FIPS Product: YES FIPS Kernel: NO FIPS Mode: NO NSS DB directory: sql:/etc/ipsec.d Initializing NSS Opening NSS database "sql:/etc/ipsec.d" read-only NSS initialized NSS crypto library initialized FIPS HMAC integrity support [enabled] FIPS mode disabled for pluto daemon FIPS HMAC integrity verification self-test FAILED libcap-ng support [enabled] Linux audit support [enabled] Linux audit activated Starting Pluto (Libreswan Version v3.28-685-gbfd5aef521-master-s2 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:17802 core dump dir: /tmp secrets file: /etc/ipsec.secrets leak-detective enabled NSS crypto [enabled] XAUTH PAM support [enabled] | libevent is using pluto's memory allocator Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800) | libevent_malloc: new ptr-libevent@0x55cbbf0525a8 size 40 | libevent_malloc: new ptr-libevent@0x55cbbf052528 size 40 | libevent_malloc: new ptr-libevent@0x55cbbf0524a8 size 40 | creating event base | libevent_malloc: new ptr-libevent@0x55cbbf0440d8 size 56 | libevent_malloc: new ptr-libevent@0x55cbbefcdd08 size 664 | libevent_malloc: new ptr-libevent@0x55cbbf08cbc8 size 24 | libevent_malloc: new ptr-libevent@0x55cbbf08cc18 size 384 | libevent_malloc: new ptr-libevent@0x55cbbf08cb88 size 16 | libevent_malloc: new ptr-libevent@0x55cbbf052428 size 40 | libevent_malloc: new ptr-libevent@0x55cbbf0523a8 size 48 | libevent_realloc: new ptr-libevent@0x55cbbefcd998 size 256 | libevent_malloc: new ptr-libevent@0x55cbbf08cdc8 size 16 | libevent_free: release ptr-libevent@0x55cbbf0440d8 | libevent initialized | libevent_realloc: new ptr-libevent@0x55cbbf0440d8 size 64 | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds | init_nat_traversal() initialized with keep_alive=0s NAT-Traversal support [enabled] | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized | global one-shot timer EVENT_FREE_ROOT_CERTS initialized | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds | global one-shot timer EVENT_REVIVE_CONNS initialized | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds Encryption algorithms: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm, aes_ccm_c AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_b AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_a 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] 3des CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128} CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} camellia AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm, aes_gcm_c AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_b AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_a AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aesctr AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aes SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} serpent TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} twofish TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} twofish_cbc_ssh NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_gmac NULL IKEv1: ESP IKEv2: ESP [] CHACHA20_POLY1305 IKEv1: IKEv2: IKE ESP [*256] chacha20poly1305 Hash algorithms: MD5 IKEv1: IKE IKEv2: SHA1 IKEv1: IKE IKEv2: FIPS sha SHA2_256 IKEv1: IKE IKEv2: FIPS sha2, sha256 SHA2_384 IKEv1: IKE IKEv2: FIPS sha384 SHA2_512 IKEv1: IKE IKEv2: FIPS sha512 PRF algorithms: HMAC_MD5 IKEv1: IKE IKEv2: IKE md5 HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS sha, sha1 HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS sha2, sha256, sha2_256 HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS sha384, sha2_384 HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS sha512, sha2_512 AES_XCBC IKEv1: IKEv2: IKE aes128_xcbc Integrity algorithms: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH md5, hmac_md5 HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha, sha1, sha1_96, hmac_sha1 HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha512, sha2_512, sha2_512_256, hmac_sha2_512 HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha384, sha2_384, sha2_384_192, hmac_sha2_384 HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH aes_xcbc, aes128_xcbc, aes128_xcbc_96 AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac NONE IKEv1: ESP IKEv2: IKE ESP FIPS null DH algorithms: NONE IKEv1: IKEv2: IKE ESP AH FIPS null, dh0 MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh5 MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh14 MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh15 MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh16 MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh17 MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh18 DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_256, ecp256 DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_384, ecp384 DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_521, ecp521 DH31 IKEv1: IKE IKEv2: IKE ESP AH curve25519 testing CAMELLIA_CBC: Camellia: 16 bytes with 128-bit key Camellia: 16 bytes with 128-bit key Camellia: 16 bytes with 256-bit key Camellia: 16 bytes with 256-bit key testing AES_GCM_16: empty string one block two blocks two blocks with associated data testing AES_CTR: Encrypting 16 octets using AES-CTR with 128-bit key Encrypting 32 octets using AES-CTR with 128-bit key Encrypting 36 octets using AES-CTR with 128-bit key Encrypting 16 octets using AES-CTR with 192-bit key Encrypting 32 octets using AES-CTR with 192-bit key Encrypting 36 octets using AES-CTR with 192-bit key Encrypting 16 octets using AES-CTR with 256-bit key Encrypting 32 octets using AES-CTR with 256-bit key Encrypting 36 octets using AES-CTR with 256-bit key testing AES_CBC: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key testing AES_XCBC: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) testing HMAC_MD5: RFC 2104: MD5_HMAC test 1 RFC 2104: MD5_HMAC test 2 RFC 2104: MD5_HMAC test 3 8 CPU cores online starting up 7 crypto helpers started thread for crypto helper 0 started thread for crypto helper 1 | starting up helper thread 1 | status value returned by setting the priority of this thread (crypto helper 1) 22 | crypto helper 1 waiting (nothing to do) | starting up helper thread 0 | starting up helper thread 2 | status value returned by setting the priority of this thread (crypto helper 2) 22 | crypto helper 2 waiting (nothing to do) | status value returned by setting the priority of this thread (crypto helper 0) 22 | crypto helper 0 waiting (nothing to do) started thread for crypto helper 2 started thread for crypto helper 3 | starting up helper thread 3 | status value returned by setting the priority of this thread (crypto helper 3) 22 | crypto helper 3 waiting (nothing to do) started thread for crypto helper 4 | starting up helper thread 4 | status value returned by setting the priority of this thread (crypto helper 4) 22 | crypto helper 4 waiting (nothing to do) started thread for crypto helper 5 | starting up helper thread 5 | status value returned by setting the priority of this thread (crypto helper 5) 22 | crypto helper 5 waiting (nothing to do) started thread for crypto helper 6 | starting up helper thread 6 | checking IKEv1 state table | status value returned by setting the priority of this thread (crypto helper 6) 22 | crypto helper 6 waiting (nothing to do) | MAIN_R0: category: half-open IKE SA flags: 0: | -> MAIN_R1 EVENT_SO_DISCARD | MAIN_I1: category: half-open IKE SA flags: 0: | -> MAIN_I2 EVENT_RETRANSMIT | MAIN_R1: category: open IKE SA flags: 200: | -> MAIN_R2 EVENT_RETRANSMIT | -> UNDEFINED EVENT_RETRANSMIT | -> UNDEFINED EVENT_RETRANSMIT | MAIN_I2: category: open IKE SA flags: 0: | -> MAIN_I3 EVENT_RETRANSMIT | -> UNDEFINED EVENT_RETRANSMIT | -> UNDEFINED EVENT_RETRANSMIT | MAIN_R2: category: open IKE SA flags: 0: | -> MAIN_R3 EVENT_SA_REPLACE | -> MAIN_R3 EVENT_SA_REPLACE | -> UNDEFINED EVENT_SA_REPLACE | MAIN_I3: category: open IKE SA flags: 0: | -> MAIN_I4 EVENT_SA_REPLACE | -> MAIN_I4 EVENT_SA_REPLACE | -> UNDEFINED EVENT_SA_REPLACE | MAIN_R3: category: established IKE SA flags: 200: | -> UNDEFINED EVENT_NULL | MAIN_I4: category: established IKE SA flags: 0: | -> UNDEFINED EVENT_NULL | AGGR_R0: category: half-open IKE SA flags: 0: | -> AGGR_R1 EVENT_SO_DISCARD | AGGR_I1: category: half-open IKE SA flags: 0: | -> AGGR_I2 EVENT_SA_REPLACE | -> AGGR_I2 EVENT_SA_REPLACE | AGGR_R1: category: open IKE SA flags: 200: | -> AGGR_R2 EVENT_SA_REPLACE | -> AGGR_R2 EVENT_SA_REPLACE | AGGR_I2: category: established IKE SA flags: 200: | -> UNDEFINED EVENT_NULL | AGGR_R2: category: established IKE SA flags: 0: | -> UNDEFINED EVENT_NULL | QUICK_R0: category: established CHILD SA flags: 0: | -> QUICK_R1 EVENT_RETRANSMIT | QUICK_I1: category: established CHILD SA flags: 0: | -> QUICK_I2 EVENT_SA_REPLACE | QUICK_R1: category: established CHILD SA flags: 0: | -> QUICK_R2 EVENT_SA_REPLACE | QUICK_I2: category: established CHILD SA flags: 200: | -> UNDEFINED EVENT_NULL | QUICK_R2: category: established CHILD SA flags: 0: | -> UNDEFINED EVENT_NULL | INFO: category: informational flags: 0: | -> UNDEFINED EVENT_NULL | INFO_PROTECTED: category: informational flags: 0: | -> UNDEFINED EVENT_NULL | XAUTH_R0: category: established IKE SA flags: 0: | -> XAUTH_R1 EVENT_NULL | XAUTH_R1: category: established IKE SA flags: 0: | -> MAIN_R3 EVENT_SA_REPLACE | MODE_CFG_R0: category: informational flags: 0: | -> MODE_CFG_R1 EVENT_SA_REPLACE | MODE_CFG_R1: category: established IKE SA flags: 0: | -> MODE_CFG_R2 EVENT_SA_REPLACE | MODE_CFG_R2: category: established IKE SA flags: 0: | -> UNDEFINED EVENT_NULL | MODE_CFG_I1: category: established IKE SA flags: 0: | -> MAIN_I4 EVENT_SA_REPLACE | XAUTH_I0: category: established IKE SA flags: 0: | -> XAUTH_I1 EVENT_RETRANSMIT | XAUTH_I1: category: established IKE SA flags: 0: | -> MAIN_I4 EVENT_RETRANSMIT | checking IKEv2 state table | PARENT_I0: category: ignore flags: 0: | -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT) | PARENT_I1: category: half-open IKE SA flags: 0: | -> PARENT_I1 EVENT_RETAIN send-request (Initiator: process SA_INIT reply notification) | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH) | PARENT_I2: category: open IKE SA flags: 0: | -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification) | -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification) | -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification) | -> V2_IPSEC_I EVENT_SA_REPLACE (Initiator: process IKE_AUTH response) | -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification) | PARENT_I3: category: established IKE SA flags: 0: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Request) | -> PARENT_I3 EVENT_RETAIN (I3: Informational Response) | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Request) | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Response) | PARENT_R0: category: half-open IKE SA flags: 0: | -> PARENT_R1 EVENT_SO_DISCARD send-request (Respond to IKE_SA_INIT) | PARENT_R1: category: half-open IKE SA flags: 0: | -> PARENT_R1 EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request (no SKEYSEED)) | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request) | PARENT_R2: category: established IKE SA flags: 0: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Request) | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Response) | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Request) | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Response) | V2_CREATE_I0: category: established IKE SA flags: 0: | -> V2_CREATE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA) | V2_CREATE_I: category: established IKE SA flags: 0: | -> V2_IPSEC_I EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response) | V2_REKEY_IKE_I0: category: established IKE SA flags: 0: | -> V2_REKEY_IKE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey) | V2_REKEY_IKE_I: category: established IKE SA flags: 0: | -> PARENT_I3 EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response) | V2_REKEY_CHILD_I0: category: established IKE SA flags: 0: | -> V2_REKEY_CHILD_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA) | V2_REKEY_CHILD_I: category: established IKE SA flags: 0: | V2_CREATE_R: category: established IKE SA flags: 0: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IPsec SA Request) | V2_REKEY_IKE_R: category: established IKE SA flags: 0: | -> PARENT_R2 EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IKE Rekey) | V2_REKEY_CHILD_R: category: established IKE SA flags: 0: | V2_IPSEC_I: category: established CHILD SA flags: 0: | V2_IPSEC_R: category: established CHILD SA flags: 0: | IKESA_DEL: category: established IKE SA flags: 0: | -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) | CHILDSA_DEL: category: informational flags: 0: Using Linux XFRM/NETKEY IPsec interface code on 5.1.18-200.fc29.x86_64 | Hard-wiring algorithms | adding AES_CCM_16 to kernel algorithm db | adding AES_CCM_12 to kernel algorithm db | adding AES_CCM_8 to kernel algorithm db | adding 3DES_CBC to kernel algorithm db | adding CAMELLIA_CBC to kernel algorithm db | adding AES_GCM_16 to kernel algorithm db | adding AES_GCM_12 to kernel algorithm db | adding AES_GCM_8 to kernel algorithm db | adding AES_CTR to kernel algorithm db | adding AES_CBC to kernel algorithm db | adding SERPENT_CBC to kernel algorithm db | adding TWOFISH_CBC to kernel algorithm db | adding NULL_AUTH_AES_GMAC to kernel algorithm db | adding NULL to kernel algorithm db | adding CHACHA20_POLY1305 to kernel algorithm db | adding HMAC_MD5_96 to kernel algorithm db | adding HMAC_SHA1_96 to kernel algorithm db | adding HMAC_SHA2_512_256 to kernel algorithm db | adding HMAC_SHA2_384_192 to kernel algorithm db | adding HMAC_SHA2_256_128 to kernel algorithm db | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db | adding AES_XCBC_96 to kernel algorithm db | adding AES_CMAC_96 to kernel algorithm db | adding NONE to kernel algorithm db | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds | setup kernel fd callback | add_fd_read_event_handler: new KERNEL_XRM_FD-pe@0x55cbbf04c2c8 | libevent_malloc: new ptr-libevent@0x55cbbf08b338 size 128 | libevent_malloc: new ptr-libevent@0x55cbbf0923c8 size 16 | add_fd_read_event_handler: new KERNEL_ROUTE_FD-pe@0x55cbbf092358 | libevent_malloc: new ptr-libevent@0x55cbbf044d88 size 128 | libevent_malloc: new ptr-libevent@0x55cbbf092028 size 16 | global one-shot timer EVENT_CHECK_CRLS initialized selinux support is enabled. | unbound context created - setting debug level to 5 | /etc/hosts lookups activated | /etc/resolv.conf usage activated | outgoing-port-avoid set 0-65535 | outgoing-port-permit set 32768-60999 | Loading dnssec root key from:/var/lib/unbound/root.key | No additional dnssec trust anchors defined via dnssec-trusted= option | Setting up events, loop start | add_fd_read_event_handler: new PLUTO_CTL_FD-pe@0x55cbbf0927f8 | libevent_malloc: new ptr-libevent@0x55cbbf09e6d8 size 128 | libevent_malloc: new ptr-libevent@0x55cbbf0a99c8 size 16 | libevent_realloc: new ptr-libevent@0x55cbbf0a9a08 size 256 | libevent_malloc: new ptr-libevent@0x55cbbf0a9b38 size 8 | libevent_realloc: new ptr-libevent@0x55cbbf0a9b78 size 144 | libevent_malloc: new ptr-libevent@0x55cbbf050898 size 152 | libevent_malloc: new ptr-libevent@0x55cbbf0a9c38 size 16 | signal event handler PLUTO_SIGCHLD installed | libevent_malloc: new ptr-libevent@0x55cbbf0a9c78 size 8 | libevent_malloc: new ptr-libevent@0x55cbbefce6e8 size 152 | signal event handler PLUTO_SIGTERM installed | libevent_malloc: new ptr-libevent@0x55cbbf0a9cb8 size 8 | libevent_malloc: new ptr-libevent@0x55cbbf0a9cf8 size 152 | signal event handler PLUTO_SIGHUP installed | libevent_malloc: new ptr-libevent@0x55cbbf0a9dc8 size 8 | libevent_realloc: release ptr-libevent@0x55cbbf0a9b78 | libevent_realloc: new ptr-libevent@0x55cbbf0a9e08 size 256 | libevent_malloc: new ptr-libevent@0x55cbbf0a9f38 size 152 | signal event handler PLUTO_SIGSYS installed | created addconn helper (pid:17845) using fork+execve | forked child 17845 | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) listening for IKE messages | Inspecting interface lo | found lo with address 127.0.0.1 | Inspecting interface eth0 | found eth0 with address 192.0.2.254 | Inspecting interface eth1 | found eth1 with address 192.1.2.23 Kernel supports NIC esp-hw-offload adding interface eth1/eth1 (esp-hw-offload not supported by kernel) 192.1.2.23:500 | NAT-Traversal: Trying sockopt style NAT-T | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 adding interface eth1/eth1 192.1.2.23:4500 adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.0.2.254:500 | NAT-Traversal: Trying sockopt style NAT-T | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 adding interface eth0/eth0 192.0.2.254:4500 adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500 | NAT-Traversal: Trying sockopt style NAT-T | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 adding interface lo/lo 127.0.0.1:4500 | no interfaces to sort | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations | add_fd_read_event_handler: new ethX-pe@0x55cbbf0aa518 | libevent_malloc: new ptr-libevent@0x55cbbf09e628 size 128 | libevent_malloc: new ptr-libevent@0x55cbbf0aa588 size 16 | setup callback for interface lo 127.0.0.1:4500 fd 22 | add_fd_read_event_handler: new ethX-pe@0x55cbbf0aa5c8 | libevent_malloc: new ptr-libevent@0x55cbbf044e38 size 128 | libevent_malloc: new ptr-libevent@0x55cbbf0aa638 size 16 | setup callback for interface lo 127.0.0.1:500 fd 21 | add_fd_read_event_handler: new ethX-pe@0x55cbbf0aa678 | libevent_malloc: new ptr-libevent@0x55cbbf044758 size 128 | libevent_malloc: new ptr-libevent@0x55cbbf0aa6e8 size 16 | setup callback for interface eth0 192.0.2.254:4500 fd 20 | add_fd_read_event_handler: new ethX-pe@0x55cbbf0aa728 | libevent_malloc: new ptr-libevent@0x55cbbf04c018 size 128 | libevent_malloc: new ptr-libevent@0x55cbbf0aa798 size 16 | setup callback for interface eth0 192.0.2.254:500 fd 19 | add_fd_read_event_handler: new ethX-pe@0x55cbbf0aa7d8 | libevent_malloc: new ptr-libevent@0x55cbbf04c118 size 128 | libevent_malloc: new ptr-libevent@0x55cbbf0aa848 size 16 | setup callback for interface eth1 192.1.2.23:4500 fd 18 | add_fd_read_event_handler: new ethX-pe@0x55cbbf0aa888 | libevent_malloc: new ptr-libevent@0x55cbbf04c218 size 128 | libevent_malloc: new ptr-libevent@0x55cbbf0aa8f8 size 16 | setup callback for interface eth1 192.1.2.23:500 fd 17 | certs and keys locked by 'free_preshared_secrets' | certs and keys unlocked by 'free_preshared_secrets' loading secrets from "/etc/ipsec.secrets" | saving Modulus | saving PublicExponent | ignoring PrivateExponent | ignoring Prime1 | ignoring Prime2 | ignoring Exponent1 | ignoring Exponent2 | ignoring Coefficient | ignoring CKAIDNSS | computed rsa CKAID 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 | computed rsa CKAID 8a 82 25 f1 loaded private key for keyid: PKK_RSA:AQO9bJbr3 | certs and keys locked by 'process_secret' | certs and keys unlocked by 'process_secret' | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.739 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) listening for IKE messages | Inspecting interface lo | found lo with address 127.0.0.1 | Inspecting interface eth0 | found eth0 with address 192.0.2.254 | Inspecting interface eth1 | found eth1 with address 192.1.2.23 | no interfaces to sort | libevent_free: release ptr-libevent@0x55cbbf09e628 | free_event_entry: release EVENT_NULL-pe@0x55cbbf0aa518 | add_fd_read_event_handler: new ethX-pe@0x55cbbf0aa518 | libevent_malloc: new ptr-libevent@0x55cbbf09e628 size 128 | setup callback for interface lo 127.0.0.1:4500 fd 22 | libevent_free: release ptr-libevent@0x55cbbf044e38 | free_event_entry: release EVENT_NULL-pe@0x55cbbf0aa5c8 | add_fd_read_event_handler: new ethX-pe@0x55cbbf0aa5c8 | libevent_malloc: new ptr-libevent@0x55cbbf044e38 size 128 | setup callback for interface lo 127.0.0.1:500 fd 21 | libevent_free: release ptr-libevent@0x55cbbf044758 | free_event_entry: release EVENT_NULL-pe@0x55cbbf0aa678 | add_fd_read_event_handler: new ethX-pe@0x55cbbf0aa678 | libevent_malloc: new ptr-libevent@0x55cbbf044758 size 128 | setup callback for interface eth0 192.0.2.254:4500 fd 20 | libevent_free: release ptr-libevent@0x55cbbf04c018 | free_event_entry: release EVENT_NULL-pe@0x55cbbf0aa728 | add_fd_read_event_handler: new ethX-pe@0x55cbbf0aa728 | libevent_malloc: new ptr-libevent@0x55cbbf04c018 size 128 | setup callback for interface eth0 192.0.2.254:500 fd 19 | libevent_free: release ptr-libevent@0x55cbbf04c118 | free_event_entry: release EVENT_NULL-pe@0x55cbbf0aa7d8 | add_fd_read_event_handler: new ethX-pe@0x55cbbf0aa7d8 | libevent_malloc: new ptr-libevent@0x55cbbf04c118 size 128 | setup callback for interface eth1 192.1.2.23:4500 fd 18 | libevent_free: release ptr-libevent@0x55cbbf04c218 | free_event_entry: release EVENT_NULL-pe@0x55cbbf0aa888 | add_fd_read_event_handler: new ethX-pe@0x55cbbf0aa888 | libevent_malloc: new ptr-libevent@0x55cbbf04c218 size 128 | setup callback for interface eth1 192.1.2.23:500 fd 17 | certs and keys locked by 'free_preshared_secrets' forgetting secrets | certs and keys unlocked by 'free_preshared_secrets' loading secrets from "/etc/ipsec.secrets" | saving Modulus | saving PublicExponent | ignoring PrivateExponent | ignoring Prime1 | ignoring Prime2 | ignoring Exponent1 | ignoring Exponent2 | ignoring Coefficient | ignoring CKAIDNSS | computed rsa CKAID 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 | computed rsa CKAID 8a 82 25 f1 loaded private key for keyid: PKK_RSA:AQO9bJbr3 | certs and keys locked by 'process_secret' | certs and keys unlocked by 'process_secret' | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.248 milliseconds in whack | processing signal PLUTO_SIGCHLD | waitpid returned pid 17845 (exited with status 0) | reaped addconn helper child (status 0) | waitpid returned ECHILD (no child processes left) | spent 0.0133 milliseconds in signal handler PLUTO_SIGCHLD | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | Added new connection x509 with policy ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | No AUTH policy was set - defaulting to RSASIG | ASCII to DN <= "C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=key4096.testing.libreswan.org, E=user-key4096@testing.libreswan.org" | ASCII to DN => 30 81 ba 31 0b 30 09 06 03 55 04 06 13 02 43 41 | ASCII to DN => 31 10 30 0e 06 03 55 04 08 13 07 4f 6e 74 61 72 | ASCII to DN => 69 6f 31 10 30 0e 06 03 55 04 07 13 07 54 6f 72 | ASCII to DN => 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 13 09 4c | ASCII to DN => 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 | ASCII to DN => 0b 13 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 | ASCII to DN => 6e 74 31 26 30 24 06 03 55 04 03 13 1d 6b 65 79 | ASCII to DN => 34 30 39 36 2e 74 65 73 74 69 6e 67 2e 6c 69 62 | ASCII to DN => 72 65 73 77 61 6e 2e 6f 72 67 31 31 30 2f 06 09 | ASCII to DN => 2a 86 48 86 f7 0d 01 09 01 16 22 75 73 65 72 2d | ASCII to DN => 6b 65 79 34 30 39 36 40 74 65 73 74 69 6e 67 2e | ASCII to DN => 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 | counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=key4096.testing.libreswan.org, E=user-key4096@testing.libreswan.org is 0 | ASCII to DN <= "C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org" | ASCII to DN => 30 81 b4 31 0b 30 09 06 03 55 04 06 13 02 43 41 | ASCII to DN => 31 10 30 0e 06 03 55 04 08 13 07 4f 6e 74 61 72 | ASCII to DN => 69 6f 31 10 30 0e 06 03 55 04 07 13 07 54 6f 72 | ASCII to DN => 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 13 09 4c | ASCII to DN => 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 | ASCII to DN => 0b 13 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 | ASCII to DN => 6e 74 31 23 30 21 06 03 55 04 03 13 1a 65 61 73 | ASCII to DN => 74 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 | ASCII to DN => 77 61 6e 2e 6f 72 67 31 2e 30 2c 06 09 2a 86 48 | ASCII to DN => 86 f7 0d 01 09 01 16 1f 75 73 65 72 2d 65 61 73 | ASCII to DN => 74 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 | ASCII to DN => 77 61 6e 2e 6f 72 67 | loading right certificate 'east' pubkey | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55cbbf0ad058 | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55cbbf0ad008 | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55cbbf0acfb8 | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55cbbf0acd38 | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55cbbf0acce8 | unreference key: 0x55cbbf0afb78 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org cnt 1-- | certs and keys locked by 'lsw_add_rsa_secret' | certs and keys unlocked by 'lsw_add_rsa_secret' | counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org is 0 | based upon policy, the connection is a template. | connect_to_host_pair: 192.1.2.23:500 0.0.0.0:500 -> hp@(nil): none | new hp@0x55cbbf0b2468 added connection description "x509" | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | 192.1.2.23<192.1.2.23>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org]...%any[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=key4096.testing.libreswan.org, E=user-key4096@testing.libreswan.org] | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 1.36 milliseconds in whack | spent 0.00273 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 792 bytes from 192.1.3.209:500 on eth1 (192.1.2.23:500) | 3d 90 5f e6 ea 1c 2d 0d 00 00 00 00 00 00 00 00 | 01 10 02 00 00 00 00 00 00 00 03 18 0d 00 02 84 | 00 00 00 01 00 00 00 01 00 00 02 78 00 01 00 12 | 03 00 00 24 00 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 07 80 02 00 04 80 03 00 03 80 04 00 0e | 80 0e 01 00 03 00 00 24 01 01 00 00 80 0b 00 01 | 80 0c 0e 10 80 01 00 07 80 02 00 04 80 03 00 03 | 80 04 00 0e 80 0e 00 80 03 00 00 24 02 01 00 00 | 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 06 | 80 03 00 03 80 04 00 0e 80 0e 01 00 03 00 00 24 | 03 01 00 00 80 0b 00 01 80 0c 0e 10 80 01 00 07 | 80 02 00 06 80 03 00 03 80 04 00 0e 80 0e 00 80 | 03 00 00 24 04 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 07 80 02 00 02 80 03 00 03 80 04 00 0e | 80 0e 01 00 03 00 00 24 05 01 00 00 80 0b 00 01 | 80 0c 0e 10 80 01 00 07 80 02 00 02 80 03 00 03 | 80 04 00 0e 80 0e 00 80 03 00 00 24 06 01 00 00 | 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 04 | 80 03 00 03 80 04 00 05 80 0e 01 00 03 00 00 24 | 07 01 00 00 80 0b 00 01 80 0c 0e 10 80 01 00 07 | 80 02 00 04 80 03 00 03 80 04 00 05 80 0e 00 80 | 03 00 00 24 08 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 07 80 02 00 06 80 03 00 03 80 04 00 05 | 80 0e 01 00 03 00 00 24 09 01 00 00 80 0b 00 01 | 80 0c 0e 10 80 01 00 07 80 02 00 06 80 03 00 03 | 80 04 00 05 80 0e 00 80 03 00 00 24 0a 01 00 00 | 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 02 | 80 03 00 03 80 04 00 05 80 0e 01 00 03 00 00 24 | 0b 01 00 00 80 0b 00 01 80 0c 0e 10 80 01 00 07 | 80 02 00 02 80 03 00 03 80 04 00 05 80 0e 00 80 | 03 00 00 20 0c 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 05 80 02 00 04 80 03 00 03 80 04 00 0e | 03 00 00 20 0d 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 05 80 02 00 06 80 03 00 03 80 04 00 0e | 03 00 00 20 0e 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 05 80 02 00 02 80 03 00 03 80 04 00 0e | 03 00 00 20 0f 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 05 80 02 00 04 80 03 00 03 80 04 00 05 | 03 00 00 20 10 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 05 80 02 00 06 80 03 00 03 80 04 00 05 | 00 00 00 20 11 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 05 80 02 00 02 80 03 00 03 80 04 00 05 | 0d 00 00 14 40 48 b7 d5 6e bc e8 85 25 e7 de 7f | 00 d6 c2 d3 0d 00 00 14 af ca d7 13 68 a1 f1 c9 | 6b 86 96 fc 77 57 01 00 0d 00 00 14 4a 13 1c 81 | 07 03 58 45 5c 57 28 f2 0e 95 45 2f 0d 00 00 14 | 7d 94 19 a6 53 10 ca 6f 2c 17 9d 92 15 52 9d 56 | 0d 00 00 14 90 cb 80 91 3e bb 69 6e 08 63 81 b5 | ec 42 7b 1f 00 00 00 14 cd 60 46 43 35 df 21 f8 | 7c fd b2 fc 68 b6 a4 48 | start processing: from 192.1.3.209:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 3d 90 5f e6 ea 1c 2d 0d | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_SA (0x1) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 792 (0x318) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: IKEv1 state not found (find_state_ikev1_init) | #null state always idle | got payload 0x2 (ISAKMP_NEXT_SA) needed: 0x2 opt: 0x2080 | ***parse ISAKMP Security Association Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | length: 644 (0x284) | DOI: ISAKMP_DOI_IPSEC (0x1) | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 | ***parse ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | length: 20 (0x14) | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 | ***parse ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | length: 20 (0x14) | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 | ***parse ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | length: 20 (0x14) | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 | ***parse ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | length: 20 (0x14) | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 | ***parse ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | length: 20 (0x14) | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 | ***parse ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 20 (0x14) | message 'main_inI1_outR1' HASH payload not checked early | received Vendor ID payload [FRAGMENTATION] | received Vendor ID payload [Dead Peer Detection] | quirks.qnat_traversal_vid set to=117 [RFC 3947] | received Vendor ID payload [RFC 3947] | Ignoring older NAT-T Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] | ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] | Ignoring older NAT-T Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] | ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] | Ignoring older NAT-T Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] | ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] | in statetime_start() with no state | find_host_connection local=192.1.2.23:500 remote=192.1.3.209:500 policy=IKEV1_ALLOW but ignoring ports | find_next_host_connection policy=IKEV1_ALLOW | find_next_host_connection returns empty | ****parse IPsec DOI SIT: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) | ****parse ISAKMP Proposal Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 632 (0x278) | proposal number: 0 (0x0) | protocol ID: PROTO_ISAKMP (0x1) | SPI size: 0 (0x0) | number of transforms: 18 (0x12) | *****parse ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | length: 36 (0x24) | ISAKMP transform number: 0 (0x0) | ISAKMP transform ID: KEY_IKE (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 4 (0x4) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 3 (0x3) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | *****parse ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | length: 36 (0x24) | ISAKMP transform number: 1 (0x1) | ISAKMP transform ID: KEY_IKE (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 4 (0x4) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 3 (0x3) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | *****parse ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | length: 36 (0x24) | ISAKMP transform number: 2 (0x2) | ISAKMP transform ID: KEY_IKE (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 6 (0x6) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 3 (0x3) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | *****parse ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | length: 36 (0x24) | ISAKMP transform number: 3 (0x3) | ISAKMP transform ID: KEY_IKE (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 6 (0x6) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 3 (0x3) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | *****parse ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | length: 36 (0x24) | ISAKMP transform number: 4 (0x4) | ISAKMP transform ID: KEY_IKE (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 2 (0x2) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 3 (0x3) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | *****parse ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | length: 36 (0x24) | ISAKMP transform number: 5 (0x5) | ISAKMP transform ID: KEY_IKE (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 2 (0x2) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 3 (0x3) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | *****parse ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | length: 36 (0x24) | ISAKMP transform number: 6 (0x6) | ISAKMP transform ID: KEY_IKE (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 4 (0x4) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 3 (0x3) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 5 (0x5) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | *****parse ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | length: 36 (0x24) | ISAKMP transform number: 7 (0x7) | ISAKMP transform ID: KEY_IKE (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 4 (0x4) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 3 (0x3) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 5 (0x5) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | *****parse ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | length: 36 (0x24) | ISAKMP transform number: 8 (0x8) | ISAKMP transform ID: KEY_IKE (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 6 (0x6) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 3 (0x3) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 5 (0x5) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | *****parse ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | length: 36 (0x24) | ISAKMP transform number: 9 (0x9) | ISAKMP transform ID: KEY_IKE (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 6 (0x6) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 3 (0x3) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 5 (0x5) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | *****parse ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | length: 36 (0x24) | ISAKMP transform number: 10 (0xa) | ISAKMP transform ID: KEY_IKE (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 2 (0x2) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 3 (0x3) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 5 (0x5) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | *****parse ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | length: 36 (0x24) | ISAKMP transform number: 11 (0xb) | ISAKMP transform ID: KEY_IKE (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 2 (0x2) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 3 (0x3) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 5 (0x5) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | *****parse ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | length: 32 (0x20) | ISAKMP transform number: 12 (0xc) | ISAKMP transform ID: KEY_IKE (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 5 (0x5) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 4 (0x4) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 3 (0x3) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | *****parse ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | length: 32 (0x20) | ISAKMP transform number: 13 (0xd) | ISAKMP transform ID: KEY_IKE (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 5 (0x5) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 6 (0x6) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 3 (0x3) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | *****parse ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | length: 32 (0x20) | ISAKMP transform number: 14 (0xe) | ISAKMP transform ID: KEY_IKE (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 5 (0x5) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 2 (0x2) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 3 (0x3) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | *****parse ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | length: 32 (0x20) | ISAKMP transform number: 15 (0xf) | ISAKMP transform ID: KEY_IKE (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 5 (0x5) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 4 (0x4) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 3 (0x3) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 5 (0x5) | *****parse ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | length: 32 (0x20) | ISAKMP transform number: 16 (0x10) | ISAKMP transform ID: KEY_IKE (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 5 (0x5) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 6 (0x6) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 3 (0x3) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 5 (0x5) | *****parse ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 32 (0x20) | ISAKMP transform number: 17 (0x11) | ISAKMP transform ID: KEY_IKE (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 5 (0x5) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 2 (0x2) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 3 (0x3) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 5 (0x5) | find_host_connection local=192.1.2.23:500 remote= policy=RSASIG+IKEV1_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 0.0.0.0:500 but ignoring ports | find_next_host_connection policy=RSASIG+IKEV1_ALLOW | found policy = RSASIG+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (x509) | find_next_host_connection returns x509 | find_next_host_connection policy=RSASIG+IKEV1_ALLOW | find_next_host_connection returns empty | instantiating "x509" for initial Main Mode message received on 192.1.2.23:500 | connect_to_host_pair: 192.1.2.23:500 192.1.3.209:500 -> hp@(nil): none | new hp@0x55cbbf0b0428 | rw_instantiate() instantiated "x509"[1] 192.1.3.209 for 192.1.3.209 | creating state object #1 at 0x55cbbf0b4158 | State DB: adding IKEv1 state #1 in UNDEFINED | pstats #1 ikev1.isakmp started | #1 updating local interface from to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2669) | start processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in main_inI1_outR1() at ikev1_main.c:667) | parent state #1: UNDEFINED(ignore) => MAIN_R0(half-open IKE SA) | sender checking NAT-T: enabled; VID 117 | returning NAT-T method NAT_TRAVERSAL_METHOD_IETF_RFC | enabling possible NAT-traversal with method RFC 3947 (NAT-Traversal) "x509"[1] 192.1.3.209 #1: responding to Main Mode from unknown peer 192.1.3.209 on port 500 | ICOOKIE-DUMP: 3d 90 5f e6 ea 1c 2d 0d | **emit ISAKMP Message: | initiator cookie: | 3d 90 5f e6 ea 1c 2d 0d | responder cookie: | 78 5b 8a ad 9d ad d9 c8 | next payload type: ISAKMP_NEXT_SA (0x1) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | next payload chain: ignoring supplied 'ISAKMP Message'.'next payload type' value 1:ISAKMP_NEXT_SA | ***emit ISAKMP Security Association Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | DOI: ISAKMP_DOI_IPSEC (0x1) | next payload chain: ignoring supplied 'ISAKMP Security Association Payload'.'next payload type' value 13:ISAKMP_NEXT_VID | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Security Association Payload (1:ISAKMP_NEXT_SA) | next payload chain: saving location 'ISAKMP Security Association Payload'.'next payload type' in 'reply packet' | ****parse IPsec DOI SIT: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) | ****parse ISAKMP Proposal Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 632 (0x278) | proposal number: 0 (0x0) | protocol ID: PROTO_ISAKMP (0x1) | SPI size: 0 (0x0) | number of transforms: 18 (0x12) | *****parse ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | length: 36 (0x24) | ISAKMP transform number: 0 (0x0) | ISAKMP transform ID: KEY_IKE (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | [7 is OAKLEY_AES_CBC] | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 4 (0x4) | [4 is OAKLEY_SHA2_256] | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 3 (0x3) | [3 is OAKLEY_RSA_SIG] | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | OAKLEY proposal verified unconditionally; no alg_info to check against | Oakley Transform 0 accepted | ****emit IPsec DOI SIT: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) | ****emit ISAKMP Proposal Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | proposal number: 0 (0x0) | protocol ID: PROTO_ISAKMP (0x1) | SPI size: 0 (0x0) | number of transforms: 1 (0x1) | last substructure: saving location 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP transform number: 0 (0x0) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | emitting 28 raw bytes of attributes into ISAKMP Transform Payload (ISAKMP) | attributes 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 04 | attributes 80 03 00 03 80 04 00 0e 80 0e 01 00 | emitting length of ISAKMP Transform Payload (ISAKMP): 36 | emitting length of ISAKMP Proposal Payload: 44 | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is 0 | emitting length of ISAKMP Security Association Payload: 56 | last substructure: checking 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' is 0 | out_vid(): sending [FRAGMENTATION] | ***emit ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | next payload chain: ignoring supplied 'ISAKMP Vendor ID Payload'.'next payload type' value 13:ISAKMP_NEXT_VID | next payload chain: setting previous 'ISAKMP Security Association Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload | V_ID 40 48 b7 d5 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3 | emitting length of ISAKMP Vendor ID Payload: 20 | out_vid(): sending [Dead Peer Detection] | ***emit ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload | V_ID af ca d7 13 68 a1 f1 c9 6b 86 96 fc 77 57 01 00 | emitting length of ISAKMP Vendor ID Payload: 20 | out_vid(): sending [RFC 3947] | ***emit ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload | V_ID 4a 13 1c 81 07 03 58 45 5c 57 28 f2 0e 95 45 2f | emitting length of ISAKMP Vendor ID Payload: 20 | no IKEv1 message padding required | emitting length of ISAKMP Message: 144 | complete v1 state transition with STF_OK | [RE]START processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in complete_v1_state_transition() at ikev1.c:2673) | #1 is idle | doing_xauth:no, t_xauth_client_done:no | peer supports fragmentation | peer supports DPD | IKEv1: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 | parent state #1: MAIN_R0(half-open IKE SA) => MAIN_R1(open IKE SA) | event_already_set, deleting event | sending reply packet to 192.1.3.209:500 (from 192.1.2.23:500) | sending 144 bytes for STATE_MAIN_R0 through eth1 from 192.1.2.23:500 to 192.1.3.209:500 (using #1) | 3d 90 5f e6 ea 1c 2d 0d 78 5b 8a ad 9d ad d9 c8 | 01 10 02 00 00 00 00 00 00 00 00 90 0d 00 00 38 | 00 00 00 01 00 00 00 01 00 00 00 2c 00 01 00 01 | 00 00 00 24 00 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 07 80 02 00 04 80 03 00 03 80 04 00 0e | 80 0e 01 00 0d 00 00 14 40 48 b7 d5 6e bc e8 85 | 25 e7 de 7f 00 d6 c2 d3 0d 00 00 14 af ca d7 13 | 68 a1 f1 c9 6b 86 96 fc 77 57 01 00 00 00 00 14 | 4a 13 1c 81 07 03 58 45 5c 57 28 f2 0e 95 45 2f | !event_already_set at reschedule | event_schedule: new EVENT_SO_DISCARD-pe@0x55cbbf0acff8 | inserting event EVENT_SO_DISCARD, timeout in 60 seconds for #1 | libevent_malloc: new ptr-libevent@0x55cbbf0acc38 size 128 "x509"[1] 192.1.3.209 #1: STATE_MAIN_R1: sent MR1, expecting MI2 | modecfg pull: noquirk policy:push not-client | phase 1 is done, looking for phase 2 to unpend | stop processing: from 192.1.3.209:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 1.34 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00228 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 396 bytes from 192.1.3.209:500 on eth1 (192.1.2.23:500) | 3d 90 5f e6 ea 1c 2d 0d 78 5b 8a ad 9d ad d9 c8 | 04 10 02 00 00 00 00 00 00 00 01 8c 0a 00 01 04 | 1d 41 f3 09 6d 15 de 9f d6 e3 ca 3d a8 59 95 cc | 01 07 58 d7 b6 97 8f 87 26 99 e0 06 d1 c8 bc c4 | a9 54 c3 1e 4d 43 d1 d9 61 da 3f 7e 61 f5 3b 47 | a3 99 91 64 c0 27 c1 9a 5f 40 e6 f2 d3 31 63 59 | fe 0d 7c c5 a9 cb d1 4f 60 4a 80 ce fd cf 92 bc | cf f5 8f 5d 75 ed 99 44 9b 0e 79 ac c6 b5 65 f1 | ab 50 63 12 71 40 ec ab 24 84 85 da 87 2a b4 a4 | 99 ef da 62 72 f9 18 bc bb 17 82 b9 58 87 39 e7 | 16 ee f2 11 04 8e fe 59 67 f5 5b 45 bd 8b 54 e8 | 59 46 40 e2 91 08 80 ca ed 31 90 e7 72 a5 e2 a0 | 5d e0 1a a2 29 15 7d f7 bd 19 6c 0f 52 26 34 39 | 41 99 f2 58 ba 68 14 a4 e3 7a be a6 6d f9 10 5f | d1 71 b1 da cc a1 1c d9 3e 68 96 eb f8 06 53 7a | f3 0f 4c f9 4e b2 73 5e 07 50 25 8f 50 e0 cd 42 | cb 4e 23 59 17 18 92 be cc 74 df a7 e2 14 64 50 | d4 c4 54 c6 6d 69 c2 f3 23 06 e3 26 4c 15 e5 d7 | 14 00 00 24 79 3a 8b a1 7c 83 c6 ab 68 fd 0e a3 | a2 a6 54 65 f6 0b 14 75 12 eb c7 1d f6 64 bf 3e | da 01 7a 24 14 00 00 24 91 5c f7 92 e0 5e 3d 47 | f2 48 e6 75 9d d2 8d bd ac b7 63 bc 4c cf 2f 12 | e1 7c f1 8e a6 46 1c 25 00 00 00 24 bd a7 19 a2 | 7b 82 68 66 6f 2a 20 8d 68 24 79 75 df 46 68 4b | 09 66 a5 f6 14 9d c9 42 18 fd 58 03 | start processing: from 192.1.3.209:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 3d 90 5f e6 ea 1c 2d 0d | responder cookie: | 78 5b 8a ad 9d ad d9 c8 | next payload type: ISAKMP_NEXT_KE (0x4) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 396 (0x18c) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R1 (find_state_ikev1) | start processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_v1_packet() at ikev1.c:1459) | #1 is idle | #1 idle | got payload 0x10 (ISAKMP_NEXT_KE) needed: 0x410 opt: 0x102080 | ***parse ISAKMP Key Exchange Payload: | next payload type: ISAKMP_NEXT_NONCE (0xa) | length: 260 (0x104) | got payload 0x400 (ISAKMP_NEXT_NONCE) needed: 0x400 opt: 0x102080 | ***parse ISAKMP Nonce Payload: | next payload type: ISAKMP_NEXT_NATD_RFC (0x14) | length: 36 (0x24) | got payload 0x100000 (ISAKMP_NEXT_NATD_RFC) needed: 0x0 opt: 0x102080 | ***parse ISAKMP NAT-D Payload: | next payload type: ISAKMP_NEXT_NATD_RFC (0x14) | length: 36 (0x24) | got payload 0x100000 (ISAKMP_NEXT_NATD_RFC) needed: 0x0 opt: 0x102080 | ***parse ISAKMP NAT-D Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 36 (0x24) | message 'main_inI2_outR2' HASH payload not checked early | init checking NAT-T: enabled; RFC 3947 (NAT-Traversal) | natd_hash: hasher=0x55cbbebebca0(32) | natd_hash: icookie= 3d 90 5f e6 ea 1c 2d 0d | natd_hash: rcookie= 78 5b 8a ad 9d ad d9 c8 | natd_hash: ip= c0 01 02 17 | natd_hash: port=500 | natd_hash: hash= 91 5c f7 92 e0 5e 3d 47 f2 48 e6 75 9d d2 8d bd | natd_hash: hash= ac b7 63 bc 4c cf 2f 12 e1 7c f1 8e a6 46 1c 25 | natd_hash: hasher=0x55cbbebebca0(32) | natd_hash: icookie= 3d 90 5f e6 ea 1c 2d 0d | natd_hash: rcookie= 78 5b 8a ad 9d ad d9 c8 | natd_hash: ip= c0 01 03 d1 | natd_hash: port=500 | natd_hash: hash= bd a7 19 a2 7b 82 68 66 6f 2a 20 8d 68 24 79 75 | natd_hash: hash= df 46 68 4b 09 66 a5 f6 14 9d c9 42 18 fd 58 03 | expected NAT-D(me): 91 5c f7 92 e0 5e 3d 47 f2 48 e6 75 9d d2 8d bd | expected NAT-D(me): ac b7 63 bc 4c cf 2f 12 e1 7c f1 8e a6 46 1c 25 | expected NAT-D(him): | bd a7 19 a2 7b 82 68 66 6f 2a 20 8d 68 24 79 75 | df 46 68 4b 09 66 a5 f6 14 9d c9 42 18 fd 58 03 | received NAT-D: 91 5c f7 92 e0 5e 3d 47 f2 48 e6 75 9d d2 8d bd | received NAT-D: ac b7 63 bc 4c cf 2f 12 e1 7c f1 8e a6 46 1c 25 | received NAT-D: bd a7 19 a2 7b 82 68 66 6f 2a 20 8d 68 24 79 75 | received NAT-D: df 46 68 4b 09 66 a5 f6 14 9d c9 42 18 fd 58 03 | NAT_TRAVERSAL encaps using auto-detect | NAT_TRAVERSAL this end is NOT behind NAT | NAT_TRAVERSAL that end is NOT behind NAT | NAT_TRAVERSAL nat-keepalive enabled 192.1.3.209 | NAT-Traversal: Result using RFC 3947 (NAT-Traversal) sender port 500: no NAT detected | NAT_T_WITH_KA detected | global one-shot timer EVENT_NAT_T_KEEPALIVE scheduled in 20 seconds | adding inI2_outR2 KE work-order 1 for state #1 | state #1 requesting EVENT_SO_DISCARD to be deleted | libevent_free: release ptr-libevent@0x55cbbf0acc38 | free_event_entry: release EVENT_SO_DISCARD-pe@0x55cbbf0acff8 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55cbbf0acff8 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 | libevent_malloc: new ptr-libevent@0x55cbbf0b0e18 size 128 | complete v1 state transition with STF_SUSPEND | [RE]START processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in complete_v1_state_transition() at ikev1.c:2648) | suspending state #1 and saving MD | #1 is busy; has a suspended MD | crypto helper 1 resuming | #1 spent 0.113 milliseconds in process_packet_tail() | crypto helper 1 starting work-order 1 for state #1 | stop processing: from 192.1.3.209:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_md() at demux.c:382) | crypto helper 1 doing build KE and nonce (inI2_outR2 KE); request ID 1 | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.25 milliseconds in comm_handle_cb() reading and processing packet | crypto helper 1 finished build KE and nonce (inI2_outR2 KE); request ID 1 time elapsed 0.00082 seconds | (#1) spent 0.823 milliseconds in crypto helper computing work-order 1: inI2_outR2 KE (pcr) | crypto helper 1 sending results from work-order 1 for state #1 to event queue | scheduling resume sending helper answer for #1 | libevent_malloc: new ptr-libevent@0x7f6fa4002888 size 128 | crypto helper 1 waiting (nothing to do) | processing resume sending helper answer for #1 | start processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in resume_handler() at server.c:797) | crypto helper 1 replies to request ID 1 | calling continuation function 0x55cbbeb16b50 | main_inI2_outR2_continue for #1: calculated ke+nonce, sending R2 | **emit ISAKMP Message: | initiator cookie: | 3d 90 5f e6 ea 1c 2d 0d | responder cookie: | 78 5b 8a ad 9d ad d9 c8 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit ISAKMP Key Exchange Payload: | next payload type: ISAKMP_NEXT_NONCE (0xa) | next payload chain: ignoring supplied 'ISAKMP Key Exchange Payload'.'next payload type' value 10:ISAKMP_NEXT_NONCE | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Key Exchange Payload (4:ISAKMP_NEXT_KE) | next payload chain: saving location 'ISAKMP Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of keyex value into ISAKMP Key Exchange Payload | keyex value e4 9e 42 73 5f 64 2c ec 1c 59 96 77 51 19 e9 11 | keyex value d6 3c f6 95 e0 90 73 be c7 9c b1 69 a1 da 59 7f | keyex value 21 5d 2e f2 bb 96 ad 2c 73 3f 3f 18 69 90 d3 5c | keyex value d8 5b a7 fe 91 6c 31 02 f1 3c a0 33 18 17 9c ee | keyex value 82 b0 f3 69 b4 b9 aa 5f 32 36 dd 1d fc 10 c4 2b | keyex value fc 41 a3 d3 d3 32 74 43 c2 dd d6 b4 c2 cd 17 4f | keyex value 39 42 11 44 59 96 92 57 39 98 66 8e cc b4 65 6e | keyex value 21 05 07 e2 53 0f da fb f6 99 12 85 da 28 c5 cc | keyex value 04 00 9f 26 ab ea 7e f8 12 7f 5a 47 27 59 51 ca | keyex value 6c 70 5d 1c 4b 23 78 28 9f 46 c5 67 80 50 dd a6 | keyex value c7 b9 41 a5 e0 6b 9a a8 54 e1 3f 06 b3 89 69 92 | keyex value 38 06 a4 0e c5 5d 9a 96 56 cb 1e ae 71 b2 c5 b3 | keyex value 9c 3a 68 83 dd 59 d7 e6 e2 19 07 32 e4 4e 2a 08 | keyex value 8a cb 75 7f 1f c9 04 5b 74 a0 0c 86 0e ac da d5 | keyex value a6 fd 3a 65 b1 40 78 79 b5 18 dc ff e8 33 8c 18 | keyex value 5e 10 66 42 ae 76 ca 56 06 23 92 57 22 bd 89 07 | emitting length of ISAKMP Key Exchange Payload: 260 | ***emit ISAKMP Nonce Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Key Exchange Payload'.'next payload type' to current ISAKMP Nonce Payload (10:ISAKMP_NEXT_NONCE) | next payload chain: saving location 'ISAKMP Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of Nr into ISAKMP Nonce Payload | Nr 61 d2 ab cb 6b 72 31 1d 23 b9 4b 59 a1 6f eb b2 | Nr 34 4e 10 31 15 80 1d d5 48 6c 3c 19 12 15 72 3c | emitting length of ISAKMP Nonce Payload: 36 | sending NAT-D payloads | natd_hash: hasher=0x55cbbebebca0(32) | natd_hash: icookie= 3d 90 5f e6 ea 1c 2d 0d | natd_hash: rcookie= 78 5b 8a ad 9d ad d9 c8 | natd_hash: ip= c0 01 03 d1 | natd_hash: port=500 | natd_hash: hash= bd a7 19 a2 7b 82 68 66 6f 2a 20 8d 68 24 79 75 | natd_hash: hash= df 46 68 4b 09 66 a5 f6 14 9d c9 42 18 fd 58 03 | ***emit ISAKMP NAT-D Payload: | next payload type: ISAKMP_NEXT_NATD_RFC (0x14) | next payload chain: ignoring supplied 'ISAKMP NAT-D Payload'.'next payload type' value 20:ISAKMP_NEXT_NATD_RFC | next payload chain: setting previous 'ISAKMP Nonce Payload'.'next payload type' to current ISAKMP NAT-D Payload (20:ISAKMP_NEXT_NATD_RFC) | next payload chain: saving location 'ISAKMP NAT-D Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of NAT-D into ISAKMP NAT-D Payload | NAT-D bd a7 19 a2 7b 82 68 66 6f 2a 20 8d 68 24 79 75 | NAT-D df 46 68 4b 09 66 a5 f6 14 9d c9 42 18 fd 58 03 | emitting length of ISAKMP NAT-D Payload: 36 | natd_hash: hasher=0x55cbbebebca0(32) | natd_hash: icookie= 3d 90 5f e6 ea 1c 2d 0d | natd_hash: rcookie= 78 5b 8a ad 9d ad d9 c8 | natd_hash: ip= c0 01 02 17 | natd_hash: port=500 | natd_hash: hash= 91 5c f7 92 e0 5e 3d 47 f2 48 e6 75 9d d2 8d bd | natd_hash: hash= ac b7 63 bc 4c cf 2f 12 e1 7c f1 8e a6 46 1c 25 | ***emit ISAKMP NAT-D Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP NAT-D Payload'.'next payload type' to current ISAKMP NAT-D Payload (20:ISAKMP_NEXT_NATD_RFC) | next payload chain: saving location 'ISAKMP NAT-D Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of NAT-D into ISAKMP NAT-D Payload | NAT-D 91 5c f7 92 e0 5e 3d 47 f2 48 e6 75 9d d2 8d bd | NAT-D ac b7 63 bc 4c cf 2f 12 e1 7c f1 8e a6 46 1c 25 | emitting length of ISAKMP NAT-D Payload: 36 | no IKEv1 message padding required | emitting length of ISAKMP Message: 396 | main inI2_outR2: starting async DH calculation (group=14) | started looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=key4096.testing.libreswan.org, E=user-key4096@testing.libreswan.org of kind PKK_PSK | actually looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=key4096.testing.libreswan.org, E=user-key4096@testing.libreswan.org of kind PKK_PSK | line 0: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org) to type PKK_RSA | line 1: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org) to type PKK_RSA | concluding with best_match=000 best=(nil) (lineno=-1) | no PreShared Key Found | adding main_inI2_outR2_tail work-order 2 for state #1 | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x55cbbf0b0e18 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55cbbf0acff8 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55cbbf0acff8 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 | libevent_malloc: new ptr-libevent@0x55cbbf0acc38 size 128 | #1 main_inI2_outR2_continue1_tail:1165 st->st_calculating = FALSE; | complete v1 state transition with STF_OK | crypto helper 2 resuming | [RE]START processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in complete_v1_state_transition() at ikev1.c:2673) | crypto helper 2 starting work-order 2 for state #1 | crypto helper 2 doing compute dh+iv (V1 Phase 1) (main_inI2_outR2_tail); request ID 2 | #1 is idle; has background offloaded task | doing_xauth:no, t_xauth_client_done:no | IKEv1: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2 | parent state #1: MAIN_R1(open IKE SA) => MAIN_R2(open IKE SA) | event_already_set, deleting event | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x55cbbf0acc38 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55cbbf0acff8 | sending reply packet to 192.1.3.209:500 (from 192.1.2.23:500) | sending 396 bytes for STATE_MAIN_R1 through eth1 from 192.1.2.23:500 to 192.1.3.209:500 (using #1) | 3d 90 5f e6 ea 1c 2d 0d 78 5b 8a ad 9d ad d9 c8 | 04 10 02 00 00 00 00 00 00 00 01 8c 0a 00 01 04 | e4 9e 42 73 5f 64 2c ec 1c 59 96 77 51 19 e9 11 | d6 3c f6 95 e0 90 73 be c7 9c b1 69 a1 da 59 7f | 21 5d 2e f2 bb 96 ad 2c 73 3f 3f 18 69 90 d3 5c | d8 5b a7 fe 91 6c 31 02 f1 3c a0 33 18 17 9c ee | 82 b0 f3 69 b4 b9 aa 5f 32 36 dd 1d fc 10 c4 2b | fc 41 a3 d3 d3 32 74 43 c2 dd d6 b4 c2 cd 17 4f | 39 42 11 44 59 96 92 57 39 98 66 8e cc b4 65 6e | 21 05 07 e2 53 0f da fb f6 99 12 85 da 28 c5 cc | 04 00 9f 26 ab ea 7e f8 12 7f 5a 47 27 59 51 ca | 6c 70 5d 1c 4b 23 78 28 9f 46 c5 67 80 50 dd a6 | c7 b9 41 a5 e0 6b 9a a8 54 e1 3f 06 b3 89 69 92 | 38 06 a4 0e c5 5d 9a 96 56 cb 1e ae 71 b2 c5 b3 | 9c 3a 68 83 dd 59 d7 e6 e2 19 07 32 e4 4e 2a 08 | 8a cb 75 7f 1f c9 04 5b 74 a0 0c 86 0e ac da d5 | a6 fd 3a 65 b1 40 78 79 b5 18 dc ff e8 33 8c 18 | 5e 10 66 42 ae 76 ca 56 06 23 92 57 22 bd 89 07 | 14 00 00 24 61 d2 ab cb 6b 72 31 1d 23 b9 4b 59 | a1 6f eb b2 34 4e 10 31 15 80 1d d5 48 6c 3c 19 | 12 15 72 3c 14 00 00 24 bd a7 19 a2 7b 82 68 66 | 6f 2a 20 8d 68 24 79 75 df 46 68 4b 09 66 a5 f6 | 14 9d c9 42 18 fd 58 03 00 00 00 24 91 5c f7 92 | e0 5e 3d 47 f2 48 e6 75 9d d2 8d bd ac b7 63 bc | 4c cf 2f 12 e1 7c f1 8e a6 46 1c 25 | !event_already_set at reschedule | event_schedule: new EVENT_RETRANSMIT-pe@0x55cbbf0acff8 | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #1 | libevent_malloc: new ptr-libevent@0x55cbbf0acc38 size 128 | #1 STATE_MAIN_R2: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 29793.717851 "x509"[1] 192.1.3.209 #1: STATE_MAIN_R2: sent MR2, expecting MI3 | modecfg pull: noquirk policy:push not-client | phase 1 is done, looking for phase 2 to unpend | resume sending helper answer for #1 suppresed complete_v1_state_transition() | #1 spent 0.328 milliseconds in resume sending helper answer | stop processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f6fa4002888 | crypto helper 2 finished compute dh+iv (V1 Phase 1) (main_inI2_outR2_tail); request ID 2 time elapsed 0.000724 seconds | (#1) spent 0.721 milliseconds in crypto helper computing work-order 2: main_inI2_outR2_tail (pcr) | crypto helper 2 sending results from work-order 2 for state #1 to event queue | scheduling resume sending helper answer for #1 | libevent_malloc: new ptr-libevent@0x7f6f9c000f48 size 128 | crypto helper 2 waiting (nothing to do) | processing resume sending helper answer for #1 | start processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in resume_handler() at server.c:797) | crypto helper 2 replies to request ID 2 | calling continuation function 0x55cbbeb16b50 | main_inI2_outR2_calcdone for #1: calculate DH finished | [RE]START processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in main_inI2_outR2_continue2() at ikev1_main.c:1015) | stop processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in main_inI2_outR2_continue2() at ikev1_main.c:1028) | resume sending helper answer for #1 suppresed complete_v1_state_transition() | #1 spent 0.014 milliseconds in resume sending helper answer | processing: STOP state #0 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f6f9c000f48 | spent 0.00321 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 532 bytes from 192.1.3.209:500 on eth1 (192.1.2.23:500) | 3d 90 5f e6 ea 1c 2d 0d 78 5b 8a ad 9d ad d9 c8 | 84 10 02 00 00 00 00 00 00 00 02 14 00 00 01 f8 | 00 01 01 00 3d 90 5f e6 ea 1c 2d 0d 78 5b 8a ad | 9d ad d9 c8 05 10 02 01 00 00 00 00 00 00 08 4c | 93 d7 2c b5 ed f7 b9 6c da f0 8f 70 09 e4 81 3b | dc 07 29 f4 0b d6 d0 c0 a1 4b 7f 38 ee 71 a5 51 | af aa d2 6c 52 af 4a a1 03 85 90 e5 bd a2 b3 bc | cf 4c 4f df b5 c9 d7 9a ff 04 14 67 ff a8 20 e9 | 66 49 8d 03 00 a7 8d cd 9e b3 92 ec 9f eb ac f0 | 84 94 1f 5b 63 72 d3 8a 51 2d f8 4f ad 9a be f3 | ce cf 05 b6 c7 e5 74 97 22 2b 9d 67 05 4e 0a 63 | 49 88 f2 09 8b a4 33 6a 10 41 3c 14 43 1c a1 ac | b1 bd 13 37 ff b3 2a 97 7f 5f a5 86 e2 63 e7 72 | 14 0d f0 3d 53 06 ee 4b e8 4b 77 31 90 24 f0 fe | 09 57 a8 40 26 f6 0f f9 ac eb 68 80 97 eb e9 91 | 99 c7 83 a9 89 df 72 71 88 07 24 00 d4 b9 7b a3 | 4a 79 e3 c7 1b a8 fb d4 ae b5 9f e7 80 72 d8 2e | 4e 87 aa f4 a3 a3 20 40 88 e9 4b 8e 9f 96 af f2 | 17 3e 67 8c 16 a3 ea 05 27 11 9f 3f 17 3c 31 04 | 03 79 af 9f 9e a1 66 c1 be f0 9c 46 8b 60 2b 26 | b3 17 c8 f0 33 d0 18 d0 da 41 5f d7 85 f1 a9 93 | 4b 8f 29 f2 c8 be 04 42 b9 31 56 b2 f0 c2 0f 32 | 95 a7 23 53 26 bb 34 74 ca 72 a1 fb 2b 37 a4 17 | 6c 4a f9 c8 50 e4 2c 7b 58 51 b6 1e 10 c2 31 af | 47 5e 05 bf 33 8f 60 60 7e 71 29 0c ee 8b cf 0c | 2e 8c 2d 48 b7 f7 ac 58 38 7e 2c 62 b0 e9 0a 82 | 91 be 8c 18 88 23 11 d8 87 d4 ef 1c e9 eb 88 41 | 13 9f 0c 0c fc d6 a3 44 d9 e2 0b 07 a1 b3 6a be | 9f 2a 25 be b3 cb 71 09 04 43 85 ac a4 a8 8f 42 | 11 57 59 a0 19 e9 18 4a a7 82 5d f1 97 03 0c 4a | 02 57 61 59 92 98 a3 ad 0e d5 83 ad 0a 67 d1 0f | 76 d7 3f 12 78 ea 9d d0 51 70 98 ab e5 4b fc 98 | f2 a6 98 cb ce 9c fc 7b c6 4a 73 4d d5 0a 90 4e | 40 5e 47 54 | start processing: from 192.1.3.209:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 3d 90 5f e6 ea 1c 2d 0d | responder cookie: | 78 5b 8a ad 9d ad d9 c8 | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 532 (0x214) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) | start processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_v1_packet() at ikev1.c:1459) | ***parse ISAKMP IKE Fragment Payload: | length: 504 (0x1f8) | fragment id: 1 (0x1) | fragment number: 1 (0x1) | flags: 0 (0x0) | received IKE fragment id '1', number '1' | stop processing: from 192.1.3.209:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.142 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00168 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 532 bytes from 192.1.3.209:500 on eth1 (192.1.2.23:500) | 3d 90 5f e6 ea 1c 2d 0d 78 5b 8a ad 9d ad d9 c8 | 84 10 02 00 00 00 00 00 00 00 02 14 00 00 01 f8 | 00 01 02 00 4b d9 5c 57 31 fe 7a e4 66 7a e3 44 | 00 96 a6 04 c1 e9 22 2d 22 a3 36 35 cd 54 2e f4 | 19 e9 01 2e cf 3c 03 b8 c5 eb 5d 3f 7c b2 14 76 | 5d 1c 93 a8 22 f0 b6 2a 64 92 c3 ac 85 a6 07 26 | 39 b8 7e d6 a7 3b 38 62 48 6b 6d 28 33 9b 14 6f | d8 9a de 65 3a f1 a9 44 71 85 ba e8 bc 69 27 8c | 9f 77 fc 75 8e e3 f9 b1 52 e6 27 82 9d 61 e2 16 | ea 6b 5b 4b 62 ca ec 48 f7 4e 8d ff e2 76 d2 c1 | 1a 3f db 61 ad 80 16 17 70 3f cf 7a d5 c5 da d3 | cd 67 40 55 99 8a e4 c6 f4 50 14 17 cc 82 27 6c | bd 62 54 07 83 5e ee ac 4b ad 38 ed 87 14 e3 59 | 5e d0 e7 75 a8 46 29 2e 75 9b 3f d0 d6 8b 48 52 | 7b 20 83 38 fb fa 3a 3c ab 31 f6 a1 cd d8 9d 3d | 18 92 f0 5c 24 a5 fb 20 a3 90 5b 1d 31 be a0 5f | 1f ee 95 0a d6 1a 42 9b ec 49 03 6e bc ff c8 58 | 49 ca 9e 26 4c d6 ce be 5f d4 e3 e5 c8 3b 25 a8 | f2 34 fb 2e a9 0d 61 4a d1 8c 2f a7 48 d6 c0 12 | dd f3 87 c3 b3 52 83 39 d3 9f 9e 17 2a fb 44 84 | cc 59 54 7f 15 4a bd dd d5 00 7d 4e d5 dc d4 5c | 2f 1b 20 4e 0f 22 4a e1 af a2 0e cd 50 7c 34 c6 | c8 2f 9d c3 f8 5d 71 d1 e8 b4 82 6b cb 72 b7 e5 | 07 6f d6 e1 dd 82 c1 06 d6 62 f4 78 f7 8d d3 97 | 4e ca 02 d4 f8 d6 68 65 fd c4 4b a1 96 52 c7 44 | 60 0d 7e d8 4a b9 26 ef 31 41 e1 d8 d3 44 66 c7 | 12 79 af 20 a2 72 c4 22 75 74 48 5e e1 3b 23 91 | 2c a6 f4 83 80 36 76 81 ca 47 d1 e8 4a c8 f4 9e | e3 83 2e 7c f8 c3 d5 66 12 b6 36 65 ea e2 7f 05 | 05 20 28 08 4f 7e fd 0d 83 a0 55 1b 3d dc dc 7f | e8 4a 87 44 64 9c e5 4d 23 94 60 3c c1 ed 3a 7f | 28 e2 a8 7e 09 92 93 b1 f4 5e e8 a1 21 99 88 ee | b5 3a 3c 91 63 bf b7 f4 cd 86 e0 53 50 88 19 1d | a6 ec 1d 6c | start processing: from 192.1.3.209:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 3d 90 5f e6 ea 1c 2d 0d | responder cookie: | 78 5b 8a ad 9d ad d9 c8 | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 532 (0x214) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) | start processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_v1_packet() at ikev1.c:1459) | ***parse ISAKMP IKE Fragment Payload: | length: 504 (0x1f8) | fragment id: 1 (0x1) | fragment number: 2 (0x2) | flags: 0 (0x0) | received IKE fragment id '1', number '2' | stop processing: from 192.1.3.209:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.124 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00146 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 532 bytes from 192.1.3.209:500 on eth1 (192.1.2.23:500) | 3d 90 5f e6 ea 1c 2d 0d 78 5b 8a ad 9d ad d9 c8 | 84 10 02 00 00 00 00 00 00 00 02 14 00 00 01 f8 | 00 01 03 00 f3 3e e2 63 75 83 32 2d cb 32 90 3f | da 14 f9 c1 b9 80 ee e4 94 0f 55 a0 67 21 1e 6f | 17 c3 f7 55 94 2e 62 8a 7d 56 3a d6 0a 78 75 63 | e2 72 a1 a3 81 e3 8a 47 0d ba c8 60 24 33 ca 34 | 35 99 b1 4b 38 9f 88 32 50 bb eb ac 08 de 98 c9 | 9d e1 61 be 7d 17 7e f3 5a 01 e8 2d c4 e2 60 80 | 0d 1a ae 9c 31 39 73 90 9f 5e cb 21 72 10 d2 d0 | 0d 45 eb 92 bd 69 9c 33 f7 6f 7d 57 34 5e 12 f4 | 28 73 a9 f3 29 a8 b6 4a 85 ed f6 1b f1 ee 9f 57 | 22 78 e0 e2 62 48 df 64 97 8c 1a d7 e4 3e 15 b0 | 26 bb 94 6c 4a 58 34 74 81 00 07 60 11 48 4a f4 | fc 06 ad e5 d3 0f 8c 22 f7 a1 a2 81 53 f7 c9 36 | b6 d9 47 d5 9e 82 4d eb bd 34 a4 c0 d3 00 e1 e2 | 04 7a 4f 2e be 38 01 a0 d8 fa ef 6d fd dc 95 95 | 6e 6e 13 de bb 8c 69 9d 34 a0 dc b9 04 65 90 e2 | 12 45 ac 01 72 30 a0 39 1f 87 5e 58 e0 5f b4 de | eb 97 a8 66 2a 8c fb 17 9a fc 15 b3 9c 86 e0 65 | fd 56 d5 7d 3c db 7d b3 b1 b0 6f 36 48 77 de fd | 83 14 17 aa 2a 20 1e c5 ae c2 6d ca 33 1f 87 a6 | 7b ba 25 79 5e d1 ce 22 24 40 54 f4 76 46 42 36 | 4a 65 9b 4b b8 ad a7 ab a9 91 7b 37 f1 aa 04 42 | 15 1e 65 44 ed 1d 4d b9 10 ab d9 58 bc 86 49 6e | 68 00 6a 4b fb 07 f9 99 1b 3e 3e db 0d 65 b5 09 | bf 86 66 65 41 fa b4 c8 0e da 65 4c cd c4 ec c1 | c8 18 d2 98 b7 9c 8f e2 ba 90 62 95 6f d1 49 8d | b0 9f b6 fe 5a 62 d7 d6 18 ac d9 a5 02 69 d0 0a | eb 35 20 e2 29 4d df d8 f9 3e 63 11 97 d3 84 cb | b5 0e 52 a3 84 23 0e 54 e0 f9 c6 af 67 29 3a d1 | 5c 5e 44 b2 ce 37 76 23 84 a7 93 b1 14 5d 85 37 | db 03 39 fb d1 2a 29 12 81 69 cd 6e ae 93 29 b2 | 4d 04 f6 93 7e 0b 38 d0 4e ca 1b 12 e7 5a bf 09 | f7 dd 4f 73 | start processing: from 192.1.3.209:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 3d 90 5f e6 ea 1c 2d 0d | responder cookie: | 78 5b 8a ad 9d ad d9 c8 | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 532 (0x214) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) | start processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_v1_packet() at ikev1.c:1459) | ***parse ISAKMP IKE Fragment Payload: | length: 504 (0x1f8) | fragment id: 1 (0x1) | fragment number: 3 (0x3) | flags: 0 (0x0) | received IKE fragment id '1', number '3' | stop processing: from 192.1.3.209:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.123 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00129 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 532 bytes from 192.1.3.209:500 on eth1 (192.1.2.23:500) | 3d 90 5f e6 ea 1c 2d 0d 78 5b 8a ad 9d ad d9 c8 | 84 10 02 00 00 00 00 00 00 00 02 14 00 00 01 f8 | 00 01 04 00 8d 68 2d 0a 59 e7 10 ac 06 ba 11 3f | a0 23 3b d8 02 e3 16 e6 24 f4 d8 24 47 52 2f 19 | 6d 72 2a 3d 24 28 d3 26 a6 34 f5 18 be 52 18 20 | 7a b2 c2 01 3d 19 c3 14 f5 76 8c 03 85 35 ce cd | de e1 89 dd b2 5d 87 6e 27 1f 84 91 bb d7 67 0a | ae 93 10 04 41 65 5c 7f 74 3a 23 34 6a ec 19 f1 | 15 76 c9 20 58 59 fe cc ba d1 7e cb 0c 9a 25 20 | 59 c2 2b a1 34 44 17 c7 8c bf 75 b0 15 0b 8e 9b | 49 32 15 2f 33 d9 61 20 87 a9 c5 84 16 a0 2f 65 | 1f 6c d1 aa 14 65 75 56 a0 b2 9d c2 bf 5e bf f5 | 55 bf 21 11 07 6c f1 80 de e5 2b 49 b1 be 62 92 | a5 33 6c f1 bc cc e3 39 a9 63 89 36 99 e2 b1 a9 | e9 17 85 20 2a 6b ff 5b c0 4a 0d 4b 57 9d 4e 82 | 12 0f c3 3b ee 20 05 3f 64 fa fb 20 bb 80 d7 be | ac 22 5c 4c 2f 56 34 b2 86 64 c1 f2 02 fe b5 be | 5b 27 57 4f 59 d9 29 3b 2c ac ab 8b 1e 58 37 66 | f2 0f 2f 20 39 e9 87 83 63 e4 df 93 db e8 80 1c | de 8d 78 b9 e3 b3 bd d3 20 13 6e f8 86 58 fa 30 | 28 5d 14 85 ba 8a 7c fb 10 82 69 93 8e 27 b7 09 | 29 fd 10 eb 55 7d b8 9b d3 e2 9d c7 d4 b0 e3 b5 | 37 88 a0 e1 49 13 ac df 9b dd f3 43 6f 16 3f d7 | 4c 27 04 9b a4 c8 34 c8 6d ca 3b 73 1b 3c 69 21 | 4f d9 f6 e6 8b 4c c3 6c fd 3c 15 3e 2e b4 c7 43 | ca c2 5e 45 04 91 50 5b b6 3e 70 90 56 68 43 c5 | 3d 08 1e d7 fd 75 97 15 fe 79 3d 4f 3f 6b 47 0a | 93 55 03 94 4b 94 76 83 71 87 b7 0e d9 d6 1f f4 | ba 40 e4 c2 f6 61 58 9f 2e 9e f2 0b b8 ae e1 ab | 04 16 bb 2a c6 fe c3 cf 5a 25 46 82 18 a4 b9 c5 | 9c 1e da 1c af c4 ef e1 86 1a d1 ff bc 41 e3 68 | ca e4 9f 5f 04 1f 8b db 9e bb 7c 3b 3a 8a 37 ed | 3f 1b c9 76 ea 91 87 43 ad b2 0f d6 f1 d4 90 22 | 5c ff b3 2b | start processing: from 192.1.3.209:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 3d 90 5f e6 ea 1c 2d 0d | responder cookie: | 78 5b 8a ad 9d ad d9 c8 | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 532 (0x214) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) | start processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_v1_packet() at ikev1.c:1459) | ***parse ISAKMP IKE Fragment Payload: | length: 504 (0x1f8) | fragment id: 1 (0x1) | fragment number: 4 (0x4) | flags: 0 (0x0) | received IKE fragment id '1', number '4' | stop processing: from 192.1.3.209:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.12 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00167 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 176 bytes from 192.1.3.209:500 on eth1 (192.1.2.23:500) | 3d 90 5f e6 ea 1c 2d 0d 78 5b 8a ad 9d ad d9 c8 | 84 10 02 00 00 00 00 00 00 00 00 b0 00 00 00 94 | 00 01 05 01 a7 9f 82 a4 86 23 a2 0a 50 2b ba f9 | 25 2d 89 ef ef 97 f3 55 8f 53 c4 41 e9 f7 4c d4 | 8f da 4f b4 b2 53 82 96 0f 1e 9f d8 18 b8 45 e0 | a9 23 ca 6c 01 17 c2 fe db 87 29 6e c6 dc 5f 27 | 9c 0d 2d fd ea 4d 72 f9 7f 58 dd eb 6e 0b 1b 1f | 72 b5 2f ea bd 06 42 d2 01 f1 09 42 54 1b 1b 2d | 97 49 55 11 94 ae 6a b6 78 e6 9c 85 a0 33 39 83 | 33 7b f4 68 41 22 14 c5 ed af 56 f4 db 57 b7 65 | a8 31 77 01 d4 e1 8e aa 92 82 d7 19 7e 47 3a 8d | start processing: from 192.1.3.209:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 3d 90 5f e6 ea 1c 2d 0d | responder cookie: | 78 5b 8a ad 9d ad d9 c8 | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 176 (0xb0) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) | start processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_v1_packet() at ikev1.c:1459) | ***parse ISAKMP IKE Fragment Payload: | length: 148 (0x94) | fragment id: 1 (0x1) | fragment number: 5 (0x5) | flags: 1 (0x1) | received IKE fragment id '1', number '5'(last) | **parse ISAKMP Message: | initiator cookie: | 3d 90 5f e6 ea 1c 2d 0d | responder cookie: | 78 5b 8a ad 9d ad d9 c8 | next payload type: ISAKMP_NEXT_ID (0x5) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 0 (0x0) | length: 2124 (0x84c) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) | [RE]START processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_v1_packet() at ikev1.c:1459) | #1 is idle | #1 idle | received encrypted packet from 192.1.3.209:500 | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x220 opt: 0x20c0 | ***parse ISAKMP Identification Payload: | next payload type: ISAKMP_NEXT_CERT (0x6) | length: 197 (0xc5) | ID type: ID_DER_ASN1_DN (0x9) | DOI specific A: 0 (0x0) | DOI specific B: 0 (0x0) | obj: 30 81 ba 31 0b 30 09 06 03 55 04 06 13 02 43 41 | obj: 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 | obj: 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 | obj: 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c | obj: 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 | obj: 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 | obj: 6e 74 31 26 30 24 06 03 55 04 03 0c 1d 6b 65 79 | obj: 34 30 39 36 2e 74 65 73 74 69 6e 67 2e 6c 69 62 | obj: 72 65 73 77 61 6e 2e 6f 72 67 31 31 30 2f 06 09 | obj: 2a 86 48 86 f7 0d 01 09 01 16 22 75 73 65 72 2d | obj: 6b 65 79 34 30 39 36 40 74 65 73 74 69 6e 67 2e | obj: 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 | got payload 0x40 (ISAKMP_NEXT_CERT) needed: 0x200 opt: 0x20c0 | ***parse ISAKMP Certificate Payload: | next payload type: ISAKMP_NEXT_CR (0x7) | length: 1366 (0x556) | cert encoding: CERT_X509_SIGNATURE (0x4) | got payload 0x80 (ISAKMP_NEXT_CR) needed: 0x200 opt: 0x20c0 | ***parse ISAKMP Certificate RequestPayload: | next payload type: ISAKMP_NEXT_SIG (0x9) | length: 5 (0x5) | cert type: CERT_X509_SIGNATURE (0x4) | got payload 0x200 (ISAKMP_NEXT_SIG) needed: 0x200 opt: 0x20c0 | ***parse ISAKMP Signature Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 516 (0x204) | removing 12 bytes of padding | message 'main_inI3_outR3' HASH payload not checked early | DER ASN1 DN: 30 81 ba 31 0b 30 09 06 03 55 04 06 13 02 43 41 | DER ASN1 DN: 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 | DER ASN1 DN: 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 | DER ASN1 DN: 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c | DER ASN1 DN: 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 | DER ASN1 DN: 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 | DER ASN1 DN: 6e 74 31 26 30 24 06 03 55 04 03 0c 1d 6b 65 79 | DER ASN1 DN: 34 30 39 36 2e 74 65 73 74 69 6e 67 2e 6c 69 62 | DER ASN1 DN: 72 65 73 77 61 6e 2e 6f 72 67 31 31 30 2f 06 09 | DER ASN1 DN: 2a 86 48 86 f7 0d 01 09 01 16 22 75 73 65 72 2d | DER ASN1 DN: 6b 65 79 34 30 39 36 40 74 65 73 74 69 6e 67 2e | DER ASN1 DN: 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 "x509"[1] 192.1.3.209 #1: Peer ID is ID_DER_ASN1_DN: 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=key4096.testing.libreswan.org, E=user-key4096@testing.libreswan.org' | global one-shot timer EVENT_FREE_ROOT_CERTS scheduled in 300 seconds loading root certificate cache | spent 2.65 milliseconds in get_root_certs() calling PK11_ListCertsInSlot() | spent 0.0153 milliseconds in get_root_certs() filtering CAs | #1 spent 2.69 milliseconds in find_and_verify_certs() calling get_root_certs() | checking for known CERT payloads | saving certificate of type 'X509_SIGNATURE' | decoded cert: E=user-key4096@testing.libreswan.org,CN=key4096.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA | #1 spent 0.18 milliseconds in find_and_verify_certs() calling decode_cert_payloads() | cert_issuer_has_current_crl: looking for a CRL issued by E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA | #1 spent 0.0308 milliseconds in find_and_verify_certs() calling crl_update_check() | missing or expired CRL | crl_strict: 0, ocsp: 0, ocsp_strict: 0, ocsp_post: 0 | verify_end_cert trying profile IPsec "x509"[1] 192.1.3.209 #1: Certificate E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA failed IPsec verification "x509"[1] 192.1.3.209 #1: ERROR: The certificate was signed using a signature algorithm that is disabled because it is not secure. | #1 spent 0.293 milliseconds in find_and_verify_certs() calling verify_end_cert() "x509"[1] 192.1.3.209 #1: X509: Certificate rejected for this connection "x509"[1] 192.1.3.209 #1: X509: CERT payload bogus or revoked | Peer ID failed to decode | complete v1 state transition with INVALID_ID_INFORMATION | [RE]START processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in complete_v1_state_transition() at ikev1.c:2673) | #1 is idle "x509"[1] 192.1.3.209 #1: sending encrypted notification INVALID_ID_INFORMATION to 192.1.3.209:500 | **emit ISAKMP Message: | initiator cookie: | 3d 90 5f e6 ea 1c 2d 0d | responder cookie: | 78 5b 8a ad 9d ad d9 c8 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_INFO (0x5) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 2853005198 (0xaa0d678e) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'notification msg' | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload | emitting length of ISAKMP Hash Payload: 36 | ***emit ISAKMP Notification Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | DOI: ISAKMP_DOI_IPSEC (0x1) | protocol ID: 1 (0x1) | SPI size: 0 (0x0) | Notify Message Type: INVALID_ID_INFORMATION (0x12) | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Notification Payload (11:ISAKMP_NEXT_N) | next payload chain: saving location 'ISAKMP Notification Payload'.'next payload type' in 'notification msg' | emitting length of ISAKMP Notification Payload: 12 | send notification HASH(1): | a0 b1 a4 62 43 33 26 56 e9 5a 8f 2c 2e 96 02 44 | 77 41 a7 4f 9d 98 4f 1f d4 32 8d 5b 3a 0a a7 d7 | no IKEv1 message padding required | emitting length of ISAKMP Message: 76 | sending 76 bytes for notification packet through eth1 from 192.1.2.23:500 to 192.1.3.209:500 (using #1) | 3d 90 5f e6 ea 1c 2d 0d 78 5b 8a ad 9d ad d9 c8 | 08 10 05 01 aa 0d 67 8e 00 00 00 4c 13 70 70 cf | 99 ec 29 25 f3 7d c5 70 bb 8e 48 86 d3 13 fe 09 | aa 0c e9 37 22 a5 b7 24 f6 a2 cf 73 88 8c d6 45 | 33 46 f1 e2 37 53 7c 6f f2 e2 b4 4e | state transition function for STATE_MAIN_R2 failed: INVALID_ID_INFORMATION | #1 spent 3.46 milliseconds in process_packet_tail() | updated IKE fragment state to respond using fragments without waiting for re-transmits | stop processing: from 192.1.3.209:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 3.67 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00385 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 532 bytes from 192.1.3.209:500 on eth1 (192.1.2.23:500) | 3d 90 5f e6 ea 1c 2d 0d 78 5b 8a ad 9d ad d9 c8 | 84 10 02 00 00 00 00 00 00 00 02 14 00 00 01 f8 | 00 01 01 00 3d 90 5f e6 ea 1c 2d 0d 78 5b 8a ad | 9d ad d9 c8 05 10 02 01 00 00 00 00 00 00 08 4c | 93 d7 2c b5 ed f7 b9 6c da f0 8f 70 09 e4 81 3b | dc 07 29 f4 0b d6 d0 c0 a1 4b 7f 38 ee 71 a5 51 | af aa d2 6c 52 af 4a a1 03 85 90 e5 bd a2 b3 bc | cf 4c 4f df b5 c9 d7 9a ff 04 14 67 ff a8 20 e9 | 66 49 8d 03 00 a7 8d cd 9e b3 92 ec 9f eb ac f0 | 84 94 1f 5b 63 72 d3 8a 51 2d f8 4f ad 9a be f3 | ce cf 05 b6 c7 e5 74 97 22 2b 9d 67 05 4e 0a 63 | 49 88 f2 09 8b a4 33 6a 10 41 3c 14 43 1c a1 ac | b1 bd 13 37 ff b3 2a 97 7f 5f a5 86 e2 63 e7 72 | 14 0d f0 3d 53 06 ee 4b e8 4b 77 31 90 24 f0 fe | 09 57 a8 40 26 f6 0f f9 ac eb 68 80 97 eb e9 91 | 99 c7 83 a9 89 df 72 71 88 07 24 00 d4 b9 7b a3 | 4a 79 e3 c7 1b a8 fb d4 ae b5 9f e7 80 72 d8 2e | 4e 87 aa f4 a3 a3 20 40 88 e9 4b 8e 9f 96 af f2 | 17 3e 67 8c 16 a3 ea 05 27 11 9f 3f 17 3c 31 04 | 03 79 af 9f 9e a1 66 c1 be f0 9c 46 8b 60 2b 26 | b3 17 c8 f0 33 d0 18 d0 da 41 5f d7 85 f1 a9 93 | 4b 8f 29 f2 c8 be 04 42 b9 31 56 b2 f0 c2 0f 32 | 95 a7 23 53 26 bb 34 74 ca 72 a1 fb 2b 37 a4 17 | 6c 4a f9 c8 50 e4 2c 7b 58 51 b6 1e 10 c2 31 af | 47 5e 05 bf 33 8f 60 60 7e 71 29 0c ee 8b cf 0c | 2e 8c 2d 48 b7 f7 ac 58 38 7e 2c 62 b0 e9 0a 82 | 91 be 8c 18 88 23 11 d8 87 d4 ef 1c e9 eb 88 41 | 13 9f 0c 0c fc d6 a3 44 d9 e2 0b 07 a1 b3 6a be | 9f 2a 25 be b3 cb 71 09 04 43 85 ac a4 a8 8f 42 | 11 57 59 a0 19 e9 18 4a a7 82 5d f1 97 03 0c 4a | 02 57 61 59 92 98 a3 ad 0e d5 83 ad 0a 67 d1 0f | 76 d7 3f 12 78 ea 9d d0 51 70 98 ab e5 4b fc 98 | f2 a6 98 cb ce 9c fc 7b c6 4a 73 4d d5 0a 90 4e | 40 5e 47 54 | start processing: from 192.1.3.209:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 3d 90 5f e6 ea 1c 2d 0d | responder cookie: | 78 5b 8a ad 9d ad d9 c8 | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 532 (0x214) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) | start processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_v1_packet() at ikev1.c:1459) | ***parse ISAKMP IKE Fragment Payload: | length: 504 (0x1f8) | fragment id: 1 (0x1) | fragment number: 1 (0x1) | flags: 0 (0x0) | received IKE fragment id '1', number '1' | stop processing: from 192.1.3.209:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.173 milliseconds in comm_handle_cb() reading and processing packet | timer_event_cb: processing event@0x55cbbf0acff8 | handling event EVENT_RETRANSMIT for parent state #1 | start processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in timer_event_cb() at timer.c:250) | IKEv1 retransmit event | [RE]START processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in retransmit_v1_msg() at retry.c:61) | handling event EVENT_RETRANSMIT for 192.1.3.209 "x509"[1] 192.1.3.209 #1 keying attempt 0 of 0; retransmit 1 | retransmits: current time 29794.221066; retransmit count 0 exceeds limit? NO; deltatime 0.5 exceeds limit? NO; monotime 0.503215 exceeds limit? NO | event_schedule: new EVENT_RETRANSMIT-pe@0x55cbbf0c0588 | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #1 | libevent_malloc: new ptr-libevent@0x55cbbf0d5c58 size 128 "x509"[1] 192.1.3.209 #1: STATE_MAIN_R2: retransmission; will wait 0.5 seconds for response | sending 396 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.3.209:500 (using #1) | 3d 90 5f e6 ea 1c 2d 0d 78 5b 8a ad 9d ad d9 c8 | 04 10 02 00 00 00 00 00 00 00 01 8c 0a 00 01 04 | e4 9e 42 73 5f 64 2c ec 1c 59 96 77 51 19 e9 11 | d6 3c f6 95 e0 90 73 be c7 9c b1 69 a1 da 59 7f | 21 5d 2e f2 bb 96 ad 2c 73 3f 3f 18 69 90 d3 5c | d8 5b a7 fe 91 6c 31 02 f1 3c a0 33 18 17 9c ee | 82 b0 f3 69 b4 b9 aa 5f 32 36 dd 1d fc 10 c4 2b | fc 41 a3 d3 d3 32 74 43 c2 dd d6 b4 c2 cd 17 4f | 39 42 11 44 59 96 92 57 39 98 66 8e cc b4 65 6e | 21 05 07 e2 53 0f da fb f6 99 12 85 da 28 c5 cc | 04 00 9f 26 ab ea 7e f8 12 7f 5a 47 27 59 51 ca | 6c 70 5d 1c 4b 23 78 28 9f 46 c5 67 80 50 dd a6 | c7 b9 41 a5 e0 6b 9a a8 54 e1 3f 06 b3 89 69 92 | 38 06 a4 0e c5 5d 9a 96 56 cb 1e ae 71 b2 c5 b3 | 9c 3a 68 83 dd 59 d7 e6 e2 19 07 32 e4 4e 2a 08 | 8a cb 75 7f 1f c9 04 5b 74 a0 0c 86 0e ac da d5 | a6 fd 3a 65 b1 40 78 79 b5 18 dc ff e8 33 8c 18 | 5e 10 66 42 ae 76 ca 56 06 23 92 57 22 bd 89 07 | 14 00 00 24 61 d2 ab cb 6b 72 31 1d 23 b9 4b 59 | a1 6f eb b2 34 4e 10 31 15 80 1d d5 48 6c 3c 19 | 12 15 72 3c 14 00 00 24 bd a7 19 a2 7b 82 68 66 | 6f 2a 20 8d 68 24 79 75 df 46 68 4b 09 66 a5 f6 | 14 9d c9 42 18 fd 58 03 00 00 00 24 91 5c f7 92 | e0 5e 3d 47 f2 48 e6 75 9d d2 8d bd ac b7 63 bc | 4c cf 2f 12 e1 7c f1 8e a6 46 1c 25 | libevent_free: release ptr-libevent@0x55cbbf0acc38 | free_event_entry: release EVENT_RETRANSMIT-pe@0x55cbbf0acff8 | #1 spent 0.104 milliseconds in timer_event_cb() EVENT_RETRANSMIT | stop processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in timer_event_cb() at timer.c:557) | spent 0.00159 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 532 bytes from 192.1.3.209:500 on eth1 (192.1.2.23:500) | 3d 90 5f e6 ea 1c 2d 0d 78 5b 8a ad 9d ad d9 c8 | 84 10 02 00 00 00 00 00 00 00 02 14 00 00 01 f8 | 00 01 02 00 4b d9 5c 57 31 fe 7a e4 66 7a e3 44 | 00 96 a6 04 c1 e9 22 2d 22 a3 36 35 cd 54 2e f4 | 19 e9 01 2e cf 3c 03 b8 c5 eb 5d 3f 7c b2 14 76 | 5d 1c 93 a8 22 f0 b6 2a 64 92 c3 ac 85 a6 07 26 | 39 b8 7e d6 a7 3b 38 62 48 6b 6d 28 33 9b 14 6f | d8 9a de 65 3a f1 a9 44 71 85 ba e8 bc 69 27 8c | 9f 77 fc 75 8e e3 f9 b1 52 e6 27 82 9d 61 e2 16 | ea 6b 5b 4b 62 ca ec 48 f7 4e 8d ff e2 76 d2 c1 | 1a 3f db 61 ad 80 16 17 70 3f cf 7a d5 c5 da d3 | cd 67 40 55 99 8a e4 c6 f4 50 14 17 cc 82 27 6c | bd 62 54 07 83 5e ee ac 4b ad 38 ed 87 14 e3 59 | 5e d0 e7 75 a8 46 29 2e 75 9b 3f d0 d6 8b 48 52 | 7b 20 83 38 fb fa 3a 3c ab 31 f6 a1 cd d8 9d 3d | 18 92 f0 5c 24 a5 fb 20 a3 90 5b 1d 31 be a0 5f | 1f ee 95 0a d6 1a 42 9b ec 49 03 6e bc ff c8 58 | 49 ca 9e 26 4c d6 ce be 5f d4 e3 e5 c8 3b 25 a8 | f2 34 fb 2e a9 0d 61 4a d1 8c 2f a7 48 d6 c0 12 | dd f3 87 c3 b3 52 83 39 d3 9f 9e 17 2a fb 44 84 | cc 59 54 7f 15 4a bd dd d5 00 7d 4e d5 dc d4 5c | 2f 1b 20 4e 0f 22 4a e1 af a2 0e cd 50 7c 34 c6 | c8 2f 9d c3 f8 5d 71 d1 e8 b4 82 6b cb 72 b7 e5 | 07 6f d6 e1 dd 82 c1 06 d6 62 f4 78 f7 8d d3 97 | 4e ca 02 d4 f8 d6 68 65 fd c4 4b a1 96 52 c7 44 | 60 0d 7e d8 4a b9 26 ef 31 41 e1 d8 d3 44 66 c7 | 12 79 af 20 a2 72 c4 22 75 74 48 5e e1 3b 23 91 | 2c a6 f4 83 80 36 76 81 ca 47 d1 e8 4a c8 f4 9e | e3 83 2e 7c f8 c3 d5 66 12 b6 36 65 ea e2 7f 05 | 05 20 28 08 4f 7e fd 0d 83 a0 55 1b 3d dc dc 7f | e8 4a 87 44 64 9c e5 4d 23 94 60 3c c1 ed 3a 7f | 28 e2 a8 7e 09 92 93 b1 f4 5e e8 a1 21 99 88 ee | b5 3a 3c 91 63 bf b7 f4 cd 86 e0 53 50 88 19 1d | a6 ec 1d 6c | start processing: from 192.1.3.209:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 3d 90 5f e6 ea 1c 2d 0d | responder cookie: | 78 5b 8a ad 9d ad d9 c8 | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 532 (0x214) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) | start processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_v1_packet() at ikev1.c:1459) | ***parse ISAKMP IKE Fragment Payload: | length: 504 (0x1f8) | fragment id: 1 (0x1) | fragment number: 2 (0x2) | flags: 0 (0x0) | received IKE fragment id '1', number '2' | stop processing: from 192.1.3.209:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.11 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00142 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 532 bytes from 192.1.3.209:500 on eth1 (192.1.2.23:500) | 3d 90 5f e6 ea 1c 2d 0d 78 5b 8a ad 9d ad d9 c8 | 84 10 02 00 00 00 00 00 00 00 02 14 00 00 01 f8 | 00 01 03 00 f3 3e e2 63 75 83 32 2d cb 32 90 3f | da 14 f9 c1 b9 80 ee e4 94 0f 55 a0 67 21 1e 6f | 17 c3 f7 55 94 2e 62 8a 7d 56 3a d6 0a 78 75 63 | e2 72 a1 a3 81 e3 8a 47 0d ba c8 60 24 33 ca 34 | 35 99 b1 4b 38 9f 88 32 50 bb eb ac 08 de 98 c9 | 9d e1 61 be 7d 17 7e f3 5a 01 e8 2d c4 e2 60 80 | 0d 1a ae 9c 31 39 73 90 9f 5e cb 21 72 10 d2 d0 | 0d 45 eb 92 bd 69 9c 33 f7 6f 7d 57 34 5e 12 f4 | 28 73 a9 f3 29 a8 b6 4a 85 ed f6 1b f1 ee 9f 57 | 22 78 e0 e2 62 48 df 64 97 8c 1a d7 e4 3e 15 b0 | 26 bb 94 6c 4a 58 34 74 81 00 07 60 11 48 4a f4 | fc 06 ad e5 d3 0f 8c 22 f7 a1 a2 81 53 f7 c9 36 | b6 d9 47 d5 9e 82 4d eb bd 34 a4 c0 d3 00 e1 e2 | 04 7a 4f 2e be 38 01 a0 d8 fa ef 6d fd dc 95 95 | 6e 6e 13 de bb 8c 69 9d 34 a0 dc b9 04 65 90 e2 | 12 45 ac 01 72 30 a0 39 1f 87 5e 58 e0 5f b4 de | eb 97 a8 66 2a 8c fb 17 9a fc 15 b3 9c 86 e0 65 | fd 56 d5 7d 3c db 7d b3 b1 b0 6f 36 48 77 de fd | 83 14 17 aa 2a 20 1e c5 ae c2 6d ca 33 1f 87 a6 | 7b ba 25 79 5e d1 ce 22 24 40 54 f4 76 46 42 36 | 4a 65 9b 4b b8 ad a7 ab a9 91 7b 37 f1 aa 04 42 | 15 1e 65 44 ed 1d 4d b9 10 ab d9 58 bc 86 49 6e | 68 00 6a 4b fb 07 f9 99 1b 3e 3e db 0d 65 b5 09 | bf 86 66 65 41 fa b4 c8 0e da 65 4c cd c4 ec c1 | c8 18 d2 98 b7 9c 8f e2 ba 90 62 95 6f d1 49 8d | b0 9f b6 fe 5a 62 d7 d6 18 ac d9 a5 02 69 d0 0a | eb 35 20 e2 29 4d df d8 f9 3e 63 11 97 d3 84 cb | b5 0e 52 a3 84 23 0e 54 e0 f9 c6 af 67 29 3a d1 | 5c 5e 44 b2 ce 37 76 23 84 a7 93 b1 14 5d 85 37 | db 03 39 fb d1 2a 29 12 81 69 cd 6e ae 93 29 b2 | 4d 04 f6 93 7e 0b 38 d0 4e ca 1b 12 e7 5a bf 09 | f7 dd 4f 73 | start processing: from 192.1.3.209:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 3d 90 5f e6 ea 1c 2d 0d | responder cookie: | 78 5b 8a ad 9d ad d9 c8 | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 532 (0x214) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) | start processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_v1_packet() at ikev1.c:1459) | ***parse ISAKMP IKE Fragment Payload: | length: 504 (0x1f8) | fragment id: 1 (0x1) | fragment number: 3 (0x3) | flags: 0 (0x0) | received IKE fragment id '1', number '3' | stop processing: from 192.1.3.209:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.103 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00136 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 532 bytes from 192.1.3.209:500 on eth1 (192.1.2.23:500) | 3d 90 5f e6 ea 1c 2d 0d 78 5b 8a ad 9d ad d9 c8 | 84 10 02 00 00 00 00 00 00 00 02 14 00 00 01 f8 | 00 01 04 00 8d 68 2d 0a 59 e7 10 ac 06 ba 11 3f | a0 23 3b d8 02 e3 16 e6 24 f4 d8 24 47 52 2f 19 | 6d 72 2a 3d 24 28 d3 26 a6 34 f5 18 be 52 18 20 | 7a b2 c2 01 3d 19 c3 14 f5 76 8c 03 85 35 ce cd | de e1 89 dd b2 5d 87 6e 27 1f 84 91 bb d7 67 0a | ae 93 10 04 41 65 5c 7f 74 3a 23 34 6a ec 19 f1 | 15 76 c9 20 58 59 fe cc ba d1 7e cb 0c 9a 25 20 | 59 c2 2b a1 34 44 17 c7 8c bf 75 b0 15 0b 8e 9b | 49 32 15 2f 33 d9 61 20 87 a9 c5 84 16 a0 2f 65 | 1f 6c d1 aa 14 65 75 56 a0 b2 9d c2 bf 5e bf f5 | 55 bf 21 11 07 6c f1 80 de e5 2b 49 b1 be 62 92 | a5 33 6c f1 bc cc e3 39 a9 63 89 36 99 e2 b1 a9 | e9 17 85 20 2a 6b ff 5b c0 4a 0d 4b 57 9d 4e 82 | 12 0f c3 3b ee 20 05 3f 64 fa fb 20 bb 80 d7 be | ac 22 5c 4c 2f 56 34 b2 86 64 c1 f2 02 fe b5 be | 5b 27 57 4f 59 d9 29 3b 2c ac ab 8b 1e 58 37 66 | f2 0f 2f 20 39 e9 87 83 63 e4 df 93 db e8 80 1c | de 8d 78 b9 e3 b3 bd d3 20 13 6e f8 86 58 fa 30 | 28 5d 14 85 ba 8a 7c fb 10 82 69 93 8e 27 b7 09 | 29 fd 10 eb 55 7d b8 9b d3 e2 9d c7 d4 b0 e3 b5 | 37 88 a0 e1 49 13 ac df 9b dd f3 43 6f 16 3f d7 | 4c 27 04 9b a4 c8 34 c8 6d ca 3b 73 1b 3c 69 21 | 4f d9 f6 e6 8b 4c c3 6c fd 3c 15 3e 2e b4 c7 43 | ca c2 5e 45 04 91 50 5b b6 3e 70 90 56 68 43 c5 | 3d 08 1e d7 fd 75 97 15 fe 79 3d 4f 3f 6b 47 0a | 93 55 03 94 4b 94 76 83 71 87 b7 0e d9 d6 1f f4 | ba 40 e4 c2 f6 61 58 9f 2e 9e f2 0b b8 ae e1 ab | 04 16 bb 2a c6 fe c3 cf 5a 25 46 82 18 a4 b9 c5 | 9c 1e da 1c af c4 ef e1 86 1a d1 ff bc 41 e3 68 | ca e4 9f 5f 04 1f 8b db 9e bb 7c 3b 3a 8a 37 ed | 3f 1b c9 76 ea 91 87 43 ad b2 0f d6 f1 d4 90 22 | 5c ff b3 2b | start processing: from 192.1.3.209:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 3d 90 5f e6 ea 1c 2d 0d | responder cookie: | 78 5b 8a ad 9d ad d9 c8 | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 532 (0x214) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) | start processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_v1_packet() at ikev1.c:1459) | ***parse ISAKMP IKE Fragment Payload: | length: 504 (0x1f8) | fragment id: 1 (0x1) | fragment number: 4 (0x4) | flags: 0 (0x0) | received IKE fragment id '1', number '4' | stop processing: from 192.1.3.209:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.104 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00138 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 176 bytes from 192.1.3.209:500 on eth1 (192.1.2.23:500) | 3d 90 5f e6 ea 1c 2d 0d 78 5b 8a ad 9d ad d9 c8 | 84 10 02 00 00 00 00 00 00 00 00 b0 00 00 00 94 | 00 01 05 01 a7 9f 82 a4 86 23 a2 0a 50 2b ba f9 | 25 2d 89 ef ef 97 f3 55 8f 53 c4 41 e9 f7 4c d4 | 8f da 4f b4 b2 53 82 96 0f 1e 9f d8 18 b8 45 e0 | a9 23 ca 6c 01 17 c2 fe db 87 29 6e c6 dc 5f 27 | 9c 0d 2d fd ea 4d 72 f9 7f 58 dd eb 6e 0b 1b 1f | 72 b5 2f ea bd 06 42 d2 01 f1 09 42 54 1b 1b 2d | 97 49 55 11 94 ae 6a b6 78 e6 9c 85 a0 33 39 83 | 33 7b f4 68 41 22 14 c5 ed af 56 f4 db 57 b7 65 | a8 31 77 01 d4 e1 8e aa 92 82 d7 19 7e 47 3a 8d | start processing: from 192.1.3.209:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 3d 90 5f e6 ea 1c 2d 0d | responder cookie: | 78 5b 8a ad 9d ad d9 c8 | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 176 (0xb0) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) | start processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_v1_packet() at ikev1.c:1459) | ***parse ISAKMP IKE Fragment Payload: | length: 148 (0x94) | fragment id: 1 (0x1) | fragment number: 5 (0x5) | flags: 1 (0x1) | received IKE fragment id '1', number '5'(last) | **parse ISAKMP Message: | initiator cookie: | 3d 90 5f e6 ea 1c 2d 0d | responder cookie: | 78 5b 8a ad 9d ad d9 c8 | next payload type: ISAKMP_NEXT_ID (0x5) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 0 (0x0) | length: 2124 (0x84c) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) | [RE]START processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_v1_packet() at ikev1.c:1459) | #1 is idle | #1 idle | received encrypted packet from 192.1.3.209:500 | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x220 opt: 0x20c0 | ***parse ISAKMP Identification Payload: | next payload type: ISAKMP_NEXT_CERT (0x6) | length: 197 (0xc5) | ID type: ID_DER_ASN1_DN (0x9) | DOI specific A: 0 (0x0) | DOI specific B: 0 (0x0) | obj: 30 81 ba 31 0b 30 09 06 03 55 04 06 13 02 43 41 | obj: 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 | obj: 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 | obj: 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c | obj: 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 | obj: 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 | obj: 6e 74 31 26 30 24 06 03 55 04 03 0c 1d 6b 65 79 | obj: 34 30 39 36 2e 74 65 73 74 69 6e 67 2e 6c 69 62 | obj: 72 65 73 77 61 6e 2e 6f 72 67 31 31 30 2f 06 09 | obj: 2a 86 48 86 f7 0d 01 09 01 16 22 75 73 65 72 2d | obj: 6b 65 79 34 30 39 36 40 74 65 73 74 69 6e 67 2e | obj: 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 | got payload 0x40 (ISAKMP_NEXT_CERT) needed: 0x200 opt: 0x20c0 | ***parse ISAKMP Certificate Payload: | next payload type: ISAKMP_NEXT_CR (0x7) | length: 1366 (0x556) | cert encoding: CERT_X509_SIGNATURE (0x4) | got payload 0x80 (ISAKMP_NEXT_CR) needed: 0x200 opt: 0x20c0 | ***parse ISAKMP Certificate RequestPayload: | next payload type: ISAKMP_NEXT_SIG (0x9) | length: 5 (0x5) | cert type: CERT_X509_SIGNATURE (0x4) | got payload 0x200 (ISAKMP_NEXT_SIG) needed: 0x200 opt: 0x20c0 | ***parse ISAKMP Signature Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 516 (0x204) | removing 12 bytes of padding | message 'main_inI3_outR3' HASH payload not checked early | DER ASN1 DN: 30 81 ba 31 0b 30 09 06 03 55 04 06 13 02 43 41 | DER ASN1 DN: 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 | DER ASN1 DN: 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 | DER ASN1 DN: 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c | DER ASN1 DN: 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 | DER ASN1 DN: 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 | DER ASN1 DN: 6e 74 31 26 30 24 06 03 55 04 03 0c 1d 6b 65 79 | DER ASN1 DN: 34 30 39 36 2e 74 65 73 74 69 6e 67 2e 6c 69 62 | DER ASN1 DN: 72 65 73 77 61 6e 2e 6f 72 67 31 31 30 2f 06 09 | DER ASN1 DN: 2a 86 48 86 f7 0d 01 09 01 16 22 75 73 65 72 2d | DER ASN1 DN: 6b 65 79 34 30 39 36 40 74 65 73 74 69 6e 67 2e | DER ASN1 DN: 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 "x509"[1] 192.1.3.209 #1: Peer ID is ID_DER_ASN1_DN: 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=key4096.testing.libreswan.org, E=user-key4096@testing.libreswan.org' | global one-shot timer EVENT_FREE_ROOT_CERTS scheduled in 300 seconds | #1 spent 0.00419 milliseconds in find_and_verify_certs() calling get_root_certs() | checking for known CERT payloads | saving certificate of type 'X509_SIGNATURE' | decoded cert: E=user-key4096@testing.libreswan.org,CN=key4096.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA | #1 spent 0.255 milliseconds in find_and_verify_certs() calling decode_cert_payloads() | cert_issuer_has_current_crl: looking for a CRL issued by E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA | #1 spent 0.0422 milliseconds in find_and_verify_certs() calling crl_update_check() | missing or expired CRL | crl_strict: 0, ocsp: 0, ocsp_strict: 0, ocsp_post: 0 | verify_end_cert trying profile IPsec "x509"[1] 192.1.3.209 #1: Certificate E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA failed IPsec verification "x509"[1] 192.1.3.209 #1: ERROR: The certificate was signed using a signature algorithm that is disabled because it is not secure. | #1 spent 0.337 milliseconds in find_and_verify_certs() calling verify_end_cert() "x509"[1] 192.1.3.209 #1: X509: Certificate rejected for this connection "x509"[1] 192.1.3.209 #1: X509: CERT payload bogus or revoked | Peer ID failed to decode | complete v1 state transition with INVALID_ID_INFORMATION | [RE]START processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in complete_v1_state_transition() at ikev1.c:2673) | #1 is idle "x509"[1] 192.1.3.209 #1: sending encrypted notification INVALID_ID_INFORMATION to 192.1.3.209:500 | **emit ISAKMP Message: | initiator cookie: | 3d 90 5f e6 ea 1c 2d 0d | responder cookie: | 78 5b 8a ad 9d ad d9 c8 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_INFO (0x5) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 2715254332 (0xa1d77e3c) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'notification msg' | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload | emitting length of ISAKMP Hash Payload: 36 | ***emit ISAKMP Notification Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | DOI: ISAKMP_DOI_IPSEC (0x1) | protocol ID: 1 (0x1) | SPI size: 0 (0x0) | Notify Message Type: INVALID_ID_INFORMATION (0x12) | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Notification Payload (11:ISAKMP_NEXT_N) | next payload chain: saving location 'ISAKMP Notification Payload'.'next payload type' in 'notification msg' | emitting length of ISAKMP Notification Payload: 12 | send notification HASH(1): | 82 6a af 3a 02 6f ae 70 4d 26 54 d1 bc d7 da 60 | 4e 95 6e 49 bb ef 52 23 7c 0f aa 24 65 ac 4f 8c | no IKEv1 message padding required | emitting length of ISAKMP Message: 76 | sending 76 bytes for notification packet through eth1 from 192.1.2.23:500 to 192.1.3.209:500 (using #1) | 3d 90 5f e6 ea 1c 2d 0d 78 5b 8a ad 9d ad d9 c8 | 08 10 05 01 a1 d7 7e 3c 00 00 00 4c a4 13 24 e7 | 55 42 55 43 36 2f 78 e9 bf 9c e2 45 4c 6e 31 83 | 5c 6e 11 ce 69 80 75 6a e9 7b e7 64 82 61 7d 46 | 0b 67 ca 8a c9 d4 93 15 e4 3b 76 f1 | state transition function for STATE_MAIN_R2 failed: INVALID_ID_INFORMATION | #1 spent 0.879 milliseconds in process_packet_tail() | updated IKE fragment state to respond using fragments without waiting for re-transmits | stop processing: from 192.1.3.209:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 1.07 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00235 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 532 bytes from 192.1.3.209:500 on eth1 (192.1.2.23:500) | 3d 90 5f e6 ea 1c 2d 0d 78 5b 8a ad 9d ad d9 c8 | 84 10 02 00 00 00 00 00 00 00 02 14 00 00 01 f8 | 00 01 01 00 3d 90 5f e6 ea 1c 2d 0d 78 5b 8a ad | 9d ad d9 c8 05 10 02 01 00 00 00 00 00 00 08 4c | 93 d7 2c b5 ed f7 b9 6c da f0 8f 70 09 e4 81 3b | dc 07 29 f4 0b d6 d0 c0 a1 4b 7f 38 ee 71 a5 51 | af aa d2 6c 52 af 4a a1 03 85 90 e5 bd a2 b3 bc | cf 4c 4f df b5 c9 d7 9a ff 04 14 67 ff a8 20 e9 | 66 49 8d 03 00 a7 8d cd 9e b3 92 ec 9f eb ac f0 | 84 94 1f 5b 63 72 d3 8a 51 2d f8 4f ad 9a be f3 | ce cf 05 b6 c7 e5 74 97 22 2b 9d 67 05 4e 0a 63 | 49 88 f2 09 8b a4 33 6a 10 41 3c 14 43 1c a1 ac | b1 bd 13 37 ff b3 2a 97 7f 5f a5 86 e2 63 e7 72 | 14 0d f0 3d 53 06 ee 4b e8 4b 77 31 90 24 f0 fe | 09 57 a8 40 26 f6 0f f9 ac eb 68 80 97 eb e9 91 | 99 c7 83 a9 89 df 72 71 88 07 24 00 d4 b9 7b a3 | 4a 79 e3 c7 1b a8 fb d4 ae b5 9f e7 80 72 d8 2e | 4e 87 aa f4 a3 a3 20 40 88 e9 4b 8e 9f 96 af f2 | 17 3e 67 8c 16 a3 ea 05 27 11 9f 3f 17 3c 31 04 | 03 79 af 9f 9e a1 66 c1 be f0 9c 46 8b 60 2b 26 | b3 17 c8 f0 33 d0 18 d0 da 41 5f d7 85 f1 a9 93 | 4b 8f 29 f2 c8 be 04 42 b9 31 56 b2 f0 c2 0f 32 | 95 a7 23 53 26 bb 34 74 ca 72 a1 fb 2b 37 a4 17 | 6c 4a f9 c8 50 e4 2c 7b 58 51 b6 1e 10 c2 31 af | 47 5e 05 bf 33 8f 60 60 7e 71 29 0c ee 8b cf 0c | 2e 8c 2d 48 b7 f7 ac 58 38 7e 2c 62 b0 e9 0a 82 | 91 be 8c 18 88 23 11 d8 87 d4 ef 1c e9 eb 88 41 | 13 9f 0c 0c fc d6 a3 44 d9 e2 0b 07 a1 b3 6a be | 9f 2a 25 be b3 cb 71 09 04 43 85 ac a4 a8 8f 42 | 11 57 59 a0 19 e9 18 4a a7 82 5d f1 97 03 0c 4a | 02 57 61 59 92 98 a3 ad 0e d5 83 ad 0a 67 d1 0f | 76 d7 3f 12 78 ea 9d d0 51 70 98 ab e5 4b fc 98 | f2 a6 98 cb ce 9c fc 7b c6 4a 73 4d d5 0a 90 4e | 40 5e 47 54 | start processing: from 192.1.3.209:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 3d 90 5f e6 ea 1c 2d 0d | responder cookie: | 78 5b 8a ad 9d ad d9 c8 | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 532 (0x214) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) | start processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_v1_packet() at ikev1.c:1459) | ***parse ISAKMP IKE Fragment Payload: | length: 504 (0x1f8) | fragment id: 1 (0x1) | fragment number: 1 (0x1) | flags: 0 (0x0) | received IKE fragment id '1', number '1' | stop processing: from 192.1.3.209:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.0928 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00116 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 532 bytes from 192.1.3.209:500 on eth1 (192.1.2.23:500) | 3d 90 5f e6 ea 1c 2d 0d 78 5b 8a ad 9d ad d9 c8 | 84 10 02 00 00 00 00 00 00 00 02 14 00 00 01 f8 | 00 01 02 00 4b d9 5c 57 31 fe 7a e4 66 7a e3 44 | 00 96 a6 04 c1 e9 22 2d 22 a3 36 35 cd 54 2e f4 | 19 e9 01 2e cf 3c 03 b8 c5 eb 5d 3f 7c b2 14 76 | 5d 1c 93 a8 22 f0 b6 2a 64 92 c3 ac 85 a6 07 26 | 39 b8 7e d6 a7 3b 38 62 48 6b 6d 28 33 9b 14 6f | d8 9a de 65 3a f1 a9 44 71 85 ba e8 bc 69 27 8c | 9f 77 fc 75 8e e3 f9 b1 52 e6 27 82 9d 61 e2 16 | ea 6b 5b 4b 62 ca ec 48 f7 4e 8d ff e2 76 d2 c1 | 1a 3f db 61 ad 80 16 17 70 3f cf 7a d5 c5 da d3 | cd 67 40 55 99 8a e4 c6 f4 50 14 17 cc 82 27 6c | bd 62 54 07 83 5e ee ac 4b ad 38 ed 87 14 e3 59 | 5e d0 e7 75 a8 46 29 2e 75 9b 3f d0 d6 8b 48 52 | 7b 20 83 38 fb fa 3a 3c ab 31 f6 a1 cd d8 9d 3d | 18 92 f0 5c 24 a5 fb 20 a3 90 5b 1d 31 be a0 5f | 1f ee 95 0a d6 1a 42 9b ec 49 03 6e bc ff c8 58 | 49 ca 9e 26 4c d6 ce be 5f d4 e3 e5 c8 3b 25 a8 | f2 34 fb 2e a9 0d 61 4a d1 8c 2f a7 48 d6 c0 12 | dd f3 87 c3 b3 52 83 39 d3 9f 9e 17 2a fb 44 84 | cc 59 54 7f 15 4a bd dd d5 00 7d 4e d5 dc d4 5c | 2f 1b 20 4e 0f 22 4a e1 af a2 0e cd 50 7c 34 c6 | c8 2f 9d c3 f8 5d 71 d1 e8 b4 82 6b cb 72 b7 e5 | 07 6f d6 e1 dd 82 c1 06 d6 62 f4 78 f7 8d d3 97 | 4e ca 02 d4 f8 d6 68 65 fd c4 4b a1 96 52 c7 44 | 60 0d 7e d8 4a b9 26 ef 31 41 e1 d8 d3 44 66 c7 | 12 79 af 20 a2 72 c4 22 75 74 48 5e e1 3b 23 91 | 2c a6 f4 83 80 36 76 81 ca 47 d1 e8 4a c8 f4 9e | e3 83 2e 7c f8 c3 d5 66 12 b6 36 65 ea e2 7f 05 | 05 20 28 08 4f 7e fd 0d 83 a0 55 1b 3d dc dc 7f | e8 4a 87 44 64 9c e5 4d 23 94 60 3c c1 ed 3a 7f | 28 e2 a8 7e 09 92 93 b1 f4 5e e8 a1 21 99 88 ee | b5 3a 3c 91 63 bf b7 f4 cd 86 e0 53 50 88 19 1d | a6 ec 1d 6c | start processing: from 192.1.3.209:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 3d 90 5f e6 ea 1c 2d 0d | responder cookie: | 78 5b 8a ad 9d ad d9 c8 | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 532 (0x214) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) | start processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_v1_packet() at ikev1.c:1459) | ***parse ISAKMP IKE Fragment Payload: | length: 504 (0x1f8) | fragment id: 1 (0x1) | fragment number: 2 (0x2) | flags: 0 (0x0) | received IKE fragment id '1', number '2' | stop processing: from 192.1.3.209:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.081 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00112 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 532 bytes from 192.1.3.209:500 on eth1 (192.1.2.23:500) | 3d 90 5f e6 ea 1c 2d 0d 78 5b 8a ad 9d ad d9 c8 | 84 10 02 00 00 00 00 00 00 00 02 14 00 00 01 f8 | 00 01 03 00 f3 3e e2 63 75 83 32 2d cb 32 90 3f | da 14 f9 c1 b9 80 ee e4 94 0f 55 a0 67 21 1e 6f | 17 c3 f7 55 94 2e 62 8a 7d 56 3a d6 0a 78 75 63 | e2 72 a1 a3 81 e3 8a 47 0d ba c8 60 24 33 ca 34 | 35 99 b1 4b 38 9f 88 32 50 bb eb ac 08 de 98 c9 | 9d e1 61 be 7d 17 7e f3 5a 01 e8 2d c4 e2 60 80 | 0d 1a ae 9c 31 39 73 90 9f 5e cb 21 72 10 d2 d0 | 0d 45 eb 92 bd 69 9c 33 f7 6f 7d 57 34 5e 12 f4 | 28 73 a9 f3 29 a8 b6 4a 85 ed f6 1b f1 ee 9f 57 | 22 78 e0 e2 62 48 df 64 97 8c 1a d7 e4 3e 15 b0 | 26 bb 94 6c 4a 58 34 74 81 00 07 60 11 48 4a f4 | fc 06 ad e5 d3 0f 8c 22 f7 a1 a2 81 53 f7 c9 36 | b6 d9 47 d5 9e 82 4d eb bd 34 a4 c0 d3 00 e1 e2 | 04 7a 4f 2e be 38 01 a0 d8 fa ef 6d fd dc 95 95 | 6e 6e 13 de bb 8c 69 9d 34 a0 dc b9 04 65 90 e2 | 12 45 ac 01 72 30 a0 39 1f 87 5e 58 e0 5f b4 de | eb 97 a8 66 2a 8c fb 17 9a fc 15 b3 9c 86 e0 65 | fd 56 d5 7d 3c db 7d b3 b1 b0 6f 36 48 77 de fd | 83 14 17 aa 2a 20 1e c5 ae c2 6d ca 33 1f 87 a6 | 7b ba 25 79 5e d1 ce 22 24 40 54 f4 76 46 42 36 | 4a 65 9b 4b b8 ad a7 ab a9 91 7b 37 f1 aa 04 42 | 15 1e 65 44 ed 1d 4d b9 10 ab d9 58 bc 86 49 6e | 68 00 6a 4b fb 07 f9 99 1b 3e 3e db 0d 65 b5 09 | bf 86 66 65 41 fa b4 c8 0e da 65 4c cd c4 ec c1 | c8 18 d2 98 b7 9c 8f e2 ba 90 62 95 6f d1 49 8d | b0 9f b6 fe 5a 62 d7 d6 18 ac d9 a5 02 69 d0 0a | eb 35 20 e2 29 4d df d8 f9 3e 63 11 97 d3 84 cb | b5 0e 52 a3 84 23 0e 54 e0 f9 c6 af 67 29 3a d1 | 5c 5e 44 b2 ce 37 76 23 84 a7 93 b1 14 5d 85 37 | db 03 39 fb d1 2a 29 12 81 69 cd 6e ae 93 29 b2 | 4d 04 f6 93 7e 0b 38 d0 4e ca 1b 12 e7 5a bf 09 | f7 dd 4f 73 | start processing: from 192.1.3.209:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 3d 90 5f e6 ea 1c 2d 0d | responder cookie: | 78 5b 8a ad 9d ad d9 c8 | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 532 (0x214) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) | start processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_v1_packet() at ikev1.c:1459) | ***parse ISAKMP IKE Fragment Payload: | length: 504 (0x1f8) | fragment id: 1 (0x1) | fragment number: 3 (0x3) | flags: 0 (0x0) | received IKE fragment id '1', number '3' | stop processing: from 192.1.3.209:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.0878 milliseconds in comm_handle_cb() reading and processing packet | timer_event_cb: processing event@0x55cbbf0c0588 | handling event EVENT_RETRANSMIT for parent state #1 | start processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in timer_event_cb() at timer.c:250) | IKEv1 retransmit event | [RE]START processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in retransmit_v1_msg() at retry.c:61) | handling event EVENT_RETRANSMIT for 192.1.3.209 "x509"[1] 192.1.3.209 #1 keying attempt 0 of 0; retransmit 2 | retransmits: current time 29794.721873; retransmit count 1 exceeds limit? NO; deltatime 1 exceeds limit? NO; monotime 1.004022 exceeds limit? NO | event_schedule: new EVENT_RETRANSMIT-pe@0x55cbbf0acff8 | inserting event EVENT_RETRANSMIT, timeout in 1 seconds for #1 | libevent_malloc: new ptr-libevent@0x55cbbf0acc38 size 128 "x509"[1] 192.1.3.209 #1: STATE_MAIN_R2: retransmission; will wait 1 seconds for response | sending 396 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.3.209:500 (using #1) | 3d 90 5f e6 ea 1c 2d 0d 78 5b 8a ad 9d ad d9 c8 | 04 10 02 00 00 00 00 00 00 00 01 8c 0a 00 01 04 | e4 9e 42 73 5f 64 2c ec 1c 59 96 77 51 19 e9 11 | d6 3c f6 95 e0 90 73 be c7 9c b1 69 a1 da 59 7f | 21 5d 2e f2 bb 96 ad 2c 73 3f 3f 18 69 90 d3 5c | d8 5b a7 fe 91 6c 31 02 f1 3c a0 33 18 17 9c ee | 82 b0 f3 69 b4 b9 aa 5f 32 36 dd 1d fc 10 c4 2b | fc 41 a3 d3 d3 32 74 43 c2 dd d6 b4 c2 cd 17 4f | 39 42 11 44 59 96 92 57 39 98 66 8e cc b4 65 6e | 21 05 07 e2 53 0f da fb f6 99 12 85 da 28 c5 cc | 04 00 9f 26 ab ea 7e f8 12 7f 5a 47 27 59 51 ca | 6c 70 5d 1c 4b 23 78 28 9f 46 c5 67 80 50 dd a6 | c7 b9 41 a5 e0 6b 9a a8 54 e1 3f 06 b3 89 69 92 | 38 06 a4 0e c5 5d 9a 96 56 cb 1e ae 71 b2 c5 b3 | 9c 3a 68 83 dd 59 d7 e6 e2 19 07 32 e4 4e 2a 08 | 8a cb 75 7f 1f c9 04 5b 74 a0 0c 86 0e ac da d5 | a6 fd 3a 65 b1 40 78 79 b5 18 dc ff e8 33 8c 18 | 5e 10 66 42 ae 76 ca 56 06 23 92 57 22 bd 89 07 | 14 00 00 24 61 d2 ab cb 6b 72 31 1d 23 b9 4b 59 | a1 6f eb b2 34 4e 10 31 15 80 1d d5 48 6c 3c 19 | 12 15 72 3c 14 00 00 24 bd a7 19 a2 7b 82 68 66 | 6f 2a 20 8d 68 24 79 75 df 46 68 4b 09 66 a5 f6 | 14 9d c9 42 18 fd 58 03 00 00 00 24 91 5c f7 92 | e0 5e 3d 47 f2 48 e6 75 9d d2 8d bd ac b7 63 bc | 4c cf 2f 12 e1 7c f1 8e a6 46 1c 25 | libevent_free: release ptr-libevent@0x55cbbf0d5c58 | free_event_entry: release EVENT_RETRANSMIT-pe@0x55cbbf0c0588 | #1 spent 0.0686 milliseconds in timer_event_cb() EVENT_RETRANSMIT | stop processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in timer_event_cb() at timer.c:557) | spent 0.00107 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 532 bytes from 192.1.3.209:500 on eth1 (192.1.2.23:500) | 3d 90 5f e6 ea 1c 2d 0d 78 5b 8a ad 9d ad d9 c8 | 84 10 02 00 00 00 00 00 00 00 02 14 00 00 01 f8 | 00 01 04 00 8d 68 2d 0a 59 e7 10 ac 06 ba 11 3f | a0 23 3b d8 02 e3 16 e6 24 f4 d8 24 47 52 2f 19 | 6d 72 2a 3d 24 28 d3 26 a6 34 f5 18 be 52 18 20 | 7a b2 c2 01 3d 19 c3 14 f5 76 8c 03 85 35 ce cd | de e1 89 dd b2 5d 87 6e 27 1f 84 91 bb d7 67 0a | ae 93 10 04 41 65 5c 7f 74 3a 23 34 6a ec 19 f1 | 15 76 c9 20 58 59 fe cc ba d1 7e cb 0c 9a 25 20 | 59 c2 2b a1 34 44 17 c7 8c bf 75 b0 15 0b 8e 9b | 49 32 15 2f 33 d9 61 20 87 a9 c5 84 16 a0 2f 65 | 1f 6c d1 aa 14 65 75 56 a0 b2 9d c2 bf 5e bf f5 | 55 bf 21 11 07 6c f1 80 de e5 2b 49 b1 be 62 92 | a5 33 6c f1 bc cc e3 39 a9 63 89 36 99 e2 b1 a9 | e9 17 85 20 2a 6b ff 5b c0 4a 0d 4b 57 9d 4e 82 | 12 0f c3 3b ee 20 05 3f 64 fa fb 20 bb 80 d7 be | ac 22 5c 4c 2f 56 34 b2 86 64 c1 f2 02 fe b5 be | 5b 27 57 4f 59 d9 29 3b 2c ac ab 8b 1e 58 37 66 | f2 0f 2f 20 39 e9 87 83 63 e4 df 93 db e8 80 1c | de 8d 78 b9 e3 b3 bd d3 20 13 6e f8 86 58 fa 30 | 28 5d 14 85 ba 8a 7c fb 10 82 69 93 8e 27 b7 09 | 29 fd 10 eb 55 7d b8 9b d3 e2 9d c7 d4 b0 e3 b5 | 37 88 a0 e1 49 13 ac df 9b dd f3 43 6f 16 3f d7 | 4c 27 04 9b a4 c8 34 c8 6d ca 3b 73 1b 3c 69 21 | 4f d9 f6 e6 8b 4c c3 6c fd 3c 15 3e 2e b4 c7 43 | ca c2 5e 45 04 91 50 5b b6 3e 70 90 56 68 43 c5 | 3d 08 1e d7 fd 75 97 15 fe 79 3d 4f 3f 6b 47 0a | 93 55 03 94 4b 94 76 83 71 87 b7 0e d9 d6 1f f4 | ba 40 e4 c2 f6 61 58 9f 2e 9e f2 0b b8 ae e1 ab | 04 16 bb 2a c6 fe c3 cf 5a 25 46 82 18 a4 b9 c5 | 9c 1e da 1c af c4 ef e1 86 1a d1 ff bc 41 e3 68 | ca e4 9f 5f 04 1f 8b db 9e bb 7c 3b 3a 8a 37 ed | 3f 1b c9 76 ea 91 87 43 ad b2 0f d6 f1 d4 90 22 | 5c ff b3 2b | start processing: from 192.1.3.209:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 3d 90 5f e6 ea 1c 2d 0d | responder cookie: | 78 5b 8a ad 9d ad d9 c8 | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 532 (0x214) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) | start processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_v1_packet() at ikev1.c:1459) | ***parse ISAKMP IKE Fragment Payload: | length: 504 (0x1f8) | fragment id: 1 (0x1) | fragment number: 4 (0x4) | flags: 0 (0x0) | received IKE fragment id '1', number '4' | stop processing: from 192.1.3.209:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.0759 milliseconds in comm_handle_cb() reading and processing packet | spent 0.001 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 176 bytes from 192.1.3.209:500 on eth1 (192.1.2.23:500) | 3d 90 5f e6 ea 1c 2d 0d 78 5b 8a ad 9d ad d9 c8 | 84 10 02 00 00 00 00 00 00 00 00 b0 00 00 00 94 | 00 01 05 01 a7 9f 82 a4 86 23 a2 0a 50 2b ba f9 | 25 2d 89 ef ef 97 f3 55 8f 53 c4 41 e9 f7 4c d4 | 8f da 4f b4 b2 53 82 96 0f 1e 9f d8 18 b8 45 e0 | a9 23 ca 6c 01 17 c2 fe db 87 29 6e c6 dc 5f 27 | 9c 0d 2d fd ea 4d 72 f9 7f 58 dd eb 6e 0b 1b 1f | 72 b5 2f ea bd 06 42 d2 01 f1 09 42 54 1b 1b 2d | 97 49 55 11 94 ae 6a b6 78 e6 9c 85 a0 33 39 83 | 33 7b f4 68 41 22 14 c5 ed af 56 f4 db 57 b7 65 | a8 31 77 01 d4 e1 8e aa 92 82 d7 19 7e 47 3a 8d | start processing: from 192.1.3.209:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 3d 90 5f e6 ea 1c 2d 0d | responder cookie: | 78 5b 8a ad 9d ad d9 c8 | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 176 (0xb0) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) | start processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_v1_packet() at ikev1.c:1459) | ***parse ISAKMP IKE Fragment Payload: | length: 148 (0x94) | fragment id: 1 (0x1) | fragment number: 5 (0x5) | flags: 1 (0x1) | received IKE fragment id '1', number '5'(last) | **parse ISAKMP Message: | initiator cookie: | 3d 90 5f e6 ea 1c 2d 0d | responder cookie: | 78 5b 8a ad 9d ad d9 c8 | next payload type: ISAKMP_NEXT_ID (0x5) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 0 (0x0) | length: 2124 (0x84c) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) | [RE]START processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_v1_packet() at ikev1.c:1459) | #1 is idle | #1 idle | received encrypted packet from 192.1.3.209:500 | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x220 opt: 0x20c0 | ***parse ISAKMP Identification Payload: | next payload type: ISAKMP_NEXT_CERT (0x6) | length: 197 (0xc5) | ID type: ID_DER_ASN1_DN (0x9) | DOI specific A: 0 (0x0) | DOI specific B: 0 (0x0) | obj: 30 81 ba 31 0b 30 09 06 03 55 04 06 13 02 43 41 | obj: 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 | obj: 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 | obj: 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c | obj: 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 | obj: 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 | obj: 6e 74 31 26 30 24 06 03 55 04 03 0c 1d 6b 65 79 | obj: 34 30 39 36 2e 74 65 73 74 69 6e 67 2e 6c 69 62 | obj: 72 65 73 77 61 6e 2e 6f 72 67 31 31 30 2f 06 09 | obj: 2a 86 48 86 f7 0d 01 09 01 16 22 75 73 65 72 2d | obj: 6b 65 79 34 30 39 36 40 74 65 73 74 69 6e 67 2e | obj: 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 | got payload 0x40 (ISAKMP_NEXT_CERT) needed: 0x200 opt: 0x20c0 | ***parse ISAKMP Certificate Payload: | next payload type: ISAKMP_NEXT_CR (0x7) | length: 1366 (0x556) | cert encoding: CERT_X509_SIGNATURE (0x4) | got payload 0x80 (ISAKMP_NEXT_CR) needed: 0x200 opt: 0x20c0 | ***parse ISAKMP Certificate RequestPayload: | next payload type: ISAKMP_NEXT_SIG (0x9) | length: 5 (0x5) | cert type: CERT_X509_SIGNATURE (0x4) | got payload 0x200 (ISAKMP_NEXT_SIG) needed: 0x200 opt: 0x20c0 | ***parse ISAKMP Signature Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 516 (0x204) | removing 12 bytes of padding | message 'main_inI3_outR3' HASH payload not checked early | DER ASN1 DN: 30 81 ba 31 0b 30 09 06 03 55 04 06 13 02 43 41 | DER ASN1 DN: 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 | DER ASN1 DN: 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 | DER ASN1 DN: 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c | DER ASN1 DN: 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 | DER ASN1 DN: 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 | DER ASN1 DN: 6e 74 31 26 30 24 06 03 55 04 03 0c 1d 6b 65 79 | DER ASN1 DN: 34 30 39 36 2e 74 65 73 74 69 6e 67 2e 6c 69 62 | DER ASN1 DN: 72 65 73 77 61 6e 2e 6f 72 67 31 31 30 2f 06 09 | DER ASN1 DN: 2a 86 48 86 f7 0d 01 09 01 16 22 75 73 65 72 2d | DER ASN1 DN: 6b 65 79 34 30 39 36 40 74 65 73 74 69 6e 67 2e | DER ASN1 DN: 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 "x509"[1] 192.1.3.209 #1: Peer ID is ID_DER_ASN1_DN: 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=key4096.testing.libreswan.org, E=user-key4096@testing.libreswan.org' | global one-shot timer EVENT_FREE_ROOT_CERTS scheduled in 300 seconds | #1 spent 0.00413 milliseconds in find_and_verify_certs() calling get_root_certs() | checking for known CERT payloads | saving certificate of type 'X509_SIGNATURE' | decoded cert: E=user-key4096@testing.libreswan.org,CN=key4096.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA | #1 spent 0.229 milliseconds in find_and_verify_certs() calling decode_cert_payloads() | cert_issuer_has_current_crl: looking for a CRL issued by E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA | #1 spent 0.029 milliseconds in find_and_verify_certs() calling crl_update_check() | missing or expired CRL | crl_strict: 0, ocsp: 0, ocsp_strict: 0, ocsp_post: 0 | verify_end_cert trying profile IPsec "x509"[1] 192.1.3.209 #1: Certificate E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA failed IPsec verification "x509"[1] 192.1.3.209 #1: ERROR: The certificate was signed using a signature algorithm that is disabled because it is not secure. | #1 spent 0.281 milliseconds in find_and_verify_certs() calling verify_end_cert() "x509"[1] 192.1.3.209 #1: X509: Certificate rejected for this connection "x509"[1] 192.1.3.209 #1: X509: CERT payload bogus or revoked | Peer ID failed to decode | complete v1 state transition with INVALID_ID_INFORMATION | [RE]START processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in complete_v1_state_transition() at ikev1.c:2673) | #1 is idle "x509"[1] 192.1.3.209 #1: sending encrypted notification INVALID_ID_INFORMATION to 192.1.3.209:500 | **emit ISAKMP Message: | initiator cookie: | 3d 90 5f e6 ea 1c 2d 0d | responder cookie: | 78 5b 8a ad 9d ad d9 c8 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_INFO (0x5) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 917624534 (0x36b1d6d6) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'notification msg' | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload | emitting length of ISAKMP Hash Payload: 36 | ***emit ISAKMP Notification Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | DOI: ISAKMP_DOI_IPSEC (0x1) | protocol ID: 1 (0x1) | SPI size: 0 (0x0) | Notify Message Type: INVALID_ID_INFORMATION (0x12) | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Notification Payload (11:ISAKMP_NEXT_N) | next payload chain: saving location 'ISAKMP Notification Payload'.'next payload type' in 'notification msg' | emitting length of ISAKMP Notification Payload: 12 | send notification HASH(1): | ab 14 b4 eb a8 b3 2f c4 43 94 d2 12 ae 46 88 56 | 60 ab a9 37 89 84 24 55 d8 2a ec 6e 38 e4 2c 38 | no IKEv1 message padding required | emitting length of ISAKMP Message: 76 | sending 76 bytes for notification packet through eth1 from 192.1.2.23:500 to 192.1.3.209:500 (using #1) | 3d 90 5f e6 ea 1c 2d 0d 78 5b 8a ad 9d ad d9 c8 | 08 10 05 01 36 b1 d6 d6 00 00 00 4c a4 9b ff e4 | ae 1e cd db 70 c5 de 96 2d b7 8d 43 dc 52 34 7d | 66 38 9e 69 25 36 e4 4e 6d b0 4b 2a d4 df 64 da | ab 14 d2 2d cc 57 15 7d 9a aa d9 56 | state transition function for STATE_MAIN_R2 failed: INVALID_ID_INFORMATION | #1 spent 0.772 milliseconds in process_packet_tail() | updated IKE fragment state to respond using fragments without waiting for re-transmits | stop processing: from 192.1.3.209:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.919 milliseconds in comm_handle_cb() reading and processing packet | spent 0.0115 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 532 bytes from 192.1.3.209:500 on eth1 (192.1.2.23:500) | 3d 90 5f e6 ea 1c 2d 0d 78 5b 8a ad 9d ad d9 c8 | 84 10 02 00 00 00 00 00 00 00 02 14 00 00 01 f8 | 00 01 01 00 3d 90 5f e6 ea 1c 2d 0d 78 5b 8a ad | 9d ad d9 c8 05 10 02 01 00 00 00 00 00 00 08 4c | 93 d7 2c b5 ed f7 b9 6c da f0 8f 70 09 e4 81 3b | dc 07 29 f4 0b d6 d0 c0 a1 4b 7f 38 ee 71 a5 51 | af aa d2 6c 52 af 4a a1 03 85 90 e5 bd a2 b3 bc | cf 4c 4f df b5 c9 d7 9a ff 04 14 67 ff a8 20 e9 | 66 49 8d 03 00 a7 8d cd 9e b3 92 ec 9f eb ac f0 | 84 94 1f 5b 63 72 d3 8a 51 2d f8 4f ad 9a be f3 | ce cf 05 b6 c7 e5 74 97 22 2b 9d 67 05 4e 0a 63 | 49 88 f2 09 8b a4 33 6a 10 41 3c 14 43 1c a1 ac | b1 bd 13 37 ff b3 2a 97 7f 5f a5 86 e2 63 e7 72 | 14 0d f0 3d 53 06 ee 4b e8 4b 77 31 90 24 f0 fe | 09 57 a8 40 26 f6 0f f9 ac eb 68 80 97 eb e9 91 | 99 c7 83 a9 89 df 72 71 88 07 24 00 d4 b9 7b a3 | 4a 79 e3 c7 1b a8 fb d4 ae b5 9f e7 80 72 d8 2e | 4e 87 aa f4 a3 a3 20 40 88 e9 4b 8e 9f 96 af f2 | 17 3e 67 8c 16 a3 ea 05 27 11 9f 3f 17 3c 31 04 | 03 79 af 9f 9e a1 66 c1 be f0 9c 46 8b 60 2b 26 | b3 17 c8 f0 33 d0 18 d0 da 41 5f d7 85 f1 a9 93 | 4b 8f 29 f2 c8 be 04 42 b9 31 56 b2 f0 c2 0f 32 | 95 a7 23 53 26 bb 34 74 ca 72 a1 fb 2b 37 a4 17 | 6c 4a f9 c8 50 e4 2c 7b 58 51 b6 1e 10 c2 31 af | 47 5e 05 bf 33 8f 60 60 7e 71 29 0c ee 8b cf 0c | 2e 8c 2d 48 b7 f7 ac 58 38 7e 2c 62 b0 e9 0a 82 | 91 be 8c 18 88 23 11 d8 87 d4 ef 1c e9 eb 88 41 | 13 9f 0c 0c fc d6 a3 44 d9 e2 0b 07 a1 b3 6a be | 9f 2a 25 be b3 cb 71 09 04 43 85 ac a4 a8 8f 42 | 11 57 59 a0 19 e9 18 4a a7 82 5d f1 97 03 0c 4a | 02 57 61 59 92 98 a3 ad 0e d5 83 ad 0a 67 d1 0f | 76 d7 3f 12 78 ea 9d d0 51 70 98 ab e5 4b fc 98 | f2 a6 98 cb ce 9c fc 7b c6 4a 73 4d d5 0a 90 4e | 40 5e 47 54 | start processing: from 192.1.3.209:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 3d 90 5f e6 ea 1c 2d 0d | responder cookie: | 78 5b 8a ad 9d ad d9 c8 | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 532 (0x214) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) | start processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_v1_packet() at ikev1.c:1459) | ***parse ISAKMP IKE Fragment Payload: | length: 504 (0x1f8) | fragment id: 1 (0x1) | fragment number: 1 (0x1) | flags: 0 (0x0) | received IKE fragment id '1', number '1' | stop processing: from 192.1.3.209:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.446 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00553 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 532 bytes from 192.1.3.209:500 on eth1 (192.1.2.23:500) | 3d 90 5f e6 ea 1c 2d 0d 78 5b 8a ad 9d ad d9 c8 | 84 10 02 00 00 00 00 00 00 00 02 14 00 00 01 f8 | 00 01 02 00 4b d9 5c 57 31 fe 7a e4 66 7a e3 44 | 00 96 a6 04 c1 e9 22 2d 22 a3 36 35 cd 54 2e f4 | 19 e9 01 2e cf 3c 03 b8 c5 eb 5d 3f 7c b2 14 76 | 5d 1c 93 a8 22 f0 b6 2a 64 92 c3 ac 85 a6 07 26 | 39 b8 7e d6 a7 3b 38 62 48 6b 6d 28 33 9b 14 6f | d8 9a de 65 3a f1 a9 44 71 85 ba e8 bc 69 27 8c | 9f 77 fc 75 8e e3 f9 b1 52 e6 27 82 9d 61 e2 16 | ea 6b 5b 4b 62 ca ec 48 f7 4e 8d ff e2 76 d2 c1 | 1a 3f db 61 ad 80 16 17 70 3f cf 7a d5 c5 da d3 | cd 67 40 55 99 8a e4 c6 f4 50 14 17 cc 82 27 6c | bd 62 54 07 83 5e ee ac 4b ad 38 ed 87 14 e3 59 | 5e d0 e7 75 a8 46 29 2e 75 9b 3f d0 d6 8b 48 52 | 7b 20 83 38 fb fa 3a 3c ab 31 f6 a1 cd d8 9d 3d | 18 92 f0 5c 24 a5 fb 20 a3 90 5b 1d 31 be a0 5f | 1f ee 95 0a d6 1a 42 9b ec 49 03 6e bc ff c8 58 | 49 ca 9e 26 4c d6 ce be 5f d4 e3 e5 c8 3b 25 a8 | f2 34 fb 2e a9 0d 61 4a d1 8c 2f a7 48 d6 c0 12 | dd f3 87 c3 b3 52 83 39 d3 9f 9e 17 2a fb 44 84 | cc 59 54 7f 15 4a bd dd d5 00 7d 4e d5 dc d4 5c | 2f 1b 20 4e 0f 22 4a e1 af a2 0e cd 50 7c 34 c6 | c8 2f 9d c3 f8 5d 71 d1 e8 b4 82 6b cb 72 b7 e5 | 07 6f d6 e1 dd 82 c1 06 d6 62 f4 78 f7 8d d3 97 | 4e ca 02 d4 f8 d6 68 65 fd c4 4b a1 96 52 c7 44 | 60 0d 7e d8 4a b9 26 ef 31 41 e1 d8 d3 44 66 c7 | 12 79 af 20 a2 72 c4 22 75 74 48 5e e1 3b 23 91 | 2c a6 f4 83 80 36 76 81 ca 47 d1 e8 4a c8 f4 9e | e3 83 2e 7c f8 c3 d5 66 12 b6 36 65 ea e2 7f 05 | 05 20 28 08 4f 7e fd 0d 83 a0 55 1b 3d dc dc 7f | e8 4a 87 44 64 9c e5 4d 23 94 60 3c c1 ed 3a 7f | 28 e2 a8 7e 09 92 93 b1 f4 5e e8 a1 21 99 88 ee | b5 3a 3c 91 63 bf b7 f4 cd 86 e0 53 50 88 19 1d | a6 ec 1d 6c | start processing: from 192.1.3.209:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 3d 90 5f e6 ea 1c 2d 0d | responder cookie: | 78 5b 8a ad 9d ad d9 c8 | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 532 (0x214) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) | start processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_v1_packet() at ikev1.c:1459) | ***parse ISAKMP IKE Fragment Payload: | length: 504 (0x1f8) | fragment id: 1 (0x1) | fragment number: 2 (0x2) | flags: 0 (0x0) | received IKE fragment id '1', number '2' | stop processing: from 192.1.3.209:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.487 milliseconds in comm_handle_cb() reading and processing packet | timer_event_cb: processing event@0x55cbbf0acff8 | handling event EVENT_RETRANSMIT for parent state #1 | start processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in timer_event_cb() at timer.c:250) | IKEv1 retransmit event | [RE]START processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in retransmit_v1_msg() at retry.c:61) | handling event EVENT_RETRANSMIT for 192.1.3.209 "x509"[1] 192.1.3.209 #1 keying attempt 0 of 0; retransmit 3 | retransmits: current time 29795.723694; retransmit count 2 exceeds limit? NO; deltatime 2 exceeds limit? NO; monotime 2.005843 exceeds limit? NO | event_schedule: new EVENT_RETRANSMIT-pe@0x55cbbf0c0588 | inserting event EVENT_RETRANSMIT, timeout in 2 seconds for #1 | libevent_malloc: new ptr-libevent@0x55cbbf0d5c58 size 128 "x509"[1] 192.1.3.209 #1: STATE_MAIN_R2: retransmission; will wait 2 seconds for response | sending 396 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.3.209:500 (using #1) | 3d 90 5f e6 ea 1c 2d 0d 78 5b 8a ad 9d ad d9 c8 | 04 10 02 00 00 00 00 00 00 00 01 8c 0a 00 01 04 | e4 9e 42 73 5f 64 2c ec 1c 59 96 77 51 19 e9 11 | d6 3c f6 95 e0 90 73 be c7 9c b1 69 a1 da 59 7f | 21 5d 2e f2 bb 96 ad 2c 73 3f 3f 18 69 90 d3 5c | d8 5b a7 fe 91 6c 31 02 f1 3c a0 33 18 17 9c ee | 82 b0 f3 69 b4 b9 aa 5f 32 36 dd 1d fc 10 c4 2b | fc 41 a3 d3 d3 32 74 43 c2 dd d6 b4 c2 cd 17 4f | 39 42 11 44 59 96 92 57 39 98 66 8e cc b4 65 6e | 21 05 07 e2 53 0f da fb f6 99 12 85 da 28 c5 cc | 04 00 9f 26 ab ea 7e f8 12 7f 5a 47 27 59 51 ca | 6c 70 5d 1c 4b 23 78 28 9f 46 c5 67 80 50 dd a6 | c7 b9 41 a5 e0 6b 9a a8 54 e1 3f 06 b3 89 69 92 | 38 06 a4 0e c5 5d 9a 96 56 cb 1e ae 71 b2 c5 b3 | 9c 3a 68 83 dd 59 d7 e6 e2 19 07 32 e4 4e 2a 08 | 8a cb 75 7f 1f c9 04 5b 74 a0 0c 86 0e ac da d5 | a6 fd 3a 65 b1 40 78 79 b5 18 dc ff e8 33 8c 18 | 5e 10 66 42 ae 76 ca 56 06 23 92 57 22 bd 89 07 | 14 00 00 24 61 d2 ab cb 6b 72 31 1d 23 b9 4b 59 | a1 6f eb b2 34 4e 10 31 15 80 1d d5 48 6c 3c 19 | 12 15 72 3c 14 00 00 24 bd a7 19 a2 7b 82 68 66 | 6f 2a 20 8d 68 24 79 75 df 46 68 4b 09 66 a5 f6 | 14 9d c9 42 18 fd 58 03 00 00 00 24 91 5c f7 92 | e0 5e 3d 47 f2 48 e6 75 9d d2 8d bd ac b7 63 bc | 4c cf 2f 12 e1 7c f1 8e a6 46 1c 25 | libevent_free: release ptr-libevent@0x55cbbf0acc38 | free_event_entry: release EVENT_RETRANSMIT-pe@0x55cbbf0acff8 | #1 spent 0.492 milliseconds in timer_event_cb() EVENT_RETRANSMIT | stop processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in timer_event_cb() at timer.c:557) | spent 0.0055 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 532 bytes from 192.1.3.209:500 on eth1 (192.1.2.23:500) | 3d 90 5f e6 ea 1c 2d 0d 78 5b 8a ad 9d ad d9 c8 | 84 10 02 00 00 00 00 00 00 00 02 14 00 00 01 f8 | 00 01 03 00 f3 3e e2 63 75 83 32 2d cb 32 90 3f | da 14 f9 c1 b9 80 ee e4 94 0f 55 a0 67 21 1e 6f | 17 c3 f7 55 94 2e 62 8a 7d 56 3a d6 0a 78 75 63 | e2 72 a1 a3 81 e3 8a 47 0d ba c8 60 24 33 ca 34 | 35 99 b1 4b 38 9f 88 32 50 bb eb ac 08 de 98 c9 | 9d e1 61 be 7d 17 7e f3 5a 01 e8 2d c4 e2 60 80 | 0d 1a ae 9c 31 39 73 90 9f 5e cb 21 72 10 d2 d0 | 0d 45 eb 92 bd 69 9c 33 f7 6f 7d 57 34 5e 12 f4 | 28 73 a9 f3 29 a8 b6 4a 85 ed f6 1b f1 ee 9f 57 | 22 78 e0 e2 62 48 df 64 97 8c 1a d7 e4 3e 15 b0 | 26 bb 94 6c 4a 58 34 74 81 00 07 60 11 48 4a f4 | fc 06 ad e5 d3 0f 8c 22 f7 a1 a2 81 53 f7 c9 36 | b6 d9 47 d5 9e 82 4d eb bd 34 a4 c0 d3 00 e1 e2 | 04 7a 4f 2e be 38 01 a0 d8 fa ef 6d fd dc 95 95 | 6e 6e 13 de bb 8c 69 9d 34 a0 dc b9 04 65 90 e2 | 12 45 ac 01 72 30 a0 39 1f 87 5e 58 e0 5f b4 de | eb 97 a8 66 2a 8c fb 17 9a fc 15 b3 9c 86 e0 65 | fd 56 d5 7d 3c db 7d b3 b1 b0 6f 36 48 77 de fd | 83 14 17 aa 2a 20 1e c5 ae c2 6d ca 33 1f 87 a6 | 7b ba 25 79 5e d1 ce 22 24 40 54 f4 76 46 42 36 | 4a 65 9b 4b b8 ad a7 ab a9 91 7b 37 f1 aa 04 42 | 15 1e 65 44 ed 1d 4d b9 10 ab d9 58 bc 86 49 6e | 68 00 6a 4b fb 07 f9 99 1b 3e 3e db 0d 65 b5 09 | bf 86 66 65 41 fa b4 c8 0e da 65 4c cd c4 ec c1 | c8 18 d2 98 b7 9c 8f e2 ba 90 62 95 6f d1 49 8d | b0 9f b6 fe 5a 62 d7 d6 18 ac d9 a5 02 69 d0 0a | eb 35 20 e2 29 4d df d8 f9 3e 63 11 97 d3 84 cb | b5 0e 52 a3 84 23 0e 54 e0 f9 c6 af 67 29 3a d1 | 5c 5e 44 b2 ce 37 76 23 84 a7 93 b1 14 5d 85 37 | db 03 39 fb d1 2a 29 12 81 69 cd 6e ae 93 29 b2 | 4d 04 f6 93 7e 0b 38 d0 4e ca 1b 12 e7 5a bf 09 | f7 dd 4f 73 | start processing: from 192.1.3.209:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 3d 90 5f e6 ea 1c 2d 0d | responder cookie: | 78 5b 8a ad 9d ad d9 c8 | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 532 (0x214) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) | start processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_v1_packet() at ikev1.c:1459) | ***parse ISAKMP IKE Fragment Payload: | length: 504 (0x1f8) | fragment id: 1 (0x1) | fragment number: 3 (0x3) | flags: 0 (0x0) | received IKE fragment id '1', number '3' | stop processing: from 192.1.3.209:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.428 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00604 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 532 bytes from 192.1.3.209:500 on eth1 (192.1.2.23:500) | 3d 90 5f e6 ea 1c 2d 0d 78 5b 8a ad 9d ad d9 c8 | 84 10 02 00 00 00 00 00 00 00 02 14 00 00 01 f8 | 00 01 04 00 8d 68 2d 0a 59 e7 10 ac 06 ba 11 3f | a0 23 3b d8 02 e3 16 e6 24 f4 d8 24 47 52 2f 19 | 6d 72 2a 3d 24 28 d3 26 a6 34 f5 18 be 52 18 20 | 7a b2 c2 01 3d 19 c3 14 f5 76 8c 03 85 35 ce cd | de e1 89 dd b2 5d 87 6e 27 1f 84 91 bb d7 67 0a | ae 93 10 04 41 65 5c 7f 74 3a 23 34 6a ec 19 f1 | 15 76 c9 20 58 59 fe cc ba d1 7e cb 0c 9a 25 20 | 59 c2 2b a1 34 44 17 c7 8c bf 75 b0 15 0b 8e 9b | 49 32 15 2f 33 d9 61 20 87 a9 c5 84 16 a0 2f 65 | 1f 6c d1 aa 14 65 75 56 a0 b2 9d c2 bf 5e bf f5 | 55 bf 21 11 07 6c f1 80 de e5 2b 49 b1 be 62 92 | a5 33 6c f1 bc cc e3 39 a9 63 89 36 99 e2 b1 a9 | e9 17 85 20 2a 6b ff 5b c0 4a 0d 4b 57 9d 4e 82 | 12 0f c3 3b ee 20 05 3f 64 fa fb 20 bb 80 d7 be | ac 22 5c 4c 2f 56 34 b2 86 64 c1 f2 02 fe b5 be | 5b 27 57 4f 59 d9 29 3b 2c ac ab 8b 1e 58 37 66 | f2 0f 2f 20 39 e9 87 83 63 e4 df 93 db e8 80 1c | de 8d 78 b9 e3 b3 bd d3 20 13 6e f8 86 58 fa 30 | 28 5d 14 85 ba 8a 7c fb 10 82 69 93 8e 27 b7 09 | 29 fd 10 eb 55 7d b8 9b d3 e2 9d c7 d4 b0 e3 b5 | 37 88 a0 e1 49 13 ac df 9b dd f3 43 6f 16 3f d7 | 4c 27 04 9b a4 c8 34 c8 6d ca 3b 73 1b 3c 69 21 | 4f d9 f6 e6 8b 4c c3 6c fd 3c 15 3e 2e b4 c7 43 | ca c2 5e 45 04 91 50 5b b6 3e 70 90 56 68 43 c5 | 3d 08 1e d7 fd 75 97 15 fe 79 3d 4f 3f 6b 47 0a | 93 55 03 94 4b 94 76 83 71 87 b7 0e d9 d6 1f f4 | ba 40 e4 c2 f6 61 58 9f 2e 9e f2 0b b8 ae e1 ab | 04 16 bb 2a c6 fe c3 cf 5a 25 46 82 18 a4 b9 c5 | 9c 1e da 1c af c4 ef e1 86 1a d1 ff bc 41 e3 68 | ca e4 9f 5f 04 1f 8b db 9e bb 7c 3b 3a 8a 37 ed | 3f 1b c9 76 ea 91 87 43 ad b2 0f d6 f1 d4 90 22 | 5c ff b3 2b | start processing: from 192.1.3.209:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 3d 90 5f e6 ea 1c 2d 0d | responder cookie: | 78 5b 8a ad 9d ad d9 c8 | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 532 (0x214) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) | start processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_v1_packet() at ikev1.c:1459) | ***parse ISAKMP IKE Fragment Payload: | length: 504 (0x1f8) | fragment id: 1 (0x1) | fragment number: 4 (0x4) | flags: 0 (0x0) | received IKE fragment id '1', number '4' | stop processing: from 192.1.3.209:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.564 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00669 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 176 bytes from 192.1.3.209:500 on eth1 (192.1.2.23:500) | 3d 90 5f e6 ea 1c 2d 0d 78 5b 8a ad 9d ad d9 c8 | 84 10 02 00 00 00 00 00 00 00 00 b0 00 00 00 94 | 00 01 05 01 a7 9f 82 a4 86 23 a2 0a 50 2b ba f9 | 25 2d 89 ef ef 97 f3 55 8f 53 c4 41 e9 f7 4c d4 | 8f da 4f b4 b2 53 82 96 0f 1e 9f d8 18 b8 45 e0 | a9 23 ca 6c 01 17 c2 fe db 87 29 6e c6 dc 5f 27 | 9c 0d 2d fd ea 4d 72 f9 7f 58 dd eb 6e 0b 1b 1f | 72 b5 2f ea bd 06 42 d2 01 f1 09 42 54 1b 1b 2d | 97 49 55 11 94 ae 6a b6 78 e6 9c 85 a0 33 39 83 | 33 7b f4 68 41 22 14 c5 ed af 56 f4 db 57 b7 65 | a8 31 77 01 d4 e1 8e aa 92 82 d7 19 7e 47 3a 8d | start processing: from 192.1.3.209:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 3d 90 5f e6 ea 1c 2d 0d | responder cookie: | 78 5b 8a ad 9d ad d9 c8 | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 176 (0xb0) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) | start processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_v1_packet() at ikev1.c:1459) | ***parse ISAKMP IKE Fragment Payload: | length: 148 (0x94) | fragment id: 1 (0x1) | fragment number: 5 (0x5) | flags: 1 (0x1) | received IKE fragment id '1', number '5'(last) | **parse ISAKMP Message: | initiator cookie: | 3d 90 5f e6 ea 1c 2d 0d | responder cookie: | 78 5b 8a ad 9d ad d9 c8 | next payload type: ISAKMP_NEXT_ID (0x5) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 0 (0x0) | length: 2124 (0x84c) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) | [RE]START processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_v1_packet() at ikev1.c:1459) | #1 is idle | #1 idle | received encrypted packet from 192.1.3.209:500 | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x220 opt: 0x20c0 | ***parse ISAKMP Identification Payload: | next payload type: ISAKMP_NEXT_CERT (0x6) | length: 197 (0xc5) | ID type: ID_DER_ASN1_DN (0x9) | DOI specific A: 0 (0x0) | DOI specific B: 0 (0x0) | obj: 30 81 ba 31 0b 30 09 06 03 55 04 06 13 02 43 41 | obj: 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 | obj: 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 | obj: 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c | obj: 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 | obj: 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 | obj: 6e 74 31 26 30 24 06 03 55 04 03 0c 1d 6b 65 79 | obj: 34 30 39 36 2e 74 65 73 74 69 6e 67 2e 6c 69 62 | obj: 72 65 73 77 61 6e 2e 6f 72 67 31 31 30 2f 06 09 | obj: 2a 86 48 86 f7 0d 01 09 01 16 22 75 73 65 72 2d | obj: 6b 65 79 34 30 39 36 40 74 65 73 74 69 6e 67 2e | obj: 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 | got payload 0x40 (ISAKMP_NEXT_CERT) needed: 0x200 opt: 0x20c0 | ***parse ISAKMP Certificate Payload: | next payload type: ISAKMP_NEXT_CR (0x7) | length: 1366 (0x556) | cert encoding: CERT_X509_SIGNATURE (0x4) | got payload 0x80 (ISAKMP_NEXT_CR) needed: 0x200 opt: 0x20c0 | ***parse ISAKMP Certificate RequestPayload: | next payload type: ISAKMP_NEXT_SIG (0x9) | length: 5 (0x5) | cert type: CERT_X509_SIGNATURE (0x4) | got payload 0x200 (ISAKMP_NEXT_SIG) needed: 0x200 opt: 0x20c0 | ***parse ISAKMP Signature Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 516 (0x204) | removing 12 bytes of padding | message 'main_inI3_outR3' HASH payload not checked early | DER ASN1 DN: 30 81 ba 31 0b 30 09 06 03 55 04 06 13 02 43 41 | DER ASN1 DN: 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 | DER ASN1 DN: 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 | DER ASN1 DN: 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c | DER ASN1 DN: 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 | DER ASN1 DN: 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 | DER ASN1 DN: 6e 74 31 26 30 24 06 03 55 04 03 0c 1d 6b 65 79 | DER ASN1 DN: 34 30 39 36 2e 74 65 73 74 69 6e 67 2e 6c 69 62 | DER ASN1 DN: 72 65 73 77 61 6e 2e 6f 72 67 31 31 30 2f 06 09 | DER ASN1 DN: 2a 86 48 86 f7 0d 01 09 01 16 22 75 73 65 72 2d | DER ASN1 DN: 6b 65 79 34 30 39 36 40 74 65 73 74 69 6e 67 2e | DER ASN1 DN: 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 "x509"[1] 192.1.3.209 #1: Peer ID is ID_DER_ASN1_DN: 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=key4096.testing.libreswan.org, E=user-key4096@testing.libreswan.org' | global one-shot timer EVENT_FREE_ROOT_CERTS scheduled in 300 seconds | #1 spent 0.0204 milliseconds in find_and_verify_certs() calling get_root_certs() | checking for known CERT payloads | saving certificate of type 'X509_SIGNATURE' | decoded cert: E=user-key4096@testing.libreswan.org,CN=key4096.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA | #1 spent 1.05 milliseconds in find_and_verify_certs() calling decode_cert_payloads() | cert_issuer_has_current_crl: looking for a CRL issued by E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA | #1 spent 0.138 milliseconds in find_and_verify_certs() calling crl_update_check() | missing or expired CRL | crl_strict: 0, ocsp: 0, ocsp_strict: 0, ocsp_post: 0 | verify_end_cert trying profile IPsec "x509"[1] 192.1.3.209 #1: Certificate E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA failed IPsec verification "x509"[1] 192.1.3.209 #1: ERROR: The certificate was signed using a signature algorithm that is disabled because it is not secure. | #1 spent 1.16 milliseconds in find_and_verify_certs() calling verify_end_cert() "x509"[1] 192.1.3.209 #1: X509: Certificate rejected for this connection "x509"[1] 192.1.3.209 #1: X509: CERT payload bogus or revoked | Peer ID failed to decode | complete v1 state transition with INVALID_ID_INFORMATION | [RE]START processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in complete_v1_state_transition() at ikev1.c:2673) | #1 is idle "x509"[1] 192.1.3.209 #1: sending encrypted notification INVALID_ID_INFORMATION to 192.1.3.209:500 | **emit ISAKMP Message: | initiator cookie: | 3d 90 5f e6 ea 1c 2d 0d | responder cookie: | 78 5b 8a ad 9d ad d9 c8 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_INFO (0x5) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 1484618783 (0x587d7c1f) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'notification msg' | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload | emitting length of ISAKMP Hash Payload: 36 | ***emit ISAKMP Notification Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | DOI: ISAKMP_DOI_IPSEC (0x1) | protocol ID: 1 (0x1) | SPI size: 0 (0x0) | Notify Message Type: INVALID_ID_INFORMATION (0x12) | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Notification Payload (11:ISAKMP_NEXT_N) | next payload chain: saving location 'ISAKMP Notification Payload'.'next payload type' in 'notification msg' | emitting length of ISAKMP Notification Payload: 12 | send notification HASH(1): | 88 84 21 0c 08 47 41 22 96 49 99 62 70 e4 98 ed | 38 ab b2 22 0b e0 f0 31 52 f9 cd 68 ef 58 3e 4f | no IKEv1 message padding required | emitting length of ISAKMP Message: 76 | sending 76 bytes for notification packet through eth1 from 192.1.2.23:500 to 192.1.3.209:500 (using #1) | 3d 90 5f e6 ea 1c 2d 0d 78 5b 8a ad 9d ad d9 c8 | 08 10 05 01 58 7d 7c 1f 00 00 00 4c ba 9f 94 31 | 6f c3 d4 48 fd 93 6a 5e de 2c f0 b3 db b1 19 db | 30 e5 af 94 df 90 2c f8 a5 02 b9 67 65 96 80 a4 | c7 e4 90 0b 59 1d d9 95 ca 78 0d bd | state transition function for STATE_MAIN_R2 failed: INVALID_ID_INFORMATION | #1 spent 3.52 milliseconds in process_packet_tail() | updated IKE fragment state to respond using fragments without waiting for re-transmits | stop processing: from 192.1.3.209:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 4.46 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00364 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 532 bytes from 192.1.3.209:500 on eth1 (192.1.2.23:500) | 3d 90 5f e6 ea 1c 2d 0d 78 5b 8a ad 9d ad d9 c8 | 84 10 02 00 00 00 00 00 00 00 02 14 00 00 01 f8 | 00 01 01 00 3d 90 5f e6 ea 1c 2d 0d 78 5b 8a ad | 9d ad d9 c8 05 10 02 01 00 00 00 00 00 00 08 4c | 93 d7 2c b5 ed f7 b9 6c da f0 8f 70 09 e4 81 3b | dc 07 29 f4 0b d6 d0 c0 a1 4b 7f 38 ee 71 a5 51 | af aa d2 6c 52 af 4a a1 03 85 90 e5 bd a2 b3 bc | cf 4c 4f df b5 c9 d7 9a ff 04 14 67 ff a8 20 e9 | 66 49 8d 03 00 a7 8d cd 9e b3 92 ec 9f eb ac f0 | 84 94 1f 5b 63 72 d3 8a 51 2d f8 4f ad 9a be f3 | ce cf 05 b6 c7 e5 74 97 22 2b 9d 67 05 4e 0a 63 | 49 88 f2 09 8b a4 33 6a 10 41 3c 14 43 1c a1 ac | b1 bd 13 37 ff b3 2a 97 7f 5f a5 86 e2 63 e7 72 | 14 0d f0 3d 53 06 ee 4b e8 4b 77 31 90 24 f0 fe | 09 57 a8 40 26 f6 0f f9 ac eb 68 80 97 eb e9 91 | 99 c7 83 a9 89 df 72 71 88 07 24 00 d4 b9 7b a3 | 4a 79 e3 c7 1b a8 fb d4 ae b5 9f e7 80 72 d8 2e | 4e 87 aa f4 a3 a3 20 40 88 e9 4b 8e 9f 96 af f2 | 17 3e 67 8c 16 a3 ea 05 27 11 9f 3f 17 3c 31 04 | 03 79 af 9f 9e a1 66 c1 be f0 9c 46 8b 60 2b 26 | b3 17 c8 f0 33 d0 18 d0 da 41 5f d7 85 f1 a9 93 | 4b 8f 29 f2 c8 be 04 42 b9 31 56 b2 f0 c2 0f 32 | 95 a7 23 53 26 bb 34 74 ca 72 a1 fb 2b 37 a4 17 | 6c 4a f9 c8 50 e4 2c 7b 58 51 b6 1e 10 c2 31 af | 47 5e 05 bf 33 8f 60 60 7e 71 29 0c ee 8b cf 0c | 2e 8c 2d 48 b7 f7 ac 58 38 7e 2c 62 b0 e9 0a 82 | 91 be 8c 18 88 23 11 d8 87 d4 ef 1c e9 eb 88 41 | 13 9f 0c 0c fc d6 a3 44 d9 e2 0b 07 a1 b3 6a be | 9f 2a 25 be b3 cb 71 09 04 43 85 ac a4 a8 8f 42 | 11 57 59 a0 19 e9 18 4a a7 82 5d f1 97 03 0c 4a | 02 57 61 59 92 98 a3 ad 0e d5 83 ad 0a 67 d1 0f | 76 d7 3f 12 78 ea 9d d0 51 70 98 ab e5 4b fc 98 | f2 a6 98 cb ce 9c fc 7b c6 4a 73 4d d5 0a 90 4e | 40 5e 47 54 | start processing: from 192.1.3.209:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 3d 90 5f e6 ea 1c 2d 0d | responder cookie: | 78 5b 8a ad 9d ad d9 c8 | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 532 (0x214) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) | start processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_v1_packet() at ikev1.c:1459) | ***parse ISAKMP IKE Fragment Payload: | length: 504 (0x1f8) | fragment id: 1 (0x1) | fragment number: 1 (0x1) | flags: 0 (0x0) | received IKE fragment id '1', number '1' | stop processing: from 192.1.3.209:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.162 milliseconds in comm_handle_cb() reading and processing packet | timer_event_cb: processing event@0x55cbbf0c0588 | handling event EVENT_RETRANSMIT for parent state #1 | start processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in timer_event_cb() at timer.c:250) | IKEv1 retransmit event | [RE]START processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in retransmit_v1_msg() at retry.c:61) | handling event EVENT_RETRANSMIT for 192.1.3.209 "x509"[1] 192.1.3.209 #1 keying attempt 0 of 0; retransmit 4 | retransmits: current time 29797.724183; retransmit count 3 exceeds limit? NO; deltatime 4 exceeds limit? NO; monotime 4.006332 exceeds limit? NO | event_schedule: new EVENT_RETRANSMIT-pe@0x55cbbf0acff8 | inserting event EVENT_RETRANSMIT, timeout in 4 seconds for #1 | libevent_malloc: new ptr-libevent@0x55cbbf0acc38 size 128 "x509"[1] 192.1.3.209 #1: STATE_MAIN_R2: retransmission; will wait 4 seconds for response | sending 396 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.3.209:500 (using #1) | 3d 90 5f e6 ea 1c 2d 0d 78 5b 8a ad 9d ad d9 c8 | 04 10 02 00 00 00 00 00 00 00 01 8c 0a 00 01 04 | e4 9e 42 73 5f 64 2c ec 1c 59 96 77 51 19 e9 11 | d6 3c f6 95 e0 90 73 be c7 9c b1 69 a1 da 59 7f | 21 5d 2e f2 bb 96 ad 2c 73 3f 3f 18 69 90 d3 5c | d8 5b a7 fe 91 6c 31 02 f1 3c a0 33 18 17 9c ee | 82 b0 f3 69 b4 b9 aa 5f 32 36 dd 1d fc 10 c4 2b | fc 41 a3 d3 d3 32 74 43 c2 dd d6 b4 c2 cd 17 4f | 39 42 11 44 59 96 92 57 39 98 66 8e cc b4 65 6e | 21 05 07 e2 53 0f da fb f6 99 12 85 da 28 c5 cc | 04 00 9f 26 ab ea 7e f8 12 7f 5a 47 27 59 51 ca | 6c 70 5d 1c 4b 23 78 28 9f 46 c5 67 80 50 dd a6 | c7 b9 41 a5 e0 6b 9a a8 54 e1 3f 06 b3 89 69 92 | 38 06 a4 0e c5 5d 9a 96 56 cb 1e ae 71 b2 c5 b3 | 9c 3a 68 83 dd 59 d7 e6 e2 19 07 32 e4 4e 2a 08 | 8a cb 75 7f 1f c9 04 5b 74 a0 0c 86 0e ac da d5 | a6 fd 3a 65 b1 40 78 79 b5 18 dc ff e8 33 8c 18 | 5e 10 66 42 ae 76 ca 56 06 23 92 57 22 bd 89 07 | 14 00 00 24 61 d2 ab cb 6b 72 31 1d 23 b9 4b 59 | a1 6f eb b2 34 4e 10 31 15 80 1d d5 48 6c 3c 19 | 12 15 72 3c 14 00 00 24 bd a7 19 a2 7b 82 68 66 | 6f 2a 20 8d 68 24 79 75 df 46 68 4b 09 66 a5 f6 | 14 9d c9 42 18 fd 58 03 00 00 00 24 91 5c f7 92 | e0 5e 3d 47 f2 48 e6 75 9d d2 8d bd ac b7 63 bc | 4c cf 2f 12 e1 7c f1 8e a6 46 1c 25 | libevent_free: release ptr-libevent@0x55cbbf0d5c58 | free_event_entry: release EVENT_RETRANSMIT-pe@0x55cbbf0c0588 | #1 spent 0.112 milliseconds in timer_event_cb() EVENT_RETRANSMIT | stop processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in timer_event_cb() at timer.c:557) | spent 0.00131 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 532 bytes from 192.1.3.209:500 on eth1 (192.1.2.23:500) | 3d 90 5f e6 ea 1c 2d 0d 78 5b 8a ad 9d ad d9 c8 | 84 10 02 00 00 00 00 00 00 00 02 14 00 00 01 f8 | 00 01 02 00 4b d9 5c 57 31 fe 7a e4 66 7a e3 44 | 00 96 a6 04 c1 e9 22 2d 22 a3 36 35 cd 54 2e f4 | 19 e9 01 2e cf 3c 03 b8 c5 eb 5d 3f 7c b2 14 76 | 5d 1c 93 a8 22 f0 b6 2a 64 92 c3 ac 85 a6 07 26 | 39 b8 7e d6 a7 3b 38 62 48 6b 6d 28 33 9b 14 6f | d8 9a de 65 3a f1 a9 44 71 85 ba e8 bc 69 27 8c | 9f 77 fc 75 8e e3 f9 b1 52 e6 27 82 9d 61 e2 16 | ea 6b 5b 4b 62 ca ec 48 f7 4e 8d ff e2 76 d2 c1 | 1a 3f db 61 ad 80 16 17 70 3f cf 7a d5 c5 da d3 | cd 67 40 55 99 8a e4 c6 f4 50 14 17 cc 82 27 6c | bd 62 54 07 83 5e ee ac 4b ad 38 ed 87 14 e3 59 | 5e d0 e7 75 a8 46 29 2e 75 9b 3f d0 d6 8b 48 52 | 7b 20 83 38 fb fa 3a 3c ab 31 f6 a1 cd d8 9d 3d | 18 92 f0 5c 24 a5 fb 20 a3 90 5b 1d 31 be a0 5f | 1f ee 95 0a d6 1a 42 9b ec 49 03 6e bc ff c8 58 | 49 ca 9e 26 4c d6 ce be 5f d4 e3 e5 c8 3b 25 a8 | f2 34 fb 2e a9 0d 61 4a d1 8c 2f a7 48 d6 c0 12 | dd f3 87 c3 b3 52 83 39 d3 9f 9e 17 2a fb 44 84 | cc 59 54 7f 15 4a bd dd d5 00 7d 4e d5 dc d4 5c | 2f 1b 20 4e 0f 22 4a e1 af a2 0e cd 50 7c 34 c6 | c8 2f 9d c3 f8 5d 71 d1 e8 b4 82 6b cb 72 b7 e5 | 07 6f d6 e1 dd 82 c1 06 d6 62 f4 78 f7 8d d3 97 | 4e ca 02 d4 f8 d6 68 65 fd c4 4b a1 96 52 c7 44 | 60 0d 7e d8 4a b9 26 ef 31 41 e1 d8 d3 44 66 c7 | 12 79 af 20 a2 72 c4 22 75 74 48 5e e1 3b 23 91 | 2c a6 f4 83 80 36 76 81 ca 47 d1 e8 4a c8 f4 9e | e3 83 2e 7c f8 c3 d5 66 12 b6 36 65 ea e2 7f 05 | 05 20 28 08 4f 7e fd 0d 83 a0 55 1b 3d dc dc 7f | e8 4a 87 44 64 9c e5 4d 23 94 60 3c c1 ed 3a 7f | 28 e2 a8 7e 09 92 93 b1 f4 5e e8 a1 21 99 88 ee | b5 3a 3c 91 63 bf b7 f4 cd 86 e0 53 50 88 19 1d | a6 ec 1d 6c | start processing: from 192.1.3.209:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 3d 90 5f e6 ea 1c 2d 0d | responder cookie: | 78 5b 8a ad 9d ad d9 c8 | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 532 (0x214) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) | start processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_v1_packet() at ikev1.c:1459) | ***parse ISAKMP IKE Fragment Payload: | length: 504 (0x1f8) | fragment id: 1 (0x1) | fragment number: 2 (0x2) | flags: 0 (0x0) | received IKE fragment id '1', number '2' | stop processing: from 192.1.3.209:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.127 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00131 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 532 bytes from 192.1.3.209:500 on eth1 (192.1.2.23:500) | 3d 90 5f e6 ea 1c 2d 0d 78 5b 8a ad 9d ad d9 c8 | 84 10 02 00 00 00 00 00 00 00 02 14 00 00 01 f8 | 00 01 03 00 f3 3e e2 63 75 83 32 2d cb 32 90 3f | da 14 f9 c1 b9 80 ee e4 94 0f 55 a0 67 21 1e 6f | 17 c3 f7 55 94 2e 62 8a 7d 56 3a d6 0a 78 75 63 | e2 72 a1 a3 81 e3 8a 47 0d ba c8 60 24 33 ca 34 | 35 99 b1 4b 38 9f 88 32 50 bb eb ac 08 de 98 c9 | 9d e1 61 be 7d 17 7e f3 5a 01 e8 2d c4 e2 60 80 | 0d 1a ae 9c 31 39 73 90 9f 5e cb 21 72 10 d2 d0 | 0d 45 eb 92 bd 69 9c 33 f7 6f 7d 57 34 5e 12 f4 | 28 73 a9 f3 29 a8 b6 4a 85 ed f6 1b f1 ee 9f 57 | 22 78 e0 e2 62 48 df 64 97 8c 1a d7 e4 3e 15 b0 | 26 bb 94 6c 4a 58 34 74 81 00 07 60 11 48 4a f4 | fc 06 ad e5 d3 0f 8c 22 f7 a1 a2 81 53 f7 c9 36 | b6 d9 47 d5 9e 82 4d eb bd 34 a4 c0 d3 00 e1 e2 | 04 7a 4f 2e be 38 01 a0 d8 fa ef 6d fd dc 95 95 | 6e 6e 13 de bb 8c 69 9d 34 a0 dc b9 04 65 90 e2 | 12 45 ac 01 72 30 a0 39 1f 87 5e 58 e0 5f b4 de | eb 97 a8 66 2a 8c fb 17 9a fc 15 b3 9c 86 e0 65 | fd 56 d5 7d 3c db 7d b3 b1 b0 6f 36 48 77 de fd | 83 14 17 aa 2a 20 1e c5 ae c2 6d ca 33 1f 87 a6 | 7b ba 25 79 5e d1 ce 22 24 40 54 f4 76 46 42 36 | 4a 65 9b 4b b8 ad a7 ab a9 91 7b 37 f1 aa 04 42 | 15 1e 65 44 ed 1d 4d b9 10 ab d9 58 bc 86 49 6e | 68 00 6a 4b fb 07 f9 99 1b 3e 3e db 0d 65 b5 09 | bf 86 66 65 41 fa b4 c8 0e da 65 4c cd c4 ec c1 | c8 18 d2 98 b7 9c 8f e2 ba 90 62 95 6f d1 49 8d | b0 9f b6 fe 5a 62 d7 d6 18 ac d9 a5 02 69 d0 0a | eb 35 20 e2 29 4d df d8 f9 3e 63 11 97 d3 84 cb | b5 0e 52 a3 84 23 0e 54 e0 f9 c6 af 67 29 3a d1 | 5c 5e 44 b2 ce 37 76 23 84 a7 93 b1 14 5d 85 37 | db 03 39 fb d1 2a 29 12 81 69 cd 6e ae 93 29 b2 | 4d 04 f6 93 7e 0b 38 d0 4e ca 1b 12 e7 5a bf 09 | f7 dd 4f 73 | start processing: from 192.1.3.209:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 3d 90 5f e6 ea 1c 2d 0d | responder cookie: | 78 5b 8a ad 9d ad d9 c8 | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 532 (0x214) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) | start processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_v1_packet() at ikev1.c:1459) | ***parse ISAKMP IKE Fragment Payload: | length: 504 (0x1f8) | fragment id: 1 (0x1) | fragment number: 3 (0x3) | flags: 0 (0x0) | received IKE fragment id '1', number '3' | stop processing: from 192.1.3.209:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.127 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00129 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 532 bytes from 192.1.3.209:500 on eth1 (192.1.2.23:500) | 3d 90 5f e6 ea 1c 2d 0d 78 5b 8a ad 9d ad d9 c8 | 84 10 02 00 00 00 00 00 00 00 02 14 00 00 01 f8 | 00 01 04 00 8d 68 2d 0a 59 e7 10 ac 06 ba 11 3f | a0 23 3b d8 02 e3 16 e6 24 f4 d8 24 47 52 2f 19 | 6d 72 2a 3d 24 28 d3 26 a6 34 f5 18 be 52 18 20 | 7a b2 c2 01 3d 19 c3 14 f5 76 8c 03 85 35 ce cd | de e1 89 dd b2 5d 87 6e 27 1f 84 91 bb d7 67 0a | ae 93 10 04 41 65 5c 7f 74 3a 23 34 6a ec 19 f1 | 15 76 c9 20 58 59 fe cc ba d1 7e cb 0c 9a 25 20 | 59 c2 2b a1 34 44 17 c7 8c bf 75 b0 15 0b 8e 9b | 49 32 15 2f 33 d9 61 20 87 a9 c5 84 16 a0 2f 65 | 1f 6c d1 aa 14 65 75 56 a0 b2 9d c2 bf 5e bf f5 | 55 bf 21 11 07 6c f1 80 de e5 2b 49 b1 be 62 92 | a5 33 6c f1 bc cc e3 39 a9 63 89 36 99 e2 b1 a9 | e9 17 85 20 2a 6b ff 5b c0 4a 0d 4b 57 9d 4e 82 | 12 0f c3 3b ee 20 05 3f 64 fa fb 20 bb 80 d7 be | ac 22 5c 4c 2f 56 34 b2 86 64 c1 f2 02 fe b5 be | 5b 27 57 4f 59 d9 29 3b 2c ac ab 8b 1e 58 37 66 | f2 0f 2f 20 39 e9 87 83 63 e4 df 93 db e8 80 1c | de 8d 78 b9 e3 b3 bd d3 20 13 6e f8 86 58 fa 30 | 28 5d 14 85 ba 8a 7c fb 10 82 69 93 8e 27 b7 09 | 29 fd 10 eb 55 7d b8 9b d3 e2 9d c7 d4 b0 e3 b5 | 37 88 a0 e1 49 13 ac df 9b dd f3 43 6f 16 3f d7 | 4c 27 04 9b a4 c8 34 c8 6d ca 3b 73 1b 3c 69 21 | 4f d9 f6 e6 8b 4c c3 6c fd 3c 15 3e 2e b4 c7 43 | ca c2 5e 45 04 91 50 5b b6 3e 70 90 56 68 43 c5 | 3d 08 1e d7 fd 75 97 15 fe 79 3d 4f 3f 6b 47 0a | 93 55 03 94 4b 94 76 83 71 87 b7 0e d9 d6 1f f4 | ba 40 e4 c2 f6 61 58 9f 2e 9e f2 0b b8 ae e1 ab | 04 16 bb 2a c6 fe c3 cf 5a 25 46 82 18 a4 b9 c5 | 9c 1e da 1c af c4 ef e1 86 1a d1 ff bc 41 e3 68 | ca e4 9f 5f 04 1f 8b db 9e bb 7c 3b 3a 8a 37 ed | 3f 1b c9 76 ea 91 87 43 ad b2 0f d6 f1 d4 90 22 | 5c ff b3 2b | start processing: from 192.1.3.209:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 3d 90 5f e6 ea 1c 2d 0d | responder cookie: | 78 5b 8a ad 9d ad d9 c8 | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 532 (0x214) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) | start processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_v1_packet() at ikev1.c:1459) | ***parse ISAKMP IKE Fragment Payload: | length: 504 (0x1f8) | fragment id: 1 (0x1) | fragment number: 4 (0x4) | flags: 0 (0x0) | received IKE fragment id '1', number '4' | stop processing: from 192.1.3.209:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.156 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00152 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 176 bytes from 192.1.3.209:500 on eth1 (192.1.2.23:500) | 3d 90 5f e6 ea 1c 2d 0d 78 5b 8a ad 9d ad d9 c8 | 84 10 02 00 00 00 00 00 00 00 00 b0 00 00 00 94 | 00 01 05 01 a7 9f 82 a4 86 23 a2 0a 50 2b ba f9 | 25 2d 89 ef ef 97 f3 55 8f 53 c4 41 e9 f7 4c d4 | 8f da 4f b4 b2 53 82 96 0f 1e 9f d8 18 b8 45 e0 | a9 23 ca 6c 01 17 c2 fe db 87 29 6e c6 dc 5f 27 | 9c 0d 2d fd ea 4d 72 f9 7f 58 dd eb 6e 0b 1b 1f | 72 b5 2f ea bd 06 42 d2 01 f1 09 42 54 1b 1b 2d | 97 49 55 11 94 ae 6a b6 78 e6 9c 85 a0 33 39 83 | 33 7b f4 68 41 22 14 c5 ed af 56 f4 db 57 b7 65 | a8 31 77 01 d4 e1 8e aa 92 82 d7 19 7e 47 3a 8d | start processing: from 192.1.3.209:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 3d 90 5f e6 ea 1c 2d 0d | responder cookie: | 78 5b 8a ad 9d ad d9 c8 | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 176 (0xb0) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) | start processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_v1_packet() at ikev1.c:1459) | ***parse ISAKMP IKE Fragment Payload: | length: 148 (0x94) | fragment id: 1 (0x1) | fragment number: 5 (0x5) | flags: 1 (0x1) | received IKE fragment id '1', number '5'(last) | **parse ISAKMP Message: | initiator cookie: | 3d 90 5f e6 ea 1c 2d 0d | responder cookie: | 78 5b 8a ad 9d ad d9 c8 | next payload type: ISAKMP_NEXT_ID (0x5) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 0 (0x0) | length: 2124 (0x84c) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) | [RE]START processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_v1_packet() at ikev1.c:1459) | #1 is idle | #1 idle | received encrypted packet from 192.1.3.209:500 | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x220 opt: 0x20c0 | ***parse ISAKMP Identification Payload: | next payload type: ISAKMP_NEXT_CERT (0x6) | length: 197 (0xc5) | ID type: ID_DER_ASN1_DN (0x9) | DOI specific A: 0 (0x0) | DOI specific B: 0 (0x0) | obj: 30 81 ba 31 0b 30 09 06 03 55 04 06 13 02 43 41 | obj: 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 | obj: 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 | obj: 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c | obj: 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 | obj: 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 | obj: 6e 74 31 26 30 24 06 03 55 04 03 0c 1d 6b 65 79 | obj: 34 30 39 36 2e 74 65 73 74 69 6e 67 2e 6c 69 62 | obj: 72 65 73 77 61 6e 2e 6f 72 67 31 31 30 2f 06 09 | obj: 2a 86 48 86 f7 0d 01 09 01 16 22 75 73 65 72 2d | obj: 6b 65 79 34 30 39 36 40 74 65 73 74 69 6e 67 2e | obj: 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 | got payload 0x40 (ISAKMP_NEXT_CERT) needed: 0x200 opt: 0x20c0 | ***parse ISAKMP Certificate Payload: | next payload type: ISAKMP_NEXT_CR (0x7) | length: 1366 (0x556) | cert encoding: CERT_X509_SIGNATURE (0x4) | got payload 0x80 (ISAKMP_NEXT_CR) needed: 0x200 opt: 0x20c0 | ***parse ISAKMP Certificate RequestPayload: | next payload type: ISAKMP_NEXT_SIG (0x9) | length: 5 (0x5) | cert type: CERT_X509_SIGNATURE (0x4) | got payload 0x200 (ISAKMP_NEXT_SIG) needed: 0x200 opt: 0x20c0 | ***parse ISAKMP Signature Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 516 (0x204) | removing 12 bytes of padding | message 'main_inI3_outR3' HASH payload not checked early | DER ASN1 DN: 30 81 ba 31 0b 30 09 06 03 55 04 06 13 02 43 41 | DER ASN1 DN: 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 | DER ASN1 DN: 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 | DER ASN1 DN: 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c | DER ASN1 DN: 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 | DER ASN1 DN: 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 | DER ASN1 DN: 6e 74 31 26 30 24 06 03 55 04 03 0c 1d 6b 65 79 | DER ASN1 DN: 34 30 39 36 2e 74 65 73 74 69 6e 67 2e 6c 69 62 | DER ASN1 DN: 72 65 73 77 61 6e 2e 6f 72 67 31 31 30 2f 06 09 | DER ASN1 DN: 2a 86 48 86 f7 0d 01 09 01 16 22 75 73 65 72 2d | DER ASN1 DN: 6b 65 79 34 30 39 36 40 74 65 73 74 69 6e 67 2e | DER ASN1 DN: 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 "x509"[1] 192.1.3.209 #1: Peer ID is ID_DER_ASN1_DN: 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=key4096.testing.libreswan.org, E=user-key4096@testing.libreswan.org' | global one-shot timer EVENT_FREE_ROOT_CERTS scheduled in 300 seconds | #1 spent 0.00473 milliseconds in find_and_verify_certs() calling get_root_certs() | checking for known CERT payloads | saving certificate of type 'X509_SIGNATURE' | decoded cert: E=user-key4096@testing.libreswan.org,CN=key4096.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA | #1 spent 0.245 milliseconds in find_and_verify_certs() calling decode_cert_payloads() | cert_issuer_has_current_crl: looking for a CRL issued by E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA | #1 spent 0.03 milliseconds in find_and_verify_certs() calling crl_update_check() | missing or expired CRL | crl_strict: 0, ocsp: 0, ocsp_strict: 0, ocsp_post: 0 | verify_end_cert trying profile IPsec "x509"[1] 192.1.3.209 #1: Certificate E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA failed IPsec verification "x509"[1] 192.1.3.209 #1: ERROR: The certificate was signed using a signature algorithm that is disabled because it is not secure. | #1 spent 0.261 milliseconds in find_and_verify_certs() calling verify_end_cert() "x509"[1] 192.1.3.209 #1: X509: Certificate rejected for this connection "x509"[1] 192.1.3.209 #1: X509: CERT payload bogus or revoked | Peer ID failed to decode | complete v1 state transition with INVALID_ID_INFORMATION | [RE]START processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in complete_v1_state_transition() at ikev1.c:2673) | #1 is idle "x509"[1] 192.1.3.209 #1: sending encrypted notification INVALID_ID_INFORMATION to 192.1.3.209:500 | **emit ISAKMP Message: | initiator cookie: | 3d 90 5f e6 ea 1c 2d 0d | responder cookie: | 78 5b 8a ad 9d ad d9 c8 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_INFO (0x5) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 256433092 (0xf48dbc4) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'notification msg' | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload | emitting length of ISAKMP Hash Payload: 36 | ***emit ISAKMP Notification Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | DOI: ISAKMP_DOI_IPSEC (0x1) | protocol ID: 1 (0x1) | SPI size: 0 (0x0) | Notify Message Type: INVALID_ID_INFORMATION (0x12) | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Notification Payload (11:ISAKMP_NEXT_N) | next payload chain: saving location 'ISAKMP Notification Payload'.'next payload type' in 'notification msg' | emitting length of ISAKMP Notification Payload: 12 | send notification HASH(1): | 39 82 aa d6 dd 12 a2 22 6d 01 02 e4 a3 5f 20 f8 | e6 61 ee 7a 5e 77 14 11 bd 3c e2 d8 01 28 5a ed | no IKEv1 message padding required | emitting length of ISAKMP Message: 76 | sending 76 bytes for notification packet through eth1 from 192.1.2.23:500 to 192.1.3.209:500 (using #1) | 3d 90 5f e6 ea 1c 2d 0d 78 5b 8a ad 9d ad d9 c8 | 08 10 05 01 0f 48 db c4 00 00 00 4c a6 0c 59 44 | 96 77 ba e1 f8 44 67 f9 07 56 fb ab 16 75 74 90 | c1 41 b3 e1 03 7a 0c e6 6e b1 06 12 95 d7 cf 06 | 7d 17 45 20 94 8c f2 75 56 db 35 cc | state transition function for STATE_MAIN_R2 failed: INVALID_ID_INFORMATION | #1 spent 1.14 milliseconds in process_packet_tail() | updated IKE fragment state to respond using fragments without waiting for re-transmits | stop processing: from 192.1.3.209:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 1.41 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00291 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 532 bytes from 192.1.3.209:500 on eth1 (192.1.2.23:500) | 3d 90 5f e6 ea 1c 2d 0d 78 5b 8a ad 9d ad d9 c8 | 84 10 02 00 00 00 00 00 00 00 02 14 00 00 01 f8 | 00 01 01 00 3d 90 5f e6 ea 1c 2d 0d 78 5b 8a ad | 9d ad d9 c8 05 10 02 01 00 00 00 00 00 00 08 4c | 93 d7 2c b5 ed f7 b9 6c da f0 8f 70 09 e4 81 3b | dc 07 29 f4 0b d6 d0 c0 a1 4b 7f 38 ee 71 a5 51 | af aa d2 6c 52 af 4a a1 03 85 90 e5 bd a2 b3 bc | cf 4c 4f df b5 c9 d7 9a ff 04 14 67 ff a8 20 e9 | 66 49 8d 03 00 a7 8d cd 9e b3 92 ec 9f eb ac f0 | 84 94 1f 5b 63 72 d3 8a 51 2d f8 4f ad 9a be f3 | ce cf 05 b6 c7 e5 74 97 22 2b 9d 67 05 4e 0a 63 | 49 88 f2 09 8b a4 33 6a 10 41 3c 14 43 1c a1 ac | b1 bd 13 37 ff b3 2a 97 7f 5f a5 86 e2 63 e7 72 | 14 0d f0 3d 53 06 ee 4b e8 4b 77 31 90 24 f0 fe | 09 57 a8 40 26 f6 0f f9 ac eb 68 80 97 eb e9 91 | 99 c7 83 a9 89 df 72 71 88 07 24 00 d4 b9 7b a3 | 4a 79 e3 c7 1b a8 fb d4 ae b5 9f e7 80 72 d8 2e | 4e 87 aa f4 a3 a3 20 40 88 e9 4b 8e 9f 96 af f2 | 17 3e 67 8c 16 a3 ea 05 27 11 9f 3f 17 3c 31 04 | 03 79 af 9f 9e a1 66 c1 be f0 9c 46 8b 60 2b 26 | b3 17 c8 f0 33 d0 18 d0 da 41 5f d7 85 f1 a9 93 | 4b 8f 29 f2 c8 be 04 42 b9 31 56 b2 f0 c2 0f 32 | 95 a7 23 53 26 bb 34 74 ca 72 a1 fb 2b 37 a4 17 | 6c 4a f9 c8 50 e4 2c 7b 58 51 b6 1e 10 c2 31 af | 47 5e 05 bf 33 8f 60 60 7e 71 29 0c ee 8b cf 0c | 2e 8c 2d 48 b7 f7 ac 58 38 7e 2c 62 b0 e9 0a 82 | 91 be 8c 18 88 23 11 d8 87 d4 ef 1c e9 eb 88 41 | 13 9f 0c 0c fc d6 a3 44 d9 e2 0b 07 a1 b3 6a be | 9f 2a 25 be b3 cb 71 09 04 43 85 ac a4 a8 8f 42 | 11 57 59 a0 19 e9 18 4a a7 82 5d f1 97 03 0c 4a | 02 57 61 59 92 98 a3 ad 0e d5 83 ad 0a 67 d1 0f | 76 d7 3f 12 78 ea 9d d0 51 70 98 ab e5 4b fc 98 | f2 a6 98 cb ce 9c fc 7b c6 4a 73 4d d5 0a 90 4e | 40 5e 47 54 | start processing: from 192.1.3.209:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 3d 90 5f e6 ea 1c 2d 0d | responder cookie: | 78 5b 8a ad 9d ad d9 c8 | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 532 (0x214) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) | start processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_v1_packet() at ikev1.c:1459) | ***parse ISAKMP IKE Fragment Payload: | length: 504 (0x1f8) | fragment id: 1 (0x1) | fragment number: 1 (0x1) | flags: 0 (0x0) | received IKE fragment id '1', number '1' | stop processing: from 192.1.3.209:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.138 milliseconds in comm_handle_cb() reading and processing packet | timer_event_cb: processing event@0x55cbbf0acff8 | handling event EVENT_RETRANSMIT for parent state #1 | start processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in timer_event_cb() at timer.c:250) | IKEv1 retransmit event | [RE]START processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in retransmit_v1_msg() at retry.c:61) | handling event EVENT_RETRANSMIT for 192.1.3.209 "x509"[1] 192.1.3.209 #1 keying attempt 0 of 0; retransmit 5 | retransmits: current time 29801.728116; retransmit count 4 exceeds limit? NO; deltatime 8 exceeds limit? NO; monotime 8.010265 exceeds limit? NO | event_schedule: new EVENT_RETRANSMIT-pe@0x55cbbf0c0588 | inserting event EVENT_RETRANSMIT, timeout in 8 seconds for #1 | libevent_malloc: new ptr-libevent@0x55cbbf0d5c58 size 128 "x509"[1] 192.1.3.209 #1: STATE_MAIN_R2: retransmission; will wait 8 seconds for response | sending 396 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.3.209:500 (using #1) | 3d 90 5f e6 ea 1c 2d 0d 78 5b 8a ad 9d ad d9 c8 | 04 10 02 00 00 00 00 00 00 00 01 8c 0a 00 01 04 | e4 9e 42 73 5f 64 2c ec 1c 59 96 77 51 19 e9 11 | d6 3c f6 95 e0 90 73 be c7 9c b1 69 a1 da 59 7f | 21 5d 2e f2 bb 96 ad 2c 73 3f 3f 18 69 90 d3 5c | d8 5b a7 fe 91 6c 31 02 f1 3c a0 33 18 17 9c ee | 82 b0 f3 69 b4 b9 aa 5f 32 36 dd 1d fc 10 c4 2b | fc 41 a3 d3 d3 32 74 43 c2 dd d6 b4 c2 cd 17 4f | 39 42 11 44 59 96 92 57 39 98 66 8e cc b4 65 6e | 21 05 07 e2 53 0f da fb f6 99 12 85 da 28 c5 cc | 04 00 9f 26 ab ea 7e f8 12 7f 5a 47 27 59 51 ca | 6c 70 5d 1c 4b 23 78 28 9f 46 c5 67 80 50 dd a6 | c7 b9 41 a5 e0 6b 9a a8 54 e1 3f 06 b3 89 69 92 | 38 06 a4 0e c5 5d 9a 96 56 cb 1e ae 71 b2 c5 b3 | 9c 3a 68 83 dd 59 d7 e6 e2 19 07 32 e4 4e 2a 08 | 8a cb 75 7f 1f c9 04 5b 74 a0 0c 86 0e ac da d5 | a6 fd 3a 65 b1 40 78 79 b5 18 dc ff e8 33 8c 18 | 5e 10 66 42 ae 76 ca 56 06 23 92 57 22 bd 89 07 | 14 00 00 24 61 d2 ab cb 6b 72 31 1d 23 b9 4b 59 | a1 6f eb b2 34 4e 10 31 15 80 1d d5 48 6c 3c 19 | 12 15 72 3c 14 00 00 24 bd a7 19 a2 7b 82 68 66 | 6f 2a 20 8d 68 24 79 75 df 46 68 4b 09 66 a5 f6 | 14 9d c9 42 18 fd 58 03 00 00 00 24 91 5c f7 92 | e0 5e 3d 47 f2 48 e6 75 9d d2 8d bd ac b7 63 bc | 4c cf 2f 12 e1 7c f1 8e a6 46 1c 25 | libevent_free: release ptr-libevent@0x55cbbf0acc38 | free_event_entry: release EVENT_RETRANSMIT-pe@0x55cbbf0acff8 | #1 spent 0.107 milliseconds in timer_event_cb() EVENT_RETRANSMIT | stop processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in timer_event_cb() at timer.c:557) | spent 0.00132 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 532 bytes from 192.1.3.209:500 on eth1 (192.1.2.23:500) | 3d 90 5f e6 ea 1c 2d 0d 78 5b 8a ad 9d ad d9 c8 | 84 10 02 00 00 00 00 00 00 00 02 14 00 00 01 f8 | 00 01 02 00 4b d9 5c 57 31 fe 7a e4 66 7a e3 44 | 00 96 a6 04 c1 e9 22 2d 22 a3 36 35 cd 54 2e f4 | 19 e9 01 2e cf 3c 03 b8 c5 eb 5d 3f 7c b2 14 76 | 5d 1c 93 a8 22 f0 b6 2a 64 92 c3 ac 85 a6 07 26 | 39 b8 7e d6 a7 3b 38 62 48 6b 6d 28 33 9b 14 6f | d8 9a de 65 3a f1 a9 44 71 85 ba e8 bc 69 27 8c | 9f 77 fc 75 8e e3 f9 b1 52 e6 27 82 9d 61 e2 16 | ea 6b 5b 4b 62 ca ec 48 f7 4e 8d ff e2 76 d2 c1 | 1a 3f db 61 ad 80 16 17 70 3f cf 7a d5 c5 da d3 | cd 67 40 55 99 8a e4 c6 f4 50 14 17 cc 82 27 6c | bd 62 54 07 83 5e ee ac 4b ad 38 ed 87 14 e3 59 | 5e d0 e7 75 a8 46 29 2e 75 9b 3f d0 d6 8b 48 52 | 7b 20 83 38 fb fa 3a 3c ab 31 f6 a1 cd d8 9d 3d | 18 92 f0 5c 24 a5 fb 20 a3 90 5b 1d 31 be a0 5f | 1f ee 95 0a d6 1a 42 9b ec 49 03 6e bc ff c8 58 | 49 ca 9e 26 4c d6 ce be 5f d4 e3 e5 c8 3b 25 a8 | f2 34 fb 2e a9 0d 61 4a d1 8c 2f a7 48 d6 c0 12 | dd f3 87 c3 b3 52 83 39 d3 9f 9e 17 2a fb 44 84 | cc 59 54 7f 15 4a bd dd d5 00 7d 4e d5 dc d4 5c | 2f 1b 20 4e 0f 22 4a e1 af a2 0e cd 50 7c 34 c6 | c8 2f 9d c3 f8 5d 71 d1 e8 b4 82 6b cb 72 b7 e5 | 07 6f d6 e1 dd 82 c1 06 d6 62 f4 78 f7 8d d3 97 | 4e ca 02 d4 f8 d6 68 65 fd c4 4b a1 96 52 c7 44 | 60 0d 7e d8 4a b9 26 ef 31 41 e1 d8 d3 44 66 c7 | 12 79 af 20 a2 72 c4 22 75 74 48 5e e1 3b 23 91 | 2c a6 f4 83 80 36 76 81 ca 47 d1 e8 4a c8 f4 9e | e3 83 2e 7c f8 c3 d5 66 12 b6 36 65 ea e2 7f 05 | 05 20 28 08 4f 7e fd 0d 83 a0 55 1b 3d dc dc 7f | e8 4a 87 44 64 9c e5 4d 23 94 60 3c c1 ed 3a 7f | 28 e2 a8 7e 09 92 93 b1 f4 5e e8 a1 21 99 88 ee | b5 3a 3c 91 63 bf b7 f4 cd 86 e0 53 50 88 19 1d | a6 ec 1d 6c | start processing: from 192.1.3.209:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 3d 90 5f e6 ea 1c 2d 0d | responder cookie: | 78 5b 8a ad 9d ad d9 c8 | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 532 (0x214) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) | start processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_v1_packet() at ikev1.c:1459) | ***parse ISAKMP IKE Fragment Payload: | length: 504 (0x1f8) | fragment id: 1 (0x1) | fragment number: 2 (0x2) | flags: 0 (0x0) | received IKE fragment id '1', number '2' | stop processing: from 192.1.3.209:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.118 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00127 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 532 bytes from 192.1.3.209:500 on eth1 (192.1.2.23:500) | 3d 90 5f e6 ea 1c 2d 0d 78 5b 8a ad 9d ad d9 c8 | 84 10 02 00 00 00 00 00 00 00 02 14 00 00 01 f8 | 00 01 03 00 f3 3e e2 63 75 83 32 2d cb 32 90 3f | da 14 f9 c1 b9 80 ee e4 94 0f 55 a0 67 21 1e 6f | 17 c3 f7 55 94 2e 62 8a 7d 56 3a d6 0a 78 75 63 | e2 72 a1 a3 81 e3 8a 47 0d ba c8 60 24 33 ca 34 | 35 99 b1 4b 38 9f 88 32 50 bb eb ac 08 de 98 c9 | 9d e1 61 be 7d 17 7e f3 5a 01 e8 2d c4 e2 60 80 | 0d 1a ae 9c 31 39 73 90 9f 5e cb 21 72 10 d2 d0 | 0d 45 eb 92 bd 69 9c 33 f7 6f 7d 57 34 5e 12 f4 | 28 73 a9 f3 29 a8 b6 4a 85 ed f6 1b f1 ee 9f 57 | 22 78 e0 e2 62 48 df 64 97 8c 1a d7 e4 3e 15 b0 | 26 bb 94 6c 4a 58 34 74 81 00 07 60 11 48 4a f4 | fc 06 ad e5 d3 0f 8c 22 f7 a1 a2 81 53 f7 c9 36 | b6 d9 47 d5 9e 82 4d eb bd 34 a4 c0 d3 00 e1 e2 | 04 7a 4f 2e be 38 01 a0 d8 fa ef 6d fd dc 95 95 | 6e 6e 13 de bb 8c 69 9d 34 a0 dc b9 04 65 90 e2 | 12 45 ac 01 72 30 a0 39 1f 87 5e 58 e0 5f b4 de | eb 97 a8 66 2a 8c fb 17 9a fc 15 b3 9c 86 e0 65 | fd 56 d5 7d 3c db 7d b3 b1 b0 6f 36 48 77 de fd | 83 14 17 aa 2a 20 1e c5 ae c2 6d ca 33 1f 87 a6 | 7b ba 25 79 5e d1 ce 22 24 40 54 f4 76 46 42 36 | 4a 65 9b 4b b8 ad a7 ab a9 91 7b 37 f1 aa 04 42 | 15 1e 65 44 ed 1d 4d b9 10 ab d9 58 bc 86 49 6e | 68 00 6a 4b fb 07 f9 99 1b 3e 3e db 0d 65 b5 09 | bf 86 66 65 41 fa b4 c8 0e da 65 4c cd c4 ec c1 | c8 18 d2 98 b7 9c 8f e2 ba 90 62 95 6f d1 49 8d | b0 9f b6 fe 5a 62 d7 d6 18 ac d9 a5 02 69 d0 0a | eb 35 20 e2 29 4d df d8 f9 3e 63 11 97 d3 84 cb | b5 0e 52 a3 84 23 0e 54 e0 f9 c6 af 67 29 3a d1 | 5c 5e 44 b2 ce 37 76 23 84 a7 93 b1 14 5d 85 37 | db 03 39 fb d1 2a 29 12 81 69 cd 6e ae 93 29 b2 | 4d 04 f6 93 7e 0b 38 d0 4e ca 1b 12 e7 5a bf 09 | f7 dd 4f 73 | start processing: from 192.1.3.209:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 3d 90 5f e6 ea 1c 2d 0d | responder cookie: | 78 5b 8a ad 9d ad d9 c8 | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 532 (0x214) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) | start processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_v1_packet() at ikev1.c:1459) | ***parse ISAKMP IKE Fragment Payload: | length: 504 (0x1f8) | fragment id: 1 (0x1) | fragment number: 3 (0x3) | flags: 0 (0x0) | received IKE fragment id '1', number '3' | stop processing: from 192.1.3.209:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.0779 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00103 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 532 bytes from 192.1.3.209:500 on eth1 (192.1.2.23:500) | 3d 90 5f e6 ea 1c 2d 0d 78 5b 8a ad 9d ad d9 c8 | 84 10 02 00 00 00 00 00 00 00 02 14 00 00 01 f8 | 00 01 04 00 8d 68 2d 0a 59 e7 10 ac 06 ba 11 3f | a0 23 3b d8 02 e3 16 e6 24 f4 d8 24 47 52 2f 19 | 6d 72 2a 3d 24 28 d3 26 a6 34 f5 18 be 52 18 20 | 7a b2 c2 01 3d 19 c3 14 f5 76 8c 03 85 35 ce cd | de e1 89 dd b2 5d 87 6e 27 1f 84 91 bb d7 67 0a | ae 93 10 04 41 65 5c 7f 74 3a 23 34 6a ec 19 f1 | 15 76 c9 20 58 59 fe cc ba d1 7e cb 0c 9a 25 20 | 59 c2 2b a1 34 44 17 c7 8c bf 75 b0 15 0b 8e 9b | 49 32 15 2f 33 d9 61 20 87 a9 c5 84 16 a0 2f 65 | 1f 6c d1 aa 14 65 75 56 a0 b2 9d c2 bf 5e bf f5 | 55 bf 21 11 07 6c f1 80 de e5 2b 49 b1 be 62 92 | a5 33 6c f1 bc cc e3 39 a9 63 89 36 99 e2 b1 a9 | e9 17 85 20 2a 6b ff 5b c0 4a 0d 4b 57 9d 4e 82 | 12 0f c3 3b ee 20 05 3f 64 fa fb 20 bb 80 d7 be | ac 22 5c 4c 2f 56 34 b2 86 64 c1 f2 02 fe b5 be | 5b 27 57 4f 59 d9 29 3b 2c ac ab 8b 1e 58 37 66 | f2 0f 2f 20 39 e9 87 83 63 e4 df 93 db e8 80 1c | de 8d 78 b9 e3 b3 bd d3 20 13 6e f8 86 58 fa 30 | 28 5d 14 85 ba 8a 7c fb 10 82 69 93 8e 27 b7 09 | 29 fd 10 eb 55 7d b8 9b d3 e2 9d c7 d4 b0 e3 b5 | 37 88 a0 e1 49 13 ac df 9b dd f3 43 6f 16 3f d7 | 4c 27 04 9b a4 c8 34 c8 6d ca 3b 73 1b 3c 69 21 | 4f d9 f6 e6 8b 4c c3 6c fd 3c 15 3e 2e b4 c7 43 | ca c2 5e 45 04 91 50 5b b6 3e 70 90 56 68 43 c5 | 3d 08 1e d7 fd 75 97 15 fe 79 3d 4f 3f 6b 47 0a | 93 55 03 94 4b 94 76 83 71 87 b7 0e d9 d6 1f f4 | ba 40 e4 c2 f6 61 58 9f 2e 9e f2 0b b8 ae e1 ab | 04 16 bb 2a c6 fe c3 cf 5a 25 46 82 18 a4 b9 c5 | 9c 1e da 1c af c4 ef e1 86 1a d1 ff bc 41 e3 68 | ca e4 9f 5f 04 1f 8b db 9e bb 7c 3b 3a 8a 37 ed | 3f 1b c9 76 ea 91 87 43 ad b2 0f d6 f1 d4 90 22 | 5c ff b3 2b | start processing: from 192.1.3.209:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 3d 90 5f e6 ea 1c 2d 0d | responder cookie: | 78 5b 8a ad 9d ad d9 c8 | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 532 (0x214) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) | start processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_v1_packet() at ikev1.c:1459) | ***parse ISAKMP IKE Fragment Payload: | length: 504 (0x1f8) | fragment id: 1 (0x1) | fragment number: 4 (0x4) | flags: 0 (0x0) | received IKE fragment id '1', number '4' | stop processing: from 192.1.3.209:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.0802 milliseconds in comm_handle_cb() reading and processing packet | spent 0.000974 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 176 bytes from 192.1.3.209:500 on eth1 (192.1.2.23:500) | 3d 90 5f e6 ea 1c 2d 0d 78 5b 8a ad 9d ad d9 c8 | 84 10 02 00 00 00 00 00 00 00 00 b0 00 00 00 94 | 00 01 05 01 a7 9f 82 a4 86 23 a2 0a 50 2b ba f9 | 25 2d 89 ef ef 97 f3 55 8f 53 c4 41 e9 f7 4c d4 | 8f da 4f b4 b2 53 82 96 0f 1e 9f d8 18 b8 45 e0 | a9 23 ca 6c 01 17 c2 fe db 87 29 6e c6 dc 5f 27 | 9c 0d 2d fd ea 4d 72 f9 7f 58 dd eb 6e 0b 1b 1f | 72 b5 2f ea bd 06 42 d2 01 f1 09 42 54 1b 1b 2d | 97 49 55 11 94 ae 6a b6 78 e6 9c 85 a0 33 39 83 | 33 7b f4 68 41 22 14 c5 ed af 56 f4 db 57 b7 65 | a8 31 77 01 d4 e1 8e aa 92 82 d7 19 7e 47 3a 8d | start processing: from 192.1.3.209:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 3d 90 5f e6 ea 1c 2d 0d | responder cookie: | 78 5b 8a ad 9d ad d9 c8 | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 176 (0xb0) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) | start processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_v1_packet() at ikev1.c:1459) | ***parse ISAKMP IKE Fragment Payload: | length: 148 (0x94) | fragment id: 1 (0x1) | fragment number: 5 (0x5) | flags: 1 (0x1) | received IKE fragment id '1', number '5'(last) | **parse ISAKMP Message: | initiator cookie: | 3d 90 5f e6 ea 1c 2d 0d | responder cookie: | 78 5b 8a ad 9d ad d9 c8 | next payload type: ISAKMP_NEXT_ID (0x5) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 0 (0x0) | length: 2124 (0x84c) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) | [RE]START processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_v1_packet() at ikev1.c:1459) | #1 is idle | #1 idle | received encrypted packet from 192.1.3.209:500 | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x220 opt: 0x20c0 | ***parse ISAKMP Identification Payload: | next payload type: ISAKMP_NEXT_CERT (0x6) | length: 197 (0xc5) | ID type: ID_DER_ASN1_DN (0x9) | DOI specific A: 0 (0x0) | DOI specific B: 0 (0x0) | obj: 30 81 ba 31 0b 30 09 06 03 55 04 06 13 02 43 41 | obj: 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 | obj: 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 | obj: 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c | obj: 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 | obj: 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 | obj: 6e 74 31 26 30 24 06 03 55 04 03 0c 1d 6b 65 79 | obj: 34 30 39 36 2e 74 65 73 74 69 6e 67 2e 6c 69 62 | obj: 72 65 73 77 61 6e 2e 6f 72 67 31 31 30 2f 06 09 | obj: 2a 86 48 86 f7 0d 01 09 01 16 22 75 73 65 72 2d | obj: 6b 65 79 34 30 39 36 40 74 65 73 74 69 6e 67 2e | obj: 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 | got payload 0x40 (ISAKMP_NEXT_CERT) needed: 0x200 opt: 0x20c0 | ***parse ISAKMP Certificate Payload: | next payload type: ISAKMP_NEXT_CR (0x7) | length: 1366 (0x556) | cert encoding: CERT_X509_SIGNATURE (0x4) | got payload 0x80 (ISAKMP_NEXT_CR) needed: 0x200 opt: 0x20c0 | ***parse ISAKMP Certificate RequestPayload: | next payload type: ISAKMP_NEXT_SIG (0x9) | length: 5 (0x5) | cert type: CERT_X509_SIGNATURE (0x4) | got payload 0x200 (ISAKMP_NEXT_SIG) needed: 0x200 opt: 0x20c0 | ***parse ISAKMP Signature Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 516 (0x204) | removing 12 bytes of padding | message 'main_inI3_outR3' HASH payload not checked early | DER ASN1 DN: 30 81 ba 31 0b 30 09 06 03 55 04 06 13 02 43 41 | DER ASN1 DN: 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 | DER ASN1 DN: 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 | DER ASN1 DN: 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c | DER ASN1 DN: 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 | DER ASN1 DN: 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 | DER ASN1 DN: 6e 74 31 26 30 24 06 03 55 04 03 0c 1d 6b 65 79 | DER ASN1 DN: 34 30 39 36 2e 74 65 73 74 69 6e 67 2e 6c 69 62 | DER ASN1 DN: 72 65 73 77 61 6e 2e 6f 72 67 31 31 30 2f 06 09 | DER ASN1 DN: 2a 86 48 86 f7 0d 01 09 01 16 22 75 73 65 72 2d | DER ASN1 DN: 6b 65 79 34 30 39 36 40 74 65 73 74 69 6e 67 2e | DER ASN1 DN: 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 "x509"[1] 192.1.3.209 #1: Peer ID is ID_DER_ASN1_DN: 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=key4096.testing.libreswan.org, E=user-key4096@testing.libreswan.org' | global one-shot timer EVENT_FREE_ROOT_CERTS scheduled in 300 seconds | #1 spent 0.00316 milliseconds in find_and_verify_certs() calling get_root_certs() | checking for known CERT payloads | saving certificate of type 'X509_SIGNATURE' | decoded cert: E=user-key4096@testing.libreswan.org,CN=key4096.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA | #1 spent 0.208 milliseconds in find_and_verify_certs() calling decode_cert_payloads() | cert_issuer_has_current_crl: looking for a CRL issued by E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA | #1 spent 0.031 milliseconds in find_and_verify_certs() calling crl_update_check() | missing or expired CRL | crl_strict: 0, ocsp: 0, ocsp_strict: 0, ocsp_post: 0 | verify_end_cert trying profile IPsec "x509"[1] 192.1.3.209 #1: Certificate E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA failed IPsec verification "x509"[1] 192.1.3.209 #1: ERROR: The certificate was signed using a signature algorithm that is disabled because it is not secure. | #1 spent 0.367 milliseconds in find_and_verify_certs() calling verify_end_cert() "x509"[1] 192.1.3.209 #1: X509: Certificate rejected for this connection "x509"[1] 192.1.3.209 #1: X509: CERT payload bogus or revoked | Peer ID failed to decode | complete v1 state transition with INVALID_ID_INFORMATION | [RE]START processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in complete_v1_state_transition() at ikev1.c:2673) | #1 is idle "x509"[1] 192.1.3.209 #1: sending encrypted notification INVALID_ID_INFORMATION to 192.1.3.209:500 | **emit ISAKMP Message: | initiator cookie: | 3d 90 5f e6 ea 1c 2d 0d | responder cookie: | 78 5b 8a ad 9d ad d9 c8 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_INFO (0x5) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 1341237604 (0x4ff1a964) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'notification msg' | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload | emitting length of ISAKMP Hash Payload: 36 | ***emit ISAKMP Notification Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | DOI: ISAKMP_DOI_IPSEC (0x1) | protocol ID: 1 (0x1) | SPI size: 0 (0x0) | Notify Message Type: INVALID_ID_INFORMATION (0x12) | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Notification Payload (11:ISAKMP_NEXT_N) | next payload chain: saving location 'ISAKMP Notification Payload'.'next payload type' in 'notification msg' | emitting length of ISAKMP Notification Payload: 12 | send notification HASH(1): | 50 4a f3 56 72 7e 9a 7b e1 8a ee 31 8b 18 ef ae | f4 aa 43 09 c9 47 bc c4 6e 4e d0 e1 8c 7a a3 79 | no IKEv1 message padding required | emitting length of ISAKMP Message: 76 | sending 76 bytes for notification packet through eth1 from 192.1.2.23:500 to 192.1.3.209:500 (using #1) | 3d 90 5f e6 ea 1c 2d 0d 78 5b 8a ad 9d ad d9 c8 | 08 10 05 01 4f f1 a9 64 00 00 00 4c 97 56 35 d5 | 18 58 cd 45 74 de 49 e9 05 91 4c a7 ac 66 d5 80 | a0 23 ac f3 1b c7 02 0a 41 89 e2 56 e4 67 7c cb | 9a ba eb b9 f7 23 dd 73 87 7e 03 dd | state transition function for STATE_MAIN_R2 failed: INVALID_ID_INFORMATION | #1 spent 0.878 milliseconds in process_packet_tail() | updated IKE fragment state to respond using fragments without waiting for re-transmits | stop processing: from 192.1.3.209:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 1.03 milliseconds in comm_handle_cb() reading and processing packet | timer_event_cb: processing event@0x55cbbf0c0588 | handling event EVENT_RETRANSMIT for parent state #1 | start processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in timer_event_cb() at timer.c:250) | IKEv1 retransmit event | [RE]START processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in retransmit_v1_msg() at retry.c:61) | handling event EVENT_RETRANSMIT for 192.1.3.209 "x509"[1] 192.1.3.209 #1 keying attempt 0 of 0; retransmit 6 | retransmits: current time 29809.736836; retransmit count 5 exceeds limit? NO; deltatime 16 exceeds limit? NO; monotime 16.018985 exceeds limit? NO | event_schedule: new EVENT_RETRANSMIT-pe@0x55cbbf086b48 | inserting event EVENT_RETRANSMIT, timeout in 16 seconds for #1 | libevent_malloc: new ptr-libevent@0x55cbbf0acc38 size 128 "x509"[1] 192.1.3.209 #1: STATE_MAIN_R2: retransmission; will wait 16 seconds for response | sending 396 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.3.209:500 (using #1) | 3d 90 5f e6 ea 1c 2d 0d 78 5b 8a ad 9d ad d9 c8 | 04 10 02 00 00 00 00 00 00 00 01 8c 0a 00 01 04 | e4 9e 42 73 5f 64 2c ec 1c 59 96 77 51 19 e9 11 | d6 3c f6 95 e0 90 73 be c7 9c b1 69 a1 da 59 7f | 21 5d 2e f2 bb 96 ad 2c 73 3f 3f 18 69 90 d3 5c | d8 5b a7 fe 91 6c 31 02 f1 3c a0 33 18 17 9c ee | 82 b0 f3 69 b4 b9 aa 5f 32 36 dd 1d fc 10 c4 2b | fc 41 a3 d3 d3 32 74 43 c2 dd d6 b4 c2 cd 17 4f | 39 42 11 44 59 96 92 57 39 98 66 8e cc b4 65 6e | 21 05 07 e2 53 0f da fb f6 99 12 85 da 28 c5 cc | 04 00 9f 26 ab ea 7e f8 12 7f 5a 47 27 59 51 ca | 6c 70 5d 1c 4b 23 78 28 9f 46 c5 67 80 50 dd a6 | c7 b9 41 a5 e0 6b 9a a8 54 e1 3f 06 b3 89 69 92 | 38 06 a4 0e c5 5d 9a 96 56 cb 1e ae 71 b2 c5 b3 | 9c 3a 68 83 dd 59 d7 e6 e2 19 07 32 e4 4e 2a 08 | 8a cb 75 7f 1f c9 04 5b 74 a0 0c 86 0e ac da d5 | a6 fd 3a 65 b1 40 78 79 b5 18 dc ff e8 33 8c 18 | 5e 10 66 42 ae 76 ca 56 06 23 92 57 22 bd 89 07 | 14 00 00 24 61 d2 ab cb 6b 72 31 1d 23 b9 4b 59 | a1 6f eb b2 34 4e 10 31 15 80 1d d5 48 6c 3c 19 | 12 15 72 3c 14 00 00 24 bd a7 19 a2 7b 82 68 66 | 6f 2a 20 8d 68 24 79 75 df 46 68 4b 09 66 a5 f6 | 14 9d c9 42 18 fd 58 03 00 00 00 24 91 5c f7 92 | e0 5e 3d 47 f2 48 e6 75 9d d2 8d bd ac b7 63 bc | 4c cf 2f 12 e1 7c f1 8e a6 46 1c 25 | libevent_free: release ptr-libevent@0x55cbbf0d5c58 | free_event_entry: release EVENT_RETRANSMIT-pe@0x55cbbf0c0588 | #1 spent 0.191 milliseconds in timer_event_cb() EVENT_RETRANSMIT | stop processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in timer_event_cb() at timer.c:557) | spent 0.00223 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 532 bytes from 192.1.3.209:500 on eth1 (192.1.2.23:500) | 3d 90 5f e6 ea 1c 2d 0d 78 5b 8a ad 9d ad d9 c8 | 84 10 02 00 00 00 00 00 00 00 02 14 00 00 01 f8 | 00 01 01 00 3d 90 5f e6 ea 1c 2d 0d 78 5b 8a ad | 9d ad d9 c8 05 10 02 01 00 00 00 00 00 00 08 4c | 93 d7 2c b5 ed f7 b9 6c da f0 8f 70 09 e4 81 3b | dc 07 29 f4 0b d6 d0 c0 a1 4b 7f 38 ee 71 a5 51 | af aa d2 6c 52 af 4a a1 03 85 90 e5 bd a2 b3 bc | cf 4c 4f df b5 c9 d7 9a ff 04 14 67 ff a8 20 e9 | 66 49 8d 03 00 a7 8d cd 9e b3 92 ec 9f eb ac f0 | 84 94 1f 5b 63 72 d3 8a 51 2d f8 4f ad 9a be f3 | ce cf 05 b6 c7 e5 74 97 22 2b 9d 67 05 4e 0a 63 | 49 88 f2 09 8b a4 33 6a 10 41 3c 14 43 1c a1 ac | b1 bd 13 37 ff b3 2a 97 7f 5f a5 86 e2 63 e7 72 | 14 0d f0 3d 53 06 ee 4b e8 4b 77 31 90 24 f0 fe | 09 57 a8 40 26 f6 0f f9 ac eb 68 80 97 eb e9 91 | 99 c7 83 a9 89 df 72 71 88 07 24 00 d4 b9 7b a3 | 4a 79 e3 c7 1b a8 fb d4 ae b5 9f e7 80 72 d8 2e | 4e 87 aa f4 a3 a3 20 40 88 e9 4b 8e 9f 96 af f2 | 17 3e 67 8c 16 a3 ea 05 27 11 9f 3f 17 3c 31 04 | 03 79 af 9f 9e a1 66 c1 be f0 9c 46 8b 60 2b 26 | b3 17 c8 f0 33 d0 18 d0 da 41 5f d7 85 f1 a9 93 | 4b 8f 29 f2 c8 be 04 42 b9 31 56 b2 f0 c2 0f 32 | 95 a7 23 53 26 bb 34 74 ca 72 a1 fb 2b 37 a4 17 | 6c 4a f9 c8 50 e4 2c 7b 58 51 b6 1e 10 c2 31 af | 47 5e 05 bf 33 8f 60 60 7e 71 29 0c ee 8b cf 0c | 2e 8c 2d 48 b7 f7 ac 58 38 7e 2c 62 b0 e9 0a 82 | 91 be 8c 18 88 23 11 d8 87 d4 ef 1c e9 eb 88 41 | 13 9f 0c 0c fc d6 a3 44 d9 e2 0b 07 a1 b3 6a be | 9f 2a 25 be b3 cb 71 09 04 43 85 ac a4 a8 8f 42 | 11 57 59 a0 19 e9 18 4a a7 82 5d f1 97 03 0c 4a | 02 57 61 59 92 98 a3 ad 0e d5 83 ad 0a 67 d1 0f | 76 d7 3f 12 78 ea 9d d0 51 70 98 ab e5 4b fc 98 | f2 a6 98 cb ce 9c fc 7b c6 4a 73 4d d5 0a 90 4e | 40 5e 47 54 | start processing: from 192.1.3.209:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 3d 90 5f e6 ea 1c 2d 0d | responder cookie: | 78 5b 8a ad 9d ad d9 c8 | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 532 (0x214) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) | start processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_v1_packet() at ikev1.c:1459) | ***parse ISAKMP IKE Fragment Payload: | length: 504 (0x1f8) | fragment id: 1 (0x1) | fragment number: 1 (0x1) | flags: 0 (0x0) | received IKE fragment id '1', number '1' | stop processing: from 192.1.3.209:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.0983 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00104 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 532 bytes from 192.1.3.209:500 on eth1 (192.1.2.23:500) | 3d 90 5f e6 ea 1c 2d 0d 78 5b 8a ad 9d ad d9 c8 | 84 10 02 00 00 00 00 00 00 00 02 14 00 00 01 f8 | 00 01 02 00 4b d9 5c 57 31 fe 7a e4 66 7a e3 44 | 00 96 a6 04 c1 e9 22 2d 22 a3 36 35 cd 54 2e f4 | 19 e9 01 2e cf 3c 03 b8 c5 eb 5d 3f 7c b2 14 76 | 5d 1c 93 a8 22 f0 b6 2a 64 92 c3 ac 85 a6 07 26 | 39 b8 7e d6 a7 3b 38 62 48 6b 6d 28 33 9b 14 6f | d8 9a de 65 3a f1 a9 44 71 85 ba e8 bc 69 27 8c | 9f 77 fc 75 8e e3 f9 b1 52 e6 27 82 9d 61 e2 16 | ea 6b 5b 4b 62 ca ec 48 f7 4e 8d ff e2 76 d2 c1 | 1a 3f db 61 ad 80 16 17 70 3f cf 7a d5 c5 da d3 | cd 67 40 55 99 8a e4 c6 f4 50 14 17 cc 82 27 6c | bd 62 54 07 83 5e ee ac 4b ad 38 ed 87 14 e3 59 | 5e d0 e7 75 a8 46 29 2e 75 9b 3f d0 d6 8b 48 52 | 7b 20 83 38 fb fa 3a 3c ab 31 f6 a1 cd d8 9d 3d | 18 92 f0 5c 24 a5 fb 20 a3 90 5b 1d 31 be a0 5f | 1f ee 95 0a d6 1a 42 9b ec 49 03 6e bc ff c8 58 | 49 ca 9e 26 4c d6 ce be 5f d4 e3 e5 c8 3b 25 a8 | f2 34 fb 2e a9 0d 61 4a d1 8c 2f a7 48 d6 c0 12 | dd f3 87 c3 b3 52 83 39 d3 9f 9e 17 2a fb 44 84 | cc 59 54 7f 15 4a bd dd d5 00 7d 4e d5 dc d4 5c | 2f 1b 20 4e 0f 22 4a e1 af a2 0e cd 50 7c 34 c6 | c8 2f 9d c3 f8 5d 71 d1 e8 b4 82 6b cb 72 b7 e5 | 07 6f d6 e1 dd 82 c1 06 d6 62 f4 78 f7 8d d3 97 | 4e ca 02 d4 f8 d6 68 65 fd c4 4b a1 96 52 c7 44 | 60 0d 7e d8 4a b9 26 ef 31 41 e1 d8 d3 44 66 c7 | 12 79 af 20 a2 72 c4 22 75 74 48 5e e1 3b 23 91 | 2c a6 f4 83 80 36 76 81 ca 47 d1 e8 4a c8 f4 9e | e3 83 2e 7c f8 c3 d5 66 12 b6 36 65 ea e2 7f 05 | 05 20 28 08 4f 7e fd 0d 83 a0 55 1b 3d dc dc 7f | e8 4a 87 44 64 9c e5 4d 23 94 60 3c c1 ed 3a 7f | 28 e2 a8 7e 09 92 93 b1 f4 5e e8 a1 21 99 88 ee | b5 3a 3c 91 63 bf b7 f4 cd 86 e0 53 50 88 19 1d | a6 ec 1d 6c | start processing: from 192.1.3.209:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 3d 90 5f e6 ea 1c 2d 0d | responder cookie: | 78 5b 8a ad 9d ad d9 c8 | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 532 (0x214) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) | start processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_v1_packet() at ikev1.c:1459) | ***parse ISAKMP IKE Fragment Payload: | length: 504 (0x1f8) | fragment id: 1 (0x1) | fragment number: 2 (0x2) | flags: 0 (0x0) | received IKE fragment id '1', number '2' | stop processing: from 192.1.3.209:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.0755 milliseconds in comm_handle_cb() reading and processing packet | spent 0.000961 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 532 bytes from 192.1.3.209:500 on eth1 (192.1.2.23:500) | 3d 90 5f e6 ea 1c 2d 0d 78 5b 8a ad 9d ad d9 c8 | 84 10 02 00 00 00 00 00 00 00 02 14 00 00 01 f8 | 00 01 03 00 f3 3e e2 63 75 83 32 2d cb 32 90 3f | da 14 f9 c1 b9 80 ee e4 94 0f 55 a0 67 21 1e 6f | 17 c3 f7 55 94 2e 62 8a 7d 56 3a d6 0a 78 75 63 | e2 72 a1 a3 81 e3 8a 47 0d ba c8 60 24 33 ca 34 | 35 99 b1 4b 38 9f 88 32 50 bb eb ac 08 de 98 c9 | 9d e1 61 be 7d 17 7e f3 5a 01 e8 2d c4 e2 60 80 | 0d 1a ae 9c 31 39 73 90 9f 5e cb 21 72 10 d2 d0 | 0d 45 eb 92 bd 69 9c 33 f7 6f 7d 57 34 5e 12 f4 | 28 73 a9 f3 29 a8 b6 4a 85 ed f6 1b f1 ee 9f 57 | 22 78 e0 e2 62 48 df 64 97 8c 1a d7 e4 3e 15 b0 | 26 bb 94 6c 4a 58 34 74 81 00 07 60 11 48 4a f4 | fc 06 ad e5 d3 0f 8c 22 f7 a1 a2 81 53 f7 c9 36 | b6 d9 47 d5 9e 82 4d eb bd 34 a4 c0 d3 00 e1 e2 | 04 7a 4f 2e be 38 01 a0 d8 fa ef 6d fd dc 95 95 | 6e 6e 13 de bb 8c 69 9d 34 a0 dc b9 04 65 90 e2 | 12 45 ac 01 72 30 a0 39 1f 87 5e 58 e0 5f b4 de | eb 97 a8 66 2a 8c fb 17 9a fc 15 b3 9c 86 e0 65 | fd 56 d5 7d 3c db 7d b3 b1 b0 6f 36 48 77 de fd | 83 14 17 aa 2a 20 1e c5 ae c2 6d ca 33 1f 87 a6 | 7b ba 25 79 5e d1 ce 22 24 40 54 f4 76 46 42 36 | 4a 65 9b 4b b8 ad a7 ab a9 91 7b 37 f1 aa 04 42 | 15 1e 65 44 ed 1d 4d b9 10 ab d9 58 bc 86 49 6e | 68 00 6a 4b fb 07 f9 99 1b 3e 3e db 0d 65 b5 09 | bf 86 66 65 41 fa b4 c8 0e da 65 4c cd c4 ec c1 | c8 18 d2 98 b7 9c 8f e2 ba 90 62 95 6f d1 49 8d | b0 9f b6 fe 5a 62 d7 d6 18 ac d9 a5 02 69 d0 0a | eb 35 20 e2 29 4d df d8 f9 3e 63 11 97 d3 84 cb | b5 0e 52 a3 84 23 0e 54 e0 f9 c6 af 67 29 3a d1 | 5c 5e 44 b2 ce 37 76 23 84 a7 93 b1 14 5d 85 37 | db 03 39 fb d1 2a 29 12 81 69 cd 6e ae 93 29 b2 | 4d 04 f6 93 7e 0b 38 d0 4e ca 1b 12 e7 5a bf 09 | f7 dd 4f 73 | start processing: from 192.1.3.209:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 3d 90 5f e6 ea 1c 2d 0d | responder cookie: | 78 5b 8a ad 9d ad d9 c8 | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 532 (0x214) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) | start processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_v1_packet() at ikev1.c:1459) | ***parse ISAKMP IKE Fragment Payload: | length: 504 (0x1f8) | fragment id: 1 (0x1) | fragment number: 3 (0x3) | flags: 0 (0x0) | received IKE fragment id '1', number '3' | stop processing: from 192.1.3.209:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.0735 milliseconds in comm_handle_cb() reading and processing packet | spent 0.000945 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 532 bytes from 192.1.3.209:500 on eth1 (192.1.2.23:500) | 3d 90 5f e6 ea 1c 2d 0d 78 5b 8a ad 9d ad d9 c8 | 84 10 02 00 00 00 00 00 00 00 02 14 00 00 01 f8 | 00 01 04 00 8d 68 2d 0a 59 e7 10 ac 06 ba 11 3f | a0 23 3b d8 02 e3 16 e6 24 f4 d8 24 47 52 2f 19 | 6d 72 2a 3d 24 28 d3 26 a6 34 f5 18 be 52 18 20 | 7a b2 c2 01 3d 19 c3 14 f5 76 8c 03 85 35 ce cd | de e1 89 dd b2 5d 87 6e 27 1f 84 91 bb d7 67 0a | ae 93 10 04 41 65 5c 7f 74 3a 23 34 6a ec 19 f1 | 15 76 c9 20 58 59 fe cc ba d1 7e cb 0c 9a 25 20 | 59 c2 2b a1 34 44 17 c7 8c bf 75 b0 15 0b 8e 9b | 49 32 15 2f 33 d9 61 20 87 a9 c5 84 16 a0 2f 65 | 1f 6c d1 aa 14 65 75 56 a0 b2 9d c2 bf 5e bf f5 | 55 bf 21 11 07 6c f1 80 de e5 2b 49 b1 be 62 92 | a5 33 6c f1 bc cc e3 39 a9 63 89 36 99 e2 b1 a9 | e9 17 85 20 2a 6b ff 5b c0 4a 0d 4b 57 9d 4e 82 | 12 0f c3 3b ee 20 05 3f 64 fa fb 20 bb 80 d7 be | ac 22 5c 4c 2f 56 34 b2 86 64 c1 f2 02 fe b5 be | 5b 27 57 4f 59 d9 29 3b 2c ac ab 8b 1e 58 37 66 | f2 0f 2f 20 39 e9 87 83 63 e4 df 93 db e8 80 1c | de 8d 78 b9 e3 b3 bd d3 20 13 6e f8 86 58 fa 30 | 28 5d 14 85 ba 8a 7c fb 10 82 69 93 8e 27 b7 09 | 29 fd 10 eb 55 7d b8 9b d3 e2 9d c7 d4 b0 e3 b5 | 37 88 a0 e1 49 13 ac df 9b dd f3 43 6f 16 3f d7 | 4c 27 04 9b a4 c8 34 c8 6d ca 3b 73 1b 3c 69 21 | 4f d9 f6 e6 8b 4c c3 6c fd 3c 15 3e 2e b4 c7 43 | ca c2 5e 45 04 91 50 5b b6 3e 70 90 56 68 43 c5 | 3d 08 1e d7 fd 75 97 15 fe 79 3d 4f 3f 6b 47 0a | 93 55 03 94 4b 94 76 83 71 87 b7 0e d9 d6 1f f4 | ba 40 e4 c2 f6 61 58 9f 2e 9e f2 0b b8 ae e1 ab | 04 16 bb 2a c6 fe c3 cf 5a 25 46 82 18 a4 b9 c5 | 9c 1e da 1c af c4 ef e1 86 1a d1 ff bc 41 e3 68 | ca e4 9f 5f 04 1f 8b db 9e bb 7c 3b 3a 8a 37 ed | 3f 1b c9 76 ea 91 87 43 ad b2 0f d6 f1 d4 90 22 | 5c ff b3 2b | start processing: from 192.1.3.209:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 3d 90 5f e6 ea 1c 2d 0d | responder cookie: | 78 5b 8a ad 9d ad d9 c8 | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 532 (0x214) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) | start processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_v1_packet() at ikev1.c:1459) | ***parse ISAKMP IKE Fragment Payload: | length: 504 (0x1f8) | fragment id: 1 (0x1) | fragment number: 4 (0x4) | flags: 0 (0x0) | received IKE fragment id '1', number '4' | stop processing: from 192.1.3.209:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.0729 milliseconds in comm_handle_cb() reading and processing packet | spent 0.000938 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 176 bytes from 192.1.3.209:500 on eth1 (192.1.2.23:500) | 3d 90 5f e6 ea 1c 2d 0d 78 5b 8a ad 9d ad d9 c8 | 84 10 02 00 00 00 00 00 00 00 00 b0 00 00 00 94 | 00 01 05 01 a7 9f 82 a4 86 23 a2 0a 50 2b ba f9 | 25 2d 89 ef ef 97 f3 55 8f 53 c4 41 e9 f7 4c d4 | 8f da 4f b4 b2 53 82 96 0f 1e 9f d8 18 b8 45 e0 | a9 23 ca 6c 01 17 c2 fe db 87 29 6e c6 dc 5f 27 | 9c 0d 2d fd ea 4d 72 f9 7f 58 dd eb 6e 0b 1b 1f | 72 b5 2f ea bd 06 42 d2 01 f1 09 42 54 1b 1b 2d | 97 49 55 11 94 ae 6a b6 78 e6 9c 85 a0 33 39 83 | 33 7b f4 68 41 22 14 c5 ed af 56 f4 db 57 b7 65 | a8 31 77 01 d4 e1 8e aa 92 82 d7 19 7e 47 3a 8d | start processing: from 192.1.3.209:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 3d 90 5f e6 ea 1c 2d 0d | responder cookie: | 78 5b 8a ad 9d ad d9 c8 | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 176 (0xb0) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) | start processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_v1_packet() at ikev1.c:1459) | ***parse ISAKMP IKE Fragment Payload: | length: 148 (0x94) | fragment id: 1 (0x1) | fragment number: 5 (0x5) | flags: 1 (0x1) | received IKE fragment id '1', number '5'(last) | **parse ISAKMP Message: | initiator cookie: | 3d 90 5f e6 ea 1c 2d 0d | responder cookie: | 78 5b 8a ad 9d ad d9 c8 | next payload type: ISAKMP_NEXT_ID (0x5) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 0 (0x0) | length: 2124 (0x84c) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) | [RE]START processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_v1_packet() at ikev1.c:1459) | #1 is idle | #1 idle | received encrypted packet from 192.1.3.209:500 | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x220 opt: 0x20c0 | ***parse ISAKMP Identification Payload: | next payload type: ISAKMP_NEXT_CERT (0x6) | length: 197 (0xc5) | ID type: ID_DER_ASN1_DN (0x9) | DOI specific A: 0 (0x0) | DOI specific B: 0 (0x0) | obj: 30 81 ba 31 0b 30 09 06 03 55 04 06 13 02 43 41 | obj: 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 | obj: 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 | obj: 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c | obj: 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 | obj: 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 | obj: 6e 74 31 26 30 24 06 03 55 04 03 0c 1d 6b 65 79 | obj: 34 30 39 36 2e 74 65 73 74 69 6e 67 2e 6c 69 62 | obj: 72 65 73 77 61 6e 2e 6f 72 67 31 31 30 2f 06 09 | obj: 2a 86 48 86 f7 0d 01 09 01 16 22 75 73 65 72 2d | obj: 6b 65 79 34 30 39 36 40 74 65 73 74 69 6e 67 2e | obj: 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 | got payload 0x40 (ISAKMP_NEXT_CERT) needed: 0x200 opt: 0x20c0 | ***parse ISAKMP Certificate Payload: | next payload type: ISAKMP_NEXT_CR (0x7) | length: 1366 (0x556) | cert encoding: CERT_X509_SIGNATURE (0x4) | got payload 0x80 (ISAKMP_NEXT_CR) needed: 0x200 opt: 0x20c0 | ***parse ISAKMP Certificate RequestPayload: | next payload type: ISAKMP_NEXT_SIG (0x9) | length: 5 (0x5) | cert type: CERT_X509_SIGNATURE (0x4) | got payload 0x200 (ISAKMP_NEXT_SIG) needed: 0x200 opt: 0x20c0 | ***parse ISAKMP Signature Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 516 (0x204) | removing 12 bytes of padding | message 'main_inI3_outR3' HASH payload not checked early | DER ASN1 DN: 30 81 ba 31 0b 30 09 06 03 55 04 06 13 02 43 41 | DER ASN1 DN: 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 | DER ASN1 DN: 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 | DER ASN1 DN: 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c | DER ASN1 DN: 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 | DER ASN1 DN: 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 | DER ASN1 DN: 6e 74 31 26 30 24 06 03 55 04 03 0c 1d 6b 65 79 | DER ASN1 DN: 34 30 39 36 2e 74 65 73 74 69 6e 67 2e 6c 69 62 | DER ASN1 DN: 72 65 73 77 61 6e 2e 6f 72 67 31 31 30 2f 06 09 | DER ASN1 DN: 2a 86 48 86 f7 0d 01 09 01 16 22 75 73 65 72 2d | DER ASN1 DN: 6b 65 79 34 30 39 36 40 74 65 73 74 69 6e 67 2e | DER ASN1 DN: 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 "x509"[1] 192.1.3.209 #1: Peer ID is ID_DER_ASN1_DN: 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=key4096.testing.libreswan.org, E=user-key4096@testing.libreswan.org' | global one-shot timer EVENT_FREE_ROOT_CERTS scheduled in 300 seconds | #1 spent 0.0032 milliseconds in find_and_verify_certs() calling get_root_certs() | checking for known CERT payloads | saving certificate of type 'X509_SIGNATURE' | decoded cert: E=user-key4096@testing.libreswan.org,CN=key4096.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA | #1 spent 0.233 milliseconds in find_and_verify_certs() calling decode_cert_payloads() | cert_issuer_has_current_crl: looking for a CRL issued by E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA | #1 spent 0.0282 milliseconds in find_and_verify_certs() calling crl_update_check() | missing or expired CRL | crl_strict: 0, ocsp: 0, ocsp_strict: 0, ocsp_post: 0 | verify_end_cert trying profile IPsec "x509"[1] 192.1.3.209 #1: Certificate E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA failed IPsec verification "x509"[1] 192.1.3.209 #1: ERROR: The certificate was signed using a signature algorithm that is disabled because it is not secure. | #1 spent 0.326 milliseconds in find_and_verify_certs() calling verify_end_cert() "x509"[1] 192.1.3.209 #1: X509: Certificate rejected for this connection "x509"[1] 192.1.3.209 #1: X509: CERT payload bogus or revoked | Peer ID failed to decode | complete v1 state transition with INVALID_ID_INFORMATION | [RE]START processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in complete_v1_state_transition() at ikev1.c:2673) | #1 is idle "x509"[1] 192.1.3.209 #1: sending encrypted notification INVALID_ID_INFORMATION to 192.1.3.209:500 | **emit ISAKMP Message: | initiator cookie: | 3d 90 5f e6 ea 1c 2d 0d | responder cookie: | 78 5b 8a ad 9d ad d9 c8 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_INFO (0x5) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 1888216509 (0x708be5bd) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'notification msg' | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload | emitting length of ISAKMP Hash Payload: 36 | ***emit ISAKMP Notification Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | DOI: ISAKMP_DOI_IPSEC (0x1) | protocol ID: 1 (0x1) | SPI size: 0 (0x0) | Notify Message Type: INVALID_ID_INFORMATION (0x12) | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Notification Payload (11:ISAKMP_NEXT_N) | next payload chain: saving location 'ISAKMP Notification Payload'.'next payload type' in 'notification msg' | emitting length of ISAKMP Notification Payload: 12 | send notification HASH(1): | 66 b0 a9 14 8f 90 79 81 35 88 b8 70 93 45 16 be | ac b7 30 31 7a c1 bc d0 00 20 b5 f1 58 91 90 29 | no IKEv1 message padding required | emitting length of ISAKMP Message: 76 | sending 76 bytes for notification packet through eth1 from 192.1.2.23:500 to 192.1.3.209:500 (using #1) | 3d 90 5f e6 ea 1c 2d 0d 78 5b 8a ad 9d ad d9 c8 | 08 10 05 01 70 8b e5 bd 00 00 00 4c b8 aa 61 6e | 0b 75 5a e2 ae e7 4b d8 a7 e2 ff 0a 0b 93 82 5c | 50 94 77 f3 03 d8 c5 3f 62 b3 e8 2c 45 e7 5e 4f | e3 e7 03 20 20 fc 64 28 78 79 9c 86 | state transition function for STATE_MAIN_R2 failed: INVALID_ID_INFORMATION | #1 spent 0.788 milliseconds in process_packet_tail() | updated IKE fragment state to respond using fragments without waiting for re-transmits | stop processing: from 192.1.3.209:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.932 milliseconds in comm_handle_cb() reading and processing packet | processing global timer EVENT_SHUNT_SCAN | expiring aged bare shunts from shunt table | spent 0.00441 milliseconds in global timer EVENT_SHUNT_SCAN | processing global timer EVENT_NAT_T_KEEPALIVE | FOR_EACH_STATE_... in nat_traversal_ka_event (for_each_state) | start processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in for_each_state() at state.c:1575) | not behind NAT: no NAT-T KEEP-ALIVE required for conn x509 | stop processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in for_each_state() at state.c:1577) | spent 0.0156 milliseconds in global timer EVENT_NAT_T_KEEPALIVE | timer_event_cb: processing event@0x55cbbf086b48 | handling event EVENT_RETRANSMIT for parent state #1 | start processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in timer_event_cb() at timer.c:250) | IKEv1 retransmit event | [RE]START processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in retransmit_v1_msg() at retry.c:61) | handling event EVENT_RETRANSMIT for 192.1.3.209 "x509"[1] 192.1.3.209 #1 keying attempt 0 of 0; retransmit 7 | retransmits: current time 29825.749824; retransmit count 6 exceeds limit? NO; deltatime 32 exceeds limit? NO; monotime 32.031973 exceeds limit? NO | event_schedule: new EVENT_RETRANSMIT-pe@0x55cbbf0cb6a8 | inserting event EVENT_RETRANSMIT, timeout in 32 seconds for #1 | libevent_malloc: new ptr-libevent@0x55cbbf0d5c58 size 128 "x509"[1] 192.1.3.209 #1: STATE_MAIN_R2: retransmission; will wait 32 seconds for response | sending 396 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.3.209:500 (using #1) | 3d 90 5f e6 ea 1c 2d 0d 78 5b 8a ad 9d ad d9 c8 | 04 10 02 00 00 00 00 00 00 00 01 8c 0a 00 01 04 | e4 9e 42 73 5f 64 2c ec 1c 59 96 77 51 19 e9 11 | d6 3c f6 95 e0 90 73 be c7 9c b1 69 a1 da 59 7f | 21 5d 2e f2 bb 96 ad 2c 73 3f 3f 18 69 90 d3 5c | d8 5b a7 fe 91 6c 31 02 f1 3c a0 33 18 17 9c ee | 82 b0 f3 69 b4 b9 aa 5f 32 36 dd 1d fc 10 c4 2b | fc 41 a3 d3 d3 32 74 43 c2 dd d6 b4 c2 cd 17 4f | 39 42 11 44 59 96 92 57 39 98 66 8e cc b4 65 6e | 21 05 07 e2 53 0f da fb f6 99 12 85 da 28 c5 cc | 04 00 9f 26 ab ea 7e f8 12 7f 5a 47 27 59 51 ca | 6c 70 5d 1c 4b 23 78 28 9f 46 c5 67 80 50 dd a6 | c7 b9 41 a5 e0 6b 9a a8 54 e1 3f 06 b3 89 69 92 | 38 06 a4 0e c5 5d 9a 96 56 cb 1e ae 71 b2 c5 b3 | 9c 3a 68 83 dd 59 d7 e6 e2 19 07 32 e4 4e 2a 08 | 8a cb 75 7f 1f c9 04 5b 74 a0 0c 86 0e ac da d5 | a6 fd 3a 65 b1 40 78 79 b5 18 dc ff e8 33 8c 18 | 5e 10 66 42 ae 76 ca 56 06 23 92 57 22 bd 89 07 | 14 00 00 24 61 d2 ab cb 6b 72 31 1d 23 b9 4b 59 | a1 6f eb b2 34 4e 10 31 15 80 1d d5 48 6c 3c 19 | 12 15 72 3c 14 00 00 24 bd a7 19 a2 7b 82 68 66 | 6f 2a 20 8d 68 24 79 75 df 46 68 4b 09 66 a5 f6 | 14 9d c9 42 18 fd 58 03 00 00 00 24 91 5c f7 92 | e0 5e 3d 47 f2 48 e6 75 9d d2 8d bd ac b7 63 bc | 4c cf 2f 12 e1 7c f1 8e a6 46 1c 25 | libevent_free: release ptr-libevent@0x55cbbf0acc38 | free_event_entry: release EVENT_RETRANSMIT-pe@0x55cbbf086b48 | #1 spent 0.547 milliseconds in timer_event_cb() EVENT_RETRANSMIT | stop processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in timer_event_cb() at timer.c:557) | spent 0.00196 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 532 bytes from 192.1.3.209:500 on eth1 (192.1.2.23:500) | 3d 90 5f e6 ea 1c 2d 0d 78 5b 8a ad 9d ad d9 c8 | 84 10 02 00 00 00 00 00 00 00 02 14 00 00 01 f8 | 00 01 01 00 3d 90 5f e6 ea 1c 2d 0d 78 5b 8a ad | 9d ad d9 c8 05 10 02 01 00 00 00 00 00 00 08 4c | 93 d7 2c b5 ed f7 b9 6c da f0 8f 70 09 e4 81 3b | dc 07 29 f4 0b d6 d0 c0 a1 4b 7f 38 ee 71 a5 51 | af aa d2 6c 52 af 4a a1 03 85 90 e5 bd a2 b3 bc | cf 4c 4f df b5 c9 d7 9a ff 04 14 67 ff a8 20 e9 | 66 49 8d 03 00 a7 8d cd 9e b3 92 ec 9f eb ac f0 | 84 94 1f 5b 63 72 d3 8a 51 2d f8 4f ad 9a be f3 | ce cf 05 b6 c7 e5 74 97 22 2b 9d 67 05 4e 0a 63 | 49 88 f2 09 8b a4 33 6a 10 41 3c 14 43 1c a1 ac | b1 bd 13 37 ff b3 2a 97 7f 5f a5 86 e2 63 e7 72 | 14 0d f0 3d 53 06 ee 4b e8 4b 77 31 90 24 f0 fe | 09 57 a8 40 26 f6 0f f9 ac eb 68 80 97 eb e9 91 | 99 c7 83 a9 89 df 72 71 88 07 24 00 d4 b9 7b a3 | 4a 79 e3 c7 1b a8 fb d4 ae b5 9f e7 80 72 d8 2e | 4e 87 aa f4 a3 a3 20 40 88 e9 4b 8e 9f 96 af f2 | 17 3e 67 8c 16 a3 ea 05 27 11 9f 3f 17 3c 31 04 | 03 79 af 9f 9e a1 66 c1 be f0 9c 46 8b 60 2b 26 | b3 17 c8 f0 33 d0 18 d0 da 41 5f d7 85 f1 a9 93 | 4b 8f 29 f2 c8 be 04 42 b9 31 56 b2 f0 c2 0f 32 | 95 a7 23 53 26 bb 34 74 ca 72 a1 fb 2b 37 a4 17 | 6c 4a f9 c8 50 e4 2c 7b 58 51 b6 1e 10 c2 31 af | 47 5e 05 bf 33 8f 60 60 7e 71 29 0c ee 8b cf 0c | 2e 8c 2d 48 b7 f7 ac 58 38 7e 2c 62 b0 e9 0a 82 | 91 be 8c 18 88 23 11 d8 87 d4 ef 1c e9 eb 88 41 | 13 9f 0c 0c fc d6 a3 44 d9 e2 0b 07 a1 b3 6a be | 9f 2a 25 be b3 cb 71 09 04 43 85 ac a4 a8 8f 42 | 11 57 59 a0 19 e9 18 4a a7 82 5d f1 97 03 0c 4a | 02 57 61 59 92 98 a3 ad 0e d5 83 ad 0a 67 d1 0f | 76 d7 3f 12 78 ea 9d d0 51 70 98 ab e5 4b fc 98 | f2 a6 98 cb ce 9c fc 7b c6 4a 73 4d d5 0a 90 4e | 40 5e 47 54 | start processing: from 192.1.3.209:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 3d 90 5f e6 ea 1c 2d 0d | responder cookie: | 78 5b 8a ad 9d ad d9 c8 | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 532 (0x214) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) | start processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_v1_packet() at ikev1.c:1459) | ***parse ISAKMP IKE Fragment Payload: | length: 504 (0x1f8) | fragment id: 1 (0x1) | fragment number: 1 (0x1) | flags: 0 (0x0) | received IKE fragment id '1', number '1' | stop processing: from 192.1.3.209:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.131 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00139 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 532 bytes from 192.1.3.209:500 on eth1 (192.1.2.23:500) | 3d 90 5f e6 ea 1c 2d 0d 78 5b 8a ad 9d ad d9 c8 | 84 10 02 00 00 00 00 00 00 00 02 14 00 00 01 f8 | 00 01 02 00 4b d9 5c 57 31 fe 7a e4 66 7a e3 44 | 00 96 a6 04 c1 e9 22 2d 22 a3 36 35 cd 54 2e f4 | 19 e9 01 2e cf 3c 03 b8 c5 eb 5d 3f 7c b2 14 76 | 5d 1c 93 a8 22 f0 b6 2a 64 92 c3 ac 85 a6 07 26 | 39 b8 7e d6 a7 3b 38 62 48 6b 6d 28 33 9b 14 6f | d8 9a de 65 3a f1 a9 44 71 85 ba e8 bc 69 27 8c | 9f 77 fc 75 8e e3 f9 b1 52 e6 27 82 9d 61 e2 16 | ea 6b 5b 4b 62 ca ec 48 f7 4e 8d ff e2 76 d2 c1 | 1a 3f db 61 ad 80 16 17 70 3f cf 7a d5 c5 da d3 | cd 67 40 55 99 8a e4 c6 f4 50 14 17 cc 82 27 6c | bd 62 54 07 83 5e ee ac 4b ad 38 ed 87 14 e3 59 | 5e d0 e7 75 a8 46 29 2e 75 9b 3f d0 d6 8b 48 52 | 7b 20 83 38 fb fa 3a 3c ab 31 f6 a1 cd d8 9d 3d | 18 92 f0 5c 24 a5 fb 20 a3 90 5b 1d 31 be a0 5f | 1f ee 95 0a d6 1a 42 9b ec 49 03 6e bc ff c8 58 | 49 ca 9e 26 4c d6 ce be 5f d4 e3 e5 c8 3b 25 a8 | f2 34 fb 2e a9 0d 61 4a d1 8c 2f a7 48 d6 c0 12 | dd f3 87 c3 b3 52 83 39 d3 9f 9e 17 2a fb 44 84 | cc 59 54 7f 15 4a bd dd d5 00 7d 4e d5 dc d4 5c | 2f 1b 20 4e 0f 22 4a e1 af a2 0e cd 50 7c 34 c6 | c8 2f 9d c3 f8 5d 71 d1 e8 b4 82 6b cb 72 b7 e5 | 07 6f d6 e1 dd 82 c1 06 d6 62 f4 78 f7 8d d3 97 | 4e ca 02 d4 f8 d6 68 65 fd c4 4b a1 96 52 c7 44 | 60 0d 7e d8 4a b9 26 ef 31 41 e1 d8 d3 44 66 c7 | 12 79 af 20 a2 72 c4 22 75 74 48 5e e1 3b 23 91 | 2c a6 f4 83 80 36 76 81 ca 47 d1 e8 4a c8 f4 9e | e3 83 2e 7c f8 c3 d5 66 12 b6 36 65 ea e2 7f 05 | 05 20 28 08 4f 7e fd 0d 83 a0 55 1b 3d dc dc 7f | e8 4a 87 44 64 9c e5 4d 23 94 60 3c c1 ed 3a 7f | 28 e2 a8 7e 09 92 93 b1 f4 5e e8 a1 21 99 88 ee | b5 3a 3c 91 63 bf b7 f4 cd 86 e0 53 50 88 19 1d | a6 ec 1d 6c | start processing: from 192.1.3.209:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 3d 90 5f e6 ea 1c 2d 0d | responder cookie: | 78 5b 8a ad 9d ad d9 c8 | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 532 (0x214) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) | start processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_v1_packet() at ikev1.c:1459) | ***parse ISAKMP IKE Fragment Payload: | length: 504 (0x1f8) | fragment id: 1 (0x1) | fragment number: 2 (0x2) | flags: 0 (0x0) | received IKE fragment id '1', number '2' | stop processing: from 192.1.3.209:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.124 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00148 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 532 bytes from 192.1.3.209:500 on eth1 (192.1.2.23:500) | 3d 90 5f e6 ea 1c 2d 0d 78 5b 8a ad 9d ad d9 c8 | 84 10 02 00 00 00 00 00 00 00 02 14 00 00 01 f8 | 00 01 03 00 f3 3e e2 63 75 83 32 2d cb 32 90 3f | da 14 f9 c1 b9 80 ee e4 94 0f 55 a0 67 21 1e 6f | 17 c3 f7 55 94 2e 62 8a 7d 56 3a d6 0a 78 75 63 | e2 72 a1 a3 81 e3 8a 47 0d ba c8 60 24 33 ca 34 | 35 99 b1 4b 38 9f 88 32 50 bb eb ac 08 de 98 c9 | 9d e1 61 be 7d 17 7e f3 5a 01 e8 2d c4 e2 60 80 | 0d 1a ae 9c 31 39 73 90 9f 5e cb 21 72 10 d2 d0 | 0d 45 eb 92 bd 69 9c 33 f7 6f 7d 57 34 5e 12 f4 | 28 73 a9 f3 29 a8 b6 4a 85 ed f6 1b f1 ee 9f 57 | 22 78 e0 e2 62 48 df 64 97 8c 1a d7 e4 3e 15 b0 | 26 bb 94 6c 4a 58 34 74 81 00 07 60 11 48 4a f4 | fc 06 ad e5 d3 0f 8c 22 f7 a1 a2 81 53 f7 c9 36 | b6 d9 47 d5 9e 82 4d eb bd 34 a4 c0 d3 00 e1 e2 | 04 7a 4f 2e be 38 01 a0 d8 fa ef 6d fd dc 95 95 | 6e 6e 13 de bb 8c 69 9d 34 a0 dc b9 04 65 90 e2 | 12 45 ac 01 72 30 a0 39 1f 87 5e 58 e0 5f b4 de | eb 97 a8 66 2a 8c fb 17 9a fc 15 b3 9c 86 e0 65 | fd 56 d5 7d 3c db 7d b3 b1 b0 6f 36 48 77 de fd | 83 14 17 aa 2a 20 1e c5 ae c2 6d ca 33 1f 87 a6 | 7b ba 25 79 5e d1 ce 22 24 40 54 f4 76 46 42 36 | 4a 65 9b 4b b8 ad a7 ab a9 91 7b 37 f1 aa 04 42 | 15 1e 65 44 ed 1d 4d b9 10 ab d9 58 bc 86 49 6e | 68 00 6a 4b fb 07 f9 99 1b 3e 3e db 0d 65 b5 09 | bf 86 66 65 41 fa b4 c8 0e da 65 4c cd c4 ec c1 | c8 18 d2 98 b7 9c 8f e2 ba 90 62 95 6f d1 49 8d | b0 9f b6 fe 5a 62 d7 d6 18 ac d9 a5 02 69 d0 0a | eb 35 20 e2 29 4d df d8 f9 3e 63 11 97 d3 84 cb | b5 0e 52 a3 84 23 0e 54 e0 f9 c6 af 67 29 3a d1 | 5c 5e 44 b2 ce 37 76 23 84 a7 93 b1 14 5d 85 37 | db 03 39 fb d1 2a 29 12 81 69 cd 6e ae 93 29 b2 | 4d 04 f6 93 7e 0b 38 d0 4e ca 1b 12 e7 5a bf 09 | f7 dd 4f 73 | start processing: from 192.1.3.209:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 3d 90 5f e6 ea 1c 2d 0d | responder cookie: | 78 5b 8a ad 9d ad d9 c8 | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 532 (0x214) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) | start processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_v1_packet() at ikev1.c:1459) | ***parse ISAKMP IKE Fragment Payload: | length: 504 (0x1f8) | fragment id: 1 (0x1) | fragment number: 3 (0x3) | flags: 0 (0x0) | received IKE fragment id '1', number '3' | stop processing: from 192.1.3.209:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.125 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00159 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 532 bytes from 192.1.3.209:500 on eth1 (192.1.2.23:500) | 3d 90 5f e6 ea 1c 2d 0d 78 5b 8a ad 9d ad d9 c8 | 84 10 02 00 00 00 00 00 00 00 02 14 00 00 01 f8 | 00 01 04 00 8d 68 2d 0a 59 e7 10 ac 06 ba 11 3f | a0 23 3b d8 02 e3 16 e6 24 f4 d8 24 47 52 2f 19 | 6d 72 2a 3d 24 28 d3 26 a6 34 f5 18 be 52 18 20 | 7a b2 c2 01 3d 19 c3 14 f5 76 8c 03 85 35 ce cd | de e1 89 dd b2 5d 87 6e 27 1f 84 91 bb d7 67 0a | ae 93 10 04 41 65 5c 7f 74 3a 23 34 6a ec 19 f1 | 15 76 c9 20 58 59 fe cc ba d1 7e cb 0c 9a 25 20 | 59 c2 2b a1 34 44 17 c7 8c bf 75 b0 15 0b 8e 9b | 49 32 15 2f 33 d9 61 20 87 a9 c5 84 16 a0 2f 65 | 1f 6c d1 aa 14 65 75 56 a0 b2 9d c2 bf 5e bf f5 | 55 bf 21 11 07 6c f1 80 de e5 2b 49 b1 be 62 92 | a5 33 6c f1 bc cc e3 39 a9 63 89 36 99 e2 b1 a9 | e9 17 85 20 2a 6b ff 5b c0 4a 0d 4b 57 9d 4e 82 | 12 0f c3 3b ee 20 05 3f 64 fa fb 20 bb 80 d7 be | ac 22 5c 4c 2f 56 34 b2 86 64 c1 f2 02 fe b5 be | 5b 27 57 4f 59 d9 29 3b 2c ac ab 8b 1e 58 37 66 | f2 0f 2f 20 39 e9 87 83 63 e4 df 93 db e8 80 1c | de 8d 78 b9 e3 b3 bd d3 20 13 6e f8 86 58 fa 30 | 28 5d 14 85 ba 8a 7c fb 10 82 69 93 8e 27 b7 09 | 29 fd 10 eb 55 7d b8 9b d3 e2 9d c7 d4 b0 e3 b5 | 37 88 a0 e1 49 13 ac df 9b dd f3 43 6f 16 3f d7 | 4c 27 04 9b a4 c8 34 c8 6d ca 3b 73 1b 3c 69 21 | 4f d9 f6 e6 8b 4c c3 6c fd 3c 15 3e 2e b4 c7 43 | ca c2 5e 45 04 91 50 5b b6 3e 70 90 56 68 43 c5 | 3d 08 1e d7 fd 75 97 15 fe 79 3d 4f 3f 6b 47 0a | 93 55 03 94 4b 94 76 83 71 87 b7 0e d9 d6 1f f4 | ba 40 e4 c2 f6 61 58 9f 2e 9e f2 0b b8 ae e1 ab | 04 16 bb 2a c6 fe c3 cf 5a 25 46 82 18 a4 b9 c5 | 9c 1e da 1c af c4 ef e1 86 1a d1 ff bc 41 e3 68 | ca e4 9f 5f 04 1f 8b db 9e bb 7c 3b 3a 8a 37 ed | 3f 1b c9 76 ea 91 87 43 ad b2 0f d6 f1 d4 90 22 | 5c ff b3 2b | start processing: from 192.1.3.209:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 3d 90 5f e6 ea 1c 2d 0d | responder cookie: | 78 5b 8a ad 9d ad d9 c8 | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 532 (0x214) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) | start processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_v1_packet() at ikev1.c:1459) | ***parse ISAKMP IKE Fragment Payload: | length: 504 (0x1f8) | fragment id: 1 (0x1) | fragment number: 4 (0x4) | flags: 0 (0x0) | received IKE fragment id '1', number '4' | stop processing: from 192.1.3.209:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.119 milliseconds in comm_handle_cb() reading and processing packet | spent 0.0014 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 176 bytes from 192.1.3.209:500 on eth1 (192.1.2.23:500) | 3d 90 5f e6 ea 1c 2d 0d 78 5b 8a ad 9d ad d9 c8 | 84 10 02 00 00 00 00 00 00 00 00 b0 00 00 00 94 | 00 01 05 01 a7 9f 82 a4 86 23 a2 0a 50 2b ba f9 | 25 2d 89 ef ef 97 f3 55 8f 53 c4 41 e9 f7 4c d4 | 8f da 4f b4 b2 53 82 96 0f 1e 9f d8 18 b8 45 e0 | a9 23 ca 6c 01 17 c2 fe db 87 29 6e c6 dc 5f 27 | 9c 0d 2d fd ea 4d 72 f9 7f 58 dd eb 6e 0b 1b 1f | 72 b5 2f ea bd 06 42 d2 01 f1 09 42 54 1b 1b 2d | 97 49 55 11 94 ae 6a b6 78 e6 9c 85 a0 33 39 83 | 33 7b f4 68 41 22 14 c5 ed af 56 f4 db 57 b7 65 | a8 31 77 01 d4 e1 8e aa 92 82 d7 19 7e 47 3a 8d | start processing: from 192.1.3.209:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 3d 90 5f e6 ea 1c 2d 0d | responder cookie: | 78 5b 8a ad 9d ad d9 c8 | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 176 (0xb0) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) | start processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_v1_packet() at ikev1.c:1459) | ***parse ISAKMP IKE Fragment Payload: | length: 148 (0x94) | fragment id: 1 (0x1) | fragment number: 5 (0x5) | flags: 1 (0x1) | received IKE fragment id '1', number '5'(last) | **parse ISAKMP Message: | initiator cookie: | 3d 90 5f e6 ea 1c 2d 0d | responder cookie: | 78 5b 8a ad 9d ad d9 c8 | next payload type: ISAKMP_NEXT_ID (0x5) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 0 (0x0) | length: 2124 (0x84c) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) | [RE]START processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_v1_packet() at ikev1.c:1459) | #1 is idle | #1 idle | received encrypted packet from 192.1.3.209:500 | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x220 opt: 0x20c0 | ***parse ISAKMP Identification Payload: | next payload type: ISAKMP_NEXT_CERT (0x6) | length: 197 (0xc5) | ID type: ID_DER_ASN1_DN (0x9) | DOI specific A: 0 (0x0) | DOI specific B: 0 (0x0) | obj: 30 81 ba 31 0b 30 09 06 03 55 04 06 13 02 43 41 | obj: 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 | obj: 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 | obj: 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c | obj: 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 | obj: 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 | obj: 6e 74 31 26 30 24 06 03 55 04 03 0c 1d 6b 65 79 | obj: 34 30 39 36 2e 74 65 73 74 69 6e 67 2e 6c 69 62 | obj: 72 65 73 77 61 6e 2e 6f 72 67 31 31 30 2f 06 09 | obj: 2a 86 48 86 f7 0d 01 09 01 16 22 75 73 65 72 2d | obj: 6b 65 79 34 30 39 36 40 74 65 73 74 69 6e 67 2e | obj: 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 | got payload 0x40 (ISAKMP_NEXT_CERT) needed: 0x200 opt: 0x20c0 | ***parse ISAKMP Certificate Payload: | next payload type: ISAKMP_NEXT_CR (0x7) | length: 1366 (0x556) | cert encoding: CERT_X509_SIGNATURE (0x4) | got payload 0x80 (ISAKMP_NEXT_CR) needed: 0x200 opt: 0x20c0 | ***parse ISAKMP Certificate RequestPayload: | next payload type: ISAKMP_NEXT_SIG (0x9) | length: 5 (0x5) | cert type: CERT_X509_SIGNATURE (0x4) | got payload 0x200 (ISAKMP_NEXT_SIG) needed: 0x200 opt: 0x20c0 | ***parse ISAKMP Signature Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 516 (0x204) | removing 12 bytes of padding | message 'main_inI3_outR3' HASH payload not checked early | DER ASN1 DN: 30 81 ba 31 0b 30 09 06 03 55 04 06 13 02 43 41 | DER ASN1 DN: 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 | DER ASN1 DN: 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 | DER ASN1 DN: 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c | DER ASN1 DN: 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 | DER ASN1 DN: 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 | DER ASN1 DN: 6e 74 31 26 30 24 06 03 55 04 03 0c 1d 6b 65 79 | DER ASN1 DN: 34 30 39 36 2e 74 65 73 74 69 6e 67 2e 6c 69 62 | DER ASN1 DN: 72 65 73 77 61 6e 2e 6f 72 67 31 31 30 2f 06 09 | DER ASN1 DN: 2a 86 48 86 f7 0d 01 09 01 16 22 75 73 65 72 2d | DER ASN1 DN: 6b 65 79 34 30 39 36 40 74 65 73 74 69 6e 67 2e | DER ASN1 DN: 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 "x509"[1] 192.1.3.209 #1: Peer ID is ID_DER_ASN1_DN: 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=key4096.testing.libreswan.org, E=user-key4096@testing.libreswan.org' | global one-shot timer EVENT_FREE_ROOT_CERTS scheduled in 300 seconds | #1 spent 0.00462 milliseconds in find_and_verify_certs() calling get_root_certs() | checking for known CERT payloads | saving certificate of type 'X509_SIGNATURE' | decoded cert: E=user-key4096@testing.libreswan.org,CN=key4096.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA | #1 spent 0.295 milliseconds in find_and_verify_certs() calling decode_cert_payloads() | cert_issuer_has_current_crl: looking for a CRL issued by E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA | #1 spent 0.0445 milliseconds in find_and_verify_certs() calling crl_update_check() | missing or expired CRL | crl_strict: 0, ocsp: 0, ocsp_strict: 0, ocsp_post: 0 | verify_end_cert trying profile IPsec "x509"[1] 192.1.3.209 #1: Certificate E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA failed IPsec verification "x509"[1] 192.1.3.209 #1: ERROR: The certificate was signed using a signature algorithm that is disabled because it is not secure. | #1 spent 0.399 milliseconds in find_and_verify_certs() calling verify_end_cert() "x509"[1] 192.1.3.209 #1: X509: Certificate rejected for this connection "x509"[1] 192.1.3.209 #1: X509: CERT payload bogus or revoked | Peer ID failed to decode | complete v1 state transition with INVALID_ID_INFORMATION | [RE]START processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in complete_v1_state_transition() at ikev1.c:2673) | #1 is idle "x509"[1] 192.1.3.209 #1: sending encrypted notification INVALID_ID_INFORMATION to 192.1.3.209:500 | **emit ISAKMP Message: | initiator cookie: | 3d 90 5f e6 ea 1c 2d 0d | responder cookie: | 78 5b 8a ad 9d ad d9 c8 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_INFO (0x5) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 3573893621 (0xd50549f5) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'notification msg' | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload | emitting length of ISAKMP Hash Payload: 36 | ***emit ISAKMP Notification Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | DOI: ISAKMP_DOI_IPSEC (0x1) | protocol ID: 1 (0x1) | SPI size: 0 (0x0) | Notify Message Type: INVALID_ID_INFORMATION (0x12) | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Notification Payload (11:ISAKMP_NEXT_N) | next payload chain: saving location 'ISAKMP Notification Payload'.'next payload type' in 'notification msg' | emitting length of ISAKMP Notification Payload: 12 | send notification HASH(1): | 37 5d 66 9d 7f a9 15 ec fc d2 94 62 66 9a 40 62 | 68 e4 8c dd ee 05 b2 5b af a0 37 9c 4d b0 2e 2e | no IKEv1 message padding required | emitting length of ISAKMP Message: 76 | sending 76 bytes for notification packet through eth1 from 192.1.2.23:500 to 192.1.3.209:500 (using #1) | 3d 90 5f e6 ea 1c 2d 0d 78 5b 8a ad 9d ad d9 c8 | 08 10 05 01 d5 05 49 f5 00 00 00 4c 67 e3 96 9e | 11 35 11 8c f0 ff 2e 42 3c db 65 f7 22 ea 62 24 | fe a9 92 92 1d f0 e8 c6 5d 9f d7 ae 54 0c e8 39 | 74 c6 54 0e 08 9e 9c 6c 79 b6 f5 b9 | state transition function for STATE_MAIN_R2 failed: INVALID_ID_INFORMATION | #1 spent 1.04 milliseconds in process_packet_tail() | updated IKE fragment state to respond using fragments without waiting for re-transmits | stop processing: from 192.1.3.209:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 1.25 milliseconds in comm_handle_cb() reading and processing packet | processing global timer EVENT_SHUNT_SCAN | expiring aged bare shunts from shunt table | spent 0.00437 milliseconds in global timer EVENT_SHUNT_SCAN | processing global timer EVENT_PENDING_DDNS | FOR_EACH_CONNECTION_... in connection_check_ddns | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations | elapsed time in connection_check_ddns for hostname lookup 0.000018 | spent 0.0366 milliseconds in global timer EVENT_PENDING_DDNS | processing global timer EVENT_SHUNT_SCAN | expiring aged bare shunts from shunt table | spent 0.00756 milliseconds in global timer EVENT_SHUNT_SCAN | spent 0.00402 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 792 bytes from 192.1.3.209:500 on eth1 (192.1.2.23:500) | cc e6 e3 34 68 61 ad 2f 00 00 00 00 00 00 00 00 | 01 10 02 00 00 00 00 00 00 00 03 18 0d 00 02 84 | 00 00 00 01 00 00 00 01 00 00 02 78 00 01 00 12 | 03 00 00 24 00 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 07 80 02 00 04 80 03 00 03 80 04 00 0e | 80 0e 01 00 03 00 00 24 01 01 00 00 80 0b 00 01 | 80 0c 0e 10 80 01 00 07 80 02 00 04 80 03 00 03 | 80 04 00 0e 80 0e 00 80 03 00 00 24 02 01 00 00 | 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 06 | 80 03 00 03 80 04 00 0e 80 0e 01 00 03 00 00 24 | 03 01 00 00 80 0b 00 01 80 0c 0e 10 80 01 00 07 | 80 02 00 06 80 03 00 03 80 04 00 0e 80 0e 00 80 | 03 00 00 24 04 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 07 80 02 00 02 80 03 00 03 80 04 00 0e | 80 0e 01 00 03 00 00 24 05 01 00 00 80 0b 00 01 | 80 0c 0e 10 80 01 00 07 80 02 00 02 80 03 00 03 | 80 04 00 0e 80 0e 00 80 03 00 00 24 06 01 00 00 | 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 04 | 80 03 00 03 80 04 00 05 80 0e 01 00 03 00 00 24 | 07 01 00 00 80 0b 00 01 80 0c 0e 10 80 01 00 07 | 80 02 00 04 80 03 00 03 80 04 00 05 80 0e 00 80 | 03 00 00 24 08 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 07 80 02 00 06 80 03 00 03 80 04 00 05 | 80 0e 01 00 03 00 00 24 09 01 00 00 80 0b 00 01 | 80 0c 0e 10 80 01 00 07 80 02 00 06 80 03 00 03 | 80 04 00 05 80 0e 00 80 03 00 00 24 0a 01 00 00 | 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 02 | 80 03 00 03 80 04 00 05 80 0e 01 00 03 00 00 24 | 0b 01 00 00 80 0b 00 01 80 0c 0e 10 80 01 00 07 | 80 02 00 02 80 03 00 03 80 04 00 05 80 0e 00 80 | 03 00 00 20 0c 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 05 80 02 00 04 80 03 00 03 80 04 00 0e | 03 00 00 20 0d 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 05 80 02 00 06 80 03 00 03 80 04 00 0e | 03 00 00 20 0e 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 05 80 02 00 02 80 03 00 03 80 04 00 0e | 03 00 00 20 0f 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 05 80 02 00 04 80 03 00 03 80 04 00 05 | 03 00 00 20 10 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 05 80 02 00 06 80 03 00 03 80 04 00 05 | 00 00 00 20 11 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 05 80 02 00 02 80 03 00 03 80 04 00 05 | 0d 00 00 14 40 48 b7 d5 6e bc e8 85 25 e7 de 7f | 00 d6 c2 d3 0d 00 00 14 af ca d7 13 68 a1 f1 c9 | 6b 86 96 fc 77 57 01 00 0d 00 00 14 4a 13 1c 81 | 07 03 58 45 5c 57 28 f2 0e 95 45 2f 0d 00 00 14 | 7d 94 19 a6 53 10 ca 6f 2c 17 9d 92 15 52 9d 56 | 0d 00 00 14 90 cb 80 91 3e bb 69 6e 08 63 81 b5 | ec 42 7b 1f 00 00 00 14 cd 60 46 43 35 df 21 f8 | 7c fd b2 fc 68 b6 a4 48 | start processing: from 192.1.3.209:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | cc e6 e3 34 68 61 ad 2f | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_SA (0x1) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 792 (0x318) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: IKEv1 state not found (find_state_ikev1_init) | #null state always idle | got payload 0x2 (ISAKMP_NEXT_SA) needed: 0x2 opt: 0x2080 | ***parse ISAKMP Security Association Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | length: 644 (0x284) | DOI: ISAKMP_DOI_IPSEC (0x1) | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 | ***parse ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | length: 20 (0x14) | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 | ***parse ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | length: 20 (0x14) | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 | ***parse ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | length: 20 (0x14) | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 | ***parse ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | length: 20 (0x14) | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 | ***parse ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | length: 20 (0x14) | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 | ***parse ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 20 (0x14) | message 'main_inI1_outR1' HASH payload not checked early | received Vendor ID payload [FRAGMENTATION] | received Vendor ID payload [Dead Peer Detection] | quirks.qnat_traversal_vid set to=117 [RFC 3947] | received Vendor ID payload [RFC 3947] | Ignoring older NAT-T Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] | ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] | Ignoring older NAT-T Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] | ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] | Ignoring older NAT-T Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] | ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] | in statetime_start() with no state | find_host_connection local=192.1.2.23:500 remote=192.1.3.209:500 policy=IKEV1_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 192.1.3.209:500 but ignoring ports | find_next_host_connection policy=IKEV1_ALLOW | found policy = RSASIG+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (x509) | find_next_host_connection returns x509[1] 192.1.3.209 | find_next_host_connection policy=IKEV1_ALLOW | find_next_host_connection returns empty | creating state object #2 at 0x55cbbf0c75e8 | State DB: adding IKEv1 state #2 in UNDEFINED | pstats #2 ikev1.isakmp started | #2 updating local interface from to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2669) | start processing: state #2 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in main_inI1_outR1() at ikev1_main.c:667) | parent state #2: UNDEFINED(ignore) => MAIN_R0(half-open IKE SA) | sender checking NAT-T: enabled; VID 117 | returning NAT-T method NAT_TRAVERSAL_METHOD_IETF_RFC | enabling possible NAT-traversal with method RFC 3947 (NAT-Traversal) "x509"[1] 192.1.3.209 #2: responding to Main Mode from unknown peer 192.1.3.209 on port 500 | ICOOKIE-DUMP: cc e6 e3 34 68 61 ad 2f | **emit ISAKMP Message: | initiator cookie: | cc e6 e3 34 68 61 ad 2f | responder cookie: | 29 e0 5c fa 85 8b d0 7a | next payload type: ISAKMP_NEXT_SA (0x1) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | next payload chain: ignoring supplied 'ISAKMP Message'.'next payload type' value 1:ISAKMP_NEXT_SA | ***emit ISAKMP Security Association Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | DOI: ISAKMP_DOI_IPSEC (0x1) | next payload chain: ignoring supplied 'ISAKMP Security Association Payload'.'next payload type' value 13:ISAKMP_NEXT_VID | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Security Association Payload (1:ISAKMP_NEXT_SA) | next payload chain: saving location 'ISAKMP Security Association Payload'.'next payload type' in 'reply packet' | ****parse IPsec DOI SIT: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) | ****parse ISAKMP Proposal Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 632 (0x278) | proposal number: 0 (0x0) | protocol ID: PROTO_ISAKMP (0x1) | SPI size: 0 (0x0) | number of transforms: 18 (0x12) | *****parse ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | length: 36 (0x24) | ISAKMP transform number: 0 (0x0) | ISAKMP transform ID: KEY_IKE (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | [7 is OAKLEY_AES_CBC] | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 4 (0x4) | [4 is OAKLEY_SHA2_256] | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 3 (0x3) | [3 is OAKLEY_RSA_SIG] | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | OAKLEY proposal verified unconditionally; no alg_info to check against | Oakley Transform 0 accepted | ****emit IPsec DOI SIT: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) | ****emit ISAKMP Proposal Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | proposal number: 0 (0x0) | protocol ID: PROTO_ISAKMP (0x1) | SPI size: 0 (0x0) | number of transforms: 1 (0x1) | last substructure: saving location 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP transform number: 0 (0x0) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | emitting 28 raw bytes of attributes into ISAKMP Transform Payload (ISAKMP) | attributes 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 04 | attributes 80 03 00 03 80 04 00 0e 80 0e 01 00 | emitting length of ISAKMP Transform Payload (ISAKMP): 36 | emitting length of ISAKMP Proposal Payload: 44 | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is 0 | emitting length of ISAKMP Security Association Payload: 56 | last substructure: checking 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' is 0 | out_vid(): sending [FRAGMENTATION] | ***emit ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | next payload chain: ignoring supplied 'ISAKMP Vendor ID Payload'.'next payload type' value 13:ISAKMP_NEXT_VID | next payload chain: setting previous 'ISAKMP Security Association Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload | V_ID 40 48 b7 d5 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3 | emitting length of ISAKMP Vendor ID Payload: 20 | out_vid(): sending [Dead Peer Detection] | ***emit ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload | V_ID af ca d7 13 68 a1 f1 c9 6b 86 96 fc 77 57 01 00 | emitting length of ISAKMP Vendor ID Payload: 20 | out_vid(): sending [RFC 3947] | ***emit ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload | V_ID 4a 13 1c 81 07 03 58 45 5c 57 28 f2 0e 95 45 2f | emitting length of ISAKMP Vendor ID Payload: 20 | no IKEv1 message padding required | emitting length of ISAKMP Message: 144 | complete v1 state transition with STF_OK | [RE]START processing: state #2 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in complete_v1_state_transition() at ikev1.c:2673) | #2 is idle | doing_xauth:no, t_xauth_client_done:no | peer supports fragmentation | peer supports DPD | IKEv1: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 | parent state #2: MAIN_R0(half-open IKE SA) => MAIN_R1(open IKE SA) | event_already_set, deleting event | sending reply packet to 192.1.3.209:500 (from 192.1.2.23:500) | sending 144 bytes for STATE_MAIN_R0 through eth1 from 192.1.2.23:500 to 192.1.3.209:500 (using #2) | cc e6 e3 34 68 61 ad 2f 29 e0 5c fa 85 8b d0 7a | 01 10 02 00 00 00 00 00 00 00 00 90 0d 00 00 38 | 00 00 00 01 00 00 00 01 00 00 00 2c 00 01 00 01 | 00 00 00 24 00 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 07 80 02 00 04 80 03 00 03 80 04 00 0e | 80 0e 01 00 0d 00 00 14 40 48 b7 d5 6e bc e8 85 | 25 e7 de 7f 00 d6 c2 d3 0d 00 00 14 af ca d7 13 | 68 a1 f1 c9 6b 86 96 fc 77 57 01 00 00 00 00 14 | 4a 13 1c 81 07 03 58 45 5c 57 28 f2 0e 95 45 2f | !event_already_set at reschedule | event_schedule: new EVENT_SO_DISCARD-pe@0x55cbbf0d12f8 | inserting event EVENT_SO_DISCARD, timeout in 60 seconds for #2 | libevent_malloc: new ptr-libevent@0x55cbbf0acc38 size 128 "x509"[1] 192.1.3.209 #2: STATE_MAIN_R1: sent MR1, expecting MI2 | modecfg pull: noquirk policy:push not-client | phase 1 is done, looking for phase 2 to unpend | stop processing: from 192.1.3.209:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #2 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.65 milliseconds in comm_handle_cb() reading and processing packet | timer_event_cb: processing event@0x55cbbf0cb6a8 | handling event EVENT_RETRANSMIT for parent state #1 | start processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in timer_event_cb() at timer.c:250) | IKEv1 retransmit event | [RE]START processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in retransmit_v1_msg() at retry.c:61) | handling event EVENT_RETRANSMIT for 192.1.3.209 "x509"[1] 192.1.3.209 #1 keying attempt 0 of 0; retransmit 8 | retransmits: current time 29857.757239; retransmit count 7 exceeds limit? NO; deltatime 64 exceeds limit? YES; monotime 64.039388 exceeds limit? YES "x509"[1] 192.1.3.209 #1: STATE_MAIN_R2: 60 second timeout exceeded after 7 retransmits. No response (or no acceptable response) to our IKEv1 message | [RE]START processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in retransmit_v1_msg() at retry.c:124) | pstats #1 ikev1.isakmp failed too-many-retransmits | pstats #1 ikev1.isakmp deleted too-many-retransmits | [RE]START processing: state #1 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in delete_state() at state.c:879) "x509"[1] 192.1.3.209 #1: deleting state (STATE_MAIN_R2) aged 64.042s and NOT sending notification | parent state #1: MAIN_R2(open IKE SA) => delete | State DB: IKEv1 state not found (flush_incomplete_children) | in connection_discard for connection x509 | connection is instance | not in pending use | State DB: found state #2 in MAIN_R1 (connection_discard) | states still using this connection instance, retaining | State DB: deleting IKEv1 state #1 in MAIN_R2 | parent state #1: MAIN_R2(open IKE SA) => UNDEFINED(ignore) | stop processing: state #1 from 192.1.3.209:500 (in delete_state() at state.c:1143) | libevent_free: release ptr-libevent@0x55cbbf0d5c58 | free_event_entry: release EVENT_RETRANSMIT-pe@0x55cbbf0cb6a8 | in statetime_stop() and could not find #1 | processing: STOP state #0 (in timer_event_cb() at timer.c:557) | spent 0.00247 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 396 bytes from 192.1.3.209:500 on eth1 (192.1.2.23:500) | cc e6 e3 34 68 61 ad 2f 29 e0 5c fa 85 8b d0 7a | 04 10 02 00 00 00 00 00 00 00 01 8c 0a 00 01 04 | c0 d1 be 33 a1 00 bc f0 6e 9a f5 58 c3 91 df 18 | 4c 19 7a 2a e4 72 3b f0 dd 96 cd 50 85 33 05 05 | 3c 28 06 d5 3e 8d 02 0f df 39 6e eb f0 3a 6f 06 | a8 58 23 87 d9 ab 91 4b 7b 1f bd 14 ee 70 57 1b | 6b ea 87 bd d7 b8 6c 3a 24 f2 f3 04 d7 b8 7a bb | 70 ac c8 5d ec 20 49 42 0d f0 5f 2d 9f d9 c1 2d | 1a 8a 72 24 10 d2 1a 7c 0c 33 ed 24 3a 5f a5 98 | 5e 25 93 59 4a 47 49 93 23 db 87 67 02 94 9c 27 | 62 47 4c 66 7f 2a 4a dd df 09 4a 31 da 5f 0f 70 | 62 11 b9 3c 49 96 a1 95 7a 8c 02 1e 0e 0e e1 af | a5 44 26 54 92 35 93 ea 85 e4 10 00 b1 12 fc 40 | 07 48 1f 7c 9b ae a8 5b 10 b3 90 84 c7 0a e6 48 | 0c 49 4e 6c 51 7b a5 8d 36 3f b1 9e 78 bd 69 42 | 5b d8 25 1a 2c 01 4d f6 ed 28 b2 2e 45 47 eb 56 | 81 a5 9a 8f ce f5 ca d2 35 af ae 3e e2 a9 9f e1 | b3 9a 73 31 47 2b ec 16 ae a1 cb 99 cd 4a 28 7a | 14 00 00 24 1e 6a ab 6e 3c cf 4b 7f 6a 66 c4 5d | 6d 6b 0a 5f a6 7a ad db 41 20 8b 71 b1 c1 13 d7 | e0 44 e4 20 14 00 00 24 c7 11 5e b3 a4 bb 27 dc | 97 2d 4e 8f d8 68 b3 08 80 36 44 6e 2a 4d 5a e3 | cc 6a 55 d4 ce 9f bb 5b 00 00 00 24 14 04 f7 fb | b1 82 f8 03 67 39 90 26 32 5f 1c bb 63 1c 9f 51 | a3 c4 75 1e 47 b1 51 31 06 c0 43 fd | start processing: from 192.1.3.209:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | cc e6 e3 34 68 61 ad 2f | responder cookie: | 29 e0 5c fa 85 8b d0 7a | next payload type: ISAKMP_NEXT_KE (0x4) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 396 (0x18c) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #2 in MAIN_R1 (find_state_ikev1) | start processing: state #2 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_v1_packet() at ikev1.c:1459) | #2 is idle | #2 idle | got payload 0x10 (ISAKMP_NEXT_KE) needed: 0x410 opt: 0x102080 | ***parse ISAKMP Key Exchange Payload: | next payload type: ISAKMP_NEXT_NONCE (0xa) | length: 260 (0x104) | got payload 0x400 (ISAKMP_NEXT_NONCE) needed: 0x400 opt: 0x102080 | ***parse ISAKMP Nonce Payload: | next payload type: ISAKMP_NEXT_NATD_RFC (0x14) | length: 36 (0x24) | got payload 0x100000 (ISAKMP_NEXT_NATD_RFC) needed: 0x0 opt: 0x102080 | ***parse ISAKMP NAT-D Payload: | next payload type: ISAKMP_NEXT_NATD_RFC (0x14) | length: 36 (0x24) | got payload 0x100000 (ISAKMP_NEXT_NATD_RFC) needed: 0x0 opt: 0x102080 | ***parse ISAKMP NAT-D Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 36 (0x24) | message 'main_inI2_outR2' HASH payload not checked early | init checking NAT-T: enabled; RFC 3947 (NAT-Traversal) | natd_hash: hasher=0x55cbbebebca0(32) | natd_hash: icookie= cc e6 e3 34 68 61 ad 2f | natd_hash: rcookie= 29 e0 5c fa 85 8b d0 7a | natd_hash: ip= c0 01 02 17 | natd_hash: port=500 | natd_hash: hash= c7 11 5e b3 a4 bb 27 dc 97 2d 4e 8f d8 68 b3 08 | natd_hash: hash= 80 36 44 6e 2a 4d 5a e3 cc 6a 55 d4 ce 9f bb 5b | natd_hash: hasher=0x55cbbebebca0(32) | natd_hash: icookie= cc e6 e3 34 68 61 ad 2f | natd_hash: rcookie= 29 e0 5c fa 85 8b d0 7a | natd_hash: ip= c0 01 03 d1 | natd_hash: port=500 | natd_hash: hash= 14 04 f7 fb b1 82 f8 03 67 39 90 26 32 5f 1c bb | natd_hash: hash= 63 1c 9f 51 a3 c4 75 1e 47 b1 51 31 06 c0 43 fd | expected NAT-D(me): c7 11 5e b3 a4 bb 27 dc 97 2d 4e 8f d8 68 b3 08 | expected NAT-D(me): 80 36 44 6e 2a 4d 5a e3 cc 6a 55 d4 ce 9f bb 5b | expected NAT-D(him): | 14 04 f7 fb b1 82 f8 03 67 39 90 26 32 5f 1c bb | 63 1c 9f 51 a3 c4 75 1e 47 b1 51 31 06 c0 43 fd | received NAT-D: c7 11 5e b3 a4 bb 27 dc 97 2d 4e 8f d8 68 b3 08 | received NAT-D: 80 36 44 6e 2a 4d 5a e3 cc 6a 55 d4 ce 9f bb 5b | received NAT-D: 14 04 f7 fb b1 82 f8 03 67 39 90 26 32 5f 1c bb | received NAT-D: 63 1c 9f 51 a3 c4 75 1e 47 b1 51 31 06 c0 43 fd | NAT_TRAVERSAL encaps using auto-detect | NAT_TRAVERSAL this end is NOT behind NAT | NAT_TRAVERSAL that end is NOT behind NAT | NAT_TRAVERSAL nat-keepalive enabled 192.1.3.209 | NAT-Traversal: Result using RFC 3947 (NAT-Traversal) sender port 500: no NAT detected | NAT_T_WITH_KA detected | global one-shot timer EVENT_NAT_T_KEEPALIVE scheduled in 20 seconds | adding inI2_outR2 KE work-order 3 for state #2 | state #2 requesting EVENT_SO_DISCARD to be deleted | libevent_free: release ptr-libevent@0x55cbbf0acc38 | free_event_entry: release EVENT_SO_DISCARD-pe@0x55cbbf0d12f8 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55cbbf0d12f8 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #2 | libevent_malloc: new ptr-libevent@0x7f6fa4003878 size 128 | complete v1 state transition with STF_SUSPEND | [RE]START processing: state #2 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in complete_v1_state_transition() at ikev1.c:2648) | suspending state #2 and saving MD | crypto helper 0 resuming | #2 is busy; has a suspended MD | crypto helper 0 starting work-order 3 for state #2 | #2 spent 0.128 milliseconds in process_packet_tail() | stop processing: from 192.1.3.209:500 (BACKGROUND) (in process_md() at demux.c:380) | crypto helper 0 doing build KE and nonce (inI2_outR2 KE); request ID 3 | stop processing: state #2 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.285 milliseconds in comm_handle_cb() reading and processing packet | crypto helper 0 finished build KE and nonce (inI2_outR2 KE); request ID 3 time elapsed 0.000953 seconds | (#2) spent 0.941 milliseconds in crypto helper computing work-order 3: inI2_outR2 KE (pcr) | crypto helper 0 sending results from work-order 3 for state #2 to event queue | scheduling resume sending helper answer for #2 | libevent_malloc: new ptr-libevent@0x7f6fa0002888 size 128 | libevent_realloc: release ptr-libevent@0x55cbbf0440d8 | libevent_realloc: new ptr-libevent@0x7f6fa00027d8 size 128 | crypto helper 0 waiting (nothing to do) | processing resume sending helper answer for #2 | start processing: state #2 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in resume_handler() at server.c:797) | crypto helper 0 replies to request ID 3 | calling continuation function 0x55cbbeb16b50 | main_inI2_outR2_continue for #2: calculated ke+nonce, sending R2 | **emit ISAKMP Message: | initiator cookie: | cc e6 e3 34 68 61 ad 2f | responder cookie: | 29 e0 5c fa 85 8b d0 7a | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit ISAKMP Key Exchange Payload: | next payload type: ISAKMP_NEXT_NONCE (0xa) | next payload chain: ignoring supplied 'ISAKMP Key Exchange Payload'.'next payload type' value 10:ISAKMP_NEXT_NONCE | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Key Exchange Payload (4:ISAKMP_NEXT_KE) | next payload chain: saving location 'ISAKMP Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of keyex value into ISAKMP Key Exchange Payload | keyex value f7 a7 01 ad 6a c7 e3 59 f9 54 8e 97 c2 ec 7f 7e | keyex value 53 3e d0 e3 25 f6 04 af be 31 a9 32 17 22 db dd | keyex value 44 f5 15 f3 b5 f7 23 be cc 4a 84 56 61 f7 6e 8e | keyex value 7f 6a 38 28 51 2c 3c e2 1a b0 8d c5 7c db 84 73 | keyex value d9 a4 07 27 41 79 3e 97 90 a8 27 24 2c 66 cb 74 | keyex value c9 93 a5 fc 7d 9f ec 62 bc 36 34 5d 8f c1 03 a5 | keyex value fb 35 b8 91 88 bd 18 59 4a b4 86 29 40 0c f1 10 | keyex value 35 cf c4 4c c9 36 af 63 01 2f cc c1 6a 65 f6 28 | keyex value 8c 46 f1 ff 00 c3 dd 61 af 06 f9 63 5b ca 60 b9 | keyex value 61 ad dd be 22 8c 95 17 85 99 01 43 c3 bb b1 3d | keyex value 87 72 ab 5f 66 af eb f0 1a 63 ef d1 f9 c8 08 35 | keyex value 2c ef fd 86 8b 6e 18 82 df 1f 80 46 ed f6 99 96 | keyex value 1d 2c f0 72 36 50 bf 45 cf ed 09 38 e4 b7 97 7e | keyex value 84 a4 c2 16 6c b2 8d 2e 09 ea 5f b0 29 f8 12 b4 | keyex value 2b ae 5e d2 19 5c 02 31 b8 f2 42 58 c3 be 90 a0 | keyex value 65 e6 a6 19 96 3b 0e 67 29 3a 12 60 3a 8d 2b 11 | emitting length of ISAKMP Key Exchange Payload: 260 | ***emit ISAKMP Nonce Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Key Exchange Payload'.'next payload type' to current ISAKMP Nonce Payload (10:ISAKMP_NEXT_NONCE) | next payload chain: saving location 'ISAKMP Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of Nr into ISAKMP Nonce Payload | Nr 90 e4 c5 43 f9 07 b8 98 cf 6d 4c ab 55 12 f4 e0 | Nr e4 af 6f 4c 4b fa 0f 11 5d 2e 2b b3 35 a1 0f 99 | emitting length of ISAKMP Nonce Payload: 36 | sending NAT-D payloads | natd_hash: hasher=0x55cbbebebca0(32) | natd_hash: icookie= cc e6 e3 34 68 61 ad 2f | natd_hash: rcookie= 29 e0 5c fa 85 8b d0 7a | natd_hash: ip= c0 01 03 d1 | natd_hash: port=500 | natd_hash: hash= 14 04 f7 fb b1 82 f8 03 67 39 90 26 32 5f 1c bb | natd_hash: hash= 63 1c 9f 51 a3 c4 75 1e 47 b1 51 31 06 c0 43 fd | ***emit ISAKMP NAT-D Payload: | next payload type: ISAKMP_NEXT_NATD_RFC (0x14) | next payload chain: ignoring supplied 'ISAKMP NAT-D Payload'.'next payload type' value 20:ISAKMP_NEXT_NATD_RFC | next payload chain: setting previous 'ISAKMP Nonce Payload'.'next payload type' to current ISAKMP NAT-D Payload (20:ISAKMP_NEXT_NATD_RFC) | next payload chain: saving location 'ISAKMP NAT-D Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of NAT-D into ISAKMP NAT-D Payload | NAT-D 14 04 f7 fb b1 82 f8 03 67 39 90 26 32 5f 1c bb | NAT-D 63 1c 9f 51 a3 c4 75 1e 47 b1 51 31 06 c0 43 fd | emitting length of ISAKMP NAT-D Payload: 36 | natd_hash: hasher=0x55cbbebebca0(32) | natd_hash: icookie= cc e6 e3 34 68 61 ad 2f | natd_hash: rcookie= 29 e0 5c fa 85 8b d0 7a | natd_hash: ip= c0 01 02 17 | natd_hash: port=500 | natd_hash: hash= c7 11 5e b3 a4 bb 27 dc 97 2d 4e 8f d8 68 b3 08 | natd_hash: hash= 80 36 44 6e 2a 4d 5a e3 cc 6a 55 d4 ce 9f bb 5b | ***emit ISAKMP NAT-D Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP NAT-D Payload'.'next payload type' to current ISAKMP NAT-D Payload (20:ISAKMP_NEXT_NATD_RFC) | next payload chain: saving location 'ISAKMP NAT-D Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of NAT-D into ISAKMP NAT-D Payload | NAT-D c7 11 5e b3 a4 bb 27 dc 97 2d 4e 8f d8 68 b3 08 | NAT-D 80 36 44 6e 2a 4d 5a e3 cc 6a 55 d4 ce 9f bb 5b | emitting length of ISAKMP NAT-D Payload: 36 | no IKEv1 message padding required | emitting length of ISAKMP Message: 396 | main inI2_outR2: starting async DH calculation (group=14) | started looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=key4096.testing.libreswan.org, E=user-key4096@testing.libreswan.org of kind PKK_PSK | actually looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=key4096.testing.libreswan.org, E=user-key4096@testing.libreswan.org of kind PKK_PSK | line 0: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org) to type PKK_RSA | line 1: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org) to type PKK_RSA | concluding with best_match=000 best=(nil) (lineno=-1) | no PreShared Key Found | adding main_inI2_outR2_tail work-order 4 for state #2 | state #2 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x7f6fa4003878 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55cbbf0d12f8 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55cbbf0d12f8 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #2 | libevent_malloc: new ptr-libevent@0x55cbbf0d72e8 size 128 | crypto helper 3 resuming | crypto helper 3 starting work-order 4 for state #2 | crypto helper 3 doing compute dh+iv (V1 Phase 1) (main_inI2_outR2_tail); request ID 4 | crypto helper 3 finished compute dh+iv (V1 Phase 1) (main_inI2_outR2_tail); request ID 4 time elapsed 0.001129 seconds | #2 main_inI2_outR2_continue1_tail:1165 st->st_calculating = FALSE; | complete v1 state transition with STF_OK | (#2) spent 1.13 milliseconds in crypto helper computing work-order 4: main_inI2_outR2_tail (pcr) | crypto helper 3 sending results from work-order 4 for state #2 to event queue | [RE]START processing: state #2 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in complete_v1_state_transition() at ikev1.c:2673) | #2 is idle; has background offloaded task | scheduling resume sending helper answer for #2 | libevent_malloc: new ptr-libevent@0x7f6f94000f48 size 128 | doing_xauth:no, t_xauth_client_done:no | crypto helper 3 waiting (nothing to do) | IKEv1: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2 | parent state #2: MAIN_R1(open IKE SA) => MAIN_R2(open IKE SA) | event_already_set, deleting event | state #2 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x55cbbf0d72e8 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55cbbf0d12f8 | sending reply packet to 192.1.3.209:500 (from 192.1.2.23:500) | sending 396 bytes for STATE_MAIN_R1 through eth1 from 192.1.2.23:500 to 192.1.3.209:500 (using #2) | cc e6 e3 34 68 61 ad 2f 29 e0 5c fa 85 8b d0 7a | 04 10 02 00 00 00 00 00 00 00 01 8c 0a 00 01 04 | f7 a7 01 ad 6a c7 e3 59 f9 54 8e 97 c2 ec 7f 7e | 53 3e d0 e3 25 f6 04 af be 31 a9 32 17 22 db dd | 44 f5 15 f3 b5 f7 23 be cc 4a 84 56 61 f7 6e 8e | 7f 6a 38 28 51 2c 3c e2 1a b0 8d c5 7c db 84 73 | d9 a4 07 27 41 79 3e 97 90 a8 27 24 2c 66 cb 74 | c9 93 a5 fc 7d 9f ec 62 bc 36 34 5d 8f c1 03 a5 | fb 35 b8 91 88 bd 18 59 4a b4 86 29 40 0c f1 10 | 35 cf c4 4c c9 36 af 63 01 2f cc c1 6a 65 f6 28 | 8c 46 f1 ff 00 c3 dd 61 af 06 f9 63 5b ca 60 b9 | 61 ad dd be 22 8c 95 17 85 99 01 43 c3 bb b1 3d | 87 72 ab 5f 66 af eb f0 1a 63 ef d1 f9 c8 08 35 | 2c ef fd 86 8b 6e 18 82 df 1f 80 46 ed f6 99 96 | 1d 2c f0 72 36 50 bf 45 cf ed 09 38 e4 b7 97 7e | 84 a4 c2 16 6c b2 8d 2e 09 ea 5f b0 29 f8 12 b4 | 2b ae 5e d2 19 5c 02 31 b8 f2 42 58 c3 be 90 a0 | 65 e6 a6 19 96 3b 0e 67 29 3a 12 60 3a 8d 2b 11 | 14 00 00 24 90 e4 c5 43 f9 07 b8 98 cf 6d 4c ab | 55 12 f4 e0 e4 af 6f 4c 4b fa 0f 11 5d 2e 2b b3 | 35 a1 0f 99 14 00 00 24 14 04 f7 fb b1 82 f8 03 | 67 39 90 26 32 5f 1c bb 63 1c 9f 51 a3 c4 75 1e | 47 b1 51 31 06 c0 43 fd 00 00 00 24 c7 11 5e b3 | a4 bb 27 dc 97 2d 4e 8f d8 68 b3 08 80 36 44 6e | 2a 4d 5a e3 cc 6a 55 d4 ce 9f bb 5b | !event_already_set at reschedule | event_schedule: new EVENT_RETRANSMIT-pe@0x55cbbf0d12f8 | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #2 | libevent_malloc: new ptr-libevent@0x55cbbf0d72e8 size 128 | #2 STATE_MAIN_R2: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 29857.762953 "x509"[1] 192.1.3.209 #2: STATE_MAIN_R2: sent MR2, expecting MI3 | modecfg pull: noquirk policy:push not-client | phase 1 is done, looking for phase 2 to unpend | resume sending helper answer for #2 suppresed complete_v1_state_transition() | #2 spent 0.371 milliseconds in resume sending helper answer | stop processing: state #2 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f6fa0002888 | processing resume sending helper answer for #2 | start processing: state #2 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in resume_handler() at server.c:797) | crypto helper 3 replies to request ID 4 | calling continuation function 0x55cbbeb16b50 | main_inI2_outR2_calcdone for #2: calculate DH finished | [RE]START processing: state #2 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in main_inI2_outR2_continue2() at ikev1_main.c:1015) | stop processing: state #2 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in main_inI2_outR2_continue2() at ikev1_main.c:1028) | resume sending helper answer for #2 suppresed complete_v1_state_transition() | #2 spent 0.0127 milliseconds in resume sending helper answer | processing: STOP state #0 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f6f94000f48 | spent 0.00288 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 532 bytes from 192.1.3.209:500 on eth1 (192.1.2.23:500) | cc e6 e3 34 68 61 ad 2f 29 e0 5c fa 85 8b d0 7a | 84 10 02 00 00 00 00 00 00 00 02 14 00 00 01 f8 | 00 01 01 00 cc e6 e3 34 68 61 ad 2f 29 e0 5c fa | 85 8b d0 7a 05 10 02 01 00 00 00 00 00 00 08 4c | 9d c9 1a 23 42 f5 24 95 bb 68 82 1f 50 e8 71 80 | bb ca 87 6b ca 0b f2 13 ef 73 03 3e d7 77 41 2f | c3 65 4a e1 cc bb f4 d3 d3 17 20 98 91 13 48 b3 | e9 49 32 d5 d6 54 c7 69 d0 fd ee fa d0 25 ed f2 | 8e ac 4f 53 1c e1 e7 b5 4f 09 ab 4b 21 a4 d7 68 | a7 5d 09 18 4d f9 4e 8a ee 51 86 fc b6 76 69 9b | cc a9 ea 7c 9b df 0d f0 60 e0 60 17 c7 14 58 2c | 56 f1 e0 86 b0 75 24 ee 3b a4 5f 39 33 ba c8 3e | 5c 5e 39 03 8e e9 27 9b fe 8d 69 7e 0e e2 16 5d | 21 84 1b c9 2a dc 7f b5 b9 9d 8d 6a 10 e9 db 5f | 79 22 32 9a 50 52 ba c9 90 c7 de b9 7a ba 84 6b | 8c e4 96 a1 d5 ab c8 fc 6f 9b 36 ce b3 09 ab 36 | bd 94 50 42 ee ec d7 1c d3 e5 1f 00 f4 2a 64 2f | 76 f9 9e ca 6a 9f 06 71 60 31 b8 e1 77 8a 00 a3 | 6b e3 f1 3e 7d 2b 10 26 e5 17 e1 54 c2 88 84 fc | a7 31 c4 19 fb d2 27 74 3c 09 dc d6 a6 a9 a7 c6 | 68 ad 48 7b 7d 83 b9 a8 43 9c b9 f2 3c 08 37 4b | ca af b9 6e 75 8d bf f0 c1 1a d3 ae 86 9a 36 d8 | ed 55 1b 95 3b 29 3d 8e f9 bf 1a d1 da bc 20 84 | 4f fb 18 29 5e ca 11 34 df ce cb 1b f5 cb d9 59 | ad 35 37 bb e3 49 10 8d ac 5d 8f b9 eb 4d 79 86 | 12 7a 89 76 fe fa e5 e1 99 4c 72 38 1c 0a ed bd | 58 47 53 3b d3 61 aa b4 a3 cc 4b 8b 03 c9 97 ca | b0 bb 99 7a 5e e9 f2 94 e2 76 d2 90 f4 88 8d bb | 33 e4 c3 07 48 c8 ae 84 59 d8 bf 5f 86 01 9d 98 | ae 96 ab 80 b9 3a 45 fd 74 cc 69 69 ed e5 45 ba | 04 9e e6 31 55 48 88 69 d6 6a 6d da 67 d8 e6 b8 | ce aa fe 44 a9 85 a1 a2 d5 ec 2b 2b 23 6c 5d c2 | e3 75 f6 6b 5c 35 fb 39 9d 33 62 11 c1 c5 82 c6 | 6d da 26 04 | start processing: from 192.1.3.209:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | cc e6 e3 34 68 61 ad 2f | responder cookie: | 29 e0 5c fa 85 8b d0 7a | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 532 (0x214) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #2 in MAIN_R2 (find_state_ikev1) | start processing: state #2 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_v1_packet() at ikev1.c:1459) | ***parse ISAKMP IKE Fragment Payload: | length: 504 (0x1f8) | fragment id: 1 (0x1) | fragment number: 1 (0x1) | flags: 0 (0x0) | received IKE fragment id '1', number '1' | stop processing: from 192.1.3.209:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #2 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.142 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00146 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 532 bytes from 192.1.3.209:500 on eth1 (192.1.2.23:500) | cc e6 e3 34 68 61 ad 2f 29 e0 5c fa 85 8b d0 7a | 84 10 02 00 00 00 00 00 00 00 02 14 00 00 01 f8 | 00 01 02 00 ae ed b2 d0 22 a5 95 46 62 fe a2 2b | 04 c3 b2 74 a7 00 33 d0 2e e5 bd 39 db b6 3a 8e | 86 2b 80 08 fb 43 50 12 5e fc 6f 86 15 84 5b 86 | 1b 55 a7 20 bc c4 a4 88 96 68 aa e6 96 54 30 c1 | 44 dd 01 f9 c3 43 b6 6d 42 fb 44 50 27 9a 4a d0 | d0 b6 98 23 8d 71 44 28 c7 84 76 41 5e a7 5c 3f | 7e 20 70 56 e6 9d b0 01 16 3e 28 36 e1 f8 4d 44 | 20 88 45 86 01 79 c9 77 ba a8 06 5e d4 b8 15 4f | ec bf 58 e1 34 24 86 bc 22 88 7f 91 b1 d1 b5 25 | d7 6e ff ea e7 b3 85 f7 ab a4 90 a6 69 07 25 e6 | 1e d9 f9 38 02 41 fc 1c 42 85 27 fb 70 0a 33 4a | 37 92 43 7c 65 23 9e 2e 7c 5c 82 da a7 89 5d 23 | b0 5a 78 56 24 b0 71 f9 be e8 a8 3a 80 ba d2 0f | 01 8f 02 59 8f 04 20 59 64 a9 95 37 7f bc 85 6b | 0e 67 4d 15 dd be 3c 21 85 66 41 aa fb d7 05 37 | 0a 1c f5 14 19 63 1f 64 e0 67 59 92 b4 80 58 27 | e9 ff 65 99 42 b8 c4 cc 24 1f dd 89 43 c4 16 23 | f6 2e 37 66 44 85 71 ca 40 0f 29 b3 43 30 37 da | 6e 5d 95 28 6a 15 4c 83 26 e6 f5 47 45 13 98 37 | eb 6e 39 9e 63 63 44 b7 7f 24 e1 cf 87 db 64 8c | 23 5f 83 16 58 e1 7d 7e bd 5b f3 26 c6 ac 39 a3 | c5 0b ef d0 b1 57 f3 7c 8d 9c 2e 6e 65 b3 60 d8 | 1c bc 7c ea 50 7a 02 fc 93 b2 34 c8 db 88 45 f4 | 31 b5 2a c5 4c 16 19 34 15 2c 3f 66 3b 93 d1 b7 | bb f4 2f 0c ab 49 a5 95 60 d8 d8 fa 54 51 d5 3b | d4 85 d1 f3 bc 87 05 ff 69 07 7a bd f3 8a a9 38 | 5a 5a d6 3f 58 5f 5a 63 78 da 7a 0a 5f f9 68 c5 | b0 ff 32 b6 0f 43 ac 28 d0 70 53 be b9 fc 44 02 | 70 b4 a1 fe b5 99 3a 44 1d 5b 50 02 e9 c5 ac 86 | 27 67 62 8e 9b 21 b9 4a 13 4c 5b 0b 1b a6 24 26 | 76 79 4b bc 99 94 81 dc 12 b5 d0 7e dc 55 6b f8 | 53 3c 96 44 | start processing: from 192.1.3.209:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | cc e6 e3 34 68 61 ad 2f | responder cookie: | 29 e0 5c fa 85 8b d0 7a | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 532 (0x214) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #2 in MAIN_R2 (find_state_ikev1) | start processing: state #2 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_v1_packet() at ikev1.c:1459) | ***parse ISAKMP IKE Fragment Payload: | length: 504 (0x1f8) | fragment id: 1 (0x1) | fragment number: 2 (0x2) | flags: 0 (0x0) | received IKE fragment id '1', number '2' | stop processing: from 192.1.3.209:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #2 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.11 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00152 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 532 bytes from 192.1.3.209:500 on eth1 (192.1.2.23:500) | cc e6 e3 34 68 61 ad 2f 29 e0 5c fa 85 8b d0 7a | 84 10 02 00 00 00 00 00 00 00 02 14 00 00 01 f8 | 00 01 03 00 b3 7d 09 40 e9 2f ea 68 05 d5 a6 e0 | 37 e2 16 89 a5 98 36 80 86 9a ff 73 22 ea ce ff | 91 61 0c 8b 76 65 88 b3 02 be 43 37 b0 52 00 1a | f3 9f 3e a4 5f e8 23 af 0d 4b 5f ba 95 27 59 d6 | c3 28 5d 3c 60 5f 27 ed 1c 6d c7 d7 9e 4b ba 24 | 85 dd 11 00 8f 76 96 d8 85 bc 22 bb 7d 12 76 15 | 99 2f 43 08 cc 5a a1 b5 8b e7 fd 0b 1c 8a ad e5 | 70 3d 52 02 bc c0 ac 76 a2 a0 96 90 91 09 7b 28 | 19 62 14 9e eb a7 db c3 be 0d b2 f3 cb 09 00 7e | 06 53 60 ac 64 6a b6 29 84 dc c5 f2 90 ec d8 90 | 47 65 91 11 16 bb 6f 45 25 ba 79 7a 45 34 c8 fd | 79 9a 76 34 2e 31 b0 24 d1 1d 90 4d f3 03 ec 21 | a5 d0 65 dc fc 3f 55 59 02 87 55 d4 6d d7 16 a5 | 0a c6 07 f1 af f1 38 ca 9d f2 35 dd aa c5 61 07 | a4 f6 91 9c 08 e0 4e 4a da c0 32 3c a5 fb d3 9c | 97 02 0f 13 98 9f a2 4b 90 64 ca c1 20 5e 6a df | c0 10 1c 57 d8 ac da 4b 19 a5 62 99 2d e2 cd b4 | 52 b7 ee 6d b4 ef 43 d5 d4 52 cb f3 33 e9 97 c6 | de 37 db 81 2a 8b e1 2e ed ee f9 c2 24 08 ef da | 5e da 73 7e 0e aa 34 72 68 1a 87 cf d5 77 ba ca | 68 b1 e1 b1 d6 b1 83 a4 4b d0 70 5d b3 d0 5d a8 | f5 1d a8 70 72 15 41 fa 28 4e 7e 1b f1 0a 2a 2c | 65 fa 7d 4c cc 09 44 bd 2a 21 61 f6 60 a9 fe 2c | 1a 7a 95 8e 2c 98 5d b9 65 b9 6d d3 52 d8 46 98 | 1d a1 48 46 26 26 2f 6e e5 55 c6 9a 50 83 92 a9 | dc 2e be a9 c8 35 f7 0e b9 5d 33 fb 80 66 74 8d | 12 b2 9e ff d7 bd a0 9d 3b 90 79 e2 54 ba 3a d3 | be 64 60 a6 96 5a 91 d3 b7 ed 3b 92 c9 29 6c a7 | 0c 35 53 9c 51 5a 5b de 76 ec eb fd 34 28 26 c2 | bd 12 2c f7 60 8d 03 3e ad 52 fd 61 1d eb cb 08 | 09 55 c7 e4 cc bb 89 e9 81 34 48 a7 4f fe 4a 26 | 13 3c 28 57 | start processing: from 192.1.3.209:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | cc e6 e3 34 68 61 ad 2f | responder cookie: | 29 e0 5c fa 85 8b d0 7a | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 532 (0x214) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #2 in MAIN_R2 (find_state_ikev1) | start processing: state #2 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_v1_packet() at ikev1.c:1459) | ***parse ISAKMP IKE Fragment Payload: | length: 504 (0x1f8) | fragment id: 1 (0x1) | fragment number: 3 (0x3) | flags: 0 (0x0) | received IKE fragment id '1', number '3' | stop processing: from 192.1.3.209:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #2 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.109 milliseconds in comm_handle_cb() reading and processing packet | spent 0.0014 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 532 bytes from 192.1.3.209:500 on eth1 (192.1.2.23:500) | cc e6 e3 34 68 61 ad 2f 29 e0 5c fa 85 8b d0 7a | 84 10 02 00 00 00 00 00 00 00 02 14 00 00 01 f8 | 00 01 04 00 eb 2a 39 75 03 35 e3 a1 ec e6 a0 41 | de 59 5b 4d 2c 40 e0 09 53 65 23 c4 97 9a 20 13 | 10 2e b2 1f 49 35 27 b4 bd 34 e3 41 61 2c c0 cc | cb 8a 43 4d 91 7b d0 1e c1 a0 e1 1c 92 bb 5f 3a | db e4 b9 44 58 4e c4 90 64 bc c5 e9 0c ab ae 69 | 5e 26 6f 85 7e 40 91 fb 45 da 08 3e a1 25 82 2e | 88 c6 2d 04 de 31 b9 e8 c6 24 eb 45 2b c0 50 60 | 22 e0 20 f1 a4 5f 3d 25 99 95 e5 95 65 f4 63 e7 | 46 59 db 58 42 e5 9a 9c 41 a4 6d 36 53 b5 06 6a | c0 bb d9 f8 0c 3a 36 83 3d c1 24 af 5b da e5 4e | 62 52 d0 91 f5 3f 2f ad bc c5 3c 35 cb 8a 8c c1 | a3 84 0f 44 d0 36 cb c2 a4 f7 f0 95 15 00 8c 56 | cb 4f fb ee f2 c5 52 85 fb 6b dd 71 b8 99 18 97 | ca c7 4c db 51 da fa 27 39 be d5 ab 48 c1 b0 64 | be 70 ef 62 1c 2a 78 11 b9 9f aa a2 f3 06 73 99 | f5 80 48 ff 99 e0 3d 3a 76 09 6e ac de 03 f4 19 | 6d b2 5f a6 d7 90 61 e5 4d 64 29 d9 43 cf cf 1d | f7 eb 9e 75 09 e4 05 9e 90 34 b7 23 2d c8 ba a2 | 2a d2 d7 fc 3d 19 09 43 0f f7 78 0c 21 f1 9a c0 | db b9 2d 10 66 9e 66 54 78 0a 1b 94 fb b8 04 d7 | e9 e2 4f 4b 5e ad 92 ff 9b 94 5a b3 58 79 69 8e | 8e 63 ae 40 08 21 be c3 2e 44 ae df cb ce ae 2f | a7 74 c3 74 c5 14 0b 08 bd 38 7f 2c 0a d6 ea b5 | 0b f7 ec 98 04 db bb 91 f7 3c 24 40 6c 7d 13 75 | 55 d8 09 d2 c7 5f f6 c6 7e 4c 95 32 64 e2 74 58 | b3 bd f5 8c 7a a4 20 f7 3e a0 26 fc af f5 23 c6 | 19 33 a0 da 6d ab 45 80 9d 6c f1 8a 8c 34 e5 88 | 24 5f 87 2e 25 97 85 fc ed 58 b8 a4 98 80 b7 c6 | 2a 2b f1 c5 89 6b ab ff 90 bf b5 c7 68 e7 0d 09 | cf 73 bf 5c d0 84 0c 1d 76 d6 c2 67 69 9b 3e cf | 83 a7 38 95 4e d0 cc 7b b4 2d 9f b4 39 26 65 a6 | a0 65 e4 3a | start processing: from 192.1.3.209:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | cc e6 e3 34 68 61 ad 2f | responder cookie: | 29 e0 5c fa 85 8b d0 7a | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 532 (0x214) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #2 in MAIN_R2 (find_state_ikev1) | start processing: state #2 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_v1_packet() at ikev1.c:1459) | ***parse ISAKMP IKE Fragment Payload: | length: 504 (0x1f8) | fragment id: 1 (0x1) | fragment number: 4 (0x4) | flags: 0 (0x0) | received IKE fragment id '1', number '4' | stop processing: from 192.1.3.209:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #2 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.112 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00221 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 176 bytes from 192.1.3.209:500 on eth1 (192.1.2.23:500) | cc e6 e3 34 68 61 ad 2f 29 e0 5c fa 85 8b d0 7a | 84 10 02 00 00 00 00 00 00 00 00 b0 00 00 00 94 | 00 01 05 01 9b 31 59 38 37 e8 c4 db 76 05 fc fe | 22 fb 2b 50 57 42 50 ca f2 66 97 94 08 c1 00 a3 | db cf f2 18 65 9f 12 d4 77 67 d7 49 1d 9c 6d 2e | 22 5e 35 b7 8e 20 ce be 66 ea 79 eb fe 2a af d0 | a6 18 85 0d 25 82 3e 50 7b a4 cb b9 38 97 5b 1d | 00 8f 1b 48 2b 84 ae 48 d5 f3 ab c7 45 7a 6a e7 | 54 25 d0 f9 08 8b 7f 5f cd 21 ee 25 b5 0a f6 e1 | 11 f2 9d de 01 a4 fa 94 37 f5 bb 30 22 9d ef 59 | d6 f3 a5 8b 05 58 24 ad 06 f3 87 8d 80 91 b9 e8 | start processing: from 192.1.3.209:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | cc e6 e3 34 68 61 ad 2f | responder cookie: | 29 e0 5c fa 85 8b d0 7a | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 176 (0xb0) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #2 in MAIN_R2 (find_state_ikev1) | start processing: state #2 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_v1_packet() at ikev1.c:1459) | ***parse ISAKMP IKE Fragment Payload: | length: 148 (0x94) | fragment id: 1 (0x1) | fragment number: 5 (0x5) | flags: 1 (0x1) | received IKE fragment id '1', number '5'(last) | **parse ISAKMP Message: | initiator cookie: | cc e6 e3 34 68 61 ad 2f | responder cookie: | 29 e0 5c fa 85 8b d0 7a | next payload type: ISAKMP_NEXT_ID (0x5) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 0 (0x0) | length: 2124 (0x84c) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #2 in MAIN_R2 (find_state_ikev1) | [RE]START processing: state #2 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_v1_packet() at ikev1.c:1459) | #2 is idle | #2 idle | received encrypted packet from 192.1.3.209:500 | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x220 opt: 0x20c0 | ***parse ISAKMP Identification Payload: | next payload type: ISAKMP_NEXT_CERT (0x6) | length: 197 (0xc5) | ID type: ID_DER_ASN1_DN (0x9) | DOI specific A: 0 (0x0) | DOI specific B: 0 (0x0) | obj: 30 81 ba 31 0b 30 09 06 03 55 04 06 13 02 43 41 | obj: 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 | obj: 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 | obj: 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c | obj: 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 | obj: 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 | obj: 6e 74 31 26 30 24 06 03 55 04 03 0c 1d 6b 65 79 | obj: 34 30 39 36 2e 74 65 73 74 69 6e 67 2e 6c 69 62 | obj: 72 65 73 77 61 6e 2e 6f 72 67 31 31 30 2f 06 09 | obj: 2a 86 48 86 f7 0d 01 09 01 16 22 75 73 65 72 2d | obj: 6b 65 79 34 30 39 36 40 74 65 73 74 69 6e 67 2e | obj: 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 | got payload 0x40 (ISAKMP_NEXT_CERT) needed: 0x200 opt: 0x20c0 | ***parse ISAKMP Certificate Payload: | next payload type: ISAKMP_NEXT_CR (0x7) | length: 1366 (0x556) | cert encoding: CERT_X509_SIGNATURE (0x4) | got payload 0x80 (ISAKMP_NEXT_CR) needed: 0x200 opt: 0x20c0 | ***parse ISAKMP Certificate RequestPayload: | next payload type: ISAKMP_NEXT_SIG (0x9) | length: 5 (0x5) | cert type: CERT_X509_SIGNATURE (0x4) | got payload 0x200 (ISAKMP_NEXT_SIG) needed: 0x200 opt: 0x20c0 | ***parse ISAKMP Signature Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 516 (0x204) | removing 12 bytes of padding | message 'main_inI3_outR3' HASH payload not checked early | DER ASN1 DN: 30 81 ba 31 0b 30 09 06 03 55 04 06 13 02 43 41 | DER ASN1 DN: 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 | DER ASN1 DN: 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 | DER ASN1 DN: 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c | DER ASN1 DN: 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 | DER ASN1 DN: 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 | DER ASN1 DN: 6e 74 31 26 30 24 06 03 55 04 03 0c 1d 6b 65 79 | DER ASN1 DN: 34 30 39 36 2e 74 65 73 74 69 6e 67 2e 6c 69 62 | DER ASN1 DN: 72 65 73 77 61 6e 2e 6f 72 67 31 31 30 2f 06 09 | DER ASN1 DN: 2a 86 48 86 f7 0d 01 09 01 16 22 75 73 65 72 2d | DER ASN1 DN: 6b 65 79 34 30 39 36 40 74 65 73 74 69 6e 67 2e | DER ASN1 DN: 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 "x509"[1] 192.1.3.209 #2: Peer ID is ID_DER_ASN1_DN: 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=key4096.testing.libreswan.org, E=user-key4096@testing.libreswan.org' | global one-shot timer EVENT_FREE_ROOT_CERTS scheduled in 300 seconds | #2 spent 0.00549 milliseconds in find_and_verify_certs() calling get_root_certs() | checking for known CERT payloads | saving certificate of type 'X509_SIGNATURE' | decoded cert: E=user-key4096@testing.libreswan.org,CN=key4096.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA | #2 spent 0.298 milliseconds in find_and_verify_certs() calling decode_cert_payloads() | cert_issuer_has_current_crl: looking for a CRL issued by E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA | #2 spent 0.0433 milliseconds in find_and_verify_certs() calling crl_update_check() | missing or expired CRL | crl_strict: 0, ocsp: 0, ocsp_strict: 0, ocsp_post: 0 | verify_end_cert trying profile IPsec "x509"[1] 192.1.3.209 #2: Certificate E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA failed IPsec verification "x509"[1] 192.1.3.209 #2: ERROR: The certificate was signed using a signature algorithm that is disabled because it is not secure. | #2 spent 0.39 milliseconds in find_and_verify_certs() calling verify_end_cert() "x509"[1] 192.1.3.209 #2: X509: Certificate rejected for this connection "x509"[1] 192.1.3.209 #2: X509: CERT payload bogus or revoked | Peer ID failed to decode | complete v1 state transition with INVALID_ID_INFORMATION | [RE]START processing: state #2 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in complete_v1_state_transition() at ikev1.c:2673) | #2 is idle "x509"[1] 192.1.3.209 #2: sending encrypted notification INVALID_ID_INFORMATION to 192.1.3.209:500 | **emit ISAKMP Message: | initiator cookie: | cc e6 e3 34 68 61 ad 2f | responder cookie: | 29 e0 5c fa 85 8b d0 7a | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_INFO (0x5) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 2725243476 (0xa26fea54) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'notification msg' | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload | emitting length of ISAKMP Hash Payload: 36 | ***emit ISAKMP Notification Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | DOI: ISAKMP_DOI_IPSEC (0x1) | protocol ID: 1 (0x1) | SPI size: 0 (0x0) | Notify Message Type: INVALID_ID_INFORMATION (0x12) | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Notification Payload (11:ISAKMP_NEXT_N) | next payload chain: saving location 'ISAKMP Notification Payload'.'next payload type' in 'notification msg' | emitting length of ISAKMP Notification Payload: 12 | send notification HASH(1): | 26 fb fd 13 71 cb c6 15 5c a3 9a ba 33 fb 84 38 | bf 1e ba 54 d4 f1 35 c9 56 06 7c 85 61 0f fc b2 | no IKEv1 message padding required | emitting length of ISAKMP Message: 76 | sending 76 bytes for notification packet through eth1 from 192.1.2.23:500 to 192.1.3.209:500 (using #2) | cc e6 e3 34 68 61 ad 2f 29 e0 5c fa 85 8b d0 7a | 08 10 05 01 a2 6f ea 54 00 00 00 4c f7 94 2b 25 | e3 c8 d8 05 6c 66 0b df 84 c1 1d 73 42 42 1c 07 | df ca ef 4e 5f 4c 64 ba 86 49 ff 3d 80 33 ad 37 | c3 4b c6 24 7c ae bb ed 0b 3f dc 3e | state transition function for STATE_MAIN_R2 failed: INVALID_ID_INFORMATION | #2 spent 1.03 milliseconds in process_packet_tail() | updated IKE fragment state to respond using fragments without waiting for re-transmits | stop processing: from 192.1.3.209:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #2 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 1.25 milliseconds in comm_handle_cb() reading and processing packet | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | FOR_EACH_CONNECTION_... in show_connections_status | FOR_EACH_CONNECTION_... in show_connections_status | FOR_EACH_STATE_... in show_states_status (sort_states) | FOR_EACH_STATE_... in sort_states | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.529 milliseconds in whack | timer_event_cb: processing event@0x55cbbf0d12f8 | handling event EVENT_RETRANSMIT for parent state #2 | start processing: state #2 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in timer_event_cb() at timer.c:250) | IKEv1 retransmit event | [RE]START processing: state #2 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in retransmit_v1_msg() at retry.c:61) | handling event EVENT_RETRANSMIT for 192.1.3.209 "x509"[1] 192.1.3.209 #2 keying attempt 0 of 0; retransmit 1 | retransmits: current time 29858.263471; retransmit count 0 exceeds limit? NO; deltatime 0.5 exceeds limit? NO; monotime 0.500518 exceeds limit? NO | event_schedule: new EVENT_RETRANSMIT-pe@0x7f6fa0002b78 | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #2 | libevent_malloc: new ptr-libevent@0x7f6fa0002888 size 128 "x509"[1] 192.1.3.209 #2: STATE_MAIN_R2: retransmission; will wait 0.5 seconds for response | sending 396 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.3.209:500 (using #2) | cc e6 e3 34 68 61 ad 2f 29 e0 5c fa 85 8b d0 7a | 04 10 02 00 00 00 00 00 00 00 01 8c 0a 00 01 04 | f7 a7 01 ad 6a c7 e3 59 f9 54 8e 97 c2 ec 7f 7e | 53 3e d0 e3 25 f6 04 af be 31 a9 32 17 22 db dd | 44 f5 15 f3 b5 f7 23 be cc 4a 84 56 61 f7 6e 8e | 7f 6a 38 28 51 2c 3c e2 1a b0 8d c5 7c db 84 73 | d9 a4 07 27 41 79 3e 97 90 a8 27 24 2c 66 cb 74 | c9 93 a5 fc 7d 9f ec 62 bc 36 34 5d 8f c1 03 a5 | fb 35 b8 91 88 bd 18 59 4a b4 86 29 40 0c f1 10 | 35 cf c4 4c c9 36 af 63 01 2f cc c1 6a 65 f6 28 | 8c 46 f1 ff 00 c3 dd 61 af 06 f9 63 5b ca 60 b9 | 61 ad dd be 22 8c 95 17 85 99 01 43 c3 bb b1 3d | 87 72 ab 5f 66 af eb f0 1a 63 ef d1 f9 c8 08 35 | 2c ef fd 86 8b 6e 18 82 df 1f 80 46 ed f6 99 96 | 1d 2c f0 72 36 50 bf 45 cf ed 09 38 e4 b7 97 7e | 84 a4 c2 16 6c b2 8d 2e 09 ea 5f b0 29 f8 12 b4 | 2b ae 5e d2 19 5c 02 31 b8 f2 42 58 c3 be 90 a0 | 65 e6 a6 19 96 3b 0e 67 29 3a 12 60 3a 8d 2b 11 | 14 00 00 24 90 e4 c5 43 f9 07 b8 98 cf 6d 4c ab | 55 12 f4 e0 e4 af 6f 4c 4b fa 0f 11 5d 2e 2b b3 | 35 a1 0f 99 14 00 00 24 14 04 f7 fb b1 82 f8 03 | 67 39 90 26 32 5f 1c bb 63 1c 9f 51 a3 c4 75 1e | 47 b1 51 31 06 c0 43 fd 00 00 00 24 c7 11 5e b3 | a4 bb 27 dc 97 2d 4e 8f d8 68 b3 08 80 36 44 6e | 2a 4d 5a e3 cc 6a 55 d4 ce 9f bb 5b | libevent_free: release ptr-libevent@0x55cbbf0d72e8 | free_event_entry: release EVENT_RETRANSMIT-pe@0x55cbbf0d12f8 | #2 spent 0.535 milliseconds in timer_event_cb() EVENT_RETRANSMIT | stop processing: state #2 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in timer_event_cb() at timer.c:557) | spent 0.00207 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 532 bytes from 192.1.3.209:500 on eth1 (192.1.2.23:500) | cc e6 e3 34 68 61 ad 2f 29 e0 5c fa 85 8b d0 7a | 84 10 02 00 00 00 00 00 00 00 02 14 00 00 01 f8 | 00 01 01 00 cc e6 e3 34 68 61 ad 2f 29 e0 5c fa | 85 8b d0 7a 05 10 02 01 00 00 00 00 00 00 08 4c | 9d c9 1a 23 42 f5 24 95 bb 68 82 1f 50 e8 71 80 | bb ca 87 6b ca 0b f2 13 ef 73 03 3e d7 77 41 2f | c3 65 4a e1 cc bb f4 d3 d3 17 20 98 91 13 48 b3 | e9 49 32 d5 d6 54 c7 69 d0 fd ee fa d0 25 ed f2 | 8e ac 4f 53 1c e1 e7 b5 4f 09 ab 4b 21 a4 d7 68 | a7 5d 09 18 4d f9 4e 8a ee 51 86 fc b6 76 69 9b | cc a9 ea 7c 9b df 0d f0 60 e0 60 17 c7 14 58 2c | 56 f1 e0 86 b0 75 24 ee 3b a4 5f 39 33 ba c8 3e | 5c 5e 39 03 8e e9 27 9b fe 8d 69 7e 0e e2 16 5d | 21 84 1b c9 2a dc 7f b5 b9 9d 8d 6a 10 e9 db 5f | 79 22 32 9a 50 52 ba c9 90 c7 de b9 7a ba 84 6b | 8c e4 96 a1 d5 ab c8 fc 6f 9b 36 ce b3 09 ab 36 | bd 94 50 42 ee ec d7 1c d3 e5 1f 00 f4 2a 64 2f | 76 f9 9e ca 6a 9f 06 71 60 31 b8 e1 77 8a 00 a3 | 6b e3 f1 3e 7d 2b 10 26 e5 17 e1 54 c2 88 84 fc | a7 31 c4 19 fb d2 27 74 3c 09 dc d6 a6 a9 a7 c6 | 68 ad 48 7b 7d 83 b9 a8 43 9c b9 f2 3c 08 37 4b | ca af b9 6e 75 8d bf f0 c1 1a d3 ae 86 9a 36 d8 | ed 55 1b 95 3b 29 3d 8e f9 bf 1a d1 da bc 20 84 | 4f fb 18 29 5e ca 11 34 df ce cb 1b f5 cb d9 59 | ad 35 37 bb e3 49 10 8d ac 5d 8f b9 eb 4d 79 86 | 12 7a 89 76 fe fa e5 e1 99 4c 72 38 1c 0a ed bd | 58 47 53 3b d3 61 aa b4 a3 cc 4b 8b 03 c9 97 ca | b0 bb 99 7a 5e e9 f2 94 e2 76 d2 90 f4 88 8d bb | 33 e4 c3 07 48 c8 ae 84 59 d8 bf 5f 86 01 9d 98 | ae 96 ab 80 b9 3a 45 fd 74 cc 69 69 ed e5 45 ba | 04 9e e6 31 55 48 88 69 d6 6a 6d da 67 d8 e6 b8 | ce aa fe 44 a9 85 a1 a2 d5 ec 2b 2b 23 6c 5d c2 | e3 75 f6 6b 5c 35 fb 39 9d 33 62 11 c1 c5 82 c6 | 6d da 26 04 | start processing: from 192.1.3.209:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | cc e6 e3 34 68 61 ad 2f | responder cookie: | 29 e0 5c fa 85 8b d0 7a | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 532 (0x214) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #2 in MAIN_R2 (find_state_ikev1) | start processing: state #2 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_v1_packet() at ikev1.c:1459) | ***parse ISAKMP IKE Fragment Payload: | length: 504 (0x1f8) | fragment id: 1 (0x1) | fragment number: 1 (0x1) | flags: 0 (0x0) | received IKE fragment id '1', number '1' | stop processing: from 192.1.3.209:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #2 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.16 milliseconds in comm_handle_cb() reading and processing packet | spent 0.0015 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 532 bytes from 192.1.3.209:500 on eth1 (192.1.2.23:500) | cc e6 e3 34 68 61 ad 2f 29 e0 5c fa 85 8b d0 7a | 84 10 02 00 00 00 00 00 00 00 02 14 00 00 01 f8 | 00 01 02 00 ae ed b2 d0 22 a5 95 46 62 fe a2 2b | 04 c3 b2 74 a7 00 33 d0 2e e5 bd 39 db b6 3a 8e | 86 2b 80 08 fb 43 50 12 5e fc 6f 86 15 84 5b 86 | 1b 55 a7 20 bc c4 a4 88 96 68 aa e6 96 54 30 c1 | 44 dd 01 f9 c3 43 b6 6d 42 fb 44 50 27 9a 4a d0 | d0 b6 98 23 8d 71 44 28 c7 84 76 41 5e a7 5c 3f | 7e 20 70 56 e6 9d b0 01 16 3e 28 36 e1 f8 4d 44 | 20 88 45 86 01 79 c9 77 ba a8 06 5e d4 b8 15 4f | ec bf 58 e1 34 24 86 bc 22 88 7f 91 b1 d1 b5 25 | d7 6e ff ea e7 b3 85 f7 ab a4 90 a6 69 07 25 e6 | 1e d9 f9 38 02 41 fc 1c 42 85 27 fb 70 0a 33 4a | 37 92 43 7c 65 23 9e 2e 7c 5c 82 da a7 89 5d 23 | b0 5a 78 56 24 b0 71 f9 be e8 a8 3a 80 ba d2 0f | 01 8f 02 59 8f 04 20 59 64 a9 95 37 7f bc 85 6b | 0e 67 4d 15 dd be 3c 21 85 66 41 aa fb d7 05 37 | 0a 1c f5 14 19 63 1f 64 e0 67 59 92 b4 80 58 27 | e9 ff 65 99 42 b8 c4 cc 24 1f dd 89 43 c4 16 23 | f6 2e 37 66 44 85 71 ca 40 0f 29 b3 43 30 37 da | 6e 5d 95 28 6a 15 4c 83 26 e6 f5 47 45 13 98 37 | eb 6e 39 9e 63 63 44 b7 7f 24 e1 cf 87 db 64 8c | 23 5f 83 16 58 e1 7d 7e bd 5b f3 26 c6 ac 39 a3 | c5 0b ef d0 b1 57 f3 7c 8d 9c 2e 6e 65 b3 60 d8 | 1c bc 7c ea 50 7a 02 fc 93 b2 34 c8 db 88 45 f4 | 31 b5 2a c5 4c 16 19 34 15 2c 3f 66 3b 93 d1 b7 | bb f4 2f 0c ab 49 a5 95 60 d8 d8 fa 54 51 d5 3b | d4 85 d1 f3 bc 87 05 ff 69 07 7a bd f3 8a a9 38 | 5a 5a d6 3f 58 5f 5a 63 78 da 7a 0a 5f f9 68 c5 | b0 ff 32 b6 0f 43 ac 28 d0 70 53 be b9 fc 44 02 | 70 b4 a1 fe b5 99 3a 44 1d 5b 50 02 e9 c5 ac 86 | 27 67 62 8e 9b 21 b9 4a 13 4c 5b 0b 1b a6 24 26 | 76 79 4b bc 99 94 81 dc 12 b5 d0 7e dc 55 6b f8 | 53 3c 96 44 | start processing: from 192.1.3.209:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | cc e6 e3 34 68 61 ad 2f | responder cookie: | 29 e0 5c fa 85 8b d0 7a | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 532 (0x214) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #2 in MAIN_R2 (find_state_ikev1) | start processing: state #2 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_v1_packet() at ikev1.c:1459) | ***parse ISAKMP IKE Fragment Payload: | length: 504 (0x1f8) | fragment id: 1 (0x1) | fragment number: 2 (0x2) | flags: 0 (0x0) | received IKE fragment id '1', number '2' | stop processing: from 192.1.3.209:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #2 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.137 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00147 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 532 bytes from 192.1.3.209:500 on eth1 (192.1.2.23:500) | cc e6 e3 34 68 61 ad 2f 29 e0 5c fa 85 8b d0 7a | 84 10 02 00 00 00 00 00 00 00 02 14 00 00 01 f8 | 00 01 03 00 b3 7d 09 40 e9 2f ea 68 05 d5 a6 e0 | 37 e2 16 89 a5 98 36 80 86 9a ff 73 22 ea ce ff | 91 61 0c 8b 76 65 88 b3 02 be 43 37 b0 52 00 1a | f3 9f 3e a4 5f e8 23 af 0d 4b 5f ba 95 27 59 d6 | c3 28 5d 3c 60 5f 27 ed 1c 6d c7 d7 9e 4b ba 24 | 85 dd 11 00 8f 76 96 d8 85 bc 22 bb 7d 12 76 15 | 99 2f 43 08 cc 5a a1 b5 8b e7 fd 0b 1c 8a ad e5 | 70 3d 52 02 bc c0 ac 76 a2 a0 96 90 91 09 7b 28 | 19 62 14 9e eb a7 db c3 be 0d b2 f3 cb 09 00 7e | 06 53 60 ac 64 6a b6 29 84 dc c5 f2 90 ec d8 90 | 47 65 91 11 16 bb 6f 45 25 ba 79 7a 45 34 c8 fd | 79 9a 76 34 2e 31 b0 24 d1 1d 90 4d f3 03 ec 21 | a5 d0 65 dc fc 3f 55 59 02 87 55 d4 6d d7 16 a5 | 0a c6 07 f1 af f1 38 ca 9d f2 35 dd aa c5 61 07 | a4 f6 91 9c 08 e0 4e 4a da c0 32 3c a5 fb d3 9c | 97 02 0f 13 98 9f a2 4b 90 64 ca c1 20 5e 6a df | c0 10 1c 57 d8 ac da 4b 19 a5 62 99 2d e2 cd b4 | 52 b7 ee 6d b4 ef 43 d5 d4 52 cb f3 33 e9 97 c6 | de 37 db 81 2a 8b e1 2e ed ee f9 c2 24 08 ef da | 5e da 73 7e 0e aa 34 72 68 1a 87 cf d5 77 ba ca | 68 b1 e1 b1 d6 b1 83 a4 4b d0 70 5d b3 d0 5d a8 | f5 1d a8 70 72 15 41 fa 28 4e 7e 1b f1 0a 2a 2c | 65 fa 7d 4c cc 09 44 bd 2a 21 61 f6 60 a9 fe 2c | 1a 7a 95 8e 2c 98 5d b9 65 b9 6d d3 52 d8 46 98 | 1d a1 48 46 26 26 2f 6e e5 55 c6 9a 50 83 92 a9 | dc 2e be a9 c8 35 f7 0e b9 5d 33 fb 80 66 74 8d | 12 b2 9e ff d7 bd a0 9d 3b 90 79 e2 54 ba 3a d3 | be 64 60 a6 96 5a 91 d3 b7 ed 3b 92 c9 29 6c a7 | 0c 35 53 9c 51 5a 5b de 76 ec eb fd 34 28 26 c2 | bd 12 2c f7 60 8d 03 3e ad 52 fd 61 1d eb cb 08 | 09 55 c7 e4 cc bb 89 e9 81 34 48 a7 4f fe 4a 26 | 13 3c 28 57 | start processing: from 192.1.3.209:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | cc e6 e3 34 68 61 ad 2f | responder cookie: | 29 e0 5c fa 85 8b d0 7a | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 532 (0x214) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #2 in MAIN_R2 (find_state_ikev1) | start processing: state #2 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_v1_packet() at ikev1.c:1459) | ***parse ISAKMP IKE Fragment Payload: | length: 504 (0x1f8) | fragment id: 1 (0x1) | fragment number: 3 (0x3) | flags: 0 (0x0) | received IKE fragment id '1', number '3' | stop processing: from 192.1.3.209:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #2 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.125 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00158 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 532 bytes from 192.1.3.209:500 on eth1 (192.1.2.23:500) | cc e6 e3 34 68 61 ad 2f 29 e0 5c fa 85 8b d0 7a | 84 10 02 00 00 00 00 00 00 00 02 14 00 00 01 f8 | 00 01 04 00 eb 2a 39 75 03 35 e3 a1 ec e6 a0 41 | de 59 5b 4d 2c 40 e0 09 53 65 23 c4 97 9a 20 13 | 10 2e b2 1f 49 35 27 b4 bd 34 e3 41 61 2c c0 cc | cb 8a 43 4d 91 7b d0 1e c1 a0 e1 1c 92 bb 5f 3a | db e4 b9 44 58 4e c4 90 64 bc c5 e9 0c ab ae 69 | 5e 26 6f 85 7e 40 91 fb 45 da 08 3e a1 25 82 2e | 88 c6 2d 04 de 31 b9 e8 c6 24 eb 45 2b c0 50 60 | 22 e0 20 f1 a4 5f 3d 25 99 95 e5 95 65 f4 63 e7 | 46 59 db 58 42 e5 9a 9c 41 a4 6d 36 53 b5 06 6a | c0 bb d9 f8 0c 3a 36 83 3d c1 24 af 5b da e5 4e | 62 52 d0 91 f5 3f 2f ad bc c5 3c 35 cb 8a 8c c1 | a3 84 0f 44 d0 36 cb c2 a4 f7 f0 95 15 00 8c 56 | cb 4f fb ee f2 c5 52 85 fb 6b dd 71 b8 99 18 97 | ca c7 4c db 51 da fa 27 39 be d5 ab 48 c1 b0 64 | be 70 ef 62 1c 2a 78 11 b9 9f aa a2 f3 06 73 99 | f5 80 48 ff 99 e0 3d 3a 76 09 6e ac de 03 f4 19 | 6d b2 5f a6 d7 90 61 e5 4d 64 29 d9 43 cf cf 1d | f7 eb 9e 75 09 e4 05 9e 90 34 b7 23 2d c8 ba a2 | 2a d2 d7 fc 3d 19 09 43 0f f7 78 0c 21 f1 9a c0 | db b9 2d 10 66 9e 66 54 78 0a 1b 94 fb b8 04 d7 | e9 e2 4f 4b 5e ad 92 ff 9b 94 5a b3 58 79 69 8e | 8e 63 ae 40 08 21 be c3 2e 44 ae df cb ce ae 2f | a7 74 c3 74 c5 14 0b 08 bd 38 7f 2c 0a d6 ea b5 | 0b f7 ec 98 04 db bb 91 f7 3c 24 40 6c 7d 13 75 | 55 d8 09 d2 c7 5f f6 c6 7e 4c 95 32 64 e2 74 58 | b3 bd f5 8c 7a a4 20 f7 3e a0 26 fc af f5 23 c6 | 19 33 a0 da 6d ab 45 80 9d 6c f1 8a 8c 34 e5 88 | 24 5f 87 2e 25 97 85 fc ed 58 b8 a4 98 80 b7 c6 | 2a 2b f1 c5 89 6b ab ff 90 bf b5 c7 68 e7 0d 09 | cf 73 bf 5c d0 84 0c 1d 76 d6 c2 67 69 9b 3e cf | 83 a7 38 95 4e d0 cc 7b b4 2d 9f b4 39 26 65 a6 | a0 65 e4 3a | start processing: from 192.1.3.209:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | cc e6 e3 34 68 61 ad 2f | responder cookie: | 29 e0 5c fa 85 8b d0 7a | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 532 (0x214) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #2 in MAIN_R2 (find_state_ikev1) | start processing: state #2 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_v1_packet() at ikev1.c:1459) | ***parse ISAKMP IKE Fragment Payload: | length: 504 (0x1f8) | fragment id: 1 (0x1) | fragment number: 4 (0x4) | flags: 0 (0x0) | received IKE fragment id '1', number '4' | stop processing: from 192.1.3.209:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #2 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.124 milliseconds in comm_handle_cb() reading and processing packet | spent 0.0013 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 176 bytes from 192.1.3.209:500 on eth1 (192.1.2.23:500) | cc e6 e3 34 68 61 ad 2f 29 e0 5c fa 85 8b d0 7a | 84 10 02 00 00 00 00 00 00 00 00 b0 00 00 00 94 | 00 01 05 01 9b 31 59 38 37 e8 c4 db 76 05 fc fe | 22 fb 2b 50 57 42 50 ca f2 66 97 94 08 c1 00 a3 | db cf f2 18 65 9f 12 d4 77 67 d7 49 1d 9c 6d 2e | 22 5e 35 b7 8e 20 ce be 66 ea 79 eb fe 2a af d0 | a6 18 85 0d 25 82 3e 50 7b a4 cb b9 38 97 5b 1d | 00 8f 1b 48 2b 84 ae 48 d5 f3 ab c7 45 7a 6a e7 | 54 25 d0 f9 08 8b 7f 5f cd 21 ee 25 b5 0a f6 e1 | 11 f2 9d de 01 a4 fa 94 37 f5 bb 30 22 9d ef 59 | d6 f3 a5 8b 05 58 24 ad 06 f3 87 8d 80 91 b9 e8 | start processing: from 192.1.3.209:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | cc e6 e3 34 68 61 ad 2f | responder cookie: | 29 e0 5c fa 85 8b d0 7a | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 176 (0xb0) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #2 in MAIN_R2 (find_state_ikev1) | start processing: state #2 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_v1_packet() at ikev1.c:1459) | ***parse ISAKMP IKE Fragment Payload: | length: 148 (0x94) | fragment id: 1 (0x1) | fragment number: 5 (0x5) | flags: 1 (0x1) | received IKE fragment id '1', number '5'(last) | **parse ISAKMP Message: | initiator cookie: | cc e6 e3 34 68 61 ad 2f | responder cookie: | 29 e0 5c fa 85 8b d0 7a | next payload type: ISAKMP_NEXT_ID (0x5) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 0 (0x0) | length: 2124 (0x84c) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #2 in MAIN_R2 (find_state_ikev1) | [RE]START processing: state #2 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_v1_packet() at ikev1.c:1459) | #2 is idle | #2 idle | received encrypted packet from 192.1.3.209:500 | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x220 opt: 0x20c0 | ***parse ISAKMP Identification Payload: | next payload type: ISAKMP_NEXT_CERT (0x6) | length: 197 (0xc5) | ID type: ID_DER_ASN1_DN (0x9) | DOI specific A: 0 (0x0) | DOI specific B: 0 (0x0) | obj: 30 81 ba 31 0b 30 09 06 03 55 04 06 13 02 43 41 | obj: 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 | obj: 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 | obj: 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c | obj: 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 | obj: 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 | obj: 6e 74 31 26 30 24 06 03 55 04 03 0c 1d 6b 65 79 | obj: 34 30 39 36 2e 74 65 73 74 69 6e 67 2e 6c 69 62 | obj: 72 65 73 77 61 6e 2e 6f 72 67 31 31 30 2f 06 09 | obj: 2a 86 48 86 f7 0d 01 09 01 16 22 75 73 65 72 2d | obj: 6b 65 79 34 30 39 36 40 74 65 73 74 69 6e 67 2e | obj: 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 | got payload 0x40 (ISAKMP_NEXT_CERT) needed: 0x200 opt: 0x20c0 | ***parse ISAKMP Certificate Payload: | next payload type: ISAKMP_NEXT_CR (0x7) | length: 1366 (0x556) | cert encoding: CERT_X509_SIGNATURE (0x4) | got payload 0x80 (ISAKMP_NEXT_CR) needed: 0x200 opt: 0x20c0 | ***parse ISAKMP Certificate RequestPayload: | next payload type: ISAKMP_NEXT_SIG (0x9) | length: 5 (0x5) | cert type: CERT_X509_SIGNATURE (0x4) | got payload 0x200 (ISAKMP_NEXT_SIG) needed: 0x200 opt: 0x20c0 | ***parse ISAKMP Signature Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 516 (0x204) | removing 12 bytes of padding | message 'main_inI3_outR3' HASH payload not checked early | DER ASN1 DN: 30 81 ba 31 0b 30 09 06 03 55 04 06 13 02 43 41 | DER ASN1 DN: 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 | DER ASN1 DN: 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 | DER ASN1 DN: 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c | DER ASN1 DN: 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 | DER ASN1 DN: 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 | DER ASN1 DN: 6e 74 31 26 30 24 06 03 55 04 03 0c 1d 6b 65 79 | DER ASN1 DN: 34 30 39 36 2e 74 65 73 74 69 6e 67 2e 6c 69 62 | DER ASN1 DN: 72 65 73 77 61 6e 2e 6f 72 67 31 31 30 2f 06 09 | DER ASN1 DN: 2a 86 48 86 f7 0d 01 09 01 16 22 75 73 65 72 2d | DER ASN1 DN: 6b 65 79 34 30 39 36 40 74 65 73 74 69 6e 67 2e | DER ASN1 DN: 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 "x509"[1] 192.1.3.209 #2: Peer ID is ID_DER_ASN1_DN: 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=key4096.testing.libreswan.org, E=user-key4096@testing.libreswan.org' | global one-shot timer EVENT_FREE_ROOT_CERTS scheduled in 300 seconds | #2 spent 0.00449 milliseconds in find_and_verify_certs() calling get_root_certs() | checking for known CERT payloads | saving certificate of type 'X509_SIGNATURE' | decoded cert: E=user-key4096@testing.libreswan.org,CN=key4096.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA | #2 spent 0.266 milliseconds in find_and_verify_certs() calling decode_cert_payloads() | cert_issuer_has_current_crl: looking for a CRL issued by E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA | #2 spent 0.0421 milliseconds in find_and_verify_certs() calling crl_update_check() | missing or expired CRL | crl_strict: 0, ocsp: 0, ocsp_strict: 0, ocsp_post: 0 | verify_end_cert trying profile IPsec "x509"[1] 192.1.3.209 #2: Certificate E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA failed IPsec verification "x509"[1] 192.1.3.209 #2: ERROR: The certificate was signed using a signature algorithm that is disabled because it is not secure. | #2 spent 0.379 milliseconds in find_and_verify_certs() calling verify_end_cert() "x509"[1] 192.1.3.209 #2: X509: Certificate rejected for this connection "x509"[1] 192.1.3.209 #2: X509: CERT payload bogus or revoked | Peer ID failed to decode | complete v1 state transition with INVALID_ID_INFORMATION | [RE]START processing: state #2 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in complete_v1_state_transition() at ikev1.c:2673) | #2 is idle "x509"[1] 192.1.3.209 #2: sending encrypted notification INVALID_ID_INFORMATION to 192.1.3.209:500 | **emit ISAKMP Message: | initiator cookie: | cc e6 e3 34 68 61 ad 2f | responder cookie: | 29 e0 5c fa 85 8b d0 7a | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_INFO (0x5) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 2442612575 (0x91974f5f) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'notification msg' | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload | emitting length of ISAKMP Hash Payload: 36 | ***emit ISAKMP Notification Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | DOI: ISAKMP_DOI_IPSEC (0x1) | protocol ID: 1 (0x1) | SPI size: 0 (0x0) | Notify Message Type: INVALID_ID_INFORMATION (0x12) | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Notification Payload (11:ISAKMP_NEXT_N) | next payload chain: saving location 'ISAKMP Notification Payload'.'next payload type' in 'notification msg' | emitting length of ISAKMP Notification Payload: 12 | send notification HASH(1): | c0 db 76 e2 03 31 8b 9f 88 5a 97 1c 38 88 53 a0 | b1 94 10 83 cb d9 07 06 8f 03 49 02 20 9a 76 c3 | no IKEv1 message padding required | emitting length of ISAKMP Message: 76 | sending 76 bytes for notification packet through eth1 from 192.1.2.23:500 to 192.1.3.209:500 (using #2) | cc e6 e3 34 68 61 ad 2f 29 e0 5c fa 85 8b d0 7a | 08 10 05 01 91 97 4f 5f 00 00 00 4c 27 cf 39 1c | 10 6e 7f aa ca 36 00 85 b1 de 64 1c 24 59 7e fd | 6c 8e 34 6e a1 51 4e d2 04 74 3c d0 25 5f 54 16 | 89 fd 9d da f9 df 92 84 ae 1e 67 46 | state transition function for STATE_MAIN_R2 failed: INVALID_ID_INFORMATION | #2 spent 0.982 milliseconds in process_packet_tail() | updated IKE fragment state to respond using fragments without waiting for re-transmits | stop processing: from 192.1.3.209:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #2 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 1.19 milliseconds in comm_handle_cb() reading and processing packet | timer_event_cb: processing event@0x7f6fa0002b78 | handling event EVENT_RETRANSMIT for parent state #2 | start processing: state #2 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in timer_event_cb() at timer.c:250) | IKEv1 retransmit event | [RE]START processing: state #2 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in retransmit_v1_msg() at retry.c:61) | handling event EVENT_RETRANSMIT for 192.1.3.209 "x509"[1] 192.1.3.209 #2 keying attempt 0 of 0; retransmit 2 | retransmits: current time 29858.765816; retransmit count 1 exceeds limit? NO; deltatime 1 exceeds limit? NO; monotime 1.002863 exceeds limit? NO | event_schedule: new EVENT_RETRANSMIT-pe@0x55cbbf0d12f8 | inserting event EVENT_RETRANSMIT, timeout in 1 seconds for #2 | libevent_malloc: new ptr-libevent@0x55cbbf0d72e8 size 128 "x509"[1] 192.1.3.209 #2: STATE_MAIN_R2: retransmission; will wait 1 seconds for response | sending 396 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.3.209:500 (using #2) | cc e6 e3 34 68 61 ad 2f 29 e0 5c fa 85 8b d0 7a | 04 10 02 00 00 00 00 00 00 00 01 8c 0a 00 01 04 | f7 a7 01 ad 6a c7 e3 59 f9 54 8e 97 c2 ec 7f 7e | 53 3e d0 e3 25 f6 04 af be 31 a9 32 17 22 db dd | 44 f5 15 f3 b5 f7 23 be cc 4a 84 56 61 f7 6e 8e | 7f 6a 38 28 51 2c 3c e2 1a b0 8d c5 7c db 84 73 | d9 a4 07 27 41 79 3e 97 90 a8 27 24 2c 66 cb 74 | c9 93 a5 fc 7d 9f ec 62 bc 36 34 5d 8f c1 03 a5 | fb 35 b8 91 88 bd 18 59 4a b4 86 29 40 0c f1 10 | 35 cf c4 4c c9 36 af 63 01 2f cc c1 6a 65 f6 28 | 8c 46 f1 ff 00 c3 dd 61 af 06 f9 63 5b ca 60 b9 | 61 ad dd be 22 8c 95 17 85 99 01 43 c3 bb b1 3d | 87 72 ab 5f 66 af eb f0 1a 63 ef d1 f9 c8 08 35 | 2c ef fd 86 8b 6e 18 82 df 1f 80 46 ed f6 99 96 | 1d 2c f0 72 36 50 bf 45 cf ed 09 38 e4 b7 97 7e | 84 a4 c2 16 6c b2 8d 2e 09 ea 5f b0 29 f8 12 b4 | 2b ae 5e d2 19 5c 02 31 b8 f2 42 58 c3 be 90 a0 | 65 e6 a6 19 96 3b 0e 67 29 3a 12 60 3a 8d 2b 11 | 14 00 00 24 90 e4 c5 43 f9 07 b8 98 cf 6d 4c ab | 55 12 f4 e0 e4 af 6f 4c 4b fa 0f 11 5d 2e 2b b3 | 35 a1 0f 99 14 00 00 24 14 04 f7 fb b1 82 f8 03 | 67 39 90 26 32 5f 1c bb 63 1c 9f 51 a3 c4 75 1e | 47 b1 51 31 06 c0 43 fd 00 00 00 24 c7 11 5e b3 | a4 bb 27 dc 97 2d 4e 8f d8 68 b3 08 80 36 44 6e | 2a 4d 5a e3 cc 6a 55 d4 ce 9f bb 5b | libevent_free: release ptr-libevent@0x7f6fa0002888 | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f6fa0002b78 | #2 spent 0.109 milliseconds in timer_event_cb() EVENT_RETRANSMIT | stop processing: state #2 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in timer_event_cb() at timer.c:557) | spent 0.00179 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 532 bytes from 192.1.3.209:500 on eth1 (192.1.2.23:500) | cc e6 e3 34 68 61 ad 2f 29 e0 5c fa 85 8b d0 7a | 84 10 02 00 00 00 00 00 00 00 02 14 00 00 01 f8 | 00 01 01 00 cc e6 e3 34 68 61 ad 2f 29 e0 5c fa | 85 8b d0 7a 05 10 02 01 00 00 00 00 00 00 08 4c | 9d c9 1a 23 42 f5 24 95 bb 68 82 1f 50 e8 71 80 | bb ca 87 6b ca 0b f2 13 ef 73 03 3e d7 77 41 2f | c3 65 4a e1 cc bb f4 d3 d3 17 20 98 91 13 48 b3 | e9 49 32 d5 d6 54 c7 69 d0 fd ee fa d0 25 ed f2 | 8e ac 4f 53 1c e1 e7 b5 4f 09 ab 4b 21 a4 d7 68 | a7 5d 09 18 4d f9 4e 8a ee 51 86 fc b6 76 69 9b | cc a9 ea 7c 9b df 0d f0 60 e0 60 17 c7 14 58 2c | 56 f1 e0 86 b0 75 24 ee 3b a4 5f 39 33 ba c8 3e | 5c 5e 39 03 8e e9 27 9b fe 8d 69 7e 0e e2 16 5d | 21 84 1b c9 2a dc 7f b5 b9 9d 8d 6a 10 e9 db 5f | 79 22 32 9a 50 52 ba c9 90 c7 de b9 7a ba 84 6b | 8c e4 96 a1 d5 ab c8 fc 6f 9b 36 ce b3 09 ab 36 | bd 94 50 42 ee ec d7 1c d3 e5 1f 00 f4 2a 64 2f | 76 f9 9e ca 6a 9f 06 71 60 31 b8 e1 77 8a 00 a3 | 6b e3 f1 3e 7d 2b 10 26 e5 17 e1 54 c2 88 84 fc | a7 31 c4 19 fb d2 27 74 3c 09 dc d6 a6 a9 a7 c6 | 68 ad 48 7b 7d 83 b9 a8 43 9c b9 f2 3c 08 37 4b | ca af b9 6e 75 8d bf f0 c1 1a d3 ae 86 9a 36 d8 | ed 55 1b 95 3b 29 3d 8e f9 bf 1a d1 da bc 20 84 | 4f fb 18 29 5e ca 11 34 df ce cb 1b f5 cb d9 59 | ad 35 37 bb e3 49 10 8d ac 5d 8f b9 eb 4d 79 86 | 12 7a 89 76 fe fa e5 e1 99 4c 72 38 1c 0a ed bd | 58 47 53 3b d3 61 aa b4 a3 cc 4b 8b 03 c9 97 ca | b0 bb 99 7a 5e e9 f2 94 e2 76 d2 90 f4 88 8d bb | 33 e4 c3 07 48 c8 ae 84 59 d8 bf 5f 86 01 9d 98 | ae 96 ab 80 b9 3a 45 fd 74 cc 69 69 ed e5 45 ba | 04 9e e6 31 55 48 88 69 d6 6a 6d da 67 d8 e6 b8 | ce aa fe 44 a9 85 a1 a2 d5 ec 2b 2b 23 6c 5d c2 | e3 75 f6 6b 5c 35 fb 39 9d 33 62 11 c1 c5 82 c6 | 6d da 26 04 | start processing: from 192.1.3.209:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | cc e6 e3 34 68 61 ad 2f | responder cookie: | 29 e0 5c fa 85 8b d0 7a | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 532 (0x214) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #2 in MAIN_R2 (find_state_ikev1) | start processing: state #2 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_v1_packet() at ikev1.c:1459) | ***parse ISAKMP IKE Fragment Payload: | length: 504 (0x1f8) | fragment id: 1 (0x1) | fragment number: 1 (0x1) | flags: 0 (0x0) | received IKE fragment id '1', number '1' | stop processing: from 192.1.3.209:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #2 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.131 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00145 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 532 bytes from 192.1.3.209:500 on eth1 (192.1.2.23:500) | cc e6 e3 34 68 61 ad 2f 29 e0 5c fa 85 8b d0 7a | 84 10 02 00 00 00 00 00 00 00 02 14 00 00 01 f8 | 00 01 02 00 ae ed b2 d0 22 a5 95 46 62 fe a2 2b | 04 c3 b2 74 a7 00 33 d0 2e e5 bd 39 db b6 3a 8e | 86 2b 80 08 fb 43 50 12 5e fc 6f 86 15 84 5b 86 | 1b 55 a7 20 bc c4 a4 88 96 68 aa e6 96 54 30 c1 | 44 dd 01 f9 c3 43 b6 6d 42 fb 44 50 27 9a 4a d0 | d0 b6 98 23 8d 71 44 28 c7 84 76 41 5e a7 5c 3f | 7e 20 70 56 e6 9d b0 01 16 3e 28 36 e1 f8 4d 44 | 20 88 45 86 01 79 c9 77 ba a8 06 5e d4 b8 15 4f | ec bf 58 e1 34 24 86 bc 22 88 7f 91 b1 d1 b5 25 | d7 6e ff ea e7 b3 85 f7 ab a4 90 a6 69 07 25 e6 | 1e d9 f9 38 02 41 fc 1c 42 85 27 fb 70 0a 33 4a | 37 92 43 7c 65 23 9e 2e 7c 5c 82 da a7 89 5d 23 | b0 5a 78 56 24 b0 71 f9 be e8 a8 3a 80 ba d2 0f | 01 8f 02 59 8f 04 20 59 64 a9 95 37 7f bc 85 6b | 0e 67 4d 15 dd be 3c 21 85 66 41 aa fb d7 05 37 | 0a 1c f5 14 19 63 1f 64 e0 67 59 92 b4 80 58 27 | e9 ff 65 99 42 b8 c4 cc 24 1f dd 89 43 c4 16 23 | f6 2e 37 66 44 85 71 ca 40 0f 29 b3 43 30 37 da | 6e 5d 95 28 6a 15 4c 83 26 e6 f5 47 45 13 98 37 | eb 6e 39 9e 63 63 44 b7 7f 24 e1 cf 87 db 64 8c | 23 5f 83 16 58 e1 7d 7e bd 5b f3 26 c6 ac 39 a3 | c5 0b ef d0 b1 57 f3 7c 8d 9c 2e 6e 65 b3 60 d8 | 1c bc 7c ea 50 7a 02 fc 93 b2 34 c8 db 88 45 f4 | 31 b5 2a c5 4c 16 19 34 15 2c 3f 66 3b 93 d1 b7 | bb f4 2f 0c ab 49 a5 95 60 d8 d8 fa 54 51 d5 3b | d4 85 d1 f3 bc 87 05 ff 69 07 7a bd f3 8a a9 38 | 5a 5a d6 3f 58 5f 5a 63 78 da 7a 0a 5f f9 68 c5 | b0 ff 32 b6 0f 43 ac 28 d0 70 53 be b9 fc 44 02 | 70 b4 a1 fe b5 99 3a 44 1d 5b 50 02 e9 c5 ac 86 | 27 67 62 8e 9b 21 b9 4a 13 4c 5b 0b 1b a6 24 26 | 76 79 4b bc 99 94 81 dc 12 b5 d0 7e dc 55 6b f8 | 53 3c 96 44 | start processing: from 192.1.3.209:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | cc e6 e3 34 68 61 ad 2f | responder cookie: | 29 e0 5c fa 85 8b d0 7a | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 532 (0x214) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #2 in MAIN_R2 (find_state_ikev1) | start processing: state #2 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_v1_packet() at ikev1.c:1459) | ***parse ISAKMP IKE Fragment Payload: | length: 504 (0x1f8) | fragment id: 1 (0x1) | fragment number: 2 (0x2) | flags: 0 (0x0) | received IKE fragment id '1', number '2' | stop processing: from 192.1.3.209:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #2 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.124 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00153 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 532 bytes from 192.1.3.209:500 on eth1 (192.1.2.23:500) | cc e6 e3 34 68 61 ad 2f 29 e0 5c fa 85 8b d0 7a | 84 10 02 00 00 00 00 00 00 00 02 14 00 00 01 f8 | 00 01 03 00 b3 7d 09 40 e9 2f ea 68 05 d5 a6 e0 | 37 e2 16 89 a5 98 36 80 86 9a ff 73 22 ea ce ff | 91 61 0c 8b 76 65 88 b3 02 be 43 37 b0 52 00 1a | f3 9f 3e a4 5f e8 23 af 0d 4b 5f ba 95 27 59 d6 | c3 28 5d 3c 60 5f 27 ed 1c 6d c7 d7 9e 4b ba 24 | 85 dd 11 00 8f 76 96 d8 85 bc 22 bb 7d 12 76 15 | 99 2f 43 08 cc 5a a1 b5 8b e7 fd 0b 1c 8a ad e5 | 70 3d 52 02 bc c0 ac 76 a2 a0 96 90 91 09 7b 28 | 19 62 14 9e eb a7 db c3 be 0d b2 f3 cb 09 00 7e | 06 53 60 ac 64 6a b6 29 84 dc c5 f2 90 ec d8 90 | 47 65 91 11 16 bb 6f 45 25 ba 79 7a 45 34 c8 fd | 79 9a 76 34 2e 31 b0 24 d1 1d 90 4d f3 03 ec 21 | a5 d0 65 dc fc 3f 55 59 02 87 55 d4 6d d7 16 a5 | 0a c6 07 f1 af f1 38 ca 9d f2 35 dd aa c5 61 07 | a4 f6 91 9c 08 e0 4e 4a da c0 32 3c a5 fb d3 9c | 97 02 0f 13 98 9f a2 4b 90 64 ca c1 20 5e 6a df | c0 10 1c 57 d8 ac da 4b 19 a5 62 99 2d e2 cd b4 | 52 b7 ee 6d b4 ef 43 d5 d4 52 cb f3 33 e9 97 c6 | de 37 db 81 2a 8b e1 2e ed ee f9 c2 24 08 ef da | 5e da 73 7e 0e aa 34 72 68 1a 87 cf d5 77 ba ca | 68 b1 e1 b1 d6 b1 83 a4 4b d0 70 5d b3 d0 5d a8 | f5 1d a8 70 72 15 41 fa 28 4e 7e 1b f1 0a 2a 2c | 65 fa 7d 4c cc 09 44 bd 2a 21 61 f6 60 a9 fe 2c | 1a 7a 95 8e 2c 98 5d b9 65 b9 6d d3 52 d8 46 98 | 1d a1 48 46 26 26 2f 6e e5 55 c6 9a 50 83 92 a9 | dc 2e be a9 c8 35 f7 0e b9 5d 33 fb 80 66 74 8d | 12 b2 9e ff d7 bd a0 9d 3b 90 79 e2 54 ba 3a d3 | be 64 60 a6 96 5a 91 d3 b7 ed 3b 92 c9 29 6c a7 | 0c 35 53 9c 51 5a 5b de 76 ec eb fd 34 28 26 c2 | bd 12 2c f7 60 8d 03 3e ad 52 fd 61 1d eb cb 08 | 09 55 c7 e4 cc bb 89 e9 81 34 48 a7 4f fe 4a 26 | 13 3c 28 57 | start processing: from 192.1.3.209:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | cc e6 e3 34 68 61 ad 2f | responder cookie: | 29 e0 5c fa 85 8b d0 7a | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 532 (0x214) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #2 in MAIN_R2 (find_state_ikev1) | start processing: state #2 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_v1_packet() at ikev1.c:1459) | ***parse ISAKMP IKE Fragment Payload: | length: 504 (0x1f8) | fragment id: 1 (0x1) | fragment number: 3 (0x3) | flags: 0 (0x0) | received IKE fragment id '1', number '3' | stop processing: from 192.1.3.209:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #2 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.101 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00111 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 532 bytes from 192.1.3.209:500 on eth1 (192.1.2.23:500) | cc e6 e3 34 68 61 ad 2f 29 e0 5c fa 85 8b d0 7a | 84 10 02 00 00 00 00 00 00 00 02 14 00 00 01 f8 | 00 01 04 00 eb 2a 39 75 03 35 e3 a1 ec e6 a0 41 | de 59 5b 4d 2c 40 e0 09 53 65 23 c4 97 9a 20 13 | 10 2e b2 1f 49 35 27 b4 bd 34 e3 41 61 2c c0 cc | cb 8a 43 4d 91 7b d0 1e c1 a0 e1 1c 92 bb 5f 3a | db e4 b9 44 58 4e c4 90 64 bc c5 e9 0c ab ae 69 | 5e 26 6f 85 7e 40 91 fb 45 da 08 3e a1 25 82 2e | 88 c6 2d 04 de 31 b9 e8 c6 24 eb 45 2b c0 50 60 | 22 e0 20 f1 a4 5f 3d 25 99 95 e5 95 65 f4 63 e7 | 46 59 db 58 42 e5 9a 9c 41 a4 6d 36 53 b5 06 6a | c0 bb d9 f8 0c 3a 36 83 3d c1 24 af 5b da e5 4e | 62 52 d0 91 f5 3f 2f ad bc c5 3c 35 cb 8a 8c c1 | a3 84 0f 44 d0 36 cb c2 a4 f7 f0 95 15 00 8c 56 | cb 4f fb ee f2 c5 52 85 fb 6b dd 71 b8 99 18 97 | ca c7 4c db 51 da fa 27 39 be d5 ab 48 c1 b0 64 | be 70 ef 62 1c 2a 78 11 b9 9f aa a2 f3 06 73 99 | f5 80 48 ff 99 e0 3d 3a 76 09 6e ac de 03 f4 19 | 6d b2 5f a6 d7 90 61 e5 4d 64 29 d9 43 cf cf 1d | f7 eb 9e 75 09 e4 05 9e 90 34 b7 23 2d c8 ba a2 | 2a d2 d7 fc 3d 19 09 43 0f f7 78 0c 21 f1 9a c0 | db b9 2d 10 66 9e 66 54 78 0a 1b 94 fb b8 04 d7 | e9 e2 4f 4b 5e ad 92 ff 9b 94 5a b3 58 79 69 8e | 8e 63 ae 40 08 21 be c3 2e 44 ae df cb ce ae 2f | a7 74 c3 74 c5 14 0b 08 bd 38 7f 2c 0a d6 ea b5 | 0b f7 ec 98 04 db bb 91 f7 3c 24 40 6c 7d 13 75 | 55 d8 09 d2 c7 5f f6 c6 7e 4c 95 32 64 e2 74 58 | b3 bd f5 8c 7a a4 20 f7 3e a0 26 fc af f5 23 c6 | 19 33 a0 da 6d ab 45 80 9d 6c f1 8a 8c 34 e5 88 | 24 5f 87 2e 25 97 85 fc ed 58 b8 a4 98 80 b7 c6 | 2a 2b f1 c5 89 6b ab ff 90 bf b5 c7 68 e7 0d 09 | cf 73 bf 5c d0 84 0c 1d 76 d6 c2 67 69 9b 3e cf | 83 a7 38 95 4e d0 cc 7b b4 2d 9f b4 39 26 65 a6 | a0 65 e4 3a | start processing: from 192.1.3.209:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | cc e6 e3 34 68 61 ad 2f | responder cookie: | 29 e0 5c fa 85 8b d0 7a | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 532 (0x214) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #2 in MAIN_R2 (find_state_ikev1) | start processing: state #2 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_v1_packet() at ikev1.c:1459) | ***parse ISAKMP IKE Fragment Payload: | length: 504 (0x1f8) | fragment id: 1 (0x1) | fragment number: 4 (0x4) | flags: 0 (0x0) | received IKE fragment id '1', number '4' | stop processing: from 192.1.3.209:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #2 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.0787 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00102 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 176 bytes from 192.1.3.209:500 on eth1 (192.1.2.23:500) | cc e6 e3 34 68 61 ad 2f 29 e0 5c fa 85 8b d0 7a | 84 10 02 00 00 00 00 00 00 00 00 b0 00 00 00 94 | 00 01 05 01 9b 31 59 38 37 e8 c4 db 76 05 fc fe | 22 fb 2b 50 57 42 50 ca f2 66 97 94 08 c1 00 a3 | db cf f2 18 65 9f 12 d4 77 67 d7 49 1d 9c 6d 2e | 22 5e 35 b7 8e 20 ce be 66 ea 79 eb fe 2a af d0 | a6 18 85 0d 25 82 3e 50 7b a4 cb b9 38 97 5b 1d | 00 8f 1b 48 2b 84 ae 48 d5 f3 ab c7 45 7a 6a e7 | 54 25 d0 f9 08 8b 7f 5f cd 21 ee 25 b5 0a f6 e1 | 11 f2 9d de 01 a4 fa 94 37 f5 bb 30 22 9d ef 59 | d6 f3 a5 8b 05 58 24 ad 06 f3 87 8d 80 91 b9 e8 | start processing: from 192.1.3.209:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | cc e6 e3 34 68 61 ad 2f | responder cookie: | 29 e0 5c fa 85 8b d0 7a | next payload type: ISAKMP_NEXT_IKE_FRAGMENTATION (0x84) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 176 (0xb0) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #2 in MAIN_R2 (find_state_ikev1) | start processing: state #2 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_v1_packet() at ikev1.c:1459) | ***parse ISAKMP IKE Fragment Payload: | length: 148 (0x94) | fragment id: 1 (0x1) | fragment number: 5 (0x5) | flags: 1 (0x1) | received IKE fragment id '1', number '5'(last) | **parse ISAKMP Message: | initiator cookie: | cc e6 e3 34 68 61 ad 2f | responder cookie: | 29 e0 5c fa 85 8b d0 7a | next payload type: ISAKMP_NEXT_ID (0x5) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 0 (0x0) | length: 2124 (0x84c) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #2 in MAIN_R2 (find_state_ikev1) | [RE]START processing: state #2 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_v1_packet() at ikev1.c:1459) | #2 is idle | #2 idle | received encrypted packet from 192.1.3.209:500 | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x220 opt: 0x20c0 | ***parse ISAKMP Identification Payload: | next payload type: ISAKMP_NEXT_CERT (0x6) | length: 197 (0xc5) | ID type: ID_DER_ASN1_DN (0x9) | DOI specific A: 0 (0x0) | DOI specific B: 0 (0x0) | obj: 30 81 ba 31 0b 30 09 06 03 55 04 06 13 02 43 41 | obj: 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 | obj: 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 | obj: 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c | obj: 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 | obj: 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 | obj: 6e 74 31 26 30 24 06 03 55 04 03 0c 1d 6b 65 79 | obj: 34 30 39 36 2e 74 65 73 74 69 6e 67 2e 6c 69 62 | obj: 72 65 73 77 61 6e 2e 6f 72 67 31 31 30 2f 06 09 | obj: 2a 86 48 86 f7 0d 01 09 01 16 22 75 73 65 72 2d | obj: 6b 65 79 34 30 39 36 40 74 65 73 74 69 6e 67 2e | obj: 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 | got payload 0x40 (ISAKMP_NEXT_CERT) needed: 0x200 opt: 0x20c0 | ***parse ISAKMP Certificate Payload: | next payload type: ISAKMP_NEXT_CR (0x7) | length: 1366 (0x556) | cert encoding: CERT_X509_SIGNATURE (0x4) | got payload 0x80 (ISAKMP_NEXT_CR) needed: 0x200 opt: 0x20c0 | ***parse ISAKMP Certificate RequestPayload: | next payload type: ISAKMP_NEXT_SIG (0x9) | length: 5 (0x5) | cert type: CERT_X509_SIGNATURE (0x4) | got payload 0x200 (ISAKMP_NEXT_SIG) needed: 0x200 opt: 0x20c0 | ***parse ISAKMP Signature Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 516 (0x204) | removing 12 bytes of padding | message 'main_inI3_outR3' HASH payload not checked early | DER ASN1 DN: 30 81 ba 31 0b 30 09 06 03 55 04 06 13 02 43 41 | DER ASN1 DN: 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 | DER ASN1 DN: 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 | DER ASN1 DN: 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c | DER ASN1 DN: 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 | DER ASN1 DN: 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 | DER ASN1 DN: 6e 74 31 26 30 24 06 03 55 04 03 0c 1d 6b 65 79 | DER ASN1 DN: 34 30 39 36 2e 74 65 73 74 69 6e 67 2e 6c 69 62 | DER ASN1 DN: 72 65 73 77 61 6e 2e 6f 72 67 31 31 30 2f 06 09 | DER ASN1 DN: 2a 86 48 86 f7 0d 01 09 01 16 22 75 73 65 72 2d | DER ASN1 DN: 6b 65 79 34 30 39 36 40 74 65 73 74 69 6e 67 2e | DER ASN1 DN: 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 "x509"[1] 192.1.3.209 #2: Peer ID is ID_DER_ASN1_DN: 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=key4096.testing.libreswan.org, E=user-key4096@testing.libreswan.org' | global one-shot timer EVENT_FREE_ROOT_CERTS scheduled in 300 seconds | #2 spent 0.0034 milliseconds in find_and_verify_certs() calling get_root_certs() | checking for known CERT payloads | saving certificate of type 'X509_SIGNATURE' | decoded cert: E=user-key4096@testing.libreswan.org,CN=key4096.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA | #2 spent 0.241 milliseconds in find_and_verify_certs() calling decode_cert_payloads() | cert_issuer_has_current_crl: looking for a CRL issued by E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA | #2 spent 0.0343 milliseconds in find_and_verify_certs() calling crl_update_check() | missing or expired CRL | crl_strict: 0, ocsp: 0, ocsp_strict: 0, ocsp_post: 0 | verify_end_cert trying profile IPsec "x509"[1] 192.1.3.209 #2: Certificate E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA failed IPsec verification "x509"[1] 192.1.3.209 #2: ERROR: The certificate was signed using a signature algorithm that is disabled because it is not secure. | #2 spent 0.259 milliseconds in find_and_verify_certs() calling verify_end_cert() "x509"[1] 192.1.3.209 #2: X509: Certificate rejected for this connection "x509"[1] 192.1.3.209 #2: X509: CERT payload bogus or revoked | Peer ID failed to decode | complete v1 state transition with INVALID_ID_INFORMATION | [RE]START processing: state #2 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in complete_v1_state_transition() at ikev1.c:2673) | #2 is idle "x509"[1] 192.1.3.209 #2: sending encrypted notification INVALID_ID_INFORMATION to 192.1.3.209:500 | **emit ISAKMP Message: | initiator cookie: | cc e6 e3 34 68 61 ad 2f | responder cookie: | 29 e0 5c fa 85 8b d0 7a | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_INFO (0x5) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 1030989029 (0x3d73a4e5) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'notification msg' | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload | emitting length of ISAKMP Hash Payload: 36 | ***emit ISAKMP Notification Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | DOI: ISAKMP_DOI_IPSEC (0x1) | protocol ID: 1 (0x1) | SPI size: 0 (0x0) | Notify Message Type: INVALID_ID_INFORMATION (0x12) | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Notification Payload (11:ISAKMP_NEXT_N) | next payload chain: saving location 'ISAKMP Notification Payload'.'next payload type' in 'notification msg' | emitting length of ISAKMP Notification Payload: 12 | send notification HASH(1): | 0c 64 63 de 25 43 5f 0d 84 b9 e8 b7 01 96 7a 11 | 4f 8e 92 de 74 ed d6 70 f7 3c 68 c1 39 0b 90 11 | no IKEv1 message padding required | emitting length of ISAKMP Message: 76 | sending 76 bytes for notification packet through eth1 from 192.1.2.23:500 to 192.1.3.209:500 (using #2) | cc e6 e3 34 68 61 ad 2f 29 e0 5c fa 85 8b d0 7a | 08 10 05 01 3d 73 a4 e5 00 00 00 4c 49 32 ce 97 | 12 90 14 ed 08 bf b8 4e 88 cb 81 13 c5 c5 0b d5 | f9 c3 c7 3b a8 ac c3 bb cd 31 f8 fb c8 69 58 74 | 09 88 d7 51 e7 a8 63 d5 ea 6b a6 3f | state transition function for STATE_MAIN_R2 failed: INVALID_ID_INFORMATION | #2 spent 1.07 milliseconds in process_packet_tail() | updated IKE fragment state to respond using fragments without waiting for re-transmits | stop processing: from 192.1.3.209:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #2 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 1.24 milliseconds in comm_handle_cb() reading and processing packet | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) shutting down | processing: RESET whack log_fd (was fd@16) (in exit_pluto() at plutomain.c:1825) destroying root certificate cache | certs and keys locked by 'free_preshared_secrets' forgetting secrets | certs and keys unlocked by 'free_preshared_secrets' | unreference key: 0x55cbbf0b20c8 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org cnt 1-- | unreference key: 0x55cbbf0b1e68 user-east@testing.libreswan.org cnt 1-- | unreference key: 0x55cbbf0b19c8 @east.testing.libreswan.org cnt 1-- | unreference key: 0x55cbbf0b1468 east@testing.libreswan.org cnt 1-- | unreference key: 0x55cbbf0b0f58 192.1.2.23 cnt 1-- | start processing: connection "x509"[1] 192.1.3.209 (in delete_connection() at connections.c:189) "x509"[1] 192.1.3.209: deleting connection "x509"[1] 192.1.3.209 instance with peer 192.1.3.209 {isakmp=#0/ipsec=#0} | Deleting states for connection - including all other IPsec SA's of this IKE SA | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | state #2 | suspend processing: connection "x509"[1] 192.1.3.209 (in foreach_state_by_connection_func_delete() at state.c:1310) | start processing: state #2 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #2 ikev1.isakmp deleted other | [RE]START processing: state #2 connection "x509"[1] 192.1.3.209 from 192.1.3.209:500 (in delete_state() at state.c:879) "x509"[1] 192.1.3.209 #2: deleting state (STATE_MAIN_R2) aged 1.403s and NOT sending notification | parent state #2: MAIN_R2(open IKE SA) => delete | state #2 requesting EVENT_RETRANSMIT to be deleted | #2 STATE_MAIN_R2: retransmits: cleared | libevent_free: release ptr-libevent@0x55cbbf0d72e8 | free_event_entry: release EVENT_RETRANSMIT-pe@0x55cbbf0d12f8 | State DB: IKEv1 state not found (flush_incomplete_children) | stop processing: connection "x509"[1] 192.1.3.209 (BACKGROUND) (in update_state_connection() at connections.c:4076) | start processing: connection NULL (in update_state_connection() at connections.c:4077) | in connection_discard for connection x509 | State DB: deleting IKEv1 state #2 in MAIN_R2 | parent state #2: MAIN_R2(open IKE SA) => UNDEFINED(ignore) | stop processing: state #2 from 192.1.3.209:500 (in delete_state() at state.c:1143) | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | free hp@0x55cbbf0b0428 | flush revival: connection 'x509' wasn't on the list | processing: STOP connection NULL (in discard_connection() at connections.c:249) | start processing: connection "x509" (in delete_connection() at connections.c:189) | Deleting states for connection - including all other IPsec SA's of this IKE SA | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | free hp@0x55cbbf0b2468 | flush revival: connection 'x509' wasn't on the list | stop processing: connection "x509" (in discard_connection() at connections.c:249) | crl fetch request list locked by 'free_crl_fetch' | crl fetch request list unlocked by 'free_crl_fetch' shutting down interface lo/lo 127.0.0.1:4500 shutting down interface lo/lo 127.0.0.1:500 shutting down interface eth0/eth0 192.0.2.254:4500 shutting down interface eth0/eth0 192.0.2.254:500 shutting down interface eth1/eth1 192.1.2.23:4500 shutting down interface eth1/eth1 192.1.2.23:500 | FOR_EACH_STATE_... in delete_states_dead_interfaces | libevent_free: release ptr-libevent@0x55cbbf09e628 | free_event_entry: release EVENT_NULL-pe@0x55cbbf0aa518 | libevent_free: release ptr-libevent@0x55cbbf044e38 | free_event_entry: release EVENT_NULL-pe@0x55cbbf0aa5c8 | libevent_free: release ptr-libevent@0x55cbbf044758 | free_event_entry: release EVENT_NULL-pe@0x55cbbf0aa678 | libevent_free: release ptr-libevent@0x55cbbf04c018 | free_event_entry: release EVENT_NULL-pe@0x55cbbf0aa728 | libevent_free: release ptr-libevent@0x55cbbf04c118 | free_event_entry: release EVENT_NULL-pe@0x55cbbf0aa7d8 | libevent_free: release ptr-libevent@0x55cbbf04c218 | free_event_entry: release EVENT_NULL-pe@0x55cbbf0aa888 | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations | libevent_free: release ptr-libevent@0x55cbbf09e6d8 | free_event_entry: release EVENT_NULL-pe@0x55cbbf0927f8 | libevent_free: release ptr-libevent@0x55cbbf044d88 | free_event_entry: release EVENT_NULL-pe@0x55cbbf092358 | libevent_free: release ptr-libevent@0x55cbbf08b338 | free_event_entry: release EVENT_NULL-pe@0x55cbbf04c2c8 | global timer EVENT_REINIT_SECRET uninitialized | global timer EVENT_SHUNT_SCAN uninitialized | global timer EVENT_PENDING_DDNS uninitialized | global timer EVENT_PENDING_PHASE2 uninitialized | global timer EVENT_CHECK_CRLS uninitialized | global timer EVENT_REVIVE_CONNS uninitialized | global timer EVENT_FREE_ROOT_CERTS uninitialized | global timer EVENT_RESET_LOG_RATE_LIMIT uninitialized | global timer EVENT_NAT_T_KEEPALIVE uninitialized | libevent_free: release ptr-libevent@0x55cbbf050898 | signal event handler PLUTO_SIGCHLD uninstalled | libevent_free: release ptr-libevent@0x55cbbefce6e8 | signal event handler PLUTO_SIGTERM uninstalled | libevent_free: release ptr-libevent@0x55cbbf0a9cf8 | signal event handler PLUTO_SIGHUP uninstalled | libevent_free: release ptr-libevent@0x55cbbf0a9f38 | signal event handler PLUTO_SIGSYS uninstalled | releasing event base | libevent_free: release ptr-libevent@0x55cbbf0a9e08 | libevent_free: release ptr-libevent@0x55cbbf08cc18 | libevent_free: release ptr-libevent@0x55cbbf08cbc8 | libevent_free: release ptr-libevent@0x7f6fa00027d8 | libevent_free: release ptr-libevent@0x55cbbf08cb88 | libevent_free: release ptr-libevent@0x55cbbf0a99c8 | libevent_free: release ptr-libevent@0x55cbbf0a9c38 | libevent_free: release ptr-libevent@0x55cbbf08cdc8 | libevent_free: release ptr-libevent@0x55cbbf0923c8 | libevent_free: release ptr-libevent@0x55cbbf092028 | libevent_free: release ptr-libevent@0x55cbbf0aa8f8 | libevent_free: release ptr-libevent@0x55cbbf0aa848 | libevent_free: release ptr-libevent@0x55cbbf0aa798 | libevent_free: release ptr-libevent@0x55cbbf0aa6e8 | libevent_free: release ptr-libevent@0x55cbbf0aa638 | libevent_free: release ptr-libevent@0x55cbbf0aa588 | libevent_free: release ptr-libevent@0x55cbbefcd998 | libevent_free: release ptr-libevent@0x55cbbf0a9cb8 | libevent_free: release ptr-libevent@0x55cbbf0a9c78 | libevent_free: release ptr-libevent@0x55cbbf0a9b38 | libevent_free: release ptr-libevent@0x55cbbf0a9dc8 | libevent_free: release ptr-libevent@0x55cbbf0a9a08 | libevent_free: release ptr-libevent@0x55cbbf052428 | libevent_free: release ptr-libevent@0x55cbbf0523a8 | libevent_free: release ptr-libevent@0x55cbbefcdd08 | releasing global libevent data | libevent_free: release ptr-libevent@0x55cbbf0525a8 | libevent_free: release ptr-libevent@0x55cbbf052528 | libevent_free: release ptr-libevent@0x55cbbf0524a8 leak: issuer ca, item size: 175 leak detective found 1 leaks, total size 175