FIPS Product: YES
FIPS Kernel: NO
FIPS Mode: NO
NSS DB directory: sql:/etc/ipsec.d
Initializing NSS
Opening NSS database "sql:/etc/ipsec.d" read-only
NSS initialized
NSS crypto library initialized
FIPS HMAC integrity support [enabled]
FIPS mode disabled for pluto daemon
FIPS HMAC integrity verification self-test FAILED
libcap-ng support [enabled]
Linux audit support [enabled]
Linux audit activated
Starting Pluto (Libreswan Version v3.28-685-gbfd5aef521-master-s2 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:23773
core dump dir: /run/pluto
secrets file: /etc/ipsec.secrets
leak-detective enabled
NSS crypto [enabled]
XAUTH PAM support [enabled]
| libevent is using pluto's memory allocator
Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800)
| libevent_malloc: new ptr-libevent@0x55b14dc894d8 size 40
| libevent_malloc: new ptr-libevent@0x55b14dc89458 size 40
| libevent_malloc: new ptr-libevent@0x55b14dc893d8 size 40
| creating event base
| libevent_malloc: new ptr-libevent@0x55b14dc7b008 size 56
| libevent_malloc: new ptr-libevent@0x55b14dc04dd8 size 664
| libevent_malloc: new ptr-libevent@0x55b14dcc3af8 size 24
| libevent_malloc: new ptr-libevent@0x55b14dcc3b48 size 384
| libevent_malloc: new ptr-libevent@0x55b14dcc3ab8 size 16
| libevent_malloc: new ptr-libevent@0x55b14dc89358 size 40
| libevent_malloc: new ptr-libevent@0x55b14dc892d8 size 48
| libevent_realloc: new ptr-libevent@0x55b14dc04a68 size 256
| libevent_malloc: new ptr-libevent@0x55b14dcc3cf8 size 16
| libevent_free: release ptr-libevent@0x55b14dc7b008
| libevent initialized
| libevent_realloc: new ptr-libevent@0x55b14dc7b008 size 64
| global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds
| init_nat_traversal() initialized with keep_alive=0s
NAT-Traversal support  [enabled]
| global one-shot timer EVENT_NAT_T_KEEPALIVE initialized
| global one-shot timer EVENT_FREE_ROOT_CERTS initialized
| global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds
| global one-shot timer EVENT_REVIVE_CONNS initialized
| global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds
| global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds
Encryption algorithms:
  AES_CCM_16              IKEv1:     ESP     IKEv2:     ESP     FIPS  {256,192,*128}  aes_ccm, aes_ccm_c
  AES_CCM_12              IKEv1:     ESP     IKEv2:     ESP     FIPS  {256,192,*128}  aes_ccm_b
  AES_CCM_8               IKEv1:     ESP     IKEv2:     ESP     FIPS  {256,192,*128}  aes_ccm_a
  3DES_CBC                IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS  [*192]  3des
  CAMELLIA_CTR            IKEv1:     ESP     IKEv2:     ESP           {256,192,*128}
  CAMELLIA_CBC            IKEv1: IKE ESP     IKEv2: IKE ESP           {256,192,*128}  camellia
  AES_GCM_16              IKEv1:     ESP     IKEv2: IKE ESP     FIPS  {256,192,*128}  aes_gcm, aes_gcm_c
  AES_GCM_12              IKEv1:     ESP     IKEv2: IKE ESP     FIPS  {256,192,*128}  aes_gcm_b
  AES_GCM_8               IKEv1:     ESP     IKEv2: IKE ESP     FIPS  {256,192,*128}  aes_gcm_a
  AES_CTR                 IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS  {256,192,*128}  aesctr
  AES_CBC                 IKEv1: IKE ESP     IKEv2: IKE ESP     FIPS  {256,192,*128}  aes
  SERPENT_CBC             IKEv1: IKE ESP     IKEv2: IKE ESP           {256,192,*128}  serpent
  TWOFISH_CBC             IKEv1: IKE ESP     IKEv2: IKE ESP           {256,192,*128}  twofish
  TWOFISH_SSH             IKEv1: IKE         IKEv2: IKE ESP           {256,192,*128}  twofish_cbc_ssh
  NULL_AUTH_AES_GMAC      IKEv1:     ESP     IKEv2:     ESP     FIPS  {256,192,*128}  aes_gmac
  NULL                    IKEv1:     ESP     IKEv2:     ESP           []
  CHACHA20_POLY1305       IKEv1:             IKEv2: IKE ESP           [*256]  chacha20poly1305
Hash algorithms:
  MD5                     IKEv1: IKE         IKEv2:                 
  SHA1                    IKEv1: IKE         IKEv2:             FIPS  sha
  SHA2_256                IKEv1: IKE         IKEv2:             FIPS  sha2, sha256
  SHA2_384                IKEv1: IKE         IKEv2:             FIPS  sha384
  SHA2_512                IKEv1: IKE         IKEv2:             FIPS  sha512
PRF algorithms:
  HMAC_MD5                IKEv1: IKE         IKEv2: IKE               md5
  HMAC_SHA1               IKEv1: IKE         IKEv2: IKE         FIPS  sha, sha1
  HMAC_SHA2_256           IKEv1: IKE         IKEv2: IKE         FIPS  sha2, sha256, sha2_256
  HMAC_SHA2_384           IKEv1: IKE         IKEv2: IKE         FIPS  sha384, sha2_384
  HMAC_SHA2_512           IKEv1: IKE         IKEv2: IKE         FIPS  sha512, sha2_512
  AES_XCBC                IKEv1:             IKEv2: IKE               aes128_xcbc
Integrity algorithms:
  HMAC_MD5_96             IKEv1: IKE ESP AH  IKEv2: IKE ESP AH        md5, hmac_md5
  HMAC_SHA1_96            IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  sha, sha1, sha1_96, hmac_sha1
  HMAC_SHA2_512_256       IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  sha512, sha2_512, sha2_512_256, hmac_sha2_512
  HMAC_SHA2_384_192       IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  sha384, sha2_384, sha2_384_192, hmac_sha2_384
  HMAC_SHA2_256_128       IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256
  HMAC_SHA2_256_TRUNCBUG  IKEv1:     ESP AH  IKEv2:         AH      
  AES_XCBC_96             IKEv1:     ESP AH  IKEv2: IKE ESP AH        aes_xcbc, aes128_xcbc, aes128_xcbc_96
  AES_CMAC_96             IKEv1:     ESP AH  IKEv2:     ESP AH  FIPS  aes_cmac
  NONE                    IKEv1:     ESP     IKEv2: IKE ESP     FIPS  null
DH algorithms:
  NONE                    IKEv1:             IKEv2: IKE ESP AH  FIPS  null, dh0
  MODP1536                IKEv1: IKE ESP AH  IKEv2: IKE ESP AH        dh5
  MODP2048                IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  dh14
  MODP3072                IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  dh15
  MODP4096                IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  dh16
  MODP6144                IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  dh17
  MODP8192                IKEv1: IKE ESP AH  IKEv2: IKE ESP AH  FIPS  dh18
  DH19                    IKEv1: IKE         IKEv2: IKE ESP AH  FIPS  ecp_256, ecp256
  DH20                    IKEv1: IKE         IKEv2: IKE ESP AH  FIPS  ecp_384, ecp384
  DH21                    IKEv1: IKE         IKEv2: IKE ESP AH  FIPS  ecp_521, ecp521
  DH31                    IKEv1: IKE         IKEv2: IKE ESP AH        curve25519
testing CAMELLIA_CBC:
  Camellia: 16 bytes with 128-bit key
  Camellia: 16 bytes with 128-bit key
  Camellia: 16 bytes with 256-bit key
  Camellia: 16 bytes with 256-bit key
testing AES_GCM_16:
  empty string
  one block
  two blocks
  two blocks with associated data
testing AES_CTR:
  Encrypting 16 octets using AES-CTR with 128-bit key
  Encrypting 32 octets using AES-CTR with 128-bit key
  Encrypting 36 octets using AES-CTR with 128-bit key
  Encrypting 16 octets using AES-CTR with 192-bit key
  Encrypting 32 octets using AES-CTR with 192-bit key
  Encrypting 36 octets using AES-CTR with 192-bit key
  Encrypting 16 octets using AES-CTR with 256-bit key
  Encrypting 32 octets using AES-CTR with 256-bit key
  Encrypting 36 octets using AES-CTR with 256-bit key
testing AES_CBC:
  Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key
  Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key
  Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key
  Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key
testing AES_XCBC:
  RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input
  RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input
  RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input
  RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input
  RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input
  RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input
  RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input
  RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16)
  RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10)
  RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18)
testing HMAC_MD5:
  RFC 2104: MD5_HMAC test 1
  RFC 2104: MD5_HMAC test 2
  RFC 2104: MD5_HMAC test 3
8 CPU cores online
starting up 7 crypto helpers
started thread for crypto helper 0
started thread for crypto helper 1
| starting up helper thread 1
| status value returned by setting the priority of this thread (crypto helper 1) 22
started thread for crypto helper 2
| starting up helper thread 2
| crypto helper 1 waiting (nothing to do)
| status value returned by setting the priority of this thread (crypto helper 2) 22
| crypto helper 2 waiting (nothing to do)
started thread for crypto helper 3
| starting up helper thread 3
| status value returned by setting the priority of this thread (crypto helper 3) 22
| crypto helper 3 waiting (nothing to do)
started thread for crypto helper 4
| starting up helper thread 4
| status value returned by setting the priority of this thread (crypto helper 4) 22
| crypto helper 4 waiting (nothing to do)
started thread for crypto helper 5
| starting up helper thread 5
| status value returned by setting the priority of this thread (crypto helper 5) 22
| crypto helper 5 waiting (nothing to do)
started thread for crypto helper 6
| starting up helper thread 6
| status value returned by setting the priority of this thread (crypto helper 6) 22
| crypto helper 6 waiting (nothing to do)
| checking IKEv1 state table
|   MAIN_R0: category: half-open IKE SA flags: 0:
|     -> MAIN_R1 EVENT_SO_DISCARD
|   MAIN_I1: category: half-open IKE SA flags: 0:
|     -> MAIN_I2 EVENT_RETRANSMIT
|   MAIN_R1: category: open IKE SA flags: 200:
|     -> MAIN_R2 EVENT_RETRANSMIT
|     -> UNDEFINED EVENT_RETRANSMIT
|     -> UNDEFINED EVENT_RETRANSMIT
|   MAIN_I2: category: open IKE SA flags: 0:
|     -> MAIN_I3 EVENT_RETRANSMIT
|     -> UNDEFINED EVENT_RETRANSMIT
|     -> UNDEFINED EVENT_RETRANSMIT
|   MAIN_R2: category: open IKE SA flags: 0:
|     -> MAIN_R3 EVENT_SA_REPLACE
|     -> MAIN_R3 EVENT_SA_REPLACE
|     -> UNDEFINED EVENT_SA_REPLACE
|   MAIN_I3: category: open IKE SA flags: 0:
|     -> MAIN_I4 EVENT_SA_REPLACE
|     -> MAIN_I4 EVENT_SA_REPLACE
|     -> UNDEFINED EVENT_SA_REPLACE
|   MAIN_R3: category: established IKE SA flags: 200:
|     -> UNDEFINED EVENT_NULL
|   MAIN_I4: category: established IKE SA flags: 0:
|     -> UNDEFINED EVENT_NULL
|   AGGR_R0: category: half-open IKE SA flags: 0:
|     -> AGGR_R1 EVENT_SO_DISCARD
|   AGGR_I1: category: half-open IKE SA flags: 0:
|     -> AGGR_I2 EVENT_SA_REPLACE
|     -> AGGR_I2 EVENT_SA_REPLACE
|   AGGR_R1: category: open IKE SA flags: 200:
|     -> AGGR_R2 EVENT_SA_REPLACE
|     -> AGGR_R2 EVENT_SA_REPLACE
|   AGGR_I2: category: established IKE SA flags: 200:
|     -> UNDEFINED EVENT_NULL
|   AGGR_R2: category: established IKE SA flags: 0:
|     -> UNDEFINED EVENT_NULL
|   QUICK_R0: category: established CHILD SA flags: 0:
|     -> QUICK_R1 EVENT_RETRANSMIT
|   QUICK_I1: category: established CHILD SA flags: 0:
|     -> QUICK_I2 EVENT_SA_REPLACE
|   QUICK_R1: category: established CHILD SA flags: 0:
|     -> QUICK_R2 EVENT_SA_REPLACE
|   QUICK_I2: category: established CHILD SA flags: 200:
|     -> UNDEFINED EVENT_NULL
|   QUICK_R2: category: established CHILD SA flags: 0:
|     -> UNDEFINED EVENT_NULL
|   INFO: category: informational flags: 0:
|     -> UNDEFINED EVENT_NULL
|   INFO_PROTECTED: category: informational flags: 0:
|     -> UNDEFINED EVENT_NULL
|   XAUTH_R0: category: established IKE SA flags: 0:
|     -> XAUTH_R1 EVENT_NULL
|   XAUTH_R1: category: established IKE SA flags: 0:
|     -> MAIN_R3 EVENT_SA_REPLACE
|   MODE_CFG_R0: category: informational flags: 0:
|     -> MODE_CFG_R1 EVENT_SA_REPLACE
|   MODE_CFG_R1: category: established IKE SA flags: 0:
|     -> MODE_CFG_R2 EVENT_SA_REPLACE
|   MODE_CFG_R2: category: established IKE SA flags: 0:
|     -> UNDEFINED EVENT_NULL
|   MODE_CFG_I1: category: established IKE SA flags: 0:
|     -> MAIN_I4 EVENT_SA_REPLACE
|   XAUTH_I0: category: established IKE SA flags: 0:
|     -> XAUTH_I1 EVENT_RETRANSMIT
|   XAUTH_I1: category: established IKE SA flags: 0:
|     -> MAIN_I4 EVENT_RETRANSMIT
| checking IKEv2 state table
|   PARENT_I0: category: ignore flags: 0:
|     -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT)
|   PARENT_I1: category: half-open IKE SA flags: 0:
|     -> PARENT_I1 EVENT_RETAIN send-request (Initiator: process SA_INIT reply notification)
|     -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH)
|   PARENT_I2: category: open IKE SA flags: 0:
|     -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification)
|     -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification)
|     -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification)
|     -> V2_IPSEC_I EVENT_SA_REPLACE (Initiator: process IKE_AUTH response)
|     -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification)
|   PARENT_I3: category: established IKE SA flags: 0:
|     -> PARENT_I3 EVENT_RETAIN (I3: Informational Request)
|     -> PARENT_I3 EVENT_RETAIN (I3: Informational Response)
|     -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Request)
|     -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Response)
|   PARENT_R0: category: half-open IKE SA flags: 0:
|     -> PARENT_R1 EVENT_SO_DISCARD send-request (Respond to IKE_SA_INIT)
|   PARENT_R1: category: half-open IKE SA flags: 0:
|     -> PARENT_R1 EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request (no SKEYSEED))
|     -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request)
|   PARENT_R2: category: established IKE SA flags: 0:
|     -> PARENT_R2 EVENT_RETAIN (R2: process Informational Request)
|     -> PARENT_R2 EVENT_RETAIN (R2: process Informational Response)
|     -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Request)
|     -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Response)
|   V2_CREATE_I0: category: established IKE SA flags: 0:
|     -> V2_CREATE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA)
|   V2_CREATE_I: category: established IKE SA flags: 0:
|     -> V2_IPSEC_I EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response)
|   V2_REKEY_IKE_I0: category: established IKE SA flags: 0:
|     -> V2_REKEY_IKE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey)
|   V2_REKEY_IKE_I: category: established IKE SA flags: 0:
|     -> PARENT_I3 EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response)
|   V2_REKEY_CHILD_I0: category: established IKE SA flags: 0:
|     -> V2_REKEY_CHILD_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA)
|   V2_REKEY_CHILD_I: category: established IKE SA flags: 0: <none>
|   V2_CREATE_R: category: established IKE SA flags: 0:
|     -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IPsec SA Request)
|   V2_REKEY_IKE_R: category: established IKE SA flags: 0:
|     -> PARENT_R2 EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IKE Rekey)
|   V2_REKEY_CHILD_R: category: established IKE SA flags: 0: <none>
|   V2_IPSEC_I: category: established CHILD SA flags: 0: <none>
|   V2_IPSEC_R: category: established CHILD SA flags: 0: <none>
|   IKESA_DEL: category: established IKE SA flags: 0:
|     -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL)
|   CHILDSA_DEL: category: informational flags: 0: <none>
Using Linux XFRM/NETKEY IPsec interface code on 5.1.18-200.fc29.x86_64
| Hard-wiring algorithms
| adding AES_CCM_16 to kernel algorithm db
| adding AES_CCM_12 to kernel algorithm db
| adding AES_CCM_8 to kernel algorithm db
| adding 3DES_CBC to kernel algorithm db
| adding CAMELLIA_CBC to kernel algorithm db
| adding AES_GCM_16 to kernel algorithm db
| adding AES_GCM_12 to kernel algorithm db
| adding AES_GCM_8 to kernel algorithm db
| adding AES_CTR to kernel algorithm db
| adding AES_CBC to kernel algorithm db
| adding SERPENT_CBC to kernel algorithm db
| adding TWOFISH_CBC to kernel algorithm db
| adding NULL_AUTH_AES_GMAC to kernel algorithm db
| adding NULL to kernel algorithm db
| adding CHACHA20_POLY1305 to kernel algorithm db
| adding HMAC_MD5_96 to kernel algorithm db
| adding HMAC_SHA1_96 to kernel algorithm db
| adding HMAC_SHA2_512_256 to kernel algorithm db
| adding HMAC_SHA2_384_192 to kernel algorithm db
| adding HMAC_SHA2_256_128 to kernel algorithm db
| adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db
| adding AES_XCBC_96 to kernel algorithm db
| adding AES_CMAC_96 to kernel algorithm db
| adding NONE to kernel algorithm db
| net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes
| global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds
| setup kernel fd callback
| add_fd_read_event_handler: new KERNEL_XRM_FD-pe@0x55b14dc831f8
| libevent_malloc: new ptr-libevent@0x55b14dcc2268 size 128
| libevent_malloc: new ptr-libevent@0x55b14dcc92f8 size 16
| add_fd_read_event_handler: new KERNEL_ROUTE_FD-pe@0x55b14dcc9288
| libevent_malloc: new ptr-libevent@0x55b14dc7bcb8 size 128
| libevent_malloc: new ptr-libevent@0x55b14dcc8f58 size 16
| global one-shot timer EVENT_CHECK_CRLS initialized
selinux support is enabled.
| unbound context created - setting debug level to 5
| /etc/hosts lookups activated
| /etc/resolv.conf usage activated
| outgoing-port-avoid set 0-65535
| outgoing-port-permit set 32768-60999
| Loading dnssec root key from:/var/lib/unbound/root.key
| No additional dnssec trust anchors defined via dnssec-trusted= option
| Setting up events, loop start
| add_fd_read_event_handler: new PLUTO_CTL_FD-pe@0x55b14dcc9728
| libevent_malloc: new ptr-libevent@0x55b14dcd5608 size 128
| libevent_malloc: new ptr-libevent@0x55b14dce08f8 size 16
| libevent_realloc: new ptr-libevent@0x55b14dce0938 size 256
| libevent_malloc: new ptr-libevent@0x55b14dce0a68 size 8
| libevent_realloc: new ptr-libevent@0x55b14dce0aa8 size 144
| libevent_malloc: new ptr-libevent@0x55b14dc877c8 size 152
| libevent_malloc: new ptr-libevent@0x55b14dce0b68 size 16
| signal event handler PLUTO_SIGCHLD installed
| libevent_malloc: new ptr-libevent@0x55b14dce0ba8 size 8
| libevent_malloc: new ptr-libevent@0x55b14dc05498 size 152
| signal event handler PLUTO_SIGTERM installed
| libevent_malloc: new ptr-libevent@0x55b14dce0be8 size 8
| libevent_malloc: new ptr-libevent@0x55b14dce0c28 size 152
| signal event handler PLUTO_SIGHUP installed
| libevent_malloc: new ptr-libevent@0x55b14dce0cf8 size 8
| libevent_realloc: release ptr-libevent@0x55b14dce0aa8
| libevent_realloc: new ptr-libevent@0x55b14dce0d38 size 256
| libevent_malloc: new ptr-libevent@0x55b14dce0e68 size 152
| signal event handler PLUTO_SIGSYS installed
| created addconn helper (pid:23966) using fork+execve
| forked child 23966
| accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722)
listening for IKE messages
| Inspecting interface lo 
| found lo with address 127.0.0.1
| Inspecting interface eth0 
| found eth0 with address 192.0.1.254
| Inspecting interface eth1 
| found eth1 with address 192.1.2.45
Kernel supports NIC esp-hw-offload
adding interface eth1/eth1 (esp-hw-offload not supported by kernel) 192.1.2.45:500
| NAT-Traversal: Trying sockopt style NAT-T
| NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4
adding interface eth1/eth1 192.1.2.45:4500
adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.0.1.254:500
| NAT-Traversal: Trying sockopt style NAT-T
| NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4
adding interface eth0/eth0 192.0.1.254:4500
adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500
| NAT-Traversal: Trying sockopt style NAT-T
| NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4
adding interface lo/lo 127.0.0.1:4500
| no interfaces to sort
| FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations
| add_fd_read_event_handler: new ethX-pe@0x55b14dce1448
| libevent_malloc: new ptr-libevent@0x55b14dcd5558 size 128
| libevent_malloc: new ptr-libevent@0x55b14dce14b8 size 16
| setup callback for interface lo 127.0.0.1:4500 fd 22
| add_fd_read_event_handler: new ethX-pe@0x55b14dce14f8
| libevent_malloc: new ptr-libevent@0x55b14dc7bd68 size 128
| libevent_malloc: new ptr-libevent@0x55b14dce1568 size 16
| setup callback for interface lo 127.0.0.1:500 fd 21
| add_fd_read_event_handler: new ethX-pe@0x55b14dce15a8
| libevent_malloc: new ptr-libevent@0x55b14dc7b688 size 128
| libevent_malloc: new ptr-libevent@0x55b14dce1618 size 16
| setup callback for interface eth0 192.0.1.254:4500 fd 20
| add_fd_read_event_handler: new ethX-pe@0x55b14dce1658
| libevent_malloc: new ptr-libevent@0x55b14dc82f48 size 128
| libevent_malloc: new ptr-libevent@0x55b14dce16c8 size 16
| setup callback for interface eth0 192.0.1.254:500 fd 19
| add_fd_read_event_handler: new ethX-pe@0x55b14dce1708
| libevent_malloc: new ptr-libevent@0x55b14dc83048 size 128
| libevent_malloc: new ptr-libevent@0x55b14dce1778 size 16
| setup callback for interface eth1 192.1.2.45:4500 fd 18
| add_fd_read_event_handler: new ethX-pe@0x55b14dce17b8
| libevent_malloc: new ptr-libevent@0x55b14dc83148 size 128
| libevent_malloc: new ptr-libevent@0x55b14dce1828 size 16
| setup callback for interface eth1 192.1.2.45:500 fd 17
| certs and keys locked by 'free_preshared_secrets'
| certs and keys unlocked by 'free_preshared_secrets'
loading secrets from "/etc/ipsec.secrets"
| saving Modulus
| saving PublicExponent
| ignoring PrivateExponent
| ignoring Prime1
| ignoring Prime2
| ignoring Exponent1
| ignoring Exponent2
| ignoring Coefficient
| ignoring CKAIDNSS
| computed rsa CKAID  b4 9f 1a ac  9e 45 6e 79  29 c8 81 97  3a 0c 6a d3
| computed rsa CKAID  7f 0f 03 50
loaded private key for keyid: PKK_RSA:AQOm9dY/4
| certs and keys locked by 'process_secret'
| certs and keys unlocked by 'process_secret'
| close_any(fd@16) (in whack_process() at rcv_whack.c:700)
| spent 0.663 milliseconds in whack
| starting up helper thread 0
| status value returned by setting the priority of this thread (crypto helper 0) 22
| crypto helper 0 waiting (nothing to do)
| accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722)
listening for IKE messages
| Inspecting interface lo 
| found lo with address 127.0.0.1
| Inspecting interface eth0 
| found eth0 with address 192.0.1.254
| Inspecting interface eth1 
| found eth1 with address 192.1.2.45
| no interfaces to sort
| libevent_free: release ptr-libevent@0x55b14dcd5558
| free_event_entry: release EVENT_NULL-pe@0x55b14dce1448
| add_fd_read_event_handler: new ethX-pe@0x55b14dce1448
| libevent_malloc: new ptr-libevent@0x55b14dcd5558 size 128
| setup callback for interface lo 127.0.0.1:4500 fd 22
| libevent_free: release ptr-libevent@0x55b14dc7bd68
| free_event_entry: release EVENT_NULL-pe@0x55b14dce14f8
| add_fd_read_event_handler: new ethX-pe@0x55b14dce14f8
| libevent_malloc: new ptr-libevent@0x55b14dc7bd68 size 128
| setup callback for interface lo 127.0.0.1:500 fd 21
| libevent_free: release ptr-libevent@0x55b14dc7b688
| free_event_entry: release EVENT_NULL-pe@0x55b14dce15a8
| add_fd_read_event_handler: new ethX-pe@0x55b14dce15a8
| libevent_malloc: new ptr-libevent@0x55b14dc7b688 size 128
| setup callback for interface eth0 192.0.1.254:4500 fd 20
| libevent_free: release ptr-libevent@0x55b14dc82f48
| free_event_entry: release EVENT_NULL-pe@0x55b14dce1658
| add_fd_read_event_handler: new ethX-pe@0x55b14dce1658
| libevent_malloc: new ptr-libevent@0x55b14dc82f48 size 128
| setup callback for interface eth0 192.0.1.254:500 fd 19
| libevent_free: release ptr-libevent@0x55b14dc83048
| free_event_entry: release EVENT_NULL-pe@0x55b14dce1708
| add_fd_read_event_handler: new ethX-pe@0x55b14dce1708
| libevent_malloc: new ptr-libevent@0x55b14dc83048 size 128
| setup callback for interface eth1 192.1.2.45:4500 fd 18
| libevent_free: release ptr-libevent@0x55b14dc83148
| free_event_entry: release EVENT_NULL-pe@0x55b14dce17b8
| add_fd_read_event_handler: new ethX-pe@0x55b14dce17b8
| libevent_malloc: new ptr-libevent@0x55b14dc83148 size 128
| setup callback for interface eth1 192.1.2.45:500 fd 17
| certs and keys locked by 'free_preshared_secrets'
forgetting secrets
| certs and keys unlocked by 'free_preshared_secrets'
loading secrets from "/etc/ipsec.secrets"
| saving Modulus
| saving PublicExponent
| ignoring PrivateExponent
| ignoring Prime1
| ignoring Prime2
| ignoring Exponent1
| ignoring Exponent2
| ignoring Coefficient
| ignoring CKAIDNSS
| computed rsa CKAID  b4 9f 1a ac  9e 45 6e 79  29 c8 81 97  3a 0c 6a d3
| computed rsa CKAID  7f 0f 03 50
loaded private key for keyid: PKK_RSA:AQOm9dY/4
| certs and keys locked by 'process_secret'
| certs and keys unlocked by 'process_secret'
| close_any(fd@16) (in whack_process() at rcv_whack.c:700)
| spent 0.433 milliseconds in whack
| processing signal PLUTO_SIGCHLD
| waitpid returned pid 23966 (exited with status 0)
| reaped addconn helper child (status 0)
| waitpid returned ECHILD (no child processes left)
| spent 0.0132 milliseconds in signal handler PLUTO_SIGCHLD
| accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722)
| FOR_EACH_CONNECTION_... in conn_by_name
| FOR_EACH_CONNECTION_... in foreach_connection_by_alias
| FOR_EACH_CONNECTION_... in conn_by_name
| FOR_EACH_CONNECTION_... in foreach_connection_by_alias
| FOR_EACH_CONNECTION_... in conn_by_name
| Added new connection nss-cert with policy ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO
| No AUTH policy was set - defaulting to RSASIG
| setting ID to ID_DER_ASN1_DN: 'E=user-usage-both@testing.libreswan.org,CN=usage-both.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA'
| loading left certificate 'usage-both' pubkey
| get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55b14dce38f8
| get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55b14dce38a8
| get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55b14dce3858
| unreference key: 0x55b14dce3948 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=usage-both.testing.libreswan.org, E=user-usage-both@testing.libreswan.org cnt 1--
| certs and keys locked by 'lsw_add_rsa_secret'
| certs and keys unlocked by 'lsw_add_rsa_secret'
| counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=usage-both.testing.libreswan.org, E=user-usage-both@testing.libreswan.org is 0
| counting wild cards for %fromcert is 0
| connect_to_host_pair: 192.1.2.45:500 192.1.2.23:500 -> hp@(nil): none
| new hp@0x55b14dce8018
added connection description "nss-cert"
| ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO
| 192.0.1.254/32===192.1.2.45<192.1.2.45>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=usage-both.testing.libreswan.org, E=user-usage-both@testing.libreswan.org]...192.1.2.23<192.1.2.23>[%fromcert]===192.0.2.254/32
| close_any(fd@16) (in whack_process() at rcv_whack.c:700)
| spent 1.16 milliseconds in whack
| accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722)
| FOR_EACH_CONNECTION_... in show_connections_status
| FOR_EACH_CONNECTION_... in show_connections_status
| FOR_EACH_STATE_... in show_states_status (sort_states)
| close_any(fd@16) (in whack_process() at rcv_whack.c:700)
| spent 0.32 milliseconds in whack
| accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722)
| old debugging base+cpu-usage + none
| base debugging = base+cpu-usage
| old impairing none + suppress-retransmits
| base impairing = suppress-retransmits
| close_any(fd@16) (in whack_process() at rcv_whack.c:700)
| spent 0.0514 milliseconds in whack
| accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722)
| dup_any(fd@16) -> fd@23 (in whack_process() at rcv_whack.c:590)
| FOR_EACH_CONNECTION_... in conn_by_name
| start processing: connection "nss-cert" (in initiate_a_connection() at initiate.c:186)
| empty esp_info, returning defaults for ENCRYPT
| connection 'nss-cert' +POLICY_UP
| dup_any(fd@23) -> fd@24 (in initiate_a_connection() at initiate.c:342)
| FOR_EACH_STATE_... in find_phase1_state
| creating state object #1 at 0x55b14dce83c8
| State DB: adding IKEv1 state #1 in UNDEFINED
| pstats #1 ikev1.isakmp started
| suspend processing: connection "nss-cert" (in main_outI1() at ikev1_main.c:118)
| start processing: state #1 connection "nss-cert" from 192.1.2.23 (in main_outI1() at ikev1_main.c:118)
| parent state #1: UNDEFINED(ignore) => MAIN_I1(half-open IKE SA)
| dup_any(fd@24) -> fd@25 (in main_outI1() at ikev1_main.c:123)
| Queuing pending IPsec SA negotiating with 192.1.2.23 "nss-cert" IKE SA #1 "nss-cert"
"nss-cert" #1: initiating Main Mode
| **emit ISAKMP Message:
|    initiator cookie:
|   f2 0e e9 e8  8b aa e4 0b
|    responder cookie:
|   00 00 00 00  00 00 00 00
|    next payload type: ISAKMP_NEXT_SA (0x1)
|    ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
|    exchange type: ISAKMP_XCHG_IDPROT (0x2)
|    flags: none (0x0)
|    Message ID: 0 (0x0)
| next payload chain: saving message location 'ISAKMP Message'.'next payload type'
| next payload chain: ignoring supplied 'ISAKMP Message'.'next payload type' value 1:ISAKMP_NEXT_SA
| no specific IKE algorithms specified - using defaults
| oakley_alg_makedb() processing ealg=aes=7 halg=sha2_256=4 modp=MODP2048=14 eklen=0
| oakley_alg_makedb() processing ealg=aes=7 halg=sha2_512=6 modp=MODP2048=14 eklen=0
| oakley_alg_makedb() processing ealg=aes=7 halg=sha=2 modp=MODP2048=14 eklen=0
| oakley_alg_makedb() processing ealg=aes=7 halg=sha2_256=4 modp=MODP1536=5 eklen=0
| oakley_alg_makedb() processing ealg=aes=7 halg=sha2_512=6 modp=MODP1536=5 eklen=0
| oakley_alg_makedb() processing ealg=aes=7 halg=sha=2 modp=MODP1536=5 eklen=0
| oakley_alg_makedb() processing ealg=3des_cbc=5 halg=sha2_256=4 modp=MODP2048=14 eklen=0
| oakley_alg_makedb() processing ealg=3des_cbc=5 halg=sha2_512=6 modp=MODP2048=14 eklen=0
| oakley_alg_makedb() processing ealg=3des_cbc=5 halg=sha=2 modp=MODP2048=14 eklen=0
| oakley_alg_makedb() processing ealg=3des_cbc=5 halg=sha2_256=4 modp=MODP1536=5 eklen=0
| oakley_alg_makedb() processing ealg=3des_cbc=5 halg=sha2_512=6 modp=MODP1536=5 eklen=0
| oakley_alg_makedb() processing ealg=3des_cbc=5 halg=sha=2 modp=MODP1536=5 eklen=0
| oakley_alg_makedb() returning 0x55b14dcea828
| ***emit ISAKMP Security Association Payload:
|    next payload type: ISAKMP_NEXT_VID (0xd)
|    DOI: ISAKMP_DOI_IPSEC (0x1)
| next payload chain: ignoring supplied 'ISAKMP Security Association Payload'.'next payload type' value 13:ISAKMP_NEXT_VID
| next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Security Association Payload (1:ISAKMP_NEXT_SA)
| next payload chain: saving location 'ISAKMP Security Association Payload'.'next payload type' in 'reply packet'
| ****emit IPsec DOI SIT:
|    IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1)
| ikev1_out_sa pcn: 0 has 1 valid proposals
| ikev1_out_sa pcn: 0 pn: 0<1 valid_count: 1 trans_cnt: 18
| ****emit ISAKMP Proposal Payload:
|    next payload type: ISAKMP_NEXT_NONE (0x0)
|    proposal number: 0 (0x0)
|    protocol ID: PROTO_ISAKMP (0x1)
|    SPI size: 0 (0x0)
|    number of transforms: 18 (0x12)
| last substructure: saving location 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type'
| *****emit ISAKMP Transform Payload (ISAKMP):
|    next payload type: ISAKMP_NEXT_T (0x3)
|    ISAKMP transform number: 0 (0x0)
|    ISAKMP transform ID: KEY_IKE (0x1)
| last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type'
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_LIFE_TYPE (0x800b)
|    length/value: 1 (0x1)
|     [1 is OAKLEY_LIFE_SECONDS]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c)
|    length/value: 3600 (0xe10)
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001)
|    length/value: 7 (0x7)
|     [7 is OAKLEY_AES_CBC]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002)
|    length/value: 4 (0x4)
|     [4 is OAKLEY_SHA2_256]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003)
|    length/value: 3 (0x3)
|     [3 is OAKLEY_RSA_SIG]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004)
|    length/value: 14 (0xe)
|     [14 is OAKLEY_GROUP_MODP2048]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_KEY_LENGTH (0x800e)
|    length/value: 256 (0x100)
| emitting length of ISAKMP Transform Payload (ISAKMP): 36
| *****emit ISAKMP Transform Payload (ISAKMP):
|    next payload type: ISAKMP_NEXT_T (0x3)
|    ISAKMP transform number: 1 (0x1)
|    ISAKMP transform ID: KEY_IKE (0x1)
| last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3)
| last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type'
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_LIFE_TYPE (0x800b)
|    length/value: 1 (0x1)
|     [1 is OAKLEY_LIFE_SECONDS]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c)
|    length/value: 3600 (0xe10)
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001)
|    length/value: 7 (0x7)
|     [7 is OAKLEY_AES_CBC]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002)
|    length/value: 4 (0x4)
|     [4 is OAKLEY_SHA2_256]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003)
|    length/value: 3 (0x3)
|     [3 is OAKLEY_RSA_SIG]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004)
|    length/value: 14 (0xe)
|     [14 is OAKLEY_GROUP_MODP2048]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_KEY_LENGTH (0x800e)
|    length/value: 128 (0x80)
| emitting length of ISAKMP Transform Payload (ISAKMP): 36
| *****emit ISAKMP Transform Payload (ISAKMP):
|    next payload type: ISAKMP_NEXT_T (0x3)
|    ISAKMP transform number: 2 (0x2)
|    ISAKMP transform ID: KEY_IKE (0x1)
| last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3)
| last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type'
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_LIFE_TYPE (0x800b)
|    length/value: 1 (0x1)
|     [1 is OAKLEY_LIFE_SECONDS]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c)
|    length/value: 3600 (0xe10)
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001)
|    length/value: 7 (0x7)
|     [7 is OAKLEY_AES_CBC]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002)
|    length/value: 6 (0x6)
|     [6 is OAKLEY_SHA2_512]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003)
|    length/value: 3 (0x3)
|     [3 is OAKLEY_RSA_SIG]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004)
|    length/value: 14 (0xe)
|     [14 is OAKLEY_GROUP_MODP2048]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_KEY_LENGTH (0x800e)
|    length/value: 256 (0x100)
| emitting length of ISAKMP Transform Payload (ISAKMP): 36
| *****emit ISAKMP Transform Payload (ISAKMP):
|    next payload type: ISAKMP_NEXT_T (0x3)
|    ISAKMP transform number: 3 (0x3)
|    ISAKMP transform ID: KEY_IKE (0x1)
| last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3)
| last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type'
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_LIFE_TYPE (0x800b)
|    length/value: 1 (0x1)
|     [1 is OAKLEY_LIFE_SECONDS]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c)
|    length/value: 3600 (0xe10)
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001)
|    length/value: 7 (0x7)
|     [7 is OAKLEY_AES_CBC]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002)
|    length/value: 6 (0x6)
|     [6 is OAKLEY_SHA2_512]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003)
|    length/value: 3 (0x3)
|     [3 is OAKLEY_RSA_SIG]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004)
|    length/value: 14 (0xe)
|     [14 is OAKLEY_GROUP_MODP2048]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_KEY_LENGTH (0x800e)
|    length/value: 128 (0x80)
| emitting length of ISAKMP Transform Payload (ISAKMP): 36
| *****emit ISAKMP Transform Payload (ISAKMP):
|    next payload type: ISAKMP_NEXT_T (0x3)
|    ISAKMP transform number: 4 (0x4)
|    ISAKMP transform ID: KEY_IKE (0x1)
| last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3)
| last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type'
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_LIFE_TYPE (0x800b)
|    length/value: 1 (0x1)
|     [1 is OAKLEY_LIFE_SECONDS]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c)
|    length/value: 3600 (0xe10)
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001)
|    length/value: 7 (0x7)
|     [7 is OAKLEY_AES_CBC]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002)
|    length/value: 2 (0x2)
|     [2 is OAKLEY_SHA1]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003)
|    length/value: 3 (0x3)
|     [3 is OAKLEY_RSA_SIG]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004)
|    length/value: 14 (0xe)
|     [14 is OAKLEY_GROUP_MODP2048]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_KEY_LENGTH (0x800e)
|    length/value: 256 (0x100)
| emitting length of ISAKMP Transform Payload (ISAKMP): 36
| *****emit ISAKMP Transform Payload (ISAKMP):
|    next payload type: ISAKMP_NEXT_T (0x3)
|    ISAKMP transform number: 5 (0x5)
|    ISAKMP transform ID: KEY_IKE (0x1)
| last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3)
| last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type'
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_LIFE_TYPE (0x800b)
|    length/value: 1 (0x1)
|     [1 is OAKLEY_LIFE_SECONDS]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c)
|    length/value: 3600 (0xe10)
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001)
|    length/value: 7 (0x7)
|     [7 is OAKLEY_AES_CBC]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002)
|    length/value: 2 (0x2)
|     [2 is OAKLEY_SHA1]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003)
|    length/value: 3 (0x3)
|     [3 is OAKLEY_RSA_SIG]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004)
|    length/value: 14 (0xe)
|     [14 is OAKLEY_GROUP_MODP2048]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_KEY_LENGTH (0x800e)
|    length/value: 128 (0x80)
| emitting length of ISAKMP Transform Payload (ISAKMP): 36
| *****emit ISAKMP Transform Payload (ISAKMP):
|    next payload type: ISAKMP_NEXT_T (0x3)
|    ISAKMP transform number: 6 (0x6)
|    ISAKMP transform ID: KEY_IKE (0x1)
| last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3)
| last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type'
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_LIFE_TYPE (0x800b)
|    length/value: 1 (0x1)
|     [1 is OAKLEY_LIFE_SECONDS]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c)
|    length/value: 3600 (0xe10)
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001)
|    length/value: 7 (0x7)
|     [7 is OAKLEY_AES_CBC]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002)
|    length/value: 4 (0x4)
|     [4 is OAKLEY_SHA2_256]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003)
|    length/value: 3 (0x3)
|     [3 is OAKLEY_RSA_SIG]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004)
|    length/value: 5 (0x5)
|     [5 is OAKLEY_GROUP_MODP1536]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_KEY_LENGTH (0x800e)
|    length/value: 256 (0x100)
| emitting length of ISAKMP Transform Payload (ISAKMP): 36
| *****emit ISAKMP Transform Payload (ISAKMP):
|    next payload type: ISAKMP_NEXT_T (0x3)
|    ISAKMP transform number: 7 (0x7)
|    ISAKMP transform ID: KEY_IKE (0x1)
| last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3)
| last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type'
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_LIFE_TYPE (0x800b)
|    length/value: 1 (0x1)
|     [1 is OAKLEY_LIFE_SECONDS]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c)
|    length/value: 3600 (0xe10)
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001)
|    length/value: 7 (0x7)
|     [7 is OAKLEY_AES_CBC]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002)
|    length/value: 4 (0x4)
|     [4 is OAKLEY_SHA2_256]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003)
|    length/value: 3 (0x3)
|     [3 is OAKLEY_RSA_SIG]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004)
|    length/value: 5 (0x5)
|     [5 is OAKLEY_GROUP_MODP1536]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_KEY_LENGTH (0x800e)
|    length/value: 128 (0x80)
| emitting length of ISAKMP Transform Payload (ISAKMP): 36
| *****emit ISAKMP Transform Payload (ISAKMP):
|    next payload type: ISAKMP_NEXT_T (0x3)
|    ISAKMP transform number: 8 (0x8)
|    ISAKMP transform ID: KEY_IKE (0x1)
| last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3)
| last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type'
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_LIFE_TYPE (0x800b)
|    length/value: 1 (0x1)
|     [1 is OAKLEY_LIFE_SECONDS]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c)
|    length/value: 3600 (0xe10)
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001)
|    length/value: 7 (0x7)
|     [7 is OAKLEY_AES_CBC]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002)
|    length/value: 6 (0x6)
|     [6 is OAKLEY_SHA2_512]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003)
|    length/value: 3 (0x3)
|     [3 is OAKLEY_RSA_SIG]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004)
|    length/value: 5 (0x5)
|     [5 is OAKLEY_GROUP_MODP1536]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_KEY_LENGTH (0x800e)
|    length/value: 256 (0x100)
| emitting length of ISAKMP Transform Payload (ISAKMP): 36
| *****emit ISAKMP Transform Payload (ISAKMP):
|    next payload type: ISAKMP_NEXT_T (0x3)
|    ISAKMP transform number: 9 (0x9)
|    ISAKMP transform ID: KEY_IKE (0x1)
| last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3)
| last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type'
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_LIFE_TYPE (0x800b)
|    length/value: 1 (0x1)
|     [1 is OAKLEY_LIFE_SECONDS]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c)
|    length/value: 3600 (0xe10)
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001)
|    length/value: 7 (0x7)
|     [7 is OAKLEY_AES_CBC]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002)
|    length/value: 6 (0x6)
|     [6 is OAKLEY_SHA2_512]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003)
|    length/value: 3 (0x3)
|     [3 is OAKLEY_RSA_SIG]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004)
|    length/value: 5 (0x5)
|     [5 is OAKLEY_GROUP_MODP1536]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_KEY_LENGTH (0x800e)
|    length/value: 128 (0x80)
| emitting length of ISAKMP Transform Payload (ISAKMP): 36
| *****emit ISAKMP Transform Payload (ISAKMP):
|    next payload type: ISAKMP_NEXT_T (0x3)
|    ISAKMP transform number: 10 (0xa)
|    ISAKMP transform ID: KEY_IKE (0x1)
| last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3)
| last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type'
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_LIFE_TYPE (0x800b)
|    length/value: 1 (0x1)
|     [1 is OAKLEY_LIFE_SECONDS]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c)
|    length/value: 3600 (0xe10)
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001)
|    length/value: 7 (0x7)
|     [7 is OAKLEY_AES_CBC]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002)
|    length/value: 2 (0x2)
|     [2 is OAKLEY_SHA1]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003)
|    length/value: 3 (0x3)
|     [3 is OAKLEY_RSA_SIG]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004)
|    length/value: 5 (0x5)
|     [5 is OAKLEY_GROUP_MODP1536]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_KEY_LENGTH (0x800e)
|    length/value: 256 (0x100)
| emitting length of ISAKMP Transform Payload (ISAKMP): 36
| *****emit ISAKMP Transform Payload (ISAKMP):
|    next payload type: ISAKMP_NEXT_T (0x3)
|    ISAKMP transform number: 11 (0xb)
|    ISAKMP transform ID: KEY_IKE (0x1)
| last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3)
| last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type'
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_LIFE_TYPE (0x800b)
|    length/value: 1 (0x1)
|     [1 is OAKLEY_LIFE_SECONDS]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c)
|    length/value: 3600 (0xe10)
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001)
|    length/value: 7 (0x7)
|     [7 is OAKLEY_AES_CBC]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002)
|    length/value: 2 (0x2)
|     [2 is OAKLEY_SHA1]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003)
|    length/value: 3 (0x3)
|     [3 is OAKLEY_RSA_SIG]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004)
|    length/value: 5 (0x5)
|     [5 is OAKLEY_GROUP_MODP1536]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_KEY_LENGTH (0x800e)
|    length/value: 128 (0x80)
| emitting length of ISAKMP Transform Payload (ISAKMP): 36
| *****emit ISAKMP Transform Payload (ISAKMP):
|    next payload type: ISAKMP_NEXT_T (0x3)
|    ISAKMP transform number: 12 (0xc)
|    ISAKMP transform ID: KEY_IKE (0x1)
| last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3)
| last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type'
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_LIFE_TYPE (0x800b)
|    length/value: 1 (0x1)
|     [1 is OAKLEY_LIFE_SECONDS]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c)
|    length/value: 3600 (0xe10)
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001)
|    length/value: 5 (0x5)
|     [5 is OAKLEY_3DES_CBC]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002)
|    length/value: 4 (0x4)
|     [4 is OAKLEY_SHA2_256]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003)
|    length/value: 3 (0x3)
|     [3 is OAKLEY_RSA_SIG]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004)
|    length/value: 14 (0xe)
|     [14 is OAKLEY_GROUP_MODP2048]
| emitting length of ISAKMP Transform Payload (ISAKMP): 32
| *****emit ISAKMP Transform Payload (ISAKMP):
|    next payload type: ISAKMP_NEXT_T (0x3)
|    ISAKMP transform number: 13 (0xd)
|    ISAKMP transform ID: KEY_IKE (0x1)
| last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3)
| last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type'
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_LIFE_TYPE (0x800b)
|    length/value: 1 (0x1)
|     [1 is OAKLEY_LIFE_SECONDS]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c)
|    length/value: 3600 (0xe10)
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001)
|    length/value: 5 (0x5)
|     [5 is OAKLEY_3DES_CBC]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002)
|    length/value: 6 (0x6)
|     [6 is OAKLEY_SHA2_512]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003)
|    length/value: 3 (0x3)
|     [3 is OAKLEY_RSA_SIG]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004)
|    length/value: 14 (0xe)
|     [14 is OAKLEY_GROUP_MODP2048]
| emitting length of ISAKMP Transform Payload (ISAKMP): 32
| *****emit ISAKMP Transform Payload (ISAKMP):
|    next payload type: ISAKMP_NEXT_T (0x3)
|    ISAKMP transform number: 14 (0xe)
|    ISAKMP transform ID: KEY_IKE (0x1)
| last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3)
| last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type'
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_LIFE_TYPE (0x800b)
|    length/value: 1 (0x1)
|     [1 is OAKLEY_LIFE_SECONDS]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c)
|    length/value: 3600 (0xe10)
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001)
|    length/value: 5 (0x5)
|     [5 is OAKLEY_3DES_CBC]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002)
|    length/value: 2 (0x2)
|     [2 is OAKLEY_SHA1]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003)
|    length/value: 3 (0x3)
|     [3 is OAKLEY_RSA_SIG]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004)
|    length/value: 14 (0xe)
|     [14 is OAKLEY_GROUP_MODP2048]
| emitting length of ISAKMP Transform Payload (ISAKMP): 32
| *****emit ISAKMP Transform Payload (ISAKMP):
|    next payload type: ISAKMP_NEXT_T (0x3)
|    ISAKMP transform number: 15 (0xf)
|    ISAKMP transform ID: KEY_IKE (0x1)
| last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3)
| last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type'
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_LIFE_TYPE (0x800b)
|    length/value: 1 (0x1)
|     [1 is OAKLEY_LIFE_SECONDS]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c)
|    length/value: 3600 (0xe10)
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001)
|    length/value: 5 (0x5)
|     [5 is OAKLEY_3DES_CBC]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002)
|    length/value: 4 (0x4)
|     [4 is OAKLEY_SHA2_256]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003)
|    length/value: 3 (0x3)
|     [3 is OAKLEY_RSA_SIG]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004)
|    length/value: 5 (0x5)
|     [5 is OAKLEY_GROUP_MODP1536]
| emitting length of ISAKMP Transform Payload (ISAKMP): 32
| *****emit ISAKMP Transform Payload (ISAKMP):
|    next payload type: ISAKMP_NEXT_T (0x3)
|    ISAKMP transform number: 16 (0x10)
|    ISAKMP transform ID: KEY_IKE (0x1)
| last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3)
| last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type'
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_LIFE_TYPE (0x800b)
|    length/value: 1 (0x1)
|     [1 is OAKLEY_LIFE_SECONDS]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c)
|    length/value: 3600 (0xe10)
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001)
|    length/value: 5 (0x5)
|     [5 is OAKLEY_3DES_CBC]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002)
|    length/value: 6 (0x6)
|     [6 is OAKLEY_SHA2_512]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003)
|    length/value: 3 (0x3)
|     [3 is OAKLEY_RSA_SIG]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004)
|    length/value: 5 (0x5)
|     [5 is OAKLEY_GROUP_MODP1536]
| emitting length of ISAKMP Transform Payload (ISAKMP): 32
| *****emit ISAKMP Transform Payload (ISAKMP):
|    next payload type: ISAKMP_NEXT_NONE (0x0)
|    ISAKMP transform number: 17 (0x11)
|    ISAKMP transform ID: KEY_IKE (0x1)
| last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3)
| last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type'
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_LIFE_TYPE (0x800b)
|    length/value: 1 (0x1)
|     [1 is OAKLEY_LIFE_SECONDS]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c)
|    length/value: 3600 (0xe10)
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001)
|    length/value: 5 (0x5)
|     [5 is OAKLEY_3DES_CBC]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002)
|    length/value: 2 (0x2)
|     [2 is OAKLEY_SHA1]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003)
|    length/value: 3 (0x3)
|     [3 is OAKLEY_RSA_SIG]
| ******emit ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004)
|    length/value: 5 (0x5)
|     [5 is OAKLEY_GROUP_MODP1536]
| emitting length of ISAKMP Transform Payload (ISAKMP): 32
| emitting length of ISAKMP Proposal Payload: 632
| last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is 0
| emitting length of ISAKMP Security Association Payload: 644
| last substructure: checking 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' is 0
| out_vid(): sending [FRAGMENTATION]
| ***emit ISAKMP Vendor ID Payload:
|    next payload type: ISAKMP_NEXT_VID (0xd)
| next payload chain: ignoring supplied 'ISAKMP Vendor ID Payload'.'next payload type' value 13:ISAKMP_NEXT_VID
| next payload chain: setting previous 'ISAKMP Security Association Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID)
| next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet'
| emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload
| V_ID  40 48 b7 d5  6e bc e8 85  25 e7 de 7f  00 d6 c2 d3
| emitting length of ISAKMP Vendor ID Payload: 20
| out_vid(): sending [Dead Peer Detection]
| ***emit ISAKMP Vendor ID Payload:
|    next payload type: ISAKMP_NEXT_NONE (0x0)
| next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID)
| next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet'
| emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload
| V_ID  af ca d7 13  68 a1 f1 c9  6b 86 96 fc  77 57 01 00
| emitting length of ISAKMP Vendor ID Payload: 20
| nat add vid
| sending draft and RFC NATT VIDs
| out_vid(): sending [RFC 3947]
| ***emit ISAKMP Vendor ID Payload:
|    next payload type: ISAKMP_NEXT_VID (0xd)
| next payload chain: ignoring supplied 'ISAKMP Vendor ID Payload'.'next payload type' value 13:ISAKMP_NEXT_VID
| next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID)
| next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet'
| emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload
| V_ID  4a 13 1c 81  07 03 58 45  5c 57 28 f2  0e 95 45 2f
| emitting length of ISAKMP Vendor ID Payload: 20
| skipping VID_NATT_RFC
| out_vid(): sending [draft-ietf-ipsec-nat-t-ike-03]
| ***emit ISAKMP Vendor ID Payload:
|    next payload type: ISAKMP_NEXT_VID (0xd)
| next payload chain: ignoring supplied 'ISAKMP Vendor ID Payload'.'next payload type' value 13:ISAKMP_NEXT_VID
| next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID)
| next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet'
| emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload
| V_ID  7d 94 19 a6  53 10 ca 6f  2c 17 9d 92  15 52 9d 56
| emitting length of ISAKMP Vendor ID Payload: 20
| out_vid(): sending [draft-ietf-ipsec-nat-t-ike-02_n]
| ***emit ISAKMP Vendor ID Payload:
|    next payload type: ISAKMP_NEXT_VID (0xd)
| next payload chain: ignoring supplied 'ISAKMP Vendor ID Payload'.'next payload type' value 13:ISAKMP_NEXT_VID
| next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID)
| next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet'
| emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload
| V_ID  90 cb 80 91  3e bb 69 6e  08 63 81 b5  ec 42 7b 1f
| emitting length of ISAKMP Vendor ID Payload: 20
| out_vid(): sending [draft-ietf-ipsec-nat-t-ike-02]
| ***emit ISAKMP Vendor ID Payload:
|    next payload type: ISAKMP_NEXT_NONE (0x0)
| next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID)
| next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet'
| emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload
| V_ID  cd 60 46 43  35 df 21 f8  7c fd b2 fc  68 b6 a4 48
| emitting length of ISAKMP Vendor ID Payload: 20
| no IKEv1 message padding required
| emitting length of ISAKMP Message: 792
| sending 792 bytes for reply packet for main_outI1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1)
|   f2 0e e9 e8  8b aa e4 0b  00 00 00 00  00 00 00 00
|   01 10 02 00  00 00 00 00  00 00 03 18  0d 00 02 84
|   00 00 00 01  00 00 00 01  00 00 02 78  00 01 00 12
|   03 00 00 24  00 01 00 00  80 0b 00 01  80 0c 0e 10
|   80 01 00 07  80 02 00 04  80 03 00 03  80 04 00 0e
|   80 0e 01 00  03 00 00 24  01 01 00 00  80 0b 00 01
|   80 0c 0e 10  80 01 00 07  80 02 00 04  80 03 00 03
|   80 04 00 0e  80 0e 00 80  03 00 00 24  02 01 00 00
|   80 0b 00 01  80 0c 0e 10  80 01 00 07  80 02 00 06
|   80 03 00 03  80 04 00 0e  80 0e 01 00  03 00 00 24
|   03 01 00 00  80 0b 00 01  80 0c 0e 10  80 01 00 07
|   80 02 00 06  80 03 00 03  80 04 00 0e  80 0e 00 80
|   03 00 00 24  04 01 00 00  80 0b 00 01  80 0c 0e 10
|   80 01 00 07  80 02 00 02  80 03 00 03  80 04 00 0e
|   80 0e 01 00  03 00 00 24  05 01 00 00  80 0b 00 01
|   80 0c 0e 10  80 01 00 07  80 02 00 02  80 03 00 03
|   80 04 00 0e  80 0e 00 80  03 00 00 24  06 01 00 00
|   80 0b 00 01  80 0c 0e 10  80 01 00 07  80 02 00 04
|   80 03 00 03  80 04 00 05  80 0e 01 00  03 00 00 24
|   07 01 00 00  80 0b 00 01  80 0c 0e 10  80 01 00 07
|   80 02 00 04  80 03 00 03  80 04 00 05  80 0e 00 80
|   03 00 00 24  08 01 00 00  80 0b 00 01  80 0c 0e 10
|   80 01 00 07  80 02 00 06  80 03 00 03  80 04 00 05
|   80 0e 01 00  03 00 00 24  09 01 00 00  80 0b 00 01
|   80 0c 0e 10  80 01 00 07  80 02 00 06  80 03 00 03
|   80 04 00 05  80 0e 00 80  03 00 00 24  0a 01 00 00
|   80 0b 00 01  80 0c 0e 10  80 01 00 07  80 02 00 02
|   80 03 00 03  80 04 00 05  80 0e 01 00  03 00 00 24
|   0b 01 00 00  80 0b 00 01  80 0c 0e 10  80 01 00 07
|   80 02 00 02  80 03 00 03  80 04 00 05  80 0e 00 80
|   03 00 00 20  0c 01 00 00  80 0b 00 01  80 0c 0e 10
|   80 01 00 05  80 02 00 04  80 03 00 03  80 04 00 0e
|   03 00 00 20  0d 01 00 00  80 0b 00 01  80 0c 0e 10
|   80 01 00 05  80 02 00 06  80 03 00 03  80 04 00 0e
|   03 00 00 20  0e 01 00 00  80 0b 00 01  80 0c 0e 10
|   80 01 00 05  80 02 00 02  80 03 00 03  80 04 00 0e
|   03 00 00 20  0f 01 00 00  80 0b 00 01  80 0c 0e 10
|   80 01 00 05  80 02 00 04  80 03 00 03  80 04 00 05
|   03 00 00 20  10 01 00 00  80 0b 00 01  80 0c 0e 10
|   80 01 00 05  80 02 00 06  80 03 00 03  80 04 00 05
|   00 00 00 20  11 01 00 00  80 0b 00 01  80 0c 0e 10
|   80 01 00 05  80 02 00 02  80 03 00 03  80 04 00 05
|   0d 00 00 14  40 48 b7 d5  6e bc e8 85  25 e7 de 7f
|   00 d6 c2 d3  0d 00 00 14  af ca d7 13  68 a1 f1 c9
|   6b 86 96 fc  77 57 01 00  0d 00 00 14  4a 13 1c 81
|   07 03 58 45  5c 57 28 f2  0e 95 45 2f  0d 00 00 14
|   7d 94 19 a6  53 10 ca 6f  2c 17 9d 92  15 52 9d 56
|   0d 00 00 14  90 cb 80 91  3e bb 69 6e  08 63 81 b5
|   ec 42 7b 1f  00 00 00 14  cd 60 46 43  35 df 21 f8
|   7c fd b2 fc  68 b6 a4 48
"nss-cert" #1: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds
| event_schedule: new EVENT_RETRANSMIT-pe@0x55b14dceb378
| inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #1
| libevent_malloc: new ptr-libevent@0x55b14dce3458 size 128
| #1 STATE_MAIN_I1: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 29928.767796
| #1 spent 1.54 milliseconds in main_outI1()
| stop processing: state #1 connection "nss-cert" from 192.1.2.23 (in main_outI1() at ikev1_main.c:228)
| resume processing: connection "nss-cert" (in main_outI1() at ikev1_main.c:228)
| stop processing: connection "nss-cert" (in initiate_a_connection() at initiate.c:349)
| close_any(fd@23) (in initiate_connection() at initiate.c:372)
| close_any(fd@16) (in whack_process() at rcv_whack.c:700)
| spent 1.6 milliseconds in whack
| spent 0.00205 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue()
| *received 144 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500)
|   f2 0e e9 e8  8b aa e4 0b  20 89 2c a1  61 82 f0 e2
|   01 10 02 00  00 00 00 00  00 00 00 90  0d 00 00 38
|   00 00 00 01  00 00 00 01  00 00 00 2c  00 01 00 01
|   00 00 00 24  00 01 00 00  80 0b 00 01  80 0c 0e 10
|   80 01 00 07  80 02 00 04  80 03 00 03  80 04 00 0e
|   80 0e 01 00  0d 00 00 14  40 48 b7 d5  6e bc e8 85
|   25 e7 de 7f  00 d6 c2 d3  0d 00 00 14  af ca d7 13
|   68 a1 f1 c9  6b 86 96 fc  77 57 01 00  00 00 00 14
|   4a 13 1c 81  07 03 58 45  5c 57 28 f2  0e 95 45 2f
| start processing: from 192.1.2.23:500 (in process_md() at demux.c:378)
| **parse ISAKMP Message:
|    initiator cookie:
|   f2 0e e9 e8  8b aa e4 0b
|    responder cookie:
|   20 89 2c a1  61 82 f0 e2
|    next payload type: ISAKMP_NEXT_SA (0x1)
|    ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
|    exchange type: ISAKMP_XCHG_IDPROT (0x2)
|    flags: none (0x0)
|    Message ID: 0 (0x0)
|    length: 144 (0x90)
|  processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2)
| State DB: IKEv1 state not found (find_state_ikev1)
| State DB: found IKEv1 state #1 in MAIN_I1 (find_state_ikev1_init)
| start processing: state #1 connection "nss-cert" from 192.1.2.23 (in process_v1_packet() at ikev1.c:1459)
| #1 is idle
| #1 idle
| got payload 0x2  (ISAKMP_NEXT_SA) needed: 0x2 opt: 0x2080
| ***parse ISAKMP Security Association Payload:
|    next payload type: ISAKMP_NEXT_VID (0xd)
|    length: 56 (0x38)
|    DOI: ISAKMP_DOI_IPSEC (0x1)
| got payload 0x2000  (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080
| ***parse ISAKMP Vendor ID Payload:
|    next payload type: ISAKMP_NEXT_VID (0xd)
|    length: 20 (0x14)
| got payload 0x2000  (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080
| ***parse ISAKMP Vendor ID Payload:
|    next payload type: ISAKMP_NEXT_VID (0xd)
|    length: 20 (0x14)
| got payload 0x2000  (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080
| ***parse ISAKMP Vendor ID Payload:
|    next payload type: ISAKMP_NEXT_NONE (0x0)
|    length: 20 (0x14)
| message 'main_inR1_outI2' HASH payload not checked early
| received Vendor ID payload [FRAGMENTATION]
| received Vendor ID payload [Dead Peer Detection]
|  quirks.qnat_traversal_vid set to=117 [RFC 3947]
| received Vendor ID payload [RFC 3947]
| ****parse IPsec DOI SIT:
|    IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1)
| ****parse ISAKMP Proposal Payload:
|    next payload type: ISAKMP_NEXT_NONE (0x0)
|    length: 44 (0x2c)
|    proposal number: 0 (0x0)
|    protocol ID: PROTO_ISAKMP (0x1)
|    SPI size: 0 (0x0)
|    number of transforms: 1 (0x1)
| *****parse ISAKMP Transform Payload (ISAKMP):
|    next payload type: ISAKMP_NEXT_NONE (0x0)
|    length: 36 (0x24)
|    ISAKMP transform number: 0 (0x0)
|    ISAKMP transform ID: KEY_IKE (0x1)
| ******parse ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_LIFE_TYPE (0x800b)
|    length/value: 1 (0x1)
|    [1 is OAKLEY_LIFE_SECONDS]
| ******parse ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c)
|    length/value: 3600 (0xe10)
| ******parse ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001)
|    length/value: 7 (0x7)
|    [7 is OAKLEY_AES_CBC]
| ******parse ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002)
|    length/value: 4 (0x4)
|    [4 is OAKLEY_SHA2_256]
| ******parse ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003)
|    length/value: 3 (0x3)
|    [3 is OAKLEY_RSA_SIG]
| ******parse ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004)
|    length/value: 14 (0xe)
|    [14 is OAKLEY_GROUP_MODP2048]
| ******parse ISAKMP Oakley attribute:
|    af+type: AF+OAKLEY_KEY_LENGTH (0x800e)
|    length/value: 256 (0x100)
| OAKLEY proposal verified unconditionally; no alg_info to check against
| Oakley Transform 0 accepted
| sender checking NAT-T: enabled; VID 117
| returning NAT-T method NAT_TRAVERSAL_METHOD_IETF_RFC
| enabling possible NAT-traversal with method RFC 3947 (NAT-Traversal)
| adding outI2 KE work-order 1 for state #1
| state #1 requesting EVENT_RETRANSMIT to be deleted
| #1 STATE_MAIN_I1: retransmits: cleared
| libevent_free: release ptr-libevent@0x55b14dce3458
| free_event_entry: release EVENT_RETRANSMIT-pe@0x55b14dceb378
| event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55b14dceb378
| inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1
| libevent_malloc: new ptr-libevent@0x55b14dce3458 size 128
| complete v1 state transition with STF_SUSPEND
| [RE]START processing: state #1 connection "nss-cert" from 192.1.2.23 (in complete_v1_state_transition() at ikev1.c:2648)
| suspending state #1 and saving MD
| #1 is busy; has a suspended MD
| #1 spent 0.116 milliseconds in process_packet_tail()
| stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380)
| stop processing: state #1 connection "nss-cert" from 192.1.2.23 (in process_md() at demux.c:382)
| processing: STOP connection NULL (in process_md() at demux.c:383)
| spent 0.256 milliseconds in comm_handle_cb() reading and processing packet
| crypto helper 1 resuming
| crypto helper 1 starting work-order 1 for state #1
| crypto helper 1 doing build KE and nonce (outI2 KE); request ID 1
| crypto helper 1 finished build KE and nonce (outI2 KE); request ID 1 time elapsed 0.000925 seconds
| (#1) spent 0.932 milliseconds in crypto helper computing work-order 1: outI2 KE (pcr)
| crypto helper 1 sending results from work-order 1 for state #1 to event queue
| scheduling resume sending helper answer for #1
| libevent_malloc: new ptr-libevent@0x7f668c002888 size 128
| crypto helper 1 waiting (nothing to do)
| processing resume sending helper answer for #1
| start processing: state #1 connection "nss-cert" from 192.1.2.23 (in resume_handler() at server.c:797)
| crypto helper 1 replies to request ID 1
| calling continuation function 0x55b14bf48b50
| main_inR1_outI2_continue for #1: calculated ke+nonce, sending I2
| **emit ISAKMP Message:
|    initiator cookie:
|   f2 0e e9 e8  8b aa e4 0b
|    responder cookie:
|   20 89 2c a1  61 82 f0 e2
|    next payload type: ISAKMP_NEXT_NONE (0x0)
|    ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
|    exchange type: ISAKMP_XCHG_IDPROT (0x2)
|    flags: none (0x0)
|    Message ID: 0 (0x0)
| next payload chain: saving message location 'ISAKMP Message'.'next payload type'
| ***emit ISAKMP Key Exchange Payload:
|    next payload type: ISAKMP_NEXT_NONCE (0xa)
| next payload chain: ignoring supplied 'ISAKMP Key Exchange Payload'.'next payload type' value 10:ISAKMP_NEXT_NONCE
| next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Key Exchange Payload (4:ISAKMP_NEXT_KE)
| next payload chain: saving location 'ISAKMP Key Exchange Payload'.'next payload type' in 'reply packet'
| emitting 256 raw bytes of keyex value into ISAKMP Key Exchange Payload
| keyex value  38 a5 21 f9  0d 0c ee ec  41 66 54 0f  16 ab 4e c4
| keyex value  6f ec 20 da  3e 0e a2 67  71 64 96 b2  27 52 13 8c
| keyex value  49 9c 80 99  03 13 25 b3  20 6f 56 7b  91 bb c9 64
| keyex value  81 27 c3 ff  a6 66 44 68  28 ba 85 75  f5 d1 d8 a1
| keyex value  ed 08 43 b9  10 d3 06 95  3f ca 12 63  b1 fd ff 5e
| keyex value  44 a0 4d 3c  72 f6 08 d3  12 c4 42 89  af 2c c6 13
| keyex value  20 13 7a ee  02 58 5d 65  c2 a7 41 b4  f2 44 ad 7b
| keyex value  ce 2b 48 ef  20 72 86 85  71 20 95 6f  4c a6 81 6a
| keyex value  7a 51 63 71  ea 80 bd 1d  e1 73 f6 65  45 82 60 16
| keyex value  e5 7a 42 13  e3 a4 7b 58  00 d5 48 1e  53 16 f9 f5
| keyex value  74 3a c5 24  30 c3 26 cc  b2 6d 58 5f  cd 68 12 4b
| keyex value  19 29 62 8e  00 ea 60 42  1c ec 1f 4e  77 7f 88 33
| keyex value  1d 68 b7 9c  96 85 b9 0f  b2 f7 da 71  df 3a f3 c5
| keyex value  5f 52 34 d9  18 98 76 a5  49 0b a1 05  1e de 2f 59
| keyex value  5d a0 92 7b  34 4f df 25  50 74 88 84  dd 17 f0 db
| keyex value  26 73 97 7e  fc 71 df fa  bf 9f 95 0c  cc 83 7f 22
| emitting length of ISAKMP Key Exchange Payload: 260
| ***emit ISAKMP Nonce Payload:
|    next payload type: ISAKMP_NEXT_NONE (0x0)
| next payload chain: setting previous 'ISAKMP Key Exchange Payload'.'next payload type' to current ISAKMP Nonce Payload (10:ISAKMP_NEXT_NONCE)
| next payload chain: saving location 'ISAKMP Nonce Payload'.'next payload type' in 'reply packet'
| emitting 32 raw bytes of Ni into ISAKMP Nonce Payload
| Ni  12 a4 76 1b  3f e2 55 a1  e9 3d f3 14  d3 bd ae 2a
| Ni  74 71 4c 12  11 37 53 0e  39 b6 ad 2a  aa 74 90 6a
| emitting length of ISAKMP Nonce Payload: 36
| NAT-T checking st_nat_traversal
| NAT-T found (implies NAT_T_WITH_NATD)
| sending NAT-D payloads
| natd_hash: hasher=0x55b14c01dca0(32)
| natd_hash: icookie=  f2 0e e9 e8  8b aa e4 0b
| natd_hash: rcookie=  20 89 2c a1  61 82 f0 e2
| natd_hash: ip=  c0 01 02 17
| natd_hash: port=500
| natd_hash: hash=  94 2d 82 3f  3a f8 68 1c  3d 86 00 e7  40 6f c3 70
| natd_hash: hash=  c0 42 08 e0  f5 08 f8 b8  17 de 24 21  bd ac e8 32
| ***emit ISAKMP NAT-D Payload:
|    next payload type: ISAKMP_NEXT_NATD_RFC (0x14)
| next payload chain: ignoring supplied 'ISAKMP NAT-D Payload'.'next payload type' value 20:ISAKMP_NEXT_NATD_RFC
| next payload chain: setting previous 'ISAKMP Nonce Payload'.'next payload type' to current ISAKMP NAT-D Payload (20:ISAKMP_NEXT_NATD_RFC)
| next payload chain: saving location 'ISAKMP NAT-D Payload'.'next payload type' in 'reply packet'
| emitting 32 raw bytes of NAT-D into ISAKMP NAT-D Payload
| NAT-D  94 2d 82 3f  3a f8 68 1c  3d 86 00 e7  40 6f c3 70
| NAT-D  c0 42 08 e0  f5 08 f8 b8  17 de 24 21  bd ac e8 32
| emitting length of ISAKMP NAT-D Payload: 36
| natd_hash: hasher=0x55b14c01dca0(32)
| natd_hash: icookie=  f2 0e e9 e8  8b aa e4 0b
| natd_hash: rcookie=  20 89 2c a1  61 82 f0 e2
| natd_hash: ip=  c0 01 02 2d
| natd_hash: port=500
| natd_hash: hash=  86 cb a7 5e  82 22 dc 86  30 da 1e 43  c6 b5 59 4e
| natd_hash: hash=  74 6d a1 e3  42 4e ca 35  71 23 1c 00  f5 c1 1d 01
| ***emit ISAKMP NAT-D Payload:
|    next payload type: ISAKMP_NEXT_NONE (0x0)
| next payload chain: setting previous 'ISAKMP NAT-D Payload'.'next payload type' to current ISAKMP NAT-D Payload (20:ISAKMP_NEXT_NATD_RFC)
| next payload chain: saving location 'ISAKMP NAT-D Payload'.'next payload type' in 'reply packet'
| emitting 32 raw bytes of NAT-D into ISAKMP NAT-D Payload
| NAT-D  86 cb a7 5e  82 22 dc 86  30 da 1e 43  c6 b5 59 4e
| NAT-D  74 6d a1 e3  42 4e ca 35  71 23 1c 00  f5 c1 1d 01
| emitting length of ISAKMP NAT-D Payload: 36
| no IKEv1 message padding required
| emitting length of ISAKMP Message: 396
| State DB: re-hashing IKEv1 state #1 IKE SPIi and SPI[ir]
| complete v1 state transition with STF_OK
| [RE]START processing: state #1 connection "nss-cert" from 192.1.2.23 (in complete_v1_state_transition() at ikev1.c:2673)
| #1 is idle
| doing_xauth:no, t_xauth_client_done:no
| peer supports fragmentation
| peer supports DPD
| IKEv1: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
| parent state #1: MAIN_I1(half-open IKE SA) => MAIN_I2(open IKE SA)
| event_already_set, deleting event
| state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted
| libevent_free: release ptr-libevent@0x55b14dce3458
| free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55b14dceb378
| sending reply packet to 192.1.2.23:500 (from 192.1.2.45:500)
| sending 396 bytes for STATE_MAIN_I1 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1)
|   f2 0e e9 e8  8b aa e4 0b  20 89 2c a1  61 82 f0 e2
|   04 10 02 00  00 00 00 00  00 00 01 8c  0a 00 01 04
|   38 a5 21 f9  0d 0c ee ec  41 66 54 0f  16 ab 4e c4
|   6f ec 20 da  3e 0e a2 67  71 64 96 b2  27 52 13 8c
|   49 9c 80 99  03 13 25 b3  20 6f 56 7b  91 bb c9 64
|   81 27 c3 ff  a6 66 44 68  28 ba 85 75  f5 d1 d8 a1
|   ed 08 43 b9  10 d3 06 95  3f ca 12 63  b1 fd ff 5e
|   44 a0 4d 3c  72 f6 08 d3  12 c4 42 89  af 2c c6 13
|   20 13 7a ee  02 58 5d 65  c2 a7 41 b4  f2 44 ad 7b
|   ce 2b 48 ef  20 72 86 85  71 20 95 6f  4c a6 81 6a
|   7a 51 63 71  ea 80 bd 1d  e1 73 f6 65  45 82 60 16
|   e5 7a 42 13  e3 a4 7b 58  00 d5 48 1e  53 16 f9 f5
|   74 3a c5 24  30 c3 26 cc  b2 6d 58 5f  cd 68 12 4b
|   19 29 62 8e  00 ea 60 42  1c ec 1f 4e  77 7f 88 33
|   1d 68 b7 9c  96 85 b9 0f  b2 f7 da 71  df 3a f3 c5
|   5f 52 34 d9  18 98 76 a5  49 0b a1 05  1e de 2f 59
|   5d a0 92 7b  34 4f df 25  50 74 88 84  dd 17 f0 db
|   26 73 97 7e  fc 71 df fa  bf 9f 95 0c  cc 83 7f 22
|   14 00 00 24  12 a4 76 1b  3f e2 55 a1  e9 3d f3 14
|   d3 bd ae 2a  74 71 4c 12  11 37 53 0e  39 b6 ad 2a
|   aa 74 90 6a  14 00 00 24  94 2d 82 3f  3a f8 68 1c
|   3d 86 00 e7  40 6f c3 70  c0 42 08 e0  f5 08 f8 b8
|   17 de 24 21  bd ac e8 32  00 00 00 24  86 cb a7 5e
|   82 22 dc 86  30 da 1e 43  c6 b5 59 4e  74 6d a1 e3
|   42 4e ca 35  71 23 1c 00  f5 c1 1d 01
| !event_already_set at reschedule
"nss-cert" #1: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds
| event_schedule: new EVENT_RETRANSMIT-pe@0x55b14dceb378
| inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #1
| libevent_malloc: new ptr-libevent@0x55b14dce7b58 size 128
| #1 STATE_MAIN_I2: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 29928.77016
"nss-cert" #1: STATE_MAIN_I2: sent MI2, expecting MR2
| modecfg pull: noquirk policy:push not-client
| phase 1 is done, looking for phase 2 to unpend
| resume sending helper answer for #1 suppresed complete_v1_state_transition()
| #1 spent 0.314 milliseconds in resume sending helper answer
| stop processing: state #1 connection "nss-cert" from 192.1.2.23 (in resume_handler() at server.c:833)
| libevent_free: release ptr-libevent@0x7f668c002888
| spent 0.00321 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue()
| *received 396 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500)
|   f2 0e e9 e8  8b aa e4 0b  20 89 2c a1  61 82 f0 e2
|   04 10 02 00  00 00 00 00  00 00 01 8c  0a 00 01 04
|   dd 22 ea 75  6b 0d d6 b1  0d eb bf 70  b9 16 44 0c
|   39 01 ed 43  ed 67 83 b7  4f d6 91 c3  a9 7f 02 72
|   4b ba 1e e1  26 bf 7a 6b  39 53 f8 9c  de 82 dc 8e
|   86 8e b2 c6  9b 01 30 91  79 94 7f 0d  11 5e 58 fc
|   87 bf 3d 36  d3 a4 1e 01  57 2a f0 59  b5 a6 1b b6
|   8e c6 c8 de  92 fc 2b b6  f4 77 e3 0e  91 b2 fc e8
|   c3 ac 37 36  71 0f b7 5e  0a 6f 36 f8  b2 eb 51 8a
|   98 79 04 15  8d 56 8a fa  d9 bf f5 6f  12 03 6c 14
|   b0 76 06 d5  39 97 50 f6  13 00 9d 0c  83 62 d0 7e
|   b4 3a 28 e8  e4 64 97 af  cb 4a 17 41  f0 72 d7 f6
|   b6 55 4f de  3f ee a9 f0  33 70 12 8e  b6 50 60 7a
|   ca 52 12 72  97 3e ea 3e  77 b4 28 a5  fe e4 79 6e
|   d7 cd cc 19  df 8f e8 4b  60 bf bf 99  d2 70 7b 69
|   cf fa e7 a1  6c 00 6d 17  b7 97 8a 04  a0 87 b1 1d
|   33 41 38 fb  81 4c 04 bb  f5 fb ce f3  97 0f bf a9
|   15 a0 1d aa  e8 df e1 09  ba 06 0d cb  16 f5 d0 f7
|   14 00 00 24  c5 24 b8 71  a8 c1 56 22  40 05 c6 e1
|   cb 8c 64 2e  0f ba e0 c3  15 b4 36 d3  1e d4 28 47
|   08 51 ce 4d  14 00 00 24  86 cb a7 5e  82 22 dc 86
|   30 da 1e 43  c6 b5 59 4e  74 6d a1 e3  42 4e ca 35
|   71 23 1c 00  f5 c1 1d 01  00 00 00 24  94 2d 82 3f
|   3a f8 68 1c  3d 86 00 e7  40 6f c3 70  c0 42 08 e0
|   f5 08 f8 b8  17 de 24 21  bd ac e8 32
| start processing: from 192.1.2.23:500 (in process_md() at demux.c:378)
| **parse ISAKMP Message:
|    initiator cookie:
|   f2 0e e9 e8  8b aa e4 0b
|    responder cookie:
|   20 89 2c a1  61 82 f0 e2
|    next payload type: ISAKMP_NEXT_KE (0x4)
|    ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
|    exchange type: ISAKMP_XCHG_IDPROT (0x2)
|    flags: none (0x0)
|    Message ID: 0 (0x0)
|    length: 396 (0x18c)
|  processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2)
| State DB: found IKEv1 state #1 in MAIN_I2 (find_state_ikev1)
| start processing: state #1 connection "nss-cert" from 192.1.2.23 (in process_v1_packet() at ikev1.c:1459)
| #1 is idle
| #1 idle
| got payload 0x10  (ISAKMP_NEXT_KE) needed: 0x410 opt: 0x102080
| ***parse ISAKMP Key Exchange Payload:
|    next payload type: ISAKMP_NEXT_NONCE (0xa)
|    length: 260 (0x104)
| got payload 0x400  (ISAKMP_NEXT_NONCE) needed: 0x400 opt: 0x102080
| ***parse ISAKMP Nonce Payload:
|    next payload type: ISAKMP_NEXT_NATD_RFC (0x14)
|    length: 36 (0x24)
| got payload 0x100000  (ISAKMP_NEXT_NATD_RFC) needed: 0x0 opt: 0x102080
| ***parse ISAKMP NAT-D Payload:
|    next payload type: ISAKMP_NEXT_NATD_RFC (0x14)
|    length: 36 (0x24)
| got payload 0x100000  (ISAKMP_NEXT_NATD_RFC) needed: 0x0 opt: 0x102080
| ***parse ISAKMP NAT-D Payload:
|    next payload type: ISAKMP_NEXT_NONE (0x0)
|    length: 36 (0x24)
| message 'main_inR2_outI3' HASH payload not checked early
| started looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=usage-both.testing.libreswan.org, E=user-usage-both@testing.libreswan.org->%fromcert of kind PKK_PSK
| actually looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=usage-both.testing.libreswan.org, E=user-usage-both@testing.libreswan.org->%fromcert of kind PKK_PSK
| line 0: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=usage-both.testing.libreswan.org, E=user-usage-both@testing.libreswan.org) to type PKK_RSA
| line 1: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=usage-both.testing.libreswan.org, E=user-usage-both@testing.libreswan.org) to type PKK_RSA
| concluding with best_match=000 best=(nil) (lineno=-1)
| no PreShared Key Found
| adding aggr outR1 DH work-order 2 for state #1
| state #1 requesting EVENT_RETRANSMIT to be deleted
| #1 STATE_MAIN_I2: retransmits: cleared
| libevent_free: release ptr-libevent@0x55b14dce7b58
| free_event_entry: release EVENT_RETRANSMIT-pe@0x55b14dceb378
| event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55b14dceb378
| inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1
| libevent_malloc: new ptr-libevent@0x7f668c002888 size 128
| crypto helper 2 resuming
| crypto helper 2 starting work-order 2 for state #1
| crypto helper 2 doing compute dh+iv (V1 Phase 1) (aggr outR1 DH); request ID 2
| crypto helper 2 finished compute dh+iv (V1 Phase 1) (aggr outR1 DH); request ID 2 time elapsed 0.001135 seconds
| (#1) spent 1.14 milliseconds in crypto helper computing work-order 2: aggr outR1 DH (pcr)
| crypto helper 2 sending results from work-order 2 for state #1 to event queue
| scheduling resume sending helper answer for #1
| libevent_malloc: new ptr-libevent@0x7f6684000f48 size 128
| crypto helper 2 waiting (nothing to do)
| complete v1 state transition with STF_SUSPEND
| [RE]START processing: state #1 connection "nss-cert" from 192.1.2.23 (in complete_v1_state_transition() at ikev1.c:2648)
| suspending state #1 and saving MD
| #1 is busy; has a suspended MD
| #1 spent 0.0679 milliseconds in process_packet_tail()
| stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380)
| stop processing: state #1 connection "nss-cert" from 192.1.2.23 (in process_md() at demux.c:382)
| processing: STOP connection NULL (in process_md() at demux.c:383)
| spent 0.209 milliseconds in comm_handle_cb() reading and processing packet
| processing resume sending helper answer for #1
| start processing: state #1 connection "nss-cert" from 192.1.2.23 (in resume_handler() at server.c:797)
| crypto helper 2 replies to request ID 2
| calling continuation function 0x55b14bf48b50
| main_inR2_outI3_cryptotail for #1: calculated DH, sending R1
| **emit ISAKMP Message:
|    initiator cookie:
|   f2 0e e9 e8  8b aa e4 0b
|    responder cookie:
|   20 89 2c a1  61 82 f0 e2
|    next payload type: ISAKMP_NEXT_ID (0x5)
|    ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
|    exchange type: ISAKMP_XCHG_IDPROT (0x2)
|    flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1)
|    Message ID: 0 (0x0)
| next payload chain: saving message location 'ISAKMP Message'.'next payload type'
| next payload chain: ignoring supplied 'ISAKMP Message'.'next payload type' value 5:ISAKMP_NEXT_ID
| thinking about whether to send my certificate:
|   I have RSA key: OAKLEY_RSA_SIG cert.type: CERT_X509_SIGNATURE 
|   sendcert: CERT_ALWAYSSEND and I did not get a certificate request 
|   so send cert.
|  I am sending a certificate request
| I will NOT send an initial contact payload
| init checking NAT-T: enabled; RFC 3947 (NAT-Traversal)
| natd_hash: hasher=0x55b14c01dca0(32)
| natd_hash: icookie=  f2 0e e9 e8  8b aa e4 0b
| natd_hash: rcookie=  20 89 2c a1  61 82 f0 e2
| natd_hash: ip=  c0 01 02 2d
| natd_hash: port=500
| natd_hash: hash=  86 cb a7 5e  82 22 dc 86  30 da 1e 43  c6 b5 59 4e
| natd_hash: hash=  74 6d a1 e3  42 4e ca 35  71 23 1c 00  f5 c1 1d 01
| natd_hash: hasher=0x55b14c01dca0(32)
| natd_hash: icookie=  f2 0e e9 e8  8b aa e4 0b
| natd_hash: rcookie=  20 89 2c a1  61 82 f0 e2
| natd_hash: ip=  c0 01 02 17
| natd_hash: port=500
| natd_hash: hash=  94 2d 82 3f  3a f8 68 1c  3d 86 00 e7  40 6f c3 70
| natd_hash: hash=  c0 42 08 e0  f5 08 f8 b8  17 de 24 21  bd ac e8 32
| expected NAT-D(me):  86 cb a7 5e  82 22 dc 86  30 da 1e 43  c6 b5 59 4e
| expected NAT-D(me):  74 6d a1 e3  42 4e ca 35  71 23 1c 00  f5 c1 1d 01
| expected NAT-D(him):
|   94 2d 82 3f  3a f8 68 1c  3d 86 00 e7  40 6f c3 70
|   c0 42 08 e0  f5 08 f8 b8  17 de 24 21  bd ac e8 32
| received NAT-D:  86 cb a7 5e  82 22 dc 86  30 da 1e 43  c6 b5 59 4e
| received NAT-D:  74 6d a1 e3  42 4e ca 35  71 23 1c 00  f5 c1 1d 01
| received NAT-D:  94 2d 82 3f  3a f8 68 1c  3d 86 00 e7  40 6f c3 70
| received NAT-D:  c0 42 08 e0  f5 08 f8 b8  17 de 24 21  bd ac e8 32
| NAT_TRAVERSAL encaps using auto-detect
| NAT_TRAVERSAL this end is NOT behind NAT
| NAT_TRAVERSAL that end is NOT behind NAT
| NAT_TRAVERSAL nat-keepalive enabled 192.1.2.23
| NAT-Traversal: Result using RFC 3947 (NAT-Traversal) sender port 500: no NAT detected
|  NAT_T_WITH_KA detected
| global one-shot timer EVENT_NAT_T_KEEPALIVE scheduled in 20 seconds
| ***emit ISAKMP Identification Payload (IPsec DOI):
|    next payload type: ISAKMP_NEXT_CERT (0x6)
|    ID type: ID_DER_ASN1_DN (0x9)
|    Protocol ID: 0 (0x0)
|    port: 0 (0x0)
| next payload chain: ignoring supplied 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' value 6:ISAKMP_NEXT_CERT
| next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID)
| next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet'
| emitting 195 raw bytes of my identity into ISAKMP Identification Payload (IPsec DOI)
| my identity  30 81 c0 31  0b 30 09 06  03 55 04 06  13 02 43 41
| my identity  31 10 30 0e  06 03 55 04  08 0c 07 4f  6e 74 61 72
| my identity  69 6f 31 10  30 0e 06 03  55 04 07 0c  07 54 6f 72
| my identity  6f 6e 74 6f  31 12 30 10  06 03 55 04  0a 0c 09 4c
| my identity  69 62 72 65  73 77 61 6e  31 18 30 16  06 03 55 04
| my identity  0b 0c 0f 54  65 73 74 20  44 65 70 61  72 74 6d 65
| my identity  6e 74 31 29  30 27 06 03  55 04 03 0c  20 75 73 61
| my identity  67 65 2d 62  6f 74 68 2e  74 65 73 74  69 6e 67 2e
| my identity  6c 69 62 72  65 73 77 61  6e 2e 6f 72  67 31 34 30
| my identity  32 06 09 2a  86 48 86 f7  0d 01 09 01  16 25 75 73
| my identity  65 72 2d 75  73 61 67 65  2d 62 6f 74  68 40 74 65
| my identity  73 74 69 6e  67 2e 6c 69  62 72 65 73  77 61 6e 2e
| my identity  6f 72 67
| emitting length of ISAKMP Identification Payload (IPsec DOI): 203
"nss-cert" #1: I am sending my cert
| ***emit ISAKMP Certificate Payload:
|    next payload type: ISAKMP_NEXT_CR (0x7)
|    cert encoding: CERT_X509_SIGNATURE (0x4)
| next payload chain: ignoring supplied 'ISAKMP Certificate Payload'.'next payload type' value 7:ISAKMP_NEXT_CR
| next payload chain: setting previous 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' to current ISAKMP Certificate Payload (6:ISAKMP_NEXT_CERT)
| next payload chain: saving location 'ISAKMP Certificate Payload'.'next payload type' in 'reply packet'
| emitting 1242 raw bytes of CERT into ISAKMP Certificate Payload
| CERT  30 82 04 d6  30 82 04 3f  a0 03 02 01  02 02 01 2d
| CERT  30 0d 06 09  2a 86 48 86  f7 0d 01 01  0b 05 00 30
| CERT  81 ac 31 0b  30 09 06 03  55 04 06 13  02 43 41 31
| CERT  10 30 0e 06  03 55 04 08  0c 07 4f 6e  74 61 72 69
| CERT  6f 31 10 30  0e 06 03 55  04 07 0c 07  54 6f 72 6f
| CERT  6e 74 6f 31  12 30 10 06  03 55 04 0a  0c 09 4c 69
| CERT  62 72 65 73  77 61 6e 31  18 30 16 06  03 55 04 0b
| CERT  0c 0f 54 65  73 74 20 44  65 70 61 72  74 6d 65 6e
| CERT  74 31 25 30  23 06 03 55  04 03 0c 1c  4c 69 62 72
| CERT  65 73 77 61  6e 20 74 65  73 74 20 43  41 20 66 6f
| CERT  72 20 6d 61  69 6e 63 61  31 24 30 22  06 09 2a 86
| CERT  48 86 f7 0d  01 09 01 16  15 74 65 73  74 69 6e 67
| CERT  40 6c 69 62  72 65 73 77  61 6e 2e 6f  72 67 30 22
| CERT  18 0f 32 30  31 39 30 38  32 34 30 39  30 37 35 33
| CERT  5a 18 0f 32  30 32 32 30  38 32 33 30  39 30 37 35
| CERT  33 5a 30 81  c0 31 0b 30  09 06 03 55  04 06 13 02
| CERT  43 41 31 10  30 0e 06 03  55 04 08 0c  07 4f 6e 74
| CERT  61 72 69 6f  31 10 30 0e  06 03 55 04  07 0c 07 54
| CERT  6f 72 6f 6e  74 6f 31 12  30 10 06 03  55 04 0a 0c
| CERT  09 4c 69 62  72 65 73 77  61 6e 31 18  30 16 06 03
| CERT  55 04 0b 0c  0f 54 65 73  74 20 44 65  70 61 72 74
| CERT  6d 65 6e 74  31 29 30 27  06 03 55 04  03 0c 20 75
| CERT  73 61 67 65  2d 62 6f 74  68 2e 74 65  73 74 69 6e
| CERT  67 2e 6c 69  62 72 65 73  77 61 6e 2e  6f 72 67 31
| CERT  34 30 32 06  09 2a 86 48  86 f7 0d 01  09 01 16 25
| CERT  75 73 65 72  2d 75 73 61  67 65 2d 62  6f 74 68 40
| CERT  74 65 73 74  69 6e 67 2e  6c 69 62 72  65 73 77 61
| CERT  6e 2e 6f 72  67 30 82 01  a2 30 0d 06  09 2a 86 48
| CERT  86 f7 0d 01  01 01 05 00  03 82 01 8f  00 30 82 01
| CERT  8a 02 82 01  81 00 fb 0c  38 12 b3 e0  b1 77 4d 8d
| CERT  52 e9 9f 45  93 6c ff f3  af 25 bf 3a  de f1 e8 85
| CERT  37 a7 cc 82  ee 08 96 d8  1e 0b 8e a9  d9 82 17 bd
| CERT  8b ae da 26  d8 de 87 a1  3d 69 2b e2  59 a8 ac 6d
| CERT  17 d6 d9 ef  43 c7 74 85  ae a0 5f 10  88 40 84 65
| CERT  8c 90 7c 1c  2a 53 d2 54  9c d5 f7 00  a9 d3 58 d0
| CERT  a1 78 c6 96  81 aa 66 0f  70 c6 d1 36  ef 58 9d 58
| CERT  16 73 fb 2c  00 69 05 16  53 a5 35 fa  28 e0 64 10
| CERT  60 3b d6 35  d9 c2 e0 4e  88 c2 ff 67  04 28 3e 84
| CERT  31 2c c7 d1  88 82 e4 ac  4e 96 eb 0f  2b 69 28 a6
| CERT  6c d9 23 a5  37 42 64 a8  36 36 15 7a  80 5d 7d 88
| CERT  b6 aa c6 3c  33 a4 e5 81  11 34 ce 60  a4 57 13 d4
| CERT  61 99 50 2d  b0 b4 13 d5  1e 50 83 d0  cf 31 e2 1c
| CERT  92 03 7b 8e  79 1f e5 23  d9 23 bf 7e  04 8b 65 9c
| CERT  5e 33 37 24  83 54 9b 1a  31 62 46 1e  c6 07 16 83
| CERT  9c 2a 42 3d  78 f0 c4 0a  54 6b 8c 09  af 18 fe fe
| CERT  9a 60 30 0c  f9 25 05 61  b6 3a af ec  fc 0e 10 99
| CERT  ec 68 da 12  49 9a 63 2f  3d af 7e 95  61 e5 7a 64
| CERT  2c a7 5a 1f  8b 6e 3c f4  c6 65 b5 0a  eb bb ae 9b
| CERT  84 8b 1a 7c  10 4a 0e 80  38 71 4f 8d  99 47 61 ce
| CERT  33 7c ec ab  e4 e6 42 a3  49 24 f2 eb  63 2b 2b d2
| CERT  21 c1 02 93  e3 f1 d9 47  7e 76 61 9e  36 8a 0f 9b
| CERT  2e 25 34 4f  f9 46 ed 42  43 fc cc e8  d2 1a 6c 18
| CERT  43 66 91 b5  4b a9 60 48  15 f9 3d cc  e3 87 c6 3f
| CERT  d6 22 f0 11  43 91 02 03  01 00 01 a3  81 e9 30 81
| CERT  e6 30 09 06  03 55 1d 13  04 02 30 00  30 2b 06 03
| CERT  55 1d 11 04  24 30 22 82  20 75 73 61  67 65 2d 62
| CERT  6f 74 68 2e  74 65 73 74  69 6e 67 2e  6c 69 62 72
| CERT  65 73 77 61  6e 2e 6f 72  67 30 0b 06  03 55 1d 0f
| CERT  04 04 03 02  07 80 30 1d  06 03 55 1d  25 04 16 30
| CERT  14 06 08 2b  06 01 05 05  07 03 01 06  08 2b 06 01
| CERT  05 05 07 03  02 30 41 06  08 2b 06 01  05 05 07 01
| CERT  01 04 35 30  33 30 31 06  08 2b 06 01  05 05 07 30
| CERT  01 86 25 68  74 74 70 3a  2f 2f 6e 69  63 2e 74 65
| CERT  73 74 69 6e  67 2e 6c 69  62 72 65 73  77 61 6e 2e
| CERT  6f 72 67 3a  32 35 36 30  30 3d 06 03  55 1d 1f 04
| CERT  36 30 34 30  32 a0 30 a0  2e 86 2c 68  74 74 70 3a
| CERT  2f 2f 6e 69  63 2e 74 65  73 74 69 6e  67 2e 6c 69
| CERT  62 72 65 73  77 61 6e 2e  6f 72 67 2f  72 65 76 6f
| CERT  6b 65 64 2e  63 72 6c 30  0d 06 09 2a  86 48 86 f7
| CERT  0d 01 01 0b  05 00 03 81  81 00 40 e1  06 20 0d a8
| CERT  a5 48 3c a5  78 fa 49 5c  4e 04 e0 b7  16 17 db b9
| CERT  9c bb 56 6c  2c 10 e3 b0  ba 1a 70 b1  2f db 62 c2
| CERT  b4 6d c9 a8  df 10 4a 76  95 51 99 8d  6d f9 3e c4
| CERT  20 52 91 a9  2e 8e 0f 5f  28 a0 d6 84  6a ca df 9d
| CERT  3b c1 f7 3f  a8 27 ea 76  6b 6e 4f 55  27 12 86 6b
| CERT  4d 49 b9 87  e9 85 76 af  1f 1d 27 93  8d 56 c1 11
| CERT  ea f1 bc f1  2f 37 bb 87  1a 69 2a 10  22 10 56 69
| CERT  9c 57 a5 77  69 b8 db 06  a9 17
| emitting length of ISAKMP Certificate Payload: 1247
"nss-cert" #1: I am sending a certificate request
| ***emit ISAKMP Certificate RequestPayload:
|    next payload type: ISAKMP_NEXT_SIG (0x9)
|    cert type: CERT_X509_SIGNATURE (0x4)
| next payload chain: ignoring supplied 'ISAKMP Certificate RequestPayload'.'next payload type' value 9:ISAKMP_NEXT_SIG
| next payload chain: setting previous 'ISAKMP Certificate Payload'.'next payload type' to current ISAKMP Certificate RequestPayload (7:ISAKMP_NEXT_CR)
| next payload chain: saving location 'ISAKMP Certificate RequestPayload'.'next payload type' in 'reply packet'
| emitting length of ISAKMP Certificate RequestPayload: 5
| started looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=usage-both.testing.libreswan.org, E=user-usage-both@testing.libreswan.org->%fromcert of kind PKK_RSA
| searching for certificate PKK_RSA:AwEAAfsMO vs PKK_RSA:AwEAAfsMO
| ***emit ISAKMP Signature Payload:
|    next payload type: ISAKMP_NEXT_NONE (0x0)
| next payload chain: setting previous 'ISAKMP Certificate RequestPayload'.'next payload type' to current ISAKMP Signature Payload (9:ISAKMP_NEXT_SIG)
| next payload chain: saving location 'ISAKMP Signature Payload'.'next payload type' in 'reply packet'
| emitting 384 raw bytes of SIG_I into ISAKMP Signature Payload
| SIG_I  64 42 c5 29  44 01 26 23  e0 5a 96 cf  d8 be c9 9f
| SIG_I  e6 17 61 db  dc 7e db 4f  79 a6 b2 b4  6c ad 5b 2c
| SIG_I  27 e0 1d 38  b2 db b4 e9  4f 59 8d 68  98 eb d2 9d
| SIG_I  7a d7 2e fd  25 b8 b6 8b  85 07 07 05  e5 15 c3 cd
| SIG_I  5c 66 70 be  06 e8 c6 59  61 9f 96 2e  3e 66 79 c1
| SIG_I  e9 c1 b7 37  c4 de 49 92  e5 29 5b c2  16 81 83 b2
| SIG_I  ca 93 8e 61  8d 20 0c 71  30 f8 6c 93  ed e6 08 fa
| SIG_I  e4 ce 89 63  cb 61 7a 45  74 3f c0 b4  5f 00 cf b7
| SIG_I  77 08 db 3c  b8 9e cf d3  33 f0 3f 22  b0 f6 e7 01
| SIG_I  8e 45 86 15  c9 fb f0 f3  35 8c 47 00  d9 75 7a 03
| SIG_I  9c 97 c1 67  ab 5b 0c 25  f4 5e 85 84  8c af 1f 5a
| SIG_I  30 e8 38 0f  98 f0 19 2a  a2 1a 01 8f  54 3b 16 24
| SIG_I  23 90 0b eb  de 39 44 d3  85 a5 29 d1  98 a5 6d 10
| SIG_I  ca ff d7 82  cc 7a b6 03  b5 90 01 76  30 aa 8b b0
| SIG_I  39 ce c0 0b  84 5d 7a 62  35 8c c9 15  68 20 95 c6
| SIG_I  5d 22 c2 61  b2 0b fe ea  d9 f4 31 54  de 5b 94 6b
| SIG_I  fc 05 7c 3b  3e 24 91 dd  53 6d 6a 32  74 e7 ad c5
| SIG_I  a1 b7 b7 52  6a 38 d0 c2  96 bb b8 a7  fe 72 48 52
| SIG_I  0d 97 c2 b4  ad 69 3e be  a7 d7 5c fc  e2 25 01 3a
| SIG_I  47 13 e8 d0  ed 66 a6 e2  7e f1 00 68  f1 1b 10 f7
| SIG_I  d6 ec 7a d2  f7 65 7a 17  00 30 5a 43  0b 71 36 13
| SIG_I  b1 70 f7 39  88 07 f0 71  30 2d 37 ff  fd ac e7 21
| SIG_I  b3 df 19 b6  5e 07 89 21  0c a5 38 65  0f 99 72 31
| SIG_I  70 ae f7 d8  6b 56 55 0a  05 8d 1d 09  a5 d8 98 22
| emitting length of ISAKMP Signature Payload: 388
| Not sending INITIAL_CONTACT
| emitting 13 zero bytes of encryption padding into ISAKMP Message
| no IKEv1 message padding required
| emitting length of ISAKMP Message: 1884
| complete v1 state transition with STF_OK
| [RE]START processing: state #1 connection "nss-cert" from 192.1.2.23 (in complete_v1_state_transition() at ikev1.c:2673)
| #1 is idle
| doing_xauth:no, t_xauth_client_done:no
| IKEv1: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
| parent state #1: MAIN_I2(open IKE SA) => MAIN_I3(open IKE SA)
| event_already_set, deleting event
| state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted
| libevent_free: release ptr-libevent@0x7f668c002888
| free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55b14dceb378
| sending reply packet to 192.1.2.23:500 (from 192.1.2.45:500)
| sending 1884 bytes for STATE_MAIN_I2 through eth1 from 192.1.2.45:500 to 192.1.2.23:500 (using #1)
|   f2 0e e9 e8  8b aa e4 0b  20 89 2c a1  61 82 f0 e2
|   05 10 02 01  00 00 00 00  00 00 07 5c  a1 0a b3 e8
|   31 90 3a 58  07 9c 6c 74  2c 07 7e e5  8e 59 b3 df
|   aa 88 74 7f  9e a6 47 95  84 1b d2 f9  6b cf 9c e2
|   a3 cc 5e 69  dd 27 09 26  e4 70 e2 a6  d0 ea 3b 46
|   07 75 3f a3  3e f0 60 92  79 55 1f 39  69 aa 6f 40
|   d9 4b ea 5d  52 70 f3 29  6c a9 09 50  43 ba 1d e8
|   ac 57 c5 f9  db bd 4c b9  76 47 86 c3  c0 55 b0 d8
|   b2 97 b7 2c  b4 79 ce 09  65 ae ce 7a  72 66 fa 7f
|   92 c5 5d fd  1d 80 bb 9a  7c 9c 84 09  a8 56 11 0b
|   31 7c 99 53  4e 15 10 a1  5f ee f4 23  dc 3a 9f 8d
|   7f fd b6 7b  fe 9e 2b f7  b9 f0 2f e9  5d 0c 50 8c
|   8e 27 cf 32  99 03 e1 df  21 5f 4f 7a  e2 35 79 e8
|   a7 96 1f eb  45 4f a9 76  5e 3a 3c 3f  86 42 9d 4c
|   19 94 ac dd  88 7f d8 2e  31 71 b1 ec  39 51 5e ed
|   7d c3 20 91  5d 83 4c 4e  bb bf 12 3f  fd 47 59 ba
|   69 a0 76 a6  65 7a de f8  75 65 80 27  66 b1 f1 ea
|   91 80 e8 2d  41 dd a0 bc  30 21 a4 0f  03 71 09 66
|   92 0f c7 d2  63 f7 ac 96  6a 68 82 a1  ce 81 5d 21
|   c8 11 a8 ed  fa c9 3e ed  2a 24 5a 29  f8 1f ca 95
|   55 20 94 82  f0 55 ac 97  87 45 fc 08  3b 71 8d 67
|   72 2f a2 ae  31 c4 08 d2  d8 bf 2a ca  2f e2 a1 94
|   41 ea f3 ca  21 97 5f df  32 51 00 be  2f b4 a3 ac
|   0d 12 b6 a7  d5 1b da 5f  5f e9 84 23  e0 d7 e0 41
|   17 16 6e 86  d2 0b 49 26  8a d8 6d 92  00 0a 44 4d
|   c7 f0 49 2a  b4 3f f9 88  0c bf 07 11  7d 87 d0 db
|   79 cf cd 6a  17 1d cd a6  30 40 20 ab  89 02 69 20
|   01 1c 07 5a  69 b9 28 82  56 b5 2d 7f  ab 51 b7 ac
|   5a 67 95 cb  da 67 8d 4a  a0 68 e2 0d  4f a4 92 2a
|   65 6e 14 4c  19 1a 09 4e  6e c9 67 8a  09 58 2c 78
|   33 6a da 8a  51 9c 31 58  2e 49 c8 73  59 5e 15 49
|   39 bc 88 c6  cc f5 f4 fe  fe cd 0c 49  6f 06 9c e9
|   15 0c ce 41  f1 e2 4c f6  7a 7a 28 ae  38 19 41 3f
|   d2 83 a8 e8  92 07 7e 69  eb cd 1d 0d  74 76 82 19
|   11 34 27 3e  58 22 fc 9e  4a 94 49 4a  a2 32 0b 48
|   11 2a 73 21  bc f2 59 ad  82 ce 24 36  3b 6e 4e b5
|   39 d4 45 4d  72 a6 63 72  60 6c b5 f1  1d a3 94 a4
|   c8 5d b9 b8  c1 3d 5d af  6b fe 6b 43  ad eb 03 4c
|   20 5d a1 57  87 41 30 bd  2b 37 04 5f  75 c5 61 56
|   e8 ef ce 4f  11 85 53 57  7e fa 47 28  c3 c7 72 77
|   4c c9 dd 93  10 85 f3 a1  63 54 49 ca  72 72 d2 25
|   0c 56 0a 41  39 3d af 44  5e 46 bd 75  30 3f 0b 75
|   de b7 09 ce  92 4e cf 12  30 ab cf 60  1d 44 9d fc
|   05 25 e9 ed  1b 2c 1e ee  05 1e 5d 1f  e3 6f 40 79
|   64 2b 49 b3  1f 61 84 7c  c6 a3 9d 07  f0 86 26 4d
|   79 c4 45 b4  c2 0e 97 be  2f d3 3d 46  34 d3 6b 3d
|   3d 87 e7 93  0b a3 bc 8b  b3 42 4e 5a  fa 42 a2 06
|   5a b7 91 c8  e6 cb ab ba  4a 38 8d ae  bb f3 75 86
|   4a 02 84 77  70 14 e4 87  99 89 ae d6  48 a5 70 de
|   4b 92 67 fe  9d c5 cc a5  1b 0a c3 d1  75 c3 02 d9
|   7e 29 4c 2f  16 b0 3c 3a  d3 e4 47 97  44 da b2 8f
|   28 42 08 69  0f 53 ab 38  39 c0 c3 d8  8f c5 aa 79
|   c5 ff 2e 31  c6 f9 2c d1  d6 7d 6e d3  bd 3d 99 25
|   2f a7 2b ea  47 2f 5a c4  e8 39 33 f1  28 b8 a0 59
|   18 40 d8 f1  dc 0f 22 f8  a1 37 4f 5b  34 8d a1 23
|   0f 9e 95 0c  84 b0 29 ca  48 c3 df 31  09 a0 7c 01
|   9d 6c f3 cc  7d 6d 39 9a  88 89 8b 93  e3 a6 b8 4a
|   32 84 9a ee  9f ca 49 50  da 3f 14 f5  e4 82 49 c5
|   a5 6c 96 00  84 c8 78 98  b7 35 38 4c  1a b1 3b 10
|   cd 01 34 cb  f8 75 13 4e  92 1a 23 1a  aa ca 33 4f
|   71 85 37 03  72 3b 77 e0  f0 e7 b0 1a  79 ec d0 33
|   ea 0f 3b 87  48 64 d0 57  1b 85 15 ce  b6 ac df 6f
|   5c 1d 49 93  51 bb ed ef  e1 24 40 6e  c3 e0 c5 c8
|   e5 de a6 9b  05 a2 4f 01  e7 0c 50 67  45 35 ed 75
|   e1 84 fe 16  4d 04 31 0a  9a 36 e8 6c  c3 7f 45 d3
|   8a 50 9f 19  b5 cf 33 0e  39 aa 05 be  42 72 f7 53
|   8d dd e3 8c  16 5f ee ef  5d 7e a0 dd  a3 94 3a 1b
|   96 e3 55 d3  4d f3 18 01  9c 48 a9 f0  85 82 f6 dd
|   d0 e3 c9 5f  3d 64 9d 9c  9c c4 ac f6  8c ea ef c6
|   10 ac 67 4d  07 f0 b2 73  84 b6 31 09  9b 77 53 71
|   49 98 36 ef  a8 3a b6 9b  ed 6d 44 06  29 6e 7a c1
|   db a2 43 9c  c1 87 0b 37  34 6c 33 3b  d5 78 e8 40
|   b6 fe b9 f5  ae fd f4 a5  ec 3c 1b 55  9d f5 e7 5f
|   9d ae db f9  ca 04 50 87  9e 49 b1 58  25 3f ca f5
|   17 23 f7 3b  d6 d9 10 8d  24 b2 59 4c  f6 6a 3b 77
|   3a 74 d5 22  0f 65 dd aa  4d 16 30 b1  0f 9e 97 8a
|   de b4 74 5a  4a 6c 05 78  a2 a3 3c 10  6a 54 75 f8
|   ef 3a 5c 80  62 f8 7c c2  00 84 a1 1e  e8 ab 44 f6
|   1d b0 6f d7  05 71 60 48  fa a6 af 81  1e 5f f8 19
|   ba cf 70 53  d7 fd d3 5f  12 c8 9f 25  87 d8 c3 39
|   91 ff 39 c0  88 5d b9 45  b1 21 e1 b2  e9 a3 68 6e
|   67 9a a1 b5  f7 83 4c 24  df 49 f0 4e  e9 3a 74 9c
|   42 50 37 7c  9e 51 0d d1  91 3c f0 b3  62 63 3d 03
|   af 14 6e 05  36 d9 27 2d  2a 17 9e 31  17 9f 38 0a
|   e7 f8 b5 18  4e f3 49 7a  3f 9b 78 63  a7 ba a0 39
|   09 d6 eb 5f  b3 55 64 32  86 9b ff ef  e5 73 d5 99
|   3f 30 49 3d  72 fc 3a 0f  53 5c 0c cb  81 54 a9 43
|   22 57 12 89  78 07 81 b0  b5 e6 0c a8  60 db 49 86
|   09 b9 a6 da  e8 68 b3 6b  2b 81 bc 2e  51 e3 5b 48
|   c7 aa 77 5f  13 46 d5 65  6a 9e cf 18  24 e7 c5 b7
|   37 2a 32 08  f8 0b c4 cc  39 9f 52 81  15 1d b6 c4
|   f0 52 be 6b  4e 3e 71 c0  00 a4 dd 50  53 69 b9 3f
|   07 fa 27 12  65 3f dd 06  df d6 e3 bf  7c 55 b0 ea
|   3f 57 90 db  58 63 e8 1c  84 db 72 d4  28 ee 9d 09
|   bd e7 43 96  83 0f b2 8c  91 8e af 2d  d0 be 5d 11
|   d8 ce 03 b0  3d 83 6e 70  6e 2f 46 b2  86 85 bf cf
|   f2 01 7d 25  27 8f 90 64  f1 ff 43 db  b8 02 33 8a
|   a6 da 22 ee  16 91 16 24  51 69 e0 de  bd fc 81 2b
|   3e 46 8b 0d  ac 3b da 6e  d7 60 5b 05  3e ee c3 ef
|   27 ba c6 68  89 02 4d 4d  3c 7b 9b 82  e7 d8 b3 1f
|   3e f2 54 42  d8 bd b9 e0  d2 77 49 84  3b 2f 40 35
|   96 88 f3 89  b1 08 a2 f9  ae 17 76 14  10 3e cc ca
|   df ac 87 07  fd 93 04 55  6f 19 37 dc  75 0c 49 d8
|   4d b8 1f a7  2f 48 ce 69  53 3a aa ea  be 3a f4 de
|   63 5b 0a 25  5f 4d f4 ee  4c 3c 56 ff  22 64 04 bb
|   0b 55 77 5a  a2 df 6c 0b  c6 83 e2 03  23 42 65 1c
|   01 f3 2b c6  11 1e 48 b3  e4 ae db c0  1a 72 10 4f
|   df a2 0c 57  8e 2b 1b ba  fe 1e 21 dc  59 1f fa 53
|   6e c2 27 1b  82 b2 49 49  67 48 3d c6  9f cf 43 1a
|   b6 5b 93 ee  84 c6 e9 27  33 01 eb 45  99 69 37 fe
|   f4 95 6f 6c  27 02 56 bd  63 6c bc 58  6e 21 19 45
|   7c 00 fd 2a  26 50 54 60  ba 73 ff ac  97 81 a8 a4
|   74 ff 40 b7  0b d8 49 ac  dd c5 79 1b  c8 47 a5 f7
|   a0 3f 48 e3  ce 97 39 df  c2 af d5 f1  f0 5c 6c 41
|   b3 7d fc d7  c4 20 ac 0e  e0 0f a9 7b  d7 38 75 66
|   10 23 35 af  3f b6 00 b1  90 ca fd 92  e3 b8 f0 6d
|   7c a5 2a 08  65 98 c1 42  5a a3 07 a9  a4 1a d9 15
|   81 87 3a f5  35 5c e1 f8  86 45 14 8e
| !event_already_set at reschedule
"nss-cert" #1: IMPAIR: suppressing retransmits; scheduling timeout in 60 seconds
| event_schedule: new EVENT_RETRANSMIT-pe@0x55b14dceb378
| inserting event EVENT_RETRANSMIT, timeout in 60 seconds for #1
| libevent_malloc: new ptr-libevent@0x55b14dcea488 size 128
| #1 STATE_MAIN_I3: retransmits: first event in 60 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 29928.791458
"nss-cert" #1: STATE_MAIN_I3: sent MI3, expecting MR3
| modecfg pull: noquirk policy:push not-client
| phase 1 is done, looking for phase 2 to unpend
| resume sending helper answer for #1 suppresed complete_v1_state_transition()
| #1 spent 10.7 milliseconds in resume sending helper answer
| stop processing: state #1 connection "nss-cert" from 192.1.2.23 (in resume_handler() at server.c:833)
| libevent_free: release ptr-libevent@0x7f6684000f48
| spent 0.00194 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue()
| *received 76 bytes from 192.1.2.23:500 on eth1 (192.1.2.45:500)
|   f2 0e e9 e8  8b aa e4 0b  20 89 2c a1  61 82 f0 e2
|   08 10 05 01  c8 ef ae de  00 00 00 4c  95 81 34 05
|   76 5b 7b cb  a3 c1 75 e4  cb 6b 45 f4  76 66 bb e9
|   9d 05 78 dd  99 78 7f 8f  5a 42 a0 b6  94 83 cd d6
|   ca c4 4b 4c  ee 20 26 67  97 60 f9 fe
| start processing: from 192.1.2.23:500 (in process_md() at demux.c:378)
| **parse ISAKMP Message:
|    initiator cookie:
|   f2 0e e9 e8  8b aa e4 0b
|    responder cookie:
|   20 89 2c a1  61 82 f0 e2
|    next payload type: ISAKMP_NEXT_HASH (0x8)
|    ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10)
|    exchange type: ISAKMP_XCHG_INFO (0x5)
|    flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1)
|    Message ID: 3371151070 (0xc8efaede)
|    length: 76 (0x4c)
|  processing version=1.0 packet with exchange type=ISAKMP_XCHG_INFO (5)
| peer and cookies match on #1; msgid=00000000 st_msgid=00000000 st_msgid_phase15=00000000
| p15 state object #1 found, in STATE_MAIN_I3
| State DB: found IKEv1 state #1 in MAIN_I3 (find_v1_info_state)
| start processing: state #1 connection "nss-cert" from 192.1.2.23 (in process_v1_packet() at ikev1.c:1479)
| #1 is idle
| #1 idle
| received encrypted packet from 192.1.2.23:500
| got payload 0x100  (ISAKMP_NEXT_HASH) needed: 0x100 opt: 0x0
| ***parse ISAKMP Hash Payload:
|    next payload type: ISAKMP_NEXT_N (0xb)
|    length: 36 (0x24)
| got payload 0x800  (ISAKMP_NEXT_N) needed: 0x0 opt: 0x0
| ***parse ISAKMP Notification Payload:
|    next payload type: ISAKMP_NEXT_NONE (0x0)
|    length: 12 (0xc)
|    DOI: ISAKMP_DOI_IPSEC (0x1)
|    protocol ID: 1 (0x1)
|    SPI size: 0 (0x0)
|    Notify Message Type: INVALID_ID_INFORMATION (0x12)
| informational HASH(1):
|   fe be 6e 26  a4 29 b6 54  19 f3 25 71  c5 88 f4 bc
|   46 47 64 76  f0 71 55 62  49 ef ce 0f  17 9f b1 2e
| received 'informational' message HASH(1) data ok
"nss-cert" #1: ignoring informational payload INVALID_ID_INFORMATION, msgid=00000000, length=12
| ISAKMP Notification Payload
|   00 00 00 0c  00 00 00 01  01 00 00 12
| info:
| processing informational INVALID_ID_INFORMATION (18)
"nss-cert" #1: received and ignored notification payload: INVALID_ID_INFORMATION
| complete v1 state transition with STF_IGNORE
| #1 spent 0.011 milliseconds in process_packet_tail()
| stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380)
| stop processing: state #1 connection "nss-cert" from 192.1.2.23 (in process_md() at demux.c:382)
| processing: STOP connection NULL (in process_md() at demux.c:383)
| spent 0.172 milliseconds in comm_handle_cb() reading and processing packet
| processing global timer EVENT_SHUNT_SCAN
| expiring aged bare shunts from shunt table
| spent 0.00403 milliseconds in global timer EVENT_SHUNT_SCAN
| processing global timer EVENT_NAT_T_KEEPALIVE
| FOR_EACH_STATE_... in nat_traversal_ka_event (for_each_state)
| start processing: state #1 connection "nss-cert" from 192.1.2.23 (in for_each_state() at state.c:1575)
| not behind NAT: no NAT-T KEEP-ALIVE required for conn nss-cert
| stop processing: state #1 connection "nss-cert" from 192.1.2.23 (in for_each_state() at state.c:1577)
| spent 0.0183 milliseconds in global timer EVENT_NAT_T_KEEPALIVE