FIPS Product: YES FIPS Kernel: NO FIPS Mode: NO NSS DB directory: sql:/etc/ipsec.d Initializing NSS Opening NSS database "sql:/etc/ipsec.d" read-only NSS initialized NSS crypto library initialized FIPS HMAC integrity support [enabled] FIPS mode disabled for pluto daemon FIPS HMAC integrity verification self-test FAILED libcap-ng support [enabled] Linux audit support [enabled] Linux audit activated Starting Pluto (Libreswan Version v3.28-685-gbfd5aef521-master-s2 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:1701 core dump dir: /tmp secrets file: /etc/ipsec.secrets leak-detective enabled NSS crypto [enabled] XAUTH PAM support [enabled] | libevent is using pluto's memory allocator Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800) | libevent_malloc: new ptr-libevent@0x561d263d8768 size 40 | libevent_malloc: new ptr-libevent@0x561d263d86e8 size 40 | libevent_malloc: new ptr-libevent@0x561d263d8668 size 40 | creating event base | libevent_malloc: new ptr-libevent@0x561d263ca298 size 56 | libevent_malloc: new ptr-libevent@0x561d26353e38 size 664 | libevent_malloc: new ptr-libevent@0x561d26412d88 size 24 | libevent_malloc: new ptr-libevent@0x561d26412dd8 size 384 | libevent_malloc: new ptr-libevent@0x561d26412d48 size 16 | libevent_malloc: new ptr-libevent@0x561d263d85e8 size 40 | libevent_malloc: new ptr-libevent@0x561d263d8568 size 48 | libevent_realloc: new ptr-libevent@0x561d26353ac8 size 256 | libevent_malloc: new ptr-libevent@0x561d26412f88 size 16 | libevent_free: release ptr-libevent@0x561d263ca298 | libevent initialized | libevent_realloc: new ptr-libevent@0x561d263ca298 size 64 | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds | init_nat_traversal() initialized with keep_alive=0s NAT-Traversal support [enabled] | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized | global one-shot timer EVENT_FREE_ROOT_CERTS initialized | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds | global one-shot timer EVENT_REVIVE_CONNS initialized | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds Encryption algorithms: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm, aes_ccm_c AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_b AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_a 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] 3des CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128} CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} camellia AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm, aes_gcm_c AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_b AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_a AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aesctr AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aes SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} serpent TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} twofish TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} twofish_cbc_ssh NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_gmac NULL IKEv1: ESP IKEv2: ESP [] CHACHA20_POLY1305 IKEv1: IKEv2: IKE ESP [*256] chacha20poly1305 Hash algorithms: MD5 IKEv1: IKE IKEv2: SHA1 IKEv1: IKE IKEv2: FIPS sha SHA2_256 IKEv1: IKE IKEv2: FIPS sha2, sha256 SHA2_384 IKEv1: IKE IKEv2: FIPS sha384 SHA2_512 IKEv1: IKE IKEv2: FIPS sha512 PRF algorithms: HMAC_MD5 IKEv1: IKE IKEv2: IKE md5 HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS sha, sha1 HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS sha2, sha256, sha2_256 HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS sha384, sha2_384 HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS sha512, sha2_512 AES_XCBC IKEv1: IKEv2: IKE aes128_xcbc Integrity algorithms: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH md5, hmac_md5 HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha, sha1, sha1_96, hmac_sha1 HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha512, sha2_512, sha2_512_256, hmac_sha2_512 HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha384, sha2_384, sha2_384_192, hmac_sha2_384 HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH aes_xcbc, aes128_xcbc, aes128_xcbc_96 AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac NONE IKEv1: ESP IKEv2: IKE ESP FIPS null DH algorithms: NONE IKEv1: IKEv2: IKE ESP AH FIPS null, dh0 MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh5 MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh14 MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh15 MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh16 MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh17 MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh18 DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_256, ecp256 DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_384, ecp384 DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_521, ecp521 DH31 IKEv1: IKE IKEv2: IKE ESP AH curve25519 testing CAMELLIA_CBC: Camellia: 16 bytes with 128-bit key Camellia: 16 bytes with 128-bit key Camellia: 16 bytes with 256-bit key Camellia: 16 bytes with 256-bit key testing AES_GCM_16: empty string one block two blocks two blocks with associated data testing AES_CTR: Encrypting 16 octets using AES-CTR with 128-bit key Encrypting 32 octets using AES-CTR with 128-bit key Encrypting 36 octets using AES-CTR with 128-bit key Encrypting 16 octets using AES-CTR with 192-bit key Encrypting 32 octets using AES-CTR with 192-bit key Encrypting 36 octets using AES-CTR with 192-bit key Encrypting 16 octets using AES-CTR with 256-bit key Encrypting 32 octets using AES-CTR with 256-bit key Encrypting 36 octets using AES-CTR with 256-bit key testing AES_CBC: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key testing AES_XCBC: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) testing HMAC_MD5: RFC 2104: MD5_HMAC test 1 RFC 2104: MD5_HMAC test 2 RFC 2104: MD5_HMAC test 3 8 CPU cores online starting up 7 crypto helpers started thread for crypto helper 0 | starting up helper thread 0 | status value returned by setting the priority of this thread (crypto helper 0) 22 | crypto helper 0 waiting (nothing to do) started thread for crypto helper 1 | starting up helper thread 1 | status value returned by setting the priority of this thread (crypto helper 1) 22 | crypto helper 1 waiting (nothing to do) started thread for crypto helper 2 | starting up helper thread 2 | status value returned by setting the priority of this thread (crypto helper 2) 22 | crypto helper 2 waiting (nothing to do) started thread for crypto helper 3 | starting up helper thread 3 | status value returned by setting the priority of this thread (crypto helper 3) 22 | crypto helper 3 waiting (nothing to do) started thread for crypto helper 4 | starting up helper thread 4 | status value returned by setting the priority of this thread (crypto helper 4) 22 | crypto helper 4 waiting (nothing to do) started thread for crypto helper 5 | starting up helper thread 5 | status value returned by setting the priority of this thread (crypto helper 5) 22 | crypto helper 5 waiting (nothing to do) | starting up helper thread 6 started thread for crypto helper 6 | checking IKEv1 state table | MAIN_R0: category: half-open IKE SA flags: 0: | -> MAIN_R1 EVENT_SO_DISCARD | MAIN_I1: category: half-open IKE SA flags: 0: | -> MAIN_I2 EVENT_RETRANSMIT | MAIN_R1: category: open IKE SA flags: 200: | -> MAIN_R2 EVENT_RETRANSMIT | -> UNDEFINED EVENT_RETRANSMIT | -> UNDEFINED EVENT_RETRANSMIT | MAIN_I2: category: open IKE SA flags: 0: | -> MAIN_I3 EVENT_RETRANSMIT | -> UNDEFINED EVENT_RETRANSMIT | -> UNDEFINED EVENT_RETRANSMIT | MAIN_R2: category: open IKE SA flags: 0: | -> MAIN_R3 EVENT_SA_REPLACE | -> MAIN_R3 EVENT_SA_REPLACE | -> UNDEFINED EVENT_SA_REPLACE | MAIN_I3: category: open IKE SA flags: 0: | -> MAIN_I4 EVENT_SA_REPLACE | -> MAIN_I4 EVENT_SA_REPLACE | -> UNDEFINED EVENT_SA_REPLACE | MAIN_R3: category: established IKE SA flags: 200: | -> UNDEFINED EVENT_NULL | MAIN_I4: category: established IKE SA flags: 0: | -> UNDEFINED EVENT_NULL | AGGR_R0: category: half-open IKE SA flags: 0: | -> AGGR_R1 EVENT_SO_DISCARD | AGGR_I1: category: half-open IKE SA flags: 0: | -> AGGR_I2 EVENT_SA_REPLACE | -> AGGR_I2 EVENT_SA_REPLACE | AGGR_R1: category: open IKE SA flags: 200: | -> AGGR_R2 EVENT_SA_REPLACE | -> AGGR_R2 EVENT_SA_REPLACE | AGGR_I2: category: established IKE SA flags: 200: | -> UNDEFINED EVENT_NULL | AGGR_R2: category: established IKE SA flags: 0: | -> UNDEFINED EVENT_NULL | QUICK_R0: category: established CHILD SA flags: 0: | -> QUICK_R1 EVENT_RETRANSMIT | QUICK_I1: category: established CHILD SA flags: 0: | -> QUICK_I2 EVENT_SA_REPLACE | QUICK_R1: category: established CHILD SA flags: 0: | -> QUICK_R2 EVENT_SA_REPLACE | QUICK_I2: category: established CHILD SA flags: 200: | -> UNDEFINED EVENT_NULL | QUICK_R2: category: established CHILD SA flags: 0: | -> UNDEFINED EVENT_NULL | INFO: category: informational flags: 0: | -> UNDEFINED EVENT_NULL | INFO_PROTECTED: category: informational flags: 0: | -> UNDEFINED EVENT_NULL | XAUTH_R0: category: established IKE SA flags: 0: | -> XAUTH_R1 EVENT_NULL | XAUTH_R1: category: established IKE SA flags: 0: | -> MAIN_R3 EVENT_SA_REPLACE | MODE_CFG_R0: category: informational flags: 0: | -> MODE_CFG_R1 EVENT_SA_REPLACE | MODE_CFG_R1: category: established IKE SA flags: 0: | -> MODE_CFG_R2 EVENT_SA_REPLACE | MODE_CFG_R2: category: established IKE SA flags: 0: | -> UNDEFINED EVENT_NULL | MODE_CFG_I1: category: established IKE SA flags: 0: | -> MAIN_I4 EVENT_SA_REPLACE | XAUTH_I0: category: established IKE SA flags: 0: | -> XAUTH_I1 EVENT_RETRANSMIT | XAUTH_I1: category: established IKE SA flags: 0: | -> MAIN_I4 EVENT_RETRANSMIT | checking IKEv2 state table | PARENT_I0: category: ignore flags: 0: | -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT) | PARENT_I1: category: half-open IKE SA flags: 0: | -> PARENT_I1 EVENT_RETAIN send-request (Initiator: process SA_INIT reply notification) | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH) | PARENT_I2: category: open IKE SA flags: 0: | -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification) | -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification) | -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification) | -> V2_IPSEC_I EVENT_SA_REPLACE (Initiator: process IKE_AUTH response) | -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification) | PARENT_I3: category: established IKE SA flags: 0: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Request) | -> PARENT_I3 EVENT_RETAIN (I3: Informational Response) | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Request) | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Response) | PARENT_R0: category: half-open IKE SA flags: 0: | -> PARENT_R1 EVENT_SO_DISCARD send-request (Respond to IKE_SA_INIT) | PARENT_R1: category: half-open IKE SA flags: 0: | -> PARENT_R1 EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request (no SKEYSEED)) | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request) | PARENT_R2: category: established IKE SA flags: 0: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Request) | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Response) | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Request) | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Response) | V2_CREATE_I0: category: established IKE SA flags: 0: | -> V2_CREATE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA) | V2_CREATE_I: category: established IKE SA flags: 0: | -> V2_IPSEC_I EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response) | V2_REKEY_IKE_I0: category: established IKE SA flags: 0: | -> V2_REKEY_IKE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey) | V2_REKEY_IKE_I: category: established IKE SA flags: 0: | -> PARENT_I3 EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response) | V2_REKEY_CHILD_I0: category: established IKE SA flags: 0: | -> V2_REKEY_CHILD_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA) | V2_REKEY_CHILD_I: category: established IKE SA flags: 0: | V2_CREATE_R: category: established IKE SA flags: 0: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IPsec SA Request) | V2_REKEY_IKE_R: category: established IKE SA flags: 0: | -> PARENT_R2 EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IKE Rekey) | V2_REKEY_CHILD_R: category: established IKE SA flags: 0: | V2_IPSEC_I: category: established CHILD SA flags: 0: | V2_IPSEC_R: category: established CHILD SA flags: 0: | IKESA_DEL: category: established IKE SA flags: 0: | -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) | CHILDSA_DEL: category: informational flags: 0: Using Linux XFRM/NETKEY IPsec interface code on 5.1.18-200.fc29.x86_64 | Hard-wiring algorithms | adding AES_CCM_16 to kernel algorithm db | adding AES_CCM_12 to kernel algorithm db | adding AES_CCM_8 to kernel algorithm db | adding 3DES_CBC to kernel algorithm db | adding CAMELLIA_CBC to kernel algorithm db | adding AES_GCM_16 to kernel algorithm db | adding AES_GCM_12 to kernel algorithm db | adding AES_GCM_8 to kernel algorithm db | adding AES_CTR to kernel algorithm db | adding AES_CBC to kernel algorithm db | adding SERPENT_CBC to kernel algorithm db | adding TWOFISH_CBC to kernel algorithm db | adding NULL_AUTH_AES_GMAC to kernel algorithm db | adding NULL to kernel algorithm db | adding CHACHA20_POLY1305 to kernel algorithm db | adding HMAC_MD5_96 to kernel algorithm db | adding HMAC_SHA1_96 to kernel algorithm db | adding HMAC_SHA2_512_256 to kernel algorithm db | adding HMAC_SHA2_384_192 to kernel algorithm db | adding HMAC_SHA2_256_128 to kernel algorithm db | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db | adding AES_XCBC_96 to kernel algorithm db | adding AES_CMAC_96 to kernel algorithm db | adding NONE to kernel algorithm db | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds | setup kernel fd callback | add_fd_read_event_handler: new KERNEL_XRM_FD-pe@0x561d263d2488 | libevent_malloc: new ptr-libevent@0x561d264114f8 size 128 | libevent_malloc: new ptr-libevent@0x561d264185d8 size 16 | add_fd_read_event_handler: new KERNEL_ROUTE_FD-pe@0x561d26418568 | libevent_malloc: new ptr-libevent@0x561d263caf48 size 128 | libevent_malloc: new ptr-libevent@0x561d26418238 size 16 | global one-shot timer EVENT_CHECK_CRLS initialized selinux support is enabled. | unbound context created - setting debug level to 5 | /etc/hosts lookups activated | /etc/resolv.conf usage activated | outgoing-port-avoid set 0-65535 | outgoing-port-permit set 32768-60999 | Loading dnssec root key from:/var/lib/unbound/root.key | No additional dnssec trust anchors defined via dnssec-trusted= option | Setting up events, loop start | add_fd_read_event_handler: new PLUTO_CTL_FD-pe@0x561d26418a08 | libevent_malloc: new ptr-libevent@0x561d264248e8 size 128 | libevent_malloc: new ptr-libevent@0x561d2642fbd8 size 16 | libevent_realloc: new ptr-libevent@0x561d2642fc18 size 256 | libevent_malloc: new ptr-libevent@0x561d2642fd48 size 8 | libevent_realloc: new ptr-libevent@0x561d2642fd88 size 144 | libevent_malloc: new ptr-libevent@0x561d263d6a58 size 152 | libevent_malloc: new ptr-libevent@0x561d2642fe48 size 16 | signal event handler PLUTO_SIGCHLD installed | libevent_malloc: new ptr-libevent@0x561d2642fe88 size 8 | libevent_malloc: new ptr-libevent@0x561d263547a8 size 152 | signal event handler PLUTO_SIGTERM installed | libevent_malloc: new ptr-libevent@0x561d2642fec8 size 8 | libevent_malloc: new ptr-libevent@0x561d2642ff08 size 152 | signal event handler PLUTO_SIGHUP installed | libevent_malloc: new ptr-libevent@0x561d2642ffd8 size 8 | libevent_realloc: release ptr-libevent@0x561d2642fd88 | libevent_realloc: new ptr-libevent@0x561d26430018 size 256 | libevent_malloc: new ptr-libevent@0x561d26430148 size 152 | signal event handler PLUTO_SIGSYS installed | created addconn helper (pid:1829) using fork+execve | forked child 1829 | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) listening for IKE messages | Inspecting interface lo | found lo with address 127.0.0.1 | Inspecting interface eth0 | found eth0 with address 192.0.2.254 | Inspecting interface eth1 | found eth1 with address 192.1.2.23 Kernel supports NIC esp-hw-offload adding interface eth1/eth1 (esp-hw-offload not supported by kernel) 192.1.2.23:500 | NAT-Traversal: Trying sockopt style NAT-T | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 adding interface eth1/eth1 192.1.2.23:4500 adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.0.2.254:500 | NAT-Traversal: Trying sockopt style NAT-T | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 adding interface eth0/eth0 192.0.2.254:4500 adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500 | NAT-Traversal: Trying sockopt style NAT-T | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 adding interface lo/lo 127.0.0.1:4500 | status value returned by setting the priority of this thread (crypto helper 6) 22 | no interfaces to sort | crypto helper 6 waiting (nothing to do) | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations | add_fd_read_event_handler: new ethX-pe@0x561d26430728 | libevent_malloc: new ptr-libevent@0x561d26424838 size 128 | libevent_malloc: new ptr-libevent@0x561d26430798 size 16 | setup callback for interface lo 127.0.0.1:4500 fd 22 | add_fd_read_event_handler: new ethX-pe@0x561d264307d8 | libevent_malloc: new ptr-libevent@0x561d263caff8 size 128 | libevent_malloc: new ptr-libevent@0x561d26430848 size 16 | setup callback for interface lo 127.0.0.1:500 fd 21 | add_fd_read_event_handler: new ethX-pe@0x561d26430888 | libevent_malloc: new ptr-libevent@0x561d263ca918 size 128 | libevent_malloc: new ptr-libevent@0x561d264308f8 size 16 | setup callback for interface eth0 192.0.2.254:4500 fd 20 | add_fd_read_event_handler: new ethX-pe@0x561d26430938 | libevent_malloc: new ptr-libevent@0x561d263d21d8 size 128 | libevent_malloc: new ptr-libevent@0x561d264309a8 size 16 | setup callback for interface eth0 192.0.2.254:500 fd 19 | add_fd_read_event_handler: new ethX-pe@0x561d264309e8 | libevent_malloc: new ptr-libevent@0x561d263d22d8 size 128 | libevent_malloc: new ptr-libevent@0x561d26430a58 size 16 | setup callback for interface eth1 192.1.2.23:4500 fd 18 | add_fd_read_event_handler: new ethX-pe@0x561d26430a98 | libevent_malloc: new ptr-libevent@0x561d263d23d8 size 128 | libevent_malloc: new ptr-libevent@0x561d26430b08 size 16 | setup callback for interface eth1 192.1.2.23:500 fd 17 | certs and keys locked by 'free_preshared_secrets' | certs and keys unlocked by 'free_preshared_secrets' loading secrets from "/etc/ipsec.secrets" | saving Modulus | saving PublicExponent | ignoring PrivateExponent | ignoring Prime1 | ignoring Prime2 | ignoring Exponent1 | ignoring Exponent2 | ignoring Coefficient | ignoring CKAIDNSS | computed rsa CKAID 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 | computed rsa CKAID 8a 82 25 f1 loaded private key for keyid: PKK_RSA:AQO9bJbr3 | certs and keys locked by 'process_secret' | certs and keys unlocked by 'process_secret' | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.669 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) listening for IKE messages | Inspecting interface lo | found lo with address 127.0.0.1 | Inspecting interface eth0 | found eth0 with address 192.0.2.254 | Inspecting interface eth1 | found eth1 with address 192.1.2.23 | no interfaces to sort | libevent_free: release ptr-libevent@0x561d26424838 | free_event_entry: release EVENT_NULL-pe@0x561d26430728 | add_fd_read_event_handler: new ethX-pe@0x561d26430728 | libevent_malloc: new ptr-libevent@0x561d26424838 size 128 | setup callback for interface lo 127.0.0.1:4500 fd 22 | libevent_free: release ptr-libevent@0x561d263caff8 | free_event_entry: release EVENT_NULL-pe@0x561d264307d8 | add_fd_read_event_handler: new ethX-pe@0x561d264307d8 | libevent_malloc: new ptr-libevent@0x561d263caff8 size 128 | setup callback for interface lo 127.0.0.1:500 fd 21 | libevent_free: release ptr-libevent@0x561d263ca918 | free_event_entry: release EVENT_NULL-pe@0x561d26430888 | add_fd_read_event_handler: new ethX-pe@0x561d26430888 | libevent_malloc: new ptr-libevent@0x561d263ca918 size 128 | setup callback for interface eth0 192.0.2.254:4500 fd 20 | libevent_free: release ptr-libevent@0x561d263d21d8 | free_event_entry: release EVENT_NULL-pe@0x561d26430938 | add_fd_read_event_handler: new ethX-pe@0x561d26430938 | libevent_malloc: new ptr-libevent@0x561d263d21d8 size 128 | setup callback for interface eth0 192.0.2.254:500 fd 19 | libevent_free: release ptr-libevent@0x561d263d22d8 | free_event_entry: release EVENT_NULL-pe@0x561d264309e8 | add_fd_read_event_handler: new ethX-pe@0x561d264309e8 | libevent_malloc: new ptr-libevent@0x561d263d22d8 size 128 | setup callback for interface eth1 192.1.2.23:4500 fd 18 | libevent_free: release ptr-libevent@0x561d263d23d8 | free_event_entry: release EVENT_NULL-pe@0x561d26430a98 | add_fd_read_event_handler: new ethX-pe@0x561d26430a98 | libevent_malloc: new ptr-libevent@0x561d263d23d8 size 128 | setup callback for interface eth1 192.1.2.23:500 fd 17 | certs and keys locked by 'free_preshared_secrets' forgetting secrets | certs and keys unlocked by 'free_preshared_secrets' loading secrets from "/etc/ipsec.secrets" | saving Modulus | saving PublicExponent | ignoring PrivateExponent | ignoring Prime1 | ignoring Prime2 | ignoring Exponent1 | ignoring Exponent2 | ignoring Coefficient | ignoring CKAIDNSS | computed rsa CKAID 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 | computed rsa CKAID 8a 82 25 f1 loaded private key for keyid: PKK_RSA:AQO9bJbr3 | certs and keys locked by 'process_secret' | certs and keys unlocked by 'process_secret' | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.374 milliseconds in whack | processing signal PLUTO_SIGCHLD | waitpid returned pid 1829 (exited with status 0) | reaped addconn helper child (status 0) | waitpid returned ECHILD (no child processes left) | spent 0.0159 milliseconds in signal handler PLUTO_SIGCHLD | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | FOR_EACH_CONNECTION_... in foreach_connection_by_alias | FOR_EACH_CONNECTION_... in conn_by_name | Added new connection east-any with policy ENCRYPT+TUNNEL+PFS+XAUTH+MODECFG_PULL+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | No AUTH policy was set - defaulting to RSASIG | counting wild cards for %fromcert is 0 | setting ID to ID_DER_ASN1_DN: 'E=user-east@testing.libreswan.org,CN=east.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' | loading right certificate 'east' pubkey | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x561d26432c78 | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x561d26432c28 | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x561d26432ae8 | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x561d26432838 | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x561d264327e8 | unreference key: 0x561d26432cc8 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org cnt 1-- | certs and keys locked by 'lsw_add_rsa_secret' | certs and keys unlocked by 'lsw_add_rsa_secret' | counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org is 0 | add new addresspool to global pools 192.0.2.100-192.0.2.200 size 101 ptr 0x561d26430218 | based upon policy, the connection is a template. | reference addresspool of conn east-any[0] kind CK_TEMPLATE refcnt 0 | connect_to_host_pair: 192.1.2.23:500 0.0.0.0:500 -> hp@(nil): none | new hp@0x561d26435d48 added connection description "east-any" | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+XAUTH+MODECFG_PULL+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO | 192.0.2.0/24===192.1.2.23<192.1.2.23>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org,MS+XS+S=C]...%any[%fromcert,+MC+XC+S=C] | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 1.36 milliseconds in whack | spent 0.00305 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 804 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) | ed b5 5c 3c d0 47 93 cb 00 00 00 00 00 00 00 00 | 01 10 02 00 00 00 00 00 00 00 03 24 0d 00 02 84 | 00 00 00 01 00 00 00 01 00 00 02 78 00 01 00 12 | 03 00 00 24 00 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 07 80 02 00 04 80 03 fd ed 80 04 00 0e | 80 0e 01 00 03 00 00 24 01 01 00 00 80 0b 00 01 | 80 0c 0e 10 80 01 00 07 80 02 00 04 80 03 fd ed | 80 04 00 0e 80 0e 00 80 03 00 00 24 02 01 00 00 | 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 06 | 80 03 fd ed 80 04 00 0e 80 0e 01 00 03 00 00 24 | 03 01 00 00 80 0b 00 01 80 0c 0e 10 80 01 00 07 | 80 02 00 06 80 03 fd ed 80 04 00 0e 80 0e 00 80 | 03 00 00 24 04 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 07 80 02 00 02 80 03 fd ed 80 04 00 0e | 80 0e 01 00 03 00 00 24 05 01 00 00 80 0b 00 01 | 80 0c 0e 10 80 01 00 07 80 02 00 02 80 03 fd ed | 80 04 00 0e 80 0e 00 80 03 00 00 24 06 01 00 00 | 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 04 | 80 03 fd ed 80 04 00 05 80 0e 01 00 03 00 00 24 | 07 01 00 00 80 0b 00 01 80 0c 0e 10 80 01 00 07 | 80 02 00 04 80 03 fd ed 80 04 00 05 80 0e 00 80 | 03 00 00 24 08 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 07 80 02 00 06 80 03 fd ed 80 04 00 05 | 80 0e 01 00 03 00 00 24 09 01 00 00 80 0b 00 01 | 80 0c 0e 10 80 01 00 07 80 02 00 06 80 03 fd ed | 80 04 00 05 80 0e 00 80 03 00 00 24 0a 01 00 00 | 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 02 | 80 03 fd ed 80 04 00 05 80 0e 01 00 03 00 00 24 | 0b 01 00 00 80 0b 00 01 80 0c 0e 10 80 01 00 07 | 80 02 00 02 80 03 fd ed 80 04 00 05 80 0e 00 80 | 03 00 00 20 0c 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 05 80 02 00 04 80 03 fd ed 80 04 00 0e | 03 00 00 20 0d 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 05 80 02 00 06 80 03 fd ed 80 04 00 0e | 03 00 00 20 0e 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 05 80 02 00 02 80 03 fd ed 80 04 00 0e | 03 00 00 20 0f 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 05 80 02 00 04 80 03 fd ed 80 04 00 05 | 03 00 00 20 10 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 05 80 02 00 06 80 03 fd ed 80 04 00 05 | 00 00 00 20 11 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 05 80 02 00 02 80 03 fd ed 80 04 00 05 | 0d 00 00 14 40 48 b7 d5 6e bc e8 85 25 e7 de 7f | 00 d6 c2 d3 0d 00 00 0c 09 00 26 89 df d6 b7 12 | 0d 00 00 14 af ca d7 13 68 a1 f1 c9 6b 86 96 fc | 77 57 01 00 0d 00 00 14 4a 13 1c 81 07 03 58 45 | 5c 57 28 f2 0e 95 45 2f 0d 00 00 14 7d 94 19 a6 | 53 10 ca 6f 2c 17 9d 92 15 52 9d 56 0d 00 00 14 | 90 cb 80 91 3e bb 69 6e 08 63 81 b5 ec 42 7b 1f | 00 00 00 14 cd 60 46 43 35 df 21 f8 7c fd b2 fc | 68 b6 a4 48 | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | ed b5 5c 3c d0 47 93 cb | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_SA (0x1) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 804 (0x324) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: IKEv1 state not found (find_state_ikev1_init) | #null state always idle | got payload 0x2 (ISAKMP_NEXT_SA) needed: 0x2 opt: 0x2080 | ***parse ISAKMP Security Association Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | length: 644 (0x284) | DOI: ISAKMP_DOI_IPSEC (0x1) | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 | ***parse ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | length: 20 (0x14) | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 | ***parse ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | length: 12 (0xc) | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 | ***parse ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | length: 20 (0x14) | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 | ***parse ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | length: 20 (0x14) | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 | ***parse ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | length: 20 (0x14) | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 | ***parse ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | length: 20 (0x14) | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 | ***parse ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 20 (0x14) | message 'main_inI1_outR1' HASH payload not checked early | received Vendor ID payload [FRAGMENTATION] | received Vendor ID payload [XAUTH] | received Vendor ID payload [Dead Peer Detection] | quirks.qnat_traversal_vid set to=117 [RFC 3947] | received Vendor ID payload [RFC 3947] | Ignoring older NAT-T Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] | ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] | Ignoring older NAT-T Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] | ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] | Ignoring older NAT-T Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] | ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] | in statetime_start() with no state | find_host_connection local=192.1.2.23:500 remote=192.1.3.33:500 policy=IKEV1_ALLOW but ignoring ports | find_next_host_connection policy=IKEV1_ALLOW | find_next_host_connection returns empty | ****parse IPsec DOI SIT: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) | ****parse ISAKMP Proposal Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 632 (0x278) | proposal number: 0 (0x0) | protocol ID: PROTO_ISAKMP (0x1) | SPI size: 0 (0x0) | number of transforms: 18 (0x12) | *****parse ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | length: 36 (0x24) | ISAKMP transform number: 0 (0x0) | ISAKMP transform ID: KEY_IKE (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 4 (0x4) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65005 (0xfded) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | *****parse ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | length: 36 (0x24) | ISAKMP transform number: 1 (0x1) | ISAKMP transform ID: KEY_IKE (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 4 (0x4) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65005 (0xfded) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | *****parse ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | length: 36 (0x24) | ISAKMP transform number: 2 (0x2) | ISAKMP transform ID: KEY_IKE (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 6 (0x6) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65005 (0xfded) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | *****parse ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | length: 36 (0x24) | ISAKMP transform number: 3 (0x3) | ISAKMP transform ID: KEY_IKE (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 6 (0x6) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65005 (0xfded) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | *****parse ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | length: 36 (0x24) | ISAKMP transform number: 4 (0x4) | ISAKMP transform ID: KEY_IKE (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 2 (0x2) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65005 (0xfded) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | *****parse ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | length: 36 (0x24) | ISAKMP transform number: 5 (0x5) | ISAKMP transform ID: KEY_IKE (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 2 (0x2) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65005 (0xfded) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | *****parse ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | length: 36 (0x24) | ISAKMP transform number: 6 (0x6) | ISAKMP transform ID: KEY_IKE (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 4 (0x4) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65005 (0xfded) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 5 (0x5) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | *****parse ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | length: 36 (0x24) | ISAKMP transform number: 7 (0x7) | ISAKMP transform ID: KEY_IKE (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 4 (0x4) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65005 (0xfded) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 5 (0x5) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | *****parse ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | length: 36 (0x24) | ISAKMP transform number: 8 (0x8) | ISAKMP transform ID: KEY_IKE (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 6 (0x6) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65005 (0xfded) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 5 (0x5) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | *****parse ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | length: 36 (0x24) | ISAKMP transform number: 9 (0x9) | ISAKMP transform ID: KEY_IKE (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 6 (0x6) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65005 (0xfded) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 5 (0x5) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | *****parse ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | length: 36 (0x24) | ISAKMP transform number: 10 (0xa) | ISAKMP transform ID: KEY_IKE (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 2 (0x2) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65005 (0xfded) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 5 (0x5) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | *****parse ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | length: 36 (0x24) | ISAKMP transform number: 11 (0xb) | ISAKMP transform ID: KEY_IKE (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 2 (0x2) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65005 (0xfded) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 5 (0x5) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | *****parse ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | length: 32 (0x20) | ISAKMP transform number: 12 (0xc) | ISAKMP transform ID: KEY_IKE (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 5 (0x5) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 4 (0x4) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65005 (0xfded) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | *****parse ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | length: 32 (0x20) | ISAKMP transform number: 13 (0xd) | ISAKMP transform ID: KEY_IKE (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 5 (0x5) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 6 (0x6) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65005 (0xfded) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | *****parse ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | length: 32 (0x20) | ISAKMP transform number: 14 (0xe) | ISAKMP transform ID: KEY_IKE (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 5 (0x5) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 2 (0x2) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65005 (0xfded) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | *****parse ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | length: 32 (0x20) | ISAKMP transform number: 15 (0xf) | ISAKMP transform ID: KEY_IKE (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 5 (0x5) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 4 (0x4) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65005 (0xfded) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 5 (0x5) | *****parse ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | length: 32 (0x20) | ISAKMP transform number: 16 (0x10) | ISAKMP transform ID: KEY_IKE (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 5 (0x5) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 6 (0x6) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65005 (0xfded) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 5 (0x5) | *****parse ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 32 (0x20) | ISAKMP transform number: 17 (0x11) | ISAKMP transform ID: KEY_IKE (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 5 (0x5) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 2 (0x2) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65005 (0xfded) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 5 (0x5) | find_host_connection local=192.1.2.23:500 remote= policy=RSASIG+XAUTH+IKEV1_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 0.0.0.0:500 but ignoring ports | find_next_host_connection policy=RSASIG+XAUTH+IKEV1_ALLOW | found policy = RSASIG+ENCRYPT+TUNNEL+PFS+XAUTH+MODECFG_PULL+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east-any) | find_next_host_connection returns east-any | find_next_host_connection policy=RSASIG+XAUTH+IKEV1_ALLOW | find_next_host_connection returns empty | instantiating "east-any" for initial Main Mode message received on 192.1.2.23:500 | reference addresspool of conn east-any[1] kind CK_TEMPLATE refcnt 1 | connect_to_host_pair: 192.1.2.23:500 192.1.3.33:500 -> hp@(nil): none | new hp@0x561d26437028 | rw_instantiate() instantiated "east-any"[1] 192.1.3.33 for 192.1.3.33 | creating state object #1 at 0x561d26439d98 | State DB: adding IKEv1 state #1 in UNDEFINED | pstats #1 ikev1.isakmp started | #1 updating local interface from to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2669) | start processing: state #1 connection "east-any"[1] 192.1.3.33 from 192.1.3.33:500 (in main_inI1_outR1() at ikev1_main.c:667) | parent state #1: UNDEFINED(ignore) => MAIN_R0(half-open IKE SA) | sender checking NAT-T: enabled; VID 117 | returning NAT-T method NAT_TRAVERSAL_METHOD_IETF_RFC | enabling possible NAT-traversal with method RFC 3947 (NAT-Traversal) "east-any"[1] 192.1.3.33 #1: responding to Main Mode from unknown peer 192.1.3.33 on port 500 | ICOOKIE-DUMP: ed b5 5c 3c d0 47 93 cb | **emit ISAKMP Message: | initiator cookie: | ed b5 5c 3c d0 47 93 cb | responder cookie: | 12 d0 f4 86 da ac ad 5c | next payload type: ISAKMP_NEXT_SA (0x1) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | next payload chain: ignoring supplied 'ISAKMP Message'.'next payload type' value 1:ISAKMP_NEXT_SA | ***emit ISAKMP Security Association Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | DOI: ISAKMP_DOI_IPSEC (0x1) | next payload chain: ignoring supplied 'ISAKMP Security Association Payload'.'next payload type' value 13:ISAKMP_NEXT_VID | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Security Association Payload (1:ISAKMP_NEXT_SA) | next payload chain: saving location 'ISAKMP Security Association Payload'.'next payload type' in 'reply packet' | ****parse IPsec DOI SIT: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) | ****parse ISAKMP Proposal Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 632 (0x278) | proposal number: 0 (0x0) | protocol ID: PROTO_ISAKMP (0x1) | SPI size: 0 (0x0) | number of transforms: 18 (0x12) | *****parse ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | length: 36 (0x24) | ISAKMP transform number: 0 (0x0) | ISAKMP transform ID: KEY_IKE (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | [7 is OAKLEY_AES_CBC] | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 4 (0x4) | [4 is OAKLEY_SHA2_256] | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65005 (0xfded) | [65005 is XAUTHInitRSA] | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | OAKLEY proposal verified unconditionally; no alg_info to check against | Oakley Transform 0 accepted | ****emit IPsec DOI SIT: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) | ****emit ISAKMP Proposal Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | proposal number: 0 (0x0) | protocol ID: PROTO_ISAKMP (0x1) | SPI size: 0 (0x0) | number of transforms: 1 (0x1) | last substructure: saving location 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP transform number: 0 (0x0) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | emitting 28 raw bytes of attributes into ISAKMP Transform Payload (ISAKMP) | attributes 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 04 | attributes 80 03 fd ed 80 04 00 0e 80 0e 01 00 | emitting length of ISAKMP Transform Payload (ISAKMP): 36 | emitting length of ISAKMP Proposal Payload: 44 | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is 0 | emitting length of ISAKMP Security Association Payload: 56 | last substructure: checking 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' is 0 | out_vid(): sending [FRAGMENTATION] | ***emit ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | next payload chain: ignoring supplied 'ISAKMP Vendor ID Payload'.'next payload type' value 13:ISAKMP_NEXT_VID | next payload chain: setting previous 'ISAKMP Security Association Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload | V_ID 40 48 b7 d5 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3 | emitting length of ISAKMP Vendor ID Payload: 20 | out_vid(): sending [XAUTH] | ***emit ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | next payload chain: ignoring supplied 'ISAKMP Vendor ID Payload'.'next payload type' value 13:ISAKMP_NEXT_VID | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' | emitting 8 raw bytes of V_ID into ISAKMP Vendor ID Payload | V_ID 09 00 26 89 df d6 b7 12 | emitting length of ISAKMP Vendor ID Payload: 12 | out_vid(): sending [Dead Peer Detection] | ***emit ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload | V_ID af ca d7 13 68 a1 f1 c9 6b 86 96 fc 77 57 01 00 | emitting length of ISAKMP Vendor ID Payload: 20 | out_vid(): sending [RFC 3947] | ***emit ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload | V_ID 4a 13 1c 81 07 03 58 45 5c 57 28 f2 0e 95 45 2f | emitting length of ISAKMP Vendor ID Payload: 20 | no IKEv1 message padding required | emitting length of ISAKMP Message: 156 | complete v1 state transition with STF_OK | [RE]START processing: state #1 connection "east-any"[1] 192.1.3.33 from 192.1.3.33:500 (in complete_v1_state_transition() at ikev1.c:2673) | #1 is idle | doing_xauth:yes, t_xauth_client_done:no | peer supports fragmentation | peer supports DPD | IKEv1: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 | parent state #1: MAIN_R0(half-open IKE SA) => MAIN_R1(open IKE SA) | event_already_set, deleting event | sending reply packet to 192.1.3.33:500 (from 192.1.2.23:500) | sending 156 bytes for STATE_MAIN_R0 through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) | ed b5 5c 3c d0 47 93 cb 12 d0 f4 86 da ac ad 5c | 01 10 02 00 00 00 00 00 00 00 00 9c 0d 00 00 38 | 00 00 00 01 00 00 00 01 00 00 00 2c 00 01 00 01 | 00 00 00 24 00 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 07 80 02 00 04 80 03 fd ed 80 04 00 0e | 80 0e 01 00 0d 00 00 14 40 48 b7 d5 6e bc e8 85 | 25 e7 de 7f 00 d6 c2 d3 0d 00 00 0c 09 00 26 89 | df d6 b7 12 0d 00 00 14 af ca d7 13 68 a1 f1 c9 | 6b 86 96 fc 77 57 01 00 00 00 00 14 4a 13 1c 81 | 07 03 58 45 5c 57 28 f2 0e 95 45 2f | !event_already_set at reschedule | event_schedule: new EVENT_SO_DISCARD-pe@0x561d26437108 | inserting event EVENT_SO_DISCARD, timeout in 60 seconds for #1 | libevent_malloc: new ptr-libevent@0x561d26432738 size 128 "east-any"[1] 192.1.3.33 #1: STATE_MAIN_R1: sent MR1, expecting MI2 | modecfg pull: noquirk policy:pull not-client | phase 1 is done, looking for phase 2 to unpend | stop processing: from 192.1.3.33:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "east-any"[1] 192.1.3.33 from 192.1.3.33:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 1.01 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00225 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 396 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) | ed b5 5c 3c d0 47 93 cb 12 d0 f4 86 da ac ad 5c | 04 10 02 00 00 00 00 00 00 00 01 8c 0a 00 01 04 | 46 2d 60 af 6a 39 e1 33 7a 1f 9f 62 c7 53 e6 14 | 00 55 ed 79 40 6a 85 3e 91 65 ff f5 63 ce c4 dc | 7d ae 92 9d e6 bd 87 47 1a e0 6f cd 13 0d b0 2c | 3f 24 7c 28 ee 49 66 f6 19 3c b9 61 8a fc d9 ee | 66 72 2d 82 27 f3 0a 97 08 fa de 8a a3 91 0b e1 | 1f 5c 2f 9e 8e c9 54 f6 c3 32 83 38 5a 45 81 6c | 9e 64 b1 04 cc 5c 64 07 27 fd a8 34 f0 cd b8 a2 | 3a b9 19 3a 63 cf 59 04 77 b1 27 ba 41 ee 58 a6 | 4f 32 01 65 28 b3 bd 04 39 96 b2 7f 68 13 91 97 | ea a9 df e0 43 a3 66 79 c0 c1 54 fe 60 aa 95 b0 | 5e 8e fc c4 21 d4 0b 21 5f 71 0c 4b 2c 75 7a 41 | ca e3 23 2f 8d 9c 62 15 e4 d5 2a a4 5c 72 7e 4b | 6f 57 cf 43 c2 d9 06 88 bd a1 c0 d1 1d c3 81 3d | a0 75 be 68 5e 00 75 5f 91 e7 a7 ad e2 3f 09 8f | fc 33 6e a3 99 e8 4f 45 cf 05 9d 53 1a 67 e1 a0 | 74 63 8f 93 e3 71 e8 2a c1 e2 52 83 75 ad c7 86 | 14 00 00 24 ab fe e6 d3 a3 4c 20 ce 5c b9 73 f1 | 4c 4b 1b 96 b6 2f e5 62 02 7c f8 bc af a7 2d 82 | 73 70 d0 ff 14 00 00 24 67 69 82 98 12 15 83 68 | 02 26 80 ed b9 48 86 06 20 f1 1b 57 8f ab 66 c4 | cd 40 09 82 94 ae 76 6d 00 00 00 24 0e 90 e9 18 | 75 e3 fd 61 94 d2 f8 b2 aa fb 39 04 ec 0e 86 56 | f9 26 90 34 a5 26 2f 71 47 f2 34 67 | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | ed b5 5c 3c d0 47 93 cb | responder cookie: | 12 d0 f4 86 da ac ad 5c | next payload type: ISAKMP_NEXT_KE (0x4) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 396 (0x18c) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R1 (find_state_ikev1) | start processing: state #1 connection "east-any"[1] 192.1.3.33 from 192.1.3.33:500 (in process_v1_packet() at ikev1.c:1459) | #1 is idle | #1 idle | got payload 0x10 (ISAKMP_NEXT_KE) needed: 0x410 opt: 0x102080 | ***parse ISAKMP Key Exchange Payload: | next payload type: ISAKMP_NEXT_NONCE (0xa) | length: 260 (0x104) | got payload 0x400 (ISAKMP_NEXT_NONCE) needed: 0x400 opt: 0x102080 | ***parse ISAKMP Nonce Payload: | next payload type: ISAKMP_NEXT_NATD_RFC (0x14) | length: 36 (0x24) | got payload 0x100000 (ISAKMP_NEXT_NATD_RFC) needed: 0x0 opt: 0x102080 | ***parse ISAKMP NAT-D Payload: | next payload type: ISAKMP_NEXT_NATD_RFC (0x14) | length: 36 (0x24) | got payload 0x100000 (ISAKMP_NEXT_NATD_RFC) needed: 0x0 opt: 0x102080 | ***parse ISAKMP NAT-D Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 36 (0x24) | message 'main_inI2_outR2' HASH payload not checked early | init checking NAT-T: enabled; RFC 3947 (NAT-Traversal) | natd_hash: hasher=0x561d24aafca0(32) | natd_hash: icookie= ed b5 5c 3c d0 47 93 cb | natd_hash: rcookie= 12 d0 f4 86 da ac ad 5c | natd_hash: ip= c0 01 02 17 | natd_hash: port=500 | natd_hash: hash= 67 69 82 98 12 15 83 68 02 26 80 ed b9 48 86 06 | natd_hash: hash= 20 f1 1b 57 8f ab 66 c4 cd 40 09 82 94 ae 76 6d | natd_hash: hasher=0x561d24aafca0(32) | natd_hash: icookie= ed b5 5c 3c d0 47 93 cb | natd_hash: rcookie= 12 d0 f4 86 da ac ad 5c | natd_hash: ip= c0 01 03 21 | natd_hash: port=500 | natd_hash: hash= 0e 90 e9 18 75 e3 fd 61 94 d2 f8 b2 aa fb 39 04 | natd_hash: hash= ec 0e 86 56 f9 26 90 34 a5 26 2f 71 47 f2 34 67 | expected NAT-D(me): 67 69 82 98 12 15 83 68 02 26 80 ed b9 48 86 06 | expected NAT-D(me): 20 f1 1b 57 8f ab 66 c4 cd 40 09 82 94 ae 76 6d | expected NAT-D(him): | 0e 90 e9 18 75 e3 fd 61 94 d2 f8 b2 aa fb 39 04 | ec 0e 86 56 f9 26 90 34 a5 26 2f 71 47 f2 34 67 | received NAT-D: 67 69 82 98 12 15 83 68 02 26 80 ed b9 48 86 06 | received NAT-D: 20 f1 1b 57 8f ab 66 c4 cd 40 09 82 94 ae 76 6d | received NAT-D: 0e 90 e9 18 75 e3 fd 61 94 d2 f8 b2 aa fb 39 04 | received NAT-D: ec 0e 86 56 f9 26 90 34 a5 26 2f 71 47 f2 34 67 | NAT_TRAVERSAL encaps using auto-detect | NAT_TRAVERSAL this end is NOT behind NAT | NAT_TRAVERSAL that end is NOT behind NAT | NAT_TRAVERSAL nat-keepalive enabled 192.1.3.33 | NAT-Traversal: Result using RFC 3947 (NAT-Traversal) sender port 500: no NAT detected | NAT_T_WITH_KA detected | global one-shot timer EVENT_NAT_T_KEEPALIVE scheduled in 20 seconds | adding inI2_outR2 KE work-order 1 for state #1 | state #1 requesting EVENT_SO_DISCARD to be deleted | libevent_free: release ptr-libevent@0x561d26432738 | free_event_entry: release EVENT_SO_DISCARD-pe@0x561d26437108 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x561d26437108 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 | libevent_malloc: new ptr-libevent@0x561d26438728 size 128 | complete v1 state transition with STF_SUSPEND | [RE]START processing: state #1 connection "east-any"[1] 192.1.3.33 from 192.1.3.33:500 (in complete_v1_state_transition() at ikev1.c:2648) | suspending state #1 and saving MD | #1 is busy; has a suspended MD | crypto helper 0 resuming | #1 spent 0.0811 milliseconds in process_packet_tail() | crypto helper 0 starting work-order 1 for state #1 | stop processing: from 192.1.3.33:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "east-any"[1] 192.1.3.33 from 192.1.3.33:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | crypto helper 0 doing build KE and nonce (inI2_outR2 KE); request ID 1 | spent 0.198 milliseconds in comm_handle_cb() reading and processing packet | crypto helper 0 finished build KE and nonce (inI2_outR2 KE); request ID 1 time elapsed 0.00057 seconds | (#1) spent 0.571 milliseconds in crypto helper computing work-order 1: inI2_outR2 KE (pcr) | crypto helper 0 sending results from work-order 1 for state #1 to event queue | scheduling resume sending helper answer for #1 | libevent_malloc: new ptr-libevent@0x7f2500002888 size 128 | crypto helper 0 waiting (nothing to do) | processing resume sending helper answer for #1 | start processing: state #1 connection "east-any"[1] 192.1.3.33 from 192.1.3.33:500 (in resume_handler() at server.c:797) | crypto helper 0 replies to request ID 1 | calling continuation function 0x561d249dab50 | main_inI2_outR2_continue for #1: calculated ke+nonce, sending R2 | **emit ISAKMP Message: | initiator cookie: | ed b5 5c 3c d0 47 93 cb | responder cookie: | 12 d0 f4 86 da ac ad 5c | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit ISAKMP Key Exchange Payload: | next payload type: ISAKMP_NEXT_NONCE (0xa) | next payload chain: ignoring supplied 'ISAKMP Key Exchange Payload'.'next payload type' value 10:ISAKMP_NEXT_NONCE | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Key Exchange Payload (4:ISAKMP_NEXT_KE) | next payload chain: saving location 'ISAKMP Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of keyex value into ISAKMP Key Exchange Payload | keyex value 44 b8 21 35 71 68 93 36 b0 4d 44 a8 ba 58 bd 98 | keyex value 78 6f bd 05 db 5e c1 43 15 65 19 79 8f a6 26 3f | keyex value 4d f3 af cc 85 3c c5 ca 86 cb 29 5a 72 f9 4b 4e | keyex value de af 72 11 ab 57 ef 5e 75 89 37 05 00 b2 05 a0 | keyex value b9 88 1c 07 08 ac 6e 48 d5 6f 31 e8 13 be 1b 73 | keyex value 2a 53 1c 8b e1 19 3b 31 15 2a 3a 92 9f 5e 3b 27 | keyex value 87 3c 2f fb c1 ae 61 1d b1 c5 08 1f 3a b7 78 b4 | keyex value c7 f3 70 f1 ac 80 b4 12 a9 87 7f ea e7 25 e1 f2 | keyex value fa 07 7b 33 05 0e 09 53 38 31 d2 b2 44 82 e7 9b | keyex value e8 3f d0 36 45 26 74 5f a3 13 2c 97 d1 bc 26 03 | keyex value 30 a4 99 1a f1 32 65 13 0b 37 09 bd c8 a3 3f 81 | keyex value a5 61 03 e7 ec f2 e6 ae 9e 99 e3 6b d3 92 25 0d | keyex value ba 74 58 1c 67 e7 51 51 b4 32 43 09 9c b5 2c a3 | keyex value 27 de 67 70 26 59 6c ed e7 88 d5 b3 44 88 cd a1 | keyex value 4c ee 5e 5c 53 bc 11 1f 56 f8 9c 93 78 1c d7 82 | keyex value 06 82 8e ed ea c1 5b fd 45 8b 97 09 e5 b8 14 60 | emitting length of ISAKMP Key Exchange Payload: 260 | ***emit ISAKMP Nonce Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Key Exchange Payload'.'next payload type' to current ISAKMP Nonce Payload (10:ISAKMP_NEXT_NONCE) | next payload chain: saving location 'ISAKMP Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of Nr into ISAKMP Nonce Payload | Nr cf 78 90 b8 c9 f3 d4 46 17 ac ac 4b f3 38 6a d1 | Nr 85 91 3b e0 ad f3 d1 98 08 aa 8c f3 ca ce fd c4 | emitting length of ISAKMP Nonce Payload: 36 | sending NAT-D payloads | natd_hash: hasher=0x561d24aafca0(32) | natd_hash: icookie= ed b5 5c 3c d0 47 93 cb | natd_hash: rcookie= 12 d0 f4 86 da ac ad 5c | natd_hash: ip= c0 01 03 21 | natd_hash: port=500 | natd_hash: hash= 0e 90 e9 18 75 e3 fd 61 94 d2 f8 b2 aa fb 39 04 | natd_hash: hash= ec 0e 86 56 f9 26 90 34 a5 26 2f 71 47 f2 34 67 | ***emit ISAKMP NAT-D Payload: | next payload type: ISAKMP_NEXT_NATD_RFC (0x14) | next payload chain: ignoring supplied 'ISAKMP NAT-D Payload'.'next payload type' value 20:ISAKMP_NEXT_NATD_RFC | next payload chain: setting previous 'ISAKMP Nonce Payload'.'next payload type' to current ISAKMP NAT-D Payload (20:ISAKMP_NEXT_NATD_RFC) | next payload chain: saving location 'ISAKMP NAT-D Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of NAT-D into ISAKMP NAT-D Payload | NAT-D 0e 90 e9 18 75 e3 fd 61 94 d2 f8 b2 aa fb 39 04 | NAT-D ec 0e 86 56 f9 26 90 34 a5 26 2f 71 47 f2 34 67 | emitting length of ISAKMP NAT-D Payload: 36 | natd_hash: hasher=0x561d24aafca0(32) | natd_hash: icookie= ed b5 5c 3c d0 47 93 cb | natd_hash: rcookie= 12 d0 f4 86 da ac ad 5c | natd_hash: ip= c0 01 02 17 | natd_hash: port=500 | natd_hash: hash= 67 69 82 98 12 15 83 68 02 26 80 ed b9 48 86 06 | natd_hash: hash= 20 f1 1b 57 8f ab 66 c4 cd 40 09 82 94 ae 76 6d | ***emit ISAKMP NAT-D Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP NAT-D Payload'.'next payload type' to current ISAKMP NAT-D Payload (20:ISAKMP_NEXT_NATD_RFC) | next payload chain: saving location 'ISAKMP NAT-D Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of NAT-D into ISAKMP NAT-D Payload | NAT-D 67 69 82 98 12 15 83 68 02 26 80 ed b9 48 86 06 | NAT-D 20 f1 1b 57 8f ab 66 c4 cd 40 09 82 94 ae 76 6d | emitting length of ISAKMP NAT-D Payload: 36 | no IKEv1 message padding required | emitting length of ISAKMP Message: 396 | main inI2_outR2: starting async DH calculation (group=14) | started looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org->%fromcert of kind PKK_PSK | actually looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org->%fromcert of kind PKK_PSK | line 0: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org) to type PKK_RSA | line 1: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org) to type PKK_RSA | concluding with best_match=000 best=(nil) (lineno=-1) | no PreShared Key Found | adding main_inI2_outR2_tail work-order 2 for state #1 | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x561d26438728 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x561d26437108 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x561d26437108 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 | libevent_malloc: new ptr-libevent@0x561d264372a8 size 128 | #1 main_inI2_outR2_continue1_tail:1165 st->st_calculating = FALSE; | complete v1 state transition with STF_OK | [RE]START processing: state #1 connection "east-any"[1] 192.1.3.33 from 192.1.3.33:500 (in complete_v1_state_transition() at ikev1.c:2673) | #1 is idle; has background offloaded task | doing_xauth:yes, t_xauth_client_done:no | IKEv1: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2 | parent state #1: MAIN_R1(open IKE SA) => MAIN_R2(open IKE SA) | event_already_set, deleting event | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x561d264372a8 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x561d26437108 | sending reply packet to 192.1.3.33:500 (from 192.1.2.23:500) | sending 396 bytes for STATE_MAIN_R1 through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) | ed b5 5c 3c d0 47 93 cb 12 d0 f4 86 da ac ad 5c | 04 10 02 00 00 00 00 00 00 00 01 8c 0a 00 01 04 | 44 b8 21 35 71 68 93 36 b0 4d 44 a8 ba 58 bd 98 | 78 6f bd 05 db 5e c1 43 15 65 19 79 8f a6 26 3f | 4d f3 af cc 85 3c c5 ca 86 cb 29 5a 72 f9 4b 4e | de af 72 11 ab 57 ef 5e 75 89 37 05 00 b2 05 a0 | b9 88 1c 07 08 ac 6e 48 d5 6f 31 e8 13 be 1b 73 | 2a 53 1c 8b e1 19 3b 31 15 2a 3a 92 9f 5e 3b 27 | 87 3c 2f fb c1 ae 61 1d b1 c5 08 1f 3a b7 78 b4 | c7 f3 70 f1 ac 80 b4 12 a9 87 7f ea e7 25 e1 f2 | fa 07 7b 33 05 0e 09 53 38 31 d2 b2 44 82 e7 9b | e8 3f d0 36 45 26 74 5f a3 13 2c 97 d1 bc 26 03 | 30 a4 99 1a f1 32 65 13 0b 37 09 bd c8 a3 3f 81 | a5 61 03 e7 ec f2 e6 ae 9e 99 e3 6b d3 92 25 0d | ba 74 58 1c 67 e7 51 51 b4 32 43 09 9c b5 2c a3 | 27 de 67 70 26 59 6c ed e7 88 d5 b3 44 88 cd a1 | 4c ee 5e 5c 53 bc 11 1f 56 f8 9c 93 78 1c d7 82 | crypto helper 1 resuming | 06 82 8e ed ea c1 5b fd 45 8b 97 09 e5 b8 14 60 | 14 00 00 24 cf 78 90 b8 c9 f3 d4 46 17 ac ac 4b | f3 38 6a d1 85 91 3b e0 ad f3 d1 98 08 aa 8c f3 | crypto helper 1 starting work-order 2 for state #1 | ca ce fd c4 14 00 00 24 0e 90 e9 18 75 e3 fd 61 | 94 d2 f8 b2 aa fb 39 04 ec 0e 86 56 f9 26 90 34 | crypto helper 1 doing compute dh+iv (V1 Phase 1) (main_inI2_outR2_tail); request ID 2 | a5 26 2f 71 47 f2 34 67 00 00 00 24 67 69 82 98 | 12 15 83 68 02 26 80 ed b9 48 86 06 20 f1 1b 57 | 8f ab 66 c4 cd 40 09 82 94 ae 76 6d | !event_already_set at reschedule | event_schedule: new EVENT_RETRANSMIT-pe@0x561d26437108 | inserting event EVENT_RETRANSMIT, timeout in 15 seconds for #1 | libevent_malloc: new ptr-libevent@0x561d264372a8 size 128 | #1 STATE_MAIN_R2: retransmits: first event in 15 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 29850.970639 "east-any"[1] 192.1.3.33 #1: STATE_MAIN_R2: sent MR2, expecting MI3 | modecfg pull: noquirk policy:pull not-client | phase 1 is done, looking for phase 2 to unpend | resume sending helper answer for #1 suppresed complete_v1_state_transition() | #1 spent 0.248 milliseconds in resume sending helper answer | stop processing: state #1 connection "east-any"[1] 192.1.3.33 from 192.1.3.33:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f2500002888 | crypto helper 1 finished compute dh+iv (V1 Phase 1) (main_inI2_outR2_tail); request ID 2 time elapsed 0.000867 seconds | (#1) spent 0.87 milliseconds in crypto helper computing work-order 2: main_inI2_outR2_tail (pcr) | crypto helper 1 sending results from work-order 2 for state #1 to event queue | scheduling resume sending helper answer for #1 | libevent_malloc: new ptr-libevent@0x7f24f8000f48 size 128 | crypto helper 1 waiting (nothing to do) | processing resume sending helper answer for #1 | start processing: state #1 connection "east-any"[1] 192.1.3.33 from 192.1.3.33:500 (in resume_handler() at server.c:797) | crypto helper 1 replies to request ID 2 | calling continuation function 0x561d249dab50 | main_inI2_outR2_calcdone for #1: calculate DH finished | [RE]START processing: state #1 connection "east-any"[1] 192.1.3.33 from 192.1.3.33:500 (in main_inI2_outR2_continue2() at ikev1_main.c:1015) | stop processing: state #1 connection "east-any"[1] 192.1.3.33 from 192.1.3.33:500 (in main_inI2_outR2_continue2() at ikev1_main.c:1028) | resume sending helper answer for #1 suppresed complete_v1_state_transition() | #1 spent 0.0197 milliseconds in resume sending helper answer | processing: STOP state #0 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f24f8000f48 | spent 0.0032 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 1852 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) | ed b5 5c 3c d0 47 93 cb 12 d0 f4 86 da ac ad 5c | 05 10 02 01 00 00 00 00 00 00 07 3c 15 23 d3 9d | d2 55 18 28 54 eb 63 d7 8e f0 bd ad ca 9e ff 59 | e1 7b 9a a0 34 30 f1 3b e7 71 9b 80 fb 4e b5 5b | d5 60 fc 3e eb d4 a7 90 5f 51 33 35 76 ab 71 66 | 43 10 5c 69 08 7f 5c 59 52 6b 8d 66 d9 c0 25 de | 9d b5 4a 7b 67 00 d7 de 87 65 28 6b bc 5e 65 c6 | 94 73 4d 22 d3 65 08 fa 99 32 8b 48 7a fa 77 84 | 18 da 6a ea ea 57 15 6a 1c bf 6d 96 83 24 df ed | d3 2e 83 e3 34 d4 40 c0 e4 af b5 4c e9 1d ed 31 | 07 19 9e 5a ba 99 df 15 f9 b7 d9 13 b8 b0 ab fc | c6 eb 0c a0 1b f3 81 07 bc c5 cf 0e 3c c7 bb 65 | a7 30 54 b0 38 af 2b bf fd 21 de 74 72 3c 1d 14 | 9e 7d 2e 85 b7 86 57 ef 4b 38 ed 18 59 8c ad 94 | 30 72 88 f2 d2 f9 70 71 b6 e7 36 6d d1 1b 81 5f | 0b f0 70 ce 41 88 7e 17 2e 7b c0 4b 27 e7 4d 91 | 59 0b c2 6f 18 a6 b6 e6 0f 93 67 9d c2 93 d3 6d | 53 ad 4f 7d 25 7c b1 48 33 5e f7 72 0d 2e e1 b9 | 30 c8 d5 b0 22 24 19 22 06 92 8e 83 aa 7c 71 df | 58 e1 74 6b d4 ff 8d 72 67 fa 1b 05 70 1e f2 62 | c4 10 21 d9 21 1e c8 c2 08 4d 32 1e 52 00 82 9f | f1 61 5f c8 ca 27 7b 31 6e 33 15 8e df 2c 72 93 | 56 3f 4d f1 f2 b2 1b 1a a9 7b 5d 2b 48 dc 7e 7e | e8 79 5a 1c 4c 80 50 d6 64 bc fd 51 99 14 16 5c | 39 cf 59 00 67 6a fd b0 3d 49 89 f0 44 ae b5 f7 | ec 18 39 6d 65 d6 25 02 c1 92 a3 eb 39 5b 49 93 | 5d 6d 85 7b fc 9f 22 cb 6f 2c d9 75 c0 b5 4a 2f | 5f c9 21 f8 d8 c9 75 4f 34 fe d9 5b 60 fd cf 64 | a4 ee 06 c6 a7 f7 33 d9 ce 7c e3 2e c1 05 43 4b | 9c f3 2b 9f 2c af 6b 57 dd fb d6 6d f5 aa 66 f2 | fe df d5 7d 2a a4 57 4f 46 0f da ce 84 4b 44 1d | fe 26 3c 9b 1b 4c cc a6 14 24 61 47 f9 5d 98 81 | e1 b4 1f 77 6d 40 ff f1 08 d1 c2 ba a5 5d 62 e9 | b9 42 de fd 8c 81 89 2a 5b a1 f0 08 ca c7 12 f1 | 4c 56 a6 2b ad a4 51 fc 50 00 ba 71 ea 2d f1 53 | 05 6a da 80 0f 73 b1 b6 cc 49 fb ad b3 57 3c 16 | 13 83 a8 6f b8 0b 43 20 a3 45 fc 65 64 68 5a 99 | 6a 58 3b 9e 34 36 b3 93 09 76 86 39 e9 81 b4 44 | 2f 70 5f b2 f4 6e 29 68 43 04 f5 23 75 c5 a0 41 | 39 af 90 ab 2e 79 20 72 0f ce 24 79 5d fe 33 3d | 42 28 c1 2c 1c 90 81 20 ea ad f3 f6 ff d6 48 01 | 7c 76 27 c9 f1 f8 b4 22 83 98 ac 41 0b a7 b8 2a | 45 c0 04 cc 92 d2 c8 97 9d 78 9e 33 cb 2d 4f 0a | bf 7b 9e 77 52 e3 4c 83 1f bb b9 47 e5 6f df 2e | ae 1f 62 6d 6c 19 32 31 55 4e 23 4e 3c 42 47 f8 | 46 b4 3e ef 23 06 dd f8 c3 5c 6c 97 68 c7 43 bf | f8 a7 67 b3 3f bd ec 79 24 14 5a f8 1f 9a 79 c3 | 1e 13 3e d9 ae 7e dc 30 07 e9 2e f0 d9 a4 7b fd | a7 0b 9c 70 ab 2e 7e 8f 87 98 4b a2 23 96 5b 6c | a6 1e e7 25 d2 41 33 be 0e 49 c6 fd 95 26 4b 22 | 1c c6 f6 82 a7 6e 59 51 f2 ef 5f d4 ee 68 99 cd | 2d b4 73 44 3f 4a f5 e3 fa 92 2c 70 91 1d 63 ef | a4 00 06 24 25 55 9d 84 3d b2 9b e3 45 47 e5 a7 | 20 0a 68 e4 22 90 6f 35 e9 7e 39 83 8d 88 66 d4 | 37 fe af 4b d1 21 11 07 39 70 65 1e 6b 28 92 0c | 5f f3 e0 9f 9a 24 ce f3 81 99 aa 7d 2d 28 66 95 | 50 1e d6 b1 d0 25 3d cb f6 40 70 7c a1 8d ea 95 | ee fc d8 d4 17 6d 79 ac 99 fa 34 81 f8 6c 4f 01 | c0 7c 93 d8 73 3f 4d a8 95 10 9c 3a c9 44 58 f9 | 55 85 43 ce 9c f8 d7 87 5a 8d 90 e9 b3 13 4e c0 | db ca 21 3c ee a4 c8 b0 b0 05 2e b2 0f 3b a1 86 | 3b 5c 53 da 9f 84 b2 5a 7f c2 ef 82 03 2d 3c e7 | 29 84 ec 86 ce c4 b5 29 39 0e 3b 98 d3 21 8b 3e | 3f 45 43 d8 ce 76 4b 51 2a e9 d1 77 c8 10 57 83 | 92 cf e0 ab fe c0 b2 c0 e9 54 81 93 d1 7b 88 e0 | f2 71 ac 61 98 29 08 0a 34 f4 a5 d5 49 84 0c f4 | 89 54 db c9 68 fe 6d 84 e2 bb f0 37 55 49 18 a4 | 88 9e 92 c6 b7 b6 46 00 5b e2 d5 2d 2f 0a 79 2c | ee 47 47 4e b4 1f e6 5c 49 29 60 b2 12 3b dc 38 | 22 ca c5 8b 46 b6 30 ab 19 ef f5 36 48 c3 a4 5f | b7 c1 6b 19 ba 23 2f fd 7a 25 fd 28 53 2f 4c df | d7 b9 90 79 bd da 23 3e 55 84 21 4c cc 91 89 97 | 65 15 bd ae fc 1f 8b 31 ee a9 23 18 45 5c 11 37 | 80 dc b5 ae 54 7d 90 a7 cb 85 01 3d e7 82 95 f3 | b4 41 34 db 21 ae 56 7f af 4b 86 76 37 05 38 28 | b3 0f b0 75 a5 3f 4f e2 0e 0e 00 9b 17 4d 31 2e | dd b6 d1 56 4b dc 2a 33 57 cc b5 16 5a 67 d6 c7 | d8 50 b5 a7 82 31 b4 c8 b5 6a 9a 0e ca 37 a4 36 | 81 f2 9a 31 32 d2 13 8e ee 47 13 8d e0 f9 95 5a | c4 50 ee 0d 97 de 9c c1 2d df a0 14 e4 d3 83 b1 | 0e 20 0e 4e 6e 0c 1c f3 08 64 7d bc 5a 3b 91 7a | 73 24 d0 69 3e 96 11 09 a6 3b ee b4 0f 4e 24 e7 | 2f b3 e1 83 c0 29 1f 61 5c c9 95 75 95 e9 0a 42 | e5 77 74 65 d6 46 be 8b 57 d9 83 af ad ca e2 d9 | e3 c8 a2 ec 69 ac b5 13 c5 d7 e6 60 1c df 7f a2 | 59 f2 ff 39 49 50 d0 25 65 88 fa 72 91 ac f7 32 | a0 b0 f0 91 cf 8b c1 ae 48 04 60 b5 b7 c8 61 5b | df 6a 30 e0 f4 82 1c b7 3e d4 55 6d 5a 6b 11 52 | 0b 6f 50 9a fe 2a 81 cb 0f 1f 72 1d 6c 55 97 c3 | 1f a8 71 31 c0 08 96 e9 a4 2f bd 3b 5a 25 ea 54 | fc d1 ab 83 05 05 77 0d 67 5c 48 0b 58 59 77 84 | 24 36 b0 48 81 ce b5 a5 98 9e 8d 02 b8 78 ed aa | c5 ca 8f ce bf d4 4d 5e 37 4a 94 e0 df 25 2b ca | 3b 0d ab e7 5b 5d e8 de bb f5 37 a8 ea ed e5 4a | 9d 44 94 86 dd f5 6c e3 7a 10 49 47 f7 70 41 f4 | db a6 90 6b 65 24 cf 1c 1b a5 c3 c3 ee 3b bb 26 | 88 2f a5 15 be a7 d2 10 08 95 81 22 d7 56 38 f1 | a7 70 1c c2 65 fe da 62 96 be b0 5e 94 0a 21 6d | 93 05 04 e0 9f 7d e5 3e a9 b6 49 8e 18 1c 5b e8 | 3d 3d 54 b5 eb 11 ee 26 6a 81 a7 e9 20 f5 ad 48 | ba f9 42 ea 95 fc 4d 8d 47 8d 10 a0 02 0a d1 97 | 17 7d ce 51 d9 55 92 7f 0b 71 bc be 76 ea 51 3b | 95 a7 93 9a 3d 79 42 87 00 ae 1e 4a 1a 91 1f fc | 88 16 eb fc 35 c5 5b 87 b6 9e 20 92 23 5e ce 89 | c4 ee 81 f7 fe 15 8d 5f df c1 e6 88 a3 93 39 1b | 57 e9 cb f4 a1 35 c2 1d d1 fb 79 9e ab 7a 91 69 | a6 68 5f 72 6b 24 8a 5c 79 3e 13 e2 8d 62 bd 7d | 2a f5 6d 9c 1f 44 44 f7 a5 77 18 12 90 1d 23 0d | 06 4f 3b 18 88 d7 23 00 84 2a 24 a3 33 92 09 0e | cf cf e4 42 66 fa 8e 88 55 f6 7b d8 f7 f8 b1 bb | 56 f9 56 7b e2 15 bf 82 5f 28 83 18 22 96 9b bb | 38 a2 e0 58 88 d6 61 d4 c6 77 ef 7c 89 e2 14 01 | b9 08 38 ea d2 97 c9 aa 45 a2 12 d2 75 b8 07 4c | 70 7a 8a f2 31 80 98 5a e9 2f 25 cf 26 45 f0 76 | 3b cb b0 f1 c9 5f 27 4a 2a 59 4d b7 2b ad a6 e8 | a5 e6 25 bd 58 b2 cc 52 53 3b 39 41 | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | ed b5 5c 3c d0 47 93 cb | responder cookie: | 12 d0 f4 86 da ac ad 5c | next payload type: ISAKMP_NEXT_ID (0x5) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 0 (0x0) | length: 1852 (0x73c) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) | start processing: state #1 connection "east-any"[1] 192.1.3.33 from 192.1.3.33:500 (in process_v1_packet() at ikev1.c:1459) | #1 is idle | #1 idle | received encrypted packet from 192.1.3.33:500 | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x220 opt: 0x20c0 | ***parse ISAKMP Identification Payload: | next payload type: ISAKMP_NEXT_CERT (0x6) | length: 193 (0xc1) | ID type: ID_DER_ASN1_DN (0x9) | DOI specific A: 0 (0x0) | DOI specific B: 0 (0x0) | obj: 30 81 b6 31 0b 30 09 06 03 55 04 06 13 02 43 41 | obj: 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 | obj: 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 | obj: 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c | obj: 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 | obj: 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 | obj: 6e 74 31 24 30 22 06 03 55 04 03 0c 1b 6e 6f 72 | obj: 74 68 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 | obj: 73 77 61 6e 2e 6f 72 67 31 2f 30 2d 06 09 2a 86 | obj: 48 86 f7 0d 01 09 01 16 20 75 73 65 72 2d 6e 6f | obj: 72 74 68 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 | obj: 65 73 77 61 6e 2e 6f 72 67 | got payload 0x40 (ISAKMP_NEXT_CERT) needed: 0x200 opt: 0x20c0 | ***parse ISAKMP Certificate Payload: | next payload type: ISAKMP_NEXT_CR (0x7) | length: 1232 (0x4d0) | cert encoding: CERT_X509_SIGNATURE (0x4) | got payload 0x80 (ISAKMP_NEXT_CR) needed: 0x200 opt: 0x20c0 | ***parse ISAKMP Certificate RequestPayload: | next payload type: ISAKMP_NEXT_SIG (0x9) | length: 5 (0x5) | cert type: CERT_X509_SIGNATURE (0x4) | got payload 0x200 (ISAKMP_NEXT_SIG) needed: 0x200 opt: 0x20c0 | ***parse ISAKMP Signature Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 388 (0x184) | removing 6 bytes of padding | message 'main_inI3_outR3' HASH payload not checked early | DER ASN1 DN: 30 81 b6 31 0b 30 09 06 03 55 04 06 13 02 43 41 | DER ASN1 DN: 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 | DER ASN1 DN: 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 | DER ASN1 DN: 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c | DER ASN1 DN: 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 | DER ASN1 DN: 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 | DER ASN1 DN: 6e 74 31 24 30 22 06 03 55 04 03 0c 1b 6e 6f 72 | DER ASN1 DN: 74 68 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 | DER ASN1 DN: 73 77 61 6e 2e 6f 72 67 31 2f 30 2d 06 09 2a 86 | DER ASN1 DN: 48 86 f7 0d 01 09 01 16 20 75 73 65 72 2d 6e 6f | DER ASN1 DN: 72 74 68 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 | DER ASN1 DN: 65 73 77 61 6e 2e 6f 72 67 "east-any"[1] 192.1.3.33 #1: Peer ID is ID_DER_ASN1_DN: 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' | global one-shot timer EVENT_FREE_ROOT_CERTS scheduled in 300 seconds loading root certificate cache | spent 2.66 milliseconds in get_root_certs() calling PK11_ListCertsInSlot() | spent 0.0151 milliseconds in get_root_certs() filtering CAs | #1 spent 2.69 milliseconds in find_and_verify_certs() calling get_root_certs() | checking for known CERT payloads | saving certificate of type 'X509_SIGNATURE' | decoded cert: E=user-north@testing.libreswan.org,CN=north.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA | #1 spent 0.409 milliseconds in find_and_verify_certs() calling decode_cert_payloads() | cert_issuer_has_current_crl: looking for a CRL issued by E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA | #1 spent 0.0273 milliseconds in find_and_verify_certs() calling crl_update_check() | missing or expired CRL | crl_strict: 0, ocsp: 0, ocsp_strict: 0, ocsp_post: 0 | verify_end_cert trying profile IPsec | certificate is valid (profile IPsec) | #1 spent 0.079 milliseconds in find_and_verify_certs() calling verify_end_cert() "east-any"[1] 192.1.3.33 #1: certificate verified OK: E=user-north@testing.libreswan.org,CN=north.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x561d26443ab8 | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x561d26443908 | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x561d26443758 | unreference key: 0x561d264531b8 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org cnt 1-- | #1 spent 0.161 milliseconds in decode_certs() calling add_pubkey_from_nss_cert() | #1 spent 3.39 milliseconds in decode_certs() | ID_DER_ASN1_DN 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' needs further ID comparison against 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' | ID_DER_ASN1_DN 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' matched our ID | SAN ID matched, updating that.cert | X509: CERT and ID matches current connection | CR | requested CA: '%any' | refine_host_connection for IKEv1: starting with "east-any"[1] 192.1.3.33 | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' | match_id a=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org | b=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org | results matched | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' | refine_host_connection: checking "east-any"[1] 192.1.3.33 against "east-any"[1] 192.1.3.33, best=(none) with match=1(id=1(0)/ca=1(7)/reqca=1(0)) | Warning: not switching back to template of current instance | No IDr payload received from peer | refine_host_connection: checked east-any[1] 192.1.3.33 against east-any[1] 192.1.3.33, now for see if best | started looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org of kind PKK_RSA | searching for certificate PKK_RSA:AwEAAbEef vs PKK_RSA:AwEAAbEef | refine_host_connection: picking new best "east-any"[1] 192.1.3.33 (wild=0, peer_pathlen=7/our=0) | refine going into 2nd loop allowing instantiated conns as well | find_host_pair: comparing 192.1.2.23:500 to 0.0.0.0:500 but ignoring ports | match_id a=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org | b=%fromcert | results fail | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' | refine_host_connection: checking "east-any"[1] 192.1.3.33 against "east-any", best=east-any with match=0(id=0(0)/ca=1(7)/reqca=1(0)) | Warning: not switching back to template of current instance | No IDr payload received from peer | refine_host_connection: checked east-any[1] 192.1.3.33 against east-any, now for see if best | started looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org->%fromcert of kind PKK_RSA | searching for certificate PKK_RSA:AwEAAbEef vs PKK_RSA:AwEAAbEef | returning since no better match than original best_found | offered CA: 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' | required RSA CA is '%any' | checking RSA keyid 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' for match with 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' | key issuer CA is 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' | an RSA Sig check passed with *AwEAAcBZv [remote certificates] | #1 spent 0.105 milliseconds in try_all_RSA_keys() trying a pubkey "east-any"[1] 192.1.3.33 #1: Authenticated using RSA | thinking about whether to send my certificate: | I have RSA key: OAKLEY_RSA_SIG cert.type: CERT_X509_SIGNATURE | sendcert: CERT_ALWAYSSEND and I did not get a certificate request | so send cert. | **emit ISAKMP Message: | initiator cookie: | ed b5 5c 3c d0 47 93 cb | responder cookie: | 12 d0 f4 86 da ac ad 5c | next payload type: ISAKMP_NEXT_ID (0x5) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | next payload chain: ignoring supplied 'ISAKMP Message'.'next payload type' value 5:ISAKMP_NEXT_ID | ***emit ISAKMP Identification Payload (IPsec DOI): | next payload type: ISAKMP_NEXT_CERT (0x6) | ID type: ID_DER_ASN1_DN (0x9) | Protocol ID: 0 (0x0) | port: 0 (0x0) | next payload chain: ignoring supplied 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' value 6:ISAKMP_NEXT_CERT | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' | emitting 183 raw bytes of my identity into ISAKMP Identification Payload (IPsec DOI) | my identity 30 81 b4 31 0b 30 09 06 03 55 04 06 13 02 43 41 | my identity 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 | my identity 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 | my identity 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c | my identity 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 | my identity 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 | my identity 6e 74 31 23 30 21 06 03 55 04 03 0c 1a 65 61 73 | my identity 74 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 | my identity 77 61 6e 2e 6f 72 67 31 2e 30 2c 06 09 2a 86 48 | my identity 86 f7 0d 01 09 01 16 1f 75 73 65 72 2d 65 61 73 | my identity 74 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 | my identity 77 61 6e 2e 6f 72 67 | emitting length of ISAKMP Identification Payload (IPsec DOI): 191 "east-any"[1] 192.1.3.33 #1: I am sending my cert | ***emit ISAKMP Certificate Payload: | next payload type: ISAKMP_NEXT_SIG (0x9) | cert encoding: CERT_X509_SIGNATURE (0x4) | next payload chain: ignoring supplied 'ISAKMP Certificate Payload'.'next payload type' value 9:ISAKMP_NEXT_SIG | next payload chain: setting previous 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' to current ISAKMP Certificate Payload (6:ISAKMP_NEXT_CERT) | next payload chain: saving location 'ISAKMP Certificate Payload'.'next payload type' in 'reply packet' | emitting 1260 raw bytes of CERT into ISAKMP Certificate Payload | CERT 30 82 04 e8 30 82 04 51 a0 03 02 01 02 02 01 03 | CERT 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 | CERT 81 ac 31 0b 30 09 06 03 55 04 06 13 02 43 41 31 | CERT 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 69 | CERT 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 6f | CERT 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c 69 | CERT 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 0b | CERT 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 6e | CERT 74 31 25 30 23 06 03 55 04 03 0c 1c 4c 69 62 72 | CERT 65 73 77 61 6e 20 74 65 73 74 20 43 41 20 66 6f | CERT 72 20 6d 61 69 6e 63 61 31 24 30 22 06 09 2a 86 | CERT 48 86 f7 0d 01 09 01 16 15 74 65 73 74 69 6e 67 | CERT 40 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 30 22 | CERT 18 0f 32 30 31 39 30 38 32 34 30 39 30 37 35 33 | CERT 5a 18 0f 32 30 32 32 30 38 32 33 30 39 30 37 35 | CERT 33 5a 30 81 b4 31 0b 30 09 06 03 55 04 06 13 02 | CERT 43 41 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 | CERT 61 72 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 | CERT 6f 72 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c | CERT 09 4c 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 | CERT 55 04 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 | CERT 6d 65 6e 74 31 23 30 21 06 03 55 04 03 0c 1a 65 | CERT 61 73 74 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 | CERT 65 73 77 61 6e 2e 6f 72 67 31 2e 30 2c 06 09 2a | CERT 86 48 86 f7 0d 01 09 01 16 1f 75 73 65 72 2d 65 | CERT 61 73 74 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 | CERT 65 73 77 61 6e 2e 6f 72 67 30 82 01 a2 30 0d 06 | CERT 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 8f | CERT 00 30 82 01 8a 02 82 01 81 00 b1 1e 7c b3 bf 11 | CERT 96 94 23 ca 97 5e c7 66 36 55 71 49 95 8d 0c 2a | CERT 5c 30 4d 58 29 a3 7b 4d 3b 3f 03 06 46 a6 04 63 | CERT 71 0d e1 59 4f 9c ec 3a 17 24 8d 91 6a a8 e2 da | CERT 57 41 de f4 ff 65 bf f6 11 34 d3 7d 5a 7f 6e 3a | CERT 3b 74 3c 51 2b e4 bf ce 6b b2 14 47 26 52 f5 57 | CERT 28 bc c5 fb f9 bc 2d 4e b9 f8 46 54 c7 95 41 a7 | CERT a4 b4 d3 b3 fe 55 4b df f5 c3 78 39 8b 4e 04 57 | CERT c0 1d 5b 17 3c 28 eb 40 9d 1d 7c b3 bb 0f f0 63 | CERT c7 c0 84 b0 4e e4 a9 7c c5 4b 08 43 a6 2d 00 22 | CERT fd 98 d4 03 d0 ad 97 85 d1 48 15 d3 e4 e5 2d 46 | CERT 7c ab 41 97 05 27 61 77 3d b6 b1 58 a0 5f e0 8d | CERT 26 84 9b 03 20 ce 5e 27 7f 7d 14 03 b6 9d 6b 9f | CERT fd 0c d4 c7 2d eb be ea 62 87 fa 99 e0 a6 1c 85 | CERT 4f 34 da 93 2e 5f db 03 10 58 a8 c4 99 17 2d b1 | CERT bc e5 7b bd af 0e 28 aa a5 74 ea 69 74 5e fa 2c | CERT c3 00 3c 2f 58 d0 20 cf e3 46 8d de aa f9 f7 30 | CERT 5c 16 05 04 89 4c 92 9b 8a 33 11 70 83 17 58 24 | CERT 2a 4b ab be b6 ec 84 9c 78 9c 11 04 2a 02 ce 27 | CERT 83 a1 1f 2b 38 3f 27 7d 46 94 63 ff 64 59 4e 6c | CERT 87 ca 3e e6 31 df 1e 7d 48 88 02 c7 9d fa 4a d7 | CERT f2 5b a5 fd 7f 1b c6 dc 1a bb a6 c4 f8 32 cd bf | CERT a7 0b 71 8b 2b 31 41 17 25 a4 18 52 7d 32 fc 0f | CERT 5f b8 bb ca e1 94 1a 42 4d 1f 37 16 67 84 ae b4 | CERT 32 42 9c 5a 91 71 62 b4 4b 07 02 03 01 00 01 a3 | CERT 82 01 06 30 82 01 02 30 09 06 03 55 1d 13 04 02 | CERT 30 00 30 47 06 03 55 1d 11 04 40 30 3e 82 1a 65 | CERT 61 73 74 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 | CERT 65 73 77 61 6e 2e 6f 72 67 81 1a 65 61 73 74 40 | CERT 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 | CERT 6e 2e 6f 72 67 87 04 c0 01 02 17 30 0b 06 03 55 | CERT 1d 0f 04 04 03 02 07 80 30 1d 06 03 55 1d 25 04 | CERT 16 30 14 06 08 2b 06 01 05 05 07 03 01 06 08 2b | CERT 06 01 05 05 07 03 02 30 41 06 08 2b 06 01 05 05 | CERT 07 01 01 04 35 30 33 30 31 06 08 2b 06 01 05 05 | CERT 07 30 01 86 25 68 74 74 70 3a 2f 2f 6e 69 63 2e | CERT 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 | CERT 6e 2e 6f 72 67 3a 32 35 36 30 30 3d 06 03 55 1d | CERT 1f 04 36 30 34 30 32 a0 30 a0 2e 86 2c 68 74 74 | CERT 70 3a 2f 2f 6e 69 63 2e 74 65 73 74 69 6e 67 2e | CERT 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 2f 72 65 | CERT 76 6f 6b 65 64 2e 63 72 6c 30 0d 06 09 2a 86 48 | CERT 86 f7 0d 01 01 0b 05 00 03 81 81 00 3a 56 a3 7d | CERT b1 4e 62 2f 82 0d e3 fe 74 40 ef cb eb 93 ea ad | CERT e4 74 8b 80 6f ae 8b 65 87 12 a6 24 0d 21 9c 5f | CERT 70 5c 6f d9 66 8d 98 8b ea 59 f8 96 52 6a 6c 86 | CERT d6 7d ba 37 a9 8c 33 8c 77 18 23 0b 1b 2a 66 47 | CERT e7 95 94 e6 75 84 30 d4 db b8 23 eb 89 82 a9 fd | CERT ed 46 8b ce 46 7f f9 19 8f 49 da 29 2e 1e 97 cd | CERT 12 42 86 c7 57 fc 4f 0a 19 26 8a a1 0d 26 81 4d | CERT 53 f4 5c 92 a1 03 03 8d 6c 51 33 cc | emitting length of ISAKMP Certificate Payload: 1265 | started looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org of kind PKK_RSA | searching for certificate PKK_RSA:AwEAAbEef vs PKK_RSA:AwEAAbEef | ***emit ISAKMP Signature Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Certificate Payload'.'next payload type' to current ISAKMP Signature Payload (9:ISAKMP_NEXT_SIG) | next payload chain: saving location 'ISAKMP Signature Payload'.'next payload type' in 'reply packet' | emitting 384 raw bytes of SIG_R into ISAKMP Signature Payload | SIG_R 6f ff c4 41 ae 39 d7 2c 6d 14 a1 d8 fa e9 fc 3d | SIG_R eb f1 03 64 b4 34 d2 8f ae 86 45 da 5b 69 e9 02 | SIG_R d7 30 97 59 b1 e7 ac a3 0d 8e 09 41 b0 97 d7 a6 | SIG_R 3b 0f 91 b5 93 e5 ac 5d 7c a2 cf 79 70 d1 9e 5b | SIG_R 82 cb fb c5 92 b8 4e 17 1a fc 0b b0 ba 8c 7a 54 | SIG_R fc ca 34 75 71 1e a1 e3 2c 76 a9 ef 6f 3f d8 b5 | SIG_R d4 c6 d7 fa 98 f3 5a 0f 09 8f 00 1e 07 5c db 01 | SIG_R 6c 40 df 71 ab 7d 16 3c 07 dc f7 ba b4 07 78 54 | SIG_R c5 ea 43 32 8f 79 44 56 b0 8b f1 d5 cf ef 3c 07 | SIG_R 9e 1b 10 25 53 a0 f1 0b 90 f4 a5 a6 6a 21 c9 ac | SIG_R c4 07 65 b5 6a eb dd 1b c3 1b ad 0d ab d9 60 da | SIG_R 54 24 4a d3 70 cc b8 f4 94 f9 9c 56 e9 1f 67 a5 | SIG_R 5a 1a 6c 30 d6 3f cf 22 29 dc f0 da d2 6b 60 f2 | SIG_R fd da a1 ec 99 0e 05 76 7e 81 6f 01 28 1d 63 92 | SIG_R de 0e 6f e1 92 de 66 d0 3a 4c e9 d9 13 d2 02 1d | SIG_R 83 3e c0 fb 25 d7 30 32 3c c5 2f 0f 0b d4 4e 35 | SIG_R 7f ad 2d fd fd 0d 79 9f dd 01 da f4 dd 00 d5 cc | SIG_R 37 3c 4b 14 86 51 78 e4 4e 16 b1 82 58 72 60 9e | SIG_R 8e 5f 13 9a dd d4 d6 80 e2 fc 8c 17 1a 58 c9 5b | SIG_R 30 7e 58 fb d4 a1 e5 47 6d f5 ad 59 9c 87 80 90 | SIG_R e5 75 cb 27 75 23 58 6f 48 56 1a a5 9c b2 d8 2b | SIG_R 2f 72 67 c4 f1 56 cb 8c cb 82 a8 c9 03 35 b8 94 | SIG_R d3 17 db 67 84 78 0d a6 42 ba fb 53 c3 a5 2b 05 | SIG_R bb 8d 13 9e f2 a3 de 9c 6e 55 c2 f9 ba cc c5 c5 | emitting length of ISAKMP Signature Payload: 388 | emitting 12 zero bytes of encryption padding into ISAKMP Message | no IKEv1 message padding required | emitting length of ISAKMP Message: 1884 | FOR_EACH_CONNECTION_... in ISAKMP_SA_established | complete v1 state transition with STF_OK | [RE]START processing: state #1 connection "east-any"[1] 192.1.3.33 from 192.1.3.33:500 (in complete_v1_state_transition() at ikev1.c:2673) | #1 is idle | doing_xauth:yes, t_xauth_client_done:no | IKEv1: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3 | parent state #1: MAIN_R2(open IKE SA) => MAIN_R3(established IKE SA) | event_already_set, deleting event | state #1 requesting EVENT_RETRANSMIT to be deleted | #1 STATE_MAIN_R3: retransmits: cleared | libevent_free: release ptr-libevent@0x561d264372a8 | free_event_entry: release EVENT_RETRANSMIT-pe@0x561d26437108 | sending reply packet to 192.1.3.33:500 (from 192.1.2.23:500) | sending 1884 bytes for STATE_MAIN_R2 through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) | ed b5 5c 3c d0 47 93 cb 12 d0 f4 86 da ac ad 5c | 05 10 02 01 00 00 00 00 00 00 07 5c de 35 41 4b | 46 b6 a2 73 84 41 dc 2c b8 db f9 ac c7 23 ae db | 04 12 7c 8e 3d 58 0c f0 69 12 e1 dc 3e eb d3 50 | a3 6e a1 93 30 80 24 6a b0 8a 1a 35 db 2e b1 54 | bc c4 75 4e 77 3c f7 e4 5c a2 39 e0 04 de 3e ea | d9 ed fd 67 49 49 13 85 e3 f3 ef cb 33 63 89 ac | e4 f7 9d 32 12 27 6e 6d c1 f9 bf 23 e0 55 7f 39 | 10 7d 78 0a 21 92 1f 4f 76 ad f5 b3 66 cb 89 fd | c3 7e 78 b4 73 2b f4 1d 50 55 7b cb fc ea 4e 47 | 89 fc c6 67 11 34 66 e9 d3 e0 96 46 f3 74 f6 04 | 51 79 2a bf 52 eb af 7f 41 b0 61 c0 db 42 34 4a | 03 2b 84 6a ad 29 8c d0 17 44 1b 62 16 a8 0d e1 | be 3b 40 a4 d9 70 36 8b 5f 84 97 c8 88 03 65 a6 | e1 62 07 fa dc 21 7d eb a0 52 3b a2 a4 cb bb 42 | 12 9e 0a 2a 7b bd 44 7a c3 23 e9 03 93 94 5f b0 | 4d 20 a8 90 43 d5 4d 4f e5 15 30 de 91 62 65 6d | c8 a0 cf 73 7e e6 74 cb 0a 3d 9b 67 fa 84 e6 1e | f1 cf cf bb ca 15 06 f6 06 dc 7d 3e ed 07 c6 2d | 16 f0 8a 1f d5 e3 34 c8 04 31 75 f3 1a 89 cc 1d | e5 51 38 ba 12 87 88 59 fa e4 93 8d 4f c9 90 c6 | de 46 3f d5 2c 45 88 57 7f 70 11 39 17 a4 ac 69 | cc 49 5f a5 de d3 6c 75 d1 20 90 ea b9 69 13 9c | 73 b0 be c7 62 68 f0 1e a3 6a 33 17 8a 7e 92 16 | bc 42 cf a6 33 79 bd 06 31 f5 e1 d6 89 4e 75 97 | 61 0a ee 00 75 95 4a d8 cd d4 55 ce 9f 82 48 84 | 7b dc e4 c3 e9 c1 55 3b 78 68 8e d3 16 f3 08 57 | 2b a3 a0 c4 88 8f 44 6d de 40 c7 f9 38 f9 12 28 | 5b 03 c2 a7 95 82 e9 36 6d a7 07 87 fb d0 f9 dc | 6b 39 0f 75 2e 98 17 a1 02 d0 fb a1 60 de a9 e9 | 72 7e 45 5c dd af fd be 03 b1 1d dc c3 41 26 b1 | 8c 76 5f 62 f3 37 b6 e9 ac 7d f6 3c c4 44 39 a9 | db 91 58 15 c3 7a e9 1c 4c 2c 84 ff b4 9c 91 82 | fb 19 c0 c3 2c 5c 9b fc 0e 47 a9 19 d1 73 3c fd | 43 c0 b2 b4 7b 18 bb 71 3a a6 38 9d 13 24 cd bd | 7e 81 fb a2 7d f8 b9 f0 38 d6 d2 bd 74 2f 13 2f | 58 54 aa 71 58 b9 56 99 8d 1c 2f 04 77 7f b7 2f | 6e 6b 98 cb c0 00 cf a9 28 b7 a8 c5 93 b2 b7 db | 6d 1d 78 5c f1 e2 1f 36 b1 d5 62 23 b9 fe c7 cf | 8f 54 ff 83 35 de d3 7d 4a 5a de 47 e0 7b b2 a8 | 82 4e 8a 6b 5f 9b 50 a4 6e 93 78 45 17 54 67 cb | aa 64 21 95 b3 e9 96 62 c6 c9 3d a9 5e ef e3 ad | 59 54 62 b9 b9 23 36 3f aa bc 44 d6 03 5b 71 b6 | 92 44 9d 01 73 a9 e9 e4 04 fe 33 c7 81 40 05 ae | e3 e5 19 44 4c 90 5b d6 c4 43 5e cf 25 b5 3a 4c | d4 e3 62 b4 b0 46 a6 a9 f9 eb 14 31 7f 9d 02 82 | e6 ae 5f 4a d1 0b 89 a6 87 85 94 1a 86 75 08 f2 | f6 76 a7 dc 26 1d 13 17 47 eb 47 57 1c 10 61 98 | 92 9f de a2 f7 35 12 f0 f6 72 c2 7d e8 d2 39 2b | 2b fb ec 1c 83 a2 ef 9d cc 04 25 d4 c9 35 7b aa | af 59 ea 83 f7 ec 8e 22 07 b8 2a cc 4d 64 58 a1 | 19 91 7b 0a e6 be c3 31 69 d1 0d bc b1 fb 87 52 | 3f 44 a0 5a 2a f4 61 ff 57 c8 2d 52 54 47 fc f7 | 50 32 37 be 75 65 71 b3 fd e3 99 e9 ac 34 a4 b4 | a5 6b e5 be 7a ae 55 5f d4 0c c0 9f 8f 87 ff 13 | 9c 67 2e f3 e0 5e 41 00 7c 3c 5e 09 37 47 06 2e | 30 84 3c 13 fb cc ff 28 e5 7e b6 45 0c 45 38 bc | 39 bb 74 98 a1 0d 70 ac c6 49 76 a5 ec e6 9d a1 | b0 45 eb a6 68 59 4e f7 b0 b9 a8 9a 7d 0b 17 e2 | 3e ba 55 6e 10 3e ef c5 01 31 61 6b 91 6d 7a 38 | ae a0 27 ce 38 13 55 51 66 0b 93 d0 7c f6 a4 f0 | 8d 5f 7a 71 06 4f 5d a9 f5 f5 a3 bc 0f 5a 8e 7c | 66 a7 c7 e3 66 89 e0 3c c0 b7 a5 30 71 07 a0 44 | 00 62 37 c0 2e f5 dc 0a eb 36 ea 3c cd 0a de 4f | bb 79 82 11 ae af c0 f4 a3 03 ef 5d f4 e7 76 e3 | c1 7a 5b 49 5f 2b 46 23 e0 ab db 3b 65 59 c9 7d | f4 1e c1 10 c5 be 99 cf dd 7b a6 e2 c3 c7 62 7f | c5 1a ea 19 6d 7d fb b8 f9 19 86 9e b8 27 d7 a0 | b3 4a 94 b9 fe 01 5e 25 f1 32 1b 19 15 e0 07 68 | 13 99 aa 42 ed 63 6b 48 12 4b 00 7f 1d 56 8d 00 | b2 9d 3b 5d a6 04 6e 76 ba e2 03 f7 f4 2a a6 72 | 17 f8 94 51 0d ee fd 9f a0 a9 89 ba c3 5f 5e 7c | 5c e5 d6 3a ee a3 5c ef b0 9e 6f 0a 92 13 65 b0 | 01 97 ba 44 4c ef 8a 4a 80 f1 d5 2e b3 d1 da 28 | 57 36 57 59 f7 30 de 5b d0 ad 6e 49 75 5f 4c 22 | 86 cd eb 2f 8f a1 d1 bc 2c 42 13 cf f5 a3 1d 0c | 01 c5 f3 6a 7a 4c 12 ee bb 9f c8 46 10 7d 85 5c | 03 75 ae 82 91 9d 3b 23 f8 ea 8d a7 b7 56 1d cb | 43 82 90 f6 91 ed 3b 39 2d a8 4e 00 97 77 60 25 | b4 b4 d8 cf a8 80 0f 41 6e 09 04 bf 12 f4 bf 5b | bf bc ff 65 2a 3e 4e 7a ab 5a 50 0a d3 d3 7c df | f6 34 15 50 88 53 f6 5c 22 26 6c 49 d0 6e a7 67 | 59 09 ff da 0c 52 5b ce 0b d1 8f c5 27 4d 32 cf | ea 92 4a 8c d7 8d a6 1a c9 0f 5b 14 79 21 5e 29 | dc f0 dc c6 05 b9 bc 0c 9c 0f 53 32 44 b2 43 d7 | f3 50 19 3c 5a bd e8 d8 b3 5a b7 27 7c ac 19 a9 | ce 9c f9 f5 69 ee f9 7a 0d 57 1e 6b bb 66 9b 46 | 73 38 09 aa 40 e2 70 06 f8 f6 bf 3f 92 30 ee 85 | 86 a9 4f 84 6d ff 77 ad 33 d8 2e 26 aa 1b 71 73 | 78 83 f8 e3 6b d1 96 b3 ac 72 8d 16 bb 0d 56 2f | 20 6f 18 63 d2 9f 53 ee 75 40 c0 f6 ce 83 fc 6a | 96 a5 43 d4 ab 70 ed 41 ef a5 2a 24 2e 77 41 9c | 90 0b a2 5a ec 92 70 d7 dd a4 96 f2 7b 93 e5 8d | 8c c6 44 d1 d8 15 dc 0f da 15 61 ad bd 9b d5 7f | e6 90 cd 0f 1e 19 19 47 39 cb fe 38 70 ca 0f ab | 9f 33 19 d5 fd b3 39 e2 8a b9 e3 e5 45 84 67 1b | 7e fb 76 29 cd 42 9c 4f c7 de 50 76 3e 5b b4 78 | 5a 09 84 e7 23 b3 65 87 88 5e 1e c5 ce c6 71 b1 | c2 d9 21 47 c5 bc 9b 81 9a 02 79 f5 72 64 18 57 | 3c 42 a3 27 73 d3 64 83 1d 2d 90 a4 6c 38 4b 53 | 65 c7 93 30 ee 36 f5 30 46 5f 9d 19 c7 d0 71 97 | a6 28 e1 a8 08 fd f7 ad a2 7e ff 11 64 c8 1c 13 | d8 6f 27 6f a1 6a aa 72 75 dd 50 69 ff f2 83 04 | 40 78 3c f7 df ef 67 a3 42 73 f0 da 72 9f b7 65 | 18 cb 88 bf 51 71 fe 88 fd f2 e3 99 2d 6c d6 73 | 77 f0 74 7a 6c 3b 1c 8a ad 60 41 36 ef e3 26 2d | 2f a1 3b b0 9e 45 de cd d9 c0 08 92 39 c0 45 5a | eb a7 6f 6b 2f 4f 5e 89 87 e7 8a 79 59 0f cb 37 | 78 d3 01 19 93 dd f5 f5 77 a1 10 05 a2 3d 74 66 | 6d 73 df 3c 8d 12 d7 72 cc 18 9d 60 bc f6 0e 8b | 13 c0 8f 7a 64 27 2f 21 c4 d9 ee 95 3e f1 6c 47 | eb e9 fa 9b 01 c4 3b 0e 27 aa e0 09 fb 69 94 2e | 39 55 7b 66 27 92 c3 23 f5 f0 54 1e ce 67 31 47 | 09 a9 83 a6 e8 e5 ee 2f 7f 3c f8 18 c7 78 10 0a | a5 7c 08 7d cc 2f 16 14 e3 11 43 a4 88 c3 41 36 | 71 48 fe f2 35 bb 42 20 6a 1d 4d 18 2f 42 d4 85 | c0 d6 3e ff 84 df 51 82 7f cc af a1 0f 5f 9c 05 | d4 72 a6 c5 a6 cc 14 b8 60 6c 1b 03 | !event_already_set at reschedule | event_schedule: new EVENT_SA_REPLACE-pe@0x561d26437108 | inserting event EVENT_SA_REPLACE, timeout in 3330 seconds for #1 | libevent_malloc: new ptr-libevent@0x561d26441e38 size 128 | pstats #1 ikev1.isakmp established "east-any"[1] 192.1.3.33 #1: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=RSA_SIG cipher=AES_CBC_256 integ=HMAC_SHA2_256 group=MODP2048} | DPD: dpd_init() called on ISAKMP SA | DPD: Peer supports Dead Peer Detection | DPD: not initializing DPD because DPD is disabled locally | XAUTH: Sending XAUTH Login/Password Request | event_schedule: new EVENT_v1_SEND_XAUTH-pe@0x561d2643bdc8 | inserting event EVENT_v1_SEND_XAUTH, timeout in 0.08 seconds for #1 | libevent_malloc: new ptr-libevent@0x561d26432518 size 128 | libevent_realloc: release ptr-libevent@0x561d263ca298 | libevent_realloc: new ptr-libevent@0x561d264316a8 size 128 | #1 spent 6.49 milliseconds | #1 spent 10.2 milliseconds in process_packet_tail() | stop processing: from 192.1.3.33:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "east-any"[1] 192.1.3.33 from 192.1.3.33:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 10.6 milliseconds in comm_handle_cb() reading and processing packet | timer_event_cb: processing event@0x561d2643bdc8 | handling event EVENT_v1_SEND_XAUTH for parent state #1 | start processing: state #1 connection "east-any"[1] 192.1.3.33 from 192.1.3.33:500 (in timer_event_cb() at timer.c:250) | XAUTH: event EVENT_v1_SEND_XAUTH #1 STATE_MAIN_R3 "east-any"[1] 192.1.3.33 #1: XAUTH: Sending Username/Password request (MAIN_R3->XAUTH_R0) | parent state #1: MAIN_R3(established IKE SA) => XAUTH_R0(established IKE SA) | **emit ISAKMP Message: | initiator cookie: | ed b5 5c 3c d0 47 93 cb | responder cookie: | 12 d0 f4 86 da ac ad 5c | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_MODE_CFG (0x6) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 3401437701 (0xcabdd205) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'xauth_buf' | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload | emitting length of ISAKMP Hash Payload: 36 | ***emit ISAKMP Mode Attribute: | next payload type: ISAKMP_NEXT_NONE (0x0) | Attr Msg Type: ISAKMP_CFG_REQUEST (0x1) | Identifier: 0 (0x0) | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Mode Attribute (14:ISAKMP_NEXT_MODECFG) | next payload chain: saving location 'ISAKMP Mode Attribute'.'next payload type' in 'xauth_buf' | ****emit ISAKMP ModeCfg attribute: | ModeCfg attr type: XAUTH-USER-NAME (0x4089) | length/value: 0 (0x0) | emitting length of ISAKMP ModeCfg attribute: 0 | ****emit ISAKMP ModeCfg attribute: | ModeCfg attr type: XAUTH-USER-PASSWORD (0x408a) | length/value: 0 (0x0) | emitting length of ISAKMP ModeCfg attribute: 0 | no IKEv1 message padding required | emitting length of ISAKMP Mode Attribute: 16 | XAUTH: send request HASH(1): | 0d af e7 6d 6a b7 59 f4 4b 59 53 fc 08 50 5a 67 | 83 36 95 8c 95 16 ed 57 43 04 d9 f8 ac bd 69 35 | no IKEv1 message padding required | emitting length of ISAKMP Message: 80 | emitting 12 zero bytes of encryption padding into ISAKMP Message | no IKEv1 message padding required | emitting length of ISAKMP Message: 92 | sending 92 bytes for XAUTH: req through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) | ed b5 5c 3c d0 47 93 cb 12 d0 f4 86 da ac ad 5c | 08 10 06 01 ca bd d2 05 00 00 00 5c 8b c1 f6 07 | e2 c9 06 01 ff 15 b6 37 73 6b 6e 53 a8 9a 75 84 | 83 90 0c 9b eb aa 48 7d c6 df f1 95 7f d1 90 fd | ac d2 c8 e2 60 50 b4 09 e3 e0 8e 09 cf fb 74 88 | 4c d9 02 76 24 01 2d be d0 08 4a 79 | state #1 requesting EVENT_SA_REPLACE to be deleted | libevent_free: release ptr-libevent@0x561d26441e38 | free_event_entry: release EVENT_SA_REPLACE-pe@0x561d26437108 | event_schedule: new EVENT_RETRANSMIT-pe@0x561d26437108 | inserting event EVENT_RETRANSMIT, timeout in 15 seconds for #1 | libevent_malloc: new ptr-libevent@0x561d26441278 size 128 | #1 STATE_XAUTH_R0: retransmits: first event in 15 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 29851.069108 | libevent_free: release ptr-libevent@0x561d26432518 | free_event_entry: release EVENT_v1_SEND_XAUTH-pe@0x561d2643bdc8 | #1 spent 0.176 milliseconds in timer_event_cb() EVENT_v1_SEND_XAUTH | stop processing: state #1 connection "east-any"[1] 192.1.3.33 from 192.1.3.33:500 (in timer_event_cb() at timer.c:557) | spent 0.00228 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 108 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) | ed b5 5c 3c d0 47 93 cb 12 d0 f4 86 da ac ad 5c | 08 10 06 01 ca bd d2 05 00 00 00 6c 8f f0 d6 7a | ef 87 43 9b 10 47 3e 4f 32 4b ed a5 3a 22 17 28 | 3e 38 da 38 11 f6 64 a3 d5 ef 01 0d 96 e7 5b 1e | 2a 2d 74 f2 40 e9 b2 c1 c6 82 37 c7 a6 56 03 21 | 92 46 e3 7b b5 98 23 ac e9 fa 25 db 90 bf 9a 0c | 60 d2 19 f5 2a 93 cf 13 b8 92 07 4d | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | ed b5 5c 3c d0 47 93 cb | responder cookie: | 12 d0 f4 86 da ac ad 5c | next payload type: ISAKMP_NEXT_HASH (0x8) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_MODE_CFG (0x6) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 3401437701 (0xcabdd205) | length: 108 (0x6c) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_MODE_CFG (6) | peer and cookies match on #1; msgid=cabdd205 st_msgid=00000000 st_msgid_phase15=cabdd205 | p15 state object #1 found, in STATE_XAUTH_R0 | State DB: found IKEv1 state #1 in XAUTH_R0 (find_v1_info_state) | start processing: state #1 connection "east-any"[1] 192.1.3.33 from 192.1.3.33:500 (in process_v1_packet() at ikev1.c:1802) | #1 is idle | #1 idle | received encrypted packet from 192.1.3.33:500 | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x4100 opt: 0x2000 | ***parse ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_MODECFG (0xe) | length: 36 (0x24) | got payload 0x4000 (ISAKMP_NEXT_MODECFG) needed: 0x4000 opt: 0x2000 | ***parse ISAKMP Mode Attribute: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 30 (0x1e) | Attr Msg Type: ISAKMP_CFG_REPLY (0x2) | Identifier: 0 (0x0) | removing 14 bytes of padding | xauth_inR0 HASH(1): | e3 3b a9 83 53 7e 9f 9d 1f 6f 86 73 ac a2 01 2b | 63 7c 65 84 82 b0 02 82 0d 45 f8 8e 4d af 58 9a | received 'xauth_inR0' message HASH(1) data ok | ****parse ISAKMP ModeCfg attribute: | ModeCfg attr type: XAUTH-USER-NAME (0x4089) | length/value: 6 (0x6) | ****parse ISAKMP ModeCfg attribute: | ModeCfg attr type: XAUTH-USER-PASSWORD (0x408a) | length/value: 8 (0x8) | state #1 requesting EVENT_RETRANSMIT to be deleted | #1 STATE_XAUTH_R0: retransmits: cleared | libevent_free: release ptr-libevent@0x561d26441278 | free_event_entry: release EVENT_RETRANSMIT-pe@0x561d26437108 "east-any"[1] 192.1.3.33 #1: XAUTH: authentication method 'always ok' requested to authenticate user 'xnorth' | scheduling resume xauth immediate for #1 | libevent_malloc: new ptr-libevent@0x561d26432518 size 128 | complete v1 state transition with STF_SUSPEND | [RE]START processing: state #1 connection "east-any"[1] 192.1.3.33 from 192.1.3.33:500 (in complete_v1_state_transition() at ikev1.c:2648) | suspending state #1 and saving MD | #1 is busy; has a suspended MD | #1 spent 0.0291 milliseconds in process_packet_tail() | stop processing: from 192.1.3.33:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "east-any"[1] 192.1.3.33 from 192.1.3.33:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.127 milliseconds in comm_handle_cb() reading and processing packet | processing resume xauth immediate for #1 | start processing: state #1 connection "east-any"[1] 192.1.3.33 from 192.1.3.33:500 (in resume_handler() at server.c:797) "east-any"[1] 192.1.3.33 #1: XAUTH: User xnorth: Authentication Successful | **emit ISAKMP Message: | initiator cookie: | ed b5 5c 3c d0 47 93 cb | responder cookie: | 12 d0 f4 86 da ac ad 5c | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_MODE_CFG (0x6) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 3260768354 (0xc25b6062) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'xauth_buf' | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload | emitting length of ISAKMP Hash Payload: 36 | ***emit ISAKMP Mode Attribute: | next payload type: ISAKMP_NEXT_NONE (0x0) | Attr Msg Type: ISAKMP_CFG_SET (0x3) | Identifier: 0 (0x0) | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Mode Attribute (14:ISAKMP_NEXT_MODECFG) | next payload chain: saving location 'ISAKMP Mode Attribute'.'next payload type' in 'xauth_buf' | ****emit ISAKMP ModeCfg attribute: | ModeCfg attr type: AF+XAUTH-STATUS (0xc08f) | length/value: 1 (0x1) | no IKEv1 message padding required | emitting length of ISAKMP Mode Attribute: 12 | XAUTH: status HASH(1): | 8c 39 75 d1 b3 2d 5c 9a 39 60 7b 4b f4 a8 9c 32 | 30 66 e4 c4 8d 64 36 0d 7c 31 c8 c7 6f 09 bd 7e | no IKEv1 message padding required | emitting length of ISAKMP Message: 76 | no IKEv1 message padding required | emitting length of ISAKMP Message: 76 | event_schedule: new EVENT_RETRANSMIT-pe@0x561d26437108 | inserting event EVENT_RETRANSMIT, timeout in 15 seconds for #1 | libevent_malloc: new ptr-libevent@0x561d26441278 size 128 | #1 STATE_XAUTH_R0: retransmits: first event in 15 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 29851.06982 | sending 76 bytes for XAUTH: status through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) | ed b5 5c 3c d0 47 93 cb 12 d0 f4 86 da ac ad 5c | 08 10 06 01 c2 5b 60 62 00 00 00 4c 2d 41 6f 36 | d0 36 28 cd aa 75 68 32 e0 fc 9d 70 5f 80 c8 29 | 0c 96 52 bb 91 9f 18 4d a7 52 10 1d 5a 9e ae 8e | e1 57 2d 36 d4 fc 10 04 e1 d7 9d 03 | parent state #1: XAUTH_R0(established IKE SA) => XAUTH_R1(established IKE SA) | resume xauth immediate for #1 suppresed complete_v1_state_transition() | #1 spent 0.107 milliseconds in resume xauth immediate | stop processing: state #1 connection "east-any"[1] 192.1.3.33 from 192.1.3.33:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x561d26432518 | spent 0.0022 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 76 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) | ed b5 5c 3c d0 47 93 cb 12 d0 f4 86 da ac ad 5c | 08 10 06 01 c2 5b 60 62 00 00 00 4c a3 ad 70 89 | fe 6c 66 93 b9 3b cd c9 fd e9 90 81 42 fd 1f a3 | 18 89 61 0a b9 86 c6 70 55 1f 08 f8 cc 76 1a aa | f5 2d ea a3 97 31 98 3a 74 eb 13 26 | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | ed b5 5c 3c d0 47 93 cb | responder cookie: | 12 d0 f4 86 da ac ad 5c | next payload type: ISAKMP_NEXT_HASH (0x8) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_MODE_CFG (0x6) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 3260768354 (0xc25b6062) | length: 76 (0x4c) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_MODE_CFG (6) | peer and cookies match on #1; msgid=c25b6062 st_msgid=00000000 st_msgid_phase15=c25b6062 | p15 state object #1 found, in STATE_XAUTH_R1 | State DB: found IKEv1 state #1 in XAUTH_R1 (find_v1_info_state) | start processing: state #1 connection "east-any"[1] 192.1.3.33 from 192.1.3.33:500 (in process_v1_packet() at ikev1.c:1802) | #1 is idle | #1 idle | received encrypted packet from 192.1.3.33:500 | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x4100 opt: 0x2000 | ***parse ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_MODECFG (0xe) | length: 36 (0x24) | got payload 0x4000 (ISAKMP_NEXT_MODECFG) needed: 0x4000 opt: 0x2000 | ***parse ISAKMP Mode Attribute: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 12 (0xc) | Attr Msg Type: ISAKMP_CFG_ACK (0x4) | Identifier: 0 (0x0) | xauth_inR1 HASH(1): | 08 56 e6 2c f0 44 0a 31 96 b1 2b c3 3e c5 87 a3 | 35 b5 28 22 7f 38 92 8b e0 13 1f 11 5d 81 1c a9 | received 'xauth_inR1' message HASH(1) data ok "east-any"[1] 192.1.3.33 #1: XAUTH: xauth_inR1(STF_OK) | modecfg server, pull mode. Starting new exchange. | complete v1 state transition with STF_OK | [RE]START processing: state #1 connection "east-any"[1] 192.1.3.33 from 192.1.3.33:500 (in complete_v1_state_transition() at ikev1.c:2673) | #1 is idle | doing_xauth:no, t_xauth_client_done:no | IKEv1: transition from state STATE_XAUTH_R1 to state STATE_MAIN_R3 | parent state #1: XAUTH_R1(established IKE SA) => MAIN_R3(established IKE SA) | event_already_set, deleting event | state #1 requesting EVENT_RETRANSMIT to be deleted | #1 STATE_MAIN_R3: retransmits: cleared | libevent_free: release ptr-libevent@0x561d26441278 | free_event_entry: release EVENT_RETRANSMIT-pe@0x561d26437108 | !event_already_set at reschedule | event_schedule: new EVENT_SA_REPLACE-pe@0x561d26437108 | inserting event EVENT_SA_REPLACE, timeout in 3330 seconds for #1 | libevent_malloc: new ptr-libevent@0x561d26441e38 size 128 | pstats #1 ikev1.isakmp established "east-any"[1] 192.1.3.33 #1: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=RSA_SIG cipher=AES_CBC_256 integ=HMAC_SHA2_256 group=MODP2048} | DPD: dpd_init() called on ISAKMP SA | DPD: Peer supports Dead Peer Detection | DPD: not initializing DPD because DPD is disabled locally | modecfg pull: noquirk policy:pull not-client | phase 1 is done, looking for phase 2 to unpend | #1 spent 0.04 milliseconds in process_packet_tail() | stop processing: from 192.1.3.33:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "east-any"[1] 192.1.3.33 from 192.1.3.33:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.132 milliseconds in comm_handle_cb() reading and processing packet | spent 0.0012 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 108 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) | ed b5 5c 3c d0 47 93 cb 12 d0 f4 86 da ac ad 5c | 08 10 06 01 dd 7b 1a 4e 00 00 00 6c bf 44 01 04 | f3 d9 6e a5 63 99 03 9a 72 b1 2b e3 0f 90 16 28 | 44 c4 e1 a0 c1 1d 58 f7 b0 97 78 4b 15 9e 99 c6 | 14 35 f8 6f 53 bf cf a9 7a a7 0f 63 94 85 93 bc | 07 11 3c 4a 28 4d b4 f1 c6 55 29 5f da fc d7 4f | e9 a4 c2 b9 fb e8 8c 49 51 13 c5 36 | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | ed b5 5c 3c d0 47 93 cb | responder cookie: | 12 d0 f4 86 da ac ad 5c | next payload type: ISAKMP_NEXT_HASH (0x8) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_MODE_CFG (0x6) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 3715832398 (0xdd7b1a4e) | length: 108 (0x6c) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_MODE_CFG (6) | peer and cookies match on #1; msgid=dd7b1a4e st_msgid=00000000 st_msgid_phase15=00000000 | State DB: IKEv1 state not found (find_v1_info_state) | No appropriate Mode Config state yet. See if we have a Main Mode state | peer and cookies match on #1; msgid=00000000 st_msgid=00000000 st_msgid_phase15=00000000 | p15 state object #1 found, in STATE_MAIN_R3 | State DB: found IKEv1 state #1 in MAIN_R3 (find_v1_info_state) | start processing: state #1 connection "east-any"[1] 192.1.3.33 from 192.1.3.33:500 (in process_v1_packet() at ikev1.c:1678) | processing received isakmp_xchg_type ISAKMP_XCHG_MODE_CFG. | this is a xauthserver modecfgserver | call init_phase2_iv | set from_state to STATE_MAIN_R3 this is modecfgserver and IS_PHASE1() is TRUE | #1 is idle | #1 idle | received encrypted packet from 192.1.3.33:500 | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x4100 opt: 0x2000 | ***parse ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_MODECFG (0xe) | length: 36 (0x24) | got payload 0x4000 (ISAKMP_NEXT_MODECFG) needed: 0x4000 opt: 0x2000 | ***parse ISAKMP Mode Attribute: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 32 (0x20) | Attr Msg Type: ISAKMP_CFG_REQUEST (0x1) | Identifier: 0 (0x0) | removing 12 bytes of padding | modecfg_inR0 HASH(1): | c1 ea ea 3f 3f cf cd 14 d5 5a 56 b8 f7 ed 0f 3e | e5 65 d2 30 71 e8 64 92 e1 91 57 d6 98 e2 40 93 | received 'modecfg_inR0' message HASH(1) data ok | **emit ISAKMP Message: | initiator cookie: | ed b5 5c 3c d0 47 93 cb | responder cookie: | 12 d0 f4 86 da ac ad 5c | next payload type: ISAKMP_NEXT_HASH (0x8) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_MODE_CFG (0x6) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 3715832398 (0xdd7b1a4e) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | next payload chain: ignoring supplied 'ISAKMP Message'.'next payload type' value 8:ISAKMP_NEXT_HASH | arrived in modecfg_inR0 | ****parse ISAKMP ModeCfg attribute: | ModeCfg attr type: INTERNAL_IP4_ADDRESS (0x1) | length/value: 0 (0x0) | ****parse ISAKMP ModeCfg attribute: | ModeCfg attr type: INTERNAL_IP4_NETMASK (0x2) | length/value: 0 (0x0) | ****parse ISAKMP ModeCfg attribute: | ModeCfg attr type: INTERNAL_IP4_DNS (0x3) | length/value: 0 (0x0) | ****parse ISAKMP ModeCfg attribute: | ModeCfg attr type: MODECFG_BANNER (0x7000) | length/value: 0 (0x0) | Unsupported modecfg (CFG_REQUEST) long attribute MODECFG_BANNER received. | ****parse ISAKMP ModeCfg attribute: | ModeCfg attr type: MODECFG_DOMAIN (0x7002) | length/value: 0 (0x0) | Unsupported modecfg (CFG_REQUEST) long attribute MODECFG_DOMAIN received. | ****parse ISAKMP ModeCfg attribute: | ModeCfg attr type: CISCO_SPLIT_INC (0x7004) | length/value: 0 (0x0) | Unsupported modecfg (CFG_REQUEST) long attribute CISCO_SPLIT_INC received. | ***emit ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'reply packet' | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload | emitting length of ISAKMP Hash Payload: 36 | ***emit ISAKMP Mode Attribute: | next payload type: ISAKMP_NEXT_NONE (0x0) | Attr Msg Type: ISAKMP_CFG_REPLY (0x2) | Identifier: 0 (0x0) | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Mode Attribute (14:ISAKMP_NEXT_MODECFG) | next payload chain: saving location 'ISAKMP Mode Attribute'.'next payload type' in 'reply packet' | request lease from addresspool 192.0.2.100-192.0.2.200 reference count 2 thatid 'xnorth' that.client.addr 192.1.3.33 | addresspool can share this lease | in share_lease: no lingering addresspool lease for 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' | addresspool can share this lease | New lease from addresspool index 0 | new lease 192.0.2.100 from addresspool 192.0.2.100-192.0.2.200 to that.client.addr 192.1.3.33 thatid 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' | ****emit ISAKMP ModeCfg attribute: | ModeCfg attr type: INTERNAL_IP4_ADDRESS (0x1) | emitting 4 raw bytes of IP_addr into ISAKMP ModeCfg attribute | IP_addr c0 00 02 64 | emitting length of ISAKMP ModeCfg attribute: 4 | ****emit ISAKMP ModeCfg attribute: | ModeCfg attr type: INTERNAL_IP4_NETMASK (0x2) | emitting 4 raw bytes of IP4_submsk into ISAKMP ModeCfg attribute | IP4_submsk ff ff ff 00 | emitting length of ISAKMP ModeCfg attribute: 4 | ****emit ISAKMP ModeCfg attribute: | ModeCfg attr type: INTERNAL_IP4_DNS (0x3) | emitting 4 raw bytes of IP4_dns into ISAKMP ModeCfg attribute | IP4_dns 01 02 03 04 | emitting length of ISAKMP ModeCfg attribute: 4 | ****emit ISAKMP ModeCfg attribute: | ModeCfg attr type: INTERNAL_IP4_DNS (0x3) | emitting 4 raw bytes of IP4_dns into ISAKMP ModeCfg attribute | IP4_dns 05 06 07 08 | emitting length of ISAKMP ModeCfg attribute: 4 | We are not sending a domain | We are not sending a banner | We are sending our subnet as CISCO_SPLIT_INC | ****emit ISAKMP ModeCfg attribute: | ModeCfg attr type: CISCO_SPLIT_INC (0x7004) | *****emit CISCO split item: | IPv4 address: c0 00 02 00 | IPv4 mask: ff ff ff 00 | emitting length of ISAKMP ModeCfg attribute: 14 | padding IKEv1 message with 2 bytes | emitting 2 zero bytes of message padding into ISAKMP Mode Attribute | emitting length of ISAKMP Mode Attribute: 60 | XAUTH: mode config response HASH(1): | 62 91 d1 a2 15 d0 d7 79 5c fd 0f 02 d1 f6 78 49 | b6 59 56 e6 fe 57 c2 de d3 d2 b4 7d 75 f2 fc ff | no IKEv1 message padding required | emitting length of ISAKMP Message: 124 | no IKEv1 message padding required | emitting length of ISAKMP Message: 124 "east-any"[1] 192.1.3.33 #1: modecfg_inR0(STF_OK) | complete v1 state transition with STF_OK | [RE]START processing: state #1 connection "east-any"[1] 192.1.3.33 from 192.1.3.33:500 (in complete_v1_state_transition() at ikev1.c:2673) | #1 is idle | doing_xauth:no, t_xauth_client_done:no | IKEv1: transition from state STATE_MODE_CFG_R0 to state STATE_MODE_CFG_R1 | parent state #1: MAIN_R3(established IKE SA) => MODE_CFG_R1(established IKE SA) | event_already_set, deleting event | state #1 requesting EVENT_SA_REPLACE to be deleted | libevent_free: release ptr-libevent@0x561d26441e38 | free_event_entry: release EVENT_SA_REPLACE-pe@0x561d26437108 | sending reply packet to 192.1.3.33:500 (from 192.1.2.23:500) | sending 124 bytes for STATE_MODE_CFG_R0 through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) | ed b5 5c 3c d0 47 93 cb 12 d0 f4 86 da ac ad 5c | 08 10 06 01 dd 7b 1a 4e 00 00 00 7c 12 b1 81 88 | 18 b7 b9 07 f8 d8 ec cc ae 99 ae 0a eb b5 8c 17 | a0 75 7c a1 72 bd df b1 bc e0 26 0f 83 4f d3 70 | f1 82 f0 7d 46 2c 53 8f ab 60 15 6d 0e aa 3f 36 | 97 e0 a2 87 3a 53 d0 2e 31 d8 04 86 84 bf 28 af | 2e 84 34 fc 3a eb 04 cf d1 98 f8 63 aa 4f 0b ab | bf 0f 60 27 22 eb c1 f4 c1 cf 74 e4 | !event_already_set at reschedule | event_schedule: new EVENT_SA_REPLACE-pe@0x561d26437108 | inserting event EVENT_SA_REPLACE, timeout in 3330 seconds for #1 | libevent_malloc: new ptr-libevent@0x561d264372a8 size 128 | pstats #1 ikev1.isakmp established "east-any"[1] 192.1.3.33 #1: STATE_MODE_CFG_R1: ModeCfg Set sent, expecting Ack {auth=RSA_SIG cipher=AES_CBC_256 integ=HMAC_SHA2_256 group=MODP2048} | DPD: dpd_init() called on ISAKMP SA | DPD: Peer supports Dead Peer Detection | DPD: not initializing DPD because DPD is disabled locally | modecfg pull: noquirk policy:pull not-client | phase 1 is done, looking for phase 2 to unpend | #1 spent 0.202 milliseconds in process_packet_tail() | stop processing: from 192.1.3.33:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #1 connection "east-any"[1] 192.1.3.33 from 192.1.3.33:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.297 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00222 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 476 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) | ed b5 5c 3c d0 47 93 cb 12 d0 f4 86 da ac ad 5c | 08 10 20 01 59 d4 59 54 00 00 01 dc 2c 1d 84 2a | 54 d2 c0 f2 34 4e e9 4a a3 8e 11 cf 71 ca 11 31 | bf 99 cc 9f 17 f4 6a 61 aa 97 2f 0e 7a fa 24 d7 | a8 5f 15 4b 37 c5 68 dd 2e eb 4d fa fa e7 0c 85 | a4 df 29 ca 3d 16 72 f9 43 d6 73 87 15 d3 d6 c0 | d2 3a 8b fd 67 42 09 bc 36 07 b2 52 5e 9c 3f 8f | aa 42 cc 3d 0b 69 d4 c3 c8 c1 f2 5e a3 8e 6f 44 | 2e 06 34 1a d8 7b 53 48 07 19 1d 1a 4f a8 dd 26 | 57 d6 84 57 b9 f7 06 0f 79 99 d6 02 b9 9c e5 11 | 26 95 7e 57 13 eb f6 f4 22 59 fc 7e a5 df 4d 6b | 6c 94 0c ca 65 48 48 54 3e 23 f4 eb d6 1f 1e 5e | f5 f8 13 53 21 20 0a e1 ef e1 12 ab 7b 72 a7 75 | d9 7a 81 5a a3 78 57 47 80 61 3e ac 65 d8 2b 92 | 20 dd e6 c3 b7 8c 2e ae f2 7d 04 30 58 fb f1 e1 | 3f b0 c5 38 04 3b ed 3e 74 89 16 25 83 0b 69 03 | 48 3a 0c 64 ce 91 da 1d 9c 59 e8 f8 ed fb 2b 04 | d8 94 e3 ed 86 a3 77 a3 24 2f 9a 47 3e 21 61 1b | 8f 05 04 3f d7 24 56 6f f0 4e 0e ab ba 52 fe f3 | 8c 05 00 bf 7b 17 7b 63 05 ac a8 1b ea be ac 66 | 15 14 7b 76 d9 48 f5 91 86 b2 51 ee f6 90 59 df | 0b c1 15 ff 32 ec 12 fd 00 03 2a d2 06 c9 d0 28 | 3a 18 e5 e1 fc fb 19 1d 1a 43 41 54 8a 0a a0 41 | 53 12 58 db f7 db 0a 2e eb 59 c6 01 6a 31 f1 16 | 14 4a e0 d8 b0 cd a1 55 12 50 57 54 5b 6d aa 74 | 0e 03 9d 93 97 c9 22 1e 4a d3 23 4b 65 d9 a6 13 | 9a 6d 95 86 d6 de fc 26 0b bd cb 20 e8 d6 b2 10 | 51 9a 43 dc 0d ab 6f 3d ed be 8d de 97 fd 2c 77 | b7 90 7a 1d 64 dc 8a a8 42 30 b5 b5 5c 1d ca eb | b4 23 e5 50 ed 2c b0 a9 7d 2d f5 11 | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | ed b5 5c 3c d0 47 93 cb | responder cookie: | 12 d0 f4 86 da ac ad 5c | next payload type: ISAKMP_NEXT_HASH (0x8) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_QUICK (0x20) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 1507088724 (0x59d45954) | length: 476 (0x1dc) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32) | State DB: IKEv1 state not found (find_state_ikev1) | State DB: found IKEv1 state #1 in MODE_CFG_R1 (find_state_ikev1) | start processing: state #1 connection "east-any"[1] 192.1.3.33 from 192.1.3.33:500 (in process_v1_packet() at ikev1.c:1607) | #1 is idle | #1 idle | received encrypted packet from 192.1.3.33:500 | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x502 opt: 0x200030 | ***parse ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_SA (0x1) | length: 36 (0x24) | got payload 0x2 (ISAKMP_NEXT_SA) needed: 0x402 opt: 0x200030 | ***parse ISAKMP Security Association Payload: | next payload type: ISAKMP_NEXT_NONCE (0xa) | length: 84 (0x54) | DOI: ISAKMP_DOI_IPSEC (0x1) | got payload 0x400 (ISAKMP_NEXT_NONCE) needed: 0x400 opt: 0x200030 | ***parse ISAKMP Nonce Payload: | next payload type: ISAKMP_NEXT_KE (0x4) | length: 36 (0x24) | got payload 0x10 (ISAKMP_NEXT_KE) needed: 0x0 opt: 0x200030 | ***parse ISAKMP Key Exchange Payload: | next payload type: ISAKMP_NEXT_ID (0x5) | length: 260 (0x104) | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030 | ***parse ISAKMP Identification Payload (IPsec DOI): | next payload type: ISAKMP_NEXT_ID (0x5) | length: 12 (0xc) | ID type: ID_IPV4_ADDR (0x1) | Protocol ID: 0 (0x0) | port: 0 (0x0) | obj: c0 00 02 64 | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030 | ***parse ISAKMP Identification Payload (IPsec DOI): | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 16 (0x10) | ID type: ID_IPV4_ADDR_SUBNET (0x4) | Protocol ID: 0 (0x0) | port: 0 (0x0) | obj: c0 00 02 00 ff ff ff 00 | removing 4 bytes of padding | quick_inI1_outR1 HASH(1): | d7 29 a9 9f 09 3b e9 a9 c4 14 f6 ec d6 7b a8 e8 | ee b0 90 e0 c1 9d 90 76 02 28 dc e5 84 b7 9a 99 | received 'quick_inI1_outR1' message HASH(1) data ok | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address | ID address c0 00 02 64 | peer client is 192.0.2.100/32 | peer client protocol/port is 0/0 | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address | ID address c0 00 02 00 | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID mask | ID mask ff ff ff 00 | our client is subnet 192.0.2.0/24 | our client protocol/port is 0/0 "east-any"[1] 192.1.3.33 #1: the peer proposed: 192.0.2.0/24:0/0 -> 192.0.2.100/32:0/0 | find_client_connection starting with east-any | looking for 192.0.2.0/24:0/0 -> 192.0.2.100/32:0/0 | concrete checking against sr#0 192.0.2.0/24 -> 192.0.2.100/32 | match_id a=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org | b=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org | results matched | fc_try trying east-any:192.0.2.0/24:0/0 -> 192.0.2.100/32:0/0 vs east-any:192.0.2.0/24:0/0 -> 192.0.2.100/32:0/0 | fc_try concluding with east-any [129] | fc_try east-any gives east-any | concluding with d = east-any | client wildcard: no port wildcard: no virtual: no | creating state object #2 at 0x561d2643aea8 | State DB: adding IKEv1 state #2 in UNDEFINED | pstats #2 ikev1.ipsec started | duplicating state object #1 "east-any"[1] 192.1.3.33 as #2 for IPSEC SA | #2 setting local endpoint to 192.1.2.23:500 from #1.st_localport (in duplicate_state() at state.c:1484) | suspend processing: state #1 connection "east-any"[1] 192.1.3.33 from 192.1.3.33:500 (in quick_inI1_outR1_tail() at ikev1_quick.c:1295) | start processing: state #2 connection "east-any"[1] 192.1.3.33 from 192.1.3.33:500 (in quick_inI1_outR1_tail() at ikev1_quick.c:1295) | child state #2: UNDEFINED(ignore) => QUICK_R0(established CHILD SA) | ****parse IPsec DOI SIT: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) | ****parse ISAKMP Proposal Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 72 (0x48) | proposal number: 0 (0x0) | protocol ID: PROTO_IPSEC_ESP (0x3) | SPI size: 4 (0x4) | number of transforms: 2 (0x2) | parsing 4 raw bytes of ISAKMP Proposal Payload into SPI | SPI 5a 11 4b f9 | *****parse ISAKMP Transform Payload (ESP): | next payload type: ISAKMP_NEXT_T (0x3) | length: 32 (0x20) | ESP transform number: 0 (0x0) | ESP transform ID: ESP_AES (0xc) | ******parse ISAKMP IPsec DOI attribute: | af+type: AF+GROUP_DESCRIPTION (0x8003) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | ******parse ISAKMP IPsec DOI attribute: | af+type: AF+ENCAPSULATION_MODE (0x8004) | length/value: 1 (0x1) | [1 is ENCAPSULATION_MODE_TUNNEL] | NAT-T non-encap: Installing IPsec SA without ENCAP, st->hidden_variables.st_nat_traversal is none | ******parse ISAKMP IPsec DOI attribute: | af+type: AF+SA_LIFE_TYPE (0x8001) | length/value: 1 (0x1) | [1 is SA_LIFE_TYPE_SECONDS] | ******parse ISAKMP IPsec DOI attribute: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) | length/value: 28800 (0x7080) | ******parse ISAKMP IPsec DOI attribute: | af+type: AF+AUTH_ALGORITHM (0x8005) | length/value: 2 (0x2) | [2 is AUTH_ALGORITHM_HMAC_SHA1] | ******parse ISAKMP IPsec DOI attribute: | af+type: AF+KEY_LENGTH (0x8006) | length/value: 128 (0x80) | ESP IPsec Transform verified unconditionally; no alg_info to check against | adding quick_outI1 KE work-order 3 for state #2 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x561d263ca298 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #2 | libevent_malloc: new ptr-libevent@0x561d264435f8 size 128 | complete v1 state transition with STF_SUSPEND | [RE]START processing: state #2 connection "east-any"[1] 192.1.3.33 from 192.1.3.33:500 (in complete_v1_state_transition() at ikev1.c:2648) | suspending state #2 and saving MD | #2 is busy; has a suspended MD | #1 spent 0.138 milliseconds in process_packet_tail() | stop processing: from 192.1.3.33:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #2 connection "east-any"[1] 192.1.3.33 from 192.1.3.33:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.292 milliseconds in comm_handle_cb() reading and processing packet | crypto helper 2 resuming | crypto helper 2 starting work-order 3 for state #2 | crypto helper 2 doing build KE and nonce (quick_outI1 KE); request ID 3 | crypto helper 2 finished build KE and nonce (quick_outI1 KE); request ID 3 time elapsed 0.000543 seconds | (#2) spent 0.547 milliseconds in crypto helper computing work-order 3: quick_outI1 KE (pcr) | crypto helper 2 sending results from work-order 3 for state #2 to event queue | scheduling resume sending helper answer for #2 | libevent_malloc: new ptr-libevent@0x7f24fc003f28 size 128 | crypto helper 2 waiting (nothing to do) | processing resume sending helper answer for #2 | start processing: state #2 connection "east-any"[1] 192.1.3.33 from 192.1.3.33:500 (in resume_handler() at server.c:797) | crypto helper 2 replies to request ID 3 | calling continuation function 0x561d249dab50 | quick_inI1_outR1_cryptocontinue1 for #2: calculated ke+nonce, calculating DH | started looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org of kind PKK_PSK | actually looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org of kind PKK_PSK | line 0: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org) to type PKK_RSA | line 1: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org) to type PKK_RSA | concluding with best_match=000 best=(nil) (lineno=-1) | no PreShared Key Found | adding quick outR1 DH work-order 4 for state #2 | state #2 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x561d264435f8 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x561d263ca298 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x561d263ca298 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #2 | libevent_malloc: new ptr-libevent@0x561d264435f8 size 128 | suspending state #2 and saving MD | #2 is busy; has a suspended MD | resume sending helper answer for #2 suppresed complete_v1_state_transition() and stole MD | #2 spent 0.0508 milliseconds in resume sending helper answer | stop processing: state #2 connection "east-any"[1] 192.1.3.33 from 192.1.3.33:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f24fc003f28 | crypto helper 3 resuming | crypto helper 3 starting work-order 4 for state #2 | crypto helper 3 doing compute dh (V1 Phase 2 PFS) (quick outR1 DH); request ID 4 | crypto helper 3 finished compute dh (V1 Phase 2 PFS) (quick outR1 DH); request ID 4 time elapsed 0.00053 seconds | (#2) spent 0.533 milliseconds in crypto helper computing work-order 4: quick outR1 DH (pcr) | crypto helper 3 sending results from work-order 4 for state #2 to event queue | scheduling resume sending helper answer for #2 | libevent_malloc: new ptr-libevent@0x7f24f0003618 size 128 | crypto helper 3 waiting (nothing to do) | processing resume sending helper answer for #2 | start processing: state #2 connection "east-any"[1] 192.1.3.33 from 192.1.3.33:500 (in resume_handler() at server.c:797) | crypto helper 3 replies to request ID 4 | calling continuation function 0x561d249dab50 | quick_inI1_outR1_cryptocontinue2 for #2: calculated DH, sending R1 | **emit ISAKMP Message: | initiator cookie: | ed b5 5c 3c d0 47 93 cb | responder cookie: | 12 d0 f4 86 da ac ad 5c | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_QUICK (0x20) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 1507088724 (0x59d45954) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'reply packet' | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload | emitting length of ISAKMP Hash Payload: 36 | ***emit ISAKMP Security Association Payload: | next payload type: ISAKMP_NEXT_NONCE (0xa) | DOI: ISAKMP_DOI_IPSEC (0x1) | next payload chain: ignoring supplied 'ISAKMP Security Association Payload'.'next payload type' value 10:ISAKMP_NEXT_NONCE | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Security Association Payload (1:ISAKMP_NEXT_SA) | next payload chain: saving location 'ISAKMP Security Association Payload'.'next payload type' in 'reply packet' | ****parse IPsec DOI SIT: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) | ****parse ISAKMP Proposal Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 72 (0x48) | proposal number: 0 (0x0) | protocol ID: PROTO_IPSEC_ESP (0x3) | SPI size: 4 (0x4) | number of transforms: 2 (0x2) | parsing 4 raw bytes of ISAKMP Proposal Payload into SPI | SPI 5a 11 4b f9 | *****parse ISAKMP Transform Payload (ESP): | next payload type: ISAKMP_NEXT_T (0x3) | length: 32 (0x20) | ESP transform number: 0 (0x0) | ESP transform ID: ESP_AES (0xc) | ******parse ISAKMP IPsec DOI attribute: | af+type: AF+GROUP_DESCRIPTION (0x8003) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | ******parse ISAKMP IPsec DOI attribute: | af+type: AF+ENCAPSULATION_MODE (0x8004) | length/value: 1 (0x1) | [1 is ENCAPSULATION_MODE_TUNNEL] | NAT-T non-encap: Installing IPsec SA without ENCAP, st->hidden_variables.st_nat_traversal is none | ******parse ISAKMP IPsec DOI attribute: | af+type: AF+SA_LIFE_TYPE (0x8001) | length/value: 1 (0x1) | [1 is SA_LIFE_TYPE_SECONDS] | ******parse ISAKMP IPsec DOI attribute: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) | length/value: 28800 (0x7080) | ******parse ISAKMP IPsec DOI attribute: | af+type: AF+AUTH_ALGORITHM (0x8005) | length/value: 2 (0x2) | [2 is AUTH_ALGORITHM_HMAC_SHA1] | ******parse ISAKMP IPsec DOI attribute: | af+type: AF+KEY_LENGTH (0x8006) | length/value: 128 (0x80) | ESP IPsec Transform verified unconditionally; no alg_info to check against | ****emit IPsec DOI SIT: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) | ****emit ISAKMP Proposal Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | proposal number: 0 (0x0) | protocol ID: PROTO_IPSEC_ESP (0x3) | SPI size: 4 (0x4) | number of transforms: 1 (0x1) | last substructure: saving location 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' | netlink_get_spi: allocated 0xd5ab7de1 for esp.0@192.1.2.23 | emitting 4 raw bytes of SPI into ISAKMP Proposal Payload | SPI d5 ab 7d e1 | *****emit ISAKMP Transform Payload (ESP): | next payload type: ISAKMP_NEXT_NONE (0x0) | ESP transform number: 0 (0x0) | ESP transform ID: ESP_AES (0xc) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' | emitting 24 raw bytes of attributes into ISAKMP Transform Payload (ESP) | attributes 80 03 00 0e 80 04 00 01 80 01 00 01 80 02 70 80 | attributes 80 05 00 02 80 06 00 80 | emitting length of ISAKMP Transform Payload (ESP): 32 | emitting length of ISAKMP Proposal Payload: 44 | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' is 0 | emitting length of ISAKMP Security Association Payload: 56 | last substructure: checking 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' is 0 "east-any"[1] 192.1.3.33 #2: responding to Quick Mode proposal {msgid:59d45954} "east-any"[1] 192.1.3.33 #2: us: 192.0.2.0/24===192.1.2.23<192.1.2.23>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org,MS+XS+S=C] "east-any"[1] 192.1.3.33 #2: them: 192.1.3.33[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org,+MC+XC+S=C]===192.0.2.100/32 | ***emit ISAKMP Nonce Payload: | next payload type: ISAKMP_NEXT_KE (0x4) | next payload chain: ignoring supplied 'ISAKMP Nonce Payload'.'next payload type' value 4:ISAKMP_NEXT_KE | next payload chain: setting previous 'ISAKMP Security Association Payload'.'next payload type' to current ISAKMP Nonce Payload (10:ISAKMP_NEXT_NONCE) | next payload chain: saving location 'ISAKMP Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of Nr into ISAKMP Nonce Payload | Nr 36 93 47 0b f4 2b 4b dd d3 47 65 8e 46 8c f7 d6 | Nr b0 b6 cb ad 33 3f b9 48 af 56 06 9d f3 76 e3 df | emitting length of ISAKMP Nonce Payload: 36 | ***emit ISAKMP Key Exchange Payload: | next payload type: ISAKMP_NEXT_ID (0x5) | next payload chain: ignoring supplied 'ISAKMP Key Exchange Payload'.'next payload type' value 5:ISAKMP_NEXT_ID | next payload chain: setting previous 'ISAKMP Nonce Payload'.'next payload type' to current ISAKMP Key Exchange Payload (4:ISAKMP_NEXT_KE) | next payload chain: saving location 'ISAKMP Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of keyex value into ISAKMP Key Exchange Payload | keyex value 0d 59 0a 01 95 43 83 a6 d4 38 6a 0d 30 86 3e 65 | keyex value 52 6b 89 16 86 5f 20 c1 07 c1 4e 76 07 68 f9 aa | keyex value 1d b3 78 5d 6a 6c 16 9d 8f ac 0b a1 dd 55 be b8 | keyex value 04 8a 26 bf 54 51 29 01 18 ce 82 90 35 29 17 0e | keyex value 3b d0 7c af 0e 01 a1 5f 71 da b3 ff c4 4e 4c 3a | keyex value 82 04 14 b4 4e 16 1a 00 f2 33 81 05 6a 7f bc b9 | keyex value 52 3a 60 a1 ac 3b 79 24 2e 2e cd 64 f6 ab 99 9e | keyex value 3f f2 74 d6 d2 50 6d 27 56 22 90 23 05 f6 77 64 | keyex value 9b 71 ca 16 d1 66 a8 60 ec 66 16 38 c8 97 34 bb | keyex value da 5d b0 a2 fd 9b ee 45 82 7c ff e8 65 1f 99 3d | keyex value c9 dd c5 42 44 b5 c5 67 fe fd 47 09 df 9d ed c0 | keyex value f8 a8 8b 68 ae 53 9b cd 4f 4e 61 e5 d3 63 45 23 | keyex value c7 68 59 2a f7 0e da 81 70 df 50 5b 72 0b 8d af | keyex value 88 f6 3f 75 85 65 61 67 a9 cd 95 5d 4b bb 50 64 | keyex value a5 2f f1 45 77 3a 05 43 96 8a 21 53 c0 eb 0a 45 | keyex value f0 25 63 71 c4 ff 52 9f b7 a3 43 05 05 18 3d be | emitting length of ISAKMP Key Exchange Payload: 260 | ***emit ISAKMP Identification Payload (IPsec DOI): | next payload type: ISAKMP_NEXT_ID (0x5) | ID type: ID_IPV4_ADDR (0x1) | Protocol ID: 0 (0x0) | port: 0 (0x0) | next payload chain: ignoring supplied 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' value 5:ISAKMP_NEXT_ID | next payload chain: setting previous 'ISAKMP Key Exchange Payload'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' | emitting 4 raw bytes of ID body into ISAKMP Identification Payload (IPsec DOI) | ID body c0 00 02 64 | emitting length of ISAKMP Identification Payload (IPsec DOI): 12 | ***emit ISAKMP Identification Payload (IPsec DOI): | next payload type: ISAKMP_NEXT_NONE (0x0) | ID type: ID_IPV4_ADDR_SUBNET (0x4) | Protocol ID: 0 (0x0) | port: 0 (0x0) | next payload chain: setting previous 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' | emitting 8 raw bytes of ID body into ISAKMP Identification Payload (IPsec DOI) | ID body c0 00 02 00 ff ff ff 00 | emitting length of ISAKMP Identification Payload (IPsec DOI): 16 | quick inR1 outI2 HASH(2): | 86 8c 78 1e 67 a4 07 77 f9 4e 45 90 66 3d 8a eb | 4b ac ee dd 2a 1d 03 59 a9 2c 33 a8 92 6a 3f ba | compute_proto_keymat: needed_len (after ESP enc)=16 | compute_proto_keymat: needed_len (after ESP auth)=36 | FOR_EACH_CONNECTION_... in route_owner | conn east-any mark 0/00000000, 0/00000000 vs | conn east-any mark 0/00000000, 0/00000000 | conn east-any mark 0/00000000, 0/00000000 vs | conn east-any mark 0/00000000, 0/00000000 | route owner of "east-any"[1] 192.1.3.33 unrouted: NULL | install_inbound_ipsec_sa() checking if we can route | could_route called for east-any (kind=CK_INSTANCE) | FOR_EACH_CONNECTION_... in route_owner | conn east-any mark 0/00000000, 0/00000000 vs | conn east-any mark 0/00000000, 0/00000000 | conn east-any mark 0/00000000, 0/00000000 vs | conn east-any mark 0/00000000, 0/00000000 | route owner of "east-any"[1] 192.1.3.33 unrouted: NULL; eroute owner: NULL | routing is easy, or has resolvable near-conflict | checking if this is a replacement state | st=0x561d2643aea8 ost=(nil) st->serialno=#2 ost->serialno=#0 | installing outgoing SA now as refhim=0 | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 | setting IPsec SA replay-window to 32 | NIC esp-hw-offload not for connection 'east-any' not available on interface eth1 | netlink: enabling tunnel mode | netlink: setting IPsec SA replay-window to 32 using old-style req | netlink: esp-hw-offload not set for IPsec SA | netlink response for Add SA esp.5a114bf9@192.1.3.33 included non-error error | outgoing SA has refhim=0 | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 | setting IPsec SA replay-window to 32 | NIC esp-hw-offload not for connection 'east-any' not available on interface eth1 | netlink: enabling tunnel mode | netlink: setting IPsec SA replay-window to 32 using old-style req | netlink: esp-hw-offload not set for IPsec SA | netlink response for Add SA esp.d5ab7de1@192.1.2.23 included non-error error | priority calculation of connection "east-any" is 0xfe7df | add inbound eroute 192.0.2.100/32:0 --0-> 192.0.2.0/24:0 => tun.10000@192.1.2.23 (raw_eroute) | IPsec Sa SPD priority set to 1042399 | raw_eroute result=success | no IKEv1 message padding required | emitting length of ISAKMP Message: 444 | finished processing quick inI1 | complete v1 state transition with STF_OK | [RE]START processing: state #2 connection "east-any"[1] 192.1.3.33 from 192.1.3.33:500 (in complete_v1_state_transition() at ikev1.c:2673) | #2 is idle | doing_xauth:no, t_xauth_client_done:no | IKEv1: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1 | child state #2: QUICK_R0(established CHILD SA) => QUICK_R1(established CHILD SA) | event_already_set, deleting event | state #2 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x561d264435f8 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x561d263ca298 | sending reply packet to 192.1.3.33:500 (from 192.1.2.23:500) | sending 444 bytes for STATE_QUICK_R0 through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #2) | ed b5 5c 3c d0 47 93 cb 12 d0 f4 86 da ac ad 5c | 08 10 20 01 59 d4 59 54 00 00 01 bc 94 68 16 ac | ec 91 c0 d2 7d e9 77 a0 d5 68 5b 18 01 42 d9 7f | 5a 68 f4 3a 50 70 6d 09 72 11 0f 8e 8b 58 2e f9 | 4c 49 3c 6c d7 10 b0 8e a0 9d a1 ec 60 27 69 73 | a5 87 8b f6 6f bc c6 fb f1 c1 c9 09 34 76 74 71 | 5d 3e 74 aa 5d 3f 15 b3 67 c8 cb 6a ad df a2 cc | 56 b0 21 50 f8 ad c4 9d 68 89 ec 70 14 e2 15 6f | d3 c8 6e 2e 7a 44 ae 4a 95 b0 2f 7c b1 75 0d c8 | d9 15 b9 3a 18 f5 19 b6 de bc 2c 7d bc f9 58 fe | 14 94 89 62 23 50 27 1a 98 89 48 63 40 70 bc 36 | 61 86 4c 8c 47 4a a0 dc e8 79 75 15 2d 2f 2e ae | 91 8d 80 fe 28 78 3a 89 4b 0f 56 4c b9 24 c2 68 | 7d c8 08 fd 7a 30 4a 39 56 72 17 a3 9f 51 d5 2d | a6 ee d5 e9 a0 e0 a0 7a 90 70 a6 8b 97 a3 18 0b | 60 68 23 96 13 1e c2 6c 3a 5d 38 38 37 2b 5a 21 | 60 e4 b8 5e ee 01 38 75 b3 6c 18 2d 99 ff c8 09 | c7 37 22 3c 9b d9 2d 1e 9f ad 22 5b e6 a6 01 54 | eb fb b8 8f 61 60 5f 5f d5 fc b8 32 52 2f 83 79 | 63 a9 42 73 20 ec 72 ac e0 62 09 a7 28 50 57 82 | 0d f6 4c 60 81 5c ef 39 fb fa 9b 5b 09 cd 41 c6 | d0 83 c4 51 27 34 11 85 1f c0 91 6d b9 27 25 e7 | 4c 64 31 a6 08 e6 2e 85 17 c0 e2 1f ba a4 e2 28 | 21 1d bc 77 7f 1b 02 f2 78 e1 49 fe 45 a4 69 b9 | d0 28 86 c7 ec 4c c7 9f 2d af f1 93 46 f1 b8 04 | 86 53 60 36 04 1f ca 73 01 39 db 74 d6 7b c7 43 | e6 31 a9 30 d1 ab b8 1c 17 3b 0b ad 64 41 ee 2e | 23 95 b4 37 5e ed b8 b3 5d be 8d 08 | !event_already_set at reschedule | event_schedule: new EVENT_RETRANSMIT-pe@0x561d263ca298 | inserting event EVENT_RETRANSMIT, timeout in 15 seconds for #2 | libevent_malloc: new ptr-libevent@0x7f24fc003f28 size 128 | #2 STATE_QUICK_R1: retransmits: first event in 15 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 29851.074315 | pstats #2 ikev1.ipsec established | NAT-T: encaps is 'auto' "east-any"[1] 192.1.3.33 #2: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2 tunnel mode {ESP=>0x5a114bf9 <0xd5ab7de1 xfrm=AES_CBC_128-HMAC_SHA1_96 NATOA=none NATD=none DPD=passive username=xnorth} | modecfg pull: noquirk policy:pull not-client | phase 1 is done, looking for phase 2 to unpend | resume sending helper answer for #2 suppresed complete_v1_state_transition() | #2 spent 0.614 milliseconds in resume sending helper answer | stop processing: state #2 connection "east-any"[1] 192.1.3.33 from 192.1.3.33:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f24f0003618 | spent 0.00284 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 76 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) | ed b5 5c 3c d0 47 93 cb 12 d0 f4 86 da ac ad 5c | 08 10 20 01 59 d4 59 54 00 00 00 4c 4f 74 f0 61 | f0 68 aa c2 79 97 a6 de 6f 50 5e eb 43 97 fd 9e | a3 10 12 fb 81 c9 c2 17 16 3b a0 64 47 ce 70 d3 | 30 d5 0c 48 1b 9e 3e 91 ff 80 03 3a | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | ed b5 5c 3c d0 47 93 cb | responder cookie: | 12 d0 f4 86 da ac ad 5c | next payload type: ISAKMP_NEXT_HASH (0x8) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_QUICK (0x20) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 1507088724 (0x59d45954) | length: 76 (0x4c) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32) | State DB: found IKEv1 state #2 in QUICK_R1 (find_state_ikev1) | start processing: state #2 connection "east-any"[1] 192.1.3.33 from 192.1.3.33:500 (in process_v1_packet() at ikev1.c:1633) | #2 is idle | #2 idle | received encrypted packet from 192.1.3.33:500 | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x100 opt: 0x0 | ***parse ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 36 (0x24) | removing 12 bytes of padding | quick_inI2 HASH(3): | b8 57 8c 39 ec f2 71 5f 07 5c b2 12 fa c0 ca d4 | 57 69 24 4c 55 8e 8d 35 c9 fa e5 ca 27 a7 ab 42 | received 'quick_inI2' message HASH(3) data ok | install_ipsec_sa() for #2: outbound only | could_route called for east-any (kind=CK_INSTANCE) | FOR_EACH_CONNECTION_... in route_owner | conn east-any mark 0/00000000, 0/00000000 vs | conn east-any mark 0/00000000, 0/00000000 | conn east-any mark 0/00000000, 0/00000000 vs | conn east-any mark 0/00000000, 0/00000000 | route owner of "east-any"[1] 192.1.3.33 unrouted: NULL; eroute owner: NULL | sr for #2: unrouted | route_and_eroute() for proto 0, and source port 0 dest port 0 | FOR_EACH_CONNECTION_... in route_owner | conn east-any mark 0/00000000, 0/00000000 vs | conn east-any mark 0/00000000, 0/00000000 | conn east-any mark 0/00000000, 0/00000000 vs | conn east-any mark 0/00000000, 0/00000000 | route owner of "east-any"[1] 192.1.3.33 unrouted: NULL; eroute owner: NULL | route_and_eroute with c: east-any (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #2 | priority calculation of connection "east-any" is 0xfe7df | eroute_connection add eroute 192.0.2.0/24:0 --0-> 192.0.2.100/32:0 => tun.0@192.1.3.33 (raw_eroute) | IPsec Sa SPD priority set to 1042399 | raw_eroute result=success | running updown command "ipsec _updown" for verb up | command executing up-client | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east-any' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.33' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.2.100/32' PLUTO_PEER_CLIENT_NET='192.0.2.100' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+XAUTH+MODECFG_PULL+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_INSTANCE' PLUTO_ | popen cmd is 1319 chars long | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east-any' PLUTO_INT: | cmd( 80):ERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.33' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='C=C: | cmd( 160):A, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libre: | cmd( 240):swan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.2.0/24' PLUT: | cmd( 320):O_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT=': | cmd( 400):0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER=': | cmd( 480):192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Dep: | cmd( 560):artment, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLU: | cmd( 640):TO_PEER_CLIENT='192.0.2.100/32' PLUTO_PEER_CLIENT_NET='192.0.2.100' PLUTO_PEER_C: | cmd( 720):LIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_P: | cmd( 800):EER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRY: | cmd( 880):PT+TUNNEL+PFS+XAUTH+MODECFG_PULL+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' : | cmd( 960):PLUTO_CONN_KIND='CK_INSTANCE' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_: | cmd(1040):USERNAME='xnorth' PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMA: | cmd(1120):IN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='1' PLUTO_CFG_CLIENT='0' PLUTO_: | cmd(1200):NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x5a114bf: | cmd(1280):9 SPI_OUT=0xd5ab7de1 ipsec _updown 2>&1: | route_and_eroute: firewall_notified: true | running updown command "ipsec _updown" for verb prepare | command executing prepare-client | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east-any' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.33' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.2.100/32' PLUTO_PEER_CLIENT_NET='192.0.2.100' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+XAUTH+MODECFG_PULL+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_INSTAN | popen cmd is 1324 chars long | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east-any' PLUT: | cmd( 80):O_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.33' PLUTO_ME='192.1.2.23' PLUTO_MY_ID: | cmd( 160):='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.: | cmd( 240):libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.2.0/24': | cmd( 320): PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_P: | cmd( 400):ORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_P: | cmd( 480):EER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Tes: | cmd( 560):t Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org: | cmd( 640):' PLUTO_PEER_CLIENT='192.0.2.100/32' PLUTO_PEER_CLIENT_NET='192.0.2.100' PLUTO_P: | cmd( 720):EER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PL: | cmd( 800):UTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+: | cmd( 880):ENCRYPT+TUNNEL+PFS+XAUTH+MODECFG_PULL+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN: | cmd( 960):_NO' PLUTO_CONN_KIND='CK_INSTANCE' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 P: | cmd(1040):LUTO_USERNAME='xnorth' PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER: | cmd(1120):_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='1' PLUTO_CFG_CLIENT='0' P: | cmd(1200):LUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x5a: | cmd(1280):114bf9 SPI_OUT=0xd5ab7de1 ipsec _updown 2>&1: | running updown command "ipsec _updown" for verb route | command executing route-client | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east-any' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.33' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.2.100/32' PLUTO_PEER_CLIENT_NET='192.0.2.100' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+XAUTH+MODECFG_PULL+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_INSTANCE' | popen cmd is 1322 chars long | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east-any' PLUTO_: | cmd( 80):INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.33' PLUTO_ME='192.1.2.23' PLUTO_MY_ID=': | cmd( 160):C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.li: | cmd( 240):breswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.2.0/24' P: | cmd( 320):LUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_POR: | cmd( 400):T='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEE: | cmd( 480):R='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test : | cmd( 560):Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' : | cmd( 640):PLUTO_PEER_CLIENT='192.0.2.100/32' PLUTO_PEER_CLIENT_NET='192.0.2.100' PLUTO_PEE: | cmd( 720):R_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUT: | cmd( 800):O_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+EN: | cmd( 880):CRYPT+TUNNEL+PFS+XAUTH+MODECFG_PULL+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_N: | cmd( 960):O' PLUTO_CONN_KIND='CK_INSTANCE' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLU: | cmd(1040):TO_USERNAME='xnorth' PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_D: | cmd(1120):OMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='1' PLUTO_CFG_CLIENT='0' PLU: | cmd(1200):TO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x5a11: | cmd(1280):4bf9 SPI_OUT=0xd5ab7de1 ipsec _updown 2>&1: | route_and_eroute: instance "east-any"[1] 192.1.3.33, setting eroute_owner {spd=0x561d264369e8,sr=0x561d264369e8} to #2 (was #0) (newest_ipsec_sa=#0) | #1 spent 1.58 milliseconds in install_ipsec_sa() | inI2: instance east-any[1], setting IKEv1 newest_ipsec_sa to #2 (was #0) (spd.eroute=#2) cloned from #1 | DPD: dpd_init() called on IPsec SA | DPD: Peer does not support Dead Peer Detection | complete v1 state transition with STF_OK | [RE]START processing: state #2 connection "east-any"[1] 192.1.3.33 from 192.1.3.33:500 (in complete_v1_state_transition() at ikev1.c:2673) | #2 is idle | doing_xauth:no, t_xauth_client_done:no | IKEv1: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2 | child state #2: QUICK_R1(established CHILD SA) => QUICK_R2(established CHILD SA) | event_already_set, deleting event | state #2 requesting EVENT_RETRANSMIT to be deleted | #2 STATE_QUICK_R2: retransmits: cleared | libevent_free: release ptr-libevent@0x7f24fc003f28 | free_event_entry: release EVENT_RETRANSMIT-pe@0x561d263ca298 | !event_already_set at reschedule | event_schedule: new EVENT_SA_REPLACE-pe@0x561d263ca298 | inserting event EVENT_SA_REPLACE, timeout in 28530 seconds for #2 | libevent_malloc: new ptr-libevent@0x7f24f0003618 size 128 | pstats #2 ikev1.ipsec established | NAT-T: encaps is 'auto' "east-any"[1] 192.1.3.33 #2: STATE_QUICK_R2: IPsec SA established tunnel mode {ESP=>0x5a114bf9 <0xd5ab7de1 xfrm=AES_CBC_128-HMAC_SHA1_96 NATOA=none NATD=none DPD=passive username=xnorth} | modecfg pull: noquirk policy:pull not-client | phase 1 is done, looking for phase 2 to unpend | #2 spent 1.69 milliseconds in process_packet_tail() | stop processing: from 192.1.3.33:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #2 connection "east-any"[1] 192.1.3.33 from 192.1.3.33:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 1.82 milliseconds in comm_handle_cb() reading and processing packet | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00466 milliseconds in signal handler PLUTO_SIGCHLD | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00326 milliseconds in signal handler PLUTO_SIGCHLD | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00314 milliseconds in signal handler PLUTO_SIGCHLD | spent 0.00296 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 804 bytes from 192.1.3.209:500 on eth1 (192.1.2.23:500) | 73 37 a3 72 2c 29 3b a5 00 00 00 00 00 00 00 00 | 01 10 02 00 00 00 00 00 00 00 03 24 0d 00 02 84 | 00 00 00 01 00 00 00 01 00 00 02 78 00 01 00 12 | 03 00 00 24 00 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 07 80 02 00 04 80 03 fd ed 80 04 00 0e | 80 0e 01 00 03 00 00 24 01 01 00 00 80 0b 00 01 | 80 0c 0e 10 80 01 00 07 80 02 00 04 80 03 fd ed | 80 04 00 0e 80 0e 00 80 03 00 00 24 02 01 00 00 | 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 06 | 80 03 fd ed 80 04 00 0e 80 0e 01 00 03 00 00 24 | 03 01 00 00 80 0b 00 01 80 0c 0e 10 80 01 00 07 | 80 02 00 06 80 03 fd ed 80 04 00 0e 80 0e 00 80 | 03 00 00 24 04 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 07 80 02 00 02 80 03 fd ed 80 04 00 0e | 80 0e 01 00 03 00 00 24 05 01 00 00 80 0b 00 01 | 80 0c 0e 10 80 01 00 07 80 02 00 02 80 03 fd ed | 80 04 00 0e 80 0e 00 80 03 00 00 24 06 01 00 00 | 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 04 | 80 03 fd ed 80 04 00 05 80 0e 01 00 03 00 00 24 | 07 01 00 00 80 0b 00 01 80 0c 0e 10 80 01 00 07 | 80 02 00 04 80 03 fd ed 80 04 00 05 80 0e 00 80 | 03 00 00 24 08 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 07 80 02 00 06 80 03 fd ed 80 04 00 05 | 80 0e 01 00 03 00 00 24 09 01 00 00 80 0b 00 01 | 80 0c 0e 10 80 01 00 07 80 02 00 06 80 03 fd ed | 80 04 00 05 80 0e 00 80 03 00 00 24 0a 01 00 00 | 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 02 | 80 03 fd ed 80 04 00 05 80 0e 01 00 03 00 00 24 | 0b 01 00 00 80 0b 00 01 80 0c 0e 10 80 01 00 07 | 80 02 00 02 80 03 fd ed 80 04 00 05 80 0e 00 80 | 03 00 00 20 0c 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 05 80 02 00 04 80 03 fd ed 80 04 00 0e | 03 00 00 20 0d 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 05 80 02 00 06 80 03 fd ed 80 04 00 0e | 03 00 00 20 0e 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 05 80 02 00 02 80 03 fd ed 80 04 00 0e | 03 00 00 20 0f 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 05 80 02 00 04 80 03 fd ed 80 04 00 05 | 03 00 00 20 10 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 05 80 02 00 06 80 03 fd ed 80 04 00 05 | 00 00 00 20 11 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 05 80 02 00 02 80 03 fd ed 80 04 00 05 | 0d 00 00 14 40 48 b7 d5 6e bc e8 85 25 e7 de 7f | 00 d6 c2 d3 0d 00 00 0c 09 00 26 89 df d6 b7 12 | 0d 00 00 14 af ca d7 13 68 a1 f1 c9 6b 86 96 fc | 77 57 01 00 0d 00 00 14 4a 13 1c 81 07 03 58 45 | 5c 57 28 f2 0e 95 45 2f 0d 00 00 14 7d 94 19 a6 | 53 10 ca 6f 2c 17 9d 92 15 52 9d 56 0d 00 00 14 | 90 cb 80 91 3e bb 69 6e 08 63 81 b5 ec 42 7b 1f | 00 00 00 14 cd 60 46 43 35 df 21 f8 7c fd b2 fc | 68 b6 a4 48 | start processing: from 192.1.3.209:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 73 37 a3 72 2c 29 3b a5 | responder cookie: | 00 00 00 00 00 00 00 00 | next payload type: ISAKMP_NEXT_SA (0x1) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 804 (0x324) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: IKEv1 state not found (find_state_ikev1_init) | #null state always idle | got payload 0x2 (ISAKMP_NEXT_SA) needed: 0x2 opt: 0x2080 | ***parse ISAKMP Security Association Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | length: 644 (0x284) | DOI: ISAKMP_DOI_IPSEC (0x1) | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 | ***parse ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | length: 20 (0x14) | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 | ***parse ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | length: 12 (0xc) | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 | ***parse ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | length: 20 (0x14) | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 | ***parse ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | length: 20 (0x14) | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 | ***parse ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | length: 20 (0x14) | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 | ***parse ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | length: 20 (0x14) | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 | ***parse ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 20 (0x14) | message 'main_inI1_outR1' HASH payload not checked early | received Vendor ID payload [FRAGMENTATION] | received Vendor ID payload [XAUTH] | received Vendor ID payload [Dead Peer Detection] | quirks.qnat_traversal_vid set to=117 [RFC 3947] | received Vendor ID payload [RFC 3947] | Ignoring older NAT-T Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] | ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] | Ignoring older NAT-T Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] | ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] | Ignoring older NAT-T Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] | ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] | in statetime_start() with no state | find_host_connection local=192.1.2.23:500 remote=192.1.3.209:500 policy=IKEV1_ALLOW but ignoring ports | find_next_host_connection policy=IKEV1_ALLOW | find_next_host_connection returns empty | ****parse IPsec DOI SIT: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) | ****parse ISAKMP Proposal Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 632 (0x278) | proposal number: 0 (0x0) | protocol ID: PROTO_ISAKMP (0x1) | SPI size: 0 (0x0) | number of transforms: 18 (0x12) | *****parse ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | length: 36 (0x24) | ISAKMP transform number: 0 (0x0) | ISAKMP transform ID: KEY_IKE (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 4 (0x4) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65005 (0xfded) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | *****parse ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | length: 36 (0x24) | ISAKMP transform number: 1 (0x1) | ISAKMP transform ID: KEY_IKE (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 4 (0x4) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65005 (0xfded) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | *****parse ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | length: 36 (0x24) | ISAKMP transform number: 2 (0x2) | ISAKMP transform ID: KEY_IKE (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 6 (0x6) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65005 (0xfded) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | *****parse ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | length: 36 (0x24) | ISAKMP transform number: 3 (0x3) | ISAKMP transform ID: KEY_IKE (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 6 (0x6) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65005 (0xfded) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | *****parse ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | length: 36 (0x24) | ISAKMP transform number: 4 (0x4) | ISAKMP transform ID: KEY_IKE (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 2 (0x2) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65005 (0xfded) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | *****parse ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | length: 36 (0x24) | ISAKMP transform number: 5 (0x5) | ISAKMP transform ID: KEY_IKE (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 2 (0x2) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65005 (0xfded) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | *****parse ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | length: 36 (0x24) | ISAKMP transform number: 6 (0x6) | ISAKMP transform ID: KEY_IKE (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 4 (0x4) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65005 (0xfded) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 5 (0x5) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | *****parse ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | length: 36 (0x24) | ISAKMP transform number: 7 (0x7) | ISAKMP transform ID: KEY_IKE (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 4 (0x4) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65005 (0xfded) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 5 (0x5) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | *****parse ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | length: 36 (0x24) | ISAKMP transform number: 8 (0x8) | ISAKMP transform ID: KEY_IKE (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 6 (0x6) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65005 (0xfded) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 5 (0x5) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | *****parse ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | length: 36 (0x24) | ISAKMP transform number: 9 (0x9) | ISAKMP transform ID: KEY_IKE (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 6 (0x6) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65005 (0xfded) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 5 (0x5) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | *****parse ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | length: 36 (0x24) | ISAKMP transform number: 10 (0xa) | ISAKMP transform ID: KEY_IKE (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 2 (0x2) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65005 (0xfded) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 5 (0x5) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | *****parse ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | length: 36 (0x24) | ISAKMP transform number: 11 (0xb) | ISAKMP transform ID: KEY_IKE (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 2 (0x2) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65005 (0xfded) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 5 (0x5) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 128 (0x80) | *****parse ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | length: 32 (0x20) | ISAKMP transform number: 12 (0xc) | ISAKMP transform ID: KEY_IKE (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 5 (0x5) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 4 (0x4) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65005 (0xfded) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | *****parse ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | length: 32 (0x20) | ISAKMP transform number: 13 (0xd) | ISAKMP transform ID: KEY_IKE (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 5 (0x5) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 6 (0x6) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65005 (0xfded) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | *****parse ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | length: 32 (0x20) | ISAKMP transform number: 14 (0xe) | ISAKMP transform ID: KEY_IKE (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 5 (0x5) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 2 (0x2) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65005 (0xfded) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | *****parse ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | length: 32 (0x20) | ISAKMP transform number: 15 (0xf) | ISAKMP transform ID: KEY_IKE (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 5 (0x5) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 4 (0x4) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65005 (0xfded) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 5 (0x5) | *****parse ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | length: 32 (0x20) | ISAKMP transform number: 16 (0x10) | ISAKMP transform ID: KEY_IKE (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 5 (0x5) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 6 (0x6) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65005 (0xfded) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 5 (0x5) | *****parse ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 32 (0x20) | ISAKMP transform number: 17 (0x11) | ISAKMP transform ID: KEY_IKE (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 5 (0x5) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 2 (0x2) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65005 (0xfded) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 5 (0x5) | find_host_connection local=192.1.2.23:500 remote= policy=RSASIG+XAUTH+IKEV1_ALLOW but ignoring ports | find_host_pair: comparing 192.1.2.23:500 to 0.0.0.0:500 but ignoring ports | find_next_host_connection policy=RSASIG+XAUTH+IKEV1_ALLOW | found policy = RSASIG+ENCRYPT+TUNNEL+PFS+XAUTH+MODECFG_PULL+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (east-any) | find_next_host_connection returns east-any | find_next_host_connection policy=RSASIG+XAUTH+IKEV1_ALLOW | find_next_host_connection returns empty | instantiating "east-any" for initial Main Mode message received on 192.1.2.23:500 | reference addresspool of conn east-any[2] kind CK_TEMPLATE refcnt 2 | connect_to_host_pair: 192.1.2.23:500 192.1.3.209:500 -> hp@(nil): none | new hp@0x561d264499a8 | rw_instantiate() instantiated "east-any"[2] 192.1.3.209 for 192.1.3.209 | creating state object #3 at 0x561d2644bba8 | State DB: adding IKEv1 state #3 in UNDEFINED | pstats #3 ikev1.isakmp started | #3 updating local interface from to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2669) | start processing: state #3 connection "east-any"[2] 192.1.3.209 from 192.1.3.209:500 (in main_inI1_outR1() at ikev1_main.c:667) | parent state #3: UNDEFINED(ignore) => MAIN_R0(half-open IKE SA) | sender checking NAT-T: enabled; VID 117 | returning NAT-T method NAT_TRAVERSAL_METHOD_IETF_RFC | enabling possible NAT-traversal with method RFC 3947 (NAT-Traversal) "east-any"[2] 192.1.3.209 #3: responding to Main Mode from unknown peer 192.1.3.209 on port 500 | ICOOKIE-DUMP: 73 37 a3 72 2c 29 3b a5 | **emit ISAKMP Message: | initiator cookie: | 73 37 a3 72 2c 29 3b a5 | responder cookie: | bd ee 07 08 d4 7a e6 57 | next payload type: ISAKMP_NEXT_SA (0x1) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | next payload chain: ignoring supplied 'ISAKMP Message'.'next payload type' value 1:ISAKMP_NEXT_SA | ***emit ISAKMP Security Association Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | DOI: ISAKMP_DOI_IPSEC (0x1) | next payload chain: ignoring supplied 'ISAKMP Security Association Payload'.'next payload type' value 13:ISAKMP_NEXT_VID | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Security Association Payload (1:ISAKMP_NEXT_SA) | next payload chain: saving location 'ISAKMP Security Association Payload'.'next payload type' in 'reply packet' | ****parse IPsec DOI SIT: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) | ****parse ISAKMP Proposal Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 632 (0x278) | proposal number: 0 (0x0) | protocol ID: PROTO_ISAKMP (0x1) | SPI size: 0 (0x0) | number of transforms: 18 (0x12) | *****parse ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_T (0x3) | length: 36 (0x24) | ISAKMP transform number: 0 (0x0) | ISAKMP transform ID: KEY_IKE (0x1) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) | length/value: 1 (0x1) | [1 is OAKLEY_LIFE_SECONDS] | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) | length/value: 3600 (0xe10) | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) | length/value: 7 (0x7) | [7 is OAKLEY_AES_CBC] | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) | length/value: 4 (0x4) | [4 is OAKLEY_SHA2_256] | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) | length/value: 65005 (0xfded) | [65005 is XAUTHInitRSA] | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | ******parse ISAKMP Oakley attribute: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) | length/value: 256 (0x100) | OAKLEY proposal verified unconditionally; no alg_info to check against | Oakley Transform 0 accepted | ****emit IPsec DOI SIT: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) | ****emit ISAKMP Proposal Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | proposal number: 0 (0x0) | protocol ID: PROTO_ISAKMP (0x1) | SPI size: 0 (0x0) | number of transforms: 1 (0x1) | last substructure: saving location 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' | *****emit ISAKMP Transform Payload (ISAKMP): | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP transform number: 0 (0x0) | ISAKMP transform ID: KEY_IKE (0x1) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' | emitting 28 raw bytes of attributes into ISAKMP Transform Payload (ISAKMP) | attributes 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 04 | attributes 80 03 fd ed 80 04 00 0e 80 0e 01 00 | emitting length of ISAKMP Transform Payload (ISAKMP): 36 | emitting length of ISAKMP Proposal Payload: 44 | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is 0 | emitting length of ISAKMP Security Association Payload: 56 | last substructure: checking 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' is 0 | out_vid(): sending [FRAGMENTATION] | ***emit ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | next payload chain: ignoring supplied 'ISAKMP Vendor ID Payload'.'next payload type' value 13:ISAKMP_NEXT_VID | next payload chain: setting previous 'ISAKMP Security Association Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload | V_ID 40 48 b7 d5 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3 | emitting length of ISAKMP Vendor ID Payload: 20 | out_vid(): sending [XAUTH] | ***emit ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_VID (0xd) | next payload chain: ignoring supplied 'ISAKMP Vendor ID Payload'.'next payload type' value 13:ISAKMP_NEXT_VID | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' | emitting 8 raw bytes of V_ID into ISAKMP Vendor ID Payload | V_ID 09 00 26 89 df d6 b7 12 | emitting length of ISAKMP Vendor ID Payload: 12 | out_vid(): sending [Dead Peer Detection] | ***emit ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload | V_ID af ca d7 13 68 a1 f1 c9 6b 86 96 fc 77 57 01 00 | emitting length of ISAKMP Vendor ID Payload: 20 | out_vid(): sending [RFC 3947] | ***emit ISAKMP Vendor ID Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload | V_ID 4a 13 1c 81 07 03 58 45 5c 57 28 f2 0e 95 45 2f | emitting length of ISAKMP Vendor ID Payload: 20 | no IKEv1 message padding required | emitting length of ISAKMP Message: 156 | complete v1 state transition with STF_OK | [RE]START processing: state #3 connection "east-any"[2] 192.1.3.209 from 192.1.3.209:500 (in complete_v1_state_transition() at ikev1.c:2673) | #3 is idle | doing_xauth:yes, t_xauth_client_done:no | peer supports fragmentation | peer supports DPD | IKEv1: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 | parent state #3: MAIN_R0(half-open IKE SA) => MAIN_R1(open IKE SA) | event_already_set, deleting event | sending reply packet to 192.1.3.209:500 (from 192.1.2.23:500) | sending 156 bytes for STATE_MAIN_R0 through eth1 from 192.1.2.23:500 to 192.1.3.209:500 (using #3) | 73 37 a3 72 2c 29 3b a5 bd ee 07 08 d4 7a e6 57 | 01 10 02 00 00 00 00 00 00 00 00 9c 0d 00 00 38 | 00 00 00 01 00 00 00 01 00 00 00 2c 00 01 00 01 | 00 00 00 24 00 01 00 00 80 0b 00 01 80 0c 0e 10 | 80 01 00 07 80 02 00 04 80 03 fd ed 80 04 00 0e | 80 0e 01 00 0d 00 00 14 40 48 b7 d5 6e bc e8 85 | 25 e7 de 7f 00 d6 c2 d3 0d 00 00 0c 09 00 26 89 | df d6 b7 12 0d 00 00 14 af ca d7 13 68 a1 f1 c9 | 6b 86 96 fc 77 57 01 00 00 00 00 14 4a 13 1c 81 | 07 03 58 45 5c 57 28 f2 0e 95 45 2f | !event_already_set at reschedule | event_schedule: new EVENT_SO_DISCARD-pe@0x7f24fc004218 | inserting event EVENT_SO_DISCARD, timeout in 60 seconds for #3 | libevent_malloc: new ptr-libevent@0x561d264435f8 size 128 "east-any"[2] 192.1.3.209 #3: STATE_MAIN_R1: sent MR1, expecting MI2 | modecfg pull: noquirk policy:pull not-client | phase 1 is done, looking for phase 2 to unpend | stop processing: from 192.1.3.209:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #3 connection "east-any"[2] 192.1.3.209 from 192.1.3.209:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 1.54 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00232 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 396 bytes from 192.1.3.209:500 on eth1 (192.1.2.23:500) | 73 37 a3 72 2c 29 3b a5 bd ee 07 08 d4 7a e6 57 | 04 10 02 00 00 00 00 00 00 00 01 8c 0a 00 01 04 | 53 96 2d 1d 86 24 dc 8f 9b fb cf a8 30 7d af 55 | b2 21 de b5 a5 f0 df 04 33 6f 5e 26 45 7b 0f 2a | 92 ad 91 e6 87 b8 a5 99 a3 7a 43 fc 60 d4 5b 2d | a8 38 bf be c0 02 5c ec 7d f0 0f 3b d1 87 64 1c | 6c 1c 55 bf b6 b8 c5 15 d2 46 54 be 06 de c1 b2 | 96 3a 97 bb 70 5f de 80 d4 58 a6 f1 ab 1e 75 89 | f9 76 f5 3c 3e 31 e9 c7 08 91 ae fc 2b d1 17 b3 | a4 d9 80 2f 8a 54 f5 8f b1 9c 9b 40 5e 98 5c 6a | c6 28 1f 93 14 a3 de e0 c3 ff d5 79 1d 49 56 a6 | 4c e9 ba 7e aa 4c cb d5 0c 1a 16 92 56 f4 94 a1 | a8 29 25 13 50 1f de e3 59 13 fa be 9b a8 d0 ab | e8 13 0c cc 7d bf b3 7a ac 86 2d f9 b7 6a f8 17 | 23 c1 64 1f b6 f4 7e 9e b1 54 40 21 e8 f4 3e 0e | d9 58 4e 02 4c 4f 33 4a 8f 60 a8 8a a6 c9 3e 66 | 30 c7 c2 be 3a 2e 26 ec 37 6c 88 e3 43 dc 78 ba | 36 b6 4f d1 b0 a1 c1 17 54 8a cb 3c 8b 3d b5 5f | 14 00 00 24 5f c0 c5 62 3a d6 39 9f 15 49 ed 48 | ff 2a be 36 34 a4 bd 2d ae 32 b5 3e 4f fc 6b 15 | 92 07 b9 af 14 00 00 24 07 cf ad 2c 98 25 c4 3d | fe 39 e7 94 f5 91 1d 37 26 82 55 d2 8c 6c 64 aa | 04 a6 84 53 76 84 e4 c6 00 00 00 24 6c b3 bb 41 | 4b 12 16 27 0e 95 aa 39 ab fa 7b 91 bb d4 2f 2f | 0d ab a8 0c a5 c8 5c ee 18 32 78 ef | start processing: from 192.1.3.209:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 73 37 a3 72 2c 29 3b a5 | responder cookie: | bd ee 07 08 d4 7a e6 57 | next payload type: ISAKMP_NEXT_KE (0x4) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | length: 396 (0x18c) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #3 in MAIN_R1 (find_state_ikev1) | start processing: state #3 connection "east-any"[2] 192.1.3.209 from 192.1.3.209:500 (in process_v1_packet() at ikev1.c:1459) | #3 is idle | #3 idle | got payload 0x10 (ISAKMP_NEXT_KE) needed: 0x410 opt: 0x102080 | ***parse ISAKMP Key Exchange Payload: | next payload type: ISAKMP_NEXT_NONCE (0xa) | length: 260 (0x104) | got payload 0x400 (ISAKMP_NEXT_NONCE) needed: 0x400 opt: 0x102080 | ***parse ISAKMP Nonce Payload: | next payload type: ISAKMP_NEXT_NATD_RFC (0x14) | length: 36 (0x24) | got payload 0x100000 (ISAKMP_NEXT_NATD_RFC) needed: 0x0 opt: 0x102080 | ***parse ISAKMP NAT-D Payload: | next payload type: ISAKMP_NEXT_NATD_RFC (0x14) | length: 36 (0x24) | got payload 0x100000 (ISAKMP_NEXT_NATD_RFC) needed: 0x0 opt: 0x102080 | ***parse ISAKMP NAT-D Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 36 (0x24) | message 'main_inI2_outR2' HASH payload not checked early | init checking NAT-T: enabled; RFC 3947 (NAT-Traversal) | natd_hash: hasher=0x561d24aafca0(32) | natd_hash: icookie= 73 37 a3 72 2c 29 3b a5 | natd_hash: rcookie= bd ee 07 08 d4 7a e6 57 | natd_hash: ip= c0 01 02 17 | natd_hash: port=500 | natd_hash: hash= 07 cf ad 2c 98 25 c4 3d fe 39 e7 94 f5 91 1d 37 | natd_hash: hash= 26 82 55 d2 8c 6c 64 aa 04 a6 84 53 76 84 e4 c6 | natd_hash: hasher=0x561d24aafca0(32) | natd_hash: icookie= 73 37 a3 72 2c 29 3b a5 | natd_hash: rcookie= bd ee 07 08 d4 7a e6 57 | natd_hash: ip= c0 01 03 d1 | natd_hash: port=500 | natd_hash: hash= 6c b3 bb 41 4b 12 16 27 0e 95 aa 39 ab fa 7b 91 | natd_hash: hash= bb d4 2f 2f 0d ab a8 0c a5 c8 5c ee 18 32 78 ef | expected NAT-D(me): 07 cf ad 2c 98 25 c4 3d fe 39 e7 94 f5 91 1d 37 | expected NAT-D(me): 26 82 55 d2 8c 6c 64 aa 04 a6 84 53 76 84 e4 c6 | expected NAT-D(him): | 6c b3 bb 41 4b 12 16 27 0e 95 aa 39 ab fa 7b 91 | bb d4 2f 2f 0d ab a8 0c a5 c8 5c ee 18 32 78 ef | received NAT-D: 07 cf ad 2c 98 25 c4 3d fe 39 e7 94 f5 91 1d 37 | received NAT-D: 26 82 55 d2 8c 6c 64 aa 04 a6 84 53 76 84 e4 c6 | received NAT-D: 6c b3 bb 41 4b 12 16 27 0e 95 aa 39 ab fa 7b 91 | received NAT-D: bb d4 2f 2f 0d ab a8 0c a5 c8 5c ee 18 32 78 ef | NAT_TRAVERSAL encaps using auto-detect | NAT_TRAVERSAL this end is NOT behind NAT | NAT_TRAVERSAL that end is NOT behind NAT | NAT_TRAVERSAL nat-keepalive enabled 192.1.3.209 | NAT-Traversal: Result using RFC 3947 (NAT-Traversal) sender port 500: no NAT detected | NAT_T_WITH_KA detected | adding inI2_outR2 KE work-order 5 for state #3 | state #3 requesting EVENT_SO_DISCARD to be deleted | libevent_free: release ptr-libevent@0x561d264435f8 | free_event_entry: release EVENT_SO_DISCARD-pe@0x7f24fc004218 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f24fc004218 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #3 | libevent_malloc: new ptr-libevent@0x561d26442928 size 128 | complete v1 state transition with STF_SUSPEND | [RE]START processing: state #3 connection "east-any"[2] 192.1.3.209 from 192.1.3.209:500 (in complete_v1_state_transition() at ikev1.c:2648) | crypto helper 4 resuming | suspending state #3 and saving MD | crypto helper 4 starting work-order 5 for state #3 | #3 is busy; has a suspended MD | crypto helper 4 doing build KE and nonce (inI2_outR2 KE); request ID 5 | #3 spent 0.122 milliseconds in process_packet_tail() | stop processing: from 192.1.3.209:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #3 connection "east-any"[2] 192.1.3.209 from 192.1.3.209:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.268 milliseconds in comm_handle_cb() reading and processing packet | crypto helper 4 finished build KE and nonce (inI2_outR2 KE); request ID 5 time elapsed 0.000991 seconds | (#3) spent 0.992 milliseconds in crypto helper computing work-order 5: inI2_outR2 KE (pcr) | crypto helper 4 sending results from work-order 5 for state #3 to event queue | scheduling resume sending helper answer for #3 | libevent_malloc: new ptr-libevent@0x7f24f4002888 size 128 | crypto helper 4 waiting (nothing to do) | processing resume sending helper answer for #3 | start processing: state #3 connection "east-any"[2] 192.1.3.209 from 192.1.3.209:500 (in resume_handler() at server.c:797) | crypto helper 4 replies to request ID 5 | calling continuation function 0x561d249dab50 | main_inI2_outR2_continue for #3: calculated ke+nonce, sending R2 | **emit ISAKMP Message: | initiator cookie: | 73 37 a3 72 2c 29 3b a5 | responder cookie: | bd ee 07 08 d4 7a e6 57 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: none (0x0) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit ISAKMP Key Exchange Payload: | next payload type: ISAKMP_NEXT_NONCE (0xa) | next payload chain: ignoring supplied 'ISAKMP Key Exchange Payload'.'next payload type' value 10:ISAKMP_NEXT_NONCE | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Key Exchange Payload (4:ISAKMP_NEXT_KE) | next payload chain: saving location 'ISAKMP Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of keyex value into ISAKMP Key Exchange Payload | keyex value ad 24 54 e4 6d 10 0a fb 7e 98 2e cf 73 0d 23 54 | keyex value 2d c6 55 14 85 e6 fb cb 8b 81 18 62 bd 14 67 6f | keyex value 4d 4f 93 32 d0 ae 30 4a c2 40 74 33 39 93 a1 e6 | keyex value 8f 69 5b e0 9a 18 fa 29 2a 22 7f cd da 01 f3 80 | keyex value 68 12 76 3b 0c a8 a9 6e 4a 80 bf 4b 92 0c 79 f5 | keyex value eb 4a 5b 66 5f 2b 5b 23 0f 7b 82 a9 2b 54 3f 92 | keyex value a8 cf ff c4 fc 88 b5 a6 87 b0 ed 05 e5 5d 56 62 | keyex value ab f5 df a3 7a b1 ae d6 4b 00 26 40 79 94 e3 b5 | keyex value d5 54 a2 f6 ec 1f 97 4a 24 2c 84 6b fb 0f 5b d5 | keyex value 54 2a d7 1b da 95 4c 96 93 35 51 c2 37 c5 41 50 | keyex value ee 24 aa 8b af c0 1e e4 86 2c 16 9b e9 9d 4f 19 | keyex value c9 e4 5b 0e 60 1c 69 b1 8f 02 a8 9a b0 a4 e1 d5 | keyex value b1 f4 ae cc 1c 62 44 c2 b3 87 3b 1a 2d 31 ea 7c | keyex value 89 64 f8 b8 f9 b9 de be d5 6a 79 61 f5 b1 a0 d5 | keyex value 6a 5c d3 f2 35 ae 5d af 8e c4 04 ec ad 8e 4d dd | keyex value ce 17 ff 6f fd e8 b6 90 e4 0d f5 1c 2f f3 b2 6d | emitting length of ISAKMP Key Exchange Payload: 260 | ***emit ISAKMP Nonce Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Key Exchange Payload'.'next payload type' to current ISAKMP Nonce Payload (10:ISAKMP_NEXT_NONCE) | next payload chain: saving location 'ISAKMP Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of Nr into ISAKMP Nonce Payload | Nr 40 63 63 5a 86 d8 db 58 54 e7 58 b8 a4 2f 55 51 | Nr 80 40 9a 98 a3 92 5d 6b 16 2d 2b c3 c3 7b 2a 09 | emitting length of ISAKMP Nonce Payload: 36 | sending NAT-D payloads | natd_hash: hasher=0x561d24aafca0(32) | natd_hash: icookie= 73 37 a3 72 2c 29 3b a5 | natd_hash: rcookie= bd ee 07 08 d4 7a e6 57 | natd_hash: ip= c0 01 03 d1 | natd_hash: port=500 | natd_hash: hash= 6c b3 bb 41 4b 12 16 27 0e 95 aa 39 ab fa 7b 91 | natd_hash: hash= bb d4 2f 2f 0d ab a8 0c a5 c8 5c ee 18 32 78 ef | ***emit ISAKMP NAT-D Payload: | next payload type: ISAKMP_NEXT_NATD_RFC (0x14) | next payload chain: ignoring supplied 'ISAKMP NAT-D Payload'.'next payload type' value 20:ISAKMP_NEXT_NATD_RFC | next payload chain: setting previous 'ISAKMP Nonce Payload'.'next payload type' to current ISAKMP NAT-D Payload (20:ISAKMP_NEXT_NATD_RFC) | next payload chain: saving location 'ISAKMP NAT-D Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of NAT-D into ISAKMP NAT-D Payload | NAT-D 6c b3 bb 41 4b 12 16 27 0e 95 aa 39 ab fa 7b 91 | NAT-D bb d4 2f 2f 0d ab a8 0c a5 c8 5c ee 18 32 78 ef | emitting length of ISAKMP NAT-D Payload: 36 | natd_hash: hasher=0x561d24aafca0(32) | natd_hash: icookie= 73 37 a3 72 2c 29 3b a5 | natd_hash: rcookie= bd ee 07 08 d4 7a e6 57 | natd_hash: ip= c0 01 02 17 | natd_hash: port=500 | natd_hash: hash= 07 cf ad 2c 98 25 c4 3d fe 39 e7 94 f5 91 1d 37 | natd_hash: hash= 26 82 55 d2 8c 6c 64 aa 04 a6 84 53 76 84 e4 c6 | ***emit ISAKMP NAT-D Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP NAT-D Payload'.'next payload type' to current ISAKMP NAT-D Payload (20:ISAKMP_NEXT_NATD_RFC) | next payload chain: saving location 'ISAKMP NAT-D Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of NAT-D into ISAKMP NAT-D Payload | NAT-D 07 cf ad 2c 98 25 c4 3d fe 39 e7 94 f5 91 1d 37 | NAT-D 26 82 55 d2 8c 6c 64 aa 04 a6 84 53 76 84 e4 c6 | emitting length of ISAKMP NAT-D Payload: 36 | no IKEv1 message padding required | emitting length of ISAKMP Message: 396 | main inI2_outR2: starting async DH calculation (group=14) | started looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org->%fromcert of kind PKK_PSK | actually looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org->%fromcert of kind PKK_PSK | line 0: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org) to type PKK_RSA | line 1: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org) to type PKK_RSA | concluding with best_match=000 best=(nil) (lineno=-1) | no PreShared Key Found | adding main_inI2_outR2_tail work-order 6 for state #3 | state #3 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x561d26442928 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f24fc004218 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f24fc004218 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #3 | libevent_malloc: new ptr-libevent@0x561d264435f8 size 128 | #3 main_inI2_outR2_continue1_tail:1165 st->st_calculating = FALSE; | complete v1 state transition with STF_OK | crypto helper 5 resuming | [RE]START processing: state #3 connection "east-any"[2] 192.1.3.209 from 192.1.3.209:500 (in complete_v1_state_transition() at ikev1.c:2673) | #3 is idle; has background offloaded task | doing_xauth:yes, t_xauth_client_done:no | IKEv1: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2 | crypto helper 5 starting work-order 6 for state #3 | parent state #3: MAIN_R1(open IKE SA) => MAIN_R2(open IKE SA) | event_already_set, deleting event | state #3 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x561d264435f8 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f24fc004218 | crypto helper 5 doing compute dh+iv (V1 Phase 1) (main_inI2_outR2_tail); request ID 6 | sending reply packet to 192.1.3.209:500 (from 192.1.2.23:500) | sending 396 bytes for STATE_MAIN_R1 through eth1 from 192.1.2.23:500 to 192.1.3.209:500 (using #3) | 73 37 a3 72 2c 29 3b a5 bd ee 07 08 d4 7a e6 57 | 04 10 02 00 00 00 00 00 00 00 01 8c 0a 00 01 04 | ad 24 54 e4 6d 10 0a fb 7e 98 2e cf 73 0d 23 54 | 2d c6 55 14 85 e6 fb cb 8b 81 18 62 bd 14 67 6f | 4d 4f 93 32 d0 ae 30 4a c2 40 74 33 39 93 a1 e6 | 8f 69 5b e0 9a 18 fa 29 2a 22 7f cd da 01 f3 80 | 68 12 76 3b 0c a8 a9 6e 4a 80 bf 4b 92 0c 79 f5 | eb 4a 5b 66 5f 2b 5b 23 0f 7b 82 a9 2b 54 3f 92 | a8 cf ff c4 fc 88 b5 a6 87 b0 ed 05 e5 5d 56 62 | ab f5 df a3 7a b1 ae d6 4b 00 26 40 79 94 e3 b5 | d5 54 a2 f6 ec 1f 97 4a 24 2c 84 6b fb 0f 5b d5 | 54 2a d7 1b da 95 4c 96 93 35 51 c2 37 c5 41 50 | ee 24 aa 8b af c0 1e e4 86 2c 16 9b e9 9d 4f 19 | c9 e4 5b 0e 60 1c 69 b1 8f 02 a8 9a b0 a4 e1 d5 | b1 f4 ae cc 1c 62 44 c2 b3 87 3b 1a 2d 31 ea 7c | 89 64 f8 b8 f9 b9 de be d5 6a 79 61 f5 b1 a0 d5 | 6a 5c d3 f2 35 ae 5d af 8e c4 04 ec ad 8e 4d dd | ce 17 ff 6f fd e8 b6 90 e4 0d f5 1c 2f f3 b2 6d | 14 00 00 24 40 63 63 5a 86 d8 db 58 54 e7 58 b8 | a4 2f 55 51 80 40 9a 98 a3 92 5d 6b 16 2d 2b c3 | c3 7b 2a 09 14 00 00 24 6c b3 bb 41 4b 12 16 27 | 0e 95 aa 39 ab fa 7b 91 bb d4 2f 2f 0d ab a8 0c | a5 c8 5c ee 18 32 78 ef 00 00 00 24 07 cf ad 2c | 98 25 c4 3d fe 39 e7 94 f5 91 1d 37 26 82 55 d2 | 8c 6c 64 aa 04 a6 84 53 76 84 e4 c6 | !event_already_set at reschedule | event_schedule: new EVENT_RETRANSMIT-pe@0x7f24fc004218 | inserting event EVENT_RETRANSMIT, timeout in 15 seconds for #3 | libevent_malloc: new ptr-libevent@0x561d264435f8 size 128 | #3 STATE_MAIN_R2: retransmits: first event in 15 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 29856.837044 "east-any"[2] 192.1.3.209 #3: STATE_MAIN_R2: sent MR2, expecting MI3 | modecfg pull: noquirk policy:pull not-client | phase 1 is done, looking for phase 2 to unpend | resume sending helper answer for #3 suppresed complete_v1_state_transition() | #3 spent 0.37 milliseconds in resume sending helper answer | stop processing: state #3 connection "east-any"[2] 192.1.3.209 from 192.1.3.209:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f24f4002888 | crypto helper 5 finished compute dh+iv (V1 Phase 1) (main_inI2_outR2_tail); request ID 6 time elapsed 0.001148 seconds | (#3) spent 1.15 milliseconds in crypto helper computing work-order 6: main_inI2_outR2_tail (pcr) | crypto helper 5 sending results from work-order 6 for state #3 to event queue | scheduling resume sending helper answer for #3 | libevent_malloc: new ptr-libevent@0x7f24e8007f58 size 128 | crypto helper 5 waiting (nothing to do) | processing resume sending helper answer for #3 | start processing: state #3 connection "east-any"[2] 192.1.3.209 from 192.1.3.209:500 (in resume_handler() at server.c:797) | crypto helper 5 replies to request ID 6 | calling continuation function 0x561d249dab50 | main_inI2_outR2_calcdone for #3: calculate DH finished | [RE]START processing: state #3 connection "east-any"[2] 192.1.3.209 from 192.1.3.209:500 (in main_inI2_outR2_continue2() at ikev1_main.c:1015) | stop processing: state #3 connection "east-any"[2] 192.1.3.209 from 192.1.3.209:500 (in main_inI2_outR2_continue2() at ikev1_main.c:1028) | resume sending helper answer for #3 suppresed complete_v1_state_transition() | #3 spent 0.0207 milliseconds in resume sending helper answer | processing: STOP state #0 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f24e8007f58 | spent 0.00298 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 1852 bytes from 192.1.3.209:500 on eth1 (192.1.2.23:500) | 73 37 a3 72 2c 29 3b a5 bd ee 07 08 d4 7a e6 57 | 05 10 02 01 00 00 00 00 00 00 07 3c 69 bc ed 07 | c1 49 7f 6d 02 42 52 28 c9 68 34 d3 c8 79 fc 43 | 81 78 9b 39 c8 ef 1e 74 33 6f 9a 7e 15 94 00 45 | 4d 84 1f c7 45 e8 d5 64 5d 7e c3 f8 97 ba 9b 05 | 7d 14 f0 46 43 52 8a 55 3d 67 7e 87 36 9d a1 b0 | 81 cc 15 7b fc 54 f7 19 38 b7 85 25 0f a7 e0 fb | 00 36 98 9a a5 5e 52 34 1c 1d e7 37 d8 29 5f d9 | ae 0c 63 35 d8 95 1b 6e 3f 29 b8 b7 b5 76 17 e2 | fa 72 6d c1 10 c2 f5 d5 1b fb 79 51 f1 70 61 0a | 31 e5 34 dd ee 3a 13 64 5f fe bc fa fd a9 c4 65 | 6a 53 e2 d3 b3 72 72 bb a2 65 e1 b1 05 d1 a8 2e | 72 58 c4 bc b4 f3 97 ab 07 72 77 e4 13 01 7d 47 | 36 3e 32 62 c3 8a cc bb 16 d5 95 f4 45 94 6f bd | 72 99 9c 96 60 7c 32 f1 88 5c 59 73 cb c7 3d c1 | dc b4 1e e7 60 ed d3 88 0a a1 ba 6e f1 78 4c d2 | 3f 98 be 52 4f c8 2f d5 9e a9 dd 92 b4 bf 46 68 | 90 3a d9 f4 f9 c0 32 2d f6 ec b0 6b 6a a6 79 c9 | b0 44 d5 13 bf 19 22 95 c5 c6 5e 0e e6 0f 65 25 | 85 45 1d e7 74 1e ce bf 24 30 25 43 f3 e2 bf aa | 92 46 a0 3e 2c aa 62 11 c9 a1 34 ad 55 92 3f 9b | 81 71 1b bb be eb 05 0d 8a 0d ee 54 ea 6d 3f 40 | 7c 5b 83 a3 72 05 4b fe a1 b1 e2 5c 98 de d2 32 | ad 62 f9 d6 ac 10 e3 e8 cb 0f 37 99 34 db 97 5a | bb e8 a3 98 81 96 30 c2 2e 9e 55 c8 d3 b8 5f 4b | 18 a2 20 c9 23 76 27 eb 3a b2 0d c6 ab 1d 46 7b | c1 4b 39 e9 c1 98 f9 e5 ee 6e 07 34 59 a8 7e 87 | e2 36 0b c6 8b ea 8d 99 9b 2a 55 cf b8 20 0d 58 | 43 33 d3 87 27 ce d0 58 48 2d 0c 57 f9 26 89 53 | d8 8b e9 0c 2f 3d 05 49 30 eb d8 43 40 54 63 29 | 8b 3d 03 9d a7 10 01 78 3a 22 97 09 17 ca 0b 2a | cf 41 61 68 27 b3 90 e5 9c d2 4a c7 b8 aa 19 07 | 27 2f a4 fd 55 5b af 46 88 35 88 b0 f9 f2 c0 33 | 55 83 30 40 4b 1b 0c 69 ef 34 94 2d ba c2 d0 0e | 2e 4b 7b bf 68 97 43 99 8f 3b b3 3e f0 73 8d 1b | fa 3f a3 c1 52 f3 c9 1f 06 84 08 75 9d 70 1e eb | 95 51 ac d0 6b 7d ad 78 52 7f 2e 76 56 3c 8d b5 | eb b4 90 ef d8 f9 c6 5f c0 a3 82 df 80 7e dd 14 | 86 6f 0f 62 fe 98 ea e6 d0 8a ad 85 a9 1f 38 ca | 7a 0d 70 1d 54 0e 48 88 fd d5 e6 66 80 52 9c 25 | 6c b2 a3 c1 73 29 e8 ef b0 80 68 af e6 99 d3 64 | ae 2a 05 ec 6f ec 63 77 d9 49 16 f9 63 9a 86 f2 | 15 52 4f ee ed 02 cf 97 e2 f4 8f 1c bb 14 c8 c0 | 45 71 43 de 4e 70 21 25 7d aa 74 2e 7e b3 a4 6e | 10 64 cb 93 0d 21 82 90 8a 9f 4e 45 a3 31 18 b6 | e5 35 ce 79 da 4b c6 8c d8 97 54 64 4f 29 13 1e | f7 62 6c 59 fa 40 a8 f9 ad 99 b0 89 c9 6c 60 cc | 28 46 63 81 0c ed 1f 93 86 88 56 1e 5d 20 1d 12 | 43 93 5d ac 93 cb 1b 58 d3 b2 61 ec cb 66 09 28 | bd 15 73 23 80 c4 44 a4 3b 8d c3 b9 1f 08 d9 9a | c5 35 9a bb 22 34 26 4a cf 92 74 19 9f ab cf 01 | b3 97 8f f9 ce bd 87 c1 79 20 b1 1c 10 e9 db d1 | b9 44 06 f5 48 59 e3 18 ea a8 95 d1 7e 32 31 8f | 9e c4 dd 25 45 ce 06 9a d2 38 ae fe 12 5e 9c ad | e6 ff af b7 bf ec 98 80 a9 d5 2f f8 6f 27 9b e6 | f8 a9 cc 7f 11 2d 31 58 36 58 2c 12 cb ca 11 5a | 4b 01 4a 3d ed 74 b3 21 10 c7 0a 3c 37 41 f8 a2 | e1 b4 9f 89 09 f3 5f 84 ee 00 8d 65 99 8a 16 f6 | c0 74 11 98 5a ec 75 74 dd 6a 85 e2 67 93 62 ca | a4 3c ed 07 5d cc ad ec 12 a0 f5 7b a5 32 75 f7 | 38 2f 00 06 6a 8d 39 e0 4f 7c 43 e5 f6 c1 eb 4d | 8a 07 a4 6f 0c b2 c7 77 b2 c2 52 87 94 d2 eb 21 | 41 85 8b 1b c8 e1 9c 44 11 8d be 2c f2 4a 29 c1 | 75 34 c4 ff 67 9b 10 45 4e f9 a1 cb e2 32 0f c3 | 7e ac 65 90 e2 b6 00 36 b4 b7 48 1e 1e 60 8d e1 | fd 1f 1f bc a5 42 24 db 27 eb b7 ab 99 15 2a 25 | 37 2a 92 b4 e7 73 71 c0 b8 4b 06 d7 40 1f 81 5d | fb a9 ad 7e 63 0f 22 27 98 c1 14 d5 80 ad aa 27 | fd ed 8b 9b 19 15 dd 8f 7c 41 97 98 ad 3a bc f3 | 63 00 d4 f0 17 f8 eb 30 b0 13 a8 e0 02 8b 11 bf | 06 94 b3 71 9e a6 72 c0 f1 8f d9 89 26 4c 72 0b | fe 82 00 2c 6b 7b 26 53 ae 05 28 a0 8e 42 2d 39 | 37 9f 8a 6f e2 ca 06 a9 4b 1f 14 bb 11 3e 21 b0 | 5c 44 29 48 3e fd 58 35 d4 9d a4 fd 2a e1 25 8f | 76 20 92 72 89 98 97 10 1b 2e 76 01 5d f0 ae 27 | d0 a0 59 22 b2 4e bf 23 77 99 79 71 3f eb b6 2d | d3 09 f0 e5 03 4b 75 30 ca 7a d3 3a 45 e9 6c bf | 9f 01 65 88 87 9d 24 6a 8f 20 54 15 8a 17 3c 01 | bc a0 ef 6a af 09 59 33 53 8d 86 10 a6 9c 1f b6 | fa ba 11 51 19 ac b7 47 74 5b 6b c2 f7 9d ea 7b | b0 bd 12 e8 7b cc 43 7a 03 08 2c 2a bd 41 d2 0e | 8f 6a 82 f2 a8 d4 82 f3 45 96 15 20 17 43 c9 10 | 01 cf 80 f7 7b 16 a3 d1 0e 38 a3 b1 05 e6 29 5c | 84 e7 86 46 03 a1 ff a0 9a 57 a9 84 6e 79 3d 21 | 60 e4 f3 14 4e 5d c2 0a 9c 75 f2 63 8b 49 54 64 | 7d ec aa af 74 7d 7c 5e ae 76 03 3b d1 45 b9 c7 | 64 cc 96 95 98 92 1c db bc 22 e3 45 dd e0 ec b4 | 21 3c 8e 69 79 84 d3 ea 52 f3 00 37 98 97 8d ae | 58 f1 18 cf f6 30 69 cd e4 15 59 15 b4 82 fd b9 | bf 28 c7 3f 79 68 d4 16 b3 7e 23 1c ab e5 c5 5e | 48 96 95 eb ac 75 00 b6 a2 6e e7 73 94 57 1d be | 88 70 ff 0a c3 60 dc c0 79 b6 b1 1e fc 00 72 d4 | 9d 9d e8 05 60 c7 eb 45 d5 28 0e 6f 74 c4 44 26 | 8b fd 9a 62 d0 c5 f9 a4 25 04 ec e6 0e 2c 12 ea | d6 d6 0f 16 aa 96 70 c8 34 18 d4 39 44 eb 35 6b | 95 9b 85 16 cc 0d 80 58 d5 a6 e9 41 28 95 e5 df | 99 68 70 b0 12 5d fe ab c9 04 60 ee 10 d6 fd 45 | 06 85 aa b1 86 86 d2 4f ae 26 29 d0 39 7b a0 55 | fb ae 7f 08 71 62 c5 97 e9 1a d5 b9 1a 00 bf 46 | 00 1c 1e f7 0a 57 4e e4 6e 8c da 67 14 cd d5 50 | 1b cb 69 c6 e7 6c b7 ed 5a b7 85 dc 13 1b 27 9c | cb f3 5d c1 cc 6f 89 13 03 35 46 99 83 f6 40 79 | 97 cf a3 5e 9e 64 63 b2 3c 04 da 20 44 57 8f 0e | 82 75 cd 88 63 a1 18 81 15 05 5f 16 33 7b ab 2d | 3f a7 84 4b c2 fd 86 97 66 b4 1a 87 cf bc 9f 1c | fc 4f 6e 69 1a bb 13 e5 a4 f8 5c 85 8b 39 65 e6 | 83 ee bf de 4e 5e 0e ec 1d 05 5a 76 e9 73 fd 4f | bc 1a ce a4 66 64 0b 06 f8 64 dd 0e 05 8d 3d 87 | c7 c2 b2 63 f0 2a 41 20 c8 17 18 af af 09 b0 b1 | df 0a 33 c7 73 ca a0 58 29 d9 fa 04 6f e3 88 00 | 4a 19 ad 21 bc 23 c1 2f f6 61 8b 80 5e 28 a6 6a | 23 5f e3 a8 5e ec a2 72 9a aa 24 4e 91 fc e2 1a | e0 54 39 fe b8 8a e2 ff 6b 6d 21 f1 e8 0c 54 49 | 76 7a d8 85 2c 82 f0 ba c1 09 0c 67 f2 19 33 2c | 02 d5 8c cf 72 74 26 57 d7 22 72 e7 19 f3 ff 87 | 6f b0 54 ae a3 89 4c 43 4d bc 17 c6 | start processing: from 192.1.3.209:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 73 37 a3 72 2c 29 3b a5 | responder cookie: | bd ee 07 08 d4 7a e6 57 | next payload type: ISAKMP_NEXT_ID (0x5) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 0 (0x0) | length: 1852 (0x73c) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) | State DB: found IKEv1 state #3 in MAIN_R2 (find_state_ikev1) | start processing: state #3 connection "east-any"[2] 192.1.3.209 from 192.1.3.209:500 (in process_v1_packet() at ikev1.c:1459) | #3 is idle | #3 idle | received encrypted packet from 192.1.3.209:500 | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x220 opt: 0x20c0 | ***parse ISAKMP Identification Payload: | next payload type: ISAKMP_NEXT_CERT (0x6) | length: 191 (0xbf) | ID type: ID_DER_ASN1_DN (0x9) | DOI specific A: 0 (0x0) | DOI specific B: 0 (0x0) | obj: 30 81 b4 31 0b 30 09 06 03 55 04 06 13 02 43 41 | obj: 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 | obj: 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 | obj: 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c | obj: 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 | obj: 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 | obj: 6e 74 31 23 30 21 06 03 55 04 03 0c 1a 72 6f 61 | obj: 64 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 | obj: 77 61 6e 2e 6f 72 67 31 2e 30 2c 06 09 2a 86 48 | obj: 86 f7 0d 01 09 01 16 1f 75 73 65 72 2d 72 6f 61 | obj: 64 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 | obj: 77 61 6e 2e 6f 72 67 | got payload 0x40 (ISAKMP_NEXT_CERT) needed: 0x200 opt: 0x20c0 | ***parse ISAKMP Certificate Payload: | next payload type: ISAKMP_NEXT_CR (0x7) | length: 1229 (0x4cd) | cert encoding: CERT_X509_SIGNATURE (0x4) | got payload 0x80 (ISAKMP_NEXT_CR) needed: 0x200 opt: 0x20c0 | ***parse ISAKMP Certificate RequestPayload: | next payload type: ISAKMP_NEXT_SIG (0x9) | length: 5 (0x5) | cert type: CERT_X509_SIGNATURE (0x4) | got payload 0x200 (ISAKMP_NEXT_SIG) needed: 0x200 opt: 0x20c0 | ***parse ISAKMP Signature Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 388 (0x184) | removing 11 bytes of padding | message 'main_inI3_outR3' HASH payload not checked early | DER ASN1 DN: 30 81 b4 31 0b 30 09 06 03 55 04 06 13 02 43 41 | DER ASN1 DN: 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 | DER ASN1 DN: 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 | DER ASN1 DN: 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c | DER ASN1 DN: 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 | DER ASN1 DN: 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 | DER ASN1 DN: 6e 74 31 23 30 21 06 03 55 04 03 0c 1a 72 6f 61 | DER ASN1 DN: 64 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 | DER ASN1 DN: 77 61 6e 2e 6f 72 67 31 2e 30 2c 06 09 2a 86 48 | DER ASN1 DN: 86 f7 0d 01 09 01 16 1f 75 73 65 72 2d 72 6f 61 | DER ASN1 DN: 64 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 | DER ASN1 DN: 77 61 6e 2e 6f 72 67 "east-any"[2] 192.1.3.209 #3: Peer ID is ID_DER_ASN1_DN: 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=road.testing.libreswan.org, E=user-road@testing.libreswan.org' | global one-shot timer EVENT_FREE_ROOT_CERTS scheduled in 300 seconds | #3 spent 0.00536 milliseconds in find_and_verify_certs() calling get_root_certs() | checking for known CERT payloads | saving certificate of type 'X509_SIGNATURE' | decoded cert: E=user-road@testing.libreswan.org,CN=road.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA | #3 spent 1.05 milliseconds in find_and_verify_certs() calling decode_cert_payloads() | cert_issuer_has_current_crl: looking for a CRL issued by E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA | #3 spent 0.0432 milliseconds in find_and_verify_certs() calling crl_update_check() | missing or expired CRL | crl_strict: 0, ocsp: 0, ocsp_strict: 0, ocsp_post: 0 | verify_end_cert trying profile IPsec | certificate is valid (profile IPsec) | #3 spent 0.106 milliseconds in find_and_verify_certs() calling verify_end_cert() "east-any"[2] 192.1.3.209 #3: certificate verified OK: E=user-road@testing.libreswan.org,CN=road.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x561d2645b028 | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x561d2645a668 | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x561d2645a4b8 | unreference key: 0x561d26442e98 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=road.testing.libreswan.org, E=user-road@testing.libreswan.org cnt 1-- | #3 spent 0.255 milliseconds in decode_certs() calling add_pubkey_from_nss_cert() | #3 spent 1.49 milliseconds in decode_certs() | ID_DER_ASN1_DN 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=road.testing.libreswan.org, E=user-road@testing.libreswan.org' needs further ID comparison against 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=road.testing.libreswan.org, E=user-road@testing.libreswan.org' | ID_DER_ASN1_DN 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=road.testing.libreswan.org, E=user-road@testing.libreswan.org' matched our ID | SAN ID matched, updating that.cert | X509: CERT and ID matches current connection | CR | requested CA: '%any' | refine_host_connection for IKEv1: starting with "east-any"[2] 192.1.3.209 | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' | match_id a=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=road.testing.libreswan.org, E=user-road@testing.libreswan.org | b=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=road.testing.libreswan.org, E=user-road@testing.libreswan.org | results matched | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' | refine_host_connection: checking "east-any"[2] 192.1.3.209 against "east-any"[2] 192.1.3.209, best=(none) with match=1(id=1(0)/ca=1(7)/reqca=1(0)) | Warning: not switching back to template of current instance | No IDr payload received from peer | refine_host_connection: checked east-any[2] 192.1.3.209 against east-any[2] 192.1.3.209, now for see if best | started looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=road.testing.libreswan.org, E=user-road@testing.libreswan.org of kind PKK_RSA | searching for certificate PKK_RSA:AwEAAbEef vs PKK_RSA:AwEAAbEef | refine_host_connection: picking new best "east-any"[2] 192.1.3.209 (wild=0, peer_pathlen=7/our=0) | refine going into 2nd loop allowing instantiated conns as well | find_host_pair: comparing 192.1.2.23:500 to 0.0.0.0:500 but ignoring ports | match_id a=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=road.testing.libreswan.org, E=user-road@testing.libreswan.org | b=%fromcert | results fail | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' | refine_host_connection: checking "east-any"[2] 192.1.3.209 against "east-any", best=east-any with match=0(id=0(0)/ca=1(7)/reqca=1(0)) | Warning: not switching back to template of current instance | No IDr payload received from peer | refine_host_connection: checked east-any[2] 192.1.3.209 against east-any, now for see if best | started looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org->%fromcert of kind PKK_RSA | searching for certificate PKK_RSA:AwEAAbEef vs PKK_RSA:AwEAAbEef | returning since no better match than original best_found | offered CA: 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' | required RSA CA is '%any' | checking RSA keyid 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=road.testing.libreswan.org, E=user-road@testing.libreswan.org' for match with 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=road.testing.libreswan.org, E=user-road@testing.libreswan.org' | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' | key issuer CA is 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' | an RSA Sig check passed with *AwEAAd7rc [remote certificates] | #3 spent 0.0979 milliseconds in try_all_RSA_keys() trying a pubkey "east-any"[2] 192.1.3.209 #3: Authenticated using RSA | thinking about whether to send my certificate: | I have RSA key: OAKLEY_RSA_SIG cert.type: CERT_X509_SIGNATURE | sendcert: CERT_ALWAYSSEND and I did not get a certificate request | so send cert. | **emit ISAKMP Message: | initiator cookie: | 73 37 a3 72 2c 29 3b a5 | responder cookie: | bd ee 07 08 d4 7a e6 57 | next payload type: ISAKMP_NEXT_ID (0x5) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_IDPROT (0x2) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 0 (0x0) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | next payload chain: ignoring supplied 'ISAKMP Message'.'next payload type' value 5:ISAKMP_NEXT_ID | ***emit ISAKMP Identification Payload (IPsec DOI): | next payload type: ISAKMP_NEXT_CERT (0x6) | ID type: ID_DER_ASN1_DN (0x9) | Protocol ID: 0 (0x0) | port: 0 (0x0) | next payload chain: ignoring supplied 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' value 6:ISAKMP_NEXT_CERT | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' | emitting 183 raw bytes of my identity into ISAKMP Identification Payload (IPsec DOI) | my identity 30 81 b4 31 0b 30 09 06 03 55 04 06 13 02 43 41 | my identity 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 | my identity 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 | my identity 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c | my identity 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 | my identity 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 | my identity 6e 74 31 23 30 21 06 03 55 04 03 0c 1a 65 61 73 | my identity 74 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 | my identity 77 61 6e 2e 6f 72 67 31 2e 30 2c 06 09 2a 86 48 | my identity 86 f7 0d 01 09 01 16 1f 75 73 65 72 2d 65 61 73 | my identity 74 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 | my identity 77 61 6e 2e 6f 72 67 | emitting length of ISAKMP Identification Payload (IPsec DOI): 191 "east-any"[2] 192.1.3.209 #3: I am sending my cert | ***emit ISAKMP Certificate Payload: | next payload type: ISAKMP_NEXT_SIG (0x9) | cert encoding: CERT_X509_SIGNATURE (0x4) | next payload chain: ignoring supplied 'ISAKMP Certificate Payload'.'next payload type' value 9:ISAKMP_NEXT_SIG | next payload chain: setting previous 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' to current ISAKMP Certificate Payload (6:ISAKMP_NEXT_CERT) | next payload chain: saving location 'ISAKMP Certificate Payload'.'next payload type' in 'reply packet' | emitting 1260 raw bytes of CERT into ISAKMP Certificate Payload | CERT 30 82 04 e8 30 82 04 51 a0 03 02 01 02 02 01 03 | CERT 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 | CERT 81 ac 31 0b 30 09 06 03 55 04 06 13 02 43 41 31 | CERT 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 69 | CERT 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 6f | CERT 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c 69 | CERT 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 0b | CERT 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 6e | CERT 74 31 25 30 23 06 03 55 04 03 0c 1c 4c 69 62 72 | CERT 65 73 77 61 6e 20 74 65 73 74 20 43 41 20 66 6f | CERT 72 20 6d 61 69 6e 63 61 31 24 30 22 06 09 2a 86 | CERT 48 86 f7 0d 01 09 01 16 15 74 65 73 74 69 6e 67 | CERT 40 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 30 22 | CERT 18 0f 32 30 31 39 30 38 32 34 30 39 30 37 35 33 | CERT 5a 18 0f 32 30 32 32 30 38 32 33 30 39 30 37 35 | CERT 33 5a 30 81 b4 31 0b 30 09 06 03 55 04 06 13 02 | CERT 43 41 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 | CERT 61 72 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 | CERT 6f 72 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c | CERT 09 4c 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 | CERT 55 04 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 | CERT 6d 65 6e 74 31 23 30 21 06 03 55 04 03 0c 1a 65 | CERT 61 73 74 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 | CERT 65 73 77 61 6e 2e 6f 72 67 31 2e 30 2c 06 09 2a | CERT 86 48 86 f7 0d 01 09 01 16 1f 75 73 65 72 2d 65 | CERT 61 73 74 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 | CERT 65 73 77 61 6e 2e 6f 72 67 30 82 01 a2 30 0d 06 | CERT 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 8f | CERT 00 30 82 01 8a 02 82 01 81 00 b1 1e 7c b3 bf 11 | CERT 96 94 23 ca 97 5e c7 66 36 55 71 49 95 8d 0c 2a | CERT 5c 30 4d 58 29 a3 7b 4d 3b 3f 03 06 46 a6 04 63 | CERT 71 0d e1 59 4f 9c ec 3a 17 24 8d 91 6a a8 e2 da | CERT 57 41 de f4 ff 65 bf f6 11 34 d3 7d 5a 7f 6e 3a | CERT 3b 74 3c 51 2b e4 bf ce 6b b2 14 47 26 52 f5 57 | CERT 28 bc c5 fb f9 bc 2d 4e b9 f8 46 54 c7 95 41 a7 | CERT a4 b4 d3 b3 fe 55 4b df f5 c3 78 39 8b 4e 04 57 | CERT c0 1d 5b 17 3c 28 eb 40 9d 1d 7c b3 bb 0f f0 63 | CERT c7 c0 84 b0 4e e4 a9 7c c5 4b 08 43 a6 2d 00 22 | CERT fd 98 d4 03 d0 ad 97 85 d1 48 15 d3 e4 e5 2d 46 | CERT 7c ab 41 97 05 27 61 77 3d b6 b1 58 a0 5f e0 8d | CERT 26 84 9b 03 20 ce 5e 27 7f 7d 14 03 b6 9d 6b 9f | CERT fd 0c d4 c7 2d eb be ea 62 87 fa 99 e0 a6 1c 85 | CERT 4f 34 da 93 2e 5f db 03 10 58 a8 c4 99 17 2d b1 | CERT bc e5 7b bd af 0e 28 aa a5 74 ea 69 74 5e fa 2c | CERT c3 00 3c 2f 58 d0 20 cf e3 46 8d de aa f9 f7 30 | CERT 5c 16 05 04 89 4c 92 9b 8a 33 11 70 83 17 58 24 | CERT 2a 4b ab be b6 ec 84 9c 78 9c 11 04 2a 02 ce 27 | CERT 83 a1 1f 2b 38 3f 27 7d 46 94 63 ff 64 59 4e 6c | CERT 87 ca 3e e6 31 df 1e 7d 48 88 02 c7 9d fa 4a d7 | CERT f2 5b a5 fd 7f 1b c6 dc 1a bb a6 c4 f8 32 cd bf | CERT a7 0b 71 8b 2b 31 41 17 25 a4 18 52 7d 32 fc 0f | CERT 5f b8 bb ca e1 94 1a 42 4d 1f 37 16 67 84 ae b4 | CERT 32 42 9c 5a 91 71 62 b4 4b 07 02 03 01 00 01 a3 | CERT 82 01 06 30 82 01 02 30 09 06 03 55 1d 13 04 02 | CERT 30 00 30 47 06 03 55 1d 11 04 40 30 3e 82 1a 65 | CERT 61 73 74 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 | CERT 65 73 77 61 6e 2e 6f 72 67 81 1a 65 61 73 74 40 | CERT 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 | CERT 6e 2e 6f 72 67 87 04 c0 01 02 17 30 0b 06 03 55 | CERT 1d 0f 04 04 03 02 07 80 30 1d 06 03 55 1d 25 04 | CERT 16 30 14 06 08 2b 06 01 05 05 07 03 01 06 08 2b | CERT 06 01 05 05 07 03 02 30 41 06 08 2b 06 01 05 05 | CERT 07 01 01 04 35 30 33 30 31 06 08 2b 06 01 05 05 | CERT 07 30 01 86 25 68 74 74 70 3a 2f 2f 6e 69 63 2e | CERT 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 | CERT 6e 2e 6f 72 67 3a 32 35 36 30 30 3d 06 03 55 1d | CERT 1f 04 36 30 34 30 32 a0 30 a0 2e 86 2c 68 74 74 | CERT 70 3a 2f 2f 6e 69 63 2e 74 65 73 74 69 6e 67 2e | CERT 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 2f 72 65 | CERT 76 6f 6b 65 64 2e 63 72 6c 30 0d 06 09 2a 86 48 | CERT 86 f7 0d 01 01 0b 05 00 03 81 81 00 3a 56 a3 7d | CERT b1 4e 62 2f 82 0d e3 fe 74 40 ef cb eb 93 ea ad | CERT e4 74 8b 80 6f ae 8b 65 87 12 a6 24 0d 21 9c 5f | CERT 70 5c 6f d9 66 8d 98 8b ea 59 f8 96 52 6a 6c 86 | CERT d6 7d ba 37 a9 8c 33 8c 77 18 23 0b 1b 2a 66 47 | CERT e7 95 94 e6 75 84 30 d4 db b8 23 eb 89 82 a9 fd | CERT ed 46 8b ce 46 7f f9 19 8f 49 da 29 2e 1e 97 cd | CERT 12 42 86 c7 57 fc 4f 0a 19 26 8a a1 0d 26 81 4d | CERT 53 f4 5c 92 a1 03 03 8d 6c 51 33 cc | emitting length of ISAKMP Certificate Payload: 1265 | started looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=road.testing.libreswan.org, E=user-road@testing.libreswan.org of kind PKK_RSA | searching for certificate PKK_RSA:AwEAAbEef vs PKK_RSA:AwEAAbEef | ***emit ISAKMP Signature Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Certificate Payload'.'next payload type' to current ISAKMP Signature Payload (9:ISAKMP_NEXT_SIG) | next payload chain: saving location 'ISAKMP Signature Payload'.'next payload type' in 'reply packet' | emitting 384 raw bytes of SIG_R into ISAKMP Signature Payload | SIG_R 29 c8 70 7e b2 61 40 9f 75 ef c4 85 91 4c 59 a6 | SIG_R 79 0b 05 88 28 38 c0 bb 9a 8f ee a8 3f b7 44 02 | SIG_R 34 65 0a a4 b1 ab ba bf 76 26 7d 6e 9c 87 0e 8d | SIG_R 26 18 78 ae 22 4f 50 dc d0 70 1b aa 5d 1c ac 4a | SIG_R 93 c0 ff 74 20 c7 bb f9 f7 af 8e 9a ef e2 29 81 | SIG_R 2d e4 f2 7b bf 9b 59 4d 2e 9e 17 70 f6 31 a7 b2 | SIG_R 1b e4 7a e2 b9 d5 bc c6 81 cf 5f 3a 68 9e db 2b | SIG_R 15 87 3d f9 07 93 65 8a 69 20 b2 01 8d 49 31 aa | SIG_R 37 59 20 21 90 70 59 4d 51 e7 4b 5d 05 76 74 9e | SIG_R ca 80 8d f8 06 3b a9 95 2a 21 34 a1 8a e4 fd 2e | SIG_R 8b 21 f8 05 be 3f a3 ca 04 35 0d 92 91 35 21 9a | SIG_R 82 83 21 b1 af 7c 3b d8 b9 c1 f9 99 cd fe 8c 98 | SIG_R 32 83 f3 73 16 9a b2 b8 1c 09 69 9d 7b fc f7 81 | SIG_R 5c 08 4c 7c a4 ce 7a 4e 55 30 30 25 04 52 cd 4a | SIG_R 89 39 3a 8d 03 ed 71 63 3e 90 1b c5 ce 46 e4 3a | SIG_R 4a 08 4a e3 80 dc fe 9c 63 66 77 27 e4 c2 ec 7b | SIG_R 38 c7 eb 2b 58 49 dc cb 59 6e 91 14 d0 79 61 c5 | SIG_R f8 b0 92 ae 21 36 9e 71 50 d3 c3 2c 1c 95 f2 b6 | SIG_R da 28 b3 cd 90 4a 94 95 4b bb e0 e8 a8 be 06 08 | SIG_R a0 ca f3 72 9a 03 c7 84 80 0d 66 26 b6 52 66 0b | SIG_R 03 01 a0 61 7b b6 46 b7 6d b8 39 a7 93 ee 69 e7 | SIG_R 76 11 fc 0f 6f 01 e7 a7 ab e3 a5 9e f3 2b 7c ed | SIG_R 7e 58 c9 01 84 67 2f 61 ef 97 ad d9 55 4b f1 de | SIG_R 38 f9 ea 2e ae f0 99 4b f0 ac 27 0c 4b 9a 59 a3 | emitting length of ISAKMP Signature Payload: 388 | emitting 12 zero bytes of encryption padding into ISAKMP Message | no IKEv1 message padding required | emitting length of ISAKMP Message: 1884 | FOR_EACH_CONNECTION_... in ISAKMP_SA_established | complete v1 state transition with STF_OK | [RE]START processing: state #3 connection "east-any"[2] 192.1.3.209 from 192.1.3.209:500 (in complete_v1_state_transition() at ikev1.c:2673) | #3 is idle | doing_xauth:yes, t_xauth_client_done:no | IKEv1: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3 | parent state #3: MAIN_R2(open IKE SA) => MAIN_R3(established IKE SA) | event_already_set, deleting event | state #3 requesting EVENT_RETRANSMIT to be deleted | #3 STATE_MAIN_R3: retransmits: cleared | libevent_free: release ptr-libevent@0x561d264435f8 | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f24fc004218 | sending reply packet to 192.1.3.209:500 (from 192.1.2.23:500) | sending 1884 bytes for STATE_MAIN_R2 through eth1 from 192.1.2.23:500 to 192.1.3.209:500 (using #3) | 73 37 a3 72 2c 29 3b a5 bd ee 07 08 d4 7a e6 57 | 05 10 02 01 00 00 00 00 00 00 07 5c 2d 17 7a f7 | 8a aa ff 72 2c be c1 8d 24 a4 ad 01 37 d1 32 8b | 53 fc 93 c0 7c 2a 71 34 e5 84 61 fd ad 8d df f7 | 0d 2b 2b 2a 8a fd a0 c2 c4 ab fc 11 3f 38 d9 aa | db d9 f6 a5 80 fb f0 66 79 9f 97 71 ef b3 79 a6 | d8 6e 9d 70 19 27 89 db de 16 ee af f2 84 d5 80 | 0e ec 95 40 e4 dc c7 4e bd 46 03 e3 ab ea 5e 20 | 4c e6 88 98 f9 3c c1 11 20 06 31 46 19 ee 81 43 | 15 a6 1e b2 71 81 cd f7 5a ea 90 ac 51 1b 60 bf | 46 a5 74 15 90 42 4b b7 f0 06 86 c9 9b e9 17 46 | ea 5c 6d a3 88 d5 45 bd 0f 75 39 d9 f8 c3 26 71 | d3 34 33 f8 16 fa d4 a3 da 8d 0c a3 9d 2a 52 7c | 7d 76 5b 85 ae 9e 8e 61 62 7a ca 71 38 e5 f8 8a | 12 08 98 2e 1c 7f 43 3d a8 e0 0b 20 2f a3 d9 8c | 68 1f 02 2f 3c 59 21 32 34 50 96 e7 17 6f 7b 8f | 1e 25 eb 32 c4 28 9d d6 b4 0b 62 93 30 59 d6 3b | 88 25 a1 35 cd c5 c2 e7 37 90 a5 ab 43 0d a7 f7 | 2e a4 70 70 b3 40 48 b9 45 ae 11 97 91 d1 fb 61 | 0b 5d c8 64 b3 bc af 88 d6 5e 45 b5 b9 a3 00 bd | 8c ce 7a b7 3d 52 c1 6f ee 0d 37 9f 0c 4c 41 af | f0 bf 4f 90 c9 be 5a 0c 6f cd 35 e3 f0 7c 39 66 | 7a 9d 17 1b 27 bc 7c e1 9c 51 fd 1c 70 09 fa 23 | c0 3a 64 22 c9 8a 63 51 9c 08 2e 41 9a 78 1b a9 | 51 34 e4 42 e0 cd b8 66 5b e1 e1 31 25 2e b2 78 | e0 d4 2d b8 15 5f af 7a 53 82 c0 81 9b f4 4f 1d | bc f8 a0 bd c3 08 bf f1 0e 92 d8 5b 1f cc 8a da | 45 52 2b aa 6b 96 e6 f7 e5 0e 95 15 76 81 62 94 | 6c 2e 1b 9b d4 cc 66 2d a5 2a a6 45 5b cf 93 5b | f9 40 f7 d4 67 75 f5 c2 31 1b a9 a7 ca 14 fb ee | 32 01 b3 4c 40 98 16 d6 28 a1 21 c1 b6 b2 74 76 | 2f de d3 70 25 ef 53 4d 67 be 5f 2e 44 10 af 14 | be 17 b1 97 2d 3c 20 b0 fc 3e 4c 0a d7 93 ba 4f | 39 a5 c2 97 43 66 ec 2f a1 66 39 ce 13 7f 4d 53 | a6 a7 87 d0 c6 7d 44 c1 fe ed ae ce a2 78 37 bb | 1e e4 34 e5 7d c0 62 16 bd e4 b8 68 f0 ff f9 a4 | 36 18 5e a8 a8 68 6b 66 9d 99 f5 05 f1 56 a2 f2 | 70 e4 0c 8f d9 78 1e 68 9c e5 52 7f 0a 58 f8 41 | 83 71 0b 94 9f 72 b2 c8 8e 66 60 db 8a 9f 71 85 | a1 7a 6d 04 ab 5a 3f 79 3c a3 7e 9c f6 7f 5e 51 | f2 98 6f 3f ce 97 cb 2c 00 c0 88 cf 21 91 75 88 | 7a ff ac da 1e ce d6 7f 6b 41 13 91 42 68 45 4d | 00 a7 fa 46 2e a6 70 49 44 7d 5f 59 59 21 10 95 | 4d 31 35 10 13 c6 38 70 2a 9e 40 5f a2 d9 16 9c | 84 10 73 ec 14 a4 1b c1 3a 2f fc 40 06 6f a1 85 | 60 fe b1 97 4a a5 21 88 3a 4c 25 31 14 5b 65 97 | 4c 12 b5 53 30 c8 e4 cf 4e 64 7e d2 e3 64 b2 99 | aa 67 64 89 81 4b f8 9e fb 27 1f 8b 04 c9 12 16 | 90 07 a6 28 61 ef cf ac f4 63 ed 1f ad aa 66 a8 | ed f7 8e 34 ab a6 a8 7b f3 02 5f 54 dc 71 4e 44 | 25 09 09 62 08 6a 41 0d 26 13 66 82 8d 3e 1a 12 | 54 6b 55 95 b9 31 56 0c 6a 2c e2 6d 52 9d 84 8d | 63 3f 56 3a 7c 08 c6 80 b3 75 d2 c3 eb 9e 43 d1 | 05 c4 53 61 0f 89 4a fb e4 68 f0 e8 e6 67 38 2f | 80 0a 91 cd 20 3c 13 aa 88 28 35 16 e5 20 0a bd | db 62 47 3d 6b fd 9f 55 28 8c b6 ce 4f 15 d0 b2 | e2 b2 6b e9 c9 1a 56 75 db 0d 8e 02 60 53 c6 e4 | 81 24 8f 58 7b 3c 4f cf ed d1 4f ff 6d 44 b4 1a | cb bc 76 67 af 69 e3 8d 64 85 a1 ef cc 87 05 90 | c4 77 1b b8 fe fa 2d e5 28 87 5d 29 22 2a b0 70 | db ca 68 d0 3a 5f ae 2a 76 5a 03 8d 8f fd 5c ea | dc 39 cd 67 3f 46 6f 12 e0 f8 95 90 32 b5 b7 b9 | 9c ad b5 66 d9 f5 99 fd f7 67 7e e0 81 d2 1d ce | c2 17 e3 90 c1 d0 ca ba f4 61 b4 b1 49 dc a7 f5 | bd b3 e9 50 dd 70 d5 69 17 94 dc 61 44 e7 64 39 | 72 52 fd 5e ed 2d b8 f6 cc 62 16 ac 1b 54 07 3e | 41 20 b6 f5 db 15 d2 4c 66 dc 70 55 08 14 6f aa | 7f 83 2b 95 8b b0 41 d5 21 da b3 8b ee 73 ef 71 | a0 a5 10 4a b1 7e 55 74 87 90 65 dd 89 bc 1b e8 | 85 11 2a 8f 29 98 c9 1f 70 3d d3 4c df c0 ac bf | 13 65 18 f7 45 2f db 88 48 68 8a 1b 82 47 93 b3 | 94 23 41 d6 ed 1f 9d d5 38 7f c9 8e ce cc ff 6b | e2 b6 df a1 ba 6e 00 7b d0 b9 46 86 fc a1 39 d6 | 45 9a b6 54 40 6e 5f 14 db bb 1d 2d a9 5a 39 e1 | 47 57 24 00 20 a2 16 fa 2f 64 c7 fc 51 28 55 b9 | 92 dc dc a3 2f 1c 19 c5 15 c1 2f 5d 59 1b 97 bd | fa ae 34 7d 0f ee 17 2f 83 33 9e f3 2d a9 0c 60 | 67 b9 fb be 3c 27 d2 12 fb 18 28 80 2c c3 91 70 | f3 d0 b4 93 be 6c cd 67 4a 7e 03 a8 84 b0 ff 9d | a6 2d 59 3a 19 df 92 fd 28 49 db 60 72 1f c5 68 | 5b 64 35 67 4f b4 79 61 d5 2a 95 2c 30 ac 2d 47 | a7 52 34 21 9a 7d 00 87 7c 00 ef d0 dd bc c0 f5 | d2 cd 32 aa 6b aa 68 f7 f0 d0 cc fd 52 77 0d b6 | 86 ab 0a 63 1a cf 1b e4 41 a6 a9 4b 2b ae 8c d0 | 7c ba 1f 54 95 32 c0 01 45 bc 02 2f 7c cd 56 89 | 57 1a f4 f0 a6 d6 89 61 e0 c7 a0 03 84 61 1b f2 | 3e 62 2c 22 e7 ea 1f 12 5b 33 9a 4a 27 55 05 8b | 1c 38 a2 40 93 1f a9 02 09 32 2c 50 fa 52 3f 87 | 19 a8 db 70 88 7f 4f a3 6a 35 7e 58 fd ac c7 59 | ad ef 5f 7e 38 32 17 c5 db eb 94 46 56 e6 c2 c3 | ce 50 eb 77 42 a2 9e 2b d1 69 5f ca 42 c7 d2 74 | b9 f7 1b 07 e3 fc 23 f3 7d 74 11 c3 f6 8f d9 c4 | 69 15 0d a8 97 01 5c e4 ec af 2f 37 94 34 4b d6 | 69 f4 be 38 3f e7 d4 20 7b 35 44 15 ba e8 e4 e2 | ad f7 05 d5 77 9b 13 d0 17 c7 3a 16 04 c5 24 9a | 78 21 de fd ea 97 d7 5a d3 61 30 fe 32 a4 f6 76 | 7d 90 d8 b5 06 a0 0f 8d d0 92 89 56 59 38 00 14 | 8a 9f bd 3c 10 8f 16 50 c7 c4 5c 32 46 15 d2 f9 | c2 49 77 f2 c6 c6 20 fe 91 83 12 92 25 3f a8 e3 | f9 d2 b6 91 5d 56 fa 7d ba 1d de 1e 24 0c 88 1d | d6 1f 54 64 dc 65 67 61 3b 7d fe e3 f7 97 c9 c7 | 46 a5 93 d8 dc e7 52 46 35 23 ad 7f 7a bf 96 eb | 62 a8 e4 29 4e fa dc da 7c a9 65 a5 43 7b 9c 54 | 57 78 2c 00 c1 88 34 be 5e e0 04 a2 2d b3 3d 03 | f1 7b 45 3f dd 2b a4 26 87 fc b9 17 c5 89 1e eb | 0f 96 4e 11 25 34 27 bb da e8 97 2f 3b c5 cf 91 | b8 9b 09 82 5a 41 b1 19 26 df 54 94 69 40 a2 5f | f6 d1 f4 29 b1 df 1b 65 a8 4f 40 ff 3c e6 11 b4 | 66 52 25 81 cd 0e d8 bc b5 d2 37 db 33 70 4f 8e | cb 99 96 ec 42 a7 3b c9 23 49 30 3a 02 23 1d 52 | f2 81 fe 3d 2d b0 30 35 a4 6c 34 d4 05 cd 0e f3 | 93 15 6e 27 8b 71 b7 d9 cd ef ed c1 df 5b d0 89 | cf 29 18 9a d8 a4 8e 08 05 2a 34 ca b4 8b ec d5 | 07 76 36 29 b5 60 64 de 20 60 bd 78 0f 71 3c ea | e1 dc 84 62 71 8b a1 58 f7 60 5a c7 fa f2 a0 e5 | cd fb 97 73 8a d3 48 eb 34 c9 9d 89 48 8a 0f 92 | 37 7a 8c 72 35 b6 c6 71 95 d5 87 e0 9f 92 e5 6d | 95 bb 62 e5 a4 66 c1 a8 a1 c0 0c f5 | !event_already_set at reschedule | event_schedule: new EVENT_SA_REPLACE-pe@0x7f24fc004218 | inserting event EVENT_SA_REPLACE, timeout in 3330 seconds for #3 | libevent_malloc: new ptr-libevent@0x561d2644cea8 size 128 | pstats #3 ikev1.isakmp established "east-any"[2] 192.1.3.209 #3: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=RSA_SIG cipher=AES_CBC_256 integ=HMAC_SHA2_256 group=MODP2048} | DPD: dpd_init() called on ISAKMP SA | DPD: Peer supports Dead Peer Detection | DPD: not initializing DPD because DPD is disabled locally | XAUTH: Sending XAUTH Login/Password Request | event_schedule: new EVENT_v1_SEND_XAUTH-pe@0x561d2644a7f8 | inserting event EVENT_v1_SEND_XAUTH, timeout in 0.08 seconds for #3 | libevent_malloc: new ptr-libevent@0x561d26441e38 size 128 | #3 spent 9.3 milliseconds | #3 spent 11.1 milliseconds in process_packet_tail() | stop processing: from 192.1.3.209:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #3 connection "east-any"[2] 192.1.3.209 from 192.1.3.209:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 11.4 milliseconds in comm_handle_cb() reading and processing packet | timer_event_cb: processing event@0x561d2644a7f8 | handling event EVENT_v1_SEND_XAUTH for parent state #3 | start processing: state #3 connection "east-any"[2] 192.1.3.209 from 192.1.3.209:500 (in timer_event_cb() at timer.c:250) | XAUTH: event EVENT_v1_SEND_XAUTH #3 STATE_MAIN_R3 "east-any"[2] 192.1.3.209 #3: XAUTH: Sending Username/Password request (MAIN_R3->XAUTH_R0) | parent state #3: MAIN_R3(established IKE SA) => XAUTH_R0(established IKE SA) | **emit ISAKMP Message: | initiator cookie: | 73 37 a3 72 2c 29 3b a5 | responder cookie: | bd ee 07 08 d4 7a e6 57 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_MODE_CFG (0x6) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 2423721247 (0x90770d1f) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'xauth_buf' | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload | emitting length of ISAKMP Hash Payload: 36 | ***emit ISAKMP Mode Attribute: | next payload type: ISAKMP_NEXT_NONE (0x0) | Attr Msg Type: ISAKMP_CFG_REQUEST (0x1) | Identifier: 0 (0x0) | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Mode Attribute (14:ISAKMP_NEXT_MODECFG) | next payload chain: saving location 'ISAKMP Mode Attribute'.'next payload type' in 'xauth_buf' | ****emit ISAKMP ModeCfg attribute: | ModeCfg attr type: XAUTH-USER-NAME (0x4089) | length/value: 0 (0x0) | emitting length of ISAKMP ModeCfg attribute: 0 | ****emit ISAKMP ModeCfg attribute: | ModeCfg attr type: XAUTH-USER-PASSWORD (0x408a) | length/value: 0 (0x0) | emitting length of ISAKMP ModeCfg attribute: 0 | no IKEv1 message padding required | emitting length of ISAKMP Mode Attribute: 16 | XAUTH: send request HASH(1): | 20 2b bb 61 b5 fa 60 eb be 11 54 41 77 53 ad 7f | 9e a9 c3 ac fb 73 70 86 0a a9 d6 1f 02 b8 d3 65 | no IKEv1 message padding required | emitting length of ISAKMP Message: 80 | emitting 12 zero bytes of encryption padding into ISAKMP Message | no IKEv1 message padding required | emitting length of ISAKMP Message: 92 | sending 92 bytes for XAUTH: req through eth1 from 192.1.2.23:500 to 192.1.3.209:500 (using #3) | 73 37 a3 72 2c 29 3b a5 bd ee 07 08 d4 7a e6 57 | 08 10 06 01 90 77 0d 1f 00 00 00 5c 4e 43 71 9a | 67 8e ea 84 d3 ed 7b 94 18 c3 8e 12 a3 0d 12 c1 | 35 3b 2f e9 f0 35 f8 29 5a d2 88 4b 59 29 d3 75 | cf e5 4b 77 05 ec 73 28 61 cd 9b c5 2c ef 40 30 | 18 f7 49 09 02 f5 a6 e8 45 84 70 ae | state #3 requesting EVENT_SA_REPLACE to be deleted | libevent_free: release ptr-libevent@0x561d2644cea8 | free_event_entry: release EVENT_SA_REPLACE-pe@0x7f24fc004218 | event_schedule: new EVENT_RETRANSMIT-pe@0x7f24fc004218 | inserting event EVENT_RETRANSMIT, timeout in 15 seconds for #3 | libevent_malloc: new ptr-libevent@0x561d2645a2a8 size 128 | #3 STATE_XAUTH_R0: retransmits: first event in 15 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 29856.940489 | libevent_free: release ptr-libevent@0x561d26441e38 | free_event_entry: release EVENT_v1_SEND_XAUTH-pe@0x561d2644a7f8 | #3 spent 0.283 milliseconds in timer_event_cb() EVENT_v1_SEND_XAUTH | stop processing: state #3 connection "east-any"[2] 192.1.3.209 from 192.1.3.209:500 (in timer_event_cb() at timer.c:557) | spent 0.00251 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 108 bytes from 192.1.3.209:500 on eth1 (192.1.2.23:500) | 73 37 a3 72 2c 29 3b a5 bd ee 07 08 d4 7a e6 57 | 08 10 06 01 90 77 0d 1f 00 00 00 6c b4 83 e2 93 | 32 89 6c 10 81 f8 76 fa 67 45 6a e4 1d c9 56 0a | 05 7c e8 9a eb f0 e9 e3 2c e5 25 17 06 4c 26 f2 | c9 31 53 af de 96 af 19 ae 3a 92 80 f4 8c 51 0a | 6c fc 2a 76 31 1f 7d ce ad 6c b1 e4 7e 6e 71 eb | a8 0d 8f 61 2d 83 e0 79 83 0c f6 33 | start processing: from 192.1.3.209:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 73 37 a3 72 2c 29 3b a5 | responder cookie: | bd ee 07 08 d4 7a e6 57 | next payload type: ISAKMP_NEXT_HASH (0x8) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_MODE_CFG (0x6) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 2423721247 (0x90770d1f) | length: 108 (0x6c) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_MODE_CFG (6) | peer and cookies match on #3; msgid=90770d1f st_msgid=00000000 st_msgid_phase15=90770d1f | p15 state object #3 found, in STATE_XAUTH_R0 | State DB: found IKEv1 state #3 in XAUTH_R0 (find_v1_info_state) | start processing: state #3 connection "east-any"[2] 192.1.3.209 from 192.1.3.209:500 (in process_v1_packet() at ikev1.c:1802) | #3 is idle | #3 idle | received encrypted packet from 192.1.3.209:500 | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x4100 opt: 0x2000 | ***parse ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_MODECFG (0xe) | length: 36 (0x24) | got payload 0x4000 (ISAKMP_NEXT_MODECFG) needed: 0x4000 opt: 0x2000 | ***parse ISAKMP Mode Attribute: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 29 (0x1d) | Attr Msg Type: ISAKMP_CFG_REPLY (0x2) | Identifier: 0 (0x0) | removing 15 bytes of padding | xauth_inR0 HASH(1): | d8 7a 32 4d ca a2 eb d4 20 c6 63 41 39 3b 5a 42 | 8a e6 25 f2 6e 83 b2 3a 0d 29 67 32 8c 2e 3b 00 | received 'xauth_inR0' message HASH(1) data ok | ****parse ISAKMP ModeCfg attribute: | ModeCfg attr type: XAUTH-USER-NAME (0x4089) | length/value: 5 (0x5) | ****parse ISAKMP ModeCfg attribute: | ModeCfg attr type: XAUTH-USER-PASSWORD (0x408a) | length/value: 8 (0x8) | state #3 requesting EVENT_RETRANSMIT to be deleted | #3 STATE_XAUTH_R0: retransmits: cleared | libevent_free: release ptr-libevent@0x561d2645a2a8 | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f24fc004218 "east-any"[2] 192.1.3.209 #3: XAUTH: authentication method 'always ok' requested to authenticate user 'xroad' | scheduling resume xauth immediate for #3 | libevent_malloc: new ptr-libevent@0x561d26441e38 size 128 | complete v1 state transition with STF_SUSPEND | [RE]START processing: state #3 connection "east-any"[2] 192.1.3.209 from 192.1.3.209:500 (in complete_v1_state_transition() at ikev1.c:2648) | suspending state #3 and saving MD | #3 is busy; has a suspended MD | #3 spent 0.0442 milliseconds in process_packet_tail() | stop processing: from 192.1.3.209:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #3 connection "east-any"[2] 192.1.3.209 from 192.1.3.209:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.194 milliseconds in comm_handle_cb() reading and processing packet | processing resume xauth immediate for #3 | start processing: state #3 connection "east-any"[2] 192.1.3.209 from 192.1.3.209:500 (in resume_handler() at server.c:797) "east-any"[2] 192.1.3.209 #3: XAUTH: User xroad: Authentication Successful | **emit ISAKMP Message: | initiator cookie: | 73 37 a3 72 2c 29 3b a5 | responder cookie: | bd ee 07 08 d4 7a e6 57 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_MODE_CFG (0x6) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 328887528 (0x139a6ce8) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'xauth_buf' | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload | emitting length of ISAKMP Hash Payload: 36 | ***emit ISAKMP Mode Attribute: | next payload type: ISAKMP_NEXT_NONE (0x0) | Attr Msg Type: ISAKMP_CFG_SET (0x3) | Identifier: 0 (0x0) | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Mode Attribute (14:ISAKMP_NEXT_MODECFG) | next payload chain: saving location 'ISAKMP Mode Attribute'.'next payload type' in 'xauth_buf' | ****emit ISAKMP ModeCfg attribute: | ModeCfg attr type: AF+XAUTH-STATUS (0xc08f) | length/value: 1 (0x1) | no IKEv1 message padding required | emitting length of ISAKMP Mode Attribute: 12 | XAUTH: status HASH(1): | d6 d7 b7 0e 85 0a bd a9 b7 de 75 a0 9c c5 1d e2 | 4e 18 5a 81 f1 c6 24 6d 5f 9b 35 3d f2 34 b7 84 | no IKEv1 message padding required | emitting length of ISAKMP Message: 76 | no IKEv1 message padding required | emitting length of ISAKMP Message: 76 | event_schedule: new EVENT_RETRANSMIT-pe@0x7f24fc004218 | inserting event EVENT_RETRANSMIT, timeout in 15 seconds for #3 | libevent_malloc: new ptr-libevent@0x561d2644cea8 size 128 | #3 STATE_XAUTH_R0: retransmits: first event in 15 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 29856.9431 | sending 76 bytes for XAUTH: status through eth1 from 192.1.2.23:500 to 192.1.3.209:500 (using #3) | 73 37 a3 72 2c 29 3b a5 bd ee 07 08 d4 7a e6 57 | 08 10 06 01 13 9a 6c e8 00 00 00 4c f4 85 26 5d | 7c 43 c8 78 e3 f9 44 bc 7f da 86 22 2d 3f ca 0b | e4 56 72 62 b3 4b 26 95 70 b3 e6 2f 33 33 08 ea | c5 ca c1 2a d8 49 8c d6 51 f7 99 8c | parent state #3: XAUTH_R0(established IKE SA) => XAUTH_R1(established IKE SA) | resume xauth immediate for #3 suppresed complete_v1_state_transition() | #3 spent 0.147 milliseconds in resume xauth immediate | stop processing: state #3 connection "east-any"[2] 192.1.3.209 from 192.1.3.209:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x561d26441e38 | spent 0.00177 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 76 bytes from 192.1.3.209:500 on eth1 (192.1.2.23:500) | 73 37 a3 72 2c 29 3b a5 bd ee 07 08 d4 7a e6 57 | 08 10 06 01 13 9a 6c e8 00 00 00 4c eb 91 ce 10 | d1 7e e1 90 ba b0 7e 9f 81 a4 98 7b 50 81 9c 38 | a0 b5 e4 d5 01 6f a5 c1 57 0f 2a 8c d9 62 04 47 | b8 67 2d 66 b2 36 f2 66 82 2e a6 6a | start processing: from 192.1.3.209:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 73 37 a3 72 2c 29 3b a5 | responder cookie: | bd ee 07 08 d4 7a e6 57 | next payload type: ISAKMP_NEXT_HASH (0x8) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_MODE_CFG (0x6) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 328887528 (0x139a6ce8) | length: 76 (0x4c) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_MODE_CFG (6) | peer and cookies match on #3; msgid=139a6ce8 st_msgid=00000000 st_msgid_phase15=139a6ce8 | p15 state object #3 found, in STATE_XAUTH_R1 | State DB: found IKEv1 state #3 in XAUTH_R1 (find_v1_info_state) | start processing: state #3 connection "east-any"[2] 192.1.3.209 from 192.1.3.209:500 (in process_v1_packet() at ikev1.c:1802) | #3 is idle | #3 idle | received encrypted packet from 192.1.3.209:500 | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x4100 opt: 0x2000 | ***parse ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_MODECFG (0xe) | length: 36 (0x24) | got payload 0x4000 (ISAKMP_NEXT_MODECFG) needed: 0x4000 opt: 0x2000 | ***parse ISAKMP Mode Attribute: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 12 (0xc) | Attr Msg Type: ISAKMP_CFG_ACK (0x4) | Identifier: 0 (0x0) | xauth_inR1 HASH(1): | 48 84 f8 e1 c1 96 d5 de 5f 0a 84 05 b5 9a 34 7a | f3 2e 89 90 bc b6 6c 3d fa fd 69 1f d0 2c 3d 52 | received 'xauth_inR1' message HASH(1) data ok "east-any"[2] 192.1.3.209 #3: XAUTH: xauth_inR1(STF_OK) | modecfg server, pull mode. Starting new exchange. | complete v1 state transition with STF_OK | [RE]START processing: state #3 connection "east-any"[2] 192.1.3.209 from 192.1.3.209:500 (in complete_v1_state_transition() at ikev1.c:2673) | #3 is idle | doing_xauth:no, t_xauth_client_done:no | IKEv1: transition from state STATE_XAUTH_R1 to state STATE_MAIN_R3 | parent state #3: XAUTH_R1(established IKE SA) => MAIN_R3(established IKE SA) | event_already_set, deleting event | state #3 requesting EVENT_RETRANSMIT to be deleted | #3 STATE_MAIN_R3: retransmits: cleared | libevent_free: release ptr-libevent@0x561d2644cea8 | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f24fc004218 | !event_already_set at reschedule | event_schedule: new EVENT_SA_REPLACE-pe@0x7f24fc004218 | inserting event EVENT_SA_REPLACE, timeout in 3330 seconds for #3 | libevent_malloc: new ptr-libevent@0x561d26441e38 size 128 | pstats #3 ikev1.isakmp established "east-any"[2] 192.1.3.209 #3: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=RSA_SIG cipher=AES_CBC_256 integ=HMAC_SHA2_256 group=MODP2048} | DPD: dpd_init() called on ISAKMP SA | DPD: Peer supports Dead Peer Detection | DPD: not initializing DPD because DPD is disabled locally | modecfg pull: noquirk policy:pull not-client | phase 1 is done, looking for phase 2 to unpend | #3 spent 0.0591 milliseconds in process_packet_tail() | stop processing: from 192.1.3.209:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #3 connection "east-any"[2] 192.1.3.209 from 192.1.3.209:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.182 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00135 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 108 bytes from 192.1.3.209:500 on eth1 (192.1.2.23:500) | 73 37 a3 72 2c 29 3b a5 bd ee 07 08 d4 7a e6 57 | 08 10 06 01 4e c8 9c bc 00 00 00 6c 9c 8b 3d 75 | 79 db 9b 68 4a fc 0b cf 88 a1 06 75 bc 99 34 bc | 5b 61 1d b6 25 47 c6 16 c8 11 47 52 c9 d7 e6 f0 | 3e 82 17 54 aa 27 8e 71 67 c0 a6 0a af 6c 86 30 | 94 20 e8 dd 39 5d 36 92 79 b4 ae 43 df 82 8e ba | db 1a 16 9d bf 8e 88 51 4f b9 1c 80 | start processing: from 192.1.3.209:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 73 37 a3 72 2c 29 3b a5 | responder cookie: | bd ee 07 08 d4 7a e6 57 | next payload type: ISAKMP_NEXT_HASH (0x8) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_MODE_CFG (0x6) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 1321770172 (0x4ec89cbc) | length: 108 (0x6c) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_MODE_CFG (6) | peer and cookies match on #3; msgid=4ec89cbc st_msgid=00000000 st_msgid_phase15=00000000 | State DB: IKEv1 state not found (find_v1_info_state) | No appropriate Mode Config state yet. See if we have a Main Mode state | peer and cookies match on #3; msgid=00000000 st_msgid=00000000 st_msgid_phase15=00000000 | p15 state object #3 found, in STATE_MAIN_R3 | State DB: found IKEv1 state #3 in MAIN_R3 (find_v1_info_state) | start processing: state #3 connection "east-any"[2] 192.1.3.209 from 192.1.3.209:500 (in process_v1_packet() at ikev1.c:1678) | processing received isakmp_xchg_type ISAKMP_XCHG_MODE_CFG. | this is a xauthserver modecfgserver | call init_phase2_iv | set from_state to STATE_MAIN_R3 this is modecfgserver and IS_PHASE1() is TRUE | #3 is idle | #3 idle | received encrypted packet from 192.1.3.209:500 | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x4100 opt: 0x2000 | ***parse ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_MODECFG (0xe) | length: 36 (0x24) | got payload 0x4000 (ISAKMP_NEXT_MODECFG) needed: 0x4000 opt: 0x2000 | ***parse ISAKMP Mode Attribute: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 32 (0x20) | Attr Msg Type: ISAKMP_CFG_REQUEST (0x1) | Identifier: 0 (0x0) | removing 12 bytes of padding | modecfg_inR0 HASH(1): | 79 4c 02 62 47 df f6 d2 68 73 48 d5 ac fa 62 57 | 4d bc 0e 8d 3a 29 db 6b 35 ec 36 ec d8 e2 94 9c | received 'modecfg_inR0' message HASH(1) data ok | **emit ISAKMP Message: | initiator cookie: | 73 37 a3 72 2c 29 3b a5 | responder cookie: | bd ee 07 08 d4 7a e6 57 | next payload type: ISAKMP_NEXT_HASH (0x8) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_MODE_CFG (0x6) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 1321770172 (0x4ec89cbc) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | next payload chain: ignoring supplied 'ISAKMP Message'.'next payload type' value 8:ISAKMP_NEXT_HASH | arrived in modecfg_inR0 | ****parse ISAKMP ModeCfg attribute: | ModeCfg attr type: INTERNAL_IP4_ADDRESS (0x1) | length/value: 0 (0x0) | ****parse ISAKMP ModeCfg attribute: | ModeCfg attr type: INTERNAL_IP4_NETMASK (0x2) | length/value: 0 (0x0) | ****parse ISAKMP ModeCfg attribute: | ModeCfg attr type: INTERNAL_IP4_DNS (0x3) | length/value: 0 (0x0) | ****parse ISAKMP ModeCfg attribute: | ModeCfg attr type: MODECFG_BANNER (0x7000) | length/value: 0 (0x0) | Unsupported modecfg (CFG_REQUEST) long attribute MODECFG_BANNER received. | ****parse ISAKMP ModeCfg attribute: | ModeCfg attr type: MODECFG_DOMAIN (0x7002) | length/value: 0 (0x0) | Unsupported modecfg (CFG_REQUEST) long attribute MODECFG_DOMAIN received. | ****parse ISAKMP ModeCfg attribute: | ModeCfg attr type: CISCO_SPLIT_INC (0x7004) | length/value: 0 (0x0) | Unsupported modecfg (CFG_REQUEST) long attribute CISCO_SPLIT_INC received. | ***emit ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'reply packet' | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload | emitting length of ISAKMP Hash Payload: 36 | ***emit ISAKMP Mode Attribute: | next payload type: ISAKMP_NEXT_NONE (0x0) | Attr Msg Type: ISAKMP_CFG_REPLY (0x2) | Identifier: 0 (0x0) | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Mode Attribute (14:ISAKMP_NEXT_MODECFG) | next payload chain: saving location 'ISAKMP Mode Attribute'.'next payload type' in 'reply packet' | request lease from addresspool 192.0.2.100-192.0.2.200 reference count 3 thatid 'xroad' that.client.addr 192.1.3.209 | addresspool can share this lease | in share_lease: no lingering addresspool lease for 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=road.testing.libreswan.org, E=user-road@testing.libreswan.org' | addresspool can share this lease | New lease from addresspool index 1 | new lease 192.0.2.101 from addresspool 192.0.2.100-192.0.2.200 to that.client.addr 192.1.3.209 thatid 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=road.testing.libreswan.org, E=user-road@testing.libreswan.org' | ****emit ISAKMP ModeCfg attribute: | ModeCfg attr type: INTERNAL_IP4_ADDRESS (0x1) | emitting 4 raw bytes of IP_addr into ISAKMP ModeCfg attribute | IP_addr c0 00 02 65 | emitting length of ISAKMP ModeCfg attribute: 4 | ****emit ISAKMP ModeCfg attribute: | ModeCfg attr type: INTERNAL_IP4_NETMASK (0x2) | emitting 4 raw bytes of IP4_submsk into ISAKMP ModeCfg attribute | IP4_submsk ff ff ff 00 | emitting length of ISAKMP ModeCfg attribute: 4 | ****emit ISAKMP ModeCfg attribute: | ModeCfg attr type: INTERNAL_IP4_DNS (0x3) | emitting 4 raw bytes of IP4_dns into ISAKMP ModeCfg attribute | IP4_dns 01 02 03 04 | emitting length of ISAKMP ModeCfg attribute: 4 | ****emit ISAKMP ModeCfg attribute: | ModeCfg attr type: INTERNAL_IP4_DNS (0x3) | emitting 4 raw bytes of IP4_dns into ISAKMP ModeCfg attribute | IP4_dns 05 06 07 08 | emitting length of ISAKMP ModeCfg attribute: 4 | We are not sending a domain | We are not sending a banner | We are sending our subnet as CISCO_SPLIT_INC | ****emit ISAKMP ModeCfg attribute: | ModeCfg attr type: CISCO_SPLIT_INC (0x7004) | *****emit CISCO split item: | IPv4 address: c0 00 02 00 | IPv4 mask: ff ff ff 00 | emitting length of ISAKMP ModeCfg attribute: 14 | padding IKEv1 message with 2 bytes | emitting 2 zero bytes of message padding into ISAKMP Mode Attribute | emitting length of ISAKMP Mode Attribute: 60 | XAUTH: mode config response HASH(1): | a8 bf 3d f5 88 c7 b9 b1 aa c9 c2 ce 60 39 a1 86 | 27 55 33 77 10 fd 1c dd 24 ab 1f e8 33 a6 70 2c | no IKEv1 message padding required | emitting length of ISAKMP Message: 124 | no IKEv1 message padding required | emitting length of ISAKMP Message: 124 "east-any"[2] 192.1.3.209 #3: modecfg_inR0(STF_OK) | complete v1 state transition with STF_OK | [RE]START processing: state #3 connection "east-any"[2] 192.1.3.209 from 192.1.3.209:500 (in complete_v1_state_transition() at ikev1.c:2673) | #3 is idle | doing_xauth:no, t_xauth_client_done:no | IKEv1: transition from state STATE_MODE_CFG_R0 to state STATE_MODE_CFG_R1 | parent state #3: MAIN_R3(established IKE SA) => MODE_CFG_R1(established IKE SA) | event_already_set, deleting event | state #3 requesting EVENT_SA_REPLACE to be deleted | libevent_free: release ptr-libevent@0x561d26441e38 | free_event_entry: release EVENT_SA_REPLACE-pe@0x7f24fc004218 | sending reply packet to 192.1.3.209:500 (from 192.1.2.23:500) | sending 124 bytes for STATE_MODE_CFG_R0 through eth1 from 192.1.2.23:500 to 192.1.3.209:500 (using #3) | 73 37 a3 72 2c 29 3b a5 bd ee 07 08 d4 7a e6 57 | 08 10 06 01 4e c8 9c bc 00 00 00 7c d5 67 bc ba | 8a 04 51 ac 17 55 8d ae f3 21 00 a4 28 94 b7 d2 | 12 59 7c 93 57 80 58 01 2f d8 c7 31 89 72 88 d2 | 07 58 c2 c3 16 47 52 00 5a 15 cd 89 da a2 d8 ff | 07 9b c6 8a 7c 83 16 5b 94 41 c3 6a ac 90 a5 a6 | ff c6 6c 1f 2b 38 1f 72 f3 c3 d7 e5 8f dd 9c c7 | aa fc 80 bd ec c0 21 40 02 36 35 d1 | !event_already_set at reschedule | event_schedule: new EVENT_SA_REPLACE-pe@0x7f24fc004218 | inserting event EVENT_SA_REPLACE, timeout in 3330 seconds for #3 | libevent_malloc: new ptr-libevent@0x561d264435f8 size 128 | pstats #3 ikev1.isakmp established "east-any"[2] 192.1.3.209 #3: STATE_MODE_CFG_R1: ModeCfg Set sent, expecting Ack {auth=RSA_SIG cipher=AES_CBC_256 integ=HMAC_SHA2_256 group=MODP2048} | DPD: dpd_init() called on ISAKMP SA | DPD: Peer supports Dead Peer Detection | DPD: not initializing DPD because DPD is disabled locally | modecfg pull: noquirk policy:pull not-client | phase 1 is done, looking for phase 2 to unpend | #3 spent 0.256 milliseconds in process_packet_tail() | stop processing: from 192.1.3.209:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #3 connection "east-any"[2] 192.1.3.209 from 192.1.3.209:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.4 milliseconds in comm_handle_cb() reading and processing packet | spent 0.00299 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 476 bytes from 192.1.3.209:500 on eth1 (192.1.2.23:500) | 73 37 a3 72 2c 29 3b a5 bd ee 07 08 d4 7a e6 57 | 08 10 20 01 bb 7c 70 59 00 00 01 dc c0 1b 00 76 | 87 c0 e0 99 7a 23 00 77 0f 83 71 db 26 f7 85 97 | ac 25 5b fd 24 85 9a dd cc 18 1a a9 18 7d a5 30 | 2b 72 ec c9 73 ec 26 48 7d 3f d7 4b e9 e3 e5 3e | bb da 87 2b 9b 6c 9e 17 1e 96 95 ab 1f 53 fd 58 | 5e 18 49 75 82 b1 85 13 27 8c 9d ee 62 a2 8f cc | 31 7f d7 fd 61 57 3b a5 e6 7b 64 01 ae b0 8b 1f | 86 ca 15 2d 94 43 27 1f b1 49 17 3e 12 dd 8b f6 | ca e2 f4 21 d8 6b 8f 23 f5 01 16 40 6d 37 ba a7 | bf 96 82 2c 1c 16 f1 df 68 cc 30 4e 62 81 fb cd | 67 c7 65 8f ad 72 f3 f3 51 4e 9a 94 67 d1 26 d7 | 83 ef 52 56 5f d3 63 a8 32 2b 78 eb 86 43 5c 1a | 7c e5 6e 70 c6 98 83 fe 95 7f 73 6d c1 42 c2 42 | 66 3d c2 da bb 0b c8 06 e4 b3 f8 48 f0 84 b0 ba | 2d 96 b6 f5 de aa 4b 06 ee ae 28 80 67 3f 21 5f | 97 41 d2 9b f0 96 5c e0 c1 58 24 7a 85 76 49 b7 | d9 ca d7 0f 22 62 b5 f9 dc 98 14 80 c8 0b 8b 59 | db 9a 93 59 1b 56 a3 44 ed 3f 8f 80 9f 67 e8 ab | 97 e0 92 f5 fa ca 98 f7 03 c5 6f 03 99 02 00 4c | 52 e6 36 9e 98 66 b5 c1 4a 24 55 84 63 87 97 13 | 35 5f 44 1e 37 92 c2 1e 01 68 c7 4a c4 6a c8 c8 | 1a 16 89 05 d0 ba 39 cb b6 18 61 ae 81 5e 24 c1 | c6 59 84 88 09 08 7c f8 87 93 2f d2 84 9d 34 d3 | 17 dc 9a ac 2b 63 99 31 90 26 bb c4 6d 62 9e de | 72 0c 36 6a 04 4a f7 07 2a bd 59 fd 19 dd ab 33 | 28 e8 8b ac 39 31 70 ee 36 57 0f f4 7c d6 51 bd | 96 f5 66 25 1d c7 37 a4 ed c3 40 6a a1 57 95 cf | 1b 09 32 8f 1b e1 7b da 6c 3d 26 68 68 ee 6d 01 | 82 c4 a0 a6 51 ed 23 0c 87 70 5b e9 | start processing: from 192.1.3.209:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 73 37 a3 72 2c 29 3b a5 | responder cookie: | bd ee 07 08 d4 7a e6 57 | next payload type: ISAKMP_NEXT_HASH (0x8) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_QUICK (0x20) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 3145494617 (0xbb7c7059) | length: 476 (0x1dc) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32) | State DB: IKEv1 state not found (find_state_ikev1) | State DB: found IKEv1 state #3 in MODE_CFG_R1 (find_state_ikev1) | start processing: state #3 connection "east-any"[2] 192.1.3.209 from 192.1.3.209:500 (in process_v1_packet() at ikev1.c:1607) | #3 is idle | #3 idle | received encrypted packet from 192.1.3.209:500 | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x502 opt: 0x200030 | ***parse ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_SA (0x1) | length: 36 (0x24) | got payload 0x2 (ISAKMP_NEXT_SA) needed: 0x402 opt: 0x200030 | ***parse ISAKMP Security Association Payload: | next payload type: ISAKMP_NEXT_NONCE (0xa) | length: 84 (0x54) | DOI: ISAKMP_DOI_IPSEC (0x1) | got payload 0x400 (ISAKMP_NEXT_NONCE) needed: 0x400 opt: 0x200030 | ***parse ISAKMP Nonce Payload: | next payload type: ISAKMP_NEXT_KE (0x4) | length: 36 (0x24) | got payload 0x10 (ISAKMP_NEXT_KE) needed: 0x0 opt: 0x200030 | ***parse ISAKMP Key Exchange Payload: | next payload type: ISAKMP_NEXT_ID (0x5) | length: 260 (0x104) | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030 | ***parse ISAKMP Identification Payload (IPsec DOI): | next payload type: ISAKMP_NEXT_ID (0x5) | length: 12 (0xc) | ID type: ID_IPV4_ADDR (0x1) | Protocol ID: 0 (0x0) | port: 0 (0x0) | obj: c0 00 02 65 | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030 | ***parse ISAKMP Identification Payload (IPsec DOI): | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 16 (0x10) | ID type: ID_IPV4_ADDR_SUBNET (0x4) | Protocol ID: 0 (0x0) | port: 0 (0x0) | obj: c0 00 02 00 ff ff ff 00 | removing 4 bytes of padding | quick_inI1_outR1 HASH(1): | 28 1b 87 73 71 a3 64 9e a9 d0 56 69 e4 66 9f 5d | 90 4b b2 58 ec f9 f3 ee 7a dc d3 4f cd 72 ce 7a | received 'quick_inI1_outR1' message HASH(1) data ok | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address | ID address c0 00 02 65 | peer client is 192.0.2.101/32 | peer client protocol/port is 0/0 | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address | ID address c0 00 02 00 | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID mask | ID mask ff ff ff 00 | our client is subnet 192.0.2.0/24 | our client protocol/port is 0/0 "east-any"[2] 192.1.3.209 #3: the peer proposed: 192.0.2.0/24:0/0 -> 192.0.2.101/32:0/0 | find_client_connection starting with east-any | looking for 192.0.2.0/24:0/0 -> 192.0.2.101/32:0/0 | concrete checking against sr#0 192.0.2.0/24 -> 192.0.2.101/32 | match_id a=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=road.testing.libreswan.org, E=user-road@testing.libreswan.org | b=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=road.testing.libreswan.org, E=user-road@testing.libreswan.org | results matched | fc_try trying east-any:192.0.2.0/24:0/0 -> 192.0.2.101/32:0/0 vs east-any:192.0.2.0/24:0/0 -> 192.0.2.101/32:0/0 | fc_try concluding with east-any [129] | fc_try east-any gives east-any | concluding with d = east-any | client wildcard: no port wildcard: no virtual: no | creating state object #4 at 0x561d264579f8 | State DB: adding IKEv1 state #4 in UNDEFINED | pstats #4 ikev1.ipsec started | duplicating state object #3 "east-any"[2] 192.1.3.209 as #4 for IPSEC SA | #4 setting local endpoint to 192.1.2.23:500 from #3.st_localport (in duplicate_state() at state.c:1484) | suspend processing: state #3 connection "east-any"[2] 192.1.3.209 from 192.1.3.209:500 (in quick_inI1_outR1_tail() at ikev1_quick.c:1295) | start processing: state #4 connection "east-any"[2] 192.1.3.209 from 192.1.3.209:500 (in quick_inI1_outR1_tail() at ikev1_quick.c:1295) | child state #4: UNDEFINED(ignore) => QUICK_R0(established CHILD SA) | ****parse IPsec DOI SIT: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) | ****parse ISAKMP Proposal Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 72 (0x48) | proposal number: 0 (0x0) | protocol ID: PROTO_IPSEC_ESP (0x3) | SPI size: 4 (0x4) | number of transforms: 2 (0x2) | parsing 4 raw bytes of ISAKMP Proposal Payload into SPI | SPI a0 25 d0 03 | *****parse ISAKMP Transform Payload (ESP): | next payload type: ISAKMP_NEXT_T (0x3) | length: 32 (0x20) | ESP transform number: 0 (0x0) | ESP transform ID: ESP_AES (0xc) | ******parse ISAKMP IPsec DOI attribute: | af+type: AF+GROUP_DESCRIPTION (0x8003) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | ******parse ISAKMP IPsec DOI attribute: | af+type: AF+ENCAPSULATION_MODE (0x8004) | length/value: 1 (0x1) | [1 is ENCAPSULATION_MODE_TUNNEL] | NAT-T non-encap: Installing IPsec SA without ENCAP, st->hidden_variables.st_nat_traversal is none | ******parse ISAKMP IPsec DOI attribute: | af+type: AF+SA_LIFE_TYPE (0x8001) | length/value: 1 (0x1) | [1 is SA_LIFE_TYPE_SECONDS] | ******parse ISAKMP IPsec DOI attribute: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) | length/value: 28800 (0x7080) | ******parse ISAKMP IPsec DOI attribute: | af+type: AF+AUTH_ALGORITHM (0x8005) | length/value: 2 (0x2) | [2 is AUTH_ALGORITHM_HMAC_SHA1] | ******parse ISAKMP IPsec DOI attribute: | af+type: AF+KEY_LENGTH (0x8006) | length/value: 128 (0x80) | ESP IPsec Transform verified unconditionally; no alg_info to check against | adding quick_outI1 KE work-order 7 for state #4 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f24f4002b78 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #4 | libevent_malloc: new ptr-libevent@0x561d26459b48 size 128 | complete v1 state transition with STF_SUSPEND | [RE]START processing: state #4 connection "east-any"[2] 192.1.3.209 from 192.1.3.209:500 (in complete_v1_state_transition() at ikev1.c:2648) | crypto helper 6 resuming | suspending state #4 and saving MD | #4 is busy; has a suspended MD | crypto helper 6 starting work-order 7 for state #4 | #3 spent 0.174 milliseconds in process_packet_tail() | stop processing: from 192.1.3.209:500 (BACKGROUND) (in process_md() at demux.c:380) | crypto helper 6 doing build KE and nonce (quick_outI1 KE); request ID 7 | stop processing: state #4 connection "east-any"[2] 192.1.3.209 from 192.1.3.209:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 0.377 milliseconds in comm_handle_cb() reading and processing packet | crypto helper 6 finished build KE and nonce (quick_outI1 KE); request ID 7 time elapsed 0.000686 seconds | (#4) spent 0.693 milliseconds in crypto helper computing work-order 7: quick_outI1 KE (pcr) | crypto helper 6 sending results from work-order 7 for state #4 to event queue | scheduling resume sending helper answer for #4 | libevent_malloc: new ptr-libevent@0x7f24ec003f28 size 128 | crypto helper 6 waiting (nothing to do) | processing resume sending helper answer for #4 | start processing: state #4 connection "east-any"[2] 192.1.3.209 from 192.1.3.209:500 (in resume_handler() at server.c:797) | crypto helper 6 replies to request ID 7 | calling continuation function 0x561d249dab50 | quick_inI1_outR1_cryptocontinue1 for #4: calculated ke+nonce, calculating DH | started looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=road.testing.libreswan.org, E=user-road@testing.libreswan.org of kind PKK_PSK | actually looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=road.testing.libreswan.org, E=user-road@testing.libreswan.org of kind PKK_PSK | line 0: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org) to type PKK_RSA | line 1: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org) to type PKK_RSA | concluding with best_match=000 best=(nil) (lineno=-1) | no PreShared Key Found | adding quick outR1 DH work-order 8 for state #4 | state #4 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x561d26459b48 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f24f4002b78 | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f24f4002b78 | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #4 | libevent_malloc: new ptr-libevent@0x561d26459b48 size 128 | suspending state #4 and saving MD | #4 is busy; has a suspended MD | resume sending helper answer for #4 suppresed complete_v1_state_transition() and stole MD | crypto helper 0 resuming | #4 spent 0.0915 milliseconds in resume sending helper answer | crypto helper 0 starting work-order 8 for state #4 | crypto helper 0 doing compute dh (V1 Phase 2 PFS) (quick outR1 DH); request ID 8 | crypto helper 0 finished compute dh (V1 Phase 2 PFS) (quick outR1 DH); request ID 8 time elapsed 0.000642 seconds | (#4) spent 0.647 milliseconds in crypto helper computing work-order 8: quick outR1 DH (pcr) | crypto helper 0 sending results from work-order 8 for state #4 to event queue | scheduling resume sending helper answer for #4 | libevent_malloc: new ptr-libevent@0x7f25000027d8 size 128 | crypto helper 0 waiting (nothing to do) | stop processing: state #4 connection "east-any"[2] 192.1.3.209 from 192.1.3.209:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f24ec003f28 | processing resume sending helper answer for #4 | start processing: state #4 connection "east-any"[2] 192.1.3.209 from 192.1.3.209:500 (in resume_handler() at server.c:797) | crypto helper 0 replies to request ID 8 | calling continuation function 0x561d249dab50 | quick_inI1_outR1_cryptocontinue2 for #4: calculated DH, sending R1 | **emit ISAKMP Message: | initiator cookie: | 73 37 a3 72 2c 29 3b a5 | responder cookie: | bd ee 07 08 d4 7a e6 57 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_QUICK (0x20) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 3145494617 (0xbb7c7059) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'reply packet' | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload | emitting length of ISAKMP Hash Payload: 36 | ***emit ISAKMP Security Association Payload: | next payload type: ISAKMP_NEXT_NONCE (0xa) | DOI: ISAKMP_DOI_IPSEC (0x1) | next payload chain: ignoring supplied 'ISAKMP Security Association Payload'.'next payload type' value 10:ISAKMP_NEXT_NONCE | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Security Association Payload (1:ISAKMP_NEXT_SA) | next payload chain: saving location 'ISAKMP Security Association Payload'.'next payload type' in 'reply packet' | ****parse IPsec DOI SIT: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) | ****parse ISAKMP Proposal Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 72 (0x48) | proposal number: 0 (0x0) | protocol ID: PROTO_IPSEC_ESP (0x3) | SPI size: 4 (0x4) | number of transforms: 2 (0x2) | parsing 4 raw bytes of ISAKMP Proposal Payload into SPI | SPI a0 25 d0 03 | *****parse ISAKMP Transform Payload (ESP): | next payload type: ISAKMP_NEXT_T (0x3) | length: 32 (0x20) | ESP transform number: 0 (0x0) | ESP transform ID: ESP_AES (0xc) | ******parse ISAKMP IPsec DOI attribute: | af+type: AF+GROUP_DESCRIPTION (0x8003) | length/value: 14 (0xe) | [14 is OAKLEY_GROUP_MODP2048] | ******parse ISAKMP IPsec DOI attribute: | af+type: AF+ENCAPSULATION_MODE (0x8004) | length/value: 1 (0x1) | [1 is ENCAPSULATION_MODE_TUNNEL] | NAT-T non-encap: Installing IPsec SA without ENCAP, st->hidden_variables.st_nat_traversal is none | ******parse ISAKMP IPsec DOI attribute: | af+type: AF+SA_LIFE_TYPE (0x8001) | length/value: 1 (0x1) | [1 is SA_LIFE_TYPE_SECONDS] | ******parse ISAKMP IPsec DOI attribute: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) | length/value: 28800 (0x7080) | ******parse ISAKMP IPsec DOI attribute: | af+type: AF+AUTH_ALGORITHM (0x8005) | length/value: 2 (0x2) | [2 is AUTH_ALGORITHM_HMAC_SHA1] | ******parse ISAKMP IPsec DOI attribute: | af+type: AF+KEY_LENGTH (0x8006) | length/value: 128 (0x80) | ESP IPsec Transform verified unconditionally; no alg_info to check against | ****emit IPsec DOI SIT: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) | ****emit ISAKMP Proposal Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | proposal number: 0 (0x0) | protocol ID: PROTO_IPSEC_ESP (0x3) | SPI size: 4 (0x4) | number of transforms: 1 (0x1) | last substructure: saving location 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' | netlink_get_spi: allocated 0x28189899 for esp.0@192.1.2.23 | emitting 4 raw bytes of SPI into ISAKMP Proposal Payload | SPI 28 18 98 99 | *****emit ISAKMP Transform Payload (ESP): | next payload type: ISAKMP_NEXT_NONE (0x0) | ESP transform number: 0 (0x0) | ESP transform ID: ESP_AES (0xc) | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' | emitting 24 raw bytes of attributes into ISAKMP Transform Payload (ESP) | attributes 80 03 00 0e 80 04 00 01 80 01 00 01 80 02 70 80 | attributes 80 05 00 02 80 06 00 80 | emitting length of ISAKMP Transform Payload (ESP): 32 | emitting length of ISAKMP Proposal Payload: 44 | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' is 0 | emitting length of ISAKMP Security Association Payload: 56 | last substructure: checking 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' is 0 "east-any"[2] 192.1.3.209 #4: responding to Quick Mode proposal {msgid:bb7c7059} "east-any"[2] 192.1.3.209 #4: us: 192.0.2.0/24===192.1.2.23<192.1.2.23>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org,MS+XS+S=C] "east-any"[2] 192.1.3.209 #4: them: 192.1.3.209[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=road.testing.libreswan.org, E=user-road@testing.libreswan.org,+MC+XC+S=C]===192.0.2.101/32 | ***emit ISAKMP Nonce Payload: | next payload type: ISAKMP_NEXT_KE (0x4) | next payload chain: ignoring supplied 'ISAKMP Nonce Payload'.'next payload type' value 4:ISAKMP_NEXT_KE | next payload chain: setting previous 'ISAKMP Security Association Payload'.'next payload type' to current ISAKMP Nonce Payload (10:ISAKMP_NEXT_NONCE) | next payload chain: saving location 'ISAKMP Nonce Payload'.'next payload type' in 'reply packet' | emitting 32 raw bytes of Nr into ISAKMP Nonce Payload | Nr 98 d4 6f 9c 05 cf 8a 66 ed df 16 c5 0a a9 ba 5b | Nr a7 7c 95 eb 1a 32 6c 16 85 bc 45 80 f3 81 8f d1 | emitting length of ISAKMP Nonce Payload: 36 | ***emit ISAKMP Key Exchange Payload: | next payload type: ISAKMP_NEXT_ID (0x5) | next payload chain: ignoring supplied 'ISAKMP Key Exchange Payload'.'next payload type' value 5:ISAKMP_NEXT_ID | next payload chain: setting previous 'ISAKMP Nonce Payload'.'next payload type' to current ISAKMP Key Exchange Payload (4:ISAKMP_NEXT_KE) | next payload chain: saving location 'ISAKMP Key Exchange Payload'.'next payload type' in 'reply packet' | emitting 256 raw bytes of keyex value into ISAKMP Key Exchange Payload | keyex value e1 31 3a 2d 00 3b d3 d3 15 66 05 60 82 3e 29 8c | keyex value 4a 64 10 d5 70 53 8b cd 34 5d 92 d9 19 62 c4 94 | keyex value 3d c7 38 15 47 6f 6e 7f 89 00 88 83 d1 c1 4d 93 | keyex value 97 95 2a 0e 85 0f f2 d1 2f ac 56 7c 3c 54 8a a3 | keyex value ea fa 2e 82 5a 99 82 37 06 36 5a 67 53 fd 4d 36 | keyex value 0c fc 9b 32 76 88 aa 31 47 da 1f 31 15 ee 53 59 | keyex value fd 57 0b bc 62 eb 38 63 c1 e8 da f3 ca e3 7c e9 | keyex value de 26 00 7f b5 1e f1 c8 2c 3c a2 f7 1c d1 aa 94 | keyex value ca 4d 66 84 16 3f 7b 10 3b da e7 07 31 f7 f7 b1 | keyex value fb 02 be cd ce a0 4b b2 87 99 37 f2 8c 0c 1e 0b | keyex value 7f 80 60 93 f7 ca 9e 5f 4e 22 ca a9 82 9d fb ae | keyex value b7 2d 96 a3 c8 85 86 53 96 7f 16 00 d6 9e 1d 87 | keyex value 35 55 8b ca 2b ff 98 fd 5d 14 63 a1 a0 87 30 2c | keyex value 7c 2c 5e 83 37 21 13 62 52 a5 24 c0 5a a6 c6 bc | keyex value 59 9b 24 a0 01 44 4e 78 be 1f f8 f6 ba 87 29 99 | keyex value b3 44 02 b5 d9 a6 c8 a6 96 c7 55 74 62 60 d1 77 | emitting length of ISAKMP Key Exchange Payload: 260 | ***emit ISAKMP Identification Payload (IPsec DOI): | next payload type: ISAKMP_NEXT_ID (0x5) | ID type: ID_IPV4_ADDR (0x1) | Protocol ID: 0 (0x0) | port: 0 (0x0) | next payload chain: ignoring supplied 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' value 5:ISAKMP_NEXT_ID | next payload chain: setting previous 'ISAKMP Key Exchange Payload'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' | emitting 4 raw bytes of ID body into ISAKMP Identification Payload (IPsec DOI) | ID body c0 00 02 65 | emitting length of ISAKMP Identification Payload (IPsec DOI): 12 | ***emit ISAKMP Identification Payload (IPsec DOI): | next payload type: ISAKMP_NEXT_NONE (0x0) | ID type: ID_IPV4_ADDR_SUBNET (0x4) | Protocol ID: 0 (0x0) | port: 0 (0x0) | next payload chain: setting previous 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' | emitting 8 raw bytes of ID body into ISAKMP Identification Payload (IPsec DOI) | ID body c0 00 02 00 ff ff ff 00 | emitting length of ISAKMP Identification Payload (IPsec DOI): 16 | quick inR1 outI2 HASH(2): | eb d8 db bf c8 f7 93 e6 45 e7 a6 23 f1 3f ed ea | 5f d2 15 3e 3f 80 f3 20 ce df ce c5 f5 0d 95 78 | compute_proto_keymat: needed_len (after ESP enc)=16 | compute_proto_keymat: needed_len (after ESP auth)=36 | FOR_EACH_CONNECTION_... in route_owner | conn east-any mark 0/00000000, 0/00000000 vs | conn east-any mark 0/00000000, 0/00000000 | conn east-any mark 0/00000000, 0/00000000 vs | conn east-any mark 0/00000000, 0/00000000 | conn east-any mark 0/00000000, 0/00000000 vs | conn east-any mark 0/00000000, 0/00000000 | route owner of "east-any"[2] 192.1.3.209 unrouted: NULL | install_inbound_ipsec_sa() checking if we can route | could_route called for east-any (kind=CK_INSTANCE) | FOR_EACH_CONNECTION_... in route_owner | conn east-any mark 0/00000000, 0/00000000 vs | conn east-any mark 0/00000000, 0/00000000 | conn east-any mark 0/00000000, 0/00000000 vs | conn east-any mark 0/00000000, 0/00000000 | conn east-any mark 0/00000000, 0/00000000 vs | conn east-any mark 0/00000000, 0/00000000 | route owner of "east-any"[2] 192.1.3.209 unrouted: NULL; eroute owner: NULL | routing is easy, or has resolvable near-conflict | checking if this is a replacement state | st=0x561d264579f8 ost=(nil) st->serialno=#4 ost->serialno=#0 | installing outgoing SA now as refhim=0 | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 | setting IPsec SA replay-window to 32 | NIC esp-hw-offload not for connection 'east-any' not available on interface eth1 | netlink: enabling tunnel mode | netlink: setting IPsec SA replay-window to 32 using old-style req | netlink: esp-hw-offload not set for IPsec SA | netlink response for Add SA esp.a025d003@192.1.3.209 included non-error error | outgoing SA has refhim=0 | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 | setting IPsec SA replay-window to 32 | NIC esp-hw-offload not for connection 'east-any' not available on interface eth1 | netlink: enabling tunnel mode | netlink: setting IPsec SA replay-window to 32 using old-style req | netlink: esp-hw-offload not set for IPsec SA | netlink response for Add SA esp.28189899@192.1.2.23 included non-error error | priority calculation of connection "east-any" is 0xfe7df | add inbound eroute 192.0.2.101/32:0 --0-> 192.0.2.0/24:0 => tun.10000@192.1.2.23 (raw_eroute) | IPsec Sa SPD priority set to 1042399 | raw_eroute result=success | no IKEv1 message padding required | emitting length of ISAKMP Message: 444 | finished processing quick inI1 | complete v1 state transition with STF_OK | [RE]START processing: state #4 connection "east-any"[2] 192.1.3.209 from 192.1.3.209:500 (in complete_v1_state_transition() at ikev1.c:2673) | #4 is idle | doing_xauth:no, t_xauth_client_done:no | IKEv1: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1 | child state #4: QUICK_R0(established CHILD SA) => QUICK_R1(established CHILD SA) | event_already_set, deleting event | state #4 requesting EVENT_CRYPTO_TIMEOUT to be deleted | libevent_free: release ptr-libevent@0x561d26459b48 | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f24f4002b78 | sending reply packet to 192.1.3.209:500 (from 192.1.2.23:500) | sending 444 bytes for STATE_QUICK_R0 through eth1 from 192.1.2.23:500 to 192.1.3.209:500 (using #4) | 73 37 a3 72 2c 29 3b a5 bd ee 07 08 d4 7a e6 57 | 08 10 20 01 bb 7c 70 59 00 00 01 bc 84 13 c8 f4 | a6 76 98 e8 0a 81 8e 9b 20 f4 c3 69 a3 82 b3 41 | 67 5e 9b 5e 22 72 d2 22 2a e9 32 65 7d 5b 66 49 | 2f 06 c9 8d e7 bd 0f 11 10 4d f7 40 27 c5 ec 67 | 07 f9 45 e7 d8 69 bb 66 00 55 50 39 ef 9b c1 20 | 37 c4 7f e6 45 7f cf 66 71 de 64 e5 bd f7 24 19 | f0 d6 55 1a 65 95 22 78 31 05 61 92 5c 1a 6a c9 | 30 ed ed 66 52 43 41 ed 0d fc cb a3 4e 0c a3 93 | 5a be 75 4c 6b 6b fa 65 26 e3 74 f6 00 d1 93 f5 | 17 27 83 e0 08 44 30 31 a4 d2 07 9a 67 b1 ab 56 | c6 85 44 3b 98 ce a8 d7 9f e8 5b ec d5 53 64 d4 | df 28 69 14 71 5e 8f be 31 cf 87 60 10 a2 62 be | 12 67 77 fe 8b 7e 56 71 9f 97 57 50 96 9d 72 ae | 55 ee 5d dc d3 01 2b b7 94 25 7e ec bc c2 ca 9a | 4e 65 55 24 ec 88 37 aa b6 d4 6b 9f a0 e8 e6 24 | 7b f0 34 21 15 b6 00 3f ff 93 04 4f 8c 22 b4 52 | d3 b7 98 a5 54 82 86 24 c3 46 66 e9 98 24 64 d6 | e3 e9 5e c2 47 42 3b cf 14 c9 be 2a 28 5d c1 5a | 37 84 b5 19 09 a3 af 7e 1e a9 53 cd e7 3b be 33 | 12 65 14 2b 6b 62 a3 ba ad 20 73 99 ab 93 5b 9c | db 86 08 2c 32 5f c1 ec 2a c8 29 16 a1 c8 b9 7f | 58 cd 45 ab ba 66 46 8b 2d ee 32 b5 db a9 85 73 | c1 64 34 22 3c a0 f6 2b e1 c1 3d 41 aa c5 fd 06 | 81 17 59 48 5d 63 83 48 d2 89 cb c1 cc b8 75 51 | 12 0d 97 db f7 b2 21 5b f2 6b 15 64 de 89 c4 69 | 20 ab 3d 16 a5 bd 82 c9 90 55 5a ab 66 85 9d 06 | c2 1d 07 93 c3 58 1f 12 0d 93 11 ba | !event_already_set at reschedule | event_schedule: new EVENT_RETRANSMIT-pe@0x7f24f4002b78 | inserting event EVENT_RETRANSMIT, timeout in 15 seconds for #4 | libevent_malloc: new ptr-libevent@0x7f24ec003f28 size 128 | #4 STATE_QUICK_R1: retransmits: first event in 15 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 29856.949916 | pstats #4 ikev1.ipsec established | NAT-T: encaps is 'auto' "east-any"[2] 192.1.3.209 #4: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2 tunnel mode {ESP=>0xa025d003 <0x28189899 xfrm=AES_CBC_128-HMAC_SHA1_96 NATOA=none NATD=none DPD=passive username=xroad} | modecfg pull: noquirk policy:pull not-client | phase 1 is done, looking for phase 2 to unpend | resume sending helper answer for #4 suppresed complete_v1_state_transition() | #4 spent 1.25 milliseconds in resume sending helper answer | stop processing: state #4 connection "east-any"[2] 192.1.3.209 from 192.1.3.209:500 (in resume_handler() at server.c:833) | libevent_free: release ptr-libevent@0x7f25000027d8 | spent 0.00341 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() | *received 76 bytes from 192.1.3.209:500 on eth1 (192.1.2.23:500) | 73 37 a3 72 2c 29 3b a5 bd ee 07 08 d4 7a e6 57 | 08 10 20 01 bb 7c 70 59 00 00 00 4c 4a 0a 4d 4d | 2e 68 7d 00 9a 2b 96 7a e1 74 4a 47 62 1a 0f 2a | a7 27 54 57 51 d0 3c c1 7f 10 84 ed ba 73 7e f0 | eb 80 0e 83 45 00 2a e9 6e ce 5a cb | start processing: from 192.1.3.209:500 (in process_md() at demux.c:378) | **parse ISAKMP Message: | initiator cookie: | 73 37 a3 72 2c 29 3b a5 | responder cookie: | bd ee 07 08 d4 7a e6 57 | next payload type: ISAKMP_NEXT_HASH (0x8) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_QUICK (0x20) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 3145494617 (0xbb7c7059) | length: 76 (0x4c) | processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32) | State DB: found IKEv1 state #4 in QUICK_R1 (find_state_ikev1) | start processing: state #4 connection "east-any"[2] 192.1.3.209 from 192.1.3.209:500 (in process_v1_packet() at ikev1.c:1633) | #4 is idle | #4 idle | received encrypted packet from 192.1.3.209:500 | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x100 opt: 0x0 | ***parse ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | length: 36 (0x24) | removing 12 bytes of padding | quick_inI2 HASH(3): | 3a 79 c3 50 cb ce 3f 33 7a b3 c2 4b 47 5e 92 75 | aa 79 b2 43 88 bd b0 33 c5 f1 af f2 b6 67 30 0e | received 'quick_inI2' message HASH(3) data ok | install_ipsec_sa() for #4: outbound only | could_route called for east-any (kind=CK_INSTANCE) | FOR_EACH_CONNECTION_... in route_owner | conn east-any mark 0/00000000, 0/00000000 vs | conn east-any mark 0/00000000, 0/00000000 | conn east-any mark 0/00000000, 0/00000000 vs | conn east-any mark 0/00000000, 0/00000000 | conn east-any mark 0/00000000, 0/00000000 vs | conn east-any mark 0/00000000, 0/00000000 | route owner of "east-any"[2] 192.1.3.209 unrouted: NULL; eroute owner: NULL | sr for #4: unrouted | route_and_eroute() for proto 0, and source port 0 dest port 0 | FOR_EACH_CONNECTION_... in route_owner | conn east-any mark 0/00000000, 0/00000000 vs | conn east-any mark 0/00000000, 0/00000000 | conn east-any mark 0/00000000, 0/00000000 vs | conn east-any mark 0/00000000, 0/00000000 | conn east-any mark 0/00000000, 0/00000000 vs | conn east-any mark 0/00000000, 0/00000000 | route owner of "east-any"[2] 192.1.3.209 unrouted: NULL; eroute owner: NULL | route_and_eroute with c: east-any (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #4 | priority calculation of connection "east-any" is 0xfe7df | eroute_connection add eroute 192.0.2.0/24:0 --0-> 192.0.2.101/32:0 => tun.0@192.1.3.209 (raw_eroute) | IPsec Sa SPD priority set to 1042399 | raw_eroute result=success | running updown command "ipsec _updown" for verb up | command executing up-client | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east-any' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.209' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16396' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.209' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=road.testing.libreswan.org, E=user-road@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.2.101/32' PLUTO_PEER_CLIENT_NET='192.0.2.101' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+XAUTH+MODECFG_PULL+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_INSTANCE' PLUTO_ | popen cmd is 1318 chars long | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east-any' PLUTO_INT: | cmd( 80):ERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.209' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='C=: | cmd( 160):CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libr: | cmd( 240):eswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.2.0/24' PLU: | cmd( 320):TO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT=: | cmd( 400):'0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16396' PLUTO_SA_TYPE='ESP' PLUTO_PEER=: | cmd( 480):'192.1.3.209' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test D: | cmd( 560):epartment, CN=road.testing.libreswan.org, E=user-road@testing.libreswan.org' PLU: | cmd( 640):TO_PEER_CLIENT='192.0.2.101/32' PLUTO_PEER_CLIENT_NET='192.0.2.101' PLUTO_PEER_C: | cmd( 720):LIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_P: | cmd( 800):EER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRY: | cmd( 880):PT+TUNNEL+PFS+XAUTH+MODECFG_PULL+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' : | cmd( 960):PLUTO_CONN_KIND='CK_INSTANCE' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_: | cmd(1040):USERNAME='xroad' PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAI: | cmd(1120):N_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='1' PLUTO_CFG_CLIENT='0' PLUTO_N: | cmd(1200):M_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xa025d003: | cmd(1280): SPI_OUT=0x28189899 ipsec _updown 2>&1: | route_and_eroute: firewall_notified: true | running updown command "ipsec _updown" for verb prepare | command executing prepare-client | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east-any' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.209' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16396' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.209' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=road.testing.libreswan.org, E=user-road@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.2.101/32' PLUTO_PEER_CLIENT_NET='192.0.2.101' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+XAUTH+MODECFG_PULL+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_INSTAN | popen cmd is 1323 chars long | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east-any' PLUT: | cmd( 80):O_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.209' PLUTO_ME='192.1.2.23' PLUTO_MY_I: | cmd( 160):D='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing: | cmd( 240):.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.2.0/24: | cmd( 320):' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_: | cmd( 400):PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16396' PLUTO_SA_TYPE='ESP' PLUTO_: | cmd( 480):PEER='192.1.3.209' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=T: | cmd( 560):est Department, CN=road.testing.libreswan.org, E=user-road@testing.libreswan.org: | cmd( 640):' PLUTO_PEER_CLIENT='192.0.2.101/32' PLUTO_PEER_CLIENT_NET='192.0.2.101' PLUTO_P: | cmd( 720):EER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PL: | cmd( 800):UTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+: | cmd( 880):ENCRYPT+TUNNEL+PFS+XAUTH+MODECFG_PULL+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN: | cmd( 960):_NO' PLUTO_CONN_KIND='CK_INSTANCE' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 P: | cmd(1040):LUTO_USERNAME='xroad' PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_: | cmd(1120):DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='1' PLUTO_CFG_CLIENT='0' PL: | cmd(1200):UTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xa02: | cmd(1280):5d003 SPI_OUT=0x28189899 ipsec _updown 2>&1: | running updown command "ipsec _updown" for verb route | command executing route-client | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east-any' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.209' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16396' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.209' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=road.testing.libreswan.org, E=user-road@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.2.101/32' PLUTO_PEER_CLIENT_NET='192.0.2.101' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+XAUTH+MODECFG_PULL+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_INSTANCE' | popen cmd is 1321 chars long | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east-any' PLUTO_: | cmd( 80):INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.209' PLUTO_ME='192.1.2.23' PLUTO_MY_ID=: | cmd( 160):'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.l: | cmd( 240):ibreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.2.0/24' : | cmd( 320):PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PO: | cmd( 400):RT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16396' PLUTO_SA_TYPE='ESP' PLUTO_PE: | cmd( 480):ER='192.1.3.209' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Tes: | cmd( 560):t Department, CN=road.testing.libreswan.org, E=user-road@testing.libreswan.org' : | cmd( 640):PLUTO_PEER_CLIENT='192.0.2.101/32' PLUTO_PEER_CLIENT_NET='192.0.2.101' PLUTO_PEE: | cmd( 720):R_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUT: | cmd( 800):O_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+EN: | cmd( 880):CRYPT+TUNNEL+PFS+XAUTH+MODECFG_PULL+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_N: | cmd( 960):O' PLUTO_CONN_KIND='CK_INSTANCE' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLU: | cmd(1040):TO_USERNAME='xroad' PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DO: | cmd(1120):MAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='1' PLUTO_CFG_CLIENT='0' PLUT: | cmd(1200):O_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xa025d: | cmd(1280):003 SPI_OUT=0x28189899 ipsec _updown 2>&1: | route_and_eroute: instance "east-any"[2] 192.1.3.209, setting eroute_owner {spd=0x561d26448838,sr=0x561d26448838} to #4 (was #0) (newest_ipsec_sa=#0) | #3 spent 1.9 milliseconds in install_ipsec_sa() | inI2: instance east-any[2], setting IKEv1 newest_ipsec_sa to #4 (was #0) (spd.eroute=#4) cloned from #3 | DPD: dpd_init() called on IPsec SA | DPD: Peer does not support Dead Peer Detection | complete v1 state transition with STF_OK | [RE]START processing: state #4 connection "east-any"[2] 192.1.3.209 from 192.1.3.209:500 (in complete_v1_state_transition() at ikev1.c:2673) | #4 is idle | doing_xauth:no, t_xauth_client_done:no | IKEv1: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2 | child state #4: QUICK_R1(established CHILD SA) => QUICK_R2(established CHILD SA) | event_already_set, deleting event | state #4 requesting EVENT_RETRANSMIT to be deleted | #4 STATE_QUICK_R2: retransmits: cleared | libevent_free: release ptr-libevent@0x7f24ec003f28 | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f24f4002b78 | !event_already_set at reschedule | event_schedule: new EVENT_SA_REPLACE-pe@0x7f24f4002b78 | inserting event EVENT_SA_REPLACE, timeout in 28530 seconds for #4 | libevent_malloc: new ptr-libevent@0x7f25000027d8 size 128 | pstats #4 ikev1.ipsec established | NAT-T: encaps is 'auto' "east-any"[2] 192.1.3.209 #4: STATE_QUICK_R2: IPsec SA established tunnel mode {ESP=>0xa025d003 <0x28189899 xfrm=AES_CBC_128-HMAC_SHA1_96 NATOA=none NATD=none DPD=passive username=xroad} | modecfg pull: noquirk policy:pull not-client | phase 1 is done, looking for phase 2 to unpend | #4 spent 2.01 milliseconds in process_packet_tail() | stop processing: from 192.1.3.209:500 (BACKGROUND) (in process_md() at demux.c:380) | stop processing: state #4 connection "east-any"[2] 192.1.3.209 from 192.1.3.209:500 (in process_md() at demux.c:382) | processing: STOP connection NULL (in process_md() at demux.c:383) | spent 2.16 milliseconds in comm_handle_cb() reading and processing packet | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.0045 milliseconds in signal handler PLUTO_SIGCHLD | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00266 milliseconds in signal handler PLUTO_SIGCHLD | processing signal PLUTO_SIGCHLD | waitpid returned ECHILD (no child processes left) | spent 0.00277 milliseconds in signal handler PLUTO_SIGCHLD | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | FOR_EACH_STATE_... in show_traffic_status (sort_states) | FOR_EACH_STATE_... in sort_states | get_sa_info esp.d5ab7de1@192.1.2.23 | get_sa_info esp.5a114bf9@192.1.3.33 | get_sa_info esp.28189899@192.1.2.23 | get_sa_info esp.a025d003@192.1.3.209 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.105 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) | FOR_EACH_CONNECTION_... in show_connections_status | FOR_EACH_CONNECTION_... in show_connections_status | FOR_EACH_STATE_... in show_states_status (sort_states) | FOR_EACH_STATE_... in sort_states | get_sa_info esp.d5ab7de1@192.1.2.23 | get_sa_info esp.5a114bf9@192.1.3.33 | get_sa_info esp.28189899@192.1.2.23 | get_sa_info esp.a025d003@192.1.3.209 | close_any(fd@16) (in whack_process() at rcv_whack.c:700) | spent 0.881 milliseconds in whack | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:722) shutting down | processing: RESET whack log_fd (was fd@16) (in exit_pluto() at plutomain.c:1825) destroying root certificate cache | certs and keys locked by 'free_preshared_secrets' forgetting secrets | certs and keys unlocked by 'free_preshared_secrets' | unreference key: 0x561d26438468 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org cnt 1-- | unreference key: 0x561d26437fc8 user-east@testing.libreswan.org cnt 1-- | unreference key: 0x561d26437aa8 @east.testing.libreswan.org cnt 1-- | unreference key: 0x561d26437558 east@testing.libreswan.org cnt 1-- | unreference key: 0x561d26436148 192.1.2.23 cnt 1-- | start processing: connection "east-any"[2] 192.1.3.209 (in delete_connection() at connections.c:189) "east-any"[2] 192.1.3.209: deleting connection "east-any"[2] 192.1.3.209 instance with peer 192.1.3.209 {isakmp=#3/ipsec=#4} | addresspool can share this lease | left (to linger) lease refcnt 0 192.0.2.101 from addresspool 192.0.2.100-192.0.2.200 index=1. pool size 101 used 2 lingering=1 address | Deleting states for connection - including all other IPsec SA's of this IKE SA | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | state #4 | suspend processing: connection "east-any"[2] 192.1.3.209 (in foreach_state_by_connection_func_delete() at state.c:1310) | start processing: state #4 connection "east-any"[2] 192.1.3.209 from 192.1.3.209:500 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #4 ikev1.ipsec deleted completed | [RE]START processing: state #4 connection "east-any"[2] 192.1.3.209 from 192.1.3.209:500 (in delete_state() at state.c:879) "east-any"[2] 192.1.3.209 #4: deleting state (STATE_QUICK_R2) aged 4.087s and sending notification | child state #4: QUICK_R2(established CHILD SA) => delete | get_sa_info esp.a025d003@192.1.3.209 | get_sa_info esp.28189899@192.1.2.23 "east-any"[2] 192.1.3.209 #4: ESP traffic information: in=336B out=336B XAUTHuser=xroad | #4 send IKEv1 delete notification for STATE_QUICK_R2 | FOR_EACH_STATE_... in find_phase1_state | **emit ISAKMP Message: | initiator cookie: | 73 37 a3 72 2c 29 3b a5 | responder cookie: | bd ee 07 08 d4 7a e6 57 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_INFO (0x5) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 693909552 (0x295c3830) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'delete msg' | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload | emitting length of ISAKMP Hash Payload: 36 | ***emit ISAKMP Delete Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | DOI: ISAKMP_DOI_IPSEC (0x1) | protocol ID: 3 (0x3) | SPI size: 4 (0x4) | number of SPIs: 1 (0x1) | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Delete Payload (12:ISAKMP_NEXT_D) | next payload chain: saving location 'ISAKMP Delete Payload'.'next payload type' in 'delete msg' | emitting 4 raw bytes of delete payload into ISAKMP Delete Payload | delete payload 28 18 98 99 | emitting length of ISAKMP Delete Payload: 16 | send delete HASH(1): | 4b 80 aa bd 4e ba 59 1f 85 99 3a 45 f6 4e 9a a9 | 94 9a 35 7b 0f d9 c7 f1 81 63 f1 13 93 68 1a f4 | emitting 12 zero bytes of encryption padding into ISAKMP Message | no IKEv1 message padding required | emitting length of ISAKMP Message: 92 | sending 92 bytes for delete notify through eth1 from 192.1.2.23:500 to 192.1.3.209:500 (using #3) | 73 37 a3 72 2c 29 3b a5 bd ee 07 08 d4 7a e6 57 | 08 10 05 01 29 5c 38 30 00 00 00 5c 8f 61 9f d2 | 41 cf 6a 27 40 18 2d 51 9b 10 c0 b2 82 1e 67 84 | eb e0 8c 16 71 a1 b1 0d bb f4 ef d0 2f 12 0e e1 | 7d 3c 04 6f a3 ab b8 9f ec 06 15 77 f9 d7 e8 88 | be 5c 2e 6e 95 b9 ab 72 6b e3 09 8e | state #4 requesting EVENT_SA_REPLACE to be deleted | libevent_free: release ptr-libevent@0x7f25000027d8 | free_event_entry: release EVENT_SA_REPLACE-pe@0x7f24f4002b78 | running updown command "ipsec _updown" for verb down | command executing down-client | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east-any' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.209' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16396' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.209' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=road.testing.libreswan.org, E=user-road@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.2.101/32' PLUTO_PEER_CLIENT_NET='192.0.2.101' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566844571' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+XAUTH+MODECFG_PULL+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_GOI | popen cmd is 1331 chars long | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east-any' PLUTO_I: | cmd( 80):NTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.209' PLUTO_ME='192.1.2.23' PLUTO_MY_ID=': | cmd( 160):C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.li: | cmd( 240):breswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.2.0/24' P: | cmd( 320):LUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_POR: | cmd( 400):T='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16396' PLUTO_SA_TYPE='ESP' PLUTO_PEE: | cmd( 480):R='192.1.3.209' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test: | cmd( 560): Department, CN=road.testing.libreswan.org, E=user-road@testing.libreswan.org' P: | cmd( 640):LUTO_PEER_CLIENT='192.0.2.101/32' PLUTO_PEER_CLIENT_NET='192.0.2.101' PLUTO_PEER: | cmd( 720):_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO: | cmd( 800):_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566844571' PLUTO_CONN_POLICY='R: | cmd( 880):SASIG+ENCRYPT+TUNNEL+PFS+XAUTH+MODECFG_PULL+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALL: | cmd( 960):OW+ESN_NO' PLUTO_CONN_KIND='CK_GOING_AWAY' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FA: | cmd(1040):ILED=0 PLUTO_USERNAME='xroad' PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLU: | cmd(1120):TO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='1' PLUTO_CFG_CLIEN: | cmd(1200):T='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_: | cmd(1280):IN=0xa025d003 SPI_OUT=0x28189899 ipsec _updown 2>&1: | shunt_eroute() called for connection 'east-any' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 0--0->-0 | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 | priority calculation of connection "east-any" is 0xfe7df | IPsec Sa SPD priority set to 1042399 | delete esp.a025d003@192.1.3.209 | netlink response for Del SA esp.a025d003@192.1.3.209 included non-error error | priority calculation of connection "east-any" is 0xfe7df | delete inbound eroute 192.0.2.101/32:0 --0-> 192.0.2.0/24:0 => unk255.10000@192.1.2.23 (raw_eroute) | raw_eroute result=success | delete esp.28189899@192.1.2.23 | netlink response for Del SA esp.28189899@192.1.2.23 included non-error error | stop processing: connection "east-any"[2] 192.1.3.209 (BACKGROUND) (in update_state_connection() at connections.c:4076) | start processing: connection NULL (in update_state_connection() at connections.c:4077) | in connection_discard for connection east-any | State DB: deleting IKEv1 state #4 in QUICK_R2 | child state #4: QUICK_R2(established CHILD SA) => UNDEFINED(ignore) | stop processing: state #4 from 192.1.3.209:500 (in delete_state() at state.c:1143) | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | state #3 | state #2 | state #1 | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | state #3 | start processing: state #3 connection "east-any"[2] 192.1.3.209 from 192.1.3.209:500 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #3 ikev1.isakmp deleted completed | [RE]START processing: state #3 connection "east-any"[2] 192.1.3.209 from 192.1.3.209:500 (in delete_state() at state.c:879) "east-any"[2] 192.1.3.209 #3: deleting state (STATE_MODE_CFG_R1) aged 4.215s and sending notification | parent state #3: MODE_CFG_R1(established IKE SA) => delete | #3 send IKEv1 delete notification for STATE_MODE_CFG_R1 | **emit ISAKMP Message: | initiator cookie: | 73 37 a3 72 2c 29 3b a5 | responder cookie: | bd ee 07 08 d4 7a e6 57 | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_INFO (0x5) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 3618317027 (0xd7ab22e3) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'delete msg' | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload | emitting length of ISAKMP Hash Payload: 36 | ***emit ISAKMP Delete Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | DOI: ISAKMP_DOI_IPSEC (0x1) | protocol ID: 1 (0x1) | SPI size: 16 (0x10) | number of SPIs: 1 (0x1) | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Delete Payload (12:ISAKMP_NEXT_D) | next payload chain: saving location 'ISAKMP Delete Payload'.'next payload type' in 'delete msg' | emitting 8 raw bytes of initiator SPI into ISAKMP Delete Payload | initiator SPI 73 37 a3 72 2c 29 3b a5 | emitting 8 raw bytes of responder SPI into ISAKMP Delete Payload | responder SPI bd ee 07 08 d4 7a e6 57 | emitting length of ISAKMP Delete Payload: 28 | send delete HASH(1): | 2b 5c 06 96 8b 87 40 13 02 3e 24 1d d1 9f b6 54 | 9a a6 fa a8 85 fd 22 c4 8b 99 a5 2f 8b ab 41 28 | no IKEv1 message padding required | emitting length of ISAKMP Message: 92 | sending 92 bytes for delete notify through eth1 from 192.1.2.23:500 to 192.1.3.209:500 (using #3) | 73 37 a3 72 2c 29 3b a5 bd ee 07 08 d4 7a e6 57 | 08 10 05 01 d7 ab 22 e3 00 00 00 5c 5c 56 d7 27 | ab df 9a e0 97 e9 3b dc 63 7f 5d 3c 1c 57 25 a6 | bb 06 e0 b1 83 a0 6a 6b a8 13 46 27 8e 90 a0 3a | 03 2a fa 51 9e 22 93 40 7a be 19 fb 6d 45 14 44 | f2 8a 86 dc d2 47 40 c0 5b 9d b8 d6 | state #3 requesting EVENT_SA_REPLACE to be deleted | libevent_free: release ptr-libevent@0x561d264435f8 | free_event_entry: release EVENT_SA_REPLACE-pe@0x7f24fc004218 | State DB: IKEv1 state not found (flush_incomplete_children) | in connection_discard for connection east-any | State DB: deleting IKEv1 state #3 in MODE_CFG_R1 | parent state #3: MODE_CFG_R1(established IKE SA) => UNDEFINED(ignore) | unreference key: 0x561d2644d108 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=road.testing.libreswan.org, E=user-road@testing.libreswan.org cnt 2-- | stop processing: state #3 from 192.1.3.209:500 (in delete_state() at state.c:1143) | unreference key: 0x561d2644d108 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=road.testing.libreswan.org, E=user-road@testing.libreswan.org cnt 1-- | unreference key: 0x561d26448cd8 user-road@testing.libreswan.org cnt 1-- | unreference key: 0x561d2645aec8 @road.testing.libreswan.org cnt 1-- | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | state #2 | state #1 | shunt_eroute() called for connection 'east-any' to 'delete' for rt_kind 'unrouted' using protoports 0--0->-0 | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 | priority calculation of connection "east-any" is 0xfe7df | priority calculation of connection "east-any" is 0xfe7df | FOR_EACH_CONNECTION_... in route_owner | conn east-any mark 0/00000000, 0/00000000 vs | conn east-any mark 0/00000000, 0/00000000 | conn east-any mark 0/00000000, 0/00000000 vs | conn east-any mark 0/00000000, 0/00000000 | conn east-any mark 0/00000000, 0/00000000 vs | conn east-any mark 0/00000000, 0/00000000 | route owner of "east-any" unrouted: NULL | running updown command "ipsec _updown" for verb unroute | command executing unroute-client | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east-any' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.209' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16396' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.3.209' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=road.testing.libreswan.org, E=user-road@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.2.101/32' PLUTO_PEER_CLIENT_NET='192.0.2.101' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+XAUTH+MODECFG_PULL+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_GOING | popen cmd is 1289 chars long | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east-any' PLUT: | cmd( 80):O_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.209' PLUTO_ME='192.1.2.23' PLUTO_MY_I: | cmd( 160):D='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing: | cmd( 240):.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.2.0/24: | cmd( 320):' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_: | cmd( 400):PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16396' PLUTO_SA_TYPE='none' PLUTO: | cmd( 480):_PEER='192.1.3.209' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=: | cmd( 560):Test Department, CN=road.testing.libreswan.org, E=user-road@testing.libreswan.or: | cmd( 640):g' PLUTO_PEER_CLIENT='192.0.2.101/32' PLUTO_PEER_CLIENT_NET='192.0.2.101' PLUTO_: | cmd( 720):PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' P: | cmd( 800):LUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG: | cmd( 880):+ENCRYPT+TUNNEL+PFS+XAUTH+MODECFG_PULL+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ES: | cmd( 960):N_NO' PLUTO_CONN_KIND='CK_GOING_AWAY' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=: | cmd(1040):0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO: | cmd(1120):_PEER_BANNER='' PLUTO_CFG_SERVER='1' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0: | cmd(1200):' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _up: | cmd(1280):down 2>&1: unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. | unreference addresspool of conn east-any[2] kind CK_GOING_AWAY refcnt 3 | free hp@0x561d264499a8 | flush revival: connection 'east-any' wasn't on the list | processing: STOP connection NULL (in discard_connection() at connections.c:249) | start processing: connection "east-any"[1] 192.1.3.33 (in delete_connection() at connections.c:189) "east-any"[1] 192.1.3.33: deleting connection "east-any"[1] 192.1.3.33 instance with peer 192.1.3.33 {isakmp=#1/ipsec=#2} | addresspool can share this lease | left (to linger) lease refcnt 0 192.0.2.100 from addresspool 192.0.2.100-192.0.2.200 index=0. pool size 101 used 2 lingering=2 address | Deleting states for connection - including all other IPsec SA's of this IKE SA | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | state #2 | suspend processing: connection "east-any"[1] 192.1.3.33 (in foreach_state_by_connection_func_delete() at state.c:1310) | start processing: state #2 connection "east-any"[1] 192.1.3.33 from 192.1.3.33:500 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #2 ikev1.ipsec deleted completed | [RE]START processing: state #2 connection "east-any"[1] 192.1.3.33 from 192.1.3.33:500 (in delete_state() at state.c:879) "east-any"[1] 192.1.3.33 #2: deleting state (STATE_QUICK_R2) aged 10.035s and sending notification | child state #2: QUICK_R2(established CHILD SA) => delete | get_sa_info esp.5a114bf9@192.1.3.33 | get_sa_info esp.d5ab7de1@192.1.2.23 "east-any"[1] 192.1.3.33 #2: ESP traffic information: in=336B out=336B XAUTHuser=xnorth | #2 send IKEv1 delete notification for STATE_QUICK_R2 | FOR_EACH_STATE_... in find_phase1_state | **emit ISAKMP Message: | initiator cookie: | ed b5 5c 3c d0 47 93 cb | responder cookie: | 12 d0 f4 86 da ac ad 5c | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_INFO (0x5) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 1878394125 (0x6ff6050d) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'delete msg' | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload | emitting length of ISAKMP Hash Payload: 36 | ***emit ISAKMP Delete Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | DOI: ISAKMP_DOI_IPSEC (0x1) | protocol ID: 3 (0x3) | SPI size: 4 (0x4) | number of SPIs: 1 (0x1) | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Delete Payload (12:ISAKMP_NEXT_D) | next payload chain: saving location 'ISAKMP Delete Payload'.'next payload type' in 'delete msg' | emitting 4 raw bytes of delete payload into ISAKMP Delete Payload | delete payload d5 ab 7d e1 | emitting length of ISAKMP Delete Payload: 16 | send delete HASH(1): | 31 14 02 6c 78 27 6e a6 4a 28 ef 41 b2 af b8 07 | 3d 72 18 b0 e7 24 6c 3c 62 e3 68 de 23 af b3 68 | emitting 12 zero bytes of encryption padding into ISAKMP Message | no IKEv1 message padding required | emitting length of ISAKMP Message: 92 | sending 92 bytes for delete notify through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) | ed b5 5c 3c d0 47 93 cb 12 d0 f4 86 da ac ad 5c | 08 10 05 01 6f f6 05 0d 00 00 00 5c d8 f3 a4 05 | c3 32 7e ad 83 a7 c3 95 65 9c 82 a4 29 02 01 26 | 65 5d 07 9b 41 c5 9b 17 ac 99 1f ce a8 b5 0e 08 | 3b d0 fc 0d 19 8b 59 55 76 76 26 8c 05 66 2c 23 | c8 aa ea 1b 28 a4 53 b3 ab d0 d0 13 | state #2 requesting EVENT_SA_REPLACE to be deleted | libevent_free: release ptr-libevent@0x7f24f0003618 | free_event_entry: release EVENT_SA_REPLACE-pe@0x561d263ca298 | running updown command "ipsec _updown" for verb down | command executing down-client | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east-any' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.33' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.2.100/32' PLUTO_PEER_CLIENT_NET='192.0.2.100' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566844565' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+XAUTH+MODECFG_PULL+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_GOI | popen cmd is 1332 chars long | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east-any' PLUTO_I: | cmd( 80):NTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.33' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='C: | cmd( 160):=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.lib: | cmd( 240):reswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.2.0/24' PL: | cmd( 320):UTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT: | cmd( 400):='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER: | cmd( 480):='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test D: | cmd( 560):epartment, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' P: | cmd( 640):LUTO_PEER_CLIENT='192.0.2.100/32' PLUTO_PEER_CLIENT_NET='192.0.2.100' PLUTO_PEER: | cmd( 720):_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO: | cmd( 800):_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1566844565' PLUTO_CONN_POLICY='R: | cmd( 880):SASIG+ENCRYPT+TUNNEL+PFS+XAUTH+MODECFG_PULL+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALL: | cmd( 960):OW+ESN_NO' PLUTO_CONN_KIND='CK_GOING_AWAY' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FA: | cmd(1040):ILED=0 PLUTO_USERNAME='xnorth' PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PL: | cmd(1120):UTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='1' PLUTO_CFG_CLIE: | cmd(1200):NT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI: | cmd(1280):_IN=0x5a114bf9 SPI_OUT=0xd5ab7de1 ipsec _updown 2>&1: | shunt_eroute() called for connection 'east-any' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 0--0->-0 | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 | priority calculation of connection "east-any" is 0xfe7df | IPsec Sa SPD priority set to 1042399 | delete esp.5a114bf9@192.1.3.33 | netlink response for Del SA esp.5a114bf9@192.1.3.33 included non-error error | priority calculation of connection "east-any" is 0xfe7df | delete inbound eroute 192.0.2.100/32:0 --0-> 192.0.2.0/24:0 => unk255.10000@192.1.2.23 (raw_eroute) | raw_eroute result=success | delete esp.d5ab7de1@192.1.2.23 | netlink response for Del SA esp.d5ab7de1@192.1.2.23 included non-error error | stop processing: connection "east-any"[1] 192.1.3.33 (BACKGROUND) (in update_state_connection() at connections.c:4076) | start processing: connection NULL (in update_state_connection() at connections.c:4077) | in connection_discard for connection east-any | State DB: deleting IKEv1 state #2 in QUICK_R2 | child state #2: QUICK_R2(established CHILD SA) => UNDEFINED(ignore) | stop processing: state #2 from 192.1.3.33:500 (in delete_state() at state.c:1143) | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | state #1 | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | state #1 | start processing: state #1 connection "east-any"[1] 192.1.3.33 from 192.1.3.33:500 (in foreach_state_by_connection_func_delete() at state.c:1310) | pstats #1 ikev1.isakmp deleted completed | [RE]START processing: state #1 connection "east-any"[1] 192.1.3.33 from 192.1.3.33:500 (in delete_state() at state.c:879) "east-any"[1] 192.1.3.33 #1: deleting state (STATE_MODE_CFG_R1) aged 10.152s and sending notification | parent state #1: MODE_CFG_R1(established IKE SA) => delete | #1 send IKEv1 delete notification for STATE_MODE_CFG_R1 | **emit ISAKMP Message: | initiator cookie: | ed b5 5c 3c d0 47 93 cb | responder cookie: | 12 d0 f4 86 da ac ad 5c | next payload type: ISAKMP_NEXT_NONE (0x0) | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) | exchange type: ISAKMP_XCHG_INFO (0x5) | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) | Message ID: 1254097095 (0x4ac000c7) | next payload chain: saving message location 'ISAKMP Message'.'next payload type' | ***emit ISAKMP Hash Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'delete msg' | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload | emitting length of ISAKMP Hash Payload: 36 | ***emit ISAKMP Delete Payload: | next payload type: ISAKMP_NEXT_NONE (0x0) | DOI: ISAKMP_DOI_IPSEC (0x1) | protocol ID: 1 (0x1) | SPI size: 16 (0x10) | number of SPIs: 1 (0x1) | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Delete Payload (12:ISAKMP_NEXT_D) | next payload chain: saving location 'ISAKMP Delete Payload'.'next payload type' in 'delete msg' | emitting 8 raw bytes of initiator SPI into ISAKMP Delete Payload | initiator SPI ed b5 5c 3c d0 47 93 cb | emitting 8 raw bytes of responder SPI into ISAKMP Delete Payload | responder SPI 12 d0 f4 86 da ac ad 5c | emitting length of ISAKMP Delete Payload: 28 | send delete HASH(1): | ad bd 1b 83 11 3b bb e1 b6 ed a6 ab ce d1 57 32 | 02 13 6b a3 b7 31 37 e6 a9 b6 2b 4a a9 a3 b2 3d | no IKEv1 message padding required | emitting length of ISAKMP Message: 92 | sending 92 bytes for delete notify through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) | ed b5 5c 3c d0 47 93 cb 12 d0 f4 86 da ac ad 5c | 08 10 05 01 4a c0 00 c7 00 00 00 5c 88 43 42 7d | 87 bf cd a3 0e 34 3a c9 65 91 27 e7 f0 45 cb ef | 11 aa fb c2 96 e3 08 44 ad 0b 28 d4 1d ea c7 e3 | ac e5 b4 8c 15 1b 1e 92 01 4c 43 42 73 2e 83 56 | 3c 37 8e d0 9e dd 02 6b e7 a0 5b 12 | state #1 requesting EVENT_SA_REPLACE to be deleted | libevent_free: release ptr-libevent@0x561d264372a8 | free_event_entry: release EVENT_SA_REPLACE-pe@0x561d26437108 | State DB: IKEv1 state not found (flush_incomplete_children) | in connection_discard for connection east-any | State DB: deleting IKEv1 state #1 in MODE_CFG_R1 | parent state #1: MODE_CFG_R1(established IKE SA) => UNDEFINED(ignore) | unreference key: 0x561d26441998 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org cnt 2-- | stop processing: state #1 from 192.1.3.33:500 (in delete_state() at state.c:1143) | unreference key: 0x561d26441998 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org cnt 1-- | unreference key: 0x561d26441a88 user-north@testing.libreswan.org cnt 1-- | unreference key: 0x561d26441888 @north.testing.libreswan.org cnt 1-- | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) | shunt_eroute() called for connection 'east-any' to 'delete' for rt_kind 'unrouted' using protoports 0--0->-0 | netlink_shunt_eroute for proto 0, and source port 0 dest port 0 | priority calculation of connection "east-any" is 0xfe7df | priority calculation of connection "east-any" is 0xfe7df | FOR_EACH_CONNECTION_... in route_owner | conn east-any mark 0/00000000, 0/00000000 vs | conn east-any mark 0/00000000, 0/00000000 | conn east-any mark 0/00000000, 0/00000000 vs | conn east-any mark 0/00000000, 0/00000000 | route owner of "east-any" unrouted: NULL | running updown command "ipsec _updown" for verb unroute | command executing unroute-client | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east-any' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.33' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.2.100/32' PLUTO_PEER_CLIENT_NET='192.0.2.100' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+XAUTH+MODECFG_PULL+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_GOING | popen cmd is 1289 chars long | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='east-any' PLUT: | cmd( 80):O_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.33' PLUTO_ME='192.1.2.23' PLUTO_MY_ID: | cmd( 160):='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.: | cmd( 240):libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.2.0/24': | cmd( 320): PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_P: | cmd( 400):ORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='none' PLUTO_: | cmd( 480):PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Te: | cmd( 560):st Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.or: | cmd( 640):g' PLUTO_PEER_CLIENT='192.0.2.100/32' PLUTO_PEER_CLIENT_NET='192.0.2.100' PLUTO_: | cmd( 720):PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' P: | cmd( 800):LUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG: | cmd( 880):+ENCRYPT+TUNNEL+PFS+XAUTH+MODECFG_PULL+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ES: | cmd( 960):N_NO' PLUTO_CONN_KIND='CK_GOING_AWAY' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=: | cmd(1040):0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO: | cmd(1120):_PEER_BANNER='' PLUTO_CFG_SERVER='1' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0: | cmd(1200):' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _up: | cmd(1280):down 2>&1: unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. unroute-client output: Error: Peer netns reference is invalid. | unreference addresspool of conn east-any[1] kind CK_GOING_AWAY refcnt 2 | free hp@0x561d26437028 | flush revival: connection 'east-any' wasn't on the list | processing: STOP connection NULL (in discard_connection() at connections.c:249) | start processing: connection "east-any" (in delete_connection() at connections.c:189) | Deleting states for connection - including all other IPsec SA's of this IKE SA | pass 0 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | pass 1 | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete | unreference addresspool of conn east-any[2] kind CK_TEMPLATE refcnt 1 | freeing memory for addresspool ptr 0x561d26430218 | free_lease_list: addresspool free the lease list ptr 0x561d26441278 | addresspool free lease entry ptr 0x561d26441278 refcnt 0 | addresspool free lease entry ptr 0x561d2644cea8 refcnt 0 | free hp@0x561d26435d48 | flush revival: connection 'east-any' wasn't on the list | stop processing: connection "east-any" (in discard_connection() at connections.c:249) | crl fetch request list locked by 'free_crl_fetch' | crl fetch request list unlocked by 'free_crl_fetch' shutting down interface lo/lo 127.0.0.1:4500 shutting down interface lo/lo 127.0.0.1:500 shutting down interface eth0/eth0 192.0.2.254:4500 shutting down interface eth0/eth0 192.0.2.254:500 shutting down interface eth1/eth1 192.1.2.23:4500 shutting down interface eth1/eth1 192.1.2.23:500 | FOR_EACH_STATE_... in delete_states_dead_interfaces | libevent_free: release ptr-libevent@0x561d26424838 | free_event_entry: release EVENT_NULL-pe@0x561d26430728 | libevent_free: release ptr-libevent@0x561d263caff8 | free_event_entry: release EVENT_NULL-pe@0x561d264307d8 | libevent_free: release ptr-libevent@0x561d263ca918 | free_event_entry: release EVENT_NULL-pe@0x561d26430888 | libevent_free: release ptr-libevent@0x561d263d21d8 | free_event_entry: release EVENT_NULL-pe@0x561d26430938 | libevent_free: release ptr-libevent@0x561d263d22d8 | free_event_entry: release EVENT_NULL-pe@0x561d264309e8 | libevent_free: release ptr-libevent@0x561d263d23d8 | free_event_entry: release EVENT_NULL-pe@0x561d26430a98 | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations | libevent_free: release ptr-libevent@0x561d264248e8 | free_event_entry: release EVENT_NULL-pe@0x561d26418a08 | libevent_free: release ptr-libevent@0x561d263caf48 | free_event_entry: release EVENT_NULL-pe@0x561d26418568 | libevent_free: release ptr-libevent@0x561d264114f8 | free_event_entry: release EVENT_NULL-pe@0x561d263d2488 | global timer EVENT_REINIT_SECRET uninitialized | global timer EVENT_SHUNT_SCAN uninitialized | global timer EVENT_PENDING_DDNS uninitialized | global timer EVENT_PENDING_PHASE2 uninitialized | global timer EVENT_CHECK_CRLS uninitialized | global timer EVENT_REVIVE_CONNS uninitialized | global timer EVENT_FREE_ROOT_CERTS uninitialized | global timer EVENT_RESET_LOG_RATE_LIMIT uninitialized | global timer EVENT_NAT_T_KEEPALIVE uninitialized | libevent_free: release ptr-libevent@0x561d263d6a58 | signal event handler PLUTO_SIGCHLD uninstalled | libevent_free: release ptr-libevent@0x561d263547a8 | signal event handler PLUTO_SIGTERM uninstalled | libevent_free: release ptr-libevent@0x561d2642ff08 | signal event handler PLUTO_SIGHUP uninstalled | libevent_free: release ptr-libevent@0x561d26430148 | signal event handler PLUTO_SIGSYS uninstalled | releasing event base | libevent_free: release ptr-libevent@0x561d26430018 | libevent_free: release ptr-libevent@0x561d26412dd8 | libevent_free: release ptr-libevent@0x561d26412d88 | libevent_free: release ptr-libevent@0x561d264316a8 | libevent_free: release ptr-libevent@0x561d26412d48 | libevent_free: release ptr-libevent@0x561d2642fbd8 | libevent_free: release ptr-libevent@0x561d2642fe48 | libevent_free: release ptr-libevent@0x561d26412f88 | libevent_free: release ptr-libevent@0x561d264185d8 | libevent_free: release ptr-libevent@0x561d26418238 | libevent_free: release ptr-libevent@0x561d26430b08 | libevent_free: release ptr-libevent@0x561d26430a58 | libevent_free: release ptr-libevent@0x561d264309a8 | libevent_free: release ptr-libevent@0x561d264308f8 | libevent_free: release ptr-libevent@0x561d26430848 | libevent_free: release ptr-libevent@0x561d26430798 | libevent_free: release ptr-libevent@0x561d26353ac8 | libevent_free: release ptr-libevent@0x561d2642fec8 | libevent_free: release ptr-libevent@0x561d2642fe88 | libevent_free: release ptr-libevent@0x561d2642fd48 | libevent_free: release ptr-libevent@0x561d2642ffd8 | libevent_free: release ptr-libevent@0x561d2642fc18 | libevent_free: release ptr-libevent@0x561d263d85e8 | libevent_free: release ptr-libevent@0x561d263d8568 | libevent_free: release ptr-libevent@0x561d26353e38 | releasing global libevent data | libevent_free: release ptr-libevent@0x561d263d8768 | libevent_free: release ptr-libevent@0x561d263d86e8 | libevent_free: release ptr-libevent@0x561d263d8668 leak detective found no leaks