FIPS Product: YES FIPS Kernel: NO FIPS Mode: NO NSS DB directory: sql:/etc/ipsec.d Initializing NSS Opening NSS database "sql:/etc/ipsec.d" read-only NSS initialized NSS crypto library initialized FIPS HMAC integrity support [enabled] FIPS mode disabled for pluto daemon FIPS HMAC integrity verification self-test FAILED libcap-ng support [enabled] Linux audit support [enabled] Linux audit activated Starting Pluto (Libreswan Version v3.28-685-gbfd5aef521-master-s2 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:6765 core dump dir: /var/tmp secrets file: /etc/ipsec.secrets leak-detective enabled NSS crypto [enabled] XAUTH PAM support [enabled] | libevent is using pluto's memory allocator Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800) | libevent_malloc: new ptr-libevent@0x55e9007047b8 size 40 | libevent_malloc: new ptr-libevent@0x55e900704738 size 40 | libevent_malloc: new ptr-libevent@0x55e9007046b8 size 40 | creating event base | libevent_malloc: new ptr-libevent@0x55e9006f62e8 size 56 | libevent_malloc: new ptr-libevent@0x55e900677808 size 664 | libevent_malloc: new ptr-libevent@0x55e90073edb8 size 24 | libevent_malloc: new ptr-libevent@0x55e90073ee08 size 384 | libevent_malloc: new ptr-libevent@0x55e90073ed78 size 16 | libevent_malloc: new ptr-libevent@0x55e900704638 size 40 | libevent_malloc: new ptr-libevent@0x55e9007045b8 size 48 | libevent_realloc: new ptr-libevent@0x55e90067a928 size 256 | libevent_malloc: new ptr-libevent@0x55e90073efb8 size 16 | libevent_free: release ptr-libevent@0x55e9006f62e8 | libevent initialized | libevent_realloc: new ptr-libevent@0x55e9006f62e8 size 64 | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds | init_nat_traversal() initialized with keep_alive=0s NAT-Traversal support [enabled] | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized | global one-shot timer EVENT_FREE_ROOT_CERTS initialized | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds | global one-shot timer EVENT_REVIVE_CONNS initialized | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds Encryption algorithms: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm, aes_ccm_c AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_b AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_a 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] 3des CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128} CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} camellia AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm, aes_gcm_c AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_b AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_a AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aesctr AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aes SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} serpent TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} twofish TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} twofish_cbc_ssh NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_gmac NULL IKEv1: ESP IKEv2: ESP [] CHACHA20_POLY1305 IKEv1: IKEv2: IKE ESP [*256] chacha20poly1305 Hash algorithms: MD5 IKEv1: IKE IKEv2: SHA1 IKEv1: IKE IKEv2: FIPS sha SHA2_256 IKEv1: IKE IKEv2: FIPS sha2, sha256 SHA2_384 IKEv1: IKE IKEv2: FIPS sha384 SHA2_512 IKEv1: IKE IKEv2: FIPS sha512 PRF algorithms: HMAC_MD5 IKEv1: IKE IKEv2: IKE md5 HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS sha, sha1 HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS sha2, sha256, sha2_256 HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS sha384, sha2_384 HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS sha512, sha2_512 AES_XCBC IKEv1: IKEv2: IKE aes128_xcbc Integrity algorithms: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH md5, hmac_md5 HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha, sha1, sha1_96, hmac_sha1 HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha512, sha2_512, sha2_512_256, hmac_sha2_512 HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha384, sha2_384, sha2_384_192, hmac_sha2_384 HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH aes_xcbc, aes128_xcbc, aes128_xcbc_96 AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac NONE IKEv1: ESP IKEv2: IKE ESP FIPS null DH algorithms: NONE IKEv1: IKEv2: IKE ESP AH FIPS null, dh0 MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh5 MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh14 MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh15 MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh16 MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh17 MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh18 DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_256, ecp256 DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_384, ecp384 DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_521, ecp521 DH31 IKEv1: IKE IKEv2: IKE ESP AH curve25519 testing CAMELLIA_CBC: Camellia: 16 bytes with 128-bit key Camellia: 16 bytes with 128-bit key Camellia: 16 bytes with 256-bit key Camellia: 16 bytes with 256-bit key testing AES_GCM_16: empty string one block two blocks two blocks with associated data testing AES_CTR: Encrypting 16 octets using AES-CTR with 128-bit key Encrypting 32 octets using AES-CTR with 128-bit key Encrypting 36 octets using AES-CTR with 128-bit key Encrypting 16 octets using AES-CTR with 192-bit key Encrypting 32 octets using AES-CTR with 192-bit key Encrypting 36 octets using AES-CTR with 192-bit key Encrypting 16 octets using AES-CTR with 256-bit key Encrypting 32 octets using AES-CTR with 256-bit key Encrypting 36 octets using AES-CTR with 256-bit key testing AES_CBC: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key testing AES_XCBC: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) testing HMAC_MD5: RFC 2104: MD5_HMAC test 1 RFC 2104: MD5_HMAC test 2 RFC 2104: MD5_HMAC test 3 8 CPU cores online starting up 7 crypto helpers started thread for crypto helper 0 started thread for crypto helper 1 | starting up helper thread 0 started thread for crypto helper 2 | starting up helper thread 1 | status value returned by setting the priority of this thread (crypto helper 1) 22 | crypto helper 1 waiting (nothing to do) | status value returned by setting the priority of this thread (crypto helper 0) 22 | starting up helper thread 3 | crypto helper 0 waiting (nothing to do) | starting up helper thread 2 | status value returned by setting the priority of this thread (crypto helper 2) 22 | crypto helper 2 waiting (nothing to do) | status value returned by setting the priority of this thread (crypto helper 3) 22 | crypto helper 3 waiting (nothing to do) started thread for crypto helper 3 started thread for crypto helper 4 started thread for crypto helper 5 | starting up helper thread 4 | status value returned by setting the priority of this thread (crypto helper 4) 22 | crypto helper 4 waiting (nothing to do) started thread for crypto helper 6 | starting up helper thread 5 | status value returned by setting the priority of this thread (crypto helper 5) 22 | crypto helper 5 waiting (nothing to do) | checking IKEv1 state table | MAIN_R0: category: half-open IKE SA flags: 0: | -> MAIN_R1 EVENT_SO_DISCARD | MAIN_I1: category: half-open IKE SA flags: 0: | -> MAIN_I2 EVENT_RETRANSMIT | MAIN_R1: category: open IKE SA flags: 200: | -> MAIN_R2 EVENT_RETRANSMIT | starting up helper thread 6 | status value returned by setting the priority of this thread (crypto helper 6) 22 | crypto helper 6 waiting (nothing to do) | -> UNDEFINED EVENT_RETRANSMIT | -> UNDEFINED EVENT_RETRANSMIT | MAIN_I2: category: open IKE SA flags: 0: | -> MAIN_I3 EVENT_RETRANSMIT | -> UNDEFINED EVENT_RETRANSMIT | -> UNDEFINED EVENT_RETRANSMIT | MAIN_R2: category: open IKE SA flags: 0: | -> MAIN_R3 EVENT_SA_REPLACE | -> MAIN_R3 EVENT_SA_REPLACE | -> UNDEFINED EVENT_SA_REPLACE | MAIN_I3: category: open IKE SA flags: 0: | -> MAIN_I4 EVENT_SA_REPLACE | -> MAIN_I4 EVENT_SA_REPLACE | -> UNDEFINED EVENT_SA_REPLACE | MAIN_R3: category: established IKE SA flags: 200: | -> UNDEFINED EVENT_NULL | MAIN_I4: category: established IKE SA flags: 0: | -> UNDEFINED EVENT_NULL | AGGR_R0: category: half-open IKE SA flags: 0: | -> AGGR_R1 EVENT_SO_DISCARD | AGGR_I1: category: half-open IKE SA flags: 0: | -> AGGR_I2 EVENT_SA_REPLACE | -> AGGR_I2 EVENT_SA_REPLACE | AGGR_R1: category: open IKE SA flags: 200: | -> AGGR_R2 EVENT_SA_REPLACE | -> AGGR_R2 EVENT_SA_REPLACE | AGGR_I2: category: established IKE SA flags: 200: | -> UNDEFINED EVENT_NULL | AGGR_R2: category: established IKE SA flags: 0: | -> UNDEFINED EVENT_NULL | QUICK_R0: category: established CHILD SA flags: 0: | -> QUICK_R1 EVENT_RETRANSMIT | QUICK_I1: category: established CHILD SA flags: 0: | -> QUICK_I2 EVENT_SA_REPLACE | QUICK_R1: category: established CHILD SA flags: 0: | -> QUICK_R2 EVENT_SA_REPLACE | QUICK_I2: category: established CHILD SA flags: 200: | -> UNDEFINED EVENT_NULL | QUICK_R2: category: established CHILD SA flags: 0: | -> UNDEFINED EVENT_NULL | INFO: category: informational flags: 0: | -> UNDEFINED EVENT_NULL | INFO_PROTECTED: category: informational flags: 0: | -> UNDEFINED EVENT_NULL | XAUTH_R0: category: established IKE SA flags: 0: | -> XAUTH_R1 EVENT_NULL | XAUTH_R1: category: established IKE SA flags: 0: | -> MAIN_R3 EVENT_SA_REPLACE | MODE_CFG_R0: category: informational flags: 0: | -> MODE_CFG_R1 EVENT_SA_REPLACE | MODE_CFG_R1: category: established IKE SA flags: 0: | -> MODE_CFG_R2 EVENT_SA_REPLACE | MODE_CFG_R2: category: established IKE SA flags: 0: | -> UNDEFINED EVENT_NULL | MODE_CFG_I1: category: established IKE SA flags: 0: | -> MAIN_I4 EVENT_SA_REPLACE | XAUTH_I0: category: established IKE SA flags: 0: | -> XAUTH_I1 EVENT_RETRANSMIT | XAUTH_I1: category: established IKE SA flags: 0: | -> MAIN_I4 EVENT_RETRANSMIT | checking IKEv2 state table | PARENT_I0: category: ignore flags: 0: | -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT) | PARENT_I1: category: half-open IKE SA flags: 0: | -> PARENT_I1 EVENT_RETAIN send-request (Initiator: process SA_INIT reply notification) | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH) | PARENT_I2: category: open IKE SA flags: 0: | -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification) | -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification) | -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification) | -> V2_IPSEC_I EVENT_SA_REPLACE (Initiator: process IKE_AUTH response) | -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification) | PARENT_I3: category: established IKE SA flags: 0: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Request) | -> PARENT_I3 EVENT_RETAIN (I3: Informational Response) | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Request) | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Response) | PARENT_R0: category: half-open IKE SA flags: 0: | -> PARENT_R1 EVENT_SO_DISCARD send-request (Respond to IKE_SA_INIT) | PARENT_R1: category: half-open IKE SA flags: 0: | -> PARENT_R1 EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request (no SKEYSEED)) | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request) | PARENT_R2: category: established IKE SA flags: 0: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Request) | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Response) | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Request) | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Response) | V2_CREATE_I0: category: established IKE SA flags: 0: | -> V2_CREATE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA) | V2_CREATE_I: category: established IKE SA flags: 0: | -> V2_IPSEC_I EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response) | V2_REKEY_IKE_I0: category: established IKE SA flags: 0: | -> V2_REKEY_IKE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey) | V2_REKEY_IKE_I: category: established IKE SA flags: 0: | -> PARENT_I3 EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response) | V2_REKEY_CHILD_I0: category: established IKE SA flags: 0: | -> V2_REKEY_CHILD_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA) | V2_REKEY_CHILD_I: category: established IKE SA flags: 0: | V2_CREATE_R: category: established IKE SA flags: 0: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IPsec SA Request) | V2_REKEY_IKE_R: category: established IKE SA flags: 0: | -> PARENT_R2 EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IKE Rekey) | V2_REKEY_CHILD_R: category: established IKE SA flags: 0: | V2_IPSEC_I: category: established CHILD SA flags: 0: | V2_IPSEC_R: category: established CHILD SA flags: 0: | IKESA_DEL: category: established IKE SA flags: 0: | -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) | CHILDSA_DEL: category: informational flags: 0: Using Linux XFRM/NETKEY IPsec interface code on 5.1.18-200.fc29.x86_64 | Hard-wiring algorithms | adding AES_CCM_16 to kernel algorithm db | adding AES_CCM_12 to kernel algorithm db | adding AES_CCM_8 to kernel algorithm db | adding 3DES_CBC to kernel algorithm db | adding CAMELLIA_CBC to kernel algorithm db | adding AES_GCM_16 to kernel algorithm db | adding AES_GCM_12 to kernel algorithm db | adding AES_GCM_8 to kernel algorithm db | adding AES_CTR to kernel algorithm db | adding AES_CBC to kernel algorithm db | adding SERPENT_CBC to kernel algorithm db | adding TWOFISH_CBC to kernel algorithm db | adding NULL_AUTH_AES_GMAC to kernel algorithm db | adding NULL to kernel algorithm db | adding CHACHA20_POLY1305 to kernel algorithm db | adding HMAC_MD5_96 to kernel algorithm db | adding HMAC_SHA1_96 to kernel algorithm db | adding HMAC_SHA2_512_256 to kernel algorithm db | adding HMAC_SHA2_384_192 to kernel algorithm db | adding HMAC_SHA2_256_128 to kernel algorithm db | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db | adding AES_XCBC_96 to kernel algorithm db | adding AES_CMAC_96 to kernel algorithm db | adding NONE to kernel algorithm db | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds | setup kernel fd callback | add_fd_read_event_handler: new KERNEL_XRM_FD-pe@0x55e9006fe4d8 | libevent_malloc: new ptr-libevent@0x55e90073d438 size 128 | libevent_malloc: new ptr-libevent@0x55e9007445b8 size 16 | add_fd_read_event_handler: new KERNEL_ROUTE_FD-pe@0x55e900744548 | libevent_malloc: new ptr-libevent@0x55e90073d4e8 size 128 | libevent_malloc: new ptr-libevent@0x55e900744218 size 16 | global one-shot timer EVENT_CHECK_CRLS initialized selinux support is enabled. | unbound context created - setting debug level to 5 | /etc/hosts lookups activated | /etc/resolv.conf usage activated | outgoing-port-avoid set 0-65535 | outgoing-port-permit set 32768-60999 | Loading dnssec root key from:/var/lib/unbound/root.key | No additional dnssec trust anchors defined via dnssec-trusted= option | Setting up events, loop start | add_fd_read_event_handler: new PLUTO_CTL_FD-pe@0x55e9007449e8 | libevent_malloc: new ptr-libevent@0x55e900750848 size 128 | libevent_malloc: new ptr-libevent@0x55e90075bab8 size 16 | libevent_realloc: new ptr-libevent@0x55e900677498 size 256 | libevent_malloc: new ptr-libevent@0x55e90075baf8 size 8 | libevent_realloc: new ptr-libevent@0x55e90075bb38 size 144 | libevent_malloc: new ptr-libevent@0x55e900702aa8 size 152 | libevent_malloc: new ptr-libevent@0x55e90075bbf8 size 16 | signal event handler PLUTO_SIGCHLD installed | libevent_malloc: new ptr-libevent@0x55e90075bc38 size 8 | libevent_malloc: new ptr-libevent@0x55e900678228 size 152 | signal event handler PLUTO_SIGTERM installed | libevent_malloc: new ptr-libevent@0x55e90075bc78 size 8 | libevent_malloc: new ptr-libevent@0x55e90067be58 size 152 | signal event handler PLUTO_SIGHUP installed | libevent_malloc: new ptr-libevent@0x55e90075bcb8 size 8 | libevent_realloc: release ptr-libevent@0x55e90075bb38 | libevent_realloc: new ptr-libevent@0x55e90075bcf8 size 256 | libevent_malloc: new ptr-libevent@0x55e90075be28 size 152 | signal event handler PLUTO_SIGSYS installed | created addconn helper (pid:6895) using fork+execve | forked child 6895 | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) listening for IKE messages | Inspecting interface lo | found lo with address 127.0.0.1 | Inspecting interface eth0 | found eth0 with address 192.0.2.254 | Inspecting interface eth1 | found eth1 with address 192.1.2.23 Kernel supports NIC esp-hw-offload adding interface eth1/eth1 (esp-hw-offload not supported by kernel) 192.1.2.23:500 | NAT-Traversal: Trying sockopt style NAT-T | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 adding interface eth1/eth1 192.1.2.23:4500 adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.0.2.254:500 | NAT-Traversal: Trying sockopt style NAT-T | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 adding interface eth0/eth0 192.0.2.254:4500 adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500 | NAT-Traversal: Trying sockopt style NAT-T | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 adding interface lo/lo 127.0.0.1:4500 | no interfaces to sort | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations | add_fd_read_event_handler: new ethX-pe@0x55e90075c388 | libevent_malloc: new ptr-libevent@0x55e900750798 size 128 | libevent_malloc: new ptr-libevent@0x55e90075c3f8 size 16 | setup callback for interface lo 127.0.0.1:4500 fd 22 | add_fd_read_event_handler: new ethX-pe@0x55e90075c438 | libevent_malloc: new ptr-libevent@0x55e9006f6fe8 size 128 | libevent_malloc: new ptr-libevent@0x55e90075c4a8 size 16 | setup callback for interface lo 127.0.0.1:500 fd 21 | add_fd_read_event_handler: new ethX-pe@0x55e90075c4e8 | libevent_malloc: new ptr-libevent@0x55e9006f7098 size 128 | libevent_malloc: new ptr-libevent@0x55e90075c558 size 16 | setup callback for interface eth0 192.0.2.254:4500 fd 20 | add_fd_read_event_handler: new ethX-pe@0x55e90075c598 | libevent_malloc: new ptr-libevent@0x55e9006f6008 size 128 | libevent_malloc: new ptr-libevent@0x55e90075c608 size 16 | setup callback for interface eth0 192.0.2.254:500 fd 19 | add_fd_read_event_handler: new ethX-pe@0x55e90075c648 | libevent_malloc: new ptr-libevent@0x55e9006fe318 size 128 | libevent_malloc: new ptr-libevent@0x55e90075c6b8 size 16 | setup callback for interface eth1 192.1.2.23:4500 fd 18 | add_fd_read_event_handler: new ethX-pe@0x55e90075c6f8 | libevent_malloc: new ptr-libevent@0x55e9006fee38 size 128 | libevent_malloc: new ptr-libevent@0x55e90075c768 size 16 | setup callback for interface eth1 192.1.2.23:500 fd 17 | certs and keys locked by 'free_preshared_secrets' | certs and keys unlocked by 'free_preshared_secrets' loading secrets from "/etc/ipsec.secrets" | saving Modulus | saving PublicExponent | ignoring PrivateExponent | ignoring Prime1 | ignoring Prime2 | ignoring Exponent1 | ignoring Exponent2 | ignoring Coefficient | ignoring CKAIDNSS | computed rsa CKAID 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 | computed rsa CKAID 8a 82 25 f1 loaded private key for keyid: PKK_RSA:AQO9bJbr3 | certs and keys locked by 'process_secret' | certs and keys unlocked by 'process_secret' | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.616 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) listening for IKE messages | Inspecting interface lo | found lo with address 127.0.0.1 | Inspecting interface eth0 | found eth0 with address 192.0.2.254 | Inspecting interface eth1 | found eth1 with address 192.1.2.23 | no interfaces to sort | libevent_free: release ptr-libevent@0x55e900750798 | free_event_entry: release EVENT_NULL-pe@0x55e90075c388 | add_fd_read_event_handler: new ethX-pe@0x55e90075c388 | libevent_malloc: new ptr-libevent@0x55e900750798 size 128 | setup callback for interface lo 127.0.0.1:4500 fd 22 | libevent_free: release ptr-libevent@0x55e9006f6fe8 | free_event_entry: release EVENT_NULL-pe@0x55e90075c438 | add_fd_read_event_handler: new ethX-pe@0x55e90075c438 | libevent_malloc: new ptr-libevent@0x55e9006f6fe8 size 128 | setup callback for interface lo 127.0.0.1:500 fd 21 | libevent_free: release ptr-libevent@0x55e9006f7098 | free_event_entry: release EVENT_NULL-pe@0x55e90075c4e8 | add_fd_read_event_handler: new ethX-pe@0x55e90075c4e8 | libevent_malloc: new ptr-libevent@0x55e9006f7098 size 128 | setup callback for interface eth0 192.0.2.254:4500 fd 20 | libevent_free: release ptr-libevent@0x55e9006f6008 | free_event_entry: release EVENT_NULL-pe@0x55e90075c598 | add_fd_read_event_handler: new ethX-pe@0x55e90075c598 | libevent_malloc: new ptr-libevent@0x55e9006f6008 size 128 | setup callback for interface eth0 192.0.2.254:500 fd 19 | libevent_free: release ptr-libevent@0x55e9006fe318 | free_event_entry: release EVENT_NULL-pe@0x55e90075c648 | add_fd_read_event_handler: new ethX-pe@0x55e90075c648 | libevent_malloc: new ptr-libevent@0x55e9006fe318 size 128 | setup callback for interface eth1 192.1.2.23:4500 fd 18 | libevent_free: release ptr-libevent@0x55e9006fee38 | free_event_entry: release EVENT_NULL-pe@0x55e90075c6f8 | add_fd_read_event_handler: new ethX-pe@0x55e90075c6f8 | libevent_malloc: new ptr-libevent@0x55e9006fee38 size 128 | setup callback for interface eth1 192.1.2.23:500 fd 17 | certs and keys locked by 'free_preshared_secrets' forgetting secrets | certs and keys unlocked by 'free_preshared_secrets' loading secrets from "/etc/ipsec.secrets" | saving Modulus | saving PublicExponent | ignoring PrivateExponent | ignoring Prime1 | ignoring Prime2 | ignoring Exponent1 | ignoring Exponent2 | ignoring Coefficient | ignoring CKAIDNSS | computed rsa CKAID 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 | computed rsa CKAID 8a 82 25 f1 loaded private key for keyid: PKK_RSA:AQO9bJbr3 | certs and keys locked by 'process_secret' | certs and keys unlocked by 'process_secret' | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.337 milliseconds in whack | processing signal PLUTO_SIGCHLD | waitpid returned pid 6895 (exited with status 0) | reaped addconn helper child (status 0) | waitpid returned ECHILD (no child processes left) | spent 0.0118 milliseconds in signal handler PLUTO_SIGCHLD | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | Added new connection westnet-eastnet-x509-cr with policy ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | No AUTH policy was set - defaulting to RSASIG | counting wild cards for %fromcert is 0 | ASCII to DN <= "C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org" | ASCII to DN => 30 81 ac 31 0b 30 09 06 03 55 04 06 13 02 43 41 | ASCII to DN => 31 10 30 0e 06 03 55 04 08 13 07 4f 6e 74 61 72 | ASCII to DN => 69 6f 31 10 30 0e 06 03 55 04 07 13 07 54 6f 72 | ASCII to DN => 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 13 09 4c | ASCII to DN => 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 | ASCII to DN => 0b 13 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 | ASCII to DN => 6e 74 31 25 30 23 06 03 55 04 03 13 1c 4c 69 62 | ASCII to DN => 72 65 73 77 61 6e 20 74 65 73 74 20 43 41 20 66 | ASCII to DN => 6f 72 20 6d 61 69 6e 63 61 31 24 30 22 06 09 2a | ASCII to DN => 86 48 86 f7 0d 01 09 01 16 15 74 65 73 74 69 6e | ASCII to DN => 67 40 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 | setting ID to ID_DER_ASN1_DN: 'E=user-east@testing.libreswan.org,CN=east.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' | loading right certificate 'east' pubkey | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55e900761668 | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55e900761618 | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55e9007615c8 | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55e900760b08 | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55e900760ab8 | unreference key: 0x55e9007616b8 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org cnt 1-- | certs and keys locked by 'lsw_add_rsa_secret' | certs and keys unlocked by 'lsw_add_rsa_secret' | counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org is 0 | connect_to_host_pair: 192.1.2.23:500 192.1.2.45:500 -> hp@(nil): none | new hp@0x55e900761978 added connection description "westnet-eastnet-x509-cr" | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | 192.0.2.0/24===192.1.2.23<192.1.2.23>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org]...192.1.2.45<192.1.2.45>[%fromcert]===192.0.1.0/24 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.904 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | FOR_EACH_CONNECTION_... in show_connections_status | FOR_EACH_CONNECTION_... in show_connections_status | FOR_EACH_STATE_... in show_states_status (sort_states) | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.308 milliseconds in whack | spent 0.00248 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 792 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 02 18 69 f8 01 00 7e 07 00 00 00 00 00 00 00 00 | 01 10 02 00 00 00 00 00 00 00 03 18 0d 00 02 84 | 00 00 00 01 00 00 00 01 00 00 02 78 00 01 00 12 | 03 00 00 24 00 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 07 80 02 00 04 80 03 00 03 80 04 00 0e | 80 0e 01 00 03 00 00 24 01 01 00 00 80 0b 00 01 | 80 0c 0e 10 80 01 00 07 80 02 00 04 80 03 00 03 | 80 04 00 0e 80 0e 00 80 03 00 00 24 02 01 00 00 | 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 06 | 80 03 00 03 80 04 00 0e 80 0e 01 00 03 00 00 24 | 03 01 00 00 80 0b 00 01 80 0c 0e 10 80 01 00 07 | 80 02 00 06 80 03 00 03 80 04 00 0e 80 0e 00 80 | 03 00 00 24 04 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 07 80 02 00 02 80 03 00 03 80 04 00 0e | 80 0e 01 00 03 00 00 24 05 01 00 00 80 0b 00 01 | 80 0c 0e 10 80 01 00 07 80 02 00 02 80 03 00 03 | 80 04 00 0e 80 0e 00 80 03 00 00 24 06 01 00 00 | 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 04 | 80 03 00 03 80 04 00 05 80 0e 01 00 03 00 00 24 | 07 01 00 00 80 0b 00 01 80 0c 0e 10 80 01 00 07 | 80 02 00 04 80 03 00 03 80 04 00 05 80 0e 00 80 | 03 00 00 24 08 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 07 80 02 00 06 80 03 00 03 80 04 00 05 | 80 0e 01 00 03 00 00 24 09 01 00 00 80 0b 00 01 | 80 0c 0e 10 80 01 00 07 80 02 00 06 80 03 00 03 | 80 04 00 05 80 0e 00 80 03 00 00 24 0a 01 00 00 | 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 02 | 80 03 00 03 80 04 00 05 80 0e 01 00 03 00 00 24 | 0b 01 00 00 80 0b 00 01 80 0c 0e 10 80 01 00 07 | 80 02 00 02 80 03 00 03 80 04 00 05 80 0e 00 80 | 03 00 00 20 0c 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 05 80 02 00 04 80 03 00 03 80 04 00 0e | 03 00 00 20 0d 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 05 80 02 00 06 80 03 00 03 80 04 00 0e | 03 00 00 20 0e 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 05 80 02 00 02 80 03 00 03 80 04 00 0e | 03 00 00 20 0f 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 05 80 02 00 04 80 03 00 03 80 04 00 05 | 03 00 00 20 10 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 05 80 02 00 06 80 03 00 03 80 04 00 05 | 00 00 00 20 11 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 05 80 02 00 02 80 03 00 03 80 04 00 05 | 0d 00 00 14 40 48 b7 d5 6e bc e8 85 25 e7 de 7f | 00 d6 c2 d3 0d 00 00 14 af ca d7 13 68 a1 f1 c9 | 6b 86 96 fc 77 57 01 00 0d 00 00 14 4a 13 1c 81 | 07 03 58 45 5c 57 28 f2 0e 95 45 2f 0d 00 00 14 | 7d 94 19 a6 53 10 ca 6f 2c 17 9d 92 15 52 9d 56 | 0d 00 00 14 90 cb 80 91 3e bb 69 6e 08 63 81 b5 | ec 42 7b 1f 00 00 00 14 cd 60 46 43 35 df 21 f8 | 7c fd b2 fc 68 b6 a4 48 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 02 18 69 f8 01 00 7e 07 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_SA (0x1) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 792 (0x318) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: IKEv1 state not found (find_state_ikev1_init) | #null state always idle | got payload 0x2 (ISAKMP_NEXT_SA) needed: 0x2 opt: 0x2080 | ***parse ISAKMP Security Association Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | length: 644 (0x284) | DOI: ISAKMP_DOI_IPSEC (0x1) | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 | ***parse ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | length: 20 (0x14) | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 | ***parse ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | length: 20 (0x14) | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 | ***parse ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | length: 20 (0x14) | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 | ***parse ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | length: 20 (0x14) | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 | ***parse ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | length: 20 (0x14) | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 | ***parse ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 20 (0x14) | message 'main_inI1_outR1' HASH payload not checked early | received Vendor ID payload [FRAGMENTATION] | received Vendor ID payload [Dead Peer Detection] | quirks.qnat_traversal_vid set to=117 [RFC 3947] | received Vendor ID payload [RFC 3947] | Ignoring older NAT-T Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] | ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] | Ignoring older NAT-T Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] | ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] | Ignoring older NAT-T Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] | ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] | in statetime_start() with no state | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=IKEV1_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=IKEV1_ALLOW | found policy = RSASIG+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (westnet-eastnet-x509-cr) | find_next_host_connection returns westnet-eastnet-x509-cr | find_next_host_connection policy=IKEV1_ALLOW | find_next_host_connection returns empty | creating state object #1 at 0x55e900765a08 | State DB: adding IKEv1 state #1 in UNDEFINED | pstats #1 ikev1.isakmp started | #1 updating local interface from to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2669) | start processing: state #1 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in main_inI1_outR1() at ikev1_main.c:667) | parent state #1: UNDEFINED(ignore) => MAIN_R0(half-open IKE SA) | sender checking NAT-T: enabled; VID 117 | returning NAT-T method NAT_TRAVERSAL_METHOD_IETF_RFC | enabling possible NAT-traversal with method RFC 3947 (NAT-Traversal) "westnet-eastnet-x509-cr" #1: responding to Main Mode | **emit ISAKMP Message: | initiator cookie: | 02 18 69 f8 01 00 7e 07 | responder cookie: | e4 b3 2c e9 b6 da 95 3d | next payload type: ISAKMP_NEXT_SA (0x1) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | next payload chain: ignoring supplied 'ISAKMP Message'.'next payload type' value 1:ISAKMP_NEXT_SA | ***emit ISAKMP Security Association Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | DOI: ISAKMP_DOI_IPSEC (0x1) | next payload chain: ignoring supplied 'ISAKMP Security Association Payload'.'next payload type' value 13:ISAKMP_NEXT_VID | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Security Association Payload (1:ISAKMP_NEXT_SA) | next payload chain: saving location 'ISAKMP Security Association Payload'.'next payload type' in 'reply packet' | ****parse IPsec DOI SIT: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) | ****parse ISAKMP Proposal Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 632 (0x278) | proposal number: 0 (0x0) | protocol ID: PROTO_ISAKMP (0x1) | SPI size: 0 (0x0) | number of transforms: 18 (0x12) | *****parse ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | length: 36 (0x24) | ISAKMP transform number: 0 (0x0) | ISAKMP transform ID: KEY_IKE (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | [7 is OAKLEY_AES_CBC] | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 4 (0x4) | [4 is OAKLEY_SHA2_256] | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 3 (0x3) | [3 is OAKLEY_RSA_SIG] | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | OAKLEY proposal verified unconditionally; no alg_info to check against | Oakley Transform 0 accepted | ****emit IPsec DOI SIT: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) | ****emit ISAKMP Proposal Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | proposal number: 0 (0x0) | protocol ID: PROTO_ISAKMP (0x1) | SPI size: 0 (0x0) | number of transforms: 1 (0x1) | last substructure: saving location 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP transform number: 0 (0x0) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | emitting 28 raw bytes of attributes into ISAKMP Transform Payload (ISAKMP) | attributes 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 04 | attributes 80 03 00 03 80 04 00 0e 80 0e 01 00 | emitting length of ISAKMP Transform Payload (ISAKMP): 36 | emitting length of ISAKMP Proposal Payload: 44 | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is 0 | emitting length of ISAKMP Security Association Payload: 56 | last substructure: checking 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' is 0 | out_vid(): sending [FRAGMENTATION] | ***emit ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | next payload chain: ignoring supplied 'ISAKMP Vendor ID Payload'.'next payload type' value 13:ISAKMP_NEXT_VID | next payload chain: setting previous 'ISAKMP Security Association Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload | V_ID 40 48 b7 d5 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3 | emitting length of ISAKMP Vendor ID Payload: 20 | out_vid(): sending [Dead Peer Detection] | ***emit ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload | V_ID af ca d7 13 68 a1 f1 c9 6b 86 96 fc 77 57 01 00 | emitting length of ISAKMP Vendor ID Payload: 20 | out_vid(): sending [RFC 3947] | ***emit ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload | V_ID 4a 13 1c 81 07 03 58 45 5c 57 28 f2 0e 95 45 2f | emitting length of ISAKMP Vendor ID Payload: 20 | no IKEv1 message padding required | emitting length of ISAKMP Message: 144 | complete v1 state transition with STF_OK | [RE]START processing: state #1 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in complete_v1_state_transition() at ikev1.c:2673) | #1 is idle | doing_xauth:no, t_xauth_client_done:no | peer supports fragmentation | peer supports DPD | IKEv1: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 | parent state #1: MAIN_R0(half-open IKE SA) => MAIN_R1(open IKE SA) | event_already_set, deleting event | sending reply packet to 192.1.2.45:500 (from 192.1.2.23:500) | sending 144 bytes for STATE_MAIN_R0 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #1) | 02 18 69 f8 01 00 7e 07 e4 b3 2c e9 b6 da 95 3d | 01 10 02 00 00 00 00 00 00 00 00 90 0d 00 00 38 | 00 00 00 01 00 00 00 01 00 00 00 2c 00 01 00 01 | 00 00 00 24 00 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 07 80 02 00 04 80 03 00 03 80 04 00 0e | 80 0e 01 00 0d 00 00 14 40 48 b7 d5 6e bc e8 85 | 25 e7 de 7f 00 d6 c2 d3 0d 00 00 14 af ca d7 13 | 68 a1 f1 c9 6b 86 96 fc 77 57 01 00 00 00 00 14 | 4a 13 1c 81 07 03 58 45 5c 57 28 f2 0e 95 45 2f | !event_already_set at reschedule | event_schedule: new EVENT_SO_DISCARD-pe@0x55e900762478 | inserting event EVENT_SO_DISCARD, timeout in 60 seconds for #1 | libevent_malloc: new ptr-libevent@0x55e900760a08 size 128 "westnet-eastnet-x509-cr" #1: STATE_MAIN_R1: sent MR1, expecting MI2 | modecfg pull: noquirk policy:push not-client | phase 1 is done, looking for phase 2 to unpend | stop processing: from 192.1.2.45:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.564 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00228 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 396 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 02 18 69 f8 01 00 7e 07 e4 b3 2c e9 b6 da 95 3d | 04 10 02 00 00 00 00 00 00 00 01 8c 0a 00 01 04 | fd 97 08 dc 32 39 22 83 ec 71 84 30 fb 77 7b 47 | 04 4b 26 af 72 42 a3 3c 5a c7 b2 5d a1 01 ff 45 | 15 a7 8f fc 07 5e 0c a4 eb 21 c6 23 fd fc 83 70 | 7d 17 ff e9 d8 f0 27 59 86 f7 db ff 42 f2 80 63 | da 3c 78 94 b6 a1 5f a5 31 f4 f9 8d 4c 5d 9d a5 | 6a e0 27 0a 44 dd 3c 79 ec 3d 8d db 83 f0 e6 22 | 26 de 67 5d f2 fe 78 01 12 a7 34 16 eb 5c d9 34 | 52 20 b6 06 de f6 b6 22 d8 29 ea f0 55 12 51 e3 | 66 e1 20 fe 75 ca 07 e4 07 de 23 f9 32 be d1 cf | 6a a3 2e 48 bd f3 22 06 54 83 3c 19 ee c0 79 8f | 90 92 8f 2d 3a 76 8c 8b 57 e7 0a c6 81 e0 1f 5f | 5a 1d fd 14 7f eb db cc 16 6e 65 aa 16 cd aa d0 | 47 a4 b9 52 34 33 c9 ba 3f b3 14 f7 c6 a1 89 27 | 67 2e 1e 36 84 16 f8 dd bc 0e fe d5 9b b5 34 7f | bd 58 98 65 f9 a6 33 40 09 f9 b5 4b 53 c1 07 cc | d2 ba 3e e6 03 52 e9 6b da 42 bf 0c 6c 85 93 ec | 14 00 00 24 bf 18 c5 ca 45 7f 46 57 be 59 52 b9 | 07 eb 96 2c 83 f7 26 65 0f 87 7b c8 c3 5f 39 38 | f8 b0 50 84 14 00 00 24 65 b0 e1 12 a1 66 9e 7c | e7 f8 86 fa 67 90 fb 05 a9 2a c6 15 c3 50 5d 4e | 06 13 48 05 4d 9e b1 e4 00 00 00 24 57 31 c8 65 | c2 6d 9b 46 8e 9f 7a 9d 16 a9 f6 c3 63 11 e5 b3 | 91 41 9c 0a ef 8f 9d 08 6d aa f4 89 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 02 18 69 f8 01 00 7e 07 | responder cookie: | e4 b3 2c e9 b6 da 95 3d | next payload type: ISAKMP_NEXT_KE (0x4) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 396 (0x18c) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R1 (find_state_ikev1) | start processing: state #1 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_v1_packet() at ikev1.c:1459) | #1 is idle | #1 idle | got payload 0x10 (ISAKMP_NEXT_KE) needed: 0x410 opt: 0x102080 | ***parse ISAKMP Key Exchange Payload: | next payload type: ISAKMP_NEXT_NONCE (0xa) | length: 260 (0x104) | got payload 0x400 (ISAKMP_NEXT_NONCE) needed: 0x400 opt: 0x102080 | ***parse ISAKMP Nonce Payload: | next payload type: ISAKMP_NEXT_NATD_RFC (0x14) | length: 36 (0x24) | got payload 0x100000 (ISAKMP_NEXT_NATD_RFC) needed: 0x0 opt: 0x102080 | ***parse ISAKMP NAT-D Payload: | next payload type: ISAKMP_NEXT_NATD_RFC (0x14) | length: 36 (0x24) | got payload 0x100000 (ISAKMP_NEXT_NATD_RFC) needed: 0x0 opt: 0x102080 | ***parse ISAKMP NAT-D Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 36 (0x24) | message 'main_inI2_outR2' HASH payload not checked early | init checking NAT-T: enabled; RFC 3947 (NAT-Traversal) | natd_hash: hasher=0x55e8fecbdca0(32) | natd_hash: icookie= 02 18 69 f8 01 00 7e 07 | natd_hash: rcookie= e4 b3 2c e9 b6 da 95 3d | natd_hash: ip= c0 01 02 17 | natd_hash: port=500 | natd_hash: hash= 65 b0 e1 12 a1 66 9e 7c e7 f8 86 fa 67 90 fb 05 | natd_hash: hash= a9 2a c6 15 c3 50 5d 4e 06 13 48 05 4d 9e b1 e4 | natd_hash: hasher=0x55e8fecbdca0(32) | natd_hash: icookie= 02 18 69 f8 01 00 7e 07 | natd_hash: rcookie= e4 b3 2c e9 b6 da 95 3d | natd_hash: ip= c0 01 02 2d | natd_hash: port=500 | natd_hash: hash= 57 31 c8 65 c2 6d 9b 46 8e 9f 7a 9d 16 a9 f6 c3 | natd_hash: hash= 63 11 e5 b3 91 41 9c 0a ef 8f 9d 08 6d aa f4 89 | expected NAT-D(me): 65 b0 e1 12 a1 66 9e 7c e7 f8 86 fa 67 90 fb 05 | expected NAT-D(me): a9 2a c6 15 c3 50 5d 4e 06 13 48 05 4d 9e b1 e4 | expected NAT-D(him): | 57 31 c8 65 c2 6d 9b 46 8e 9f 7a 9d 16 a9 f6 c3 | 63 11 e5 b3 91 41 9c 0a ef 8f 9d 08 6d aa f4 89 | received NAT-D: 65 b0 e1 12 a1 66 9e 7c e7 f8 86 fa 67 90 fb 05 | received NAT-D: a9 2a c6 15 c3 50 5d 4e 06 13 48 05 4d 9e b1 e4 | received NAT-D: 57 31 c8 65 c2 6d 9b 46 8e 9f 7a 9d 16 a9 f6 c3 | received NAT-D: 63 11 e5 b3 91 41 9c 0a ef 8f 9d 08 6d aa f4 89 | NAT_TRAVERSAL encaps using auto-detect | NAT_TRAVERSAL this end is NOT behind NAT | NAT_TRAVERSAL that end is NOT behind NAT | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.45 | NAT-Traversal: Result using RFC 3947 (NAT-Traversal) sender port 500: no NAT detected | NAT_T_WITH_KA detected | global one-shot timer EVENT_NAT_T_KEEPALIVE scheduled in 20 seconds | adding inI2_outR2 KE work-order 1 for state #1 | state #1 requesting EVENT_SO_DISCARD to be deleted | libevent_free: release ptr-libevent@0x55e900760a08 | free_event_entry: release EVENT_SO_DISCARD-pe@0x55e900762478 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55e900762478 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 | libevent_malloc: new ptr-libevent@0x55e900762df8 size 128 | complete v1 state transition with STF_SUSPEND | [RE]START processing: state #1 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in complete_v1_state_transition() at ikev1.c:2648) | suspending state #1 and saving MD | #1 is busy; has a suspended MD | crypto helper 1 resuming | crypto helper 1 starting work-order 1 for state #1 | crypto helper 1 doing build KE and nonce (inI2_outR2 KE); request ID 1 | #1 spent 0.078 milliseconds in process_packet_tail() | stop processing: from 192.1.2.45:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.235 milliseconds in comm_handle_cb() reading and processing packet | crypto helper 1 finished build KE and nonce (inI2_outR2 KE); request ID 1 time elapsed 0.001027 seconds | (#1) spent 1.03 milliseconds in crypto helper computing work-order 1: inI2_outR2 KE (pcr) | crypto helper 1 sending results from work-order 1 for state #1 to event queue | scheduling resume sending helper answer for #1 | libevent_malloc: new ptr-libevent@0x7fad04002888 size 128 | crypto helper 1 waiting (nothing to do) | processing resume sending helper answer for #1 | start processing: state #1 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in resume_handler() at server.c:797) | crypto helper 1 replies to request ID 1 | calling continuation function 0x55e8febe8b50 | main_inI2_outR2_continue for #1: calculated ke+nonce, sending R2 | **emit ISAKMP Message: | initiator cookie: | 02 18 69 f8 01 00 7e 07 | responder cookie: | e4 b3 2c e9 b6 da 95 3d | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit ISAKMP Key Exchange Payload: | next payload type: ISAKMP_NEXT_NONCE (0xa) | next payload chain: ignoring supplied 'ISAKMP Key Exchange Payload'.'next payload type' value 10:ISAKMP_NEXT_NONCE | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Key Exchange Payload (4:ISAKMP_NEXT_KE) | next payload chain: saving location 'ISAKMP Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of keyex value into ISAKMP Key Exchange Payload | keyex value 74 47 b6 8d bb 6e c9 74 8d db 76 e7 a1 6b 55 6f | keyex value 9d 4c e4 6d 94 71 b8 86 d5 eb e4 76 25 c7 33 f3 | keyex value a0 26 1b c5 27 90 44 3d c9 79 c3 84 de fe 6b 71 | keyex value 3a 2a 6e 97 18 37 40 76 d9 03 33 08 70 f3 61 e6 | keyex value ec 94 25 1d 9a aa ca 71 c3 8b f9 72 5f 27 0e 1c | keyex value 50 c4 fd e7 dd 71 bb 3e 43 5f fb da 23 da 48 3e | keyex value e8 3c 92 41 ee ba 74 0b 97 c9 5e 42 3a 56 fc 5f | keyex value 2c a2 2f ad 31 aa b4 72 ee d3 bc 8b cf 31 c0 3f | keyex value 20 87 2c 89 5e 86 8a e7 85 3f 80 e6 7b ea 80 f7 | keyex value e7 71 a7 f6 62 75 fe a6 f6 2f c3 d3 64 af 1e 33 | keyex value ee ea 25 63 7f 95 57 36 86 d8 2e aa 44 c1 c6 7c | keyex value 93 28 2f 30 b9 c5 39 7e 56 10 0a 46 49 91 bd 22 | keyex value 2c d5 2b dc b5 4a f5 75 ac e7 57 bb d5 e2 e4 7b | keyex value b4 99 bc cc c2 12 64 6b f2 f1 66 2f 32 63 51 72 | keyex value 48 35 eb ee ec 68 2d ab 6f 98 29 6f 69 51 c7 21 | keyex value c4 ec a1 b0 e7 73 c6 d3 35 3c 89 e8 ab 26 20 bd | emitting length of ISAKMP Key Exchange Payload: 260 | ***emit ISAKMP Nonce Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Key Exchange Payload'.'next payload type' to current ISAKMP Nonce Payload (10:ISAKMP_NEXT_NONCE) | next payload chain: saving location 'ISAKMP Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of Nr into ISAKMP Nonce Payload | Nr de 13 d0 34 96 1d f6 0c 44 3c 9c 37 c5 00 04 79 | Nr b1 50 24 5b 4d 2e 1a 00 d2 38 f9 78 d6 ed 5d 38 | emitting length of ISAKMP Nonce Payload: 36 | sending NAT-D payloads | natd_hash: hasher=0x55e8fecbdca0(32) | natd_hash: icookie= 02 18 69 f8 01 00 7e 07 | natd_hash: rcookie= e4 b3 2c e9 b6 da 95 3d | natd_hash: ip= c0 01 02 2d | natd_hash: port=500 | natd_hash: hash= 57 31 c8 65 c2 6d 9b 46 8e 9f 7a 9d 16 a9 f6 c3 | natd_hash: hash= 63 11 e5 b3 91 41 9c 0a ef 8f 9d 08 6d aa f4 89 | ***emit ISAKMP NAT-D Payload: | next payload type: ISAKMP_NEXT_NATD_RFC (0x14) | next payload chain: ignoring supplied 'ISAKMP NAT-D Payload'.'next payload type' value 20:ISAKMP_NEXT_NATD_RFC | next payload chain: setting previous 'ISAKMP Nonce Payload'.'next payload type' to current ISAKMP NAT-D Payload (20:ISAKMP_NEXT_NATD_RFC) | next payload chain: saving location 'ISAKMP NAT-D Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of NAT-D into ISAKMP NAT-D Payload | NAT-D 57 31 c8 65 c2 6d 9b 46 8e 9f 7a 9d 16 a9 f6 c3 | NAT-D 63 11 e5 b3 91 41 9c 0a ef 8f 9d 08 6d aa f4 89 | emitting length of ISAKMP NAT-D Payload: 36 | natd_hash: hasher=0x55e8fecbdca0(32) | natd_hash: icookie= 02 18 69 f8 01 00 7e 07 | natd_hash: rcookie= e4 b3 2c e9 b6 da 95 3d | natd_hash: ip= c0 01 02 17 | natd_hash: port=500 | natd_hash: hash= 65 b0 e1 12 a1 66 9e 7c e7 f8 86 fa 67 90 fb 05 | natd_hash: hash= a9 2a c6 15 c3 50 5d 4e 06 13 48 05 4d 9e b1 e4 | ***emit ISAKMP NAT-D Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP NAT-D Payload'.'next payload type' to current ISAKMP NAT-D Payload (20:ISAKMP_NEXT_NATD_RFC) | next payload chain: saving location 'ISAKMP NAT-D Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of NAT-D into ISAKMP NAT-D Payload | NAT-D 65 b0 e1 12 a1 66 9e 7c e7 f8 86 fa 67 90 fb 05 | NAT-D a9 2a c6 15 c3 50 5d 4e 06 13 48 05 4d 9e b1 e4 | emitting length of ISAKMP NAT-D Payload: 36 | no IKEv1 message padding required | emitting length of ISAKMP Message: 396 | main inI2_outR2: starting async DH calculation (group=14) | started looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org->%fromcert of kind PKK_PSK | actually looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org->%fromcert of kind PKK_PSK | line 0: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org) to type PKK_RSA | line 1: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org) to type PKK_RSA | concluding with best_match=000 best=(nil) (lineno=-1) | no PreShared Key Found | adding main_inI2_outR2_tail work-order 2 for state #1 | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x55e900762df8 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55e900762478 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55e900762478 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 | libevent_malloc: new ptr-libevent@0x55e900762ea8 size 128 | #1 main_inI2_outR2_continue1_tail:1165 st->st_calculating = FALSE; | complete v1 state transition with STF_OK | [RE]START processing: state #1 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in complete_v1_state_transition() at ikev1.c:2673) | #1 is idle; has background offloaded task | crypto helper 0 resuming | doing_xauth:no, t_xauth_client_done:no | IKEv1: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2 | parent state #1: MAIN_R1(open IKE SA) => MAIN_R2(open IKE SA) | event_already_set, deleting event | crypto helper 0 starting work-order 2 for state #1 | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x55e900762ea8 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55e900762478 | crypto helper 0 doing compute dh+iv (V1 Phase 1) (main_inI2_outR2_tail); request ID 2 | sending reply packet to 192.1.2.45:500 (from 192.1.2.23:500) | sending 396 bytes for STATE_MAIN_R1 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #1) | 02 18 69 f8 01 00 7e 07 e4 b3 2c e9 b6 da 95 3d | 04 10 02 00 00 00 00 00 00 00 01 8c 0a 00 01 04 | 74 47 b6 8d bb 6e c9 74 8d db 76 e7 a1 6b 55 6f | 9d 4c e4 6d 94 71 b8 86 d5 eb e4 76 25 c7 33 f3 | a0 26 1b c5 27 90 44 3d c9 79 c3 84 de fe 6b 71 | 3a 2a 6e 97 18 37 40 76 d9 03 33 08 70 f3 61 e6 | ec 94 25 1d 9a aa ca 71 c3 8b f9 72 5f 27 0e 1c | 50 c4 fd e7 dd 71 bb 3e 43 5f fb da 23 da 48 3e | e8 3c 92 41 ee ba 74 0b 97 c9 5e 42 3a 56 fc 5f | 2c a2 2f ad 31 aa b4 72 ee d3 bc 8b cf 31 c0 3f | 20 87 2c 89 5e 86 8a e7 85 3f 80 e6 7b ea 80 f7 | e7 71 a7 f6 62 75 fe a6 f6 2f c3 d3 64 af 1e 33 | ee ea 25 63 7f 95 57 36 86 d8 2e aa 44 c1 c6 7c | 93 28 2f 30 b9 c5 39 7e 56 10 0a 46 49 91 bd 22 | 2c d5 2b dc b5 4a f5 75 ac e7 57 bb d5 e2 e4 7b | b4 99 bc cc c2 12 64 6b f2 f1 66 2f 32 63 51 72 | 48 35 eb ee ec 68 2d ab 6f 98 29 6f 69 51 c7 21 | c4 ec a1 b0 e7 73 c6 d3 35 3c 89 e8 ab 26 20 bd | 14 00 00 24 de 13 d0 34 96 1d f6 0c 44 3c 9c 37 | c5 00 04 79 b1 50 24 5b 4d 2e 1a 00 d2 38 f9 78 | d6 ed 5d 38 14 00 00 24 57 31 c8 65 c2 6d 9b 46 | 8e 9f 7a 9d 16 a9 f6 c3 63 11 e5 b3 91 41 9c 0a | ef 8f 9d 08 6d aa f4 89 00 00 00 24 65 b0 e1 12 | a1 66 9e 7c e7 f8 86 fa 67 90 fb 05 a9 2a c6 15 | c3 50 5d 4e 06 13 48 05 4d 9e b1 e4 | !event_already_set at reschedule | event_schedule: new EVENT_RETRANSMIT-pe@0x55e900762478 | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #1 | libevent_malloc: new ptr-libevent@0x55e900762ea8 size 128 | #1 STATE_MAIN_R2: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 29785.897793 "westnet-eastnet-x509-cr" #1: STATE_MAIN_R2: sent MR2, expecting MI3 | modecfg pull: noquirk policy:push not-client | phase 1 is done, looking for phase 2 to unpend | resume sending helper answer for #1 suppresed complete_v1_state_transition() | #1 spent 0.265 milliseconds in resume sending helper answer | stop processing: state #1 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7fad04002888 | crypto helper 0 finished compute dh+iv (V1 Phase 1) (main_inI2_outR2_tail); request ID 2 time elapsed 0.001156 seconds | (#1) spent 1.15 milliseconds in crypto helper computing work-order 2: main_inI2_outR2_tail (pcr) | crypto helper 0 sending results from work-order 2 for state #1 to event queue | scheduling resume sending helper answer for #1 | libevent_malloc: new ptr-libevent@0x7facfc000f48 size 128 | crypto helper 0 waiting (nothing to do) | processing resume sending helper answer for #1 | start processing: state #1 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in resume_handler() at server.c:797) | crypto helper 0 replies to request ID 2 | calling continuation function 0x55e8febe8b50 | main_inI2_outR2_calcdone for #1: calculate DH finished | [RE]START processing: state #1 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in main_inI2_outR2_continue2() at ikev1_main.c:1015) | stop processing: state #1 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in main_inI2_outR2_continue2() at ikev1_main.c:1028) | resume sending helper answer for #1 suppresed complete_v1_state_transition() | #1 spent 0.0184 milliseconds in resume sending helper answer | processing: STOP state #0 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7facfc000f48 | spent 0.00277 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 2060 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 02 18 69 f8 01 00 7e 07 e4 b3 2c e9 b6 da 95 3d | 05 10 02 01 00 00 00 00 00 00 08 0c 5b cf c5 b9 | 78 2b 82 71 f5 8c cb 56 ec 6b a8 06 c6 cb ca cb | b5 06 dd f9 fd 0c f6 ba 03 37 a9 92 c9 8b 71 a9 | 1b 7e 1f c1 dc 45 d4 f1 91 4d f8 93 ee 67 8e ed | 0d 00 d9 1d 9b 43 38 18 31 6a a4 e5 32 47 7b f5 | 48 b6 28 60 79 58 57 01 b9 ed cf 21 86 9b 7a 08 | 77 1c 0a 60 55 a5 e5 43 51 96 3b a6 3e 1c 52 c3 | c1 cf cd 79 fa 37 b5 d6 21 d1 fb 70 d7 f4 c3 74 | e5 c4 38 88 6e f7 80 08 f4 e3 5f f7 49 75 65 11 | 07 5d dd be e6 76 d3 4e bd a0 35 7c ce 80 1c c3 | ae c5 b2 1d 62 c1 bd 7a 14 c0 6a 5d fb 17 08 7a | b0 28 48 68 d5 8e 3d 38 a7 48 b3 66 98 8a 02 e7 | 16 7c 7f 3d b1 db 32 7a b4 32 c5 31 dd a1 3b 8a | 6e 18 8e ff 38 85 c9 9b 5c 7f 60 da 58 b6 5a 4c | e2 15 c0 d6 92 df f1 43 fe d3 a5 f1 0b e5 8f 9b | ec 5c 27 b3 80 25 6b 84 e6 e9 13 86 ff 17 a2 1c | a7 37 28 a8 e3 55 d3 b5 9f 74 8c f5 90 2e 4f 0b | 0f 31 b1 da 1e 56 7d 95 fc 97 eb be 57 f3 8d a8 | 3a f8 00 1a 47 e5 74 45 fc b6 a4 ea 32 46 b8 db | 21 db e3 e4 c3 35 db 0f bc 4c ac 22 5c 33 fb 58 | 0d 8b 05 ec a8 2b e5 c7 46 86 dd 36 75 7b 33 db | 49 c9 f0 60 e7 b7 77 2e 45 7f f5 9a cf 58 76 f3 | 52 14 00 ef 1e ed 17 a2 af f9 51 72 4e 2b 95 61 | 76 91 0d 75 59 35 73 0d 4f 02 50 82 75 b0 f0 6a | ff 90 4e 9a ec 4f 36 90 0f 9d 6d 30 58 ac 9a c0 | c4 5d 2b e3 3e 21 c9 76 4f 28 74 04 e3 c3 fb 67 | 87 55 16 f6 82 a7 8a 47 3b 37 84 68 97 ed a4 8f | 88 f1 36 e5 d0 b5 de 32 cc f9 fb 15 5b a1 2b 56 | 6d 51 3f bc 1b cd d2 20 c1 b6 ea 41 70 15 32 39 | 3b f3 cc 5e af db 9d 3a 99 64 ea cd 26 3a 1f 52 | 6d c2 9f 50 ef a0 47 62 7d cc d9 b9 92 03 0d e9 | 0d b0 ad 4f 53 45 a0 4c 7f ba 12 f3 8d d7 5c 10 | 4a 68 a8 a0 e6 1d 6c 71 58 a4 e9 d3 db de 79 13 | 34 1c ce 5b 86 e6 8a b0 44 5d ba 23 32 ed 4e e1 | df 58 ca 47 f3 34 b9 f1 c8 71 76 4d 20 d0 48 62 | 03 05 3c 86 42 11 0e 3b 32 78 ee ad ac ae 28 12 | fd ea db 6f bb 28 b7 7d 20 85 db 86 37 03 41 5a | 5e f1 77 b4 91 46 4c 04 fb c5 8a 1e 54 b0 6b c0 | 6a 4e 0b 50 da 48 02 5e 76 b4 1a 2f 5d 40 b3 0b | a3 0c db 49 fa f2 69 23 5c f7 78 0f dd 54 5d 04 | 1c c8 ab 37 d3 ce c2 ec 82 c5 1d f3 76 58 09 dc | 6e a7 e5 dd 23 13 84 b3 27 90 9b fa cf 1c 88 d9 | 47 62 d0 25 52 a3 87 24 ca 52 9c 89 13 5b 8b 8a | 5d 65 23 a7 c7 4f c3 f6 e3 4f 5e 62 b9 6f d1 42 | ab ef 0a e1 af 5c ee fc 03 39 c0 98 90 1a c5 69 | 09 45 ca 3a 30 5f c9 62 75 74 59 68 4c e5 bf 3a | a0 c3 4a 25 43 01 21 94 a2 1f 86 7a 08 c6 fe d9 | 85 a1 d2 6d d9 e5 32 2c a9 13 45 43 d6 ea 49 e5 | 22 16 5a 2d 88 30 b6 3c 45 1d 72 93 94 83 0e db | c9 f1 6e 06 eb 44 29 30 52 4d 1c 8b 9f ff cf e8 | 62 66 0e 95 73 a3 41 5e 1b 68 97 8f dd d7 c3 66 | b8 13 e3 e9 98 0a 52 ae a6 ff 11 21 20 3e ae 59 | fc c2 97 12 22 e0 ae 5e 31 08 fa 64 d4 7d 18 52 | 7c 45 d8 73 d2 8d e6 9d a6 14 24 b7 00 0b 67 eb | c9 fb ae 87 bd d1 49 11 36 a0 51 5c 54 b9 30 fe | 8a 1e 2f b7 dc d7 0d 02 d3 41 54 25 cc 4c d1 a6 | b9 74 b9 8f 8f d6 b8 8a dd 5e 99 48 c9 2c 57 b7 | 5a 1c 4a bd f5 3f be be 35 a6 29 e3 05 f0 70 ed | 1a b3 68 ec de e9 54 38 2a 2c 1a 3c 65 d0 e1 f1 | 9e 2e 74 f1 ab 43 97 d7 9b e0 4b 8a 47 22 e5 b3 | 1c 32 00 65 36 d6 b2 59 b2 a4 a6 7e 04 f4 05 f5 | c7 ff 62 c3 72 c0 82 58 8b d0 a7 cd 00 2e f6 01 | 3f 04 32 07 4d 38 85 18 92 cf 86 a1 60 3f 6c 01 | 56 80 aa b4 ec 73 79 2a 34 77 a4 aa ca 7d b7 f5 | a7 cc ad a8 90 a8 28 c3 e1 5b 3f ea 47 b4 f1 f5 | 35 59 57 5c 8f 2b 19 76 18 9e d7 c6 a7 e9 5b 7f | e7 dc 9c 7b cf f3 a7 15 03 78 6f 8c 18 5c 39 9c | 27 80 27 d4 60 c2 35 9c 13 5d 5c c8 c0 ca 1e b4 | 2e 09 46 44 0d d0 6a b7 72 48 19 10 a0 6a 02 1c | 9c ec 9d 54 6e 08 03 a9 bc cc c3 4f aa 7c 91 2a | cb 18 dd d5 66 6a 39 2a fe 05 81 b5 42 d0 e3 7a | a6 59 39 3f 0a 39 7f 7a 76 cb fd 73 0b 5e 57 87 | 30 1c a0 8b ab 0d 95 01 be b2 a3 58 b2 8b ac 25 | 64 8d a5 d6 d4 77 f0 ba fa f3 26 81 af a2 ab a0 | c3 33 b4 6f 76 54 f0 57 00 40 ac ec a1 c1 52 3a | 7c 89 18 84 91 df 4d 8a f7 29 c8 1c 99 1d cd 72 | ea 34 84 22 11 12 c7 0f 16 3f f3 ba 0a 85 ca cd | 34 a4 f5 a6 b7 f8 53 86 3c 52 fd b1 9b 57 e7 85 | 97 93 4b 25 69 04 02 52 5d 8c f9 cf ce 7d 85 08 | 6c fa ea 59 77 e5 cd ba 9d 91 5c 06 43 6b b5 a0 | 37 88 cd 25 5c 3f d1 64 78 93 78 e8 3e df e8 af | 33 a3 5c 45 b8 ff 23 a7 cf d9 3c ff b4 21 51 2a | 31 23 06 43 3b 3c 23 48 84 13 f9 a5 59 cb a0 1e | 35 f6 e6 86 9b 18 8d b9 9c a7 7c 87 9e d4 2f d8 | 0b b1 ce 96 55 94 62 c0 35 8f 1f 37 a4 b3 8a 0d | b4 9a 6e 9d 6c cd d3 92 50 91 42 4f 53 b1 9c 18 | 80 45 03 60 21 ce eb cc 8a 8e 6d 1a d5 f6 4e b5 | 4a dd b9 0c 93 26 74 4b 67 18 00 2e 77 d1 2b 59 | 40 f3 6e 6e fa 03 62 bb 8d 05 2b 6f 58 95 88 8f | 88 e6 7e 6b 3e 71 20 fe 85 ca bf a0 e1 86 50 bb | 72 a0 f0 4b f2 42 cb f6 d5 c4 dc b2 c1 ca 92 5e | 2d bb 1e ef 5e fb ab d7 be 4b 9f 2e eb 39 ed 3b | 03 b4 2b e9 a9 12 da 5a b1 8e ea a5 16 a1 54 d2 | c2 79 58 19 4b 67 5f a5 95 c8 6f 5f b2 21 16 f6 | 98 06 be a1 47 c7 ff f0 5f dd bc f5 b6 33 fd cf | 98 27 c0 ce 15 34 e7 66 d5 e7 79 22 74 60 61 14 | 39 15 e0 45 1b 7a d5 55 6b 09 1c e2 66 a5 e5 fd | 8a 22 c1 c0 05 3f 11 73 d7 d2 51 dc 0d eb 25 7f | 8b d5 68 e1 e6 72 4d 23 59 4f 2d ab 06 bb 19 c8 | a3 08 16 92 75 90 c3 55 b2 41 91 43 12 41 b1 1b | 59 56 30 f6 ae c4 05 7b 4a 0c 50 ca 07 f4 4d d7 | a3 a5 ee e8 49 b0 36 bd 57 f7 85 66 98 7e 1b 4e | 04 65 52 41 7e 7a cb d3 a3 0b ab 67 05 de 36 42 | f0 02 64 bc 08 70 46 f2 d1 f4 4f 7c 33 78 5b ea | 63 75 49 ad 05 84 38 68 c7 5c be 0b 07 3e cb 9c | 7a 5b c4 8d 96 9e 5a 1d 7c 80 af 99 d5 d1 9d 09 | 6b b9 94 1a 59 fe b9 e7 4c cb 39 ba 51 c4 6c 45 | 80 be 01 31 28 39 5a 58 a8 4f 9d 34 65 ed ba 7c | 3b c5 f0 9c 98 0d 88 f5 b0 ac bb 6f df 39 e8 e8 | 40 e2 fc e6 1f ab 68 cb ca ab 37 dd 18 3d a6 df | 34 2a 90 15 fa 1e 5d a5 66 95 c2 68 58 ac 83 7b | ea 44 f5 75 cc 86 c0 1a 4a 46 5d 59 74 75 92 cc | 11 d0 f3 08 81 f5 e0 68 4c 91 ef 6d 6d 06 0e c6 | aa a7 8f 67 69 1b 6a d9 69 56 9a 2e a0 ff 45 c7 | 45 e7 f5 a5 3b a4 55 99 9f 46 05 49 95 f2 5e 1b | 92 c9 dc 3d b4 36 75 fa 19 cb 73 ef e8 ec 05 81 | a1 36 fa 3b 81 81 ac 16 67 3b e0 1c c7 a7 ea 8a | 94 77 c1 aa 0c 3c 76 f2 a0 5a a2 7d 5b 8d 55 3e | de ea f0 eb 38 c9 64 1d 60 18 00 36 05 e6 20 6f | 92 c2 bc d0 99 3b 48 17 73 38 7b fd 56 58 f9 d1 | 2a e7 84 12 66 e0 2c bb a5 e9 d8 66 10 0c 2a 59 | 66 d6 e0 8c 60 45 ac ed 35 16 4e 0f f0 96 b7 d3 | fb 0a cb 6b 48 82 fc a0 e4 c7 da 8f 84 51 7b d0 | 5c e7 a9 6d 43 20 ae 8a 5c 6e d4 71 c1 7a 6d a7 | 23 82 f0 2e d9 b3 d1 ad 0a 43 3d 20 85 84 5c f6 | 24 17 75 ed 08 7d 90 26 41 57 e5 26 7d f0 bb 2b | f7 f7 ac 0d da 50 d6 92 fd 3a e7 84 79 6b 83 91 | 60 8a 42 e0 46 99 2f 3b 39 ba 10 15 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 02 18 69 f8 01 00 7e 07 | responder cookie: | e4 b3 2c e9 b6 da 95 3d | next payload type: ISAKMP_NEXT_ID (0x5) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 0 (0x0) | length: 2060 (0x80c) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) | start processing: state #1 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_v1_packet() at ikev1.c:1459) | #1 is idle | #1 idle | received encrypted packet from 192.1.2.45:500 | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x220 opt: 0x20c0 | ***parse ISAKMP Identification Payload: | next payload type: ISAKMP_NEXT_CERT (0x6) | length: 191 (0xbf) | ID type: ID_DER_ASN1_DN (0x9) | DOI specific A: 0 (0x0) | DOI specific B: 0 (0x0) | obj: 30 81 b4 31 0b 30 09 06 03 55 04 06 13 02 43 41 | obj: 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 | obj: 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 | obj: 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c | obj: 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 | obj: 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 | obj: 6e 74 31 23 30 21 06 03 55 04 03 0c 1a 77 65 73 | obj: 74 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 | obj: 77 61 6e 2e 6f 72 67 31 2e 30 2c 06 09 2a 86 48 | obj: 86 f7 0d 01 09 01 16 1f 75 73 65 72 2d 77 65 73 | obj: 74 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 | obj: 77 61 6e 2e 6f 72 67 | got payload 0x40 (ISAKMP_NEXT_CERT) needed: 0x200 opt: 0x20c0 | ***parse ISAKMP Certificate Payload: | next payload type: ISAKMP_NEXT_CR (0x7) | length: 1265 (0x4f1) | cert encoding: CERT_X509_SIGNATURE (0x4) | got payload 0x80 (ISAKMP_NEXT_CR) needed: 0x200 opt: 0x20c0 | ***parse ISAKMP Certificate RequestPayload: | next payload type: ISAKMP_NEXT_SIG (0x9) | length: 180 (0xb4) | cert type: CERT_X509_SIGNATURE (0x4) | got payload 0x200 (ISAKMP_NEXT_SIG) needed: 0x200 opt: 0x20c0 | ***parse ISAKMP Signature Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 388 (0x184) | removing 8 bytes of padding | message 'main_inI3_outR3' HASH payload not checked early | DER ASN1 DN: 30 81 b4 31 0b 30 09 06 03 55 04 06 13 02 43 41 | DER ASN1 DN: 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 | DER ASN1 DN: 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 | DER ASN1 DN: 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c | DER ASN1 DN: 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 | DER ASN1 DN: 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 | DER ASN1 DN: 6e 74 31 23 30 21 06 03 55 04 03 0c 1a 77 65 73 | DER ASN1 DN: 74 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 | DER ASN1 DN: 77 61 6e 2e 6f 72 67 31 2e 30 2c 06 09 2a 86 48 | DER ASN1 DN: 86 f7 0d 01 09 01 16 1f 75 73 65 72 2d 77 65 73 | DER ASN1 DN: 74 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 | DER ASN1 DN: 77 61 6e 2e 6f 72 67 "westnet-eastnet-x509-cr" #1: Peer ID is ID_DER_ASN1_DN: 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west.testing.libreswan.org, E=user-west@testing.libreswan.org' | global one-shot timer EVENT_FREE_ROOT_CERTS scheduled in 300 seconds loading root certificate cache | spent 2.33 milliseconds in get_root_certs() calling PK11_ListCertsInSlot() | spent 0.0207 milliseconds in get_root_certs() filtering CAs | #1 spent 2.38 milliseconds in find_and_verify_certs() calling get_root_certs() | checking for known CERT payloads | saving certificate of type 'X509_SIGNATURE' | decoded cert: E=user-west@testing.libreswan.org,CN=west.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA | #1 spent 0.183 milliseconds in find_and_verify_certs() calling decode_cert_payloads() | cert_issuer_has_current_crl: looking for a CRL issued by E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA | #1 spent 0.0286 milliseconds in find_and_verify_certs() calling crl_update_check() | missing or expired CRL | crl_strict: 0, ocsp: 0, ocsp_strict: 0, ocsp_post: 0 | verify_end_cert trying profile IPsec "westnet-eastnet-x509-cr" #1: Certificate E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA failed IPsec verification "westnet-eastnet-x509-cr" #1: ERROR: The certificate was signed using a signature algorithm that is disabled because it is not secure. | #1 spent 0.469 milliseconds in find_and_verify_certs() calling verify_end_cert() "westnet-eastnet-x509-cr" #1: X509: Certificate rejected for this connection "westnet-eastnet-x509-cr" #1: X509: CERT payload bogus or revoked | Peer ID failed to decode | complete v1 state transition with INVALID_ID_INFORMATION | [RE]START processing: state #1 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in complete_v1_state_transition() at ikev1.c:2673) | #1 is idle "westnet-eastnet-x509-cr" #1: sending encrypted notification INVALID_ID_INFORMATION to 192.1.2.45:500 | **emit ISAKMP Message: | initiator cookie: | 02 18 69 f8 01 00 7e 07 | responder cookie: | e4 b3 2c e9 b6 da 95 3d | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_INFO (0x5) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 3856799071 (0xe5e2155f) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'notification msg' | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload | emitting length of ISAKMP Hash Payload: 36 | ***emit ISAKMP Notification Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | DOI: ISAKMP_DOI_IPSEC (0x1) | protocol ID: 1 (0x1) | SPI size: 0 (0x0) | Notify Message Type: INVALID_ID_INFORMATION (0x12) | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Notification Payload (11:ISAKMP_NEXT_N) | next payload chain: saving location 'ISAKMP Notification Payload'.'next payload type' in 'notification msg' | emitting length of ISAKMP Notification Payload: 12 | send notification HASH(1): | 79 b6 95 15 44 b4 20 34 da 80 1c 2e 68 26 47 96 | 7b 91 5e 45 99 a3 2b 1e 02 ea 5f 25 fb 0d ac cc | no IKEv1 message padding required | emitting length of ISAKMP Message: 76 | sending 76 bytes for notification packet through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #1) | 02 18 69 f8 01 00 7e 07 e4 b3 2c e9 b6 da 95 3d | 08 10 05 01 e5 e2 15 5f 00 00 00 4c 40 d1 e3 0d | fb 87 55 db 08 cd a2 23 85 e0 1c 46 09 69 22 21 | 45 52 15 51 0d 7e 07 e1 8f f6 b9 e3 f3 61 10 27 | 74 80 9b 62 a4 69 88 5e 28 ad 66 21 | state transition function for STATE_MAIN_R2 failed: INVALID_ID_INFORMATION | #1 spent 3.75 milliseconds in process_packet_tail() | stop processing: from 192.1.2.45:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 4.06 milliseconds in comm_handle_cb() reading and processing packet | spent 0.0028 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 532 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 02 18 69 f8 01 00 7e 07 e4 b3 2c e9 b6 da 95 3d | 84 10 02 00 00 00 00 00 00 00 02 14 00 00 01 f8 | 00 01 01 00 02 18 69 f8 01 00 7e 07 e4 b3 2c e9 | b6 da 95 3d 05 10 02 01 00 00 00 00 00 00 08 0c | 5b cf c5 b9 78 2b 82 71 f5 8c cb 56 ec 6b a8 06 | c6 cb ca cb b5 06 dd f9 fd 0c f6 ba 03 37 a9 92 | c9 8b 71 a9 1b 7e 1f c1 dc 45 d4 f1 91 4d f8 93 | ee 67 8e ed 0d 00 d9 1d 9b 43 38 18 31 6a a4 e5 | 32 47 7b f5 48 b6 28 60 79 58 57 01 b9 ed cf 21 | 86 9b 7a 08 77 1c 0a 60 55 a5 e5 43 51 96 3b a6 | 3e 1c 52 c3 c1 cf cd 79 fa 37 b5 d6 21 d1 fb 70 | d7 f4 c3 74 e5 c4 38 88 6e f7 80 08 f4 e3 5f f7 | 49 75 65 11 07 5d dd be e6 76 d3 4e bd a0 35 7c | ce 80 1c c3 ae c5 b2 1d 62 c1 bd 7a 14 c0 6a 5d | fb 17 08 7a b0 28 48 68 d5 8e 3d 38 a7 48 b3 66 | 98 8a 02 e7 16 7c 7f 3d b1 db 32 7a b4 32 c5 31 | dd a1 3b 8a 6e 18 8e ff 38 85 c9 9b 5c 7f 60 da | 58 b6 5a 4c e2 15 c0 d6 92 df f1 43 fe d3 a5 f1 | 0b e5 8f 9b ec 5c 27 b3 80 25 6b 84 e6 e9 13 86 | ff 17 a2 1c a7 37 28 a8 e3 55 d3 b5 9f 74 8c f5 | 90 2e 4f 0b 0f 31 b1 da 1e 56 7d 95 fc 97 eb be | 57 f3 8d a8 3a f8 00 1a 47 e5 74 45 fc b6 a4 ea | 32 46 b8 db 21 db e3 e4 c3 35 db 0f bc 4c ac 22 | 5c 33 fb 58 0d 8b 05 ec a8 2b e5 c7 46 86 dd 36 | 75 7b 33 db 49 c9 f0 60 e7 b7 77 2e 45 7f f5 9a | cf 58 76 f3 52 14 00 ef 1e ed 17 a2 af f9 51 72 | 4e 2b 95 61 76 91 0d 75 59 35 73 0d 4f 02 50 82 | 75 b0 f0 6a ff 90 4e 9a ec 4f 36 90 0f 9d 6d 30 | 58 ac 9a c0 c4 5d 2b e3 3e 21 c9 76 4f 28 74 04 | e3 c3 fb 67 87 55 16 f6 82 a7 8a 47 3b 37 84 68 | 97 ed a4 8f 88 f1 36 e5 d0 b5 de 32 cc f9 fb 15 | 5b a1 2b 56 6d 51 3f bc 1b cd d2 20 c1 b6 ea 41 | 70 15 32 39 3b f3 cc 5e af db 9d 3a 99 64 ea cd | 26 3a 1f 52 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 02 18 69 f8 01 00 7e 07 | responder cookie: | e4 b3 2c e9 b6 da 95 3d | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 532 (0x214) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) | start processing: state #1 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_v1_packet() at ikev1.c:1459) | ***parse ISAKMP IKE Fragment Payload: | length: 504 (0x1f8) | fragment id: 1 (0x1) | fragment number: 1 (0x1) | flags: 0 (0x0) | received IKE fragment id '1', number '1' | stop processing: from 192.1.2.45:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.131 milliseconds in comm_handle_cb() reading and processing packet | timer_event_cb: processing event@0x55e900762478 | handling event EVENT_RETRANSMIT for parent state #1 | start processing: state #1 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in timer_event_cb() at timer.c:250) | IKEv1 retransmit event | [RE]START processing: state #1 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in retransmit_v1_msg() at retry.c:61) | handling event EVENT_RETRANSMIT for 192.1.2.45 "westnet-eastnet-x509-cr" #1 keying attempt 0 of 0; retransmit 1 | retransmits: current time 29786.400924; retransmit count 0 exceeds limit? NO; deltatime 0.5 exceeds limit? NO; monotime 0.503131 exceeds limit? NO | event_schedule: new EVENT_RETRANSMIT-pe@0x7fad04002b78 | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #1 | libevent_malloc: new ptr-libevent@0x55e90077c7a8 size 128 "westnet-eastnet-x509-cr" #1: STATE_MAIN_R2: retransmission; will wait 0.5 seconds for response | sending 396 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #1) | 02 18 69 f8 01 00 7e 07 e4 b3 2c e9 b6 da 95 3d | 04 10 02 00 00 00 00 00 00 00 01 8c 0a 00 01 04 | 74 47 b6 8d bb 6e c9 74 8d db 76 e7 a1 6b 55 6f | 9d 4c e4 6d 94 71 b8 86 d5 eb e4 76 25 c7 33 f3 | a0 26 1b c5 27 90 44 3d c9 79 c3 84 de fe 6b 71 | 3a 2a 6e 97 18 37 40 76 d9 03 33 08 70 f3 61 e6 | ec 94 25 1d 9a aa ca 71 c3 8b f9 72 5f 27 0e 1c | 50 c4 fd e7 dd 71 bb 3e 43 5f fb da 23 da 48 3e | e8 3c 92 41 ee ba 74 0b 97 c9 5e 42 3a 56 fc 5f | 2c a2 2f ad 31 aa b4 72 ee d3 bc 8b cf 31 c0 3f | 20 87 2c 89 5e 86 8a e7 85 3f 80 e6 7b ea 80 f7 | e7 71 a7 f6 62 75 fe a6 f6 2f c3 d3 64 af 1e 33 | ee ea 25 63 7f 95 57 36 86 d8 2e aa 44 c1 c6 7c | 93 28 2f 30 b9 c5 39 7e 56 10 0a 46 49 91 bd 22 | 2c d5 2b dc b5 4a f5 75 ac e7 57 bb d5 e2 e4 7b | b4 99 bc cc c2 12 64 6b f2 f1 66 2f 32 63 51 72 | 48 35 eb ee ec 68 2d ab 6f 98 29 6f 69 51 c7 21 | c4 ec a1 b0 e7 73 c6 d3 35 3c 89 e8 ab 26 20 bd | 14 00 00 24 de 13 d0 34 96 1d f6 0c 44 3c 9c 37 | c5 00 04 79 b1 50 24 5b 4d 2e 1a 00 d2 38 f9 78 | d6 ed 5d 38 14 00 00 24 57 31 c8 65 c2 6d 9b 46 | 8e 9f 7a 9d 16 a9 f6 c3 63 11 e5 b3 91 41 9c 0a | ef 8f 9d 08 6d aa f4 89 00 00 00 24 65 b0 e1 12 | a1 66 9e 7c e7 f8 86 fa 67 90 fb 05 a9 2a c6 15 | c3 50 5d 4e 06 13 48 05 4d 9e b1 e4 | libevent_free: release ptr-libevent@0x55e900762ea8 | free_event_entry: release EVENT_RETRANSMIT-pe@0x55e900762478 | #1 spent 0.0957 milliseconds in timer_event_cb() EVENT_RETRANSMIT | stop processing: state #1 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in timer_event_cb() at timer.c:557) | spent 0.00128 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 532 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 02 18 69 f8 01 00 7e 07 e4 b3 2c e9 b6 da 95 3d | 84 10 02 00 00 00 00 00 00 00 02 14 00 00 01 f8 | 00 01 02 00 6d c2 9f 50 ef a0 47 62 7d cc d9 b9 | 92 03 0d e9 0d b0 ad 4f 53 45 a0 4c 7f ba 12 f3 | 8d d7 5c 10 4a 68 a8 a0 e6 1d 6c 71 58 a4 e9 d3 | db de 79 13 34 1c ce 5b 86 e6 8a b0 44 5d ba 23 | 32 ed 4e e1 df 58 ca 47 f3 34 b9 f1 c8 71 76 4d | 20 d0 48 62 03 05 3c 86 42 11 0e 3b 32 78 ee ad | ac ae 28 12 fd ea db 6f bb 28 b7 7d 20 85 db 86 | 37 03 41 5a 5e f1 77 b4 91 46 4c 04 fb c5 8a 1e | 54 b0 6b c0 6a 4e 0b 50 da 48 02 5e 76 b4 1a 2f | 5d 40 b3 0b a3 0c db 49 fa f2 69 23 5c f7 78 0f | dd 54 5d 04 1c c8 ab 37 d3 ce c2 ec 82 c5 1d f3 | 76 58 09 dc 6e a7 e5 dd 23 13 84 b3 27 90 9b fa | cf 1c 88 d9 47 62 d0 25 52 a3 87 24 ca 52 9c 89 | 13 5b 8b 8a 5d 65 23 a7 c7 4f c3 f6 e3 4f 5e 62 | b9 6f d1 42 ab ef 0a e1 af 5c ee fc 03 39 c0 98 | 90 1a c5 69 09 45 ca 3a 30 5f c9 62 75 74 59 68 | 4c e5 bf 3a a0 c3 4a 25 43 01 21 94 a2 1f 86 7a | 08 c6 fe d9 85 a1 d2 6d d9 e5 32 2c a9 13 45 43 | d6 ea 49 e5 22 16 5a 2d 88 30 b6 3c 45 1d 72 93 | 94 83 0e db c9 f1 6e 06 eb 44 29 30 52 4d 1c 8b | 9f ff cf e8 62 66 0e 95 73 a3 41 5e 1b 68 97 8f | dd d7 c3 66 b8 13 e3 e9 98 0a 52 ae a6 ff 11 21 | 20 3e ae 59 fc c2 97 12 22 e0 ae 5e 31 08 fa 64 | d4 7d 18 52 7c 45 d8 73 d2 8d e6 9d a6 14 24 b7 | 00 0b 67 eb c9 fb ae 87 bd d1 49 11 36 a0 51 5c | 54 b9 30 fe 8a 1e 2f b7 dc d7 0d 02 d3 41 54 25 | cc 4c d1 a6 b9 74 b9 8f 8f d6 b8 8a dd 5e 99 48 | c9 2c 57 b7 5a 1c 4a bd f5 3f be be 35 a6 29 e3 | 05 f0 70 ed 1a b3 68 ec de e9 54 38 2a 2c 1a 3c | 65 d0 e1 f1 9e 2e 74 f1 ab 43 97 d7 9b e0 4b 8a | 47 22 e5 b3 1c 32 00 65 36 d6 b2 59 b2 a4 a6 7e | 04 f4 05 f5 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 02 18 69 f8 01 00 7e 07 | responder cookie: | e4 b3 2c e9 b6 da 95 3d | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 532 (0x214) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) | start processing: state #1 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_v1_packet() at ikev1.c:1459) | ***parse ISAKMP IKE Fragment Payload: | length: 504 (0x1f8) | fragment id: 1 (0x1) | fragment number: 2 (0x2) | flags: 0 (0x0) | received IKE fragment id '1', number '2' | stop processing: from 192.1.2.45:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.118 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00118 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 532 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 02 18 69 f8 01 00 7e 07 e4 b3 2c e9 b6 da 95 3d | 84 10 02 00 00 00 00 00 00 00 02 14 00 00 01 f8 | 00 01 03 00 c7 ff 62 c3 72 c0 82 58 8b d0 a7 cd | 00 2e f6 01 3f 04 32 07 4d 38 85 18 92 cf 86 a1 | 60 3f 6c 01 56 80 aa b4 ec 73 79 2a 34 77 a4 aa | ca 7d b7 f5 a7 cc ad a8 90 a8 28 c3 e1 5b 3f ea | 47 b4 f1 f5 35 59 57 5c 8f 2b 19 76 18 9e d7 c6 | a7 e9 5b 7f e7 dc 9c 7b cf f3 a7 15 03 78 6f 8c | 18 5c 39 9c 27 80 27 d4 60 c2 35 9c 13 5d 5c c8 | c0 ca 1e b4 2e 09 46 44 0d d0 6a b7 72 48 19 10 | a0 6a 02 1c 9c ec 9d 54 6e 08 03 a9 bc cc c3 4f | aa 7c 91 2a cb 18 dd d5 66 6a 39 2a fe 05 81 b5 | 42 d0 e3 7a a6 59 39 3f 0a 39 7f 7a 76 cb fd 73 | 0b 5e 57 87 30 1c a0 8b ab 0d 95 01 be b2 a3 58 | b2 8b ac 25 64 8d a5 d6 d4 77 f0 ba fa f3 26 81 | af a2 ab a0 c3 33 b4 6f 76 54 f0 57 00 40 ac ec | a1 c1 52 3a 7c 89 18 84 91 df 4d 8a f7 29 c8 1c | 99 1d cd 72 ea 34 84 22 11 12 c7 0f 16 3f f3 ba | 0a 85 ca cd 34 a4 f5 a6 b7 f8 53 86 3c 52 fd b1 | 9b 57 e7 85 97 93 4b 25 69 04 02 52 5d 8c f9 cf | ce 7d 85 08 6c fa ea 59 77 e5 cd ba 9d 91 5c 06 | 43 6b b5 a0 37 88 cd 25 5c 3f d1 64 78 93 78 e8 | 3e df e8 af 33 a3 5c 45 b8 ff 23 a7 cf d9 3c ff | b4 21 51 2a 31 23 06 43 3b 3c 23 48 84 13 f9 a5 | 59 cb a0 1e 35 f6 e6 86 9b 18 8d b9 9c a7 7c 87 | 9e d4 2f d8 0b b1 ce 96 55 94 62 c0 35 8f 1f 37 | a4 b3 8a 0d b4 9a 6e 9d 6c cd d3 92 50 91 42 4f | 53 b1 9c 18 80 45 03 60 21 ce eb cc 8a 8e 6d 1a | d5 f6 4e b5 4a dd b9 0c 93 26 74 4b 67 18 00 2e | 77 d1 2b 59 40 f3 6e 6e fa 03 62 bb 8d 05 2b 6f | 58 95 88 8f 88 e6 7e 6b 3e 71 20 fe 85 ca bf a0 | e1 86 50 bb 72 a0 f0 4b f2 42 cb f6 d5 c4 dc b2 | c1 ca 92 5e 2d bb 1e ef 5e fb ab d7 be 4b 9f 2e | eb 39 ed 3b | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 02 18 69 f8 01 00 7e 07 | responder cookie: | e4 b3 2c e9 b6 da 95 3d | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 532 (0x214) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) | start processing: state #1 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_v1_packet() at ikev1.c:1459) | ***parse ISAKMP IKE Fragment Payload: | length: 504 (0x1f8) | fragment id: 1 (0x1) | fragment number: 3 (0x3) | flags: 0 (0x0) | received IKE fragment id '1', number '3' | stop processing: from 192.1.2.45:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.111 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00117 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 532 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 02 18 69 f8 01 00 7e 07 e4 b3 2c e9 b6 da 95 3d | 84 10 02 00 00 00 00 00 00 00 02 14 00 00 01 f8 | 00 01 04 00 03 b4 2b e9 a9 12 da 5a b1 8e ea a5 | 16 a1 54 d2 c2 79 58 19 4b 67 5f a5 95 c8 6f 5f | b2 21 16 f6 98 06 be a1 47 c7 ff f0 5f dd bc f5 | b6 33 fd cf 98 27 c0 ce 15 34 e7 66 d5 e7 79 22 | 74 60 61 14 39 15 e0 45 1b 7a d5 55 6b 09 1c e2 | 66 a5 e5 fd 8a 22 c1 c0 05 3f 11 73 d7 d2 51 dc | 0d eb 25 7f 8b d5 68 e1 e6 72 4d 23 59 4f 2d ab | 06 bb 19 c8 a3 08 16 92 75 90 c3 55 b2 41 91 43 | 12 41 b1 1b 59 56 30 f6 ae c4 05 7b 4a 0c 50 ca | 07 f4 4d d7 a3 a5 ee e8 49 b0 36 bd 57 f7 85 66 | 98 7e 1b 4e 04 65 52 41 7e 7a cb d3 a3 0b ab 67 | 05 de 36 42 f0 02 64 bc 08 70 46 f2 d1 f4 4f 7c | 33 78 5b ea 63 75 49 ad 05 84 38 68 c7 5c be 0b | 07 3e cb 9c 7a 5b c4 8d 96 9e 5a 1d 7c 80 af 99 | d5 d1 9d 09 6b b9 94 1a 59 fe b9 e7 4c cb 39 ba | 51 c4 6c 45 80 be 01 31 28 39 5a 58 a8 4f 9d 34 | 65 ed ba 7c 3b c5 f0 9c 98 0d 88 f5 b0 ac bb 6f | df 39 e8 e8 40 e2 fc e6 1f ab 68 cb ca ab 37 dd | 18 3d a6 df 34 2a 90 15 fa 1e 5d a5 66 95 c2 68 | 58 ac 83 7b ea 44 f5 75 cc 86 c0 1a 4a 46 5d 59 | 74 75 92 cc 11 d0 f3 08 81 f5 e0 68 4c 91 ef 6d | 6d 06 0e c6 aa a7 8f 67 69 1b 6a d9 69 56 9a 2e | a0 ff 45 c7 45 e7 f5 a5 3b a4 55 99 9f 46 05 49 | 95 f2 5e 1b 92 c9 dc 3d b4 36 75 fa 19 cb 73 ef | e8 ec 05 81 a1 36 fa 3b 81 81 ac 16 67 3b e0 1c | c7 a7 ea 8a 94 77 c1 aa 0c 3c 76 f2 a0 5a a2 7d | 5b 8d 55 3e de ea f0 eb 38 c9 64 1d 60 18 00 36 | 05 e6 20 6f 92 c2 bc d0 99 3b 48 17 73 38 7b fd | 56 58 f9 d1 2a e7 84 12 66 e0 2c bb a5 e9 d8 66 | 10 0c 2a 59 66 d6 e0 8c 60 45 ac ed 35 16 4e 0f | f0 96 b7 d3 fb 0a cb 6b 48 82 fc a0 e4 c7 da 8f | 84 51 7b d0 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 02 18 69 f8 01 00 7e 07 | responder cookie: | e4 b3 2c e9 b6 da 95 3d | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 532 (0x214) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) | start processing: state #1 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_v1_packet() at ikev1.c:1459) | ***parse ISAKMP IKE Fragment Payload: | length: 504 (0x1f8) | fragment id: 1 (0x1) | fragment number: 4 (0x4) | flags: 0 (0x0) | received IKE fragment id '1', number '4' | stop processing: from 192.1.2.45:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.11 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00116 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 112 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 02 18 69 f8 01 00 7e 07 e4 b3 2c e9 b6 da 95 3d | 84 10 02 00 00 00 00 00 00 00 00 70 00 00 00 54 | 00 01 05 01 5c e7 a9 6d 43 20 ae 8a 5c 6e d4 71 | c1 7a 6d a7 23 82 f0 2e d9 b3 d1 ad 0a 43 3d 20 | 85 84 5c f6 24 17 75 ed 08 7d 90 26 41 57 e5 26 | 7d f0 bb 2b f7 f7 ac 0d da 50 d6 92 fd 3a e7 84 | 79 6b 83 91 60 8a 42 e0 46 99 2f 3b 39 ba 10 15 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 02 18 69 f8 01 00 7e 07 | responder cookie: | e4 b3 2c e9 b6 da 95 3d | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 112 (0x70) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) | start processing: state #1 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_v1_packet() at ikev1.c:1459) | ***parse ISAKMP IKE Fragment Payload: | length: 84 (0x54) | fragment id: 1 (0x1) | fragment number: 5 (0x5) | flags: 1 (0x1) | received IKE fragment id '1', number '5'(last) | **parse ISAKMP Message: | initiator cookie: | 02 18 69 f8 01 00 7e 07 | responder cookie: | e4 b3 2c e9 b6 da 95 3d | next payload type: ISAKMP_NEXT_ID (0x5) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 0 (0x0) | length: 2060 (0x80c) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) | [RE]START processing: state #1 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_v1_packet() at ikev1.c:1459) | #1 is idle | #1 idle | received encrypted packet from 192.1.2.45:500 | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x220 opt: 0x20c0 | ***parse ISAKMP Identification Payload: | next payload type: ISAKMP_NEXT_CERT (0x6) | length: 191 (0xbf) | ID type: ID_DER_ASN1_DN (0x9) | DOI specific A: 0 (0x0) | DOI specific B: 0 (0x0) | obj: 30 81 b4 31 0b 30 09 06 03 55 04 06 13 02 43 41 | obj: 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 | obj: 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 | obj: 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c | obj: 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 | obj: 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 | obj: 6e 74 31 23 30 21 06 03 55 04 03 0c 1a 77 65 73 | obj: 74 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 | obj: 77 61 6e 2e 6f 72 67 31 2e 30 2c 06 09 2a 86 48 | obj: 86 f7 0d 01 09 01 16 1f 75 73 65 72 2d 77 65 73 | obj: 74 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 | obj: 77 61 6e 2e 6f 72 67 | got payload 0x40 (ISAKMP_NEXT_CERT) needed: 0x200 opt: 0x20c0 | ***parse ISAKMP Certificate Payload: | next payload type: ISAKMP_NEXT_CR (0x7) | length: 1265 (0x4f1) | cert encoding: CERT_X509_SIGNATURE (0x4) | got payload 0x80 (ISAKMP_NEXT_CR) needed: 0x200 opt: 0x20c0 | ***parse ISAKMP Certificate RequestPayload: | next payload type: ISAKMP_NEXT_SIG (0x9) | length: 180 (0xb4) | cert type: CERT_X509_SIGNATURE (0x4) | got payload 0x200 (ISAKMP_NEXT_SIG) needed: 0x200 opt: 0x20c0 | ***parse ISAKMP Signature Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 388 (0x184) | removing 8 bytes of padding | message 'main_inI3_outR3' HASH payload not checked early | DER ASN1 DN: 30 81 b4 31 0b 30 09 06 03 55 04 06 13 02 43 41 | DER ASN1 DN: 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 | DER ASN1 DN: 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 | DER ASN1 DN: 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c | DER ASN1 DN: 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 | DER ASN1 DN: 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 | DER ASN1 DN: 6e 74 31 23 30 21 06 03 55 04 03 0c 1a 77 65 73 | DER ASN1 DN: 74 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 | DER ASN1 DN: 77 61 6e 2e 6f 72 67 31 2e 30 2c 06 09 2a 86 48 | DER ASN1 DN: 86 f7 0d 01 09 01 16 1f 75 73 65 72 2d 77 65 73 | DER ASN1 DN: 74 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 | DER ASN1 DN: 77 61 6e 2e 6f 72 67 "westnet-eastnet-x509-cr" #1: Peer ID is ID_DER_ASN1_DN: 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west.testing.libreswan.org, E=user-west@testing.libreswan.org' | global one-shot timer EVENT_FREE_ROOT_CERTS scheduled in 300 seconds | #1 spent 0.00405 milliseconds in find_and_verify_certs() calling get_root_certs() | checking for known CERT payloads | saving certificate of type 'X509_SIGNATURE' | decoded cert: E=user-west@testing.libreswan.org,CN=west.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA | #1 spent 0.248 milliseconds in find_and_verify_certs() calling decode_cert_payloads() | cert_issuer_has_current_crl: looking for a CRL issued by E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA | #1 spent 0.0384 milliseconds in find_and_verify_certs() calling crl_update_check() | missing or expired CRL | crl_strict: 0, ocsp: 0, ocsp_strict: 0, ocsp_post: 0 | verify_end_cert trying profile IPsec "westnet-eastnet-x509-cr" #1: Certificate E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA failed IPsec verification "westnet-eastnet-x509-cr" #1: ERROR: The certificate was signed using a signature algorithm that is disabled because it is not secure. | #1 spent 0.368 milliseconds in find_and_verify_certs() calling verify_end_cert() "westnet-eastnet-x509-cr" #1: X509: Certificate rejected for this connection "westnet-eastnet-x509-cr" #1: X509: CERT payload bogus or revoked | Peer ID failed to decode | complete v1 state transition with INVALID_ID_INFORMATION | [RE]START processing: state #1 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in complete_v1_state_transition() at ikev1.c:2673) | #1 is idle "westnet-eastnet-x509-cr" #1: sending encrypted notification INVALID_ID_INFORMATION to 192.1.2.45:500 | **emit ISAKMP Message: | initiator cookie: | 02 18 69 f8 01 00 7e 07 | responder cookie: | e4 b3 2c e9 b6 da 95 3d | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_INFO (0x5) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 3028365556 (0xb48130f4) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'notification msg' | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload | emitting length of ISAKMP Hash Payload: 36 | ***emit ISAKMP Notification Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | DOI: ISAKMP_DOI_IPSEC (0x1) | protocol ID: 1 (0x1) | SPI size: 0 (0x0) | Notify Message Type: INVALID_ID_INFORMATION (0x12) | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Notification Payload (11:ISAKMP_NEXT_N) | next payload chain: saving location 'ISAKMP Notification Payload'.'next payload type' in 'notification msg' | emitting length of ISAKMP Notification Payload: 12 | send notification HASH(1): | 23 15 26 77 90 c9 56 dc 63 f1 8e 0c 7c 3f 91 23 | c2 e7 e6 b6 0b ce 4e 42 ca 87 e9 bd ce 26 0a f9 | no IKEv1 message padding required | emitting length of ISAKMP Message: 76 | sending 76 bytes for notification packet through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #1) | 02 18 69 f8 01 00 7e 07 e4 b3 2c e9 b6 da 95 3d | 08 10 05 01 b4 81 30 f4 00 00 00 4c 66 70 d3 9c | a7 f5 90 56 36 6d ef 4d 97 5d 19 4b e7 0b f9 6e | 44 bf ab e6 8d 55 99 50 4a b4 96 24 e8 44 02 61 | a3 19 f4 1d 76 f8 e1 e3 f8 1b ce e6 | state transition function for STATE_MAIN_R2 failed: INVALID_ID_INFORMATION | #1 spent 1.31 milliseconds in process_packet_tail() | updated IKE fragment state to respond using fragments without waiting for re-transmits | stop processing: from 192.1.2.45:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 1.51 milliseconds in comm_handle_cb() reading and processing packet | timer_event_cb: processing event@0x7fad04002b78 | handling event EVENT_RETRANSMIT for parent state #1 | start processing: state #1 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in timer_event_cb() at timer.c:250) | IKEv1 retransmit event | [RE]START processing: state #1 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in retransmit_v1_msg() at retry.c:61) | handling event EVENT_RETRANSMIT for 192.1.2.45 "westnet-eastnet-x509-cr" #1 keying attempt 0 of 0; retransmit 2 | retransmits: current time 29786.902522; retransmit count 1 exceeds limit? NO; deltatime 1 exceeds limit? NO; monotime 1.004729 exceeds limit? NO | event_schedule: new EVENT_RETRANSMIT-pe@0x55e900762478 | inserting event EVENT_RETRANSMIT, timeout in 1 seconds for #1 | libevent_malloc: new ptr-libevent@0x55e900762ea8 size 128 "westnet-eastnet-x509-cr" #1: STATE_MAIN_R2: retransmission; will wait 1 seconds for response | sending 396 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #1) | 02 18 69 f8 01 00 7e 07 e4 b3 2c e9 b6 da 95 3d | 04 10 02 00 00 00 00 00 00 00 01 8c 0a 00 01 04 | 74 47 b6 8d bb 6e c9 74 8d db 76 e7 a1 6b 55 6f | 9d 4c e4 6d 94 71 b8 86 d5 eb e4 76 25 c7 33 f3 | a0 26 1b c5 27 90 44 3d c9 79 c3 84 de fe 6b 71 | 3a 2a 6e 97 18 37 40 76 d9 03 33 08 70 f3 61 e6 | ec 94 25 1d 9a aa ca 71 c3 8b f9 72 5f 27 0e 1c | 50 c4 fd e7 dd 71 bb 3e 43 5f fb da 23 da 48 3e | e8 3c 92 41 ee ba 74 0b 97 c9 5e 42 3a 56 fc 5f | 2c a2 2f ad 31 aa b4 72 ee d3 bc 8b cf 31 c0 3f | 20 87 2c 89 5e 86 8a e7 85 3f 80 e6 7b ea 80 f7 | e7 71 a7 f6 62 75 fe a6 f6 2f c3 d3 64 af 1e 33 | ee ea 25 63 7f 95 57 36 86 d8 2e aa 44 c1 c6 7c | 93 28 2f 30 b9 c5 39 7e 56 10 0a 46 49 91 bd 22 | 2c d5 2b dc b5 4a f5 75 ac e7 57 bb d5 e2 e4 7b | b4 99 bc cc c2 12 64 6b f2 f1 66 2f 32 63 51 72 | 48 35 eb ee ec 68 2d ab 6f 98 29 6f 69 51 c7 21 | c4 ec a1 b0 e7 73 c6 d3 35 3c 89 e8 ab 26 20 bd | 14 00 00 24 de 13 d0 34 96 1d f6 0c 44 3c 9c 37 | c5 00 04 79 b1 50 24 5b 4d 2e 1a 00 d2 38 f9 78 | d6 ed 5d 38 14 00 00 24 57 31 c8 65 c2 6d 9b 46 | 8e 9f 7a 9d 16 a9 f6 c3 63 11 e5 b3 91 41 9c 0a | ef 8f 9d 08 6d aa f4 89 00 00 00 24 65 b0 e1 12 | a1 66 9e 7c e7 f8 86 fa 67 90 fb 05 a9 2a c6 15 | c3 50 5d 4e 06 13 48 05 4d 9e b1 e4 | libevent_free: release ptr-libevent@0x55e90077c7a8 | free_event_entry: release EVENT_RETRANSMIT-pe@0x7fad04002b78 | #1 spent 0.146 milliseconds in timer_event_cb() EVENT_RETRANSMIT | stop processing: state #1 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in timer_event_cb() at timer.c:557) | spent 0.00203 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 532 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 02 18 69 f8 01 00 7e 07 e4 b3 2c e9 b6 da 95 3d | 84 10 02 00 00 00 00 00 00 00 02 14 00 00 01 f8 | 00 01 01 00 02 18 69 f8 01 00 7e 07 e4 b3 2c e9 | b6 da 95 3d 05 10 02 01 00 00 00 00 00 00 08 0c | 5b cf c5 b9 78 2b 82 71 f5 8c cb 56 ec 6b a8 06 | c6 cb ca cb b5 06 dd f9 fd 0c f6 ba 03 37 a9 92 | c9 8b 71 a9 1b 7e 1f c1 dc 45 d4 f1 91 4d f8 93 | ee 67 8e ed 0d 00 d9 1d 9b 43 38 18 31 6a a4 e5 | 32 47 7b f5 48 b6 28 60 79 58 57 01 b9 ed cf 21 | 86 9b 7a 08 77 1c 0a 60 55 a5 e5 43 51 96 3b a6 | 3e 1c 52 c3 c1 cf cd 79 fa 37 b5 d6 21 d1 fb 70 | d7 f4 c3 74 e5 c4 38 88 6e f7 80 08 f4 e3 5f f7 | 49 75 65 11 07 5d dd be e6 76 d3 4e bd a0 35 7c | ce 80 1c c3 ae c5 b2 1d 62 c1 bd 7a 14 c0 6a 5d | fb 17 08 7a b0 28 48 68 d5 8e 3d 38 a7 48 b3 66 | 98 8a 02 e7 16 7c 7f 3d b1 db 32 7a b4 32 c5 31 | dd a1 3b 8a 6e 18 8e ff 38 85 c9 9b 5c 7f 60 da | 58 b6 5a 4c e2 15 c0 d6 92 df f1 43 fe d3 a5 f1 | 0b e5 8f 9b ec 5c 27 b3 80 25 6b 84 e6 e9 13 86 | ff 17 a2 1c a7 37 28 a8 e3 55 d3 b5 9f 74 8c f5 | 90 2e 4f 0b 0f 31 b1 da 1e 56 7d 95 fc 97 eb be | 57 f3 8d a8 3a f8 00 1a 47 e5 74 45 fc b6 a4 ea | 32 46 b8 db 21 db e3 e4 c3 35 db 0f bc 4c ac 22 | 5c 33 fb 58 0d 8b 05 ec a8 2b e5 c7 46 86 dd 36 | 75 7b 33 db 49 c9 f0 60 e7 b7 77 2e 45 7f f5 9a | cf 58 76 f3 52 14 00 ef 1e ed 17 a2 af f9 51 72 | 4e 2b 95 61 76 91 0d 75 59 35 73 0d 4f 02 50 82 | 75 b0 f0 6a ff 90 4e 9a ec 4f 36 90 0f 9d 6d 30 | 58 ac 9a c0 c4 5d 2b e3 3e 21 c9 76 4f 28 74 04 | e3 c3 fb 67 87 55 16 f6 82 a7 8a 47 3b 37 84 68 | 97 ed a4 8f 88 f1 36 e5 d0 b5 de 32 cc f9 fb 15 | 5b a1 2b 56 6d 51 3f bc 1b cd d2 20 c1 b6 ea 41 | 70 15 32 39 3b f3 cc 5e af db 9d 3a 99 64 ea cd | 26 3a 1f 52 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 02 18 69 f8 01 00 7e 07 | responder cookie: | e4 b3 2c e9 b6 da 95 3d | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 532 (0x214) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) | start processing: state #1 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_v1_packet() at ikev1.c:1459) | ***parse ISAKMP IKE Fragment Payload: | length: 504 (0x1f8) | fragment id: 1 (0x1) | fragment number: 1 (0x1) | flags: 0 (0x0) | received IKE fragment id '1', number '1' | stop processing: from 192.1.2.45:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.155 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00188 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 532 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 02 18 69 f8 01 00 7e 07 e4 b3 2c e9 b6 da 95 3d | 84 10 02 00 00 00 00 00 00 00 02 14 00 00 01 f8 | 00 01 02 00 6d c2 9f 50 ef a0 47 62 7d cc d9 b9 | 92 03 0d e9 0d b0 ad 4f 53 45 a0 4c 7f ba 12 f3 | 8d d7 5c 10 4a 68 a8 a0 e6 1d 6c 71 58 a4 e9 d3 | db de 79 13 34 1c ce 5b 86 e6 8a b0 44 5d ba 23 | 32 ed 4e e1 df 58 ca 47 f3 34 b9 f1 c8 71 76 4d | 20 d0 48 62 03 05 3c 86 42 11 0e 3b 32 78 ee ad | ac ae 28 12 fd ea db 6f bb 28 b7 7d 20 85 db 86 | 37 03 41 5a 5e f1 77 b4 91 46 4c 04 fb c5 8a 1e | 54 b0 6b c0 6a 4e 0b 50 da 48 02 5e 76 b4 1a 2f | 5d 40 b3 0b a3 0c db 49 fa f2 69 23 5c f7 78 0f | dd 54 5d 04 1c c8 ab 37 d3 ce c2 ec 82 c5 1d f3 | 76 58 09 dc 6e a7 e5 dd 23 13 84 b3 27 90 9b fa | cf 1c 88 d9 47 62 d0 25 52 a3 87 24 ca 52 9c 89 | 13 5b 8b 8a 5d 65 23 a7 c7 4f c3 f6 e3 4f 5e 62 | b9 6f d1 42 ab ef 0a e1 af 5c ee fc 03 39 c0 98 | 90 1a c5 69 09 45 ca 3a 30 5f c9 62 75 74 59 68 | 4c e5 bf 3a a0 c3 4a 25 43 01 21 94 a2 1f 86 7a | 08 c6 fe d9 85 a1 d2 6d d9 e5 32 2c a9 13 45 43 | d6 ea 49 e5 22 16 5a 2d 88 30 b6 3c 45 1d 72 93 | 94 83 0e db c9 f1 6e 06 eb 44 29 30 52 4d 1c 8b | 9f ff cf e8 62 66 0e 95 73 a3 41 5e 1b 68 97 8f | dd d7 c3 66 b8 13 e3 e9 98 0a 52 ae a6 ff 11 21 | 20 3e ae 59 fc c2 97 12 22 e0 ae 5e 31 08 fa 64 | d4 7d 18 52 7c 45 d8 73 d2 8d e6 9d a6 14 24 b7 | 00 0b 67 eb c9 fb ae 87 bd d1 49 11 36 a0 51 5c | 54 b9 30 fe 8a 1e 2f b7 dc d7 0d 02 d3 41 54 25 | cc 4c d1 a6 b9 74 b9 8f 8f d6 b8 8a dd 5e 99 48 | c9 2c 57 b7 5a 1c 4a bd f5 3f be be 35 a6 29 e3 | 05 f0 70 ed 1a b3 68 ec de e9 54 38 2a 2c 1a 3c | 65 d0 e1 f1 9e 2e 74 f1 ab 43 97 d7 9b e0 4b 8a | 47 22 e5 b3 1c 32 00 65 36 d6 b2 59 b2 a4 a6 7e | 04 f4 05 f5 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 02 18 69 f8 01 00 7e 07 | responder cookie: | e4 b3 2c e9 b6 da 95 3d | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 532 (0x214) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) | start processing: state #1 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_v1_packet() at ikev1.c:1459) | ***parse ISAKMP IKE Fragment Payload: | length: 504 (0x1f8) | fragment id: 1 (0x1) | fragment number: 2 (0x2) | flags: 0 (0x0) | received IKE fragment id '1', number '2' | stop processing: from 192.1.2.45:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.141 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00152 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 532 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 02 18 69 f8 01 00 7e 07 e4 b3 2c e9 b6 da 95 3d | 84 10 02 00 00 00 00 00 00 00 02 14 00 00 01 f8 | 00 01 03 00 c7 ff 62 c3 72 c0 82 58 8b d0 a7 cd | 00 2e f6 01 3f 04 32 07 4d 38 85 18 92 cf 86 a1 | 60 3f 6c 01 56 80 aa b4 ec 73 79 2a 34 77 a4 aa | ca 7d b7 f5 a7 cc ad a8 90 a8 28 c3 e1 5b 3f ea | 47 b4 f1 f5 35 59 57 5c 8f 2b 19 76 18 9e d7 c6 | a7 e9 5b 7f e7 dc 9c 7b cf f3 a7 15 03 78 6f 8c | 18 5c 39 9c 27 80 27 d4 60 c2 35 9c 13 5d 5c c8 | c0 ca 1e b4 2e 09 46 44 0d d0 6a b7 72 48 19 10 | a0 6a 02 1c 9c ec 9d 54 6e 08 03 a9 bc cc c3 4f | aa 7c 91 2a cb 18 dd d5 66 6a 39 2a fe 05 81 b5 | 42 d0 e3 7a a6 59 39 3f 0a 39 7f 7a 76 cb fd 73 | 0b 5e 57 87 30 1c a0 8b ab 0d 95 01 be b2 a3 58 | b2 8b ac 25 64 8d a5 d6 d4 77 f0 ba fa f3 26 81 | af a2 ab a0 c3 33 b4 6f 76 54 f0 57 00 40 ac ec | a1 c1 52 3a 7c 89 18 84 91 df 4d 8a f7 29 c8 1c | 99 1d cd 72 ea 34 84 22 11 12 c7 0f 16 3f f3 ba | 0a 85 ca cd 34 a4 f5 a6 b7 f8 53 86 3c 52 fd b1 | 9b 57 e7 85 97 93 4b 25 69 04 02 52 5d 8c f9 cf | ce 7d 85 08 6c fa ea 59 77 e5 cd ba 9d 91 5c 06 | 43 6b b5 a0 37 88 cd 25 5c 3f d1 64 78 93 78 e8 | 3e df e8 af 33 a3 5c 45 b8 ff 23 a7 cf d9 3c ff | b4 21 51 2a 31 23 06 43 3b 3c 23 48 84 13 f9 a5 | 59 cb a0 1e 35 f6 e6 86 9b 18 8d b9 9c a7 7c 87 | 9e d4 2f d8 0b b1 ce 96 55 94 62 c0 35 8f 1f 37 | a4 b3 8a 0d b4 9a 6e 9d 6c cd d3 92 50 91 42 4f | 53 b1 9c 18 80 45 03 60 21 ce eb cc 8a 8e 6d 1a | d5 f6 4e b5 4a dd b9 0c 93 26 74 4b 67 18 00 2e | 77 d1 2b 59 40 f3 6e 6e fa 03 62 bb 8d 05 2b 6f | 58 95 88 8f 88 e6 7e 6b 3e 71 20 fe 85 ca bf a0 | e1 86 50 bb 72 a0 f0 4b f2 42 cb f6 d5 c4 dc b2 | c1 ca 92 5e 2d bb 1e ef 5e fb ab d7 be 4b 9f 2e | eb 39 ed 3b | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 02 18 69 f8 01 00 7e 07 | responder cookie: | e4 b3 2c e9 b6 da 95 3d | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 532 (0x214) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) | start processing: state #1 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_v1_packet() at ikev1.c:1459) | ***parse ISAKMP IKE Fragment Payload: | length: 504 (0x1f8) | fragment id: 1 (0x1) | fragment number: 3 (0x3) | flags: 0 (0x0) | received IKE fragment id '1', number '3' | stop processing: from 192.1.2.45:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.134 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00128 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 532 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 02 18 69 f8 01 00 7e 07 e4 b3 2c e9 b6 da 95 3d | 84 10 02 00 00 00 00 00 00 00 02 14 00 00 01 f8 | 00 01 04 00 03 b4 2b e9 a9 12 da 5a b1 8e ea a5 | 16 a1 54 d2 c2 79 58 19 4b 67 5f a5 95 c8 6f 5f | b2 21 16 f6 98 06 be a1 47 c7 ff f0 5f dd bc f5 | b6 33 fd cf 98 27 c0 ce 15 34 e7 66 d5 e7 79 22 | 74 60 61 14 39 15 e0 45 1b 7a d5 55 6b 09 1c e2 | 66 a5 e5 fd 8a 22 c1 c0 05 3f 11 73 d7 d2 51 dc | 0d eb 25 7f 8b d5 68 e1 e6 72 4d 23 59 4f 2d ab | 06 bb 19 c8 a3 08 16 92 75 90 c3 55 b2 41 91 43 | 12 41 b1 1b 59 56 30 f6 ae c4 05 7b 4a 0c 50 ca | 07 f4 4d d7 a3 a5 ee e8 49 b0 36 bd 57 f7 85 66 | 98 7e 1b 4e 04 65 52 41 7e 7a cb d3 a3 0b ab 67 | 05 de 36 42 f0 02 64 bc 08 70 46 f2 d1 f4 4f 7c | 33 78 5b ea 63 75 49 ad 05 84 38 68 c7 5c be 0b | 07 3e cb 9c 7a 5b c4 8d 96 9e 5a 1d 7c 80 af 99 | d5 d1 9d 09 6b b9 94 1a 59 fe b9 e7 4c cb 39 ba | 51 c4 6c 45 80 be 01 31 28 39 5a 58 a8 4f 9d 34 | 65 ed ba 7c 3b c5 f0 9c 98 0d 88 f5 b0 ac bb 6f | df 39 e8 e8 40 e2 fc e6 1f ab 68 cb ca ab 37 dd | 18 3d a6 df 34 2a 90 15 fa 1e 5d a5 66 95 c2 68 | 58 ac 83 7b ea 44 f5 75 cc 86 c0 1a 4a 46 5d 59 | 74 75 92 cc 11 d0 f3 08 81 f5 e0 68 4c 91 ef 6d | 6d 06 0e c6 aa a7 8f 67 69 1b 6a d9 69 56 9a 2e | a0 ff 45 c7 45 e7 f5 a5 3b a4 55 99 9f 46 05 49 | 95 f2 5e 1b 92 c9 dc 3d b4 36 75 fa 19 cb 73 ef | e8 ec 05 81 a1 36 fa 3b 81 81 ac 16 67 3b e0 1c | c7 a7 ea 8a 94 77 c1 aa 0c 3c 76 f2 a0 5a a2 7d | 5b 8d 55 3e de ea f0 eb 38 c9 64 1d 60 18 00 36 | 05 e6 20 6f 92 c2 bc d0 99 3b 48 17 73 38 7b fd | 56 58 f9 d1 2a e7 84 12 66 e0 2c bb a5 e9 d8 66 | 10 0c 2a 59 66 d6 e0 8c 60 45 ac ed 35 16 4e 0f | f0 96 b7 d3 fb 0a cb 6b 48 82 fc a0 e4 c7 da 8f | 84 51 7b d0 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 02 18 69 f8 01 00 7e 07 | responder cookie: | e4 b3 2c e9 b6 da 95 3d | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 532 (0x214) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) | start processing: state #1 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_v1_packet() at ikev1.c:1459) | ***parse ISAKMP IKE Fragment Payload: | length: 504 (0x1f8) | fragment id: 1 (0x1) | fragment number: 4 (0x4) | flags: 0 (0x0) | received IKE fragment id '1', number '4' | stop processing: from 192.1.2.45:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.112 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00122 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 112 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 02 18 69 f8 01 00 7e 07 e4 b3 2c e9 b6 da 95 3d | 84 10 02 00 00 00 00 00 00 00 00 70 00 00 00 54 | 00 01 05 01 5c e7 a9 6d 43 20 ae 8a 5c 6e d4 71 | c1 7a 6d a7 23 82 f0 2e d9 b3 d1 ad 0a 43 3d 20 | 85 84 5c f6 24 17 75 ed 08 7d 90 26 41 57 e5 26 | 7d f0 bb 2b f7 f7 ac 0d da 50 d6 92 fd 3a e7 84 | 79 6b 83 91 60 8a 42 e0 46 99 2f 3b 39 ba 10 15 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 02 18 69 f8 01 00 7e 07 | responder cookie: | e4 b3 2c e9 b6 da 95 3d | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 112 (0x70) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) | start processing: state #1 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_v1_packet() at ikev1.c:1459) | ***parse ISAKMP IKE Fragment Payload: | length: 84 (0x54) | fragment id: 1 (0x1) | fragment number: 5 (0x5) | flags: 1 (0x1) | received IKE fragment id '1', number '5'(last) | **parse ISAKMP Message: | initiator cookie: | 02 18 69 f8 01 00 7e 07 | responder cookie: | e4 b3 2c e9 b6 da 95 3d | next payload type: ISAKMP_NEXT_ID (0x5) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 0 (0x0) | length: 2060 (0x80c) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) | [RE]START processing: state #1 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_v1_packet() at ikev1.c:1459) | #1 is idle | #1 idle | received encrypted packet from 192.1.2.45:500 | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x220 opt: 0x20c0 | ***parse ISAKMP Identification Payload: | next payload type: ISAKMP_NEXT_CERT (0x6) | length: 191 (0xbf) | ID type: ID_DER_ASN1_DN (0x9) | DOI specific A: 0 (0x0) | DOI specific B: 0 (0x0) | obj: 30 81 b4 31 0b 30 09 06 03 55 04 06 13 02 43 41 | obj: 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 | obj: 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 | obj: 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c | obj: 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 | obj: 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 | obj: 6e 74 31 23 30 21 06 03 55 04 03 0c 1a 77 65 73 | obj: 74 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 | obj: 77 61 6e 2e 6f 72 67 31 2e 30 2c 06 09 2a 86 48 | obj: 86 f7 0d 01 09 01 16 1f 75 73 65 72 2d 77 65 73 | obj: 74 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 | obj: 77 61 6e 2e 6f 72 67 | got payload 0x40 (ISAKMP_NEXT_CERT) needed: 0x200 opt: 0x20c0 | ***parse ISAKMP Certificate Payload: | next payload type: ISAKMP_NEXT_CR (0x7) | length: 1265 (0x4f1) | cert encoding: CERT_X509_SIGNATURE (0x4) | got payload 0x80 (ISAKMP_NEXT_CR) needed: 0x200 opt: 0x20c0 | ***parse ISAKMP Certificate RequestPayload: | next payload type: ISAKMP_NEXT_SIG (0x9) | length: 180 (0xb4) | cert type: CERT_X509_SIGNATURE (0x4) | got payload 0x200 (ISAKMP_NEXT_SIG) needed: 0x200 opt: 0x20c0 | ***parse ISAKMP Signature Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 388 (0x184) | removing 8 bytes of padding | message 'main_inI3_outR3' HASH payload not checked early | DER ASN1 DN: 30 81 b4 31 0b 30 09 06 03 55 04 06 13 02 43 41 | DER ASN1 DN: 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 | DER ASN1 DN: 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 | DER ASN1 DN: 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c | DER ASN1 DN: 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 | DER ASN1 DN: 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 | DER ASN1 DN: 6e 74 31 23 30 21 06 03 55 04 03 0c 1a 77 65 73 | DER ASN1 DN: 74 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 | DER ASN1 DN: 77 61 6e 2e 6f 72 67 31 2e 30 2c 06 09 2a 86 48 | DER ASN1 DN: 86 f7 0d 01 09 01 16 1f 75 73 65 72 2d 77 65 73 | DER ASN1 DN: 74 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 | DER ASN1 DN: 77 61 6e 2e 6f 72 67 "westnet-eastnet-x509-cr" #1: Peer ID is ID_DER_ASN1_DN: 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west.testing.libreswan.org, E=user-west@testing.libreswan.org' | global one-shot timer EVENT_FREE_ROOT_CERTS scheduled in 300 seconds | #1 spent 0.00485 milliseconds in find_and_verify_certs() calling get_root_certs() | checking for known CERT payloads | saving certificate of type 'X509_SIGNATURE' | decoded cert: E=user-west@testing.libreswan.org,CN=west.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA | #1 spent 0.427 milliseconds in find_and_verify_certs() calling decode_cert_payloads() | cert_issuer_has_current_crl: looking for a CRL issued by E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA | #1 spent 0.0452 milliseconds in find_and_verify_certs() calling crl_update_check() | missing or expired CRL | crl_strict: 0, ocsp: 0, ocsp_strict: 0, ocsp_post: 0 | verify_end_cert trying profile IPsec "westnet-eastnet-x509-cr" #1: Certificate E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA failed IPsec verification "westnet-eastnet-x509-cr" #1: ERROR: The certificate was signed using a signature algorithm that is disabled because it is not secure. | #1 spent 0.374 milliseconds in find_and_verify_certs() calling verify_end_cert() "westnet-eastnet-x509-cr" #1: X509: Certificate rejected for this connection "westnet-eastnet-x509-cr" #1: X509: CERT payload bogus or revoked | Peer ID failed to decode | complete v1 state transition with INVALID_ID_INFORMATION | [RE]START processing: state #1 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in complete_v1_state_transition() at ikev1.c:2673) | #1 is idle "westnet-eastnet-x509-cr" #1: sending encrypted notification INVALID_ID_INFORMATION to 192.1.2.45:500 | **emit ISAKMP Message: | initiator cookie: | 02 18 69 f8 01 00 7e 07 | responder cookie: | e4 b3 2c e9 b6 da 95 3d | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_INFO (0x5) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 1461481269 (0x571c6f35) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'notification msg' | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload | emitting length of ISAKMP Hash Payload: 36 | ***emit ISAKMP Notification Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | DOI: ISAKMP_DOI_IPSEC (0x1) | protocol ID: 1 (0x1) | SPI size: 0 (0x0) | Notify Message Type: INVALID_ID_INFORMATION (0x12) | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Notification Payload (11:ISAKMP_NEXT_N) | next payload chain: saving location 'ISAKMP Notification Payload'.'next payload type' in 'notification msg' | emitting length of ISAKMP Notification Payload: 12 | send notification HASH(1): | ef 12 92 6c c1 6e 7d 21 4a c6 8e 20 bb 2f bc 2e | 91 fa de 64 48 55 d4 8b 77 fe 6f 82 cd 43 8f f4 | no IKEv1 message padding required | emitting length of ISAKMP Message: 76 | sending 76 bytes for notification packet through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #1) | 02 18 69 f8 01 00 7e 07 e4 b3 2c e9 b6 da 95 3d | 08 10 05 01 57 1c 6f 35 00 00 00 4c 49 3c b6 13 | c5 05 9a 09 70 d8 50 bb d8 5f d3 84 27 27 94 b5 | 01 cf 68 5f e9 14 a9 ad 62 c0 89 02 ce 9f 53 4f | 5f 0a e0 82 95 88 d1 db e0 82 68 a5 | state transition function for STATE_MAIN_R2 failed: INVALID_ID_INFORMATION | #1 spent 1.19 milliseconds in process_packet_tail() | updated IKE fragment state to respond using fragments without waiting for re-transmits | stop processing: from 192.1.2.45:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 1.39 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00247 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 532 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 02 18 69 f8 01 00 7e 07 e4 b3 2c e9 b6 da 95 3d | 84 10 02 00 00 00 00 00 00 00 02 14 00 00 01 f8 | 00 01 01 00 02 18 69 f8 01 00 7e 07 e4 b3 2c e9 | b6 da 95 3d 05 10 02 01 00 00 00 00 00 00 08 0c | 5b cf c5 b9 78 2b 82 71 f5 8c cb 56 ec 6b a8 06 | c6 cb ca cb b5 06 dd f9 fd 0c f6 ba 03 37 a9 92 | c9 8b 71 a9 1b 7e 1f c1 dc 45 d4 f1 91 4d f8 93 | ee 67 8e ed 0d 00 d9 1d 9b 43 38 18 31 6a a4 e5 | 32 47 7b f5 48 b6 28 60 79 58 57 01 b9 ed cf 21 | 86 9b 7a 08 77 1c 0a 60 55 a5 e5 43 51 96 3b a6 | 3e 1c 52 c3 c1 cf cd 79 fa 37 b5 d6 21 d1 fb 70 | d7 f4 c3 74 e5 c4 38 88 6e f7 80 08 f4 e3 5f f7 | 49 75 65 11 07 5d dd be e6 76 d3 4e bd a0 35 7c | ce 80 1c c3 ae c5 b2 1d 62 c1 bd 7a 14 c0 6a 5d | fb 17 08 7a b0 28 48 68 d5 8e 3d 38 a7 48 b3 66 | 98 8a 02 e7 16 7c 7f 3d b1 db 32 7a b4 32 c5 31 | dd a1 3b 8a 6e 18 8e ff 38 85 c9 9b 5c 7f 60 da | 58 b6 5a 4c e2 15 c0 d6 92 df f1 43 fe d3 a5 f1 | 0b e5 8f 9b ec 5c 27 b3 80 25 6b 84 e6 e9 13 86 | ff 17 a2 1c a7 37 28 a8 e3 55 d3 b5 9f 74 8c f5 | 90 2e 4f 0b 0f 31 b1 da 1e 56 7d 95 fc 97 eb be | 57 f3 8d a8 3a f8 00 1a 47 e5 74 45 fc b6 a4 ea | 32 46 b8 db 21 db e3 e4 c3 35 db 0f bc 4c ac 22 | 5c 33 fb 58 0d 8b 05 ec a8 2b e5 c7 46 86 dd 36 | 75 7b 33 db 49 c9 f0 60 e7 b7 77 2e 45 7f f5 9a | cf 58 76 f3 52 14 00 ef 1e ed 17 a2 af f9 51 72 | 4e 2b 95 61 76 91 0d 75 59 35 73 0d 4f 02 50 82 | 75 b0 f0 6a ff 90 4e 9a ec 4f 36 90 0f 9d 6d 30 | 58 ac 9a c0 c4 5d 2b e3 3e 21 c9 76 4f 28 74 04 | e3 c3 fb 67 87 55 16 f6 82 a7 8a 47 3b 37 84 68 | 97 ed a4 8f 88 f1 36 e5 d0 b5 de 32 cc f9 fb 15 | 5b a1 2b 56 6d 51 3f bc 1b cd d2 20 c1 b6 ea 41 | 70 15 32 39 3b f3 cc 5e af db 9d 3a 99 64 ea cd | 26 3a 1f 52 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 02 18 69 f8 01 00 7e 07 | responder cookie: | e4 b3 2c e9 b6 da 95 3d | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 532 (0x214) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) | start processing: state #1 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_v1_packet() at ikev1.c:1459) | ***parse ISAKMP IKE Fragment Payload: | length: 504 (0x1f8) | fragment id: 1 (0x1) | fragment number: 1 (0x1) | flags: 0 (0x0) | received IKE fragment id '1', number '1' | stop processing: from 192.1.2.45:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.131 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00124 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 532 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 02 18 69 f8 01 00 7e 07 e4 b3 2c e9 b6 da 95 3d | 84 10 02 00 00 00 00 00 00 00 02 14 00 00 01 f8 | 00 01 02 00 6d c2 9f 50 ef a0 47 62 7d cc d9 b9 | 92 03 0d e9 0d b0 ad 4f 53 45 a0 4c 7f ba 12 f3 | 8d d7 5c 10 4a 68 a8 a0 e6 1d 6c 71 58 a4 e9 d3 | db de 79 13 34 1c ce 5b 86 e6 8a b0 44 5d ba 23 | 32 ed 4e e1 df 58 ca 47 f3 34 b9 f1 c8 71 76 4d | 20 d0 48 62 03 05 3c 86 42 11 0e 3b 32 78 ee ad | ac ae 28 12 fd ea db 6f bb 28 b7 7d 20 85 db 86 | 37 03 41 5a 5e f1 77 b4 91 46 4c 04 fb c5 8a 1e | 54 b0 6b c0 6a 4e 0b 50 da 48 02 5e 76 b4 1a 2f | 5d 40 b3 0b a3 0c db 49 fa f2 69 23 5c f7 78 0f | dd 54 5d 04 1c c8 ab 37 d3 ce c2 ec 82 c5 1d f3 | 76 58 09 dc 6e a7 e5 dd 23 13 84 b3 27 90 9b fa | cf 1c 88 d9 47 62 d0 25 52 a3 87 24 ca 52 9c 89 | 13 5b 8b 8a 5d 65 23 a7 c7 4f c3 f6 e3 4f 5e 62 | b9 6f d1 42 ab ef 0a e1 af 5c ee fc 03 39 c0 98 | 90 1a c5 69 09 45 ca 3a 30 5f c9 62 75 74 59 68 | 4c e5 bf 3a a0 c3 4a 25 43 01 21 94 a2 1f 86 7a | 08 c6 fe d9 85 a1 d2 6d d9 e5 32 2c a9 13 45 43 | d6 ea 49 e5 22 16 5a 2d 88 30 b6 3c 45 1d 72 93 | 94 83 0e db c9 f1 6e 06 eb 44 29 30 52 4d 1c 8b | 9f ff cf e8 62 66 0e 95 73 a3 41 5e 1b 68 97 8f | dd d7 c3 66 b8 13 e3 e9 98 0a 52 ae a6 ff 11 21 | 20 3e ae 59 fc c2 97 12 22 e0 ae 5e 31 08 fa 64 | d4 7d 18 52 7c 45 d8 73 d2 8d e6 9d a6 14 24 b7 | 00 0b 67 eb c9 fb ae 87 bd d1 49 11 36 a0 51 5c | 54 b9 30 fe 8a 1e 2f b7 dc d7 0d 02 d3 41 54 25 | cc 4c d1 a6 b9 74 b9 8f 8f d6 b8 8a dd 5e 99 48 | c9 2c 57 b7 5a 1c 4a bd f5 3f be be 35 a6 29 e3 | 05 f0 70 ed 1a b3 68 ec de e9 54 38 2a 2c 1a 3c | 65 d0 e1 f1 9e 2e 74 f1 ab 43 97 d7 9b e0 4b 8a | 47 22 e5 b3 1c 32 00 65 36 d6 b2 59 b2 a4 a6 7e | 04 f4 05 f5 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 02 18 69 f8 01 00 7e 07 | responder cookie: | e4 b3 2c e9 b6 da 95 3d | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 532 (0x214) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) | start processing: state #1 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_v1_packet() at ikev1.c:1459) | ***parse ISAKMP IKE Fragment Payload: | length: 504 (0x1f8) | fragment id: 1 (0x1) | fragment number: 2 (0x2) | flags: 0 (0x0) | received IKE fragment id '1', number '2' | stop processing: from 192.1.2.45:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.113 milliseconds in comm_handle_cb() reading and processing packet | spent 0.0012 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 532 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 02 18 69 f8 01 00 7e 07 e4 b3 2c e9 b6 da 95 3d | 84 10 02 00 00 00 00 00 00 00 02 14 00 00 01 f8 | 00 01 03 00 c7 ff 62 c3 72 c0 82 58 8b d0 a7 cd | 00 2e f6 01 3f 04 32 07 4d 38 85 18 92 cf 86 a1 | 60 3f 6c 01 56 80 aa b4 ec 73 79 2a 34 77 a4 aa | ca 7d b7 f5 a7 cc ad a8 90 a8 28 c3 e1 5b 3f ea | 47 b4 f1 f5 35 59 57 5c 8f 2b 19 76 18 9e d7 c6 | a7 e9 5b 7f e7 dc 9c 7b cf f3 a7 15 03 78 6f 8c | 18 5c 39 9c 27 80 27 d4 60 c2 35 9c 13 5d 5c c8 | c0 ca 1e b4 2e 09 46 44 0d d0 6a b7 72 48 19 10 | a0 6a 02 1c 9c ec 9d 54 6e 08 03 a9 bc cc c3 4f | aa 7c 91 2a cb 18 dd d5 66 6a 39 2a fe 05 81 b5 | 42 d0 e3 7a a6 59 39 3f 0a 39 7f 7a 76 cb fd 73 | 0b 5e 57 87 30 1c a0 8b ab 0d 95 01 be b2 a3 58 | b2 8b ac 25 64 8d a5 d6 d4 77 f0 ba fa f3 26 81 | af a2 ab a0 c3 33 b4 6f 76 54 f0 57 00 40 ac ec | a1 c1 52 3a 7c 89 18 84 91 df 4d 8a f7 29 c8 1c | 99 1d cd 72 ea 34 84 22 11 12 c7 0f 16 3f f3 ba | 0a 85 ca cd 34 a4 f5 a6 b7 f8 53 86 3c 52 fd b1 | 9b 57 e7 85 97 93 4b 25 69 04 02 52 5d 8c f9 cf | ce 7d 85 08 6c fa ea 59 77 e5 cd ba 9d 91 5c 06 | 43 6b b5 a0 37 88 cd 25 5c 3f d1 64 78 93 78 e8 | 3e df e8 af 33 a3 5c 45 b8 ff 23 a7 cf d9 3c ff | b4 21 51 2a 31 23 06 43 3b 3c 23 48 84 13 f9 a5 | 59 cb a0 1e 35 f6 e6 86 9b 18 8d b9 9c a7 7c 87 | 9e d4 2f d8 0b b1 ce 96 55 94 62 c0 35 8f 1f 37 | a4 b3 8a 0d b4 9a 6e 9d 6c cd d3 92 50 91 42 4f | 53 b1 9c 18 80 45 03 60 21 ce eb cc 8a 8e 6d 1a | d5 f6 4e b5 4a dd b9 0c 93 26 74 4b 67 18 00 2e | 77 d1 2b 59 40 f3 6e 6e fa 03 62 bb 8d 05 2b 6f | 58 95 88 8f 88 e6 7e 6b 3e 71 20 fe 85 ca bf a0 | e1 86 50 bb 72 a0 f0 4b f2 42 cb f6 d5 c4 dc b2 | c1 ca 92 5e 2d bb 1e ef 5e fb ab d7 be 4b 9f 2e | eb 39 ed 3b | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 02 18 69 f8 01 00 7e 07 | responder cookie: | e4 b3 2c e9 b6 da 95 3d | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 532 (0x214) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) | start processing: state #1 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_v1_packet() at ikev1.c:1459) | ***parse ISAKMP IKE Fragment Payload: | length: 504 (0x1f8) | fragment id: 1 (0x1) | fragment number: 3 (0x3) | flags: 0 (0x0) | received IKE fragment id '1', number '3' | stop processing: from 192.1.2.45:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.114 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00116 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 532 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 02 18 69 f8 01 00 7e 07 e4 b3 2c e9 b6 da 95 3d | 84 10 02 00 00 00 00 00 00 00 02 14 00 00 01 f8 | 00 01 04 00 03 b4 2b e9 a9 12 da 5a b1 8e ea a5 | 16 a1 54 d2 c2 79 58 19 4b 67 5f a5 95 c8 6f 5f | b2 21 16 f6 98 06 be a1 47 c7 ff f0 5f dd bc f5 | b6 33 fd cf 98 27 c0 ce 15 34 e7 66 d5 e7 79 22 | 74 60 61 14 39 15 e0 45 1b 7a d5 55 6b 09 1c e2 | 66 a5 e5 fd 8a 22 c1 c0 05 3f 11 73 d7 d2 51 dc | 0d eb 25 7f 8b d5 68 e1 e6 72 4d 23 59 4f 2d ab | 06 bb 19 c8 a3 08 16 92 75 90 c3 55 b2 41 91 43 | 12 41 b1 1b 59 56 30 f6 ae c4 05 7b 4a 0c 50 ca | 07 f4 4d d7 a3 a5 ee e8 49 b0 36 bd 57 f7 85 66 | 98 7e 1b 4e 04 65 52 41 7e 7a cb d3 a3 0b ab 67 | 05 de 36 42 f0 02 64 bc 08 70 46 f2 d1 f4 4f 7c | 33 78 5b ea 63 75 49 ad 05 84 38 68 c7 5c be 0b | 07 3e cb 9c 7a 5b c4 8d 96 9e 5a 1d 7c 80 af 99 | d5 d1 9d 09 6b b9 94 1a 59 fe b9 e7 4c cb 39 ba | 51 c4 6c 45 80 be 01 31 28 39 5a 58 a8 4f 9d 34 | 65 ed ba 7c 3b c5 f0 9c 98 0d 88 f5 b0 ac bb 6f | df 39 e8 e8 40 e2 fc e6 1f ab 68 cb ca ab 37 dd | 18 3d a6 df 34 2a 90 15 fa 1e 5d a5 66 95 c2 68 | 58 ac 83 7b ea 44 f5 75 cc 86 c0 1a 4a 46 5d 59 | 74 75 92 cc 11 d0 f3 08 81 f5 e0 68 4c 91 ef 6d | 6d 06 0e c6 aa a7 8f 67 69 1b 6a d9 69 56 9a 2e | a0 ff 45 c7 45 e7 f5 a5 3b a4 55 99 9f 46 05 49 | 95 f2 5e 1b 92 c9 dc 3d b4 36 75 fa 19 cb 73 ef | e8 ec 05 81 a1 36 fa 3b 81 81 ac 16 67 3b e0 1c | c7 a7 ea 8a 94 77 c1 aa 0c 3c 76 f2 a0 5a a2 7d | 5b 8d 55 3e de ea f0 eb 38 c9 64 1d 60 18 00 36 | 05 e6 20 6f 92 c2 bc d0 99 3b 48 17 73 38 7b fd | 56 58 f9 d1 2a e7 84 12 66 e0 2c bb a5 e9 d8 66 | 10 0c 2a 59 66 d6 e0 8c 60 45 ac ed 35 16 4e 0f | f0 96 b7 d3 fb 0a cb 6b 48 82 fc a0 e4 c7 da 8f | 84 51 7b d0 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 02 18 69 f8 01 00 7e 07 | responder cookie: | e4 b3 2c e9 b6 da 95 3d | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 532 (0x214) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) | start processing: state #1 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_v1_packet() at ikev1.c:1459) | ***parse ISAKMP IKE Fragment Payload: | length: 504 (0x1f8) | fragment id: 1 (0x1) | fragment number: 4 (0x4) | flags: 0 (0x0) | received IKE fragment id '1', number '4' | stop processing: from 192.1.2.45:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.113 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00115 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 112 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 02 18 69 f8 01 00 7e 07 e4 b3 2c e9 b6 da 95 3d | 84 10 02 00 00 00 00 00 00 00 00 70 00 00 00 54 | 00 01 05 01 5c e7 a9 6d 43 20 ae 8a 5c 6e d4 71 | c1 7a 6d a7 23 82 f0 2e d9 b3 d1 ad 0a 43 3d 20 | 85 84 5c f6 24 17 75 ed 08 7d 90 26 41 57 e5 26 | 7d f0 bb 2b f7 f7 ac 0d da 50 d6 92 fd 3a e7 84 | 79 6b 83 91 60 8a 42 e0 46 99 2f 3b 39 ba 10 15 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 02 18 69 f8 01 00 7e 07 | responder cookie: | e4 b3 2c e9 b6 da 95 3d | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 112 (0x70) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) | start processing: state #1 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_v1_packet() at ikev1.c:1459) | ***parse ISAKMP IKE Fragment Payload: | length: 84 (0x54) | fragment id: 1 (0x1) | fragment number: 5 (0x5) | flags: 1 (0x1) | received IKE fragment id '1', number '5'(last) | **parse ISAKMP Message: | initiator cookie: | 02 18 69 f8 01 00 7e 07 | responder cookie: | e4 b3 2c e9 b6 da 95 3d | next payload type: ISAKMP_NEXT_ID (0x5) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 0 (0x0) | length: 2060 (0x80c) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) | [RE]START processing: state #1 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_v1_packet() at ikev1.c:1459) | #1 is idle | #1 idle | received encrypted packet from 192.1.2.45:500 | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x220 opt: 0x20c0 | ***parse ISAKMP Identification Payload: | next payload type: ISAKMP_NEXT_CERT (0x6) | length: 191 (0xbf) | ID type: ID_DER_ASN1_DN (0x9) | DOI specific A: 0 (0x0) | DOI specific B: 0 (0x0) | obj: 30 81 b4 31 0b 30 09 06 03 55 04 06 13 02 43 41 | obj: 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 | obj: 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 | obj: 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c | obj: 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 | obj: 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 | obj: 6e 74 31 23 30 21 06 03 55 04 03 0c 1a 77 65 73 | obj: 74 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 | obj: 77 61 6e 2e 6f 72 67 31 2e 30 2c 06 09 2a 86 48 | obj: 86 f7 0d 01 09 01 16 1f 75 73 65 72 2d 77 65 73 | obj: 74 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 | obj: 77 61 6e 2e 6f 72 67 | got payload 0x40 (ISAKMP_NEXT_CERT) needed: 0x200 opt: 0x20c0 | ***parse ISAKMP Certificate Payload: | next payload type: ISAKMP_NEXT_CR (0x7) | length: 1265 (0x4f1) | cert encoding: CERT_X509_SIGNATURE (0x4) | got payload 0x80 (ISAKMP_NEXT_CR) needed: 0x200 opt: 0x20c0 | ***parse ISAKMP Certificate RequestPayload: | next payload type: ISAKMP_NEXT_SIG (0x9) | length: 180 (0xb4) | cert type: CERT_X509_SIGNATURE (0x4) | got payload 0x200 (ISAKMP_NEXT_SIG) needed: 0x200 opt: 0x20c0 | ***parse ISAKMP Signature Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 388 (0x184) | removing 8 bytes of padding | message 'main_inI3_outR3' HASH payload not checked early | DER ASN1 DN: 30 81 b4 31 0b 30 09 06 03 55 04 06 13 02 43 41 | DER ASN1 DN: 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 | DER ASN1 DN: 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 | DER ASN1 DN: 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c | DER ASN1 DN: 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 | DER ASN1 DN: 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 | DER ASN1 DN: 6e 74 31 23 30 21 06 03 55 04 03 0c 1a 77 65 73 | DER ASN1 DN: 74 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 | DER ASN1 DN: 77 61 6e 2e 6f 72 67 31 2e 30 2c 06 09 2a 86 48 | DER ASN1 DN: 86 f7 0d 01 09 01 16 1f 75 73 65 72 2d 77 65 73 | DER ASN1 DN: 74 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 | DER ASN1 DN: 77 61 6e 2e 6f 72 67 "westnet-eastnet-x509-cr" #1: Peer ID is ID_DER_ASN1_DN: 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west.testing.libreswan.org, E=user-west@testing.libreswan.org' | global one-shot timer EVENT_FREE_ROOT_CERTS scheduled in 300 seconds | #1 spent 0.00479 milliseconds in find_and_verify_certs() calling get_root_certs() | checking for known CERT payloads | saving certificate of type 'X509_SIGNATURE' | decoded cert: E=user-west@testing.libreswan.org,CN=west.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA | #1 spent 0.353 milliseconds in find_and_verify_certs() calling decode_cert_payloads() | cert_issuer_has_current_crl: looking for a CRL issued by E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA | #1 spent 0.0384 milliseconds in find_and_verify_certs() calling crl_update_check() | missing or expired CRL | crl_strict: 0, ocsp: 0, ocsp_strict: 0, ocsp_post: 0 | verify_end_cert trying profile IPsec "westnet-eastnet-x509-cr" #1: Certificate E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA failed IPsec verification "westnet-eastnet-x509-cr" #1: ERROR: The certificate was signed using a signature algorithm that is disabled because it is not secure. | #1 spent 0.359 milliseconds in find_and_verify_certs() calling verify_end_cert() "westnet-eastnet-x509-cr" #1: X509: Certificate rejected for this connection "westnet-eastnet-x509-cr" #1: X509: CERT payload bogus or revoked | Peer ID failed to decode | complete v1 state transition with INVALID_ID_INFORMATION | [RE]START processing: state #1 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in complete_v1_state_transition() at ikev1.c:2673) | #1 is idle "westnet-eastnet-x509-cr" #1: sending encrypted notification INVALID_ID_INFORMATION to 192.1.2.45:500 | **emit ISAKMP Message: | initiator cookie: | 02 18 69 f8 01 00 7e 07 | responder cookie: | e4 b3 2c e9 b6 da 95 3d | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_INFO (0x5) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 1158649939 (0x450f9853) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'notification msg' | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload | emitting length of ISAKMP Hash Payload: 36 | ***emit ISAKMP Notification Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | DOI: ISAKMP_DOI_IPSEC (0x1) | protocol ID: 1 (0x1) | SPI size: 0 (0x0) | Notify Message Type: INVALID_ID_INFORMATION (0x12) | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Notification Payload (11:ISAKMP_NEXT_N) | next payload chain: saving location 'ISAKMP Notification Payload'.'next payload type' in 'notification msg' | emitting length of ISAKMP Notification Payload: 12 | send notification HASH(1): | 08 43 f3 2d 09 3e af 73 61 f0 17 66 e1 6e a6 de | 12 13 b8 fd a6 12 84 2c 44 87 4d 16 7e 00 f9 72 | no IKEv1 message padding required | emitting length of ISAKMP Message: 76 | sending 76 bytes for notification packet through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #1) | 02 18 69 f8 01 00 7e 07 e4 b3 2c e9 b6 da 95 3d | 08 10 05 01 45 0f 98 53 00 00 00 4c 31 7d e2 53 | 97 0a f2 72 5e 36 ec 9c 27 de e3 db c9 2a 88 97 | 33 04 24 a8 19 14 c6 81 1c db 21 fe 21 e5 fb da | c7 5c 95 5d 0f df 25 c9 5b ca b3 e1 | state transition function for STATE_MAIN_R2 failed: INVALID_ID_INFORMATION | #1 spent 1.05 milliseconds in process_packet_tail() | updated IKE fragment state to respond using fragments without waiting for re-transmits | stop processing: from 192.1.2.45:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 1.25 milliseconds in comm_handle_cb() reading and processing packet | timer_event_cb: processing event@0x55e900762478 | handling event EVENT_RETRANSMIT for parent state #1 | start processing: state #1 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in timer_event_cb() at timer.c:250) | IKEv1 retransmit event | [RE]START processing: state #1 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in retransmit_v1_msg() at retry.c:61) | handling event EVENT_RETRANSMIT for 192.1.2.45 "westnet-eastnet-x509-cr" #1 keying attempt 0 of 0; retransmit 3 | retransmits: current time 29787.904817; retransmit count 2 exceeds limit? NO; deltatime 2 exceeds limit? NO; monotime 2.007024 exceeds limit? NO | event_schedule: new EVENT_RETRANSMIT-pe@0x55e900760a98 | inserting event EVENT_RETRANSMIT, timeout in 2 seconds for #1 | libevent_malloc: new ptr-libevent@0x55e90077c7a8 size 128 "westnet-eastnet-x509-cr" #1: STATE_MAIN_R2: retransmission; will wait 2 seconds for response | sending 396 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #1) | 02 18 69 f8 01 00 7e 07 e4 b3 2c e9 b6 da 95 3d | 04 10 02 00 00 00 00 00 00 00 01 8c 0a 00 01 04 | 74 47 b6 8d bb 6e c9 74 8d db 76 e7 a1 6b 55 6f | 9d 4c e4 6d 94 71 b8 86 d5 eb e4 76 25 c7 33 f3 | a0 26 1b c5 27 90 44 3d c9 79 c3 84 de fe 6b 71 | 3a 2a 6e 97 18 37 40 76 d9 03 33 08 70 f3 61 e6 | ec 94 25 1d 9a aa ca 71 c3 8b f9 72 5f 27 0e 1c | 50 c4 fd e7 dd 71 bb 3e 43 5f fb da 23 da 48 3e | e8 3c 92 41 ee ba 74 0b 97 c9 5e 42 3a 56 fc 5f | 2c a2 2f ad 31 aa b4 72 ee d3 bc 8b cf 31 c0 3f | 20 87 2c 89 5e 86 8a e7 85 3f 80 e6 7b ea 80 f7 | e7 71 a7 f6 62 75 fe a6 f6 2f c3 d3 64 af 1e 33 | ee ea 25 63 7f 95 57 36 86 d8 2e aa 44 c1 c6 7c | 93 28 2f 30 b9 c5 39 7e 56 10 0a 46 49 91 bd 22 | 2c d5 2b dc b5 4a f5 75 ac e7 57 bb d5 e2 e4 7b | b4 99 bc cc c2 12 64 6b f2 f1 66 2f 32 63 51 72 | 48 35 eb ee ec 68 2d ab 6f 98 29 6f 69 51 c7 21 | c4 ec a1 b0 e7 73 c6 d3 35 3c 89 e8 ab 26 20 bd | 14 00 00 24 de 13 d0 34 96 1d f6 0c 44 3c 9c 37 | c5 00 04 79 b1 50 24 5b 4d 2e 1a 00 d2 38 f9 78 | d6 ed 5d 38 14 00 00 24 57 31 c8 65 c2 6d 9b 46 | 8e 9f 7a 9d 16 a9 f6 c3 63 11 e5 b3 91 41 9c 0a | ef 8f 9d 08 6d aa f4 89 00 00 00 24 65 b0 e1 12 | a1 66 9e 7c e7 f8 86 fa 67 90 fb 05 a9 2a c6 15 | c3 50 5d 4e 06 13 48 05 4d 9e b1 e4 | libevent_free: release ptr-libevent@0x55e900762ea8 | free_event_entry: release EVENT_RETRANSMIT-pe@0x55e900762478 | #1 spent 0.0816 milliseconds in timer_event_cb() EVENT_RETRANSMIT | stop processing: state #1 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in timer_event_cb() at timer.c:557) | spent 0.00322 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 532 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 02 18 69 f8 01 00 7e 07 e4 b3 2c e9 b6 da 95 3d | 84 10 02 00 00 00 00 00 00 00 02 14 00 00 01 f8 | 00 01 01 00 02 18 69 f8 01 00 7e 07 e4 b3 2c e9 | b6 da 95 3d 05 10 02 01 00 00 00 00 00 00 08 0c | 5b cf c5 b9 78 2b 82 71 f5 8c cb 56 ec 6b a8 06 | c6 cb ca cb b5 06 dd f9 fd 0c f6 ba 03 37 a9 92 | c9 8b 71 a9 1b 7e 1f c1 dc 45 d4 f1 91 4d f8 93 | ee 67 8e ed 0d 00 d9 1d 9b 43 38 18 31 6a a4 e5 | 32 47 7b f5 48 b6 28 60 79 58 57 01 b9 ed cf 21 | 86 9b 7a 08 77 1c 0a 60 55 a5 e5 43 51 96 3b a6 | 3e 1c 52 c3 c1 cf cd 79 fa 37 b5 d6 21 d1 fb 70 | d7 f4 c3 74 e5 c4 38 88 6e f7 80 08 f4 e3 5f f7 | 49 75 65 11 07 5d dd be e6 76 d3 4e bd a0 35 7c | ce 80 1c c3 ae c5 b2 1d 62 c1 bd 7a 14 c0 6a 5d | fb 17 08 7a b0 28 48 68 d5 8e 3d 38 a7 48 b3 66 | 98 8a 02 e7 16 7c 7f 3d b1 db 32 7a b4 32 c5 31 | dd a1 3b 8a 6e 18 8e ff 38 85 c9 9b 5c 7f 60 da | 58 b6 5a 4c e2 15 c0 d6 92 df f1 43 fe d3 a5 f1 | 0b e5 8f 9b ec 5c 27 b3 80 25 6b 84 e6 e9 13 86 | ff 17 a2 1c a7 37 28 a8 e3 55 d3 b5 9f 74 8c f5 | 90 2e 4f 0b 0f 31 b1 da 1e 56 7d 95 fc 97 eb be | 57 f3 8d a8 3a f8 00 1a 47 e5 74 45 fc b6 a4 ea | 32 46 b8 db 21 db e3 e4 c3 35 db 0f bc 4c ac 22 | 5c 33 fb 58 0d 8b 05 ec a8 2b e5 c7 46 86 dd 36 | 75 7b 33 db 49 c9 f0 60 e7 b7 77 2e 45 7f f5 9a | cf 58 76 f3 52 14 00 ef 1e ed 17 a2 af f9 51 72 | 4e 2b 95 61 76 91 0d 75 59 35 73 0d 4f 02 50 82 | 75 b0 f0 6a ff 90 4e 9a ec 4f 36 90 0f 9d 6d 30 | 58 ac 9a c0 c4 5d 2b e3 3e 21 c9 76 4f 28 74 04 | e3 c3 fb 67 87 55 16 f6 82 a7 8a 47 3b 37 84 68 | 97 ed a4 8f 88 f1 36 e5 d0 b5 de 32 cc f9 fb 15 | 5b a1 2b 56 6d 51 3f bc 1b cd d2 20 c1 b6 ea 41 | 70 15 32 39 3b f3 cc 5e af db 9d 3a 99 64 ea cd | 26 3a 1f 52 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 02 18 69 f8 01 00 7e 07 | responder cookie: | e4 b3 2c e9 b6 da 95 3d | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 532 (0x214) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) | start processing: state #1 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_v1_packet() at ikev1.c:1459) | ***parse ISAKMP IKE Fragment Payload: | length: 504 (0x1f8) | fragment id: 1 (0x1) | fragment number: 1 (0x1) | flags: 0 (0x0) | received IKE fragment id '1', number '1' | stop processing: from 192.1.2.45:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.134 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00165 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 532 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 02 18 69 f8 01 00 7e 07 e4 b3 2c e9 b6 da 95 3d | 84 10 02 00 00 00 00 00 00 00 02 14 00 00 01 f8 | 00 01 02 00 6d c2 9f 50 ef a0 47 62 7d cc d9 b9 | 92 03 0d e9 0d b0 ad 4f 53 45 a0 4c 7f ba 12 f3 | 8d d7 5c 10 4a 68 a8 a0 e6 1d 6c 71 58 a4 e9 d3 | db de 79 13 34 1c ce 5b 86 e6 8a b0 44 5d ba 23 | 32 ed 4e e1 df 58 ca 47 f3 34 b9 f1 c8 71 76 4d | 20 d0 48 62 03 05 3c 86 42 11 0e 3b 32 78 ee ad | ac ae 28 12 fd ea db 6f bb 28 b7 7d 20 85 db 86 | 37 03 41 5a 5e f1 77 b4 91 46 4c 04 fb c5 8a 1e | 54 b0 6b c0 6a 4e 0b 50 da 48 02 5e 76 b4 1a 2f | 5d 40 b3 0b a3 0c db 49 fa f2 69 23 5c f7 78 0f | dd 54 5d 04 1c c8 ab 37 d3 ce c2 ec 82 c5 1d f3 | 76 58 09 dc 6e a7 e5 dd 23 13 84 b3 27 90 9b fa | cf 1c 88 d9 47 62 d0 25 52 a3 87 24 ca 52 9c 89 | 13 5b 8b 8a 5d 65 23 a7 c7 4f c3 f6 e3 4f 5e 62 | b9 6f d1 42 ab ef 0a e1 af 5c ee fc 03 39 c0 98 | 90 1a c5 69 09 45 ca 3a 30 5f c9 62 75 74 59 68 | 4c e5 bf 3a a0 c3 4a 25 43 01 21 94 a2 1f 86 7a | 08 c6 fe d9 85 a1 d2 6d d9 e5 32 2c a9 13 45 43 | d6 ea 49 e5 22 16 5a 2d 88 30 b6 3c 45 1d 72 93 | 94 83 0e db c9 f1 6e 06 eb 44 29 30 52 4d 1c 8b | 9f ff cf e8 62 66 0e 95 73 a3 41 5e 1b 68 97 8f | dd d7 c3 66 b8 13 e3 e9 98 0a 52 ae a6 ff 11 21 | 20 3e ae 59 fc c2 97 12 22 e0 ae 5e 31 08 fa 64 | d4 7d 18 52 7c 45 d8 73 d2 8d e6 9d a6 14 24 b7 | 00 0b 67 eb c9 fb ae 87 bd d1 49 11 36 a0 51 5c | 54 b9 30 fe 8a 1e 2f b7 dc d7 0d 02 d3 41 54 25 | cc 4c d1 a6 b9 74 b9 8f 8f d6 b8 8a dd 5e 99 48 | c9 2c 57 b7 5a 1c 4a bd f5 3f be be 35 a6 29 e3 | 05 f0 70 ed 1a b3 68 ec de e9 54 38 2a 2c 1a 3c | 65 d0 e1 f1 9e 2e 74 f1 ab 43 97 d7 9b e0 4b 8a | 47 22 e5 b3 1c 32 00 65 36 d6 b2 59 b2 a4 a6 7e | 04 f4 05 f5 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 02 18 69 f8 01 00 7e 07 | responder cookie: | e4 b3 2c e9 b6 da 95 3d | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 532 (0x214) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) | start processing: state #1 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_v1_packet() at ikev1.c:1459) | ***parse ISAKMP IKE Fragment Payload: | length: 504 (0x1f8) | fragment id: 1 (0x1) | fragment number: 2 (0x2) | flags: 0 (0x0) | received IKE fragment id '1', number '2' | stop processing: from 192.1.2.45:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.12 milliseconds in comm_handle_cb() reading and processing packet | spent 0.0016 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 532 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 02 18 69 f8 01 00 7e 07 e4 b3 2c e9 b6 da 95 3d | 84 10 02 00 00 00 00 00 00 00 02 14 00 00 01 f8 | 00 01 03 00 c7 ff 62 c3 72 c0 82 58 8b d0 a7 cd | 00 2e f6 01 3f 04 32 07 4d 38 85 18 92 cf 86 a1 | 60 3f 6c 01 56 80 aa b4 ec 73 79 2a 34 77 a4 aa | ca 7d b7 f5 a7 cc ad a8 90 a8 28 c3 e1 5b 3f ea | 47 b4 f1 f5 35 59 57 5c 8f 2b 19 76 18 9e d7 c6 | a7 e9 5b 7f e7 dc 9c 7b cf f3 a7 15 03 78 6f 8c | 18 5c 39 9c 27 80 27 d4 60 c2 35 9c 13 5d 5c c8 | c0 ca 1e b4 2e 09 46 44 0d d0 6a b7 72 48 19 10 | a0 6a 02 1c 9c ec 9d 54 6e 08 03 a9 bc cc c3 4f | aa 7c 91 2a cb 18 dd d5 66 6a 39 2a fe 05 81 b5 | 42 d0 e3 7a a6 59 39 3f 0a 39 7f 7a 76 cb fd 73 | 0b 5e 57 87 30 1c a0 8b ab 0d 95 01 be b2 a3 58 | b2 8b ac 25 64 8d a5 d6 d4 77 f0 ba fa f3 26 81 | af a2 ab a0 c3 33 b4 6f 76 54 f0 57 00 40 ac ec | a1 c1 52 3a 7c 89 18 84 91 df 4d 8a f7 29 c8 1c | 99 1d cd 72 ea 34 84 22 11 12 c7 0f 16 3f f3 ba | 0a 85 ca cd 34 a4 f5 a6 b7 f8 53 86 3c 52 fd b1 | 9b 57 e7 85 97 93 4b 25 69 04 02 52 5d 8c f9 cf | ce 7d 85 08 6c fa ea 59 77 e5 cd ba 9d 91 5c 06 | 43 6b b5 a0 37 88 cd 25 5c 3f d1 64 78 93 78 e8 | 3e df e8 af 33 a3 5c 45 b8 ff 23 a7 cf d9 3c ff | b4 21 51 2a 31 23 06 43 3b 3c 23 48 84 13 f9 a5 | 59 cb a0 1e 35 f6 e6 86 9b 18 8d b9 9c a7 7c 87 | 9e d4 2f d8 0b b1 ce 96 55 94 62 c0 35 8f 1f 37 | a4 b3 8a 0d b4 9a 6e 9d 6c cd d3 92 50 91 42 4f | 53 b1 9c 18 80 45 03 60 21 ce eb cc 8a 8e 6d 1a | d5 f6 4e b5 4a dd b9 0c 93 26 74 4b 67 18 00 2e | 77 d1 2b 59 40 f3 6e 6e fa 03 62 bb 8d 05 2b 6f | 58 95 88 8f 88 e6 7e 6b 3e 71 20 fe 85 ca bf a0 | e1 86 50 bb 72 a0 f0 4b f2 42 cb f6 d5 c4 dc b2 | c1 ca 92 5e 2d bb 1e ef 5e fb ab d7 be 4b 9f 2e | eb 39 ed 3b | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 02 18 69 f8 01 00 7e 07 | responder cookie: | e4 b3 2c e9 b6 da 95 3d | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 532 (0x214) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) | start processing: state #1 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_v1_packet() at ikev1.c:1459) | ***parse ISAKMP IKE Fragment Payload: | length: 504 (0x1f8) | fragment id: 1 (0x1) | fragment number: 3 (0x3) | flags: 0 (0x0) | received IKE fragment id '1', number '3' | stop processing: from 192.1.2.45:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.113 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00131 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 532 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 02 18 69 f8 01 00 7e 07 e4 b3 2c e9 b6 da 95 3d | 84 10 02 00 00 00 00 00 00 00 02 14 00 00 01 f8 | 00 01 04 00 03 b4 2b e9 a9 12 da 5a b1 8e ea a5 | 16 a1 54 d2 c2 79 58 19 4b 67 5f a5 95 c8 6f 5f | b2 21 16 f6 98 06 be a1 47 c7 ff f0 5f dd bc f5 | b6 33 fd cf 98 27 c0 ce 15 34 e7 66 d5 e7 79 22 | 74 60 61 14 39 15 e0 45 1b 7a d5 55 6b 09 1c e2 | 66 a5 e5 fd 8a 22 c1 c0 05 3f 11 73 d7 d2 51 dc | 0d eb 25 7f 8b d5 68 e1 e6 72 4d 23 59 4f 2d ab | 06 bb 19 c8 a3 08 16 92 75 90 c3 55 b2 41 91 43 | 12 41 b1 1b 59 56 30 f6 ae c4 05 7b 4a 0c 50 ca | 07 f4 4d d7 a3 a5 ee e8 49 b0 36 bd 57 f7 85 66 | 98 7e 1b 4e 04 65 52 41 7e 7a cb d3 a3 0b ab 67 | 05 de 36 42 f0 02 64 bc 08 70 46 f2 d1 f4 4f 7c | 33 78 5b ea 63 75 49 ad 05 84 38 68 c7 5c be 0b | 07 3e cb 9c 7a 5b c4 8d 96 9e 5a 1d 7c 80 af 99 | d5 d1 9d 09 6b b9 94 1a 59 fe b9 e7 4c cb 39 ba | 51 c4 6c 45 80 be 01 31 28 39 5a 58 a8 4f 9d 34 | 65 ed ba 7c 3b c5 f0 9c 98 0d 88 f5 b0 ac bb 6f | df 39 e8 e8 40 e2 fc e6 1f ab 68 cb ca ab 37 dd | 18 3d a6 df 34 2a 90 15 fa 1e 5d a5 66 95 c2 68 | 58 ac 83 7b ea 44 f5 75 cc 86 c0 1a 4a 46 5d 59 | 74 75 92 cc 11 d0 f3 08 81 f5 e0 68 4c 91 ef 6d | 6d 06 0e c6 aa a7 8f 67 69 1b 6a d9 69 56 9a 2e | a0 ff 45 c7 45 e7 f5 a5 3b a4 55 99 9f 46 05 49 | 95 f2 5e 1b 92 c9 dc 3d b4 36 75 fa 19 cb 73 ef | e8 ec 05 81 a1 36 fa 3b 81 81 ac 16 67 3b e0 1c | c7 a7 ea 8a 94 77 c1 aa 0c 3c 76 f2 a0 5a a2 7d | 5b 8d 55 3e de ea f0 eb 38 c9 64 1d 60 18 00 36 | 05 e6 20 6f 92 c2 bc d0 99 3b 48 17 73 38 7b fd | 56 58 f9 d1 2a e7 84 12 66 e0 2c bb a5 e9 d8 66 | 10 0c 2a 59 66 d6 e0 8c 60 45 ac ed 35 16 4e 0f | f0 96 b7 d3 fb 0a cb 6b 48 82 fc a0 e4 c7 da 8f | 84 51 7b d0 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 02 18 69 f8 01 00 7e 07 | responder cookie: | e4 b3 2c e9 b6 da 95 3d | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 532 (0x214) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) | start processing: state #1 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_v1_packet() at ikev1.c:1459) | ***parse ISAKMP IKE Fragment Payload: | length: 504 (0x1f8) | fragment id: 1 (0x1) | fragment number: 4 (0x4) | flags: 0 (0x0) | received IKE fragment id '1', number '4' | stop processing: from 192.1.2.45:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.115 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00153 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 112 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 02 18 69 f8 01 00 7e 07 e4 b3 2c e9 b6 da 95 3d | 84 10 02 00 00 00 00 00 00 00 00 70 00 00 00 54 | 00 01 05 01 5c e7 a9 6d 43 20 ae 8a 5c 6e d4 71 | c1 7a 6d a7 23 82 f0 2e d9 b3 d1 ad 0a 43 3d 20 | 85 84 5c f6 24 17 75 ed 08 7d 90 26 41 57 e5 26 | 7d f0 bb 2b f7 f7 ac 0d da 50 d6 92 fd 3a e7 84 | 79 6b 83 91 60 8a 42 e0 46 99 2f 3b 39 ba 10 15 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 02 18 69 f8 01 00 7e 07 | responder cookie: | e4 b3 2c e9 b6 da 95 3d | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 112 (0x70) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) | start processing: state #1 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_v1_packet() at ikev1.c:1459) | ***parse ISAKMP IKE Fragment Payload: | length: 84 (0x54) | fragment id: 1 (0x1) | fragment number: 5 (0x5) | flags: 1 (0x1) | received IKE fragment id '1', number '5'(last) | **parse ISAKMP Message: | initiator cookie: | 02 18 69 f8 01 00 7e 07 | responder cookie: | e4 b3 2c e9 b6 da 95 3d | next payload type: ISAKMP_NEXT_ID (0x5) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 0 (0x0) | length: 2060 (0x80c) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) | [RE]START processing: state #1 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_v1_packet() at ikev1.c:1459) | #1 is idle | #1 idle | received encrypted packet from 192.1.2.45:500 | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x220 opt: 0x20c0 | ***parse ISAKMP Identification Payload: | next payload type: ISAKMP_NEXT_CERT (0x6) | length: 191 (0xbf) | ID type: ID_DER_ASN1_DN (0x9) | DOI specific A: 0 (0x0) | DOI specific B: 0 (0x0) | obj: 30 81 b4 31 0b 30 09 06 03 55 04 06 13 02 43 41 | obj: 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 | obj: 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 | obj: 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c | obj: 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 | obj: 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 | obj: 6e 74 31 23 30 21 06 03 55 04 03 0c 1a 77 65 73 | obj: 74 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 | obj: 77 61 6e 2e 6f 72 67 31 2e 30 2c 06 09 2a 86 48 | obj: 86 f7 0d 01 09 01 16 1f 75 73 65 72 2d 77 65 73 | obj: 74 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 | obj: 77 61 6e 2e 6f 72 67 | got payload 0x40 (ISAKMP_NEXT_CERT) needed: 0x200 opt: 0x20c0 | ***parse ISAKMP Certificate Payload: | next payload type: ISAKMP_NEXT_CR (0x7) | length: 1265 (0x4f1) | cert encoding: CERT_X509_SIGNATURE (0x4) | got payload 0x80 (ISAKMP_NEXT_CR) needed: 0x200 opt: 0x20c0 | ***parse ISAKMP Certificate RequestPayload: | next payload type: ISAKMP_NEXT_SIG (0x9) | length: 180 (0xb4) | cert type: CERT_X509_SIGNATURE (0x4) | got payload 0x200 (ISAKMP_NEXT_SIG) needed: 0x200 opt: 0x20c0 | ***parse ISAKMP Signature Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 388 (0x184) | removing 8 bytes of padding | message 'main_inI3_outR3' HASH payload not checked early | DER ASN1 DN: 30 81 b4 31 0b 30 09 06 03 55 04 06 13 02 43 41 | DER ASN1 DN: 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 | DER ASN1 DN: 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 | DER ASN1 DN: 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c | DER ASN1 DN: 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 | DER ASN1 DN: 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 | DER ASN1 DN: 6e 74 31 23 30 21 06 03 55 04 03 0c 1a 77 65 73 | DER ASN1 DN: 74 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 | DER ASN1 DN: 77 61 6e 2e 6f 72 67 31 2e 30 2c 06 09 2a 86 48 | DER ASN1 DN: 86 f7 0d 01 09 01 16 1f 75 73 65 72 2d 77 65 73 | DER ASN1 DN: 74 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 | DER ASN1 DN: 77 61 6e 2e 6f 72 67 "westnet-eastnet-x509-cr" #1: Peer ID is ID_DER_ASN1_DN: 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west.testing.libreswan.org, E=user-west@testing.libreswan.org' | global one-shot timer EVENT_FREE_ROOT_CERTS scheduled in 300 seconds | #1 spent 0.00482 milliseconds in find_and_verify_certs() calling get_root_certs() | checking for known CERT payloads | saving certificate of type 'X509_SIGNATURE' | decoded cert: E=user-west@testing.libreswan.org,CN=west.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA | #1 spent 0.274 milliseconds in find_and_verify_certs() calling decode_cert_payloads() | cert_issuer_has_current_crl: looking for a CRL issued by E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA | #1 spent 0.0388 milliseconds in find_and_verify_certs() calling crl_update_check() | missing or expired CRL | crl_strict: 0, ocsp: 0, ocsp_strict: 0, ocsp_post: 0 | verify_end_cert trying profile IPsec "westnet-eastnet-x509-cr" #1: Certificate E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA failed IPsec verification "westnet-eastnet-x509-cr" #1: ERROR: The certificate was signed using a signature algorithm that is disabled because it is not secure. | #1 spent 0.383 milliseconds in find_and_verify_certs() calling verify_end_cert() "westnet-eastnet-x509-cr" #1: X509: Certificate rejected for this connection "westnet-eastnet-x509-cr" #1: X509: CERT payload bogus or revoked | Peer ID failed to decode | complete v1 state transition with INVALID_ID_INFORMATION | [RE]START processing: state #1 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in complete_v1_state_transition() at ikev1.c:2673) | #1 is idle "westnet-eastnet-x509-cr" #1: sending encrypted notification INVALID_ID_INFORMATION to 192.1.2.45:500 | **emit ISAKMP Message: | initiator cookie: | 02 18 69 f8 01 00 7e 07 | responder cookie: | e4 b3 2c e9 b6 da 95 3d | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_INFO (0x5) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 4074521488 (0xf2dc4390) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'notification msg' | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload | emitting length of ISAKMP Hash Payload: 36 | ***emit ISAKMP Notification Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | DOI: ISAKMP_DOI_IPSEC (0x1) | protocol ID: 1 (0x1) | SPI size: 0 (0x0) | Notify Message Type: INVALID_ID_INFORMATION (0x12) | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Notification Payload (11:ISAKMP_NEXT_N) | next payload chain: saving location 'ISAKMP Notification Payload'.'next payload type' in 'notification msg' | emitting length of ISAKMP Notification Payload: 12 | send notification HASH(1): | 7d 3d f8 81 d9 21 b5 3e 3b 15 3c b0 74 2d 45 76 | 79 f6 03 d0 c7 fb 3b d0 8d 30 32 6f 3b 7a 41 fc | no IKEv1 message padding required | emitting length of ISAKMP Message: 76 | sending 76 bytes for notification packet through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #1) | 02 18 69 f8 01 00 7e 07 e4 b3 2c e9 b6 da 95 3d | 08 10 05 01 f2 dc 43 90 00 00 00 4c 5a 5a 6b bf | df 90 fa 18 e0 96 7d 1a a0 e3 2f 00 56 be 9a e1 | 95 76 7b ba 4f 9e 8a 7f 89 4d 83 6c ce cd 3c bd | a7 33 3b b3 22 e7 6c 7c 2e 31 05 d2 | state transition function for STATE_MAIN_R2 failed: INVALID_ID_INFORMATION | #1 spent 1.39 milliseconds in process_packet_tail() | updated IKE fragment state to respond using fragments without waiting for re-transmits | stop processing: from 192.1.2.45:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 1.6 milliseconds in comm_handle_cb() reading and processing packet | timer_event_cb: processing event@0x55e900760a98 | handling event EVENT_RETRANSMIT for parent state #1 | start processing: state #1 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in timer_event_cb() at timer.c:250) | IKEv1 retransmit event | [RE]START processing: state #1 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in retransmit_v1_msg() at retry.c:61) | handling event EVENT_RETRANSMIT for 192.1.2.45 "westnet-eastnet-x509-cr" #1 keying attempt 0 of 0; retransmit 4 | retransmits: current time 29789.908415; retransmit count 3 exceeds limit? NO; deltatime 4 exceeds limit? NO; monotime 4.010622 exceeds limit? NO | event_schedule: new EVENT_RETRANSMIT-pe@0x55e900762478 | inserting event EVENT_RETRANSMIT, timeout in 4 seconds for #1 | libevent_malloc: new ptr-libevent@0x55e900762ea8 size 128 "westnet-eastnet-x509-cr" #1: STATE_MAIN_R2: retransmission; will wait 4 seconds for response | sending 396 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #1) | 02 18 69 f8 01 00 7e 07 e4 b3 2c e9 b6 da 95 3d | 04 10 02 00 00 00 00 00 00 00 01 8c 0a 00 01 04 | 74 47 b6 8d bb 6e c9 74 8d db 76 e7 a1 6b 55 6f | 9d 4c e4 6d 94 71 b8 86 d5 eb e4 76 25 c7 33 f3 | a0 26 1b c5 27 90 44 3d c9 79 c3 84 de fe 6b 71 | 3a 2a 6e 97 18 37 40 76 d9 03 33 08 70 f3 61 e6 | ec 94 25 1d 9a aa ca 71 c3 8b f9 72 5f 27 0e 1c | 50 c4 fd e7 dd 71 bb 3e 43 5f fb da 23 da 48 3e | e8 3c 92 41 ee ba 74 0b 97 c9 5e 42 3a 56 fc 5f | 2c a2 2f ad 31 aa b4 72 ee d3 bc 8b cf 31 c0 3f | 20 87 2c 89 5e 86 8a e7 85 3f 80 e6 7b ea 80 f7 | e7 71 a7 f6 62 75 fe a6 f6 2f c3 d3 64 af 1e 33 | ee ea 25 63 7f 95 57 36 86 d8 2e aa 44 c1 c6 7c | 93 28 2f 30 b9 c5 39 7e 56 10 0a 46 49 91 bd 22 | 2c d5 2b dc b5 4a f5 75 ac e7 57 bb d5 e2 e4 7b | b4 99 bc cc c2 12 64 6b f2 f1 66 2f 32 63 51 72 | 48 35 eb ee ec 68 2d ab 6f 98 29 6f 69 51 c7 21 | c4 ec a1 b0 e7 73 c6 d3 35 3c 89 e8 ab 26 20 bd | 14 00 00 24 de 13 d0 34 96 1d f6 0c 44 3c 9c 37 | c5 00 04 79 b1 50 24 5b 4d 2e 1a 00 d2 38 f9 78 | d6 ed 5d 38 14 00 00 24 57 31 c8 65 c2 6d 9b 46 | 8e 9f 7a 9d 16 a9 f6 c3 63 11 e5 b3 91 41 9c 0a | ef 8f 9d 08 6d aa f4 89 00 00 00 24 65 b0 e1 12 | a1 66 9e 7c e7 f8 86 fa 67 90 fb 05 a9 2a c6 15 | c3 50 5d 4e 06 13 48 05 4d 9e b1 e4 | libevent_free: release ptr-libevent@0x55e90077c7a8 | free_event_entry: release EVENT_RETRANSMIT-pe@0x55e900760a98 | #1 spent 0.131 milliseconds in timer_event_cb() EVENT_RETRANSMIT | stop processing: state #1 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in timer_event_cb() at timer.c:557) | spent 0.00322 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 532 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 02 18 69 f8 01 00 7e 07 e4 b3 2c e9 b6 da 95 3d | 84 10 02 00 00 00 00 00 00 00 02 14 00 00 01 f8 | 00 01 01 00 02 18 69 f8 01 00 7e 07 e4 b3 2c e9 | b6 da 95 3d 05 10 02 01 00 00 00 00 00 00 08 0c | 5b cf c5 b9 78 2b 82 71 f5 8c cb 56 ec 6b a8 06 | c6 cb ca cb b5 06 dd f9 fd 0c f6 ba 03 37 a9 92 | c9 8b 71 a9 1b 7e 1f c1 dc 45 d4 f1 91 4d f8 93 | ee 67 8e ed 0d 00 d9 1d 9b 43 38 18 31 6a a4 e5 | 32 47 7b f5 48 b6 28 60 79 58 57 01 b9 ed cf 21 | 86 9b 7a 08 77 1c 0a 60 55 a5 e5 43 51 96 3b a6 | 3e 1c 52 c3 c1 cf cd 79 fa 37 b5 d6 21 d1 fb 70 | d7 f4 c3 74 e5 c4 38 88 6e f7 80 08 f4 e3 5f f7 | 49 75 65 11 07 5d dd be e6 76 d3 4e bd a0 35 7c | ce 80 1c c3 ae c5 b2 1d 62 c1 bd 7a 14 c0 6a 5d | fb 17 08 7a b0 28 48 68 d5 8e 3d 38 a7 48 b3 66 | 98 8a 02 e7 16 7c 7f 3d b1 db 32 7a b4 32 c5 31 | dd a1 3b 8a 6e 18 8e ff 38 85 c9 9b 5c 7f 60 da | 58 b6 5a 4c e2 15 c0 d6 92 df f1 43 fe d3 a5 f1 | 0b e5 8f 9b ec 5c 27 b3 80 25 6b 84 e6 e9 13 86 | ff 17 a2 1c a7 37 28 a8 e3 55 d3 b5 9f 74 8c f5 | 90 2e 4f 0b 0f 31 b1 da 1e 56 7d 95 fc 97 eb be | 57 f3 8d a8 3a f8 00 1a 47 e5 74 45 fc b6 a4 ea | 32 46 b8 db 21 db e3 e4 c3 35 db 0f bc 4c ac 22 | 5c 33 fb 58 0d 8b 05 ec a8 2b e5 c7 46 86 dd 36 | 75 7b 33 db 49 c9 f0 60 e7 b7 77 2e 45 7f f5 9a | cf 58 76 f3 52 14 00 ef 1e ed 17 a2 af f9 51 72 | 4e 2b 95 61 76 91 0d 75 59 35 73 0d 4f 02 50 82 | 75 b0 f0 6a ff 90 4e 9a ec 4f 36 90 0f 9d 6d 30 | 58 ac 9a c0 c4 5d 2b e3 3e 21 c9 76 4f 28 74 04 | e3 c3 fb 67 87 55 16 f6 82 a7 8a 47 3b 37 84 68 | 97 ed a4 8f 88 f1 36 e5 d0 b5 de 32 cc f9 fb 15 | 5b a1 2b 56 6d 51 3f bc 1b cd d2 20 c1 b6 ea 41 | 70 15 32 39 3b f3 cc 5e af db 9d 3a 99 64 ea cd | 26 3a 1f 52 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 02 18 69 f8 01 00 7e 07 | responder cookie: | e4 b3 2c e9 b6 da 95 3d | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 532 (0x214) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) | start processing: state #1 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_v1_packet() at ikev1.c:1459) | ***parse ISAKMP IKE Fragment Payload: | length: 504 (0x1f8) | fragment id: 1 (0x1) | fragment number: 1 (0x1) | flags: 0 (0x0) | received IKE fragment id '1', number '1' | stop processing: from 192.1.2.45:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.119 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00122 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 532 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 02 18 69 f8 01 00 7e 07 e4 b3 2c e9 b6 da 95 3d | 84 10 02 00 00 00 00 00 00 00 02 14 00 00 01 f8 | 00 01 02 00 6d c2 9f 50 ef a0 47 62 7d cc d9 b9 | 92 03 0d e9 0d b0 ad 4f 53 45 a0 4c 7f ba 12 f3 | 8d d7 5c 10 4a 68 a8 a0 e6 1d 6c 71 58 a4 e9 d3 | db de 79 13 34 1c ce 5b 86 e6 8a b0 44 5d ba 23 | 32 ed 4e e1 df 58 ca 47 f3 34 b9 f1 c8 71 76 4d | 20 d0 48 62 03 05 3c 86 42 11 0e 3b 32 78 ee ad | ac ae 28 12 fd ea db 6f bb 28 b7 7d 20 85 db 86 | 37 03 41 5a 5e f1 77 b4 91 46 4c 04 fb c5 8a 1e | 54 b0 6b c0 6a 4e 0b 50 da 48 02 5e 76 b4 1a 2f | 5d 40 b3 0b a3 0c db 49 fa f2 69 23 5c f7 78 0f | dd 54 5d 04 1c c8 ab 37 d3 ce c2 ec 82 c5 1d f3 | 76 58 09 dc 6e a7 e5 dd 23 13 84 b3 27 90 9b fa | cf 1c 88 d9 47 62 d0 25 52 a3 87 24 ca 52 9c 89 | 13 5b 8b 8a 5d 65 23 a7 c7 4f c3 f6 e3 4f 5e 62 | b9 6f d1 42 ab ef 0a e1 af 5c ee fc 03 39 c0 98 | 90 1a c5 69 09 45 ca 3a 30 5f c9 62 75 74 59 68 | 4c e5 bf 3a a0 c3 4a 25 43 01 21 94 a2 1f 86 7a | 08 c6 fe d9 85 a1 d2 6d d9 e5 32 2c a9 13 45 43 | d6 ea 49 e5 22 16 5a 2d 88 30 b6 3c 45 1d 72 93 | 94 83 0e db c9 f1 6e 06 eb 44 29 30 52 4d 1c 8b | 9f ff cf e8 62 66 0e 95 73 a3 41 5e 1b 68 97 8f | dd d7 c3 66 b8 13 e3 e9 98 0a 52 ae a6 ff 11 21 | 20 3e ae 59 fc c2 97 12 22 e0 ae 5e 31 08 fa 64 | d4 7d 18 52 7c 45 d8 73 d2 8d e6 9d a6 14 24 b7 | 00 0b 67 eb c9 fb ae 87 bd d1 49 11 36 a0 51 5c | 54 b9 30 fe 8a 1e 2f b7 dc d7 0d 02 d3 41 54 25 | cc 4c d1 a6 b9 74 b9 8f 8f d6 b8 8a dd 5e 99 48 | c9 2c 57 b7 5a 1c 4a bd f5 3f be be 35 a6 29 e3 | 05 f0 70 ed 1a b3 68 ec de e9 54 38 2a 2c 1a 3c | 65 d0 e1 f1 9e 2e 74 f1 ab 43 97 d7 9b e0 4b 8a | 47 22 e5 b3 1c 32 00 65 36 d6 b2 59 b2 a4 a6 7e | 04 f4 05 f5 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 02 18 69 f8 01 00 7e 07 | responder cookie: | e4 b3 2c e9 b6 da 95 3d | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 532 (0x214) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) | start processing: state #1 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_v1_packet() at ikev1.c:1459) | ***parse ISAKMP IKE Fragment Payload: | length: 504 (0x1f8) | fragment id: 1 (0x1) | fragment number: 2 (0x2) | flags: 0 (0x0) | received IKE fragment id '1', number '2' | stop processing: from 192.1.2.45:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.0741 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00105 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 532 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 02 18 69 f8 01 00 7e 07 e4 b3 2c e9 b6 da 95 3d | 84 10 02 00 00 00 00 00 00 00 02 14 00 00 01 f8 | 00 01 03 00 c7 ff 62 c3 72 c0 82 58 8b d0 a7 cd | 00 2e f6 01 3f 04 32 07 4d 38 85 18 92 cf 86 a1 | 60 3f 6c 01 56 80 aa b4 ec 73 79 2a 34 77 a4 aa | ca 7d b7 f5 a7 cc ad a8 90 a8 28 c3 e1 5b 3f ea | 47 b4 f1 f5 35 59 57 5c 8f 2b 19 76 18 9e d7 c6 | a7 e9 5b 7f e7 dc 9c 7b cf f3 a7 15 03 78 6f 8c | 18 5c 39 9c 27 80 27 d4 60 c2 35 9c 13 5d 5c c8 | c0 ca 1e b4 2e 09 46 44 0d d0 6a b7 72 48 19 10 | a0 6a 02 1c 9c ec 9d 54 6e 08 03 a9 bc cc c3 4f | aa 7c 91 2a cb 18 dd d5 66 6a 39 2a fe 05 81 b5 | 42 d0 e3 7a a6 59 39 3f 0a 39 7f 7a 76 cb fd 73 | 0b 5e 57 87 30 1c a0 8b ab 0d 95 01 be b2 a3 58 | b2 8b ac 25 64 8d a5 d6 d4 77 f0 ba fa f3 26 81 | af a2 ab a0 c3 33 b4 6f 76 54 f0 57 00 40 ac ec | a1 c1 52 3a 7c 89 18 84 91 df 4d 8a f7 29 c8 1c | 99 1d cd 72 ea 34 84 22 11 12 c7 0f 16 3f f3 ba | 0a 85 ca cd 34 a4 f5 a6 b7 f8 53 86 3c 52 fd b1 | 9b 57 e7 85 97 93 4b 25 69 04 02 52 5d 8c f9 cf | ce 7d 85 08 6c fa ea 59 77 e5 cd ba 9d 91 5c 06 | 43 6b b5 a0 37 88 cd 25 5c 3f d1 64 78 93 78 e8 | 3e df e8 af 33 a3 5c 45 b8 ff 23 a7 cf d9 3c ff | b4 21 51 2a 31 23 06 43 3b 3c 23 48 84 13 f9 a5 | 59 cb a0 1e 35 f6 e6 86 9b 18 8d b9 9c a7 7c 87 | 9e d4 2f d8 0b b1 ce 96 55 94 62 c0 35 8f 1f 37 | a4 b3 8a 0d b4 9a 6e 9d 6c cd d3 92 50 91 42 4f | 53 b1 9c 18 80 45 03 60 21 ce eb cc 8a 8e 6d 1a | d5 f6 4e b5 4a dd b9 0c 93 26 74 4b 67 18 00 2e | 77 d1 2b 59 40 f3 6e 6e fa 03 62 bb 8d 05 2b 6f | 58 95 88 8f 88 e6 7e 6b 3e 71 20 fe 85 ca bf a0 | e1 86 50 bb 72 a0 f0 4b f2 42 cb f6 d5 c4 dc b2 | c1 ca 92 5e 2d bb 1e ef 5e fb ab d7 be 4b 9f 2e | eb 39 ed 3b | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 02 18 69 f8 01 00 7e 07 | responder cookie: | e4 b3 2c e9 b6 da 95 3d | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 532 (0x214) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) | start processing: state #1 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_v1_packet() at ikev1.c:1459) | ***parse ISAKMP IKE Fragment Payload: | length: 504 (0x1f8) | fragment id: 1 (0x1) | fragment number: 3 (0x3) | flags: 0 (0x0) | received IKE fragment id '1', number '3' | stop processing: from 192.1.2.45:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.0788 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00118 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 532 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 02 18 69 f8 01 00 7e 07 e4 b3 2c e9 b6 da 95 3d | 84 10 02 00 00 00 00 00 00 00 02 14 00 00 01 f8 | 00 01 04 00 03 b4 2b e9 a9 12 da 5a b1 8e ea a5 | 16 a1 54 d2 c2 79 58 19 4b 67 5f a5 95 c8 6f 5f | b2 21 16 f6 98 06 be a1 47 c7 ff f0 5f dd bc f5 | b6 33 fd cf 98 27 c0 ce 15 34 e7 66 d5 e7 79 22 | 74 60 61 14 39 15 e0 45 1b 7a d5 55 6b 09 1c e2 | 66 a5 e5 fd 8a 22 c1 c0 05 3f 11 73 d7 d2 51 dc | 0d eb 25 7f 8b d5 68 e1 e6 72 4d 23 59 4f 2d ab | 06 bb 19 c8 a3 08 16 92 75 90 c3 55 b2 41 91 43 | 12 41 b1 1b 59 56 30 f6 ae c4 05 7b 4a 0c 50 ca | 07 f4 4d d7 a3 a5 ee e8 49 b0 36 bd 57 f7 85 66 | 98 7e 1b 4e 04 65 52 41 7e 7a cb d3 a3 0b ab 67 | 05 de 36 42 f0 02 64 bc 08 70 46 f2 d1 f4 4f 7c | 33 78 5b ea 63 75 49 ad 05 84 38 68 c7 5c be 0b | 07 3e cb 9c 7a 5b c4 8d 96 9e 5a 1d 7c 80 af 99 | d5 d1 9d 09 6b b9 94 1a 59 fe b9 e7 4c cb 39 ba | 51 c4 6c 45 80 be 01 31 28 39 5a 58 a8 4f 9d 34 | 65 ed ba 7c 3b c5 f0 9c 98 0d 88 f5 b0 ac bb 6f | df 39 e8 e8 40 e2 fc e6 1f ab 68 cb ca ab 37 dd | 18 3d a6 df 34 2a 90 15 fa 1e 5d a5 66 95 c2 68 | 58 ac 83 7b ea 44 f5 75 cc 86 c0 1a 4a 46 5d 59 | 74 75 92 cc 11 d0 f3 08 81 f5 e0 68 4c 91 ef 6d | 6d 06 0e c6 aa a7 8f 67 69 1b 6a d9 69 56 9a 2e | a0 ff 45 c7 45 e7 f5 a5 3b a4 55 99 9f 46 05 49 | 95 f2 5e 1b 92 c9 dc 3d b4 36 75 fa 19 cb 73 ef | e8 ec 05 81 a1 36 fa 3b 81 81 ac 16 67 3b e0 1c | c7 a7 ea 8a 94 77 c1 aa 0c 3c 76 f2 a0 5a a2 7d | 5b 8d 55 3e de ea f0 eb 38 c9 64 1d 60 18 00 36 | 05 e6 20 6f 92 c2 bc d0 99 3b 48 17 73 38 7b fd | 56 58 f9 d1 2a e7 84 12 66 e0 2c bb a5 e9 d8 66 | 10 0c 2a 59 66 d6 e0 8c 60 45 ac ed 35 16 4e 0f | f0 96 b7 d3 fb 0a cb 6b 48 82 fc a0 e4 c7 da 8f | 84 51 7b d0 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 02 18 69 f8 01 00 7e 07 | responder cookie: | e4 b3 2c e9 b6 da 95 3d | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 532 (0x214) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) | start processing: state #1 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_v1_packet() at ikev1.c:1459) | ***parse ISAKMP IKE Fragment Payload: | length: 504 (0x1f8) | fragment id: 1 (0x1) | fragment number: 4 (0x4) | flags: 0 (0x0) | received IKE fragment id '1', number '4' | stop processing: from 192.1.2.45:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.0812 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00103 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 112 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 02 18 69 f8 01 00 7e 07 e4 b3 2c e9 b6 da 95 3d | 84 10 02 00 00 00 00 00 00 00 00 70 00 00 00 54 | 00 01 05 01 5c e7 a9 6d 43 20 ae 8a 5c 6e d4 71 | c1 7a 6d a7 23 82 f0 2e d9 b3 d1 ad 0a 43 3d 20 | 85 84 5c f6 24 17 75 ed 08 7d 90 26 41 57 e5 26 | 7d f0 bb 2b f7 f7 ac 0d da 50 d6 92 fd 3a e7 84 | 79 6b 83 91 60 8a 42 e0 46 99 2f 3b 39 ba 10 15 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 02 18 69 f8 01 00 7e 07 | responder cookie: | e4 b3 2c e9 b6 da 95 3d | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 112 (0x70) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) | start processing: state #1 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_v1_packet() at ikev1.c:1459) | ***parse ISAKMP IKE Fragment Payload: | length: 84 (0x54) | fragment id: 1 (0x1) | fragment number: 5 (0x5) | flags: 1 (0x1) | received IKE fragment id '1', number '5'(last) | **parse ISAKMP Message: | initiator cookie: | 02 18 69 f8 01 00 7e 07 | responder cookie: | e4 b3 2c e9 b6 da 95 3d | next payload type: ISAKMP_NEXT_ID (0x5) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 0 (0x0) | length: 2060 (0x80c) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) | [RE]START processing: state #1 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_v1_packet() at ikev1.c:1459) | #1 is idle | #1 idle | received encrypted packet from 192.1.2.45:500 | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x220 opt: 0x20c0 | ***parse ISAKMP Identification Payload: | next payload type: ISAKMP_NEXT_CERT (0x6) | length: 191 (0xbf) | ID type: ID_DER_ASN1_DN (0x9) | DOI specific A: 0 (0x0) | DOI specific B: 0 (0x0) | obj: 30 81 b4 31 0b 30 09 06 03 55 04 06 13 02 43 41 | obj: 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 | obj: 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 | obj: 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c | obj: 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 | obj: 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 | obj: 6e 74 31 23 30 21 06 03 55 04 03 0c 1a 77 65 73 | obj: 74 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 | obj: 77 61 6e 2e 6f 72 67 31 2e 30 2c 06 09 2a 86 48 | obj: 86 f7 0d 01 09 01 16 1f 75 73 65 72 2d 77 65 73 | obj: 74 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 | obj: 77 61 6e 2e 6f 72 67 | got payload 0x40 (ISAKMP_NEXT_CERT) needed: 0x200 opt: 0x20c0 | ***parse ISAKMP Certificate Payload: | next payload type: ISAKMP_NEXT_CR (0x7) | length: 1265 (0x4f1) | cert encoding: CERT_X509_SIGNATURE (0x4) | got payload 0x80 (ISAKMP_NEXT_CR) needed: 0x200 opt: 0x20c0 | ***parse ISAKMP Certificate RequestPayload: | next payload type: ISAKMP_NEXT_SIG (0x9) | length: 180 (0xb4) | cert type: CERT_X509_SIGNATURE (0x4) | got payload 0x200 (ISAKMP_NEXT_SIG) needed: 0x200 opt: 0x20c0 | ***parse ISAKMP Signature Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 388 (0x184) | removing 8 bytes of padding | message 'main_inI3_outR3' HASH payload not checked early | DER ASN1 DN: 30 81 b4 31 0b 30 09 06 03 55 04 06 13 02 43 41 | DER ASN1 DN: 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 | DER ASN1 DN: 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 | DER ASN1 DN: 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c | DER ASN1 DN: 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 | DER ASN1 DN: 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 | DER ASN1 DN: 6e 74 31 23 30 21 06 03 55 04 03 0c 1a 77 65 73 | DER ASN1 DN: 74 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 | DER ASN1 DN: 77 61 6e 2e 6f 72 67 31 2e 30 2c 06 09 2a 86 48 | DER ASN1 DN: 86 f7 0d 01 09 01 16 1f 75 73 65 72 2d 77 65 73 | DER ASN1 DN: 74 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 | DER ASN1 DN: 77 61 6e 2e 6f 72 67 "westnet-eastnet-x509-cr" #1: Peer ID is ID_DER_ASN1_DN: 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west.testing.libreswan.org, E=user-west@testing.libreswan.org' | global one-shot timer EVENT_FREE_ROOT_CERTS scheduled in 300 seconds | #1 spent 0.00332 milliseconds in find_and_verify_certs() calling get_root_certs() | checking for known CERT payloads | saving certificate of type 'X509_SIGNATURE' | decoded cert: E=user-west@testing.libreswan.org,CN=west.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA | #1 spent 0.196 milliseconds in find_and_verify_certs() calling decode_cert_payloads() | cert_issuer_has_current_crl: looking for a CRL issued by E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA | #1 spent 0.0315 milliseconds in find_and_verify_certs() calling crl_update_check() | missing or expired CRL | crl_strict: 0, ocsp: 0, ocsp_strict: 0, ocsp_post: 0 | verify_end_cert trying profile IPsec "westnet-eastnet-x509-cr" #1: Certificate E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA failed IPsec verification "westnet-eastnet-x509-cr" #1: ERROR: The certificate was signed using a signature algorithm that is disabled because it is not secure. | #1 spent 0.263 milliseconds in find_and_verify_certs() calling verify_end_cert() "westnet-eastnet-x509-cr" #1: X509: Certificate rejected for this connection "westnet-eastnet-x509-cr" #1: X509: CERT payload bogus or revoked | Peer ID failed to decode | complete v1 state transition with INVALID_ID_INFORMATION | [RE]START processing: state #1 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in complete_v1_state_transition() at ikev1.c:2673) | #1 is idle "westnet-eastnet-x509-cr" #1: sending encrypted notification INVALID_ID_INFORMATION to 192.1.2.45:500 | **emit ISAKMP Message: | initiator cookie: | 02 18 69 f8 01 00 7e 07 | responder cookie: | e4 b3 2c e9 b6 da 95 3d | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_INFO (0x5) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 3314968938 (0xc596696a) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'notification msg' | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload | emitting length of ISAKMP Hash Payload: 36 | ***emit ISAKMP Notification Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | DOI: ISAKMP_DOI_IPSEC (0x1) | protocol ID: 1 (0x1) | SPI size: 0 (0x0) | Notify Message Type: INVALID_ID_INFORMATION (0x12) | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Notification Payload (11:ISAKMP_NEXT_N) | next payload chain: saving location 'ISAKMP Notification Payload'.'next payload type' in 'notification msg' | emitting length of ISAKMP Notification Payload: 12 | send notification HASH(1): | a7 62 ff 79 22 31 4a b0 71 d1 a4 4b 0d 36 68 67 | 28 60 39 10 a0 95 a5 52 75 87 7a 1f 76 f0 41 0d | no IKEv1 message padding required | emitting length of ISAKMP Message: 76 | sending 76 bytes for notification packet through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #1) | 02 18 69 f8 01 00 7e 07 e4 b3 2c e9 b6 da 95 3d | 08 10 05 01 c5 96 69 6a 00 00 00 4c 32 d4 9b f1 | 80 56 05 51 ce c0 2f 74 07 27 15 7c 72 0d b4 46 | 5f 81 3d aa 7e a2 d9 21 80 a7 58 31 1c 3a dc eb | 0c 57 65 f7 b2 49 48 08 e9 a6 33 7a | state transition function for STATE_MAIN_R2 failed: INVALID_ID_INFORMATION | #1 spent 0.965 milliseconds in process_packet_tail() | updated IKE fragment state to respond using fragments without waiting for re-transmits | stop processing: from 192.1.2.45:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 1.1 milliseconds in comm_handle_cb() reading and processing packet | timer_event_cb: processing event@0x55e900762478 | handling event EVENT_RETRANSMIT for parent state #1 | start processing: state #1 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in timer_event_cb() at timer.c:250) | IKEv1 retransmit event | [RE]START processing: state #1 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in retransmit_v1_msg() at retry.c:61) | handling event EVENT_RETRANSMIT for 192.1.2.45 "westnet-eastnet-x509-cr" #1 keying attempt 0 of 0; retransmit 5 | retransmits: current time 29793.910612; retransmit count 4 exceeds limit? NO; deltatime 8 exceeds limit? NO; monotime 8.012819 exceeds limit? NO | event_schedule: new EVENT_RETRANSMIT-pe@0x55e900760a98 | inserting event EVENT_RETRANSMIT, timeout in 8 seconds for #1 | libevent_malloc: new ptr-libevent@0x55e90077c7a8 size 128 "westnet-eastnet-x509-cr" #1: STATE_MAIN_R2: retransmission; will wait 8 seconds for response | sending 396 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #1) | 02 18 69 f8 01 00 7e 07 e4 b3 2c e9 b6 da 95 3d | 04 10 02 00 00 00 00 00 00 00 01 8c 0a 00 01 04 | 74 47 b6 8d bb 6e c9 74 8d db 76 e7 a1 6b 55 6f | 9d 4c e4 6d 94 71 b8 86 d5 eb e4 76 25 c7 33 f3 | a0 26 1b c5 27 90 44 3d c9 79 c3 84 de fe 6b 71 | 3a 2a 6e 97 18 37 40 76 d9 03 33 08 70 f3 61 e6 | ec 94 25 1d 9a aa ca 71 c3 8b f9 72 5f 27 0e 1c | 50 c4 fd e7 dd 71 bb 3e 43 5f fb da 23 da 48 3e | e8 3c 92 41 ee ba 74 0b 97 c9 5e 42 3a 56 fc 5f | 2c a2 2f ad 31 aa b4 72 ee d3 bc 8b cf 31 c0 3f | 20 87 2c 89 5e 86 8a e7 85 3f 80 e6 7b ea 80 f7 | e7 71 a7 f6 62 75 fe a6 f6 2f c3 d3 64 af 1e 33 | ee ea 25 63 7f 95 57 36 86 d8 2e aa 44 c1 c6 7c | 93 28 2f 30 b9 c5 39 7e 56 10 0a 46 49 91 bd 22 | 2c d5 2b dc b5 4a f5 75 ac e7 57 bb d5 e2 e4 7b | b4 99 bc cc c2 12 64 6b f2 f1 66 2f 32 63 51 72 | 48 35 eb ee ec 68 2d ab 6f 98 29 6f 69 51 c7 21 | c4 ec a1 b0 e7 73 c6 d3 35 3c 89 e8 ab 26 20 bd | 14 00 00 24 de 13 d0 34 96 1d f6 0c 44 3c 9c 37 | c5 00 04 79 b1 50 24 5b 4d 2e 1a 00 d2 38 f9 78 | d6 ed 5d 38 14 00 00 24 57 31 c8 65 c2 6d 9b 46 | 8e 9f 7a 9d 16 a9 f6 c3 63 11 e5 b3 91 41 9c 0a | ef 8f 9d 08 6d aa f4 89 00 00 00 24 65 b0 e1 12 | a1 66 9e 7c e7 f8 86 fa 67 90 fb 05 a9 2a c6 15 | c3 50 5d 4e 06 13 48 05 4d 9e b1 e4 | libevent_free: release ptr-libevent@0x55e900762ea8 | free_event_entry: release EVENT_RETRANSMIT-pe@0x55e900762478 | #1 spent 0.0867 milliseconds in timer_event_cb() EVENT_RETRANSMIT | stop processing: state #1 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in timer_event_cb() at timer.c:557) | spent 0.0029 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 532 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 02 18 69 f8 01 00 7e 07 e4 b3 2c e9 b6 da 95 3d | 84 10 02 00 00 00 00 00 00 00 02 14 00 00 01 f8 | 00 01 01 00 02 18 69 f8 01 00 7e 07 e4 b3 2c e9 | b6 da 95 3d 05 10 02 01 00 00 00 00 00 00 08 0c | 5b cf c5 b9 78 2b 82 71 f5 8c cb 56 ec 6b a8 06 | c6 cb ca cb b5 06 dd f9 fd 0c f6 ba 03 37 a9 92 | c9 8b 71 a9 1b 7e 1f c1 dc 45 d4 f1 91 4d f8 93 | ee 67 8e ed 0d 00 d9 1d 9b 43 38 18 31 6a a4 e5 | 32 47 7b f5 48 b6 28 60 79 58 57 01 b9 ed cf 21 | 86 9b 7a 08 77 1c 0a 60 55 a5 e5 43 51 96 3b a6 | 3e 1c 52 c3 c1 cf cd 79 fa 37 b5 d6 21 d1 fb 70 | d7 f4 c3 74 e5 c4 38 88 6e f7 80 08 f4 e3 5f f7 | 49 75 65 11 07 5d dd be e6 76 d3 4e bd a0 35 7c | ce 80 1c c3 ae c5 b2 1d 62 c1 bd 7a 14 c0 6a 5d | fb 17 08 7a b0 28 48 68 d5 8e 3d 38 a7 48 b3 66 | 98 8a 02 e7 16 7c 7f 3d b1 db 32 7a b4 32 c5 31 | dd a1 3b 8a 6e 18 8e ff 38 85 c9 9b 5c 7f 60 da | 58 b6 5a 4c e2 15 c0 d6 92 df f1 43 fe d3 a5 f1 | 0b e5 8f 9b ec 5c 27 b3 80 25 6b 84 e6 e9 13 86 | ff 17 a2 1c a7 37 28 a8 e3 55 d3 b5 9f 74 8c f5 | 90 2e 4f 0b 0f 31 b1 da 1e 56 7d 95 fc 97 eb be | 57 f3 8d a8 3a f8 00 1a 47 e5 74 45 fc b6 a4 ea | 32 46 b8 db 21 db e3 e4 c3 35 db 0f bc 4c ac 22 | 5c 33 fb 58 0d 8b 05 ec a8 2b e5 c7 46 86 dd 36 | 75 7b 33 db 49 c9 f0 60 e7 b7 77 2e 45 7f f5 9a | cf 58 76 f3 52 14 00 ef 1e ed 17 a2 af f9 51 72 | 4e 2b 95 61 76 91 0d 75 59 35 73 0d 4f 02 50 82 | 75 b0 f0 6a ff 90 4e 9a ec 4f 36 90 0f 9d 6d 30 | 58 ac 9a c0 c4 5d 2b e3 3e 21 c9 76 4f 28 74 04 | e3 c3 fb 67 87 55 16 f6 82 a7 8a 47 3b 37 84 68 | 97 ed a4 8f 88 f1 36 e5 d0 b5 de 32 cc f9 fb 15 | 5b a1 2b 56 6d 51 3f bc 1b cd d2 20 c1 b6 ea 41 | 70 15 32 39 3b f3 cc 5e af db 9d 3a 99 64 ea cd | 26 3a 1f 52 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 02 18 69 f8 01 00 7e 07 | responder cookie: | e4 b3 2c e9 b6 da 95 3d | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 532 (0x214) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) | start processing: state #1 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_v1_packet() at ikev1.c:1459) | ***parse ISAKMP IKE Fragment Payload: | length: 504 (0x1f8) | fragment id: 1 (0x1) | fragment number: 1 (0x1) | flags: 0 (0x0) | received IKE fragment id '1', number '1' | stop processing: from 192.1.2.45:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.129 milliseconds in comm_handle_cb() reading and processing packet | timer_event_cb: processing event@0x55e900760a98 | handling event EVENT_RETRANSMIT for parent state #1 | start processing: state #1 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in timer_event_cb() at timer.c:250) | IKEv1 retransmit event | [RE]START processing: state #1 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in retransmit_v1_msg() at retry.c:61) | handling event EVENT_RETRANSMIT for 192.1.2.45 "westnet-eastnet-x509-cr" #1 keying attempt 0 of 0; retransmit 6 | retransmits: current time 29801.916336; retransmit count 5 exceeds limit? NO; deltatime 16 exceeds limit? NO; monotime 16.018543 exceeds limit? NO | event_schedule: new EVENT_RETRANSMIT-pe@0x55e900762478 | inserting event EVENT_RETRANSMIT, timeout in 16 seconds for #1 | libevent_malloc: new ptr-libevent@0x55e900762ea8 size 128 "westnet-eastnet-x509-cr" #1: STATE_MAIN_R2: retransmission; will wait 16 seconds for response | sending 396 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #1) | 02 18 69 f8 01 00 7e 07 e4 b3 2c e9 b6 da 95 3d | 04 10 02 00 00 00 00 00 00 00 01 8c 0a 00 01 04 | 74 47 b6 8d bb 6e c9 74 8d db 76 e7 a1 6b 55 6f | 9d 4c e4 6d 94 71 b8 86 d5 eb e4 76 25 c7 33 f3 | a0 26 1b c5 27 90 44 3d c9 79 c3 84 de fe 6b 71 | 3a 2a 6e 97 18 37 40 76 d9 03 33 08 70 f3 61 e6 | ec 94 25 1d 9a aa ca 71 c3 8b f9 72 5f 27 0e 1c | 50 c4 fd e7 dd 71 bb 3e 43 5f fb da 23 da 48 3e | e8 3c 92 41 ee ba 74 0b 97 c9 5e 42 3a 56 fc 5f | 2c a2 2f ad 31 aa b4 72 ee d3 bc 8b cf 31 c0 3f | 20 87 2c 89 5e 86 8a e7 85 3f 80 e6 7b ea 80 f7 | e7 71 a7 f6 62 75 fe a6 f6 2f c3 d3 64 af 1e 33 | ee ea 25 63 7f 95 57 36 86 d8 2e aa 44 c1 c6 7c | 93 28 2f 30 b9 c5 39 7e 56 10 0a 46 49 91 bd 22 | 2c d5 2b dc b5 4a f5 75 ac e7 57 bb d5 e2 e4 7b | b4 99 bc cc c2 12 64 6b f2 f1 66 2f 32 63 51 72 | 48 35 eb ee ec 68 2d ab 6f 98 29 6f 69 51 c7 21 | c4 ec a1 b0 e7 73 c6 d3 35 3c 89 e8 ab 26 20 bd | 14 00 00 24 de 13 d0 34 96 1d f6 0c 44 3c 9c 37 | c5 00 04 79 b1 50 24 5b 4d 2e 1a 00 d2 38 f9 78 | d6 ed 5d 38 14 00 00 24 57 31 c8 65 c2 6d 9b 46 | 8e 9f 7a 9d 16 a9 f6 c3 63 11 e5 b3 91 41 9c 0a | ef 8f 9d 08 6d aa f4 89 00 00 00 24 65 b0 e1 12 | a1 66 9e 7c e7 f8 86 fa 67 90 fb 05 a9 2a c6 15 | c3 50 5d 4e 06 13 48 05 4d 9e b1 e4 | libevent_free: release ptr-libevent@0x55e90077c7a8 | free_event_entry: release EVENT_RETRANSMIT-pe@0x55e900760a98 | #1 spent 0.0959 milliseconds in timer_event_cb() EVENT_RETRANSMIT | stop processing: state #1 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in timer_event_cb() at timer.c:557) | spent 0.00127 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 532 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 02 18 69 f8 01 00 7e 07 e4 b3 2c e9 b6 da 95 3d | 84 10 02 00 00 00 00 00 00 00 02 14 00 00 01 f8 | 00 01 02 00 6d c2 9f 50 ef a0 47 62 7d cc d9 b9 | 92 03 0d e9 0d b0 ad 4f 53 45 a0 4c 7f ba 12 f3 | 8d d7 5c 10 4a 68 a8 a0 e6 1d 6c 71 58 a4 e9 d3 | db de 79 13 34 1c ce 5b 86 e6 8a b0 44 5d ba 23 | 32 ed 4e e1 df 58 ca 47 f3 34 b9 f1 c8 71 76 4d | 20 d0 48 62 03 05 3c 86 42 11 0e 3b 32 78 ee ad | ac ae 28 12 fd ea db 6f bb 28 b7 7d 20 85 db 86 | 37 03 41 5a 5e f1 77 b4 91 46 4c 04 fb c5 8a 1e | 54 b0 6b c0 6a 4e 0b 50 da 48 02 5e 76 b4 1a 2f | 5d 40 b3 0b a3 0c db 49 fa f2 69 23 5c f7 78 0f | dd 54 5d 04 1c c8 ab 37 d3 ce c2 ec 82 c5 1d f3 | 76 58 09 dc 6e a7 e5 dd 23 13 84 b3 27 90 9b fa | cf 1c 88 d9 47 62 d0 25 52 a3 87 24 ca 52 9c 89 | 13 5b 8b 8a 5d 65 23 a7 c7 4f c3 f6 e3 4f 5e 62 | b9 6f d1 42 ab ef 0a e1 af 5c ee fc 03 39 c0 98 | 90 1a c5 69 09 45 ca 3a 30 5f c9 62 75 74 59 68 | 4c e5 bf 3a a0 c3 4a 25 43 01 21 94 a2 1f 86 7a | 08 c6 fe d9 85 a1 d2 6d d9 e5 32 2c a9 13 45 43 | d6 ea 49 e5 22 16 5a 2d 88 30 b6 3c 45 1d 72 93 | 94 83 0e db c9 f1 6e 06 eb 44 29 30 52 4d 1c 8b | 9f ff cf e8 62 66 0e 95 73 a3 41 5e 1b 68 97 8f | dd d7 c3 66 b8 13 e3 e9 98 0a 52 ae a6 ff 11 21 | 20 3e ae 59 fc c2 97 12 22 e0 ae 5e 31 08 fa 64 | d4 7d 18 52 7c 45 d8 73 d2 8d e6 9d a6 14 24 b7 | 00 0b 67 eb c9 fb ae 87 bd d1 49 11 36 a0 51 5c | 54 b9 30 fe 8a 1e 2f b7 dc d7 0d 02 d3 41 54 25 | cc 4c d1 a6 b9 74 b9 8f 8f d6 b8 8a dd 5e 99 48 | c9 2c 57 b7 5a 1c 4a bd f5 3f be be 35 a6 29 e3 | 05 f0 70 ed 1a b3 68 ec de e9 54 38 2a 2c 1a 3c | 65 d0 e1 f1 9e 2e 74 f1 ab 43 97 d7 9b e0 4b 8a | 47 22 e5 b3 1c 32 00 65 36 d6 b2 59 b2 a4 a6 7e | 04 f4 05 f5 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 02 18 69 f8 01 00 7e 07 | responder cookie: | e4 b3 2c e9 b6 da 95 3d | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 532 (0x214) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) | start processing: state #1 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_v1_packet() at ikev1.c:1459) | ***parse ISAKMP IKE Fragment Payload: | length: 504 (0x1f8) | fragment id: 1 (0x1) | fragment number: 2 (0x2) | flags: 0 (0x0) | received IKE fragment id '1', number '2' | stop processing: from 192.1.2.45:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.115 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00115 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 532 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 02 18 69 f8 01 00 7e 07 e4 b3 2c e9 b6 da 95 3d | 84 10 02 00 00 00 00 00 00 00 02 14 00 00 01 f8 | 00 01 03 00 c7 ff 62 c3 72 c0 82 58 8b d0 a7 cd | 00 2e f6 01 3f 04 32 07 4d 38 85 18 92 cf 86 a1 | 60 3f 6c 01 56 80 aa b4 ec 73 79 2a 34 77 a4 aa | ca 7d b7 f5 a7 cc ad a8 90 a8 28 c3 e1 5b 3f ea | 47 b4 f1 f5 35 59 57 5c 8f 2b 19 76 18 9e d7 c6 | a7 e9 5b 7f e7 dc 9c 7b cf f3 a7 15 03 78 6f 8c | 18 5c 39 9c 27 80 27 d4 60 c2 35 9c 13 5d 5c c8 | c0 ca 1e b4 2e 09 46 44 0d d0 6a b7 72 48 19 10 | a0 6a 02 1c 9c ec 9d 54 6e 08 03 a9 bc cc c3 4f | aa 7c 91 2a cb 18 dd d5 66 6a 39 2a fe 05 81 b5 | 42 d0 e3 7a a6 59 39 3f 0a 39 7f 7a 76 cb fd 73 | 0b 5e 57 87 30 1c a0 8b ab 0d 95 01 be b2 a3 58 | b2 8b ac 25 64 8d a5 d6 d4 77 f0 ba fa f3 26 81 | af a2 ab a0 c3 33 b4 6f 76 54 f0 57 00 40 ac ec | a1 c1 52 3a 7c 89 18 84 91 df 4d 8a f7 29 c8 1c | 99 1d cd 72 ea 34 84 22 11 12 c7 0f 16 3f f3 ba | 0a 85 ca cd 34 a4 f5 a6 b7 f8 53 86 3c 52 fd b1 | 9b 57 e7 85 97 93 4b 25 69 04 02 52 5d 8c f9 cf | ce 7d 85 08 6c fa ea 59 77 e5 cd ba 9d 91 5c 06 | 43 6b b5 a0 37 88 cd 25 5c 3f d1 64 78 93 78 e8 | 3e df e8 af 33 a3 5c 45 b8 ff 23 a7 cf d9 3c ff | b4 21 51 2a 31 23 06 43 3b 3c 23 48 84 13 f9 a5 | 59 cb a0 1e 35 f6 e6 86 9b 18 8d b9 9c a7 7c 87 | 9e d4 2f d8 0b b1 ce 96 55 94 62 c0 35 8f 1f 37 | a4 b3 8a 0d b4 9a 6e 9d 6c cd d3 92 50 91 42 4f | 53 b1 9c 18 80 45 03 60 21 ce eb cc 8a 8e 6d 1a | d5 f6 4e b5 4a dd b9 0c 93 26 74 4b 67 18 00 2e | 77 d1 2b 59 40 f3 6e 6e fa 03 62 bb 8d 05 2b 6f | 58 95 88 8f 88 e6 7e 6b 3e 71 20 fe 85 ca bf a0 | e1 86 50 bb 72 a0 f0 4b f2 42 cb f6 d5 c4 dc b2 | c1 ca 92 5e 2d bb 1e ef 5e fb ab d7 be 4b 9f 2e | eb 39 ed 3b | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 02 18 69 f8 01 00 7e 07 | responder cookie: | e4 b3 2c e9 b6 da 95 3d | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 532 (0x214) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) | start processing: state #1 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_v1_packet() at ikev1.c:1459) | ***parse ISAKMP IKE Fragment Payload: | length: 504 (0x1f8) | fragment id: 1 (0x1) | fragment number: 3 (0x3) | flags: 0 (0x0) | received IKE fragment id '1', number '3' | stop processing: from 192.1.2.45:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.111 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00116 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 532 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 02 18 69 f8 01 00 7e 07 e4 b3 2c e9 b6 da 95 3d | 84 10 02 00 00 00 00 00 00 00 02 14 00 00 01 f8 | 00 01 04 00 03 b4 2b e9 a9 12 da 5a b1 8e ea a5 | 16 a1 54 d2 c2 79 58 19 4b 67 5f a5 95 c8 6f 5f | b2 21 16 f6 98 06 be a1 47 c7 ff f0 5f dd bc f5 | b6 33 fd cf 98 27 c0 ce 15 34 e7 66 d5 e7 79 22 | 74 60 61 14 39 15 e0 45 1b 7a d5 55 6b 09 1c e2 | 66 a5 e5 fd 8a 22 c1 c0 05 3f 11 73 d7 d2 51 dc | 0d eb 25 7f 8b d5 68 e1 e6 72 4d 23 59 4f 2d ab | 06 bb 19 c8 a3 08 16 92 75 90 c3 55 b2 41 91 43 | 12 41 b1 1b 59 56 30 f6 ae c4 05 7b 4a 0c 50 ca | 07 f4 4d d7 a3 a5 ee e8 49 b0 36 bd 57 f7 85 66 | 98 7e 1b 4e 04 65 52 41 7e 7a cb d3 a3 0b ab 67 | 05 de 36 42 f0 02 64 bc 08 70 46 f2 d1 f4 4f 7c | 33 78 5b ea 63 75 49 ad 05 84 38 68 c7 5c be 0b | 07 3e cb 9c 7a 5b c4 8d 96 9e 5a 1d 7c 80 af 99 | d5 d1 9d 09 6b b9 94 1a 59 fe b9 e7 4c cb 39 ba | 51 c4 6c 45 80 be 01 31 28 39 5a 58 a8 4f 9d 34 | 65 ed ba 7c 3b c5 f0 9c 98 0d 88 f5 b0 ac bb 6f | df 39 e8 e8 40 e2 fc e6 1f ab 68 cb ca ab 37 dd | 18 3d a6 df 34 2a 90 15 fa 1e 5d a5 66 95 c2 68 | 58 ac 83 7b ea 44 f5 75 cc 86 c0 1a 4a 46 5d 59 | 74 75 92 cc 11 d0 f3 08 81 f5 e0 68 4c 91 ef 6d | 6d 06 0e c6 aa a7 8f 67 69 1b 6a d9 69 56 9a 2e | a0 ff 45 c7 45 e7 f5 a5 3b a4 55 99 9f 46 05 49 | 95 f2 5e 1b 92 c9 dc 3d b4 36 75 fa 19 cb 73 ef | e8 ec 05 81 a1 36 fa 3b 81 81 ac 16 67 3b e0 1c | c7 a7 ea 8a 94 77 c1 aa 0c 3c 76 f2 a0 5a a2 7d | 5b 8d 55 3e de ea f0 eb 38 c9 64 1d 60 18 00 36 | 05 e6 20 6f 92 c2 bc d0 99 3b 48 17 73 38 7b fd | 56 58 f9 d1 2a e7 84 12 66 e0 2c bb a5 e9 d8 66 | 10 0c 2a 59 66 d6 e0 8c 60 45 ac ed 35 16 4e 0f | f0 96 b7 d3 fb 0a cb 6b 48 82 fc a0 e4 c7 da 8f | 84 51 7b d0 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 02 18 69 f8 01 00 7e 07 | responder cookie: | e4 b3 2c e9 b6 da 95 3d | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 532 (0x214) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) | start processing: state #1 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_v1_packet() at ikev1.c:1459) | ***parse ISAKMP IKE Fragment Payload: | length: 504 (0x1f8) | fragment id: 1 (0x1) | fragment number: 4 (0x4) | flags: 0 (0x0) | received IKE fragment id '1', number '4' | stop processing: from 192.1.2.45:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.114 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00125 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 112 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 02 18 69 f8 01 00 7e 07 e4 b3 2c e9 b6 da 95 3d | 84 10 02 00 00 00 00 00 00 00 00 70 00 00 00 54 | 00 01 05 01 5c e7 a9 6d 43 20 ae 8a 5c 6e d4 71 | c1 7a 6d a7 23 82 f0 2e d9 b3 d1 ad 0a 43 3d 20 | 85 84 5c f6 24 17 75 ed 08 7d 90 26 41 57 e5 26 | 7d f0 bb 2b f7 f7 ac 0d da 50 d6 92 fd 3a e7 84 | 79 6b 83 91 60 8a 42 e0 46 99 2f 3b 39 ba 10 15 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 02 18 69 f8 01 00 7e 07 | responder cookie: | e4 b3 2c e9 b6 da 95 3d | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 112 (0x70) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) | start processing: state #1 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_v1_packet() at ikev1.c:1459) | ***parse ISAKMP IKE Fragment Payload: | length: 84 (0x54) | fragment id: 1 (0x1) | fragment number: 5 (0x5) | flags: 1 (0x1) | received IKE fragment id '1', number '5'(last) | **parse ISAKMP Message: | initiator cookie: | 02 18 69 f8 01 00 7e 07 | responder cookie: | e4 b3 2c e9 b6 da 95 3d | next payload type: ISAKMP_NEXT_ID (0x5) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 0 (0x0) | length: 2060 (0x80c) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) | [RE]START processing: state #1 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_v1_packet() at ikev1.c:1459) | #1 is idle | #1 idle | received encrypted packet from 192.1.2.45:500 | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x220 opt: 0x20c0 | ***parse ISAKMP Identification Payload: | next payload type: ISAKMP_NEXT_CERT (0x6) | length: 191 (0xbf) | ID type: ID_DER_ASN1_DN (0x9) | DOI specific A: 0 (0x0) | DOI specific B: 0 (0x0) | obj: 30 81 b4 31 0b 30 09 06 03 55 04 06 13 02 43 41 | obj: 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 | obj: 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 | obj: 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c | obj: 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 | obj: 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 | obj: 6e 74 31 23 30 21 06 03 55 04 03 0c 1a 77 65 73 | obj: 74 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 | obj: 77 61 6e 2e 6f 72 67 31 2e 30 2c 06 09 2a 86 48 | obj: 86 f7 0d 01 09 01 16 1f 75 73 65 72 2d 77 65 73 | obj: 74 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 | obj: 77 61 6e 2e 6f 72 67 | got payload 0x40 (ISAKMP_NEXT_CERT) needed: 0x200 opt: 0x20c0 | ***parse ISAKMP Certificate Payload: | next payload type: ISAKMP_NEXT_CR (0x7) | length: 1265 (0x4f1) | cert encoding: CERT_X509_SIGNATURE (0x4) | got payload 0x80 (ISAKMP_NEXT_CR) needed: 0x200 opt: 0x20c0 | ***parse ISAKMP Certificate RequestPayload: | next payload type: ISAKMP_NEXT_SIG (0x9) | length: 180 (0xb4) | cert type: CERT_X509_SIGNATURE (0x4) | got payload 0x200 (ISAKMP_NEXT_SIG) needed: 0x200 opt: 0x20c0 | ***parse ISAKMP Signature Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 388 (0x184) | removing 8 bytes of padding | message 'main_inI3_outR3' HASH payload not checked early | DER ASN1 DN: 30 81 b4 31 0b 30 09 06 03 55 04 06 13 02 43 41 | DER ASN1 DN: 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 | DER ASN1 DN: 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 | DER ASN1 DN: 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c | DER ASN1 DN: 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 | DER ASN1 DN: 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 | DER ASN1 DN: 6e 74 31 23 30 21 06 03 55 04 03 0c 1a 77 65 73 | DER ASN1 DN: 74 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 | DER ASN1 DN: 77 61 6e 2e 6f 72 67 31 2e 30 2c 06 09 2a 86 48 | DER ASN1 DN: 86 f7 0d 01 09 01 16 1f 75 73 65 72 2d 77 65 73 | DER ASN1 DN: 74 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 | DER ASN1 DN: 77 61 6e 2e 6f 72 67 "westnet-eastnet-x509-cr" #1: Peer ID is ID_DER_ASN1_DN: 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west.testing.libreswan.org, E=user-west@testing.libreswan.org' | global one-shot timer EVENT_FREE_ROOT_CERTS scheduled in 300 seconds | #1 spent 0.00453 milliseconds in find_and_verify_certs() calling get_root_certs() | checking for known CERT payloads | saving certificate of type 'X509_SIGNATURE' | decoded cert: E=user-west@testing.libreswan.org,CN=west.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA | #1 spent 0.274 milliseconds in find_and_verify_certs() calling decode_cert_payloads() | cert_issuer_has_current_crl: looking for a CRL issued by E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA | #1 spent 0.0381 milliseconds in find_and_verify_certs() calling crl_update_check() | missing or expired CRL | crl_strict: 0, ocsp: 0, ocsp_strict: 0, ocsp_post: 0 | verify_end_cert trying profile IPsec "westnet-eastnet-x509-cr" #1: Certificate E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA failed IPsec verification "westnet-eastnet-x509-cr" #1: ERROR: The certificate was signed using a signature algorithm that is disabled because it is not secure. | #1 spent 0.363 milliseconds in find_and_verify_certs() calling verify_end_cert() "westnet-eastnet-x509-cr" #1: X509: Certificate rejected for this connection "westnet-eastnet-x509-cr" #1: X509: CERT payload bogus or revoked | Peer ID failed to decode | complete v1 state transition with INVALID_ID_INFORMATION | [RE]START processing: state #1 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in complete_v1_state_transition() at ikev1.c:2673) | #1 is idle "westnet-eastnet-x509-cr" #1: sending encrypted notification INVALID_ID_INFORMATION to 192.1.2.45:500 | **emit ISAKMP Message: | initiator cookie: | 02 18 69 f8 01 00 7e 07 | responder cookie: | e4 b3 2c e9 b6 da 95 3d | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_INFO (0x5) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 1135407530 (0x43acf1aa) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'notification msg' | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload | emitting length of ISAKMP Hash Payload: 36 | ***emit ISAKMP Notification Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | DOI: ISAKMP_DOI_IPSEC (0x1) | protocol ID: 1 (0x1) | SPI size: 0 (0x0) | Notify Message Type: INVALID_ID_INFORMATION (0x12) | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Notification Payload (11:ISAKMP_NEXT_N) | next payload chain: saving location 'ISAKMP Notification Payload'.'next payload type' in 'notification msg' | emitting length of ISAKMP Notification Payload: 12 | send notification HASH(1): | 9a 99 15 23 18 dc b8 fa 9f c4 cd 89 aa 08 06 76 | c8 db c0 00 6f 13 39 e5 09 74 f5 02 28 4a 5d fa | no IKEv1 message padding required | emitting length of ISAKMP Message: 76 | sending 76 bytes for notification packet through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #1) | 02 18 69 f8 01 00 7e 07 e4 b3 2c e9 b6 da 95 3d | 08 10 05 01 43 ac f1 aa 00 00 00 4c 0c d8 54 68 | b0 bc de 83 71 1b ba 65 24 26 6a 2a 32 f2 36 76 | 5e d3 93 14 ef 8c d9 04 ee c3 ce fc 6d f4 f0 17 | ba 15 b0 80 51 bc 2e 60 a0 93 00 c1 | state transition function for STATE_MAIN_R2 failed: INVALID_ID_INFORMATION | #1 spent 0.949 milliseconds in process_packet_tail() | updated IKE fragment state to respond using fragments without waiting for re-transmits | stop processing: from 192.1.2.45:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 1.15 milliseconds in comm_handle_cb() reading and processing packet | processing global timer EVENT_SHUNT_SCAN | expiring aged bare shunts from shunt table | spent 0.0137 milliseconds in global timer EVENT_SHUNT_SCAN | processing global timer EVENT_NAT_T_KEEPALIVE | FOR_EACH_STATE_... in nat_traversal_ka_event (for_each_state) | start processing: state #1 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in for_each_state() at state.c:1575) | not behind NAT: no NAT-T KEEP-ALIVE required for conn westnet-eastnet-x509-cr | stop processing: state #1 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in for_each_state() at state.c:1577) | spent 0.013 milliseconds in global timer EVENT_NAT_T_KEEPALIVE | timer_event_cb: processing event@0x55e900762478 | handling event EVENT_RETRANSMIT for parent state #1 | start processing: state #1 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in timer_event_cb() at timer.c:250) | IKEv1 retransmit event | [RE]START processing: state #1 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in retransmit_v1_msg() at retry.c:61) | handling event EVENT_RETRANSMIT for 192.1.2.45 "westnet-eastnet-x509-cr" #1 keying attempt 0 of 0; retransmit 7 | retransmits: current time 29817.928816; retransmit count 6 exceeds limit? NO; deltatime 32 exceeds limit? NO; monotime 32.031023 exceeds limit? NO | event_schedule: new EVENT_RETRANSMIT-pe@0x55e900760a98 | inserting event EVENT_RETRANSMIT, timeout in 32 seconds for #1 | libevent_malloc: new ptr-libevent@0x55e90077c7a8 size 128 "westnet-eastnet-x509-cr" #1: STATE_MAIN_R2: retransmission; will wait 32 seconds for response | sending 396 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #1) | 02 18 69 f8 01 00 7e 07 e4 b3 2c e9 b6 da 95 3d | 04 10 02 00 00 00 00 00 00 00 01 8c 0a 00 01 04 | 74 47 b6 8d bb 6e c9 74 8d db 76 e7 a1 6b 55 6f | 9d 4c e4 6d 94 71 b8 86 d5 eb e4 76 25 c7 33 f3 | a0 26 1b c5 27 90 44 3d c9 79 c3 84 de fe 6b 71 | 3a 2a 6e 97 18 37 40 76 d9 03 33 08 70 f3 61 e6 | ec 94 25 1d 9a aa ca 71 c3 8b f9 72 5f 27 0e 1c | 50 c4 fd e7 dd 71 bb 3e 43 5f fb da 23 da 48 3e | e8 3c 92 41 ee ba 74 0b 97 c9 5e 42 3a 56 fc 5f | 2c a2 2f ad 31 aa b4 72 ee d3 bc 8b cf 31 c0 3f | 20 87 2c 89 5e 86 8a e7 85 3f 80 e6 7b ea 80 f7 | e7 71 a7 f6 62 75 fe a6 f6 2f c3 d3 64 af 1e 33 | ee ea 25 63 7f 95 57 36 86 d8 2e aa 44 c1 c6 7c | 93 28 2f 30 b9 c5 39 7e 56 10 0a 46 49 91 bd 22 | 2c d5 2b dc b5 4a f5 75 ac e7 57 bb d5 e2 e4 7b | b4 99 bc cc c2 12 64 6b f2 f1 66 2f 32 63 51 72 | 48 35 eb ee ec 68 2d ab 6f 98 29 6f 69 51 c7 21 | c4 ec a1 b0 e7 73 c6 d3 35 3c 89 e8 ab 26 20 bd | 14 00 00 24 de 13 d0 34 96 1d f6 0c 44 3c 9c 37 | c5 00 04 79 b1 50 24 5b 4d 2e 1a 00 d2 38 f9 78 | d6 ed 5d 38 14 00 00 24 57 31 c8 65 c2 6d 9b 46 | 8e 9f 7a 9d 16 a9 f6 c3 63 11 e5 b3 91 41 9c 0a | ef 8f 9d 08 6d aa f4 89 00 00 00 24 65 b0 e1 12 | a1 66 9e 7c e7 f8 86 fa 67 90 fb 05 a9 2a c6 15 | c3 50 5d 4e 06 13 48 05 4d 9e b1 e4 | libevent_free: release ptr-libevent@0x55e900762ea8 | free_event_entry: release EVENT_RETRANSMIT-pe@0x55e900762478 | #1 spent 0.119 milliseconds in timer_event_cb() EVENT_RETRANSMIT | stop processing: state #1 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in timer_event_cb() at timer.c:557) | spent 0.00179 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 532 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 02 18 69 f8 01 00 7e 07 e4 b3 2c e9 b6 da 95 3d | 84 10 02 00 00 00 00 00 00 00 02 14 00 00 01 f8 | 00 01 01 00 02 18 69 f8 01 00 7e 07 e4 b3 2c e9 | b6 da 95 3d 05 10 02 01 00 00 00 00 00 00 08 0c | 5b cf c5 b9 78 2b 82 71 f5 8c cb 56 ec 6b a8 06 | c6 cb ca cb b5 06 dd f9 fd 0c f6 ba 03 37 a9 92 | c9 8b 71 a9 1b 7e 1f c1 dc 45 d4 f1 91 4d f8 93 | ee 67 8e ed 0d 00 d9 1d 9b 43 38 18 31 6a a4 e5 | 32 47 7b f5 48 b6 28 60 79 58 57 01 b9 ed cf 21 | 86 9b 7a 08 77 1c 0a 60 55 a5 e5 43 51 96 3b a6 | 3e 1c 52 c3 c1 cf cd 79 fa 37 b5 d6 21 d1 fb 70 | d7 f4 c3 74 e5 c4 38 88 6e f7 80 08 f4 e3 5f f7 | 49 75 65 11 07 5d dd be e6 76 d3 4e bd a0 35 7c | ce 80 1c c3 ae c5 b2 1d 62 c1 bd 7a 14 c0 6a 5d | fb 17 08 7a b0 28 48 68 d5 8e 3d 38 a7 48 b3 66 | 98 8a 02 e7 16 7c 7f 3d b1 db 32 7a b4 32 c5 31 | dd a1 3b 8a 6e 18 8e ff 38 85 c9 9b 5c 7f 60 da | 58 b6 5a 4c e2 15 c0 d6 92 df f1 43 fe d3 a5 f1 | 0b e5 8f 9b ec 5c 27 b3 80 25 6b 84 e6 e9 13 86 | ff 17 a2 1c a7 37 28 a8 e3 55 d3 b5 9f 74 8c f5 | 90 2e 4f 0b 0f 31 b1 da 1e 56 7d 95 fc 97 eb be | 57 f3 8d a8 3a f8 00 1a 47 e5 74 45 fc b6 a4 ea | 32 46 b8 db 21 db e3 e4 c3 35 db 0f bc 4c ac 22 | 5c 33 fb 58 0d 8b 05 ec a8 2b e5 c7 46 86 dd 36 | 75 7b 33 db 49 c9 f0 60 e7 b7 77 2e 45 7f f5 9a | cf 58 76 f3 52 14 00 ef 1e ed 17 a2 af f9 51 72 | 4e 2b 95 61 76 91 0d 75 59 35 73 0d 4f 02 50 82 | 75 b0 f0 6a ff 90 4e 9a ec 4f 36 90 0f 9d 6d 30 | 58 ac 9a c0 c4 5d 2b e3 3e 21 c9 76 4f 28 74 04 | e3 c3 fb 67 87 55 16 f6 82 a7 8a 47 3b 37 84 68 | 97 ed a4 8f 88 f1 36 e5 d0 b5 de 32 cc f9 fb 15 | 5b a1 2b 56 6d 51 3f bc 1b cd d2 20 c1 b6 ea 41 | 70 15 32 39 3b f3 cc 5e af db 9d 3a 99 64 ea cd | 26 3a 1f 52 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 02 18 69 f8 01 00 7e 07 | responder cookie: | e4 b3 2c e9 b6 da 95 3d | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 532 (0x214) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) | start processing: state #1 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_v1_packet() at ikev1.c:1459) | ***parse ISAKMP IKE Fragment Payload: | length: 504 (0x1f8) | fragment id: 1 (0x1) | fragment number: 1 (0x1) | flags: 0 (0x0) | received IKE fragment id '1', number '1' | stop processing: from 192.1.2.45:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.114 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00123 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 532 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 02 18 69 f8 01 00 7e 07 e4 b3 2c e9 b6 da 95 3d | 84 10 02 00 00 00 00 00 00 00 02 14 00 00 01 f8 | 00 01 02 00 6d c2 9f 50 ef a0 47 62 7d cc d9 b9 | 92 03 0d e9 0d b0 ad 4f 53 45 a0 4c 7f ba 12 f3 | 8d d7 5c 10 4a 68 a8 a0 e6 1d 6c 71 58 a4 e9 d3 | db de 79 13 34 1c ce 5b 86 e6 8a b0 44 5d ba 23 | 32 ed 4e e1 df 58 ca 47 f3 34 b9 f1 c8 71 76 4d | 20 d0 48 62 03 05 3c 86 42 11 0e 3b 32 78 ee ad | ac ae 28 12 fd ea db 6f bb 28 b7 7d 20 85 db 86 | 37 03 41 5a 5e f1 77 b4 91 46 4c 04 fb c5 8a 1e | 54 b0 6b c0 6a 4e 0b 50 da 48 02 5e 76 b4 1a 2f | 5d 40 b3 0b a3 0c db 49 fa f2 69 23 5c f7 78 0f | dd 54 5d 04 1c c8 ab 37 d3 ce c2 ec 82 c5 1d f3 | 76 58 09 dc 6e a7 e5 dd 23 13 84 b3 27 90 9b fa | cf 1c 88 d9 47 62 d0 25 52 a3 87 24 ca 52 9c 89 | 13 5b 8b 8a 5d 65 23 a7 c7 4f c3 f6 e3 4f 5e 62 | b9 6f d1 42 ab ef 0a e1 af 5c ee fc 03 39 c0 98 | 90 1a c5 69 09 45 ca 3a 30 5f c9 62 75 74 59 68 | 4c e5 bf 3a a0 c3 4a 25 43 01 21 94 a2 1f 86 7a | 08 c6 fe d9 85 a1 d2 6d d9 e5 32 2c a9 13 45 43 | d6 ea 49 e5 22 16 5a 2d 88 30 b6 3c 45 1d 72 93 | 94 83 0e db c9 f1 6e 06 eb 44 29 30 52 4d 1c 8b | 9f ff cf e8 62 66 0e 95 73 a3 41 5e 1b 68 97 8f | dd d7 c3 66 b8 13 e3 e9 98 0a 52 ae a6 ff 11 21 | 20 3e ae 59 fc c2 97 12 22 e0 ae 5e 31 08 fa 64 | d4 7d 18 52 7c 45 d8 73 d2 8d e6 9d a6 14 24 b7 | 00 0b 67 eb c9 fb ae 87 bd d1 49 11 36 a0 51 5c | 54 b9 30 fe 8a 1e 2f b7 dc d7 0d 02 d3 41 54 25 | cc 4c d1 a6 b9 74 b9 8f 8f d6 b8 8a dd 5e 99 48 | c9 2c 57 b7 5a 1c 4a bd f5 3f be be 35 a6 29 e3 | 05 f0 70 ed 1a b3 68 ec de e9 54 38 2a 2c 1a 3c | 65 d0 e1 f1 9e 2e 74 f1 ab 43 97 d7 9b e0 4b 8a | 47 22 e5 b3 1c 32 00 65 36 d6 b2 59 b2 a4 a6 7e | 04 f4 05 f5 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 02 18 69 f8 01 00 7e 07 | responder cookie: | e4 b3 2c e9 b6 da 95 3d | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 532 (0x214) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) | start processing: state #1 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_v1_packet() at ikev1.c:1459) | ***parse ISAKMP IKE Fragment Payload: | length: 504 (0x1f8) | fragment id: 1 (0x1) | fragment number: 2 (0x2) | flags: 0 (0x0) | received IKE fragment id '1', number '2' | stop processing: from 192.1.2.45:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.0759 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00102 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 532 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 02 18 69 f8 01 00 7e 07 e4 b3 2c e9 b6 da 95 3d | 84 10 02 00 00 00 00 00 00 00 02 14 00 00 01 f8 | 00 01 03 00 c7 ff 62 c3 72 c0 82 58 8b d0 a7 cd | 00 2e f6 01 3f 04 32 07 4d 38 85 18 92 cf 86 a1 | 60 3f 6c 01 56 80 aa b4 ec 73 79 2a 34 77 a4 aa | ca 7d b7 f5 a7 cc ad a8 90 a8 28 c3 e1 5b 3f ea | 47 b4 f1 f5 35 59 57 5c 8f 2b 19 76 18 9e d7 c6 | a7 e9 5b 7f e7 dc 9c 7b cf f3 a7 15 03 78 6f 8c | 18 5c 39 9c 27 80 27 d4 60 c2 35 9c 13 5d 5c c8 | c0 ca 1e b4 2e 09 46 44 0d d0 6a b7 72 48 19 10 | a0 6a 02 1c 9c ec 9d 54 6e 08 03 a9 bc cc c3 4f | aa 7c 91 2a cb 18 dd d5 66 6a 39 2a fe 05 81 b5 | 42 d0 e3 7a a6 59 39 3f 0a 39 7f 7a 76 cb fd 73 | 0b 5e 57 87 30 1c a0 8b ab 0d 95 01 be b2 a3 58 | b2 8b ac 25 64 8d a5 d6 d4 77 f0 ba fa f3 26 81 | af a2 ab a0 c3 33 b4 6f 76 54 f0 57 00 40 ac ec | a1 c1 52 3a 7c 89 18 84 91 df 4d 8a f7 29 c8 1c | 99 1d cd 72 ea 34 84 22 11 12 c7 0f 16 3f f3 ba | 0a 85 ca cd 34 a4 f5 a6 b7 f8 53 86 3c 52 fd b1 | 9b 57 e7 85 97 93 4b 25 69 04 02 52 5d 8c f9 cf | ce 7d 85 08 6c fa ea 59 77 e5 cd ba 9d 91 5c 06 | 43 6b b5 a0 37 88 cd 25 5c 3f d1 64 78 93 78 e8 | 3e df e8 af 33 a3 5c 45 b8 ff 23 a7 cf d9 3c ff | b4 21 51 2a 31 23 06 43 3b 3c 23 48 84 13 f9 a5 | 59 cb a0 1e 35 f6 e6 86 9b 18 8d b9 9c a7 7c 87 | 9e d4 2f d8 0b b1 ce 96 55 94 62 c0 35 8f 1f 37 | a4 b3 8a 0d b4 9a 6e 9d 6c cd d3 92 50 91 42 4f | 53 b1 9c 18 80 45 03 60 21 ce eb cc 8a 8e 6d 1a | d5 f6 4e b5 4a dd b9 0c 93 26 74 4b 67 18 00 2e | 77 d1 2b 59 40 f3 6e 6e fa 03 62 bb 8d 05 2b 6f | 58 95 88 8f 88 e6 7e 6b 3e 71 20 fe 85 ca bf a0 | e1 86 50 bb 72 a0 f0 4b f2 42 cb f6 d5 c4 dc b2 | c1 ca 92 5e 2d bb 1e ef 5e fb ab d7 be 4b 9f 2e | eb 39 ed 3b | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 02 18 69 f8 01 00 7e 07 | responder cookie: | e4 b3 2c e9 b6 da 95 3d | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 532 (0x214) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) | start processing: state #1 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_v1_packet() at ikev1.c:1459) | ***parse ISAKMP IKE Fragment Payload: | length: 504 (0x1f8) | fragment id: 1 (0x1) | fragment number: 3 (0x3) | flags: 0 (0x0) | received IKE fragment id '1', number '3' | stop processing: from 192.1.2.45:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.091 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00115 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 532 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 02 18 69 f8 01 00 7e 07 e4 b3 2c e9 b6 da 95 3d | 84 10 02 00 00 00 00 00 00 00 02 14 00 00 01 f8 | 00 01 04 00 03 b4 2b e9 a9 12 da 5a b1 8e ea a5 | 16 a1 54 d2 c2 79 58 19 4b 67 5f a5 95 c8 6f 5f | b2 21 16 f6 98 06 be a1 47 c7 ff f0 5f dd bc f5 | b6 33 fd cf 98 27 c0 ce 15 34 e7 66 d5 e7 79 22 | 74 60 61 14 39 15 e0 45 1b 7a d5 55 6b 09 1c e2 | 66 a5 e5 fd 8a 22 c1 c0 05 3f 11 73 d7 d2 51 dc | 0d eb 25 7f 8b d5 68 e1 e6 72 4d 23 59 4f 2d ab | 06 bb 19 c8 a3 08 16 92 75 90 c3 55 b2 41 91 43 | 12 41 b1 1b 59 56 30 f6 ae c4 05 7b 4a 0c 50 ca | 07 f4 4d d7 a3 a5 ee e8 49 b0 36 bd 57 f7 85 66 | 98 7e 1b 4e 04 65 52 41 7e 7a cb d3 a3 0b ab 67 | 05 de 36 42 f0 02 64 bc 08 70 46 f2 d1 f4 4f 7c | 33 78 5b ea 63 75 49 ad 05 84 38 68 c7 5c be 0b | 07 3e cb 9c 7a 5b c4 8d 96 9e 5a 1d 7c 80 af 99 | d5 d1 9d 09 6b b9 94 1a 59 fe b9 e7 4c cb 39 ba | 51 c4 6c 45 80 be 01 31 28 39 5a 58 a8 4f 9d 34 | 65 ed ba 7c 3b c5 f0 9c 98 0d 88 f5 b0 ac bb 6f | df 39 e8 e8 40 e2 fc e6 1f ab 68 cb ca ab 37 dd | 18 3d a6 df 34 2a 90 15 fa 1e 5d a5 66 95 c2 68 | 58 ac 83 7b ea 44 f5 75 cc 86 c0 1a 4a 46 5d 59 | 74 75 92 cc 11 d0 f3 08 81 f5 e0 68 4c 91 ef 6d | 6d 06 0e c6 aa a7 8f 67 69 1b 6a d9 69 56 9a 2e | a0 ff 45 c7 45 e7 f5 a5 3b a4 55 99 9f 46 05 49 | 95 f2 5e 1b 92 c9 dc 3d b4 36 75 fa 19 cb 73 ef | e8 ec 05 81 a1 36 fa 3b 81 81 ac 16 67 3b e0 1c | c7 a7 ea 8a 94 77 c1 aa 0c 3c 76 f2 a0 5a a2 7d | 5b 8d 55 3e de ea f0 eb 38 c9 64 1d 60 18 00 36 | 05 e6 20 6f 92 c2 bc d0 99 3b 48 17 73 38 7b fd | 56 58 f9 d1 2a e7 84 12 66 e0 2c bb a5 e9 d8 66 | 10 0c 2a 59 66 d6 e0 8c 60 45 ac ed 35 16 4e 0f | f0 96 b7 d3 fb 0a cb 6b 48 82 fc a0 e4 c7 da 8f | 84 51 7b d0 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 02 18 69 f8 01 00 7e 07 | responder cookie: | e4 b3 2c e9 b6 da 95 3d | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 532 (0x214) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) | start processing: state #1 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_v1_packet() at ikev1.c:1459) | ***parse ISAKMP IKE Fragment Payload: | length: 504 (0x1f8) | fragment id: 1 (0x1) | fragment number: 4 (0x4) | flags: 0 (0x0) | received IKE fragment id '1', number '4' | stop processing: from 192.1.2.45:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.0758 milliseconds in comm_handle_cb() reading and processing packet | spent 0.000992 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 112 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 02 18 69 f8 01 00 7e 07 e4 b3 2c e9 b6 da 95 3d | 84 10 02 00 00 00 00 00 00 00 00 70 00 00 00 54 | 00 01 05 01 5c e7 a9 6d 43 20 ae 8a 5c 6e d4 71 | c1 7a 6d a7 23 82 f0 2e d9 b3 d1 ad 0a 43 3d 20 | 85 84 5c f6 24 17 75 ed 08 7d 90 26 41 57 e5 26 | 7d f0 bb 2b f7 f7 ac 0d da 50 d6 92 fd 3a e7 84 | 79 6b 83 91 60 8a 42 e0 46 99 2f 3b 39 ba 10 15 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 02 18 69 f8 01 00 7e 07 | responder cookie: | e4 b3 2c e9 b6 da 95 3d | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 112 (0x70) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) | start processing: state #1 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_v1_packet() at ikev1.c:1459) | ***parse ISAKMP IKE Fragment Payload: | length: 84 (0x54) | fragment id: 1 (0x1) | fragment number: 5 (0x5) | flags: 1 (0x1) | received IKE fragment id '1', number '5'(last) | **parse ISAKMP Message: | initiator cookie: | 02 18 69 f8 01 00 7e 07 | responder cookie: | e4 b3 2c e9 b6 da 95 3d | next payload type: ISAKMP_NEXT_ID (0x5) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 0 (0x0) | length: 2060 (0x80c) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) | [RE]START processing: state #1 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_v1_packet() at ikev1.c:1459) | #1 is idle | #1 idle | received encrypted packet from 192.1.2.45:500 | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x220 opt: 0x20c0 | ***parse ISAKMP Identification Payload: | next payload type: ISAKMP_NEXT_CERT (0x6) | length: 191 (0xbf) | ID type: ID_DER_ASN1_DN (0x9) | DOI specific A: 0 (0x0) | DOI specific B: 0 (0x0) | obj: 30 81 b4 31 0b 30 09 06 03 55 04 06 13 02 43 41 | obj: 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 | obj: 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 | obj: 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c | obj: 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 | obj: 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 | obj: 6e 74 31 23 30 21 06 03 55 04 03 0c 1a 77 65 73 | obj: 74 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 | obj: 77 61 6e 2e 6f 72 67 31 2e 30 2c 06 09 2a 86 48 | obj: 86 f7 0d 01 09 01 16 1f 75 73 65 72 2d 77 65 73 | obj: 74 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 | obj: 77 61 6e 2e 6f 72 67 | got payload 0x40 (ISAKMP_NEXT_CERT) needed: 0x200 opt: 0x20c0 | ***parse ISAKMP Certificate Payload: | next payload type: ISAKMP_NEXT_CR (0x7) | length: 1265 (0x4f1) | cert encoding: CERT_X509_SIGNATURE (0x4) | got payload 0x80 (ISAKMP_NEXT_CR) needed: 0x200 opt: 0x20c0 | ***parse ISAKMP Certificate RequestPayload: | next payload type: ISAKMP_NEXT_SIG (0x9) | length: 180 (0xb4) | cert type: CERT_X509_SIGNATURE (0x4) | got payload 0x200 (ISAKMP_NEXT_SIG) needed: 0x200 opt: 0x20c0 | ***parse ISAKMP Signature Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 388 (0x184) | removing 8 bytes of padding | message 'main_inI3_outR3' HASH payload not checked early | DER ASN1 DN: 30 81 b4 31 0b 30 09 06 03 55 04 06 13 02 43 41 | DER ASN1 DN: 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 | DER ASN1 DN: 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 | DER ASN1 DN: 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c | DER ASN1 DN: 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 | DER ASN1 DN: 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 | DER ASN1 DN: 6e 74 31 23 30 21 06 03 55 04 03 0c 1a 77 65 73 | DER ASN1 DN: 74 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 | DER ASN1 DN: 77 61 6e 2e 6f 72 67 31 2e 30 2c 06 09 2a 86 48 | DER ASN1 DN: 86 f7 0d 01 09 01 16 1f 75 73 65 72 2d 77 65 73 | DER ASN1 DN: 74 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 | DER ASN1 DN: 77 61 6e 2e 6f 72 67 "westnet-eastnet-x509-cr" #1: Peer ID is ID_DER_ASN1_DN: 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west.testing.libreswan.org, E=user-west@testing.libreswan.org' | global one-shot timer EVENT_FREE_ROOT_CERTS scheduled in 300 seconds | #1 spent 0.0035 milliseconds in find_and_verify_certs() calling get_root_certs() | checking for known CERT payloads | saving certificate of type 'X509_SIGNATURE' | decoded cert: E=user-west@testing.libreswan.org,CN=west.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA | #1 spent 0.212 milliseconds in find_and_verify_certs() calling decode_cert_payloads() | cert_issuer_has_current_crl: looking for a CRL issued by E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA | #1 spent 0.0289 milliseconds in find_and_verify_certs() calling crl_update_check() | missing or expired CRL | crl_strict: 0, ocsp: 0, ocsp_strict: 0, ocsp_post: 0 | verify_end_cert trying profile IPsec "westnet-eastnet-x509-cr" #1: Certificate E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA failed IPsec verification "westnet-eastnet-x509-cr" #1: ERROR: The certificate was signed using a signature algorithm that is disabled because it is not secure. | #1 spent 0.268 milliseconds in find_and_verify_certs() calling verify_end_cert() "westnet-eastnet-x509-cr" #1: X509: Certificate rejected for this connection "westnet-eastnet-x509-cr" #1: X509: CERT payload bogus or revoked | Peer ID failed to decode | complete v1 state transition with INVALID_ID_INFORMATION | [RE]START processing: state #1 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in complete_v1_state_transition() at ikev1.c:2673) | #1 is idle "westnet-eastnet-x509-cr" #1: sending encrypted notification INVALID_ID_INFORMATION to 192.1.2.45:500 | **emit ISAKMP Message: | initiator cookie: | 02 18 69 f8 01 00 7e 07 | responder cookie: | e4 b3 2c e9 b6 da 95 3d | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_INFO (0x5) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 1244063093 (0x4a26e575) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'notification msg' | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload | emitting length of ISAKMP Hash Payload: 36 | ***emit ISAKMP Notification Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | DOI: ISAKMP_DOI_IPSEC (0x1) | protocol ID: 1 (0x1) | SPI size: 0 (0x0) | Notify Message Type: INVALID_ID_INFORMATION (0x12) | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Notification Payload (11:ISAKMP_NEXT_N) | next payload chain: saving location 'ISAKMP Notification Payload'.'next payload type' in 'notification msg' | emitting length of ISAKMP Notification Payload: 12 | send notification HASH(1): | 98 b9 5b 6c db d7 c2 f2 26 6e 7e 49 5b 9c 22 7e | 1a 43 d1 36 38 b9 60 c4 35 77 80 7d f1 b1 6e c2 | no IKEv1 message padding required | emitting length of ISAKMP Message: 76 | sending 76 bytes for notification packet through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #1) | 02 18 69 f8 01 00 7e 07 e4 b3 2c e9 b6 da 95 3d | 08 10 05 01 4a 26 e5 75 00 00 00 4c 0d 72 55 4e | f1 60 d0 97 24 a3 1f f9 4a a3 8f 4a f8 27 93 e1 | 80 dd c5 ed 18 5b 6d af 45 5e ef d2 60 a5 31 90 | 86 63 1e 66 74 7e df e7 44 45 72 97 | state transition function for STATE_MAIN_R2 failed: INVALID_ID_INFORMATION | #1 spent 0.969 milliseconds in process_packet_tail() | updated IKE fragment state to respond using fragments without waiting for re-transmits | stop processing: from 192.1.2.45:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 1.12 milliseconds in comm_handle_cb() reading and processing packet | processing global timer EVENT_SHUNT_SCAN | expiring aged bare shunts from shunt table | spent 0.00443 milliseconds in global timer EVENT_SHUNT_SCAN | processing global timer EVENT_PENDING_DDNS | FOR_EACH_CONNECTION_... in connection_check_ddns | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations | elapsed time in connection_check_ddns for hostname lookup 0.000005 | spent 0.00978 milliseconds in global timer EVENT_PENDING_DDNS | processing global timer EVENT_SHUNT_SCAN | expiring aged bare shunts from shunt table | spent 0.0033 milliseconds in global timer EVENT_SHUNT_SCAN | spent 0.00281 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 792 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 46 e5 31 8d 4c c9 ff 8e 00 00 00 00 00 00 00 00 | 01 10 02 00 00 00 00 00 00 00 03 18 0d 00 02 84 | 00 00 00 01 00 00 00 01 00 00 02 78 00 01 00 12 | 03 00 00 24 00 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 07 80 02 00 04 80 03 00 03 80 04 00 0e | 80 0e 01 00 03 00 00 24 01 01 00 00 80 0b 00 01 | 80 0c 0e 10 80 01 00 07 80 02 00 04 80 03 00 03 | 80 04 00 0e 80 0e 00 80 03 00 00 24 02 01 00 00 | 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 06 | 80 03 00 03 80 04 00 0e 80 0e 01 00 03 00 00 24 | 03 01 00 00 80 0b 00 01 80 0c 0e 10 80 01 00 07 | 80 02 00 06 80 03 00 03 80 04 00 0e 80 0e 00 80 | 03 00 00 24 04 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 07 80 02 00 02 80 03 00 03 80 04 00 0e | 80 0e 01 00 03 00 00 24 05 01 00 00 80 0b 00 01 | 80 0c 0e 10 80 01 00 07 80 02 00 02 80 03 00 03 | 80 04 00 0e 80 0e 00 80 03 00 00 24 06 01 00 00 | 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 04 | 80 03 00 03 80 04 00 05 80 0e 01 00 03 00 00 24 | 07 01 00 00 80 0b 00 01 80 0c 0e 10 80 01 00 07 | 80 02 00 04 80 03 00 03 80 04 00 05 80 0e 00 80 | 03 00 00 24 08 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 07 80 02 00 06 80 03 00 03 80 04 00 05 | 80 0e 01 00 03 00 00 24 09 01 00 00 80 0b 00 01 | 80 0c 0e 10 80 01 00 07 80 02 00 06 80 03 00 03 | 80 04 00 05 80 0e 00 80 03 00 00 24 0a 01 00 00 | 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 02 | 80 03 00 03 80 04 00 05 80 0e 01 00 03 00 00 24 | 0b 01 00 00 80 0b 00 01 80 0c 0e 10 80 01 00 07 | 80 02 00 02 80 03 00 03 80 04 00 05 80 0e 00 80 | 03 00 00 20 0c 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 05 80 02 00 04 80 03 00 03 80 04 00 0e | 03 00 00 20 0d 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 05 80 02 00 06 80 03 00 03 80 04 00 0e | 03 00 00 20 0e 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 05 80 02 00 02 80 03 00 03 80 04 00 0e | 03 00 00 20 0f 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 05 80 02 00 04 80 03 00 03 80 04 00 05 | 03 00 00 20 10 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 05 80 02 00 06 80 03 00 03 80 04 00 05 | 00 00 00 20 11 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 05 80 02 00 02 80 03 00 03 80 04 00 05 | 0d 00 00 14 40 48 b7 d5 6e bc e8 85 25 e7 de 7f | 00 d6 c2 d3 0d 00 00 14 af ca d7 13 68 a1 f1 c9 | 6b 86 96 fc 77 57 01 00 0d 00 00 14 4a 13 1c 81 | 07 03 58 45 5c 57 28 f2 0e 95 45 2f 0d 00 00 14 | 7d 94 19 a6 53 10 ca 6f 2c 17 9d 92 15 52 9d 56 | 0d 00 00 14 90 cb 80 91 3e bb 69 6e 08 63 81 b5 | ec 42 7b 1f 00 00 00 14 cd 60 46 43 35 df 21 f8 | 7c fd b2 fc 68 b6 a4 48 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 46 e5 31 8d 4c c9 ff 8e | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_SA (0x1) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 792 (0x318) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: IKEv1 state not found (find_state_ikev1_init) | #null state always idle | got payload 0x2 (ISAKMP_NEXT_SA) needed: 0x2 opt: 0x2080 | ***parse ISAKMP Security Association Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | length: 644 (0x284) | DOI: ISAKMP_DOI_IPSEC (0x1) | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 | ***parse ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | length: 20 (0x14) | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 | ***parse ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | length: 20 (0x14) | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 | ***parse ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | length: 20 (0x14) | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 | ***parse ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | length: 20 (0x14) | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 | ***parse ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | length: 20 (0x14) | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 | ***parse ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 20 (0x14) | message 'main_inI1_outR1' HASH payload not checked early | received Vendor ID payload [FRAGMENTATION] | received Vendor ID payload [Dead Peer Detection] | quirks.qnat_traversal_vid set to=117 [RFC 3947] | received Vendor ID payload [RFC 3947] | Ignoring older NAT-T Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] | ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] | Ignoring older NAT-T Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] | ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] | Ignoring older NAT-T Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] | ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] | in statetime_start() with no state | find_host_connection local=192.1.2.23:500 remote=192.1.2.45:500 policy=IKEV1_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.2.45:500 but ignoring ports | find_next_host_connection policy=IKEV1_ALLOW | found policy = RSASIG+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (westnet-eastnet-x509-cr) | find_next_host_connection returns westnet-eastnet-x509-cr | find_next_host_connection policy=IKEV1_ALLOW | find_next_host_connection returns empty | creating state object #2 at 0x55e90077c8f8 | State DB: adding IKEv1 state #2 in UNDEFINED | pstats #2 ikev1.isakmp started | #2 updating local interface from to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2669) | start processing: state #2 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in main_inI1_outR1() at ikev1_main.c:667) | parent state #2: UNDEFINED(ignore) => MAIN_R0(half-open IKE SA) | sender checking NAT-T: enabled; VID 117 | returning NAT-T method NAT_TRAVERSAL_METHOD_IETF_RFC | enabling possible NAT-traversal with method RFC 3947 (NAT-Traversal) "westnet-eastnet-x509-cr" #2: responding to Main Mode | **emit ISAKMP Message: | initiator cookie: | 46 e5 31 8d 4c c9 ff 8e | responder cookie: | dc b7 06 82 45 99 af b8 | next payload type: ISAKMP_NEXT_SA (0x1) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | next payload chain: ignoring supplied 'ISAKMP Message'.'next payload type' value 1:ISAKMP_NEXT_SA | ***emit ISAKMP Security Association Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | DOI: ISAKMP_DOI_IPSEC (0x1) | next payload chain: ignoring supplied 'ISAKMP Security Association Payload'.'next payload type' value 13:ISAKMP_NEXT_VID | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Security Association Payload (1:ISAKMP_NEXT_SA) | next payload chain: saving location 'ISAKMP Security Association Payload'.'next payload type' in 'reply packet' | ****parse IPsec DOI SIT: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) | ****parse ISAKMP Proposal Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 632 (0x278) | proposal number: 0 (0x0) | protocol ID: PROTO_ISAKMP (0x1) | SPI size: 0 (0x0) | number of transforms: 18 (0x12) | *****parse ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | length: 36 (0x24) | ISAKMP transform number: 0 (0x0) | ISAKMP transform ID: KEY_IKE (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | [7 is OAKLEY_AES_CBC] | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 4 (0x4) | [4 is OAKLEY_SHA2_256] | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 3 (0x3) | [3 is OAKLEY_RSA_SIG] | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | OAKLEY proposal verified unconditionally; no alg_info to check against | Oakley Transform 0 accepted | ****emit IPsec DOI SIT: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) | ****emit ISAKMP Proposal Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | proposal number: 0 (0x0) | protocol ID: PROTO_ISAKMP (0x1) | SPI size: 0 (0x0) | number of transforms: 1 (0x1) | last substructure: saving location 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP transform number: 0 (0x0) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | emitting 28 raw bytes of attributes into ISAKMP Transform Payload (ISAKMP) | attributes 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 04 | attributes 80 03 00 03 80 04 00 0e 80 0e 01 00 | emitting length of ISAKMP Transform Payload (ISAKMP): 36 | emitting length of ISAKMP Proposal Payload: 44 | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is 0 | emitting length of ISAKMP Security Association Payload: 56 | last substructure: checking 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' is 0 | out_vid(): sending [FRAGMENTATION] | ***emit ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | next payload chain: ignoring supplied 'ISAKMP Vendor ID Payload'.'next payload type' value 13:ISAKMP_NEXT_VID | next payload chain: setting previous 'ISAKMP Security Association Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload | V_ID 40 48 b7 d5 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3 | emitting length of ISAKMP Vendor ID Payload: 20 | out_vid(): sending [Dead Peer Detection] | ***emit ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload | V_ID af ca d7 13 68 a1 f1 c9 6b 86 96 fc 77 57 01 00 | emitting length of ISAKMP Vendor ID Payload: 20 | out_vid(): sending [RFC 3947] | ***emit ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload | V_ID 4a 13 1c 81 07 03 58 45 5c 57 28 f2 0e 95 45 2f | emitting length of ISAKMP Vendor ID Payload: 20 | no IKEv1 message padding required | emitting length of ISAKMP Message: 144 | complete v1 state transition with STF_OK | [RE]START processing: state #2 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in complete_v1_state_transition() at ikev1.c:2673) | #2 is idle | doing_xauth:no, t_xauth_client_done:no | peer supports fragmentation | peer supports DPD | IKEv1: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 | parent state #2: MAIN_R0(half-open IKE SA) => MAIN_R1(open IKE SA) | event_already_set, deleting event | sending reply packet to 192.1.2.45:500 (from 192.1.2.23:500) | sending 144 bytes for STATE_MAIN_R0 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #2) | 46 e5 31 8d 4c c9 ff 8e dc b7 06 82 45 99 af b8 | 01 10 02 00 00 00 00 00 00 00 00 90 0d 00 00 38 | 00 00 00 01 00 00 00 01 00 00 00 2c 00 01 00 01 | 00 00 00 24 00 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 07 80 02 00 04 80 03 00 03 80 04 00 0e | 80 0e 01 00 0d 00 00 14 40 48 b7 d5 6e bc e8 85 | 25 e7 de 7f 00 d6 c2 d3 0d 00 00 14 af ca d7 13 | 68 a1 f1 c9 6b 86 96 fc 77 57 01 00 00 00 00 14 | 4a 13 1c 81 07 03 58 45 5c 57 28 f2 0e 95 45 2f | !event_already_set at reschedule | event_schedule: new EVENT_SO_DISCARD-pe@0x55e900762478 | inserting event EVENT_SO_DISCARD, timeout in 60 seconds for #2 | libevent_malloc: new ptr-libevent@0x55e900762ea8 size 128 "westnet-eastnet-x509-cr" #2: STATE_MAIN_R1: sent MR1, expecting MI2 | modecfg pull: noquirk policy:push not-client | phase 1 is done, looking for phase 2 to unpend | stop processing: from 192.1.2.45:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #2 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.482 milliseconds in comm_handle_cb() reading and processing packet | timer_event_cb: processing event@0x55e900760a98 | handling event EVENT_RETRANSMIT for parent state #1 | start processing: state #1 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in timer_event_cb() at timer.c:250) | IKEv1 retransmit event | [RE]START processing: state #1 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in retransmit_v1_msg() at retry.c:61) | handling event EVENT_RETRANSMIT for 192.1.2.45 "westnet-eastnet-x509-cr" #1 keying attempt 0 of 0; retransmit 8 | retransmits: current time 29849.935537; retransmit count 7 exceeds limit? NO; deltatime 64 exceeds limit? YES; monotime 64.037744 exceeds limit? YES "westnet-eastnet-x509-cr" #1: STATE_MAIN_R2: 60 second timeout exceeded after 7 retransmits. No response (or no acceptable response) to our IKEv1 message | [RE]START processing: state #1 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in retransmit_v1_msg() at retry.c:124) | pstats #1 ikev1.isakmp failed too-many-retransmits | pstats #1 ikev1.isakmp deleted too-many-retransmits | [RE]START processing: state #1 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in delete_state() at state.c:879) "westnet-eastnet-x509-cr" #1: deleting state (STATE_MAIN_R2) aged 64.041s and NOT sending notification | parent state #1: MAIN_R2(open IKE SA) => delete | State DB: IKEv1 state not found (flush_incomplete_children) | in connection_discard for connection westnet-eastnet-x509-cr | State DB: deleting IKEv1 state #1 in MAIN_R2 | parent state #1: MAIN_R2(open IKE SA) => UNDEFINED(ignore) | stop processing: state #1 from 192.1.2.45:500 (in delete_state() at state.c:1143) | libevent_free: release ptr-libevent@0x55e90077c7a8 | free_event_entry: release EVENT_RETRANSMIT-pe@0x55e900760a98 | in statetime_stop() and could not find #1 | processing: STOP state #0 (in timer_event_cb() at timer.c:557) | spent 0.00234 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 396 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 46 e5 31 8d 4c c9 ff 8e dc b7 06 82 45 99 af b8 | 04 10 02 00 00 00 00 00 00 00 01 8c 0a 00 01 04 | 03 ad 5a a0 ef f1 4f 8a e1 48 3f 19 2c 7d cd 55 | 17 6b ac 91 2e 5d 49 9e 6f 0b 8a b8 95 da 0a d3 | 78 7d a8 36 78 7e c7 26 db 77 d5 bc 3f 65 61 db | fd f5 23 55 b7 47 78 ce 2b fd 0e 26 f5 cd 56 fb | 00 2e 57 cd 23 e8 07 5b 1a 43 80 4b 76 24 ec 9a | 40 63 70 b0 03 92 67 8f 88 d5 dd 5e b4 74 7c 0d | 59 58 b6 fb d6 77 c0 49 13 0d 2d e4 f6 7c 73 0c | 37 c3 4d d3 91 f8 bb 3c a2 f5 ba 82 38 7c e2 00 | 5e 2a 2e 82 23 d5 2c ea 51 4a 40 f7 0e f5 66 79 | a7 0b 9d 7c 11 d4 f7 2a 0e c1 34 16 4a de 0e bd | fe e9 7e 0b 4e ce 51 bd b8 c2 91 9d fe 37 3d 0b | 31 4d d7 6f 34 03 9a f2 f7 fa e7 cd 58 0c 5e fe | 89 ea c6 40 62 8a 3a b9 ce 35 5a e3 9f 1e 65 28 | 45 14 2c 0b 4b 22 64 9e 78 06 84 ae cd 58 37 25 | 3d b2 27 08 fe 39 1d 51 4c e2 93 d4 62 23 2d 3f | 7e a5 e1 52 37 93 3c 0c b5 2c e5 26 2a b6 5d 5c | 14 00 00 24 01 4c 17 63 1f b9 85 98 22 e6 0b d9 | 8d 54 0f 03 2a c8 b3 67 23 08 c9 39 80 fb c9 4f | 09 82 c9 7e 14 00 00 24 11 62 00 6c 0c e8 ae 19 | 1e 1c a1 fa 47 f1 31 59 dc f9 84 d9 30 dc f7 c5 | 4a 98 db ea 77 ce 7b e3 00 00 00 24 51 56 35 0d | d1 d5 02 d3 22 e9 fd e7 e5 18 2b 32 3c 0b 12 b5 | 5f 45 06 46 b9 3b b6 84 aa 61 e9 fb | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 46 e5 31 8d 4c c9 ff 8e | responder cookie: | dc b7 06 82 45 99 af b8 | next payload type: ISAKMP_NEXT_KE (0x4) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 396 (0x18c) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #2 in MAIN_R1 (find_state_ikev1) | start processing: state #2 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_v1_packet() at ikev1.c:1459) | #2 is idle | #2 idle | got payload 0x10 (ISAKMP_NEXT_KE) needed: 0x410 opt: 0x102080 | ***parse ISAKMP Key Exchange Payload: | next payload type: ISAKMP_NEXT_NONCE (0xa) | length: 260 (0x104) | got payload 0x400 (ISAKMP_NEXT_NONCE) needed: 0x400 opt: 0x102080 | ***parse ISAKMP Nonce Payload: | next payload type: ISAKMP_NEXT_NATD_RFC (0x14) | length: 36 (0x24) | got payload 0x100000 (ISAKMP_NEXT_NATD_RFC) needed: 0x0 opt: 0x102080 | ***parse ISAKMP NAT-D Payload: | next payload type: ISAKMP_NEXT_NATD_RFC (0x14) | length: 36 (0x24) | got payload 0x100000 (ISAKMP_NEXT_NATD_RFC) needed: 0x0 opt: 0x102080 | ***parse ISAKMP NAT-D Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 36 (0x24) | message 'main_inI2_outR2' HASH payload not checked early | init checking NAT-T: enabled; RFC 3947 (NAT-Traversal) | natd_hash: hasher=0x55e8fecbdca0(32) | natd_hash: icookie= 46 e5 31 8d 4c c9 ff 8e | natd_hash: rcookie= dc b7 06 82 45 99 af b8 | natd_hash: ip= c0 01 02 17 | natd_hash: port=500 | natd_hash: hash= 11 62 00 6c 0c e8 ae 19 1e 1c a1 fa 47 f1 31 59 | natd_hash: hash= dc f9 84 d9 30 dc f7 c5 4a 98 db ea 77 ce 7b e3 | natd_hash: hasher=0x55e8fecbdca0(32) | natd_hash: icookie= 46 e5 31 8d 4c c9 ff 8e | natd_hash: rcookie= dc b7 06 82 45 99 af b8 | natd_hash: ip= c0 01 02 2d | natd_hash: port=500 | natd_hash: hash= 51 56 35 0d d1 d5 02 d3 22 e9 fd e7 e5 18 2b 32 | natd_hash: hash= 3c 0b 12 b5 5f 45 06 46 b9 3b b6 84 aa 61 e9 fb | expected NAT-D(me): 11 62 00 6c 0c e8 ae 19 1e 1c a1 fa 47 f1 31 59 | expected NAT-D(me): dc f9 84 d9 30 dc f7 c5 4a 98 db ea 77 ce 7b e3 | expected NAT-D(him): | 51 56 35 0d d1 d5 02 d3 22 e9 fd e7 e5 18 2b 32 | 3c 0b 12 b5 5f 45 06 46 b9 3b b6 84 aa 61 e9 fb | received NAT-D: 11 62 00 6c 0c e8 ae 19 1e 1c a1 fa 47 f1 31 59 | received NAT-D: dc f9 84 d9 30 dc f7 c5 4a 98 db ea 77 ce 7b e3 | received NAT-D: 51 56 35 0d d1 d5 02 d3 22 e9 fd e7 e5 18 2b 32 | received NAT-D: 3c 0b 12 b5 5f 45 06 46 b9 3b b6 84 aa 61 e9 fb | NAT_TRAVERSAL encaps using auto-detect | NAT_TRAVERSAL this end is NOT behind NAT | NAT_TRAVERSAL that end is NOT behind NAT | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.45 | NAT-Traversal: Result using RFC 3947 (NAT-Traversal) sender port 500: no NAT detected | NAT_T_WITH_KA detected | global one-shot timer EVENT_NAT_T_KEEPALIVE scheduled in 20 seconds | adding inI2_outR2 KE work-order 3 for state #2 | state #2 requesting EVENT_SO_DISCARD to be deleted | libevent_free: release ptr-libevent@0x55e900762ea8 | free_event_entry: release EVENT_SO_DISCARD-pe@0x55e900762478 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55e900760a98 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #2 | libevent_malloc: new ptr-libevent@0x7fad04003878 size 128 | crypto helper 2 resuming | crypto helper 2 starting work-order 3 for state #2 | crypto helper 2 doing build KE and nonce (inI2_outR2 KE); request ID 3 | crypto helper 2 finished build KE and nonce (inI2_outR2 KE); request ID 3 time elapsed 0.000699 seconds | (#2) spent 0.693 milliseconds in crypto helper computing work-order 3: inI2_outR2 KE (pcr) | crypto helper 2 sending results from work-order 3 for state #2 to event queue | scheduling resume sending helper answer for #2 | libevent_malloc: new ptr-libevent@0x7fad00002888 size 128 | libevent_realloc: release ptr-libevent@0x55e9006f62e8 | libevent_realloc: new ptr-libevent@0x7fad000027d8 size 128 | crypto helper 2 waiting (nothing to do) | complete v1 state transition with STF_SUSPEND | [RE]START processing: state #2 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in complete_v1_state_transition() at ikev1.c:2648) | suspending state #2 and saving MD | #2 is busy; has a suspended MD | #2 spent 0.125 milliseconds in process_packet_tail() | stop processing: from 192.1.2.45:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #2 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.281 milliseconds in comm_handle_cb() reading and processing packet | processing resume sending helper answer for #2 | start processing: state #2 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in resume_handler() at server.c:797) | crypto helper 2 replies to request ID 3 | calling continuation function 0x55e8febe8b50 | main_inI2_outR2_continue for #2: calculated ke+nonce, sending R2 | **emit ISAKMP Message: | initiator cookie: | 46 e5 31 8d 4c c9 ff 8e | responder cookie: | dc b7 06 82 45 99 af b8 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit ISAKMP Key Exchange Payload: | next payload type: ISAKMP_NEXT_NONCE (0xa) | next payload chain: ignoring supplied 'ISAKMP Key Exchange Payload'.'next payload type' value 10:ISAKMP_NEXT_NONCE | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Key Exchange Payload (4:ISAKMP_NEXT_KE) | next payload chain: saving location 'ISAKMP Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of keyex value into ISAKMP Key Exchange Payload | keyex value c0 62 18 ca 80 07 c3 64 60 4d e8 ea 6c e2 f0 99 | keyex value 50 e9 80 7d 76 d4 bf 0b 15 6c b9 0c ac eb 18 99 | keyex value a0 c3 61 d1 4c 7e 73 4c d1 8b 09 d6 40 d2 c4 af | keyex value 63 62 ff 26 2b f3 4f 00 2e 1c 2c e5 b3 ea 70 b3 | keyex value e2 b0 67 e1 e3 a8 bb b0 41 0e ff fc 1b 51 bc b1 | keyex value 29 15 fb ba 79 6c b5 c1 d7 c5 f6 31 eb db 41 0d | keyex value 7f e2 e3 0b 3a b5 1c f7 90 e8 33 d9 f0 f3 4a 79 | keyex value 32 03 e6 e3 7a 8e f8 00 5f 07 d2 4a 53 63 55 9e | keyex value af 6e 4f 70 09 6a cc 74 24 ae 16 d2 c8 31 1c 2f | keyex value 87 6c 14 86 14 af d5 67 b9 9c 8d e6 bc 06 95 dc | keyex value 1a 82 0a fe 30 d7 5f 7a 49 88 20 94 be 77 c2 28 | keyex value cd d9 26 bb 92 5e 19 3a 2a 47 7a 69 fd 7e 5c f6 | keyex value 47 8a b9 48 11 37 40 5e a8 ed 73 a9 1c 28 ad 98 | keyex value 7b c2 8f 8c 5d e5 e3 3c 35 af 44 cc e6 af 54 dc | keyex value e8 5d ad 1a 17 a1 73 05 31 cd ad c4 fa 78 45 10 | keyex value a0 f6 d2 76 0d 55 3a a3 64 2f a9 4a 8d 94 ff a5 | emitting length of ISAKMP Key Exchange Payload: 260 | ***emit ISAKMP Nonce Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Key Exchange Payload'.'next payload type' to current ISAKMP Nonce Payload (10:ISAKMP_NEXT_NONCE) | next payload chain: saving location 'ISAKMP Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of Nr into ISAKMP Nonce Payload | Nr c6 69 ca 6d 1e 78 fd 17 68 a8 34 28 a8 13 a2 75 | Nr cd 66 52 4d 39 a4 e2 a9 cd 33 22 8b d8 c2 84 aa | emitting length of ISAKMP Nonce Payload: 36 | sending NAT-D payloads | natd_hash: hasher=0x55e8fecbdca0(32) | natd_hash: icookie= 46 e5 31 8d 4c c9 ff 8e | natd_hash: rcookie= dc b7 06 82 45 99 af b8 | natd_hash: ip= c0 01 02 2d | natd_hash: port=500 | natd_hash: hash= 51 56 35 0d d1 d5 02 d3 22 e9 fd e7 e5 18 2b 32 | natd_hash: hash= 3c 0b 12 b5 5f 45 06 46 b9 3b b6 84 aa 61 e9 fb | ***emit ISAKMP NAT-D Payload: | next payload type: ISAKMP_NEXT_NATD_RFC (0x14) | next payload chain: ignoring supplied 'ISAKMP NAT-D Payload'.'next payload type' value 20:ISAKMP_NEXT_NATD_RFC | next payload chain: setting previous 'ISAKMP Nonce Payload'.'next payload type' to current ISAKMP NAT-D Payload (20:ISAKMP_NEXT_NATD_RFC) | next payload chain: saving location 'ISAKMP NAT-D Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of NAT-D into ISAKMP NAT-D Payload | NAT-D 51 56 35 0d d1 d5 02 d3 22 e9 fd e7 e5 18 2b 32 | NAT-D 3c 0b 12 b5 5f 45 06 46 b9 3b b6 84 aa 61 e9 fb | emitting length of ISAKMP NAT-D Payload: 36 | natd_hash: hasher=0x55e8fecbdca0(32) | natd_hash: icookie= 46 e5 31 8d 4c c9 ff 8e | natd_hash: rcookie= dc b7 06 82 45 99 af b8 | natd_hash: ip= c0 01 02 17 | natd_hash: port=500 | natd_hash: hash= 11 62 00 6c 0c e8 ae 19 1e 1c a1 fa 47 f1 31 59 | natd_hash: hash= dc f9 84 d9 30 dc f7 c5 4a 98 db ea 77 ce 7b e3 | ***emit ISAKMP NAT-D Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP NAT-D Payload'.'next payload type' to current ISAKMP NAT-D Payload (20:ISAKMP_NEXT_NATD_RFC) | next payload chain: saving location 'ISAKMP NAT-D Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of NAT-D into ISAKMP NAT-D Payload | NAT-D 11 62 00 6c 0c e8 ae 19 1e 1c a1 fa 47 f1 31 59 | NAT-D dc f9 84 d9 30 dc f7 c5 4a 98 db ea 77 ce 7b e3 | emitting length of ISAKMP NAT-D Payload: 36 | no IKEv1 message padding required | emitting length of ISAKMP Message: 396 | main inI2_outR2: starting async DH calculation (group=14) | started looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west.testing.libreswan.org, E=user-west@testing.libreswan.org of kind PKK_PSK | actually looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west.testing.libreswan.org, E=user-west@testing.libreswan.org of kind PKK_PSK | line 0: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org) to type PKK_RSA | line 1: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org) to type PKK_RSA | concluding with best_match=000 best=(nil) (lineno=-1) | no PreShared Key Found | adding main_inI2_outR2_tail work-order 4 for state #2 | state #2 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7fad04003878 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55e900760a98 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55e900760a98 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #2 | libevent_malloc: new ptr-libevent@0x55e900777b18 size 128 | #2 main_inI2_outR2_continue1_tail:1165 st->st_calculating = FALSE; | complete v1 state transition with STF_OK | [RE]START processing: state #2 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in complete_v1_state_transition() at ikev1.c:2673) | #2 is idle; has background offloaded task | doing_xauth:no, t_xauth_client_done:no | IKEv1: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2 | crypto helper 3 resuming | crypto helper 3 starting work-order 4 for state #2 | parent state #2: MAIN_R1(open IKE SA) => MAIN_R2(open IKE SA) | crypto helper 3 doing compute dh+iv (V1 Phase 1) (main_inI2_outR2_tail); request ID 4 | event_already_set, deleting event | state #2 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x55e900777b18 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55e900760a98 | sending reply packet to 192.1.2.45:500 (from 192.1.2.23:500) | sending 396 bytes for STATE_MAIN_R1 through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #2) | 46 e5 31 8d 4c c9 ff 8e dc b7 06 82 45 99 af b8 | 04 10 02 00 00 00 00 00 00 00 01 8c 0a 00 01 04 | c0 62 18 ca 80 07 c3 64 60 4d e8 ea 6c e2 f0 99 | 50 e9 80 7d 76 d4 bf 0b 15 6c b9 0c ac eb 18 99 | a0 c3 61 d1 4c 7e 73 4c d1 8b 09 d6 40 d2 c4 af | 63 62 ff 26 2b f3 4f 00 2e 1c 2c e5 b3 ea 70 b3 | e2 b0 67 e1 e3 a8 bb b0 41 0e ff fc 1b 51 bc b1 | 29 15 fb ba 79 6c b5 c1 d7 c5 f6 31 eb db 41 0d | 7f e2 e3 0b 3a b5 1c f7 90 e8 33 d9 f0 f3 4a 79 | 32 03 e6 e3 7a 8e f8 00 5f 07 d2 4a 53 63 55 9e | af 6e 4f 70 09 6a cc 74 24 ae 16 d2 c8 31 1c 2f | 87 6c 14 86 14 af d5 67 b9 9c 8d e6 bc 06 95 dc | 1a 82 0a fe 30 d7 5f 7a 49 88 20 94 be 77 c2 28 | cd d9 26 bb 92 5e 19 3a 2a 47 7a 69 fd 7e 5c f6 | 47 8a b9 48 11 37 40 5e a8 ed 73 a9 1c 28 ad 98 | 7b c2 8f 8c 5d e5 e3 3c 35 af 44 cc e6 af 54 dc | e8 5d ad 1a 17 a1 73 05 31 cd ad c4 fa 78 45 10 | a0 f6 d2 76 0d 55 3a a3 64 2f a9 4a 8d 94 ff a5 | 14 00 00 24 c6 69 ca 6d 1e 78 fd 17 68 a8 34 28 | a8 13 a2 75 cd 66 52 4d 39 a4 e2 a9 cd 33 22 8b | d8 c2 84 aa 14 00 00 24 51 56 35 0d d1 d5 02 d3 | 22 e9 fd e7 e5 18 2b 32 3c 0b 12 b5 5f 45 06 46 | b9 3b b6 84 aa 61 e9 fb 00 00 00 24 11 62 00 6c | 0c e8 ae 19 1e 1c a1 fa 47 f1 31 59 dc f9 84 d9 | 30 dc f7 c5 4a 98 db ea 77 ce 7b e3 | !event_already_set at reschedule | event_schedule: new EVENT_RETRANSMIT-pe@0x55e900760a98 | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #2 | libevent_malloc: new ptr-libevent@0x55e900777b18 size 128 | #2 STATE_MAIN_R2: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 29849.938545 "westnet-eastnet-x509-cr" #2: STATE_MAIN_R2: sent MR2, expecting MI3 | modecfg pull: noquirk policy:push not-client | phase 1 is done, looking for phase 2 to unpend | resume sending helper answer for #2 suppresed complete_v1_state_transition() | #2 spent 0.302 milliseconds in resume sending helper answer | stop processing: state #2 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7fad00002888 | crypto helper 3 finished compute dh+iv (V1 Phase 1) (main_inI2_outR2_tail); request ID 4 time elapsed 0.001166 seconds | (#2) spent 1.16 milliseconds in crypto helper computing work-order 4: main_inI2_outR2_tail (pcr) | crypto helper 3 sending results from work-order 4 for state #2 to event queue | scheduling resume sending helper answer for #2 | libevent_malloc: new ptr-libevent@0x7facf4000f48 size 128 | crypto helper 3 waiting (nothing to do) | processing resume sending helper answer for #2 | start processing: state #2 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in resume_handler() at server.c:797) | crypto helper 3 replies to request ID 4 | calling continuation function 0x55e8febe8b50 | main_inI2_outR2_calcdone for #2: calculate DH finished | [RE]START processing: state #2 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in main_inI2_outR2_continue2() at ikev1_main.c:1015) | stop processing: state #2 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in main_inI2_outR2_continue2() at ikev1_main.c:1028) | resume sending helper answer for #2 suppresed complete_v1_state_transition() | #2 spent 0.0189 milliseconds in resume sending helper answer | processing: STOP state #0 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7facf4000f48 | spent 0.00313 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 2060 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 46 e5 31 8d 4c c9 ff 8e dc b7 06 82 45 99 af b8 | 05 10 02 01 00 00 00 00 00 00 08 0c f6 38 8b 8a | 24 b1 ce d6 6c 04 15 6c 6d 0e 93 c1 e6 87 ef 01 | 78 00 42 e9 ef 50 3d f3 52 58 f2 96 d1 a9 a3 5a | 80 eb 70 29 02 b1 59 fc c0 1d a4 2b 2d 87 82 af | 5e e5 87 44 94 c9 dd 95 de 6b 1b 22 8c dd d7 bb | 9a eb a0 0e bf e9 99 96 67 ed 28 94 68 5a 61 58 | ec dd b5 5a e7 62 e0 b6 5d 10 00 6b 58 b7 84 c7 | 6e 31 df bf 02 80 6a d2 65 38 49 c3 3a b6 21 da | f2 31 b2 ef 63 82 cc a1 21 41 84 9b 96 28 cd ae | 6f 8c eb 05 f1 26 0c af 60 93 00 ef aa aa 21 4b | 71 92 ef 5d b5 25 03 a0 ae bb 8a 1f 3a 2b 98 7a | 4a 63 94 48 76 24 b0 1f 7c 32 b1 b6 d5 ad 76 7f | 11 15 9c 04 e7 fb b8 d4 04 af 61 60 42 05 48 6c | c8 7a ab c3 8b 3b 0c 0b e2 6b ab eb 63 70 b1 1e | c5 2f 48 89 1a 33 85 75 62 1b 0d c2 95 4c 82 93 | a6 89 4e 28 a6 69 0b ff cf 12 e0 62 da 52 0d 53 | bb 7d ed a6 0d 48 8e 0c 48 b2 ff 58 c2 cc 1e 0a | df d6 63 55 65 35 00 ac b0 9d 77 a5 19 07 40 ea | 2a a2 54 be 45 6c ff 40 3e ae 7e a5 a4 72 74 7d | 44 5d 7f 7d 97 3f 29 0c 57 31 8f 61 8e 1a a9 dc | 67 5d 58 99 76 18 da 3c 06 7c 38 59 5a f8 97 9a | 8f 66 31 f2 6b 16 99 ee 05 1c 22 53 04 13 8b e8 | 39 34 89 2a 2d e7 0c 36 30 36 fe 02 df d8 2f 99 | 65 29 a1 ae bb ce f0 05 1a 5d c4 f1 2a 1e 2e 29 | cd 89 e9 55 d9 64 5a c2 99 82 ef 76 1f 91 a6 27 | 63 47 09 c6 39 2c 2e 7e 50 77 78 c4 04 a2 49 a6 | ff 58 19 aa 4c b1 bb 73 b3 d0 78 1b cd b4 2b 23 | 45 a2 93 0b 00 ee 5f fa 95 98 c2 26 05 96 87 e2 | 63 5a f2 be 97 55 d6 4d 2a 93 dd 05 5d 8f 82 1a | cb e7 da 0f cc 95 af 29 ce 7a 2f ec fa 8e 49 41 | a0 62 2f 4f b7 bc 2c d5 b4 2f 91 24 c7 b2 78 bd | 3f 99 d3 b2 2f dc f1 3c 19 79 ae 25 0c bf 5d 72 | 8c d6 81 d3 e9 02 45 0f ab a1 92 98 13 08 38 3b | fb 91 34 80 7d a2 7b 73 a3 02 31 2f fb 3f a1 d0 | f4 0f 69 66 e0 8b f3 d1 82 ae 6b 00 70 6a a2 26 | 22 01 c3 38 55 fc 47 68 fe 48 28 72 62 39 06 70 | 86 bc 3d 24 0c fd f4 25 c0 7a 54 34 bf 63 0b 7b | 7a e0 73 7a e5 42 9b 3c 6e cc ee 35 46 3d ab 06 | 89 22 21 25 db 1a b2 cc ff 8f 13 9b 69 9c 07 00 | eb a4 58 49 e8 26 05 67 7b 50 ea 35 73 22 26 9e | f7 36 44 7f e4 84 7f f4 19 84 10 7a 84 07 6e 21 | 7a 73 f3 ce 39 3a 35 c2 8f 8f 5b db ff f6 2b 9c | dc ad a1 66 d2 7c 74 b6 fc a6 d8 d3 10 34 41 b4 | 6a 8c f9 d1 10 e3 08 d7 43 70 09 3f bc 96 d1 64 | 66 44 1a bd e4 31 9c 77 2e e6 10 ce e9 c0 99 56 | 87 3c 4a 09 62 ad d2 c4 b9 fd 6f 2d 4a 00 af a8 | 13 45 ba 3f 0f 2b 78 11 75 33 6e d7 09 1c d8 9c | a9 83 9a 42 fe be 3d b5 8b 2f 1c 0d a5 30 70 14 | 34 dc 69 48 39 3a 0e 59 db 39 37 fc 7d 33 e8 c6 | fc 45 b2 db 5f 61 89 0a 79 30 46 22 03 e7 82 1b | e4 eb 3c b0 7a c7 10 9c 29 33 42 ff 29 b3 a6 89 | 33 22 2d a5 a2 56 9e 4c eb 3e ec fb 72 dc 95 2f | bc 0d 35 c1 c6 1a 6f 0b 83 0e 8a bd 5d 10 52 a5 | 42 cc 88 ea 7f 56 38 20 65 ab 30 c7 ee 66 e3 49 | 66 45 1a 94 c8 a8 1d cf 56 59 6a 53 fb 21 95 e0 | 38 a8 1f 44 32 6a 27 d6 8e 69 38 44 f7 33 47 35 | 93 2b d0 37 93 ff a4 8c 7c 1b b7 8f 91 f2 c4 05 | f2 81 de ad 87 24 da 85 b1 f2 8b f4 75 95 a0 a4 | 47 5e 93 b6 22 77 b4 07 ca a4 27 7c 7b 5f bb 08 | ed f0 94 b0 90 6c c3 f3 09 ab a9 1d eb 39 17 85 | 7a 7a 5c 52 0d e3 66 6f 2c 3b b9 12 21 cb fc 1b | cc b7 5a e2 4e 50 c6 2b 04 a8 cc 6e c2 f8 9a 11 | a0 57 fc 1f 93 c3 33 8f 59 ce f9 c5 df 73 e0 d9 | 44 46 1c 56 ec 14 ca fd 2b 1e ea 24 96 18 71 93 | 4b b2 f0 f2 f4 d3 c3 40 44 cb b9 e0 09 f3 31 3d | 35 42 6f 51 d0 88 5e 6f f9 f6 df 3b b2 c0 87 7d | f2 7a 5e 2d 46 7e 08 fe ec 77 92 f2 7c 54 bb b2 | 49 d4 f8 50 20 1f bd 77 9d 7d 28 a6 b3 6a 26 bd | 45 c9 f3 d1 df ec ae e6 17 86 78 aa 37 d9 06 b3 | d3 83 36 e9 18 d6 be 5b e1 bd 85 fd f0 9f c3 e6 | 7e 41 49 31 af 19 8f 2e c6 1e 04 b3 64 71 a1 0a | 8e d0 8f e2 74 d0 83 45 1e d0 d2 b8 33 5d 0c 45 | 1f 12 49 20 52 4b d3 3f 19 5d d2 1f eb e3 16 79 | 7d b6 e8 c5 63 3a 2c 07 ae ba 54 d2 a9 2d f5 c5 | 96 01 03 e1 70 b1 e5 3a 7d 06 a5 66 c4 55 39 4e | 62 34 39 58 62 a9 13 ab 8b 7f d0 97 ac fc ed df | 2e 8d df ce c7 12 3a cd 5e 8e 08 9d 55 66 7e 09 | a5 1b 18 4e a0 e5 80 2d a9 78 ef 8e b1 20 5c 71 | 30 99 db 4f 41 bc aa 54 ef 30 c5 50 7c 3a 2d 52 | 0e 5c 8a 03 4b 33 d5 68 0c a0 ad 3c e9 31 b9 d0 | d3 82 df 3e e5 2f ea 04 a8 ba a3 29 e3 7f 25 ce | 14 78 76 7c a6 ca f6 0c 15 c6 67 0b 62 82 46 67 | d3 c9 63 32 e4 71 fc b5 1e d6 0c 7e 9b 17 38 71 | b2 17 8a 10 d7 6f a5 4d 9d a6 23 76 2c 35 43 2a | 73 78 3e 12 7b 6e 58 19 5e d7 4a 41 03 19 96 bd | 0a ee a3 8f 28 73 f0 fc 77 af 93 0f 3b fa 6a 8f | 89 dd 27 06 3f a0 84 84 b1 bd 6b a7 ef ef 6b de | a0 06 b3 4f 55 af 22 5f 80 36 d0 93 62 1a 46 db | 8a 64 e2 b0 e6 9b 5d 38 10 ff a9 e2 5c 59 7d 52 | 13 aa 50 90 0d c7 e8 0b e5 7d 43 bc 3d c9 3e 6b | 5a 69 87 66 c9 57 8f 80 ad 53 5d 6c 69 c2 71 bc | c0 09 04 d2 6f 25 74 01 6f 5e 12 38 1d dd de e0 | 8d 98 59 d3 2e 41 f1 69 33 ec 8f 65 ea f4 94 4b | 67 b6 e3 33 b6 44 7c 91 a3 65 51 70 2f fd 13 23 | ba 19 b8 a5 58 ff 2b bb 53 1f fd 44 e7 b0 13 41 | 2e 9a 45 06 25 70 ea 64 61 d8 64 f3 d2 95 8c 33 | 23 e4 97 1c 41 d0 e0 8a bd 2a 8c 99 55 5f c1 dd | ad a4 41 0f e1 fb 3b f9 c5 bb 91 57 b5 87 4e bd | fe 03 72 d1 eb 92 c1 4e 33 a8 87 32 fe da df 1a | 30 44 d5 ca c5 55 b7 c3 3f ce 96 a3 bb 2d 64 95 | 71 89 50 2d 69 0b b0 21 2b 6d 69 fa 92 c9 d4 80 | 29 2f 9f 94 23 3e e2 dd 4e dc 6a 81 e1 81 41 99 | a2 9c 52 9c 9a 66 c0 f3 0f 29 13 02 b9 ec f0 39 | b1 fe 4d e5 d5 53 9a 17 5c 3b 52 dd 62 4e 75 bf | 82 3c 45 2b a9 12 78 a0 79 bd 6a 22 6b 38 88 fd | 1f b7 e2 28 8e 3e a4 8b d3 d1 e0 ab c2 d3 4b 7b | 20 ff 54 d9 0c 1c 29 f3 1b ef 5f e2 2a a8 7f 4d | 1a 21 3d 79 ee 9a a2 cd 33 6a 3e 3f f2 ed 60 6f | 2f 4b 02 71 21 45 e3 f9 29 39 2b 3b 08 3e 49 20 | 5f c3 73 6c d1 c6 27 37 7e 07 5d 89 3b 37 91 36 | a1 35 b4 37 c7 f6 53 52 68 a2 69 fa 89 a7 4b 3d | ad 88 2b 2a d4 7d 7b 14 5d d7 b6 35 f4 d9 a3 80 | 1c 10 41 89 b5 e9 c3 a4 49 72 2c 0e db f6 73 80 | 65 8a f9 a1 5b a7 23 4a d7 2c 19 ff fc 1c d9 bb | 93 a3 fe fb d9 9f 07 09 97 d5 47 32 77 e7 10 f2 | cd 40 d7 1c 0e ce 6d 49 6d 79 ed 2c e6 3b ca 9c | db 0b e9 66 b2 7a 3c e4 43 72 fe 08 f6 62 75 e1 | cd 65 b0 25 5f 51 c8 ae 82 08 ad b8 31 17 f1 e6 | 9b fe 19 73 18 79 26 ae ab 17 20 3c 45 0c 33 98 | f1 cb 0e 97 aa 0c d2 a8 35 af a9 7b 9e 7c 4e 02 | 2d ea f9 16 5c 8e 8b 69 8e 54 3b aa 45 a9 60 86 | 53 42 84 39 91 23 a3 84 ad 3a 40 43 5f 08 57 68 | a2 e8 12 18 b4 34 b1 9a 36 57 3a 90 c0 98 81 06 | 6b 8f e7 ed a8 2e 0c 71 fa ea 05 bc 4c 19 5a fc | 2e 58 e8 9b 9c 93 59 3a bb 12 c8 cd 0b 57 bc 7f | 1f 2c 69 43 2e 67 9c 1a 86 fd d0 d9 b1 ad 4d da | d7 47 5d 6c 55 8c 83 59 b1 e9 8a c3 94 fc 1f 15 | 00 f1 b3 cc bf 7e e6 57 fd 31 78 2a | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 46 e5 31 8d 4c c9 ff 8e | responder cookie: | dc b7 06 82 45 99 af b8 | next payload type: ISAKMP_NEXT_ID (0x5) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 0 (0x0) | length: 2060 (0x80c) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #2 in MAIN_R2 (find_state_ikev1) | start processing: state #2 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_v1_packet() at ikev1.c:1459) | #2 is idle | #2 idle | received encrypted packet from 192.1.2.45:500 | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x220 opt: 0x20c0 | ***parse ISAKMP Identification Payload: | next payload type: ISAKMP_NEXT_CERT (0x6) | length: 191 (0xbf) | ID type: ID_DER_ASN1_DN (0x9) | DOI specific A: 0 (0x0) | DOI specific B: 0 (0x0) | obj: 30 81 b4 31 0b 30 09 06 03 55 04 06 13 02 43 41 | obj: 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 | obj: 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 | obj: 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c | obj: 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 | obj: 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 | obj: 6e 74 31 23 30 21 06 03 55 04 03 0c 1a 77 65 73 | obj: 74 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 | obj: 77 61 6e 2e 6f 72 67 31 2e 30 2c 06 09 2a 86 48 | obj: 86 f7 0d 01 09 01 16 1f 75 73 65 72 2d 77 65 73 | obj: 74 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 | obj: 77 61 6e 2e 6f 72 67 | got payload 0x40 (ISAKMP_NEXT_CERT) needed: 0x200 opt: 0x20c0 | ***parse ISAKMP Certificate Payload: | next payload type: ISAKMP_NEXT_CR (0x7) | length: 1265 (0x4f1) | cert encoding: CERT_X509_SIGNATURE (0x4) | got payload 0x80 (ISAKMP_NEXT_CR) needed: 0x200 opt: 0x20c0 | ***parse ISAKMP Certificate RequestPayload: | next payload type: ISAKMP_NEXT_SIG (0x9) | length: 180 (0xb4) | cert type: CERT_X509_SIGNATURE (0x4) | got payload 0x200 (ISAKMP_NEXT_SIG) needed: 0x200 opt: 0x20c0 | ***parse ISAKMP Signature Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 388 (0x184) | removing 8 bytes of padding | message 'main_inI3_outR3' HASH payload not checked early | DER ASN1 DN: 30 81 b4 31 0b 30 09 06 03 55 04 06 13 02 43 41 | DER ASN1 DN: 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 | DER ASN1 DN: 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 | DER ASN1 DN: 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c | DER ASN1 DN: 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 | DER ASN1 DN: 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 | DER ASN1 DN: 6e 74 31 23 30 21 06 03 55 04 03 0c 1a 77 65 73 | DER ASN1 DN: 74 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 | DER ASN1 DN: 77 61 6e 2e 6f 72 67 31 2e 30 2c 06 09 2a 86 48 | DER ASN1 DN: 86 f7 0d 01 09 01 16 1f 75 73 65 72 2d 77 65 73 | DER ASN1 DN: 74 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 | DER ASN1 DN: 77 61 6e 2e 6f 72 67 "westnet-eastnet-x509-cr" #2: Peer ID is ID_DER_ASN1_DN: 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west.testing.libreswan.org, E=user-west@testing.libreswan.org' | global one-shot timer EVENT_FREE_ROOT_CERTS scheduled in 300 seconds | #2 spent 0.00552 milliseconds in find_and_verify_certs() calling get_root_certs() | checking for known CERT payloads | saving certificate of type 'X509_SIGNATURE' | decoded cert: E=user-west@testing.libreswan.org,CN=west.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA | #2 spent 0.297 milliseconds in find_and_verify_certs() calling decode_cert_payloads() | cert_issuer_has_current_crl: looking for a CRL issued by E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA | #2 spent 0.0303 milliseconds in find_and_verify_certs() calling crl_update_check() | missing or expired CRL | crl_strict: 0, ocsp: 0, ocsp_strict: 0, ocsp_post: 0 | verify_end_cert trying profile IPsec "westnet-eastnet-x509-cr" #2: Certificate E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA failed IPsec verification "westnet-eastnet-x509-cr" #2: ERROR: The certificate was signed using a signature algorithm that is disabled because it is not secure. | #2 spent 0.327 milliseconds in find_and_verify_certs() calling verify_end_cert() "westnet-eastnet-x509-cr" #2: X509: Certificate rejected for this connection "westnet-eastnet-x509-cr" #2: X509: CERT payload bogus or revoked | Peer ID failed to decode | complete v1 state transition with INVALID_ID_INFORMATION | [RE]START processing: state #2 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in complete_v1_state_transition() at ikev1.c:2673) | #2 is idle "westnet-eastnet-x509-cr" #2: sending encrypted notification INVALID_ID_INFORMATION to 192.1.2.45:500 | **emit ISAKMP Message: | initiator cookie: | 46 e5 31 8d 4c c9 ff 8e | responder cookie: | dc b7 06 82 45 99 af b8 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_INFO (0x5) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 851199565 (0x32bc464d) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'notification msg' | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload | emitting length of ISAKMP Hash Payload: 36 | ***emit ISAKMP Notification Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | DOI: ISAKMP_DOI_IPSEC (0x1) | protocol ID: 1 (0x1) | SPI size: 0 (0x0) | Notify Message Type: INVALID_ID_INFORMATION (0x12) | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Notification Payload (11:ISAKMP_NEXT_N) | next payload chain: saving location 'ISAKMP Notification Payload'.'next payload type' in 'notification msg' | emitting length of ISAKMP Notification Payload: 12 | send notification HASH(1): | b9 1a 86 08 0b c3 2c 0d 8c 6e 01 2d 18 cf cb 51 | b1 64 d3 04 ec 49 ee 52 c0 8a f7 9f 12 a1 bf 6e | no IKEv1 message padding required | emitting length of ISAKMP Message: 76 | sending 76 bytes for notification packet through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #2) | 46 e5 31 8d 4c c9 ff 8e dc b7 06 82 45 99 af b8 | 08 10 05 01 32 bc 46 4d 00 00 00 4c 25 1f 91 58 | c6 fb 31 06 e9 ad e6 06 48 2b 72 b3 09 22 10 c0 | 9c 28 1c dc 7a 5a 03 d8 26 3c 4a 3a fb a1 19 71 | c7 a8 ea 97 20 1a 20 5a 86 c4 c0 54 | state transition function for STATE_MAIN_R2 failed: INVALID_ID_INFORMATION | #2 spent 1.01 milliseconds in process_packet_tail() | stop processing: from 192.1.2.45:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #2 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 1.37 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00318 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 532 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 46 e5 31 8d 4c c9 ff 8e dc b7 06 82 45 99 af b8 | 84 10 02 00 00 00 00 00 00 00 02 14 00 00 01 f8 | 00 01 01 00 46 e5 31 8d 4c c9 ff 8e dc b7 06 82 | 45 99 af b8 05 10 02 01 00 00 00 00 00 00 08 0c | f6 38 8b 8a 24 b1 ce d6 6c 04 15 6c 6d 0e 93 c1 | e6 87 ef 01 78 00 42 e9 ef 50 3d f3 52 58 f2 96 | d1 a9 a3 5a 80 eb 70 29 02 b1 59 fc c0 1d a4 2b | 2d 87 82 af 5e e5 87 44 94 c9 dd 95 de 6b 1b 22 | 8c dd d7 bb 9a eb a0 0e bf e9 99 96 67 ed 28 94 | 68 5a 61 58 ec dd b5 5a e7 62 e0 b6 5d 10 00 6b | 58 b7 84 c7 6e 31 df bf 02 80 6a d2 65 38 49 c3 | 3a b6 21 da f2 31 b2 ef 63 82 cc a1 21 41 84 9b | 96 28 cd ae 6f 8c eb 05 f1 26 0c af 60 93 00 ef | aa aa 21 4b 71 92 ef 5d b5 25 03 a0 ae bb 8a 1f | 3a 2b 98 7a 4a 63 94 48 76 24 b0 1f 7c 32 b1 b6 | d5 ad 76 7f 11 15 9c 04 e7 fb b8 d4 04 af 61 60 | 42 05 48 6c c8 7a ab c3 8b 3b 0c 0b e2 6b ab eb | 63 70 b1 1e c5 2f 48 89 1a 33 85 75 62 1b 0d c2 | 95 4c 82 93 a6 89 4e 28 a6 69 0b ff cf 12 e0 62 | da 52 0d 53 bb 7d ed a6 0d 48 8e 0c 48 b2 ff 58 | c2 cc 1e 0a df d6 63 55 65 35 00 ac b0 9d 77 a5 | 19 07 40 ea 2a a2 54 be 45 6c ff 40 3e ae 7e a5 | a4 72 74 7d 44 5d 7f 7d 97 3f 29 0c 57 31 8f 61 | 8e 1a a9 dc 67 5d 58 99 76 18 da 3c 06 7c 38 59 | 5a f8 97 9a 8f 66 31 f2 6b 16 99 ee 05 1c 22 53 | 04 13 8b e8 39 34 89 2a 2d e7 0c 36 30 36 fe 02 | df d8 2f 99 65 29 a1 ae bb ce f0 05 1a 5d c4 f1 | 2a 1e 2e 29 cd 89 e9 55 d9 64 5a c2 99 82 ef 76 | 1f 91 a6 27 63 47 09 c6 39 2c 2e 7e 50 77 78 c4 | 04 a2 49 a6 ff 58 19 aa 4c b1 bb 73 b3 d0 78 1b | cd b4 2b 23 45 a2 93 0b 00 ee 5f fa 95 98 c2 26 | 05 96 87 e2 63 5a f2 be 97 55 d6 4d 2a 93 dd 05 | 5d 8f 82 1a cb e7 da 0f cc 95 af 29 ce 7a 2f ec | fa 8e 49 41 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 46 e5 31 8d 4c c9 ff 8e | responder cookie: | dc b7 06 82 45 99 af b8 | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 532 (0x214) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #2 in MAIN_R2 (find_state_ikev1) | start processing: state #2 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_v1_packet() at ikev1.c:1459) | ***parse ISAKMP IKE Fragment Payload: | length: 504 (0x1f8) | fragment id: 1 (0x1) | fragment number: 1 (0x1) | flags: 0 (0x0) | received IKE fragment id '1', number '1' | stop processing: from 192.1.2.45:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #2 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.138 milliseconds in comm_handle_cb() reading and processing packet | timer_event_cb: processing event@0x55e900760a98 | handling event EVENT_RETRANSMIT for parent state #2 | start processing: state #2 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in timer_event_cb() at timer.c:250) | IKEv1 retransmit event | [RE]START processing: state #2 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in retransmit_v1_msg() at retry.c:61) | handling event EVENT_RETRANSMIT for 192.1.2.45 "westnet-eastnet-x509-cr" #2 keying attempt 0 of 0; retransmit 1 | retransmits: current time 29850.440134; retransmit count 0 exceeds limit? NO; deltatime 0.5 exceeds limit? NO; monotime 0.501589 exceeds limit? NO | event_schedule: new EVENT_RETRANSMIT-pe@0x7fad00002b78 | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #2 | libevent_malloc: new ptr-libevent@0x7fad00002888 size 128 "westnet-eastnet-x509-cr" #2: STATE_MAIN_R2: retransmission; will wait 0.5 seconds for response | sending 396 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #2) | 46 e5 31 8d 4c c9 ff 8e dc b7 06 82 45 99 af b8 | 04 10 02 00 00 00 00 00 00 00 01 8c 0a 00 01 04 | c0 62 18 ca 80 07 c3 64 60 4d e8 ea 6c e2 f0 99 | 50 e9 80 7d 76 d4 bf 0b 15 6c b9 0c ac eb 18 99 | a0 c3 61 d1 4c 7e 73 4c d1 8b 09 d6 40 d2 c4 af | 63 62 ff 26 2b f3 4f 00 2e 1c 2c e5 b3 ea 70 b3 | e2 b0 67 e1 e3 a8 bb b0 41 0e ff fc 1b 51 bc b1 | 29 15 fb ba 79 6c b5 c1 d7 c5 f6 31 eb db 41 0d | 7f e2 e3 0b 3a b5 1c f7 90 e8 33 d9 f0 f3 4a 79 | 32 03 e6 e3 7a 8e f8 00 5f 07 d2 4a 53 63 55 9e | af 6e 4f 70 09 6a cc 74 24 ae 16 d2 c8 31 1c 2f | 87 6c 14 86 14 af d5 67 b9 9c 8d e6 bc 06 95 dc | 1a 82 0a fe 30 d7 5f 7a 49 88 20 94 be 77 c2 28 | cd d9 26 bb 92 5e 19 3a 2a 47 7a 69 fd 7e 5c f6 | 47 8a b9 48 11 37 40 5e a8 ed 73 a9 1c 28 ad 98 | 7b c2 8f 8c 5d e5 e3 3c 35 af 44 cc e6 af 54 dc | e8 5d ad 1a 17 a1 73 05 31 cd ad c4 fa 78 45 10 | a0 f6 d2 76 0d 55 3a a3 64 2f a9 4a 8d 94 ff a5 | 14 00 00 24 c6 69 ca 6d 1e 78 fd 17 68 a8 34 28 | a8 13 a2 75 cd 66 52 4d 39 a4 e2 a9 cd 33 22 8b | d8 c2 84 aa 14 00 00 24 51 56 35 0d d1 d5 02 d3 | 22 e9 fd e7 e5 18 2b 32 3c 0b 12 b5 5f 45 06 46 | b9 3b b6 84 aa 61 e9 fb 00 00 00 24 11 62 00 6c | 0c e8 ae 19 1e 1c a1 fa 47 f1 31 59 dc f9 84 d9 | 30 dc f7 c5 4a 98 db ea 77 ce 7b e3 | libevent_free: release ptr-libevent@0x55e900777b18 | free_event_entry: release EVENT_RETRANSMIT-pe@0x55e900760a98 | #2 spent 0.106 milliseconds in timer_event_cb() EVENT_RETRANSMIT | stop processing: state #2 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in timer_event_cb() at timer.c:557) | spent 0.00146 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 532 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 46 e5 31 8d 4c c9 ff 8e dc b7 06 82 45 99 af b8 | 84 10 02 00 00 00 00 00 00 00 02 14 00 00 01 f8 | 00 01 02 00 a0 62 2f 4f b7 bc 2c d5 b4 2f 91 24 | c7 b2 78 bd 3f 99 d3 b2 2f dc f1 3c 19 79 ae 25 | 0c bf 5d 72 8c d6 81 d3 e9 02 45 0f ab a1 92 98 | 13 08 38 3b fb 91 34 80 7d a2 7b 73 a3 02 31 2f | fb 3f a1 d0 f4 0f 69 66 e0 8b f3 d1 82 ae 6b 00 | 70 6a a2 26 22 01 c3 38 55 fc 47 68 fe 48 28 72 | 62 39 06 70 86 bc 3d 24 0c fd f4 25 c0 7a 54 34 | bf 63 0b 7b 7a e0 73 7a e5 42 9b 3c 6e cc ee 35 | 46 3d ab 06 89 22 21 25 db 1a b2 cc ff 8f 13 9b | 69 9c 07 00 eb a4 58 49 e8 26 05 67 7b 50 ea 35 | 73 22 26 9e f7 36 44 7f e4 84 7f f4 19 84 10 7a | 84 07 6e 21 7a 73 f3 ce 39 3a 35 c2 8f 8f 5b db | ff f6 2b 9c dc ad a1 66 d2 7c 74 b6 fc a6 d8 d3 | 10 34 41 b4 6a 8c f9 d1 10 e3 08 d7 43 70 09 3f | bc 96 d1 64 66 44 1a bd e4 31 9c 77 2e e6 10 ce | e9 c0 99 56 87 3c 4a 09 62 ad d2 c4 b9 fd 6f 2d | 4a 00 af a8 13 45 ba 3f 0f 2b 78 11 75 33 6e d7 | 09 1c d8 9c a9 83 9a 42 fe be 3d b5 8b 2f 1c 0d | a5 30 70 14 34 dc 69 48 39 3a 0e 59 db 39 37 fc | 7d 33 e8 c6 fc 45 b2 db 5f 61 89 0a 79 30 46 22 | 03 e7 82 1b e4 eb 3c b0 7a c7 10 9c 29 33 42 ff | 29 b3 a6 89 33 22 2d a5 a2 56 9e 4c eb 3e ec fb | 72 dc 95 2f bc 0d 35 c1 c6 1a 6f 0b 83 0e 8a bd | 5d 10 52 a5 42 cc 88 ea 7f 56 38 20 65 ab 30 c7 | ee 66 e3 49 66 45 1a 94 c8 a8 1d cf 56 59 6a 53 | fb 21 95 e0 38 a8 1f 44 32 6a 27 d6 8e 69 38 44 | f7 33 47 35 93 2b d0 37 93 ff a4 8c 7c 1b b7 8f | 91 f2 c4 05 f2 81 de ad 87 24 da 85 b1 f2 8b f4 | 75 95 a0 a4 47 5e 93 b6 22 77 b4 07 ca a4 27 7c | 7b 5f bb 08 ed f0 94 b0 90 6c c3 f3 09 ab a9 1d | eb 39 17 85 7a 7a 5c 52 0d e3 66 6f 2c 3b b9 12 | 21 cb fc 1b | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 46 e5 31 8d 4c c9 ff 8e | responder cookie: | dc b7 06 82 45 99 af b8 | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 532 (0x214) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #2 in MAIN_R2 (find_state_ikev1) | start processing: state #2 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_v1_packet() at ikev1.c:1459) | ***parse ISAKMP IKE Fragment Payload: | length: 504 (0x1f8) | fragment id: 1 (0x1) | fragment number: 2 (0x2) | flags: 0 (0x0) | received IKE fragment id '1', number '2' | stop processing: from 192.1.2.45:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #2 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.118 milliseconds in comm_handle_cb() reading and processing packet | spent 0.0014 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 532 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 46 e5 31 8d 4c c9 ff 8e dc b7 06 82 45 99 af b8 | 84 10 02 00 00 00 00 00 00 00 02 14 00 00 01 f8 | 00 01 03 00 cc b7 5a e2 4e 50 c6 2b 04 a8 cc 6e | c2 f8 9a 11 a0 57 fc 1f 93 c3 33 8f 59 ce f9 c5 | df 73 e0 d9 44 46 1c 56 ec 14 ca fd 2b 1e ea 24 | 96 18 71 93 4b b2 f0 f2 f4 d3 c3 40 44 cb b9 e0 | 09 f3 31 3d 35 42 6f 51 d0 88 5e 6f f9 f6 df 3b | b2 c0 87 7d f2 7a 5e 2d 46 7e 08 fe ec 77 92 f2 | 7c 54 bb b2 49 d4 f8 50 20 1f bd 77 9d 7d 28 a6 | b3 6a 26 bd 45 c9 f3 d1 df ec ae e6 17 86 78 aa | 37 d9 06 b3 d3 83 36 e9 18 d6 be 5b e1 bd 85 fd | f0 9f c3 e6 7e 41 49 31 af 19 8f 2e c6 1e 04 b3 | 64 71 a1 0a 8e d0 8f e2 74 d0 83 45 1e d0 d2 b8 | 33 5d 0c 45 1f 12 49 20 52 4b d3 3f 19 5d d2 1f | eb e3 16 79 7d b6 e8 c5 63 3a 2c 07 ae ba 54 d2 | a9 2d f5 c5 96 01 03 e1 70 b1 e5 3a 7d 06 a5 66 | c4 55 39 4e 62 34 39 58 62 a9 13 ab 8b 7f d0 97 | ac fc ed df 2e 8d df ce c7 12 3a cd 5e 8e 08 9d | 55 66 7e 09 a5 1b 18 4e a0 e5 80 2d a9 78 ef 8e | b1 20 5c 71 30 99 db 4f 41 bc aa 54 ef 30 c5 50 | 7c 3a 2d 52 0e 5c 8a 03 4b 33 d5 68 0c a0 ad 3c | e9 31 b9 d0 d3 82 df 3e e5 2f ea 04 a8 ba a3 29 | e3 7f 25 ce 14 78 76 7c a6 ca f6 0c 15 c6 67 0b | 62 82 46 67 d3 c9 63 32 e4 71 fc b5 1e d6 0c 7e | 9b 17 38 71 b2 17 8a 10 d7 6f a5 4d 9d a6 23 76 | 2c 35 43 2a 73 78 3e 12 7b 6e 58 19 5e d7 4a 41 | 03 19 96 bd 0a ee a3 8f 28 73 f0 fc 77 af 93 0f | 3b fa 6a 8f 89 dd 27 06 3f a0 84 84 b1 bd 6b a7 | ef ef 6b de a0 06 b3 4f 55 af 22 5f 80 36 d0 93 | 62 1a 46 db 8a 64 e2 b0 e6 9b 5d 38 10 ff a9 e2 | 5c 59 7d 52 13 aa 50 90 0d c7 e8 0b e5 7d 43 bc | 3d c9 3e 6b 5a 69 87 66 c9 57 8f 80 ad 53 5d 6c | 69 c2 71 bc c0 09 04 d2 6f 25 74 01 6f 5e 12 38 | 1d dd de e0 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 46 e5 31 8d 4c c9 ff 8e | responder cookie: | dc b7 06 82 45 99 af b8 | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 532 (0x214) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #2 in MAIN_R2 (find_state_ikev1) | start processing: state #2 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_v1_packet() at ikev1.c:1459) | ***parse ISAKMP IKE Fragment Payload: | length: 504 (0x1f8) | fragment id: 1 (0x1) | fragment number: 3 (0x3) | flags: 0 (0x0) | received IKE fragment id '1', number '3' | stop processing: from 192.1.2.45:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #2 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.116 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00146 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 532 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 46 e5 31 8d 4c c9 ff 8e dc b7 06 82 45 99 af b8 | 84 10 02 00 00 00 00 00 00 00 02 14 00 00 01 f8 | 00 01 04 00 8d 98 59 d3 2e 41 f1 69 33 ec 8f 65 | ea f4 94 4b 67 b6 e3 33 b6 44 7c 91 a3 65 51 70 | 2f fd 13 23 ba 19 b8 a5 58 ff 2b bb 53 1f fd 44 | e7 b0 13 41 2e 9a 45 06 25 70 ea 64 61 d8 64 f3 | d2 95 8c 33 23 e4 97 1c 41 d0 e0 8a bd 2a 8c 99 | 55 5f c1 dd ad a4 41 0f e1 fb 3b f9 c5 bb 91 57 | b5 87 4e bd fe 03 72 d1 eb 92 c1 4e 33 a8 87 32 | fe da df 1a 30 44 d5 ca c5 55 b7 c3 3f ce 96 a3 | bb 2d 64 95 71 89 50 2d 69 0b b0 21 2b 6d 69 fa | 92 c9 d4 80 29 2f 9f 94 23 3e e2 dd 4e dc 6a 81 | e1 81 41 99 a2 9c 52 9c 9a 66 c0 f3 0f 29 13 02 | b9 ec f0 39 b1 fe 4d e5 d5 53 9a 17 5c 3b 52 dd | 62 4e 75 bf 82 3c 45 2b a9 12 78 a0 79 bd 6a 22 | 6b 38 88 fd 1f b7 e2 28 8e 3e a4 8b d3 d1 e0 ab | c2 d3 4b 7b 20 ff 54 d9 0c 1c 29 f3 1b ef 5f e2 | 2a a8 7f 4d 1a 21 3d 79 ee 9a a2 cd 33 6a 3e 3f | f2 ed 60 6f 2f 4b 02 71 21 45 e3 f9 29 39 2b 3b | 08 3e 49 20 5f c3 73 6c d1 c6 27 37 7e 07 5d 89 | 3b 37 91 36 a1 35 b4 37 c7 f6 53 52 68 a2 69 fa | 89 a7 4b 3d ad 88 2b 2a d4 7d 7b 14 5d d7 b6 35 | f4 d9 a3 80 1c 10 41 89 b5 e9 c3 a4 49 72 2c 0e | db f6 73 80 65 8a f9 a1 5b a7 23 4a d7 2c 19 ff | fc 1c d9 bb 93 a3 fe fb d9 9f 07 09 97 d5 47 32 | 77 e7 10 f2 cd 40 d7 1c 0e ce 6d 49 6d 79 ed 2c | e6 3b ca 9c db 0b e9 66 b2 7a 3c e4 43 72 fe 08 | f6 62 75 e1 cd 65 b0 25 5f 51 c8 ae 82 08 ad b8 | 31 17 f1 e6 9b fe 19 73 18 79 26 ae ab 17 20 3c | 45 0c 33 98 f1 cb 0e 97 aa 0c d2 a8 35 af a9 7b | 9e 7c 4e 02 2d ea f9 16 5c 8e 8b 69 8e 54 3b aa | 45 a9 60 86 53 42 84 39 91 23 a3 84 ad 3a 40 43 | 5f 08 57 68 a2 e8 12 18 b4 34 b1 9a 36 57 3a 90 | c0 98 81 06 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 46 e5 31 8d 4c c9 ff 8e | responder cookie: | dc b7 06 82 45 99 af b8 | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 532 (0x214) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #2 in MAIN_R2 (find_state_ikev1) | start processing: state #2 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_v1_packet() at ikev1.c:1459) | ***parse ISAKMP IKE Fragment Payload: | length: 504 (0x1f8) | fragment id: 1 (0x1) | fragment number: 4 (0x4) | flags: 0 (0x0) | received IKE fragment id '1', number '4' | stop processing: from 192.1.2.45:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #2 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.125 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00151 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 112 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 46 e5 31 8d 4c c9 ff 8e dc b7 06 82 45 99 af b8 | 84 10 02 00 00 00 00 00 00 00 00 70 00 00 00 54 | 00 01 05 01 6b 8f e7 ed a8 2e 0c 71 fa ea 05 bc | 4c 19 5a fc 2e 58 e8 9b 9c 93 59 3a bb 12 c8 cd | 0b 57 bc 7f 1f 2c 69 43 2e 67 9c 1a 86 fd d0 d9 | b1 ad 4d da d7 47 5d 6c 55 8c 83 59 b1 e9 8a c3 | 94 fc 1f 15 00 f1 b3 cc bf 7e e6 57 fd 31 78 2a | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 46 e5 31 8d 4c c9 ff 8e | responder cookie: | dc b7 06 82 45 99 af b8 | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 112 (0x70) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #2 in MAIN_R2 (find_state_ikev1) | start processing: state #2 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_v1_packet() at ikev1.c:1459) | ***parse ISAKMP IKE Fragment Payload: | length: 84 (0x54) | fragment id: 1 (0x1) | fragment number: 5 (0x5) | flags: 1 (0x1) | received IKE fragment id '1', number '5'(last) | **parse ISAKMP Message: | initiator cookie: | 46 e5 31 8d 4c c9 ff 8e | responder cookie: | dc b7 06 82 45 99 af b8 | next payload type: ISAKMP_NEXT_ID (0x5) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 0 (0x0) | length: 2060 (0x80c) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #2 in MAIN_R2 (find_state_ikev1) | [RE]START processing: state #2 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_v1_packet() at ikev1.c:1459) | #2 is idle | #2 idle | received encrypted packet from 192.1.2.45:500 | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x220 opt: 0x20c0 | ***parse ISAKMP Identification Payload: | next payload type: ISAKMP_NEXT_CERT (0x6) | length: 191 (0xbf) | ID type: ID_DER_ASN1_DN (0x9) | DOI specific A: 0 (0x0) | DOI specific B: 0 (0x0) | obj: 30 81 b4 31 0b 30 09 06 03 55 04 06 13 02 43 41 | obj: 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 | obj: 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 | obj: 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c | obj: 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 | obj: 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 | obj: 6e 74 31 23 30 21 06 03 55 04 03 0c 1a 77 65 73 | obj: 74 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 | obj: 77 61 6e 2e 6f 72 67 31 2e 30 2c 06 09 2a 86 48 | obj: 86 f7 0d 01 09 01 16 1f 75 73 65 72 2d 77 65 73 | obj: 74 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 | obj: 77 61 6e 2e 6f 72 67 | got payload 0x40 (ISAKMP_NEXT_CERT) needed: 0x200 opt: 0x20c0 | ***parse ISAKMP Certificate Payload: | next payload type: ISAKMP_NEXT_CR (0x7) | length: 1265 (0x4f1) | cert encoding: CERT_X509_SIGNATURE (0x4) | got payload 0x80 (ISAKMP_NEXT_CR) needed: 0x200 opt: 0x20c0 | ***parse ISAKMP Certificate RequestPayload: | next payload type: ISAKMP_NEXT_SIG (0x9) | length: 180 (0xb4) | cert type: CERT_X509_SIGNATURE (0x4) | got payload 0x200 (ISAKMP_NEXT_SIG) needed: 0x200 opt: 0x20c0 | ***parse ISAKMP Signature Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 388 (0x184) | removing 8 bytes of padding | message 'main_inI3_outR3' HASH payload not checked early | DER ASN1 DN: 30 81 b4 31 0b 30 09 06 03 55 04 06 13 02 43 41 | DER ASN1 DN: 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 | DER ASN1 DN: 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 | DER ASN1 DN: 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c | DER ASN1 DN: 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 | DER ASN1 DN: 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 | DER ASN1 DN: 6e 74 31 23 30 21 06 03 55 04 03 0c 1a 77 65 73 | DER ASN1 DN: 74 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 | DER ASN1 DN: 77 61 6e 2e 6f 72 67 31 2e 30 2c 06 09 2a 86 48 | DER ASN1 DN: 86 f7 0d 01 09 01 16 1f 75 73 65 72 2d 77 65 73 | DER ASN1 DN: 74 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 | DER ASN1 DN: 77 61 6e 2e 6f 72 67 "westnet-eastnet-x509-cr" #2: Peer ID is ID_DER_ASN1_DN: 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west.testing.libreswan.org, E=user-west@testing.libreswan.org' | global one-shot timer EVENT_FREE_ROOT_CERTS scheduled in 300 seconds | #2 spent 0.00485 milliseconds in find_and_verify_certs() calling get_root_certs() | checking for known CERT payloads | saving certificate of type 'X509_SIGNATURE' | decoded cert: E=user-west@testing.libreswan.org,CN=west.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA | #2 spent 0.42 milliseconds in find_and_verify_certs() calling decode_cert_payloads() | cert_issuer_has_current_crl: looking for a CRL issued by E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA | #2 spent 0.0435 milliseconds in find_and_verify_certs() calling crl_update_check() | missing or expired CRL | crl_strict: 0, ocsp: 0, ocsp_strict: 0, ocsp_post: 0 | verify_end_cert trying profile IPsec "westnet-eastnet-x509-cr" #2: Certificate E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA failed IPsec verification "westnet-eastnet-x509-cr" #2: ERROR: The certificate was signed using a signature algorithm that is disabled because it is not secure. | #2 spent 0.41 milliseconds in find_and_verify_certs() calling verify_end_cert() "westnet-eastnet-x509-cr" #2: X509: Certificate rejected for this connection "westnet-eastnet-x509-cr" #2: X509: CERT payload bogus or revoked | Peer ID failed to decode | complete v1 state transition with INVALID_ID_INFORMATION | [RE]START processing: state #2 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in complete_v1_state_transition() at ikev1.c:2673) | #2 is idle "westnet-eastnet-x509-cr" #2: sending encrypted notification INVALID_ID_INFORMATION to 192.1.2.45:500 | **emit ISAKMP Message: | initiator cookie: | 46 e5 31 8d 4c c9 ff 8e | responder cookie: | dc b7 06 82 45 99 af b8 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_INFO (0x5) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 1866601117 (0x6f42129d) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'notification msg' | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload | emitting length of ISAKMP Hash Payload: 36 | ***emit ISAKMP Notification Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | DOI: ISAKMP_DOI_IPSEC (0x1) | protocol ID: 1 (0x1) | SPI size: 0 (0x0) | Notify Message Type: INVALID_ID_INFORMATION (0x12) | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Notification Payload (11:ISAKMP_NEXT_N) | next payload chain: saving location 'ISAKMP Notification Payload'.'next payload type' in 'notification msg' | emitting length of ISAKMP Notification Payload: 12 | send notification HASH(1): | 9a 95 77 05 8c cb e1 84 26 15 0f 3c 5f 72 e1 7a | 04 97 d2 3e 68 d5 00 e8 29 85 fa 4d 8b 47 de b7 | no IKEv1 message padding required | emitting length of ISAKMP Message: 76 | sending 76 bytes for notification packet through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #2) | 46 e5 31 8d 4c c9 ff 8e dc b7 06 82 45 99 af b8 | 08 10 05 01 6f 42 12 9d 00 00 00 4c 04 39 87 42 | f8 1b 58 21 93 69 49 3f 8a 92 e5 2f 61 d5 c7 09 | f5 e3 1e ff 16 a7 e3 d1 77 a2 a8 48 be e5 6c 26 | b2 b2 58 cc 7a 34 b5 0f ef 47 78 2b | state transition function for STATE_MAIN_R2 failed: INVALID_ID_INFORMATION | #2 spent 1.18 milliseconds in process_packet_tail() | updated IKE fragment state to respond using fragments without waiting for re-transmits | stop processing: from 192.1.2.45:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #2 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 1.39 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00286 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 532 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 46 e5 31 8d 4c c9 ff 8e dc b7 06 82 45 99 af b8 | 84 10 02 00 00 00 00 00 00 00 02 14 00 00 01 f8 | 00 01 01 00 46 e5 31 8d 4c c9 ff 8e dc b7 06 82 | 45 99 af b8 05 10 02 01 00 00 00 00 00 00 08 0c | f6 38 8b 8a 24 b1 ce d6 6c 04 15 6c 6d 0e 93 c1 | e6 87 ef 01 78 00 42 e9 ef 50 3d f3 52 58 f2 96 | d1 a9 a3 5a 80 eb 70 29 02 b1 59 fc c0 1d a4 2b | 2d 87 82 af 5e e5 87 44 94 c9 dd 95 de 6b 1b 22 | 8c dd d7 bb 9a eb a0 0e bf e9 99 96 67 ed 28 94 | 68 5a 61 58 ec dd b5 5a e7 62 e0 b6 5d 10 00 6b | 58 b7 84 c7 6e 31 df bf 02 80 6a d2 65 38 49 c3 | 3a b6 21 da f2 31 b2 ef 63 82 cc a1 21 41 84 9b | 96 28 cd ae 6f 8c eb 05 f1 26 0c af 60 93 00 ef | aa aa 21 4b 71 92 ef 5d b5 25 03 a0 ae bb 8a 1f | 3a 2b 98 7a 4a 63 94 48 76 24 b0 1f 7c 32 b1 b6 | d5 ad 76 7f 11 15 9c 04 e7 fb b8 d4 04 af 61 60 | 42 05 48 6c c8 7a ab c3 8b 3b 0c 0b e2 6b ab eb | 63 70 b1 1e c5 2f 48 89 1a 33 85 75 62 1b 0d c2 | 95 4c 82 93 a6 89 4e 28 a6 69 0b ff cf 12 e0 62 | da 52 0d 53 bb 7d ed a6 0d 48 8e 0c 48 b2 ff 58 | c2 cc 1e 0a df d6 63 55 65 35 00 ac b0 9d 77 a5 | 19 07 40 ea 2a a2 54 be 45 6c ff 40 3e ae 7e a5 | a4 72 74 7d 44 5d 7f 7d 97 3f 29 0c 57 31 8f 61 | 8e 1a a9 dc 67 5d 58 99 76 18 da 3c 06 7c 38 59 | 5a f8 97 9a 8f 66 31 f2 6b 16 99 ee 05 1c 22 53 | 04 13 8b e8 39 34 89 2a 2d e7 0c 36 30 36 fe 02 | df d8 2f 99 65 29 a1 ae bb ce f0 05 1a 5d c4 f1 | 2a 1e 2e 29 cd 89 e9 55 d9 64 5a c2 99 82 ef 76 | 1f 91 a6 27 63 47 09 c6 39 2c 2e 7e 50 77 78 c4 | 04 a2 49 a6 ff 58 19 aa 4c b1 bb 73 b3 d0 78 1b | cd b4 2b 23 45 a2 93 0b 00 ee 5f fa 95 98 c2 26 | 05 96 87 e2 63 5a f2 be 97 55 d6 4d 2a 93 dd 05 | 5d 8f 82 1a cb e7 da 0f cc 95 af 29 ce 7a 2f ec | fa 8e 49 41 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 46 e5 31 8d 4c c9 ff 8e | responder cookie: | dc b7 06 82 45 99 af b8 | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 532 (0x214) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #2 in MAIN_R2 (find_state_ikev1) | start processing: state #2 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_v1_packet() at ikev1.c:1459) | ***parse ISAKMP IKE Fragment Payload: | length: 504 (0x1f8) | fragment id: 1 (0x1) | fragment number: 1 (0x1) | flags: 0 (0x0) | received IKE fragment id '1', number '1' | stop processing: from 192.1.2.45:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #2 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.133 milliseconds in comm_handle_cb() reading and processing packet | timer_event_cb: processing event@0x7fad00002b78 | handling event EVENT_RETRANSMIT for parent state #2 | start processing: state #2 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in timer_event_cb() at timer.c:250) | IKEv1 retransmit event | [RE]START processing: state #2 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in retransmit_v1_msg() at retry.c:61) | handling event EVENT_RETRANSMIT for 192.1.2.45 "westnet-eastnet-x509-cr" #2 keying attempt 0 of 0; retransmit 2 | retransmits: current time 29850.941103; retransmit count 1 exceeds limit? NO; deltatime 1 exceeds limit? NO; monotime 1.002558 exceeds limit? NO | event_schedule: new EVENT_RETRANSMIT-pe@0x55e900760a98 | inserting event EVENT_RETRANSMIT, timeout in 1 seconds for #2 | libevent_malloc: new ptr-libevent@0x55e900777b18 size 128 "westnet-eastnet-x509-cr" #2: STATE_MAIN_R2: retransmission; will wait 1 seconds for response | sending 396 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #2) | 46 e5 31 8d 4c c9 ff 8e dc b7 06 82 45 99 af b8 | 04 10 02 00 00 00 00 00 00 00 01 8c 0a 00 01 04 | c0 62 18 ca 80 07 c3 64 60 4d e8 ea 6c e2 f0 99 | 50 e9 80 7d 76 d4 bf 0b 15 6c b9 0c ac eb 18 99 | a0 c3 61 d1 4c 7e 73 4c d1 8b 09 d6 40 d2 c4 af | 63 62 ff 26 2b f3 4f 00 2e 1c 2c e5 b3 ea 70 b3 | e2 b0 67 e1 e3 a8 bb b0 41 0e ff fc 1b 51 bc b1 | 29 15 fb ba 79 6c b5 c1 d7 c5 f6 31 eb db 41 0d | 7f e2 e3 0b 3a b5 1c f7 90 e8 33 d9 f0 f3 4a 79 | 32 03 e6 e3 7a 8e f8 00 5f 07 d2 4a 53 63 55 9e | af 6e 4f 70 09 6a cc 74 24 ae 16 d2 c8 31 1c 2f | 87 6c 14 86 14 af d5 67 b9 9c 8d e6 bc 06 95 dc | 1a 82 0a fe 30 d7 5f 7a 49 88 20 94 be 77 c2 28 | cd d9 26 bb 92 5e 19 3a 2a 47 7a 69 fd 7e 5c f6 | 47 8a b9 48 11 37 40 5e a8 ed 73 a9 1c 28 ad 98 | 7b c2 8f 8c 5d e5 e3 3c 35 af 44 cc e6 af 54 dc | e8 5d ad 1a 17 a1 73 05 31 cd ad c4 fa 78 45 10 | a0 f6 d2 76 0d 55 3a a3 64 2f a9 4a 8d 94 ff a5 | 14 00 00 24 c6 69 ca 6d 1e 78 fd 17 68 a8 34 28 | a8 13 a2 75 cd 66 52 4d 39 a4 e2 a9 cd 33 22 8b | d8 c2 84 aa 14 00 00 24 51 56 35 0d d1 d5 02 d3 | 22 e9 fd e7 e5 18 2b 32 3c 0b 12 b5 5f 45 06 46 | b9 3b b6 84 aa 61 e9 fb 00 00 00 24 11 62 00 6c | 0c e8 ae 19 1e 1c a1 fa 47 f1 31 59 dc f9 84 d9 | 30 dc f7 c5 4a 98 db ea 77 ce 7b e3 | libevent_free: release ptr-libevent@0x7fad00002888 | free_event_entry: release EVENT_RETRANSMIT-pe@0x7fad00002b78 | #2 spent 0.103 milliseconds in timer_event_cb() EVENT_RETRANSMIT | stop processing: state #2 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in timer_event_cb() at timer.c:557) | spent 0.00166 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 532 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 46 e5 31 8d 4c c9 ff 8e dc b7 06 82 45 99 af b8 | 84 10 02 00 00 00 00 00 00 00 02 14 00 00 01 f8 | 00 01 02 00 a0 62 2f 4f b7 bc 2c d5 b4 2f 91 24 | c7 b2 78 bd 3f 99 d3 b2 2f dc f1 3c 19 79 ae 25 | 0c bf 5d 72 8c d6 81 d3 e9 02 45 0f ab a1 92 98 | 13 08 38 3b fb 91 34 80 7d a2 7b 73 a3 02 31 2f | fb 3f a1 d0 f4 0f 69 66 e0 8b f3 d1 82 ae 6b 00 | 70 6a a2 26 22 01 c3 38 55 fc 47 68 fe 48 28 72 | 62 39 06 70 86 bc 3d 24 0c fd f4 25 c0 7a 54 34 | bf 63 0b 7b 7a e0 73 7a e5 42 9b 3c 6e cc ee 35 | 46 3d ab 06 89 22 21 25 db 1a b2 cc ff 8f 13 9b | 69 9c 07 00 eb a4 58 49 e8 26 05 67 7b 50 ea 35 | 73 22 26 9e f7 36 44 7f e4 84 7f f4 19 84 10 7a | 84 07 6e 21 7a 73 f3 ce 39 3a 35 c2 8f 8f 5b db | ff f6 2b 9c dc ad a1 66 d2 7c 74 b6 fc a6 d8 d3 | 10 34 41 b4 6a 8c f9 d1 10 e3 08 d7 43 70 09 3f | bc 96 d1 64 66 44 1a bd e4 31 9c 77 2e e6 10 ce | e9 c0 99 56 87 3c 4a 09 62 ad d2 c4 b9 fd 6f 2d | 4a 00 af a8 13 45 ba 3f 0f 2b 78 11 75 33 6e d7 | 09 1c d8 9c a9 83 9a 42 fe be 3d b5 8b 2f 1c 0d | a5 30 70 14 34 dc 69 48 39 3a 0e 59 db 39 37 fc | 7d 33 e8 c6 fc 45 b2 db 5f 61 89 0a 79 30 46 22 | 03 e7 82 1b e4 eb 3c b0 7a c7 10 9c 29 33 42 ff | 29 b3 a6 89 33 22 2d a5 a2 56 9e 4c eb 3e ec fb | 72 dc 95 2f bc 0d 35 c1 c6 1a 6f 0b 83 0e 8a bd | 5d 10 52 a5 42 cc 88 ea 7f 56 38 20 65 ab 30 c7 | ee 66 e3 49 66 45 1a 94 c8 a8 1d cf 56 59 6a 53 | fb 21 95 e0 38 a8 1f 44 32 6a 27 d6 8e 69 38 44 | f7 33 47 35 93 2b d0 37 93 ff a4 8c 7c 1b b7 8f | 91 f2 c4 05 f2 81 de ad 87 24 da 85 b1 f2 8b f4 | 75 95 a0 a4 47 5e 93 b6 22 77 b4 07 ca a4 27 7c | 7b 5f bb 08 ed f0 94 b0 90 6c c3 f3 09 ab a9 1d | eb 39 17 85 7a 7a 5c 52 0d e3 66 6f 2c 3b b9 12 | 21 cb fc 1b | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 46 e5 31 8d 4c c9 ff 8e | responder cookie: | dc b7 06 82 45 99 af b8 | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 532 (0x214) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #2 in MAIN_R2 (find_state_ikev1) | start processing: state #2 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_v1_packet() at ikev1.c:1459) | ***parse ISAKMP IKE Fragment Payload: | length: 504 (0x1f8) | fragment id: 1 (0x1) | fragment number: 2 (0x2) | flags: 0 (0x0) | received IKE fragment id '1', number '2' | stop processing: from 192.1.2.45:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #2 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.119 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00146 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 532 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 46 e5 31 8d 4c c9 ff 8e dc b7 06 82 45 99 af b8 | 84 10 02 00 00 00 00 00 00 00 02 14 00 00 01 f8 | 00 01 03 00 cc b7 5a e2 4e 50 c6 2b 04 a8 cc 6e | c2 f8 9a 11 a0 57 fc 1f 93 c3 33 8f 59 ce f9 c5 | df 73 e0 d9 44 46 1c 56 ec 14 ca fd 2b 1e ea 24 | 96 18 71 93 4b b2 f0 f2 f4 d3 c3 40 44 cb b9 e0 | 09 f3 31 3d 35 42 6f 51 d0 88 5e 6f f9 f6 df 3b | b2 c0 87 7d f2 7a 5e 2d 46 7e 08 fe ec 77 92 f2 | 7c 54 bb b2 49 d4 f8 50 20 1f bd 77 9d 7d 28 a6 | b3 6a 26 bd 45 c9 f3 d1 df ec ae e6 17 86 78 aa | 37 d9 06 b3 d3 83 36 e9 18 d6 be 5b e1 bd 85 fd | f0 9f c3 e6 7e 41 49 31 af 19 8f 2e c6 1e 04 b3 | 64 71 a1 0a 8e d0 8f e2 74 d0 83 45 1e d0 d2 b8 | 33 5d 0c 45 1f 12 49 20 52 4b d3 3f 19 5d d2 1f | eb e3 16 79 7d b6 e8 c5 63 3a 2c 07 ae ba 54 d2 | a9 2d f5 c5 96 01 03 e1 70 b1 e5 3a 7d 06 a5 66 | c4 55 39 4e 62 34 39 58 62 a9 13 ab 8b 7f d0 97 | ac fc ed df 2e 8d df ce c7 12 3a cd 5e 8e 08 9d | 55 66 7e 09 a5 1b 18 4e a0 e5 80 2d a9 78 ef 8e | b1 20 5c 71 30 99 db 4f 41 bc aa 54 ef 30 c5 50 | 7c 3a 2d 52 0e 5c 8a 03 4b 33 d5 68 0c a0 ad 3c | e9 31 b9 d0 d3 82 df 3e e5 2f ea 04 a8 ba a3 29 | e3 7f 25 ce 14 78 76 7c a6 ca f6 0c 15 c6 67 0b | 62 82 46 67 d3 c9 63 32 e4 71 fc b5 1e d6 0c 7e | 9b 17 38 71 b2 17 8a 10 d7 6f a5 4d 9d a6 23 76 | 2c 35 43 2a 73 78 3e 12 7b 6e 58 19 5e d7 4a 41 | 03 19 96 bd 0a ee a3 8f 28 73 f0 fc 77 af 93 0f | 3b fa 6a 8f 89 dd 27 06 3f a0 84 84 b1 bd 6b a7 | ef ef 6b de a0 06 b3 4f 55 af 22 5f 80 36 d0 93 | 62 1a 46 db 8a 64 e2 b0 e6 9b 5d 38 10 ff a9 e2 | 5c 59 7d 52 13 aa 50 90 0d c7 e8 0b e5 7d 43 bc | 3d c9 3e 6b 5a 69 87 66 c9 57 8f 80 ad 53 5d 6c | 69 c2 71 bc c0 09 04 d2 6f 25 74 01 6f 5e 12 38 | 1d dd de e0 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 46 e5 31 8d 4c c9 ff 8e | responder cookie: | dc b7 06 82 45 99 af b8 | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 532 (0x214) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #2 in MAIN_R2 (find_state_ikev1) | start processing: state #2 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_v1_packet() at ikev1.c:1459) | ***parse ISAKMP IKE Fragment Payload: | length: 504 (0x1f8) | fragment id: 1 (0x1) | fragment number: 3 (0x3) | flags: 0 (0x0) | received IKE fragment id '1', number '3' | stop processing: from 192.1.2.45:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #2 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.125 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00177 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 532 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 46 e5 31 8d 4c c9 ff 8e dc b7 06 82 45 99 af b8 | 84 10 02 00 00 00 00 00 00 00 02 14 00 00 01 f8 | 00 01 04 00 8d 98 59 d3 2e 41 f1 69 33 ec 8f 65 | ea f4 94 4b 67 b6 e3 33 b6 44 7c 91 a3 65 51 70 | 2f fd 13 23 ba 19 b8 a5 58 ff 2b bb 53 1f fd 44 | e7 b0 13 41 2e 9a 45 06 25 70 ea 64 61 d8 64 f3 | d2 95 8c 33 23 e4 97 1c 41 d0 e0 8a bd 2a 8c 99 | 55 5f c1 dd ad a4 41 0f e1 fb 3b f9 c5 bb 91 57 | b5 87 4e bd fe 03 72 d1 eb 92 c1 4e 33 a8 87 32 | fe da df 1a 30 44 d5 ca c5 55 b7 c3 3f ce 96 a3 | bb 2d 64 95 71 89 50 2d 69 0b b0 21 2b 6d 69 fa | 92 c9 d4 80 29 2f 9f 94 23 3e e2 dd 4e dc 6a 81 | e1 81 41 99 a2 9c 52 9c 9a 66 c0 f3 0f 29 13 02 | b9 ec f0 39 b1 fe 4d e5 d5 53 9a 17 5c 3b 52 dd | 62 4e 75 bf 82 3c 45 2b a9 12 78 a0 79 bd 6a 22 | 6b 38 88 fd 1f b7 e2 28 8e 3e a4 8b d3 d1 e0 ab | c2 d3 4b 7b 20 ff 54 d9 0c 1c 29 f3 1b ef 5f e2 | 2a a8 7f 4d 1a 21 3d 79 ee 9a a2 cd 33 6a 3e 3f | f2 ed 60 6f 2f 4b 02 71 21 45 e3 f9 29 39 2b 3b | 08 3e 49 20 5f c3 73 6c d1 c6 27 37 7e 07 5d 89 | 3b 37 91 36 a1 35 b4 37 c7 f6 53 52 68 a2 69 fa | 89 a7 4b 3d ad 88 2b 2a d4 7d 7b 14 5d d7 b6 35 | f4 d9 a3 80 1c 10 41 89 b5 e9 c3 a4 49 72 2c 0e | db f6 73 80 65 8a f9 a1 5b a7 23 4a d7 2c 19 ff | fc 1c d9 bb 93 a3 fe fb d9 9f 07 09 97 d5 47 32 | 77 e7 10 f2 cd 40 d7 1c 0e ce 6d 49 6d 79 ed 2c | e6 3b ca 9c db 0b e9 66 b2 7a 3c e4 43 72 fe 08 | f6 62 75 e1 cd 65 b0 25 5f 51 c8 ae 82 08 ad b8 | 31 17 f1 e6 9b fe 19 73 18 79 26 ae ab 17 20 3c | 45 0c 33 98 f1 cb 0e 97 aa 0c d2 a8 35 af a9 7b | 9e 7c 4e 02 2d ea f9 16 5c 8e 8b 69 8e 54 3b aa | 45 a9 60 86 53 42 84 39 91 23 a3 84 ad 3a 40 43 | 5f 08 57 68 a2 e8 12 18 b4 34 b1 9a 36 57 3a 90 | c0 98 81 06 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 46 e5 31 8d 4c c9 ff 8e | responder cookie: | dc b7 06 82 45 99 af b8 | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 532 (0x214) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #2 in MAIN_R2 (find_state_ikev1) | start processing: state #2 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_v1_packet() at ikev1.c:1459) | ***parse ISAKMP IKE Fragment Payload: | length: 504 (0x1f8) | fragment id: 1 (0x1) | fragment number: 4 (0x4) | flags: 0 (0x0) | received IKE fragment id '1', number '4' | stop processing: from 192.1.2.45:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #2 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.116 milliseconds in comm_handle_cb() reading and processing packet | spent 0.0015 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 112 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 46 e5 31 8d 4c c9 ff 8e dc b7 06 82 45 99 af b8 | 84 10 02 00 00 00 00 00 00 00 00 70 00 00 00 54 | 00 01 05 01 6b 8f e7 ed a8 2e 0c 71 fa ea 05 bc | 4c 19 5a fc 2e 58 e8 9b 9c 93 59 3a bb 12 c8 cd | 0b 57 bc 7f 1f 2c 69 43 2e 67 9c 1a 86 fd d0 d9 | b1 ad 4d da d7 47 5d 6c 55 8c 83 59 b1 e9 8a c3 | 94 fc 1f 15 00 f1 b3 cc bf 7e e6 57 fd 31 78 2a | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 46 e5 31 8d 4c c9 ff 8e | responder cookie: | dc b7 06 82 45 99 af b8 | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 112 (0x70) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #2 in MAIN_R2 (find_state_ikev1) | start processing: state #2 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_v1_packet() at ikev1.c:1459) | ***parse ISAKMP IKE Fragment Payload: | length: 84 (0x54) | fragment id: 1 (0x1) | fragment number: 5 (0x5) | flags: 1 (0x1) | received IKE fragment id '1', number '5'(last) | **parse ISAKMP Message: | initiator cookie: | 46 e5 31 8d 4c c9 ff 8e | responder cookie: | dc b7 06 82 45 99 af b8 | next payload type: ISAKMP_NEXT_ID (0x5) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 0 (0x0) | length: 2060 (0x80c) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #2 in MAIN_R2 (find_state_ikev1) | [RE]START processing: state #2 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_v1_packet() at ikev1.c:1459) | #2 is idle | #2 idle | received encrypted packet from 192.1.2.45:500 | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x220 opt: 0x20c0 | ***parse ISAKMP Identification Payload: | next payload type: ISAKMP_NEXT_CERT (0x6) | length: 191 (0xbf) | ID type: ID_DER_ASN1_DN (0x9) | DOI specific A: 0 (0x0) | DOI specific B: 0 (0x0) | obj: 30 81 b4 31 0b 30 09 06 03 55 04 06 13 02 43 41 | obj: 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 | obj: 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 | obj: 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c | obj: 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 | obj: 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 | obj: 6e 74 31 23 30 21 06 03 55 04 03 0c 1a 77 65 73 | obj: 74 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 | obj: 77 61 6e 2e 6f 72 67 31 2e 30 2c 06 09 2a 86 48 | obj: 86 f7 0d 01 09 01 16 1f 75 73 65 72 2d 77 65 73 | obj: 74 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 | obj: 77 61 6e 2e 6f 72 67 | got payload 0x40 (ISAKMP_NEXT_CERT) needed: 0x200 opt: 0x20c0 | ***parse ISAKMP Certificate Payload: | next payload type: ISAKMP_NEXT_CR (0x7) | length: 1265 (0x4f1) | cert encoding: CERT_X509_SIGNATURE (0x4) | got payload 0x80 (ISAKMP_NEXT_CR) needed: 0x200 opt: 0x20c0 | ***parse ISAKMP Certificate RequestPayload: | next payload type: ISAKMP_NEXT_SIG (0x9) | length: 180 (0xb4) | cert type: CERT_X509_SIGNATURE (0x4) | got payload 0x200 (ISAKMP_NEXT_SIG) needed: 0x200 opt: 0x20c0 | ***parse ISAKMP Signature Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 388 (0x184) | removing 8 bytes of padding | message 'main_inI3_outR3' HASH payload not checked early | DER ASN1 DN: 30 81 b4 31 0b 30 09 06 03 55 04 06 13 02 43 41 | DER ASN1 DN: 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 | DER ASN1 DN: 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 | DER ASN1 DN: 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c | DER ASN1 DN: 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 | DER ASN1 DN: 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 | DER ASN1 DN: 6e 74 31 23 30 21 06 03 55 04 03 0c 1a 77 65 73 | DER ASN1 DN: 74 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 | DER ASN1 DN: 77 61 6e 2e 6f 72 67 31 2e 30 2c 06 09 2a 86 48 | DER ASN1 DN: 86 f7 0d 01 09 01 16 1f 75 73 65 72 2d 77 65 73 | DER ASN1 DN: 74 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 | DER ASN1 DN: 77 61 6e 2e 6f 72 67 "westnet-eastnet-x509-cr" #2: Peer ID is ID_DER_ASN1_DN: 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west.testing.libreswan.org, E=user-west@testing.libreswan.org' | global one-shot timer EVENT_FREE_ROOT_CERTS scheduled in 300 seconds | #2 spent 0.00511 milliseconds in find_and_verify_certs() calling get_root_certs() | checking for known CERT payloads | saving certificate of type 'X509_SIGNATURE' | decoded cert: E=user-west@testing.libreswan.org,CN=west.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA | #2 spent 0.298 milliseconds in find_and_verify_certs() calling decode_cert_payloads() | cert_issuer_has_current_crl: looking for a CRL issued by E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA | #2 spent 0.044 milliseconds in find_and_verify_certs() calling crl_update_check() | missing or expired CRL | crl_strict: 0, ocsp: 0, ocsp_strict: 0, ocsp_post: 0 | verify_end_cert trying profile IPsec "westnet-eastnet-x509-cr" #2: Certificate E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA failed IPsec verification "westnet-eastnet-x509-cr" #2: ERROR: The certificate was signed using a signature algorithm that is disabled because it is not secure. | #2 spent 0.369 milliseconds in find_and_verify_certs() calling verify_end_cert() "westnet-eastnet-x509-cr" #2: X509: Certificate rejected for this connection "westnet-eastnet-x509-cr" #2: X509: CERT payload bogus or revoked | Peer ID failed to decode | complete v1 state transition with INVALID_ID_INFORMATION | [RE]START processing: state #2 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in complete_v1_state_transition() at ikev1.c:2673) | #2 is idle "westnet-eastnet-x509-cr" #2: sending encrypted notification INVALID_ID_INFORMATION to 192.1.2.45:500 | **emit ISAKMP Message: | initiator cookie: | 46 e5 31 8d 4c c9 ff 8e | responder cookie: | dc b7 06 82 45 99 af b8 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_INFO (0x5) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 3320999961 (0xc5f27019) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'notification msg' | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload | emitting length of ISAKMP Hash Payload: 36 | ***emit ISAKMP Notification Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | DOI: ISAKMP_DOI_IPSEC (0x1) | protocol ID: 1 (0x1) | SPI size: 0 (0x0) | Notify Message Type: INVALID_ID_INFORMATION (0x12) | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Notification Payload (11:ISAKMP_NEXT_N) | next payload chain: saving location 'ISAKMP Notification Payload'.'next payload type' in 'notification msg' | emitting length of ISAKMP Notification Payload: 12 | send notification HASH(1): | fe 3a 2e 12 00 89 cf 1e 89 85 4e 18 f5 df 46 ab | 32 8e 50 e1 98 dc 07 b8 0e 22 ee 06 e2 fb 70 b2 | no IKEv1 message padding required | emitting length of ISAKMP Message: 76 | sending 76 bytes for notification packet through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #2) | 46 e5 31 8d 4c c9 ff 8e dc b7 06 82 45 99 af b8 | 08 10 05 01 c5 f2 70 19 00 00 00 4c cd b3 0d d9 | 35 89 da f1 d5 35 f4 c0 01 e7 ee 34 4d 0a 51 fb | 84 2f 86 fe 81 ec e8 8b 50 81 02 79 ed b5 f4 b1 | a0 30 fd 0c 64 01 7b a4 5c b9 78 39 | state transition function for STATE_MAIN_R2 failed: INVALID_ID_INFORMATION | #2 spent 1.39 milliseconds in process_packet_tail() | updated IKE fragment state to respond using fragments without waiting for re-transmits | stop processing: from 192.1.2.45:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #2 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 1.59 milliseconds in comm_handle_cb() reading and processing packet | spent 0.0026 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 532 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 46 e5 31 8d 4c c9 ff 8e dc b7 06 82 45 99 af b8 | 84 10 02 00 00 00 00 00 00 00 02 14 00 00 01 f8 | 00 01 01 00 46 e5 31 8d 4c c9 ff 8e dc b7 06 82 | 45 99 af b8 05 10 02 01 00 00 00 00 00 00 08 0c | f6 38 8b 8a 24 b1 ce d6 6c 04 15 6c 6d 0e 93 c1 | e6 87 ef 01 78 00 42 e9 ef 50 3d f3 52 58 f2 96 | d1 a9 a3 5a 80 eb 70 29 02 b1 59 fc c0 1d a4 2b | 2d 87 82 af 5e e5 87 44 94 c9 dd 95 de 6b 1b 22 | 8c dd d7 bb 9a eb a0 0e bf e9 99 96 67 ed 28 94 | 68 5a 61 58 ec dd b5 5a e7 62 e0 b6 5d 10 00 6b | 58 b7 84 c7 6e 31 df bf 02 80 6a d2 65 38 49 c3 | 3a b6 21 da f2 31 b2 ef 63 82 cc a1 21 41 84 9b | 96 28 cd ae 6f 8c eb 05 f1 26 0c af 60 93 00 ef | aa aa 21 4b 71 92 ef 5d b5 25 03 a0 ae bb 8a 1f | 3a 2b 98 7a 4a 63 94 48 76 24 b0 1f 7c 32 b1 b6 | d5 ad 76 7f 11 15 9c 04 e7 fb b8 d4 04 af 61 60 | 42 05 48 6c c8 7a ab c3 8b 3b 0c 0b e2 6b ab eb | 63 70 b1 1e c5 2f 48 89 1a 33 85 75 62 1b 0d c2 | 95 4c 82 93 a6 89 4e 28 a6 69 0b ff cf 12 e0 62 | da 52 0d 53 bb 7d ed a6 0d 48 8e 0c 48 b2 ff 58 | c2 cc 1e 0a df d6 63 55 65 35 00 ac b0 9d 77 a5 | 19 07 40 ea 2a a2 54 be 45 6c ff 40 3e ae 7e a5 | a4 72 74 7d 44 5d 7f 7d 97 3f 29 0c 57 31 8f 61 | 8e 1a a9 dc 67 5d 58 99 76 18 da 3c 06 7c 38 59 | 5a f8 97 9a 8f 66 31 f2 6b 16 99 ee 05 1c 22 53 | 04 13 8b e8 39 34 89 2a 2d e7 0c 36 30 36 fe 02 | df d8 2f 99 65 29 a1 ae bb ce f0 05 1a 5d c4 f1 | 2a 1e 2e 29 cd 89 e9 55 d9 64 5a c2 99 82 ef 76 | 1f 91 a6 27 63 47 09 c6 39 2c 2e 7e 50 77 78 c4 | 04 a2 49 a6 ff 58 19 aa 4c b1 bb 73 b3 d0 78 1b | cd b4 2b 23 45 a2 93 0b 00 ee 5f fa 95 98 c2 26 | 05 96 87 e2 63 5a f2 be 97 55 d6 4d 2a 93 dd 05 | 5d 8f 82 1a cb e7 da 0f cc 95 af 29 ce 7a 2f ec | fa 8e 49 41 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 46 e5 31 8d 4c c9 ff 8e | responder cookie: | dc b7 06 82 45 99 af b8 | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 532 (0x214) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #2 in MAIN_R2 (find_state_ikev1) | start processing: state #2 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_v1_packet() at ikev1.c:1459) | ***parse ISAKMP IKE Fragment Payload: | length: 504 (0x1f8) | fragment id: 1 (0x1) | fragment number: 1 (0x1) | flags: 0 (0x0) | received IKE fragment id '1', number '1' | stop processing: from 192.1.2.45:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #2 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.0889 milliseconds in comm_handle_cb() reading and processing packet | timer_event_cb: processing event@0x55e900760a98 | handling event EVENT_RETRANSMIT for parent state #2 | start processing: state #2 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in timer_event_cb() at timer.c:250) | IKEv1 retransmit event | [RE]START processing: state #2 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in retransmit_v1_msg() at retry.c:61) | handling event EVENT_RETRANSMIT for 192.1.2.45 "westnet-eastnet-x509-cr" #2 keying attempt 0 of 0; retransmit 3 | retransmits: current time 29851.942092; retransmit count 2 exceeds limit? NO; deltatime 2 exceeds limit? NO; monotime 2.003547 exceeds limit? NO | event_schedule: new EVENT_RETRANSMIT-pe@0x7fad00002b78 | inserting event EVENT_RETRANSMIT, timeout in 2 seconds for #2 | libevent_malloc: new ptr-libevent@0x7fad00002888 size 128 "westnet-eastnet-x509-cr" #2: STATE_MAIN_R2: retransmission; will wait 2 seconds for response | sending 396 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #2) | 46 e5 31 8d 4c c9 ff 8e dc b7 06 82 45 99 af b8 | 04 10 02 00 00 00 00 00 00 00 01 8c 0a 00 01 04 | c0 62 18 ca 80 07 c3 64 60 4d e8 ea 6c e2 f0 99 | 50 e9 80 7d 76 d4 bf 0b 15 6c b9 0c ac eb 18 99 | a0 c3 61 d1 4c 7e 73 4c d1 8b 09 d6 40 d2 c4 af | 63 62 ff 26 2b f3 4f 00 2e 1c 2c e5 b3 ea 70 b3 | e2 b0 67 e1 e3 a8 bb b0 41 0e ff fc 1b 51 bc b1 | 29 15 fb ba 79 6c b5 c1 d7 c5 f6 31 eb db 41 0d | 7f e2 e3 0b 3a b5 1c f7 90 e8 33 d9 f0 f3 4a 79 | 32 03 e6 e3 7a 8e f8 00 5f 07 d2 4a 53 63 55 9e | af 6e 4f 70 09 6a cc 74 24 ae 16 d2 c8 31 1c 2f | 87 6c 14 86 14 af d5 67 b9 9c 8d e6 bc 06 95 dc | 1a 82 0a fe 30 d7 5f 7a 49 88 20 94 be 77 c2 28 | cd d9 26 bb 92 5e 19 3a 2a 47 7a 69 fd 7e 5c f6 | 47 8a b9 48 11 37 40 5e a8 ed 73 a9 1c 28 ad 98 | 7b c2 8f 8c 5d e5 e3 3c 35 af 44 cc e6 af 54 dc | e8 5d ad 1a 17 a1 73 05 31 cd ad c4 fa 78 45 10 | a0 f6 d2 76 0d 55 3a a3 64 2f a9 4a 8d 94 ff a5 | 14 00 00 24 c6 69 ca 6d 1e 78 fd 17 68 a8 34 28 | a8 13 a2 75 cd 66 52 4d 39 a4 e2 a9 cd 33 22 8b | d8 c2 84 aa 14 00 00 24 51 56 35 0d d1 d5 02 d3 | 22 e9 fd e7 e5 18 2b 32 3c 0b 12 b5 5f 45 06 46 | b9 3b b6 84 aa 61 e9 fb 00 00 00 24 11 62 00 6c | 0c e8 ae 19 1e 1c a1 fa 47 f1 31 59 dc f9 84 d9 | 30 dc f7 c5 4a 98 db ea 77 ce 7b e3 | libevent_free: release ptr-libevent@0x55e900777b18 | free_event_entry: release EVENT_RETRANSMIT-pe@0x55e900760a98 | #2 spent 0.0669 milliseconds in timer_event_cb() EVENT_RETRANSMIT | stop processing: state #2 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in timer_event_cb() at timer.c:557) | spent 0.00109 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 532 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 46 e5 31 8d 4c c9 ff 8e dc b7 06 82 45 99 af b8 | 84 10 02 00 00 00 00 00 00 00 02 14 00 00 01 f8 | 00 01 02 00 a0 62 2f 4f b7 bc 2c d5 b4 2f 91 24 | c7 b2 78 bd 3f 99 d3 b2 2f dc f1 3c 19 79 ae 25 | 0c bf 5d 72 8c d6 81 d3 e9 02 45 0f ab a1 92 98 | 13 08 38 3b fb 91 34 80 7d a2 7b 73 a3 02 31 2f | fb 3f a1 d0 f4 0f 69 66 e0 8b f3 d1 82 ae 6b 00 | 70 6a a2 26 22 01 c3 38 55 fc 47 68 fe 48 28 72 | 62 39 06 70 86 bc 3d 24 0c fd f4 25 c0 7a 54 34 | bf 63 0b 7b 7a e0 73 7a e5 42 9b 3c 6e cc ee 35 | 46 3d ab 06 89 22 21 25 db 1a b2 cc ff 8f 13 9b | 69 9c 07 00 eb a4 58 49 e8 26 05 67 7b 50 ea 35 | 73 22 26 9e f7 36 44 7f e4 84 7f f4 19 84 10 7a | 84 07 6e 21 7a 73 f3 ce 39 3a 35 c2 8f 8f 5b db | ff f6 2b 9c dc ad a1 66 d2 7c 74 b6 fc a6 d8 d3 | 10 34 41 b4 6a 8c f9 d1 10 e3 08 d7 43 70 09 3f | bc 96 d1 64 66 44 1a bd e4 31 9c 77 2e e6 10 ce | e9 c0 99 56 87 3c 4a 09 62 ad d2 c4 b9 fd 6f 2d | 4a 00 af a8 13 45 ba 3f 0f 2b 78 11 75 33 6e d7 | 09 1c d8 9c a9 83 9a 42 fe be 3d b5 8b 2f 1c 0d | a5 30 70 14 34 dc 69 48 39 3a 0e 59 db 39 37 fc | 7d 33 e8 c6 fc 45 b2 db 5f 61 89 0a 79 30 46 22 | 03 e7 82 1b e4 eb 3c b0 7a c7 10 9c 29 33 42 ff | 29 b3 a6 89 33 22 2d a5 a2 56 9e 4c eb 3e ec fb | 72 dc 95 2f bc 0d 35 c1 c6 1a 6f 0b 83 0e 8a bd | 5d 10 52 a5 42 cc 88 ea 7f 56 38 20 65 ab 30 c7 | ee 66 e3 49 66 45 1a 94 c8 a8 1d cf 56 59 6a 53 | fb 21 95 e0 38 a8 1f 44 32 6a 27 d6 8e 69 38 44 | f7 33 47 35 93 2b d0 37 93 ff a4 8c 7c 1b b7 8f | 91 f2 c4 05 f2 81 de ad 87 24 da 85 b1 f2 8b f4 | 75 95 a0 a4 47 5e 93 b6 22 77 b4 07 ca a4 27 7c | 7b 5f bb 08 ed f0 94 b0 90 6c c3 f3 09 ab a9 1d | eb 39 17 85 7a 7a 5c 52 0d e3 66 6f 2c 3b b9 12 | 21 cb fc 1b | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 46 e5 31 8d 4c c9 ff 8e | responder cookie: | dc b7 06 82 45 99 af b8 | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 532 (0x214) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #2 in MAIN_R2 (find_state_ikev1) | start processing: state #2 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_v1_packet() at ikev1.c:1459) | ***parse ISAKMP IKE Fragment Payload: | length: 504 (0x1f8) | fragment id: 1 (0x1) | fragment number: 2 (0x2) | flags: 0 (0x0) | received IKE fragment id '1', number '2' | stop processing: from 192.1.2.45:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #2 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.0744 milliseconds in comm_handle_cb() reading and processing packet | spent 0.000975 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 532 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 46 e5 31 8d 4c c9 ff 8e dc b7 06 82 45 99 af b8 | 84 10 02 00 00 00 00 00 00 00 02 14 00 00 01 f8 | 00 01 03 00 cc b7 5a e2 4e 50 c6 2b 04 a8 cc 6e | c2 f8 9a 11 a0 57 fc 1f 93 c3 33 8f 59 ce f9 c5 | df 73 e0 d9 44 46 1c 56 ec 14 ca fd 2b 1e ea 24 | 96 18 71 93 4b b2 f0 f2 f4 d3 c3 40 44 cb b9 e0 | 09 f3 31 3d 35 42 6f 51 d0 88 5e 6f f9 f6 df 3b | b2 c0 87 7d f2 7a 5e 2d 46 7e 08 fe ec 77 92 f2 | 7c 54 bb b2 49 d4 f8 50 20 1f bd 77 9d 7d 28 a6 | b3 6a 26 bd 45 c9 f3 d1 df ec ae e6 17 86 78 aa | 37 d9 06 b3 d3 83 36 e9 18 d6 be 5b e1 bd 85 fd | f0 9f c3 e6 7e 41 49 31 af 19 8f 2e c6 1e 04 b3 | 64 71 a1 0a 8e d0 8f e2 74 d0 83 45 1e d0 d2 b8 | 33 5d 0c 45 1f 12 49 20 52 4b d3 3f 19 5d d2 1f | eb e3 16 79 7d b6 e8 c5 63 3a 2c 07 ae ba 54 d2 | a9 2d f5 c5 96 01 03 e1 70 b1 e5 3a 7d 06 a5 66 | c4 55 39 4e 62 34 39 58 62 a9 13 ab 8b 7f d0 97 | ac fc ed df 2e 8d df ce c7 12 3a cd 5e 8e 08 9d | 55 66 7e 09 a5 1b 18 4e a0 e5 80 2d a9 78 ef 8e | b1 20 5c 71 30 99 db 4f 41 bc aa 54 ef 30 c5 50 | 7c 3a 2d 52 0e 5c 8a 03 4b 33 d5 68 0c a0 ad 3c | e9 31 b9 d0 d3 82 df 3e e5 2f ea 04 a8 ba a3 29 | e3 7f 25 ce 14 78 76 7c a6 ca f6 0c 15 c6 67 0b | 62 82 46 67 d3 c9 63 32 e4 71 fc b5 1e d6 0c 7e | 9b 17 38 71 b2 17 8a 10 d7 6f a5 4d 9d a6 23 76 | 2c 35 43 2a 73 78 3e 12 7b 6e 58 19 5e d7 4a 41 | 03 19 96 bd 0a ee a3 8f 28 73 f0 fc 77 af 93 0f | 3b fa 6a 8f 89 dd 27 06 3f a0 84 84 b1 bd 6b a7 | ef ef 6b de a0 06 b3 4f 55 af 22 5f 80 36 d0 93 | 62 1a 46 db 8a 64 e2 b0 e6 9b 5d 38 10 ff a9 e2 | 5c 59 7d 52 13 aa 50 90 0d c7 e8 0b e5 7d 43 bc | 3d c9 3e 6b 5a 69 87 66 c9 57 8f 80 ad 53 5d 6c | 69 c2 71 bc c0 09 04 d2 6f 25 74 01 6f 5e 12 38 | 1d dd de e0 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 46 e5 31 8d 4c c9 ff 8e | responder cookie: | dc b7 06 82 45 99 af b8 | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 532 (0x214) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #2 in MAIN_R2 (find_state_ikev1) | start processing: state #2 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_v1_packet() at ikev1.c:1459) | ***parse ISAKMP IKE Fragment Payload: | length: 504 (0x1f8) | fragment id: 1 (0x1) | fragment number: 3 (0x3) | flags: 0 (0x0) | received IKE fragment id '1', number '3' | stop processing: from 192.1.2.45:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #2 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.0738 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00095 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 532 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 46 e5 31 8d 4c c9 ff 8e dc b7 06 82 45 99 af b8 | 84 10 02 00 00 00 00 00 00 00 02 14 00 00 01 f8 | 00 01 04 00 8d 98 59 d3 2e 41 f1 69 33 ec 8f 65 | ea f4 94 4b 67 b6 e3 33 b6 44 7c 91 a3 65 51 70 | 2f fd 13 23 ba 19 b8 a5 58 ff 2b bb 53 1f fd 44 | e7 b0 13 41 2e 9a 45 06 25 70 ea 64 61 d8 64 f3 | d2 95 8c 33 23 e4 97 1c 41 d0 e0 8a bd 2a 8c 99 | 55 5f c1 dd ad a4 41 0f e1 fb 3b f9 c5 bb 91 57 | b5 87 4e bd fe 03 72 d1 eb 92 c1 4e 33 a8 87 32 | fe da df 1a 30 44 d5 ca c5 55 b7 c3 3f ce 96 a3 | bb 2d 64 95 71 89 50 2d 69 0b b0 21 2b 6d 69 fa | 92 c9 d4 80 29 2f 9f 94 23 3e e2 dd 4e dc 6a 81 | e1 81 41 99 a2 9c 52 9c 9a 66 c0 f3 0f 29 13 02 | b9 ec f0 39 b1 fe 4d e5 d5 53 9a 17 5c 3b 52 dd | 62 4e 75 bf 82 3c 45 2b a9 12 78 a0 79 bd 6a 22 | 6b 38 88 fd 1f b7 e2 28 8e 3e a4 8b d3 d1 e0 ab | c2 d3 4b 7b 20 ff 54 d9 0c 1c 29 f3 1b ef 5f e2 | 2a a8 7f 4d 1a 21 3d 79 ee 9a a2 cd 33 6a 3e 3f | f2 ed 60 6f 2f 4b 02 71 21 45 e3 f9 29 39 2b 3b | 08 3e 49 20 5f c3 73 6c d1 c6 27 37 7e 07 5d 89 | 3b 37 91 36 a1 35 b4 37 c7 f6 53 52 68 a2 69 fa | 89 a7 4b 3d ad 88 2b 2a d4 7d 7b 14 5d d7 b6 35 | f4 d9 a3 80 1c 10 41 89 b5 e9 c3 a4 49 72 2c 0e | db f6 73 80 65 8a f9 a1 5b a7 23 4a d7 2c 19 ff | fc 1c d9 bb 93 a3 fe fb d9 9f 07 09 97 d5 47 32 | 77 e7 10 f2 cd 40 d7 1c 0e ce 6d 49 6d 79 ed 2c | e6 3b ca 9c db 0b e9 66 b2 7a 3c e4 43 72 fe 08 | f6 62 75 e1 cd 65 b0 25 5f 51 c8 ae 82 08 ad b8 | 31 17 f1 e6 9b fe 19 73 18 79 26 ae ab 17 20 3c | 45 0c 33 98 f1 cb 0e 97 aa 0c d2 a8 35 af a9 7b | 9e 7c 4e 02 2d ea f9 16 5c 8e 8b 69 8e 54 3b aa | 45 a9 60 86 53 42 84 39 91 23 a3 84 ad 3a 40 43 | 5f 08 57 68 a2 e8 12 18 b4 34 b1 9a 36 57 3a 90 | c0 98 81 06 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 46 e5 31 8d 4c c9 ff 8e | responder cookie: | dc b7 06 82 45 99 af b8 | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 532 (0x214) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #2 in MAIN_R2 (find_state_ikev1) | start processing: state #2 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_v1_packet() at ikev1.c:1459) | ***parse ISAKMP IKE Fragment Payload: | length: 504 (0x1f8) | fragment id: 1 (0x1) | fragment number: 4 (0x4) | flags: 0 (0x0) | received IKE fragment id '1', number '4' | stop processing: from 192.1.2.45:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #2 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.0722 milliseconds in comm_handle_cb() reading and processing packet | spent 0.000944 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 112 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 46 e5 31 8d 4c c9 ff 8e dc b7 06 82 45 99 af b8 | 84 10 02 00 00 00 00 00 00 00 00 70 00 00 00 54 | 00 01 05 01 6b 8f e7 ed a8 2e 0c 71 fa ea 05 bc | 4c 19 5a fc 2e 58 e8 9b 9c 93 59 3a bb 12 c8 cd | 0b 57 bc 7f 1f 2c 69 43 2e 67 9c 1a 86 fd d0 d9 | b1 ad 4d da d7 47 5d 6c 55 8c 83 59 b1 e9 8a c3 | 94 fc 1f 15 00 f1 b3 cc bf 7e e6 57 fd 31 78 2a | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 46 e5 31 8d 4c c9 ff 8e | responder cookie: | dc b7 06 82 45 99 af b8 | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 112 (0x70) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #2 in MAIN_R2 (find_state_ikev1) | start processing: state #2 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_v1_packet() at ikev1.c:1459) | ***parse ISAKMP IKE Fragment Payload: | length: 84 (0x54) | fragment id: 1 (0x1) | fragment number: 5 (0x5) | flags: 1 (0x1) | received IKE fragment id '1', number '5'(last) | **parse ISAKMP Message: | initiator cookie: | 46 e5 31 8d 4c c9 ff 8e | responder cookie: | dc b7 06 82 45 99 af b8 | next payload type: ISAKMP_NEXT_ID (0x5) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 0 (0x0) | length: 2060 (0x80c) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #2 in MAIN_R2 (find_state_ikev1) | [RE]START processing: state #2 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_v1_packet() at ikev1.c:1459) | #2 is idle | #2 idle | received encrypted packet from 192.1.2.45:500 | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x220 opt: 0x20c0 | ***parse ISAKMP Identification Payload: | next payload type: ISAKMP_NEXT_CERT (0x6) | length: 191 (0xbf) | ID type: ID_DER_ASN1_DN (0x9) | DOI specific A: 0 (0x0) | DOI specific B: 0 (0x0) | obj: 30 81 b4 31 0b 30 09 06 03 55 04 06 13 02 43 41 | obj: 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 | obj: 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 | obj: 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c | obj: 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 | obj: 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 | obj: 6e 74 31 23 30 21 06 03 55 04 03 0c 1a 77 65 73 | obj: 74 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 | obj: 77 61 6e 2e 6f 72 67 31 2e 30 2c 06 09 2a 86 48 | obj: 86 f7 0d 01 09 01 16 1f 75 73 65 72 2d 77 65 73 | obj: 74 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 | obj: 77 61 6e 2e 6f 72 67 | got payload 0x40 (ISAKMP_NEXT_CERT) needed: 0x200 opt: 0x20c0 | ***parse ISAKMP Certificate Payload: | next payload type: ISAKMP_NEXT_CR (0x7) | length: 1265 (0x4f1) | cert encoding: CERT_X509_SIGNATURE (0x4) | got payload 0x80 (ISAKMP_NEXT_CR) needed: 0x200 opt: 0x20c0 | ***parse ISAKMP Certificate RequestPayload: | next payload type: ISAKMP_NEXT_SIG (0x9) | length: 180 (0xb4) | cert type: CERT_X509_SIGNATURE (0x4) | got payload 0x200 (ISAKMP_NEXT_SIG) needed: 0x200 opt: 0x20c0 | ***parse ISAKMP Signature Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 388 (0x184) | removing 8 bytes of padding | message 'main_inI3_outR3' HASH payload not checked early | DER ASN1 DN: 30 81 b4 31 0b 30 09 06 03 55 04 06 13 02 43 41 | DER ASN1 DN: 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 | DER ASN1 DN: 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 | DER ASN1 DN: 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c | DER ASN1 DN: 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 | DER ASN1 DN: 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 | DER ASN1 DN: 6e 74 31 23 30 21 06 03 55 04 03 0c 1a 77 65 73 | DER ASN1 DN: 74 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 | DER ASN1 DN: 77 61 6e 2e 6f 72 67 31 2e 30 2c 06 09 2a 86 48 | DER ASN1 DN: 86 f7 0d 01 09 01 16 1f 75 73 65 72 2d 77 65 73 | DER ASN1 DN: 74 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 | DER ASN1 DN: 77 61 6e 2e 6f 72 67 "westnet-eastnet-x509-cr" #2: Peer ID is ID_DER_ASN1_DN: 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west.testing.libreswan.org, E=user-west@testing.libreswan.org' | global one-shot timer EVENT_FREE_ROOT_CERTS scheduled in 300 seconds | #2 spent 0.00309 milliseconds in find_and_verify_certs() calling get_root_certs() | checking for known CERT payloads | saving certificate of type 'X509_SIGNATURE' | decoded cert: E=user-west@testing.libreswan.org,CN=west.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA | #2 spent 0.197 milliseconds in find_and_verify_certs() calling decode_cert_payloads() | cert_issuer_has_current_crl: looking for a CRL issued by E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA | #2 spent 0.0439 milliseconds in find_and_verify_certs() calling crl_update_check() | missing or expired CRL | crl_strict: 0, ocsp: 0, ocsp_strict: 0, ocsp_post: 0 | verify_end_cert trying profile IPsec "westnet-eastnet-x509-cr" #2: Certificate E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA failed IPsec verification "westnet-eastnet-x509-cr" #2: ERROR: The certificate was signed using a signature algorithm that is disabled because it is not secure. | #2 spent 0.336 milliseconds in find_and_verify_certs() calling verify_end_cert() "westnet-eastnet-x509-cr" #2: X509: Certificate rejected for this connection "westnet-eastnet-x509-cr" #2: X509: CERT payload bogus or revoked | Peer ID failed to decode | complete v1 state transition with INVALID_ID_INFORMATION | [RE]START processing: state #2 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in complete_v1_state_transition() at ikev1.c:2673) | #2 is idle "westnet-eastnet-x509-cr" #2: sending encrypted notification INVALID_ID_INFORMATION to 192.1.2.45:500 | **emit ISAKMP Message: | initiator cookie: | 46 e5 31 8d 4c c9 ff 8e | responder cookie: | dc b7 06 82 45 99 af b8 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_INFO (0x5) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 3990403578 (0xedd8b9fa) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'notification msg' | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload | emitting length of ISAKMP Hash Payload: 36 | ***emit ISAKMP Notification Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | DOI: ISAKMP_DOI_IPSEC (0x1) | protocol ID: 1 (0x1) | SPI size: 0 (0x0) | Notify Message Type: INVALID_ID_INFORMATION (0x12) | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Notification Payload (11:ISAKMP_NEXT_N) | next payload chain: saving location 'ISAKMP Notification Payload'.'next payload type' in 'notification msg' | emitting length of ISAKMP Notification Payload: 12 | send notification HASH(1): | da 51 2d bc 74 a9 fd 65 22 32 1b 05 a4 45 8a 29 | b6 4d 8e dd 68 01 25 e1 2b cf f3 b4 d5 65 7b 17 | no IKEv1 message padding required | emitting length of ISAKMP Message: 76 | sending 76 bytes for notification packet through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #2) | 46 e5 31 8d 4c c9 ff 8e dc b7 06 82 45 99 af b8 | 08 10 05 01 ed d8 b9 fa 00 00 00 4c 8a 0f 8d 95 | 2d 72 28 81 82 1f 8a 50 7b 18 fb ec d8 04 da 62 | 68 6f 9f 5e 4a fa 38 a9 1f ac c4 3f e8 97 c8 11 | e4 ac fa 55 2d 88 e7 27 37 13 e6 b5 | state transition function for STATE_MAIN_R2 failed: INVALID_ID_INFORMATION | #2 spent 1.22 milliseconds in process_packet_tail() | updated IKE fragment state to respond using fragments without waiting for re-transmits | stop processing: from 192.1.2.45:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #2 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 1.37 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00291 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 532 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 46 e5 31 8d 4c c9 ff 8e dc b7 06 82 45 99 af b8 | 84 10 02 00 00 00 00 00 00 00 02 14 00 00 01 f8 | 00 01 01 00 46 e5 31 8d 4c c9 ff 8e dc b7 06 82 | 45 99 af b8 05 10 02 01 00 00 00 00 00 00 08 0c | f6 38 8b 8a 24 b1 ce d6 6c 04 15 6c 6d 0e 93 c1 | e6 87 ef 01 78 00 42 e9 ef 50 3d f3 52 58 f2 96 | d1 a9 a3 5a 80 eb 70 29 02 b1 59 fc c0 1d a4 2b | 2d 87 82 af 5e e5 87 44 94 c9 dd 95 de 6b 1b 22 | 8c dd d7 bb 9a eb a0 0e bf e9 99 96 67 ed 28 94 | 68 5a 61 58 ec dd b5 5a e7 62 e0 b6 5d 10 00 6b | 58 b7 84 c7 6e 31 df bf 02 80 6a d2 65 38 49 c3 | 3a b6 21 da f2 31 b2 ef 63 82 cc a1 21 41 84 9b | 96 28 cd ae 6f 8c eb 05 f1 26 0c af 60 93 00 ef | aa aa 21 4b 71 92 ef 5d b5 25 03 a0 ae bb 8a 1f | 3a 2b 98 7a 4a 63 94 48 76 24 b0 1f 7c 32 b1 b6 | d5 ad 76 7f 11 15 9c 04 e7 fb b8 d4 04 af 61 60 | 42 05 48 6c c8 7a ab c3 8b 3b 0c 0b e2 6b ab eb | 63 70 b1 1e c5 2f 48 89 1a 33 85 75 62 1b 0d c2 | 95 4c 82 93 a6 89 4e 28 a6 69 0b ff cf 12 e0 62 | da 52 0d 53 bb 7d ed a6 0d 48 8e 0c 48 b2 ff 58 | c2 cc 1e 0a df d6 63 55 65 35 00 ac b0 9d 77 a5 | 19 07 40 ea 2a a2 54 be 45 6c ff 40 3e ae 7e a5 | a4 72 74 7d 44 5d 7f 7d 97 3f 29 0c 57 31 8f 61 | 8e 1a a9 dc 67 5d 58 99 76 18 da 3c 06 7c 38 59 | 5a f8 97 9a 8f 66 31 f2 6b 16 99 ee 05 1c 22 53 | 04 13 8b e8 39 34 89 2a 2d e7 0c 36 30 36 fe 02 | df d8 2f 99 65 29 a1 ae bb ce f0 05 1a 5d c4 f1 | 2a 1e 2e 29 cd 89 e9 55 d9 64 5a c2 99 82 ef 76 | 1f 91 a6 27 63 47 09 c6 39 2c 2e 7e 50 77 78 c4 | 04 a2 49 a6 ff 58 19 aa 4c b1 bb 73 b3 d0 78 1b | cd b4 2b 23 45 a2 93 0b 00 ee 5f fa 95 98 c2 26 | 05 96 87 e2 63 5a f2 be 97 55 d6 4d 2a 93 dd 05 | 5d 8f 82 1a cb e7 da 0f cc 95 af 29 ce 7a 2f ec | fa 8e 49 41 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 46 e5 31 8d 4c c9 ff 8e | responder cookie: | dc b7 06 82 45 99 af b8 | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 532 (0x214) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #2 in MAIN_R2 (find_state_ikev1) | start processing: state #2 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_v1_packet() at ikev1.c:1459) | ***parse ISAKMP IKE Fragment Payload: | length: 504 (0x1f8) | fragment id: 1 (0x1) | fragment number: 1 (0x1) | flags: 0 (0x0) | received IKE fragment id '1', number '1' | stop processing: from 192.1.2.45:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #2 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.131 milliseconds in comm_handle_cb() reading and processing packet | timer_event_cb: processing event@0x7fad00002b78 | handling event EVENT_RETRANSMIT for parent state #2 | start processing: state #2 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in timer_event_cb() at timer.c:250) | IKEv1 retransmit event | [RE]START processing: state #2 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in retransmit_v1_msg() at retry.c:61) | handling event EVENT_RETRANSMIT for 192.1.2.45 "westnet-eastnet-x509-cr" #2 keying attempt 0 of 0; retransmit 4 | retransmits: current time 29853.944144; retransmit count 3 exceeds limit? NO; deltatime 4 exceeds limit? NO; monotime 4.005599 exceeds limit? NO | event_schedule: new EVENT_RETRANSMIT-pe@0x55e900760a98 | inserting event EVENT_RETRANSMIT, timeout in 4 seconds for #2 | libevent_malloc: new ptr-libevent@0x55e900777b18 size 128 "westnet-eastnet-x509-cr" #2: STATE_MAIN_R2: retransmission; will wait 4 seconds for response | sending 396 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #2) | 46 e5 31 8d 4c c9 ff 8e dc b7 06 82 45 99 af b8 | 04 10 02 00 00 00 00 00 00 00 01 8c 0a 00 01 04 | c0 62 18 ca 80 07 c3 64 60 4d e8 ea 6c e2 f0 99 | 50 e9 80 7d 76 d4 bf 0b 15 6c b9 0c ac eb 18 99 | a0 c3 61 d1 4c 7e 73 4c d1 8b 09 d6 40 d2 c4 af | 63 62 ff 26 2b f3 4f 00 2e 1c 2c e5 b3 ea 70 b3 | e2 b0 67 e1 e3 a8 bb b0 41 0e ff fc 1b 51 bc b1 | 29 15 fb ba 79 6c b5 c1 d7 c5 f6 31 eb db 41 0d | 7f e2 e3 0b 3a b5 1c f7 90 e8 33 d9 f0 f3 4a 79 | 32 03 e6 e3 7a 8e f8 00 5f 07 d2 4a 53 63 55 9e | af 6e 4f 70 09 6a cc 74 24 ae 16 d2 c8 31 1c 2f | 87 6c 14 86 14 af d5 67 b9 9c 8d e6 bc 06 95 dc | 1a 82 0a fe 30 d7 5f 7a 49 88 20 94 be 77 c2 28 | cd d9 26 bb 92 5e 19 3a 2a 47 7a 69 fd 7e 5c f6 | 47 8a b9 48 11 37 40 5e a8 ed 73 a9 1c 28 ad 98 | 7b c2 8f 8c 5d e5 e3 3c 35 af 44 cc e6 af 54 dc | e8 5d ad 1a 17 a1 73 05 31 cd ad c4 fa 78 45 10 | a0 f6 d2 76 0d 55 3a a3 64 2f a9 4a 8d 94 ff a5 | 14 00 00 24 c6 69 ca 6d 1e 78 fd 17 68 a8 34 28 | a8 13 a2 75 cd 66 52 4d 39 a4 e2 a9 cd 33 22 8b | d8 c2 84 aa 14 00 00 24 51 56 35 0d d1 d5 02 d3 | 22 e9 fd e7 e5 18 2b 32 3c 0b 12 b5 5f 45 06 46 | b9 3b b6 84 aa 61 e9 fb 00 00 00 24 11 62 00 6c | 0c e8 ae 19 1e 1c a1 fa 47 f1 31 59 dc f9 84 d9 | 30 dc f7 c5 4a 98 db ea 77 ce 7b e3 | libevent_free: release ptr-libevent@0x7fad00002888 | free_event_entry: release EVENT_RETRANSMIT-pe@0x7fad00002b78 | #2 spent 0.0961 milliseconds in timer_event_cb() EVENT_RETRANSMIT | stop processing: state #2 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in timer_event_cb() at timer.c:557) | spent 0.0014 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 532 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 46 e5 31 8d 4c c9 ff 8e dc b7 06 82 45 99 af b8 | 84 10 02 00 00 00 00 00 00 00 02 14 00 00 01 f8 | 00 01 02 00 a0 62 2f 4f b7 bc 2c d5 b4 2f 91 24 | c7 b2 78 bd 3f 99 d3 b2 2f dc f1 3c 19 79 ae 25 | 0c bf 5d 72 8c d6 81 d3 e9 02 45 0f ab a1 92 98 | 13 08 38 3b fb 91 34 80 7d a2 7b 73 a3 02 31 2f | fb 3f a1 d0 f4 0f 69 66 e0 8b f3 d1 82 ae 6b 00 | 70 6a a2 26 22 01 c3 38 55 fc 47 68 fe 48 28 72 | 62 39 06 70 86 bc 3d 24 0c fd f4 25 c0 7a 54 34 | bf 63 0b 7b 7a e0 73 7a e5 42 9b 3c 6e cc ee 35 | 46 3d ab 06 89 22 21 25 db 1a b2 cc ff 8f 13 9b | 69 9c 07 00 eb a4 58 49 e8 26 05 67 7b 50 ea 35 | 73 22 26 9e f7 36 44 7f e4 84 7f f4 19 84 10 7a | 84 07 6e 21 7a 73 f3 ce 39 3a 35 c2 8f 8f 5b db | ff f6 2b 9c dc ad a1 66 d2 7c 74 b6 fc a6 d8 d3 | 10 34 41 b4 6a 8c f9 d1 10 e3 08 d7 43 70 09 3f | bc 96 d1 64 66 44 1a bd e4 31 9c 77 2e e6 10 ce | e9 c0 99 56 87 3c 4a 09 62 ad d2 c4 b9 fd 6f 2d | 4a 00 af a8 13 45 ba 3f 0f 2b 78 11 75 33 6e d7 | 09 1c d8 9c a9 83 9a 42 fe be 3d b5 8b 2f 1c 0d | a5 30 70 14 34 dc 69 48 39 3a 0e 59 db 39 37 fc | 7d 33 e8 c6 fc 45 b2 db 5f 61 89 0a 79 30 46 22 | 03 e7 82 1b e4 eb 3c b0 7a c7 10 9c 29 33 42 ff | 29 b3 a6 89 33 22 2d a5 a2 56 9e 4c eb 3e ec fb | 72 dc 95 2f bc 0d 35 c1 c6 1a 6f 0b 83 0e 8a bd | 5d 10 52 a5 42 cc 88 ea 7f 56 38 20 65 ab 30 c7 | ee 66 e3 49 66 45 1a 94 c8 a8 1d cf 56 59 6a 53 | fb 21 95 e0 38 a8 1f 44 32 6a 27 d6 8e 69 38 44 | f7 33 47 35 93 2b d0 37 93 ff a4 8c 7c 1b b7 8f | 91 f2 c4 05 f2 81 de ad 87 24 da 85 b1 f2 8b f4 | 75 95 a0 a4 47 5e 93 b6 22 77 b4 07 ca a4 27 7c | 7b 5f bb 08 ed f0 94 b0 90 6c c3 f3 09 ab a9 1d | eb 39 17 85 7a 7a 5c 52 0d e3 66 6f 2c 3b b9 12 | 21 cb fc 1b | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 46 e5 31 8d 4c c9 ff 8e | responder cookie: | dc b7 06 82 45 99 af b8 | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 532 (0x214) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #2 in MAIN_R2 (find_state_ikev1) | start processing: state #2 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_v1_packet() at ikev1.c:1459) | ***parse ISAKMP IKE Fragment Payload: | length: 504 (0x1f8) | fragment id: 1 (0x1) | fragment number: 2 (0x2) | flags: 0 (0x0) | received IKE fragment id '1', number '2' | stop processing: from 192.1.2.45:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #2 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.114 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00125 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 532 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 46 e5 31 8d 4c c9 ff 8e dc b7 06 82 45 99 af b8 | 84 10 02 00 00 00 00 00 00 00 02 14 00 00 01 f8 | 00 01 03 00 cc b7 5a e2 4e 50 c6 2b 04 a8 cc 6e | c2 f8 9a 11 a0 57 fc 1f 93 c3 33 8f 59 ce f9 c5 | df 73 e0 d9 44 46 1c 56 ec 14 ca fd 2b 1e ea 24 | 96 18 71 93 4b b2 f0 f2 f4 d3 c3 40 44 cb b9 e0 | 09 f3 31 3d 35 42 6f 51 d0 88 5e 6f f9 f6 df 3b | b2 c0 87 7d f2 7a 5e 2d 46 7e 08 fe ec 77 92 f2 | 7c 54 bb b2 49 d4 f8 50 20 1f bd 77 9d 7d 28 a6 | b3 6a 26 bd 45 c9 f3 d1 df ec ae e6 17 86 78 aa | 37 d9 06 b3 d3 83 36 e9 18 d6 be 5b e1 bd 85 fd | f0 9f c3 e6 7e 41 49 31 af 19 8f 2e c6 1e 04 b3 | 64 71 a1 0a 8e d0 8f e2 74 d0 83 45 1e d0 d2 b8 | 33 5d 0c 45 1f 12 49 20 52 4b d3 3f 19 5d d2 1f | eb e3 16 79 7d b6 e8 c5 63 3a 2c 07 ae ba 54 d2 | a9 2d f5 c5 96 01 03 e1 70 b1 e5 3a 7d 06 a5 66 | c4 55 39 4e 62 34 39 58 62 a9 13 ab 8b 7f d0 97 | ac fc ed df 2e 8d df ce c7 12 3a cd 5e 8e 08 9d | 55 66 7e 09 a5 1b 18 4e a0 e5 80 2d a9 78 ef 8e | b1 20 5c 71 30 99 db 4f 41 bc aa 54 ef 30 c5 50 | 7c 3a 2d 52 0e 5c 8a 03 4b 33 d5 68 0c a0 ad 3c | e9 31 b9 d0 d3 82 df 3e e5 2f ea 04 a8 ba a3 29 | e3 7f 25 ce 14 78 76 7c a6 ca f6 0c 15 c6 67 0b | 62 82 46 67 d3 c9 63 32 e4 71 fc b5 1e d6 0c 7e | 9b 17 38 71 b2 17 8a 10 d7 6f a5 4d 9d a6 23 76 | 2c 35 43 2a 73 78 3e 12 7b 6e 58 19 5e d7 4a 41 | 03 19 96 bd 0a ee a3 8f 28 73 f0 fc 77 af 93 0f | 3b fa 6a 8f 89 dd 27 06 3f a0 84 84 b1 bd 6b a7 | ef ef 6b de a0 06 b3 4f 55 af 22 5f 80 36 d0 93 | 62 1a 46 db 8a 64 e2 b0 e6 9b 5d 38 10 ff a9 e2 | 5c 59 7d 52 13 aa 50 90 0d c7 e8 0b e5 7d 43 bc | 3d c9 3e 6b 5a 69 87 66 c9 57 8f 80 ad 53 5d 6c | 69 c2 71 bc c0 09 04 d2 6f 25 74 01 6f 5e 12 38 | 1d dd de e0 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 46 e5 31 8d 4c c9 ff 8e | responder cookie: | dc b7 06 82 45 99 af b8 | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 532 (0x214) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #2 in MAIN_R2 (find_state_ikev1) | start processing: state #2 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_v1_packet() at ikev1.c:1459) | ***parse ISAKMP IKE Fragment Payload: | length: 504 (0x1f8) | fragment id: 1 (0x1) | fragment number: 3 (0x3) | flags: 0 (0x0) | received IKE fragment id '1', number '3' | stop processing: from 192.1.2.45:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #2 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.113 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00128 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 532 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 46 e5 31 8d 4c c9 ff 8e dc b7 06 82 45 99 af b8 | 84 10 02 00 00 00 00 00 00 00 02 14 00 00 01 f8 | 00 01 04 00 8d 98 59 d3 2e 41 f1 69 33 ec 8f 65 | ea f4 94 4b 67 b6 e3 33 b6 44 7c 91 a3 65 51 70 | 2f fd 13 23 ba 19 b8 a5 58 ff 2b bb 53 1f fd 44 | e7 b0 13 41 2e 9a 45 06 25 70 ea 64 61 d8 64 f3 | d2 95 8c 33 23 e4 97 1c 41 d0 e0 8a bd 2a 8c 99 | 55 5f c1 dd ad a4 41 0f e1 fb 3b f9 c5 bb 91 57 | b5 87 4e bd fe 03 72 d1 eb 92 c1 4e 33 a8 87 32 | fe da df 1a 30 44 d5 ca c5 55 b7 c3 3f ce 96 a3 | bb 2d 64 95 71 89 50 2d 69 0b b0 21 2b 6d 69 fa | 92 c9 d4 80 29 2f 9f 94 23 3e e2 dd 4e dc 6a 81 | e1 81 41 99 a2 9c 52 9c 9a 66 c0 f3 0f 29 13 02 | b9 ec f0 39 b1 fe 4d e5 d5 53 9a 17 5c 3b 52 dd | 62 4e 75 bf 82 3c 45 2b a9 12 78 a0 79 bd 6a 22 | 6b 38 88 fd 1f b7 e2 28 8e 3e a4 8b d3 d1 e0 ab | c2 d3 4b 7b 20 ff 54 d9 0c 1c 29 f3 1b ef 5f e2 | 2a a8 7f 4d 1a 21 3d 79 ee 9a a2 cd 33 6a 3e 3f | f2 ed 60 6f 2f 4b 02 71 21 45 e3 f9 29 39 2b 3b | 08 3e 49 20 5f c3 73 6c d1 c6 27 37 7e 07 5d 89 | 3b 37 91 36 a1 35 b4 37 c7 f6 53 52 68 a2 69 fa | 89 a7 4b 3d ad 88 2b 2a d4 7d 7b 14 5d d7 b6 35 | f4 d9 a3 80 1c 10 41 89 b5 e9 c3 a4 49 72 2c 0e | db f6 73 80 65 8a f9 a1 5b a7 23 4a d7 2c 19 ff | fc 1c d9 bb 93 a3 fe fb d9 9f 07 09 97 d5 47 32 | 77 e7 10 f2 cd 40 d7 1c 0e ce 6d 49 6d 79 ed 2c | e6 3b ca 9c db 0b e9 66 b2 7a 3c e4 43 72 fe 08 | f6 62 75 e1 cd 65 b0 25 5f 51 c8 ae 82 08 ad b8 | 31 17 f1 e6 9b fe 19 73 18 79 26 ae ab 17 20 3c | 45 0c 33 98 f1 cb 0e 97 aa 0c d2 a8 35 af a9 7b | 9e 7c 4e 02 2d ea f9 16 5c 8e 8b 69 8e 54 3b aa | 45 a9 60 86 53 42 84 39 91 23 a3 84 ad 3a 40 43 | 5f 08 57 68 a2 e8 12 18 b4 34 b1 9a 36 57 3a 90 | c0 98 81 06 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 46 e5 31 8d 4c c9 ff 8e | responder cookie: | dc b7 06 82 45 99 af b8 | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 532 (0x214) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #2 in MAIN_R2 (find_state_ikev1) | start processing: state #2 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_v1_packet() at ikev1.c:1459) | ***parse ISAKMP IKE Fragment Payload: | length: 504 (0x1f8) | fragment id: 1 (0x1) | fragment number: 4 (0x4) | flags: 0 (0x0) | received IKE fragment id '1', number '4' | stop processing: from 192.1.2.45:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #2 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.113 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00118 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 112 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 46 e5 31 8d 4c c9 ff 8e dc b7 06 82 45 99 af b8 | 84 10 02 00 00 00 00 00 00 00 00 70 00 00 00 54 | 00 01 05 01 6b 8f e7 ed a8 2e 0c 71 fa ea 05 bc | 4c 19 5a fc 2e 58 e8 9b 9c 93 59 3a bb 12 c8 cd | 0b 57 bc 7f 1f 2c 69 43 2e 67 9c 1a 86 fd d0 d9 | b1 ad 4d da d7 47 5d 6c 55 8c 83 59 b1 e9 8a c3 | 94 fc 1f 15 00 f1 b3 cc bf 7e e6 57 fd 31 78 2a | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 46 e5 31 8d 4c c9 ff 8e | responder cookie: | dc b7 06 82 45 99 af b8 | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 112 (0x70) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #2 in MAIN_R2 (find_state_ikev1) | start processing: state #2 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_v1_packet() at ikev1.c:1459) | ***parse ISAKMP IKE Fragment Payload: | length: 84 (0x54) | fragment id: 1 (0x1) | fragment number: 5 (0x5) | flags: 1 (0x1) | received IKE fragment id '1', number '5'(last) | **parse ISAKMP Message: | initiator cookie: | 46 e5 31 8d 4c c9 ff 8e | responder cookie: | dc b7 06 82 45 99 af b8 | next payload type: ISAKMP_NEXT_ID (0x5) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 0 (0x0) | length: 2060 (0x80c) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #2 in MAIN_R2 (find_state_ikev1) | [RE]START processing: state #2 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_v1_packet() at ikev1.c:1459) | #2 is idle | #2 idle | received encrypted packet from 192.1.2.45:500 | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x220 opt: 0x20c0 | ***parse ISAKMP Identification Payload: | next payload type: ISAKMP_NEXT_CERT (0x6) | length: 191 (0xbf) | ID type: ID_DER_ASN1_DN (0x9) | DOI specific A: 0 (0x0) | DOI specific B: 0 (0x0) | obj: 30 81 b4 31 0b 30 09 06 03 55 04 06 13 02 43 41 | obj: 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 | obj: 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 | obj: 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c | obj: 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 | obj: 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 | obj: 6e 74 31 23 30 21 06 03 55 04 03 0c 1a 77 65 73 | obj: 74 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 | obj: 77 61 6e 2e 6f 72 67 31 2e 30 2c 06 09 2a 86 48 | obj: 86 f7 0d 01 09 01 16 1f 75 73 65 72 2d 77 65 73 | obj: 74 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 | obj: 77 61 6e 2e 6f 72 67 | got payload 0x40 (ISAKMP_NEXT_CERT) needed: 0x200 opt: 0x20c0 | ***parse ISAKMP Certificate Payload: | next payload type: ISAKMP_NEXT_CR (0x7) | length: 1265 (0x4f1) | cert encoding: CERT_X509_SIGNATURE (0x4) | got payload 0x80 (ISAKMP_NEXT_CR) needed: 0x200 opt: 0x20c0 | ***parse ISAKMP Certificate RequestPayload: | next payload type: ISAKMP_NEXT_SIG (0x9) | length: 180 (0xb4) | cert type: CERT_X509_SIGNATURE (0x4) | got payload 0x200 (ISAKMP_NEXT_SIG) needed: 0x200 opt: 0x20c0 | ***parse ISAKMP Signature Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 388 (0x184) | removing 8 bytes of padding | message 'main_inI3_outR3' HASH payload not checked early | DER ASN1 DN: 30 81 b4 31 0b 30 09 06 03 55 04 06 13 02 43 41 | DER ASN1 DN: 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 | DER ASN1 DN: 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 | DER ASN1 DN: 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c | DER ASN1 DN: 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 | DER ASN1 DN: 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 | DER ASN1 DN: 6e 74 31 23 30 21 06 03 55 04 03 0c 1a 77 65 73 | DER ASN1 DN: 74 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 | DER ASN1 DN: 77 61 6e 2e 6f 72 67 31 2e 30 2c 06 09 2a 86 48 | DER ASN1 DN: 86 f7 0d 01 09 01 16 1f 75 73 65 72 2d 77 65 73 | DER ASN1 DN: 74 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 | DER ASN1 DN: 77 61 6e 2e 6f 72 67 "westnet-eastnet-x509-cr" #2: Peer ID is ID_DER_ASN1_DN: 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west.testing.libreswan.org, E=user-west@testing.libreswan.org' | global one-shot timer EVENT_FREE_ROOT_CERTS scheduled in 300 seconds | #2 spent 0.00407 milliseconds in find_and_verify_certs() calling get_root_certs() | checking for known CERT payloads | saving certificate of type 'X509_SIGNATURE' | decoded cert: E=user-west@testing.libreswan.org,CN=west.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA | #2 spent 0.267 milliseconds in find_and_verify_certs() calling decode_cert_payloads() | cert_issuer_has_current_crl: looking for a CRL issued by E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA | #2 spent 0.0394 milliseconds in find_and_verify_certs() calling crl_update_check() | missing or expired CRL | crl_strict: 0, ocsp: 0, ocsp_strict: 0, ocsp_post: 0 | verify_end_cert trying profile IPsec "westnet-eastnet-x509-cr" #2: Certificate E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA failed IPsec verification "westnet-eastnet-x509-cr" #2: ERROR: The certificate was signed using a signature algorithm that is disabled because it is not secure. | #2 spent 0.367 milliseconds in find_and_verify_certs() calling verify_end_cert() "westnet-eastnet-x509-cr" #2: X509: Certificate rejected for this connection "westnet-eastnet-x509-cr" #2: X509: CERT payload bogus or revoked | Peer ID failed to decode | complete v1 state transition with INVALID_ID_INFORMATION | [RE]START processing: state #2 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in complete_v1_state_transition() at ikev1.c:2673) | #2 is idle "westnet-eastnet-x509-cr" #2: sending encrypted notification INVALID_ID_INFORMATION to 192.1.2.45:500 | **emit ISAKMP Message: | initiator cookie: | 46 e5 31 8d 4c c9 ff 8e | responder cookie: | dc b7 06 82 45 99 af b8 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_INFO (0x5) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 3764837480 (0xe066dc68) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'notification msg' | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload | emitting length of ISAKMP Hash Payload: 36 | ***emit ISAKMP Notification Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | DOI: ISAKMP_DOI_IPSEC (0x1) | protocol ID: 1 (0x1) | SPI size: 0 (0x0) | Notify Message Type: INVALID_ID_INFORMATION (0x12) | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Notification Payload (11:ISAKMP_NEXT_N) | next payload chain: saving location 'ISAKMP Notification Payload'.'next payload type' in 'notification msg' | emitting length of ISAKMP Notification Payload: 12 | send notification HASH(1): | 7f 66 21 c7 e6 87 07 68 96 a9 d1 27 e1 c9 8f 30 | 7d 8c 53 3d 03 03 03 d4 27 66 08 db b5 ec e1 fd | no IKEv1 message padding required | emitting length of ISAKMP Message: 76 | sending 76 bytes for notification packet through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #2) | 46 e5 31 8d 4c c9 ff 8e dc b7 06 82 45 99 af b8 | 08 10 05 01 e0 66 dc 68 00 00 00 4c 79 28 c0 7d | 39 68 aa 3e ef 4a d3 21 32 81 a9 2a 9d ac e9 3d | c3 3f f3 c6 b8 55 56 87 60 95 e4 0b b7 c8 98 26 | 6a b7 d9 07 96 6c 8f b0 f8 c3 08 21 | state transition function for STATE_MAIN_R2 failed: INVALID_ID_INFORMATION | #2 spent 0.935 milliseconds in process_packet_tail() | updated IKE fragment state to respond using fragments without waiting for re-transmits | stop processing: from 192.1.2.45:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #2 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 1.16 milliseconds in comm_handle_cb() reading and processing packet | timer_event_cb: processing event@0x55e900760a98 | handling event EVENT_RETRANSMIT for parent state #2 | start processing: state #2 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in timer_event_cb() at timer.c:250) | IKEv1 retransmit event | [RE]START processing: state #2 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in retransmit_v1_msg() at retry.c:61) | handling event EVENT_RETRANSMIT for 192.1.2.45 "westnet-eastnet-x509-cr" #2 keying attempt 0 of 0; retransmit 5 | retransmits: current time 29857.949808; retransmit count 4 exceeds limit? NO; deltatime 8 exceeds limit? NO; monotime 8.011263 exceeds limit? NO | event_schedule: new EVENT_RETRANSMIT-pe@0x7fad00002b78 | inserting event EVENT_RETRANSMIT, timeout in 8 seconds for #2 | libevent_malloc: new ptr-libevent@0x7fad00002888 size 128 "westnet-eastnet-x509-cr" #2: STATE_MAIN_R2: retransmission; will wait 8 seconds for response | sending 396 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #2) | 46 e5 31 8d 4c c9 ff 8e dc b7 06 82 45 99 af b8 | 04 10 02 00 00 00 00 00 00 00 01 8c 0a 00 01 04 | c0 62 18 ca 80 07 c3 64 60 4d e8 ea 6c e2 f0 99 | 50 e9 80 7d 76 d4 bf 0b 15 6c b9 0c ac eb 18 99 | a0 c3 61 d1 4c 7e 73 4c d1 8b 09 d6 40 d2 c4 af | 63 62 ff 26 2b f3 4f 00 2e 1c 2c e5 b3 ea 70 b3 | e2 b0 67 e1 e3 a8 bb b0 41 0e ff fc 1b 51 bc b1 | 29 15 fb ba 79 6c b5 c1 d7 c5 f6 31 eb db 41 0d | 7f e2 e3 0b 3a b5 1c f7 90 e8 33 d9 f0 f3 4a 79 | 32 03 e6 e3 7a 8e f8 00 5f 07 d2 4a 53 63 55 9e | af 6e 4f 70 09 6a cc 74 24 ae 16 d2 c8 31 1c 2f | 87 6c 14 86 14 af d5 67 b9 9c 8d e6 bc 06 95 dc | 1a 82 0a fe 30 d7 5f 7a 49 88 20 94 be 77 c2 28 | cd d9 26 bb 92 5e 19 3a 2a 47 7a 69 fd 7e 5c f6 | 47 8a b9 48 11 37 40 5e a8 ed 73 a9 1c 28 ad 98 | 7b c2 8f 8c 5d e5 e3 3c 35 af 44 cc e6 af 54 dc | e8 5d ad 1a 17 a1 73 05 31 cd ad c4 fa 78 45 10 | a0 f6 d2 76 0d 55 3a a3 64 2f a9 4a 8d 94 ff a5 | 14 00 00 24 c6 69 ca 6d 1e 78 fd 17 68 a8 34 28 | a8 13 a2 75 cd 66 52 4d 39 a4 e2 a9 cd 33 22 8b | d8 c2 84 aa 14 00 00 24 51 56 35 0d d1 d5 02 d3 | 22 e9 fd e7 e5 18 2b 32 3c 0b 12 b5 5f 45 06 46 | b9 3b b6 84 aa 61 e9 fb 00 00 00 24 11 62 00 6c | 0c e8 ae 19 1e 1c a1 fa 47 f1 31 59 dc f9 84 d9 | 30 dc f7 c5 4a 98 db ea 77 ce 7b e3 | libevent_free: release ptr-libevent@0x55e900777b18 | free_event_entry: release EVENT_RETRANSMIT-pe@0x55e900760a98 | #2 spent 0.141 milliseconds in timer_event_cb() EVENT_RETRANSMIT | stop processing: state #2 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in timer_event_cb() at timer.c:557) | spent 0.00327 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 532 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 46 e5 31 8d 4c c9 ff 8e dc b7 06 82 45 99 af b8 | 84 10 02 00 00 00 00 00 00 00 02 14 00 00 01 f8 | 00 01 01 00 46 e5 31 8d 4c c9 ff 8e dc b7 06 82 | 45 99 af b8 05 10 02 01 00 00 00 00 00 00 08 0c | f6 38 8b 8a 24 b1 ce d6 6c 04 15 6c 6d 0e 93 c1 | e6 87 ef 01 78 00 42 e9 ef 50 3d f3 52 58 f2 96 | d1 a9 a3 5a 80 eb 70 29 02 b1 59 fc c0 1d a4 2b | 2d 87 82 af 5e e5 87 44 94 c9 dd 95 de 6b 1b 22 | 8c dd d7 bb 9a eb a0 0e bf e9 99 96 67 ed 28 94 | 68 5a 61 58 ec dd b5 5a e7 62 e0 b6 5d 10 00 6b | 58 b7 84 c7 6e 31 df bf 02 80 6a d2 65 38 49 c3 | 3a b6 21 da f2 31 b2 ef 63 82 cc a1 21 41 84 9b | 96 28 cd ae 6f 8c eb 05 f1 26 0c af 60 93 00 ef | aa aa 21 4b 71 92 ef 5d b5 25 03 a0 ae bb 8a 1f | 3a 2b 98 7a 4a 63 94 48 76 24 b0 1f 7c 32 b1 b6 | d5 ad 76 7f 11 15 9c 04 e7 fb b8 d4 04 af 61 60 | 42 05 48 6c c8 7a ab c3 8b 3b 0c 0b e2 6b ab eb | 63 70 b1 1e c5 2f 48 89 1a 33 85 75 62 1b 0d c2 | 95 4c 82 93 a6 89 4e 28 a6 69 0b ff cf 12 e0 62 | da 52 0d 53 bb 7d ed a6 0d 48 8e 0c 48 b2 ff 58 | c2 cc 1e 0a df d6 63 55 65 35 00 ac b0 9d 77 a5 | 19 07 40 ea 2a a2 54 be 45 6c ff 40 3e ae 7e a5 | a4 72 74 7d 44 5d 7f 7d 97 3f 29 0c 57 31 8f 61 | 8e 1a a9 dc 67 5d 58 99 76 18 da 3c 06 7c 38 59 | 5a f8 97 9a 8f 66 31 f2 6b 16 99 ee 05 1c 22 53 | 04 13 8b e8 39 34 89 2a 2d e7 0c 36 30 36 fe 02 | df d8 2f 99 65 29 a1 ae bb ce f0 05 1a 5d c4 f1 | 2a 1e 2e 29 cd 89 e9 55 d9 64 5a c2 99 82 ef 76 | 1f 91 a6 27 63 47 09 c6 39 2c 2e 7e 50 77 78 c4 | 04 a2 49 a6 ff 58 19 aa 4c b1 bb 73 b3 d0 78 1b | cd b4 2b 23 45 a2 93 0b 00 ee 5f fa 95 98 c2 26 | 05 96 87 e2 63 5a f2 be 97 55 d6 4d 2a 93 dd 05 | 5d 8f 82 1a cb e7 da 0f cc 95 af 29 ce 7a 2f ec | fa 8e 49 41 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 46 e5 31 8d 4c c9 ff 8e | responder cookie: | dc b7 06 82 45 99 af b8 | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 532 (0x214) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #2 in MAIN_R2 (find_state_ikev1) | start processing: state #2 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_v1_packet() at ikev1.c:1459) | ***parse ISAKMP IKE Fragment Payload: | length: 504 (0x1f8) | fragment id: 1 (0x1) | fragment number: 1 (0x1) | flags: 0 (0x0) | received IKE fragment id '1', number '1' | stop processing: from 192.1.2.45:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #2 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.142 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00156 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 532 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 46 e5 31 8d 4c c9 ff 8e dc b7 06 82 45 99 af b8 | 84 10 02 00 00 00 00 00 00 00 02 14 00 00 01 f8 | 00 01 02 00 a0 62 2f 4f b7 bc 2c d5 b4 2f 91 24 | c7 b2 78 bd 3f 99 d3 b2 2f dc f1 3c 19 79 ae 25 | 0c bf 5d 72 8c d6 81 d3 e9 02 45 0f ab a1 92 98 | 13 08 38 3b fb 91 34 80 7d a2 7b 73 a3 02 31 2f | fb 3f a1 d0 f4 0f 69 66 e0 8b f3 d1 82 ae 6b 00 | 70 6a a2 26 22 01 c3 38 55 fc 47 68 fe 48 28 72 | 62 39 06 70 86 bc 3d 24 0c fd f4 25 c0 7a 54 34 | bf 63 0b 7b 7a e0 73 7a e5 42 9b 3c 6e cc ee 35 | 46 3d ab 06 89 22 21 25 db 1a b2 cc ff 8f 13 9b | 69 9c 07 00 eb a4 58 49 e8 26 05 67 7b 50 ea 35 | 73 22 26 9e f7 36 44 7f e4 84 7f f4 19 84 10 7a | 84 07 6e 21 7a 73 f3 ce 39 3a 35 c2 8f 8f 5b db | ff f6 2b 9c dc ad a1 66 d2 7c 74 b6 fc a6 d8 d3 | 10 34 41 b4 6a 8c f9 d1 10 e3 08 d7 43 70 09 3f | bc 96 d1 64 66 44 1a bd e4 31 9c 77 2e e6 10 ce | e9 c0 99 56 87 3c 4a 09 62 ad d2 c4 b9 fd 6f 2d | 4a 00 af a8 13 45 ba 3f 0f 2b 78 11 75 33 6e d7 | 09 1c d8 9c a9 83 9a 42 fe be 3d b5 8b 2f 1c 0d | a5 30 70 14 34 dc 69 48 39 3a 0e 59 db 39 37 fc | 7d 33 e8 c6 fc 45 b2 db 5f 61 89 0a 79 30 46 22 | 03 e7 82 1b e4 eb 3c b0 7a c7 10 9c 29 33 42 ff | 29 b3 a6 89 33 22 2d a5 a2 56 9e 4c eb 3e ec fb | 72 dc 95 2f bc 0d 35 c1 c6 1a 6f 0b 83 0e 8a bd | 5d 10 52 a5 42 cc 88 ea 7f 56 38 20 65 ab 30 c7 | ee 66 e3 49 66 45 1a 94 c8 a8 1d cf 56 59 6a 53 | fb 21 95 e0 38 a8 1f 44 32 6a 27 d6 8e 69 38 44 | f7 33 47 35 93 2b d0 37 93 ff a4 8c 7c 1b b7 8f | 91 f2 c4 05 f2 81 de ad 87 24 da 85 b1 f2 8b f4 | 75 95 a0 a4 47 5e 93 b6 22 77 b4 07 ca a4 27 7c | 7b 5f bb 08 ed f0 94 b0 90 6c c3 f3 09 ab a9 1d | eb 39 17 85 7a 7a 5c 52 0d e3 66 6f 2c 3b b9 12 | 21 cb fc 1b | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 46 e5 31 8d 4c c9 ff 8e | responder cookie: | dc b7 06 82 45 99 af b8 | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 532 (0x214) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #2 in MAIN_R2 (find_state_ikev1) | start processing: state #2 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_v1_packet() at ikev1.c:1459) | ***parse ISAKMP IKE Fragment Payload: | length: 504 (0x1f8) | fragment id: 1 (0x1) | fragment number: 2 (0x2) | flags: 0 (0x0) | received IKE fragment id '1', number '2' | stop processing: from 192.1.2.45:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #2 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.119 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00145 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 532 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 46 e5 31 8d 4c c9 ff 8e dc b7 06 82 45 99 af b8 | 84 10 02 00 00 00 00 00 00 00 02 14 00 00 01 f8 | 00 01 03 00 cc b7 5a e2 4e 50 c6 2b 04 a8 cc 6e | c2 f8 9a 11 a0 57 fc 1f 93 c3 33 8f 59 ce f9 c5 | df 73 e0 d9 44 46 1c 56 ec 14 ca fd 2b 1e ea 24 | 96 18 71 93 4b b2 f0 f2 f4 d3 c3 40 44 cb b9 e0 | 09 f3 31 3d 35 42 6f 51 d0 88 5e 6f f9 f6 df 3b | b2 c0 87 7d f2 7a 5e 2d 46 7e 08 fe ec 77 92 f2 | 7c 54 bb b2 49 d4 f8 50 20 1f bd 77 9d 7d 28 a6 | b3 6a 26 bd 45 c9 f3 d1 df ec ae e6 17 86 78 aa | 37 d9 06 b3 d3 83 36 e9 18 d6 be 5b e1 bd 85 fd | f0 9f c3 e6 7e 41 49 31 af 19 8f 2e c6 1e 04 b3 | 64 71 a1 0a 8e d0 8f e2 74 d0 83 45 1e d0 d2 b8 | 33 5d 0c 45 1f 12 49 20 52 4b d3 3f 19 5d d2 1f | eb e3 16 79 7d b6 e8 c5 63 3a 2c 07 ae ba 54 d2 | a9 2d f5 c5 96 01 03 e1 70 b1 e5 3a 7d 06 a5 66 | c4 55 39 4e 62 34 39 58 62 a9 13 ab 8b 7f d0 97 | ac fc ed df 2e 8d df ce c7 12 3a cd 5e 8e 08 9d | 55 66 7e 09 a5 1b 18 4e a0 e5 80 2d a9 78 ef 8e | b1 20 5c 71 30 99 db 4f 41 bc aa 54 ef 30 c5 50 | 7c 3a 2d 52 0e 5c 8a 03 4b 33 d5 68 0c a0 ad 3c | e9 31 b9 d0 d3 82 df 3e e5 2f ea 04 a8 ba a3 29 | e3 7f 25 ce 14 78 76 7c a6 ca f6 0c 15 c6 67 0b | 62 82 46 67 d3 c9 63 32 e4 71 fc b5 1e d6 0c 7e | 9b 17 38 71 b2 17 8a 10 d7 6f a5 4d 9d a6 23 76 | 2c 35 43 2a 73 78 3e 12 7b 6e 58 19 5e d7 4a 41 | 03 19 96 bd 0a ee a3 8f 28 73 f0 fc 77 af 93 0f | 3b fa 6a 8f 89 dd 27 06 3f a0 84 84 b1 bd 6b a7 | ef ef 6b de a0 06 b3 4f 55 af 22 5f 80 36 d0 93 | 62 1a 46 db 8a 64 e2 b0 e6 9b 5d 38 10 ff a9 e2 | 5c 59 7d 52 13 aa 50 90 0d c7 e8 0b e5 7d 43 bc | 3d c9 3e 6b 5a 69 87 66 c9 57 8f 80 ad 53 5d 6c | 69 c2 71 bc c0 09 04 d2 6f 25 74 01 6f 5e 12 38 | 1d dd de e0 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 46 e5 31 8d 4c c9 ff 8e | responder cookie: | dc b7 06 82 45 99 af b8 | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 532 (0x214) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #2 in MAIN_R2 (find_state_ikev1) | start processing: state #2 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_v1_packet() at ikev1.c:1459) | ***parse ISAKMP IKE Fragment Payload: | length: 504 (0x1f8) | fragment id: 1 (0x1) | fragment number: 3 (0x3) | flags: 0 (0x0) | received IKE fragment id '1', number '3' | stop processing: from 192.1.2.45:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #2 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.118 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00159 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 532 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 46 e5 31 8d 4c c9 ff 8e dc b7 06 82 45 99 af b8 | 84 10 02 00 00 00 00 00 00 00 02 14 00 00 01 f8 | 00 01 04 00 8d 98 59 d3 2e 41 f1 69 33 ec 8f 65 | ea f4 94 4b 67 b6 e3 33 b6 44 7c 91 a3 65 51 70 | 2f fd 13 23 ba 19 b8 a5 58 ff 2b bb 53 1f fd 44 | e7 b0 13 41 2e 9a 45 06 25 70 ea 64 61 d8 64 f3 | d2 95 8c 33 23 e4 97 1c 41 d0 e0 8a bd 2a 8c 99 | 55 5f c1 dd ad a4 41 0f e1 fb 3b f9 c5 bb 91 57 | b5 87 4e bd fe 03 72 d1 eb 92 c1 4e 33 a8 87 32 | fe da df 1a 30 44 d5 ca c5 55 b7 c3 3f ce 96 a3 | bb 2d 64 95 71 89 50 2d 69 0b b0 21 2b 6d 69 fa | 92 c9 d4 80 29 2f 9f 94 23 3e e2 dd 4e dc 6a 81 | e1 81 41 99 a2 9c 52 9c 9a 66 c0 f3 0f 29 13 02 | b9 ec f0 39 b1 fe 4d e5 d5 53 9a 17 5c 3b 52 dd | 62 4e 75 bf 82 3c 45 2b a9 12 78 a0 79 bd 6a 22 | 6b 38 88 fd 1f b7 e2 28 8e 3e a4 8b d3 d1 e0 ab | c2 d3 4b 7b 20 ff 54 d9 0c 1c 29 f3 1b ef 5f e2 | 2a a8 7f 4d 1a 21 3d 79 ee 9a a2 cd 33 6a 3e 3f | f2 ed 60 6f 2f 4b 02 71 21 45 e3 f9 29 39 2b 3b | 08 3e 49 20 5f c3 73 6c d1 c6 27 37 7e 07 5d 89 | 3b 37 91 36 a1 35 b4 37 c7 f6 53 52 68 a2 69 fa | 89 a7 4b 3d ad 88 2b 2a d4 7d 7b 14 5d d7 b6 35 | f4 d9 a3 80 1c 10 41 89 b5 e9 c3 a4 49 72 2c 0e | db f6 73 80 65 8a f9 a1 5b a7 23 4a d7 2c 19 ff | fc 1c d9 bb 93 a3 fe fb d9 9f 07 09 97 d5 47 32 | 77 e7 10 f2 cd 40 d7 1c 0e ce 6d 49 6d 79 ed 2c | e6 3b ca 9c db 0b e9 66 b2 7a 3c e4 43 72 fe 08 | f6 62 75 e1 cd 65 b0 25 5f 51 c8 ae 82 08 ad b8 | 31 17 f1 e6 9b fe 19 73 18 79 26 ae ab 17 20 3c | 45 0c 33 98 f1 cb 0e 97 aa 0c d2 a8 35 af a9 7b | 9e 7c 4e 02 2d ea f9 16 5c 8e 8b 69 8e 54 3b aa | 45 a9 60 86 53 42 84 39 91 23 a3 84 ad 3a 40 43 | 5f 08 57 68 a2 e8 12 18 b4 34 b1 9a 36 57 3a 90 | c0 98 81 06 | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 46 e5 31 8d 4c c9 ff 8e | responder cookie: | dc b7 06 82 45 99 af b8 | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 532 (0x214) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #2 in MAIN_R2 (find_state_ikev1) | start processing: state #2 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_v1_packet() at ikev1.c:1459) | ***parse ISAKMP IKE Fragment Payload: | length: 504 (0x1f8) | fragment id: 1 (0x1) | fragment number: 4 (0x4) | flags: 0 (0x0) | received IKE fragment id '1', number '4' | stop processing: from 192.1.2.45:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #2 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.122 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00148 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 112 bytes from 192.1.2.45:500 on eth1 (192.1.2.23:500) | 46 e5 31 8d 4c c9 ff 8e dc b7 06 82 45 99 af b8 | 84 10 02 00 00 00 00 00 00 00 00 70 00 00 00 54 | 00 01 05 01 6b 8f e7 ed a8 2e 0c 71 fa ea 05 bc | 4c 19 5a fc 2e 58 e8 9b 9c 93 59 3a bb 12 c8 cd | 0b 57 bc 7f 1f 2c 69 43 2e 67 9c 1a 86 fd d0 d9 | b1 ad 4d da d7 47 5d 6c 55 8c 83 59 b1 e9 8a c3 | 94 fc 1f 15 00 f1 b3 cc bf 7e e6 57 fd 31 78 2a | start processing: from 192.1.2.45:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 46 e5 31 8d 4c c9 ff 8e | responder cookie: | dc b7 06 82 45 99 af b8 | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 112 (0x70) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #2 in MAIN_R2 (find_state_ikev1) | start processing: state #2 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_v1_packet() at ikev1.c:1459) | ***parse ISAKMP IKE Fragment Payload: | length: 84 (0x54) | fragment id: 1 (0x1) | fragment number: 5 (0x5) | flags: 1 (0x1) | received IKE fragment id '1', number '5'(last) | **parse ISAKMP Message: | initiator cookie: | 46 e5 31 8d 4c c9 ff 8e | responder cookie: | dc b7 06 82 45 99 af b8 | next payload type: ISAKMP_NEXT_ID (0x5) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 0 (0x0) | length: 2060 (0x80c) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #2 in MAIN_R2 (find_state_ikev1) | [RE]START processing: state #2 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_v1_packet() at ikev1.c:1459) | #2 is idle | #2 idle | received encrypted packet from 192.1.2.45:500 | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x220 opt: 0x20c0 | ***parse ISAKMP Identification Payload: | next payload type: ISAKMP_NEXT_CERT (0x6) | length: 191 (0xbf) | ID type: ID_DER_ASN1_DN (0x9) | DOI specific A: 0 (0x0) | DOI specific B: 0 (0x0) | obj: 30 81 b4 31 0b 30 09 06 03 55 04 06 13 02 43 41 | obj: 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 | obj: 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 | obj: 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c | obj: 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 | obj: 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 | obj: 6e 74 31 23 30 21 06 03 55 04 03 0c 1a 77 65 73 | obj: 74 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 | obj: 77 61 6e 2e 6f 72 67 31 2e 30 2c 06 09 2a 86 48 | obj: 86 f7 0d 01 09 01 16 1f 75 73 65 72 2d 77 65 73 | obj: 74 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 | obj: 77 61 6e 2e 6f 72 67 | got payload 0x40 (ISAKMP_NEXT_CERT) needed: 0x200 opt: 0x20c0 | ***parse ISAKMP Certificate Payload: | next payload type: ISAKMP_NEXT_CR (0x7) | length: 1265 (0x4f1) | cert encoding: CERT_X509_SIGNATURE (0x4) | got payload 0x80 (ISAKMP_NEXT_CR) needed: 0x200 opt: 0x20c0 | ***parse ISAKMP Certificate RequestPayload: | next payload type: ISAKMP_NEXT_SIG (0x9) | length: 180 (0xb4) | cert type: CERT_X509_SIGNATURE (0x4) | got payload 0x200 (ISAKMP_NEXT_SIG) needed: 0x200 opt: 0x20c0 | ***parse ISAKMP Signature Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 388 (0x184) | removing 8 bytes of padding | message 'main_inI3_outR3' HASH payload not checked early | DER ASN1 DN: 30 81 b4 31 0b 30 09 06 03 55 04 06 13 02 43 41 | DER ASN1 DN: 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 | DER ASN1 DN: 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 | DER ASN1 DN: 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c | DER ASN1 DN: 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 | DER ASN1 DN: 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 | DER ASN1 DN: 6e 74 31 23 30 21 06 03 55 04 03 0c 1a 77 65 73 | DER ASN1 DN: 74 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 | DER ASN1 DN: 77 61 6e 2e 6f 72 67 31 2e 30 2c 06 09 2a 86 48 | DER ASN1 DN: 86 f7 0d 01 09 01 16 1f 75 73 65 72 2d 77 65 73 | DER ASN1 DN: 74 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 | DER ASN1 DN: 77 61 6e 2e 6f 72 67 "westnet-eastnet-x509-cr" #2: Peer ID is ID_DER_ASN1_DN: 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=west.testing.libreswan.org, E=user-west@testing.libreswan.org' | global one-shot timer EVENT_FREE_ROOT_CERTS scheduled in 300 seconds | #2 spent 0.00634 milliseconds in find_and_verify_certs() calling get_root_certs() | checking for known CERT payloads | saving certificate of type 'X509_SIGNATURE' | decoded cert: E=user-west@testing.libreswan.org,CN=west.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA | #2 spent 0.309 milliseconds in find_and_verify_certs() calling decode_cert_payloads() | cert_issuer_has_current_crl: looking for a CRL issued by E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA | #2 spent 0.0455 milliseconds in find_and_verify_certs() calling crl_update_check() | missing or expired CRL | crl_strict: 0, ocsp: 0, ocsp_strict: 0, ocsp_post: 0 | verify_end_cert trying profile IPsec "westnet-eastnet-x509-cr" #2: Certificate E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA failed IPsec verification "westnet-eastnet-x509-cr" #2: ERROR: The certificate was signed using a signature algorithm that is disabled because it is not secure. | #2 spent 0.407 milliseconds in find_and_verify_certs() calling verify_end_cert() "westnet-eastnet-x509-cr" #2: X509: Certificate rejected for this connection "westnet-eastnet-x509-cr" #2: X509: CERT payload bogus or revoked | Peer ID failed to decode | complete v1 state transition with INVALID_ID_INFORMATION | [RE]START processing: state #2 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in complete_v1_state_transition() at ikev1.c:2673) | #2 is idle "westnet-eastnet-x509-cr" #2: sending encrypted notification INVALID_ID_INFORMATION to 192.1.2.45:500 | **emit ISAKMP Message: | initiator cookie: | 46 e5 31 8d 4c c9 ff 8e | responder cookie: | dc b7 06 82 45 99 af b8 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_INFO (0x5) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 1324283670 (0x4eeef716) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'notification msg' | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload | emitting length of ISAKMP Hash Payload: 36 | ***emit ISAKMP Notification Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | DOI: ISAKMP_DOI_IPSEC (0x1) | protocol ID: 1 (0x1) | SPI size: 0 (0x0) | Notify Message Type: INVALID_ID_INFORMATION (0x12) | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Notification Payload (11:ISAKMP_NEXT_N) | next payload chain: saving location 'ISAKMP Notification Payload'.'next payload type' in 'notification msg' | emitting length of ISAKMP Notification Payload: 12 | send notification HASH(1): | 50 9b e5 65 a7 34 7c 57 fc 5b 74 33 49 43 33 4a | 3d 0f e3 13 79 d3 40 be 83 ab 58 bd 12 28 1d 9d | no IKEv1 message padding required | emitting length of ISAKMP Message: 76 | sending 76 bytes for notification packet through eth1 from 192.1.2.23:500 to 192.1.2.45:500 (using #2) | 46 e5 31 8d 4c c9 ff 8e dc b7 06 82 45 99 af b8 | 08 10 05 01 4e ee f7 16 00 00 00 4c e6 54 7c 82 | ff 3d fd 1f 4a 7b be 21 f0 db be 37 e4 9a f7 41 | 6e 92 b7 c5 71 cb b6 16 9d 96 a6 03 c0 d4 87 7d | 69 3f 48 2b 08 4e 76 59 6f ad 62 be | state transition function for STATE_MAIN_R2 failed: INVALID_ID_INFORMATION | #2 spent 1.14 milliseconds in process_packet_tail() | updated IKE fragment state to respond using fragments without waiting for re-transmits | stop processing: from 192.1.2.45:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #2 connection "westnet-eastnet-x509-cr" from 192.1.2.45:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 1.34 milliseconds in comm_handle_cb() reading and processing packet | processing global timer EVENT_SHUNT_SCAN | expiring aged bare shunts from shunt table | spent 0.00443 milliseconds in global timer EVENT_SHUNT_SCAN | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | FOR_EACH_CONNECTION_... in show_connections_status | FOR_EACH_CONNECTION_... in show_connections_status | FOR_EACH_STATE_... in show_states_status (sort_states) | FOR_EACH_STATE_... in sort_states | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.352 milliseconds in whack