FIPS Product: YES FIPS Kernel: NO FIPS Mode: NO NSS DB directory: sql:/etc/ipsec.d Initializing NSS Opening NSS database "sql:/etc/ipsec.d" read-only NSS initialized NSS crypto library initialized FIPS HMAC integrity support [enabled] FIPS mode disabled for pluto daemon FIPS HMAC integrity verification self-test FAILED libcap-ng support [enabled] Linux audit support [enabled] Linux audit activated Starting Pluto (Libreswan Version v3.28-685-gbfd5aef521-master-s2 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:19595 core dump dir: /tmp secrets file: /etc/ipsec.secrets leak-detective enabled NSS crypto [enabled] XAUTH PAM support [enabled] | libevent is using pluto's memory allocator Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800) | libevent_malloc: new ptr-libevent@0x55f7ab31a518 size 40 | libevent_malloc: new ptr-libevent@0x55f7ab2e9cd8 size 40 | libevent_malloc: new ptr-libevent@0x55f7ab2e9dd8 size 40 | creating event base | libevent_malloc: new ptr-libevent@0x55f7ab36c818 size 56 | libevent_malloc: new ptr-libevent@0x55f7ab318d08 size 664 | libevent_malloc: new ptr-libevent@0x55f7ab36c888 size 24 | libevent_malloc: new ptr-libevent@0x55f7ab36c8d8 size 384 | libevent_malloc: new ptr-libevent@0x55f7ab36c7d8 size 16 | libevent_malloc: new ptr-libevent@0x55f7ab2e9908 size 40 | libevent_malloc: new ptr-libevent@0x55f7ab2e9d38 size 48 | libevent_realloc: new ptr-libevent@0x55f7ab318998 size 256 | libevent_malloc: new ptr-libevent@0x55f7ab36ca88 size 16 | libevent_free: release ptr-libevent@0x55f7ab36c818 | libevent initialized | libevent_realloc: new ptr-libevent@0x55f7ab36c818 size 64 | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds | init_nat_traversal() initialized with keep_alive=0s NAT-Traversal support [enabled] | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized | global one-shot timer EVENT_FREE_ROOT_CERTS initialized | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds | global one-shot timer EVENT_REVIVE_CONNS initialized | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds Encryption algorithms: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm, aes_ccm_c AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_b AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_a 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] 3des CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128} CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} camellia AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm, aes_gcm_c AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_b AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_a AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aesctr AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aes SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} serpent TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} twofish TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} twofish_cbc_ssh NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_gmac NULL IKEv1: ESP IKEv2: ESP [] CHACHA20_POLY1305 IKEv1: IKEv2: IKE ESP [*256] chacha20poly1305 Hash algorithms: MD5 IKEv1: IKE IKEv2: SHA1 IKEv1: IKE IKEv2: FIPS sha SHA2_256 IKEv1: IKE IKEv2: FIPS sha2, sha256 SHA2_384 IKEv1: IKE IKEv2: FIPS sha384 SHA2_512 IKEv1: IKE IKEv2: FIPS sha512 PRF algorithms: HMAC_MD5 IKEv1: IKE IKEv2: IKE md5 HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS sha, sha1 HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS sha2, sha256, sha2_256 HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS sha384, sha2_384 HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS sha512, sha2_512 AES_XCBC IKEv1: IKEv2: IKE aes128_xcbc Integrity algorithms: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH md5, hmac_md5 HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha, sha1, sha1_96, hmac_sha1 HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha512, sha2_512, sha2_512_256, hmac_sha2_512 HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha384, sha2_384, sha2_384_192, hmac_sha2_384 HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH aes_xcbc, aes128_xcbc, aes128_xcbc_96 AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac NONE IKEv1: ESP IKEv2: IKE ESP FIPS null DH algorithms: NONE IKEv1: IKEv2: IKE ESP AH FIPS null, dh0 MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh5 MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh14 MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh15 MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh16 MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh17 MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh18 DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_256, ecp256 DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_384, ecp384 DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_521, ecp521 DH31 IKEv1: IKE IKEv2: IKE ESP AH curve25519 testing CAMELLIA_CBC: Camellia: 16 bytes with 128-bit key Camellia: 16 bytes with 128-bit key Camellia: 16 bytes with 256-bit key Camellia: 16 bytes with 256-bit key testing AES_GCM_16: empty string one block two blocks two blocks with associated data testing AES_CTR: Encrypting 16 octets using AES-CTR with 128-bit key Encrypting 32 octets using AES-CTR with 128-bit key Encrypting 36 octets using AES-CTR with 128-bit key Encrypting 16 octets using AES-CTR with 192-bit key Encrypting 32 octets using AES-CTR with 192-bit key Encrypting 36 octets using AES-CTR with 192-bit key Encrypting 16 octets using AES-CTR with 256-bit key Encrypting 32 octets using AES-CTR with 256-bit key Encrypting 36 octets using AES-CTR with 256-bit key testing AES_CBC: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key testing AES_XCBC: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) testing HMAC_MD5: RFC 2104: MD5_HMAC test 1 RFC 2104: MD5_HMAC test 2 RFC 2104: MD5_HMAC test 3 8 CPU cores online starting up 7 crypto helpers started thread for crypto helper 0 started thread for crypto helper 1 started thread for crypto helper 2 started thread for crypto helper 3 | starting up helper thread 2 | status value returned by setting the priority of this thread (crypto helper 2) 22 | crypto helper 2 waiting (nothing to do) started thread for crypto helper 4 | starting up helper thread 3 | status value returned by setting the priority of this thread (crypto helper 3) 22 | crypto helper 3 waiting (nothing to do) | starting up helper thread 4 | status value returned by setting the priority of this thread (crypto helper 4) 22 | crypto helper 4 waiting (nothing to do) started thread for crypto helper 5 | starting up helper thread 5 | status value returned by setting the priority of this thread (crypto helper 5) 22 | crypto helper 5 waiting (nothing to do) started thread for crypto helper 6 | starting up helper thread 6 | status value returned by setting the priority of this thread (crypto helper 6) 22 | crypto helper 6 waiting (nothing to do) | checking IKEv1 state table | MAIN_R0: category: half-open IKE SA flags: 0: | -> MAIN_R1 EVENT_SO_DISCARD | MAIN_I1: category: half-open IKE SA flags: 0: | -> MAIN_I2 EVENT_RETRANSMIT | MAIN_R1: category: open IKE SA flags: 200: | -> MAIN_R2 EVENT_RETRANSMIT | -> UNDEFINED EVENT_RETRANSMIT | -> UNDEFINED EVENT_RETRANSMIT | starting up helper thread 1 | MAIN_I2: category: open IKE SA flags: 0: | -> MAIN_I3 EVENT_RETRANSMIT | -> UNDEFINED EVENT_RETRANSMIT | -> UNDEFINED EVENT_RETRANSMIT | status value returned by setting the priority of this thread (crypto helper 1) 22 | crypto helper 1 waiting (nothing to do) | MAIN_R2: category: open IKE SA flags: 0: | -> MAIN_R3 EVENT_SA_REPLACE | -> MAIN_R3 EVENT_SA_REPLACE | -> UNDEFINED EVENT_SA_REPLACE | MAIN_I3: category: open IKE SA flags: 0: | -> MAIN_I4 EVENT_SA_REPLACE | -> MAIN_I4 EVENT_SA_REPLACE | -> UNDEFINED EVENT_SA_REPLACE | MAIN_R3: category: established IKE SA flags: 200: | -> UNDEFINED EVENT_NULL | MAIN_I4: category: established IKE SA flags: 0: | -> UNDEFINED EVENT_NULL | AGGR_R0: category: half-open IKE SA flags: 0: | -> AGGR_R1 EVENT_SO_DISCARD | AGGR_I1: category: half-open IKE SA flags: 0: | -> AGGR_I2 EVENT_SA_REPLACE | -> AGGR_I2 EVENT_SA_REPLACE | AGGR_R1: category: open IKE SA flags: 200: | -> AGGR_R2 EVENT_SA_REPLACE | -> AGGR_R2 EVENT_SA_REPLACE | AGGR_I2: category: established IKE SA flags: 200: | -> UNDEFINED EVENT_NULL | AGGR_R2: category: established IKE SA flags: 0: | -> UNDEFINED EVENT_NULL | QUICK_R0: category: established CHILD SA flags: 0: | -> QUICK_R1 EVENT_RETRANSMIT | QUICK_I1: category: established CHILD SA flags: 0: | -> QUICK_I2 EVENT_SA_REPLACE | QUICK_R1: category: established CHILD SA flags: 0: | -> QUICK_R2 EVENT_SA_REPLACE | QUICK_I2: category: established CHILD SA flags: 200: | -> UNDEFINED EVENT_NULL | QUICK_R2: category: established CHILD SA flags: 0: | -> UNDEFINED EVENT_NULL | INFO: category: informational flags: 0: | -> UNDEFINED EVENT_NULL | INFO_PROTECTED: category: informational flags: 0: | -> UNDEFINED EVENT_NULL | XAUTH_R0: category: established IKE SA flags: 0: | -> XAUTH_R1 EVENT_NULL | XAUTH_R1: category: established IKE SA flags: 0: | -> MAIN_R3 EVENT_SA_REPLACE | MODE_CFG_R0: category: informational flags: 0: | -> MODE_CFG_R1 EVENT_SA_REPLACE | MODE_CFG_R1: category: established IKE SA flags: 0: | -> MODE_CFG_R2 EVENT_SA_REPLACE | MODE_CFG_R2: category: established IKE SA flags: 0: | -> UNDEFINED EVENT_NULL | MODE_CFG_I1: category: established IKE SA flags: 0: | -> MAIN_I4 EVENT_SA_REPLACE | XAUTH_I0: category: established IKE SA flags: 0: | -> XAUTH_I1 EVENT_RETRANSMIT | XAUTH_I1: category: established IKE SA flags: 0: | -> MAIN_I4 EVENT_RETRANSMIT | checking IKEv2 state table | PARENT_I0: category: ignore flags: 0: | -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT) | PARENT_I1: category: half-open IKE SA flags: 0: | -> PARENT_I1 EVENT_RETAIN send-request (Initiator: process SA_INIT reply notification) | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH) | PARENT_I2: category: open IKE SA flags: 0: | -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification) | -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification) | -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification) | -> V2_IPSEC_I EVENT_SA_REPLACE (Initiator: process IKE_AUTH response) | -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification) | PARENT_I3: category: established IKE SA flags: 0: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Request) | -> PARENT_I3 EVENT_RETAIN (I3: Informational Response) | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Request) | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Response) | PARENT_R0: category: half-open IKE SA flags: 0: | -> PARENT_R1 EVENT_SO_DISCARD send-request (Respond to IKE_SA_INIT) | PARENT_R1: category: half-open IKE SA flags: 0: | -> PARENT_R1 EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request (no SKEYSEED)) | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request) | PARENT_R2: category: established IKE SA flags: 0: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Request) | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Response) | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Request) | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Response) | V2_CREATE_I0: category: established IKE SA flags: 0: | -> V2_CREATE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA) | V2_CREATE_I: category: established IKE SA flags: 0: | -> V2_IPSEC_I EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response) | V2_REKEY_IKE_I0: category: established IKE SA flags: 0: | -> V2_REKEY_IKE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey) | V2_REKEY_IKE_I: category: established IKE SA flags: 0: | -> PARENT_I3 EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response) | V2_REKEY_CHILD_I0: category: established IKE SA flags: 0: | -> V2_REKEY_CHILD_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA) | V2_REKEY_CHILD_I: category: established IKE SA flags: 0: <none> | V2_CREATE_R: category: established IKE SA flags: 0: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IPsec SA Request) | V2_REKEY_IKE_R: category: established IKE SA flags: 0: | -> PARENT_R2 EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IKE Rekey) | V2_REKEY_CHILD_R: category: established IKE SA flags: 0: <none> | V2_IPSEC_I: category: established CHILD SA flags: 0: <none> | V2_IPSEC_R: category: established CHILD SA flags: 0: <none> | IKESA_DEL: category: established IKE SA flags: 0: | -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) | CHILDSA_DEL: category: informational flags: 0: <none> Using Linux XFRM/NETKEY IPsec interface code on 5.1.18-200.fc29.x86_64 | Hard-wiring algorithms | adding AES_CCM_16 to kernel algorithm db | adding AES_CCM_12 to kernel algorithm db | adding AES_CCM_8 to kernel algorithm db | adding 3DES_CBC to kernel algorithm db | adding CAMELLIA_CBC to kernel algorithm db | adding AES_GCM_16 to kernel algorithm db | adding AES_GCM_12 to kernel algorithm db | adding AES_GCM_8 to kernel algorithm db | adding AES_CTR to kernel algorithm db | adding AES_CBC to kernel algorithm db | adding SERPENT_CBC to kernel algorithm db | adding TWOFISH_CBC to kernel algorithm db | adding NULL_AUTH_AES_GMAC to kernel algorithm db | adding NULL to kernel algorithm db | adding CHACHA20_POLY1305 to kernel algorithm db | adding HMAC_MD5_96 to kernel algorithm db | adding HMAC_SHA1_96 to kernel algorithm db | adding HMAC_SHA2_512_256 to kernel algorithm db | adding HMAC_SHA2_384_192 to kernel algorithm db | adding HMAC_SHA2_256_128 to kernel algorithm db | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db | adding AES_XCBC_96 to kernel algorithm db | adding AES_CMAC_96 to kernel algorithm db | adding NONE to kernel algorithm db | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds | setup kernel fd callback | add_fd_read_event_handler: new KERNEL_XRM_FD-pe@0x55f7ab372098 | libevent_malloc: new ptr-libevent@0x55f7ab355a98 size 128 | libevent_malloc: new ptr-libevent@0x55f7ab3715f8 size 16 | add_fd_read_event_handler: new KERNEL_ROUTE_FD-pe@0x55f7ab3714e8 | libevent_malloc: new ptr-libevent@0x55f7ab31bef8 size 128 | libevent_malloc: new ptr-libevent@0x55f7ab371fe8 size 16 | global one-shot timer EVENT_CHECK_CRLS initialized selinux support is enabled. | unbound context created - setting debug level to 5 | /etc/hosts lookups activated | /etc/resolv.conf usage activated | outgoing-port-avoid set 0-65535 | outgoing-port-permit set 32768-60999 | Loading dnssec root key from:/var/lib/unbound/root.key | No additional dnssec trust anchors defined via dnssec-trusted= option | Setting up events, loop start | add_fd_read_event_handler: new PLUTO_CTL_FD-pe@0x55f7ab372028 | libevent_malloc: new ptr-libevent@0x55f7ab37e2e8 size 128 | libevent_malloc: new ptr-libevent@0x55f7ab3895f8 size 16 | libevent_realloc: new ptr-libevent@0x55f7ab389638 size 256 | libevent_malloc: new ptr-libevent@0x55f7ab389768 size 8 | libevent_realloc: new ptr-libevent@0x55f7ab319248 size 144 | libevent_malloc: new ptr-libevent@0x55f7ab31d378 size 152 | libevent_malloc: new ptr-libevent@0x55f7ab3897a8 size 16 | signal event handler PLUTO_SIGCHLD installed | libevent_malloc: new ptr-libevent@0x55f7ab3897e8 size 8 | libevent_malloc: new ptr-libevent@0x55f7ab389828 size 152 | signal event handler PLUTO_SIGTERM installed | libevent_malloc: new ptr-libevent@0x55f7ab3898f8 size 8 | libevent_malloc: new ptr-libevent@0x55f7ab389938 size 152 | signal event handler PLUTO_SIGHUP installed | libevent_malloc: new ptr-libevent@0x55f7ab389a08 size 8 | libevent_realloc: release ptr-libevent@0x55f7ab319248 | libevent_realloc: new ptr-libevent@0x55f7ab389a48 size 256 | libevent_malloc: new ptr-libevent@0x55f7ab389b78 size 152 | signal event handler PLUTO_SIGSYS installed | created addconn helper (pid:19730) using fork+execve | forked child 19730 | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) listening for IKE messages | Inspecting interface lo | found lo with address 127.0.0.1 | Inspecting interface eth0 | found eth0 with address 192.0.3.254 | Inspecting interface eth1 | found eth1 with address 192.1.3.33 Kernel supports NIC esp-hw-offload adding interface eth1/eth1 (esp-hw-offload not supported by kernel) 192.1.3.33:500 | NAT-Traversal: Trying sockopt style NAT-T | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 adding interface eth1/eth1 192.1.3.33:4500 adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.0.3.254:500 | NAT-Traversal: Trying sockopt style NAT-T | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 adding interface eth0/eth0 192.0.3.254:4500 adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500 | NAT-Traversal: Trying sockopt style NAT-T | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 adding interface lo/lo 127.0.0.1:4500 | no interfaces to sort | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations | add_fd_read_event_handler: new ethX-pe@0x55f7ab38a0c8 | libevent_malloc: new ptr-libevent@0x55f7ab37e238 size 128 | libevent_malloc: new ptr-libevent@0x55f7ab38a138 size 16 | setup callback for interface lo 127.0.0.1:4500 fd 22 | add_fd_read_event_handler: new ethX-pe@0x55f7ab38a178 | libevent_malloc: new ptr-libevent@0x55f7ab31a158 size 128 | libevent_malloc: new ptr-libevent@0x55f7ab38a1e8 size 16 | setup callback for interface lo 127.0.0.1:500 fd 21 | add_fd_read_event_handler: new ethX-pe@0x55f7ab38a228 | libevent_malloc: new ptr-libevent@0x55f7ab31bff8 size 128 | libevent_malloc: new ptr-libevent@0x55f7ab38a298 size 16 | setup callback for interface eth0 192.0.3.254:4500 fd 20 | add_fd_read_event_handler: new ethX-pe@0x55f7ab38a2d8 | libevent_malloc: new ptr-libevent@0x55f7ab319148 size 128 | libevent_malloc: new ptr-libevent@0x55f7ab38a348 size 16 | setup callback for interface eth0 192.0.3.254:500 fd 19 | add_fd_read_event_handler: new ethX-pe@0x55f7ab38a388 | libevent_malloc: new ptr-libevent@0x55f7ab2ea4e8 size 128 | libevent_malloc: new ptr-libevent@0x55f7ab38a3f8 size 16 | setup callback for interface eth1 192.1.3.33:4500 fd 18 | add_fd_read_event_handler: new ethX-pe@0x55f7ab38a438 | libevent_malloc: new ptr-libevent@0x55f7ab2ea1d8 size 128 | libevent_malloc: new ptr-libevent@0x55f7ab38a4a8 size 16 | setup callback for interface eth1 192.1.3.33:500 fd 17 | certs and keys locked by 'free_preshared_secrets' | certs and keys unlocked by 'free_preshared_secrets' loading secrets from "/etc/ipsec.secrets" | Processing PSK at line 1: passed | certs and keys locked by 'process_secret' | certs and keys unlocked by 'process_secret' | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.91 milliseconds in whack | starting up helper thread 0 | status value returned by setting the priority of this thread (crypto helper 0) 22 | crypto helper 0 waiting (nothing to do) | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) listening for IKE messages | Inspecting interface lo | found lo with address 127.0.0.1 | Inspecting interface eth0 | found eth0 with address 192.0.3.254 | Inspecting interface eth1 | found eth1 with address 192.1.3.33 | no interfaces to sort | libevent_free: release ptr-libevent@0x55f7ab37e238 | free_event_entry: release EVENT_NULL-pe@0x55f7ab38a0c8 | add_fd_read_event_handler: new ethX-pe@0x55f7ab38a0c8 | libevent_malloc: new ptr-libevent@0x55f7ab37e238 size 128 | setup callback for interface lo 127.0.0.1:4500 fd 22 | libevent_free: release ptr-libevent@0x55f7ab31a158 | free_event_entry: release EVENT_NULL-pe@0x55f7ab38a178 | add_fd_read_event_handler: new ethX-pe@0x55f7ab38a178 | libevent_malloc: new ptr-libevent@0x55f7ab31a158 size 128 | setup callback for interface lo 127.0.0.1:500 fd 21 | libevent_free: release ptr-libevent@0x55f7ab31bff8 | free_event_entry: release EVENT_NULL-pe@0x55f7ab38a228 | add_fd_read_event_handler: new ethX-pe@0x55f7ab38a228 | libevent_malloc: new ptr-libevent@0x55f7ab31bff8 size 128 | setup callback for interface eth0 192.0.3.254:4500 fd 20 | libevent_free: release ptr-libevent@0x55f7ab319148 | free_event_entry: release EVENT_NULL-pe@0x55f7ab38a2d8 | add_fd_read_event_handler: new ethX-pe@0x55f7ab38a2d8 | libevent_malloc: new ptr-libevent@0x55f7ab319148 size 128 | setup callback for interface eth0 192.0.3.254:500 fd 19 | libevent_free: release ptr-libevent@0x55f7ab2ea4e8 | free_event_entry: release EVENT_NULL-pe@0x55f7ab38a388 | add_fd_read_event_handler: new ethX-pe@0x55f7ab38a388 | libevent_malloc: new ptr-libevent@0x55f7ab2ea4e8 size 128 | setup callback for interface eth1 192.1.3.33:4500 fd 18 | libevent_free: release ptr-libevent@0x55f7ab2ea1d8 | free_event_entry: release EVENT_NULL-pe@0x55f7ab38a438 | add_fd_read_event_handler: new ethX-pe@0x55f7ab38a438 | libevent_malloc: new ptr-libevent@0x55f7ab2ea1d8 size 128 | setup callback for interface eth1 192.1.3.33:500 fd 17 | certs and keys locked by 'free_preshared_secrets' forgetting secrets | certs and keys unlocked by 'free_preshared_secrets' loading secrets from "/etc/ipsec.secrets" | Processing PSK at line 1: passed | certs and keys locked by 'process_secret' | certs and keys unlocked by 'process_secret' | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.264 milliseconds in whack | processing signal PLUTO_SIGCHLD | waitpid returned pid 19730 (exited with status 0) | reaped addconn helper child (status 0) | waitpid returned ECHILD (no child processes left) | spent 0.0128 milliseconds in signal handler PLUTO_SIGCHLD | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | Added new connection north-east with policy PSK+ENCRYPT+TUNNEL+PFS+XAUTH+MODECFG_PULL+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | counting wild cards for (none) is 15 | counting wild cards for @east is 0 | connect_to_host_pair: 192.1.3.33:500 192.1.2.23:500 -> hp@(nil): none | new hp@0x55f7ab38b148 added connection description "north-east" | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: PSK+ENCRYPT+TUNNEL+PFS+XAUTH+MODECFG_PULL+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | 192.1.3.33[+MC+XC+S=C]---192.1.3.254...192.1.2.23<192.1.2.23>[@east,MS+XS+S=C]===0.0.0.0/0 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0907 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | dup_any(fd@16) -> fd@23 (in whack_process() at rcv_whack.c:590) | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "north-east" (in initiate_a_connection() at initiate.c:186) | empty esp_info, returning defaults for ENCRYPT | connection 'north-east' +POLICY_UP | dup_any(fd@23) -> fd@24 (in initiate_a_connection() at initiate.c:342) | FOR_EACH_STATE_... in find_phase1_state | creating state object #1 at 0x55f7ab38ba98 | State DB: adding IKEv1 state #1 in UNDEFINED | pstats #1 ikev1.isakmp started | suspend processing: connection "north-east" (in main_outI1() at ikev1_main.c:118) | start processing: state #1 connection "north-east" from 192.1.2.23 (in main_outI1() at ikev1_main.c:118) | parent state #1: UNDEFINED(ignore) => MAIN_I1(half-open IKE SA) | dup_any(fd@24) -> fd@25 (in main_outI1() at ikev1_main.c:123) | Queuing pending IPsec SA negotiating with 192.1.2.23 "north-east" IKE SA #1 "north-east" "north-east" #1: initiating Main Mode | **emit ISAKMP Message: | initiator cookie: | 79 06 6b 20 17 b2 e6 fc | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_SA (0x1) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | next payload chain: ignoring supplied 'ISAKMP Message'.'next payload type' value 1:ISAKMP_NEXT_SA | no specific IKE algorithms specified - using defaults | oakley_alg_makedb() processing ealg=aes=7 halg=sha2_256=4 modp=MODP2048=14 eklen=0 | oakley_alg_makedb() processing ealg=aes=7 halg=sha2_512=6 modp=MODP2048=14 eklen=0 | oakley_alg_makedb() processing ealg=aes=7 halg=sha=2 modp=MODP2048=14 eklen=0 | oakley_alg_makedb() processing ealg=aes=7 halg=sha2_256=4 modp=MODP1536=5 eklen=0 | oakley_alg_makedb() processing ealg=aes=7 halg=sha2_512=6 modp=MODP1536=5 eklen=0 | oakley_alg_makedb() processing ealg=aes=7 halg=sha=2 modp=MODP1536=5 eklen=0 | oakley_alg_makedb() processing ealg=3des_cbc=5 halg=sha2_256=4 modp=MODP2048=14 eklen=0 | oakley_alg_makedb() processing ealg=3des_cbc=5 halg=sha2_512=6 modp=MODP2048=14 eklen=0 | oakley_alg_makedb() processing ealg=3des_cbc=5 halg=sha=2 modp=MODP2048=14 eklen=0 | oakley_alg_makedb() processing ealg=3des_cbc=5 halg=sha2_256=4 modp=MODP1536=5 eklen=0 | oakley_alg_makedb() processing ealg=3des_cbc=5 halg=sha2_512=6 modp=MODP1536=5 eklen=0 | oakley_alg_makedb() processing ealg=3des_cbc=5 halg=sha=2 modp=MODP1536=5 eklen=0 | oakley_alg_makedb() returning 0x55f7ab38e3f8 | ***emit ISAKMP Security Association Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | DOI: ISAKMP_DOI_IPSEC (0x1) | next payload chain: ignoring supplied 'ISAKMP Security Association Payload'.'next payload type' value 13:ISAKMP_NEXT_VID | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Security Association Payload (1:ISAKMP_NEXT_SA) | next payload chain: saving location 'ISAKMP Security Association Payload'.'next payload type' in 'reply packet' | ****emit IPsec DOI SIT: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) | ikev1_out_sa pcn: 0 has 1 valid proposals | ikev1_out_sa pcn: 0 pn: 0<1 valid_count: 1 trans_cnt: 18 | ****emit ISAKMP Proposal Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | proposal number: 0 (0x0) | protocol ID: PROTO_ISAKMP (0x1) | SPI size: 0 (0x0) | number of transforms: 18 (0x12) | last substructure: saving location 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 0 (0x0) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | [7 is OAKLEY_AES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 4 (0x4) | [4 is OAKLEY_SHA2_256] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65001 (0xfde9) | [65001 is XAUTHInitPreShared] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | emitting length of ISAKMP Transform Payload (ISAKMP): 36 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 1 (0x1) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | [7 is OAKLEY_AES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 4 (0x4) | [4 is OAKLEY_SHA2_256] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65001 (0xfde9) | [65001 is XAUTHInitPreShared] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of ISAKMP Transform Payload (ISAKMP): 36 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 2 (0x2) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | [7 is OAKLEY_AES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 6 (0x6) | [6 is OAKLEY_SHA2_512] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65001 (0xfde9) | [65001 is XAUTHInitPreShared] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | emitting length of ISAKMP Transform Payload (ISAKMP): 36 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 3 (0x3) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | [7 is OAKLEY_AES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 6 (0x6) | [6 is OAKLEY_SHA2_512] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65001 (0xfde9) | [65001 is XAUTHInitPreShared] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of ISAKMP Transform Payload (ISAKMP): 36 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 4 (0x4) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | [7 is OAKLEY_AES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 2 (0x2) | [2 is OAKLEY_SHA1] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65001 (0xfde9) | [65001 is XAUTHInitPreShared] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | emitting length of ISAKMP Transform Payload (ISAKMP): 36 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 5 (0x5) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | [7 is OAKLEY_AES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 2 (0x2) | [2 is OAKLEY_SHA1] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65001 (0xfde9) | [65001 is XAUTHInitPreShared] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of ISAKMP Transform Payload (ISAKMP): 36 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 6 (0x6) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | [7 is OAKLEY_AES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 4 (0x4) | [4 is OAKLEY_SHA2_256] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65001 (0xfde9) | [65001 is XAUTHInitPreShared] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 5 (0x5) | [5 is OAKLEY_GROUP_MODP1536] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | emitting length of ISAKMP Transform Payload (ISAKMP): 36 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 7 (0x7) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | [7 is OAKLEY_AES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 4 (0x4) | [4 is OAKLEY_SHA2_256] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65001 (0xfde9) | [65001 is XAUTHInitPreShared] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 5 (0x5) | [5 is OAKLEY_GROUP_MODP1536] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of ISAKMP Transform Payload (ISAKMP): 36 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 8 (0x8) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | [7 is OAKLEY_AES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 6 (0x6) | [6 is OAKLEY_SHA2_512] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65001 (0xfde9) | [65001 is XAUTHInitPreShared] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 5 (0x5) | [5 is OAKLEY_GROUP_MODP1536] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | emitting length of ISAKMP Transform Payload (ISAKMP): 36 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 9 (0x9) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | [7 is OAKLEY_AES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 6 (0x6) | [6 is OAKLEY_SHA2_512] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65001 (0xfde9) | [65001 is XAUTHInitPreShared] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 5 (0x5) | [5 is OAKLEY_GROUP_MODP1536] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of ISAKMP Transform Payload (ISAKMP): 36 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 10 (0xa) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | [7 is OAKLEY_AES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 2 (0x2) | [2 is OAKLEY_SHA1] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65001 (0xfde9) | [65001 is XAUTHInitPreShared] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 5 (0x5) | [5 is OAKLEY_GROUP_MODP1536] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | emitting length of ISAKMP Transform Payload (ISAKMP): 36 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 11 (0xb) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | [7 is OAKLEY_AES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 2 (0x2) | [2 is OAKLEY_SHA1] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65001 (0xfde9) | [65001 is XAUTHInitPreShared] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 5 (0x5) | [5 is OAKLEY_GROUP_MODP1536] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of ISAKMP Transform Payload (ISAKMP): 36 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 12 (0xc) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 5 (0x5) | [5 is OAKLEY_3DES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 4 (0x4) | [4 is OAKLEY_SHA2_256] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65001 (0xfde9) | [65001 is XAUTHInitPreShared] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | emitting length of ISAKMP Transform Payload (ISAKMP): 32 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 13 (0xd) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 5 (0x5) | [5 is OAKLEY_3DES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 6 (0x6) | [6 is OAKLEY_SHA2_512] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65001 (0xfde9) | [65001 is XAUTHInitPreShared] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | emitting length of ISAKMP Transform Payload (ISAKMP): 32 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 14 (0xe) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 5 (0x5) | [5 is OAKLEY_3DES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 2 (0x2) | [2 is OAKLEY_SHA1] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65001 (0xfde9) | [65001 is XAUTHInitPreShared] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | emitting length of ISAKMP Transform Payload (ISAKMP): 32 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 15 (0xf) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 5 (0x5) | [5 is OAKLEY_3DES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 4 (0x4) | [4 is OAKLEY_SHA2_256] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65001 (0xfde9) | [65001 is XAUTHInitPreShared] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 5 (0x5) | [5 is OAKLEY_GROUP_MODP1536] | emitting length of ISAKMP Transform Payload (ISAKMP): 32 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 16 (0x10) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 5 (0x5) | [5 is OAKLEY_3DES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 6 (0x6) | [6 is OAKLEY_SHA2_512] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65001 (0xfde9) | [65001 is XAUTHInitPreShared] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 5 (0x5) | [5 is OAKLEY_GROUP_MODP1536] | emitting length of ISAKMP Transform Payload (ISAKMP): 32 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP transform number: 17 (0x11) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 5 (0x5) | [5 is OAKLEY_3DES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 2 (0x2) | [2 is OAKLEY_SHA1] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65001 (0xfde9) | [65001 is XAUTHInitPreShared] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 5 (0x5) | [5 is OAKLEY_GROUP_MODP1536] | emitting length of ISAKMP Transform Payload (ISAKMP): 32 | emitting length of ISAKMP Proposal Payload: 632 | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is 0 | emitting length of ISAKMP Security Association Payload: 644 | last substructure: checking 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' is 0 | out_vid(): sending [FRAGMENTATION] | ***emit ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | next payload chain: ignoring supplied 'ISAKMP Vendor ID Payload'.'next payload type' value 13:ISAKMP_NEXT_VID | next payload chain: setting previous 'ISAKMP Security Association Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload | V_ID 40 48 b7 d5 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3 | emitting length of ISAKMP Vendor ID Payload: 20 | out_vid(): sending [XAUTH] | ***emit ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | next payload chain: ignoring supplied 'ISAKMP Vendor ID Payload'.'next payload type' value 13:ISAKMP_NEXT_VID | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' | emitting 8 raw bytes of V_ID into ISAKMP Vendor ID Payload | V_ID 09 00 26 89 df d6 b7 12 | emitting length of ISAKMP Vendor ID Payload: 12 | out_vid(): sending [Dead Peer Detection] | ***emit ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload | V_ID af ca d7 13 68 a1 f1 c9 6b 86 96 fc 77 57 01 00 | emitting length of ISAKMP Vendor ID Payload: 20 | nat add vid | sending draft and RFC NATT VIDs | out_vid(): sending [RFC 3947] | ***emit ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | next payload chain: ignoring supplied 'ISAKMP Vendor ID Payload'.'next payload type' value 13:ISAKMP_NEXT_VID | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload | V_ID 4a 13 1c 81 07 03 58 45 5c 57 28 f2 0e 95 45 2f | emitting length of ISAKMP Vendor ID Payload: 20 | skipping VID_NATT_RFC | out_vid(): sending [draft-ietf-ipsec-nat-t-ike-03] | ***emit ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | next payload chain: ignoring supplied 'ISAKMP Vendor ID Payload'.'next payload type' value 13:ISAKMP_NEXT_VID | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload | V_ID 7d 94 19 a6 53 10 ca 6f 2c 17 9d 92 15 52 9d 56 | emitting length of ISAKMP Vendor ID Payload: 20 | out_vid(): sending [draft-ietf-ipsec-nat-t-ike-02_n] | ***emit ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | next payload chain: ignoring supplied 'ISAKMP Vendor ID Payload'.'next payload type' value 13:ISAKMP_NEXT_VID | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload | V_ID 90 cb 80 91 3e bb 69 6e 08 63 81 b5 ec 42 7b 1f | emitting length of ISAKMP Vendor ID Payload: 20 | out_vid(): sending [draft-ietf-ipsec-nat-t-ike-02] | ***emit ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload | V_ID cd 60 46 43 35 df 21 f8 7c fd b2 fc 68 b6 a4 48 | emitting length of ISAKMP Vendor ID Payload: 20 | no IKEv1 message padding required | emitting length of ISAKMP Message: 804 | sending 804 bytes for reply packet for main_outI1 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) | 79 06 6b 20 17 b2 e6 fc 00 00 00 00 00 00 00 00 | 01 10 02 00 00 00 00 00 00 00 03 24 0d 00 02 84 | 00 00 00 01 00 00 00 01 00 00 02 78 00 01 00 12 | 03 00 00 24 00 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 07 80 02 00 04 80 03 fd e9 80 04 00 0e | 80 0e 01 00 03 00 00 24 01 01 00 00 80 0b 00 01 | 80 0c 0e 10 80 01 00 07 80 02 00 04 80 03 fd e9 | 80 04 00 0e 80 0e 00 80 03 00 00 24 02 01 00 00 | 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 06 | 80 03 fd e9 80 04 00 0e 80 0e 01 00 03 00 00 24 | 03 01 00 00 80 0b 00 01 80 0c 0e 10 80 01 00 07 | 80 02 00 06 80 03 fd e9 80 04 00 0e 80 0e 00 80 | 03 00 00 24 04 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 07 80 02 00 02 80 03 fd e9 80 04 00 0e | 80 0e 01 00 03 00 00 24 05 01 00 00 80 0b 00 01 | 80 0c 0e 10 80 01 00 07 80 02 00 02 80 03 fd e9 | 80 04 00 0e 80 0e 00 80 03 00 00 24 06 01 00 00 | 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 04 | 80 03 fd e9 80 04 00 05 80 0e 01 00 03 00 00 24 | 07 01 00 00 80 0b 00 01 80 0c 0e 10 80 01 00 07 | 80 02 00 04 80 03 fd e9 80 04 00 05 80 0e 00 80 | 03 00 00 24 08 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 07 80 02 00 06 80 03 fd e9 80 04 00 05 | 80 0e 01 00 03 00 00 24 09 01 00 00 80 0b 00 01 | 80 0c 0e 10 80 01 00 07 80 02 00 06 80 03 fd e9 | 80 04 00 05 80 0e 00 80 03 00 00 24 0a 01 00 00 | 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 02 | 80 03 fd e9 80 04 00 05 80 0e 01 00 03 00 00 24 | 0b 01 00 00 80 0b 00 01 80 0c 0e 10 80 01 00 07 | 80 02 00 02 80 03 fd e9 80 04 00 05 80 0e 00 80 | 03 00 00 20 0c 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 05 80 02 00 04 80 03 fd e9 80 04 00 0e | 03 00 00 20 0d 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 05 80 02 00 06 80 03 fd e9 80 04 00 0e | 03 00 00 20 0e 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 05 80 02 00 02 80 03 fd e9 80 04 00 0e | 03 00 00 20 0f 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 05 80 02 00 04 80 03 fd e9 80 04 00 05 | 03 00 00 20 10 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 05 80 02 00 06 80 03 fd e9 80 04 00 05 | 00 00 00 20 11 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 05 80 02 00 02 80 03 fd e9 80 04 00 05 | 0d 00 00 14 40 48 b7 d5 6e bc e8 85 25 e7 de 7f | 00 d6 c2 d3 0d 00 00 0c 09 00 26 89 df d6 b7 12 | 0d 00 00 14 af ca d7 13 68 a1 f1 c9 6b 86 96 fc | 77 57 01 00 0d 00 00 14 4a 13 1c 81 07 03 58 45 | 5c 57 28 f2 0e 95 45 2f 0d 00 00 14 7d 94 19 a6 | 53 10 ca 6f 2c 17 9d 92 15 52 9d 56 0d 00 00 14 | 90 cb 80 91 3e bb 69 6e 08 63 81 b5 ec 42 7b 1f | 00 00 00 14 cd 60 46 43 35 df 21 f8 7c fd b2 fc | 68 b6 a4 48 | event_schedule: new EVENT_RETRANSMIT-pe@0x55f7ab38ef58 | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #1 | libevent_malloc: new ptr-libevent@0x55f7ab38d668 size 128 | #1 STATE_MAIN_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 29304.712349 | #1 spent 1.14 milliseconds in main_outI1() | stop processing: state #1 connection "north-east" from 192.1.2.23 (in main_outI1() at ikev1_main.c:228) | resume processing: connection "north-east" (in main_outI1() at ikev1_main.c:228) | stop processing: connection "north-east" (in initiate_a_connection() at initiate.c:349) | close_any(fd@23) (in initiate_connection() at initiate.c:372) | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 1.22 milliseconds in whack | spent 0.00195 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 156 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) | 79 06 6b 20 17 b2 e6 fc 6a 32 cc 41 99 58 a1 ce | 01 10 02 00 00 00 00 00 00 00 00 9c 0d 00 00 38 | 00 00 00 01 00 00 00 01 00 00 00 2c 00 01 00 01 | 00 00 00 24 00 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 07 80 02 00 04 80 03 fd e9 80 04 00 0e | 80 0e 01 00 0d 00 00 14 40 48 b7 d5 6e bc e8 85 | 25 e7 de 7f 00 d6 c2 d3 0d 00 00 0c 09 00 26 89 | df d6 b7 12 0d 00 00 14 af ca d7 13 68 a1 f1 c9 | 6b 86 96 fc 77 57 01 00 00 00 00 14 4a 13 1c 81 | 07 03 58 45 5c 57 28 f2 0e 95 45 2f | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 79 06 6b 20 17 b2 e6 fc | responder cookie: | 6a 32 cc 41 99 58 a1 ce | next payload type: ISAKMP_NEXT_SA (0x1) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 156 (0x9c) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: IKEv1 state not found (find_state_ikev1) | State DB: found IKEv1 state #1 in MAIN_I1 (find_state_ikev1_init) | start processing: state #1 connection "north-east" from 192.1.2.23 (in process_v1_packet() at ikev1.c:1459) | #1 is idle | #1 idle | got payload 0x2 (ISAKMP_NEXT_SA) needed: 0x2 opt: 0x2080 | ***parse ISAKMP Security Association Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | length: 56 (0x38) | DOI: ISAKMP_DOI_IPSEC (0x1) | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 | ***parse ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | length: 20 (0x14) | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 | ***parse ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | length: 12 (0xc) | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 | ***parse ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | length: 20 (0x14) | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 | ***parse ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 20 (0x14) | message 'main_inR1_outI2' HASH payload not checked early | received Vendor ID payload [FRAGMENTATION] | received Vendor ID payload [XAUTH] | received Vendor ID payload [Dead Peer Detection] | quirks.qnat_traversal_vid set to=117 [RFC 3947] | received Vendor ID payload [RFC 3947] | ****parse IPsec DOI SIT: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) | ****parse ISAKMP Proposal Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 44 (0x2c) | proposal number: 0 (0x0) | protocol ID: PROTO_ISAKMP (0x1) | SPI size: 0 (0x0) | number of transforms: 1 (0x1) | *****parse ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 36 (0x24) | ISAKMP transform number: 0 (0x0) | ISAKMP transform ID: KEY_IKE (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | [7 is OAKLEY_AES_CBC] | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 4 (0x4) | [4 is OAKLEY_SHA2_256] | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65001 (0xfde9) | [65001 is XAUTHInitPreShared] | started looking for secret for 192.1.3.33->@east of kind PKK_PSK | actually looking for secret for 192.1.3.33->@east of kind PKK_PSK | line 1: key type PKK_PSK(192.1.3.33) to type PKK_PSK | 1: compared key (none) to 192.1.3.33 / @east -> 002 | 2: compared key (none) to 192.1.3.33 / @east -> 002 | line 1: match=002 | match 002 beats previous best_match 000 match=0x55f7ab2e5c48 (line=1) | concluding with best_match=002 best=0x55f7ab2e5c48 (lineno=1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | OAKLEY proposal verified unconditionally; no alg_info to check against | Oakley Transform 0 accepted | sender checking NAT-T: enabled; VID 117 | returning NAT-T method NAT_TRAVERSAL_METHOD_IETF_RFC | enabling possible NAT-traversal with method RFC 3947 (NAT-Traversal) | adding outI2 KE work-order 1 for state #1 | state #1 requesting EVENT_RETRANSMIT to be deleted | #1 STATE_MAIN_I1: retransmits: cleared | libevent_free: release ptr-libevent@0x55f7ab38d668 | free_event_entry: release EVENT_RETRANSMIT-pe@0x55f7ab38ef58 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55f7ab38ef58 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 | libevent_malloc: new ptr-libevent@0x55f7ab38d668 size 128 | complete v1 state transition with STF_SUSPEND | [RE]START processing: state #1 connection "north-east" from 192.1.2.23 (in complete_v1_state_transition() at ikev1.c:2648) | suspending state #1 and saving MD | #1 is busy; has a suspended MD | #1 spent 0.114 milliseconds in process_packet_tail() | crypto helper 2 resuming | crypto helper 2 starting work-order 1 for state #1 | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) | crypto helper 2 doing build KE and nonce (outI2 KE); request ID 1 | stop processing: state #1 connection "north-east" from 192.1.2.23 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.239 milliseconds in comm_handle_cb() reading and processing packet | crypto helper 2 finished build KE and nonce (outI2 KE); request ID 1 time elapsed 0.000615 seconds | (#1) spent 0.619 milliseconds in crypto helper computing work-order 1: outI2 KE (pcr) | crypto helper 2 sending results from work-order 1 for state #1 to event queue | scheduling resume sending helper answer for #1 | libevent_malloc: new ptr-libevent@0x7f369c002888 size 128 | crypto helper 2 waiting (nothing to do) | processing resume sending helper answer for #1 | start processing: state #1 connection "north-east" from 192.1.2.23 (in resume_handler() at server.c:797) | crypto helper 2 replies to request ID 1 | calling continuation function 0x55f7a9292b50 | main_inR1_outI2_continue for #1: calculated ke+nonce, sending I2 | **emit ISAKMP Message: | initiator cookie: | 79 06 6b 20 17 b2 e6 fc | responder cookie: | 6a 32 cc 41 99 58 a1 ce | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit ISAKMP Key Exchange Payload: | next payload type: ISAKMP_NEXT_NONCE (0xa) | next payload chain: ignoring supplied 'ISAKMP Key Exchange Payload'.'next payload type' value 10:ISAKMP_NEXT_NONCE | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Key Exchange Payload (4:ISAKMP_NEXT_KE) | next payload chain: saving location 'ISAKMP Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of keyex value into ISAKMP Key Exchange Payload | keyex value 8d 03 55 2f 46 68 b3 9a 4b 4c 79 1a f9 a6 f4 14 | keyex value f0 b0 d1 67 db 3e 6f ee 39 a4 d6 a0 64 fc 67 44 | keyex value 02 c3 ce 86 56 58 0d 5c ee 3e 2e a4 48 6b 75 9a | keyex value 36 a5 73 ce 84 69 c7 95 c1 65 92 a9 77 39 9c 54 | keyex value 03 f4 75 40 86 d6 5c 68 9c ca 61 e9 13 2b e1 b3 | keyex value 75 26 52 c1 90 0f 64 59 38 03 98 2f f6 07 0b ff | keyex value 1b 12 62 fc 85 56 af 96 3b 91 24 25 ad 4f 5d 7d | keyex value 28 a4 c3 92 6f d1 8d c3 b8 2d ea 1e e1 d3 7e 70 | keyex value 1b 44 c9 bc 8d 59 6f 3f 6b fc 11 fa ea 2f f6 5e | keyex value e1 ce 45 0d b8 41 0d 7d 19 c2 6f e3 2d 2e 77 dd | keyex value c6 b1 b1 95 29 90 06 e0 d2 b5 bb 3d a8 1e fb e0 | keyex value a6 13 57 41 12 2c 45 7c ad a4 38 10 0f 4a 3b 58 | keyex value 66 b2 a7 bf c2 b2 b7 97 f6 b7 22 c4 ca 25 e9 47 | keyex value 90 0a 0b 48 0b f0 bb 0f 80 e7 4f 74 28 1e 04 50 | keyex value e2 7a 26 ea 8c a1 98 ec 2e ec 10 51 de 57 7b ad | keyex value f8 62 92 d4 14 73 69 fc c7 88 5d bd b9 68 4f 4f | emitting length of ISAKMP Key Exchange Payload: 260 | ***emit ISAKMP Nonce Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Key Exchange Payload'.'next payload type' to current ISAKMP Nonce Payload (10:ISAKMP_NEXT_NONCE) | next payload chain: saving location 'ISAKMP Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of Ni into ISAKMP Nonce Payload | Ni b8 83 42 bb 7f 55 06 95 0b 5f 11 4a c5 a4 f5 b8 | Ni 90 3e 6b e2 8c b6 99 e6 6f 4f 0b 4c 60 cf cf eb | emitting length of ISAKMP Nonce Payload: 36 | NAT-T checking st_nat_traversal | NAT-T found (implies NAT_T_WITH_NATD) | sending NAT-D payloads | natd_hash: hasher=0x55f7a9367ca0(32) | natd_hash: icookie= 79 06 6b 20 17 b2 e6 fc | natd_hash: rcookie= 6a 32 cc 41 99 58 a1 ce | natd_hash: ip= c0 01 02 17 | natd_hash: port=500 | natd_hash: hash= 46 6a ec d6 66 2e 79 99 28 c2 43 fa 0e 34 78 0a | natd_hash: hash= cb fc d5 de 91 bf 7b be 4f 55 6b e4 3a 7d bc db | ***emit ISAKMP NAT-D Payload: | next payload type: ISAKMP_NEXT_NATD_RFC (0x14) | next payload chain: ignoring supplied 'ISAKMP NAT-D Payload'.'next payload type' value 20:ISAKMP_NEXT_NATD_RFC | next payload chain: setting previous 'ISAKMP Nonce Payload'.'next payload type' to current ISAKMP NAT-D Payload (20:ISAKMP_NEXT_NATD_RFC) | next payload chain: saving location 'ISAKMP NAT-D Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of NAT-D into ISAKMP NAT-D Payload | NAT-D 46 6a ec d6 66 2e 79 99 28 c2 43 fa 0e 34 78 0a | NAT-D cb fc d5 de 91 bf 7b be 4f 55 6b e4 3a 7d bc db | emitting length of ISAKMP NAT-D Payload: 36 | natd_hash: hasher=0x55f7a9367ca0(32) | natd_hash: icookie= 79 06 6b 20 17 b2 e6 fc | natd_hash: rcookie= 6a 32 cc 41 99 58 a1 ce | natd_hash: ip= c0 01 03 21 | natd_hash: port=500 | natd_hash: hash= 2e 2b 3a c6 4f d0 80 ec fd f9 4a fc 4c 74 81 32 | natd_hash: hash= de 2b 57 59 88 1e 99 98 c9 e6 df 88 92 73 96 12 | ***emit ISAKMP NAT-D Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP NAT-D Payload'.'next payload type' to current ISAKMP NAT-D Payload (20:ISAKMP_NEXT_NATD_RFC) | next payload chain: saving location 'ISAKMP NAT-D Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of NAT-D into ISAKMP NAT-D Payload | NAT-D 2e 2b 3a c6 4f d0 80 ec fd f9 4a fc 4c 74 81 32 | NAT-D de 2b 57 59 88 1e 99 98 c9 e6 df 88 92 73 96 12 | emitting length of ISAKMP NAT-D Payload: 36 | no IKEv1 message padding required | emitting length of ISAKMP Message: 396 | State DB: re-hashing IKEv1 state #1 IKE SPIi and SPI[ir] | complete v1 state transition with STF_OK | [RE]START processing: state #1 connection "north-east" from 192.1.2.23 (in complete_v1_state_transition() at ikev1.c:2673) | #1 is idle | doing_xauth:yes, t_xauth_client_done:no | peer supports fragmentation | peer supports DPD | IKEv1: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2 | parent state #1: MAIN_I1(half-open IKE SA) => MAIN_I2(open IKE SA) | event_already_set, deleting event | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x55f7ab38d668 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55f7ab38ef58 | sending reply packet to 192.1.2.23:500 (from 192.1.3.33:500) | sending 396 bytes for STATE_MAIN_I1 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) | 79 06 6b 20 17 b2 e6 fc 6a 32 cc 41 99 58 a1 ce | 04 10 02 00 00 00 00 00 00 00 01 8c 0a 00 01 04 | 8d 03 55 2f 46 68 b3 9a 4b 4c 79 1a f9 a6 f4 14 | f0 b0 d1 67 db 3e 6f ee 39 a4 d6 a0 64 fc 67 44 | 02 c3 ce 86 56 58 0d 5c ee 3e 2e a4 48 6b 75 9a | 36 a5 73 ce 84 69 c7 95 c1 65 92 a9 77 39 9c 54 | 03 f4 75 40 86 d6 5c 68 9c ca 61 e9 13 2b e1 b3 | 75 26 52 c1 90 0f 64 59 38 03 98 2f f6 07 0b ff | 1b 12 62 fc 85 56 af 96 3b 91 24 25 ad 4f 5d 7d | 28 a4 c3 92 6f d1 8d c3 b8 2d ea 1e e1 d3 7e 70 | 1b 44 c9 bc 8d 59 6f 3f 6b fc 11 fa ea 2f f6 5e | e1 ce 45 0d b8 41 0d 7d 19 c2 6f e3 2d 2e 77 dd | c6 b1 b1 95 29 90 06 e0 d2 b5 bb 3d a8 1e fb e0 | a6 13 57 41 12 2c 45 7c ad a4 38 10 0f 4a 3b 58 | 66 b2 a7 bf c2 b2 b7 97 f6 b7 22 c4 ca 25 e9 47 | 90 0a 0b 48 0b f0 bb 0f 80 e7 4f 74 28 1e 04 50 | e2 7a 26 ea 8c a1 98 ec 2e ec 10 51 de 57 7b ad | f8 62 92 d4 14 73 69 fc c7 88 5d bd b9 68 4f 4f | 14 00 00 24 b8 83 42 bb 7f 55 06 95 0b 5f 11 4a | c5 a4 f5 b8 90 3e 6b e2 8c b6 99 e6 6f 4f 0b 4c | 60 cf cf eb 14 00 00 24 46 6a ec d6 66 2e 79 99 | 28 c2 43 fa 0e 34 78 0a cb fc d5 de 91 bf 7b be | 4f 55 6b e4 3a 7d bc db 00 00 00 24 2e 2b 3a c6 | 4f d0 80 ec fd f9 4a fc 4c 74 81 32 de 2b 57 59 | 88 1e 99 98 c9 e6 df 88 92 73 96 12 | !event_already_set at reschedule | event_schedule: new EVENT_RETRANSMIT-pe@0x55f7ab38ef58 | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #1 | libevent_malloc: new ptr-libevent@0x55f7ab38d668 size 128 | #1 STATE_MAIN_I2: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 29304.714919 "north-east" #1: STATE_MAIN_I2: sent MI2, expecting MR2 | XAUTH client is not yet authenticated | resume sending helper answer for #1 suppresed complete_v1_state_transition() | #1 spent 0.795 milliseconds in resume sending helper answer | stop processing: state #1 connection "north-east" from 192.1.2.23 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f369c002888 | spent 0.00244 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 396 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) | 79 06 6b 20 17 b2 e6 fc 6a 32 cc 41 99 58 a1 ce | 04 10 02 00 00 00 00 00 00 00 01 8c 0a 00 01 04 | 0f 29 bf 21 b8 64 d9 73 26 bd 93 d5 68 75 4b 6e | 65 55 29 ac b4 1e 63 01 e6 ce 63 08 ca 01 ba 32 | 5c 04 90 7e fb e5 bb 80 5e 2e 32 1a f6 93 be 53 | 6c 17 ce 18 16 ac 10 4a 56 2c 25 30 f3 3b 9b 89 | 3b ff a0 3c 1d f4 19 f4 4f 60 d6 39 33 5b 4d 62 | b9 4b 4d 8c 09 9a 8e bf 69 81 fd 81 ab de 0a d6 | 63 33 f9 83 5b f5 5a 2c c3 71 77 7c f5 c2 06 6e | a1 2b 89 8a 23 4a de 5f d9 a6 3d ec 58 c9 11 50 | 45 db ec c6 f4 f0 da f0 90 47 49 b5 eb f0 16 6a | bc 63 af cf ef 76 31 7e fe 5e 17 83 f6 c1 5b b7 | 0e ba 15 96 49 a4 e5 ee 81 d2 10 25 1d 17 3e ec | f5 86 a3 f4 b6 01 e2 33 58 49 07 77 6e 56 7e 12 | d8 d8 02 ba fa 2a 9c 4e 92 57 aa 91 8e cc c7 73 | 0c c1 4e df 29 43 7c 83 8e d4 9f e7 bb 4a 27 70 | fd b6 4c 0d 97 80 ad 96 29 e0 9c 32 04 e6 1f 24 | 0b 14 0f 1f 4f 0c be 69 33 ed ac 3a 2c 05 98 e9 | 14 00 00 24 18 3a 5d a1 a4 e7 9e 18 37 d7 80 a7 | 71 f3 db 4c e9 a5 e8 11 97 92 2d 9e f8 67 f3 83 | 24 e0 0b b4 14 00 00 24 0b bb 6c ba b9 9c b8 77 | 46 44 54 7c 47 ce 44 46 21 e8 a8 92 d3 6c b1 76 | 6c 39 17 f8 7a aa df 77 00 00 00 24 46 6a ec d6 | 66 2e 79 99 28 c2 43 fa 0e 34 78 0a cb fc d5 de | 91 bf 7b be 4f 55 6b e4 3a 7d bc db | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 79 06 6b 20 17 b2 e6 fc | responder cookie: | 6a 32 cc 41 99 58 a1 ce | next payload type: ISAKMP_NEXT_KE (0x4) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 396 (0x18c) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_I2 (find_state_ikev1) | start processing: state #1 connection "north-east" from 192.1.2.23 (in process_v1_packet() at ikev1.c:1459) | #1 is idle | #1 idle | got payload 0x10 (ISAKMP_NEXT_KE) needed: 0x410 opt: 0x102080 | ***parse ISAKMP Key Exchange Payload: | next payload type: ISAKMP_NEXT_NONCE (0xa) | length: 260 (0x104) | got payload 0x400 (ISAKMP_NEXT_NONCE) needed: 0x400 opt: 0x102080 | ***parse ISAKMP Nonce Payload: | next payload type: ISAKMP_NEXT_NATD_RFC (0x14) | length: 36 (0x24) | got payload 0x100000 (ISAKMP_NEXT_NATD_RFC) needed: 0x0 opt: 0x102080 | ***parse ISAKMP NAT-D Payload: | next payload type: ISAKMP_NEXT_NATD_RFC (0x14) | length: 36 (0x24) | got payload 0x100000 (ISAKMP_NEXT_NATD_RFC) needed: 0x0 opt: 0x102080 | ***parse ISAKMP NAT-D Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 36 (0x24) | message 'main_inR2_outI3' HASH payload not checked early | started looking for secret for 192.1.3.33->@east of kind PKK_PSK | actually looking for secret for 192.1.3.33->@east of kind PKK_PSK | line 1: key type PKK_PSK(192.1.3.33) to type PKK_PSK | 1: compared key (none) to 192.1.3.33 / @east -> 002 | 2: compared key (none) to 192.1.3.33 / @east -> 002 | line 1: match=002 | match 002 beats previous best_match 000 match=0x55f7ab2e5c48 (line=1) | concluding with best_match=002 best=0x55f7ab2e5c48 (lineno=1) | adding aggr outR1 DH work-order 2 for state #1 | state #1 requesting EVENT_RETRANSMIT to be deleted | #1 STATE_MAIN_I2: retransmits: cleared | libevent_free: release ptr-libevent@0x55f7ab38d668 | free_event_entry: release EVENT_RETRANSMIT-pe@0x55f7ab38ef58 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55f7ab38ef58 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 | libevent_malloc: new ptr-libevent@0x55f7ab38d668 size 128 | complete v1 state transition with STF_SUSPEND | [RE]START processing: state #1 connection "north-east" from 192.1.2.23 (in complete_v1_state_transition() at ikev1.c:2648) | suspending state #1 and saving MD | #1 is busy; has a suspended MD | #1 spent 0.0609 milliseconds in process_packet_tail() | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "north-east" from 192.1.2.23 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.178 milliseconds in comm_handle_cb() reading and processing packet | crypto helper 3 resuming | crypto helper 3 starting work-order 2 for state #1 | crypto helper 3 doing compute dh+iv (V1 Phase 1) (aggr outR1 DH); request ID 2 | crypto helper 3 finished compute dh+iv (V1 Phase 1) (aggr outR1 DH); request ID 2 time elapsed 0.001122 seconds | (#1) spent 1.13 milliseconds in crypto helper computing work-order 2: aggr outR1 DH (pcr) | crypto helper 3 sending results from work-order 2 for state #1 to event queue | scheduling resume sending helper answer for #1 | libevent_malloc: new ptr-libevent@0x7f3694003978 size 128 | crypto helper 3 waiting (nothing to do) | processing resume sending helper answer for #1 | start processing: state #1 connection "north-east" from 192.1.2.23 (in resume_handler() at server.c:797) | crypto helper 3 replies to request ID 2 | calling continuation function 0x55f7a9292b50 | main_inR2_outI3_cryptotail for #1: calculated DH, sending R1 | **emit ISAKMP Message: | initiator cookie: | 79 06 6b 20 17 b2 e6 fc | responder cookie: | 6a 32 cc 41 99 58 a1 ce | next payload type: ISAKMP_NEXT_ID (0x5) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | next payload chain: ignoring supplied 'ISAKMP Message'.'next payload type' value 5:ISAKMP_NEXT_ID | thinking about whether to send my certificate: | I have RSA key: OAKLEY_PRESHARED_KEY cert.type: 0?? | sendcert: CERT_ALWAYSSEND and I did not get a certificate request | so do not send cert. | I did not send a certificate because digital signatures are not being used. (PSK) | I am not sending a certificate request | I will NOT send an initial contact payload | init checking NAT-T: enabled; RFC 3947 (NAT-Traversal) | natd_hash: hasher=0x55f7a9367ca0(32) | natd_hash: icookie= 79 06 6b 20 17 b2 e6 fc | natd_hash: rcookie= 6a 32 cc 41 99 58 a1 ce | natd_hash: ip= c0 01 03 21 | natd_hash: port=500 | natd_hash: hash= 2e 2b 3a c6 4f d0 80 ec fd f9 4a fc 4c 74 81 32 | natd_hash: hash= de 2b 57 59 88 1e 99 98 c9 e6 df 88 92 73 96 12 | natd_hash: hasher=0x55f7a9367ca0(32) | natd_hash: icookie= 79 06 6b 20 17 b2 e6 fc | natd_hash: rcookie= 6a 32 cc 41 99 58 a1 ce | natd_hash: ip= c0 01 02 17 | natd_hash: port=500 | natd_hash: hash= 46 6a ec d6 66 2e 79 99 28 c2 43 fa 0e 34 78 0a | natd_hash: hash= cb fc d5 de 91 bf 7b be 4f 55 6b e4 3a 7d bc db | expected NAT-D(me): 2e 2b 3a c6 4f d0 80 ec fd f9 4a fc 4c 74 81 32 | expected NAT-D(me): de 2b 57 59 88 1e 99 98 c9 e6 df 88 92 73 96 12 | expected NAT-D(him): | 46 6a ec d6 66 2e 79 99 28 c2 43 fa 0e 34 78 0a | cb fc d5 de 91 bf 7b be 4f 55 6b e4 3a 7d bc db | received NAT-D: 0b bb 6c ba b9 9c b8 77 46 44 54 7c 47 ce 44 46 | received NAT-D: 21 e8 a8 92 d3 6c b1 76 6c 39 17 f8 7a aa df 77 | received NAT-D: 46 6a ec d6 66 2e 79 99 28 c2 43 fa 0e 34 78 0a | received NAT-D: cb fc d5 de 91 bf 7b be 4f 55 6b e4 3a 7d bc db | NAT_TRAVERSAL encaps using auto-detect | NAT_TRAVERSAL this end is behind NAT | NAT_TRAVERSAL that end is NOT behind NAT | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.23 | NAT-Traversal: Result using RFC 3947 (NAT-Traversal) sender port 500: I am behind NAT | NAT_T_WITH_KA detected | global one-shot timer EVENT_NAT_T_KEEPALIVE scheduled in 20 seconds | ***emit ISAKMP Identification Payload (IPsec DOI): | next payload type: ISAKMP_NEXT_HASH (0x8) | ID type: ID_IPV4_ADDR (0x1) | Protocol ID: 0 (0x0) | port: 0 (0x0) | next payload chain: ignoring supplied 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' value 8:ISAKMP_NEXT_HASH | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' | emitting 4 raw bytes of my identity into ISAKMP Identification Payload (IPsec DOI) | my identity c0 01 03 21 | emitting length of ISAKMP Identification Payload (IPsec DOI): 12 | ***emit ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of HASH_I into ISAKMP Hash Payload | HASH_I e9 de 7a ce b6 98 e1 01 0d 3d d2 34 39 e3 47 94 | HASH_I 3a 8a ef f1 76 e5 0c c4 64 40 55 22 06 c0 4c 04 | emitting length of ISAKMP Hash Payload: 36 | Not sending INITIAL_CONTACT | no IKEv1 message padding required | emitting length of ISAKMP Message: 76 | complete v1 state transition with STF_OK | [RE]START processing: state #1 connection "north-east" from 192.1.2.23 (in complete_v1_state_transition() at ikev1.c:2673) | #1 is idle | doing_xauth:yes, t_xauth_client_done:no | IKEv1: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3 | parent state #1: MAIN_I2(open IKE SA) => MAIN_I3(open IKE SA) | event_already_set, deleting event | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x55f7ab38d668 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55f7ab38ef58 | NAT-T: #1 in MAIN_I3 floating IKEv1 ports to PLUTO_NAT_PORT 4500 | NAT: #1 floating local endpoint from 192.1.3.33:500 to 192.1.3.33:4500 using pluto_nat_port (in complete_v1_state_transition() at ikev1.c:2791) | NAT: #1 floating endpoint ended up on interface eth1 192.1.3.33:4500 | NAT-T: #1 floating remote port from 500 to 4500 using pluto_nat_port (in complete_v1_state_transition() at ikev1.c:2791) | sending reply packet to 192.1.2.23:4500 (from 192.1.3.33:4500) | sending 80 bytes for STATE_MAIN_I2 through eth1 from 192.1.3.33:4500 to 192.1.2.23:4500 (using #1) | 00 00 00 00 79 06 6b 20 17 b2 e6 fc 6a 32 cc 41 | 99 58 a1 ce 05 10 02 01 00 00 00 00 00 00 00 4c | a6 d0 d9 1c e8 63 7c 6b 25 1c 37 d4 7f 14 05 01 | 64 5d c8 11 0b 8b e6 ca 68 88 04 63 51 44 1a bc | 82 96 e1 fb 2f 89 9e f4 e1 19 dd 87 13 35 d7 95 | !event_already_set at reschedule | event_schedule: new EVENT_RETRANSMIT-pe@0x55f7ab38ef58 | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #1 | libevent_malloc: new ptr-libevent@0x55f7ab38b728 size 128 | #1 STATE_MAIN_I3: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 29304.719274 "north-east" #1: STATE_MAIN_I3: sent MI3, expecting MR3 | XAUTH client is not yet authenticated | resume sending helper answer for #1 suppresed complete_v1_state_transition() | #1 spent 0.316 milliseconds in resume sending helper answer | stop processing: state #1 connection "north-east" from 192.1.2.23 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f3694003978 | spent 0.0029 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 76 bytes from 192.1.2.23:4500 on eth1 (192.1.3.33:4500) | 79 06 6b 20 17 b2 e6 fc 6a 32 cc 41 99 58 a1 ce | 05 10 02 01 00 00 00 00 00 00 00 4c 71 07 6a fd | e1 67 71 b3 82 3b db 38 e4 97 fa 62 15 e7 fc ff | 30 07 8f 6c 89 11 a9 da 25 d3 fc a9 5a 97 a8 80 | 6a e0 fc a6 d3 bc b9 75 a2 25 da 52 | start processing: from 192.1.2.23:4500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 79 06 6b 20 17 b2 e6 fc | responder cookie: | 6a 32 cc 41 99 58 a1 ce | next payload type: ISAKMP_NEXT_ID (0x5) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 0 (0x0) | length: 76 (0x4c) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_I3 (find_state_ikev1) | start processing: state #1 connection "north-east" from 192.1.2.23 (in process_v1_packet() at ikev1.c:1459) | #1 is idle | #1 idle | received encrypted packet from 192.1.2.23:4500 | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x120 opt: 0x2080 | ***parse ISAKMP Identification Payload: | next payload type: ISAKMP_NEXT_HASH (0x8) | length: 12 (0xc) | ID type: ID_FQDN (0x2) | DOI specific A: 0 (0x0) | DOI specific B: 0 (0x0) | obj: 65 61 73 74 | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x100 opt: 0x2080 | ***parse ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 36 (0x24) | message 'main_inR3' HASH payload not checked early "north-east" #1: Peer ID is ID_FQDN: '@east' | X509: no CERT payloads to process | received 'Main' message HASH_R data ok | FOR_EACH_CONNECTION_... in ISAKMP_SA_established | complete v1 state transition with STF_OK | [RE]START processing: state #1 connection "north-east" from 192.1.2.23 (in complete_v1_state_transition() at ikev1.c:2673) | #1 is idle | doing_xauth:yes, t_xauth_client_done:no | IKEv1: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4 | parent state #1: MAIN_I3(open IKE SA) => MAIN_I4(established IKE SA) | event_already_set, deleting event | state #1 requesting EVENT_RETRANSMIT to be deleted | #1 STATE_MAIN_I4: retransmits: cleared | libevent_free: release ptr-libevent@0x55f7ab38b728 | free_event_entry: release EVENT_RETRANSMIT-pe@0x55f7ab38ef58 | !event_already_set at reschedule | event_schedule: new EVENT_SA_REPLACE-pe@0x55f7ab38ef58 | inserting event EVENT_SA_REPLACE, timeout in 2607 seconds for #1 | libevent_malloc: new ptr-libevent@0x7f3694003978 size 128 | pstats #1 ikev1.isakmp established "north-east" #1: STATE_MAIN_I4: ISAKMP SA established {auth=PRESHARED_KEY cipher=AES_CBC_256 integ=HMAC_SHA2_256 group=MODP2048} | DPD: dpd_init() called on ISAKMP SA | DPD: Peer supports Dead Peer Detection | DPD: not initializing DPD because DPD is disabled locally | XAUTH client is not yet authenticated | #1 spent 0.166 milliseconds in process_packet_tail() | stop processing: from 192.1.2.23:4500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "north-east" from 192.1.2.23 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.284 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00286 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 92 bytes from 192.1.2.23:4500 on eth1 (192.1.3.33:4500) | 79 06 6b 20 17 b2 e6 fc 6a 32 cc 41 99 58 a1 ce | 08 10 06 01 44 44 28 85 00 00 00 5c d5 2f d0 48 | 05 bf 7d c5 b6 1e c9 2d 89 83 90 b5 d6 69 36 a6 | b9 a4 37 df 44 fc d6 15 5e 2e 54 77 63 4a c0 fc | 50 0e e3 74 6b 4b 19 e5 0d ea 30 f7 7a 83 4b 5c | ad 14 c7 82 54 d1 1d 17 b1 2c 1f 3f | start processing: from 192.1.2.23:4500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 79 06 6b 20 17 b2 e6 fc | responder cookie: | 6a 32 cc 41 99 58 a1 ce | next payload type: ISAKMP_NEXT_HASH (0x8) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_MODE_CFG (0x6) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 1145317509 (0x44442885) | length: 92 (0x5c) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_MODE_CFG (6) | peer and cookies match on #1; msgid=44442885 st_msgid=00000000 st_msgid_phase15=00000000 | State DB: IKEv1 state not found (find_v1_info_state) | No appropriate Mode Config state yet. See if we have a Main Mode state | peer and cookies match on #1; msgid=00000000 st_msgid=00000000 st_msgid_phase15=00000000 | p15 state object #1 found, in STATE_MAIN_I4 | State DB: found IKEv1 state #1 in MAIN_I4 (find_v1_info_state) | start processing: state #1 connection "north-east" from 192.1.2.23 (in process_v1_packet() at ikev1.c:1678) | processing received isakmp_xchg_type ISAKMP_XCHG_MODE_CFG. | this is a xauthclient modecfgclient | call init_phase2_iv | set from_state to STATE_MAIN_I4 this is xauthclient and IS_PHASE1() is TRUE | #1 is idle | #1 idle | received encrypted packet from 192.1.2.23:4500 | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x4100 opt: 0x2000 | ***parse ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_MODECFG (0xe) | length: 36 (0x24) | got payload 0x4000 (ISAKMP_NEXT_MODECFG) needed: 0x4000 opt: 0x2000 | ***parse ISAKMP Mode Attribute: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 16 (0x10) | Attr Msg Type: ISAKMP_CFG_REQUEST (0x1) | Identifier: 0 (0x0) | removing 12 bytes of padding | xauth_inI0 HASH(1): | 85 5f a2 b2 92 82 91 2b 59 7f 9f 5b 99 d2 d3 be | 98 07 56 21 2c 05 e7 fb 60 28 6f b2 c8 67 44 ef | received 'xauth_inI0' message HASH(1) data ok | **emit ISAKMP Message: | initiator cookie: | 79 06 6b 20 17 b2 e6 fc | responder cookie: | 6a 32 cc 41 99 58 a1 ce | next payload type: ISAKMP_NEXT_HASH (0x8) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_MODE_CFG (0x6) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 1145317509 (0x44442885) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | next payload chain: ignoring supplied 'ISAKMP Message'.'next payload type' value 8:ISAKMP_NEXT_HASH | arrived in xauth_inI0 | ****parse ISAKMP ModeCfg attribute: | ModeCfg attr type: XAUTH-USER-NAME (0x4089) | length/value: 0 (0x0) | Received Cisco XAUTH username | ****parse ISAKMP ModeCfg attribute: | ModeCfg attr type: XAUTH-USER-PASSWORD (0x408a) | length/value: 0 (0x0) | Received Cisco XAUTH password | XAUTH: Username or password request received | ***emit ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'reply packet' | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload | emitting length of ISAKMP Hash Payload: 36 | ***emit ISAKMP Mode Attribute: | next payload type: ISAKMP_NEXT_NONE (0x0) | Attr Msg Type: ISAKMP_CFG_REPLY (0x2) | Identifier: 0 (0x0) | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Mode Attribute (14:ISAKMP_NEXT_MODECFG) | next payload chain: saving location 'ISAKMP Mode Attribute'.'next payload type' in 'reply packet' | ****emit ISAKMP ModeCfg attribute: | ModeCfg attr type: XAUTH-USER-NAME (0x4089) | prompting for Username: | emitting 4 raw bytes of XAUTH username into ISAKMP ModeCfg attribute | XAUTH username 75 73 65 31 | emitting length of ISAKMP ModeCfg attribute: 4 | ****emit ISAKMP ModeCfg attribute: | ModeCfg attr type: XAUTH-USER-PASSWORD (0x408a) | started looking for xauth secret for use1 | line 1: key type PKK_XAUTH(@use1) to type PKK_PSK | concluding with best_match=000 best=(nil) (lineno=-1) | looked up username=use1, got=(nil) | prompting for Password: | emitting 8 raw bytes of XAUTH password into ISAKMP ModeCfg attribute | XAUTH password 75 73 65 31 70 61 73 73 | emitting length of ISAKMP ModeCfg attribute: 8 | emitting length of ISAKMP Mode Attribute: 28 "north-east" #1: XAUTH: Answering XAUTH challenge with user='use1' | XAUTH: client response HASH(1): | f7 18 5e bc 7a 0d 91 57 f5 66 f6 f1 50 26 8e 19 | fa 17 23 91 da da dc 37 cf a5 1a f8 08 ed 40 27 | no IKEv1 message padding required | emitting length of ISAKMP Message: 92 | no IKEv1 message padding required | emitting length of ISAKMP Message: 92 | xauth_inI0(STF_OK) | complete v1 state transition with STF_OK | [RE]START processing: state #1 connection "north-east" from 192.1.2.23 (in complete_v1_state_transition() at ikev1.c:2673) | #1 is idle | doing_xauth:yes, t_xauth_client_done:no | IKEv1: transition from state STATE_XAUTH_I0 to state STATE_XAUTH_I1 | parent state #1: MAIN_I4(established IKE SA) => XAUTH_I1(established IKE SA) | event_already_set, deleting event | state #1 requesting EVENT_SA_REPLACE to be deleted | libevent_free: release ptr-libevent@0x7f3694003978 | free_event_entry: release EVENT_SA_REPLACE-pe@0x55f7ab38ef58 | sending reply packet to 192.1.2.23:4500 (from 192.1.3.33:4500) | sending 96 bytes for STATE_XAUTH_I0 through eth1 from 192.1.3.33:4500 to 192.1.2.23:4500 (using #1) | 00 00 00 00 79 06 6b 20 17 b2 e6 fc 6a 32 cc 41 | 99 58 a1 ce 08 10 06 01 44 44 28 85 00 00 00 5c | 84 c9 f6 98 3c de 6c fb a6 65 f1 39 6e 76 0d 83 | 60 c2 9d c4 c8 38 a5 a0 f0 e9 cd bb 99 91 53 26 | cb f2 3c 07 53 bb 43 f6 fd c3 55 bd da 60 03 93 | de d6 27 a6 cc b6 92 75 54 fa be dc 52 3d 40 05 | !event_already_set at reschedule | event_schedule: new EVENT_RETRANSMIT-pe@0x55f7ab38ef58 | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #1 | libevent_malloc: new ptr-libevent@0x55f7ab38b728 size 128 | #1 STATE_XAUTH_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 29304.800845 | pstats #1 ikev1.isakmp established "north-east" #1: STATE_XAUTH_I1: XAUTH client - possibly awaiting CFG_set {auth=PRESHARED_KEY cipher=AES_CBC_256 integ=HMAC_SHA2_256 group=MODP2048} | DPD: dpd_init() called on ISAKMP SA | DPD: Peer supports Dead Peer Detection | DPD: not initializing DPD because DPD is disabled locally | XAUTH client is not yet authenticated | #1 spent 0.24 milliseconds in process_packet_tail() | stop processing: from 192.1.2.23:4500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "north-east" from 192.1.2.23 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.405 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00198 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 76 bytes from 192.1.2.23:4500 on eth1 (192.1.3.33:4500) | 79 06 6b 20 17 b2 e6 fc 6a 32 cc 41 99 58 a1 ce | 08 10 06 01 62 c6 71 f1 00 00 00 4c c7 54 d9 30 | d5 0b a6 b3 c2 c4 6f 17 42 b7 ba f5 c0 12 29 fa | e6 fd 30 b4 00 de 85 e9 43 e4 dd d3 e8 cd de b2 | 3f 68 6a 8d 7a f2 41 1a 15 0b d5 2c | start processing: from 192.1.2.23:4500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 79 06 6b 20 17 b2 e6 fc | responder cookie: | 6a 32 cc 41 99 58 a1 ce | next payload type: ISAKMP_NEXT_HASH (0x8) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_MODE_CFG (0x6) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 1657172465 (0x62c671f1) | length: 76 (0x4c) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_MODE_CFG (6) | peer and cookies match on #1; msgid=62c671f1 st_msgid=00000000 st_msgid_phase15=00000000 | State DB: IKEv1 state not found (find_v1_info_state) | No appropriate Mode Config state yet. See if we have a Main Mode state | peer and cookies match on #1; msgid=00000000 st_msgid=00000000 st_msgid_phase15=00000000 | p15 state object #1 found, in STATE_XAUTH_I1 | State DB: found IKEv1 state #1 in XAUTH_I1 (find_v1_info_state) | start processing: state #1 connection "north-east" from 192.1.2.23 (in process_v1_packet() at ikev1.c:1678) | processing received isakmp_xchg_type ISAKMP_XCHG_MODE_CFG. | this is a xauthclient modecfgclient | call init_phase2_iv | set from_state to STATE_XAUTH_I1 this is xauthclient and state == STATE_XAUTH_I1 | #1 is idle | #1 idle | received encrypted packet from 192.1.2.23:4500 | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x4100 opt: 0x2000 | ***parse ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_MODECFG (0xe) | length: 36 (0x24) | got payload 0x4000 (ISAKMP_NEXT_MODECFG) needed: 0x4000 opt: 0x2000 | ***parse ISAKMP Mode Attribute: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 12 (0xc) | Attr Msg Type: ISAKMP_CFG_SET (0x3) | Identifier: 0 (0x0) | xauth_inI0 HASH(1): | f2 94 db 2a d9 12 b1 2b 33 7b 9c 40 c1 d7 1c 1d | ac 6f 29 24 b4 95 27 c7 53 9c 7c 27 db 9a e4 c1 | received 'xauth_inI0' message HASH(1) data ok | **emit ISAKMP Message: | initiator cookie: | 79 06 6b 20 17 b2 e6 fc | responder cookie: | 6a 32 cc 41 99 58 a1 ce | next payload type: ISAKMP_NEXT_HASH (0x8) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_MODE_CFG (0x6) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 1657172465 (0x62c671f1) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | next payload chain: ignoring supplied 'ISAKMP Message'.'next payload type' value 8:ISAKMP_NEXT_HASH | arrived in xauth_inI0 | ****parse ISAKMP ModeCfg attribute: | ModeCfg attr type: AF+XAUTH-STATUS (0xc08f) | length/value: 1 (0x1) | Received Cisco XAUTH status: OK | ***emit ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'reply packet' | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload | emitting length of ISAKMP Hash Payload: 36 | ***emit ISAKMP Mode Attribute: | next payload type: ISAKMP_NEXT_NONE (0x0) | Attr Msg Type: ISAKMP_CFG_ACK (0x4) | Identifier: 0 (0x0) | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Mode Attribute (14:ISAKMP_NEXT_MODECFG) | next payload chain: saving location 'ISAKMP Mode Attribute'.'next payload type' in 'reply packet' | ****emit ISAKMP ModeCfg attribute: | ModeCfg attr type: AF+XAUTH-STATUS (0xc08f) | length/value: 1 (0x1) | no IKEv1 message padding required | emitting length of ISAKMP Mode Attribute: 12 | XAUTH: ack status HASH(1): | ea 95 cf 48 dc 26 36 24 91 ff 85 3a 0f ff c5 49 | ce 4f 03 c7 c8 71 71 17 81 71 b1 21 65 c7 1e 88 | no IKEv1 message padding required | emitting length of ISAKMP Message: 76 | no IKEv1 message padding required | emitting length of ISAKMP Message: 76 "north-east" #1: XAUTH: Successfully Authenticated | complete v1 state transition with STF_OK | [RE]START processing: state #1 connection "north-east" from 192.1.2.23 (in complete_v1_state_transition() at ikev1.c:2673) | #1 is idle | doing_xauth:no, t_xauth_client_done:yes | IKEv1: transition from state STATE_XAUTH_I0 to state STATE_XAUTH_I1 | event_already_set, deleting event | state #1 requesting EVENT_RETRANSMIT to be deleted | #1 STATE_XAUTH_I1: retransmits: cleared | libevent_free: release ptr-libevent@0x55f7ab38b728 | free_event_entry: release EVENT_RETRANSMIT-pe@0x55f7ab38ef58 | sending reply packet to 192.1.2.23:4500 (from 192.1.3.33:4500) | sending 80 bytes for STATE_XAUTH_I0 through eth1 from 192.1.3.33:4500 to 192.1.2.23:4500 (using #1) | 00 00 00 00 79 06 6b 20 17 b2 e6 fc 6a 32 cc 41 | 99 58 a1 ce 08 10 06 01 62 c6 71 f1 00 00 00 4c | c0 80 95 9f 47 7b b9 80 2c b0 1e b9 56 17 ae 41 | 1b 1c 9f 2c 21 7b 6e 03 45 64 98 05 c4 6f 6e 69 | e0 9c 23 42 6e d1 35 70 7c ac 1f cb 0e 66 e9 52 | !event_already_set at reschedule | event_schedule: new EVENT_RETRANSMIT-pe@0x55f7ab38ef58 | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #1 | libevent_malloc: new ptr-libevent@0x55f7ab38c6e8 size 128 | #1 STATE_XAUTH_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 29304.80148 | pstats #1 ikev1.isakmp established "north-east" #1: STATE_XAUTH_I1: XAUTH client - possibly awaiting CFG_set {auth=PRESHARED_KEY cipher=AES_CBC_256 integ=HMAC_SHA2_256 group=MODP2048} | DPD: dpd_init() called on ISAKMP SA | DPD: Peer supports Dead Peer Detection | DPD: not initializing DPD because DPD is disabled locally | modecfg pull: noquirk policy:pull modecfg-client | modecfg client is starting due to policy "north-east" #1: modecfg: Sending IP request (MODECFG_I1) | parent state #1: XAUTH_I1(established IKE SA) => MODE_CFG_I1(established IKE SA) | **emit ISAKMP Message: | initiator cookie: | 79 06 6b 20 17 b2 e6 fc | responder cookie: | 6a 32 cc 41 99 58 a1 ce | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_MODE_CFG (0x6) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 3717821664 (0xdd9974e0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'xauth_buf' | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload | emitting length of ISAKMP Hash Payload: 36 | ***emit ISAKMP Mode Attribute: | next payload type: ISAKMP_NEXT_NONE (0x0) | Attr Msg Type: ISAKMP_CFG_REQUEST (0x1) | Identifier: 0 (0x0) | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Mode Attribute (14:ISAKMP_NEXT_MODECFG) | next payload chain: saving location 'ISAKMP Mode Attribute'.'next payload type' in 'xauth_buf' | ****emit ISAKMP ModeCfg attribute: | ModeCfg attr type: INTERNAL_IP4_ADDRESS (0x1) | length/value: 0 (0x0) | emitting length of ISAKMP ModeCfg attribute: 0 | ****emit ISAKMP ModeCfg attribute: | ModeCfg attr type: INTERNAL_IP4_NETMASK (0x2) | length/value: 0 (0x0) | emitting length of ISAKMP ModeCfg attribute: 0 | ****emit ISAKMP ModeCfg attribute: | ModeCfg attr type: INTERNAL_IP4_DNS (0x3) | length/value: 0 (0x0) | emitting length of ISAKMP ModeCfg attribute: 0 | ****emit ISAKMP ModeCfg attribute: | ModeCfg attr type: MODECFG_BANNER (0x7000) | length/value: 0 (0x0) | emitting length of ISAKMP ModeCfg attribute: 0 | ****emit ISAKMP ModeCfg attribute: | ModeCfg attr type: MODECFG_DOMAIN (0x7002) | length/value: 0 (0x0) | emitting length of ISAKMP ModeCfg attribute: 0 | ****emit ISAKMP ModeCfg attribute: | ModeCfg attr type: CISCO_SPLIT_INC (0x7004) | length/value: 0 (0x0) | emitting length of ISAKMP ModeCfg attribute: 0 | no IKEv1 message padding required | emitting length of ISAKMP Mode Attribute: 32 | XAUTH: mode config request HASH(1): | 03 99 37 6a cf 6e 59 ed 64 3d ac b8 a4 0b 44 d4 | c6 f6 12 7f 1f 37 30 12 cb 9b 28 73 4e 6f 10 25 | no IKEv1 message padding required | emitting length of ISAKMP Message: 96 | emitting 12 zero bytes of encryption padding into ISAKMP Message | no IKEv1 message padding required | emitting length of ISAKMP Message: 108 | sending 112 bytes for modecfg: req through eth1 from 192.1.3.33:4500 to 192.1.2.23:4500 (using #1) | 00 00 00 00 79 06 6b 20 17 b2 e6 fc 6a 32 cc 41 | 99 58 a1 ce 08 10 06 01 dd 99 74 e0 00 00 00 6c | 7d 26 c0 f9 e0 66 40 95 46 00 65 be 28 2f 41 8e | ca d7 f3 89 2d 5b bd 9b 21 25 fd 31 e5 38 87 bc | 83 60 73 6a 8a a8 02 60 12 37 ee 72 a5 02 f3 ff | 67 dd 4a 27 45 e7 e6 ab f0 0f d8 75 f8 1b 12 f6 | b2 0d 4b ac 7e 2a 1e 27 1d 90 c7 c9 e5 11 14 ce | #1 spent 0.272 milliseconds in process_packet_tail() | stop processing: from 192.1.2.23:4500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "north-east" from 192.1.2.23 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.41 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00222 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 92 bytes from 192.1.2.23:4500 on eth1 (192.1.3.33:4500) | 79 06 6b 20 17 b2 e6 fc 6a 32 cc 41 99 58 a1 ce | 08 10 06 01 dd 99 74 e0 00 00 00 5c c6 7f 44 0f | 0d 6b 36 e6 83 54 a7 12 fa 79 d7 6c fb ac c5 8b | 2d 27 45 0c ce 90 c0 f6 63 0a 21 9f dc ac 08 b0 | ae 2e a3 c9 46 3a 1a 46 65 ec ce 34 98 04 b9 dc | a9 98 c9 db a4 46 fd 32 ed db 89 7a | start processing: from 192.1.2.23:4500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 79 06 6b 20 17 b2 e6 fc | responder cookie: | 6a 32 cc 41 99 58 a1 ce | next payload type: ISAKMP_NEXT_HASH (0x8) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_MODE_CFG (0x6) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 3717821664 (0xdd9974e0) | length: 92 (0x5c) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_MODE_CFG (6) | peer and cookies match on #1; msgid=dd9974e0 st_msgid=00000000 st_msgid_phase15=dd9974e0 | p15 state object #1 found, in STATE_MODE_CFG_I1 | State DB: found IKEv1 state #1 in MODE_CFG_I1 (find_v1_info_state) | start processing: state #1 connection "north-east" from 192.1.2.23 (in process_v1_packet() at ikev1.c:1802) | #1 is idle | #1 idle | received encrypted packet from 192.1.2.23:4500 | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x4100 opt: 0x2000 | ***parse ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_MODECFG (0xe) | length: 36 (0x24) | got payload 0x4000 (ISAKMP_NEXT_MODECFG) needed: 0x4000 opt: 0x2000 | ***parse ISAKMP Mode Attribute: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 24 (0x18) | Attr Msg Type: ISAKMP_CFG_REPLY (0x2) | Identifier: 0 (0x0) | removing 4 bytes of padding | modecfg_inR1 HASH(1): | b5 9a 44 15 a7 6a a1 4f 99 1f 1e 92 0e 78 90 af | bf 19 a2 b9 fe 6d 62 75 36 e5 e2 ba 30 4d d3 7e | received 'modecfg_inR1' message HASH(1) data ok | **emit ISAKMP Message: | initiator cookie: | 79 06 6b 20 17 b2 e6 fc | responder cookie: | 6a 32 cc 41 99 58 a1 ce | next payload type: ISAKMP_NEXT_HASH (0x8) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_MODE_CFG (0x6) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 3717821664 (0xdd9974e0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | next payload chain: ignoring supplied 'ISAKMP Message'.'next payload type' value 8:ISAKMP_NEXT_HASH | modecfg_inR1: received mode cfg reply | ****parse ISAKMP ModeCfg attribute: | ModeCfg attr type: INTERNAL_IP4_ADDRESS (0x1) | length/value: 4 (0x4) | parsing 4 raw bytes of ISAKMP ModeCfg attribute into addr | addr c0 00 02 65 "north-east" #1: Received IPv4 address: 192.0.2.101/32 | setting ip source address to 192.0.2.101/32 | ****parse ISAKMP ModeCfg attribute: | ModeCfg attr type: INTERNAL_IP4_NETMASK (0x2) | length/value: 4 (0x4) | parsing 4 raw bytes of ISAKMP ModeCfg attribute into addr | addr 00 00 00 00 | Received IP4 NETMASK 0.0.0.0 | modecfg_inR1(STF_OK) | complete v1 state transition with STF_OK | [RE]START processing: state #1 connection "north-east" from 192.1.2.23 (in complete_v1_state_transition() at ikev1.c:2673) | #1 is idle | doing_xauth:no, t_xauth_client_done:yes | IKEv1: transition from state STATE_MODE_CFG_I1 to state STATE_MAIN_I4 | parent state #1: MODE_CFG_I1(established IKE SA) => MAIN_I4(established IKE SA) | event_already_set, deleting event | state #1 requesting EVENT_RETRANSMIT to be deleted | #1 STATE_MAIN_I4: retransmits: cleared | libevent_free: release ptr-libevent@0x55f7ab38c6e8 | free_event_entry: release EVENT_RETRANSMIT-pe@0x55f7ab38ef58 | !event_already_set at reschedule | event_schedule: new EVENT_SA_REPLACE-pe@0x55f7ab38ef58 | inserting event EVENT_SA_REPLACE, timeout in 3330 seconds for #1 | libevent_malloc: new ptr-libevent@0x55f7ab38b728 size 128 | pstats #1 ikev1.isakmp established "north-east" #1: STATE_MAIN_I4: ISAKMP SA established {auth=PRESHARED_KEY cipher=AES_CBC_256 integ=HMAC_SHA2_256 group=MODP2048} | DPD: dpd_init() called on ISAKMP SA | DPD: Peer supports Dead Peer Detection | DPD: not initializing DPD because DPD is disabled locally | modecfg pull: noquirk policy:pull modecfg-client | phase 1 is done, looking for phase 2 to unpend | unpending state #1 | creating state object #2 at 0x55f7ab3903d8 | State DB: adding IKEv1 state #2 in UNDEFINED | pstats #2 ikev1.ipsec started | duplicating state object #1 "north-east" as #2 for IPSEC SA | #2 setting local endpoint to 192.1.3.33:4500 from #1.st_localport (in duplicate_state() at state.c:1484) | suspend processing: state #1 connection "north-east" from 192.1.2.23 (in quick_outI1() at ikev1_quick.c:685) | start processing: state #2 connection "north-east" from 192.1.2.23 (in quick_outI1() at ikev1_quick.c:685) | child state #2: UNDEFINED(ignore) => QUICK_I1(established CHILD SA) "north-east" #2: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP+XAUTH+MODECFG_PULL+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO {using isakmp#1 msgid:2d25a324 proposal=defaults pfsgroup=MODP2048} | adding quick_outI1 KE work-order 3 for state #2 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f369c002b78 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #2 | libevent_malloc: new ptr-libevent@0x55f7ab38b678 size 128 | stop processing: state #2 connection "north-east" from 192.1.2.23 (in quick_outI1() at ikev1_quick.c:764) | resume processing: state #1 connection "north-east" from 192.1.2.23 (in quick_outI1() at ikev1_quick.c:764) | unqueuing pending Quick Mode with 192.1.2.23 "north-east" | removing pending policy for no connection {0x55f7ab37d6c8} | crypto helper 4 resuming | close_any(fd@24) (in release_whack() at state.c:654) | crypto helper 4 starting work-order 3 for state #2 | #1 spent 0.183 milliseconds in process_packet_tail() | stop processing: from 192.1.2.23:4500 (BACKGROUND) (in process_md() at demux.c:380) | crypto helper 4 doing build KE and nonce (quick_outI1 KE); request ID 3 | stop processing: state #1 connection "north-east" from 192.1.2.23 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.314 milliseconds in comm_handle_cb() reading and processing packet | crypto helper 4 finished build KE and nonce (quick_outI1 KE); request ID 3 time elapsed 0.000997 seconds | (#2) spent 0.988 milliseconds in crypto helper computing work-order 3: quick_outI1 KE (pcr) | crypto helper 4 sending results from work-order 3 for state #2 to event queue | scheduling resume sending helper answer for #2 | libevent_malloc: new ptr-libevent@0x7f3698003f28 size 128 | libevent_realloc: release ptr-libevent@0x55f7ab36c818 | libevent_realloc: new ptr-libevent@0x7f3698003e78 size 128 | crypto helper 4 waiting (nothing to do) | processing resume sending helper answer for #2 | start processing: state #2 connection "north-east" from 192.1.2.23 (in resume_handler() at server.c:797) | crypto helper 4 replies to request ID 3 | calling continuation function 0x55f7a9292b50 | quick_outI1_continue for #2: calculated ke+nonce, sending I1 | **emit ISAKMP Message: | initiator cookie: | 79 06 6b 20 17 b2 e6 fc | responder cookie: | 6a 32 cc 41 99 58 a1 ce | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_QUICK (0x20) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 757441316 (0x2d25a324) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'reply packet' | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload | emitting length of ISAKMP Hash Payload: 36 | emitting quick defaults using policy none | empty esp_info, returning defaults for ENCRYPT | ***emit ISAKMP Security Association Payload: | next payload type: ISAKMP_NEXT_NONCE (0xa) | DOI: ISAKMP_DOI_IPSEC (0x1) | next payload chain: ignoring supplied 'ISAKMP Security Association Payload'.'next payload type' value 10:ISAKMP_NEXT_NONCE | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Security Association Payload (1:ISAKMP_NEXT_SA) | next payload chain: saving location 'ISAKMP Security Association Payload'.'next payload type' in 'reply packet' | ****emit IPsec DOI SIT: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) | ikev1_out_sa pcn: 0 has 1 valid proposals | ikev1_out_sa pcn: 0 pn: 0<1 valid_count: 1 trans_cnt: 2 | ****emit ISAKMP Proposal Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | proposal number: 0 (0x0) | protocol ID: PROTO_IPSEC_ESP (0x3) | SPI size: 4 (0x4) | number of transforms: 2 (0x2) | last substructure: saving location 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' | netlink_get_spi: allocated 0x54bd1448 for esp.0@192.1.3.33 | emitting 4 raw bytes of SPI into ISAKMP Proposal Payload | SPI 54 bd 14 48 | *****emit ISAKMP Transform Payload (ESP): | next payload type: ISAKMP_NEXT_T (0x3) | ESP transform number: 0 (0x0) | ESP transform ID: ESP_AES (0xc) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+GROUP_DESCRIPTION (0x8003) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+ENCAPSULATION_MODE (0x8004) | length/value: 3 (0x3) | [3 is ENCAPSULATION_MODE_UDP_TUNNEL_RFC] | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+SA_LIFE_TYPE (0x8001) | length/value: 1 (0x1) | [1 is SA_LIFE_TYPE_SECONDS] | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) | length/value: 28800 (0x7080) | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+AUTH_ALGORITHM (0x8005) | length/value: 2 (0x2) | [2 is AUTH_ALGORITHM_HMAC_SHA1] | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+KEY_LENGTH (0x8006) | length/value: 128 (0x80) | emitting length of ISAKMP Transform Payload (ESP): 32 | *****emit ISAKMP Transform Payload (ESP): | next payload type: ISAKMP_NEXT_NONE (0x0) | ESP transform number: 1 (0x1) | ESP transform ID: ESP_3DES (0x3) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+GROUP_DESCRIPTION (0x8003) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+ENCAPSULATION_MODE (0x8004) | length/value: 3 (0x3) | [3 is ENCAPSULATION_MODE_UDP_TUNNEL_RFC] | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+SA_LIFE_TYPE (0x8001) | length/value: 1 (0x1) | [1 is SA_LIFE_TYPE_SECONDS] | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) | length/value: 28800 (0x7080) | ******emit ISAKMP IPsec DOI attribute: | af+type: AF+AUTH_ALGORITHM (0x8005) | length/value: 2 (0x2) | [2 is AUTH_ALGORITHM_HMAC_SHA1] | emitting length of ISAKMP Transform Payload (ESP): 28 | emitting length of ISAKMP Proposal Payload: 72 | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' is 0 | emitting length of ISAKMP Security Association Payload: 84 | last substructure: checking 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' is 0 | ***emit ISAKMP Nonce Payload: | next payload type: ISAKMP_NEXT_KE (0x4) | next payload chain: ignoring supplied 'ISAKMP Nonce Payload'.'next payload type' value 4:ISAKMP_NEXT_KE | next payload chain: setting previous 'ISAKMP Security Association Payload'.'next payload type' to current ISAKMP Nonce Payload (10:ISAKMP_NEXT_NONCE) | next payload chain: saving location 'ISAKMP Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of Ni into ISAKMP Nonce Payload | Ni a0 b6 92 6a 14 44 67 2e 1e 07 38 fc 94 27 82 14 | Ni b4 55 d5 fa 49 11 ff 84 3c ac 84 01 e7 4b 43 0d | emitting length of ISAKMP Nonce Payload: 36 | ***emit ISAKMP Key Exchange Payload: | next payload type: ISAKMP_NEXT_ID (0x5) | next payload chain: ignoring supplied 'ISAKMP Key Exchange Payload'.'next payload type' value 5:ISAKMP_NEXT_ID | next payload chain: setting previous 'ISAKMP Nonce Payload'.'next payload type' to current ISAKMP Key Exchange Payload (4:ISAKMP_NEXT_KE) | next payload chain: saving location 'ISAKMP Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of keyex value into ISAKMP Key Exchange Payload | keyex value df ef 68 0d b4 eb 8b 1d 75 95 93 41 3e e8 d5 0d | keyex value 16 99 6c 82 5b a4 e0 35 43 b3 35 05 b1 4a e9 be | keyex value 49 45 36 8d b6 ce 4e 09 cf fa 15 82 d3 66 c3 3b | keyex value dc 3d 73 1f 23 96 85 4c df 2e bc 86 74 a8 ff 2c | keyex value 96 4f e2 50 6d 6a 4d d0 d0 c7 d2 86 7e 99 2c d5 | keyex value 04 e0 fd 58 dd 70 89 02 77 5a f7 62 cb cc 4f d4 | keyex value 61 9d be 7d 6a 39 ee 4c 5f fc 7e 02 35 9a 3e a6 | keyex value c1 85 c8 05 a6 df a5 24 eb 57 1f 99 3a 0e 27 83 | keyex value 2d 2c 63 06 71 af 50 e0 50 60 22 8e a3 e0 6b c1 | keyex value 7e 4c cc d2 25 20 fe e3 45 7e 41 ec 1b d3 59 57 | keyex value 06 41 2b df 34 78 00 cc f2 5d 84 6a 2c 8c 5f e1 | keyex value 93 da 26 ff d5 e6 ee 68 40 28 c1 1c 68 97 ea 84 | keyex value bb 71 d8 49 08 16 79 62 c3 22 34 a4 99 51 62 55 | keyex value a9 98 5f 99 90 be 21 8f be 9e c7 cc d2 b5 2b aa | keyex value 17 27 8f 22 c3 95 7c cb 74 e1 29 c6 f4 1c e2 fd | keyex value 78 92 09 0b 87 90 df fc 34 29 2e e8 05 8a 29 5f | emitting length of ISAKMP Key Exchange Payload: 260 | ***emit ISAKMP Identification Payload (IPsec DOI): | next payload type: ISAKMP_NEXT_ID (0x5) | ID type: ID_IPV4_ADDR (0x1) | Protocol ID: 0 (0x0) | port: 0 (0x0) | next payload chain: ignoring supplied 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' value 5:ISAKMP_NEXT_ID | next payload chain: setting previous 'ISAKMP Key Exchange Payload'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' | emitting 4 raw bytes of client network into ISAKMP Identification Payload (IPsec DOI) | client network c0 00 02 65 | emitting length of ISAKMP Identification Payload (IPsec DOI): 12 | ***emit ISAKMP Identification Payload (IPsec DOI): | next payload type: ISAKMP_NEXT_NONE (0x0) | ID type: ID_IPV4_ADDR_SUBNET (0x4) | Protocol ID: 0 (0x0) | port: 0 (0x0) | next payload chain: setting previous 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' | emitting 4 raw bytes of client network into ISAKMP Identification Payload (IPsec DOI) | client network 00 00 00 00 | emitting 4 raw bytes of client mask into ISAKMP Identification Payload (IPsec DOI) | client mask 00 00 00 00 | emitting length of ISAKMP Identification Payload (IPsec DOI): 16 | outI1 HASH(1): | 74 1b 09 c8 c6 1f 55 4d a0 af bd e7 9a b1 89 09 | 3e 27 af d4 fe c4 42 3c 28 15 2b 2c 60 57 83 66 | emitting 4 zero bytes of encryption padding into ISAKMP Message | no IKEv1 message padding required | emitting length of ISAKMP Message: 476 | sending 480 bytes for reply packet from quick_outI1 through eth1 from 192.1.3.33:4500 to 192.1.2.23:4500 (using #2) | 00 00 00 00 79 06 6b 20 17 b2 e6 fc 6a 32 cc 41 | 99 58 a1 ce 08 10 20 01 2d 25 a3 24 00 00 01 dc | c7 76 9b e1 05 1d 4a 0c 6b 36 95 6f d1 84 04 e1 | fb ed c3 aa f0 aa f3 1d 3f de 7a 56 85 5c ca de | 68 3c ef 3f 01 27 e8 58 43 5a 11 66 ce b6 d8 07 | 4f 8b 9e 5c 6b 84 7c 23 57 9a 75 56 45 9e 50 dd | b7 43 93 03 54 c2 3c 0a ec 33 fc a3 53 43 06 3c | 22 87 fd 2a 8d f4 23 7a ac 33 20 82 f5 c7 f6 88 | c0 9c 57 26 e7 41 f6 47 78 07 fa 1c 50 75 c4 0b | 0f ab 8b db bd 15 35 ba ba dd e3 a3 33 48 83 05 | b2 42 64 9f 0d 17 18 18 da 27 3d 7e 31 79 70 5f | f5 b6 16 c0 34 0e bd 78 0a fb 37 f3 24 36 43 59 | f0 85 dc 30 07 db 7c 21 b9 1f 68 ce 6b f7 d2 72 | 6a 32 20 07 1a 45 26 e3 3e a0 66 a0 82 71 d4 79 | c7 83 89 8c 28 2a 1c 72 9b 60 01 3a 19 27 fb db | 1c f4 1f 72 0a 5e 0e 22 fd 8c 93 c3 8f e4 5e 0d | 4d a0 2d d8 46 bb 8d ab 9d 31 2a 67 ed f8 0a 8c | 1f 2f 58 60 06 7e b5 21 e3 a5 64 ec 91 02 e7 08 | 37 a6 77 32 d2 fa f0 7a 57 c6 3b c1 07 d3 62 ad | 48 82 5d 74 1f 00 ce 01 cb fa dc d6 52 94 e4 0c | 28 0d f8 d7 67 39 3d de 7b 76 18 32 a9 68 4c 71 | 1c 25 1f bc 43 37 79 a0 86 8c f7 41 fe da b8 1c | e1 2f 7f 52 b2 04 3e 01 61 34 41 85 66 08 b0 a9 | 9c c9 dd 1f c0 94 0b ab 75 04 2b 74 e5 59 63 42 | 95 73 ef 29 c6 0e ce 51 a3 80 c1 de 68 46 fa 61 | 7d a2 99 af e8 38 6b 3b c7 8c af 1a 31 e5 bc df | 3f 30 13 db 30 63 52 84 4c e8 48 12 db 2a 52 3f | 83 9e c8 e1 fa 70 42 da 0c a9 67 8d 83 93 9b 42 | 87 e7 a3 67 47 5d 2a df 0d 9f d8 a0 cc 9f 51 66 | 73 2b fe 83 b4 ca 3e 0b 5e 06 3f fb 50 2b b6 0d | state #2 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x55f7ab38b678 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f369c002b78 | event_schedule: new EVENT_RETRANSMIT-pe@0x7f369c002b78 | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #2 | libevent_malloc: new ptr-libevent@0x55f7ab38c848 size 128 | #2 STATE_QUICK_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 29304.803744 | resume sending helper answer for #2 suppresed complete_v1_state_transition() | #2 spent 0.406 milliseconds in resume sending helper answer | stop processing: state #2 connection "north-east" from 192.1.2.23 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f3698003f28 | spent 0.00273 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 444 bytes from 192.1.2.23:4500 on eth1 (192.1.3.33:4500) | 79 06 6b 20 17 b2 e6 fc 6a 32 cc 41 99 58 a1 ce | 08 10 20 01 2d 25 a3 24 00 00 01 bc d8 2f 39 85 | be 51 93 5e b9 95 be 28 9b 6b e6 36 7e 2d e9 4b | f8 64 14 6f 41 91 18 97 d4 4a 10 6e a3 30 59 4d | 71 2b a9 ef 1a b2 41 d1 e7 6a 0b 9a 84 73 bf 44 | c1 eb 4f 3c 72 31 f1 23 b5 63 8e 0e 3e 18 24 be | 83 31 1a f6 28 99 99 6e 89 eb 58 33 0f 23 a5 b2 | 64 4c 7f 7e f1 ee ad 1d 57 85 d6 20 a3 0a 76 75 | 17 c9 96 2f 83 f2 68 14 f8 30 3c 1e 1a 6b ed 4a | 26 bd 6f e6 55 67 b3 56 9f 14 b1 37 c9 8e 9b 10 | 14 38 53 15 d1 cb e5 85 7a 3f 2d 98 83 da fc 27 | 3f 7d 93 15 70 4f 6f 0f 9a 87 28 bc d4 65 a2 ca | c9 de e9 c4 50 79 a2 10 a6 c9 8b 3f 32 35 d4 5c | 95 e9 53 c8 59 71 f7 43 1a b3 85 77 26 4d 5b fa | 86 d7 35 d6 63 b6 f6 c5 91 55 3b c2 bf b8 fe 1b | 47 57 b2 0b 72 00 f5 4a 5e 01 58 f6 e9 ec 96 de | c3 d5 b0 d8 b6 9d cd 57 e7 f0 23 83 1b 6f 58 45 | d3 6b 53 e3 d9 51 2b 28 ef a2 5c 1e ad b3 52 f2 | a5 1b 02 a6 70 fa 21 c6 80 c4 14 1d 3b 38 bf 50 | 36 4d 27 ec c8 35 53 24 89 11 80 69 0f 49 fd 29 | 41 ec 4a 13 e4 71 8d b2 92 e1 a0 e6 65 fb 72 dd | 4c 91 a3 8a d8 7b 0a f9 5b 17 41 56 4c f3 00 92 | 63 c0 72 ff 96 6b b2 f6 34 51 a8 02 5b 36 1d b6 | 3b f2 15 4f da ff 98 d2 01 37 7b ff 4c 2f 87 0a | 50 3c b5 93 9f 10 5e 38 49 e3 94 b4 ab 5e a0 7a | 7b c4 2e 76 3f af 0c 32 8b 70 ce 5f 2a 1b 50 dd | 1e 8d 3e 0e e9 cc 62 8a d7 f8 80 d4 1e de 6d 59 | 14 c3 e7 c1 af 76 c2 d9 95 3f bf 06 | start processing: from 192.1.2.23:4500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 79 06 6b 20 17 b2 e6 fc | responder cookie: | 6a 32 cc 41 99 58 a1 ce | next payload type: ISAKMP_NEXT_HASH (0x8) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_QUICK (0x20) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 757441316 (0x2d25a324) | length: 444 (0x1bc) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32) | State DB: found IKEv1 state #2 in QUICK_I1 (find_state_ikev1) | start processing: state #2 connection "north-east" from 192.1.2.23 (in process_v1_packet() at ikev1.c:1633) | #2 is idle | #2 idle | received encrypted packet from 192.1.2.23:4500 | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x502 opt: 0x200030 | ***parse ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_SA (0x1) | length: 36 (0x24) | got payload 0x2 (ISAKMP_NEXT_SA) needed: 0x402 opt: 0x200030 | ***parse ISAKMP Security Association Payload: | next payload type: ISAKMP_NEXT_NONCE (0xa) | length: 56 (0x38) | DOI: ISAKMP_DOI_IPSEC (0x1) | got payload 0x400 (ISAKMP_NEXT_NONCE) needed: 0x400 opt: 0x200030 | ***parse ISAKMP Nonce Payload: | next payload type: ISAKMP_NEXT_KE (0x4) | length: 36 (0x24) | got payload 0x10 (ISAKMP_NEXT_KE) needed: 0x0 opt: 0x200030 | ***parse ISAKMP Key Exchange Payload: | next payload type: ISAKMP_NEXT_ID (0x5) | length: 260 (0x104) | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030 | ***parse ISAKMP Identification Payload (IPsec DOI): | next payload type: ISAKMP_NEXT_ID (0x5) | length: 12 (0xc) | ID type: ID_IPV4_ADDR (0x1) | Protocol ID: 0 (0x0) | port: 0 (0x0) | obj: c0 00 02 65 | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030 | ***parse ISAKMP Identification Payload (IPsec DOI): | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 16 (0x10) | ID type: ID_IPV4_ADDR_SUBNET (0x4) | Protocol ID: 0 (0x0) | port: 0 (0x0) | obj: 00 00 00 00 00 00 00 00 | quick_inR1_outI2 HASH(2): | 31 84 67 69 fc bd 8e a5 ef bc 1d c6 64 06 d7 e2 | 46 95 4f 62 ef 20 35 c3 c1 15 22 1d 85 f3 f8 3d | received 'quick_inR1_outI2' message HASH(2) data ok | ****parse IPsec DOI SIT: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) | ****parse ISAKMP Proposal Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 44 (0x2c) | proposal number: 0 (0x0) | protocol ID: PROTO_IPSEC_ESP (0x3) | SPI size: 4 (0x4) | number of transforms: 1 (0x1) | parsing 4 raw bytes of ISAKMP Proposal Payload into SPI | SPI 57 18 ef b3 | *****parse ISAKMP Transform Payload (ESP): | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 32 (0x20) | ESP transform number: 0 (0x0) | ESP transform ID: ESP_AES (0xc) | ******parse ISAKMP IPsec DOI attribute: | af+type: AF+GROUP_DESCRIPTION (0x8003) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | ******parse ISAKMP IPsec DOI attribute: | af+type: AF+ENCAPSULATION_MODE (0x8004) | length/value: 3 (0x3) | [3 is ENCAPSULATION_MODE_UDP_TUNNEL_RFC] | NAT-T RFC: Installing IPsec SA with ENCAP, st->hidden_variables.st_nat_traversal is RFC 3947 (NAT-Traversal)+I am behind NAT | ******parse ISAKMP IPsec DOI attribute: | af+type: AF+SA_LIFE_TYPE (0x8001) | length/value: 1 (0x1) | [1 is SA_LIFE_TYPE_SECONDS] | ******parse ISAKMP IPsec DOI attribute: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) | length/value: 28800 (0x7080) | ******parse ISAKMP IPsec DOI attribute: | af+type: AF+AUTH_ALGORITHM (0x8005) | length/value: 2 (0x2) | [2 is AUTH_ALGORITHM_HMAC_SHA1] | ******parse ISAKMP IPsec DOI attribute: | af+type: AF+KEY_LENGTH (0x8006) | length/value: 128 (0x80) | ESP IPsec Transform verified unconditionally; no alg_info to check against | started looking for secret for 192.1.3.33->@east of kind PKK_PSK | actually looking for secret for 192.1.3.33->@east of kind PKK_PSK | line 1: key type PKK_PSK(192.1.3.33) to type PKK_PSK | 1: compared key (none) to 192.1.3.33 / @east -> 002 | 2: compared key (none) to 192.1.3.33 / @east -> 002 | line 1: match=002 | match 002 beats previous best_match 000 match=0x55f7ab2e5c48 (line=1) | concluding with best_match=002 best=0x55f7ab2e5c48 (lineno=1) | adding quick outI2 DH work-order 4 for state #2 | state #2 requesting EVENT_RETRANSMIT to be deleted | #2 STATE_QUICK_I1: retransmits: cleared | libevent_free: release ptr-libevent@0x55f7ab38c848 | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f369c002b78 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f369c002b78 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #2 | libevent_malloc: new ptr-libevent@0x7f3698003f28 size 128 | complete v1 state transition with STF_SUSPEND | [RE]START processing: state #2 connection "north-east" from 192.1.2.23 (in complete_v1_state_transition() at ikev1.c:2648) | suspending state #2 and saving MD | crypto helper 5 resuming | #2 is busy; has a suspended MD | crypto helper 5 starting work-order 4 for state #2 | #2 spent 0.109 milliseconds in process_packet_tail() | crypto helper 5 doing compute dh (V1 Phase 2 PFS) (quick outI2 DH); request ID 4 | stop processing: from 192.1.2.23:4500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #2 connection "north-east" from 192.1.2.23 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.268 milliseconds in comm_handle_cb() reading and processing packet | crypto helper 5 finished compute dh (V1 Phase 2 PFS) (quick outI2 DH); request ID 4 time elapsed 0.000551 seconds | (#2) spent 0.541 milliseconds in crypto helper computing work-order 4: quick outI2 DH (pcr) | crypto helper 5 sending results from work-order 4 for state #2 to event queue | scheduling resume sending helper answer for #2 | libevent_malloc: new ptr-libevent@0x7f368c001f78 size 128 | crypto helper 5 waiting (nothing to do) | processing resume sending helper answer for #2 | start processing: state #2 connection "north-east" from 192.1.2.23 (in resume_handler() at server.c:797) | crypto helper 5 replies to request ID 4 | calling continuation function 0x55f7a9292b50 | quick_inR1_outI2_continue for #2: calculated ke+nonce, calculating DH | **emit ISAKMP Message: | initiator cookie: | 79 06 6b 20 17 b2 e6 fc | responder cookie: | 6a 32 cc 41 99 58 a1 ce | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_QUICK (0x20) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 757441316 (0x2d25a324) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | NAT-Traversal: received 0 NAT-OA. | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address | ID address c0 00 02 65 | our client is 192.0.2.101/32 | our client protocol/port is 0/0 | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address | ID address 00 00 00 00 | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID mask | ID mask 00 00 00 00 | peer client is subnet 0.0.0.0/0 | peer client protocol/port is 0/0 | ***emit ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'reply packet' | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload | emitting length of ISAKMP Hash Payload: 36 | quick_inR1_outI2 HASH(3): | 80 91 6a 49 7a d0 1d a7 74 7d b8 61 4f 32 ef 33 | cc 07 03 6f 92 c6 37 b9 00 cb 35 34 83 65 ef c8 | compute_proto_keymat: needed_len (after ESP enc)=16 | compute_proto_keymat: needed_len (after ESP auth)=36 | install_ipsec_sa() for #2: inbound and outbound | could_route called for north-east (kind=CK_PERMANENT) | FOR_EACH_CONNECTION_... in route_owner | conn north-east mark 0/00000000, 0/00000000 vs | conn north-east mark 0/00000000, 0/00000000 | route owner of "north-east" unrouted: NULL; eroute owner: NULL | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 | setting IPsec SA replay-window to 32 | NIC esp-hw-offload not for connection 'north-east' not available on interface eth1 | netlink: enabling tunnel mode | netlink: setting IPsec SA replay-window to 32 using old-style req | netlink: esp-hw-offload not set for IPsec SA | netlink response for Add SA esp.5718efb3@192.1.2.23 included non-error error | set up outgoing SA, ref=0/0 | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 | setting IPsec SA replay-window to 32 | NIC esp-hw-offload not for connection 'north-east' not available on interface eth1 | netlink: enabling tunnel mode | netlink: setting IPsec SA replay-window to 32 using old-style req | netlink: esp-hw-offload not set for IPsec SA | netlink response for Add SA esp.54bd1448@192.1.3.33 included non-error error | priority calculation of connection "north-east" is 0xfdfff | add inbound eroute 0.0.0.0/0:0 --0-> 192.0.2.101/32:0 => tun.10000@192.1.3.33 (raw_eroute) | IPsec Sa SPD priority set to 1040383 | raw_eroute result=success | set up incoming SA, ref=0/0 | sr for #2: unrouted | route_and_eroute() for proto 0, and source port 0 dest port 0 | FOR_EACH_CONNECTION_... in route_owner | conn north-east mark 0/00000000, 0/00000000 vs | conn north-east mark 0/00000000, 0/00000000 | route owner of "north-east" unrouted: NULL; eroute owner: NULL | route_and_eroute with c: north-east (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #2 | priority calculation of connection "north-east" is 0xfdfff | eroute_connection add eroute 192.0.2.101/32:0 --0-> 0.0.0.0/0:0 => tun.0@192.1.2.23 (raw_eroute) | IPsec Sa SPD priority set to 1040383 | raw_eroute result=success | running updown command "ipsec _updown" for verb up | command executing up-client | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-east' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.2.101/32' PLUTO_MY_CLIENT_NET='192.0.2.101' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='0.0.0.0/0' PLUTO_PEER_CLIENT_NET='0.0.0.0' PLUTO_PEER_CLIENT_MASK='0.0.0.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+XAUTH+MODECFG_PULL+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_USERNAME='use1' PLUTO_MY_SOURCEIP='192.0.2.101' PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='1' PLUTO_NM_CONFIGURE | popen cmd is 1103 chars long | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-east' PLUTO_I: | cmd( 80):NTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID=': | cmd( 160):192.1.3.33' PLUTO_MY_CLIENT='192.0.2.101/32' PLUTO_MY_CLIENT_NET='192.0.2.101' P: | cmd( 240):LUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PL: | cmd( 320):UTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID=': | cmd( 400):@east' PLUTO_PEER_CLIENT='0.0.0.0/0' PLUTO_PEER_CLIENT_NET='0.0.0.0' PLUTO_PEER_: | cmd( 480):CLIENT_MASK='0.0.0.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA=: | cmd( 560):'' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+: | cmd( 640):PFS+UP+XAUTH+MODECFG_PULL+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_C: | cmd( 720):ONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_USERNA: | cmd( 800):ME='use1' PLUTO_MY_SOURCEIP='192.0.2.101' PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS: | cmd( 880):_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLU: | cmd( 960):TO_CFG_CLIENT='1' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHAR: | cmd(1040):ED='no' SPI_IN=0x5718efb3 SPI_OUT=0x54bd1448 ipsec _updown 2>&1: | route_and_eroute: firewall_notified: true | running updown command "ipsec _updown" for verb prepare | command executing prepare-client | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-east' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.2.101/32' PLUTO_MY_CLIENT_NET='192.0.2.101' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='0.0.0.0/0' PLUTO_PEER_CLIENT_NET='0.0.0.0' PLUTO_PEER_CLIENT_MASK='0.0.0.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+XAUTH+MODECFG_PULL+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_USERNAME='use1' PLUTO_MY_SOURCEIP='192.0.2.101' PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='1' PLUTO_NM | popen cmd is 1108 chars long | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-east' PL: | cmd( 80):UTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY: | cmd( 160):_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.2.101/32' PLUTO_MY_CLIENT_NET='192.0.2.1: | cmd( 240):01' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL=': | cmd( 320):0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER: | cmd( 400):_ID='@east' PLUTO_PEER_CLIENT='0.0.0.0/0' PLUTO_PEER_CLIENT_NET='0.0.0.0' PLUTO_: | cmd( 480):PEER_CLIENT_MASK='0.0.0.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEE: | cmd( 560):R_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TU: | cmd( 640):NNEL+PFS+UP+XAUTH+MODECFG_PULL+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PL: | cmd( 720):UTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_U: | cmd( 800):SERNAME='use1' PLUTO_MY_SOURCEIP='192.0.2.101' PLUTO_IS_PEER_CISCO='0' PLUTO_PEE: | cmd( 880):R_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0: | cmd( 960):' PLUTO_CFG_CLIENT='1' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI: | cmd(1040):_SHARED='no' SPI_IN=0x5718efb3 SPI_OUT=0x54bd1448 ipsec _updown 2>&1: | running updown command "ipsec _updown" for verb route | command executing route-client | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-east' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.2.101/32' PLUTO_MY_CLIENT_NET='192.0.2.101' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='0.0.0.0/0' PLUTO_PEER_CLIENT_NET='0.0.0.0' PLUTO_PEER_CLIENT_MASK='0.0.0.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+XAUTH+MODECFG_PULL+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_USERNAME='use1' PLUTO_MY_SOURCEIP='192.0.2.101' PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='1' PLUTO_NM_CON | popen cmd is 1106 chars long | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-east' PLUT: | cmd( 80):O_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_I: | cmd( 160):D='192.1.3.33' PLUTO_MY_CLIENT='192.0.2.101/32' PLUTO_MY_CLIENT_NET='192.0.2.101: | cmd( 240):' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0': | cmd( 320): PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_I: | cmd( 400):D='@east' PLUTO_PEER_CLIENT='0.0.0.0/0' PLUTO_PEER_CLIENT_NET='0.0.0.0' PLUTO_PE: | cmd( 480):ER_CLIENT_MASK='0.0.0.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_: | cmd( 560):CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNN: | cmd( 640):EL+PFS+UP+XAUTH+MODECFG_PULL+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUT: | cmd( 720):O_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_USE: | cmd( 800):RNAME='use1' PLUTO_MY_SOURCEIP='192.0.2.101' PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_: | cmd( 880):DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' : | cmd( 960):PLUTO_CFG_CLIENT='1' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_S: | cmd(1040):HARED='no' SPI_IN=0x5718efb3 SPI_OUT=0x54bd1448 ipsec _updown 2>&1: "north-east" #2: route-client output: Error: Peer netns reference is invalid. "north-east" #2: route-client output: Error: Peer netns reference is invalid. "north-east" #2: route-client output: Error: Peer netns reference is invalid. "north-east" #2: route-client output: Error: Peer netns reference is invalid. "north-east" #2: route-client output: Error: Peer netns reference is invalid. "north-east" #2: route-client output: Error: Peer netns reference is invalid. "north-east" #2: route-client output: Error: Peer netns reference is invalid. "north-east" #2: route-client output: Error: Peer netns reference is invalid. "north-east" #2: route-client output: Error: Peer netns reference is invalid. "north-east" #2: route-client output: Error: Peer netns reference is invalid. "north-east" #2: route-client output: Error: Peer netns reference is invalid. "north-east" #2: route-client output: Error: Peer netns reference is invalid. | route_and_eroute: instance "north-east", setting eroute_owner {spd=0x55f7ab38ab68,sr=0x55f7ab38ab68} to #2 (was #0) (newest_ipsec_sa=#0) | #1 spent 1.73 milliseconds in install_ipsec_sa() | emitting 12 zero bytes of encryption padding into ISAKMP Message | no IKEv1 message padding required | emitting length of ISAKMP Message: 76 | inR1_outI2: instance north-east[0], setting IKEv1 newest_ipsec_sa to #2 (was #0) (spd.eroute=#2) cloned from #1 | DPD: dpd_init() called on IPsec SA | DPD: Peer does not support Dead Peer Detection | complete v1 state transition with STF_OK | [RE]START processing: state #2 connection "north-east" from 192.1.2.23 (in complete_v1_state_transition() at ikev1.c:2673) | #2 is idle | doing_xauth:no, t_xauth_client_done:yes | IKEv1: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2 | child state #2: QUICK_I1(established CHILD SA) => QUICK_I2(established CHILD SA) | event_already_set, deleting event | state #2 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f3698003f28 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f369c002b78 | sending reply packet to 192.1.2.23:4500 (from 192.1.3.33:4500) | sending 80 bytes for STATE_QUICK_I1 through eth1 from 192.1.3.33:4500 to 192.1.2.23:4500 (using #2) | 00 00 00 00 79 06 6b 20 17 b2 e6 fc 6a 32 cc 41 | 99 58 a1 ce 08 10 20 01 2d 25 a3 24 00 00 00 4c | 6e 78 a2 a0 35 9b 41 56 72 38 2f 14 b3 6a 1c a3 | e0 a6 4a 18 8b a4 27 cc 8d 70 a2 5e db 2e 90 aa | 2c e9 42 6d 62 a0 c8 2c d2 b9 95 4c c4 23 95 e0 | !event_already_set at reschedule | event_schedule: new EVENT_SA_REPLACE-pe@0x7f369c002b78 | inserting event EVENT_SA_REPLACE, timeout in 28048 seconds for #2 | libevent_malloc: new ptr-libevent@0x55f7ab38cd88 size 128 | pstats #2 ikev1.ipsec established | NAT-T: NAT Traversal detected - their IKE port is '500' | NAT-T: encaps is 'auto' "north-east" #2: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode {ESP/NAT=>0x5718efb3 <0x54bd1448 xfrm=AES_CBC_128-HMAC_SHA1_96 NATOA=none NATD=192.1.2.23:4500 DPD=passive username=use1} | modecfg pull: noquirk policy:pull modecfg-client | phase 1 is done, looking for phase 2 to unpend | close_any(fd@25) (in release_whack() at state.c:654) | resume sending helper answer for #2 suppresed complete_v1_state_transition() | #2 spent 2.11 milliseconds in resume sending helper answer | stop processing: state #2 connection "north-east" from 192.1.2.23 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f368c001f78 | kernel_process_msg_cb process netlink message | netlink_get: XFRM_MSG_DELPOLICY message | xfrm netlink address change RTM_NEWADDR msg len 76 | XFRM RTM_NEWADDR 192.0.2.101 IFA_LOCAL | FOR_EACH_STATE_... in record_newaddr (for_each_state) | start processing: state #2 connection "north-east" from 192.1.2.23 (in for_each_state() at state.c:1575) | stop processing: state #2 connection "north-east" from 192.1.2.23 (in for_each_state() at state.c:1577) | start processing: state #1 connection "north-east" from 192.1.2.23 (in for_each_state() at state.c:1575) | stop processing: state #1 connection "north-east" from 192.1.2.23 (in for_each_state() at state.c:1577) | IKEv2 received address RTM_NEWADDR type 3 | IKEv2 received address RTM_NEWADDR type 8 | IKEv2 received address RTM_NEWADDR type 6 | netlink_get: XFRM_MSG_EXPIRE message | netlink_get: XFRM_MSG_EXPIRE message | netlink_get: XFRM_MSG_EXPIRE message | spent 0.0426 milliseconds in kernel message | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00433 milliseconds in signal handler PLUTO_SIGCHLD | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00287 milliseconds in signal handler PLUTO_SIGCHLD | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00284 milliseconds in signal handler PLUTO_SIGCHLD | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | FOR_EACH_STATE_... in show_traffic_status (sort_states) | FOR_EACH_STATE_... in sort_states | get_sa_info esp.54bd1448@192.1.3.33 | get_sa_info esp.5718efb3@192.1.2.23 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 1.39 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | old debugging base+cpu-usage + none | base debugging = base+cpu-usage | old impairing none + suppress-retransmits | base impairing = suppress-retransmits | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0737 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | FOR_EACH_STATE_... in show_traffic_status (sort_states) | FOR_EACH_STATE_... in sort_states | get_sa_info esp.54bd1448@192.1.3.33 | get_sa_info esp.5718efb3@192.1.2.23 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.0904 milliseconds in whack | spent 0.00327 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 92 bytes from 192.1.2.23:4500 on eth1 (192.1.3.33:4500) | 79 06 6b 20 17 b2 e6 fc 6a 32 cc 41 99 58 a1 ce | 08 10 05 01 ba a1 c1 3b 00 00 00 5c 8c a7 23 fa | c1 84 ad b2 aa 94 63 72 93 58 e4 7e db 33 b8 39 | 5d 90 f7 95 7a 73 45 f0 9f 7d 4d 2b ec 1b 60 70 | cb 9f f0 d6 7a 4d ba 34 d0 5d 7e 2c cf 26 80 d4 | 87 df 94 08 c5 f1 24 68 dd 4f 90 3c | start processing: from 192.1.2.23:4500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 79 06 6b 20 17 b2 e6 fc | responder cookie: | 6a 32 cc 41 99 58 a1 ce | next payload type: ISAKMP_NEXT_HASH (0x8) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_INFO (0x5) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 3131162939 (0xbaa1c13b) | length: 92 (0x5c) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_INFO (5) | peer and cookies match on #2; msgid=00000000 st_msgid=2d25a324 st_msgid_phase15=00000000 | peer and cookies match on #1; msgid=00000000 st_msgid=00000000 st_msgid_phase15=00000000 | p15 state object #1 found, in STATE_MAIN_I4 | State DB: found IKEv1 state #1 in MAIN_I4 (find_v1_info_state) | start processing: state #1 connection "north-east" from 192.1.2.23 (in process_v1_packet() at ikev1.c:1479) | #1 is idle | #1 idle | received encrypted packet from 192.1.2.23:4500 | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x100 opt: 0x0 | ***parse ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_D (0xc) | length: 36 (0x24) | got payload 0x1000 (ISAKMP_NEXT_D) needed: 0x0 opt: 0x0 | ***parse ISAKMP Delete Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 16 (0x10) | DOI: ISAKMP_DOI_IPSEC (0x1) | protocol ID: 3 (0x3) | SPI size: 4 (0x4) | number of SPIs: 1 (0x1) | removing 12 bytes of padding | informational HASH(1): | 86 84 87 76 3d 04 c2 be a8 7c 55 0f 4f 3f 4e 8b | 09 e3 99 4d 35 8f 26 8c 47 26 06 6d da 5c 4d 30 | received 'informational' message HASH(1) data ok | parsing 4 raw bytes of ISAKMP Delete Payload into SPI | SPI 57 18 ef b3 | FOR_EACH_STATE_... in find_phase2_state_to_delete | start processing: connection "north-east" (BACKGROUND) (in accept_delete() at ikev1_main.c:2515) "north-east" #1: received Delete SA payload: replace IPsec State #2 now | state #2 requesting EVENT_SA_REPLACE to be deleted | libevent_free: release ptr-libevent@0x55f7ab38cd88 | free_event_entry: release EVENT_SA_REPLACE-pe@0x7f369c002b78 | event_schedule: new EVENT_SA_REPLACE-pe@0x7f369c002b78 | inserting event EVENT_SA_REPLACE, timeout in 0 seconds for #2 | libevent_malloc: new ptr-libevent@0x7f368c001f78 size 128 | stop processing: connection "north-east" (BACKGROUND) (in accept_delete() at ikev1_main.c:2559) | del: | complete v1 state transition with STF_IGNORE | #1 spent 0.00391 milliseconds in process_packet_tail() | stop processing: from 192.1.2.23:4500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "north-east" from 192.1.2.23 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.222 milliseconds in comm_handle_cb() reading and processing packet | timer_event_cb: processing event@0x7f369c002b78 | handling event EVENT_SA_REPLACE for child state #2 | start processing: state #2 connection "north-east" from 192.1.2.23 (in timer_event_cb() at timer.c:250) | picked newest_ipsec_sa #2 for #2 | replacing stale IPsec SA | dup_any(fd@-1) -> fd@-1 (in ipsecdoi_replace() at ipsec_doi.c:351) | FOR_EACH_STATE_... in find_phase1_state | creating state object #3 at 0x55f7ab3924e8 | State DB: adding IKEv1 state #3 in UNDEFINED | pstats #3 ikev1.ipsec started | duplicating state object #1 "north-east" as #3 for IPSEC SA | #3 setting local endpoint to 192.1.3.33:4500 from #1.st_localport (in duplicate_state() at state.c:1484) | suspend processing: state #2 connection "north-east" from 192.1.2.23 (in quick_outI1() at ikev1_quick.c:685) | start processing: state #3 connection "north-east" from 192.1.2.23 (in quick_outI1() at ikev1_quick.c:685) | child state #3: UNDEFINED(ignore) => QUICK_I1(established CHILD SA) "north-east" #3: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP+XAUTH+MODECFG_PULL+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO to replace #2 {using isakmp#1 msgid:269586c4 proposal=defaults pfsgroup=MODP2048} | adding quick_outI1 KE work-order 5 for state #3 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f3698004218 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #3 | libevent_malloc: new ptr-libevent@0x55f7ab38c798 size 128 | stop processing: state #3 connection "north-east" from 192.1.2.23 (in quick_outI1() at ikev1_quick.c:764) | resume processing: state #2 connection "north-east" from 192.1.2.23 (in quick_outI1() at ikev1_quick.c:764) | crypto helper 6 resuming | event_schedule: new EVENT_SA_EXPIRE-pe@0x55f7ab38e3a8 | crypto helper 6 starting work-order 5 for state #3 | inserting event EVENT_SA_EXPIRE, timeout in 0 seconds for #2 | crypto helper 6 doing build KE and nonce (quick_outI1 KE); request ID 5 | libevent_malloc: new ptr-libevent@0x55f7ab38ddb8 size 128 | libevent_free: release ptr-libevent@0x7f368c001f78 | free_event_entry: release EVENT_SA_REPLACE-pe@0x7f369c002b78 | #2 spent 0.138 milliseconds in timer_event_cb() EVENT_SA_REPLACE | stop processing: state #2 connection "north-east" from 192.1.2.23 (in timer_event_cb() at timer.c:557) | timer_event_cb: processing event@0x55f7ab38e3a8 | handling event EVENT_SA_EXPIRE for child state #2 | start processing: state #2 connection "north-east" from 192.1.2.23 (in timer_event_cb() at timer.c:250) | picked newest_ipsec_sa #2 for #2 | un-established partial CHILD SA timeout (SA expired) | pstats #2 ikev1.ipsec re-failed exchange-timeout | pstats #2 ikev1.ipsec deleted completed | [RE]START processing: state #2 connection "north-east" from 192.1.2.23 (in delete_state() at state.c:879) "north-east" #2: deleting state (STATE_QUICK_I2) aged 12.965s and sending notification | child state #2: QUICK_I2(established CHILD SA) => delete | get_sa_info esp.5718efb3@192.1.2.23 | get_sa_info esp.54bd1448@192.1.3.33 "north-east" #2: ESP traffic information: in=504B out=504B XAUTHuser=use1 | #2 send IKEv1 delete notification for STATE_QUICK_I2 | FOR_EACH_STATE_... in find_phase1_state | **emit ISAKMP Message: | initiator cookie: | 79 06 6b 20 17 b2 e6 fc | responder cookie: | 6a 32 cc 41 99 58 a1 ce | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_INFO (0x5) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 2666971021 (0x9ef6bf8d) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'delete msg' | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload | emitting length of ISAKMP Hash Payload: 36 | ***emit ISAKMP Delete Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | DOI: ISAKMP_DOI_IPSEC (0x1) | protocol ID: 3 (0x3) | SPI size: 4 (0x4) | number of SPIs: 1 (0x1) | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Delete Payload (12:ISAKMP_NEXT_D) | next payload chain: saving location 'ISAKMP Delete Payload'.'next payload type' in 'delete msg' | emitting 4 raw bytes of delete payload into ISAKMP Delete Payload | delete payload 54 bd 14 48 | emitting length of ISAKMP Delete Payload: 16 | send delete HASH(1): | 9b 9f af 34 75 8f 0e e9 0d 91 f8 d6 10 d0 c1 e0 | a1 2e 80 c4 6b 46 f3 4d 36 3e 3c 8a 7e b7 a1 32 | emitting 12 zero bytes of encryption padding into ISAKMP Message | no IKEv1 message padding required | emitting length of ISAKMP Message: 92 | sending 96 bytes for delete notify through eth1 from 192.1.3.33:4500 to 192.1.2.23:4500 (using #1) | 00 00 00 00 79 06 6b 20 17 b2 e6 fc 6a 32 cc 41 | 99 58 a1 ce 08 10 05 01 9e f6 bf 8d 00 00 00 5c | 38 a8 86 36 ce 9d 8b ba 65 a4 e9 7f d0 3f db 0e | c7 d5 b0 d0 b8 e6 06 fa 87 ae bb 9d 93 58 57 ba | 08 03 1e 18 b8 8d 0c 49 ae cf d6 46 d7 e9 b6 ec | f4 29 6c 81 ab fe d5 39 6c 7e e5 7a ac 06 c8 0c | running updown command "ipsec _updown" for verb down | command executing down-client | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-east' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.2.101/32' PLUTO_MY_CLIENT_NET='192.0.2.101' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='0.0.0.0/0' PLUTO_PEER_CLIENT_NET='0.0.0.0' PLUTO_PEER_CLIENT_MASK='0.0.0.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566844019' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+XAUTH+MODECFG_PULL+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_USERNAME='use1' PLUTO_MY_SOURCEIP='192.0.2.101' PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='1' PLUTO | popen cmd is 1114 chars long | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-east' PLUTO: | cmd( 80):_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID: | cmd( 160):='192.1.3.33' PLUTO_MY_CLIENT='192.0.2.101/32' PLUTO_MY_CLIENT_NET='192.0.2.101': | cmd( 240): PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' : | cmd( 320):PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID: | cmd( 400):='@east' PLUTO_PEER_CLIENT='0.0.0.0/0' PLUTO_PEER_CLIENT_NET='0.0.0.0' PLUTO_PEE: | cmd( 480):R_CLIENT_MASK='0.0.0.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_C: | cmd( 560):A='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566844019' PLUTO_CONN_POLICY='PSK+ENCR: | cmd( 640):YPT+TUNNEL+PFS+UP+XAUTH+MODECFG_PULL+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_: | cmd( 720):NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 P: | cmd( 800):LUTO_USERNAME='use1' PLUTO_MY_SOURCEIP='192.0.2.101' PLUTO_IS_PEER_CISCO='0' PLU: | cmd( 880):TO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SER: | cmd( 960):VER='0' PLUTO_CFG_CLIENT='1' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='n: | cmd(1040):o' VTI_SHARED='no' SPI_IN=0x5718efb3 SPI_OUT=0x54bd1448 ipsec _updown 2>&1: | crypto helper 6 finished build KE and nonce (quick_outI1 KE); request ID 5 time elapsed 0.001026 seconds | (#3) spent 1.02 milliseconds in crypto helper computing work-order 5: quick_outI1 KE (pcr) | crypto helper 6 sending results from work-order 5 for state #3 to event queue | scheduling resume sending helper answer for #3 | libevent_malloc: new ptr-libevent@0x7f3690002888 size 128 | crypto helper 6 waiting (nothing to do) "north-east" #2: down-client output: restoring resolvconf "north-east" #2: down-client output: Problem in restoring the resolv.conf, as there is no backup file | shunt_eroute() called for connection 'north-east' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 0--0->-0 | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 | priority calculation of connection "north-east" is 0xfdfff | IPsec Sa SPD priority set to 1040383 | delete esp.5718efb3@192.1.2.23 | netlink response for Del SA esp.5718efb3@192.1.2.23 included non-error error | priority calculation of connection "north-east" is 0xfdfff | delete inbound eroute 0.0.0.0/0:0 --0-> 192.0.2.101/32:0 => unk255.10000@192.1.3.33 (raw_eroute) | raw_eroute result=success | delete esp.54bd1448@192.1.3.33 | netlink response for Del SA esp.54bd1448@192.1.3.33 included non-error error | in connection_discard for connection north-east | State DB: deleting IKEv1 state #2 in QUICK_I2 | child state #2: QUICK_I2(established CHILD SA) => UNDEFINED(ignore) | stop processing: state #2 from 192.1.2.23 (in delete_state() at state.c:1143) | libevent_free: release ptr-libevent@0x55f7ab38ddb8 | free_event_entry: release EVENT_SA_EXPIRE-pe@0x55f7ab38e3a8 | in statetime_stop() and could not find #2 | processing: STOP state #0 (in timer_event_cb() at timer.c:557) | spent 0.00297 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 92 bytes from 192.1.2.23:4500 on eth1 (192.1.3.33:4500) | 79 06 6b 20 17 b2 e6 fc 6a 32 cc 41 99 58 a1 ce | 08 10 05 01 1b b2 8d 30 00 00 00 5c 41 cc b1 07 | 7b 06 9e 8c 37 26 b8 2a bf 58 32 17 46 97 e9 c0 | 65 42 70 24 3c 61 42 52 fc 9d 50 93 2c 26 3c 82 | fe c7 e9 f6 be a9 f1 8f 02 34 dd 8c c6 e3 54 73 | c2 50 80 74 db 9f 8c eb 91 c8 d3 73 | start processing: from 192.1.2.23:4500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 79 06 6b 20 17 b2 e6 fc | responder cookie: | 6a 32 cc 41 99 58 a1 ce | next payload type: ISAKMP_NEXT_HASH (0x8) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_INFO (0x5) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 464686384 (0x1bb28d30) | length: 92 (0x5c) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_INFO (5) | peer and cookies match on #3; msgid=00000000 st_msgid=269586c4 st_msgid_phase15=00000000 | peer and cookies match on #1; msgid=00000000 st_msgid=00000000 st_msgid_phase15=00000000 | p15 state object #1 found, in STATE_MAIN_I4 | State DB: found IKEv1 state #1 in MAIN_I4 (find_v1_info_state) | start processing: state #1 connection "north-east" from 192.1.2.23 (in process_v1_packet() at ikev1.c:1479) | #1 is idle | #1 idle | received encrypted packet from 192.1.2.23:4500 | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x100 opt: 0x0 | ***parse ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_D (0xc) | length: 36 (0x24) | got payload 0x1000 (ISAKMP_NEXT_D) needed: 0x0 opt: 0x0 | ***parse ISAKMP Delete Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 28 (0x1c) | DOI: ISAKMP_DOI_IPSEC (0x1) | protocol ID: 1 (0x1) | SPI size: 16 (0x10) | number of SPIs: 1 (0x1) | informational HASH(1): | dd 2e ed 2d 5d 0d 23 16 9e 76 f5 85 36 29 f9 30 | da 09 9c 9a a2 1f 14 d2 0f 89 cc ca 67 5b be 52 | received 'informational' message HASH(1) data ok | parsing 8 raw bytes of ISAKMP Delete Payload into iCookie | iCookie 79 06 6b 20 17 b2 e6 fc | parsing 8 raw bytes of ISAKMP Delete Payload into rCookie | rCookie 6a 32 cc 41 99 58 a1 ce | State DB: found IKEv1 state #1 in MAIN_I4 (find_state_ikev1) | del: "north-east" #1: received Delete SA payload: self-deleting ISAKMP State #1 | pstats #1 ikev1.isakmp deleted completed | [RE]START processing: state #1 connection "north-east" from 192.1.2.23 (in delete_state() at state.c:879) "north-east" #1: deleting state (STATE_MAIN_I4) aged 13.096s and sending notification | parent state #1: MAIN_I4(established IKE SA) => delete | #1 send IKEv1 delete notification for STATE_MAIN_I4 | **emit ISAKMP Message: | initiator cookie: | 79 06 6b 20 17 b2 e6 fc | responder cookie: | 6a 32 cc 41 99 58 a1 ce | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_INFO (0x5) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 3819209909 (0xe3a484b5) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'delete msg' | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload | emitting length of ISAKMP Hash Payload: 36 | ***emit ISAKMP Delete Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | DOI: ISAKMP_DOI_IPSEC (0x1) | protocol ID: 1 (0x1) | SPI size: 16 (0x10) | number of SPIs: 1 (0x1) | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Delete Payload (12:ISAKMP_NEXT_D) | next payload chain: saving location 'ISAKMP Delete Payload'.'next payload type' in 'delete msg' | emitting 8 raw bytes of initiator SPI into ISAKMP Delete Payload | initiator SPI 79 06 6b 20 17 b2 e6 fc | emitting 8 raw bytes of responder SPI into ISAKMP Delete Payload | responder SPI 6a 32 cc 41 99 58 a1 ce | emitting length of ISAKMP Delete Payload: 28 | send delete HASH(1): | 02 72 d6 43 02 52 30 bb ef ca 06 ab dd 4b 1e 2e | a5 1f e7 d5 cc 41 8b 73 b9 e2 c6 20 06 76 d0 ea | no IKEv1 message padding required | emitting length of ISAKMP Message: 92 | sending 96 bytes for delete notify through eth1 from 192.1.3.33:4500 to 192.1.2.23:4500 (using #1) | 00 00 00 00 79 06 6b 20 17 b2 e6 fc 6a 32 cc 41 | 99 58 a1 ce 08 10 05 01 e3 a4 84 b5 00 00 00 5c | e3 14 43 1e 15 58 a1 04 70 59 1b 6f 0e cd 6b e7 | f8 15 db 04 a8 1f 20 83 f1 dd 13 87 ae 17 33 37 | 97 0d 2a 74 5e 8d 27 69 73 2f 54 af 60 9c 94 52 | 0b a1 31 94 9f 67 a1 c0 ce ce 76 42 65 fd 16 35 | state #1 requesting EVENT_SA_REPLACE to be deleted | libevent_free: release ptr-libevent@0x55f7ab38b728 | free_event_entry: release EVENT_SA_REPLACE-pe@0x55f7ab38ef58 "north-east" #1: reschedule pending child #3 STATE_QUICK_I1 of connection "north-east" - the parent is going away | state #3 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x55f7ab38c798 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f3698004218 | event_schedule: new EVENT_SA_REPLACE-pe@0x7f3698004218 | inserting event EVENT_SA_REPLACE, timeout in 0 seconds for #3 | libevent_malloc: new ptr-libevent@0x55f7ab397588 size 128 | State DB: IKEv1 state not found (flush_incomplete_children) | picked newest_isakmp_sa #0 for #1 "north-east" #1: deleting IKE SA for connection 'north-east' but connection is supposed to remain up; schedule EVENT_REVIVE_CONNS | add revival: connection 'north-east' added to the list and scheduled for 0 seconds | global one-shot timer EVENT_REVIVE_CONNS scheduled in 0 seconds | in connection_discard for connection north-east | State DB: deleting IKEv1 state #1 in MAIN_I4 | parent state #1: MAIN_I4(established IKE SA) => UNDEFINED(ignore) | stop processing: state #1 from 192.1.2.23 (in delete_state() at state.c:1143) | in statetime_start() with no state | complete v1 state transition with STF_IGNORE | stop processing: from 192.1.2.23:4500 (in process_md() at demux.c:380) | processing: STOP state #0 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.471 milliseconds in comm_handle_cb() reading and processing packet | processing resume sending helper answer for #3 | start processing: state #3 connection "north-east" from 192.1.2.23 (in resume_handler() at server.c:797) | crypto helper 6 replies to request ID 5 | calling continuation function 0x55f7a9292b50 | work-order 5 state #3 crypto result suppressed | resume sending helper answer for #3 suppresed complete_v1_state_transition() | #3 spent 0.0157 milliseconds in resume sending helper answer | stop processing: state #3 connection "north-east" from 192.1.2.23 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f3690002888 | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00468 milliseconds in signal handler PLUTO_SIGCHLD | timer_event_cb: processing event@0x7f3698004218 | handling event EVENT_SA_REPLACE for child state #3 | start processing: state #3 connection "north-east" from 192.1.2.23 (in timer_event_cb() at timer.c:250) | picked newest_ipsec_sa #0 for #3 | replacing stale IPsec SA | dup_any(fd@-1) -> fd@-1 (in ipsecdoi_replace() at ipsec_doi.c:351) | FOR_EACH_STATE_... in find_phase1_state | creating state object #4 at 0x55f7ab38ba98 | State DB: adding IKEv1 state #4 in UNDEFINED | pstats #4 ikev1.isakmp started | suspend processing: state #3 connection "north-east" from 192.1.2.23 (in main_outI1() at ikev1_main.c:118) | start processing: state #4 connection "north-east" from 192.1.2.23 (in main_outI1() at ikev1_main.c:118) | parent state #4: UNDEFINED(ignore) => MAIN_I1(half-open IKE SA) | dup_any(fd@-1) -> fd@-1 (in main_outI1() at ikev1_main.c:123) | Queuing pending IPsec SA negotiating with 192.1.2.23 "north-east" IKE SA #4 "north-east" "north-east" #4: initiating Main Mode | **emit ISAKMP Message: | initiator cookie: | c2 a2 04 41 95 65 36 ee | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_SA (0x1) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | next payload chain: ignoring supplied 'ISAKMP Message'.'next payload type' value 1:ISAKMP_NEXT_SA | no specific IKE algorithms specified - using defaults | oakley_alg_makedb() processing ealg=aes=7 halg=sha2_256=4 modp=MODP2048=14 eklen=0 | oakley_alg_makedb() processing ealg=aes=7 halg=sha2_512=6 modp=MODP2048=14 eklen=0 | oakley_alg_makedb() processing ealg=aes=7 halg=sha=2 modp=MODP2048=14 eklen=0 | oakley_alg_makedb() processing ealg=aes=7 halg=sha2_256=4 modp=MODP1536=5 eklen=0 | oakley_alg_makedb() processing ealg=aes=7 halg=sha2_512=6 modp=MODP1536=5 eklen=0 | oakley_alg_makedb() processing ealg=aes=7 halg=sha=2 modp=MODP1536=5 eklen=0 | oakley_alg_makedb() processing ealg=3des_cbc=5 halg=sha2_256=4 modp=MODP2048=14 eklen=0 | oakley_alg_makedb() processing ealg=3des_cbc=5 halg=sha2_512=6 modp=MODP2048=14 eklen=0 | oakley_alg_makedb() processing ealg=3des_cbc=5 halg=sha=2 modp=MODP2048=14 eklen=0 | oakley_alg_makedb() processing ealg=3des_cbc=5 halg=sha2_256=4 modp=MODP1536=5 eklen=0 | oakley_alg_makedb() processing ealg=3des_cbc=5 halg=sha2_512=6 modp=MODP1536=5 eklen=0 | oakley_alg_makedb() processing ealg=3des_cbc=5 halg=sha=2 modp=MODP1536=5 eklen=0 | oakley_alg_makedb() returning 0x55f7ab399df8 | ***emit ISAKMP Security Association Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | DOI: ISAKMP_DOI_IPSEC (0x1) | next payload chain: ignoring supplied 'ISAKMP Security Association Payload'.'next payload type' value 13:ISAKMP_NEXT_VID | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Security Association Payload (1:ISAKMP_NEXT_SA) | next payload chain: saving location 'ISAKMP Security Association Payload'.'next payload type' in 'reply packet' | ****emit IPsec DOI SIT: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) | ikev1_out_sa pcn: 0 has 1 valid proposals | ikev1_out_sa pcn: 0 pn: 0<1 valid_count: 1 trans_cnt: 18 | ****emit ISAKMP Proposal Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | proposal number: 0 (0x0) | protocol ID: PROTO_ISAKMP (0x1) | SPI size: 0 (0x0) | number of transforms: 18 (0x12) | last substructure: saving location 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 0 (0x0) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | [7 is OAKLEY_AES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 4 (0x4) | [4 is OAKLEY_SHA2_256] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65001 (0xfde9) | [65001 is XAUTHInitPreShared] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | emitting length of ISAKMP Transform Payload (ISAKMP): 36 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 1 (0x1) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | [7 is OAKLEY_AES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 4 (0x4) | [4 is OAKLEY_SHA2_256] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65001 (0xfde9) | [65001 is XAUTHInitPreShared] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of ISAKMP Transform Payload (ISAKMP): 36 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 2 (0x2) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | [7 is OAKLEY_AES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 6 (0x6) | [6 is OAKLEY_SHA2_512] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65001 (0xfde9) | [65001 is XAUTHInitPreShared] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | emitting length of ISAKMP Transform Payload (ISAKMP): 36 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 3 (0x3) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | [7 is OAKLEY_AES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 6 (0x6) | [6 is OAKLEY_SHA2_512] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65001 (0xfde9) | [65001 is XAUTHInitPreShared] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of ISAKMP Transform Payload (ISAKMP): 36 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 4 (0x4) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | [7 is OAKLEY_AES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 2 (0x2) | [2 is OAKLEY_SHA1] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65001 (0xfde9) | [65001 is XAUTHInitPreShared] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | emitting length of ISAKMP Transform Payload (ISAKMP): 36 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 5 (0x5) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | [7 is OAKLEY_AES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 2 (0x2) | [2 is OAKLEY_SHA1] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65001 (0xfde9) | [65001 is XAUTHInitPreShared] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of ISAKMP Transform Payload (ISAKMP): 36 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 6 (0x6) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | [7 is OAKLEY_AES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 4 (0x4) | [4 is OAKLEY_SHA2_256] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65001 (0xfde9) | [65001 is XAUTHInitPreShared] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 5 (0x5) | [5 is OAKLEY_GROUP_MODP1536] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | emitting length of ISAKMP Transform Payload (ISAKMP): 36 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 7 (0x7) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | [7 is OAKLEY_AES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 4 (0x4) | [4 is OAKLEY_SHA2_256] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65001 (0xfde9) | [65001 is XAUTHInitPreShared] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 5 (0x5) | [5 is OAKLEY_GROUP_MODP1536] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of ISAKMP Transform Payload (ISAKMP): 36 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 8 (0x8) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | [7 is OAKLEY_AES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 6 (0x6) | [6 is OAKLEY_SHA2_512] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65001 (0xfde9) | [65001 is XAUTHInitPreShared] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 5 (0x5) | [5 is OAKLEY_GROUP_MODP1536] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | emitting length of ISAKMP Transform Payload (ISAKMP): 36 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 9 (0x9) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | [7 is OAKLEY_AES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 6 (0x6) | [6 is OAKLEY_SHA2_512] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65001 (0xfde9) | [65001 is XAUTHInitPreShared] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 5 (0x5) | [5 is OAKLEY_GROUP_MODP1536] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of ISAKMP Transform Payload (ISAKMP): 36 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 10 (0xa) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | [7 is OAKLEY_AES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 2 (0x2) | [2 is OAKLEY_SHA1] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65001 (0xfde9) | [65001 is XAUTHInitPreShared] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 5 (0x5) | [5 is OAKLEY_GROUP_MODP1536] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | emitting length of ISAKMP Transform Payload (ISAKMP): 36 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 11 (0xb) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | [7 is OAKLEY_AES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 2 (0x2) | [2 is OAKLEY_SHA1] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65001 (0xfde9) | [65001 is XAUTHInitPreShared] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 5 (0x5) | [5 is OAKLEY_GROUP_MODP1536] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | emitting length of ISAKMP Transform Payload (ISAKMP): 36 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 12 (0xc) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 5 (0x5) | [5 is OAKLEY_3DES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 4 (0x4) | [4 is OAKLEY_SHA2_256] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65001 (0xfde9) | [65001 is XAUTHInitPreShared] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | emitting length of ISAKMP Transform Payload (ISAKMP): 32 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 13 (0xd) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 5 (0x5) | [5 is OAKLEY_3DES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 6 (0x6) | [6 is OAKLEY_SHA2_512] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65001 (0xfde9) | [65001 is XAUTHInitPreShared] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | emitting length of ISAKMP Transform Payload (ISAKMP): 32 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 14 (0xe) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 5 (0x5) | [5 is OAKLEY_3DES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 2 (0x2) | [2 is OAKLEY_SHA1] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65001 (0xfde9) | [65001 is XAUTHInitPreShared] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | emitting length of ISAKMP Transform Payload (ISAKMP): 32 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 15 (0xf) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 5 (0x5) | [5 is OAKLEY_3DES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 4 (0x4) | [4 is OAKLEY_SHA2_256] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65001 (0xfde9) | [65001 is XAUTHInitPreShared] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 5 (0x5) | [5 is OAKLEY_GROUP_MODP1536] | emitting length of ISAKMP Transform Payload (ISAKMP): 32 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | ISAKMP transform number: 16 (0x10) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 5 (0x5) | [5 is OAKLEY_3DES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 6 (0x6) | [6 is OAKLEY_SHA2_512] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65001 (0xfde9) | [65001 is XAUTHInitPreShared] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 5 (0x5) | [5 is OAKLEY_GROUP_MODP1536] | emitting length of ISAKMP Transform Payload (ISAKMP): 32 | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP transform number: 17 (0x11) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 5 (0x5) | [5 is OAKLEY_3DES_CBC] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 2 (0x2) | [2 is OAKLEY_SHA1] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65001 (0xfde9) | [65001 is XAUTHInitPreShared] | ******emit ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 5 (0x5) | [5 is OAKLEY_GROUP_MODP1536] | emitting length of ISAKMP Transform Payload (ISAKMP): 32 | emitting length of ISAKMP Proposal Payload: 632 | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is 0 | emitting length of ISAKMP Security Association Payload: 644 | last substructure: checking 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' is 0 | out_vid(): sending [FRAGMENTATION] | ***emit ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | next payload chain: ignoring supplied 'ISAKMP Vendor ID Payload'.'next payload type' value 13:ISAKMP_NEXT_VID | next payload chain: setting previous 'ISAKMP Security Association Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload | V_ID 40 48 b7 d5 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3 | emitting length of ISAKMP Vendor ID Payload: 20 | out_vid(): sending [XAUTH] | ***emit ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | next payload chain: ignoring supplied 'ISAKMP Vendor ID Payload'.'next payload type' value 13:ISAKMP_NEXT_VID | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' | emitting 8 raw bytes of V_ID into ISAKMP Vendor ID Payload | V_ID 09 00 26 89 df d6 b7 12 | emitting length of ISAKMP Vendor ID Payload: 12 | out_vid(): sending [Dead Peer Detection] | ***emit ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload | V_ID af ca d7 13 68 a1 f1 c9 6b 86 96 fc 77 57 01 00 | emitting length of ISAKMP Vendor ID Payload: 20 | nat add vid | sending draft and RFC NATT VIDs | out_vid(): sending [RFC 3947] | ***emit ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | next payload chain: ignoring supplied 'ISAKMP Vendor ID Payload'.'next payload type' value 13:ISAKMP_NEXT_VID | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload | V_ID 4a 13 1c 81 07 03 58 45 5c 57 28 f2 0e 95 45 2f | emitting length of ISAKMP Vendor ID Payload: 20 | skipping VID_NATT_RFC | out_vid(): sending [draft-ietf-ipsec-nat-t-ike-03] | ***emit ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | next payload chain: ignoring supplied 'ISAKMP Vendor ID Payload'.'next payload type' value 13:ISAKMP_NEXT_VID | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload | V_ID 7d 94 19 a6 53 10 ca 6f 2c 17 9d 92 15 52 9d 56 | emitting length of ISAKMP Vendor ID Payload: 20 | out_vid(): sending [draft-ietf-ipsec-nat-t-ike-02_n] | ***emit ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | next payload chain: ignoring supplied 'ISAKMP Vendor ID Payload'.'next payload type' value 13:ISAKMP_NEXT_VID | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload | V_ID 90 cb 80 91 3e bb 69 6e 08 63 81 b5 ec 42 7b 1f | emitting length of ISAKMP Vendor ID Payload: 20 | out_vid(): sending [draft-ietf-ipsec-nat-t-ike-02] | ***emit ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload | V_ID cd 60 46 43 35 df 21 f8 7c fd b2 fc 68 b6 a4 48 | emitting length of ISAKMP Vendor ID Payload: 20 | no IKEv1 message padding required | emitting length of ISAKMP Message: 804 | sending 804 bytes for reply packet for main_outI1 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #4) | c2 a2 04 41 95 65 36 ee 00 00 00 00 00 00 00 00 | 01 10 02 00 00 00 00 00 00 00 03 24 0d 00 02 84 | 00 00 00 01 00 00 00 01 00 00 02 78 00 01 00 12 | 03 00 00 24 00 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 07 80 02 00 04 80 03 fd e9 80 04 00 0e | 80 0e 01 00 03 00 00 24 01 01 00 00 80 0b 00 01 | 80 0c 0e 10 80 01 00 07 80 02 00 04 80 03 fd e9 | 80 04 00 0e 80 0e 00 80 03 00 00 24 02 01 00 00 | 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 06 | 80 03 fd e9 80 04 00 0e 80 0e 01 00 03 00 00 24 | 03 01 00 00 80 0b 00 01 80 0c 0e 10 80 01 00 07 | 80 02 00 06 80 03 fd e9 80 04 00 0e 80 0e 00 80 | 03 00 00 24 04 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 07 80 02 00 02 80 03 fd e9 80 04 00 0e | 80 0e 01 00 03 00 00 24 05 01 00 00 80 0b 00 01 | 80 0c 0e 10 80 01 00 07 80 02 00 02 80 03 fd e9 | 80 04 00 0e 80 0e 00 80 03 00 00 24 06 01 00 00 | 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 04 | 80 03 fd e9 80 04 00 05 80 0e 01 00 03 00 00 24 | 07 01 00 00 80 0b 00 01 80 0c 0e 10 80 01 00 07 | 80 02 00 04 80 03 fd e9 80 04 00 05 80 0e 00 80 | 03 00 00 24 08 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 07 80 02 00 06 80 03 fd e9 80 04 00 05 | 80 0e 01 00 03 00 00 24 09 01 00 00 80 0b 00 01 | 80 0c 0e 10 80 01 00 07 80 02 00 06 80 03 fd e9 | 80 04 00 05 80 0e 00 80 03 00 00 24 0a 01 00 00 | 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 02 | 80 03 fd e9 80 04 00 05 80 0e 01 00 03 00 00 24 | 0b 01 00 00 80 0b 00 01 80 0c 0e 10 80 01 00 07 | 80 02 00 02 80 03 fd e9 80 04 00 05 80 0e 00 80 | 03 00 00 20 0c 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 05 80 02 00 04 80 03 fd e9 80 04 00 0e | 03 00 00 20 0d 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 05 80 02 00 06 80 03 fd e9 80 04 00 0e | 03 00 00 20 0e 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 05 80 02 00 02 80 03 fd e9 80 04 00 0e | 03 00 00 20 0f 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 05 80 02 00 04 80 03 fd e9 80 04 00 05 | 03 00 00 20 10 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 05 80 02 00 06 80 03 fd e9 80 04 00 05 | 00 00 00 20 11 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 05 80 02 00 02 80 03 fd e9 80 04 00 05 | 0d 00 00 14 40 48 b7 d5 6e bc e8 85 25 e7 de 7f | 00 d6 c2 d3 0d 00 00 0c 09 00 26 89 df d6 b7 12 | 0d 00 00 14 af ca d7 13 68 a1 f1 c9 6b 86 96 fc | 77 57 01 00 0d 00 00 14 4a 13 1c 81 07 03 58 45 | 5c 57 28 f2 0e 95 45 2f 0d 00 00 14 7d 94 19 a6 | 53 10 ca 6f 2c 17 9d 92 15 52 9d 56 0d 00 00 14 | 90 cb 80 91 3e bb 69 6e 08 63 81 b5 ec 42 7b 1f | 00 00 00 14 cd 60 46 43 35 df 21 f8 7c fd b2 fc | 68 b6 a4 48 "north-east" #4: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds | event_schedule: new EVENT_RETRANSMIT-pe@0x7f3690002b78 | inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #4 | libevent_malloc: new ptr-libevent@0x7f369c003468 size 128 | #4 STATE_MAIN_I1: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 29317.810279 | #4 spent 1.49 milliseconds in main_outI1() | stop processing: state #4 connection "north-east" from 192.1.2.23 (in main_outI1() at ikev1_main.c:228) | event_schedule: new EVENT_SA_EXPIRE-pe@0x55f7ab38ef58 | inserting event EVENT_SA_EXPIRE, timeout in 0 seconds for #3 | libevent_malloc: new ptr-libevent@0x55f7ab392fd8 size 128 | libevent_free: release ptr-libevent@0x55f7ab397588 | free_event_entry: release EVENT_SA_REPLACE-pe@0x7f3698004218 | #3 spent 1.53 milliseconds in timer_event_cb() EVENT_SA_REPLACE | processing: STOP state #0 (in timer_event_cb() at timer.c:557) | processing global timer EVENT_REVIVE_CONNS Initiating connection north-east which received a Delete/Notify but must remain up per local policy | FOR_EACH_CONNECTION_... in conn_by_name | start processing: connection "north-east" (in initiate_a_connection() at initiate.c:186) | empty esp_info, returning defaults for ENCRYPT | connection 'north-east' +POLICY_UP | dup_any(fd@-1) -> fd@-1 (in initiate_a_connection() at initiate.c:342) | FOR_EACH_STATE_... in find_phase1_state | Ignored already queued up pending IPsec SA negotiation with 192.1.2.23 "north-east" | stop processing: connection "north-east" (in initiate_a_connection() at initiate.c:349) | spent 0.024 milliseconds in global timer EVENT_REVIVE_CONNS | timer_event_cb: processing event@0x55f7ab38ef58 | handling event EVENT_SA_EXPIRE for child state #3 | start processing: state #3 connection "north-east" from 192.1.2.23 (in timer_event_cb() at timer.c:250) | picked newest_ipsec_sa #0 for #3 | un-established partial CHILD SA timeout (SA expired) | pstats #3 ikev1.ipsec failed exchange-timeout | pstats #3 ikev1.ipsec deleted exchange-timeout | [RE]START processing: state #3 connection "north-east" from 192.1.2.23 (in delete_state() at state.c:879) "north-east" #3: deleting state (STATE_QUICK_I1) aged 0.042s and NOT sending notification | child state #3: QUICK_I1(established CHILD SA) => delete | child state #3: QUICK_I1(established CHILD SA) => CHILDSA_DEL(informational) | priority calculation of connection "north-east" is 0xfdfff | delete inbound eroute 0.0.0.0/0:0 --0-> 192.0.2.101/32:0 => unk255.10000@192.1.3.33 (raw_eroute) | raw_eroute result=success | in connection_discard for connection north-east | State DB: deleting IKEv1 state #3 in CHILDSA_DEL | child state #3: CHILDSA_DEL(informational) => UNDEFINED(ignore) | stop processing: state #3 from 192.1.2.23 (in delete_state() at state.c:1143) | libevent_free: release ptr-libevent@0x55f7ab392fd8 | free_event_entry: release EVENT_SA_EXPIRE-pe@0x55f7ab38ef58 | in statetime_stop() and could not find #3 | processing: STOP state #0 (in timer_event_cb() at timer.c:557) | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) shutting down | processing: RESET whack log_fd (was fd@16) (in exit_pluto() at plutomain.c:1825) | certs and keys locked by 'free_preshared_secrets' forgetting secrets | certs and keys unlocked by 'free_preshared_secrets' | start processing: connection "north-east" (in delete_connection() at connections.c:189) | removing pending policy for no connection {0x55f7ab37d6c8} | Deleting states for connection - including all other IPsec SA's of this IKE SA | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | state #4 | suspend processing: connection "north-east" (in foreach_state_by_connection_func_delete() at state.c:1310) | start processing: state #4 connection "north-east" from 192.1.2.23 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #4 ikev1.isakmp deleted other | [RE]START processing: state #4 connection "north-east" from 192.1.2.23 (in delete_state() at state.c:879) "north-east" #4: deleting state (STATE_MAIN_I1) aged 0.544s and NOT sending notification | parent state #4: MAIN_I1(half-open IKE SA) => delete | state #4 requesting EVENT_RETRANSMIT to be deleted | #4 STATE_MAIN_I1: retransmits: cleared | libevent_free: release ptr-libevent@0x7f369c003468 | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f3690002b78 | State DB: IKEv1 state not found (flush_incomplete_children) | picked newest_isakmp_sa #0 for #4 "north-east" #4: deleting IKE SA for connection 'north-east' but connection is supposed to remain up; schedule EVENT_REVIVE_CONNS | add revival: connection 'north-east' added to the list and scheduled for 5 seconds | global one-shot timer EVENT_REVIVE_CONNS scheduled in 5 seconds | stop processing: connection "north-east" (BACKGROUND) (in update_state_connection() at connections.c:4076) | start processing: connection NULL (in update_state_connection() at connections.c:4077) | in connection_discard for connection north-east | State DB: deleting IKEv1 state #4 in MAIN_I1 | parent state #4: MAIN_I1(half-open IKE SA) => UNDEFINED(ignore) | stop processing: state #4 from 192.1.2.23 (in delete_state() at state.c:1143) | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | shunt_eroute() called for connection 'north-east' to 'delete' for rt_kind 'unrouted' using protoports 0--0->-0 | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 | priority calculation of connection "north-east" is 0xfdfff | priority calculation of connection "north-east" is 0xfdfff | FOR_EACH_CONNECTION_... in route_owner | conn north-east mark 0/00000000, 0/00000000 vs | conn north-east mark 0/00000000, 0/00000000 | route owner of "north-east" unrouted: NULL | running updown command "ipsec _updown" for verb unroute | command executing unroute-client | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-east' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.2.101/32' PLUTO_MY_CLIENT_NET='192.0.2.101' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='0.0.0.0/0' PLUTO_PEER_CLIENT_NET='0.0.0.0' PLUTO_PEER_CLIENT_MASK='0.0.0.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+XAUTH+MODECFG_PULL+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_MY_SOURCEIP='192.0.2.101' PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='1' PLUTO_NM_CONFIGURED='0' VTI_I | popen cmd is 1073 chars long | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-east' PL: | cmd( 80):UTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY: | cmd( 160):_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.2.101/32' PLUTO_MY_CLIENT_NET='192.0.2.1: | cmd( 240):01' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL=': | cmd( 320):0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEE: | cmd( 400):R_ID='@east' PLUTO_PEER_CLIENT='0.0.0.0/0' PLUTO_PEER_CLIENT_NET='0.0.0.0' PLUTO: | cmd( 480):_PEER_CLIENT_MASK='0.0.0.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PE: | cmd( 560):ER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+T: | cmd( 640):UNNEL+PFS+UP+XAUTH+MODECFG_PULL+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' P: | cmd( 720):LUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_: | cmd( 800):MY_SOURCEIP='192.0.2.101' PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_P: | cmd( 880):EER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='1: | cmd( 960):' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0: | cmd(1040):x0 SPI_OUT=0x0 ipsec _updown 2>&1: unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. | free hp@0x55f7ab38b148 | flush revival: connection 'north-east' revival flushed | processing: STOP connection NULL (in discard_connection() at connections.c:249) | crl fetch request list locked by 'free_crl_fetch' | crl fetch request list unlocked by 'free_crl_fetch' shutting down interface lo/lo 127.0.0.1:4500 shutting down interface lo/lo 127.0.0.1:500 shutting down interface eth0/eth0 192.0.3.254:4500 shutting down interface eth0/eth0 192.0.3.254:500 shutting down interface eth1/eth1 192.1.3.33:4500 shutting down interface eth1/eth1 192.1.3.33:500 | FOR_EACH_STATE_... in delete_states_dead_interfaces | libevent_free: release ptr-libevent@0x55f7ab37e238 | free_event_entry: release EVENT_NULL-pe@0x55f7ab38a0c8 | libevent_free: release ptr-libevent@0x55f7ab31a158 | free_event_entry: release EVENT_NULL-pe@0x55f7ab38a178 | libevent_free: release ptr-libevent@0x55f7ab31bff8 | free_event_entry: release EVENT_NULL-pe@0x55f7ab38a228 | libevent_free: release ptr-libevent@0x55f7ab319148 | free_event_entry: release EVENT_NULL-pe@0x55f7ab38a2d8 | libevent_free: release ptr-libevent@0x55f7ab2ea4e8 | free_event_entry: release EVENT_NULL-pe@0x55f7ab38a388 | libevent_free: release ptr-libevent@0x55f7ab2ea1d8 | free_event_entry: release EVENT_NULL-pe@0x55f7ab38a438 | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations | libevent_free: release ptr-libevent@0x55f7ab37e2e8 | free_event_entry: release EVENT_NULL-pe@0x55f7ab372028 | libevent_free: release ptr-libevent@0x55f7ab31bef8 | free_event_entry: release EVENT_NULL-pe@0x55f7ab3714e8 | libevent_free: release ptr-libevent@0x55f7ab355a98 | free_event_entry: release EVENT_NULL-pe@0x55f7ab372098 | global timer EVENT_REINIT_SECRET uninitialized | global timer EVENT_SHUNT_SCAN uninitialized | global timer EVENT_PENDING_DDNS uninitialized | global timer EVENT_PENDING_PHASE2 uninitialized | global timer EVENT_CHECK_CRLS uninitialized | global timer EVENT_REVIVE_CONNS uninitialized | global timer EVENT_FREE_ROOT_CERTS uninitialized | global timer EVENT_RESET_LOG_RATE_LIMIT uninitialized | global timer EVENT_NAT_T_KEEPALIVE uninitialized | libevent_free: release ptr-libevent@0x55f7ab31d378 | signal event handler PLUTO_SIGCHLD uninstalled | libevent_free: release ptr-libevent@0x55f7ab389828 | signal event handler PLUTO_SIGTERM uninstalled | libevent_free: release ptr-libevent@0x55f7ab389938 | signal event handler PLUTO_SIGHUP uninstalled | libevent_free: release ptr-libevent@0x55f7ab389b78 | signal event handler PLUTO_SIGSYS uninstalled | releasing event base | libevent_free: release ptr-libevent@0x55f7ab389a48 | libevent_free: release ptr-libevent@0x55f7ab36c8d8 | libevent_free: release ptr-libevent@0x55f7ab36c888 | libevent_free: release ptr-libevent@0x7f3698003e78 | libevent_free: release ptr-libevent@0x55f7ab36c7d8 | libevent_free: release ptr-libevent@0x55f7ab3895f8 | libevent_free: release ptr-libevent@0x55f7ab3897a8 | libevent_free: release ptr-libevent@0x55f7ab36ca88 | libevent_free: release ptr-libevent@0x55f7ab3715f8 | libevent_free: release ptr-libevent@0x55f7ab371fe8 | libevent_free: release ptr-libevent@0x55f7ab38a4a8 | libevent_free: release ptr-libevent@0x55f7ab38a3f8 | libevent_free: release ptr-libevent@0x55f7ab38a348 | libevent_free: release ptr-libevent@0x55f7ab38a298 | libevent_free: release ptr-libevent@0x55f7ab38a1e8 | libevent_free: release ptr-libevent@0x55f7ab38a138 | libevent_free: release ptr-libevent@0x55f7ab318998 | libevent_free: release ptr-libevent@0x55f7ab3898f8 | libevent_free: release ptr-libevent@0x55f7ab3897e8 | libevent_free: release ptr-libevent@0x55f7ab389768 | libevent_free: release ptr-libevent@0x55f7ab389a08 | libevent_free: release ptr-libevent@0x55f7ab389638 | libevent_free: release ptr-libevent@0x55f7ab2e9908 | libevent_free: release ptr-libevent@0x55f7ab2e9d38 | libevent_free: release ptr-libevent@0x55f7ab318d08 | releasing global libevent data | libevent_free: release ptr-libevent@0x55f7ab31a518 | libevent_free: release ptr-libevent@0x55f7ab2e9cd8 | libevent_free: release ptr-libevent@0x55f7ab2e9dd8 leak detective found no leaks