Sep 21 07:33:24.102146: FIPS Product: YES Sep 21 07:33:24.102175: FIPS Kernel: NO Sep 21 07:33:24.102177: FIPS Mode: NO Sep 21 07:33:24.102179: NSS DB directory: sql:/etc/ipsec.d Sep 21 07:33:24.102314: Initializing NSS Sep 21 07:33:24.102317: Opening NSS database "sql:/etc/ipsec.d" read-only Sep 21 07:33:24.129291: NSS initialized Sep 21 07:33:24.129306: NSS crypto library initialized Sep 21 07:33:24.129308: FIPS HMAC integrity support [enabled] Sep 21 07:33:24.129310: FIPS mode disabled for pluto daemon Sep 21 07:33:24.180741: FIPS HMAC integrity verification self-test FAILED Sep 21 07:33:24.180838: libcap-ng support [enabled] Sep 21 07:33:24.180849: Linux audit support [enabled] Sep 21 07:33:24.180873: Linux audit activated Sep 21 07:33:24.180876: Starting Pluto (Libreswan Version v3.28-827-gc9aa82b8a6-master-s2 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC SYSTEMD_WATCHDOG FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:18279 Sep 21 07:33:24.180878: core dump dir: /tmp Sep 21 07:33:24.180879: secrets file: /etc/ipsec.secrets Sep 21 07:33:24.180880: leak-detective disabled Sep 21 07:33:24.180882: NSS crypto [enabled] Sep 21 07:33:24.180883: XAUTH PAM support [enabled] Sep 21 07:33:24.180941: | libevent is using pluto's memory allocator Sep 21 07:33:24.180945: Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800) Sep 21 07:33:24.180958: | libevent_malloc: new ptr-libevent@0x55bbb7a46520 size 40 Sep 21 07:33:24.180960: | libevent_malloc: new ptr-libevent@0x55bbb7a46550 size 40 Sep 21 07:33:24.180962: | libevent_malloc: new ptr-libevent@0x55bbb7a47d00 size 40 Sep 21 07:33:24.180963: | creating event base Sep 21 07:33:24.180965: | libevent_malloc: new ptr-libevent@0x55bbb7a47cc0 size 56 Sep 21 07:33:24.180967: | libevent_malloc: new ptr-libevent@0x55bbb7a47d30 size 664 Sep 21 07:33:24.180975: | libevent_malloc: new ptr-libevent@0x55bbb7a47fd0 size 24 Sep 21 07:33:24.180978: | libevent_malloc: new ptr-libevent@0x55bbb7a01510 size 384 Sep 21 07:33:24.180987: | libevent_malloc: new ptr-libevent@0x55bbb7a47ff0 size 16 Sep 21 07:33:24.180989: | libevent_malloc: new ptr-libevent@0x55bbb7a48010 size 40 Sep 21 07:33:24.180990: | libevent_malloc: new ptr-libevent@0x55bbb7a48040 size 48 Sep 21 07:33:24.180993: | libevent_realloc: new ptr-libevent@0x55bbb7a48080 size 256 Sep 21 07:33:24.180995: | libevent_malloc: new ptr-libevent@0x55bbb7a48190 size 16 Sep 21 07:33:24.180999: | libevent_free: release ptr-libevent@0x55bbb7a47cc0 Sep 21 07:33:24.181002: | libevent initialized Sep 21 07:33:24.181004: | libevent_realloc: new ptr-libevent@0x55bbb7a481b0 size 64 Sep 21 07:33:24.181006: | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds Sep 21 07:33:24.181016: | init_nat_traversal() initialized with keep_alive=0s Sep 21 07:33:24.181018: NAT-Traversal support [enabled] Sep 21 07:33:24.181020: | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized Sep 21 07:33:24.181024: | global one-shot timer EVENT_FREE_ROOT_CERTS initialized Sep 21 07:33:24.181029: | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds Sep 21 07:33:24.181055: | global one-shot timer EVENT_REVIVE_CONNS initialized Sep 21 07:33:24.181057: | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds Sep 21 07:33:24.181059: | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds Sep 21 07:33:24.181091: Encryption algorithms: Sep 21 07:33:24.181098: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm, aes_ccm_c Sep 21 07:33:24.181101: AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_b Sep 21 07:33:24.181103: AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_a Sep 21 07:33:24.181105: 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] 3des Sep 21 07:33:24.181107: CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128} Sep 21 07:33:24.181114: CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} camellia Sep 21 07:33:24.181117: AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm, aes_gcm_c Sep 21 07:33:24.181119: AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_b Sep 21 07:33:24.181121: AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_a Sep 21 07:33:24.181123: AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aesctr Sep 21 07:33:24.181125: AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aes Sep 21 07:33:24.181127: SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} serpent Sep 21 07:33:24.181130: TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} twofish Sep 21 07:33:24.181132: TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} twofish_cbc_ssh Sep 21 07:33:24.181134: NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_gmac Sep 21 07:33:24.181135: NULL IKEv1: ESP IKEv2: ESP [] Sep 21 07:33:24.181137: CHACHA20_POLY1305 IKEv1: IKEv2: IKE ESP [*256] chacha20poly1305 Sep 21 07:33:24.181142: Hash algorithms: Sep 21 07:33:24.181144: MD5 IKEv1: IKE IKEv2: Sep 21 07:33:24.181146: SHA1 IKEv1: IKE IKEv2: FIPS sha Sep 21 07:33:24.181148: SHA2_256 IKEv1: IKE IKEv2: FIPS sha2, sha256 Sep 21 07:33:24.181150: SHA2_384 IKEv1: IKE IKEv2: FIPS sha384 Sep 21 07:33:24.181152: SHA2_512 IKEv1: IKE IKEv2: FIPS sha512 Sep 21 07:33:24.181160: PRF algorithms: Sep 21 07:33:24.181162: HMAC_MD5 IKEv1: IKE IKEv2: IKE md5 Sep 21 07:33:24.181164: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS sha, sha1 Sep 21 07:33:24.181166: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS sha2, sha256, sha2_256 Sep 21 07:33:24.181168: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS sha384, sha2_384 Sep 21 07:33:24.181170: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS sha512, sha2_512 Sep 21 07:33:24.181171: AES_XCBC IKEv1: IKEv2: IKE aes128_xcbc Sep 21 07:33:24.181186: Integrity algorithms: Sep 21 07:33:24.181188: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH md5, hmac_md5 Sep 21 07:33:24.181190: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha, sha1, sha1_96, hmac_sha1 Sep 21 07:33:24.181193: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha512, sha2_512, sha2_512_256, hmac_sha2_512 Sep 21 07:33:24.181195: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha384, sha2_384, sha2_384_192, hmac_sha2_384 Sep 21 07:33:24.181197: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 Sep 21 07:33:24.181199: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH Sep 21 07:33:24.181201: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH aes_xcbc, aes128_xcbc, aes128_xcbc_96 Sep 21 07:33:24.181203: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac Sep 21 07:33:24.181205: NONE IKEv1: ESP IKEv2: IKE ESP FIPS null Sep 21 07:33:24.181212: DH algorithms: Sep 21 07:33:24.181214: NONE IKEv1: IKEv2: IKE ESP AH FIPS null, dh0 Sep 21 07:33:24.181216: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh5 Sep 21 07:33:24.181218: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh14 Sep 21 07:33:24.181221: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh15 Sep 21 07:33:24.181223: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh16 Sep 21 07:33:24.181224: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh17 Sep 21 07:33:24.181226: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh18 Sep 21 07:33:24.181228: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_256, ecp256 Sep 21 07:33:24.181230: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_384, ecp384 Sep 21 07:33:24.181232: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_521, ecp521 Sep 21 07:33:24.181233: DH31 IKEv1: IKE IKEv2: IKE ESP AH curve25519 Sep 21 07:33:24.181235: testing CAMELLIA_CBC: Sep 21 07:33:24.181237: Camellia: 16 bytes with 128-bit key Sep 21 07:33:24.181321: Camellia: 16 bytes with 128-bit key Sep 21 07:33:24.181340: Camellia: 16 bytes with 256-bit key Sep 21 07:33:24.181357: Camellia: 16 bytes with 256-bit key Sep 21 07:33:24.181373: testing AES_GCM_16: Sep 21 07:33:24.181375: empty string Sep 21 07:33:24.181392: one block Sep 21 07:33:24.181408: two blocks Sep 21 07:33:24.181423: two blocks with associated data Sep 21 07:33:24.181438: testing AES_CTR: Sep 21 07:33:24.181440: Encrypting 16 octets using AES-CTR with 128-bit key Sep 21 07:33:24.181457: Encrypting 32 octets using AES-CTR with 128-bit key Sep 21 07:33:24.181474: Encrypting 36 octets using AES-CTR with 128-bit key Sep 21 07:33:24.181490: Encrypting 16 octets using AES-CTR with 192-bit key Sep 21 07:33:24.181505: Encrypting 32 octets using AES-CTR with 192-bit key Sep 21 07:33:24.181521: Encrypting 36 octets using AES-CTR with 192-bit key Sep 21 07:33:24.181537: Encrypting 16 octets using AES-CTR with 256-bit key Sep 21 07:33:24.181552: Encrypting 32 octets using AES-CTR with 256-bit key Sep 21 07:33:24.181568: Encrypting 36 octets using AES-CTR with 256-bit key Sep 21 07:33:24.181584: testing AES_CBC: Sep 21 07:33:24.181586: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key Sep 21 07:33:24.181601: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key Sep 21 07:33:24.181618: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key Sep 21 07:33:24.181636: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key Sep 21 07:33:24.181656: testing AES_XCBC: Sep 21 07:33:24.181658: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input Sep 21 07:33:24.181731: RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input Sep 21 07:33:24.181827: RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input Sep 21 07:33:24.181918: RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input Sep 21 07:33:24.181993: RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input Sep 21 07:33:24.182066: RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input Sep 21 07:33:24.182143: RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input Sep 21 07:33:24.182306: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) Sep 21 07:33:24.182381: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) Sep 21 07:33:24.182461: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) Sep 21 07:33:24.182599: testing HMAC_MD5: Sep 21 07:33:24.182602: RFC 2104: MD5_HMAC test 1 Sep 21 07:33:24.182745: RFC 2104: MD5_HMAC test 2 Sep 21 07:33:24.182861: RFC 2104: MD5_HMAC test 3 Sep 21 07:33:24.182973: 8 CPU cores online Sep 21 07:33:24.182976: starting up 7 crypto helpers Sep 21 07:33:24.183002: started thread for crypto helper 0 Sep 21 07:33:24.183008: | starting up helper thread 0 Sep 21 07:33:24.183028: | status value returned by setting the priority of this thread (crypto helper 0) 22 Sep 21 07:33:24.183031: | crypto helper 0 waiting (nothing to do) Sep 21 07:33:24.183046: started thread for crypto helper 1 Sep 21 07:33:24.183073: | starting up helper thread 1 Sep 21 07:33:24.183084: | status value returned by setting the priority of this thread (crypto helper 1) 22 Sep 21 07:33:24.183087: | starting up helper thread 2 Sep 21 07:33:24.183096: | status value returned by setting the priority of this thread (crypto helper 2) 22 Sep 21 07:33:24.183089: | crypto helper 1 waiting (nothing to do) Sep 21 07:33:24.183084: started thread for crypto helper 2 Sep 21 07:33:24.183146: | crypto helper 2 waiting (nothing to do) Sep 21 07:33:24.183176: started thread for crypto helper 3 Sep 21 07:33:24.183193: started thread for crypto helper 4 Sep 21 07:33:24.183214: | starting up helper thread 4 Sep 21 07:33:24.183220: | status value returned by setting the priority of this thread (crypto helper 4) 22 Sep 21 07:33:24.183221: started thread for crypto helper 5 Sep 21 07:33:24.183225: | starting up helper thread 5 Sep 21 07:33:24.183222: | crypto helper 4 waiting (nothing to do) Sep 21 07:33:24.183234: | starting up helper thread 3 Sep 21 07:33:24.183265: | starting up helper thread 6 Sep 21 07:33:24.183272: | status value returned by setting the priority of this thread (crypto helper 6) 22 Sep 21 07:33:24.183276: | crypto helper 6 waiting (nothing to do) Sep 21 07:33:24.183266: | status value returned by setting the priority of this thread (crypto helper 3) 22 Sep 21 07:33:24.183283: | crypto helper 3 waiting (nothing to do) Sep 21 07:33:24.183250: | status value returned by setting the priority of this thread (crypto helper 5) 22 Sep 21 07:33:24.183260: started thread for crypto helper 6 Sep 21 07:33:24.183293: | crypto helper 5 waiting (nothing to do) Sep 21 07:33:24.183298: | checking IKEv1 state table Sep 21 07:33:24.183306: | MAIN_R0: category: half-open IKE SA flags: 0: Sep 21 07:33:24.183308: | -> MAIN_R1 EVENT_SO_DISCARD Sep 21 07:33:24.183310: | MAIN_I1: category: half-open IKE SA flags: 0: Sep 21 07:33:24.183311: | -> MAIN_I2 EVENT_RETRANSMIT Sep 21 07:33:24.183313: | MAIN_R1: category: open IKE SA flags: 200: Sep 21 07:33:24.183314: | -> MAIN_R2 EVENT_RETRANSMIT Sep 21 07:33:24.183316: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:33:24.183317: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:33:24.183319: | MAIN_I2: category: open IKE SA flags: 0: Sep 21 07:33:24.183320: | -> MAIN_I3 EVENT_RETRANSMIT Sep 21 07:33:24.183322: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:33:24.183323: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:33:24.183325: | MAIN_R2: category: open IKE SA flags: 0: Sep 21 07:33:24.183326: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:33:24.183328: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:33:24.183329: | -> UNDEFINED EVENT_SA_REPLACE Sep 21 07:33:24.183331: | MAIN_I3: category: open IKE SA flags: 0: Sep 21 07:33:24.183332: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:33:24.183334: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:33:24.183335: | -> UNDEFINED EVENT_SA_REPLACE Sep 21 07:33:24.183337: | MAIN_R3: category: established IKE SA flags: 200: Sep 21 07:33:24.183338: | -> UNDEFINED EVENT_NULL Sep 21 07:33:24.183340: | MAIN_I4: category: established IKE SA flags: 0: Sep 21 07:33:24.183341: | -> UNDEFINED EVENT_NULL Sep 21 07:33:24.183343: | AGGR_R0: category: half-open IKE SA flags: 0: Sep 21 07:33:24.183344: | -> AGGR_R1 EVENT_SO_DISCARD Sep 21 07:33:24.183346: | AGGR_I1: category: half-open IKE SA flags: 0: Sep 21 07:33:24.183347: | -> AGGR_I2 EVENT_SA_REPLACE Sep 21 07:33:24.183349: | -> AGGR_I2 EVENT_SA_REPLACE Sep 21 07:33:24.183350: | AGGR_R1: category: open IKE SA flags: 200: Sep 21 07:33:24.183352: | -> AGGR_R2 EVENT_SA_REPLACE Sep 21 07:33:24.183353: | -> AGGR_R2 EVENT_SA_REPLACE Sep 21 07:33:24.183355: | AGGR_I2: category: established IKE SA flags: 200: Sep 21 07:33:24.183356: | -> UNDEFINED EVENT_NULL Sep 21 07:33:24.183358: | AGGR_R2: category: established IKE SA flags: 0: Sep 21 07:33:24.183360: | -> UNDEFINED EVENT_NULL Sep 21 07:33:24.183361: | QUICK_R0: category: established CHILD SA flags: 0: Sep 21 07:33:24.183367: | -> QUICK_R1 EVENT_RETRANSMIT Sep 21 07:33:24.183369: | QUICK_I1: category: established CHILD SA flags: 0: Sep 21 07:33:24.183370: | -> QUICK_I2 EVENT_SA_REPLACE Sep 21 07:33:24.183372: | QUICK_R1: category: established CHILD SA flags: 0: Sep 21 07:33:24.183373: | -> QUICK_R2 EVENT_SA_REPLACE Sep 21 07:33:24.183375: | QUICK_I2: category: established CHILD SA flags: 200: Sep 21 07:33:24.183376: | -> UNDEFINED EVENT_NULL Sep 21 07:33:24.183378: | QUICK_R2: category: established CHILD SA flags: 0: Sep 21 07:33:24.183379: | -> UNDEFINED EVENT_NULL Sep 21 07:33:24.183381: | INFO: category: informational flags: 0: Sep 21 07:33:24.183382: | -> UNDEFINED EVENT_NULL Sep 21 07:33:24.183384: | INFO_PROTECTED: category: informational flags: 0: Sep 21 07:33:24.183385: | -> UNDEFINED EVENT_NULL Sep 21 07:33:24.183387: | XAUTH_R0: category: established IKE SA flags: 0: Sep 21 07:33:24.183388: | -> XAUTH_R1 EVENT_NULL Sep 21 07:33:24.183390: | XAUTH_R1: category: established IKE SA flags: 0: Sep 21 07:33:24.183392: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:33:24.183393: | MODE_CFG_R0: category: informational flags: 0: Sep 21 07:33:24.183395: | -> MODE_CFG_R1 EVENT_SA_REPLACE Sep 21 07:33:24.183396: | MODE_CFG_R1: category: established IKE SA flags: 0: Sep 21 07:33:24.183398: | -> MODE_CFG_R2 EVENT_SA_REPLACE Sep 21 07:33:24.183399: | MODE_CFG_R2: category: established IKE SA flags: 0: Sep 21 07:33:24.183401: | -> UNDEFINED EVENT_NULL Sep 21 07:33:24.183402: | MODE_CFG_I1: category: established IKE SA flags: 0: Sep 21 07:33:24.183404: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:33:24.183406: | XAUTH_I0: category: established IKE SA flags: 0: Sep 21 07:33:24.183407: | -> XAUTH_I1 EVENT_RETRANSMIT Sep 21 07:33:24.183409: | XAUTH_I1: category: established IKE SA flags: 0: Sep 21 07:33:24.183410: | -> MAIN_I4 EVENT_RETRANSMIT Sep 21 07:33:24.183415: | checking IKEv2 state table Sep 21 07:33:24.183419: | PARENT_I0: category: ignore flags: 0: Sep 21 07:33:24.183420: | -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT) Sep 21 07:33:24.183422: | PARENT_I1: category: half-open IKE SA flags: 0: Sep 21 07:33:24.183424: | -> PARENT_I1 EVENT_RETAIN send-request (Initiator: process SA_INIT reply notification) Sep 21 07:33:24.183426: | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH) Sep 21 07:33:24.183428: | PARENT_I2: category: open IKE SA flags: 0: Sep 21 07:33:24.183429: | -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification) Sep 21 07:33:24.183431: | -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification) Sep 21 07:33:24.183433: | -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification) Sep 21 07:33:24.183434: | -> V2_IPSEC_I EVENT_SA_REPLACE (Initiator: process IKE_AUTH response) Sep 21 07:33:24.183436: | -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification) Sep 21 07:33:24.183438: | PARENT_I3: category: established IKE SA flags: 0: Sep 21 07:33:24.183440: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Request) Sep 21 07:33:24.183441: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Response) Sep 21 07:33:24.183443: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Request) Sep 21 07:33:24.183444: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Response) Sep 21 07:33:24.183446: | PARENT_R0: category: half-open IKE SA flags: 0: Sep 21 07:33:24.183448: | -> PARENT_R1 EVENT_SO_DISCARD send-request (Respond to IKE_SA_INIT) Sep 21 07:33:24.183449: | PARENT_R1: category: half-open IKE SA flags: 0: Sep 21 07:33:24.183451: | -> PARENT_R1 EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request (no SKEYSEED)) Sep 21 07:33:24.183453: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request) Sep 21 07:33:24.183454: | PARENT_R2: category: established IKE SA flags: 0: Sep 21 07:33:24.183457: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Request) Sep 21 07:33:24.183459: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Response) Sep 21 07:33:24.183461: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Request) Sep 21 07:33:24.183462: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Response) Sep 21 07:33:24.183464: | V2_CREATE_I0: category: established IKE SA flags: 0: Sep 21 07:33:24.183466: | -> V2_CREATE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA) Sep 21 07:33:24.183467: | V2_CREATE_I: category: established IKE SA flags: 0: Sep 21 07:33:24.183469: | -> V2_IPSEC_I EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response) Sep 21 07:33:24.183471: | V2_REKEY_IKE_I0: category: established IKE SA flags: 0: Sep 21 07:33:24.183472: | -> V2_REKEY_IKE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey) Sep 21 07:33:24.183474: | V2_REKEY_IKE_I: category: established IKE SA flags: 0: Sep 21 07:33:24.183476: | -> PARENT_I3 EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response) Sep 21 07:33:24.183477: | V2_REKEY_CHILD_I0: category: established IKE SA flags: 0: Sep 21 07:33:24.183479: | -> V2_REKEY_CHILD_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA) Sep 21 07:33:24.183481: | V2_REKEY_CHILD_I: category: established IKE SA flags: 0: Sep 21 07:33:24.183483: | V2_CREATE_R: category: established IKE SA flags: 0: Sep 21 07:33:24.183484: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IPsec SA Request) Sep 21 07:33:24.183486: | V2_REKEY_IKE_R: category: established IKE SA flags: 0: Sep 21 07:33:24.183488: | -> PARENT_R2 EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IKE Rekey) Sep 21 07:33:24.183490: | V2_REKEY_CHILD_R: category: established IKE SA flags: 0: Sep 21 07:33:24.183491: | V2_IPSEC_I: category: established CHILD SA flags: 0: Sep 21 07:33:24.183493: | V2_IPSEC_R: category: established CHILD SA flags: 0: Sep 21 07:33:24.183495: | IKESA_DEL: category: established IKE SA flags: 0: Sep 21 07:33:24.183496: | -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) Sep 21 07:33:24.183498: | CHILDSA_DEL: category: informational flags: 0: Sep 21 07:33:24.183544: Using Linux XFRM/NETKEY IPsec interface code on 5.2.11+ Sep 21 07:33:24.183596: | Hard-wiring algorithms Sep 21 07:33:24.183599: | adding AES_CCM_16 to kernel algorithm db Sep 21 07:33:24.183602: | adding AES_CCM_12 to kernel algorithm db Sep 21 07:33:24.183603: | adding AES_CCM_8 to kernel algorithm db Sep 21 07:33:24.183605: | adding 3DES_CBC to kernel algorithm db Sep 21 07:33:24.183606: | adding CAMELLIA_CBC to kernel algorithm db Sep 21 07:33:24.183608: | adding AES_GCM_16 to kernel algorithm db Sep 21 07:33:24.183609: | adding AES_GCM_12 to kernel algorithm db Sep 21 07:33:24.183611: | adding AES_GCM_8 to kernel algorithm db Sep 21 07:33:24.183612: | adding AES_CTR to kernel algorithm db Sep 21 07:33:24.183614: | adding AES_CBC to kernel algorithm db Sep 21 07:33:24.183615: | adding SERPENT_CBC to kernel algorithm db Sep 21 07:33:24.183617: | adding TWOFISH_CBC to kernel algorithm db Sep 21 07:33:24.183618: | adding NULL_AUTH_AES_GMAC to kernel algorithm db Sep 21 07:33:24.183620: | adding NULL to kernel algorithm db Sep 21 07:33:24.183621: | adding CHACHA20_POLY1305 to kernel algorithm db Sep 21 07:33:24.183623: | adding HMAC_MD5_96 to kernel algorithm db Sep 21 07:33:24.183625: | adding HMAC_SHA1_96 to kernel algorithm db Sep 21 07:33:24.183626: | adding HMAC_SHA2_512_256 to kernel algorithm db Sep 21 07:33:24.183628: | adding HMAC_SHA2_384_192 to kernel algorithm db Sep 21 07:33:24.183629: | adding HMAC_SHA2_256_128 to kernel algorithm db Sep 21 07:33:24.183631: | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db Sep 21 07:33:24.183632: | adding AES_XCBC_96 to kernel algorithm db Sep 21 07:33:24.183634: | adding AES_CMAC_96 to kernel algorithm db Sep 21 07:33:24.183635: | adding NONE to kernel algorithm db Sep 21 07:33:24.183653: | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes Sep 21 07:33:24.183657: | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds Sep 21 07:33:24.183658: | setup kernel fd callback Sep 21 07:33:24.183660: | add_fd_read_event_handler: new KERNEL_XRM_FD-pe@0x55bbb7a52970 Sep 21 07:33:24.183663: | libevent_malloc: new ptr-libevent@0x55bbb7a59940 size 128 Sep 21 07:33:24.183665: | libevent_malloc: new ptr-libevent@0x55bbb7a528d0 size 16 Sep 21 07:33:24.183669: | add_fd_read_event_handler: new KERNEL_ROUTE_FD-pe@0x55bbb7a4ce20 Sep 21 07:33:24.183671: | libevent_malloc: new ptr-libevent@0x55bbb7a599d0 size 128 Sep 21 07:33:24.183673: | libevent_malloc: new ptr-libevent@0x55bbb7a528b0 size 16 Sep 21 07:33:24.183819: | global one-shot timer EVENT_CHECK_CRLS initialized Sep 21 07:33:24.183828: selinux support is enabled. Sep 21 07:33:24.183887: systemd watchdog not enabled - not sending watchdog keepalives Sep 21 07:33:24.184020: | unbound context created - setting debug level to 5 Sep 21 07:33:24.184042: | /etc/hosts lookups activated Sep 21 07:33:24.184053: | /etc/resolv.conf usage activated Sep 21 07:33:24.184085: | outgoing-port-avoid set 0-65535 Sep 21 07:33:24.184102: | outgoing-port-permit set 32768-60999 Sep 21 07:33:24.184104: | Loading dnssec root key from:/var/lib/unbound/root.key Sep 21 07:33:24.184106: | No additional dnssec trust anchors defined via dnssec-trusted= option Sep 21 07:33:24.184108: | Setting up events, loop start Sep 21 07:33:24.184110: | add_fd_read_event_handler: new PLUTO_CTL_FD-pe@0x55bbb7a4cbe0 Sep 21 07:33:24.184112: | libevent_malloc: new ptr-libevent@0x55bbb7a63f50 size 128 Sep 21 07:33:24.184115: | libevent_malloc: new ptr-libevent@0x55bbb7a63fe0 size 16 Sep 21 07:33:24.184119: | libevent_realloc: new ptr-libevent@0x55bbb7a64000 size 256 Sep 21 07:33:24.184121: | libevent_malloc: new ptr-libevent@0x55bbb7a64110 size 8 Sep 21 07:33:24.184123: | libevent_realloc: new ptr-libevent@0x55bbb7a58d40 size 144 Sep 21 07:33:24.184124: | libevent_malloc: new ptr-libevent@0x55bbb7a64130 size 152 Sep 21 07:33:24.184127: | libevent_malloc: new ptr-libevent@0x55bbb7a641d0 size 16 Sep 21 07:33:24.184129: | signal event handler PLUTO_SIGCHLD installed Sep 21 07:33:24.184131: | libevent_malloc: new ptr-libevent@0x55bbb7a641f0 size 8 Sep 21 07:33:24.184133: | libevent_malloc: new ptr-libevent@0x55bbb7a64210 size 152 Sep 21 07:33:24.184135: | signal event handler PLUTO_SIGTERM installed Sep 21 07:33:24.184136: | libevent_malloc: new ptr-libevent@0x55bbb7a642b0 size 8 Sep 21 07:33:24.184138: | libevent_malloc: new ptr-libevent@0x55bbb7a642d0 size 152 Sep 21 07:33:24.184140: | signal event handler PLUTO_SIGHUP installed Sep 21 07:33:24.184142: | libevent_malloc: new ptr-libevent@0x55bbb7a64370 size 8 Sep 21 07:33:24.184143: | libevent_realloc: release ptr-libevent@0x55bbb7a58d40 Sep 21 07:33:24.184145: | libevent_realloc: new ptr-libevent@0x55bbb7a64390 size 256 Sep 21 07:33:24.184147: | libevent_malloc: new ptr-libevent@0x55bbb7a58d40 size 152 Sep 21 07:33:24.184149: | signal event handler PLUTO_SIGSYS installed Sep 21 07:33:24.184411: | created addconn helper (pid:18331) using fork+execve Sep 21 07:33:24.184423: | forked child 18331 Sep 21 07:33:24.184453: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:33:24.184472: | pluto_sd: executing action action: reloading(4), status 0 Sep 21 07:33:24.184477: listening for IKE messages Sep 21 07:33:24.184534: | Inspecting interface lo Sep 21 07:33:24.184539: | found lo with address 127.0.0.1 Sep 21 07:33:24.184541: | Inspecting interface eth0 Sep 21 07:33:24.184543: | found eth0 with address 192.0.2.254 Sep 21 07:33:24.184547: | Inspecting interface eth1 Sep 21 07:33:24.184549: | found eth1 with address 192.1.2.23 Sep 21 07:33:24.184587: Kernel supports NIC esp-hw-offload Sep 21 07:33:24.184595: adding interface eth1/eth1 (esp-hw-offload not supported by kernel) 192.1.2.23:500 Sep 21 07:33:24.184613: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:33:24.184619: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:33:24.184621: adding interface eth1/eth1 192.1.2.23:4500 Sep 21 07:33:24.184642: adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.0.2.254:500 Sep 21 07:33:24.184658: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:33:24.184661: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:33:24.184663: adding interface eth0/eth0 192.0.2.254:4500 Sep 21 07:33:24.184682: adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500 Sep 21 07:33:24.184700: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:33:24.184703: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:33:24.184705: adding interface lo/lo 127.0.0.1:4500 Sep 21 07:33:24.184748: | no interfaces to sort Sep 21 07:33:24.184751: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Sep 21 07:33:24.184756: | add_fd_read_event_handler: new ethX-pe@0x55bbb7a4dce0 Sep 21 07:33:24.184758: | libevent_malloc: new ptr-libevent@0x55bbb7a64770 size 128 Sep 21 07:33:24.184760: | libevent_malloc: new ptr-libevent@0x55bbb7a64800 size 16 Sep 21 07:33:24.184764: | setup callback for interface lo 127.0.0.1:4500 fd 22 Sep 21 07:33:24.184766: | add_fd_read_event_handler: new ethX-pe@0x55bbb7a64820 Sep 21 07:33:24.184768: | libevent_malloc: new ptr-libevent@0x55bbb7a64860 size 128 Sep 21 07:33:24.184769: | libevent_malloc: new ptr-libevent@0x55bbb7a648f0 size 16 Sep 21 07:33:24.184772: | setup callback for interface lo 127.0.0.1:500 fd 21 Sep 21 07:33:24.184774: | add_fd_read_event_handler: new ethX-pe@0x55bbb7a64910 Sep 21 07:33:24.184775: | libevent_malloc: new ptr-libevent@0x55bbb7a64950 size 128 Sep 21 07:33:24.184777: | libevent_malloc: new ptr-libevent@0x55bbb7a649e0 size 16 Sep 21 07:33:24.184780: | setup callback for interface eth0 192.0.2.254:4500 fd 20 Sep 21 07:33:24.184782: | add_fd_read_event_handler: new ethX-pe@0x55bbb7a64a00 Sep 21 07:33:24.184790: | libevent_malloc: new ptr-libevent@0x55bbb7a64a40 size 128 Sep 21 07:33:24.184793: | libevent_malloc: new ptr-libevent@0x55bbb7a64ad0 size 16 Sep 21 07:33:24.184796: | setup callback for interface eth0 192.0.2.254:500 fd 19 Sep 21 07:33:24.184798: | add_fd_read_event_handler: new ethX-pe@0x55bbb7a64af0 Sep 21 07:33:24.184799: | libevent_malloc: new ptr-libevent@0x55bbb7a64b30 size 128 Sep 21 07:33:24.184801: | libevent_malloc: new ptr-libevent@0x55bbb7a64bc0 size 16 Sep 21 07:33:24.184804: | setup callback for interface eth1 192.1.2.23:4500 fd 18 Sep 21 07:33:24.184805: | add_fd_read_event_handler: new ethX-pe@0x55bbb7a64be0 Sep 21 07:33:24.184807: | libevent_malloc: new ptr-libevent@0x55bbb7a64c20 size 128 Sep 21 07:33:24.184809: | libevent_malloc: new ptr-libevent@0x55bbb7a64cb0 size 16 Sep 21 07:33:24.184811: | setup callback for interface eth1 192.1.2.23:500 fd 17 Sep 21 07:33:24.184816: | certs and keys locked by 'free_preshared_secrets' Sep 21 07:33:24.184817: | certs and keys unlocked by 'free_preshared_secrets' Sep 21 07:33:24.184832: loading secrets from "/etc/ipsec.secrets" Sep 21 07:33:24.184845: | saving Modulus Sep 21 07:33:24.184849: | saving PublicExponent Sep 21 07:33:24.184852: | ignoring PrivateExponent Sep 21 07:33:24.184854: | ignoring Prime1 Sep 21 07:33:24.184856: | ignoring Prime2 Sep 21 07:33:24.184858: | ignoring Exponent1 Sep 21 07:33:24.184860: | ignoring Exponent2 Sep 21 07:33:24.184862: | ignoring Coefficient Sep 21 07:33:24.184864: | ignoring CKAIDNSS Sep 21 07:33:24.184895: | computed rsa CKAID 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Sep 21 07:33:24.184898: | computed rsa CKAID 8a 82 25 f1 Sep 21 07:33:24.184900: loaded private key for keyid: PKK_RSA:AQO9bJbr3 Sep 21 07:33:24.184905: | certs and keys locked by 'process_secret' Sep 21 07:33:24.184908: | certs and keys unlocked by 'process_secret' Sep 21 07:33:24.184912: | pluto_sd: executing action action: ready(5), status 0 Sep 21 07:33:24.184918: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:33:24.184926: | spent 0.474 milliseconds in whack Sep 21 07:33:24.215373: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:33:24.215424: | pluto_sd: executing action action: reloading(4), status 0 Sep 21 07:33:24.215430: listening for IKE messages Sep 21 07:33:24.215489: | Inspecting interface lo Sep 21 07:33:24.215496: | found lo with address 127.0.0.1 Sep 21 07:33:24.215499: | Inspecting interface eth0 Sep 21 07:33:24.215503: | found eth0 with address 192.0.2.254 Sep 21 07:33:24.215505: | Inspecting interface eth1 Sep 21 07:33:24.215509: | found eth1 with address 192.1.2.23 Sep 21 07:33:24.215560: | no interfaces to sort Sep 21 07:33:24.215568: | libevent_free: release ptr-libevent@0x55bbb7a64770 Sep 21 07:33:24.215572: | free_event_entry: release EVENT_NULL-pe@0x55bbb7a4dce0 Sep 21 07:33:24.215574: | add_fd_read_event_handler: new ethX-pe@0x55bbb7a4dce0 Sep 21 07:33:24.215577: | libevent_malloc: new ptr-libevent@0x55bbb7a64770 size 128 Sep 21 07:33:24.215585: | setup callback for interface lo 127.0.0.1:4500 fd 22 Sep 21 07:33:24.215588: | libevent_free: release ptr-libevent@0x55bbb7a64860 Sep 21 07:33:24.215591: | free_event_entry: release EVENT_NULL-pe@0x55bbb7a64820 Sep 21 07:33:24.215593: | add_fd_read_event_handler: new ethX-pe@0x55bbb7a64820 Sep 21 07:33:24.215596: | libevent_malloc: new ptr-libevent@0x55bbb7a64860 size 128 Sep 21 07:33:24.215601: | setup callback for interface lo 127.0.0.1:500 fd 21 Sep 21 07:33:24.215604: | libevent_free: release ptr-libevent@0x55bbb7a64950 Sep 21 07:33:24.215607: | free_event_entry: release EVENT_NULL-pe@0x55bbb7a64910 Sep 21 07:33:24.215609: | add_fd_read_event_handler: new ethX-pe@0x55bbb7a64910 Sep 21 07:33:24.215612: | libevent_malloc: new ptr-libevent@0x55bbb7a64950 size 128 Sep 21 07:33:24.215616: | setup callback for interface eth0 192.0.2.254:4500 fd 20 Sep 21 07:33:24.215620: | libevent_free: release ptr-libevent@0x55bbb7a64a40 Sep 21 07:33:24.215622: | free_event_entry: release EVENT_NULL-pe@0x55bbb7a64a00 Sep 21 07:33:24.215626: | add_fd_read_event_handler: new ethX-pe@0x55bbb7a64a00 Sep 21 07:33:24.215629: | libevent_malloc: new ptr-libevent@0x55bbb7a64a40 size 128 Sep 21 07:33:24.215633: | setup callback for interface eth0 192.0.2.254:500 fd 19 Sep 21 07:33:24.215637: | libevent_free: release ptr-libevent@0x55bbb7a64b30 Sep 21 07:33:24.215639: | free_event_entry: release EVENT_NULL-pe@0x55bbb7a64af0 Sep 21 07:33:24.215642: | add_fd_read_event_handler: new ethX-pe@0x55bbb7a64af0 Sep 21 07:33:24.215644: | libevent_malloc: new ptr-libevent@0x55bbb7a64b30 size 128 Sep 21 07:33:24.215649: | setup callback for interface eth1 192.1.2.23:4500 fd 18 Sep 21 07:33:24.215652: | libevent_free: release ptr-libevent@0x55bbb7a64c20 Sep 21 07:33:24.215655: | free_event_entry: release EVENT_NULL-pe@0x55bbb7a64be0 Sep 21 07:33:24.215657: | add_fd_read_event_handler: new ethX-pe@0x55bbb7a64be0 Sep 21 07:33:24.215660: | libevent_malloc: new ptr-libevent@0x55bbb7a64c20 size 128 Sep 21 07:33:24.215664: | setup callback for interface eth1 192.1.2.23:500 fd 17 Sep 21 07:33:24.215667: | certs and keys locked by 'free_preshared_secrets' Sep 21 07:33:24.215669: forgetting secrets Sep 21 07:33:24.215680: | certs and keys unlocked by 'free_preshared_secrets' Sep 21 07:33:24.215693: loading secrets from "/etc/ipsec.secrets" Sep 21 07:33:24.215710: | saving Modulus Sep 21 07:33:24.215713: | saving PublicExponent Sep 21 07:33:24.215716: | ignoring PrivateExponent Sep 21 07:33:24.215720: | ignoring Prime1 Sep 21 07:33:24.215723: | ignoring Prime2 Sep 21 07:33:24.215726: | ignoring Exponent1 Sep 21 07:33:24.215729: | ignoring Exponent2 Sep 21 07:33:24.215737: | ignoring Coefficient Sep 21 07:33:24.215742: | ignoring CKAIDNSS Sep 21 07:33:24.215766: | computed rsa CKAID 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Sep 21 07:33:24.215769: | computed rsa CKAID 8a 82 25 f1 Sep 21 07:33:24.215772: loaded private key for keyid: PKK_RSA:AQO9bJbr3 Sep 21 07:33:24.215779: | certs and keys locked by 'process_secret' Sep 21 07:33:24.215790: | certs and keys unlocked by 'process_secret' Sep 21 07:33:24.215798: | pluto_sd: executing action action: ready(5), status 0 Sep 21 07:33:24.215806: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:33:24.215813: | spent 0.441 milliseconds in whack Sep 21 07:33:24.216291: | processing signal PLUTO_SIGCHLD Sep 21 07:33:24.216303: | waitpid returned pid 18331 (exited with status 0) Sep 21 07:33:24.216307: | reaped addconn helper child (status 0) Sep 21 07:33:24.216312: | waitpid returned ECHILD (no child processes left) Sep 21 07:33:24.216317: | spent 0.0179 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:33:24.294796: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:33:24.294820: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:33:24.294825: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:33:24.294828: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:33:24.294831: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:33:24.294835: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:33:24.294842: | Added new connection northnet-eastnet-a with policy ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:33:24.294845: | No AUTH policy was set - defaulting to RSASIG Sep 21 07:33:24.295773: | setting ID to ID_DER_ASN1_DN: 'E=user-north@testing.libreswan.org,CN=north.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' Sep 21 07:33:24.295797: | loading left certificate 'north' pubkey Sep 21 07:33:24.295920: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55bbb7a69400 Sep 21 07:33:24.295926: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55bbb7a69310 Sep 21 07:33:24.295929: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55bbb7a659c0 Sep 21 07:33:24.296066: | unreference key: 0x55bbb7a65a70 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org cnt 1-- Sep 21 07:33:24.296178: | warning: no secret key loaded for left certificate with nickname north: NSS: cert private key not found Sep 21 07:33:24.296189: | counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org is 0 Sep 21 07:33:24.296514: | setting ID to ID_DER_ASN1_DN: 'E=user-east@testing.libreswan.org,CN=east.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' Sep 21 07:33:24.296520: | loading right certificate 'east' pubkey Sep 21 07:33:24.296599: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55bbb7a464f0 Sep 21 07:33:24.296604: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55bbb7a69310 Sep 21 07:33:24.296606: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55bbb7a659c0 Sep 21 07:33:24.296609: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55bbb7a69e30 Sep 21 07:33:24.296611: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55bbb7a65c60 Sep 21 07:33:24.296853: | unreference key: 0x55bbb7a6ad00 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org cnt 1-- Sep 21 07:33:24.297047: | certs and keys locked by 'lsw_add_rsa_secret' Sep 21 07:33:24.297053: | certs and keys unlocked by 'lsw_add_rsa_secret' Sep 21 07:33:24.297063: | counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org is 0 Sep 21 07:33:24.297074: | connect_to_host_pair: 192.1.2.23:500 192.1.3.33:500 -> hp@(nil): none Sep 21 07:33:24.297077: | new hp@0x55bbb7a6a9b0 Sep 21 07:33:24.297081: added connection description "northnet-eastnet-a" Sep 21 07:33:24.297095: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:33:24.297117: | 192.0.22.0/24===192.1.2.23<192.1.2.23>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org]---192.1.2.254...192.1.3.33<192.1.3.33>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org]===192.0.3.0/24 Sep 21 07:33:24.297133: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:33:24.297140: | spent 2.34 milliseconds in whack Sep 21 07:33:24.391003: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:33:24.391020: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:33:24.391024: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:33:24.391027: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:33:24.391029: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:33:24.391034: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:33:24.391040: | Added new connection northnet-eastnet-b with policy ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:33:24.391043: | No AUTH policy was set - defaulting to RSASIG Sep 21 07:33:24.391200: | setting ID to ID_DER_ASN1_DN: 'E=user-north@testing.libreswan.org,CN=north.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' Sep 21 07:33:24.391207: | loading left certificate 'north' pubkey Sep 21 07:33:24.391268: | unreference key: 0x55bbb7a6a740 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org cnt 1-- Sep 21 07:33:24.391284: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55bbb7a70150 Sep 21 07:33:24.391287: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55bbb7a6fd30 Sep 21 07:33:24.391289: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55bbb7a464f0 Sep 21 07:33:24.391346: | unreference key: 0x55bbb7a6a230 @north.testing.libreswan.org cnt 1-- Sep 21 07:33:24.391389: | unreference key: 0x55bbb7a69f50 user-north@testing.libreswan.org cnt 1-- Sep 21 07:33:24.391436: | unreference key: 0x55bbb7a6f5d0 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org cnt 1-- Sep 21 07:33:24.391542: | warning: no secret key loaded for left certificate with nickname north: NSS: cert private key not found Sep 21 07:33:24.391553: | counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org is 0 Sep 21 07:33:24.391627: | setting ID to ID_DER_ASN1_DN: 'E=user-east@testing.libreswan.org,CN=east.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' Sep 21 07:33:24.391632: | loading right certificate 'east' pubkey Sep 21 07:33:24.391680: | unreference key: 0x55bbb7a706b0 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org cnt 1-- Sep 21 07:33:24.391691: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55bbb7a464f0 Sep 21 07:33:24.391693: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55bbb7a69340 Sep 21 07:33:24.391696: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55bbb7a70350 Sep 21 07:33:24.391698: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55bbb7a69310 Sep 21 07:33:24.391701: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55bbb7a659c0 Sep 21 07:33:24.391743: | unreference key: 0x55bbb7a6b280 192.1.2.23 cnt 1-- Sep 21 07:33:24.391817: | unreference key: 0x55bbb7a6fb90 east@testing.libreswan.org cnt 1-- Sep 21 07:33:24.391892: | unreference key: 0x55bbb7a6ff50 @east.testing.libreswan.org cnt 1-- Sep 21 07:33:24.391947: | unreference key: 0x55bbb7a70530 user-east@testing.libreswan.org cnt 1-- Sep 21 07:33:24.391993: | unreference key: 0x55bbb7a6f820 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org cnt 1-- Sep 21 07:33:24.392035: | secrets entry for east already exists Sep 21 07:33:24.392051: | counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org is 0 Sep 21 07:33:24.392060: | find_host_pair: comparing 192.1.2.23:500 to 192.1.3.33:500 but ignoring ports Sep 21 07:33:24.392065: | connect_to_host_pair: 192.1.2.23:500 192.1.3.33:500 -> hp@0x55bbb7a6a9b0: northnet-eastnet-a Sep 21 07:33:24.392067: added connection description "northnet-eastnet-b" Sep 21 07:33:24.392077: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:33:24.392097: | 192.0.2.0/24===192.1.2.23<192.1.2.23>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org]---192.1.2.254...192.1.3.33<192.1.3.33>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org]===192.0.3.0/24 Sep 21 07:33:24.392103: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:33:24.392108: | spent 1.09 milliseconds in whack Sep 21 07:33:26.976544: | spent 0.00327 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:33:26.976573: | *received 792 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) Sep 21 07:33:26.976577: | 01 a7 a6 fa 98 79 9e af 00 00 00 00 00 00 00 00 Sep 21 07:33:26.976578: | 01 10 02 00 00 00 00 00 00 00 03 18 0d 00 02 84 Sep 21 07:33:26.976580: | 00 00 00 01 00 00 00 01 00 00 02 78 00 01 00 12 Sep 21 07:33:26.976581: | 03 00 00 24 00 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:33:26.976583: | 80 01 00 07 80 02 00 04 80 03 00 03 80 04 00 0e Sep 21 07:33:26.976584: | 80 0e 01 00 03 00 00 24 01 01 00 00 80 0b 00 01 Sep 21 07:33:26.976586: | 80 0c 0e 10 80 01 00 07 80 02 00 04 80 03 00 03 Sep 21 07:33:26.976587: | 80 04 00 0e 80 0e 00 80 03 00 00 24 02 01 00 00 Sep 21 07:33:26.976589: | 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 06 Sep 21 07:33:26.976590: | 80 03 00 03 80 04 00 0e 80 0e 01 00 03 00 00 24 Sep 21 07:33:26.976592: | 03 01 00 00 80 0b 00 01 80 0c 0e 10 80 01 00 07 Sep 21 07:33:26.976593: | 80 02 00 06 80 03 00 03 80 04 00 0e 80 0e 00 80 Sep 21 07:33:26.976595: | 03 00 00 24 04 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:33:26.976596: | 80 01 00 07 80 02 00 02 80 03 00 03 80 04 00 0e Sep 21 07:33:26.976597: | 80 0e 01 00 03 00 00 24 05 01 00 00 80 0b 00 01 Sep 21 07:33:26.976599: | 80 0c 0e 10 80 01 00 07 80 02 00 02 80 03 00 03 Sep 21 07:33:26.976602: | 80 04 00 0e 80 0e 00 80 03 00 00 24 06 01 00 00 Sep 21 07:33:26.976604: | 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 04 Sep 21 07:33:26.976606: | 80 03 00 03 80 04 00 05 80 0e 01 00 03 00 00 24 Sep 21 07:33:26.976608: | 07 01 00 00 80 0b 00 01 80 0c 0e 10 80 01 00 07 Sep 21 07:33:26.976609: | 80 02 00 04 80 03 00 03 80 04 00 05 80 0e 00 80 Sep 21 07:33:26.976611: | 03 00 00 24 08 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:33:26.976612: | 80 01 00 07 80 02 00 06 80 03 00 03 80 04 00 05 Sep 21 07:33:26.976614: | 80 0e 01 00 03 00 00 24 09 01 00 00 80 0b 00 01 Sep 21 07:33:26.976615: | 80 0c 0e 10 80 01 00 07 80 02 00 06 80 03 00 03 Sep 21 07:33:26.976617: | 80 04 00 05 80 0e 00 80 03 00 00 24 0a 01 00 00 Sep 21 07:33:26.976618: | 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 02 Sep 21 07:33:26.976620: | 80 03 00 03 80 04 00 05 80 0e 01 00 03 00 00 24 Sep 21 07:33:26.976621: | 0b 01 00 00 80 0b 00 01 80 0c 0e 10 80 01 00 07 Sep 21 07:33:26.976622: | 80 02 00 02 80 03 00 03 80 04 00 05 80 0e 00 80 Sep 21 07:33:26.976624: | 03 00 00 20 0c 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:33:26.976625: | 80 01 00 05 80 02 00 04 80 03 00 03 80 04 00 0e Sep 21 07:33:26.976627: | 03 00 00 20 0d 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:33:26.976628: | 80 01 00 05 80 02 00 06 80 03 00 03 80 04 00 0e Sep 21 07:33:26.976632: | 03 00 00 20 0e 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:33:26.976634: | 80 01 00 05 80 02 00 02 80 03 00 03 80 04 00 0e Sep 21 07:33:26.976635: | 03 00 00 20 0f 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:33:26.976637: | 80 01 00 05 80 02 00 04 80 03 00 03 80 04 00 05 Sep 21 07:33:26.976638: | 03 00 00 20 10 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:33:26.976640: | 80 01 00 05 80 02 00 06 80 03 00 03 80 04 00 05 Sep 21 07:33:26.976641: | 00 00 00 20 11 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:33:26.976643: | 80 01 00 05 80 02 00 02 80 03 00 03 80 04 00 05 Sep 21 07:33:26.976644: | 0d 00 00 14 40 48 b7 d5 6e bc e8 85 25 e7 de 7f Sep 21 07:33:26.976645: | 00 d6 c2 d3 0d 00 00 14 af ca d7 13 68 a1 f1 c9 Sep 21 07:33:26.976647: | 6b 86 96 fc 77 57 01 00 0d 00 00 14 4a 13 1c 81 Sep 21 07:33:26.976648: | 07 03 58 45 5c 57 28 f2 0e 95 45 2f 0d 00 00 14 Sep 21 07:33:26.976650: | 7d 94 19 a6 53 10 ca 6f 2c 17 9d 92 15 52 9d 56 Sep 21 07:33:26.976651: | 0d 00 00 14 90 cb 80 91 3e bb 69 6e 08 63 81 b5 Sep 21 07:33:26.976653: | ec 42 7b 1f 00 00 00 14 cd 60 46 43 35 df 21 f8 Sep 21 07:33:26.976654: | 7c fd b2 fc 68 b6 a4 48 Sep 21 07:33:26.976659: | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) Sep 21 07:33:26.976661: | **parse ISAKMP Message: Sep 21 07:33:26.976663: | initiator cookie: Sep 21 07:33:26.976665: | 01 a7 a6 fa 98 79 9e af Sep 21 07:33:26.976666: | responder cookie: Sep 21 07:33:26.976668: | 00 00 00 00 00 00 00 00 Sep 21 07:33:26.976669: | next payload type: ISAKMP_NEXT_SA (0x1) Sep 21 07:33:26.976671: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:33:26.976673: | exchange type: ISAKMP_XCHG_IDPROT (0x2) Sep 21 07:33:26.976675: | flags: none (0x0) Sep 21 07:33:26.976676: | Message ID: 0 (0x0) Sep 21 07:33:26.976678: | length: 792 (0x318) Sep 21 07:33:26.976680: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) Sep 21 07:33:26.976682: | State DB: IKEv1 state not found (find_state_ikev1_init) Sep 21 07:33:26.976684: | #null state always idle Sep 21 07:33:26.976687: | got payload 0x2 (ISAKMP_NEXT_SA) needed: 0x2 opt: 0x2080 Sep 21 07:33:26.976689: | ***parse ISAKMP Security Association Payload: Sep 21 07:33:26.976691: | next payload type: ISAKMP_NEXT_VID (0xd) Sep 21 07:33:26.976692: | length: 644 (0x284) Sep 21 07:33:26.976694: | DOI: ISAKMP_DOI_IPSEC (0x1) Sep 21 07:33:26.976696: | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 Sep 21 07:33:26.976698: | ***parse ISAKMP Vendor ID Payload: Sep 21 07:33:26.976699: | next payload type: ISAKMP_NEXT_VID (0xd) Sep 21 07:33:26.976701: | length: 20 (0x14) Sep 21 07:33:26.976702: | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 Sep 21 07:33:26.976704: | ***parse ISAKMP Vendor ID Payload: Sep 21 07:33:26.976705: | next payload type: ISAKMP_NEXT_VID (0xd) Sep 21 07:33:26.976707: | length: 20 (0x14) Sep 21 07:33:26.976708: | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 Sep 21 07:33:26.976710: | ***parse ISAKMP Vendor ID Payload: Sep 21 07:33:26.976711: | next payload type: ISAKMP_NEXT_VID (0xd) Sep 21 07:33:26.976713: | length: 20 (0x14) Sep 21 07:33:26.976714: | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 Sep 21 07:33:26.976716: | ***parse ISAKMP Vendor ID Payload: Sep 21 07:33:26.976717: | next payload type: ISAKMP_NEXT_VID (0xd) Sep 21 07:33:26.976719: | length: 20 (0x14) Sep 21 07:33:26.976720: | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 Sep 21 07:33:26.976722: | ***parse ISAKMP Vendor ID Payload: Sep 21 07:33:26.976723: | next payload type: ISAKMP_NEXT_VID (0xd) Sep 21 07:33:26.976725: | length: 20 (0x14) Sep 21 07:33:26.976726: | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 Sep 21 07:33:26.976728: | ***parse ISAKMP Vendor ID Payload: Sep 21 07:33:26.976729: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:26.976731: | length: 20 (0x14) Sep 21 07:33:26.976734: | message 'main_inI1_outR1' HASH payload not checked early Sep 21 07:33:26.976738: | received Vendor ID payload [FRAGMENTATION] Sep 21 07:33:26.976740: | received Vendor ID payload [Dead Peer Detection] Sep 21 07:33:26.976742: | quirks.qnat_traversal_vid set to=117 [RFC 3947] Sep 21 07:33:26.976743: | received Vendor ID payload [RFC 3947] Sep 21 07:33:26.976745: | Ignoring older NAT-T Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] Sep 21 07:33:26.976747: | ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] Sep 21 07:33:26.976749: | Ignoring older NAT-T Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] Sep 21 07:33:26.976750: | ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] Sep 21 07:33:26.976752: | Ignoring older NAT-T Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] Sep 21 07:33:26.976754: | ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] Sep 21 07:33:26.976755: | in statetime_start() with no state Sep 21 07:33:26.976759: | find_host_connection local=192.1.2.23:500 remote=192.1.3.33:500 policy=IKEV1_ALLOW but ignoring ports Sep 21 07:33:26.976762: | find_host_pair: comparing 192.1.2.23:500 to 192.1.3.33:500 but ignoring ports Sep 21 07:33:26.976766: | find_next_host_connection policy=IKEV1_ALLOW Sep 21 07:33:26.976773: | found policy = RSASIG+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (northnet-eastnet-b) Sep 21 07:33:26.976776: | find_next_host_connection returns northnet-eastnet-b Sep 21 07:33:26.976779: | find_next_host_connection policy=IKEV1_ALLOW Sep 21 07:33:26.976786: | found policy = RSASIG+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (northnet-eastnet-a) Sep 21 07:33:26.976789: | find_next_host_connection returns northnet-eastnet-a Sep 21 07:33:26.976792: | find_next_host_connection policy=IKEV1_ALLOW Sep 21 07:33:26.976795: | find_next_host_connection returns empty Sep 21 07:33:26.976821: | creating state object #1 at 0x55bbb7a72750 Sep 21 07:33:26.976825: | State DB: adding IKEv1 state #1 in UNDEFINED Sep 21 07:33:26.976836: | pstats #1 ikev1.isakmp started Sep 21 07:33:26.976842: | #1 updating local interface from to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2668) Sep 21 07:33:26.976848: | start processing: state #1 connection "northnet-eastnet-b" from 192.1.3.33:500 (in main_inI1_outR1() at ikev1_main.c:667) Sep 21 07:33:26.976864: | parent state #1: UNDEFINED(ignore) => MAIN_R0(half-open IKE SA) Sep 21 07:33:26.976867: | sender checking NAT-T: enabled; VID 117 Sep 21 07:33:26.976870: | returning NAT-T method NAT_TRAVERSAL_METHOD_IETF_RFC Sep 21 07:33:26.976872: | enabling possible NAT-traversal with method RFC 3947 (NAT-Traversal) Sep 21 07:33:26.976874: | ICOOKIE-DUMP: 01 a7 a6 fa 98 79 9e af Sep 21 07:33:26.976877: "northnet-eastnet-b" #1: responding to Main Mode Sep 21 07:33:26.976903: | **emit ISAKMP Message: Sep 21 07:33:26.976906: | initiator cookie: Sep 21 07:33:26.976909: | 01 a7 a6 fa 98 79 9e af Sep 21 07:33:26.976911: | responder cookie: Sep 21 07:33:26.976913: | 66 81 7f f0 7d 2f b4 22 Sep 21 07:33:26.976915: | next payload type: ISAKMP_NEXT_SA (0x1) Sep 21 07:33:26.976917: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:33:26.976919: | exchange type: ISAKMP_XCHG_IDPROT (0x2) Sep 21 07:33:26.976921: | flags: none (0x0) Sep 21 07:33:26.976923: | Message ID: 0 (0x0) Sep 21 07:33:26.976925: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:33:26.976928: | next payload chain: ignoring supplied 'ISAKMP Message'.'next payload type' value 1:ISAKMP_NEXT_SA Sep 21 07:33:26.976930: | ***emit ISAKMP Security Association Payload: Sep 21 07:33:26.976932: | next payload type: ISAKMP_NEXT_VID (0xd) Sep 21 07:33:26.976934: | DOI: ISAKMP_DOI_IPSEC (0x1) Sep 21 07:33:26.976936: | next payload chain: ignoring supplied 'ISAKMP Security Association Payload'.'next payload type' value 13:ISAKMP_NEXT_VID Sep 21 07:33:26.976939: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Security Association Payload (1:ISAKMP_NEXT_SA) Sep 21 07:33:26.976944: | next payload chain: saving location 'ISAKMP Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:33:26.976946: | ****parse IPsec DOI SIT: Sep 21 07:33:26.976948: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) Sep 21 07:33:26.976951: | ****parse ISAKMP Proposal Payload: Sep 21 07:33:26.976954: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:26.976956: | length: 632 (0x278) Sep 21 07:33:26.976958: | proposal number: 0 (0x0) Sep 21 07:33:26.976960: | protocol ID: PROTO_ISAKMP (0x1) Sep 21 07:33:26.976962: | SPI size: 0 (0x0) Sep 21 07:33:26.976964: | number of transforms: 18 (0x12) Sep 21 07:33:26.976967: | *****parse ISAKMP Transform Payload (ISAKMP): Sep 21 07:33:26.976969: | next payload type: ISAKMP_NEXT_T (0x3) Sep 21 07:33:26.976971: | length: 36 (0x24) Sep 21 07:33:26.976973: | ISAKMP transform number: 0 (0x0) Sep 21 07:33:26.976975: | ISAKMP transform ID: KEY_IKE (0x1) Sep 21 07:33:26.976978: | ******parse ISAKMP Oakley attribute: Sep 21 07:33:26.976980: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Sep 21 07:33:26.976983: | length/value: 1 (0x1) Sep 21 07:33:26.976985: | [1 is OAKLEY_LIFE_SECONDS] Sep 21 07:33:26.976988: | ******parse ISAKMP Oakley attribute: Sep 21 07:33:26.976990: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Sep 21 07:33:26.976993: | length/value: 3600 (0xe10) Sep 21 07:33:26.976995: | ******parse ISAKMP Oakley attribute: Sep 21 07:33:26.976997: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Sep 21 07:33:26.976999: | length/value: 7 (0x7) Sep 21 07:33:26.977002: | [7 is OAKLEY_AES_CBC] Sep 21 07:33:26.977004: | ******parse ISAKMP Oakley attribute: Sep 21 07:33:26.977007: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Sep 21 07:33:26.977009: | length/value: 4 (0x4) Sep 21 07:33:26.977011: | [4 is OAKLEY_SHA2_256] Sep 21 07:33:26.977013: | ******parse ISAKMP Oakley attribute: Sep 21 07:33:26.977016: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Sep 21 07:33:26.977018: | length/value: 3 (0x3) Sep 21 07:33:26.977020: | [3 is OAKLEY_RSA_SIG] Sep 21 07:33:26.977022: | ******parse ISAKMP Oakley attribute: Sep 21 07:33:26.977025: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Sep 21 07:33:26.977027: | length/value: 14 (0xe) Sep 21 07:33:26.977030: | [14 is OAKLEY_GROUP_MODP2048] Sep 21 07:33:26.977032: | ******parse ISAKMP Oakley attribute: Sep 21 07:33:26.977034: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) Sep 21 07:33:26.977037: | length/value: 256 (0x100) Sep 21 07:33:26.977039: | OAKLEY proposal verified unconditionally; no alg_info to check against Sep 21 07:33:26.977042: | Oakley Transform 0 accepted Sep 21 07:33:26.977044: | ****emit IPsec DOI SIT: Sep 21 07:33:26.977047: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) Sep 21 07:33:26.977050: | ****emit ISAKMP Proposal Payload: Sep 21 07:33:26.977052: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:26.977054: | proposal number: 0 (0x0) Sep 21 07:33:26.977057: | protocol ID: PROTO_ISAKMP (0x1) Sep 21 07:33:26.977059: | SPI size: 0 (0x0) Sep 21 07:33:26.977061: | number of transforms: 1 (0x1) Sep 21 07:33:26.977064: | last substructure: saving location 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' Sep 21 07:33:26.977066: | *****emit ISAKMP Transform Payload (ISAKMP): Sep 21 07:33:26.977069: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:26.977071: | ISAKMP transform number: 0 (0x0) Sep 21 07:33:26.977074: | ISAKMP transform ID: KEY_IKE (0x1) Sep 21 07:33:26.977076: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Sep 21 07:33:26.977080: | emitting 28 raw bytes of attributes into ISAKMP Transform Payload (ISAKMP) Sep 21 07:33:26.977082: | attributes 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 04 Sep 21 07:33:26.977085: | attributes 80 03 00 03 80 04 00 0e 80 0e 01 00 Sep 21 07:33:26.977090: | emitting length of ISAKMP Transform Payload (ISAKMP): 36 Sep 21 07:33:26.977094: | emitting length of ISAKMP Proposal Payload: 44 Sep 21 07:33:26.977096: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is 0 Sep 21 07:33:26.977099: | emitting length of ISAKMP Security Association Payload: 56 Sep 21 07:33:26.977101: | last substructure: checking 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' is 0 Sep 21 07:33:26.977104: | out_vid(): sending [FRAGMENTATION] Sep 21 07:33:26.977106: | ***emit ISAKMP Vendor ID Payload: Sep 21 07:33:26.977109: | next payload type: ISAKMP_NEXT_VID (0xd) Sep 21 07:33:26.977112: | next payload chain: ignoring supplied 'ISAKMP Vendor ID Payload'.'next payload type' value 13:ISAKMP_NEXT_VID Sep 21 07:33:26.977115: | next payload chain: setting previous 'ISAKMP Security Association Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) Sep 21 07:33:26.977118: | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' Sep 21 07:33:26.977121: | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload Sep 21 07:33:26.977124: | V_ID 40 48 b7 d5 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3 Sep 21 07:33:26.977126: | emitting length of ISAKMP Vendor ID Payload: 20 Sep 21 07:33:26.977128: | out_vid(): sending [Dead Peer Detection] Sep 21 07:33:26.977131: | ***emit ISAKMP Vendor ID Payload: Sep 21 07:33:26.977133: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:26.977136: | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) Sep 21 07:33:26.977139: | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' Sep 21 07:33:26.977142: | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload Sep 21 07:33:26.977144: | V_ID af ca d7 13 68 a1 f1 c9 6b 86 96 fc 77 57 01 00 Sep 21 07:33:26.977146: | emitting length of ISAKMP Vendor ID Payload: 20 Sep 21 07:33:26.977149: | out_vid(): sending [RFC 3947] Sep 21 07:33:26.977151: | ***emit ISAKMP Vendor ID Payload: Sep 21 07:33:26.977153: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:26.977156: | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) Sep 21 07:33:26.977159: | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' Sep 21 07:33:26.977161: | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload Sep 21 07:33:26.977164: | V_ID 4a 13 1c 81 07 03 58 45 5c 57 28 f2 0e 95 45 2f Sep 21 07:33:26.977166: | emitting length of ISAKMP Vendor ID Payload: 20 Sep 21 07:33:26.977168: | no IKEv1 message padding required Sep 21 07:33:26.977171: | emitting length of ISAKMP Message: 144 Sep 21 07:33:26.977175: | complete v1 state transition with STF_OK Sep 21 07:33:26.977181: | [RE]START processing: state #1 connection "northnet-eastnet-b" from 192.1.3.33:500 (in complete_v1_state_transition() at ikev1.c:2649) Sep 21 07:33:26.977183: | #1 is idle Sep 21 07:33:26.977186: | doing_xauth:no, t_xauth_client_done:no Sep 21 07:33:26.977188: | peer supports fragmentation Sep 21 07:33:26.977190: | peer supports DPD Sep 21 07:33:26.977193: | IKEv1: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 Sep 21 07:33:26.977196: | parent state #1: MAIN_R0(half-open IKE SA) => MAIN_R1(open IKE SA) Sep 21 07:33:26.977198: | event_already_set, deleting event Sep 21 07:33:26.977203: | sending reply packet to 192.1.3.33:500 (from 192.1.2.23:500) Sep 21 07:33:26.977209: | sending 144 bytes for STATE_MAIN_R0 through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) Sep 21 07:33:26.977212: | 01 a7 a6 fa 98 79 9e af 66 81 7f f0 7d 2f b4 22 Sep 21 07:33:26.977214: | 01 10 02 00 00 00 00 00 00 00 00 90 0d 00 00 38 Sep 21 07:33:26.977216: | 00 00 00 01 00 00 00 01 00 00 00 2c 00 01 00 01 Sep 21 07:33:26.977222: | 00 00 00 24 00 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:33:26.977224: | 80 01 00 07 80 02 00 04 80 03 00 03 80 04 00 0e Sep 21 07:33:26.977227: | 80 0e 01 00 0d 00 00 14 40 48 b7 d5 6e bc e8 85 Sep 21 07:33:26.977229: | 25 e7 de 7f 00 d6 c2 d3 0d 00 00 14 af ca d7 13 Sep 21 07:33:26.977232: | 68 a1 f1 c9 6b 86 96 fc 77 57 01 00 00 00 00 14 Sep 21 07:33:26.977234: | 4a 13 1c 81 07 03 58 45 5c 57 28 f2 0e 95 45 2f Sep 21 07:33:26.977270: | !event_already_set at reschedule Sep 21 07:33:26.977275: | event_schedule: new EVENT_SO_DISCARD-pe@0x55bbb7a6f540 Sep 21 07:33:26.977279: | inserting event EVENT_SO_DISCARD, timeout in 60 seconds for #1 Sep 21 07:33:26.977282: | libevent_malloc: new ptr-libevent@0x55bbb7a69370 size 128 Sep 21 07:33:26.977286: "northnet-eastnet-b" #1: STATE_MAIN_R1: sent MR1, expecting MI2 Sep 21 07:33:26.977288: | modecfg pull: noquirk policy:push not-client Sep 21 07:33:26.977291: | phase 1 is done, looking for phase 2 to unpend Sep 21 07:33:26.977295: | stop processing: from 192.1.3.33:500 (BACKGROUND) (in process_md() at demux.c:380) Sep 21 07:33:26.977300: | stop processing: state #1 connection "northnet-eastnet-b" from 192.1.3.33:500 (in process_md() at demux.c:382) Sep 21 07:33:26.977303: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:33:26.977308: | spent 0.727 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:33:26.978677: | spent 0.0173 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:33:26.978697: | *received 396 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) Sep 21 07:33:26.978702: | 01 a7 a6 fa 98 79 9e af 66 81 7f f0 7d 2f b4 22 Sep 21 07:33:26.978706: | 04 10 02 00 00 00 00 00 00 00 01 8c 0a 00 01 04 Sep 21 07:33:26.978708: | 76 1c 0b c7 7b 26 02 19 63 0a e3 b5 f0 55 db 25 Sep 21 07:33:26.978710: | a2 3f 62 87 9c 6a d5 66 84 08 a9 42 c5 d5 b5 c3 Sep 21 07:33:26.978712: | c9 94 31 f7 62 f0 b3 19 cc 5e 2c 8d 47 7f 11 68 Sep 21 07:33:26.978713: | 17 c3 c5 67 2d bc 6a 9f 6e f9 61 5a 52 4b e2 b8 Sep 21 07:33:26.978714: | 5b 95 fa dc 0d ab 3f 97 0c e8 94 b4 92 63 98 1f Sep 21 07:33:26.978716: | 8b 52 50 aa 92 10 8a 0c 05 2e ce b6 b4 90 08 9c Sep 21 07:33:26.978717: | 14 6b d1 26 a0 fd 1a b0 a2 48 48 2a 37 f6 27 68 Sep 21 07:33:26.978719: | 47 2f a1 cc 47 fc cd 68 a4 1b 66 ca 29 75 a3 44 Sep 21 07:33:26.978720: | 48 45 f7 f0 fa 7e e4 5e b8 f4 df 1d 24 98 e0 ff Sep 21 07:33:26.978722: | 3b 75 0a 90 64 23 af 16 e7 bb 9c 88 19 de 34 32 Sep 21 07:33:26.978723: | 2b ec e6 82 ea 05 cf c5 de b1 4b d2 15 95 c4 8b Sep 21 07:33:26.978725: | 5f 24 67 3f 5f e2 96 56 e3 48 b2 90 c2 69 46 7b Sep 21 07:33:26.978726: | 8e 90 5b 69 5c a5 be 79 05 d9 fb 89 75 4b e5 67 Sep 21 07:33:26.978727: | 35 ea 1b 32 34 c5 72 41 97 94 95 7e ef 90 e1 4d Sep 21 07:33:26.978729: | 72 ff f6 56 10 dc 27 44 57 bd b8 52 04 d0 64 83 Sep 21 07:33:26.978730: | 7e 41 07 53 96 66 45 7c c6 05 10 52 16 14 9c 60 Sep 21 07:33:26.978732: | 14 00 00 24 3a 03 44 a2 8c d4 8f ee 13 6a 7c dd Sep 21 07:33:26.978733: | 01 88 1a 8a 4b f2 e8 54 c3 92 b1 4a 96 8a 42 ea Sep 21 07:33:26.978735: | 73 0a 6b 04 14 00 00 24 a0 2c df a8 ed 0e 88 50 Sep 21 07:33:26.978736: | 49 e5 70 56 ae da 0c f6 01 1d 14 d4 6d fc d8 94 Sep 21 07:33:26.978738: | 70 e6 6a 54 36 36 9f bb 00 00 00 24 0c 45 71 da Sep 21 07:33:26.978739: | 03 78 4a c3 34 0b 5c af 12 9a 51 7b 68 17 29 1a Sep 21 07:33:26.978740: | ab 68 9d e5 42 6a 1f 11 88 0d 93 e7 Sep 21 07:33:26.978743: | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) Sep 21 07:33:26.978746: | **parse ISAKMP Message: Sep 21 07:33:26.978747: | initiator cookie: Sep 21 07:33:26.978749: | 01 a7 a6 fa 98 79 9e af Sep 21 07:33:26.978750: | responder cookie: Sep 21 07:33:26.978752: | 66 81 7f f0 7d 2f b4 22 Sep 21 07:33:26.978753: | next payload type: ISAKMP_NEXT_KE (0x4) Sep 21 07:33:26.978757: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:33:26.978759: | exchange type: ISAKMP_XCHG_IDPROT (0x2) Sep 21 07:33:26.978761: | flags: none (0x0) Sep 21 07:33:26.978763: | Message ID: 0 (0x0) Sep 21 07:33:26.978764: | length: 396 (0x18c) Sep 21 07:33:26.978766: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) Sep 21 07:33:26.978768: | State DB: found IKEv1 state #1 in MAIN_R1 (find_state_ikev1) Sep 21 07:33:26.978772: | start processing: state #1 connection "northnet-eastnet-b" from 192.1.3.33:500 (in process_v1_packet() at ikev1.c:1435) Sep 21 07:33:26.978773: | #1 is idle Sep 21 07:33:26.978775: | #1 idle Sep 21 07:33:26.978777: | got payload 0x10 (ISAKMP_NEXT_KE) needed: 0x410 opt: 0x102080 Sep 21 07:33:26.978779: | ***parse ISAKMP Key Exchange Payload: Sep 21 07:33:26.978780: | next payload type: ISAKMP_NEXT_NONCE (0xa) Sep 21 07:33:26.978782: | length: 260 (0x104) Sep 21 07:33:26.978800: | got payload 0x400 (ISAKMP_NEXT_NONCE) needed: 0x400 opt: 0x102080 Sep 21 07:33:26.978802: | ***parse ISAKMP Nonce Payload: Sep 21 07:33:26.978803: | next payload type: ISAKMP_NEXT_NATD_RFC (0x14) Sep 21 07:33:26.978805: | length: 36 (0x24) Sep 21 07:33:26.978807: | got payload 0x100000 (ISAKMP_NEXT_NATD_RFC) needed: 0x0 opt: 0x102080 Sep 21 07:33:26.978821: | ***parse ISAKMP NAT-D Payload: Sep 21 07:33:26.978823: | next payload type: ISAKMP_NEXT_NATD_RFC (0x14) Sep 21 07:33:26.978824: | length: 36 (0x24) Sep 21 07:33:26.978826: | got payload 0x100000 (ISAKMP_NEXT_NATD_RFC) needed: 0x0 opt: 0x102080 Sep 21 07:33:26.978827: | ***parse ISAKMP NAT-D Payload: Sep 21 07:33:26.978829: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:26.978830: | length: 36 (0x24) Sep 21 07:33:26.978832: | message 'main_inI2_outR2' HASH payload not checked early Sep 21 07:33:26.978835: | init checking NAT-T: enabled; RFC 3947 (NAT-Traversal) Sep 21 07:33:26.978846: | natd_hash: hasher=0x55bbb6680c40(32) Sep 21 07:33:26.978848: | natd_hash: icookie= 01 a7 a6 fa 98 79 9e af Sep 21 07:33:26.978849: | natd_hash: rcookie= 66 81 7f f0 7d 2f b4 22 Sep 21 07:33:26.978851: | natd_hash: ip= c0 01 02 17 Sep 21 07:33:26.978852: | natd_hash: port= 01 f4 Sep 21 07:33:26.978854: | natd_hash: hash= a0 2c df a8 ed 0e 88 50 49 e5 70 56 ae da 0c f6 Sep 21 07:33:26.978855: | natd_hash: hash= 01 1d 14 d4 6d fc d8 94 70 e6 6a 54 36 36 9f bb Sep 21 07:33:26.978859: | natd_hash: hasher=0x55bbb6680c40(32) Sep 21 07:33:26.978861: | natd_hash: icookie= 01 a7 a6 fa 98 79 9e af Sep 21 07:33:26.978862: | natd_hash: rcookie= 66 81 7f f0 7d 2f b4 22 Sep 21 07:33:26.978863: | natd_hash: ip= c0 01 03 21 Sep 21 07:33:26.978865: | natd_hash: port= 01 f4 Sep 21 07:33:26.978866: | natd_hash: hash= 0c 45 71 da 03 78 4a c3 34 0b 5c af 12 9a 51 7b Sep 21 07:33:26.978868: | natd_hash: hash= 68 17 29 1a ab 68 9d e5 42 6a 1f 11 88 0d 93 e7 Sep 21 07:33:26.978869: | expected NAT-D(me): a0 2c df a8 ed 0e 88 50 49 e5 70 56 ae da 0c f6 Sep 21 07:33:26.978871: | expected NAT-D(me): 01 1d 14 d4 6d fc d8 94 70 e6 6a 54 36 36 9f bb Sep 21 07:33:26.978872: | expected NAT-D(him): Sep 21 07:33:26.978874: | 0c 45 71 da 03 78 4a c3 34 0b 5c af 12 9a 51 7b Sep 21 07:33:26.978875: | 68 17 29 1a ab 68 9d e5 42 6a 1f 11 88 0d 93 e7 Sep 21 07:33:26.978877: | received NAT-D: a0 2c df a8 ed 0e 88 50 49 e5 70 56 ae da 0c f6 Sep 21 07:33:26.978878: | received NAT-D: 01 1d 14 d4 6d fc d8 94 70 e6 6a 54 36 36 9f bb Sep 21 07:33:26.978880: | received NAT-D: 0c 45 71 da 03 78 4a c3 34 0b 5c af 12 9a 51 7b Sep 21 07:33:26.978881: | received NAT-D: 68 17 29 1a ab 68 9d e5 42 6a 1f 11 88 0d 93 e7 Sep 21 07:33:26.978883: | NAT_TRAVERSAL encaps using auto-detect Sep 21 07:33:26.978884: | NAT_TRAVERSAL this end is NOT behind NAT Sep 21 07:33:26.978885: | NAT_TRAVERSAL that end is NOT behind NAT Sep 21 07:33:26.978887: | NAT_TRAVERSAL nat-keepalive enabled 192.1.3.33 Sep 21 07:33:26.978889: | NAT-Traversal: Result using RFC 3947 (NAT-Traversal) sender port 500: no NAT detected Sep 21 07:33:26.978893: | NAT_T_WITH_KA detected Sep 21 07:33:26.978895: | global one-shot timer EVENT_NAT_T_KEEPALIVE scheduled in 20 seconds Sep 21 07:33:26.978899: | adding inI2_outR2 KE work-order 1 for state #1 Sep 21 07:33:26.978901: | state #1 requesting EVENT_SO_DISCARD to be deleted Sep 21 07:33:26.978903: | libevent_free: release ptr-libevent@0x55bbb7a69370 Sep 21 07:33:26.978905: | free_event_entry: release EVENT_SO_DISCARD-pe@0x55bbb7a6f540 Sep 21 07:33:26.978907: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55bbb7a6f540 Sep 21 07:33:26.978909: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Sep 21 07:33:26.978911: | libevent_malloc: new ptr-libevent@0x55bbb7a69370 size 128 Sep 21 07:33:26.978916: | complete v1 state transition with STF_SUSPEND Sep 21 07:33:26.978935: | [RE]START processing: state #1 connection "northnet-eastnet-b" from 192.1.3.33:500 (in complete_v1_state_transition() at ikev1.c:2624) Sep 21 07:33:26.978937: | suspending state #1 and saving MD Sep 21 07:33:26.978939: | #1 is busy; has a suspended MD Sep 21 07:33:26.978942: | #1 spent 0.107 milliseconds in process_packet_tail() Sep 21 07:33:26.978945: | stop processing: from 192.1.3.33:500 (BACKGROUND) (in process_md() at demux.c:380) Sep 21 07:33:26.978945: | crypto helper 0 resuming Sep 21 07:33:26.978955: | crypto helper 0 starting work-order 1 for state #1 Sep 21 07:33:26.978947: | stop processing: state #1 connection "northnet-eastnet-b" from 192.1.3.33:500 (in process_md() at demux.c:382) Sep 21 07:33:26.978964: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:33:26.978959: | crypto helper 0 doing build KE and nonce (inI2_outR2 KE); request ID 1 Sep 21 07:33:26.978969: | spent 0.262 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:33:26.979534: | crypto helper 0 finished build KE and nonce (inI2_outR2 KE); request ID 1 time elapsed 0.000575 seconds Sep 21 07:33:26.979540: | (#1) spent 0.577 milliseconds in crypto helper computing work-order 1: inI2_outR2 KE (pcr) Sep 21 07:33:26.979542: | crypto helper 0 sending results from work-order 1 for state #1 to event queue Sep 21 07:33:26.979544: | scheduling resume sending helper answer for #1 Sep 21 07:33:26.979546: | libevent_malloc: new ptr-libevent@0x7f928c006900 size 128 Sep 21 07:33:26.979552: | crypto helper 0 waiting (nothing to do) Sep 21 07:33:26.979580: | processing resume sending helper answer for #1 Sep 21 07:33:26.979589: | start processing: state #1 connection "northnet-eastnet-b" from 192.1.3.33:500 (in resume_handler() at server.c:797) Sep 21 07:33:26.979593: | crypto helper 0 replies to request ID 1 Sep 21 07:33:26.979594: | calling continuation function 0x55bbb65aa630 Sep 21 07:33:26.979596: | main_inI2_outR2_continue for #1: calculated ke+nonce, sending R2 Sep 21 07:33:26.979601: | **emit ISAKMP Message: Sep 21 07:33:26.979602: | initiator cookie: Sep 21 07:33:26.979604: | 01 a7 a6 fa 98 79 9e af Sep 21 07:33:26.979605: | responder cookie: Sep 21 07:33:26.979607: | 66 81 7f f0 7d 2f b4 22 Sep 21 07:33:26.979608: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:26.979610: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:33:26.979612: | exchange type: ISAKMP_XCHG_IDPROT (0x2) Sep 21 07:33:26.979613: | flags: none (0x0) Sep 21 07:33:26.979615: | Message ID: 0 (0x0) Sep 21 07:33:26.979617: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:33:26.979619: | ***emit ISAKMP Key Exchange Payload: Sep 21 07:33:26.979620: | next payload type: ISAKMP_NEXT_NONCE (0xa) Sep 21 07:33:26.979622: | next payload chain: ignoring supplied 'ISAKMP Key Exchange Payload'.'next payload type' value 10:ISAKMP_NEXT_NONCE Sep 21 07:33:26.979624: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Key Exchange Payload (4:ISAKMP_NEXT_KE) Sep 21 07:33:26.979626: | next payload chain: saving location 'ISAKMP Key Exchange Payload'.'next payload type' in 'reply packet' Sep 21 07:33:26.979630: | emitting 256 raw bytes of keyex value into ISAKMP Key Exchange Payload Sep 21 07:33:26.979632: | keyex value a2 61 af 65 93 cc a2 b7 f1 1c 5a 12 b0 c5 36 8b Sep 21 07:33:26.979634: | keyex value 16 72 25 f7 2e 38 2c 2e a7 26 7a 8a 8b 42 51 22 Sep 21 07:33:26.979635: | keyex value 52 8f 08 34 06 be 9f 63 0c 63 f3 7f 0f f0 5d 21 Sep 21 07:33:26.979637: | keyex value af 31 f7 91 10 a9 04 e4 6b b8 b3 81 08 ab 38 f7 Sep 21 07:33:26.979638: | keyex value a3 14 f8 9f 7b b0 a3 79 3b 89 49 f5 a5 c8 29 23 Sep 21 07:33:26.979640: | keyex value b3 e3 8f d1 8a df a1 ed 45 dd dc 7f 4a b3 db 46 Sep 21 07:33:26.979641: | keyex value 9a b8 f7 21 3f e1 22 45 70 c6 d7 66 de 95 a9 45 Sep 21 07:33:26.979642: | keyex value 73 cd f9 80 a5 b2 db da 22 04 8a b7 25 36 ae 66 Sep 21 07:33:26.979644: | keyex value 5c c7 d7 d9 72 6d e3 48 3f a5 64 44 e5 bc 41 d8 Sep 21 07:33:26.979645: | keyex value 6a f9 1b 81 c1 c6 0f 07 1d 51 0c 44 df 46 e6 47 Sep 21 07:33:26.979647: | keyex value f2 73 bd c8 3e 79 38 c3 22 a8 fc 30 5f d6 e5 cd Sep 21 07:33:26.979648: | keyex value ea 34 1a 7d a0 a8 9a 63 eb 07 d3 ac c8 24 2c 7e Sep 21 07:33:26.979650: | keyex value c9 47 55 ad c4 80 60 f7 db c0 3b 79 5d 42 9a 0d Sep 21 07:33:26.979651: | keyex value e4 36 a8 c0 75 2f ca 67 6f ef ea 90 f8 cc 50 2c Sep 21 07:33:26.979653: | keyex value b2 20 fb 64 54 7d 37 4f ea 6a 8d 47 6d 61 e5 ce Sep 21 07:33:26.979654: | keyex value 9c 05 9f 68 5a 0e 1a e2 93 e7 49 34 2a ff fd cd Sep 21 07:33:26.979656: | emitting length of ISAKMP Key Exchange Payload: 260 Sep 21 07:33:26.979657: | ***emit ISAKMP Nonce Payload: Sep 21 07:33:26.979659: | next payload type: ISAKMP_NEXT_CR (0x7) Sep 21 07:33:26.979660: | next payload chain: ignoring supplied 'ISAKMP Nonce Payload'.'next payload type' value 7:ISAKMP_NEXT_CR Sep 21 07:33:26.979662: | next payload chain: setting previous 'ISAKMP Key Exchange Payload'.'next payload type' to current ISAKMP Nonce Payload (10:ISAKMP_NEXT_NONCE) Sep 21 07:33:26.979664: | next payload chain: saving location 'ISAKMP Nonce Payload'.'next payload type' in 'reply packet' Sep 21 07:33:26.979666: | emitting 32 raw bytes of Nr into ISAKMP Nonce Payload Sep 21 07:33:26.979667: | Nr b8 6e a7 c7 da 14 f7 95 4c d0 c3 8a c9 32 11 2f Sep 21 07:33:26.979669: | Nr dd 77 1a 61 df ea 3e 7b 75 75 41 8a bc 24 e3 b3 Sep 21 07:33:26.979670: | emitting length of ISAKMP Nonce Payload: 36 Sep 21 07:33:26.979672: | ***emit ISAKMP Certificate RequestPayload: Sep 21 07:33:26.979674: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:26.979675: | cert type: CERT_X509_SIGNATURE (0x4) Sep 21 07:33:26.979677: | next payload chain: setting previous 'ISAKMP Nonce Payload'.'next payload type' to current ISAKMP Certificate RequestPayload (7:ISAKMP_NEXT_CR) Sep 21 07:33:26.979679: | next payload chain: saving location 'ISAKMP Certificate RequestPayload'.'next payload type' in 'reply packet' Sep 21 07:33:26.979681: | emitting 175 raw bytes of CA into ISAKMP Certificate RequestPayload Sep 21 07:33:26.979682: | CA 30 81 ac 31 0b 30 09 06 03 55 04 06 13 02 43 41 Sep 21 07:33:26.979684: | CA 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 Sep 21 07:33:26.979685: | CA 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 Sep 21 07:33:26.979687: | CA 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c Sep 21 07:33:26.979688: | CA 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 Sep 21 07:33:26.979690: | CA 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 Sep 21 07:33:26.979691: | CA 6e 74 31 25 30 23 06 03 55 04 03 0c 1c 4c 69 62 Sep 21 07:33:26.979692: | CA 72 65 73 77 61 6e 20 74 65 73 74 20 43 41 20 66 Sep 21 07:33:26.979694: | CA 6f 72 20 6d 61 69 6e 63 61 31 24 30 22 06 09 2a Sep 21 07:33:26.979695: | CA 86 48 86 f7 0d 01 09 01 16 15 74 65 73 74 69 6e Sep 21 07:33:26.979697: | CA 67 40 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 Sep 21 07:33:26.979698: | emitting length of ISAKMP Certificate RequestPayload: 180 Sep 21 07:33:26.979700: | sending NAT-D payloads Sep 21 07:33:26.979709: | natd_hash: hasher=0x55bbb6680c40(32) Sep 21 07:33:26.979711: | natd_hash: icookie= 01 a7 a6 fa 98 79 9e af Sep 21 07:33:26.979713: | natd_hash: rcookie= 66 81 7f f0 7d 2f b4 22 Sep 21 07:33:26.979714: | natd_hash: ip= c0 01 03 21 Sep 21 07:33:26.979715: | natd_hash: port= 01 f4 Sep 21 07:33:26.979717: | natd_hash: hash= 0c 45 71 da 03 78 4a c3 34 0b 5c af 12 9a 51 7b Sep 21 07:33:26.979719: | natd_hash: hash= 68 17 29 1a ab 68 9d e5 42 6a 1f 11 88 0d 93 e7 Sep 21 07:33:26.979720: | ***emit ISAKMP NAT-D Payload: Sep 21 07:33:26.979722: | next payload type: ISAKMP_NEXT_NATD_RFC (0x14) Sep 21 07:33:26.979724: | next payload chain: ignoring supplied 'ISAKMP NAT-D Payload'.'next payload type' value 20:ISAKMP_NEXT_NATD_RFC Sep 21 07:33:26.979726: | next payload chain: setting previous 'ISAKMP Certificate RequestPayload'.'next payload type' to current ISAKMP NAT-D Payload (20:ISAKMP_NEXT_NATD_RFC) Sep 21 07:33:26.979727: | next payload chain: saving location 'ISAKMP NAT-D Payload'.'next payload type' in 'reply packet' Sep 21 07:33:26.979729: | emitting 32 raw bytes of NAT-D into ISAKMP NAT-D Payload Sep 21 07:33:26.979731: | NAT-D 0c 45 71 da 03 78 4a c3 34 0b 5c af 12 9a 51 7b Sep 21 07:33:26.979732: | NAT-D 68 17 29 1a ab 68 9d e5 42 6a 1f 11 88 0d 93 e7 Sep 21 07:33:26.979734: | emitting length of ISAKMP NAT-D Payload: 36 Sep 21 07:33:26.979738: | natd_hash: hasher=0x55bbb6680c40(32) Sep 21 07:33:26.979739: | natd_hash: icookie= 01 a7 a6 fa 98 79 9e af Sep 21 07:33:26.979741: | natd_hash: rcookie= 66 81 7f f0 7d 2f b4 22 Sep 21 07:33:26.979742: | natd_hash: ip= c0 01 02 17 Sep 21 07:33:26.979743: | natd_hash: port= 01 f4 Sep 21 07:33:26.979745: | natd_hash: hash= a0 2c df a8 ed 0e 88 50 49 e5 70 56 ae da 0c f6 Sep 21 07:33:26.979746: | natd_hash: hash= 01 1d 14 d4 6d fc d8 94 70 e6 6a 54 36 36 9f bb Sep 21 07:33:26.979748: | ***emit ISAKMP NAT-D Payload: Sep 21 07:33:26.979749: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:26.979751: | next payload chain: setting previous 'ISAKMP NAT-D Payload'.'next payload type' to current ISAKMP NAT-D Payload (20:ISAKMP_NEXT_NATD_RFC) Sep 21 07:33:26.979753: | next payload chain: saving location 'ISAKMP NAT-D Payload'.'next payload type' in 'reply packet' Sep 21 07:33:26.979755: | emitting 32 raw bytes of NAT-D into ISAKMP NAT-D Payload Sep 21 07:33:26.979756: | NAT-D a0 2c df a8 ed 0e 88 50 49 e5 70 56 ae da 0c f6 Sep 21 07:33:26.979758: | NAT-D 01 1d 14 d4 6d fc d8 94 70 e6 6a 54 36 36 9f bb Sep 21 07:33:26.979759: | emitting length of ISAKMP NAT-D Payload: 36 Sep 21 07:33:26.979760: | no IKEv1 message padding required Sep 21 07:33:26.979762: | emitting length of ISAKMP Message: 576 Sep 21 07:33:26.979764: | main inI2_outR2: starting async DH calculation (group=14) Sep 21 07:33:26.979774: | started looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org of kind PKK_PSK Sep 21 07:33:26.979780: | actually looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org of kind PKK_PSK Sep 21 07:33:26.979793: | line 0: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org) to type PKK_RSA Sep 21 07:33:26.979800: | line 1: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org) to type PKK_RSA Sep 21 07:33:26.979802: | concluding with best_match=000 best=(nil) (lineno=-1) Sep 21 07:33:26.979804: | no PreShared Key Found Sep 21 07:33:26.979806: | adding main_inI2_outR2_tail work-order 2 for state #1 Sep 21 07:33:26.979823: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:33:26.979825: | libevent_free: release ptr-libevent@0x55bbb7a69370 Sep 21 07:33:26.979827: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55bbb7a6f540 Sep 21 07:33:26.979828: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55bbb7a6f540 Sep 21 07:33:26.979831: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Sep 21 07:33:26.979833: | libevent_malloc: new ptr-libevent@0x55bbb7a69370 size 128 Sep 21 07:33:26.979839: | #1 main_inI2_outR2_continue1_tail:1158 st->st_calculating = FALSE; Sep 21 07:33:26.979845: | complete v1 state transition with STF_OK Sep 21 07:33:26.979846: | crypto helper 1 resuming Sep 21 07:33:26.979850: | [RE]START processing: state #1 connection "northnet-eastnet-b" from 192.1.3.33:500 (in complete_v1_state_transition() at ikev1.c:2649) Sep 21 07:33:26.979852: | crypto helper 1 starting work-order 2 for state #1 Sep 21 07:33:26.979853: | #1 is idle; has background offloaded task Sep 21 07:33:26.979864: | doing_xauth:no, t_xauth_client_done:no Sep 21 07:33:26.979869: | IKEv1: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2 Sep 21 07:33:26.979860: | crypto helper 1 doing compute dh+iv (V1 Phase 1) (main_inI2_outR2_tail); request ID 2 Sep 21 07:33:26.979874: | parent state #1: MAIN_R1(open IKE SA) => MAIN_R2(open IKE SA) Sep 21 07:33:26.979882: | event_already_set, deleting event Sep 21 07:33:26.979885: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:33:26.979888: | libevent_free: release ptr-libevent@0x55bbb7a69370 Sep 21 07:33:26.979891: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55bbb7a6f540 Sep 21 07:33:26.979898: | sending reply packet to 192.1.3.33:500 (from 192.1.2.23:500) Sep 21 07:33:26.979907: | sending 576 bytes for STATE_MAIN_R1 through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) Sep 21 07:33:26.979912: | 01 a7 a6 fa 98 79 9e af 66 81 7f f0 7d 2f b4 22 Sep 21 07:33:26.979914: | 04 10 02 00 00 00 00 00 00 00 02 40 0a 00 01 04 Sep 21 07:33:26.979917: | a2 61 af 65 93 cc a2 b7 f1 1c 5a 12 b0 c5 36 8b Sep 21 07:33:26.979919: | 16 72 25 f7 2e 38 2c 2e a7 26 7a 8a 8b 42 51 22 Sep 21 07:33:26.979921: | 52 8f 08 34 06 be 9f 63 0c 63 f3 7f 0f f0 5d 21 Sep 21 07:33:26.979924: | af 31 f7 91 10 a9 04 e4 6b b8 b3 81 08 ab 38 f7 Sep 21 07:33:26.979926: | a3 14 f8 9f 7b b0 a3 79 3b 89 49 f5 a5 c8 29 23 Sep 21 07:33:26.979928: | b3 e3 8f d1 8a df a1 ed 45 dd dc 7f 4a b3 db 46 Sep 21 07:33:26.979930: | 9a b8 f7 21 3f e1 22 45 70 c6 d7 66 de 95 a9 45 Sep 21 07:33:26.979932: | 73 cd f9 80 a5 b2 db da 22 04 8a b7 25 36 ae 66 Sep 21 07:33:26.979935: | 5c c7 d7 d9 72 6d e3 48 3f a5 64 44 e5 bc 41 d8 Sep 21 07:33:26.979937: | 6a f9 1b 81 c1 c6 0f 07 1d 51 0c 44 df 46 e6 47 Sep 21 07:33:26.979939: | f2 73 bd c8 3e 79 38 c3 22 a8 fc 30 5f d6 e5 cd Sep 21 07:33:26.979941: | ea 34 1a 7d a0 a8 9a 63 eb 07 d3 ac c8 24 2c 7e Sep 21 07:33:26.979943: | c9 47 55 ad c4 80 60 f7 db c0 3b 79 5d 42 9a 0d Sep 21 07:33:26.979945: | e4 36 a8 c0 75 2f ca 67 6f ef ea 90 f8 cc 50 2c Sep 21 07:33:26.979948: | b2 20 fb 64 54 7d 37 4f ea 6a 8d 47 6d 61 e5 ce Sep 21 07:33:26.979950: | 9c 05 9f 68 5a 0e 1a e2 93 e7 49 34 2a ff fd cd Sep 21 07:33:26.979952: | 07 00 00 24 b8 6e a7 c7 da 14 f7 95 4c d0 c3 8a Sep 21 07:33:26.979954: | c9 32 11 2f dd 77 1a 61 df ea 3e 7b 75 75 41 8a Sep 21 07:33:26.979956: | bc 24 e3 b3 14 00 00 b4 04 30 81 ac 31 0b 30 09 Sep 21 07:33:26.979958: | 06 03 55 04 06 13 02 43 41 31 10 30 0e 06 03 55 Sep 21 07:33:26.979961: | 04 08 0c 07 4f 6e 74 61 72 69 6f 31 10 30 0e 06 Sep 21 07:33:26.979963: | 03 55 04 07 0c 07 54 6f 72 6f 6e 74 6f 31 12 30 Sep 21 07:33:26.979965: | 10 06 03 55 04 0a 0c 09 4c 69 62 72 65 73 77 61 Sep 21 07:33:26.979967: | 6e 31 18 30 16 06 03 55 04 0b 0c 0f 54 65 73 74 Sep 21 07:33:26.979969: | 20 44 65 70 61 72 74 6d 65 6e 74 31 25 30 23 06 Sep 21 07:33:26.979971: | 03 55 04 03 0c 1c 4c 69 62 72 65 73 77 61 6e 20 Sep 21 07:33:26.979977: | 74 65 73 74 20 43 41 20 66 6f 72 20 6d 61 69 6e Sep 21 07:33:26.979979: | 63 61 31 24 30 22 06 09 2a 86 48 86 f7 0d 01 09 Sep 21 07:33:26.979982: | 01 16 15 74 65 73 74 69 6e 67 40 6c 69 62 72 65 Sep 21 07:33:26.979984: | 73 77 61 6e 2e 6f 72 67 14 00 00 24 0c 45 71 da Sep 21 07:33:26.979986: | 03 78 4a c3 34 0b 5c af 12 9a 51 7b 68 17 29 1a Sep 21 07:33:26.979988: | ab 68 9d e5 42 6a 1f 11 88 0d 93 e7 00 00 00 24 Sep 21 07:33:26.979990: | a0 2c df a8 ed 0e 88 50 49 e5 70 56 ae da 0c f6 Sep 21 07:33:26.979992: | 01 1d 14 d4 6d fc d8 94 70 e6 6a 54 36 36 9f bb Sep 21 07:33:26.980018: | !event_already_set at reschedule Sep 21 07:33:26.980037: | event_schedule: new EVENT_RETRANSMIT-pe@0x55bbb7a6f540 Sep 21 07:33:26.980041: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #1 Sep 21 07:33:26.980044: | libevent_malloc: new ptr-libevent@0x55bbb7a69370 size 128 Sep 21 07:33:26.980049: | #1 STATE_MAIN_R2: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 49853.348301 Sep 21 07:33:26.980052: "northnet-eastnet-b" #1: STATE_MAIN_R2: sent MR2, expecting MI3 Sep 21 07:33:26.980054: | modecfg pull: noquirk policy:push not-client Sep 21 07:33:26.980057: | phase 1 is done, looking for phase 2 to unpend Sep 21 07:33:26.980060: | resume sending helper answer for #1 suppresed complete_v1_state_transition() Sep 21 07:33:26.980065: | #1 spent 0.449 milliseconds in resume sending helper answer Sep 21 07:33:26.980070: | stop processing: state #1 connection "northnet-eastnet-b" from 192.1.3.33:500 (in resume_handler() at server.c:833) Sep 21 07:33:26.980073: | libevent_free: release ptr-libevent@0x7f928c006900 Sep 21 07:33:26.980752: | crypto helper 1 finished compute dh+iv (V1 Phase 1) (main_inI2_outR2_tail); request ID 2 time elapsed 0.000892 seconds Sep 21 07:33:26.980759: | (#1) spent 0.894 milliseconds in crypto helper computing work-order 2: main_inI2_outR2_tail (pcr) Sep 21 07:33:26.980761: | crypto helper 1 sending results from work-order 2 for state #1 to event queue Sep 21 07:33:26.980763: | scheduling resume sending helper answer for #1 Sep 21 07:33:26.980765: | libevent_malloc: new ptr-libevent@0x7f9284004f00 size 128 Sep 21 07:33:26.980771: | crypto helper 1 waiting (nothing to do) Sep 21 07:33:26.980777: | processing resume sending helper answer for #1 Sep 21 07:33:26.980788: | start processing: state #1 connection "northnet-eastnet-b" from 192.1.3.33:500 (in resume_handler() at server.c:797) Sep 21 07:33:26.980793: | crypto helper 1 replies to request ID 2 Sep 21 07:33:26.980795: | calling continuation function 0x55bbb65aa630 Sep 21 07:33:26.980797: | main_inI2_outR2_calcdone for #1: calculate DH finished Sep 21 07:33:26.980800: | [RE]START processing: state #1 connection "northnet-eastnet-b" from 192.1.3.33:500 (in main_inI2_outR2_continue2() at ikev1_main.c:1008) Sep 21 07:33:26.980803: | stop processing: state #1 connection "northnet-eastnet-b" from 192.1.3.33:500 (in main_inI2_outR2_continue2() at ikev1_main.c:1021) Sep 21 07:33:26.980805: | resume sending helper answer for #1 suppresed complete_v1_state_transition() Sep 21 07:33:26.980808: | #1 spent 0.0144 milliseconds in resume sending helper answer Sep 21 07:33:26.980810: | processing: STOP state #0 (in resume_handler() at server.c:833) Sep 21 07:33:26.980812: | libevent_free: release ptr-libevent@0x7f9284004f00 Sep 21 07:33:26.988149: | spent 0.00279 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:33:26.988173: | *received 2028 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) Sep 21 07:33:26.988177: | 01 a7 a6 fa 98 79 9e af 66 81 7f f0 7d 2f b4 22 Sep 21 07:33:26.988179: | 05 10 02 01 00 00 00 00 00 00 07 ec 37 83 e6 f5 Sep 21 07:33:26.988180: | aa 09 d5 64 01 7b eb 71 c7 59 9e 57 06 ad 18 5a Sep 21 07:33:26.988182: | cd 10 25 df 10 e0 95 64 ae b4 00 2d 3c ab 14 37 Sep 21 07:33:26.988183: | 03 6a 9a 72 a8 34 8c 10 a6 5c af ea af 7d 8c 9d Sep 21 07:33:26.988185: | 8f a1 29 96 6d 5e 9e c9 06 b5 be 51 5c 2e e3 26 Sep 21 07:33:26.988188: | 20 f8 5e 32 70 5a c8 fe 3e 9a 31 22 72 02 75 a3 Sep 21 07:33:26.988189: | eb 8a fe 40 c0 28 b2 11 ee 66 b9 b9 b7 1f 3b a7 Sep 21 07:33:26.988191: | 2e 62 29 a2 e7 88 a0 c4 9c f6 06 04 40 8f 15 6f Sep 21 07:33:26.988192: | 5b d7 c9 c1 61 9f 2c 96 01 e0 8d 2f 24 3c d0 f3 Sep 21 07:33:26.988194: | f8 05 66 72 5c 3a 7e ee 4b bf 4e dd b6 a0 f8 c8 Sep 21 07:33:26.988195: | 03 d9 3a 10 74 3f ff 15 c7 08 13 51 19 cb eb e6 Sep 21 07:33:26.988197: | 8e 0f 2c 59 ab 95 db d5 6c a6 9d ab 7c 66 da 4e Sep 21 07:33:26.988198: | 45 3a 36 2b 13 70 fe a8 16 a1 ba ba a9 6e 73 3b Sep 21 07:33:26.988200: | df a7 11 33 e9 05 74 47 b8 96 8f 8b 14 d9 d0 50 Sep 21 07:33:26.988201: | 4e 5c 6d c0 e6 24 23 85 b9 b6 54 e2 11 da 4e 0f Sep 21 07:33:26.988215: | 39 f4 a4 c6 54 39 58 b0 99 05 3f 7d 26 42 25 af Sep 21 07:33:26.988217: | 97 f9 3f ca c7 7e c4 f3 59 09 00 56 08 23 b1 92 Sep 21 07:33:26.988218: | bd 25 67 26 1d 08 71 05 95 e4 6e 24 84 e6 7a 47 Sep 21 07:33:26.988220: | 3c a5 81 6a 7d eb c1 46 9d 38 b6 27 86 93 ca b1 Sep 21 07:33:26.988221: | ef 57 4c 7f f2 7d 0e 23 aa 39 1b 75 fd 46 05 d0 Sep 21 07:33:26.988222: | dc 18 03 fe c2 ea 83 fc 46 67 3b c5 c0 20 ed f7 Sep 21 07:33:26.988224: | 76 31 24 6d 76 0b e9 0d af ea b1 13 82 33 c1 b7 Sep 21 07:33:26.988225: | 81 33 f8 0b c5 dd 1e 80 be c0 35 f2 97 cc 39 a0 Sep 21 07:33:26.988227: | 48 39 14 11 f9 9e 4f bb da 36 ff 56 ab e3 de ce Sep 21 07:33:26.988228: | 46 2b 63 51 48 90 a6 f7 57 33 d6 65 6c 6e 19 05 Sep 21 07:33:26.988229: | 22 49 47 81 71 88 f6 56 d3 64 28 7d db 70 a3 2a Sep 21 07:33:26.988231: | 51 11 60 89 ec 99 3d de cc c3 60 98 e5 b2 28 52 Sep 21 07:33:26.988232: | 91 35 e1 c0 58 1d 6c a9 ce a7 13 9b 17 6d 1a 1c Sep 21 07:33:26.988234: | b7 67 8d 5d 45 ae 1c 83 c5 7d 2d d1 01 9a aa 9d Sep 21 07:33:26.988235: | c9 0d 83 41 bf e7 8e dc e2 90 c7 a8 8e bc 1c 81 Sep 21 07:33:26.988236: | 90 74 29 7f 36 de 1e ff c8 68 af 1e 3e a2 61 cd Sep 21 07:33:26.988238: | f7 0c 82 01 9e d9 ee 9d ed 3f 96 19 35 4d a4 d4 Sep 21 07:33:26.988239: | b4 1e f5 fa 39 17 f4 67 6b cd e0 d9 52 09 47 87 Sep 21 07:33:26.988241: | 4b 7b be de 54 e3 70 2e 40 f4 b9 02 2b 51 f7 f9 Sep 21 07:33:26.988242: | a4 c8 d0 bd 5b 1c 38 ef 4c af 96 95 e0 50 54 53 Sep 21 07:33:26.988243: | 67 48 de 1e af 9e ab 16 3a 02 d2 cc 84 55 5a 9d Sep 21 07:33:26.988245: | 7e 2c a1 86 5f 9b f5 3c 87 f6 d6 4e 16 72 d4 d6 Sep 21 07:33:26.988246: | fd f7 0d e5 dc 63 85 47 f2 e8 af 2d 8b 44 7a ce Sep 21 07:33:26.988248: | 0b c2 4a df 75 f7 90 2c 52 26 70 70 8e 10 46 d2 Sep 21 07:33:26.988249: | be 43 e6 9b 95 63 ef e4 23 88 83 b9 d8 52 7e b4 Sep 21 07:33:26.988250: | 94 24 30 5f ff 4e 90 ef 45 ea 67 19 f0 8c b7 2b Sep 21 07:33:26.988252: | ec 6e b0 f7 60 7e e1 c0 2a 01 ef a7 61 71 f8 e2 Sep 21 07:33:26.988253: | 2a af b0 eb 06 e1 51 88 02 68 cd b5 c7 8a 5f 94 Sep 21 07:33:26.988255: | cd c9 63 e4 70 4d 0d 03 70 f0 dc b0 e5 10 ef e5 Sep 21 07:33:26.988256: | a7 3f 89 e9 01 32 d3 6f 23 fa db 4d 14 76 63 b6 Sep 21 07:33:26.988257: | 90 10 62 59 c3 fd 50 24 41 58 64 71 bc 6d c0 28 Sep 21 07:33:26.988259: | 6e ca 8a 1d 77 8b 9f a5 c0 10 c4 3e 23 37 91 96 Sep 21 07:33:26.988260: | 95 cf 19 6c 3b 76 d1 77 5d 3d b1 6c 2a 8b 79 17 Sep 21 07:33:26.988262: | 9c d4 75 f5 01 3d 5b dc bd 1c 97 33 74 70 29 6c Sep 21 07:33:26.988263: | 20 7c df 17 ef ab 1c 28 a0 f1 5b 8f b6 4b bb 08 Sep 21 07:33:26.988264: | 4e 5b 35 92 82 e2 41 e4 af 35 e0 db e1 59 ac d2 Sep 21 07:33:26.988266: | 4d d8 8d b5 98 5d 77 42 eb d5 66 f7 5b 4c 05 f8 Sep 21 07:33:26.988267: | a2 d6 73 ad 88 87 d3 5c d7 b8 32 b3 bb 64 ae f9 Sep 21 07:33:26.988268: | 1b 3b 51 aa cb 14 04 4b 21 e2 41 77 7c e6 78 89 Sep 21 07:33:26.988270: | b8 49 4c cc a7 a8 5d ae 9d 19 fb 2e 1e 99 07 a3 Sep 21 07:33:26.988271: | da 78 b9 e5 d8 d5 d2 b8 b6 96 ca f8 12 b5 42 70 Sep 21 07:33:26.988273: | 32 2e b7 f9 05 29 ee 44 06 a9 2a f8 86 84 61 55 Sep 21 07:33:26.988275: | ac 3e 90 7d 54 fc ab 1e de c9 c8 af 25 e6 5b 33 Sep 21 07:33:26.988276: | eb 81 25 97 50 dc 5a 01 18 fa b9 27 9d 5e 06 b8 Sep 21 07:33:26.988278: | be 27 33 39 9c d1 6a ae 38 c1 81 c1 87 30 4e 41 Sep 21 07:33:26.988279: | b7 52 cf 1a fa c5 12 ba 70 ae 5c 9e 8d 82 06 13 Sep 21 07:33:26.988281: | 2c 5b 13 d6 9a 26 34 c6 b2 f1 d7 8d b1 a4 de fc Sep 21 07:33:26.988282: | 91 b4 0c 75 5f b9 4f 74 e8 09 e0 05 c8 8f fe e4 Sep 21 07:33:26.988283: | 21 22 04 a9 06 85 7d 3a 67 f0 0b a9 00 df 92 1f Sep 21 07:33:26.988285: | a3 4f 0e a4 d8 82 fd c6 60 80 49 f4 a9 eb 42 ea Sep 21 07:33:26.988286: | 9d 0a 52 01 18 11 53 6a e0 aa 3b 36 20 39 dd aa Sep 21 07:33:26.988288: | 09 a1 18 5c 1b cb 33 43 eb 11 61 c7 2f 14 6b 73 Sep 21 07:33:26.988289: | 13 7e 47 af a6 26 5f 06 35 a8 8d 75 d8 55 75 23 Sep 21 07:33:26.988290: | ba 07 50 87 75 5a bc 85 28 37 3f 7f a5 11 96 cc Sep 21 07:33:26.988292: | bb d6 77 81 69 25 1a a7 c8 d9 e5 b1 f9 50 48 8f Sep 21 07:33:26.988293: | 74 b9 2d 9a f6 84 d0 20 5e ac d9 c4 3d fb b2 56 Sep 21 07:33:26.988295: | 66 b0 c5 9e 7f 06 8c ca ef 97 81 61 f3 80 3f 36 Sep 21 07:33:26.988296: | 9a 8c 2b b1 d5 9d b7 b7 b9 c3 87 c4 03 c9 53 50 Sep 21 07:33:26.988297: | c4 6f 23 0f f1 45 df 46 49 66 30 6f 52 24 09 7d Sep 21 07:33:26.988299: | 4e 15 0f b6 a6 04 c6 9c ba 84 dd d6 72 d1 fc 6a Sep 21 07:33:26.988300: | 74 d1 9a 88 cc 88 6a a9 a6 2f b9 a7 d2 50 59 cc Sep 21 07:33:26.988301: | d0 4e f7 b2 ff 46 67 7e 10 2b 0f cd 87 cb e7 8c Sep 21 07:33:26.988303: | 5b 3c 86 a3 fe ef 7b 79 6b 17 bd 0f c2 5f 17 f5 Sep 21 07:33:26.988304: | 3e 6d c5 4a 2b 1a d0 f2 4c 06 90 63 01 62 eb 64 Sep 21 07:33:26.988306: | 62 0d 2a e8 86 e6 a7 36 d0 e6 f5 76 bc a1 d4 9b Sep 21 07:33:26.988307: | cd e6 65 34 44 19 16 3d 56 84 4b 55 e2 b0 8e 9a Sep 21 07:33:26.988308: | 31 eb 4d 81 e4 75 35 98 83 4b c9 1e 3a 10 fc 3a Sep 21 07:33:26.988310: | 20 6b 55 83 07 c5 c8 03 0b be d3 b0 2c 5b bd 52 Sep 21 07:33:26.988311: | 4f a1 6b ac b1 2f 83 b5 b3 f4 1b 7f 24 8a 8a 49 Sep 21 07:33:26.988313: | 90 69 f3 44 d3 b6 30 86 c4 91 a5 f7 18 1d 8d d1 Sep 21 07:33:26.988314: | 70 58 27 87 e0 f2 2c b5 35 b4 ad c6 06 49 ba e5 Sep 21 07:33:26.988315: | 96 b0 88 76 0b 9c d4 bd e4 72 7e 70 35 e9 cd a5 Sep 21 07:33:26.988317: | e2 d0 8c 5f 71 a6 21 16 26 57 32 17 42 c7 0e 95 Sep 21 07:33:26.988318: | 6e 83 1d 7d bf f9 66 68 d4 fc b6 7d ef 34 b4 21 Sep 21 07:33:26.988320: | ba 5b d8 54 98 71 bf be 64 ec 79 4a ba 74 3a cb Sep 21 07:33:26.988321: | d7 dc ec ba 11 c2 20 b7 c7 82 1b 82 63 ed a5 b4 Sep 21 07:33:26.988322: | 4c c8 c9 14 a5 4d a1 fa 9c 40 9b 13 7a cd a5 bb Sep 21 07:33:26.988324: | 35 eb dd a6 73 85 40 be 5b 94 a5 7a 07 f1 47 d3 Sep 21 07:33:26.988325: | fb b1 0b 7f 35 f8 84 de c4 80 a5 30 41 39 18 3d Sep 21 07:33:26.988327: | cd 3a c7 5c c4 b9 bc 03 9c 0a b7 09 2c 32 ac 8c Sep 21 07:33:26.988328: | 80 08 0f 8e 92 28 57 95 88 57 36 ee 12 93 28 06 Sep 21 07:33:26.988329: | bc 3b 44 fc c1 bf 70 4a 68 84 9e cb e0 77 39 c8 Sep 21 07:33:26.988331: | 33 53 9d c8 39 5c 04 9b 15 99 8f 5b 0a 13 f2 e1 Sep 21 07:33:26.988332: | de 0d 49 03 94 50 d9 98 0f de 13 cd 07 34 2d f8 Sep 21 07:33:26.988334: | f3 5c c6 4a 98 b1 f7 d9 ec 96 ce 4c 77 77 53 41 Sep 21 07:33:26.988335: | ee 03 39 78 5f 35 ec 78 37 24 81 44 b8 96 f4 7b Sep 21 07:33:26.988336: | a2 9c 10 93 e1 ae 8f e0 59 ef 54 54 85 9b b2 63 Sep 21 07:33:26.988338: | 0f 85 57 aa 8a 2d f6 31 ec 1c f4 f4 ef d5 6e 92 Sep 21 07:33:26.988339: | 04 56 a6 46 96 6b 10 16 80 00 a3 70 b7 dc 14 d1 Sep 21 07:33:26.988340: | df c6 a4 8f c1 63 95 0d ad 61 cd af 0a 50 5c fe Sep 21 07:33:26.988342: | b5 37 c4 ce 99 58 42 49 70 d7 a2 87 60 b8 b9 e1 Sep 21 07:33:26.988343: | 58 ff f1 37 db 2f 9c 47 3f 92 11 d3 b9 de 9d 0c Sep 21 07:33:26.988345: | 88 b6 82 1f 24 a0 a4 78 d0 d7 04 f5 e6 4f 8e 84 Sep 21 07:33:26.988347: | 55 d2 24 f8 ee bc 38 65 c8 93 d9 30 2a 6f ee 74 Sep 21 07:33:26.988348: | 30 e4 7e 77 bc 1b 25 e4 cc 4e 6f e7 1a 20 75 e0 Sep 21 07:33:26.988350: | bb 68 ff 0d 6a 5a 7e c6 34 59 70 30 0c fe 36 e6 Sep 21 07:33:26.988351: | 40 fd c2 7e bf 03 36 d8 47 e8 86 72 bb a5 57 11 Sep 21 07:33:26.988352: | e0 5a f0 7b f7 2a 95 4a c4 4a 21 cd e4 b4 f1 28 Sep 21 07:33:26.988354: | 54 6c 2d 86 40 82 2c 9a f2 90 05 17 9e 00 3a b7 Sep 21 07:33:26.988355: | 9c b9 a3 7b 33 96 6a 08 2b 70 e0 ca c3 62 ca 90 Sep 21 07:33:26.988357: | b6 b5 92 f9 10 5e df fc bc 4f 83 b7 42 5c 1b 7e Sep 21 07:33:26.988358: | 8e bc 7b 50 ae ad 9c c3 28 1f 97 31 c9 72 24 e6 Sep 21 07:33:26.988359: | 3c fd d6 7c e7 f6 99 b0 c1 7b 6d 5d a7 9d be 9d Sep 21 07:33:26.988361: | ee 7d 0f 47 ec c1 09 09 31 c0 06 5f 18 0c c8 09 Sep 21 07:33:26.988362: | c2 b0 c0 0b 43 69 b0 a2 e0 c7 0b 3e b8 87 56 a5 Sep 21 07:33:26.988364: | 14 92 80 89 e2 bf a4 46 07 cc de 66 07 24 f6 92 Sep 21 07:33:26.988365: | 72 cb 86 56 e1 bf 48 8d 70 be a6 ab 7c d0 a1 8d Sep 21 07:33:26.988366: | 77 8a 9b 9c f2 8b bf de f1 1a 03 1f 60 35 b1 6f Sep 21 07:33:26.988368: | f7 81 d7 2c ce 08 67 41 ae 21 e0 4a ed c4 54 8d Sep 21 07:33:26.988369: | 1d 60 95 0e 96 6c aa 2c c7 27 14 89 71 22 0e ba Sep 21 07:33:26.988371: | fc 29 d7 fb aa fa 98 c7 50 96 9c c4 Sep 21 07:33:26.988374: | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) Sep 21 07:33:26.988376: | **parse ISAKMP Message: Sep 21 07:33:26.988378: | initiator cookie: Sep 21 07:33:26.988380: | 01 a7 a6 fa 98 79 9e af Sep 21 07:33:26.988381: | responder cookie: Sep 21 07:33:26.988382: | 66 81 7f f0 7d 2f b4 22 Sep 21 07:33:26.988384: | next payload type: ISAKMP_NEXT_ID (0x5) Sep 21 07:33:26.988386: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:33:26.988388: | exchange type: ISAKMP_XCHG_IDPROT (0x2) Sep 21 07:33:26.988390: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Sep 21 07:33:26.988391: | Message ID: 0 (0x0) Sep 21 07:33:26.988393: | length: 2028 (0x7ec) Sep 21 07:33:26.988395: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) Sep 21 07:33:26.988398: | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) Sep 21 07:33:26.988401: | start processing: state #1 connection "northnet-eastnet-b" from 192.1.3.33:500 (in process_v1_packet() at ikev1.c:1435) Sep 21 07:33:26.988403: | #1 is idle Sep 21 07:33:26.988405: | #1 idle Sep 21 07:33:26.988407: | received encrypted packet from 192.1.3.33:500 Sep 21 07:33:26.988421: | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x220 opt: 0x20c0 Sep 21 07:33:26.988424: | ***parse ISAKMP Identification Payload: Sep 21 07:33:26.988425: | next payload type: ISAKMP_NEXT_CERT (0x6) Sep 21 07:33:26.988427: | length: 193 (0xc1) Sep 21 07:33:26.988428: | ID type: ID_DER_ASN1_DN (0x9) Sep 21 07:33:26.988430: | DOI specific A: 0 (0x0) Sep 21 07:33:26.988431: | DOI specific B: 0 (0x0) Sep 21 07:33:26.988433: | obj: 30 81 b6 31 0b 30 09 06 03 55 04 06 13 02 43 41 Sep 21 07:33:26.988434: | obj: 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 Sep 21 07:33:26.988436: | obj: 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 Sep 21 07:33:26.988437: | obj: 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c Sep 21 07:33:26.988439: | obj: 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 Sep 21 07:33:26.988440: | obj: 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 Sep 21 07:33:26.988441: | obj: 6e 74 31 24 30 22 06 03 55 04 03 0c 1b 6e 6f 72 Sep 21 07:33:26.988443: | obj: 74 68 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 Sep 21 07:33:26.988444: | obj: 73 77 61 6e 2e 6f 72 67 31 2f 30 2d 06 09 2a 86 Sep 21 07:33:26.988446: | obj: 48 86 f7 0d 01 09 01 16 20 75 73 65 72 2d 6e 6f Sep 21 07:33:26.988447: | obj: 72 74 68 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 Sep 21 07:33:26.988448: | obj: 65 73 77 61 6e 2e 6f 72 67 Sep 21 07:33:26.988451: | got payload 0x40 (ISAKMP_NEXT_CERT) needed: 0x200 opt: 0x20c0 Sep 21 07:33:26.988453: | ***parse ISAKMP Certificate Payload: Sep 21 07:33:26.988454: | next payload type: ISAKMP_NEXT_CR (0x7) Sep 21 07:33:26.988456: | length: 1232 (0x4d0) Sep 21 07:33:26.988458: | cert encoding: CERT_X509_SIGNATURE (0x4) Sep 21 07:33:26.988459: | got payload 0x80 (ISAKMP_NEXT_CR) needed: 0x200 opt: 0x20c0 Sep 21 07:33:26.988461: | ***parse ISAKMP Certificate RequestPayload: Sep 21 07:33:26.988462: | next payload type: ISAKMP_NEXT_SIG (0x9) Sep 21 07:33:26.988464: | length: 180 (0xb4) Sep 21 07:33:26.988465: | cert type: CERT_X509_SIGNATURE (0x4) Sep 21 07:33:26.988467: | got payload 0x200 (ISAKMP_NEXT_SIG) needed: 0x200 opt: 0x20c0 Sep 21 07:33:26.988468: | ***parse ISAKMP Signature Payload: Sep 21 07:33:26.988470: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:26.988471: | length: 388 (0x184) Sep 21 07:33:26.988473: | removing 7 bytes of padding Sep 21 07:33:26.988475: | message 'main_inI3_outR3' HASH payload not checked early Sep 21 07:33:26.988478: | DER ASN1 DN: 30 81 b6 31 0b 30 09 06 03 55 04 06 13 02 43 41 Sep 21 07:33:26.988479: | DER ASN1 DN: 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 Sep 21 07:33:26.988481: | DER ASN1 DN: 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 Sep 21 07:33:26.988482: | DER ASN1 DN: 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c Sep 21 07:33:26.988483: | DER ASN1 DN: 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 Sep 21 07:33:26.988485: | DER ASN1 DN: 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 Sep 21 07:33:26.988486: | DER ASN1 DN: 6e 74 31 24 30 22 06 03 55 04 03 0c 1b 6e 6f 72 Sep 21 07:33:26.988488: | DER ASN1 DN: 74 68 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 Sep 21 07:33:26.988489: | DER ASN1 DN: 73 77 61 6e 2e 6f 72 67 31 2f 30 2d 06 09 2a 86 Sep 21 07:33:26.988490: | DER ASN1 DN: 48 86 f7 0d 01 09 01 16 20 75 73 65 72 2d 6e 6f Sep 21 07:33:26.988492: | DER ASN1 DN: 72 74 68 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 Sep 21 07:33:26.988493: | DER ASN1 DN: 65 73 77 61 6e 2e 6f 72 67 Sep 21 07:33:26.988500: "northnet-eastnet-b" #1: Peer ID is ID_DER_ASN1_DN: 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' Sep 21 07:33:26.988504: | global one-shot timer EVENT_FREE_ROOT_CERTS scheduled in 300 seconds Sep 21 07:33:26.988506: loading root certificate cache Sep 21 07:33:26.990895: | spent 2.36 milliseconds in get_root_certs() calling PK11_ListCertsInSlot() Sep 21 07:33:26.990918: | spent 0.0137 milliseconds in get_root_certs() filtering CAs Sep 21 07:33:26.990923: | #1 spent 2.4 milliseconds in find_and_verify_certs() calling get_root_certs() Sep 21 07:33:26.990926: | checking for known CERT payloads Sep 21 07:33:26.990928: | saving certificate of type 'X509_SIGNATURE' Sep 21 07:33:26.990961: | decoded cert: E=user-north@testing.libreswan.org,CN=north.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA Sep 21 07:33:26.990967: | #1 spent 0.04 milliseconds in find_and_verify_certs() calling decode_cert_payloads() Sep 21 07:33:26.990970: | cert_issuer_has_current_crl: looking for a CRL issued by E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA Sep 21 07:33:26.991004: | #1 spent 0.0325 milliseconds in find_and_verify_certs() calling crl_update_check() Sep 21 07:33:26.991007: | missing or expired CRL Sep 21 07:33:26.991009: | crl_strict: 0, ocsp: 0, ocsp_strict: 0, ocsp_post: 0 Sep 21 07:33:26.991011: | verify_end_cert trying profile IPsec Sep 21 07:33:26.991084: | certificate is valid (profile IPsec) Sep 21 07:33:26.991090: | #1 spent 0.0798 milliseconds in find_and_verify_certs() calling verify_end_cert() Sep 21 07:33:26.991093: "northnet-eastnet-b" #1: certificate verified OK: E=user-north@testing.libreswan.org,CN=north.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA Sep 21 07:33:26.991141: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55bbb7a70150 Sep 21 07:33:26.991145: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55bbb7a70350 Sep 21 07:33:26.991146: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55bbb7a69400 Sep 21 07:33:26.991234: | unreference key: 0x55bbb7a74940 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org cnt 1-- Sep 21 07:33:26.991240: | #1 spent 0.141 milliseconds in decode_certs() calling add_pubkey_from_nss_cert() Sep 21 07:33:26.991243: | #1 spent 2.72 milliseconds in decode_certs() Sep 21 07:33:26.991251: | ID_DER_ASN1_DN 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' needs further ID comparison against 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' Sep 21 07:33:26.991255: | ID_DER_ASN1_DN 'E=user-north@testing.libreswan.org,CN=north.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' matched our ID 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' Sep 21 07:33:26.991256: | SAN ID matched, updating that.cert Sep 21 07:33:26.991258: | X509: CERT and ID matches current connection Sep 21 07:33:26.991260: | CR 30 81 ac 31 0b 30 09 06 03 55 04 06 13 02 43 41 Sep 21 07:33:26.991261: | CR 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 Sep 21 07:33:26.991263: | CR 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 Sep 21 07:33:26.991264: | CR 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c Sep 21 07:33:26.991266: | CR 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 Sep 21 07:33:26.991267: | CR 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 Sep 21 07:33:26.991268: | CR 6e 74 31 25 30 23 06 03 55 04 03 0c 1c 4c 69 62 Sep 21 07:33:26.991270: | CR 72 65 73 77 61 6e 20 74 65 73 74 20 43 41 20 66 Sep 21 07:33:26.991271: | CR 6f 72 20 6d 61 69 6e 63 61 31 24 30 22 06 09 2a Sep 21 07:33:26.991273: | CR 86 48 86 f7 0d 01 09 01 16 15 74 65 73 74 69 6e Sep 21 07:33:26.991274: | CR 67 40 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 Sep 21 07:33:26.991279: | requested CA: 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:33:26.991281: | refine_host_connection for IKEv1: starting with "northnet-eastnet-b" Sep 21 07:33:26.991286: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:33:26.991291: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:33:26.991295: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:33:26.991300: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:33:26.991301: | refine_host_connection: happy with starting point: "northnet-eastnet-b" Sep 21 07:33:26.991303: | The remote did not specify an IDr and our current connection is good enough Sep 21 07:33:26.991307: | offered CA: 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:33:26.991333: | required RSA CA is 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:33:26.991342: | checking RSA keyid 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' for match with 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' Sep 21 07:33:26.991348: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:33:26.991352: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:33:26.991357: | RSA key issuer CA is 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:33:26.991457: | an RSA Sig check passed with *AwEAAbrCE [remote certificates] Sep 21 07:33:26.991461: | #1 spent 0.101 milliseconds in try_all_keys() trying a pubkey Sep 21 07:33:26.991463: "northnet-eastnet-b" #1: Authenticated using RSA Sep 21 07:33:26.991465: | thinking about whether to send my certificate: Sep 21 07:33:26.991467: | I have RSA key: OAKLEY_RSA_SIG cert.type: CERT_X509_SIGNATURE Sep 21 07:33:26.991469: | sendcert: CERT_ALWAYSSEND and I did not get a certificate request Sep 21 07:33:26.991470: | so send cert. Sep 21 07:33:26.991474: | **emit ISAKMP Message: Sep 21 07:33:26.991476: | initiator cookie: Sep 21 07:33:26.991477: | 01 a7 a6 fa 98 79 9e af Sep 21 07:33:26.991478: | responder cookie: Sep 21 07:33:26.991480: | 66 81 7f f0 7d 2f b4 22 Sep 21 07:33:26.991482: | next payload type: ISAKMP_NEXT_ID (0x5) Sep 21 07:33:26.991483: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:33:26.991485: | exchange type: ISAKMP_XCHG_IDPROT (0x2) Sep 21 07:33:26.991487: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Sep 21 07:33:26.991488: | Message ID: 0 (0x0) Sep 21 07:33:26.991490: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:33:26.991492: | next payload chain: ignoring supplied 'ISAKMP Message'.'next payload type' value 5:ISAKMP_NEXT_ID Sep 21 07:33:26.991494: | ***emit ISAKMP Identification Payload (IPsec DOI): Sep 21 07:33:26.991496: | next payload type: ISAKMP_NEXT_CERT (0x6) Sep 21 07:33:26.991497: | ID type: ID_DER_ASN1_DN (0x9) Sep 21 07:33:26.991499: | Protocol ID: 0 (0x0) Sep 21 07:33:26.991500: | port: 0 (0x0) Sep 21 07:33:26.991502: | next payload chain: ignoring supplied 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' value 6:ISAKMP_NEXT_CERT Sep 21 07:33:26.991504: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) Sep 21 07:33:26.991506: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' Sep 21 07:33:26.991508: | emitting 183 raw bytes of my identity into ISAKMP Identification Payload (IPsec DOI) Sep 21 07:33:26.991509: | my identity 30 81 b4 31 0b 30 09 06 03 55 04 06 13 02 43 41 Sep 21 07:33:26.991511: | my identity 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 Sep 21 07:33:26.991512: | my identity 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 Sep 21 07:33:26.991514: | my identity 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c Sep 21 07:33:26.991515: | my identity 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 Sep 21 07:33:26.991517: | my identity 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 Sep 21 07:33:26.991518: | my identity 6e 74 31 23 30 21 06 03 55 04 03 0c 1a 65 61 73 Sep 21 07:33:26.991519: | my identity 74 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 Sep 21 07:33:26.991521: | my identity 77 61 6e 2e 6f 72 67 31 2e 30 2c 06 09 2a 86 48 Sep 21 07:33:26.991522: | my identity 86 f7 0d 01 09 01 16 1f 75 73 65 72 2d 65 61 73 Sep 21 07:33:26.991524: | my identity 74 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 Sep 21 07:33:26.991525: | my identity 77 61 6e 2e 6f 72 67 Sep 21 07:33:26.991527: | emitting length of ISAKMP Identification Payload (IPsec DOI): 191 Sep 21 07:33:26.991528: "northnet-eastnet-b" #1: I am sending my cert Sep 21 07:33:26.991530: | ***emit ISAKMP Certificate Payload: Sep 21 07:33:26.991532: | next payload type: ISAKMP_NEXT_SIG (0x9) Sep 21 07:33:26.991535: | cert encoding: CERT_X509_SIGNATURE (0x4) Sep 21 07:33:26.991537: | next payload chain: ignoring supplied 'ISAKMP Certificate Payload'.'next payload type' value 9:ISAKMP_NEXT_SIG Sep 21 07:33:26.991539: | next payload chain: setting previous 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' to current ISAKMP Certificate Payload (6:ISAKMP_NEXT_CERT) Sep 21 07:33:26.991540: | next payload chain: saving location 'ISAKMP Certificate Payload'.'next payload type' in 'reply packet' Sep 21 07:33:26.991542: | emitting 1260 raw bytes of CERT into ISAKMP Certificate Payload Sep 21 07:33:26.991544: | CERT 30 82 04 e8 30 82 04 51 a0 03 02 01 02 02 01 03 Sep 21 07:33:26.991545: | CERT 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 Sep 21 07:33:26.991547: | CERT 81 ac 31 0b 30 09 06 03 55 04 06 13 02 43 41 31 Sep 21 07:33:26.991548: | CERT 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 69 Sep 21 07:33:26.991549: | CERT 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 6f Sep 21 07:33:26.991551: | CERT 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c 69 Sep 21 07:33:26.991552: | CERT 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 0b Sep 21 07:33:26.991554: | CERT 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 6e Sep 21 07:33:26.991555: | CERT 74 31 25 30 23 06 03 55 04 03 0c 1c 4c 69 62 72 Sep 21 07:33:26.991556: | CERT 65 73 77 61 6e 20 74 65 73 74 20 43 41 20 66 6f Sep 21 07:33:26.991558: | CERT 72 20 6d 61 69 6e 63 61 31 24 30 22 06 09 2a 86 Sep 21 07:33:26.991559: | CERT 48 86 f7 0d 01 09 01 16 15 74 65 73 74 69 6e 67 Sep 21 07:33:26.991561: | CERT 40 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 30 22 Sep 21 07:33:26.991562: | CERT 18 0f 32 30 31 39 30 39 31 35 31 39 34 34 35 39 Sep 21 07:33:26.991563: | CERT 5a 18 0f 32 30 32 32 30 39 31 34 31 39 34 34 35 Sep 21 07:33:26.991565: | CERT 39 5a 30 81 b4 31 0b 30 09 06 03 55 04 06 13 02 Sep 21 07:33:26.991566: | CERT 43 41 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 Sep 21 07:33:26.991568: | CERT 61 72 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 Sep 21 07:33:26.991569: | CERT 6f 72 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c Sep 21 07:33:26.991570: | CERT 09 4c 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 Sep 21 07:33:26.991572: | CERT 55 04 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 Sep 21 07:33:26.991573: | CERT 6d 65 6e 74 31 23 30 21 06 03 55 04 03 0c 1a 65 Sep 21 07:33:26.991575: | CERT 61 73 74 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 Sep 21 07:33:26.991576: | CERT 65 73 77 61 6e 2e 6f 72 67 31 2e 30 2c 06 09 2a Sep 21 07:33:26.991577: | CERT 86 48 86 f7 0d 01 09 01 16 1f 75 73 65 72 2d 65 Sep 21 07:33:26.991579: | CERT 61 73 74 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 Sep 21 07:33:26.991580: | CERT 65 73 77 61 6e 2e 6f 72 67 30 82 01 a2 30 0d 06 Sep 21 07:33:26.991582: | CERT 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 8f Sep 21 07:33:26.991583: | CERT 00 30 82 01 8a 02 82 01 81 00 b0 0d 9e ca 2d 55 Sep 21 07:33:26.991584: | CERT 24 59 06 37 09 58 0d 06 ab 90 5e 98 7c 00 0b 66 Sep 21 07:33:26.991586: | CERT 73 f4 12 27 69 75 6e d4 8d 13 e9 c6 e9 4f c4 b1 Sep 21 07:33:26.991587: | CERT 19 1a 1a 4f e6 4e 06 da 29 ec cf 8d 4c c3 c3 57 Sep 21 07:33:26.991589: | CERT c0 24 57 83 7a 1b 7f 96 a3 21 66 67 52 68 8e 77 Sep 21 07:33:26.991590: | CERT b9 bb f6 9b d2 43 11 57 c9 d6 ca e2 39 73 93 ea Sep 21 07:33:26.991591: | CERT 99 99 f7 52 38 4d 58 69 7f a5 18 9b ff 66 72 6c Sep 21 07:33:26.991593: | CERT df 6d df 18 50 cf 10 98 a3 f5 f9 69 27 5b 3f bd Sep 21 07:33:26.991594: | CERT 0f 34 18 93 99 1a be 8a 46 84 37 69 71 7f a7 df Sep 21 07:33:26.991596: | CERT d0 9d b2 9d ad 80 0f d0 1a 40 cb ff 37 20 ac ac Sep 21 07:33:26.991597: | CERT 3d a9 8e 56 56 cf 25 c0 5e 55 52 86 5a c5 b4 ce Sep 21 07:33:26.991598: | CERT a8 dd 95 cf ab 38 91 f6 1f 9f 83 36 d5 3f 8c d3 Sep 21 07:33:26.991600: | CERT 1d f5 3f 23 3c d2 5c 87 23 bc 6a 67 f7 00 c3 96 Sep 21 07:33:26.991601: | CERT 3f 76 5c b9 8e 6f 2b 16 90 2c 00 c0 05 a0 e2 8d Sep 21 07:33:26.991605: | CERT 57 d5 76 34 7f 6f be e8 48 79 08 91 a8 17 72 1f Sep 21 07:33:26.991606: | CERT c0 1c 8a 52 a8 18 aa 32 3c 9a e4 d9 90 58 25 5e Sep 21 07:33:26.991607: | CERT 4c 49 8e cb 7a 33 19 d2 87 1a 2a 8e b5 04 f7 f9 Sep 21 07:33:26.991609: | CERT cd 80 8c 59 ae 34 61 c5 1d de 53 65 fe 4f f3 f4 Sep 21 07:33:26.991610: | CERT 09 f2 b4 21 7a 2b eb 1f 4a f2 5f 85 3a f0 f8 2b Sep 21 07:33:26.991612: | CERT 3b 42 5b da 89 c1 ef b2 81 18 2a 4b 57 a2 ca 63 Sep 21 07:33:26.991613: | CERT 8b a7 60 8e 54 95 c3 20 5c e5 53 f0 4a 57 df 41 Sep 21 07:33:26.991614: | CERT fa 06 e6 ab 4e 0b 46 49 14 0d db b0 dc 10 2e 6d Sep 21 07:33:26.991616: | CERT 5f 52 cb 75 36 1b e2 1d 9d 77 0f 73 9d 0a 64 07 Sep 21 07:33:26.991617: | CERT 84 f4 0e 0a 98 97 58 c4 40 f6 1b ac a3 be 21 aa Sep 21 07:33:26.991619: | CERT 67 3a 2b b1 0e b7 9a 36 ff 67 02 03 01 00 01 a3 Sep 21 07:33:26.991620: | CERT 82 01 06 30 82 01 02 30 09 06 03 55 1d 13 04 02 Sep 21 07:33:26.991622: | CERT 30 00 30 47 06 03 55 1d 11 04 40 30 3e 82 1a 65 Sep 21 07:33:26.991623: | CERT 61 73 74 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 Sep 21 07:33:26.991624: | CERT 65 73 77 61 6e 2e 6f 72 67 81 1a 65 61 73 74 40 Sep 21 07:33:26.991626: | CERT 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 Sep 21 07:33:26.991627: | CERT 6e 2e 6f 72 67 87 04 c0 01 02 17 30 0b 06 03 55 Sep 21 07:33:26.991629: | CERT 1d 0f 04 04 03 02 07 80 30 1d 06 03 55 1d 25 04 Sep 21 07:33:26.991630: | CERT 16 30 14 06 08 2b 06 01 05 05 07 03 01 06 08 2b Sep 21 07:33:26.991631: | CERT 06 01 05 05 07 03 02 30 41 06 08 2b 06 01 05 05 Sep 21 07:33:26.991633: | CERT 07 01 01 04 35 30 33 30 31 06 08 2b 06 01 05 05 Sep 21 07:33:26.991634: | CERT 07 30 01 86 25 68 74 74 70 3a 2f 2f 6e 69 63 2e Sep 21 07:33:26.991636: | CERT 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 Sep 21 07:33:26.991637: | CERT 6e 2e 6f 72 67 3a 32 35 36 30 30 3d 06 03 55 1d Sep 21 07:33:26.991638: | CERT 1f 04 36 30 34 30 32 a0 30 a0 2e 86 2c 68 74 74 Sep 21 07:33:26.991640: | CERT 70 3a 2f 2f 6e 69 63 2e 74 65 73 74 69 6e 67 2e Sep 21 07:33:26.991641: | CERT 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 2f 72 65 Sep 21 07:33:26.991643: | CERT 76 6f 6b 65 64 2e 63 72 6c 30 0d 06 09 2a 86 48 Sep 21 07:33:26.991644: | CERT 86 f7 0d 01 01 0b 05 00 03 81 81 00 bf 3c 12 c5 Sep 21 07:33:26.991645: | CERT 00 3e 71 2a 2b 2b 60 83 b9 b9 f2 4d b1 ca 0e fd Sep 21 07:33:26.991647: | CERT b4 e0 0b 6a ad 54 d7 c9 98 57 e0 5c 26 4d bf 11 Sep 21 07:33:26.991648: | CERT 23 20 79 05 b6 1b 9b 09 ed 4f 2e fd 7e da 55 53 Sep 21 07:33:26.991650: | CERT b6 8c 88 fa f3 9b ce ec ef 95 37 11 70 ce 1c 98 Sep 21 07:33:26.991651: | CERT d3 d5 cf f6 30 71 44 78 fb 45 03 69 50 d5 a5 c3 Sep 21 07:33:26.991652: | CERT de 00 4c f7 0a 7d 00 cb 3a ab 11 74 6b 57 67 4d Sep 21 07:33:26.991654: | CERT e7 c0 3a 97 98 44 e2 15 9d f2 6f 1b c7 b1 15 d0 Sep 21 07:33:26.991655: | CERT 88 c4 dc 32 b7 72 1d 9c ac 1b 37 63 Sep 21 07:33:26.991657: | emitting length of ISAKMP Certificate Payload: 1265 Sep 21 07:33:26.991680: | started looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org of kind PKK_RSA Sep 21 07:33:26.991719: | searching for certificate PKK_RSA:AwEAAbANn vs PKK_RSA:AwEAAbANn Sep 21 07:33:26.997453: | ***emit ISAKMP Signature Payload: Sep 21 07:33:26.997462: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:26.997465: | next payload chain: setting previous 'ISAKMP Certificate Payload'.'next payload type' to current ISAKMP Signature Payload (9:ISAKMP_NEXT_SIG) Sep 21 07:33:26.997467: | next payload chain: saving location 'ISAKMP Signature Payload'.'next payload type' in 'reply packet' Sep 21 07:33:26.997469: | emitting 384 raw bytes of SIG_R into ISAKMP Signature Payload Sep 21 07:33:26.997474: | SIG_R 1a d0 99 49 ce 3b 1e 04 cd 73 0c f6 4e 3f 93 34 Sep 21 07:33:26.997476: | SIG_R 04 e7 b0 64 b4 23 68 78 1b 7d c5 86 27 8f ea 99 Sep 21 07:33:26.997477: | SIG_R 9b f0 86 99 88 78 9c 6d 94 b1 fd 82 ca df 44 9e Sep 21 07:33:26.997478: | SIG_R 26 d1 b3 3e 32 54 dc 20 79 3e 5d a0 e9 33 d1 56 Sep 21 07:33:26.997480: | SIG_R 0c b6 7c 6d fc 7a f5 16 45 43 c0 31 06 94 04 10 Sep 21 07:33:26.997481: | SIG_R 0c 74 74 05 de 41 69 af 6d 6f 65 c7 da 0e bf 92 Sep 21 07:33:26.997483: | SIG_R b9 fc e1 fb 4a c3 52 67 b2 da 63 71 5a f7 f5 fe Sep 21 07:33:26.997484: | SIG_R 14 70 50 b0 7b 62 3b 7f 1f fe f1 4c 21 10 63 65 Sep 21 07:33:26.997485: | SIG_R c3 f6 08 d7 63 d8 ea 64 08 97 81 58 42 e4 95 97 Sep 21 07:33:26.997487: | SIG_R 60 15 cc d9 33 61 1a 85 ef bc 66 cd ce 05 e1 08 Sep 21 07:33:26.997488: | SIG_R 39 90 cc 0c 27 e3 39 de 6b 3e 24 b7 4c 5f 09 4d Sep 21 07:33:26.997490: | SIG_R 0c e9 0f 95 97 f0 25 4f 86 b5 72 73 a6 af 53 0c Sep 21 07:33:26.997491: | SIG_R d5 cb e6 94 e1 46 0e d1 65 bf 81 3e 4b 24 7c 0b Sep 21 07:33:26.997492: | SIG_R b6 fe a1 70 f6 39 5e ab fc 6b f2 a0 94 42 5b cd Sep 21 07:33:26.997494: | SIG_R 9c 94 59 83 a5 b3 58 9b fc d2 2d c4 dd 25 43 d1 Sep 21 07:33:26.997495: | SIG_R cf 4f f2 e7 01 67 3c ca 3f 72 3a d2 11 5b 07 09 Sep 21 07:33:26.997497: | SIG_R 2a 0d 3d e0 87 56 66 b3 8e c5 72 13 68 92 da b7 Sep 21 07:33:26.997498: | SIG_R d7 fe 53 6b b4 94 bd 5f fe ab b7 f2 a3 c6 3d ee Sep 21 07:33:26.997499: | SIG_R 4e ee bf 9c 53 df c4 72 74 43 5a a6 f4 4f ba 9b Sep 21 07:33:26.997501: | SIG_R 96 e4 3e 07 22 34 24 92 f9 d7 81 c8 61 3d 83 79 Sep 21 07:33:26.997502: | SIG_R f4 43 6f cb 9d 36 aa 9b 61 27 1d 29 c0 d9 db 00 Sep 21 07:33:26.997504: | SIG_R 4b a8 91 d9 50 58 72 cc 4b 69 76 6d 11 d2 11 ef Sep 21 07:33:26.997505: | SIG_R ec ed 46 30 34 1f 4e 99 a5 57 c0 9f 80 c1 f0 c1 Sep 21 07:33:26.997506: | SIG_R 5e 5f 50 60 e8 8e eb e4 28 fb 30 78 0a 9e 15 e7 Sep 21 07:33:26.997508: | emitting length of ISAKMP Signature Payload: 388 Sep 21 07:33:26.997510: | emitting 12 zero bytes of encryption padding into ISAKMP Message Sep 21 07:33:26.997512: | no IKEv1 message padding required Sep 21 07:33:26.997513: | emitting length of ISAKMP Message: 1884 Sep 21 07:33:26.997524: | FOR_EACH_CONNECTION_... in ISAKMP_SA_established Sep 21 07:33:26.997626: | complete v1 state transition with STF_OK Sep 21 07:33:26.997633: | [RE]START processing: state #1 connection "northnet-eastnet-b" from 192.1.3.33:500 (in complete_v1_state_transition() at ikev1.c:2649) Sep 21 07:33:26.997635: | #1 is idle Sep 21 07:33:26.997637: | doing_xauth:no, t_xauth_client_done:no Sep 21 07:33:26.997638: | IKEv1: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3 Sep 21 07:33:26.997641: | parent state #1: MAIN_R2(open IKE SA) => MAIN_R3(established IKE SA) Sep 21 07:33:26.997643: | event_already_set, deleting event Sep 21 07:33:26.997645: | state #1 requesting EVENT_RETRANSMIT to be deleted Sep 21 07:33:26.997647: | #1 STATE_MAIN_R3: retransmits: cleared Sep 21 07:33:26.997651: | libevent_free: release ptr-libevent@0x55bbb7a69370 Sep 21 07:33:26.997653: | free_event_entry: release EVENT_RETRANSMIT-pe@0x55bbb7a6f540 Sep 21 07:33:26.997657: | sending reply packet to 192.1.3.33:500 (from 192.1.2.23:500) Sep 21 07:33:26.997663: | sending 1884 bytes for STATE_MAIN_R2 through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) Sep 21 07:33:26.997665: | 01 a7 a6 fa 98 79 9e af 66 81 7f f0 7d 2f b4 22 Sep 21 07:33:26.997666: | 05 10 02 01 00 00 00 00 00 00 07 5c 14 e3 2e 9d Sep 21 07:33:26.997668: | b5 36 a4 4f 41 a5 c7 ef 0d 87 22 45 c4 ee fa fe Sep 21 07:33:26.997669: | b6 e0 ec f6 18 3f f5 fa 34 81 78 00 e4 70 d4 f3 Sep 21 07:33:26.997671: | 14 dd f4 ea 9d 33 3d 82 8f c3 17 f7 c8 4b 09 57 Sep 21 07:33:26.997672: | 99 fc 90 d8 9d 5c d0 c9 d6 46 df 8b 5f 2d aa 80 Sep 21 07:33:26.997673: | 3d 90 69 33 8b ca 6c a4 18 22 56 69 4c f9 d3 73 Sep 21 07:33:26.997675: | 4f 6a d9 48 2d f2 1d 2e 2d a7 f0 63 c2 ce ef ba Sep 21 07:33:26.997678: | 14 86 f3 aa 5d 40 d4 b3 1d 6d 4a 62 ac 44 9c 10 Sep 21 07:33:26.997680: | 2d 98 3e 59 64 79 7d 17 05 05 2f df 1b 72 a2 b4 Sep 21 07:33:26.997681: | 78 aa cb cc 66 57 29 fc fb 35 94 a7 f8 46 d8 57 Sep 21 07:33:26.997682: | b3 77 eb a0 33 79 34 40 32 e5 a0 a9 37 82 6c eb Sep 21 07:33:26.997684: | 93 60 bf 78 db 6f 8f 1e 19 19 09 e2 3f 27 b9 21 Sep 21 07:33:26.997685: | 49 9a 40 d5 48 ff d1 a1 a9 85 bb 0e 3c a0 7b 27 Sep 21 07:33:26.997687: | 06 c5 18 63 9b f0 c6 c3 b3 8c 9f 07 45 38 7c 9c Sep 21 07:33:26.997688: | 1a 17 77 b4 01 41 3a 53 68 0f c8 f3 5d 6a f4 df Sep 21 07:33:26.997690: | 3c b5 96 7c fc ed bb f7 f8 88 d2 d0 ad ea 4e 2a Sep 21 07:33:26.997691: | 7e 10 d8 1c 6e 55 bc 20 97 74 25 c2 aa 09 4d e9 Sep 21 07:33:26.997692: | 2c 11 01 f6 d3 39 57 b6 5e e1 56 c6 b0 42 6c f9 Sep 21 07:33:26.997694: | 71 de f0 c2 d3 fd e7 d8 fb ba dd 9d 36 e7 99 06 Sep 21 07:33:26.997695: | 01 75 2a 6a c6 e4 ab 63 53 c0 e2 7e 79 05 39 a2 Sep 21 07:33:26.997697: | fc a3 e7 a8 9b 2a 3a 7e a4 0e 06 f8 ef b5 77 dc Sep 21 07:33:26.997698: | ae 83 98 86 67 e2 21 fe 27 8a 6a d7 b9 99 19 48 Sep 21 07:33:26.997700: | 44 3d b3 86 95 d0 27 bb 77 87 87 6d bc 7d 2a ea Sep 21 07:33:26.997701: | 4f ee cc e9 f0 97 bf 35 4d 7e 1c 17 32 bd e6 ac Sep 21 07:33:26.997702: | e9 29 33 79 27 6d d8 10 0d f0 c3 9e cb 3a 11 76 Sep 21 07:33:26.997704: | a6 65 2b 80 3d cc fa 4e 39 ab ef d9 aa 89 72 ba Sep 21 07:33:26.997705: | ff f0 29 15 81 8d c4 bb 91 a5 d4 77 23 6b 53 54 Sep 21 07:33:26.997707: | 8e 73 31 b1 ef 2d a9 0b ba 04 c9 5f c6 41 53 f6 Sep 21 07:33:26.997708: | b5 fb 99 e9 27 fe 81 fa 45 57 69 c7 82 81 24 1b Sep 21 07:33:26.997709: | 3f ce 73 53 cb 44 70 f6 f0 c4 e6 2c 22 a6 ce 42 Sep 21 07:33:26.997711: | ad 98 4c 3e a8 45 85 5b d5 01 fb 48 12 fe 84 64 Sep 21 07:33:26.997712: | 98 5e 5e 86 c6 1a 34 36 85 48 6b d7 33 81 61 da Sep 21 07:33:26.997714: | 4d f5 22 86 05 98 11 8c d9 03 df 5f 19 c7 ee 3c Sep 21 07:33:26.997715: | 79 ed 84 e6 b8 08 df 39 0c 98 59 52 b9 ff 8e 08 Sep 21 07:33:26.997717: | 7f dc c0 20 fe c8 43 de 03 d7 9b f8 d7 4c fc 27 Sep 21 07:33:26.997718: | f6 3b aa 50 0f 98 fe 1e 0b d7 d2 8d dd cb be 13 Sep 21 07:33:26.997719: | dc 08 ba 05 75 e7 5d 31 f8 36 a6 a7 65 a1 d5 ca Sep 21 07:33:26.997721: | 9c 85 56 63 99 7f 97 d2 23 17 34 38 4b 6a 85 ae Sep 21 07:33:26.997722: | cf 88 41 80 47 c0 08 cf a0 97 d9 9e e0 ff 33 76 Sep 21 07:33:26.997724: | 15 d0 4d c4 d5 bf 2b 16 e6 b4 24 32 de 9e 78 8a Sep 21 07:33:26.997725: | 9b 93 3b a0 8a 61 c3 7a 0d e3 d6 f5 27 57 e9 d0 Sep 21 07:33:26.997727: | 0d c0 bb 65 d0 35 e8 a7 fd 1a 49 7b 5e 09 9a 30 Sep 21 07:33:26.997728: | 9e 4b 3e ad 04 cf b6 42 bc 18 6a d1 ff c4 d3 2b Sep 21 07:33:26.997729: | 13 fa 31 92 87 d3 1f 5a a2 6c 63 60 23 1e bc dc Sep 21 07:33:26.997731: | f3 10 15 3a 07 64 9c 6f 4b 3d 3a ba 8e 31 07 ee Sep 21 07:33:26.997732: | 27 8f 69 61 1c 5e 70 62 17 df 27 4d 83 b9 95 ad Sep 21 07:33:26.997734: | ca e9 9c be 99 f1 fc 51 8f c0 02 b2 ca 34 bc 53 Sep 21 07:33:26.997735: | 2a 00 80 37 3e 50 27 0b 0f a6 cb 61 6d cc 51 b9 Sep 21 07:33:26.997736: | 39 87 94 1e 34 d7 cb b1 11 86 b2 d3 cf 71 2c 09 Sep 21 07:33:26.997738: | 06 ba 99 4c 9a ca 8d 40 48 90 dd 64 22 65 fd 14 Sep 21 07:33:26.997739: | 16 7b d3 dc e7 b3 32 99 d3 b4 f5 6f 27 a0 7b eb Sep 21 07:33:26.997741: | b5 75 8c 28 0c 3a 04 bf 1a 0b da bf 30 9d 6d bf Sep 21 07:33:26.997742: | 57 10 66 06 22 d1 0d 01 ab 82 96 21 b6 e5 a0 2d Sep 21 07:33:26.997744: | 04 fc df a6 e6 58 da 93 58 ea d6 81 66 e4 c1 2a Sep 21 07:33:26.997745: | b3 41 9f 9f 0e e0 2c c9 06 96 6b d6 bd 1b 95 57 Sep 21 07:33:26.997746: | cd 25 43 42 4b 08 b8 f5 b5 14 5f 19 0a 21 9e 80 Sep 21 07:33:26.997748: | e6 45 66 71 12 74 11 60 4c 3e ab 96 5a e4 9c 34 Sep 21 07:33:26.997749: | 50 2a bd e5 db 38 f3 9a 3c 4b 0a ab e5 fc 92 44 Sep 21 07:33:26.997751: | 05 72 19 3c be 2d 89 56 01 e7 8c 52 7b e2 32 d1 Sep 21 07:33:26.997753: | c9 75 61 19 26 80 8d 72 36 9d 3a ab c6 3a 62 25 Sep 21 07:33:26.997754: | b4 b0 a4 e6 19 f7 fe 7f e6 f3 b2 1b 78 fb 66 ba Sep 21 07:33:26.997756: | 86 68 66 42 6a c6 e9 4e 61 08 69 58 a7 cf d8 1d Sep 21 07:33:26.997757: | 38 27 2b 37 ea 55 dd 93 ae 84 fa 1a 14 d2 b6 8a Sep 21 07:33:26.997759: | f5 b9 84 35 6c fc f5 43 90 99 1a b7 07 70 d6 13 Sep 21 07:33:26.997760: | 65 09 cc 6f 6c 73 5d 8b a2 b8 3a 3c 3a f9 20 d7 Sep 21 07:33:26.997762: | 1c 9a 15 bb 1a 5b 56 9c 94 36 05 60 0c a6 04 5e Sep 21 07:33:26.997763: | 0d 04 81 67 5a ae 5d 5f c3 13 a5 4d 34 dc e5 ee Sep 21 07:33:26.997764: | b0 8e 22 03 52 bf 87 71 db 54 e6 3b 40 57 ed 6a Sep 21 07:33:26.997766: | 09 d3 42 61 08 60 8c 8a 5d f2 6e 85 63 11 7f cf Sep 21 07:33:26.997767: | df 7b cb 75 d7 23 18 44 01 28 0c 6c 69 96 a0 d1 Sep 21 07:33:26.997769: | 53 fe 48 d8 15 9b 49 4a 60 10 98 24 9e 0e 22 8e Sep 21 07:33:26.997770: | 8a 37 ed 9d a3 cf 43 a2 14 02 42 50 2c d6 72 0c Sep 21 07:33:26.997771: | 1e 41 f8 14 65 f5 ff 1a b3 0e fe 1d 40 03 b0 c4 Sep 21 07:33:26.997773: | f1 07 d2 e3 62 90 3a 6a 0c b7 e7 db 90 c0 cd 7f Sep 21 07:33:26.997774: | 67 fb f4 8c 97 aa d5 e5 3d 86 d7 1c e6 fe 25 fb Sep 21 07:33:26.997776: | 68 c7 74 61 71 d4 60 9b 6a cc b1 9e f7 18 53 1d Sep 21 07:33:26.997777: | 81 d8 91 15 e3 31 f8 b8 55 b7 be 47 cb d1 b5 70 Sep 21 07:33:26.997778: | b4 46 76 38 77 b7 51 8b ad 4b 33 02 92 9b 83 47 Sep 21 07:33:26.997780: | 3e 83 9e 79 00 fd cf 65 4f 53 81 c5 f0 90 9d ac Sep 21 07:33:26.997781: | b5 6e 93 d9 4d 0e a3 41 bb 7a f4 5d 3e 8b 86 f7 Sep 21 07:33:26.997790: | d7 36 e5 e8 5f d8 3e 6e 82 85 0f 24 44 1d 2c ae Sep 21 07:33:26.997793: | 2d 06 db 7e 35 48 79 8d 80 29 44 c5 a4 4b ec 6c Sep 21 07:33:26.997795: | f0 36 75 fc ad 9c bc 25 dc e8 43 f8 3c a3 53 df Sep 21 07:33:26.997796: | 8f 15 ad 09 6b 23 05 a2 1e 83 16 9f 39 df 3b 4b Sep 21 07:33:26.997797: | 3f 8b de d7 3f 1d 90 c0 0c 55 9f 9a b3 72 3a 02 Sep 21 07:33:26.997799: | 79 a7 d7 82 01 6f 99 a5 0c 4b a6 c6 2e 68 e2 99 Sep 21 07:33:26.997800: | a3 41 84 e7 f5 45 0c 76 80 e1 4a ed 68 77 4a 93 Sep 21 07:33:26.997802: | 30 8a 7a b8 3f fc da fe 10 c0 a7 45 fd 16 c9 41 Sep 21 07:33:26.997803: | 19 02 d1 1d 52 52 85 92 70 f4 77 58 9b d5 bf d0 Sep 21 07:33:26.997804: | 7c 45 cd 7e 09 79 ca 70 8a e5 33 d1 51 04 bd f8 Sep 21 07:33:26.997806: | c8 1b 70 bb dc 62 85 e6 41 0a 8d 71 8f e2 81 11 Sep 21 07:33:26.997807: | cb fe dd d5 d5 ae 2d a3 70 fb b7 cb 3e 54 e0 62 Sep 21 07:33:26.997809: | bc 68 cd e1 8d a0 58 f0 0d 8b 01 07 7f 89 c8 f7 Sep 21 07:33:26.997810: | e7 7a da b1 2b 8d fa f1 b3 77 9e ef 68 56 21 6e Sep 21 07:33:26.997811: | ee 87 f6 22 a1 f0 21 85 68 b5 ca 4e 7c 12 f3 47 Sep 21 07:33:26.997813: | 1a be 79 ea ff 30 99 00 0d 80 bf 21 2c b8 1f 16 Sep 21 07:33:26.997827: | bb e4 50 a3 00 4c 3a d8 cd 42 0a 22 a5 69 e8 50 Sep 21 07:33:26.997829: | 07 b9 cc 32 6b a2 4c 0c cd 2a 7b a7 c2 77 14 d8 Sep 21 07:33:26.997830: | c4 96 6f a4 ef c7 43 79 3b de 6c 6c 4a 0e 00 85 Sep 21 07:33:26.997831: | 76 41 a2 ee 11 3d b6 a2 5b e0 97 20 40 5a 51 e7 Sep 21 07:33:26.997833: | 0b 27 81 a1 b8 81 43 07 22 eb f1 66 ca f9 c4 4f Sep 21 07:33:26.997834: | e6 d2 db c0 6e db 5a 00 37 c4 9d 37 99 03 9a b9 Sep 21 07:33:26.997836: | 68 32 6c dc 3d c1 40 57 e9 98 d4 ce b3 ba 61 06 Sep 21 07:33:26.997837: | 5f 11 b5 d5 6e 5a 5a 7a 87 23 e3 79 e2 72 65 26 Sep 21 07:33:26.997838: | e9 de 6b 6e 3c 30 a8 63 ff 0d ae 34 58 d1 82 26 Sep 21 07:33:26.997840: | 7c 75 24 6c b3 c4 16 eb 17 b7 a3 ab 59 22 27 a2 Sep 21 07:33:26.997841: | b8 1f 3d e4 1d 08 b8 85 b0 a3 1e c3 7e 4f 8c d4 Sep 21 07:33:26.997843: | 2c d8 78 ed d3 d8 ae 97 d9 35 86 49 67 4b 2f 69 Sep 21 07:33:26.997844: | b4 c8 56 97 68 ff ec 36 d3 82 ec 09 1e 10 b8 ad Sep 21 07:33:26.997845: | d8 61 dc 6e ee 44 99 3e 8d 7c 2d 61 a1 38 b2 41 Sep 21 07:33:26.997847: | 1e 89 b1 0a 26 a6 2e 14 95 9f 1d c0 44 25 ca cf Sep 21 07:33:26.997849: | f7 95 95 4c 95 93 9b d6 86 b8 43 69 db e4 c7 30 Sep 21 07:33:26.997851: | c7 26 42 ed 6e 1c 0f d5 8b a2 b8 66 e8 f0 3f fc Sep 21 07:33:26.997852: | a8 2f 0e 56 fa 6a 63 85 0c e4 2d c9 5a c2 3b fd Sep 21 07:33:26.997853: | 23 32 9f 45 e3 70 4a 5c 70 5f ea dd 01 f0 ed dd Sep 21 07:33:26.997855: | bd 3b a3 b7 88 ee ec 1f 33 48 b9 41 15 e8 98 f5 Sep 21 07:33:26.997856: | d5 80 7a f8 03 4c 5a a7 5a 25 67 fa Sep 21 07:33:26.997911: | !event_already_set at reschedule Sep 21 07:33:26.997914: | event_schedule: new EVENT_SA_REPLACE-pe@0x7f928c002b20 Sep 21 07:33:26.997917: | inserting event EVENT_SA_REPLACE, timeout in 3330 seconds for #1 Sep 21 07:33:26.997919: | libevent_malloc: new ptr-libevent@0x55bbb7a69370 size 128 Sep 21 07:33:26.997922: | pstats #1 ikev1.isakmp established Sep 21 07:33:26.997925: "northnet-eastnet-b" #1: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=RSA_SIG cipher=AES_CBC_256 integ=HMAC_SHA2_256 group=MODP2048} Sep 21 07:33:26.997927: | DPD: dpd_init() called on ISAKMP SA Sep 21 07:33:26.997929: | DPD: Peer supports Dead Peer Detection Sep 21 07:33:26.997930: | DPD: not initializing DPD because DPD is disabled locally Sep 21 07:33:26.997932: | modecfg pull: noquirk policy:push not-client Sep 21 07:33:26.997933: | phase 1 is done, looking for phase 2 to unpend Sep 21 07:33:26.997935: | unpending state #1 Sep 21 07:33:26.997939: | #1 spent 6.42 milliseconds Sep 21 07:33:26.997941: | #1 spent 9.38 milliseconds in process_packet_tail() Sep 21 07:33:26.997944: | stop processing: from 192.1.3.33:500 (BACKGROUND) (in process_md() at demux.c:380) Sep 21 07:33:26.997948: | stop processing: state #1 connection "northnet-eastnet-b" from 192.1.3.33:500 (in process_md() at demux.c:382) Sep 21 07:33:26.997950: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:33:26.997952: | spent 9.71 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:33:27.004586: | spent 0.00289 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:33:27.004604: | *received 476 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) Sep 21 07:33:27.004607: | 01 a7 a6 fa 98 79 9e af 66 81 7f f0 7d 2f b4 22 Sep 21 07:33:27.004609: | 08 10 20 01 e2 f3 50 6c 00 00 01 dc 8c c7 9d 23 Sep 21 07:33:27.004610: | 66 c6 ba 22 5a f3 81 02 ae 1c 40 bd ec 2e 6f f3 Sep 21 07:33:27.004612: | a4 0b e9 b8 d7 ed dc 61 5f b6 2a f2 be 14 ef 77 Sep 21 07:33:27.004613: | 6d 08 f0 00 df d0 b1 32 0e 7d d2 0f 4f 2d 59 a6 Sep 21 07:33:27.004615: | 43 65 8e 93 dd 30 52 9a fb 69 91 62 43 18 fd f1 Sep 21 07:33:27.004617: | a1 ab 34 c3 75 f6 c1 5a 5e 87 d1 93 c8 fd fd 05 Sep 21 07:33:27.004619: | a6 12 53 92 d9 cd c0 ab 93 e8 8c 9f 86 9a 84 ca Sep 21 07:33:27.004621: | fb e6 ab 60 72 ad 6c b2 5a 04 81 d0 c5 84 bf 8b Sep 21 07:33:27.004623: | 2e 95 ed 03 1a 38 8f dc 6d 0f 7a eb 6a 65 dc 14 Sep 21 07:33:27.004625: | e3 3e eb ec 6f 8b a5 04 5e f4 e3 34 bd 86 4c 46 Sep 21 07:33:27.004627: | 49 07 6f 67 35 84 38 ff e8 13 e5 c2 4e 64 74 0f Sep 21 07:33:27.004629: | 4f f3 d5 48 5c 09 eb 36 4e 51 fa c3 5b aa 35 29 Sep 21 07:33:27.004631: | a9 aa 07 d3 14 bf 60 4c 93 07 95 9d e0 5a d0 f2 Sep 21 07:33:27.004633: | b5 57 0a 01 03 45 eb cf 3c ee 1e ad 09 db a9 dc Sep 21 07:33:27.004635: | 8c 55 77 c8 e9 c2 bc f2 27 8b 53 c8 77 93 7a 72 Sep 21 07:33:27.004638: | 07 a8 57 b6 0b 51 4e 2f 35 83 22 9c d7 5e 61 79 Sep 21 07:33:27.004640: | 3d 90 c6 10 d9 47 69 e0 02 21 cf 90 11 e3 1c ad Sep 21 07:33:27.004642: | bd bd f9 7b 8f a7 bd d1 8c d6 df 5d 2b 55 74 2e Sep 21 07:33:27.004644: | 3c 62 34 fd 2a 0b 6c e4 da 02 22 eb f0 8f 3b b5 Sep 21 07:33:27.004646: | 42 bf 49 ec 96 73 50 5f 42 6e 36 d5 58 d5 1d 92 Sep 21 07:33:27.004648: | b2 19 72 77 df a9 2d bf 40 f4 70 d6 00 54 ac e8 Sep 21 07:33:27.004651: | 99 45 6e 3b bd 10 97 ca 13 a5 cd 59 2f b2 62 18 Sep 21 07:33:27.004653: | 63 29 4c 1f 0a 81 3e fc f3 e5 36 c1 01 c9 57 2e Sep 21 07:33:27.004658: | 62 96 27 d5 e6 de 60 67 ab ce b4 40 dd 8a ff cd Sep 21 07:33:27.004660: | 23 9d 06 89 99 24 9e 5b e7 cd c9 8e 23 22 93 7c Sep 21 07:33:27.004662: | 8e da 5a d4 46 ac e3 3a ba df 17 7f 59 f4 3c 77 Sep 21 07:33:27.004664: | 47 76 e6 fe 14 b0 2f 38 b5 52 a4 bc cd f1 65 df Sep 21 07:33:27.004666: | 8d 2f 06 77 93 a7 46 37 86 77 9a 38 3d 8a 05 63 Sep 21 07:33:27.004669: | 8e 62 b4 5a 9f 31 51 a1 eb 41 d2 59 Sep 21 07:33:27.004674: | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) Sep 21 07:33:27.004678: | **parse ISAKMP Message: Sep 21 07:33:27.004681: | initiator cookie: Sep 21 07:33:27.004683: | 01 a7 a6 fa 98 79 9e af Sep 21 07:33:27.004685: | responder cookie: Sep 21 07:33:27.004687: | 66 81 7f f0 7d 2f b4 22 Sep 21 07:33:27.004690: | next payload type: ISAKMP_NEXT_HASH (0x8) Sep 21 07:33:27.004693: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:33:27.004695: | exchange type: ISAKMP_XCHG_QUICK (0x20) Sep 21 07:33:27.004698: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Sep 21 07:33:27.004701: | Message ID: 3807596652 (0xe2f3506c) Sep 21 07:33:27.004703: | length: 476 (0x1dc) Sep 21 07:33:27.004706: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32) Sep 21 07:33:27.004710: | State DB: IKEv1 state not found (find_state_ikev1) Sep 21 07:33:27.004714: | State DB: found IKEv1 state #1 in MAIN_R3 (find_state_ikev1) Sep 21 07:33:27.004718: | start processing: state #1 connection "northnet-eastnet-b" from 192.1.3.33:500 (in process_v1_packet() at ikev1.c:1583) Sep 21 07:33:27.004730: | #1 is idle Sep 21 07:33:27.004732: | #1 idle Sep 21 07:33:27.004734: | received encrypted packet from 192.1.3.33:500 Sep 21 07:33:27.004742: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x502 opt: 0x200030 Sep 21 07:33:27.004745: | ***parse ISAKMP Hash Payload: Sep 21 07:33:27.004746: | next payload type: ISAKMP_NEXT_SA (0x1) Sep 21 07:33:27.004748: | length: 36 (0x24) Sep 21 07:33:27.004750: | got payload 0x2 (ISAKMP_NEXT_SA) needed: 0x402 opt: 0x200030 Sep 21 07:33:27.004751: | ***parse ISAKMP Security Association Payload: Sep 21 07:33:27.004753: | next payload type: ISAKMP_NEXT_NONCE (0xa) Sep 21 07:33:27.004754: | length: 84 (0x54) Sep 21 07:33:27.004756: | DOI: ISAKMP_DOI_IPSEC (0x1) Sep 21 07:33:27.004758: | got payload 0x400 (ISAKMP_NEXT_NONCE) needed: 0x400 opt: 0x200030 Sep 21 07:33:27.004759: | ***parse ISAKMP Nonce Payload: Sep 21 07:33:27.004761: | next payload type: ISAKMP_NEXT_KE (0x4) Sep 21 07:33:27.004762: | length: 36 (0x24) Sep 21 07:33:27.004764: | got payload 0x10 (ISAKMP_NEXT_KE) needed: 0x0 opt: 0x200030 Sep 21 07:33:27.004765: | ***parse ISAKMP Key Exchange Payload: Sep 21 07:33:27.004767: | next payload type: ISAKMP_NEXT_ID (0x5) Sep 21 07:33:27.004768: | length: 260 (0x104) Sep 21 07:33:27.004770: | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030 Sep 21 07:33:27.004772: | ***parse ISAKMP Identification Payload (IPsec DOI): Sep 21 07:33:27.004773: | next payload type: ISAKMP_NEXT_ID (0x5) Sep 21 07:33:27.004775: | length: 16 (0x10) Sep 21 07:33:27.004776: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Sep 21 07:33:27.004778: | Protocol ID: 0 (0x0) Sep 21 07:33:27.004779: | port: 0 (0x0) Sep 21 07:33:27.004781: | obj: c0 00 03 00 ff ff ff 00 Sep 21 07:33:27.004787: | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030 Sep 21 07:33:27.004792: | ***parse ISAKMP Identification Payload (IPsec DOI): Sep 21 07:33:27.004794: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:27.004795: | length: 16 (0x10) Sep 21 07:33:27.004797: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Sep 21 07:33:27.004798: | Protocol ID: 0 (0x0) Sep 21 07:33:27.004800: | port: 0 (0x0) Sep 21 07:33:27.004801: | obj: c0 00 16 00 ff ff ff 00 Sep 21 07:33:27.004817: | quick_inI1_outR1 HASH(1): Sep 21 07:33:27.004819: | 7c 1f 52 c9 95 e5 31 5f 21 ce b9 22 a7 a0 58 51 Sep 21 07:33:27.004820: | a2 bc a3 85 c9 ec c7 5c 56 9c b9 9e 02 a2 af 75 Sep 21 07:33:27.004824: | received 'quick_inI1_outR1' message HASH(1) data ok Sep 21 07:33:27.004828: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address Sep 21 07:33:27.004829: | ID address c0 00 03 00 Sep 21 07:33:27.004831: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID mask Sep 21 07:33:27.004832: | ID mask ff ff ff 00 Sep 21 07:33:27.004835: | peer client is subnet 192.0.3.0/24 Sep 21 07:33:27.004837: | peer client protocol/port is 0/0 Sep 21 07:33:27.004839: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address Sep 21 07:33:27.004840: | ID address c0 00 16 00 Sep 21 07:33:27.004842: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID mask Sep 21 07:33:27.004843: | ID mask ff ff ff 00 Sep 21 07:33:27.004845: | our client is subnet 192.0.22.0/24 Sep 21 07:33:27.004847: | our client protocol/port is 0/0 Sep 21 07:33:27.004850: "northnet-eastnet-b" #1: the peer proposed: 192.0.22.0/24:0/0 -> 192.0.3.0/24:0/0 Sep 21 07:33:27.004852: | find_client_connection starting with northnet-eastnet-b Sep 21 07:33:27.004855: | looking for 192.0.22.0/24:0:0/0 -> 192.0.3.0/24:0:0/0 Sep 21 07:33:27.004858: | concrete checking against sr#0 192.0.2.0/24:0 -> 192.0.3.0/24:0 Sep 21 07:33:27.004868: | match_id a=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org Sep 21 07:33:27.004876: | b=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org Sep 21 07:33:27.004879: | results matched Sep 21 07:33:27.004887: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:33:27.004895: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:33:27.004903: | fc_try trying northnet-eastnet-b:192.0.22.0/24:0:0/0 -> 192.0.3.0/24:0:0/0 vs northnet-eastnet-b:192.0.2.0/24:0:0/0 -> 192.0.3.0/24:0:0/0 Sep 21 07:33:27.004906: | our client (192.0.2.0/24:0) not in our_net (192.0.22.0/24:0) Sep 21 07:33:27.004912: | match_id a=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org Sep 21 07:33:27.004916: | b=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org Sep 21 07:33:27.004918: | results matched Sep 21 07:33:27.004922: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:33:27.004927: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:33:27.004931: | fc_try trying northnet-eastnet-b:192.0.22.0/24:0:0/0 -> 192.0.3.0/24:0:0/0 vs northnet-eastnet-a:192.0.22.0/24:0:0/0 -> 192.0.3.0/24:0:0/0 Sep 21 07:33:27.004933: | fc_try concluding with northnet-eastnet-a [128] Sep 21 07:33:27.004935: | fc_try northnet-eastnet-b gives northnet-eastnet-a Sep 21 07:33:27.004936: | concluding with d = northnet-eastnet-a Sep 21 07:33:27.004938: | using connection "northnet-eastnet-a" Sep 21 07:33:27.004940: | client wildcard: no port wildcard: no virtual: no Sep 21 07:33:27.004943: | creating state object #2 at 0x55bbb7a78310 Sep 21 07:33:27.004944: | State DB: adding IKEv1 state #2 in UNDEFINED Sep 21 07:33:27.004947: | pstats #2 ikev1.ipsec started Sep 21 07:33:27.004949: | duplicating state object #1 "northnet-eastnet-b" as #2 for IPSEC SA Sep 21 07:33:27.004952: | #2 setting local endpoint to 192.1.2.23:500 from #1.st_localport (in duplicate_state() at state.c:1481) Sep 21 07:33:27.004958: | in connection_discard for connection northnet-eastnet-b Sep 21 07:33:27.004962: | start processing: connection "northnet-eastnet-a" (BACKGROUND) (in quick_inI1_outR1_tail() at ikev1_quick.c:1285) Sep 21 07:33:27.004965: | suspend processing: state #1 connection "northnet-eastnet-b" from 192.1.3.33:500 (in quick_inI1_outR1_tail() at ikev1_quick.c:1294) Sep 21 07:33:27.004968: | start processing: state #2 connection "northnet-eastnet-a" from 192.1.3.33:500 (in quick_inI1_outR1_tail() at ikev1_quick.c:1294) Sep 21 07:33:27.004970: | child state #2: UNDEFINED(ignore) => QUICK_R0(established CHILD SA) Sep 21 07:33:27.004972: | ****parse IPsec DOI SIT: Sep 21 07:33:27.004974: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) Sep 21 07:33:27.004976: | ****parse ISAKMP Proposal Payload: Sep 21 07:33:27.004978: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:27.004979: | length: 72 (0x48) Sep 21 07:33:27.004981: | proposal number: 0 (0x0) Sep 21 07:33:27.004982: | protocol ID: PROTO_IPSEC_ESP (0x3) Sep 21 07:33:27.004984: | SPI size: 4 (0x4) Sep 21 07:33:27.004985: | number of transforms: 2 (0x2) Sep 21 07:33:27.004987: | parsing 4 raw bytes of ISAKMP Proposal Payload into SPI Sep 21 07:33:27.004989: | SPI 57 7e f0 d0 Sep 21 07:33:27.004991: | *****parse ISAKMP Transform Payload (ESP): Sep 21 07:33:27.004993: | next payload type: ISAKMP_NEXT_T (0x3) Sep 21 07:33:27.004994: | length: 32 (0x20) Sep 21 07:33:27.004996: | ESP transform number: 0 (0x0) Sep 21 07:33:27.004997: | ESP transform ID: ESP_AES (0xc) Sep 21 07:33:27.005000: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:33:27.005001: | af+type: AF+GROUP_DESCRIPTION (0x8003) Sep 21 07:33:27.005003: | length/value: 14 (0xe) Sep 21 07:33:27.005005: | [14 is OAKLEY_GROUP_MODP2048] Sep 21 07:33:27.005007: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:33:27.005008: | af+type: AF+ENCAPSULATION_MODE (0x8004) Sep 21 07:33:27.005010: | length/value: 1 (0x1) Sep 21 07:33:27.005011: | [1 is ENCAPSULATION_MODE_TUNNEL] Sep 21 07:33:27.005013: | NAT-T non-encap: Installing IPsec SA without ENCAP, st->hidden_variables.st_nat_traversal is none Sep 21 07:33:27.005015: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:33:27.005016: | af+type: AF+SA_LIFE_TYPE (0x8001) Sep 21 07:33:27.005018: | length/value: 1 (0x1) Sep 21 07:33:27.005019: | [1 is SA_LIFE_TYPE_SECONDS] Sep 21 07:33:27.005021: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:33:27.005022: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) Sep 21 07:33:27.005024: | length/value: 28800 (0x7080) Sep 21 07:33:27.005026: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:33:27.005027: | af+type: AF+AUTH_ALGORITHM (0x8005) Sep 21 07:33:27.005029: | length/value: 2 (0x2) Sep 21 07:33:27.005030: | [2 is AUTH_ALGORITHM_HMAC_SHA1] Sep 21 07:33:27.005032: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:33:27.005034: | af+type: AF+KEY_LENGTH (0x8006) Sep 21 07:33:27.005035: | length/value: 128 (0x80) Sep 21 07:33:27.005037: | ESP IPsec Transform verified unconditionally; no alg_info to check against Sep 21 07:33:27.005041: | adding quick_outI1 KE work-order 3 for state #2 Sep 21 07:33:27.005043: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55bbb7a6fb50 Sep 21 07:33:27.005045: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #2 Sep 21 07:33:27.005048: | libevent_malloc: new ptr-libevent@0x7f928c006900 size 128 Sep 21 07:33:27.005050: | libevent_realloc: release ptr-libevent@0x55bbb7a481b0 Sep 21 07:33:27.005052: | libevent_realloc: new ptr-libevent@0x55bbb7a77d90 size 128 Sep 21 07:33:27.005057: | complete v1 state transition with STF_SUSPEND Sep 21 07:33:27.005061: | [RE]START processing: state #2 connection "northnet-eastnet-a" from 192.1.3.33:500 (in complete_v1_state_transition() at ikev1.c:2624) Sep 21 07:33:27.005062: | suspending state #2 and saving MD Sep 21 07:33:27.005064: | #2 is busy; has a suspended MD Sep 21 07:33:27.005066: | crypto helper 2 resuming Sep 21 07:33:27.005076: | crypto helper 2 starting work-order 3 for state #2 Sep 21 07:33:27.005067: | #1 spent 0.239 milliseconds in process_packet_tail() Sep 21 07:33:27.005081: | crypto helper 2 doing build KE and nonce (quick_outI1 KE); request ID 3 Sep 21 07:33:27.005087: | stop processing: from 192.1.3.33:500 (BACKGROUND) (in process_md() at demux.c:380) Sep 21 07:33:27.005101: | stop processing: state #2 connection "northnet-eastnet-a" from 192.1.3.33:500 (in process_md() at demux.c:382) Sep 21 07:33:27.005104: | resume processing: connection "northnet-eastnet-a" (in process_md() at demux.c:382) Sep 21 07:33:27.005106: | stop processing: connection "northnet-eastnet-a" (in process_md() at demux.c:383) Sep 21 07:33:27.005109: | spent 0.502 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:33:27.006116: | crypto helper 2 finished build KE and nonce (quick_outI1 KE); request ID 3 time elapsed 0.001034 seconds Sep 21 07:33:27.006126: | (#2) spent 1.04 milliseconds in crypto helper computing work-order 3: quick_outI1 KE (pcr) Sep 21 07:33:27.006129: | crypto helper 2 sending results from work-order 3 for state #2 to event queue Sep 21 07:33:27.006132: | scheduling resume sending helper answer for #2 Sep 21 07:33:27.006136: | libevent_malloc: new ptr-libevent@0x7f9288007fa0 size 128 Sep 21 07:33:27.006142: | crypto helper 2 waiting (nothing to do) Sep 21 07:33:27.006151: | processing resume sending helper answer for #2 Sep 21 07:33:27.006161: | start processing: state #2 connection "northnet-eastnet-a" from 192.1.3.33:500 (in resume_handler() at server.c:797) Sep 21 07:33:27.006165: | crypto helper 2 replies to request ID 3 Sep 21 07:33:27.006168: | calling continuation function 0x55bbb65aa630 Sep 21 07:33:27.006171: | quick_inI1_outR1_cryptocontinue1 for #2: calculated ke+nonce, calculating DH Sep 21 07:33:27.006186: | started looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org of kind PKK_PSK Sep 21 07:33:27.006195: | actually looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org of kind PKK_PSK Sep 21 07:33:27.006204: | line 0: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org) to type PKK_RSA Sep 21 07:33:27.006213: | line 1: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org) to type PKK_RSA Sep 21 07:33:27.006216: | concluding with best_match=000 best=(nil) (lineno=-1) Sep 21 07:33:27.006218: | no PreShared Key Found Sep 21 07:33:27.006222: | adding quick outR1 DH work-order 4 for state #2 Sep 21 07:33:27.006225: | state #2 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:33:27.006228: | libevent_free: release ptr-libevent@0x7f928c006900 Sep 21 07:33:27.006231: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55bbb7a6fb50 Sep 21 07:33:27.006234: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55bbb7a6fb50 Sep 21 07:33:27.006238: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #2 Sep 21 07:33:27.006240: | libevent_malloc: new ptr-libevent@0x7f928c006900 size 128 Sep 21 07:33:27.006247: | suspending state #2 and saving MD Sep 21 07:33:27.006250: | #2 is busy; has a suspended MD Sep 21 07:33:27.006268: | resume sending helper answer for #2 suppresed complete_v1_state_transition() and stole MD Sep 21 07:33:27.006273: | #2 spent 0.107 milliseconds in resume sending helper answer Sep 21 07:33:27.006276: | crypto helper 4 resuming Sep 21 07:33:27.006286: | crypto helper 4 starting work-order 4 for state #2 Sep 21 07:33:27.006278: | stop processing: state #2 connection "northnet-eastnet-a" from 192.1.3.33:500 (in resume_handler() at server.c:833) Sep 21 07:33:27.006299: | libevent_free: release ptr-libevent@0x7f9288007fa0 Sep 21 07:33:27.006291: | crypto helper 4 doing compute dh (V1 Phase 2 PFS) (quick outR1 DH); request ID 4 Sep 21 07:33:27.006845: | crypto helper 4 finished compute dh (V1 Phase 2 PFS) (quick outR1 DH); request ID 4 time elapsed 0.000554 seconds Sep 21 07:33:27.006851: | (#2) spent 0.552 milliseconds in crypto helper computing work-order 4: quick outR1 DH (pcr) Sep 21 07:33:27.006853: | crypto helper 4 sending results from work-order 4 for state #2 to event queue Sep 21 07:33:27.006855: | scheduling resume sending helper answer for #2 Sep 21 07:33:27.006857: | libevent_malloc: new ptr-libevent@0x7f927c003590 size 128 Sep 21 07:33:27.006863: | crypto helper 4 waiting (nothing to do) Sep 21 07:33:27.006873: | processing resume sending helper answer for #2 Sep 21 07:33:27.006882: | start processing: state #2 connection "northnet-eastnet-a" from 192.1.3.33:500 (in resume_handler() at server.c:797) Sep 21 07:33:27.006887: | crypto helper 4 replies to request ID 4 Sep 21 07:33:27.006890: | calling continuation function 0x55bbb65aa630 Sep 21 07:33:27.006905: | quick_inI1_outR1_cryptocontinue2 for #2: calculated DH, sending R1 Sep 21 07:33:27.006910: | **emit ISAKMP Message: Sep 21 07:33:27.006913: | initiator cookie: Sep 21 07:33:27.006915: | 01 a7 a6 fa 98 79 9e af Sep 21 07:33:27.006917: | responder cookie: Sep 21 07:33:27.006920: | 66 81 7f f0 7d 2f b4 22 Sep 21 07:33:27.006922: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:27.006925: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:33:27.006927: | exchange type: ISAKMP_XCHG_QUICK (0x20) Sep 21 07:33:27.006930: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Sep 21 07:33:27.006933: | Message ID: 3807596652 (0xe2f3506c) Sep 21 07:33:27.006935: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:33:27.006938: | ***emit ISAKMP Hash Payload: Sep 21 07:33:27.006941: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:27.006944: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Sep 21 07:33:27.006947: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'reply packet' Sep 21 07:33:27.006950: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Sep 21 07:33:27.006952: | emitting length of ISAKMP Hash Payload: 36 Sep 21 07:33:27.006955: | ***emit ISAKMP Security Association Payload: Sep 21 07:33:27.006957: | next payload type: ISAKMP_NEXT_NONCE (0xa) Sep 21 07:33:27.006960: | DOI: ISAKMP_DOI_IPSEC (0x1) Sep 21 07:33:27.006963: | next payload chain: ignoring supplied 'ISAKMP Security Association Payload'.'next payload type' value 10:ISAKMP_NEXT_NONCE Sep 21 07:33:27.006966: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Security Association Payload (1:ISAKMP_NEXT_SA) Sep 21 07:33:27.006968: | next payload chain: saving location 'ISAKMP Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:33:27.006971: | ****parse IPsec DOI SIT: Sep 21 07:33:27.006974: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) Sep 21 07:33:27.006976: | ****parse ISAKMP Proposal Payload: Sep 21 07:33:27.006979: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:27.006981: | length: 72 (0x48) Sep 21 07:33:27.006984: | proposal number: 0 (0x0) Sep 21 07:33:27.006987: | protocol ID: PROTO_IPSEC_ESP (0x3) Sep 21 07:33:27.006989: | SPI size: 4 (0x4) Sep 21 07:33:27.006991: | number of transforms: 2 (0x2) Sep 21 07:33:27.006994: | parsing 4 raw bytes of ISAKMP Proposal Payload into SPI Sep 21 07:33:27.006996: | SPI 57 7e f0 d0 Sep 21 07:33:27.006999: | *****parse ISAKMP Transform Payload (ESP): Sep 21 07:33:27.007001: | next payload type: ISAKMP_NEXT_T (0x3) Sep 21 07:33:27.007003: | length: 32 (0x20) Sep 21 07:33:27.007006: | ESP transform number: 0 (0x0) Sep 21 07:33:27.007008: | ESP transform ID: ESP_AES (0xc) Sep 21 07:33:27.007013: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:33:27.007016: | af+type: AF+GROUP_DESCRIPTION (0x8003) Sep 21 07:33:27.007018: | length/value: 14 (0xe) Sep 21 07:33:27.007021: | [14 is OAKLEY_GROUP_MODP2048] Sep 21 07:33:27.007024: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:33:27.007026: | af+type: AF+ENCAPSULATION_MODE (0x8004) Sep 21 07:33:27.007028: | length/value: 1 (0x1) Sep 21 07:33:27.007031: | [1 is ENCAPSULATION_MODE_TUNNEL] Sep 21 07:33:27.007034: | NAT-T non-encap: Installing IPsec SA without ENCAP, st->hidden_variables.st_nat_traversal is none Sep 21 07:33:27.007036: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:33:27.007039: | af+type: AF+SA_LIFE_TYPE (0x8001) Sep 21 07:33:27.007041: | length/value: 1 (0x1) Sep 21 07:33:27.007044: | [1 is SA_LIFE_TYPE_SECONDS] Sep 21 07:33:27.007046: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:33:27.007049: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) Sep 21 07:33:27.007051: | length/value: 28800 (0x7080) Sep 21 07:33:27.007054: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:33:27.007056: | af+type: AF+AUTH_ALGORITHM (0x8005) Sep 21 07:33:27.007059: | length/value: 2 (0x2) Sep 21 07:33:27.007061: | [2 is AUTH_ALGORITHM_HMAC_SHA1] Sep 21 07:33:27.007064: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:33:27.007066: | af+type: AF+KEY_LENGTH (0x8006) Sep 21 07:33:27.007068: | length/value: 128 (0x80) Sep 21 07:33:27.007071: | ESP IPsec Transform verified unconditionally; no alg_info to check against Sep 21 07:33:27.007074: | ****emit IPsec DOI SIT: Sep 21 07:33:27.007076: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) Sep 21 07:33:27.007079: | ****emit ISAKMP Proposal Payload: Sep 21 07:33:27.007082: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:27.007084: | proposal number: 0 (0x0) Sep 21 07:33:27.007086: | protocol ID: PROTO_IPSEC_ESP (0x3) Sep 21 07:33:27.007089: | SPI size: 4 (0x4) Sep 21 07:33:27.007091: | number of transforms: 1 (0x1) Sep 21 07:33:27.007094: | last substructure: saving location 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' Sep 21 07:33:27.007110: | netlink_get_spi: allocated 0x961469d3 for esp.0@192.1.2.23 Sep 21 07:33:27.007114: | emitting 4 raw bytes of SPI into ISAKMP Proposal Payload Sep 21 07:33:27.007116: | SPI 96 14 69 d3 Sep 21 07:33:27.007119: | *****emit ISAKMP Transform Payload (ESP): Sep 21 07:33:27.007121: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:27.007124: | ESP transform number: 0 (0x0) Sep 21 07:33:27.007126: | ESP transform ID: ESP_AES (0xc) Sep 21 07:33:27.007129: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' Sep 21 07:33:27.007132: | emitting 24 raw bytes of attributes into ISAKMP Transform Payload (ESP) Sep 21 07:33:27.007134: | attributes 80 03 00 0e 80 04 00 01 80 01 00 01 80 02 70 80 Sep 21 07:33:27.007137: | attributes 80 05 00 02 80 06 00 80 Sep 21 07:33:27.007139: | emitting length of ISAKMP Transform Payload (ESP): 32 Sep 21 07:33:27.007142: | emitting length of ISAKMP Proposal Payload: 44 Sep 21 07:33:27.007144: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' is 0 Sep 21 07:33:27.007147: | emitting length of ISAKMP Security Association Payload: 56 Sep 21 07:33:27.007150: | last substructure: checking 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' is 0 Sep 21 07:33:27.007154: "northnet-eastnet-a" #2: responding to Quick Mode proposal {msgid:e2f3506c} Sep 21 07:33:27.007166: "northnet-eastnet-a" #2: us: 192.0.22.0/24===192.1.2.23<192.1.2.23>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org] Sep 21 07:33:27.007176: "northnet-eastnet-a" #2: them: 192.1.3.33<192.1.3.33>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org]===192.0.3.0/24 Sep 21 07:33:27.007181: | ***emit ISAKMP Nonce Payload: Sep 21 07:33:27.007183: | next payload type: ISAKMP_NEXT_KE (0x4) Sep 21 07:33:27.007186: | next payload chain: ignoring supplied 'ISAKMP Nonce Payload'.'next payload type' value 4:ISAKMP_NEXT_KE Sep 21 07:33:27.007189: | next payload chain: setting previous 'ISAKMP Security Association Payload'.'next payload type' to current ISAKMP Nonce Payload (10:ISAKMP_NEXT_NONCE) Sep 21 07:33:27.007192: | next payload chain: saving location 'ISAKMP Nonce Payload'.'next payload type' in 'reply packet' Sep 21 07:33:27.007195: | emitting 32 raw bytes of Nr into ISAKMP Nonce Payload Sep 21 07:33:27.007197: | Nr c6 f4 17 4e 73 0a d9 12 eb a5 3e 01 e3 4c b4 f9 Sep 21 07:33:27.007200: | Nr d9 c1 41 cf 5d ee c6 a1 46 73 66 e8 45 c4 24 9d Sep 21 07:33:27.007202: | emitting length of ISAKMP Nonce Payload: 36 Sep 21 07:33:27.007205: | ***emit ISAKMP Key Exchange Payload: Sep 21 07:33:27.007207: | next payload type: ISAKMP_NEXT_ID (0x5) Sep 21 07:33:27.007210: | next payload chain: ignoring supplied 'ISAKMP Key Exchange Payload'.'next payload type' value 5:ISAKMP_NEXT_ID Sep 21 07:33:27.007213: | next payload chain: setting previous 'ISAKMP Nonce Payload'.'next payload type' to current ISAKMP Key Exchange Payload (4:ISAKMP_NEXT_KE) Sep 21 07:33:27.007215: | next payload chain: saving location 'ISAKMP Key Exchange Payload'.'next payload type' in 'reply packet' Sep 21 07:33:27.007218: | emitting 256 raw bytes of keyex value into ISAKMP Key Exchange Payload Sep 21 07:33:27.007221: | keyex value 8c fb 52 44 16 53 bf 61 ea 67 4c c1 2e 9f 3c 94 Sep 21 07:33:27.007223: | keyex value 05 73 56 32 85 a9 bc 8c c3 b7 6d a6 e1 68 67 d5 Sep 21 07:33:27.007226: | keyex value fa 02 e5 38 62 d7 6d dd 95 48 83 b0 4e d1 69 c7 Sep 21 07:33:27.007228: | keyex value 1d 89 f6 7f b2 4f 13 8e 61 54 65 77 4e 20 d9 7f Sep 21 07:33:27.007231: | keyex value 74 3d 18 84 b6 56 bf 46 83 95 17 94 d7 f7 00 8e Sep 21 07:33:27.007233: | keyex value 6c 54 3e 0c 9b 60 bc dd a9 32 75 0d d4 f5 cb 88 Sep 21 07:33:27.007235: | keyex value e4 a5 f1 56 46 d6 ec 03 8d b3 ab f5 b8 a1 40 94 Sep 21 07:33:27.007237: | keyex value 05 20 1a a5 27 07 c8 23 10 c2 21 7b 4c 7d 6d 11 Sep 21 07:33:27.007240: | keyex value 78 d2 01 ab 71 8e b9 91 34 1e e8 55 a8 a3 e0 24 Sep 21 07:33:27.007242: | keyex value 13 dd 57 4e 2e c1 42 0b 11 f4 c3 98 89 44 79 04 Sep 21 07:33:27.007244: | keyex value 50 4d 07 49 8e ee 7f 70 58 0f c7 bb 06 c6 7c 36 Sep 21 07:33:27.007247: | keyex value 24 5f 7c 24 9d f2 09 d0 97 86 20 02 0e df 8d af Sep 21 07:33:27.007249: | keyex value 37 fd 64 0e e0 a0 8f 81 a5 66 7f 0b 05 e0 f4 3c Sep 21 07:33:27.007251: | keyex value 02 dc 9c 69 aa af f7 12 c5 ef df f8 ee 3c 83 a3 Sep 21 07:33:27.007253: | keyex value a3 c5 3f db ad 8a 1f eb 39 0b 6b e0 00 5c 01 e7 Sep 21 07:33:27.007256: | keyex value b2 5b 1f aa 57 2e b7 c4 a9 77 e2 c5 ce ed 86 8e Sep 21 07:33:27.007258: | emitting length of ISAKMP Key Exchange Payload: 260 Sep 21 07:33:27.007261: | ***emit ISAKMP Identification Payload (IPsec DOI): Sep 21 07:33:27.007264: | next payload type: ISAKMP_NEXT_ID (0x5) Sep 21 07:33:27.007266: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Sep 21 07:33:27.007268: | Protocol ID: 0 (0x0) Sep 21 07:33:27.007271: | port: 0 (0x0) Sep 21 07:33:27.007274: | next payload chain: ignoring supplied 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' value 5:ISAKMP_NEXT_ID Sep 21 07:33:27.007277: | next payload chain: setting previous 'ISAKMP Key Exchange Payload'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) Sep 21 07:33:27.007279: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' Sep 21 07:33:27.007282: | emitting 8 raw bytes of ID body into ISAKMP Identification Payload (IPsec DOI) Sep 21 07:33:27.007285: | ID body c0 00 03 00 ff ff ff 00 Sep 21 07:33:27.007287: | emitting length of ISAKMP Identification Payload (IPsec DOI): 16 Sep 21 07:33:27.007291: | ***emit ISAKMP Identification Payload (IPsec DOI): Sep 21 07:33:27.007293: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:27.007295: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Sep 21 07:33:27.007297: | Protocol ID: 0 (0x0) Sep 21 07:33:27.007299: | port: 0 (0x0) Sep 21 07:33:27.007302: | next payload chain: setting previous 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) Sep 21 07:33:27.007305: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' Sep 21 07:33:27.007308: | emitting 8 raw bytes of ID body into ISAKMP Identification Payload (IPsec DOI) Sep 21 07:33:27.007311: | ID body c0 00 16 00 ff ff ff 00 Sep 21 07:33:27.007313: | emitting length of ISAKMP Identification Payload (IPsec DOI): 16 Sep 21 07:33:27.007339: | quick inR1 outI2 HASH(2): Sep 21 07:33:27.007342: | 48 4d bf 3a 3b 9f 0d 57 e4 9a 21 71 32 9d 47 d7 Sep 21 07:33:27.007345: | 3b 18 49 24 43 bf 78 5b 8e ae d8 74 03 f3 5d 61 Sep 21 07:33:27.007348: | compute_proto_keymat: needed_len (after ESP enc)=16 Sep 21 07:33:27.007350: | compute_proto_keymat: needed_len (after ESP auth)=36 Sep 21 07:33:27.007447: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:33:27.007452: | conn northnet-eastnet-a mark 0/00000000, 0/00000000 vs Sep 21 07:33:27.007455: | conn northnet-eastnet-b mark 0/00000000, 0/00000000 Sep 21 07:33:27.007458: | conn northnet-eastnet-a mark 0/00000000, 0/00000000 vs Sep 21 07:33:27.007460: | conn northnet-eastnet-a mark 0/00000000, 0/00000000 Sep 21 07:33:27.007466: | route owner of "northnet-eastnet-a" unrouted: NULL Sep 21 07:33:27.007468: | install_inbound_ipsec_sa() checking if we can route Sep 21 07:33:27.007471: | could_route called for northnet-eastnet-a (kind=CK_PERMANENT) Sep 21 07:33:27.007473: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:33:27.007476: | conn northnet-eastnet-a mark 0/00000000, 0/00000000 vs Sep 21 07:33:27.007479: | conn northnet-eastnet-b mark 0/00000000, 0/00000000 Sep 21 07:33:27.007481: | conn northnet-eastnet-a mark 0/00000000, 0/00000000 vs Sep 21 07:33:27.007484: | conn northnet-eastnet-a mark 0/00000000, 0/00000000 Sep 21 07:33:27.007487: | route owner of "northnet-eastnet-a" unrouted: NULL; eroute owner: NULL Sep 21 07:33:27.007490: | routing is easy, or has resolvable near-conflict Sep 21 07:33:27.007492: | checking if this is a replacement state Sep 21 07:33:27.007495: | st=0x55bbb7a78310 ost=(nil) st->serialno=#2 ost->serialno=#0 Sep 21 07:33:27.007497: | installing outgoing SA now as refhim=0 Sep 21 07:33:27.007501: | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 Sep 21 07:33:27.007504: | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 Sep 21 07:33:27.007507: | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 Sep 21 07:33:27.007510: | setting IPsec SA replay-window to 32 Sep 21 07:33:27.007513: | NIC esp-hw-offload not for connection 'northnet-eastnet-a' not available on interface eth1 Sep 21 07:33:27.007517: | netlink: enabling tunnel mode Sep 21 07:33:27.007520: | netlink: setting IPsec SA replay-window to 32 using old-style req Sep 21 07:33:27.007522: | netlink: esp-hw-offload not set for IPsec SA Sep 21 07:33:27.007622: | netlink response for Add SA esp.577ef0d0@192.1.3.33 included non-error error Sep 21 07:33:27.007627: | outgoing SA has refhim=0 Sep 21 07:33:27.007629: | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 Sep 21 07:33:27.007632: | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 Sep 21 07:33:27.007635: | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 Sep 21 07:33:27.007639: | setting IPsec SA replay-window to 32 Sep 21 07:33:27.007641: | NIC esp-hw-offload not for connection 'northnet-eastnet-a' not available on interface eth1 Sep 21 07:33:27.007644: | netlink: enabling tunnel mode Sep 21 07:33:27.007647: | netlink: setting IPsec SA replay-window to 32 using old-style req Sep 21 07:33:27.007651: | netlink: esp-hw-offload not set for IPsec SA Sep 21 07:33:27.007700: | netlink response for Add SA esp.961469d3@192.1.2.23 included non-error error Sep 21 07:33:27.007704: | priority calculation of connection "northnet-eastnet-a" is 0xfe7e7 Sep 21 07:33:27.007712: | add inbound eroute 192.0.3.0/24:0 --0-> 192.0.22.0/24:0 => tun.10000@192.1.2.23 (raw_eroute) Sep 21 07:33:27.007715: | IPsec Sa SPD priority set to 1042407 Sep 21 07:33:27.007760: | raw_eroute result=success Sep 21 07:33:27.007853: | emitting 12 zero bytes of encryption padding into ISAKMP Message Sep 21 07:33:27.007860: | no IKEv1 message padding required Sep 21 07:33:27.007863: | emitting length of ISAKMP Message: 460 Sep 21 07:33:27.007873: | finished processing quick inI1 Sep 21 07:33:27.007877: | complete v1 state transition with STF_OK Sep 21 07:33:27.007882: | [RE]START processing: state #2 connection "northnet-eastnet-a" from 192.1.3.33:500 (in complete_v1_state_transition() at ikev1.c:2649) Sep 21 07:33:27.007885: | #2 is idle Sep 21 07:33:27.007888: | doing_xauth:no, t_xauth_client_done:no Sep 21 07:33:27.007891: | IKEv1: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1 Sep 21 07:33:27.007895: | child state #2: QUICK_R0(established CHILD SA) => QUICK_R1(established CHILD SA) Sep 21 07:33:27.007898: | event_already_set, deleting event Sep 21 07:33:27.007901: | state #2 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:33:27.007904: | libevent_free: release ptr-libevent@0x7f928c006900 Sep 21 07:33:27.007907: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55bbb7a6fb50 Sep 21 07:33:27.007911: | sending reply packet to 192.1.3.33:500 (from 192.1.2.23:500) Sep 21 07:33:27.007918: | sending 460 bytes for STATE_QUICK_R0 through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #2) Sep 21 07:33:27.007920: | 01 a7 a6 fa 98 79 9e af 66 81 7f f0 7d 2f b4 22 Sep 21 07:33:27.007923: | 08 10 20 01 e2 f3 50 6c 00 00 01 cc ca 7e 09 64 Sep 21 07:33:27.007925: | fd 6d af 30 cf c0 89 46 8c 09 76 d7 af 47 e6 62 Sep 21 07:33:27.007927: | ad 80 1f 8c c6 38 d5 be c1 68 1b ba 6c e2 24 18 Sep 21 07:33:27.007930: | 40 6c 6d 79 9b 13 b3 b2 fa a1 34 1a bf 18 5f cd Sep 21 07:33:27.007932: | 11 35 b1 a4 07 d1 a0 32 69 d2 35 65 f8 13 be ab Sep 21 07:33:27.007934: | 4f 6e f5 81 a2 ef ed 02 6c 0e b9 66 73 07 df de Sep 21 07:33:27.007936: | 93 0a d4 a2 3c a2 e1 81 80 44 9e c9 40 37 d0 c6 Sep 21 07:33:27.007938: | 0a 03 89 c3 23 6d 28 6f fe 21 b8 67 53 1e 83 59 Sep 21 07:33:27.007941: | 40 90 df 2d 75 6e e7 50 42 48 3a 8a e5 a7 b9 bd Sep 21 07:33:27.007943: | 47 a9 4c e4 7a 10 a7 68 69 9f 19 50 7e 6b 4f 58 Sep 21 07:33:27.007945: | 8a 2a 91 27 91 51 e6 92 93 a3 0c b8 1e dc 7d e5 Sep 21 07:33:27.007947: | d7 93 c5 0f 03 09 53 52 c3 42 24 5d a6 5d d0 40 Sep 21 07:33:27.007949: | 0f 92 7f 78 2a 56 27 e8 66 91 59 31 76 aa cf 7c Sep 21 07:33:27.007951: | 8a 28 87 95 f4 9b 04 19 55 5e cd fb 93 14 4e be Sep 21 07:33:27.007954: | 70 ae ed ee 2e 8a b1 c7 64 33 81 b4 2e fa 74 65 Sep 21 07:33:27.007956: | 54 bd 5e 14 f3 1a 7c 10 22 6e 86 c1 8f 11 70 41 Sep 21 07:33:27.007958: | 40 1a 8a bb 68 af 4b a5 86 12 2c c4 27 70 79 70 Sep 21 07:33:27.007960: | 3e af d8 e6 be e2 50 38 8c 3e 4e da 55 da 26 9d Sep 21 07:33:27.007962: | d2 2c 8e 1e 67 32 5e d2 30 50 cf 58 6d a2 0f 47 Sep 21 07:33:27.007965: | 7c 63 9a 48 23 0d a5 9e d4 46 07 09 40 25 7b 48 Sep 21 07:33:27.007967: | ce f1 1e 8b 3a 27 bd b6 bf 56 03 45 d8 b7 6e c7 Sep 21 07:33:27.007970: | 1f f8 67 f6 3c 00 7c 7d 0d 0a 83 4e fc c0 5d ef Sep 21 07:33:27.007972: | cc 2f 67 e8 91 a5 c0 0d 16 82 be ef f6 b2 25 05 Sep 21 07:33:27.007974: | 94 c4 25 c7 d0 6a ef 8e 2f 6d 96 c0 f8 c9 ff f9 Sep 21 07:33:27.007977: | 2f c2 1d 06 7c 93 46 4f 9a ab 07 0b 6b d8 a2 f5 Sep 21 07:33:27.007979: | 0b f5 e4 80 76 7f 08 ce a1 49 cf 8a e9 4b b1 25 Sep 21 07:33:27.007982: | 2a af b4 cb 01 72 6f 46 aa 74 b3 f1 ed 64 94 b4 Sep 21 07:33:27.007986: | 68 69 42 21 a2 4b b8 71 cc 31 cc 13 Sep 21 07:33:27.008023: | !event_already_set at reschedule Sep 21 07:33:27.008027: | event_schedule: new EVENT_RETRANSMIT-pe@0x55bbb7a6fb50 Sep 21 07:33:27.008030: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #2 Sep 21 07:33:27.008032: | libevent_malloc: new ptr-libevent@0x7f928c006900 size 128 Sep 21 07:33:27.008035: | #2 STATE_QUICK_R1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 49853.376291 Sep 21 07:33:27.008037: | pstats #2 ikev1.ipsec established Sep 21 07:33:27.008040: | NAT-T: encaps is 'auto' Sep 21 07:33:27.008043: "northnet-eastnet-a" #2: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2 tunnel mode {ESP=>0x577ef0d0 <0x961469d3 xfrm=AES_CBC_128-HMAC_SHA1_96 NATOA=none NATD=none DPD=passive} Sep 21 07:33:27.008045: | modecfg pull: noquirk policy:push not-client Sep 21 07:33:27.008046: | phase 1 is done, looking for phase 2 to unpend Sep 21 07:33:27.008049: | resume sending helper answer for #2 suppresed complete_v1_state_transition() Sep 21 07:33:27.008052: | #2 spent 1.13 milliseconds in resume sending helper answer Sep 21 07:33:27.008056: | stop processing: state #2 connection "northnet-eastnet-a" from 192.1.3.33:500 (in resume_handler() at server.c:833) Sep 21 07:33:27.008058: | libevent_free: release ptr-libevent@0x7f927c003590 Sep 21 07:33:27.040051: | spent 0.00282 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:33:27.040068: | *received 76 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) Sep 21 07:33:27.040071: | 01 a7 a6 fa 98 79 9e af 66 81 7f f0 7d 2f b4 22 Sep 21 07:33:27.040073: | 08 10 20 01 e2 f3 50 6c 00 00 00 4c b0 98 56 76 Sep 21 07:33:27.040076: | 0a c7 7e c1 e0 4a 33 96 d4 45 da a6 4c 66 38 09 Sep 21 07:33:27.040078: | b1 11 c9 53 8b 52 e3 1d f5 6d 72 ad a0 80 ee 1d Sep 21 07:33:27.040080: | 3b 79 50 ac 72 7c c9 66 8a 19 4b 56 Sep 21 07:33:27.040084: | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) Sep 21 07:33:27.040088: | **parse ISAKMP Message: Sep 21 07:33:27.040090: | initiator cookie: Sep 21 07:33:27.040092: | 01 a7 a6 fa 98 79 9e af Sep 21 07:33:27.040094: | responder cookie: Sep 21 07:33:27.040096: | 66 81 7f f0 7d 2f b4 22 Sep 21 07:33:27.040098: | next payload type: ISAKMP_NEXT_HASH (0x8) Sep 21 07:33:27.040100: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:33:27.040103: | exchange type: ISAKMP_XCHG_QUICK (0x20) Sep 21 07:33:27.040105: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Sep 21 07:33:27.040108: | Message ID: 3807596652 (0xe2f3506c) Sep 21 07:33:27.040110: | length: 76 (0x4c) Sep 21 07:33:27.040112: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32) Sep 21 07:33:27.040116: | State DB: found IKEv1 state #2 in QUICK_R1 (find_state_ikev1) Sep 21 07:33:27.040121: | start processing: state #2 connection "northnet-eastnet-a" from 192.1.3.33:500 (in process_v1_packet() at ikev1.c:1609) Sep 21 07:33:27.040124: | #2 is idle Sep 21 07:33:27.040126: | #2 idle Sep 21 07:33:27.040129: | received encrypted packet from 192.1.3.33:500 Sep 21 07:33:27.040147: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x100 opt: 0x0 Sep 21 07:33:27.040150: | ***parse ISAKMP Hash Payload: Sep 21 07:33:27.040153: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:27.040155: | length: 36 (0x24) Sep 21 07:33:27.040157: | removing 12 bytes of padding Sep 21 07:33:27.040184: | quick_inI2 HASH(3): Sep 21 07:33:27.040188: | 96 92 b2 98 4f f8 d1 8e bb 49 bc e4 7c 2c f4 7d Sep 21 07:33:27.040190: | 7c f5 aa 34 fd 3e 3e df e8 5b 74 c3 37 26 d4 48 Sep 21 07:33:27.040193: | received 'quick_inI2' message HASH(3) data ok Sep 21 07:33:27.040197: | install_ipsec_sa() for #2: outbound only Sep 21 07:33:27.040200: | could_route called for northnet-eastnet-a (kind=CK_PERMANENT) Sep 21 07:33:27.040203: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:33:27.040206: | conn northnet-eastnet-a mark 0/00000000, 0/00000000 vs Sep 21 07:33:27.040211: | conn northnet-eastnet-b mark 0/00000000, 0/00000000 Sep 21 07:33:27.040214: | conn northnet-eastnet-a mark 0/00000000, 0/00000000 vs Sep 21 07:33:27.040216: | conn northnet-eastnet-a mark 0/00000000, 0/00000000 Sep 21 07:33:27.040220: | route owner of "northnet-eastnet-a" unrouted: NULL; eroute owner: NULL Sep 21 07:33:27.040222: | sr for #2: unrouted Sep 21 07:33:27.040225: | route_and_eroute() for proto 0, and source port 0 dest port 0 Sep 21 07:33:27.040227: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:33:27.040229: | conn northnet-eastnet-a mark 0/00000000, 0/00000000 vs Sep 21 07:33:27.040232: | conn northnet-eastnet-b mark 0/00000000, 0/00000000 Sep 21 07:33:27.040234: | conn northnet-eastnet-a mark 0/00000000, 0/00000000 vs Sep 21 07:33:27.040237: | conn northnet-eastnet-a mark 0/00000000, 0/00000000 Sep 21 07:33:27.040240: | route owner of "northnet-eastnet-a" unrouted: NULL; eroute owner: NULL Sep 21 07:33:27.040243: | route_and_eroute with c: northnet-eastnet-a (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #2 Sep 21 07:33:27.040246: | priority calculation of connection "northnet-eastnet-a" is 0xfe7e7 Sep 21 07:33:27.040251: | eroute_connection add eroute 192.0.22.0/24:0 --0-> 192.0.3.0/24:0 => tun.0@192.1.3.33 (raw_eroute) Sep 21 07:33:27.040254: | IPsec Sa SPD priority set to 1042407 Sep 21 07:33:27.040289: | raw_eroute result=success Sep 21 07:33:27.040295: | running updown command "ipsec _updown" for verb up Sep 21 07:33:27.040298: | command executing up-client Sep 21 07:33:27.040338: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:33:27.040349: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:33:27.040369: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet-a' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.22.0/24' PLUTO_MY_CLIENT_NET='192.0.22.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSA Sep 21 07:33:27.040372: | popen cmd is 1402 chars long Sep 21 07:33:27.040374: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet-a': Sep 21 07:33:27.040376: | cmd( 80): PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PLUTO: Sep 21 07:33:27.040378: | cmd( 160):_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.te: Sep 21 07:33:27.040379: | cmd( 240):sting.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.2: Sep 21 07:33:27.040381: | cmd( 320):2.0/24' PLUTO_MY_CLIENT_NET='192.0.22.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PL: Sep 21 07:33:27.040383: | cmd( 400):UTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP': Sep 21 07:33:27.040384: | cmd( 480): PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan: Sep 21 07:33:27.040386: | cmd( 560):, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libre: Sep 21 07:33:27.040389: | cmd( 640):swan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLU: Sep 21 07:33:27.040397: | cmd( 720):TO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' : Sep 21 07:33:27.040401: | cmd( 800):PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=: Sep 21 07:33:27.040404: | cmd( 880):Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUT: Sep 21 07:33:27.040406: | cmd( 960):O_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRA: Sep 21 07:33:27.040408: | cmd(1040):CK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY=': Sep 21 07:33:27.040411: | cmd(1120):ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_D: Sep 21 07:33:27.040413: | cmd(1200):OMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLU: Sep 21 07:33:27.040416: | cmd(1280):TO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x577e: Sep 21 07:33:27.040418: | cmd(1360):f0d0 SPI_OUT=0x961469d3 ipsec _updown 2>&1: Sep 21 07:33:27.048499: | route_and_eroute: firewall_notified: true Sep 21 07:33:27.048512: | running updown command "ipsec _updown" for verb prepare Sep 21 07:33:27.048516: | command executing prepare-client Sep 21 07:33:27.048554: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:33:27.048563: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:33:27.048584: | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet-a' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.22.0/24' PLUTO_MY_CLIENT_NET='192.0.22.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_P Sep 21 07:33:27.048587: | popen cmd is 1407 chars long Sep 21 07:33:27.048590: | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastn: Sep 21 07:33:27.048593: | cmd( 80):et-a' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' : Sep 21 07:33:27.048596: | cmd( 160):PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=ea: Sep 21 07:33:27.048598: | cmd( 240):st.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='19: Sep 21 07:33:27.048601: | cmd( 320):2.0.22.0/24' PLUTO_MY_CLIENT_NET='192.0.22.0' PLUTO_MY_CLIENT_MASK='255.255.255.: Sep 21 07:33:27.048603: | cmd( 400):0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE=: Sep 21 07:33:27.048606: | cmd( 480):'ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libr: Sep 21 07:33:27.048608: | cmd( 560):eswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.: Sep 21 07:33:27.048611: | cmd( 640):libreswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0: Sep 21 07:33:27.048614: | cmd( 720):' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL: Sep 21 07:33:27.048616: | cmd( 800):='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department: Sep 21 07:33:27.048619: | cmd( 880):, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey': Sep 21 07:33:27.048625: | cmd( 960): PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SARE: Sep 21 07:33:27.048628: | cmd(1040):F_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAM: Sep 21 07:33:27.048631: | cmd(1120):ILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_P: Sep 21 07:33:27.048633: | cmd(1200):EER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0: Sep 21 07:33:27.048636: | cmd(1280):' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0: Sep 21 07:33:27.048638: | cmd(1360):x577ef0d0 SPI_OUT=0x961469d3 ipsec _updown 2>&1: Sep 21 07:33:27.055010: | running updown command "ipsec _updown" for verb route Sep 21 07:33:27.055022: | command executing route-client Sep 21 07:33:27.055059: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:33:27.055068: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:33:27.055089: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet-a' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.22.0/24' PLUTO_MY_CLIENT_NET='192.0.22.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLIC Sep 21 07:33:27.055092: | popen cmd is 1405 chars long Sep 21 07:33:27.055096: | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet: Sep 21 07:33:27.055099: | cmd( 80):-a' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PL: Sep 21 07:33:27.055102: | cmd( 160):UTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east: Sep 21 07:33:27.055104: | cmd( 240):.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='192.: Sep 21 07:33:27.055107: | cmd( 320):0.22.0/24' PLUTO_MY_CLIENT_NET='192.0.22.0' PLUTO_MY_CLIENT_MASK='255.255.255.0': Sep 21 07:33:27.055110: | cmd( 400): PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='E: Sep 21 07:33:27.055112: | cmd( 480):SP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libres: Sep 21 07:33:27.055115: | cmd( 560):wan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.li: Sep 21 07:33:27.055118: | cmd( 640):breswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' : Sep 21 07:33:27.055121: | cmd( 720):PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL=': Sep 21 07:33:27.055123: | cmd( 800):0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, : Sep 21 07:33:27.055126: | cmd( 880):CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' P: Sep 21 07:33:27.055129: | cmd( 960):LUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_: Sep 21 07:33:27.055131: | cmd(1040):TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMIL: Sep 21 07:33:27.055134: | cmd(1120):Y='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEE: Sep 21 07:33:27.055137: | cmd(1200):R_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' : Sep 21 07:33:27.055145: | cmd(1280):PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x5: Sep 21 07:33:27.055147: | cmd(1360):77ef0d0 SPI_OUT=0x961469d3 ipsec _updown 2>&1: Sep 21 07:33:27.063719: | route_and_eroute: instance "northnet-eastnet-a", setting eroute_owner {spd=0x55bbb7a65560,sr=0x55bbb7a65560} to #2 (was #0) (newest_ipsec_sa=#0) Sep 21 07:33:27.063735: | #1 spent 0.751 milliseconds in install_ipsec_sa() Sep 21 07:33:27.063740: | inI2: instance northnet-eastnet-a[0], setting IKEv1 newest_ipsec_sa to #2 (was #0) (spd.eroute=#2) cloned from #1 Sep 21 07:33:27.063743: | DPD: dpd_init() called on IPsec SA Sep 21 07:33:27.063745: | DPD: Peer does not support Dead Peer Detection Sep 21 07:33:27.063748: | complete v1 state transition with STF_OK Sep 21 07:33:27.063754: | [RE]START processing: state #2 connection "northnet-eastnet-a" from 192.1.3.33:500 (in complete_v1_state_transition() at ikev1.c:2649) Sep 21 07:33:27.063757: | #2 is idle Sep 21 07:33:27.063760: | doing_xauth:no, t_xauth_client_done:no Sep 21 07:33:27.063762: | IKEv1: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2 Sep 21 07:33:27.063766: | child state #2: QUICK_R1(established CHILD SA) => QUICK_R2(established CHILD SA) Sep 21 07:33:27.063769: | event_already_set, deleting event Sep 21 07:33:27.063772: | state #2 requesting EVENT_RETRANSMIT to be deleted Sep 21 07:33:27.063775: | #2 STATE_QUICK_R2: retransmits: cleared Sep 21 07:33:27.063780: | libevent_free: release ptr-libevent@0x7f928c006900 Sep 21 07:33:27.063788: | free_event_entry: release EVENT_RETRANSMIT-pe@0x55bbb7a6fb50 Sep 21 07:33:27.063793: | !event_already_set at reschedule Sep 21 07:33:27.063796: | event_schedule: new EVENT_SA_REPLACE-pe@0x55bbb7a6fb50 Sep 21 07:33:27.063800: | inserting event EVENT_SA_REPLACE, timeout in 28530 seconds for #2 Sep 21 07:33:27.063803: | libevent_malloc: new ptr-libevent@0x7f928c006900 size 128 Sep 21 07:33:27.063807: | pstats #2 ikev1.ipsec established Sep 21 07:33:27.063811: | NAT-T: encaps is 'auto' Sep 21 07:33:27.063816: "northnet-eastnet-a" #2: STATE_QUICK_R2: IPsec SA established tunnel mode {ESP=>0x577ef0d0 <0x961469d3 xfrm=AES_CBC_128-HMAC_SHA1_96 NATOA=none NATD=none DPD=passive} Sep 21 07:33:27.063819: | modecfg pull: noquirk policy:push not-client Sep 21 07:33:27.063821: | phase 1 is done, looking for phase 2 to unpend Sep 21 07:33:27.063826: | #2 spent 0.84 milliseconds in process_packet_tail() Sep 21 07:33:27.063831: | stop processing: from 192.1.3.33:500 (BACKGROUND) (in process_md() at demux.c:380) Sep 21 07:33:27.063836: | stop processing: state #2 connection "northnet-eastnet-a" from 192.1.3.33:500 (in process_md() at demux.c:382) Sep 21 07:33:27.063839: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:33:27.063843: | spent 0.993 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:33:27.063854: | processing signal PLUTO_SIGCHLD Sep 21 07:33:27.063859: | waitpid returned ECHILD (no child processes left) Sep 21 07:33:27.063862: | spent 0.00464 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:33:27.063865: | processing signal PLUTO_SIGCHLD Sep 21 07:33:27.063868: | waitpid returned ECHILD (no child processes left) Sep 21 07:33:27.063871: | spent 0.00325 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:33:27.063874: | processing signal PLUTO_SIGCHLD Sep 21 07:33:27.063877: | waitpid returned ECHILD (no child processes left) Sep 21 07:33:27.063880: | spent 0.00329 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:33:44.200832: | processing global timer EVENT_SHUNT_SCAN Sep 21 07:33:44.200850: | expiring aged bare shunts from shunt table Sep 21 07:33:44.200856: | spent 0.00428 milliseconds in global timer EVENT_SHUNT_SCAN Sep 21 07:33:46.979012: | processing global timer EVENT_NAT_T_KEEPALIVE Sep 21 07:33:46.979028: | FOR_EACH_STATE_... in nat_traversal_ka_event (for_each_state) Sep 21 07:33:46.979033: | start processing: state #2 connection "northnet-eastnet-a" from 192.1.3.33:500 (in for_each_state() at state.c:1572) Sep 21 07:33:46.979040: | not behind NAT: no NAT-T KEEP-ALIVE required for conn northnet-eastnet-a Sep 21 07:33:46.979044: | [RE]START processing: state #2 connection "northnet-eastnet-a" from 192.1.3.33:500 (in nat_traversal_send_ka() at nat_traversal.c:773) Sep 21 07:33:46.979046: | ka_event: send NAT-KA to 192.1.3.33:500 (state=#2) Sep 21 07:33:46.979048: | sending NAT-T Keep Alive Sep 21 07:33:46.979052: | sending 1 bytes for NAT-T Keep Alive through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #2) Sep 21 07:33:46.979054: | ff Sep 21 07:33:46.979106: | stop processing: state #2 connection "northnet-eastnet-a" from 192.1.3.33:500 (in nat_traversal_send_ka() at nat_traversal.c:782) Sep 21 07:33:46.979110: | processing: STOP state #0 (in for_each_state() at state.c:1574) Sep 21 07:33:46.979113: | start processing: state #1 connection "northnet-eastnet-b" from 192.1.3.33:500 (in for_each_state() at state.c:1572) Sep 21 07:33:46.979115: | not behind NAT: no NAT-T KEEP-ALIVE required for conn northnet-eastnet-b Sep 21 07:33:46.979117: | stop processing: state #1 connection "northnet-eastnet-b" from 192.1.3.33:500 (in for_each_state() at state.c:1574) Sep 21 07:33:46.979119: | global one-shot timer EVENT_NAT_T_KEEPALIVE scheduled in 20 seconds Sep 21 07:33:46.979124: | spent 0.0686 milliseconds in global timer EVENT_NAT_T_KEEPALIVE Sep 21 07:34:04.199932: | processing global timer EVENT_SHUNT_SCAN Sep 21 07:34:04.199948: | expiring aged bare shunts from shunt table Sep 21 07:34:04.199953: | spent 0.00384 milliseconds in global timer EVENT_SHUNT_SCAN Sep 21 07:34:06.981702: | processing global timer EVENT_NAT_T_KEEPALIVE Sep 21 07:34:06.981720: | FOR_EACH_STATE_... in nat_traversal_ka_event (for_each_state) Sep 21 07:34:06.981727: | start processing: state #2 connection "northnet-eastnet-a" from 192.1.3.33:500 (in for_each_state() at state.c:1572) Sep 21 07:34:06.981729: | not behind NAT: no NAT-T KEEP-ALIVE required for conn northnet-eastnet-a Sep 21 07:34:06.981732: | [RE]START processing: state #2 connection "northnet-eastnet-a" from 192.1.3.33:500 (in nat_traversal_send_ka() at nat_traversal.c:773) Sep 21 07:34:06.981735: | ka_event: send NAT-KA to 192.1.3.33:500 (state=#2) Sep 21 07:34:06.981736: | sending NAT-T Keep Alive Sep 21 07:34:06.981741: | sending 1 bytes for NAT-T Keep Alive through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #2) Sep 21 07:34:06.981743: | ff Sep 21 07:34:06.981812: | stop processing: state #2 connection "northnet-eastnet-a" from 192.1.3.33:500 (in nat_traversal_send_ka() at nat_traversal.c:782) Sep 21 07:34:06.981817: | processing: STOP state #0 (in for_each_state() at state.c:1574) Sep 21 07:34:06.981821: | start processing: state #1 connection "northnet-eastnet-b" from 192.1.3.33:500 (in for_each_state() at state.c:1572) Sep 21 07:34:06.981822: | not behind NAT: no NAT-T KEEP-ALIVE required for conn northnet-eastnet-b Sep 21 07:34:06.981825: | stop processing: state #1 connection "northnet-eastnet-b" from 192.1.3.33:500 (in for_each_state() at state.c:1574) Sep 21 07:34:06.981828: | global one-shot timer EVENT_NAT_T_KEEPALIVE scheduled in 20 seconds Sep 21 07:34:06.981832: | spent 0.0672 milliseconds in global timer EVENT_NAT_T_KEEPALIVE Sep 21 07:34:12.028031: | spent 0.00315 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:34:12.028054: | *received 792 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) Sep 21 07:34:12.028057: | 83 26 94 dc 76 34 ec a4 00 00 00 00 00 00 00 00 Sep 21 07:34:12.028060: | 01 10 02 00 00 00 00 00 00 00 03 18 0d 00 02 84 Sep 21 07:34:12.028062: | 00 00 00 01 00 00 00 01 00 00 02 78 00 01 00 12 Sep 21 07:34:12.028065: | 03 00 00 24 00 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:34:12.028067: | 80 01 00 07 80 02 00 04 80 03 00 03 80 04 00 0e Sep 21 07:34:12.028070: | 80 0e 01 00 03 00 00 24 01 01 00 00 80 0b 00 01 Sep 21 07:34:12.028072: | 80 0c 0e 10 80 01 00 07 80 02 00 04 80 03 00 03 Sep 21 07:34:12.028075: | 80 04 00 0e 80 0e 00 80 03 00 00 24 02 01 00 00 Sep 21 07:34:12.028080: | 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 06 Sep 21 07:34:12.028082: | 80 03 00 03 80 04 00 0e 80 0e 01 00 03 00 00 24 Sep 21 07:34:12.028085: | 03 01 00 00 80 0b 00 01 80 0c 0e 10 80 01 00 07 Sep 21 07:34:12.028087: | 80 02 00 06 80 03 00 03 80 04 00 0e 80 0e 00 80 Sep 21 07:34:12.028089: | 03 00 00 24 04 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:34:12.028092: | 80 01 00 07 80 02 00 02 80 03 00 03 80 04 00 0e Sep 21 07:34:12.028094: | 80 0e 01 00 03 00 00 24 05 01 00 00 80 0b 00 01 Sep 21 07:34:12.028097: | 80 0c 0e 10 80 01 00 07 80 02 00 02 80 03 00 03 Sep 21 07:34:12.028099: | 80 04 00 0e 80 0e 00 80 03 00 00 24 06 01 00 00 Sep 21 07:34:12.028101: | 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 04 Sep 21 07:34:12.028104: | 80 03 00 03 80 04 00 05 80 0e 01 00 03 00 00 24 Sep 21 07:34:12.028106: | 07 01 00 00 80 0b 00 01 80 0c 0e 10 80 01 00 07 Sep 21 07:34:12.028109: | 80 02 00 04 80 03 00 03 80 04 00 05 80 0e 00 80 Sep 21 07:34:12.028111: | 03 00 00 24 08 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:34:12.028114: | 80 01 00 07 80 02 00 06 80 03 00 03 80 04 00 05 Sep 21 07:34:12.028116: | 80 0e 01 00 03 00 00 24 09 01 00 00 80 0b 00 01 Sep 21 07:34:12.028119: | 80 0c 0e 10 80 01 00 07 80 02 00 06 80 03 00 03 Sep 21 07:34:12.028121: | 80 04 00 05 80 0e 00 80 03 00 00 24 0a 01 00 00 Sep 21 07:34:12.028123: | 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 02 Sep 21 07:34:12.028126: | 80 03 00 03 80 04 00 05 80 0e 01 00 03 00 00 24 Sep 21 07:34:12.028128: | 0b 01 00 00 80 0b 00 01 80 0c 0e 10 80 01 00 07 Sep 21 07:34:12.028131: | 80 02 00 02 80 03 00 03 80 04 00 05 80 0e 00 80 Sep 21 07:34:12.028133: | 03 00 00 20 0c 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:34:12.028135: | 80 01 00 05 80 02 00 04 80 03 00 03 80 04 00 0e Sep 21 07:34:12.028138: | 03 00 00 20 0d 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:34:12.028140: | 80 01 00 05 80 02 00 06 80 03 00 03 80 04 00 0e Sep 21 07:34:12.028143: | 03 00 00 20 0e 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:34:12.028145: | 80 01 00 05 80 02 00 02 80 03 00 03 80 04 00 0e Sep 21 07:34:12.028148: | 03 00 00 20 0f 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:34:12.028150: | 80 01 00 05 80 02 00 04 80 03 00 03 80 04 00 05 Sep 21 07:34:12.028152: | 03 00 00 20 10 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:34:12.028155: | 80 01 00 05 80 02 00 06 80 03 00 03 80 04 00 05 Sep 21 07:34:12.028157: | 00 00 00 20 11 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:34:12.028160: | 80 01 00 05 80 02 00 02 80 03 00 03 80 04 00 05 Sep 21 07:34:12.028162: | 0d 00 00 14 40 48 b7 d5 6e bc e8 85 25 e7 de 7f Sep 21 07:34:12.028165: | 00 d6 c2 d3 0d 00 00 14 af ca d7 13 68 a1 f1 c9 Sep 21 07:34:12.028167: | 6b 86 96 fc 77 57 01 00 0d 00 00 14 4a 13 1c 81 Sep 21 07:34:12.028169: | 07 03 58 45 5c 57 28 f2 0e 95 45 2f 0d 00 00 14 Sep 21 07:34:12.028172: | 7d 94 19 a6 53 10 ca 6f 2c 17 9d 92 15 52 9d 56 Sep 21 07:34:12.028174: | 0d 00 00 14 90 cb 80 91 3e bb 69 6e 08 63 81 b5 Sep 21 07:34:12.028177: | ec 42 7b 1f 00 00 00 14 cd 60 46 43 35 df 21 f8 Sep 21 07:34:12.028179: | 7c fd b2 fc 68 b6 a4 48 Sep 21 07:34:12.028184: | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) Sep 21 07:34:12.028188: | **parse ISAKMP Message: Sep 21 07:34:12.028191: | initiator cookie: Sep 21 07:34:12.028194: | 83 26 94 dc 76 34 ec a4 Sep 21 07:34:12.028196: | responder cookie: Sep 21 07:34:12.028198: | 00 00 00 00 00 00 00 00 Sep 21 07:34:12.028201: | next payload type: ISAKMP_NEXT_SA (0x1) Sep 21 07:34:12.028204: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:34:12.028207: | exchange type: ISAKMP_XCHG_IDPROT (0x2) Sep 21 07:34:12.028210: | flags: none (0x0) Sep 21 07:34:12.028212: | Message ID: 0 (0x0) Sep 21 07:34:12.028215: | length: 792 (0x318) Sep 21 07:34:12.028218: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) Sep 21 07:34:12.028223: | State DB: IKEv1 state not found (find_state_ikev1_init) Sep 21 07:34:12.028226: | #null state always idle Sep 21 07:34:12.028230: | got payload 0x2 (ISAKMP_NEXT_SA) needed: 0x2 opt: 0x2080 Sep 21 07:34:12.028233: | ***parse ISAKMP Security Association Payload: Sep 21 07:34:12.028236: | next payload type: ISAKMP_NEXT_VID (0xd) Sep 21 07:34:12.028238: | length: 644 (0x284) Sep 21 07:34:12.028241: | DOI: ISAKMP_DOI_IPSEC (0x1) Sep 21 07:34:12.028244: | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 Sep 21 07:34:12.028247: | ***parse ISAKMP Vendor ID Payload: Sep 21 07:34:12.028249: | next payload type: ISAKMP_NEXT_VID (0xd) Sep 21 07:34:12.028252: | length: 20 (0x14) Sep 21 07:34:12.028254: | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 Sep 21 07:34:12.028257: | ***parse ISAKMP Vendor ID Payload: Sep 21 07:34:12.028260: | next payload type: ISAKMP_NEXT_VID (0xd) Sep 21 07:34:12.028262: | length: 20 (0x14) Sep 21 07:34:12.028265: | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 Sep 21 07:34:12.028267: | ***parse ISAKMP Vendor ID Payload: Sep 21 07:34:12.028270: | next payload type: ISAKMP_NEXT_VID (0xd) Sep 21 07:34:12.028272: | length: 20 (0x14) Sep 21 07:34:12.028275: | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 Sep 21 07:34:12.028277: | ***parse ISAKMP Vendor ID Payload: Sep 21 07:34:12.028280: | next payload type: ISAKMP_NEXT_VID (0xd) Sep 21 07:34:12.028282: | length: 20 (0x14) Sep 21 07:34:12.028285: | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 Sep 21 07:34:12.028288: | ***parse ISAKMP Vendor ID Payload: Sep 21 07:34:12.028290: | next payload type: ISAKMP_NEXT_VID (0xd) Sep 21 07:34:12.028293: | length: 20 (0x14) Sep 21 07:34:12.028295: | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 Sep 21 07:34:12.028298: | ***parse ISAKMP Vendor ID Payload: Sep 21 07:34:12.028300: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:12.028303: | length: 20 (0x14) Sep 21 07:34:12.028306: | message 'main_inI1_outR1' HASH payload not checked early Sep 21 07:34:12.028311: | received Vendor ID payload [FRAGMENTATION] Sep 21 07:34:12.028315: | received Vendor ID payload [Dead Peer Detection] Sep 21 07:34:12.028318: | quirks.qnat_traversal_vid set to=117 [RFC 3947] Sep 21 07:34:12.028321: | received Vendor ID payload [RFC 3947] Sep 21 07:34:12.028324: | Ignoring older NAT-T Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] Sep 21 07:34:12.028327: | ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] Sep 21 07:34:12.028330: | Ignoring older NAT-T Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] Sep 21 07:34:12.028333: | ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] Sep 21 07:34:12.028335: | Ignoring older NAT-T Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] Sep 21 07:34:12.028338: | ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] Sep 21 07:34:12.028340: | in statetime_start() with no state Sep 21 07:34:12.028346: | find_host_connection local=192.1.2.23:500 remote=192.1.3.33:500 policy=IKEV1_ALLOW but ignoring ports Sep 21 07:34:12.028352: | find_host_pair: comparing 192.1.2.23:500 to 192.1.3.33:500 but ignoring ports Sep 21 07:34:12.028355: | find_next_host_connection policy=IKEV1_ALLOW Sep 21 07:34:12.028359: | found policy = RSASIG+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (northnet-eastnet-b) Sep 21 07:34:12.028362: | find_next_host_connection returns northnet-eastnet-b Sep 21 07:34:12.028387: | creating state object #3 at 0x55bbb7a78dd0 Sep 21 07:34:12.028390: | State DB: adding IKEv1 state #3 in UNDEFINED Sep 21 07:34:12.028399: | pstats #3 ikev1.isakmp started Sep 21 07:34:12.028404: | #3 updating local interface from to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2668) Sep 21 07:34:12.028410: | start processing: state #3 connection "northnet-eastnet-b" from 192.1.3.33:500 (in main_inI1_outR1() at ikev1_main.c:667) Sep 21 07:34:12.028413: | parent state #3: UNDEFINED(ignore) => MAIN_R0(half-open IKE SA) Sep 21 07:34:12.028418: | sender checking NAT-T: enabled; VID 117 Sep 21 07:34:12.028421: | returning NAT-T method NAT_TRAVERSAL_METHOD_IETF_RFC Sep 21 07:34:12.028424: | enabling possible NAT-traversal with method RFC 3947 (NAT-Traversal) Sep 21 07:34:12.028426: | ICOOKIE-DUMP: 83 26 94 dc 76 34 ec a4 Sep 21 07:34:12.028429: "northnet-eastnet-b" #3: responding to Main Mode Sep 21 07:34:12.028434: | **emit ISAKMP Message: Sep 21 07:34:12.028437: | initiator cookie: Sep 21 07:34:12.028439: | 83 26 94 dc 76 34 ec a4 Sep 21 07:34:12.028442: | responder cookie: Sep 21 07:34:12.028444: | 7f 9b 03 f4 eb 6f 2e 92 Sep 21 07:34:12.028447: | next payload type: ISAKMP_NEXT_SA (0x1) Sep 21 07:34:12.028449: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:34:12.028452: | exchange type: ISAKMP_XCHG_IDPROT (0x2) Sep 21 07:34:12.028454: | flags: none (0x0) Sep 21 07:34:12.028457: | Message ID: 0 (0x0) Sep 21 07:34:12.028460: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:34:12.028463: | next payload chain: ignoring supplied 'ISAKMP Message'.'next payload type' value 1:ISAKMP_NEXT_SA Sep 21 07:34:12.028466: | ***emit ISAKMP Security Association Payload: Sep 21 07:34:12.028469: | next payload type: ISAKMP_NEXT_VID (0xd) Sep 21 07:34:12.028471: | DOI: ISAKMP_DOI_IPSEC (0x1) Sep 21 07:34:12.028474: | next payload chain: ignoring supplied 'ISAKMP Security Association Payload'.'next payload type' value 13:ISAKMP_NEXT_VID Sep 21 07:34:12.028478: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Security Association Payload (1:ISAKMP_NEXT_SA) Sep 21 07:34:12.028481: | next payload chain: saving location 'ISAKMP Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:34:12.028484: | ****parse IPsec DOI SIT: Sep 21 07:34:12.028486: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) Sep 21 07:34:12.028489: | ****parse ISAKMP Proposal Payload: Sep 21 07:34:12.028492: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:12.028494: | length: 632 (0x278) Sep 21 07:34:12.028497: | proposal number: 0 (0x0) Sep 21 07:34:12.028499: | protocol ID: PROTO_ISAKMP (0x1) Sep 21 07:34:12.028502: | SPI size: 0 (0x0) Sep 21 07:34:12.028504: | number of transforms: 18 (0x12) Sep 21 07:34:12.028507: | *****parse ISAKMP Transform Payload (ISAKMP): Sep 21 07:34:12.028510: | next payload type: ISAKMP_NEXT_T (0x3) Sep 21 07:34:12.028512: | length: 36 (0x24) Sep 21 07:34:12.028515: | ISAKMP transform number: 0 (0x0) Sep 21 07:34:12.028517: | ISAKMP transform ID: KEY_IKE (0x1) Sep 21 07:34:12.028520: | ******parse ISAKMP Oakley attribute: Sep 21 07:34:12.028523: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Sep 21 07:34:12.028526: | length/value: 1 (0x1) Sep 21 07:34:12.028529: | [1 is OAKLEY_LIFE_SECONDS] Sep 21 07:34:12.028531: | ******parse ISAKMP Oakley attribute: Sep 21 07:34:12.028534: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Sep 21 07:34:12.028537: | length/value: 3600 (0xe10) Sep 21 07:34:12.028539: | ******parse ISAKMP Oakley attribute: Sep 21 07:34:12.028542: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Sep 21 07:34:12.028544: | length/value: 7 (0x7) Sep 21 07:34:12.028547: | [7 is OAKLEY_AES_CBC] Sep 21 07:34:12.028550: | ******parse ISAKMP Oakley attribute: Sep 21 07:34:12.028553: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Sep 21 07:34:12.028555: | length/value: 4 (0x4) Sep 21 07:34:12.028558: | [4 is OAKLEY_SHA2_256] Sep 21 07:34:12.028561: | ******parse ISAKMP Oakley attribute: Sep 21 07:34:12.028564: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Sep 21 07:34:12.028566: | length/value: 3 (0x3) Sep 21 07:34:12.028568: | [3 is OAKLEY_RSA_SIG] Sep 21 07:34:12.028571: | ******parse ISAKMP Oakley attribute: Sep 21 07:34:12.028574: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Sep 21 07:34:12.028576: | length/value: 14 (0xe) Sep 21 07:34:12.028581: | [14 is OAKLEY_GROUP_MODP2048] Sep 21 07:34:12.028583: | ******parse ISAKMP Oakley attribute: Sep 21 07:34:12.028586: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) Sep 21 07:34:12.028589: | length/value: 256 (0x100) Sep 21 07:34:12.028592: | OAKLEY proposal verified unconditionally; no alg_info to check against Sep 21 07:34:12.028594: | Oakley Transform 0 accepted Sep 21 07:34:12.028597: | ****emit IPsec DOI SIT: Sep 21 07:34:12.028599: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) Sep 21 07:34:12.028602: | ****emit ISAKMP Proposal Payload: Sep 21 07:34:12.028605: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:12.028607: | proposal number: 0 (0x0) Sep 21 07:34:12.028610: | protocol ID: PROTO_ISAKMP (0x1) Sep 21 07:34:12.028612: | SPI size: 0 (0x0) Sep 21 07:34:12.028615: | number of transforms: 1 (0x1) Sep 21 07:34:12.028618: | last substructure: saving location 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' Sep 21 07:34:12.028621: | *****emit ISAKMP Transform Payload (ISAKMP): Sep 21 07:34:12.028624: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:12.028626: | ISAKMP transform number: 0 (0x0) Sep 21 07:34:12.028629: | ISAKMP transform ID: KEY_IKE (0x1) Sep 21 07:34:12.028632: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Sep 21 07:34:12.028635: | emitting 28 raw bytes of attributes into ISAKMP Transform Payload (ISAKMP) Sep 21 07:34:12.028638: | attributes 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 04 Sep 21 07:34:12.028641: | attributes 80 03 00 03 80 04 00 0e 80 0e 01 00 Sep 21 07:34:12.028643: | emitting length of ISAKMP Transform Payload (ISAKMP): 36 Sep 21 07:34:12.028646: | emitting length of ISAKMP Proposal Payload: 44 Sep 21 07:34:12.028649: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is 0 Sep 21 07:34:12.028652: | emitting length of ISAKMP Security Association Payload: 56 Sep 21 07:34:12.028655: | last substructure: checking 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' is 0 Sep 21 07:34:12.028658: | out_vid(): sending [FRAGMENTATION] Sep 21 07:34:12.028660: | ***emit ISAKMP Vendor ID Payload: Sep 21 07:34:12.028663: | next payload type: ISAKMP_NEXT_VID (0xd) Sep 21 07:34:12.028666: | next payload chain: ignoring supplied 'ISAKMP Vendor ID Payload'.'next payload type' value 13:ISAKMP_NEXT_VID Sep 21 07:34:12.028669: | next payload chain: setting previous 'ISAKMP Security Association Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) Sep 21 07:34:12.028672: | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' Sep 21 07:34:12.028675: | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload Sep 21 07:34:12.028678: | V_ID 40 48 b7 d5 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3 Sep 21 07:34:12.028680: | emitting length of ISAKMP Vendor ID Payload: 20 Sep 21 07:34:12.028683: | out_vid(): sending [Dead Peer Detection] Sep 21 07:34:12.028685: | ***emit ISAKMP Vendor ID Payload: Sep 21 07:34:12.028688: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:12.028691: | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) Sep 21 07:34:12.028694: | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' Sep 21 07:34:12.028696: | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload Sep 21 07:34:12.028699: | V_ID af ca d7 13 68 a1 f1 c9 6b 86 96 fc 77 57 01 00 Sep 21 07:34:12.028702: | emitting length of ISAKMP Vendor ID Payload: 20 Sep 21 07:34:12.028704: | out_vid(): sending [RFC 3947] Sep 21 07:34:12.028707: | ***emit ISAKMP Vendor ID Payload: Sep 21 07:34:12.028709: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:12.028712: | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) Sep 21 07:34:12.028716: | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' Sep 21 07:34:12.028719: | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload Sep 21 07:34:12.028722: | V_ID 4a 13 1c 81 07 03 58 45 5c 57 28 f2 0e 95 45 2f Sep 21 07:34:12.028724: | emitting length of ISAKMP Vendor ID Payload: 20 Sep 21 07:34:12.028727: | no IKEv1 message padding required Sep 21 07:34:12.028729: | emitting length of ISAKMP Message: 144 Sep 21 07:34:12.028733: | complete v1 state transition with STF_OK Sep 21 07:34:12.028739: | [RE]START processing: state #3 connection "northnet-eastnet-b" from 192.1.3.33:500 (in complete_v1_state_transition() at ikev1.c:2649) Sep 21 07:34:12.028741: | #3 is idle Sep 21 07:34:12.028744: | doing_xauth:no, t_xauth_client_done:no Sep 21 07:34:12.028746: | peer supports fragmentation Sep 21 07:34:12.028749: | peer supports DPD Sep 21 07:34:12.028752: | IKEv1: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 Sep 21 07:34:12.028755: | parent state #3: MAIN_R0(half-open IKE SA) => MAIN_R1(open IKE SA) Sep 21 07:34:12.028757: | event_already_set, deleting event Sep 21 07:34:12.028763: | sending reply packet to 192.1.3.33:500 (from 192.1.2.23:500) Sep 21 07:34:12.028769: | sending 144 bytes for STATE_MAIN_R0 through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #3) Sep 21 07:34:12.028772: | 83 26 94 dc 76 34 ec a4 7f 9b 03 f4 eb 6f 2e 92 Sep 21 07:34:12.028774: | 01 10 02 00 00 00 00 00 00 00 00 90 0d 00 00 38 Sep 21 07:34:12.028777: | 00 00 00 01 00 00 00 01 00 00 00 2c 00 01 00 01 Sep 21 07:34:12.028779: | 00 00 00 24 00 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:34:12.028782: | 80 01 00 07 80 02 00 04 80 03 00 03 80 04 00 0e Sep 21 07:34:12.028793: | 80 0e 01 00 0d 00 00 14 40 48 b7 d5 6e bc e8 85 Sep 21 07:34:12.028796: | 25 e7 de 7f 00 d6 c2 d3 0d 00 00 14 af ca d7 13 Sep 21 07:34:12.028798: | 68 a1 f1 c9 6b 86 96 fc 77 57 01 00 00 00 00 14 Sep 21 07:34:12.028801: | 4a 13 1c 81 07 03 58 45 5c 57 28 f2 0e 95 45 2f Sep 21 07:34:12.028831: | !event_already_set at reschedule Sep 21 07:34:12.028835: | event_schedule: new EVENT_SO_DISCARD-pe@0x7f92880041c0 Sep 21 07:34:12.028839: | inserting event EVENT_SO_DISCARD, timeout in 60 seconds for #3 Sep 21 07:34:12.028843: | libevent_malloc: new ptr-libevent@0x7f927c003590 size 128 Sep 21 07:34:12.028846: "northnet-eastnet-b" #3: STATE_MAIN_R1: sent MR1, expecting MI2 Sep 21 07:34:12.028849: | modecfg pull: noquirk policy:push not-client Sep 21 07:34:12.028852: | phase 1 is done, looking for phase 2 to unpend Sep 21 07:34:12.028857: | stop processing: from 192.1.3.33:500 (BACKGROUND) (in process_md() at demux.c:380) Sep 21 07:34:12.028862: | stop processing: state #3 connection "northnet-eastnet-b" from 192.1.3.33:500 (in process_md() at demux.c:382) Sep 21 07:34:12.028865: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:34:12.028870: | spent 0.804 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:34:12.030034: | spent 0.00274 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:34:12.030052: | *received 396 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) Sep 21 07:34:12.030056: | 83 26 94 dc 76 34 ec a4 7f 9b 03 f4 eb 6f 2e 92 Sep 21 07:34:12.030059: | 04 10 02 00 00 00 00 00 00 00 01 8c 0a 00 01 04 Sep 21 07:34:12.030062: | 04 7e 66 1f db 01 88 9d 86 9c e6 b5 3c 62 bb e3 Sep 21 07:34:12.030064: | 03 31 dd 6b cd 09 de e5 53 b6 59 2b 84 15 de fe Sep 21 07:34:12.030067: | 32 39 13 b8 c6 0d a0 84 c9 b3 3c fc d9 f0 20 d9 Sep 21 07:34:12.030069: | 63 8b 55 08 90 e9 cd 34 c3 d1 24 78 c8 59 aa ec Sep 21 07:34:12.030071: | 1e cb 16 61 be c4 cb 83 86 11 01 10 e3 d2 ef 26 Sep 21 07:34:12.030074: | 4c bc 24 fd a8 09 2c fb 5c 97 83 5e 0a 3d fa 36 Sep 21 07:34:12.030077: | 46 d6 b9 23 f8 38 98 87 b9 14 b5 21 39 15 a8 cb Sep 21 07:34:12.030079: | 16 4a 66 97 ed 74 bc dd 69 f1 5b 41 67 46 f3 23 Sep 21 07:34:12.030084: | dc e0 76 fe 2d e7 af d3 e8 6b ce a6 d8 fd 9b 3d Sep 21 07:34:12.030087: | 01 cc 2f e4 05 bd 36 85 8f a4 18 5d 9b 52 a5 c5 Sep 21 07:34:12.030089: | 2f c9 f8 b8 65 db d3 3e 6f 1a ab 38 0b c9 42 87 Sep 21 07:34:12.030092: | ae 64 81 c4 1e 58 9c 73 a3 e3 11 53 15 82 32 70 Sep 21 07:34:12.030094: | 5b 45 48 a3 8c 75 47 e3 c2 7c 72 b9 2e 3c 06 cb Sep 21 07:34:12.030097: | f7 1c 88 23 55 a8 14 c6 88 94 7e f8 d4 2c 84 bf Sep 21 07:34:12.030099: | 62 74 99 78 8d e0 17 f4 1c 56 bb 4f b7 5c bd 84 Sep 21 07:34:12.030102: | 31 31 20 fa 8b 85 18 0e b7 6c 80 14 a9 db de 1f Sep 21 07:34:12.030104: | 14 00 00 24 ca 00 84 5d c0 e0 08 b3 f3 4b 76 6d Sep 21 07:34:12.030107: | 48 42 be 68 5e bb 45 27 55 fb 8a 89 ef e7 ef 0f Sep 21 07:34:12.030109: | 35 18 f8 44 14 00 00 24 c2 95 d3 e9 aa 7e 5a ce Sep 21 07:34:12.030112: | 92 c2 58 83 d6 80 7c fb 2d 14 ed 0b 49 52 23 ea Sep 21 07:34:12.030114: | 94 99 f6 b3 62 c9 a2 4b 00 00 00 24 28 bd 53 be Sep 21 07:34:12.030117: | 95 71 a8 4f 4f a8 8c 69 f7 39 31 ee 45 9a fb 8a Sep 21 07:34:12.030119: | 55 1c e7 2d e2 c4 3f e6 87 55 5e ff Sep 21 07:34:12.030124: | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) Sep 21 07:34:12.030128: | **parse ISAKMP Message: Sep 21 07:34:12.030131: | initiator cookie: Sep 21 07:34:12.030133: | 83 26 94 dc 76 34 ec a4 Sep 21 07:34:12.030136: | responder cookie: Sep 21 07:34:12.030138: | 7f 9b 03 f4 eb 6f 2e 92 Sep 21 07:34:12.030142: | next payload type: ISAKMP_NEXT_KE (0x4) Sep 21 07:34:12.030144: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:34:12.030147: | exchange type: ISAKMP_XCHG_IDPROT (0x2) Sep 21 07:34:12.030150: | flags: none (0x0) Sep 21 07:34:12.030153: | Message ID: 0 (0x0) Sep 21 07:34:12.030155: | length: 396 (0x18c) Sep 21 07:34:12.030159: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) Sep 21 07:34:12.030162: | State DB: found IKEv1 state #3 in MAIN_R1 (find_state_ikev1) Sep 21 07:34:12.030168: | start processing: state #3 connection "northnet-eastnet-b" from 192.1.3.33:500 (in process_v1_packet() at ikev1.c:1435) Sep 21 07:34:12.030171: | #3 is idle Sep 21 07:34:12.030174: | #3 idle Sep 21 07:34:12.030177: | got payload 0x10 (ISAKMP_NEXT_KE) needed: 0x410 opt: 0x102080 Sep 21 07:34:12.030180: | ***parse ISAKMP Key Exchange Payload: Sep 21 07:34:12.030183: | next payload type: ISAKMP_NEXT_NONCE (0xa) Sep 21 07:34:12.030185: | length: 260 (0x104) Sep 21 07:34:12.030189: | got payload 0x400 (ISAKMP_NEXT_NONCE) needed: 0x400 opt: 0x102080 Sep 21 07:34:12.030192: | ***parse ISAKMP Nonce Payload: Sep 21 07:34:12.030194: | next payload type: ISAKMP_NEXT_NATD_RFC (0x14) Sep 21 07:34:12.030196: | length: 36 (0x24) Sep 21 07:34:12.030199: | got payload 0x100000 (ISAKMP_NEXT_NATD_RFC) needed: 0x0 opt: 0x102080 Sep 21 07:34:12.030202: | ***parse ISAKMP NAT-D Payload: Sep 21 07:34:12.030205: | next payload type: ISAKMP_NEXT_NATD_RFC (0x14) Sep 21 07:34:12.030208: | length: 36 (0x24) Sep 21 07:34:12.030211: | got payload 0x100000 (ISAKMP_NEXT_NATD_RFC) needed: 0x0 opt: 0x102080 Sep 21 07:34:12.030213: | ***parse ISAKMP NAT-D Payload: Sep 21 07:34:12.030216: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:12.030219: | length: 36 (0x24) Sep 21 07:34:12.030222: | message 'main_inI2_outR2' HASH payload not checked early Sep 21 07:34:12.030228: | init checking NAT-T: enabled; RFC 3947 (NAT-Traversal) Sep 21 07:34:12.030240: | natd_hash: hasher=0x55bbb6680c40(32) Sep 21 07:34:12.030244: | natd_hash: icookie= 83 26 94 dc 76 34 ec a4 Sep 21 07:34:12.030247: | natd_hash: rcookie= 7f 9b 03 f4 eb 6f 2e 92 Sep 21 07:34:12.030249: | natd_hash: ip= c0 01 02 17 Sep 21 07:34:12.030252: | natd_hash: port= 01 f4 Sep 21 07:34:12.030254: | natd_hash: hash= c2 95 d3 e9 aa 7e 5a ce 92 c2 58 83 d6 80 7c fb Sep 21 07:34:12.030257: | natd_hash: hash= 2d 14 ed 0b 49 52 23 ea 94 99 f6 b3 62 c9 a2 4b Sep 21 07:34:12.030269: | natd_hash: hasher=0x55bbb6680c40(32) Sep 21 07:34:12.030273: | natd_hash: icookie= 83 26 94 dc 76 34 ec a4 Sep 21 07:34:12.030275: | natd_hash: rcookie= 7f 9b 03 f4 eb 6f 2e 92 Sep 21 07:34:12.030278: | natd_hash: ip= c0 01 03 21 Sep 21 07:34:12.030280: | natd_hash: port= 01 f4 Sep 21 07:34:12.030283: | natd_hash: hash= 28 bd 53 be 95 71 a8 4f 4f a8 8c 69 f7 39 31 ee Sep 21 07:34:12.030286: | natd_hash: hash= 45 9a fb 8a 55 1c e7 2d e2 c4 3f e6 87 55 5e ff Sep 21 07:34:12.030288: | expected NAT-D(me): c2 95 d3 e9 aa 7e 5a ce 92 c2 58 83 d6 80 7c fb Sep 21 07:34:12.030291: | expected NAT-D(me): 2d 14 ed 0b 49 52 23 ea 94 99 f6 b3 62 c9 a2 4b Sep 21 07:34:12.030294: | expected NAT-D(him): Sep 21 07:34:12.030296: | 28 bd 53 be 95 71 a8 4f 4f a8 8c 69 f7 39 31 ee Sep 21 07:34:12.030299: | 45 9a fb 8a 55 1c e7 2d e2 c4 3f e6 87 55 5e ff Sep 21 07:34:12.030302: | received NAT-D: c2 95 d3 e9 aa 7e 5a ce 92 c2 58 83 d6 80 7c fb Sep 21 07:34:12.030304: | received NAT-D: 2d 14 ed 0b 49 52 23 ea 94 99 f6 b3 62 c9 a2 4b Sep 21 07:34:12.030307: | received NAT-D: 28 bd 53 be 95 71 a8 4f 4f a8 8c 69 f7 39 31 ee Sep 21 07:34:12.030310: | received NAT-D: 45 9a fb 8a 55 1c e7 2d e2 c4 3f e6 87 55 5e ff Sep 21 07:34:12.030312: | NAT_TRAVERSAL encaps using auto-detect Sep 21 07:34:12.030315: | NAT_TRAVERSAL this end is NOT behind NAT Sep 21 07:34:12.030318: | NAT_TRAVERSAL that end is NOT behind NAT Sep 21 07:34:12.030321: | NAT_TRAVERSAL nat-keepalive enabled 192.1.3.33 Sep 21 07:34:12.030324: | NAT-Traversal: Result using RFC 3947 (NAT-Traversal) sender port 500: no NAT detected Sep 21 07:34:12.030327: | NAT_T_WITH_KA detected Sep 21 07:34:12.030331: | adding inI2_outR2 KE work-order 5 for state #3 Sep 21 07:34:12.030335: | state #3 requesting EVENT_SO_DISCARD to be deleted Sep 21 07:34:12.030338: | libevent_free: release ptr-libevent@0x7f927c003590 Sep 21 07:34:12.030342: | free_event_entry: release EVENT_SO_DISCARD-pe@0x7f92880041c0 Sep 21 07:34:12.030345: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f92880041c0 Sep 21 07:34:12.030349: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #3 Sep 21 07:34:12.030352: | libevent_malloc: new ptr-libevent@0x7f927c003590 size 128 Sep 21 07:34:12.030361: | complete v1 state transition with STF_SUSPEND Sep 21 07:34:12.030368: | [RE]START processing: state #3 connection "northnet-eastnet-b" from 192.1.3.33:500 (in complete_v1_state_transition() at ikev1.c:2624) Sep 21 07:34:12.030371: | suspending state #3 and saving MD Sep 21 07:34:12.030374: | #3 is busy; has a suspended MD Sep 21 07:34:12.030379: | #3 spent 0.152 milliseconds in process_packet_tail() Sep 21 07:34:12.030384: | stop processing: from 192.1.3.33:500 (BACKGROUND) (in process_md() at demux.c:380) Sep 21 07:34:12.030389: | stop processing: state #3 connection "northnet-eastnet-b" from 192.1.3.33:500 (in process_md() at demux.c:382) Sep 21 07:34:12.030392: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:34:12.030397: | spent 0.352 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:34:12.030397: | crypto helper 6 resuming Sep 21 07:34:12.030413: | crypto helper 6 starting work-order 5 for state #3 Sep 21 07:34:12.030417: | crypto helper 6 doing build KE and nonce (inI2_outR2 KE); request ID 5 Sep 21 07:34:12.030997: | crypto helper 6 finished build KE and nonce (inI2_outR2 KE); request ID 5 time elapsed 0.00058 seconds Sep 21 07:34:12.031006: | (#3) spent 0.585 milliseconds in crypto helper computing work-order 5: inI2_outR2 KE (pcr) Sep 21 07:34:12.031008: | crypto helper 6 sending results from work-order 5 for state #3 to event queue Sep 21 07:34:12.031010: | scheduling resume sending helper answer for #3 Sep 21 07:34:12.031013: | libevent_malloc: new ptr-libevent@0x7f9280006900 size 128 Sep 21 07:34:12.031019: | crypto helper 6 waiting (nothing to do) Sep 21 07:34:12.031028: | processing resume sending helper answer for #3 Sep 21 07:34:12.031037: | start processing: state #3 connection "northnet-eastnet-b" from 192.1.3.33:500 (in resume_handler() at server.c:797) Sep 21 07:34:12.031043: | crypto helper 6 replies to request ID 5 Sep 21 07:34:12.031047: | calling continuation function 0x55bbb65aa630 Sep 21 07:34:12.031050: | main_inI2_outR2_continue for #3: calculated ke+nonce, sending R2 Sep 21 07:34:12.031056: | **emit ISAKMP Message: Sep 21 07:34:12.031059: | initiator cookie: Sep 21 07:34:12.031062: | 83 26 94 dc 76 34 ec a4 Sep 21 07:34:12.031064: | responder cookie: Sep 21 07:34:12.031067: | 7f 9b 03 f4 eb 6f 2e 92 Sep 21 07:34:12.031070: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:12.031073: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:34:12.031076: | exchange type: ISAKMP_XCHG_IDPROT (0x2) Sep 21 07:34:12.031078: | flags: none (0x0) Sep 21 07:34:12.031081: | Message ID: 0 (0x0) Sep 21 07:34:12.031084: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:34:12.031087: | ***emit ISAKMP Key Exchange Payload: Sep 21 07:34:12.031090: | next payload type: ISAKMP_NEXT_NONCE (0xa) Sep 21 07:34:12.031093: | next payload chain: ignoring supplied 'ISAKMP Key Exchange Payload'.'next payload type' value 10:ISAKMP_NEXT_NONCE Sep 21 07:34:12.031096: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Key Exchange Payload (4:ISAKMP_NEXT_KE) Sep 21 07:34:12.031099: | next payload chain: saving location 'ISAKMP Key Exchange Payload'.'next payload type' in 'reply packet' Sep 21 07:34:12.031103: | emitting 256 raw bytes of keyex value into ISAKMP Key Exchange Payload Sep 21 07:34:12.031105: | keyex value 46 75 31 9a d4 b1 60 c4 3f 41 c3 01 e7 64 ac ef Sep 21 07:34:12.031108: | keyex value dd b0 94 14 a1 ed 61 ed 04 5c e7 97 1e 1b fd 5e Sep 21 07:34:12.031111: | keyex value 62 8f 7c 37 ee 2a fe 0a a8 96 cb 70 29 78 28 ea Sep 21 07:34:12.031113: | keyex value 17 30 aa e1 9c ef b5 e8 b7 c8 22 a4 85 75 4d 3a Sep 21 07:34:12.031116: | keyex value 09 bd 19 d8 c2 41 ef bf c2 78 7f 9c 2a d4 0d 3e Sep 21 07:34:12.031119: | keyex value c8 75 74 88 ca 1d 7e 09 c6 69 c0 d3 1a 22 a7 f9 Sep 21 07:34:12.031121: | keyex value b2 62 f3 e5 4c 1e 52 1f 97 a6 ce 8c e8 2f 16 6a Sep 21 07:34:12.031123: | keyex value c1 18 fa b2 7d c7 ee 3b 21 af c4 19 b3 c2 35 aa Sep 21 07:34:12.031126: | keyex value 34 47 4f 2b da 34 20 68 27 69 51 bf e0 a6 88 12 Sep 21 07:34:12.031128: | keyex value a3 51 95 27 56 3e 54 89 23 d4 0a 29 87 ba 6b 5a Sep 21 07:34:12.031131: | keyex value c0 1a 59 1e 04 82 ec ef e3 9d bf cd a2 ef 73 8e Sep 21 07:34:12.031133: | keyex value d1 16 8d b2 54 3b 4a c2 16 23 48 37 09 34 9f 2b Sep 21 07:34:12.031136: | keyex value 77 aa 28 f0 d1 6f b5 9c 35 67 bc 25 54 42 62 80 Sep 21 07:34:12.031139: | keyex value 6b 36 68 88 80 c4 ea 4d ce a4 0b 39 bb 0a 03 9c Sep 21 07:34:12.031141: | keyex value 98 d5 6f b4 bf 92 9c 51 5a e2 8e 70 3b c2 c5 34 Sep 21 07:34:12.031144: | keyex value 62 6a 89 4a 51 64 0f 82 95 21 f2 b5 0d a1 38 a1 Sep 21 07:34:12.031146: | emitting length of ISAKMP Key Exchange Payload: 260 Sep 21 07:34:12.031149: | ***emit ISAKMP Nonce Payload: Sep 21 07:34:12.031152: | next payload type: ISAKMP_NEXT_CR (0x7) Sep 21 07:34:12.031156: | next payload chain: ignoring supplied 'ISAKMP Nonce Payload'.'next payload type' value 7:ISAKMP_NEXT_CR Sep 21 07:34:12.031159: | next payload chain: setting previous 'ISAKMP Key Exchange Payload'.'next payload type' to current ISAKMP Nonce Payload (10:ISAKMP_NEXT_NONCE) Sep 21 07:34:12.031162: | next payload chain: saving location 'ISAKMP Nonce Payload'.'next payload type' in 'reply packet' Sep 21 07:34:12.031165: | emitting 32 raw bytes of Nr into ISAKMP Nonce Payload Sep 21 07:34:12.031168: | Nr 39 df ff 87 6a e3 3b 31 82 46 53 ee 4a 1d 48 4c Sep 21 07:34:12.031170: | Nr b8 06 05 d3 bf 69 f6 6f ab 50 c0 1e 16 8d 6f 3b Sep 21 07:34:12.031173: | emitting length of ISAKMP Nonce Payload: 36 Sep 21 07:34:12.031176: | ***emit ISAKMP Certificate RequestPayload: Sep 21 07:34:12.031180: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:12.031184: | cert type: CERT_X509_SIGNATURE (0x4) Sep 21 07:34:12.031188: | next payload chain: setting previous 'ISAKMP Nonce Payload'.'next payload type' to current ISAKMP Certificate RequestPayload (7:ISAKMP_NEXT_CR) Sep 21 07:34:12.031191: | next payload chain: saving location 'ISAKMP Certificate RequestPayload'.'next payload type' in 'reply packet' Sep 21 07:34:12.031194: | emitting 175 raw bytes of CA into ISAKMP Certificate RequestPayload Sep 21 07:34:12.031197: | CA 30 81 ac 31 0b 30 09 06 03 55 04 06 13 02 43 41 Sep 21 07:34:12.031199: | CA 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 Sep 21 07:34:12.031202: | CA 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 Sep 21 07:34:12.031204: | CA 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c Sep 21 07:34:12.031207: | CA 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 Sep 21 07:34:12.031209: | CA 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 Sep 21 07:34:12.031212: | CA 6e 74 31 25 30 23 06 03 55 04 03 0c 1c 4c 69 62 Sep 21 07:34:12.031214: | CA 72 65 73 77 61 6e 20 74 65 73 74 20 43 41 20 66 Sep 21 07:34:12.031217: | CA 6f 72 20 6d 61 69 6e 63 61 31 24 30 22 06 09 2a Sep 21 07:34:12.031220: | CA 86 48 86 f7 0d 01 09 01 16 15 74 65 73 74 69 6e Sep 21 07:34:12.031222: | CA 67 40 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 Sep 21 07:34:12.031225: | emitting length of ISAKMP Certificate RequestPayload: 180 Sep 21 07:34:12.031227: | sending NAT-D payloads Sep 21 07:34:12.031238: | natd_hash: hasher=0x55bbb6680c40(32) Sep 21 07:34:12.031241: | natd_hash: icookie= 83 26 94 dc 76 34 ec a4 Sep 21 07:34:12.031243: | natd_hash: rcookie= 7f 9b 03 f4 eb 6f 2e 92 Sep 21 07:34:12.031246: | natd_hash: ip= c0 01 03 21 Sep 21 07:34:12.031248: | natd_hash: port= 01 f4 Sep 21 07:34:12.031251: | natd_hash: hash= 28 bd 53 be 95 71 a8 4f 4f a8 8c 69 f7 39 31 ee Sep 21 07:34:12.031253: | natd_hash: hash= 45 9a fb 8a 55 1c e7 2d e2 c4 3f e6 87 55 5e ff Sep 21 07:34:12.031256: | ***emit ISAKMP NAT-D Payload: Sep 21 07:34:12.031260: | next payload type: ISAKMP_NEXT_NATD_RFC (0x14) Sep 21 07:34:12.031263: | next payload chain: ignoring supplied 'ISAKMP NAT-D Payload'.'next payload type' value 20:ISAKMP_NEXT_NATD_RFC Sep 21 07:34:12.031266: | next payload chain: setting previous 'ISAKMP Certificate RequestPayload'.'next payload type' to current ISAKMP NAT-D Payload (20:ISAKMP_NEXT_NATD_RFC) Sep 21 07:34:12.031269: | next payload chain: saving location 'ISAKMP NAT-D Payload'.'next payload type' in 'reply packet' Sep 21 07:34:12.031272: | emitting 32 raw bytes of NAT-D into ISAKMP NAT-D Payload Sep 21 07:34:12.031275: | NAT-D 28 bd 53 be 95 71 a8 4f 4f a8 8c 69 f7 39 31 ee Sep 21 07:34:12.031277: | NAT-D 45 9a fb 8a 55 1c e7 2d e2 c4 3f e6 87 55 5e ff Sep 21 07:34:12.031280: | emitting length of ISAKMP NAT-D Payload: 36 Sep 21 07:34:12.031288: | natd_hash: hasher=0x55bbb6680c40(32) Sep 21 07:34:12.031291: | natd_hash: icookie= 83 26 94 dc 76 34 ec a4 Sep 21 07:34:12.031294: | natd_hash: rcookie= 7f 9b 03 f4 eb 6f 2e 92 Sep 21 07:34:12.031296: | natd_hash: ip= c0 01 02 17 Sep 21 07:34:12.031298: | natd_hash: port= 01 f4 Sep 21 07:34:12.031301: | natd_hash: hash= c2 95 d3 e9 aa 7e 5a ce 92 c2 58 83 d6 80 7c fb Sep 21 07:34:12.031304: | natd_hash: hash= 2d 14 ed 0b 49 52 23 ea 94 99 f6 b3 62 c9 a2 4b Sep 21 07:34:12.031306: | ***emit ISAKMP NAT-D Payload: Sep 21 07:34:12.031309: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:12.031313: | next payload chain: setting previous 'ISAKMP NAT-D Payload'.'next payload type' to current ISAKMP NAT-D Payload (20:ISAKMP_NEXT_NATD_RFC) Sep 21 07:34:12.031315: | next payload chain: saving location 'ISAKMP NAT-D Payload'.'next payload type' in 'reply packet' Sep 21 07:34:12.031318: | emitting 32 raw bytes of NAT-D into ISAKMP NAT-D Payload Sep 21 07:34:12.031321: | NAT-D c2 95 d3 e9 aa 7e 5a ce 92 c2 58 83 d6 80 7c fb Sep 21 07:34:12.031323: | NAT-D 2d 14 ed 0b 49 52 23 ea 94 99 f6 b3 62 c9 a2 4b Sep 21 07:34:12.031328: | emitting length of ISAKMP NAT-D Payload: 36 Sep 21 07:34:12.031331: | no IKEv1 message padding required Sep 21 07:34:12.031333: | emitting length of ISAKMP Message: 576 Sep 21 07:34:12.031336: | main inI2_outR2: starting async DH calculation (group=14) Sep 21 07:34:12.031352: | started looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org of kind PKK_PSK Sep 21 07:34:12.031362: | actually looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org of kind PKK_PSK Sep 21 07:34:12.031372: | line 0: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org) to type PKK_RSA Sep 21 07:34:12.031381: | line 1: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org) to type PKK_RSA Sep 21 07:34:12.031385: | concluding with best_match=000 best=(nil) (lineno=-1) Sep 21 07:34:12.031388: | no PreShared Key Found Sep 21 07:34:12.031391: | adding main_inI2_outR2_tail work-order 6 for state #3 Sep 21 07:34:12.031394: | state #3 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:34:12.031398: | libevent_free: release ptr-libevent@0x7f927c003590 Sep 21 07:34:12.031401: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f92880041c0 Sep 21 07:34:12.031404: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f92880041c0 Sep 21 07:34:12.031408: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #3 Sep 21 07:34:12.031411: | libevent_malloc: new ptr-libevent@0x7f927c003590 size 128 Sep 21 07:34:12.031419: | #3 main_inI2_outR2_continue1_tail:1158 st->st_calculating = FALSE; Sep 21 07:34:12.031422: | complete v1 state transition with STF_OK Sep 21 07:34:12.031428: | [RE]START processing: state #3 connection "northnet-eastnet-b" from 192.1.3.33:500 (in complete_v1_state_transition() at ikev1.c:2649) Sep 21 07:34:12.031430: | #3 is idle; has background offloaded task Sep 21 07:34:12.031433: | doing_xauth:no, t_xauth_client_done:no Sep 21 07:34:12.031436: | IKEv1: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2 Sep 21 07:34:12.031439: | parent state #3: MAIN_R1(open IKE SA) => MAIN_R2(open IKE SA) Sep 21 07:34:12.031442: | event_already_set, deleting event Sep 21 07:34:12.031445: | state #3 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:34:12.031447: | libevent_free: release ptr-libevent@0x7f927c003590 Sep 21 07:34:12.031450: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f92880041c0 Sep 21 07:34:12.031456: | sending reply packet to 192.1.3.33:500 (from 192.1.2.23:500) Sep 21 07:34:12.031455: | crypto helper 3 resuming Sep 21 07:34:12.031466: | sending 576 bytes for STATE_MAIN_R1 through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #3) Sep 21 07:34:12.031477: | 83 26 94 dc 76 34 ec a4 7f 9b 03 f4 eb 6f 2e 92 Sep 21 07:34:12.031481: | 04 10 02 00 00 00 00 00 00 00 02 40 0a 00 01 04 Sep 21 07:34:12.031485: | 46 75 31 9a d4 b1 60 c4 3f 41 c3 01 e7 64 ac ef Sep 21 07:34:12.031489: | dd b0 94 14 a1 ed 61 ed 04 5c e7 97 1e 1b fd 5e Sep 21 07:34:12.031493: | 62 8f 7c 37 ee 2a fe 0a a8 96 cb 70 29 78 28 ea Sep 21 07:34:12.031472: | crypto helper 3 starting work-order 6 for state #3 Sep 21 07:34:12.031497: | 17 30 aa e1 9c ef b5 e8 b7 c8 22 a4 85 75 4d 3a Sep 21 07:34:12.031503: | crypto helper 3 doing compute dh+iv (V1 Phase 1) (main_inI2_outR2_tail); request ID 6 Sep 21 07:34:12.031509: | 09 bd 19 d8 c2 41 ef bf c2 78 7f 9c 2a d4 0d 3e Sep 21 07:34:12.031516: | c8 75 74 88 ca 1d 7e 09 c6 69 c0 d3 1a 22 a7 f9 Sep 21 07:34:12.031519: | b2 62 f3 e5 4c 1e 52 1f 97 a6 ce 8c e8 2f 16 6a Sep 21 07:34:12.031523: | c1 18 fa b2 7d c7 ee 3b 21 af c4 19 b3 c2 35 aa Sep 21 07:34:12.031526: | 34 47 4f 2b da 34 20 68 27 69 51 bf e0 a6 88 12 Sep 21 07:34:12.031528: | a3 51 95 27 56 3e 54 89 23 d4 0a 29 87 ba 6b 5a Sep 21 07:34:12.031530: | c0 1a 59 1e 04 82 ec ef e3 9d bf cd a2 ef 73 8e Sep 21 07:34:12.031533: | d1 16 8d b2 54 3b 4a c2 16 23 48 37 09 34 9f 2b Sep 21 07:34:12.031535: | 77 aa 28 f0 d1 6f b5 9c 35 67 bc 25 54 42 62 80 Sep 21 07:34:12.031537: | 6b 36 68 88 80 c4 ea 4d ce a4 0b 39 bb 0a 03 9c Sep 21 07:34:12.031540: | 98 d5 6f b4 bf 92 9c 51 5a e2 8e 70 3b c2 c5 34 Sep 21 07:34:12.031542: | 62 6a 89 4a 51 64 0f 82 95 21 f2 b5 0d a1 38 a1 Sep 21 07:34:12.031544: | 07 00 00 24 39 df ff 87 6a e3 3b 31 82 46 53 ee Sep 21 07:34:12.031547: | 4a 1d 48 4c b8 06 05 d3 bf 69 f6 6f ab 50 c0 1e Sep 21 07:34:12.031549: | 16 8d 6f 3b 14 00 00 b4 04 30 81 ac 31 0b 30 09 Sep 21 07:34:12.031551: | 06 03 55 04 06 13 02 43 41 31 10 30 0e 06 03 55 Sep 21 07:34:12.031554: | 04 08 0c 07 4f 6e 74 61 72 69 6f 31 10 30 0e 06 Sep 21 07:34:12.031556: | 03 55 04 07 0c 07 54 6f 72 6f 6e 74 6f 31 12 30 Sep 21 07:34:12.031559: | 10 06 03 55 04 0a 0c 09 4c 69 62 72 65 73 77 61 Sep 21 07:34:12.031561: | 6e 31 18 30 16 06 03 55 04 0b 0c 0f 54 65 73 74 Sep 21 07:34:12.031563: | 20 44 65 70 61 72 74 6d 65 6e 74 31 25 30 23 06 Sep 21 07:34:12.031566: | 03 55 04 03 0c 1c 4c 69 62 72 65 73 77 61 6e 20 Sep 21 07:34:12.031568: | 74 65 73 74 20 43 41 20 66 6f 72 20 6d 61 69 6e Sep 21 07:34:12.031570: | 63 61 31 24 30 22 06 09 2a 86 48 86 f7 0d 01 09 Sep 21 07:34:12.031573: | 01 16 15 74 65 73 74 69 6e 67 40 6c 69 62 72 65 Sep 21 07:34:12.031575: | 73 77 61 6e 2e 6f 72 67 14 00 00 24 28 bd 53 be Sep 21 07:34:12.031578: | 95 71 a8 4f 4f a8 8c 69 f7 39 31 ee 45 9a fb 8a Sep 21 07:34:12.031580: | 55 1c e7 2d e2 c4 3f e6 87 55 5e ff 00 00 00 24 Sep 21 07:34:12.031583: | c2 95 d3 e9 aa 7e 5a ce 92 c2 58 83 d6 80 7c fb Sep 21 07:34:12.031585: | 2d 14 ed 0b 49 52 23 ea 94 99 f6 b3 62 c9 a2 4b Sep 21 07:34:12.031609: | !event_already_set at reschedule Sep 21 07:34:12.031614: | event_schedule: new EVENT_RETRANSMIT-pe@0x7f92880041c0 Sep 21 07:34:12.031618: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #3 Sep 21 07:34:12.031621: | libevent_malloc: new ptr-libevent@0x7f927c003590 size 128 Sep 21 07:34:12.031626: | #3 STATE_MAIN_R2: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 49898.399878 Sep 21 07:34:12.031630: "northnet-eastnet-b" #3: STATE_MAIN_R2: sent MR2, expecting MI3 Sep 21 07:34:12.031632: | modecfg pull: noquirk policy:push not-client Sep 21 07:34:12.031635: | phase 1 is done, looking for phase 2 to unpend Sep 21 07:34:12.031638: | resume sending helper answer for #3 suppresed complete_v1_state_transition() Sep 21 07:34:12.031644: | #3 spent 0.582 milliseconds in resume sending helper answer Sep 21 07:34:12.031650: | stop processing: state #3 connection "northnet-eastnet-b" from 192.1.3.33:500 (in resume_handler() at server.c:833) Sep 21 07:34:12.031653: | libevent_free: release ptr-libevent@0x7f9280006900 Sep 21 07:34:12.032388: | crypto helper 3 finished compute dh+iv (V1 Phase 1) (main_inI2_outR2_tail); request ID 6 time elapsed 0.000884 seconds Sep 21 07:34:12.032398: | (#3) spent 0.888 milliseconds in crypto helper computing work-order 6: main_inI2_outR2_tail (pcr) Sep 21 07:34:12.032400: | crypto helper 3 sending results from work-order 6 for state #3 to event queue Sep 21 07:34:12.032402: | scheduling resume sending helper answer for #3 Sep 21 07:34:12.032405: | libevent_malloc: new ptr-libevent@0x7f927400d1b0 size 128 Sep 21 07:34:12.032410: | crypto helper 3 waiting (nothing to do) Sep 21 07:34:12.032418: | processing resume sending helper answer for #3 Sep 21 07:34:12.032426: | start processing: state #3 connection "northnet-eastnet-b" from 192.1.3.33:500 (in resume_handler() at server.c:797) Sep 21 07:34:12.032432: | crypto helper 3 replies to request ID 6 Sep 21 07:34:12.032435: | calling continuation function 0x55bbb65aa630 Sep 21 07:34:12.032438: | main_inI2_outR2_calcdone for #3: calculate DH finished Sep 21 07:34:12.032443: | [RE]START processing: state #3 connection "northnet-eastnet-b" from 192.1.3.33:500 (in main_inI2_outR2_continue2() at ikev1_main.c:1008) Sep 21 07:34:12.032448: | stop processing: state #3 connection "northnet-eastnet-b" from 192.1.3.33:500 (in main_inI2_outR2_continue2() at ikev1_main.c:1021) Sep 21 07:34:12.032452: | resume sending helper answer for #3 suppresed complete_v1_state_transition() Sep 21 07:34:12.032457: | #3 spent 0.0237 milliseconds in resume sending helper answer Sep 21 07:34:12.032460: | processing: STOP state #0 (in resume_handler() at server.c:833) Sep 21 07:34:12.032463: | libevent_free: release ptr-libevent@0x7f927400d1b0 Sep 21 07:34:12.039179: | spent 0.00221 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:34:12.039197: | *received 2028 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) Sep 21 07:34:12.039201: | 83 26 94 dc 76 34 ec a4 7f 9b 03 f4 eb 6f 2e 92 Sep 21 07:34:12.039204: | 05 10 02 01 00 00 00 00 00 00 07 ec bc 07 fc 1c Sep 21 07:34:12.039206: | 6f 5c 8c 56 d3 29 08 f1 cb 1f b0 78 3c b4 3c 67 Sep 21 07:34:12.039208: | 3a b5 48 0d bb 84 89 e9 11 fe bf da 0e 00 de bc Sep 21 07:34:12.039211: | f1 45 0d 37 d9 29 85 00 70 6d fd 1a 7d 56 8d 5e Sep 21 07:34:12.039213: | b9 db c0 a4 34 6a 99 8b 60 0d d2 0e 23 17 1f 87 Sep 21 07:34:12.039216: | e6 33 55 f7 20 c9 87 1c 10 63 4e 71 fa 11 9e 73 Sep 21 07:34:12.039218: | aa 38 85 57 2c b5 12 f8 bb 79 2a 99 85 b2 1e c0 Sep 21 07:34:12.039220: | 44 5b ad bb 72 c1 49 76 af 5a 11 59 9a b8 82 ea Sep 21 07:34:12.039223: | cd 1a a2 27 03 9f 16 a6 c3 89 1e 1c 86 db 14 29 Sep 21 07:34:12.039225: | 2a 6a 07 8a 2e 5f 9f e8 89 a0 3c 4d 37 b4 03 8e Sep 21 07:34:12.039227: | 31 f8 ca 3a 6e 5d ed d0 9f 0c c3 61 82 59 d4 17 Sep 21 07:34:12.039230: | 07 52 f4 63 45 f5 55 ff 72 bd 36 7c 4d 48 49 e8 Sep 21 07:34:12.039232: | 21 5a 35 05 0a ec da bb ce 2b 4f ee a4 6b 3c e1 Sep 21 07:34:12.039234: | c4 8f 58 e0 bf 03 53 82 d8 88 6b 0b b3 0c 63 12 Sep 21 07:34:12.039237: | 6e 2c 1f be 5b 69 19 67 3c 0c b6 86 cf 11 4f e0 Sep 21 07:34:12.039239: | da b3 97 d6 c4 fb 2c 8e c6 89 01 18 84 b9 a7 4f Sep 21 07:34:12.039241: | 9f dd ad dd 40 cf 85 f6 e4 f7 4f 74 55 02 6a bf Sep 21 07:34:12.039244: | 85 49 40 34 b5 d9 c2 7b 27 d5 ee 01 a0 dc 13 be Sep 21 07:34:12.039246: | 7e 1a 2d 36 af 63 95 09 9f 95 3f aa 18 74 ef c2 Sep 21 07:34:12.039248: | 9c cd 9c 2a df 70 42 e3 22 23 e8 7f 0d 55 50 90 Sep 21 07:34:12.039251: | 17 d2 72 c8 7e b0 28 da 54 da 49 4f 7c b7 6f 54 Sep 21 07:34:12.039253: | 8b 32 5c 1b cb 43 ed 10 f1 67 88 39 1c 1d 43 5e Sep 21 07:34:12.039255: | 5e ba 46 85 b0 c7 3b 0a e6 8c 69 eb 8f e2 ee f1 Sep 21 07:34:12.039258: | 61 8d 24 c1 7a 5c ca ac 40 d4 2d cc 86 8c bb 8d Sep 21 07:34:12.039260: | eb 19 f9 65 df 5e 55 24 93 31 d3 b8 13 3a df 6e Sep 21 07:34:12.039262: | c6 c0 ba 8c b4 a7 bc 7e 2b ac 5a 7b ac 18 99 e6 Sep 21 07:34:12.039265: | 38 2f 21 df 73 e1 36 56 5d f2 02 38 28 ae ec 9c Sep 21 07:34:12.039267: | 26 23 02 95 99 c9 7f 35 fa 84 ca d5 57 e9 d7 31 Sep 21 07:34:12.039270: | 92 ff a8 ec eb 34 2c 02 02 a4 a0 05 f3 71 64 5c Sep 21 07:34:12.039272: | 4a 90 65 82 22 7d f3 e1 37 b8 8e 9b e5 5f 49 9a Sep 21 07:34:12.039274: | a8 78 14 d9 09 ca d0 75 59 2a 4b 67 5a 6c 8c 5d Sep 21 07:34:12.039277: | d8 47 a3 72 4d 57 b6 ac d9 3c 9b 9e 60 d7 43 75 Sep 21 07:34:12.039279: | 7a cf 90 4e e9 6d 84 5a cb a5 b9 94 a8 1b 16 ee Sep 21 07:34:12.039281: | 48 ad b4 c4 0d 8c ef a2 ac 93 be 9e 92 08 b9 b4 Sep 21 07:34:12.039284: | 16 89 d9 9e 5d b9 7b 50 8c a8 96 11 17 97 97 d8 Sep 21 07:34:12.039286: | 47 ec 83 e1 50 64 12 be 3c d9 89 12 b3 d5 f9 e1 Sep 21 07:34:12.039289: | 01 a2 dd d4 7b 15 1b c8 4b 40 4b 8f b1 63 5e dd Sep 21 07:34:12.039293: | 82 3b bf 9a 69 5c 32 e4 eb e7 a8 76 73 bc 13 99 Sep 21 07:34:12.039296: | bb 28 dd 46 70 79 c6 d6 f8 a8 f1 e5 ab 93 3c a5 Sep 21 07:34:12.039298: | ca 16 9b 1e 58 df a1 f0 c4 9d 58 a8 ba c2 04 29 Sep 21 07:34:12.039300: | 2c ac 4f 72 05 02 0b c3 7a 7b 3d 14 01 2e 6c 2a Sep 21 07:34:12.039303: | da 08 ce 4d ed e0 1b 00 90 f0 48 e5 b8 be fd bd Sep 21 07:34:12.039305: | d6 66 ed 50 cc a2 86 ff 4e 93 64 00 b3 11 a3 c5 Sep 21 07:34:12.039308: | 63 22 b6 20 0d 8c 41 5e 50 34 cf 2b be 41 eb c5 Sep 21 07:34:12.039310: | e5 32 b0 9e 20 54 90 f4 52 12 87 be 47 37 c9 8d Sep 21 07:34:12.039312: | 79 1b d1 fb cd bc 90 95 49 40 0f c4 11 57 1b 08 Sep 21 07:34:12.039315: | 3b 1d c7 1f f2 98 52 1a 26 81 0b 9d 53 08 ba cf Sep 21 07:34:12.039317: | ef 30 94 b5 a0 0b 28 ac ab 94 98 b3 01 cd c7 89 Sep 21 07:34:12.039319: | 57 b3 98 55 01 c7 4d 89 27 17 59 f2 8e d2 80 9e Sep 21 07:34:12.039322: | e7 5f 0b b2 80 be 2a 67 99 d9 12 d0 93 65 4e 04 Sep 21 07:34:12.039324: | 60 4f 00 e0 b8 4e bc 41 ea 62 1b e4 5c fb 9c c4 Sep 21 07:34:12.039327: | ee 44 74 4f cb a2 ea 3b 57 25 f4 25 3c ce dc 5e Sep 21 07:34:12.039329: | 97 cf 13 06 a0 af 04 4d 2c e0 79 77 a7 02 be fe Sep 21 07:34:12.039331: | 47 ba 9e 06 28 9b 01 bf f5 21 bc 9f 34 86 07 bc Sep 21 07:34:12.039334: | 04 ef e3 b2 09 e8 6e d0 f6 3b c1 c1 2b 5b b5 2e Sep 21 07:34:12.039336: | db cc c9 42 9b 9c c4 63 5e fd 5d 2f 93 69 e1 c2 Sep 21 07:34:12.039338: | 9d 6d 57 24 fe 25 77 a2 83 e5 e4 d3 11 2b 17 53 Sep 21 07:34:12.039341: | c0 51 ab 3c 0b e0 03 c2 3e 2d c4 f2 76 e1 01 3e Sep 21 07:34:12.039343: | 97 c2 3a 7f 5d db 39 c2 be fa ee 1c fb a5 e8 c2 Sep 21 07:34:12.039345: | 9b ea 24 c7 07 26 33 c3 87 59 e2 81 9c 92 f5 9b Sep 21 07:34:12.039348: | 3f 7e 2e f0 3e 4b 51 63 d8 fa 90 21 07 75 58 3c Sep 21 07:34:12.039350: | b9 e5 b7 1b 81 5c 71 ba 05 66 eb 4a 7e c3 c6 8c Sep 21 07:34:12.039352: | e8 a8 0a 1b 5e 47 57 0d 61 8b 3f 1f ca a9 4d 59 Sep 21 07:34:12.039355: | 1c ac 81 08 bd 07 19 87 e9 32 da f9 2a 3a 3d ce Sep 21 07:34:12.039357: | 50 17 90 b6 ac 80 0c a7 e6 a2 19 e9 2a 79 3e bc Sep 21 07:34:12.039359: | e8 08 b4 9d 77 5b b2 98 a6 82 49 d4 49 6b 22 e9 Sep 21 07:34:12.039362: | 05 dd 4b 3c 1e c9 b5 b3 ed 42 d3 95 c9 a9 78 e8 Sep 21 07:34:12.039364: | 49 a7 6c 05 28 89 6b d1 af ed b6 9b a1 7d 94 0d Sep 21 07:34:12.039367: | 04 3a 13 13 ae 55 38 ca f4 1d d2 6e ca e4 d0 07 Sep 21 07:34:12.039369: | 93 9f 08 1a 38 c6 70 e7 41 aa d6 54 07 77 24 4b Sep 21 07:34:12.039371: | 94 23 32 dd 06 89 88 1c 4a 93 86 cb 09 52 bc 86 Sep 21 07:34:12.039374: | ba a8 b4 f4 f1 3b a1 65 27 d2 a6 3b d2 b3 a3 b7 Sep 21 07:34:12.039376: | a5 c4 41 c8 a3 eb 1e 36 22 14 d1 db 4c cf 57 36 Sep 21 07:34:12.039378: | 85 93 be 26 ba 8e 0a 20 48 c9 df 50 47 d5 2c e4 Sep 21 07:34:12.039381: | 09 41 04 a1 db 3c c3 cc b7 0e a5 e6 b6 5d fa 10 Sep 21 07:34:12.039383: | cc ae f8 55 11 56 7b 1b 41 fa 44 da 1c 38 3e 82 Sep 21 07:34:12.039385: | 12 aa 67 18 57 27 8f 47 35 04 dd a2 3e c6 e7 72 Sep 21 07:34:12.039388: | 48 da e3 5e e9 0d f7 b3 55 bf 89 94 ea 0c af 67 Sep 21 07:34:12.039390: | 7e 50 60 b6 81 23 65 8a 22 6f 75 2d a7 e3 1b 98 Sep 21 07:34:12.039392: | de 5b f1 c7 81 38 ce 15 68 7c 20 0c 25 13 cc 6a Sep 21 07:34:12.039395: | c8 d3 ac 33 dc f9 20 19 5b b8 66 37 b6 3f c2 d5 Sep 21 07:34:12.039397: | 05 b0 dd 44 27 cf e9 db 21 97 41 4b f3 a0 68 cd Sep 21 07:34:12.039399: | 9b 88 cf 28 71 b2 4e e7 41 04 21 d8 c5 c5 82 21 Sep 21 07:34:12.039402: | b3 bc 5f 21 0a ee 4b 67 02 ef b7 8a 56 c2 c9 de Sep 21 07:34:12.039404: | fb 11 95 a3 6b 25 fd a1 05 c2 68 e9 02 74 09 c0 Sep 21 07:34:12.039406: | 07 eb 6f cc 85 1e d3 bb a1 42 49 64 43 59 95 a2 Sep 21 07:34:12.039409: | 76 3b ab ff c1 d1 02 d1 23 ae 04 65 b8 9f ce 8e Sep 21 07:34:12.039411: | 74 f7 93 d3 20 19 8d d6 04 af 8b 76 a5 24 00 a4 Sep 21 07:34:12.039413: | a5 6e 51 a8 c1 df 24 24 34 8e 99 97 22 82 1a 72 Sep 21 07:34:12.039417: | b4 96 75 ba 11 3b 7c 1c e9 6c 47 c9 1a 13 4c e8 Sep 21 07:34:12.039419: | a1 aa 91 f1 cc 5c 6d 66 f6 e0 3b e5 48 11 68 2f Sep 21 07:34:12.039422: | 62 1e 71 ba 7b 6f 82 e7 b8 cb 29 c7 9b f4 63 f3 Sep 21 07:34:12.039424: | 34 ee 51 2a 02 3f 9c fd a7 34 4a c6 f5 3f c2 7d Sep 21 07:34:12.039426: | cf a4 63 a8 5b 4d e0 a2 51 67 ba f7 1c 34 c8 5a Sep 21 07:34:12.039429: | 3d 00 52 d2 39 0d ad 49 e1 52 2f 75 25 ec 13 63 Sep 21 07:34:12.039431: | 75 cb b0 07 1a 1e 48 ee 7d 35 3d 75 98 fc 38 0f Sep 21 07:34:12.039433: | 92 fb 74 50 71 b6 ea 5d cb 38 08 09 33 37 b8 ed Sep 21 07:34:12.039436: | 37 86 3b 3f 1b af 69 72 74 5c 7e 64 f3 1a 36 4a Sep 21 07:34:12.039438: | df e5 42 1e 62 f6 54 1f d1 a3 a1 b1 8c 9a e6 58 Sep 21 07:34:12.039440: | 43 ac 1f 29 32 5b e7 75 37 67 c2 1d 69 7a a3 0c Sep 21 07:34:12.039443: | 37 42 01 65 d6 b3 ca 0d 43 19 09 99 3f 50 b5 83 Sep 21 07:34:12.039445: | 54 cf 4e d7 bc 4f 34 fd 54 29 4a 74 49 27 88 ce Sep 21 07:34:12.039447: | d0 33 3e a0 d7 d4 b5 cd 53 e0 88 23 cd ec 34 3f Sep 21 07:34:12.039450: | 70 79 39 45 5a 00 bc c1 93 7f 79 5f 20 16 a1 7c Sep 21 07:34:12.039452: | b6 cc 84 20 ea ad 56 45 cd 74 bd 88 e5 48 30 4a Sep 21 07:34:12.039455: | a1 3e 28 f1 0e f3 14 3d c8 c9 ad 8e 0f 2c 7b 16 Sep 21 07:34:12.039457: | 12 93 f9 0b e7 2e ac 68 2f 30 26 08 27 18 74 75 Sep 21 07:34:12.039459: | 8d bb 4d 1e d4 1c 57 6b 59 46 2e 7e 55 92 5d 2e Sep 21 07:34:12.039462: | 2e 00 68 bd 80 5f 74 a1 b0 f8 34 a6 24 84 1f 94 Sep 21 07:34:12.039464: | d1 81 b7 81 7c f5 99 be b3 b5 07 f5 cf 1c 2b 5c Sep 21 07:34:12.039466: | 46 b9 5d 2d 88 23 8d c9 08 e2 46 2b bf 29 c2 6c Sep 21 07:34:12.039469: | 96 f2 e4 d5 89 e9 37 e2 30 59 85 ba e4 7a 6e a0 Sep 21 07:34:12.039471: | 12 96 17 a8 e7 16 4b 8c 56 ac 95 f2 7d 65 26 a0 Sep 21 07:34:12.039473: | 1f e7 ca a3 03 25 b3 ca 3a dd d3 32 1f 27 fa 5a Sep 21 07:34:12.039476: | 8b 71 e9 9d 79 05 89 7d e1 cd 37 0b d3 25 68 c1 Sep 21 07:34:12.039478: | 00 db 66 af 56 eb 2a 79 74 de 97 a4 ef 11 f6 c8 Sep 21 07:34:12.039480: | fe 71 8d f6 84 e0 ab 41 81 79 8c 00 65 6d 8a e0 Sep 21 07:34:12.039483: | fe 49 79 9b d8 e6 88 f5 8b 99 18 df 6f 0b 0d a2 Sep 21 07:34:12.039485: | 85 30 15 f0 06 89 e4 55 24 49 bb 37 69 79 4a be Sep 21 07:34:12.039487: | e8 a1 56 6f b6 12 6a aa 4c 96 71 8c cb aa 94 75 Sep 21 07:34:12.039490: | 84 cc f6 4e a2 8d 04 58 eb 9c bf 7e c0 6a 8e 5a Sep 21 07:34:12.039492: | 8c 74 9d 70 fa 24 f0 f4 c0 bd 65 bb 7e c4 67 26 Sep 21 07:34:12.039494: | 47 5b f4 f6 26 36 18 17 7b 6a 9a f3 4a 99 26 76 Sep 21 07:34:12.039497: | f7 e9 8c f3 c6 0d d8 3e bc 97 7f 9b 41 d3 78 37 Sep 21 07:34:12.039499: | 70 e3 eb b8 95 cd cb 1d c6 11 88 fb 90 0e e0 d0 Sep 21 07:34:12.039501: | 5a 05 89 2b cf 3a f7 9d 87 a8 82 d9 Sep 21 07:34:12.039506: | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) Sep 21 07:34:12.039509: | **parse ISAKMP Message: Sep 21 07:34:12.039511: | initiator cookie: Sep 21 07:34:12.039514: | 83 26 94 dc 76 34 ec a4 Sep 21 07:34:12.039516: | responder cookie: Sep 21 07:34:12.039518: | 7f 9b 03 f4 eb 6f 2e 92 Sep 21 07:34:12.039521: | next payload type: ISAKMP_NEXT_ID (0x5) Sep 21 07:34:12.039524: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:34:12.039526: | exchange type: ISAKMP_XCHG_IDPROT (0x2) Sep 21 07:34:12.039529: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Sep 21 07:34:12.039532: | Message ID: 0 (0x0) Sep 21 07:34:12.039534: | length: 2028 (0x7ec) Sep 21 07:34:12.039537: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) Sep 21 07:34:12.039541: | State DB: found IKEv1 state #3 in MAIN_R2 (find_state_ikev1) Sep 21 07:34:12.039546: | start processing: state #3 connection "northnet-eastnet-b" from 192.1.3.33:500 (in process_v1_packet() at ikev1.c:1435) Sep 21 07:34:12.039548: | #3 is idle Sep 21 07:34:12.039551: | #3 idle Sep 21 07:34:12.039558: | received encrypted packet from 192.1.3.33:500 Sep 21 07:34:12.039572: | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x220 opt: 0x20c0 Sep 21 07:34:12.039575: | ***parse ISAKMP Identification Payload: Sep 21 07:34:12.039578: | next payload type: ISAKMP_NEXT_CERT (0x6) Sep 21 07:34:12.039580: | length: 193 (0xc1) Sep 21 07:34:12.039583: | ID type: ID_DER_ASN1_DN (0x9) Sep 21 07:34:12.039585: | DOI specific A: 0 (0x0) Sep 21 07:34:12.039587: | DOI specific B: 0 (0x0) Sep 21 07:34:12.039590: | obj: 30 81 b6 31 0b 30 09 06 03 55 04 06 13 02 43 41 Sep 21 07:34:12.039592: | obj: 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 Sep 21 07:34:12.039595: | obj: 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 Sep 21 07:34:12.039597: | obj: 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c Sep 21 07:34:12.039600: | obj: 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 Sep 21 07:34:12.039602: | obj: 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 Sep 21 07:34:12.039605: | obj: 6e 74 31 24 30 22 06 03 55 04 03 0c 1b 6e 6f 72 Sep 21 07:34:12.039607: | obj: 74 68 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 Sep 21 07:34:12.039609: | obj: 73 77 61 6e 2e 6f 72 67 31 2f 30 2d 06 09 2a 86 Sep 21 07:34:12.039612: | obj: 48 86 f7 0d 01 09 01 16 20 75 73 65 72 2d 6e 6f Sep 21 07:34:12.039614: | obj: 72 74 68 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 Sep 21 07:34:12.039616: | obj: 65 73 77 61 6e 2e 6f 72 67 Sep 21 07:34:12.039619: | got payload 0x40 (ISAKMP_NEXT_CERT) needed: 0x200 opt: 0x20c0 Sep 21 07:34:12.039622: | ***parse ISAKMP Certificate Payload: Sep 21 07:34:12.039624: | next payload type: ISAKMP_NEXT_CR (0x7) Sep 21 07:34:12.039627: | length: 1232 (0x4d0) Sep 21 07:34:12.039629: | cert encoding: CERT_X509_SIGNATURE (0x4) Sep 21 07:34:12.039632: | got payload 0x80 (ISAKMP_NEXT_CR) needed: 0x200 opt: 0x20c0 Sep 21 07:34:12.039635: | ***parse ISAKMP Certificate RequestPayload: Sep 21 07:34:12.039637: | next payload type: ISAKMP_NEXT_SIG (0x9) Sep 21 07:34:12.039640: | length: 180 (0xb4) Sep 21 07:34:12.039642: | cert type: CERT_X509_SIGNATURE (0x4) Sep 21 07:34:12.039645: | got payload 0x200 (ISAKMP_NEXT_SIG) needed: 0x200 opt: 0x20c0 Sep 21 07:34:12.039648: | ***parse ISAKMP Signature Payload: Sep 21 07:34:12.039650: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:12.039652: | length: 388 (0x184) Sep 21 07:34:12.039655: | removing 7 bytes of padding Sep 21 07:34:12.039658: | message 'main_inI3_outR3' HASH payload not checked early Sep 21 07:34:12.039662: | DER ASN1 DN: 30 81 b6 31 0b 30 09 06 03 55 04 06 13 02 43 41 Sep 21 07:34:12.039664: | DER ASN1 DN: 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 Sep 21 07:34:12.039666: | DER ASN1 DN: 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 Sep 21 07:34:12.039669: | DER ASN1 DN: 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c Sep 21 07:34:12.039671: | DER ASN1 DN: 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 Sep 21 07:34:12.039674: | DER ASN1 DN: 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 Sep 21 07:34:12.039676: | DER ASN1 DN: 6e 74 31 24 30 22 06 03 55 04 03 0c 1b 6e 6f 72 Sep 21 07:34:12.039678: | DER ASN1 DN: 74 68 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 Sep 21 07:34:12.039681: | DER ASN1 DN: 73 77 61 6e 2e 6f 72 67 31 2f 30 2d 06 09 2a 86 Sep 21 07:34:12.039683: | DER ASN1 DN: 48 86 f7 0d 01 09 01 16 20 75 73 65 72 2d 6e 6f Sep 21 07:34:12.039686: | DER ASN1 DN: 72 74 68 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 Sep 21 07:34:12.039688: | DER ASN1 DN: 65 73 77 61 6e 2e 6f 72 67 Sep 21 07:34:12.039698: "northnet-eastnet-b" #3: Peer ID is ID_DER_ASN1_DN: 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' Sep 21 07:34:12.039703: | global one-shot timer EVENT_FREE_ROOT_CERTS scheduled in 300 seconds Sep 21 07:34:12.039709: | #3 spent 0.0048 milliseconds in find_and_verify_certs() calling get_root_certs() Sep 21 07:34:12.039714: | checking for known CERT payloads Sep 21 07:34:12.039716: | saving certificate of type 'X509_SIGNATURE' Sep 21 07:34:12.039768: | decoded cert: E=user-north@testing.libreswan.org,CN=north.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA Sep 21 07:34:12.039775: | #3 spent 0.0594 milliseconds in find_and_verify_certs() calling decode_cert_payloads() Sep 21 07:34:12.039779: | cert_issuer_has_current_crl: looking for a CRL issued by E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA Sep 21 07:34:12.039887: | #3 spent 0.103 milliseconds in find_and_verify_certs() calling crl_update_check() Sep 21 07:34:12.039893: | missing or expired CRL Sep 21 07:34:12.039897: | crl_strict: 0, ocsp: 0, ocsp_strict: 0, ocsp_post: 0 Sep 21 07:34:12.039915: | verify_end_cert trying profile IPsec Sep 21 07:34:12.040060: | certificate is valid (profile IPsec) Sep 21 07:34:12.040068: | #3 spent 0.17 milliseconds in find_and_verify_certs() calling verify_end_cert() Sep 21 07:34:12.040073: "northnet-eastnet-b" #3: certificate verified OK: E=user-north@testing.libreswan.org,CN=north.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA Sep 21 07:34:12.040157: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55bbb7a6a070 Sep 21 07:34:12.040162: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x7f927400b380 Sep 21 07:34:12.040164: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55bbb7a69400 Sep 21 07:34:12.040294: | unreference key: 0x55bbb7a73eb0 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org cnt 1-- Sep 21 07:34:12.040302: | #3 spent 0.224 milliseconds in decode_certs() calling add_pubkey_from_nss_cert() Sep 21 07:34:12.040306: | #3 spent 0.6 milliseconds in decode_certs() Sep 21 07:34:12.040321: | ID_DER_ASN1_DN 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' needs further ID comparison against 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' Sep 21 07:34:12.040326: | ID_DER_ASN1_DN 'E=user-north@testing.libreswan.org,CN=north.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' matched our ID 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' Sep 21 07:34:12.040329: | SAN ID matched, updating that.cert Sep 21 07:34:12.040332: | X509: CERT and ID matches current connection Sep 21 07:34:12.040334: | CR 30 81 ac 31 0b 30 09 06 03 55 04 06 13 02 43 41 Sep 21 07:34:12.040337: | CR 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 Sep 21 07:34:12.040339: | CR 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 Sep 21 07:34:12.040341: | CR 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c Sep 21 07:34:12.040344: | CR 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 Sep 21 07:34:12.040346: | CR 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 Sep 21 07:34:12.040348: | CR 6e 74 31 25 30 23 06 03 55 04 03 0c 1c 4c 69 62 Sep 21 07:34:12.040351: | CR 72 65 73 77 61 6e 20 74 65 73 74 20 43 41 20 66 Sep 21 07:34:12.040353: | CR 6f 72 20 6d 61 69 6e 63 61 31 24 30 22 06 09 2a Sep 21 07:34:12.040355: | CR 86 48 86 f7 0d 01 09 01 16 15 74 65 73 74 69 6e Sep 21 07:34:12.040357: | CR 67 40 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 Sep 21 07:34:12.040366: | requested CA: 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:34:12.040369: | refine_host_connection for IKEv1: starting with "northnet-eastnet-b" Sep 21 07:34:12.040378: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:34:12.040386: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:34:12.040397: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:34:12.040405: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:34:12.040408: | refine_host_connection: happy with starting point: "northnet-eastnet-b" Sep 21 07:34:12.040410: | The remote did not specify an IDr and our current connection is good enough Sep 21 07:34:12.040418: | offered CA: 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:34:12.040460: | required RSA CA is 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:34:12.040502: | checking RSA keyid 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' for match with 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' Sep 21 07:34:12.040511: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:34:12.040519: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:34:12.040527: | RSA key issuer CA is 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:34:12.040693: | an RSA Sig check passed with *AwEAAbrCE [remote certificates] Sep 21 07:34:12.040700: | #3 spent 0.168 milliseconds in try_all_keys() trying a pubkey Sep 21 07:34:12.040704: "northnet-eastnet-b" #3: Authenticated using RSA Sep 21 07:34:12.040707: | thinking about whether to send my certificate: Sep 21 07:34:12.040710: | I have RSA key: OAKLEY_RSA_SIG cert.type: CERT_X509_SIGNATURE Sep 21 07:34:12.040713: | sendcert: CERT_ALWAYSSEND and I did not get a certificate request Sep 21 07:34:12.040715: | so send cert. Sep 21 07:34:12.040720: | **emit ISAKMP Message: Sep 21 07:34:12.040722: | initiator cookie: Sep 21 07:34:12.040724: | 83 26 94 dc 76 34 ec a4 Sep 21 07:34:12.040727: | responder cookie: Sep 21 07:34:12.040729: | 7f 9b 03 f4 eb 6f 2e 92 Sep 21 07:34:12.040732: | next payload type: ISAKMP_NEXT_ID (0x5) Sep 21 07:34:12.040734: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:34:12.040737: | exchange type: ISAKMP_XCHG_IDPROT (0x2) Sep 21 07:34:12.040739: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Sep 21 07:34:12.040742: | Message ID: 0 (0x0) Sep 21 07:34:12.040745: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:34:12.040748: | next payload chain: ignoring supplied 'ISAKMP Message'.'next payload type' value 5:ISAKMP_NEXT_ID Sep 21 07:34:12.040751: | ***emit ISAKMP Identification Payload (IPsec DOI): Sep 21 07:34:12.040754: | next payload type: ISAKMP_NEXT_CERT (0x6) Sep 21 07:34:12.040756: | ID type: ID_DER_ASN1_DN (0x9) Sep 21 07:34:12.040759: | Protocol ID: 0 (0x0) Sep 21 07:34:12.040761: | port: 0 (0x0) Sep 21 07:34:12.040764: | next payload chain: ignoring supplied 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' value 6:ISAKMP_NEXT_CERT Sep 21 07:34:12.040768: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) Sep 21 07:34:12.040770: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' Sep 21 07:34:12.040774: | emitting 183 raw bytes of my identity into ISAKMP Identification Payload (IPsec DOI) Sep 21 07:34:12.040778: | my identity 30 81 b4 31 0b 30 09 06 03 55 04 06 13 02 43 41 Sep 21 07:34:12.040781: | my identity 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 Sep 21 07:34:12.040786: | my identity 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 Sep 21 07:34:12.040791: | my identity 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c Sep 21 07:34:12.040793: | my identity 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 Sep 21 07:34:12.040795: | my identity 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 Sep 21 07:34:12.040797: | my identity 6e 74 31 23 30 21 06 03 55 04 03 0c 1a 65 61 73 Sep 21 07:34:12.040800: | my identity 74 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 Sep 21 07:34:12.040802: | my identity 77 61 6e 2e 6f 72 67 31 2e 30 2c 06 09 2a 86 48 Sep 21 07:34:12.040805: | my identity 86 f7 0d 01 09 01 16 1f 75 73 65 72 2d 65 61 73 Sep 21 07:34:12.040807: | my identity 74 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 Sep 21 07:34:12.040809: | my identity 77 61 6e 2e 6f 72 67 Sep 21 07:34:12.040812: | emitting length of ISAKMP Identification Payload (IPsec DOI): 191 Sep 21 07:34:12.040815: "northnet-eastnet-b" #3: I am sending my cert Sep 21 07:34:12.040830: | ***emit ISAKMP Certificate Payload: Sep 21 07:34:12.040833: | next payload type: ISAKMP_NEXT_SIG (0x9) Sep 21 07:34:12.040835: | cert encoding: CERT_X509_SIGNATURE (0x4) Sep 21 07:34:12.040838: | next payload chain: ignoring supplied 'ISAKMP Certificate Payload'.'next payload type' value 9:ISAKMP_NEXT_SIG Sep 21 07:34:12.040841: | next payload chain: setting previous 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' to current ISAKMP Certificate Payload (6:ISAKMP_NEXT_CERT) Sep 21 07:34:12.040844: | next payload chain: saving location 'ISAKMP Certificate Payload'.'next payload type' in 'reply packet' Sep 21 07:34:12.040847: | emitting 1260 raw bytes of CERT into ISAKMP Certificate Payload Sep 21 07:34:12.040849: | CERT 30 82 04 e8 30 82 04 51 a0 03 02 01 02 02 01 03 Sep 21 07:34:12.040852: | CERT 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 Sep 21 07:34:12.040854: | CERT 81 ac 31 0b 30 09 06 03 55 04 06 13 02 43 41 31 Sep 21 07:34:12.040856: | CERT 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 69 Sep 21 07:34:12.040858: | CERT 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 6f Sep 21 07:34:12.040861: | CERT 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c 69 Sep 21 07:34:12.040863: | CERT 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 0b Sep 21 07:34:12.040865: | CERT 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 6e Sep 21 07:34:12.040868: | CERT 74 31 25 30 23 06 03 55 04 03 0c 1c 4c 69 62 72 Sep 21 07:34:12.040870: | CERT 65 73 77 61 6e 20 74 65 73 74 20 43 41 20 66 6f Sep 21 07:34:12.040872: | CERT 72 20 6d 61 69 6e 63 61 31 24 30 22 06 09 2a 86 Sep 21 07:34:12.040874: | CERT 48 86 f7 0d 01 09 01 16 15 74 65 73 74 69 6e 67 Sep 21 07:34:12.040877: | CERT 40 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 30 22 Sep 21 07:34:12.040879: | CERT 18 0f 32 30 31 39 30 39 31 35 31 39 34 34 35 39 Sep 21 07:34:12.040881: | CERT 5a 18 0f 32 30 32 32 30 39 31 34 31 39 34 34 35 Sep 21 07:34:12.040883: | CERT 39 5a 30 81 b4 31 0b 30 09 06 03 55 04 06 13 02 Sep 21 07:34:12.040885: | CERT 43 41 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 Sep 21 07:34:12.040888: | CERT 61 72 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 Sep 21 07:34:12.040890: | CERT 6f 72 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c Sep 21 07:34:12.040892: | CERT 09 4c 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 Sep 21 07:34:12.040894: | CERT 55 04 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 Sep 21 07:34:12.040896: | CERT 6d 65 6e 74 31 23 30 21 06 03 55 04 03 0c 1a 65 Sep 21 07:34:12.040898: | CERT 61 73 74 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 Sep 21 07:34:12.040900: | CERT 65 73 77 61 6e 2e 6f 72 67 31 2e 30 2c 06 09 2a Sep 21 07:34:12.040903: | CERT 86 48 86 f7 0d 01 09 01 16 1f 75 73 65 72 2d 65 Sep 21 07:34:12.040905: | CERT 61 73 74 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 Sep 21 07:34:12.040909: | CERT 65 73 77 61 6e 2e 6f 72 67 30 82 01 a2 30 0d 06 Sep 21 07:34:12.040911: | CERT 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 8f Sep 21 07:34:12.040913: | CERT 00 30 82 01 8a 02 82 01 81 00 b0 0d 9e ca 2d 55 Sep 21 07:34:12.040915: | CERT 24 59 06 37 09 58 0d 06 ab 90 5e 98 7c 00 0b 66 Sep 21 07:34:12.040917: | CERT 73 f4 12 27 69 75 6e d4 8d 13 e9 c6 e9 4f c4 b1 Sep 21 07:34:12.040920: | CERT 19 1a 1a 4f e6 4e 06 da 29 ec cf 8d 4c c3 c3 57 Sep 21 07:34:12.040922: | CERT c0 24 57 83 7a 1b 7f 96 a3 21 66 67 52 68 8e 77 Sep 21 07:34:12.040924: | CERT b9 bb f6 9b d2 43 11 57 c9 d6 ca e2 39 73 93 ea Sep 21 07:34:12.040926: | CERT 99 99 f7 52 38 4d 58 69 7f a5 18 9b ff 66 72 6c Sep 21 07:34:12.040928: | CERT df 6d df 18 50 cf 10 98 a3 f5 f9 69 27 5b 3f bd Sep 21 07:34:12.040931: | CERT 0f 34 18 93 99 1a be 8a 46 84 37 69 71 7f a7 df Sep 21 07:34:12.040933: | CERT d0 9d b2 9d ad 80 0f d0 1a 40 cb ff 37 20 ac ac Sep 21 07:34:12.040935: | CERT 3d a9 8e 56 56 cf 25 c0 5e 55 52 86 5a c5 b4 ce Sep 21 07:34:12.040937: | CERT a8 dd 95 cf ab 38 91 f6 1f 9f 83 36 d5 3f 8c d3 Sep 21 07:34:12.040939: | CERT 1d f5 3f 23 3c d2 5c 87 23 bc 6a 67 f7 00 c3 96 Sep 21 07:34:12.040941: | CERT 3f 76 5c b9 8e 6f 2b 16 90 2c 00 c0 05 a0 e2 8d Sep 21 07:34:12.040944: | CERT 57 d5 76 34 7f 6f be e8 48 79 08 91 a8 17 72 1f Sep 21 07:34:12.040946: | CERT c0 1c 8a 52 a8 18 aa 32 3c 9a e4 d9 90 58 25 5e Sep 21 07:34:12.040948: | CERT 4c 49 8e cb 7a 33 19 d2 87 1a 2a 8e b5 04 f7 f9 Sep 21 07:34:12.040951: | CERT cd 80 8c 59 ae 34 61 c5 1d de 53 65 fe 4f f3 f4 Sep 21 07:34:12.040953: | CERT 09 f2 b4 21 7a 2b eb 1f 4a f2 5f 85 3a f0 f8 2b Sep 21 07:34:12.040955: | CERT 3b 42 5b da 89 c1 ef b2 81 18 2a 4b 57 a2 ca 63 Sep 21 07:34:12.040957: | CERT 8b a7 60 8e 54 95 c3 20 5c e5 53 f0 4a 57 df 41 Sep 21 07:34:12.040960: | CERT fa 06 e6 ab 4e 0b 46 49 14 0d db b0 dc 10 2e 6d Sep 21 07:34:12.040962: | CERT 5f 52 cb 75 36 1b e2 1d 9d 77 0f 73 9d 0a 64 07 Sep 21 07:34:12.040964: | CERT 84 f4 0e 0a 98 97 58 c4 40 f6 1b ac a3 be 21 aa Sep 21 07:34:12.040966: | CERT 67 3a 2b b1 0e b7 9a 36 ff 67 02 03 01 00 01 a3 Sep 21 07:34:12.040969: | CERT 82 01 06 30 82 01 02 30 09 06 03 55 1d 13 04 02 Sep 21 07:34:12.040971: | CERT 30 00 30 47 06 03 55 1d 11 04 40 30 3e 82 1a 65 Sep 21 07:34:12.040973: | CERT 61 73 74 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 Sep 21 07:34:12.040975: | CERT 65 73 77 61 6e 2e 6f 72 67 81 1a 65 61 73 74 40 Sep 21 07:34:12.040978: | CERT 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 Sep 21 07:34:12.040980: | CERT 6e 2e 6f 72 67 87 04 c0 01 02 17 30 0b 06 03 55 Sep 21 07:34:12.040982: | CERT 1d 0f 04 04 03 02 07 80 30 1d 06 03 55 1d 25 04 Sep 21 07:34:12.040984: | CERT 16 30 14 06 08 2b 06 01 05 05 07 03 01 06 08 2b Sep 21 07:34:12.040986: | CERT 06 01 05 05 07 03 02 30 41 06 08 2b 06 01 05 05 Sep 21 07:34:12.040989: | CERT 07 01 01 04 35 30 33 30 31 06 08 2b 06 01 05 05 Sep 21 07:34:12.040991: | CERT 07 30 01 86 25 68 74 74 70 3a 2f 2f 6e 69 63 2e Sep 21 07:34:12.040993: | CERT 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 Sep 21 07:34:12.041010: | CERT 6e 2e 6f 72 67 3a 32 35 36 30 30 3d 06 03 55 1d Sep 21 07:34:12.041012: | CERT 1f 04 36 30 34 30 32 a0 30 a0 2e 86 2c 68 74 74 Sep 21 07:34:12.041015: | CERT 70 3a 2f 2f 6e 69 63 2e 74 65 73 74 69 6e 67 2e Sep 21 07:34:12.041017: | CERT 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 2f 72 65 Sep 21 07:34:12.041019: | CERT 76 6f 6b 65 64 2e 63 72 6c 30 0d 06 09 2a 86 48 Sep 21 07:34:12.041021: | CERT 86 f7 0d 01 01 0b 05 00 03 81 81 00 bf 3c 12 c5 Sep 21 07:34:12.041024: | CERT 00 3e 71 2a 2b 2b 60 83 b9 b9 f2 4d b1 ca 0e fd Sep 21 07:34:12.041026: | CERT b4 e0 0b 6a ad 54 d7 c9 98 57 e0 5c 26 4d bf 11 Sep 21 07:34:12.041028: | CERT 23 20 79 05 b6 1b 9b 09 ed 4f 2e fd 7e da 55 53 Sep 21 07:34:12.041031: | CERT b6 8c 88 fa f3 9b ce ec ef 95 37 11 70 ce 1c 98 Sep 21 07:34:12.041033: | CERT d3 d5 cf f6 30 71 44 78 fb 45 03 69 50 d5 a5 c3 Sep 21 07:34:12.041036: | CERT de 00 4c f7 0a 7d 00 cb 3a ab 11 74 6b 57 67 4d Sep 21 07:34:12.041039: | CERT e7 c0 3a 97 98 44 e2 15 9d f2 6f 1b c7 b1 15 d0 Sep 21 07:34:12.041041: | CERT 88 c4 dc 32 b7 72 1d 9c ac 1b 37 63 Sep 21 07:34:12.041044: | emitting length of ISAKMP Certificate Payload: 1265 Sep 21 07:34:12.041096: | started looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org of kind PKK_RSA Sep 21 07:34:12.041150: | searching for certificate PKK_RSA:AwEAAbANn vs PKK_RSA:AwEAAbANn Sep 21 07:34:12.050076: | ***emit ISAKMP Signature Payload: Sep 21 07:34:12.050085: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:12.050090: | next payload chain: setting previous 'ISAKMP Certificate Payload'.'next payload type' to current ISAKMP Signature Payload (9:ISAKMP_NEXT_SIG) Sep 21 07:34:12.050093: | next payload chain: saving location 'ISAKMP Signature Payload'.'next payload type' in 'reply packet' Sep 21 07:34:12.050096: | emitting 384 raw bytes of SIG_R into ISAKMP Signature Payload Sep 21 07:34:12.050099: | SIG_R 05 68 21 da f9 fd 6f 2c e4 b0 9e f3 ef e5 be 5f Sep 21 07:34:12.050101: | SIG_R 03 92 3e 1d 5c c7 b7 bd 5a 03 4c 87 50 3a 8d be Sep 21 07:34:12.050103: | SIG_R aa 49 7e 1c 53 e3 d1 96 35 97 10 85 4b 63 e7 0b Sep 21 07:34:12.050106: | SIG_R da 77 63 cc 8d 08 d6 d3 47 1c 2b 7d 5f 19 c3 1c Sep 21 07:34:12.050108: | SIG_R 5c 75 10 1f 50 e7 7b 60 13 84 ae e6 0b bc dd 76 Sep 21 07:34:12.050110: | SIG_R 72 fe c8 29 bb 7e 28 6f 5e fc 5c 02 5b c3 a6 95 Sep 21 07:34:12.050113: | SIG_R 9f cc 88 a1 f2 8e e3 d9 72 7d 22 6f ac a6 a0 33 Sep 21 07:34:12.050115: | SIG_R 14 9f b3 19 38 f6 b8 d3 1e 62 8f 38 98 26 89 c3 Sep 21 07:34:12.050117: | SIG_R 9f 23 25 dd 91 66 5d f8 11 20 f5 72 30 45 59 7e Sep 21 07:34:12.050120: | SIG_R 90 5c 99 01 ab cd 03 af 59 21 40 e9 39 53 b6 39 Sep 21 07:34:12.050122: | SIG_R 94 1c a9 60 24 5e e0 57 b6 a1 25 e3 cf 9d 8e 9a Sep 21 07:34:12.050124: | SIG_R b6 3d 29 48 79 d8 4b 69 e3 c2 6a b6 2d c1 7d 67 Sep 21 07:34:12.050127: | SIG_R 54 56 1d df 4e 55 2c 75 9c c7 9b 91 fb 01 66 9a Sep 21 07:34:12.050129: | SIG_R d2 cf e8 30 ac c2 87 c5 ab 8d 55 91 ed df d1 75 Sep 21 07:34:12.050131: | SIG_R f2 66 34 f5 55 12 55 8e 02 85 c1 9c 2d d3 7b d5 Sep 21 07:34:12.050134: | SIG_R 45 21 ea b9 24 f1 79 07 d8 fd 12 4d 70 b9 38 94 Sep 21 07:34:12.050136: | SIG_R cb 48 05 1c b7 e6 c4 23 bd cc 6e 30 a6 b3 f6 55 Sep 21 07:34:12.050138: | SIG_R 4d 7c 26 5e 4b fd 85 a6 1e 2e 3d 89 6a 7f a4 54 Sep 21 07:34:12.050141: | SIG_R 14 fd 63 7b 0f bc e9 d8 3e 1d f4 f0 ed 18 c5 a2 Sep 21 07:34:12.050143: | SIG_R 8f 8a a2 95 c5 e0 54 ab 86 da a4 4f 81 d3 e4 6f Sep 21 07:34:12.050145: | SIG_R ab eb 83 24 b5 3b f4 54 7a 28 5a e0 03 74 4c b4 Sep 21 07:34:12.050147: | SIG_R 31 38 42 9d d7 40 8e 9d 3f a5 88 36 11 2c e3 8f Sep 21 07:34:12.050150: | SIG_R be 47 49 d4 d3 de 4d d7 6c 6e 17 73 f0 ca b3 2c Sep 21 07:34:12.050152: | SIG_R 72 e1 1c 6b 4f 71 62 ee 6f 80 f3 e8 45 a4 43 5e Sep 21 07:34:12.050155: | emitting length of ISAKMP Signature Payload: 388 Sep 21 07:34:12.050158: | emitting 12 zero bytes of encryption padding into ISAKMP Message Sep 21 07:34:12.050160: | no IKEv1 message padding required Sep 21 07:34:12.050163: | emitting length of ISAKMP Message: 1884 Sep 21 07:34:12.050175: | FOR_EACH_CONNECTION_... in ISAKMP_SA_established Sep 21 07:34:12.050245: | complete v1 state transition with STF_OK Sep 21 07:34:12.050252: | [RE]START processing: state #3 connection "northnet-eastnet-b" from 192.1.3.33:500 (in complete_v1_state_transition() at ikev1.c:2649) Sep 21 07:34:12.050255: | #3 is idle Sep 21 07:34:12.050258: | doing_xauth:no, t_xauth_client_done:no Sep 21 07:34:12.050260: | IKEv1: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3 Sep 21 07:34:12.050266: | parent state #3: MAIN_R2(open IKE SA) => MAIN_R3(established IKE SA) Sep 21 07:34:12.050269: | event_already_set, deleting event Sep 21 07:34:12.050272: | state #3 requesting EVENT_RETRANSMIT to be deleted Sep 21 07:34:12.050275: | #3 STATE_MAIN_R3: retransmits: cleared Sep 21 07:34:12.050279: | libevent_free: release ptr-libevent@0x7f927c003590 Sep 21 07:34:12.050297: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f92880041c0 Sep 21 07:34:12.050302: | sending reply packet to 192.1.3.33:500 (from 192.1.2.23:500) Sep 21 07:34:12.050310: | sending 1884 bytes for STATE_MAIN_R2 through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #3) Sep 21 07:34:12.050312: | 83 26 94 dc 76 34 ec a4 7f 9b 03 f4 eb 6f 2e 92 Sep 21 07:34:12.050315: | 05 10 02 01 00 00 00 00 00 00 07 5c 07 74 2b 5e Sep 21 07:34:12.050317: | 9a e0 5d 01 07 7b e2 b5 70 cd 55 4e 4a 06 6f ce Sep 21 07:34:12.050320: | 51 5a ea c7 64 99 f6 68 7e 35 3f 16 42 e3 fd 79 Sep 21 07:34:12.050322: | 5e 9e 0b d4 10 fe f1 12 7f cb c7 55 a7 1e d4 7c Sep 21 07:34:12.050324: | bb 70 0d ca 41 f3 0b e4 54 6e 42 bc ca b4 01 c9 Sep 21 07:34:12.050327: | c2 b6 d6 64 ab e7 07 45 ad 44 4f 54 ab c3 e8 b4 Sep 21 07:34:12.050329: | 38 db 25 ec 77 e5 11 1f 3d 2c 01 7a 73 77 bc af Sep 21 07:34:12.050331: | 64 7c d5 8b b0 a2 87 4b 6c 9c 67 b2 0a 8c da e6 Sep 21 07:34:12.050334: | de a9 8e d6 91 80 23 9a e7 b6 68 2e 5e 37 12 04 Sep 21 07:34:12.050336: | 7d 0d b7 3b 2d bf 2d 7d b5 04 b4 0d 60 15 48 a5 Sep 21 07:34:12.050338: | 6d bf 0a 7e e3 93 e2 37 53 1c 82 61 35 32 9d 9c Sep 21 07:34:12.050341: | 38 23 b6 68 12 25 67 7e 12 1e d5 6e f9 4e 3f 22 Sep 21 07:34:12.050343: | 3f 32 04 f3 da f5 6b e6 70 8f 4e 3e bd a5 01 43 Sep 21 07:34:12.050345: | e4 1c 95 2d 87 1b 96 3b 22 f2 ca 03 df 85 26 78 Sep 21 07:34:12.050348: | a3 43 64 23 58 65 f4 be 58 28 62 83 05 4c 8c 72 Sep 21 07:34:12.050350: | c4 c1 13 9d 46 40 c9 d0 19 a6 ba 02 5a 48 4d 8f Sep 21 07:34:12.050352: | de 7b 6e 44 40 40 e8 16 ae 9e 87 d0 a4 ad 7a 58 Sep 21 07:34:12.050355: | 11 db b9 3a 61 5e d1 61 cb fa 7b 5e c4 a6 0c 8d Sep 21 07:34:12.050357: | 12 cd e6 a5 90 22 46 3c be f4 68 7c 56 5e 4d 5c Sep 21 07:34:12.050359: | 9a e6 b1 72 64 e3 d7 da 49 91 6f ec 15 73 34 6d Sep 21 07:34:12.050362: | 89 e0 cb 29 8a 9c 10 f2 07 17 47 4d b1 a7 e9 1e Sep 21 07:34:12.050364: | c5 e2 6e d8 cd 46 53 4e 60 1d 6c b2 e5 ab 12 73 Sep 21 07:34:12.050366: | 70 a1 4e ea 09 50 93 3d 8a 26 c7 87 6f e5 34 ca Sep 21 07:34:12.050381: | 7d c8 9f da 8f 03 81 de f4 c6 9d aa b1 63 15 1b Sep 21 07:34:12.050383: | 63 6b 81 e5 b6 8a 0a 7f 4a 30 f0 02 5d 6b a4 50 Sep 21 07:34:12.050386: | da 83 c1 ba 7b 18 14 2c 08 b1 b7 b4 38 f5 aa d4 Sep 21 07:34:12.050388: | 16 89 0d a8 98 5a 04 18 5a e1 20 bf a3 54 9e c2 Sep 21 07:34:12.050390: | fa a7 0b 04 1c b7 14 23 10 22 03 a8 88 92 b2 df Sep 21 07:34:12.050393: | d2 ac 16 d6 66 55 92 a5 db 7a 64 e7 c3 f7 e9 49 Sep 21 07:34:12.050395: | 30 40 45 42 1a fd c9 49 e4 9d e2 b4 59 0d c4 96 Sep 21 07:34:12.050397: | 7f 3c 89 37 6f 42 5b b1 10 85 2e 99 8e cb dd 70 Sep 21 07:34:12.050399: | 77 07 e7 cd e2 d7 db 55 98 af c1 2c ad b1 5c 8d Sep 21 07:34:12.050401: | ad 28 62 cd 27 74 d9 01 97 a8 ef 23 fd d2 c5 81 Sep 21 07:34:12.050404: | ab 98 54 09 1c ee 0a b4 c8 8e ca 5b 5c 23 c1 02 Sep 21 07:34:12.050406: | d1 fa 0b 93 b2 ae f8 bc 3c 46 8e d7 a0 e8 67 38 Sep 21 07:34:12.050408: | 47 e8 02 3b 78 0d 81 11 bb c1 65 1a c3 32 f7 06 Sep 21 07:34:12.050411: | b6 9b d8 66 dd 7e 31 55 09 cb cf 3e 67 9f 29 40 Sep 21 07:34:12.050413: | b9 34 04 46 e6 55 60 66 7e b8 4b e3 9c ab 7b 8c Sep 21 07:34:12.050415: | 0d 25 aa 1c 48 00 b4 71 e1 ef ff dd 0c f5 d9 95 Sep 21 07:34:12.050418: | 0f cb 92 8f d3 3f da ea 33 46 bf 0f 70 54 10 84 Sep 21 07:34:12.050420: | b0 6b 34 89 df 34 2c e7 fd f8 ec 28 66 7f a5 a1 Sep 21 07:34:12.050422: | fd bf f4 94 d0 35 77 ad 53 7b b9 86 a9 9c 72 ac Sep 21 07:34:12.050426: | 7c 28 35 a2 38 5e a7 12 b6 dc a2 fd f7 89 db e5 Sep 21 07:34:12.050428: | 90 2e 56 5a ee 09 14 e6 53 0b d9 d5 e8 e6 35 f0 Sep 21 07:34:12.050430: | b4 d3 20 ba 0d 9b 8f 6f 58 98 27 ad ec bc 59 78 Sep 21 07:34:12.050433: | 9f 19 da 0a 30 c0 32 6f 4f ed cf 61 68 9f 20 8e Sep 21 07:34:12.050435: | 51 cf b1 05 1a 1d 1f 0a ce e6 ed 71 91 bf 3c 09 Sep 21 07:34:12.050437: | 6c 14 7b 2f d3 8c cd 51 c1 63 6e e2 df a5 53 ed Sep 21 07:34:12.050439: | 2c 71 81 3d 08 54 20 5b 0b d5 89 81 43 63 8d 31 Sep 21 07:34:12.050442: | f8 7f 0b 79 e4 66 4d 6b 1d 35 c3 c8 83 b8 08 a3 Sep 21 07:34:12.050444: | 75 5f 67 b3 88 7d ae 96 c5 e0 a7 21 d1 6e 60 bb Sep 21 07:34:12.050446: | 00 6c 6e 19 c7 f4 39 95 0c 24 5c 34 83 01 e2 2e Sep 21 07:34:12.050448: | fb 34 84 e1 7e 9d 68 a7 8e d9 59 35 4b a8 a1 86 Sep 21 07:34:12.050451: | 24 72 bd 65 77 3f 3b 27 2d fd 57 d3 aa 74 d3 40 Sep 21 07:34:12.050453: | 9f 88 21 d3 87 b3 b4 00 5c 92 60 b1 c1 7b 1f 9e Sep 21 07:34:12.050455: | e5 1e 46 6f 77 4c 3a 7f 0c 09 45 e6 2b c8 f4 ff Sep 21 07:34:12.050457: | c2 80 63 44 3f fe 03 68 85 10 41 d4 c9 a9 c6 45 Sep 21 07:34:12.050460: | 49 2b cf 9f 69 06 47 27 7f d6 2f 27 b0 63 1b 9d Sep 21 07:34:12.050462: | 9a da 93 9b 91 97 90 aa 18 f0 b3 88 c2 66 54 0f Sep 21 07:34:12.050464: | 84 80 f5 93 ab 90 f0 57 2f a5 43 20 14 ea 15 c6 Sep 21 07:34:12.050466: | bf 7b 10 35 2e 4d 96 1c 27 79 c5 0e 7b e8 4d 14 Sep 21 07:34:12.050469: | bd 93 73 fc 3d aa cd b6 d1 17 28 89 56 0b be af Sep 21 07:34:12.050471: | 9c a2 72 bc 34 38 f5 ea c5 a5 0b 63 62 5f eb eb Sep 21 07:34:12.050473: | 32 5d 59 2b 99 3c 2e a6 60 69 a8 16 4a 64 94 c9 Sep 21 07:34:12.050475: | 1e 2e ad a7 0a 98 68 5a e0 74 e5 84 aa f4 05 8d Sep 21 07:34:12.050478: | eb ab 4a 5f 81 65 7e 6a 52 7e 57 72 47 9e d9 fe Sep 21 07:34:12.050480: | f0 c0 6b ae 61 2f 7b d7 a8 d2 6f b3 90 91 6f 67 Sep 21 07:34:12.050482: | d0 af 7e b1 24 15 01 6e f8 a3 94 cb 0d 9d e7 ac Sep 21 07:34:12.050484: | 12 d5 c2 42 34 76 04 c3 8a 0d 0d f6 b0 5c 07 fa Sep 21 07:34:12.050487: | d2 5d a3 70 3f 47 79 02 8f 15 5c 74 bb c5 df 7d Sep 21 07:34:12.050489: | 27 bd ac f2 30 e0 8f 8e 4c 84 e0 47 6c 64 0e 1f Sep 21 07:34:12.050491: | d8 60 57 30 77 d9 38 14 27 7d 7a 15 ca b0 2c 7a Sep 21 07:34:12.050493: | be dd 72 71 11 1e 34 26 a1 a0 a9 b8 3c 42 af d9 Sep 21 07:34:12.050496: | cc 16 19 29 10 58 30 d7 87 4a 90 1f 50 77 3f ee Sep 21 07:34:12.050498: | 31 ec 0c 61 1f 1e c6 81 30 75 c2 1f 47 5c 01 1f Sep 21 07:34:12.050500: | 1e 66 cb c7 95 d9 1b 19 00 18 10 71 56 13 29 fd Sep 21 07:34:12.050502: | 2b 82 81 0d 52 75 dd 5c 01 aa 50 be 4c 29 a5 81 Sep 21 07:34:12.050505: | e7 01 e2 b2 4c 6c 6e 17 b7 85 67 c8 c9 c7 20 eb Sep 21 07:34:12.050507: | 0f af bf ac d9 a3 8b e8 f0 cc 9b 9e 76 2c 5b 3d Sep 21 07:34:12.050509: | 17 1e b8 d3 8b 36 16 d4 5a b1 af 9d 9d e2 f7 94 Sep 21 07:34:12.050511: | 93 d4 9a ad aa c1 2d 54 e8 46 a5 36 61 72 f2 42 Sep 21 07:34:12.050514: | b3 a9 12 ee 58 ec 93 0a 23 b6 92 22 a2 53 a2 dc Sep 21 07:34:12.050516: | df 26 58 cb 56 5b 14 80 ba af 72 9b 52 da b2 17 Sep 21 07:34:12.050518: | 9f f6 2c 29 3d 1f 51 e8 47 fd e1 96 55 32 81 e9 Sep 21 07:34:12.050520: | db e7 43 86 6b 00 03 71 e8 84 da 6b 74 06 14 7a Sep 21 07:34:12.050523: | cf e0 43 0d 0e b7 20 12 dd 34 6a 89 8b 2d fa bc Sep 21 07:34:12.050525: | 9e bc 86 54 39 dc e6 b3 4a 98 d9 96 1c 0e 87 06 Sep 21 07:34:12.050527: | 0c a9 12 da d3 74 01 2f 16 91 47 a2 cd 39 d9 92 Sep 21 07:34:12.050529: | 92 f1 c7 b3 3b 16 93 09 72 2d 6b 56 f9 1e f8 df Sep 21 07:34:12.050532: | f4 12 77 ae 4c 18 99 c6 d3 7d ed 12 70 03 bb b8 Sep 21 07:34:12.050534: | 90 15 cc 6b b6 de b8 8d 59 9b 6a e4 56 1e 8f d6 Sep 21 07:34:12.050536: | dc dc 8d 51 9b 52 fa d7 1c 92 be fc 67 1d dd 2b Sep 21 07:34:12.050539: | 87 ac fb c6 31 f7 77 8e 1e ea d3 9a f9 dc 4c 27 Sep 21 07:34:12.050541: | af f9 2a cb 8c 50 e6 b1 4c 5d b1 f9 77 2b e3 c1 Sep 21 07:34:12.050544: | 26 d7 c0 d1 83 1b d2 bc c2 9a bb 5c 70 4d ca 6d Sep 21 07:34:12.050547: | 6c 1c 54 ff f4 fd eb 98 7d 9a 8f 3b ba 9c 99 18 Sep 21 07:34:12.050549: | 5a a4 be 30 43 57 88 fa 9e ca 48 62 56 c4 c0 52 Sep 21 07:34:12.050551: | 8c 13 aa 44 4d 1c b0 db 9d 45 08 38 05 c2 30 c6 Sep 21 07:34:12.050553: | b9 6c 68 02 3d 11 7d d8 57 9d 1f 96 cd a6 bc 37 Sep 21 07:34:12.050556: | 7a 2e 0f f3 6f d6 f8 4b b7 d6 e9 a5 41 5b bd 28 Sep 21 07:34:12.050558: | 43 3b 27 fb 47 f5 e8 b8 69 5b 84 55 02 4c b9 ef Sep 21 07:34:12.050560: | eb 39 ff 2f 8e 81 4e 81 a4 28 a0 ed 76 fe 65 da Sep 21 07:34:12.050562: | bf e4 d9 80 01 c0 5c 50 c3 63 39 87 85 14 23 e7 Sep 21 07:34:12.050565: | 65 d4 cd 51 c2 ec ee b4 e0 44 5d 8c 7e 89 cb 2d Sep 21 07:34:12.050567: | 4c 1a 1a 68 e0 70 02 96 94 94 f2 56 36 c4 7f 36 Sep 21 07:34:12.050569: | ed a3 3a 7d 03 d4 ec 55 0c 13 ef 24 c4 62 ca 3d Sep 21 07:34:12.050571: | e1 bc 63 08 8a 20 59 ca 65 ca 6a ff ab e9 e5 31 Sep 21 07:34:12.050574: | ca c2 2d 8e a6 69 b1 fe 0a 50 84 80 2e ab d5 a0 Sep 21 07:34:12.050576: | 72 04 f9 5b 80 98 bc 35 b4 8e a2 21 c1 6f 65 86 Sep 21 07:34:12.050578: | 22 54 91 76 0e 92 13 36 cf dd be 07 99 74 31 09 Sep 21 07:34:12.050581: | 8e 0c f4 eb aa 40 6f 0b 23 c7 43 a2 00 de 1a ee Sep 21 07:34:12.050583: | dc 59 10 08 b4 07 e2 49 51 8d fb 92 4e be a4 6f Sep 21 07:34:12.050585: | 97 31 3b 76 95 3d fa d0 47 de ac 1f 72 db bb 82 Sep 21 07:34:12.050587: | fc 03 1e 8d 2b 3f 35 69 37 92 52 8c e2 ef 09 4c Sep 21 07:34:12.050590: | b5 b0 94 b4 4c ea 8a 83 a8 ba 09 6f b7 75 20 d2 Sep 21 07:34:12.050592: | b1 8c ab 21 89 b2 48 5d 3e 03 20 cd d0 c8 74 9b Sep 21 07:34:12.050594: | 91 45 c1 10 1e 1d c8 fd 06 ab c1 56 Sep 21 07:34:12.050643: | !event_already_set at reschedule Sep 21 07:34:12.050647: | event_schedule: new EVENT_SA_REPLACE-pe@0x55bbb7a0a280 Sep 21 07:34:12.050651: | inserting event EVENT_SA_REPLACE, timeout in 3330 seconds for #3 Sep 21 07:34:12.050654: | libevent_malloc: new ptr-libevent@0x7f927c003590 size 128 Sep 21 07:34:12.050658: | pstats #3 ikev1.isakmp established Sep 21 07:34:12.050662: "northnet-eastnet-b" #3: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=RSA_SIG cipher=AES_CBC_256 integ=HMAC_SHA2_256 group=MODP2048} Sep 21 07:34:12.050665: | DPD: dpd_init() called on ISAKMP SA Sep 21 07:34:12.050667: | DPD: Peer supports Dead Peer Detection Sep 21 07:34:12.050670: | DPD: not initializing DPD because DPD is disabled locally Sep 21 07:34:12.050672: | modecfg pull: noquirk policy:push not-client Sep 21 07:34:12.050675: | phase 1 is done, looking for phase 2 to unpend Sep 21 07:34:12.050677: | unpending state #3 Sep 21 07:34:12.050683: | #3 spent 9.93 milliseconds Sep 21 07:34:12.050687: | #3 spent 11 milliseconds in process_packet_tail() Sep 21 07:34:12.050706: | stop processing: from 192.1.3.33:500 (BACKGROUND) (in process_md() at demux.c:380) Sep 21 07:34:12.050711: | stop processing: state #3 connection "northnet-eastnet-b" from 192.1.3.33:500 (in process_md() at demux.c:382) Sep 21 07:34:12.050714: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:34:12.050718: | spent 11.5 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:34:12.053486: | spent 0.00222 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:34:12.053500: | *received 476 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) Sep 21 07:34:12.053503: | 83 26 94 dc 76 34 ec a4 7f 9b 03 f4 eb 6f 2e 92 Sep 21 07:34:12.053505: | 08 10 20 01 66 57 70 ef 00 00 01 dc a1 73 da 6b Sep 21 07:34:12.053507: | af b2 ee 2a 5f f1 99 20 59 1e d3 6a 70 e1 ed 67 Sep 21 07:34:12.053510: | 60 81 21 94 eb 89 be 13 20 69 9f 07 9b 40 1f 6c Sep 21 07:34:12.053512: | b8 fd b2 5c 9c 6e 4a 2d fa ab 66 08 5e 8c d2 0e Sep 21 07:34:12.053514: | d4 8d 01 e2 74 79 a8 b4 15 35 7d 40 86 e8 87 e7 Sep 21 07:34:12.053517: | 1a 4d ce 6b 72 5a 59 74 55 ed 57 da d4 6e 82 17 Sep 21 07:34:12.053519: | fa 52 2b d4 f8 02 14 ad 09 2f 18 5a 50 8a 2f fa Sep 21 07:34:12.053524: | 98 f8 23 0b 87 94 c4 3d 15 98 00 b4 af 21 5e 69 Sep 21 07:34:12.053526: | 7b 14 f8 e9 50 7c 1a 89 0e 13 42 f6 3c 7c 22 3c Sep 21 07:34:12.053529: | cb 7c 74 8d 1d 9f 03 72 fa 11 e7 83 5f f1 e2 f8 Sep 21 07:34:12.053531: | c0 fc 65 05 34 0a 7c 40 eb 83 36 06 0d fe 24 6c Sep 21 07:34:12.053533: | d0 49 b7 c3 a0 a9 52 0a f1 ce f0 2e 29 84 0f 97 Sep 21 07:34:12.053535: | 69 67 89 b5 34 2d b3 1b 88 df 35 42 89 78 11 2f Sep 21 07:34:12.053538: | 0c 52 bb 09 b4 f5 29 5d 4c 1a ce 15 84 d5 fa 0d Sep 21 07:34:12.053540: | 39 56 3b ac 69 87 de 92 da 7d ee 1f f0 36 c9 a5 Sep 21 07:34:12.053542: | f4 d4 b2 b6 6c d3 e5 f3 26 93 57 b6 d3 8b 44 74 Sep 21 07:34:12.053545: | 66 78 41 3c 80 d2 93 a2 25 a8 c0 7b a3 97 2f ca Sep 21 07:34:12.053547: | 55 a0 1b a6 b1 ca 93 d1 9b 7a 8d 66 00 5c f3 24 Sep 21 07:34:12.053549: | 93 a3 84 6f 65 d3 ce 91 f2 93 04 57 6d d6 45 59 Sep 21 07:34:12.053552: | bb 16 30 8c 47 10 fd 66 8e b8 b3 ed 1a ad 4b 6a Sep 21 07:34:12.053554: | 06 59 f3 a4 e1 2c 3e 44 6c 86 d2 cb 52 8c 8a d3 Sep 21 07:34:12.053556: | 76 db 5d 81 70 83 b7 63 dc 7f 32 6c 46 a4 6b 9b Sep 21 07:34:12.053559: | 5a 15 cd 01 90 2c 44 61 66 fd 96 75 5c 84 a5 93 Sep 21 07:34:12.053561: | f5 aa e1 62 01 1f 0c 96 25 c8 bc 06 5d 2e 70 28 Sep 21 07:34:12.053563: | 97 43 8e 4d 86 db f5 a9 a5 b8 8c 94 0e 3d 2e 5a Sep 21 07:34:12.053566: | 54 83 4b d6 a9 ee dd d7 f2 ca ea 36 d7 d9 79 7f Sep 21 07:34:12.053568: | de 12 ec b9 e7 0e 84 fc 43 30 00 5a 15 af 64 d4 Sep 21 07:34:12.053571: | 18 29 a0 48 8e 36 e9 90 f0 a5 66 0e d3 d7 6d 7b Sep 21 07:34:12.053573: | 4b 7c d8 85 6f 9b 31 7e 5f 8b 21 4a Sep 21 07:34:12.053577: | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) Sep 21 07:34:12.053580: | **parse ISAKMP Message: Sep 21 07:34:12.053583: | initiator cookie: Sep 21 07:34:12.053585: | 83 26 94 dc 76 34 ec a4 Sep 21 07:34:12.053587: | responder cookie: Sep 21 07:34:12.053590: | 7f 9b 03 f4 eb 6f 2e 92 Sep 21 07:34:12.053592: | next payload type: ISAKMP_NEXT_HASH (0x8) Sep 21 07:34:12.053595: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:34:12.053598: | exchange type: ISAKMP_XCHG_QUICK (0x20) Sep 21 07:34:12.053600: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Sep 21 07:34:12.053603: | Message ID: 1717006575 (0x665770ef) Sep 21 07:34:12.053605: | length: 476 (0x1dc) Sep 21 07:34:12.053608: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32) Sep 21 07:34:12.053611: | State DB: IKEv1 state not found (find_state_ikev1) Sep 21 07:34:12.053614: | State DB: found IKEv1 state #3 in MAIN_R3 (find_state_ikev1) Sep 21 07:34:12.053619: | start processing: state #3 connection "northnet-eastnet-b" from 192.1.3.33:500 (in process_v1_packet() at ikev1.c:1583) Sep 21 07:34:12.053630: | #3 is idle Sep 21 07:34:12.053632: | #3 idle Sep 21 07:34:12.053636: | received encrypted packet from 192.1.3.33:500 Sep 21 07:34:12.053645: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x502 opt: 0x200030 Sep 21 07:34:12.053648: | ***parse ISAKMP Hash Payload: Sep 21 07:34:12.053650: | next payload type: ISAKMP_NEXT_SA (0x1) Sep 21 07:34:12.053653: | length: 36 (0x24) Sep 21 07:34:12.053656: | got payload 0x2 (ISAKMP_NEXT_SA) needed: 0x402 opt: 0x200030 Sep 21 07:34:12.053658: | ***parse ISAKMP Security Association Payload: Sep 21 07:34:12.053661: | next payload type: ISAKMP_NEXT_NONCE (0xa) Sep 21 07:34:12.053663: | length: 84 (0x54) Sep 21 07:34:12.053666: | DOI: ISAKMP_DOI_IPSEC (0x1) Sep 21 07:34:12.053668: | got payload 0x400 (ISAKMP_NEXT_NONCE) needed: 0x400 opt: 0x200030 Sep 21 07:34:12.053671: | ***parse ISAKMP Nonce Payload: Sep 21 07:34:12.053673: | next payload type: ISAKMP_NEXT_KE (0x4) Sep 21 07:34:12.053676: | length: 36 (0x24) Sep 21 07:34:12.053678: | got payload 0x10 (ISAKMP_NEXT_KE) needed: 0x0 opt: 0x200030 Sep 21 07:34:12.053681: | ***parse ISAKMP Key Exchange Payload: Sep 21 07:34:12.053687: | next payload type: ISAKMP_NEXT_ID (0x5) Sep 21 07:34:12.053690: | length: 260 (0x104) Sep 21 07:34:12.053693: | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030 Sep 21 07:34:12.053696: | ***parse ISAKMP Identification Payload (IPsec DOI): Sep 21 07:34:12.053698: | next payload type: ISAKMP_NEXT_ID (0x5) Sep 21 07:34:12.053700: | length: 16 (0x10) Sep 21 07:34:12.053703: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Sep 21 07:34:12.053705: | Protocol ID: 0 (0x0) Sep 21 07:34:12.053708: | port: 0 (0x0) Sep 21 07:34:12.053710: | obj: c0 00 03 00 ff ff ff 00 Sep 21 07:34:12.053713: | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030 Sep 21 07:34:12.053715: | ***parse ISAKMP Identification Payload (IPsec DOI): Sep 21 07:34:12.053718: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:12.053720: | length: 16 (0x10) Sep 21 07:34:12.053722: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Sep 21 07:34:12.053725: | Protocol ID: 0 (0x0) Sep 21 07:34:12.053727: | port: 0 (0x0) Sep 21 07:34:12.053729: | obj: c0 00 16 00 ff ff ff 00 Sep 21 07:34:12.053750: | quick_inI1_outR1 HASH(1): Sep 21 07:34:12.053753: | af 7b 20 8d 7c f8 ff 96 c2 76 e8 9c 2c bd 71 64 Sep 21 07:34:12.053755: | a5 c2 78 68 ce a7 1f da d6 0c 49 c1 15 6e 3c ee Sep 21 07:34:12.053758: | received 'quick_inI1_outR1' message HASH(1) data ok Sep 21 07:34:12.053762: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address Sep 21 07:34:12.053765: | ID address c0 00 03 00 Sep 21 07:34:12.053767: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID mask Sep 21 07:34:12.053770: | ID mask ff ff ff 00 Sep 21 07:34:12.053774: | peer client is subnet 192.0.3.0/24 Sep 21 07:34:12.053776: | peer client protocol/port is 0/0 Sep 21 07:34:12.053779: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address Sep 21 07:34:12.053781: | ID address c0 00 16 00 Sep 21 07:34:12.053787: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID mask Sep 21 07:34:12.053791: | ID mask ff ff ff 00 Sep 21 07:34:12.053795: | our client is subnet 192.0.22.0/24 Sep 21 07:34:12.053797: | our client protocol/port is 0/0 Sep 21 07:34:12.053803: "northnet-eastnet-b" #3: the peer proposed: 192.0.22.0/24:0/0 -> 192.0.3.0/24:0/0 Sep 21 07:34:12.053805: | find_client_connection starting with northnet-eastnet-b Sep 21 07:34:12.053823: | looking for 192.0.22.0/24:0:0/0 -> 192.0.3.0/24:0:0/0 Sep 21 07:34:12.053828: | concrete checking against sr#0 192.0.2.0/24:0 -> 192.0.3.0/24:0 Sep 21 07:34:12.053839: | match_id a=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org Sep 21 07:34:12.053847: | b=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org Sep 21 07:34:12.053850: | results matched Sep 21 07:34:12.053858: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:34:12.053866: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:34:12.053874: | fc_try trying northnet-eastnet-b:192.0.22.0/24:0:0/0 -> 192.0.3.0/24:0:0/0 vs northnet-eastnet-b:192.0.2.0/24:0:0/0 -> 192.0.3.0/24:0:0/0 Sep 21 07:34:12.053879: | our client (192.0.2.0/24:0) not in our_net (192.0.22.0/24:0) Sep 21 07:34:12.053888: | match_id a=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org Sep 21 07:34:12.053896: | b=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org Sep 21 07:34:12.053899: | results matched Sep 21 07:34:12.053907: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:34:12.053916: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:34:12.053924: | fc_try trying northnet-eastnet-b:192.0.22.0/24:0:0/0 -> 192.0.3.0/24:0:0/0 vs northnet-eastnet-a:192.0.22.0/24:0:0/0 -> 192.0.3.0/24:0:0/0 Sep 21 07:34:12.053927: | fc_try concluding with northnet-eastnet-a [256] Sep 21 07:34:12.053929: | fc_try northnet-eastnet-b gives northnet-eastnet-a Sep 21 07:34:12.053932: | concluding with d = northnet-eastnet-a Sep 21 07:34:12.053934: | using connection "northnet-eastnet-a" Sep 21 07:34:12.053937: | client wildcard: no port wildcard: no virtual: no Sep 21 07:34:12.053941: | creating state object #4 at 0x55bbb7a8c640 Sep 21 07:34:12.053943: | State DB: adding IKEv1 state #4 in UNDEFINED Sep 21 07:34:12.053947: | pstats #4 ikev1.ipsec started Sep 21 07:34:12.053949: | duplicating state object #3 "northnet-eastnet-b" as #4 for IPSEC SA Sep 21 07:34:12.053954: | #4 setting local endpoint to 192.1.2.23:500 from #3.st_localport (in duplicate_state() at state.c:1481) Sep 21 07:34:12.053957: | in connection_discard for connection northnet-eastnet-b Sep 21 07:34:12.053961: | start processing: connection "northnet-eastnet-a" (BACKGROUND) (in quick_inI1_outR1_tail() at ikev1_quick.c:1285) Sep 21 07:34:12.053965: | suspend processing: state #3 connection "northnet-eastnet-b" from 192.1.3.33:500 (in quick_inI1_outR1_tail() at ikev1_quick.c:1294) Sep 21 07:34:12.053970: | start processing: state #4 connection "northnet-eastnet-a" from 192.1.3.33:500 (in quick_inI1_outR1_tail() at ikev1_quick.c:1294) Sep 21 07:34:12.053973: | child state #4: UNDEFINED(ignore) => QUICK_R0(established CHILD SA) Sep 21 07:34:12.053976: | ****parse IPsec DOI SIT: Sep 21 07:34:12.053978: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) Sep 21 07:34:12.053981: | ****parse ISAKMP Proposal Payload: Sep 21 07:34:12.053984: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:12.053986: | length: 72 (0x48) Sep 21 07:34:12.053988: | proposal number: 0 (0x0) Sep 21 07:34:12.053991: | protocol ID: PROTO_IPSEC_ESP (0x3) Sep 21 07:34:12.053993: | SPI size: 4 (0x4) Sep 21 07:34:12.053995: | number of transforms: 2 (0x2) Sep 21 07:34:12.053998: | parsing 4 raw bytes of ISAKMP Proposal Payload into SPI Sep 21 07:34:12.054000: | SPI aa 05 6c d4 Sep 21 07:34:12.054003: | *****parse ISAKMP Transform Payload (ESP): Sep 21 07:34:12.054006: | next payload type: ISAKMP_NEXT_T (0x3) Sep 21 07:34:12.054008: | length: 32 (0x20) Sep 21 07:34:12.054010: | ESP transform number: 0 (0x0) Sep 21 07:34:12.054013: | ESP transform ID: ESP_AES (0xc) Sep 21 07:34:12.054017: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:34:12.054019: | af+type: AF+GROUP_DESCRIPTION (0x8003) Sep 21 07:34:12.054022: | length/value: 14 (0xe) Sep 21 07:34:12.054024: | [14 is OAKLEY_GROUP_MODP2048] Sep 21 07:34:12.054027: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:34:12.054030: | af+type: AF+ENCAPSULATION_MODE (0x8004) Sep 21 07:34:12.054032: | length/value: 1 (0x1) Sep 21 07:34:12.054034: | [1 is ENCAPSULATION_MODE_TUNNEL] Sep 21 07:34:12.054037: | NAT-T non-encap: Installing IPsec SA without ENCAP, st->hidden_variables.st_nat_traversal is none Sep 21 07:34:12.054040: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:34:12.054042: | af+type: AF+SA_LIFE_TYPE (0x8001) Sep 21 07:34:12.054045: | length/value: 1 (0x1) Sep 21 07:34:12.054047: | [1 is SA_LIFE_TYPE_SECONDS] Sep 21 07:34:12.054049: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:34:12.054052: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) Sep 21 07:34:12.054054: | length/value: 28800 (0x7080) Sep 21 07:34:12.054057: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:34:12.054059: | af+type: AF+AUTH_ALGORITHM (0x8005) Sep 21 07:34:12.054062: | length/value: 2 (0x2) Sep 21 07:34:12.054064: | [2 is AUTH_ALGORITHM_HMAC_SHA1] Sep 21 07:34:12.054068: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:34:12.054071: | af+type: AF+KEY_LENGTH (0x8006) Sep 21 07:34:12.054073: | length/value: 128 (0x80) Sep 21 07:34:12.054076: | ESP IPsec Transform verified unconditionally; no alg_info to check against Sep 21 07:34:12.054081: | adding quick_outI1 KE work-order 7 for state #4 Sep 21 07:34:12.054084: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55bbb7a692b0 Sep 21 07:34:12.054088: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #4 Sep 21 07:34:12.054091: | libevent_malloc: new ptr-libevent@0x7f9280006900 size 128 Sep 21 07:34:12.054098: | complete v1 state transition with STF_SUSPEND Sep 21 07:34:12.054103: | [RE]START processing: state #4 connection "northnet-eastnet-a" from 192.1.3.33:500 (in complete_v1_state_transition() at ikev1.c:2624) Sep 21 07:34:12.054105: | suspending state #4 and saving MD Sep 21 07:34:12.054107: | #4 is busy; has a suspended MD Sep 21 07:34:12.054112: | #3 spent 0.347 milliseconds in process_packet_tail() Sep 21 07:34:12.054116: | stop processing: from 192.1.3.33:500 (BACKGROUND) (in process_md() at demux.c:380) Sep 21 07:34:12.054120: | stop processing: state #4 connection "northnet-eastnet-a" from 192.1.3.33:500 (in process_md() at demux.c:382) Sep 21 07:34:12.054124: | resume processing: connection "northnet-eastnet-a" (in process_md() at demux.c:382) Sep 21 07:34:12.054126: | stop processing: connection "northnet-eastnet-a" (in process_md() at demux.c:383) Sep 21 07:34:12.054130: | spent 0.634 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:34:12.054136: | crypto helper 5 resuming Sep 21 07:34:12.054147: | crypto helper 5 starting work-order 7 for state #4 Sep 21 07:34:12.054138: | spent 0.0014 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:34:12.054152: | crypto helper 5 doing build KE and nonce (quick_outI1 KE); request ID 7 Sep 21 07:34:12.054164: | *received 476 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) Sep 21 07:34:12.054168: | 83 26 94 dc 76 34 ec a4 7f 9b 03 f4 eb 6f 2e 92 Sep 21 07:34:12.054170: | 08 10 20 01 27 6b 11 75 00 00 01 dc 80 83 de 96 Sep 21 07:34:12.054172: | b4 44 78 96 5a 66 93 2b 51 60 59 41 6c 21 cb f9 Sep 21 07:34:12.054175: | 3b 07 e0 7f 77 75 a1 3d 2e e5 73 28 10 a6 a4 c7 Sep 21 07:34:12.054177: | a9 13 1a ea 93 50 75 c8 47 93 cb 66 77 d2 0e 48 Sep 21 07:34:12.054179: | 0f 86 46 b0 a3 93 4f 9e 68 58 0a ae 17 0e 9e a6 Sep 21 07:34:12.054182: | 36 2b 76 a2 5c 77 ad d1 5e 51 45 0b da 48 ac 03 Sep 21 07:34:12.054184: | 76 64 a1 cb 39 7e f5 bf 80 d6 a3 f3 4a f1 87 36 Sep 21 07:34:12.054186: | 4f b1 45 2e f4 25 60 ab 3d 7e cc 95 61 56 b0 51 Sep 21 07:34:12.054188: | d2 c9 06 24 74 f8 32 9f 57 b6 a1 73 23 ba cb eb Sep 21 07:34:12.054191: | 89 ed 40 90 1a ce d0 44 a7 e1 5d 5b 20 35 3a a8 Sep 21 07:34:12.054193: | c1 99 bf 6f 2e c5 cd 63 44 a8 c2 14 39 a2 88 07 Sep 21 07:34:12.054195: | 9f 76 08 e5 9b e8 13 00 39 5e 86 0a 12 9f 0c 28 Sep 21 07:34:12.054198: | e4 48 7b 6f 04 f3 01 c8 7d 1d 7c 3d f3 5c f0 6c Sep 21 07:34:12.054200: | b7 dc 55 56 7f 2b 8b 76 43 f2 b4 fa fa 8a 73 72 Sep 21 07:34:12.054202: | e4 59 67 40 14 60 b4 9f b6 de d2 96 37 e3 1a 16 Sep 21 07:34:12.054205: | ef 75 73 0d d3 f4 61 71 88 93 d3 24 ac bb d0 c7 Sep 21 07:34:12.054207: | 17 5d ca 8c 4d e4 08 c4 d7 2f 47 9d c5 08 cb ed Sep 21 07:34:12.054209: | e7 a6 ea f7 1d 3a 8e 09 f3 ff d0 7e 48 95 e2 fd Sep 21 07:34:12.054211: | 4d 59 00 e7 15 ec 23 2b e7 5c 87 e9 29 0d fd 87 Sep 21 07:34:12.054214: | 07 2f 98 f4 0e 7b 67 59 50 1c d9 25 53 13 1f ad Sep 21 07:34:12.054216: | 27 f8 4b c7 bb fb 6e 52 81 e7 31 1b 52 2c 15 9e Sep 21 07:34:12.054218: | ae 50 2b 76 64 8e d6 12 39 e1 fc bc 5d be fc 9f Sep 21 07:34:12.054221: | 93 9a 9f 70 12 76 89 f9 4b 0a 24 8c c5 10 f9 3c Sep 21 07:34:12.054223: | b7 7b 6e 78 25 e1 82 06 d9 7d a2 da e9 63 4c 69 Sep 21 07:34:12.054225: | c2 47 bd 0a 56 6c f5 45 bd ee 1d 87 19 79 fd 4d Sep 21 07:34:12.054229: | 28 65 78 16 a5 4a cf e8 08 74 6f d6 6f e0 e6 0a Sep 21 07:34:12.054232: | 20 98 41 db 34 90 13 2a 0a 41 37 30 c9 fd 5c da Sep 21 07:34:12.054234: | 22 44 91 99 a1 e0 a3 e5 54 63 05 db 2a 55 ae 86 Sep 21 07:34:12.054236: | 33 2a 0d fe 15 a9 1b 35 09 b8 cc 54 Sep 21 07:34:12.054240: | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) Sep 21 07:34:12.054243: | **parse ISAKMP Message: Sep 21 07:34:12.054246: | initiator cookie: Sep 21 07:34:12.054248: | 83 26 94 dc 76 34 ec a4 Sep 21 07:34:12.054250: | responder cookie: Sep 21 07:34:12.054253: | 7f 9b 03 f4 eb 6f 2e 92 Sep 21 07:34:12.054255: | next payload type: ISAKMP_NEXT_HASH (0x8) Sep 21 07:34:12.054258: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:34:12.054260: | exchange type: ISAKMP_XCHG_QUICK (0x20) Sep 21 07:34:12.054263: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Sep 21 07:34:12.054265: | Message ID: 661328245 (0x276b1175) Sep 21 07:34:12.054268: | length: 476 (0x1dc) Sep 21 07:34:12.054271: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32) Sep 21 07:34:12.054273: | State DB: IKEv1 state not found (find_state_ikev1) Sep 21 07:34:12.054276: | State DB: found IKEv1 state #3 in MAIN_R3 (find_state_ikev1) Sep 21 07:34:12.054281: | start processing: state #3 connection "northnet-eastnet-b" from 192.1.3.33:500 (in process_v1_packet() at ikev1.c:1583) Sep 21 07:34:12.054291: | #3 is idle Sep 21 07:34:12.054293: | #3 idle Sep 21 07:34:12.054297: | received encrypted packet from 192.1.3.33:500 Sep 21 07:34:12.054304: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x502 opt: 0x200030 Sep 21 07:34:12.054307: | ***parse ISAKMP Hash Payload: Sep 21 07:34:12.054309: | next payload type: ISAKMP_NEXT_SA (0x1) Sep 21 07:34:12.054312: | length: 36 (0x24) Sep 21 07:34:12.054314: | got payload 0x2 (ISAKMP_NEXT_SA) needed: 0x402 opt: 0x200030 Sep 21 07:34:12.054317: | ***parse ISAKMP Security Association Payload: Sep 21 07:34:12.054319: | next payload type: ISAKMP_NEXT_NONCE (0xa) Sep 21 07:34:12.054321: | length: 84 (0x54) Sep 21 07:34:12.054324: | DOI: ISAKMP_DOI_IPSEC (0x1) Sep 21 07:34:12.054326: | got payload 0x400 (ISAKMP_NEXT_NONCE) needed: 0x400 opt: 0x200030 Sep 21 07:34:12.054329: | ***parse ISAKMP Nonce Payload: Sep 21 07:34:12.054331: | next payload type: ISAKMP_NEXT_KE (0x4) Sep 21 07:34:12.054333: | length: 36 (0x24) Sep 21 07:34:12.054336: | got payload 0x10 (ISAKMP_NEXT_KE) needed: 0x0 opt: 0x200030 Sep 21 07:34:12.054338: | ***parse ISAKMP Key Exchange Payload: Sep 21 07:34:12.054341: | next payload type: ISAKMP_NEXT_ID (0x5) Sep 21 07:34:12.054343: | length: 260 (0x104) Sep 21 07:34:12.054345: | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030 Sep 21 07:34:12.054348: | ***parse ISAKMP Identification Payload (IPsec DOI): Sep 21 07:34:12.054350: | next payload type: ISAKMP_NEXT_ID (0x5) Sep 21 07:34:12.054352: | length: 16 (0x10) Sep 21 07:34:12.054355: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Sep 21 07:34:12.054357: | Protocol ID: 0 (0x0) Sep 21 07:34:12.054359: | port: 0 (0x0) Sep 21 07:34:12.054362: | obj: c0 00 03 00 ff ff ff 00 Sep 21 07:34:12.054364: | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030 Sep 21 07:34:12.054367: | ***parse ISAKMP Identification Payload (IPsec DOI): Sep 21 07:34:12.054369: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:12.054371: | length: 16 (0x10) Sep 21 07:34:12.054374: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Sep 21 07:34:12.054376: | Protocol ID: 0 (0x0) Sep 21 07:34:12.054378: | port: 0 (0x0) Sep 21 07:34:12.054381: | obj: c0 00 02 00 ff ff ff 00 Sep 21 07:34:12.054399: | quick_inI1_outR1 HASH(1): Sep 21 07:34:12.054402: | 43 16 1e 84 1c e5 a5 ba 09 ad 4a 67 e8 0f 81 f9 Sep 21 07:34:12.054405: | 74 01 3c b6 70 ba a9 33 75 02 6c 2d f6 8b a5 52 Sep 21 07:34:12.054407: | received 'quick_inI1_outR1' message HASH(1) data ok Sep 21 07:34:12.054411: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address Sep 21 07:34:12.054415: | ID address c0 00 03 00 Sep 21 07:34:12.054417: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID mask Sep 21 07:34:12.054419: | ID mask ff ff ff 00 Sep 21 07:34:12.054423: | peer client is subnet 192.0.3.0/24 Sep 21 07:34:12.054426: | peer client protocol/port is 0/0 Sep 21 07:34:12.054428: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address Sep 21 07:34:12.054431: | ID address c0 00 02 00 Sep 21 07:34:12.054433: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID mask Sep 21 07:34:12.054435: | ID mask ff ff ff 00 Sep 21 07:34:12.054439: | our client is subnet 192.0.2.0/24 Sep 21 07:34:12.054441: | our client protocol/port is 0/0 Sep 21 07:34:12.054446: "northnet-eastnet-b" #3: the peer proposed: 192.0.2.0/24:0/0 -> 192.0.3.0/24:0/0 Sep 21 07:34:12.054449: | find_client_connection starting with northnet-eastnet-b Sep 21 07:34:12.054453: | looking for 192.0.2.0/24:0:0/0 -> 192.0.3.0/24:0:0/0 Sep 21 07:34:12.054458: | concrete checking against sr#0 192.0.2.0/24:0 -> 192.0.3.0/24:0 Sep 21 07:34:12.054468: | match_id a=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org Sep 21 07:34:12.054476: | b=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org Sep 21 07:34:12.054479: | results matched Sep 21 07:34:12.054487: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:34:12.054494: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:34:12.054503: | fc_try trying northnet-eastnet-b:192.0.2.0/24:0:0/0 -> 192.0.3.0/24:0:0/0 vs northnet-eastnet-b:192.0.2.0/24:0:0/0 -> 192.0.3.0/24:0:0/0 Sep 21 07:34:12.054512: | match_id a=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org Sep 21 07:34:12.054520: | b=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org Sep 21 07:34:12.054522: | results matched Sep 21 07:34:12.054530: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:34:12.054538: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:34:12.054545: | fc_try trying northnet-eastnet-b:192.0.2.0/24:0:0/0 -> 192.0.3.0/24:0:0/0 vs northnet-eastnet-a:192.0.22.0/24:0:0/0 -> 192.0.3.0/24:0:0/0 Sep 21 07:34:12.054550: | our client (192.0.22.0/24:0) not in our_net (192.0.2.0/24:0) Sep 21 07:34:12.054553: | fc_try concluding with northnet-eastnet-b [129] Sep 21 07:34:12.054555: | fc_try northnet-eastnet-b gives northnet-eastnet-b Sep 21 07:34:12.054557: | concluding with d = northnet-eastnet-b Sep 21 07:34:12.054560: | client wildcard: no port wildcard: no virtual: no Sep 21 07:34:12.054564: | creating state object #5 at 0x55bbb7a908a0 Sep 21 07:34:12.054566: | State DB: adding IKEv1 state #5 in UNDEFINED Sep 21 07:34:12.054569: | pstats #5 ikev1.ipsec started Sep 21 07:34:12.054572: | duplicating state object #3 "northnet-eastnet-b" as #5 for IPSEC SA Sep 21 07:34:12.054576: | #5 setting local endpoint to 192.1.2.23:500 from #3.st_localport (in duplicate_state() at state.c:1481) Sep 21 07:34:12.054581: | suspend processing: state #3 connection "northnet-eastnet-b" from 192.1.3.33:500 (in quick_inI1_outR1_tail() at ikev1_quick.c:1294) Sep 21 07:34:12.054585: | start processing: state #5 connection "northnet-eastnet-b" from 192.1.3.33:500 (in quick_inI1_outR1_tail() at ikev1_quick.c:1294) Sep 21 07:34:12.054588: | child state #5: UNDEFINED(ignore) => QUICK_R0(established CHILD SA) Sep 21 07:34:12.054592: | ****parse IPsec DOI SIT: Sep 21 07:34:12.054595: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) Sep 21 07:34:12.054598: | ****parse ISAKMP Proposal Payload: Sep 21 07:34:12.054600: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:12.054602: | length: 72 (0x48) Sep 21 07:34:12.054605: | proposal number: 0 (0x0) Sep 21 07:34:12.054607: | protocol ID: PROTO_IPSEC_ESP (0x3) Sep 21 07:34:12.054609: | SPI size: 4 (0x4) Sep 21 07:34:12.054612: | number of transforms: 2 (0x2) Sep 21 07:34:12.054614: | parsing 4 raw bytes of ISAKMP Proposal Payload into SPI Sep 21 07:34:12.054616: | SPI 0a ac 59 4a Sep 21 07:34:12.054619: | *****parse ISAKMP Transform Payload (ESP): Sep 21 07:34:12.054621: | next payload type: ISAKMP_NEXT_T (0x3) Sep 21 07:34:12.054624: | length: 32 (0x20) Sep 21 07:34:12.054626: | ESP transform number: 0 (0x0) Sep 21 07:34:12.054628: | ESP transform ID: ESP_AES (0xc) Sep 21 07:34:12.054631: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:34:12.054634: | af+type: AF+GROUP_DESCRIPTION (0x8003) Sep 21 07:34:12.054636: | length/value: 14 (0xe) Sep 21 07:34:12.054638: | [14 is OAKLEY_GROUP_MODP2048] Sep 21 07:34:12.054641: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:34:12.054643: | af+type: AF+ENCAPSULATION_MODE (0x8004) Sep 21 07:34:12.054646: | length/value: 1 (0x1) Sep 21 07:34:12.054648: | [1 is ENCAPSULATION_MODE_TUNNEL] Sep 21 07:34:12.054651: | NAT-T non-encap: Installing IPsec SA without ENCAP, st->hidden_variables.st_nat_traversal is none Sep 21 07:34:12.054653: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:34:12.054656: | af+type: AF+SA_LIFE_TYPE (0x8001) Sep 21 07:34:12.054658: | length/value: 1 (0x1) Sep 21 07:34:12.054660: | [1 is SA_LIFE_TYPE_SECONDS] Sep 21 07:34:12.054663: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:34:12.054665: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) Sep 21 07:34:12.054668: | length/value: 28800 (0x7080) Sep 21 07:34:12.054670: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:34:12.054673: | af+type: AF+AUTH_ALGORITHM (0x8005) Sep 21 07:34:12.054675: | length/value: 2 (0x2) Sep 21 07:34:12.054677: | [2 is AUTH_ALGORITHM_HMAC_SHA1] Sep 21 07:34:12.054680: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:34:12.054682: | af+type: AF+KEY_LENGTH (0x8006) Sep 21 07:34:12.054684: | length/value: 128 (0x80) Sep 21 07:34:12.054687: | ESP IPsec Transform verified unconditionally; no alg_info to check against Sep 21 07:34:12.054691: | adding quick_outI1 KE work-order 8 for state #5 Sep 21 07:34:12.054709: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f9280002b20 Sep 21 07:34:12.054712: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #5 Sep 21 07:34:12.054715: | libevent_malloc: new ptr-libevent@0x55bbb7a76910 size 128 Sep 21 07:34:12.054717: | crypto helper 5 finished build KE and nonce (quick_outI1 KE); request ID 7 time elapsed 0.000565 seconds Sep 21 07:34:12.054723: | complete v1 state transition with STF_SUSPEND Sep 21 07:34:12.054723: | (#4) spent 0.563 milliseconds in crypto helper computing work-order 7: quick_outI1 KE (pcr) Sep 21 07:34:12.054730: | [RE]START processing: state #5 connection "northnet-eastnet-b" from 192.1.3.33:500 (in complete_v1_state_transition() at ikev1.c:2624) Sep 21 07:34:12.054730: | crypto helper 0 resuming Sep 21 07:34:12.054734: | suspending state #5 and saving MD Sep 21 07:34:12.054745: | crypto helper 0 starting work-order 8 for state #5 Sep 21 07:34:12.054731: | crypto helper 5 sending results from work-order 7 for state #4 to event queue Sep 21 07:34:12.054754: | crypto helper 0 doing build KE and nonce (quick_outI1 KE); request ID 8 Sep 21 07:34:12.054756: | scheduling resume sending helper answer for #4 Sep 21 07:34:12.054747: | #5 is busy; has a suspended MD Sep 21 07:34:12.054760: | libevent_malloc: new ptr-libevent@0x7f9278007fa0 size 128 Sep 21 07:34:12.054766: | #3 spent 0.343 milliseconds in process_packet_tail() Sep 21 07:34:12.054769: | crypto helper 5 waiting (nothing to do) Sep 21 07:34:12.054774: | stop processing: from 192.1.3.33:500 (BACKGROUND) (in process_md() at demux.c:380) Sep 21 07:34:12.054778: | stop processing: state #5 connection "northnet-eastnet-b" from 192.1.3.33:500 (in process_md() at demux.c:382) Sep 21 07:34:12.054781: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:34:12.054792: | spent 0.617 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:34:12.054798: | processing resume sending helper answer for #4 Sep 21 07:34:12.054803: | start processing: state #4 connection "northnet-eastnet-a" from 192.1.3.33:500 (in resume_handler() at server.c:797) Sep 21 07:34:12.054806: | crypto helper 5 replies to request ID 7 Sep 21 07:34:12.054809: | calling continuation function 0x55bbb65aa630 Sep 21 07:34:12.054812: | quick_inI1_outR1_cryptocontinue1 for #4: calculated ke+nonce, calculating DH Sep 21 07:34:12.054826: | started looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org of kind PKK_PSK Sep 21 07:34:12.054836: | actually looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org of kind PKK_PSK Sep 21 07:34:12.054845: | line 0: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org) to type PKK_RSA Sep 21 07:34:12.054853: | line 1: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org) to type PKK_RSA Sep 21 07:34:12.054856: | concluding with best_match=000 best=(nil) (lineno=-1) Sep 21 07:34:12.054859: | no PreShared Key Found Sep 21 07:34:12.054862: | adding quick outR1 DH work-order 9 for state #4 Sep 21 07:34:12.054864: | state #4 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:34:12.054867: | libevent_free: release ptr-libevent@0x7f9280006900 Sep 21 07:34:12.054870: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55bbb7a692b0 Sep 21 07:34:12.054873: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55bbb7a692b0 Sep 21 07:34:12.054876: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #4 Sep 21 07:34:12.054879: | libevent_malloc: new ptr-libevent@0x7f9280006900 size 128 Sep 21 07:34:12.054884: | suspending state #4 and saving MD Sep 21 07:34:12.054886: | crypto helper 1 resuming Sep 21 07:34:12.054891: | crypto helper 1 starting work-order 9 for state #4 Sep 21 07:34:12.054887: | #4 is busy; has a suspended MD Sep 21 07:34:12.054895: | crypto helper 1 doing compute dh (V1 Phase 2 PFS) (quick outR1 DH); request ID 9 Sep 21 07:34:12.054899: | resume sending helper answer for #4 suppresed complete_v1_state_transition() and stole MD Sep 21 07:34:12.054907: | #4 spent 0.0955 milliseconds in resume sending helper answer Sep 21 07:34:12.054911: | stop processing: state #4 connection "northnet-eastnet-a" from 192.1.3.33:500 (in resume_handler() at server.c:833) Sep 21 07:34:12.054914: | libevent_free: release ptr-libevent@0x7f9278007fa0 Sep 21 07:34:12.055293: | crypto helper 0 finished build KE and nonce (quick_outI1 KE); request ID 8 time elapsed 0.00054 seconds Sep 21 07:34:12.055299: | (#5) spent 0.542 milliseconds in crypto helper computing work-order 8: quick_outI1 KE (pcr) Sep 21 07:34:12.055301: | crypto helper 0 sending results from work-order 8 for state #5 to event queue Sep 21 07:34:12.055303: | scheduling resume sending helper answer for #5 Sep 21 07:34:12.055305: | libevent_malloc: new ptr-libevent@0x7f928c008ba0 size 128 Sep 21 07:34:12.055310: | crypto helper 0 waiting (nothing to do) Sep 21 07:34:12.055316: | processing resume sending helper answer for #5 Sep 21 07:34:12.055322: | start processing: state #5 connection "northnet-eastnet-b" from 192.1.3.33:500 (in resume_handler() at server.c:797) Sep 21 07:34:12.055325: | crypto helper 0 replies to request ID 8 Sep 21 07:34:12.055328: | calling continuation function 0x55bbb65aa630 Sep 21 07:34:12.055330: | quick_inI1_outR1_cryptocontinue1 for #5: calculated ke+nonce, calculating DH Sep 21 07:34:12.055356: | started looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org of kind PKK_PSK Sep 21 07:34:12.055365: | actually looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org of kind PKK_PSK Sep 21 07:34:12.055373: | line 0: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org) to type PKK_RSA Sep 21 07:34:12.055382: | line 1: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org) to type PKK_RSA Sep 21 07:34:12.055385: | concluding with best_match=000 best=(nil) (lineno=-1) Sep 21 07:34:12.055387: | no PreShared Key Found Sep 21 07:34:12.055390: | adding quick outR1 DH work-order 10 for state #5 Sep 21 07:34:12.055392: | state #5 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:34:12.055395: | libevent_free: release ptr-libevent@0x55bbb7a76910 Sep 21 07:34:12.055397: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f9280002b20 Sep 21 07:34:12.055400: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f9280002b20 Sep 21 07:34:12.055403: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #5 Sep 21 07:34:12.055406: | libevent_malloc: new ptr-libevent@0x55bbb7a76910 size 128 Sep 21 07:34:12.055411: | suspending state #5 and saving MD Sep 21 07:34:12.055413: | #5 is busy; has a suspended MD Sep 21 07:34:12.055431: | resume sending helper answer for #5 suppresed complete_v1_state_transition() and stole MD Sep 21 07:34:12.055435: | #5 spent 0.109 milliseconds in resume sending helper answer Sep 21 07:34:12.055437: | crypto helper 2 resuming Sep 21 07:34:12.055444: | crypto helper 1 finished compute dh (V1 Phase 2 PFS) (quick outR1 DH); request ID 9 time elapsed 0.000549 seconds Sep 21 07:34:12.055439: | stop processing: state #5 connection "northnet-eastnet-b" from 192.1.3.33:500 (in resume_handler() at server.c:833) Sep 21 07:34:12.055447: | crypto helper 2 starting work-order 10 for state #5 Sep 21 07:34:12.055448: | (#4) spent 0.552 milliseconds in crypto helper computing work-order 9: quick outR1 DH (pcr) Sep 21 07:34:12.055461: | crypto helper 1 sending results from work-order 9 for state #4 to event queue Sep 21 07:34:12.055464: | scheduling resume sending helper answer for #4 Sep 21 07:34:12.055466: | libevent_malloc: new ptr-libevent@0x7f9284009cd0 size 128 Sep 21 07:34:12.055458: | crypto helper 2 doing compute dh (V1 Phase 2 PFS) (quick outR1 DH); request ID 10 Sep 21 07:34:12.055453: | libevent_free: release ptr-libevent@0x7f928c008ba0 Sep 21 07:34:12.055469: | crypto helper 1 waiting (nothing to do) Sep 21 07:34:12.055481: | processing resume sending helper answer for #4 Sep 21 07:34:12.055486: | start processing: state #4 connection "northnet-eastnet-a" from 192.1.3.33:500 (in resume_handler() at server.c:797) Sep 21 07:34:12.055490: | crypto helper 1 replies to request ID 9 Sep 21 07:34:12.055492: | calling continuation function 0x55bbb65aa630 Sep 21 07:34:12.055495: | quick_inI1_outR1_cryptocontinue2 for #4: calculated DH, sending R1 Sep 21 07:34:12.055499: | **emit ISAKMP Message: Sep 21 07:34:12.055502: | initiator cookie: Sep 21 07:34:12.055506: | 83 26 94 dc 76 34 ec a4 Sep 21 07:34:12.055509: | responder cookie: Sep 21 07:34:12.055511: | 7f 9b 03 f4 eb 6f 2e 92 Sep 21 07:34:12.055513: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:12.055516: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:34:12.055519: | exchange type: ISAKMP_XCHG_QUICK (0x20) Sep 21 07:34:12.055521: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Sep 21 07:34:12.055524: | Message ID: 1717006575 (0x665770ef) Sep 21 07:34:12.055526: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:34:12.055529: | ***emit ISAKMP Hash Payload: Sep 21 07:34:12.055532: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:12.055535: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Sep 21 07:34:12.055538: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'reply packet' Sep 21 07:34:12.055541: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Sep 21 07:34:12.055543: | emitting length of ISAKMP Hash Payload: 36 Sep 21 07:34:12.055546: | ***emit ISAKMP Security Association Payload: Sep 21 07:34:12.055548: | next payload type: ISAKMP_NEXT_NONCE (0xa) Sep 21 07:34:12.055551: | DOI: ISAKMP_DOI_IPSEC (0x1) Sep 21 07:34:12.055553: | next payload chain: ignoring supplied 'ISAKMP Security Association Payload'.'next payload type' value 10:ISAKMP_NEXT_NONCE Sep 21 07:34:12.055557: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Security Association Payload (1:ISAKMP_NEXT_SA) Sep 21 07:34:12.055560: | next payload chain: saving location 'ISAKMP Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:34:12.055562: | ****parse IPsec DOI SIT: Sep 21 07:34:12.055565: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) Sep 21 07:34:12.055568: | ****parse ISAKMP Proposal Payload: Sep 21 07:34:12.055570: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:12.055573: | length: 72 (0x48) Sep 21 07:34:12.055575: | proposal number: 0 (0x0) Sep 21 07:34:12.055577: | protocol ID: PROTO_IPSEC_ESP (0x3) Sep 21 07:34:12.055580: | SPI size: 4 (0x4) Sep 21 07:34:12.055582: | number of transforms: 2 (0x2) Sep 21 07:34:12.055585: | parsing 4 raw bytes of ISAKMP Proposal Payload into SPI Sep 21 07:34:12.055587: | SPI aa 05 6c d4 Sep 21 07:34:12.055590: | *****parse ISAKMP Transform Payload (ESP): Sep 21 07:34:12.055592: | next payload type: ISAKMP_NEXT_T (0x3) Sep 21 07:34:12.055594: | length: 32 (0x20) Sep 21 07:34:12.055597: | ESP transform number: 0 (0x0) Sep 21 07:34:12.055599: | ESP transform ID: ESP_AES (0xc) Sep 21 07:34:12.055602: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:34:12.055604: | af+type: AF+GROUP_DESCRIPTION (0x8003) Sep 21 07:34:12.055607: | length/value: 14 (0xe) Sep 21 07:34:12.055609: | [14 is OAKLEY_GROUP_MODP2048] Sep 21 07:34:12.055612: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:34:12.055614: | af+type: AF+ENCAPSULATION_MODE (0x8004) Sep 21 07:34:12.055617: | length/value: 1 (0x1) Sep 21 07:34:12.055619: | [1 is ENCAPSULATION_MODE_TUNNEL] Sep 21 07:34:12.055622: | NAT-T non-encap: Installing IPsec SA without ENCAP, st->hidden_variables.st_nat_traversal is none Sep 21 07:34:12.055625: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:34:12.055627: | af+type: AF+SA_LIFE_TYPE (0x8001) Sep 21 07:34:12.055629: | length/value: 1 (0x1) Sep 21 07:34:12.055632: | [1 is SA_LIFE_TYPE_SECONDS] Sep 21 07:34:12.055634: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:34:12.055637: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) Sep 21 07:34:12.055639: | length/value: 28800 (0x7080) Sep 21 07:34:12.055642: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:34:12.055644: | af+type: AF+AUTH_ALGORITHM (0x8005) Sep 21 07:34:12.055647: | length/value: 2 (0x2) Sep 21 07:34:12.055649: | [2 is AUTH_ALGORITHM_HMAC_SHA1] Sep 21 07:34:12.055653: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:34:12.055655: | af+type: AF+KEY_LENGTH (0x8006) Sep 21 07:34:12.055658: | length/value: 128 (0x80) Sep 21 07:34:12.055660: | ESP IPsec Transform verified unconditionally; no alg_info to check against Sep 21 07:34:12.055663: | ****emit IPsec DOI SIT: Sep 21 07:34:12.055665: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) Sep 21 07:34:12.055668: | ****emit ISAKMP Proposal Payload: Sep 21 07:34:12.055670: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:12.055673: | proposal number: 0 (0x0) Sep 21 07:34:12.055675: | protocol ID: PROTO_IPSEC_ESP (0x3) Sep 21 07:34:12.055677: | SPI size: 4 (0x4) Sep 21 07:34:12.055680: | number of transforms: 1 (0x1) Sep 21 07:34:12.055683: | last substructure: saving location 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' Sep 21 07:34:12.055698: | netlink_get_spi: allocated 0x4602f09a for esp.0@192.1.2.23 Sep 21 07:34:12.055701: | emitting 4 raw bytes of SPI into ISAKMP Proposal Payload Sep 21 07:34:12.055703: | SPI 46 02 f0 9a Sep 21 07:34:12.055706: | *****emit ISAKMP Transform Payload (ESP): Sep 21 07:34:12.055708: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:12.055711: | ESP transform number: 0 (0x0) Sep 21 07:34:12.055713: | ESP transform ID: ESP_AES (0xc) Sep 21 07:34:12.055716: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' Sep 21 07:34:12.055719: | emitting 24 raw bytes of attributes into ISAKMP Transform Payload (ESP) Sep 21 07:34:12.055721: | attributes 80 03 00 0e 80 04 00 01 80 01 00 01 80 02 70 80 Sep 21 07:34:12.055724: | attributes 80 05 00 02 80 06 00 80 Sep 21 07:34:12.055726: | emitting length of ISAKMP Transform Payload (ESP): 32 Sep 21 07:34:12.055729: | emitting length of ISAKMP Proposal Payload: 44 Sep 21 07:34:12.055731: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' is 0 Sep 21 07:34:12.055734: | emitting length of ISAKMP Security Association Payload: 56 Sep 21 07:34:12.055737: | last substructure: checking 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' is 0 Sep 21 07:34:12.055741: "northnet-eastnet-a" #4: responding to Quick Mode proposal {msgid:665770ef} Sep 21 07:34:12.055752: "northnet-eastnet-a" #4: us: 192.0.22.0/24===192.1.2.23<192.1.2.23>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org] Sep 21 07:34:12.055762: "northnet-eastnet-a" #4: them: 192.1.3.33<192.1.3.33>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org]===192.0.3.0/24 Sep 21 07:34:12.055765: | ***emit ISAKMP Nonce Payload: Sep 21 07:34:12.055768: | next payload type: ISAKMP_NEXT_KE (0x4) Sep 21 07:34:12.055770: | next payload chain: ignoring supplied 'ISAKMP Nonce Payload'.'next payload type' value 4:ISAKMP_NEXT_KE Sep 21 07:34:12.055774: | next payload chain: setting previous 'ISAKMP Security Association Payload'.'next payload type' to current ISAKMP Nonce Payload (10:ISAKMP_NEXT_NONCE) Sep 21 07:34:12.055776: | next payload chain: saving location 'ISAKMP Nonce Payload'.'next payload type' in 'reply packet' Sep 21 07:34:12.055779: | emitting 32 raw bytes of Nr into ISAKMP Nonce Payload Sep 21 07:34:12.055782: | Nr f0 14 b1 c3 37 06 17 fc 91 cf 3d 6d 8b 7c 7c 40 Sep 21 07:34:12.055791: | Nr 27 96 33 30 f2 bd 09 f7 6a 36 91 60 8b eb 7a fe Sep 21 07:34:12.055793: | emitting length of ISAKMP Nonce Payload: 36 Sep 21 07:34:12.055796: | ***emit ISAKMP Key Exchange Payload: Sep 21 07:34:12.055798: | next payload type: ISAKMP_NEXT_ID (0x5) Sep 21 07:34:12.055801: | next payload chain: ignoring supplied 'ISAKMP Key Exchange Payload'.'next payload type' value 5:ISAKMP_NEXT_ID Sep 21 07:34:12.055804: | next payload chain: setting previous 'ISAKMP Nonce Payload'.'next payload type' to current ISAKMP Key Exchange Payload (4:ISAKMP_NEXT_KE) Sep 21 07:34:12.055808: | next payload chain: saving location 'ISAKMP Key Exchange Payload'.'next payload type' in 'reply packet' Sep 21 07:34:12.055811: | emitting 256 raw bytes of keyex value into ISAKMP Key Exchange Payload Sep 21 07:34:12.055814: | keyex value 57 d2 ab 0e 9e 17 b6 2b c2 fc 10 c0 d1 a6 ba 57 Sep 21 07:34:12.055817: | keyex value ad fd 9e d2 b2 25 3a fa 55 4d 40 8c 94 2a ba e4 Sep 21 07:34:12.055819: | keyex value db 77 dd 0b 43 e2 ec 25 74 0b f8 56 36 82 a6 fb Sep 21 07:34:12.055821: | keyex value a5 a6 ec d9 27 a0 53 34 9f 0d 04 b3 5a c2 ce b5 Sep 21 07:34:12.055824: | keyex value a2 a5 91 85 d9 ff 3a e2 0a a8 b6 24 3c 36 25 e8 Sep 21 07:34:12.055826: | keyex value 27 b8 17 9b 04 1a 85 f9 a2 66 9a 5b e0 a9 28 fa Sep 21 07:34:12.055828: | keyex value 1b 99 5d 6f 08 70 4b 1e 19 fb 86 13 dd a6 f8 7f Sep 21 07:34:12.055831: | keyex value 78 37 e5 69 31 18 f0 a2 3e 92 08 20 d0 28 bd e6 Sep 21 07:34:12.055833: | keyex value d6 b7 00 88 a0 be e5 16 44 bb 00 56 26 18 74 6f Sep 21 07:34:12.055835: | keyex value d8 90 35 69 c4 54 9a 3d ec 4e 5a 85 77 a3 b0 3e Sep 21 07:34:12.055838: | keyex value 45 6b d3 d5 9e e7 2a bb da 4d ae ba cf a1 57 6c Sep 21 07:34:12.055840: | keyex value 50 4a fe c0 b0 98 fb f4 89 bb ef f8 6a eb 2b 15 Sep 21 07:34:12.055843: | keyex value 86 61 a8 57 95 38 9b 05 e0 0b 02 b6 66 33 32 da Sep 21 07:34:12.055845: | keyex value bb 86 fa 53 d5 79 6e af 6c 79 63 86 94 f0 a0 2e Sep 21 07:34:12.055847: | keyex value fb e8 7f f7 ac aa 2b 79 8b b3 d4 fb 48 88 70 8c Sep 21 07:34:12.055850: | keyex value 60 e8 b8 d7 9c 57 30 2b f1 18 e5 c0 ed 8c 63 1d Sep 21 07:34:12.055852: | emitting length of ISAKMP Key Exchange Payload: 260 Sep 21 07:34:12.055855: | ***emit ISAKMP Identification Payload (IPsec DOI): Sep 21 07:34:12.055857: | next payload type: ISAKMP_NEXT_ID (0x5) Sep 21 07:34:12.055860: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Sep 21 07:34:12.055862: | Protocol ID: 0 (0x0) Sep 21 07:34:12.055864: | port: 0 (0x0) Sep 21 07:34:12.055867: | next payload chain: ignoring supplied 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' value 5:ISAKMP_NEXT_ID Sep 21 07:34:12.055870: | next payload chain: setting previous 'ISAKMP Key Exchange Payload'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) Sep 21 07:34:12.055873: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' Sep 21 07:34:12.055876: | emitting 8 raw bytes of ID body into ISAKMP Identification Payload (IPsec DOI) Sep 21 07:34:12.055878: | ID body c0 00 03 00 ff ff ff 00 Sep 21 07:34:12.055881: | emitting length of ISAKMP Identification Payload (IPsec DOI): 16 Sep 21 07:34:12.055884: | ***emit ISAKMP Identification Payload (IPsec DOI): Sep 21 07:34:12.055886: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:12.055889: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Sep 21 07:34:12.055891: | Protocol ID: 0 (0x0) Sep 21 07:34:12.055893: | port: 0 (0x0) Sep 21 07:34:12.055896: | next payload chain: setting previous 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) Sep 21 07:34:12.055899: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' Sep 21 07:34:12.055902: | emitting 8 raw bytes of ID body into ISAKMP Identification Payload (IPsec DOI) Sep 21 07:34:12.055904: | ID body c0 00 16 00 ff ff ff 00 Sep 21 07:34:12.055907: | emitting length of ISAKMP Identification Payload (IPsec DOI): 16 Sep 21 07:34:12.055928: | quick inR1 outI2 HASH(2): Sep 21 07:34:12.055931: | 79 11 62 0a e5 0c 23 f8 cb 5e 58 1e 66 4a b4 6a Sep 21 07:34:12.055934: | 8e 2a 26 28 de c8 f6 fa 66 c9 14 66 83 c6 1e 3e Sep 21 07:34:12.055936: | compute_proto_keymat: needed_len (after ESP enc)=16 Sep 21 07:34:12.055939: | compute_proto_keymat: needed_len (after ESP auth)=36 Sep 21 07:34:12.056000: | crypto helper 2 finished compute dh (V1 Phase 2 PFS) (quick outR1 DH); request ID 10 time elapsed 0.000541 seconds Sep 21 07:34:12.056006: | (#5) spent 0.54 milliseconds in crypto helper computing work-order 10: quick outR1 DH (pcr) Sep 21 07:34:12.056008: | crypto helper 2 sending results from work-order 10 for state #5 to event queue Sep 21 07:34:12.056010: | scheduling resume sending helper answer for #5 Sep 21 07:34:12.056012: | libevent_malloc: new ptr-libevent@0x7f9288009950 size 128 Sep 21 07:34:12.056016: | crypto helper 2 waiting (nothing to do) Sep 21 07:34:12.056053: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:34:12.056058: | conn northnet-eastnet-a mark 0/00000000, 0/00000000 vs Sep 21 07:34:12.056060: | conn northnet-eastnet-b mark 0/00000000, 0/00000000 Sep 21 07:34:12.056063: | conn northnet-eastnet-a mark 0/00000000, 0/00000000 vs Sep 21 07:34:12.056066: | conn northnet-eastnet-a mark 0/00000000, 0/00000000 Sep 21 07:34:12.056069: | route owner of "northnet-eastnet-a" erouted: self Sep 21 07:34:12.056071: | install_inbound_ipsec_sa() checking if we can route Sep 21 07:34:12.056074: | could_route called for northnet-eastnet-a (kind=CK_PERMANENT) Sep 21 07:34:12.056076: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:34:12.056079: | conn northnet-eastnet-a mark 0/00000000, 0/00000000 vs Sep 21 07:34:12.056082: | conn northnet-eastnet-b mark 0/00000000, 0/00000000 Sep 21 07:34:12.056084: | conn northnet-eastnet-a mark 0/00000000, 0/00000000 vs Sep 21 07:34:12.056087: | conn northnet-eastnet-a mark 0/00000000, 0/00000000 Sep 21 07:34:12.056090: | route owner of "northnet-eastnet-a" erouted: self; eroute owner: self Sep 21 07:34:12.056093: | routing is easy, or has resolvable near-conflict Sep 21 07:34:12.056095: | checking if this is a replacement state Sep 21 07:34:12.056098: | st=0x55bbb7a8c640 ost=0x55bbb7a78310 st->serialno=#4 ost->serialno=#2 Sep 21 07:34:12.056101: "northnet-eastnet-a" #4: keeping refhim=0 during rekey Sep 21 07:34:12.056103: | installing outgoing SA now as refhim=0 Sep 21 07:34:12.056106: | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 Sep 21 07:34:12.056110: | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 Sep 21 07:34:12.056112: | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 Sep 21 07:34:12.056116: | setting IPsec SA replay-window to 32 Sep 21 07:34:12.056119: | NIC esp-hw-offload not for connection 'northnet-eastnet-a' not available on interface eth1 Sep 21 07:34:12.056122: | netlink: enabling tunnel mode Sep 21 07:34:12.056125: | netlink: setting IPsec SA replay-window to 32 using old-style req Sep 21 07:34:12.056127: | netlink: esp-hw-offload not set for IPsec SA Sep 21 07:34:12.056210: | netlink response for Add SA esp.aa056cd4@192.1.3.33 included non-error error Sep 21 07:34:12.056213: | outgoing SA has refhim=0 Sep 21 07:34:12.056231: | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 Sep 21 07:34:12.056234: | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 Sep 21 07:34:12.056237: | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 Sep 21 07:34:12.056240: | setting IPsec SA replay-window to 32 Sep 21 07:34:12.056243: | NIC esp-hw-offload not for connection 'northnet-eastnet-a' not available on interface eth1 Sep 21 07:34:12.056246: | netlink: enabling tunnel mode Sep 21 07:34:12.056248: | netlink: setting IPsec SA replay-window to 32 using old-style req Sep 21 07:34:12.056251: | netlink: esp-hw-offload not set for IPsec SA Sep 21 07:34:12.056310: | netlink response for Add SA esp.4602f09a@192.1.2.23 included non-error error Sep 21 07:34:12.056391: | emitting 12 zero bytes of encryption padding into ISAKMP Message Sep 21 07:34:12.056395: | no IKEv1 message padding required Sep 21 07:34:12.056397: | emitting length of ISAKMP Message: 460 Sep 21 07:34:12.056406: | finished processing quick inI1 Sep 21 07:34:12.056409: | complete v1 state transition with STF_OK Sep 21 07:34:12.056414: | [RE]START processing: state #4 connection "northnet-eastnet-a" from 192.1.3.33:500 (in complete_v1_state_transition() at ikev1.c:2649) Sep 21 07:34:12.056419: | #4 is idle Sep 21 07:34:12.056422: | doing_xauth:no, t_xauth_client_done:no Sep 21 07:34:12.056425: | IKEv1: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1 Sep 21 07:34:12.056441: | child state #4: QUICK_R0(established CHILD SA) => QUICK_R1(established CHILD SA) Sep 21 07:34:12.056443: | event_already_set, deleting event Sep 21 07:34:12.056446: | state #4 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:34:12.056449: | libevent_free: release ptr-libevent@0x7f9280006900 Sep 21 07:34:12.056451: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55bbb7a692b0 Sep 21 07:34:12.056456: | sending reply packet to 192.1.3.33:500 (from 192.1.2.23:500) Sep 21 07:34:12.056462: | sending 460 bytes for STATE_QUICK_R0 through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #4) Sep 21 07:34:12.056465: | 83 26 94 dc 76 34 ec a4 7f 9b 03 f4 eb 6f 2e 92 Sep 21 07:34:12.056467: | 08 10 20 01 66 57 70 ef 00 00 01 cc e1 97 25 e6 Sep 21 07:34:12.056469: | 7f 13 14 d3 e9 72 41 6f fb 35 a0 99 b6 0b 26 30 Sep 21 07:34:12.056472: | ae 18 de fe 27 2a da b9 36 07 8b 6e 52 ee 50 c9 Sep 21 07:34:12.056474: | 94 bb a9 64 a0 f3 ca ad 68 42 92 62 41 9c 52 dc Sep 21 07:34:12.056476: | 18 cb 36 20 e5 eb 21 f2 42 cf cd 57 ac 82 e6 f5 Sep 21 07:34:12.056479: | a8 a0 c2 a9 6e 00 ee 2d 40 d5 8f c4 3a 17 44 0d Sep 21 07:34:12.056481: | 72 fd 0b 3d 30 10 d6 2b 65 91 fd fb 1a 07 ba ac Sep 21 07:34:12.056483: | b9 7c 83 1e 94 fa 5f 20 ac d9 65 d9 24 40 0b 59 Sep 21 07:34:12.056485: | 18 bb 15 6d 32 e0 42 8d c2 12 21 d5 da 2b 59 aa Sep 21 07:34:12.056488: | e9 c7 0f 2a 44 ce 59 5a d0 82 7a d8 76 b3 ae 3a Sep 21 07:34:12.056490: | a1 4d 28 09 a0 9a be 04 57 9d 86 87 31 b4 fb 03 Sep 21 07:34:12.056492: | 11 d0 c1 3f 3c 1e 4e d0 0e 28 30 bb 98 3f 94 c0 Sep 21 07:34:12.056495: | 71 ed 07 e4 4a 31 e0 97 6e 20 23 48 8f 0b ec 10 Sep 21 07:34:12.056497: | 69 0b 7d c2 30 d4 01 a4 a1 e7 b3 71 b2 3c c3 43 Sep 21 07:34:12.056499: | ce 98 80 0b 6e 2d 4c b4 ab 5a 0b 1f 35 a5 67 4e Sep 21 07:34:12.056501: | 83 a5 92 16 1e 01 0a a5 d7 5a a6 7e 3b 08 ee 76 Sep 21 07:34:12.056503: | c1 68 be a8 83 d2 e7 81 e6 cb c6 66 c7 9a 77 99 Sep 21 07:34:12.056506: | 93 49 c7 a6 b6 74 da a8 d8 c6 65 f6 52 b4 29 84 Sep 21 07:34:12.056508: | 69 d9 71 35 9a c6 72 c9 1d b7 56 03 fc 0a 16 7d Sep 21 07:34:12.056510: | 26 63 19 71 91 e9 1b 28 ab f5 4d 33 4a 62 87 2d Sep 21 07:34:12.056512: | a0 07 cd 9a 4b 14 3b ce c8 12 18 25 05 cb cd f8 Sep 21 07:34:12.056515: | 19 5c 78 2f 21 e5 40 35 a4 ab 07 0d b7 a3 e3 cb Sep 21 07:34:12.056517: | 07 44 03 e7 4f 95 32 01 b2 72 19 fc 62 d9 51 19 Sep 21 07:34:12.056519: | 5f 1d ee c7 bc 34 44 84 e0 4e 2a 28 0f 5d 9b eb Sep 21 07:34:12.056522: | 06 8e a1 db e1 b7 57 92 e5 ba ef 4c 33 d5 87 8d Sep 21 07:34:12.056524: | 82 95 2b 4e c4 e1 04 77 14 6a 55 fc 8b 14 dc 7d Sep 21 07:34:12.056526: | a6 38 78 90 87 3e 2e 3f 24 d9 ac 5a 9b 6a d5 1d Sep 21 07:34:12.056528: | a5 b0 8a 77 22 a5 ff 8d 04 15 e4 23 Sep 21 07:34:12.056552: | !event_already_set at reschedule Sep 21 07:34:12.056556: | event_schedule: new EVENT_RETRANSMIT-pe@0x55bbb7a692b0 Sep 21 07:34:12.056560: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #4 Sep 21 07:34:12.056563: | libevent_malloc: new ptr-libevent@0x7f9280006900 size 128 Sep 21 07:34:12.056567: | #4 STATE_QUICK_R1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 49898.42482 Sep 21 07:34:12.056570: | pstats #4 ikev1.ipsec established Sep 21 07:34:12.056574: | NAT-T: encaps is 'auto' Sep 21 07:34:12.056578: "northnet-eastnet-a" #4: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2 tunnel mode {ESP=>0xaa056cd4 <0x4602f09a xfrm=AES_CBC_128-HMAC_SHA1_96 NATOA=none NATD=none DPD=passive} Sep 21 07:34:12.056581: | modecfg pull: noquirk policy:push not-client Sep 21 07:34:12.056586: | phase 1 is done, looking for phase 2 to unpend Sep 21 07:34:12.056590: | resume sending helper answer for #4 suppresed complete_v1_state_transition() Sep 21 07:34:12.056595: | #4 spent 1.05 milliseconds in resume sending helper answer Sep 21 07:34:12.056599: | stop processing: state #4 connection "northnet-eastnet-a" from 192.1.3.33:500 (in resume_handler() at server.c:833) Sep 21 07:34:12.056603: | libevent_free: release ptr-libevent@0x7f9284009cd0 Sep 21 07:34:12.056609: | processing resume sending helper answer for #5 Sep 21 07:34:12.056613: | start processing: state #5 connection "northnet-eastnet-b" from 192.1.3.33:500 (in resume_handler() at server.c:797) Sep 21 07:34:12.056616: | crypto helper 2 replies to request ID 10 Sep 21 07:34:12.056619: | calling continuation function 0x55bbb65aa630 Sep 21 07:34:12.056621: | quick_inI1_outR1_cryptocontinue2 for #5: calculated DH, sending R1 Sep 21 07:34:12.056625: | **emit ISAKMP Message: Sep 21 07:34:12.056628: | initiator cookie: Sep 21 07:34:12.056630: | 83 26 94 dc 76 34 ec a4 Sep 21 07:34:12.056632: | responder cookie: Sep 21 07:34:12.056634: | 7f 9b 03 f4 eb 6f 2e 92 Sep 21 07:34:12.056637: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:12.056639: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:34:12.056642: | exchange type: ISAKMP_XCHG_QUICK (0x20) Sep 21 07:34:12.056644: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Sep 21 07:34:12.056647: | Message ID: 661328245 (0x276b1175) Sep 21 07:34:12.056650: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:34:12.056652: | ***emit ISAKMP Hash Payload: Sep 21 07:34:12.056655: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:12.056658: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Sep 21 07:34:12.056660: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'reply packet' Sep 21 07:34:12.056663: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Sep 21 07:34:12.056666: | emitting length of ISAKMP Hash Payload: 36 Sep 21 07:34:12.056668: | ***emit ISAKMP Security Association Payload: Sep 21 07:34:12.056670: | next payload type: ISAKMP_NEXT_NONCE (0xa) Sep 21 07:34:12.056673: | DOI: ISAKMP_DOI_IPSEC (0x1) Sep 21 07:34:12.056676: | next payload chain: ignoring supplied 'ISAKMP Security Association Payload'.'next payload type' value 10:ISAKMP_NEXT_NONCE Sep 21 07:34:12.056679: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Security Association Payload (1:ISAKMP_NEXT_SA) Sep 21 07:34:12.056681: | next payload chain: saving location 'ISAKMP Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:34:12.056684: | ****parse IPsec DOI SIT: Sep 21 07:34:12.056686: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) Sep 21 07:34:12.056689: | ****parse ISAKMP Proposal Payload: Sep 21 07:34:12.056691: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:12.056694: | length: 72 (0x48) Sep 21 07:34:12.056696: | proposal number: 0 (0x0) Sep 21 07:34:12.056699: | protocol ID: PROTO_IPSEC_ESP (0x3) Sep 21 07:34:12.056701: | SPI size: 4 (0x4) Sep 21 07:34:12.056703: | number of transforms: 2 (0x2) Sep 21 07:34:12.056706: | parsing 4 raw bytes of ISAKMP Proposal Payload into SPI Sep 21 07:34:12.056708: | SPI 0a ac 59 4a Sep 21 07:34:12.056711: | *****parse ISAKMP Transform Payload (ESP): Sep 21 07:34:12.056713: | next payload type: ISAKMP_NEXT_T (0x3) Sep 21 07:34:12.056716: | length: 32 (0x20) Sep 21 07:34:12.056718: | ESP transform number: 0 (0x0) Sep 21 07:34:12.056720: | ESP transform ID: ESP_AES (0xc) Sep 21 07:34:12.056723: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:34:12.056726: | af+type: AF+GROUP_DESCRIPTION (0x8003) Sep 21 07:34:12.056728: | length/value: 14 (0xe) Sep 21 07:34:12.056731: | [14 is OAKLEY_GROUP_MODP2048] Sep 21 07:34:12.056733: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:34:12.056737: | af+type: AF+ENCAPSULATION_MODE (0x8004) Sep 21 07:34:12.056740: | length/value: 1 (0x1) Sep 21 07:34:12.056742: | [1 is ENCAPSULATION_MODE_TUNNEL] Sep 21 07:34:12.056745: | NAT-T non-encap: Installing IPsec SA without ENCAP, st->hidden_variables.st_nat_traversal is none Sep 21 07:34:12.056747: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:34:12.056750: | af+type: AF+SA_LIFE_TYPE (0x8001) Sep 21 07:34:12.056752: | length/value: 1 (0x1) Sep 21 07:34:12.056755: | [1 is SA_LIFE_TYPE_SECONDS] Sep 21 07:34:12.056757: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:34:12.056759: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) Sep 21 07:34:12.056762: | length/value: 28800 (0x7080) Sep 21 07:34:12.056764: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:34:12.056767: | af+type: AF+AUTH_ALGORITHM (0x8005) Sep 21 07:34:12.056769: | length/value: 2 (0x2) Sep 21 07:34:12.056771: | [2 is AUTH_ALGORITHM_HMAC_SHA1] Sep 21 07:34:12.056774: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:34:12.056776: | af+type: AF+KEY_LENGTH (0x8006) Sep 21 07:34:12.056779: | length/value: 128 (0x80) Sep 21 07:34:12.056781: | ESP IPsec Transform verified unconditionally; no alg_info to check against Sep 21 07:34:12.056801: | ****emit IPsec DOI SIT: Sep 21 07:34:12.056806: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) Sep 21 07:34:12.056809: | ****emit ISAKMP Proposal Payload: Sep 21 07:34:12.056811: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:12.056814: | proposal number: 0 (0x0) Sep 21 07:34:12.056816: | protocol ID: PROTO_IPSEC_ESP (0x3) Sep 21 07:34:12.056819: | SPI size: 4 (0x4) Sep 21 07:34:12.056821: | number of transforms: 1 (0x1) Sep 21 07:34:12.056824: | last substructure: saving location 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' Sep 21 07:34:12.056835: | netlink_get_spi: allocated 0x237dce79 for esp.0@192.1.2.23 Sep 21 07:34:12.056850: | emitting 4 raw bytes of SPI into ISAKMP Proposal Payload Sep 21 07:34:12.056853: | SPI 23 7d ce 79 Sep 21 07:34:12.056855: | *****emit ISAKMP Transform Payload (ESP): Sep 21 07:34:12.056858: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:12.056860: | ESP transform number: 0 (0x0) Sep 21 07:34:12.056862: | ESP transform ID: ESP_AES (0xc) Sep 21 07:34:12.056865: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' Sep 21 07:34:12.056868: | emitting 24 raw bytes of attributes into ISAKMP Transform Payload (ESP) Sep 21 07:34:12.056870: | attributes 80 03 00 0e 80 04 00 01 80 01 00 01 80 02 70 80 Sep 21 07:34:12.056873: | attributes 80 05 00 02 80 06 00 80 Sep 21 07:34:12.056875: | emitting length of ISAKMP Transform Payload (ESP): 32 Sep 21 07:34:12.056877: | emitting length of ISAKMP Proposal Payload: 44 Sep 21 07:34:12.056880: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' is 0 Sep 21 07:34:12.056883: | emitting length of ISAKMP Security Association Payload: 56 Sep 21 07:34:12.056885: | last substructure: checking 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' is 0 Sep 21 07:34:12.056889: "northnet-eastnet-b" #5: responding to Quick Mode proposal {msgid:276b1175} Sep 21 07:34:12.056901: "northnet-eastnet-b" #5: us: 192.0.2.0/24===192.1.2.23<192.1.2.23>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org] Sep 21 07:34:12.056910: "northnet-eastnet-b" #5: them: 192.1.3.33<192.1.3.33>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org]===192.0.3.0/24 Sep 21 07:34:12.056913: | ***emit ISAKMP Nonce Payload: Sep 21 07:34:12.056915: | next payload type: ISAKMP_NEXT_KE (0x4) Sep 21 07:34:12.056918: | next payload chain: ignoring supplied 'ISAKMP Nonce Payload'.'next payload type' value 4:ISAKMP_NEXT_KE Sep 21 07:34:12.056923: | next payload chain: setting previous 'ISAKMP Security Association Payload'.'next payload type' to current ISAKMP Nonce Payload (10:ISAKMP_NEXT_NONCE) Sep 21 07:34:12.056926: | next payload chain: saving location 'ISAKMP Nonce Payload'.'next payload type' in 'reply packet' Sep 21 07:34:12.056928: | emitting 32 raw bytes of Nr into ISAKMP Nonce Payload Sep 21 07:34:12.056931: | Nr 2e 89 34 9c f9 d7 56 16 38 d5 84 10 3e c0 fd 19 Sep 21 07:34:12.056933: | Nr c1 92 c4 cf 8c 0f 83 10 e5 1f 0b 76 89 d8 f7 12 Sep 21 07:34:12.056936: | emitting length of ISAKMP Nonce Payload: 36 Sep 21 07:34:12.056938: | ***emit ISAKMP Key Exchange Payload: Sep 21 07:34:12.056940: | next payload type: ISAKMP_NEXT_ID (0x5) Sep 21 07:34:12.056943: | next payload chain: ignoring supplied 'ISAKMP Key Exchange Payload'.'next payload type' value 5:ISAKMP_NEXT_ID Sep 21 07:34:12.056946: | next payload chain: setting previous 'ISAKMP Nonce Payload'.'next payload type' to current ISAKMP Key Exchange Payload (4:ISAKMP_NEXT_KE) Sep 21 07:34:12.056949: | next payload chain: saving location 'ISAKMP Key Exchange Payload'.'next payload type' in 'reply packet' Sep 21 07:34:12.056952: | emitting 256 raw bytes of keyex value into ISAKMP Key Exchange Payload Sep 21 07:34:12.056954: | keyex value ea 66 99 cd 4e ca 8b 6c 81 4e 38 cb b3 85 b7 e3 Sep 21 07:34:12.056957: | keyex value 67 22 86 bc 05 66 97 81 f8 b6 c0 06 f9 d6 06 43 Sep 21 07:34:12.056959: | keyex value 31 91 47 cc ac 9e c1 86 d4 80 df 30 5d cc ee b3 Sep 21 07:34:12.056961: | keyex value b4 9e 43 69 6d bb 65 7b ab 27 ce 31 27 57 b7 31 Sep 21 07:34:12.056963: | keyex value 40 a5 f1 53 1c 41 a0 21 c0 83 d1 45 40 0b 50 6e Sep 21 07:34:12.056966: | keyex value f8 bf f2 4a 62 8b 62 16 b9 b3 a5 19 79 5a 05 95 Sep 21 07:34:12.056968: | keyex value fd ee c8 8a 1f 02 07 8d 76 50 be 7d f7 a7 ad ff Sep 21 07:34:12.056970: | keyex value 41 e4 da 7c 43 7e bd 02 66 66 1d a0 e5 c5 e4 21 Sep 21 07:34:12.056973: | keyex value a9 ca 74 31 72 22 4e 5f 49 d0 ac ac c2 82 d8 54 Sep 21 07:34:12.056975: | keyex value 58 1b 5b 35 0a 9a 66 32 a3 db da 45 6f 24 55 44 Sep 21 07:34:12.056977: | keyex value 73 04 6c 71 eb c4 2b 47 cc 87 f9 92 a7 89 61 b3 Sep 21 07:34:12.056979: | keyex value 42 df 60 75 b0 20 83 9b cf 57 8d 24 9c 9c 80 3f Sep 21 07:34:12.056982: | keyex value 38 39 e8 e9 78 0c 5b fe 84 ef e9 87 79 09 62 fc Sep 21 07:34:12.056984: | keyex value 2b a8 c1 54 6f 19 46 03 c6 e2 85 2c 47 db b4 07 Sep 21 07:34:12.056986: | keyex value dc 06 ca f4 24 cc 48 58 d7 0d df 72 8f 45 5b 0a Sep 21 07:34:12.056989: | keyex value b0 b1 d0 24 ac 8a 9c ec 4f 4e ce 28 ee ff 2c 11 Sep 21 07:34:12.056991: | emitting length of ISAKMP Key Exchange Payload: 260 Sep 21 07:34:12.056994: | ***emit ISAKMP Identification Payload (IPsec DOI): Sep 21 07:34:12.056996: | next payload type: ISAKMP_NEXT_ID (0x5) Sep 21 07:34:12.056999: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Sep 21 07:34:12.057001: | Protocol ID: 0 (0x0) Sep 21 07:34:12.057003: | port: 0 (0x0) Sep 21 07:34:12.057006: | next payload chain: ignoring supplied 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' value 5:ISAKMP_NEXT_ID Sep 21 07:34:12.057009: | next payload chain: setting previous 'ISAKMP Key Exchange Payload'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) Sep 21 07:34:12.057012: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' Sep 21 07:34:12.057015: | emitting 8 raw bytes of ID body into ISAKMP Identification Payload (IPsec DOI) Sep 21 07:34:12.057017: | ID body c0 00 03 00 ff ff ff 00 Sep 21 07:34:12.057020: | emitting length of ISAKMP Identification Payload (IPsec DOI): 16 Sep 21 07:34:12.057022: | ***emit ISAKMP Identification Payload (IPsec DOI): Sep 21 07:34:12.057025: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:12.057027: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Sep 21 07:34:12.057029: | Protocol ID: 0 (0x0) Sep 21 07:34:12.057033: | port: 0 (0x0) Sep 21 07:34:12.057036: | next payload chain: setting previous 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) Sep 21 07:34:12.057038: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' Sep 21 07:34:12.057041: | emitting 8 raw bytes of ID body into ISAKMP Identification Payload (IPsec DOI) Sep 21 07:34:12.057043: | ID body c0 00 02 00 ff ff ff 00 Sep 21 07:34:12.057046: | emitting length of ISAKMP Identification Payload (IPsec DOI): 16 Sep 21 07:34:12.057066: | quick inR1 outI2 HASH(2): Sep 21 07:34:12.057069: | 46 4c a3 34 a4 29 d7 63 7c a9 7c 63 52 41 98 0d Sep 21 07:34:12.057072: | e1 e5 02 41 2f 4e 9f 29 ea 38 18 ab 98 d5 13 f3 Sep 21 07:34:12.057074: | compute_proto_keymat: needed_len (after ESP enc)=16 Sep 21 07:34:12.057076: | compute_proto_keymat: needed_len (after ESP auth)=36 Sep 21 07:34:12.057163: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:34:12.057168: | conn northnet-eastnet-b mark 0/00000000, 0/00000000 vs Sep 21 07:34:12.057170: | conn northnet-eastnet-b mark 0/00000000, 0/00000000 Sep 21 07:34:12.057173: | conn northnet-eastnet-b mark 0/00000000, 0/00000000 vs Sep 21 07:34:12.057176: | conn northnet-eastnet-a mark 0/00000000, 0/00000000 Sep 21 07:34:12.057179: | route owner of "northnet-eastnet-b" unrouted: "northnet-eastnet-a" erouted Sep 21 07:34:12.057182: | install_inbound_ipsec_sa() checking if we can route Sep 21 07:34:12.057185: | could_route called for northnet-eastnet-b (kind=CK_PERMANENT) Sep 21 07:34:12.057187: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:34:12.057190: | conn northnet-eastnet-b mark 0/00000000, 0/00000000 vs Sep 21 07:34:12.057192: | conn northnet-eastnet-b mark 0/00000000, 0/00000000 Sep 21 07:34:12.057195: | conn northnet-eastnet-b mark 0/00000000, 0/00000000 vs Sep 21 07:34:12.057197: | conn northnet-eastnet-a mark 0/00000000, 0/00000000 Sep 21 07:34:12.057201: | route owner of "northnet-eastnet-b" unrouted: "northnet-eastnet-a" erouted; eroute owner: NULL Sep 21 07:34:12.057204: | routing is easy, or has resolvable near-conflict Sep 21 07:34:12.057206: | checking if this is a replacement state Sep 21 07:34:12.057209: | st=0x55bbb7a908a0 ost=(nil) st->serialno=#5 ost->serialno=#0 Sep 21 07:34:12.057211: | installing outgoing SA now as refhim=0 Sep 21 07:34:12.057214: | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 Sep 21 07:34:12.057217: | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 Sep 21 07:34:12.057220: | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 Sep 21 07:34:12.057223: | setting IPsec SA replay-window to 32 Sep 21 07:34:12.057226: | NIC esp-hw-offload not for connection 'northnet-eastnet-b' not available on interface eth1 Sep 21 07:34:12.057228: | netlink: enabling tunnel mode Sep 21 07:34:12.057231: | netlink: setting IPsec SA replay-window to 32 using old-style req Sep 21 07:34:12.057233: | netlink: esp-hw-offload not set for IPsec SA Sep 21 07:34:12.057279: | netlink response for Add SA esp.aac594a@192.1.3.33 included non-error error Sep 21 07:34:12.057283: | outgoing SA has refhim=0 Sep 21 07:34:12.057286: | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 Sep 21 07:34:12.057288: | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 Sep 21 07:34:12.057291: | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 Sep 21 07:34:12.057294: | setting IPsec SA replay-window to 32 Sep 21 07:34:12.057297: | NIC esp-hw-offload not for connection 'northnet-eastnet-b' not available on interface eth1 Sep 21 07:34:12.057299: | netlink: enabling tunnel mode Sep 21 07:34:12.057302: | netlink: setting IPsec SA replay-window to 32 using old-style req Sep 21 07:34:12.057304: | netlink: esp-hw-offload not set for IPsec SA Sep 21 07:34:12.057362: | netlink response for Add SA esp.237dce79@192.1.2.23 included non-error error Sep 21 07:34:12.057368: | priority calculation of connection "northnet-eastnet-b" is 0xfe7e7 Sep 21 07:34:12.057375: | add inbound eroute 192.0.3.0/24:0 --0-> 192.0.2.0/24:0 => tun.10000@192.1.2.23 (raw_eroute) Sep 21 07:34:12.057378: | IPsec Sa SPD priority set to 1042407 Sep 21 07:34:12.057461: | raw_eroute result=success Sep 21 07:34:12.057533: | emitting 12 zero bytes of encryption padding into ISAKMP Message Sep 21 07:34:12.057550: | no IKEv1 message padding required Sep 21 07:34:12.057552: | emitting length of ISAKMP Message: 460 Sep 21 07:34:12.057560: | finished processing quick inI1 Sep 21 07:34:12.057563: | complete v1 state transition with STF_OK Sep 21 07:34:12.057568: | [RE]START processing: state #5 connection "northnet-eastnet-b" from 192.1.3.33:500 (in complete_v1_state_transition() at ikev1.c:2649) Sep 21 07:34:12.057571: | #5 is idle Sep 21 07:34:12.057573: | doing_xauth:no, t_xauth_client_done:no Sep 21 07:34:12.057576: | IKEv1: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1 Sep 21 07:34:12.057579: | child state #5: QUICK_R0(established CHILD SA) => QUICK_R1(established CHILD SA) Sep 21 07:34:12.057582: | event_already_set, deleting event Sep 21 07:34:12.057584: | state #5 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:34:12.057587: | libevent_free: release ptr-libevent@0x55bbb7a76910 Sep 21 07:34:12.057590: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f9280002b20 Sep 21 07:34:12.057595: | sending reply packet to 192.1.3.33:500 (from 192.1.2.23:500) Sep 21 07:34:12.057601: | sending 460 bytes for STATE_QUICK_R0 through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #5) Sep 21 07:34:12.057604: | 83 26 94 dc 76 34 ec a4 7f 9b 03 f4 eb 6f 2e 92 Sep 21 07:34:12.057606: | 08 10 20 01 27 6b 11 75 00 00 01 cc 85 70 6f 85 Sep 21 07:34:12.057609: | 4f ff f1 01 3f ec b7 0f 35 14 b6 6f 67 e9 f1 f3 Sep 21 07:34:12.057611: | 22 78 ab 3c 62 0b e7 cc cb 49 93 9d 5b 5f 4c 73 Sep 21 07:34:12.057613: | 92 b6 df 79 ab 00 be 13 09 71 76 31 79 d3 b7 cb Sep 21 07:34:12.057616: | 72 16 3d ee 29 7e cd c8 d5 b3 47 d2 6a c7 94 5d Sep 21 07:34:12.057618: | 77 65 8b 05 81 66 a9 31 c9 23 de cd 69 d1 08 c9 Sep 21 07:34:12.057621: | 13 0f c5 2e a8 34 ff ca d5 9e 94 7e 25 78 64 c3 Sep 21 07:34:12.057623: | b8 03 bc 05 49 3f 1a fb ac 25 25 35 0e dd 04 b3 Sep 21 07:34:12.057625: | a9 19 bb c2 5a da 01 e5 9f 4f ec 22 2d 0b 1f 39 Sep 21 07:34:12.057628: | 7c 6a 40 cf 83 4a 6c 04 b0 09 1b 29 46 82 16 83 Sep 21 07:34:12.057630: | 7b 9c 1e 0f 9e fe d1 0a 22 84 2f 8b bf 1f 52 ad Sep 21 07:34:12.057633: | 8d e2 40 ae b7 81 86 26 e4 83 2f ed 6b d2 75 25 Sep 21 07:34:12.057635: | e3 52 a9 c4 3d c1 d9 37 59 65 fd 45 0b 87 c1 21 Sep 21 07:34:12.057637: | dc f2 4a b6 f2 8a 9f 01 fa 1d c7 a5 06 37 af 1b Sep 21 07:34:12.057640: | 57 de ee 86 ff db e7 1e 48 0b e4 07 ef 97 71 33 Sep 21 07:34:12.057642: | da 25 22 34 eb 9d 31 fa a3 fe 43 54 2b 1d 5e 17 Sep 21 07:34:12.057644: | 61 e7 75 ad 90 3f 37 d8 a2 55 28 33 f0 82 e3 7b Sep 21 07:34:12.057647: | 0f 82 c2 b6 25 7b e8 9f ae fb aa a8 41 7c ab 18 Sep 21 07:34:12.057649: | 0b 8d 76 41 83 9b b9 cd 1b 94 33 e8 20 c9 46 30 Sep 21 07:34:12.057651: | 36 e0 c8 53 ef b6 87 9e 84 21 fd 2f e7 7f 8a 49 Sep 21 07:34:12.057654: | 1c b5 b2 3c fa 23 f2 83 d9 ee 4e 67 35 fe a8 bc Sep 21 07:34:12.057656: | ea 9f f7 c5 e4 b1 e0 47 f2 ef ab 64 ea 78 76 ef Sep 21 07:34:12.057658: | 66 2e dc 77 c0 e4 cf 33 61 a8 6d 0e 0d bd 74 b5 Sep 21 07:34:12.057661: | 83 74 35 5d 33 24 6d d5 be 0c 1f 79 16 ee 61 aa Sep 21 07:34:12.057663: | 3f 35 b2 60 e3 ed ad 07 e1 69 2f 9c 44 6a 17 2e Sep 21 07:34:12.057665: | d6 40 a2 87 8a 9b f3 84 13 90 39 39 8d 0a 06 6a Sep 21 07:34:12.057668: | d4 53 9b 92 4e 5f f9 5c ab f7 d4 57 48 99 3f b0 Sep 21 07:34:12.057670: | 14 3c d2 66 55 5e 64 1c 60 f8 ee 13 Sep 21 07:34:12.057688: | !event_already_set at reschedule Sep 21 07:34:12.057692: | event_schedule: new EVENT_RETRANSMIT-pe@0x7f9280002b20 Sep 21 07:34:12.057696: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #5 Sep 21 07:34:12.057701: | libevent_malloc: new ptr-libevent@0x55bbb7a76910 size 128 Sep 21 07:34:12.057706: | #5 STATE_QUICK_R1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 49898.425956 Sep 21 07:34:12.057709: | pstats #5 ikev1.ipsec established Sep 21 07:34:12.057712: | NAT-T: encaps is 'auto' Sep 21 07:34:12.057716: "northnet-eastnet-b" #5: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2 tunnel mode {ESP=>0x0aac594a <0x237dce79 xfrm=AES_CBC_128-HMAC_SHA1_96 NATOA=none NATD=none DPD=passive} Sep 21 07:34:12.057719: | modecfg pull: noquirk policy:push not-client Sep 21 07:34:12.057721: | phase 1 is done, looking for phase 2 to unpend Sep 21 07:34:12.057724: | resume sending helper answer for #5 suppresed complete_v1_state_transition() Sep 21 07:34:12.057729: | #5 spent 1.08 milliseconds in resume sending helper answer Sep 21 07:34:12.057734: | stop processing: state #5 connection "northnet-eastnet-b" from 192.1.3.33:500 (in resume_handler() at server.c:833) Sep 21 07:34:12.057737: | libevent_free: release ptr-libevent@0x7f9288009950 Sep 21 07:34:12.067026: | spent 0.00274 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:34:12.067046: | *received 76 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) Sep 21 07:34:12.067049: | 83 26 94 dc 76 34 ec a4 7f 9b 03 f4 eb 6f 2e 92 Sep 21 07:34:12.067052: | 08 10 20 01 66 57 70 ef 00 00 00 4c b0 a7 2e 7a Sep 21 07:34:12.067054: | 2e ea 12 3d c9 e6 29 df 93 b9 f3 97 f3 f8 c3 2d Sep 21 07:34:12.067056: | bb 4c 69 72 8b 4c 7a 82 3e b7 f7 15 a4 30 ab 11 Sep 21 07:34:12.067059: | a0 e2 8b 09 fd 59 ec d3 74 0f e1 51 Sep 21 07:34:12.067063: | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) Sep 21 07:34:12.067067: | **parse ISAKMP Message: Sep 21 07:34:12.067069: | initiator cookie: Sep 21 07:34:12.067072: | 83 26 94 dc 76 34 ec a4 Sep 21 07:34:12.067074: | responder cookie: Sep 21 07:34:12.067076: | 7f 9b 03 f4 eb 6f 2e 92 Sep 21 07:34:12.067079: | next payload type: ISAKMP_NEXT_HASH (0x8) Sep 21 07:34:12.067082: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:34:12.067084: | exchange type: ISAKMP_XCHG_QUICK (0x20) Sep 21 07:34:12.067087: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Sep 21 07:34:12.067089: | Message ID: 1717006575 (0x665770ef) Sep 21 07:34:12.067092: | length: 76 (0x4c) Sep 21 07:34:12.067095: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32) Sep 21 07:34:12.067098: | State DB: found IKEv1 state #4 in QUICK_R1 (find_state_ikev1) Sep 21 07:34:12.067103: | start processing: state #4 connection "northnet-eastnet-a" from 192.1.3.33:500 (in process_v1_packet() at ikev1.c:1609) Sep 21 07:34:12.067106: | #4 is idle Sep 21 07:34:12.067108: | #4 idle Sep 21 07:34:12.067112: | received encrypted packet from 192.1.3.33:500 Sep 21 07:34:12.067127: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x100 opt: 0x0 Sep 21 07:34:12.067130: | ***parse ISAKMP Hash Payload: Sep 21 07:34:12.067133: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:12.067135: | length: 36 (0x24) Sep 21 07:34:12.067137: | removing 12 bytes of padding Sep 21 07:34:12.067156: | quick_inI2 HASH(3): Sep 21 07:34:12.067159: | ad 15 46 99 ae 14 91 1a 8c 19 e4 64 2d 07 c3 1f Sep 21 07:34:12.067162: | d3 64 73 b4 9e cd 87 fa d5 f9 d7 a6 49 dd ea e1 Sep 21 07:34:12.067164: | received 'quick_inI2' message HASH(3) data ok Sep 21 07:34:12.067169: | install_ipsec_sa() for #4: outbound only Sep 21 07:34:12.067172: | could_route called for northnet-eastnet-a (kind=CK_PERMANENT) Sep 21 07:34:12.067175: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:34:12.067178: | conn northnet-eastnet-a mark 0/00000000, 0/00000000 vs Sep 21 07:34:12.067181: | conn northnet-eastnet-b mark 0/00000000, 0/00000000 Sep 21 07:34:12.067183: | conn northnet-eastnet-a mark 0/00000000, 0/00000000 vs Sep 21 07:34:12.067186: | conn northnet-eastnet-a mark 0/00000000, 0/00000000 Sep 21 07:34:12.067192: | route owner of "northnet-eastnet-a" erouted: self; eroute owner: self Sep 21 07:34:12.067195: | sr for #4: erouted Sep 21 07:34:12.067198: | route_and_eroute() for proto 0, and source port 0 dest port 0 Sep 21 07:34:12.067200: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:34:12.067203: | conn northnet-eastnet-a mark 0/00000000, 0/00000000 vs Sep 21 07:34:12.067205: | conn northnet-eastnet-b mark 0/00000000, 0/00000000 Sep 21 07:34:12.067208: | conn northnet-eastnet-a mark 0/00000000, 0/00000000 vs Sep 21 07:34:12.067211: | conn northnet-eastnet-a mark 0/00000000, 0/00000000 Sep 21 07:34:12.067214: | route owner of "northnet-eastnet-a" erouted: self; eroute owner: self Sep 21 07:34:12.067217: | route_and_eroute with c: northnet-eastnet-a (next: none) ero:northnet-eastnet-a esr:{(nil)} ro:northnet-eastnet-a rosr:{(nil)} and state: #4 Sep 21 07:34:12.067221: | priority calculation of connection "northnet-eastnet-a" is 0xfe7e7 Sep 21 07:34:12.067229: | eroute_connection replace eroute 192.0.22.0/24:0 --0-> 192.0.3.0/24:0 => tun.0@192.1.3.33>tun.0@192.1.3.33 (raw_eroute) Sep 21 07:34:12.067233: | IPsec Sa SPD priority set to 1042407 Sep 21 07:34:12.067273: | raw_eroute result=success Sep 21 07:34:12.067277: | route_and_eroute: firewall_notified: true Sep 21 07:34:12.067280: | route_and_eroute: instance "northnet-eastnet-a", setting eroute_owner {spd=0x55bbb7a65560,sr=0x55bbb7a65560} to #4 (was #2) (newest_ipsec_sa=#2) Sep 21 07:34:12.067285: | #3 spent 0.115 milliseconds in install_ipsec_sa() Sep 21 07:34:12.067289: | inI2: instance northnet-eastnet-a[0], setting IKEv1 newest_ipsec_sa to #4 (was #2) (spd.eroute=#4) cloned from #3 Sep 21 07:34:12.067291: | DPD: dpd_init() called on IPsec SA Sep 21 07:34:12.067294: | DPD: Peer does not support Dead Peer Detection Sep 21 07:34:12.067296: | complete v1 state transition with STF_OK Sep 21 07:34:12.067301: | [RE]START processing: state #4 connection "northnet-eastnet-a" from 192.1.3.33:500 (in complete_v1_state_transition() at ikev1.c:2649) Sep 21 07:34:12.067303: | #4 is idle Sep 21 07:34:12.067306: | doing_xauth:no, t_xauth_client_done:no Sep 21 07:34:12.067308: | IKEv1: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2 Sep 21 07:34:12.067312: | child state #4: QUICK_R1(established CHILD SA) => QUICK_R2(established CHILD SA) Sep 21 07:34:12.067314: | event_already_set, deleting event Sep 21 07:34:12.067317: | state #4 requesting EVENT_RETRANSMIT to be deleted Sep 21 07:34:12.067320: | #4 STATE_QUICK_R2: retransmits: cleared Sep 21 07:34:12.067323: | libevent_free: release ptr-libevent@0x7f9280006900 Sep 21 07:34:12.067326: | free_event_entry: release EVENT_RETRANSMIT-pe@0x55bbb7a692b0 Sep 21 07:34:12.067328: | !event_already_set at reschedule Sep 21 07:34:12.067331: | event_schedule: new EVENT_SA_REPLACE-pe@0x55bbb7a692b0 Sep 21 07:34:12.067335: | inserting event EVENT_SA_REPLACE, timeout in 28530 seconds for #4 Sep 21 07:34:12.067338: | libevent_malloc: new ptr-libevent@0x7f9280006900 size 128 Sep 21 07:34:12.067341: | pstats #4 ikev1.ipsec established Sep 21 07:34:12.067344: | NAT-T: encaps is 'auto' Sep 21 07:34:12.067348: "northnet-eastnet-a" #4: STATE_QUICK_R2: IPsec SA established tunnel mode {ESP=>0xaa056cd4 <0x4602f09a xfrm=AES_CBC_128-HMAC_SHA1_96 NATOA=none NATD=none DPD=passive} Sep 21 07:34:12.067351: | modecfg pull: noquirk policy:push not-client Sep 21 07:34:12.067353: | phase 1 is done, looking for phase 2 to unpend Sep 21 07:34:12.067357: | #4 spent 0.189 milliseconds in process_packet_tail() Sep 21 07:34:12.067362: | stop processing: from 192.1.3.33:500 (BACKGROUND) (in process_md() at demux.c:380) Sep 21 07:34:12.067366: | stop processing: state #4 connection "northnet-eastnet-a" from 192.1.3.33:500 (in process_md() at demux.c:382) Sep 21 07:34:12.067369: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:34:12.067373: | spent 0.336 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:34:12.093936: | spent 0.00294 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:34:12.093955: | *received 76 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) Sep 21 07:34:12.093958: | 83 26 94 dc 76 34 ec a4 7f 9b 03 f4 eb 6f 2e 92 Sep 21 07:34:12.093960: | 08 10 20 01 27 6b 11 75 00 00 00 4c f3 93 c8 2b Sep 21 07:34:12.093962: | 34 e1 e7 73 ef a6 aa 09 51 20 e8 c9 a5 70 e3 01 Sep 21 07:34:12.093963: | df 72 67 9b 00 4d 34 77 5c 14 f1 5e 52 70 f1 9e Sep 21 07:34:12.093965: | e6 b3 72 b6 22 53 19 95 63 ab 25 89 Sep 21 07:34:12.093968: | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) Sep 21 07:34:12.093971: | **parse ISAKMP Message: Sep 21 07:34:12.093973: | initiator cookie: Sep 21 07:34:12.093974: | 83 26 94 dc 76 34 ec a4 Sep 21 07:34:12.093976: | responder cookie: Sep 21 07:34:12.093977: | 7f 9b 03 f4 eb 6f 2e 92 Sep 21 07:34:12.093979: | next payload type: ISAKMP_NEXT_HASH (0x8) Sep 21 07:34:12.093981: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:34:12.093983: | exchange type: ISAKMP_XCHG_QUICK (0x20) Sep 21 07:34:12.093985: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Sep 21 07:34:12.093986: | Message ID: 661328245 (0x276b1175) Sep 21 07:34:12.093988: | length: 76 (0x4c) Sep 21 07:34:12.093990: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32) Sep 21 07:34:12.093993: | State DB: found IKEv1 state #5 in QUICK_R1 (find_state_ikev1) Sep 21 07:34:12.093997: | start processing: state #5 connection "northnet-eastnet-b" from 192.1.3.33:500 (in process_v1_packet() at ikev1.c:1609) Sep 21 07:34:12.093999: | #5 is idle Sep 21 07:34:12.094000: | #5 idle Sep 21 07:34:12.094003: | received encrypted packet from 192.1.3.33:500 Sep 21 07:34:12.094029: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x100 opt: 0x0 Sep 21 07:34:12.094031: | ***parse ISAKMP Hash Payload: Sep 21 07:34:12.094033: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:12.094034: | length: 36 (0x24) Sep 21 07:34:12.094036: | removing 12 bytes of padding Sep 21 07:34:12.094055: | quick_inI2 HASH(3): Sep 21 07:34:12.094057: | 53 e3 2c 61 5e 2f 23 43 a6 b6 4c ab b2 c4 6d e0 Sep 21 07:34:12.094058: | ee 74 02 7f f4 64 a3 4d 2e a0 43 38 cc 36 19 52 Sep 21 07:34:12.094060: | received 'quick_inI2' message HASH(3) data ok Sep 21 07:34:12.094064: | install_ipsec_sa() for #5: outbound only Sep 21 07:34:12.094066: | could_route called for northnet-eastnet-b (kind=CK_PERMANENT) Sep 21 07:34:12.094067: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:34:12.094070: | conn northnet-eastnet-b mark 0/00000000, 0/00000000 vs Sep 21 07:34:12.094071: | conn northnet-eastnet-b mark 0/00000000, 0/00000000 Sep 21 07:34:12.094073: | conn northnet-eastnet-b mark 0/00000000, 0/00000000 vs Sep 21 07:34:12.094075: | conn northnet-eastnet-a mark 0/00000000, 0/00000000 Sep 21 07:34:12.094078: | route owner of "northnet-eastnet-b" unrouted: "northnet-eastnet-a" erouted; eroute owner: NULL Sep 21 07:34:12.094079: | sr for #5: unrouted Sep 21 07:34:12.094081: | route_and_eroute() for proto 0, and source port 0 dest port 0 Sep 21 07:34:12.094083: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:34:12.094084: | conn northnet-eastnet-b mark 0/00000000, 0/00000000 vs Sep 21 07:34:12.094086: | conn northnet-eastnet-b mark 0/00000000, 0/00000000 Sep 21 07:34:12.094088: | conn northnet-eastnet-b mark 0/00000000, 0/00000000 vs Sep 21 07:34:12.094089: | conn northnet-eastnet-a mark 0/00000000, 0/00000000 Sep 21 07:34:12.094091: | route owner of "northnet-eastnet-b" unrouted: "northnet-eastnet-a" erouted; eroute owner: NULL Sep 21 07:34:12.094094: | route_and_eroute with c: northnet-eastnet-b (next: none) ero:null esr:{(nil)} ro:northnet-eastnet-a rosr:{0x55bbb7a65560} and state: #5 Sep 21 07:34:12.094096: | priority calculation of connection "northnet-eastnet-b" is 0xfe7e7 Sep 21 07:34:12.094102: | eroute_connection add eroute 192.0.2.0/24:0 --0-> 192.0.3.0/24:0 => tun.0@192.1.3.33 (raw_eroute) Sep 21 07:34:12.094104: | IPsec Sa SPD priority set to 1042407 Sep 21 07:34:12.094156: | raw_eroute result=success Sep 21 07:34:12.094160: | running updown command "ipsec _updown" for verb up Sep 21 07:34:12.094162: | command executing up-client Sep 21 07:34:12.094184: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:34:12.094189: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:34:12.094201: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet-b' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASI Sep 21 07:34:12.094204: | popen cmd is 1399 chars long Sep 21 07:34:12.094205: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet-b': Sep 21 07:34:12.094207: | cmd( 80): PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PLUTO: Sep 21 07:34:12.094209: | cmd( 160):_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.te: Sep 21 07:34:12.094211: | cmd( 240):sting.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.2: Sep 21 07:34:12.094212: | cmd( 320):.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUT: Sep 21 07:34:12.094214: | cmd( 400):O_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' P: Sep 21 07:34:12.094215: | cmd( 480):LUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, : Sep 21 07:34:12.094217: | cmd( 560):OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libresw: Sep 21 07:34:12.094219: | cmd( 640):an.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO: Sep 21 07:34:12.094220: | cmd( 720):_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PL: Sep 21 07:34:12.094222: | cmd( 800):UTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Li: Sep 21 07:34:12.094223: | cmd( 880):breswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_: Sep 21 07:34:12.094225: | cmd( 960):ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK: Sep 21 07:34:12.094227: | cmd(1040):+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ip: Sep 21 07:34:12.094228: | cmd(1120):v4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOM: Sep 21 07:34:12.094230: | cmd(1200):AIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO: Sep 21 07:34:12.094231: | cmd(1280):_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xaac594: Sep 21 07:34:12.094233: | cmd(1360):a SPI_OUT=0x237dce79 ipsec _updown 2>&1: Sep 21 07:34:12.101530: | route_and_eroute: firewall_notified: true Sep 21 07:34:12.101542: | route_and_eroute: instance "northnet-eastnet-b", setting eroute_owner {spd=0x55bbb7a708c0,sr=0x55bbb7a708c0} to #5 (was #0) (newest_ipsec_sa=#0) Sep 21 07:34:12.101547: | #3 spent 0.283 milliseconds in install_ipsec_sa() Sep 21 07:34:12.101551: | inI2: instance northnet-eastnet-b[0], setting IKEv1 newest_ipsec_sa to #5 (was #0) (spd.eroute=#5) cloned from #3 Sep 21 07:34:12.101555: | DPD: dpd_init() called on IPsec SA Sep 21 07:34:12.101556: | DPD: Peer does not support Dead Peer Detection Sep 21 07:34:12.101558: | complete v1 state transition with STF_OK Sep 21 07:34:12.101563: | [RE]START processing: state #5 connection "northnet-eastnet-b" from 192.1.3.33:500 (in complete_v1_state_transition() at ikev1.c:2649) Sep 21 07:34:12.101564: | #5 is idle Sep 21 07:34:12.101566: | doing_xauth:no, t_xauth_client_done:no Sep 21 07:34:12.101568: | IKEv1: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2 Sep 21 07:34:12.101570: | child state #5: QUICK_R1(established CHILD SA) => QUICK_R2(established CHILD SA) Sep 21 07:34:12.101572: | event_already_set, deleting event Sep 21 07:34:12.101574: | state #5 requesting EVENT_RETRANSMIT to be deleted Sep 21 07:34:12.101576: | #5 STATE_QUICK_R2: retransmits: cleared Sep 21 07:34:12.101580: | libevent_free: release ptr-libevent@0x55bbb7a76910 Sep 21 07:34:12.101582: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f9280002b20 Sep 21 07:34:12.101584: | !event_already_set at reschedule Sep 21 07:34:12.101586: | event_schedule: new EVENT_SA_REPLACE-pe@0x7f9280002b20 Sep 21 07:34:12.101588: | inserting event EVENT_SA_REPLACE, timeout in 28530 seconds for #5 Sep 21 07:34:12.101590: | libevent_malloc: new ptr-libevent@0x55bbb7a76910 size 128 Sep 21 07:34:12.101593: | pstats #5 ikev1.ipsec established Sep 21 07:34:12.101595: | NAT-T: encaps is 'auto' Sep 21 07:34:12.101599: "northnet-eastnet-b" #5: STATE_QUICK_R2: IPsec SA established tunnel mode {ESP=>0x0aac594a <0x237dce79 xfrm=AES_CBC_128-HMAC_SHA1_96 NATOA=none NATD=none DPD=passive} Sep 21 07:34:12.101600: | modecfg pull: noquirk policy:push not-client Sep 21 07:34:12.101602: | phase 1 is done, looking for phase 2 to unpend Sep 21 07:34:12.101605: | #5 spent 0.343 milliseconds in process_packet_tail() Sep 21 07:34:12.101608: | stop processing: from 192.1.3.33:500 (BACKGROUND) (in process_md() at demux.c:380) Sep 21 07:34:12.101612: | stop processing: state #5 connection "northnet-eastnet-b" from 192.1.3.33:500 (in process_md() at demux.c:382) Sep 21 07:34:12.101613: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:34:12.101616: | spent 0.469 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:34:12.101624: | processing signal PLUTO_SIGCHLD Sep 21 07:34:12.101628: | waitpid returned ECHILD (no child processes left) Sep 21 07:34:12.101630: | spent 0.00359 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:34:22.145537: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:34:22.145742: | FOR_EACH_CONNECTION_... in show_connections_status Sep 21 07:34:22.145748: | FOR_EACH_CONNECTION_... in show_connections_status Sep 21 07:34:22.145925: | FOR_EACH_STATE_... in show_states_status (sort_states) Sep 21 07:34:22.145932: | FOR_EACH_STATE_... in sort_states Sep 21 07:34:22.145942: | get_sa_info esp.961469d3@192.1.2.23 Sep 21 07:34:22.145966: | get_sa_info esp.577ef0d0@192.1.3.33 Sep 21 07:34:22.145985: | get_sa_info esp.4602f09a@192.1.2.23 Sep 21 07:34:22.145994: | get_sa_info esp.aa056cd4@192.1.3.33 Sep 21 07:34:22.146017: | get_sa_info esp.237dce79@192.1.2.23 Sep 21 07:34:22.146026: | get_sa_info esp.aac594a@192.1.3.33 Sep 21 07:34:22.146048: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:34:22.146055: | spent 0.523 milliseconds in whack Sep 21 07:34:23.150000: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:34:23.150024: shutting down Sep 21 07:34:23.150031: | processing: RESET whack log_fd (was fd@16) (in exit_pluto() at plutomain.c:1825) Sep 21 07:34:23.150034: | pluto_sd: executing action action: stopping(6), status 0 Sep 21 07:34:23.150038: destroying root certificate cache Sep 21 07:34:23.150055: | certs and keys locked by 'free_preshared_secrets' Sep 21 07:34:23.150057: forgetting secrets Sep 21 07:34:23.150065: | certs and keys unlocked by 'free_preshared_secrets' Sep 21 07:34:23.150073: | unreference key: 0x55bbb7a705f0 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org cnt 1-- Sep 21 07:34:23.150076: | unreference key: 0x55bbb7a70010 user-east@testing.libreswan.org cnt 1-- Sep 21 07:34:23.150079: | unreference key: 0x55bbb7a6fc50 @east.testing.libreswan.org cnt 1-- Sep 21 07:34:23.150081: | unreference key: 0x55bbb7a6b360 east@testing.libreswan.org cnt 1-- Sep 21 07:34:23.150085: | unreference key: 0x55bbb7a6ad00 192.1.2.23 cnt 1-- Sep 21 07:34:23.150090: | unreference key: 0x55bbb7a6a680 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org cnt 1-- Sep 21 07:34:23.150093: | unreference key: 0x55bbb7a6a2f0 user-north@testing.libreswan.org cnt 1-- Sep 21 07:34:23.150096: | unreference key: 0x55bbb7a65a70 @north.testing.libreswan.org cnt 1-- Sep 21 07:34:23.150099: | start processing: connection "northnet-eastnet-b" (in delete_connection() at connections.c:189) Sep 21 07:34:23.150102: | Deleting states for connection - including all other IPsec SA's of this IKE SA Sep 21 07:34:23.150103: | pass 0 Sep 21 07:34:23.150105: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:34:23.150107: | state #5 Sep 21 07:34:23.150109: | suspend processing: connection "northnet-eastnet-b" (in foreach_state_by_connection_func_delete() at state.c:1310) Sep 21 07:34:23.150112: | start processing: state #5 connection "northnet-eastnet-b" from 192.1.3.33:500 (in foreach_state_by_connection_func_delete() at state.c:1310) Sep 21 07:34:23.150115: | pstats #5 ikev1.ipsec deleted completed Sep 21 07:34:23.150117: | [RE]START processing: state #5 connection "northnet-eastnet-b" from 192.1.3.33:500 (in delete_state() at state.c:879) Sep 21 07:34:23.150121: "northnet-eastnet-b" #5: deleting state (STATE_QUICK_R2) aged 11.095s and sending notification Sep 21 07:34:23.150123: | child state #5: QUICK_R2(established CHILD SA) => delete Sep 21 07:34:23.150126: | get_sa_info esp.aac594a@192.1.3.33 Sep 21 07:34:23.150140: | get_sa_info esp.237dce79@192.1.2.23 Sep 21 07:34:23.150145: "northnet-eastnet-b" #5: ESP traffic information: in=0B out=0B Sep 21 07:34:23.150148: | #5 send IKEv1 delete notification for STATE_QUICK_R2 Sep 21 07:34:23.150150: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:34:23.150157: | **emit ISAKMP Message: Sep 21 07:34:23.150159: | initiator cookie: Sep 21 07:34:23.150161: | 83 26 94 dc 76 34 ec a4 Sep 21 07:34:23.150163: | responder cookie: Sep 21 07:34:23.150164: | 7f 9b 03 f4 eb 6f 2e 92 Sep 21 07:34:23.150166: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:23.150168: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:34:23.150170: | exchange type: ISAKMP_XCHG_INFO (0x5) Sep 21 07:34:23.150172: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Sep 21 07:34:23.150173: | Message ID: 1149341041 (0x44818d71) Sep 21 07:34:23.150175: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:34:23.150178: | ***emit ISAKMP Hash Payload: Sep 21 07:34:23.150179: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:23.150182: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Sep 21 07:34:23.150183: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'delete msg' Sep 21 07:34:23.150186: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Sep 21 07:34:23.150188: | emitting length of ISAKMP Hash Payload: 36 Sep 21 07:34:23.150189: | ***emit ISAKMP Delete Payload: Sep 21 07:34:23.150191: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:23.150193: | DOI: ISAKMP_DOI_IPSEC (0x1) Sep 21 07:34:23.150194: | protocol ID: 3 (0x3) Sep 21 07:34:23.150196: | SPI size: 4 (0x4) Sep 21 07:34:23.150197: | number of SPIs: 1 (0x1) Sep 21 07:34:23.150199: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Delete Payload (12:ISAKMP_NEXT_D) Sep 21 07:34:23.150202: | next payload chain: saving location 'ISAKMP Delete Payload'.'next payload type' in 'delete msg' Sep 21 07:34:23.150204: | emitting 4 raw bytes of delete payload into ISAKMP Delete Payload Sep 21 07:34:23.150206: | delete payload 23 7d ce 79 Sep 21 07:34:23.150208: | emitting length of ISAKMP Delete Payload: 16 Sep 21 07:34:23.150232: | send delete HASH(1): Sep 21 07:34:23.150235: | 0d 09 fb 7c e1 8c 9b 0b 29 bb bd 96 b3 1d 92 b4 Sep 21 07:34:23.150236: | 88 2d a2 f0 22 5b fa 87 5f 68 b4 cc 75 16 90 49 Sep 21 07:34:23.150243: | emitting 12 zero bytes of encryption padding into ISAKMP Message Sep 21 07:34:23.150245: | no IKEv1 message padding required Sep 21 07:34:23.150246: | emitting length of ISAKMP Message: 92 Sep 21 07:34:23.150258: | sending 92 bytes for delete notify through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #3) Sep 21 07:34:23.150261: | 83 26 94 dc 76 34 ec a4 7f 9b 03 f4 eb 6f 2e 92 Sep 21 07:34:23.150262: | 08 10 05 01 44 81 8d 71 00 00 00 5c a0 74 8f 56 Sep 21 07:34:23.150264: | e8 9a ea 17 21 be 24 59 74 1e ca ae 1f 20 88 52 Sep 21 07:34:23.150265: | 6b 6d 77 02 81 cf 00 36 69 6f ef 13 41 83 f4 88 Sep 21 07:34:23.150267: | 44 44 22 9e 13 6f 7a 05 f6 fe 6f 57 37 bd 11 40 Sep 21 07:34:23.150268: | 4d b9 29 1e b3 ab 61 fe 18 40 8c b8 Sep 21 07:34:23.150313: | state #5 requesting EVENT_SA_REPLACE to be deleted Sep 21 07:34:23.150319: | libevent_free: release ptr-libevent@0x55bbb7a76910 Sep 21 07:34:23.150322: | free_event_entry: release EVENT_SA_REPLACE-pe@0x7f9280002b20 Sep 21 07:34:23.150404: | running updown command "ipsec _updown" for verb down Sep 21 07:34:23.150412: | command executing down-client Sep 21 07:34:23.150453: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet-b' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569051252' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_ Sep 21 07:34:23.150456: | popen cmd is 1292 chars long Sep 21 07:34:23.150459: | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet-: Sep 21 07:34:23.150462: | cmd( 80):b' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PLU: Sep 21 07:34:23.150465: | cmd( 160):TO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.: Sep 21 07:34:23.150467: | cmd( 240):testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='192.0: Sep 21 07:34:23.150470: | cmd( 320):.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PL: Sep 21 07:34:23.150472: | cmd( 400):UTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP': Sep 21 07:34:23.150475: | cmd( 480): PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan: Sep 21 07:34:23.150478: | cmd( 560):, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libre: Sep 21 07:34:23.150480: | cmd( 640):swan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLU: Sep 21 07:34:23.150483: | cmd( 720):TO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' : Sep 21 07:34:23.150488: | cmd( 800):PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569051252' PLUTO_CONN_POLI: Sep 21 07:34:23.150490: | cmd( 880):CY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLU: Sep 21 07:34:23.150493: | cmd( 960):TO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS: Sep 21 07:34:23.150496: | cmd(1040):_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANN: Sep 21 07:34:23.150498: | cmd(1120):ER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFAC: Sep 21 07:34:23.150501: | cmd(1200):E='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xaac594a SPI_OUT=0x237dce79 ipsec : Sep 21 07:34:23.150503: | cmd(1280):_updown 2>&1: Sep 21 07:34:23.161881: | shunt_eroute() called for connection 'northnet-eastnet-b' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 192.0.2.0/24:0 --0->- 192.0.3.0/24:0 Sep 21 07:34:23.161896: | netlink_shunt_eroute for proto 0, and source 192.0.2.0/24:0 dest 192.0.3.0/24:0 Sep 21 07:34:23.161901: | priority calculation of connection "northnet-eastnet-b" is 0xfe7e7 Sep 21 07:34:23.161905: | IPsec Sa SPD priority set to 1042407 Sep 21 07:34:23.161954: | delete esp.aac594a@192.1.3.33 Sep 21 07:34:23.161985: | netlink response for Del SA esp.aac594a@192.1.3.33 included non-error error Sep 21 07:34:23.161989: | priority calculation of connection "northnet-eastnet-b" is 0xfe7e7 Sep 21 07:34:23.161996: | delete inbound eroute 192.0.3.0/24:0 --0-> 192.0.2.0/24:0 => unk255.10000@192.1.2.23 (raw_eroute) Sep 21 07:34:23.162037: | raw_eroute result=success Sep 21 07:34:23.162041: | delete esp.237dce79@192.1.2.23 Sep 21 07:34:23.162065: | netlink response for Del SA esp.237dce79@192.1.2.23 included non-error error Sep 21 07:34:23.162072: | stop processing: connection "northnet-eastnet-b" (BACKGROUND) (in update_state_connection() at connections.c:4037) Sep 21 07:34:23.162075: | start processing: connection NULL (in update_state_connection() at connections.c:4038) Sep 21 07:34:23.162078: | in connection_discard for connection northnet-eastnet-b Sep 21 07:34:23.162081: | State DB: deleting IKEv1 state #5 in QUICK_R2 Sep 21 07:34:23.162085: | child state #5: QUICK_R2(established CHILD SA) => UNDEFINED(ignore) Sep 21 07:34:23.162106: | stop processing: state #5 from 192.1.3.33:500 (in delete_state() at state.c:1143) Sep 21 07:34:23.162115: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) Sep 21 07:34:23.162118: | state #4 Sep 21 07:34:23.162123: | start processing: state #4 connection "northnet-eastnet-a" from 192.1.3.33:500 (in foreach_state_by_connection_func_delete() at state.c:1310) Sep 21 07:34:23.162126: | pstats #4 ikev1.ipsec deleted completed Sep 21 07:34:23.162130: | [RE]START processing: state #4 connection "northnet-eastnet-a" from 192.1.3.33:500 (in delete_state() at state.c:879) Sep 21 07:34:23.162135: "northnet-eastnet-a" #4: deleting state (STATE_QUICK_R2) aged 11.108s and sending notification Sep 21 07:34:23.162138: | child state #4: QUICK_R2(established CHILD SA) => delete Sep 21 07:34:23.162142: | get_sa_info esp.aa056cd4@192.1.3.33 Sep 21 07:34:23.162150: | get_sa_info esp.4602f09a@192.1.2.23 Sep 21 07:34:23.162157: "northnet-eastnet-a" #4: ESP traffic information: in=0B out=0B Sep 21 07:34:23.162161: | #4 send IKEv1 delete notification for STATE_QUICK_R2 Sep 21 07:34:23.162163: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:34:23.162178: | **emit ISAKMP Message: Sep 21 07:34:23.162181: | initiator cookie: Sep 21 07:34:23.162184: | 83 26 94 dc 76 34 ec a4 Sep 21 07:34:23.162186: | responder cookie: Sep 21 07:34:23.162188: | 7f 9b 03 f4 eb 6f 2e 92 Sep 21 07:34:23.162192: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:23.162194: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:34:23.162197: | exchange type: ISAKMP_XCHG_INFO (0x5) Sep 21 07:34:23.162200: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Sep 21 07:34:23.162203: | Message ID: 3028403344 (0xb481c490) Sep 21 07:34:23.162208: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:34:23.162211: | ***emit ISAKMP Hash Payload: Sep 21 07:34:23.162214: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:23.162218: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Sep 21 07:34:23.162221: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'delete msg' Sep 21 07:34:23.162224: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Sep 21 07:34:23.162226: | emitting length of ISAKMP Hash Payload: 36 Sep 21 07:34:23.162229: | ***emit ISAKMP Delete Payload: Sep 21 07:34:23.162231: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:23.162234: | DOI: ISAKMP_DOI_IPSEC (0x1) Sep 21 07:34:23.162236: | protocol ID: 3 (0x3) Sep 21 07:34:23.162239: | SPI size: 4 (0x4) Sep 21 07:34:23.162241: | number of SPIs: 1 (0x1) Sep 21 07:34:23.162244: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Delete Payload (12:ISAKMP_NEXT_D) Sep 21 07:34:23.162247: | next payload chain: saving location 'ISAKMP Delete Payload'.'next payload type' in 'delete msg' Sep 21 07:34:23.162250: | emitting 4 raw bytes of delete payload into ISAKMP Delete Payload Sep 21 07:34:23.162253: | delete payload 46 02 f0 9a Sep 21 07:34:23.162255: | emitting length of ISAKMP Delete Payload: 16 Sep 21 07:34:23.162281: | send delete HASH(1): Sep 21 07:34:23.162284: | 34 2d d9 e2 6e 9e df a6 fd df 86 95 46 ca a0 a5 Sep 21 07:34:23.162286: | 17 f2 af 2c 4a af d7 a3 36 99 04 44 b2 41 2b 3f Sep 21 07:34:23.162296: | emitting 12 zero bytes of encryption padding into ISAKMP Message Sep 21 07:34:23.162299: | no IKEv1 message padding required Sep 21 07:34:23.162301: | emitting length of ISAKMP Message: 92 Sep 21 07:34:23.162315: | sending 92 bytes for delete notify through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #3) Sep 21 07:34:23.162318: | 83 26 94 dc 76 34 ec a4 7f 9b 03 f4 eb 6f 2e 92 Sep 21 07:34:23.162320: | 08 10 05 01 b4 81 c4 90 00 00 00 5c 17 aa d6 d8 Sep 21 07:34:23.162322: | a8 a8 31 0a cb 8f b8 e1 70 ff 63 90 f4 b1 76 da Sep 21 07:34:23.162325: | 59 80 3b 8b 46 6b ba e4 f5 d8 5d d1 aa e6 e9 d3 Sep 21 07:34:23.162327: | 23 3d c1 e3 9c 09 63 ad be a0 cf 2d 8b b0 28 8e Sep 21 07:34:23.162329: | 99 2d 5d e8 6f 5a 09 cd 7c 1b 2c 9f Sep 21 07:34:23.162377: | state #4 requesting EVENT_SA_REPLACE to be deleted Sep 21 07:34:23.162382: | libevent_free: release ptr-libevent@0x7f9280006900 Sep 21 07:34:23.162385: | free_event_entry: release EVENT_SA_REPLACE-pe@0x55bbb7a692b0 Sep 21 07:34:23.162452: | running updown command "ipsec _updown" for verb down Sep 21 07:34:23.162457: | command executing down-client Sep 21 07:34:23.162497: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet-a' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.22.0/24' PLUTO_MY_CLIENT_NET='192.0.22.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569051252' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUT Sep 21 07:34:23.162501: | popen cmd is 1295 chars long Sep 21 07:34:23.162504: | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet-: Sep 21 07:34:23.162509: | cmd( 80):a' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PLU: Sep 21 07:34:23.162512: | cmd( 160):TO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.: Sep 21 07:34:23.162514: | cmd( 240):testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='192.0: Sep 21 07:34:23.162517: | cmd( 320):.22.0/24' PLUTO_MY_CLIENT_NET='192.0.22.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' : Sep 21 07:34:23.162519: | cmd( 400):PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ES: Sep 21 07:34:23.162522: | cmd( 480):P' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libresw: Sep 21 07:34:23.162524: | cmd( 560):an, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.lib: Sep 21 07:34:23.162527: | cmd( 640):reswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' P: Sep 21 07:34:23.162529: | cmd( 720):LUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0: Sep 21 07:34:23.162532: | cmd( 800):' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569051252' PLUTO_CONN_PO: Sep 21 07:34:23.162535: | cmd( 880):LICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' P: Sep 21 07:34:23.162537: | cmd( 960):LUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_: Sep 21 07:34:23.162540: | cmd(1040):IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BA: Sep 21 07:34:23.162542: | cmd(1120):NNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IF: Sep 21 07:34:23.162545: | cmd(1200):ACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0xaa056cd4 SPI_OUT=0x4602f09a ips: Sep 21 07:34:23.162547: | cmd(1280):ec _updown 2>&1: Sep 21 07:34:23.171593: | shunt_eroute() called for connection 'northnet-eastnet-a' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 192.0.22.0/24:0 --0->- 192.0.3.0/24:0 Sep 21 07:34:23.171606: | netlink_shunt_eroute for proto 0, and source 192.0.22.0/24:0 dest 192.0.3.0/24:0 Sep 21 07:34:23.171609: | priority calculation of connection "northnet-eastnet-a" is 0xfe7e7 Sep 21 07:34:23.171612: | IPsec Sa SPD priority set to 1042407 Sep 21 07:34:23.171654: | delete esp.aa056cd4@192.1.3.33 Sep 21 07:34:23.171686: | netlink response for Del SA esp.aa056cd4@192.1.3.33 included non-error error Sep 21 07:34:23.171691: | priority calculation of connection "northnet-eastnet-a" is 0xfe7e7 Sep 21 07:34:23.171699: | delete inbound eroute 192.0.3.0/24:0 --0-> 192.0.22.0/24:0 => unk255.10000@192.1.2.23 (raw_eroute) Sep 21 07:34:23.171744: | raw_eroute result=success Sep 21 07:34:23.171750: | delete esp.4602f09a@192.1.2.23 Sep 21 07:34:23.171772: | netlink response for Del SA esp.4602f09a@192.1.2.23 included non-error error Sep 21 07:34:23.171778: | in connection_discard for connection northnet-eastnet-a Sep 21 07:34:23.171782: | State DB: deleting IKEv1 state #4 in QUICK_R2 Sep 21 07:34:23.171794: | child state #4: QUICK_R2(established CHILD SA) => UNDEFINED(ignore) Sep 21 07:34:23.171817: | stop processing: state #4 from 192.1.3.33:500 (in delete_state() at state.c:1143) Sep 21 07:34:23.171829: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) Sep 21 07:34:23.171833: | state #3 Sep 21 07:34:23.171836: | state #2 Sep 21 07:34:23.171839: | state #1 Sep 21 07:34:23.171842: | pass 1 Sep 21 07:34:23.171844: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:34:23.171846: | state #3 Sep 21 07:34:23.171850: | start processing: state #3 connection "northnet-eastnet-b" from 192.1.3.33:500 (in foreach_state_by_connection_func_delete() at state.c:1310) Sep 21 07:34:23.171853: | pstats #3 ikev1.isakmp deleted completed Sep 21 07:34:23.171855: | [RE]START processing: state #3 connection "northnet-eastnet-b" from 192.1.3.33:500 (in delete_state() at state.c:879) Sep 21 07:34:23.171858: "northnet-eastnet-b" #3: deleting state (STATE_MAIN_R3) aged 11.143s and sending notification Sep 21 07:34:23.171863: | parent state #3: MAIN_R3(established IKE SA) => delete Sep 21 07:34:23.171934: | #3 send IKEv1 delete notification for STATE_MAIN_R3 Sep 21 07:34:23.171950: | **emit ISAKMP Message: Sep 21 07:34:23.171955: | initiator cookie: Sep 21 07:34:23.171957: | 83 26 94 dc 76 34 ec a4 Sep 21 07:34:23.171959: | responder cookie: Sep 21 07:34:23.171962: | 7f 9b 03 f4 eb 6f 2e 92 Sep 21 07:34:23.171965: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:23.171968: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:34:23.171970: | exchange type: ISAKMP_XCHG_INFO (0x5) Sep 21 07:34:23.171974: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Sep 21 07:34:23.171976: | Message ID: 3334301906 (0xc6bd68d2) Sep 21 07:34:23.171979: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:34:23.171982: | ***emit ISAKMP Hash Payload: Sep 21 07:34:23.171985: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:23.171989: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Sep 21 07:34:23.171992: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'delete msg' Sep 21 07:34:23.171995: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Sep 21 07:34:23.171998: | emitting length of ISAKMP Hash Payload: 36 Sep 21 07:34:23.172001: | ***emit ISAKMP Delete Payload: Sep 21 07:34:23.172004: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:23.172006: | DOI: ISAKMP_DOI_IPSEC (0x1) Sep 21 07:34:23.172009: | protocol ID: 1 (0x1) Sep 21 07:34:23.172011: | SPI size: 16 (0x10) Sep 21 07:34:23.172013: | number of SPIs: 1 (0x1) Sep 21 07:34:23.172016: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Delete Payload (12:ISAKMP_NEXT_D) Sep 21 07:34:23.172019: | next payload chain: saving location 'ISAKMP Delete Payload'.'next payload type' in 'delete msg' Sep 21 07:34:23.172022: | emitting 8 raw bytes of initiator SPI into ISAKMP Delete Payload Sep 21 07:34:23.172025: | initiator SPI 83 26 94 dc 76 34 ec a4 Sep 21 07:34:23.172027: | emitting 8 raw bytes of responder SPI into ISAKMP Delete Payload Sep 21 07:34:23.172030: | responder SPI 7f 9b 03 f4 eb 6f 2e 92 Sep 21 07:34:23.172032: | emitting length of ISAKMP Delete Payload: 28 Sep 21 07:34:23.172063: | send delete HASH(1): Sep 21 07:34:23.172067: | e8 64 46 e5 c7 95 38 f3 b9 47 ed 0b 5b 0e f1 2e Sep 21 07:34:23.172070: | 87 68 03 0e 77 2f 45 d4 44 e6 8e fb 92 50 f3 63 Sep 21 07:34:23.172079: | no IKEv1 message padding required Sep 21 07:34:23.172083: | emitting length of ISAKMP Message: 92 Sep 21 07:34:23.172098: | sending 92 bytes for delete notify through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #3) Sep 21 07:34:23.172102: | 83 26 94 dc 76 34 ec a4 7f 9b 03 f4 eb 6f 2e 92 Sep 21 07:34:23.172104: | 08 10 05 01 c6 bd 68 d2 00 00 00 5c 30 92 46 b8 Sep 21 07:34:23.172107: | aa 94 ff fe 97 e5 8e 50 70 1a f6 99 9f 18 39 1d Sep 21 07:34:23.172109: | d0 06 39 4c a8 c4 a6 ac 9b 79 7a 9a 29 20 97 c9 Sep 21 07:34:23.172112: | 4b e7 d6 03 42 29 38 21 40 65 3d cd af cd 11 61 Sep 21 07:34:23.172114: | 46 ba 8d b4 a7 1a 35 3e a8 2b 78 18 Sep 21 07:34:23.172160: | state #3 requesting EVENT_SA_REPLACE to be deleted Sep 21 07:34:23.172167: | libevent_free: release ptr-libevent@0x7f927c003590 Sep 21 07:34:23.172170: | free_event_entry: release EVENT_SA_REPLACE-pe@0x55bbb7a0a280 Sep 21 07:34:23.172173: | State DB: IKEv1 state not found (flush_incomplete_children) Sep 21 07:34:23.172177: | in connection_discard for connection northnet-eastnet-b Sep 21 07:34:23.172180: | State DB: deleting IKEv1 state #3 in MAIN_R3 Sep 21 07:34:23.172183: | parent state #3: MAIN_R3(established IKE SA) => UNDEFINED(ignore) Sep 21 07:34:23.172194: | unreference key: 0x55bbb7a7afe0 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org cnt 2-- Sep 21 07:34:23.172211: | stop processing: state #3 from 192.1.3.33:500 (in delete_state() at state.c:1143) Sep 21 07:34:23.172222: | unreference key: 0x55bbb7a7afe0 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org cnt 1-- Sep 21 07:34:23.172228: | unreference key: 0x55bbb7a7a630 user-north@testing.libreswan.org cnt 1-- Sep 21 07:34:23.172232: | unreference key: 0x55bbb7a7ad70 @north.testing.libreswan.org cnt 1-- Sep 21 07:34:23.172249: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) Sep 21 07:34:23.172252: | state #2 Sep 21 07:34:23.172254: | state #1 Sep 21 07:34:23.172260: | start processing: state #1 connection "northnet-eastnet-b" from 192.1.3.33:500 (in foreach_state_by_connection_func_delete() at state.c:1310) Sep 21 07:34:23.172263: | pstats #1 ikev1.isakmp deleted completed Sep 21 07:34:23.172267: | [RE]START processing: state #1 connection "northnet-eastnet-b" from 192.1.3.33:500 (in delete_state() at state.c:879) Sep 21 07:34:23.172271: "northnet-eastnet-b" #1: deleting state (STATE_MAIN_R3) aged 56.195s and sending notification Sep 21 07:34:23.172274: | parent state #1: MAIN_R3(established IKE SA) => delete Sep 21 07:34:23.172338: | #1 send IKEv1 delete notification for STATE_MAIN_R3 Sep 21 07:34:23.172345: | **emit ISAKMP Message: Sep 21 07:34:23.172348: | initiator cookie: Sep 21 07:34:23.172351: | 01 a7 a6 fa 98 79 9e af Sep 21 07:34:23.172353: | responder cookie: Sep 21 07:34:23.172355: | 66 81 7f f0 7d 2f b4 22 Sep 21 07:34:23.172358: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:23.172361: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:34:23.172363: | exchange type: ISAKMP_XCHG_INFO (0x5) Sep 21 07:34:23.172366: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Sep 21 07:34:23.172368: | Message ID: 3621532556 (0xd7dc338c) Sep 21 07:34:23.172371: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:34:23.172374: | ***emit ISAKMP Hash Payload: Sep 21 07:34:23.172376: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:23.172380: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Sep 21 07:34:23.172382: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'delete msg' Sep 21 07:34:23.172386: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Sep 21 07:34:23.172388: | emitting length of ISAKMP Hash Payload: 36 Sep 21 07:34:23.172391: | ***emit ISAKMP Delete Payload: Sep 21 07:34:23.172393: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:23.172396: | DOI: ISAKMP_DOI_IPSEC (0x1) Sep 21 07:34:23.172398: | protocol ID: 1 (0x1) Sep 21 07:34:23.172401: | SPI size: 16 (0x10) Sep 21 07:34:23.172403: | number of SPIs: 1 (0x1) Sep 21 07:34:23.172406: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Delete Payload (12:ISAKMP_NEXT_D) Sep 21 07:34:23.172409: | next payload chain: saving location 'ISAKMP Delete Payload'.'next payload type' in 'delete msg' Sep 21 07:34:23.172412: | emitting 8 raw bytes of initiator SPI into ISAKMP Delete Payload Sep 21 07:34:23.172414: | initiator SPI 01 a7 a6 fa 98 79 9e af Sep 21 07:34:23.172417: | emitting 8 raw bytes of responder SPI into ISAKMP Delete Payload Sep 21 07:34:23.172419: | responder SPI 66 81 7f f0 7d 2f b4 22 Sep 21 07:34:23.172422: | emitting length of ISAKMP Delete Payload: 28 Sep 21 07:34:23.172441: | send delete HASH(1): Sep 21 07:34:23.172445: | 79 eb 20 b4 9c c8 66 91 be aa 2c 84 5a 15 a2 c1 Sep 21 07:34:23.172447: | 42 3f cb a1 be 3f 82 64 74 1a d6 14 a9 16 d9 fe Sep 21 07:34:23.172455: | no IKEv1 message padding required Sep 21 07:34:23.172458: | emitting length of ISAKMP Message: 92 Sep 21 07:34:23.172470: | sending 92 bytes for delete notify through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) Sep 21 07:34:23.172476: | 01 a7 a6 fa 98 79 9e af 66 81 7f f0 7d 2f b4 22 Sep 21 07:34:23.172478: | 08 10 05 01 d7 dc 33 8c 00 00 00 5c d4 06 d2 12 Sep 21 07:34:23.172481: | fa 8e 6b b5 52 91 19 ce 95 a1 75 6e 1d 2e 63 b0 Sep 21 07:34:23.172483: | 41 c8 e7 05 b9 e6 23 27 3a c1 13 57 53 b5 36 d4 Sep 21 07:34:23.172485: | ff e6 0b 5a 3b 58 d8 44 46 19 10 2a f2 03 0a a8 Sep 21 07:34:23.172488: | 85 ee d2 5c a8 c7 68 30 e1 85 cf 77 Sep 21 07:34:23.172517: | state #1 requesting EVENT_SA_REPLACE to be deleted Sep 21 07:34:23.172524: | libevent_free: release ptr-libevent@0x55bbb7a69370 Sep 21 07:34:23.172528: | free_event_entry: release EVENT_SA_REPLACE-pe@0x7f928c002b20 Sep 21 07:34:23.172533: | State DB: IKEv1 state not found (flush_incomplete_children) Sep 21 07:34:23.172537: | in connection_discard for connection northnet-eastnet-b Sep 21 07:34:23.172540: | State DB: deleting IKEv1 state #1 in MAIN_R3 Sep 21 07:34:23.172544: | parent state #1: MAIN_R3(established IKE SA) => UNDEFINED(ignore) Sep 21 07:34:23.172557: | unreference key: 0x55bbb7a7d3c0 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org cnt 2-- Sep 21 07:34:23.172571: | stop processing: state #1 from 192.1.3.33:500 (in delete_state() at state.c:1143) Sep 21 07:34:23.172586: | unreference key: 0x55bbb7a7d3c0 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org cnt 1-- Sep 21 07:34:23.172593: | unreference key: 0x55bbb7a41df0 user-north@testing.libreswan.org cnt 1-- Sep 21 07:34:23.172599: | unreference key: 0x55bbb7a76710 @north.testing.libreswan.org cnt 1-- Sep 21 07:34:23.172608: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) Sep 21 07:34:23.172617: | shunt_eroute() called for connection 'northnet-eastnet-b' to 'delete' for rt_kind 'unrouted' using protoports 192.0.2.0/24:0 --0->- 192.0.3.0/24:0 Sep 21 07:34:23.172625: | netlink_shunt_eroute for proto 0, and source 192.0.2.0/24:0 dest 192.0.3.0/24:0 Sep 21 07:34:23.172629: | priority calculation of connection "northnet-eastnet-b" is 0xfe7e7 Sep 21 07:34:23.172666: | priority calculation of connection "northnet-eastnet-b" is 0xfe7e7 Sep 21 07:34:23.172679: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:34:23.172684: | conn northnet-eastnet-b mark 0/00000000, 0/00000000 vs Sep 21 07:34:23.172688: | conn northnet-eastnet-b mark 0/00000000, 0/00000000 Sep 21 07:34:23.172691: | conn northnet-eastnet-b mark 0/00000000, 0/00000000 vs Sep 21 07:34:23.172695: | conn northnet-eastnet-a mark 0/00000000, 0/00000000 Sep 21 07:34:23.172699: | route owner of "northnet-eastnet-b" unrouted: "northnet-eastnet-a" prospective erouted Sep 21 07:34:23.172703: | flush revival: connection 'northnet-eastnet-b' wasn't on the list Sep 21 07:34:23.172707: | processing: STOP connection NULL (in discard_connection() at connections.c:249) Sep 21 07:34:23.172714: | start processing: connection "northnet-eastnet-a" (in delete_connection() at connections.c:189) Sep 21 07:34:23.172717: | Deleting states for connection - including all other IPsec SA's of this IKE SA Sep 21 07:34:23.172720: | pass 0 Sep 21 07:34:23.172723: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:34:23.172726: | state #2 Sep 21 07:34:23.172731: | suspend processing: connection "northnet-eastnet-a" (in foreach_state_by_connection_func_delete() at state.c:1310) Sep 21 07:34:23.172738: | start processing: state #2 connection "northnet-eastnet-a" from 192.1.3.33:500 (in foreach_state_by_connection_func_delete() at state.c:1310) Sep 21 07:34:23.172741: | pstats #2 ikev1.ipsec deleted completed Sep 21 07:34:23.172748: | [RE]START processing: state #2 connection "northnet-eastnet-a" from 192.1.3.33:500 (in delete_state() at state.c:879) Sep 21 07:34:23.172751: "northnet-eastnet-a" #2: deleting state (STATE_QUICK_R2) aged 56.167s and sending notification Sep 21 07:34:23.172755: | child state #2: QUICK_R2(established CHILD SA) => delete Sep 21 07:34:23.172762: | get_sa_info esp.577ef0d0@192.1.3.33 Sep 21 07:34:23.172777: | get_sa_info esp.961469d3@192.1.2.23 Sep 21 07:34:23.172806: "northnet-eastnet-a" #2: ESP traffic information: in=168B out=0B Sep 21 07:34:23.172814: | #2 send IKEv1 delete notification for STATE_QUICK_R2 Sep 21 07:34:23.172818: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:34:23.172820: | no Phase 1 state for Delete Sep 21 07:34:23.172823: | state #2 requesting EVENT_SA_REPLACE to be deleted Sep 21 07:34:23.172826: | libevent_free: release ptr-libevent@0x7f928c006900 Sep 21 07:34:23.172830: | free_event_entry: release EVENT_SA_REPLACE-pe@0x55bbb7a6fb50 Sep 21 07:34:23.172892: | delete esp.577ef0d0@192.1.3.33 Sep 21 07:34:23.172922: | netlink response for Del SA esp.577ef0d0@192.1.3.33 included non-error error Sep 21 07:34:23.172926: | priority calculation of connection "northnet-eastnet-a" is 0xfe7e7 Sep 21 07:34:23.172932: | delete inbound eroute 192.0.3.0/24:0 --0-> 192.0.22.0/24:0 => unk255.10000@192.1.2.23 (raw_eroute) Sep 21 07:34:23.172941: | raw_eroute result=success Sep 21 07:34:23.172944: | delete esp.961469d3@192.1.2.23 Sep 21 07:34:23.172966: | netlink response for Del SA esp.961469d3@192.1.2.23 included non-error error Sep 21 07:34:23.172971: | stop processing: connection "northnet-eastnet-a" (BACKGROUND) (in update_state_connection() at connections.c:4037) Sep 21 07:34:23.172973: | start processing: connection NULL (in update_state_connection() at connections.c:4038) Sep 21 07:34:23.172976: | in connection_discard for connection northnet-eastnet-a Sep 21 07:34:23.172978: | State DB: deleting IKEv1 state #2 in QUICK_R2 Sep 21 07:34:23.172981: | child state #2: QUICK_R2(established CHILD SA) => UNDEFINED(ignore) Sep 21 07:34:23.172993: | stop processing: state #2 from 192.1.3.33:500 (in delete_state() at state.c:1143) Sep 21 07:34:23.173007: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) Sep 21 07:34:23.173010: | pass 1 Sep 21 07:34:23.173012: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:34:23.173018: | shunt_eroute() called for connection 'northnet-eastnet-a' to 'delete' for rt_kind 'unrouted' using protoports 192.0.22.0/24:0 --0->- 192.0.3.0/24:0 Sep 21 07:34:23.173023: | netlink_shunt_eroute for proto 0, and source 192.0.22.0/24:0 dest 192.0.3.0/24:0 Sep 21 07:34:23.173026: | priority calculation of connection "northnet-eastnet-a" is 0xfe7e7 Sep 21 07:34:23.173051: | priority calculation of connection "northnet-eastnet-a" is 0xfe7e7 Sep 21 07:34:23.173061: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:34:23.173065: | conn northnet-eastnet-a mark 0/00000000, 0/00000000 vs Sep 21 07:34:23.173067: | conn northnet-eastnet-a mark 0/00000000, 0/00000000 Sep 21 07:34:23.173069: | route owner of "northnet-eastnet-a" unrouted: NULL Sep 21 07:34:23.173071: | running updown command "ipsec _updown" for verb unroute Sep 21 07:34:23.173073: | command executing unroute-client Sep 21 07:34:23.173096: | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet-a' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.22.0/24' PLUTO_MY_CLIENT_NET='192.0.22.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_ Sep 21 07:34:23.173099: | popen cmd is 1276 chars long Sep 21 07:34:23.173103: | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastn: Sep 21 07:34:23.173105: | cmd( 80):et-a' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' : Sep 21 07:34:23.173106: | cmd( 160):PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=ea: Sep 21 07:34:23.173108: | cmd( 240):st.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='19: Sep 21 07:34:23.173109: | cmd( 320):2.0.22.0/24' PLUTO_MY_CLIENT_NET='192.0.22.0' PLUTO_MY_CLIENT_MASK='255.255.255.: Sep 21 07:34:23.173111: | cmd( 400):0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE=: Sep 21 07:34:23.173113: | cmd( 480):'none' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Lib: Sep 21 07:34:23.173114: | cmd( 560):reswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing: Sep 21 07:34:23.173116: | cmd( 640):.libreswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.: Sep 21 07:34:23.173117: | cmd( 720):0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCO: Sep 21 07:34:23.173119: | cmd( 800):L='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY=: Sep 21 07:34:23.173121: | cmd( 880):'RSASIG+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_: Sep 21 07:34:23.173122: | cmd( 960):CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PE: Sep 21 07:34:23.173124: | cmd(1040):ER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER=: Sep 21 07:34:23.173125: | cmd(1120):'' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE=': Sep 21 07:34:23.173127: | cmd(1200):' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&1: Sep 21 07:34:23.184237: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:23.184254: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:23.184258: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:23.184293: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:23.184303: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:23.184308: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:23.184315: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:23.184324: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:23.184337: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:23.184351: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:23.184359: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:23.184373: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:23.184386: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:23.184400: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:23.184414: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:23.184427: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:23.184455: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:23.184462: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:23.184469: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:23.184477: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:23.184484: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:23.184500: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:23.184510: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:23.184521: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:23.184533: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:23.184546: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:23.184559: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:23.184571: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:23.184585: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:23.184597: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:23.184613: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:23.184625: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:23.184636: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:23.184649: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:23.184661: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:23.184674: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:23.184687: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:23.184699: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:23.184712: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:23.184724: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:23.184736: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:23.184750: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:23.184762: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:23.184776: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:23.184793: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:23.184807: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:23.184952: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:23.184966: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:23.184978: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:23.190807: | free hp@0x55bbb7a6a9b0 Sep 21 07:34:23.190829: | flush revival: connection 'northnet-eastnet-a' wasn't on the list Sep 21 07:34:23.190833: | processing: STOP connection NULL (in discard_connection() at connections.c:249) Sep 21 07:34:23.190858: | crl fetch request list locked by 'free_crl_fetch' Sep 21 07:34:23.190861: | crl fetch request list unlocked by 'free_crl_fetch' Sep 21 07:34:23.190874: shutting down interface lo/lo 127.0.0.1:4500 Sep 21 07:34:23.190878: shutting down interface lo/lo 127.0.0.1:500 Sep 21 07:34:23.190881: shutting down interface eth0/eth0 192.0.2.254:4500 Sep 21 07:34:23.190884: shutting down interface eth0/eth0 192.0.2.254:500 Sep 21 07:34:23.190887: shutting down interface eth1/eth1 192.1.2.23:4500 Sep 21 07:34:23.190891: shutting down interface eth1/eth1 192.1.2.23:500 Sep 21 07:34:23.190895: | FOR_EACH_STATE_... in delete_states_dead_interfaces Sep 21 07:34:23.190903: | libevent_free: release ptr-libevent@0x55bbb7a64770 Sep 21 07:34:23.190906: | free_event_entry: release EVENT_NULL-pe@0x55bbb7a4dce0 Sep 21 07:34:23.190917: | libevent_free: release ptr-libevent@0x55bbb7a64860 Sep 21 07:34:23.190920: | free_event_entry: release EVENT_NULL-pe@0x55bbb7a64820 Sep 21 07:34:23.190927: | libevent_free: release ptr-libevent@0x55bbb7a64950 Sep 21 07:34:23.190930: | free_event_entry: release EVENT_NULL-pe@0x55bbb7a64910 Sep 21 07:34:23.190936: | libevent_free: release ptr-libevent@0x55bbb7a64a40 Sep 21 07:34:23.190939: | free_event_entry: release EVENT_NULL-pe@0x55bbb7a64a00 Sep 21 07:34:23.190946: | libevent_free: release ptr-libevent@0x55bbb7a64b30 Sep 21 07:34:23.190948: | free_event_entry: release EVENT_NULL-pe@0x55bbb7a64af0 Sep 21 07:34:23.190954: | libevent_free: release ptr-libevent@0x55bbb7a64c20 Sep 21 07:34:23.190957: | free_event_entry: release EVENT_NULL-pe@0x55bbb7a64be0 Sep 21 07:34:23.190962: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Sep 21 07:34:23.191374: | libevent_free: release ptr-libevent@0x55bbb7a63f50 Sep 21 07:34:23.191384: | free_event_entry: release EVENT_NULL-pe@0x55bbb7a4cbe0 Sep 21 07:34:23.191389: | libevent_free: release ptr-libevent@0x55bbb7a599d0 Sep 21 07:34:23.191391: | free_event_entry: release EVENT_NULL-pe@0x55bbb7a4ce20 Sep 21 07:34:23.191395: | libevent_free: release ptr-libevent@0x55bbb7a59940 Sep 21 07:34:23.191397: | free_event_entry: release EVENT_NULL-pe@0x55bbb7a52970 Sep 21 07:34:23.191401: | global timer EVENT_REINIT_SECRET uninitialized Sep 21 07:34:23.191404: | global timer EVENT_SHUNT_SCAN uninitialized Sep 21 07:34:23.191406: | global timer EVENT_PENDING_DDNS uninitialized Sep 21 07:34:23.191409: | global timer EVENT_PENDING_PHASE2 uninitialized Sep 21 07:34:23.191412: | global timer EVENT_CHECK_CRLS uninitialized Sep 21 07:34:23.191414: | global timer EVENT_REVIVE_CONNS uninitialized Sep 21 07:34:23.191417: | global timer EVENT_FREE_ROOT_CERTS uninitialized Sep 21 07:34:23.191420: | global timer EVENT_RESET_LOG_RATE_LIMIT uninitialized Sep 21 07:34:23.191422: | global timer EVENT_NAT_T_KEEPALIVE uninitialized Sep 21 07:34:23.191427: | libevent_free: release ptr-libevent@0x55bbb7a64130 Sep 21 07:34:23.191430: | signal event handler PLUTO_SIGCHLD uninstalled Sep 21 07:34:23.191433: | libevent_free: release ptr-libevent@0x55bbb7a64210 Sep 21 07:34:23.191436: | signal event handler PLUTO_SIGTERM uninstalled Sep 21 07:34:23.191439: | libevent_free: release ptr-libevent@0x55bbb7a642d0 Sep 21 07:34:23.191441: | signal event handler PLUTO_SIGHUP uninstalled Sep 21 07:34:23.191444: | libevent_free: release ptr-libevent@0x55bbb7a58d40 Sep 21 07:34:23.191447: | signal event handler PLUTO_SIGSYS uninstalled Sep 21 07:34:23.191449: | releasing event base Sep 21 07:34:23.191463: | libevent_free: release ptr-libevent@0x55bbb7a64390 Sep 21 07:34:23.191465: | libevent_free: release ptr-libevent@0x55bbb7a01510 Sep 21 07:34:23.191469: | libevent_free: release ptr-libevent@0x55bbb7a47fd0 Sep 21 07:34:23.191471: | libevent_free: release ptr-libevent@0x55bbb7a77d90 Sep 21 07:34:23.191474: | libevent_free: release ptr-libevent@0x55bbb7a47ff0 Sep 21 07:34:23.191477: | libevent_free: release ptr-libevent@0x55bbb7a63fe0 Sep 21 07:34:23.191479: | libevent_free: release ptr-libevent@0x55bbb7a641d0 Sep 21 07:34:23.191482: | libevent_free: release ptr-libevent@0x55bbb7a48190 Sep 21 07:34:23.191484: | libevent_free: release ptr-libevent@0x55bbb7a528d0 Sep 21 07:34:23.191487: | libevent_free: release ptr-libevent@0x55bbb7a528b0 Sep 21 07:34:23.191489: | libevent_free: release ptr-libevent@0x55bbb7a64cb0 Sep 21 07:34:23.191491: | libevent_free: release ptr-libevent@0x55bbb7a64bc0 Sep 21 07:34:23.191494: | libevent_free: release ptr-libevent@0x55bbb7a64ad0 Sep 21 07:34:23.191496: | libevent_free: release ptr-libevent@0x55bbb7a649e0 Sep 21 07:34:23.191498: | libevent_free: release ptr-libevent@0x55bbb7a648f0 Sep 21 07:34:23.191501: | libevent_free: release ptr-libevent@0x55bbb7a64800 Sep 21 07:34:23.191503: | libevent_free: release ptr-libevent@0x55bbb7a48080 Sep 21 07:34:23.191506: | libevent_free: release ptr-libevent@0x55bbb7a642b0 Sep 21 07:34:23.191508: | libevent_free: release ptr-libevent@0x55bbb7a641f0 Sep 21 07:34:23.191511: | libevent_free: release ptr-libevent@0x55bbb7a64110 Sep 21 07:34:23.191513: | libevent_free: release ptr-libevent@0x55bbb7a64370 Sep 21 07:34:23.191515: | libevent_free: release ptr-libevent@0x55bbb7a64000 Sep 21 07:34:23.191518: | libevent_free: release ptr-libevent@0x55bbb7a48010 Sep 21 07:34:23.191521: | libevent_free: release ptr-libevent@0x55bbb7a48040 Sep 21 07:34:23.191523: | libevent_free: release ptr-libevent@0x55bbb7a47d30 Sep 21 07:34:23.191525: | releasing global libevent data Sep 21 07:34:23.191528: | libevent_free: release ptr-libevent@0x55bbb7a46520 Sep 21 07:34:23.191531: | libevent_free: release ptr-libevent@0x55bbb7a46550 Sep 21 07:34:23.191534: | libevent_free: release ptr-libevent@0x55bbb7a47d00