FIPS Product: YES
FIPS Kernel: NO
FIPS Mode: NO
NSS DB directory: sql:/etc/ipsec.d
Initializing NSS
Opening NSS database "sql:/etc/ipsec.d" read-only
NSS initialized
NSS crypto library initialized
FIPS HMAC integrity support [enabled]
FIPS mode disabled for pluto daemon
FIPS HMAC integrity verification self-test FAILED
libcap-ng support [enabled]
Linux audit support [enabled]
Linux audit activated
Starting Pluto (Libreswan Version v3.28-685-gbfd5aef521-master-s2 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:19595
core dump dir: /tmp
secrets file: /etc/ipsec.secrets
leak-detective enabled
NSS crypto [enabled]
XAUTH PAM support [enabled]
| libevent is using pluto's memory allocator
Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800)
| libevent_malloc: new ptr-libevent@0x55f7ab31a518 size 40
| libevent_malloc: new ptr-libevent@0x55f7ab2e9cd8 size 40
| libevent_malloc: new ptr-libevent@0x55f7ab2e9dd8 size 40
| creating event base
| libevent_malloc: new ptr-libevent@0x55f7ab36c818 size 56
| libevent_malloc: new ptr-libevent@0x55f7ab318d08 size 664
| libevent_malloc: new ptr-libevent@0x55f7ab36c888 size 24
| libevent_malloc: new ptr-libevent@0x55f7ab36c8d8 size 384
| libevent_malloc: new ptr-libevent@0x55f7ab36c7d8 size 16
| libevent_malloc: new ptr-libevent@0x55f7ab2e9908 size 40
| libevent_malloc: new ptr-libevent@0x55f7ab2e9d38 size 48
| libevent_realloc: new ptr-libevent@0x55f7ab318998 size 256
| libevent_malloc: new ptr-libevent@0x55f7ab36ca88 size 16
| libevent_free: release ptr-libevent@0x55f7ab36c818
| libevent initialized
| libevent_realloc: new ptr-libevent@0x55f7ab36c818 size 64
| global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds
| init_nat_traversal() initialized with keep_alive=0s
NAT-Traversal support  [enabled]
| global one-shot timer EVENT_NAT_T_KEEPALIVE initialized
| global one-shot timer EVENT_FREE_ROOT_CERTS initialized
| global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds
| global one-shot timer EVENT_REVIVE_CONNS initialized
| global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds
| global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds
Encryption algorithms:
  AES_CCM_16              IKEv1:     ESP     IKEv2:     ESP     FIPS  {256,192,*128}  aes_ccm, aes_ccm_c
  AES_CCM_12              IKEv1:     ESP     IKEv2:     ESP     FIPS  {256,192,*128}  aes_ccm_b
  AES_CCM_8               IKEv1:     ESP     IKEv2:     ESP     FIPS  {256,192,*128}  aes_ccm_a
  3DES_CBC                IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS  [*192]  3des
  CAMELLIA_CTR            IKEv1:     ESP     IKEv2:     ESP           {256,192,*128}
  CAMELLIA_CBC            IKEv1: IKE ESP     IKEv2: IKE ESP           {256,192,*128}  camellia
  AES_GCM_16              IKEv1:     ESP     IKEv2: IKE ESP     FIPS  {256,192,*128}  aes_gcm, aes_gcm_c
  AES_GCM_12              IKEv1:     ESP     IKEv2: IKE ESP     FIPS  {256,192,*128}  aes_gcm_b
  AES_GCM_8               IKEv1:     ESP     IKEv2: IKE ESP     FIPS  {256,192,*128}  aes_gcm_a
  AES_CTR                 IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS  {256,192,*128}  aesctr
  AES_CBC                 IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS  {256,192,*128}  aes
  SERPENT_CBC             IKEv1: IKE ESP     IKEv2: IKE ESP           {256,192,*128}  serpent
  TWOFISH_CBC             IKEv1: IKE ESP     IKEv2: IKE ESP           {256,192,*128}  twofish
  TWOFISH_SSH             IKEv1: IKE         IKEv2: IKE ESP           {256,192,*128}  twofish_cbc_ssh
  NULL_AUTH_AES_GMAC      IKEv1:     ESP     IKEv2:     ESP     FIPS  {256,192,*128}  aes_gmac
  NULL                    IKEv1:     ESP     IKEv2:     ESP           []
  CHACHA20_POLY1305       IKEv1:             IKEv2: IKE ESP           [*256]  chacha20poly1305
Hash algorithms:
  MD5                     IKEv1: IKE         IKEv2:                 
  SHA1                    IKEv1: IKE         IKEv2:             FIPS  sha
  SHA2_256                IKEv1: IKE         IKEv2:             FIPS  sha2, sha256
  SHA2_384                IKEv1: IKE         IKEv2:             FIPS  sha384
  SHA2_512                IKEv1: IKE         IKEv2:             FIPS  sha512
PRF algorithms:
  HMAC_MD5                IKEv1: IKE         IKEv2: IKE               md5
  HMAC_SHA1               IKEv1: IKE         IKEv2: IKE         FIPS  sha, sha1
  HMAC_SHA2_256           IKEv1: IKE         IKEv2: IKE         FIPS  sha2, sha256, sha2_256
  HMAC_SHA2_384           IKEv1: IKE         IKEv2: IKE         FIPS  sha384, sha2_384
  HMAC_SHA2_512           IKEv1: IKE         IKEv2: IKE         FIPS  sha512, sha2_512
  AES_XCBC                IKEv1:             IKEv2: IKE               aes128_xcbc
Integrity algorithms:
  HMAC_MD5_96             IKEv1: IKE ESP AH  IKEv2: IKE ESP AH        md5, hmac_md5
  HMAC_SHA1_96            IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  sha, sha1, sha1_96, hmac_sha1
  HMAC_SHA2_512_256       IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  sha512, sha2_512, sha2_512_256, hmac_sha2_512
  HMAC_SHA2_384_192       IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  sha384, sha2_384, sha2_384_192, hmac_sha2_384
  HMAC_SHA2_256_128       IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256
  HMAC_SHA2_256_TRUNCBUG  IKEv1:     ESP AH  IKEv2:         AH      
  AES_XCBC_96             IKEv1:     ESP AH  IKEv2: IKE ESP AH        aes_xcbc, aes128_xcbc, aes128_xcbc_96
  AES_CMAC_96             IKEv1:     ESP AH  IKEv2:     ESP AH  FIPS  aes_cmac
  NONE                    IKEv1:     ESP     IKEv2: IKE ESP     FIPS  null
DH algorithms:
  NONE                    IKEv1:             IKEv2: IKE ESP AH  FIPS  null, dh0
  MODP1536                IKEv1: IKE ESP AH  IKEv2: IKE ESP AH        dh5
  MODP2048                IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  dh14
  MODP3072                IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  dh15
  MODP4096                IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  dh16
  MODP6144                IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  dh17
  MODP8192                IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  dh18
  DH19                    IKEv1: IKE         IKEv2: IKE ESP AH  FIPS  ecp_256, ecp256
  DH20                    IKEv1: IKE         IKEv2: IKE ESP AH  FIPS  ecp_384, ecp384
  DH21                    IKEv1: IKE         IKEv2: IKE ESP AH  FIPS  ecp_521, ecp521
  DH31                    IKEv1: IKE         IKEv2: IKE ESP AH        curve25519
testing CAMELLIA_CBC:
  Camellia: 16 bytes with 128-bit key
  Camellia: 16 bytes with 128-bit key
  Camellia: 16 bytes with 256-bit key
  Camellia: 16 bytes with 256-bit key
testing AES_GCM_16:
  empty string
  one block
  two blocks
  two blocks with associated data
testing AES_CTR:
  Encrypting 16 octets using AES-CTR with 128-bit key
  Encrypting 32 octets using AES-CTR with 128-bit key
  Encrypting 36 octets using AES-CTR with 128-bit key
  Encrypting 16 octets using AES-CTR with 192-bit key
  Encrypting 32 octets using AES-CTR with 192-bit key
  Encrypting 36 octets using AES-CTR with 192-bit key
  Encrypting 16 octets using AES-CTR with 256-bit key
  Encrypting 32 octets using AES-CTR with 256-bit key
  Encrypting 36 octets using AES-CTR with 256-bit key
testing AES_CBC:
  Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key
  Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key
  Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key
  Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key
testing AES_XCBC:
  RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input
  RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input
  RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input
  RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input
  RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input
  RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input
  RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input
  RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16)
  RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10)
  RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18)
testing HMAC_MD5:
  RFC 2104: MD5_HMAC test 1
  RFC 2104: MD5_HMAC test 2
  RFC 2104: MD5_HMAC test 3
8 CPU cores online
starting up 7 crypto helpers
started thread for crypto helper 0
started thread for crypto helper 1
started thread for crypto helper 2
started thread for crypto helper 3
| starting up helper thread 2
| status value returned by setting the priority of this thread (crypto helper 2) 22
| crypto helper 2 waiting (nothing to do)
started thread for crypto helper 4
| starting up helper thread 3
| status value returned by setting the priority of this thread (crypto helper 3) 22
| crypto helper 3 waiting (nothing to do)
| starting up helper thread 4
| status value returned by setting the priority of this thread (crypto helper 4) 22
| crypto helper 4 waiting (nothing to do)
started thread for crypto helper 5
| starting up helper thread 5
| status value returned by setting the priority of this thread (crypto helper 5) 22
| crypto helper 5 waiting (nothing to do)
started thread for crypto helper 6
| starting up helper thread 6
| status value returned by setting the priority of this thread (crypto helper 6) 22
| crypto helper 6 waiting (nothing to do)
| checking IKEv1 state table
|   MAIN_R0: category: half-open IKE SA flags: 0:
|     -> MAIN_R1 EVENT_SO_DISCARD
|   MAIN_I1: category: half-open IKE SA flags: 0:
|     -> MAIN_I2 EVENT_RETRANSMIT
|   MAIN_R1: category: open IKE SA flags: 200:
|     -> MAIN_R2 EVENT_RETRANSMIT
|     -> UNDEFINED EVENT_RETRANSMIT
|     -> UNDEFINED EVENT_RETRANSMIT
| starting up helper thread 1
|   MAIN_I2: category: open IKE SA flags: 0:
|     -> MAIN_I3 EVENT_RETRANSMIT
|     -> UNDEFINED EVENT_RETRANSMIT
|     -> UNDEFINED EVENT_RETRANSMIT
| status value returned by setting the priority of this thread (crypto helper 1) 22
| crypto helper 1 waiting (nothing to do)
|   MAIN_R2: category: open IKE SA flags: 0:
|     -> MAIN_R3 EVENT_SA_REPLACE
|     -> MAIN_R3 EVENT_SA_REPLACE
|     -> UNDEFINED EVENT_SA_REPLACE
|   MAIN_I3: category: open IKE SA flags: 0:
|     -> MAIN_I4 EVENT_SA_REPLACE
|     -> MAIN_I4 EVENT_SA_REPLACE
|     -> UNDEFINED EVENT_SA_REPLACE
|   MAIN_R3: category: established IKE SA flags: 200:
|     -> UNDEFINED EVENT_NULL
|   MAIN_I4: category: established IKE SA flags: 0:
|     -> UNDEFINED EVENT_NULL
|   AGGR_R0: category: half-open IKE SA flags: 0:
|     -> AGGR_R1 EVENT_SO_DISCARD
|   AGGR_I1: category: half-open IKE SA flags: 0:
|     -> AGGR_I2 EVENT_SA_REPLACE
|     -> AGGR_I2 EVENT_SA_REPLACE
|   AGGR_R1: category: open IKE SA flags: 200:
|     -> AGGR_R2 EVENT_SA_REPLACE
|     -> AGGR_R2 EVENT_SA_REPLACE
|   AGGR_I2: category: established IKE SA flags: 200:
|     -> UNDEFINED EVENT_NULL
|   AGGR_R2: category: established IKE SA flags: 0:
|     -> UNDEFINED EVENT_NULL
|   QUICK_R0: category: established CHILD SA flags: 0:
|     -> QUICK_R1 EVENT_RETRANSMIT
|   QUICK_I1: category: established CHILD SA flags: 0:
|     -> QUICK_I2 EVENT_SA_REPLACE
|   QUICK_R1: category: established CHILD SA flags: 0:
|     -> QUICK_R2 EVENT_SA_REPLACE
|   QUICK_I2: category: established CHILD SA flags: 200:
|     -> UNDEFINED EVENT_NULL
|   QUICK_R2: category: established CHILD SA flags: 0:
|     -> UNDEFINED EVENT_NULL
|   INFO: category: informational flags: 0:
|     -> UNDEFINED EVENT_NULL
|   INFO_PROTECTED: category: informational flags: 0:
|     -> UNDEFINED EVENT_NULL
|   XAUTH_R0: category: established IKE SA flags: 0:
|     -> XAUTH_R1 EVENT_NULL
|   XAUTH_R1: category: established IKE SA flags: 0:
|     -> MAIN_R3 EVENT_SA_REPLACE
|   MODE_CFG_R0: category: informational flags: 0:
|     -> MODE_CFG_R1 EVENT_SA_REPLACE
|   MODE_CFG_R1: category: established IKE SA flags: 0:
|     -> MODE_CFG_R2 EVENT_SA_REPLACE
|   MODE_CFG_R2: category: established IKE SA flags: 0:
|     -> UNDEFINED EVENT_NULL
|   MODE_CFG_I1: category: established IKE SA flags: 0:
|     -> MAIN_I4 EVENT_SA_REPLACE
|   XAUTH_I0: category: established IKE SA flags: 0:
|     -> XAUTH_I1 EVENT_RETRANSMIT
|   XAUTH_I1: category: established IKE SA flags: 0:
|     -> MAIN_I4 EVENT_RETRANSMIT
| checking IKEv2 state table
|   PARENT_I0: category: ignore flags: 0:
|     -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT)
|   PARENT_I1: category: half-open IKE SA flags: 0:
|     -> PARENT_I1 EVENT_RETAIN send-request (Initiator: process SA_INIT reply notification)
|     -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH)
|   PARENT_I2: category: open IKE SA flags: 0:
|     -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification)
|     -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification)
|     -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification)
|     -> V2_IPSEC_I EVENT_SA_REPLACE (Initiator: process IKE_AUTH response)
|     -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification)
|   PARENT_I3: category: established IKE SA flags: 0:
|     -> PARENT_I3 EVENT_RETAIN (I3: Informational Request)
|     -> PARENT_I3 EVENT_RETAIN (I3: Informational Response)
|     -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Request)
|     -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Response)
|   PARENT_R0: category: half-open IKE SA flags: 0:
|     -> PARENT_R1 EVENT_SO_DISCARD send-request (Respond to IKE_SA_INIT)
|   PARENT_R1: category: half-open IKE SA flags: 0:
|     -> PARENT_R1 EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request (no SKEYSEED))
|     -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request)
|   PARENT_R2: category: established IKE SA flags: 0:
|     -> PARENT_R2 EVENT_RETAIN (R2: process Informational Request)
|     -> PARENT_R2 EVENT_RETAIN (R2: process Informational Response)
|     -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Request)
|     -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Response)
|   V2_CREATE_I0: category: established IKE SA flags: 0:
|     -> V2_CREATE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA)
|   V2_CREATE_I: category: established IKE SA flags: 0:
|     -> V2_IPSEC_I EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response)
|   V2_REKEY_IKE_I0: category: established IKE SA flags: 0:
|     -> V2_REKEY_IKE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey)
|   V2_REKEY_IKE_I: category: established IKE SA flags: 0:
|     -> PARENT_I3 EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response)
|   V2_REKEY_CHILD_I0: category: established IKE SA flags: 0:
|     -> V2_REKEY_CHILD_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA)
|   V2_REKEY_CHILD_I: category: established IKE SA flags: 0: <none>
|   V2_CREATE_R: category: established IKE SA flags: 0:
|     -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IPsec SA Request)
|   V2_REKEY_IKE_R: category: established IKE SA flags: 0:
|     -> PARENT_R2 EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IKE Rekey)
|   V2_REKEY_CHILD_R: category: established IKE SA flags: 0: <none>
|   V2_IPSEC_I: category: established CHILD SA flags: 0: <none>
|   V2_IPSEC_R: category: established CHILD SA flags: 0: <none>
|   IKESA_DEL: category: established IKE SA flags: 0:
|     -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL)
|   CHILDSA_DEL: category: informational flags: 0: <none>
Using Linux XFRM/NETKEY IPsec interface code on 5.1.18-200.fc29.x86_64
| Hard-wiring algorithms
| adding AES_CCM_16 to kernel algorithm db
| adding AES_CCM_12 to kernel algorithm db
| adding AES_CCM_8 to kernel algorithm db
| adding 3DES_CBC to kernel algorithm db
| adding CAMELLIA_CBC to kernel algorithm db
| adding AES_GCM_16 to kernel algorithm db
| adding AES_GCM_12 to kernel algorithm db
| adding AES_GCM_8 to kernel algorithm db
| adding AES_CTR to kernel algorithm db
| adding AES_CBC to kernel algorithm db
| adding SERPENT_CBC to kernel algorithm db
| adding TWOFISH_CBC to kernel algorithm db
| adding NULL_AUTH_AES_GMAC to kernel algorithm db
| adding NULL to kernel algorithm db
| adding CHACHA20_POLY1305 to kernel algorithm db
| adding HMAC_MD5_96 to kernel algorithm db
| adding HMAC_SHA1_96 to kernel algorithm db
| adding HMAC_SHA2_512_256 to kernel algorithm db
| adding HMAC_SHA2_384_192 to kernel algorithm db
| adding HMAC_SHA2_256_128 to kernel algorithm db
| adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db
| adding AES_XCBC_96 to kernel algorithm db
| adding AES_CMAC_96 to kernel algorithm db
| adding NONE to kernel algorithm db
| net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes
| global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds
| setup kernel fd callback
| add_fd_read_event_handler: new KERNEL_XRM_FD-pe@0x55f7ab372098
| libevent_malloc: new ptr-libevent@0x55f7ab355a98 size 128
| libevent_malloc: new ptr-libevent@0x55f7ab3715f8 size 16
| add_fd_read_event_handler: new KERNEL_ROUTE_FD-pe@0x55f7ab3714e8
| libevent_malloc: new ptr-libevent@0x55f7ab31bef8 size 128
| libevent_malloc: new ptr-libevent@0x55f7ab371fe8 size 16
| global one-shot timer EVENT_CHECK_CRLS initialized
selinux support is enabled.
| unbound context created - setting debug level to 5
| /etc/hosts lookups activated
| /etc/resolv.conf usage activated
| outgoing-port-avoid set 0-65535
| outgoing-port-permit set 32768-60999
| Loading dnssec root key from:/var/lib/unbound/root.key
| No additional dnssec trust anchors defined via dnssec-trusted= option
| Setting up events, loop start
| add_fd_read_event_handler: new PLUTO_CTL_FD-pe@0x55f7ab372028
| libevent_malloc: new ptr-libevent@0x55f7ab37e2e8 size 128
| libevent_malloc: new ptr-libevent@0x55f7ab3895f8 size 16
| libevent_realloc: new ptr-libevent@0x55f7ab389638 size 256
| libevent_malloc: new ptr-libevent@0x55f7ab389768 size 8
| libevent_realloc: new ptr-libevent@0x55f7ab319248 size 144
| libevent_malloc: new ptr-libevent@0x55f7ab31d378 size 152
| libevent_malloc: new ptr-libevent@0x55f7ab3897a8 size 16
| signal event handler PLUTO_SIGCHLD installed
| libevent_malloc: new ptr-libevent@0x55f7ab3897e8 size 8
| libevent_malloc: new ptr-libevent@0x55f7ab389828 size 152
| signal event handler PLUTO_SIGTERM installed
| libevent_malloc: new ptr-libevent@0x55f7ab3898f8 size 8
| libevent_malloc: new ptr-libevent@0x55f7ab389938 size 152
| signal event handler PLUTO_SIGHUP installed
| libevent_malloc: new ptr-libevent@0x55f7ab389a08 size 8
| libevent_realloc: release ptr-libevent@0x55f7ab319248
| libevent_realloc: new ptr-libevent@0x55f7ab389a48 size 256
| libevent_malloc: new ptr-libevent@0x55f7ab389b78 size 152
| signal event handler PLUTO_SIGSYS installed
| created addconn helper (pid:19730) using fork+execve
| forked child 19730
| accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722)
listening for IKE messages
| Inspecting interface lo 
| found lo with address 127.0.0.1
| Inspecting interface eth0 
| found eth0 with address 192.0.3.254
| Inspecting interface eth1 
| found eth1 with address 192.1.3.33
Kernel supports NIC esp-hw-offload
adding interface eth1/eth1 (esp-hw-offload not supported by kernel) 192.1.3.33:500
| NAT-Traversal: Trying sockopt style NAT-T
| NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4
adding interface eth1/eth1 192.1.3.33:4500
adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.0.3.254:500
| NAT-Traversal: Trying sockopt style NAT-T
| NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4
adding interface eth0/eth0 192.0.3.254:4500
adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500
| NAT-Traversal: Trying sockopt style NAT-T
| NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4
adding interface lo/lo 127.0.0.1:4500
| no interfaces to sort
| FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations
| add_fd_read_event_handler: new ethX-pe@0x55f7ab38a0c8
| libevent_malloc: new ptr-libevent@0x55f7ab37e238 size 128
| libevent_malloc: new ptr-libevent@0x55f7ab38a138 size 16
| setup callback for interface lo 127.0.0.1:4500 fd 22
| add_fd_read_event_handler: new ethX-pe@0x55f7ab38a178
| libevent_malloc: new ptr-libevent@0x55f7ab31a158 size 128
| libevent_malloc: new ptr-libevent@0x55f7ab38a1e8 size 16
| setup callback for interface lo 127.0.0.1:500 fd 21
| add_fd_read_event_handler: new ethX-pe@0x55f7ab38a228
| libevent_malloc: new ptr-libevent@0x55f7ab31bff8 size 128
| libevent_malloc: new ptr-libevent@0x55f7ab38a298 size 16
| setup callback for interface eth0 192.0.3.254:4500 fd 20
| add_fd_read_event_handler: new ethX-pe@0x55f7ab38a2d8
| libevent_malloc: new ptr-libevent@0x55f7ab319148 size 128
| libevent_malloc: new ptr-libevent@0x55f7ab38a348 size 16
| setup callback for interface eth0 192.0.3.254:500 fd 19
| add_fd_read_event_handler: new ethX-pe@0x55f7ab38a388
| libevent_malloc: new ptr-libevent@0x55f7ab2ea4e8 size 128
| libevent_malloc: new ptr-libevent@0x55f7ab38a3f8 size 16
| setup callback for interface eth1 192.1.3.33:4500 fd 18
| add_fd_read_event_handler: new ethX-pe@0x55f7ab38a438
| libevent_malloc: new ptr-libevent@0x55f7ab2ea1d8 size 128
| libevent_malloc: new ptr-libevent@0x55f7ab38a4a8 size 16
| setup callback for interface eth1 192.1.3.33:500 fd 17
| certs and keys locked by 'free_preshared_secrets'
| certs and keys unlocked by 'free_preshared_secrets'
loading secrets from "/etc/ipsec.secrets"
| Processing PSK at line 1: passed
| certs and keys locked by 'process_secret'
| certs and keys unlocked by 'process_secret'
| close_any(fd@16) (in whack_process() at rcv_whack.c:700)
| spent 0.91 milliseconds in whack
| starting up helper thread 0
| status value returned by setting the priority of this thread (crypto helper 0) 22
| crypto helper 0 waiting (nothing to do)
| accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722)
listening for IKE messages
| Inspecting interface lo 
| found lo with address 127.0.0.1
| Inspecting interface eth0 
| found eth0 with address 192.0.3.254
| Inspecting interface eth1 
| found eth1 with address 192.1.3.33
| no interfaces to sort
| libevent_free: release ptr-libevent@0x55f7ab37e238
| free_event_entry: release EVENT_NULL-pe@0x55f7ab38a0c8
| add_fd_read_event_handler: new ethX-pe@0x55f7ab38a0c8
| libevent_malloc: new ptr-libevent@0x55f7ab37e238 size 128
| setup callback for interface lo 127.0.0.1:4500 fd 22
| libevent_free: release ptr-libevent@0x55f7ab31a158
| free_event_entry: release EVENT_NULL-pe@0x55f7ab38a178
| add_fd_read_event_handler: new ethX-pe@0x55f7ab38a178
| libevent_malloc: new ptr-libevent@0x55f7ab31a158 size 128
| setup callback for interface lo 127.0.0.1:500 fd 21
| libevent_free: release ptr-libevent@0x55f7ab31bff8
| free_event_entry: release EVENT_NULL-pe@0x55f7ab38a228
| add_fd_read_event_handler: new ethX-pe@0x55f7ab38a228
| libevent_malloc: new ptr-libevent@0x55f7ab31bff8 size 128
| setup callback for interface eth0 192.0.3.254:4500 fd 20
| libevent_free: release ptr-libevent@0x55f7ab319148
| free_event_entry: release EVENT_NULL-pe@0x55f7ab38a2d8
| add_fd_read_event_handler: new ethX-pe@0x55f7ab38a2d8
| libevent_malloc: new ptr-libevent@0x55f7ab319148 size 128
| setup callback for interface eth0 192.0.3.254:500 fd 19
| libevent_free: release ptr-libevent@0x55f7ab2ea4e8
| free_event_entry: release EVENT_NULL-pe@0x55f7ab38a388
| add_fd_read_event_handler: new ethX-pe@0x55f7ab38a388
| libevent_malloc: new ptr-libevent@0x55f7ab2ea4e8 size 128
| setup callback for interface eth1 192.1.3.33:4500 fd 18
| libevent_free: release ptr-libevent@0x55f7ab2ea1d8
| free_event_entry: release EVENT_NULL-pe@0x55f7ab38a438
| add_fd_read_event_handler: new ethX-pe@0x55f7ab38a438
| libevent_malloc: new ptr-libevent@0x55f7ab2ea1d8 size 128
| setup callback for interface eth1 192.1.3.33:500 fd 17
| certs and keys locked by 'free_preshared_secrets'
forgetting secrets
| certs and keys unlocked by 'free_preshared_secrets'
loading secrets from "/etc/ipsec.secrets"
| Processing PSK at line 1: passed
| certs and keys locked by 'process_secret'
| certs and keys unlocked by 'process_secret'
| close_any(fd@16) (in whack_process() at rcv_whack.c:700)
| spent 0.264 milliseconds in whack
| processing signal PLUTO_SIGCHLD
| waitpid returned pid 19730 (exited with status 0)
| reaped addconn helper child (status 0)
| waitpid returned ECHILD (no child processes left)
| spent 0.0128 milliseconds in signal handler PLUTO_SIGCHLD
| accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722)
| FOR_EACH_CONNECTION_... in conn_by_name
| FOR_EACH_CONNECTION_... in foreach_connection_by_alias
| FOR_EACH_CONNECTION_... in conn_by_name
| FOR_EACH_CONNECTION_... in foreach_connection_by_alias
| FOR_EACH_CONNECTION_... in conn_by_name
| Added new connection north-east with policy PSK+ENCRYPT+TUNNEL+PFS+XAUTH+MODECFG_PULL+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO
| counting wild cards for (none) is 15
| counting wild cards for @east is 0
| connect_to_host_pair: 192.1.3.33:500 192.1.2.23:500 -> hp@(nil): none
| new hp@0x55f7ab38b148
added connection description "north-east"
| ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: PSK+ENCRYPT+TUNNEL+PFS+XAUTH+MODECFG_PULL+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO
| 192.1.3.33[+MC+XC+S=C]---192.1.3.254...192.1.2.23<192.1.2.23>[@east,MS+XS+S=C]===0.0.0.0/0
| close_any(fd@16) (in whack_process() at rcv_whack.c:700)
| spent 0.0907 milliseconds in whack
| accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722)
| dup_any(fd@16) -> fd@23 (in whack_process() at rcv_whack.c:590)
| FOR_EACH_CONNECTION_... in conn_by_name
| start processing: connection "north-east" (in initiate_a_connection() at initiate.c:186)
| empty esp_info, returning defaults for ENCRYPT
| connection 'north-east' +POLICY_UP
| dup_any(fd@23) -> fd@24 (in initiate_a_connection() at initiate.c:342)
| FOR_EACH_STATE_... in find_phase1_state
| creating state object #1 at 0x55f7ab38ba98
| State DB: adding IKEv1 state #1 in UNDEFINED
| pstats #1 ikev1.isakmp started
| suspend processing: connection "north-east" (in main_outI1() at ikev1_main.c:118)
| start processing: state #1 connection "north-east" from 192.1.2.23 (in main_outI1() at ikev1_main.c:118)
| parent state #1: UNDEFINED(ignore) => MAIN_I1(half-open IKE SA)
| dup_any(fd@24) -> fd@25 (in main_outI1() at ikev1_main.c:123)
| Queuing pending IPsec SA negotiating with 192.1.2.23 "north-east" IKE SA #1 "north-east"
"north-east" #1: initiating Main Mode
| **emit ISAKMP Message:
|    initiator cookie:
|   79 06 6b 20  17 b2 e6 fc
|    responder cookie:
|   00 00 00 00  00 00 00 00
|    next payload type: ISAKMP_NEXT_SA (0x1)
|    ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
|    exchange type: ISAKMP_XCHG_IDPROT (0x2)
|    flags: none (0x0)
|    Message ID: 0 (0x0)
| next payload chain: saving message location 'ISAKMP Message'.'next payload type'
| next payload chain: ignoring supplied 'ISAKMP Message'.'next payload type' value 1:ISAKMP_NEXT_SA
| no specific IKE algorithms specified - using defaults
| oakley_alg_makedb() processing ealg=aes=7 halg=sha2_256=4 modp=MODP2048=14 eklen=0
| oakley_alg_makedb() processing ealg=aes=7 halg=sha2_512=6 modp=MODP2048=14 eklen=0
| oakley_alg_makedb() processing ealg=aes=7 halg=sha=2 modp=MODP2048=14 eklen=0
| oakley_alg_makedb() processing ealg=aes=7 halg=sha2_256=4 modp=MODP1536=5 eklen=0
| oakley_alg_makedb() processing ealg=aes=7 halg=sha2_512=6 modp=MODP1536=5 eklen=0
| oakley_alg_makedb() processing ealg=aes=7 halg=sha=2 modp=MODP1536=5 eklen=0
| oakley_alg_makedb() processing ealg=3des_cbc=5 halg=sha2_256=4 modp=MODP2048=14 eklen=0
| oakley_alg_makedb() processing ealg=3des_cbc=5 halg=sha2_512=6 modp=MODP2048=14 eklen=0
| oakley_alg_makedb() processing ealg=3des_cbc=5 halg=sha=2 modp=MODP2048=14 eklen=0
| oakley_alg_makedb() processing ealg=3des_cbc=5 halg=sha2_256=4 modp=MODP1536=5 eklen=0
| oakley_alg_makedb() processing ealg=3des_cbc=5 halg=sha2_512=6 modp=MODP1536=5 eklen=0
| oakley_alg_makedb() processing ealg=3des_cbc=5 halg=sha=2 modp=MODP1536=5 eklen=0
| oakley_alg_makedb() returning 0x55f7ab38e3f8
| ***emit ISAKMP Security Association Payload:
|    next payload type: ISAKMP_NEXT_VID (0xd)
|    DOI: ISAKMP_DOI_IPSEC (0x1)
| next payload chain: ignoring supplied 'ISAKMP Security Association Payload'.'next payload type' value 13:ISAKMP_NEXT_VID
| next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Security Association Payload (1:ISAKMP_NEXT_SA)
| next payload chain: saving location 'ISAKMP Security Association Payload'.'next payload type' in 'reply packet'
| ****emit IPsec DOI SIT:
|    IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1)
| ikev1_out_sa pcn: 0 has 1 valid proposals
| ikev1_out_sa pcn: 0 pn: 0<1 valid_count: 1 trans_cnt: 18
| ****emit ISAKMP Proposal Payload:
|    next payload type: ISAKMP_NEXT_NONE (0x0)
|    proposal number: 0 (0x0)
|    protocol ID: PROTO_ISAKMP (0x1)
|    SPI size: 0 (0x0)
|    number of transforms: 18 (0x12)
| last substructure: saving location 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type'
| *****emit ISAKMP Transform Payload (ISAKMP):
|    next payload type: ISAKMP_NEXT_T (0x3)
|    ISAKMP transform number: 0 (0x0)
|    ISAKMP transform ID: KEY_IKE (0x1)
| last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type'
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_LIFE_TYPE (0x800b)
|    length/value: 1 (0x1)
|     [1 is OAKLEY_LIFE_SECONDS]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c)
|    length/value: 3600 (0xe10)
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001)
|    length/value: 7 (0x7)
|     [7 is OAKLEY_AES_CBC]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002)
|    length/value: 4 (0x4)
|     [4 is OAKLEY_SHA2_256]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003)
|    length/value: 65001 (0xfde9)
|     [65001 is XAUTHInitPreShared]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004)
|    length/value: 14 (0xe)
|     [14 is OAKLEY_GROUP_MODP2048]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_KEY_LENGTH (0x800e)
|    length/value: 256 (0x100)
| emitting length of ISAKMP Transform Payload (ISAKMP): 36
| *****emit ISAKMP Transform Payload (ISAKMP):
|    next payload type: ISAKMP_NEXT_T (0x3)
|    ISAKMP transform number: 1 (0x1)
|    ISAKMP transform ID: KEY_IKE (0x1)
| last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3)
| last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type'
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_LIFE_TYPE (0x800b)
|    length/value: 1 (0x1)
|     [1 is OAKLEY_LIFE_SECONDS]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c)
|    length/value: 3600 (0xe10)
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001)
|    length/value: 7 (0x7)
|     [7 is OAKLEY_AES_CBC]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002)
|    length/value: 4 (0x4)
|     [4 is OAKLEY_SHA2_256]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003)
|    length/value: 65001 (0xfde9)
|     [65001 is XAUTHInitPreShared]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004)
|    length/value: 14 (0xe)
|     [14 is OAKLEY_GROUP_MODP2048]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_KEY_LENGTH (0x800e)
|    length/value: 128 (0x80)
| emitting length of ISAKMP Transform Payload (ISAKMP): 36
| *****emit ISAKMP Transform Payload (ISAKMP):
|    next payload type: ISAKMP_NEXT_T (0x3)
|    ISAKMP transform number: 2 (0x2)
|    ISAKMP transform ID: KEY_IKE (0x1)
| last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3)
| last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type'
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_LIFE_TYPE (0x800b)
|    length/value: 1 (0x1)
|     [1 is OAKLEY_LIFE_SECONDS]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c)
|    length/value: 3600 (0xe10)
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001)
|    length/value: 7 (0x7)
|     [7 is OAKLEY_AES_CBC]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002)
|    length/value: 6 (0x6)
|     [6 is OAKLEY_SHA2_512]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003)
|    length/value: 65001 (0xfde9)
|     [65001 is XAUTHInitPreShared]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004)
|    length/value: 14 (0xe)
|     [14 is OAKLEY_GROUP_MODP2048]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_KEY_LENGTH (0x800e)
|    length/value: 256 (0x100)
| emitting length of ISAKMP Transform Payload (ISAKMP): 36
| *****emit ISAKMP Transform Payload (ISAKMP):
|    next payload type: ISAKMP_NEXT_T (0x3)
|    ISAKMP transform number: 3 (0x3)
|    ISAKMP transform ID: KEY_IKE (0x1)
| last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3)
| last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type'
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_LIFE_TYPE (0x800b)
|    length/value: 1 (0x1)
|     [1 is OAKLEY_LIFE_SECONDS]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c)
|    length/value: 3600 (0xe10)
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001)
|    length/value: 7 (0x7)
|     [7 is OAKLEY_AES_CBC]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002)
|    length/value: 6 (0x6)
|     [6 is OAKLEY_SHA2_512]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003)
|    length/value: 65001 (0xfde9)
|     [65001 is XAUTHInitPreShared]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004)
|    length/value: 14 (0xe)
|     [14 is OAKLEY_GROUP_MODP2048]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_KEY_LENGTH (0x800e)
|    length/value: 128 (0x80)
| emitting length of ISAKMP Transform Payload (ISAKMP): 36
| *****emit ISAKMP Transform Payload (ISAKMP):
|    next payload type: ISAKMP_NEXT_T (0x3)
|    ISAKMP transform number: 4 (0x4)
|    ISAKMP transform ID: KEY_IKE (0x1)
| last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3)
| last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type'
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_LIFE_TYPE (0x800b)
|    length/value: 1 (0x1)
|     [1 is OAKLEY_LIFE_SECONDS]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c)
|    length/value: 3600 (0xe10)
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001)
|    length/value: 7 (0x7)
|     [7 is OAKLEY_AES_CBC]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002)
|    length/value: 2 (0x2)
|     [2 is OAKLEY_SHA1]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003)
|    length/value: 65001 (0xfde9)
|     [65001 is XAUTHInitPreShared]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004)
|    length/value: 14 (0xe)
|     [14 is OAKLEY_GROUP_MODP2048]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_KEY_LENGTH (0x800e)
|    length/value: 256 (0x100)
| emitting length of ISAKMP Transform Payload (ISAKMP): 36
| *****emit ISAKMP Transform Payload (ISAKMP):
|    next payload type: ISAKMP_NEXT_T (0x3)
|    ISAKMP transform number: 5 (0x5)
|    ISAKMP transform ID: KEY_IKE (0x1)
| last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3)
| last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type'
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_LIFE_TYPE (0x800b)
|    length/value: 1 (0x1)
|     [1 is OAKLEY_LIFE_SECONDS]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c)
|    length/value: 3600 (0xe10)
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001)
|    length/value: 7 (0x7)
|     [7 is OAKLEY_AES_CBC]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002)
|    length/value: 2 (0x2)
|     [2 is OAKLEY_SHA1]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003)
|    length/value: 65001 (0xfde9)
|     [65001 is XAUTHInitPreShared]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004)
|    length/value: 14 (0xe)
|     [14 is OAKLEY_GROUP_MODP2048]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_KEY_LENGTH (0x800e)
|    length/value: 128 (0x80)
| emitting length of ISAKMP Transform Payload (ISAKMP): 36
| *****emit ISAKMP Transform Payload (ISAKMP):
|    next payload type: ISAKMP_NEXT_T (0x3)
|    ISAKMP transform number: 6 (0x6)
|    ISAKMP transform ID: KEY_IKE (0x1)
| last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3)
| last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type'
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_LIFE_TYPE (0x800b)
|    length/value: 1 (0x1)
|     [1 is OAKLEY_LIFE_SECONDS]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c)
|    length/value: 3600 (0xe10)
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001)
|    length/value: 7 (0x7)
|     [7 is OAKLEY_AES_CBC]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002)
|    length/value: 4 (0x4)
|     [4 is OAKLEY_SHA2_256]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003)
|    length/value: 65001 (0xfde9)
|     [65001 is XAUTHInitPreShared]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004)
|    length/value: 5 (0x5)
|     [5 is OAKLEY_GROUP_MODP1536]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_KEY_LENGTH (0x800e)
|    length/value: 256 (0x100)
| emitting length of ISAKMP Transform Payload (ISAKMP): 36
| *****emit ISAKMP Transform Payload (ISAKMP):
|    next payload type: ISAKMP_NEXT_T (0x3)
|    ISAKMP transform number: 7 (0x7)
|    ISAKMP transform ID: KEY_IKE (0x1)
| last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3)
| last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type'
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_LIFE_TYPE (0x800b)
|    length/value: 1 (0x1)
|     [1 is OAKLEY_LIFE_SECONDS]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c)
|    length/value: 3600 (0xe10)
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001)
|    length/value: 7 (0x7)
|     [7 is OAKLEY_AES_CBC]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002)
|    length/value: 4 (0x4)
|     [4 is OAKLEY_SHA2_256]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003)
|    length/value: 65001 (0xfde9)
|     [65001 is XAUTHInitPreShared]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004)
|    length/value: 5 (0x5)
|     [5 is OAKLEY_GROUP_MODP1536]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_KEY_LENGTH (0x800e)
|    length/value: 128 (0x80)
| emitting length of ISAKMP Transform Payload (ISAKMP): 36
| *****emit ISAKMP Transform Payload (ISAKMP):
|    next payload type: ISAKMP_NEXT_T (0x3)
|    ISAKMP transform number: 8 (0x8)
|    ISAKMP transform ID: KEY_IKE (0x1)
| last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3)
| last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type'
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_LIFE_TYPE (0x800b)
|    length/value: 1 (0x1)
|     [1 is OAKLEY_LIFE_SECONDS]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c)
|    length/value: 3600 (0xe10)
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001)
|    length/value: 7 (0x7)
|     [7 is OAKLEY_AES_CBC]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002)
|    length/value: 6 (0x6)
|     [6 is OAKLEY_SHA2_512]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003)
|    length/value: 65001 (0xfde9)
|     [65001 is XAUTHInitPreShared]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004)
|    length/value: 5 (0x5)
|     [5 is OAKLEY_GROUP_MODP1536]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_KEY_LENGTH (0x800e)
|    length/value: 256 (0x100)
| emitting length of ISAKMP Transform Payload (ISAKMP): 36
| *****emit ISAKMP Transform Payload (ISAKMP):
|    next payload type: ISAKMP_NEXT_T (0x3)
|    ISAKMP transform number: 9 (0x9)
|    ISAKMP transform ID: KEY_IKE (0x1)
| last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3)
| last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type'
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_LIFE_TYPE (0x800b)
|    length/value: 1 (0x1)
|     [1 is OAKLEY_LIFE_SECONDS]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c)
|    length/value: 3600 (0xe10)
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001)
|    length/value: 7 (0x7)
|     [7 is OAKLEY_AES_CBC]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002)
|    length/value: 6 (0x6)
|     [6 is OAKLEY_SHA2_512]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003)
|    length/value: 65001 (0xfde9)
|     [65001 is XAUTHInitPreShared]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004)
|    length/value: 5 (0x5)
|     [5 is OAKLEY_GROUP_MODP1536]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_KEY_LENGTH (0x800e)
|    length/value: 128 (0x80)
| emitting length of ISAKMP Transform Payload (ISAKMP): 36
| *****emit ISAKMP Transform Payload (ISAKMP):
|    next payload type: ISAKMP_NEXT_T (0x3)
|    ISAKMP transform number: 10 (0xa)
|    ISAKMP transform ID: KEY_IKE (0x1)
| last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3)
| last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type'
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_LIFE_TYPE (0x800b)
|    length/value: 1 (0x1)
|     [1 is OAKLEY_LIFE_SECONDS]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c)
|    length/value: 3600 (0xe10)
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001)
|    length/value: 7 (0x7)
|     [7 is OAKLEY_AES_CBC]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002)
|    length/value: 2 (0x2)
|     [2 is OAKLEY_SHA1]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003)
|    length/value: 65001 (0xfde9)
|     [65001 is XAUTHInitPreShared]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004)
|    length/value: 5 (0x5)
|     [5 is OAKLEY_GROUP_MODP1536]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_KEY_LENGTH (0x800e)
|    length/value: 256 (0x100)
| emitting length of ISAKMP Transform Payload (ISAKMP): 36
| *****emit ISAKMP Transform Payload (ISAKMP):
|    next payload type: ISAKMP_NEXT_T (0x3)
|    ISAKMP transform number: 11 (0xb)
|    ISAKMP transform ID: KEY_IKE (0x1)
| last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3)
| last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type'
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_LIFE_TYPE (0x800b)
|    length/value: 1 (0x1)
|     [1 is OAKLEY_LIFE_SECONDS]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c)
|    length/value: 3600 (0xe10)
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001)
|    length/value: 7 (0x7)
|     [7 is OAKLEY_AES_CBC]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002)
|    length/value: 2 (0x2)
|     [2 is OAKLEY_SHA1]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003)
|    length/value: 65001 (0xfde9)
|     [65001 is XAUTHInitPreShared]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004)
|    length/value: 5 (0x5)
|     [5 is OAKLEY_GROUP_MODP1536]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_KEY_LENGTH (0x800e)
|    length/value: 128 (0x80)
| emitting length of ISAKMP Transform Payload (ISAKMP): 36
| *****emit ISAKMP Transform Payload (ISAKMP):
|    next payload type: ISAKMP_NEXT_T (0x3)
|    ISAKMP transform number: 12 (0xc)
|    ISAKMP transform ID: KEY_IKE (0x1)
| last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3)
| last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type'
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_LIFE_TYPE (0x800b)
|    length/value: 1 (0x1)
|     [1 is OAKLEY_LIFE_SECONDS]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c)
|    length/value: 3600 (0xe10)
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001)
|    length/value: 5 (0x5)
|     [5 is OAKLEY_3DES_CBC]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002)
|    length/value: 4 (0x4)
|     [4 is OAKLEY_SHA2_256]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003)
|    length/value: 65001 (0xfde9)
|     [65001 is XAUTHInitPreShared]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004)
|    length/value: 14 (0xe)
|     [14 is OAKLEY_GROUP_MODP2048]
| emitting length of ISAKMP Transform Payload (ISAKMP): 32
| *****emit ISAKMP Transform Payload (ISAKMP):
|    next payload type: ISAKMP_NEXT_T (0x3)
|    ISAKMP transform number: 13 (0xd)
|    ISAKMP transform ID: KEY_IKE (0x1)
| last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3)
| last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type'
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_LIFE_TYPE (0x800b)
|    length/value: 1 (0x1)
|     [1 is OAKLEY_LIFE_SECONDS]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c)
|    length/value: 3600 (0xe10)
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001)
|    length/value: 5 (0x5)
|     [5 is OAKLEY_3DES_CBC]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002)
|    length/value: 6 (0x6)
|     [6 is OAKLEY_SHA2_512]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003)
|    length/value: 65001 (0xfde9)
|     [65001 is XAUTHInitPreShared]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004)
|    length/value: 14 (0xe)
|     [14 is OAKLEY_GROUP_MODP2048]
| emitting length of ISAKMP Transform Payload (ISAKMP): 32
| *****emit ISAKMP Transform Payload (ISAKMP):
|    next payload type: ISAKMP_NEXT_T (0x3)
|    ISAKMP transform number: 14 (0xe)
|    ISAKMP transform ID: KEY_IKE (0x1)
| last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3)
| last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type'
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_LIFE_TYPE (0x800b)
|    length/value: 1 (0x1)
|     [1 is OAKLEY_LIFE_SECONDS]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c)
|    length/value: 3600 (0xe10)
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001)
|    length/value: 5 (0x5)
|     [5 is OAKLEY_3DES_CBC]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002)
|    length/value: 2 (0x2)
|     [2 is OAKLEY_SHA1]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003)
|    length/value: 65001 (0xfde9)
|     [65001 is XAUTHInitPreShared]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004)
|    length/value: 14 (0xe)
|     [14 is OAKLEY_GROUP_MODP2048]
| emitting length of ISAKMP Transform Payload (ISAKMP): 32
| *****emit ISAKMP Transform Payload (ISAKMP):
|    next payload type: ISAKMP_NEXT_T (0x3)
|    ISAKMP transform number: 15 (0xf)
|    ISAKMP transform ID: KEY_IKE (0x1)
| last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3)
| last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type'
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_LIFE_TYPE (0x800b)
|    length/value: 1 (0x1)
|     [1 is OAKLEY_LIFE_SECONDS]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c)
|    length/value: 3600 (0xe10)
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001)
|    length/value: 5 (0x5)
|     [5 is OAKLEY_3DES_CBC]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002)
|    length/value: 4 (0x4)
|     [4 is OAKLEY_SHA2_256]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003)
|    length/value: 65001 (0xfde9)
|     [65001 is XAUTHInitPreShared]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004)
|    length/value: 5 (0x5)
|     [5 is OAKLEY_GROUP_MODP1536]
| emitting length of ISAKMP Transform Payload (ISAKMP): 32
| *****emit ISAKMP Transform Payload (ISAKMP):
|    next payload type: ISAKMP_NEXT_T (0x3)
|    ISAKMP transform number: 16 (0x10)
|    ISAKMP transform ID: KEY_IKE (0x1)
| last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3)
| last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type'
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_LIFE_TYPE (0x800b)
|    length/value: 1 (0x1)
|     [1 is OAKLEY_LIFE_SECONDS]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c)
|    length/value: 3600 (0xe10)
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001)
|    length/value: 5 (0x5)
|     [5 is OAKLEY_3DES_CBC]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002)
|    length/value: 6 (0x6)
|     [6 is OAKLEY_SHA2_512]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003)
|    length/value: 65001 (0xfde9)
|     [65001 is XAUTHInitPreShared]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004)
|    length/value: 5 (0x5)
|     [5 is OAKLEY_GROUP_MODP1536]
| emitting length of ISAKMP Transform Payload (ISAKMP): 32
| *****emit ISAKMP Transform Payload (ISAKMP):
|    next payload type: ISAKMP_NEXT_NONE (0x0)
|    ISAKMP transform number: 17 (0x11)
|    ISAKMP transform ID: KEY_IKE (0x1)
| last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3)
| last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type'
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_LIFE_TYPE (0x800b)
|    length/value: 1 (0x1)
|     [1 is OAKLEY_LIFE_SECONDS]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c)
|    length/value: 3600 (0xe10)
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001)
|    length/value: 5 (0x5)
|     [5 is OAKLEY_3DES_CBC]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002)
|    length/value: 2 (0x2)
|     [2 is OAKLEY_SHA1]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003)
|    length/value: 65001 (0xfde9)
|     [65001 is XAUTHInitPreShared]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004)
|    length/value: 5 (0x5)
|     [5 is OAKLEY_GROUP_MODP1536]
| emitting length of ISAKMP Transform Payload (ISAKMP): 32
| emitting length of ISAKMP Proposal Payload: 632
| last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is 0
| emitting length of ISAKMP Security Association Payload: 644
| last substructure: checking 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' is 0
| out_vid(): sending [FRAGMENTATION]
| ***emit ISAKMP Vendor ID Payload:
|    next payload type: ISAKMP_NEXT_VID (0xd)
| next payload chain: ignoring supplied 'ISAKMP Vendor ID Payload'.'next payload type' value 13:ISAKMP_NEXT_VID
| next payload chain: setting previous 'ISAKMP Security Association Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID)
| next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet'
| emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload
| V_ID  40 48 b7 d5  6e bc e8 85  25 e7 de 7f  00 d6 c2 d3
| emitting length of ISAKMP Vendor ID Payload: 20
| out_vid(): sending [XAUTH]
| ***emit ISAKMP Vendor ID Payload:
|    next payload type: ISAKMP_NEXT_VID (0xd)
| next payload chain: ignoring supplied 'ISAKMP Vendor ID Payload'.'next payload type' value 13:ISAKMP_NEXT_VID
| next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID)
| next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet'
| emitting 8 raw bytes of V_ID into ISAKMP Vendor ID Payload
| V_ID  09 00 26 89  df d6 b7 12
| emitting length of ISAKMP Vendor ID Payload: 12
| out_vid(): sending [Dead Peer Detection]
| ***emit ISAKMP Vendor ID Payload:
|    next payload type: ISAKMP_NEXT_NONE (0x0)
| next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID)
| next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet'
| emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload
| V_ID  af ca d7 13  68 a1 f1 c9  6b 86 96 fc  77 57 01 00
| emitting length of ISAKMP Vendor ID Payload: 20
| nat add vid
| sending draft and RFC NATT VIDs
| out_vid(): sending [RFC 3947]
| ***emit ISAKMP Vendor ID Payload:
|    next payload type: ISAKMP_NEXT_VID (0xd)
| next payload chain: ignoring supplied 'ISAKMP Vendor ID Payload'.'next payload type' value 13:ISAKMP_NEXT_VID
| next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID)
| next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet'
| emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload
| V_ID  4a 13 1c 81  07 03 58 45  5c 57 28 f2  0e 95 45 2f
| emitting length of ISAKMP Vendor ID Payload: 20
| skipping VID_NATT_RFC
| out_vid(): sending [draft-ietf-ipsec-nat-t-ike-03]
| ***emit ISAKMP Vendor ID Payload:
|    next payload type: ISAKMP_NEXT_VID (0xd)
| next payload chain: ignoring supplied 'ISAKMP Vendor ID Payload'.'next payload type' value 13:ISAKMP_NEXT_VID
| next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID)
| next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet'
| emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload
| V_ID  7d 94 19 a6  53 10 ca 6f  2c 17 9d 92  15 52 9d 56
| emitting length of ISAKMP Vendor ID Payload: 20
| out_vid(): sending [draft-ietf-ipsec-nat-t-ike-02_n]
| ***emit ISAKMP Vendor ID Payload:
|    next payload type: ISAKMP_NEXT_VID (0xd)
| next payload chain: ignoring supplied 'ISAKMP Vendor ID Payload'.'next payload type' value 13:ISAKMP_NEXT_VID
| next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID)
| next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet'
| emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload
| V_ID  90 cb 80 91  3e bb 69 6e  08 63 81 b5  ec 42 7b 1f
| emitting length of ISAKMP Vendor ID Payload: 20
| out_vid(): sending [draft-ietf-ipsec-nat-t-ike-02]
| ***emit ISAKMP Vendor ID Payload:
|    next payload type: ISAKMP_NEXT_NONE (0x0)
| next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID)
| next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet'
| emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload
| V_ID  cd 60 46 43  35 df 21 f8  7c fd b2 fc  68 b6 a4 48
| emitting length of ISAKMP Vendor ID Payload: 20
| no IKEv1 message padding required
| emitting length of ISAKMP Message: 804
| sending 804 bytes for reply packet for main_outI1 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1)
|   79 06 6b 20  17 b2 e6 fc  00 00 00 00  00 00 00 00
|   01 10 02 00  00 00 00 00  00 00 03 24  0d 00 02 84
|   00 00 00 01  00 00 00 01  00 00 02 78  00 01 00 12
|   03 00 00 24  00 01 00 00  80 0b 00 01  80 0c 0e 10
|   80 01 00 07  80 02 00 04  80 03 fd e9  80 04 00 0e
|   80 0e 01 00  03 00 00 24  01 01 00 00  80 0b 00 01
|   80 0c 0e 10  80 01 00 07  80 02 00 04  80 03 fd e9
|   80 04 00 0e  80 0e 00 80  03 00 00 24  02 01 00 00
|   80 0b 00 01  80 0c 0e 10  80 01 00 07  80 02 00 06
|   80 03 fd e9  80 04 00 0e  80 0e 01 00  03 00 00 24
|   03 01 00 00  80 0b 00 01  80 0c 0e 10  80 01 00 07
|   80 02 00 06  80 03 fd e9  80 04 00 0e  80 0e 00 80
|   03 00 00 24  04 01 00 00  80 0b 00 01  80 0c 0e 10
|   80 01 00 07  80 02 00 02  80 03 fd e9  80 04 00 0e
|   80 0e 01 00  03 00 00 24  05 01 00 00  80 0b 00 01
|   80 0c 0e 10  80 01 00 07  80 02 00 02  80 03 fd e9
|   80 04 00 0e  80 0e 00 80  03 00 00 24  06 01 00 00
|   80 0b 00 01  80 0c 0e 10  80 01 00 07  80 02 00 04
|   80 03 fd e9  80 04 00 05  80 0e 01 00  03 00 00 24
|   07 01 00 00  80 0b 00 01  80 0c 0e 10  80 01 00 07
|   80 02 00 04  80 03 fd e9  80 04 00 05  80 0e 00 80
|   03 00 00 24  08 01 00 00  80 0b 00 01  80 0c 0e 10
|   80 01 00 07  80 02 00 06  80 03 fd e9  80 04 00 05
|   80 0e 01 00  03 00 00 24  09 01 00 00  80 0b 00 01
|   80 0c 0e 10  80 01 00 07  80 02 00 06  80 03 fd e9
|   80 04 00 05  80 0e 00 80  03 00 00 24  0a 01 00 00
|   80 0b 00 01  80 0c 0e 10  80 01 00 07  80 02 00 02
|   80 03 fd e9  80 04 00 05  80 0e 01 00  03 00 00 24
|   0b 01 00 00  80 0b 00 01  80 0c 0e 10  80 01 00 07
|   80 02 00 02  80 03 fd e9  80 04 00 05  80 0e 00 80
|   03 00 00 20  0c 01 00 00  80 0b 00 01  80 0c 0e 10
|   80 01 00 05  80 02 00 04  80 03 fd e9  80 04 00 0e
|   03 00 00 20  0d 01 00 00  80 0b 00 01  80 0c 0e 10
|   80 01 00 05  80 02 00 06  80 03 fd e9  80 04 00 0e
|   03 00 00 20  0e 01 00 00  80 0b 00 01  80 0c 0e 10
|   80 01 00 05  80 02 00 02  80 03 fd e9  80 04 00 0e
|   03 00 00 20  0f 01 00 00  80 0b 00 01  80 0c 0e 10
|   80 01 00 05  80 02 00 04  80 03 fd e9  80 04 00 05
|   03 00 00 20  10 01 00 00  80 0b 00 01  80 0c 0e 10
|   80 01 00 05  80 02 00 06  80 03 fd e9  80 04 00 05
|   00 00 00 20  11 01 00 00  80 0b 00 01  80 0c 0e 10
|   80 01 00 05  80 02 00 02  80 03 fd e9  80 04 00 05
|   0d 00 00 14  40 48 b7 d5  6e bc e8 85  25 e7 de 7f
|   00 d6 c2 d3  0d 00 00 0c  09 00 26 89  df d6 b7 12
|   0d 00 00 14  af ca d7 13  68 a1 f1 c9  6b 86 96 fc
|   77 57 01 00  0d 00 00 14  4a 13 1c 81  07 03 58 45
|   5c 57 28 f2  0e 95 45 2f  0d 00 00 14  7d 94 19 a6
|   53 10 ca 6f  2c 17 9d 92  15 52 9d 56  0d 00 00 14
|   90 cb 80 91  3e bb 69 6e  08 63 81 b5  ec 42 7b 1f
|   00 00 00 14  cd 60 46 43  35 df 21 f8  7c fd b2 fc
|   68 b6 a4 48
| event_schedule: new EVENT_RETRANSMIT-pe@0x55f7ab38ef58
| inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #1
| libevent_malloc: new ptr-libevent@0x55f7ab38d668 size 128
| #1 STATE_MAIN_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 29304.712349
| #1 spent 1.14 milliseconds in main_outI1()
| stop processing: state #1 connection "north-east" from 192.1.2.23 (in main_outI1() at ikev1_main.c:228)
| resume processing: connection "north-east" (in main_outI1() at ikev1_main.c:228)
| stop processing: connection "north-east" (in initiate_a_connection() at initiate.c:349)
| close_any(fd@23) (in initiate_connection() at initiate.c:372)
| close_any(fd@16) (in whack_process() at rcv_whack.c:700)
| spent 1.22 milliseconds in whack
| spent 0.00195 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue()
| *received 156 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500)
|   79 06 6b 20  17 b2 e6 fc  6a 32 cc 41  99 58 a1 ce
|   01 10 02 00  00 00 00 00  00 00 00 9c  0d 00 00 38
|   00 00 00 01  00 00 00 01  00 00 00 2c  00 01 00 01
|   00 00 00 24  00 01 00 00  80 0b 00 01  80 0c 0e 10
|   80 01 00 07  80 02 00 04  80 03 fd e9  80 04 00 0e
|   80 0e 01 00  0d 00 00 14  40 48 b7 d5  6e bc e8 85
|   25 e7 de 7f  00 d6 c2 d3  0d 00 00 0c  09 00 26 89
|   df d6 b7 12  0d 00 00 14  af ca d7 13  68 a1 f1 c9
|   6b 86 96 fc  77 57 01 00  00 00 00 14  4a 13 1c 81
|   07 03 58 45  5c 57 28 f2  0e 95 45 2f
| start processing: from 192.1.2.23:500 (in process_md() at demux.c:378)
| **parse ISAKMP Message:
|    initiator cookie:
|   79 06 6b 20  17 b2 e6 fc
|    responder cookie:
|   6a 32 cc 41  99 58 a1 ce
|    next payload type: ISAKMP_NEXT_SA (0x1)
|    ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
|    exchange type: ISAKMP_XCHG_IDPROT (0x2)
|    flags: none (0x0)
|    Message ID: 0 (0x0)
|    length: 156 (0x9c)
|  processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2)
| State DB: IKEv1 state not found (find_state_ikev1)
| State DB: found IKEv1 state #1 in MAIN_I1 (find_state_ikev1_init)
| start processing: state #1 connection "north-east" from 192.1.2.23 (in process_v1_packet() at ikev1.c:1459)
| #1 is idle
| #1 idle
| got payload 0x2  (ISAKMP_NEXT_SA) needed: 0x2 opt: 0x2080
| ***parse ISAKMP Security Association Payload:
|    next payload type: ISAKMP_NEXT_VID (0xd)
|    length: 56 (0x38)
|    DOI: ISAKMP_DOI_IPSEC (0x1)
| got payload 0x2000  (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080
| ***parse ISAKMP Vendor ID Payload:
|    next payload type: ISAKMP_NEXT_VID (0xd)
|    length: 20 (0x14)
| got payload 0x2000  (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080
| ***parse ISAKMP Vendor ID Payload:
|    next payload type: ISAKMP_NEXT_VID (0xd)
|    length: 12 (0xc)
| got payload 0x2000  (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080
| ***parse ISAKMP Vendor ID Payload:
|    next payload type: ISAKMP_NEXT_VID (0xd)
|    length: 20 (0x14)
| got payload 0x2000  (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080
| ***parse ISAKMP Vendor ID Payload:
|    next payload type: ISAKMP_NEXT_NONE (0x0)
|    length: 20 (0x14)
| message 'main_inR1_outI2' HASH payload not checked early
| received Vendor ID payload [FRAGMENTATION]
| received Vendor ID payload [XAUTH]
| received Vendor ID payload [Dead Peer Detection]
|  quirks.qnat_traversal_vid set to=117 [RFC 3947]
| received Vendor ID payload [RFC 3947]
| ****parse IPsec DOI SIT:
|    IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1)
| ****parse ISAKMP Proposal Payload:
|    next payload type: ISAKMP_NEXT_NONE (0x0)
|    length: 44 (0x2c)
|    proposal number: 0 (0x0)
|    protocol ID: PROTO_ISAKMP (0x1)
|    SPI size: 0 (0x0)
|    number of transforms: 1 (0x1)
| *****parse ISAKMP Transform Payload (ISAKMP):
|    next payload type: ISAKMP_NEXT_NONE (0x0)
|    length: 36 (0x24)
|    ISAKMP transform number: 0 (0x0)
|    ISAKMP transform ID: KEY_IKE (0x1)
| ******parse ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_LIFE_TYPE (0x800b)
|    length/value: 1 (0x1)
|    [1 is OAKLEY_LIFE_SECONDS]
| ******parse ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c)
|    length/value: 3600 (0xe10)
| ******parse ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001)
|    length/value: 7 (0x7)
|    [7 is OAKLEY_AES_CBC]
| ******parse ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002)
|    length/value: 4 (0x4)
|    [4 is OAKLEY_SHA2_256]
| ******parse ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003)
|    length/value: 65001 (0xfde9)
|    [65001 is XAUTHInitPreShared]
| started looking for secret for 192.1.3.33->@east of kind PKK_PSK
| actually looking for secret for 192.1.3.33->@east of kind PKK_PSK
| line 1: key type PKK_PSK(192.1.3.33) to type PKK_PSK
| 1: compared key (none) to 192.1.3.33 / @east -> 002
| 2: compared key (none) to 192.1.3.33 / @east -> 002
| line 1: match=002
| match 002 beats previous best_match 000 match=0x55f7ab2e5c48 (line=1)
| concluding with best_match=002 best=0x55f7ab2e5c48 (lineno=1)
| ******parse ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004)
|    length/value: 14 (0xe)
|    [14 is OAKLEY_GROUP_MODP2048]
| ******parse ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_KEY_LENGTH (0x800e)
|    length/value: 256 (0x100)
| OAKLEY proposal verified unconditionally; no alg_info to check against
| Oakley Transform 0 accepted
| sender checking NAT-T: enabled; VID 117
| returning NAT-T method NAT_TRAVERSAL_METHOD_IETF_RFC
| enabling possible NAT-traversal with method RFC 3947 (NAT-Traversal)
| adding outI2 KE work-order 1 for state #1
| state #1 requesting EVENT_RETRANSMIT to be deleted
| #1 STATE_MAIN_I1: retransmits: cleared
| libevent_free: release ptr-libevent@0x55f7ab38d668
| free_event_entry: release EVENT_RETRANSMIT-pe@0x55f7ab38ef58
| event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55f7ab38ef58
| inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1
| libevent_malloc: new ptr-libevent@0x55f7ab38d668 size 128
| complete v1 state transition with STF_SUSPEND
| [RE]START processing: state #1 connection "north-east" from 192.1.2.23 (in complete_v1_state_transition() at ikev1.c:2648)
| suspending state #1 and saving MD
| #1 is busy; has a suspended MD
| #1 spent 0.114 milliseconds in process_packet_tail()
| crypto helper 2 resuming
| crypto helper 2 starting work-order 1 for state #1
| stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380)
| crypto helper 2 doing build KE and nonce (outI2 KE); request ID 1
| stop processing: state #1 connection "north-east" from 192.1.2.23 (in process_md() at demux.c:382)
| processing: STOP connection NULL (in process_md() at demux.c:383)
| spent 0.239 milliseconds in comm_handle_cb() reading and processing packet
| crypto helper 2 finished build KE and nonce (outI2 KE); request ID 1 time elapsed 0.000615 seconds
| (#1) spent 0.619 milliseconds in crypto helper computing work-order 1: outI2 KE (pcr)
| crypto helper 2 sending results from work-order 1 for state #1 to event queue
| scheduling resume sending helper answer for #1
| libevent_malloc: new ptr-libevent@0x7f369c002888 size 128
| crypto helper 2 waiting (nothing to do)
| processing resume sending helper answer for #1
| start processing: state #1 connection "north-east" from 192.1.2.23 (in resume_handler() at server.c:797)
| crypto helper 2 replies to request ID 1
| calling continuation function 0x55f7a9292b50
| main_inR1_outI2_continue for #1: calculated ke+nonce, sending I2
| **emit ISAKMP Message:
|    initiator cookie:
|   79 06 6b 20  17 b2 e6 fc
|    responder cookie:
|   6a 32 cc 41  99 58 a1 ce
|    next payload type: ISAKMP_NEXT_NONE (0x0)
|    ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
|    exchange type: ISAKMP_XCHG_IDPROT (0x2)
|    flags: none (0x0)
|    Message ID: 0 (0x0)
| next payload chain: saving message location 'ISAKMP Message'.'next payload type'
| ***emit ISAKMP Key Exchange Payload:
|    next payload type: ISAKMP_NEXT_NONCE (0xa)
| next payload chain: ignoring supplied 'ISAKMP Key Exchange Payload'.'next payload type' value 10:ISAKMP_NEXT_NONCE
| next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Key Exchange Payload (4:ISAKMP_NEXT_KE)
| next payload chain: saving location 'ISAKMP Key Exchange Payload'.'next payload type' in 'reply packet'
| emitting 256 raw bytes of keyex value into ISAKMP Key Exchange Payload
| keyex value  8d 03 55 2f  46 68 b3 9a  4b 4c 79 1a  f9 a6 f4 14
| keyex value  f0 b0 d1 67  db 3e 6f ee  39 a4 d6 a0  64 fc 67 44
| keyex value  02 c3 ce 86  56 58 0d 5c  ee 3e 2e a4  48 6b 75 9a
| keyex value  36 a5 73 ce  84 69 c7 95  c1 65 92 a9  77 39 9c 54
| keyex value  03 f4 75 40  86 d6 5c 68  9c ca 61 e9  13 2b e1 b3
| keyex value  75 26 52 c1  90 0f 64 59  38 03 98 2f  f6 07 0b ff
| keyex value  1b 12 62 fc  85 56 af 96  3b 91 24 25  ad 4f 5d 7d
| keyex value  28 a4 c3 92  6f d1 8d c3  b8 2d ea 1e  e1 d3 7e 70
| keyex value  1b 44 c9 bc  8d 59 6f 3f  6b fc 11 fa  ea 2f f6 5e
| keyex value  e1 ce 45 0d  b8 41 0d 7d  19 c2 6f e3  2d 2e 77 dd
| keyex value  c6 b1 b1 95  29 90 06 e0  d2 b5 bb 3d  a8 1e fb e0
| keyex value  a6 13 57 41  12 2c 45 7c  ad a4 38 10  0f 4a 3b 58
| keyex value  66 b2 a7 bf  c2 b2 b7 97  f6 b7 22 c4  ca 25 e9 47
| keyex value  90 0a 0b 48  0b f0 bb 0f  80 e7 4f 74  28 1e 04 50
| keyex value  e2 7a 26 ea  8c a1 98 ec  2e ec 10 51  de 57 7b ad
| keyex value  f8 62 92 d4  14 73 69 fc  c7 88 5d bd  b9 68 4f 4f
| emitting length of ISAKMP Key Exchange Payload: 260
| ***emit ISAKMP Nonce Payload:
|    next payload type: ISAKMP_NEXT_NONE (0x0)
| next payload chain: setting previous 'ISAKMP Key Exchange Payload'.'next payload type' to current ISAKMP Nonce Payload (10:ISAKMP_NEXT_NONCE)
| next payload chain: saving location 'ISAKMP Nonce Payload'.'next payload type' in 'reply packet'
| emitting 32 raw bytes of Ni into ISAKMP Nonce Payload
| Ni  b8 83 42 bb  7f 55 06 95  0b 5f 11 4a  c5 a4 f5 b8
| Ni  90 3e 6b e2  8c b6 99 e6  6f 4f 0b 4c  60 cf cf eb
| emitting length of ISAKMP Nonce Payload: 36
| NAT-T checking st_nat_traversal
| NAT-T found (implies NAT_T_WITH_NATD)
| sending NAT-D payloads
| natd_hash: hasher=0x55f7a9367ca0(32)
| natd_hash: icookie=  79 06 6b 20  17 b2 e6 fc
| natd_hash: rcookie=  6a 32 cc 41  99 58 a1 ce
| natd_hash: ip=  c0 01 02 17
| natd_hash: port=500
| natd_hash: hash=  46 6a ec d6  66 2e 79 99  28 c2 43 fa  0e 34 78 0a
| natd_hash: hash=  cb fc d5 de  91 bf 7b be  4f 55 6b e4  3a 7d bc db
| ***emit ISAKMP NAT-D Payload:
|    next payload type: ISAKMP_NEXT_NATD_RFC (0x14)
| next payload chain: ignoring supplied 'ISAKMP NAT-D Payload'.'next payload type' value 20:ISAKMP_NEXT_NATD_RFC
| next payload chain: setting previous 'ISAKMP Nonce Payload'.'next payload type' to current ISAKMP NAT-D Payload (20:ISAKMP_NEXT_NATD_RFC)
| next payload chain: saving location 'ISAKMP NAT-D Payload'.'next payload type' in 'reply packet'
| emitting 32 raw bytes of NAT-D into ISAKMP NAT-D Payload
| NAT-D  46 6a ec d6  66 2e 79 99  28 c2 43 fa  0e 34 78 0a
| NAT-D  cb fc d5 de  91 bf 7b be  4f 55 6b e4  3a 7d bc db
| emitting length of ISAKMP NAT-D Payload: 36
| natd_hash: hasher=0x55f7a9367ca0(32)
| natd_hash: icookie=  79 06 6b 20  17 b2 e6 fc
| natd_hash: rcookie=  6a 32 cc 41  99 58 a1 ce
| natd_hash: ip=  c0 01 03 21
| natd_hash: port=500
| natd_hash: hash=  2e 2b 3a c6  4f d0 80 ec  fd f9 4a fc  4c 74 81 32
| natd_hash: hash=  de 2b 57 59  88 1e 99 98  c9 e6 df 88  92 73 96 12
| ***emit ISAKMP NAT-D Payload:
|    next payload type: ISAKMP_NEXT_NONE (0x0)
| next payload chain: setting previous 'ISAKMP NAT-D Payload'.'next payload type' to current ISAKMP NAT-D Payload (20:ISAKMP_NEXT_NATD_RFC)
| next payload chain: saving location 'ISAKMP NAT-D Payload'.'next payload type' in 'reply packet'
| emitting 32 raw bytes of NAT-D into ISAKMP NAT-D Payload
| NAT-D  2e 2b 3a c6  4f d0 80 ec  fd f9 4a fc  4c 74 81 32
| NAT-D  de 2b 57 59  88 1e 99 98  c9 e6 df 88  92 73 96 12
| emitting length of ISAKMP NAT-D Payload: 36
| no IKEv1 message padding required
| emitting length of ISAKMP Message: 396
| State DB: re-hashing IKEv1 state #1 IKE SPIi and SPI[ir]
| complete v1 state transition with STF_OK
| [RE]START processing: state #1 connection "north-east" from 192.1.2.23 (in complete_v1_state_transition() at ikev1.c:2673)
| #1 is idle
| doing_xauth:yes, t_xauth_client_done:no
| peer supports fragmentation
| peer supports DPD
| IKEv1: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
| parent state #1: MAIN_I1(half-open IKE SA) => MAIN_I2(open IKE SA)
| event_already_set, deleting event
| state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted
| libevent_free: release ptr-libevent@0x55f7ab38d668
| free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55f7ab38ef58
| sending reply packet to 192.1.2.23:500 (from 192.1.3.33:500)
| sending 396 bytes for STATE_MAIN_I1 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1)
|   79 06 6b 20  17 b2 e6 fc  6a 32 cc 41  99 58 a1 ce
|   04 10 02 00  00 00 00 00  00 00 01 8c  0a 00 01 04
|   8d 03 55 2f  46 68 b3 9a  4b 4c 79 1a  f9 a6 f4 14
|   f0 b0 d1 67  db 3e 6f ee  39 a4 d6 a0  64 fc 67 44
|   02 c3 ce 86  56 58 0d 5c  ee 3e 2e a4  48 6b 75 9a
|   36 a5 73 ce  84 69 c7 95  c1 65 92 a9  77 39 9c 54
|   03 f4 75 40  86 d6 5c 68  9c ca 61 e9  13 2b e1 b3
|   75 26 52 c1  90 0f 64 59  38 03 98 2f  f6 07 0b ff
|   1b 12 62 fc  85 56 af 96  3b 91 24 25  ad 4f 5d 7d
|   28 a4 c3 92  6f d1 8d c3  b8 2d ea 1e  e1 d3 7e 70
|   1b 44 c9 bc  8d 59 6f 3f  6b fc 11 fa  ea 2f f6 5e
|   e1 ce 45 0d  b8 41 0d 7d  19 c2 6f e3  2d 2e 77 dd
|   c6 b1 b1 95  29 90 06 e0  d2 b5 bb 3d  a8 1e fb e0
|   a6 13 57 41  12 2c 45 7c  ad a4 38 10  0f 4a 3b 58
|   66 b2 a7 bf  c2 b2 b7 97  f6 b7 22 c4  ca 25 e9 47
|   90 0a 0b 48  0b f0 bb 0f  80 e7 4f 74  28 1e 04 50
|   e2 7a 26 ea  8c a1 98 ec  2e ec 10 51  de 57 7b ad
|   f8 62 92 d4  14 73 69 fc  c7 88 5d bd  b9 68 4f 4f
|   14 00 00 24  b8 83 42 bb  7f 55 06 95  0b 5f 11 4a
|   c5 a4 f5 b8  90 3e 6b e2  8c b6 99 e6  6f 4f 0b 4c
|   60 cf cf eb  14 00 00 24  46 6a ec d6  66 2e 79 99
|   28 c2 43 fa  0e 34 78 0a  cb fc d5 de  91 bf 7b be
|   4f 55 6b e4  3a 7d bc db  00 00 00 24  2e 2b 3a c6
|   4f d0 80 ec  fd f9 4a fc  4c 74 81 32  de 2b 57 59
|   88 1e 99 98  c9 e6 df 88  92 73 96 12
| !event_already_set at reschedule
| event_schedule: new EVENT_RETRANSMIT-pe@0x55f7ab38ef58
| inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #1
| libevent_malloc: new ptr-libevent@0x55f7ab38d668 size 128
| #1 STATE_MAIN_I2: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 29304.714919
"north-east" #1: STATE_MAIN_I2: sent MI2, expecting MR2
| XAUTH client is not yet authenticated
| resume sending helper answer for #1 suppresed complete_v1_state_transition()
| #1 spent 0.795 milliseconds in resume sending helper answer
| stop processing: state #1 connection "north-east" from 192.1.2.23 (in resume_handler() at server.c:833)
| libevent_free: release ptr-libevent@0x7f369c002888
| spent 0.00244 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue()
| *received 396 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500)
|   79 06 6b 20  17 b2 e6 fc  6a 32 cc 41  99 58 a1 ce
|   04 10 02 00  00 00 00 00  00 00 01 8c  0a 00 01 04
|   0f 29 bf 21  b8 64 d9 73  26 bd 93 d5  68 75 4b 6e
|   65 55 29 ac  b4 1e 63 01  e6 ce 63 08  ca 01 ba 32
|   5c 04 90 7e  fb e5 bb 80  5e 2e 32 1a  f6 93 be 53
|   6c 17 ce 18  16 ac 10 4a  56 2c 25 30  f3 3b 9b 89
|   3b ff a0 3c  1d f4 19 f4  4f 60 d6 39  33 5b 4d 62
|   b9 4b 4d 8c  09 9a 8e bf  69 81 fd 81  ab de 0a d6
|   63 33 f9 83  5b f5 5a 2c  c3 71 77 7c  f5 c2 06 6e
|   a1 2b 89 8a  23 4a de 5f  d9 a6 3d ec  58 c9 11 50
|   45 db ec c6  f4 f0 da f0  90 47 49 b5  eb f0 16 6a
|   bc 63 af cf  ef 76 31 7e  fe 5e 17 83  f6 c1 5b b7
|   0e ba 15 96  49 a4 e5 ee  81 d2 10 25  1d 17 3e ec
|   f5 86 a3 f4  b6 01 e2 33  58 49 07 77  6e 56 7e 12
|   d8 d8 02 ba  fa 2a 9c 4e  92 57 aa 91  8e cc c7 73
|   0c c1 4e df  29 43 7c 83  8e d4 9f e7  bb 4a 27 70
|   fd b6 4c 0d  97 80 ad 96  29 e0 9c 32  04 e6 1f 24
|   0b 14 0f 1f  4f 0c be 69  33 ed ac 3a  2c 05 98 e9
|   14 00 00 24  18 3a 5d a1  a4 e7 9e 18  37 d7 80 a7
|   71 f3 db 4c  e9 a5 e8 11  97 92 2d 9e  f8 67 f3 83
|   24 e0 0b b4  14 00 00 24  0b bb 6c ba  b9 9c b8 77
|   46 44 54 7c  47 ce 44 46  21 e8 a8 92  d3 6c b1 76
|   6c 39 17 f8  7a aa df 77  00 00 00 24  46 6a ec d6
|   66 2e 79 99  28 c2 43 fa  0e 34 78 0a  cb fc d5 de
|   91 bf 7b be  4f 55 6b e4  3a 7d bc db
| start processing: from 192.1.2.23:500 (in process_md() at demux.c:378)
| **parse ISAKMP Message:
|    initiator cookie:
|   79 06 6b 20  17 b2 e6 fc
|    responder cookie:
|   6a 32 cc 41  99 58 a1 ce
|    next payload type: ISAKMP_NEXT_KE (0x4)
|    ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
|    exchange type: ISAKMP_XCHG_IDPROT (0x2)
|    flags: none (0x0)
|    Message ID: 0 (0x0)
|    length: 396 (0x18c)
|  processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2)
| State DB: found IKEv1 state #1 in MAIN_I2 (find_state_ikev1)
| start processing: state #1 connection "north-east" from 192.1.2.23 (in process_v1_packet() at ikev1.c:1459)
| #1 is idle
| #1 idle
| got payload 0x10  (ISAKMP_NEXT_KE) needed: 0x410 opt: 0x102080
| ***parse ISAKMP Key Exchange Payload:
|    next payload type: ISAKMP_NEXT_NONCE (0xa)
|    length: 260 (0x104)
| got payload 0x400  (ISAKMP_NEXT_NONCE) needed: 0x400 opt: 0x102080
| ***parse ISAKMP Nonce Payload:
|    next payload type: ISAKMP_NEXT_NATD_RFC (0x14)
|    length: 36 (0x24)
| got payload 0x100000  (ISAKMP_NEXT_NATD_RFC) needed: 0x0 opt: 0x102080
| ***parse ISAKMP NAT-D Payload:
|    next payload type: ISAKMP_NEXT_NATD_RFC (0x14)
|    length: 36 (0x24)
| got payload 0x100000  (ISAKMP_NEXT_NATD_RFC) needed: 0x0 opt: 0x102080
| ***parse ISAKMP NAT-D Payload:
|    next payload type: ISAKMP_NEXT_NONE (0x0)
|    length: 36 (0x24)
| message 'main_inR2_outI3' HASH payload not checked early
| started looking for secret for 192.1.3.33->@east of kind PKK_PSK
| actually looking for secret for 192.1.3.33->@east of kind PKK_PSK
| line 1: key type PKK_PSK(192.1.3.33) to type PKK_PSK
| 1: compared key (none) to 192.1.3.33 / @east -> 002
| 2: compared key (none) to 192.1.3.33 / @east -> 002
| line 1: match=002
| match 002 beats previous best_match 000 match=0x55f7ab2e5c48 (line=1)
| concluding with best_match=002 best=0x55f7ab2e5c48 (lineno=1)
| adding aggr outR1 DH work-order 2 for state #1
| state #1 requesting EVENT_RETRANSMIT to be deleted
| #1 STATE_MAIN_I2: retransmits: cleared
| libevent_free: release ptr-libevent@0x55f7ab38d668
| free_event_entry: release EVENT_RETRANSMIT-pe@0x55f7ab38ef58
| event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55f7ab38ef58
| inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1
| libevent_malloc: new ptr-libevent@0x55f7ab38d668 size 128
| complete v1 state transition with STF_SUSPEND
| [RE]START processing: state #1 connection "north-east" from 192.1.2.23 (in complete_v1_state_transition() at ikev1.c:2648)
| suspending state #1 and saving MD
| #1 is busy; has a suspended MD
| #1 spent 0.0609 milliseconds in process_packet_tail()
| stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380)
| stop processing: state #1 connection "north-east" from 192.1.2.23 (in process_md() at demux.c:382)
| processing: STOP connection NULL (in process_md() at demux.c:383)
| spent 0.178 milliseconds in comm_handle_cb() reading and processing packet
| crypto helper 3 resuming
| crypto helper 3 starting work-order 2 for state #1
| crypto helper 3 doing compute dh+iv (V1 Phase 1) (aggr outR1 DH); request ID 2
| crypto helper 3 finished compute dh+iv (V1 Phase 1) (aggr outR1 DH); request ID 2 time elapsed 0.001122 seconds
| (#1) spent 1.13 milliseconds in crypto helper computing work-order 2: aggr outR1 DH (pcr)
| crypto helper 3 sending results from work-order 2 for state #1 to event queue
| scheduling resume sending helper answer for #1
| libevent_malloc: new ptr-libevent@0x7f3694003978 size 128
| crypto helper 3 waiting (nothing to do)
| processing resume sending helper answer for #1
| start processing: state #1 connection "north-east" from 192.1.2.23 (in resume_handler() at server.c:797)
| crypto helper 3 replies to request ID 2
| calling continuation function 0x55f7a9292b50
| main_inR2_outI3_cryptotail for #1: calculated DH, sending R1
| **emit ISAKMP Message:
|    initiator cookie:
|   79 06 6b 20  17 b2 e6 fc
|    responder cookie:
|   6a 32 cc 41  99 58 a1 ce
|    next payload type: ISAKMP_NEXT_ID (0x5)
|    ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
|    exchange type: ISAKMP_XCHG_IDPROT (0x2)
|    flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1)
|    Message ID: 0 (0x0)
| next payload chain: saving message location 'ISAKMP Message'.'next payload type'
| next payload chain: ignoring supplied 'ISAKMP Message'.'next payload type' value 5:ISAKMP_NEXT_ID
| thinking about whether to send my certificate:
|   I have RSA key: OAKLEY_PRESHARED_KEY cert.type: 0?? 
|   sendcert: CERT_ALWAYSSEND and I did not get a certificate request 
|   so do not send cert.
| I did not send a certificate because digital signatures are not being used. (PSK)
|  I am not sending a certificate request
| I will NOT send an initial contact payload
| init checking NAT-T: enabled; RFC 3947 (NAT-Traversal)
| natd_hash: hasher=0x55f7a9367ca0(32)
| natd_hash: icookie=  79 06 6b 20  17 b2 e6 fc
| natd_hash: rcookie=  6a 32 cc 41  99 58 a1 ce
| natd_hash: ip=  c0 01 03 21
| natd_hash: port=500
| natd_hash: hash=  2e 2b 3a c6  4f d0 80 ec  fd f9 4a fc  4c 74 81 32
| natd_hash: hash=  de 2b 57 59  88 1e 99 98  c9 e6 df 88  92 73 96 12
| natd_hash: hasher=0x55f7a9367ca0(32)
| natd_hash: icookie=  79 06 6b 20  17 b2 e6 fc
| natd_hash: rcookie=  6a 32 cc 41  99 58 a1 ce
| natd_hash: ip=  c0 01 02 17
| natd_hash: port=500
| natd_hash: hash=  46 6a ec d6  66 2e 79 99  28 c2 43 fa  0e 34 78 0a
| natd_hash: hash=  cb fc d5 de  91 bf 7b be  4f 55 6b e4  3a 7d bc db
| expected NAT-D(me):  2e 2b 3a c6  4f d0 80 ec  fd f9 4a fc  4c 74 81 32
| expected NAT-D(me):  de 2b 57 59  88 1e 99 98  c9 e6 df 88  92 73 96 12
| expected NAT-D(him):
|   46 6a ec d6  66 2e 79 99  28 c2 43 fa  0e 34 78 0a
|   cb fc d5 de  91 bf 7b be  4f 55 6b e4  3a 7d bc db
| received NAT-D:  0b bb 6c ba  b9 9c b8 77  46 44 54 7c  47 ce 44 46
| received NAT-D:  21 e8 a8 92  d3 6c b1 76  6c 39 17 f8  7a aa df 77
| received NAT-D:  46 6a ec d6  66 2e 79 99  28 c2 43 fa  0e 34 78 0a
| received NAT-D:  cb fc d5 de  91 bf 7b be  4f 55 6b e4  3a 7d bc db
| NAT_TRAVERSAL encaps using auto-detect
| NAT_TRAVERSAL this end is behind NAT
| NAT_TRAVERSAL that end is NOT behind NAT
| NAT_TRAVERSAL nat-keepalive enabled 192.1.2.23
| NAT-Traversal: Result using RFC 3947 (NAT-Traversal) sender port 500: I am behind NAT
|  NAT_T_WITH_KA detected
| global one-shot timer EVENT_NAT_T_KEEPALIVE scheduled in 20 seconds
| ***emit ISAKMP Identification Payload (IPsec DOI):
|    next payload type: ISAKMP_NEXT_HASH (0x8)
|    ID type: ID_IPV4_ADDR (0x1)
|    Protocol ID: 0 (0x0)
|    port: 0 (0x0)
| next payload chain: ignoring supplied 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' value 8:ISAKMP_NEXT_HASH
| next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID)
| next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet'
| emitting 4 raw bytes of my identity into ISAKMP Identification Payload (IPsec DOI)
| my identity  c0 01 03 21
| emitting length of ISAKMP Identification Payload (IPsec DOI): 12
| ***emit ISAKMP Hash Payload:
|    next payload type: ISAKMP_NEXT_NONE (0x0)
| next payload chain: setting previous 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH)
| next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'reply packet'
| emitting 32 raw bytes of HASH_I into ISAKMP Hash Payload
| HASH_I  e9 de 7a ce  b6 98 e1 01  0d 3d d2 34  39 e3 47 94
| HASH_I  3a 8a ef f1  76 e5 0c c4  64 40 55 22  06 c0 4c 04
| emitting length of ISAKMP Hash Payload: 36
| Not sending INITIAL_CONTACT
| no IKEv1 message padding required
| emitting length of ISAKMP Message: 76
| complete v1 state transition with STF_OK
| [RE]START processing: state #1 connection "north-east" from 192.1.2.23 (in complete_v1_state_transition() at ikev1.c:2673)
| #1 is idle
| doing_xauth:yes, t_xauth_client_done:no
| IKEv1: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
| parent state #1: MAIN_I2(open IKE SA) => MAIN_I3(open IKE SA)
| event_already_set, deleting event
| state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted
| libevent_free: release ptr-libevent@0x55f7ab38d668
| free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55f7ab38ef58
| NAT-T: #1 in MAIN_I3 floating IKEv1 ports to PLUTO_NAT_PORT 4500
| NAT: #1 floating local endpoint from 192.1.3.33:500 to 192.1.3.33:4500 using pluto_nat_port (in complete_v1_state_transition() at ikev1.c:2791)
| NAT: #1 floating endpoint ended up on interface eth1 192.1.3.33:4500
| NAT-T: #1 floating remote port from 500 to 4500 using pluto_nat_port (in complete_v1_state_transition() at ikev1.c:2791)
| sending reply packet to 192.1.2.23:4500 (from 192.1.3.33:4500)
| sending 80 bytes for STATE_MAIN_I2 through eth1 from 192.1.3.33:4500 to 192.1.2.23:4500 (using #1)
|   00 00 00 00  79 06 6b 20  17 b2 e6 fc  6a 32 cc 41
|   99 58 a1 ce  05 10 02 01  00 00 00 00  00 00 00 4c
|   a6 d0 d9 1c  e8 63 7c 6b  25 1c 37 d4  7f 14 05 01
|   64 5d c8 11  0b 8b e6 ca  68 88 04 63  51 44 1a bc
|   82 96 e1 fb  2f 89 9e f4  e1 19 dd 87  13 35 d7 95
| !event_already_set at reschedule
| event_schedule: new EVENT_RETRANSMIT-pe@0x55f7ab38ef58
| inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #1
| libevent_malloc: new ptr-libevent@0x55f7ab38b728 size 128
| #1 STATE_MAIN_I3: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 29304.719274
"north-east" #1: STATE_MAIN_I3: sent MI3, expecting MR3
| XAUTH client is not yet authenticated
| resume sending helper answer for #1 suppresed complete_v1_state_transition()
| #1 spent 0.316 milliseconds in resume sending helper answer
| stop processing: state #1 connection "north-east" from 192.1.2.23 (in resume_handler() at server.c:833)
| libevent_free: release ptr-libevent@0x7f3694003978
| spent 0.0029 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue()
| *received 76 bytes from 192.1.2.23:4500 on eth1 (192.1.3.33:4500)
|   79 06 6b 20  17 b2 e6 fc  6a 32 cc 41  99 58 a1 ce
|   05 10 02 01  00 00 00 00  00 00 00 4c  71 07 6a fd
|   e1 67 71 b3  82 3b db 38  e4 97 fa 62  15 e7 fc ff
|   30 07 8f 6c  89 11 a9 da  25 d3 fc a9  5a 97 a8 80
|   6a e0 fc a6  d3 bc b9 75  a2 25 da 52
| start processing: from 192.1.2.23:4500 (in process_md() at demux.c:378)
| **parse ISAKMP Message:
|    initiator cookie:
|   79 06 6b 20  17 b2 e6 fc
|    responder cookie:
|   6a 32 cc 41  99 58 a1 ce
|    next payload type: ISAKMP_NEXT_ID (0x5)
|    ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
|    exchange type: ISAKMP_XCHG_IDPROT (0x2)
|    flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1)
|    Message ID: 0 (0x0)
|    length: 76 (0x4c)
|  processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2)
| State DB: found IKEv1 state #1 in MAIN_I3 (find_state_ikev1)
| start processing: state #1 connection "north-east" from 192.1.2.23 (in process_v1_packet() at ikev1.c:1459)
| #1 is idle
| #1 idle
| received encrypted packet from 192.1.2.23:4500
| got payload 0x20  (ISAKMP_NEXT_ID) needed: 0x120 opt: 0x2080
| ***parse ISAKMP Identification Payload:
|    next payload type: ISAKMP_NEXT_HASH (0x8)
|    length: 12 (0xc)
|    ID type: ID_FQDN (0x2)
|    DOI specific A: 0 (0x0)
|    DOI specific B: 0 (0x0)
|      obj:   65 61 73 74
| got payload 0x100  (ISAKMP_NEXT_HASH) needed: 0x100 opt: 0x2080
| ***parse ISAKMP Hash Payload:
|    next payload type: ISAKMP_NEXT_NONE (0x0)
|    length: 36 (0x24)
| message 'main_inR3' HASH payload not checked early
"north-east" #1: Peer ID is ID_FQDN: '@east'
| X509: no CERT payloads to process
| received 'Main' message HASH_R data ok
| FOR_EACH_CONNECTION_... in ISAKMP_SA_established
| complete v1 state transition with STF_OK
| [RE]START processing: state #1 connection "north-east" from 192.1.2.23 (in complete_v1_state_transition() at ikev1.c:2673)
| #1 is idle
| doing_xauth:yes, t_xauth_client_done:no
| IKEv1: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
| parent state #1: MAIN_I3(open IKE SA) => MAIN_I4(established IKE SA)
| event_already_set, deleting event
| state #1 requesting EVENT_RETRANSMIT to be deleted
| #1 STATE_MAIN_I4: retransmits: cleared
| libevent_free: release ptr-libevent@0x55f7ab38b728
| free_event_entry: release EVENT_RETRANSMIT-pe@0x55f7ab38ef58
| !event_already_set at reschedule
| event_schedule: new EVENT_SA_REPLACE-pe@0x55f7ab38ef58
| inserting event EVENT_SA_REPLACE, timeout in 2607 seconds for #1
| libevent_malloc: new ptr-libevent@0x7f3694003978 size 128
| pstats #1 ikev1.isakmp established
"north-east" #1: STATE_MAIN_I4: ISAKMP SA established {auth=PRESHARED_KEY cipher=AES_CBC_256 integ=HMAC_SHA2_256 group=MODP2048}
| DPD: dpd_init() called on ISAKMP SA
| DPD: Peer supports Dead Peer Detection
| DPD: not initializing DPD because DPD is disabled locally
| XAUTH client is not yet authenticated
| #1 spent 0.166 milliseconds in process_packet_tail()
| stop processing: from 192.1.2.23:4500 (BACKGROUND) (in process_md() at demux.c:380)
| stop processing: state #1 connection "north-east" from 192.1.2.23 (in process_md() at demux.c:382)
| processing: STOP connection NULL (in process_md() at demux.c:383)
| spent 0.284 milliseconds in comm_handle_cb() reading and processing packet
| spent 0.00286 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue()
| *received 92 bytes from 192.1.2.23:4500 on eth1 (192.1.3.33:4500)
|   79 06 6b 20  17 b2 e6 fc  6a 32 cc 41  99 58 a1 ce
|   08 10 06 01  44 44 28 85  00 00 00 5c  d5 2f d0 48
|   05 bf 7d c5  b6 1e c9 2d  89 83 90 b5  d6 69 36 a6
|   b9 a4 37 df  44 fc d6 15  5e 2e 54 77  63 4a c0 fc
|   50 0e e3 74  6b 4b 19 e5  0d ea 30 f7  7a 83 4b 5c
|   ad 14 c7 82  54 d1 1d 17  b1 2c 1f 3f
| start processing: from 192.1.2.23:4500 (in process_md() at demux.c:378)
| **parse ISAKMP Message:
|    initiator cookie:
|   79 06 6b 20  17 b2 e6 fc
|    responder cookie:
|   6a 32 cc 41  99 58 a1 ce
|    next payload type: ISAKMP_NEXT_HASH (0x8)
|    ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
|    exchange type: ISAKMP_XCHG_MODE_CFG (0x6)
|    flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1)
|    Message ID: 1145317509 (0x44442885)
|    length: 92 (0x5c)
|  processing version=1.0 packet with exchange type=ISAKMP_XCHG_MODE_CFG (6)
| peer and cookies match on #1; msgid=44442885 st_msgid=00000000 st_msgid_phase15=00000000
| State DB: IKEv1 state not found (find_v1_info_state)
| No appropriate Mode Config state yet. See if we have a Main Mode state
| peer and cookies match on #1; msgid=00000000 st_msgid=00000000 st_msgid_phase15=00000000
| p15 state object #1 found, in STATE_MAIN_I4
| State DB: found IKEv1 state #1 in MAIN_I4 (find_v1_info_state)
| start processing: state #1 connection "north-east" from 192.1.2.23 (in process_v1_packet() at ikev1.c:1678)
|  processing received isakmp_xchg_type ISAKMP_XCHG_MODE_CFG.
|  this is a xauthclient modecfgclient
|  call  init_phase2_iv
|  set from_state to STATE_MAIN_I4 this is xauthclient and IS_PHASE1() is TRUE
| #1 is idle
| #1 idle
| received encrypted packet from 192.1.2.23:4500
| got payload 0x100  (ISAKMP_NEXT_HASH) needed: 0x4100 opt: 0x2000
| ***parse ISAKMP Hash Payload:
|    next payload type: ISAKMP_NEXT_MODECFG (0xe)
|    length: 36 (0x24)
| got payload 0x4000  (ISAKMP_NEXT_MODECFG) needed: 0x4000 opt: 0x2000
| ***parse ISAKMP Mode Attribute:
|    next payload type: ISAKMP_NEXT_NONE (0x0)
|    length: 16 (0x10)
|    Attr Msg Type: ISAKMP_CFG_REQUEST (0x1)
|    Identifier: 0 (0x0)
| removing 12 bytes of padding
| xauth_inI0 HASH(1):
|   85 5f a2 b2  92 82 91 2b  59 7f 9f 5b  99 d2 d3 be
|   98 07 56 21  2c 05 e7 fb  60 28 6f b2  c8 67 44 ef
| received 'xauth_inI0' message HASH(1) data ok
| **emit ISAKMP Message:
|    initiator cookie:
|   79 06 6b 20  17 b2 e6 fc
|    responder cookie:
|   6a 32 cc 41  99 58 a1 ce
|    next payload type: ISAKMP_NEXT_HASH (0x8)
|    ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
|    exchange type: ISAKMP_XCHG_MODE_CFG (0x6)
|    flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1)
|    Message ID: 1145317509 (0x44442885)
| next payload chain: saving message location 'ISAKMP Message'.'next payload type'
| next payload chain: ignoring supplied 'ISAKMP Message'.'next payload type' value 8:ISAKMP_NEXT_HASH
| arrived in xauth_inI0
| ****parse ISAKMP ModeCfg attribute:
|    ModeCfg attr type: XAUTH-USER-NAME (0x4089)
|    length/value: 0 (0x0)
| Received Cisco XAUTH username
| ****parse ISAKMP ModeCfg attribute:
|    ModeCfg attr type: XAUTH-USER-PASSWORD (0x408a)
|    length/value: 0 (0x0)
| Received Cisco XAUTH password
| XAUTH: Username or password request received
| ***emit ISAKMP Hash Payload:
|    next payload type: ISAKMP_NEXT_NONE (0x0)
| next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH)
| next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'reply packet'
| emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload
| emitting length of ISAKMP Hash Payload: 36
| ***emit ISAKMP Mode Attribute:
|    next payload type: ISAKMP_NEXT_NONE (0x0)
|    Attr Msg Type: ISAKMP_CFG_REPLY (0x2)
|    Identifier: 0 (0x0)
| next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Mode Attribute (14:ISAKMP_NEXT_MODECFG)
| next payload chain: saving location 'ISAKMP Mode Attribute'.'next payload type' in 'reply packet'
| ****emit ISAKMP ModeCfg attribute:
|    ModeCfg attr type: XAUTH-USER-NAME (0x4089)
| prompting for Username:
| emitting 4 raw bytes of XAUTH username into ISAKMP ModeCfg attribute
| XAUTH username  75 73 65 31
| emitting length of ISAKMP ModeCfg attribute: 4
| ****emit ISAKMP ModeCfg attribute:
|    ModeCfg attr type: XAUTH-USER-PASSWORD (0x408a)
| started looking for xauth secret for use1
| line 1: key type PKK_XAUTH(@use1) to type PKK_PSK
| concluding with best_match=000 best=(nil) (lineno=-1)
| looked up username=use1, got=(nil)
| prompting for Password:
| emitting 8 raw bytes of XAUTH password into ISAKMP ModeCfg attribute
| XAUTH password  75 73 65 31  70 61 73 73
| emitting length of ISAKMP ModeCfg attribute: 8
| emitting length of ISAKMP Mode Attribute: 28
"north-east" #1: XAUTH: Answering XAUTH challenge with user='use1'
| XAUTH: client response HASH(1):
|   f7 18 5e bc  7a 0d 91 57  f5 66 f6 f1  50 26 8e 19
|   fa 17 23 91  da da dc 37  cf a5 1a f8  08 ed 40 27
| no IKEv1 message padding required
| emitting length of ISAKMP Message: 92
| no IKEv1 message padding required
| emitting length of ISAKMP Message: 92
| xauth_inI0(STF_OK)
| complete v1 state transition with STF_OK
| [RE]START processing: state #1 connection "north-east" from 192.1.2.23 (in complete_v1_state_transition() at ikev1.c:2673)
| #1 is idle
| doing_xauth:yes, t_xauth_client_done:no
| IKEv1: transition from state STATE_XAUTH_I0 to state STATE_XAUTH_I1
| parent state #1: MAIN_I4(established IKE SA) => XAUTH_I1(established IKE SA)
| event_already_set, deleting event
| state #1 requesting EVENT_SA_REPLACE to be deleted
| libevent_free: release ptr-libevent@0x7f3694003978
| free_event_entry: release EVENT_SA_REPLACE-pe@0x55f7ab38ef58
| sending reply packet to 192.1.2.23:4500 (from 192.1.3.33:4500)
| sending 96 bytes for STATE_XAUTH_I0 through eth1 from 192.1.3.33:4500 to 192.1.2.23:4500 (using #1)
|   00 00 00 00  79 06 6b 20  17 b2 e6 fc  6a 32 cc 41
|   99 58 a1 ce  08 10 06 01  44 44 28 85  00 00 00 5c
|   84 c9 f6 98  3c de 6c fb  a6 65 f1 39  6e 76 0d 83
|   60 c2 9d c4  c8 38 a5 a0  f0 e9 cd bb  99 91 53 26
|   cb f2 3c 07  53 bb 43 f6  fd c3 55 bd  da 60 03 93
|   de d6 27 a6  cc b6 92 75  54 fa be dc  52 3d 40 05
| !event_already_set at reschedule
| event_schedule: new EVENT_RETRANSMIT-pe@0x55f7ab38ef58
| inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #1
| libevent_malloc: new ptr-libevent@0x55f7ab38b728 size 128
| #1 STATE_XAUTH_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 29304.800845
| pstats #1 ikev1.isakmp established
"north-east" #1: STATE_XAUTH_I1: XAUTH client - possibly awaiting CFG_set {auth=PRESHARED_KEY cipher=AES_CBC_256 integ=HMAC_SHA2_256 group=MODP2048}
| DPD: dpd_init() called on ISAKMP SA
| DPD: Peer supports Dead Peer Detection
| DPD: not initializing DPD because DPD is disabled locally
| XAUTH client is not yet authenticated
| #1 spent 0.24 milliseconds in process_packet_tail()
| stop processing: from 192.1.2.23:4500 (BACKGROUND) (in process_md() at demux.c:380)
| stop processing: state #1 connection "north-east" from 192.1.2.23 (in process_md() at demux.c:382)
| processing: STOP connection NULL (in process_md() at demux.c:383)
| spent 0.405 milliseconds in comm_handle_cb() reading and processing packet
| spent 0.00198 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue()
| *received 76 bytes from 192.1.2.23:4500 on eth1 (192.1.3.33:4500)
|   79 06 6b 20  17 b2 e6 fc  6a 32 cc 41  99 58 a1 ce
|   08 10 06 01  62 c6 71 f1  00 00 00 4c  c7 54 d9 30
|   d5 0b a6 b3  c2 c4 6f 17  42 b7 ba f5  c0 12 29 fa
|   e6 fd 30 b4  00 de 85 e9  43 e4 dd d3  e8 cd de b2
|   3f 68 6a 8d  7a f2 41 1a  15 0b d5 2c
| start processing: from 192.1.2.23:4500 (in process_md() at demux.c:378)
| **parse ISAKMP Message:
|    initiator cookie:
|   79 06 6b 20  17 b2 e6 fc
|    responder cookie:
|   6a 32 cc 41  99 58 a1 ce
|    next payload type: ISAKMP_NEXT_HASH (0x8)
|    ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
|    exchange type: ISAKMP_XCHG_MODE_CFG (0x6)
|    flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1)
|    Message ID: 1657172465 (0x62c671f1)
|    length: 76 (0x4c)
|  processing version=1.0 packet with exchange type=ISAKMP_XCHG_MODE_CFG (6)
| peer and cookies match on #1; msgid=62c671f1 st_msgid=00000000 st_msgid_phase15=00000000
| State DB: IKEv1 state not found (find_v1_info_state)
| No appropriate Mode Config state yet. See if we have a Main Mode state
| peer and cookies match on #1; msgid=00000000 st_msgid=00000000 st_msgid_phase15=00000000
| p15 state object #1 found, in STATE_XAUTH_I1
| State DB: found IKEv1 state #1 in XAUTH_I1 (find_v1_info_state)
| start processing: state #1 connection "north-east" from 192.1.2.23 (in process_v1_packet() at ikev1.c:1678)
|  processing received isakmp_xchg_type ISAKMP_XCHG_MODE_CFG.
|  this is a xauthclient modecfgclient
|  call  init_phase2_iv
|  set from_state to STATE_XAUTH_I1 this is xauthclient and state == STATE_XAUTH_I1
| #1 is idle
| #1 idle
| received encrypted packet from 192.1.2.23:4500
| got payload 0x100  (ISAKMP_NEXT_HASH) needed: 0x4100 opt: 0x2000
| ***parse ISAKMP Hash Payload:
|    next payload type: ISAKMP_NEXT_MODECFG (0xe)
|    length: 36 (0x24)
| got payload 0x4000  (ISAKMP_NEXT_MODECFG) needed: 0x4000 opt: 0x2000
| ***parse ISAKMP Mode Attribute:
|    next payload type: ISAKMP_NEXT_NONE (0x0)
|    length: 12 (0xc)
|    Attr Msg Type: ISAKMP_CFG_SET (0x3)
|    Identifier: 0 (0x0)
| xauth_inI0 HASH(1):
|   f2 94 db 2a  d9 12 b1 2b  33 7b 9c 40  c1 d7 1c 1d
|   ac 6f 29 24  b4 95 27 c7  53 9c 7c 27  db 9a e4 c1
| received 'xauth_inI0' message HASH(1) data ok
| **emit ISAKMP Message:
|    initiator cookie:
|   79 06 6b 20  17 b2 e6 fc
|    responder cookie:
|   6a 32 cc 41  99 58 a1 ce
|    next payload type: ISAKMP_NEXT_HASH (0x8)
|    ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
|    exchange type: ISAKMP_XCHG_MODE_CFG (0x6)
|    flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1)
|    Message ID: 1657172465 (0x62c671f1)
| next payload chain: saving message location 'ISAKMP Message'.'next payload type'
| next payload chain: ignoring supplied 'ISAKMP Message'.'next payload type' value 8:ISAKMP_NEXT_HASH
| arrived in xauth_inI0
| ****parse ISAKMP ModeCfg attribute:
|    ModeCfg attr type: AF+XAUTH-STATUS (0xc08f)
|    length/value: 1 (0x1)
| Received Cisco XAUTH status: OK
| ***emit ISAKMP Hash Payload:
|    next payload type: ISAKMP_NEXT_NONE (0x0)
| next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH)
| next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'reply packet'
| emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload
| emitting length of ISAKMP Hash Payload: 36
| ***emit ISAKMP Mode Attribute:
|    next payload type: ISAKMP_NEXT_NONE (0x0)
|    Attr Msg Type: ISAKMP_CFG_ACK (0x4)
|    Identifier: 0 (0x0)
| next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Mode Attribute (14:ISAKMP_NEXT_MODECFG)
| next payload chain: saving location 'ISAKMP Mode Attribute'.'next payload type' in 'reply packet'
| ****emit ISAKMP ModeCfg attribute:
|    ModeCfg attr type: AF+XAUTH-STATUS (0xc08f)
|    length/value: 1 (0x1)
| no IKEv1 message padding required
| emitting length of ISAKMP Mode Attribute: 12
| XAUTH: ack status HASH(1):
|   ea 95 cf 48  dc 26 36 24  91 ff 85 3a  0f ff c5 49
|   ce 4f 03 c7  c8 71 71 17  81 71 b1 21  65 c7 1e 88
| no IKEv1 message padding required
| emitting length of ISAKMP Message: 76
| no IKEv1 message padding required
| emitting length of ISAKMP Message: 76
"north-east" #1: XAUTH: Successfully Authenticated
| complete v1 state transition with STF_OK
| [RE]START processing: state #1 connection "north-east" from 192.1.2.23 (in complete_v1_state_transition() at ikev1.c:2673)
| #1 is idle
| doing_xauth:no, t_xauth_client_done:yes
| IKEv1: transition from state STATE_XAUTH_I0 to state STATE_XAUTH_I1
| event_already_set, deleting event
| state #1 requesting EVENT_RETRANSMIT to be deleted
| #1 STATE_XAUTH_I1: retransmits: cleared
| libevent_free: release ptr-libevent@0x55f7ab38b728
| free_event_entry: release EVENT_RETRANSMIT-pe@0x55f7ab38ef58
| sending reply packet to 192.1.2.23:4500 (from 192.1.3.33:4500)
| sending 80 bytes for STATE_XAUTH_I0 through eth1 from 192.1.3.33:4500 to 192.1.2.23:4500 (using #1)
|   00 00 00 00  79 06 6b 20  17 b2 e6 fc  6a 32 cc 41
|   99 58 a1 ce  08 10 06 01  62 c6 71 f1  00 00 00 4c
|   c0 80 95 9f  47 7b b9 80  2c b0 1e b9  56 17 ae 41
|   1b 1c 9f 2c  21 7b 6e 03  45 64 98 05  c4 6f 6e 69
|   e0 9c 23 42  6e d1 35 70  7c ac 1f cb  0e 66 e9 52
| !event_already_set at reschedule
| event_schedule: new EVENT_RETRANSMIT-pe@0x55f7ab38ef58
| inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #1
| libevent_malloc: new ptr-libevent@0x55f7ab38c6e8 size 128
| #1 STATE_XAUTH_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 29304.80148
| pstats #1 ikev1.isakmp established
"north-east" #1: STATE_XAUTH_I1: XAUTH client - possibly awaiting CFG_set {auth=PRESHARED_KEY cipher=AES_CBC_256 integ=HMAC_SHA2_256 group=MODP2048}
| DPD: dpd_init() called on ISAKMP SA
| DPD: Peer supports Dead Peer Detection
| DPD: not initializing DPD because DPD is disabled locally
| modecfg pull: noquirk policy:pull modecfg-client
| modecfg client is starting due to policy
"north-east" #1: modecfg: Sending IP request (MODECFG_I1)
| parent state #1: XAUTH_I1(established IKE SA) => MODE_CFG_I1(established IKE SA)
| **emit ISAKMP Message:
|    initiator cookie:
|   79 06 6b 20  17 b2 e6 fc
|    responder cookie:
|   6a 32 cc 41  99 58 a1 ce
|    next payload type: ISAKMP_NEXT_NONE (0x0)
|    ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
|    exchange type: ISAKMP_XCHG_MODE_CFG (0x6)
|    flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1)
|    Message ID: 3717821664 (0xdd9974e0)
| next payload chain: saving message location 'ISAKMP Message'.'next payload type'
| ***emit ISAKMP Hash Payload:
|    next payload type: ISAKMP_NEXT_NONE (0x0)
| next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH)
| next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'xauth_buf'
| emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload
| emitting length of ISAKMP Hash Payload: 36
| ***emit ISAKMP Mode Attribute:
|    next payload type: ISAKMP_NEXT_NONE (0x0)
|    Attr Msg Type: ISAKMP_CFG_REQUEST (0x1)
|    Identifier: 0 (0x0)
| next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Mode Attribute (14:ISAKMP_NEXT_MODECFG)
| next payload chain: saving location 'ISAKMP Mode Attribute'.'next payload type' in 'xauth_buf'
| ****emit ISAKMP ModeCfg attribute:
|    ModeCfg attr type: INTERNAL_IP4_ADDRESS (0x1)
|    length/value: 0 (0x0)
| emitting length of ISAKMP ModeCfg attribute: 0
| ****emit ISAKMP ModeCfg attribute:
|    ModeCfg attr type: INTERNAL_IP4_NETMASK (0x2)
|    length/value: 0 (0x0)
| emitting length of ISAKMP ModeCfg attribute: 0
| ****emit ISAKMP ModeCfg attribute:
|    ModeCfg attr type: INTERNAL_IP4_DNS (0x3)
|    length/value: 0 (0x0)
| emitting length of ISAKMP ModeCfg attribute: 0
| ****emit ISAKMP ModeCfg attribute:
|    ModeCfg attr type: MODECFG_BANNER (0x7000)
|    length/value: 0 (0x0)
| emitting length of ISAKMP ModeCfg attribute: 0
| ****emit ISAKMP ModeCfg attribute:
|    ModeCfg attr type: MODECFG_DOMAIN (0x7002)
|    length/value: 0 (0x0)
| emitting length of ISAKMP ModeCfg attribute: 0
| ****emit ISAKMP ModeCfg attribute:
|    ModeCfg attr type: CISCO_SPLIT_INC (0x7004)
|    length/value: 0 (0x0)
| emitting length of ISAKMP ModeCfg attribute: 0
| no IKEv1 message padding required
| emitting length of ISAKMP Mode Attribute: 32
| XAUTH: mode config request HASH(1):
|   03 99 37 6a  cf 6e 59 ed  64 3d ac b8  a4 0b 44 d4
|   c6 f6 12 7f  1f 37 30 12  cb 9b 28 73  4e 6f 10 25
| no IKEv1 message padding required
| emitting length of ISAKMP Message: 96
| emitting 12 zero bytes of encryption padding into ISAKMP Message
| no IKEv1 message padding required
| emitting length of ISAKMP Message: 108
| sending 112 bytes for modecfg: req through eth1 from 192.1.3.33:4500 to 192.1.2.23:4500 (using #1)
|   00 00 00 00  79 06 6b 20  17 b2 e6 fc  6a 32 cc 41
|   99 58 a1 ce  08 10 06 01  dd 99 74 e0  00 00 00 6c
|   7d 26 c0 f9  e0 66 40 95  46 00 65 be  28 2f 41 8e
|   ca d7 f3 89  2d 5b bd 9b  21 25 fd 31  e5 38 87 bc
|   83 60 73 6a  8a a8 02 60  12 37 ee 72  a5 02 f3 ff
|   67 dd 4a 27  45 e7 e6 ab  f0 0f d8 75  f8 1b 12 f6
|   b2 0d 4b ac  7e 2a 1e 27  1d 90 c7 c9  e5 11 14 ce
| #1 spent 0.272 milliseconds in process_packet_tail()
| stop processing: from 192.1.2.23:4500 (BACKGROUND) (in process_md() at demux.c:380)
| stop processing: state #1 connection "north-east" from 192.1.2.23 (in process_md() at demux.c:382)
| processing: STOP connection NULL (in process_md() at demux.c:383)
| spent 0.41 milliseconds in comm_handle_cb() reading and processing packet
| spent 0.00222 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue()
| *received 92 bytes from 192.1.2.23:4500 on eth1 (192.1.3.33:4500)
|   79 06 6b 20  17 b2 e6 fc  6a 32 cc 41  99 58 a1 ce
|   08 10 06 01  dd 99 74 e0  00 00 00 5c  c6 7f 44 0f
|   0d 6b 36 e6  83 54 a7 12  fa 79 d7 6c  fb ac c5 8b
|   2d 27 45 0c  ce 90 c0 f6  63 0a 21 9f  dc ac 08 b0
|   ae 2e a3 c9  46 3a 1a 46  65 ec ce 34  98 04 b9 dc
|   a9 98 c9 db  a4 46 fd 32  ed db 89 7a
| start processing: from 192.1.2.23:4500 (in process_md() at demux.c:378)
| **parse ISAKMP Message:
|    initiator cookie:
|   79 06 6b 20  17 b2 e6 fc
|    responder cookie:
|   6a 32 cc 41  99 58 a1 ce
|    next payload type: ISAKMP_NEXT_HASH (0x8)
|    ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
|    exchange type: ISAKMP_XCHG_MODE_CFG (0x6)
|    flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1)
|    Message ID: 3717821664 (0xdd9974e0)
|    length: 92 (0x5c)
|  processing version=1.0 packet with exchange type=ISAKMP_XCHG_MODE_CFG (6)
| peer and cookies match on #1; msgid=dd9974e0 st_msgid=00000000 st_msgid_phase15=dd9974e0
| p15 state object #1 found, in STATE_MODE_CFG_I1
| State DB: found IKEv1 state #1 in MODE_CFG_I1 (find_v1_info_state)
| start processing: state #1 connection "north-east" from 192.1.2.23 (in process_v1_packet() at ikev1.c:1802)
| #1 is idle
| #1 idle
| received encrypted packet from 192.1.2.23:4500
| got payload 0x100  (ISAKMP_NEXT_HASH) needed: 0x4100 opt: 0x2000
| ***parse ISAKMP Hash Payload:
|    next payload type: ISAKMP_NEXT_MODECFG (0xe)
|    length: 36 (0x24)
| got payload 0x4000  (ISAKMP_NEXT_MODECFG) needed: 0x4000 opt: 0x2000
| ***parse ISAKMP Mode Attribute:
|    next payload type: ISAKMP_NEXT_NONE (0x0)
|    length: 24 (0x18)
|    Attr Msg Type: ISAKMP_CFG_REPLY (0x2)
|    Identifier: 0 (0x0)
| removing 4 bytes of padding
| modecfg_inR1 HASH(1):
|   b5 9a 44 15  a7 6a a1 4f  99 1f 1e 92  0e 78 90 af
|   bf 19 a2 b9  fe 6d 62 75  36 e5 e2 ba  30 4d d3 7e
| received 'modecfg_inR1' message HASH(1) data ok
| **emit ISAKMP Message:
|    initiator cookie:
|   79 06 6b 20  17 b2 e6 fc
|    responder cookie:
|   6a 32 cc 41  99 58 a1 ce
|    next payload type: ISAKMP_NEXT_HASH (0x8)
|    ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
|    exchange type: ISAKMP_XCHG_MODE_CFG (0x6)
|    flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1)
|    Message ID: 3717821664 (0xdd9974e0)
| next payload chain: saving message location 'ISAKMP Message'.'next payload type'
| next payload chain: ignoring supplied 'ISAKMP Message'.'next payload type' value 8:ISAKMP_NEXT_HASH
| modecfg_inR1: received mode cfg reply
| ****parse ISAKMP ModeCfg attribute:
|    ModeCfg attr type: INTERNAL_IP4_ADDRESS (0x1)
|    length/value: 4 (0x4)
| parsing 4 raw bytes of ISAKMP ModeCfg attribute into addr
| addr  c0 00 02 65
"north-east" #1: Received IPv4 address: 192.0.2.101/32
| setting ip source address to 192.0.2.101/32
| ****parse ISAKMP ModeCfg attribute:
|    ModeCfg attr type: INTERNAL_IP4_NETMASK (0x2)
|    length/value: 4 (0x4)
| parsing 4 raw bytes of ISAKMP ModeCfg attribute into addr
| addr  00 00 00 00
| Received IP4 NETMASK 0.0.0.0
| modecfg_inR1(STF_OK)
| complete v1 state transition with STF_OK
| [RE]START processing: state #1 connection "north-east" from 192.1.2.23 (in complete_v1_state_transition() at ikev1.c:2673)
| #1 is idle
| doing_xauth:no, t_xauth_client_done:yes
| IKEv1: transition from state STATE_MODE_CFG_I1 to state STATE_MAIN_I4
| parent state #1: MODE_CFG_I1(established IKE SA) => MAIN_I4(established IKE SA)
| event_already_set, deleting event
| state #1 requesting EVENT_RETRANSMIT to be deleted
| #1 STATE_MAIN_I4: retransmits: cleared
| libevent_free: release ptr-libevent@0x55f7ab38c6e8
| free_event_entry: release EVENT_RETRANSMIT-pe@0x55f7ab38ef58
| !event_already_set at reschedule
| event_schedule: new EVENT_SA_REPLACE-pe@0x55f7ab38ef58
| inserting event EVENT_SA_REPLACE, timeout in 3330 seconds for #1
| libevent_malloc: new ptr-libevent@0x55f7ab38b728 size 128
| pstats #1 ikev1.isakmp established
"north-east" #1: STATE_MAIN_I4: ISAKMP SA established {auth=PRESHARED_KEY cipher=AES_CBC_256 integ=HMAC_SHA2_256 group=MODP2048}
| DPD: dpd_init() called on ISAKMP SA
| DPD: Peer supports Dead Peer Detection
| DPD: not initializing DPD because DPD is disabled locally
| modecfg pull: noquirk policy:pull modecfg-client
| phase 1 is done, looking for phase 2 to unpend
| unpending state #1
| creating state object #2 at 0x55f7ab3903d8
| State DB: adding IKEv1 state #2 in UNDEFINED
| pstats #2 ikev1.ipsec started
| duplicating state object #1 "north-east" as #2 for IPSEC SA
| #2 setting local endpoint to 192.1.3.33:4500 from #1.st_localport (in duplicate_state() at state.c:1484)
| suspend processing: state #1 connection "north-east" from 192.1.2.23 (in quick_outI1() at ikev1_quick.c:685)
| start processing: state #2 connection "north-east" from 192.1.2.23 (in quick_outI1() at ikev1_quick.c:685)
| child state #2: UNDEFINED(ignore) => QUICK_I1(established CHILD SA)
"north-east" #2: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP+XAUTH+MODECFG_PULL+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO {using isakmp#1 msgid:2d25a324 proposal=defaults pfsgroup=MODP2048}
| adding quick_outI1 KE work-order 3 for state #2
| event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f369c002b78
| inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #2
| libevent_malloc: new ptr-libevent@0x55f7ab38b678 size 128
| stop processing: state #2 connection "north-east" from 192.1.2.23 (in quick_outI1() at ikev1_quick.c:764)
| resume processing: state #1 connection "north-east" from 192.1.2.23 (in quick_outI1() at ikev1_quick.c:764)
| unqueuing pending Quick Mode with 192.1.2.23 "north-east"
| removing pending policy for no connection {0x55f7ab37d6c8}
| crypto helper 4 resuming
| close_any(fd@24) (in release_whack() at state.c:654)
| crypto helper 4 starting work-order 3 for state #2
| #1 spent 0.183 milliseconds in process_packet_tail()
| stop processing: from 192.1.2.23:4500 (BACKGROUND) (in process_md() at demux.c:380)
| crypto helper 4 doing build KE and nonce (quick_outI1 KE); request ID 3
| stop processing: state #1 connection "north-east" from 192.1.2.23 (in process_md() at demux.c:382)
| processing: STOP connection NULL (in process_md() at demux.c:383)
| spent 0.314 milliseconds in comm_handle_cb() reading and processing packet
| crypto helper 4 finished build KE and nonce (quick_outI1 KE); request ID 3 time elapsed 0.000997 seconds
| (#2) spent 0.988 milliseconds in crypto helper computing work-order 3: quick_outI1 KE (pcr)
| crypto helper 4 sending results from work-order 3 for state #2 to event queue
| scheduling resume sending helper answer for #2
| libevent_malloc: new ptr-libevent@0x7f3698003f28 size 128
| libevent_realloc: release ptr-libevent@0x55f7ab36c818
| libevent_realloc: new ptr-libevent@0x7f3698003e78 size 128
| crypto helper 4 waiting (nothing to do)
| processing resume sending helper answer for #2
| start processing: state #2 connection "north-east" from 192.1.2.23 (in resume_handler() at server.c:797)
| crypto helper 4 replies to request ID 3
| calling continuation function 0x55f7a9292b50
| quick_outI1_continue for #2: calculated ke+nonce, sending I1
| **emit ISAKMP Message:
|    initiator cookie:
|   79 06 6b 20  17 b2 e6 fc
|    responder cookie:
|   6a 32 cc 41  99 58 a1 ce
|    next payload type: ISAKMP_NEXT_NONE (0x0)
|    ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
|    exchange type: ISAKMP_XCHG_QUICK (0x20)
|    flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1)
|    Message ID: 757441316 (0x2d25a324)
| next payload chain: saving message location 'ISAKMP Message'.'next payload type'
| ***emit ISAKMP Hash Payload:
|    next payload type: ISAKMP_NEXT_NONE (0x0)
| next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH)
| next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'reply packet'
| emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload
| emitting length of ISAKMP Hash Payload: 36
| emitting quick defaults using policy none
| empty esp_info, returning defaults for ENCRYPT
| ***emit ISAKMP Security Association Payload:
|    next payload type: ISAKMP_NEXT_NONCE (0xa)
|    DOI: ISAKMP_DOI_IPSEC (0x1)
| next payload chain: ignoring supplied 'ISAKMP Security Association Payload'.'next payload type' value 10:ISAKMP_NEXT_NONCE
| next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Security Association Payload (1:ISAKMP_NEXT_SA)
| next payload chain: saving location 'ISAKMP Security Association Payload'.'next payload type' in 'reply packet'
| ****emit IPsec DOI SIT:
|    IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1)
| ikev1_out_sa pcn: 0 has 1 valid proposals
| ikev1_out_sa pcn: 0 pn: 0<1 valid_count: 1 trans_cnt: 2
| ****emit ISAKMP Proposal Payload:
|    next payload type: ISAKMP_NEXT_NONE (0x0)
|    proposal number: 0 (0x0)
|    protocol ID: PROTO_IPSEC_ESP (0x3)
|    SPI size: 4 (0x4)
|    number of transforms: 2 (0x2)
| last substructure: saving location 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type'
| netlink_get_spi: allocated 0x54bd1448 for esp.0@192.1.3.33
| emitting 4 raw bytes of SPI into ISAKMP Proposal Payload
| SPI  54 bd 14 48
| *****emit ISAKMP Transform Payload (ESP):
|    next payload type: ISAKMP_NEXT_T (0x3)
|    ESP transform number: 0 (0x0)
|    ESP transform ID: ESP_AES (0xc)
| last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type'
| ******emit ISAKMP IPsec DOI attribute:
|    af+type: AF+GROUP_DESCRIPTION (0x8003)
|    length/value: 14 (0xe)
|     [14 is OAKLEY_GROUP_MODP2048]
| ******emit ISAKMP IPsec DOI attribute:
|    af+type: AF+ENCAPSULATION_MODE (0x8004)
|    length/value: 3 (0x3)
|     [3 is ENCAPSULATION_MODE_UDP_TUNNEL_RFC]
| ******emit ISAKMP IPsec DOI attribute:
|    af+type: AF+SA_LIFE_TYPE (0x8001)
|    length/value: 1 (0x1)
|     [1 is SA_LIFE_TYPE_SECONDS]
| ******emit ISAKMP IPsec DOI attribute:
|    af+type: AF+SA_LIFE_DURATION (variable length) (0x8002)
|    length/value: 28800 (0x7080)
| ******emit ISAKMP IPsec DOI attribute:
|    af+type: AF+AUTH_ALGORITHM (0x8005)
|    length/value: 2 (0x2)
|     [2 is AUTH_ALGORITHM_HMAC_SHA1]
| ******emit ISAKMP IPsec DOI attribute:
|    af+type: AF+KEY_LENGTH (0x8006)
|    length/value: 128 (0x80)
| emitting length of ISAKMP Transform Payload (ESP): 32
| *****emit ISAKMP Transform Payload (ESP):
|    next payload type: ISAKMP_NEXT_NONE (0x0)
|    ESP transform number: 1 (0x1)
|    ESP transform ID: ESP_3DES (0x3)
| last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' is ISAKMP_NEXT_T (0x3)
| last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type'
| ******emit ISAKMP IPsec DOI attribute:
|    af+type: AF+GROUP_DESCRIPTION (0x8003)
|    length/value: 14 (0xe)
|     [14 is OAKLEY_GROUP_MODP2048]
| ******emit ISAKMP IPsec DOI attribute:
|    af+type: AF+ENCAPSULATION_MODE (0x8004)
|    length/value: 3 (0x3)
|     [3 is ENCAPSULATION_MODE_UDP_TUNNEL_RFC]
| ******emit ISAKMP IPsec DOI attribute:
|    af+type: AF+SA_LIFE_TYPE (0x8001)
|    length/value: 1 (0x1)
|     [1 is SA_LIFE_TYPE_SECONDS]
| ******emit ISAKMP IPsec DOI attribute:
|    af+type: AF+SA_LIFE_DURATION (variable length) (0x8002)
|    length/value: 28800 (0x7080)
| ******emit ISAKMP IPsec DOI attribute:
|    af+type: AF+AUTH_ALGORITHM (0x8005)
|    length/value: 2 (0x2)
|     [2 is AUTH_ALGORITHM_HMAC_SHA1]
| emitting length of ISAKMP Transform Payload (ESP): 28
| emitting length of ISAKMP Proposal Payload: 72
| last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' is 0
| emitting length of ISAKMP Security Association Payload: 84
| last substructure: checking 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' is 0
| ***emit ISAKMP Nonce Payload:
|    next payload type: ISAKMP_NEXT_KE (0x4)
| next payload chain: ignoring supplied 'ISAKMP Nonce Payload'.'next payload type' value 4:ISAKMP_NEXT_KE
| next payload chain: setting previous 'ISAKMP Security Association Payload'.'next payload type' to current ISAKMP Nonce Payload (10:ISAKMP_NEXT_NONCE)
| next payload chain: saving location 'ISAKMP Nonce Payload'.'next payload type' in 'reply packet'
| emitting 32 raw bytes of Ni into ISAKMP Nonce Payload
| Ni  a0 b6 92 6a  14 44 67 2e  1e 07 38 fc  94 27 82 14
| Ni  b4 55 d5 fa  49 11 ff 84  3c ac 84 01  e7 4b 43 0d
| emitting length of ISAKMP Nonce Payload: 36
| ***emit ISAKMP Key Exchange Payload:
|    next payload type: ISAKMP_NEXT_ID (0x5)
| next payload chain: ignoring supplied 'ISAKMP Key Exchange Payload'.'next payload type' value 5:ISAKMP_NEXT_ID
| next payload chain: setting previous 'ISAKMP Nonce Payload'.'next payload type' to current ISAKMP Key Exchange Payload (4:ISAKMP_NEXT_KE)
| next payload chain: saving location 'ISAKMP Key Exchange Payload'.'next payload type' in 'reply packet'
| emitting 256 raw bytes of keyex value into ISAKMP Key Exchange Payload
| keyex value  df ef 68 0d  b4 eb 8b 1d  75 95 93 41  3e e8 d5 0d
| keyex value  16 99 6c 82  5b a4 e0 35  43 b3 35 05  b1 4a e9 be
| keyex value  49 45 36 8d  b6 ce 4e 09  cf fa 15 82  d3 66 c3 3b
| keyex value  dc 3d 73 1f  23 96 85 4c  df 2e bc 86  74 a8 ff 2c
| keyex value  96 4f e2 50  6d 6a 4d d0  d0 c7 d2 86  7e 99 2c d5
| keyex value  04 e0 fd 58  dd 70 89 02  77 5a f7 62  cb cc 4f d4
| keyex value  61 9d be 7d  6a 39 ee 4c  5f fc 7e 02  35 9a 3e a6
| keyex value  c1 85 c8 05  a6 df a5 24  eb 57 1f 99  3a 0e 27 83
| keyex value  2d 2c 63 06  71 af 50 e0  50 60 22 8e  a3 e0 6b c1
| keyex value  7e 4c cc d2  25 20 fe e3  45 7e 41 ec  1b d3 59 57
| keyex value  06 41 2b df  34 78 00 cc  f2 5d 84 6a  2c 8c 5f e1
| keyex value  93 da 26 ff  d5 e6 ee 68  40 28 c1 1c  68 97 ea 84
| keyex value  bb 71 d8 49  08 16 79 62  c3 22 34 a4  99 51 62 55
| keyex value  a9 98 5f 99  90 be 21 8f  be 9e c7 cc  d2 b5 2b aa
| keyex value  17 27 8f 22  c3 95 7c cb  74 e1 29 c6  f4 1c e2 fd
| keyex value  78 92 09 0b  87 90 df fc  34 29 2e e8  05 8a 29 5f
| emitting length of ISAKMP Key Exchange Payload: 260
| ***emit ISAKMP Identification Payload (IPsec DOI):
|    next payload type: ISAKMP_NEXT_ID (0x5)
|    ID type: ID_IPV4_ADDR (0x1)
|    Protocol ID: 0 (0x0)
|    port: 0 (0x0)
| next payload chain: ignoring supplied 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' value 5:ISAKMP_NEXT_ID
| next payload chain: setting previous 'ISAKMP Key Exchange Payload'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID)
| next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet'
| emitting 4 raw bytes of client network into ISAKMP Identification Payload (IPsec DOI)
| client network  c0 00 02 65
| emitting length of ISAKMP Identification Payload (IPsec DOI): 12
| ***emit ISAKMP Identification Payload (IPsec DOI):
|    next payload type: ISAKMP_NEXT_NONE (0x0)
|    ID type: ID_IPV4_ADDR_SUBNET (0x4)
|    Protocol ID: 0 (0x0)
|    port: 0 (0x0)
| next payload chain: setting previous 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID)
| next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet'
| emitting 4 raw bytes of client network into ISAKMP Identification Payload (IPsec DOI)
| client network  00 00 00 00
| emitting 4 raw bytes of client mask into ISAKMP Identification Payload (IPsec DOI)
| client mask  00 00 00 00
| emitting length of ISAKMP Identification Payload (IPsec DOI): 16
| outI1 HASH(1):
|   74 1b 09 c8  c6 1f 55 4d  a0 af bd e7  9a b1 89 09
|   3e 27 af d4  fe c4 42 3c  28 15 2b 2c  60 57 83 66
| emitting 4 zero bytes of encryption padding into ISAKMP Message
| no IKEv1 message padding required
| emitting length of ISAKMP Message: 476
| sending 480 bytes for reply packet from quick_outI1 through eth1 from 192.1.3.33:4500 to 192.1.2.23:4500 (using #2)
|   00 00 00 00  79 06 6b 20  17 b2 e6 fc  6a 32 cc 41
|   99 58 a1 ce  08 10 20 01  2d 25 a3 24  00 00 01 dc
|   c7 76 9b e1  05 1d 4a 0c  6b 36 95 6f  d1 84 04 e1
|   fb ed c3 aa  f0 aa f3 1d  3f de 7a 56  85 5c ca de
|   68 3c ef 3f  01 27 e8 58  43 5a 11 66  ce b6 d8 07
|   4f 8b 9e 5c  6b 84 7c 23  57 9a 75 56  45 9e 50 dd
|   b7 43 93 03  54 c2 3c 0a  ec 33 fc a3  53 43 06 3c
|   22 87 fd 2a  8d f4 23 7a  ac 33 20 82  f5 c7 f6 88
|   c0 9c 57 26  e7 41 f6 47  78 07 fa 1c  50 75 c4 0b
|   0f ab 8b db  bd 15 35 ba  ba dd e3 a3  33 48 83 05
|   b2 42 64 9f  0d 17 18 18  da 27 3d 7e  31 79 70 5f
|   f5 b6 16 c0  34 0e bd 78  0a fb 37 f3  24 36 43 59
|   f0 85 dc 30  07 db 7c 21  b9 1f 68 ce  6b f7 d2 72
|   6a 32 20 07  1a 45 26 e3  3e a0 66 a0  82 71 d4 79
|   c7 83 89 8c  28 2a 1c 72  9b 60 01 3a  19 27 fb db
|   1c f4 1f 72  0a 5e 0e 22  fd 8c 93 c3  8f e4 5e 0d
|   4d a0 2d d8  46 bb 8d ab  9d 31 2a 67  ed f8 0a 8c
|   1f 2f 58 60  06 7e b5 21  e3 a5 64 ec  91 02 e7 08
|   37 a6 77 32  d2 fa f0 7a  57 c6 3b c1  07 d3 62 ad
|   48 82 5d 74  1f 00 ce 01  cb fa dc d6  52 94 e4 0c
|   28 0d f8 d7  67 39 3d de  7b 76 18 32  a9 68 4c 71
|   1c 25 1f bc  43 37 79 a0  86 8c f7 41  fe da b8 1c
|   e1 2f 7f 52  b2 04 3e 01  61 34 41 85  66 08 b0 a9
|   9c c9 dd 1f  c0 94 0b ab  75 04 2b 74  e5 59 63 42
|   95 73 ef 29  c6 0e ce 51  a3 80 c1 de  68 46 fa 61
|   7d a2 99 af  e8 38 6b 3b  c7 8c af 1a  31 e5 bc df
|   3f 30 13 db  30 63 52 84  4c e8 48 12  db 2a 52 3f
|   83 9e c8 e1  fa 70 42 da  0c a9 67 8d  83 93 9b 42
|   87 e7 a3 67  47 5d 2a df  0d 9f d8 a0  cc 9f 51 66
|   73 2b fe 83  b4 ca 3e 0b  5e 06 3f fb  50 2b b6 0d
| state #2 requesting EVENT_CRYPTO_TIMEOUT to be deleted
| libevent_free: release ptr-libevent@0x55f7ab38b678
| free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f369c002b78
| event_schedule: new EVENT_RETRANSMIT-pe@0x7f369c002b78
| inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #2
| libevent_malloc: new ptr-libevent@0x55f7ab38c848 size 128
| #2 STATE_QUICK_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 29304.803744
| resume sending helper answer for #2 suppresed complete_v1_state_transition()
| #2 spent 0.406 milliseconds in resume sending helper answer
| stop processing: state #2 connection "north-east" from 192.1.2.23 (in resume_handler() at server.c:833)
| libevent_free: release ptr-libevent@0x7f3698003f28
| spent 0.00273 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue()
| *received 444 bytes from 192.1.2.23:4500 on eth1 (192.1.3.33:4500)
|   79 06 6b 20  17 b2 e6 fc  6a 32 cc 41  99 58 a1 ce
|   08 10 20 01  2d 25 a3 24  00 00 01 bc  d8 2f 39 85
|   be 51 93 5e  b9 95 be 28  9b 6b e6 36  7e 2d e9 4b
|   f8 64 14 6f  41 91 18 97  d4 4a 10 6e  a3 30 59 4d
|   71 2b a9 ef  1a b2 41 d1  e7 6a 0b 9a  84 73 bf 44
|   c1 eb 4f 3c  72 31 f1 23  b5 63 8e 0e  3e 18 24 be
|   83 31 1a f6  28 99 99 6e  89 eb 58 33  0f 23 a5 b2
|   64 4c 7f 7e  f1 ee ad 1d  57 85 d6 20  a3 0a 76 75
|   17 c9 96 2f  83 f2 68 14  f8 30 3c 1e  1a 6b ed 4a
|   26 bd 6f e6  55 67 b3 56  9f 14 b1 37  c9 8e 9b 10
|   14 38 53 15  d1 cb e5 85  7a 3f 2d 98  83 da fc 27
|   3f 7d 93 15  70 4f 6f 0f  9a 87 28 bc  d4 65 a2 ca
|   c9 de e9 c4  50 79 a2 10  a6 c9 8b 3f  32 35 d4 5c
|   95 e9 53 c8  59 71 f7 43  1a b3 85 77  26 4d 5b fa
|   86 d7 35 d6  63 b6 f6 c5  91 55 3b c2  bf b8 fe 1b
|   47 57 b2 0b  72 00 f5 4a  5e 01 58 f6  e9 ec 96 de
|   c3 d5 b0 d8  b6 9d cd 57  e7 f0 23 83  1b 6f 58 45
|   d3 6b 53 e3  d9 51 2b 28  ef a2 5c 1e  ad b3 52 f2
|   a5 1b 02 a6  70 fa 21 c6  80 c4 14 1d  3b 38 bf 50
|   36 4d 27 ec  c8 35 53 24  89 11 80 69  0f 49 fd 29
|   41 ec 4a 13  e4 71 8d b2  92 e1 a0 e6  65 fb 72 dd
|   4c 91 a3 8a  d8 7b 0a f9  5b 17 41 56  4c f3 00 92
|   63 c0 72 ff  96 6b b2 f6  34 51 a8 02  5b 36 1d b6
|   3b f2 15 4f  da ff 98 d2  01 37 7b ff  4c 2f 87 0a
|   50 3c b5 93  9f 10 5e 38  49 e3 94 b4  ab 5e a0 7a
|   7b c4 2e 76  3f af 0c 32  8b 70 ce 5f  2a 1b 50 dd
|   1e 8d 3e 0e  e9 cc 62 8a  d7 f8 80 d4  1e de 6d 59
|   14 c3 e7 c1  af 76 c2 d9  95 3f bf 06
| start processing: from 192.1.2.23:4500 (in process_md() at demux.c:378)
| **parse ISAKMP Message:
|    initiator cookie:
|   79 06 6b 20  17 b2 e6 fc
|    responder cookie:
|   6a 32 cc 41  99 58 a1 ce
|    next payload type: ISAKMP_NEXT_HASH (0x8)
|    ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
|    exchange type: ISAKMP_XCHG_QUICK (0x20)
|    flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1)
|    Message ID: 757441316 (0x2d25a324)
|    length: 444 (0x1bc)
|  processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32)
| State DB: found IKEv1 state #2 in QUICK_I1 (find_state_ikev1)
| start processing: state #2 connection "north-east" from 192.1.2.23 (in process_v1_packet() at ikev1.c:1633)
| #2 is idle
| #2 idle
| received encrypted packet from 192.1.2.23:4500
| got payload 0x100  (ISAKMP_NEXT_HASH) needed: 0x502 opt: 0x200030
| ***parse ISAKMP Hash Payload:
|    next payload type: ISAKMP_NEXT_SA (0x1)
|    length: 36 (0x24)
| got payload 0x2  (ISAKMP_NEXT_SA) needed: 0x402 opt: 0x200030
| ***parse ISAKMP Security Association Payload:
|    next payload type: ISAKMP_NEXT_NONCE (0xa)
|    length: 56 (0x38)
|    DOI: ISAKMP_DOI_IPSEC (0x1)
| got payload 0x400  (ISAKMP_NEXT_NONCE) needed: 0x400 opt: 0x200030
| ***parse ISAKMP Nonce Payload:
|    next payload type: ISAKMP_NEXT_KE (0x4)
|    length: 36 (0x24)
| got payload 0x10  (ISAKMP_NEXT_KE) needed: 0x0 opt: 0x200030
| ***parse ISAKMP Key Exchange Payload:
|    next payload type: ISAKMP_NEXT_ID (0x5)
|    length: 260 (0x104)
| got payload 0x20  (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030
| ***parse ISAKMP Identification Payload (IPsec DOI):
|    next payload type: ISAKMP_NEXT_ID (0x5)
|    length: 12 (0xc)
|    ID type: ID_IPV4_ADDR (0x1)
|    Protocol ID: 0 (0x0)
|    port: 0 (0x0)
|      obj:   c0 00 02 65
| got payload 0x20  (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030
| ***parse ISAKMP Identification Payload (IPsec DOI):
|    next payload type: ISAKMP_NEXT_NONE (0x0)
|    length: 16 (0x10)
|    ID type: ID_IPV4_ADDR_SUBNET (0x4)
|    Protocol ID: 0 (0x0)
|    port: 0 (0x0)
|      obj:   00 00 00 00  00 00 00 00
| quick_inR1_outI2 HASH(2):
|   31 84 67 69  fc bd 8e a5  ef bc 1d c6  64 06 d7 e2
|   46 95 4f 62  ef 20 35 c3  c1 15 22 1d  85 f3 f8 3d
| received 'quick_inR1_outI2' message HASH(2) data ok
| ****parse IPsec DOI SIT:
|    IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1)
| ****parse ISAKMP Proposal Payload:
|    next payload type: ISAKMP_NEXT_NONE (0x0)
|    length: 44 (0x2c)
|    proposal number: 0 (0x0)
|    protocol ID: PROTO_IPSEC_ESP (0x3)
|    SPI size: 4 (0x4)
|    number of transforms: 1 (0x1)
| parsing 4 raw bytes of ISAKMP Proposal Payload into SPI
| SPI  57 18 ef b3
| *****parse ISAKMP Transform Payload (ESP):
|    next payload type: ISAKMP_NEXT_NONE (0x0)
|    length: 32 (0x20)
|    ESP transform number: 0 (0x0)
|    ESP transform ID: ESP_AES (0xc)
| ******parse ISAKMP IPsec DOI attribute:
|    af+type: AF+GROUP_DESCRIPTION (0x8003)
|    length/value: 14 (0xe)
|    [14 is OAKLEY_GROUP_MODP2048]
| ******parse ISAKMP IPsec DOI attribute:
|    af+type: AF+ENCAPSULATION_MODE (0x8004)
|    length/value: 3 (0x3)
|    [3 is ENCAPSULATION_MODE_UDP_TUNNEL_RFC]
| NAT-T RFC: Installing IPsec SA with ENCAP, st->hidden_variables.st_nat_traversal is RFC 3947 (NAT-Traversal)+I am behind NAT
| ******parse ISAKMP IPsec DOI attribute:
|    af+type: AF+SA_LIFE_TYPE (0x8001)
|    length/value: 1 (0x1)
|    [1 is SA_LIFE_TYPE_SECONDS]
| ******parse ISAKMP IPsec DOI attribute:
|    af+type: AF+SA_LIFE_DURATION (variable length) (0x8002)
|    length/value: 28800 (0x7080)
| ******parse ISAKMP IPsec DOI attribute:
|    af+type: AF+AUTH_ALGORITHM (0x8005)
|    length/value: 2 (0x2)
|    [2 is AUTH_ALGORITHM_HMAC_SHA1]
| ******parse ISAKMP IPsec DOI attribute:
|    af+type: AF+KEY_LENGTH (0x8006)
|    length/value: 128 (0x80)
| ESP IPsec Transform verified unconditionally; no alg_info to check against
| started looking for secret for 192.1.3.33->@east of kind PKK_PSK
| actually looking for secret for 192.1.3.33->@east of kind PKK_PSK
| line 1: key type PKK_PSK(192.1.3.33) to type PKK_PSK
| 1: compared key (none) to 192.1.3.33 / @east -> 002
| 2: compared key (none) to 192.1.3.33 / @east -> 002
| line 1: match=002
| match 002 beats previous best_match 000 match=0x55f7ab2e5c48 (line=1)
| concluding with best_match=002 best=0x55f7ab2e5c48 (lineno=1)
| adding quick outI2 DH work-order 4 for state #2
| state #2 requesting EVENT_RETRANSMIT to be deleted
| #2 STATE_QUICK_I1: retransmits: cleared
| libevent_free: release ptr-libevent@0x55f7ab38c848
| free_event_entry: release EVENT_RETRANSMIT-pe@0x7f369c002b78
| event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f369c002b78
| inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #2
| libevent_malloc: new ptr-libevent@0x7f3698003f28 size 128
| complete v1 state transition with STF_SUSPEND
| [RE]START processing: state #2 connection "north-east" from 192.1.2.23 (in complete_v1_state_transition() at ikev1.c:2648)
| suspending state #2 and saving MD
| crypto helper 5 resuming
| #2 is busy; has a suspended MD
| crypto helper 5 starting work-order 4 for state #2
| #2 spent 0.109 milliseconds in process_packet_tail()
| crypto helper 5 doing compute dh (V1 Phase 2 PFS) (quick outI2 DH); request ID 4
| stop processing: from 192.1.2.23:4500 (BACKGROUND) (in process_md() at demux.c:380)
| stop processing: state #2 connection "north-east" from 192.1.2.23 (in process_md() at demux.c:382)
| processing: STOP connection NULL (in process_md() at demux.c:383)
| spent 0.268 milliseconds in comm_handle_cb() reading and processing packet
| crypto helper 5 finished compute dh (V1 Phase 2 PFS) (quick outI2 DH); request ID 4 time elapsed 0.000551 seconds
| (#2) spent 0.541 milliseconds in crypto helper computing work-order 4: quick outI2 DH (pcr)
| crypto helper 5 sending results from work-order 4 for state #2 to event queue
| scheduling resume sending helper answer for #2
| libevent_malloc: new ptr-libevent@0x7f368c001f78 size 128
| crypto helper 5 waiting (nothing to do)
| processing resume sending helper answer for #2
| start processing: state #2 connection "north-east" from 192.1.2.23 (in resume_handler() at server.c:797)
| crypto helper 5 replies to request ID 4
| calling continuation function 0x55f7a9292b50
| quick_inR1_outI2_continue for #2: calculated ke+nonce, calculating DH
| **emit ISAKMP Message:
|    initiator cookie:
|   79 06 6b 20  17 b2 e6 fc
|    responder cookie:
|   6a 32 cc 41  99 58 a1 ce
|    next payload type: ISAKMP_NEXT_NONE (0x0)
|    ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
|    exchange type: ISAKMP_XCHG_QUICK (0x20)
|    flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1)
|    Message ID: 757441316 (0x2d25a324)
| next payload chain: saving message location 'ISAKMP Message'.'next payload type'
| NAT-Traversal: received 0 NAT-OA.
| parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address
| ID address  c0 00 02 65
| our client is 192.0.2.101/32
| our client protocol/port is 0/0
| parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address
| ID address  00 00 00 00
| parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID mask
| ID mask  00 00 00 00
| peer client is subnet 0.0.0.0/0
| peer client protocol/port is 0/0
| ***emit ISAKMP Hash Payload:
|    next payload type: ISAKMP_NEXT_NONE (0x0)
| next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH)
| next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'reply packet'
| emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload
| emitting length of ISAKMP Hash Payload: 36
| quick_inR1_outI2 HASH(3):
|   80 91 6a 49  7a d0 1d a7  74 7d b8 61  4f 32 ef 33
|   cc 07 03 6f  92 c6 37 b9  00 cb 35 34  83 65 ef c8
| compute_proto_keymat: needed_len (after ESP enc)=16
| compute_proto_keymat: needed_len (after ESP auth)=36
| install_ipsec_sa() for #2: inbound and outbound
| could_route called for north-east (kind=CK_PERMANENT)
| FOR_EACH_CONNECTION_... in route_owner
|  conn north-east mark 0/00000000, 0/00000000 vs
|  conn north-east mark 0/00000000, 0/00000000
| route owner of "north-east" unrouted: NULL; eroute owner: NULL
| looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96
| encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12
| st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20
| setting IPsec SA replay-window to 32
| NIC esp-hw-offload not for connection 'north-east' not available on interface eth1
| netlink: enabling tunnel mode
| netlink: setting IPsec SA replay-window to 32 using old-style req
| netlink: esp-hw-offload not set for IPsec SA
| netlink response for Add SA esp.5718efb3@192.1.2.23 included non-error error
| set up outgoing SA, ref=0/0
| looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96
| encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12
| st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20
| setting IPsec SA replay-window to 32
| NIC esp-hw-offload not for connection 'north-east' not available on interface eth1
| netlink: enabling tunnel mode
| netlink: setting IPsec SA replay-window to 32 using old-style req
| netlink: esp-hw-offload not set for IPsec SA
| netlink response for Add SA esp.54bd1448@192.1.3.33 included non-error error
| priority calculation of connection "north-east" is 0xfdfff
| add inbound eroute 0.0.0.0/0:0 --0-> 192.0.2.101/32:0 => tun.10000@192.1.3.33 (raw_eroute)
| IPsec Sa SPD priority set to 1040383
| raw_eroute result=success
| set up incoming SA, ref=0/0
| sr for #2: unrouted
| route_and_eroute() for proto 0, and source port 0 dest port 0
| FOR_EACH_CONNECTION_... in route_owner
|  conn north-east mark 0/00000000, 0/00000000 vs
|  conn north-east mark 0/00000000, 0/00000000
| route owner of "north-east" unrouted: NULL; eroute owner: NULL
| route_and_eroute with c: north-east (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #2
| priority calculation of connection "north-east" is 0xfdfff
| eroute_connection add eroute 192.0.2.101/32:0 --0-> 0.0.0.0/0:0 => tun.0@192.1.2.23 (raw_eroute)
| IPsec Sa SPD priority set to 1040383
| raw_eroute result=success
| running updown command "ipsec _updown" for verb up 
| command executing up-client
| executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-east' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.2.101/32' PLUTO_MY_CLIENT_NET='192.0.2.101' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='0.0.0.0/0' PLUTO_PEER_CLIENT_NET='0.0.0.0' PLUTO_PEER_CLIENT_MASK='0.0.0.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+XAUTH+MODECFG_PULL+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_USERNAME='use1' PLUTO_MY_SOURCEIP='192.0.2.101' PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='1' PLUTO_NM_CONFIGURE
| popen cmd is 1103 chars long
| cmd(   0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-east' PLUTO_I:
| cmd(  80):NTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID=':
| cmd( 160):192.1.3.33' PLUTO_MY_CLIENT='192.0.2.101/32' PLUTO_MY_CLIENT_NET='192.0.2.101' P:
| cmd( 240):LUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PL:
| cmd( 320):UTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID=':
| cmd( 400):@east' PLUTO_PEER_CLIENT='0.0.0.0/0' PLUTO_PEER_CLIENT_NET='0.0.0.0' PLUTO_PEER_:
| cmd( 480):CLIENT_MASK='0.0.0.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA=:
| cmd( 560):'' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+:
| cmd( 640):PFS+UP+XAUTH+MODECFG_PULL+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_C:
| cmd( 720):ONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_USERNA:
| cmd( 800):ME='use1' PLUTO_MY_SOURCEIP='192.0.2.101' PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS:
| cmd( 880):_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLU:
| cmd( 960):TO_CFG_CLIENT='1' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHAR:
| cmd(1040):ED='no' SPI_IN=0x5718efb3 SPI_OUT=0x54bd1448 ipsec _updown 2>&1:
| route_and_eroute: firewall_notified: true
| running updown command "ipsec _updown" for verb prepare 
| command executing prepare-client
| executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-east' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.2.101/32' PLUTO_MY_CLIENT_NET='192.0.2.101' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='0.0.0.0/0' PLUTO_PEER_CLIENT_NET='0.0.0.0' PLUTO_PEER_CLIENT_MASK='0.0.0.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+XAUTH+MODECFG_PULL+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_USERNAME='use1' PLUTO_MY_SOURCEIP='192.0.2.101' PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='1' PLUTO_NM
| popen cmd is 1108 chars long
| cmd(   0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-east' PL:
| cmd(  80):UTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY:
| cmd( 160):_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.2.101/32' PLUTO_MY_CLIENT_NET='192.0.2.1:
| cmd( 240):01' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL=':
| cmd( 320):0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER:
| cmd( 400):_ID='@east' PLUTO_PEER_CLIENT='0.0.0.0/0' PLUTO_PEER_CLIENT_NET='0.0.0.0' PLUTO_:
| cmd( 480):PEER_CLIENT_MASK='0.0.0.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEE:
| cmd( 560):R_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TU:
| cmd( 640):NNEL+PFS+UP+XAUTH+MODECFG_PULL+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PL:
| cmd( 720):UTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_U:
| cmd( 800):SERNAME='use1' PLUTO_MY_SOURCEIP='192.0.2.101' PLUTO_IS_PEER_CISCO='0' PLUTO_PEE:
| cmd( 880):R_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0:
| cmd( 960):' PLUTO_CFG_CLIENT='1' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI:
| cmd(1040):_SHARED='no' SPI_IN=0x5718efb3 SPI_OUT=0x54bd1448 ipsec _updown 2>&1:
| running updown command "ipsec _updown" for verb route 
| command executing route-client
| executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-east' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.2.101/32' PLUTO_MY_CLIENT_NET='192.0.2.101' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='0.0.0.0/0' PLUTO_PEER_CLIENT_NET='0.0.0.0' PLUTO_PEER_CLIENT_MASK='0.0.0.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+XAUTH+MODECFG_PULL+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_USERNAME='use1' PLUTO_MY_SOURCEIP='192.0.2.101' PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='1' PLUTO_NM_CON
| popen cmd is 1106 chars long
| cmd(   0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-east' PLUT:
| cmd(  80):O_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_I:
| cmd( 160):D='192.1.3.33' PLUTO_MY_CLIENT='192.0.2.101/32' PLUTO_MY_CLIENT_NET='192.0.2.101:
| cmd( 240):' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0':
| cmd( 320): PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_I:
| cmd( 400):D='@east' PLUTO_PEER_CLIENT='0.0.0.0/0' PLUTO_PEER_CLIENT_NET='0.0.0.0' PLUTO_PE:
| cmd( 480):ER_CLIENT_MASK='0.0.0.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_:
| cmd( 560):CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNN:
| cmd( 640):EL+PFS+UP+XAUTH+MODECFG_PULL+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUT:
| cmd( 720):O_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_USE:
| cmd( 800):RNAME='use1' PLUTO_MY_SOURCEIP='192.0.2.101' PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_:
| cmd( 880):DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' :
| cmd( 960):PLUTO_CFG_CLIENT='1' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_S:
| cmd(1040):HARED='no' SPI_IN=0x5718efb3 SPI_OUT=0x54bd1448 ipsec _updown 2>&1:
"north-east" #2: route-client output: Error: Peer netns reference is invalid.
"north-east" #2: route-client output: Error: Peer netns reference is invalid.
"north-east" #2: route-client output: Error: Peer netns reference is invalid.
"north-east" #2: route-client output: Error: Peer netns reference is invalid.
"north-east" #2: route-client output: Error: Peer netns reference is invalid.
"north-east" #2: route-client output: Error: Peer netns reference is invalid.
"north-east" #2: route-client output: Error: Peer netns reference is invalid.
"north-east" #2: route-client output: Error: Peer netns reference is invalid.
"north-east" #2: route-client output: Error: Peer netns reference is invalid.
"north-east" #2: route-client output: Error: Peer netns reference is invalid.
"north-east" #2: route-client output: Error: Peer netns reference is invalid.
"north-east" #2: route-client output: Error: Peer netns reference is invalid.
| route_and_eroute: instance "north-east", setting eroute_owner {spd=0x55f7ab38ab68,sr=0x55f7ab38ab68} to #2 (was #0) (newest_ipsec_sa=#0)
| #1 spent 1.73 milliseconds in install_ipsec_sa()
| emitting 12 zero bytes of encryption padding into ISAKMP Message
| no IKEv1 message padding required
| emitting length of ISAKMP Message: 76
| inR1_outI2: instance north-east[0], setting IKEv1 newest_ipsec_sa to #2 (was #0) (spd.eroute=#2) cloned from #1
| DPD: dpd_init() called on IPsec SA
| DPD: Peer does not support Dead Peer Detection
| complete v1 state transition with STF_OK
| [RE]START processing: state #2 connection "north-east" from 192.1.2.23 (in complete_v1_state_transition() at ikev1.c:2673)
| #2 is idle
| doing_xauth:no, t_xauth_client_done:yes
| IKEv1: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2
| child state #2: QUICK_I1(established CHILD SA) => QUICK_I2(established CHILD SA)
| event_already_set, deleting event
| state #2 requesting EVENT_CRYPTO_TIMEOUT to be deleted
| libevent_free: release ptr-libevent@0x7f3698003f28
| free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f369c002b78
| sending reply packet to 192.1.2.23:4500 (from 192.1.3.33:4500)
| sending 80 bytes for STATE_QUICK_I1 through eth1 from 192.1.3.33:4500 to 192.1.2.23:4500 (using #2)
|   00 00 00 00  79 06 6b 20  17 b2 e6 fc  6a 32 cc 41
|   99 58 a1 ce  08 10 20 01  2d 25 a3 24  00 00 00 4c
|   6e 78 a2 a0  35 9b 41 56  72 38 2f 14  b3 6a 1c a3
|   e0 a6 4a 18  8b a4 27 cc  8d 70 a2 5e  db 2e 90 aa
|   2c e9 42 6d  62 a0 c8 2c  d2 b9 95 4c  c4 23 95 e0
| !event_already_set at reschedule
| event_schedule: new EVENT_SA_REPLACE-pe@0x7f369c002b78
| inserting event EVENT_SA_REPLACE, timeout in 28048 seconds for #2
| libevent_malloc: new ptr-libevent@0x55f7ab38cd88 size 128
| pstats #2 ikev1.ipsec established
| NAT-T: NAT Traversal detected - their IKE port is '500'
| NAT-T: encaps is 'auto'
"north-east" #2: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode {ESP/NAT=>0x5718efb3 <0x54bd1448 xfrm=AES_CBC_128-HMAC_SHA1_96 NATOA=none NATD=192.1.2.23:4500 DPD=passive username=use1}
| modecfg pull: noquirk policy:pull modecfg-client
| phase 1 is done, looking for phase 2 to unpend
| close_any(fd@25) (in release_whack() at state.c:654)
| resume sending helper answer for #2 suppresed complete_v1_state_transition()
| #2 spent 2.11 milliseconds in resume sending helper answer
| stop processing: state #2 connection "north-east" from 192.1.2.23 (in resume_handler() at server.c:833)
| libevent_free: release ptr-libevent@0x7f368c001f78
|  kernel_process_msg_cb process netlink message
| netlink_get: XFRM_MSG_DELPOLICY message
| xfrm netlink address change RTM_NEWADDR msg len 76
| XFRM RTM_NEWADDR 192.0.2.101 IFA_LOCAL
| FOR_EACH_STATE_... in record_newaddr (for_each_state)
| start processing: state #2 connection "north-east" from 192.1.2.23 (in for_each_state() at state.c:1575)
| stop processing: state #2 connection "north-east" from 192.1.2.23 (in for_each_state() at state.c:1577)
| start processing: state #1 connection "north-east" from 192.1.2.23 (in for_each_state() at state.c:1575)
| stop processing: state #1 connection "north-east" from 192.1.2.23 (in for_each_state() at state.c:1577)
| IKEv2 received address RTM_NEWADDR type 3
| IKEv2 received address RTM_NEWADDR type 8
| IKEv2 received address RTM_NEWADDR type 6
| netlink_get: XFRM_MSG_EXPIRE message
| netlink_get: XFRM_MSG_EXPIRE message
| netlink_get: XFRM_MSG_EXPIRE message
| spent 0.0426 milliseconds in kernel message
| processing signal PLUTO_SIGCHLD
| waitpid returned ECHILD (no child processes left)
| spent 0.00433 milliseconds in signal handler PLUTO_SIGCHLD
| processing signal PLUTO_SIGCHLD
| waitpid returned ECHILD (no child processes left)
| spent 0.00287 milliseconds in signal handler PLUTO_SIGCHLD
| processing signal PLUTO_SIGCHLD
| waitpid returned ECHILD (no child processes left)
| spent 0.00284 milliseconds in signal handler PLUTO_SIGCHLD
| accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722)
| FOR_EACH_STATE_... in show_traffic_status (sort_states)
| FOR_EACH_STATE_... in sort_states
| get_sa_info esp.54bd1448@192.1.3.33
| get_sa_info esp.5718efb3@192.1.2.23
| close_any(fd@16) (in whack_process() at rcv_whack.c:700)
| spent 1.39 milliseconds in whack
| accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722)
| old debugging base+cpu-usage + none
| base debugging = base+cpu-usage
| old impairing none + suppress-retransmits
| base impairing = suppress-retransmits
| close_any(fd@16) (in whack_process() at rcv_whack.c:700)
| spent 0.0737 milliseconds in whack
| accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722)
| FOR_EACH_STATE_... in show_traffic_status (sort_states)
| FOR_EACH_STATE_... in sort_states
| get_sa_info esp.54bd1448@192.1.3.33
| get_sa_info esp.5718efb3@192.1.2.23
| close_any(fd@16) (in whack_process() at rcv_whack.c:700)
| spent 0.0904 milliseconds in whack
| spent 0.00327 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue()
| *received 92 bytes from 192.1.2.23:4500 on eth1 (192.1.3.33:4500)
|   79 06 6b 20  17 b2 e6 fc  6a 32 cc 41  99 58 a1 ce
|   08 10 05 01  ba a1 c1 3b  00 00 00 5c  8c a7 23 fa
|   c1 84 ad b2  aa 94 63 72  93 58 e4 7e  db 33 b8 39
|   5d 90 f7 95  7a 73 45 f0  9f 7d 4d 2b  ec 1b 60 70
|   cb 9f f0 d6  7a 4d ba 34  d0 5d 7e 2c  cf 26 80 d4
|   87 df 94 08  c5 f1 24 68  dd 4f 90 3c
| start processing: from 192.1.2.23:4500 (in process_md() at demux.c:378)
| **parse ISAKMP Message:
|    initiator cookie:
|   79 06 6b 20  17 b2 e6 fc
|    responder cookie:
|   6a 32 cc 41  99 58 a1 ce
|    next payload type: ISAKMP_NEXT_HASH (0x8)
|    ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
|    exchange type: ISAKMP_XCHG_INFO (0x5)
|    flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1)
|    Message ID: 3131162939 (0xbaa1c13b)
|    length: 92 (0x5c)
|  processing version=1.0 packet with exchange type=ISAKMP_XCHG_INFO (5)
| peer and cookies match on #2; msgid=00000000 st_msgid=2d25a324 st_msgid_phase15=00000000
| peer and cookies match on #1; msgid=00000000 st_msgid=00000000 st_msgid_phase15=00000000
| p15 state object #1 found, in STATE_MAIN_I4
| State DB: found IKEv1 state #1 in MAIN_I4 (find_v1_info_state)
| start processing: state #1 connection "north-east" from 192.1.2.23 (in process_v1_packet() at ikev1.c:1479)
| #1 is idle
| #1 idle
| received encrypted packet from 192.1.2.23:4500
| got payload 0x100  (ISAKMP_NEXT_HASH) needed: 0x100 opt: 0x0
| ***parse ISAKMP Hash Payload:
|    next payload type: ISAKMP_NEXT_D (0xc)
|    length: 36 (0x24)
| got payload 0x1000  (ISAKMP_NEXT_D) needed: 0x0 opt: 0x0
| ***parse ISAKMP Delete Payload:
|    next payload type: ISAKMP_NEXT_NONE (0x0)
|    length: 16 (0x10)
|    DOI: ISAKMP_DOI_IPSEC (0x1)
|    protocol ID: 3 (0x3)
|    SPI size: 4 (0x4)
|    number of SPIs: 1 (0x1)
| removing 12 bytes of padding
| informational HASH(1):
|   86 84 87 76  3d 04 c2 be  a8 7c 55 0f  4f 3f 4e 8b
|   09 e3 99 4d  35 8f 26 8c  47 26 06 6d  da 5c 4d 30
| received 'informational' message HASH(1) data ok
| parsing 4 raw bytes of ISAKMP Delete Payload into SPI
| SPI  57 18 ef b3
| FOR_EACH_STATE_... in find_phase2_state_to_delete
| start processing: connection "north-east" (BACKGROUND) (in accept_delete() at ikev1_main.c:2515)
"north-east" #1: received Delete SA payload: replace IPsec State #2 now
| state #2 requesting EVENT_SA_REPLACE to be deleted
| libevent_free: release ptr-libevent@0x55f7ab38cd88
| free_event_entry: release EVENT_SA_REPLACE-pe@0x7f369c002b78
| event_schedule: new EVENT_SA_REPLACE-pe@0x7f369c002b78
| inserting event EVENT_SA_REPLACE, timeout in 0 seconds for #2
| libevent_malloc: new ptr-libevent@0x7f368c001f78 size 128
| stop processing: connection "north-east" (BACKGROUND) (in accept_delete() at ikev1_main.c:2559)
| del:
| complete v1 state transition with STF_IGNORE
| #1 spent 0.00391 milliseconds in process_packet_tail()
| stop processing: from 192.1.2.23:4500 (BACKGROUND) (in process_md() at demux.c:380)
| stop processing: state #1 connection "north-east" from 192.1.2.23 (in process_md() at demux.c:382)
| processing: STOP connection NULL (in process_md() at demux.c:383)
| spent 0.222 milliseconds in comm_handle_cb() reading and processing packet
| timer_event_cb: processing event@0x7f369c002b78
| handling event EVENT_SA_REPLACE for child state #2
| start processing: state #2 connection "north-east" from 192.1.2.23 (in timer_event_cb() at timer.c:250)
| picked newest_ipsec_sa #2 for #2
| replacing stale IPsec SA
| dup_any(fd@-1) -> fd@-1 (in ipsecdoi_replace() at ipsec_doi.c:351)
| FOR_EACH_STATE_... in find_phase1_state
| creating state object #3 at 0x55f7ab3924e8
| State DB: adding IKEv1 state #3 in UNDEFINED
| pstats #3 ikev1.ipsec started
| duplicating state object #1 "north-east" as #3 for IPSEC SA
| #3 setting local endpoint to 192.1.3.33:4500 from #1.st_localport (in duplicate_state() at state.c:1484)
| suspend processing: state #2 connection "north-east" from 192.1.2.23 (in quick_outI1() at ikev1_quick.c:685)
| start processing: state #3 connection "north-east" from 192.1.2.23 (in quick_outI1() at ikev1_quick.c:685)
| child state #3: UNDEFINED(ignore) => QUICK_I1(established CHILD SA)
"north-east" #3: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP+XAUTH+MODECFG_PULL+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO to replace #2 {using isakmp#1 msgid:269586c4 proposal=defaults pfsgroup=MODP2048}
| adding quick_outI1 KE work-order 5 for state #3
| event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f3698004218
| inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #3
| libevent_malloc: new ptr-libevent@0x55f7ab38c798 size 128
| stop processing: state #3 connection "north-east" from 192.1.2.23 (in quick_outI1() at ikev1_quick.c:764)
| resume processing: state #2 connection "north-east" from 192.1.2.23 (in quick_outI1() at ikev1_quick.c:764)
| crypto helper 6 resuming
| event_schedule: new EVENT_SA_EXPIRE-pe@0x55f7ab38e3a8
| crypto helper 6 starting work-order 5 for state #3
| inserting event EVENT_SA_EXPIRE, timeout in 0 seconds for #2
| crypto helper 6 doing build KE and nonce (quick_outI1 KE); request ID 5
| libevent_malloc: new ptr-libevent@0x55f7ab38ddb8 size 128
| libevent_free: release ptr-libevent@0x7f368c001f78
| free_event_entry: release EVENT_SA_REPLACE-pe@0x7f369c002b78
| #2 spent 0.138 milliseconds in timer_event_cb() EVENT_SA_REPLACE
| stop processing: state #2 connection "north-east" from 192.1.2.23 (in timer_event_cb() at timer.c:557)
| timer_event_cb: processing event@0x55f7ab38e3a8
| handling event EVENT_SA_EXPIRE for child state #2
| start processing: state #2 connection "north-east" from 192.1.2.23 (in timer_event_cb() at timer.c:250)
| picked newest_ipsec_sa #2 for #2
| un-established partial CHILD SA timeout (SA expired)
| pstats #2 ikev1.ipsec re-failed exchange-timeout
| pstats #2 ikev1.ipsec deleted completed
| [RE]START processing: state #2 connection "north-east" from 192.1.2.23 (in delete_state() at state.c:879)
"north-east" #2: deleting state (STATE_QUICK_I2) aged 12.965s and sending notification
| child state #2: QUICK_I2(established CHILD SA) => delete
| get_sa_info esp.5718efb3@192.1.2.23
| get_sa_info esp.54bd1448@192.1.3.33
"north-east" #2: ESP traffic information: in=504B out=504B XAUTHuser=use1
| #2 send IKEv1 delete notification for STATE_QUICK_I2
| FOR_EACH_STATE_... in find_phase1_state
| **emit ISAKMP Message:
|    initiator cookie:
|   79 06 6b 20  17 b2 e6 fc
|    responder cookie:
|   6a 32 cc 41  99 58 a1 ce
|    next payload type: ISAKMP_NEXT_NONE (0x0)
|    ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
|    exchange type: ISAKMP_XCHG_INFO (0x5)
|    flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1)
|    Message ID: 2666971021 (0x9ef6bf8d)
| next payload chain: saving message location 'ISAKMP Message'.'next payload type'
| ***emit ISAKMP Hash Payload:
|    next payload type: ISAKMP_NEXT_NONE (0x0)
| next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH)
| next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'delete msg'
| emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload
| emitting length of ISAKMP Hash Payload: 36
| ***emit ISAKMP Delete Payload:
|    next payload type: ISAKMP_NEXT_NONE (0x0)
|    DOI: ISAKMP_DOI_IPSEC (0x1)
|    protocol ID: 3 (0x3)
|    SPI size: 4 (0x4)
|    number of SPIs: 1 (0x1)
| next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Delete Payload (12:ISAKMP_NEXT_D)
| next payload chain: saving location 'ISAKMP Delete Payload'.'next payload type' in 'delete msg'
| emitting 4 raw bytes of delete payload into ISAKMP Delete Payload
| delete payload  54 bd 14 48
| emitting length of ISAKMP Delete Payload: 16
| send delete HASH(1):
|   9b 9f af 34  75 8f 0e e9  0d 91 f8 d6  10 d0 c1 e0
|   a1 2e 80 c4  6b 46 f3 4d  36 3e 3c 8a  7e b7 a1 32
| emitting 12 zero bytes of encryption padding into ISAKMP Message
| no IKEv1 message padding required
| emitting length of ISAKMP Message: 92
| sending 96 bytes for delete notify through eth1 from 192.1.3.33:4500 to 192.1.2.23:4500 (using #1)
|   00 00 00 00  79 06 6b 20  17 b2 e6 fc  6a 32 cc 41
|   99 58 a1 ce  08 10 05 01  9e f6 bf 8d  00 00 00 5c
|   38 a8 86 36  ce 9d 8b ba  65 a4 e9 7f  d0 3f db 0e
|   c7 d5 b0 d0  b8 e6 06 fa  87 ae bb 9d  93 58 57 ba
|   08 03 1e 18  b8 8d 0c 49  ae cf d6 46  d7 e9 b6 ec
|   f4 29 6c 81  ab fe d5 39  6c 7e e5 7a  ac 06 c8 0c
| running updown command "ipsec _updown" for verb down 
| command executing down-client
| executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-east' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.2.101/32' PLUTO_MY_CLIENT_NET='192.0.2.101' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='0.0.0.0/0' PLUTO_PEER_CLIENT_NET='0.0.0.0' PLUTO_PEER_CLIENT_MASK='0.0.0.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566844019' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+XAUTH+MODECFG_PULL+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_USERNAME='use1' PLUTO_MY_SOURCEIP='192.0.2.101' PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='1' PLUTO
| popen cmd is 1114 chars long
| cmd(   0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-east' PLUTO:
| cmd(  80):_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID:
| cmd( 160):='192.1.3.33' PLUTO_MY_CLIENT='192.0.2.101/32' PLUTO_MY_CLIENT_NET='192.0.2.101':
| cmd( 240): PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' :
| cmd( 320):PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID:
| cmd( 400):='@east' PLUTO_PEER_CLIENT='0.0.0.0/0' PLUTO_PEER_CLIENT_NET='0.0.0.0' PLUTO_PEE:
| cmd( 480):R_CLIENT_MASK='0.0.0.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_C:
| cmd( 560):A='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566844019' PLUTO_CONN_POLICY='PSK+ENCR:
| cmd( 640):YPT+TUNNEL+PFS+UP+XAUTH+MODECFG_PULL+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_:
| cmd( 720):NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 P:
| cmd( 800):LUTO_USERNAME='use1' PLUTO_MY_SOURCEIP='192.0.2.101' PLUTO_IS_PEER_CISCO='0' PLU:
| cmd( 880):TO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SER:
| cmd( 960):VER='0' PLUTO_CFG_CLIENT='1' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='n:
| cmd(1040):o' VTI_SHARED='no' SPI_IN=0x5718efb3 SPI_OUT=0x54bd1448 ipsec _updown 2>&1:
| crypto helper 6 finished build KE and nonce (quick_outI1 KE); request ID 5 time elapsed 0.001026 seconds
| (#3) spent 1.02 milliseconds in crypto helper computing work-order 5: quick_outI1 KE (pcr)
| crypto helper 6 sending results from work-order 5 for state #3 to event queue
| scheduling resume sending helper answer for #3
| libevent_malloc: new ptr-libevent@0x7f3690002888 size 128
| crypto helper 6 waiting (nothing to do)
"north-east" #2: down-client output: restoring resolvconf
"north-east" #2: down-client output: Problem in restoring the resolv.conf, as there is no backup file
| shunt_eroute() called for connection 'north-east' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 0--0->-0
| netlink_shunt_eroute for proto 0, and source port 0 dest port 0
| priority calculation of connection "north-east" is 0xfdfff
| IPsec Sa SPD priority set to 1040383
| delete esp.5718efb3@192.1.2.23
| netlink response for Del SA esp.5718efb3@192.1.2.23 included non-error error
| priority calculation of connection "north-east" is 0xfdfff
| delete inbound eroute 0.0.0.0/0:0 --0-> 192.0.2.101/32:0 => unk255.10000@192.1.3.33 (raw_eroute)
| raw_eroute result=success
| delete esp.54bd1448@192.1.3.33
| netlink response for Del SA esp.54bd1448@192.1.3.33 included non-error error
| in connection_discard for connection north-east
| State DB: deleting IKEv1 state #2 in QUICK_I2
| child state #2: QUICK_I2(established CHILD SA) => UNDEFINED(ignore)
| stop processing: state #2 from 192.1.2.23 (in delete_state() at state.c:1143)
| libevent_free: release ptr-libevent@0x55f7ab38ddb8
| free_event_entry: release EVENT_SA_EXPIRE-pe@0x55f7ab38e3a8
| in statetime_stop() and could not find #2
| processing: STOP state #0 (in timer_event_cb() at timer.c:557)
| spent 0.00297 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue()
| *received 92 bytes from 192.1.2.23:4500 on eth1 (192.1.3.33:4500)
|   79 06 6b 20  17 b2 e6 fc  6a 32 cc 41  99 58 a1 ce
|   08 10 05 01  1b b2 8d 30  00 00 00 5c  41 cc b1 07
|   7b 06 9e 8c  37 26 b8 2a  bf 58 32 17  46 97 e9 c0
|   65 42 70 24  3c 61 42 52  fc 9d 50 93  2c 26 3c 82
|   fe c7 e9 f6  be a9 f1 8f  02 34 dd 8c  c6 e3 54 73
|   c2 50 80 74  db 9f 8c eb  91 c8 d3 73
| start processing: from 192.1.2.23:4500 (in process_md() at demux.c:378)
| **parse ISAKMP Message:
|    initiator cookie:
|   79 06 6b 20  17 b2 e6 fc
|    responder cookie:
|   6a 32 cc 41  99 58 a1 ce
|    next payload type: ISAKMP_NEXT_HASH (0x8)
|    ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
|    exchange type: ISAKMP_XCHG_INFO (0x5)
|    flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1)
|    Message ID: 464686384 (0x1bb28d30)
|    length: 92 (0x5c)
|  processing version=1.0 packet with exchange type=ISAKMP_XCHG_INFO (5)
| peer and cookies match on #3; msgid=00000000 st_msgid=269586c4 st_msgid_phase15=00000000
| peer and cookies match on #1; msgid=00000000 st_msgid=00000000 st_msgid_phase15=00000000
| p15 state object #1 found, in STATE_MAIN_I4
| State DB: found IKEv1 state #1 in MAIN_I4 (find_v1_info_state)
| start processing: state #1 connection "north-east" from 192.1.2.23 (in process_v1_packet() at ikev1.c:1479)
| #1 is idle
| #1 idle
| received encrypted packet from 192.1.2.23:4500
| got payload 0x100  (ISAKMP_NEXT_HASH) needed: 0x100 opt: 0x0
| ***parse ISAKMP Hash Payload:
|    next payload type: ISAKMP_NEXT_D (0xc)
|    length: 36 (0x24)
| got payload 0x1000  (ISAKMP_NEXT_D) needed: 0x0 opt: 0x0
| ***parse ISAKMP Delete Payload:
|    next payload type: ISAKMP_NEXT_NONE (0x0)
|    length: 28 (0x1c)
|    DOI: ISAKMP_DOI_IPSEC (0x1)
|    protocol ID: 1 (0x1)
|    SPI size: 16 (0x10)
|    number of SPIs: 1 (0x1)
| informational HASH(1):
|   dd 2e ed 2d  5d 0d 23 16  9e 76 f5 85  36 29 f9 30
|   da 09 9c 9a  a2 1f 14 d2  0f 89 cc ca  67 5b be 52
| received 'informational' message HASH(1) data ok
| parsing 8 raw bytes of ISAKMP Delete Payload into iCookie
| iCookie  79 06 6b 20  17 b2 e6 fc
| parsing 8 raw bytes of ISAKMP Delete Payload into rCookie
| rCookie  6a 32 cc 41  99 58 a1 ce
| State DB: found IKEv1 state #1 in MAIN_I4 (find_state_ikev1)
| del:
"north-east" #1: received Delete SA payload: self-deleting ISAKMP State #1
| pstats #1 ikev1.isakmp deleted completed
| [RE]START processing: state #1 connection "north-east" from 192.1.2.23 (in delete_state() at state.c:879)
"north-east" #1: deleting state (STATE_MAIN_I4) aged 13.096s and sending notification
| parent state #1: MAIN_I4(established IKE SA) => delete
| #1 send IKEv1 delete notification for STATE_MAIN_I4
| **emit ISAKMP Message:
|    initiator cookie:
|   79 06 6b 20  17 b2 e6 fc
|    responder cookie:
|   6a 32 cc 41  99 58 a1 ce
|    next payload type: ISAKMP_NEXT_NONE (0x0)
|    ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
|    exchange type: ISAKMP_XCHG_INFO (0x5)
|    flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1)
|    Message ID: 3819209909 (0xe3a484b5)
| next payload chain: saving message location 'ISAKMP Message'.'next payload type'
| ***emit ISAKMP Hash Payload:
|    next payload type: ISAKMP_NEXT_NONE (0x0)
| next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH)
| next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'delete msg'
| emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload
| emitting length of ISAKMP Hash Payload: 36
| ***emit ISAKMP Delete Payload:
|    next payload type: ISAKMP_NEXT_NONE (0x0)
|    DOI: ISAKMP_DOI_IPSEC (0x1)
|    protocol ID: 1 (0x1)
|    SPI size: 16 (0x10)
|    number of SPIs: 1 (0x1)
| next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Delete Payload (12:ISAKMP_NEXT_D)
| next payload chain: saving location 'ISAKMP Delete Payload'.'next payload type' in 'delete msg'
| emitting 8 raw bytes of initiator SPI into ISAKMP Delete Payload
| initiator SPI  79 06 6b 20  17 b2 e6 fc
| emitting 8 raw bytes of responder SPI into ISAKMP Delete Payload
| responder SPI  6a 32 cc 41  99 58 a1 ce
| emitting length of ISAKMP Delete Payload: 28
| send delete HASH(1):
|   02 72 d6 43  02 52 30 bb  ef ca 06 ab  dd 4b 1e 2e
|   a5 1f e7 d5  cc 41 8b 73  b9 e2 c6 20  06 76 d0 ea
| no IKEv1 message padding required
| emitting length of ISAKMP Message: 92
| sending 96 bytes for delete notify through eth1 from 192.1.3.33:4500 to 192.1.2.23:4500 (using #1)
|   00 00 00 00  79 06 6b 20  17 b2 e6 fc  6a 32 cc 41
|   99 58 a1 ce  08 10 05 01  e3 a4 84 b5  00 00 00 5c
|   e3 14 43 1e  15 58 a1 04  70 59 1b 6f  0e cd 6b e7
|   f8 15 db 04  a8 1f 20 83  f1 dd 13 87  ae 17 33 37
|   97 0d 2a 74  5e 8d 27 69  73 2f 54 af  60 9c 94 52
|   0b a1 31 94  9f 67 a1 c0  ce ce 76 42  65 fd 16 35
| state #1 requesting EVENT_SA_REPLACE to be deleted
| libevent_free: release ptr-libevent@0x55f7ab38b728
| free_event_entry: release EVENT_SA_REPLACE-pe@0x55f7ab38ef58
"north-east" #1: reschedule pending child #3 STATE_QUICK_I1 of connection "north-east" - the parent is going away
| state #3 requesting EVENT_CRYPTO_TIMEOUT to be deleted
| libevent_free: release ptr-libevent@0x55f7ab38c798
| free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f3698004218
| event_schedule: new EVENT_SA_REPLACE-pe@0x7f3698004218
| inserting event EVENT_SA_REPLACE, timeout in 0 seconds for #3
| libevent_malloc: new ptr-libevent@0x55f7ab397588 size 128
| State DB: IKEv1 state not found (flush_incomplete_children)
| picked newest_isakmp_sa #0 for #1
"north-east" #1: deleting IKE SA for connection 'north-east' but connection is supposed to remain up; schedule EVENT_REVIVE_CONNS
| add revival: connection 'north-east' added to the list and scheduled for 0 seconds
| global one-shot timer EVENT_REVIVE_CONNS scheduled in 0 seconds
| in connection_discard for connection north-east
| State DB: deleting IKEv1 state #1 in MAIN_I4
| parent state #1: MAIN_I4(established IKE SA) => UNDEFINED(ignore)
| stop processing: state #1 from 192.1.2.23 (in delete_state() at state.c:1143)
| in statetime_start() with no state
| complete v1 state transition with STF_IGNORE
| stop processing: from 192.1.2.23:4500 (in process_md() at demux.c:380)
| processing: STOP state #0 (in process_md() at demux.c:382)
| processing: STOP connection NULL (in process_md() at demux.c:383)
| spent 0.471 milliseconds in comm_handle_cb() reading and processing packet
| processing resume sending helper answer for #3
| start processing: state #3 connection "north-east" from 192.1.2.23 (in resume_handler() at server.c:797)
| crypto helper 6 replies to request ID 5
| calling continuation function 0x55f7a9292b50
| work-order 5 state #3 crypto result suppressed
| resume sending helper answer for #3 suppresed complete_v1_state_transition()
| #3 spent 0.0157 milliseconds in resume sending helper answer
| stop processing: state #3 connection "north-east" from 192.1.2.23 (in resume_handler() at server.c:833)
| libevent_free: release ptr-libevent@0x7f3690002888
| processing signal PLUTO_SIGCHLD
| waitpid returned ECHILD (no child processes left)
| spent 0.00468 milliseconds in signal handler PLUTO_SIGCHLD
| timer_event_cb: processing event@0x7f3698004218
| handling event EVENT_SA_REPLACE for child state #3
| start processing: state #3 connection "north-east" from 192.1.2.23 (in timer_event_cb() at timer.c:250)
| picked newest_ipsec_sa #0 for #3
| replacing stale IPsec SA
| dup_any(fd@-1) -> fd@-1 (in ipsecdoi_replace() at ipsec_doi.c:351)
| FOR_EACH_STATE_... in find_phase1_state
| creating state object #4 at 0x55f7ab38ba98
| State DB: adding IKEv1 state #4 in UNDEFINED
| pstats #4 ikev1.isakmp started
| suspend processing: state #3 connection "north-east" from 192.1.2.23 (in main_outI1() at ikev1_main.c:118)
| start processing: state #4 connection "north-east" from 192.1.2.23 (in main_outI1() at ikev1_main.c:118)
| parent state #4: UNDEFINED(ignore) => MAIN_I1(half-open IKE SA)
| dup_any(fd@-1) -> fd@-1 (in main_outI1() at ikev1_main.c:123)
| Queuing pending IPsec SA negotiating with 192.1.2.23 "north-east" IKE SA #4 "north-east"
"north-east" #4: initiating Main Mode
| **emit ISAKMP Message:
|    initiator cookie:
|   c2 a2 04 41  95 65 36 ee
|    responder cookie:
|   00 00 00 00  00 00 00 00
|    next payload type: ISAKMP_NEXT_SA (0x1)
|    ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
|    exchange type: ISAKMP_XCHG_IDPROT (0x2)
|    flags: none (0x0)
|    Message ID: 0 (0x0)
| next payload chain: saving message location 'ISAKMP Message'.'next payload type'
| next payload chain: ignoring supplied 'ISAKMP Message'.'next payload type' value 1:ISAKMP_NEXT_SA
| no specific IKE algorithms specified - using defaults
| oakley_alg_makedb() processing ealg=aes=7 halg=sha2_256=4 modp=MODP2048=14 eklen=0
| oakley_alg_makedb() processing ealg=aes=7 halg=sha2_512=6 modp=MODP2048=14 eklen=0
| oakley_alg_makedb() processing ealg=aes=7 halg=sha=2 modp=MODP2048=14 eklen=0
| oakley_alg_makedb() processing ealg=aes=7 halg=sha2_256=4 modp=MODP1536=5 eklen=0
| oakley_alg_makedb() processing ealg=aes=7 halg=sha2_512=6 modp=MODP1536=5 eklen=0
| oakley_alg_makedb() processing ealg=aes=7 halg=sha=2 modp=MODP1536=5 eklen=0
| oakley_alg_makedb() processing ealg=3des_cbc=5 halg=sha2_256=4 modp=MODP2048=14 eklen=0
| oakley_alg_makedb() processing ealg=3des_cbc=5 halg=sha2_512=6 modp=MODP2048=14 eklen=0
| oakley_alg_makedb() processing ealg=3des_cbc=5 halg=sha=2 modp=MODP2048=14 eklen=0
| oakley_alg_makedb() processing ealg=3des_cbc=5 halg=sha2_256=4 modp=MODP1536=5 eklen=0
| oakley_alg_makedb() processing ealg=3des_cbc=5 halg=sha2_512=6 modp=MODP1536=5 eklen=0
| oakley_alg_makedb() processing ealg=3des_cbc=5 halg=sha=2 modp=MODP1536=5 eklen=0
| oakley_alg_makedb() returning 0x55f7ab399df8
| ***emit ISAKMP Security Association Payload:
|    next payload type: ISAKMP_NEXT_VID (0xd)
|    DOI: ISAKMP_DOI_IPSEC (0x1)
| next payload chain: ignoring supplied 'ISAKMP Security Association Payload'.'next payload type' value 13:ISAKMP_NEXT_VID
| next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Security Association Payload (1:ISAKMP_NEXT_SA)
| next payload chain: saving location 'ISAKMP Security Association Payload'.'next payload type' in 'reply packet'
| ****emit IPsec DOI SIT:
|    IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1)
| ikev1_out_sa pcn: 0 has 1 valid proposals
| ikev1_out_sa pcn: 0 pn: 0<1 valid_count: 1 trans_cnt: 18
| ****emit ISAKMP Proposal Payload:
|    next payload type: ISAKMP_NEXT_NONE (0x0)
|    proposal number: 0 (0x0)
|    protocol ID: PROTO_ISAKMP (0x1)
|    SPI size: 0 (0x0)
|    number of transforms: 18 (0x12)
| last substructure: saving location 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type'
| *****emit ISAKMP Transform Payload (ISAKMP):
|    next payload type: ISAKMP_NEXT_T (0x3)
|    ISAKMP transform number: 0 (0x0)
|    ISAKMP transform ID: KEY_IKE (0x1)
| last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type'
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_LIFE_TYPE (0x800b)
|    length/value: 1 (0x1)
|     [1 is OAKLEY_LIFE_SECONDS]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c)
|    length/value: 3600 (0xe10)
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001)
|    length/value: 7 (0x7)
|     [7 is OAKLEY_AES_CBC]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002)
|    length/value: 4 (0x4)
|     [4 is OAKLEY_SHA2_256]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003)
|    length/value: 65001 (0xfde9)
|     [65001 is XAUTHInitPreShared]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004)
|    length/value: 14 (0xe)
|     [14 is OAKLEY_GROUP_MODP2048]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_KEY_LENGTH (0x800e)
|    length/value: 256 (0x100)
| emitting length of ISAKMP Transform Payload (ISAKMP): 36
| *****emit ISAKMP Transform Payload (ISAKMP):
|    next payload type: ISAKMP_NEXT_T (0x3)
|    ISAKMP transform number: 1 (0x1)
|    ISAKMP transform ID: KEY_IKE (0x1)
| last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3)
| last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type'
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_LIFE_TYPE (0x800b)
|    length/value: 1 (0x1)
|     [1 is OAKLEY_LIFE_SECONDS]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c)
|    length/value: 3600 (0xe10)
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001)
|    length/value: 7 (0x7)
|     [7 is OAKLEY_AES_CBC]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002)
|    length/value: 4 (0x4)
|     [4 is OAKLEY_SHA2_256]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003)
|    length/value: 65001 (0xfde9)
|     [65001 is XAUTHInitPreShared]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004)
|    length/value: 14 (0xe)
|     [14 is OAKLEY_GROUP_MODP2048]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_KEY_LENGTH (0x800e)
|    length/value: 128 (0x80)
| emitting length of ISAKMP Transform Payload (ISAKMP): 36
| *****emit ISAKMP Transform Payload (ISAKMP):
|    next payload type: ISAKMP_NEXT_T (0x3)
|    ISAKMP transform number: 2 (0x2)
|    ISAKMP transform ID: KEY_IKE (0x1)
| last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3)
| last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type'
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_LIFE_TYPE (0x800b)
|    length/value: 1 (0x1)
|     [1 is OAKLEY_LIFE_SECONDS]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c)
|    length/value: 3600 (0xe10)
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001)
|    length/value: 7 (0x7)
|     [7 is OAKLEY_AES_CBC]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002)
|    length/value: 6 (0x6)
|     [6 is OAKLEY_SHA2_512]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003)
|    length/value: 65001 (0xfde9)
|     [65001 is XAUTHInitPreShared]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004)
|    length/value: 14 (0xe)
|     [14 is OAKLEY_GROUP_MODP2048]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_KEY_LENGTH (0x800e)
|    length/value: 256 (0x100)
| emitting length of ISAKMP Transform Payload (ISAKMP): 36
| *****emit ISAKMP Transform Payload (ISAKMP):
|    next payload type: ISAKMP_NEXT_T (0x3)
|    ISAKMP transform number: 3 (0x3)
|    ISAKMP transform ID: KEY_IKE (0x1)
| last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3)
| last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type'
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_LIFE_TYPE (0x800b)
|    length/value: 1 (0x1)
|     [1 is OAKLEY_LIFE_SECONDS]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c)
|    length/value: 3600 (0xe10)
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001)
|    length/value: 7 (0x7)
|     [7 is OAKLEY_AES_CBC]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002)
|    length/value: 6 (0x6)
|     [6 is OAKLEY_SHA2_512]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003)
|    length/value: 65001 (0xfde9)
|     [65001 is XAUTHInitPreShared]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004)
|    length/value: 14 (0xe)
|     [14 is OAKLEY_GROUP_MODP2048]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_KEY_LENGTH (0x800e)
|    length/value: 128 (0x80)
| emitting length of ISAKMP Transform Payload (ISAKMP): 36
| *****emit ISAKMP Transform Payload (ISAKMP):
|    next payload type: ISAKMP_NEXT_T (0x3)
|    ISAKMP transform number: 4 (0x4)
|    ISAKMP transform ID: KEY_IKE (0x1)
| last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3)
| last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type'
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_LIFE_TYPE (0x800b)
|    length/value: 1 (0x1)
|     [1 is OAKLEY_LIFE_SECONDS]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c)
|    length/value: 3600 (0xe10)
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001)
|    length/value: 7 (0x7)
|     [7 is OAKLEY_AES_CBC]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002)
|    length/value: 2 (0x2)
|     [2 is OAKLEY_SHA1]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003)
|    length/value: 65001 (0xfde9)
|     [65001 is XAUTHInitPreShared]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004)
|    length/value: 14 (0xe)
|     [14 is OAKLEY_GROUP_MODP2048]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_KEY_LENGTH (0x800e)
|    length/value: 256 (0x100)
| emitting length of ISAKMP Transform Payload (ISAKMP): 36
| *****emit ISAKMP Transform Payload (ISAKMP):
|    next payload type: ISAKMP_NEXT_T (0x3)
|    ISAKMP transform number: 5 (0x5)
|    ISAKMP transform ID: KEY_IKE (0x1)
| last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3)
| last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type'
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_LIFE_TYPE (0x800b)
|    length/value: 1 (0x1)
|     [1 is OAKLEY_LIFE_SECONDS]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c)
|    length/value: 3600 (0xe10)
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001)
|    length/value: 7 (0x7)
|     [7 is OAKLEY_AES_CBC]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002)
|    length/value: 2 (0x2)
|     [2 is OAKLEY_SHA1]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003)
|    length/value: 65001 (0xfde9)
|     [65001 is XAUTHInitPreShared]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004)
|    length/value: 14 (0xe)
|     [14 is OAKLEY_GROUP_MODP2048]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_KEY_LENGTH (0x800e)
|    length/value: 128 (0x80)
| emitting length of ISAKMP Transform Payload (ISAKMP): 36
| *****emit ISAKMP Transform Payload (ISAKMP):
|    next payload type: ISAKMP_NEXT_T (0x3)
|    ISAKMP transform number: 6 (0x6)
|    ISAKMP transform ID: KEY_IKE (0x1)
| last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3)
| last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type'
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_LIFE_TYPE (0x800b)
|    length/value: 1 (0x1)
|     [1 is OAKLEY_LIFE_SECONDS]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c)
|    length/value: 3600 (0xe10)
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001)
|    length/value: 7 (0x7)
|     [7 is OAKLEY_AES_CBC]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002)
|    length/value: 4 (0x4)
|     [4 is OAKLEY_SHA2_256]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003)
|    length/value: 65001 (0xfde9)
|     [65001 is XAUTHInitPreShared]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004)
|    length/value: 5 (0x5)
|     [5 is OAKLEY_GROUP_MODP1536]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_KEY_LENGTH (0x800e)
|    length/value: 256 (0x100)
| emitting length of ISAKMP Transform Payload (ISAKMP): 36
| *****emit ISAKMP Transform Payload (ISAKMP):
|    next payload type: ISAKMP_NEXT_T (0x3)
|    ISAKMP transform number: 7 (0x7)
|    ISAKMP transform ID: KEY_IKE (0x1)
| last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3)
| last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type'
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_LIFE_TYPE (0x800b)
|    length/value: 1 (0x1)
|     [1 is OAKLEY_LIFE_SECONDS]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c)
|    length/value: 3600 (0xe10)
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001)
|    length/value: 7 (0x7)
|     [7 is OAKLEY_AES_CBC]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002)
|    length/value: 4 (0x4)
|     [4 is OAKLEY_SHA2_256]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003)
|    length/value: 65001 (0xfde9)
|     [65001 is XAUTHInitPreShared]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004)
|    length/value: 5 (0x5)
|     [5 is OAKLEY_GROUP_MODP1536]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_KEY_LENGTH (0x800e)
|    length/value: 128 (0x80)
| emitting length of ISAKMP Transform Payload (ISAKMP): 36
| *****emit ISAKMP Transform Payload (ISAKMP):
|    next payload type: ISAKMP_NEXT_T (0x3)
|    ISAKMP transform number: 8 (0x8)
|    ISAKMP transform ID: KEY_IKE (0x1)
| last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3)
| last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type'
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_LIFE_TYPE (0x800b)
|    length/value: 1 (0x1)
|     [1 is OAKLEY_LIFE_SECONDS]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c)
|    length/value: 3600 (0xe10)
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001)
|    length/value: 7 (0x7)
|     [7 is OAKLEY_AES_CBC]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002)
|    length/value: 6 (0x6)
|     [6 is OAKLEY_SHA2_512]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003)
|    length/value: 65001 (0xfde9)
|     [65001 is XAUTHInitPreShared]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004)
|    length/value: 5 (0x5)
|     [5 is OAKLEY_GROUP_MODP1536]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_KEY_LENGTH (0x800e)
|    length/value: 256 (0x100)
| emitting length of ISAKMP Transform Payload (ISAKMP): 36
| *****emit ISAKMP Transform Payload (ISAKMP):
|    next payload type: ISAKMP_NEXT_T (0x3)
|    ISAKMP transform number: 9 (0x9)
|    ISAKMP transform ID: KEY_IKE (0x1)
| last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3)
| last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type'
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_LIFE_TYPE (0x800b)
|    length/value: 1 (0x1)
|     [1 is OAKLEY_LIFE_SECONDS]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c)
|    length/value: 3600 (0xe10)
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001)
|    length/value: 7 (0x7)
|     [7 is OAKLEY_AES_CBC]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002)
|    length/value: 6 (0x6)
|     [6 is OAKLEY_SHA2_512]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003)
|    length/value: 65001 (0xfde9)
|     [65001 is XAUTHInitPreShared]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004)
|    length/value: 5 (0x5)
|     [5 is OAKLEY_GROUP_MODP1536]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_KEY_LENGTH (0x800e)
|    length/value: 128 (0x80)
| emitting length of ISAKMP Transform Payload (ISAKMP): 36
| *****emit ISAKMP Transform Payload (ISAKMP):
|    next payload type: ISAKMP_NEXT_T (0x3)
|    ISAKMP transform number: 10 (0xa)
|    ISAKMP transform ID: KEY_IKE (0x1)
| last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3)
| last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type'
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_LIFE_TYPE (0x800b)
|    length/value: 1 (0x1)
|     [1 is OAKLEY_LIFE_SECONDS]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c)
|    length/value: 3600 (0xe10)
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001)
|    length/value: 7 (0x7)
|     [7 is OAKLEY_AES_CBC]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002)
|    length/value: 2 (0x2)
|     [2 is OAKLEY_SHA1]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003)
|    length/value: 65001 (0xfde9)
|     [65001 is XAUTHInitPreShared]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004)
|    length/value: 5 (0x5)
|     [5 is OAKLEY_GROUP_MODP1536]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_KEY_LENGTH (0x800e)
|    length/value: 256 (0x100)
| emitting length of ISAKMP Transform Payload (ISAKMP): 36
| *****emit ISAKMP Transform Payload (ISAKMP):
|    next payload type: ISAKMP_NEXT_T (0x3)
|    ISAKMP transform number: 11 (0xb)
|    ISAKMP transform ID: KEY_IKE (0x1)
| last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3)
| last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type'
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_LIFE_TYPE (0x800b)
|    length/value: 1 (0x1)
|     [1 is OAKLEY_LIFE_SECONDS]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c)
|    length/value: 3600 (0xe10)
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001)
|    length/value: 7 (0x7)
|     [7 is OAKLEY_AES_CBC]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002)
|    length/value: 2 (0x2)
|     [2 is OAKLEY_SHA1]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003)
|    length/value: 65001 (0xfde9)
|     [65001 is XAUTHInitPreShared]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004)
|    length/value: 5 (0x5)
|     [5 is OAKLEY_GROUP_MODP1536]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_KEY_LENGTH (0x800e)
|    length/value: 128 (0x80)
| emitting length of ISAKMP Transform Payload (ISAKMP): 36
| *****emit ISAKMP Transform Payload (ISAKMP):
|    next payload type: ISAKMP_NEXT_T (0x3)
|    ISAKMP transform number: 12 (0xc)
|    ISAKMP transform ID: KEY_IKE (0x1)
| last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3)
| last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type'
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_LIFE_TYPE (0x800b)
|    length/value: 1 (0x1)
|     [1 is OAKLEY_LIFE_SECONDS]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c)
|    length/value: 3600 (0xe10)
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001)
|    length/value: 5 (0x5)
|     [5 is OAKLEY_3DES_CBC]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002)
|    length/value: 4 (0x4)
|     [4 is OAKLEY_SHA2_256]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003)
|    length/value: 65001 (0xfde9)
|     [65001 is XAUTHInitPreShared]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004)
|    length/value: 14 (0xe)
|     [14 is OAKLEY_GROUP_MODP2048]
| emitting length of ISAKMP Transform Payload (ISAKMP): 32
| *****emit ISAKMP Transform Payload (ISAKMP):
|    next payload type: ISAKMP_NEXT_T (0x3)
|    ISAKMP transform number: 13 (0xd)
|    ISAKMP transform ID: KEY_IKE (0x1)
| last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3)
| last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type'
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_LIFE_TYPE (0x800b)
|    length/value: 1 (0x1)
|     [1 is OAKLEY_LIFE_SECONDS]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c)
|    length/value: 3600 (0xe10)
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001)
|    length/value: 5 (0x5)
|     [5 is OAKLEY_3DES_CBC]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002)
|    length/value: 6 (0x6)
|     [6 is OAKLEY_SHA2_512]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003)
|    length/value: 65001 (0xfde9)
|     [65001 is XAUTHInitPreShared]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004)
|    length/value: 14 (0xe)
|     [14 is OAKLEY_GROUP_MODP2048]
| emitting length of ISAKMP Transform Payload (ISAKMP): 32
| *****emit ISAKMP Transform Payload (ISAKMP):
|    next payload type: ISAKMP_NEXT_T (0x3)
|    ISAKMP transform number: 14 (0xe)
|    ISAKMP transform ID: KEY_IKE (0x1)
| last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3)
| last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type'
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_LIFE_TYPE (0x800b)
|    length/value: 1 (0x1)
|     [1 is OAKLEY_LIFE_SECONDS]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c)
|    length/value: 3600 (0xe10)
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001)
|    length/value: 5 (0x5)
|     [5 is OAKLEY_3DES_CBC]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002)
|    length/value: 2 (0x2)
|     [2 is OAKLEY_SHA1]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003)
|    length/value: 65001 (0xfde9)
|     [65001 is XAUTHInitPreShared]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004)
|    length/value: 14 (0xe)
|     [14 is OAKLEY_GROUP_MODP2048]
| emitting length of ISAKMP Transform Payload (ISAKMP): 32
| *****emit ISAKMP Transform Payload (ISAKMP):
|    next payload type: ISAKMP_NEXT_T (0x3)
|    ISAKMP transform number: 15 (0xf)
|    ISAKMP transform ID: KEY_IKE (0x1)
| last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3)
| last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type'
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_LIFE_TYPE (0x800b)
|    length/value: 1 (0x1)
|     [1 is OAKLEY_LIFE_SECONDS]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c)
|    length/value: 3600 (0xe10)
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001)
|    length/value: 5 (0x5)
|     [5 is OAKLEY_3DES_CBC]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002)
|    length/value: 4 (0x4)
|     [4 is OAKLEY_SHA2_256]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003)
|    length/value: 65001 (0xfde9)
|     [65001 is XAUTHInitPreShared]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004)
|    length/value: 5 (0x5)
|     [5 is OAKLEY_GROUP_MODP1536]
| emitting length of ISAKMP Transform Payload (ISAKMP): 32
| *****emit ISAKMP Transform Payload (ISAKMP):
|    next payload type: ISAKMP_NEXT_T (0x3)
|    ISAKMP transform number: 16 (0x10)
|    ISAKMP transform ID: KEY_IKE (0x1)
| last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3)
| last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type'
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_LIFE_TYPE (0x800b)
|    length/value: 1 (0x1)
|     [1 is OAKLEY_LIFE_SECONDS]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c)
|    length/value: 3600 (0xe10)
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001)
|    length/value: 5 (0x5)
|     [5 is OAKLEY_3DES_CBC]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002)
|    length/value: 6 (0x6)
|     [6 is OAKLEY_SHA2_512]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003)
|    length/value: 65001 (0xfde9)
|     [65001 is XAUTHInitPreShared]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004)
|    length/value: 5 (0x5)
|     [5 is OAKLEY_GROUP_MODP1536]
| emitting length of ISAKMP Transform Payload (ISAKMP): 32
| *****emit ISAKMP Transform Payload (ISAKMP):
|    next payload type: ISAKMP_NEXT_NONE (0x0)
|    ISAKMP transform number: 17 (0x11)
|    ISAKMP transform ID: KEY_IKE (0x1)
| last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3)
| last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type'
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_LIFE_TYPE (0x800b)
|    length/value: 1 (0x1)
|     [1 is OAKLEY_LIFE_SECONDS]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c)
|    length/value: 3600 (0xe10)
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001)
|    length/value: 5 (0x5)
|     [5 is OAKLEY_3DES_CBC]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002)
|    length/value: 2 (0x2)
|     [2 is OAKLEY_SHA1]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003)
|    length/value: 65001 (0xfde9)
|     [65001 is XAUTHInitPreShared]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004)
|    length/value: 5 (0x5)
|     [5 is OAKLEY_GROUP_MODP1536]
| emitting length of ISAKMP Transform Payload (ISAKMP): 32
| emitting length of ISAKMP Proposal Payload: 632
| last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is 0
| emitting length of ISAKMP Security Association Payload: 644
| last substructure: checking 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' is 0
| out_vid(): sending [FRAGMENTATION]
| ***emit ISAKMP Vendor ID Payload:
|    next payload type: ISAKMP_NEXT_VID (0xd)
| next payload chain: ignoring supplied 'ISAKMP Vendor ID Payload'.'next payload type' value 13:ISAKMP_NEXT_VID
| next payload chain: setting previous 'ISAKMP Security Association Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID)
| next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet'
| emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload
| V_ID  40 48 b7 d5  6e bc e8 85  25 e7 de 7f  00 d6 c2 d3
| emitting length of ISAKMP Vendor ID Payload: 20
| out_vid(): sending [XAUTH]
| ***emit ISAKMP Vendor ID Payload:
|    next payload type: ISAKMP_NEXT_VID (0xd)
| next payload chain: ignoring supplied 'ISAKMP Vendor ID Payload'.'next payload type' value 13:ISAKMP_NEXT_VID
| next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID)
| next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet'
| emitting 8 raw bytes of V_ID into ISAKMP Vendor ID Payload
| V_ID  09 00 26 89  df d6 b7 12
| emitting length of ISAKMP Vendor ID Payload: 12
| out_vid(): sending [Dead Peer Detection]
| ***emit ISAKMP Vendor ID Payload:
|    next payload type: ISAKMP_NEXT_NONE (0x0)
| next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID)
| next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet'
| emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload
| V_ID  af ca d7 13  68 a1 f1 c9  6b 86 96 fc  77 57 01 00
| emitting length of ISAKMP Vendor ID Payload: 20
| nat add vid
| sending draft and RFC NATT VIDs
| out_vid(): sending [RFC 3947]
| ***emit ISAKMP Vendor ID Payload:
|    next payload type: ISAKMP_NEXT_VID (0xd)
| next payload chain: ignoring supplied 'ISAKMP Vendor ID Payload'.'next payload type' value 13:ISAKMP_NEXT_VID
| next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID)
| next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet'
| emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload
| V_ID  4a 13 1c 81  07 03 58 45  5c 57 28 f2  0e 95 45 2f
| emitting length of ISAKMP Vendor ID Payload: 20
| skipping VID_NATT_RFC
| out_vid(): sending [draft-ietf-ipsec-nat-t-ike-03]
| ***emit ISAKMP Vendor ID Payload:
|    next payload type: ISAKMP_NEXT_VID (0xd)
| next payload chain: ignoring supplied 'ISAKMP Vendor ID Payload'.'next payload type' value 13:ISAKMP_NEXT_VID
| next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID)
| next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet'
| emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload
| V_ID  7d 94 19 a6  53 10 ca 6f  2c 17 9d 92  15 52 9d 56
| emitting length of ISAKMP Vendor ID Payload: 20
| out_vid(): sending [draft-ietf-ipsec-nat-t-ike-02_n]
| ***emit ISAKMP Vendor ID Payload:
|    next payload type: ISAKMP_NEXT_VID (0xd)
| next payload chain: ignoring supplied 'ISAKMP Vendor ID Payload'.'next payload type' value 13:ISAKMP_NEXT_VID
| next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID)
| next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet'
| emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload
| V_ID  90 cb 80 91  3e bb 69 6e  08 63 81 b5  ec 42 7b 1f
| emitting length of ISAKMP Vendor ID Payload: 20
| out_vid(): sending [draft-ietf-ipsec-nat-t-ike-02]
| ***emit ISAKMP Vendor ID Payload:
|    next payload type: ISAKMP_NEXT_NONE (0x0)
| next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID)
| next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet'
| emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload
| V_ID  cd 60 46 43  35 df 21 f8  7c fd b2 fc  68 b6 a4 48
| emitting length of ISAKMP Vendor ID Payload: 20
| no IKEv1 message padding required
| emitting length of ISAKMP Message: 804
| sending 804 bytes for reply packet for main_outI1 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #4)
|   c2 a2 04 41  95 65 36 ee  00 00 00 00  00 00 00 00
|   01 10 02 00  00 00 00 00  00 00 03 24  0d 00 02 84
|   00 00 00 01  00 00 00 01  00 00 02 78  00 01 00 12
|   03 00 00 24  00 01 00 00  80 0b 00 01  80 0c 0e 10
|   80 01 00 07  80 02 00 04  80 03 fd e9  80 04 00 0e
|   80 0e 01 00  03 00 00 24  01 01 00 00  80 0b 00 01
|   80 0c 0e 10  80 01 00 07  80 02 00 04  80 03 fd e9
|   80 04 00 0e  80 0e 00 80  03 00 00 24  02 01 00 00
|   80 0b 00 01  80 0c 0e 10  80 01 00 07  80 02 00 06
|   80 03 fd e9  80 04 00 0e  80 0e 01 00  03 00 00 24
|   03 01 00 00  80 0b 00 01  80 0c 0e 10  80 01 00 07
|   80 02 00 06  80 03 fd e9  80 04 00 0e  80 0e 00 80
|   03 00 00 24  04 01 00 00  80 0b 00 01  80 0c 0e 10
|   80 01 00 07  80 02 00 02  80 03 fd e9  80 04 00 0e
|   80 0e 01 00  03 00 00 24  05 01 00 00  80 0b 00 01
|   80 0c 0e 10  80 01 00 07  80 02 00 02  80 03 fd e9
|   80 04 00 0e  80 0e 00 80  03 00 00 24  06 01 00 00
|   80 0b 00 01  80 0c 0e 10  80 01 00 07  80 02 00 04
|   80 03 fd e9  80 04 00 05  80 0e 01 00  03 00 00 24
|   07 01 00 00  80 0b 00 01  80 0c 0e 10  80 01 00 07
|   80 02 00 04  80 03 fd e9  80 04 00 05  80 0e 00 80
|   03 00 00 24  08 01 00 00  80 0b 00 01  80 0c 0e 10
|   80 01 00 07  80 02 00 06  80 03 fd e9  80 04 00 05
|   80 0e 01 00  03 00 00 24  09 01 00 00  80 0b 00 01
|   80 0c 0e 10  80 01 00 07  80 02 00 06  80 03 fd e9
|   80 04 00 05  80 0e 00 80  03 00 00 24  0a 01 00 00
|   80 0b 00 01  80 0c 0e 10  80 01 00 07  80 02 00 02
|   80 03 fd e9  80 04 00 05  80 0e 01 00  03 00 00 24
|   0b 01 00 00  80 0b 00 01  80 0c 0e 10  80 01 00 07
|   80 02 00 02  80 03 fd e9  80 04 00 05  80 0e 00 80
|   03 00 00 20  0c 01 00 00  80 0b 00 01  80 0c 0e 10
|   80 01 00 05  80 02 00 04  80 03 fd e9  80 04 00 0e
|   03 00 00 20  0d 01 00 00  80 0b 00 01  80 0c 0e 10
|   80 01 00 05  80 02 00 06  80 03 fd e9  80 04 00 0e
|   03 00 00 20  0e 01 00 00  80 0b 00 01  80 0c 0e 10
|   80 01 00 05  80 02 00 02  80 03 fd e9  80 04 00 0e
|   03 00 00 20  0f 01 00 00  80 0b 00 01  80 0c 0e 10
|   80 01 00 05  80 02 00 04  80 03 fd e9  80 04 00 05
|   03 00 00 20  10 01 00 00  80 0b 00 01  80 0c 0e 10
|   80 01 00 05  80 02 00 06  80 03 fd e9  80 04 00 05
|   00 00 00 20  11 01 00 00  80 0b 00 01  80 0c 0e 10
|   80 01 00 05  80 02 00 02  80 03 fd e9  80 04 00 05
|   0d 00 00 14  40 48 b7 d5  6e bc e8 85  25 e7 de 7f
|   00 d6 c2 d3  0d 00 00 0c  09 00 26 89  df d6 b7 12
|   0d 00 00 14  af ca d7 13  68 a1 f1 c9  6b 86 96 fc
|   77 57 01 00  0d 00 00 14  4a 13 1c 81  07 03 58 45
|   5c 57 28 f2  0e 95 45 2f  0d 00 00 14  7d 94 19 a6
|   53 10 ca 6f  2c 17 9d 92  15 52 9d 56  0d 00 00 14
|   90 cb 80 91  3e bb 69 6e  08 63 81 b5  ec 42 7b 1f
|   00 00 00 14  cd 60 46 43  35 df 21 f8  7c fd b2 fc
|   68 b6 a4 48
"north-east" #4: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds
| event_schedule: new EVENT_RETRANSMIT-pe@0x7f3690002b78
| inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #4
| libevent_malloc: new ptr-libevent@0x7f369c003468 size 128
| #4 STATE_MAIN_I1: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 29317.810279
| #4 spent 1.49 milliseconds in main_outI1()
| stop processing: state #4 connection "north-east" from 192.1.2.23 (in main_outI1() at ikev1_main.c:228)
| event_schedule: new EVENT_SA_EXPIRE-pe@0x55f7ab38ef58
| inserting event EVENT_SA_EXPIRE, timeout in 0 seconds for #3
| libevent_malloc: new ptr-libevent@0x55f7ab392fd8 size 128
| libevent_free: release ptr-libevent@0x55f7ab397588
| free_event_entry: release EVENT_SA_REPLACE-pe@0x7f3698004218
| #3 spent 1.53 milliseconds in timer_event_cb() EVENT_SA_REPLACE
| processing: STOP state #0 (in timer_event_cb() at timer.c:557)
| processing global timer EVENT_REVIVE_CONNS
Initiating connection north-east which received a Delete/Notify but must remain up per local policy
| FOR_EACH_CONNECTION_... in conn_by_name
| start processing: connection "north-east" (in initiate_a_connection() at initiate.c:186)
| empty esp_info, returning defaults for ENCRYPT
| connection 'north-east' +POLICY_UP
| dup_any(fd@-1) -> fd@-1 (in initiate_a_connection() at initiate.c:342)
| FOR_EACH_STATE_... in find_phase1_state
| Ignored already queued up pending IPsec SA negotiation with 192.1.2.23 "north-east"
| stop processing: connection "north-east" (in initiate_a_connection() at initiate.c:349)
| spent 0.024 milliseconds in global timer EVENT_REVIVE_CONNS
| timer_event_cb: processing event@0x55f7ab38ef58
| handling event EVENT_SA_EXPIRE for child state #3
| start processing: state #3 connection "north-east" from 192.1.2.23 (in timer_event_cb() at timer.c:250)
| picked newest_ipsec_sa #0 for #3
| un-established partial CHILD SA timeout (SA expired)
| pstats #3 ikev1.ipsec failed exchange-timeout
| pstats #3 ikev1.ipsec deleted exchange-timeout
| [RE]START processing: state #3 connection "north-east" from 192.1.2.23 (in delete_state() at state.c:879)
"north-east" #3: deleting state (STATE_QUICK_I1) aged 0.042s and NOT sending notification
| child state #3: QUICK_I1(established CHILD SA) => delete
| child state #3: QUICK_I1(established CHILD SA) => CHILDSA_DEL(informational)
| priority calculation of connection "north-east" is 0xfdfff
| delete inbound eroute 0.0.0.0/0:0 --0-> 192.0.2.101/32:0 => unk255.10000@192.1.3.33 (raw_eroute)
| raw_eroute result=success
| in connection_discard for connection north-east
| State DB: deleting IKEv1 state #3 in CHILDSA_DEL
| child state #3: CHILDSA_DEL(informational) => UNDEFINED(ignore)
| stop processing: state #3 from 192.1.2.23 (in delete_state() at state.c:1143)
| libevent_free: release ptr-libevent@0x55f7ab392fd8
| free_event_entry: release EVENT_SA_EXPIRE-pe@0x55f7ab38ef58
| in statetime_stop() and could not find #3
| processing: STOP state #0 (in timer_event_cb() at timer.c:557)
| accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722)
shutting down
| processing: RESET whack log_fd (was fd@16) (in exit_pluto() at plutomain.c:1825)
| certs and keys locked by 'free_preshared_secrets'
forgetting secrets
| certs and keys unlocked by 'free_preshared_secrets'
| start processing: connection "north-east" (in delete_connection() at connections.c:189)
| removing pending policy for no connection {0x55f7ab37d6c8}
| Deleting states for connection - including all other IPsec SA's of this IKE SA
| pass 0
| FOR_EACH_STATE_... in foreach_state_by_connection_func_delete
| state #4
| suspend processing: connection "north-east" (in foreach_state_by_connection_func_delete() at state.c:1310)
| start processing: state #4 connection "north-east" from 192.1.2.23 (in foreach_state_by_connection_func_delete() at state.c:1310)
| pstats #4 ikev1.isakmp deleted other
| [RE]START processing: state #4 connection "north-east" from 192.1.2.23 (in delete_state() at state.c:879)
"north-east" #4: deleting state (STATE_MAIN_I1) aged 0.544s and NOT sending notification
| parent state #4: MAIN_I1(half-open IKE SA) => delete
| state #4 requesting EVENT_RETRANSMIT to be deleted
| #4 STATE_MAIN_I1: retransmits: cleared
| libevent_free: release ptr-libevent@0x7f369c003468
| free_event_entry: release EVENT_RETRANSMIT-pe@0x7f3690002b78
| State DB: IKEv1 state not found (flush_incomplete_children)
| picked newest_isakmp_sa #0 for #4
"north-east" #4: deleting IKE SA for connection 'north-east' but connection is supposed to remain up; schedule EVENT_REVIVE_CONNS
| add revival: connection 'north-east' added to the list and scheduled for 5 seconds
| global one-shot timer EVENT_REVIVE_CONNS scheduled in 5 seconds
| stop processing: connection "north-east" (BACKGROUND) (in update_state_connection() at connections.c:4076)
| start processing: connection NULL (in update_state_connection() at connections.c:4077)
| in connection_discard for connection north-east
| State DB: deleting IKEv1 state #4 in MAIN_I1
| parent state #4: MAIN_I1(half-open IKE SA) => UNDEFINED(ignore)
| stop processing: state #4 from 192.1.2.23 (in delete_state() at state.c:1143)
| processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312)
| pass 1
| FOR_EACH_STATE_... in foreach_state_by_connection_func_delete
| shunt_eroute() called for connection 'north-east' to 'delete' for rt_kind 'unrouted' using protoports 0--0->-0
| netlink_shunt_eroute for proto 0, and source port 0 dest port 0
| priority calculation of connection "north-east" is 0xfdfff
| priority calculation of connection "north-east" is 0xfdfff
| FOR_EACH_CONNECTION_... in route_owner
|  conn north-east mark 0/00000000, 0/00000000 vs
|  conn north-east mark 0/00000000, 0/00000000
| route owner of "north-east" unrouted: NULL
| running updown command "ipsec _updown" for verb unroute 
| command executing unroute-client
| executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-east' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.2.101/32' PLUTO_MY_CLIENT_NET='192.0.2.101' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='@east' PLUTO_PEER_CLIENT='0.0.0.0/0' PLUTO_PEER_CLIENT_NET='0.0.0.0' PLUTO_PEER_CLIENT_MASK='0.0.0.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+XAUTH+MODECFG_PULL+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_MY_SOURCEIP='192.0.2.101' PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='1' PLUTO_NM_CONFIGURED='0' VTI_I
| popen cmd is 1073 chars long
| cmd(   0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-east' PL:
| cmd(  80):UTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY:
| cmd( 160):_ID='192.1.3.33' PLUTO_MY_CLIENT='192.0.2.101/32' PLUTO_MY_CLIENT_NET='192.0.2.1:
| cmd( 240):01' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL=':
| cmd( 320):0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEE:
| cmd( 400):R_ID='@east' PLUTO_PEER_CLIENT='0.0.0.0/0' PLUTO_PEER_CLIENT_NET='0.0.0.0' PLUTO:
| cmd( 480):_PEER_CLIENT_MASK='0.0.0.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PE:
| cmd( 560):ER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='PSK+ENCRYPT+T:
| cmd( 640):UNNEL+PFS+UP+XAUTH+MODECFG_PULL+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' P:
| cmd( 720):LUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_:
| cmd( 800):MY_SOURCEIP='192.0.2.101' PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_P:
| cmd( 880):EER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='1:
| cmd( 960):' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0:
| cmd(1040):x0 SPI_OUT=0x0 ipsec _updown 2>&1:
unroute-client output: Error: Peer netns reference is invalid.
unroute-client output: Error: Peer netns reference is invalid.
unroute-client output: Error: Peer netns reference is invalid.
unroute-client output: Error: Peer netns reference is invalid.
unroute-client output: Error: Peer netns reference is invalid.
unroute-client output: Error: Peer netns reference is invalid.
unroute-client output: Error: Peer netns reference is invalid.
unroute-client output: Error: Peer netns reference is invalid.
unroute-client output: Error: Peer netns reference is invalid.
unroute-client output: Error: Peer netns reference is invalid.
unroute-client output: Error: Peer netns reference is invalid.
unroute-client output: Error: Peer netns reference is invalid.
unroute-client output: Error: Peer netns reference is invalid.
unroute-client output: Error: Peer netns reference is invalid.
unroute-client output: Error: Peer netns reference is invalid.
unroute-client output: Error: Peer netns reference is invalid.
unroute-client output: Error: Peer netns reference is invalid.
unroute-client output: Error: Peer netns reference is invalid.
unroute-client output: Error: Peer netns reference is invalid.
unroute-client output: Error: Peer netns reference is invalid.
unroute-client output: Error: Peer netns reference is invalid.
unroute-client output: Error: Peer netns reference is invalid.
unroute-client output: Error: Peer netns reference is invalid.
unroute-client output: Error: Peer netns reference is invalid.
unroute-client output: Error: Peer netns reference is invalid.
unroute-client output: Error: Peer netns reference is invalid.
unroute-client output: Error: Peer netns reference is invalid.
| free hp@0x55f7ab38b148
| flush revival: connection 'north-east' revival flushed
| processing: STOP connection NULL (in discard_connection() at connections.c:249)
| crl fetch request list locked by 'free_crl_fetch'
| crl fetch request list unlocked by 'free_crl_fetch'
shutting down interface lo/lo 127.0.0.1:4500
shutting down interface lo/lo 127.0.0.1:500
shutting down interface eth0/eth0 192.0.3.254:4500
shutting down interface eth0/eth0 192.0.3.254:500
shutting down interface eth1/eth1 192.1.3.33:4500
shutting down interface eth1/eth1 192.1.3.33:500
| FOR_EACH_STATE_... in delete_states_dead_interfaces
| libevent_free: release ptr-libevent@0x55f7ab37e238
| free_event_entry: release EVENT_NULL-pe@0x55f7ab38a0c8
| libevent_free: release ptr-libevent@0x55f7ab31a158
| free_event_entry: release EVENT_NULL-pe@0x55f7ab38a178
| libevent_free: release ptr-libevent@0x55f7ab31bff8
| free_event_entry: release EVENT_NULL-pe@0x55f7ab38a228
| libevent_free: release ptr-libevent@0x55f7ab319148
| free_event_entry: release EVENT_NULL-pe@0x55f7ab38a2d8
| libevent_free: release ptr-libevent@0x55f7ab2ea4e8
| free_event_entry: release EVENT_NULL-pe@0x55f7ab38a388
| libevent_free: release ptr-libevent@0x55f7ab2ea1d8
| free_event_entry: release EVENT_NULL-pe@0x55f7ab38a438
| FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations
| libevent_free: release ptr-libevent@0x55f7ab37e2e8
| free_event_entry: release EVENT_NULL-pe@0x55f7ab372028
| libevent_free: release ptr-libevent@0x55f7ab31bef8
| free_event_entry: release EVENT_NULL-pe@0x55f7ab3714e8
| libevent_free: release ptr-libevent@0x55f7ab355a98
| free_event_entry: release EVENT_NULL-pe@0x55f7ab372098
| global timer EVENT_REINIT_SECRET uninitialized
| global timer EVENT_SHUNT_SCAN uninitialized
| global timer EVENT_PENDING_DDNS uninitialized
| global timer EVENT_PENDING_PHASE2 uninitialized
| global timer EVENT_CHECK_CRLS uninitialized
| global timer EVENT_REVIVE_CONNS uninitialized
| global timer EVENT_FREE_ROOT_CERTS uninitialized
| global timer EVENT_RESET_LOG_RATE_LIMIT uninitialized
| global timer EVENT_NAT_T_KEEPALIVE uninitialized
| libevent_free: release ptr-libevent@0x55f7ab31d378
| signal event handler PLUTO_SIGCHLD uninstalled
| libevent_free: release ptr-libevent@0x55f7ab389828
| signal event handler PLUTO_SIGTERM uninstalled
| libevent_free: release ptr-libevent@0x55f7ab389938
| signal event handler PLUTO_SIGHUP uninstalled
| libevent_free: release ptr-libevent@0x55f7ab389b78
| signal event handler PLUTO_SIGSYS uninstalled
| releasing event base
| libevent_free: release ptr-libevent@0x55f7ab389a48
| libevent_free: release ptr-libevent@0x55f7ab36c8d8
| libevent_free: release ptr-libevent@0x55f7ab36c888
| libevent_free: release ptr-libevent@0x7f3698003e78
| libevent_free: release ptr-libevent@0x55f7ab36c7d8
| libevent_free: release ptr-libevent@0x55f7ab3895f8
| libevent_free: release ptr-libevent@0x55f7ab3897a8
| libevent_free: release ptr-libevent@0x55f7ab36ca88
| libevent_free: release ptr-libevent@0x55f7ab3715f8
| libevent_free: release ptr-libevent@0x55f7ab371fe8
| libevent_free: release ptr-libevent@0x55f7ab38a4a8
| libevent_free: release ptr-libevent@0x55f7ab38a3f8
| libevent_free: release ptr-libevent@0x55f7ab38a348
| libevent_free: release ptr-libevent@0x55f7ab38a298
| libevent_free: release ptr-libevent@0x55f7ab38a1e8
| libevent_free: release ptr-libevent@0x55f7ab38a138
| libevent_free: release ptr-libevent@0x55f7ab318998
| libevent_free: release ptr-libevent@0x55f7ab3898f8
| libevent_free: release ptr-libevent@0x55f7ab3897e8
| libevent_free: release ptr-libevent@0x55f7ab389768
| libevent_free: release ptr-libevent@0x55f7ab389a08
| libevent_free: release ptr-libevent@0x55f7ab389638
| libevent_free: release ptr-libevent@0x55f7ab2e9908
| libevent_free: release ptr-libevent@0x55f7ab2e9d38
| libevent_free: release ptr-libevent@0x55f7ab318d08
| releasing global libevent data
| libevent_free: release ptr-libevent@0x55f7ab31a518
| libevent_free: release ptr-libevent@0x55f7ab2e9cd8
| libevent_free: release ptr-libevent@0x55f7ab2e9dd8
leak detective found no leaks