FIPS Product: YES
FIPS Kernel: NO
FIPS Mode: NO
NSS DB directory: sql:/etc/ipsec.d
Initializing NSS
Opening NSS database "sql:/etc/ipsec.d" read-only
NSS initialized
NSS crypto library initialized
FIPS HMAC integrity support [enabled]
FIPS mode disabled for pluto daemon
FIPS HMAC integrity verification self-test FAILED
libcap-ng support [enabled]
Linux audit support [enabled]
Linux audit activated
Starting Pluto (Libreswan Version v3.28-685-gbfd5aef521-master-s2 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:23773
core dump dir: /run/pluto
secrets file: /etc/ipsec.secrets
leak-detective enabled
NSS crypto [enabled]
XAUTH PAM support [enabled]
| libevent is using pluto's memory allocator
Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800)
| libevent_malloc: new ptr-libevent@0x55b14dc894d8 size 40
| libevent_malloc: new ptr-libevent@0x55b14dc89458 size 40
| libevent_malloc: new ptr-libevent@0x55b14dc893d8 size 40
| creating event base
| libevent_malloc: new ptr-libevent@0x55b14dc7b008 size 56
| libevent_malloc: new ptr-libevent@0x55b14dc04dd8 size 664
| libevent_malloc: new ptr-libevent@0x55b14dcc3af8 size 24
| libevent_malloc: new ptr-libevent@0x55b14dcc3b48 size 384
| libevent_malloc: new ptr-libevent@0x55b14dcc3ab8 size 16
| libevent_malloc: new ptr-libevent@0x55b14dc89358 size 40
| libevent_malloc: new ptr-libevent@0x55b14dc892d8 size 48
| libevent_realloc: new ptr-libevent@0x55b14dc04a68 size 256
| libevent_malloc: new ptr-libevent@0x55b14dcc3cf8 size 16
| libevent_free: release ptr-libevent@0x55b14dc7b008
| libevent initialized
| libevent_realloc: new ptr-libevent@0x55b14dc7b008 size 64
| global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds
| init_nat_traversal() initialized with keep_alive=0s
NAT-Traversal support [enabled]
| global one-shot timer EVENT_NAT_T_KEEPALIVE initialized
| global one-shot timer EVENT_FREE_ROOT_CERTS initialized
| global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds
| global one-shot timer EVENT_REVIVE_CONNS initialized
| global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds
| global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds
Encryption algorithms:
AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm, aes_ccm_c
AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_b
AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_a
3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] 3des
CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128}
CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} camellia
AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm, aes_gcm_c
AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_b
AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_a
AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aesctr
AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aes
SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} serpent
TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} twofish
TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} twofish_cbc_ssh
NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_gmac
NULL IKEv1: ESP IKEv2: ESP []
CHACHA20_POLY1305 IKEv1: IKEv2: IKE ESP [*256] chacha20poly1305
Hash algorithms:
MD5 IKEv1: IKE IKEv2:
SHA1 IKEv1: IKE IKEv2: FIPS sha
SHA2_256 IKEv1: IKE IKEv2: FIPS sha2, sha256
SHA2_384 IKEv1: IKE IKEv2: FIPS sha384
SHA2_512 IKEv1: IKE IKEv2: FIPS sha512
PRF algorithms:
HMAC_MD5 IKEv1: IKE IKEv2: IKE md5
HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS sha, sha1
HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS sha2, sha256, sha2_256
HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS sha384, sha2_384
HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS sha512, sha2_512
AES_XCBC IKEv1: IKEv2: IKE aes128_xcbc
Integrity algorithms:
HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH md5, hmac_md5
HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha, sha1, sha1_96, hmac_sha1
HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha512, sha2_512, sha2_512_256, hmac_sha2_512
HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha384, sha2_384, sha2_384_192, hmac_sha2_384
HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256
HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH
AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH aes_xcbc, aes128_xcbc, aes128_xcbc_96
AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac
NONE IKEv1: ESP IKEv2: IKE ESP FIPS null
DH algorithms:
NONE IKEv1: IKEv2: IKE ESP AH FIPS null, dh0
MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh5
MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh14
MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh15
MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh16
MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh17
MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh18
DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_256, ecp256
DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_384, ecp384
DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_521, ecp521
DH31 IKEv1: IKE IKEv2: IKE ESP AH curve25519
testing CAMELLIA_CBC:
Camellia: 16 bytes with 128-bit key
Camellia: 16 bytes with 128-bit key
Camellia: 16 bytes with 256-bit key
Camellia: 16 bytes with 256-bit key
testing AES_GCM_16:
empty string
one block
two blocks
two blocks with associated data
testing AES_CTR:
Encrypting 16 octets using AES-CTR with 128-bit key
Encrypting 32 octets using AES-CTR with 128-bit key
Encrypting 36 octets using AES-CTR with 128-bit key
Encrypting 16 octets using AES-CTR with 192-bit key
Encrypting 32 octets using AES-CTR with 192-bit key
Encrypting 36 octets using AES-CTR with 192-bit key
Encrypting 16 octets using AES-CTR with 256-bit key
Encrypting 32 octets using AES-CTR with 256-bit key
Encrypting 36 octets using AES-CTR with 256-bit key
testing AES_CBC:
Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key
Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key
Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key
Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key
testing AES_XCBC:
RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input
RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input
RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input
RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input
RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input
RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input
RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input
RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16)
RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10)
RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18)
testing HMAC_MD5:
RFC 2104: MD5_HMAC test 1
RFC 2104: MD5_HMAC test 2
RFC 2104: MD5_HMAC test 3
8 CPU cores online
starting up 7 crypto helpers
started thread for crypto helper 0
started thread for crypto helper 1
| starting up helper thread 1
| status value returned by setting the priority of this thread (crypto helper 1) 22
started thread for crypto helper 2
| starting up helper thread 2
| crypto helper 1 waiting (nothing to do)
| status value returned by setting the priority of this thread (crypto helper 2) 22
| crypto helper 2 waiting (nothing to do)
started thread for crypto helper 3
| starting up helper thread 3
| status value returned by setting the priority of this thread (crypto helper 3) 22
| crypto helper 3 waiting (nothing to do)
started thread for crypto helper 4
| starting up helper thread 4
| status value returned by setting the priority of this thread (crypto helper 4) 22
| crypto helper 4 waiting (nothing to do)
started thread for crypto helper 5
| starting up helper thread 5
| status value returned by setting the priority of this thread (crypto helper 5) 22
| crypto helper 5 waiting (nothing to do)
started thread for crypto helper 6
| starting up helper thread 6
| status value returned by setting the priority of this thread (crypto helper 6) 22
| crypto helper 6 waiting (nothing to do)
| checking IKEv1 state table
| MAIN_R0: category: half-open IKE SA flags: 0:
| -> MAIN_R1 EVENT_SO_DISCARD
| MAIN_I1: category: half-open IKE SA flags: 0:
| -> MAIN_I2 EVENT_RETRANSMIT
| MAIN_R1: category: open IKE SA flags: 200:
| -> MAIN_R2 EVENT_RETRANSMIT
| -> UNDEFINED EVENT_RETRANSMIT
| -> UNDEFINED EVENT_RETRANSMIT
| MAIN_I2: category: open IKE SA flags: 0:
| -> MAIN_I3 EVENT_RETRANSMIT
| -> UNDEFINED EVENT_RETRANSMIT
| -> UNDEFINED EVENT_RETRANSMIT
| MAIN_R2: category: open IKE SA flags: 0:
| -> MAIN_R3 EVENT_SA_REPLACE
| -> MAIN_R3 EVENT_SA_REPLACE
| -> UNDEFINED EVENT_SA_REPLACE
| MAIN_I3: category: open IKE SA flags: 0:
| -> MAIN_I4 EVENT_SA_REPLACE
| -> MAIN_I4 EVENT_SA_REPLACE
| -> UNDEFINED EVENT_SA_REPLACE
| MAIN_R3: category: established IKE SA flags: 200:
| -> UNDEFINED EVENT_NULL
| MAIN_I4: category: established IKE SA flags: 0:
| -> UNDEFINED EVENT_NULL
| AGGR_R0: category: half-open IKE SA flags: 0:
| -> AGGR_R1 EVENT_SO_DISCARD
| AGGR_I1: category: half-open IKE SA flags: 0:
| -> AGGR_I2 EVENT_SA_REPLACE
| -> AGGR_I2 EVENT_SA_REPLACE
| AGGR_R1: category: open IKE SA flags: 200:
| -> AGGR_R2 EVENT_SA_REPLACE
| -> AGGR_R2 EVENT_SA_REPLACE
| AGGR_I2: category: established IKE SA flags: 200:
| -> UNDEFINED EVENT_NULL
| AGGR_R2: category: established IKE SA flags: 0:
| -> UNDEFINED EVENT_NULL
| QUICK_R0: category: established CHILD SA flags: 0:
| -> QUICK_R1 EVENT_RETRANSMIT
| QUICK_I1: category: established CHILD SA flags: 0:
| -> QUICK_I2 EVENT_SA_REPLACE
| QUICK_R1: category: established CHILD SA flags: 0:
| -> QUICK_R2 EVENT_SA_REPLACE
| QUICK_I2: category: established CHILD SA flags: 200:
| -> UNDEFINED EVENT_NULL
| QUICK_R2: category: established CHILD SA flags: 0:
| -> UNDEFINED EVENT_NULL
| INFO: category: informational flags: 0:
| -> UNDEFINED EVENT_NULL
| INFO_PROTECTED: category: informational flags: 0:
| -> UNDEFINED EVENT_NULL
| XAUTH_R0: category: established IKE SA flags: 0:
| -> XAUTH_R1 EVENT_NULL
| XAUTH_R1: category: established IKE SA flags: 0:
| -> MAIN_R3 EVENT_SA_REPLACE
| MODE_CFG_R0: category: informational flags: 0:
| -> MODE_CFG_R1 EVENT_SA_REPLACE
| MODE_CFG_R1: category: established IKE SA flags: 0:
| -> MODE_CFG_R2 EVENT_SA_REPLACE
| MODE_CFG_R2: category: established IKE SA flags: 0:
| -> UNDEFINED EVENT_NULL
| MODE_CFG_I1: category: established IKE SA flags: 0:
| -> MAIN_I4 EVENT_SA_REPLACE
| XAUTH_I0: category: established IKE SA flags: 0:
| -> XAUTH_I1 EVENT_RETRANSMIT
| XAUTH_I1: category: established IKE SA flags: 0:
| -> MAIN_I4 EVENT_RETRANSMIT
| checking IKEv2 state table
| PARENT_I0: category: ignore flags: 0:
| -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT)
| PARENT_I1: category: half-open IKE SA flags: 0:
| -> PARENT_I1 EVENT_RETAIN send-request (Initiator: process SA_INIT reply notification)
| -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH)
| PARENT_I2: category: open IKE SA flags: 0:
| -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification)
| -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification)
| -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification)
| -> V2_IPSEC_I EVENT_SA_REPLACE (Initiator: process IKE_AUTH response)
| -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification)
| PARENT_I3: category: established IKE SA flags: 0:
| -> PARENT_I3 EVENT_RETAIN (I3: Informational Request)
| -> PARENT_I3 EVENT_RETAIN (I3: Informational Response)
| -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Request)
| -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Response)
| PARENT_R0: category: half-open IKE SA flags: 0:
| -> PARENT_R1 EVENT_SO_DISCARD send-request (Respond to IKE_SA_INIT)
| PARENT_R1: category: half-open IKE SA flags: 0:
| -> PARENT_R1 EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request (no SKEYSEED))
| -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request)
| PARENT_R2: category: established IKE SA flags: 0:
| -> PARENT_R2 EVENT_RETAIN (R2: process Informational Request)
| -> PARENT_R2 EVENT_RETAIN (R2: process Informational Response)
| -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Request)
| -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Response)
| V2_CREATE_I0: category: established IKE SA flags: 0:
| -> V2_CREATE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA)
| V2_CREATE_I: category: established IKE SA flags: 0:
| -> V2_IPSEC_I EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response)
| V2_REKEY_IKE_I0: category: established IKE SA flags: 0:
| -> V2_REKEY_IKE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey)
| V2_REKEY_IKE_I: category: established IKE SA flags: 0:
| -> PARENT_I3 EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response)
| V2_REKEY_CHILD_I0: category: established IKE SA flags: 0:
| -> V2_REKEY_CHILD_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA)
| V2_REKEY_CHILD_I: category: established IKE SA flags: 0: <none>
| V2_CREATE_R: category: established IKE SA flags: 0:
| -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IPsec SA Request)
| V2_REKEY_IKE_R: category: established IKE SA flags: 0:
| -> PARENT_R2 EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IKE Rekey)
| V2_REKEY_CHILD_R: category: established IKE SA flags: 0: <none>
| V2_IPSEC_I: category: established CHILD SA flags: 0: <none>
| V2_IPSEC_R: category: established CHILD SA flags: 0: <none>
| IKESA_DEL: category: established IKE SA flags: 0:
| -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL)
| CHILDSA_DEL: category: informational flags: 0: <none>
Using Linux XFRM/NETKEY IPsec interface code on 5.1.18-200.fc29.x86_64
| Hard-wiring algorithms
| adding AES_CCM_16 to kernel algorithm db
| adding AES_CCM_12 to kernel algorithm db
| adding AES_CCM_8 to kernel algorithm db
| adding 3DES_CBC to kernel algorithm db
| adding CAMELLIA_CBC to kernel algorithm db
| adding AES_GCM_16 to kernel algorithm db
| adding AES_GCM_12 to kernel algorithm db
| adding AES_GCM_8 to kernel algorithm db
| adding AES_CTR to kernel algorithm db
| adding AES_CBC to kernel algorithm db
| adding SERPENT_CBC to kernel algorithm db
| adding TWOFISH_CBC to kernel algorithm db
| adding NULL_AUTH_AES_GMAC to kernel algorithm db
| adding NULL to kernel algorithm db
| adding CHACHA20_POLY1305 to kernel algorithm db
| adding HMAC_MD5_96 to kernel algorithm db
| adding HMAC_SHA1_96 to kernel algorithm db
| adding HMAC_SHA2_512_256 to kernel algorithm db
| adding HMAC_SHA2_384_192 to kernel algorithm db
| adding HMAC_SHA2_256_128 to kernel algorithm db
| adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db
| adding AES_XCBC_96 to kernel algorithm db
| adding AES_CMAC_96 to kernel algorithm db
| adding NONE to kernel algorithm db
| net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes
| global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds
| setup kernel fd callback
| add_fd_read_event_handler: new KERNEL_XRM_FD-pe@0x55b14dc831f8
| libevent_malloc: new ptr-libevent@0x55b14dcc2268 size 128
| libevent_malloc: new ptr-libevent@0x55b14dcc92f8 size 16
| add_fd_read_event_handler: new KERNEL_ROUTE_FD-pe@0x55b14dcc9288
| libevent_malloc: new ptr-libevent@0x55b14dc7bcb8 size 128
| libevent_malloc: new ptr-libevent@0x55b14dcc8f58 size 16
| global one-shot timer EVENT_CHECK_CRLS initialized
selinux support is enabled.
| unbound context created - setting debug level to 5
| /etc/hosts lookups activated
| /etc/resolv.conf usage activated
| outgoing-port-avoid set 0-65535
| outgoing-port-permit set 32768-60999
| Loading dnssec root key from:/var/lib/unbound/root.key
| No additional dnssec trust anchors defined via dnssec-trusted= option
| Setting up events, loop start
| add_fd_read_event_handler: new PLUTO_CTL_FD-pe@0x55b14dcc9728
| libevent_malloc: new ptr-libevent@0x55b14dcd5608 size 128
| libevent_malloc: new ptr-libevent@0x55b14dce08f8 size 16
| libevent_realloc: new ptr-libevent@0x55b14dce0938 size 256
| libevent_malloc: new ptr-libevent@0x55b14dce0a68 size 8
| libevent_realloc: new ptr-libevent@0x55b14dce0aa8 size 144
| libevent_malloc: new ptr-libevent@0x55b14dc877c8 size 152
| libevent_malloc: new ptr-libevent@0x55b14dce0b68 size 16
| signal event handler PLUTO_SIGCHLD installed
| libevent_malloc: new ptr-libevent@0x55b14dce0ba8 size 8
| libevent_malloc: new ptr-libevent@0x55b14dc05498 size 152
| signal event handler PLUTO_SIGTERM installed
| libevent_malloc: new ptr-libevent@0x55b14dce0be8 size 8
| libevent_malloc: new ptr-libevent@0x55b14dce0c28 size 152
| signal event handler PLUTO_SIGHUP installed
| libevent_malloc: new ptr-libevent@0x55b14dce0cf8 size 8
| libevent_realloc: release ptr-libevent@0x55b14dce0aa8
| libevent_realloc: new ptr-libevent@0x55b14dce0d38 size 256
| libevent_malloc: new ptr-libevent@0x55b14dce0e68 size 152
| signal event handler PLUTO_SIGSYS installed
| created addconn helper (pid:23966) using fork+execve
| forked child 23966
| accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722)
listening for IKE messages
| Inspecting interface lo
| found lo with address 127.0.0.1
| Inspecting interface eth0
| found eth0 with address 192.0.1.254
| Inspecting interface eth1
| found eth1 with address 192.1.2.45
Kernel supports NIC esp-hw-offload
adding interface eth1/eth1 (esp-hw-offload not supported by kernel) 192.1.2.45:500
| NAT-Traversal: Trying sockopt style NAT-T
| NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4
adding interface eth1/eth1 192.1.2.45:4500
adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.0.1.254:500
| NAT-Traversal: Trying sockopt style NAT-T
| NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4
adding interface eth0/eth0 192.0.1.254:4500
adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500
| NAT-Traversal: Trying sockopt style NAT-T
| NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4
adding interface lo/lo 127.0.0.1:4500
| no interfaces to sort
| FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations
| add_fd_read_event_handler: new ethX-pe@0x55b14dce1448
| libevent_malloc: new ptr-libevent@0x55b14dcd5558 size 128
| libevent_malloc: new ptr-libevent@0x55b14dce14b8 size 16
| setup callback for interface lo 127.0.0.1:4500 fd 22
| add_fd_read_event_handler: new ethX-pe@0x55b14dce14f8
| libevent_malloc: new ptr-libevent@0x55b14dc7bd68 size 128
| libevent_malloc: new ptr-libevent@0x55b14dce1568 size 16
| setup callback for interface lo 127.0.0.1:500 fd 21
| add_fd_read_event_handler: new ethX-pe@0x55b14dce15a8
| libevent_malloc: new ptr-libevent@0x55b14dc7b688 size 128
| libevent_malloc: new ptr-libevent@0x55b14dce1618 size 16
| setup callback for interface eth0 192.0.1.254:4500 fd 20
| add_fd_read_event_handler: new ethX-pe@0x55b14dce1658
| libevent_malloc: new ptr-libevent@0x55b14dc82f48 size 128
| libevent_malloc: new ptr-libevent@0x55b14dce16c8 size 16
| setup callback for interface eth0 192.0.1.254:500 fd 19
| add_fd_read_event_handler: new ethX-pe@0x55b14dce1708
| libevent_malloc: new ptr-libevent@0x55b14dc83048 size 128
| libevent_malloc: new ptr-libevent@0x55b14dce1778 size 16
| setup callback for interface eth1 192.1.2.45:4500 fd 18
| add_fd_read_event_handler: new ethX-pe@0x55b14dce17b8
| libevent_malloc: new ptr-libevent@0x55b14dc83148 size 128
| libevent_malloc: new ptr-libevent@0x55b14dce1828 size 16
| setup callback for interface eth1 192.1.2.45:500 fd 17
| certs and keys locked by 'free_preshared_secrets'
| certs and keys unlocked by 'free_preshared_secrets'
loading secrets from "/etc/ipsec.secrets"
| saving Modulus
| saving PublicExponent
| ignoring PrivateExponent
| ignoring Prime1
| ignoring Prime2
| ignoring Exponent1
| ignoring Exponent2
| ignoring Coefficient
| ignoring CKAIDNSS
| computed rsa CKAID b4 9f 1a ac 9e 45 6e 79 29 c8 81 97 3a 0c 6a d3
| computed rsa CKAID 7f 0f 03 50
loaded private key for keyid: PKK_RSA:AQOm9dY/4
| certs and keys locked by 'process_secret'
| certs and keys unlocked by 'process_secret'
| close_any(fd@16) (in whack_process() at rcv_whack.c:700)
| spent 0.663 milliseconds in whack
| starting up helper thread 0
| status value returned by setting the priority of this thread (crypto helper 0) 22
| crypto helper 0 waiting (nothing to do)
| accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722)
listening for IKE messages
| Inspecting interface lo
| found lo with address 127.0.0.1
| Inspecting interface eth0
| found eth0 with address 192.0.1.254
| Inspecting interface eth1
| found eth1 with address 192.1.2.45
| no interfaces to sort
| libevent_free: release ptr-libevent@0x55b14dcd5558
| free_event_entry: release EVENT_NULL-pe@0x55b14dce1448
| add_fd_read_event_handler: new ethX-pe@0x55b14dce1448
| libevent_malloc: new ptr-libevent@0x55b14dcd5558 size 128
| setup callback for interface lo 127.0.0.1:4500 fd 22
| libevent_free: release ptr-libevent@0x55b14dc7bd68
| free_event_entry: release EVENT_NULL-pe@0x55b14dce14f8
| add_fd_read_event_handler: new ethX-pe@0x55b14dce14f8
| libevent_malloc: new ptr-libevent@0x55b14dc7bd68 size 128
| setup callback for interface lo 127.0.0.1:500 fd 21
| libevent_free: release ptr-libevent@0x55b14dc7b688
| free_event_entry: release EVENT_NULL-pe@0x55b14dce15a8
| add_fd_read_event_handler: new ethX-pe@0x55b14dce15a8
| libevent_malloc: new ptr-libevent@0x55b14dc7b688 size 128
| setup callback for interface eth0 192.0.1.254:4500 fd 20
| libevent_free: release ptr-libevent@0x55b14dc82f48
| free_event_entry: release EVENT_NULL-pe@0x55b14dce1658
| add_fd_read_event_handler: new ethX-pe@0x55b14dce1658
| libevent_malloc: new ptr-libevent@0x55b14dc82f48 size 128
| setup callback for interface eth0 192.0.1.254:500 fd 19
| libevent_free: release ptr-libevent@0x55b14dc83048
| free_event_entry: release EVENT_NULL-pe@0x55b14dce1708
| add_fd_read_event_handler: new ethX-pe@0x55b14dce1708
| libevent_malloc: new ptr-libevent@0x55b14dc83048 size 128
| setup callback for interface eth1 192.1.2.45:4500 fd 18
| libevent_free: release ptr-libevent@0x55b14dc83148
| free_event_entry: release EVENT_NULL-pe@0x55b14dce17b8
| add_fd_read_event_handler: new ethX-pe@0x55b14dce17b8
| libevent_malloc: new ptr-libevent@0x55b14dc83148 size 128
| setup callback for interface eth1 192.1.2.45:500 fd 17
| certs and keys locked by 'free_preshared_secrets'
forgetting secrets
| certs and keys unlocked by 'free_preshared_secrets'
loading secrets from "/etc/ipsec.secrets"
| saving Modulus
| saving PublicExponent
| ignoring PrivateExponent
| ignoring Prime1
| ignoring Prime2
| ignoring Exponent1
| ignoring Exponent2
| ignoring Coefficient
| ignoring CKAIDNSS
| computed rsa CKAID b4 9f 1a ac 9e 45 6e 79 29 c8 81 97 3a 0c 6a d3
| computed rsa CKAID 7f 0f 03 50
loaded private key for keyid: PKK_RSA:AQOm9dY/4
| certs and keys locked by 'process_secret'
| certs and keys unlocked by 'process_secret'
| close_any(fd@16) (in whack_process() at rcv_whack.c:700)
| spent 0.433 milliseconds in whack
| processing signal PLUTO_SIGCHLD
| waitpid returned pid 23966 (exited with status 0)
| reaped addconn helper child (status 0)
| waitpid returned ECHILD (no child processes left)
| spent 0.0132 milliseconds in signal handler PLUTO_SIGCHLD
| accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722)
| FOR_EACH_CONNECTION_... in conn_by_name
| FOR_EACH_CONNECTION_... in foreach_connection_by_alias
| FOR_EACH_CONNECTION_... in conn_by_name
| FOR_EACH_CONNECTION_... in foreach_connection_by_alias
| FOR_EACH_CONNECTION_... in conn_by_name
| Added new connection nss-cert with policy ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO
| No AUTH policy was set - defaulting to RSASIG
| setting ID to ID_DER_ASN1_DN: 'E=user-usage-both@testing.libreswan.org,CN=usage-both.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA'
| loading left certificate 'usage-both' pubkey
| get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55b14dce38f8
| get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55b14dce38a8
| get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55b14dce3858
| unreference key: 0x55b14dce3948 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=usage-both.testing.libreswan.org, E=user-usage-both@testing.libreswan.org cnt 1--
| certs and keys locked by 'lsw_add_rsa_secret'
| certs and keys unlocked by 'lsw_add_rsa_secret'
| counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=usage-both.testing.libreswan.org, E=user-usage-both@testing.libreswan.org is 0
| counting wild cards for %fromcert is 0
| connect_to_host_pair: 192.1.2.45:500 192.1.2.23:500 -> hp@(nil): none
| new hp@0x55b14dce8018
added connection description "nss-cert"
| ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO
| 192.0.1.254/32===192.1.2.45<192.1.2.45>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=usage-both.testing.libreswan.org, E=user-usage-both@testing.libreswan.org]...192.1.2.23<192.1.2.23>[%fromcert]===192.0.2.254/32
| close_any(fd@16) (in whack_process() at rcv_whack.c:700)
| spent 1.16 milliseconds in whack
| accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722)
| FOR_EACH_CONNECTION_... in show_connections_status
| FOR_EACH_CONNECTION_... in show_connections_status
| FOR_EACH_STATE_... in show_states_status (sort_states)
| close_any(fd@16) (in whack_process() at rcv_whack.c:700)
| spent 0.32 milliseconds in whack
| accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722)
| old debugging base+cpu-usage + none
| base debugging = base+cpu-usage
| old impairing none + suppress-retransmits
| base impairing = suppress-retransmits
| close_any(fd@16) (in whack_process() at rcv_whack.c:700)
| spent 0.0514 milliseconds in whack
| accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722)
| dup_any(fd@16) -> fd@23 (in whack_process() at rcv_whack.c:590)
| FOR_EACH_CONNECTION_... in conn_by_name
| start processing: connection "nss-cert" (in initiate_a_connection() at initiate.c:186)
| empty esp_info, returning defaults for ENCRYPT
| connection 'nss-cert' +POLICY_UP
| dup_any(fd@23) -> fd@24 (in initiate_a_connection() at initiate.c:342)
| FOR_EACH_STATE_... in find_phase1_state
| creating state object #1 at 0x55b14dce83c8
| State DB: adding IKEv1 state #1 in UNDEFINED
| pstats #1 ikev1.isakmp started
| suspend processing: connection "nss-cert" (in main_outI1() at ikev1_main.c:118)
| start processing: state #1 connection "nss-cert" from 192.1.2.23 (in main_outI1() at ikev1_main.c:118)
| parent state #1: UNDEFINED(ignore) => MAIN_I1(half-open IKE SA)
| dup_any(fd@24) -> fd@25 (in main_outI1() at ikev1_main.c:123)
| Queuing pending IPsec SA negotiating with 192.1.2.23 "nss-cert" IKE SA #1 "nss-cert"
"nss-cert" #1: initiating Main Mode
| **emit ISAKMP Message:
| initiator cookie:
| f2 0e e9 e8 8b aa e4 0b
| responder cookie:
| 00 00 00 00 00 00 00 00
| next payload type: ISAKMP_NEXT_SA (0x1)
| ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
| exchange type: ISAKMP_XCHG_IDPROT (0x2)
| flags: none (0x0)
| Message ID: 0 (0x0)
| next payload chain: saving message location 'ISAKMP Message'.'next payload type'
| next payload chain: ignoring supplied 'ISAKMP Message'.'next payload type' value 1:ISAKMP_NEXT_SA
| no specific IKE algorithms specified - using defaults
| oakley_alg_makedb() processing ealg=aes=7 halg=sha2_256=4 modp=MODP2048=14 eklen=0
| oakley_alg_makedb() processing ealg=aes=7 halg=sha2_512=6 modp=MODP2048=14 eklen=0
| oakley_alg_makedb() processing ealg=aes=7 halg=sha=2 modp=MODP2048=14 eklen=0
| oakley_alg_makedb() processing ealg=aes=7 halg=sha2_256=4 modp=MODP1536=5 eklen=0
| oakley_alg_makedb() processing ealg=aes=7 halg=sha2_512=6 modp=MODP1536=5 eklen=0
| oakley_alg_makedb() processing ealg=aes=7 halg=sha=2 modp=MODP1536=5 eklen=0
| oakley_alg_makedb() processing ealg=3des_cbc=5 halg=sha2_256=4 modp=MODP2048=14 eklen=0
| oakley_alg_makedb() processing ealg=3des_cbc=5 halg=sha2_512=6 modp=MODP2048=14 eklen=0
| oakley_alg_makedb() processing ealg=3des_cbc=5 halg=sha=2 modp=MODP2048=14 eklen=0
| oakley_alg_makedb() processing ealg=3des_cbc=5 halg=sha2_256=4 modp=MODP1536=5 eklen=0
| oakley_alg_makedb() processing ealg=3des_cbc=5 halg=sha2_512=6 modp=MODP1536=5 eklen=0
| oakley_alg_makedb() processing ealg=3des_cbc=5 halg=sha=2 modp=MODP1536=5 eklen=0
| oakley_alg_makedb() returning 0x55b14dcea828
| ***emit ISAKMP Security Association Payload:
| next payload type: ISAKMP_NEXT_VID (0xd)
| DOI: ISAKMP_DOI_IPSEC (0x1)
| next payload chain: ignoring supplied 'ISAKMP Security Association Payload'.'next payload type' value 13:ISAKMP_NEXT_VID
| next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Security Association Payload (1:ISAKMP_NEXT_SA)
| next payload chain: saving location 'ISAKMP Security Association Payload'.'next payload type' in 'reply packet'
| ****emit IPsec DOI SIT:
| IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1)
| ikev1_out_sa pcn: 0 has 1 valid proposals
| ikev1_out_sa pcn: 0 pn: 0<1 valid_count: 1 trans_cnt: 18
| ****emit ISAKMP Proposal Payload:
| next payload type: ISAKMP_NEXT_NONE (0x0)
| proposal number: 0 (0x0)
| protocol ID: PROTO_ISAKMP (0x1)
| SPI size: 0 (0x0)
| number of transforms: 18 (0x12)
| last substructure: saving location 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type'
| *****emit ISAKMP Transform Payload (ISAKMP):
| next payload type: ISAKMP_NEXT_T (0x3)
| ISAKMP transform number: 0 (0x0)
| ISAKMP transform ID: KEY_IKE (0x1)
| last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type'
| ******emit ISAKMP Oakley attribute:
| af+type: AF+OAKLEY_LIFE_TYPE (0x800b)
| length/value: 1 (0x1)
| [1 is OAKLEY_LIFE_SECONDS]
| ******emit ISAKMP Oakley attribute:
| af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c)
| length/value: 3600 (0xe10)
| ******emit ISAKMP Oakley attribute:
| af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001)
| length/value: 7 (0x7)
| [7 is OAKLEY_AES_CBC]
| ******emit ISAKMP Oakley attribute:
| af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002)
| length/value: 4 (0x4)
| [4 is OAKLEY_SHA2_256]
| ******emit ISAKMP Oakley attribute:
| af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003)
| length/value: 3 (0x3)
| [3 is OAKLEY_RSA_SIG]
| ******emit ISAKMP Oakley attribute:
| af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004)
| length/value: 14 (0xe)
| [14 is OAKLEY_GROUP_MODP2048]
| ******emit ISAKMP Oakley attribute:
| af+type: AF+OAKLEY_KEY_LENGTH (0x800e)
| length/value: 256 (0x100)
| emitting length of ISAKMP Transform Payload (ISAKMP): 36
| *****emit ISAKMP Transform Payload (ISAKMP):
| next payload type: ISAKMP_NEXT_T (0x3)
| ISAKMP transform number: 1 (0x1)
| ISAKMP transform ID: KEY_IKE (0x1)
| last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3)
| last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type'
| ******emit ISAKMP Oakley attribute:
| af+type: AF+OAKLEY_LIFE_TYPE (0x800b)
| length/value: 1 (0x1)
| [1 is OAKLEY_LIFE_SECONDS]
| ******emit ISAKMP Oakley attribute:
| af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c)
| length/value: 3600 (0xe10)
| ******emit ISAKMP Oakley attribute:
| af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001)
| length/value: 7 (0x7)
| [7 is OAKLEY_AES_CBC]
| ******emit ISAKMP Oakley attribute:
| af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002)
| length/value: 4 (0x4)
| [4 is OAKLEY_SHA2_256]
| ******emit ISAKMP Oakley attribute:
| af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003)
| length/value: 3 (0x3)
| [3 is OAKLEY_RSA_SIG]
| ******emit ISAKMP Oakley attribute:
| af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004)
| length/value: 14 (0xe)
| [14 is OAKLEY_GROUP_MODP2048]
| ******emit ISAKMP Oakley attribute:
| af+type: AF+OAKLEY_KEY_LENGTH (0x800e)
| length/value: 128 (0x80)
| emitting length of ISAKMP Transform Payload (ISAKMP): 36
| *****emit ISAKMP Transform Payload (ISAKMP):
| next payload type: ISAKMP_NEXT_T (0x3)
| ISAKMP transform number: 2 (0x2)
| ISAKMP transform ID: KEY_IKE (0x1)
| last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3)
| last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type'
| ******emit ISAKMP Oakley attribute:
| af+type: AF+OAKLEY_LIFE_TYPE (0x800b)
| length/value: 1 (0x1)
| [1 is OAKLEY_LIFE_SECONDS]
| ******emit ISAKMP Oakley attribute:
| af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c)
| length/value: 3600 (0xe10)
| ******emit ISAKMP Oakley attribute:
| af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001)
| length/value: 7 (0x7)
| [7 is OAKLEY_AES_CBC]
| ******emit ISAKMP Oakley attribute:
| af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002)
| length/value: 6 (0x6)
| [6 is OAKLEY_SHA2_512]
| ******emit ISAKMP Oakley attribute:
| af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003)
| length/value: 3 (0x3)
| [3 is OAKLEY_RSA_SIG]
| ******emit ISAKMP Oakley attribute:
| af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004)
| length/value: 14 (0xe)
| [14 is OAKLEY_GROUP_MODP2048]
| ******emit ISAKMP Oakley attribute:
| af+type: AF+OAKLEY_KEY_LENGTH (0x800e)
| length/value: 256 (0x100)
| emitting length of ISAKMP Transform Payload (ISAKMP): 36
| *****emit ISAKMP Transform Payload (ISAKMP):
| next payload type: ISAKMP_NEXT_T (0x3)
| ISAKMP transform number: 3 (0x3)
| ISAKMP transform ID: KEY_IKE (0x1)
| last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3)
| last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type'
| ******emit ISAKMP Oakley attribute:
| af+type: AF+OAKLEY_LIFE_TYPE (0x800b)
| length/value: 1 (0x1)
| [1 is OAKLEY_LIFE_SECONDS]
| ******emit ISAKMP Oakley attribute:
| af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c)
| length/value: 3600 (0xe10)
| ******emit ISAKMP Oakley attribute:
| af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001)
| length/value: 7 (0x7)
| [7 is OAKLEY_AES_CBC]
| ******emit ISAKMP Oakley attribute:
| af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002)
| length/value: 6 (0x6)
| [6 is OAKLEY_SHA2_512]
| ******emit ISAKMP Oakley attribute:
| af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003)
| length/value: 3 (0x3)
| [3 is OAKLEY_RSA_SIG]
| ******emit ISAKMP Oakley attribute:
| af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004)
| length/value: 14 (0xe)
| [14 is OAKLEY_GROUP_MODP2048]
| ******emit ISAKMP Oakley attribute:
| af+type: AF+OAKLEY_KEY_LENGTH (0x800e)
| length/value: 128 (0x80)
| emitting length of ISAKMP Transform Payload (ISAKMP): 36
| *****emit ISAKMP Transform Payload (ISAKMP):
| next payload type: ISAKMP_NEXT_T (0x3)
| ISAKMP transform number: 4 (0x4)
| ISAKMP transform ID: KEY_IKE (0x1)
| last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3)
| last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type'
| ******emit ISAKMP Oakley attribute:
| af+type: AF+OAKLEY_LIFE_TYPE (0x800b)
| length/value: 1 (0x1)
| [1 is OAKLEY_LIFE_SECONDS]
| ******emit ISAKMP Oakley attribute:
| af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c)
| length/value: 3600 (0xe10)
| ******emit ISAKMP Oakley attribute:
| af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001)
| length/value: 7 (0x7)
| [7 is OAKLEY_AES_CBC]
| ******emit ISAKMP Oakley attribute:
| af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002)
| length/value: 2 (0x2)
| [2 is OAKLEY_SHA1]
| ******emit ISAKMP Oakley attribute:
| af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003)
| length/value: 3 (0x3)
| [3 is OAKLEY_RSA_SIG]
| ******emit ISAKMP Oakley attribute:
| af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004)
| length/value: 14 (0xe)
| [14 is OAKLEY_GROUP_MODP2048]
| ******emit ISAKMP Oakley attribute:
| af+type: AF+OAKLEY_KEY_LENGTH (0x800e)
| length/value: 256 (0x100)
| emitting length of ISAKMP Transform Payload (ISAKMP): 36
| *****emit ISAKMP Transform Payload (ISAKMP):
| next payload type: ISAKMP_NEXT_T (0x3)
| ISAKMP transform number: 5 (0x5)
| ISAKMP transform ID: KEY_IKE (0x1)
| last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3)
| last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type'
| ******emit ISAKMP Oakley attribute:
| af+type: AF+OAKLEY_LIFE_TYPE (0x800b)
| length/value: 1 (0x1)
| [1 is OAKLEY_LIFE_SECONDS]
| ******emit ISAKMP Oakley attribute:
| af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c)
| length/value: 3600 (0xe10)
| ******emit ISAKMP Oakley attribute:
| af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001)
| length/value: 7 (0x7)
| [7 is OAKLEY_AES_CBC]
| ******emit ISAKMP Oakley attribute:
| af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002)
| length/value: 2 (0x2)
| [2 is OAKLEY_SHA1]
| ******emit ISAKMP Oakley attribute:
| af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003)
| length/value: 3 (0x3)
| [3 is OAKLEY_RSA_SIG]
| ******emit ISAKMP Oakley attribute:
| af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004)
| length/value: 14 (0xe)
| [14 is OAKLEY_GROUP_MODP2048]
| ******emit ISAKMP Oakley attribute:
| af+type: AF+OAKLEY_KEY_LENGTH (0x800e)
| length/value: 128 (0x80)
| emitting length of ISAKMP Transform Payload (ISAKMP): 36
| *****emit ISAKMP Transform Payload (ISAKMP):
| next payload type: ISAKMP_NEXT_T (0x3)
| ISAKMP transform number: 6 (0x6)
| ISAKMP transform ID: KEY_IKE (0x1)
| last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3)
| last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type'
| ******emit ISAKMP Oakley attribute:
| af+type: AF+OAKLEY_LIFE_TYPE (0x800b)
| length/value: 1 (0x1)
| [1 is OAKLEY_LIFE_SECONDS]
| ******emit ISAKMP Oakley attribute:
| af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c)
| length/value: 3600 (0xe10)
| ******emit ISAKMP Oakley attribute:
| af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001)
| length/value: 7 (0x7)
| [7 is OAKLEY_AES_CBC]
| ******emit ISAKMP Oakley attribute:
| af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002)
| length/value: 4 (0x4)
| [4 is OAKLEY_SHA2_256]
| ******emit ISAKMP Oakley attribute:
| af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003)
| length/value: 3 (0x3)
| [3 is OAKLEY_RSA_SIG]
| ******emit ISAKMP Oakley attribute:
| af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004)
| length/value: 5 (0x5)
| [5 is OAKLEY_GROUP_MODP1536]
| ******emit ISAKMP Oakley attribute:
| af+type: AF+OAKLEY_KEY_LENGTH (0x800e)
| length/value: 256 (0x100)
| emitting length of ISAKMP Transform Payload (ISAKMP): 36
| *****emit ISAKMP Transform Payload (ISAKMP):
| next payload type: ISAKMP_NEXT_T (0x3)
| ISAKMP transform number: 7 (0x7)
| ISAKMP transform ID: KEY_IKE (0x1)
| last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3)
| last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type'
| ******emit ISAKMP Oakley attribute:
| af+type: AF+OAKLEY_LIFE_TYPE (0x800b)
| length/value: 1 (0x1)
| [1 is OAKLEY_LIFE_SECONDS]
| ******emit ISAKMP Oakley attribute:
| af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c)
| length/value: 3600 (0xe10)
| ******emit ISAKMP Oakley attribute:
| af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001)
| length/value: 7 (0x7)
| [7 is OAKLEY_AES_CBC]
| ******emit ISAKMP Oakley attribute:
| af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002)
| length/value: 4 (0x4)
| [4 is OAKLEY_SHA2_256]
| ******emit ISAKMP Oakley attribute:
| af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003)
| length/value: 3 (0x3)
| [3 is OAKLEY_RSA_SIG]
| ******emit ISAKMP Oakley attribute:
| af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004)
| length/value: 5 (0x5)
| [5 is OAKLEY_GROUP_MODP1536]
| ******emit ISAKMP Oakley attribute:
| af+type: AF+OAKLEY_KEY_LENGTH (0x800e)
| length/value: 128 (0x80)
| emitting length of ISAKMP Transform Payload (ISAKMP): 36
| *****emit ISAKMP Transform Payload (ISAKMP):
| next payload type: ISAKMP_NEXT_T (0x3)
| ISAKMP transform number: 8 (0x8)
| ISAKMP transform ID: KEY_IKE (0x1)
| last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3)
| last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type'
| ******emit ISAKMP Oakley attribute:
| af+type: AF+OAKLEY_LIFE_TYPE (0x800b)
| length/value: 1 (0x1)
| [1 is OAKLEY_LIFE_SECONDS]
| ******emit ISAKMP Oakley attribute:
| af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c)
| length/value: 3600 (0xe10)
| ******emit ISAKMP Oakley attribute:
| af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001)
| length/value: 7 (0x7)
| [7 is OAKLEY_AES_CBC]
| ******emit ISAKMP Oakley attribute:
| af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002)
| length/value: 6 (0x6)
| [6 is OAKLEY_SHA2_512]
| ******emit ISAKMP Oakley attribute:
| af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003)
| length/value: 3 (0x3)
| [3 is OAKLEY_RSA_SIG]
| ******emit ISAKMP Oakley attribute:
| af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004)
| length/value: 5 (0x5)
| [5 is OAKLEY_GROUP_MODP1536]
| ******emit ISAKMP Oakley attribute:
| af+type: AF+OAKLEY_KEY_LENGTH (0x800e)
| length/value: 256 (0x100)
| emitting length of ISAKMP Transform Payload (ISAKMP): 36
| *****emit ISAKMP Transform Payload (ISAKMP):
| next payload type: ISAKMP_NEXT_T (0x3)
| ISAKMP transform number: 9 (0x9)
| ISAKMP transform ID: KEY_IKE (0x1)
| last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3)
| last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type'
| ******emit ISAKMP Oakley attribute:
| af+type: AF+OAKLEY_LIFE_TYPE (0x800b)
| length/value: 1 (0x1)
| [1 is OAKLEY_LIFE_SECONDS]
| ******emit ISAKMP Oakley attribute:
| af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c)
| length/value: 3600 (0xe10)
| ******emit ISAKMP Oakley attribute:
| af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001)
| length/value: 7 (0x7)
| [7 is OAKLEY_AES_CBC]
| ******emit ISAKMP Oakley attribute:
| af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002)
| length/value: 6 (0x6)
| [6 is OAKLEY_SHA2_512]
| ******emit ISAKMP Oakley attribute:
| af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003)
| length/value: 3 (0x3)
| [3 is OAKLEY_RSA_SIG]
| ******emit ISAKMP Oakley attribute:
| af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004)
| length/value: 5 (0x5)
| [5 is OAKLEY_GROUP_MODP1536]
| ******emit ISAKMP Oakley attribute:
| af+type: AF+OAKLEY_KEY_LENGTH (0x800e)
| length/value: 128 (0x80)
| emitting length of ISAKMP Transform Payload (ISAKMP): 36
| *****emit ISAKMP Transform Payload (ISAKMP):
| next payload type: ISAKMP_NEXT_T (0x3)
| ISAKMP transform number: 10 (0xa)
| ISAKMP transform ID: KEY_IKE (0x1)
| last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3)
| last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type'
| ******emit ISAKMP Oakley attribute:
| af+type: AF+OAKLEY_LIFE_TYPE (0x800b)
| length/value: 1 (0x1)
| [1 is OAKLEY_LIFE_SECONDS]
| ******emit ISAKMP Oakley attribute:
| af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c)
| length/value: 3600 (0xe10)
| ******emit ISAKMP Oakley attribute:
| af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001)
| length/value: 7 (0x7)
| [7 is OAKLEY_AES_CBC]
| ******emit ISAKMP Oakley attribute:
| af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002)
| length/value: 2 (0x2)
| [2 is OAKLEY_SHA1]
| ******emit ISAKMP Oakley attribute:
| af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003)
| length/value: 3 (0x3)
| [3 is OAKLEY_RSA_SIG]
| ******emit ISAKMP Oakley attribute:
| af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004)
| length/value: 5 (0x5)
| [5 is OAKLEY_GROUP_MODP1536]
| ******emit ISAKMP Oakley attribute:
| af+type: AF+OAKLEY_KEY_LENGTH (0x800e)
| length/value: 256 (0x100)
| emitting length of ISAKMP Transform Payload (ISAKMP): 36
| *****emit ISAKMP Transform Payload (ISAKMP):
| next payload type: ISAKMP_NEXT_T (0x3)
| ISAKMP transform number: 11 (0xb)
| ISAKMP transform ID: KEY_IKE (0x1)
| last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3)
| last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type'
| ******emit ISAKMP Oakley attribute:
| af+type: AF+OAKLEY_LIFE_TYPE (0x800b)
| length/value: 1 (0x1)
| [1 is OAKLEY_LIFE_SECONDS]
| ******emit ISAKMP Oakley attribute:
| af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c)
| length/value: 3600 (0xe10)
| ******emit ISAKMP Oakley attribute:
| af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001)
| length/value: 7 (0x7)
| [7 is OAKLEY_AES_CBC]
| ******emit ISAKMP Oakley attribute:
| af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002)
| length/value: 2 (0x2)
| [2 is OAKLEY_SHA1]
| ******emit ISAKMP Oakley attribute:
| af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003)
| length/value: 3 (0x3)
| [3 is OAKLEY_RSA_SIG]
| ******emit ISAKMP Oakley attribute:
| af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004)
| length/value: 5 (0x5)
| [5 is OAKLEY_GROUP_MODP1536]
| ******emit ISAKMP Oakley attribute:
| af+type: AF+OAKLEY_KEY_LENGTH (0x800e)
| length/value: 128 (0x80)
| emitting length of ISAKMP Transform Payload (ISAKMP): 36
| *****emit ISAKMP Transform Payload (ISAKMP):
| next payload type: ISAKMP_NEXT_T (0x3)
| ISAKMP transform number: 12 (0xc)
| ISAKMP transform ID: KEY_IKE (0x1)
| last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3)
| last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type'
| ******emit ISAKMP Oakley attribute:
| af+type: AF+OAKLEY_LIFE_TYPE (0x800b)
| length/value: 1 (0x1)
| [1 is OAKLEY_LIFE_SECONDS]
| ******emit ISAKMP Oakley attribute:
| af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c)
| length/value: 3600 (0xe10)
| ******emit ISAKMP Oakley attribute:
| af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001)
| length/value: 5 (0x5)
| [5 is OAKLEY_3DES_CBC]
| ******emit ISAKMP Oakley attribute:
| af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002)
| length/value: 4 (0x4)
| [4 is OAKLEY_SHA2_256]
| ******emit ISAKMP Oakley attribute:
| af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003)
| length/value: 3 (0x3)
| [3 is OAKLEY_RSA_SIG]
| ******emit ISAKMP Oakley attribute:
| af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004)
| length/value: 14 (0xe)
| [14 is OAKLEY_GROUP_MODP2048]
| emitting length of ISAKMP Transform Payload (ISAKMP): 32
| *****emit ISAKMP Transform Payload (ISAKMP):
| next payload type: ISAKMP_NEXT_T (0x3)
| ISAKMP transform number: 13 (0xd)
| ISAKMP transform ID: KEY_IKE (0x1)
| last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3)
| last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type'
| ******emit ISAKMP Oakley attribute:
| af+type: AF+OAKLEY_LIFE_TYPE (0x800b)
| length/value: 1 (0x1)
| [1 is OAKLEY_LIFE_SECONDS]
| ******emit ISAKMP Oakley attribute:
| af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c)
| length/value: 3600 (0xe10)
| ******emit ISAKMP Oakley attribute:
| af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001)
| length/value: 5 (0x5)
| [5 is OAKLEY_3DES_CBC]
| ******emit ISAKMP Oakley attribute:
| af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002)
| length/value: 6 (0x6)
| [6 is OAKLEY_SHA2_512]
| ******emit ISAKMP Oakley attribute:
| af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003)
| length/value: 3 (0x3)
| [3 is OAKLEY_RSA_SIG]
| ******emit ISAKMP Oakley attribute:
| af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004)
| length/value: 14 (0xe)
| [14 is OAKLEY_GROUP_MODP2048]
| emitting length of ISAKMP Transform Payload (ISAKMP): 32
| *****emit ISAKMP Transform Payload (ISAKMP):
| next payload type: ISAKMP_NEXT_T (0x3)
| ISAKMP transform number: 14 (0xe)
| ISAKMP transform ID: KEY_IKE (0x1)
| last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3)
| last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type'
| ******emit ISAKMP Oakley attribute:
| af+type: AF+OAKLEY_LIFE_TYPE (0x800b)
| length/value: 1 (0x1)
| [1 is OAKLEY_LIFE_SECONDS]
| ******emit ISAKMP Oakley attribute:
| af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c)
| length/value: 3600 (0xe10)
| ******emit ISAKMP Oakley attribute:
| af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001)
| length/value: 5 (0x5)
| [5 is OAKLEY_3DES_CBC]
| ******emit ISAKMP Oakley attribute:
| af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002)
| length/value: 2 (0x2)
| [2 is OAKLEY_SHA1]
| ******emit ISAKMP Oakley attribute:
| af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003)
| length/value: 3 (0x3)
| [3 is OAKLEY_RSA_SIG]
| ******emit ISAKMP Oakley attribute:
| af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004)
| length/value: 14 (0xe)
| [14 is OAKLEY_GROUP_MODP2048]
| emitting length of ISAKMP Transform Payload (ISAKMP): 32
| *****emit ISAKMP Transform Payload (ISAKMP):
| next payload type: ISAKMP_NEXT_T (0x3)
| ISAKMP transform number: 15 (0xf)
| ISAKMP transform ID: KEY_IKE (0x1)
| last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3)
| last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type'
| ******emit ISAKMP Oakley attribute:
| af+type: AF+OAKLEY_LIFE_TYPE (0x800b)
| length/value: 1 (0x1)
| [1 is OAKLEY_LIFE_SECONDS]
| ******emit ISAKMP Oakley attribute:
| af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c)
| length/value: 3600 (0xe10)
| ******emit ISAKMP Oakley attribute:
| af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001)
| length/value: 5 (0x5)
| [5 is OAKLEY_3DES_CBC]
| ******emit ISAKMP Oakley attribute:
| af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002)
| length/value: 4 (0x4)
| [4 is OAKLEY_SHA2_256]
| ******emit ISAKMP Oakley attribute:
| af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003)
| length/value: 3 (0x3)
| [3 is OAKLEY_RSA_SIG]
| ******emit ISAKMP Oakley attribute:
| af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004)
| length/value: 5 (0x5)
| [5 is OAKLEY_GROUP_MODP1536]
| emitting length of ISAKMP Transform Payload (ISAKMP): 32
| *****emit ISAKMP Transform Payload (ISAKMP):
| next payload type: ISAKMP_NEXT_T (0x3)
| ISAKMP transform number: 16 (0x10)
| ISAKMP transform ID: KEY_IKE (0x1)
| last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3)
| last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type'
| ******emit ISAKMP Oakley attribute:
| af+type: AF+OAKLEY_LIFE_TYPE (0x800b)
| length/value: 1 (0x1)
| [1 is OAKLEY_LIFE_SECONDS]
| ******emit ISAKMP Oakley attribute:
| af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c)
| length/value: 3600 (0xe10)
| ******emit ISAKMP Oakley attribute:
| af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001)
| length/value: 5 (0x5)
| [5 is OAKLEY_3DES_CBC]
| ******emit ISAKMP Oakley attribute:
| af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002)
| length/value: 6 (0x6)
| [6 is OAKLEY_SHA2_512]
| ******emit ISAKMP Oakley attribute:
| af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003)
| length/value: 3 (0x3)
| [3 is OAKLEY_RSA_SIG]
| ******emit ISAKMP Oakley attribute:
| af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004)
| length/value: 5 (0x5)
| [5 is OAKLEY_GROUP_MODP1536]
| emitting length of ISAKMP Transform Payload (ISAKMP): 32
| *****emit ISAKMP Transform Payload (ISAKMP):
| next payload type: ISAKMP_NEXT_NONE (0x0)
| ISAKMP transform number: 17 (0x11)
| ISAKMP transform ID: KEY_IKE (0x1)
| last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3)
| last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type'
| ******emit ISAKMP Oakley attribute:
| af+type: AF+OAKLEY_LIFE_TYPE (0x800b)
| length/value: 1 (0x1)
| [1 is OAKLEY_LIFE_SECONDS]
| ******emit ISAKMP Oakley attribute:
| af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c)
| length/value: 3600 (0xe10)
| ******emit ISAKMP Oakley attribute:
| af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001)
| length/value: 5 (0x5)
| [5 is OAKLEY_3DES_CBC]
| ******emit ISAKMP Oakley attribute:
| af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002)
| length/value: 2 (0x2)
| [2 is OAKLEY_SHA1]
| ******emit ISAKMP Oakley attribute:
| af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003)
| length/value: 3 (0x3)
| [3 is OAKLEY_RSA_SIG]
| ******emit ISAKMP Oakley attribute:
| af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004)
| length/value: 5 (0x5)
| [5 is OAKLEY_GROUP_MODP1536]
| emitting length of ISAKMP Transform Payload (ISAKMP): 32
| emitting length of ISAKMP Proposal Payload: 632
| last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is 0
| emitting length of ISAKMP Security Association Payload: 644
| last substructure: checking 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' is 0
| out_vid(): sending [FRAGMENTATION]
| ***emit ISAKMP Vendor ID Payload:
| next payload type: ISAKMP_NEXT_VID (0xd)
| next payload chain: ignoring supplied 'ISAKMP Vendor ID Payload'.'next payload type' value 13:ISAKMP_NEXT_VID
| next payload chain: setting previous 'ISAKMP Security Association Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID)
| next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet'
| emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload
| V_ID 40 48 b7 d5 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3
| emitting length of ISAKMP Vendor ID Payload: 20
| out_vid(): sending [Dead Peer Detection]
| ***emit ISAKMP Vendor ID Payload:
| next payload type: ISAKMP_NEXT_NONE (0x0)
| next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID)
| next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet'
| emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload
| V_ID af ca d7 13 68 a1 f1 c9 6b 86 96 fc 77 57 01 00
| emitting length of ISAKMP Vendor ID Payload: 20
| nat add vid
| sending draft and RFC NATT VIDs
| out_vid(): sending [RFC 3947]
| ***emit ISAKMP Vendor ID Payload:
| next payload type: ISAKMP_NEXT_VID (0xd)
| next payload chain: ignoring supplied 'ISAKMP Vendor ID Payload'.'next payload type' value 13:ISAKMP_NEXT_VID
| next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID)
| next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet'
| emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload
| V_ID 4a 13 1c 81 07 03 58 45 5c 57 28 f2 0e 95 45 2f
| emitting length of ISAKMP Vendor ID Payload: 20
| skipping VID_NATT_RFC
| out_vid(): sending [draft-ietf-ipsec-nat-t-ike-03]
| ***emit ISAKMP Vendor ID Payload:
| next payload type: ISAKMP_NEXT_VID (0xd)
| next payload chain: ignoring supplied 'ISAKMP Vendor ID Payload'.'next payload type' value 13:ISAKMP_NEXT_VID
| next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID)
| next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet'
| emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload
| V_ID 7d 94 19 a6 53 10 ca 6f 2c 17 9d 92 15 52 9d 56
| emitting length of ISAKMP Vendor ID Payload: 20
| out_vid(): sending [draft-ietf-ipsec-nat-t-ike-02_n]
| ***emit ISAKMP Vendor ID Payload:
| next payload type: ISAKMP_NEXT_VID (0xd)
| next payload chain: ignoring supplied 'ISAKMP Vendor ID Payload'.'next payload type' value 13:ISAKMP_NEXT_VID
| next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID)
| next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet'
| emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload
| V_ID 90 cb 80 91 3e bb 69 6e 08 63 81 b5 ec 42 7b 1f
| emitting length of ISAKMP Vendor ID Payload: 20
| out_vid(): sending [draft-ietf-ipsec-nat-t-ike-02]
| ***emit ISAKMP Vendor ID Payload:
| next payload type: ISAKMP_NEXT_NONE (0x0)
| next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID)
| next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet'
| emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload
| V_ID cd 60 46 43 35 df 21 f8 7c fd b2 fc 68 b6 a4 48
| emitting length of ISAKMP Vendor ID Payload: 20
| no IKEv1 message padding required
| emitting length of ISAKMP Message: 792
| sending 792 bytes for reply packet for main_outI1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1)
| f2 0e e9 e8 8b aa e4 0b 00 00 00 00 00 00 00 00
| 01 10 02 00 00 00 00 00 00 00 03 18 0d 00 02 84
| 00 00 00 01 00 00 00 01 00 00 02 78 00 01 00 12
| 03 00 00 24 00 01 00 00 80 0b 00 01 80 0c 0e 10
| 80 01 00 07 80 02 00 04 80 03 00 03 80 04 00 0e
| 80 0e 01 00 03 00 00 24 01 01 00 00 80 0b 00 01
| 80 0c 0e 10 80 01 00 07 80 02 00 04 80 03 00 03
| 80 04 00 0e 80 0e 00 80 03 00 00 24 02 01 00 00
| 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 06
| 80 03 00 03 80 04 00 0e 80 0e 01 00 03 00 00 24
| 03 01 00 00 80 0b 00 01 80 0c 0e 10 80 01 00 07
| 80 02 00 06 80 03 00 03 80 04 00 0e 80 0e 00 80
| 03 00 00 24 04 01 00 00 80 0b 00 01 80 0c 0e 10
| 80 01 00 07 80 02 00 02 80 03 00 03 80 04 00 0e
| 80 0e 01 00 03 00 00 24 05 01 00 00 80 0b 00 01
| 80 0c 0e 10 80 01 00 07 80 02 00 02 80 03 00 03
| 80 04 00 0e 80 0e 00 80 03 00 00 24 06 01 00 00
| 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 04
| 80 03 00 03 80 04 00 05 80 0e 01 00 03 00 00 24
| 07 01 00 00 80 0b 00 01 80 0c 0e 10 80 01 00 07
| 80 02 00 04 80 03 00 03 80 04 00 05 80 0e 00 80
| 03 00 00 24 08 01 00 00 80 0b 00 01 80 0c 0e 10
| 80 01 00 07 80 02 00 06 80 03 00 03 80 04 00 05
| 80 0e 01 00 03 00 00 24 09 01 00 00 80 0b 00 01
| 80 0c 0e 10 80 01 00 07 80 02 00 06 80 03 00 03
| 80 04 00 05 80 0e 00 80 03 00 00 24 0a 01 00 00
| 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 02
| 80 03 00 03 80 04 00 05 80 0e 01 00 03 00 00 24
| 0b 01 00 00 80 0b 00 01 80 0c 0e 10 80 01 00 07
| 80 02 00 02 80 03 00 03 80 04 00 05 80 0e 00 80
| 03 00 00 20 0c 01 00 00 80 0b 00 01 80 0c 0e 10
| 80 01 00 05 80 02 00 04 80 03 00 03 80 04 00 0e
| 03 00 00 20 0d 01 00 00 80 0b 00 01 80 0c 0e 10
| 80 01 00 05 80 02 00 06 80 03 00 03 80 04 00 0e
| 03 00 00 20 0e 01 00 00 80 0b 00 01 80 0c 0e 10
| 80 01 00 05 80 02 00 02 80 03 00 03 80 04 00 0e
| 03 00 00 20 0f 01 00 00 80 0b 00 01 80 0c 0e 10
| 80 01 00 05 80 02 00 04 80 03 00 03 80 04 00 05
| 03 00 00 20 10 01 00 00 80 0b 00 01 80 0c 0e 10
| 80 01 00 05 80 02 00 06 80 03 00 03 80 04 00 05
| 00 00 00 20 11 01 00 00 80 0b 00 01 80 0c 0e 10
| 80 01 00 05 80 02 00 02 80 03 00 03 80 04 00 05
| 0d 00 00 14 40 48 b7 d5 6e bc e8 85 25 e7 de 7f
| 00 d6 c2 d3 0d 00 00 14 af ca d7 13 68 a1 f1 c9
| 6b 86 96 fc 77 57 01 00 0d 00 00 14 4a 13 1c 81
| 07 03 58 45 5c 57 28 f2 0e 95 45 2f 0d 00 00 14
| 7d 94 19 a6 53 10 ca 6f 2c 17 9d 92 15 52 9d 56
| 0d 00 00 14 90 cb 80 91 3e bb 69 6e 08 63 81 b5
| ec 42 7b 1f 00 00 00 14 cd 60 46 43 35 df 21 f8
| 7c fd b2 fc 68 b6 a4 48
"nss-cert" #1: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds
| event_schedule: new EVENT_RETRANSMIT-pe@0x55b14dceb378
| inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #1
| libevent_malloc: new ptr-libevent@0x55b14dce3458 size 128
| #1 STATE_MAIN_I1: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 29928.767796
| #1 spent 1.54 milliseconds in main_outI1()
| stop processing: state #1 connection "nss-cert" from 192.1.2.23 (in main_outI1() at ikev1_main.c:228)
| resume processing: connection "nss-cert" (in main_outI1() at ikev1_main.c:228)
| stop processing: connection "nss-cert" (in initiate_a_connection() at initiate.c:349)
| close_any(fd@23) (in initiate_connection() at initiate.c:372)
| close_any(fd@16) (in whack_process() at rcv_whack.c:700)
| spent 1.6 milliseconds in whack
| spent 0.00205 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue()
| *received 144 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500)
| f2 0e e9 e8 8b aa e4 0b 20 89 2c a1 61 82 f0 e2
| 01 10 02 00 00 00 00 00 00 00 00 90 0d 00 00 38
| 00 00 00 01 00 00 00 01 00 00 00 2c 00 01 00 01
| 00 00 00 24 00 01 00 00 80 0b 00 01 80 0c 0e 10
| 80 01 00 07 80 02 00 04 80 03 00 03 80 04 00 0e
| 80 0e 01 00 0d 00 00 14 40 48 b7 d5 6e bc e8 85
| 25 e7 de 7f 00 d6 c2 d3 0d 00 00 14 af ca d7 13
| 68 a1 f1 c9 6b 86 96 fc 77 57 01 00 00 00 00 14
| 4a 13 1c 81 07 03 58 45 5c 57 28 f2 0e 95 45 2f
| start processing: from 192.1.2.23:500 (in process_md() at demux.c:378)
| **parse ISAKMP Message:
| initiator cookie:
| f2 0e e9 e8 8b aa e4 0b
| responder cookie:
| 20 89 2c a1 61 82 f0 e2
| next payload type: ISAKMP_NEXT_SA (0x1)
| ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
| exchange type: ISAKMP_XCHG_IDPROT (0x2)
| flags: none (0x0)
| Message ID: 0 (0x0)
| length: 144 (0x90)
| processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2)
| State DB: IKEv1 state not found (find_state_ikev1)
| State DB: found IKEv1 state #1 in MAIN_I1 (find_state_ikev1_init)
| start processing: state #1 connection "nss-cert" from 192.1.2.23 (in process_v1_packet() at ikev1.c:1459)
| #1 is idle
| #1 idle
| got payload 0x2 (ISAKMP_NEXT_SA) needed: 0x2 opt: 0x2080
| ***parse ISAKMP Security Association Payload:
| next payload type: ISAKMP_NEXT_VID (0xd)
| length: 56 (0x38)
| DOI: ISAKMP_DOI_IPSEC (0x1)
| got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080
| ***parse ISAKMP Vendor ID Payload:
| next payload type: ISAKMP_NEXT_VID (0xd)
| length: 20 (0x14)
| got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080
| ***parse ISAKMP Vendor ID Payload:
| next payload type: ISAKMP_NEXT_VID (0xd)
| length: 20 (0x14)
| got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080
| ***parse ISAKMP Vendor ID Payload:
| next payload type: ISAKMP_NEXT_NONE (0x0)
| length: 20 (0x14)
| message 'main_inR1_outI2' HASH payload not checked early
| received Vendor ID payload [FRAGMENTATION]
| received Vendor ID payload [Dead Peer Detection]
| quirks.qnat_traversal_vid set to=117 [RFC 3947]
| received Vendor ID payload [RFC 3947]
| ****parse IPsec DOI SIT:
| IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1)
| ****parse ISAKMP Proposal Payload:
| next payload type: ISAKMP_NEXT_NONE (0x0)
| length: 44 (0x2c)
| proposal number: 0 (0x0)
| protocol ID: PROTO_ISAKMP (0x1)
| SPI size: 0 (0x0)
| number of transforms: 1 (0x1)
| *****parse ISAKMP Transform Payload (ISAKMP):
| next payload type: ISAKMP_NEXT_NONE (0x0)
| length: 36 (0x24)
| ISAKMP transform number: 0 (0x0)
| ISAKMP transform ID: KEY_IKE (0x1)
| ******parse ISAKMP Oakley attribute:
| af+type: AF+OAKLEY_LIFE_TYPE (0x800b)
| length/value: 1 (0x1)
| [1 is OAKLEY_LIFE_SECONDS]
| ******parse ISAKMP Oakley attribute:
| af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c)
| length/value: 3600 (0xe10)
| ******parse ISAKMP Oakley attribute:
| af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001)
| length/value: 7 (0x7)
| [7 is OAKLEY_AES_CBC]
| ******parse ISAKMP Oakley attribute:
| af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002)
| length/value: 4 (0x4)
| [4 is OAKLEY_SHA2_256]
| ******parse ISAKMP Oakley attribute:
| af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003)
| length/value: 3 (0x3)
| [3 is OAKLEY_RSA_SIG]
| ******parse ISAKMP Oakley attribute:
| af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004)
| length/value: 14 (0xe)
| [14 is OAKLEY_GROUP_MODP2048]
| ******parse ISAKMP Oakley attribute:
| af+type: AF+OAKLEY_KEY_LENGTH (0x800e)
| length/value: 256 (0x100)
| OAKLEY proposal verified unconditionally; no alg_info to check against
| Oakley Transform 0 accepted
| sender checking NAT-T: enabled; VID 117
| returning NAT-T method NAT_TRAVERSAL_METHOD_IETF_RFC
| enabling possible NAT-traversal with method RFC 3947 (NAT-Traversal)
| adding outI2 KE work-order 1 for state #1
| state #1 requesting EVENT_RETRANSMIT to be deleted
| #1 STATE_MAIN_I1: retransmits: cleared
| libevent_free: release ptr-libevent@0x55b14dce3458
| free_event_entry: release EVENT_RETRANSMIT-pe@0x55b14dceb378
| event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55b14dceb378
| inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1
| libevent_malloc: new ptr-libevent@0x55b14dce3458 size 128
| complete v1 state transition with STF_SUSPEND
| [RE]START processing: state #1 connection "nss-cert" from 192.1.2.23 (in complete_v1_state_transition() at ikev1.c:2648)
| suspending state #1 and saving MD
| #1 is busy; has a suspended MD
| #1 spent 0.116 milliseconds in process_packet_tail()
| stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380)
| stop processing: state #1 connection "nss-cert" from 192.1.2.23 (in process_md() at demux.c:382)
| processing: STOP connection NULL (in process_md() at demux.c:383)
| spent 0.256 milliseconds in comm_handle_cb() reading and processing packet
| crypto helper 1 resuming
| crypto helper 1 starting work-order 1 for state #1
| crypto helper 1 doing build KE and nonce (outI2 KE); request ID 1
| crypto helper 1 finished build KE and nonce (outI2 KE); request ID 1 time elapsed 0.000925 seconds
| (#1) spent 0.932 milliseconds in crypto helper computing work-order 1: outI2 KE (pcr)
| crypto helper 1 sending results from work-order 1 for state #1 to event queue
| scheduling resume sending helper answer for #1
| libevent_malloc: new ptr-libevent@0x7f668c002888 size 128
| crypto helper 1 waiting (nothing to do)
| processing resume sending helper answer for #1
| start processing: state #1 connection "nss-cert" from 192.1.2.23 (in resume_handler() at server.c:797)
| crypto helper 1 replies to request ID 1
| calling continuation function 0x55b14bf48b50
| main_inR1_outI2_continue for #1: calculated ke+nonce, sending I2
| **emit ISAKMP Message:
| initiator cookie:
| f2 0e e9 e8 8b aa e4 0b
| responder cookie:
| 20 89 2c a1 61 82 f0 e2
| next payload type: ISAKMP_NEXT_NONE (0x0)
| ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
| exchange type: ISAKMP_XCHG_IDPROT (0x2)
| flags: none (0x0)
| Message ID: 0 (0x0)
| next payload chain: saving message location 'ISAKMP Message'.'next payload type'
| ***emit ISAKMP Key Exchange Payload:
| next payload type: ISAKMP_NEXT_NONCE (0xa)
| next payload chain: ignoring supplied 'ISAKMP Key Exchange Payload'.'next payload type' value 10:ISAKMP_NEXT_NONCE
| next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Key Exchange Payload (4:ISAKMP_NEXT_KE)
| next payload chain: saving location 'ISAKMP Key Exchange Payload'.'next payload type' in 'reply packet'
| emitting 256 raw bytes of keyex value into ISAKMP Key Exchange Payload
| keyex value 38 a5 21 f9 0d 0c ee ec 41 66 54 0f 16 ab 4e c4
| keyex value 6f ec 20 da 3e 0e a2 67 71 64 96 b2 27 52 13 8c
| keyex value 49 9c 80 99 03 13 25 b3 20 6f 56 7b 91 bb c9 64
| keyex value 81 27 c3 ff a6 66 44 68 28 ba 85 75 f5 d1 d8 a1
| keyex value ed 08 43 b9 10 d3 06 95 3f ca 12 63 b1 fd ff 5e
| keyex value 44 a0 4d 3c 72 f6 08 d3 12 c4 42 89 af 2c c6 13
| keyex value 20 13 7a ee 02 58 5d 65 c2 a7 41 b4 f2 44 ad 7b
| keyex value ce 2b 48 ef 20 72 86 85 71 20 95 6f 4c a6 81 6a
| keyex value 7a 51 63 71 ea 80 bd 1d e1 73 f6 65 45 82 60 16
| keyex value e5 7a 42 13 e3 a4 7b 58 00 d5 48 1e 53 16 f9 f5
| keyex value 74 3a c5 24 30 c3 26 cc b2 6d 58 5f cd 68 12 4b
| keyex value 19 29 62 8e 00 ea 60 42 1c ec 1f 4e 77 7f 88 33
| keyex value 1d 68 b7 9c 96 85 b9 0f b2 f7 da 71 df 3a f3 c5
| keyex value 5f 52 34 d9 18 98 76 a5 49 0b a1 05 1e de 2f 59
| keyex value 5d a0 92 7b 34 4f df 25 50 74 88 84 dd 17 f0 db
| keyex value 26 73 97 7e fc 71 df fa bf 9f 95 0c cc 83 7f 22
| emitting length of ISAKMP Key Exchange Payload: 260
| ***emit ISAKMP Nonce Payload:
| next payload type: ISAKMP_NEXT_NONE (0x0)
| next payload chain: setting previous 'ISAKMP Key Exchange Payload'.'next payload type' to current ISAKMP Nonce Payload (10:ISAKMP_NEXT_NONCE)
| next payload chain: saving location 'ISAKMP Nonce Payload'.'next payload type' in 'reply packet'
| emitting 32 raw bytes of Ni into ISAKMP Nonce Payload
| Ni 12 a4 76 1b 3f e2 55 a1 e9 3d f3 14 d3 bd ae 2a
| Ni 74 71 4c 12 11 37 53 0e 39 b6 ad 2a aa 74 90 6a
| emitting length of ISAKMP Nonce Payload: 36
| NAT-T checking st_nat_traversal
| NAT-T found (implies NAT_T_WITH_NATD)
| sending NAT-D payloads
| natd_hash: hasher=0x55b14c01dca0(32)
| natd_hash: icookie= f2 0e e9 e8 8b aa e4 0b
| natd_hash: rcookie= 20 89 2c a1 61 82 f0 e2
| natd_hash: ip= c0 01 02 17
| natd_hash: port=500
| natd_hash: hash= 94 2d 82 3f 3a f8 68 1c 3d 86 00 e7 40 6f c3 70
| natd_hash: hash= c0 42 08 e0 f5 08 f8 b8 17 de 24 21 bd ac e8 32
| ***emit ISAKMP NAT-D Payload:
| next payload type: ISAKMP_NEXT_NATD_RFC (0x14)
| next payload chain: ignoring supplied 'ISAKMP NAT-D Payload'.'next payload type' value 20:ISAKMP_NEXT_NATD_RFC
| next payload chain: setting previous 'ISAKMP Nonce Payload'.'next payload type' to current ISAKMP NAT-D Payload (20:ISAKMP_NEXT_NATD_RFC)
| next payload chain: saving location 'ISAKMP NAT-D Payload'.'next payload type' in 'reply packet'
| emitting 32 raw bytes of NAT-D into ISAKMP NAT-D Payload
| NAT-D 94 2d 82 3f 3a f8 68 1c 3d 86 00 e7 40 6f c3 70
| NAT-D c0 42 08 e0 f5 08 f8 b8 17 de 24 21 bd ac e8 32
| emitting length of ISAKMP NAT-D Payload: 36
| natd_hash: hasher=0x55b14c01dca0(32)
| natd_hash: icookie= f2 0e e9 e8 8b aa e4 0b
| natd_hash: rcookie= 20 89 2c a1 61 82 f0 e2
| natd_hash: ip= c0 01 02 2d
| natd_hash: port=500
| natd_hash: hash= 86 cb a7 5e 82 22 dc 86 30 da 1e 43 c6 b5 59 4e
| natd_hash: hash= 74 6d a1 e3 42 4e ca 35 71 23 1c 00 f5 c1 1d 01
| ***emit ISAKMP NAT-D Payload:
| next payload type: ISAKMP_NEXT_NONE (0x0)
| next payload chain: setting previous 'ISAKMP NAT-D Payload'.'next payload type' to current ISAKMP NAT-D Payload (20:ISAKMP_NEXT_NATD_RFC)
| next payload chain: saving location 'ISAKMP NAT-D Payload'.'next payload type' in 'reply packet'
| emitting 32 raw bytes of NAT-D into ISAKMP NAT-D Payload
| NAT-D 86 cb a7 5e 82 22 dc 86 30 da 1e 43 c6 b5 59 4e
| NAT-D 74 6d a1 e3 42 4e ca 35 71 23 1c 00 f5 c1 1d 01
| emitting length of ISAKMP NAT-D Payload: 36
| no IKEv1 message padding required
| emitting length of ISAKMP Message: 396
| State DB: re-hashing IKEv1 state #1 IKE SPIi and SPI[ir]
| complete v1 state transition with STF_OK
| [RE]START processing: state #1 connection "nss-cert" from 192.1.2.23 (in complete_v1_state_transition() at ikev1.c:2673)
| #1 is idle
| doing_xauth:no, t_xauth_client_done:no
| peer supports fragmentation
| peer supports DPD
| IKEv1: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
| parent state #1: MAIN_I1(half-open IKE SA) => MAIN_I2(open IKE SA)
| event_already_set, deleting event
| state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted
| libevent_free: release ptr-libevent@0x55b14dce3458
| free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55b14dceb378
| sending reply packet to 192.1.2.23:500 (from 192.1.2.45:500)
| sending 396 bytes for STATE_MAIN_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1)
| f2 0e e9 e8 8b aa e4 0b 20 89 2c a1 61 82 f0 e2
| 04 10 02 00 00 00 00 00 00 00 01 8c 0a 00 01 04
| 38 a5 21 f9 0d 0c ee ec 41 66 54 0f 16 ab 4e c4
| 6f ec 20 da 3e 0e a2 67 71 64 96 b2 27 52 13 8c
| 49 9c 80 99 03 13 25 b3 20 6f 56 7b 91 bb c9 64
| 81 27 c3 ff a6 66 44 68 28 ba 85 75 f5 d1 d8 a1
| ed 08 43 b9 10 d3 06 95 3f ca 12 63 b1 fd ff 5e
| 44 a0 4d 3c 72 f6 08 d3 12 c4 42 89 af 2c c6 13
| 20 13 7a ee 02 58 5d 65 c2 a7 41 b4 f2 44 ad 7b
| ce 2b 48 ef 20 72 86 85 71 20 95 6f 4c a6 81 6a
| 7a 51 63 71 ea 80 bd 1d e1 73 f6 65 45 82 60 16
| e5 7a 42 13 e3 a4 7b 58 00 d5 48 1e 53 16 f9 f5
| 74 3a c5 24 30 c3 26 cc b2 6d 58 5f cd 68 12 4b
| 19 29 62 8e 00 ea 60 42 1c ec 1f 4e 77 7f 88 33
| 1d 68 b7 9c 96 85 b9 0f b2 f7 da 71 df 3a f3 c5
| 5f 52 34 d9 18 98 76 a5 49 0b a1 05 1e de 2f 59
| 5d a0 92 7b 34 4f df 25 50 74 88 84 dd 17 f0 db
| 26 73 97 7e fc 71 df fa bf 9f 95 0c cc 83 7f 22
| 14 00 00 24 12 a4 76 1b 3f e2 55 a1 e9 3d f3 14
| d3 bd ae 2a 74 71 4c 12 11 37 53 0e 39 b6 ad 2a
| aa 74 90 6a 14 00 00 24 94 2d 82 3f 3a f8 68 1c
| 3d 86 00 e7 40 6f c3 70 c0 42 08 e0 f5 08 f8 b8
| 17 de 24 21 bd ac e8 32 00 00 00 24 86 cb a7 5e
| 82 22 dc 86 30 da 1e 43 c6 b5 59 4e 74 6d a1 e3
| 42 4e ca 35 71 23 1c 00 f5 c1 1d 01
| !event_already_set at reschedule
"nss-cert" #1: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds
| event_schedule: new EVENT_RETRANSMIT-pe@0x55b14dceb378
| inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #1
| libevent_malloc: new ptr-libevent@0x55b14dce7b58 size 128
| #1 STATE_MAIN_I2: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 29928.77016
"nss-cert" #1: STATE_MAIN_I2: sent MI2, expecting MR2
| modecfg pull: noquirk policy:push not-client
| phase 1 is done, looking for phase 2 to unpend
| resume sending helper answer for #1 suppresed complete_v1_state_transition()
| #1 spent 0.314 milliseconds in resume sending helper answer
| stop processing: state #1 connection "nss-cert" from 192.1.2.23 (in resume_handler() at server.c:833)
| libevent_free: release ptr-libevent@0x7f668c002888
| spent 0.00321 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue()
| *received 396 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500)
| f2 0e e9 e8 8b aa e4 0b 20 89 2c a1 61 82 f0 e2
| 04 10 02 00 00 00 00 00 00 00 01 8c 0a 00 01 04
| dd 22 ea 75 6b 0d d6 b1 0d eb bf 70 b9 16 44 0c
| 39 01 ed 43 ed 67 83 b7 4f d6 91 c3 a9 7f 02 72
| 4b ba 1e e1 26 bf 7a 6b 39 53 f8 9c de 82 dc 8e
| 86 8e b2 c6 9b 01 30 91 79 94 7f 0d 11 5e 58 fc
| 87 bf 3d 36 d3 a4 1e 01 57 2a f0 59 b5 a6 1b b6
| 8e c6 c8 de 92 fc 2b b6 f4 77 e3 0e 91 b2 fc e8
| c3 ac 37 36 71 0f b7 5e 0a 6f 36 f8 b2 eb 51 8a
| 98 79 04 15 8d 56 8a fa d9 bf f5 6f 12 03 6c 14
| b0 76 06 d5 39 97 50 f6 13 00 9d 0c 83 62 d0 7e
| b4 3a 28 e8 e4 64 97 af cb 4a 17 41 f0 72 d7 f6
| b6 55 4f de 3f ee a9 f0 33 70 12 8e b6 50 60 7a
| ca 52 12 72 97 3e ea 3e 77 b4 28 a5 fe e4 79 6e
| d7 cd cc 19 df 8f e8 4b 60 bf bf 99 d2 70 7b 69
| cf fa e7 a1 6c 00 6d 17 b7 97 8a 04 a0 87 b1 1d
| 33 41 38 fb 81 4c 04 bb f5 fb ce f3 97 0f bf a9
| 15 a0 1d aa e8 df e1 09 ba 06 0d cb 16 f5 d0 f7
| 14 00 00 24 c5 24 b8 71 a8 c1 56 22 40 05 c6 e1
| cb 8c 64 2e 0f ba e0 c3 15 b4 36 d3 1e d4 28 47
| 08 51 ce 4d 14 00 00 24 86 cb a7 5e 82 22 dc 86
| 30 da 1e 43 c6 b5 59 4e 74 6d a1 e3 42 4e ca 35
| 71 23 1c 00 f5 c1 1d 01 00 00 00 24 94 2d 82 3f
| 3a f8 68 1c 3d 86 00 e7 40 6f c3 70 c0 42 08 e0
| f5 08 f8 b8 17 de 24 21 bd ac e8 32
| start processing: from 192.1.2.23:500 (in process_md() at demux.c:378)
| **parse ISAKMP Message:
| initiator cookie:
| f2 0e e9 e8 8b aa e4 0b
| responder cookie:
| 20 89 2c a1 61 82 f0 e2
| next payload type: ISAKMP_NEXT_KE (0x4)
| ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
| exchange type: ISAKMP_XCHG_IDPROT (0x2)
| flags: none (0x0)
| Message ID: 0 (0x0)
| length: 396 (0x18c)
| processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2)
| State DB: found IKEv1 state #1 in MAIN_I2 (find_state_ikev1)
| start processing: state #1 connection "nss-cert" from 192.1.2.23 (in process_v1_packet() at ikev1.c:1459)
| #1 is idle
| #1 idle
| got payload 0x10 (ISAKMP_NEXT_KE) needed: 0x410 opt: 0x102080
| ***parse ISAKMP Key Exchange Payload:
| next payload type: ISAKMP_NEXT_NONCE (0xa)
| length: 260 (0x104)
| got payload 0x400 (ISAKMP_NEXT_NONCE) needed: 0x400 opt: 0x102080
| ***parse ISAKMP Nonce Payload:
| next payload type: ISAKMP_NEXT_NATD_RFC (0x14)
| length: 36 (0x24)
| got payload 0x100000 (ISAKMP_NEXT_NATD_RFC) needed: 0x0 opt: 0x102080
| ***parse ISAKMP NAT-D Payload:
| next payload type: ISAKMP_NEXT_NATD_RFC (0x14)
| length: 36 (0x24)
| got payload 0x100000 (ISAKMP_NEXT_NATD_RFC) needed: 0x0 opt: 0x102080
| ***parse ISAKMP NAT-D Payload:
| next payload type: ISAKMP_NEXT_NONE (0x0)
| length: 36 (0x24)
| message 'main_inR2_outI3' HASH payload not checked early
| started looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=usage-both.testing.libreswan.org, E=user-usage-both@testing.libreswan.org->%fromcert of kind PKK_PSK
| actually looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=usage-both.testing.libreswan.org, E=user-usage-both@testing.libreswan.org->%fromcert of kind PKK_PSK
| line 0: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=usage-both.testing.libreswan.org, E=user-usage-both@testing.libreswan.org) to type PKK_RSA
| line 1: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=usage-both.testing.libreswan.org, E=user-usage-both@testing.libreswan.org) to type PKK_RSA
| concluding with best_match=000 best=(nil) (lineno=-1)
| no PreShared Key Found
| adding aggr outR1 DH work-order 2 for state #1
| state #1 requesting EVENT_RETRANSMIT to be deleted
| #1 STATE_MAIN_I2: retransmits: cleared
| libevent_free: release ptr-libevent@0x55b14dce7b58
| free_event_entry: release EVENT_RETRANSMIT-pe@0x55b14dceb378
| event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55b14dceb378
| inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1
| libevent_malloc: new ptr-libevent@0x7f668c002888 size 128
| crypto helper 2 resuming
| crypto helper 2 starting work-order 2 for state #1
| crypto helper 2 doing compute dh+iv (V1 Phase 1) (aggr outR1 DH); request ID 2
| crypto helper 2 finished compute dh+iv (V1 Phase 1) (aggr outR1 DH); request ID 2 time elapsed 0.001135 seconds
| (#1) spent 1.14 milliseconds in crypto helper computing work-order 2: aggr outR1 DH (pcr)
| crypto helper 2 sending results from work-order 2 for state #1 to event queue
| scheduling resume sending helper answer for #1
| libevent_malloc: new ptr-libevent@0x7f6684000f48 size 128
| crypto helper 2 waiting (nothing to do)
| complete v1 state transition with STF_SUSPEND
| [RE]START processing: state #1 connection "nss-cert" from 192.1.2.23 (in complete_v1_state_transition() at ikev1.c:2648)
| suspending state #1 and saving MD
| #1 is busy; has a suspended MD
| #1 spent 0.0679 milliseconds in process_packet_tail()
| stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380)
| stop processing: state #1 connection "nss-cert" from 192.1.2.23 (in process_md() at demux.c:382)
| processing: STOP connection NULL (in process_md() at demux.c:383)
| spent 0.209 milliseconds in comm_handle_cb() reading and processing packet
| processing resume sending helper answer for #1
| start processing: state #1 connection "nss-cert" from 192.1.2.23 (in resume_handler() at server.c:797)
| crypto helper 2 replies to request ID 2
| calling continuation function 0x55b14bf48b50
| main_inR2_outI3_cryptotail for #1: calculated DH, sending R1
| **emit ISAKMP Message:
| initiator cookie:
| f2 0e e9 e8 8b aa e4 0b
| responder cookie:
| 20 89 2c a1 61 82 f0 e2
| next payload type: ISAKMP_NEXT_ID (0x5)
| ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
| exchange type: ISAKMP_XCHG_IDPROT (0x2)
| flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1)
| Message ID: 0 (0x0)
| next payload chain: saving message location 'ISAKMP Message'.'next payload type'
| next payload chain: ignoring supplied 'ISAKMP Message'.'next payload type' value 5:ISAKMP_NEXT_ID
| thinking about whether to send my certificate:
| I have RSA key: OAKLEY_RSA_SIG cert.type: CERT_X509_SIGNATURE
| sendcert: CERT_ALWAYSSEND and I did not get a certificate request
| so send cert.
| I am sending a certificate request
| I will NOT send an initial contact payload
| init checking NAT-T: enabled; RFC 3947 (NAT-Traversal)
| natd_hash: hasher=0x55b14c01dca0(32)
| natd_hash: icookie= f2 0e e9 e8 8b aa e4 0b
| natd_hash: rcookie= 20 89 2c a1 61 82 f0 e2
| natd_hash: ip= c0 01 02 2d
| natd_hash: port=500
| natd_hash: hash= 86 cb a7 5e 82 22 dc 86 30 da 1e 43 c6 b5 59 4e
| natd_hash: hash= 74 6d a1 e3 42 4e ca 35 71 23 1c 00 f5 c1 1d 01
| natd_hash: hasher=0x55b14c01dca0(32)
| natd_hash: icookie= f2 0e e9 e8 8b aa e4 0b
| natd_hash: rcookie= 20 89 2c a1 61 82 f0 e2
| natd_hash: ip= c0 01 02 17
| natd_hash: port=500
| natd_hash: hash= 94 2d 82 3f 3a f8 68 1c 3d 86 00 e7 40 6f c3 70
| natd_hash: hash= c0 42 08 e0 f5 08 f8 b8 17 de 24 21 bd ac e8 32
| expected NAT-D(me): 86 cb a7 5e 82 22 dc 86 30 da 1e 43 c6 b5 59 4e
| expected NAT-D(me): 74 6d a1 e3 42 4e ca 35 71 23 1c 00 f5 c1 1d 01
| expected NAT-D(him):
| 94 2d 82 3f 3a f8 68 1c 3d 86 00 e7 40 6f c3 70
| c0 42 08 e0 f5 08 f8 b8 17 de 24 21 bd ac e8 32
| received NAT-D: 86 cb a7 5e 82 22 dc 86 30 da 1e 43 c6 b5 59 4e
| received NAT-D: 74 6d a1 e3 42 4e ca 35 71 23 1c 00 f5 c1 1d 01
| received NAT-D: 94 2d 82 3f 3a f8 68 1c 3d 86 00 e7 40 6f c3 70
| received NAT-D: c0 42 08 e0 f5 08 f8 b8 17 de 24 21 bd ac e8 32
| NAT_TRAVERSAL encaps using auto-detect
| NAT_TRAVERSAL this end is NOT behind NAT
| NAT_TRAVERSAL that end is NOT behind NAT
| NAT_TRAVERSAL nat-keepalive enabled 192.1.2.23
| NAT-Traversal: Result using RFC 3947 (NAT-Traversal) sender port 500: no NAT detected
| NAT_T_WITH_KA detected
| global one-shot timer EVENT_NAT_T_KEEPALIVE scheduled in 20 seconds
| ***emit ISAKMP Identification Payload (IPsec DOI):
| next payload type: ISAKMP_NEXT_CERT (0x6)
| ID type: ID_DER_ASN1_DN (0x9)
| Protocol ID: 0 (0x0)
| port: 0 (0x0)
| next payload chain: ignoring supplied 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' value 6:ISAKMP_NEXT_CERT
| next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID)
| next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet'
| emitting 195 raw bytes of my identity into ISAKMP Identification Payload (IPsec DOI)
| my identity 30 81 c0 31 0b 30 09 06 03 55 04 06 13 02 43 41
| my identity 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72
| my identity 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72
| my identity 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c
| my identity 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04
| my identity 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65
| my identity 6e 74 31 29 30 27 06 03 55 04 03 0c 20 75 73 61
| my identity 67 65 2d 62 6f 74 68 2e 74 65 73 74 69 6e 67 2e
| my identity 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 31 34 30
| my identity 32 06 09 2a 86 48 86 f7 0d 01 09 01 16 25 75 73
| my identity 65 72 2d 75 73 61 67 65 2d 62 6f 74 68 40 74 65
| my identity 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 6e 2e
| my identity 6f 72 67
| emitting length of ISAKMP Identification Payload (IPsec DOI): 203
"nss-cert" #1: I am sending my cert
| ***emit ISAKMP Certificate Payload:
| next payload type: ISAKMP_NEXT_CR (0x7)
| cert encoding: CERT_X509_SIGNATURE (0x4)
| next payload chain: ignoring supplied 'ISAKMP Certificate Payload'.'next payload type' value 7:ISAKMP_NEXT_CR
| next payload chain: setting previous 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' to current ISAKMP Certificate Payload (6:ISAKMP_NEXT_CERT)
| next payload chain: saving location 'ISAKMP Certificate Payload'.'next payload type' in 'reply packet'
| emitting 1242 raw bytes of CERT into ISAKMP Certificate Payload
| CERT 30 82 04 d6 30 82 04 3f a0 03 02 01 02 02 01 2d
| CERT 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30
| CERT 81 ac 31 0b 30 09 06 03 55 04 06 13 02 43 41 31
| CERT 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 69
| CERT 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 6f
| CERT 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c 69
| CERT 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 0b
| CERT 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 6e
| CERT 74 31 25 30 23 06 03 55 04 03 0c 1c 4c 69 62 72
| CERT 65 73 77 61 6e 20 74 65 73 74 20 43 41 20 66 6f
| CERT 72 20 6d 61 69 6e 63 61 31 24 30 22 06 09 2a 86
| CERT 48 86 f7 0d 01 09 01 16 15 74 65 73 74 69 6e 67
| CERT 40 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 30 22
| CERT 18 0f 32 30 31 39 30 38 32 34 30 39 30 37 35 33
| CERT 5a 18 0f 32 30 32 32 30 38 32 33 30 39 30 37 35
| CERT 33 5a 30 81 c0 31 0b 30 09 06 03 55 04 06 13 02
| CERT 43 41 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74
| CERT 61 72 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54
| CERT 6f 72 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c
| CERT 09 4c 69 62 72 65 73 77 61 6e 31 18 30 16 06 03
| CERT 55 04 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74
| CERT 6d 65 6e 74 31 29 30 27 06 03 55 04 03 0c 20 75
| CERT 73 61 67 65 2d 62 6f 74 68 2e 74 65 73 74 69 6e
| CERT 67 2e 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 31
| CERT 34 30 32 06 09 2a 86 48 86 f7 0d 01 09 01 16 25
| CERT 75 73 65 72 2d 75 73 61 67 65 2d 62 6f 74 68 40
| CERT 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 61
| CERT 6e 2e 6f 72 67 30 82 01 a2 30 0d 06 09 2a 86 48
| CERT 86 f7 0d 01 01 01 05 00 03 82 01 8f 00 30 82 01
| CERT 8a 02 82 01 81 00 fb 0c 38 12 b3 e0 b1 77 4d 8d
| CERT 52 e9 9f 45 93 6c ff f3 af 25 bf 3a de f1 e8 85
| CERT 37 a7 cc 82 ee 08 96 d8 1e 0b 8e a9 d9 82 17 bd
| CERT 8b ae da 26 d8 de 87 a1 3d 69 2b e2 59 a8 ac 6d
| CERT 17 d6 d9 ef 43 c7 74 85 ae a0 5f 10 88 40 84 65
| CERT 8c 90 7c 1c 2a 53 d2 54 9c d5 f7 00 a9 d3 58 d0
| CERT a1 78 c6 96 81 aa 66 0f 70 c6 d1 36 ef 58 9d 58
| CERT 16 73 fb 2c 00 69 05 16 53 a5 35 fa 28 e0 64 10
| CERT 60 3b d6 35 d9 c2 e0 4e 88 c2 ff 67 04 28 3e 84
| CERT 31 2c c7 d1 88 82 e4 ac 4e 96 eb 0f 2b 69 28 a6
| CERT 6c d9 23 a5 37 42 64 a8 36 36 15 7a 80 5d 7d 88
| CERT b6 aa c6 3c 33 a4 e5 81 11 34 ce 60 a4 57 13 d4
| CERT 61 99 50 2d b0 b4 13 d5 1e 50 83 d0 cf 31 e2 1c
| CERT 92 03 7b 8e 79 1f e5 23 d9 23 bf 7e 04 8b 65 9c
| CERT 5e 33 37 24 83 54 9b 1a 31 62 46 1e c6 07 16 83
| CERT 9c 2a 42 3d 78 f0 c4 0a 54 6b 8c 09 af 18 fe fe
| CERT 9a 60 30 0c f9 25 05 61 b6 3a af ec fc 0e 10 99
| CERT ec 68 da 12 49 9a 63 2f 3d af 7e 95 61 e5 7a 64
| CERT 2c a7 5a 1f 8b 6e 3c f4 c6 65 b5 0a eb bb ae 9b
| CERT 84 8b 1a 7c 10 4a 0e 80 38 71 4f 8d 99 47 61 ce
| CERT 33 7c ec ab e4 e6 42 a3 49 24 f2 eb 63 2b 2b d2
| CERT 21 c1 02 93 e3 f1 d9 47 7e 76 61 9e 36 8a 0f 9b
| CERT 2e 25 34 4f f9 46 ed 42 43 fc cc e8 d2 1a 6c 18
| CERT 43 66 91 b5 4b a9 60 48 15 f9 3d cc e3 87 c6 3f
| CERT d6 22 f0 11 43 91 02 03 01 00 01 a3 81 e9 30 81
| CERT e6 30 09 06 03 55 1d 13 04 02 30 00 30 2b 06 03
| CERT 55 1d 11 04 24 30 22 82 20 75 73 61 67 65 2d 62
| CERT 6f 74 68 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72
| CERT 65 73 77 61 6e 2e 6f 72 67 30 0b 06 03 55 1d 0f
| CERT 04 04 03 02 07 80 30 1d 06 03 55 1d 25 04 16 30
| CERT 14 06 08 2b 06 01 05 05 07 03 01 06 08 2b 06 01
| CERT 05 05 07 03 02 30 41 06 08 2b 06 01 05 05 07 01
| CERT 01 04 35 30 33 30 31 06 08 2b 06 01 05 05 07 30
| CERT 01 86 25 68 74 74 70 3a 2f 2f 6e 69 63 2e 74 65
| CERT 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 6e 2e
| CERT 6f 72 67 3a 32 35 36 30 30 3d 06 03 55 1d 1f 04
| CERT 36 30 34 30 32 a0 30 a0 2e 86 2c 68 74 74 70 3a
| CERT 2f 2f 6e 69 63 2e 74 65 73 74 69 6e 67 2e 6c 69
| CERT 62 72 65 73 77 61 6e 2e 6f 72 67 2f 72 65 76 6f
| CERT 6b 65 64 2e 63 72 6c 30 0d 06 09 2a 86 48 86 f7
| CERT 0d 01 01 0b 05 00 03 81 81 00 40 e1 06 20 0d a8
| CERT a5 48 3c a5 78 fa 49 5c 4e 04 e0 b7 16 17 db b9
| CERT 9c bb 56 6c 2c 10 e3 b0 ba 1a 70 b1 2f db 62 c2
| CERT b4 6d c9 a8 df 10 4a 76 95 51 99 8d 6d f9 3e c4
| CERT 20 52 91 a9 2e 8e 0f 5f 28 a0 d6 84 6a ca df 9d
| CERT 3b c1 f7 3f a8 27 ea 76 6b 6e 4f 55 27 12 86 6b
| CERT 4d 49 b9 87 e9 85 76 af 1f 1d 27 93 8d 56 c1 11
| CERT ea f1 bc f1 2f 37 bb 87 1a 69 2a 10 22 10 56 69
| CERT 9c 57 a5 77 69 b8 db 06 a9 17
| emitting length of ISAKMP Certificate Payload: 1247
"nss-cert" #1: I am sending a certificate request
| ***emit ISAKMP Certificate RequestPayload:
| next payload type: ISAKMP_NEXT_SIG (0x9)
| cert type: CERT_X509_SIGNATURE (0x4)
| next payload chain: ignoring supplied 'ISAKMP Certificate RequestPayload'.'next payload type' value 9:ISAKMP_NEXT_SIG
| next payload chain: setting previous 'ISAKMP Certificate Payload'.'next payload type' to current ISAKMP Certificate RequestPayload (7:ISAKMP_NEXT_CR)
| next payload chain: saving location 'ISAKMP Certificate RequestPayload'.'next payload type' in 'reply packet'
| emitting length of ISAKMP Certificate RequestPayload: 5
| started looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=usage-both.testing.libreswan.org, E=user-usage-both@testing.libreswan.org->%fromcert of kind PKK_RSA
| searching for certificate PKK_RSA:AwEAAfsMO vs PKK_RSA:AwEAAfsMO
| ***emit ISAKMP Signature Payload:
| next payload type: ISAKMP_NEXT_NONE (0x0)
| next payload chain: setting previous 'ISAKMP Certificate RequestPayload'.'next payload type' to current ISAKMP Signature Payload (9:ISAKMP_NEXT_SIG)
| next payload chain: saving location 'ISAKMP Signature Payload'.'next payload type' in 'reply packet'
| emitting 384 raw bytes of SIG_I into ISAKMP Signature Payload
| SIG_I 64 42 c5 29 44 01 26 23 e0 5a 96 cf d8 be c9 9f
| SIG_I e6 17 61 db dc 7e db 4f 79 a6 b2 b4 6c ad 5b 2c
| SIG_I 27 e0 1d 38 b2 db b4 e9 4f 59 8d 68 98 eb d2 9d
| SIG_I 7a d7 2e fd 25 b8 b6 8b 85 07 07 05 e5 15 c3 cd
| SIG_I 5c 66 70 be 06 e8 c6 59 61 9f 96 2e 3e 66 79 c1
| SIG_I e9 c1 b7 37 c4 de 49 92 e5 29 5b c2 16 81 83 b2
| SIG_I ca 93 8e 61 8d 20 0c 71 30 f8 6c 93 ed e6 08 fa
| SIG_I e4 ce 89 63 cb 61 7a 45 74 3f c0 b4 5f 00 cf b7
| SIG_I 77 08 db 3c b8 9e cf d3 33 f0 3f 22 b0 f6 e7 01
| SIG_I 8e 45 86 15 c9 fb f0 f3 35 8c 47 00 d9 75 7a 03
| SIG_I 9c 97 c1 67 ab 5b 0c 25 f4 5e 85 84 8c af 1f 5a
| SIG_I 30 e8 38 0f 98 f0 19 2a a2 1a 01 8f 54 3b 16 24
| SIG_I 23 90 0b eb de 39 44 d3 85 a5 29 d1 98 a5 6d 10
| SIG_I ca ff d7 82 cc 7a b6 03 b5 90 01 76 30 aa 8b b0
| SIG_I 39 ce c0 0b 84 5d 7a 62 35 8c c9 15 68 20 95 c6
| SIG_I 5d 22 c2 61 b2 0b fe ea d9 f4 31 54 de 5b 94 6b
| SIG_I fc 05 7c 3b 3e 24 91 dd 53 6d 6a 32 74 e7 ad c5
| SIG_I a1 b7 b7 52 6a 38 d0 c2 96 bb b8 a7 fe 72 48 52
| SIG_I 0d 97 c2 b4 ad 69 3e be a7 d7 5c fc e2 25 01 3a
| SIG_I 47 13 e8 d0 ed 66 a6 e2 7e f1 00 68 f1 1b 10 f7
| SIG_I d6 ec 7a d2 f7 65 7a 17 00 30 5a 43 0b 71 36 13
| SIG_I b1 70 f7 39 88 07 f0 71 30 2d 37 ff fd ac e7 21
| SIG_I b3 df 19 b6 5e 07 89 21 0c a5 38 65 0f 99 72 31
| SIG_I 70 ae f7 d8 6b 56 55 0a 05 8d 1d 09 a5 d8 98 22
| emitting length of ISAKMP Signature Payload: 388
| Not sending INITIAL_CONTACT
| emitting 13 zero bytes of encryption padding into ISAKMP Message
| no IKEv1 message padding required
| emitting length of ISAKMP Message: 1884
| complete v1 state transition with STF_OK
| [RE]START processing: state #1 connection "nss-cert" from 192.1.2.23 (in complete_v1_state_transition() at ikev1.c:2673)
| #1 is idle
| doing_xauth:no, t_xauth_client_done:no
| IKEv1: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
| parent state #1: MAIN_I2(open IKE SA) => MAIN_I3(open IKE SA)
| event_already_set, deleting event
| state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted
| libevent_free: release ptr-libevent@0x7f668c002888
| free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55b14dceb378
| sending reply packet to 192.1.2.23:500 (from 192.1.2.45:500)
| sending 1884 bytes for STATE_MAIN_I2 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1)
| f2 0e e9 e8 8b aa e4 0b 20 89 2c a1 61 82 f0 e2
| 05 10 02 01 00 00 00 00 00 00 07 5c a1 0a b3 e8
| 31 90 3a 58 07 9c 6c 74 2c 07 7e e5 8e 59 b3 df
| aa 88 74 7f 9e a6 47 95 84 1b d2 f9 6b cf 9c e2
| a3 cc 5e 69 dd 27 09 26 e4 70 e2 a6 d0 ea 3b 46
| 07 75 3f a3 3e f0 60 92 79 55 1f 39 69 aa 6f 40
| d9 4b ea 5d 52 70 f3 29 6c a9 09 50 43 ba 1d e8
| ac 57 c5 f9 db bd 4c b9 76 47 86 c3 c0 55 b0 d8
| b2 97 b7 2c b4 79 ce 09 65 ae ce 7a 72 66 fa 7f
| 92 c5 5d fd 1d 80 bb 9a 7c 9c 84 09 a8 56 11 0b
| 31 7c 99 53 4e 15 10 a1 5f ee f4 23 dc 3a 9f 8d
| 7f fd b6 7b fe 9e 2b f7 b9 f0 2f e9 5d 0c 50 8c
| 8e 27 cf 32 99 03 e1 df 21 5f 4f 7a e2 35 79 e8
| a7 96 1f eb 45 4f a9 76 5e 3a 3c 3f 86 42 9d 4c
| 19 94 ac dd 88 7f d8 2e 31 71 b1 ec 39 51 5e ed
| 7d c3 20 91 5d 83 4c 4e bb bf 12 3f fd 47 59 ba
| 69 a0 76 a6 65 7a de f8 75 65 80 27 66 b1 f1 ea
| 91 80 e8 2d 41 dd a0 bc 30 21 a4 0f 03 71 09 66
| 92 0f c7 d2 63 f7 ac 96 6a 68 82 a1 ce 81 5d 21
| c8 11 a8 ed fa c9 3e ed 2a 24 5a 29 f8 1f ca 95
| 55 20 94 82 f0 55 ac 97 87 45 fc 08 3b 71 8d 67
| 72 2f a2 ae 31 c4 08 d2 d8 bf 2a ca 2f e2 a1 94
| 41 ea f3 ca 21 97 5f df 32 51 00 be 2f b4 a3 ac
| 0d 12 b6 a7 d5 1b da 5f 5f e9 84 23 e0 d7 e0 41
| 17 16 6e 86 d2 0b 49 26 8a d8 6d 92 00 0a 44 4d
| c7 f0 49 2a b4 3f f9 88 0c bf 07 11 7d 87 d0 db
| 79 cf cd 6a 17 1d cd a6 30 40 20 ab 89 02 69 20
| 01 1c 07 5a 69 b9 28 82 56 b5 2d 7f ab 51 b7 ac
| 5a 67 95 cb da 67 8d 4a a0 68 e2 0d 4f a4 92 2a
| 65 6e 14 4c 19 1a 09 4e 6e c9 67 8a 09 58 2c 78
| 33 6a da 8a 51 9c 31 58 2e 49 c8 73 59 5e 15 49
| 39 bc 88 c6 cc f5 f4 fe fe cd 0c 49 6f 06 9c e9
| 15 0c ce 41 f1 e2 4c f6 7a 7a 28 ae 38 19 41 3f
| d2 83 a8 e8 92 07 7e 69 eb cd 1d 0d 74 76 82 19
| 11 34 27 3e 58 22 fc 9e 4a 94 49 4a a2 32 0b 48
| 11 2a 73 21 bc f2 59 ad 82 ce 24 36 3b 6e 4e b5
| 39 d4 45 4d 72 a6 63 72 60 6c b5 f1 1d a3 94 a4
| c8 5d b9 b8 c1 3d 5d af 6b fe 6b 43 ad eb 03 4c
| 20 5d a1 57 87 41 30 bd 2b 37 04 5f 75 c5 61 56
| e8 ef ce 4f 11 85 53 57 7e fa 47 28 c3 c7 72 77
| 4c c9 dd 93 10 85 f3 a1 63 54 49 ca 72 72 d2 25
| 0c 56 0a 41 39 3d af 44 5e 46 bd 75 30 3f 0b 75
| de b7 09 ce 92 4e cf 12 30 ab cf 60 1d 44 9d fc
| 05 25 e9 ed 1b 2c 1e ee 05 1e 5d 1f e3 6f 40 79
| 64 2b 49 b3 1f 61 84 7c c6 a3 9d 07 f0 86 26 4d
| 79 c4 45 b4 c2 0e 97 be 2f d3 3d 46 34 d3 6b 3d
| 3d 87 e7 93 0b a3 bc 8b b3 42 4e 5a fa 42 a2 06
| 5a b7 91 c8 e6 cb ab ba 4a 38 8d ae bb f3 75 86
| 4a 02 84 77 70 14 e4 87 99 89 ae d6 48 a5 70 de
| 4b 92 67 fe 9d c5 cc a5 1b 0a c3 d1 75 c3 02 d9
| 7e 29 4c 2f 16 b0 3c 3a d3 e4 47 97 44 da b2 8f
| 28 42 08 69 0f 53 ab 38 39 c0 c3 d8 8f c5 aa 79
| c5 ff 2e 31 c6 f9 2c d1 d6 7d 6e d3 bd 3d 99 25
| 2f a7 2b ea 47 2f 5a c4 e8 39 33 f1 28 b8 a0 59
| 18 40 d8 f1 dc 0f 22 f8 a1 37 4f 5b 34 8d a1 23
| 0f 9e 95 0c 84 b0 29 ca 48 c3 df 31 09 a0 7c 01
| 9d 6c f3 cc 7d 6d 39 9a 88 89 8b 93 e3 a6 b8 4a
| 32 84 9a ee 9f ca 49 50 da 3f 14 f5 e4 82 49 c5
| a5 6c 96 00 84 c8 78 98 b7 35 38 4c 1a b1 3b 10
| cd 01 34 cb f8 75 13 4e 92 1a 23 1a aa ca 33 4f
| 71 85 37 03 72 3b 77 e0 f0 e7 b0 1a 79 ec d0 33
| ea 0f 3b 87 48 64 d0 57 1b 85 15 ce b6 ac df 6f
| 5c 1d 49 93 51 bb ed ef e1 24 40 6e c3 e0 c5 c8
| e5 de a6 9b 05 a2 4f 01 e7 0c 50 67 45 35 ed 75
| e1 84 fe 16 4d 04 31 0a 9a 36 e8 6c c3 7f 45 d3
| 8a 50 9f 19 b5 cf 33 0e 39 aa 05 be 42 72 f7 53
| 8d dd e3 8c 16 5f ee ef 5d 7e a0 dd a3 94 3a 1b
| 96 e3 55 d3 4d f3 18 01 9c 48 a9 f0 85 82 f6 dd
| d0 e3 c9 5f 3d 64 9d 9c 9c c4 ac f6 8c ea ef c6
| 10 ac 67 4d 07 f0 b2 73 84 b6 31 09 9b 77 53 71
| 49 98 36 ef a8 3a b6 9b ed 6d 44 06 29 6e 7a c1
| db a2 43 9c c1 87 0b 37 34 6c 33 3b d5 78 e8 40
| b6 fe b9 f5 ae fd f4 a5 ec 3c 1b 55 9d f5 e7 5f
| 9d ae db f9 ca 04 50 87 9e 49 b1 58 25 3f ca f5
| 17 23 f7 3b d6 d9 10 8d 24 b2 59 4c f6 6a 3b 77
| 3a 74 d5 22 0f 65 dd aa 4d 16 30 b1 0f 9e 97 8a
| de b4 74 5a 4a 6c 05 78 a2 a3 3c 10 6a 54 75 f8
| ef 3a 5c 80 62 f8 7c c2 00 84 a1 1e e8 ab 44 f6
| 1d b0 6f d7 05 71 60 48 fa a6 af 81 1e 5f f8 19
| ba cf 70 53 d7 fd d3 5f 12 c8 9f 25 87 d8 c3 39
| 91 ff 39 c0 88 5d b9 45 b1 21 e1 b2 e9 a3 68 6e
| 67 9a a1 b5 f7 83 4c 24 df 49 f0 4e e9 3a 74 9c
| 42 50 37 7c 9e 51 0d d1 91 3c f0 b3 62 63 3d 03
| af 14 6e 05 36 d9 27 2d 2a 17 9e 31 17 9f 38 0a
| e7 f8 b5 18 4e f3 49 7a 3f 9b 78 63 a7 ba a0 39
| 09 d6 eb 5f b3 55 64 32 86 9b ff ef e5 73 d5 99
| 3f 30 49 3d 72 fc 3a 0f 53 5c 0c cb 81 54 a9 43
| 22 57 12 89 78 07 81 b0 b5 e6 0c a8 60 db 49 86
| 09 b9 a6 da e8 68 b3 6b 2b 81 bc 2e 51 e3 5b 48
| c7 aa 77 5f 13 46 d5 65 6a 9e cf 18 24 e7 c5 b7
| 37 2a 32 08 f8 0b c4 cc 39 9f 52 81 15 1d b6 c4
| f0 52 be 6b 4e 3e 71 c0 00 a4 dd 50 53 69 b9 3f
| 07 fa 27 12 65 3f dd 06 df d6 e3 bf 7c 55 b0 ea
| 3f 57 90 db 58 63 e8 1c 84 db 72 d4 28 ee 9d 09
| bd e7 43 96 83 0f b2 8c 91 8e af 2d d0 be 5d 11
| d8 ce 03 b0 3d 83 6e 70 6e 2f 46 b2 86 85 bf cf
| f2 01 7d 25 27 8f 90 64 f1 ff 43 db b8 02 33 8a
| a6 da 22 ee 16 91 16 24 51 69 e0 de bd fc 81 2b
| 3e 46 8b 0d ac 3b da 6e d7 60 5b 05 3e ee c3 ef
| 27 ba c6 68 89 02 4d 4d 3c 7b 9b 82 e7 d8 b3 1f
| 3e f2 54 42 d8 bd b9 e0 d2 77 49 84 3b 2f 40 35
| 96 88 f3 89 b1 08 a2 f9 ae 17 76 14 10 3e cc ca
| df ac 87 07 fd 93 04 55 6f 19 37 dc 75 0c 49 d8
| 4d b8 1f a7 2f 48 ce 69 53 3a aa ea be 3a f4 de
| 63 5b 0a 25 5f 4d f4 ee 4c 3c 56 ff 22 64 04 bb
| 0b 55 77 5a a2 df 6c 0b c6 83 e2 03 23 42 65 1c
| 01 f3 2b c6 11 1e 48 b3 e4 ae db c0 1a 72 10 4f
| df a2 0c 57 8e 2b 1b ba fe 1e 21 dc 59 1f fa 53
| 6e c2 27 1b 82 b2 49 49 67 48 3d c6 9f cf 43 1a
| b6 5b 93 ee 84 c6 e9 27 33 01 eb 45 99 69 37 fe
| f4 95 6f 6c 27 02 56 bd 63 6c bc 58 6e 21 19 45
| 7c 00 fd 2a 26 50 54 60 ba 73 ff ac 97 81 a8 a4
| 74 ff 40 b7 0b d8 49 ac dd c5 79 1b c8 47 a5 f7
| a0 3f 48 e3 ce 97 39 df c2 af d5 f1 f0 5c 6c 41
| b3 7d fc d7 c4 20 ac 0e e0 0f a9 7b d7 38 75 66
| 10 23 35 af 3f b6 00 b1 90 ca fd 92 e3 b8 f0 6d
| 7c a5 2a 08 65 98 c1 42 5a a3 07 a9 a4 1a d9 15
| 81 87 3a f5 35 5c e1 f8 86 45 14 8e
| !event_already_set at reschedule
"nss-cert" #1: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds
| event_schedule: new EVENT_RETRANSMIT-pe@0x55b14dceb378
| inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #1
| libevent_malloc: new ptr-libevent@0x55b14dcea488 size 128
| #1 STATE_MAIN_I3: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 29928.791458
"nss-cert" #1: STATE_MAIN_I3: sent MI3, expecting MR3
| modecfg pull: noquirk policy:push not-client
| phase 1 is done, looking for phase 2 to unpend
| resume sending helper answer for #1 suppresed complete_v1_state_transition()
| #1 spent 10.7 milliseconds in resume sending helper answer
| stop processing: state #1 connection "nss-cert" from 192.1.2.23 (in resume_handler() at server.c:833)
| libevent_free: release ptr-libevent@0x7f6684000f48
| spent 0.00194 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue()
| *received 76 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500)
| f2 0e e9 e8 8b aa e4 0b 20 89 2c a1 61 82 f0 e2
| 08 10 05 01 c8 ef ae de 00 00 00 4c 95 81 34 05
| 76 5b 7b cb a3 c1 75 e4 cb 6b 45 f4 76 66 bb e9
| 9d 05 78 dd 99 78 7f 8f 5a 42 a0 b6 94 83 cd d6
| ca c4 4b 4c ee 20 26 67 97 60 f9 fe
| start processing: from 192.1.2.23:500 (in process_md() at demux.c:378)
| **parse ISAKMP Message:
| initiator cookie:
| f2 0e e9 e8 8b aa e4 0b
| responder cookie:
| 20 89 2c a1 61 82 f0 e2
| next payload type: ISAKMP_NEXT_HASH (0x8)
| ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
| exchange type: ISAKMP_XCHG_INFO (0x5)
| flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1)
| Message ID: 3371151070 (0xc8efaede)
| length: 76 (0x4c)
| processing version=1.0 packet with exchange type=ISAKMP_XCHG_INFO (5)
| peer and cookies match on #1; msgid=00000000 st_msgid=00000000 st_msgid_phase15=00000000
| p15 state object #1 found, in STATE_MAIN_I3
| State DB: found IKEv1 state #1 in MAIN_I3 (find_v1_info_state)
| start processing: state #1 connection "nss-cert" from 192.1.2.23 (in process_v1_packet() at ikev1.c:1479)
| #1 is idle
| #1 idle
| received encrypted packet from 192.1.2.23:500
| got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x100 opt: 0x0
| ***parse ISAKMP Hash Payload:
| next payload type: ISAKMP_NEXT_N (0xb)
| length: 36 (0x24)
| got payload 0x800 (ISAKMP_NEXT_N) needed: 0x0 opt: 0x0
| ***parse ISAKMP Notification Payload:
| next payload type: ISAKMP_NEXT_NONE (0x0)
| length: 12 (0xc)
| DOI: ISAKMP_DOI_IPSEC (0x1)
| protocol ID: 1 (0x1)
| SPI size: 0 (0x0)
| Notify Message Type: INVALID_ID_INFORMATION (0x12)
| informational HASH(1):
| fe be 6e 26 a4 29 b6 54 19 f3 25 71 c5 88 f4 bc
| 46 47 64 76 f0 71 55 62 49 ef ce 0f 17 9f b1 2e
| received 'informational' message HASH(1) data ok
"nss-cert" #1: ignoring informational payload INVALID_ID_INFORMATION, msgid=00000000, length=12
| ISAKMP Notification Payload
| 00 00 00 0c 00 00 00 01 01 00 00 12
| info:
| processing informational INVALID_ID_INFORMATION (18)
"nss-cert" #1: received and ignored notification payload: INVALID_ID_INFORMATION
| complete v1 state transition with STF_IGNORE
| #1 spent 0.011 milliseconds in process_packet_tail()
| stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380)
| stop processing: state #1 connection "nss-cert" from 192.1.2.23 (in process_md() at demux.c:382)
| processing: STOP connection NULL (in process_md() at demux.c:383)
| spent 0.172 milliseconds in comm_handle_cb() reading and processing packet
| processing global timer EVENT_SHUNT_SCAN
| expiring aged bare shunts from shunt table
| spent 0.00403 milliseconds in global timer EVENT_SHUNT_SCAN
| processing global timer EVENT_NAT_T_KEEPALIVE
| FOR_EACH_STATE_... in nat_traversal_ka_event (for_each_state)
| start processing: state #1 connection "nss-cert" from 192.1.2.23 (in for_each_state() at state.c:1575)
| not behind NAT: no NAT-T KEEP-ALIVE required for conn nss-cert
| stop processing: state #1 connection "nss-cert" from 192.1.2.23 (in for_each_state() at state.c:1577)
| spent 0.0183 milliseconds in global timer EVENT_NAT_T_KEEPALIVE