP Nonce Payload'.'next payload type' to current ISAKMP NAT-D Payload (20:ISAKMP_NEXT_NATD_RFC) Aug 26 18:32:54.312586: | next payload chain: saving location 'ISAKMP NAT-D Payload'.'next payload type' in 'reply packet' Aug 26 18:32:54.312588: | emitting 32 raw bytes of NAT-D into ISAKMP NAT-D Payload Aug 26 18:32:54.312590: | NAT-D 05 09 41 5f 35 ec 64 03 f2 4e 38 f1 09 1d 27 17 Aug 26 18:32:54.312591: | NAT-D 17 33 7c 9a 57 ec f9 72 34 c1 a8 85 8e d7 d8 2d Aug 26 18:32:54.312593: | emitting length of ISAKMP NAT-D Payload: 36 Aug 26 18:32:54.312596: | natd_hash: hasher=0x55a94f5b7ca0(32) Aug 26 18:32:54.312598: | natd_hash: icookie= b4 b9 92 b1 8c d6 51 ed Aug 26 18:32:54.312600: | natd_hash: rcookie= 11 de db 08 7f 65 6e 7d Aug 26 18:32:54.312601: | natd_hash: ip= c0 01 03 21 Aug 26 18:32:54.312602: | natd_hash: port=500 Aug 26 18:32:54.312604: | natd_hash: hash= 99 e4 e5 a0 37 cb dd 94 28 74 d4 01 c4 09 9e a5 Aug 26 18:32:54.312606: | natd_hash: hash= a4 6b 9c 45 ef f4 bd 77 7e ee 3a d0 ba 11 65 8b Aug 26 18:32:54.312607: | ***emit ISAKMP NAT-D Payload: Aug 26 18:32:54.312609: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:32:54.312611: | next payload chain: setting previous 'ISAKMP NAT-D Payload'.'next payload type' to current ISAKMP NAT-D Payload (20:ISAKMP_NEXT_NATD_RFC) Aug 26 18:32:54.312612: | next payload chain: saving location 'ISAKMP NAT-D Payload'.'next payload type' in 'reply packet' Aug 26 18:32:54.312614: | emitting 32 raw bytes of NAT-D into ISAKMP NAT-D Payload Aug 26 18:32:54.312616: | NAT-D 99 e4 e5 a0 37 cb dd 94 28 74 d4 01 c4 09 9e a5 Aug 26 18:32:54.312617: | NAT-D a4 6b 9c 45 ef f4 bd 77 7e ee 3a d0 ba 11 65 8b Aug 26 18:32:54.312619: | emitting length of ISAKMP NAT-D Payload: 36 Aug 26 18:32:54.312620: | no IKEv1 message padding required Aug 26 18:32:54.312622: | emitting length of ISAKMP Message: 396 Aug 26 18:32:54.312623: | State DB: re-hashing IKEv1 state #1 IKE SPIi and SPI[ir] Aug 26 18:32:54.312627: | complete v1 state transition with STF_OK Aug 26 18:32:54.312630: | [RE]START processing: state #1 connection "north-dpd/0x2" from 192.1.2.23 (in complete_v1_state_transition() at ikev1.c:2673) Aug 26 18:32:54.312632: | #1 is idle Aug 26 18:32:54.312633: | doing_xauth:no, t_xauth_client_done:no Aug 26 18:32:54.312635: | peer supports fragmentation Aug 26 18:32:54.312636: | peer supports DPD Aug 26 18:32:54.312638: | DPD is configured locally Aug 26 18:32:54.312639: | IKEv1: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2 Aug 26 18:32:54.312641: | parent state #1: MAIN_I1(half-open IKE SA) => MAIN_I2(open IKE SA) Aug 26 18:32:54.312643: | event_already_set, deleting event Aug 26 18:32:54.312645: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 18:32:54.312647: | libevent_free: release ptr-libevent@0x55a94fbcc5b8 Aug 26 18:32:54.312649: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55a94fbcc388 Aug 26 18:32:54.312652: | sending reply packet to 192.1.2.23:500 (from 192.1.3.33:500) Aug 26 18:32:54.312659: | sending 396 bytes for STATE_MAIN_I1 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Aug 26 18:32:54.312662: | b4 b9 92 b1 8c d6 51 ed 11 de db 08 7f 65 6e 7d Aug 26 18:32:54.312664: | 04 10 02 00 00 00 00 00 00 00 01 8c 0a 00 01 04 Aug 26 18:32:54.312665: | 3b 2d 96 60 ff 04 8d ac 0f 38 64 14 7a 2d 6a 21 Aug 26 18:32:54.312667: | a9 74 77 89 4b 03 0a 44 12 77 59 a5 dc ae c2 1e Aug 26 18:32:54.312668: | 1d 14 1f 0e 3c 54 af d6 05 28 38 7b 30 05 81 20 Aug 26 18:32:54.312670: | c4 2c eb ed 67 03 42 ed 8f 3c f8 48 49 6c 24 84 Aug 26 18:32:54.312671: | 71 b7 8c ac 5d 3a 6d 6c 9c ef 82 e6 4b 90 17 98 Aug 26 18:32:54.312673: | 19 ff a2 26 e0 f1 31 b1 d1 7b a6 1c 3e d3 81 f7 Aug 26 18:32:54.312674: | db e6 6b 10 62 b7 7e 54 8e 79 af 04 1a 6b 36 8e Aug 26 18:32:54.312676: | f2 b8 d8 95 ce 95 cf 68 6d f1 fe 96 9d c9 f7 c6 Aug 26 18:32:54.312677: | 52 5b 0c 96 31 33 b4 90 62 b0 8d 15 95 de a2 86 Aug 26 18:32:54.312679: | f1 76 cd 97 11 7a 16 89 6f 73 b0 35 1f 7b e4 fa Aug 26 18:32:54.312680: | 07 59 f9 09 69 15 c5 67 69 a4 11 a9 d7 1a 17 9a Aug 26 18:32:54.312682: | cf 70 e3 ef 35 ef f9 1d 81 3d 1d 7b 8e d5 da d5 Aug 26 18:32:54.312683: | 10 76 ce 5e a7 23 be cc 94 b5 f0 d5 7f 97 11 48 Aug 26 18:32:54.312685: | 22 c2 fb 89 0d 9f 50 ef db 79 03 e7 b1 e7 3d b8 Aug 26 18:32:54.312686: | 0e 48 c7 b2 d7 0d 25 77 52 ee b9 b2 02 43 06 bc Aug 26 18:32:54.312688: | b8 10 31 5c 11 7e 26 7c 04 3e e7 e4 17 d5 64 33 Aug 26 18:32:54.312689: | 14 00 00 24 40 81 cb 4a 7a e5 3a d8 4a 41 1f 93 Aug 26 18:32:54.312691: | 82 c3 2b 14 38 62 fe 94 7b 3a 8a 16 92 65 8d bd Aug 26 18:32:54.312692: | 5a 34 d1 9f 14 00 00 24 05 09 41 5f 35 ec 64 03 Aug 26 18:32:54.312694: | f2 4e 38 f1 09 1d 27 17 17 33 7c 9a 57 ec f9 72 Aug 26 18:32:54.312695: | 34 c1 a8 85 8e d7 d8 2d 00 00 00 24 99 e4 e5 a0 Aug 26 18:32:54.312697: | 37 cb dd 94 28 74 d4 01 c4 09 9e a5 a4 6b 9c 45 Aug 26 18:32:54.312698: | ef f4 bd 77 7e ee 3a d0 ba 11 65 8b Aug 26 18:32:54.312716: | !event_already_set at reschedule Aug 26 18:32:54.312720: | event_schedule: new EVENT_RETRANSMIT-pe@0x55a94fbcc388 Aug 26 18:32:54.312723: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #1 Aug 26 18:32:54.312725: | libevent_malloc: new ptr-libevent@0x55a94fbd1728 size 128 Aug 26 18:32:54.312729: | #1 STATE_MAIN_I2: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 29660.055187 Aug 26 18:32:54.312731: "north-dpd/0x2" #1: STATE_MAIN_I2: sent MI2, expecting MR2 Aug 26 18:32:54.312736: | modecfg pull: noquirk policy:push not-client Aug 26 18:32:54.312738: | phase 1 is done, looking for phase 2 to unpend Aug 26 18:32:54.312740: | resume sending helper answer for #1 suppresed complete_v1_state_transition() Aug 26 18:32:54.312744: | #1 spent 0.259 milliseconds in resume sending helper answer Aug 26 18:32:54.312763: | stop processing: state #1 connection "north-dpd/0x2" from 192.1.2.23 (in resume_handler() at server.c:833) Aug 26 18:32:54.312766: | libevent_free: release ptr-libevent@0x7f54a0002888 Aug 26 18:32:54.314051: | spent 0.00206 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:32:54.314066: | *received 576 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 18:32:54.314069: | b4 b9 92 b1 8c d6 51 ed 11 de db 08 7f 65 6e 7d Aug 26 18:32:54.314071: | 04 10 02 00 00 00 00 00 00 00 02 40 0a 00 01 04 Aug 26 18:32:54.314072: | 83 8d 70 1a 7b 14 74 8a 80 d3 01 79 ec 9a 1a a7 Aug 26 18:32:54.314074: | 6f 15 b2 23 f2 81 23 c3 b1 ad 65 8e 71 29 5f 4f Aug 26 18:32:54.314075: | 91 70 35 c3 fd 8f c1 d1 ee a6 51 18 e0 b0 27 9d Aug 26 18:32:54.314077: | 3d 64 9a 64 20 6c 25 6d 7a dd 56 7b 35 7a 68 38 Aug 26 18:32:54.314078: | 3a d9 d7 18 32 cd f2 32 a4 d0 53 eb 33 43 27 18 Aug 26 18:32:54.314080: | 68 bf e0 8d 55 db 8b a5 8f 60 4a 00 f1 14 98 46 Aug 26 18:32:54.314081: | 73 b6 9a fc e2 b9 34 3f 38 d2 8e 9b 5f 91 cd 5f Aug 26 18:32:54.314083: | 7d cd 1c fd 4c 76 ec 7b 93 71 d9 7a ef 47 19 c5 Aug 26 18:32:54.314085: | ff d9 ac 7e d4 6e ee c5 dd 15 96 5c d3 d7 8b 0f Aug 26 18:32:54.314088: | 40 93 63 6b 23 a4 1f d7 ce c6 4e c7 a0 db cd 31 Aug 26 18:32:54.314090: | c8 ce 3c 03 b9 79 ac 6a 95 db b7 d6 ab 22 2c b3 Aug 26 18:32:54.314092: | 30 77 c1 53 84 f2 43 35 7b 38 62 90 3d 5e 38 27 Aug 26 18:32:54.314093: | 06 b8 ca 54 69 39 87 60 e1 2e 5e 83 fc 02 0b 9b Aug 26 18:32:54.314095: | 54 7a 7f 67 c6 31 b8 43 38 e8 c3 8b 0b d1 38 87 Aug 26 18:32:54.314096: | 8a 0f 8f b5 22 cc 55 7c ac d5 69 d8 f1 9f c9 22 Aug 26 18:32:54.314098: | 82 94 d5 89 b1 d9 b3 95 00 05 08 85 fa 8d 5f 85 Aug 26 18:32:54.314099: | 07 00 00 24 a2 32 48 3c a6 83 6e 86 91 b0 7b 4b Aug 26 18:32:54.314101: | f5 9f 10 b3 16 ce 2d d0 4f a5 1d 09 0b 44 6a 9e Aug 26 18:32:54.314102: | 7f a6 7f cb 14 00 00 b4 04 30 81 ac 31 0b 30 09 Aug 26 18:32:54.314104: | 06 03 55 04 06 13 02 43 41 31 10 30 0e 06 03 55 Aug 26 18:32:54.314105: | 04 08 0c 07 4f 6e 74 61 72 69 6f 31 10 30 0e 06 Aug 26 18:32:54.314107: | 03 55 04 07 0c 07 54 6f 72 6f 6e 74 6f 31 12 30 Aug 26 18:32:54.314109: | 10 06 03 55 04 0a 0c 09 4c 69 62 72 65 73 77 61 Aug 26 18:32:54.314110: | 6e 31 18 30 16 06 03 55 04 0b 0c 0f 54 65 73 74 Aug 26 18:32:54.314112: | 20 44 65 70 61 72 74 6d 65 6e 74 31 25 30 23 06 Aug 26 18:32:54.314113: | 03 55 04 03 0c 1c 4c 69 62 72 65 73 77 61 6e 20 Aug 26 18:32:54.314115: | 74 65 73 74 20 43 41 20 66 6f 72 20 6d 61 69 6e Aug 26 18:32:54.314116: | 63 61 31 24 30 22 06 09 2a 86 48 86 f7 0d 01 09 Aug 26 18:32:54.314118: | 01 16 15 74 65 73 74 69 6e 67 40 6c 69 62 72 65 Aug 26 18:32:54.314119: | 73 77 61 6e 2e 6f 72 67 14 00 00 24 99 e4 e5 a0 Aug 26 18:32:54.314121: | 37 cb dd 94 28 74 d4 01 c4 09 9e a5 a4 6b 9c 45 Aug 26 18:32:54.314122: | ef f4 bd 77 7e ee 3a d0 ba 11 65 8b 00 00 00 24 Aug 26 18:32:54.314124: | 05 09 41 5f 35 ec 64 03 f2 4e 38 f1 09 1d 27 17 Aug 26 18:32:54.314126: | 17 33 7c 9a 57 ec f9 72 34 c1 a8 85 8e d7 d8 2d Aug 26 18:32:54.314129: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 18:32:54.314131: | **parse ISAKMP Message: Aug 26 18:32:54.314133: | initiator cookie: Aug 26 18:32:54.314134: | b4 b9 92 b1 8c d6 51 ed Aug 26 18:32:54.314136: | responder cookie: Aug 26 18:32:54.314138: | 11 de db 08 7f 65 6e 7d Aug 26 18:32:54.314139: | next payload type: ISAKMP_NEXT_KE (0x4) Aug 26 18:32:54.314141: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 18:32:54.314143: | exchange type: ISAKMP_XCHG_IDPROT (0x2) Aug 26 18:32:54.314145: | flags: none (0x0) Aug 26 18:32:54.314146: | Message ID: 0 (0x0) Aug 26 18:32:54.314148: | length: 576 (0x240) Aug 26 18:32:54.314150: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) Aug 26 18:32:54.314152: | State DB: found IKEv1 state #1 in MAIN_I2 (find_state_ikev1) Aug 26 18:32:54.314155: | start processing: state #1 connection "north-dpd/0x2" from 192.1.2.23 (in process_v1_packet() at ikev1.c:1459) Aug 26 18:32:54.314157: | #1 is idle Aug 26 18:32:54.314159: | #1 idle Aug 26 18:32:54.314161: | got payload 0x10 (ISAKMP_NEXT_KE) needed: 0x410 opt: 0x102080 Aug 26 18:32:54.314163: | ***parse ISAKMP Key Exchange Payload: Aug 26 18:32:54.314165: | next payload type: ISAKMP_NEXT_NONCE (0xa) Aug 26 18:32:54.314166: | length: 260 (0x104) Aug 26 18:32:54.314168: | got payload 0x400 (ISAKMP_NEXT_NONCE) needed: 0x400 opt: 0x102080 Aug 26 18:32:54.314170: | ***parse ISAKMP Nonce Payload: Aug 26 18:32:54.314172: | next payload type: ISAKMP_NEXT_CR (0x7) Aug 26 18:32:54.314173: | length: 36 (0x24) Aug 26 18:32:54.314175: | got payload 0x80 (ISAKMP_NEXT_CR) needed: 0x0 opt: 0x102080 Aug 26 18:32:54.314177: | ***parse ISAKMP Certificate RequestPayload: Aug 26 18:32:54.314178: | next payload type: ISAKMP_NEXT_NATD_RFC (0x14) Aug 26 18:32:54.314180: | length: 180 (0xb4) Aug 26 18:32:54.314182: | cert type: CERT_X509_SIGNATURE (0x4) Aug 26 18:32:54.314184: | got payload 0x100000 (ISAKMP_NEXT_NATD_RFC) needed: 0x0 opt: 0x102080 Aug 26 18:32:54.314186: | ***parse ISAKMP NAT-D Payload: Aug 26 18:32:54.314188: | next payload type: ISAKMP_NEXT_NATD_RFC (0x14) Aug 26 18:32:54.314190: | length: 36 (0x24) Aug 26 18:32:54.314191: | got payload 0x100000 (ISAKMP_NEXT_NATD_RFC) needed: 0x0 opt: 0x102080 Aug 26 18:32:54.314193: | ***parse ISAKMP NAT-D Payload: Aug 26 18:32:54.314195: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:32:54.314196: | length: 36 (0x24) Aug 26 18:32:54.314198: | message 'main_inR2_outI3' HASH payload not checked early Aug 26 18:32:54.314207: | started looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org of kind PKK_PSK Aug 26 18:32:54.314212: | actually looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org of kind PKK_PSK Aug 26 18:32:54.314217: | line 0: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org) to type PKK_RSA Aug 26 18:32:54.314220: | line 1: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org) to type PKK_RSA Aug 26 18:32:54.314222: | concluding with best_match=000 best=(nil) (lineno=-1) Aug 26 18:32:54.314223: | no PreShared Key Found Aug 26 18:32:54.314226: | adding aggr outR1 DH work-order 2 for state #1 Aug 26 18:32:54.314228: | state #1 requesting EVENT_RETRANSMIT to be deleted Aug 26 18:32:54.314230: | #1 STATE_MAIN_I2: retransmits: cleared Aug 26 18:32:54.314232: | libevent_free: release ptr-libevent@0x55a94fbd1728 Aug 26 18:32:54.314234: | free_event_entry: release EVENT_RETRANSMIT-pe@0x55a94fbcc388 Aug 26 18:32:54.314236: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55a94fbcc388 Aug 26 18:32:54.314239: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Aug 26 18:32:54.314241: | libevent_malloc: new ptr-libevent@0x7f54a0002888 size 128 Aug 26 18:32:54.314248: | complete v1 state transition with STF_SUSPEND Aug 26 18:32:54.314251: | [RE]START processing: state #1 connection "north-dpd/0x2" from 192.1.2.23 (in complete_v1_state_transition() at ikev1.c:2648) Aug 26 18:32:54.314253: | suspending state #1 and saving MD Aug 26 18:32:54.314254: | #1 is busy; has a suspended MD Aug 26 18:32:54.314257: | crypto helper 1 resuming Aug 26 18:32:54.314258: | #1 spent 0.0565 milliseconds in process_packet_tail() Aug 26 18:32:54.314268: | crypto helper 1 starting work-order 2 for state #1 Aug 26 18:32:54.314273: | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) Aug 26 18:32:54.314278: | crypto helper 1 doing compute dh+iv (V1 Phase 1) (aggr outR1 DH); request ID 2 Aug 26 18:32:54.314281: | stop processing: state #1 connection "north-dpd/0x2" from 192.1.2.23 (in process_md() at demux.c:382) Aug 26 18:32:54.314283: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 18:32:54.314286: | spent 0.22 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:32:54.314972: | crypto helper 1 finished compute dh+iv (V1 Phase 1) (aggr outR1 DH); request ID 2 time elapsed 0.000694 seconds Aug 26 18:32:54.314982: | (#1) spent 0.696 milliseconds in crypto helper computing work-order 2: aggr outR1 DH (pcr) Aug 26 18:32:54.314984: | crypto helper 1 sending results from work-order 2 for state #1 to event queue Aug 26 18:32:54.314986: | scheduling resume sending helper answer for #1 Aug 26 18:32:54.314988: | libevent_malloc: new ptr-libevent@0x7f5498000f48 size 128 Aug 26 18:32:54.314993: | crypto helper 1 waiting (nothing to do) Aug 26 18:32:54.315027: | processing resume sending helper answer for #1 Aug 26 18:32:54.315038: | start processing: state #1 connection "north-dpd/0x2" from 192.1.2.23 (in resume_handler() at server.c:797) Aug 26 18:32:54.315042: | crypto helper 1 replies to request ID 2 Aug 26 18:32:54.315044: | calling continuation function 0x55a94f4e2b50 Aug 26 18:32:54.315045: | main_inR2_outI3_cryptotail for #1: calculated DH, sending R1 Aug 26 18:32:54.315049: | **emit ISAKMP Message: Aug 26 18:32:54.315051: | initiator cookie: Aug 26 18:32:54.315052: | b4 b9 92 b1 8c d6 51 ed Aug 26 18:32:54.315054: | responder cookie: Aug 26 18:32:54.315055: | 11 de db 08 7f 65 6e 7d Aug 26 18:32:54.315057: | next payload type: ISAKMP_NEXT_ID (0x5) Aug 26 18:32:54.315059: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 18:32:54.315060: | exchange type: ISAKMP_XCHG_IDPROT (0x2) Aug 26 18:32:54.315062: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 18:32:54.315064: | Message ID: 0 (0x0) Aug 26 18:32:54.315066: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:32:54.315068: | next payload chain: ignoring supplied 'ISAKMP Message'.'next payload type' value 5:ISAKMP_NEXT_ID Aug 26 18:32:54.315070: | CR 30 81 ac 31 0b 30 09 06 03 55 04 06 13 02 43 41 Aug 26 18:32:54.315072: | CR 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 Aug 26 18:32:54.315073: | CR 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 Aug 26 18:32:54.315075: | CR 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c Aug 26 18:32:54.315076: | CR 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 Aug 26 18:32:54.315077: | CR 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 Aug 26 18:32:54.315079: | CR 6e 74 31 25 30 23 06 03 55 04 03 0c 1c 4c 69 62 Aug 26 18:32:54.315080: | CR 72 65 73 77 61 6e 20 74 65 73 74 20 43 41 20 66 Aug 26 18:32:54.315082: | CR 6f 72 20 6d 61 69 6e 63 61 31 24 30 22 06 09 2a Aug 26 18:32:54.315083: | CR 86 48 86 f7 0d 01 09 01 16 15 74 65 73 74 69 6e Aug 26 18:32:54.315085: | CR 67 40 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 Aug 26 18:32:54.315090: | requested CA: 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:32:54.315092: | thinking about whether to send my certificate: Aug 26 18:32:54.315094: | I have RSA key: OAKLEY_RSA_SIG cert.type: CERT_X509_SIGNATURE Aug 26 18:32:54.315095: | sendcert: CERT_ALWAYSSEND and I did get a certificate request Aug 26 18:32:54.315097: | so send cert. Aug 26 18:32:54.315099: | I am sending a certificate request Aug 26 18:32:54.315101: | I will NOT send an initial contact payload Aug 26 18:32:54.315102: | init checking NAT-T: enabled; RFC 3947 (NAT-Traversal) Aug 26 18:32:54.315110: | natd_hash: hasher=0x55a94f5b7ca0(32) Aug 26 18:32:54.315112: | natd_hash: icookie= b4 b9 92 b1 8c d6 51 ed Aug 26 18:32:54.315113: | natd_hash: rcookie= 11 de db 08 7f 65 6e 7d Aug 26 18:32:54.315115: | natd_hash: ip= c0 01 03 21 Aug 26 18:32:54.315116: | natd_hash: port=500 Aug 26 18:32:54.315118: | natd_hash: hash= 99 e4 e5 a0 37 cb dd 94 28 74 d4 01 c4 09 9e a5 Aug 26 18:32:54.315119: | natd_hash: hash= a4 6b 9c 45 ef f4 bd 77 7e ee 3a d0 ba 11 65 8b Aug 26 18:32:54.315123: | natd_hash: hasher=0x55a94f5b7ca0(32) Aug 26 18:32:54.315125: | natd_hash: icookie= b4 b9 92 b1 8c d6 51 ed Aug 26 18:32:54.315126: | natd_hash: rcookie= 11 de db 08 7f 65 6e 7d Aug 26 18:32:54.315128: | natd_hash: ip= c0 01 02 17 Aug 26 18:32:54.315129: | natd_hash: port=500 Aug 26 18:32:54.315131: | natd_hash: hash= 05 09 41 5f 35 ec 64 03 f2 4e 38 f1 09 1d 27 17 Aug 26 18:32:54.315132: | natd_hash: hash= 17 33 7c 9a 57 ec f9 72 34 c1 a8 85 8e d7 d8 2d Aug 26 18:32:54.315134: | expected NAT-D(me): 99 e4 e5 a0 37 cb dd 94 28 74 d4 01 c4 09 9e a5 Aug 26 18:32:54.315136: | expected NAT-D(me): a4 6b 9c 45 ef f4 bd 77 7e ee 3a d0 ba 11 65 8b Aug 26 18:32:54.315137: | expected NAT-D(him): Aug 26 18:32:54.315139: | 05 09 41 5f 35 ec 64 03 f2 4e 38 f1 09 1d 27 17 Aug 26 18:32:54.315140: | 17 33 7c 9a 57 ec f9 72 34 c1 a8 85 8e d7 d8 2d Aug 26 18:32:54.315143: | received NAT-D: 99 e4 e5 a0 37 cb dd 94 28 74 d4 01 c4 09 9e a5 Aug 26 18:32:54.315145: | received NAT-D: a4 6b 9c 45 ef f4 bd 77 7e ee 3a d0 ba 11 65 8b Aug 26 18:32:54.315146: | received NAT-D: 05 09 41 5f 35 ec 64 03 f2 4e 38 f1 09 1d 27 17 Aug 26 18:32:54.315148: | received NAT-D: 17 33 7c 9a 57 ec f9 72 34 c1 a8 85 8e d7 d8 2d Aug 26 18:32:54.315149: | NAT_TRAVERSAL encaps using auto-detect Aug 26 18:32:54.315151: | NAT_TRAVERSAL this end is NOT behind NAT Aug 26 18:32:54.315152: | NAT_TRAVERSAL that end is NOT behind NAT Aug 26 18:32:54.315154: | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.23 Aug 26 18:32:54.315156: | NAT-Traversal: Result using RFC 3947 (NAT-Traversal) sender port 500: no NAT detected Aug 26 18:32:54.315158: | NAT_T_WITH_KA detected Aug 26 18:32:54.315160: | global one-shot timer EVENT_NAT_T_KEEPALIVE scheduled in 20 seconds Aug 26 18:32:54.315162: | ***emit ISAKMP Identification Payload (IPsec DOI): Aug 26 18:32:54.315164: | next payload type: ISAKMP_NEXT_CERT (0x6) Aug 26 18:32:54.315166: | ID type: ID_DER_ASN1_DN (0x9) Aug 26 18:32:54.315167: | Protocol ID: 0 (0x0) Aug 26 18:32:54.315169: | port: 0 (0x0) Aug 26 18:32:54.315171: | next payload chain: ignoring supplied 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' value 6:ISAKMP_NEXT_CERT Aug 26 18:32:54.315173: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) Aug 26 18:32:54.315175: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' Aug 26 18:32:54.315177: | emitting 185 raw bytes of my identity into ISAKMP Identification Payload (IPsec DOI) Aug 26 18:32:54.315179: | my identity 30 81 b6 31 0b 30 09 06 03 55 04 06 13 02 43 41 Aug 26 18:32:54.315180: | my identity 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 Aug 26 18:32:54.315182: | my identity 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 Aug 26 18:32:54.315183: | my identity 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c Aug 26 18:32:54.315185: | my identity 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 Aug 26 18:32:54.315186: | my identity 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 Aug 26 18:32:54.315188: | my identity 6e 74 31 24 30 22 06 03 55 04 03 0c 1b 6e 6f 72 Aug 26 18:32:54.315189: | my identity 74 68 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 Aug 26 18:32:54.315191: | my identity 73 77 61 6e 2e 6f 72 67 31 2f 30 2d 06 09 2a 86 Aug 26 18:32:54.315192: | my identity 48 86 f7 0d 01 09 01 16 20 75 73 65 72 2d 6e 6f Aug 26 18:32:54.315194: | my identity 72 74 68 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 Aug 26 18:32:54.315195: | my identity 65 73 77 61 6e 2e 6f 72 67 Aug 26 18:32:54.315197: | emitting length of ISAKMP Identification Payload (IPsec DOI): 193 Aug 26 18:32:54.315199: "north-dpd/0x2" #1: I am sending my cert Aug 26 18:32:54.315206: | ***emit ISAKMP Certificate Payload: Aug 26 18:32:54.315208: | next payload type: ISAKMP_NEXT_CR (0x7) Aug 26 18:32:54.315209: | cert encoding: CERT_X509_SIGNATURE (0x4) Aug 26 18:32:54.315211: | next payload chain: ignoring supplied 'ISAKMP Certificate Payload'.'next payload type' value 7:ISAKMP_NEXT_CR Aug 26 18:32:54.315213: | next payload chain: setting previous 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' to current ISAKMP Certificate Payload (6:ISAKMP_NEXT_CERT) Aug 26 18:32:54.315215: | next payload chain: saving location 'ISAKMP Certificate Payload'.'next payload type' in 'reply packet' Aug 26 18:32:54.315217: | emitting 1227 raw bytes of CERT into ISAKMP Certificate Payload Aug 26 18:32:54.315219: | CERT 30 82 04 c7 30 82 04 30 a0 03 02 01 02 02 01 06 Aug 26 18:32:54.315220: | CERT 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 Aug 26 18:32:54.315222: | CERT 81 ac 31 0b 30 09 06 03 55 04 06 13 02 43 41 31 Aug 26 18:32:54.315223: | CERT 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 69 Aug 26 18:32:54.315226: | CERT 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 6f Aug 26 18:32:54.315227: | CERT 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c 69 Aug 26 18:32:54.315229: | CERT 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 0b Aug 26 18:32:54.315230: | CERT 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 6e Aug 26 18:32:54.315232: | CERT 74 31 25 30 23 06 03 55 04 03 0c 1c 4c 69 62 72 Aug 26 18:32:54.315233: | CERT 65 73 77 61 6e 20 74 65 73 74 20 43 41 20 66 6f Aug 26 18:32:54.315235: | CERT 72 20 6d 61 69 6e 63 61 31 24 30 22 06 09 2a 86 Aug 26 18:32:54.315236: | CERT 48 86 f7 0d 01 09 01 16 15 74 65 73 74 69 6e 67 Aug 26 18:32:54.315238: | CERT 40 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 30 22 Aug 26 18:32:54.315239: | CERT 18 0f 32 30 31 39 30 38 32 34 30 39 30 37 35 33 Aug 26 18:32:54.315241: | CERT 5a 18 0f 32 30 32 32 30 38 32 33 30 39 30 37 35 Aug 26 18:32:54.315242: | CERT 33 5a 30 81 b6 31 0b 30 09 06 03 55 04 06 13 02 Aug 26 18:32:54.315244: | CERT 43 41 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 Aug 26 18:32:54.315245: | CERT 61 72 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 Aug 26 18:32:54.315247: | CERT 6f 72 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c Aug 26 18:32:54.315249: | CERT 09 4c 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 Aug 26 18:32:54.315252: | CERT 55 04 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 Aug 26 18:32:54.315254: | CERT 6d 65 6e 74 31 24 30 22 06 03 55 04 03 0c 1b 6e Aug 26 18:32:54.315256: | CERT 6f 72 74 68 2e 74 65 73 74 69 6e 67 2e 6c 69 62 Aug 26 18:32:54.315258: | CERT 72 65 73 77 61 6e 2e 6f 72 67 31 2f 30 2d 06 09 Aug 26 18:32:54.315261: | CERT 2a 86 48 86 f7 0d 01 09 01 16 20 75 73 65 72 2d Aug 26 18:32:54.315263: | CERT 6e 6f 72 74 68 40 74 65 73 74 69 6e 67 2e 6c 69 Aug 26 18:32:54.315265: | CERT 62 72 65 73 77 61 6e 2e 6f 72 67 30 82 01 a2 30 Aug 26 18:32:54.315268: | CERT 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 Aug 26 18:32:54.315270: | CERT 01 8f 00 30 82 01 8a 02 82 01 81 00 c0 59 bd 4b Aug 26 18:32:54.315272: | CERT 40 fd f4 2c e7 cf 9e f3 29 e6 61 73 de ab 42 3d Aug 26 18:32:54.315275: | CERT cc 51 1a e8 79 d6 53 46 a1 fd 66 d1 9e ab b4 65 Aug 26 18:32:54.315277: | CERT 76 51 ad 3f 6f 8f ef d2 73 f9 fd 8f 44 b0 6c 36 Aug 26 18:32:54.315280: | CERT 4b 95 c3 b2 45 0f 31 0c e9 df 35 95 44 c0 19 53 Aug 26 18:32:54.315282: | CERT 8d df 6a 4b b2 af d6 d3 e8 dd f5 20 df 9c cd 8a Aug 26 18:32:54.315284: | CERT f7 6a 09 92 60 00 45 44 39 4c 17 6c 06 02 91 37 Aug 26 18:32:54.315287: | CERT 4b f5 6a c3 5e 21 c6 64 32 32 98 1d b7 99 1f 3c Aug 26 18:32:54.315309: | CERT 13 fe ec c7 a4 a5 3b 37 30 df e4 31 95 47 91 b1 Aug 26 18:32:54.315311: | CERT ca 96 66 b7 9e 49 65 a2 4c 79 54 17 ed 68 19 34 Aug 26 18:32:54.315316: | CERT 9d 7e 67 91 27 51 f0 ee cb b3 90 68 7c 1d fd 83 Aug 26 18:32:54.315332: | CERT 32 06 2e e6 6f d5 f0 62 00 4d ef 11 90 b6 ad 61 Aug 26 18:32:54.315335: | CERT 83 0b 21 94 18 d9 2b 88 09 0d 33 2e 3b 71 18 f4 Aug 26 18:32:54.315337: | CERT ce 4a 45 f3 37 f4 db c0 d6 ab c2 da da cd 6d e0 Aug 26 18:32:54.315340: | CERT a3 9d 21 53 19 34 b1 0c d9 63 7c 45 b7 26 a4 d9 Aug 26 18:32:54.315342: | CERT d6 93 25 1e 1f 74 3c 07 32 69 9b bc 0f db ba 3e Aug 26 18:32:54.315344: | CERT 30 85 a4 3d ec 5c 70 fe fe 7d 64 3c 2c 48 b3 8a Aug 26 18:32:54.315347: | CERT eb 26 bf 05 d4 33 1e c3 f7 1c 24 c9 99 e3 d1 99 Aug 26 18:32:54.315349: | CERT 91 df 32 10 d5 7c 31 7e 9e 6f 70 01 dc 0d d7 21 Aug 26 18:32:54.315352: | CERT 03 76 4d f5 b2 e3 87 30 94 8c b2 0a c0 b4 d9 0b Aug 26 18:32:54.315354: | CERT d4 d9 37 e0 7a 73 13 50 8d 6f 93 9a 7c 5a 1a b2 Aug 26 18:32:54.315357: | CERT 87 7e 0c 64 60 cb 4b 2c ef 22 75 b1 7c 60 3e e3 Aug 26 18:32:54.315359: | CERT e5 f1 94 38 51 8f 00 e8 35 7b b5 01 ed c1 c4 fd Aug 26 18:32:54.315362: | CERT a3 4b 56 42 d6 8b 64 38 74 95 c4 13 70 f0 f0 23 Aug 26 18:32:54.315364: | CERT 29 57 2b ef 74 97 97 76 8d 30 48 91 02 03 01 00 Aug 26 18:32:54.315368: | CERT 01 a3 81 e4 30 81 e1 30 09 06 03 55 1d 13 04 02 Aug 26 18:32:54.315371: | CERT 30 00 30 26 06 03 55 1d 11 04 1f 30 1d 82 1b 6e Aug 26 18:32:54.315373: | CERT 6f 72 74 68 2e 74 65 73 74 69 6e 67 2e 6c 69 62 Aug 26 18:32:54.315374: | CERT 72 65 73 77 61 6e 2e 6f 72 67 30 0b 06 03 55 1d Aug 26 18:32:54.315376: | CERT 0f 04 04 03 02 07 80 30 1d 06 03 55 1d 25 04 16 Aug 26 18:32:54.315377: | CERT 30 14 06 08 2b 06 01 05 05 07 03 01 06 08 2b 06 Aug 26 18:32:54.315379: | CERT 01 05 05 07 03 02 30 41 06 08 2b 06 01 05 05 07 Aug 26 18:32:54.315380: | CERT 01 01 04 35 30 33 30 31 06 08 2b 06 01 05 05 07 Aug 26 18:32:54.315382: | CERT 30 01 86 25 68 74 74 70 3a 2f 2f 6e 69 63 2e 74 Aug 26 18:32:54.315383: | CERT 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 6e Aug 26 18:32:54.315385: | CERT 2e 6f 72 67 3a 32 35 36 30 30 3d 06 03 55 1d 1f Aug 26 18:32:54.315386: | CERT 04 36 30 34 30 32 a0 30 a0 2e 86 2c 68 74 74 70 Aug 26 18:32:54.315388: | CERT 3a 2f 2f 6e 69 63 2e 74 65 73 74 69 6e 67 2e 6c Aug 26 18:32:54.315389: | CERT 69 62 72 65 73 77 61 6e 2e 6f 72 67 2f 72 65 76 Aug 26 18:32:54.315390: | CERT 6f 6b 65 64 2e 63 72 6c 30 0d 06 09 2a 86 48 86 Aug 26 18:32:54.315392: | CERT f7 0d 01 01 0b 05 00 03 81 81 00 9e e9 26 57 73 Aug 26 18:32:54.315393: | CERT c2 4c 64 c6 ab d6 d3 1a 13 4f 6b 48 e3 17 b2 3d Aug 26 18:32:54.315395: | CERT fb 30 93 2d 15 92 6e a3 60 29 10 1d 3e a7 93 48 Aug 26 18:32:54.315396: | CERT 3c 40 5b af 9e e5 93 b7 2f d5 4b 9f db bd ab 5d Aug 26 18:32:54.315398: | CERT 03 57 3a 1a f9 81 87 13 dd 32 e7 93 b5 9e 3b 40 Aug 26 18:32:54.315399: | CERT 3c c6 c9 d5 ce c6 c7 5d da 89 36 3d d0 36 82 fd Aug 26 18:32:54.315401: | CERT b2 ab 00 2a 7c 0e a7 ad 3e e2 b1 5a 0d 88 45 26 Aug 26 18:32:54.315402: | CERT 48 51 b3 c7 79 d7 04 e7 47 5f 28 f8 63 fb ae 58 Aug 26 18:32:54.315404: | CERT 52 8b ba 60 ce 19 ac fa 4e 65 7d Aug 26 18:32:54.315405: | emitting length of ISAKMP Certificate Payload: 1232 Aug 26 18:32:54.315408: "north-dpd/0x2" #1: I am sending a certificate request Aug 26 18:32:54.315413: | ***emit ISAKMP Certificate RequestPayload: Aug 26 18:32:54.315415: | next payload type: ISAKMP_NEXT_SIG (0x9) Aug 26 18:32:54.315416: | cert type: CERT_X509_SIGNATURE (0x4) Aug 26 18:32:54.315418: | next payload chain: ignoring supplied 'ISAKMP Certificate RequestPayload'.'next payload type' value 9:ISAKMP_NEXT_SIG Aug 26 18:32:54.315420: | next payload chain: setting previous 'ISAKMP Certificate Payload'.'next payload type' to current ISAKMP Certificate RequestPayload (7:ISAKMP_NEXT_CR) Aug 26 18:32:54.315422: | next payload chain: saving location 'ISAKMP Certificate RequestPayload'.'next payload type' in 'reply packet' Aug 26 18:32:54.315424: | emitting 175 raw bytes of CA into ISAKMP Certificate RequestPayload Aug 26 18:32:54.315426: | CA 30 81 ac 31 0b 30 09 06 03 55 04 06 13 02 43 41 Aug 26 18:32:54.315427: | CA 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 Aug 26 18:32:54.315429: | CA 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 Aug 26 18:32:54.315430: | CA 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c Aug 26 18:32:54.315432: | CA 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 Aug 26 18:32:54.315433: | CA 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 Aug 26 18:32:54.315435: | CA 6e 74 31 25 30 23 06 03 55 04 03 0c 1c 4c 69 62 Aug 26 18:32:54.315436: | CA 72 65 73 77 61 6e 20 74 65 73 74 20 43 41 20 66 Aug 26 18:32:54.315438: | CA 6f 72 20 6d 61 69 6e 63 61 31 24 30 22 06 09 2a Aug 26 18:32:54.315439: | CA 86 48 86 f7 0d 01 09 01 16 15 74 65 73 74 69 6e Aug 26 18:32:54.315440: | CA 67 40 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 Aug 26 18:32:54.315442: | emitting length of ISAKMP Certificate RequestPayload: 180 Aug 26 18:32:54.315471: | started looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org of kind PKK_RSA Aug 26 18:32:54.315566: | searching for certificate PKK_RSA:AwEAAcBZv vs PKK_RSA:AwEAAcBZv Aug 26 18:32:54.320997: | ***emit ISAKMP Signature Payload: Aug 26 18:32:54.321007: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:32:54.321010: | next payload chain: setting previous 'ISAKMP Certificate RequestPayload'.'next payload type' to current ISAKMP Signature Payload (9:ISAKMP_NEXT_SIG) Aug 26 18:32:54.321012: | next payload chain: saving location 'ISAKMP Signature Payload'.'next payload type' in 'reply packet' Aug 26 18:32:54.321014: | emitting 384 raw bytes of SIG_I into ISAKMP Signature Payload Aug 26 18:32:54.321016: | SIG_I 6a 0a da c3 e3 af 26 d2 53 2c 1e 4f 59 d6 04 69 Aug 26 18:32:54.321017: | SIG_I 45 89 54 6f 8b 8b 87 6d 46 62 dc 1e 56 6c aa 58 Aug 26 18:32:54.321019: | SIG_I 06 94 14 ad e3 89 e4 d8 67 cf a9 c5 39 cc a4 ea Aug 26 18:32:54.321020: | SIG_I 6f 72 fc 95 11 14 81 d3 15 14 bc 6d 76 4d 30 32 Aug 26 18:32:54.321022: | SIG_I 9e 88 dc b9 7c 27 88 0f 5b 71 f1 97 83 fd 8c 2a Aug 26 18:32:54.321023: | SIG_I 5f 42 b3 a9 d6 5d 46 0a d7 ed 88 94 05 b9 6b 28 Aug 26 18:32:54.321025: | SIG_I fd 29 18 b2 f7 9d 38 2f 5b 5b 28 1a 8e aa d1 ab Aug 26 18:32:54.321026: | SIG_I dc 8a dc d7 d5 56 83 7e 37 2c 6d 77 94 65 61 65 Aug 26 18:32:54.321028: | SIG_I cf f4 21 73 12 7d 68 37 f3 ac 2f 08 20 44 ff 42 Aug 26 18:32:54.321029: | SIG_I 29 52 22 aa 74 ac cb e5 1a a3 58 df d3 ff 0d 77 Aug 26 18:32:54.321031: | SIG_I be a5 81 86 cf da de e0 8b 97 49 42 21 2d dd c7 Aug 26 18:32:54.321032: | SIG_I 94 7c da 7c 1d c4 c0 2a ad 6b bf 29 54 27 f8 1e Aug 26 18:32:54.321034: | SIG_I 2a 16 07 e0 ec ac 70 08 5c ef f5 13 8b c7 ab a1 Aug 26 18:32:54.321035: | SIG_I b7 4a d0 f4 07 47 bc b2 3a 17 e4 54 6b 6d 5d ca Aug 26 18:32:54.321037: | SIG_I d8 4c 58 f3 fe 2a ab 95 e5 28 c5 33 db 6f 11 28 Aug 26 18:32:54.321038: | SIG_I 8a 42 47 6f 6d f2 4c fd 47 02 6e e0 01 07 53 06 Aug 26 18:32:54.321040: | SIG_I 6b c5 f3 0a f1 f5 47 b7 09 ad d9 9b 02 a7 79 41 Aug 26 18:32:54.321041: | SIG_I b5 85 bb 1a 93 77 8f 11 2d 93 95 9c 3f b8 39 a6 Aug 26 18:32:54.321043: | SIG_I 6e 5b a1 ad 12 e4 cb ed 59 03 29 6c 40 49 b4 aa Aug 26 18:32:54.321044: | SIG_I 61 29 c4 62 2d 54 44 a5 d9 ae 59 a6 8c 5a 3e b7 Aug 26 18:32:54.321046: | SIG_I d4 da 05 11 20 55 a2 4c 91 f2 9d f5 ad fa 01 39 Aug 26 18:32:54.321047: | SIG_I 96 fb 00 7a aa 03 28 93 b8 a8 34 01 5a c7 31 c1 Aug 26 18:32:54.321049: | SIG_I 15 fa 7c e9 19 2e 14 8f e9 b5 96 45 d7 33 e3 ba Aug 26 18:32:54.321050: | SIG_I 05 8d ab 67 65 c5 a2 c6 89 fb ed 3c aa a0 b8 68 Aug 26 18:32:54.321052: | emitting length of ISAKMP Signature Payload: 388 Aug 26 18:32:54.321054: | Not sending INITIAL_CONTACT Aug 26 18:32:54.321056: | emitting 7 zero bytes of encryption padding into ISAKMP Message Aug 26 18:32:54.321057: | no IKEv1 message padding required Aug 26 18:32:54.321059: | emitting length of ISAKMP Message: 2028 Aug 26 18:32:54.321068: | complete v1 state transition with STF_OK Aug 26 18:32:54.321073: | [RE]START processing: state #1 connection "north-dpd/0x2" from 192.1.2.23 (in complete_v1_state_transition() at ikev1.c:2673) Aug 26 18:32:54.321074: | #1 is idle Aug 26 18:32:54.321076: | doing_xauth:no, t_xauth_client_done:no Aug 26 18:32:54.321078: | IKEv1: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3 Aug 26 18:32:54.321080: | parent state #1: MAIN_I2(open IKE SA) => MAIN_I3(open IKE SA) Aug 26 18:32:54.321082: | event_already_set, deleting event Aug 26 18:32:54.321084: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 18:32:54.321087: | libevent_free: release ptr-libevent@0x7f54a0002888 Aug 26 18:32:54.321089: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55a94fbcc388 Aug 26 18:32:54.321092: | sending reply packet to 192.1.2.23:500 (from 192.1.3.33:500) Aug 26 18:32:54.321097: | sending 2028 bytes for STATE_MAIN_I2 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Aug 26 18:32:54.321101: | b4 b9 92 b1 8c d6 51 ed 11 de db 08 7f 65 6e 7d Aug 26 18:32:54.321103: | 05 10 02 01 00 00 00 00 00 00 07 ec d8 f5 ce ff Aug 26 18:32:54.321104: | 18 7e 5f 88 c9 d3 4d a8 a3 60 88 b3 80 47 21 31 Aug 26 18:32:54.321106: | 69 0a eb 52 89 00 6f 49 54 52 04 19 fa b5 a5 71 Aug 26 18:32:54.321107: | 41 07 32 7a 89 97 bb 17 5c f9 07 a6 10 41 1e 7b Aug 26 18:32:54.321109: | 78 05 2d a3 04 d1 f9 ca f8 3d a8 48 52 29 75 d6 Aug 26 18:32:54.321110: | 28 92 83 5e 53 67 3c 4a 99 f0 bd f8 72 05 c6 4f Aug 26 18:32:54.321112: | 6d 6e 75 22 4e 99 5e ee 46 df ba a6 4d 47 e3 1e Aug 26 18:32:54.321113: | 17 a9 8a 80 81 ff 30 7a f7 0e 2f dc e9 22 1f f1 Aug 26 18:32:54.321114: | f9 3c 8a eb a0 1a 6c 8b 58 a1 0a e9 1a cf 16 d3 Aug 26 18:32:54.321116: | 90 8e e6 ea f4 e6 e6 ac 92 df a4 bb 3d 19 17 24 Aug 26 18:32:54.321117: | be 85 db fd 02 e5 3c db 68 0c 3f d2 89 5f 9f aa Aug 26 18:32:54.321119: | af 7e 54 b0 19 3d 4b 1f 83 e5 e8 73 9b 94 da fe Aug 26 18:32:54.321120: | 43 f7 6c 10 05 11 0f 00 0e cc 00 22 2b f5 8d 50 Aug 26 18:32:54.321122: | 0a 9b 82 99 37 37 98 e3 cd 5a 32 c6 08 ed f1 08 Aug 26 18:32:54.321123: | 6d 8a 76 89 bc cf ca 3d 04 6a e0 b5 f6 ef 50 12 Aug 26 18:32:54.321125: | 60 63 c2 70 f1 19 36 9c 01 11 6f 1b d0 50 84 3d Aug 26 18:32:54.321126: | 01 e1 39 f4 2c 42 48 a0 2e 0e c3 95 9c 91 13 ad Aug 26 18:32:54.321128: | 81 37 ac 18 f0 fe e1 26 f5 d6 ac 73 ca a9 9c 54 Aug 26 18:32:54.321144: | 1d b3 20 aa 99 f6 9e 7f 92 06 c7 06 e9 1e 97 e1 Aug 26 18:32:54.321146: | 54 9d 83 ce 6f 43 76 1a ab bc 7c 5b aa e4 13 bb Aug 26 18:32:54.321147: | 08 73 4e aa 99 61 fb 23 7c 29 62 88 f9 55 05 12 Aug 26 18:32:54.321149: | 5c db 7d 38 4e 11 b0 df 68 e9 72 38 26 d6 cf 26 Aug 26 18:32:54.321150: | 05 a9 df c9 ad 27 b8 55 80 b7 10 b6 3d bf 9f 05 Aug 26 18:32:54.321152: | 9c e9 f8 aa ee 69 42 9c 7f 3f 22 e7 19 34 11 89 Aug 26 18:32:54.321153: | c9 92 bf 46 f8 13 51 2f 06 01 ab ee 13 e6 bc e6 Aug 26 18:32:54.321155: | 3a 63 09 f5 3f d8 4c 72 ae 16 23 0e 70 b4 82 c1 Aug 26 18:32:54.321156: | 25 83 7d 53 d3 c5 cf 92 53 aa c2 98 a1 2e 47 cc Aug 26 18:32:54.321158: | cf 2c 99 27 b3 1b 79 68 c2 bd 3e 70 42 2e 1e 03 Aug 26 18:32:54.321159: | 40 3c d3 b9 a1 b4 fe 9f a6 03 5b 5b c8 62 a9 66 Aug 26 18:32:54.321161: | 26 f3 c6 e4 a3 d8 f7 c7 3a 4f 44 f8 d3 77 e5 e5 Aug 26 18:32:54.321162: | 79 42 d4 cb 47 4f 64 1a 82 c3 3e 62 d7 01 79 3f Aug 26 18:32:54.321163: | 7a 90 bd 41 19 f5 b8 ba fd 45 de 3a 62 84 51 4c Aug 26 18:32:54.321165: | 69 15 9d 81 f9 a2 d3 9f 8b 68 e7 8f 31 4f e7 77 Aug 26 18:32:54.321166: | 37 33 50 cd f2 d5 d4 11 31 0b 0e c3 b1 a4 38 39 Aug 26 18:32:54.321168: | e6 11 58 83 bc 3b be 9c 1a cd 18 28 72 fd da c6 Aug 26 18:32:54.321169: | f9 1d eb f4 9c c1 cc 9b ed 19 b5 44 80 4d e9 b3 Aug 26 18:32:54.321171: | 9a 12 38 f4 15 1e 78 4f 44 1e d8 be 3c d5 23 29 Aug 26 18:32:54.321172: | 9f ec a1 39 e2 b0 4b fc b9 aa 9c b7 76 95 e5 d2 Aug 26 18:32:54.321174: | 45 88 89 5b a7 6f ef f1 e9 0c 9f 32 66 47 71 82 Aug 26 18:32:54.321175: | cc 93 f7 cd ad e7 df dd d2 00 73 11 91 fe 5a a9 Aug 26 18:32:54.321177: | 3b 0d c2 5f 7a e6 82 b8 7b e1 02 8a 9a ed 1c 21 Aug 26 18:32:54.321178: | ac 42 c5 c1 db a0 ce 7a 30 60 ed 58 70 5f ca 45 Aug 26 18:32:54.321180: | 1e 5f 2c ee 83 a5 9b 0c d8 b9 03 f1 a4 be 0c fd Aug 26 18:32:54.321181: | 34 0b ff 95 67 40 b4 95 34 8f 38 0b 7b 20 ae f7 Aug 26 18:32:54.321183: | 6d 58 d4 59 4f 14 32 44 cd 22 1e 09 22 86 05 b6 Aug 26 18:32:54.321184: | 7b cf f2 e1 8e 58 e2 c1 3b e9 88 4e d8 70 f4 e6 Aug 26 18:32:54.321186: | f9 42 82 76 49 a5 20 4b 6e 71 7c fd 08 c9 d0 56 Aug 26 18:32:54.321187: | 67 14 2c 4d bf 67 53 85 a7 77 65 a9 3a 1b 3d 77 Aug 26 18:32:54.321189: | 39 d6 8a b7 fd ee 6b 4d e8 b1 91 4a 81 ca 6d 50 Aug 26 18:32:54.321190: | 1b 3e be d2 4a c1 05 57 d3 3d fa 50 b9 9d eb 61 Aug 26 18:32:54.321192: | 4b a2 13 73 5b ab 60 d1 dd 09 e4 fc fc e6 84 02 Aug 26 18:32:54.321194: | 9e 7c 09 5c b8 b6 00 ed 77 06 60 8d 0c b6 f6 07 Aug 26 18:32:54.321196: | aa 1f df db 6d 1a 18 b7 3f 67 06 d9 a0 bb f0 b8 Aug 26 18:32:54.321197: | 87 58 4b 52 09 67 28 73 a6 2c 2f aa 15 22 19 dd Aug 26 18:32:54.321199: | c9 d6 b0 32 48 e7 3d a6 2b 45 48 49 96 5f bf 22 Aug 26 18:32:54.321200: | 4f 96 43 ca eb a5 32 0f 81 76 e4 b8 55 ba ce 8c Aug 26 18:32:54.321202: | f4 06 b7 71 7f 63 dc 8c fa bb cb 44 9d 03 cb 97 Aug 26 18:32:54.321203: | b4 62 9b bd e1 6c 69 88 f8 66 6c 00 11 e7 9f e5 Aug 26 18:32:54.321205: | 0a d7 f4 1f 8f 99 d9 36 ff 7d 82 6d 95 d1 15 aa Aug 26 18:32:54.321206: | 22 ef e3 ab ff d6 14 2a 20 20 61 ea cc af f3 27 Aug 26 18:32:54.321208: | 0f 15 b8 42 ca 3f c5 c1 5b 7a 54 a6 92 c7 6b ef Aug 26 18:32:54.321209: | a3 ac 75 fc 66 56 ef fe 7e e3 00 68 ac 7c bc 6f Aug 26 18:32:54.321211: | e5 cd d2 21 00 5d ff 06 f7 76 f4 bc 74 d1 17 42 Aug 26 18:32:54.321212: | dc f0 af 97 62 d4 b5 3d 0e 5f da 64 6d ca e1 ac Aug 26 18:32:54.321213: | e3 e4 f4 4d 13 12 39 d3 5a e3 07 d5 30 fb 81 b9 Aug 26 18:32:54.321215: | 94 7a 65 2e f6 57 7c ff 3b 3e a4 02 57 ca b2 2b Aug 26 18:32:54.321216: | 7f b3 cc b9 f6 86 80 27 9b 8b 8a d4 e2 c5 69 60 Aug 26 18:32:54.321218: | 6d ab 0c 0a 01 6d 8a 3f 32 6f 50 21 ff 28 c9 f3 Aug 26 18:32:54.321219: | 7a 99 6d 49 51 4e e9 11 8a 66 d4 b6 cf ca d7 ae Aug 26 18:32:54.321221: | e2 c0 a4 98 ce 0f b3 62 6d 18 fe 7b 84 23 7c 93 Aug 26 18:32:54.321222: | 77 31 1c 38 f9 f6 e5 95 ef 81 c5 4b b8 bb 4c f8 Aug 26 18:32:54.321224: | 06 15 24 61 51 63 20 d0 67 59 b5 56 64 dc 39 27 Aug 26 18:32:54.321225: | e0 92 6a 2e 1c 94 ce 6b 16 5a 2a d8 c2 af ae b6 Aug 26 18:32:54.321227: | 8f 6a 82 c6 a8 fc 90 9e 1b 95 fd 2b b2 d7 6d 7e Aug 26 18:32:54.321228: | 2e eb a6 8b ef f7 20 cd 1a 13 09 e1 3f d3 a6 0c Aug 26 18:32:54.321230: | 6c 4d ef 24 3b e1 3a ec 93 65 06 26 cd 1f 31 a5 Aug 26 18:32:54.321231: | 5a d0 1c 53 12 0a d0 89 75 fd e0 b2 33 67 d4 33 Aug 26 18:32:54.321233: | 30 d5 ad 38 ff 42 2e c5 66 0b 79 12 69 b2 4c 6f Aug 26 18:32:54.321234: | 00 d6 75 2c 2c b1 2b 0d cf 48 6e e3 e4 0e 5c 39 Aug 26 18:32:54.321236: | 00 10 af 9d ff 06 53 42 92 44 8f 47 64 1f 74 b9 Aug 26 18:32:54.321237: | 51 0a 88 01 26 da 95 98 25 87 24 c4 1d 86 71 79 Aug 26 18:32:54.321239: | 1c 0b 9b e9 c2 47 fd 96 a1 eb c3 8d e7 dd e3 11 Aug 26 18:32:54.321240: | 9f 22 e8 d0 d8 58 04 8b 3a ab 33 98 9d be d2 8f Aug 26 18:32:54.321242: | bc 78 e9 bf 7e 5b 28 39 5a 9b 13 42 ec 2e d6 00 Aug 26 18:32:54.321243: | a4 73 a4 b6 6e 79 0c 8b 1e a8 9e e9 b6 ea 24 d1 Aug 26 18:32:54.321245: | f1 b7 75 23 b8 93 c9 1c 5d 7c cf 9a ad 2e 32 ae Aug 26 18:32:54.321246: | 64 63 a8 e5 d0 e5 a4 80 52 af 61 0d ab ce 30 4d Aug 26 18:32:54.321248: | b0 d5 9b fd f8 d1 fa 85 a0 ad 38 c3 ca 68 f8 65 Aug 26 18:32:54.321249: | 79 ce cc 10 d4 c9 6a 3e e0 f2 fb 19 fd 9a 1f b9 Aug 26 18:32:54.321251: | 38 17 5a 43 c7 6e 9a fa d2 1a f4 b1 d9 1b 26 c9 Aug 26 18:32:54.321252: | 56 d9 8e 43 b1 29 96 0a 15 59 5b 88 08 4f 36 d4 Aug 26 18:32:54.321254: | c7 3d fe d7 f3 54 f1 3c c0 2f 14 3e eb 8a ad c3 Aug 26 18:32:54.321255: | e4 31 f4 02 7f 92 8a df 16 09 c1 5d bd b3 fd ca Aug 26 18:32:54.321257: | 60 98 9d 15 d8 90 aa c8 0d e2 18 57 92 a6 17 6e Aug 26 18:32:54.321258: | 4f c7 c6 56 e7 ee 77 28 09 b9 fb eb 3a ff d3 2e Aug 26 18:32:54.321260: | 3d 18 5a db 5a 15 d1 68 e0 04 87 45 d2 4a 60 52 Aug 26 18:32:54.321261: | bf 80 38 77 db 84 bf 91 01 c5 5b da 36 5b 5f cf Aug 26 18:32:54.321262: | 2a bc 84 69 40 6b c7 62 c0 23 43 0c 9f 52 c9 a9 Aug 26 18:32:54.321264: | 3a 5a 19 22 6f 10 c8 0f 08 22 c9 15 c3 6e e6 c0 Aug 26 18:32:54.321265: | 57 06 99 37 d2 50 30 2f c1 b0 d8 8f 98 1e e2 fd Aug 26 18:32:54.321267: | 17 12 be 19 3a 8e b6 cd 35 5e e5 4d fe 29 e7 3a Aug 26 18:32:54.321268: | 3a 70 83 df 64 07 5b 65 ad 73 22 e1 b5 9b 87 3d Aug 26 18:32:54.321270: | 3f 18 e6 3f 00 4f fa e5 f8 82 d3 b6 5d c9 84 b1 Aug 26 18:32:54.321272: | 4b a1 80 83 60 c9 3b 83 31 01 51 8a 58 64 a5 ba Aug 26 18:32:54.321274: | 37 96 cf 62 0a ed e2 88 d9 47 48 bc 0e 2c b8 54 Aug 26 18:32:54.321275: | f5 0d e7 1d bf c5 09 b2 50 f9 03 cb 1e 34 0f d3 Aug 26 18:32:54.321277: | 79 08 2a 21 e2 c6 9d 0e 74 ca a0 44 4b 4e b8 c9 Aug 26 18:32:54.321278: | 6a cb 70 f1 f9 c0 29 ba aa 78 47 ea b5 2a f6 6d Aug 26 18:32:54.321280: | 90 a5 25 e5 48 48 f4 07 c5 ab f7 45 e9 e3 89 dc Aug 26 18:32:54.321281: | e5 6a 32 a2 9a fd 29 6a 45 b6 eb ca 41 49 25 64 Aug 26 18:32:54.321283: | 47 d6 bf df 24 54 4a 7a f1 59 17 1b a4 1b ca 35 Aug 26 18:32:54.321284: | 18 4b ba 70 75 ad 27 ab 80 a4 5a fe 47 f2 be 1f Aug 26 18:32:54.321286: | b2 65 2d 62 1e de 76 e1 9a bb cf ba 23 4a 40 9e Aug 26 18:32:54.321287: | 87 41 67 1c 16 78 7c 50 85 3a da 2f 02 a2 11 a2 Aug 26 18:32:54.321295: | 27 e0 db 8f 49 05 ea 4c d6 ee 6e bd db 17 73 15 Aug 26 18:32:54.321297: | 0f 96 63 09 9b 08 b8 a1 62 6e 4e 6d 0a 88 91 26 Aug 26 18:32:54.321299: | 96 9c f7 10 88 cb 15 9e b6 43 7a d5 c5 45 f7 e3 Aug 26 18:32:54.321300: | 7e a1 b6 d0 e4 d0 51 5a 23 e2 05 ab c2 f2 bb 97 Aug 26 18:32:54.321302: | 5d b4 d5 56 8d 54 f7 a4 0e 9e 78 23 ca 9d 00 dd Aug 26 18:32:54.321303: | 45 7e 79 45 64 dc 8e be b9 f7 ad e2 84 7d 02 a6 Aug 26 18:32:54.321305: | ac d1 44 b0 ee 24 64 c5 ce 45 56 a7 b0 49 49 06 Aug 26 18:32:54.321306: | de 54 24 2f 33 60 fb de bb 52 d4 cd fa cc 57 36 Aug 26 18:32:54.321320: | 9c b2 dd 78 01 2e 61 7e 44 c5 d1 25 fa 70 c1 69 Aug 26 18:32:54.321322: | ed 2a 0c 5f 80 65 57 99 50 f7 2d 46 03 3c e4 ea Aug 26 18:32:54.321323: | fd d8 a9 54 20 e6 bb cb c5 b7 cf 94 c7 3c 78 13 Aug 26 18:32:54.321325: | fb f0 5f bf 7f 63 38 dd 40 bd 74 f1 Aug 26 18:32:54.321382: | !event_already_set at reschedule Aug 26 18:32:54.321386: | event_schedule: new EVENT_RETRANSMIT-pe@0x55a94fbcc388 Aug 26 18:32:54.321389: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #1 Aug 26 18:32:54.321392: | libevent_malloc: new ptr-libevent@0x55a94fbcc5b8 size 128 Aug 26 18:32:54.321395: | #1 STATE_MAIN_I3: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 29660.063853 Aug 26 18:32:54.321397: "north-dpd/0x2" #1: STATE_MAIN_I3: sent MI3, expecting MR3 Aug 26 18:32:54.321404: | modecfg pull: noquirk policy:push not-client Aug 26 18:32:54.321406: | phase 1 is done, looking for phase 2 to unpend Aug 26 18:32:54.321408: | resume sending helper answer for #1 suppresed complete_v1_state_transition() Aug 26 18:32:54.321412: | #1 spent 6.31 milliseconds in resume sending helper answer Aug 26 18:32:54.321417: | stop processing: state #1 connection "north-dpd/0x2" from 192.1.2.23 (in resume_handler() at server.c:833) Aug 26 18:32:54.321420: | libevent_free: release ptr-libevent@0x7f5498000f48 Aug 26 18:32:54.331250: | spent 0.00228 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:32:54.331274: | *received 1884 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 18:32:54.331278: | b4 b9 92 b1 8c d6 51 ed 11 de db 08 7f 65 6e 7d Aug 26 18:32:54.331279: | 05 10 02 01 00 00 00 00 00 00 07 5c e9 8b c1 ae Aug 26 18:32:54.331281: | b6 51 e2 77 bc 41 d2 dc 15 3f dc 00 3e e9 07 ae Aug 26 18:32:54.331282: | fa 64 2d cd f1 13 a1 aa 6a cd 95 07 1f 78 ef 0b Aug 26 18:32:54.331284: | 54 6e 32 5e 41 28 fa 9f 04 02 17 f5 ed 97 90 da Aug 26 18:32:54.331285: | ee 4a ff d8 1a fb 94 c8 88 98 25 95 5e 8c 26 d8 Aug 26 18:32:54.331287: | 95 3b 44 3f e3 61 7b b8 fe 11 e7 f2 54 4a 2b ae Aug 26 18:32:54.331295: | f2 c2 c0 16 16 50 f2 af f8 7d f7 23 12 a8 ef 0e Aug 26 18:32:54.331298: | 75 eb d8 34 b4 13 8b 1f 4d cd 80 84 c4 ca 86 9b Aug 26 18:32:54.331300: | 80 54 f3 04 9a 50 2e b1 f6 36 c4 8a ea 34 f6 d3 Aug 26 18:32:54.331302: | ac cd 20 25 da 38 b7 3e 19 6c 06 ae 79 32 d7 77 Aug 26 18:32:54.331303: | 8b de 4d fe e1 1c 94 40 b4 94 c9 92 e5 bc 98 53 Aug 26 18:32:54.331305: | b4 aa 18 1f 40 76 a5 6e c7 ad bd d8 38 dd 13 ba Aug 26 18:32:54.331308: | 7b 8f 9c bd 0e 38 83 d9 d1 d0 fa 01 43 f2 fd 50 Aug 26 18:32:54.331310: | 65 ae 37 d2 cc e4 19 57 54 26 b5 c2 dd 41 56 2b Aug 26 18:32:54.331311: | d7 a1 21 15 41 40 54 8e 03 8e 16 f9 fe 45 91 47 Aug 26 18:32:54.331313: | 13 14 38 e7 f8 ff fa de 0c 62 e3 fa 63 9f f6 4c Aug 26 18:32:54.331314: | 82 a5 a3 2f 76 61 b5 17 dd dd 3f fb 8d b6 ca 00 Aug 26 18:32:54.331316: | 74 38 59 a5 82 a9 b5 48 d9 dc 24 08 c5 b3 d2 e3 Aug 26 18:32:54.331317: | d8 a2 dc 4c 15 52 e8 58 4b 29 27 b9 8a 72 53 26 Aug 26 18:32:54.331318: | 4e f6 0c 42 3d 72 6d 7c 43 7b dd 99 34 72 f1 24 Aug 26 18:32:54.331333: | 8d b4 1d 26 e8 3e 41 dc f2 50 1f 5c e0 93 5c 29 Aug 26 18:32:54.331334: | 6b e7 69 ca 6e ad 8f 68 15 02 1f dc 74 c0 28 fd Aug 26 18:32:54.331336: | 86 ae 94 2d 93 2a e7 f9 2f 12 51 46 06 fa b5 6f Aug 26 18:32:54.331337: | 22 f9 46 c3 85 1d 72 db a3 5b 37 e3 ad f0 cd d3 Aug 26 18:32:54.331339: | 79 e6 0f a0 d5 bd 9c d4 43 f6 2e fb 82 69 46 af Aug 26 18:32:54.331340: | f8 6c b7 80 87 07 33 14 86 34 32 e0 a2 ac 9c 94 Aug 26 18:32:54.331342: | 81 6a 4a 98 b6 05 eb ee a3 46 79 dc 64 47 1b 92 Aug 26 18:32:54.331343: | 2b 27 7c d5 49 e0 4f f7 9a ff dd 92 2a 08 e2 f8 Aug 26 18:32:54.331345: | e7 2f e7 94 c5 33 fe f7 d5 06 24 3f c5 07 0f 2c Aug 26 18:32:54.331346: | 2a 26 6f 50 cd eb 17 e2 96 b5 10 27 7c e0 ac ea Aug 26 18:32:54.331347: | d5 43 3a f8 2f f1 67 ed 6d 39 53 cc 33 8a ab bf Aug 26 18:32:54.331349: | 2f 06 fa 78 79 09 9d c6 60 47 73 3d 8d d3 5d e5 Aug 26 18:32:54.331350: | 86 12 51 3e 85 09 33 a0 80 41 5f 4f 5a d9 20 39 Aug 26 18:32:54.331352: | 99 7a 90 e1 06 34 72 04 e7 07 a9 d3 a9 79 45 b8 Aug 26 18:32:54.331353: | 92 47 50 e6 a3 77 31 75 bb e2 25 3c a3 be 5c 7d Aug 26 18:32:54.331355: | 1f 5e 3a 2f ea 32 a2 2b 7c e9 09 10 db 50 69 98 Aug 26 18:32:54.331356: | ec 66 e3 8b 5a 4e 3d 49 67 de c5 d1 f7 ba c0 ca Aug 26 18:32:54.331358: | 14 2f 85 f5 ae 1e 0a 15 37 25 a7 c3 e3 3a aa 3c Aug 26 18:32:54.331359: | cf 38 42 0d 37 57 59 8f 65 0a e8 e2 8b cd 27 d2 Aug 26 18:32:54.331360: | 44 d2 db 6d fb 06 d1 77 9d c5 c0 50 9e 60 f9 7b Aug 26 18:32:54.331362: | 9f 7c 18 56 ff a1 93 8a 52 3b 00 07 b1 ef ab 83 Aug 26 18:32:54.331363: | 20 00 b4 01 2e 8c b0 53 bc c0 ca cb ee 8d 6a 04 Aug 26 18:32:54.331365: | 3b 1a 59 38 16 57 80 97 db 8b 36 63 fc 79 c0 fb Aug 26 18:32:54.331366: | e6 84 c5 ac 8e a3 d6 d2 50 f9 5f bc 4b 53 f4 a2 Aug 26 18:32:54.331368: | 7a 1c cc e0 17 4a 0d 59 30 f2 ae 85 89 42 8f 84 Aug 26 18:32:54.331369: | 36 28 0d 58 29 dc 87 03 d5 ad b3 1d 8c ee 8e 25 Aug 26 18:32:54.331371: | 97 3a a8 33 1b 7b b2 ae a9 2f a1 f4 51 7b 61 8d Aug 26 18:32:54.331372: | 9c 62 02 69 ac ac 7d e7 83 81 7c 7a d4 65 f0 f8 Aug 26 18:32:54.331373: | 64 6b 17 85 2b ae 8c 72 19 67 b0 1a 06 01 c5 f5 Aug 26 18:32:54.331375: | 2b c3 f8 56 1a ae 28 09 50 2c b8 95 20 ef ff 98 Aug 26 18:32:54.331376: | 4f 90 a6 22 9b 8e f5 b7 d4 c5 25 e1 d3 44 23 a4 Aug 26 18:32:54.331378: | 1d 17 a7 9f 30 0e 77 04 23 0c 33 77 d0 dc f3 aa Aug 26 18:32:54.331379: | 6b 21 df 55 27 d9 29 0e 2b a5 9f 3d 51 7e 1e c8 Aug 26 18:32:54.331381: | 64 23 3a fb 9e 09 00 cc 2a 71 7c 87 60 3d 4d 63 Aug 26 18:32:54.331382: | 6d 42 d5 bc ea b8 ec 0e 60 73 b7 e4 e4 9c 24 7c Aug 26 18:32:54.331384: | e6 dc 56 88 3c 42 05 8d cb 69 62 4b 7c ce 2f 6e Aug 26 18:32:54.331385: | 22 33 1d 0f 69 20 4d 10 8f d9 9e 84 84 94 d5 34 Aug 26 18:32:54.331386: | 5b 32 fd b6 ed 1f bb 1c 9e ea d9 0d e7 aa 4c 51 Aug 26 18:32:54.331388: | 34 52 f9 f1 32 b5 d2 62 ae f7 1a cb 81 ec e9 34 Aug 26 18:32:54.331389: | 7b 5b 10 33 45 40 2f 29 bb 7d a7 07 2a 15 54 df Aug 26 18:32:54.331391: | 54 05 9c 05 dc d9 9f 71 78 c5 9b ed f8 14 dd de Aug 26 18:32:54.331392: | 48 5b d6 94 dc 61 9d a6 00 e0 fa 00 bd 4d 64 99 Aug 26 18:32:54.331394: | 08 6c b4 93 4d 60 9b 44 58 52 d4 59 11 06 6c 4e Aug 26 18:32:54.331396: | b0 97 d7 02 5c 24 cb 4a 78 2a 93 c4 c0 4a c0 af Aug 26 18:32:54.331398: | 1b a1 01 6e 87 81 a8 14 96 e8 9e 98 ba 45 23 eb Aug 26 18:32:54.331399: | 09 72 cb 20 ff ac 16 2c d0 ab eb db fd b9 04 e3 Aug 26 18:32:54.331401: | fc ac fa 28 4c de 16 cc df 1b 1b b3 c4 99 0c c2 Aug 26 18:32:54.331402: | 87 ee 44 a6 4c 7a f7 75 f8 52 49 9e 73 f4 69 7f Aug 26 18:32:54.331404: | 2c 37 4d b3 d0 0c fc 63 95 36 83 e7 3d 6d 03 89 Aug 26 18:32:54.331405: | d2 34 c2 25 65 51 18 66 03 90 7e c7 c2 4e f9 c7 Aug 26 18:32:54.331407: | b1 f2 cd 67 95 bb 3f 1b 7d 62 f6 4f 77 6f 50 11 Aug 26 18:32:54.331408: | 22 cf f0 50 81 a2 ae 7a 6d df ed 01 b1 2f 64 b7 Aug 26 18:32:54.331409: | 84 25 0e 72 11 25 0d 93 03 78 b9 df e2 71 f1 54 Aug 26 18:32:54.331411: | 73 2a ca 06 18 61 4f 19 f9 dc d2 ec e2 ab c5 36 Aug 26 18:32:54.331412: | 52 c9 67 a4 f8 1c dd 64 ed ba 6a 2d 71 02 59 ab Aug 26 18:32:54.331414: | 39 0b f7 a7 53 c4 01 f6 82 1c 46 fa 1a d7 b1 2e Aug 26 18:32:54.331415: | f1 25 f3 bb 8c 32 8a 76 51 0a 23 b3 e9 a3 78 53 Aug 26 18:32:54.331417: | 32 92 ec e5 8d 63 4b 78 7a 72 43 cd be ca c3 e0 Aug 26 18:32:54.331418: | da 97 29 d7 41 ff c1 11 8f 8a 14 ef 1a f3 9e 1a Aug 26 18:32:54.331420: | 02 42 96 cc 82 a2 12 2c 60 f0 fc 56 56 45 a9 fe Aug 26 18:32:54.331421: | 47 ff 96 4a ba 09 39 a3 38 06 0e e7 ba c7 d4 d8 Aug 26 18:32:54.331422: | 1f 05 89 b2 14 61 80 11 91 08 b2 f0 a2 c7 66 99 Aug 26 18:32:54.331424: | 37 18 26 9e e2 50 e4 46 63 2d f3 77 65 94 96 27 Aug 26 18:32:54.331425: | 8d dd f6 a4 5c b4 8b b4 41 08 50 b7 91 6c d3 b2 Aug 26 18:32:54.331427: | 13 46 d7 e6 80 01 5a b7 35 a7 69 1f 90 ff 02 82 Aug 26 18:32:54.331428: | 74 f6 b7 41 d0 fb a3 ad f3 74 89 21 64 bf 00 9c Aug 26 18:32:54.331430: | 6c 18 35 97 5e e9 1f 2a ac c7 73 a3 d6 d1 6a b6 Aug 26 18:32:54.331431: | a8 32 86 b9 a5 98 ff 0b 39 e6 fb 8a 49 12 dd c7 Aug 26 18:32:54.331433: | 1b 8b 56 56 90 15 da 76 38 72 90 22 50 cf d7 4f Aug 26 18:32:54.331434: | 3f ff 93 29 a3 1d 19 ef cf 0e 1a ac 0e 46 18 a4 Aug 26 18:32:54.331435: | 1f 5c 03 b7 6a 07 1d 8f a9 70 9c 0a f3 5a a0 e0 Aug 26 18:32:54.331437: | 19 c7 78 fe 2b cc 22 b6 5a 8c 93 b4 f1 32 3d a0 Aug 26 18:32:54.331438: | 0a dd ab 3f 53 7d 31 20 56 47 a6 2a dd d1 c8 ec Aug 26 18:32:54.331440: | 3f c3 f7 85 36 8f 2f b2 49 95 88 ea 5f c2 c0 f9 Aug 26 18:32:54.331441: | ff bd c9 22 bc 30 30 e4 01 ed 7a a4 66 62 9e 0c Aug 26 18:32:54.331443: | 7c b1 ae 90 4c c6 2f 2b 1f 32 66 c6 d6 52 8e fb Aug 26 18:32:54.331444: | 3e f9 0a fd 23 07 5d 44 9b 2f 92 a0 1a fb 65 f6 Aug 26 18:32:54.331446: | 90 fe db 09 5a 06 aa 33 2b 91 70 26 93 01 19 de Aug 26 18:32:54.331447: | 9d fd c7 4c 1e 92 94 ef cd c6 00 27 4c 7e bc 3e Aug 26 18:32:54.331448: | 88 ff b3 e0 4b 2c 89 7e b5 3b bf 57 09 d3 41 96 Aug 26 18:32:54.331450: | 5f 2a c7 d8 84 17 47 9e 7b 70 74 19 f5 ca ec 29 Aug 26 18:32:54.331451: | 16 5e c0 24 29 c4 a8 46 0a 8c 12 18 6d d0 9c be Aug 26 18:32:54.331453: | 08 f8 54 47 8a 95 79 26 f3 af 0e 13 8d 8f 8f d7 Aug 26 18:32:54.331454: | 79 ef 42 de d9 e0 9e fd 2f 01 e4 8b 3f 65 fa 81 Aug 26 18:32:54.331456: | 4d 46 59 70 e3 0a f6 59 79 26 6a 39 33 3e c9 87 Aug 26 18:32:54.331457: | 09 29 7b 58 9f 9c 5f 63 e7 77 ec 4b 68 7d e5 c4 Aug 26 18:32:54.331459: | 7e 3b 47 b8 1c 9a 68 22 ce 15 bf 3d 42 65 71 36 Aug 26 18:32:54.331460: | 61 21 2a b5 70 d7 7b 8f 07 37 5e 2b 10 e8 3a fc Aug 26 18:32:54.331461: | 06 d8 58 99 00 b3 31 be 56 8b ff da c9 05 99 09 Aug 26 18:32:54.331463: | 9a 50 8a 3f e8 eb 37 7e fc 14 8f 17 2c fe fb 14 Aug 26 18:32:54.331464: | 0d e6 69 0e 00 92 fb ea c4 3a 6b 5f 52 98 52 60 Aug 26 18:32:54.331466: | 56 ee 49 db e9 5e 6b b8 84 c3 1b cb 7f 48 d2 63 Aug 26 18:32:54.331467: | 2a 3f 6e 6d a9 0e df 40 e1 02 4e 2a 6d a1 71 26 Aug 26 18:32:54.331469: | ab 5e eb 5b fa f4 b7 6c 8d eb 1c ab 2f 8b 20 11 Aug 26 18:32:54.331470: | c7 29 85 fa 79 d4 b5 e1 c8 00 b1 94 2d a6 18 25 Aug 26 18:32:54.331472: | d0 69 3d c4 e2 f1 cd da 7d f9 6c c5 96 e2 c4 87 Aug 26 18:32:54.331474: | 60 54 74 49 36 14 60 6e 87 af cf b5 Aug 26 18:32:54.331478: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 18:32:54.331480: | **parse ISAKMP Message: Aug 26 18:32:54.331482: | initiator cookie: Aug 26 18:32:54.331484: | b4 b9 92 b1 8c d6 51 ed Aug 26 18:32:54.331485: | responder cookie: Aug 26 18:32:54.331487: | 11 de db 08 7f 65 6e 7d Aug 26 18:32:54.331489: | next payload type: ISAKMP_NEXT_ID (0x5) Aug 26 18:32:54.331490: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 18:32:54.331492: | exchange type: ISAKMP_XCHG_IDPROT (0x2) Aug 26 18:32:54.331494: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 18:32:54.331495: | Message ID: 0 (0x0) Aug 26 18:32:54.331497: | length: 1884 (0x75c) Aug 26 18:32:54.331499: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) Aug 26 18:32:54.331502: | State DB: found IKEv1 state #1 in MAIN_I3 (find_state_ikev1) Aug 26 18:32:54.331505: | start processing: state #1 connection "north-dpd/0x2" from 192.1.2.23 (in process_v1_packet() at ikev1.c:1459) Aug 26 18:32:54.331507: | #1 is idle Aug 26 18:32:54.331509: | #1 idle Aug 26 18:32:54.331511: | received encrypted packet from 192.1.2.23:500 Aug 26 18:32:54.331526: | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x220 opt: 0x20c0 Aug 26 18:32:54.331529: | ***parse ISAKMP Identification Payload: Aug 26 18:32:54.331531: | next payload type: ISAKMP_NEXT_CERT (0x6) Aug 26 18:32:54.331532: | length: 191 (0xbf) Aug 26 18:32:54.331534: | ID type: ID_DER_ASN1_DN (0x9) Aug 26 18:32:54.331535: | DOI specific A: 0 (0x0) Aug 26 18:32:54.331537: | DOI specific B: 0 (0x0) Aug 26 18:32:54.331539: | obj: 30 81 b4 31 0b 30 09 06 03 55 04 06 13 02 43 41 Aug 26 18:32:54.331540: | obj: 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 Aug 26 18:32:54.331542: | obj: 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 Aug 26 18:32:54.331543: | obj: 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c Aug 26 18:32:54.331545: | obj: 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 Aug 26 18:32:54.331546: | obj: 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 Aug 26 18:32:54.331548: | obj: 6e 74 31 23 30 21 06 03 55 04 03 0c 1a 65 61 73 Aug 26 18:32:54.331549: | obj: 74 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 Aug 26 18:32:54.331551: | obj: 77 61 6e 2e 6f 72 67 31 2e 30 2c 06 09 2a 86 48 Aug 26 18:32:54.331552: | obj: 86 f7 0d 01 09 01 16 1f 75 73 65 72 2d 65 61 73 Aug 26 18:32:54.331554: | obj: 74 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 Aug 26 18:32:54.331555: | obj: 77 61 6e 2e 6f 72 67 Aug 26 18:32:54.331557: | got payload 0x40 (ISAKMP_NEXT_CERT) needed: 0x200 opt: 0x20c0 Aug 26 18:32:54.331559: | ***parse ISAKMP Certificate Payload: Aug 26 18:32:54.331560: | next payload type: ISAKMP_NEXT_SIG (0x9) Aug 26 18:32:54.331562: | length: 1265 (0x4f1) Aug 26 18:32:54.331564: | cert encoding: CERT_X509_SIGNATURE (0x4) Aug 26 18:32:54.331565: | got payload 0x200 (ISAKMP_NEXT_SIG) needed: 0x200 opt: 0x20c0 Aug 26 18:32:54.331567: | ***parse ISAKMP Signature Payload: Aug 26 18:32:54.331568: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:32:54.331570: | length: 388 (0x184) Aug 26 18:32:54.331571: | removing 12 bytes of padding Aug 26 18:32:54.331573: | message 'main_inR3' HASH payload not checked early Aug 26 18:32:54.331576: | DER ASN1 DN: 30 81 b4 31 0b 30 09 06 03 55 04 06 13 02 43 41 Aug 26 18:32:54.331578: | DER ASN1 DN: 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 Aug 26 18:32:54.331580: | DER ASN1 DN: 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 Aug 26 18:32:54.331581: | DER ASN1 DN: 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c Aug 26 18:32:54.331583: | DER ASN1 DN: 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 Aug 26 18:32:54.331584: | DER ASN1 DN: 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 Aug 26 18:32:54.331587: | DER ASN1 DN: 6e 74 31 23 30 21 06 03 55 04 03 0c 1a 65 61 73 Aug 26 18:32:54.331588: | DER ASN1 DN: 74 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 Aug 26 18:32:54.331590: | DER ASN1 DN: 77 61 6e 2e 6f 72 67 31 2e 30 2c 06 09 2a 86 48 Aug 26 18:32:54.331591: | DER ASN1 DN: 86 f7 0d 01 09 01 16 1f 75 73 65 72 2d 65 61 73 Aug 26 18:32:54.331593: | DER ASN1 DN: 74 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 Aug 26 18:32:54.331594: | DER ASN1 DN: 77 61 6e 2e 6f 72 67 Aug 26 18:32:54.331600: "north-dpd/0x2" #1: Peer ID is ID_DER_ASN1_DN: 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' Aug 26 18:32:54.331624: | global one-shot timer EVENT_FREE_ROOT_CERTS scheduled in 300 seconds Aug 26 18:32:54.331627: loading root certificate cache Aug 26 18:32:54.334936: | spent 3.29 milliseconds in get_root_certs() calling PK11_ListCertsInSlot() Aug 26 18:32:54.334965: | spent 0.0166 milliseconds in get_root_certs() filtering CAs Aug 26 18:32:54.334971: | #1 spent 3.34 milliseconds in find_and_verify_certs() calling get_root_certs() Aug 26 18:32:54.334973: | checking for known CERT payloads Aug 26 18:32:54.334976: | saving certificate of type 'X509_SIGNATURE' Aug 26 18:32:54.335003: | decoded cert: E=user-east@testing.libreswan.org,CN=east.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA Aug 26 18:32:54.335008: | #1 spent 0.0338 milliseconds in find_and_verify_certs() calling decode_cert_payloads() Aug 26 18:32:54.335011: | cert_issuer_has_current_crl: looking for a CRL issued by E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA Aug 26 18:32:54.335045: | #1 spent 0.033 milliseconds in find_and_verify_certs() calling crl_update_check() Aug 26 18:32:54.335049: | missing or expired CRL Aug 26 18:32:54.335052: | crl_strict: 0, ocsp: 0, ocsp_strict: 0, ocsp_post: 0 Aug 26 18:32:54.335053: | verify_end_cert trying profile IPsec Aug 26 18:32:54.335139: | certificate is valid (profile IPsec) Aug 26 18:32:54.335145: | #1 spent 0.0923 milliseconds in find_and_verify_certs() calling verify_end_cert() Aug 26 18:32:54.335148: "north-dpd/0x2" #1: certificate verified OK: E=user-east@testing.libreswan.org,CN=east.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA Aug 26 18:32:54.335208: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55a94fbed6b8 Aug 26 18:32:54.335212: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55a94fbdae38 Aug 26 18:32:54.335214: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55a94fbdac88 Aug 26 18:32:54.335216: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55a94fbdaad8 Aug 26 18:32:54.335217: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55a94fbe81a8 Aug 26 18:32:54.335393: | unreference key: 0x55a94fbed468 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org cnt 1-- Aug 26 18:32:54.335402: | #1 spent 0.231 milliseconds in decode_certs() calling add_pubkey_from_nss_cert() Aug 26 18:32:54.335405: | #1 spent 3.76 milliseconds in decode_certs() Aug 26 18:32:54.335413: | ID_DER_ASN1_DN 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' needs further ID comparison against 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' Aug 26 18:32:54.335415: | ID_DER_ASN1_DN 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' matched our ID Aug 26 18:32:54.335417: | SAN ID matched, updating that.cert Aug 26 18:32:54.335419: | X509: CERT and ID matches current connection Aug 26 18:32:54.335445: | required RSA CA is 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:32:54.335454: | checking RSA keyid 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' for match with 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' Aug 26 18:32:54.335458: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:32:54.335461: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:32:54.335465: | key issuer CA is 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:32:54.335564: | an RSA Sig check passed with *AwEAAbEef [remote certificates] Aug 26 18:32:54.335569: | #1 spent 0.101 milliseconds in try_all_RSA_keys() trying a pubkey Aug 26 18:32:54.335586: "north-dpd/0x2" #1: Authenticated using RSA Aug 26 18:32:54.335592: | FOR_EACH_CONNECTION_... in ISAKMP_SA_established Aug 26 18:32:54.335779: | complete v1 state transition with STF_OK Aug 26 18:32:54.335787: | [RE]START processing: state #1 connection "north-dpd/0x2" from 192.1.2.23 (in complete_v1_state_transition() at ikev1.c:2673) Aug 26 18:32:54.335789: | #1 is idle Aug 26 18:32:54.335791: | doing_xauth:no, t_xauth_client_done:no Aug 26 18:32:54.335793: | IKEv1: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4 Aug 26 18:32:54.335796: | parent state #1: MAIN_I3(open IKE SA) => MAIN_I4(established IKE SA) Aug 26 18:32:54.335798: | event_already_set, deleting event Aug 26 18:32:54.335800: | state #1 requesting EVENT_RETRANSMIT to be deleted Aug 26 18:32:54.335802: | #1 STATE_MAIN_I4: retransmits: cleared Aug 26 18:32:54.335806: | libevent_free: release ptr-libevent@0x55a94fbcc5b8 Aug 26 18:32:54.335808: | free_event_entry: release EVENT_RETRANSMIT-pe@0x55a94fbcc388 Aug 26 18:32:54.335811: | !event_already_set at reschedule Aug 26 18:32:54.335814: | event_schedule: new EVENT_SA_REPLACE-pe@0x55a94fbcc388 Aug 26 18:32:54.335816: | inserting event EVENT_SA_REPLACE, timeout in 2607 seconds for #1 Aug 26 18:32:54.335819: | libevent_malloc: new ptr-libevent@0x55a94fbef848 size 128 Aug 26 18:32:54.335822: | pstats #1 ikev1.isakmp established Aug 26 18:32:54.335825: "north-dpd/0x2" #1: STATE_MAIN_I4: ISAKMP SA established {auth=RSA_SIG cipher=AES_CBC_256 integ=HMAC_SHA2_256 group=MODP2048} Aug 26 18:32:54.335831: | DPD: dpd_init() called on ISAKMP SA Aug 26 18:32:54.335833: | DPD: Peer supports Dead Peer Detection Aug 26 18:32:54.335835: | modecfg pull: noquirk policy:push not-client Aug 26 18:32:54.335836: | phase 1 is done, looking for phase 2 to unpend Aug 26 18:32:54.335838: | unpending state #1 Aug 26 18:32:54.335843: | creating state object #2 at 0x55a94fbe8418 Aug 26 18:32:54.335845: | State DB: adding IKEv1 state #2 in UNDEFINED Aug 26 18:32:54.335848: | pstats #2 ikev1.ipsec started Aug 26 18:32:54.335850: | duplicating state object #1 "north-dpd/0x2" as #2 for IPSEC SA Aug 26 18:32:54.335853: | #2 setting local endpoint to 192.1.3.33:500 from #1.st_localport (in duplicate_state() at state.c:1484) Aug 26 18:32:54.335856: | in connection_discard for connection north-dpd/0x2 Aug 26 18:32:54.335860: | suspend processing: state #1 connection "north-dpd/0x2" from 192.1.2.23 (in quick_outI1() at ikev1_quick.c:685) Aug 26 18:32:54.335862: | start processing: state #2 connection "north-dpd/0x1" from 192.1.2.23 (in quick_outI1() at ikev1_quick.c:685) Aug 26 18:32:54.335867: | child state #2: UNDEFINED(ignore) => QUICK_I1(established CHILD SA) Aug 26 18:32:54.335871: "north-dpd/0x1" #2: initiating Quick Mode RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO {using isakmp#1 msgid:f19ec542 proposal=defaults pfsgroup=MODP2048} Aug 26 18:32:54.335876: | adding quick_outI1 KE work-order 3 for state #2 Aug 26 18:32:54.335878: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55a94fbcf2d8 Aug 26 18:32:54.335884: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #2 Aug 26 18:32:54.335887: | libevent_malloc: new ptr-libevent@0x55a94fbc3148 size 128 Aug 26 18:32:54.335889: | libevent_realloc: release ptr-libevent@0x55a94fb5b238 Aug 26 18:32:54.335891: | libevent_realloc: new ptr-libevent@0x55a94fbc24b8 size 128 Aug 26 18:32:54.335898: | stop processing: state #2 connection "north-dpd/0x1" from 192.1.2.23 (in quick_outI1() at ikev1_quick.c:764) Aug 26 18:32:54.335901: | resume processing: state #1 connection "north-dpd/0x2" from 192.1.2.23 (in quick_outI1() at ikev1_quick.c:764) Aug 26 18:32:54.335903: | unqueuing pending Quick Mode with 192.1.2.23 "north-dpd/0x1" Aug 26 18:32:54.335905: | removing pending policy for no connection {0x55a94fab88c8} Aug 26 18:32:54.335907: | crypto helper 2 resuming Aug 26 18:32:54.335908: | creating state object #3 at 0x55a94fbe6b08 Aug 26 18:32:54.335921: | crypto helper 2 starting work-order 3 for state #2 Aug 26 18:32:54.335922: | State DB: adding IKEv1 state #3 in UNDEFINED Aug 26 18:32:54.335927: | crypto helper 2 doing build KE and nonce (quick_outI1 KE); request ID 3 Aug 26 18:32:54.335934: | pstats #3 ikev1.ipsec started Aug 26 18:32:54.335937: | duplicating state object #1 "north-dpd/0x2" as #3 for IPSEC SA Aug 26 18:32:54.335939: | #3 setting local endpoint to 192.1.3.33:500 from #1.st_localport (in duplicate_state() at state.c:1484) Aug 26 18:32:54.335943: | suspend processing: state #1 connection "north-dpd/0x2" from 192.1.2.23 (in quick_outI1() at ikev1_quick.c:685) Aug 26 18:32:54.335945: | start processing: state #3 connection "north-dpd/0x2" from 192.1.2.23 (in quick_outI1() at ikev1_quick.c:685) Aug 26 18:32:54.335950: | child state #3: UNDEFINED(ignore) => QUICK_I1(established CHILD SA) Aug 26 18:32:54.335953: "north-dpd/0x2" #3: initiating Quick Mode RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO {using isakmp#1 msgid:36432fd8 proposal=defaults pfsgroup=MODP2048} Aug 26 18:32:54.335958: | adding quick_outI1 KE work-order 4 for state #3 Aug 26 18:32:54.335961: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55a94fb5b238 Aug 26 18:32:54.335963: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #3 Aug 26 18:32:54.335966: | libevent_malloc: new ptr-libevent@0x55a94fbc3098 size 128 Aug 26 18:32:54.335972: | stop processing: state #3 connection "north-dpd/0x2" from 192.1.2.23 (in quick_outI1() at ikev1_quick.c:764) Aug 26 18:32:54.335974: | resume processing: state #1 connection "north-dpd/0x2" from 192.1.2.23 (in quick_outI1() at ikev1_quick.c:764) Aug 26 18:32:54.335977: | unqueuing pending Quick Mode with 192.1.2.23 "north-dpd/0x2" Aug 26 18:32:54.335978: | removing pending policy for no connection {0x55a94faaf898} Aug 26 18:32:54.335979: | crypto helper 3 resuming Aug 26 18:32:54.335981: | close_any(fd@24) (in release_whack() at state.c:654) Aug 26 18:32:54.335991: | crypto helper 3 starting work-order 4 for state #3 Aug 26 18:32:54.335998: | #1 spent 4.38 milliseconds in process_packet_tail() Aug 26 18:32:54.336001: | crypto helper 3 doing build KE and nonce (quick_outI1 KE); request ID 4 Aug 26 18:32:54.336002: | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) Aug 26 18:32:54.336011: | stop processing: state #1 connection "north-dpd/0x2" from 192.1.2.23 (in process_md() at demux.c:382) Aug 26 18:32:54.336014: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 18:32:54.336017: | spent 4.71 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:32:54.337208: | crypto helper 3 finished build KE and nonce (quick_outI1 KE); request ID 4 time elapsed 0.001205 seconds Aug 26 18:32:54.337209: | crypto helper 2 finished build KE and nonce (quick_outI1 KE); request ID 3 time elapsed 0.001281 seconds Aug 26 18:32:54.337226: | (#3) spent 0.621 milliseconds in crypto helper computing work-order 4: quick_outI1 KE (pcr) Aug 26 18:32:54.337229: | crypto helper 3 sending results from work-order 4 for state #3 to event queue Aug 26 18:32:54.337230: | (#2) spent 0.761 milliseconds in crypto helper computing work-order 3: quick_outI1 KE (pcr) Aug 26 18:32:54.337231: | scheduling resume sending helper answer for #3 Aug 26 18:32:54.337238: | crypto helper 2 sending results from work-order 3 for state #2 to event queue Aug 26 18:32:54.337243: | libevent_malloc: new ptr-libevent@0x7f54900055c8 size 128 Aug 26 18:32:54.337248: | scheduling resume sending helper answer for #2 Aug 26 18:32:54.337253: | libevent_malloc: new ptr-libevent@0x7f549c003f28 size 128 Aug 26 18:32:54.337258: | crypto helper 3 waiting (nothing to do) Aug 26 18:32:54.337268: | crypto helper 2 waiting (nothing to do) Aug 26 18:32:54.337270: | processing resume sending helper answer for #3 Aug 26 18:32:54.337278: | start processing: state #3 connection "north-dpd/0x2" from 192.1.2.23 (in resume_handler() at server.c:797) Aug 26 18:32:54.337281: | crypto helper 3 replies to request ID 4 Aug 26 18:32:54.337283: | calling continuation function 0x55a94f4e2b50 Aug 26 18:32:54.337285: | quick_outI1_continue for #3: calculated ke+nonce, sending I1 Aug 26 18:32:54.337296: | **emit ISAKMP Message: Aug 26 18:32:54.337302: | initiator cookie: Aug 26 18:32:54.337304: | b4 b9 92 b1 8c d6 51 ed Aug 26 18:32:54.337306: | responder cookie: Aug 26 18:32:54.337309: | 11 de db 08 7f 65 6e 7d Aug 26 18:32:54.337312: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:32:54.337314: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 18:32:54.337318: | exchange type: ISAKMP_XCHG_QUICK (0x20) Aug 26 18:32:54.337320: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 18:32:54.337322: | Message ID: 910372824 (0x36432fd8) Aug 26 18:32:54.337324: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:32:54.337326: | ***emit ISAKMP Hash Payload: Aug 26 18:32:54.337328: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:32:54.337330: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Aug 26 18:32:54.337332: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'reply packet' Aug 26 18:32:54.337334: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Aug 26 18:32:54.337336: | emitting length of ISAKMP Hash Payload: 36 Aug 26 18:32:54.337337: | emitting quick defaults using policy none Aug 26 18:32:54.337339: | empty esp_info, returning defaults for ENCRYPT Aug 26 18:32:54.337343: | ***emit ISAKMP Security Association Payload: Aug 26 18:32:54.337345: | next payload type: ISAKMP_NEXT_NONCE (0xa) Aug 26 18:32:54.337347: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 18:32:54.337349: | next payload chain: ignoring supplied 'ISAKMP Security Association Payload'.'next payload type' value 10:ISAKMP_NEXT_NONCE Aug 26 18:32:54.337351: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Security Association Payload (1:ISAKMP_NEXT_SA) Aug 26 18:32:54.337353: | next payload chain: saving location 'ISAKMP Security Association Payload'.'next payload type' in 'reply packet' Aug 26 18:32:54.337354: | ****emit IPsec DOI SIT: Aug 26 18:32:54.337356: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) Aug 26 18:32:54.337358: | ikev1_out_sa pcn: 0 has 1 valid proposals Aug 26 18:32:54.337360: | ikev1_out_sa pcn: 0 pn: 0<1 valid_count: 1 trans_cnt: 2 Aug 26 18:32:54.337362: | ****emit ISAKMP Proposal Payload: Aug 26 18:32:54.337364: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:32:54.337366: | proposal number: 0 (0x0) Aug 26 18:32:54.337368: | protocol ID: PROTO_IPSEC_ESP (0x3) Aug 26 18:32:54.337369: | SPI size: 4 (0x4) Aug 26 18:32:54.337371: | number of transforms: 2 (0x2) Aug 26 18:32:54.337373: | last substructure: saving location 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' Aug 26 18:32:54.337388: | netlink_get_spi: allocated 0x9bf37cd9 for esp.0@192.1.3.33 Aug 26 18:32:54.337390: | emitting 4 raw bytes of SPI into ISAKMP Proposal Payload Aug 26 18:32:54.337392: | SPI 9b f3 7c d9 Aug 26 18:32:54.337396: | *****emit ISAKMP Transform Payload (ESP): Aug 26 18:32:54.337398: | next payload type: ISAKMP_NEXT_T (0x3) Aug 26 18:32:54.337399: | ESP transform number: 0 (0x0) Aug 26 18:32:54.337401: | ESP transform ID: ESP_AES (0xc) Aug 26 18:32:54.337403: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' Aug 26 18:32:54.337405: | ******emit ISAKMP IPsec DOI attribute: Aug 26 18:32:54.337407: | af+type: AF+GROUP_DESCRIPTION (0x8003) Aug 26 18:32:54.337409: | length/value: 14 (0xe) Aug 26 18:32:54.337411: | [14 is OAKLEY_GROUP_MODP2048] Aug 26 18:32:54.337412: | ******emit ISAKMP IPsec DOI attribute: Aug 26 18:32:54.337414: | af+type: AF+ENCAPSULATION_MODE (0x8004) Aug 26 18:32:54.337415: | length/value: 1 (0x1) Aug 26 18:32:54.337417: | [1 is ENCAPSULATION_MODE_TUNNEL] Aug 26 18:32:54.337419: | ******emit ISAKMP IPsec DOI attribute: Aug 26 18:32:54.337420: | af+type: AF+SA_LIFE_TYPE (0x8001) Aug 26 18:32:54.337422: | length/value: 1 (0x1) Aug 26 18:32:54.337423: | [1 is SA_LIFE_TYPE_SECONDS] Aug 26 18:32:54.337425: | ******emit ISAKMP IPsec DOI attribute: Aug 26 18:32:54.337427: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) Aug 26 18:32:54.337428: | length/value: 28800 (0x7080) Aug 26 18:32:54.337430: | ******emit ISAKMP IPsec DOI attribute: Aug 26 18:32:54.337432: | af+type: AF+AUTH_ALGORITHM (0x8005) Aug 26 18:32:54.337433: | length/value: 2 (0x2) Aug 26 18:32:54.337435: | [2 is AUTH_ALGORITHM_HMAC_SHA1] Aug 26 18:32:54.337436: | ******emit ISAKMP IPsec DOI attribute: Aug 26 18:32:54.337438: | af+type: AF+KEY_LENGTH (0x8006) Aug 26 18:32:54.337440: | length/value: 128 (0x80) Aug 26 18:32:54.337441: | emitting length of ISAKMP Transform Payload (ESP): 32 Aug 26 18:32:54.337443: | *****emit ISAKMP Transform Payload (ESP): Aug 26 18:32:54.337445: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:32:54.337446: | ESP transform number: 1 (0x1) Aug 26 18:32:54.337448: | ESP transform ID: ESP_3DES (0x3) Aug 26 18:32:54.337450: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Aug 26 18:32:54.337452: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' Aug 26 18:32:54.337453: | ******emit ISAKMP IPsec DOI attribute: Aug 26 18:32:54.337455: | af+type: AF+GROUP_DESCRIPTION (0x8003) Aug 26 18:32:54.337456: | length/value: 14 (0xe) Aug 26 18:32:54.337458: | [14 is OAKLEY_GROUP_MODP2048] Aug 26 18:32:54.337459: | ******emit ISAKMP IPsec DOI attribute: Aug 26 18:32:54.337461: | af+type: AF+ENCAPSULATION_MODE (0x8004) Aug 26 18:32:54.337463: | length/value: 1 (0x1) Aug 26 18:32:54.337464: | [1 is ENCAPSULATION_MODE_TUNNEL] Aug 26 18:32:54.337466: | ******emit ISAKMP IPsec DOI attribute: Aug 26 18:32:54.337467: | af+type: AF+SA_LIFE_TYPE (0x8001) Aug 26 18:32:54.337469: | length/value: 1 (0x1) Aug 26 18:32:54.337470: | [1 is SA_LIFE_TYPE_SECONDS] Aug 26 18:32:54.337472: | ******emit ISAKMP IPsec DOI attribute: Aug 26 18:32:54.337473: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) Aug 26 18:32:54.337475: | length/value: 28800 (0x7080) Aug 26 18:32:54.337477: | ******emit ISAKMP IPsec DOI attribute: Aug 26 18:32:54.337478: | af+type: AF+AUTH_ALGORITHM (0x8005) Aug 26 18:32:54.337480: | length/value: 2 (0x2) Aug 26 18:32:54.337481: | [2 is AUTH_ALGORITHM_HMAC_SHA1] Aug 26 18:32:54.337483: | emitting length of ISAKMP Transform Payload (ESP): 28 Aug 26 18:32:54.337484: | emitting length of ISAKMP Proposal Payload: 72 Aug 26 18:32:54.337486: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' is 0 Aug 26 18:32:54.337488: | emitting length of ISAKMP Security Association Payload: 84 Aug 26 18:32:54.337490: | last substructure: checking 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' is 0 Aug 26 18:32:54.337495: | ***emit ISAKMP Nonce Payload: Aug 26 18:32:54.337497: | next payload type: ISAKMP_NEXT_KE (0x4) Aug 26 18:32:54.337499: | next payload chain: ignoring supplied 'ISAKMP Nonce Payload'.'next payload type' value 4:ISAKMP_NEXT_KE Aug 26 18:32:54.337501: | next payload chain: setting previous 'ISAKMP Security Association Payload'.'next payload type' to current ISAKMP Nonce Payload (10:ISAKMP_NEXT_NONCE) Aug 26 18:32:54.337503: | next payload chain: saving location 'ISAKMP Nonce Payload'.'next payload type' in 'reply packet' Aug 26 18:32:54.337505: | emitting 32 raw bytes of Ni into ISAKMP Nonce Payload Aug 26 18:32:54.337507: | Ni 3a fc b9 00 ed 92 98 98 1c 4c 45 13 69 58 d9 75 Aug 26 18:32:54.337508: | Ni f4 67 82 dd 6d 16 91 7f c2 19 51 33 8a fd 7e 4c Aug 26 18:32:54.337510: | emitting length of ISAKMP Nonce Payload: 36 Aug 26 18:32:54.337512: | ***emit ISAKMP Key Exchange Payload: Aug 26 18:32:54.337513: | next payload type: ISAKMP_NEXT_ID (0x5) Aug 26 18:32:54.337515: | next payload chain: ignoring supplied 'ISAKMP Key Exchange Payload'.'next payload type' value 5:ISAKMP_NEXT_ID Aug 26 18:32:54.337517: | next payload chain: setting previous 'ISAKMP Nonce Payload'.'next payload type' to current ISAKMP Key Exchange Payload (4:ISAKMP_NEXT_KE) Aug 26 18:32:54.337519: | next payload chain: saving location 'ISAKMP Key Exchange Payload'.'next payload type' in 'reply packet' Aug 26 18:32:54.337521: | emitting 256 raw bytes of keyex value into ISAKMP Key Exchange Payload Aug 26 18:32:54.337523: | keyex value 5c 5e a4 d7 1d ed d3 49 9f ac 88 bc b7 a4 14 5b Aug 26 18:32:54.337525: | keyex value 37 a2 f9 1a 08 21 9d 0e 6c 7d f7 11 5c e4 38 fa Aug 26 18:32:54.337526: | keyex value ec 88 dc e7 6f 3e e2 16 db 96 b9 0d a2 f0 56 d1 Aug 26 18:32:54.337528: | keyex value 76 ab 57 0b 1b 9a 64 85 62 dc 89 7b bc cf 64 5e Aug 26 18:32:54.337529: | keyex value 4a 8d 5d 2c 7f 33 b0 f8 3f ad bd eb a8 fd 6a b0 Aug 26 18:32:54.337531: | keyex value 57 09 92 f9 0c 2f 46 8c 4a 22 b6 d4 14 f8 0b cd Aug 26 18:32:54.337532: | keyex value 36 66 1f 71 89 77 b2 96 f2 fb 68 7e da fe df e7 Aug 26 18:32:54.337534: | keyex value 62 b4 a6 4d 94 08 c4 2f 5e b2 92 69 11 2c c6 df Aug 26 18:32:54.337536: | keyex value df 5a 68 a5 a2 0c 67 7d 46 05 ed dd f0 b1 ed bb Aug 26 18:32:54.337537: | keyex value f5 51 eb e4 98 68 6b ec 59 12 db e6 f0 4b 88 9c Aug 26 18:32:54.337539: | keyex value 04 5f 20 a7 1e f2 f6 23 05 55 7e 52 c0 8f 35 9a Aug 26 18:32:54.337540: | keyex value 02 a0 98 be eb 1e 6c 92 5e 91 f3 89 a0 ca 01 b6 Aug 26 18:32:54.337542: | keyex value 55 83 76 5f 5d 08 0a cb 12 e0 2f 64 24 93 40 60 Aug 26 18:32:54.337543: | keyex value b3 ba 4f 57 de 13 e4 5c 3a d5 06 b6 f1 a6 54 d8 Aug 26 18:32:54.337545: | keyex value 39 fa 98 47 4e f5 ab 76 2f 18 89 c7 11 1c 41 f2 Aug 26 18:32:54.337546: | keyex value 48 49 36 81 91 ad f5 69 59 3b de d5 5f 5f ce e3 Aug 26 18:32:54.337548: | emitting length of ISAKMP Key Exchange Payload: 260 Aug 26 18:32:54.337550: | ***emit ISAKMP Identification Payload (IPsec DOI): Aug 26 18:32:54.337552: | next payload type: ISAKMP_NEXT_ID (0x5) Aug 26 18:32:54.337554: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Aug 26 18:32:54.337555: | Protocol ID: 0 (0x0) Aug 26 18:32:54.337557: | port: 0 (0x0) Aug 26 18:32:54.337559: | next payload chain: ignoring supplied 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' value 5:ISAKMP_NEXT_ID Aug 26 18:32:54.337561: | next payload chain: setting previous 'ISAKMP Key Exchange Payload'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) Aug 26 18:32:54.337563: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' Aug 26 18:32:54.337565: | emitting 4 raw bytes of client network into ISAKMP Identification Payload (IPsec DOI) Aug 26 18:32:54.337566: | client network c0 00 03 00 Aug 26 18:32:54.337569: | emitting 4 raw bytes of client mask into ISAKMP Identification Payload (IPsec DOI) Aug 26 18:32:54.337571: | client mask ff ff ff 00 Aug 26 18:32:54.337573: | emitting length of ISAKMP Identification Payload (IPsec DOI): 16 Aug 26 18:32:54.337575: | ***emit ISAKMP Identification Payload (IPsec DOI): Aug 26 18:32:54.337576: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:32:54.337578: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Aug 26 18:32:54.337579: | Protocol ID: 0 (0x0) Aug 26 18:32:54.337581: | port: 0 (0x0) Aug 26 18:32:54.337583: | next payload chain: setting previous 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) Aug 26 18:32:54.337585: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' Aug 26 18:32:54.337587: | emitting 4 raw bytes of client network into ISAKMP Identification Payload (IPsec DOI) Aug 26 18:32:54.337588: | client network c0 00 16 00 Aug 26 18:32:54.337590: | emitting 4 raw bytes of client mask into ISAKMP Identification Payload (IPsec DOI) Aug 26 18:32:54.337592: | client mask ff ff ff 00 Aug 26 18:32:54.337593: | emitting length of ISAKMP Identification Payload (IPsec DOI): 16 Aug 26 18:32:54.337614: | outI1 HASH(1): Aug 26 18:32:54.337616: | 19 0d 1f 70 92 de 18 0e bc 4f 53 1d 2f 68 1e 57 Aug 26 18:32:54.337618: | 3c 13 84 96 20 63 8d 80 c4 c2 50 ea 65 03 a3 18 Aug 26 18:32:54.337623: | no IKEv1 message padding required Aug 26 18:32:54.337625: | emitting length of ISAKMP Message: 476 Aug 26 18:32:54.337637: | sending 476 bytes for reply packet from quick_outI1 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #3) Aug 26 18:32:54.337639: | b4 b9 92 b1 8c d6 51 ed 11 de db 08 7f 65 6e 7d Aug 26 18:32:54.337641: | 08 10 20 01 36 43 2f d8 00 00 01 dc e9 cb c5 15 Aug 26 18:32:54.337642: | 5c a1 82 06 ad 2c 45 ea 09 e6 fa 68 bc 86 0b 62 Aug 26 18:32:54.337644: | 15 d2 2d 3b 91 c8 8e fe 0d 2e f2 54 db e8 3f d9 Aug 26 18:32:54.337645: | ec 86 e2 a9 36 51 c0 43 3c cb 98 48 9c 4b 20 e0 Aug 26 18:32:54.337647: | 2e d6 8e 60 a6 7f af 52 74 47 67 9c 60 68 3c 6f Aug 26 18:32:54.337648: | b9 fd b2 e3 90 44 4e 73 7f 25 4e 1e 7d 9b d3 eb Aug 26 18:32:54.337650: | 9c e0 32 7f d5 ae 88 0e 9d db ec 48 d3 a8 0a 28 Aug 26 18:32:54.337651: | 8f 96 5f 24 fa 54 b8 d0 59 19 7e cc 7b db 9e b7 Aug 26 18:32:54.337653: | 0c 23 a3 35 15 e3 8e 7a d2 05 99 97 5a d9 86 e9 Aug 26 18:32:54.337654: | 6a 73 2c 85 f7 8b 0f 5b 35 02 60 09 da b9 03 ff Aug 26 18:32:54.337656: | 71 7c 73 2a 11 d5 a9 92 c9 44 c6 11 91 d6 2d b1 Aug 26 18:32:54.337657: | 6a 26 7a 98 c8 c6 9e 8d 43 86 27 6f 93 3c 72 dd Aug 26 18:32:54.337659: | e2 a6 2b 32 f5 4d 0b cb b8 93 e8 4a 3f a1 90 8f Aug 26 18:32:54.337660: | f8 e5 e3 90 a6 d8 b1 8a 2a 2e f7 cc 92 e5 82 7c Aug 26 18:32:54.337662: | a1 00 e3 0a 6d 62 78 6c 87 10 4f 43 bf 2c 7b 76 Aug 26 18:32:54.337663: | 59 52 35 9d 6a 60 6b 61 01 a5 80 60 73 94 36 66 Aug 26 18:32:54.337665: | aa fb ea de 1a cb 64 dc f8 7d c4 a1 cf ea 53 84 Aug 26 18:32:54.337666: | ce c4 52 ab fc ab 62 11 e3 ac 2f 46 95 31 76 e3 Aug 26 18:32:54.337668: | 4e 4f 35 fc 82 2b 55 e8 55 bb 39 b8 a5 c9 9a da Aug 26 18:32:54.337669: | 9b c1 06 18 8b 6d bb fd b4 3e 9f 93 6b 00 38 09 Aug 26 18:32:54.337671: | e9 bc 79 d2 a0 c2 f3 3a ad 51 f5 dd c7 f7 2f 80 Aug 26 18:32:54.337672: | 8a cd 44 9f 68 f9 5b 75 ee 9c d6 e3 ec c4 4c 15 Aug 26 18:32:54.337674: | b7 3c bb fd fa f1 2c f3 10 36 ad 9a 9c 49 d0 06 Aug 26 18:32:54.337675: | 60 b5 d2 a8 57 50 c4 bf a5 9b 5b 0f 67 a1 c9 d8 Aug 26 18:32:54.337677: | 5e 99 82 38 57 ae af c4 1c 66 ef de d5 05 72 b3 Aug 26 18:32:54.337678: | f1 f3 13 4a 4a 39 bc c8 7f 07 18 da 5a d3 f5 ea Aug 26 18:32:54.337679: | f4 07 31 a6 94 e9 78 ac 45 b2 76 15 76 3c 2a a5 Aug 26 18:32:54.337681: | 24 59 20 d9 4a 27 09 b1 77 f2 a9 6b 87 43 fe cb Aug 26 18:32:54.337682: | 87 15 1c ed 77 cf 1f 7f fa a5 43 a5 Aug 26 18:32:54.337727: | state #3 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 18:32:54.337733: | libevent_free: release ptr-libevent@0x55a94fbc3098 Aug 26 18:32:54.337735: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55a94fb5b238 Aug 26 18:32:54.337738: | event_schedule: new EVENT_RETRANSMIT-pe@0x55a94fb5b238 Aug 26 18:32:54.337741: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #3 Aug 26 18:32:54.337743: | libevent_malloc: new ptr-libevent@0x55a94fbcc5b8 size 128 Aug 26 18:32:54.337747: | #3 STATE_QUICK_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 29660.080205 Aug 26 18:32:54.337756: | resume sending helper answer for #3 suppresed complete_v1_state_transition() Aug 26 18:32:54.337760: | #3 spent 0.448 milliseconds in resume sending helper answer Aug 26 18:32:54.337763: | stop processing: state #3 connection "north-dpd/0x2" from 192.1.2.23 (in resume_handler() at server.c:833) Aug 26 18:32:54.337766: | libevent_free: release ptr-libevent@0x7f54900055c8 Aug 26 18:32:54.337771: | processing resume sending helper answer for #2 Aug 26 18:32:54.337776: | start processing: state #2 connection "north-dpd/0x1" from 192.1.2.23 (in resume_handler() at server.c:797) Aug 26 18:32:54.337778: | crypto helper 2 replies to request ID 3 Aug 26 18:32:54.337780: | calling continuation function 0x55a94f4e2b50 Aug 26 18:32:54.337782: | quick_outI1_continue for #2: calculated ke+nonce, sending I1 Aug 26 18:32:54.337785: | **emit ISAKMP Message: Aug 26 18:32:54.337787: | initiator cookie: Aug 26 18:32:54.337788: | b4 b9 92 b1 8c d6 51 ed Aug 26 18:32:54.337790: | responder cookie: Aug 26 18:32:54.337791: | 11 de db 08 7f 65 6e 7d Aug 26 18:32:54.337793: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:32:54.337795: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 18:32:54.337797: | exchange type: ISAKMP_XCHG_QUICK (0x20) Aug 26 18:32:54.337799: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 18:32:54.337800: | Message ID: 4053714242 (0xf19ec542) Aug 26 18:32:54.337802: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:32:54.337804: | ***emit ISAKMP Hash Payload: Aug 26 18:32:54.337806: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:32:54.337808: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Aug 26 18:32:54.337809: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'reply packet' Aug 26 18:32:54.337811: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Aug 26 18:32:54.337813: | emitting length of ISAKMP Hash Payload: 36 Aug 26 18:32:54.337815: | emitting quick defaults using policy none Aug 26 18:32:54.337817: | empty esp_info, returning defaults for ENCRYPT Aug 26 18:32:54.337819: | ***emit ISAKMP Security Association Payload: Aug 26 18:32:54.337821: | next payload type: ISAKMP_NEXT_NONCE (0xa) Aug 26 18:32:54.337822: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 18:32:54.337824: | next payload chain: ignoring supplied 'ISAKMP Security Association Payload'.'next payload type' value 10:ISAKMP_NEXT_NONCE Aug 26 18:32:54.337826: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Security Association Payload (1:ISAKMP_NEXT_SA) Aug 26 18:32:54.337828: | next payload chain: saving location 'ISAKMP Security Association Payload'.'next payload type' in 'reply packet' Aug 26 18:32:54.337830: | ****emit IPsec DOI SIT: Aug 26 18:32:54.337832: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) Aug 26 18:32:54.337833: | ikev1_out_sa pcn: 0 has 1 valid proposals Aug 26 18:32:54.337835: | ikev1_out_sa pcn: 0 pn: 0<1 valid_count: 1 trans_cnt: 2 Aug 26 18:32:54.337837: | ****emit ISAKMP Proposal Payload: Aug 26 18:32:54.337838: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:32:54.337840: | proposal number: 0 (0x0) Aug 26 18:32:54.337842: | protocol ID: PROTO_IPSEC_ESP (0x3) Aug 26 18:32:54.337843: | SPI size: 4 (0x4) Aug 26 18:32:54.337847: | number of transforms: 2 (0x2) Aug 26 18:32:54.337849: | last substructure: saving location 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' Aug 26 18:32:54.337857: | netlink_get_spi: allocated 0x729e99e for esp.0@192.1.3.33 Aug 26 18:32:54.337859: | emitting 4 raw bytes of SPI into ISAKMP Proposal Payload Aug 26 18:32:54.337861: | SPI 07 29 e9 9e Aug 26 18:32:54.337863: | *****emit ISAKMP Transform Payload (ESP): Aug 26 18:32:54.337864: | next payload type: ISAKMP_NEXT_T (0x3) Aug 26 18:32:54.337866: | ESP transform number: 0 (0x0) Aug 26 18:32:54.337868: | ESP transform ID: ESP_AES (0xc) Aug 26 18:32:54.337870: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' Aug 26 18:32:54.337871: | ******emit ISAKMP IPsec DOI attribute: Aug 26 18:32:54.337873: | af+type: AF+GROUP_DESCRIPTION (0x8003) Aug 26 18:32:54.337875: | length/value: 14 (0xe) Aug 26 18:32:54.337877: | [14 is OAKLEY_GROUP_MODP2048] Aug 26 18:32:54.337878: | ******emit ISAKMP IPsec DOI attribute: Aug 26 18:32:54.337880: | af+type: AF+ENCAPSULATION_MODE (0x8004) Aug 26 18:32:54.337881: | length/value: 1 (0x1) Aug 26 18:32:54.337883: | [1 is ENCAPSULATION_MODE_TUNNEL] Aug 26 18:32:54.337884: | ******emit ISAKMP IPsec DOI attribute: Aug 26 18:32:54.337886: | af+type: AF+SA_LIFE_TYPE (0x8001) Aug 26 18:32:54.337888: | length/value: 1 (0x1) Aug 26 18:32:54.337889: | [1 is SA_LIFE_TYPE_SECONDS] Aug 26 18:32:54.337891: | ******emit ISAKMP IPsec DOI attribute: Aug 26 18:32:54.337892: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) Aug 26 18:32:54.337894: | length/value: 28800 (0x7080) Aug 26 18:32:54.337895: | ******emit ISAKMP IPsec DOI attribute: Aug 26 18:32:54.337897: | af+type: AF+AUTH_ALGORITHM (0x8005) Aug 26 18:32:54.337899: | length/value: 2 (0x2) Aug 26 18:32:54.337900: | [2 is AUTH_ALGORITHM_HMAC_SHA1] Aug 26 18:32:54.337902: | ******emit ISAKMP IPsec DOI attribute: Aug 26 18:32:54.337903: | af+type: AF+KEY_LENGTH (0x8006) Aug 26 18:32:54.337905: | length/value: 128 (0x80) Aug 26 18:32:54.337906: | emitting length of ISAKMP Transform Payload (ESP): 32 Aug 26 18:32:54.337908: | *****emit ISAKMP Transform Payload (ESP): Aug 26 18:32:54.337910: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:32:54.337911: | ESP transform number: 1 (0x1) Aug 26 18:32:54.337913: | ESP transform ID: ESP_3DES (0x3) Aug 26 18:32:54.337915: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Aug 26 18:32:54.337917: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' Aug 26 18:32:54.337918: | ******emit ISAKMP IPsec DOI attribute: Aug 26 18:32:54.337920: | af+type: AF+GROUP_DESCRIPTION (0x8003) Aug 26 18:32:54.337921: | length/value: 14 (0xe) Aug 26 18:32:54.337923: | [14 is OAKLEY_GROUP_MODP2048] Aug 26 18:32:54.337924: | ******emit ISAKMP IPsec DOI attribute: Aug 26 18:32:54.337926: | af+type: AF+ENCAPSULATION_MODE (0x8004) Aug 26 18:32:54.337927: | length/value: 1 (0x1) Aug 26 18:32:54.337929: | [1 is ENCAPSULATION_MODE_TUNNEL] Aug 26 18:32:54.337930: | ******emit ISAKMP IPsec DOI attribute: Aug 26 18:32:54.337932: | af+type: AF+SA_LIFE_TYPE (0x8001) Aug 26 18:32:54.337934: | length/value: 1 (0x1) Aug 26 18:32:54.337935: | [1 is SA_LIFE_TYPE_SECONDS] Aug 26 18:32:54.337937: | ******emit ISAKMP IPsec DOI attribute: Aug 26 18:32:54.337938: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) Aug 26 18:32:54.337940: | length/value: 28800 (0x7080) Aug 26 18:32:54.337941: | ******emit ISAKMP IPsec DOI attribute: Aug 26 18:32:54.337943: | af+type: AF+AUTH_ALGORITHM (0x8005) Aug 26 18:32:54.337944: | length/value: 2 (0x2) Aug 26 18:32:54.337946: | [2 is AUTH_ALGORITHM_HMAC_SHA1] Aug 26 18:32:54.337948: | emitting length of ISAKMP Transform Payload (ESP): 28 Aug 26 18:32:54.337949: | emitting length of ISAKMP Proposal Payload: 72 Aug 26 18:32:54.337952: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' is 0 Aug 26 18:32:54.337954: | emitting length of ISAKMP Security Association Payload: 84 Aug 26 18:32:54.337956: | last substructure: checking 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' is 0 Aug 26 18:32:54.337958: | ***emit ISAKMP Nonce Payload: Aug 26 18:32:54.337960: | next payload type: ISAKMP_NEXT_KE (0x4) Aug 26 18:32:54.337962: | next payload chain: ignoring supplied 'ISAKMP Nonce Payload'.'next payload type' value 4:ISAKMP_NEXT_KE Aug 26 18:32:54.337964: | next payload chain: setting previous 'ISAKMP Security Association Payload'.'next payload type' to current ISAKMP Nonce Payload (10:ISAKMP_NEXT_NONCE) Aug 26 18:32:54.337965: | next payload chain: saving location 'ISAKMP Nonce Payload'.'next payload type' in 'reply packet' Aug 26 18:32:54.337967: | emitting 32 raw bytes of Ni into ISAKMP Nonce Payload Aug 26 18:32:54.337969: | Ni 29 ed b0 29 2d 39 18 c7 cc 92 36 e1 db ad 07 69 Aug 26 18:32:54.337971: | Ni f3 11 51 5b 4e 64 15 47 3b ff 1a 87 63 11 dc d6 Aug 26 18:32:54.337972: | emitting length of ISAKMP Nonce Payload: 36 Aug 26 18:32:54.337974: | ***emit ISAKMP Key Exchange Payload: Aug 26 18:32:54.337975: | next payload type: ISAKMP_NEXT_ID (0x5) Aug 26 18:32:54.337977: | next payload chain: ignoring supplied 'ISAKMP Key Exchange Payload'.'next payload type' value 5:ISAKMP_NEXT_ID Aug 26 18:32:54.337979: | next payload chain: setting previous 'ISAKMP Nonce Payload'.'next payload type' to current ISAKMP Key Exchange Payload (4:ISAKMP_NEXT_KE) Aug 26 18:32:54.337981: | next payload chain: saving location 'ISAKMP Key Exchange Payload'.'next payload type' in 'reply packet' Aug 26 18:32:54.337983: | emitting 256 raw bytes of keyex value into ISAKMP Key Exchange Payload Aug 26 18:32:54.337985: | keyex value 24 f0 05 0f a0 b0 7c f3 1e f2 c8 c1 dc ed 89 92 Aug 26 18:32:54.337986: | keyex value 51 80 5e 4c 67 21 a2 e1 40 36 ed be be 5c 0b d6 Aug 26 18:32:54.337988: | keyex value ad 28 43 ca b4 e5 ed e7 04 ab c5 8e a8 51 1f 20 Aug 26 18:32:54.337989: | keyex value f4 11 12 df 2d 90 6b 0b 93 2b 11 a6 04 bf 17 c9 Aug 26 18:32:54.337991: | keyex value 22 88 aa b5 48 fa 98 e6 33 c9 e6 a2 8d 70 5b 32 Aug 26 18:32:54.337992: | keyex value 37 a5 c5 bc 85 ef 4b bb 1f 16 21 73 75 44 bd c6 Aug 26 18:32:54.337994: | keyex value e8 9c 08 4a 76 10 f9 47 53 f7 56 84 07 35 bd 6e Aug 26 18:32:54.337995: | keyex value 3d a4 02 df 28 ff 0b 38 01 5e 3e a1 41 83 58 50 Aug 26 18:32:54.337997: | keyex value 1d 42 89 6e 2d a8 87 e4 4d 0a e2 af 0e 19 65 36 Aug 26 18:32:54.337998: | keyex value 74 f9 b2 05 2d 5e 28 90 9b ce 23 27 0a 0c 07 e2 Aug 26 18:32:54.338000: | keyex value 4a 46 58 5b ff 2a 59 ff 55 dd 9c ac 5f 43 44 3e Aug 26 18:32:54.338002: | keyex value f3 e3 0b fb 4d ef 79 f7 79 22 9b 0a f6 34 db 52 Aug 26 18:32:54.338003: | keyex value 9d 68 59 f5 4f d7 00 c5 c6 21 5b f1 ca c5 49 f2 Aug 26 18:32:54.338005: | keyex value c9 9a e7 01 42 54 d1 a0 0c 65 fc 82 6a 5a 90 96 Aug 26 18:32:54.338006: | keyex value cf 54 27 7b c4 9c 78 da 91 8b ff 28 47 5a 8e 68 Aug 26 18:32:54.338008: | keyex value 7f 45 b9 0d 7e e3 85 ca 37 10 d6 14 28 65 ee 9f Aug 26 18:32:54.338009: | emitting length of ISAKMP Key Exchange Payload: 260 Aug 26 18:32:54.338011: | ***emit ISAKMP Identification Payload (IPsec DOI): Aug 26 18:32:54.338013: | next payload type: ISAKMP_NEXT_ID (0x5) Aug 26 18:32:54.338014: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Aug 26 18:32:54.338016: | Protocol ID: 0 (0x0) Aug 26 18:32:54.338017: | port: 0 (0x0) Aug 26 18:32:54.338019: | next payload chain: ignoring supplied 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' value 5:ISAKMP_NEXT_ID Aug 26 18:32:54.338021: | next payload chain: setting previous 'ISAKMP Key Exchange Payload'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) Aug 26 18:32:54.338024: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' Aug 26 18:32:54.338026: | emitting 4 raw bytes of client network into ISAKMP Identification Payload (IPsec DOI) Aug 26 18:32:54.338028: | client network c0 00 03 00 Aug 26 18:32:54.338030: | emitting 4 raw bytes of client mask into ISAKMP Identification Payload (IPsec DOI) Aug 26 18:32:54.338031: | client mask ff ff ff 00 Aug 26 18:32:54.338033: | emitting length of ISAKMP Identification Payload (IPsec DOI): 16 Aug 26 18:32:54.338034: | ***emit ISAKMP Identification Payload (IPsec DOI): Aug 26 18:32:54.338036: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:32:54.338037: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Aug 26 18:32:54.338039: | Protocol ID: 0 (0x0) Aug 26 18:32:54.338040: | port: 0 (0x0) Aug 26 18:32:54.338042: | next payload chain: setting previous 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) Aug 26 18:32:54.338044: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' Aug 26 18:32:54.338046: | emitting 4 raw bytes of client network into ISAKMP Identification Payload (IPsec DOI) Aug 26 18:32:54.338048: | client network c0 00 02 00 Aug 26 18:32:54.338049: | emitting 4 raw bytes of client mask into ISAKMP Identification Payload (IPsec DOI) Aug 26 18:32:54.338051: | client mask ff ff ff 00 Aug 26 18:32:54.338052: | emitting length of ISAKMP Identification Payload (IPsec DOI): 16 Aug 26 18:32:54.338067: | outI1 HASH(1): Aug 26 18:32:54.338069: | 9c 59 67 c5 36 7e 0e 56 f2 83 ea 37 86 92 b2 50 Aug 26 18:32:54.338071: | 2d b3 e9 f5 0c 7c a1 84 df 57 0c ba 1a eb c1 fa Aug 26 18:32:54.338076: | no IKEv1 message padding required Aug 26 18:32:54.338077: | emitting length of ISAKMP Message: 476 Aug 26 18:32:54.338085: | sending 476 bytes for reply packet from quick_outI1 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #2) Aug 26 18:32:54.338087: | b4 b9 92 b1 8c d6 51 ed 11 de db 08 7f 65 6e 7d Aug 26 18:32:54.338089: | 08 10 20 01 f1 9e c5 42 00 00 01 dc 8f 03 06 5b Aug 26 18:32:54.338090: | f0 49 5f de 0c 96 8b d3 65 b6 5b 12 25 34 10 d9 Aug 26 18:32:54.338092: | 83 9d ea f9 3b c9 3d 75 a6 c9 27 c6 f7 19 7d 05 Aug 26 18:32:54.338093: | 53 89 f1 45 ef 7e 32 73 e6 1b 77 9d db 9d a9 d5 Aug 26 18:32:54.338095: | af 4e b3 9d 76 0c 03 14 76 66 d2 24 0a 5d 7a 49 Aug 26 18:32:54.338096: | b8 c9 23 7d 5d 40 c1 0e 19 16 35 ec 2d 0e 26 4a Aug 26 18:32:54.338098: | 60 6c 5d ce bb 31 e5 6b 2b c9 0a 7e 78 b8 df ad Aug 26 18:32:54.338099: | 99 06 6f 29 99 33 c8 7e e9 f0 ad e0 ce 32 92 85 Aug 26 18:32:54.338101: | 73 d4 2e bd de ab da 3c 32 bb f1 f5 4a 05 4d a9 Aug 26 18:32:54.338102: | 24 c7 73 16 ca 8a af 85 f3 64 9f 60 3c 15 27 94 Aug 26 18:32:54.338104: | a7 82 5d f6 05 75 6e ba 86 ce ad 67 b3 0d b9 47 Aug 26 18:32:54.338105: | 48 8a 02 ca 8f cf 58 d2 36 04 43 43 21 02 d3 97 Aug 26 18:32:54.338107: | 47 20 50 60 82 83 f6 a8 36 2b 7d ae e7 81 0f 90 Aug 26 18:32:54.338108: | bf ae 86 7e 75 c7 dc 4e c7 5c d9 a4 89 cf ed fb Aug 26 18:32:54.338109: | 9b f2 ad 1d 53 6f 9e 01 be 34 f9 fc 2e a8 c9 fe Aug 26 18:32:54.338111: | 0e 38 50 97 11 53 97 fa c9 1f 79 4f f8 1e 3d 02 Aug 26 18:32:54.338112: | e4 83 10 4e d5 d0 84 55 b3 34 8b 99 3d cc 15 e6 Aug 26 18:32:54.338114: | d1 8e 23 03 96 fa 33 e4 a7 37 44 26 1e 25 71 64 Aug 26 18:32:54.338115: | 72 d8 05 67 2f bd 8d 58 bb 2f 3d 53 0a 31 9d 9d Aug 26 18:32:54.338117: | 8f 6e 29 52 83 5e 98 5e d7 1e aa ce 91 4e 97 12 Aug 26 18:32:54.338118: | 30 aa 23 1a 80 a3 61 1e 35 28 d9 76 42 12 00 08 Aug 26 18:32:54.338120: | 64 ee 8c 77 1e c5 c5 5a 6d 0e 7e 96 47 3d 4f d0 Aug 26 18:32:54.338121: | 54 d3 9a 21 7d 02 26 e7 33 f9 9c 02 c1 89 97 c5 Aug 26 18:32:54.338123: | 36 65 12 cf 5f c0 43 27 79 f6 c1 e7 fe a1 d4 78 Aug 26 18:32:54.338124: | 03 48 9c f0 f0 7e 37 8a 1b a2 55 bf 22 02 6b f6 Aug 26 18:32:54.338127: | 76 e4 13 d8 76 c7 1f 2c ec a2 95 9b 07 be 25 91 Aug 26 18:32:54.338129: | b9 5e 9c 23 65 5c 25 c7 cb 7e dd 8d dc c5 33 d3 Aug 26 18:32:54.338130: | a7 a1 cb 9a 5b 88 1b b7 92 f5 7a fc 0c a2 3d 06 Aug 26 18:32:54.338132: | a9 83 54 17 b5 9f 60 38 fa 24 a8 d9 Aug 26 18:32:54.338150: | state #2 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 18:32:54.338153: | libevent_free: release ptr-libevent@0x55a94fbc3148 Aug 26 18:32:54.338155: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55a94fbcf2d8 Aug 26 18:32:54.338157: | event_schedule: new EVENT_RETRANSMIT-pe@0x55a94fbcf2d8 Aug 26 18:32:54.338160: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #2 Aug 26 18:32:54.338162: | libevent_malloc: new ptr-libevent@0x7f54900055c8 size 128 Aug 26 18:32:54.338165: | #2 STATE_QUICK_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 29660.080624 Aug 26 18:32:54.338173: | resume sending helper answer for #2 suppresed complete_v1_state_transition() Aug 26 18:32:54.338179: | #2 spent 0.389 milliseconds in resume sending helper answer Aug 26 18:32:54.338184: | stop processing: state #2 connection "north-dpd/0x1" from 192.1.2.23 (in resume_handler() at server.c:833) Aug 26 18:32:54.338187: | libevent_free: release ptr-libevent@0x7f549c003f28 Aug 26 18:32:54.341970: | spent 0.00298 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:32:54.341995: | *received 460 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 18:32:54.342000: | b4 b9 92 b1 8c d6 51 ed 11 de db 08 7f 65 6e 7d Aug 26 18:32:54.342002: | 08 10 20 01 f1 9e c5 42 00 00 01 cc 4e 4e eb c6 Aug 26 18:32:54.342003: | aa 8c 34 12 f1 dd ec 20 fa bf e4 0e 0a 7f a2 42 Aug 26 18:32:54.342005: | d2 d6 7c 5d 85 4e 14 17 c5 05 73 99 44 26 fa 06 Aug 26 18:32:54.342006: | 20 21 5c d7 de 16 db 7b 88 50 4e 74 ce 46 e2 93 Aug 26 18:32:54.342008: | 91 bb 8a b7 b1 f4 10 e5 70 32 87 91 f1 7f d8 61 Aug 26 18:32:54.342009: | 37 8f 4a 97 0b 81 6f f7 f2 fa ce 22 0c d5 1a 33 Aug 26 18:32:54.342011: | f5 d1 2f da 99 b0 5c f3 7f eb 71 8f 6c 51 46 43 Aug 26 18:32:54.342012: | ee a0 9a 7a 8c 15 e9 f1 d1 33 ac fa 97 95 79 12 Aug 26 18:32:54.342014: | 3f 05 8b 17 68 40 2d c1 cd 05 b4 8f 7a 3c f6 f2 Aug 26 18:32:54.342015: | 23 16 ea 5e 9f f2 3d 66 d7 af 60 26 c1 82 a6 22 Aug 26 18:32:54.342017: | 44 64 2e 6c fe 10 3a 30 54 89 6b 02 68 40 5b 13 Aug 26 18:32:54.342018: | bb a4 a2 b4 e9 33 12 c5 34 bc 5d 95 53 4e 14 a5 Aug 26 18:32:54.342020: | 20 b4 1e ef 96 5a 00 54 51 99 92 87 93 a8 30 04 Aug 26 18:32:54.342021: | 1f 5e 98 5a ed 78 04 fe cd b8 17 6e 59 8f c6 28 Aug 26 18:32:54.342023: | c0 b8 82 79 7e 21 b0 af 3f 37 92 04 66 aa 15 f1 Aug 26 18:32:54.342024: | 76 59 d3 26 f4 4e 12 1a 2f e4 e3 fa 26 b5 9e 9b Aug 26 18:32:54.342026: | c3 8f 7d 99 7f dd c5 96 34 aa 6f de e3 57 a5 bf Aug 26 18:32:54.342027: | 96 6c 9d 91 c8 eb 18 05 4a 0e 15 73 87 e3 54 57 Aug 26 18:32:54.342029: | b0 d6 51 25 a5 b0 73 53 e2 9f be 5e df 50 c5 55 Aug 26 18:32:54.342030: | de 66 ed 8b ec 04 59 4e 3f 65 11 5a a3 58 4c 25 Aug 26 18:32:54.342032: | c0 4a 8b 45 ef bf 66 01 92 9e d8 64 45 24 a1 93 Aug 26 18:32:54.342033: | f1 c9 28 36 1a 66 d3 f3 a2 83 ab 33 31 65 6d 38 Aug 26 18:32:54.342035: | 7d 64 6b f1 2b e3 cd 97 4d 07 cb c6 ff 9d 39 2d Aug 26 18:32:54.342036: | d6 50 90 87 d0 bb 72 48 ac 6a 6e 76 9b 78 8f 68 Aug 26 18:32:54.342038: | 48 bf e3 aa 39 aa 5f 7b 8b 8c c0 c2 6d 0b 32 7a Aug 26 18:32:54.342039: | 55 f7 78 f3 d2 b3 2b 73 cb 7c b1 28 72 b1 4b 91 Aug 26 18:32:54.342041: | ff 01 fe 5e 3f 8a be 48 ee 89 6e 7a ba 76 a3 41 Aug 26 18:32:54.342044: | f5 7c 27 bf 4c 49 5f b7 49 46 3e e3 Aug 26 18:32:54.342048: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 18:32:54.342052: | **parse ISAKMP Message: Aug 26 18:32:54.342055: | initiator cookie: Aug 26 18:32:54.342058: | b4 b9 92 b1 8c d6 51 ed Aug 26 18:32:54.342063: | responder cookie: Aug 26 18:32:54.342064: | 11 de db 08 7f 65 6e 7d Aug 26 18:32:54.342066: | next payload type: ISAKMP_NEXT_HASH (0x8) Aug 26 18:32:54.342068: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 18:32:54.342070: | exchange type: ISAKMP_XCHG_QUICK (0x20) Aug 26 18:32:54.342072: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 18:32:54.342074: | Message ID: 4053714242 (0xf19ec542) Aug 26 18:32:54.342075: | length: 460 (0x1cc) Aug 26 18:32:54.342077: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32) Aug 26 18:32:54.342081: | State DB: found IKEv1 state #2 in QUICK_I1 (find_state_ikev1) Aug 26 18:32:54.342084: | start processing: state #2 connection "north-dpd/0x1" from 192.1.2.23 (in process_v1_packet() at ikev1.c:1633) Aug 26 18:32:54.342086: | #2 is idle Aug 26 18:32:54.342088: | #2 idle Aug 26 18:32:54.342090: | received encrypted packet from 192.1.2.23:500 Aug 26 18:32:54.342104: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x502 opt: 0x200030 Aug 26 18:32:54.342106: | ***parse ISAKMP Hash Payload: Aug 26 18:32:54.342108: | next payload type: ISAKMP_NEXT_SA (0x1) Aug 26 18:32:54.342110: | length: 36 (0x24) Aug 26 18:32:54.342112: | got payload 0x2 (ISAKMP_NEXT_SA) needed: 0x402 opt: 0x200030 Aug 26 18:32:54.342114: | ***parse ISAKMP Security Association Payload: Aug 26 18:32:54.342115: | next payload type: ISAKMP_NEXT_NONCE (0xa) Aug 26 18:32:54.342117: | length: 56 (0x38) Aug 26 18:32:54.342118: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 18:32:54.342120: | got payload 0x400 (ISAKMP_NEXT_NONCE) needed: 0x400 opt: 0x200030 Aug 26 18:32:54.342122: | ***parse ISAKMP Nonce Payload: Aug 26 18:32:54.342123: | next payload type: ISAKMP_NEXT_KE (0x4) Aug 26 18:32:54.342125: | length: 36 (0x24) Aug 26 18:32:54.342127: | got payload 0x10 (ISAKMP_NEXT_KE) needed: 0x0 opt: 0x200030 Aug 26 18:32:54.342128: | ***parse ISAKMP Key Exchange Payload: Aug 26 18:32:54.342130: | next payload type: ISAKMP_NEXT_ID (0x5) Aug 26 18:32:54.342131: | length: 260 (0x104) Aug 26 18:32:54.342133: | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030 Aug 26 18:32:54.342135: | ***parse ISAKMP Identification Payload (IPsec DOI): Aug 26 18:32:54.342137: | next payload type: ISAKMP_NEXT_ID (0x5) Aug 26 18:32:54.342138: | length: 16 (0x10) Aug 26 18:32:54.342140: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Aug 26 18:32:54.342142: | Protocol ID: 0 (0x0) Aug 26 18:32:54.342143: | port: 0 (0x0) Aug 26 18:32:54.342145: | obj: c0 00 03 00 ff ff ff 00 Aug 26 18:32:54.342147: | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030 Aug 26 18:32:54.342148: | ***parse ISAKMP Identification Payload (IPsec DOI): Aug 26 18:32:54.342150: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:32:54.342151: | length: 16 (0x10) Aug 26 18:32:54.342153: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Aug 26 18:32:54.342154: | Protocol ID: 0 (0x0) Aug 26 18:32:54.342156: | port: 0 (0x0) Aug 26 18:32:54.342157: | obj: c0 00 02 00 ff ff ff 00 Aug 26 18:32:54.342159: | removing 12 bytes of padding Aug 26 18:32:54.342174: | quick_inR1_outI2 HASH(2): Aug 26 18:32:54.342177: | 25 99 89 97 58 b8 b4 90 aa aa 06 e2 c4 10 4a 60 Aug 26 18:32:54.342178: | a4 c2 a0 f3 1b e3 0b b0 94 4f 93 f0 47 0d b2 e2 Aug 26 18:32:54.342180: | received 'quick_inR1_outI2' message HASH(2) data ok Aug 26 18:32:54.342183: | ****parse IPsec DOI SIT: Aug 26 18:32:54.342185: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) Aug 26 18:32:54.342187: | ****parse ISAKMP Proposal Payload: Aug 26 18:32:54.342189: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:32:54.342190: | length: 44 (0x2c) Aug 26 18:32:54.342192: | proposal number: 0 (0x0) Aug 26 18:32:54.342194: | protocol ID: PROTO_IPSEC_ESP (0x3) Aug 26 18:32:54.342195: | SPI size: 4 (0x4) Aug 26 18:32:54.342197: | number of transforms: 1 (0x1) Aug 26 18:32:54.342199: | parsing 4 raw bytes of ISAKMP Proposal Payload into SPI Aug 26 18:32:54.342202: | SPI a6 db cb 71 Aug 26 18:32:54.342204: | *****parse ISAKMP Transform Payload (ESP): Aug 26 18:32:54.342206: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:32:54.342207: | length: 32 (0x20) Aug 26 18:32:54.342209: | ESP transform number: 0 (0x0) Aug 26 18:32:54.342211: | ESP transform ID: ESP_AES (0xc) Aug 26 18:32:54.342213: | ******parse ISAKMP IPsec DOI attribute: Aug 26 18:32:54.342215: | af+type: AF+GROUP_DESCRIPTION (0x8003) Aug 26 18:32:54.342216: | length/value: 14 (0xe) Aug 26 18:32:54.342218: | [14 is OAKLEY_GROUP_MODP2048] Aug 26 18:32:54.342220: | ******parse ISAKMP IPsec DOI attribute: Aug 26 18:32:54.342222: | af+type: AF+ENCAPSULATION_MODE (0x8004) Aug 26 18:32:54.342223: | length/value: 1 (0x1) Aug 26 18:32:54.342225: | [1 is ENCAPSULATION_MODE_TUNNEL] Aug 26 18:32:54.342227: | NAT-T non-encap: Installing IPsec SA without ENCAP, st->hidden_variables.st_nat_traversal is none Aug 26 18:32:54.342229: | ******parse ISAKMP IPsec DOI attribute: Aug 26 18:32:54.342230: | af+type: AF+SA_LIFE_TYPE (0x8001) Aug 26 18:32:54.342232: | length/value: 1 (0x1) Aug 26 18:32:54.342233: | [1 is SA_LIFE_TYPE_SECONDS] Aug 26 18:32:54.342235: | ******parse ISAKMP IPsec DOI attribute: Aug 26 18:32:54.342237: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) Aug 26 18:32:54.342238: | length/value: 28800 (0x7080) Aug 26 18:32:54.342240: | ******parse ISAKMP IPsec DOI attribute: Aug 26 18:32:54.342242: | af+type: AF+AUTH_ALGORITHM (0x8005) Aug 26 18:32:54.342243: | length/value: 2 (0x2) Aug 26 18:32:54.342245: | [2 is AUTH_ALGORITHM_HMAC_SHA1] Aug 26 18:32:54.342246: | ******parse ISAKMP IPsec DOI attribute: Aug 26 18:32:54.342248: | af+type: AF+KEY_LENGTH (0x8006) Aug 26 18:32:54.342250: | length/value: 128 (0x80) Aug 26 18:32:54.342252: | ESP IPsec Transform verified unconditionally; no alg_info to check against Aug 26 18:32:54.342262: | started looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org of kind PKK_PSK Aug 26 18:32:54.342266: | actually looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org of kind PKK_PSK Aug 26 18:32:54.342272: | line 0: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org) to type PKK_RSA Aug 26 18:32:54.342275: | line 1: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org) to type PKK_RSA Aug 26 18:32:54.342277: | concluding with best_match=000 best=(nil) (lineno=-1) Aug 26 18:32:54.342278: | no PreShared Key Found Aug 26 18:32:54.342281: | adding quick outI2 DH work-order 5 for state #2 Aug 26 18:32:54.342283: | state #2 requesting EVENT_RETRANSMIT to be deleted Aug 26 18:32:54.342285: | #2 STATE_QUICK_I1: retransmits: cleared Aug 26 18:32:54.342291: | libevent_free: release ptr-libevent@0x7f54900055c8 Aug 26 18:32:54.342296: | free_event_entry: release EVENT_RETRANSMIT-pe@0x55a94fbcf2d8 Aug 26 18:32:54.342298: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55a94fbcf2d8 Aug 26 18:32:54.342300: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #2 Aug 26 18:32:54.342303: | libevent_malloc: new ptr-libevent@0x7f549c003f28 size 128 Aug 26 18:32:54.342310: | complete v1 state transition with STF_SUSPEND Aug 26 18:32:54.342313: | [RE]START processing: state #2 connection "north-dpd/0x1" from 192.1.2.23 (in complete_v1_state_transition() at ikev1.c:2648) Aug 26 18:32:54.342315: | suspending state #2 and saving MD Aug 26 18:32:54.342317: | #2 is busy; has a suspended MD Aug 26 18:32:54.342321: | crypto helper 4 resuming Aug 26 18:32:54.342322: | #2 spent 0.136 milliseconds in process_packet_tail() Aug 26 18:32:54.342343: | crypto helper 4 starting work-order 5 for state #2 Aug 26 18:32:54.342346: | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) Aug 26 18:32:54.342349: | crypto helper 4 doing compute dh (V1 Phase 2 PFS) (quick outI2 DH); request ID 5 Aug 26 18:32:54.342350: | stop processing: state #2 connection "north-dpd/0x1" from 192.1.2.23 (in process_md() at demux.c:382) Aug 26 18:32:54.342358: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 18:32:54.342362: | spent 0.363 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:32:54.342783: | spent 0.00171 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:32:54.342793: | *received 460 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 18:32:54.342795: | b4 b9 92 b1 8c d6 51 ed 11 de db 08 7f 65 6e 7d Aug 26 18:32:54.342797: | 08 10 20 01 36 43 2f d8 00 00 01 cc 25 6a dc 0c Aug 26 18:32:54.342798: | 72 18 b3 5c 7b 43 35 42 8e 09 de 2a 4a 1e 79 4f Aug 26 18:32:54.342800: | 3b 95 d2 ad 3a a4 a2 1b 60 31 85 68 34 4d 85 c3 Aug 26 18:32:54.342801: | 11 1d 7e b7 44 e1 77 09 10 21 9f 28 07 3e 52 3e Aug 26 18:32:54.342803: | 79 3d c0 e2 61 1d 89 7e d7 e7 2f 8f c0 c9 58 d1 Aug 26 18:32:54.342804: | 63 c8 93 7a 3c be 7c a6 7d 1b 37 cb 98 ae d8 df Aug 26 18:32:54.342805: | 56 98 15 d2 21 33 bd 5f ad 64 ff 41 42 89 5a fe Aug 26 18:32:54.342807: | ca f2 72 34 4c 7c 74 a5 21 79 61 fb f7 df bd 46 Aug 26 18:32:54.342808: | 61 b1 55 22 e6 0b ec e2 cb f9 86 ef e2 31 c7 a8 Aug 26 18:32:54.342810: | 13 76 c6 24 f7 ed 6e 71 91 76 b4 ea 79 85 96 e5 Aug 26 18:32:54.342811: | 58 4a 1a 86 41 29 d5 86 81 55 66 66 ca 2c b8 58 Aug 26 18:32:54.342813: | 2f a0 b0 df 10 95 7e 62 92 da e9 03 11 da fc 82 Aug 26 18:32:54.342814: | 17 f9 da b0 1b 3b 6c 5e 77 c8 91 bd 19 3a 07 14 Aug 26 18:32:54.342816: | 6e a1 f3 d2 71 ee 83 74 ff 29 ba 49 f3 b3 4d 7a Aug 26 18:32:54.342817: | 84 4b e4 e7 db e2 87 8a 23 f5 19 26 c6 73 ea ea Aug 26 18:32:54.342819: | cf 7c bd b7 e9 a2 f4 77 00 20 11 25 0a 94 16 b5 Aug 26 18:32:54.342820: | 17 03 d2 35 b4 2f 44 ee 04 12 39 4a 7c b6 0d ec Aug 26 18:32:54.342822: | c6 7e 1e 2c fd e6 20 e3 4b 0b 94 c4 21 35 6a 23 Aug 26 18:32:54.342823: | db 48 80 fe e5 1b 62 e4 f6 b3 3c cb 58 5c ad 72 Aug 26 18:32:54.342825: | 56 bc fa 8f bd 31 16 5b bf c1 b3 ed f6 7b f0 e4 Aug 26 18:32:54.342826: | 09 68 13 e2 d5 bf d8 27 31 71 5d f8 fd 54 ca 8a Aug 26 18:32:54.342828: | 53 4c 26 cd 00 a3 25 ac 59 25 35 c0 a0 7c ea 55 Aug 26 18:32:54.342829: | 19 67 e4 6f a1 ae f5 38 ad 41 2f 6a 3f d9 a7 b8 Aug 26 18:32:54.342831: | 95 d4 c6 95 5b e6 1e c1 81 86 c3 c7 6f 7d 90 74 Aug 26 18:32:54.342832: | 76 2a b1 50 84 94 47 31 35 6e 49 ff 6e c9 e6 72 Aug 26 18:32:54.342834: | c6 71 f0 d2 b8 c6 ce f7 a3 2b 78 0c 0d 75 c3 b7 Aug 26 18:32:54.342835: | 62 be c5 07 64 1e 07 e1 fd a1 bb e0 cf 77 5c 81 Aug 26 18:32:54.342837: | 0e 5e fd ec c8 97 09 82 08 e5 3f a3 Aug 26 18:32:54.342839: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 18:32:54.342841: | **parse ISAKMP Message: Aug 26 18:32:54.342843: | initiator cookie: Aug 26 18:32:54.342844: | b4 b9 92 b1 8c d6 51 ed Aug 26 18:32:54.342846: | responder cookie: Aug 26 18:32:54.342847: | 11 de db 08 7f 65 6e 7d Aug 26 18:32:54.342849: | next payload type: ISAKMP_NEXT_HASH (0x8) Aug 26 18:32:54.342851: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 18:32:54.342853: | exchange type: ISAKMP_XCHG_QUICK (0x20) Aug 26 18:32:54.342854: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 18:32:54.342856: | Message ID: 910372824 (0x36432fd8) Aug 26 18:32:54.342858: | length: 460 (0x1cc) Aug 26 18:32:54.342860: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32) Aug 26 18:32:54.342862: | State DB: found IKEv1 state #3 in QUICK_I1 (find_state_ikev1) Aug 26 18:32:54.342867: | start processing: state #3 connection "north-dpd/0x2" from 192.1.2.23 (in process_v1_packet() at ikev1.c:1633) Aug 26 18:32:54.342869: | #3 is idle Aug 26 18:32:54.342870: | #3 idle Aug 26 18:32:54.342872: | received encrypted packet from 192.1.2.23:500 Aug 26 18:32:54.342880: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x502 opt: 0x200030 Aug 26 18:32:54.342882: | ***parse ISAKMP Hash Payload: Aug 26 18:32:54.342884: | next payload type: ISAKMP_NEXT_SA (0x1) Aug 26 18:32:54.342885: | length: 36 (0x24) Aug 26 18:32:54.342888: | got payload 0x2 (ISAKMP_NEXT_SA) needed: 0x402 opt: 0x200030 Aug 26 18:32:54.342889: | ***parse ISAKMP Security Association Payload: Aug 26 18:32:54.342891: | next payload type: ISAKMP_NEXT_NONCE (0xa) Aug 26 18:32:54.342892: | length: 56 (0x38) Aug 26 18:32:54.342894: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 18:32:54.342896: | got payload 0x400 (ISAKMP_NEXT_NONCE) needed: 0x400 opt: 0x200030 Aug 26 18:32:54.342897: | ***parse ISAKMP Nonce Payload: Aug 26 18:32:54.342899: | next payload type: ISAKMP_NEXT_KE (0x4) Aug 26 18:32:54.342900: | length: 36 (0x24) Aug 26 18:32:54.342902: | got payload 0x10 (ISAKMP_NEXT_KE) needed: 0x0 opt: 0x200030 Aug 26 18:32:54.342904: | ***parse ISAKMP Key Exchange Payload: Aug 26 18:32:54.342905: | next payload type: ISAKMP_NEXT_ID (0x5) Aug 26 18:32:54.342907: | length: 260 (0x104) Aug 26 18:32:54.342921: | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030 Aug 26 18:32:54.342923: | ***parse ISAKMP Identification Payload (IPsec DOI): Aug 26 18:32:54.342925: | next payload type: ISAKMP_NEXT_ID (0x5) Aug 26 18:32:54.342926: | length: 16 (0x10) Aug 26 18:32:54.342928: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Aug 26 18:32:54.342929: | Protocol ID: 0 (0x0) Aug 26 18:32:54.342931: | port: 0 (0x0) Aug 26 18:32:54.342932: | obj: c0 00 03 00 ff ff ff 00 Aug 26 18:32:54.342934: | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030 Aug 26 18:32:54.342936: | ***parse ISAKMP Identification Payload (IPsec DOI): Aug 26 18:32:54.342937: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:32:54.342939: | length: 16 (0x10) Aug 26 18:32:54.342940: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Aug 26 18:32:54.342942: | Protocol ID: 0 (0x0) Aug 26 18:32:54.342943: | port: 0 (0x0) Aug 26 18:32:54.342944: | obj: c0 00 16 00 ff ff ff 00 Aug 26 18:32:54.342946: | removing 12 bytes of padding Aug 26 18:32:54.342960: | quick_inR1_outI2 HASH(2): Aug 26 18:32:54.342962: | 11 a5 3d 3e af 48 c7 59 f9 4f b5 52 5f 53 15 ea Aug 26 18:32:54.342964: | 98 8b 0d d4 4b a3 b0 8a 09 85 0e b2 1c 1d 00 8e Aug 26 18:32:54.342965: | received 'quick_inR1_outI2' message HASH(2) data ok Aug 26 18:32:54.342968: | ****parse IPsec DOI SIT: Aug 26 18:32:54.342970: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) Aug 26 18:32:54.342971: | ****parse ISAKMP Proposal Payload: Aug 26 18:32:54.342973: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:32:54.342974: | length: 44 (0x2c) Aug 26 18:32:54.342976: | proposal number: 0 (0x0) Aug 26 18:32:54.342978: | protocol ID: PROTO_IPSEC_ESP (0x3) Aug 26 18:32:54.342979: | SPI size: 4 (0x4) Aug 26 18:32:54.342981: | number of transforms: 1 (0x1) Aug 26 18:32:54.342982: | parsing 4 raw bytes of ISAKMP Proposal Payload into SPI Aug 26 18:32:54.342984: | SPI 8b 8a 55 69 Aug 26 18:32:54.342986: | *****parse ISAKMP Transform Payload (ESP): Aug 26 18:32:54.342987: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:32:54.342989: | length: 32 (0x20) Aug 26 18:32:54.342990: | ESP transform number: 0 (0x0) Aug 26 18:32:54.342992: | ESP transform ID: ESP_AES (0xc) Aug 26 18:32:54.342993: | ******parse ISAKMP IPsec DOI attribute: Aug 26 18:32:54.342995: | af+type: AF+GROUP_DESCRIPTION (0x8003) Aug 26 18:32:54.342997: | length/value: 14 (0xe) Aug 26 18:32:54.342998: | [14 is OAKLEY_GROUP_MODP2048] Aug 26 18:32:54.343000: | ******parse ISAKMP IPsec DOI attribute: Aug 26 18:32:54.343003: | af+type: AF+ENCAPSULATION_MODE (0x8004) Aug 26 18:32:54.343004: | length/value: 1 (0x1) Aug 26 18:32:54.343006: | [1 is ENCAPSULATION_MODE_TUNNEL] Aug 26 18:32:54.343008: | NAT-T non-encap: Installing IPsec SA without ENCAP, st->hidden_variables.st_nat_traversal is none Aug 26 18:32:54.343009: | ******parse ISAKMP IPsec DOI attribute: Aug 26 18:32:54.343011: | af+type: AF+SA_LIFE_TYPE (0x8001) Aug 26 18:32:54.343013: | length/value: 1 (0x1) Aug 26 18:32:54.343014: | [1 is SA_LIFE_TYPE_SECONDS] Aug 26 18:32:54.343016: | ******parse ISAKMP IPsec DOI attribute: Aug 26 18:32:54.343017: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) Aug 26 18:32:54.343019: | length/value: 28800 (0x7080) Aug 26 18:32:54.343020: | ******parse ISAKMP IPsec DOI attribute: Aug 26 18:32:54.343022: | af+type: AF+AUTH_ALGORITHM (0x8005) Aug 26 18:32:54.343023: | length/value: 2 (0x2) Aug 26 18:32:54.343025: | [2 is AUTH_ALGORITHM_HMAC_SHA1] Aug 26 18:32:54.343027: | ******parse ISAKMP IPsec DOI attribute: Aug 26 18:32:54.343028: | af+type: AF+KEY_LENGTH (0x8006) Aug 26 18:32:54.343030: | length/value: 128 (0x80) Aug 26 18:32:54.343031: | ESP IPsec Transform verified unconditionally; no alg_info to check against Aug 26 18:32:54.343040: | started looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org of kind PKK_PSK Aug 26 18:32:54.343045: | actually looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org of kind PKK_PSK Aug 26 18:32:54.343050: | line 0: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org) to type PKK_RSA Aug 26 18:32:54.343052: | line 1: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org) to type PKK_RSA Aug 26 18:32:54.343054: | concluding with best_match=000 best=(nil) (lineno=-1) Aug 26 18:32:54.343055: | no PreShared Key Found Aug 26 18:32:54.343058: | adding quick outI2 DH work-order 6 for state #3 Aug 26 18:32:54.343060: | state #3 requesting EVENT_RETRANSMIT to be deleted Aug 26 18:32:54.343062: | #3 STATE_QUICK_I1: retransmits: cleared Aug 26 18:32:54.343064: | libevent_free: release ptr-libevent@0x55a94fbcc5b8 Aug 26 18:32:54.343066: | free_event_entry: release EVENT_RETRANSMIT-pe@0x55a94fb5b238 Aug 26 18:32:54.343067: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55a94fb5b238 Aug 26 18:32:54.343070: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #3 Aug 26 18:32:54.343072: | libevent_malloc: new ptr-libevent@0x55a94fbe9308 size 128 Aug 26 18:32:54.343077: | complete v1 state transition with STF_SUSPEND Aug 26 18:32:54.343093: | [RE]START processing: state #3 connection "north-dpd/0x2" from 192.1.2.23 (in complete_v1_state_transition() at ikev1.c:2648) Aug 26 18:32:54.343095: | suspending state #3 and saving MD Aug 26 18:32:54.343096: | #3 is busy; has a suspended MD Aug 26 18:32:54.343099: | #3 spent 0.131 milliseconds in process_packet_tail() Aug 26 18:32:54.343102: | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) Aug 26 18:32:54.343100: | crypto helper 6 resuming Aug 26 18:32:54.343108: | stop processing: state #3 connection "north-dpd/0x2" from 192.1.2.23 (in process_md() at demux.c:382) Aug 26 18:32:54.343114: | crypto helper 6 starting work-order 6 for state #3 Aug 26 18:32:54.343116: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 18:32:54.343119: | crypto helper 6 doing compute dh (V1 Phase 2 PFS) (quick outI2 DH); request ID 6 Aug 26 18:32:54.343120: | spent 0.33 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:32:54.343323: | crypto helper 4 finished compute dh (V1 Phase 2 PFS) (quick outI2 DH); request ID 5 time elapsed 0.000974 seconds Aug 26 18:32:54.343336: | (#2) spent 0.962 milliseconds in crypto helper computing work-order 5: quick outI2 DH (pcr) Aug 26 18:32:54.343341: | crypto helper 4 sending results from work-order 5 for state #2 to event queue Aug 26 18:32:54.343344: | scheduling resume sending helper answer for #2 Aug 26 18:32:54.343348: | libevent_malloc: new ptr-libevent@0x7f5494001f78 size 128 Aug 26 18:32:54.343356: | crypto helper 4 waiting (nothing to do) Aug 26 18:32:54.343361: | processing resume sending helper answer for #2 Aug 26 18:32:54.343367: | start processing: state #2 connection "north-dpd/0x1" from 192.1.2.23 (in resume_handler() at server.c:797) Aug 26 18:32:54.343371: | crypto helper 4 replies to request ID 5 Aug 26 18:32:54.343373: | calling continuation function 0x55a94f4e2b50 Aug 26 18:32:54.343376: | quick_inR1_outI2_continue for #2: calculated ke+nonce, calculating DH Aug 26 18:32:54.343381: | **emit ISAKMP Message: Aug 26 18:32:54.343384: | initiator cookie: Aug 26 18:32:54.343387: | b4 b9 92 b1 8c d6 51 ed Aug 26 18:32:54.343389: | responder cookie: Aug 26 18:32:54.343392: | 11 de db 08 7f 65 6e 7d Aug 26 18:32:54.343394: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:32:54.343396: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 18:32:54.343397: | exchange type: ISAKMP_XCHG_QUICK (0x20) Aug 26 18:32:54.343399: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 18:32:54.343401: | Message ID: 4053714242 (0xf19ec542) Aug 26 18:32:54.343403: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:32:54.343405: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address Aug 26 18:32:54.343407: | ID address c0 00 03 00 Aug 26 18:32:54.343409: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID mask Aug 26 18:32:54.343410: | ID mask ff ff ff 00 Aug 26 18:32:54.343413: | our client is subnet 192.0.3.0/24 Aug 26 18:32:54.343415: | our client protocol/port is 0/0 Aug 26 18:32:54.343417: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address Aug 26 18:32:54.343418: | ID address c0 00 02 00 Aug 26 18:32:54.343420: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID mask Aug 26 18:32:54.343421: | ID mask ff ff ff 00 Aug 26 18:32:54.343424: | peer client is subnet 192.0.2.0/24 Aug 26 18:32:54.343425: | peer client protocol/port is 0/0 Aug 26 18:32:54.343427: | ***emit ISAKMP Hash Payload: Aug 26 18:32:54.343429: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:32:54.343431: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Aug 26 18:32:54.343434: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'reply packet' Aug 26 18:32:54.343436: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Aug 26 18:32:54.343438: | emitting length of ISAKMP Hash Payload: 36 Aug 26 18:32:54.343456: | quick_inR1_outI2 HASH(3): Aug 26 18:32:54.343460: | b6 ee 9e c5 0d 8a 2e fd 7b ef d9 aa ab 75 b5 ab Aug 26 18:32:54.343463: | 3c a2 5f 50 eb af bf 3f 86 a8 2a ad a7 e3 5e 6c Aug 26 18:32:54.343466: | compute_proto_keymat: needed_len (after ESP enc)=16 Aug 26 18:32:54.343468: | compute_proto_keymat: needed_len (after ESP auth)=36 Aug 26 18:32:54.343535: | install_ipsec_sa() for #2: inbound and outbound Aug 26 18:32:54.343538: | could_route called for north-dpd/0x1 (kind=CK_PERMANENT) Aug 26 18:32:54.343540: | FOR_EACH_CONNECTION_... in route_owner Aug 26 18:32:54.343542: | conn north-dpd/0x1 mark 0/00000000, 0/00000000 vs Aug 26 18:32:54.343544: | conn north-dpd/0x2 mark 0/00000000, 0/00000000 Aug 26 18:32:54.343546: | conn north-dpd/0x1 mark 0/00000000, 0/00000000 vs Aug 26 18:32:54.343547: | conn north-dpd/0x1 mark 0/00000000, 0/00000000 Aug 26 18:32:54.343552: | route owner of "north-dpd/0x1" unrouted: NULL; eroute owner: NULL Aug 26 18:32:54.343554: | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 Aug 26 18:32:54.343556: | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 Aug 26 18:32:54.343558: | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 Aug 26 18:32:54.343561: | setting IPsec SA replay-window to 32 Aug 26 18:32:54.343563: | NIC esp-hw-offload not for connection 'north-dpd/0x1' not available on interface eth1 Aug 26 18:32:54.343564: | netlink: enabling tunnel mode Aug 26 18:32:54.343566: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 18:32:54.343568: | netlink: esp-hw-offload not set for IPsec SA Aug 26 18:32:54.343611: | netlink response for Add SA esp.a6dbcb71@192.1.2.23 included non-error error Aug 26 18:32:54.343616: | set up outgoing SA, ref=0/0 Aug 26 18:32:54.343618: | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 Aug 26 18:32:54.343620: | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 Aug 26 18:32:54.343621: | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 Aug 26 18:32:54.343624: | setting IPsec SA replay-window to 32 Aug 26 18:32:54.343626: | NIC esp-hw-offload not for connection 'north-dpd/0x1' not available on interface eth1 Aug 26 18:32:54.343627: | netlink: enabling tunnel mode Aug 26 18:32:54.343629: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 18:32:54.343630: | netlink: esp-hw-offload not set for IPsec SA Aug 26 18:32:54.343655: | netlink response for Add SA esp.729e99e@192.1.3.33 included non-error error Aug 26 18:32:54.343660: | priority calculation of connection "north-dpd/0x1" is 0xfe7e7 Aug 26 18:32:54.343664: | add inbound eroute 192.0.2.0/24:0 --0-> 192.0.3.0/24:0 => tun.10000@192.1.3.33 (raw_eroute) Aug 26 18:32:54.343666: | IPsec Sa SPD priority set to 1042407 Aug 26 18:32:54.343685: | raw_eroute result=success Aug 26 18:32:54.343689: | set up incoming SA, ref=0/0 Aug 26 18:32:54.343691: | sr for #2: unrouted Aug 26 18:32:54.343693: | route_and_eroute() for proto 0, and source port 0 dest port 0 Aug 26 18:32:54.343695: | FOR_EACH_CONNECTION_... in route_owner Aug 26 18:32:54.343698: | conn north-dpd/0x1 mark 0/00000000, 0/00000000 vs Aug 26 18:32:54.343699: | conn north-dpd/0x2 mark 0/00000000, 0/00000000 Aug 26 18:32:54.343701: | conn north-dpd/0x1 mark 0/00000000, 0/00000000 vs Aug 26 18:32:54.343703: | conn north-dpd/0x1 mark 0/00000000, 0/00000000 Aug 26 18:32:54.343705: | route owner of "north-dpd/0x1" unrouted: NULL; eroute owner: NULL Aug 26 18:32:54.343707: | route_and_eroute with c: north-dpd/0x1 (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #2 Aug 26 18:32:54.343709: | priority calculation of connection "north-dpd/0x1" is 0xfe7e7 Aug 26 18:32:54.343708: | crypto helper 6 finished compute dh (V1 Phase 2 PFS) (quick outI2 DH); request ID 6 time elapsed 0.000588 seconds Aug 26 18:32:54.343720: | eroute_connection add eroute 192.0.3.0/24:0 --0-> 192.0.2.0/24:0 => tun.0@192.1.2.23 (raw_eroute) Aug 26 18:32:54.343724: | IPsec Sa SPD priority set to 1042407 Aug 26 18:32:54.343725: | (#3) spent 0.59 milliseconds in crypto helper computing work-order 6: quick outI2 DH (pcr) Aug 26 18:32:54.343729: | crypto helper 6 sending results from work-order 6 for state #3 to event queue Aug 26 18:32:54.343733: | scheduling resume sending helper answer for #3 Aug 26 18:32:54.343737: | raw_eroute result=success Aug 26 18:32:54.343737: | libevent_malloc: new ptr-libevent@0x7f5488001f78 size 128 Aug 26 18:32:54.343744: | running updown command "ipsec _updown" for verb up Aug 26 18:32:54.343747: | command executing up-client Aug 26 18:32:54.343747: | crypto helper 6 waiting (nothing to do) Aug 26 18:32:54.343771: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:32:54.343776: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:32:54.343794: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-dpd/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENC Aug 26 18:32:54.343797: | popen cmd is 1397 chars long Aug 26 18:32:54.343799: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-dpd/0x1' PLUT: Aug 26 18:32:54.343802: | cmd( 80):O_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_I: Aug 26 18:32:54.343804: | cmd( 160):D='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testin: Aug 26 18:32:54.343806: | cmd( 240):g.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/: Aug 26 18:32:54.343808: | cmd( 320):24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_M: Aug 26 18:32:54.343811: | cmd( 400):Y_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUT: Aug 26 18:32:54.343813: | cmd( 480):O_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=: Aug 26 18:32:54.343815: | cmd( 560):Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.or: Aug 26 18:32:54.343830: | cmd( 640):g' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER: Aug 26 18:32:54.343832: | cmd( 720):_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_P: Aug 26 18:32:54.343834: | cmd( 800):EER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libresw: Aug 26 18:32:54.343836: | cmd( 880):an test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTI: Aug 26 18:32:54.343838: | cmd( 960):ME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+I: Aug 26 18:32:54.343840: | cmd(1040):KE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4: Aug 26 18:32:54.343842: | cmd(1120):' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAI: Aug 26 18:32:54.343843: | cmd(1200):N_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_N: Aug 26 18:32:54.343845: | cmd(1280):M_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xa6dbcb71: Aug 26 18:32:54.343846: | cmd(1360): SPI_OUT=0x729e99e ipsec _updown 2>&1: Aug 26 18:32:54.352233: | route_and_eroute: firewall_notified: true Aug 26 18:32:54.352251: | running updown command "ipsec _updown" for verb prepare Aug 26 18:32:54.352254: | command executing prepare-client Aug 26 18:32:54.352277: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:32:54.352281: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:32:54.352306: | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-dpd/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY=' Aug 26 18:32:54.352312: | popen cmd is 1402 chars long Aug 26 18:32:54.352315: | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-dpd/0x1': Aug 26 18:32:54.352317: | cmd( 80): PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO: Aug 26 18:32:54.352318: | cmd( 160):_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.t: Aug 26 18:32:54.352320: | cmd( 240):esting.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0: Aug 26 18:32:54.352322: | cmd( 320):.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PL: Aug 26 18:32:54.352323: | cmd( 400):UTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP': Aug 26 18:32:54.352325: | cmd( 480): PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan: Aug 26 18:32:54.352327: | cmd( 560):, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libresw: Aug 26 18:32:54.352328: | cmd( 640):an.org' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO: Aug 26 18:32:54.352330: | cmd( 720):_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PL: Aug 26 18:32:54.352332: | cmd( 800):UTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Li: Aug 26 18:32:54.352333: | cmd( 880):breswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_: Aug 26 18:32:54.352335: | cmd( 960):ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TR: Aug 26 18:32:54.352337: | cmd(1040):ACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY=: Aug 26 18:32:54.352338: | cmd(1120):'ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_: Aug 26 18:32:54.352340: | cmd(1200):DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PL: Aug 26 18:32:54.352342: | cmd(1280):UTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xa6d: Aug 26 18:32:54.352343: | cmd(1360):bcb71 SPI_OUT=0x729e99e ipsec _updown 2>&1: Aug 26 18:32:54.361844: | running updown command "ipsec _updown" for verb route Aug 26 18:32:54.361861: | command executing route-client Aug 26 18:32:54.361898: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:32:54.361906: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:32:54.361935: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-dpd/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSAS Aug 26 18:32:54.361948: | popen cmd is 1400 chars long Aug 26 18:32:54.361953: | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-dpd/0x1' P: Aug 26 18:32:54.361958: | cmd( 80):LUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_M: Aug 26 18:32:54.361961: | cmd( 160):Y_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.tes: Aug 26 18:32:54.361966: | cmd( 240):ting.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3: Aug 26 18:32:54.361970: | cmd( 320):.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUT: Aug 26 18:32:54.361973: | cmd( 400):O_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' P: Aug 26 18:32:54.361977: | cmd( 480):LUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, : Aug 26 18:32:54.361980: | cmd( 560):OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan: Aug 26 18:32:54.361984: | cmd( 640):.org' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_P: Aug 26 18:32:54.361988: | cmd( 720):EER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUT: Aug 26 18:32:54.361992: | cmd( 800):O_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libr: Aug 26 18:32:54.361995: | cmd( 880):eswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_AD: Aug 26 18:32:54.361999: | cmd( 960):DTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRAC: Aug 26 18:32:54.362003: | cmd(1040):K+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='i: Aug 26 18:32:54.362007: | cmd(1120):pv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DO: Aug 26 18:32:54.362011: | cmd(1200):MAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUT: Aug 26 18:32:54.362014: | cmd(1280):O_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xa6dbc: Aug 26 18:32:54.362017: | cmd(1360):b71 SPI_OUT=0x729e99e ipsec _updown 2>&1: Aug 26 18:32:54.375614: | route_and_eroute: instance "north-dpd/0x1", setting eroute_owner {spd=0x55a94fbc1f38,sr=0x55a94fbc1f38} to #2 (was #0) (newest_ipsec_sa=#0) Aug 26 18:32:54.375691: | #1 spent 1.86 milliseconds in install_ipsec_sa() Aug 26 18:32:54.375697: | emitting 12 zero bytes of encryption padding into ISAKMP Message Aug 26 18:32:54.375700: | no IKEv1 message padding required Aug 26 18:32:54.375702: | emitting length of ISAKMP Message: 76 Aug 26 18:32:54.375735: | inR1_outI2: instance north-dpd/0x1[0], setting IKEv1 newest_ipsec_sa to #2 (was #0) (spd.eroute=#2) cloned from #1 Aug 26 18:32:54.375738: | DPD: dpd_init() called on IPsec SA Aug 26 18:32:54.375741: | State DB: found IKEv1 state #1 in MAIN_I4 (find_state_ikev1) Aug 26 18:32:54.375746: | event_schedule: new EVENT_DPD-pe@0x7f549c004218 Aug 26 18:32:54.375748: | inserting event EVENT_DPD, timeout in 3 seconds for #2 Aug 26 18:32:54.375751: | libevent_malloc: new ptr-libevent@0x55a94fbc3148 size 128 Aug 26 18:32:54.375759: | complete v1 state transition with STF_OK Aug 26 18:32:54.375764: | [RE]START processing: state #2 connection "north-dpd/0x1" from 192.1.2.23 (in complete_v1_state_transition() at ikev1.c:2673) Aug 26 18:32:54.375766: | #2 is idle Aug 26 18:32:54.375768: | doing_xauth:no, t_xauth_client_done:no Aug 26 18:32:54.375770: | IKEv1: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2 Aug 26 18:32:54.375774: | child state #2: QUICK_I1(established CHILD SA) => QUICK_I2(established CHILD SA) Aug 26 18:32:54.375776: | event_already_set, deleting event Aug 26 18:32:54.375780: | state #2 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 18:32:54.375785: | libevent_free: release ptr-libevent@0x7f549c003f28 Aug 26 18:32:54.375788: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55a94fbcf2d8 Aug 26 18:32:54.375794: | sending reply packet to 192.1.2.23:500 (from 192.1.3.33:500) Aug 26 18:32:54.375801: | sending 76 bytes for STATE_QUICK_I1 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #2) Aug 26 18:32:54.375804: | b4 b9 92 b1 8c d6 51 ed 11 de db 08 7f 65 6e 7d Aug 26 18:32:54.375805: | 08 10 20 01 f1 9e c5 42 00 00 00 4c 11 c2 8a 8b Aug 26 18:32:54.375807: | 11 67 3e e8 fc 7e 05 fe c4 06 79 0c 29 55 54 66 Aug 26 18:32:54.375809: | 6e 07 6e 68 30 c4 24 2a 3f 36 93 4a 20 65 c9 6d Aug 26 18:32:54.375810: | 26 02 8b 1e c5 99 79 4b f2 6c 30 45 Aug 26 18:32:54.376099: | !event_already_set at reschedule Aug 26 18:32:54.376104: | event_schedule: new EVENT_SA_REPLACE-pe@0x55a94fbcf2d8 Aug 26 18:32:54.376106: | inserting event EVENT_SA_REPLACE, timeout in 28048 seconds for #2 Aug 26 18:32:54.376108: | libevent_malloc: new ptr-libevent@0x7f549c003f28 size 128 Aug 26 18:32:54.376111: | pstats #2 ikev1.ipsec established Aug 26 18:32:54.376115: | NAT-T: encaps is 'auto' Aug 26 18:32:54.376119: "north-dpd/0x1" #2: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode {ESP=>0xa6dbcb71 <0x0729e99e xfrm=AES_CBC_128-HMAC_SHA1_96 NATOA=none NATD=none DPD=active} Aug 26 18:32:54.376337: | modecfg pull: noquirk policy:push not-client Aug 26 18:32:54.376343: | phase 1 is done, looking for phase 2 to unpend Aug 26 18:32:54.376346: | close_any(fd@26) (in release_whack() at state.c:654) Aug 26 18:32:54.376353: | resume sending helper answer for #2 suppresed complete_v1_state_transition() Aug 26 18:32:54.376358: | #2 spent 2.67 milliseconds in resume sending helper answer Aug 26 18:32:54.376361: | stop processing: state #2 connection "north-dpd/0x1" from 192.1.2.23 (in resume_handler() at server.c:833) Aug 26 18:32:54.376364: | libevent_free: release ptr-libevent@0x7f5494001f78 Aug 26 18:32:54.376379: | processing resume sending helper answer for #3 Aug 26 18:32:54.376382: | start processing: state #3 connection "north-dpd/0x2" from 192.1.2.23 (in resume_handler() at server.c:797) Aug 26 18:32:54.376386: | crypto helper 6 replies to request ID 6 Aug 26 18:32:54.376389: | calling continuation function 0x55a94f4e2b50 Aug 26 18:32:54.376392: | quick_inR1_outI2_continue for #3: calculated ke+nonce, calculating DH Aug 26 18:32:54.376412: | **emit ISAKMP Message: Aug 26 18:32:54.376415: | initiator cookie: Aug 26 18:32:54.376416: | b4 b9 92 b1 8c d6 51 ed Aug 26 18:32:54.376418: | responder cookie: Aug 26 18:32:54.376419: | 11 de db 08 7f 65 6e 7d Aug 26 18:32:54.376421: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:32:54.376423: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 18:32:54.376425: | exchange type: ISAKMP_XCHG_QUICK (0x20) Aug 26 18:32:54.376428: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 18:32:54.376429: | Message ID: 910372824 (0x36432fd8) Aug 26 18:32:54.376431: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:32:54.376435: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address Aug 26 18:32:54.376437: | ID address c0 00 03 00 Aug 26 18:32:54.376442: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID mask Aug 26 18:32:54.376447: | ID mask ff ff ff 00 Aug 26 18:32:54.376452: | our client is subnet 192.0.3.0/24 Aug 26 18:32:54.376455: | our client protocol/port is 0/0 Aug 26 18:32:54.376459: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address Aug 26 18:32:54.376462: | ID address c0 00 16 00 Aug 26 18:32:54.376465: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID mask Aug 26 18:32:54.376468: | ID mask ff ff ff 00 Aug 26 18:32:54.376472: | peer client is subnet 192.0.22.0/24 Aug 26 18:32:54.376475: | peer client protocol/port is 0/0 Aug 26 18:32:54.376481: | ***emit ISAKMP Hash Payload: Aug 26 18:32:54.376484: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:32:54.376489: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Aug 26 18:32:54.376492: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'reply packet' Aug 26 18:32:54.376496: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Aug 26 18:32:54.376499: | emitting length of ISAKMP Hash Payload: 36 Aug 26 18:32:54.376533: | quick_inR1_outI2 HASH(3): Aug 26 18:32:54.376536: | 42 c4 fa 68 06 2f b4 de 9a 1e c2 aa d2 32 66 5d Aug 26 18:32:54.376538: | f8 a7 81 7e 49 59 a3 7e 44 dd a9 35 b3 b1 49 c6 Aug 26 18:32:54.376540: | compute_proto_keymat: needed_len (after ESP enc)=16 Aug 26 18:32:54.376541: | compute_proto_keymat: needed_len (after ESP auth)=36 Aug 26 18:32:54.376638: | install_ipsec_sa() for #3: inbound and outbound Aug 26 18:32:54.376642: | could_route called for north-dpd/0x2 (kind=CK_PERMANENT) Aug 26 18:32:54.376644: | FOR_EACH_CONNECTION_... in route_owner Aug 26 18:32:54.376646: | conn north-dpd/0x2 mark 0/00000000, 0/00000000 vs Aug 26 18:32:54.376648: | conn north-dpd/0x2 mark 0/00000000, 0/00000000 Aug 26 18:32:54.376650: | conn north-dpd/0x2 mark 0/00000000, 0/00000000 vs Aug 26 18:32:54.376652: | conn north-dpd/0x1 mark 0/00000000, 0/00000000 Aug 26 18:32:54.376654: | route owner of "north-dpd/0x2" unrouted: NULL; eroute owner: NULL Aug 26 18:32:54.376657: | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 Aug 26 18:32:54.376659: | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 Aug 26 18:32:54.376661: | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 Aug 26 18:32:54.376664: | setting IPsec SA replay-window to 32 Aug 26 18:32:54.376666: | NIC esp-hw-offload not for connection 'north-dpd/0x2' not available on interface eth1 Aug 26 18:32:54.376668: | netlink: enabling tunnel mode Aug 26 18:32:54.376670: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 18:32:54.376672: | netlink: esp-hw-offload not set for IPsec SA Aug 26 18:32:54.376738: | netlink response for Add SA esp.8b8a5569@192.1.2.23 included non-error error Aug 26 18:32:54.376744: | set up outgoing SA, ref=0/0 Aug 26 18:32:54.376748: | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 Aug 26 18:32:54.376752: | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 Aug 26 18:32:54.376755: | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 Aug 26 18:32:54.376760: | setting IPsec SA replay-window to 32 Aug 26 18:32:54.376764: | NIC esp-hw-offload not for connection 'north-dpd/0x2' not available on interface eth1 Aug 26 18:32:54.376767: | netlink: enabling tunnel mode Aug 26 18:32:54.376770: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 18:32:54.376772: | netlink: esp-hw-offload not set for IPsec SA Aug 26 18:32:54.376807: | netlink response for Add SA esp.9bf37cd9@192.1.3.33 included non-error error Aug 26 18:32:54.376812: | priority calculation of connection "north-dpd/0x2" is 0xfe7e7 Aug 26 18:32:54.376817: | add inbound eroute 192.0.22.0/24:0 --0-> 192.0.3.0/24:0 => tun.10000@192.1.3.33 (raw_eroute) Aug 26 18:32:54.376819: | IPsec Sa SPD priority set to 1042407 Aug 26 18:32:54.376838: | raw_eroute result=success Aug 26 18:32:54.376842: | set up incoming SA, ref=0/0 Aug 26 18:32:54.376846: | sr for #3: unrouted Aug 26 18:32:54.376850: | route_and_eroute() for proto 0, and source port 0 dest port 0 Aug 26 18:32:54.376855: | FOR_EACH_CONNECTION_... in route_owner Aug 26 18:32:54.376859: | conn north-dpd/0x2 mark 0/00000000, 0/00000000 vs Aug 26 18:32:54.376861: | conn north-dpd/0x2 mark 0/00000000, 0/00000000 Aug 26 18:32:54.376865: | conn north-dpd/0x2 mark 0/00000000, 0/00000000 vs Aug 26 18:32:54.376868: | conn north-dpd/0x1 mark 0/00000000, 0/00000000 Aug 26 18:32:54.376873: | route owner of "north-dpd/0x2" unrouted: NULL; eroute owner: NULL Aug 26 18:32:54.376880: | route_and_eroute with c: north-dpd/0x2 (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #3 Aug 26 18:32:54.376884: | priority calculation of connection "north-dpd/0x2" is 0xfe7e7 Aug 26 18:32:54.376893: | eroute_connection add eroute 192.0.3.0/24:0 --0-> 192.0.22.0/24:0 => tun.0@192.1.2.23 (raw_eroute) Aug 26 18:32:54.376897: | IPsec Sa SPD priority set to 1042407 Aug 26 18:32:54.376916: | raw_eroute result=success Aug 26 18:32:54.376920: | running updown command "ipsec _updown" for verb up Aug 26 18:32:54.376924: | command executing up-client Aug 26 18:32:54.376954: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:32:54.376961: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:32:54.376981: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-dpd/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+E Aug 26 18:32:54.376984: | popen cmd is 1400 chars long Aug 26 18:32:54.376988: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-dpd/0x2' PLUT: Aug 26 18:32:54.376991: | cmd( 80):O_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_I: Aug 26 18:32:54.376993: | cmd( 160):D='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testin: Aug 26 18:32:54.376996: | cmd( 240):g.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/: Aug 26 18:32:54.376998: | cmd( 320):24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_M: Aug 26 18:32:54.377001: | cmd( 400):Y_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUT: Aug 26 18:32:54.377004: | cmd( 480):O_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=: Aug 26 18:32:54.377007: | cmd( 560):Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.or: Aug 26 18:32:54.377010: | cmd( 640):g' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' PLUTO_PE: Aug 26 18:32:54.377013: | cmd( 720):ER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO: Aug 26 18:32:54.377016: | cmd( 800):_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libre: Aug 26 18:32:54.377018: | cmd( 880):swan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADD: Aug 26 18:32:54.377021: | cmd( 960):TIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK: Aug 26 18:32:54.377023: | cmd(1040):+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ip: Aug 26 18:32:54.377026: | cmd(1120):v4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOM: Aug 26 18:32:54.377029: | cmd(1200):AIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO: Aug 26 18:32:54.377032: | cmd(1280):_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x8b8a55: Aug 26 18:32:54.377037: | cmd(1360):69 SPI_OUT=0x9bf37cd9 ipsec _updown 2>&1: Aug 26 18:32:54.387585: | route_and_eroute: firewall_notified: true Aug 26 18:32:54.387599: | running updown command "ipsec _updown" for verb prepare Aug 26 18:32:54.387602: | command executing prepare-client Aug 26 18:32:54.387624: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:32:54.387628: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:32:54.387642: | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-dpd/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY Aug 26 18:32:54.387645: | popen cmd is 1405 chars long Aug 26 18:32:54.387647: | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-dpd/0x2': Aug 26 18:32:54.387649: | cmd( 80): PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO: Aug 26 18:32:54.387650: | cmd( 160):_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.t: Aug 26 18:32:54.387652: | cmd( 240):esting.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0: Aug 26 18:32:54.387654: | cmd( 320):.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PL: Aug 26 18:32:54.387655: | cmd( 400):UTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP': Aug 26 18:32:54.387657: | cmd( 480): PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan: Aug 26 18:32:54.387659: | cmd( 560):, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libresw: Aug 26 18:32:54.387660: | cmd( 640):an.org' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' PLU: Aug 26 18:32:54.387662: | cmd( 720):TO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' : Aug 26 18:32:54.387664: | cmd( 800):PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=: Aug 26 18:32:54.387665: | cmd( 880):Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUT: Aug 26 18:32:54.387667: | cmd( 960):O_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_: Aug 26 18:32:54.387668: | cmd(1040):TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMIL: Aug 26 18:32:54.387670: | cmd(1120):Y='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEE: Aug 26 18:32:54.387672: | cmd(1200):R_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' : Aug 26 18:32:54.387673: | cmd(1280):PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x8: Aug 26 18:32:54.387675: | cmd(1360):b8a5569 SPI_OUT=0x9bf37cd9 ipsec _updown 2>&1: Aug 26 18:32:54.395602: | running updown command "ipsec _updown" for verb route Aug 26 18:32:54.395626: | command executing route-client Aug 26 18:32:54.395665: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:32:54.395677: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:32:54.395702: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-dpd/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RS Aug 26 18:32:54.395706: | popen cmd is 1403 chars long Aug 26 18:32:54.395710: | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-dpd/0x2' P: Aug 26 18:32:54.395713: | cmd( 80):LUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_M: Aug 26 18:32:54.395716: | cmd( 160):Y_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.tes: Aug 26 18:32:54.395719: | cmd( 240):ting.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3: Aug 26 18:32:54.395721: | cmd( 320):.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUT: Aug 26 18:32:54.395724: | cmd( 400):O_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' P: Aug 26 18:32:54.395727: | cmd( 480):LUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, : Aug 26 18:32:54.395730: | cmd( 560):OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan: Aug 26 18:32:54.395733: | cmd( 640):.org' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' PLUTO: Aug 26 18:32:54.395736: | cmd( 720):_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PL: Aug 26 18:32:54.395738: | cmd( 800):UTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Li: Aug 26 18:32:54.395741: | cmd( 880):breswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_: Aug 26 18:32:54.395744: | cmd( 960):ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TR: Aug 26 18:32:54.395747: | cmd(1040):ACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY=: Aug 26 18:32:54.395751: | cmd(1120):'ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_: Aug 26 18:32:54.395754: | cmd(1200):DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PL: Aug 26 18:32:54.395756: | cmd(1280):UTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x8b8: Aug 26 18:32:54.395759: | cmd(1360):a5569 SPI_OUT=0x9bf37cd9 ipsec _updown 2>&1: Aug 26 18:32:54.405633: | route_and_eroute: instance "north-dpd/0x2", setting eroute_owner {spd=0x55a94fbcdcf8,sr=0x55a94fbcdcf8} to #3 (was #0) (newest_ipsec_sa=#0) Aug 26 18:32:54.405693: | #1 spent 2.07 milliseconds in install_ipsec_sa() Aug 26 18:32:54.405699: | emitting 12 zero bytes of encryption padding into ISAKMP Message Aug 26 18:32:54.405703: | no IKEv1 message padding required Aug 26 18:32:54.405705: | emitting length of ISAKMP Message: 76 Aug 26 18:32:54.405737: | inR1_outI2: instance north-dpd/0x2[0], setting IKEv1 newest_ipsec_sa to #3 (was #0) (spd.eroute=#3) cloned from #1 Aug 26 18:32:54.405739: | DPD: dpd_init() called on IPsec SA Aug 26 18:32:54.405742: | State DB: found IKEv1 state #1 in MAIN_I4 (find_state_ikev1) Aug 26 18:32:54.405747: | event_schedule: new EVENT_DPD-pe@0x7f54900058b8 Aug 26 18:32:54.405751: | inserting event EVENT_DPD, timeout in 3 seconds for #3 Aug 26 18:32:54.405755: | libevent_malloc: new ptr-libevent@0x7f5494001f78 size 128 Aug 26 18:32:54.405764: | complete v1 state transition with STF_OK Aug 26 18:32:54.405768: | [RE]START processing: state #3 connection "north-dpd/0x2" from 192.1.2.23 (in complete_v1_state_transition() at ikev1.c:2673) Aug 26 18:32:54.405769: | #3 is idle Aug 26 18:32:54.405771: | doing_xauth:no, t_xauth_client_done:no Aug 26 18:32:54.405773: | IKEv1: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2 Aug 26 18:32:54.405776: | child state #3: QUICK_I1(established CHILD SA) => QUICK_I2(established CHILD SA) Aug 26 18:32:54.405778: | event_already_set, deleting event Aug 26 18:32:54.405780: | state #3 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 18:32:54.405782: | libevent_free: release ptr-libevent@0x55a94fbe9308 Aug 26 18:32:54.405786: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55a94fb5b238 Aug 26 18:32:54.405792: | sending reply packet to 192.1.2.23:500 (from 192.1.3.33:500) Aug 26 18:32:54.405800: | sending 76 bytes for STATE_QUICK_I1 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #3) Aug 26 18:32:54.405802: | b4 b9 92 b1 8c d6 51 ed 11 de db 08 7f 65 6e 7d Aug 26 18:32:54.405804: | 08 10 20 01 36 43 2f d8 00 00 00 4c d9 f3 13 89 Aug 26 18:32:54.405806: | 59 75 26 0f 48 03 ca ef e1 09 3d d5 d0 dc a5 21 Aug 26 18:32:54.405807: | f6 90 ed a3 3c be c2 68 7b f2 55 57 98 be 9c 26 Aug 26 18:32:54.405809: | 31 4b 86 55 e1 13 af 07 d9 84 99 41 Aug 26 18:32:54.405848: | !event_already_set at reschedule Aug 26 18:32:54.405852: | event_schedule: new EVENT_SA_REPLACE-pe@0x55a94fb5b238 Aug 26 18:32:54.405855: | inserting event EVENT_SA_REPLACE, timeout in 27838 seconds for #3 Aug 26 18:32:54.405857: | libevent_malloc: new ptr-libevent@0x55a94fbe9308 size 128 Aug 26 18:32:54.405859: | pstats #3 ikev1.ipsec established Aug 26 18:32:54.405863: | NAT-T: encaps is 'auto' Aug 26 18:32:54.405866: "north-dpd/0x2" #3: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode {ESP=>0x8b8a5569 <0x9bf37cd9 xfrm=AES_CBC_128-HMAC_SHA1_96 NATOA=none NATD=none DPD=active} Aug 26 18:32:54.405873: | modecfg pull: noquirk policy:push not-client Aug 26 18:32:54.405874: | phase 1 is done, looking for phase 2 to unpend Aug 26 18:32:54.405880: | close_any(fd@25) (in release_whack() at state.c:654) Aug 26 18:32:54.405885: | resume sending helper answer for #3 suppresed complete_v1_state_transition() Aug 26 18:32:54.405891: | #3 spent 2.5 milliseconds in resume sending helper answer Aug 26 18:32:54.405896: | stop processing: state #3 connection "north-dpd/0x2" from 192.1.2.23 (in resume_handler() at server.c:833) Aug 26 18:32:54.405901: | libevent_free: release ptr-libevent@0x7f5488001f78 Aug 26 18:32:54.405908: | processing signal PLUTO_SIGCHLD Aug 26 18:32:54.405912: | waitpid returned ECHILD (no child processes left) Aug 26 18:32:54.405915: | spent 0.00391 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 18:32:54.405917: | processing signal PLUTO_SIGCHLD Aug 26 18:32:54.405919: | waitpid returned ECHILD (no child processes left) Aug 26 18:32:54.405922: | spent 0.00255 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 18:32:54.405923: | processing signal PLUTO_SIGCHLD Aug 26 18:32:54.405926: | waitpid returned ECHILD (no child processes left) Aug 26 18:32:54.405928: | spent 0.0025 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 18:32:54.405936: | processing signal PLUTO_SIGCHLD Aug 26 18:32:54.405938: | waitpid returned ECHILD (no child processes left) Aug 26 18:32:54.405941: | spent 0.00256 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 18:32:54.405942: | processing signal PLUTO_SIGCHLD Aug 26 18:32:54.405945: | waitpid returned ECHILD (no child processes left) Aug 26 18:32:54.405947: | spent 0.00261 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 18:32:54.405949: | processing signal PLUTO_SIGCHLD Aug 26 18:32:54.405953: | waitpid returned ECHILD (no child processes left) Aug 26 18:32:54.405956: | spent 0.00289 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 18:32:54.465460: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:32:54.465733: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 18:32:54.465740: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 18:32:54.465885: | FOR_EACH_STATE_... in show_states_status (sort_states) Aug 26 18:32:54.465890: | FOR_EACH_STATE_... in sort_states Aug 26 18:32:54.465900: | get_sa_info esp.729e99e@192.1.3.33 Aug 26 18:32:54.465921: | get_sa_info esp.a6dbcb71@192.1.2.23 Aug 26 18:32:54.465941: | get_sa_info esp.9bf37cd9@192.1.3.33 Aug 26 18:32:54.465949: | get_sa_info esp.8b8a5569@192.1.2.23 Aug 26 18:32:54.465969: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:32:54.465977: | spent 0.524 milliseconds in whack Aug 26 18:32:56.709386: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:32:56.709404: | FOR_EACH_STATE_... in show_traffic_status (sort_states) Aug 26 18:32:56.709408: | FOR_EACH_STATE_... in sort_states Aug 26 18:32:56.709413: | get_sa_info esp.729e99e@192.1.3.33 Aug 26 18:32:56.709426: | get_sa_info esp.a6dbcb71@192.1.2.23 Aug 26 18:32:56.709446: | get_sa_info esp.9bf37cd9@192.1.3.33 Aug 26 18:32:56.709459: | get_sa_info esp.8b8a5569@192.1.2.23 Aug 26 18:32:56.709479: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:32:56.709486: | spent 0.108 milliseconds in whack Aug 26 18:32:56.816514: | kernel_process_msg_cb process netlink message Aug 26 18:32:56.816535: | netlink_get: XFRM_MSG_EXPIRE message Aug 26 18:32:56.816542: | spent 0.00789 milliseconds in kernel message Aug 26 18:32:57.345122: | timer_event_cb: processing event@0x7f549c004218 Aug 26 18:32:57.345136: | handling event EVENT_DPD for child state #2 Aug 26 18:32:57.345142: | start processing: state #2 connection "north-dpd/0x1" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 18:32:57.345147: | [RE]START processing: state #2 connection "north-dpd/0x1" from 192.1.2.23 (in dpd_event() at ikev1_dpd.c:360) Aug 26 18:32:57.345149: | FOR_EACH_STATE_... in find_phase1_state Aug 26 18:32:57.345151: | DPD: no need to send or schedule DPD for replaced IPsec SA Aug 26 18:32:57.345154: | libevent_free: release ptr-libevent@0x55a94fbc3148 Aug 26 18:32:57.345157: | free_event_entry: release EVENT_DPD-pe@0x7f549c004218 Aug 26 18:32:57.345163: | #2 spent 0.0411 milliseconds in timer_event_cb() EVENT_DPD Aug 26 18:32:57.345166: | stop processing: state #2 connection "north-dpd/0x1" from 192.1.2.23 (in timer_event_cb() at timer.c:557) Aug 26 18:32:57.378257: | timer_event_cb: processing event@0x7f54900058b8 Aug 26 18:32:57.378270: | handling event EVENT_DPD for child state #3 Aug 26 18:32:57.378276: | start processing: state #3 connection "north-dpd/0x2" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 18:32:57.378280: | [RE]START processing: state #3 connection "north-dpd/0x2" from 192.1.2.23 (in dpd_event() at ikev1_dpd.c:360) Aug 26 18:32:57.378283: | FOR_EACH_STATE_... in find_phase1_state Aug 26 18:32:57.378286: | DPD: processing for state #3 ("north-dpd/0x2") Aug 26 18:32:57.378297: | get_sa_info esp.9bf37cd9@192.1.3.33 Aug 26 18:32:57.378326: | event_schedule: new EVENT_DPD-pe@0x7f549c004218 Aug 26 18:32:57.378329: | inserting event EVENT_DPD, timeout in 3 seconds for #3 Aug 26 18:32:57.378331: | libevent_malloc: new ptr-libevent@0x7f5488001f78 size 128 Aug 26 18:32:57.378346: | DPD: scheduling timeout to 10 Aug 26 18:32:57.378348: | event_schedule: new EVENT_DPD_TIMEOUT-pe@0x55a94fbcd948 Aug 26 18:32:57.378350: | inserting event EVENT_DPD_TIMEOUT, timeout in 10 seconds for #1 Aug 26 18:32:57.378352: | libevent_malloc: new ptr-libevent@0x55a94fbe82b8 size 128 Aug 26 18:32:57.378355: | DPD: sending R_U_THERE 26313 to 192.1.2.23:500 (state #1) Aug 26 18:32:57.378380: | **emit ISAKMP Message: Aug 26 18:32:57.378386: | initiator cookie: Aug 26 18:32:57.378389: | b4 b9 92 b1 8c d6 51 ed Aug 26 18:32:57.378391: | responder cookie: Aug 26 18:32:57.378393: | 11 de db 08 7f 65 6e 7d Aug 26 18:32:57.378396: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:32:57.378398: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 18:32:57.378401: | exchange type: ISAKMP_XCHG_INFO (0x5) Aug 26 18:32:57.378405: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 18:32:57.378407: | Message ID: 3650965180 (0xd99d4ebc) Aug 26 18:32:57.378410: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:32:57.378413: | ***emit ISAKMP Hash Payload: Aug 26 18:32:57.378416: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:32:57.378418: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Aug 26 18:32:57.378421: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'ISAKMP notify' Aug 26 18:32:57.378425: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Aug 26 18:32:57.378427: | emitting length of ISAKMP Hash Payload: 36 Aug 26 18:32:57.378429: | ***emit ISAKMP Notification Payload: Aug 26 18:32:57.378432: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:32:57.378435: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 18:32:57.378437: | protocol ID: 1 (0x1) Aug 26 18:32:57.378439: | SPI size: 16 (0x10) Aug 26 18:32:57.378442: | Notify Message Type: R_U_THERE (0x8d28) Aug 26 18:32:57.378445: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Notification Payload (11:ISAKMP_NEXT_N) Aug 26 18:32:57.378448: | next payload chain: saving location 'ISAKMP Notification Payload'.'next payload type' in 'ISAKMP notify' Aug 26 18:32:57.378452: | emitting 8 raw bytes of notify icookie into ISAKMP Notification Payload Aug 26 18:32:57.378455: | notify icookie b4 b9 92 b1 8c d6 51 ed Aug 26 18:32:57.378458: | emitting 8 raw bytes of notify rcookie into ISAKMP Notification Payload Aug 26 18:32:57.378460: | notify rcookie 11 de db 08 7f 65 6e 7d Aug 26 18:32:57.378463: | emitting 4 raw bytes of notify data into ISAKMP Notification Payload Aug 26 18:32:57.378465: | notify data 00 00 66 c9 Aug 26 18:32:57.378467: | emitting length of ISAKMP Notification Payload: 32 Aug 26 18:32:57.378504: | notification HASH(1): Aug 26 18:32:57.378507: | 02 89 1f 72 a9 f0 8e 9f a0 20 12 00 c5 81 52 c5 Aug 26 18:32:57.378509: | 47 47 f5 f7 dc 1e c6 68 04 4d 04 e4 3f 9f 31 bc Aug 26 18:32:57.378518: | emitting 12 zero bytes of encryption padding into ISAKMP Message Aug 26 18:32:57.378521: | no IKEv1 message padding required Aug 26 18:32:57.378524: | emitting length of ISAKMP Message: 108 Aug 26 18:32:57.378542: | sending 108 bytes for ISAKMP notify through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Aug 26 18:32:57.378545: | b4 b9 92 b1 8c d6 51 ed 11 de db 08 7f 65 6e 7d Aug 26 18:32:57.378546: | 08 10 05 01 d9 9d 4e bc 00 00 00 6c c5 41 fd ca Aug 26 18:32:57.378548: | 54 ee b8 df 61 96 23 bf 3f 33 81 15 35 21 3f 28 Aug 26 18:32:57.378549: | 80 d9 21 ac 96 58 c0 92 54 ec 97 29 f6 de 74 48 Aug 26 18:32:57.378551: | e0 b9 cf 21 cc 1e 6b 2c 1f 50 c0 f9 6e 1c 2e 32 Aug 26 18:32:57.378552: | b2 ba fe 12 ff 2d 25 bf 13 56 8f 0a b5 c8 2c 09 Aug 26 18:32:57.378553: | 9d 8f 2b 8f 56 38 83 ae e0 cf e1 96 Aug 26 18:32:57.378564: ERROR: "north-dpd/0x2" #3: sendto on eth1 to 192.1.2.23:500 failed in ISAKMP notify. Errno 113: No route to host Aug 26 18:32:57.378568: | libevent_free: release ptr-libevent@0x7f5494001f78 Aug 26 18:32:57.378573: | free_event_entry: release EVENT_DPD-pe@0x7f54900058b8 Aug 26 18:32:57.378581: | #3 spent 0.318 milliseconds in timer_event_cb() EVENT_DPD Aug 26 18:32:57.378586: | stop processing: state #3 connection "north-dpd/0x2" from 192.1.2.23 (in timer_event_cb() at timer.c:557) Aug 26 18:33:00.381327: | timer_event_cb: processing event@0x7f549c004218 Aug 26 18:33:00.381359: | handling event EVENT_DPD for child state #3 Aug 26 18:33:00.381366: | start processing: state #3 connection "north-dpd/0x2" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 18:33:00.381370: | [RE]START processing: state #3 connection "north-dpd/0x2" from 192.1.2.23 (in dpd_event() at ikev1_dpd.c:360) Aug 26 18:33:00.381372: | FOR_EACH_STATE_... in find_phase1_state Aug 26 18:33:00.381376: | DPD: processing for state #3 ("north-dpd/0x2") Aug 26 18:33:00.381381: | get_sa_info esp.9bf37cd9@192.1.3.33 Aug 26 18:33:00.381395: | event_schedule: new EVENT_DPD-pe@0x7f54900058b8 Aug 26 18:33:00.381398: | inserting event EVENT_DPD, timeout in 3 seconds for #3 Aug 26 18:33:00.381401: | libevent_malloc: new ptr-libevent@0x55a94fbc3148 size 128 Aug 26 18:33:00.381405: | DPD: sending R_U_THERE 26314 to 192.1.2.23:500 (state #1) Aug 26 18:33:00.381415: | **emit ISAKMP Message: Aug 26 18:33:00.381417: | initiator cookie: Aug 26 18:33:00.381419: | b4 b9 92 b1 8c d6 51 ed Aug 26 18:33:00.381421: | responder cookie: Aug 26 18:33:00.381423: | 11 de db 08 7f 65 6e 7d Aug 26 18:33:00.381425: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:33:00.381426: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 18:33:00.381428: | exchange type: ISAKMP_XCHG_INFO (0x5) Aug 26 18:33:00.381430: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 18:33:00.381432: | Message ID: 1184789318 (0x469e7346) Aug 26 18:33:00.381434: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:33:00.381436: | ***emit ISAKMP Hash Payload: Aug 26 18:33:00.381438: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:33:00.381440: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Aug 26 18:33:00.381442: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'ISAKMP notify' Aug 26 18:33:00.381445: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Aug 26 18:33:00.381446: | emitting length of ISAKMP Hash Payload: 36 Aug 26 18:33:00.381448: | ***emit ISAKMP Notification Payload: Aug 26 18:33:00.381450: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:33:00.381452: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 18:33:00.381454: | protocol ID: 1 (0x1) Aug 26 18:33:00.381457: | SPI size: 16 (0x10) Aug 26 18:33:00.381460: | Notify Message Type: R_U_THERE (0x8d28) Aug 26 18:33:00.381463: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Notification Payload (11:ISAKMP_NEXT_N) Aug 26 18:33:00.381465: | next payload chain: saving location 'ISAKMP Notification Payload'.'next payload type' in 'ISAKMP notify' Aug 26 18:33:00.381469: | emitting 8 raw bytes of notify icookie into ISAKMP Notification Payload Aug 26 18:33:00.381472: | notify icookie b4 b9 92 b1 8c d6 51 ed Aug 26 18:33:00.381475: | emitting 8 raw bytes of notify rcookie into ISAKMP Notification Payload Aug 26 18:33:00.381477: | notify rcookie 11 de db 08 7f 65 6e 7d Aug 26 18:33:00.381480: | emitting 4 raw bytes of notify data into ISAKMP Notification Payload Aug 26 18:33:00.381482: | notify data 00 00 66 ca Aug 26 18:33:00.381485: | emitting length of ISAKMP Notification Payload: 32 Aug 26 18:33:00.381512: | notification HASH(1): Aug 26 18:33:00.381514: | 20 53 2a 23 88 c2 39 6b 90 51 6a 32 43 65 5c ea Aug 26 18:33:00.381516: | 3f 24 08 67 65 11 9b d4 7c 87 95 cd b4 72 fb d5 Aug 26 18:33:00.381535: | emitting 12 zero bytes of encryption padding into ISAKMP Message Aug 26 18:33:00.381537: | no IKEv1 message padding required Aug 26 18:33:00.381539: | emitting length of ISAKMP Message: 108 Aug 26 18:33:00.381564: | sending 108 bytes for ISAKMP notify through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Aug 26 18:33:00.381566: | b4 b9 92 b1 8c d6 51 ed 11 de db 08 7f 65 6e 7d Aug 26 18:33:00.381568: | 08 10 05 01 46 9e 73 46 00 00 00 6c 77 52 a2 5a Aug 26 18:33:00.381569: | d3 cd d6 1a 92 7e cf 00 38 26 84 b3 98 c0 c4 c5 Aug 26 18:33:00.381573: | 0e 46 d6 35 2f eb 6d fd 4c 0d 6e f7 4d 58 79 ad Aug 26 18:33:00.381574: | a5 bc f7 ea 7e a1 02 d6 81 6a 3b 50 b0 0b 3f 8e Aug 26 18:33:00.381576: | 9a 0a d9 c7 c1 77 6c 65 97 9c 59 5a 07 21 53 90 Aug 26 18:33:00.381577: | c5 96 33 ea 39 6c 40 83 12 19 b1 c4 Aug 26 18:33:00.381589: ERROR: "north-dpd/0x2" #3: sendto on eth1 to 192.1.2.23:500 failed in ISAKMP notify. Errno 113: No route to host Aug 26 18:33:00.381593: | libevent_free: release ptr-libevent@0x7f5488001f78 Aug 26 18:33:00.381598: | free_event_entry: release EVENT_DPD-pe@0x7f549c004218 Aug 26 18:33:00.381605: | #3 spent 0.292 milliseconds in timer_event_cb() EVENT_DPD Aug 26 18:33:00.381608: | stop processing: state #3 connection "north-dpd/0x2" from 192.1.2.23 (in timer_event_cb() at timer.c:557) Aug 26 18:33:03.384365: | timer_event_cb: processing event@0x7f54900058b8 Aug 26 18:33:03.384386: | handling event EVENT_DPD for child state #3 Aug 26 18:33:03.384395: | start processing: state #3 connection "north-dpd/0x2" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 18:33:03.384402: | [RE]START processing: state #3 connection "north-dpd/0x2" from 192.1.2.23 (in dpd_event() at ikev1_dpd.c:360) Aug 26 18:33:03.384405: | FOR_EACH_STATE_... in find_phase1_state Aug 26 18:33:03.384410: | DPD: processing for state #3 ("north-dpd/0x2") Aug 26 18:33:03.384416: | get_sa_info esp.9bf37cd9@192.1.3.33 Aug 26 18:33:03.384437: | event_schedule: new EVENT_DPD-pe@0x7f549c004218 Aug 26 18:33:03.384442: | inserting event EVENT_DPD, timeout in 3 seconds for #3 Aug 26 18:33:03.384446: | libevent_malloc: new ptr-libevent@0x55a94fb9dbc8 size 128 Aug 26 18:33:03.384452: | DPD: sending R_U_THERE 26315 to 192.1.2.23:500 (state #1) Aug 26 18:33:03.384464: | **emit ISAKMP Message: Aug 26 18:33:03.384468: | initiator cookie: Aug 26 18:33:03.384471: | b4 b9 92 b1 8c d6 51 ed Aug 26 18:33:03.384473: | responder cookie: Aug 26 18:33:03.384475: | 11 de db 08 7f 65 6e 7d Aug 26 18:33:03.384478: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:33:03.384482: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 18:33:03.384485: | exchange type: ISAKMP_XCHG_INFO (0x5) Aug 26 18:33:03.384488: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 18:33:03.384491: | Message ID: 1899870571 (0x713db96b) Aug 26 18:33:03.384494: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:33:03.384498: | ***emit ISAKMP Hash Payload: Aug 26 18:33:03.384501: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:33:03.384504: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Aug 26 18:33:03.384508: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'ISAKMP notify' Aug 26 18:33:03.384511: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Aug 26 18:33:03.384514: | emitting length of ISAKMP Hash Payload: 36 Aug 26 18:33:03.384517: | ***emit ISAKMP Notification Payload: Aug 26 18:33:03.384520: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:33:03.384523: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 18:33:03.384526: | protocol ID: 1 (0x1) Aug 26 18:33:03.384528: | SPI size: 16 (0x10) Aug 26 18:33:03.384532: | Notify Message Type: R_U_THERE (0x8d28) Aug 26 18:33:03.384535: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Notification Payload (11:ISAKMP_NEXT_N) Aug 26 18:33:03.384538: | next payload chain: saving location 'ISAKMP Notification Payload'.'next payload type' in 'ISAKMP notify' Aug 26 18:33:03.384542: | emitting 8 raw bytes of notify icookie into ISAKMP Notification Payload Aug 26 18:33:03.384545: | notify icookie b4 b9 92 b1 8c d6 51 ed Aug 26 18:33:03.384548: | emitting 8 raw bytes of notify rcookie into ISAKMP Notification Payload Aug 26 18:33:03.384551: | notify rcookie 11 de db 08 7f 65 6e 7d Aug 26 18:33:03.384554: | emitting 4 raw bytes of notify data into ISAKMP Notification Payload Aug 26 18:33:03.384560: | notify data 00 00 66 cb Aug 26 18:33:03.384563: | emitting length of ISAKMP Notification Payload: 32 Aug 26 18:33:03.384597: | notification HASH(1): Aug 26 18:33:03.384602: | 96 d3 ad b0 4b 9e e5 8b db d8 01 34 e3 45 5d cd Aug 26 18:33:03.384605: | 22 63 27 04 e8 51 ae 40 90 66 4e ad 6d e8 44 3b Aug 26 18:33:03.384615: | emitting 12 zero bytes of encryption padding into ISAKMP Message Aug 26 18:33:03.384618: | no IKEv1 message padding required Aug 26 18:33:03.384621: | emitting length of ISAKMP Message: 108 Aug 26 18:33:03.384637: | sending 108 bytes for ISAKMP notify through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Aug 26 18:33:03.384641: | b4 b9 92 b1 8c d6 51 ed 11 de db 08 7f 65 6e 7d Aug 26 18:33:03.384643: | 08 10 05 01 71 3d b9 6b 00 00 00 6c 5e 52 de d7 Aug 26 18:33:03.384646: | 3c 7a 75 0e 1b 3a b0 fa 84 e3 9a 83 9e e5 b9 79 Aug 26 18:33:03.384649: | 21 06 ca 75 2b 4f ac 76 36 75 8a c0 50 15 3d 82 Aug 26 18:33:03.384651: | ca b9 dd dc ff 46 53 97 e7 66 c1 08 33 0e 8b 51 Aug 26 18:33:03.384654: | eb c1 01 d1 d4 f2 e2 53 5a 07 b1 f6 65 7e 84 bb Aug 26 18:33:03.384656: | de 24 71 d6 68 f5 94 37 a5 f4 fa c1 Aug 26 18:33:03.384673: ERROR: "north-dpd/0x2" #3: sendto on eth1 to 192.1.2.23:500 failed in ISAKMP notify. Errno 113: No route to host Aug 26 18:33:03.384678: | libevent_free: release ptr-libevent@0x55a94fbc3148 Aug 26 18:33:03.384682: | free_event_entry: release EVENT_DPD-pe@0x7f54900058b8 Aug 26 18:33:03.384690: | #3 spent 0.326 milliseconds in timer_event_cb() EVENT_DPD Aug 26 18:33:03.384696: | stop processing: state #3 connection "north-dpd/0x2" from 192.1.2.23 (in timer_event_cb() at timer.c:557) Aug 26 18:33:06.387369: | timer_event_cb: processing event@0x7f549c004218 Aug 26 18:33:06.387383: | handling event EVENT_DPD for child state #3 Aug 26 18:33:06.387389: | start processing: state #3 connection "north-dpd/0x2" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 18:33:06.387394: | [RE]START processing: state #3 connection "north-dpd/0x2" from 192.1.2.23 (in dpd_event() at ikev1_dpd.c:360) Aug 26 18:33:06.387396: | FOR_EACH_STATE_... in find_phase1_state Aug 26 18:33:06.387399: | DPD: processing for state #3 ("north-dpd/0x2") Aug 26 18:33:06.387403: | get_sa_info esp.9bf37cd9@192.1.3.33 Aug 26 18:33:06.387419: | event_schedule: new EVENT_DPD-pe@0x7f54900058b8 Aug 26 18:33:06.387422: | inserting event EVENT_DPD, timeout in 3 seconds for #3 Aug 26 18:33:06.387424: | libevent_malloc: new ptr-libevent@0x55a94fbd3db8 size 128 Aug 26 18:33:06.387428: | DPD: sending R_U_THERE 26316 to 192.1.2.23:500 (state #1) Aug 26 18:33:06.387439: | **emit ISAKMP Message: Aug 26 18:33:06.387441: | initiator cookie: Aug 26 18:33:06.387443: | b4 b9 92 b1 8c d6 51 ed Aug 26 18:33:06.387444: | responder cookie: Aug 26 18:33:06.387446: | 11 de db 08 7f 65 6e 7d Aug 26 18:33:06.387448: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:33:06.387450: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 18:33:06.387451: | exchange type: ISAKMP_XCHG_INFO (0x5) Aug 26 18:33:06.387454: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 18:33:06.387455: | Message ID: 494091834 (0x1d733e3a) Aug 26 18:33:06.387457: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:33:06.387460: | ***emit ISAKMP Hash Payload: Aug 26 18:33:06.387462: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:33:06.387464: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Aug 26 18:33:06.387466: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'ISAKMP notify' Aug 26 18:33:06.387468: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Aug 26 18:33:06.387470: | emitting length of ISAKMP Hash Payload: 36 Aug 26 18:33:06.387472: | ***emit ISAKMP Notification Payload: Aug 26 18:33:06.387473: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:33:06.387478: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 18:33:06.387480: | protocol ID: 1 (0x1) Aug 26 18:33:06.387482: | SPI size: 16 (0x10) Aug 26 18:33:06.387484: | Notify Message Type: R_U_THERE (0x8d28) Aug 26 18:33:06.387486: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Notification Payload (11:ISAKMP_NEXT_N) Aug 26 18:33:06.387488: | next payload chain: saving location 'ISAKMP Notification Payload'.'next payload type' in 'ISAKMP notify' Aug 26 18:33:06.387490: | emitting 8 raw bytes of notify icookie into ISAKMP Notification Payload Aug 26 18:33:06.387492: | notify icookie b4 b9 92 b1 8c d6 51 ed Aug 26 18:33:06.387493: | emitting 8 raw bytes of notify rcookie into ISAKMP Notification Payload Aug 26 18:33:06.387495: | notify rcookie 11 de db 08 7f 65 6e 7d Aug 26 18:33:06.387497: | emitting 4 raw bytes of notify data into ISAKMP Notification Payload Aug 26 18:33:06.387498: | notify data 00 00 66 cc Aug 26 18:33:06.387500: | emitting length of ISAKMP Notification Payload: 32 Aug 26 18:33:06.387524: | notification HASH(1): Aug 26 18:33:06.387527: | 71 92 45 1d 44 6e e2 67 f8 9d 26 12 51 3b 0b 88 Aug 26 18:33:06.387528: | 34 03 15 34 d6 09 d8 b1 82 18 c8 b3 4e 06 5e be Aug 26 18:33:06.387534: | emitting 12 zero bytes of encryption padding into ISAKMP Message Aug 26 18:33:06.387536: | no IKEv1 message padding required Aug 26 18:33:06.387538: | emitting length of ISAKMP Message: 108 Aug 26 18:33:06.387549: | sending 108 bytes for ISAKMP notify through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Aug 26 18:33:06.387551: | b4 b9 92 b1 8c d6 51 ed 11 de db 08 7f 65 6e 7d Aug 26 18:33:06.387553: | 08 10 05 01 1d 73 3e 3a 00 00 00 6c 10 18 a6 b3 Aug 26 18:33:06.387554: | 8b bd 78 99 fb c7 e3 ee f8 b0 69 99 71 ea 7a 37 Aug 26 18:33:06.387556: | dc 75 6e f5 93 20 7c 28 c3 a3 f1 36 ca 88 c4 1d Aug 26 18:33:06.387557: | 29 cf d0 c1 2f 68 8f 7f 7f 69 2f f8 bb 06 81 f8 Aug 26 18:33:06.387559: | 9c 40 ed 7d 20 fe f2 ac 87 fd 40 c7 1a 75 aa bd Aug 26 18:33:06.387560: | 30 0f e4 83 da 16 c4 d3 54 71 53 c7 Aug 26 18:33:06.387572: ERROR: "north-dpd/0x2" #3: sendto on eth1 to 192.1.2.23:500 failed in ISAKMP notify. Errno 113: No route to host Aug 26 18:33:06.387575: | libevent_free: release ptr-libevent@0x55a94fb9dbc8 Aug 26 18:33:06.387577: | free_event_entry: release EVENT_DPD-pe@0x7f549c004218 Aug 26 18:33:06.387583: | #3 spent 0.216 milliseconds in timer_event_cb() EVENT_DPD Aug 26 18:33:06.387586: | stop processing: state #3 connection "north-dpd/0x2" from 192.1.2.23 (in timer_event_cb() at timer.c:557) Aug 26 18:33:07.378346: | timer_event_cb: processing event@0x55a94fbcd948 Aug 26 18:33:07.378359: | handling event EVENT_DPD_TIMEOUT for parent state #1 Aug 26 18:33:07.378377: | start processing: state #1 connection "north-dpd/0x2" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 18:33:07.378381: | [RE]START processing: state #1 connection "north-dpd/0x2" from 192.1.2.23 (in dpd_timeout() at ikev1_dpd.c:569) Aug 26 18:33:07.378384: "north-dpd/0x2" #1: IKEv1 DPD action - restarting all connections that share this peer Aug 26 18:33:07.378387: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 18:33:07.378389: | start processing: connection "north-dpd/0x2" (BACKGROUND) (in terminate_a_connection() at terminate.c:69) Aug 26 18:33:07.378391: "north-dpd/0x2" #1: terminating SAs using this connection Aug 26 18:33:07.378393: | connection 'north-dpd/0x2' -POLICY_UP Aug 26 18:33:07.378395: | FOR_EACH_STATE_... in shared_phase1_connection Aug 26 18:33:07.378397: "north-dpd/0x2" #1: IKE SA is shared - only terminating IPsec SA Aug 26 18:33:07.378399: | suspend processing: state #1 connection "north-dpd/0x2" from 192.1.2.23 (in terminate_a_connection() at terminate.c:79) Aug 26 18:33:07.378402: | start processing: state #3 connection "north-dpd/0x2" from 192.1.2.23 (in terminate_a_connection() at terminate.c:79) Aug 26 18:33:07.378404: | pstats #3 ikev1.ipsec deleted completed Aug 26 18:33:07.378407: | [RE]START processing: state #3 connection "north-dpd/0x2" from 192.1.2.23 (in delete_state() at state.c:879) Aug 26 18:33:07.378412: "north-dpd/0x2" #3: deleting state (STATE_QUICK_I2) aged 13.042s and sending notification Aug 26 18:33:07.378415: | child state #3: QUICK_I2(established CHILD SA) => delete Aug 26 18:33:07.378417: | get_sa_info esp.8b8a5569@192.1.2.23 Aug 26 18:33:07.378428: | get_sa_info esp.9bf37cd9@192.1.3.33 Aug 26 18:33:07.378435: "north-dpd/0x2" #3: ESP traffic information: in=0B out=168B Aug 26 18:33:07.378437: | state #3 requesting EVENT_DPD-pe@0x7f54900058b8 be deleted Aug 26 18:33:07.378439: | libevent_free: release ptr-libevent@0x55a94fbd3db8 Aug 26 18:33:07.378442: | free_event_entry: release EVENT_DPD-pe@0x7f54900058b8 Aug 26 18:33:07.378444: | #3 send IKEv1 delete notification for STATE_QUICK_I2 Aug 26 18:33:07.378446: | FOR_EACH_STATE_... in find_phase1_state Aug 26 18:33:07.378456: | **emit ISAKMP Message: Aug 26 18:33:07.378458: | initiator cookie: Aug 26 18:33:07.378460: | b4 b9 92 b1 8c d6 51 ed Aug 26 18:33:07.378462: | responder cookie: Aug 26 18:33:07.378463: | 11 de db 08 7f 65 6e 7d Aug 26 18:33:07.378465: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:33:07.378467: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 18:33:07.378469: | exchange type: ISAKMP_XCHG_INFO (0x5) Aug 26 18:33:07.378471: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 18:33:07.378472: | Message ID: 3694612115 (0xdc374e93) Aug 26 18:33:07.378474: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:33:07.378476: | ***emit ISAKMP Hash Payload: Aug 26 18:33:07.378478: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:33:07.378480: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Aug 26 18:33:07.378482: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'delete msg' Aug 26 18:33:07.378485: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Aug 26 18:33:07.378486: | emitting length of ISAKMP Hash Payload: 36 Aug 26 18:33:07.378488: | ***emit ISAKMP Delete Payload: Aug 26 18:33:07.378490: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:33:07.378491: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 18:33:07.378493: | protocol ID: 3 (0x3) Aug 26 18:33:07.378494: | SPI size: 4 (0x4) Aug 26 18:33:07.378496: | number of SPIs: 1 (0x1) Aug 26 18:33:07.378498: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Delete Payload (12:ISAKMP_NEXT_D) Aug 26 18:33:07.378500: | next payload chain: saving location 'ISAKMP Delete Payload'.'next payload type' in 'delete msg' Aug 26 18:33:07.378502: | emitting 4 raw bytes of delete payload into ISAKMP Delete Payload Aug 26 18:33:07.378504: | delete payload 9b f3 7c d9 Aug 26 18:33:07.378506: | emitting length of ISAKMP Delete Payload: 16 Aug 26 18:33:07.378530: | send delete HASH(1): Aug 26 18:33:07.378532: | 79 28 8f 17 38 cf 7b e1 ee 93 63 5f 16 63 a0 d6 Aug 26 18:33:07.378534: | 1b f8 f7 4b 3a 7b 16 e3 46 b6 3b f8 e9 02 8d 60 Aug 26 18:33:07.378539: | emitting 12 zero bytes of encryption padding into ISAKMP Message Aug 26 18:33:07.378541: | no IKEv1 message padding required Aug 26 18:33:07.378543: | emitting length of ISAKMP Message: 92 Aug 26 18:33:07.378555: | sending 92 bytes for delete notify through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Aug 26 18:33:07.378558: | b4 b9 92 b1 8c d6 51 ed 11 de db 08 7f 65 6e 7d Aug 26 18:33:07.378559: | 08 10 05 01 dc 37 4e 93 00 00 00 5c 10 63 1d 7a Aug 26 18:33:07.378561: | d8 d0 33 d9 96 08 6c 9a 02 06 db 27 40 69 bc e0 Aug 26 18:33:07.378562: | a1 2e fa d7 40 da 38 60 e6 a6 fc 59 35 02 44 c2 Aug 26 18:33:07.378564: | 0c 29 2e 07 dd 63 92 da cf eb 7a eb 33 1b 76 01 Aug 26 18:33:07.378566: | ff ab bd 73 45 f3 fe 75 9e e0 02 0d Aug 26 18:33:07.378576: ERROR: "north-dpd/0x2" #3: sendto on eth1 to 192.1.2.23:500 failed in delete notify. Errno 113: No route to host Aug 26 18:33:07.378580: | state #3 requesting EVENT_SA_REPLACE to be deleted Aug 26 18:33:07.378582: | libevent_free: release ptr-libevent@0x55a94fbe9308 Aug 26 18:33:07.378584: | free_event_entry: release EVENT_SA_REPLACE-pe@0x55a94fb5b238 Aug 26 18:33:07.378669: | running updown command "ipsec _updown" for verb down Aug 26 18:33:07.378678: | command executing down-client Aug 26 18:33:07.378721: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:33:07.378729: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:33:07.378755: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-dpd/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566844374' PLUTO_CONN_POL Aug 26 18:33:07.378760: | popen cmd is 1408 chars long Aug 26 18:33:07.378764: | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-dpd/0x2' PL: Aug 26 18:33:07.378767: | cmd( 80):UTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY: Aug 26 18:33:07.378771: | cmd( 160):_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.test: Aug 26 18:33:07.378774: | cmd( 240):ing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.: Aug 26 18:33:07.378777: | cmd( 320):0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO: Aug 26 18:33:07.378780: | cmd( 400):_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PL: Aug 26 18:33:07.378784: | cmd( 480):UTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, O: Aug 26 18:33:07.378787: | cmd( 560):U=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.: Aug 26 18:33:07.378790: | cmd( 640):org' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' PLUTO_: Aug 26 18:33:07.378793: | cmd( 720):PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLU: Aug 26 18:33:07.378796: | cmd( 800):TO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Lib: Aug 26 18:33:07.378800: | cmd( 880):reswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_A: Aug 26 18:33:07.378803: | cmd( 960):DDTIME='1566844374' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAR: Aug 26 18:33:07.378806: | cmd(1040):EF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFA: Aug 26 18:33:07.378810: | cmd(1120):MILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_: Aug 26 18:33:07.378813: | cmd(1200):PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT=': Aug 26 18:33:07.378816: | cmd(1280):0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=: Aug 26 18:33:07.378819: | cmd(1360):0x8b8a5569 SPI_OUT=0x9bf37cd9 ipsec _updown 2>&1: Aug 26 18:33:07.388877: | shunt_eroute() called for connection 'north-dpd/0x2' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 0--0->-0 Aug 26 18:33:07.388899: | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 Aug 26 18:33:07.388902: | priority calculation of connection "north-dpd/0x2" is 0xfe7e7 Aug 26 18:33:07.388905: | IPsec Sa SPD priority set to 1042407 Aug 26 18:33:07.388946: | delete esp.8b8a5569@192.1.2.23 Aug 26 18:33:07.388968: | netlink response for Del SA esp.8b8a5569@192.1.2.23 included non-error error Aug 26 18:33:07.388976: | priority calculation of connection "north-dpd/0x2" is 0xfe7e7 Aug 26 18:33:07.388984: | delete inbound eroute 192.0.22.0/24:0 --0-> 192.0.3.0/24:0 => unk255.10000@192.1.3.33 (raw_eroute) Aug 26 18:33:07.389009: | raw_eroute result=success Aug 26 18:33:07.389015: | delete esp.9bf37cd9@192.1.3.33 Aug 26 18:33:07.389029: | netlink response for Del SA esp.9bf37cd9@192.1.3.33 included non-error error Aug 26 18:33:07.389044: | stop processing: connection "north-dpd/0x2" (BACKGROUND) (in update_state_connection() at connections.c:4076) Aug 26 18:33:07.389050: | start processing: connection NULL (in update_state_connection() at connections.c:4077) Aug 26 18:33:07.389053: | in connection_discard for connection north-dpd/0x2 Aug 26 18:33:07.389056: | State DB: deleting IKEv1 state #3 in QUICK_I2 Aug 26 18:33:07.389066: | child state #3: QUICK_I2(established CHILD SA) => UNDEFINED(ignore) Aug 26 18:33:07.389123: | stop processing: state #3 from 192.1.2.23 (in delete_state() at state.c:1143) Aug 26 18:33:07.389156: | processing: STOP connection NULL (in terminate_a_connection() at terminate.c:87) Aug 26 18:33:07.389162: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 18:33:07.389167: | start processing: connection "north-dpd/0x1" (in terminate_a_connection() at terminate.c:69) Aug 26 18:33:07.389170: "north-dpd/0x1": terminating SAs using this connection Aug 26 18:33:07.389173: | connection 'north-dpd/0x1' -POLICY_UP Aug 26 18:33:07.389178: | connection not shared - terminating IKE and IPsec SA Aug 26 18:33:07.389181: | Deleting states for connection - not including other IPsec SA's Aug 26 18:33:07.389184: | pass 0 Aug 26 18:33:07.389188: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 18:33:07.389191: | state #2 Aug 26 18:33:07.389195: | suspend processing: connection "north-dpd/0x1" (in foreach_state_by_connection_func_delete() at state.c:1310) Aug 26 18:33:07.389201: | start processing: state #2 connection "north-dpd/0x1" from 192.1.2.23 (in foreach_state_by_connection_func_delete() at state.c:1310) Aug 26 18:33:07.389205: | pstats #2 ikev1.ipsec deleted completed Aug 26 18:33:07.389212: | [RE]START processing: state #2 connection "north-dpd/0x1" from 192.1.2.23 (in delete_state() at state.c:879) Aug 26 18:33:07.389217: "north-dpd/0x1" #2: deleting state (STATE_QUICK_I2) aged 13.053s and sending notification Aug 26 18:33:07.389221: | child state #2: QUICK_I2(established CHILD SA) => delete Aug 26 18:33:07.389225: | get_sa_info esp.a6dbcb71@192.1.2.23 Aug 26 18:33:07.389236: | get_sa_info esp.729e99e@192.1.3.33 Aug 26 18:33:07.389245: "north-dpd/0x1" #2: ESP traffic information: in=168B out=168B Aug 26 18:33:07.389251: | #2 send IKEv1 delete notification for STATE_QUICK_I2 Aug 26 18:33:07.389254: | FOR_EACH_STATE_... in find_phase1_state Aug 26 18:33:07.389270: | **emit ISAKMP Message: Aug 26 18:33:07.389274: | initiator cookie: Aug 26 18:33:07.389277: | b4 b9 92 b1 8c d6 51 ed Aug 26 18:33:07.389280: | responder cookie: Aug 26 18:33:07.389281: | 11 de db 08 7f 65 6e 7d Aug 26 18:33:07.389283: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:33:07.389285: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 18:33:07.389287: | exchange type: ISAKMP_XCHG_INFO (0x5) Aug 26 18:33:07.389312: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 18:33:07.389315: | Message ID: 39438631 (0x259c927) Aug 26 18:33:07.389317: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:33:07.389319: | ***emit ISAKMP Hash Payload: Aug 26 18:33:07.389321: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:33:07.389323: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Aug 26 18:33:07.389327: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'delete msg' Aug 26 18:33:07.389329: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Aug 26 18:33:07.389331: | emitting length of ISAKMP Hash Payload: 36 Aug 26 18:33:07.389333: | ***emit ISAKMP Delete Payload: Aug 26 18:33:07.389335: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:33:07.389336: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 18:33:07.389338: | protocol ID: 3 (0x3) Aug 26 18:33:07.389339: | SPI size: 4 (0x4) Aug 26 18:33:07.389354: | number of SPIs: 1 (0x1) Aug 26 18:33:07.389356: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Delete Payload (12:ISAKMP_NEXT_D) Aug 26 18:33:07.389358: | next payload chain: saving location 'ISAKMP Delete Payload'.'next payload type' in 'delete msg' Aug 26 18:33:07.389360: | emitting 4 raw bytes of delete payload into ISAKMP Delete Payload Aug 26 18:33:07.389361: | delete payload 07 29 e9 9e Aug 26 18:33:07.389363: | emitting length of ISAKMP Delete Payload: 16 Aug 26 18:33:07.389392: | send delete HASH(1): Aug 26 18:33:07.389394: | 12 5d c5 25 fa cc ba 81 7e 63 e8 27 be 11 0f 96 Aug 26 18:33:07.389396: | a1 bd c2 48 2c 43 4c 43 1b aa b7 21 29 41 cf b6 Aug 26 18:33:07.389402: | emitting 12 zero bytes of encryption padding into ISAKMP Message Aug 26 18:33:07.389404: | no IKEv1 message padding required Aug 26 18:33:07.389406: | emitting length of ISAKMP Message: 92 Aug 26 18:33:07.389422: | sending 92 bytes for delete notify through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Aug 26 18:33:07.389424: | b4 b9 92 b1 8c d6 51 ed 11 de db 08 7f 65 6e 7d Aug 26 18:33:07.389426: | 08 10 05 01 02 59 c9 27 00 00 00 5c 72 68 da 97 Aug 26 18:33:07.389427: | 1f 2c 5a 15 9c a9 a9 41 f3 d5 1e 3e 57 9a b0 13 Aug 26 18:33:07.389429: | 5c 14 4d 29 33 2f 63 97 e7 13 30 f5 ae 2a 67 ef Aug 26 18:33:07.389430: | c4 8c 76 53 21 d9 42 46 44 7e dc 83 c3 55 ae 3d Aug 26 18:33:07.389432: | be 04 3e a7 5f 3c 0e de c3 1c 13 55 Aug 26 18:33:07.389764: ERROR: "north-dpd/0x1" #2: sendto on eth1 to 192.1.2.23:500 failed in delete notify. Errno 113: No route to host Aug 26 18:33:07.389769: | state #2 requesting EVENT_SA_REPLACE to be deleted Aug 26 18:33:07.389778: | libevent_free: release ptr-libevent@0x7f549c003f28 Aug 26 18:33:07.389780: | free_event_entry: release EVENT_SA_REPLACE-pe@0x55a94fbcf2d8 Aug 26 18:33:07.389843: | running updown command "ipsec _updown" for verb down Aug 26 18:33:07.389847: | command executing down-client Aug 26 18:33:07.389889: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:33:07.389898: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:33:07.389924: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-dpd/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566844374' PLUTO_CONN_POLIC Aug 26 18:33:07.389930: | popen cmd is 1405 chars long Aug 26 18:33:07.389934: | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-dpd/0x1' PL: Aug 26 18:33:07.389937: | cmd( 80):UTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY: Aug 26 18:33:07.389940: | cmd( 160):_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.test: Aug 26 18:33:07.389944: | cmd( 240):ing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.: Aug 26 18:33:07.389947: | cmd( 320):0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO: Aug 26 18:33:07.389951: | cmd( 400):_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PL: Aug 26 18:33:07.389954: | cmd( 480):UTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, O: Aug 26 18:33:07.389958: | cmd( 560):U=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.: Aug 26 18:33:07.389961: | cmd( 640):org' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PE: Aug 26 18:33:07.389962: | cmd( 720):ER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO: Aug 26 18:33:07.389964: | cmd( 800):_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libre: Aug 26 18:33:07.389966: | cmd( 880):swan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADD: Aug 26 18:33:07.389967: | cmd( 960):TIME='1566844374' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF: Aug 26 18:33:07.389969: | cmd(1040):_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMI: Aug 26 18:33:07.389971: | cmd(1120):LY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PE: Aug 26 18:33:07.389972: | cmd(1200):ER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0': Aug 26 18:33:07.389974: | cmd(1280): PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x: Aug 26 18:33:07.389975: | cmd(1360):a6dbcb71 SPI_OUT=0x729e99e ipsec _updown 2>&1: Aug 26 18:33:07.400294: | shunt_eroute() called for connection 'north-dpd/0x1' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 0--0->-0 Aug 26 18:33:07.400311: | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 Aug 26 18:33:07.400327: | priority calculation of connection "north-dpd/0x1" is 0xfe7e7 Aug 26 18:33:07.400331: | IPsec Sa SPD priority set to 1042407 Aug 26 18:33:07.400380: | delete esp.a6dbcb71@192.1.2.23 Aug 26 18:33:07.400395: | netlink response for Del SA esp.a6dbcb71@192.1.2.23 included non-error error Aug 26 18:33:07.400400: | priority calculation of connection "north-dpd/0x1" is 0xfe7e7 Aug 26 18:33:07.400405: | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.3.0/24:0 => unk255.10000@192.1.3.33 (raw_eroute) Aug 26 18:33:07.400424: | raw_eroute result=success Aug 26 18:33:07.400427: | delete esp.729e99e@192.1.3.33 Aug 26 18:33:07.400435: | netlink response for Del SA esp.729e99e@192.1.3.33 included non-error error Aug 26 18:33:07.400444: | stop processing: connection "north-dpd/0x1" (BACKGROUND) (in update_state_connection() at connections.c:4076) Aug 26 18:33:07.400447: | start processing: connection NULL (in update_state_connection() at connections.c:4077) Aug 26 18:33:07.400449: | in connection_discard for connection north-dpd/0x1 Aug 26 18:33:07.400451: | State DB: deleting IKEv1 state #2 in QUICK_I2 Aug 26 18:33:07.400457: | child state #2: QUICK_I2(established CHILD SA) => UNDEFINED(ignore) Aug 26 18:33:07.400491: | stop processing: state #2 from 192.1.2.23 (in delete_state() at state.c:1143) Aug 26 18:33:07.400516: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) Aug 26 18:33:07.400518: | state #1 Aug 26 18:33:07.400520: | pass 1 Aug 26 18:33:07.400522: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 18:33:07.400523: | state #1 Aug 26 18:33:07.400527: | processing: STOP connection NULL (in terminate_a_connection() at terminate.c:87) Aug 26 18:33:07.400530: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 18:33:07.400535: | start processing: connection "north-dpd/0x2" (in initiate_a_connection() at initiate.c:186) Aug 26 18:33:07.400539: | empty esp_info, returning defaults for ENCRYPT Aug 26 18:33:07.400544: | connection 'north-dpd/0x2' +POLICY_UP Aug 26 18:33:07.400546: | dup_any(fd@-1) -> fd@-1 (in initiate_a_connection() at initiate.c:342) Aug 26 18:33:07.400548: | FOR_EACH_STATE_... in find_phase1_state Aug 26 18:33:07.400552: | creating state object #4 at 0x55a94fbe8418 Aug 26 18:33:07.400554: | State DB: adding IKEv1 state #4 in UNDEFINED Aug 26 18:33:07.400558: | pstats #4 ikev1.ipsec started Aug 26 18:33:07.400561: | duplicating state object #1 "north-dpd/0x2" as #4 for IPSEC SA Aug 26 18:33:07.400565: | #4 setting local endpoint to 192.1.3.33:500 from #1.st_localport (in duplicate_state() at state.c:1484) Aug 26 18:33:07.400568: | suspend processing: connection "north-dpd/0x2" (in quick_outI1() at ikev1_quick.c:685) Aug 26 18:33:07.400571: | start processing: state #4 connection "north-dpd/0x2" from 192.1.2.23 (in quick_outI1() at ikev1_quick.c:685) Aug 26 18:33:07.400582: | child state #4: UNDEFINED(ignore) => QUICK_I1(established CHILD SA) Aug 26 18:33:07.400586: "north-dpd/0x2" #4: initiating Quick Mode RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO {using isakmp#1 msgid:b63903a6 proposal=defaults pfsgroup=MODP2048} Aug 26 18:33:07.400589: | adding quick_outI1 KE work-order 7 for state #4 Aug 26 18:33:07.400592: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55a94fbcf2d8 Aug 26 18:33:07.400595: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #4 Aug 26 18:33:07.400598: | libevent_malloc: new ptr-libevent@0x55a94fbc3148 size 128 Aug 26 18:33:07.400610: | stop processing: state #4 connection "north-dpd/0x2" from 192.1.2.23 (in quick_outI1() at ikev1_quick.c:764) Aug 26 18:33:07.400612: | resume processing: connection "north-dpd/0x2" (in quick_outI1() at ikev1_quick.c:764) Aug 26 18:33:07.400614: | stop processing: connection "north-dpd/0x2" (in initiate_a_connection() at initiate.c:349) Aug 26 18:33:07.400616: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 18:33:07.400617: | crypto helper 5 resuming Aug 26 18:33:07.400631: | crypto helper 5 starting work-order 7 for state #4 Aug 26 18:33:07.400619: | start processing: connection "north-dpd/0x1" (in initiate_a_connection() at initiate.c:186) Aug 26 18:33:07.400635: | crypto helper 5 doing build KE and nonce (quick_outI1 KE); request ID 7 Aug 26 18:33:07.400644: | empty esp_info, returning defaults for ENCRYPT Aug 26 18:33:07.400662: | connection 'north-dpd/0x1' +POLICY_UP Aug 26 18:33:07.400668: | dup_any(fd@-1) -> fd@-1 (in initiate_a_connection() at initiate.c:342) Aug 26 18:33:07.400670: | FOR_EACH_STATE_... in find_phase1_state Aug 26 18:33:07.400676: | creating state object #5 at 0x55a94fbe3a28 Aug 26 18:33:07.400678: | State DB: adding IKEv1 state #5 in UNDEFINED Aug 26 18:33:07.400682: | pstats #5 ikev1.ipsec started Aug 26 18:33:07.400685: | duplicating state object #1 "north-dpd/0x2" as #5 for IPSEC SA Aug 26 18:33:07.400690: | #5 setting local endpoint to 192.1.3.33:500 from #1.st_localport (in duplicate_state() at state.c:1484) Aug 26 18:33:07.400694: | in connection_discard for connection north-dpd/0x2 Aug 26 18:33:07.400698: | suspend processing: connection "north-dpd/0x1" (in quick_outI1() at ikev1_quick.c:685) Aug 26 18:33:07.400702: | start processing: state #5 connection "north-dpd/0x1" from 192.1.2.23 (in quick_outI1() at ikev1_quick.c:685) Aug 26 18:33:07.400708: | child state #5: UNDEFINED(ignore) => QUICK_I1(established CHILD SA) Aug 26 18:33:07.400714: "north-dpd/0x1" #5: initiating Quick Mode RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO {using isakmp#1 msgid:78d83418 proposal=defaults pfsgroup=MODP2048} Aug 26 18:33:07.400720: | adding quick_outI1 KE work-order 8 for state #5 Aug 26 18:33:07.400723: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55a94fbd3ed8 Aug 26 18:33:07.400729: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #5 Aug 26 18:33:07.400733: | libevent_malloc: new ptr-libevent@0x55a94fbef668 size 128 Aug 26 18:33:07.400742: | stop processing: state #5 connection "north-dpd/0x1" from 192.1.2.23 (in quick_outI1() at ikev1_quick.c:764) Aug 26 18:33:07.400746: | resume processing: connection "north-dpd/0x1" (in quick_outI1() at ikev1_quick.c:764) Aug 26 18:33:07.400749: | stop processing: connection "north-dpd/0x1" (in initiate_a_connection() at initiate.c:349) Aug 26 18:33:07.400749: | crypto helper 0 resuming Aug 26 18:33:07.400755: | libevent_free: release ptr-libevent@0x55a94fbe82b8 Aug 26 18:33:07.400764: | crypto helper 0 starting work-order 8 for state #5 Aug 26 18:33:07.400771: | free_event_entry: release EVENT_DPD_TIMEOUT-pe@0x55a94fbcd948 Aug 26 18:33:07.400777: | crypto helper 0 doing build KE and nonce (quick_outI1 KE); request ID 8 Aug 26 18:33:07.400787: | #1 spent 2.99 milliseconds in timer_event_cb() EVENT_DPD_TIMEOUT Aug 26 18:33:07.400791: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Aug 26 18:33:07.400803: | processing signal PLUTO_SIGCHLD Aug 26 18:33:07.400809: | waitpid returned ECHILD (no child processes left) Aug 26 18:33:07.400814: | spent 0.00502 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 18:33:07.400817: | processing signal PLUTO_SIGCHLD Aug 26 18:33:07.400820: | waitpid returned ECHILD (no child processes left) Aug 26 18:33:07.400825: | spent 0.004 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 18:33:07.402008: | crypto helper 5 finished build KE and nonce (quick_outI1 KE); request ID 7 time elapsed 0.001372 seconds Aug 26 18:33:07.402015: | crypto helper 0 finished build KE and nonce (quick_outI1 KE); request ID 8 time elapsed 0.001238 seconds Aug 26 18:33:07.402020: | (#4) spent 0.58 milliseconds in crypto helper computing work-order 7: quick_outI1 KE (pcr) Aug 26 18:33:07.402027: | crypto helper 5 sending results from work-order 7 for state #4 to event queue Aug 26 18:33:07.402028: | (#5) spent 0.858 milliseconds in crypto helper computing work-order 8: quick_outI1 KE (pcr) Aug 26 18:33:07.402030: | scheduling resume sending helper answer for #4 Aug 26 18:33:07.402034: | crypto helper 0 sending results from work-order 8 for state #5 to event queue Aug 26 18:33:07.402036: | libevent_malloc: new ptr-libevent@0x7f548c002888 size 128 Aug 26 18:33:07.402040: | scheduling resume sending helper answer for #5 Aug 26 18:33:07.402045: | libevent_malloc: new ptr-libevent@0x7f54a00072a8 size 128 Aug 26 18:33:07.402046: | crypto helper 5 waiting (nothing to do) Aug 26 18:33:07.402071: | crypto helper 0 waiting (nothing to do) Aug 26 18:33:07.402076: | processing resume sending helper answer for #4 Aug 26 18:33:07.402085: | start processing: state #4 connection "north-dpd/0x2" from 192.1.2.23 (in resume_handler() at server.c:797) Aug 26 18:33:07.402089: | crypto helper 5 replies to request ID 7 Aug 26 18:33:07.402091: | calling continuation function 0x55a94f4e2b50 Aug 26 18:33:07.402093: | quick_outI1_continue for #4: calculated ke+nonce, sending I1 Aug 26 18:33:07.402113: | **emit ISAKMP Message: Aug 26 18:33:07.402116: | initiator cookie: Aug 26 18:33:07.402117: | b4 b9 92 b1 8c d6 51 ed Aug 26 18:33:07.402119: | responder cookie: Aug 26 18:33:07.402120: | 11 de db 08 7f 65 6e 7d Aug 26 18:33:07.402123: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:33:07.402124: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 18:33:07.402126: | exchange type: ISAKMP_XCHG_QUICK (0x20) Aug 26 18:33:07.402128: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 18:33:07.402130: | Message ID: 3057189798 (0xb63903a6) Aug 26 18:33:07.402132: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:33:07.402134: | ***emit ISAKMP Hash Payload: Aug 26 18:33:07.402136: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:33:07.402138: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Aug 26 18:33:07.402143: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'reply packet' Aug 26 18:33:07.402145: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Aug 26 18:33:07.402147: | emitting length of ISAKMP Hash Payload: 36 Aug 26 18:33:07.402148: | emitting quick defaults using policy none Aug 26 18:33:07.402150: | empty esp_info, returning defaults for ENCRYPT Aug 26 18:33:07.402154: | ***emit ISAKMP Security Association Payload: Aug 26 18:33:07.402155: | next payload type: ISAKMP_NEXT_NONCE (0xa) Aug 26 18:33:07.402157: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 18:33:07.402159: | next payload chain: ignoring supplied 'ISAKMP Security Association Payload'.'next payload type' value 10:ISAKMP_NEXT_NONCE Aug 26 18:33:07.402161: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Security Association Payload (1:ISAKMP_NEXT_SA) Aug 26 18:33:07.402163: | next payload chain: saving location 'ISAKMP Security Association Payload'.'next payload type' in 'reply packet' Aug 26 18:33:07.402165: | ****emit IPsec DOI SIT: Aug 26 18:33:07.402167: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) Aug 26 18:33:07.402169: | ikev1_out_sa pcn: 0 has 1 valid proposals Aug 26 18:33:07.402171: | ikev1_out_sa pcn: 0 pn: 0<1 valid_count: 1 trans_cnt: 2 Aug 26 18:33:07.402172: | ****emit ISAKMP Proposal Payload: Aug 26 18:33:07.402174: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:33:07.402176: | proposal number: 0 (0x0) Aug 26 18:33:07.402178: | protocol ID: PROTO_IPSEC_ESP (0x3) Aug 26 18:33:07.402179: | SPI size: 4 (0x4) Aug 26 18:33:07.402181: | number of transforms: 2 (0x2) Aug 26 18:33:07.402183: | last substructure: saving location 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' Aug 26 18:33:07.402198: | netlink_get_spi: allocated 0xabe7ff90 for esp.0@192.1.3.33 Aug 26 18:33:07.402200: | emitting 4 raw bytes of SPI into ISAKMP Proposal Payload Aug 26 18:33:07.402202: | SPI ab e7 ff 90 Aug 26 18:33:07.402204: | *****emit ISAKMP Transform Payload (ESP): Aug 26 18:33:07.402205: | next payload type: ISAKMP_NEXT_T (0x3) Aug 26 18:33:07.402207: | ESP transform number: 0 (0x0) Aug 26 18:33:07.402209: | ESP transform ID: ESP_AES (0xc) Aug 26 18:33:07.402211: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' Aug 26 18:33:07.402213: | ******emit ISAKMP IPsec DOI attribute: Aug 26 18:33:07.402215: | af+type: AF+GROUP_DESCRIPTION (0x8003) Aug 26 18:33:07.402216: | length/value: 14 (0xe) Aug 26 18:33:07.402218: | [14 is OAKLEY_GROUP_MODP2048] Aug 26 18:33:07.402220: | ******emit ISAKMP IPsec DOI attribute: Aug 26 18:33:07.402222: | af+type: AF+ENCAPSULATION_MODE (0x8004) Aug 26 18:33:07.402223: | length/value: 1 (0x1) Aug 26 18:33:07.402225: | [1 is ENCAPSULATION_MODE_TUNNEL] Aug 26 18:33:07.402226: | ******emit ISAKMP IPsec DOI attribute: Aug 26 18:33:07.402228: | af+type: AF+SA_LIFE_TYPE (0x8001) Aug 26 18:33:07.402230: | length/value: 1 (0x1) Aug 26 18:33:07.402231: | [1 is SA_LIFE_TYPE_SECONDS] Aug 26 18:33:07.402233: | ******emit ISAKMP IPsec DOI attribute: Aug 26 18:33:07.402234: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) Aug 26 18:33:07.402236: | length/value: 28800 (0x7080) Aug 26 18:33:07.402238: | ******emit ISAKMP IPsec DOI attribute: Aug 26 18:33:07.402239: | af+type: AF+AUTH_ALGORITHM (0x8005) Aug 26 18:33:07.402241: | length/value: 2 (0x2) Aug 26 18:33:07.402242: | [2 is AUTH_ALGORITHM_HMAC_SHA1] Aug 26 18:33:07.402244: | ******emit ISAKMP IPsec DOI attribute: Aug 26 18:33:07.402246: | af+type: AF+KEY_LENGTH (0x8006) Aug 26 18:33:07.402247: | length/value: 128 (0x80) Aug 26 18:33:07.402249: | emitting length of ISAKMP Transform Payload (ESP): 32 Aug 26 18:33:07.402251: | *****emit ISAKMP Transform Payload (ESP): Aug 26 18:33:07.402252: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:33:07.402255: | ESP transform number: 1 (0x1) Aug 26 18:33:07.402257: | ESP transform ID: ESP_3DES (0x3) Aug 26 18:33:07.402259: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Aug 26 18:33:07.402261: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' Aug 26 18:33:07.402262: | ******emit ISAKMP IPsec DOI attribute: Aug 26 18:33:07.402264: | af+type: AF+GROUP_DESCRIPTION (0x8003) Aug 26 18:33:07.402266: | length/value: 14 (0xe) Aug 26 18:33:07.402267: | [14 is OAKLEY_GROUP_MODP2048] Aug 26 18:33:07.402269: | ******emit ISAKMP IPsec DOI attribute: Aug 26 18:33:07.402270: | af+type: AF+ENCAPSULATION_MODE (0x8004) Aug 26 18:33:07.402272: | length/value: 1 (0x1) Aug 26 18:33:07.402273: | [1 is ENCAPSULATION_MODE_TUNNEL] Aug 26 18:33:07.402275: | ******emit ISAKMP IPsec DOI attribute: Aug 26 18:33:07.402276: | af+type: AF+SA_LIFE_TYPE (0x8001) Aug 26 18:33:07.402278: | length/value: 1 (0x1) Aug 26 18:33:07.402280: | [1 is SA_LIFE_TYPE_SECONDS] Aug 26 18:33:07.402281: | ******emit ISAKMP IPsec DOI attribute: Aug 26 18:33:07.402283: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) Aug 26 18:33:07.402284: | length/value: 28800 (0x7080) Aug 26 18:33:07.402286: | ******emit ISAKMP IPsec DOI attribute: Aug 26 18:33:07.402292: | af+type: AF+AUTH_ALGORITHM (0x8005) Aug 26 18:33:07.402298: | length/value: 2 (0x2) Aug 26 18:33:07.402301: | [2 is AUTH_ALGORITHM_HMAC_SHA1] Aug 26 18:33:07.402304: | emitting length of ISAKMP Transform Payload (ESP): 28 Aug 26 18:33:07.402306: | emitting length of ISAKMP Proposal Payload: 72 Aug 26 18:33:07.402321: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' is 0 Aug 26 18:33:07.402323: | emitting length of ISAKMP Security Association Payload: 84 Aug 26 18:33:07.402324: | last substructure: checking 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' is 0 Aug 26 18:33:07.402327: | ***emit ISAKMP Nonce Payload: Aug 26 18:33:07.402329: | next payload type: ISAKMP_NEXT_KE (0x4) Aug 26 18:33:07.402330: | next payload chain: ignoring supplied 'ISAKMP Nonce Payload'.'next payload type' value 4:ISAKMP_NEXT_KE Aug 26 18:33:07.402333: | next payload chain: setting previous 'ISAKMP Security Association Payload'.'next payload type' to current ISAKMP Nonce Payload (10:ISAKMP_NEXT_NONCE) Aug 26 18:33:07.402334: | next payload chain: saving location 'ISAKMP Nonce Payload'.'next payload type' in 'reply packet' Aug 26 18:33:07.402336: | emitting 32 raw bytes of Ni into ISAKMP Nonce Payload Aug 26 18:33:07.402338: | Ni 5e ec 63 95 53 6f b4 2e 65 9a 33 c4 77 ab 70 c2 Aug 26 18:33:07.402340: | Ni d5 7d e4 ad af fa 99 c2 31 82 c6 68 43 7f 3c 51 Aug 26 18:33:07.402341: | emitting length of ISAKMP Nonce Payload: 36 Aug 26 18:33:07.402343: | ***emit ISAKMP Key Exchange Payload: Aug 26 18:33:07.402345: | next payload type: ISAKMP_NEXT_ID (0x5) Aug 26 18:33:07.402346: | next payload chain: ignoring supplied 'ISAKMP Key Exchange Payload'.'next payload type' value 5:ISAKMP_NEXT_ID Aug 26 18:33:07.402348: | next payload chain: setting previous 'ISAKMP Nonce Payload'.'next payload type' to current ISAKMP Key Exchange Payload (4:ISAKMP_NEXT_KE) Aug 26 18:33:07.402350: | next payload chain: saving location 'ISAKMP Key Exchange Payload'.'next payload type' in 'reply packet' Aug 26 18:33:07.402352: | emitting 256 raw bytes of keyex value into ISAKMP Key Exchange Payload Aug 26 18:33:07.402354: | keyex value d6 33 a0 cc 3d 4a 38 d3 ac eb fd 31 19 18 2a ff Aug 26 18:33:07.402355: | keyex value 52 c1 20 46 df bc 72 27 99 35 72 f5 f4 a6 0a af Aug 26 18:33:07.402357: | keyex value 8b 1b 50 a5 f0 28 3d b0 36 cb d7 fb 64 b4 01 95 Aug 26 18:33:07.402358: | keyex value af c6 c8 8d 0e 5f 7a 26 86 a7 d0 a1 ec 43 70 e2 Aug 26 18:33:07.402360: | keyex value b5 79 86 39 5b 22 ae ec d7 20 bf 56 74 88 4e c1 Aug 26 18:33:07.402363: | keyex value 0e ae ff 48 e2 c1 49 5e ed 04 4f c9 7d 15 a5 8a Aug 26 18:33:07.402364: | keyex value 20 74 28 e7 eb 5c 8c 72 eb 25 07 16 4d 67 35 80 Aug 26 18:33:07.402366: | keyex value 22 55 7d 6e 72 e6 3a 60 b8 8b de dd 30 37 b6 e7 Aug 26 18:33:07.402367: | keyex value 32 96 df 1e 05 ca ff 3b a8 ad 1d de b7 f7 48 00 Aug 26 18:33:07.402369: | keyex value d7 3e 65 d0 0f 7e 58 56 41 74 6c fb 9c 69 9a ed Aug 26 18:33:07.402370: | keyex value 1b aa e8 91 37 f3 3b dd 14 ce 65 c2 4a 8f 29 c8 Aug 26 18:33:07.402372: | keyex value 3d 65 12 5a b1 27 d6 04 b1 04 74 9f 12 bd 8c 41 Aug 26 18:33:07.402373: | keyex value 03 5b 47 a3 a7 b3 23 37 a0 38 76 8a 3b b9 53 ea Aug 26 18:33:07.402375: | keyex value 76 70 54 e0 a2 2c de 93 c3 5d 12 54 8c 02 68 be Aug 26 18:33:07.402376: | keyex value ed 9d 8f 0b 2b ab 4f ed 00 8e 92 8e d5 ec ea eb Aug 26 18:33:07.402378: | keyex value 8e 1c 33 ce 8c a6 33 94 8a 72 5c cf ce 36 68 fe Aug 26 18:33:07.402379: | emitting length of ISAKMP Key Exchange Payload: 260 Aug 26 18:33:07.402381: | ***emit ISAKMP Identification Payload (IPsec DOI): Aug 26 18:33:07.402383: | next payload type: ISAKMP_NEXT_ID (0x5) Aug 26 18:33:07.402385: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Aug 26 18:33:07.402386: | Protocol ID: 0 (0x0) Aug 26 18:33:07.402388: | port: 0 (0x0) Aug 26 18:33:07.402390: | next payload chain: ignoring supplied 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' value 5:ISAKMP_NEXT_ID Aug 26 18:33:07.402392: | next payload chain: setting previous 'ISAKMP Key Exchange Payload'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) Aug 26 18:33:07.402393: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' Aug 26 18:33:07.402396: | emitting 4 raw bytes of client network into ISAKMP Identification Payload (IPsec DOI) Aug 26 18:33:07.402397: | client network c0 00 03 00 Aug 26 18:33:07.402399: | emitting 4 raw bytes of client mask into ISAKMP Identification Payload (IPsec DOI) Aug 26 18:33:07.402401: | client mask ff ff ff 00 Aug 26 18:33:07.402402: | emitting length of ISAKMP Identification Payload (IPsec DOI): 16 Aug 26 18:33:07.402404: | ***emit ISAKMP Identification Payload (IPsec DOI): Aug 26 18:33:07.402405: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:33:07.402407: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Aug 26 18:33:07.402408: | Protocol ID: 0 (0x0) Aug 26 18:33:07.402410: | port: 0 (0x0) Aug 26 18:33:07.402412: | next payload chain: setting previous 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) Aug 26 18:33:07.402414: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' Aug 26 18:33:07.402416: | emitting 4 raw bytes of client network into ISAKMP Identification Payload (IPsec DOI) Aug 26 18:33:07.402417: | client network c0 00 16 00 Aug 26 18:33:07.402419: | emitting 4 raw bytes of client mask into ISAKMP Identification Payload (IPsec DOI) Aug 26 18:33:07.402420: | client mask ff ff ff 00 Aug 26 18:33:07.402422: | emitting length of ISAKMP Identification Payload (IPsec DOI): 16 Aug 26 18:33:07.402447: | outI1 HASH(1): Aug 26 18:33:07.402449: | 2e 10 7d e6 1a 08 c7 a9 e7 ec 72 3d 72 8b e3 0a Aug 26 18:33:07.402450: | 3b 26 23 51 94 25 6e da 22 08 84 eb 36 1e 31 f8 Aug 26 18:33:07.402458: | no IKEv1 message padding required Aug 26 18:33:07.402460: | emitting length of ISAKMP Message: 476 Aug 26 18:33:07.402478: | sending 476 bytes for reply packet from quick_outI1 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #4) Aug 26 18:33:07.402480: | b4 b9 92 b1 8c d6 51 ed 11 de db 08 7f 65 6e 7d Aug 26 18:33:07.402483: | 08 10 20 01 b6 39 03 a6 00 00 01 dc 54 ea 7c 43 Aug 26 18:33:07.402484: | 1c 97 7f e6 69 37 b5 08 79 79 fc 5f 77 3e a4 6e Aug 26 18:33:07.402486: | a9 ce 78 52 9c 8d 22 6f a7 b9 f0 f4 fa 2e 96 50 Aug 26 18:33:07.402489: | 5b 44 12 c0 cf 98 1b 09 86 21 6a d8 dc af 84 f9 Aug 26 18:33:07.402490: | 0b 00 e6 c1 30 f5 48 b8 34 eb 70 09 9d 20 7a a8 Aug 26 18:33:07.402492: | c8 71 39 5a 82 10 df bb 54 cf 90 06 f1 d6 8c dd Aug 26 18:33:07.402493: | ae 5a 47 3a 09 40 f8 56 59 d1 72 bd ec bf 36 61 Aug 26 18:33:07.402495: | d9 d3 9d 05 5e 5e 89 87 aa 38 25 64 b8 b2 d5 57 Aug 26 18:33:07.402496: | 40 31 68 fe 09 1a 92 5d b1 1d a6 0e b5 a5 c7 69 Aug 26 18:33:07.402498: | 1b 80 fa 85 0c e2 1e f4 2c aa 61 ee df 5e d0 23 Aug 26 18:33:07.402499: | db 16 08 4d 6c 57 e7 f3 e3 ee 12 67 c3 65 1c e4 Aug 26 18:33:07.402500: | 17 95 6b 5c 49 a7 af 59 a1 ca 7f 40 e2 7c 7c 6a Aug 26 18:33:07.402502: | af 2d a8 4e af 7e 82 70 58 c8 be 62 70 40 09 f1 Aug 26 18:33:07.402503: | bf a6 a3 53 91 4d 60 fb 52 6f 83 1b c8 ca 95 8d Aug 26 18:33:07.402505: | 31 ab 51 d3 da 0f 7e e5 a3 a2 43 2f 70 40 64 77 Aug 26 18:33:07.402506: | 1b 23 29 ea 31 1e 9e 8f 84 47 50 43 b0 15 10 54 Aug 26 18:33:07.402508: | 99 74 78 97 39 37 ec 1a 5f 89 ef c3 5d 06 02 4b Aug 26 18:33:07.402509: | 9c 04 7f ab 23 1c 61 15 9a 3d 07 a4 cb 61 f9 33 Aug 26 18:33:07.402511: | 83 a9 81 d9 c9 e1 75 05 e5 af 86 50 d5 8f 3a fd Aug 26 18:33:07.402512: | b6 92 2e a3 86 a5 36 7b cc 81 89 1b cc 34 06 0b Aug 26 18:33:07.402514: | db d1 8a 5d f7 20 27 d6 5d 0a de 76 f7 c2 f1 e2 Aug 26 18:33:07.402515: | 0d 5b 6e ba a6 51 5d cb b3 7b 51 38 68 1a 2c 5a Aug 26 18:33:07.402517: | 8c 5a f8 d0 8e 7a 96 cf 3b 27 03 12 11 9c ea f6 Aug 26 18:33:07.402518: | d2 e1 a5 a9 0f e8 a5 e6 cb d6 1e 83 46 49 78 49 Aug 26 18:33:07.402520: | df c0 6f 82 80 91 38 46 15 ce c7 5c ce 3e b3 3b Aug 26 18:33:07.402521: | 56 b8 6b 70 db 53 d8 05 c1 94 bd 48 39 c8 1b 59 Aug 26 18:33:07.402523: | 62 0d 11 84 e2 57 00 bc 3b 9c 3e 4b 86 f6 25 22 Aug 26 18:33:07.402524: | 9f 44 3b a7 0c 6b 5d f0 24 30 01 14 f2 a2 63 8a Aug 26 18:33:07.402526: | f3 39 60 c7 e5 ad 00 bc df a1 b5 34 Aug 26 18:33:07.402537: ERROR: "north-dpd/0x2" #4: sendto on eth1 to 192.1.2.23:500 failed in reply packet from quick_outI1. Errno 113: No route to host Aug 26 18:33:07.402539: | state #4 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 18:33:07.402542: | libevent_free: release ptr-libevent@0x55a94fbc3148 Aug 26 18:33:07.402544: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55a94fbcf2d8 Aug 26 18:33:07.402547: | event_schedule: new EVENT_RETRANSMIT-pe@0x55a94fbcf2d8 Aug 26 18:33:07.402549: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #4 Aug 26 18:33:07.402551: | libevent_malloc: new ptr-libevent@0x55a94fbe9308 size 128 Aug 26 18:33:07.402555: | #4 STATE_QUICK_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 29673.145013 Aug 26 18:33:07.402557: | resume sending helper answer for #4 suppresed complete_v1_state_transition() Aug 26 18:33:07.402561: | #4 spent 0.468 milliseconds in resume sending helper answer Aug 26 18:33:07.402564: | stop processing: state #4 connection "north-dpd/0x2" from 192.1.2.23 (in resume_handler() at server.c:833) Aug 26 18:33:07.402566: | libevent_free: release ptr-libevent@0x7f548c002888 Aug 26 18:33:07.402568: | processing resume sending helper answer for #5 Aug 26 18:33:07.402571: | start processing: state #5 connection "north-dpd/0x1" from 192.1.2.23 (in resume_handler() at server.c:797) Aug 26 18:33:07.402573: | crypto helper 0 replies to request ID 8 Aug 26 18:33:07.402575: | calling continuation function 0x55a94f4e2b50 Aug 26 18:33:07.402576: | quick_outI1_continue for #5: calculated ke+nonce, sending I1 Aug 26 18:33:07.402579: | **emit ISAKMP Message: Aug 26 18:33:07.402581: | initiator cookie: Aug 26 18:33:07.402583: | b4 b9 92 b1 8c d6 51 ed Aug 26 18:33:07.402584: | responder cookie: Aug 26 18:33:07.402585: | 11 de db 08 7f 65 6e 7d Aug 26 18:33:07.402587: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:33:07.402589: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 18:33:07.402592: | exchange type: ISAKMP_XCHG_QUICK (0x20) Aug 26 18:33:07.402594: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 18:33:07.402595: | Message ID: 2027435032 (0x78d83418) Aug 26 18:33:07.402597: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:33:07.402599: | ***emit ISAKMP Hash Payload: Aug 26 18:33:07.402601: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:33:07.402603: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Aug 26 18:33:07.402604: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'reply packet' Aug 26 18:33:07.402606: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Aug 26 18:33:07.402608: | emitting length of ISAKMP Hash Payload: 36 Aug 26 18:33:07.402610: | emitting quick defaults using policy none Aug 26 18:33:07.402611: | empty esp_info, returning defaults for ENCRYPT Aug 26 18:33:07.402613: | ***emit ISAKMP Security Association Payload: Aug 26 18:33:07.402615: | next payload type: ISAKMP_NEXT_NONCE (0xa) Aug 26 18:33:07.402616: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 18:33:07.402618: | next payload chain: ignoring supplied 'ISAKMP Security Association Payload'.'next payload type' value 10:ISAKMP_NEXT_NONCE Aug 26 18:33:07.402620: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Security Association Payload (1:ISAKMP_NEXT_SA) Aug 26 18:33:07.402622: | next payload chain: saving location 'ISAKMP Security Association Payload'.'next payload type' in 'reply packet' Aug 26 18:33:07.402624: | ****emit IPsec DOI SIT: Aug 26 18:33:07.402626: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) Aug 26 18:33:07.402627: | ikev1_out_sa pcn: 0 has 1 valid proposals Aug 26 18:33:07.402629: | ikev1_out_sa pcn: 0 pn: 0<1 valid_count: 1 trans_cnt: 2 Aug 26 18:33:07.402631: | ****emit ISAKMP Proposal Payload: Aug 26 18:33:07.402632: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:33:07.402634: | proposal number: 0 (0x0) Aug 26 18:33:07.402636: | protocol ID: PROTO_IPSEC_ESP (0x3) Aug 26 18:33:07.402637: | SPI size: 4 (0x4) Aug 26 18:33:07.402639: | number of transforms: 2 (0x2) Aug 26 18:33:07.402640: | last substructure: saving location 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' Aug 26 18:33:07.402649: | netlink_get_spi: allocated 0x4ae31ab3 for esp.0@192.1.3.33 Aug 26 18:33:07.402651: | emitting 4 raw bytes of SPI into ISAKMP Proposal Payload Aug 26 18:33:07.402653: | SPI 4a e3 1a b3 Aug 26 18:33:07.402655: | *****emit ISAKMP Transform Payload (ESP): Aug 26 18:33:07.402656: | next payload type: ISAKMP_NEXT_T (0x3) Aug 26 18:33:07.402658: | ESP transform number: 0 (0x0) Aug 26 18:33:07.402659: | ESP transform ID: ESP_AES (0xc) Aug 26 18:33:07.402661: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' Aug 26 18:33:07.402663: | ******emit ISAKMP IPsec DOI attribute: Aug 26 18:33:07.402664: | af+type: AF+GROUP_DESCRIPTION (0x8003) Aug 26 18:33:07.402666: | length/value: 14 (0xe) Aug 26 18:33:07.402668: | [14 is OAKLEY_GROUP_MODP2048] Aug 26 18:33:07.402669: | ******emit ISAKMP IPsec DOI attribute: Aug 26 18:33:07.402671: | af+type: AF+ENCAPSULATION_MODE (0x8004) Aug 26 18:33:07.402672: | length/value: 1 (0x1) Aug 26 18:33:07.402674: | [1 is ENCAPSULATION_MODE_TUNNEL] Aug 26 18:33:07.402675: | ******emit ISAKMP IPsec DOI attribute: Aug 26 18:33:07.402677: | af+type: AF+SA_LIFE_TYPE (0x8001) Aug 26 18:33:07.402678: | length/value: 1 (0x1) Aug 26 18:33:07.402680: | [1 is SA_LIFE_TYPE_SECONDS] Aug 26 18:33:07.402681: | ******emit ISAKMP IPsec DOI attribute: Aug 26 18:33:07.402683: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) Aug 26 18:33:07.402685: | length/value: 28800 (0x7080) Aug 26 18:33:07.402686: | ******emit ISAKMP IPsec DOI attribute: Aug 26 18:33:07.402688: | af+type: AF+AUTH_ALGORITHM (0x8005) Aug 26 18:33:07.402690: | length/value: 2 (0x2) Aug 26 18:33:07.402692: | [2 is AUTH_ALGORITHM_HMAC_SHA1] Aug 26 18:33:07.402693: | ******emit ISAKMP IPsec DOI attribute: Aug 26 18:33:07.402695: | af+type: AF+KEY_LENGTH (0x8006) Aug 26 18:33:07.402696: | length/value: 128 (0x80) Aug 26 18:33:07.402698: | emitting length of ISAKMP Transform Payload (ESP): 32 Aug 26 18:33:07.402700: | *****emit ISAKMP Transform Payload (ESP): Aug 26 18:33:07.402701: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:33:07.402703: | ESP transform number: 1 (0x1) Aug 26 18:33:07.402704: | ESP transform ID: ESP_3DES (0x3) Aug 26 18:33:07.402706: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Aug 26 18:33:07.402708: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' Aug 26 18:33:07.402710: | ******emit ISAKMP IPsec DOI attribute: Aug 26 18:33:07.402711: | af+type: AF+GROUP_DESCRIPTION (0x8003) Aug 26 18:33:07.402713: | length/value: 14 (0xe) Aug 26 18:33:07.402714: | [14 is OAKLEY_GROUP_MODP2048] Aug 26 18:33:07.402716: | ******emit ISAKMP IPsec DOI attribute: Aug 26 18:33:07.402717: | af+type: AF+ENCAPSULATION_MODE (0x8004) Aug 26 18:33:07.402719: | length/value: 1 (0x1) Aug 26 18:33:07.402720: | [1 is ENCAPSULATION_MODE_TUNNEL] Aug 26 18:33:07.402722: | ******emit ISAKMP IPsec DOI attribute: Aug 26 18:33:07.402723: | af+type: AF+SA_LIFE_TYPE (0x8001) Aug 26 18:33:07.402725: | length/value: 1 (0x1) Aug 26 18:33:07.402726: | [1 is SA_LIFE_TYPE_SECONDS] Aug 26 18:33:07.402728: | ******emit ISAKMP IPsec DOI attribute: Aug 26 18:33:07.402729: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) Aug 26 18:33:07.402731: | length/value: 28800 (0x7080) Aug 26 18:33:07.402732: | ******emit ISAKMP IPsec DOI attribute: Aug 26 18:33:07.402734: | af+type: AF+AUTH_ALGORITHM (0x8005) Aug 26 18:33:07.402735: | length/value: 2 (0x2) Aug 26 18:33:07.402737: | [2 is AUTH_ALGORITHM_HMAC_SHA1] Aug 26 18:33:07.402738: | emitting length of ISAKMP Transform Payload (ESP): 28 Aug 26 18:33:07.402740: | emitting length of ISAKMP Proposal Payload: 72 Aug 26 18:33:07.402742: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' is 0 Aug 26 18:33:07.402743: | emitting length of ISAKMP Security Association Payload: 84 Aug 26 18:33:07.402745: | last substructure: checking 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' is 0 Aug 26 18:33:07.402747: | ***emit ISAKMP Nonce Payload: Aug 26 18:33:07.402749: | next payload type: ISAKMP_NEXT_KE (0x4) Aug 26 18:33:07.402751: | next payload chain: ignoring supplied 'ISAKMP Nonce Payload'.'next payload type' value 4:ISAKMP_NEXT_KE Aug 26 18:33:07.402753: | next payload chain: setting previous 'ISAKMP Security Association Payload'.'next payload type' to current ISAKMP Nonce Payload (10:ISAKMP_NEXT_NONCE) Aug 26 18:33:07.402754: | next payload chain: saving location 'ISAKMP Nonce Payload'.'next payload type' in 'reply packet' Aug 26 18:33:07.402756: | emitting 32 raw bytes of Ni into ISAKMP Nonce Payload Aug 26 18:33:07.402758: | Ni 6a 4e 11 47 77 06 5f f8 8a c5 0f aa c9 0d a3 50 Aug 26 18:33:07.402759: | Ni e6 1d 54 22 6a 1d 3b 53 23 f4 86 f3 73 ad 84 f9 Aug 26 18:33:07.402761: | emitting length of ISAKMP Nonce Payload: 36 Aug 26 18:33:07.402763: | ***emit ISAKMP Key Exchange Payload: Aug 26 18:33:07.402764: | next payload type: ISAKMP_NEXT_ID (0x5) Aug 26 18:33:07.402766: | next payload chain: ignoring supplied 'ISAKMP Key Exchange Payload'.'next payload type' value 5:ISAKMP_NEXT_ID Aug 26 18:33:07.402768: | next payload chain: setting previous 'ISAKMP Nonce Payload'.'next payload type' to current ISAKMP Key Exchange Payload (4:ISAKMP_NEXT_KE) Aug 26 18:33:07.402770: | next payload chain: saving location 'ISAKMP Key Exchange Payload'.'next payload type' in 'reply packet' Aug 26 18:33:07.402772: | emitting 256 raw bytes of keyex value into ISAKMP Key Exchange Payload Aug 26 18:33:07.402774: | keyex value 88 bf 46 5c f2 82 82 3a 81 51 24 22 e9 b2 e9 cc Aug 26 18:33:07.402776: | keyex value 15 6b ee f0 58 18 04 8c 9f 73 1b 11 15 bc 16 a8 Aug 26 18:33:07.402777: | keyex value e2 35 34 21 4f 2a 69 70 c9 ac 52 7e 07 49 79 d3 Aug 26 18:33:07.402779: | keyex value a3 8f d8 9b d5 b3 6f 56 93 08 7c ca 5b 29 5b 3e Aug 26 18:33:07.402780: | keyex value a5 df 0c 26 43 eb e5 fd 00 3c 4d 53 0e 26 ce 2f Aug 26 18:33:07.402782: | keyex value 10 07 1d a5 c7 52 e7 ba 98 56 9f 07 44 ba fd cf Aug 26 18:33:07.402783: | keyex value 33 4d 55 27 9e 92 44 4a 0a ea 50 bd f2 a4 24 50 Aug 26 18:33:07.402785: | keyex value 6d c4 bd 06 43 62 29 21 bc f2 9c b8 d6 74 6f 22 Aug 26 18:33:07.402786: | keyex value 32 47 66 36 30 ff 91 78 55 6c ae f4 bf fa 5d 72 Aug 26 18:33:07.402788: | keyex value 26 d5 f1 e5 83 03 df f4 be e5 d7 19 2c aa ee 69 Aug 26 18:33:07.402789: | keyex value 35 f8 b8 37 e2 6d ad f5 dc 49 bc 8f cd 2a 9a fc Aug 26 18:33:07.402791: | keyex value 9c 55 e8 bd 9e 97 e5 73 ef b8 ef 89 dd f3 6b 68 Aug 26 18:33:07.402792: | keyex value fb 35 38 df 7e cb d5 55 3e 44 65 6c 97 e6 97 59 Aug 26 18:33:07.402794: | keyex value a8 40 ee 25 a5 8a 67 47 65 35 22 7e fb e0 28 f9 Aug 26 18:33:07.402795: | keyex value 11 45 a2 ab 78 83 f6 3a fc 32 19 86 23 30 57 a3 Aug 26 18:33:07.402797: | keyex value 12 fa c9 0b e3 ff 24 af 25 21 5c 35 08 ee 87 73 Aug 26 18:33:07.402798: | emitting length of ISAKMP Key Exchange Payload: 260 Aug 26 18:33:07.402800: | ***emit ISAKMP Identification Payload (IPsec DOI): Aug 26 18:33:07.402802: | next payload type: ISAKMP_NEXT_ID (0x5) Aug 26 18:33:07.402803: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Aug 26 18:33:07.402805: | Protocol ID: 0 (0x0) Aug 26 18:33:07.402806: | port: 0 (0x0) Aug 26 18:33:07.402808: | next payload chain: ignoring supplied 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' value 5:ISAKMP_NEXT_ID Aug 26 18:33:07.402810: | next payload chain: setting previous 'ISAKMP Key Exchange Payload'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) Aug 26 18:33:07.402812: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' Aug 26 18:33:07.402814: | emitting 4 raw bytes of client network into ISAKMP Identification Payload (IPsec DOI) Aug 26 18:33:07.402815: | client network c0 00 03 00 Aug 26 18:33:07.402817: | emitting 4 raw bytes of client mask into ISAKMP Identification Payload (IPsec DOI) Aug 26 18:33:07.402819: | client mask ff ff ff 00 Aug 26 18:33:07.402820: | emitting length of ISAKMP Identification Payload (IPsec DOI): 16 Aug 26 18:33:07.402822: | ***emit ISAKMP Identification Payload (IPsec DOI): Aug 26 18:33:07.402824: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:33:07.402825: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Aug 26 18:33:07.402827: | Protocol ID: 0 (0x0) Aug 26 18:33:07.402828: | port: 0 (0x0) Aug 26 18:33:07.402830: | next payload chain: setting previous 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) Aug 26 18:33:07.402832: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' Aug 26 18:33:07.402834: | emitting 4 raw bytes of client network into ISAKMP Identification Payload (IPsec DOI) Aug 26 18:33:07.402835: | client network c0 00 02 00 Aug 26 18:33:07.402837: | emitting 4 raw bytes of client mask into ISAKMP Identification Payload (IPsec DOI) Aug 26 18:33:07.402838: | client mask ff ff ff 00 Aug 26 18:33:07.402840: | emitting length of ISAKMP Identification Payload (IPsec DOI): 16 Aug 26 18:33:07.402852: | outI1 HASH(1): Aug 26 18:33:07.402854: | 53 b5 21 e5 77 af 9b 1c 06 24 01 3d 4f cc c2 f5 Aug 26 18:33:07.402856: | b1 1e 8c 88 45 77 3a 6a 2d 00 85 10 95 d8 96 89 Aug 26 18:33:07.402861: | no IKEv1 message padding required Aug 26 18:33:07.402863: | emitting length of ISAKMP Message: 476 Aug 26 18:33:07.402871: | sending 476 bytes for reply packet from quick_outI1 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #5) Aug 26 18:33:07.402873: | b4 b9 92 b1 8c d6 51 ed 11 de db 08 7f 65 6e 7d Aug 26 18:33:07.402875: | 08 10 20 01 78 d8 34 18 00 00 01 dc 00 05 b1 cf Aug 26 18:33:07.402876: | eb ef e6 6d c3 4a 16 06 66 f9 4f f8 43 34 29 3d Aug 26 18:33:07.402878: | ca 06 34 94 ca 10 c3 6f 07 6f 75 8a 79 08 90 26 Aug 26 18:33:07.402879: | bc a3 57 e4 ad b5 fb e1 fb 3c cc 06 d6 d2 1f c4 Aug 26 18:33:07.402881: | ac 43 4b a4 18 cf 9f 14 06 33 55 cd f1 ae 7f 1f Aug 26 18:33:07.402882: | 30 48 6c 80 d8 3b 6b 03 91 f2 13 55 38 79 0e e8 Aug 26 18:33:07.402884: | d0 32 c6 56 75 ce f8 86 eb 24 03 a3 6c 44 02 a1 Aug 26 18:33:07.402885: | 05 ef 7c 86 82 b6 87 e1 9e 36 7d 43 1d b6 0f c9 Aug 26 18:33:07.402887: | 5d ef 73 03 63 5b a6 2d b6 29 9e 39 0d e2 a8 06 Aug 26 18:33:07.402888: | 9b a0 12 04 23 17 96 20 4b 5e 9e 7f ea fa aa 2f Aug 26 18:33:07.402890: | 68 54 d4 72 9c 92 68 ca 33 1a 3b a9 6a 88 92 a5 Aug 26 18:33:07.402891: | 83 b1 e0 ef 71 07 7e f3 9b f8 db 4f 87 4b af b0 Aug 26 18:33:07.402893: | 6c f7 7d f9 32 82 bd be 78 78 4a ac 5e 3e 1e 27 Aug 26 18:33:07.402894: | c2 a4 9b d2 23 63 20 95 8c 83 5e 95 96 15 69 c2 Aug 26 18:33:07.402896: | 88 dc fd e7 8b a4 be b8 9e 49 7b 0a b5 97 25 49 Aug 26 18:33:07.402897: | 04 18 51 00 6b 4d 7f 2d 73 f8 68 5a f9 e2 bb d9 Aug 26 18:33:07.402899: | 73 cf 23 b7 c4 fc af cb 83 ff b7 85 70 39 ab 84 Aug 26 18:33:07.402900: | a1 b5 42 47 b4 ab a2 03 9a dc cd ae 11 0d 20 73 Aug 26 18:33:07.402902: | 63 fa 94 d6 8a 04 dc 2d cb d8 bf b9 81 cb 3e 69 Aug 26 18:33:07.402903: | 4f 93 5c fd f4 b1 39 f4 c3 6a 5a 2b f9 28 8f 14 Aug 26 18:33:07.402904: | 6f bb ac d3 9c b9 55 a1 11 15 e7 85 c0 32 35 ef Aug 26 18:33:07.402906: | 3e f4 3a 46 0a 1f 6f ea 5e bb 65 af bc 84 bf 8b Aug 26 18:33:07.402907: | 19 30 7b 44 7b 85 27 b6 a8 df 82 2a 61 a7 37 f5 Aug 26 18:33:07.402909: | 1c db 52 f2 2e 09 8f f8 a5 f1 c5 80 ed d5 d3 3d Aug 26 18:33:07.402910: | e0 ce a9 a6 1b 5d e2 41 08 ec 9a 97 e7 20 f4 00 Aug 26 18:33:07.402912: | 74 76 1a bf c1 c7 07 33 86 4e cb a4 f5 d5 34 c7 Aug 26 18:33:07.402913: | 33 0a 4b eb f1 25 dd 34 2c c6 b5 99 a5 51 55 fc Aug 26 18:33:07.402915: | 54 cb 9d 3e cc ca 48 80 61 e2 bd 5f 3e 98 44 37 Aug 26 18:33:07.402916: | 6f 66 87 3b cc 1c e2 99 85 ff ec 45 Aug 26 18:33:07.402922: ERROR: "north-dpd/0x1" #5: sendto on eth1 to 192.1.2.23:500 failed in reply packet from quick_outI1. Errno 113: No route to host Aug 26 18:33:07.402924: | state #5 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 18:33:07.402926: | libevent_free: release ptr-libevent@0x55a94fbef668 Aug 26 18:33:07.402928: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55a94fbd3ed8 Aug 26 18:33:07.402930: | event_schedule: new EVENT_RETRANSMIT-pe@0x7f548c002b78 Aug 26 18:33:07.402933: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #5 Aug 26 18:33:07.402935: | libevent_malloc: new ptr-libevent@0x7f548c002888 size 128 Aug 26 18:33:07.402937: | #5 STATE_QUICK_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 29673.145397 Aug 26 18:33:07.402940: | resume sending helper answer for #5 suppresed complete_v1_state_transition() Aug 26 18:33:07.402943: | #5 spent 0.369 milliseconds in resume sending helper answer Aug 26 18:33:07.402946: | stop processing: state #5 connection "north-dpd/0x1" from 192.1.2.23 (in resume_handler() at server.c:833) Aug 26 18:33:07.402948: | libevent_free: release ptr-libevent@0x7f54a00072a8 Aug 26 18:33:07.903337: | timer_event_cb: processing event@0x55a94fbcf2d8 Aug 26 18:33:07.903352: | handling event EVENT_RETRANSMIT for child state #4 Aug 26 18:33:07.903358: | start processing: state #4 connection "north-dpd/0x2" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 18:33:07.903363: | IKEv1 retransmit event Aug 26 18:33:07.903367: | [RE]START processing: state #4 connection "north-dpd/0x2" from 192.1.2.23 (in retransmit_v1_msg() at retry.c:61) Aug 26 18:33:07.903370: | handling event EVENT_RETRANSMIT for 192.1.2.23 "north-dpd/0x2" #4 keying attempt 1 of 0; retransmit 1 Aug 26 18:33:07.903374: | retransmits: current time 29673.645839; retransmit count 0 exceeds limit? NO; deltatime 0.5 exceeds limit? NO; monotime 0.500826 exceeds limit? NO Aug 26 18:33:07.903377: | event_schedule: new EVENT_RETRANSMIT-pe@0x55a94fbcd948 Aug 26 18:33:07.903379: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #4 Aug 26 18:33:07.903382: | libevent_malloc: new ptr-libevent@0x7f54a00072a8 size 128 Aug 26 18:33:07.903385: "north-dpd/0x2" #4: STATE_QUICK_I1: retransmission; will wait 0.5 seconds for response Aug 26 18:33:07.903391: | sending 476 bytes for EVENT_RETRANSMIT through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #4) Aug 26 18:33:07.903393: | b4 b9 92 b1 8c d6 51 ed 11 de db 08 7f 65 6e 7d Aug 26 18:33:07.903394: | 08 10 20 01 b6 39 03 a6 00 00 01 dc 54 ea 7c 43 Aug 26 18:33:07.903396: | 1c 97 7f e6 69 37 b5 08 79 79 fc 5f 77 3e a4 6e Aug 26 18:33:07.903397: | a9 ce 78 52 9c 8d 22 6f a7 b9 f0 f4 fa 2e 96 50 Aug 26 18:33:07.903399: | 5b 44 12 c0 cf 98 1b 09 86 21 6a d8 dc af 84 f9 Aug 26 18:33:07.903400: | 0b 00 e6 c1 30 f5 48 b8 34 eb 70 09 9d 20 7a a8 Aug 26 18:33:07.903401: | c8 71 39 5a 82 10 df bb 54 cf 90 06 f1 d6 8c dd Aug 26 18:33:07.903403: | ae 5a 47 3a 09 40 f8 56 59 d1 72 bd ec bf 36 61 Aug 26 18:33:07.903404: | d9 d3 9d 05 5e 5e 89 87 aa 38 25 64 b8 b2 d5 57 Aug 26 18:33:07.903406: | 40 31 68 fe 09 1a 92 5d b1 1d a6 0e b5 a5 c7 69 Aug 26 18:33:07.903407: | 1b 80 fa 85 0c e2 1e f4 2c aa 61 ee df 5e d0 23 Aug 26 18:33:07.903409: | db 16 08 4d 6c 57 e7 f3 e3 ee 12 67 c3 65 1c e4 Aug 26 18:33:07.903410: | 17 95 6b 5c 49 a7 af 59 a1 ca 7f 40 e2 7c 7c 6a Aug 26 18:33:07.903412: | af 2d a8 4e af 7e 82 70 58 c8 be 62 70 40 09 f1 Aug 26 18:33:07.903413: | bf a6 a3 53 91 4d 60 fb 52 6f 83 1b c8 ca 95 8d Aug 26 18:33:07.903415: | 31 ab 51 d3 da 0f 7e e5 a3 a2 43 2f 70 40 64 77 Aug 26 18:33:07.903416: | 1b 23 29 ea 31 1e 9e 8f 84 47 50 43 b0 15 10 54 Aug 26 18:33:07.903418: | 99 74 78 97 39 37 ec 1a 5f 89 ef c3 5d 06 02 4b Aug 26 18:33:07.903419: | 9c 04 7f ab 23 1c 61 15 9a 3d 07 a4 cb 61 f9 33 Aug 26 18:33:07.903421: | 83 a9 81 d9 c9 e1 75 05 e5 af 86 50 d5 8f 3a fd Aug 26 18:33:07.903422: | b6 92 2e a3 86 a5 36 7b cc 81 89 1b cc 34 06 0b Aug 26 18:33:07.903424: | db d1 8a 5d f7 20 27 d6 5d 0a de 76 f7 c2 f1 e2 Aug 26 18:33:07.903425: | 0d 5b 6e ba a6 51 5d cb b3 7b 51 38 68 1a 2c 5a Aug 26 18:33:07.903427: | 8c 5a f8 d0 8e 7a 96 cf 3b 27 03 12 11 9c ea f6 Aug 26 18:33:07.903428: | d2 e1 a5 a9 0f e8 a5 e6 cb d6 1e 83 46 49 78 49 Aug 26 18:33:07.903430: | df c0 6f 82 80 91 38 46 15 ce c7 5c ce 3e b3 3b Aug 26 18:33:07.903431: | 56 b8 6b 70 db 53 d8 05 c1 94 bd 48 39 c8 1b 59 Aug 26 18:33:07.903433: | 62 0d 11 84 e2 57 00 bc 3b 9c 3e 4b 86 f6 25 22 Aug 26 18:33:07.903434: | 9f 44 3b a7 0c 6b 5d f0 24 30 01 14 f2 a2 63 8a Aug 26 18:33:07.903435: | f3 39 60 c7 e5 ad 00 bc df a1 b5 34 Aug 26 18:33:07.903447: ERROR: "north-dpd/0x2" #4: sendto on eth1 to 192.1.2.23:500 failed in EVENT_RETRANSMIT. Errno 113: No route to host Aug 26 18:33:07.903450: | libevent_free: release ptr-libevent@0x55a94fbe9308 Aug 26 18:33:07.903452: | free_event_entry: release EVENT_RETRANSMIT-pe@0x55a94fbcf2d8 Aug 26 18:33:07.903458: | #4 spent 0.122 milliseconds in timer_event_cb() EVENT_RETRANSMIT Aug 26 18:33:07.903461: | stop processing: state #4 connection "north-dpd/0x2" from 192.1.2.23 (in timer_event_cb() at timer.c:557) Aug 26 18:33:07.903464: | timer_event_cb: processing event@0x7f548c002b78 Aug 26 18:33:07.903465: | handling event EVENT_RETRANSMIT for child state #5 Aug 26 18:33:07.903468: | start processing: state #5 connection "north-dpd/0x1" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 18:33:07.903471: | IKEv1 retransmit event Aug 26 18:33:07.903474: | [RE]START processing: state #5 connection "north-dpd/0x1" from 192.1.2.23 (in retransmit_v1_msg() at retry.c:61) Aug 26 18:33:07.903477: | handling event EVENT_RETRANSMIT for 192.1.2.23 "north-dpd/0x1" #5 keying attempt 1 of 0; retransmit 1 Aug 26 18:33:07.903480: | retransmits: current time 29673.645946; retransmit count 0 exceeds limit? NO; deltatime 0.5 exceeds limit? NO; monotime 0.500549 exceeds limit? NO Aug 26 18:33:07.903482: | event_schedule: new EVENT_RETRANSMIT-pe@0x55a94fbcf2d8 Aug 26 18:33:07.903484: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #5 Aug 26 18:33:07.903486: | libevent_malloc: new ptr-libevent@0x55a94fbe9308 size 128 Aug 26 18:33:07.903488: "north-dpd/0x1" #5: STATE_QUICK_I1: retransmission; will wait 0.5 seconds for response Aug 26 18:33:07.903491: | sending 476 bytes for EVENT_RETRANSMIT through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #5) Aug 26 18:33:07.903493: | b4 b9 92 b1 8c d6 51 ed 11 de db 08 7f 65 6e 7d Aug 26 18:33:07.903494: | 08 10 20 01 78 d8 34 18 00 00 01 dc 00 05 b1 cf Aug 26 18:33:07.903496: | eb ef e6 6d c3 4a 16 06 66 f9 4f f8 43 34 29 3d Aug 26 18:33:07.903497: | ca 06 34 94 ca 10 c3 6f 07 6f 75 8a 79 08 90 26 Aug 26 18:33:07.903499: | bc a3 57 e4 ad b5 fb e1 fb 3c cc 06 d6 d2 1f c4 Aug 26 18:33:07.903500: | ac 43 4b a4 18 cf 9f 14 06 33 55 cd f1 ae 7f 1f Aug 26 18:33:07.903502: | 30 48 6c 80 d8 3b 6b 03 91 f2 13 55 38 79 0e e8 Aug 26 18:33:07.903503: | d0 32 c6 56 75 ce f8 86 eb 24 03 a3 6c 44 02 a1 Aug 26 18:33:07.903504: | 05 ef 7c 86 82 b6 87 e1 9e 36 7d 43 1d b6 0f c9 Aug 26 18:33:07.903506: | 5d ef 73 03 63 5b a6 2d b6 29 9e 39 0d e2 a8 06 Aug 26 18:33:07.903507: | 9b a0 12 04 23 17 96 20 4b 5e 9e 7f ea fa aa 2f Aug 26 18:33:07.903509: | 68 54 d4 72 9c 92 68 ca 33 1a 3b a9 6a 88 92 a5 Aug 26 18:33:07.903510: | 83 b1 e0 ef 71 07 7e f3 9b f8 db 4f 87 4b af b0 Aug 26 18:33:07.903512: | 6c f7 7d f9 32 82 bd be 78 78 4a ac 5e 3e 1e 27 Aug 26 18:33:07.903513: | c2 a4 9b d2 23 63 20 95 8c 83 5e 95 96 15 69 c2 Aug 26 18:33:07.903515: | 88 dc fd e7 8b a4 be b8 9e 49 7b 0a b5 97 25 49 Aug 26 18:33:07.903516: | 04 18 51 00 6b 4d 7f 2d 73 f8 68 5a f9 e2 bb d9 Aug 26 18:33:07.903518: | 73 cf 23 b7 c4 fc af cb 83 ff b7 85 70 39 ab 84 Aug 26 18:33:07.903519: | a1 b5 42 47 b4 ab a2 03 9a dc cd ae 11 0d 20 73 Aug 26 18:33:07.903521: | 63 fa 94 d6 8a 04 dc 2d cb d8 bf b9 81 cb 3e 69 Aug 26 18:33:07.903522: | 4f 93 5c fd f4 b1 39 f4 c3 6a 5a 2b f9 28 8f 14 Aug 26 18:33:07.903524: | 6f bb ac d3 9c b9 55 a1 11 15 e7 85 c0 32 35 ef Aug 26 18:33:07.903525: | 3e f4 3a 46 0a 1f 6f ea 5e bb 65 af bc 84 bf 8b Aug 26 18:33:07.903527: | 19 30 7b 44 7b 85 27 b6 a8 df 82 2a 61 a7 37 f5 Aug 26 18:33:07.903528: | 1c db 52 f2 2e 09 8f f8 a5 f1 c5 80 ed d5 d3 3d Aug 26 18:33:07.903530: | e0 ce a9 a6 1b 5d e2 41 08 ec 9a 97 e7 20 f4 00 Aug 26 18:33:07.903531: | 74 76 1a bf c1 c7 07 33 86 4e cb a4 f5 d5 34 c7 Aug 26 18:33:07.903533: | 33 0a 4b eb f1 25 dd 34 2c c6 b5 99 a5 51 55 fc Aug 26 18:33:07.903534: | 54 cb 9d 3e cc ca 48 80 61 e2 bd 5f 3e 98 44 37 Aug 26 18:33:07.903535: | 6f 66 87 3b cc 1c e2 99 85 ff ec 45 Aug 26 18:33:07.903540: ERROR: "north-dpd/0x1" #5: sendto on eth1 to 192.1.2.23:500 failed in EVENT_RETRANSMIT. Errno 113: No route to host Aug 26 18:33:07.903542: | libevent_free: release ptr-libevent@0x7f548c002888 Aug 26 18:33:07.903543: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f548c002b78 Aug 26 18:33:07.903547: | #5 spent 0.0822 milliseconds in timer_event_cb() EVENT_RETRANSMIT Aug 26 18:33:07.903549: | stop processing: state #5 connection "north-dpd/0x1" from 192.1.2.23 (in timer_event_cb() at timer.c:557) Aug 26 18:33:08.405149: | timer_event_cb: processing event@0x55a94fbcd948 Aug 26 18:33:08.405163: | handling event EVENT_RETRANSMIT for child state #4 Aug 26 18:33:08.405172: | start processing: state #4 connection "north-dpd/0x2" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 18:33:08.405175: | IKEv1 retransmit event Aug 26 18:33:08.405178: | [RE]START processing: state #4 connection "north-dpd/0x2" from 192.1.2.23 (in retransmit_v1_msg() at retry.c:61) Aug 26 18:33:08.405182: | handling event EVENT_RETRANSMIT for 192.1.2.23 "north-dpd/0x2" #4 keying attempt 1 of 0; retransmit 2 Aug 26 18:33:08.405186: | retransmits: current time 29674.147651; retransmit count 1 exceeds limit? NO; deltatime 1 exceeds limit? NO; monotime 1.002638 exceeds limit? NO Aug 26 18:33:08.405189: | event_schedule: new EVENT_RETRANSMIT-pe@0x7f548c002b78 Aug 26 18:33:08.405192: | inserting event EVENT_RETRANSMIT, timeout in 1 seconds for #4 Aug 26 18:33:08.405194: | libevent_malloc: new ptr-libevent@0x7f548c002888 size 128 Aug 26 18:33:08.405198: "north-dpd/0x2" #4: STATE_QUICK_I1: retransmission; will wait 1 seconds for response Aug 26 18:33:08.405203: | sending 476 bytes for EVENT_RETRANSMIT through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #4) Aug 26 18:33:08.405205: | b4 b9 92 b1 8c d6 51 ed 11 de db 08 7f 65 6e 7d Aug 26 18:33:08.405207: | 08 10 20 01 b6 39 03 a6 00 00 01 dc 54 ea 7c 43 Aug 26 18:33:08.405208: | 1c 97 7f e6 69 37 b5 08 79 79 fc 5f 77 3e a4 6e Aug 26 18:33:08.405210: | a9 ce 78 52 9c 8d 22 6f a7 b9 f0 f4 fa 2e 96 50 Aug 26 18:33:08.405211: | 5b 44 12 c0 cf 98 1b 09 86 21 6a d8 dc af 84 f9 Aug 26 18:33:08.405213: | 0b 00 e6 c1 30 f5 48 b8 34 eb 70 09 9d 20 7a a8 Aug 26 18:33:08.405214: | c8 71 39 5a 82 10 df bb 54 cf 90 06 f1 d6 8c dd Aug 26 18:33:08.405216: | ae 5a 47 3a 09 40 f8 56 59 d1 72 bd ec bf 36 61 Aug 26 18:33:08.405217: | d9 d3 9d 05 5e 5e 89 87 aa 38 25 64 b8 b2 d5 57 Aug 26 18:33:08.405219: | 40 31 68 fe 09 1a 92 5d b1 1d a6 0e b5 a5 c7 69 Aug 26 18:33:08.405220: | 1b 80 fa 85 0c e2 1e f4 2c aa 61 ee df 5e d0 23 Aug 26 18:33:08.405222: | db 16 08 4d 6c 57 e7 f3 e3 ee 12 67 c3 65 1c e4 Aug 26 18:33:08.405223: | 17 95 6b 5c 49 a7 af 59 a1 ca 7f 40 e2 7c 7c 6a Aug 26 18:33:08.405225: | af 2d a8 4e af 7e 82 70 58 c8 be 62 70 40 09 f1 Aug 26 18:33:08.405226: | bf a6 a3 53 91 4d 60 fb 52 6f 83 1b c8 ca 95 8d Aug 26 18:33:08.405228: | 31 ab 51 d3 da 0f 7e e5 a3 a2 43 2f 70 40 64 77 Aug 26 18:33:08.405229: | 1b 23 29 ea 31 1e 9e 8f 84 47 50 43 b0 15 10 54 Aug 26 18:33:08.405231: | 99 74 78 97 39 37 ec 1a 5f 89 ef c3 5d 06 02 4b Aug 26 18:33:08.405232: | 9c 04 7f ab 23 1c 61 15 9a 3d 07 a4 cb 61 f9 33 Aug 26 18:33:08.405234: | 83 a9 81 d9 c9 e1 75 05 e5 af 86 50 d5 8f 3a fd Aug 26 18:33:08.405235: | b6 92 2e a3 86 a5 36 7b cc 81 89 1b cc 34 06 0b Aug 26 18:33:08.405237: | db d1 8a 5d f7 20 27 d6 5d 0a de 76 f7 c2 f1 e2 Aug 26 18:33:08.405238: | 0d 5b 6e ba a6 51 5d cb b3 7b 51 38 68 1a 2c 5a Aug 26 18:33:08.405240: | 8c 5a f8 d0 8e 7a 96 cf 3b 27 03 12 11 9c ea f6 Aug 26 18:33:08.405241: | d2 e1 a5 a9 0f e8 a5 e6 cb d6 1e 83 46 49 78 49 Aug 26 18:33:08.405243: | df c0 6f 82 80 91 38 46 15 ce c7 5c ce 3e b3 3b Aug 26 18:33:08.405244: | 56 b8 6b 70 db 53 d8 05 c1 94 bd 48 39 c8 1b 59 Aug 26 18:33:08.405246: | 62 0d 11 84 e2 57 00 bc 3b 9c 3e 4b 86 f6 25 22 Aug 26 18:33:08.405247: | 9f 44 3b a7 0c 6b 5d f0 24 30 01 14 f2 a2 63 8a Aug 26 18:33:08.405249: | f3 39 60 c7 e5 ad 00 bc df a1 b5 34 Aug 26 18:33:08.405261: ERROR: "north-dpd/0x2" #4: sendto on eth1 to 192.1.2.23:500 failed in EVENT_RETRANSMIT. Errno 113: No route to host Aug 26 18:33:08.405264: | libevent_free: release ptr-libevent@0x7f54a00072a8 Aug 26 18:33:08.405266: | free_event_entry: release EVENT_RETRANSMIT-pe@0x55a94fbcd948 Aug 26 18:33:08.405273: | #4 spent 0.125 milliseconds in timer_event_cb() EVENT_RETRANSMIT Aug 26 18:33:08.405276: | stop processing: state #4 connection "north-dpd/0x2" from 192.1.2.23 (in timer_event_cb() at timer.c:557) Aug 26 18:33:08.405278: | timer_event_cb: processing event@0x55a94fbcf2d8 Aug 26 18:33:08.405280: | handling event EVENT_RETRANSMIT for child state #5 Aug 26 18:33:08.405285: | start processing: state #5 connection "north-dpd/0x1" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 18:33:08.405287: | IKEv1 retransmit event Aug 26 18:33:08.405299: | [RE]START processing: state #5 connection "north-dpd/0x1" from 192.1.2.23 (in retransmit_v1_msg() at retry.c:61) Aug 26 18:33:08.405302: | handling event EVENT_RETRANSMIT for 192.1.2.23 "north-dpd/0x1" #5 keying attempt 1 of 0; retransmit 2 Aug 26 18:33:08.405306: | retransmits: current time 29674.147771; retransmit count 1 exceeds limit? NO; deltatime 1 exceeds limit? NO; monotime 1.002374 exceeds limit? NO Aug 26 18:33:08.405308: | event_schedule: new EVENT_RETRANSMIT-pe@0x55a94fbcd948 Aug 26 18:33:08.405310: | inserting event EVENT_RETRANSMIT, timeout in 1 seconds for #5 Aug 26 18:33:08.405312: | libevent_malloc: new ptr-libevent@0x7f54a00072a8 size 128 Aug 26 18:33:08.405314: "north-dpd/0x1" #5: STATE_QUICK_I1: retransmission; will wait 1 seconds for response Aug 26 18:33:08.405318: | sending 476 bytes for EVENT_RETRANSMIT through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #5) Aug 26 18:33:08.405320: | b4 b9 92 b1 8c d6 51 ed 11 de db 08 7f 65 6e 7d Aug 26 18:33:08.405321: | 08 10 20 01 78 d8 34 18 00 00 01 dc 00 05 b1 cf Aug 26 18:33:08.405323: | eb ef e6 6d c3 4a 16 06 66 f9 4f f8 43 34 29 3d Aug 26 18:33:08.405324: | ca 06 34 94 ca 10 c3 6f 07 6f 75 8a 79 08 90 26 Aug 26 18:33:08.405326: | bc a3 57 e4 ad b5 fb e1 fb 3c cc 06 d6 d2 1f c4 Aug 26 18:33:08.405327: | ac 43 4b a4 18 cf 9f 14 06 33 55 cd f1 ae 7f 1f Aug 26 18:33:08.405329: | 30 48 6c 80 d8 3b 6b 03 91 f2 13 55 38 79 0e e8 Aug 26 18:33:08.405330: | d0 32 c6 56 75 ce f8 86 eb 24 03 a3 6c 44 02 a1 Aug 26 18:33:08.405332: | 05 ef 7c 86 82 b6 87 e1 9e 36 7d 43 1d b6 0f c9 Aug 26 18:33:08.405333: | 5d ef 73 03 63 5b a6 2d b6 29 9e 39 0d e2 a8 06 Aug 26 18:33:08.405335: | 9b a0 12 04 23 17 96 20 4b 5e 9e 7f ea fa aa 2f Aug 26 18:33:08.405336: | 68 54 d4 72 9c 92 68 ca 33 1a 3b a9 6a 88 92 a5 Aug 26 18:33:08.405338: | 83 b1 e0 ef 71 07 7e f3 9b f8 db 4f 87 4b af b0 Aug 26 18:33:08.405339: | 6c f7 7d f9 32 82 bd be 78 78 4a ac 5e 3e 1e 27 Aug 26 18:33:08.405341: | c2 a4 9b d2 23 63 20 95 8c 83 5e 95 96 15 69 c2 Aug 26 18:33:08.405342: | 88 dc fd e7 8b a4 be b8 9e 49 7b 0a b5 97 25 49 Aug 26 18:33:08.405344: | 04 18 51 00 6b 4d 7f 2d 73 f8 68 5a f9 e2 bb d9 Aug 26 18:33:08.405345: | 73 cf 23 b7 c4 fc af cb 83 ff b7 85 70 39 ab 84 Aug 26 18:33:08.405347: | a1 b5 42 47 b4 ab a2 03 9a dc cd ae 11 0d 20 73 Aug 26 18:33:08.405348: | 63 fa 94 d6 8a 04 dc 2d cb d8 bf b9 81 cb 3e 69 Aug 26 18:33:08.405350: | 4f 93 5c fd f4 b1 39 f4 c3 6a 5a 2b f9 28 8f 14 Aug 26 18:33:08.405351: | 6f bb ac d3 9c b9 55 a1 11 15 e7 85 c0 32 35 ef Aug 26 18:33:08.405353: | 3e f4 3a 46 0a 1f 6f ea 5e bb 65 af bc 84 bf 8b Aug 26 18:33:08.405354: | 19 30 7b 44 7b 85 27 b6 a8 df 82 2a 61 a7 37 f5 Aug 26 18:33:08.405356: | 1c db 52 f2 2e 09 8f f8 a5 f1 c5 80 ed d5 d3 3d Aug 26 18:33:08.405357: | e0 ce a9 a6 1b 5d e2 41 08 ec 9a 97 e7 20 f4 00 Aug 26 18:33:08.405359: | 74 76 1a bf c1 c7 07 33 86 4e cb a4 f5 d5 34 c7 Aug 26 18:33:08.405360: | 33 0a 4b eb f1 25 dd 34 2c c6 b5 99 a5 51 55 fc Aug 26 18:33:08.405362: | 54 cb 9d 3e cc ca 48 80 61 e2 bd 5f 3e 98 44 37 Aug 26 18:33:08.405363: | 6f 66 87 3b cc 1c e2 99 85 ff ec 45 Aug 26 18:33:08.405368: ERROR: "north-dpd/0x1" #5: sendto on eth1 to 192.1.2.23:500 failed in EVENT_RETRANSMIT. Errno 113: No route to host Aug 26 18:33:08.405370: | libevent_free: release ptr-libevent@0x55a94fbe9308 Aug 26 18:33:08.405372: | free_event_entry: release EVENT_RETRANSMIT-pe@0x55a94fbcf2d8 Aug 26 18:33:08.405375: | #5 spent 0.0908 milliseconds in timer_event_cb() EVENT_RETRANSMIT Aug 26 18:33:08.405378: | stop processing: state #5 connection "north-dpd/0x1" from 192.1.2.23 (in timer_event_cb() at timer.c:557) Aug 26 18:33:09.406315: | timer_event_cb: processing event@0x7f548c002b78 Aug 26 18:33:09.406338: | handling event EVENT_RETRANSMIT for child state #4 Aug 26 18:33:09.406347: | start processing: state #4 connection "north-dpd/0x2" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 18:33:09.406351: | IKEv1 retransmit event Aug 26 18:33:09.406356: | [RE]START processing: state #4 connection "north-dpd/0x2" from 192.1.2.23 (in retransmit_v1_msg() at retry.c:61) Aug 26 18:33:09.406360: | handling event EVENT_RETRANSMIT for 192.1.2.23 "north-dpd/0x2" #4 keying attempt 1 of 0; retransmit 3 Aug 26 18:33:09.406366: | retransmits: current time 29675.14883; retransmit count 2 exceeds limit? NO; deltatime 2 exceeds limit? NO; monotime 2.003817 exceeds limit? NO Aug 26 18:33:09.406370: | event_schedule: new EVENT_RETRANSMIT-pe@0x55a94fbcf2d8 Aug 26 18:33:09.406374: | inserting event EVENT_RETRANSMIT, timeout in 2 seconds for #4 Aug 26 18:33:09.406377: | libevent_malloc: new ptr-libevent@0x55a94fbe9308 size 128 Aug 26 18:33:09.406381: "north-dpd/0x2" #4: STATE_QUICK_I1: retransmission; will wait 2 seconds for response Aug 26 18:33:09.406388: | sending 476 bytes for EVENT_RETRANSMIT through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #4) Aug 26 18:33:09.406391: | b4 b9 92 b1 8c d6 51 ed 11 de db 08 7f 65 6e 7d Aug 26 18:33:09.406393: | 08 10 20 01 b6 39 03 a6 00 00 01 dc 54 ea 7c 43 Aug 26 18:33:09.406396: | 1c 97 7f e6 69 37 b5 08 79 79 fc 5f 77 3e a4 6e Aug 26 18:33:09.406398: | a9 ce 78 52 9c 8d 22 6f a7 b9 f0 f4 fa 2e 96 50 Aug 26 18:33:09.406400: | 5b 44 12 c0 cf 98 1b 09 86 21 6a d8 dc af 84 f9 Aug 26 18:33:09.406402: | 0b 00 e6 c1 30 f5 48 b8 34 eb 70 09 9d 20 7a a8 Aug 26 18:33:09.406404: | c8 71 39 5a 82 10 df bb 54 cf 90 06 f1 d6 8c dd Aug 26 18:33:09.406406: | ae 5a 47 3a 09 40 f8 56 59 d1 72 bd ec bf 36 61 Aug 26 18:33:09.406409: | d9 d3 9d 05 5e 5e 89 87 aa 38 25 64 b8 b2 d5 57 Aug 26 18:33:09.406411: | 40 31 68 fe 09 1a 92 5d b1 1d a6 0e b5 a5 c7 69 Aug 26 18:33:09.406413: | 1b 80 fa 85 0c e2 1e f4 2c aa 61 ee df 5e d0 23 Aug 26 18:33:09.406415: | db 16 08 4d 6c 57 e7 f3 e3 ee 12 67 c3 65 1c e4 Aug 26 18:33:09.406417: | 17 95 6b 5c 49 a7 af 59 a1 ca 7f 40 e2 7c 7c 6a Aug 26 18:33:09.406419: | af 2d a8 4e af 7e 82 70 58 c8 be 62 70 40 09 f1 Aug 26 18:33:09.406422: | bf a6 a3 53 91 4d 60 fb 52 6f 83 1b c8 ca 95 8d Aug 26 18:33:09.406424: | 31 ab 51 d3 da 0f 7e e5 a3 a2 43 2f 70 40 64 77 Aug 26 18:33:09.406426: | 1b 23 29 ea 31 1e 9e 8f 84 47 50 43 b0 15 10 54 Aug 26 18:33:09.406428: | 99 74 78 97 39 37 ec 1a 5f 89 ef c3 5d 06 02 4b Aug 26 18:33:09.406430: | 9c 04 7f ab 23 1c 61 15 9a 3d 07 a4 cb 61 f9 33 Aug 26 18:33:09.406432: | 83 a9 81 d9 c9 e1 75 05 e5 af 86 50 d5 8f 3a fd Aug 26 18:33:09.406435: | b6 92 2e a3 86 a5 36 7b cc 81 89 1b cc 34 06 0b Aug 26 18:33:09.406437: | db d1 8a 5d f7 20 27 d6 5d 0a de 76 f7 c2 f1 e2 Aug 26 18:33:09.406439: | 0d 5b 6e ba a6 51 5d cb b3 7b 51 38 68 1a 2c 5a Aug 26 18:33:09.406441: | 8c 5a f8 d0 8e 7a 96 cf 3b 27 03 12 11 9c ea f6 Aug 26 18:33:09.406443: | d2 e1 a5 a9 0f e8 a5 e6 cb d6 1e 83 46 49 78 49 Aug 26 18:33:09.406445: | df c0 6f 82 80 91 38 46 15 ce c7 5c ce 3e b3 3b Aug 26 18:33:09.406447: | 56 b8 6b 70 db 53 d8 05 c1 94 bd 48 39 c8 1b 59 Aug 26 18:33:09.406450: | 62 0d 11 84 e2 57 00 bc 3b 9c 3e 4b 86 f6 25 22 Aug 26 18:33:09.406452: | 9f 44 3b a7 0c 6b 5d f0 24 30 01 14 f2 a2 63 8a Aug 26 18:33:09.406454: | f3 39 60 c7 e5 ad 00 bc df a1 b5 34 Aug 26 18:33:09.406468: ERROR: "north-dpd/0x2" #4: sendto on eth1 to 192.1.2.23:500 failed in EVENT_RETRANSMIT. Errno 113: No route to host Aug 26 18:33:09.406473: | libevent_free: release ptr-libevent@0x7f548c002888 Aug 26 18:33:09.406476: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f548c002b78 Aug 26 18:33:09.406483: | #4 spent 0.169 milliseconds in timer_event_cb() EVENT_RETRANSMIT Aug 26 18:33:09.406490: | stop processing: state #4 connection "north-dpd/0x2" from 192.1.2.23 (in timer_event_cb() at timer.c:557) Aug 26 18:33:09.406494: | timer_event_cb: processing event@0x55a94fbcd948 Aug 26 18:33:09.406499: | handling event EVENT_RETRANSMIT for child state #5 Aug 26 18:33:09.406504: | start processing: state #5 connection "north-dpd/0x1" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 18:33:09.406507: | IKEv1 retransmit event Aug 26 18:33:09.406511: | [RE]START processing: state #5 connection "north-dpd/0x1" from 192.1.2.23 (in retransmit_v1_msg() at retry.c:61) Aug 26 18:33:09.406514: | handling event EVENT_RETRANSMIT for 192.1.2.23 "north-dpd/0x1" #5 keying attempt 1 of 0; retransmit 3 Aug 26 18:33:09.406520: | retransmits: current time 29675.148984; retransmit count 2 exceeds limit? NO; deltatime 2 exceeds limit? NO; monotime 2.003587 exceeds limit? NO Aug 26 18:33:09.406522: | event_schedule: new EVENT_RETRANSMIT-pe@0x7f548c002b78 Aug 26 18:33:09.406526: | inserting event EVENT_RETRANSMIT, timeout in 2 seconds for #5 Aug 26 18:33:09.406528: | libevent_malloc: new ptr-libevent@0x7f548c002888 size 128 Aug 26 18:33:09.406531: "north-dpd/0x1" #5: STATE_QUICK_I1: retransmission; will wait 2 seconds for response Aug 26 18:33:09.406536: | sending 476 bytes for EVENT_RETRANSMIT through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #5) Aug 26 18:33:09.406538: | b4 b9 92 b1 8c d6 51 ed 11 de db 08 7f 65 6e 7d Aug 26 18:33:09.406540: | 08 10 20 01 78 d8 34 18 00 00 01 dc 00 05 b1 cf Aug 26 18:33:09.406543: | eb ef e6 6d c3 4a 16 06 66 f9 4f f8 43 34 29 3d Aug 26 18:33:09.406545: | ca 06 34 94 ca 10 c3 6f 07 6f 75 8a 79 08 90 26 Aug 26 18:33:09.406547: | bc a3 57 e4 ad b5 fb e1 fb 3c cc 06 d6 d2 1f c4 Aug 26 18:33:09.406549: | ac 43 4b a4 18 cf 9f 14 06 33 55 cd f1 ae 7f 1f Aug 26 18:33:09.406551: | 30 48 6c 80 d8 3b 6b 03 91 f2 13 55 38 79 0e e8 Aug 26 18:33:09.406553: | d0 32 c6 56 75 ce f8 86 eb 24 03 a3 6c 44 02 a1 Aug 26 18:33:09.406556: | 05 ef 7c 86 82 b6 87 e1 9e 36 7d 43 1d b6 0f c9 Aug 26 18:33:09.406558: | 5d ef 73 03 63 5b a6 2d b6 29 9e 39 0d e2 a8 06 Aug 26 18:33:09.406560: | 9b a0 12 04 23 17 96 20 4b 5e 9e 7f ea fa aa 2f Aug 26 18:33:09.406562: | 68 54 d4 72 9c 92 68 ca 33 1a 3b a9 6a 88 92 a5 Aug 26 18:33:09.406564: | 83 b1 e0 ef 71 07 7e f3 9b f8 db 4f 87 4b af b0 Aug 26 18:33:09.406566: | 6c f7 7d f9 32 82 bd be 78 78 4a ac 5e 3e 1e 27 Aug 26 18:33:09.406569: | c2 a4 9b d2 23 63 20 95 8c 83 5e 95 96 15 69 c2 Aug 26 18:33:09.406571: | 88 dc fd e7 8b a4 be b8 9e 49 7b 0a b5 97 25 49 Aug 26 18:33:09.406573: | 04 18 51 00 6b 4d 7f 2d 73 f8 68 5a f9 e2 bb d9 Aug 26 18:33:09.406575: | 73 cf 23 b7 c4 fc af cb 83 ff b7 85 70 39 ab 84 Aug 26 18:33:09.406577: | a1 b5 42 47 b4 ab a2 03 9a dc cd ae 11 0d 20 73 Aug 26 18:33:09.406579: | 63 fa 94 d6 8a 04 dc 2d cb d8 bf b9 81 cb 3e 69 Aug 26 18:33:09.406581: | 4f 93 5c fd f4 b1 39 f4 c3 6a 5a 2b f9 28 8f 14 Aug 26 18:33:09.406584: | 6f bb ac d3 9c b9 55 a1 11 15 e7 85 c0 32 35 ef Aug 26 18:33:09.406586: | 3e f4 3a 46 0a 1f 6f ea 5e bb 65 af bc 84 bf 8b Aug 26 18:33:09.406588: | 19 30 7b 44 7b 85 27 b6 a8 df 82 2a 61 a7 37 f5 Aug 26 18:33:09.406591: | 1c db 52 f2 2e 09 8f f8 a5 f1 c5 80 ed d5 d3 3d Aug 26 18:33:09.406594: | e0 ce a9 a6 1b 5d e2 41 08 ec 9a 97 e7 20 f4 00 Aug 26 18:33:09.406598: | 74 76 1a bf c1 c7 07 33 86 4e cb a4 f5 d5 34 c7 Aug 26 18:33:09.406601: | 33 0a 4b eb f1 25 dd 34 2c c6 b5 99 a5 51 55 fc Aug 26 18:33:09.406605: | 54 cb 9d 3e cc ca 48 80 61 e2 bd 5f 3e 98 44 37 Aug 26 18:33:09.406608: | 6f 66 87 3b cc 1c e2 99 85 ff ec 45 Aug 26 18:33:09.406619: ERROR: "north-dpd/0x1" #5: sendto on eth1 to 192.1.2.23:500 failed in EVENT_RETRANSMIT. Errno 113: No route to host Aug 26 18:33:09.406624: | libevent_free: release ptr-libevent@0x7f54a00072a8 Aug 26 18:33:09.406629: | free_event_entry: release EVENT_RETRANSMIT-pe@0x55a94fbcd948 Aug 26 18:33:09.406637: | #5 spent 0.14 milliseconds in timer_event_cb() EVENT_RETRANSMIT Aug 26 18:33:09.406657: | stop processing: state #5 connection "north-dpd/0x1" from 192.1.2.23 (in timer_event_cb() at timer.c:557) Aug 26 18:33:11.408724: | timer_event_cb: processing event@0x55a94fbcf2d8 Aug 26 18:33:11.408744: | handling event EVENT_RETRANSMIT for child state #4 Aug 26 18:33:11.408754: | start processing: state #4 connection "north-dpd/0x2" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 18:33:11.408759: | IKEv1 retransmit event Aug 26 18:33:11.408765: | [RE]START processing: state #4 connection "north-dpd/0x2" from 192.1.2.23 (in retransmit_v1_msg() at retry.c:61) Aug 26 18:33:11.408770: | handling event EVENT_RETRANSMIT for 192.1.2.23 "north-dpd/0x2" #4 keying attempt 1 of 0; retransmit 4 Aug 26 18:33:11.408778: | retransmits: current time 29677.151241; retransmit count 3 exceeds limit? NO; deltatime 4 exceeds limit? NO; monotime 4.006228 exceeds limit? NO Aug 26 18:33:11.408783: | event_schedule: new EVENT_RETRANSMIT-pe@0x55a94fbcd948 Aug 26 18:33:11.408787: | inserting event EVENT_RETRANSMIT, timeout in 4 seconds for #4 Aug 26 18:33:11.408792: | libevent_malloc: new ptr-libevent@0x7f54a00072a8 size 128 Aug 26 18:33:11.408797: "north-dpd/0x2" #4: STATE_QUICK_I1: retransmission; will wait 4 seconds for response Aug 26 18:33:11.408805: | sending 476 bytes for EVENT_RETRANSMIT through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #4) Aug 26 18:33:11.408808: | b4 b9 92 b1 8c d6 51 ed 11 de db 08 7f 65 6e 7d Aug 26 18:33:11.408811: | 08 10 20 01 b6 39 03 a6 00 00 01 dc 54 ea 7c 43 Aug 26 18:33:11.408814: | 1c 97 7f e6 69 37 b5 08 79 79 fc 5f 77 3e a4 6e Aug 26 18:33:11.408816: | a9 ce 78 52 9c 8d 22 6f a7 b9 f0 f4 fa 2e 96 50 Aug 26 18:33:11.408819: | 5b 44 12 c0 cf 98 1b 09 86 21 6a d8 dc af 84 f9 Aug 26 18:33:11.408822: | 0b 00 e6 c1 30 f5 48 b8 34 eb 70 09 9d 20 7a a8 Aug 26 18:33:11.408825: | c8 71 39 5a 82 10 df bb 54 cf 90 06 f1 d6 8c dd Aug 26 18:33:11.408827: | ae 5a 47 3a 09 40 f8 56 59 d1 72 bd ec bf 36 61 Aug 26 18:33:11.408830: | d9 d3 9d 05 5e 5e 89 87 aa 38 25 64 b8 b2 d5 57 Aug 26 18:33:11.408833: | 40 31 68 fe 09 1a 92 5d b1 1d a6 0e b5 a5 c7 69 Aug 26 18:33:11.408835: | 1b 80 fa 85 0c e2 1e f4 2c aa 61 ee df 5e d0 23 Aug 26 18:33:11.408838: | db 16 08 4d 6c 57 e7 f3 e3 ee 12 67 c3 65 1c e4 Aug 26 18:33:11.408841: | 17 95 6b 5c 49 a7 af 59 a1 ca 7f 40 e2 7c 7c 6a Aug 26 18:33:11.408843: | af 2d a8 4e af 7e 82 70 58 c8 be 62 70 40 09 f1 Aug 26 18:33:11.408846: | bf a6 a3 53 91 4d 60 fb 52 6f 83 1b c8 ca 95 8d Aug 26 18:33:11.408849: | 31 ab 51 d3 da 0f 7e e5 a3 a2 43 2f 70 40 64 77 Aug 26 18:33:11.408852: | 1b 23 29 ea 31 1e 9e 8f 84 47 50 43 b0 15 10 54 Aug 26 18:33:11.408854: | 99 74 78 97 39 37 ec 1a 5f 89 ef c3 5d 06 02 4b Aug 26 18:33:11.408857: | 9c 04 7f ab 23 1c 61 15 9a 3d 07 a4 cb 61 f9 33 Aug 26 18:33:11.408860: | 83 a9 81 d9 c9 e1 75 05 e5 af 86 50 d5 8f 3a fd Aug 26 18:33:11.408862: | b6 92 2e a3 86 a5 36 7b cc 81 89 1b cc 34 06 0b Aug 26 18:33:11.408865: | db d1 8a 5d f7 20 27 d6 5d 0a de 76 f7 c2 f1 e2 Aug 26 18:33:11.408868: | 0d 5b 6e ba a6 51 5d cb b3 7b 51 38 68 1a 2c 5a Aug 26 18:33:11.408870: | 8c 5a f8 d0 8e 7a 96 cf 3b 27 03 12 11 9c ea f6 Aug 26 18:33:11.408873: | d2 e1 a5 a9 0f e8 a5 e6 cb d6 1e 83 46 49 78 49 Aug 26 18:33:11.408876: | df c0 6f 82 80 91 38 46 15 ce c7 5c ce 3e b3 3b Aug 26 18:33:11.408879: | 56 b8 6b 70 db 53 d8 05 c1 94 bd 48 39 c8 1b 59 Aug 26 18:33:11.408881: | 62 0d 11 84 e2 57 00 bc 3b 9c 3e 4b 86 f6 25 22 Aug 26 18:33:11.408884: | 9f 44 3b a7 0c 6b 5d f0 24 30 01 14 f2 a2 63 8a Aug 26 18:33:11.408887: | f3 39 60 c7 e5 ad 00 bc df a1 b5 34 Aug 26 18:33:11.408904: ERROR: "north-dpd/0x2" #4: sendto on eth1 to 192.1.2.23:500 failed in EVENT_RETRANSMIT. Errno 113: No route to host Aug 26 18:33:11.408909: | libevent_free: release ptr-libevent@0x55a94fbe9308 Aug 26 18:33:11.408913: | free_event_entry: release EVENT_RETRANSMIT-pe@0x55a94fbcf2d8 Aug 26 18:33:11.408922: | #4 spent 0.2 milliseconds in timer_event_cb() EVENT_RETRANSMIT Aug 26 18:33:11.408928: | stop processing: state #4 connection "north-dpd/0x2" from 192.1.2.23 (in timer_event_cb() at timer.c:557) Aug 26 18:33:11.408938: | timer_event_cb: processing event@0x7f548c002b78 Aug 26 18:33:11.408941: | handling event EVENT_RETRANSMIT for child state #5 Aug 26 18:33:11.408946: | start processing: state #5 connection "north-dpd/0x1" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 18:33:11.408950: | IKEv1 retransmit event Aug 26 18:33:11.408955: | [RE]START processing: state #5 connection "north-dpd/0x1" from 192.1.2.23 (in retransmit_v1_msg() at retry.c:61) Aug 26 18:33:11.408959: | handling event EVENT_RETRANSMIT for 192.1.2.23 "north-dpd/0x1" #5 keying attempt 1 of 0; retransmit 4 Aug 26 18:33:11.408965: | retransmits: current time 29677.151429; retransmit count 3 exceeds limit? NO; deltatime 4 exceeds limit? NO; monotime 4.006032 exceeds limit? NO Aug 26 18:33:11.408968: | event_schedule: new EVENT_RETRANSMIT-pe@0x55a94fbcf2d8 Aug 26 18:33:11.408973: | inserting event EVENT_RETRANSMIT, timeout in 4 seconds for #5 Aug 26 18:33:11.408976: | libevent_malloc: new ptr-libevent@0x55a94fbe9308 size 128 Aug 26 18:33:11.408979: "north-dpd/0x1" #5: STATE_QUICK_I1: retransmission; will wait 4 seconds for response Aug 26 18:33:11.408985: | sending 476 bytes for EVENT_RETRANSMIT through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #5) Aug 26 18:33:11.408988: | b4 b9 92 b1 8c d6 51 ed 11 de db 08 7f 65 6e 7d Aug 26 18:33:11.408991: | 08 10 20 01 78 d8 34 18 00 00 01 dc 00 05 b1 cf Aug 26 18:33:11.408994: | eb ef e6 6d c3 4a 16 06 66 f9 4f f8 43 34 29 3d Aug 26 18:33:11.408996: | ca 06 34 94 ca 10 c3 6f 07 6f 75 8a 79 08 90 26 Aug 26 18:33:11.408999: | bc a3 57 e4 ad b5 fb e1 fb 3c cc 06 d6 d2 1f c4 Aug 26 18:33:11.409002: | ac 43 4b a4 18 cf 9f 14 06 33 55 cd f1 ae 7f 1f Aug 26 18:33:11.409004: | 30 48 6c 80 d8 3b 6b 03 91 f2 13 55 38 79 0e e8 Aug 26 18:33:11.409007: | d0 32 c6 56 75 ce f8 86 eb 24 03 a3 6c 44 02 a1 Aug 26 18:33:11.409010: | 05 ef 7c 86 82 b6 87 e1 9e 36 7d 43 1d b6 0f c9 Aug 26 18:33:11.409012: | 5d ef 73 03 63 5b a6 2d b6 29 9e 39 0d e2 a8 06 Aug 26 18:33:11.409015: | 9b a0 12 04 23 17 96 20 4b 5e 9e 7f ea fa aa 2f Aug 26 18:33:11.409018: | 68 54 d4 72 9c 92 68 ca 33 1a 3b a9 6a 88 92 a5 Aug 26 18:33:11.409020: | 83 b1 e0 ef 71 07 7e f3 9b f8 db 4f 87 4b af b0 Aug 26 18:33:11.409023: | 6c f7 7d f9 32 82 bd be 78 78 4a ac 5e 3e 1e 27 Aug 26 18:33:11.409026: | c2 a4 9b d2 23 63 20 95 8c 83 5e 95 96 15 69 c2 Aug 26 18:33:11.409028: | 88 dc fd e7 8b a4 be b8 9e 49 7b 0a b5 97 25 49 Aug 26 18:33:11.409031: | 04 18 51 00 6b 4d 7f 2d 73 f8 68 5a f9 e2 bb d9 Aug 26 18:33:11.409034: | 73 cf 23 b7 c4 fc af cb 83 ff b7 85 70 39 ab 84 Aug 26 18:33:11.409036: | a1 b5 42 47 b4 ab a2 03 9a dc cd ae 11 0d 20 73 Aug 26 18:33:11.409039: | 63 fa 94 d6 8a 04 dc 2d cb d8 bf b9 81 cb 3e 69 Aug 26 18:33:11.409042: | 4f 93 5c fd f4 b1 39 f4 c3 6a 5a 2b f9 28 8f 14 Aug 26 18:33:11.409044: | 6f bb ac d3 9c b9 55 a1 11 15 e7 85 c0 32 35 ef Aug 26 18:33:11.409047: | 3e f4 3a 46 0a 1f 6f ea 5e bb 65 af bc 84 bf 8b Aug 26 18:33:11.409050: | 19 30 7b 44 7b 85 27 b6 a8 df 82 2a 61 a7 37 f5 Aug 26 18:33:11.409052: | 1c db 52 f2 2e 09 8f f8 a5 f1 c5 80 ed d5 d3 3d Aug 26 18:33:11.409055: | e0 ce a9 a6 1b 5d e2 41 08 ec 9a 97 e7 20 f4 00 Aug 26 18:33:11.409058: | 74 76 1a bf c1 c7 07 33 86 4e cb a4 f5 d5 34 c7 Aug 26 18:33:11.409060: | 33 0a 4b eb f1 25 dd 34 2c c6 b5 99 a5 51 55 fc Aug 26 18:33:11.409063: | 54 cb 9d 3e cc ca 48 80 61 e2 bd 5f 3e 98 44 37 Aug 26 18:33:11.409065: | 6f 66 87 3b cc 1c e2 99 85 ff ec 45 Aug 26 18:33:11.409073: ERROR: "north-dpd/0x1" #5: sendto on eth1 to 192.1.2.23:500 failed in EVENT_RETRANSMIT. Errno 113: No route to host Aug 26 18:33:11.409077: | libevent_free: release ptr-libevent@0x7f548c002888 Aug 26 18:33:11.409080: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f548c002b78 Aug 26 18:33:11.409086: | #5 spent 0.147 milliseconds in timer_event_cb() EVENT_RETRANSMIT Aug 26 18:33:11.409094: | stop processing: state #5 connection "north-dpd/0x1" from 192.1.2.23 (in timer_event_cb() at timer.c:557) Aug 26 18:33:14.113830: | processing global timer EVENT_SHUNT_SCAN Aug 26 18:33:14.113862: | expiring aged bare shunts from shunt table Aug 26 18:33:14.113877: | spent 0.01 milliseconds in global timer EVENT_SHUNT_SCAN Aug 26 18:33:14.314494: | spent 0.00247 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:33:14.314509: | NAT-T keep-alive (bogus ?) should not reach this point. Ignored. Sender: 192.1.2.23:500 Aug 26 18:33:14.314513: | spent 0.00907 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:33:14.314516: | processing global timer EVENT_NAT_T_KEEPALIVE Aug 26 18:33:14.314518: | FOR_EACH_STATE_... in nat_traversal_ka_event (for_each_state) Aug 26 18:33:14.314522: | start processing: state #5 connection "north-dpd/0x1" from 192.1.2.23 (in for_each_state() at state.c:1575) Aug 26 18:33:14.314524: | not behind NAT: no NAT-T KEEP-ALIVE required for conn north-dpd/0x1 Aug 26 18:33:14.314527: | stop processing: state #5 connection "north-dpd/0x1" from 192.1.2.23 (in for_each_state() at state.c:1577) Aug 26 18:33:14.314530: | start processing: state #4 connection "north-dpd/0x2" from 192.1.2.23 (in for_each_state() at state.c:1575) Aug 26 18:33:14.314531: | not behind NAT: no NAT-T KEEP-ALIVE required for conn north-dpd/0x2 Aug 26 18:33:14.314534: | stop processing: state #4 connection "north-dpd/0x2" from 192.1.2.23 (in for_each_state() at state.c:1577) Aug 26 18:33:14.314537: | start processing: state #1 connection "north-dpd/0x2" from 192.1.2.23 (in for_each_state() at state.c:1575) Aug 26 18:33:14.314538: | not behind NAT: no NAT-T KEEP-ALIVE required for conn north-dpd/0x2 Aug 26 18:33:14.314541: | stop processing: state #1 connection "north-dpd/0x2" from 192.1.2.23 (in for_each_state() at state.c:1577) Aug 26 18:33:14.314543: | spent 0.0248 milliseconds in global timer EVENT_NAT_T_KEEPALIVE Aug 26 18:33:14.314549: | spent 0.00104 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:33:14.314553: | NAT-T keep-alive (bogus ?) should not reach this point. Ignored. Sender: 192.1.2.23:500 Aug 26 18:33:14.314556: | spent 0.00472 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:33:15.410332: | timer_event_cb: processing event@0x55a94fbcd948 Aug 26 18:33:15.410349: | handling event EVENT_RETRANSMIT for child state #4 Aug 26 18:33:15.410355: | start processing: state #4 connection "north-dpd/0x2" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 18:33:15.410358: | IKEv1 retransmit event Aug 26 18:33:15.410361: | [RE]START processing: state #4 connection "north-dpd/0x2" from 192.1.2.23 (in retransmit_v1_msg() at retry.c:61) Aug 26 18:33:15.410364: | handling event EVENT_RETRANSMIT for 192.1.2.23 "north-dpd/0x2" #4 keying attempt 1 of 0; retransmit 5 Aug 26 18:33:15.410369: | retransmits: current time 29681.152833; retransmit count 4 exceeds limit? NO; deltatime 8 exceeds limit? NO; monotime 8.00782 exceeds limit? NO Aug 26 18:33:15.410372: | event_schedule: new EVENT_RETRANSMIT-pe@0x7f548c002b78 Aug 26 18:33:15.410374: | inserting event EVENT_RETRANSMIT, timeout in 8 seconds for #4 Aug 26 18:33:15.410377: | libevent_malloc: new ptr-libevent@0x7f548c002888 size 128 Aug 26 18:33:15.410381: "north-dpd/0x2" #4: STATE_QUICK_I1: retransmission; will wait 8 seconds for response Aug 26 18:33:15.410386: | sending 476 bytes for EVENT_RETRANSMIT through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #4) Aug 26 18:33:15.410388: | b4 b9 92 b1 8c d6 51 ed 11 de db 08 7f 65 6e 7d Aug 26 18:33:15.410389: | 08 10 20 01 b6 39 03 a6 00 00 01 dc 54 ea 7c 43 Aug 26 18:33:15.410391: | 1c 97 7f e6 69 37 b5 08 79 79 fc 5f 77 3e a4 6e Aug 26 18:33:15.410392: | a9 ce 78 52 9c 8d 22 6f a7 b9 f0 f4 fa 2e 96 50 Aug 26 18:33:15.410394: | 5b 44 12 c0 cf 98 1b 09 86 21 6a d8 dc af 84 f9 Aug 26 18:33:15.410395: | 0b 00 e6 c1 30 f5 48 b8 34 eb 70 09 9d 20 7a a8 Aug 26 18:33:15.410397: | c8 71 39 5a 82 10 df bb 54 cf 90 06 f1 d6 8c dd Aug 26 18:33:15.410402: | ae 5a 47 3a 09 40 f8 56 59 d1 72 bd ec bf 36 61 Aug 26 18:33:15.410404: | d9 d3 9d 05 5e 5e 89 87 aa 38 25 64 b8 b2 d5 57 Aug 26 18:33:15.410405: | 40 31 68 fe 09 1a 92 5d b1 1d a6 0e b5 a5 c7 69 Aug 26 18:33:15.410407: | 1b 80 fa 85 0c e2 1e f4 2c aa 61 ee df 5e d0 23 Aug 26 18:33:15.410408: | db 16 08 4d 6c 57 e7 f3 e3 ee 12 67 c3 65 1c e4 Aug 26 18:33:15.410410: | 17 95 6b 5c 49 a7 af 59 a1 ca 7f 40 e2 7c 7c 6a Aug 26 18:33:15.410411: | af 2d a8 4e af 7e 82 70 58 c8 be 62 70 40 09 f1 Aug 26 18:33:15.410413: | bf a6 a3 53 91 4d 60 fb 52 6f 83 1b c8 ca 95 8d Aug 26 18:33:15.410414: | 31 ab 51 d3 da 0f 7e e5 a3 a2 43 2f 70 40 64 77 Aug 26 18:33:15.410416: | 1b 23 29 ea 31 1e 9e 8f 84 47 50 43 b0 15 10 54 Aug 26 18:33:15.410417: | 99 74 78 97 39 37 ec 1a 5f 89 ef c3 5d 06 02 4b Aug 26 18:33:15.410419: | 9c 04 7f ab 23 1c 61 15 9a 3d 07 a4 cb 61 f9 33 Aug 26 18:33:15.410420: | 83 a9 81 d9 c9 e1 75 05 e5 af 86 50 d5 8f 3a fd Aug 26 18:33:15.410422: | b6 92 2e a3 86 a5 36 7b cc 81 89 1b cc 34 06 0b Aug 26 18:33:15.410423: | db d1 8a 5d f7 20 27 d6 5d 0a de 76 f7 c2 f1 e2 Aug 26 18:33:15.410425: | 0d 5b 6e ba a6 51 5d cb b3 7b 51 38 68 1a 2c 5a Aug 26 18:33:15.410426: | 8c 5a f8 d0 8e 7a 96 cf 3b 27 03 12 11 9c ea f6 Aug 26 18:33:15.410428: | d2 e1 a5 a9 0f e8 a5 e6 cb d6 1e 83 46 49 78 49 Aug 26 18:33:15.410429: | df c0 6f 82 80 91 38 46 15 ce c7 5c ce 3e b3 3b Aug 26 18:33:15.410431: | 56 b8 6b 70 db 53 d8 05 c1 94 bd 48 39 c8 1b 59 Aug 26 18:33:15.410432: | 62 0d 11 84 e2 57 00 bc 3b 9c 3e 4b 86 f6 25 22 Aug 26 18:33:15.410434: | 9f 44 3b a7 0c 6b 5d f0 24 30 01 14 f2 a2 63 8a Aug 26 18:33:15.410435: | f3 39 60 c7 e5 ad 00 bc df a1 b5 34 Aug 26 18:33:15.410447: ERROR: "north-dpd/0x2" #4: sendto on eth1 to 192.1.2.23:500 failed in EVENT_RETRANSMIT. Errno 113: No route to host Aug 26 18:33:15.410450: | libevent_free: release ptr-libevent@0x7f54a00072a8 Aug 26 18:33:15.410452: | free_event_entry: release EVENT_RETRANSMIT-pe@0x55a94fbcd948 Aug 26 18:33:15.410459: | #4 spent 0.128 milliseconds in timer_event_cb() EVENT_RETRANSMIT Aug 26 18:33:15.410462: | stop processing: state #4 connection "north-dpd/0x2" from 192.1.2.23 (in timer_event_cb() at timer.c:557) Aug 26 18:33:15.410464: | timer_event_cb: processing event@0x55a94fbcf2d8 Aug 26 18:33:15.410466: | handling event EVENT_RETRANSMIT for child state #5 Aug 26 18:33:15.410469: | start processing: state #5 connection "north-dpd/0x1" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 18:33:15.410471: | IKEv1 retransmit event Aug 26 18:33:15.410474: | [RE]START processing: state #5 connection "north-dpd/0x1" from 192.1.2.23 (in retransmit_v1_msg() at retry.c:61) Aug 26 18:33:15.410476: | handling event EVENT_RETRANSMIT for 192.1.2.23 "north-dpd/0x1" #5 keying attempt 1 of 0; retransmit 5 Aug 26 18:33:15.410480: | retransmits: current time 29681.152945; retransmit count 4 exceeds limit? NO; deltatime 8 exceeds limit? NO; monotime 8.007548 exceeds limit? NO Aug 26 18:33:15.410482: | event_schedule: new EVENT_RETRANSMIT-pe@0x55a94fbcd948 Aug 26 18:33:15.410484: | inserting event EVENT_RETRANSMIT, timeout in 8 seconds for #5 Aug 26 18:33:15.410486: | libevent_malloc: new ptr-libevent@0x7f54a00072a8 size 128 Aug 26 18:33:15.410488: "north-dpd/0x1" #5: STATE_QUICK_I1: retransmission; will wait 8 seconds for response Aug 26 18:33:15.410491: | sending 476 bytes for EVENT_RETRANSMIT through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #5) Aug 26 18:33:15.410493: | b4 b9 92 b1 8c d6 51 ed 11 de db 08 7f 65 6e 7d Aug 26 18:33:15.410494: | 08 10 20 01 78 d8 34 18 00 00 01 dc 00 05 b1 cf Aug 26 18:33:15.410496: | eb ef e6 6d c3 4a 16 06 66 f9 4f f8 43 34 29 3d Aug 26 18:33:15.410497: | ca 06 34 94 ca 10 c3 6f 07 6f 75 8a 79 08 90 26 Aug 26 18:33:15.410499: | bc a3 57 e4 ad b5 fb e1 fb 3c cc 06 d6 d2 1f c4 Aug 26 18:33:15.410500: | ac 43 4b a4 18 cf 9f 14 06 33 55 cd f1 ae 7f 1f Aug 26 18:33:15.410503: | 30 48 6c 80 d8 3b 6b 03 91 f2 13 55 38 79 0e e8 Aug 26 18:33:15.410505: | d0 32 c6 56 75 ce f8 86 eb 24 03 a3 6c 44 02 a1 Aug 26 18:33:15.410506: | 05 ef 7c 86 82 b6 87 e1 9e 36 7d 43 1d b6 0f c9 Aug 26 18:33:15.410508: | 5d ef 73 03 63 5b a6 2d b6 29 9e 39 0d e2 a8 06 Aug 26 18:33:15.410509: | 9b a0 12 04 23 17 96 20 4b 5e 9e 7f ea fa aa 2f Aug 26 18:33:15.410511: | 68 54 d4 72 9c 92 68 ca 33 1a 3b a9 6a 88 92 a5 Aug 26 18:33:15.410512: | 83 b1 e0 ef 71 07 7e f3 9b f8 db 4f 87 4b af b0 Aug 26 18:33:15.410514: | 6c f7 7d f9 32 82 bd be 78 78 4a ac 5e 3e 1e 27 Aug 26 18:33:15.410515: | c2 a4 9b d2 23 63 20 95 8c 83 5e 95 96 15 69 c2 Aug 26 18:33:15.410517: | 88 dc fd e7 8b a4 be b8 9e 49 7b 0a b5 97 25 49 Aug 26 18:33:15.410518: | 04 18 51 00 6b 4d 7f 2d 73 f8 68 5a f9 e2 bb d9 Aug 26 18:33:15.410520: | 73 cf 23 b7 c4 fc af cb 83 ff b7 85 70 39 ab 84 Aug 26 18:33:15.410521: | a1 b5 42 47 b4 ab a2 03 9a dc cd ae 11 0d 20 73 Aug 26 18:33:15.410523: | 63 fa 94 d6 8a 04 dc 2d cb d8 bf b9 81 cb 3e 69 Aug 26 18:33:15.410524: | 4f 93 5c fd f4 b1 39 f4 c3 6a 5a 2b f9 28 8f 14 Aug 26 18:33:15.410526: | 6f bb ac d3 9c b9 55 a1 11 15 e7 85 c0 32 35 ef Aug 26 18:33:15.410528: | 3e f4 3a 46 0a 1f 6f ea 5e bb 65 af bc 84 bf 8b Aug 26 18:33:15.410529: | 19 30 7b 44 7b 85 27 b6 a8 df 82 2a 61 a7 37 f5 Aug 26 18:33:15.410531: | 1c db 52 f2 2e 09 8f f8 a5 f1 c5 80 ed d5 d3 3d Aug 26 18:33:15.410532: | e0 ce a9 a6 1b 5d e2 41 08 ec 9a 97 e7 20 f4 00 Aug 26 18:33:15.410534: | 74 76 1a bf c1 c7 07 33 86 4e cb a4 f5 d5 34 c7 Aug 26 18:33:15.410535: | 33 0a 4b eb f1 25 dd 34 2c c6 b5 99 a5 51 55 fc Aug 26 18:33:15.410537: | 54 cb 9d 3e cc ca 48 80 61 e2 bd 5f 3e 98 44 37 Aug 26 18:33:15.410538: | 6f 66 87 3b cc 1c e2 99 85 ff ec 45 Aug 26 18:33:15.410543: ERROR: "north-dpd/0x1" #5: sendto on eth1 to 192.1.2.23:500 failed in EVENT_RETRANSMIT. Errno 113: No route to host Aug 26 18:33:15.410545: | libevent_free: release ptr-libevent@0x55a94fbe9308 Aug 26 18:33:15.410546: | free_event_entry: release EVENT_RETRANSMIT-pe@0x55a94fbcf2d8 Aug 26 18:33:15.410550: | #5 spent 0.0845 milliseconds in timer_event_cb() EVENT_RETRANSMIT Aug 26 18:33:15.410552: | stop processing: state #5 connection "north-dpd/0x1" from 192.1.2.23 (in timer_event_cb() at timer.c:557) Aug 26 18:33:23.418876: | timer_event_cb: processing event@0x7f548c002b78 Aug 26 18:33:23.418940: | handling event EVENT_RETRANSMIT for child state #4 Aug 26 18:33:23.418963: | start processing: state #4 connection "north-dpd/0x2" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 18:33:23.418975: | IKEv1 retransmit event Aug 26 18:33:23.418990: | [RE]START processing: state #4 connection "north-dpd/0x2" from 192.1.2.23 (in retransmit_v1_msg() at retry.c:61) Aug 26 18:33:23.419004: | handling event EVENT_RETRANSMIT for 192.1.2.23 "north-dpd/0x2" #4 keying attempt 1 of 0; retransmit 6 Aug 26 18:33:23.419025: | retransmits: current time 29689.161479; retransmit count 5 exceeds limit? NO; deltatime 16 exceeds limit? NO; monotime 16.016466 exceeds limit? NO Aug 26 18:33:23.419036: | event_schedule: new EVENT_RETRANSMIT-pe@0x55a94fbcf2d8 Aug 26 18:33:23.419048: | inserting event EVENT_RETRANSMIT, timeout in 16 seconds for #4 Aug 26 18:33:23.419060: | libevent_malloc: new ptr-libevent@0x55a94fbe9308 size 128 Aug 26 18:33:23.419073: "north-dpd/0x2" #4: STATE_QUICK_I1: retransmission; will wait 16 seconds for response Aug 26 18:33:23.419093: | sending 476 bytes for EVENT_RETRANSMIT through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #4) Aug 26 18:33:23.419101: | b4 b9 92 b1 8c d6 51 ed 11 de db 08 7f 65 6e 7d Aug 26 18:33:23.419109: | 08 10 20 01 b6 39 03 a6 00 00 01 dc 54 ea 7c 43 Aug 26 18:33:23.419116: | 1c 97 7f e6 69 37 b5 08 79 79 fc 5f 77 3e a4 6e Aug 26 18:33:23.419124: | a9 ce 78 52 9c 8d 22 6f a7 b9 f0 f4 fa 2e 96 50 Aug 26 18:33:23.419131: | 5b 44 12 c0 cf 98 1b 09 86 21 6a d8 dc af 84 f9 Aug 26 18:33:23.419152: | 0b 00 e6 c1 30 f5 48 b8 34 eb 70 09 9d 20 7a a8 Aug 26 18:33:23.419160: | c8 71 39 5a 82 10 df bb 54 cf 90 06 f1 d6 8c dd Aug 26 18:33:23.419167: | ae 5a 47 3a 09 40 f8 56 59 d1 72 bd ec bf 36 61 Aug 26 18:33:23.419174: | d9 d3 9d 05 5e 5e 89 87 aa 38 25 64 b8 b2 d5 57 Aug 26 18:33:23.419181: | 40 31 68 fe 09 1a 92 5d b1 1d a6 0e b5 a5 c7 69 Aug 26 18:33:23.419189: | 1b 80 fa 85 0c e2 1e f4 2c aa 61 ee df 5e d0 23 Aug 26 18:33:23.419196: | db 16 08 4d 6c 57 e7 f3 e3 ee 12 67 c3 65 1c e4 Aug 26 18:33:23.419203: | 17 95 6b 5c 49 a7 af 59 a1 ca 7f 40 e2 7c 7c 6a Aug 26 18:33:23.419211: | af 2d a8 4e af 7e 82 70 58 c8 be 62 70 40 09 f1 Aug 26 18:33:23.419218: | bf a6 a3 53 91 4d 60 fb 52 6f 83 1b c8 ca 95 8d Aug 26 18:33:23.419225: | 31 ab 51 d3 da 0f 7e e5 a3 a2 43 2f 70 40 64 77 Aug 26 18:33:23.419232: | 1b 23 29 ea 31 1e 9e 8f 84 47 50 43 b0 15 10 54 Aug 26 18:33:23.419240: | 99 74 78 97 39 37 ec 1a 5f 89 ef c3 5d 06 02 4b Aug 26 18:33:23.419247: | 9c 04 7f ab 23 1c 61 15 9a 3d 07 a4 cb 61 f9 33 Aug 26 18:33:23.419254: | 83 a9 81 d9 c9 e1 75 05 e5 af 86 50 d5 8f 3a fd Aug 26 18:33:23.419261: | b6 92 2e a3 86 a5 36 7b cc 81 89 1b cc 34 06 0b Aug 26 18:33:23.419269: | db d1 8a 5d f7 20 27 d6 5d 0a de 76 f7 c2 f1 e2 Aug 26 18:33:23.419276: | 0d 5b 6e ba a6 51 5d cb b3 7b 51 38 68 1a 2c 5a Aug 26 18:33:23.419283: | 8c 5a f8 d0 8e 7a 96 cf 3b 27 03 12 11 9c ea f6 Aug 26 18:33:23.419321: | d2 e1 a5 a9 0f e8 a5 e6 cb d6 1e 83 46 49 78 49 Aug 26 18:33:23.419329: | df c0 6f 82 80 91 38 46 15 ce c7 5c ce 3e b3 3b Aug 26 18:33:23.419337: | 56 b8 6b 70 db 53 d8 05 c1 94 bd 48 39 c8 1b 59 Aug 26 18:33:23.419344: | 62 0d 11 84 e2 57 00 bc 3b 9c 3e 4b 86 f6 25 22 Aug 26 18:33:23.419351: | 9f 44 3b a7 0c 6b 5d f0 24 30 01 14 f2 a2 63 8a Aug 26 18:33:23.419358: | f3 39 60 c7 e5 ad 00 bc df a1 b5 34 Aug 26 18:33:23.419400: ERROR: "north-dpd/0x2" #4: sendto on eth1 to 192.1.2.23:500 failed in EVENT_RETRANSMIT. Errno 113: No route to host Aug 26 18:33:23.419414: | libevent_free: release ptr-libevent@0x7f548c002888 Aug 26 18:33:23.419425: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f548c002b78 Aug 26 18:33:23.419446: | #4 spent 0.546 milliseconds in timer_event_cb() EVENT_RETRANSMIT Aug 26 18:33:23.419462: | stop processing: state #4 connection "north-dpd/0x2" from 192.1.2.23 (in timer_event_cb() at timer.c:557) Aug 26 18:33:23.419474: | timer_event_cb: processing event@0x55a94fbcd948 Aug 26 18:33:23.419483: | handling event EVENT_RETRANSMIT for child state #5 Aug 26 18:33:23.419496: | start processing: state #5 connection "north-dpd/0x1" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 18:33:23.419506: | IKEv1 retransmit event Aug 26 18:33:23.419519: | [RE]START processing: state #5 connection "north-dpd/0x1" from 192.1.2.23 (in retransmit_v1_msg() at retry.c:61) Aug 26 18:33:23.419531: | handling event EVENT_RETRANSMIT for 192.1.2.23 "north-dpd/0x1" #5 keying attempt 1 of 0; retransmit 6 Aug 26 18:33:23.419547: | retransmits: current time 29689.162005; retransmit count 5 exceeds limit? NO; deltatime 16 exceeds limit? NO; monotime 16.016608 exceeds limit? NO Aug 26 18:33:23.419556: | event_schedule: new EVENT_RETRANSMIT-pe@0x7f548c002b78 Aug 26 18:33:23.419567: | inserting event EVENT_RETRANSMIT, timeout in 16 seconds for #5 Aug 26 18:33:23.419576: | libevent_malloc: new ptr-libevent@0x7f548c002888 size 128 Aug 26 18:33:23.419585: "north-dpd/0x1" #5: STATE_QUICK_I1: retransmission; will wait 16 seconds for response Aug 26 18:33:23.419601: | sending 476 bytes for EVENT_RETRANSMIT through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #5) Aug 26 18:33:23.419609: | b4 b9 92 b1 8c d6 51 ed 11 de db 08 7f 65 6e 7d Aug 26 18:33:23.419617: | 08 10 20 01 78 d8 34 18 00 00 01 dc 00 05 b1 cf Aug 26 18:33:23.419625: | eb ef e6 6d c3 4a 16 06 66 f9 4f f8 43 34 29 3d Aug 26 18:33:23.419632: | ca 06 34 94 ca 10 c3 6f 07 6f 75 8a 79 08 90 26 Aug 26 18:33:23.419639: | bc a3 57 e4 ad b5 fb e1 fb 3c cc 06 d6 d2 1f c4 Aug 26 18:33:23.419653: | ac 43 4b a4 18 cf 9f 14 06 33 55 cd f1 ae 7f 1f Aug 26 18:33:23.419661: | 30 48 6c 80 d8 3b 6b 03 91 f2 13 55 38 79 0e e8 Aug 26 18:33:23.419668: | d0 32 c6 56 75 ce f8 86 eb 24 03 a3 6c 44 02 a1 Aug 26 18:33:23.419675: | 05 ef 7c 86 82 b6 87 e1 9e 36 7d 43 1d b6 0f c9 Aug 26 18:33:23.419682: | 5d ef 73 03 63 5b a6 2d b6 29 9e 39 0d e2 a8 06 Aug 26 18:33:23.419690: | 9b a0 12 04 23 17 96 20 4b 5e 9e 7f ea fa aa 2f Aug 26 18:33:23.419697: | 68 54 d4 72 9c 92 68 ca 33 1a 3b a9 6a 88 92 a5 Aug 26 18:33:23.419704: | 83 b1 e0 ef 71 07 7e f3 9b f8 db 4f 87 4b af b0 Aug 26 18:33:23.419711: | 6c f7 7d f9 32 82 bd be 78 78 4a ac 5e 3e 1e 27 Aug 26 18:33:23.419719: | c2 a4 9b d2 23 63 20 95 8c 83 5e 95 96 15 69 c2 Aug 26 18:33:23.419726: | 88 dc fd e7 8b a4 be b8 9e 49 7b 0a b5 97 25 49 Aug 26 18:33:23.419733: | 04 18 51 00 6b 4d 7f 2d 73 f8 68 5a f9 e2 bb d9 Aug 26 18:33:23.419741: | 73 cf 23 b7 c4 fc af cb 83 ff b7 85 70 39 ab 84 Aug 26 18:33:23.419748: | a1 b5 42 47 b4 ab a2 03 9a dc cd ae 11 0d 20 73 Aug 26 18:33:23.419755: | 63 fa 94 d6 8a 04 dc 2d cb d8 bf b9 81 cb 3e 69 Aug 26 18:33:23.419762: | 4f 93 5c fd f4 b1 39 f4 c3 6a 5a 2b f9 28 8f 14 Aug 26 18:33:23.419769: | 6f bb ac d3 9c b9 55 a1 11 15 e7 85 c0 32 35 ef Aug 26 18:33:23.419777: | 3e f4 3a 46 0a 1f 6f ea 5e bb 65 af bc 84 bf 8b Aug 26 18:33:23.419784: | 19 30 7b 44 7b 85 27 b6 a8 df 82 2a 61 a7 37 f5 Aug 26 18:33:23.419791: | 1c db 52 f2 2e 09 8f f8 a5 f1 c5 80 ed d5 d3 3d Aug 26 18:33:23.419798: | e0 ce a9 a6 1b 5d e2 41 08 ec 9a 97 e7 20 f4 00 Aug 26 18:33:23.419806: | 74 76 1a bf c1 c7 07 33 86 4e cb a4 f5 d5 34 c7 Aug 26 18:33:23.419813: | 33 0a 4b eb f1 25 dd 34 2c c6 b5 99 a5 51 55 fc Aug 26 18:33:23.419820: | 54 cb 9d 3e cc ca 48 80 61 e2 bd 5f 3e 98 44 37 Aug 26 18:33:23.419827: | 6f 66 87 3b cc 1c e2 99 85 ff ec 45 Aug 26 18:33:23.419848: ERROR: "north-dpd/0x1" #5: sendto on eth1 to 192.1.2.23:500 failed in EVENT_RETRANSMIT. Errno 113: No route to host Aug 26 18:33:23.419858: | libevent_free: release ptr-libevent@0x7f54a00072a8 Aug 26 18:33:23.419867: | free_event_entry: release EVENT_RETRANSMIT-pe@0x55a94fbcd948 Aug 26 18:33:23.419881: | #5 spent 0.404 milliseconds in timer_event_cb() EVENT_RETRANSMIT Aug 26 18:33:23.419895: | stop processing: state #5 connection "north-dpd/0x1" from 192.1.2.23 (in timer_event_cb() at timer.c:557) Aug 26 18:33:34.122737: | processing global timer EVENT_SHUNT_SCAN Aug 26 18:33:34.122752: | expiring aged bare shunts from shunt table Aug 26 18:33:34.122756: | spent 0.00396 milliseconds in global timer EVENT_SHUNT_SCAN Aug 26 18:33:34.316483: | spent 0.00262 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:33:34.316501: | NAT-T keep-alive (bogus ?) should not reach this point. Ignored. Sender: 192.1.2.23:500 Aug 26 18:33:34.316504: | spent 0.00901 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:33:34.316510: | spent 0.00114 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:33:34.316515: | NAT-T keep-alive (bogus ?) should not reach this point. Ignored. Sender: 192.1.2.23:500 Aug 26 18:33:34.316518: | spent 0.00462 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:33:37.033678: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:33:37.034032: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 18:33:37.034041: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 18:33:37.034222: | FOR_EACH_STATE_... in show_states_status (sort_states) Aug 26 18:33:37.034229: | FOR_EACH_STATE_... in sort_states Aug 26 18:33:37.034253: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:33:37.034272: | spent 0.588 milliseconds in whack Aug 26 18:33:37.089529: | kernel_process_msg_cb process netlink message Aug 26 18:33:37.089594: | netlink_get: XFRM_MSG_UPDPOLICY message Aug 26 18:33:37.089631: | spent 0.0401 milliseconds in kernel message Aug 26 18:33:37.169969: | kernel_process_msg_cb process netlink message Aug 26 18:33:37.169994: | netlink_get: XFRM_MSG_ACQUIRE message Aug 26 18:33:37.169998: | xfrm netlink msg len 376 Aug 26 18:33:37.170000: | xfrm acquire rtattribute type 5 Aug 26 18:33:37.170002: | xfrm acquire rtattribute type 16 Aug 26 18:33:37.170014: | add bare shunt 0x55a94fbc2ea8 192.0.3.254/32:8 --1--> 192.0.2.254/32:0 => %hold 0 %acquire-netlink Aug 26 18:33:37.170020: initiate on demand from 192.0.3.254:8 to 192.0.2.254:0 proto=1 because: acquire Aug 26 18:33:37.170024: | find_connection: looking for policy for connection: 192.0.3.254:1/8 -> 192.0.2.254:1/0 Aug 26 18:33:37.170027: | FOR_EACH_CONNECTION_... in find_connection_for_clients Aug 26 18:33:37.170031: | find_connection: conn "north-dpd/0x1" has compatible peers: 192.0.3.0/24 -> 192.0.2.0/24 [pri: 25214986] Aug 26 18:33:37.170033: | find_connection: first OK "north-dpd/0x1" [pri:25214986]{0x55a94fbc1de8} (child none) Aug 26 18:33:37.170037: | find_connection: concluding with "north-dpd/0x1" [pri:25214986]{0x55a94fbc1de8} kind=CK_PERMANENT Aug 26 18:33:37.170039: | assign hold, routing was prospective erouted, needs to be erouted HOLD Aug 26 18:33:37.170042: | assign_holdpass() need broad(er) shunt Aug 26 18:33:37.170044: | priority calculation of connection "north-dpd/0x1" is 0xfe7e7 Aug 26 18:33:37.170049: | eroute_connection replace %trap with broad %pass or %hold eroute 192.0.3.0/24:0 --0-> 192.0.2.0/24:0 => %hold>%hold (raw_eroute) Aug 26 18:33:37.170054: | netlink_raw_eroute: SPI_HOLD implemented as no-op Aug 26 18:33:37.170057: | raw_eroute result=success Aug 26 18:33:37.170058: | assign_holdpass() eroute_connection() done Aug 26 18:33:37.170060: | fiddle_bare_shunt called Aug 26 18:33:37.170062: | fiddle_bare_shunt with transport_proto 1 Aug 26 18:33:37.170064: | removing specific host-to-host bare shunt Aug 26 18:33:37.170068: | delete narrow %hold eroute 192.0.3.254/32:8 --1-> 192.0.2.254/32:0 => %hold (raw_eroute) Aug 26 18:33:37.170070: | netlink_raw_eroute: SPI_PASS Aug 26 18:33:37.170085: | raw_eroute result=success Aug 26 18:33:37.170089: | raw_eroute with op='delete' for transport_proto='1' kernel shunt succeeded, bare shunt lookup succeeded Aug 26 18:33:37.170093: | delete bare shunt 0x55a94fbc2ea8 192.0.3.254/32:8 --1--> 192.0.2.254/32:0 => %hold 0 %acquire-netlink Aug 26 18:33:37.170095: assign_holdpass() delete_bare_shunt() failed Aug 26 18:33:37.170097: initiate_ondemand_body() failed to install negotiation_shunt, Aug 26 18:33:37.170099: | FOR_EACH_STATE_... in find_phase1_state Aug 26 18:33:37.170105: | creating state object #6 at 0x55a94fbed558 Aug 26 18:33:37.170107: | State DB: adding IKEv1 state #6 in UNDEFINED Aug 26 18:33:37.170112: | pstats #6 ikev1.ipsec started Aug 26 18:33:37.170114: | duplicating state object #1 "north-dpd/0x2" as #6 for IPSEC SA Aug 26 18:33:37.170119: | #6 setting local endpoint to 192.1.3.33:500 from #1.st_localport (in duplicate_state() at state.c:1484) Aug 26 18:33:37.170122: | in connection_discard for connection north-dpd/0x2 Aug 26 18:33:37.170127: | start processing: state #6 connection "north-dpd/0x1" from 192.1.2.23 (in quick_outI1() at ikev1_quick.c:685) Aug 26 18:33:37.170137: | child state #6: UNDEFINED(ignore) => QUICK_I1(established CHILD SA) Aug 26 18:33:37.170143: "north-dpd/0x1" #6: initiating Quick Mode RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO {using isakmp#1 msgid:4e17d482 proposal=defaults pfsgroup=MODP2048} Aug 26 18:33:37.170146: | adding quick_outI1 KE work-order 9 for state #6 Aug 26 18:33:37.170149: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55a94fbcd948 Aug 26 18:33:37.170152: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #6 Aug 26 18:33:37.170155: | libevent_malloc: new ptr-libevent@0x7f54a00072a8 size 128 Aug 26 18:33:37.170166: | stop processing: state #6 connection "north-dpd/0x1" from 192.1.2.23 (in quick_outI1() at ikev1_quick.c:764) Aug 26 18:33:37.170172: | crypto helper 1 resuming Aug 26 18:33:37.170176: | initiate on demand using RSASIG from 192.0.3.254 to 192.0.2.254 Aug 26 18:33:37.170184: | crypto helper 1 starting work-order 9 for state #6 Aug 26 18:33:37.170190: | crypto helper 1 doing build KE and nonce (quick_outI1 KE); request ID 9 Aug 26 18:33:37.170193: | spent 0.196 milliseconds in kernel message Aug 26 18:33:37.171501: | crypto helper 1 finished build KE and nonce (quick_outI1 KE); request ID 9 time elapsed 0.001311 seconds Aug 26 18:33:37.171513: | (#6) spent 1.31 milliseconds in crypto helper computing work-order 9: quick_outI1 KE (pcr) Aug 26 18:33:37.171515: | crypto helper 1 sending results from work-order 9 for state #6 to event queue Aug 26 18:33:37.171518: | scheduling resume sending helper answer for #6 Aug 26 18:33:37.171520: | libevent_malloc: new ptr-libevent@0x7f5498004fd8 size 128 Aug 26 18:33:37.171527: | crypto helper 1 waiting (nothing to do) Aug 26 18:33:37.171536: | processing resume sending helper answer for #6 Aug 26 18:33:37.171544: | start processing: state #6 connection "north-dpd/0x1" from 192.1.2.23 (in resume_handler() at server.c:797) Aug 26 18:33:37.171547: | crypto helper 1 replies to request ID 9 Aug 26 18:33:37.171549: | calling continuation function 0x55a94f4e2b50 Aug 26 18:33:37.171551: | quick_outI1_continue for #6: calculated ke+nonce, sending I1 Aug 26 18:33:37.171556: | **emit ISAKMP Message: Aug 26 18:33:37.171558: | initiator cookie: Aug 26 18:33:37.171560: | b4 b9 92 b1 8c d6 51 ed Aug 26 18:33:37.171562: | responder cookie: Aug 26 18:33:37.171563: | 11 de db 08 7f 65 6e 7d Aug 26 18:33:37.171565: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:33:37.171568: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 18:33:37.171570: | exchange type: ISAKMP_XCHG_QUICK (0x20) Aug 26 18:33:37.171572: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 18:33:37.171574: | Message ID: 1310184578 (0x4e17d482) Aug 26 18:33:37.171576: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:33:37.171578: | ***emit ISAKMP Hash Payload: Aug 26 18:33:37.171580: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:33:37.171582: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Aug 26 18:33:37.171584: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'reply packet' Aug 26 18:33:37.171587: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Aug 26 18:33:37.171589: | emitting length of ISAKMP Hash Payload: 36 Aug 26 18:33:37.171590: | emitting quick defaults using policy none Aug 26 18:33:37.171593: | empty esp_info, returning defaults for ENCRYPT Aug 26 18:33:37.171596: | ***emit ISAKMP Security Association Payload: Aug 26 18:33:37.171598: | next payload type: ISAKMP_NEXT_NONCE (0xa) Aug 26 18:33:37.171599: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 18:33:37.171602: | next payload chain: ignoring supplied 'ISAKMP Security Association Payload'.'next payload type' value 10:ISAKMP_NEXT_NONCE Aug 26 18:33:37.171604: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Security Association Payload (1:ISAKMP_NEXT_SA) Aug 26 18:33:37.171606: | next payload chain: saving location 'ISAKMP Security Association Payload'.'next payload type' in 'reply packet' Aug 26 18:33:37.171608: | ****emit IPsec DOI SIT: Aug 26 18:33:37.171610: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) Aug 26 18:33:37.171612: | ikev1_out_sa pcn: 0 has 1 valid proposals Aug 26 18:33:37.171614: | ikev1_out_sa pcn: 0 pn: 0<1 valid_count: 1 trans_cnt: 2 Aug 26 18:33:37.171615: | ****emit ISAKMP Proposal Payload: Aug 26 18:33:37.171617: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:33:37.171619: | proposal number: 0 (0x0) Aug 26 18:33:37.171621: | protocol ID: PROTO_IPSEC_ESP (0x3) Aug 26 18:33:37.171623: | SPI size: 4 (0x4) Aug 26 18:33:37.171624: | number of transforms: 2 (0x2) Aug 26 18:33:37.171627: | last substructure: saving location 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' Aug 26 18:33:37.171642: | netlink_get_spi: allocated 0x1c276340 for esp.0@192.1.3.33 Aug 26 18:33:37.171645: | emitting 4 raw bytes of SPI into ISAKMP Proposal Payload Aug 26 18:33:37.171646: | SPI 1c 27 63 40 Aug 26 18:33:37.171648: | *****emit ISAKMP Transform Payload (ESP): Aug 26 18:33:37.171650: | next payload type: ISAKMP_NEXT_T (0x3) Aug 26 18:33:37.171652: | ESP transform number: 0 (0x0) Aug 26 18:33:37.171655: | ESP transform ID: ESP_AES (0xc) Aug 26 18:33:37.171658: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' Aug 26 18:33:37.171662: | ******emit ISAKMP IPsec DOI attribute: Aug 26 18:33:37.171665: | af+type: AF+GROUP_DESCRIPTION (0x8003) Aug 26 18:33:37.171668: | length/value: 14 (0xe) Aug 26 18:33:37.171671: | [14 is OAKLEY_GROUP_MODP2048] Aug 26 18:33:37.171674: | ******emit ISAKMP IPsec DOI attribute: Aug 26 18:33:37.171677: | af+type: AF+ENCAPSULATION_MODE (0x8004) Aug 26 18:33:37.171680: | length/value: 1 (0x1) Aug 26 18:33:37.171682: | [1 is ENCAPSULATION_MODE_TUNNEL] Aug 26 18:33:37.171685: | ******emit ISAKMP IPsec DOI attribute: Aug 26 18:33:37.171688: | af+type: AF+SA_LIFE_TYPE (0x8001) Aug 26 18:33:37.171691: | length/value: 1 (0x1) Aug 26 18:33:37.171694: | [1 is SA_LIFE_TYPE_SECONDS] Aug 26 18:33:37.171697: | ******emit ISAKMP IPsec DOI attribute: Aug 26 18:33:37.171701: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) Aug 26 18:33:37.171704: | length/value: 28800 (0x7080) Aug 26 18:33:37.171707: | ******emit ISAKMP IPsec DOI attribute: Aug 26 18:33:37.171710: | af+type: AF+AUTH_ALGORITHM (0x8005) Aug 26 18:33:37.171713: | length/value: 2 (0x2) Aug 26 18:33:37.171716: | [2 is AUTH_ALGORITHM_HMAC_SHA1] Aug 26 18:33:37.171719: | ******emit ISAKMP IPsec DOI attribute: Aug 26 18:33:37.171722: | af+type: AF+KEY_LENGTH (0x8006) Aug 26 18:33:37.171725: | length/value: 128 (0x80) Aug 26 18:33:37.171728: | emitting length of ISAKMP Transform Payload (ESP): 32 Aug 26 18:33:37.171731: | *****emit ISAKMP Transform Payload (ESP): Aug 26 18:33:37.171734: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:33:37.171737: | ESP transform number: 1 (0x1) Aug 26 18:33:37.171740: | ESP transform ID: ESP_3DES (0x3) Aug 26 18:33:37.171744: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Aug 26 18:33:37.171747: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' Aug 26 18:33:37.171749: | ******emit ISAKMP IPsec DOI attribute: Aug 26 18:33:37.171752: | af+type: AF+GROUP_DESCRIPTION (0x8003) Aug 26 18:33:37.171755: | length/value: 14 (0xe) Aug 26 18:33:37.171758: | [14 is OAKLEY_GROUP_MODP2048] Aug 26 18:33:37.171761: | ******emit ISAKMP IPsec DOI attribute: Aug 26 18:33:37.171764: | af+type: AF+ENCAPSULATION_MODE (0x8004) Aug 26 18:33:37.171767: | length/value: 1 (0x1) Aug 26 18:33:37.171770: | [1 is ENCAPSULATION_MODE_TUNNEL] Aug 26 18:33:37.171773: | ******emit ISAKMP IPsec DOI attribute: Aug 26 18:33:37.171776: | af+type: AF+SA_LIFE_TYPE (0x8001) Aug 26 18:33:37.171779: | length/value: 1 (0x1) Aug 26 18:33:37.171781: | [1 is SA_LIFE_TYPE_SECONDS] Aug 26 18:33:37.171784: | ******emit ISAKMP IPsec DOI attribute: Aug 26 18:33:37.171787: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) Aug 26 18:33:37.171790: | length/value: 28800 (0x7080) Aug 26 18:33:37.171793: | ******emit ISAKMP IPsec DOI attribute: Aug 26 18:33:37.171796: | af+type: AF+AUTH_ALGORITHM (0x8005) Aug 26 18:33:37.171799: | length/value: 2 (0x2) Aug 26 18:33:37.171801: | [2 is AUTH_ALGORITHM_HMAC_SHA1] Aug 26 18:33:37.171804: | emitting length of ISAKMP Transform Payload (ESP): 28 Aug 26 18:33:37.171807: | emitting length of ISAKMP Proposal Payload: 72 Aug 26 18:33:37.171810: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' is 0 Aug 26 18:33:37.171815: | emitting length of ISAKMP Security Association Payload: 84 Aug 26 18:33:37.171818: | last substructure: checking 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' is 0 Aug 26 18:33:37.171822: | ***emit ISAKMP Nonce Payload: Aug 26 18:33:37.171826: | next payload type: ISAKMP_NEXT_KE (0x4) Aug 26 18:33:37.171829: | next payload chain: ignoring supplied 'ISAKMP Nonce Payload'.'next payload type' value 4:ISAKMP_NEXT_KE Aug 26 18:33:37.171833: | next payload chain: setting previous 'ISAKMP Security Association Payload'.'next payload type' to current ISAKMP Nonce Payload (10:ISAKMP_NEXT_NONCE) Aug 26 18:33:37.171836: | next payload chain: saving location 'ISAKMP Nonce Payload'.'next payload type' in 'reply packet' Aug 26 18:33:37.171839: | emitting 32 raw bytes of Ni into ISAKMP Nonce Payload Aug 26 18:33:37.171842: | Ni ea fb 6d ce 32 73 76 11 4e 20 70 03 45 cd 68 ff Aug 26 18:33:37.171845: | Ni cd b2 57 c8 81 18 2b 85 5e 42 37 52 50 52 3c 45 Aug 26 18:33:37.171848: | emitting length of ISAKMP Nonce Payload: 36 Aug 26 18:33:37.171851: | ***emit ISAKMP Key Exchange Payload: Aug 26 18:33:37.171854: | next payload type: ISAKMP_NEXT_ID (0x5) Aug 26 18:33:37.171857: | next payload chain: ignoring supplied 'ISAKMP Key Exchange Payload'.'next payload type' value 5:ISAKMP_NEXT_ID Aug 26 18:33:37.171860: | next payload chain: setting previous 'ISAKMP Nonce Payload'.'next payload type' to current ISAKMP Key Exchange Payload (4:ISAKMP_NEXT_KE) Aug 26 18:33:37.171863: | next payload chain: saving location 'ISAKMP Key Exchange Payload'.'next payload type' in 'reply packet' Aug 26 18:33:37.171866: | emitting 256 raw bytes of keyex value into ISAKMP Key Exchange Payload Aug 26 18:33:37.171869: | keyex value 76 ab d5 73 d4 e5 e1 51 df 40 7d 24 eb 62 5e 73 Aug 26 18:33:37.171872: | keyex value 8b 4e 7f 38 b4 bd 28 b9 ed d0 4d ec 9a 87 6e b5 Aug 26 18:33:37.171875: | keyex value 11 0f c7 63 26 a6 88 b8 50 8c 57 ad cf ff 32 3b Aug 26 18:33:37.171878: | keyex value 0a f6 9a 51 09 d9 dc 01 7e ba 8c c5 5f 96 90 f4 Aug 26 18:33:37.171881: | keyex value 8f fc 60 5e a2 15 06 c9 94 bb 69 03 de c3 bc 20 Aug 26 18:33:37.171884: | keyex value c2 1b 98 9e fe b4 79 d3 dc 7e 07 72 2e 12 bc d7 Aug 26 18:33:37.171887: | keyex value 7e 9b 73 5d 55 33 95 23 7b b5 09 81 8f db d3 19 Aug 26 18:33:37.171890: | keyex value c7 cd 64 8c e2 9d 30 cb c1 67 a3 d3 04 fa 8a 98 Aug 26 18:33:37.171892: | keyex value 59 75 06 aa 91 02 ac 02 41 16 b1 0e 9e 75 b5 6b Aug 26 18:33:37.171895: | keyex value a6 de 04 54 eb 85 f0 a3 f8 53 99 45 da c7 f5 27 Aug 26 18:33:37.171898: | keyex value 11 87 cb c1 9b 1e 9f a7 f0 6e 8b ba b6 60 2c ef Aug 26 18:33:37.171901: | keyex value 76 e1 93 87 c9 76 eb f0 fd f9 4b 99 37 ff 1b 12 Aug 26 18:33:37.171904: | keyex value 68 31 61 91 4c dd 3f 9d de 9b 20 c3 df 0f bf 18 Aug 26 18:33:37.171907: | keyex value 8a 1c de 25 2c ba 39 49 0f c3 25 50 6b 7f 4d 71 Aug 26 18:33:37.171910: | keyex value 75 14 6d f2 97 f3 63 89 2e f6 6b 3b 0f aa 25 d4 Aug 26 18:33:37.171913: | keyex value 63 fa 6e af fa 63 14 c6 f4 28 fb 6a ef 8d 7c f0 Aug 26 18:33:37.171916: | emitting length of ISAKMP Key Exchange Payload: 260 Aug 26 18:33:37.171919: | ***emit ISAKMP Identification Payload (IPsec DOI): Aug 26 18:33:37.171922: | next payload type: ISAKMP_NEXT_ID (0x5) Aug 26 18:33:37.171925: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Aug 26 18:33:37.171928: | Protocol ID: 0 (0x0) Aug 26 18:33:37.171930: | port: 0 (0x0) Aug 26 18:33:37.171934: | next payload chain: ignoring supplied 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' value 5:ISAKMP_NEXT_ID Aug 26 18:33:37.171937: | next payload chain: setting previous 'ISAKMP Key Exchange Payload'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) Aug 26 18:33:37.171940: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' Aug 26 18:33:37.171946: | emitting 4 raw bytes of client network into ISAKMP Identification Payload (IPsec DOI) Aug 26 18:33:37.171949: | client network c0 00 03 00 Aug 26 18:33:37.171952: | emitting 4 raw bytes of client mask into ISAKMP Identification Payload (IPsec DOI) Aug 26 18:33:37.171955: | client mask ff ff ff 00 Aug 26 18:33:37.171958: | emitting length of ISAKMP Identification Payload (IPsec DOI): 16 Aug 26 18:33:37.171960: | ***emit ISAKMP Identification Payload (IPsec DOI): Aug 26 18:33:37.171963: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:33:37.171966: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Aug 26 18:33:37.171969: | Protocol ID: 0 (0x0) Aug 26 18:33:37.171971: | port: 0 (0x0) Aug 26 18:33:37.171975: | next payload chain: setting previous 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) Aug 26 18:33:37.171978: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' Aug 26 18:33:37.171982: | emitting 4 raw bytes of client network into ISAKMP Identification Payload (IPsec DOI) Aug 26 18:33:37.171985: | client network c0 00 02 00 Aug 26 18:33:37.171988: | emitting 4 raw bytes of client mask into ISAKMP Identification Payload (IPsec DOI) Aug 26 18:33:37.171991: | client mask ff ff ff 00 Aug 26 18:33:37.171994: | emitting length of ISAKMP Identification Payload (IPsec DOI): 16 Aug 26 18:33:37.172025: | outI1 HASH(1): Aug 26 18:33:37.172028: | 2f d1 ef 83 70 0f 8c 56 a3 f5 3c 3a 4f 15 f8 d7 Aug 26 18:33:37.172030: | 7e 30 74 fb e2 35 84 27 27 9e 1f db 69 c3 01 84 Aug 26 18:33:37.172036: | no IKEv1 message padding required Aug 26 18:33:37.172038: | emitting length of ISAKMP Message: 476 Aug 26 18:33:37.172050: | sending 476 bytes for reply packet from quick_outI1 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #6) Aug 26 18:33:37.172052: | b4 b9 92 b1 8c d6 51 ed 11 de db 08 7f 65 6e 7d Aug 26 18:33:37.172054: | 08 10 20 01 4e 17 d4 82 00 00 01 dc 78 87 4a 2e Aug 26 18:33:37.172056: | 3d f4 2c 41 85 3b 3d 39 44 0a 17 6c da 2c 38 ae Aug 26 18:33:37.172057: | 20 01 2a de 28 c5 d1 63 3d 8f 49 79 cc b3 c6 fe Aug 26 18:33:37.172059: | bd a1 03 61 6f 82 ff 08 e9 52 f7 01 df 20 cb 28 Aug 26 18:33:37.172060: | 79 08 8b 6c 0b 70 92 d8 dd 94 89 a0 47 a5 05 a6 Aug 26 18:33:37.172062: | 86 70 2d 67 5a 8f 98 b9 1e 1a d7 34 df f7 64 fb Aug 26 18:33:37.172064: | 30 5f 31 5a 65 5b 9f 91 e9 b1 52 8e 24 6a c9 3a Aug 26 18:33:37.172065: | 18 17 1b 85 57 ee 46 26 1f cb 85 f1 f9 c7 ac 1f Aug 26 18:33:37.172067: | db 88 b5 59 36 6b ec 65 fe ee 08 aa 00 34 6a ae Aug 26 18:33:37.172069: | 34 e0 d7 05 9c f3 e4 0d 06 99 be 9b 82 9f 69 95 Aug 26 18:33:37.172070: | 31 b6 54 9e f4 b3 74 99 60 7c 4c 6b 04 9f e7 3b Aug 26 18:33:37.172072: | 57 25 83 3c e3 ce a1 59 e9 b4 6b 4d cd 92 09 be Aug 26 18:33:37.172073: | 0a 89 87 53 15 74 a4 59 fd d5 ac 20 5b fc ad 60 Aug 26 18:33:37.172075: | d7 6d ee 57 4c 66 d3 48 51 66 a4 f0 3d b4 94 03 Aug 26 18:33:37.172077: | b8 11 d5 1f b7 b7 6e c0 96 b2 94 39 49 04 45 a4 Aug 26 18:33:37.172078: | 3e 0b 55 af 11 73 fa 94 a5 6a 30 b5 32 51 fc 6f Aug 26 18:33:37.172080: | 28 32 f3 d9 f5 90 65 cb 1e aa f9 a1 b2 02 86 ea Aug 26 18:33:37.172081: | a0 cb ff d0 cb 0c 29 44 7b dd 3f 17 ae 8e e8 ee Aug 26 18:33:37.172083: | 1a bb 0d f2 d2 51 c0 33 61 4e b6 db 84 10 aa 78 Aug 26 18:33:37.172085: | d8 80 80 57 e4 c4 de 1a 2d dc ee 99 48 6f bc 56 Aug 26 18:33:37.172086: | bd 77 16 0d 8e 7b 9e 4d f1 58 3d b2 c3 2e 26 2d Aug 26 18:33:37.172088: | 63 a6 d6 e3 59 3b 79 2d 8c 5c 6e 2f 55 68 c6 e7 Aug 26 18:33:37.172090: | f9 fd b7 3a 34 31 60 8a 09 31 a1 ea ef 7d 7d 8c Aug 26 18:33:37.172091: | 19 ed 52 c9 18 5d 91 f4 e8 73 af 61 85 1e 26 b3 Aug 26 18:33:37.172093: | d5 88 8f 5e c6 60 da 95 b0 9b bc 9c b9 d5 da d5 Aug 26 18:33:37.172094: | a9 9a 14 01 68 20 bb 74 2a 85 27 4d f3 81 2a 3e Aug 26 18:33:37.172097: | 60 bd 9f f3 5b 69 51 f2 1c d3 bc 32 68 84 01 38 Aug 26 18:33:37.172099: | 1a 73 51 e1 6c 55 e9 0e 40 b9 18 9d ae 8b 0b d3 Aug 26 18:33:37.172101: | 74 e6 17 9c 88 aa 16 9e e8 29 bd 5a Aug 26 18:33:37.172146: | state #6 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 18:33:37.172151: | libevent_free: release ptr-libevent@0x7f54a00072a8 Aug 26 18:33:37.172153: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55a94fbcd948 Aug 26 18:33:37.172156: | event_schedule: new EVENT_RETRANSMIT-pe@0x55a94fbcd948 Aug 26 18:33:37.172159: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #6 Aug 26 18:33:37.172162: | libevent_malloc: new ptr-libevent@0x55a94fbef668 size 128 Aug 26 18:33:37.172165: | #6 STATE_QUICK_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 29702.914623 Aug 26 18:33:37.172169: | resume sending helper answer for #6 suppresed complete_v1_state_transition() Aug 26 18:33:37.172173: | #6 spent 0.598 milliseconds in resume sending helper answer Aug 26 18:33:37.172177: | stop processing: state #6 connection "north-dpd/0x1" from 192.1.2.23 (in resume_handler() at server.c:833) Aug 26 18:33:37.172179: | libevent_free: release ptr-libevent@0x7f5498004fd8 Aug 26 18:33:37.175827: | spent 0.00277 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:33:37.175848: | *received 460 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 18:33:37.175850: | b4 b9 92 b1 8c d6 51 ed 11 de db 08 7f 65 6e 7d Aug 26 18:33:37.175852: | 08 10 20 01 4e 17 d4 82 00 00 01 cc a4 66 91 81 Aug 26 18:33:37.175854: | 5e 8e ab 69 f6 d5 d4 26 27 53 3b fc a9 53 20 ab Aug 26 18:33:37.175856: | a0 13 07 af fe 45 e8 3c 6a af a9 ff a4 76 4c a3 Aug 26 18:33:37.175857: | f7 4e c7 b0 9d 93 8e fa 4f 97 8a 19 17 d8 2b ba Aug 26 18:33:37.175859: | 49 1c d9 f3 9d 2d bc 70 88 75 e9 ef 99 3f cc b4 Aug 26 18:33:37.175861: | d7 fc da da fd 17 a9 19 80 ff 8d 04 8c ff 28 d9 Aug 26 18:33:37.175862: | a3 df 21 54 84 a8 f0 19 db 88 7d 45 cb 39 50 6c Aug 26 18:33:37.175864: | 7e aa ef 37 4a 20 6c 34 88 3b b9 46 de 3f c6 08 Aug 26 18:33:37.175866: | 4c 50 db 3f 7e 75 9c 3a fc d7 09 be 25 57 d1 a7 Aug 26 18:33:37.175867: | 1f 8c 62 39 5b c7 2c 8a f5 5c 41 18 c9 4f a9 c2 Aug 26 18:33:37.175869: | e4 84 99 91 4d 81 d8 f0 6d a7 1e 86 07 b7 d8 db Aug 26 18:33:37.175871: | 5b a9 74 3d 0f c2 33 ea 0b 51 ca 0f 4f f6 9a 14 Aug 26 18:33:37.175872: | 25 41 db d4 ed cd 6b 2f 7a 44 d5 4b 89 7e 73 d0 Aug 26 18:33:37.175874: | 40 c9 27 d4 06 c5 50 51 83 12 6b cc f6 a0 54 40 Aug 26 18:33:37.175875: | d3 59 de 69 48 8b 2e fa 74 5c 3a de f5 2d 4e 10 Aug 26 18:33:37.175877: | fc 9b 5e cf c8 f5 22 5b 9e da 7e 5b a0 07 d6 b8 Aug 26 18:33:37.175879: | 98 79 98 59 ad e6 a4 1b dd 06 c2 10 79 2e 78 4e Aug 26 18:33:37.175880: | ee cd 04 a1 1b c4 59 5d c8 ba d2 64 a3 f8 b1 49 Aug 26 18:33:37.175882: | 26 63 88 a4 8b f4 e5 80 6e a2 fb f9 00 a7 5b 40 Aug 26 18:33:37.175884: | 54 de d2 d1 f6 ce 83 38 06 bb 73 5b 8a 0b 29 58 Aug 26 18:33:37.175885: | 41 4a 14 bf 02 c5 d9 43 ca b2 41 1e 4d b2 97 9c Aug 26 18:33:37.175887: | c0 74 74 1e f3 a5 db cd d8 42 ee f9 29 8d 93 25 Aug 26 18:33:37.175889: | 2f 43 9b 5b a7 9c 14 c7 7f 34 65 85 8b 9e 8a 98 Aug 26 18:33:37.175890: | 01 04 c7 2f 45 55 7e 0b da 90 65 0e 8d 55 e9 fb Aug 26 18:33:37.175892: | e3 81 50 1f 68 83 7c 3c 5c ed 0c be ec 9d 1b fc Aug 26 18:33:37.175893: | 32 a2 69 b3 e9 1e 08 b6 2a ef a7 65 be fe 01 2a Aug 26 18:33:37.175895: | 43 c1 71 f3 b6 ad 2e c0 9a fd 67 70 b9 d7 8b 10 Aug 26 18:33:37.175897: | fa fb 07 11 65 22 34 cc e4 60 95 d6 Aug 26 18:33:37.175900: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 18:33:37.175903: | **parse ISAKMP Message: Aug 26 18:33:37.175905: | initiator cookie: Aug 26 18:33:37.175906: | b4 b9 92 b1 8c d6 51 ed Aug 26 18:33:37.175908: | responder cookie: Aug 26 18:33:37.175912: | 11 de db 08 7f 65 6e 7d Aug 26 18:33:37.175914: | next payload type: ISAKMP_NEXT_HASH (0x8) Aug 26 18:33:37.175916: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 18:33:37.175918: | exchange type: ISAKMP_XCHG_QUICK (0x20) Aug 26 18:33:37.175920: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 18:33:37.175922: | Message ID: 1310184578 (0x4e17d482) Aug 26 18:33:37.175924: | length: 460 (0x1cc) Aug 26 18:33:37.175926: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32) Aug 26 18:33:37.175929: | State DB: found IKEv1 state #6 in QUICK_I1 (find_state_ikev1) Aug 26 18:33:37.175933: | start processing: state #6 connection "north-dpd/0x1" from 192.1.2.23 (in process_v1_packet() at ikev1.c:1633) Aug 26 18:33:37.175935: | #6 is idle Aug 26 18:33:37.175936: | #6 idle Aug 26 18:33:37.175939: | received encrypted packet from 192.1.2.23:500 Aug 26 18:33:37.175956: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x502 opt: 0x200030 Aug 26 18:33:37.175958: | ***parse ISAKMP Hash Payload: Aug 26 18:33:37.175960: | next payload type: ISAKMP_NEXT_SA (0x1) Aug 26 18:33:37.175962: | length: 36 (0x24) Aug 26 18:33:37.175964: | got payload 0x2 (ISAKMP_NEXT_SA) needed: 0x402 opt: 0x200030 Aug 26 18:33:37.175966: | ***parse ISAKMP Security Association Payload: Aug 26 18:33:37.175968: | next payload type: ISAKMP_NEXT_NONCE (0xa) Aug 26 18:33:37.175970: | length: 56 (0x38) Aug 26 18:33:37.175972: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 18:33:37.175974: | got payload 0x400 (ISAKMP_NEXT_NONCE) needed: 0x400 opt: 0x200030 Aug 26 18:33:37.175975: | ***parse ISAKMP Nonce Payload: Aug 26 18:33:37.175977: | next payload type: ISAKMP_NEXT_KE (0x4) Aug 26 18:33:37.175979: | length: 36 (0x24) Aug 26 18:33:37.175981: | got payload 0x10 (ISAKMP_NEXT_KE) needed: 0x0 opt: 0x200030 Aug 26 18:33:37.175983: | ***parse ISAKMP Key Exchange Payload: Aug 26 18:33:37.175984: | next payload type: ISAKMP_NEXT_ID (0x5) Aug 26 18:33:37.175986: | length: 260 (0x104) Aug 26 18:33:37.175988: | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030 Aug 26 18:33:37.175990: | ***parse ISAKMP Identification Payload (IPsec DOI): Aug 26 18:33:37.175992: | next payload type: ISAKMP_NEXT_ID (0x5) Aug 26 18:33:37.175993: | length: 16 (0x10) Aug 26 18:33:37.175995: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Aug 26 18:33:37.175997: | Protocol ID: 0 (0x0) Aug 26 18:33:37.176011: | port: 0 (0x0) Aug 26 18:33:37.176013: | obj: c0 00 03 00 ff ff ff 00 Aug 26 18:33:37.176015: | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030 Aug 26 18:33:37.176016: | ***parse ISAKMP Identification Payload (IPsec DOI): Aug 26 18:33:37.176018: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:33:37.176032: | length: 16 (0x10) Aug 26 18:33:37.176034: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Aug 26 18:33:37.176036: | Protocol ID: 0 (0x0) Aug 26 18:33:37.176037: | port: 0 (0x0) Aug 26 18:33:37.176039: | obj: c0 00 02 00 ff ff ff 00 Aug 26 18:33:37.176040: | removing 12 bytes of padding Aug 26 18:33:37.176069: | quick_inR1_outI2 HASH(2): Aug 26 18:33:37.176071: | 79 15 81 fa a5 7f d6 24 2b 47 8a a0 c7 36 c6 07 Aug 26 18:33:37.176073: | 9d a5 d0 cb 2f b8 53 f6 4f bd aa 6e d5 4a b6 f0 Aug 26 18:33:37.176075: | received 'quick_inR1_outI2' message HASH(2) data ok Aug 26 18:33:37.176078: | ****parse IPsec DOI SIT: Aug 26 18:33:37.176080: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) Aug 26 18:33:37.176081: | ****parse ISAKMP Proposal Payload: Aug 26 18:33:37.176083: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:33:37.176085: | length: 44 (0x2c) Aug 26 18:33:37.176086: | proposal number: 0 (0x0) Aug 26 18:33:37.176088: | protocol ID: PROTO_IPSEC_ESP (0x3) Aug 26 18:33:37.176089: | SPI size: 4 (0x4) Aug 26 18:33:37.176091: | number of transforms: 1 (0x1) Aug 26 18:33:37.176093: | parsing 4 raw bytes of ISAKMP Proposal Payload into SPI Aug 26 18:33:37.176094: | SPI e0 d5 46 74 Aug 26 18:33:37.176096: | *****parse ISAKMP Transform Payload (ESP): Aug 26 18:33:37.176102: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:33:37.176104: | length: 32 (0x20) Aug 26 18:33:37.176105: | ESP transform number: 0 (0x0) Aug 26 18:33:37.176107: | ESP transform ID: ESP_AES (0xc) Aug 26 18:33:37.176109: | ******parse ISAKMP IPsec DOI attribute: Aug 26 18:33:37.176111: | af+type: AF+GROUP_DESCRIPTION (0x8003) Aug 26 18:33:37.176112: | length/value: 14 (0xe) Aug 26 18:33:37.176114: | [14 is OAKLEY_GROUP_MODP2048] Aug 26 18:33:37.176116: | ******parse ISAKMP IPsec DOI attribute: Aug 26 18:33:37.176118: | af+type: AF+ENCAPSULATION_MODE (0x8004) Aug 26 18:33:37.176119: | length/value: 1 (0x1) Aug 26 18:33:37.176121: | [1 is ENCAPSULATION_MODE_TUNNEL] Aug 26 18:33:37.176123: | NAT-T non-encap: Installing IPsec SA without ENCAP, st->hidden_variables.st_nat_traversal is none Aug 26 18:33:37.176124: | ******parse ISAKMP IPsec DOI attribute: Aug 26 18:33:37.176126: | af+type: AF+SA_LIFE_TYPE (0x8001) Aug 26 18:33:37.176127: | length/value: 1 (0x1) Aug 26 18:33:37.176129: | [1 is SA_LIFE_TYPE_SECONDS] Aug 26 18:33:37.176131: | ******parse ISAKMP IPsec DOI attribute: Aug 26 18:33:37.176132: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) Aug 26 18:33:37.176134: | length/value: 28800 (0x7080) Aug 26 18:33:37.176136: | ******parse ISAKMP IPsec DOI attribute: Aug 26 18:33:37.176137: | af+type: AF+AUTH_ALGORITHM (0x8005) Aug 26 18:33:37.176139: | length/value: 2 (0x2) Aug 26 18:33:37.176140: | [2 is AUTH_ALGORITHM_HMAC_SHA1] Aug 26 18:33:37.176155: | ******parse ISAKMP IPsec DOI attribute: Aug 26 18:33:37.176157: | af+type: AF+KEY_LENGTH (0x8006) Aug 26 18:33:37.176158: | length/value: 128 (0x80) Aug 26 18:33:37.176160: | ESP IPsec Transform verified unconditionally; no alg_info to check against Aug 26 18:33:37.176171: | started looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org of kind PKK_PSK Aug 26 18:33:37.176176: | actually looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org of kind PKK_PSK Aug 26 18:33:37.176182: | line 0: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org) to type PKK_RSA Aug 26 18:33:37.176184: | line 1: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org) to type PKK_RSA Aug 26 18:33:37.176186: | concluding with best_match=000 best=(nil) (lineno=-1) Aug 26 18:33:37.176188: | no PreShared Key Found Aug 26 18:33:37.176190: | adding quick outI2 DH work-order 10 for state #6 Aug 26 18:33:37.176192: | state #6 requesting EVENT_RETRANSMIT to be deleted Aug 26 18:33:37.176194: | #6 STATE_QUICK_I1: retransmits: cleared Aug 26 18:33:37.176197: | libevent_free: release ptr-libevent@0x55a94fbef668 Aug 26 18:33:37.176199: | free_event_entry: release EVENT_RETRANSMIT-pe@0x55a94fbcd948 Aug 26 18:33:37.176201: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55a94fbcd948 Aug 26 18:33:37.176204: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #6 Aug 26 18:33:37.176206: | libevent_malloc: new ptr-libevent@0x7f5498004fd8 size 128 Aug 26 18:33:37.176216: | complete v1 state transition with STF_SUSPEND Aug 26 18:33:37.176219: | [RE]START processing: state #6 connection "north-dpd/0x1" from 192.1.2.23 (in complete_v1_state_transition() at ikev1.c:2648) Aug 26 18:33:37.176220: | crypto helper 3 resuming Aug 26 18:33:37.176221: | suspending state #6 and saving MD Aug 26 18:33:37.176232: | crypto helper 3 starting work-order 10 for state #6 Aug 26 18:33:37.176234: | #6 is busy; has a suspended MD Aug 26 18:33:37.176240: | crypto helper 3 doing compute dh (V1 Phase 2 PFS) (quick outI2 DH); request ID 10 Aug 26 18:33:37.176242: | #6 spent 0.158 milliseconds in process_packet_tail() Aug 26 18:33:37.176246: | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) Aug 26 18:33:37.176249: | stop processing: state #6 connection "north-dpd/0x1" from 192.1.2.23 (in process_md() at demux.c:382) Aug 26 18:33:37.176251: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 18:33:37.176254: | spent 0.408 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:33:37.176775: | crypto helper 3 finished compute dh (V1 Phase 2 PFS) (quick outI2 DH); request ID 10 time elapsed 0.000536 seconds Aug 26 18:33:37.176784: | (#6) spent 0.535 milliseconds in crypto helper computing work-order 10: quick outI2 DH (pcr) Aug 26 18:33:37.176786: | crypto helper 3 sending results from work-order 10 for state #6 to event queue Aug 26 18:33:37.176789: | scheduling resume sending helper answer for #6 Aug 26 18:33:37.176791: | libevent_malloc: new ptr-libevent@0x7f5490005518 size 128 Aug 26 18:33:37.176796: | crypto helper 3 waiting (nothing to do) Aug 26 18:33:37.176801: | processing resume sending helper answer for #6 Aug 26 18:33:37.176805: | start processing: state #6 connection "north-dpd/0x1" from 192.1.2.23 (in resume_handler() at server.c:797) Aug 26 18:33:37.176807: | crypto helper 3 replies to request ID 10 Aug 26 18:33:37.176809: | calling continuation function 0x55a94f4e2b50 Aug 26 18:33:37.176811: | quick_inR1_outI2_continue for #6: calculated ke+nonce, calculating DH Aug 26 18:33:37.176815: | **emit ISAKMP Message: Aug 26 18:33:37.176817: | initiator cookie: Aug 26 18:33:37.176818: | b4 b9 92 b1 8c d6 51 ed Aug 26 18:33:37.176820: | responder cookie: Aug 26 18:33:37.176834: | 11 de db 08 7f 65 6e 7d Aug 26 18:33:37.176836: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:33:37.176838: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 18:33:37.176839: | exchange type: ISAKMP_XCHG_QUICK (0x20) Aug 26 18:33:37.176841: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 18:33:37.176842: | Message ID: 1310184578 (0x4e17d482) Aug 26 18:33:37.176844: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:33:37.176847: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address Aug 26 18:33:37.176848: | ID address c0 00 03 00 Aug 26 18:33:37.176850: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID mask Aug 26 18:33:37.176851: | ID mask ff ff ff 00 Aug 26 18:33:37.176854: | our client is subnet 192.0.3.0/24 Aug 26 18:33:37.176856: | our client protocol/port is 0/0 Aug 26 18:33:37.176858: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address Aug 26 18:33:37.176859: | ID address c0 00 02 00 Aug 26 18:33:37.176861: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID mask Aug 26 18:33:37.176862: | ID mask ff ff ff 00 Aug 26 18:33:37.176864: | peer client is subnet 192.0.2.0/24 Aug 26 18:33:37.176866: | peer client protocol/port is 0/0 Aug 26 18:33:37.176868: | ***emit ISAKMP Hash Payload: Aug 26 18:33:37.176869: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:33:37.176871: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Aug 26 18:33:37.176873: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'reply packet' Aug 26 18:33:37.176875: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Aug 26 18:33:37.176877: | emitting length of ISAKMP Hash Payload: 36 Aug 26 18:33:37.176892: | quick_inR1_outI2 HASH(3): Aug 26 18:33:37.176894: | 35 ed 92 8d f9 fd b9 fb ca 33 73 6a 29 b1 c1 d5 Aug 26 18:33:37.176896: | a5 a1 7d 84 ba 2b c2 27 bf 46 46 d5 06 99 53 65 Aug 26 18:33:37.176898: | compute_proto_keymat: needed_len (after ESP enc)=16 Aug 26 18:33:37.176901: | compute_proto_keymat: needed_len (after ESP auth)=36 Aug 26 18:33:37.176976: | install_ipsec_sa() for #6: inbound and outbound Aug 26 18:33:37.176979: | could_route called for north-dpd/0x1 (kind=CK_PERMANENT) Aug 26 18:33:37.176981: | FOR_EACH_CONNECTION_... in route_owner Aug 26 18:33:37.176983: | conn north-dpd/0x1 mark 0/00000000, 0/00000000 vs Aug 26 18:33:37.176985: | conn north-dpd/0x1 mark 0/00000000, 0/00000000 Aug 26 18:33:37.176987: | conn north-dpd/0x1 mark 0/00000000, 0/00000000 vs Aug 26 18:33:37.176988: | conn north-dpd/0x2 mark 0/00000000, 0/00000000 Aug 26 18:33:37.176991: | route owner of "north-dpd/0x1" prospective erouted: self; eroute owner: self Aug 26 18:33:37.176994: | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 Aug 26 18:33:37.176996: | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 Aug 26 18:33:37.176997: | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 Aug 26 18:33:37.177000: | setting IPsec SA replay-window to 32 Aug 26 18:33:37.177002: | NIC esp-hw-offload not for connection 'north-dpd/0x1' not available on interface eth1 Aug 26 18:33:37.177004: | netlink: enabling tunnel mode Aug 26 18:33:37.177006: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 18:33:37.177008: | netlink: esp-hw-offload not set for IPsec SA Aug 26 18:33:37.177069: | netlink response for Add SA esp.e0d54674@192.1.2.23 included non-error error Aug 26 18:33:37.177073: | set up outgoing SA, ref=0/0 Aug 26 18:33:37.177080: | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 Aug 26 18:33:37.177085: | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 Aug 26 18:33:37.177088: | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 Aug 26 18:33:37.177093: | setting IPsec SA replay-window to 32 Aug 26 18:33:37.177097: | NIC esp-hw-offload not for connection 'north-dpd/0x1' not available on interface eth1 Aug 26 18:33:37.177100: | netlink: enabling tunnel mode Aug 26 18:33:37.177103: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 18:33:37.177106: | netlink: esp-hw-offload not set for IPsec SA Aug 26 18:33:37.177140: | netlink response for Add SA esp.1c276340@192.1.3.33 included non-error error Aug 26 18:33:37.177146: | priority calculation of connection "north-dpd/0x1" is 0xfe7e7 Aug 26 18:33:37.177154: | add inbound eroute 192.0.2.0/24:0 --0-> 192.0.3.0/24:0 => tun.10000@192.1.3.33 (raw_eroute) Aug 26 18:33:37.177158: | IPsec Sa SPD priority set to 1042407 Aug 26 18:33:37.177182: | raw_eroute result=success Aug 26 18:33:37.177187: | set up incoming SA, ref=0/0 Aug 26 18:33:37.177191: | sr for #6: prospective erouted Aug 26 18:33:37.177194: | route_and_eroute() for proto 0, and source port 0 dest port 0 Aug 26 18:33:37.177198: | FOR_EACH_CONNECTION_... in route_owner Aug 26 18:33:37.177201: | conn north-dpd/0x1 mark 0/00000000, 0/00000000 vs Aug 26 18:33:37.177205: | conn north-dpd/0x1 mark 0/00000000, 0/00000000 Aug 26 18:33:37.177209: | conn north-dpd/0x1 mark 0/00000000, 0/00000000 vs Aug 26 18:33:37.177212: | conn north-dpd/0x2 mark 0/00000000, 0/00000000 Aug 26 18:33:37.177217: | route owner of "north-dpd/0x1" prospective erouted: self; eroute owner: self Aug 26 18:33:37.177222: | route_and_eroute with c: north-dpd/0x1 (next: none) ero:north-dpd/0x1 esr:{(nil)} ro:north-dpd/0x1 rosr:{(nil)} and state: #6 Aug 26 18:33:37.177225: | priority calculation of connection "north-dpd/0x1" is 0xfe7e7 Aug 26 18:33:37.177230: | eroute_connection replace eroute 192.0.3.0/24:0 --0-> 192.0.2.0/24:0 => tun.0@192.1.2.23>tun.0@192.1.2.23 (raw_eroute) Aug 26 18:33:37.177232: | IPsec Sa SPD priority set to 1042407 Aug 26 18:33:37.177244: | raw_eroute result=success Aug 26 18:33:37.177247: | running updown command "ipsec _updown" for verb up Aug 26 18:33:37.177250: | command executing up-client Aug 26 18:33:37.177275: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:33:37.177282: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:33:37.177301: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-dpd/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENC Aug 26 18:33:37.177306: | popen cmd is 1398 chars long Aug 26 18:33:37.177308: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-dpd/0x1' PLUT: Aug 26 18:33:37.177310: | cmd( 80):O_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_I: Aug 26 18:33:37.177312: | cmd( 160):D='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testin: Aug 26 18:33:37.177313: | cmd( 240):g.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/: Aug 26 18:33:37.177315: | cmd( 320):24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_M: Aug 26 18:33:37.177317: | cmd( 400):Y_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUT: Aug 26 18:33:37.177318: | cmd( 480):O_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=: Aug 26 18:33:37.177320: | cmd( 560):Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.or: Aug 26 18:33:37.177322: | cmd( 640):g' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER: Aug 26 18:33:37.177323: | cmd( 720):_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_P: Aug 26 18:33:37.177325: | cmd( 800):EER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libresw: Aug 26 18:33:37.177327: | cmd( 880):an test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTI: Aug 26 18:33:37.177328: | cmd( 960):ME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+I: Aug 26 18:33:37.177330: | cmd(1040):KE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4: Aug 26 18:33:37.177332: | cmd(1120):' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAI: Aug 26 18:33:37.177333: | cmd(1200):N_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_N: Aug 26 18:33:37.177335: | cmd(1280):M_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xe0d54674: Aug 26 18:33:37.177336: | cmd(1360): SPI_OUT=0x1c276340 ipsec _updown 2>&1: Aug 26 18:33:37.188461: | route_and_eroute: firewall_notified: true Aug 26 18:33:37.188483: | route_and_eroute: instance "north-dpd/0x1", setting eroute_owner {spd=0x55a94fbc1f38,sr=0x55a94fbc1f38} to #6 (was #0) (newest_ipsec_sa=#0) Aug 26 18:33:37.188585: | #1 spent 0.864 milliseconds in install_ipsec_sa() Aug 26 18:33:37.188595: | emitting 12 zero bytes of encryption padding into ISAKMP Message Aug 26 18:33:37.188600: | no IKEv1 message padding required Aug 26 18:33:37.188603: | emitting length of ISAKMP Message: 76 Aug 26 18:33:37.188648: | inR1_outI2: instance north-dpd/0x1[0], setting IKEv1 newest_ipsec_sa to #6 (was #0) (spd.eroute=#6) cloned from #1 Aug 26 18:33:37.188654: | DPD: dpd_init() called on IPsec SA Aug 26 18:33:37.188663: | State DB: found IKEv1 state #1 in MAIN_I4 (find_state_ikev1) Aug 26 18:33:37.188671: | event_schedule: new EVENT_DPD-pe@0x55a94fbca6b8 Aug 26 18:33:37.188676: | inserting event EVENT_DPD, timeout in 3 seconds for #6 Aug 26 18:33:37.188680: | libevent_malloc: new ptr-libevent@0x55a94fbc3148 size 128 Aug 26 18:33:37.188692: | complete v1 state transition with STF_OK Aug 26 18:33:37.188700: | [RE]START processing: state #6 connection "north-dpd/0x1" from 192.1.2.23 (in complete_v1_state_transition() at ikev1.c:2673) Aug 26 18:33:37.188703: | #6 is idle Aug 26 18:33:37.188706: | doing_xauth:no, t_xauth_client_done:no Aug 26 18:33:37.188710: | IKEv1: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2 Aug 26 18:33:37.188715: | child state #6: QUICK_I1(established CHILD SA) => QUICK_I2(established CHILD SA) Aug 26 18:33:37.188718: | event_already_set, deleting event Aug 26 18:33:37.188722: | state #6 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 18:33:37.188728: | libevent_free: release ptr-libevent@0x7f5498004fd8 Aug 26 18:33:37.188734: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55a94fbcd948 Aug 26 18:33:37.188745: | sending reply packet to 192.1.2.23:500 (from 192.1.3.33:500) Aug 26 18:33:37.188756: | sending 76 bytes for STATE_QUICK_I1 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #6) Aug 26 18:33:37.188761: | b4 b9 92 b1 8c d6 51 ed 11 de db 08 7f 65 6e 7d Aug 26 18:33:37.188764: | 08 10 20 01 4e 17 d4 82 00 00 00 4c 2f af 4e 48 Aug 26 18:33:37.188767: | 09 bf c7 bf 19 30 50 07 4d a5 70 09 62 af af c1 Aug 26 18:33:37.188769: | 1b 53 4a e5 e1 aa 5d 28 1e 28 3b 14 ae 67 52 21 Aug 26 18:33:37.188772: | ee 5a 47 21 67 9e e9 6f 29 6d 85 82 Aug 26 18:33:37.188831: | !event_already_set at reschedule Aug 26 18:33:37.188838: | event_schedule: new EVENT_SA_REPLACE-pe@0x55a94fbcd948 Aug 26 18:33:37.188842: | inserting event EVENT_SA_REPLACE, timeout in 27829 seconds for #6 Aug 26 18:33:37.188846: | libevent_malloc: new ptr-libevent@0x7f5498004fd8 size 128 Aug 26 18:33:37.188849: | pstats #6 ikev1.ipsec established Aug 26 18:33:37.188855: | NAT-T: encaps is 'auto' Aug 26 18:33:37.188860: "north-dpd/0x1" #6: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode {ESP=>0xe0d54674 <0x1c276340 xfrm=AES_CBC_128-HMAC_SHA1_96 NATOA=none NATD=none DPD=active} Aug 26 18:33:37.188864: | modecfg pull: noquirk policy:push not-client Aug 26 18:33:37.188867: | phase 1 is done, looking for phase 2 to unpend Aug 26 18:33:37.188874: | resume sending helper answer for #6 suppresed complete_v1_state_transition() Aug 26 18:33:37.188881: | #6 spent 1.3 milliseconds in resume sending helper answer Aug 26 18:33:37.188887: | stop processing: state #6 connection "north-dpd/0x1" from 192.1.2.23 (in resume_handler() at server.c:833) Aug 26 18:33:37.188892: | libevent_free: release ptr-libevent@0x7f5490005518 Aug 26 18:33:37.188906: | processing signal PLUTO_SIGCHLD Aug 26 18:33:37.188912: | waitpid returned ECHILD (no child processes left) Aug 26 18:33:37.188917: | spent 0.00554 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 18:33:37.402264: | kernel_process_msg_cb process netlink message Aug 26 18:33:37.402286: | netlink_get: XFRM_MSG_EXPIRE message Aug 26 18:33:37.402300: | spent 0.0113 milliseconds in kernel message Aug 26 18:33:37.402680: | kernel_process_msg_cb process netlink message Aug 26 18:33:37.402693: | netlink_get: XFRM_MSG_EXPIRE message Aug 26 18:33:37.402698: | spent 0.00741 milliseconds in kernel message Aug 26 18:33:39.421362: | timer_event_cb: processing event@0x55a94fbcf2d8 Aug 26 18:33:39.421383: | handling event EVENT_RETRANSMIT for child state #4 Aug 26 18:33:39.421391: | start processing: state #4 connection "north-dpd/0x2" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 18:33:39.421396: | IKEv1 retransmit event Aug 26 18:33:39.421401: | [RE]START processing: state #4 connection "north-dpd/0x2" from 192.1.2.23 (in retransmit_v1_msg() at retry.c:61) Aug 26 18:33:39.421405: | handling event EVENT_RETRANSMIT for 192.1.2.23 "north-dpd/0x2" #4 keying attempt 1 of 0; retransmit 7 Aug 26 18:33:39.421415: | retransmits: current time 29705.163879; retransmit count 6 exceeds limit? NO; deltatime 32 exceeds limit? NO; monotime 32.018866 exceeds limit? NO Aug 26 18:33:39.421420: | event_schedule: new EVENT_RETRANSMIT-pe@0x55a94fb5b238 Aug 26 18:33:39.421424: | inserting event EVENT_RETRANSMIT, timeout in 32 seconds for #4 Aug 26 18:33:39.421428: | libevent_malloc: new ptr-libevent@0x7f5490005518 size 128 Aug 26 18:33:39.421432: "north-dpd/0x2" #4: STATE_QUICK_I1: retransmission; will wait 32 seconds for response Aug 26 18:33:39.421442: | sending 476 bytes for EVENT_RETRANSMIT through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #4) Aug 26 18:33:39.421444: | b4 b9 92 b1 8c d6 51 ed 11 de db 08 7f 65 6e 7d Aug 26 18:33:39.421447: | 08 10 20 01 b6 39 03 a6 00 00 01 dc 54 ea 7c 43 Aug 26 18:33:39.421449: | 1c 97 7f e6 69 37 b5 08 79 79 fc 5f 77 3e a4 6e Aug 26 18:33:39.421451: | a9 ce 78 52 9c 8d 22 6f a7 b9 f0 f4 fa 2e 96 50 Aug 26 18:33:39.421453: | 5b 44 12 c0 cf 98 1b 09 86 21 6a d8 dc af 84 f9 Aug 26 18:33:39.421455: | 0b 00 e6 c1 30 f5 48 b8 34 eb 70 09 9d 20 7a a8 Aug 26 18:33:39.421457: | c8 71 39 5a 82 10 df bb 54 cf 90 06 f1 d6 8c dd Aug 26 18:33:39.421459: | ae 5a 47 3a 09 40 f8 56 59 d1 72 bd ec bf 36 61 Aug 26 18:33:39.421461: | d9 d3 9d 05 5e 5e 89 87 aa 38 25 64 b8 b2 d5 57 Aug 26 18:33:39.421464: | 40 31 68 fe 09 1a 92 5d b1 1d a6 0e b5 a5 c7 69 Aug 26 18:33:39.421466: | 1b 80 fa 85 0c e2 1e f4 2c aa 61 ee df 5e d0 23 Aug 26 18:33:39.421468: | db 16 08 4d 6c 57 e7 f3 e3 ee 12 67 c3 65 1c e4 Aug 26 18:33:39.421470: | 17 95 6b 5c 49 a7 af 59 a1 ca 7f 40 e2 7c 7c 6a Aug 26 18:33:39.421472: | af 2d a8 4e af 7e 82 70 58 c8 be 62 70 40 09 f1 Aug 26 18:33:39.421474: | bf a6 a3 53 91 4d 60 fb 52 6f 83 1b c8 ca 95 8d Aug 26 18:33:39.421476: | 31 ab 51 d3 da 0f 7e e5 a3 a2 43 2f 70 40 64 77 Aug 26 18:33:39.421478: | 1b 23 29 ea 31 1e 9e 8f 84 47 50 43 b0 15 10 54 Aug 26 18:33:39.421480: | 99 74 78 97 39 37 ec 1a 5f 89 ef c3 5d 06 02 4b Aug 26 18:33:39.421483: | 9c 04 7f ab 23 1c 61 15 9a 3d 07 a4 cb 61 f9 33 Aug 26 18:33:39.421485: | 83 a9 81 d9 c9 e1 75 05 e5 af 86 50 d5 8f 3a fd Aug 26 18:33:39.421487: | b6 92 2e a3 86 a5 36 7b cc 81 89 1b cc 34 06 0b Aug 26 18:33:39.421489: | db d1 8a 5d f7 20 27 d6 5d 0a de 76 f7 c2 f1 e2 Aug 26 18:33:39.421491: | 0d 5b 6e ba a6 51 5d cb b3 7b 51 38 68 1a 2c 5a Aug 26 18:33:39.421493: | 8c 5a f8 d0 8e 7a 96 cf 3b 27 03 12 11 9c ea f6 Aug 26 18:33:39.421495: | d2 e1 a5 a9 0f e8 a5 e6 cb d6 1e 83 46 49 78 49 Aug 26 18:33:39.421497: | df c0 6f 82 80 91 38 46 15 ce c7 5c ce 3e b3 3b Aug 26 18:33:39.421500: | 56 b8 6b 70 db 53 d8 05 c1 94 bd 48 39 c8 1b 59 Aug 26 18:33:39.421502: | 62 0d 11 84 e2 57 00 bc 3b 9c 3e 4b 86 f6 25 22 Aug 26 18:33:39.421504: | 9f 44 3b a7 0c 6b 5d f0 24 30 01 14 f2 a2 63 8a Aug 26 18:33:39.421506: | f3 39 60 c7 e5 ad 00 bc df a1 b5 34 Aug 26 18:33:39.421560: | libevent_free: release ptr-libevent@0x55a94fbe9308 Aug 26 18:33:39.421565: | free_event_entry: release EVENT_RETRANSMIT-pe@0x55a94fbcf2d8 Aug 26 18:33:39.421574: | #4 spent 0.186 milliseconds in timer_event_cb() EVENT_RETRANSMIT Aug 26 18:33:39.421578: | stop processing: state #4 connection "north-dpd/0x2" from 192.1.2.23 (in timer_event_cb() at timer.c:557) Aug 26 18:33:39.421582: | timer_event_cb: processing event@0x7f548c002b78 Aug 26 18:33:39.421585: | handling event EVENT_RETRANSMIT for child state #5 Aug 26 18:33:39.421590: | start processing: state #5 connection "north-dpd/0x1" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 18:33:39.421597: | IKEv1 retransmit event Aug 26 18:33:39.421603: | [RE]START processing: state #5 connection "north-dpd/0x1" from 192.1.2.23 (in retransmit_v1_msg() at retry.c:61) Aug 26 18:33:39.421610: | handling event EVENT_RETRANSMIT for 192.1.2.23 "north-dpd/0x1" #5 keying attempt 1 of 0; retransmit 7 Aug 26 18:33:39.421620: | retransmits: current time 29705.164084; retransmit count 6 exceeds limit? NO; deltatime 32 exceeds limit? NO; monotime 32.018687 exceeds limit? NO Aug 26 18:33:39.421626: | event_schedule: new EVENT_RETRANSMIT-pe@0x55a94fbcf2d8 Aug 26 18:33:39.421631: | inserting event EVENT_RETRANSMIT, timeout in 32 seconds for #5 Aug 26 18:33:39.421635: | libevent_malloc: new ptr-libevent@0x55a94fbe9308 size 128 Aug 26 18:33:39.421640: "north-dpd/0x1" #5: STATE_QUICK_I1: retransmission; will wait 32 seconds for response Aug 26 18:33:39.421648: | sending 476 bytes for EVENT_RETRANSMIT through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #5) Aug 26 18:33:39.421653: | b4 b9 92 b1 8c d6 51 ed 11 de db 08 7f 65 6e 7d Aug 26 18:33:39.421656: | 08 10 20 01 78 d8 34 18 00 00 01 dc 00 05 b1 cf Aug 26 18:33:39.421660: | eb ef e6 6d c3 4a 16 06 66 f9 4f f8 43 34 29 3d Aug 26 18:33:39.421663: | ca 06 34 94 ca 10 c3 6f 07 6f 75 8a 79 08 90 26 Aug 26 18:33:39.421666: | bc a3 57 e4 ad b5 fb e1 fb 3c cc 06 d6 d2 1f c4 Aug 26 18:33:39.421670: | ac 43 4b a4 18 cf 9f 14 06 33 55 cd f1 ae 7f 1f Aug 26 18:33:39.421673: | 30 48 6c 80 d8 3b 6b 03 91 f2 13 55 38 79 0e e8 Aug 26 18:33:39.421677: | d0 32 c6 56 75 ce f8 86 eb 24 03 a3 6c 44 02 a1 Aug 26 18:33:39.421680: | 05 ef 7c 86 82 b6 87 e1 9e 36 7d 43 1d b6 0f c9 Aug 26 18:33:39.421684: | 5d ef 73 03 63 5b a6 2d b6 29 9e 39 0d e2 a8 06 Aug 26 18:33:39.421687: | 9b a0 12 04 23 17 96 20 4b 5e 9e 7f ea fa aa 2f Aug 26 18:33:39.421691: | 68 54 d4 72 9c 92 68 ca 33 1a 3b a9 6a 88 92 a5 Aug 26 18:33:39.421694: | 83 b1 e0 ef 71 07 7e f3 9b f8 db 4f 87 4b af b0 Aug 26 18:33:39.421697: | 6c f7 7d f9 32 82 bd be 78 78 4a ac 5e 3e 1e 27 Aug 26 18:33:39.421701: | c2 a4 9b d2 23 63 20 95 8c 83 5e 95 96 15 69 c2 Aug 26 18:33:39.421704: | 88 dc fd e7 8b a4 be b8 9e 49 7b 0a b5 97 25 49 Aug 26 18:33:39.421708: | 04 18 51 00 6b 4d 7f 2d 73 f8 68 5a f9 e2 bb d9 Aug 26 18:33:39.421711: | 73 cf 23 b7 c4 fc af cb 83 ff b7 85 70 39 ab 84 Aug 26 18:33:39.421714: | a1 b5 42 47 b4 ab a2 03 9a dc cd ae 11 0d 20 73 Aug 26 18:33:39.421718: | 63 fa 94 d6 8a 04 dc 2d cb d8 bf b9 81 cb 3e 69 Aug 26 18:33:39.421721: | 4f 93 5c fd f4 b1 39 f4 c3 6a 5a 2b f9 28 8f 14 Aug 26 18:33:39.421724: | 6f bb ac d3 9c b9 55 a1 11 15 e7 85 c0 32 35 ef Aug 26 18:33:39.421728: | 3e f4 3a 46 0a 1f 6f ea 5e bb 65 af bc 84 bf 8b Aug 26 18:33:39.421732: | 19 30 7b 44 7b 85 27 b6 a8 df 82 2a 61 a7 37 f5 Aug 26 18:33:39.421736: | 1c db 52 f2 2e 09 8f f8 a5 f1 c5 80 ed d5 d3 3d Aug 26 18:33:39.421739: | e0 ce a9 a6 1b 5d e2 41 08 ec 9a 97 e7 20 f4 00 Aug 26 18:33:39.421743: | 74 76 1a bf c1 c7 07 33 86 4e cb a4 f5 d5 34 c7 Aug 26 18:33:39.421747: | 33 0a 4b eb f1 25 dd 34 2c c6 b5 99 a5 51 55 fc Aug 26 18:33:39.421750: | 54 cb 9d 3e cc ca 48 80 61 e2 bd 5f 3e 98 44 37 Aug 26 18:33:39.421754: | 6f 66 87 3b cc 1c e2 99 85 ff ec 45 Aug 26 18:33:39.421773: | libevent_free: release ptr-libevent@0x7f548c002888 Aug 26 18:33:39.421777: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f548c002b78 Aug 26 18:33:39.421783: | #5 spent 0.192 milliseconds in timer_event_cb() EVENT_RETRANSMIT Aug 26 18:33:39.421787: | stop processing: state #5 connection "north-dpd/0x1" from 192.1.2.23 (in timer_event_cb() at timer.c:557) Aug 26 18:33:39.425799: | spent 0.00323 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:33:39.425824: | *received 460 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 18:33:39.425828: | b4 b9 92 b1 8c d6 51 ed 11 de db 08 7f 65 6e 7d Aug 26 18:33:39.425830: | 08 10 20 01 b6 39 03 a6 00 00 01 cc fc c3 8f 1b Aug 26 18:33:39.425832: | 2e 15 81 44 14 2d 3a a1 34 d3 55 d4 b3 cd bb 21 Aug 26 18:33:39.425834: | 77 8b 76 93 ac f0 77 b2 bd 6a 25 8f 46 9a a0 50 Aug 26 18:33:39.425837: | 3e 1e 1b 7d 0e 13 69 9d e7 06 23 f1 63 9a 34 d3 Aug 26 18:33:39.425839: | f3 13 e8 34 81 4d 13 76 5b c9 91 75 f9 cf 31 4c Aug 26 18:33:39.425843: | 5a 69 ae 18 d9 25 88 dc 66 0c 28 cb 61 df 2c db Aug 26 18:33:39.425846: | 1c 20 6e f4 95 dc 7f 89 f9 35 6d f5 14 e4 ff 04 Aug 26 18:33:39.425848: | 3b 21 45 db 20 7c a5 0e 3c 24 b9 0e 04 21 ec 45 Aug 26 18:33:39.425850: | 9a 50 40 b1 51 4d bd ba 4f 88 9c de 30 dd 3e 38 Aug 26 18:33:39.425852: | 94 b8 7c ed 96 9d 2f 7a f5 14 7f 86 f4 26 4a cb Aug 26 18:33:39.425854: | 67 2e ef 16 8f 69 4d 87 aa f6 9c 0d ce b6 6b d7 Aug 26 18:33:39.425856: | db 20 18 96 8d fa e3 e5 49 8a 33 cd 28 52 f2 03 Aug 26 18:33:39.425858: | 0e 6c ef 26 4f ea 28 40 4b a3 2e 99 03 d5 ae b7 Aug 26 18:33:39.425860: | 51 91 17 1b db 22 49 6b cf ba f6 64 c1 8a 82 2e Aug 26 18:33:39.425862: | 13 3a e7 31 5b 22 89 02 1e 40 c6 ee 29 31 0d 29 Aug 26 18:33:39.425864: | b8 8d c9 5f 14 f9 be b3 68 51 4a 1a b3 e6 04 ed Aug 26 18:33:39.425866: | 76 15 c9 cb 54 b2 2b 9b 0e a8 e3 ac 96 e7 d7 3f Aug 26 18:33:39.425868: | ad a4 50 1a 1d f6 2d 5a dd ad 4f b3 83 9f 77 23 Aug 26 18:33:39.425871: | 62 63 a2 ad a4 7e cc da 14 d6 f4 82 d5 7d 2b fe Aug 26 18:33:39.425873: | 97 60 97 f3 ab 50 ed ea 65 ca 45 b8 79 ec dc e1 Aug 26 18:33:39.425875: | dd 1a a6 e4 90 71 e8 7a 54 15 08 9f 3d a4 d2 a9 Aug 26 18:33:39.425877: | bc a5 a3 57 30 87 93 20 ed 57 f5 fb 02 f4 b3 34 Aug 26 18:33:39.425879: | 4b d9 c1 01 ab 2f c4 26 a1 5b b5 e8 9b ec cd 37 Aug 26 18:33:39.425881: | 08 44 7e 37 e7 7c 5f 2e 6f 49 74 78 19 65 72 d8 Aug 26 18:33:39.425883: | b9 fb 70 c9 55 e0 e6 84 24 3f 42 38 3b 6d d8 9c Aug 26 18:33:39.425885: | d3 b0 45 10 71 0d 79 75 0c f7 d4 c7 2c ea 36 29 Aug 26 18:33:39.425887: | 90 e6 91 37 a0 61 2c ab 2c d7 66 93 d2 cd e4 c9 Aug 26 18:33:39.425889: | 58 24 3e 35 3a 25 64 15 eb 8e 6b c9 Aug 26 18:33:39.425894: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 18:33:39.425897: | **parse ISAKMP Message: Aug 26 18:33:39.425900: | initiator cookie: Aug 26 18:33:39.425903: | b4 b9 92 b1 8c d6 51 ed Aug 26 18:33:39.425907: | responder cookie: Aug 26 18:33:39.425910: | 11 de db 08 7f 65 6e 7d Aug 26 18:33:39.425914: | next payload type: ISAKMP_NEXT_HASH (0x8) Aug 26 18:33:39.425918: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 18:33:39.425921: | exchange type: ISAKMP_XCHG_QUICK (0x20) Aug 26 18:33:39.425926: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 18:33:39.425929: | Message ID: 3057189798 (0xb63903a6) Aug 26 18:33:39.425931: | length: 460 (0x1cc) Aug 26 18:33:39.425934: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32) Aug 26 18:33:39.425939: | State DB: found IKEv1 state #4 in QUICK_I1 (find_state_ikev1) Aug 26 18:33:39.425943: | start processing: state #4 connection "north-dpd/0x2" from 192.1.2.23 (in process_v1_packet() at ikev1.c:1633) Aug 26 18:33:39.425946: | #4 is idle Aug 26 18:33:39.425948: | #4 idle Aug 26 18:33:39.425951: | received encrypted packet from 192.1.2.23:500 Aug 26 18:33:39.425970: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x502 opt: 0x200030 Aug 26 18:33:39.425974: | ***parse ISAKMP Hash Payload: Aug 26 18:33:39.425976: | next payload type: ISAKMP_NEXT_SA (0x1) Aug 26 18:33:39.425979: | length: 36 (0x24) Aug 26 18:33:39.425981: | got payload 0x2 (ISAKMP_NEXT_SA) needed: 0x402 opt: 0x200030 Aug 26 18:33:39.425984: | ***parse ISAKMP Security Association Payload: Aug 26 18:33:39.425987: | next payload type: ISAKMP_NEXT_NONCE (0xa) Aug 26 18:33:39.425989: | length: 56 (0x38) Aug 26 18:33:39.425991: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 18:33:39.425993: | got payload 0x400 (ISAKMP_NEXT_NONCE) needed: 0x400 opt: 0x200030 Aug 26 18:33:39.425996: | ***parse ISAKMP Nonce Payload: Aug 26 18:33:39.425998: | next payload type: ISAKMP_NEXT_KE (0x4) Aug 26 18:33:39.426000: | length: 36 (0x24) Aug 26 18:33:39.426003: | got payload 0x10 (ISAKMP_NEXT_KE) needed: 0x0 opt: 0x200030 Aug 26 18:33:39.426007: | ***parse ISAKMP Key Exchange Payload: Aug 26 18:33:39.426011: | next payload type: ISAKMP_NEXT_ID (0x5) Aug 26 18:33:39.426017: | length: 260 (0x104) Aug 26 18:33:39.426021: | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030 Aug 26 18:33:39.426025: | ***parse ISAKMP Identification Payload (IPsec DOI): Aug 26 18:33:39.426029: | next payload type: ISAKMP_NEXT_ID (0x5) Aug 26 18:33:39.426033: | length: 16 (0x10) Aug 26 18:33:39.426037: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Aug 26 18:33:39.426040: | Protocol ID: 0 (0x0) Aug 26 18:33:39.426044: | port: 0 (0x0) Aug 26 18:33:39.426047: | obj: c0 00 03 00 ff ff ff 00 Aug 26 18:33:39.426051: | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030 Aug 26 18:33:39.426055: | ***parse ISAKMP Identification Payload (IPsec DOI): Aug 26 18:33:39.426058: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:33:39.426062: | length: 16 (0x10) Aug 26 18:33:39.426065: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Aug 26 18:33:39.426069: | Protocol ID: 0 (0x0) Aug 26 18:33:39.426072: | port: 0 (0x0) Aug 26 18:33:39.426075: | obj: c0 00 16 00 ff ff ff 00 Aug 26 18:33:39.426079: | removing 12 bytes of padding Aug 26 18:33:39.426124: | quick_inR1_outI2 HASH(2): Aug 26 18:33:39.426129: | d5 f1 9e 2e de e4 17 7a a9 79 4c c5 ac a5 de 3a Aug 26 18:33:39.426132: | 53 41 92 8f 49 f8 8a 24 2b 36 ac a3 b1 58 a6 dd Aug 26 18:33:39.426136: | received 'quick_inR1_outI2' message HASH(2) data ok Aug 26 18:33:39.426142: | ****parse IPsec DOI SIT: Aug 26 18:33:39.426146: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) Aug 26 18:33:39.426150: | ****parse ISAKMP Proposal Payload: Aug 26 18:33:39.426154: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:33:39.426157: | length: 44 (0x2c) Aug 26 18:33:39.426161: | proposal number: 0 (0x0) Aug 26 18:33:39.426164: | protocol ID: PROTO_IPSEC_ESP (0x3) Aug 26 18:33:39.426168: | SPI size: 4 (0x4) Aug 26 18:33:39.426171: | number of transforms: 1 (0x1) Aug 26 18:33:39.426175: | parsing 4 raw bytes of ISAKMP Proposal Payload into SPI Aug 26 18:33:39.426179: | SPI 69 8e 38 88 Aug 26 18:33:39.426183: | *****parse ISAKMP Transform Payload (ESP): Aug 26 18:33:39.426186: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:33:39.426190: | length: 32 (0x20) Aug 26 18:33:39.426193: | ESP transform number: 0 (0x0) Aug 26 18:33:39.426197: | ESP transform ID: ESP_AES (0xc) Aug 26 18:33:39.426201: | ******parse ISAKMP IPsec DOI attribute: Aug 26 18:33:39.426205: | af+type: AF+GROUP_DESCRIPTION (0x8003) Aug 26 18:33:39.426209: | length/value: 14 (0xe) Aug 26 18:33:39.426212: | [14 is OAKLEY_GROUP_MODP2048] Aug 26 18:33:39.426216: | ******parse ISAKMP IPsec DOI attribute: Aug 26 18:33:39.426220: | af+type: AF+ENCAPSULATION_MODE (0x8004) Aug 26 18:33:39.426224: | length/value: 1 (0x1) Aug 26 18:33:39.426227: | [1 is ENCAPSULATION_MODE_TUNNEL] Aug 26 18:33:39.426232: | NAT-T non-encap: Installing IPsec SA without ENCAP, st->hidden_variables.st_nat_traversal is none Aug 26 18:33:39.426235: | ******parse ISAKMP IPsec DOI attribute: Aug 26 18:33:39.426239: | af+type: AF+SA_LIFE_TYPE (0x8001) Aug 26 18:33:39.426242: | length/value: 1 (0x1) Aug 26 18:33:39.426246: | [1 is SA_LIFE_TYPE_SECONDS] Aug 26 18:33:39.426250: | ******parse ISAKMP IPsec DOI attribute: Aug 26 18:33:39.426253: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) Aug 26 18:33:39.426257: | length/value: 28800 (0x7080) Aug 26 18:33:39.426261: | ******parse ISAKMP IPsec DOI attribute: Aug 26 18:33:39.426265: | af+type: AF+AUTH_ALGORITHM (0x8005) Aug 26 18:33:39.426268: | length/value: 2 (0x2) Aug 26 18:33:39.426272: | [2 is AUTH_ALGORITHM_HMAC_SHA1] Aug 26 18:33:39.426275: | ******parse ISAKMP IPsec DOI attribute: Aug 26 18:33:39.426279: | af+type: AF+KEY_LENGTH (0x8006) Aug 26 18:33:39.426283: | length/value: 128 (0x80) Aug 26 18:33:39.426287: | ESP IPsec Transform verified unconditionally; no alg_info to check against Aug 26 18:33:39.426316: | started looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org of kind PKK_PSK Aug 26 18:33:39.426329: | actually looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org of kind PKK_PSK Aug 26 18:33:39.426343: | line 0: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org) to type PKK_RSA Aug 26 18:33:39.426348: | line 1: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org) to type PKK_RSA Aug 26 18:33:39.426352: | concluding with best_match=000 best=(nil) (lineno=-1) Aug 26 18:33:39.426355: | no PreShared Key Found Aug 26 18:33:39.426361: | adding quick outI2 DH work-order 11 for state #4 Aug 26 18:33:39.426365: | state #4 requesting EVENT_RETRANSMIT to be deleted Aug 26 18:33:39.426369: | #4 STATE_QUICK_I1: retransmits: cleared Aug 26 18:33:39.426374: | libevent_free: release ptr-libevent@0x7f5490005518 Aug 26 18:33:39.426378: | free_event_entry: release EVENT_RETRANSMIT-pe@0x55a94fb5b238 Aug 26 18:33:39.426382: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55a94fb5b238 Aug 26 18:33:39.426388: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #4 Aug 26 18:33:39.426392: | libevent_malloc: new ptr-libevent@0x7f548c002888 size 128 Aug 26 18:33:39.426402: | complete v1 state transition with STF_SUSPEND Aug 26 18:33:39.426409: | [RE]START processing: state #4 connection "north-dpd/0x2" from 192.1.2.23 (in complete_v1_state_transition() at ikev1.c:2648) Aug 26 18:33:39.426411: | crypto helper 2 resuming Aug 26 18:33:39.426413: | suspending state #4 and saving MD Aug 26 18:33:39.426431: | crypto helper 2 starting work-order 11 for state #4 Aug 26 18:33:39.426438: | #4 is busy; has a suspended MD Aug 26 18:33:39.426447: | crypto helper 2 doing compute dh (V1 Phase 2 PFS) (quick outI2 DH); request ID 11 Aug 26 18:33:39.426457: | #4 spent 0.301 milliseconds in process_packet_tail() Aug 26 18:33:39.426464: | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) Aug 26 18:33:39.426471: | stop processing: state #4 connection "north-dpd/0x2" from 192.1.2.23 (in process_md() at demux.c:382) Aug 26 18:33:39.426475: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 18:33:39.426481: | spent 0.654 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:33:39.427366: | crypto helper 2 finished compute dh (V1 Phase 2 PFS) (quick outI2 DH); request ID 11 time elapsed 0.000918 seconds Aug 26 18:33:39.427380: | (#4) spent 0.925 milliseconds in crypto helper computing work-order 11: quick outI2 DH (pcr) Aug 26 18:33:39.427386: | crypto helper 2 sending results from work-order 11 for state #4 to event queue Aug 26 18:33:39.427390: | scheduling resume sending helper answer for #4 Aug 26 18:33:39.427395: | libevent_malloc: new ptr-libevent@0x7f549c003e78 size 128 Aug 26 18:33:39.427406: | crypto helper 2 waiting (nothing to do) Aug 26 18:33:39.427446: | processing resume sending helper answer for #4 Aug 26 18:33:39.427459: | start processing: state #4 connection "north-dpd/0x2" from 192.1.2.23 (in resume_handler() at server.c:797) Aug 26 18:33:39.427464: | crypto helper 2 replies to request ID 11 Aug 26 18:33:39.427467: | calling continuation function 0x55a94f4e2b50 Aug 26 18:33:39.427469: | quick_inR1_outI2_continue for #4: calculated ke+nonce, calculating DH Aug 26 18:33:39.427496: | **emit ISAKMP Message: Aug 26 18:33:39.427499: | initiator cookie: Aug 26 18:33:39.427501: | b4 b9 92 b1 8c d6 51 ed Aug 26 18:33:39.427503: | responder cookie: Aug 26 18:33:39.427505: | 11 de db 08 7f 65 6e 7d Aug 26 18:33:39.427508: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:33:39.427515: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 18:33:39.427518: | exchange type: ISAKMP_XCHG_QUICK (0x20) Aug 26 18:33:39.427520: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 18:33:39.427523: | Message ID: 3057189798 (0xb63903a6) Aug 26 18:33:39.427525: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:33:39.427529: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address Aug 26 18:33:39.427531: | ID address c0 00 03 00 Aug 26 18:33:39.427534: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID mask Aug 26 18:33:39.427536: | ID mask ff ff ff 00 Aug 26 18:33:39.427540: | our client is subnet 192.0.3.0/24 Aug 26 18:33:39.427542: | our client protocol/port is 0/0 Aug 26 18:33:39.427545: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address Aug 26 18:33:39.427547: | ID address c0 00 16 00 Aug 26 18:33:39.427549: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID mask Aug 26 18:33:39.427551: | ID mask ff ff ff 00 Aug 26 18:33:39.427554: | peer client is subnet 192.0.22.0/24 Aug 26 18:33:39.427556: | peer client protocol/port is 0/0 Aug 26 18:33:39.427559: | ***emit ISAKMP Hash Payload: Aug 26 18:33:39.427561: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:33:39.427564: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Aug 26 18:33:39.427567: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'reply packet' Aug 26 18:33:39.427570: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Aug 26 18:33:39.427572: | emitting length of ISAKMP Hash Payload: 36 Aug 26 18:33:39.427598: | quick_inR1_outI2 HASH(3): Aug 26 18:33:39.427602: | f8 0c fe b9 19 ab 31 5b f6 96 36 de 47 28 1d 6d Aug 26 18:33:39.427604: | b2 3a 10 23 ff dd 69 82 20 49 63 70 f9 68 ee 83 Aug 26 18:33:39.427607: | compute_proto_keymat: needed_len (after ESP enc)=16 Aug 26 18:33:39.427609: | compute_proto_keymat: needed_len (after ESP auth)=36 Aug 26 18:33:39.427720: | install_ipsec_sa() for #4: inbound and outbound Aug 26 18:33:39.427724: | could_route called for north-dpd/0x2 (kind=CK_PERMANENT) Aug 26 18:33:39.427727: | FOR_EACH_CONNECTION_... in route_owner Aug 26 18:33:39.427730: | conn north-dpd/0x2 mark 0/00000000, 0/00000000 vs Aug 26 18:33:39.427732: | conn north-dpd/0x1 mark 0/00000000, 0/00000000 Aug 26 18:33:39.427735: | conn north-dpd/0x2 mark 0/00000000, 0/00000000 vs Aug 26 18:33:39.427737: | conn north-dpd/0x2 mark 0/00000000, 0/00000000 Aug 26 18:33:39.427741: | route owner of "north-dpd/0x2" prospective erouted: self; eroute owner: self Aug 26 18:33:39.427744: | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 Aug 26 18:33:39.427747: | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 Aug 26 18:33:39.427750: | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 Aug 26 18:33:39.427753: | setting IPsec SA replay-window to 32 Aug 26 18:33:39.427756: | NIC esp-hw-offload not for connection 'north-dpd/0x2' not available on interface eth1 Aug 26 18:33:39.427759: | netlink: enabling tunnel mode Aug 26 18:33:39.427762: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 18:33:39.427764: | netlink: esp-hw-offload not set for IPsec SA Aug 26 18:33:39.427812: | netlink response for Add SA esp.698e3888@192.1.2.23 included non-error error Aug 26 18:33:39.427816: | set up outgoing SA, ref=0/0 Aug 26 18:33:39.427819: | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 Aug 26 18:33:39.427822: | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 Aug 26 18:33:39.427824: | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 Aug 26 18:33:39.427827: | setting IPsec SA replay-window to 32 Aug 26 18:33:39.427830: | NIC esp-hw-offload not for connection 'north-dpd/0x2' not available on interface eth1 Aug 26 18:33:39.427834: | netlink: enabling tunnel mode Aug 26 18:33:39.427837: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 18:33:39.427839: | netlink: esp-hw-offload not set for IPsec SA Aug 26 18:33:39.427871: "north-dpd/0x2" #4: ERROR: netlink response for Add SA esp.abe7ff90@192.1.3.33 included errno 3: No such process Aug 26 18:33:39.427876: "north-dpd/0x2" #4: setup_half_ipsec_sa() hit fail: Aug 26 18:33:39.427879: | complete v1 state transition with STF_INTERNAL_ERROR Aug 26 18:33:39.427883: | [RE]START processing: state #4 connection "north-dpd/0x2" from 192.1.2.23 (in complete_v1_state_transition() at ikev1.c:2673) Aug 26 18:33:39.427886: | #4 is idle Aug 26 18:33:39.427924: | state transition function for STATE_QUICK_I1 had internal error Aug 26 18:33:39.427929: | resume sending helper answer for #4 suppresed complete_v1_state_transition() Aug 26 18:33:39.427935: | #4 spent 0.47 milliseconds in resume sending helper answer Aug 26 18:33:39.427940: | stop processing: state #4 connection "north-dpd/0x2" from 192.1.2.23 (in resume_handler() at server.c:833) Aug 26 18:33:39.427943: | libevent_free: release ptr-libevent@0x7f549c003e78 Aug 26 18:33:39.428155: | spent 0.00243 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:33:39.428168: | *received 460 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 18:33:39.428171: | b4 b9 92 b1 8c d6 51 ed 11 de db 08 7f 65 6e 7d Aug 26 18:33:39.428173: | 08 10 20 01 78 d8 34 18 00 00 01 cc a3 5a 90 15 Aug 26 18:33:39.428176: | 6a 26 b4 ac cb 38 13 42 12 da f7 37 61 8e e3 26 Aug 26 18:33:39.428178: | 4a e8 57 8f 42 3a d5 17 74 ac 6e 21 3b b9 55 84 Aug 26 18:33:39.428180: | 27 a7 db 5a 64 ee 2e 76 45 a9 96 69 51 ee 23 d3 Aug 26 18:33:39.428182: | fb 42 f2 81 c1 1a 31 87 f3 09 d3 de 29 2d e6 d2 Aug 26 18:33:39.428184: | c3 d6 d0 dd 21 ee 37 fd 0c 70 14 f5 57 fb 00 c3 Aug 26 18:33:39.428186: | 5e 2d 67 50 8e f6 28 ab 21 06 7a 98 23 cf a3 ee Aug 26 18:33:39.428189: | b2 91 d4 75 79 26 18 9c f0 4a c9 cf 96 58 e9 f5 Aug 26 18:33:39.428191: | 8a ff f8 f2 1e 3d e2 fb a2 34 32 07 be 6c 55 8e Aug 26 18:33:39.428193: | 08 6b f5 67 87 b2 52 71 93 e0 5e d3 c5 f6 27 82 Aug 26 18:33:39.428195: | 93 68 00 73 1b ee 67 f4 fb 12 01 4e 7e cb ee cf Aug 26 18:33:39.428197: | 55 3a 59 b0 af f0 e6 bb b8 b9 aa 41 f7 d4 d6 0e Aug 26 18:33:39.428199: | 88 86 3d a4 0a e7 10 cb ca 22 42 8e f3 e6 34 73 Aug 26 18:33:39.428202: | 3a c3 ec 81 d7 5b 97 b3 51 72 e7 84 84 6b 13 71 Aug 26 18:33:39.428204: | e7 a9 cf 23 a4 b2 73 67 0c dd d2 e4 87 cb cc bb Aug 26 18:33:39.428206: | ee d2 0a b4 d0 bf 3f 90 d5 1f 6f 22 d5 ed 3f ba Aug 26 18:33:39.428208: | bb cc 43 3b a8 99 b0 d7 b3 26 42 16 5d 94 ce d1 Aug 26 18:33:39.428210: | 7f 14 6d 8e 69 f5 2e 61 15 48 c2 27 84 f4 76 36 Aug 26 18:33:39.428212: | 52 a3 33 f6 d4 b0 a8 c7 44 8c 35 3c fd 97 8d ae Aug 26 18:33:39.428214: | fb 23 22 81 01 f9 da a5 fd 90 55 b6 a5 4f f2 e2 Aug 26 18:33:39.428217: | 5a 4e 8e da 34 4b 6c 7a 29 61 52 80 be 0e 03 f4 Aug 26 18:33:39.428219: | 1d 66 33 38 4b a9 97 05 54 6c e8 67 04 aa a7 f6 Aug 26 18:33:39.428221: | f1 d3 c9 de cd 63 54 49 82 02 d1 38 f8 3a c6 75 Aug 26 18:33:39.428223: | 02 eb 7d d8 02 c7 8a d9 1a 18 16 83 c9 60 67 9e Aug 26 18:33:39.428225: | cd 43 df 34 68 6e a4 90 42 f1 01 9a ae 5a fa a1 Aug 26 18:33:39.428227: | 29 7b 39 4f 9c a1 6c 5f a4 93 09 fe e7 07 87 01 Aug 26 18:33:39.428230: | e6 65 0a ad 2f c4 70 c3 12 7a b9 e9 27 b1 c2 e3 Aug 26 18:33:39.428232: | 8a 4e 4a 7b e9 7b 0a 0d 98 0a f4 81 Aug 26 18:33:39.428236: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 18:33:39.428239: | **parse ISAKMP Message: Aug 26 18:33:39.428241: | initiator cookie: Aug 26 18:33:39.428243: | b4 b9 92 b1 8c d6 51 ed Aug 26 18:33:39.428245: | responder cookie: Aug 26 18:33:39.428248: | 11 de db 08 7f 65 6e 7d Aug 26 18:33:39.428250: | next payload type: ISAKMP_NEXT_HASH (0x8) Aug 26 18:33:39.428255: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 18:33:39.428257: | exchange type: ISAKMP_XCHG_QUICK (0x20) Aug 26 18:33:39.428260: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 18:33:39.428262: | Message ID: 2027435032 (0x78d83418) Aug 26 18:33:39.428265: | length: 460 (0x1cc) Aug 26 18:33:39.428267: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32) Aug 26 18:33:39.428271: | State DB: found IKEv1 state #5 in QUICK_I1 (find_state_ikev1) Aug 26 18:33:39.428276: | start processing: state #5 connection "north-dpd/0x1" from 192.1.2.23 (in process_v1_packet() at ikev1.c:1633) Aug 26 18:33:39.428278: | #5 is idle Aug 26 18:33:39.428280: | #5 idle Aug 26 18:33:39.428284: | received encrypted packet from 192.1.2.23:500 Aug 26 18:33:39.428301: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x502 opt: 0x200030 Aug 26 18:33:39.428309: | ***parse ISAKMP Hash Payload: Aug 26 18:33:39.428311: | next payload type: ISAKMP_NEXT_SA (0x1) Aug 26 18:33:39.428313: | length: 36 (0x24) Aug 26 18:33:39.428316: | got payload 0x2 (ISAKMP_NEXT_SA) needed: 0x402 opt: 0x200030 Aug 26 18:33:39.428319: | ***parse ISAKMP Security Association Payload: Aug 26 18:33:39.428321: | next payload type: ISAKMP_NEXT_NONCE (0xa) Aug 26 18:33:39.428323: | length: 56 (0x38) Aug 26 18:33:39.428325: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 18:33:39.428328: | got payload 0x400 (ISAKMP_NEXT_NONCE) needed: 0x400 opt: 0x200030 Aug 26 18:33:39.428330: | ***parse ISAKMP Nonce Payload: Aug 26 18:33:39.428332: | next payload type: ISAKMP_NEXT_KE (0x4) Aug 26 18:33:39.428334: | length: 36 (0x24) Aug 26 18:33:39.428337: | got payload 0x10 (ISAKMP_NEXT_KE) needed: 0x0 opt: 0x200030 Aug 26 18:33:39.428339: | ***parse ISAKMP Key Exchange Payload: Aug 26 18:33:39.428341: | next payload type: ISAKMP_NEXT_ID (0x5) Aug 26 18:33:39.428343: | length: 260 (0x104) Aug 26 18:33:39.428346: | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030 Aug 26 18:33:39.428348: | ***parse ISAKMP Identification Payload (IPsec DOI): Aug 26 18:33:39.428350: | next payload type: ISAKMP_NEXT_ID (0x5) Aug 26 18:33:39.428352: | length: 16 (0x10) Aug 26 18:33:39.428355: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Aug 26 18:33:39.428357: | Protocol ID: 0 (0x0) Aug 26 18:33:39.428359: | port: 0 (0x0) Aug 26 18:33:39.428361: | obj: c0 00 03 00 ff ff ff 00 Aug 26 18:33:39.428364: | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030 Aug 26 18:33:39.428366: | ***parse ISAKMP Identification Payload (IPsec DOI): Aug 26 18:33:39.428368: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:33:39.428370: | length: 16 (0x10) Aug 26 18:33:39.428373: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Aug 26 18:33:39.428375: | Protocol ID: 0 (0x0) Aug 26 18:33:39.428377: | port: 0 (0x0) Aug 26 18:33:39.428379: | obj: c0 00 02 00 ff ff ff 00 Aug 26 18:33:39.428381: | removing 12 bytes of padding Aug 26 18:33:39.428400: | quick_inR1_outI2 HASH(2): Aug 26 18:33:39.428403: | 29 bb 02 f6 09 2c c9 04 aa fd 04 af 93 e2 9d e7 Aug 26 18:33:39.428405: | 15 01 00 d9 1f 56 eb 1c 07 cd 34 54 a0 e6 16 88 Aug 26 18:33:39.428409: | received 'quick_inR1_outI2' message HASH(2) data ok Aug 26 18:33:39.428415: | ****parse IPsec DOI SIT: Aug 26 18:33:39.428419: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) Aug 26 18:33:39.428424: | ****parse ISAKMP Proposal Payload: Aug 26 18:33:39.428427: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:33:39.428431: | length: 44 (0x2c) Aug 26 18:33:39.428434: | proposal number: 0 (0x0) Aug 26 18:33:39.428438: | protocol ID: PROTO_IPSEC_ESP (0x3) Aug 26 18:33:39.428442: | SPI size: 4 (0x4) Aug 26 18:33:39.428445: | number of transforms: 1 (0x1) Aug 26 18:33:39.428450: | parsing 4 raw bytes of ISAKMP Proposal Payload into SPI Aug 26 18:33:39.428453: | SPI 1e 86 7a 01 Aug 26 18:33:39.428458: | *****parse ISAKMP Transform Payload (ESP): Aug 26 18:33:39.428462: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:33:39.428465: | length: 32 (0x20) Aug 26 18:33:39.428471: | ESP transform number: 0 (0x0) Aug 26 18:33:39.428475: | ESP transform ID: ESP_AES (0xc) Aug 26 18:33:39.428479: | ******parse ISAKMP IPsec DOI attribute: Aug 26 18:33:39.428483: | af+type: AF+GROUP_DESCRIPTION (0x8003) Aug 26 18:33:39.428487: | length/value: 14 (0xe) Aug 26 18:33:39.428491: | [14 is OAKLEY_GROUP_MODP2048] Aug 26 18:33:39.428495: | ******parse ISAKMP IPsec DOI attribute: Aug 26 18:33:39.428499: | af+type: AF+ENCAPSULATION_MODE (0x8004) Aug 26 18:33:39.428503: | length/value: 1 (0x1) Aug 26 18:33:39.428506: | [1 is ENCAPSULATION_MODE_TUNNEL] Aug 26 18:33:39.428511: | NAT-T non-encap: Installing IPsec SA without ENCAP, st->hidden_variables.st_nat_traversal is none Aug 26 18:33:39.428515: | ******parse ISAKMP IPsec DOI attribute: Aug 26 18:33:39.428518: | af+type: AF+SA_LIFE_TYPE (0x8001) Aug 26 18:33:39.428522: | length/value: 1 (0x1) Aug 26 18:33:39.428525: | [1 is SA_LIFE_TYPE_SECONDS] Aug 26 18:33:39.428529: | ******parse ISAKMP IPsec DOI attribute: Aug 26 18:33:39.428533: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) Aug 26 18:33:39.428537: | length/value: 28800 (0x7080) Aug 26 18:33:39.428541: | ******parse ISAKMP IPsec DOI attribute: Aug 26 18:33:39.428545: | af+type: AF+AUTH_ALGORITHM (0x8005) Aug 26 18:33:39.428549: | length/value: 2 (0x2) Aug 26 18:33:39.428552: | [2 is AUTH_ALGORITHM_HMAC_SHA1] Aug 26 18:33:39.428556: | ******parse ISAKMP IPsec DOI attribute: Aug 26 18:33:39.428560: | af+type: AF+KEY_LENGTH (0x8006) Aug 26 18:33:39.428563: | length/value: 128 (0x80) Aug 26 18:33:39.428568: | ESP IPsec Transform verified unconditionally; no alg_info to check against Aug 26 18:33:39.428595: | started looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org of kind PKK_PSK Aug 26 18:33:39.428607: | actually looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org of kind PKK_PSK Aug 26 18:33:39.428621: | line 0: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org) to type PKK_RSA Aug 26 18:33:39.428627: | line 1: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org) to type PKK_RSA Aug 26 18:33:39.428631: | concluding with best_match=000 best=(nil) (lineno=-1) Aug 26 18:33:39.428635: | no PreShared Key Found Aug 26 18:33:39.428640: | adding quick outI2 DH work-order 12 for state #5 Aug 26 18:33:39.428644: | state #5 requesting EVENT_RETRANSMIT to be deleted Aug 26 18:33:39.428648: | #5 STATE_QUICK_I1: retransmits: cleared Aug 26 18:33:39.428652: | libevent_free: release ptr-libevent@0x55a94fbe9308 Aug 26 18:33:39.428657: | free_event_entry: release EVENT_RETRANSMIT-pe@0x55a94fbcf2d8 Aug 26 18:33:39.428661: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55a94fbcf2d8 Aug 26 18:33:39.428666: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #5 Aug 26 18:33:39.428671: | libevent_malloc: new ptr-libevent@0x55a94fbef668 size 128 Aug 26 18:33:39.428680: | complete v1 state transition with STF_SUSPEND Aug 26 18:33:39.428688: | [RE]START processing: state #5 connection "north-dpd/0x1" from 192.1.2.23 (in complete_v1_state_transition() at ikev1.c:2648) Aug 26 18:33:39.428692: | suspending state #5 and saving MD Aug 26 18:33:39.428695: | #5 is busy; has a suspended MD Aug 26 18:33:39.428702: | #5 spent 0.286 milliseconds in process_packet_tail() Aug 26 18:33:39.428709: | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) Aug 26 18:33:39.428718: | stop processing: state #5 connection "north-dpd/0x1" from 192.1.2.23 (in process_md() at demux.c:382) Aug 26 18:33:39.428719: | crypto helper 4 resuming Aug 26 18:33:39.428723: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 18:33:39.428735: | crypto helper 4 starting work-order 12 for state #5 Aug 26 18:33:39.428748: | spent 0.575 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:33:39.428759: | crypto helper 4 doing compute dh (V1 Phase 2 PFS) (quick outI2 DH); request ID 12 Aug 26 18:33:39.429500: | crypto helper 4 finished compute dh (V1 Phase 2 PFS) (quick outI2 DH); request ID 12 time elapsed 0.000741 seconds Aug 26 18:33:39.429512: | (#5) spent 0.746 milliseconds in crypto helper computing work-order 12: quick outI2 DH (pcr) Aug 26 18:33:39.429515: | crypto helper 4 sending results from work-order 12 for state #5 to event queue Aug 26 18:33:39.429519: | scheduling resume sending helper answer for #5 Aug 26 18:33:39.429522: | libevent_malloc: new ptr-libevent@0x7f5494001f78 size 128 Aug 26 18:33:39.429529: | crypto helper 4 waiting (nothing to do) Aug 26 18:33:39.429541: | processing resume sending helper answer for #5 Aug 26 18:33:39.429556: | start processing: state #5 connection "north-dpd/0x1" from 192.1.2.23 (in resume_handler() at server.c:797) Aug 26 18:33:39.429564: | crypto helper 4 replies to request ID 12 Aug 26 18:33:39.429568: | calling continuation function 0x55a94f4e2b50 Aug 26 18:33:39.429573: | quick_inR1_outI2_continue for #5: calculated ke+nonce, calculating DH Aug 26 18:33:39.429580: | **emit ISAKMP Message: Aug 26 18:33:39.429584: | initiator cookie: Aug 26 18:33:39.429589: | b4 b9 92 b1 8c d6 51 ed Aug 26 18:33:39.429592: | responder cookie: Aug 26 18:33:39.429596: | 11 de db 08 7f 65 6e 7d Aug 26 18:33:39.429600: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:33:39.429604: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 18:33:39.429608: | exchange type: ISAKMP_XCHG_QUICK (0x20) Aug 26 18:33:39.429612: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 18:33:39.429616: | Message ID: 2027435032 (0x78d83418) Aug 26 18:33:39.429620: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:33:39.429625: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address Aug 26 18:33:39.429628: | ID address c0 00 03 00 Aug 26 18:33:39.429632: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID mask Aug 26 18:33:39.429636: | ID mask ff ff ff 00 Aug 26 18:33:39.429642: | our client is subnet 192.0.3.0/24 Aug 26 18:33:39.429646: | our client protocol/port is 0/0 Aug 26 18:33:39.429650: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address Aug 26 18:33:39.429654: | ID address c0 00 02 00 Aug 26 18:33:39.429658: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID mask Aug 26 18:33:39.429661: | ID mask ff ff ff 00 Aug 26 18:33:39.429666: | peer client is subnet 192.0.2.0/24 Aug 26 18:33:39.429669: | peer client protocol/port is 0/0 Aug 26 18:33:39.429674: | ***emit ISAKMP Hash Payload: Aug 26 18:33:39.429678: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:33:39.429683: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Aug 26 18:33:39.429688: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'reply packet' Aug 26 18:33:39.429693: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Aug 26 18:33:39.429697: | emitting length of ISAKMP Hash Payload: 36 Aug 26 18:33:39.429727: | quick_inR1_outI2 HASH(3): Aug 26 18:33:39.429733: | 5e 99 ed f1 51 b1 5a 32 0b a7 f4 7a f6 13 fc f6 Aug 26 18:33:39.429737: | 45 66 6f eb 58 92 ea e9 46 fd 9a fd f6 51 bc a9 Aug 26 18:33:39.429741: | compute_proto_keymat: needed_len (after ESP enc)=16 Aug 26 18:33:39.429744: | compute_proto_keymat: needed_len (after ESP auth)=36 Aug 26 18:33:39.429868: | #1 spent 1.21 milliseconds Aug 26 18:33:39.429877: | install_ipsec_sa() for #5: inbound and outbound Aug 26 18:33:39.429880: | could_route called for north-dpd/0x1 (kind=CK_PERMANENT) Aug 26 18:33:39.429882: | FOR_EACH_CONNECTION_... in route_owner Aug 26 18:33:39.429885: | conn north-dpd/0x1 mark 0/00000000, 0/00000000 vs Aug 26 18:33:39.429887: | conn north-dpd/0x1 mark 0/00000000, 0/00000000 Aug 26 18:33:39.429890: | conn north-dpd/0x1 mark 0/00000000, 0/00000000 vs Aug 26 18:33:39.429892: | conn north-dpd/0x2 mark 0/00000000, 0/00000000 Aug 26 18:33:39.429896: | route owner of "north-dpd/0x1" erouted: self; eroute owner: self Aug 26 18:33:39.429901: | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 Aug 26 18:33:39.429903: | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 Aug 26 18:33:39.429906: | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 Aug 26 18:33:39.429910: | setting IPsec SA replay-window to 32 Aug 26 18:33:39.429913: | NIC esp-hw-offload not for connection 'north-dpd/0x1' not available on interface eth1 Aug 26 18:33:39.429915: | netlink: enabling tunnel mode Aug 26 18:33:39.429918: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 18:33:39.429920: | netlink: esp-hw-offload not set for IPsec SA Aug 26 18:33:39.429971: | netlink response for Add SA esp.1e867a01@192.1.2.23 included non-error error Aug 26 18:33:39.429975: | set up outgoing SA, ref=0/0 Aug 26 18:33:39.429978: | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 Aug 26 18:33:39.429981: | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 Aug 26 18:33:39.429983: | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 Aug 26 18:33:39.429987: | setting IPsec SA replay-window to 32 Aug 26 18:33:39.429989: | NIC esp-hw-offload not for connection 'north-dpd/0x1' not available on interface eth1 Aug 26 18:33:39.429991: | netlink: enabling tunnel mode Aug 26 18:33:39.429994: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 18:33:39.429996: | netlink: esp-hw-offload not set for IPsec SA Aug 26 18:33:39.430026: "north-dpd/0x1" #5: ERROR: netlink response for Add SA esp.4ae31ab3@192.1.3.33 included errno 3: No such process Aug 26 18:33:39.430031: "north-dpd/0x1" #5: setup_half_ipsec_sa() hit fail: Aug 26 18:33:39.430033: | complete v1 state transition with STF_INTERNAL_ERROR Aug 26 18:33:39.430038: | [RE]START processing: state #5 connection "north-dpd/0x1" from 192.1.2.23 (in complete_v1_state_transition() at ikev1.c:2673) Aug 26 18:33:39.430040: | #5 is idle Aug 26 18:33:39.430077: | state transition function for STATE_QUICK_I1 had internal error Aug 26 18:33:39.430083: | resume sending helper answer for #5 suppresed complete_v1_state_transition() Aug 26 18:33:39.430089: | #5 spent 0.525 milliseconds in resume sending helper answer Aug 26 18:33:39.430093: | stop processing: state #5 connection "north-dpd/0x1" from 192.1.2.23 (in resume_handler() at server.c:833) Aug 26 18:33:39.430097: | libevent_free: release ptr-libevent@0x7f5494001f78 Aug 26 18:33:39.925578: | spent 0.00306 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:33:39.925600: | *received 460 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 18:33:39.925603: | b4 b9 92 b1 8c d6 51 ed 11 de db 08 7f 65 6e 7d Aug 26 18:33:39.925605: | 08 10 20 01 b6 39 03 a6 00 00 01 cc fc c3 8f 1b Aug 26 18:33:39.925607: | 2e 15 81 44 14 2d 3a a1 34 d3 55 d4 b3 cd bb 21 Aug 26 18:33:39.925608: | 77 8b 76 93 ac f0 77 b2 bd 6a 25 8f 46 9a a0 50 Aug 26 18:33:39.925610: | 3e 1e 1b 7d 0e 13 69 9d e7 06 23 f1 63 9a 34 d3 Aug 26 18:33:39.925612: | f3 13 e8 34 81 4d 13 76 5b c9 91 75 f9 cf 31 4c Aug 26 18:33:39.925613: | 5a 69 ae 18 d9 25 88 dc 66 0c 28 cb 61 df 2c db Aug 26 18:33:39.925615: | 1c 20 6e f4 95 dc 7f 89 f9 35 6d f5 14 e4 ff 04 Aug 26 18:33:39.925616: | 3b 21 45 db 20 7c a5 0e 3c 24 b9 0e 04 21 ec 45 Aug 26 18:33:39.925618: | 9a 50 40 b1 51 4d bd ba 4f 88 9c de 30 dd 3e 38 Aug 26 18:33:39.925623: | 94 b8 7c ed 96 9d 2f 7a f5 14 7f 86 f4 26 4a cb Aug 26 18:33:39.925624: | 67 2e ef 16 8f 69 4d 87 aa f6 9c 0d ce b6 6b d7 Aug 26 18:33:39.925626: | db 20 18 96 8d fa e3 e5 49 8a 33 cd 28 52 f2 03 Aug 26 18:33:39.925628: | 0e 6c ef 26 4f ea 28 40 4b a3 2e 99 03 d5 ae b7 Aug 26 18:33:39.925629: | 51 91 17 1b db 22 49 6b cf ba f6 64 c1 8a 82 2e Aug 26 18:33:39.925631: | 13 3a e7 31 5b 22 89 02 1e 40 c6 ee 29 31 0d 29 Aug 26 18:33:39.925632: | b8 8d c9 5f 14 f9 be b3 68 51 4a 1a b3 e6 04 ed Aug 26 18:33:39.925634: | 76 15 c9 cb 54 b2 2b 9b 0e a8 e3 ac 96 e7 d7 3f Aug 26 18:33:39.925636: | ad a4 50 1a 1d f6 2d 5a dd ad 4f b3 83 9f 77 23 Aug 26 18:33:39.925642: | 62 63 a2 ad a4 7e cc da 14 d6 f4 82 d5 7d 2b fe Aug 26 18:33:39.925646: | 97 60 97 f3 ab 50 ed ea 65 ca 45 b8 79 ec dc e1 Aug 26 18:33:39.925648: | dd 1a a6 e4 90 71 e8 7a 54 15 08 9f 3d a4 d2 a9 Aug 26 18:33:39.925651: | bc a5 a3 57 30 87 93 20 ed 57 f5 fb 02 f4 b3 34 Aug 26 18:33:39.925654: | 4b d9 c1 01 ab 2f c4 26 a1 5b b5 e8 9b ec cd 37 Aug 26 18:33:39.925657: | 08 44 7e 37 e7 7c 5f 2e 6f 49 74 78 19 65 72 d8 Aug 26 18:33:39.925660: | b9 fb 70 c9 55 e0 e6 84 24 3f 42 38 3b 6d d8 9c Aug 26 18:33:39.925663: | d3 b0 45 10 71 0d 79 75 0c f7 d4 c7 2c ea 36 29 Aug 26 18:33:39.925666: | 90 e6 91 37 a0 61 2c ab 2c d7 66 93 d2 cd e4 c9 Aug 26 18:33:39.925669: | 58 24 3e 35 3a 25 64 15 eb 8e 6b c9 Aug 26 18:33:39.925675: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 18:33:39.925680: | **parse ISAKMP Message: Aug 26 18:33:39.925684: | initiator cookie: Aug 26 18:33:39.925685: | b4 b9 92 b1 8c d6 51 ed Aug 26 18:33:39.925687: | responder cookie: Aug 26 18:33:39.925689: | 11 de db 08 7f 65 6e 7d Aug 26 18:33:39.925691: | next payload type: ISAKMP_NEXT_HASH (0x8) Aug 26 18:33:39.925693: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 18:33:39.925694: | exchange type: ISAKMP_XCHG_QUICK (0x20) Aug 26 18:33:39.925696: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 18:33:39.925698: | Message ID: 3057189798 (0xb63903a6) Aug 26 18:33:39.925699: | length: 460 (0x1cc) Aug 26 18:33:39.925702: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32) Aug 26 18:33:39.925706: | State DB: found IKEv1 state #4 in QUICK_I1 (find_state_ikev1) Aug 26 18:33:39.925710: | start processing: state #4 connection "north-dpd/0x2" from 192.1.2.23 (in process_v1_packet() at ikev1.c:1633) Aug 26 18:33:39.925713: | #4 is idle Aug 26 18:33:39.925716: | #4 idle Aug 26 18:33:39.925721: | "north-dpd/0x2" #4: discarding duplicate packet; already STATE_QUICK_I1; replied=F retransmit_on_duplicate=F Aug 26 18:33:39.925727: | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) Aug 26 18:33:39.925732: | stop processing: state #4 connection "north-dpd/0x2" from 192.1.2.23 (in process_md() at demux.c:382) Aug 26 18:33:39.925735: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 18:33:39.925738: | spent 0.147 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:33:39.928823: | spent 0.00244 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:33:39.928845: | *received 460 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 18:33:39.928847: | b4 b9 92 b1 8c d6 51 ed 11 de db 08 7f 65 6e 7d Aug 26 18:33:39.928849: | 08 10 20 01 78 d8 34 18 00 00 01 cc a3 5a 90 15 Aug 26 18:33:39.928851: | 6a 26 b4 ac cb 38 13 42 12 da f7 37 61 8e e3 26 Aug 26 18:33:39.928852: | 4a e8 57 8f 42 3a d5 17 74 ac 6e 21 3b b9 55 84 Aug 26 18:33:39.928867: | 27 a7 db 5a 64 ee 2e 76 45 a9 96 69 51 ee 23 d3 Aug 26 18:33:39.928868: | fb 42 f2 81 c1 1a 31 87 f3 09 d3 de 29 2d e6 d2 Aug 26 18:33:39.928870: | c3 d6 d0 dd 21 ee 37 fd 0c 70 14 f5 57 fb 00 c3 Aug 26 18:33:39.928871: | 5e 2d 67 50 8e f6 28 ab 21 06 7a 98 23 cf a3 ee Aug 26 18:33:39.928873: | b2 91 d4 75 79 26 18 9c f0 4a c9 cf 96 58 e9 f5 Aug 26 18:33:39.928889: | 8a ff f8 f2 1e 3d e2 fb a2 34 32 07 be 6c 55 8e Aug 26 18:33:39.928891: | 08 6b f5 67 87 b2 52 71 93 e0 5e d3 c5 f6 27 82 Aug 26 18:33:39.928893: | 93 68 00 73 1b ee 67 f4 fb 12 01 4e 7e cb ee cf Aug 26 18:33:39.928894: | 55 3a 59 b0 af f0 e6 bb b8 b9 aa 41 f7 d4 d6 0e Aug 26 18:33:39.928896: | 88 86 3d a4 0a e7 10 cb ca 22 42 8e f3 e6 34 73 Aug 26 18:33:39.928897: | 3a c3 ec 81 d7 5b 97 b3 51 72 e7 84 84 6b 13 71 Aug 26 18:33:39.928899: | e7 a9 cf 23 a4 b2 73 67 0c dd d2 e4 87 cb cc bb Aug 26 18:33:39.928900: | ee d2 0a b4 d0 bf 3f 90 d5 1f 6f 22 d5 ed 3f ba Aug 26 18:33:39.928902: | bb cc 43 3b a8 99 b0 d7 b3 26 42 16 5d 94 ce d1 Aug 26 18:33:39.928903: | 7f 14 6d 8e 69 f5 2e 61 15 48 c2 27 84 f4 76 36 Aug 26 18:33:39.928905: | 52 a3 33 f6 d4 b0 a8 c7 44 8c 35 3c fd 97 8d ae Aug 26 18:33:39.928906: | fb 23 22 81 01 f9 da a5 fd 90 55 b6 a5 4f f2 e2 Aug 26 18:33:39.928908: | 5a 4e 8e da 34 4b 6c 7a 29 61 52 80 be 0e 03 f4 Aug 26 18:33:39.928909: | 1d 66 33 38 4b a9 97 05 54 6c e8 67 04 aa a7 f6 Aug 26 18:33:39.928911: | f1 d3 c9 de cd 63 54 49 82 02 d1 38 f8 3a c6 75 Aug 26 18:33:39.928912: | 02 eb 7d d8 02 c7 8a d9 1a 18 16 83 c9 60 67 9e Aug 26 18:33:39.928914: | cd 43 df 34 68 6e a4 90 42 f1 01 9a ae 5a fa a1 Aug 26 18:33:39.928915: | 29 7b 39 4f 9c a1 6c 5f a4 93 09 fe e7 07 87 01 Aug 26 18:33:39.928917: | e6 65 0a ad 2f c4 70 c3 12 7a b9 e9 27 b1 c2 e3 Aug 26 18:33:39.928918: | 8a 4e 4a 7b e9 7b 0a 0d 98 0a f4 81 Aug 26 18:33:39.928922: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 18:33:39.928925: | **parse ISAKMP Message: Aug 26 18:33:39.928927: | initiator cookie: Aug 26 18:33:39.928928: | b4 b9 92 b1 8c d6 51 ed Aug 26 18:33:39.928930: | responder cookie: Aug 26 18:33:39.928931: | 11 de db 08 7f 65 6e 7d Aug 26 18:33:39.928933: | next payload type: ISAKMP_NEXT_HASH (0x8) Aug 26 18:33:39.928935: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 18:33:39.928937: | exchange type: ISAKMP_XCHG_QUICK (0x20) Aug 26 18:33:39.928939: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 18:33:39.928940: | Message ID: 2027435032 (0x78d83418) Aug 26 18:33:39.928942: | length: 460 (0x1cc) Aug 26 18:33:39.928944: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32) Aug 26 18:33:39.928947: | State DB: found IKEv1 state #5 in QUICK_I1 (find_state_ikev1) Aug 26 18:33:39.928951: | start processing: state #5 connection "north-dpd/0x1" from 192.1.2.23 (in process_v1_packet() at ikev1.c:1633) Aug 26 18:33:39.928953: | #5 is idle Aug 26 18:33:39.928954: | #5 idle Aug 26 18:33:39.928957: | "north-dpd/0x1" #5: discarding duplicate packet; already STATE_QUICK_I1; replied=F retransmit_on_duplicate=F Aug 26 18:33:39.928960: | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) Aug 26 18:33:39.928963: | stop processing: state #5 connection "north-dpd/0x1" from 192.1.2.23 (in process_md() at demux.c:382) Aug 26 18:33:39.928965: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 18:33:39.928968: | spent 0.132 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:33:40.178262: | timer_event_cb: processing event@0x55a94fbca6b8 Aug 26 18:33:40.178276: | handling event EVENT_DPD for child state #6 Aug 26 18:33:40.178283: | start processing: state #6 connection "north-dpd/0x1" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 18:33:40.178287: | [RE]START processing: state #6 connection "north-dpd/0x1" from 192.1.2.23 (in dpd_event() at ikev1_dpd.c:360) Aug 26 18:33:40.178309: | FOR_EACH_STATE_... in find_phase1_state Aug 26 18:33:40.178314: | DPD: no need to send or schedule DPD for replaced IPsec SA Aug 26 18:33:40.178317: | libevent_free: release ptr-libevent@0x55a94fbc3148 Aug 26 18:33:40.178320: | free_event_entry: release EVENT_DPD-pe@0x55a94fbca6b8 Aug 26 18:33:40.178326: | #6 spent 0.0632 milliseconds in timer_event_cb() EVENT_DPD Aug 26 18:33:40.178332: | stop processing: state #6 connection "north-dpd/0x1" from 192.1.2.23 (in timer_event_cb() at timer.c:557) Aug 26 18:33:40.425718: | spent 0.00313 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:33:40.425744: | *received 460 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 18:33:40.425748: | b4 b9 92 b1 8c d6 51 ed 11 de db 08 7f 65 6e 7d Aug 26 18:33:40.425750: | 08 10 20 01 b6 39 03 a6 00 00 01 cc fc c3 8f 1b Aug 26 18:33:40.425752: | 2e 15 81 44 14 2d 3a a1 34 d3 55 d4 b3 cd bb 21 Aug 26 18:33:40.425754: | 77 8b 76 93 ac f0 77 b2 bd 6a 25 8f 46 9a a0 50 Aug 26 18:33:40.425756: | 3e 1e 1b 7d 0e 13 69 9d e7 06 23 f1 63 9a 34 d3 Aug 26 18:33:40.425758: | f3 13 e8 34 81 4d 13 76 5b c9 91 75 f9 cf 31 4c Aug 26 18:33:40.425760: | 5a 69 ae 18 d9 25 88 dc 66 0c 28 cb 61 df 2c db Aug 26 18:33:40.425762: | 1c 20 6e f4 95 dc 7f 89 f9 35 6d f5 14 e4 ff 04 Aug 26 18:33:40.425764: | 3b 21 45 db 20 7c a5 0e 3c 24 b9 0e 04 21 ec 45 Aug 26 18:33:40.425766: | 9a 50 40 b1 51 4d bd ba 4f 88 9c de 30 dd 3e 38 Aug 26 18:33:40.425768: | 94 b8 7c ed 96 9d 2f 7a f5 14 7f 86 f4 26 4a cb Aug 26 18:33:40.425770: | 67 2e ef 16 8f 69 4d 87 aa f6 9c 0d ce b6 6b d7 Aug 26 18:33:40.425772: | db 20 18 96 8d fa e3 e5 49 8a 33 cd 28 52 f2 03 Aug 26 18:33:40.425774: | 0e 6c ef 26 4f ea 28 40 4b a3 2e 99 03 d5 ae b7 Aug 26 18:33:40.425775: | 51 91 17 1b db 22 49 6b cf ba f6 64 c1 8a 82 2e Aug 26 18:33:40.425777: | 13 3a e7 31 5b 22 89 02 1e 40 c6 ee 29 31 0d 29 Aug 26 18:33:40.425779: | b8 8d c9 5f 14 f9 be b3 68 51 4a 1a b3 e6 04 ed Aug 26 18:33:40.425781: | 76 15 c9 cb 54 b2 2b 9b 0e a8 e3 ac 96 e7 d7 3f Aug 26 18:33:40.425783: | ad a4 50 1a 1d f6 2d 5a dd ad 4f b3 83 9f 77 23 Aug 26 18:33:40.425785: | 62 63 a2 ad a4 7e cc da 14 d6 f4 82 d5 7d 2b fe Aug 26 18:33:40.425787: | 97 60 97 f3 ab 50 ed ea 65 ca 45 b8 79 ec dc e1 Aug 26 18:33:40.425789: | dd 1a a6 e4 90 71 e8 7a 54 15 08 9f 3d a4 d2 a9 Aug 26 18:33:40.425791: | bc a5 a3 57 30 87 93 20 ed 57 f5 fb 02 f4 b3 34 Aug 26 18:33:40.425793: | 4b d9 c1 01 ab 2f c4 26 a1 5b b5 e8 9b ec cd 37 Aug 26 18:33:40.425795: | 08 44 7e 37 e7 7c 5f 2e 6f 49 74 78 19 65 72 d8 Aug 26 18:33:40.425797: | b9 fb 70 c9 55 e0 e6 84 24 3f 42 38 3b 6d d8 9c Aug 26 18:33:40.425799: | d3 b0 45 10 71 0d 79 75 0c f7 d4 c7 2c ea 36 29 Aug 26 18:33:40.425801: | 90 e6 91 37 a0 61 2c ab 2c d7 66 93 d2 cd e4 c9 Aug 26 18:33:40.425803: | 58 24 3e 35 3a 25 64 15 eb 8e 6b c9 Aug 26 18:33:40.425807: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 18:33:40.425810: | **parse ISAKMP Message: Aug 26 18:33:40.425813: | initiator cookie: Aug 26 18:33:40.425815: | b4 b9 92 b1 8c d6 51 ed Aug 26 18:33:40.425817: | responder cookie: Aug 26 18:33:40.425819: | 11 de db 08 7f 65 6e 7d Aug 26 18:33:40.425822: | next payload type: ISAKMP_NEXT_HASH (0x8) Aug 26 18:33:40.425824: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 18:33:40.425826: | exchange type: ISAKMP_XCHG_QUICK (0x20) Aug 26 18:33:40.425829: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 18:33:40.425831: | Message ID: 3057189798 (0xb63903a6) Aug 26 18:33:40.425833: | length: 460 (0x1cc) Aug 26 18:33:40.425836: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32) Aug 26 18:33:40.425840: | State DB: found IKEv1 state #4 in QUICK_I1 (find_state_ikev1) Aug 26 18:33:40.425844: | start processing: state #4 connection "north-dpd/0x2" from 192.1.2.23 (in process_v1_packet() at ikev1.c:1633) Aug 26 18:33:40.425847: | #4 is idle Aug 26 18:33:40.425849: | #4 idle Aug 26 18:33:40.425853: | "north-dpd/0x2" #4: discarding duplicate packet; already STATE_QUICK_I1; replied=F retransmit_on_duplicate=F Aug 26 18:33:40.425856: | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) Aug 26 18:33:40.425860: | stop processing: state #4 connection "north-dpd/0x2" from 192.1.2.23 (in process_md() at demux.c:382) Aug 26 18:33:40.425866: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 18:33:40.425870: | spent 0.136 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:33:40.430074: | spent 0.00328 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:33:40.430099: | *received 460 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 18:33:40.430102: | b4 b9 92 b1 8c d6 51 ed 11 de db 08 7f 65 6e 7d Aug 26 18:33:40.430104: | 08 10 20 01 78 d8 34 18 00 00 01 cc a3 5a 90 15 Aug 26 18:33:40.430106: | 6a 26 b4 ac cb 38 13 42 12 da f7 37 61 8e e3 26 Aug 26 18:33:40.430108: | 4a e8 57 8f 42 3a d5 17 74 ac 6e 21 3b b9 55 84 Aug 26 18:33:40.430110: | 27 a7 db 5a 64 ee 2e 76 45 a9 96 69 51 ee 23 d3 Aug 26 18:33:40.430112: | fb 42 f2 81 c1 1a 31 87 f3 09 d3 de 29 2d e6 d2 Aug 26 18:33:40.430114: | c3 d6 d0 dd 21 ee 37 fd 0c 70 14 f5 57 fb 00 c3 Aug 26 18:33:40.430116: | 5e 2d 67 50 8e f6 28 ab 21 06 7a 98 23 cf a3 ee Aug 26 18:33:40.430118: | b2 91 d4 75 79 26 18 9c f0 4a c9 cf 96 58 e9 f5 Aug 26 18:33:40.430120: | 8a ff f8 f2 1e 3d e2 fb a2 34 32 07 be 6c 55 8e Aug 26 18:33:40.430122: | 08 6b f5 67 87 b2 52 71 93 e0 5e d3 c5 f6 27 82 Aug 26 18:33:40.430124: | 93 68 00 73 1b ee 67 f4 fb 12 01 4e 7e cb ee cf Aug 26 18:33:40.430126: | 55 3a 59 b0 af f0 e6 bb b8 b9 aa 41 f7 d4 d6 0e Aug 26 18:33:40.430128: | 88 86 3d a4 0a e7 10 cb ca 22 42 8e f3 e6 34 73 Aug 26 18:33:40.430130: | 3a c3 ec 81 d7 5b 97 b3 51 72 e7 84 84 6b 13 71 Aug 26 18:33:40.430132: | e7 a9 cf 23 a4 b2 73 67 0c dd d2 e4 87 cb cc bb Aug 26 18:33:40.430134: | ee d2 0a b4 d0 bf 3f 90 d5 1f 6f 22 d5 ed 3f ba Aug 26 18:33:40.430136: | bb cc 43 3b a8 99 b0 d7 b3 26 42 16 5d 94 ce d1 Aug 26 18:33:40.430138: | 7f 14 6d 8e 69 f5 2e 61 15 48 c2 27 84 f4 76 36 Aug 26 18:33:40.430140: | 52 a3 33 f6 d4 b0 a8 c7 44 8c 35 3c fd 97 8d ae Aug 26 18:33:40.430142: | fb 23 22 81 01 f9 da a5 fd 90 55 b6 a5 4f f2 e2 Aug 26 18:33:40.430144: | 5a 4e 8e da 34 4b 6c 7a 29 61 52 80 be 0e 03 f4 Aug 26 18:33:40.430146: | 1d 66 33 38 4b a9 97 05 54 6c e8 67 04 aa a7 f6 Aug 26 18:33:40.430148: | f1 d3 c9 de cd 63 54 49 82 02 d1 38 f8 3a c6 75 Aug 26 18:33:40.430150: | 02 eb 7d d8 02 c7 8a d9 1a 18 16 83 c9 60 67 9e Aug 26 18:33:40.430152: | cd 43 df 34 68 6e a4 90 42 f1 01 9a ae 5a fa a1 Aug 26 18:33:40.430154: | 29 7b 39 4f 9c a1 6c 5f a4 93 09 fe e7 07 87 01 Aug 26 18:33:40.430155: | e6 65 0a ad 2f c4 70 c3 12 7a b9 e9 27 b1 c2 e3 Aug 26 18:33:40.430157: | 8a 4e 4a 7b e9 7b 0a 0d 98 0a f4 81 Aug 26 18:33:40.430161: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 18:33:40.430165: | **parse ISAKMP Message: Aug 26 18:33:40.430168: | initiator cookie: Aug 26 18:33:40.430170: | b4 b9 92 b1 8c d6 51 ed Aug 26 18:33:40.430172: | responder cookie: Aug 26 18:33:40.430174: | 11 de db 08 7f 65 6e 7d Aug 26 18:33:40.430176: | next payload type: ISAKMP_NEXT_HASH (0x8) Aug 26 18:33:40.430179: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 18:33:40.430181: | exchange type: ISAKMP_XCHG_QUICK (0x20) Aug 26 18:33:40.430183: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 18:33:40.430185: | Message ID: 2027435032 (0x78d83418) Aug 26 18:33:40.430188: | length: 460 (0x1cc) Aug 26 18:33:40.430190: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32) Aug 26 18:33:40.430194: | State DB: found IKEv1 state #5 in QUICK_I1 (find_state_ikev1) Aug 26 18:33:40.430199: | start processing: state #5 connection "north-dpd/0x1" from 192.1.2.23 (in process_v1_packet() at ikev1.c:1633) Aug 26 18:33:40.430201: | #5 is idle Aug 26 18:33:40.430203: | #5 idle Aug 26 18:33:40.430207: | "north-dpd/0x1" #5: discarding duplicate packet; already STATE_QUICK_I1; replied=F retransmit_on_duplicate=F Aug 26 18:33:40.430210: | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) Aug 26 18:33:40.430217: | stop processing: state #5 connection "north-dpd/0x1" from 192.1.2.23 (in process_md() at demux.c:382) Aug 26 18:33:40.430220: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 18:33:40.430224: | spent 0.135 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:33:41.427978: | spent 0.00863 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:33:41.428049: | *received 460 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 18:33:41.428065: | b4 b9 92 b1 8c d6 51 ed 11 de db 08 7f 65 6e 7d Aug 26 18:33:41.428075: | 08 10 20 01 b6 39 03 a6 00 00 01 cc fc c3 8f 1b Aug 26 18:33:41.428083: | 2e 15 81 44 14 2d 3a a1 34 d3 55 d4 b3 cd bb 21 Aug 26 18:33:41.428092: | 77 8b 76 93 ac f0 77 b2 bd 6a 25 8f 46 9a a0 50 Aug 26 18:33:41.428100: | 3e 1e 1b 7d 0e 13 69 9d e7 06 23 f1 63 9a 34 d3 Aug 26 18:33:41.428109: | f3 13 e8 34 81 4d 13 76 5b c9 91 75 f9 cf 31 4c Aug 26 18:33:41.428118: | 5a 69 ae 18 d9 25 88 dc 66 0c 28 cb 61 df 2c db Aug 26 18:33:41.428126: | 1c 20 6e f4 95 dc 7f 89 f9 35 6d f5 14 e4 ff 04 Aug 26 18:33:41.428135: | 3b 21 45 db 20 7c a5 0e 3c 24 b9 0e 04 21 ec 45 Aug 26 18:33:41.428143: | 9a 50 40 b1 51 4d bd ba 4f 88 9c de 30 dd 3e 38 Aug 26 18:33:41.428151: | 94 b8 7c ed 96 9d 2f 7a f5 14 7f 86 f4 26 4a cb Aug 26 18:33:41.428160: | 67 2e ef 16 8f 69 4d 87 aa f6 9c 0d ce b6 6b d7 Aug 26 18:33:41.428169: | db 20 18 96 8d fa e3 e5 49 8a 33 cd 28 52 f2 03 Aug 26 18:33:41.428177: | 0e 6c ef 26 4f ea 28 40 4b a3 2e 99 03 d5 ae b7 Aug 26 18:33:41.428186: | 51 91 17 1b db 22 49 6b cf ba f6 64 c1 8a 82 2e Aug 26 18:33:41.428194: | 13 3a e7 31 5b 22 89 02 1e 40 c6 ee 29 31 0d 29 Aug 26 18:33:41.428202: | b8 8d c9 5f 14 f9 be b3 68 51 4a 1a b3 e6 04 ed Aug 26 18:33:41.428211: | 76 15 c9 cb 54 b2 2b 9b 0e a8 e3 ac 96 e7 d7 3f Aug 26 18:33:41.428220: | ad a4 50 1a 1d f6 2d 5a dd ad 4f b3 83 9f 77 23 Aug 26 18:33:41.428228: | 62 63 a2 ad a4 7e cc da 14 d6 f4 82 d5 7d 2b fe Aug 26 18:33:41.428237: | 97 60 97 f3 ab 50 ed ea 65 ca 45 b8 79 ec dc e1 Aug 26 18:33:41.428246: | dd 1a a6 e4 90 71 e8 7a 54 15 08 9f 3d a4 d2 a9 Aug 26 18:33:41.428254: | bc a5 a3 57 30 87 93 20 ed 57 f5 fb 02 f4 b3 34 Aug 26 18:33:41.428262: | 4b d9 c1 01 ab 2f c4 26 a1 5b b5 e8 9b ec cd 37 Aug 26 18:33:41.428271: | 08 44 7e 37 e7 7c 5f 2e 6f 49 74 78 19 65 72 d8 Aug 26 18:33:41.428280: | b9 fb 70 c9 55 e0 e6 84 24 3f 42 38 3b 6d d8 9c Aug 26 18:33:41.428312: | d3 b0 45 10 71 0d 79 75 0c f7 d4 c7 2c ea 36 29 Aug 26 18:33:41.428330: | 90 e6 91 37 a0 61 2c ab 2c d7 66 93 d2 cd e4 c9 Aug 26 18:33:41.428340: | 58 24 3e 35 3a 25 64 15 eb 8e 6b c9 Aug 26 18:33:41.428357: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 18:33:41.428371: | **parse ISAKMP Message: Aug 26 18:33:41.428382: | initiator cookie: Aug 26 18:33:41.428390: | b4 b9 92 b1 8c d6 51 ed Aug 26 18:33:41.428400: | responder cookie: Aug 26 18:33:41.428408: | 11 de db 08 7f 65 6e 7d Aug 26 18:33:41.428418: | next payload type: ISAKMP_NEXT_HASH (0x8) Aug 26 18:33:41.428427: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 18:33:41.428436: | exchange type: ISAKMP_XCHG_QUICK (0x20) Aug 26 18:33:41.428445: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 18:33:41.428458: | Message ID: 3057189798 (0xb63903a6) Aug 26 18:33:41.428477: | length: 460 (0x1cc) Aug 26 18:33:41.428491: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32) Aug 26 18:33:41.428507: | State DB: found IKEv1 state #4 in QUICK_I1 (find_state_ikev1) Aug 26 18:33:41.428531: | start processing: state #4 connection "north-dpd/0x2" from 192.1.2.23 (in process_v1_packet() at ikev1.c:1633) Aug 26 18:33:41.428542: | #4 is idle Aug 26 18:33:41.428550: | #4 idle Aug 26 18:33:41.428566: | "north-dpd/0x2" #4: discarding duplicate packet; already STATE_QUICK_I1; replied=F retransmit_on_duplicate=F Aug 26 18:33:41.428596: | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) Aug 26 18:33:41.428619: | stop processing: state #4 connection "north-dpd/0x2" from 192.1.2.23 (in process_md() at demux.c:382) Aug 26 18:33:41.428635: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 18:33:41.428657: | spent 0.611 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:33:41.431449: | spent 0.00544 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:33:41.431491: | *received 460 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 18:33:41.431498: | b4 b9 92 b1 8c d6 51 ed 11 de db 08 7f 65 6e 7d Aug 26 18:33:41.431503: | 08 10 20 01 78 d8 34 18 00 00 01 cc a3 5a 90 15 Aug 26 18:33:41.431507: | 6a 26 b4 ac cb 38 13 42 12 da f7 37 61 8e e3 26 Aug 26 18:33:41.431510: | 4a e8 57 8f 42 3a d5 17 74 ac 6e 21 3b b9 55 84 Aug 26 18:33:41.431514: | 27 a7 db 5a 64 ee 2e 76 45 a9 96 69 51 ee 23 d3 Aug 26 18:33:41.431518: | fb 42 f2 81 c1 1a 31 87 f3 09 d3 de 29 2d e6 d2 Aug 26 18:33:41.431522: | c3 d6 d0 dd 21 ee 37 fd 0c 70 14 f5 57 fb 00 c3 Aug 26 18:33:41.431526: | 5e 2d 67 50 8e f6 28 ab 21 06 7a 98 23 cf a3 ee Aug 26 18:33:41.431529: | b2 91 d4 75 79 26 18 9c f0 4a c9 cf 96 58 e9 f5 Aug 26 18:33:41.431533: | 8a ff f8 f2 1e 3d e2 fb a2 34 32 07 be 6c 55 8e Aug 26 18:33:41.431537: | 08 6b f5 67 87 b2 52 71 93 e0 5e d3 c5 f6 27 82 Aug 26 18:33:41.431541: | 93 68 00 73 1b ee 67 f4 fb 12 01 4e 7e cb ee cf Aug 26 18:33:41.431545: | 55 3a 59 b0 af f0 e6 bb b8 b9 aa 41 f7 d4 d6 0e Aug 26 18:33:41.431548: | 88 86 3d a4 0a e7 10 cb ca 22 42 8e f3 e6 34 73 Aug 26 18:33:41.431552: | 3a c3 ec 81 d7 5b 97 b3 51 72 e7 84 84 6b 13 71 Aug 26 18:33:41.431556: | e7 a9 cf 23 a4 b2 73 67 0c dd d2 e4 87 cb cc bb Aug 26 18:33:41.431560: | ee d2 0a b4 d0 bf 3f 90 d5 1f 6f 22 d5 ed 3f ba Aug 26 18:33:41.431563: | bb cc 43 3b a8 99 b0 d7 b3 26 42 16 5d 94 ce d1 Aug 26 18:33:41.431567: | 7f 14 6d 8e 69 f5 2e 61 15 48 c2 27 84 f4 76 36 Aug 26 18:33:41.431571: | 52 a3 33 f6 d4 b0 a8 c7 44 8c 35 3c fd 97 8d ae Aug 26 18:33:41.431575: | fb 23 22 81 01 f9 da a5 fd 90 55 b6 a5 4f f2 e2 Aug 26 18:33:41.431579: | 5a 4e 8e da 34 4b 6c 7a 29 61 52 80 be 0e 03 f4 Aug 26 18:33:41.431582: | 1d 66 33 38 4b a9 97 05 54 6c e8 67 04 aa a7 f6 Aug 26 18:33:41.431586: | f1 d3 c9 de cd 63 54 49 82 02 d1 38 f8 3a c6 75 Aug 26 18:33:41.431590: | 02 eb 7d d8 02 c7 8a d9 1a 18 16 83 c9 60 67 9e Aug 26 18:33:41.431594: | cd 43 df 34 68 6e a4 90 42 f1 01 9a ae 5a fa a1 Aug 26 18:33:41.431598: | 29 7b 39 4f 9c a1 6c 5f a4 93 09 fe e7 07 87 01 Aug 26 18:33:41.431601: | e6 65 0a ad 2f c4 70 c3 12 7a b9 e9 27 b1 c2 e3 Aug 26 18:33:41.431605: | 8a 4e 4a 7b e9 7b 0a 0d 98 0a f4 81 Aug 26 18:33:41.431613: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 18:33:41.431619: | **parse ISAKMP Message: Aug 26 18:33:41.431624: | initiator cookie: Aug 26 18:33:41.431628: | b4 b9 92 b1 8c d6 51 ed Aug 26 18:33:41.431632: | responder cookie: Aug 26 18:33:41.431635: | 11 de db 08 7f 65 6e 7d Aug 26 18:33:41.431640: | next payload type: ISAKMP_NEXT_HASH (0x8) Aug 26 18:33:41.431644: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 18:33:41.431649: | exchange type: ISAKMP_XCHG_QUICK (0x20) Aug 26 18:33:41.431653: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 18:33:41.431658: | Message ID: 2027435032 (0x78d83418) Aug 26 18:33:41.431662: | length: 460 (0x1cc) Aug 26 18:33:41.431667: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32) Aug 26 18:33:41.431673: | State DB: found IKEv1 state #5 in QUICK_I1 (find_state_ikev1) Aug 26 18:33:41.431682: | start processing: state #5 connection "north-dpd/0x1" from 192.1.2.23 (in process_v1_packet() at ikev1.c:1633) Aug 26 18:33:41.431686: | #5 is idle Aug 26 18:33:41.431690: | #5 idle Aug 26 18:33:41.431697: | "north-dpd/0x1" #5: discarding duplicate packet; already STATE_QUICK_I1; replied=F retransmit_on_duplicate=F Aug 26 18:33:41.431708: | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) Aug 26 18:33:41.431716: | stop processing: state #5 connection "north-dpd/0x1" from 192.1.2.23 (in process_md() at demux.c:382) Aug 26 18:33:41.431721: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 18:33:41.431729: | spent 0.253 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:33:43.432264: | spent 0.0107 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:33:43.432395: | *received 460 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 18:33:43.432417: | b4 b9 92 b1 8c d6 51 ed 11 de db 08 7f 65 6e 7d Aug 26 18:33:43.432426: | 08 10 20 01 b6 39 03 a6 00 00 01 cc fc c3 8f 1b Aug 26 18:33:43.432433: | 2e 15 81 44 14 2d 3a a1 34 d3 55 d4 b3 cd bb 21 Aug 26 18:33:43.432441: | 77 8b 76 93 ac f0 77 b2 bd 6a 25 8f 46 9a a0 50 Aug 26 18:33:43.432448: | 3e 1e 1b 7d 0e 13 69 9d e7 06 23 f1 63 9a 34 d3 Aug 26 18:33:43.432456: | f3 13 e8 34 81 4d 13 76 5b c9 91 75 f9 cf 31 4c Aug 26 18:33:43.432463: | 5a 69 ae 18 d9 25 88 dc 66 0c 28 cb 61 df 2c db Aug 26 18:33:43.432470: | 1c 20 6e f4 95 dc 7f 89 f9 35 6d f5 14 e4 ff 04 Aug 26 18:33:43.432478: | 3b 21 45 db 20 7c a5 0e 3c 24 b9 0e 04 21 ec 45 Aug 26 18:33:43.432485: | 9a 50 40 b1 51 4d bd ba 4f 88 9c de 30 dd 3e 38 Aug 26 18:33:43.432492: | 94 b8 7c ed 96 9d 2f 7a f5 14 7f 86 f4 26 4a cb Aug 26 18:33:43.432500: | 67 2e ef 16 8f 69 4d 87 aa f6 9c 0d ce b6 6b d7 Aug 26 18:33:43.432507: | db 20 18 96 8d fa e3 e5 49 8a 33 cd 28 52 f2 03 Aug 26 18:33:43.432515: | 0e 6c ef 26 4f ea 28 40 4b a3 2e 99 03 d5 ae b7 Aug 26 18:33:43.432522: | 51 91 17 1b db 22 49 6b cf ba f6 64 c1 8a 82 2e Aug 26 18:33:43.432529: | 13 3a e7 31 5b 22 89 02 1e 40 c6 ee 29 31 0d 29 Aug 26 18:33:43.432537: | b8 8d c9 5f 14 f9 be b3 68 51 4a 1a b3 e6 04 ed Aug 26 18:33:43.432544: | 76 15 c9 cb 54 b2 2b 9b 0e a8 e3 ac 96 e7 d7 3f Aug 26 18:33:43.432551: | ad a4 50 1a 1d f6 2d 5a dd ad 4f b3 83 9f 77 23 Aug 26 18:33:43.432559: | 62 63 a2 ad a4 7e cc da 14 d6 f4 82 d5 7d 2b fe Aug 26 18:33:43.432566: | 97 60 97 f3 ab 50 ed ea 65 ca 45 b8 79 ec dc e1 Aug 26 18:33:43.432573: | dd 1a a6 e4 90 71 e8 7a 54 15 08 9f 3d a4 d2 a9 Aug 26 18:33:43.432581: | bc a5 a3 57 30 87 93 20 ed 57 f5 fb 02 f4 b3 34 Aug 26 18:33:43.432588: | 4b d9 c1 01 ab 2f c4 26 a1 5b b5 e8 9b ec cd 37 Aug 26 18:33:43.432595: | 08 44 7e 37 e7 7c 5f 2e 6f 49 74 78 19 65 72 d8 Aug 26 18:33:43.432603: | b9 fb 70 c9 55 e0 e6 84 24 3f 42 38 3b 6d d8 9c Aug 26 18:33:43.432610: | d3 b0 45 10 71 0d 79 75 0c f7 d4 c7 2c ea 36 29 Aug 26 18:33:43.432618: | 90 e6 91 37 a0 61 2c ab 2c d7 66 93 d2 cd e4 c9 Aug 26 18:33:43.432625: | 58 24 3e 35 3a 25 64 15 eb 8e 6b c9 Aug 26 18:33:43.432639: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 18:33:43.432651: | **parse ISAKMP Message: Aug 26 18:33:43.432660: | initiator cookie: Aug 26 18:33:43.432668: | b4 b9 92 b1 8c d6 51 ed Aug 26 18:33:43.432675: | responder cookie: Aug 26 18:33:43.432682: | 11 de db 08 7f 65 6e 7d Aug 26 18:33:43.432691: | next payload type: ISAKMP_NEXT_HASH (0x8) Aug 26 18:33:43.432700: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 18:33:43.432708: | exchange type: ISAKMP_XCHG_QUICK (0x20) Aug 26 18:33:43.432717: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 18:33:43.432726: | Message ID: 3057189798 (0xb63903a6) Aug 26 18:33:43.432734: | length: 460 (0x1cc) Aug 26 18:33:43.432743: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32) Aug 26 18:33:43.432756: | State DB: found IKEv1 state #4 in QUICK_I1 (find_state_ikev1) Aug 26 18:33:43.432772: | start processing: state #4 connection "north-dpd/0x2" from 192.1.2.23 (in process_v1_packet() at ikev1.c:1633) Aug 26 18:33:43.432794: | #4 is idle Aug 26 18:33:43.432802: | #4 idle Aug 26 18:33:43.432815: | "north-dpd/0x2" #4: discarding duplicate packet; already STATE_QUICK_I1; replied=F retransmit_on_duplicate=F Aug 26 18:33:43.432829: | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) Aug 26 18:33:43.432844: | stop processing: state #4 connection "north-dpd/0x2" from 192.1.2.23 (in process_md() at demux.c:382) Aug 26 18:33:43.432854: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 18:33:43.432870: | spent 0.506 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:33:43.432899: | spent 0.00578 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:33:43.432926: | *received 460 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 18:33:43.432936: | b4 b9 92 b1 8c d6 51 ed 11 de db 08 7f 65 6e 7d Aug 26 18:33:43.432943: | 08 10 20 01 78 d8 34 18 00 00 01 cc a3 5a 90 15 Aug 26 18:33:43.432951: | 6a 26 b4 ac cb 38 13 42 12 da f7 37 61 8e e3 26 Aug 26 18:33:43.432958: | 4a e8 57 8f 42 3a d5 17 74 ac 6e 21 3b b9 55 84 Aug 26 18:33:43.432966: | 27 a7 db 5a 64 ee 2e 76 45 a9 96 69 51 ee 23 d3 Aug 26 18:33:43.432973: | fb 42 f2 81 c1 1a 31 87 f3 09 d3 de 29 2d e6 d2 Aug 26 18:33:43.432980: | c3 d6 d0 dd 21 ee 37 fd 0c 70 14 f5 57 fb 00 c3 Aug 26 18:33:43.432988: | 5e 2d 67 50 8e f6 28 ab 21 06 7a 98 23 cf a3 ee Aug 26 18:33:43.432995: | b2 91 d4 75 79 26 18 9c f0 4a c9 cf 96 58 e9 f5 Aug 26 18:33:43.433002: | 8a ff f8 f2 1e 3d e2 fb a2 34 32 07 be 6c 55 8e Aug 26 18:33:43.433010: | 08 6b f5 67 87 b2 52 71 93 e0 5e d3 c5 f6 27 82 Aug 26 18:33:43.433017: | 93 68 00 73 1b ee 67 f4 fb 12 01 4e 7e cb ee cf Aug 26 18:33:43.433024: | 55 3a 59 b0 af f0 e6 bb b8 b9 aa 41 f7 d4 d6 0e Aug 26 18:33:43.433032: | 88 86 3d a4 0a e7 10 cb ca 22 42 8e f3 e6 34 73 Aug 26 18:33:43.433039: | 3a c3 ec 81 d7 5b 97 b3 51 72 e7 84 84 6b 13 71 Aug 26 18:33:43.433046: | e7 a9 cf 23 a4 b2 73 67 0c dd d2 e4 87 cb cc bb Aug 26 18:33:43.433054: | ee d2 0a b4 d0 bf 3f 90 d5 1f 6f 22 d5 ed 3f ba Aug 26 18:33:43.433061: | bb cc 43 3b a8 99 b0 d7 b3 26 42 16 5d 94 ce d1 Aug 26 18:33:43.433068: | 7f 14 6d 8e 69 f5 2e 61 15 48 c2 27 84 f4 76 36 Aug 26 18:33:43.433076: | 52 a3 33 f6 d4 b0 a8 c7 44 8c 35 3c fd 97 8d ae Aug 26 18:33:43.433083: | fb 23 22 81 01 f9 da a5 fd 90 55 b6 a5 4f f2 e2 Aug 26 18:33:43.433090: | 5a 4e 8e da 34 4b 6c 7a 29 61 52 80 be 0e 03 f4 Aug 26 18:33:43.433098: | 1d 66 33 38 4b a9 97 05 54 6c e8 67 04 aa a7 f6 Aug 26 18:33:43.433105: | f1 d3 c9 de cd 63 54 49 82 02 d1 38 f8 3a c6 75 Aug 26 18:33:43.433112: | 02 eb 7d d8 02 c7 8a d9 1a 18 16 83 c9 60 67 9e Aug 26 18:33:43.433120: | cd 43 df 34 68 6e a4 90 42 f1 01 9a ae 5a fa a1 Aug 26 18:33:43.433127: | 29 7b 39 4f 9c a1 6c 5f a4 93 09 fe e7 07 87 01 Aug 26 18:33:43.433134: | e6 65 0a ad 2f c4 70 c3 12 7a b9 e9 27 b1 c2 e3 Aug 26 18:33:43.433142: | 8a 4e 4a 7b e9 7b 0a 0d 98 0a f4 81 Aug 26 18:33:43.433154: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 18:33:43.433163: | **parse ISAKMP Message: Aug 26 18:33:43.433171: | initiator cookie: Aug 26 18:33:43.433178: | b4 b9 92 b1 8c d6 51 ed Aug 26 18:33:43.433186: | responder cookie: Aug 26 18:33:43.433193: | 11 de db 08 7f 65 6e 7d Aug 26 18:33:43.433201: | next payload type: ISAKMP_NEXT_HASH (0x8) Aug 26 18:33:43.433210: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 18:33:43.433218: | exchange type: ISAKMP_XCHG_QUICK (0x20) Aug 26 18:33:43.433226: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 18:33:43.433234: | Message ID: 2027435032 (0x78d83418) Aug 26 18:33:43.433241: | length: 460 (0x1cc) Aug 26 18:33:43.433250: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32) Aug 26 18:33:43.433260: | State DB: found IKEv1 state #5 in QUICK_I1 (find_state_ikev1) Aug 26 18:33:43.433274: | start processing: state #5 connection "north-dpd/0x1" from 192.1.2.23 (in process_v1_packet() at ikev1.c:1633) Aug 26 18:33:43.433287: | #5 is idle Aug 26 18:33:43.433315: | #5 idle Aug 26 18:33:43.433331: | "north-dpd/0x1" #5: discarding duplicate packet; already STATE_QUICK_I1; replied=F retransmit_on_duplicate=F Aug 26 18:33:43.433344: | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) Aug 26 18:33:43.433358: | stop processing: state #5 connection "north-dpd/0x1" from 192.1.2.23 (in process_md() at demux.c:382) Aug 26 18:33:43.433372: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 18:33:43.433387: | spent 0.462 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:33:47.436968: | spent 0.00294 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:33:47.436988: | *received 460 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 18:33:47.436991: | b4 b9 92 b1 8c d6 51 ed 11 de db 08 7f 65 6e 7d Aug 26 18:33:47.436993: | 08 10 20 01 b6 39 03 a6 00 00 01 cc fc c3 8f 1b Aug 26 18:33:47.436995: | 2e 15 81 44 14 2d 3a a1 34 d3 55 d4 b3 cd bb 21 Aug 26 18:33:47.436996: | 77 8b 76 93 ac f0 77 b2 bd 6a 25 8f 46 9a a0 50 Aug 26 18:33:47.436998: | 3e 1e 1b 7d 0e 13 69 9d e7 06 23 f1 63 9a 34 d3 Aug 26 18:33:47.436999: | f3 13 e8 34 81 4d 13 76 5b c9 91 75 f9 cf 31 4c Aug 26 18:33:47.437001: | 5a 69 ae 18 d9 25 88 dc 66 0c 28 cb 61 df 2c db Aug 26 18:33:47.437002: | 1c 20 6e f4 95 dc 7f 89 f9 35 6d f5 14 e4 ff 04 Aug 26 18:33:47.437004: | 3b 21 45 db 20 7c a5 0e 3c 24 b9 0e 04 21 ec 45 Aug 26 18:33:47.437005: | 9a 50 40 b1 51 4d bd ba 4f 88 9c de 30 dd 3e 38 Aug 26 18:33:47.437007: | 94 b8 7c ed 96 9d 2f 7a f5 14 7f 86 f4 26 4a cb Aug 26 18:33:47.437008: | 67 2e ef 16 8f 69 4d 87 aa f6 9c 0d ce b6 6b d7 Aug 26 18:33:47.437010: | db 20 18 96 8d fa e3 e5 49 8a 33 cd 28 52 f2 03 Aug 26 18:33:47.437011: | 0e 6c ef 26 4f ea 28 40 4b a3 2e 99 03 d5 ae b7 Aug 26 18:33:47.437013: | 51 91 17 1b db 22 49 6b cf ba f6 64 c1 8a 82 2e Aug 26 18:33:47.437014: | 13 3a e7 31 5b 22 89 02 1e 40 c6 ee 29 31 0d 29 Aug 26 18:33:47.437016: | b8 8d c9 5f 14 f9 be b3 68 51 4a 1a b3 e6 04 ed Aug 26 18:33:47.437017: | 76 15 c9 cb 54 b2 2b 9b 0e a8 e3 ac 96 e7 d7 3f Aug 26 18:33:47.437019: | ad a4 50 1a 1d f6 2d 5a dd ad 4f b3 83 9f 77 23 Aug 26 18:33:47.437020: | 62 63 a2 ad a4 7e cc da 14 d6 f4 82 d5 7d 2b fe Aug 26 18:33:47.437022: | 97 60 97 f3 ab 50 ed ea 65 ca 45 b8 79 ec dc e1 Aug 26 18:33:47.437023: | dd 1a a6 e4 90 71 e8 7a 54 15 08 9f 3d a4 d2 a9 Aug 26 18:33:47.437025: | bc a5 a3 57 30 87 93 20 ed 57 f5 fb 02 f4 b3 34 Aug 26 18:33:47.437027: | 4b d9 c1 01 ab 2f c4 26 a1 5b b5 e8 9b ec cd 37 Aug 26 18:33:47.437028: | 08 44 7e 37 e7 7c 5f 2e 6f 49 74 78 19 65 72 d8 Aug 26 18:33:47.437030: | b9 fb 70 c9 55 e0 e6 84 24 3f 42 38 3b 6d d8 9c Aug 26 18:33:47.437031: | d3 b0 45 10 71 0d 79 75 0c f7 d4 c7 2c ea 36 29 Aug 26 18:33:47.437033: | 90 e6 91 37 a0 61 2c ab 2c d7 66 93 d2 cd e4 c9 Aug 26 18:33:47.437034: | 58 24 3e 35 3a 25 64 15 eb 8e 6b c9 Aug 26 18:33:47.437037: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 18:33:47.437040: | **parse ISAKMP Message: Aug 26 18:33:47.437042: | initiator cookie: Aug 26 18:33:47.437044: | b4 b9 92 b1 8c d6 51 ed Aug 26 18:33:47.437045: | responder cookie: Aug 26 18:33:47.437047: | 11 de db 08 7f 65 6e 7d Aug 26 18:33:47.437049: | next payload type: ISAKMP_NEXT_HASH (0x8) Aug 26 18:33:47.437051: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 18:33:47.437053: | exchange type: ISAKMP_XCHG_QUICK (0x20) Aug 26 18:33:47.437054: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 18:33:47.437056: | Message ID: 3057189798 (0xb63903a6) Aug 26 18:33:47.437058: | length: 460 (0x1cc) Aug 26 18:33:47.437060: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32) Aug 26 18:33:47.437064: | State DB: found IKEv1 state #4 in QUICK_I1 (find_state_ikev1) Aug 26 18:33:47.437070: | start processing: state #4 connection "north-dpd/0x2" from 192.1.2.23 (in process_v1_packet() at ikev1.c:1633) Aug 26 18:33:47.437072: | #4 is idle Aug 26 18:33:47.437074: | #4 idle Aug 26 18:33:47.437077: | "north-dpd/0x2" #4: discarding duplicate packet; already STATE_QUICK_I1; replied=F retransmit_on_duplicate=F Aug 26 18:33:47.437080: | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) Aug 26 18:33:47.437096: | stop processing: state #4 connection "north-dpd/0x2" from 192.1.2.23 (in process_md() at demux.c:382) Aug 26 18:33:47.437098: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 18:33:47.437101: | spent 0.121 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:33:47.437107: | spent 0.00113 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:33:47.437113: | *received 460 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 18:33:47.437115: | b4 b9 92 b1 8c d6 51 ed 11 de db 08 7f 65 6e 7d Aug 26 18:33:47.437116: | 08 10 20 01 78 d8 34 18 00 00 01 cc a3 5a 90 15 Aug 26 18:33:47.437118: | 6a 26 b4 ac cb 38 13 42 12 da f7 37 61 8e e3 26 Aug 26 18:33:47.437119: | 4a e8 57 8f 42 3a d5 17 74 ac 6e 21 3b b9 55 84 Aug 26 18:33:47.437121: | 27 a7 db 5a 64 ee 2e 76 45 a9 96 69 51 ee 23 d3 Aug 26 18:33:47.437122: | fb 42 f2 81 c1 1a 31 87 f3 09 d3 de 29 2d e6 d2 Aug 26 18:33:47.437124: | c3 d6 d0 dd 21 ee 37 fd 0c 70 14 f5 57 fb 00 c3 Aug 26 18:33:47.437125: | 5e 2d 67 50 8e f6 28 ab 21 06 7a 98 23 cf a3 ee Aug 26 18:33:47.437126: | b2 91 d4 75 79 26 18 9c f0 4a c9 cf 96 58 e9 f5 Aug 26 18:33:47.437128: | 8a ff f8 f2 1e 3d e2 fb a2 34 32 07 be 6c 55 8e Aug 26 18:33:47.437129: | 08 6b f5 67 87 b2 52 71 93 e0 5e d3 c5 f6 27 82 Aug 26 18:33:47.437131: | 93 68 00 73 1b ee 67 f4 fb 12 01 4e 7e cb ee cf Aug 26 18:33:47.437132: | 55 3a 59 b0 af f0 e6 bb b8 b9 aa 41 f7 d4 d6 0e Aug 26 18:33:47.437134: | 88 86 3d a4 0a e7 10 cb ca 22 42 8e f3 e6 34 73 Aug 26 18:33:47.437135: | 3a c3 ec 81 d7 5b 97 b3 51 72 e7 84 84 6b 13 71 Aug 26 18:33:47.437137: | e7 a9 cf 23 a4 b2 73 67 0c dd d2 e4 87 cb cc bb Aug 26 18:33:47.437138: | ee d2 0a b4 d0 bf 3f 90 d5 1f 6f 22 d5 ed 3f ba Aug 26 18:33:47.437140: | bb cc 43 3b a8 99 b0 d7 b3 26 42 16 5d 94 ce d1 Aug 26 18:33:47.437141: | 7f 14 6d 8e 69 f5 2e 61 15 48 c2 27 84 f4 76 36 Aug 26 18:33:47.437143: | 52 a3 33 f6 d4 b0 a8 c7 44 8c 35 3c fd 97 8d ae Aug 26 18:33:47.437144: | fb 23 22 81 01 f9 da a5 fd 90 55 b6 a5 4f f2 e2 Aug 26 18:33:47.437146: | 5a 4e 8e da 34 4b 6c 7a 29 61 52 80 be 0e 03 f4 Aug 26 18:33:47.437147: | 1d 66 33 38 4b a9 97 05 54 6c e8 67 04 aa a7 f6 Aug 26 18:33:47.437149: | f1 d3 c9 de cd 63 54 49 82 02 d1 38 f8 3a c6 75 Aug 26 18:33:47.437150: | 02 eb 7d d8 02 c7 8a d9 1a 18 16 83 c9 60 67 9e Aug 26 18:33:47.437152: | cd 43 df 34 68 6e a4 90 42 f1 01 9a ae 5a fa a1 Aug 26 18:33:47.437153: | 29 7b 39 4f 9c a1 6c 5f a4 93 09 fe e7 07 87 01 Aug 26 18:33:47.437154: | e6 65 0a ad 2f c4 70 c3 12 7a b9 e9 27 b1 c2 e3 Aug 26 18:33:47.437156: | 8a 4e 4a 7b e9 7b 0a 0d 98 0a f4 81 Aug 26 18:33:47.437158: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 18:33:47.437160: | **parse ISAKMP Message: Aug 26 18:33:47.437162: | initiator cookie: Aug 26 18:33:47.437163: | b4 b9 92 b1 8c d6 51 ed Aug 26 18:33:47.437165: | responder cookie: Aug 26 18:33:47.437166: | 11 de db 08 7f 65 6e 7d Aug 26 18:33:47.437168: | next payload type: ISAKMP_NEXT_HASH (0x8) Aug 26 18:33:47.437170: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 18:33:47.437171: | exchange type: ISAKMP_XCHG_QUICK (0x20) Aug 26 18:33:47.437173: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 18:33:47.437174: | Message ID: 2027435032 (0x78d83418) Aug 26 18:33:47.437176: | length: 460 (0x1cc) Aug 26 18:33:47.437178: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32) Aug 26 18:33:47.437181: | State DB: found IKEv1 state #5 in QUICK_I1 (find_state_ikev1) Aug 26 18:33:47.437184: | start processing: state #5 connection "north-dpd/0x1" from 192.1.2.23 (in process_v1_packet() at ikev1.c:1633) Aug 26 18:33:47.437186: | #5 is idle Aug 26 18:33:47.437187: | #5 idle Aug 26 18:33:47.437190: | "north-dpd/0x1" #5: discarding duplicate packet; already STATE_QUICK_I1; replied=F retransmit_on_duplicate=F Aug 26 18:33:47.437192: | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) Aug 26 18:33:47.437195: | stop processing: state #5 connection "north-dpd/0x1" from 192.1.2.23 (in process_md() at demux.c:382) Aug 26 18:33:47.437197: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 18:33:47.437199: | spent 0.0893 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:33:48.255712: | kernel_process_msg_cb process netlink message Aug 26 18:33:48.255741: | netlink_get: XFRM_MSG_ACQUIRE message Aug 26 18:33:48.255744: | xfrm netlink msg len 376 Aug 26 18:33:48.255745: | xfrm acquire rtattribute type 5 Aug 26 18:33:48.255747: | xfrm acquire rtattribute type 16 Aug 26 18:33:48.255757: | add bare shunt 0x55a94fbc2ea8 192.0.3.254/32:8 --1--> 192.0.22.254/32:0 => %hold 0 %acquire-netlink Aug 26 18:33:48.255761: initiate on demand from 192.0.3.254:8 to 192.0.22.254:0 proto=1 because: acquire Aug 26 18:33:48.255765: | find_connection: looking for policy for connection: 192.0.3.254:1/8 -> 192.0.22.254:1/0 Aug 26 18:33:48.255767: | FOR_EACH_CONNECTION_... in find_connection_for_clients Aug 26 18:33:48.255771: | find_connection: conn "north-dpd/0x2" has compatible peers: 192.0.3.0/24 -> 192.0.22.0/24 [pri: 25214986] Aug 26 18:33:48.255773: | find_connection: first OK "north-dpd/0x2" [pri:25214986]{0x55a94fbcdba8} (child none) Aug 26 18:33:48.255775: | find_connection: concluding with "north-dpd/0x2" [pri:25214986]{0x55a94fbcdba8} kind=CK_PERMANENT Aug 26 18:33:48.255777: | assign hold, routing was prospective erouted, needs to be erouted HOLD Aug 26 18:33:48.255779: | assign_holdpass() need broad(er) shunt Aug 26 18:33:48.255781: | priority calculation of connection "north-dpd/0x2" is 0xfe7e7 Aug 26 18:33:48.255785: | eroute_connection replace %trap with broad %pass or %hold eroute 192.0.3.0/24:0 --0-> 192.0.22.0/24:0 => %hold>%hold (raw_eroute) Aug 26 18:33:48.255790: | netlink_raw_eroute: SPI_HOLD implemented as no-op Aug 26 18:33:48.255792: | raw_eroute result=success Aug 26 18:33:48.255793: | assign_holdpass() eroute_connection() done Aug 26 18:33:48.255795: | fiddle_bare_shunt called Aug 26 18:33:48.255796: | fiddle_bare_shunt with transport_proto 1 Aug 26 18:33:48.255798: | removing specific host-to-host bare shunt Aug 26 18:33:48.255801: | delete narrow %hold eroute 192.0.3.254/32:8 --1-> 192.0.22.254/32:0 => %hold (raw_eroute) Aug 26 18:33:48.255803: | netlink_raw_eroute: SPI_PASS Aug 26 18:33:48.255814: | raw_eroute result=success Aug 26 18:33:48.255816: | raw_eroute with op='delete' for transport_proto='1' kernel shunt succeeded, bare shunt lookup succeeded Aug 26 18:33:48.255820: | delete bare shunt 0x55a94fbc2ea8 192.0.3.254/32:8 --1--> 192.0.22.254/32:0 => %hold 0 %acquire-netlink Aug 26 18:33:48.255821: assign_holdpass() delete_bare_shunt() failed Aug 26 18:33:48.255823: initiate_ondemand_body() failed to install negotiation_shunt, Aug 26 18:33:48.255825: | FOR_EACH_STATE_... in find_phase1_state Aug 26 18:33:48.255830: | creating state object #7 at 0x55a94fbe5f38 Aug 26 18:33:48.255833: | State DB: adding IKEv1 state #7 in UNDEFINED Aug 26 18:33:48.255840: | pstats #7 ikev1.ipsec started Aug 26 18:33:48.255842: | duplicating state object #1 "north-dpd/0x2" as #7 for IPSEC SA Aug 26 18:33:48.255846: | #7 setting local endpoint to 192.1.3.33:500 from #1.st_localport (in duplicate_state() at state.c:1484) Aug 26 18:33:48.255852: | start processing: state #7 connection "north-dpd/0x2" from 192.1.2.23 (in quick_outI1() at ikev1_quick.c:685) Aug 26 18:33:48.255865: | child state #7: UNDEFINED(ignore) => QUICK_I1(established CHILD SA) Aug 26 18:33:48.255873: "north-dpd/0x2" #7: initiating Quick Mode RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO {using isakmp#1 msgid:5426ec6b proposal=defaults pfsgroup=MODP2048} Aug 26 18:33:48.255876: | adding quick_outI1 KE work-order 13 for state #7 Aug 26 18:33:48.255878: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55a94fbca6b8 Aug 26 18:33:48.255881: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #7 Aug 26 18:33:48.255883: | libevent_malloc: new ptr-libevent@0x55a94fbd7978 size 128 Aug 26 18:33:48.255893: | stop processing: state #7 connection "north-dpd/0x2" from 192.1.2.23 (in quick_outI1() at ikev1_quick.c:764) Aug 26 18:33:48.255898: | crypto helper 6 resuming Aug 26 18:33:48.255898: | initiate on demand using RSASIG from 192.0.3.254 to 192.0.22.254 Aug 26 18:33:48.255910: | crypto helper 6 starting work-order 13 for state #7 Aug 26 18:33:48.255918: | crypto helper 6 doing build KE and nonce (quick_outI1 KE); request ID 13 Aug 26 18:33:48.255920: | spent 0.175 milliseconds in kernel message Aug 26 18:33:48.256495: | crypto helper 6 finished build KE and nonce (quick_outI1 KE); request ID 13 time elapsed 0.000576 seconds Aug 26 18:33:48.256503: | (#7) spent 0.582 milliseconds in crypto helper computing work-order 13: quick_outI1 KE (pcr) Aug 26 18:33:48.256506: | crypto helper 6 sending results from work-order 13 for state #7 to event queue Aug 26 18:33:48.256508: | scheduling resume sending helper answer for #7 Aug 26 18:33:48.256510: | libevent_malloc: new ptr-libevent@0x7f5488005df8 size 128 Aug 26 18:33:48.256516: | crypto helper 6 waiting (nothing to do) Aug 26 18:33:48.256522: | processing resume sending helper answer for #7 Aug 26 18:33:48.256529: | start processing: state #7 connection "north-dpd/0x2" from 192.1.2.23 (in resume_handler() at server.c:797) Aug 26 18:33:48.256533: | crypto helper 6 replies to request ID 13 Aug 26 18:33:48.256534: | calling continuation function 0x55a94f4e2b50 Aug 26 18:33:48.256536: | quick_outI1_continue for #7: calculated ke+nonce, sending I1 Aug 26 18:33:48.256541: | **emit ISAKMP Message: Aug 26 18:33:48.256543: | initiator cookie: Aug 26 18:33:48.256544: | b4 b9 92 b1 8c d6 51 ed Aug 26 18:33:48.256546: | responder cookie: Aug 26 18:33:48.256547: | 11 de db 08 7f 65 6e 7d Aug 26 18:33:48.256549: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:33:48.256551: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 18:33:48.256553: | exchange type: ISAKMP_XCHG_QUICK (0x20) Aug 26 18:33:48.256555: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 18:33:48.256556: | Message ID: 1411837035 (0x5426ec6b) Aug 26 18:33:48.256558: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:33:48.256561: | ***emit ISAKMP Hash Payload: Aug 26 18:33:48.256562: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:33:48.256564: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Aug 26 18:33:48.256566: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'reply packet' Aug 26 18:33:48.256569: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Aug 26 18:33:48.256570: | emitting length of ISAKMP Hash Payload: 36 Aug 26 18:33:48.256572: | emitting quick defaults using policy none Aug 26 18:33:48.256574: | empty esp_info, returning defaults for ENCRYPT Aug 26 18:33:48.256578: | ***emit ISAKMP Security Association Payload: Aug 26 18:33:48.256580: | next payload type: ISAKMP_NEXT_NONCE (0xa) Aug 26 18:33:48.256582: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 18:33:48.256584: | next payload chain: ignoring supplied 'ISAKMP Security Association Payload'.'next payload type' value 10:ISAKMP_NEXT_NONCE Aug 26 18:33:48.256586: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Security Association Payload (1:ISAKMP_NEXT_SA) Aug 26 18:33:48.256588: | next payload chain: saving location 'ISAKMP Security Association Payload'.'next payload type' in 'reply packet' Aug 26 18:33:48.256591: | ****emit IPsec DOI SIT: Aug 26 18:33:48.256593: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) Aug 26 18:33:48.256595: | ikev1_out_sa pcn: 0 has 1 valid proposals Aug 26 18:33:48.256597: | ikev1_out_sa pcn: 0 pn: 0<1 valid_count: 1 trans_cnt: 2 Aug 26 18:33:48.256599: | ****emit ISAKMP Proposal Payload: Aug 26 18:33:48.256600: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:33:48.256602: | proposal number: 0 (0x0) Aug 26 18:33:48.256604: | protocol ID: PROTO_IPSEC_ESP (0x3) Aug 26 18:33:48.256605: | SPI size: 4 (0x4) Aug 26 18:33:48.256607: | number of transforms: 2 (0x2) Aug 26 18:33:48.256609: | last substructure: saving location 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' Aug 26 18:33:48.256620: | netlink_get_spi: allocated 0xf24d08cd for esp.0@192.1.3.33 Aug 26 18:33:48.256623: | emitting 4 raw bytes of SPI into ISAKMP Proposal Payload Aug 26 18:33:48.256624: | SPI f2 4d 08 cd Aug 26 18:33:48.256626: | *****emit ISAKMP Transform Payload (ESP): Aug 26 18:33:48.256628: | next payload type: ISAKMP_NEXT_T (0x3) Aug 26 18:33:48.256629: | ESP transform number: 0 (0x0) Aug 26 18:33:48.256631: | ESP transform ID: ESP_AES (0xc) Aug 26 18:33:48.256633: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' Aug 26 18:33:48.256635: | ******emit ISAKMP IPsec DOI attribute: Aug 26 18:33:48.256636: | af+type: AF+GROUP_DESCRIPTION (0x8003) Aug 26 18:33:48.256638: | length/value: 14 (0xe) Aug 26 18:33:48.256640: | [14 is OAKLEY_GROUP_MODP2048] Aug 26 18:33:48.256642: | ******emit ISAKMP IPsec DOI attribute: Aug 26 18:33:48.256643: | af+type: AF+ENCAPSULATION_MODE (0x8004) Aug 26 18:33:48.256645: | length/value: 1 (0x1) Aug 26 18:33:48.256647: | [1 is ENCAPSULATION_MODE_TUNNEL] Aug 26 18:33:48.256648: | ******emit ISAKMP IPsec DOI attribute: Aug 26 18:33:48.256650: | af+type: AF+SA_LIFE_TYPE (0x8001) Aug 26 18:33:48.256651: | length/value: 1 (0x1) Aug 26 18:33:48.256653: | [1 is SA_LIFE_TYPE_SECONDS] Aug 26 18:33:48.256654: | ******emit ISAKMP IPsec DOI attribute: Aug 26 18:33:48.256656: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) Aug 26 18:33:48.256658: | length/value: 28800 (0x7080) Aug 26 18:33:48.256659: | ******emit ISAKMP IPsec DOI attribute: Aug 26 18:33:48.256661: | af+type: AF+AUTH_ALGORITHM (0x8005) Aug 26 18:33:48.256662: | length/value: 2 (0x2) Aug 26 18:33:48.256664: | [2 is AUTH_ALGORITHM_HMAC_SHA1] Aug 26 18:33:48.256665: | ******emit ISAKMP IPsec DOI attribute: Aug 26 18:33:48.256667: | af+type: AF+KEY_LENGTH (0x8006) Aug 26 18:33:48.256668: | length/value: 128 (0x80) Aug 26 18:33:48.256670: | emitting length of ISAKMP Transform Payload (ESP): 32 Aug 26 18:33:48.256672: | *****emit ISAKMP Transform Payload (ESP): Aug 26 18:33:48.256673: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:33:48.256675: | ESP transform number: 1 (0x1) Aug 26 18:33:48.256677: | ESP transform ID: ESP_3DES (0x3) Aug 26 18:33:48.256678: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Aug 26 18:33:48.256680: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' Aug 26 18:33:48.256682: | ******emit ISAKMP IPsec DOI attribute: Aug 26 18:33:48.256683: | af+type: AF+GROUP_DESCRIPTION (0x8003) Aug 26 18:33:48.256685: | length/value: 14 (0xe) Aug 26 18:33:48.256687: | [14 is OAKLEY_GROUP_MODP2048] Aug 26 18:33:48.256688: | ******emit ISAKMP IPsec DOI attribute: Aug 26 18:33:48.256690: | af+type: AF+ENCAPSULATION_MODE (0x8004) Aug 26 18:33:48.256691: | length/value: 1 (0x1) Aug 26 18:33:48.256693: | [1 is ENCAPSULATION_MODE_TUNNEL] Aug 26 18:33:48.256694: | ******emit ISAKMP IPsec DOI attribute: Aug 26 18:33:48.256696: | af+type: AF+SA_LIFE_TYPE (0x8001) Aug 26 18:33:48.256698: | length/value: 1 (0x1) Aug 26 18:33:48.256700: | [1 is SA_LIFE_TYPE_SECONDS] Aug 26 18:33:48.256701: | ******emit ISAKMP IPsec DOI attribute: Aug 26 18:33:48.256703: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) Aug 26 18:33:48.256704: | length/value: 28800 (0x7080) Aug 26 18:33:48.256706: | ******emit ISAKMP IPsec DOI attribute: Aug 26 18:33:48.256708: | af+type: AF+AUTH_ALGORITHM (0x8005) Aug 26 18:33:48.256709: | length/value: 2 (0x2) Aug 26 18:33:48.256710: | [2 is AUTH_ALGORITHM_HMAC_SHA1] Aug 26 18:33:48.256712: | emitting length of ISAKMP Transform Payload (ESP): 28 Aug 26 18:33:48.256714: | emitting length of ISAKMP Proposal Payload: 72 Aug 26 18:33:48.256716: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' is 0 Aug 26 18:33:48.256717: | emitting length of ISAKMP Security Association Payload: 84 Aug 26 18:33:48.256719: | last substructure: checking 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' is 0 Aug 26 18:33:48.256722: | ***emit ISAKMP Nonce Payload: Aug 26 18:33:48.256723: | next payload type: ISAKMP_NEXT_KE (0x4) Aug 26 18:33:48.256725: | next payload chain: ignoring supplied 'ISAKMP Nonce Payload'.'next payload type' value 4:ISAKMP_NEXT_KE Aug 26 18:33:48.256727: | next payload chain: setting previous 'ISAKMP Security Association Payload'.'next payload type' to current ISAKMP Nonce Payload (10:ISAKMP_NEXT_NONCE) Aug 26 18:33:48.256729: | next payload chain: saving location 'ISAKMP Nonce Payload'.'next payload type' in 'reply packet' Aug 26 18:33:48.256731: | emitting 32 raw bytes of Ni into ISAKMP Nonce Payload Aug 26 18:33:48.256733: | Ni 24 3a 73 86 c8 a0 53 3d c1 22 d8 a7 b6 2e cb 05 Aug 26 18:33:48.256734: | Ni cc 6a 9f d1 6f 19 d4 0e 45 a8 33 52 e6 44 ca 89 Aug 26 18:33:48.256736: | emitting length of ISAKMP Nonce Payload: 36 Aug 26 18:33:48.256738: | ***emit ISAKMP Key Exchange Payload: Aug 26 18:33:48.256739: | next payload type: ISAKMP_NEXT_ID (0x5) Aug 26 18:33:48.256741: | next payload chain: ignoring supplied 'ISAKMP Key Exchange Payload'.'next payload type' value 5:ISAKMP_NEXT_ID Aug 26 18:33:48.256743: | next payload chain: setting previous 'ISAKMP Nonce Payload'.'next payload type' to current ISAKMP Key Exchange Payload (4:ISAKMP_NEXT_KE) Aug 26 18:33:48.256745: | next payload chain: saving location 'ISAKMP Key Exchange Payload'.'next payload type' in 'reply packet' Aug 26 18:33:48.256747: | emitting 256 raw bytes of keyex value into ISAKMP Key Exchange Payload Aug 26 18:33:48.256749: | keyex value d2 ae 8b 81 4d e5 9d f5 c3 e3 67 af d1 d8 b0 43 Aug 26 18:33:48.256750: | keyex value 91 2b 37 e5 27 b8 cf a3 c9 6c d9 bc 07 f9 0f 32 Aug 26 18:33:48.256752: | keyex value ea 6f 58 86 09 d6 12 de c3 ca 2b b5 be d9 0f 18 Aug 26 18:33:48.256753: | keyex value 2d 83 37 52 80 5e b9 26 37 dd 9d 46 4b f0 13 d2 Aug 26 18:33:48.256755: | keyex value a0 96 58 d9 a5 2a 9e 03 59 e1 2f 74 90 75 74 22 Aug 26 18:33:48.256756: | keyex value 2e 45 e8 25 7d 0d ae 27 c2 66 ff a9 19 b7 f3 14 Aug 26 18:33:48.256758: | keyex value 75 78 13 95 36 2b 5a 7c 5b d0 22 58 79 50 aa e3 Aug 26 18:33:48.256759: | keyex value 25 c0 33 90 7d 6b d2 24 3c 6f 47 d7 24 c2 a2 3b Aug 26 18:33:48.256761: | keyex value 9d c3 44 7f 80 92 12 1e be ee aa fb 04 22 05 f5 Aug 26 18:33:48.256762: | keyex value bf 9e 62 9a 8c 8c 74 f2 06 ab 83 ad 2c 28 16 7a Aug 26 18:33:48.256764: | keyex value b2 b3 fc c9 17 01 88 d3 bf 85 42 7c 7f bb 2d be Aug 26 18:33:48.256765: | keyex value f4 e1 78 ee be 27 0d 00 ed 69 29 78 08 ce 54 75 Aug 26 18:33:48.256767: | keyex value 5c 1f e1 46 6e 23 5b 6b d7 ee 63 4a 02 35 d0 4c Aug 26 18:33:48.256768: | keyex value 06 aa 5c a5 fa 16 46 c3 15 fc 65 fb e8 f5 8a 83 Aug 26 18:33:48.256770: | keyex value 04 b7 74 31 3d a4 2b 7b 9b 46 fd db 3c a1 a4 1a Aug 26 18:33:48.256771: | keyex value c2 a0 cb 6b 11 21 07 60 0f c5 50 76 3f 11 6b f4 Aug 26 18:33:48.256773: | emitting length of ISAKMP Key Exchange Payload: 260 Aug 26 18:33:48.256779: | ***emit ISAKMP Identification Payload (IPsec DOI): Aug 26 18:33:48.256781: | next payload type: ISAKMP_NEXT_ID (0x5) Aug 26 18:33:48.256783: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Aug 26 18:33:48.256784: | Protocol ID: 0 (0x0) Aug 26 18:33:48.256786: | port: 0 (0x0) Aug 26 18:33:48.256787: | next payload chain: ignoring supplied 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' value 5:ISAKMP_NEXT_ID Aug 26 18:33:48.256789: | next payload chain: setting previous 'ISAKMP Key Exchange Payload'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) Aug 26 18:33:48.256791: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' Aug 26 18:33:48.256793: | emitting 4 raw bytes of client network into ISAKMP Identification Payload (IPsec DOI) Aug 26 18:33:48.256795: | client network c0 00 03 00 Aug 26 18:33:48.256797: | emitting 4 raw bytes of client mask into ISAKMP Identification Payload (IPsec DOI) Aug 26 18:33:48.256798: | client mask ff ff ff 00 Aug 26 18:33:48.256800: | emitting length of ISAKMP Identification Payload (IPsec DOI): 16 Aug 26 18:33:48.256802: | ***emit ISAKMP Identification Payload (IPsec DOI): Aug 26 18:33:48.256803: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:33:48.256805: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Aug 26 18:33:48.256806: | Protocol ID: 0 (0x0) Aug 26 18:33:48.256808: | port: 0 (0x0) Aug 26 18:33:48.256810: | next payload chain: setting previous 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) Aug 26 18:33:48.256811: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' Aug 26 18:33:48.256813: | emitting 4 raw bytes of client network into ISAKMP Identification Payload (IPsec DOI) Aug 26 18:33:48.256815: | client network c0 00 16 00 Aug 26 18:33:48.256816: | emitting 4 raw bytes of client mask into ISAKMP Identification Payload (IPsec DOI) Aug 26 18:33:48.256818: | client mask ff ff ff 00 Aug 26 18:33:48.256819: | emitting length of ISAKMP Identification Payload (IPsec DOI): 16 Aug 26 18:33:48.256839: | outI1 HASH(1): Aug 26 18:33:48.256841: | 4b 5e 1c 7b 75 61 43 09 25 03 f8 6b d5 5e e2 78 Aug 26 18:33:48.256843: | 7a 6c 82 3f e4 9b d5 8f 68 64 ec a1 83 9b cf 5f Aug 26 18:33:48.256848: | no IKEv1 message padding required Aug 26 18:33:48.256850: | emitting length of ISAKMP Message: 476 Aug 26 18:33:48.256861: | sending 476 bytes for reply packet from quick_outI1 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #7) Aug 26 18:33:48.256863: | b4 b9 92 b1 8c d6 51 ed 11 de db 08 7f 65 6e 7d Aug 26 18:33:48.256865: | 08 10 20 01 54 26 ec 6b 00 00 01 dc 00 13 05 e2 Aug 26 18:33:48.256866: | 74 31 d9 c0 a9 36 c2 80 9b ea e8 ac 5a ac e0 40 Aug 26 18:33:48.256868: | 7a 21 34 4d bd 0a 0c f6 51 b7 57 7f fe 08 c0 c0 Aug 26 18:33:48.256869: | 65 8b 53 4f 08 8a a0 3d d2 61 88 d9 7d ca 30 e1 Aug 26 18:33:48.256871: | 37 9b 74 37 00 2d 55 41 d3 c2 47 ac f0 3a f4 d3 Aug 26 18:33:48.256872: | b1 92 4b 23 15 b8 73 b4 62 fb a0 e0 6c ee 00 a7 Aug 26 18:33:48.256874: | ba f5 22 2a c4 54 98 18 8a f4 c5 d6 2c 69 5a 50 Aug 26 18:33:48.256875: | 5e 6a 29 b4 64 a3 1f 46 e7 e2 f1 2b b4 76 d1 24 Aug 26 18:33:48.256876: | cc 3c ee d0 fd 62 2a 86 d7 7f 5f 38 c5 78 69 ec Aug 26 18:33:48.256878: | 13 dd 7b 81 58 a7 1f f3 99 95 2c fa a4 2a 51 f6 Aug 26 18:33:48.256879: | be 2b 68 18 07 b6 06 55 3a 1f 8c 71 08 78 85 cc Aug 26 18:33:48.256881: | d3 12 21 28 00 b8 4e 5f 99 8f 37 a1 14 19 20 f9 Aug 26 18:33:48.256882: | 44 bb 3b 45 34 3d 46 ec a9 7a 7b 30 66 aa b8 cf Aug 26 18:33:48.256884: | 7c ab 1a 40 2e 8e 80 00 35 2a 51 06 c9 50 78 eb Aug 26 18:33:48.256885: | a9 1b 51 61 5e 5e e3 6c fa 23 cf 7c 5c 3a 41 09 Aug 26 18:33:48.256887: | d7 51 aa 8c 4d b2 a5 46 7f 25 5f c0 3d 7e 8e 59 Aug 26 18:33:48.256890: | 7f c8 e3 88 5b ed 2d 25 2e 2f 33 4c e2 76 a5 34 Aug 26 18:33:48.256891: | 9b ca b7 15 7a f6 b0 4d 07 7a 31 ff 9a 3b 93 93 Aug 26 18:33:48.256893: | 89 3d b6 e8 5b b3 d3 df 3b 34 21 e0 3e 93 33 c0 Aug 26 18:33:48.256894: | ca fa 3c 3a 80 07 e7 e2 e4 37 2f 26 b1 75 af bc Aug 26 18:33:48.256895: | e6 ea 3c 40 6e d6 f2 1a 56 1a bb ae 02 50 0b d5 Aug 26 18:33:48.256897: | db e0 22 4f 64 60 05 91 d5 ea 67 32 89 92 56 35 Aug 26 18:33:48.256898: | b8 d9 d5 07 3a 8d 6e 79 fc a8 ca 5e ce b9 b2 4c Aug 26 18:33:48.256900: | bb 98 01 5b 30 24 4c 56 b4 d6 5b 04 f0 cc 28 d1 Aug 26 18:33:48.256901: | 3c 82 8d 02 2b 63 03 26 04 6c 3d d2 44 af 90 8c Aug 26 18:33:48.256903: | 0e d7 29 0f 12 21 c4 dd 99 96 ca 51 e9 fe fa e3 Aug 26 18:33:48.256904: | 12 28 1a ce 6d 9d 80 b3 f2 23 34 dd 57 0b 25 5a Aug 26 18:33:48.256906: | ad e6 ce 54 74 94 fe 2f c6 49 8a 86 01 0f 08 89 Aug 26 18:33:48.256907: | 4e d8 6c f4 75 26 f8 41 9d d6 02 42 Aug 26 18:33:48.256948: | state #7 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 18:33:48.256952: | libevent_free: release ptr-libevent@0x55a94fbd7978 Aug 26 18:33:48.256954: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55a94fbca6b8 Aug 26 18:33:48.256956: | event_schedule: new EVENT_RETRANSMIT-pe@0x55a94fbca6b8 Aug 26 18:33:48.256959: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #7 Aug 26 18:33:48.256961: | libevent_malloc: new ptr-libevent@0x55a94fbc3148 size 128 Aug 26 18:33:48.256964: | #7 STATE_QUICK_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 29713.999423 Aug 26 18:33:48.256967: | resume sending helper answer for #7 suppresed complete_v1_state_transition() Aug 26 18:33:48.256971: | #7 spent 0.412 milliseconds in resume sending helper answer Aug 26 18:33:48.256974: | stop processing: state #7 connection "north-dpd/0x2" from 192.1.2.23 (in resume_handler() at server.c:833) Aug 26 18:33:48.256976: | libevent_free: release ptr-libevent@0x7f5488005df8 Aug 26 18:33:48.259991: | spent 0.00243 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:33:48.260008: | *received 460 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 18:33:48.260011: | b4 b9 92 b1 8c d6 51 ed 11 de db 08 7f 65 6e 7d Aug 26 18:33:48.260013: | 08 10 20 01 54 26 ec 6b 00 00 01 cc 62 54 20 68 Aug 26 18:33:48.260014: | 82 90 1e 2d d1 a5 33 ea ad 6c 50 22 63 95 30 b2 Aug 26 18:33:48.260016: | 3f 74 61 86 00 2b 6a c3 90 50 6c c5 08 53 d8 dc Aug 26 18:33:48.260017: | e7 c5 31 0d 62 c6 33 fc 11 c1 d1 f2 0f 9a 9d cf Aug 26 18:33:48.260019: | a5 b5 b7 88 6c 97 fe 04 cc 59 31 25 54 70 58 d1 Aug 26 18:33:48.260020: | 61 ce 0a 87 b2 25 19 98 3b 17 5e 82 24 f9 0b 92 Aug 26 18:33:48.260022: | a8 12 30 8b 83 2a ae db 12 83 9e c1 1f 7b e2 a3 Aug 26 18:33:48.260023: | 56 03 58 f1 9b 81 a8 87 85 54 17 65 a6 14 9b 7c Aug 26 18:33:48.260025: | 0e 8d 64 45 1d ec bc 0c da 29 c9 14 4d 21 8f c6 Aug 26 18:33:48.260026: | 8c e5 4f bb 75 42 1e 38 d5 ba 41 1f 37 28 d3 4f Aug 26 18:33:48.260028: | 3b 86 f2 f5 5b cc a9 41 f7 df 26 99 71 47 9c 2c Aug 26 18:33:48.260029: | 3f 6e 17 c4 6e 17 44 5a 77 23 17 80 07 03 a0 28 Aug 26 18:33:48.260031: | 8a 4d d2 93 3d 57 6d b7 3b 6f 87 b7 41 4d cf 72 Aug 26 18:33:48.260032: | 02 78 06 f7 37 eb 27 f6 80 f5 43 0c 3f 72 bb 6f Aug 26 18:33:48.260034: | 12 1a 71 6e e3 72 26 2b 56 0d f1 1c 83 12 ce 19 Aug 26 18:33:48.260035: | 37 91 0e 07 fb 9c d8 cb 29 06 78 23 14 7b 21 44 Aug 26 18:33:48.260037: | f4 e4 1b 54 1b b1 d2 43 a0 d0 f1 b1 93 7a cb a2 Aug 26 18:33:48.260038: | 3b c0 f1 2e c2 41 ec e3 9f ed 28 e8 1f 0b 0c bb Aug 26 18:33:48.260039: | d9 16 31 3d bc 7b b6 af 4c 70 c3 ca 78 51 ae f6 Aug 26 18:33:48.260041: | 57 f4 88 10 f1 95 8b 90 7f 57 23 7d 9e 3d 39 0c Aug 26 18:33:48.260042: | ec 8a e0 53 96 1f bd e9 7b 04 6f 5e fe 9d 05 4c Aug 26 18:33:48.260044: | 48 b1 bf b1 41 1c 76 fd 8d 46 e5 4b 7d 73 64 62 Aug 26 18:33:48.260047: | f1 18 fd 1f 2d b8 80 f4 58 1f d4 52 17 1e 85 d0 Aug 26 18:33:48.260049: | 93 21 34 2f ce 6a 67 4d 01 38 6c f9 b7 de ce 62 Aug 26 18:33:48.260050: | 9b ea 53 e5 38 93 86 f4 01 c4 b1 04 d5 4c 2e ca Aug 26 18:33:48.260052: | c4 b2 06 d6 a2 51 82 9e 8d ee c5 39 b8 b4 58 c6 Aug 26 18:33:48.260053: | a5 62 d3 c5 22 c2 f3 65 7c 85 9f b2 7f 14 fd 56 Aug 26 18:33:48.260055: | 52 59 64 0a 64 bb 34 f7 5b eb f6 bd Aug 26 18:33:48.260058: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 18:33:48.260060: | **parse ISAKMP Message: Aug 26 18:33:48.260062: | initiator cookie: Aug 26 18:33:48.260063: | b4 b9 92 b1 8c d6 51 ed Aug 26 18:33:48.260065: | responder cookie: Aug 26 18:33:48.260066: | 11 de db 08 7f 65 6e 7d Aug 26 18:33:48.260068: | next payload type: ISAKMP_NEXT_HASH (0x8) Aug 26 18:33:48.260070: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 18:33:48.260072: | exchange type: ISAKMP_XCHG_QUICK (0x20) Aug 26 18:33:48.260073: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 18:33:48.260075: | Message ID: 1411837035 (0x5426ec6b) Aug 26 18:33:48.260077: | length: 460 (0x1cc) Aug 26 18:33:48.260079: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32) Aug 26 18:33:48.260081: | State DB: found IKEv1 state #7 in QUICK_I1 (find_state_ikev1) Aug 26 18:33:48.260084: | start processing: state #7 connection "north-dpd/0x2" from 192.1.2.23 (in process_v1_packet() at ikev1.c:1633) Aug 26 18:33:48.260086: | #7 is idle Aug 26 18:33:48.260088: | #7 idle Aug 26 18:33:48.260090: | received encrypted packet from 192.1.2.23:500 Aug 26 18:33:48.260102: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x502 opt: 0x200030 Aug 26 18:33:48.260104: | ***parse ISAKMP Hash Payload: Aug 26 18:33:48.260106: | next payload type: ISAKMP_NEXT_SA (0x1) Aug 26 18:33:48.260108: | length: 36 (0x24) Aug 26 18:33:48.260110: | got payload 0x2 (ISAKMP_NEXT_SA) needed: 0x402 opt: 0x200030 Aug 26 18:33:48.260111: | ***parse ISAKMP Security Association Payload: Aug 26 18:33:48.260113: | next payload type: ISAKMP_NEXT_NONCE (0xa) Aug 26 18:33:48.260115: | length: 56 (0x38) Aug 26 18:33:48.260116: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 18:33:48.260118: | got payload 0x400 (ISAKMP_NEXT_NONCE) needed: 0x400 opt: 0x200030 Aug 26 18:33:48.260120: | ***parse ISAKMP Nonce Payload: Aug 26 18:33:48.260121: | next payload type: ISAKMP_NEXT_KE (0x4) Aug 26 18:33:48.260123: | length: 36 (0x24) Aug 26 18:33:48.260124: | got payload 0x10 (ISAKMP_NEXT_KE) needed: 0x0 opt: 0x200030 Aug 26 18:33:48.260126: | ***parse ISAKMP Key Exchange Payload: Aug 26 18:33:48.260128: | next payload type: ISAKMP_NEXT_ID (0x5) Aug 26 18:33:48.260129: | length: 260 (0x104) Aug 26 18:33:48.260131: | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030 Aug 26 18:33:48.260133: | ***parse ISAKMP Identification Payload (IPsec DOI): Aug 26 18:33:48.260134: | next payload type: ISAKMP_NEXT_ID (0x5) Aug 26 18:33:48.260136: | length: 16 (0x10) Aug 26 18:33:48.260137: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Aug 26 18:33:48.260139: | Protocol ID: 0 (0x0) Aug 26 18:33:48.260141: | port: 0 (0x0) Aug 26 18:33:48.260142: | obj: c0 00 03 00 ff ff ff 00 Aug 26 18:33:48.260144: | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030 Aug 26 18:33:48.260146: | ***parse ISAKMP Identification Payload (IPsec DOI): Aug 26 18:33:48.260147: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:33:48.260149: | length: 16 (0x10) Aug 26 18:33:48.260150: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Aug 26 18:33:48.260152: | Protocol ID: 0 (0x0) Aug 26 18:33:48.260153: | port: 0 (0x0) Aug 26 18:33:48.260155: | obj: c0 00 16 00 ff ff ff 00 Aug 26 18:33:48.260156: | removing 12 bytes of padding Aug 26 18:33:48.260171: | quick_inR1_outI2 HASH(2): Aug 26 18:33:48.260174: | 8d 85 85 c1 5b 25 79 24 68 37 96 f5 66 dc 05 6e Aug 26 18:33:48.260175: | 20 ea 1c ac 0a ac e3 c1 4f e7 cd b4 6d 28 67 54 Aug 26 18:33:48.260178: | received 'quick_inR1_outI2' message HASH(2) data ok Aug 26 18:33:48.260181: | ****parse IPsec DOI SIT: Aug 26 18:33:48.260183: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) Aug 26 18:33:48.260185: | ****parse ISAKMP Proposal Payload: Aug 26 18:33:48.260187: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:33:48.260188: | length: 44 (0x2c) Aug 26 18:33:48.260190: | proposal number: 0 (0x0) Aug 26 18:33:48.260191: | protocol ID: PROTO_IPSEC_ESP (0x3) Aug 26 18:33:48.260193: | SPI size: 4 (0x4) Aug 26 18:33:48.260194: | number of transforms: 1 (0x1) Aug 26 18:33:48.260196: | parsing 4 raw bytes of ISAKMP Proposal Payload into SPI Aug 26 18:33:48.260198: | SPI 1a 43 41 09 Aug 26 18:33:48.260199: | *****parse ISAKMP Transform Payload (ESP): Aug 26 18:33:48.260201: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:33:48.260203: | length: 32 (0x20) Aug 26 18:33:48.260204: | ESP transform number: 0 (0x0) Aug 26 18:33:48.260206: | ESP transform ID: ESP_AES (0xc) Aug 26 18:33:48.260208: | ******parse ISAKMP IPsec DOI attribute: Aug 26 18:33:48.260210: | af+type: AF+GROUP_DESCRIPTION (0x8003) Aug 26 18:33:48.260211: | length/value: 14 (0xe) Aug 26 18:33:48.260213: | [14 is OAKLEY_GROUP_MODP2048] Aug 26 18:33:48.260215: | ******parse ISAKMP IPsec DOI attribute: Aug 26 18:33:48.260216: | af+type: AF+ENCAPSULATION_MODE (0x8004) Aug 26 18:33:48.260218: | length/value: 1 (0x1) Aug 26 18:33:48.260220: | [1 is ENCAPSULATION_MODE_TUNNEL] Aug 26 18:33:48.260221: | NAT-T non-encap: Installing IPsec SA without ENCAP, st->hidden_variables.st_nat_traversal is none Aug 26 18:33:48.260223: | ******parse ISAKMP IPsec DOI attribute: Aug 26 18:33:48.260225: | af+type: AF+SA_LIFE_TYPE (0x8001) Aug 26 18:33:48.260226: | length/value: 1 (0x1) Aug 26 18:33:48.260228: | [1 is SA_LIFE_TYPE_SECONDS] Aug 26 18:33:48.260229: | ******parse ISAKMP IPsec DOI attribute: Aug 26 18:33:48.260231: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) Aug 26 18:33:48.260232: | length/value: 28800 (0x7080) Aug 26 18:33:48.260234: | ******parse ISAKMP IPsec DOI attribute: Aug 26 18:33:48.260236: | af+type: AF+AUTH_ALGORITHM (0x8005) Aug 26 18:33:48.260237: | length/value: 2 (0x2) Aug 26 18:33:48.260239: | [2 is AUTH_ALGORITHM_HMAC_SHA1] Aug 26 18:33:48.260240: | ******parse ISAKMP IPsec DOI attribute: Aug 26 18:33:48.260242: | af+type: AF+KEY_LENGTH (0x8006) Aug 26 18:33:48.260244: | length/value: 128 (0x80) Aug 26 18:33:48.260245: | ESP IPsec Transform verified unconditionally; no alg_info to check against Aug 26 18:33:48.260255: | started looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org of kind PKK_PSK Aug 26 18:33:48.260260: | actually looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org of kind PKK_PSK Aug 26 18:33:48.260265: | line 0: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org) to type PKK_RSA Aug 26 18:33:48.260268: | line 1: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org) to type PKK_RSA Aug 26 18:33:48.260270: | concluding with best_match=000 best=(nil) (lineno=-1) Aug 26 18:33:48.260271: | no PreShared Key Found Aug 26 18:33:48.260274: | adding quick outI2 DH work-order 14 for state #7 Aug 26 18:33:48.260276: | state #7 requesting EVENT_RETRANSMIT to be deleted Aug 26 18:33:48.260278: | #7 STATE_QUICK_I1: retransmits: cleared Aug 26 18:33:48.260280: | libevent_free: release ptr-libevent@0x55a94fbc3148 Aug 26 18:33:48.260283: | free_event_entry: release EVENT_RETRANSMIT-pe@0x55a94fbca6b8 Aug 26 18:33:48.260285: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55a94fbca6b8 Aug 26 18:33:48.260292: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #7 Aug 26 18:33:48.260310: | libevent_malloc: new ptr-libevent@0x7f5488005df8 size 128 Aug 26 18:33:48.260316: | complete v1 state transition with STF_SUSPEND Aug 26 18:33:48.260320: | [RE]START processing: state #7 connection "north-dpd/0x2" from 192.1.2.23 (in complete_v1_state_transition() at ikev1.c:2648) Aug 26 18:33:48.260322: | suspending state #7 and saving MD Aug 26 18:33:48.260323: | #7 is busy; has a suspended MD Aug 26 18:33:48.260327: | #7 spent 0.142 milliseconds in process_packet_tail() Aug 26 18:33:48.260343: | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) Aug 26 18:33:48.260348: | stop processing: state #7 connection "north-dpd/0x2" from 192.1.2.23 (in process_md() at demux.c:382) Aug 26 18:33:48.260351: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 18:33:48.260327: | crypto helper 5 resuming Aug 26 18:33:48.260362: | crypto helper 5 starting work-order 14 for state #7 Aug 26 18:33:48.260355: | spent 0.351 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:33:48.260367: | crypto helper 5 doing compute dh (V1 Phase 2 PFS) (quick outI2 DH); request ID 14 Aug 26 18:33:48.260879: | crypto helper 5 finished compute dh (V1 Phase 2 PFS) (quick outI2 DH); request ID 14 time elapsed 0.000512 seconds Aug 26 18:33:48.260885: | (#7) spent 0.515 milliseconds in crypto helper computing work-order 14: quick outI2 DH (pcr) Aug 26 18:33:48.260887: | crypto helper 5 sending results from work-order 14 for state #7 to event queue Aug 26 18:33:48.260889: | scheduling resume sending helper answer for #7 Aug 26 18:33:48.260891: | libevent_malloc: new ptr-libevent@0x7f548c0027d8 size 128 Aug 26 18:33:48.260897: | crypto helper 5 waiting (nothing to do) Aug 26 18:33:48.260932: | processing resume sending helper answer for #7 Aug 26 18:33:48.260941: | start processing: state #7 connection "north-dpd/0x2" from 192.1.2.23 (in resume_handler() at server.c:797) Aug 26 18:33:48.260945: | crypto helper 5 replies to request ID 14 Aug 26 18:33:48.260947: | calling continuation function 0x55a94f4e2b50 Aug 26 18:33:48.260949: | quick_inR1_outI2_continue for #7: calculated ke+nonce, calculating DH Aug 26 18:33:48.260952: | **emit ISAKMP Message: Aug 26 18:33:48.260954: | initiator cookie: Aug 26 18:33:48.260956: | b4 b9 92 b1 8c d6 51 ed Aug 26 18:33:48.260957: | responder cookie: Aug 26 18:33:48.260959: | 11 de db 08 7f 65 6e 7d Aug 26 18:33:48.260961: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:33:48.260962: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 18:33:48.260964: | exchange type: ISAKMP_XCHG_QUICK (0x20) Aug 26 18:33:48.260966: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 18:33:48.260968: | Message ID: 1411837035 (0x5426ec6b) Aug 26 18:33:48.260969: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:33:48.260972: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address Aug 26 18:33:48.260974: | ID address c0 00 03 00 Aug 26 18:33:48.260975: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID mask Aug 26 18:33:48.260977: | ID mask ff ff ff 00 Aug 26 18:33:48.260980: | our client is subnet 192.0.3.0/24 Aug 26 18:33:48.260981: | our client protocol/port is 0/0 Aug 26 18:33:48.260983: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address Aug 26 18:33:48.260985: | ID address c0 00 16 00 Aug 26 18:33:48.260987: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID mask Aug 26 18:33:48.260988: | ID mask ff ff ff 00 Aug 26 18:33:48.260990: | peer client is subnet 192.0.22.0/24 Aug 26 18:33:48.260992: | peer client protocol/port is 0/0 Aug 26 18:33:48.260993: | ***emit ISAKMP Hash Payload: Aug 26 18:33:48.260997: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:33:48.260999: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Aug 26 18:33:48.261001: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'reply packet' Aug 26 18:33:48.261003: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Aug 26 18:33:48.261005: | emitting length of ISAKMP Hash Payload: 36 Aug 26 18:33:48.261024: | quick_inR1_outI2 HASH(3): Aug 26 18:33:48.261027: | b3 6d 71 6c 7e d7 68 7e e3 08 09 56 eb ab 91 fc Aug 26 18:33:48.261028: | 2f ce d2 36 14 f4 4e 66 a4 c4 d1 64 8a 8f e9 03 Aug 26 18:33:48.261030: | compute_proto_keymat: needed_len (after ESP enc)=16 Aug 26 18:33:48.261032: | compute_proto_keymat: needed_len (after ESP auth)=36 Aug 26 18:33:48.261100: | #1 spent 4.9 milliseconds Aug 26 18:33:48.261103: | install_ipsec_sa() for #7: inbound and outbound Aug 26 18:33:48.261105: | could_route called for north-dpd/0x2 (kind=CK_PERMANENT) Aug 26 18:33:48.261107: | FOR_EACH_CONNECTION_... in route_owner Aug 26 18:33:48.261109: | conn north-dpd/0x2 mark 0/00000000, 0/00000000 vs Aug 26 18:33:48.261111: | conn north-dpd/0x1 mark 0/00000000, 0/00000000 Aug 26 18:33:48.261113: | conn north-dpd/0x2 mark 0/00000000, 0/00000000 vs Aug 26 18:33:48.261115: | conn north-dpd/0x2 mark 0/00000000, 0/00000000 Aug 26 18:33:48.261117: | route owner of "north-dpd/0x2" prospective erouted: self; eroute owner: self Aug 26 18:33:48.261119: | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 Aug 26 18:33:48.261121: | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 Aug 26 18:33:48.261123: | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 Aug 26 18:33:48.261126: | setting IPsec SA replay-window to 32 Aug 26 18:33:48.261128: | NIC esp-hw-offload not for connection 'north-dpd/0x2' not available on interface eth1 Aug 26 18:33:48.261144: | netlink: enabling tunnel mode Aug 26 18:33:48.261146: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 18:33:48.261148: | netlink: esp-hw-offload not set for IPsec SA Aug 26 18:33:48.261195: | netlink response for Add SA esp.1a434109@192.1.2.23 included non-error error Aug 26 18:33:48.261201: | set up outgoing SA, ref=0/0 Aug 26 18:33:48.261205: | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 Aug 26 18:33:48.261208: | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 Aug 26 18:33:48.261212: | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 Aug 26 18:33:48.261216: | setting IPsec SA replay-window to 32 Aug 26 18:33:48.261219: | NIC esp-hw-offload not for connection 'north-dpd/0x2' not available on interface eth1 Aug 26 18:33:48.261222: | netlink: enabling tunnel mode Aug 26 18:33:48.261226: | netlink: setting IPsec SA replay-window to 32 using old-style req Aug 26 18:33:48.261229: | netlink: esp-hw-offload not set for IPsec SA Aug 26 18:33:48.261265: | netlink response for Add SA esp.f24d08cd@192.1.3.33 included non-error error Aug 26 18:33:48.261272: | priority calculation of connection "north-dpd/0x2" is 0xfe7e7 Aug 26 18:33:48.261281: | add inbound eroute 192.0.22.0/24:0 --0-> 192.0.3.0/24:0 => tun.10000@192.1.3.33 (raw_eroute) Aug 26 18:33:48.261285: | IPsec Sa SPD priority set to 1042407 Aug 26 18:33:48.261316: | raw_eroute result=success Aug 26 18:33:48.261336: | set up incoming SA, ref=0/0 Aug 26 18:33:48.261356: | sr for #7: prospective erouted Aug 26 18:33:48.261359: | route_and_eroute() for proto 0, and source port 0 dest port 0 Aug 26 18:33:48.261363: | FOR_EACH_CONNECTION_... in route_owner Aug 26 18:33:48.261366: | conn north-dpd/0x2 mark 0/00000000, 0/00000000 vs Aug 26 18:33:48.261369: | conn north-dpd/0x1 mark 0/00000000, 0/00000000 Aug 26 18:33:48.261373: | conn north-dpd/0x2 mark 0/00000000, 0/00000000 vs Aug 26 18:33:48.261377: | conn north-dpd/0x2 mark 0/00000000, 0/00000000 Aug 26 18:33:48.261381: | route owner of "north-dpd/0x2" prospective erouted: self; eroute owner: self Aug 26 18:33:48.261388: | route_and_eroute with c: north-dpd/0x2 (next: none) ero:north-dpd/0x2 esr:{(nil)} ro:north-dpd/0x2 rosr:{(nil)} and state: #7 Aug 26 18:33:48.261392: | priority calculation of connection "north-dpd/0x2" is 0xfe7e7 Aug 26 18:33:48.261413: | eroute_connection replace eroute 192.0.3.0/24:0 --0-> 192.0.22.0/24:0 => tun.0@192.1.2.23>tun.0@192.1.2.23 (raw_eroute) Aug 26 18:33:48.261417: | IPsec Sa SPD priority set to 1042407 Aug 26 18:33:48.261449: | raw_eroute result=success Aug 26 18:33:48.261453: | running updown command "ipsec _updown" for verb up Aug 26 18:33:48.261457: | command executing up-client Aug 26 18:33:48.261500: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:33:48.261509: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:33:48.261536: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-dpd/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+E Aug 26 18:33:48.261541: | popen cmd is 1400 chars long Aug 26 18:33:48.261545: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-dpd/0x2' PLUT: Aug 26 18:33:48.261548: | cmd( 80):O_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_I: Aug 26 18:33:48.261552: | cmd( 160):D='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testin: Aug 26 18:33:48.261555: | cmd( 240):g.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/: Aug 26 18:33:48.261558: | cmd( 320):24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_M: Aug 26 18:33:48.261560: | cmd( 400):Y_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUT: Aug 26 18:33:48.261561: | cmd( 480):O_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=: Aug 26 18:33:48.261563: | cmd( 560):Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.or: Aug 26 18:33:48.261565: | cmd( 640):g' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' PLUTO_PE: Aug 26 18:33:48.261566: | cmd( 720):ER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO: Aug 26 18:33:48.261568: | cmd( 800):_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libre: Aug 26 18:33:48.261570: | cmd( 880):swan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADD: Aug 26 18:33:48.261571: | cmd( 960):TIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK: Aug 26 18:33:48.261573: | cmd(1040):+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ip: Aug 26 18:33:48.261574: | cmd(1120):v4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOM: Aug 26 18:33:48.261576: | cmd(1200):AIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO: Aug 26 18:33:48.261578: | cmd(1280):_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x1a4341: Aug 26 18:33:48.261581: | cmd(1360):09 SPI_OUT=0xf24d08cd ipsec _updown 2>&1: Aug 26 18:33:48.270104: | route_and_eroute: firewall_notified: true Aug 26 18:33:48.270120: | route_and_eroute: instance "north-dpd/0x2", setting eroute_owner {spd=0x55a94fbcdcf8,sr=0x55a94fbcdcf8} to #7 (was #0) (newest_ipsec_sa=#0) Aug 26 18:33:48.270187: | #1 spent 0.985 milliseconds in install_ipsec_sa() Aug 26 18:33:48.270193: | emitting 12 zero bytes of encryption padding into ISAKMP Message Aug 26 18:33:48.270197: | no IKEv1 message padding required Aug 26 18:33:48.270199: | emitting length of ISAKMP Message: 76 Aug 26 18:33:48.270236: | inR1_outI2: instance north-dpd/0x2[0], setting IKEv1 newest_ipsec_sa to #7 (was #0) (spd.eroute=#7) cloned from #1 Aug 26 18:33:48.270240: | DPD: dpd_init() called on IPsec SA Aug 26 18:33:48.270245: | State DB: found IKEv1 state #1 in MAIN_I4 (find_state_ikev1) Aug 26 18:33:48.270250: | event_schedule: new EVENT_DPD-pe@0x7f548c002b78 Aug 26 18:33:48.270254: | inserting event EVENT_DPD, timeout in 3 seconds for #7 Aug 26 18:33:48.270260: | libevent_malloc: new ptr-libevent@0x55a94fbd7978 size 128 Aug 26 18:33:48.270271: | complete v1 state transition with STF_OK Aug 26 18:33:48.270278: | [RE]START processing: state #7 connection "north-dpd/0x2" from 192.1.2.23 (in complete_v1_state_transition() at ikev1.c:2673) Aug 26 18:33:48.270281: | #7 is idle Aug 26 18:33:48.270284: | doing_xauth:no, t_xauth_client_done:no Aug 26 18:33:48.270287: | IKEv1: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2 Aug 26 18:33:48.270305: | child state #7: QUICK_I1(established CHILD SA) => QUICK_I2(established CHILD SA) Aug 26 18:33:48.270308: | event_already_set, deleting event Aug 26 18:33:48.270311: | state #7 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 18:33:48.270318: | libevent_free: release ptr-libevent@0x7f5488005df8 Aug 26 18:33:48.270324: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55a94fbca6b8 Aug 26 18:33:48.270335: | sending reply packet to 192.1.2.23:500 (from 192.1.3.33:500) Aug 26 18:33:48.270346: | sending 76 bytes for STATE_QUICK_I1 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #7) Aug 26 18:33:48.270351: | b4 b9 92 b1 8c d6 51 ed 11 de db 08 7f 65 6e 7d Aug 26 18:33:48.270354: | 08 10 20 01 54 26 ec 6b 00 00 00 4c 75 eb 8b 45 Aug 26 18:33:48.270357: | c3 0e 15 c0 54 69 86 5f 95 6f d6 b9 fd 22 16 b9 Aug 26 18:33:48.270359: | ac b7 b0 07 ff 78 9b eb 19 9b c0 9a 13 5d b6 41 Aug 26 18:33:48.270362: | f3 80 95 4c d6 79 ea 7e 08 94 20 02 Aug 26 18:33:48.270426: | !event_already_set at reschedule Aug 26 18:33:48.270433: | event_schedule: new EVENT_SA_REPLACE-pe@0x55a94fbca6b8 Aug 26 18:33:48.270438: | inserting event EVENT_SA_REPLACE, timeout in 27768 seconds for #7 Aug 26 18:33:48.270441: | libevent_malloc: new ptr-libevent@0x7f5488005df8 size 128 Aug 26 18:33:48.270444: | pstats #7 ikev1.ipsec established Aug 26 18:33:48.270450: | NAT-T: encaps is 'auto' Aug 26 18:33:48.270455: "north-dpd/0x2" #7: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode {ESP=>0x1a434109 <0xf24d08cd xfrm=AES_CBC_128-HMAC_SHA1_96 NATOA=none NATD=none DPD=active} Aug 26 18:33:48.270459: | modecfg pull: noquirk policy:push not-client Aug 26 18:33:48.270462: | phase 1 is done, looking for phase 2 to unpend Aug 26 18:33:48.270467: | resume sending helper answer for #7 suppresed complete_v1_state_transition() Aug 26 18:33:48.270474: | #7 spent 1.39 milliseconds in resume sending helper answer Aug 26 18:33:48.270479: | stop processing: state #7 connection "north-dpd/0x2" from 192.1.2.23 (in resume_handler() at server.c:833) Aug 26 18:33:48.270483: | libevent_free: release ptr-libevent@0x7f548c0027d8 Aug 26 18:33:48.270498: | processing signal PLUTO_SIGCHLD Aug 26 18:33:48.270505: | waitpid returned ECHILD (no child processes left) Aug 26 18:33:48.270509: | spent 0.00545 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 18:33:51.263309: | timer_event_cb: processing event@0x7f548c002b78 Aug 26 18:33:51.263326: | handling event EVENT_DPD for child state #7 Aug 26 18:33:51.263336: | start processing: state #7 connection "north-dpd/0x2" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 18:33:51.263340: | [RE]START processing: state #7 connection "north-dpd/0x2" from 192.1.2.23 (in dpd_event() at ikev1_dpd.c:360) Aug 26 18:33:51.263342: | FOR_EACH_STATE_... in find_phase1_state Aug 26 18:33:51.263346: | DPD: processing for state #7 ("north-dpd/0x2") Aug 26 18:33:51.263351: | get_sa_info esp.f24d08cd@192.1.3.33 Aug 26 18:33:51.263364: | event_schedule: new EVENT_DPD-pe@0x55a94fbd3b08 Aug 26 18:33:51.263367: | inserting event EVENT_DPD, timeout in 3 seconds for #7 Aug 26 18:33:51.263370: | libevent_malloc: new ptr-libevent@0x7f548c0027d8 size 128 Aug 26 18:33:51.263372: | DPD: scheduling timeout to 10 Aug 26 18:33:51.263375: | event_schedule: new EVENT_DPD_TIMEOUT-pe@0x55a94fbd3e68 Aug 26 18:33:51.263379: | inserting event EVENT_DPD_TIMEOUT, timeout in 10 seconds for #1 Aug 26 18:33:51.263383: | libevent_malloc: new ptr-libevent@0x55a94fbe82b8 size 128 Aug 26 18:33:51.263386: | DPD: sending R_U_THERE 26317 to 192.1.2.23:500 (state #1) Aug 26 18:33:51.263416: | **emit ISAKMP Message: Aug 26 18:33:51.263418: | initiator cookie: Aug 26 18:33:51.263420: | b4 b9 92 b1 8c d6 51 ed Aug 26 18:33:51.263422: | responder cookie: Aug 26 18:33:51.263423: | 11 de db 08 7f 65 6e 7d Aug 26 18:33:51.263425: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:33:51.263427: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 18:33:51.263429: | exchange type: ISAKMP_XCHG_INFO (0x5) Aug 26 18:33:51.263432: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 18:33:51.263434: | Message ID: 2534459804 (0x9710c99c) Aug 26 18:33:51.263436: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:33:51.263438: | ***emit ISAKMP Hash Payload: Aug 26 18:33:51.263440: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:33:51.263442: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Aug 26 18:33:51.263444: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'ISAKMP notify' Aug 26 18:33:51.263446: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Aug 26 18:33:51.263448: | emitting length of ISAKMP Hash Payload: 36 Aug 26 18:33:51.263449: | ***emit ISAKMP Notification Payload: Aug 26 18:33:51.263451: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:33:51.263453: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 18:33:51.263454: | protocol ID: 1 (0x1) Aug 26 18:33:51.263456: | SPI size: 16 (0x10) Aug 26 18:33:51.263458: | Notify Message Type: R_U_THERE (0x8d28) Aug 26 18:33:51.263460: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Notification Payload (11:ISAKMP_NEXT_N) Aug 26 18:33:51.263462: | next payload chain: saving location 'ISAKMP Notification Payload'.'next payload type' in 'ISAKMP notify' Aug 26 18:33:51.263464: | emitting 8 raw bytes of notify icookie into ISAKMP Notification Payload Aug 26 18:33:51.263466: | notify icookie b4 b9 92 b1 8c d6 51 ed Aug 26 18:33:51.263468: | emitting 8 raw bytes of notify rcookie into ISAKMP Notification Payload Aug 26 18:33:51.263469: | notify rcookie 11 de db 08 7f 65 6e 7d Aug 26 18:33:51.263471: | emitting 4 raw bytes of notify data into ISAKMP Notification Payload Aug 26 18:33:51.263472: | notify data 00 00 66 cd Aug 26 18:33:51.263474: | emitting length of ISAKMP Notification Payload: 32 Aug 26 18:33:51.263511: | notification HASH(1): Aug 26 18:33:51.263513: | 54 8e bf 10 18 ac bd 48 68 1c bd e6 5d 51 52 63 Aug 26 18:33:51.263515: | 34 2b a7 ee bd 6e 97 ee 49 f6 16 b4 23 83 00 9e Aug 26 18:33:51.263521: | emitting 12 zero bytes of encryption padding into ISAKMP Message Aug 26 18:33:51.263523: | no IKEv1 message padding required Aug 26 18:33:51.263524: | emitting length of ISAKMP Message: 108 Aug 26 18:33:51.263538: | sending 108 bytes for ISAKMP notify through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Aug 26 18:33:51.263542: | b4 b9 92 b1 8c d6 51 ed 11 de db 08 7f 65 6e 7d Aug 26 18:33:51.263544: | 08 10 05 01 97 10 c9 9c 00 00 00 6c c1 79 ba 9a Aug 26 18:33:51.263546: | 2c fb cd 41 5b 35 ef 85 1a f7 40 6a 09 15 9f 73 Aug 26 18:33:51.263547: | 26 b0 08 3e 7b 26 2a 7c c6 20 87 26 47 1e 75 66 Aug 26 18:33:51.263549: | d8 3c ef 6d 79 49 04 63 37 ea b7 3e 2a 36 cb 7d Aug 26 18:33:51.263550: | 68 f5 ee cc f0 3e 8e 00 ca 9c 82 51 e1 59 06 d6 Aug 26 18:33:51.263552: | a9 0f 0e b3 c8 9c 0a 0c 3e d4 68 cb Aug 26 18:33:51.263596: | libevent_free: release ptr-libevent@0x55a94fbd7978 Aug 26 18:33:51.263599: | free_event_entry: release EVENT_DPD-pe@0x7f548c002b78 Aug 26 18:33:51.263606: | #7 spent 0.273 milliseconds in timer_event_cb() EVENT_DPD Aug 26 18:33:51.263609: | stop processing: state #7 connection "north-dpd/0x2" from 192.1.2.23 (in timer_event_cb() at timer.c:557) Aug 26 18:33:51.263964: | spent 0.00205 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:33:51.263978: | *received 108 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 18:33:51.263980: | b4 b9 92 b1 8c d6 51 ed 11 de db 08 7f 65 6e 7d Aug 26 18:33:51.263982: | 08 10 05 01 45 98 28 ff 00 00 00 6c ef 6d 49 10 Aug 26 18:33:51.263984: | 2d bf 3e 03 14 0e e2 32 81 d1 65 85 de fd dc 46 Aug 26 18:33:51.263985: | 0b 99 03 65 af 02 43 c1 76 40 09 ac 82 ed 12 b4 Aug 26 18:33:51.263987: | bf 1e e1 0c ed 5e 8b 41 95 dc 87 f2 dd 59 14 07 Aug 26 18:33:51.263988: | b6 23 49 10 32 3a 4c 19 8b 29 2b af fb 76 42 97 Aug 26 18:33:51.263990: | 66 b1 6e 90 72 25 0b 83 67 a9 76 af Aug 26 18:33:51.263993: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 18:33:51.263995: | **parse ISAKMP Message: Aug 26 18:33:51.263997: | initiator cookie: Aug 26 18:33:51.263999: | b4 b9 92 b1 8c d6 51 ed Aug 26 18:33:51.264002: | responder cookie: Aug 26 18:33:51.264004: | 11 de db 08 7f 65 6e 7d Aug 26 18:33:51.264007: | next payload type: ISAKMP_NEXT_HASH (0x8) Aug 26 18:33:51.264010: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 18:33:51.264013: | exchange type: ISAKMP_XCHG_INFO (0x5) Aug 26 18:33:51.264016: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 18:33:51.264019: | Message ID: 1167599871 (0x459828ff) Aug 26 18:33:51.264022: | length: 108 (0x6c) Aug 26 18:33:51.264026: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_INFO (5) Aug 26 18:33:51.264030: | peer and cookies match on #7; msgid=00000000 st_msgid=5426ec6b st_msgid_phase15=00000000 Aug 26 18:33:51.264033: | peer and cookies match on #6; msgid=00000000 st_msgid=4e17d482 st_msgid_phase15=00000000 Aug 26 18:33:51.264036: | peer and cookies match on #5; msgid=00000000 st_msgid=78d83418 st_msgid_phase15=00000000 Aug 26 18:33:51.264040: | peer and cookies match on #4; msgid=00000000 st_msgid=b63903a6 st_msgid_phase15=00000000 Aug 26 18:33:51.264043: | peer and cookies match on #1; msgid=00000000 st_msgid=00000000 st_msgid_phase15=00000000 Aug 26 18:33:51.264045: | p15 state object #1 found, in STATE_MAIN_I4 Aug 26 18:33:51.264049: | State DB: found IKEv1 state #1 in MAIN_I4 (find_v1_info_state) Aug 26 18:33:51.264054: | start processing: state #1 connection "north-dpd/0x2" from 192.1.2.23 (in process_v1_packet() at ikev1.c:1479) Aug 26 18:33:51.264064: | #1 is idle Aug 26 18:33:51.264067: | #1 idle Aug 26 18:33:51.264071: | received encrypted packet from 192.1.2.23:500 Aug 26 18:33:51.264080: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x100 opt: 0x0 Aug 26 18:33:51.264083: | ***parse ISAKMP Hash Payload: Aug 26 18:33:51.264086: | next payload type: ISAKMP_NEXT_N (0xb) Aug 26 18:33:51.264088: | length: 36 (0x24) Aug 26 18:33:51.264091: | got payload 0x800 (ISAKMP_NEXT_N) needed: 0x0 opt: 0x0 Aug 26 18:33:51.264094: | ***parse ISAKMP Notification Payload: Aug 26 18:33:51.264097: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:33:51.264099: | length: 32 (0x20) Aug 26 18:33:51.264104: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 18:33:51.264107: | protocol ID: 1 (0x1) Aug 26 18:33:51.264110: | SPI size: 16 (0x10) Aug 26 18:33:51.264112: | Notify Message Type: R_U_THERE_ACK (0x8d29) Aug 26 18:33:51.264115: | removing 12 bytes of padding Aug 26 18:33:51.264132: | informational HASH(1): Aug 26 18:33:51.264136: | 20 8d 48 b0 7a e1 9a 0c 15 65 7b b5 8e 40 6b 6f Aug 26 18:33:51.264139: | a1 57 02 8a 99 07 43 19 f4 aa 07 a2 c4 81 5d 1f Aug 26 18:33:51.264141: | received 'informational' message HASH(1) data ok Aug 26 18:33:51.264144: | info: b4 b9 92 b1 8c d6 51 ed 11 de db 08 7f 65 6e 7d Aug 26 18:33:51.264146: | info: 00 00 66 cd Aug 26 18:33:51.264150: | processing informational R_U_THERE_ACK (36137) Aug 26 18:33:51.264153: | pstats ikev1_recv_notifies_e 36137 Aug 26 18:33:51.264156: | DPD: R_U_THERE_ACK, seqno received: 26317 expected: 26317 (state=#1) Aug 26 18:33:51.264160: | state #1 requesting EVENT_DPD_TIMEOUT-pe@0x55a94fbd3e68 be deleted Aug 26 18:33:51.264162: | libevent_free: release ptr-libevent@0x55a94fbe82b8 Aug 26 18:33:51.264165: | free_event_entry: release EVENT_DPD_TIMEOUT-pe@0x55a94fbd3e68 Aug 26 18:33:51.264167: | complete v1 state transition with STF_IGNORE Aug 26 18:33:51.264170: | #1 spent 0.0198 milliseconds in process_packet_tail() Aug 26 18:33:51.264174: | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) Aug 26 18:33:51.264177: | stop processing: state #1 connection "north-dpd/0x2" from 192.1.2.23 (in process_md() at demux.c:382) Aug 26 18:33:51.264179: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 18:33:51.264182: | spent 0.21 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:33:54.111342: | processing global timer EVENT_PENDING_DDNS Aug 26 18:33:54.111406: | FOR_EACH_CONNECTION_... in connection_check_ddns Aug 26 18:33:54.111424: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Aug 26 18:33:54.111445: | elapsed time in connection_check_ddns for hostname lookup 0.000034 Aug 26 18:33:54.111472: | spent 0.0581 milliseconds in global timer EVENT_PENDING_DDNS Aug 26 18:33:54.112589: | processing global timer EVENT_SHUNT_SCAN Aug 26 18:33:54.112629: | expiring aged bare shunts from shunt table Aug 26 18:33:54.112647: | spent 0.0147 milliseconds in global timer EVENT_SHUNT_SCAN Aug 26 18:33:54.264831: | timer_event_cb: processing event@0x55a94fbd3b08 Aug 26 18:33:54.264849: | handling event EVENT_DPD for child state #7 Aug 26 18:33:54.264857: | start processing: state #7 connection "north-dpd/0x2" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 18:33:54.264864: | [RE]START processing: state #7 connection "north-dpd/0x2" from 192.1.2.23 (in dpd_event() at ikev1_dpd.c:360) Aug 26 18:33:54.264867: | FOR_EACH_STATE_... in find_phase1_state Aug 26 18:33:54.264872: | DPD: processing for state #7 ("north-dpd/0x2") Aug 26 18:33:54.264877: | get_sa_info esp.f24d08cd@192.1.3.33 Aug 26 18:33:54.264894: | event_schedule: new EVENT_DPD-pe@0x55a94fbd3e68 Aug 26 18:33:54.264899: | inserting event EVENT_DPD, timeout in 3 seconds for #7 Aug 26 18:33:54.264903: | libevent_malloc: new ptr-libevent@0x55a94fbe9c08 size 128 Aug 26 18:33:54.264908: | DPD: scheduling timeout to 10 Aug 26 18:33:54.264911: | event_schedule: new EVENT_DPD_TIMEOUT-pe@0x7f548c002b78 Aug 26 18:33:54.264915: | inserting event EVENT_DPD_TIMEOUT, timeout in 10 seconds for #1 Aug 26 18:33:54.264918: | libevent_malloc: new ptr-libevent@0x55a94fbe4a78 size 128 Aug 26 18:33:54.264922: | DPD: sending R_U_THERE 26318 to 192.1.2.23:500 (state #1) Aug 26 18:33:54.264942: | **emit ISAKMP Message: Aug 26 18:33:54.264946: | initiator cookie: Aug 26 18:33:54.264949: | b4 b9 92 b1 8c d6 51 ed Aug 26 18:33:54.264952: | responder cookie: Aug 26 18:33:54.264954: | 11 de db 08 7f 65 6e 7d Aug 26 18:33:54.264957: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:33:54.264960: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 18:33:54.264964: | exchange type: ISAKMP_XCHG_INFO (0x5) Aug 26 18:33:54.264970: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 18:33:54.264973: | Message ID: 4148508176 (0xf7453610) Aug 26 18:33:54.264976: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:33:54.264980: | ***emit ISAKMP Hash Payload: Aug 26 18:33:54.264983: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:33:54.264986: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Aug 26 18:33:54.264989: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'ISAKMP notify' Aug 26 18:33:54.264993: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Aug 26 18:33:54.264996: | emitting length of ISAKMP Hash Payload: 36 Aug 26 18:33:54.264999: | ***emit ISAKMP Notification Payload: Aug 26 18:33:54.265001: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:33:54.265004: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 18:33:54.265007: | protocol ID: 1 (0x1) Aug 26 18:33:54.265009: | SPI size: 16 (0x10) Aug 26 18:33:54.265013: | Notify Message Type: R_U_THERE (0x8d28) Aug 26 18:33:54.265016: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Notification Payload (11:ISAKMP_NEXT_N) Aug 26 18:33:54.265019: | next payload chain: saving location 'ISAKMP Notification Payload'.'next payload type' in 'ISAKMP notify' Aug 26 18:33:54.265023: | emitting 8 raw bytes of notify icookie into ISAKMP Notification Payload Aug 26 18:33:54.265026: | notify icookie b4 b9 92 b1 8c d6 51 ed Aug 26 18:33:54.265029: | emitting 8 raw bytes of notify rcookie into ISAKMP Notification Payload Aug 26 18:33:54.265031: | notify rcookie 11 de db 08 7f 65 6e 7d Aug 26 18:33:54.265034: | emitting 4 raw bytes of notify data into ISAKMP Notification Payload Aug 26 18:33:54.265036: | notify data 00 00 66 ce Aug 26 18:33:54.265039: | emitting length of ISAKMP Notification Payload: 32 Aug 26 18:33:54.265072: | notification HASH(1): Aug 26 18:33:54.265076: | 32 bf db af ce 7d eb f6 fd 12 13 62 04 53 69 80 Aug 26 18:33:54.265079: | aa 4d 84 5d 4a 32 5d 26 48 13 66 e9 a4 44 16 c7 Aug 26 18:33:54.265089: | emitting 12 zero bytes of encryption padding into ISAKMP Message Aug 26 18:33:54.265092: | no IKEv1 message padding required Aug 26 18:33:54.265095: | emitting length of ISAKMP Message: 108 Aug 26 18:33:54.265111: | sending 108 bytes for ISAKMP notify through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Aug 26 18:33:54.265114: | b4 b9 92 b1 8c d6 51 ed 11 de db 08 7f 65 6e 7d Aug 26 18:33:54.265117: | 08 10 05 01 f7 45 36 10 00 00 00 6c 36 27 37 86 Aug 26 18:33:54.265119: | 2f 43 a3 f9 bb ac 44 8f 62 ae 47 88 9d fb 03 1d Aug 26 18:33:54.265122: | 89 58 88 bc 31 1b 1b 1b 3f d1 1e dd 92 90 7b f5 Aug 26 18:33:54.265125: | ee 0b 5e aa bf 76 72 36 27 aa 9a e8 dc 7c cd 13 Aug 26 18:33:54.265127: | 6c 1f 39 44 80 e4 e4 0c d7 e7 34 0c e3 81 58 fe Aug 26 18:33:54.265130: | e8 22 87 e3 3f 06 9f d9 1e 22 e3 7a Aug 26 18:33:54.265183: | libevent_free: release ptr-libevent@0x7f548c0027d8 Aug 26 18:33:54.265189: | free_event_entry: release EVENT_DPD-pe@0x55a94fbd3b08 Aug 26 18:33:54.265198: | #7 spent 0.337 milliseconds in timer_event_cb() EVENT_DPD Aug 26 18:33:54.265203: | stop processing: state #7 connection "north-dpd/0x2" from 192.1.2.23 (in timer_event_cb() at timer.c:557) Aug 26 18:33:54.265552: | spent 0.00218 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:33:54.265570: | *received 108 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 18:33:54.265574: | b4 b9 92 b1 8c d6 51 ed 11 de db 08 7f 65 6e 7d Aug 26 18:33:54.265577: | 08 10 05 01 ff da ac d6 00 00 00 6c b7 c1 b7 62 Aug 26 18:33:54.265580: | d8 26 b2 4e 2e 26 dc 0c 19 15 8c 02 47 e5 2d 9d Aug 26 18:33:54.265582: | 69 d2 cc b9 70 fb 49 d5 eb 1f 2a 37 06 71 e7 2d Aug 26 18:33:54.265585: | 11 4a 66 08 bb 92 d0 6c 80 bd 1b 67 d3 65 8e bb Aug 26 18:33:54.265587: | 57 8a c5 3b c7 04 35 e0 fb 94 95 23 61 b4 a8 b8 Aug 26 18:33:54.265592: | 0e 64 c1 33 19 69 36 25 c5 39 65 3b Aug 26 18:33:54.265596: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 18:33:54.265600: | **parse ISAKMP Message: Aug 26 18:33:54.265603: | initiator cookie: Aug 26 18:33:54.265605: | b4 b9 92 b1 8c d6 51 ed Aug 26 18:33:54.265608: | responder cookie: Aug 26 18:33:54.265610: | 11 de db 08 7f 65 6e 7d Aug 26 18:33:54.265613: | next payload type: ISAKMP_NEXT_HASH (0x8) Aug 26 18:33:54.265616: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 18:33:54.265618: | exchange type: ISAKMP_XCHG_INFO (0x5) Aug 26 18:33:54.265621: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 18:33:54.265624: | Message ID: 4292521174 (0xffdaacd6) Aug 26 18:33:54.265627: | length: 108 (0x6c) Aug 26 18:33:54.265630: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_INFO (5) Aug 26 18:33:54.265634: | peer and cookies match on #7; msgid=00000000 st_msgid=5426ec6b st_msgid_phase15=00000000 Aug 26 18:33:54.265637: | peer and cookies match on #6; msgid=00000000 st_msgid=4e17d482 st_msgid_phase15=00000000 Aug 26 18:33:54.265640: | peer and cookies match on #5; msgid=00000000 st_msgid=78d83418 st_msgid_phase15=00000000 Aug 26 18:33:54.265644: | peer and cookies match on #4; msgid=00000000 st_msgid=b63903a6 st_msgid_phase15=00000000 Aug 26 18:33:54.265649: | peer and cookies match on #1; msgid=00000000 st_msgid=00000000 st_msgid_phase15=00000000 Aug 26 18:33:54.265652: | p15 state object #1 found, in STATE_MAIN_I4 Aug 26 18:33:54.265655: | State DB: found IKEv1 state #1 in MAIN_I4 (find_v1_info_state) Aug 26 18:33:54.265660: | start processing: state #1 connection "north-dpd/0x2" from 192.1.2.23 (in process_v1_packet() at ikev1.c:1479) Aug 26 18:33:54.265671: | #1 is idle Aug 26 18:33:54.265674: | #1 idle Aug 26 18:33:54.265678: | received encrypted packet from 192.1.2.23:500 Aug 26 18:33:54.265687: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x100 opt: 0x0 Aug 26 18:33:54.265690: | ***parse ISAKMP Hash Payload: Aug 26 18:33:54.265693: | next payload type: ISAKMP_NEXT_N (0xb) Aug 26 18:33:54.265696: | length: 36 (0x24) Aug 26 18:33:54.265699: | got payload 0x800 (ISAKMP_NEXT_N) needed: 0x0 opt: 0x0 Aug 26 18:33:54.265701: | ***parse ISAKMP Notification Payload: Aug 26 18:33:54.265704: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:33:54.265707: | length: 32 (0x20) Aug 26 18:33:54.265709: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 18:33:54.265712: | protocol ID: 1 (0x1) Aug 26 18:33:54.265714: | SPI size: 16 (0x10) Aug 26 18:33:54.265717: | Notify Message Type: R_U_THERE_ACK (0x8d29) Aug 26 18:33:54.265720: | removing 12 bytes of padding Aug 26 18:33:54.265759: | informational HASH(1): Aug 26 18:33:54.265762: | d1 1b fc b6 af 10 a6 0a 3f c4 ce 66 b6 19 25 25 Aug 26 18:33:54.265765: | e1 92 85 b3 74 8f 47 af 25 1a a8 01 4f cc 86 38 Aug 26 18:33:54.265768: | received 'informational' message HASH(1) data ok Aug 26 18:33:54.265771: | info: b4 b9 92 b1 8c d6 51 ed 11 de db 08 7f 65 6e 7d Aug 26 18:33:54.265773: | info: 00 00 66 ce Aug 26 18:33:54.265777: | processing informational R_U_THERE_ACK (36137) Aug 26 18:33:54.265780: | pstats ikev1_recv_notifies_e 36137 Aug 26 18:33:54.265783: | DPD: R_U_THERE_ACK, seqno received: 26318 expected: 26318 (state=#1) Aug 26 18:33:54.265787: | state #1 requesting EVENT_DPD_TIMEOUT-pe@0x7f548c002b78 be deleted Aug 26 18:33:54.265790: | libevent_free: release ptr-libevent@0x55a94fbe4a78 Aug 26 18:33:54.265794: | free_event_entry: release EVENT_DPD_TIMEOUT-pe@0x7f548c002b78 Aug 26 18:33:54.265797: | complete v1 state transition with STF_IGNORE Aug 26 18:33:54.265806: | #1 spent 0.0279 milliseconds in process_packet_tail() Aug 26 18:33:54.265812: | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) Aug 26 18:33:54.265817: | stop processing: state #1 connection "north-dpd/0x2" from 192.1.2.23 (in process_md() at demux.c:382) Aug 26 18:33:54.265823: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 18:33:54.265828: | spent 0.264 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:33:54.318781: | spent 0.00277 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:33:54.318800: | NAT-T keep-alive (bogus ?) should not reach this point. Ignored. Sender: 192.1.2.23:500 Aug 26 18:33:54.318804: | spent 0.0102 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:33:54.318812: | spent 0.0011 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:33:54.318817: | NAT-T keep-alive (bogus ?) should not reach this point. Ignored. Sender: 192.1.2.23:500 Aug 26 18:33:54.318820: | spent 0.00477 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:33:55.438560: | spent 0.00329 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:33:55.438587: | *received 460 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 18:33:55.438592: | b4 b9 92 b1 8c d6 51 ed 11 de db 08 7f 65 6e 7d Aug 26 18:33:55.438596: | 08 10 20 01 b6 39 03 a6 00 00 01 cc fc c3 8f 1b Aug 26 18:33:55.438598: | 2e 15 81 44 14 2d 3a a1 34 d3 55 d4 b3 cd bb 21 Aug 26 18:33:55.438601: | 77 8b 76 93 ac f0 77 b2 bd 6a 25 8f 46 9a a0 50 Aug 26 18:33:55.438603: | 3e 1e 1b 7d 0e 13 69 9d e7 06 23 f1 63 9a 34 d3 Aug 26 18:33:55.438606: | f3 13 e8 34 81 4d 13 76 5b c9 91 75 f9 cf 31 4c Aug 26 18:33:55.438608: | 5a 69 ae 18 d9 25 88 dc 66 0c 28 cb 61 df 2c db Aug 26 18:33:55.438611: | 1c 20 6e f4 95 dc 7f 89 f9 35 6d f5 14 e4 ff 04 Aug 26 18:33:55.438613: | 3b 21 45 db 20 7c a5 0e 3c 24 b9 0e 04 21 ec 45 Aug 26 18:33:55.438616: | 9a 50 40 b1 51 4d bd ba 4f 88 9c de 30 dd 3e 38 Aug 26 18:33:55.438619: | 94 b8 7c ed 96 9d 2f 7a f5 14 7f 86 f4 26 4a cb Aug 26 18:33:55.438621: | 67 2e ef 16 8f 69 4d 87 aa f6 9c 0d ce b6 6b d7 Aug 26 18:33:55.438624: | db 20 18 96 8d fa e3 e5 49 8a 33 cd 28 52 f2 03 Aug 26 18:33:55.438626: | 0e 6c ef 26 4f ea 28 40 4b a3 2e 99 03 d5 ae b7 Aug 26 18:33:55.438629: | 51 91 17 1b db 22 49 6b cf ba f6 64 c1 8a 82 2e Aug 26 18:33:55.438632: | 13 3a e7 31 5b 22 89 02 1e 40 c6 ee 29 31 0d 29 Aug 26 18:33:55.438634: | b8 8d c9 5f 14 f9 be b3 68 51 4a 1a b3 e6 04 ed Aug 26 18:33:55.438637: | 76 15 c9 cb 54 b2 2b 9b 0e a8 e3 ac 96 e7 d7 3f Aug 26 18:33:55.438639: | ad a4 50 1a 1d f6 2d 5a dd ad 4f b3 83 9f 77 23 Aug 26 18:33:55.438642: | 62 63 a2 ad a4 7e cc da 14 d6 f4 82 d5 7d 2b fe Aug 26 18:33:55.438645: | 97 60 97 f3 ab 50 ed ea 65 ca 45 b8 79 ec dc e1 Aug 26 18:33:55.438647: | dd 1a a6 e4 90 71 e8 7a 54 15 08 9f 3d a4 d2 a9 Aug 26 18:33:55.438650: | bc a5 a3 57 30 87 93 20 ed 57 f5 fb 02 f4 b3 34 Aug 26 18:33:55.438653: | 4b d9 c1 01 ab 2f c4 26 a1 5b b5 e8 9b ec cd 37 Aug 26 18:33:55.438655: | 08 44 7e 37 e7 7c 5f 2e 6f 49 74 78 19 65 72 d8 Aug 26 18:33:55.438658: | b9 fb 70 c9 55 e0 e6 84 24 3f 42 38 3b 6d d8 9c Aug 26 18:33:55.438661: | d3 b0 45 10 71 0d 79 75 0c f7 d4 c7 2c ea 36 29 Aug 26 18:33:55.438663: | 90 e6 91 37 a0 61 2c ab 2c d7 66 93 d2 cd e4 c9 Aug 26 18:33:55.438666: | 58 24 3e 35 3a 25 64 15 eb 8e 6b c9 Aug 26 18:33:55.438671: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 18:33:55.438676: | **parse ISAKMP Message: Aug 26 18:33:55.438679: | initiator cookie: Aug 26 18:33:55.438682: | b4 b9 92 b1 8c d6 51 ed Aug 26 18:33:55.438684: | responder cookie: Aug 26 18:33:55.438687: | 11 de db 08 7f 65 6e 7d Aug 26 18:33:55.438690: | next payload type: ISAKMP_NEXT_HASH (0x8) Aug 26 18:33:55.438693: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 18:33:55.438696: | exchange type: ISAKMP_XCHG_QUICK (0x20) Aug 26 18:33:55.438699: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 18:33:55.438702: | Message ID: 3057189798 (0xb63903a6) Aug 26 18:33:55.438705: | length: 460 (0x1cc) Aug 26 18:33:55.438708: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32) Aug 26 18:33:55.438717: | State DB: found IKEv1 state #4 in QUICK_I1 (find_state_ikev1) Aug 26 18:33:55.438723: | start processing: state #4 connection "north-dpd/0x2" from 192.1.2.23 (in process_v1_packet() at ikev1.c:1633) Aug 26 18:33:55.438727: | #4 is idle Aug 26 18:33:55.438729: | #4 idle Aug 26 18:33:55.438734: | "north-dpd/0x2" #4: discarding duplicate packet; already STATE_QUICK_I1; replied=F retransmit_on_duplicate=F Aug 26 18:33:55.438738: | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) Aug 26 18:33:55.438744: | stop processing: state #4 connection "north-dpd/0x2" from 192.1.2.23 (in process_md() at demux.c:382) Aug 26 18:33:55.438747: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 18:33:55.438752: | spent 0.175 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:33:55.438762: | spent 0.00167 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:33:55.438772: | *received 460 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 18:33:55.438775: | b4 b9 92 b1 8c d6 51 ed 11 de db 08 7f 65 6e 7d Aug 26 18:33:55.438778: | 08 10 20 01 78 d8 34 18 00 00 01 cc a3 5a 90 15 Aug 26 18:33:55.438781: | 6a 26 b4 ac cb 38 13 42 12 da f7 37 61 8e e3 26 Aug 26 18:33:55.438783: | 4a e8 57 8f 42 3a d5 17 74 ac 6e 21 3b b9 55 84 Aug 26 18:33:55.438786: | 27 a7 db 5a 64 ee 2e 76 45 a9 96 69 51 ee 23 d3 Aug 26 18:33:55.438789: | fb 42 f2 81 c1 1a 31 87 f3 09 d3 de 29 2d e6 d2 Aug 26 18:33:55.438791: | c3 d6 d0 dd 21 ee 37 fd 0c 70 14 f5 57 fb 00 c3 Aug 26 18:33:55.438794: | 5e 2d 67 50 8e f6 28 ab 21 06 7a 98 23 cf a3 ee Aug 26 18:33:55.438796: | b2 91 d4 75 79 26 18 9c f0 4a c9 cf 96 58 e9 f5 Aug 26 18:33:55.438799: | 8a ff f8 f2 1e 3d e2 fb a2 34 32 07 be 6c 55 8e Aug 26 18:33:55.438801: | 08 6b f5 67 87 b2 52 71 93 e0 5e d3 c5 f6 27 82 Aug 26 18:33:55.438804: | 93 68 00 73 1b ee 67 f4 fb 12 01 4e 7e cb ee cf Aug 26 18:33:55.438807: | 55 3a 59 b0 af f0 e6 bb b8 b9 aa 41 f7 d4 d6 0e Aug 26 18:33:55.438809: | 88 86 3d a4 0a e7 10 cb ca 22 42 8e f3 e6 34 73 Aug 26 18:33:55.438812: | 3a c3 ec 81 d7 5b 97 b3 51 72 e7 84 84 6b 13 71 Aug 26 18:33:55.438815: | e7 a9 cf 23 a4 b2 73 67 0c dd d2 e4 87 cb cc bb Aug 26 18:33:55.438817: | ee d2 0a b4 d0 bf 3f 90 d5 1f 6f 22 d5 ed 3f ba Aug 26 18:33:55.438820: | bb cc 43 3b a8 99 b0 d7 b3 26 42 16 5d 94 ce d1 Aug 26 18:33:55.438822: | 7f 14 6d 8e 69 f5 2e 61 15 48 c2 27 84 f4 76 36 Aug 26 18:33:55.438825: | 52 a3 33 f6 d4 b0 a8 c7 44 8c 35 3c fd 97 8d ae Aug 26 18:33:55.438827: | fb 23 22 81 01 f9 da a5 fd 90 55 b6 a5 4f f2 e2 Aug 26 18:33:55.438830: | 5a 4e 8e da 34 4b 6c 7a 29 61 52 80 be 0e 03 f4 Aug 26 18:33:55.438833: | 1d 66 33 38 4b a9 97 05 54 6c e8 67 04 aa a7 f6 Aug 26 18:33:55.438835: | f1 d3 c9 de cd 63 54 49 82 02 d1 38 f8 3a c6 75 Aug 26 18:33:55.438837: | 02 eb 7d d8 02 c7 8a d9 1a 18 16 83 c9 60 67 9e Aug 26 18:33:55.438840: | cd 43 df 34 68 6e a4 90 42 f1 01 9a ae 5a fa a1 Aug 26 18:33:55.438842: | 29 7b 39 4f 9c a1 6c 5f a4 93 09 fe e7 07 87 01 Aug 26 18:33:55.438844: | e6 65 0a ad 2f c4 70 c3 12 7a b9 e9 27 b1 c2 e3 Aug 26 18:33:55.438847: | 8a 4e 4a 7b e9 7b 0a 0d 98 0a f4 81 Aug 26 18:33:55.438852: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 18:33:55.438855: | **parse ISAKMP Message: Aug 26 18:33:55.438858: | initiator cookie: Aug 26 18:33:55.438860: | b4 b9 92 b1 8c d6 51 ed Aug 26 18:33:55.438863: | responder cookie: Aug 26 18:33:55.438865: | 11 de db 08 7f 65 6e 7d Aug 26 18:33:55.438868: | next payload type: ISAKMP_NEXT_HASH (0x8) Aug 26 18:33:55.438871: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 18:33:55.438874: | exchange type: ISAKMP_XCHG_QUICK (0x20) Aug 26 18:33:55.438877: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 18:33:55.438880: | Message ID: 2027435032 (0x78d83418) Aug 26 18:33:55.438885: | length: 460 (0x1cc) Aug 26 18:33:55.438888: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32) Aug 26 18:33:55.438892: | State DB: found IKEv1 state #5 in QUICK_I1 (find_state_ikev1) Aug 26 18:33:55.438897: | start processing: state #5 connection "north-dpd/0x1" from 192.1.2.23 (in process_v1_packet() at ikev1.c:1633) Aug 26 18:33:55.438899: | #5 is idle Aug 26 18:33:55.438902: | #5 idle Aug 26 18:33:55.438906: | "north-dpd/0x1" #5: discarding duplicate packet; already STATE_QUICK_I1; replied=F retransmit_on_duplicate=F Aug 26 18:33:55.438910: | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) Aug 26 18:33:55.438916: | stop processing: state #5 connection "north-dpd/0x1" from 192.1.2.23 (in process_md() at demux.c:382) Aug 26 18:33:55.438919: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 18:33:55.438925: | spent 0.157 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:33:57.267311: | timer_event_cb: processing event@0x55a94fbd3e68 Aug 26 18:33:57.267322: | handling event EVENT_DPD for child state #7 Aug 26 18:33:57.267327: | start processing: state #7 connection "north-dpd/0x2" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 18:33:57.267331: | [RE]START processing: state #7 connection "north-dpd/0x2" from 192.1.2.23 (in dpd_event() at ikev1_dpd.c:360) Aug 26 18:33:57.267333: | FOR_EACH_STATE_... in find_phase1_state Aug 26 18:33:57.267337: | DPD: processing for state #7 ("north-dpd/0x2") Aug 26 18:33:57.267341: | get_sa_info esp.f24d08cd@192.1.3.33 Aug 26 18:33:57.267357: | event_schedule: new EVENT_DPD-pe@0x7f548c002b78 Aug 26 18:33:57.267360: | inserting event EVENT_DPD, timeout in 3 seconds for #7 Aug 26 18:33:57.267362: | libevent_malloc: new ptr-libevent@0x55a94fbd7978 size 128 Aug 26 18:33:57.267364: | DPD: scheduling timeout to 10 Aug 26 18:33:57.267366: | event_schedule: new EVENT_DPD_TIMEOUT-pe@0x55a94fbd3b08 Aug 26 18:33:57.267368: | inserting event EVENT_DPD_TIMEOUT, timeout in 10 seconds for #1 Aug 26 18:33:57.267370: | libevent_malloc: new ptr-libevent@0x55a94fbe9cb8 size 128 Aug 26 18:33:57.267372: | DPD: sending R_U_THERE 26319 to 192.1.2.23:500 (state #1) Aug 26 18:33:57.267381: | **emit ISAKMP Message: Aug 26 18:33:57.267383: | initiator cookie: Aug 26 18:33:57.267385: | b4 b9 92 b1 8c d6 51 ed Aug 26 18:33:57.267386: | responder cookie: Aug 26 18:33:57.267388: | 11 de db 08 7f 65 6e 7d Aug 26 18:33:57.267390: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:33:57.267391: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 18:33:57.267393: | exchange type: ISAKMP_XCHG_INFO (0x5) Aug 26 18:33:57.267395: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 18:33:57.267397: | Message ID: 3655115587 (0xd9dca343) Aug 26 18:33:57.267399: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:33:57.267401: | ***emit ISAKMP Hash Payload: Aug 26 18:33:57.267402: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:33:57.267404: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Aug 26 18:33:57.267406: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'ISAKMP notify' Aug 26 18:33:57.267409: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Aug 26 18:33:57.267410: | emitting length of ISAKMP Hash Payload: 36 Aug 26 18:33:57.267412: | ***emit ISAKMP Notification Payload: Aug 26 18:33:57.267414: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:33:57.267415: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 18:33:57.267417: | protocol ID: 1 (0x1) Aug 26 18:33:57.267419: | SPI size: 16 (0x10) Aug 26 18:33:57.267420: | Notify Message Type: R_U_THERE (0x8d28) Aug 26 18:33:57.267422: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Notification Payload (11:ISAKMP_NEXT_N) Aug 26 18:33:57.267424: | next payload chain: saving location 'ISAKMP Notification Payload'.'next payload type' in 'ISAKMP notify' Aug 26 18:33:57.267428: | emitting 8 raw bytes of notify icookie into ISAKMP Notification Payload Aug 26 18:33:57.267430: | notify icookie b4 b9 92 b1 8c d6 51 ed Aug 26 18:33:57.267432: | emitting 8 raw bytes of notify rcookie into ISAKMP Notification Payload Aug 26 18:33:57.267434: | notify rcookie 11 de db 08 7f 65 6e 7d Aug 26 18:33:57.267435: | emitting 4 raw bytes of notify data into ISAKMP Notification Payload Aug 26 18:33:57.267437: | notify data 00 00 66 cf Aug 26 18:33:57.267439: | emitting length of ISAKMP Notification Payload: 32 Aug 26 18:33:57.267462: | notification HASH(1): Aug 26 18:33:57.267466: | dd 9c 42 4f 95 05 2b d0 00 3d 84 49 3a 2d f1 8a Aug 26 18:33:57.267467: | 93 4c 66 30 d5 87 98 f2 46 1b f0 f2 ca d8 27 3d Aug 26 18:33:57.267474: | emitting 12 zero bytes of encryption padding into ISAKMP Message Aug 26 18:33:57.267476: | no IKEv1 message padding required Aug 26 18:33:57.267478: | emitting length of ISAKMP Message: 108 Aug 26 18:33:57.267487: | sending 108 bytes for ISAKMP notify through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Aug 26 18:33:57.267489: | b4 b9 92 b1 8c d6 51 ed 11 de db 08 7f 65 6e 7d Aug 26 18:33:57.267491: | 08 10 05 01 d9 dc a3 43 00 00 00 6c 25 85 e3 0f Aug 26 18:33:57.267492: | f2 09 15 8a db 66 b8 c0 6d 1e 67 1e 23 02 6e 86 Aug 26 18:33:57.267494: | 5c 2f a8 f7 f8 b0 26 17 9c 87 c4 7a 0a 50 10 68 Aug 26 18:33:57.267495: | a1 8d 58 92 22 ab 67 64 21 d2 c6 d7 6e 15 c6 d3 Aug 26 18:33:57.267497: | 6e ad 87 8b f2 69 52 6f 0c 8f a0 a0 0d 88 45 cf Aug 26 18:33:57.267498: | dc b0 4a e3 df 3e 51 06 db 02 e1 a8 Aug 26 18:33:57.267534: | libevent_free: release ptr-libevent@0x55a94fbe9c08 Aug 26 18:33:57.267538: | free_event_entry: release EVENT_DPD-pe@0x55a94fbd3e68 Aug 26 18:33:57.267543: | #7 spent 0.212 milliseconds in timer_event_cb() EVENT_DPD Aug 26 18:33:57.267546: | stop processing: state #7 connection "north-dpd/0x2" from 192.1.2.23 (in timer_event_cb() at timer.c:557) Aug 26 18:33:57.267912: | spent 0.00217 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:33:57.267926: | *received 108 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 18:33:57.267929: | b4 b9 92 b1 8c d6 51 ed 11 de db 08 7f 65 6e 7d Aug 26 18:33:57.267930: | 08 10 05 01 8a 8b bb 66 00 00 00 6c 4b 97 31 e4 Aug 26 18:33:57.267932: | 22 74 e0 8a a6 9b 95 3f 18 5e b0 12 05 cc b1 c5 Aug 26 18:33:57.267934: | 60 27 89 aa 81 20 c9 ba 00 ae da 0f e2 b0 10 36 Aug 26 18:33:57.267935: | 75 6c 09 4d 52 bc d2 fd 96 7e 07 92 0e ff 5b 21 Aug 26 18:33:57.267937: | fa 00 54 35 4f e8 2c 2b 34 93 f7 f9 98 ab a4 99 Aug 26 18:33:57.267938: | f5 c4 79 10 3f 60 b8 fa 57 32 a0 33 Aug 26 18:33:57.267941: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 18:33:57.267944: | **parse ISAKMP Message: Aug 26 18:33:57.267945: | initiator cookie: Aug 26 18:33:57.267947: | b4 b9 92 b1 8c d6 51 ed Aug 26 18:33:57.267949: | responder cookie: Aug 26 18:33:57.267950: | 11 de db 08 7f 65 6e 7d Aug 26 18:33:57.267952: | next payload type: ISAKMP_NEXT_HASH (0x8) Aug 26 18:33:57.267954: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 18:33:57.267956: | exchange type: ISAKMP_XCHG_INFO (0x5) Aug 26 18:33:57.267957: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 18:33:57.267959: | Message ID: 2324413286 (0x8a8bbb66) Aug 26 18:33:57.267961: | length: 108 (0x6c) Aug 26 18:33:57.267963: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_INFO (5) Aug 26 18:33:57.267966: | peer and cookies match on #7; msgid=00000000 st_msgid=5426ec6b st_msgid_phase15=00000000 Aug 26 18:33:57.267968: | peer and cookies match on #6; msgid=00000000 st_msgid=4e17d482 st_msgid_phase15=00000000 Aug 26 18:33:57.267970: | peer and cookies match on #5; msgid=00000000 st_msgid=78d83418 st_msgid_phase15=00000000 Aug 26 18:33:57.267972: | peer and cookies match on #4; msgid=00000000 st_msgid=b63903a6 st_msgid_phase15=00000000 Aug 26 18:33:57.267976: | peer and cookies match on #1; msgid=00000000 st_msgid=00000000 st_msgid_phase15=00000000 Aug 26 18:33:57.267978: | p15 state object #1 found, in STATE_MAIN_I4 Aug 26 18:33:57.267980: | State DB: found IKEv1 state #1 in MAIN_I4 (find_v1_info_state) Aug 26 18:33:57.267983: | start processing: state #1 connection "north-dpd/0x2" from 192.1.2.23 (in process_v1_packet() at ikev1.c:1479) Aug 26 18:33:57.267992: | #1 is idle Aug 26 18:33:57.267993: | #1 idle Aug 26 18:33:57.267996: | received encrypted packet from 192.1.2.23:500 Aug 26 18:33:57.268002: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x100 opt: 0x0 Aug 26 18:33:57.268004: | ***parse ISAKMP Hash Payload: Aug 26 18:33:57.268006: | next payload type: ISAKMP_NEXT_N (0xb) Aug 26 18:33:57.268008: | length: 36 (0x24) Aug 26 18:33:57.268010: | got payload 0x800 (ISAKMP_NEXT_N) needed: 0x0 opt: 0x0 Aug 26 18:33:57.268012: | ***parse ISAKMP Notification Payload: Aug 26 18:33:57.268013: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:33:57.268015: | length: 32 (0x20) Aug 26 18:33:57.268017: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 18:33:57.268018: | protocol ID: 1 (0x1) Aug 26 18:33:57.268020: | SPI size: 16 (0x10) Aug 26 18:33:57.268022: | Notify Message Type: R_U_THERE_ACK (0x8d29) Aug 26 18:33:57.268023: | removing 12 bytes of padding Aug 26 18:33:57.268036: | informational HASH(1): Aug 26 18:33:57.268038: | 3d 13 1e 13 3b d3 42 5d 37 1f 18 27 be 7c ba ad Aug 26 18:33:57.268040: | e8 5c 8a 82 02 0d 7b d2 8a 1d 38 a9 54 5a 0c cd Aug 26 18:33:57.268041: | received 'informational' message HASH(1) data ok Aug 26 18:33:57.268043: | info: b4 b9 92 b1 8c d6 51 ed 11 de db 08 7f 65 6e 7d Aug 26 18:33:57.268045: | info: 00 00 66 cf Aug 26 18:33:57.268047: | processing informational R_U_THERE_ACK (36137) Aug 26 18:33:57.268049: | pstats ikev1_recv_notifies_e 36137 Aug 26 18:33:57.268051: | DPD: R_U_THERE_ACK, seqno received: 26319 expected: 26319 (state=#1) Aug 26 18:33:57.268054: | state #1 requesting EVENT_DPD_TIMEOUT-pe@0x55a94fbd3b08 be deleted Aug 26 18:33:57.268056: | libevent_free: release ptr-libevent@0x55a94fbe9cb8 Aug 26 18:33:57.268058: | free_event_entry: release EVENT_DPD_TIMEOUT-pe@0x55a94fbd3b08 Aug 26 18:33:57.268060: | complete v1 state transition with STF_IGNORE Aug 26 18:33:57.268064: | #1 spent 0.0156 milliseconds in process_packet_tail() Aug 26 18:33:57.268067: | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) Aug 26 18:33:57.268070: | stop processing: state #1 connection "north-dpd/0x2" from 192.1.2.23 (in process_md() at demux.c:382) Aug 26 18:33:57.268072: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 18:33:57.268075: | spent 0.155 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:33:59.367719: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:33:59.367759: | FOR_EACH_STATE_... in show_traffic_status (sort_states) Aug 26 18:33:59.367764: | FOR_EACH_STATE_... in sort_states Aug 26 18:33:59.367772: | get_sa_info esp.1c276340@192.1.3.33 Aug 26 18:33:59.367806: | get_sa_info esp.e0d54674@192.1.2.23 Aug 26 18:33:59.367829: | get_sa_info esp.f24d08cd@192.1.3.33 Aug 26 18:33:59.367851: | get_sa_info esp.1a434109@192.1.2.23 Aug 26 18:33:59.367871: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:33:59.367879: | spent 0.182 milliseconds in whack Aug 26 18:34:00.178917: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:34:00.179167: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 18:34:00.179174: | FOR_EACH_CONNECTION_... in show_connections_status Aug 26 18:34:00.179319: | FOR_EACH_STATE_... in show_states_status (sort_states) Aug 26 18:34:00.179326: | FOR_EACH_STATE_... in sort_states Aug 26 18:34:00.179339: | get_sa_info esp.1c276340@192.1.3.33 Aug 26 18:34:00.179354: | get_sa_info esp.e0d54674@192.1.2.23 Aug 26 18:34:00.179376: | get_sa_info esp.f24d08cd@192.1.3.33 Aug 26 18:34:00.179383: | get_sa_info esp.1a434109@192.1.2.23 Aug 26 18:34:00.179400: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Aug 26 18:34:00.179409: | spent 0.497 milliseconds in whack Aug 26 18:34:00.268543: | timer_event_cb: processing event@0x7f548c002b78 Aug 26 18:34:00.268556: | handling event EVENT_DPD for child state #7 Aug 26 18:34:00.268562: | start processing: state #7 connection "north-dpd/0x2" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 18:34:00.268566: | [RE]START processing: state #7 connection "north-dpd/0x2" from 192.1.2.23 (in dpd_event() at ikev1_dpd.c:360) Aug 26 18:34:00.268568: | FOR_EACH_STATE_... in find_phase1_state Aug 26 18:34:00.268572: | DPD: processing for state #7 ("north-dpd/0x2") Aug 26 18:34:00.268576: | get_sa_info esp.f24d08cd@192.1.3.33 Aug 26 18:34:00.268592: | event_schedule: new EVENT_DPD-pe@0x55a94fbd3b08 Aug 26 18:34:00.268595: | inserting event EVENT_DPD, timeout in 3 seconds for #7 Aug 26 18:34:00.268597: | libevent_malloc: new ptr-libevent@0x55a94fbe4a78 size 128 Aug 26 18:34:00.268600: | DPD: scheduling timeout to 10 Aug 26 18:34:00.268602: | event_schedule: new EVENT_DPD_TIMEOUT-pe@0x55a94fbd3e68 Aug 26 18:34:00.268604: | inserting event EVENT_DPD_TIMEOUT, timeout in 10 seconds for #1 Aug 26 18:34:00.268606: | libevent_malloc: new ptr-libevent@0x55a94fbe82b8 size 128 Aug 26 18:34:00.268608: | DPD: sending R_U_THERE 26320 to 192.1.2.23:500 (state #1) Aug 26 18:34:00.268619: | **emit ISAKMP Message: Aug 26 18:34:00.268622: | initiator cookie: Aug 26 18:34:00.268623: | b4 b9 92 b1 8c d6 51 ed Aug 26 18:34:00.268625: | responder cookie: Aug 26 18:34:00.268626: | 11 de db 08 7f 65 6e 7d Aug 26 18:34:00.268628: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:34:00.268630: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 18:34:00.268632: | exchange type: ISAKMP_XCHG_INFO (0x5) Aug 26 18:34:00.268634: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 18:34:00.268636: | Message ID: 1889450042 (0x709eb83a) Aug 26 18:34:00.268638: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:34:00.268640: | ***emit ISAKMP Hash Payload: Aug 26 18:34:00.268642: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:34:00.268644: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Aug 26 18:34:00.268646: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'ISAKMP notify' Aug 26 18:34:00.268648: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Aug 26 18:34:00.268650: | emitting length of ISAKMP Hash Payload: 36 Aug 26 18:34:00.268652: | ***emit ISAKMP Notification Payload: Aug 26 18:34:00.268653: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:34:00.268655: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 18:34:00.268657: | protocol ID: 1 (0x1) Aug 26 18:34:00.268658: | SPI size: 16 (0x10) Aug 26 18:34:00.268660: | Notify Message Type: R_U_THERE (0x8d28) Aug 26 18:34:00.268662: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Notification Payload (11:ISAKMP_NEXT_N) Aug 26 18:34:00.268664: | next payload chain: saving location 'ISAKMP Notification Payload'.'next payload type' in 'ISAKMP notify' Aug 26 18:34:00.268666: | emitting 8 raw bytes of notify icookie into ISAKMP Notification Payload Aug 26 18:34:00.268668: | notify icookie b4 b9 92 b1 8c d6 51 ed Aug 26 18:34:00.268670: | emitting 8 raw bytes of notify rcookie into ISAKMP Notification Payload Aug 26 18:34:00.268672: | notify rcookie 11 de db 08 7f 65 6e 7d Aug 26 18:34:00.268673: | emitting 4 raw bytes of notify data into ISAKMP Notification Payload Aug 26 18:34:00.268675: | notify data 00 00 66 d0 Aug 26 18:34:00.268676: | emitting length of ISAKMP Notification Payload: 32 Aug 26 18:34:00.268704: | notification HASH(1): Aug 26 18:34:00.268706: | 5e 84 04 e3 69 eb 77 fb 7b 2c e5 7b 66 3a 6e 82 Aug 26 18:34:00.268711: | b4 db d3 87 fd d2 d4 45 a8 31 e8 ff 4a 17 7d c8 Aug 26 18:34:00.268718: | emitting 12 zero bytes of encryption padding into ISAKMP Message Aug 26 18:34:00.268720: | no IKEv1 message padding required Aug 26 18:34:00.268721: | emitting length of ISAKMP Message: 108 Aug 26 18:34:00.268731: | sending 108 bytes for ISAKMP notify through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Aug 26 18:34:00.268733: | b4 b9 92 b1 8c d6 51 ed 11 de db 08 7f 65 6e 7d Aug 26 18:34:00.268735: | 08 10 05 01 70 9e b8 3a 00 00 00 6c 7f f4 56 86 Aug 26 18:34:00.268736: | fc dc ca 64 24 61 71 1c 47 c5 1a ad 58 6f 37 e5 Aug 26 18:34:00.268738: | 49 96 95 6c a4 73 e4 4d bb 22 59 65 f9 ee 70 ad Aug 26 18:34:00.268739: | a1 1c ce cf b7 67 c7 ed 32 9b b9 b2 e6 b0 c9 9b Aug 26 18:34:00.268741: | 64 dd 3e 22 a1 98 af bf f8 f9 15 6b 2a 97 e0 d3 Aug 26 18:34:00.268742: | f7 e0 67 ce 45 31 8e f5 35 57 7f c2 Aug 26 18:34:00.268787: | libevent_free: release ptr-libevent@0x55a94fbd7978 Aug 26 18:34:00.268805: | free_event_entry: release EVENT_DPD-pe@0x7f548c002b78 Aug 26 18:34:00.268813: | #7 spent 0.244 milliseconds in timer_event_cb() EVENT_DPD Aug 26 18:34:00.268816: | stop processing: state #7 connection "north-dpd/0x2" from 192.1.2.23 (in timer_event_cb() at timer.c:557) Aug 26 18:34:00.269143: | spent 0.00259 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:34:00.269162: | *received 108 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 18:34:00.269166: | b4 b9 92 b1 8c d6 51 ed 11 de db 08 7f 65 6e 7d Aug 26 18:34:00.269169: | 08 10 05 01 21 d2 4c 87 00 00 00 6c 33 cd ec a3 Aug 26 18:34:00.269171: | 4b c0 35 b1 1e c5 0a 82 fa 43 eb e6 3a 37 1f dc Aug 26 18:34:00.269174: | bd dd e6 66 c4 1b d9 21 41 c3 21 cb d6 7e ac 43 Aug 26 18:34:00.269177: | cd eb 8d d0 bb b4 dc 01 3b 2a 62 64 27 72 1c 2b Aug 26 18:34:00.269180: | e5 17 c2 5b 95 2c 77 16 59 ac 00 a4 91 8d 40 d4 Aug 26 18:34:00.269182: | 37 31 8f e2 f4 0d 9c 9a f2 5f 10 fd Aug 26 18:34:00.269187: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 18:34:00.269191: | **parse ISAKMP Message: Aug 26 18:34:00.269194: | initiator cookie: Aug 26 18:34:00.269197: | b4 b9 92 b1 8c d6 51 ed Aug 26 18:34:00.269200: | responder cookie: Aug 26 18:34:00.269202: | 11 de db 08 7f 65 6e 7d Aug 26 18:34:00.269205: | next payload type: ISAKMP_NEXT_HASH (0x8) Aug 26 18:34:00.269209: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 18:34:00.269212: | exchange type: ISAKMP_XCHG_INFO (0x5) Aug 26 18:34:00.269214: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 18:34:00.269217: | Message ID: 567430279 (0x21d24c87) Aug 26 18:34:00.269220: | length: 108 (0x6c) Aug 26 18:34:00.269223: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_INFO (5) Aug 26 18:34:00.269227: | peer and cookies match on #7; msgid=00000000 st_msgid=5426ec6b st_msgid_phase15=00000000 Aug 26 18:34:00.269231: | peer and cookies match on #6; msgid=00000000 st_msgid=4e17d482 st_msgid_phase15=00000000 Aug 26 18:34:00.269234: | peer and cookies match on #5; msgid=00000000 st_msgid=78d83418 st_msgid_phase15=00000000 Aug 26 18:34:00.269237: | peer and cookies match on #4; msgid=00000000 st_msgid=b63903a6 st_msgid_phase15=00000000 Aug 26 18:34:00.269241: | peer and cookies match on #1; msgid=00000000 st_msgid=00000000 st_msgid_phase15=00000000 Aug 26 18:34:00.269244: | p15 state object #1 found, in STATE_MAIN_I4 Aug 26 18:34:00.269248: | State DB: found IKEv1 state #1 in MAIN_I4 (find_v1_info_state) Aug 26 18:34:00.269254: | start processing: state #1 connection "north-dpd/0x2" from 192.1.2.23 (in process_v1_packet() at ikev1.c:1479) Aug 26 18:34:00.269267: | #1 is idle Aug 26 18:34:00.269270: | #1 idle Aug 26 18:34:00.269274: | received encrypted packet from 192.1.2.23:500 Aug 26 18:34:00.269284: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x100 opt: 0x0 Aug 26 18:34:00.269304: | ***parse ISAKMP Hash Payload: Aug 26 18:34:00.269327: | next payload type: ISAKMP_NEXT_N (0xb) Aug 26 18:34:00.269330: | length: 36 (0x24) Aug 26 18:34:00.269333: | got payload 0x800 (ISAKMP_NEXT_N) needed: 0x0 opt: 0x0 Aug 26 18:34:00.269336: | ***parse ISAKMP Notification Payload: Aug 26 18:34:00.269339: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:34:00.269341: | length: 32 (0x20) Aug 26 18:34:00.269344: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 18:34:00.269346: | protocol ID: 1 (0x1) Aug 26 18:34:00.269348: | SPI size: 16 (0x10) Aug 26 18:34:00.269351: | Notify Message Type: R_U_THERE_ACK (0x8d29) Aug 26 18:34:00.269353: | removing 12 bytes of padding Aug 26 18:34:00.269371: | informational HASH(1): Aug 26 18:34:00.269374: | ac a1 ba 5f 56 c2 7b e5 13 5d bb ab ab 7e e6 3c Aug 26 18:34:00.269377: | 18 7c db 90 6a 83 86 39 f7 3c 5a 92 ca 05 f8 b3 Aug 26 18:34:00.269380: | received 'informational' message HASH(1) data ok Aug 26 18:34:00.269383: | info: b4 b9 92 b1 8c d6 51 ed 11 de db 08 7f 65 6e 7d Aug 26 18:34:00.269385: | info: 00 00 66 d0 Aug 26 18:34:00.269390: | #1 spent 1.29 milliseconds Aug 26 18:34:00.269393: | processing informational R_U_THERE_ACK (36137) Aug 26 18:34:00.269396: | pstats ikev1_recv_notifies_e 36137 Aug 26 18:34:00.269398: | DPD: R_U_THERE_ACK, seqno received: 26320 expected: 26320 (state=#1) Aug 26 18:34:00.269402: | state #1 requesting EVENT_DPD_TIMEOUT-pe@0x55a94fbd3e68 be deleted Aug 26 18:34:00.269406: | libevent_free: release ptr-libevent@0x55a94fbe82b8 Aug 26 18:34:00.269409: | free_event_entry: release EVENT_DPD_TIMEOUT-pe@0x55a94fbd3e68 Aug 26 18:34:00.269412: | complete v1 state transition with STF_IGNORE Aug 26 18:34:00.269417: | #1 spent 0.0273 milliseconds in process_packet_tail() Aug 26 18:34:00.269422: | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) Aug 26 18:34:00.269428: | stop processing: state #1 connection "north-dpd/0x2" from 192.1.2.23 (in process_md() at demux.c:382) Aug 26 18:34:00.269431: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 18:34:00.269435: | spent 0.266 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:34:00.467608: | spent 0.0033 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:34:00.467634: | *received 92 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 18:34:00.467640: | b4 b9 92 b1 8c d6 51 ed 11 de db 08 7f 65 6e 7d Aug 26 18:34:00.467644: | 08 10 05 01 82 c3 76 b3 00 00 00 5c 3b ed 13 de Aug 26 18:34:00.467647: | 49 38 ce 81 00 95 b5 2a 84 63 19 2e 37 cb e5 b9 Aug 26 18:34:00.467650: | 0b 12 01 20 d9 d5 05 e7 02 67 98 23 b3 9c 47 12 Aug 26 18:34:00.467653: | 00 69 dc d0 8b 01 ef a1 30 0c d8 a8 a6 c7 ae 71 Aug 26 18:34:00.467656: | d7 03 89 ab 8e f6 f0 7b f4 d4 98 dc Aug 26 18:34:00.467663: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 18:34:00.467668: | **parse ISAKMP Message: Aug 26 18:34:00.467671: | initiator cookie: Aug 26 18:34:00.467674: | b4 b9 92 b1 8c d6 51 ed Aug 26 18:34:00.467678: | responder cookie: Aug 26 18:34:00.467681: | 11 de db 08 7f 65 6e 7d Aug 26 18:34:00.467685: | next payload type: ISAKMP_NEXT_HASH (0x8) Aug 26 18:34:00.467689: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 18:34:00.467692: | exchange type: ISAKMP_XCHG_INFO (0x5) Aug 26 18:34:00.467696: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 18:34:00.467699: | Message ID: 2193847987 (0x82c376b3) Aug 26 18:34:00.467702: | length: 92 (0x5c) Aug 26 18:34:00.467706: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_INFO (5) Aug 26 18:34:00.467710: | peer and cookies match on #7; msgid=00000000 st_msgid=5426ec6b st_msgid_phase15=00000000 Aug 26 18:34:00.467714: | peer and cookies match on #6; msgid=00000000 st_msgid=4e17d482 st_msgid_phase15=00000000 Aug 26 18:34:00.467718: | peer and cookies match on #5; msgid=00000000 st_msgid=78d83418 st_msgid_phase15=00000000 Aug 26 18:34:00.467722: | peer and cookies match on #4; msgid=00000000 st_msgid=b63903a6 st_msgid_phase15=00000000 Aug 26 18:34:00.467729: | peer and cookies match on #1; msgid=00000000 st_msgid=00000000 st_msgid_phase15=00000000 Aug 26 18:34:00.467732: | p15 state object #1 found, in STATE_MAIN_I4 Aug 26 18:34:00.467736: | State DB: found IKEv1 state #1 in MAIN_I4 (find_v1_info_state) Aug 26 18:34:00.467742: | start processing: state #1 connection "north-dpd/0x2" from 192.1.2.23 (in process_v1_packet() at ikev1.c:1479) Aug 26 18:34:00.467758: | #1 is idle Aug 26 18:34:00.467762: | #1 idle Aug 26 18:34:00.467768: | received encrypted packet from 192.1.2.23:500 Aug 26 18:34:00.467780: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x100 opt: 0x0 Aug 26 18:34:00.467785: | ***parse ISAKMP Hash Payload: Aug 26 18:34:00.467788: | next payload type: ISAKMP_NEXT_D (0xc) Aug 26 18:34:00.467791: | length: 36 (0x24) Aug 26 18:34:00.467795: | got payload 0x1000 (ISAKMP_NEXT_D) needed: 0x0 opt: 0x0 Aug 26 18:34:00.467799: | ***parse ISAKMP Delete Payload: Aug 26 18:34:00.467803: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:34:00.467806: | length: 16 (0x10) Aug 26 18:34:00.467809: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 18:34:00.467812: | protocol ID: 3 (0x3) Aug 26 18:34:00.467815: | SPI size: 4 (0x4) Aug 26 18:34:00.467818: | number of SPIs: 1 (0x1) Aug 26 18:34:00.467821: | removing 12 bytes of padding Aug 26 18:34:00.467842: | informational HASH(1): Aug 26 18:34:00.467846: | ec fb 59 85 1b 2b 65 89 1d 84 5d 99 df 13 d3 49 Aug 26 18:34:00.467850: | 68 83 05 df 1d 65 93 c9 ec 28 35 34 ac 09 ea 85 Aug 26 18:34:00.467853: | received 'informational' message HASH(1) data ok Aug 26 18:34:00.467857: | parsing 4 raw bytes of ISAKMP Delete Payload into SPI Aug 26 18:34:00.467860: | SPI 1a 43 41 09 Aug 26 18:34:00.467863: | FOR_EACH_STATE_... in find_phase2_state_to_delete Aug 26 18:34:00.467869: | start processing: connection "north-dpd/0x2" (BACKGROUND) (in accept_delete() at ikev1_main.c:2515) Aug 26 18:34:00.467872: "north-dpd/0x2" #1: received Delete SA payload: replace IPsec State #7 now Aug 26 18:34:00.467876: | state #7 requesting EVENT_SA_REPLACE to be deleted Aug 26 18:34:00.467881: | libevent_free: release ptr-libevent@0x7f5488005df8 Aug 26 18:34:00.467885: | free_event_entry: release EVENT_SA_REPLACE-pe@0x55a94fbca6b8 Aug 26 18:34:00.467888: | event_schedule: new EVENT_SA_REPLACE-pe@0x55a94fbca6b8 Aug 26 18:34:00.467893: | inserting event EVENT_SA_REPLACE, timeout in 0 seconds for #7 Aug 26 18:34:00.467897: | libevent_malloc: new ptr-libevent@0x55a94fbe9cb8 size 128 Aug 26 18:34:00.467903: | stop processing: connection "north-dpd/0x2" (BACKGROUND) (in accept_delete() at ikev1_main.c:2559) Aug 26 18:34:00.467906: | del: Aug 26 18:34:00.467911: | complete v1 state transition with STF_IGNORE Aug 26 18:34:00.467917: | #1 spent 0.00504 milliseconds in process_packet_tail() Aug 26 18:34:00.467923: | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) Aug 26 18:34:00.467929: | stop processing: state #1 connection "north-dpd/0x2" from 192.1.2.23 (in process_md() at demux.c:382) Aug 26 18:34:00.467932: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 18:34:00.467937: | spent 0.313 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:34:00.467945: | timer_event_cb: processing event@0x55a94fbca6b8 Aug 26 18:34:00.467950: | handling event EVENT_SA_REPLACE for child state #7 Aug 26 18:34:00.467956: | start processing: state #7 connection "north-dpd/0x2" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 18:34:00.467960: | picked newest_ipsec_sa #7 for #7 Aug 26 18:34:00.467964: | replacing stale IPsec SA Aug 26 18:34:00.467969: | dup_any(fd@-1) -> fd@-1 (in ipsecdoi_replace() at ipsec_doi.c:351) Aug 26 18:34:00.467972: | FOR_EACH_STATE_... in find_phase1_state Aug 26 18:34:00.467978: | creating state object #8 at 0x55a94fbe6a28 Aug 26 18:34:00.467982: | State DB: adding IKEv1 state #8 in UNDEFINED Aug 26 18:34:00.467993: | pstats #8 ikev1.ipsec started Aug 26 18:34:00.468000: | duplicating state object #1 "north-dpd/0x2" as #8 for IPSEC SA Aug 26 18:34:00.468008: | #8 setting local endpoint to 192.1.3.33:500 from #1.st_localport (in duplicate_state() at state.c:1484) Aug 26 18:34:00.468020: | suspend processing: state #7 connection "north-dpd/0x2" from 192.1.2.23 (in quick_outI1() at ikev1_quick.c:685) Aug 26 18:34:00.468026: | start processing: state #8 connection "north-dpd/0x2" from 192.1.2.23 (in quick_outI1() at ikev1_quick.c:685) Aug 26 18:34:00.468034: | child state #8: UNDEFINED(ignore) => QUICK_I1(established CHILD SA) Aug 26 18:34:00.468042: "north-dpd/0x2" #8: initiating Quick Mode RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO to replace #7 {using isakmp#1 msgid:769a4b7a proposal=defaults pfsgroup=MODP2048} Aug 26 18:34:00.468047: | adding quick_outI1 KE work-order 15 for state #8 Aug 26 18:34:00.468051: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55a94fbd3e68 Aug 26 18:34:00.468056: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #8 Aug 26 18:34:00.468060: | libevent_malloc: new ptr-libevent@0x55a94fbe9c08 size 128 Aug 26 18:34:00.468074: | stop processing: state #8 connection "north-dpd/0x2" from 192.1.2.23 (in quick_outI1() at ikev1_quick.c:764) Aug 26 18:34:00.468081: | resume processing: state #7 connection "north-dpd/0x2" from 192.1.2.23 (in quick_outI1() at ikev1_quick.c:764) Aug 26 18:34:00.468081: | crypto helper 0 resuming Aug 26 18:34:00.468085: | state #7 requesting EVENT_DPD-pe@0x55a94fbd3b08 be deleted Aug 26 18:34:00.468096: | crypto helper 0 starting work-order 15 for state #8 Aug 26 18:34:00.468099: | libevent_free: release ptr-libevent@0x55a94fbe4a78 Aug 26 18:34:00.468102: | crypto helper 0 doing build KE and nonce (quick_outI1 KE); request ID 15 Aug 26 18:34:00.468104: | free_event_entry: release EVENT_DPD-pe@0x55a94fbd3b08 Aug 26 18:34:00.468108: | event_schedule: new EVENT_SA_EXPIRE-pe@0x55a94fbd3b08 Aug 26 18:34:00.468112: | inserting event EVENT_SA_EXPIRE, timeout in 0 seconds for #7 Aug 26 18:34:00.468116: | libevent_malloc: new ptr-libevent@0x55a94fbe4a78 size 128 Aug 26 18:34:00.468120: | libevent_free: release ptr-libevent@0x55a94fbe9cb8 Aug 26 18:34:00.468124: | free_event_entry: release EVENT_SA_REPLACE-pe@0x55a94fbca6b8 Aug 26 18:34:00.468130: | #7 spent 0.179 milliseconds in timer_event_cb() EVENT_SA_REPLACE Aug 26 18:34:00.468136: | stop processing: state #7 connection "north-dpd/0x2" from 192.1.2.23 (in timer_event_cb() at timer.c:557) Aug 26 18:34:00.468142: | timer_event_cb: processing event@0x55a94fbd3b08 Aug 26 18:34:00.468145: | handling event EVENT_SA_EXPIRE for child state #7 Aug 26 18:34:00.468151: | start processing: state #7 connection "north-dpd/0x2" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 18:34:00.468155: | picked newest_ipsec_sa #7 for #7 Aug 26 18:34:00.468159: | un-established partial CHILD SA timeout (SA expired) Aug 26 18:34:00.468163: | pstats #7 ikev1.ipsec re-failed exchange-timeout Aug 26 18:34:00.468166: | pstats #7 ikev1.ipsec deleted completed Aug 26 18:34:00.468171: | [RE]START processing: state #7 connection "north-dpd/0x2" from 192.1.2.23 (in delete_state() at state.c:879) Aug 26 18:34:00.468176: "north-dpd/0x2" #7: deleting state (STATE_QUICK_I2) aged 12.212s and sending notification Aug 26 18:34:00.468180: | child state #7: QUICK_I2(established CHILD SA) => delete Aug 26 18:34:00.468185: | get_sa_info esp.1a434109@192.1.2.23 Aug 26 18:34:00.468201: | get_sa_info esp.f24d08cd@192.1.3.33 Aug 26 18:34:00.468211: "north-dpd/0x2" #7: ESP traffic information: in=0B out=84B Aug 26 18:34:00.468215: | #7 send IKEv1 delete notification for STATE_QUICK_I2 Aug 26 18:34:00.468218: | FOR_EACH_STATE_... in find_phase1_state Aug 26 18:34:00.468224: | **emit ISAKMP Message: Aug 26 18:34:00.468227: | initiator cookie: Aug 26 18:34:00.468230: | b4 b9 92 b1 8c d6 51 ed Aug 26 18:34:00.468233: | responder cookie: Aug 26 18:34:00.468236: | 11 de db 08 7f 65 6e 7d Aug 26 18:34:00.468239: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:34:00.468244: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 18:34:00.468248: | exchange type: ISAKMP_XCHG_INFO (0x5) Aug 26 18:34:00.468251: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 18:34:00.468254: | Message ID: 2731667552 (0xa2d1f060) Aug 26 18:34:00.468257: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:34:00.468260: | ***emit ISAKMP Hash Payload: Aug 26 18:34:00.468263: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:34:00.468267: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Aug 26 18:34:00.468270: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'delete msg' Aug 26 18:34:00.468273: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Aug 26 18:34:00.468276: | emitting length of ISAKMP Hash Payload: 36 Aug 26 18:34:00.468279: | ***emit ISAKMP Delete Payload: Aug 26 18:34:00.468282: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:34:00.468284: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 18:34:00.468287: | protocol ID: 3 (0x3) Aug 26 18:34:00.468298: | SPI size: 4 (0x4) Aug 26 18:34:00.468301: | number of SPIs: 1 (0x1) Aug 26 18:34:00.468305: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Delete Payload (12:ISAKMP_NEXT_D) Aug 26 18:34:00.468309: | next payload chain: saving location 'ISAKMP Delete Payload'.'next payload type' in 'delete msg' Aug 26 18:34:00.468313: | emitting 4 raw bytes of delete payload into ISAKMP Delete Payload Aug 26 18:34:00.468316: | delete payload f2 4d 08 cd Aug 26 18:34:00.468319: | emitting length of ISAKMP Delete Payload: 16 Aug 26 18:34:00.468338: | send delete HASH(1): Aug 26 18:34:00.468342: | 86 d2 d9 a0 00 7e 22 a3 35 83 f7 2c 0c 6d a7 57 Aug 26 18:34:00.468345: | c7 aa a3 25 3d 8b 8e 5f be 9d 3d ea 6f 9f 3e e5 Aug 26 18:34:00.468353: | emitting 12 zero bytes of encryption padding into ISAKMP Message Aug 26 18:34:00.468356: | no IKEv1 message padding required Aug 26 18:34:00.468359: | emitting length of ISAKMP Message: 92 Aug 26 18:34:00.468372: | sending 92 bytes for delete notify through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Aug 26 18:34:00.468377: | b4 b9 92 b1 8c d6 51 ed 11 de db 08 7f 65 6e 7d Aug 26 18:34:00.468379: | 08 10 05 01 a2 d1 f0 60 00 00 00 5c 15 c2 84 ca Aug 26 18:34:00.468382: | 3f 2c 3c e0 3a 95 78 0d 86 d9 d3 c6 95 58 d4 45 Aug 26 18:34:00.468385: | 5c f4 fb 37 70 a8 ac bf 07 d9 f4 74 ed dd 70 98 Aug 26 18:34:00.468387: | 30 cd 3f 0d 80 d5 71 3a 3c e4 6b 0e 19 8f 89 6b Aug 26 18:34:00.468390: | 15 83 31 ae d6 2f 83 66 fa 86 61 6d Aug 26 18:34:00.468465: | running updown command "ipsec _updown" for verb down Aug 26 18:34:00.468470: | command executing down-client Aug 26 18:34:00.468497: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:34:00.468504: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:34:00.468528: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-dpd/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566844428' PLUTO_CONN_POL Aug 26 18:34:00.468533: | popen cmd is 1411 chars long Aug 26 18:34:00.468537: | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-dpd/0x2' PL: Aug 26 18:34:00.468541: | cmd( 80):UTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY: Aug 26 18:34:00.468544: | cmd( 160):_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.test: Aug 26 18:34:00.468548: | cmd( 240):ing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.: Aug 26 18:34:00.468551: | cmd( 320):0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO: Aug 26 18:34:00.468555: | cmd( 400):_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PL: Aug 26 18:34:00.468559: | cmd( 480):UTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, O: Aug 26 18:34:00.468562: | cmd( 560):U=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.: Aug 26 18:34:00.468566: | cmd( 640):org' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' PLUTO_: Aug 26 18:34:00.468570: | cmd( 720):PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLU: Aug 26 18:34:00.468573: | cmd( 800):TO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Lib: Aug 26 18:34:00.468577: | cmd( 880):reswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_A: Aug 26 18:34:00.468581: | cmd( 960):DDTIME='1566844428' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+: Aug 26 18:34:00.468584: | cmd(1040):SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADD: Aug 26 18:34:00.468587: | cmd(1120):RFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLU: Aug 26 18:34:00.468591: | cmd(1200):TO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIEN: Aug 26 18:34:00.468595: | cmd(1280):T='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_: Aug 26 18:34:00.468599: | cmd(1360):IN=0x1a434109 SPI_OUT=0xf24d08cd ipsec _updown 2>&1: Aug 26 18:34:00.469498: | crypto helper 0 finished build KE and nonce (quick_outI1 KE); request ID 15 time elapsed 0.001395 seconds Aug 26 18:34:00.469519: | (#8) spent 0.895 milliseconds in crypto helper computing work-order 15: quick_outI1 KE (pcr) Aug 26 18:34:00.469523: | crypto helper 0 sending results from work-order 15 for state #8 to event queue Aug 26 18:34:00.469527: | scheduling resume sending helper answer for #8 Aug 26 18:34:00.469531: | libevent_malloc: new ptr-libevent@0x7f54a0009dd8 size 128 Aug 26 18:34:00.469551: | crypto helper 0 waiting (nothing to do) Aug 26 18:34:00.482541: | shunt_eroute() called for connection 'north-dpd/0x2' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 0--0->-0 Aug 26 18:34:00.482560: | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 Aug 26 18:34:00.482564: | priority calculation of connection "north-dpd/0x2" is 0xfe7e7 Aug 26 18:34:00.482569: | IPsec Sa SPD priority set to 1042407 Aug 26 18:34:00.482607: | delete esp.1a434109@192.1.2.23 Aug 26 18:34:00.482625: | netlink response for Del SA esp.1a434109@192.1.2.23 included non-error error Aug 26 18:34:00.482630: | priority calculation of connection "north-dpd/0x2" is 0xfe7e7 Aug 26 18:34:00.482637: | delete inbound eroute 192.0.22.0/24:0 --0-> 192.0.3.0/24:0 => unk255.10000@192.1.3.33 (raw_eroute) Aug 26 18:34:00.482657: | raw_eroute result=success Aug 26 18:34:00.482662: | delete esp.f24d08cd@192.1.3.33 Aug 26 18:34:00.482672: | netlink response for Del SA esp.f24d08cd@192.1.3.33 included non-error error Aug 26 18:34:00.482686: | in connection_discard for connection north-dpd/0x2 Aug 26 18:34:00.482690: | State DB: deleting IKEv1 state #7 in QUICK_I2 Aug 26 18:34:00.482700: | child state #7: QUICK_I2(established CHILD SA) => UNDEFINED(ignore) Aug 26 18:34:00.482736: | stop processing: state #7 from 192.1.2.23 (in delete_state() at state.c:1143) Aug 26 18:34:00.482759: | libevent_free: release ptr-libevent@0x55a94fbe4a78 Aug 26 18:34:00.482764: | free_event_entry: release EVENT_SA_EXPIRE-pe@0x55a94fbd3b08 Aug 26 18:34:00.482768: | in statetime_stop() and could not find #7 Aug 26 18:34:00.482771: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Aug 26 18:34:00.482795: | spent 0.00294 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:34:00.482816: | *received 92 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 18:34:00.482820: | b4 b9 92 b1 8c d6 51 ed 11 de db 08 7f 65 6e 7d Aug 26 18:34:00.482822: | 08 10 05 01 db 05 81 df 00 00 00 5c 82 13 cf 67 Aug 26 18:34:00.482825: | 80 18 36 02 59 fd 39 c8 d3 14 f9 59 8b 1c ea 7b Aug 26 18:34:00.482827: | 09 30 7d 82 4c fe f3 63 7c 66 fe 9e 8b 21 db db Aug 26 18:34:00.482829: | 25 69 78 89 72 84 70 d9 d7 a8 47 23 ef 77 0d 3f Aug 26 18:34:00.482832: | 2b 74 fe 1e b3 e0 3e d1 6e 90 f1 fd Aug 26 18:34:00.482838: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 18:34:00.482842: | **parse ISAKMP Message: Aug 26 18:34:00.482845: | initiator cookie: Aug 26 18:34:00.482848: | b4 b9 92 b1 8c d6 51 ed Aug 26 18:34:00.482851: | responder cookie: Aug 26 18:34:00.482853: | 11 de db 08 7f 65 6e 7d Aug 26 18:34:00.482856: | next payload type: ISAKMP_NEXT_HASH (0x8) Aug 26 18:34:00.482859: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 18:34:00.482862: | exchange type: ISAKMP_XCHG_INFO (0x5) Aug 26 18:34:00.482866: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 18:34:00.482869: | Message ID: 3674571231 (0xdb0581df) Aug 26 18:34:00.482872: | length: 92 (0x5c) Aug 26 18:34:00.482875: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_INFO (5) Aug 26 18:34:00.482880: | peer and cookies match on #8; msgid=00000000 st_msgid=769a4b7a st_msgid_phase15=00000000 Aug 26 18:34:00.482883: | peer and cookies match on #6; msgid=00000000 st_msgid=4e17d482 st_msgid_phase15=00000000 Aug 26 18:34:00.482887: | peer and cookies match on #5; msgid=00000000 st_msgid=78d83418 st_msgid_phase15=00000000 Aug 26 18:34:00.482890: | peer and cookies match on #4; msgid=00000000 st_msgid=b63903a6 st_msgid_phase15=00000000 Aug 26 18:34:00.482893: | peer and cookies match on #1; msgid=00000000 st_msgid=00000000 st_msgid_phase15=00000000 Aug 26 18:34:00.482896: | p15 state object #1 found, in STATE_MAIN_I4 Aug 26 18:34:00.482898: | State DB: found IKEv1 state #1 in MAIN_I4 (find_v1_info_state) Aug 26 18:34:00.482903: | start processing: state #1 connection "north-dpd/0x2" from 192.1.2.23 (in process_v1_packet() at ikev1.c:1479) Aug 26 18:34:00.482923: | #1 is idle Aug 26 18:34:00.482926: | #1 idle Aug 26 18:34:00.482931: | received encrypted packet from 192.1.2.23:500 Aug 26 18:34:00.482952: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x100 opt: 0x0 Aug 26 18:34:00.482956: | ***parse ISAKMP Hash Payload: Aug 26 18:34:00.482959: | next payload type: ISAKMP_NEXT_D (0xc) Aug 26 18:34:00.482961: | length: 36 (0x24) Aug 26 18:34:00.482964: | got payload 0x1000 (ISAKMP_NEXT_D) needed: 0x0 opt: 0x0 Aug 26 18:34:00.482967: | ***parse ISAKMP Delete Payload: Aug 26 18:34:00.482970: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:34:00.482973: | length: 16 (0x10) Aug 26 18:34:00.482975: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 18:34:00.482978: | protocol ID: 3 (0x3) Aug 26 18:34:00.482980: | SPI size: 4 (0x4) Aug 26 18:34:00.482983: | number of SPIs: 1 (0x1) Aug 26 18:34:00.482985: | removing 12 bytes of padding Aug 26 18:34:00.483010: | informational HASH(1): Aug 26 18:34:00.483014: | 05 4f 84 b8 fd a3 9e 24 2d 6d 8a 03 5d 37 15 93 Aug 26 18:34:00.483016: | e5 d1 b0 9a 9b 4a 37 dc a5 fe 5d 78 80 90 db 1f Aug 26 18:34:00.483019: | received 'informational' message HASH(1) data ok Aug 26 18:34:00.483025: | parsing 4 raw bytes of ISAKMP Delete Payload into SPI Aug 26 18:34:00.483028: | SPI 1e 86 7a 01 Aug 26 18:34:00.483030: | FOR_EACH_STATE_... in find_phase2_state_to_delete Aug 26 18:34:00.483035: "north-dpd/0x2" #1: ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0x1e867a01) not found (maybe expired) Aug 26 18:34:00.483038: | del: Aug 26 18:34:00.483043: | #1 spent 1.65 milliseconds Aug 26 18:34:00.483048: | complete v1 state transition with STF_IGNORE Aug 26 18:34:00.483053: | #1 spent 0.00988 milliseconds in process_packet_tail() Aug 26 18:34:00.483058: | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) Aug 26 18:34:00.483063: | stop processing: state #1 connection "north-dpd/0x2" from 192.1.2.23 (in process_md() at demux.c:382) Aug 26 18:34:00.483066: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 18:34:00.483070: | spent 0.271 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:34:00.483079: | processing resume sending helper answer for #8 Aug 26 18:34:00.483084: | start processing: state #8 connection "north-dpd/0x2" from 192.1.2.23 (in resume_handler() at server.c:797) Aug 26 18:34:00.483088: | crypto helper 0 replies to request ID 15 Aug 26 18:34:00.483091: | calling continuation function 0x55a94f4e2b50 Aug 26 18:34:00.483094: | quick_outI1_continue for #8: calculated ke+nonce, sending I1 Aug 26 18:34:00.483117: | **emit ISAKMP Message: Aug 26 18:34:00.483120: | initiator cookie: Aug 26 18:34:00.483122: | b4 b9 92 b1 8c d6 51 ed Aug 26 18:34:00.483125: | responder cookie: Aug 26 18:34:00.483127: | 11 de db 08 7f 65 6e 7d Aug 26 18:34:00.483130: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:34:00.483132: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 18:34:00.483135: | exchange type: ISAKMP_XCHG_QUICK (0x20) Aug 26 18:34:00.483138: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 18:34:00.483141: | Message ID: 1989823354 (0x769a4b7a) Aug 26 18:34:00.483144: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:34:00.483147: | ***emit ISAKMP Hash Payload: Aug 26 18:34:00.483149: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:34:00.483153: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Aug 26 18:34:00.483156: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'reply packet' Aug 26 18:34:00.483159: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Aug 26 18:34:00.483162: | emitting length of ISAKMP Hash Payload: 36 Aug 26 18:34:00.483164: | emitting quick defaults using policy none Aug 26 18:34:00.483167: | empty esp_info, returning defaults for ENCRYPT Aug 26 18:34:00.483174: | ***emit ISAKMP Security Association Payload: Aug 26 18:34:00.483176: | next payload type: ISAKMP_NEXT_NONCE (0xa) Aug 26 18:34:00.483179: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 18:34:00.483182: | next payload chain: ignoring supplied 'ISAKMP Security Association Payload'.'next payload type' value 10:ISAKMP_NEXT_NONCE Aug 26 18:34:00.483185: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Security Association Payload (1:ISAKMP_NEXT_SA) Aug 26 18:34:00.483189: | next payload chain: saving location 'ISAKMP Security Association Payload'.'next payload type' in 'reply packet' Aug 26 18:34:00.483191: | ****emit IPsec DOI SIT: Aug 26 18:34:00.483194: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) Aug 26 18:34:00.483197: | ikev1_out_sa pcn: 0 has 1 valid proposals Aug 26 18:34:00.483200: | ikev1_out_sa pcn: 0 pn: 0<1 valid_count: 1 trans_cnt: 2 Aug 26 18:34:00.483202: | ****emit ISAKMP Proposal Payload: Aug 26 18:34:00.483205: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:34:00.483207: | proposal number: 0 (0x0) Aug 26 18:34:00.483210: | protocol ID: PROTO_IPSEC_ESP (0x3) Aug 26 18:34:00.483213: | SPI size: 4 (0x4) Aug 26 18:34:00.483216: | number of transforms: 2 (0x2) Aug 26 18:34:00.483220: | last substructure: saving location 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' Aug 26 18:34:00.483235: | netlink_get_spi: allocated 0x8ea0894f for esp.0@192.1.3.33 Aug 26 18:34:00.483239: | emitting 4 raw bytes of SPI into ISAKMP Proposal Payload Aug 26 18:34:00.483242: | SPI 8e a0 89 4f Aug 26 18:34:00.483245: | *****emit ISAKMP Transform Payload (ESP): Aug 26 18:34:00.483247: | next payload type: ISAKMP_NEXT_T (0x3) Aug 26 18:34:00.483250: | ESP transform number: 0 (0x0) Aug 26 18:34:00.483253: | ESP transform ID: ESP_AES (0xc) Aug 26 18:34:00.483256: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' Aug 26 18:34:00.483259: | ******emit ISAKMP IPsec DOI attribute: Aug 26 18:34:00.483262: | af+type: AF+GROUP_DESCRIPTION (0x8003) Aug 26 18:34:00.483264: | length/value: 14 (0xe) Aug 26 18:34:00.483267: | [14 is OAKLEY_GROUP_MODP2048] Aug 26 18:34:00.483270: | ******emit ISAKMP IPsec DOI attribute: Aug 26 18:34:00.483273: | af+type: AF+ENCAPSULATION_MODE (0x8004) Aug 26 18:34:00.483276: | length/value: 1 (0x1) Aug 26 18:34:00.483279: | [1 is ENCAPSULATION_MODE_TUNNEL] Aug 26 18:34:00.483281: | ******emit ISAKMP IPsec DOI attribute: Aug 26 18:34:00.483284: | af+type: AF+SA_LIFE_TYPE (0x8001) Aug 26 18:34:00.483287: | length/value: 1 (0x1) Aug 26 18:34:00.483296: | [1 is SA_LIFE_TYPE_SECONDS] Aug 26 18:34:00.483299: | ******emit ISAKMP IPsec DOI attribute: Aug 26 18:34:00.483302: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) Aug 26 18:34:00.483304: | length/value: 28800 (0x7080) Aug 26 18:34:00.483306: | ******emit ISAKMP IPsec DOI attribute: Aug 26 18:34:00.483309: | af+type: AF+AUTH_ALGORITHM (0x8005) Aug 26 18:34:00.483311: | length/value: 2 (0x2) Aug 26 18:34:00.483313: | [2 is AUTH_ALGORITHM_HMAC_SHA1] Aug 26 18:34:00.483316: | ******emit ISAKMP IPsec DOI attribute: Aug 26 18:34:00.483318: | af+type: AF+KEY_LENGTH (0x8006) Aug 26 18:34:00.483321: | length/value: 128 (0x80) Aug 26 18:34:00.483323: | emitting length of ISAKMP Transform Payload (ESP): 32 Aug 26 18:34:00.483326: | *****emit ISAKMP Transform Payload (ESP): Aug 26 18:34:00.483329: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:34:00.483331: | ESP transform number: 1 (0x1) Aug 26 18:34:00.483333: | ESP transform ID: ESP_3DES (0x3) Aug 26 18:34:00.483336: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Aug 26 18:34:00.483339: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' Aug 26 18:34:00.483342: | ******emit ISAKMP IPsec DOI attribute: Aug 26 18:34:00.483344: | af+type: AF+GROUP_DESCRIPTION (0x8003) Aug 26 18:34:00.483347: | length/value: 14 (0xe) Aug 26 18:34:00.483350: | [14 is OAKLEY_GROUP_MODP2048] Aug 26 18:34:00.483352: | ******emit ISAKMP IPsec DOI attribute: Aug 26 18:34:00.483355: | af+type: AF+ENCAPSULATION_MODE (0x8004) Aug 26 18:34:00.483357: | length/value: 1 (0x1) Aug 26 18:34:00.483360: | [1 is ENCAPSULATION_MODE_TUNNEL] Aug 26 18:34:00.483362: | ******emit ISAKMP IPsec DOI attribute: Aug 26 18:34:00.483365: | af+type: AF+SA_LIFE_TYPE (0x8001) Aug 26 18:34:00.483368: | length/value: 1 (0x1) Aug 26 18:34:00.483370: | [1 is SA_LIFE_TYPE_SECONDS] Aug 26 18:34:00.483373: | ******emit ISAKMP IPsec DOI attribute: Aug 26 18:34:00.483375: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) Aug 26 18:34:00.483378: | length/value: 28800 (0x7080) Aug 26 18:34:00.483380: | ******emit ISAKMP IPsec DOI attribute: Aug 26 18:34:00.483383: | af+type: AF+AUTH_ALGORITHM (0x8005) Aug 26 18:34:00.483385: | length/value: 2 (0x2) Aug 26 18:34:00.483388: | [2 is AUTH_ALGORITHM_HMAC_SHA1] Aug 26 18:34:00.483391: | emitting length of ISAKMP Transform Payload (ESP): 28 Aug 26 18:34:00.483393: | emitting length of ISAKMP Proposal Payload: 72 Aug 26 18:34:00.483398: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' is 0 Aug 26 18:34:00.483401: | emitting length of ISAKMP Security Association Payload: 84 Aug 26 18:34:00.483404: | last substructure: checking 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' is 0 Aug 26 18:34:00.483409: | ***emit ISAKMP Nonce Payload: Aug 26 18:34:00.483412: | next payload type: ISAKMP_NEXT_KE (0x4) Aug 26 18:34:00.483415: | next payload chain: ignoring supplied 'ISAKMP Nonce Payload'.'next payload type' value 4:ISAKMP_NEXT_KE Aug 26 18:34:00.483418: | next payload chain: setting previous 'ISAKMP Security Association Payload'.'next payload type' to current ISAKMP Nonce Payload (10:ISAKMP_NEXT_NONCE) Aug 26 18:34:00.483421: | next payload chain: saving location 'ISAKMP Nonce Payload'.'next payload type' in 'reply packet' Aug 26 18:34:00.483424: | emitting 32 raw bytes of Ni into ISAKMP Nonce Payload Aug 26 18:34:00.483427: | Ni 2c 34 05 57 aa 15 d5 d3 91 67 f1 04 af 00 b8 f7 Aug 26 18:34:00.483430: | Ni ed 9f 6b f2 38 70 18 0b 3e 4b 62 b7 cd 15 e6 50 Aug 26 18:34:00.483432: | emitting length of ISAKMP Nonce Payload: 36 Aug 26 18:34:00.483436: | ***emit ISAKMP Key Exchange Payload: Aug 26 18:34:00.483438: | next payload type: ISAKMP_NEXT_ID (0x5) Aug 26 18:34:00.483441: | next payload chain: ignoring supplied 'ISAKMP Key Exchange Payload'.'next payload type' value 5:ISAKMP_NEXT_ID Aug 26 18:34:00.483445: | next payload chain: setting previous 'ISAKMP Nonce Payload'.'next payload type' to current ISAKMP Key Exchange Payload (4:ISAKMP_NEXT_KE) Aug 26 18:34:00.483447: | next payload chain: saving location 'ISAKMP Key Exchange Payload'.'next payload type' in 'reply packet' Aug 26 18:34:00.483451: | emitting 256 raw bytes of keyex value into ISAKMP Key Exchange Payload Aug 26 18:34:00.483453: | keyex value bd 3e ac 15 1b 36 e2 21 30 3a 9d 9f 69 42 1a bf Aug 26 18:34:00.483456: | keyex value 96 39 05 c1 ed de af c7 3a cc 7a 03 cd f3 89 dd Aug 26 18:34:00.483458: | keyex value 54 2f 0f e0 07 90 13 8a cc af aa c8 ec e3 73 b3 Aug 26 18:34:00.483461: | keyex value 31 89 4c c9 b0 27 bc ff 76 27 b0 6e 9d d9 c6 9e Aug 26 18:34:00.483464: | keyex value 5d 6c 99 9e af f2 9d 72 28 68 cc dd 4b a4 f3 37 Aug 26 18:34:00.483466: | keyex value 8b d8 4b c7 0a 4b b3 1c 08 29 15 28 be ef 57 cc Aug 26 18:34:00.483469: | keyex value 52 cb b2 a2 0c 9f 3e 01 0f 40 a1 d2 9d d3 3f d9 Aug 26 18:34:00.483471: | keyex value a6 60 d4 f0 5b e6 7b 79 cd ac c5 d1 0e b2 f8 5e Aug 26 18:34:00.483474: | keyex value 1d 8a ff 03 97 4b bd 2a 8d 58 70 e4 9d 41 ba fe Aug 26 18:34:00.483476: | keyex value 4a 41 af 28 82 82 bf 4e 6b 2c de 8b 04 5c c6 fc Aug 26 18:34:00.483479: | keyex value ac ea ee 7d c3 9d c2 50 fc 13 cc c4 9d 59 81 af Aug 26 18:34:00.483481: | keyex value 8c eb a2 d0 1b b6 43 d4 29 86 d7 9a 68 bd 51 85 Aug 26 18:34:00.483484: | keyex value e5 2c e2 e6 28 5d fb b4 42 cf 76 6c fc 60 62 e6 Aug 26 18:34:00.483486: | keyex value 70 cd 05 82 b0 0f 80 b3 0d bb e3 f6 70 07 83 76 Aug 26 18:34:00.483489: | keyex value 15 42 be 8b 8e 36 f2 05 4a 5a 19 95 03 47 d3 b8 Aug 26 18:34:00.483491: | keyex value c9 8f 4c 74 cb 2e 59 19 4b 73 6a fd 9f 0e 37 91 Aug 26 18:34:00.483494: | emitting length of ISAKMP Key Exchange Payload: 260 Aug 26 18:34:00.483497: | ***emit ISAKMP Identification Payload (IPsec DOI): Aug 26 18:34:00.483500: | next payload type: ISAKMP_NEXT_ID (0x5) Aug 26 18:34:00.483502: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Aug 26 18:34:00.483505: | Protocol ID: 0 (0x0) Aug 26 18:34:00.483507: | port: 0 (0x0) Aug 26 18:34:00.483510: | next payload chain: ignoring supplied 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' value 5:ISAKMP_NEXT_ID Aug 26 18:34:00.483514: | next payload chain: setting previous 'ISAKMP Key Exchange Payload'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) Aug 26 18:34:00.483517: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' Aug 26 18:34:00.483521: | emitting 4 raw bytes of client network into ISAKMP Identification Payload (IPsec DOI) Aug 26 18:34:00.483524: | client network c0 00 03 00 Aug 26 18:34:00.483527: | emitting 4 raw bytes of client mask into ISAKMP Identification Payload (IPsec DOI) Aug 26 18:34:00.483530: | client mask ff ff ff 00 Aug 26 18:34:00.483532: | emitting length of ISAKMP Identification Payload (IPsec DOI): 16 Aug 26 18:34:00.483535: | ***emit ISAKMP Identification Payload (IPsec DOI): Aug 26 18:34:00.483538: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:34:00.483540: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Aug 26 18:34:00.483543: | Protocol ID: 0 (0x0) Aug 26 18:34:00.483545: | port: 0 (0x0) Aug 26 18:34:00.483549: | next payload chain: setting previous 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) Aug 26 18:34:00.483552: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' Aug 26 18:34:00.483555: | emitting 4 raw bytes of client network into ISAKMP Identification Payload (IPsec DOI) Aug 26 18:34:00.483557: | client network c0 00 16 00 Aug 26 18:34:00.483560: | emitting 4 raw bytes of client mask into ISAKMP Identification Payload (IPsec DOI) Aug 26 18:34:00.483562: | client mask ff ff ff 00 Aug 26 18:34:00.483565: | emitting length of ISAKMP Identification Payload (IPsec DOI): 16 Aug 26 18:34:00.483587: | outI1 HASH(1): Aug 26 18:34:00.483591: | 51 37 a2 f8 15 a4 21 23 91 f8 69 27 06 ae 95 52 Aug 26 18:34:00.483593: | 7d 80 f1 fd b4 2f 27 be 2e 7b 68 9f 90 26 4b 08 Aug 26 18:34:00.483600: | no IKEv1 message padding required Aug 26 18:34:00.483603: | emitting length of ISAKMP Message: 476 Aug 26 18:34:00.483616: | sending 476 bytes for reply packet from quick_outI1 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #8) Aug 26 18:34:00.483619: | b4 b9 92 b1 8c d6 51 ed 11 de db 08 7f 65 6e 7d Aug 26 18:34:00.483624: | 08 10 20 01 76 9a 4b 7a 00 00 01 dc 4c 80 25 f6 Aug 26 18:34:00.483627: | 9d 8b 10 62 13 a0 f0 ca e6 10 f9 52 80 e1 2e ba Aug 26 18:34:00.483629: | 33 3a 43 cf db e5 a4 c7 45 fe 31 78 2e 3b a9 3f Aug 26 18:34:00.483632: | 77 71 6d 9a 3c a0 7a 8e b2 cb ea 60 8c f9 b2 63 Aug 26 18:34:00.483634: | da 79 b9 9e 1d d3 6e 81 3a 79 25 37 ca c1 f8 eb Aug 26 18:34:00.483637: | df 7d 17 21 57 10 7d 9a 5f f3 fb a8 36 8e 1c b9 Aug 26 18:34:00.483639: | c3 7f 87 97 6d f3 e9 a3 e4 33 24 17 10 1d 20 e1 Aug 26 18:34:00.483642: | 25 ce 21 4f 38 43 7a f8 af 2c b3 0a cf af e7 e9 Aug 26 18:34:00.483644: | 58 a8 73 1c 80 74 36 d0 d5 e5 b1 90 bf 18 0a db Aug 26 18:34:00.483647: | c9 e2 31 8b 9b 32 67 4d 49 fd 8a 59 95 d4 9e ba Aug 26 18:34:00.483649: | e4 e1 64 78 05 2d 0d 20 8e d7 d3 64 52 a0 dc 8d Aug 26 18:34:00.483652: | 61 00 34 49 d2 5e 5d 9b 51 d1 36 34 70 43 1d a1 Aug 26 18:34:00.483654: | 08 13 ff 5c 50 83 3c 95 a8 51 3a 4e e6 b2 d5 15 Aug 26 18:34:00.483657: | ba 21 e1 b8 21 dc 1f 58 cd a2 82 67 74 24 92 7c Aug 26 18:34:00.483659: | 25 7a 36 69 b2 c4 fe a9 44 43 99 48 11 03 f8 17 Aug 26 18:34:00.483662: | 3f ae 40 a8 81 5f 9f b6 e4 26 8c 90 a4 99 ce dc Aug 26 18:34:00.483665: | 6c a2 1f 48 68 31 7a 4d 71 62 b2 7d 9c bb 30 cf Aug 26 18:34:00.483667: | da e0 a5 68 0b 8b 73 69 3c f4 e6 cb 2e b5 5e cb Aug 26 18:34:00.483670: | e3 32 b4 87 7a 96 ec 4f 59 1d 5f 10 d3 d3 63 24 Aug 26 18:34:00.483672: | 98 94 12 7b dd 1b 05 f0 13 23 56 19 8a ba 47 71 Aug 26 18:34:00.483675: | 7c 4d 55 37 03 44 81 d5 ea 1a 8f 38 8a ac 4d 8e Aug 26 18:34:00.483677: | c6 78 f2 53 15 f2 7a 9f e5 ad 09 f2 ea cf e2 77 Aug 26 18:34:00.483680: | 2b ae 81 15 21 1d cd 2a e9 6d d4 9e ef 35 bb cf Aug 26 18:34:00.483682: | 4e 98 a9 23 b9 b0 6b ba 79 03 ea ac cd 6f 6f a5 Aug 26 18:34:00.483685: | fc 3c af b6 72 3b 6c b6 c1 27 c0 5b 20 38 f3 ab Aug 26 18:34:00.483689: | 52 bc ea bc 47 23 6e 94 ac 41 ef c7 33 78 a5 54 Aug 26 18:34:00.483691: | 15 0c ef b8 11 ad 00 c9 7a e6 c2 38 f5 83 9f 8d Aug 26 18:34:00.483694: | fc b4 1d fb 7a b7 90 89 0b 59 32 ea c7 c1 27 f5 Aug 26 18:34:00.483696: | 78 ff 0a 40 53 37 23 28 02 99 0c af Aug 26 18:34:00.483742: | state #8 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 18:34:00.483750: | libevent_free: release ptr-libevent@0x55a94fbe9c08 Aug 26 18:34:00.483755: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55a94fbd3e68 Aug 26 18:34:00.483760: | event_schedule: new EVENT_RETRANSMIT-pe@0x55a94fbd3e68 Aug 26 18:34:00.483764: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #8 Aug 26 18:34:00.483768: | libevent_malloc: new ptr-libevent@0x55a94fbe7518 size 128 Aug 26 18:34:00.483774: | #8 STATE_QUICK_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 29726.226225 Aug 26 18:34:00.483779: | resume sending helper answer for #8 suppresed complete_v1_state_transition() Aug 26 18:34:00.483784: | #8 spent 0.667 milliseconds in resume sending helper answer Aug 26 18:34:00.483790: | stop processing: state #8 connection "north-dpd/0x2" from 192.1.2.23 (in resume_handler() at server.c:833) Aug 26 18:34:00.483793: | libevent_free: release ptr-libevent@0x7f54a0009dd8 Aug 26 18:34:00.483796: | processing signal PLUTO_SIGCHLD Aug 26 18:34:00.483801: | waitpid returned ECHILD (no child processes left) Aug 26 18:34:00.483805: | spent 0.00502 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 18:34:00.483814: | spent 0.00149 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:34:00.483824: | *received 92 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 18:34:00.483827: | b4 b9 92 b1 8c d6 51 ed 11 de db 08 7f 65 6e 7d Aug 26 18:34:00.483829: | 08 10 05 01 90 23 28 03 00 00 00 5c e1 b7 23 83 Aug 26 18:34:00.483832: | ef 1e 4c c8 f1 8f 32 8b cb 98 25 b7 67 f5 0e 08 Aug 26 18:34:00.483834: | 5e 34 d6 1a cd 63 13 0e c4 4a 9b 45 ef 6e dc b4 Aug 26 18:34:00.483842: | 20 0f 6d 67 c9 5c a9 d3 ea e5 7c 9c e3 50 a0 db Aug 26 18:34:00.483845: | c7 4d 95 65 c3 f4 36 09 e1 3f 09 87 Aug 26 18:34:00.483849: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 18:34:00.483852: | **parse ISAKMP Message: Aug 26 18:34:00.483855: | initiator cookie: Aug 26 18:34:00.483857: | b4 b9 92 b1 8c d6 51 ed Aug 26 18:34:00.483860: | responder cookie: Aug 26 18:34:00.483862: | 11 de db 08 7f 65 6e 7d Aug 26 18:34:00.483865: | next payload type: ISAKMP_NEXT_HASH (0x8) Aug 26 18:34:00.483868: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 18:34:00.483871: | exchange type: ISAKMP_XCHG_INFO (0x5) Aug 26 18:34:00.483873: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 18:34:00.483876: | Message ID: 2418223107 (0x90232803) Aug 26 18:34:00.483879: | length: 92 (0x5c) Aug 26 18:34:00.483882: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_INFO (5) Aug 26 18:34:00.483886: | peer and cookies match on #8; msgid=00000000 st_msgid=769a4b7a st_msgid_phase15=00000000 Aug 26 18:34:00.483889: | peer and cookies match on #6; msgid=00000000 st_msgid=4e17d482 st_msgid_phase15=00000000 Aug 26 18:34:00.483892: | peer and cookies match on #5; msgid=00000000 st_msgid=78d83418 st_msgid_phase15=00000000 Aug 26 18:34:00.483895: | peer and cookies match on #4; msgid=00000000 st_msgid=b63903a6 st_msgid_phase15=00000000 Aug 26 18:34:00.483898: | peer and cookies match on #1; msgid=00000000 st_msgid=00000000 st_msgid_phase15=00000000 Aug 26 18:34:00.483901: | p15 state object #1 found, in STATE_MAIN_I4 Aug 26 18:34:00.483904: | State DB: found IKEv1 state #1 in MAIN_I4 (find_v1_info_state) Aug 26 18:34:00.483909: | start processing: state #1 connection "north-dpd/0x2" from 192.1.2.23 (in process_v1_packet() at ikev1.c:1479) Aug 26 18:34:00.483917: | #1 is idle Aug 26 18:34:00.483920: | #1 idle Aug 26 18:34:00.483924: | received encrypted packet from 192.1.2.23:500 Aug 26 18:34:00.483933: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x100 opt: 0x0 Aug 26 18:34:00.483937: | ***parse ISAKMP Hash Payload: Aug 26 18:34:00.483939: | next payload type: ISAKMP_NEXT_D (0xc) Aug 26 18:34:00.483942: | length: 36 (0x24) Aug 26 18:34:00.483945: | got payload 0x1000 (ISAKMP_NEXT_D) needed: 0x0 opt: 0x0 Aug 26 18:34:00.483948: | ***parse ISAKMP Delete Payload: Aug 26 18:34:00.483950: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:34:00.483953: | length: 16 (0x10) Aug 26 18:34:00.483955: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 18:34:00.483958: | protocol ID: 3 (0x3) Aug 26 18:34:00.483960: | SPI size: 4 (0x4) Aug 26 18:34:00.483963: | number of SPIs: 1 (0x1) Aug 26 18:34:00.483965: | removing 12 bytes of padding Aug 26 18:34:00.483981: | informational HASH(1): Aug 26 18:34:00.483984: | fc d5 92 27 00 a2 3c ed 5e d1 3f 82 5f 8a f0 37 Aug 26 18:34:00.483986: | a3 77 97 ad 44 0a e7 97 5e c5 c7 36 9a f2 32 9b Aug 26 18:34:00.483989: | received 'informational' message HASH(1) data ok Aug 26 18:34:00.483992: | parsing 4 raw bytes of ISAKMP Delete Payload into SPI Aug 26 18:34:00.483994: | SPI 69 8e 38 88 Aug 26 18:34:00.483997: | FOR_EACH_STATE_... in find_phase2_state_to_delete Aug 26 18:34:00.484000: "north-dpd/0x2" #1: ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0x698e3888) not found (maybe expired) Aug 26 18:34:00.484003: | del: Aug 26 18:34:00.484007: | complete v1 state transition with STF_IGNORE Aug 26 18:34:00.484012: | #1 spent 0.00375 milliseconds in process_packet_tail() Aug 26 18:34:00.484016: | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) Aug 26 18:34:00.484021: | stop processing: state #1 connection "north-dpd/0x2" from 192.1.2.23 (in process_md() at demux.c:382) Aug 26 18:34:00.484024: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 18:34:00.484028: | spent 0.206 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:34:00.484035: | spent 0.00141 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:34:00.484044: | *received 92 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 18:34:00.484047: | b4 b9 92 b1 8c d6 51 ed 11 de db 08 7f 65 6e 7d Aug 26 18:34:00.484049: | 08 10 05 01 03 eb 0d 99 00 00 00 5c 15 ef b5 25 Aug 26 18:34:00.484052: | 70 a5 70 5a 1f 4e 01 90 6d 0c c4 25 f0 2b 28 03 Aug 26 18:34:00.484054: | 05 38 66 de 54 33 81 d0 40 c9 ab 84 47 35 19 f7 Aug 26 18:34:00.484056: | dd ee a6 4e 61 d1 f6 3d 8e 46 66 10 53 37 83 6e Aug 26 18:34:00.484059: | be da 73 28 07 03 f4 8b a3 79 31 91 Aug 26 18:34:00.484063: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 18:34:00.484066: | **parse ISAKMP Message: Aug 26 18:34:00.484068: | initiator cookie: Aug 26 18:34:00.484070: | b4 b9 92 b1 8c d6 51 ed Aug 26 18:34:00.484073: | responder cookie: Aug 26 18:34:00.484075: | 11 de db 08 7f 65 6e 7d Aug 26 18:34:00.484078: | next payload type: ISAKMP_NEXT_HASH (0x8) Aug 26 18:34:00.484081: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 18:34:00.484083: | exchange type: ISAKMP_XCHG_INFO (0x5) Aug 26 18:34:00.484086: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 18:34:00.484089: | Message ID: 65736089 (0x3eb0d99) Aug 26 18:34:00.484092: | length: 92 (0x5c) Aug 26 18:34:00.484095: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_INFO (5) Aug 26 18:34:00.484098: | peer and cookies match on #8; msgid=00000000 st_msgid=769a4b7a st_msgid_phase15=00000000 Aug 26 18:34:00.484101: | peer and cookies match on #6; msgid=00000000 st_msgid=4e17d482 st_msgid_phase15=00000000 Aug 26 18:34:00.484104: | peer and cookies match on #5; msgid=00000000 st_msgid=78d83418 st_msgid_phase15=00000000 Aug 26 18:34:00.484107: | peer and cookies match on #4; msgid=00000000 st_msgid=b63903a6 st_msgid_phase15=00000000 Aug 26 18:34:00.484110: | peer and cookies match on #1; msgid=00000000 st_msgid=00000000 st_msgid_phase15=00000000 Aug 26 18:34:00.484114: | p15 state object #1 found, in STATE_MAIN_I4 Aug 26 18:34:00.484117: | State DB: found IKEv1 state #1 in MAIN_I4 (find_v1_info_state) Aug 26 18:34:00.484122: | start processing: state #1 connection "north-dpd/0x2" from 192.1.2.23 (in process_v1_packet() at ikev1.c:1479) Aug 26 18:34:00.484129: | #1 is idle Aug 26 18:34:00.484131: | #1 idle Aug 26 18:34:00.484135: | received encrypted packet from 192.1.2.23:500 Aug 26 18:34:00.484143: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x100 opt: 0x0 Aug 26 18:34:00.484146: | ***parse ISAKMP Hash Payload: Aug 26 18:34:00.484149: | next payload type: ISAKMP_NEXT_D (0xc) Aug 26 18:34:00.484151: | length: 36 (0x24) Aug 26 18:34:00.484154: | got payload 0x1000 (ISAKMP_NEXT_D) needed: 0x0 opt: 0x0 Aug 26 18:34:00.484157: | ***parse ISAKMP Delete Payload: Aug 26 18:34:00.484159: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:34:00.484162: | length: 16 (0x10) Aug 26 18:34:00.484165: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 18:34:00.484167: | protocol ID: 3 (0x3) Aug 26 18:34:00.484170: | SPI size: 4 (0x4) Aug 26 18:34:00.484172: | number of SPIs: 1 (0x1) Aug 26 18:34:00.484175: | removing 12 bytes of padding Aug 26 18:34:00.484189: | informational HASH(1): Aug 26 18:34:00.484192: | ef 74 8c 6c 8d dd 03 8c bd 75 de 9f c6 0e 52 80 Aug 26 18:34:00.484195: | b5 3f 33 ed cd 92 f0 7f 2f 77 f1 b2 fd b3 40 95 Aug 26 18:34:00.484197: | received 'informational' message HASH(1) data ok Aug 26 18:34:00.484200: | parsing 4 raw bytes of ISAKMP Delete Payload into SPI Aug 26 18:34:00.484203: | SPI e0 d5 46 74 Aug 26 18:34:00.484205: | FOR_EACH_STATE_... in find_phase2_state_to_delete Aug 26 18:34:00.484210: | start processing: connection "north-dpd/0x1" (BACKGROUND) (in accept_delete() at ikev1_main.c:2515) Aug 26 18:34:00.484213: "north-dpd/0x2" #1: received Delete SA payload: replace IPsec State #6 now Aug 26 18:34:00.484216: | state #6 requesting EVENT_SA_REPLACE to be deleted Aug 26 18:34:00.484222: | libevent_free: release ptr-libevent@0x7f5498004fd8 Aug 26 18:34:00.484226: | free_event_entry: release EVENT_SA_REPLACE-pe@0x55a94fbcd948 Aug 26 18:34:00.484230: | event_schedule: new EVENT_SA_REPLACE-pe@0x55a94fbcd948 Aug 26 18:34:00.484234: | inserting event EVENT_SA_REPLACE, timeout in 0 seconds for #6 Aug 26 18:34:00.484237: | libevent_malloc: new ptr-libevent@0x7f54a0009dd8 size 128 Aug 26 18:34:00.484241: | stop processing: connection "north-dpd/0x1" (BACKGROUND) (in accept_delete() at ikev1_main.c:2559) Aug 26 18:34:00.484244: | del: Aug 26 18:34:00.484247: | complete v1 state transition with STF_IGNORE Aug 26 18:34:00.484252: | #1 spent 0.00345 milliseconds in process_packet_tail() Aug 26 18:34:00.484256: | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) Aug 26 18:34:00.484261: | stop processing: state #1 connection "north-dpd/0x2" from 192.1.2.23 (in process_md() at demux.c:382) Aug 26 18:34:00.484264: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 18:34:00.484268: | spent 0.229 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:34:00.484273: | timer_event_cb: processing event@0x55a94fbcd948 Aug 26 18:34:00.484276: | handling event EVENT_SA_REPLACE for child state #6 Aug 26 18:34:00.484281: | start processing: state #6 connection "north-dpd/0x1" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 18:34:00.484284: | picked newest_ipsec_sa #6 for #6 Aug 26 18:34:00.484287: | replacing stale IPsec SA Aug 26 18:34:00.484297: | dup_any(fd@-1) -> fd@-1 (in ipsecdoi_replace() at ipsec_doi.c:351) Aug 26 18:34:00.484300: | FOR_EACH_STATE_... in find_phase1_state Aug 26 18:34:00.484305: | creating state object #9 at 0x55a94fbe5f38 Aug 26 18:34:00.484308: | State DB: adding IKEv1 state #9 in UNDEFINED Aug 26 18:34:00.484314: | pstats #9 ikev1.ipsec started Aug 26 18:34:00.484317: | duplicating state object #1 "north-dpd/0x2" as #9 for IPSEC SA Aug 26 18:34:00.484323: | #9 setting local endpoint to 192.1.3.33:500 from #1.st_localport (in duplicate_state() at state.c:1484) Aug 26 18:34:00.484329: | in connection_discard for connection north-dpd/0x2 Aug 26 18:34:00.484333: | suspend processing: state #6 connection "north-dpd/0x1" from 192.1.2.23 (in quick_outI1() at ikev1_quick.c:685) Aug 26 18:34:00.484338: | start processing: state #9 connection "north-dpd/0x1" from 192.1.2.23 (in quick_outI1() at ikev1_quick.c:685) Aug 26 18:34:00.484346: | child state #9: UNDEFINED(ignore) => QUICK_I1(established CHILD SA) Aug 26 18:34:00.484352: "north-dpd/0x1" #9: initiating Quick Mode RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO to replace #6 {using isakmp#1 msgid:7e479d25 proposal=defaults pfsgroup=MODP2048} Aug 26 18:34:00.484356: | adding quick_outI1 KE work-order 16 for state #9 Aug 26 18:34:00.484359: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55a94fbd3b08 Aug 26 18:34:00.484363: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #9 Aug 26 18:34:00.484366: | libevent_malloc: new ptr-libevent@0x55a94fbe9cb8 size 128 Aug 26 18:34:00.484375: | stop processing: state #9 connection "north-dpd/0x1" from 192.1.2.23 (in quick_outI1() at ikev1_quick.c:764) Aug 26 18:34:00.484379: | resume processing: state #6 connection "north-dpd/0x1" from 192.1.2.23 (in quick_outI1() at ikev1_quick.c:764) Aug 26 18:34:00.484382: | crypto helper 1 resuming Aug 26 18:34:00.484399: | crypto helper 1 starting work-order 16 for state #9 Aug 26 18:34:00.484405: | crypto helper 1 doing build KE and nonce (quick_outI1 KE); request ID 16 Aug 26 18:34:00.485391: | crypto helper 1 finished build KE and nonce (quick_outI1 KE); request ID 16 time elapsed 0.000986 seconds Aug 26 18:34:00.485404: | (#9) spent 0.985 milliseconds in crypto helper computing work-order 16: quick_outI1 KE (pcr) Aug 26 18:34:00.485408: | crypto helper 1 sending results from work-order 16 for state #9 to event queue Aug 26 18:34:00.485412: | scheduling resume sending helper answer for #9 Aug 26 18:34:00.485416: | libevent_malloc: new ptr-libevent@0x7f5498004fd8 size 128 Aug 26 18:34:00.485422: | crypto helper 1 waiting (nothing to do) Aug 26 18:34:00.484382: | event_schedule: new EVENT_SA_EXPIRE-pe@0x55a94fbd5b58 Aug 26 18:34:00.485434: | inserting event EVENT_SA_EXPIRE, timeout in 0 seconds for #6 Aug 26 18:34:00.485438: | libevent_malloc: new ptr-libevent@0x55a94fbdc438 size 128 Aug 26 18:34:00.485442: | libevent_free: release ptr-libevent@0x7f54a0009dd8 Aug 26 18:34:00.485446: | free_event_entry: release EVENT_SA_REPLACE-pe@0x55a94fbcd948 Aug 26 18:34:00.485451: | #6 spent 0.132 milliseconds in timer_event_cb() EVENT_SA_REPLACE Aug 26 18:34:00.485458: | stop processing: state #6 connection "north-dpd/0x1" from 192.1.2.23 (in timer_event_cb() at timer.c:557) Aug 26 18:34:00.485466: | processing resume sending helper answer for #9 Aug 26 18:34:00.485472: | start processing: state #9 connection "north-dpd/0x1" from 192.1.2.23 (in resume_handler() at server.c:797) Aug 26 18:34:00.485476: | crypto helper 1 replies to request ID 16 Aug 26 18:34:00.485480: | calling continuation function 0x55a94f4e2b50 Aug 26 18:34:00.485483: | quick_outI1_continue for #9: calculated ke+nonce, sending I1 Aug 26 18:34:00.485488: | **emit ISAKMP Message: Aug 26 18:34:00.485492: | initiator cookie: Aug 26 18:34:00.485495: | b4 b9 92 b1 8c d6 51 ed Aug 26 18:34:00.485498: | responder cookie: Aug 26 18:34:00.485501: | 11 de db 08 7f 65 6e 7d Aug 26 18:34:00.485504: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:34:00.485508: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 18:34:00.485511: | exchange type: ISAKMP_XCHG_QUICK (0x20) Aug 26 18:34:00.485515: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 18:34:00.485518: | Message ID: 2118622501 (0x7e479d25) Aug 26 18:34:00.485522: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:34:00.485526: | ***emit ISAKMP Hash Payload: Aug 26 18:34:00.485529: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:34:00.485533: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Aug 26 18:34:00.485540: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'reply packet' Aug 26 18:34:00.485544: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Aug 26 18:34:00.485547: | emitting length of ISAKMP Hash Payload: 36 Aug 26 18:34:00.485550: | emitting quick defaults using policy none Aug 26 18:34:00.485554: | empty esp_info, returning defaults for ENCRYPT Aug 26 18:34:00.485558: | ***emit ISAKMP Security Association Payload: Aug 26 18:34:00.485561: | next payload type: ISAKMP_NEXT_NONCE (0xa) Aug 26 18:34:00.485564: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 18:34:00.485569: | next payload chain: ignoring supplied 'ISAKMP Security Association Payload'.'next payload type' value 10:ISAKMP_NEXT_NONCE Aug 26 18:34:00.485573: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Security Association Payload (1:ISAKMP_NEXT_SA) Aug 26 18:34:00.485577: | next payload chain: saving location 'ISAKMP Security Association Payload'.'next payload type' in 'reply packet' Aug 26 18:34:00.485581: | ****emit IPsec DOI SIT: Aug 26 18:34:00.485584: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) Aug 26 18:34:00.485588: | ikev1_out_sa pcn: 0 has 1 valid proposals Aug 26 18:34:00.485591: | ikev1_out_sa pcn: 0 pn: 0<1 valid_count: 1 trans_cnt: 2 Aug 26 18:34:00.485594: | ****emit ISAKMP Proposal Payload: Aug 26 18:34:00.485597: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:34:00.485601: | proposal number: 0 (0x0) Aug 26 18:34:00.485604: | protocol ID: PROTO_IPSEC_ESP (0x3) Aug 26 18:34:00.485607: | SPI size: 4 (0x4) Aug 26 18:34:00.485610: | number of transforms: 2 (0x2) Aug 26 18:34:00.485614: | last substructure: saving location 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' Aug 26 18:34:00.485630: | netlink_get_spi: allocated 0xe6a7dc81 for esp.0@192.1.3.33 Aug 26 18:34:00.485634: | emitting 4 raw bytes of SPI into ISAKMP Proposal Payload Aug 26 18:34:00.485637: | SPI e6 a7 dc 81 Aug 26 18:34:00.485640: | *****emit ISAKMP Transform Payload (ESP): Aug 26 18:34:00.485644: | next payload type: ISAKMP_NEXT_T (0x3) Aug 26 18:34:00.485647: | ESP transform number: 0 (0x0) Aug 26 18:34:00.485650: | ESP transform ID: ESP_AES (0xc) Aug 26 18:34:00.485654: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' Aug 26 18:34:00.485657: | ******emit ISAKMP IPsec DOI attribute: Aug 26 18:34:00.485661: | af+type: AF+GROUP_DESCRIPTION (0x8003) Aug 26 18:34:00.485664: | length/value: 14 (0xe) Aug 26 18:34:00.485668: | [14 is OAKLEY_GROUP_MODP2048] Aug 26 18:34:00.485671: | ******emit ISAKMP IPsec DOI attribute: Aug 26 18:34:00.485674: | af+type: AF+ENCAPSULATION_MODE (0x8004) Aug 26 18:34:00.485677: | length/value: 1 (0x1) Aug 26 18:34:00.485680: | [1 is ENCAPSULATION_MODE_TUNNEL] Aug 26 18:34:00.485683: | ******emit ISAKMP IPsec DOI attribute: Aug 26 18:34:00.485686: | af+type: AF+SA_LIFE_TYPE (0x8001) Aug 26 18:34:00.485689: | length/value: 1 (0x1) Aug 26 18:34:00.485692: | [1 is SA_LIFE_TYPE_SECONDS] Aug 26 18:34:00.485695: | ******emit ISAKMP IPsec DOI attribute: Aug 26 18:34:00.485699: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) Aug 26 18:34:00.485702: | length/value: 28800 (0x7080) Aug 26 18:34:00.485706: | ******emit ISAKMP IPsec DOI attribute: Aug 26 18:34:00.485709: | af+type: AF+AUTH_ALGORITHM (0x8005) Aug 26 18:34:00.485712: | length/value: 2 (0x2) Aug 26 18:34:00.485715: | [2 is AUTH_ALGORITHM_HMAC_SHA1] Aug 26 18:34:00.485718: | ******emit ISAKMP IPsec DOI attribute: Aug 26 18:34:00.485721: | af+type: AF+KEY_LENGTH (0x8006) Aug 26 18:34:00.485724: | length/value: 128 (0x80) Aug 26 18:34:00.485728: | emitting length of ISAKMP Transform Payload (ESP): 32 Aug 26 18:34:00.485731: | *****emit ISAKMP Transform Payload (ESP): Aug 26 18:34:00.485734: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:34:00.485739: | ESP transform number: 1 (0x1) Aug 26 18:34:00.485742: | ESP transform ID: ESP_3DES (0x3) Aug 26 18:34:00.485746: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Aug 26 18:34:00.485750: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' Aug 26 18:34:00.485754: | ******emit ISAKMP IPsec DOI attribute: Aug 26 18:34:00.485757: | af+type: AF+GROUP_DESCRIPTION (0x8003) Aug 26 18:34:00.485760: | length/value: 14 (0xe) Aug 26 18:34:00.485763: | [14 is OAKLEY_GROUP_MODP2048] Aug 26 18:34:00.485766: | ******emit ISAKMP IPsec DOI attribute: Aug 26 18:34:00.485769: | af+type: AF+ENCAPSULATION_MODE (0x8004) Aug 26 18:34:00.485772: | length/value: 1 (0x1) Aug 26 18:34:00.485776: | [1 is ENCAPSULATION_MODE_TUNNEL] Aug 26 18:34:00.485779: | ******emit ISAKMP IPsec DOI attribute: Aug 26 18:34:00.485782: | af+type: AF+SA_LIFE_TYPE (0x8001) Aug 26 18:34:00.485785: | length/value: 1 (0x1) Aug 26 18:34:00.485788: | [1 is SA_LIFE_TYPE_SECONDS] Aug 26 18:34:00.485791: | ******emit ISAKMP IPsec DOI attribute: Aug 26 18:34:00.485794: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) Aug 26 18:34:00.485797: | length/value: 28800 (0x7080) Aug 26 18:34:00.485800: | ******emit ISAKMP IPsec DOI attribute: Aug 26 18:34:00.485804: | af+type: AF+AUTH_ALGORITHM (0x8005) Aug 26 18:34:00.485807: | length/value: 2 (0x2) Aug 26 18:34:00.485810: | [2 is AUTH_ALGORITHM_HMAC_SHA1] Aug 26 18:34:00.485813: | emitting length of ISAKMP Transform Payload (ESP): 28 Aug 26 18:34:00.485816: | emitting length of ISAKMP Proposal Payload: 72 Aug 26 18:34:00.485820: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' is 0 Aug 26 18:34:00.485823: | emitting length of ISAKMP Security Association Payload: 84 Aug 26 18:34:00.485827: | last substructure: checking 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' is 0 Aug 26 18:34:00.485831: | ***emit ISAKMP Nonce Payload: Aug 26 18:34:00.485835: | next payload type: ISAKMP_NEXT_KE (0x4) Aug 26 18:34:00.485839: | next payload chain: ignoring supplied 'ISAKMP Nonce Payload'.'next payload type' value 4:ISAKMP_NEXT_KE Aug 26 18:34:00.485844: | next payload chain: setting previous 'ISAKMP Security Association Payload'.'next payload type' to current ISAKMP Nonce Payload (10:ISAKMP_NEXT_NONCE) Aug 26 18:34:00.485847: | next payload chain: saving location 'ISAKMP Nonce Payload'.'next payload type' in 'reply packet' Aug 26 18:34:00.485851: | emitting 32 raw bytes of Ni into ISAKMP Nonce Payload Aug 26 18:34:00.485854: | Ni be 97 ca 17 c8 e1 18 5f 4c 7e 04 02 56 41 12 91 Aug 26 18:34:00.485858: | Ni 0e 8c e7 76 ce cf 53 47 98 c1 f6 c3 b5 36 5e e0 Aug 26 18:34:00.485861: | emitting length of ISAKMP Nonce Payload: 36 Aug 26 18:34:00.485864: | ***emit ISAKMP Key Exchange Payload: Aug 26 18:34:00.485867: | next payload type: ISAKMP_NEXT_ID (0x5) Aug 26 18:34:00.485871: | next payload chain: ignoring supplied 'ISAKMP Key Exchange Payload'.'next payload type' value 5:ISAKMP_NEXT_ID Aug 26 18:34:00.485876: | next payload chain: setting previous 'ISAKMP Nonce Payload'.'next payload type' to current ISAKMP Key Exchange Payload (4:ISAKMP_NEXT_KE) Aug 26 18:34:00.485880: | next payload chain: saving location 'ISAKMP Key Exchange Payload'.'next payload type' in 'reply packet' Aug 26 18:34:00.485883: | emitting 256 raw bytes of keyex value into ISAKMP Key Exchange Payload Aug 26 18:34:00.485887: | keyex value 56 46 b2 ed a3 95 9a fb c8 bb 7b 94 a1 4f 1d 79 Aug 26 18:34:00.485890: | keyex value d8 6d 60 c1 eb 83 6d 7d fa f5 4e 86 e2 f0 ef b6 Aug 26 18:34:00.485893: | keyex value 97 ce 0e 95 39 1a 02 0f 5f 27 2d b9 48 58 9c 8c Aug 26 18:34:00.485896: | keyex value 15 4a 27 a2 f6 c9 e3 d4 8a a3 bf bf 5c fa fc 2f Aug 26 18:34:00.485900: | keyex value 3d 1b 45 9f a6 5a fa 47 2b 80 f2 21 6e 22 2c 40 Aug 26 18:34:00.485905: | keyex value 44 3a be e8 09 44 6d 57 bf c5 35 ea b9 93 9d ef Aug 26 18:34:00.485908: | keyex value f5 32 f7 b7 8c 06 d1 a1 ba 53 1c c5 97 b5 99 3f Aug 26 18:34:00.485911: | keyex value bf c7 ee 0e a3 fc e4 3a 93 91 bd 6f 9b 83 85 ab Aug 26 18:34:00.485914: | keyex value d3 98 2d 5a a7 b8 b2 56 63 60 83 18 4c b2 42 82 Aug 26 18:34:00.485918: | keyex value 84 ce 38 c9 05 44 35 0e 4a 60 e6 4c 12 96 88 79 Aug 26 18:34:00.485921: | keyex value 29 4d 30 5f 4f 95 9d 35 85 08 72 a9 f9 ba 03 f4 Aug 26 18:34:00.485924: | keyex value 42 d2 ce f1 68 27 ad f1 30 3c 36 7d 1c 00 62 56 Aug 26 18:34:00.485927: | keyex value 22 0f 7f 91 1a f5 f0 9f 46 8f 0b 74 5a 7a dc 7d Aug 26 18:34:00.485930: | keyex value e4 0b 19 3a 85 76 02 3f b4 40 bd f2 4b 22 7e 3e Aug 26 18:34:00.485934: | keyex value 8e 63 96 c8 ea e8 5a bd 5d 88 dc e0 52 0d 07 44 Aug 26 18:34:00.485937: | keyex value ee f5 a8 6a 81 10 9e ee 35 da 11 25 c8 8c ab fa Aug 26 18:34:00.485940: | emitting length of ISAKMP Key Exchange Payload: 260 Aug 26 18:34:00.485944: | ***emit ISAKMP Identification Payload (IPsec DOI): Aug 26 18:34:00.485947: | next payload type: ISAKMP_NEXT_ID (0x5) Aug 26 18:34:00.485950: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Aug 26 18:34:00.485953: | Protocol ID: 0 (0x0) Aug 26 18:34:00.485956: | port: 0 (0x0) Aug 26 18:34:00.485960: | next payload chain: ignoring supplied 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' value 5:ISAKMP_NEXT_ID Aug 26 18:34:00.485965: | next payload chain: setting previous 'ISAKMP Key Exchange Payload'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) Aug 26 18:34:00.485969: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' Aug 26 18:34:00.485974: | emitting 4 raw bytes of client network into ISAKMP Identification Payload (IPsec DOI) Aug 26 18:34:00.485977: | client network c0 00 03 00 Aug 26 18:34:00.485981: | emitting 4 raw bytes of client mask into ISAKMP Identification Payload (IPsec DOI) Aug 26 18:34:00.485984: | client mask ff ff ff 00 Aug 26 18:34:00.485987: | emitting length of ISAKMP Identification Payload (IPsec DOI): 16 Aug 26 18:34:00.485990: | ***emit ISAKMP Identification Payload (IPsec DOI): Aug 26 18:34:00.485994: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:34:00.485997: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Aug 26 18:34:00.486000: | Protocol ID: 0 (0x0) Aug 26 18:34:00.486002: | port: 0 (0x0) Aug 26 18:34:00.486007: | next payload chain: setting previous 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) Aug 26 18:34:00.486011: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' Aug 26 18:34:00.486015: | emitting 4 raw bytes of client network into ISAKMP Identification Payload (IPsec DOI) Aug 26 18:34:00.486018: | client network c0 00 02 00 Aug 26 18:34:00.486022: | emitting 4 raw bytes of client mask into ISAKMP Identification Payload (IPsec DOI) Aug 26 18:34:00.486025: | client mask ff ff ff 00 Aug 26 18:34:00.486028: | emitting length of ISAKMP Identification Payload (IPsec DOI): 16 Aug 26 18:34:00.486051: | outI1 HASH(1): Aug 26 18:34:00.486055: | 81 78 91 a1 02 c8 43 3f ff a4 32 a5 cf 2c 9f a7 Aug 26 18:34:00.486059: | cf f4 f1 35 37 a0 04 76 18 e4 88 71 35 24 43 79 Aug 26 18:34:00.486066: | no IKEv1 message padding required Aug 26 18:34:00.486069: | emitting length of ISAKMP Message: 476 Aug 26 18:34:00.486085: | sending 476 bytes for reply packet from quick_outI1 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #9) Aug 26 18:34:00.486089: | b4 b9 92 b1 8c d6 51 ed 11 de db 08 7f 65 6e 7d Aug 26 18:34:00.486092: | 08 10 20 01 7e 47 9d 25 00 00 01 dc e6 e1 d3 78 Aug 26 18:34:00.486095: | d2 de 83 e2 1b f5 03 ec c3 cb b3 c7 fb dd c9 74 Aug 26 18:34:00.486098: | 01 27 50 dc f9 4a 62 a1 d6 c1 26 93 99 d3 66 05 Aug 26 18:34:00.486103: | 52 21 e7 6a e3 f1 ec 9a 1d 39 f4 f4 f4 06 4c e3 Aug 26 18:34:00.486106: | 3f b3 f9 7b 96 e9 47 2d 27 da a5 b3 2b 7d 91 12 Aug 26 18:34:00.486109: | 52 21 81 39 01 82 f7 16 20 70 76 dc 2e 96 df dd Aug 26 18:34:00.486112: | aa 7f f5 08 4e 72 a6 c6 5b 2b a9 50 4c b3 e4 c1 Aug 26 18:34:00.486115: | bd 4e c3 2b 3f e2 0c b6 a6 3f ad e8 42 fe b1 97 Aug 26 18:34:00.486118: | a0 61 22 ab 48 66 f2 42 e9 97 47 0f f5 d4 69 6f Aug 26 18:34:00.486122: | 82 17 9f ee 2e f0 b9 23 73 24 02 90 c5 ea ba cb Aug 26 18:34:00.486125: | ce ec ef 38 43 7c b1 a0 3a e9 53 ae a0 b2 4e e1 Aug 26 18:34:00.486128: | 54 aa 84 6d 6a 04 d9 b2 21 2f 81 05 75 e9 02 7c Aug 26 18:34:00.486131: | 80 77 af 4e 42 4e cf 04 71 7e 44 fd 9f 60 1b b7 Aug 26 18:34:00.486134: | 4a 3d 04 ba cb 60 81 46 13 71 f1 5f 98 f0 20 19 Aug 26 18:34:00.486137: | 03 a5 c2 90 84 13 0b 83 13 a3 db 79 80 56 02 80 Aug 26 18:34:00.486140: | 89 e5 38 72 d7 13 a1 99 f4 a7 86 15 20 b1 d0 c4 Aug 26 18:34:00.486143: | 3b e6 b5 4d ef ed d7 11 e1 6a 9f 3b 2e 1c b2 3b Aug 26 18:34:00.486146: | 04 80 20 7c ad 77 c6 a1 2d f6 1c 47 0a 2e e9 35 Aug 26 18:34:00.486149: | 4e e5 ef 52 9b 13 1b f1 17 6b 44 b7 b7 09 a6 82 Aug 26 18:34:00.486152: | dc 11 09 6b 5e ea 16 78 f2 48 a7 30 87 53 51 71 Aug 26 18:34:00.486155: | d9 bc 46 49 e4 12 aa b4 6e 5f 94 8a cb c3 82 4c Aug 26 18:34:00.486159: | e7 52 7f e6 99 46 dd a4 30 46 2b 6d 10 a8 56 ff Aug 26 18:34:00.486162: | 72 ea 08 c4 64 77 ed 38 e8 ae 6b 7d 77 9e 5f a6 Aug 26 18:34:00.486165: | a8 88 c8 d7 01 f0 9b 00 0c 92 7a ec 23 c5 33 06 Aug 26 18:34:00.486168: | e4 30 d4 ab c3 1b 38 d3 6e 9b 0a 68 79 75 95 b7 Aug 26 18:34:00.486171: | a0 b7 46 54 af 85 91 ec bf 40 e8 28 fe 89 0a 2f Aug 26 18:34:00.486174: | e2 4c d9 3f a8 55 67 8a 9b 84 55 27 bb eb a8 58 Aug 26 18:34:00.486177: | 00 42 02 a4 f3 cc 11 93 51 17 5d 00 e7 98 61 cd Aug 26 18:34:00.486180: | 6f 90 ef 4d 30 cb 8c 1d 74 79 ba ac Aug 26 18:34:00.486216: | state #9 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 18:34:00.486221: | libevent_free: release ptr-libevent@0x55a94fbe9cb8 Aug 26 18:34:00.486225: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55a94fbd3b08 Aug 26 18:34:00.486229: | event_schedule: new EVENT_RETRANSMIT-pe@0x55a94fbd3b08 Aug 26 18:34:00.486234: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #9 Aug 26 18:34:00.486238: | libevent_malloc: new ptr-libevent@0x55a94fbe4a78 size 128 Aug 26 18:34:00.486244: | #9 STATE_QUICK_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 29726.228695 Aug 26 18:34:00.486249: | resume sending helper answer for #9 suppresed complete_v1_state_transition() Aug 26 18:34:00.486255: | #9 spent 0.758 milliseconds in resume sending helper answer Aug 26 18:34:00.486261: | stop processing: state #9 connection "north-dpd/0x1" from 192.1.2.23 (in resume_handler() at server.c:833) Aug 26 18:34:00.486265: | libevent_free: release ptr-libevent@0x7f5498004fd8 Aug 26 18:34:00.486269: | timer_event_cb: processing event@0x55a94fbd5b58 Aug 26 18:34:00.486273: | handling event EVENT_SA_EXPIRE for child state #6 Aug 26 18:34:00.486279: | start processing: state #6 connection "north-dpd/0x1" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 18:34:00.486283: | picked newest_ipsec_sa #6 for #6 Aug 26 18:34:00.486287: | un-established partial CHILD SA timeout (SA expired) Aug 26 18:34:00.486306: | pstats #6 ikev1.ipsec re-failed exchange-timeout Aug 26 18:34:00.486309: | pstats #6 ikev1.ipsec deleted completed Aug 26 18:34:00.486315: | [RE]START processing: state #6 connection "north-dpd/0x1" from 192.1.2.23 (in delete_state() at state.c:879) Aug 26 18:34:00.486319: "north-dpd/0x1" #6: deleting state (STATE_QUICK_I2) aged 23.316s and sending notification Aug 26 18:34:00.486323: | child state #6: QUICK_I2(established CHILD SA) => delete Aug 26 18:34:00.486328: | get_sa_info esp.e0d54674@192.1.2.23 Aug 26 18:34:00.486342: | get_sa_info esp.1c276340@192.1.3.33 Aug 26 18:34:00.486350: "north-dpd/0x1" #6: ESP traffic information: in=84B out=84B Aug 26 18:34:00.486354: | #6 send IKEv1 delete notification for STATE_QUICK_I2 Aug 26 18:34:00.486357: | FOR_EACH_STATE_... in find_phase1_state Aug 26 18:34:00.486365: | **emit ISAKMP Message: Aug 26 18:34:00.486369: | initiator cookie: Aug 26 18:34:00.486372: | b4 b9 92 b1 8c d6 51 ed Aug 26 18:34:00.486375: | responder cookie: Aug 26 18:34:00.486378: | 11 de db 08 7f 65 6e 7d Aug 26 18:34:00.486381: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:34:00.486384: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 18:34:00.486388: | exchange type: ISAKMP_XCHG_INFO (0x5) Aug 26 18:34:00.486391: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 18:34:00.486394: | Message ID: 4044713747 (0xf1156f13) Aug 26 18:34:00.486398: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:34:00.486401: | ***emit ISAKMP Hash Payload: Aug 26 18:34:00.486405: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:34:00.486409: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Aug 26 18:34:00.486413: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'delete msg' Aug 26 18:34:00.486417: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Aug 26 18:34:00.486420: | emitting length of ISAKMP Hash Payload: 36 Aug 26 18:34:00.486423: | ***emit ISAKMP Delete Payload: Aug 26 18:34:00.486427: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:34:00.486430: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 18:34:00.486433: | protocol ID: 3 (0x3) Aug 26 18:34:00.486436: | SPI size: 4 (0x4) Aug 26 18:34:00.486439: | number of SPIs: 1 (0x1) Aug 26 18:34:00.486443: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Delete Payload (12:ISAKMP_NEXT_D) Aug 26 18:34:00.486447: | next payload chain: saving location 'ISAKMP Delete Payload'.'next payload type' in 'delete msg' Aug 26 18:34:00.486451: | emitting 4 raw bytes of delete payload into ISAKMP Delete Payload Aug 26 18:34:00.486454: | delete payload 1c 27 63 40 Aug 26 18:34:00.486457: | emitting length of ISAKMP Delete Payload: 16 Aug 26 18:34:00.486475: | send delete HASH(1): Aug 26 18:34:00.486479: | aa 5c de 11 8d 29 0b 6e e7 fc f3 9d ae e6 36 bf Aug 26 18:34:00.486482: | 6d ad 38 8a e3 b9 13 4e 32 51 a1 f6 24 bc e1 66 Aug 26 18:34:00.486490: | emitting 12 zero bytes of encryption padding into ISAKMP Message Aug 26 18:34:00.486493: | no IKEv1 message padding required Aug 26 18:34:00.486496: | emitting length of ISAKMP Message: 92 Aug 26 18:34:00.486509: | sending 92 bytes for delete notify through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Aug 26 18:34:00.486514: | b4 b9 92 b1 8c d6 51 ed 11 de db 08 7f 65 6e 7d Aug 26 18:34:00.486517: | 08 10 05 01 f1 15 6f 13 00 00 00 5c 4e b6 81 7c Aug 26 18:34:00.486520: | 3b 2e 92 eb 7a 12 f2 83 ee ac 14 c8 a3 e8 40 b8 Aug 26 18:34:00.486523: | 7c af 12 5a d2 69 4b ae 6e 9a 50 df fd 9a cb 7a Aug 26 18:34:00.486527: | eb 58 6d fa f3 88 42 eb 5e 67 91 8a 51 a2 d5 3c Aug 26 18:34:00.486530: | 74 5e 4e d0 18 99 88 b1 1b 65 f2 8a Aug 26 18:34:00.486725: | running updown command "ipsec _updown" for verb down Aug 26 18:34:00.486732: | command executing down-client Aug 26 18:34:00.486766: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:34:00.486774: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Aug 26 18:34:00.486801: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-dpd/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566844417' PLUTO_CONN_POLIC Aug 26 18:34:00.486808: | popen cmd is 1409 chars long Aug 26 18:34:00.486812: | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-dpd/0x1' PL: Aug 26 18:34:00.486816: | cmd( 80):UTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY: Aug 26 18:34:00.486820: | cmd( 160):_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.test: Aug 26 18:34:00.486823: | cmd( 240):ing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.: Aug 26 18:34:00.486827: | cmd( 320):0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO: Aug 26 18:34:00.486831: | cmd( 400):_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PL: Aug 26 18:34:00.486835: | cmd( 480):UTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, O: Aug 26 18:34:00.486838: | cmd( 560):U=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.: Aug 26 18:34:00.486842: | cmd( 640):org' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PE: Aug 26 18:34:00.486846: | cmd( 720):ER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO: Aug 26 18:34:00.486849: | cmd( 800):_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libre: Aug 26 18:34:00.486853: | cmd( 880):swan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADD: Aug 26 18:34:00.486857: | cmd( 960):TIME='1566844417' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SA: Aug 26 18:34:00.486860: | cmd(1040):REF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRF: Aug 26 18:34:00.486864: | cmd(1120):AMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO: Aug 26 18:34:00.486868: | cmd(1200):_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT=: Aug 26 18:34:00.486872: | cmd(1280):'0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN: Aug 26 18:34:00.486875: | cmd(1360):=0xe0d54674 SPI_OUT=0x1c276340 ipsec _updown 2>&1: Aug 26 18:34:00.498105: | shunt_eroute() called for connection 'north-dpd/0x1' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 0--0->-0 Aug 26 18:34:00.498126: | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 Aug 26 18:34:00.498131: | priority calculation of connection "north-dpd/0x1" is 0xfe7e7 Aug 26 18:34:00.498136: | IPsec Sa SPD priority set to 1042407 Aug 26 18:34:00.498180: | delete esp.e0d54674@192.1.2.23 Aug 26 18:34:00.498199: | netlink response for Del SA esp.e0d54674@192.1.2.23 included non-error error Aug 26 18:34:00.498204: | priority calculation of connection "north-dpd/0x1" is 0xfe7e7 Aug 26 18:34:00.498212: | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.3.0/24:0 => unk255.10000@192.1.3.33 (raw_eroute) Aug 26 18:34:00.498236: | raw_eroute result=success Aug 26 18:34:00.498242: | delete esp.1c276340@192.1.3.33 Aug 26 18:34:00.498256: | netlink response for Del SA esp.1c276340@192.1.3.33 included non-error error Aug 26 18:34:00.498269: | in connection_discard for connection north-dpd/0x1 Aug 26 18:34:00.498273: | State DB: deleting IKEv1 state #6 in QUICK_I2 Aug 26 18:34:00.498284: | child state #6: QUICK_I2(established CHILD SA) => UNDEFINED(ignore) Aug 26 18:34:00.498337: | stop processing: state #6 from 192.1.2.23 (in delete_state() at state.c:1143) Aug 26 18:34:00.498377: | libevent_free: release ptr-libevent@0x55a94fbdc438 Aug 26 18:34:00.498383: | free_event_entry: release EVENT_SA_EXPIRE-pe@0x55a94fbd5b58 Aug 26 18:34:00.498387: | in statetime_stop() and could not find #6 Aug 26 18:34:00.498390: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Aug 26 18:34:00.498410: | spent 0.00261 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:34:00.498431: | *received 92 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 18:34:00.498434: | b4 b9 92 b1 8c d6 51 ed 11 de db 08 7f 65 6e 7d Aug 26 18:34:00.498438: | 08 10 05 01 c0 df 4b 01 00 00 00 5c 15 54 54 1c Aug 26 18:34:00.498440: | 6e f6 7a 1a cf 72 b2 d5 3a c5 e0 76 d4 81 99 a6 Aug 26 18:34:00.498443: | 56 59 46 5a 8d c1 ba c6 81 c8 93 28 89 30 73 b2 Aug 26 18:34:00.498445: | 14 e9 57 48 d5 33 89 dc af 19 ea af 36 c0 d5 c0 Aug 26 18:34:00.498448: | 6e 2c 1b 00 26 eb 8c b3 fd 97 23 a0 Aug 26 18:34:00.498453: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 18:34:00.498458: | **parse ISAKMP Message: Aug 26 18:34:00.498461: | initiator cookie: Aug 26 18:34:00.498463: | b4 b9 92 b1 8c d6 51 ed Aug 26 18:34:00.498466: | responder cookie: Aug 26 18:34:00.498468: | 11 de db 08 7f 65 6e 7d Aug 26 18:34:00.498471: | next payload type: ISAKMP_NEXT_HASH (0x8) Aug 26 18:34:00.498474: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 18:34:00.498477: | exchange type: ISAKMP_XCHG_INFO (0x5) Aug 26 18:34:00.498481: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 18:34:00.498483: | Message ID: 3235859201 (0xc0df4b01) Aug 26 18:34:00.498486: | length: 92 (0x5c) Aug 26 18:34:00.498489: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_INFO (5) Aug 26 18:34:00.498494: | peer and cookies match on #9; msgid=00000000 st_msgid=7e479d25 st_msgid_phase15=00000000 Aug 26 18:34:00.498497: | peer and cookies match on #8; msgid=00000000 st_msgid=769a4b7a st_msgid_phase15=00000000 Aug 26 18:34:00.498500: | peer and cookies match on #5; msgid=00000000 st_msgid=78d83418 st_msgid_phase15=00000000 Aug 26 18:34:00.498503: | peer and cookies match on #4; msgid=00000000 st_msgid=b63903a6 st_msgid_phase15=00000000 Aug 26 18:34:00.498506: | peer and cookies match on #1; msgid=00000000 st_msgid=00000000 st_msgid_phase15=00000000 Aug 26 18:34:00.498508: | p15 state object #1 found, in STATE_MAIN_I4 Aug 26 18:34:00.498511: | State DB: found IKEv1 state #1 in MAIN_I4 (find_v1_info_state) Aug 26 18:34:00.498517: | start processing: state #1 connection "north-dpd/0x2" from 192.1.2.23 (in process_v1_packet() at ikev1.c:1479) Aug 26 18:34:00.498540: | #1 is idle Aug 26 18:34:00.498544: | #1 idle Aug 26 18:34:00.498548: | received encrypted packet from 192.1.2.23:500 Aug 26 18:34:00.498566: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x100 opt: 0x0 Aug 26 18:34:00.498569: | ***parse ISAKMP Hash Payload: Aug 26 18:34:00.498572: | next payload type: ISAKMP_NEXT_D (0xc) Aug 26 18:34:00.498575: | length: 36 (0x24) Aug 26 18:34:00.498578: | got payload 0x1000 (ISAKMP_NEXT_D) needed: 0x0 opt: 0x0 Aug 26 18:34:00.498581: | ***parse ISAKMP Delete Payload: Aug 26 18:34:00.498584: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:34:00.498587: | length: 16 (0x10) Aug 26 18:34:00.498589: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 18:34:00.498592: | protocol ID: 3 (0x3) Aug 26 18:34:00.498595: | SPI size: 4 (0x4) Aug 26 18:34:00.498597: | number of SPIs: 1 (0x1) Aug 26 18:34:00.498600: | removing 12 bytes of padding Aug 26 18:34:00.498628: | informational HASH(1): Aug 26 18:34:00.498632: | 93 e8 37 51 c1 b6 6b 3d 8a d5 2c a5 01 95 c7 29 Aug 26 18:34:00.498635: | 91 80 02 0a 38 55 64 45 46 47 84 84 fc eb 36 49 Aug 26 18:34:00.498639: | received 'informational' message HASH(1) data ok Aug 26 18:34:00.498644: | parsing 4 raw bytes of ISAKMP Delete Payload into SPI Aug 26 18:34:00.498647: | SPI a6 db cb 71 Aug 26 18:34:00.498650: | FOR_EACH_STATE_... in find_phase2_state_to_delete Aug 26 18:34:00.498654: "north-dpd/0x2" #1: ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0xa6dbcb71) not found (maybe expired) Aug 26 18:34:00.498657: | del: Aug 26 18:34:00.498662: | #1 spent 2.48 milliseconds Aug 26 18:34:00.498667: | complete v1 state transition with STF_IGNORE Aug 26 18:34:00.498673: | #1 spent 0.0102 milliseconds in process_packet_tail() Aug 26 18:34:00.498679: | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) Aug 26 18:34:00.498684: | stop processing: state #1 connection "north-dpd/0x2" from 192.1.2.23 (in process_md() at demux.c:382) Aug 26 18:34:00.498688: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 18:34:00.498693: | spent 0.277 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:34:00.498702: | processing signal PLUTO_SIGCHLD Aug 26 18:34:00.498708: | waitpid returned ECHILD (no child processes left) Aug 26 18:34:00.498712: | spent 0.00535 milliseconds in signal handler PLUTO_SIGCHLD Aug 26 18:34:00.498721: | spent 0.00207 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:34:00.498732: | *received 92 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 18:34:00.498736: | b4 b9 92 b1 8c d6 51 ed 11 de db 08 7f 65 6e 7d Aug 26 18:34:00.498739: | 08 10 05 01 ba 65 bf 6a 00 00 00 5c 37 e4 19 d3 Aug 26 18:34:00.498741: | 48 91 8c da b0 eb f0 2d b6 a2 45 d0 4f dd 8a 4d Aug 26 18:34:00.498744: | 78 65 21 73 31 61 71 e4 4a 60 b2 6b 9e ae 07 7d Aug 26 18:34:00.498747: | 39 1c 85 e9 e8 cd e0 fb 6d ce 29 c2 b9 73 06 9c Aug 26 18:34:00.498749: | cb a1 82 26 40 e7 37 a0 10 d0 20 ca Aug 26 18:34:00.498754: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 18:34:00.498757: | **parse ISAKMP Message: Aug 26 18:34:00.498760: | initiator cookie: Aug 26 18:34:00.498763: | b4 b9 92 b1 8c d6 51 ed Aug 26 18:34:00.498766: | responder cookie: Aug 26 18:34:00.498768: | 11 de db 08 7f 65 6e 7d Aug 26 18:34:00.498771: | next payload type: ISAKMP_NEXT_HASH (0x8) Aug 26 18:34:00.498774: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 18:34:00.498777: | exchange type: ISAKMP_XCHG_INFO (0x5) Aug 26 18:34:00.498780: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 18:34:00.498783: | Message ID: 3127230314 (0xba65bf6a) Aug 26 18:34:00.498786: | length: 92 (0x5c) Aug 26 18:34:00.498789: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_INFO (5) Aug 26 18:34:00.498793: | peer and cookies match on #9; msgid=00000000 st_msgid=7e479d25 st_msgid_phase15=00000000 Aug 26 18:34:00.498796: | peer and cookies match on #8; msgid=00000000 st_msgid=769a4b7a st_msgid_phase15=00000000 Aug 26 18:34:00.498799: | peer and cookies match on #5; msgid=00000000 st_msgid=78d83418 st_msgid_phase15=00000000 Aug 26 18:34:00.498803: | peer and cookies match on #4; msgid=00000000 st_msgid=b63903a6 st_msgid_phase15=00000000 Aug 26 18:34:00.498806: | peer and cookies match on #1; msgid=00000000 st_msgid=00000000 st_msgid_phase15=00000000 Aug 26 18:34:00.498809: | p15 state object #1 found, in STATE_MAIN_I4 Aug 26 18:34:00.498812: | State DB: found IKEv1 state #1 in MAIN_I4 (find_v1_info_state) Aug 26 18:34:00.498817: | start processing: state #1 connection "north-dpd/0x2" from 192.1.2.23 (in process_v1_packet() at ikev1.c:1479) Aug 26 18:34:00.498826: | #1 is idle Aug 26 18:34:00.498829: | #1 idle Aug 26 18:34:00.498833: | received encrypted packet from 192.1.2.23:500 Aug 26 18:34:00.498842: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x100 opt: 0x0 Aug 26 18:34:00.498845: | ***parse ISAKMP Hash Payload: Aug 26 18:34:00.498848: | next payload type: ISAKMP_NEXT_D (0xc) Aug 26 18:34:00.498851: | length: 36 (0x24) Aug 26 18:34:00.498854: | got payload 0x1000 (ISAKMP_NEXT_D) needed: 0x0 opt: 0x0 Aug 26 18:34:00.498859: | ***parse ISAKMP Delete Payload: Aug 26 18:34:00.498862: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:34:00.498865: | length: 16 (0x10) Aug 26 18:34:00.498867: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 18:34:00.498870: | protocol ID: 3 (0x3) Aug 26 18:34:00.498872: | SPI size: 4 (0x4) Aug 26 18:34:00.498875: | number of SPIs: 1 (0x1) Aug 26 18:34:00.498877: | removing 12 bytes of padding Aug 26 18:34:00.498894: | informational HASH(1): Aug 26 18:34:00.498898: | 57 b7 89 43 ec 1e c3 23 e2 b8 47 61 48 a8 c2 a0 Aug 26 18:34:00.498900: | 2b 0e 58 73 13 04 21 3b 82 40 83 36 49 d1 9a be Aug 26 18:34:00.498903: | received 'informational' message HASH(1) data ok Aug 26 18:34:00.498907: | parsing 4 raw bytes of ISAKMP Delete Payload into SPI Aug 26 18:34:00.498909: | SPI 8b 8a 55 69 Aug 26 18:34:00.498912: | FOR_EACH_STATE_... in find_phase2_state_to_delete Aug 26 18:34:00.498915: "north-dpd/0x2" #1: ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0x8b8a5569) not found (maybe expired) Aug 26 18:34:00.498918: | del: Aug 26 18:34:00.498922: | complete v1 state transition with STF_IGNORE Aug 26 18:34:00.498927: | #1 spent 0.00396 milliseconds in process_packet_tail() Aug 26 18:34:00.498932: | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) Aug 26 18:34:00.498937: | stop processing: state #1 connection "north-dpd/0x2" from 192.1.2.23 (in process_md() at demux.c:382) Aug 26 18:34:00.498940: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 18:34:00.498945: | spent 0.218 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:34:00.498952: | spent 0.00152 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Aug 26 18:34:00.498961: | *received 92 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Aug 26 18:34:00.498965: | b4 b9 92 b1 8c d6 51 ed 11 de db 08 7f 65 6e 7d Aug 26 18:34:00.498967: | 08 10 05 01 20 dc 8c e3 00 00 00 5c e6 76 22 ec Aug 26 18:34:00.498970: | 46 54 c4 f7 a3 48 59 93 47 01 72 e7 22 ab 79 2e Aug 26 18:34:00.498972: | c0 d4 b1 b8 eb 2e 54 20 c0 1c 49 17 25 e5 6e 0a Aug 26 18:34:00.498975: | f4 ef e8 6e 91 8e 57 8b ed 96 6e c4 75 81 ef a7 Aug 26 18:34:00.498977: | ea 73 59 4b dd 4b 31 b9 3a 66 24 25 Aug 26 18:34:00.498982: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Aug 26 18:34:00.498985: | **parse ISAKMP Message: Aug 26 18:34:00.498988: | initiator cookie: Aug 26 18:34:00.498990: | b4 b9 92 b1 8c d6 51 ed Aug 26 18:34:00.498993: | responder cookie: Aug 26 18:34:00.498995: | 11 de db 08 7f 65 6e 7d Aug 26 18:34:00.498998: | next payload type: ISAKMP_NEXT_HASH (0x8) Aug 26 18:34:00.499001: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 18:34:00.499003: | exchange type: ISAKMP_XCHG_INFO (0x5) Aug 26 18:34:00.499006: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 18:34:00.499009: | Message ID: 551324899 (0x20dc8ce3) Aug 26 18:34:00.499011: | length: 92 (0x5c) Aug 26 18:34:00.499014: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_INFO (5) Aug 26 18:34:00.499018: | peer and cookies match on #9; msgid=00000000 st_msgid=7e479d25 st_msgid_phase15=00000000 Aug 26 18:34:00.499021: | peer and cookies match on #8; msgid=00000000 st_msgid=769a4b7a st_msgid_phase15=00000000 Aug 26 18:34:00.499024: | peer and cookies match on #5; msgid=00000000 st_msgid=78d83418 st_msgid_phase15=00000000 Aug 26 18:34:00.499027: | peer and cookies match on #4; msgid=00000000 st_msgid=b63903a6 st_msgid_phase15=00000000 Aug 26 18:34:00.499030: | peer and cookies match on #1; msgid=00000000 st_msgid=00000000 st_msgid_phase15=00000000 Aug 26 18:34:00.499033: | p15 state object #1 found, in STATE_MAIN_I4 Aug 26 18:34:00.499036: | State DB: found IKEv1 state #1 in MAIN_I4 (find_v1_info_state) Aug 26 18:34:00.499041: | start processing: state #1 connection "north-dpd/0x2" from 192.1.2.23 (in process_v1_packet() at ikev1.c:1479) Aug 26 18:34:00.499049: | #1 is idle Aug 26 18:34:00.499055: | #1 idle Aug 26 18:34:00.499059: | received encrypted packet from 192.1.2.23:500 Aug 26 18:34:00.499066: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x100 opt: 0x0 Aug 26 18:34:00.499069: | ***parse ISAKMP Hash Payload: Aug 26 18:34:00.499072: | next payload type: ISAKMP_NEXT_D (0xc) Aug 26 18:34:00.499075: | length: 36 (0x24) Aug 26 18:34:00.499079: | got payload 0x1000 (ISAKMP_NEXT_D) needed: 0x0 opt: 0x0 Aug 26 18:34:00.499081: | ***parse ISAKMP Delete Payload: Aug 26 18:34:00.499084: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:34:00.499087: | length: 28 (0x1c) Aug 26 18:34:00.499089: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 18:34:00.499092: | protocol ID: 1 (0x1) Aug 26 18:34:00.499095: | SPI size: 16 (0x10) Aug 26 18:34:00.499097: | number of SPIs: 1 (0x1) Aug 26 18:34:00.499113: | informational HASH(1): Aug 26 18:34:00.499116: | b2 15 f4 76 5a b3 3c 08 db 52 fc 5c 62 0d b5 e2 Aug 26 18:34:00.499119: | 0f f4 12 28 8d 8a fa df 5b ea 52 f5 62 af fb 1b Aug 26 18:34:00.499121: | received 'informational' message HASH(1) data ok Aug 26 18:34:00.499124: | parsing 8 raw bytes of ISAKMP Delete Payload into iCookie Aug 26 18:34:00.499127: | iCookie b4 b9 92 b1 8c d6 51 ed Aug 26 18:34:00.499130: | parsing 8 raw bytes of ISAKMP Delete Payload into rCookie Aug 26 18:34:00.499132: | rCookie 11 de db 08 7f 65 6e 7d Aug 26 18:34:00.499135: | State DB: found IKEv1 state #1 in MAIN_I4 (find_state_ikev1) Aug 26 18:34:00.499138: | del: Aug 26 18:34:00.499141: "north-dpd/0x2" #1: received Delete SA payload: self-deleting ISAKMP State #1 Aug 26 18:34:00.499145: | pstats #1 ikev1.isakmp deleted completed Aug 26 18:34:00.499149: | [RE]START processing: state #1 connection "north-dpd/0x2" from 192.1.2.23 (in delete_state() at state.c:879) Aug 26 18:34:00.499153: "north-dpd/0x2" #1: deleting state (STATE_MAIN_I4) aged 66.189s and sending notification Aug 26 18:34:00.499156: | parent state #1: MAIN_I4(established IKE SA) => delete Aug 26 18:34:00.499210: | #1 send IKEv1 delete notification for STATE_MAIN_I4 Aug 26 18:34:00.499222: | **emit ISAKMP Message: Aug 26 18:34:00.499225: | initiator cookie: Aug 26 18:34:00.499228: | b4 b9 92 b1 8c d6 51 ed Aug 26 18:34:00.499230: | responder cookie: Aug 26 18:34:00.499233: | 11 de db 08 7f 65 6e 7d Aug 26 18:34:00.499236: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:34:00.499238: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 18:34:00.499241: | exchange type: ISAKMP_XCHG_INFO (0x5) Aug 26 18:34:00.499244: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Aug 26 18:34:00.499247: | Message ID: 4022207613 (0xefbe047d) Aug 26 18:34:00.499250: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:34:00.499253: | ***emit ISAKMP Hash Payload: Aug 26 18:34:00.499256: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:34:00.499259: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Aug 26 18:34:00.499262: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'delete msg' Aug 26 18:34:00.499266: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Aug 26 18:34:00.499269: | emitting length of ISAKMP Hash Payload: 36 Aug 26 18:34:00.499271: | ***emit ISAKMP Delete Payload: Aug 26 18:34:00.499274: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:34:00.499277: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 18:34:00.499279: | protocol ID: 1 (0x1) Aug 26 18:34:00.499282: | SPI size: 16 (0x10) Aug 26 18:34:00.499285: | number of SPIs: 1 (0x1) Aug 26 18:34:00.499292: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Delete Payload (12:ISAKMP_NEXT_D) Aug 26 18:34:00.499298: | next payload chain: saving location 'ISAKMP Delete Payload'.'next payload type' in 'delete msg' Aug 26 18:34:00.499302: | emitting 8 raw bytes of initiator SPI into ISAKMP Delete Payload Aug 26 18:34:00.499304: | initiator SPI b4 b9 92 b1 8c d6 51 ed Aug 26 18:34:00.499310: | emitting 8 raw bytes of responder SPI into ISAKMP Delete Payload Aug 26 18:34:00.499312: | responder SPI 11 de db 08 7f 65 6e 7d Aug 26 18:34:00.499315: | emitting length of ISAKMP Delete Payload: 28 Aug 26 18:34:00.499332: | send delete HASH(1): Aug 26 18:34:00.499336: | 60 c5 cd 42 57 52 2d dc f5 2f 32 cf 11 b2 4c 22 Aug 26 18:34:00.499338: | 9e ff 4a b9 8d 70 70 ec 11 b4 99 a3 c1 a4 8d 8f Aug 26 18:34:00.499346: | no IKEv1 message padding required Aug 26 18:34:00.499349: | emitting length of ISAKMP Message: 92 Aug 26 18:34:00.499361: | sending 92 bytes for delete notify through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Aug 26 18:34:00.499366: | b4 b9 92 b1 8c d6 51 ed 11 de db 08 7f 65 6e 7d Aug 26 18:34:00.499368: | 08 10 05 01 ef be 04 7d 00 00 00 5c 47 44 23 d5 Aug 26 18:34:00.499371: | c0 40 79 17 0a 06 ae 0c 02 cc 48 c9 ba e3 fd 89 Aug 26 18:34:00.499373: | ba ba 71 67 90 30 7c f3 0c de 68 21 ab 99 0e ed Aug 26 18:34:00.499376: | 78 c6 23 87 e1 78 eb 0b a1 47 55 32 a2 89 c9 84 Aug 26 18:34:00.499378: | bc 1c 6d b3 39 51 fa 38 18 ed 2c f6 Aug 26 18:34:00.499422: | state #1 requesting EVENT_SA_REPLACE to be deleted Aug 26 18:34:00.499430: | libevent_free: release ptr-libevent@0x55a94fbef848 Aug 26 18:34:00.499435: | free_event_entry: release EVENT_SA_REPLACE-pe@0x55a94fbcc388 Aug 26 18:34:00.499439: "north-dpd/0x2" #1: reschedule pending child #9 STATE_QUICK_I1 of connection "north-dpd/0x1" - the parent is going away Aug 26 18:34:00.499443: | state #9 requesting EVENT_RETRANSMIT to be deleted Aug 26 18:34:00.499446: | #9 STATE_QUICK_I1: retransmits: cleared Aug 26 18:34:00.499450: | libevent_free: release ptr-libevent@0x55a94fbe4a78 Aug 26 18:34:00.499454: | free_event_entry: release EVENT_RETRANSMIT-pe@0x55a94fbd3b08 Aug 26 18:34:00.499457: | event_schedule: new EVENT_SA_REPLACE-pe@0x7f549c004218 Aug 26 18:34:00.499461: | inserting event EVENT_SA_REPLACE, timeout in 0 seconds for #9 Aug 26 18:34:00.499465: | libevent_malloc: new ptr-libevent@0x7f5498004fd8 size 128 Aug 26 18:34:00.499469: "north-dpd/0x2" #1: reschedule pending child #8 STATE_QUICK_I1 of connection "north-dpd/0x2" - the parent is going away Aug 26 18:34:00.499472: | state #8 requesting EVENT_RETRANSMIT to be deleted Aug 26 18:34:00.499475: | #8 STATE_QUICK_I1: retransmits: cleared Aug 26 18:34:00.499478: | libevent_free: release ptr-libevent@0x55a94fbe7518 Aug 26 18:34:00.499482: | free_event_entry: release EVENT_RETRANSMIT-pe@0x55a94fbd3e68 Aug 26 18:34:00.499485: | event_schedule: new EVENT_SA_REPLACE-pe@0x55a94fbd3e68 Aug 26 18:34:00.499488: | inserting event EVENT_SA_REPLACE, timeout in 0 seconds for #8 Aug 26 18:34:00.499491: | libevent_malloc: new ptr-libevent@0x55a94fbe7518 size 128 Aug 26 18:34:00.499495: "north-dpd/0x2" #1: reschedule pending child #5 STATE_QUICK_I1 of connection "north-dpd/0x1" - the parent is going away Aug 26 18:34:00.499499: | state #5 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 18:34:00.499501: | libevent_free: release ptr-libevent@0x55a94fbef668 Aug 26 18:34:00.499506: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55a94fbcf2d8 Aug 26 18:34:00.499509: | event_schedule: new EVENT_SA_REPLACE-pe@0x55a94fbcf2d8 Aug 26 18:34:00.499512: | inserting event EVENT_SA_REPLACE, timeout in 0 seconds for #5 Aug 26 18:34:00.499515: | libevent_malloc: new ptr-libevent@0x55a94fbef668 size 128 Aug 26 18:34:00.499518: "north-dpd/0x2" #1: reschedule pending child #4 STATE_QUICK_I1 of connection "north-dpd/0x2" - the parent is going away Aug 26 18:34:00.499521: | state #4 requesting EVENT_CRYPTO_TIMEOUT to be deleted Aug 26 18:34:00.499524: | libevent_free: release ptr-libevent@0x7f548c002888 Aug 26 18:34:00.499529: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55a94fb5b238 Aug 26 18:34:00.499532: | event_schedule: new EVENT_SA_REPLACE-pe@0x55a94fb5b238 Aug 26 18:34:00.499535: | inserting event EVENT_SA_REPLACE, timeout in 0 seconds for #4 Aug 26 18:34:00.499538: | libevent_malloc: new ptr-libevent@0x7f548c002888 size 128 Aug 26 18:34:00.499543: | State DB: IKEv1 state not found (flush_incomplete_children) Aug 26 18:34:00.499547: | picked newest_isakmp_sa #0 for #1 Aug 26 18:34:00.499550: "north-dpd/0x2" #1: deleting IKE SA for connection 'north-dpd/0x2' but connection is supposed to remain up; schedule EVENT_REVIVE_CONNS Aug 26 18:34:00.499556: | add revival: connection 'north-dpd/0x2' added to the list and scheduled for 0 seconds Aug 26 18:34:00.499559: | global one-shot timer EVENT_REVIVE_CONNS scheduled in 0 seconds Aug 26 18:34:00.499564: | in connection_discard for connection north-dpd/0x2 Aug 26 18:34:00.499567: | State DB: deleting IKEv1 state #1 in MAIN_I4 Aug 26 18:34:00.499572: | parent state #1: MAIN_I4(established IKE SA) => UNDEFINED(ignore) Aug 26 18:34:00.499583: | unreference key: 0x55a94fbcd858 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org cnt 2-- Aug 26 18:34:00.499607: | stop processing: state #1 from 192.1.2.23 (in delete_state() at state.c:1143) Aug 26 18:34:00.499618: | unreference key: 0x55a94fbcd858 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org cnt 1-- Aug 26 18:34:00.499623: | unreference key: 0x55a94fbdc348 user-east@testing.libreswan.org cnt 1-- Aug 26 18:34:00.499627: | unreference key: 0x55a94fbe7938 @east.testing.libreswan.org cnt 1-- Aug 26 18:34:00.499632: | unreference key: 0x55a94fbe9468 east@testing.libreswan.org cnt 1-- Aug 26 18:34:00.499637: | unreference key: 0x55a94fbeaee8 192.1.2.23 cnt 1-- Aug 26 18:34:00.499650: | in statetime_start() with no state Aug 26 18:34:00.499653: | complete v1 state transition with STF_IGNORE Aug 26 18:34:00.499658: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Aug 26 18:34:00.499661: | processing: STOP state #0 (in process_md() at demux.c:382) Aug 26 18:34:00.499664: | processing: STOP connection NULL (in process_md() at demux.c:383) Aug 26 18:34:00.499669: | spent 0.683 milliseconds in comm_handle_cb() reading and processing packet Aug 26 18:34:00.499675: | timer_event_cb: processing event@0x7f549c004218 Aug 26 18:34:00.499679: | handling event EVENT_SA_REPLACE for child state #9 Aug 26 18:34:00.499684: | start processing: state #9 connection "north-dpd/0x1" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 18:34:00.499687: | picked newest_ipsec_sa #0 for #9 Aug 26 18:34:00.499690: | replacing stale IPsec SA Aug 26 18:34:00.499694: | dup_any(fd@-1) -> fd@-1 (in ipsecdoi_replace() at ipsec_doi.c:351) Aug 26 18:34:00.499697: | FOR_EACH_STATE_... in find_phase1_state Aug 26 18:34:00.499703: | creating state object #10 at 0x55a94fbcf628 Aug 26 18:34:00.499706: | State DB: adding IKEv1 state #10 in UNDEFINED Aug 26 18:34:00.499712: | pstats #10 ikev1.isakmp started Aug 26 18:34:00.499719: | suspend processing: state #9 connection "north-dpd/0x1" from 192.1.2.23 (in main_outI1() at ikev1_main.c:118) Aug 26 18:34:00.499724: | start processing: state #10 connection "north-dpd/0x1" from 192.1.2.23 (in main_outI1() at ikev1_main.c:118) Aug 26 18:34:00.499727: | parent state #10: UNDEFINED(ignore) => MAIN_I1(half-open IKE SA) Aug 26 18:34:00.499731: | dup_any(fd@-1) -> fd@-1 (in main_outI1() at ikev1_main.c:123) Aug 26 18:34:00.499735: | Queuing pending IPsec SA negotiating with 192.1.2.23 "north-dpd/0x1" IKE SA #10 "north-dpd/0x1" Aug 26 18:34:00.499739: "north-dpd/0x1" #10: initiating Main Mode Aug 26 18:34:00.499763: | **emit ISAKMP Message: Aug 26 18:34:00.499766: | initiator cookie: Aug 26 18:34:00.499768: | 7f 90 8f c4 99 2c 6d 57 Aug 26 18:34:00.499771: | responder cookie: Aug 26 18:34:00.499774: | 00 00 00 00 00 00 00 00 Aug 26 18:34:00.499777: | next payload type: ISAKMP_NEXT_SA (0x1) Aug 26 18:34:00.499779: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Aug 26 18:34:00.499782: | exchange type: ISAKMP_XCHG_IDPROT (0x2) Aug 26 18:34:00.499785: | flags: none (0x0) Aug 26 18:34:00.499788: | Message ID: 0 (0x0) Aug 26 18:34:00.499790: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Aug 26 18:34:00.499795: | next payload chain: ignoring supplied 'ISAKMP Message'.'next payload type' value 1:ISAKMP_NEXT_SA Aug 26 18:34:00.499799: | no specific IKE algorithms specified - using defaults Aug 26 18:34:00.499826: | oakley_alg_makedb() processing ealg=aes=7 halg=sha2_256=4 modp=MODP2048=14 eklen=0 Aug 26 18:34:00.499832: | oakley_alg_makedb() processing ealg=aes=7 halg=sha2_512=6 modp=MODP2048=14 eklen=0 Aug 26 18:34:00.499837: | oakley_alg_makedb() processing ealg=aes=7 halg=sha=2 modp=MODP2048=14 eklen=0 Aug 26 18:34:00.499843: | oakley_alg_makedb() processing ealg=aes=7 halg=sha2_256=4 modp=MODP1536=5 eklen=0 Aug 26 18:34:00.499849: | oakley_alg_makedb() processing ealg=aes=7 halg=sha2_512=6 modp=MODP1536=5 eklen=0 Aug 26 18:34:00.499857: | oakley_alg_makedb() processing ealg=aes=7 halg=sha=2 modp=MODP1536=5 eklen=0 Aug 26 18:34:00.499865: | oakley_alg_makedb() processing ealg=3des_cbc=5 halg=sha2_256=4 modp=MODP2048=14 eklen=0 Aug 26 18:34:00.499871: | oakley_alg_makedb() processing ealg=3des_cbc=5 halg=sha2_512=6 modp=MODP2048=14 eklen=0 Aug 26 18:34:00.499876: | oakley_alg_makedb() processing ealg=3des_cbc=5 halg=sha=2 modp=MODP2048=14 eklen=0 Aug 26 18:34:00.499881: | oakley_alg_makedb() processing ealg=3des_cbc=5 halg=sha2_256=4 modp=MODP1536=5 eklen=0 Aug 26 18:34:00.499887: | oakley_alg_makedb() processing ealg=3des_cbc=5 halg=sha2_512=6 modp=MODP1536=5 eklen=0 Aug 26 18:34:00.499892: | oakley_alg_makedb() processing ealg=3des_cbc=5 halg=sha=2 modp=MODP1536=5 eklen=0 Aug 26 18:34:00.499897: | oakley_alg_makedb() returning 0x55a94fbd6628 Aug 26 18:34:00.499904: | ***emit ISAKMP Security Association Payload: Aug 26 18:34:00.499907: | next payload type: ISAKMP_NEXT_VID (0xd) Aug 26 18:34:00.499909: | DOI: ISAKMP_DOI_IPSEC (0x1) Aug 26 18:34:00.499913: | next payload chain: ignoring supplied 'ISAKMP Security Association Payload'.'next payload type' value 13:ISAKMP_NEXT_VID Aug 26 18:34:00.499916: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Security Association Payload (1:ISAKMP_NEXT_SA) Aug 26 18:34:00.499919: | next payload chain: saving location 'ISAKMP Security Association Payload'.'next payload type' in 'reply packet' Aug 26 18:34:00.499922: | ****emit IPsec DOI SIT: Aug 26 18:34:00.499925: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) Aug 26 18:34:00.499928: | ikev1_out_sa pcn: 0 has 1 valid proposals Aug 26 18:34:00.499931: | ikev1_out_sa pcn: 0 pn: 0<1 valid_count: 1 trans_cnt: 18 Aug 26 18:34:00.499934: | ****emit ISAKMP Proposal Payload: Aug 26 18:34:00.499936: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:34:00.499939: | proposal number: 0 (0x0) Aug 26 18:34:00.499942: | protocol ID: PROTO_ISAKMP (0x1) Aug 26 18:34:00.499944: | SPI size: 0 (0x0) Aug 26 18:34:00.499947: | number of transforms: 18 (0x12) Aug 26 18:34:00.499950: | last substructure: saving location 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' Aug 26 18:34:00.499953: | *****emit ISAKMP Transform Payload (ISAKMP): Aug 26 18:34:00.499956: | next payload type: ISAKMP_NEXT_T (0x3) Aug 26 18:34:00.499958: | ISAKMP transform number: 0 (0x0) Aug 26 18:34:00.499961: | ISAKMP transform ID: KEY_IKE (0x1) Aug 26 18:34:00.499964: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Aug 26 18:34:00.499967: | ******emit ISAKMP Oakley attribute: Aug 26 18:34:00.499970: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Aug 26 18:34:00.499973: | length/value: 1 (0x1) Aug 26 18:34:00.499976: | [1 is OAKLEY_LIFE_SECONDS] Aug 26 18:34:00.499979: | ******emit ISAKMP Oakley attribute: Aug 26 18:34:00.499982: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Aug 26 18:34:00.499985: | length/value: 3600 (0xe10) Aug 26 18:34:00.499987: | ******emit ISAKMP Oakley attribute: Aug 26 18:34:00.499990: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Aug 26 18:34:00.499993: | length/value: 7 (0x7) Aug 26 18:34:00.499997: | [7 is OAKLEY_AES_CBC] Aug 26 18:34:00.500000: | ******emit ISAKMP Oakley attribute: Aug 26 18:34:00.500003: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Aug 26 18:34:00.500005: | length/value: 4 (0x4) Aug 26 18:34:00.500008: | [4 is OAKLEY_SHA2_256] Aug 26 18:34:00.500010: | ******emit ISAKMP Oakley attribute: Aug 26 18:34:00.500013: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Aug 26 18:34:00.500016: | length/value: 3 (0x3) Aug 26 18:34:00.500018: | [3 is OAKLEY_RSA_SIG] Aug 26 18:34:00.500021: | ******emit ISAKMP Oakley attribute: Aug 26 18:34:00.500023: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Aug 26 18:34:00.500026: | length/value: 14 (0xe) Aug 26 18:34:00.500029: | [14 is OAKLEY_GROUP_MODP2048] Aug 26 18:34:00.500031: | ******emit ISAKMP Oakley attribute: Aug 26 18:34:00.500034: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) Aug 26 18:34:00.500037: | length/value: 256 (0x100) Aug 26 18:34:00.500039: | emitting length of ISAKMP Transform Payload (ISAKMP): 36 Aug 26 18:34:00.500042: | *****emit ISAKMP Transform Payload (ISAKMP): Aug 26 18:34:00.500045: | next payload type: ISAKMP_NEXT_T (0x3) Aug 26 18:34:00.500047: | ISAKMP transform number: 1 (0x1) Aug 26 18:34:00.500050: | ISAKMP transform ID: KEY_IKE (0x1) Aug 26 18:34:00.500053: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Aug 26 18:34:00.500056: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Aug 26 18:34:00.500059: | ******emit ISAKMP Oakley attribute: Aug 26 18:34:00.500062: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Aug 26 18:34:00.500065: | length/value: 1 (0x1) Aug 26 18:34:00.500067: | [1 is OAKLEY_LIFE_SECONDS] Aug 26 18:34:00.500070: | ******emit ISAKMP Oakley attribute: Aug 26 18:34:00.500073: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Aug 26 18:34:00.500075: | length/value: 3600 (0xe10) Aug 26 18:34:00.500078: | ******emit ISAKMP Oakley attribute: Aug 26 18:34:00.500081: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Aug 26 18:34:00.500083: | length/value: 7 (0x7) Aug 26 18:34:00.500086: | [7 is OAKLEY_AES_CBC] Aug 26 18:34:00.500088: | ******emit ISAKMP Oakley attribute: Aug 26 18:34:00.500091: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Aug 26 18:34:00.500094: | length/value: 4 (0x4) Aug 26 18:34:00.500096: | [4 is OAKLEY_SHA2_256] Aug 26 18:34:00.500099: | ******emit ISAKMP Oakley attribute: Aug 26 18:34:00.500102: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Aug 26 18:34:00.500104: | length/value: 3 (0x3) Aug 26 18:34:00.500107: | [3 is OAKLEY_RSA_SIG] Aug 26 18:34:00.500109: | ******emit ISAKMP Oakley attribute: Aug 26 18:34:00.500112: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Aug 26 18:34:00.500115: | length/value: 14 (0xe) Aug 26 18:34:00.500117: | [14 is OAKLEY_GROUP_MODP2048] Aug 26 18:34:00.500120: | ******emit ISAKMP Oakley attribute: Aug 26 18:34:00.500123: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) Aug 26 18:34:00.500125: | length/value: 128 (0x80) Aug 26 18:34:00.500128: | emitting length of ISAKMP Transform Payload (ISAKMP): 36 Aug 26 18:34:00.500131: | *****emit ISAKMP Transform Payload (ISAKMP): Aug 26 18:34:00.500133: | next payload type: ISAKMP_NEXT_T (0x3) Aug 26 18:34:00.500136: | ISAKMP transform number: 2 (0x2) Aug 26 18:34:00.500138: | ISAKMP transform ID: KEY_IKE (0x1) Aug 26 18:34:00.500141: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Aug 26 18:34:00.500144: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Aug 26 18:34:00.500147: | ******emit ISAKMP Oakley attribute: Aug 26 18:34:00.500150: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Aug 26 18:34:00.500153: | length/value: 1 (0x1) Aug 26 18:34:00.500159: | [1 is OAKLEY_LIFE_SECONDS] Aug 26 18:34:00.500161: | ******emit ISAKMP Oakley attribute: Aug 26 18:34:00.500164: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Aug 26 18:34:00.500167: | length/value: 3600 (0xe10) Aug 26 18:34:00.500169: | ******emit ISAKMP Oakley attribute: Aug 26 18:34:00.500172: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Aug 26 18:34:00.500175: | length/value: 7 (0x7) Aug 26 18:34:00.500177: | [7 is OAKLEY_AES_CBC] Aug 26 18:34:00.500180: | ******emit ISAKMP Oakley attribute: Aug 26 18:34:00.500183: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Aug 26 18:34:00.500185: | length/value: 6 (0x6) Aug 26 18:34:00.500188: | [6 is OAKLEY_SHA2_512] Aug 26 18:34:00.500190: | ******emit ISAKMP Oakley attribute: Aug 26 18:34:00.500193: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Aug 26 18:34:00.500196: | length/value: 3 (0x3) Aug 26 18:34:00.500198: | [3 is OAKLEY_RSA_SIG] Aug 26 18:34:00.500201: | ******emit ISAKMP Oakley attribute: Aug 26 18:34:00.500204: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Aug 26 18:34:00.500206: | length/value: 14 (0xe) Aug 26 18:34:00.500209: | [14 is OAKLEY_GROUP_MODP2048] Aug 26 18:34:00.500212: | ******emit ISAKMP Oakley attribute: Aug 26 18:34:00.500214: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) Aug 26 18:34:00.500217: | length/value: 256 (0x100) Aug 26 18:34:00.500220: | emitting length of ISAKMP Transform Payload (ISAKMP): 36 Aug 26 18:34:00.500222: | *****emit ISAKMP Transform Payload (ISAKMP): Aug 26 18:34:00.500225: | next payload type: ISAKMP_NEXT_T (0x3) Aug 26 18:34:00.500228: | ISAKMP transform number: 3 (0x3) Aug 26 18:34:00.500230: | ISAKMP transform ID: KEY_IKE (0x1) Aug 26 18:34:00.500233: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Aug 26 18:34:00.500236: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Aug 26 18:34:00.500239: | ******emit ISAKMP Oakley attribute: Aug 26 18:34:00.500242: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Aug 26 18:34:00.500245: | length/value: 1 (0x1) Aug 26 18:34:00.500247: | [1 is OAKLEY_LIFE_SECONDS] Aug 26 18:34:00.500250: | ******emit ISAKMP Oakley attribute: Aug 26 18:34:00.500252: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Aug 26 18:34:00.500255: | length/value: 3600 (0xe10) Aug 26 18:34:00.500258: | ******emit ISAKMP Oakley attribute: Aug 26 18:34:00.500260: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Aug 26 18:34:00.500263: | length/value: 7 (0x7) Aug 26 18:34:00.500266: | [7 is OAKLEY_AES_CBC] Aug 26 18:34:00.500268: | ******emit ISAKMP Oakley attribute: Aug 26 18:34:00.500271: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Aug 26 18:34:00.500273: | length/value: 6 (0x6) Aug 26 18:34:00.500276: | [6 is OAKLEY_SHA2_512] Aug 26 18:34:00.500278: | ******emit ISAKMP Oakley attribute: Aug 26 18:34:00.500281: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Aug 26 18:34:00.500284: | length/value: 3 (0x3) Aug 26 18:34:00.500287: | [3 is OAKLEY_RSA_SIG] Aug 26 18:34:00.500296: | ******emit ISAKMP Oakley attribute: Aug 26 18:34:00.500299: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Aug 26 18:34:00.500301: | length/value: 14 (0xe) Aug 26 18:34:00.500304: | [14 is OAKLEY_GROUP_MODP2048] Aug 26 18:34:00.500307: | ******emit ISAKMP Oakley attribute: Aug 26 18:34:00.500309: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) Aug 26 18:34:00.500312: | length/value: 128 (0x80) Aug 26 18:34:00.500314: | emitting length of ISAKMP Transform Payload (ISAKMP): 36 Aug 26 18:34:00.500317: | *****emit ISAKMP Transform Payload (ISAKMP): Aug 26 18:34:00.500320: | next payload type: ISAKMP_NEXT_T (0x3) Aug 26 18:34:00.500322: | ISAKMP transform number: 4 (0x4) Aug 26 18:34:00.500325: | ISAKMP transform ID: KEY_IKE (0x1) Aug 26 18:34:00.500328: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Aug 26 18:34:00.500333: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Aug 26 18:34:00.500335: | ******emit ISAKMP Oakley attribute: Aug 26 18:34:00.500338: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Aug 26 18:34:00.500341: | length/value: 1 (0x1) Aug 26 18:34:00.500344: | [1 is OAKLEY_LIFE_SECONDS] Aug 26 18:34:00.500346: | ******emit ISAKMP Oakley attribute: Aug 26 18:34:00.500349: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Aug 26 18:34:00.500352: | length/value: 3600 (0xe10) Aug 26 18:34:00.500354: | ******emit ISAKMP Oakley attribute: Aug 26 18:34:00.500357: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Aug 26 18:34:00.500360: | length/value: 7 (0x7) Aug 26 18:34:00.500362: | [7 is OAKLEY_AES_CBC] Aug 26 18:34:00.500365: | ******emit ISAKMP Oakley attribute: Aug 26 18:34:00.500367: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Aug 26 18:34:00.500370: | length/value: 2 (0x2) Aug 26 18:34:00.500373: | [2 is OAKLEY_SHA1] Aug 26 18:34:00.500375: | ******emit ISAKMP Oakley attribute: Aug 26 18:34:00.500378: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Aug 26 18:34:00.500381: | length/value: 3 (0x3) Aug 26 18:34:00.500383: | [3 is OAKLEY_RSA_SIG] Aug 26 18:34:00.500386: | ******emit ISAKMP Oakley attribute: Aug 26 18:34:00.500389: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Aug 26 18:34:00.500391: | length/value: 14 (0xe) Aug 26 18:34:00.500394: | [14 is OAKLEY_GROUP_MODP2048] Aug 26 18:34:00.500397: | ******emit ISAKMP Oakley attribute: Aug 26 18:34:00.500399: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) Aug 26 18:34:00.500402: | length/value: 256 (0x100) Aug 26 18:34:00.500405: | emitting length of ISAKMP Transform Payload (ISAKMP): 36 Aug 26 18:34:00.500407: | *****emit ISAKMP Transform Payload (ISAKMP): Aug 26 18:34:00.500410: | next payload type: ISAKMP_NEXT_T (0x3) Aug 26 18:34:00.500413: | ISAKMP transform number: 5 (0x5) Aug 26 18:34:00.500415: | ISAKMP transform ID: KEY_IKE (0x1) Aug 26 18:34:00.500418: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Aug 26 18:34:00.500421: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Aug 26 18:34:00.500424: | ******emit ISAKMP Oakley attribute: Aug 26 18:34:00.500427: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Aug 26 18:34:00.500429: | length/value: 1 (0x1) Aug 26 18:34:00.500432: | [1 is OAKLEY_LIFE_SECONDS] Aug 26 18:34:00.500434: | ******emit ISAKMP Oakley attribute: Aug 26 18:34:00.500437: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Aug 26 18:34:00.500440: | length/value: 3600 (0xe10) Aug 26 18:34:00.500443: | ******emit ISAKMP Oakley attribute: Aug 26 18:34:00.500445: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Aug 26 18:34:00.500448: | length/value: 7 (0x7) Aug 26 18:34:00.500450: | [7 is OAKLEY_AES_CBC] Aug 26 18:34:00.500453: | ******emit ISAKMP Oakley attribute: Aug 26 18:34:00.500456: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Aug 26 18:34:00.500458: | length/value: 2 (0x2) Aug 26 18:34:00.500461: | [2 is OAKLEY_SHA1] Aug 26 18:34:00.500463: | ******emit ISAKMP Oakley attribute: Aug 26 18:34:00.500466: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Aug 26 18:34:00.500469: | length/value: 3 (0x3) Aug 26 18:34:00.500471: | [3 is OAKLEY_RSA_SIG] Aug 26 18:34:00.500474: | ******emit ISAKMP Oakley attribute: Aug 26 18:34:00.500476: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Aug 26 18:34:00.500479: | length/value: 14 (0xe) Aug 26 18:34:00.500482: | [14 is OAKLEY_GROUP_MODP2048] Aug 26 18:34:00.500484: | ******emit ISAKMP Oakley attribute: Aug 26 18:34:00.500487: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) Aug 26 18:34:00.500489: | length/value: 128 (0x80) Aug 26 18:34:00.500492: | emitting length of ISAKMP Transform Payload (ISAKMP): 36 Aug 26 18:34:00.500497: | *****emit ISAKMP Transform Payload (ISAKMP): Aug 26 18:34:00.500500: | next payload type: ISAKMP_NEXT_T (0x3) Aug 26 18:34:00.500503: | ISAKMP transform number: 6 (0x6) Aug 26 18:34:00.500505: | ISAKMP transform ID: KEY_IKE (0x1) Aug 26 18:34:00.500509: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Aug 26 18:34:00.500512: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Aug 26 18:34:00.500514: | ******emit ISAKMP Oakley attribute: Aug 26 18:34:00.500517: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Aug 26 18:34:00.500520: | length/value: 1 (0x1) Aug 26 18:34:00.500522: | [1 is OAKLEY_LIFE_SECONDS] Aug 26 18:34:00.500525: | ******emit ISAKMP Oakley attribute: Aug 26 18:34:00.500527: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Aug 26 18:34:00.500530: | length/value: 3600 (0xe10) Aug 26 18:34:00.500533: | ******emit ISAKMP Oakley attribute: Aug 26 18:34:00.500535: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Aug 26 18:34:00.500538: | length/value: 7 (0x7) Aug 26 18:34:00.500540: | [7 is OAKLEY_AES_CBC] Aug 26 18:34:00.500543: | ******emit ISAKMP Oakley attribute: Aug 26 18:34:00.500546: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Aug 26 18:34:00.500548: | length/value: 4 (0x4) Aug 26 18:34:00.500551: | [4 is OAKLEY_SHA2_256] Aug 26 18:34:00.500554: | ******emit ISAKMP Oakley attribute: Aug 26 18:34:00.500556: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Aug 26 18:34:00.500559: | length/value: 3 (0x3) Aug 26 18:34:00.500561: | [3 is OAKLEY_RSA_SIG] Aug 26 18:34:00.500564: | ******emit ISAKMP Oakley attribute: Aug 26 18:34:00.500567: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Aug 26 18:34:00.500569: | length/value: 5 (0x5) Aug 26 18:34:00.500572: | [5 is OAKLEY_GROUP_MODP1536] Aug 26 18:34:00.500574: | ******emit ISAKMP Oakley attribute: Aug 26 18:34:00.500577: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) Aug 26 18:34:00.500580: | length/value: 256 (0x100) Aug 26 18:34:00.500583: | emitting length of ISAKMP Transform Payload (ISAKMP): 36 Aug 26 18:34:00.500585: | *****emit ISAKMP Transform Payload (ISAKMP): Aug 26 18:34:00.500588: | next payload type: ISAKMP_NEXT_T (0x3) Aug 26 18:34:00.500590: | ISAKMP transform number: 7 (0x7) Aug 26 18:34:00.500593: | ISAKMP transform ID: KEY_IKE (0x1) Aug 26 18:34:00.500596: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Aug 26 18:34:00.500599: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Aug 26 18:34:00.500602: | ******emit ISAKMP Oakley attribute: Aug 26 18:34:00.500605: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Aug 26 18:34:00.500607: | length/value: 1 (0x1) Aug 26 18:34:00.500610: | [1 is OAKLEY_LIFE_SECONDS] Aug 26 18:34:00.500612: | ******emit ISAKMP Oakley attribute: Aug 26 18:34:00.500615: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Aug 26 18:34:00.500617: | length/value: 3600 (0xe10) Aug 26 18:34:00.500620: | ******emit ISAKMP Oakley attribute: Aug 26 18:34:00.500623: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Aug 26 18:34:00.500625: | length/value: 7 (0x7) Aug 26 18:34:00.500628: | [7 is OAKLEY_AES_CBC] Aug 26 18:34:00.500631: | ******emit ISAKMP Oakley attribute: Aug 26 18:34:00.500633: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Aug 26 18:34:00.500636: | length/value: 4 (0x4) Aug 26 18:34:00.500638: | [4 is OAKLEY_SHA2_256] Aug 26 18:34:00.500641: | ******emit ISAKMP Oakley attribute: Aug 26 18:34:00.500644: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Aug 26 18:34:00.500646: | length/value: 3 (0x3) Aug 26 18:34:00.500649: | [3 is OAKLEY_RSA_SIG] Aug 26 18:34:00.500651: | ******emit ISAKMP Oakley attribute: Aug 26 18:34:00.500655: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Aug 26 18:34:00.500658: | length/value: 5 (0x5) Aug 26 18:34:00.500661: | [5 is OAKLEY_GROUP_MODP1536] Aug 26 18:34:00.500663: | ******emit ISAKMP Oakley attribute: Aug 26 18:34:00.500666: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) Aug 26 18:34:00.500669: | length/value: 128 (0x80) Aug 26 18:34:00.500671: | emitting length of ISAKMP Transform Payload (ISAKMP): 36 Aug 26 18:34:00.500674: | *****emit ISAKMP Transform Payload (ISAKMP): Aug 26 18:34:00.500676: | next payload type: ISAKMP_NEXT_T (0x3) Aug 26 18:34:00.500679: | ISAKMP transform number: 8 (0x8) Aug 26 18:34:00.500682: | ISAKMP transform ID: KEY_IKE (0x1) Aug 26 18:34:00.500685: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Aug 26 18:34:00.500688: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Aug 26 18:34:00.500690: | ******emit ISAKMP Oakley attribute: Aug 26 18:34:00.500693: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Aug 26 18:34:00.500696: | length/value: 1 (0x1) Aug 26 18:34:00.500698: | [1 is OAKLEY_LIFE_SECONDS] Aug 26 18:34:00.500701: | ******emit ISAKMP Oakley attribute: Aug 26 18:34:00.500704: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Aug 26 18:34:00.500706: | length/value: 3600 (0xe10) Aug 26 18:34:00.500709: | ******emit ISAKMP Oakley attribute: Aug 26 18:34:00.500712: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Aug 26 18:34:00.500714: | length/value: 7 (0x7) Aug 26 18:34:00.500717: | [7 is OAKLEY_AES_CBC] Aug 26 18:34:00.500719: | ******emit ISAKMP Oakley attribute: Aug 26 18:34:00.500722: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Aug 26 18:34:00.500725: | length/value: 6 (0x6) Aug 26 18:34:00.500727: | [6 is OAKLEY_SHA2_512] Aug 26 18:34:00.500730: | ******emit ISAKMP Oakley attribute: Aug 26 18:34:00.500733: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Aug 26 18:34:00.500735: | length/value: 3 (0x3) Aug 26 18:34:00.500738: | [3 is OAKLEY_RSA_SIG] Aug 26 18:34:00.500740: | ******emit ISAKMP Oakley attribute: Aug 26 18:34:00.500743: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Aug 26 18:34:00.500746: | length/value: 5 (0x5) Aug 26 18:34:00.500748: | [5 is OAKLEY_GROUP_MODP1536] Aug 26 18:34:00.500751: | ******emit ISAKMP Oakley attribute: Aug 26 18:34:00.500754: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) Aug 26 18:34:00.500756: | length/value: 256 (0x100) Aug 26 18:34:00.500759: | emitting length of ISAKMP Transform Payload (ISAKMP): 36 Aug 26 18:34:00.500762: | *****emit ISAKMP Transform Payload (ISAKMP): Aug 26 18:34:00.500764: | next payload type: ISAKMP_NEXT_T (0x3) Aug 26 18:34:00.500767: | ISAKMP transform number: 9 (0x9) Aug 26 18:34:00.500770: | ISAKMP transform ID: KEY_IKE (0x1) Aug 26 18:34:00.500773: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Aug 26 18:34:00.500776: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Aug 26 18:34:00.500779: | ******emit ISAKMP Oakley attribute: Aug 26 18:34:00.500781: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Aug 26 18:34:00.500784: | length/value: 1 (0x1) Aug 26 18:34:00.500786: | [1 is OAKLEY_LIFE_SECONDS] Aug 26 18:34:00.500789: | ******emit ISAKMP Oakley attribute: Aug 26 18:34:00.500792: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Aug 26 18:34:00.500795: | length/value: 3600 (0xe10) Aug 26 18:34:00.500797: | ******emit ISAKMP Oakley attribute: Aug 26 18:34:00.500800: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Aug 26 18:34:00.500802: | length/value: 7 (0x7) Aug 26 18:34:00.500805: | [7 is OAKLEY_AES_CBC] Aug 26 18:34:00.500808: | ******emit ISAKMP Oakley attribute: Aug 26 18:34:00.500810: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Aug 26 18:34:00.500814: | length/value: 6 (0x6) Aug 26 18:34:00.500817: | [6 is OAKLEY_SHA2_512] Aug 26 18:34:00.500819: | ******emit ISAKMP Oakley attribute: Aug 26 18:34:00.500822: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Aug 26 18:34:00.500824: | length/value: 3 (0x3) Aug 26 18:34:00.500827: | [3 is OAKLEY_RSA_SIG] Aug 26 18:34:00.500830: | ******emit ISAKMP Oakley attribute: Aug 26 18:34:00.500832: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Aug 26 18:34:00.500835: | length/value: 5 (0x5) Aug 26 18:34:00.500838: | [5 is OAKLEY_GROUP_MODP1536] Aug 26 18:34:00.500840: | ******emit ISAKMP Oakley attribute: Aug 26 18:34:00.500843: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) Aug 26 18:34:00.500845: | length/value: 128 (0x80) Aug 26 18:34:00.500848: | emitting length of ISAKMP Transform Payload (ISAKMP): 36 Aug 26 18:34:00.500851: | *****emit ISAKMP Transform Payload (ISAKMP): Aug 26 18:34:00.500853: | next payload type: ISAKMP_NEXT_T (0x3) Aug 26 18:34:00.500856: | ISAKMP transform number: 10 (0xa) Aug 26 18:34:00.500859: | ISAKMP transform ID: KEY_IKE (0x1) Aug 26 18:34:00.500862: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Aug 26 18:34:00.500865: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Aug 26 18:34:00.500868: | ******emit ISAKMP Oakley attribute: Aug 26 18:34:00.500870: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Aug 26 18:34:00.500873: | length/value: 1 (0x1) Aug 26 18:34:00.500875: | [1 is OAKLEY_LIFE_SECONDS] Aug 26 18:34:00.500878: | ******emit ISAKMP Oakley attribute: Aug 26 18:34:00.500881: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Aug 26 18:34:00.500883: | length/value: 3600 (0xe10) Aug 26 18:34:00.500886: | ******emit ISAKMP Oakley attribute: Aug 26 18:34:00.500889: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Aug 26 18:34:00.500891: | length/value: 7 (0x7) Aug 26 18:34:00.500894: | [7 is OAKLEY_AES_CBC] Aug 26 18:34:00.500897: | ******emit ISAKMP Oakley attribute: Aug 26 18:34:00.500899: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Aug 26 18:34:00.500902: | length/value: 2 (0x2) Aug 26 18:34:00.500904: | [2 is OAKLEY_SHA1] Aug 26 18:34:00.500907: | ******emit ISAKMP Oakley attribute: Aug 26 18:34:00.500909: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Aug 26 18:34:00.500912: | length/value: 3 (0x3) Aug 26 18:34:00.500915: | [3 is OAKLEY_RSA_SIG] Aug 26 18:34:00.500917: | ******emit ISAKMP Oakley attribute: Aug 26 18:34:00.500920: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Aug 26 18:34:00.500922: | length/value: 5 (0x5) Aug 26 18:34:00.500925: | [5 is OAKLEY_GROUP_MODP1536] Aug 26 18:34:00.500928: | ******emit ISAKMP Oakley attribute: Aug 26 18:34:00.500930: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) Aug 26 18:34:00.500933: | length/value: 256 (0x100) Aug 26 18:34:00.500936: | emitting length of ISAKMP Transform Payload (ISAKMP): 36 Aug 26 18:34:00.500938: | *****emit ISAKMP Transform Payload (ISAKMP): Aug 26 18:34:00.500941: | next payload type: ISAKMP_NEXT_T (0x3) Aug 26 18:34:00.500943: | ISAKMP transform number: 11 (0xb) Aug 26 18:34:00.500946: | ISAKMP transform ID: KEY_IKE (0x1) Aug 26 18:34:00.500949: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Aug 26 18:34:00.500952: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Aug 26 18:34:00.500955: | ******emit ISAKMP Oakley attribute: Aug 26 18:34:00.500957: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Aug 26 18:34:00.500960: | length/value: 1 (0x1) Aug 26 18:34:00.500963: | [1 is OAKLEY_LIFE_SECONDS] Aug 26 18:34:00.500965: | ******emit ISAKMP Oakley attribute: Aug 26 18:34:00.500968: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Aug 26 18:34:00.500971: | length/value: 3600 (0xe10) Aug 26 18:34:00.500975: | ******emit ISAKMP Oakley attribute: Aug 26 18:34:00.500978: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Aug 26 18:34:00.500980: | length/value: 7 (0x7) Aug 26 18:34:00.500983: | [7 is OAKLEY_AES_CBC] Aug 26 18:34:00.500985: | ******emit ISAKMP Oakley attribute: Aug 26 18:34:00.500988: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Aug 26 18:34:00.500991: | length/value: 2 (0x2) Aug 26 18:34:00.500993: | [2 is OAKLEY_SHA1] Aug 26 18:34:00.500996: | ******emit ISAKMP Oakley attribute: Aug 26 18:34:00.500998: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Aug 26 18:34:00.501001: | length/value: 3 (0x3) Aug 26 18:34:00.501003: | [3 is OAKLEY_RSA_SIG] Aug 26 18:34:00.501006: | ******emit ISAKMP Oakley attribute: Aug 26 18:34:00.501009: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Aug 26 18:34:00.501011: | length/value: 5 (0x5) Aug 26 18:34:00.501014: | [5 is OAKLEY_GROUP_MODP1536] Aug 26 18:34:00.501016: | ******emit ISAKMP Oakley attribute: Aug 26 18:34:00.501019: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) Aug 26 18:34:00.501022: | length/value: 128 (0x80) Aug 26 18:34:00.501024: | emitting length of ISAKMP Transform Payload (ISAKMP): 36 Aug 26 18:34:00.501027: | *****emit ISAKMP Transform Payload (ISAKMP): Aug 26 18:34:00.501030: | next payload type: ISAKMP_NEXT_T (0x3) Aug 26 18:34:00.501032: | ISAKMP transform number: 12 (0xc) Aug 26 18:34:00.501035: | ISAKMP transform ID: KEY_IKE (0x1) Aug 26 18:34:00.501038: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Aug 26 18:34:00.501041: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Aug 26 18:34:00.501044: | ******emit ISAKMP Oakley attribute: Aug 26 18:34:00.501047: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Aug 26 18:34:00.501049: | length/value: 1 (0x1) Aug 26 18:34:00.501052: | [1 is OAKLEY_LIFE_SECONDS] Aug 26 18:34:00.501054: | ******emit ISAKMP Oakley attribute: Aug 26 18:34:00.501057: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Aug 26 18:34:00.501060: | length/value: 3600 (0xe10) Aug 26 18:34:00.501062: | ******emit ISAKMP Oakley attribute: Aug 26 18:34:00.501065: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Aug 26 18:34:00.501068: | length/value: 5 (0x5) Aug 26 18:34:00.501070: | [5 is OAKLEY_3DES_CBC] Aug 26 18:34:00.501073: | ******emit ISAKMP Oakley attribute: Aug 26 18:34:00.501075: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Aug 26 18:34:00.501078: | length/value: 4 (0x4) Aug 26 18:34:00.501080: | [4 is OAKLEY_SHA2_256] Aug 26 18:34:00.501083: | ******emit ISAKMP Oakley attribute: Aug 26 18:34:00.501086: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Aug 26 18:34:00.501088: | length/value: 3 (0x3) Aug 26 18:34:00.501091: | [3 is OAKLEY_RSA_SIG] Aug 26 18:34:00.501093: | ******emit ISAKMP Oakley attribute: Aug 26 18:34:00.501096: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Aug 26 18:34:00.501098: | length/value: 14 (0xe) Aug 26 18:34:00.501101: | [14 is OAKLEY_GROUP_MODP2048] Aug 26 18:34:00.501103: | emitting length of ISAKMP Transform Payload (ISAKMP): 32 Aug 26 18:34:00.501106: | *****emit ISAKMP Transform Payload (ISAKMP): Aug 26 18:34:00.501109: | next payload type: ISAKMP_NEXT_T (0x3) Aug 26 18:34:00.501111: | ISAKMP transform number: 13 (0xd) Aug 26 18:34:00.501114: | ISAKMP transform ID: KEY_IKE (0x1) Aug 26 18:34:00.501117: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Aug 26 18:34:00.501120: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Aug 26 18:34:00.501123: | ******emit ISAKMP Oakley attribute: Aug 26 18:34:00.501126: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Aug 26 18:34:00.501128: | length/value: 1 (0x1) Aug 26 18:34:00.501131: | [1 is OAKLEY_LIFE_SECONDS] Aug 26 18:34:00.501135: | ******emit ISAKMP Oakley attribute: Aug 26 18:34:00.501138: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Aug 26 18:34:00.501141: | length/value: 3600 (0xe10) Aug 26 18:34:00.501143: | ******emit ISAKMP Oakley attribute: Aug 26 18:34:00.501146: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Aug 26 18:34:00.501148: | length/value: 5 (0x5) Aug 26 18:34:00.501151: | [5 is OAKLEY_3DES_CBC] Aug 26 18:34:00.501154: | ******emit ISAKMP Oakley attribute: Aug 26 18:34:00.501156: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Aug 26 18:34:00.501159: | length/value: 6 (0x6) Aug 26 18:34:00.501161: | [6 is OAKLEY_SHA2_512] Aug 26 18:34:00.501164: | ******emit ISAKMP Oakley attribute: Aug 26 18:34:00.501167: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Aug 26 18:34:00.501169: | length/value: 3 (0x3) Aug 26 18:34:00.501172: | [3 is OAKLEY_RSA_SIG] Aug 26 18:34:00.501174: | ******emit ISAKMP Oakley attribute: Aug 26 18:34:00.501177: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Aug 26 18:34:00.501180: | length/value: 14 (0xe) Aug 26 18:34:00.501183: | [14 is OAKLEY_GROUP_MODP2048] Aug 26 18:34:00.501185: | emitting length of ISAKMP Transform Payload (ISAKMP): 32 Aug 26 18:34:00.501188: | *****emit ISAKMP Transform Payload (ISAKMP): Aug 26 18:34:00.501191: | next payload type: ISAKMP_NEXT_T (0x3) Aug 26 18:34:00.501193: | ISAKMP transform number: 14 (0xe) Aug 26 18:34:00.501196: | ISAKMP transform ID: KEY_IKE (0x1) Aug 26 18:34:00.501199: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Aug 26 18:34:00.501202: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Aug 26 18:34:00.501205: | ******emit ISAKMP Oakley attribute: Aug 26 18:34:00.501208: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Aug 26 18:34:00.501210: | length/value: 1 (0x1) Aug 26 18:34:00.501213: | [1 is OAKLEY_LIFE_SECONDS] Aug 26 18:34:00.501215: | ******emit ISAKMP Oakley attribute: Aug 26 18:34:00.501218: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Aug 26 18:34:00.501221: | length/value: 3600 (0xe10) Aug 26 18:34:00.501223: | ******emit ISAKMP Oakley attribute: Aug 26 18:34:00.501226: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Aug 26 18:34:00.501229: | length/value: 5 (0x5) Aug 26 18:34:00.501231: | [5 is OAKLEY_3DES_CBC] Aug 26 18:34:00.501234: | ******emit ISAKMP Oakley attribute: Aug 26 18:34:00.501237: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Aug 26 18:34:00.501239: | length/value: 2 (0x2) Aug 26 18:34:00.501242: | [2 is OAKLEY_SHA1] Aug 26 18:34:00.501244: | ******emit ISAKMP Oakley attribute: Aug 26 18:34:00.501247: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Aug 26 18:34:00.501250: | length/value: 3 (0x3) Aug 26 18:34:00.501252: | [3 is OAKLEY_RSA_SIG] Aug 26 18:34:00.501255: | ******emit ISAKMP Oakley attribute: Aug 26 18:34:00.501258: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Aug 26 18:34:00.501260: | length/value: 14 (0xe) Aug 26 18:34:00.501263: | [14 is OAKLEY_GROUP_MODP2048] Aug 26 18:34:00.501266: | emitting length of ISAKMP Transform Payload (ISAKMP): 32 Aug 26 18:34:00.501268: | *****emit ISAKMP Transform Payload (ISAKMP): Aug 26 18:34:00.501271: | next payload type: ISAKMP_NEXT_T (0x3) Aug 26 18:34:00.501274: | ISAKMP transform number: 15 (0xf) Aug 26 18:34:00.501276: | ISAKMP transform ID: KEY_IKE (0x1) Aug 26 18:34:00.501279: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Aug 26 18:34:00.501282: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Aug 26 18:34:00.501285: | ******emit ISAKMP Oakley attribute: Aug 26 18:34:00.501328: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Aug 26 18:34:00.501334: | length/value: 1 (0x1) Aug 26 18:34:00.501339: | [1 is OAKLEY_LIFE_SECONDS] Aug 26 18:34:00.501342: | ******emit ISAKMP Oakley attribute: Aug 26 18:34:00.501344: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Aug 26 18:34:00.501347: | length/value: 3600 (0xe10) Aug 26 18:34:00.501349: | ******emit ISAKMP Oakley attribute: Aug 26 18:34:00.501351: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Aug 26 18:34:00.501353: | length/value: 5 (0x5) Aug 26 18:34:00.501355: | [5 is OAKLEY_3DES_CBC] Aug 26 18:34:00.501357: | ******emit ISAKMP Oakley attribute: Aug 26 18:34:00.501360: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Aug 26 18:34:00.501362: | length/value: 4 (0x4) Aug 26 18:34:00.501364: | [4 is OAKLEY_SHA2_256] Aug 26 18:34:00.501366: | ******emit ISAKMP Oakley attribute: Aug 26 18:34:00.501369: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Aug 26 18:34:00.501371: | length/value: 3 (0x3) Aug 26 18:34:00.501374: | [3 is OAKLEY_RSA_SIG] Aug 26 18:34:00.501376: | ******emit ISAKMP Oakley attribute: Aug 26 18:34:00.501378: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Aug 26 18:34:00.501381: | length/value: 5 (0x5) Aug 26 18:34:00.501383: | [5 is OAKLEY_GROUP_MODP1536] Aug 26 18:34:00.501386: | emitting length of ISAKMP Transform Payload (ISAKMP): 32 Aug 26 18:34:00.501388: | *****emit ISAKMP Transform Payload (ISAKMP): Aug 26 18:34:00.501390: | next payload type: ISAKMP_NEXT_T (0x3) Aug 26 18:34:00.501393: | ISAKMP transform number: 16 (0x10) Aug 26 18:34:00.501395: | ISAKMP transform ID: KEY_IKE (0x1) Aug 26 18:34:00.501398: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Aug 26 18:34:00.501401: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Aug 26 18:34:00.501404: | ******emit ISAKMP Oakley attribute: Aug 26 18:34:00.501407: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Aug 26 18:34:00.501409: | length/value: 1 (0x1) Aug 26 18:34:00.501412: | [1 is OAKLEY_LIFE_SECONDS] Aug 26 18:34:00.501414: | ******emit ISAKMP Oakley attribute: Aug 26 18:34:00.501417: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Aug 26 18:34:00.501419: | length/value: 3600 (0xe10) Aug 26 18:34:00.501422: | ******emit ISAKMP Oakley attribute: Aug 26 18:34:00.501424: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Aug 26 18:34:00.501427: | length/value: 5 (0x5) Aug 26 18:34:00.501430: | [5 is OAKLEY_3DES_CBC] Aug 26 18:34:00.501432: | ******emit ISAKMP Oakley attribute: Aug 26 18:34:00.501435: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Aug 26 18:34:00.501437: | length/value: 6 (0x6) Aug 26 18:34:00.501440: | [6 is OAKLEY_SHA2_512] Aug 26 18:34:00.501443: | ******emit ISAKMP Oakley attribute: Aug 26 18:34:00.501445: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Aug 26 18:34:00.501448: | length/value: 3 (0x3) Aug 26 18:34:00.501451: | [3 is OAKLEY_RSA_SIG] Aug 26 18:34:00.501453: | ******emit ISAKMP Oakley attribute: Aug 26 18:34:00.501456: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Aug 26 18:34:00.501458: | length/value: 5 (0x5) Aug 26 18:34:00.501461: | [5 is OAKLEY_GROUP_MODP1536] Aug 26 18:34:00.501464: | emitting length of ISAKMP Transform Payload (ISAKMP): 32 Aug 26 18:34:00.501466: | *****emit ISAKMP Transform Payload (ISAKMP): Aug 26 18:34:00.501469: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:34:00.501472: | ISAKMP transform number: 17 (0x11) Aug 26 18:34:00.501475: | ISAKMP transform ID: KEY_IKE (0x1) Aug 26 18:34:00.501477: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Aug 26 18:34:00.501480: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Aug 26 18:34:00.501483: | ******emit ISAKMP Oakley attribute: Aug 26 18:34:00.501486: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Aug 26 18:34:00.501490: | length/value: 1 (0x1) Aug 26 18:34:00.501493: | [1 is OAKLEY_LIFE_SECONDS] Aug 26 18:34:00.501496: | ******emit ISAKMP Oakley attribute: Aug 26 18:34:00.501499: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Aug 26 18:34:00.501501: | length/value: 3600 (0xe10) Aug 26 18:34:00.501504: | ******emit ISAKMP Oakley attribute: Aug 26 18:34:00.501507: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Aug 26 18:34:00.501509: | length/value: 5 (0x5) Aug 26 18:34:00.501512: | [5 is OAKLEY_3DES_CBC] Aug 26 18:34:00.501515: | ******emit ISAKMP Oakley attribute: Aug 26 18:34:00.501518: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Aug 26 18:34:00.501521: | length/value: 2 (0x2) Aug 26 18:34:00.501523: | [2 is OAKLEY_SHA1] Aug 26 18:34:00.501525: | ******emit ISAKMP Oakley attribute: Aug 26 18:34:00.501529: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Aug 26 18:34:00.501531: | length/value: 3 (0x3) Aug 26 18:34:00.501534: | [3 is OAKLEY_RSA_SIG] Aug 26 18:34:00.501537: | ******emit ISAKMP Oakley attribute: Aug 26 18:34:00.501540: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Aug 26 18:34:00.501543: | length/value: 5 (0x5) Aug 26 18:34:00.501545: | [5 is OAKLEY_GROUP_MODP1536] Aug 26 18:34:00.501548: | emitting length of ISAKMP Transform Payload (ISAKMP): 32 Aug 26 18:34:00.501551: | emitting length of ISAKMP Proposal Payload: 632 Aug 26 18:34:00.501554: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is 0 Aug 26 18:34:00.501557: | emitting length of ISAKMP Security Association Payload: 644 Aug 26 18:34:00.501560: | last substructure: checking 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' is 0 Aug 26 18:34:00.501566: | out_vid(): sending [FRAGMENTATION] Aug 26 18:34:00.501569: | ***emit ISAKMP Vendor ID Payload: Aug 26 18:34:00.501572: | next payload type: ISAKMP_NEXT_VID (0xd) Aug 26 18:34:00.501575: | next payload chain: ignoring supplied 'ISAKMP Vendor ID Payload'.'next payload type' value 13:ISAKMP_NEXT_VID Aug 26 18:34:00.501579: | next payload chain: setting previous 'ISAKMP Security Association Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) Aug 26 18:34:00.501583: | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' Aug 26 18:34:00.501586: | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload Aug 26 18:34:00.501589: | V_ID 40 48 b7 d5 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3 Aug 26 18:34:00.501592: | emitting length of ISAKMP Vendor ID Payload: 20 Aug 26 18:34:00.501595: | out_vid(): sending [Dead Peer Detection] Aug 26 18:34:00.501598: | ***emit ISAKMP Vendor ID Payload: Aug 26 18:34:00.501601: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:34:00.501604: | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) Aug 26 18:34:00.501607: | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' Aug 26 18:34:00.501610: | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload Aug 26 18:34:00.501613: | V_ID af ca d7 13 68 a1 f1 c9 6b 86 96 fc 77 57 01 00 Aug 26 18:34:00.501616: | emitting length of ISAKMP Vendor ID Payload: 20 Aug 26 18:34:00.501619: | nat add vid Aug 26 18:34:00.501621: | sending draft and RFC NATT VIDs Aug 26 18:34:00.501624: | out_vid(): sending [RFC 3947] Aug 26 18:34:00.501626: | ***emit ISAKMP Vendor ID Payload: Aug 26 18:34:00.501630: | next payload type: ISAKMP_NEXT_VID (0xd) Aug 26 18:34:00.501633: | next payload chain: ignoring supplied 'ISAKMP Vendor ID Payload'.'next payload type' value 13:ISAKMP_NEXT_VID Aug 26 18:34:00.501636: | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) Aug 26 18:34:00.501639: | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' Aug 26 18:34:00.501644: | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload Aug 26 18:34:00.501647: | V_ID 4a 13 1c 81 07 03 58 45 5c 57 28 f2 0e 95 45 2f Aug 26 18:34:00.501649: | emitting length of ISAKMP Vendor ID Payload: 20 Aug 26 18:34:00.501652: | skipping VID_NATT_RFC Aug 26 18:34:00.501655: | out_vid(): sending [draft-ietf-ipsec-nat-t-ike-03] Aug 26 18:34:00.501657: | ***emit ISAKMP Vendor ID Payload: Aug 26 18:34:00.501660: | next payload type: ISAKMP_NEXT_VID (0xd) Aug 26 18:34:00.501663: | next payload chain: ignoring supplied 'ISAKMP Vendor ID Payload'.'next payload type' value 13:ISAKMP_NEXT_VID Aug 26 18:34:00.501666: | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) Aug 26 18:34:00.501669: | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' Aug 26 18:34:00.501672: | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload Aug 26 18:34:00.501675: | V_ID 7d 94 19 a6 53 10 ca 6f 2c 17 9d 92 15 52 9d 56 Aug 26 18:34:00.501677: | emitting length of ISAKMP Vendor ID Payload: 20 Aug 26 18:34:00.501680: | out_vid(): sending [draft-ietf-ipsec-nat-t-ike-02_n] Aug 26 18:34:00.501682: | ***emit ISAKMP Vendor ID Payload: Aug 26 18:34:00.501685: | next payload type: ISAKMP_NEXT_VID (0xd) Aug 26 18:34:00.501688: | next payload chain: ignoring supplied 'ISAKMP Vendor ID Payload'.'next payload type' value 13:ISAKMP_NEXT_VID Aug 26 18:34:00.501691: | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) Aug 26 18:34:00.501694: | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' Aug 26 18:34:00.501697: | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload Aug 26 18:34:00.501700: | V_ID 90 cb 80 91 3e bb 69 6e 08 63 81 b5 ec 42 7b 1f Aug 26 18:34:00.501702: | emitting length of ISAKMP Vendor ID Payload: 20 Aug 26 18:34:00.501705: | out_vid(): sending [draft-ietf-ipsec-nat-t-ike-02] Aug 26 18:34:00.501708: | ***emit ISAKMP Vendor ID Payload: Aug 26 18:34:00.501710: | next payload type: ISAKMP_NEXT_NONE (0x0) Aug 26 18:34:00.501713: | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) Aug 26 18:34:00.501716: | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' Aug 26 18:34:00.501719: | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload Aug 26 18:34:00.501722: | V_ID cd 60 46 43 35 df 21 f8 7c fd b2 fc 68 b6 a4 48 Aug 26 18:34:00.501724: | emitting length of ISAKMP Vendor ID Payload: 20 Aug 26 18:34:00.501727: | no IKEv1 message padding required Aug 26 18:34:00.501729: | emitting length of ISAKMP Message: 792 Aug 26 18:34:00.501738: | sending 792 bytes for reply packet for main_outI1 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #10) Aug 26 18:34:00.501741: | 7f 90 8f c4 99 2c 6d 57 00 00 00 00 00 00 00 00 Aug 26 18:34:00.501744: | 01 10 02 00 00 00 00 00 00 00 03 18 0d 00 02 84 Aug 26 18:34:00.501746: | 00 00 00 01 00 00 00 01 00 00 02 78 00 01 00 12 Aug 26 18:34:00.501749: | 03 00 00 24 00 01 00 00 80 0b 00 01 80 0c 0e 10 Aug 26 18:34:00.501752: | 80 01 00 07 80 02 00 04 80 03 00 03 80 04 00 0e Aug 26 18:34:00.501754: | 80 0e 01 00 03 00 00 24 01 01 00 00 80 0b 00 01 Aug 26 18:34:00.501757: | 80 0c 0e 10 80 01 00 07 80 02 00 04 80 03 00 03 Aug 26 18:34:00.501760: | 80 04 00 0e 80 0e 00 80 03 00 00 24 02 01 00 00 Aug 26 18:34:00.501762: | 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 06 Aug 26 18:34:00.501765: | 80 03 00 03 80 04 00 0e 80 0e 01 00 03 00 00 24 Aug 26 18:34:00.501767: | 03 01 00 00 80 0b 00 01 80 0c 0e 10 80 01 00 07 Aug 26 18:34:00.501769: | 80 02 00 06 80 03 00 03 80 04 00 0e 80 0e 00 80 Aug 26 18:34:00.501772: | 03 00 00 24 04 01 00 00 80 0b 00 01 80 0c 0e 10 Aug 26 18:34:00.501776: | 80 01 00 07 80 02 00 02 80 03 00 03 80 04 00 0e Aug 26 18:34:00.501778: | 80 0e 01 00 03 00 00 24 05 01 00 00 80 0b 00 01 Aug 26 18:34:00.501781: | 80 0c 0e 10 80 01 00 07 80 02 00 02 80 03 00 03 Aug 26 18:34:00.501784: | 80 04 00 0e 80 0e 00 80 03 00 00 24 06 01 00 00 Aug 26 18:34:00.501786: | 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 04 Aug 26 18:34:00.501789: | 80 03 00 03 80 04 00 05 80 0e 01 00 03 00 00 24 Aug 26 18:34:00.501791: | 07 01 00 00 80 0b 00 01 80 0c 0e 10 80 01 00 07 Aug 26 18:34:00.501794: | 80 02 00 04 80 03 00 03 80 04 00 05 80 0e 00 80 Aug 26 18:34:00.501796: | 03 00 00 24 08 01 00 00 80 0b 00 01 80 0c 0e 10 Aug 26 18:34:00.501798: | 80 01 00 07 80 02 00 06 80 03 00 03 80 04 00 05 Aug 26 18:34:00.501801: | 80 0e 01 00 03 00 00 24 09 01 00 00 80 0b 00 01 Aug 26 18:34:00.501803: | 80 0c 0e 10 80 01 00 07 80 02 00 06 80 03 00 03 Aug 26 18:34:00.501806: | 80 04 00 05 80 0e 00 80 03 00 00 24 0a 01 00 00 Aug 26 18:34:00.501808: | 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 02 Aug 26 18:34:00.501811: | 80 03 00 03 80 04 00 05 80 0e 01 00 03 00 00 24 Aug 26 18:34:00.501813: | 0b 01 00 00 80 0b 00 01 80 0c 0e 10 80 01 00 07 Aug 26 18:34:00.501816: | 80 02 00 02 80 03 00 03 80 04 00 05 80 0e 00 80 Aug 26 18:34:00.501818: | 03 00 00 20 0c 01 00 00 80 0b 00 01 80 0c 0e 10 Aug 26 18:34:00.501820: | 80 01 00 05 80 02 00 04 80 03 00 03 80 04 00 0e Aug 26 18:34:00.501822: | 03 00 00 20 0d 01 00 00 80 0b 00 01 80 0c 0e 10 Aug 26 18:34:00.501824: | 80 01 00 05 80 02 00 06 80 03 00 03 80 04 00 0e Aug 26 18:34:00.501827: | 03 00 00 20 0e 01 00 00 80 0b 00 01 80 0c 0e 10 Aug 26 18:34:00.501830: | 80 01 00 05 80 02 00 02 80 03 00 03 80 04 00 0e Aug 26 18:34:00.501832: | 03 00 00 20 0f 01 00 00 80 0b 00 01 80 0c 0e 10 Aug 26 18:34:00.501835: | 80 01 00 05 80 02 00 04 80 03 00 03 80 04 00 05 Aug 26 18:34:00.501837: | 03 00 00 20 10 01 00 00 80 0b 00 01 80 0c 0e 10 Aug 26 18:34:00.501839: | 80 01 00 05 80 02 00 06 80 03 00 03 80 04 00 05 Aug 26 18:34:00.501842: | 00 00 00 20 11 01 00 00 80 0b 00 01 80 0c 0e 10 Aug 26 18:34:00.501844: | 80 01 00 05 80 02 00 02 80 03 00 03 80 04 00 05 Aug 26 18:34:00.501847: | 0d 00 00 14 40 48 b7 d5 6e bc e8 85 25 e7 de 7f Aug 26 18:34:00.501849: | 00 d6 c2 d3 0d 00 00 14 af ca d7 13 68 a1 f1 c9 Aug 26 18:34:00.501852: | 6b 86 96 fc 77 57 01 00 0d 00 00 14 4a 13 1c 81 Aug 26 18:34:00.501855: | 07 03 58 45 5c 57 28 f2 0e 95 45 2f 0d 00 00 14 Aug 26 18:34:00.501858: | 7d 94 19 a6 53 10 ca 6f 2c 17 9d 92 15 52 9d 56 Aug 26 18:34:00.501860: | 0d 00 00 14 90 cb 80 91 3e bb 69 6e 08 63 81 b5 Aug 26 18:34:00.501862: | ec 42 7b 1f 00 00 00 14 cd 60 46 43 35 df 21 f8 Aug 26 18:34:00.501865: | 7c fd b2 fc 68 b6 a4 48 Aug 26 18:34:00.501891: | event_schedule: new EVENT_RETRANSMIT-pe@0x7f54900058b8 Aug 26 18:34:00.501896: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #10 Aug 26 18:34:00.501900: | libevent_malloc: new ptr-libevent@0x7f54a0003878 size 128 Aug 26 18:34:00.501906: | #10 STATE_MAIN_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 29726.244357 Aug 26 18:34:00.501912: | #10 spent 2.17 milliseconds in main_outI1() Aug 26 18:34:00.501918: | stop processing: state #10 connection "north-dpd/0x1" from 192.1.2.23 (in main_outI1() at ikev1_main.c:228) Aug 26 18:34:00.501922: | event_schedule: new EVENT_SA_EXPIRE-pe@0x55a94fbcd948 Aug 26 18:34:00.501926: | inserting event EVENT_SA_EXPIRE, timeout in 0 seconds for #9 Aug 26 18:34:00.501929: | libevent_malloc: new ptr-libevent@0x55a94fbe9c08 size 128 Aug 26 18:34:00.501932: | libevent_free: release ptr-libevent@0x7f5498004fd8 Aug 26 18:34:00.501935: | free_event_entry: release EVENT_SA_REPLACE-pe@0x7f549c004218 Aug 26 18:34:00.501940: | #9 spent 2.22 milliseconds in timer_event_cb() EVENT_SA_REPLACE Aug 26 18:34:00.501943: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Aug 26 18:34:00.501948: | processing global timer EVENT_REVIVE_CONNS Aug 26 18:34:00.501952: Initiating connection north-dpd/0x2 which received a Delete/Notify but must remain up per local policy Aug 26 18:34:00.501955: | FOR_EACH_CONNECTION_... in conn_by_name Aug 26 18:34:00.501960: | start processing: connection "north-dpd/0x2" (in initiate_a_connection() at initiate.c:186) Aug 26 18:34:00.501964: | empty esp_info, returning defaults for ENCRYPT Aug 26 18:34:00.501968: | connection 'north-dpd/0x2' +POLICY_UP Aug 26 18:34:00.501971: | dup_any(fd@-1) -> fd@-1 (in initiate_a_connection() at initiate.c:342) Aug 26 18:34:00.501974: | FOR_EACH_STATE_... in find_phase1_state Aug 26 18:34:00.501980: | Queuing pending IPsec SA negotiating with 192.1.2.23 "north-dpd/0x2" IKE SA #10 "north-dpd/0x1" Aug 26 18:34:00.501984: | stop processing: connection "north-dpd/0x2" (in initiate_a_connection() at initiate.c:349) Aug 26 18:34:00.501990: | spent 0.0369 milliseconds in global timer EVENT_REVIVE_CONNS Aug 26 18:34:00.501994: | timer_event_cb: processing event@0x55a94fb5b238 Aug 26 18:34:00.501997: | handling event EVENT_SA_REPLACE for child state #4 Aug 26 18:34:00.502003: | start processing: state #4 connection "north-dpd/0x2" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 18:34:00.502007: | picked newest_ipsec_sa #0 for #4 Aug 26 18:34:00.502009: | replacing stale IPsec SA Aug 26 18:34:00.502013: | dup_any(fd@-1) -> fd@-1 (in ipsecdoi_replace() at ipsec_doi.c:351) Aug 26 18:34:00.502016: | FOR_EACH_STATE_... in find_phase1_state Aug 26 18:34:00.502021: | Ignored already queued up pending IPsec SA negotiation with 192.1.2.23 "north-dpd/0x2" Aug 26 18:34:00.502024: | event_schedule: new EVENT_SA_EXPIRE-pe@0x7f549c004218 Aug 26 18:34:00.502028: | inserting event EVENT_SA_EXPIRE, timeout in 0 seconds for #4 Aug 26 18:34:00.502032: | libevent_malloc: new ptr-libevent@0x7f5498004fd8 size 128 Aug 26 18:34:00.502035: | libevent_free: release ptr-libevent@0x7f548c002888 Aug 26 18:34:00.502038: | free_event_entry: release EVENT_SA_REPLACE-pe@0x55a94fb5b238 Aug 26 18:34:00.502043: | #4 spent 0.048 milliseconds in timer_event_cb() EVENT_SA_REPLACE Aug 26 18:34:00.502049: | stop processing: state #4 connection "north-dpd/0x2" from 192.1.2.23 (in timer_event_cb() at timer.c:557) Aug 26 18:34:00.502053: | timer_event_cb: processing event@0x55a94fbd3e68 Aug 26 18:34:00.502055: | handling event EVENT_SA_REPLACE for child state #8 Aug 26 18:34:00.502060: | start processing: state #8 connection "north-dpd/0x2" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 18:34:00.502064: | picked newest_ipsec_sa #0 for #8 Aug 26 18:34:00.502067: | replacing stale IPsec SA Aug 26 18:34:00.502071: | dup_any(fd@-1) -> fd@-1 (in ipsecdoi_replace() at ipsec_doi.c:351) Aug 26 18:34:00.502074: | FOR_EACH_STATE_... in find_phase1_state Aug 26 18:34:00.502077: | Ignored already queued up pending IPsec SA negotiation with 192.1.2.23 "north-dpd/0x2" Aug 26 18:34:00.502081: | event_schedule: new EVENT_SA_EXPIRE-pe@0x55a94fb5b238 Aug 26 18:34:00.502084: | inserting event EVENT_SA_EXPIRE, timeout in 0 seconds for #8 Aug 26 18:34:00.502087: | libevent_malloc: new ptr-libevent@0x7f548c002888 size 128 Aug 26 18:34:00.502090: | libevent_free: release ptr-libevent@0x55a94fbe7518 Aug 26 18:34:00.502094: | free_event_entry: release EVENT_SA_REPLACE-pe@0x55a94fbd3e68 Aug 26 18:34:00.502099: | #8 spent 0.045 milliseconds in timer_event_cb() EVENT_SA_REPLACE Aug 26 18:34:00.502103: | stop processing: state #8 connection "north-dpd/0x2" from 192.1.2.23 (in timer_event_cb() at timer.c:557) Aug 26 18:34:00.502107: | timer_event_cb: processing event@0x55a94fbcf2d8 Aug 26 18:34:00.502110: | handling event EVENT_SA_REPLACE for child state #5 Aug 26 18:34:00.502115: | start processing: state #5 connection "north-dpd/0x1" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 18:34:00.502119: | picked newest_ipsec_sa #0 for #5 Aug 26 18:34:00.502121: | replacing stale IPsec SA Aug 26 18:34:00.502125: | dup_any(fd@-1) -> fd@-1 (in ipsecdoi_replace() at ipsec_doi.c:351) Aug 26 18:34:00.502130: | FOR_EACH_STATE_... in find_phase1_state Aug 26 18:34:00.502134: | Ignored already queued up pending IPsec SA negotiation with 192.1.2.23 "north-dpd/0x1" Aug 26 18:34:00.502137: | event_schedule: new EVENT_SA_EXPIRE-pe@0x55a94fbd3e68 Aug 26 18:34:00.502141: | inserting event EVENT_SA_EXPIRE, timeout in 0 seconds for #5 Aug 26 18:34:00.502144: | libevent_malloc: new ptr-libevent@0x55a94fbe7518 size 128 Aug 26 18:34:00.502148: | libevent_free: release ptr-libevent@0x55a94fbef668 Aug 26 18:34:00.502151: | free_event_entry: release EVENT_SA_REPLACE-pe@0x55a94fbcf2d8 Aug 26 18:34:00.502155: | #5 spent 0.0474 milliseconds in timer_event_cb() EVENT_SA_REPLACE Aug 26 18:34:00.502160: | stop processing: state #5 connection "north-dpd/0x1" from 192.1.2.23 (in timer_event_cb() at timer.c:557) Aug 26 18:34:00.502166: | timer_event_cb: processing event@0x55a94fbcd948 Aug 26 18:34:00.502170: | handling event EVENT_SA_EXPIRE for child state #9 Aug 26 18:34:00.502174: | start processing: state #9 connection "north-dpd/0x1" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 18:34:00.502177: | picked newest_ipsec_sa #0 for #9 Aug 26 18:34:00.502180: | un-established partial CHILD SA timeout (SA expired) Aug 26 18:34:00.502183: | pstats #9 ikev1.ipsec failed exchange-timeout Aug 26 18:34:00.502185: | pstats #9 ikev1.ipsec deleted exchange-timeout Aug 26 18:34:00.502190: | [RE]START processing: state #9 connection "north-dpd/0x1" from 192.1.2.23 (in delete_state() at state.c:879) Aug 26 18:34:00.502194: "north-dpd/0x1" #9: deleting state (STATE_QUICK_I1) aged 0.017s and NOT sending notification Aug 26 18:34:00.502197: | child state #9: QUICK_I1(established CHILD SA) => delete Aug 26 18:34:00.502200: | child state #9: QUICK_I1(established CHILD SA) => CHILDSA_DEL(informational) Aug 26 18:34:00.502205: | priority calculation of connection "north-dpd/0x1" is 0xfe7e7 Aug 26 18:34:00.502213: | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.3.0/24:0 => unk255.10000@192.1.3.33 (raw_eroute) Aug 26 18:34:00.502227: | raw_eroute result=success Aug 26 18:34:00.502231: | in connection_discard for connection north-dpd/0x1 Aug 26 18:34:00.502235: | State DB: deleting IKEv1 state #9 in CHILDSA_DEL Aug 26 18:34:00.502238: | child state #9: CHILDSA_DEL(informational) => UNDEFINED(ignore) Aug 26 18:34:00.502260: | stop processing: state #9 from 192.1.2.23 (in delete_state() at state.c:1143) Aug 26 18:34:00.502266: | libevent_free: release ptr-libevent@0x55a94fbe9c08 Aug 26 18:34:00.502269: | free_event_entry: release EVENT_SA_EXPIRE-pe@0x55a94fbcd948 Aug 26 18:34:00.502272: | in statetime_stop() and could not find #9 Aug 26 18:34:00.502275: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Aug 26 18:34:00.502279: | timer_event_cb: processing event@0x55a94fbd3e68 Aug 26 18:34:00.502282: | handling event EVENT_SA_EXPIRE for child state #5 Aug 26 18:34:00.502286: | start processing: state #5 connection "north-dpd/0x1" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 18:34:00.502296: | picked newest_ipsec_sa #0 for #5 Aug 26 18:34:00.502299: | un-established partial CHILD SA timeout (SA expired) Aug 26 18:34:00.502302: | pstats #5 ikev1.ipsec failed exchange-timeout Aug 26 18:34:00.502305: | pstats #5 ikev1.ipsec deleted exchange-timeout Aug 26 18:34:00.502309: | [RE]START processing: state #5 connection "north-dpd/0x1" from 192.1.2.23 (in delete_state() at state.c:879) Aug 26 18:34:00.502313: "north-dpd/0x1" #5: deleting state (STATE_QUICK_I1) aged 53.101s and NOT sending notification Aug 26 18:34:00.502316: | child state #5: QUICK_I1(established CHILD SA) => delete Aug 26 18:34:00.502319: | child state #5: QUICK_I1(established CHILD SA) => CHILDSA_DEL(informational) Aug 26 18:34:00.503102: | delete esp.1e867a01@192.1.2.23 Aug 26 18:34:00.503138: | netlink response for Del SA esp.1e867a01@192.1.2.23 included non-error error Aug 26 18:34:00.503143: | priority calculation of connection "north-dpd/0x1" is 0xfe7e7 Aug 26 18:34:00.503150: | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.3.0/24:0 => unk255.10000@192.1.3.33 (raw_eroute) Aug 26 18:34:00.503163: | raw_eroute result=success Aug 26 18:34:00.503167: | delete esp.4ae31ab3@192.1.3.33 Aug 26 18:34:00.503175: "north-dpd/0x1" #5: ERROR: netlink response for Del SA esp.4ae31ab3@192.1.3.33 included errno 3: No such process Aug 26 18:34:00.503179: | in connection_discard for connection north-dpd/0x1 Aug 26 18:34:00.503182: | State DB: deleting IKEv1 state #5 in CHILDSA_DEL Aug 26 18:34:00.503186: | child state #5: CHILDSA_DEL(informational) => UNDEFINED(ignore) Aug 26 18:34:00.503206: | stop processing: state #5 from 192.1.2.23 (in delete_state() at state.c:1143) Aug 26 18:34:00.503221: | libevent_free: release ptr-libevent@0x55a94fbe7518 Aug 26 18:34:00.503224: | free_event_entry: release EVENT_SA_EXPIRE-pe@0x55a94fbd3e68 Aug 26 18:34:00.503227: | in statetime_stop() and could not find #5 Aug 26 18:34:00.503230: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Aug 26 18:34:00.503235: | timer_event_cb: processing event@0x7f549c004218 Aug 26 18:34:00.503238: | handling event EVENT_SA_EXPIRE for child state #4 Aug 26 18:34:00.503243: | start processing: state #4 connection "north-dpd/0x2" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 18:34:00.503247: | picked newest_ipsec_sa #0 for #4 Aug 26 18:34:00.503250: | un-established partial CHILD SA timeout (SA expired) Aug 26 18:34:00.503253: | pstats #4 ikev1.ipsec failed exchange-timeout Aug 26 18:34:00.503255: | pstats #4 ikev1.ipsec deleted exchange-timeout Aug 26 18:34:00.503260: | [RE]START processing: state #4 connection "north-dpd/0x2" from 192.1.2.23 (in delete_state() at state.c:879) Aug 26 18:34:00.503264: "north-dpd/0x2" #4: deleting state (STATE_QUICK_I1) aged 53.102s and NOT sending notification Aug 26 18:34:00.503267: | child state #4: QUICK_I1(established CHILD SA) => delete Aug 26 18:34:00.503270: | child state #4: QUICK_I1(established CHILD SA) => CHILDSA_DEL(informational) Aug 26 18:34:00.503348: | delete esp.698e3888@192.1.2.23 Aug 26 18:34:00.503369: | netlink response for Del SA esp.698e3888@192.1.2.23 included non-error error Aug 26 18:34:00.503374: | priority calculation of connection "north-dpd/0x2" is 0xfe7e7 Aug 26 18:34:00.503380: | delete inbound eroute 192.0.22.0/24:0 --0-> 192.0.3.0/24:0 => unk255.10000@192.1.3.33 (raw_eroute) Aug 26 18:34:00.503389: | raw_eroute result=success Aug 26 18:34:00.503393: | delete esp.abe7ff90@192.1.3.33 Aug 26 18:34:00.503399: "north-dpd/0x2" #4: ERROR: netlink response for Del SA esp.abe7ff90@192.1.3.33 included errno 3: No such process Aug 26 18:34:00.503403: | in connection_discard for connection north-dpd/0x2 Aug 26 18:34:00.503406: | State DB: deleting IKEv1 state #4 in CHILDSA_DEL Aug 26 18:34:00.503410: | child state #4: CHILDSA_DEL(informational) => UNDEFINED(ignore) Aug 26 18:34:00.503427: | stop processing: state #4 from 192.1.2.23 (in delete_state() at state.c:1143) Aug 26 18:34:00.503436: | libevent_free: release ptr-libevent@0x7f5498004fd8 Aug 26 18:34:00.503440: | free_event_entry: release EVENT_SA_EXPIRE-pe@0x7f549c004218 Aug 26 18:34:00.503443: | in statetime_stop() and could not find #4 Aug 26 18:34:00.503445: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Aug 26 18:34:00.503449: | timer_event_cb: processing event@0x55a94fb5b238 Aug 26 18:34:00.503452: | handling event EVENT_SA_EXPIRE for child state #8 Aug 26 18:34:00.503457: | start processing: state #8 connection "north-dpd/0x2" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 18:34:00.503460: | picked newest_ipsec_sa #0 for #8 Aug 26 18:34:00.503463: | un-established partial CHILD SA timeout (SA expired) Aug 26 18:34:00.503466: | pstats #8 ikev1.ipsec failed exchange-timeout Aug 26 18:34:00.503469: | pstats #8 ikev1.ipsec deleted exchange-timeout Aug 26 18:34:00.503473: | [RE]START processing: state #8 connection "north-dpd/0x2" from 192.1.2.23 (in delete_state() at state.c:879) Aug 26 18:34:00.503477: "north-dpd/0x2" #8: deleting state (STATE_QUICK_I1) aged 0.035s and NOT sending notification Aug 26 18:34:00.503482: | child state #8: QUICK_I1(established CHILD SA) => delete Aug 26 18:34:00.503485: | child state #8: QUICK_I1(established CHILD SA) => CHILDSA_DEL(informational) Aug 26 18:34:00.503489: | priority calculation of connection "north-dpd/0x2" is 0xfe7e7 Aug 26 18:34:00.503495: | delete inbound eroute 192.0.22.0/24:0 --0-> 192.0.3.0/24:0 => unk255.10000@192.1.3.33 (raw_eroute) Aug 26 18:34:00.503504: | raw_eroute result=success Aug 26 18:34:00.503507: | in connection_discard for connection north-dpd/0x2 Aug 26 18:34:00.503510: | State DB: deleting IKEv1 state #8 in CHILDSA_DEL Aug 26 18:34:00.503513: | child state #8: CHILDSA_DEL(informational) => UNDEFINED(ignore) Aug 26 18:34:00.503530: | stop processing: state #8 from 192.1.2.23 (in delete_state() at state.c:1143) Aug 26 18:34:00.503545: | libevent_free: release ptr-libevent@0x7f548c002888 Aug 26 18:34:00.503549: | free_event_entry: release EVENT_SA_EXPIRE-pe@0x55a94fb5b238 Aug 26 18:34:00.503551: | in statetime_stop() and could not find #8 Aug 26 18:34:00.503554: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Aug 26 18:34:01.002105: | timer_event_cb: processing event@0x7f54900058b8 Aug 26 18:34:01.002120: | handling event EVENT_RETRANSMIT for parent state #10 Aug 26 18:34:01.002126: | start processing: state #10 connection "north-dpd/0x1" from 192.1.2.23 (in timer_event_cb() at timer.c:250) Aug 26 18:34:01.002129: | IKEv1 retransmit event Aug 26 18:34:01.002133: | [RE]START processing: state #10 connection "north-dpd/0x1" from 192.1.2.23 (in retransmit_v1_msg() at retry.c:61) Aug 26 18:34:01.002136: | handling event EVENT_RETRANSMIT for 192.1.2.23 "north-dpd/0x1" #10 keying attempt 1 of 0; retransmit 1 Aug 26 18:34:01.002140: | retransmits: current time 29726.744605; retransmit count 0 exceeds limit? NO; deltatime 0.5 exceeds limit? NO; monotime 0.500248 exceeds limit? NO Aug 26 18:34:01.002143: | event_schedule: new EVENT_RETRANSMIT-pe@0x55a94fbd3e68 Aug 26 18:34:01.002146: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #10 Aug 26 18:34:01.002149: | libevent_malloc: new ptr-libevent@0x7f549800a388 size 128 Aug 26 18:34:01.002153: "north-dpd/0x1" #10: STATE_MAIN_I1: retransmission; will wait 0.5 seconds for response Aug 26 18:34:01.002157: | sending 792 bytes for EVENT_RETRANSMIT through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #10) Aug 26 18:34:01.002159: | 7f 90 8f c4 99 2c 6d 57 00 00 00 00 00 00 00 00 Aug 26 18:34:01.002161: | 01 10 02 00 00 00 00 00 00 00 03 18 0d 00 02 84 Aug 26 18:34:01.002162: | 00 00 00 01 00 00 00 01 00 00 02 78 00 01 00 12 Aug 26 18:34:01.002164: | 03 00 00 24 00 01 00 00 80 0b 00 01 80 0c 0e 10 Aug 26 18:34:01.002166: | 80 01 00 07 80 02 00 04 80 03 00 03 80 04 00 0e Aug 26 18:34:01.002167: | 80 0e 01 00 03 00 00 24 01 01 00 00 80 0b 00 01 Aug 26 18:34:01.002169: | 80 0c 0e 10 80 01 00 07 80 02 00 04 80 03 00 03 Aug 26 18:34:01.002170: | 80 04 00 0e 80 0e 00 80 03 00 00 24 02 01 00 00 Aug 26 18:34:01.002172: | 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 06 Aug 26 18:34:01.002173: | 80 03 00 03 80 04 00 0e 80 0e 01 00 03 00 00 24 Aug 26 18:34:01.002175: | 03 01 00 00 80 0b 00 01 80 0c 0e 10 80 01 00 07 Aug 26 18:34:01.002176: | 80 02 00 06 80 03 00 03 80 04 00 0e 80 0e 00 80 Aug 26 18:34:01.002178: | 03 00 00 24 04 01 00 00 80 0b 00 01 80 0c 0e 10 Aug 26 18:34:01.002179: | 80 01 00 07 80 02 00 02 80 03 00 03 80 04 00 0e Aug 26 18:34:01.002181: | 80 0e 01 00 03 00 00 24 05 01 00 00 80 0b 00 01 Aug 26 18:34:01.002182: | 80 0c 0e 10 80 01 00 07 80 02 00 02 80 03 00 03 Aug 26 18:34:01.002184: | 80 04 00 0e 80 0e 00 80 03 00 00 24 06 01 00 00 Aug 26 18:34:01.002186: | 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 04 Aug 26 18:34:01.002187: | 80 03 00 03 80 04 00 05 80 0e 01 00 03 00 00 24 Aug 26 18:34:01.002189: | 07 01 00 00 80 0b 00 01 80 0c 0e 10 80 01 00 07 Aug 26 18:34:01.002190: | 80 02 00 04 80 03 00 03 80 04 00 05 80 0e 00 80 Aug 26 18:34:01.002192: | 03 00 00 24 08 01 00 00 80 0b 00 01 80 0c 0e 10 Aug 26 18:34:01.002196: | 80 01 00 07 80 02 00 06 80 03 00 03 80 04 00 05 Aug 26 18:34:01.002198: | 80 0e 01 00 03 00 00 24 09 01 00 00 80 0b 00 01 Aug 26 18:34:01.002199: | 80 0c 0e 10 80 01 00 07 80 02 00 06 80 03 00 03 Aug 26 18:34:01.002201: | 80 04 00 05 80 0e 00 80 03 00 00 24 0a 01 00 00 Aug 26 18:34:01.002202: | 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 02 Aug 26 18:34:01.002204: | 80 03 00 03 80 04 00 05 80 0e 01 00 03 00 00 24 Aug 26 18:34:01.002206: | 0b 01 00 00 80 0b 00 01 80 0c 0e 10 80 01 00 07 Aug 26 18:34:01.002207: | 80 02 00 02 80 03 00 03 80 04 00 05 80 0e 00 80 Aug 26 18:34:01.002209: | 03 00 00 20 0c 01 00 00 80 0b 00 01 80 0c 0e 10 Aug 26 18:34:01.002210: | 80 01 00 05 80 02 00 04 80 03 00 03 80 04 00 0e Aug 26 18:34:01.002212: | 03 00 00 20 0d 01 00 00 80 0b 00 01 80 0c 0e 10 Aug 26 18:34:01.002213: | 80 01 00 05 80 02 00 06 80 03 00 03 80 04 00 0e Aug 26 18:34:01.002215: | 03 00 00 20 0e 01 00 00 80 0b 00 01 80 0c 0e 10 Aug 26 18:34:01.002216: | 80 01 00 05 80 02 00 02 80 03 00 03 80 04 00 0e Aug 26 18:34:01.002218: | 03 00 00 20 0f 01 00 00 80 0b 00 01 80 0c 0e 10 Aug 26 18:34:01.002219: | 80 01 00 05 80 02 00 04 80 03 00 03 80 04 00 05 Aug 26 18:34:01.002221: | 03 00 00 20 10 01 00 00 80 0b 00 01 80 0c 0e 10 Aug 26 18:34:01.002222: | 80 01 00 05 80 02 00 06 80 03 00 03 80 04 00 05 Aug 26 18:34:01.002224: | 00 00 00 20 11 01 00 00 80 0b 00 01 80 0c 0e 10 Aug 26 18:34:01.002226: | 80 01 00 05 80 02 00 02 80 03 00 03 80 04 00 05 Aug 26 18:34:01.002227: | 0d 00 00 14 40 48 b7 d5 6e bc e8 85 25 e7 de 7f Aug 26 18:34:01.002229: | 00 d6 c2 d3 0d 00 00 14 af ca d7 13 68 a1 f1 c9 Aug 26 18:34:01.002230: | 6b 86 96 fc 77 57 01 00 0d 00 00 14 4a 13 1c 81 Aug 26 18:34:01.002232: | 07 03 58 45 5c 57 28 f2 0e 95 45 2f 0d 00 00 14 Aug 26 18:34:01.002233: | 7d 94 19 a6 53 10 ca 6f 2c 17 9d 92 15 52 9d 56 Aug 26 18:34:01.002235: | 0d 00 00 14 90 cb 80 91 3e bb 69 6e 08 63 81 b5 Aug 26 18:34:01.002236: | ec 42 7b 1f 00 00 00 14 cd 60 46 43 35 df 21 f8 Aug 26 18:34:01.002238: | 7c fd b2 fc 68 b6 a4 48 Aug 26 18:34:01.002272: | libevent_free: release ptr-libevent@0x7f54a0003878 Aug 26 18:34:01.002275: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f54900058b8 Aug 26 18:34:01.002282: | #10 spent 0.163 milliseconds in timer_event_cb() EVENT_RETRANSMIT Aug 26 18:34:01.002285: | stop processing: state #10 connection "north-dpd/0x1" from 192.1.2.23 (in timer_event_cb() at timer.c:557) Aug 26 18:34:01.003772: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) Aug 26 18:34:01.003788: shutting down Aug 26 18:34:01.003794: | processing: RESET whack log_fd (was fd@16) (in exit_pluto() at plutomain.c:1825) Aug 26 18:34:01.003796: destroying root certificate cache Aug 26 18:34:01.003819: | certs and keys locked by 'free_preshared_secrets' Aug 26 18:34:01.003821: forgetting secrets Aug 26 18:34:01.003827: | certs and keys unlocked by 'free_preshared_secrets' Aug 26 18:34:01.003834: | unreference key: 0x55a94fbcd5f8 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org cnt 1-- Aug 26 18:34:01.003837: | unreference key: 0x55a94fbcd1a8 user-east@testing.libreswan.org cnt 1-- Aug 26 18:34:01.003840: | unreference key: 0x55a94fbcb6b8 @east.testing.libreswan.org cnt 1-- Aug 26 18:34:01.003842: | unreference key: 0x55a94fbcc3f8 east@testing.libreswan.org cnt 1-- Aug 26 18:34:01.003845: | unreference key: 0x55a94fbcc668 192.1.2.23 cnt 1-- Aug 26 18:34:01.003850: | unreference key: 0x55a94fbc6e58 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org cnt 1-- Aug 26 18:34:01.003852: | unreference key: 0x55a94fbc6c38 user-north@testing.libreswan.org cnt 1-- Aug 26 18:34:01.003856: | unreference key: 0x55a94fbc3808 @north.testing.libreswan.org cnt 1-- Aug 26 18:34:01.003861: | start processing: connection "north-dpd/0x2" (in delete_connection() at connections.c:189) Aug 26 18:34:01.003864: | removing pending policy for no connection {0x55a94fbdac58} Aug 26 18:34:01.003866: | Deleting states for connection - including all other IPsec SA's of this IKE SA Aug 26 18:34:01.003868: | pass 0 Aug 26 18:34:01.003869: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 18:34:01.003871: | state #10 Aug 26 18:34:01.003873: | pass 1 Aug 26 18:34:01.003874: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 18:34:01.003876: | state #10 Aug 26 18:34:01.003879: | shunt_eroute() called for connection 'north-dpd/0x2' to 'delete' for rt_kind 'unrouted' using protoports 0--0->-0 Aug 26 18:34:01.003881: | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 Aug 26 18:34:01.003884: | priority calculation of connection "north-dpd/0x2" is 0xfe7e7 Aug 26 18:34:01.003914: | priority calculation of connection "north-dpd/0x2" is 0xfe7e7 Aug 26 18:34:01.003922: | FOR_EACH_CONNECTION_... in route_owner Aug 26 18:34:01.003924: | conn north-dpd/0x2 mark 0/00000000, 0/00000000 vs Aug 26 18:34:01.003926: | conn north-dpd/0x2 mark 0/00000000, 0/00000000 Aug 26 18:34:01.003928: | conn north-dpd/0x2 mark 0/00000000, 0/00000000 vs Aug 26 18:34:01.003929: | conn north-dpd/0x1 mark 0/00000000, 0/00000000 Aug 26 18:34:01.003932: | route owner of "north-dpd/0x2" unrouted: NULL Aug 26 18:34:01.003934: | running updown command "ipsec _updown" for verb unroute Aug 26 18:34:01.003936: | command executing unroute-client Aug 26 18:34:01.003975: | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-dpd/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CO Aug 26 18:34:01.003981: | popen cmd is 1274 chars long Aug 26 18:34:01.003986: | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-dpd/0x2': Aug 26 18:34:01.003990: | cmd( 80): PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO: Aug 26 18:34:01.003994: | cmd( 160):_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.t: Aug 26 18:34:01.003997: | cmd( 240):esting.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0: Aug 26 18:34:01.004001: | cmd( 320):.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PL: Aug 26 18:34:01.004004: | cmd( 400):UTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='none: Aug 26 18:34:01.004007: | cmd( 480):' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswa: Aug 26 18:34:01.004009: | cmd( 560):n, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libres: Aug 26 18:34:01.004011: | cmd( 640):wan.org' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' PL: Aug 26 18:34:01.004013: | cmd( 720):UTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0': Aug 26 18:34:01.004014: | cmd( 800): PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSAS: Aug 26 18:34:01.004016: | cmd( 880):IG+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CO: Aug 26 18:34:01.004019: | cmd( 960):NN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER: Aug 26 18:34:01.004021: | cmd(1040):_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='': Aug 26 18:34:01.004023: | cmd(1120): PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' : Aug 26 18:34:01.004025: | cmd(1200):VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&1: Aug 26 18:34:01.012349: "north-dpd/0x2": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:34:01.012370: "north-dpd/0x2": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:34:01.012373: "north-dpd/0x2": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:34:01.012375: "north-dpd/0x2": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:34:01.012377: "north-dpd/0x2": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:34:01.012378: "north-dpd/0x2": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:34:01.012381: "north-dpd/0x2": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:34:01.012388: "north-dpd/0x2": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:34:01.012437: "north-dpd/0x2": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:34:01.012445: "north-dpd/0x2": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:34:01.012447: "north-dpd/0x2": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:34:01.012448: "north-dpd/0x2": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:34:01.012450: "north-dpd/0x2": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:34:01.012452: "north-dpd/0x2": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:34:01.012454: "north-dpd/0x2": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:34:01.012457: "north-dpd/0x2": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:34:01.012506: "north-dpd/0x2": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:34:01.012513: "north-dpd/0x2": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:34:01.012515: "north-dpd/0x2": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:34:01.012517: "north-dpd/0x2": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:34:01.012518: "north-dpd/0x2": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:34:01.012521: "north-dpd/0x2": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:34:01.012523: "north-dpd/0x2": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:34:01.012529: "north-dpd/0x2": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:34:01.012579: "north-dpd/0x2": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:34:01.012586: "north-dpd/0x2": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:34:01.012588: "north-dpd/0x2": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:34:01.012589: "north-dpd/0x2": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:34:01.012591: "north-dpd/0x2": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:34:01.012594: "north-dpd/0x2": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:34:01.012595: "north-dpd/0x2": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:34:01.012602: "north-dpd/0x2": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:34:01.012651: "north-dpd/0x2": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:34:01.012658: "north-dpd/0x2": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:34:01.012660: "north-dpd/0x2": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:34:01.012665: "north-dpd/0x2": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:34:01.012667: "north-dpd/0x2": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:34:01.012670: "north-dpd/0x2": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:34:01.012671: "north-dpd/0x2": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:34:01.012673: "north-dpd/0x2": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:34:01.012809: "north-dpd/0x2": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:34:01.012818: "north-dpd/0x2": unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:34:01.016905: | flush revival: connection 'north-dpd/0x2' wasn't on the list Aug 26 18:34:01.016919: | stop processing: connection "north-dpd/0x2" (in discard_connection() at connections.c:249) Aug 26 18:34:01.016931: | start processing: connection "north-dpd/0x1" (in delete_connection() at connections.c:189) Aug 26 18:34:01.016934: | removing pending policy for no connection {0x55a94fbdeee8} Aug 26 18:34:01.016936: | Deleting states for connection - including all other IPsec SA's of this IKE SA Aug 26 18:34:01.016938: | pass 0 Aug 26 18:34:01.016940: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 18:34:01.016942: | state #10 Aug 26 18:34:01.016944: | suspend processing: connection "north-dpd/0x1" (in foreach_state_by_connection_func_delete() at state.c:1310) Aug 26 18:34:01.016949: | start processing: state #10 connection "north-dpd/0x1" from 192.1.2.23 (in foreach_state_by_connection_func_delete() at state.c:1310) Aug 26 18:34:01.016951: | pstats #10 ikev1.isakmp deleted other Aug 26 18:34:01.016956: | [RE]START processing: state #10 connection "north-dpd/0x1" from 192.1.2.23 (in delete_state() at state.c:879) Aug 26 18:34:01.016959: "north-dpd/0x1" #10: deleting state (STATE_MAIN_I1) aged 0.517s and NOT sending notification Aug 26 18:34:01.016962: | parent state #10: MAIN_I1(half-open IKE SA) => delete Aug 26 18:34:01.017024: | state #10 requesting EVENT_RETRANSMIT to be deleted Aug 26 18:34:01.017028: | #10 STATE_MAIN_I1: retransmits: cleared Aug 26 18:34:01.017037: | libevent_free: release ptr-libevent@0x7f549800a388 Aug 26 18:34:01.017041: | free_event_entry: release EVENT_RETRANSMIT-pe@0x55a94fbd3e68 Aug 26 18:34:01.017043: | State DB: IKEv1 state not found (flush_incomplete_children) Aug 26 18:34:01.017046: | picked newest_isakmp_sa #0 for #10 Aug 26 18:34:01.017048: "north-dpd/0x1" #10: deleting IKE SA for connection 'north-dpd/0x1' but connection is supposed to remain up; schedule EVENT_REVIVE_CONNS Aug 26 18:34:01.017050: | add revival: connection 'north-dpd/0x1' added to the list and scheduled for 0 seconds Aug 26 18:34:01.017053: | global one-shot timer EVENT_REVIVE_CONNS scheduled in 0 seconds Aug 26 18:34:01.017059: | stop processing: connection "north-dpd/0x1" (BACKGROUND) (in update_state_connection() at connections.c:4076) Aug 26 18:34:01.017067: | start processing: connection NULL (in update_state_connection() at connections.c:4077) Aug 26 18:34:01.017071: | in connection_discard for connection north-dpd/0x1 Aug 26 18:34:01.017074: | State DB: deleting IKEv1 state #10 in MAIN_I1 Aug 26 18:34:01.017083: | parent state #10: MAIN_I1(half-open IKE SA) => UNDEFINED(ignore) Aug 26 18:34:01.017089: | stop processing: state #10 from 192.1.2.23 (in delete_state() at state.c:1143) Aug 26 18:34:01.017095: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) Aug 26 18:34:01.017098: | pass 1 Aug 26 18:34:01.017101: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Aug 26 18:34:01.017106: | shunt_eroute() called for connection 'north-dpd/0x1' to 'delete' for rt_kind 'unrouted' using protoports 0--0->-0 Aug 26 18:34:01.017111: | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 Aug 26 18:34:01.017115: | priority calculation of connection "north-dpd/0x1" is 0xfe7e7 Aug 26 18:34:01.017413: | priority calculation of connection "north-dpd/0x1" is 0xfe7e7 Aug 26 18:34:01.017440: | FOR_EACH_CONNECTION_... in route_owner Aug 26 18:34:01.017449: | conn north-dpd/0x1 mark 0/00000000, 0/00000000 vs Aug 26 18:34:01.017454: | conn north-dpd/0x1 mark 0/00000000, 0/00000000 Aug 26 18:34:01.017458: | route owner of "north-dpd/0x1" unrouted: NULL Aug 26 18:34:01.017462: | running updown command "ipsec _updown" for verb unroute Aug 26 18:34:01.017465: | command executing unroute-client Aug 26 18:34:01.017491: | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-dpd/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN Aug 26 18:34:01.017493: | popen cmd is 1272 chars long Aug 26 18:34:01.017495: | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-dpd/0x1': Aug 26 18:34:01.017497: | cmd( 80): PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO: Aug 26 18:34:01.017499: | cmd( 160):_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.t: Aug 26 18:34:01.017501: | cmd( 240):esting.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0: Aug 26 18:34:01.017502: | cmd( 320):.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PL: Aug 26 18:34:01.017504: | cmd( 400):UTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none: Aug 26 18:34:01.017506: | cmd( 480):' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswa: Aug 26 18:34:01.017508: | cmd( 560):n, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libres: Aug 26 18:34:01.017509: | cmd( 640):wan.org' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUT: Aug 26 18:34:01.017511: | cmd( 720):O_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' P: Aug 26 18:34:01.017513: | cmd( 800):LUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG: Aug 26 18:34:01.017514: | cmd( 880):+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN: Aug 26 18:34:01.017516: | cmd( 960):_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_C: Aug 26 18:34:01.017518: | cmd(1040):ISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' P: Aug 26 18:34:01.017519: | cmd(1120):LUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VT: Aug 26 18:34:01.017521: | cmd(1200):I_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&1: Aug 26 18:34:01.026062: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:34:01.026083: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:34:01.026086: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:34:01.026088: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:34:01.026089: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:34:01.026091: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:34:01.026093: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:34:01.026099: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:34:01.026109: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:34:01.026119: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:34:01.026129: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:34:01.026140: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:34:01.026150: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:34:01.026159: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:34:01.026169: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:34:01.026178: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:34:01.026189: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:34:01.026199: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:34:01.026209: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:34:01.026222: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:34:01.026231: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:34:01.026242: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:34:01.026252: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:34:01.026261: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:34:01.026270: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:34:01.026279: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:34:01.026298: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:34:01.026312: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:34:01.026322: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:34:01.026332: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:34:01.026342: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:34:01.026352: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:34:01.026362: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:34:01.026371: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:34:01.026381: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:34:01.026390: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:34:01.026400: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:34:01.026413: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:34:01.026428: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:34:01.026441: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:34:01.026589: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:34:01.026602: unroute-client output: Error: Peer netns reference is invalid. Aug 26 18:34:01.031242: | free hp@0x55a94fbcbe78 Aug 26 18:34:01.031262: | flush revival: connection 'north-dpd/0x1' revival flushed Aug 26 18:34:01.031268: | processing: STOP connection NULL (in discard_connection() at connections.c:249) Aug 26 18:34:01.031318: | crl fetch request list locked by 'free_crl_fetch' Aug 26 18:34:01.031325: | crl fetch request list unlocked by 'free_crl_fetch' Aug 26 18:34:01.031341: shutting down interface lo/lo 127.0.0.1:4500 Aug 26 18:34:01.031345: shutting down interface lo/lo 127.0.0.1:500 Aug 26 18:34:01.031349: shutting down interface eth0/eth0 192.0.3.254:4500 Aug 26 18:34:01.031352: shutting down interface eth0/eth0 192.0.3.254:500 Aug 26 18:34:01.031355: shutting down interface eth1/eth1 192.1.3.33:4500 Aug 26 18:34:01.031358: shutting down interface eth1/eth1 192.1.3.33:500 Aug 26 18:34:01.031363: | FOR_EACH_STATE_... in delete_states_dead_interfaces Aug 26 18:34:01.031377: | libevent_free: release ptr-libevent@0x55a94fbb56e8 Aug 26 18:34:01.031381: | free_event_entry: release EVENT_NULL-pe@0x55a94fbc1298 Aug 26 18:34:01.031396: | libevent_free: release ptr-libevent@0x55a94fb5bf78 Aug 26 18:34:01.031400: | free_event_entry: release EVENT_NULL-pe@0x55a94fbc1348 Aug 26 18:34:01.031409: | libevent_free: release ptr-libevent@0x55a94fb5c028 Aug 26 18:34:01.031413: | free_event_entry: release EVENT_NULL-pe@0x55a94fbc13f8 Aug 26 18:34:01.031422: | libevent_free: release ptr-libevent@0x55a94fb5af58 Aug 26 18:34:01.031425: | free_event_entry: release EVENT_NULL-pe@0x55a94fbc14a8 Aug 26 18:34:01.031433: | libevent_free: release ptr-libevent@0x55a94fb63268 Aug 26 18:34:01.031436: | free_event_entry: release EVENT_NULL-pe@0x55a94fbc1558 Aug 26 18:34:01.031443: | libevent_free: release ptr-libevent@0x55a94fb63d88 Aug 26 18:34:01.031447: | free_event_entry: release EVENT_NULL-pe@0x55a94fbc1608 Aug 26 18:34:01.031453: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Aug 26 18:34:01.031961: | libevent_free: release ptr-libevent@0x55a94fbb5798 Aug 26 18:34:01.031969: | free_event_entry: release EVENT_NULL-pe@0x55a94fba9938 Aug 26 18:34:01.031975: | libevent_free: release ptr-libevent@0x55a94fba2438 Aug 26 18:34:01.031978: | free_event_entry: release EVENT_NULL-pe@0x55a94fba9498 Aug 26 18:34:01.031982: | libevent_free: release ptr-libevent@0x55a94fba2388 Aug 26 18:34:01.031985: | free_event_entry: release EVENT_NULL-pe@0x55a94fb63428 Aug 26 18:34:01.031989: | global timer EVENT_REINIT_SECRET uninitialized Aug 26 18:34:01.031992: | global timer EVENT_SHUNT_SCAN uninitialized Aug 26 18:34:01.031995: | global timer EVENT_PENDING_DDNS uninitialized Aug 26 18:34:01.031997: | global timer EVENT_PENDING_PHASE2 uninitialized Aug 26 18:34:01.032000: | global timer EVENT_CHECK_CRLS uninitialized Aug 26 18:34:01.032002: | global timer EVENT_REVIVE_CONNS uninitialized Aug 26 18:34:01.032005: | global timer EVENT_FREE_ROOT_CERTS uninitialized Aug 26 18:34:01.032008: | global timer EVENT_RESET_LOG_RATE_LIMIT uninitialized Aug 26 18:34:01.032010: | global timer EVENT_NAT_T_KEEPALIVE uninitialized Aug 26 18:34:01.032016: | libevent_free: release ptr-libevent@0x55a94fb679f8 Aug 26 18:34:01.032020: | signal event handler PLUTO_SIGCHLD uninstalled Aug 26 18:34:01.032023: | libevent_free: release ptr-libevent@0x55a94fadd198 Aug 26 18:34:01.032026: | signal event handler PLUTO_SIGTERM uninstalled Aug 26 18:34:01.032029: | libevent_free: release ptr-libevent@0x55a94fae0dd8 Aug 26 18:34:01.032031: | signal event handler PLUTO_SIGHUP uninstalled Aug 26 18:34:01.032034: | libevent_free: release ptr-libevent@0x55a94fbc0d78 Aug 26 18:34:01.032037: | signal event handler PLUTO_SIGSYS uninstalled Aug 26 18:34:01.032039: | releasing event base Aug 26 18:34:01.032052: | libevent_free: release ptr-libevent@0x55a94fbc0c48 Aug 26 18:34:01.032055: | libevent_free: release ptr-libevent@0x55a94fba3d58 Aug 26 18:34:01.032059: | libevent_free: release ptr-libevent@0x55a94fba3d08 Aug 26 18:34:01.032062: | libevent_free: release ptr-libevent@0x55a94fbc24b8 Aug 26 18:34:01.032065: | libevent_free: release ptr-libevent@0x55a94fba3cc8 Aug 26 18:34:01.032068: | libevent_free: release ptr-libevent@0x55a94fbc0a08 Aug 26 18:34:01.032070: | libevent_free: release ptr-libevent@0x55a94fbc0b48 Aug 26 18:34:01.032073: | libevent_free: release ptr-libevent@0x55a94fba3f08 Aug 26 18:34:01.032075: | libevent_free: release ptr-libevent@0x55a94fba9508 Aug 26 18:34:01.032078: | libevent_free: release ptr-libevent@0x55a94fba9168 Aug 26 18:34:01.032081: | libevent_free: release ptr-libevent@0x55a94fbc1678 Aug 26 18:34:01.032084: | libevent_free: release ptr-libevent@0x55a94fbc15c8 Aug 26 18:34:01.032086: | libevent_free: release ptr-libevent@0x55a94fbc1518 Aug 26 18:34:01.032089: | libevent_free: release ptr-libevent@0x55a94fbc1468 Aug 26 18:34:01.032091: | libevent_free: release ptr-libevent@0x55a94fbc13b8 Aug 26 18:34:01.032094: | libevent_free: release ptr-libevent@0x55a94fbc1308 Aug 26 18:34:01.032097: | libevent_free: release ptr-libevent@0x55a94fadf868 Aug 26 18:34:01.032099: | libevent_free: release ptr-libevent@0x55a94fbc0bc8 Aug 26 18:34:01.032102: | libevent_free: release ptr-libevent@0x55a94fbc0b88 Aug 26 18:34:01.032107: | libevent_free: release ptr-libevent@0x55a94fbc0a48 Aug 26 18:34:01.032110: | libevent_free: release ptr-libevent@0x55a94fbc0c08 Aug 26 18:34:01.032112: | libevent_free: release ptr-libevent@0x55a94fadc3d8 Aug 26 18:34:01.032115: | libevent_free: release ptr-libevent@0x55a94fb69588 Aug 26 18:34:01.032118: | libevent_free: release ptr-libevent@0x55a94fb69508 Aug 26 18:34:01.032121: | libevent_free: release ptr-libevent@0x55a94fadc748 Aug 26 18:34:01.032123: | releasing global libevent data Aug 26 18:34:01.032126: | libevent_free: release ptr-libevent@0x55a94fb69708 Aug 26 18:34:01.032129: | libevent_free: release ptr-libevent@0x55a94fb69688 Aug 26 18:34:01.032132: | libevent_free: release ptr-libevent@0x55a94fb69608 Aug 26 18:34:01.032180: leak detective found no leaks