Sep 21 07:33:26.483636: FIPS Product: YES Sep 21 07:33:26.483676: FIPS Kernel: NO Sep 21 07:33:26.483679: FIPS Mode: NO Sep 21 07:33:26.483681: NSS DB directory: sql:/etc/ipsec.d Sep 21 07:33:26.483853: Initializing NSS Sep 21 07:33:26.483861: Opening NSS database "sql:/etc/ipsec.d" read-only Sep 21 07:33:26.511711: NSS initialized Sep 21 07:33:26.511726: NSS crypto library initialized Sep 21 07:33:26.511729: FIPS HMAC integrity support [enabled] Sep 21 07:33:26.511731: FIPS mode disabled for pluto daemon Sep 21 07:33:26.582430: FIPS HMAC integrity verification self-test FAILED Sep 21 07:33:26.582514: libcap-ng support [enabled] Sep 21 07:33:26.582523: Linux audit support [enabled] Sep 21 07:33:26.582546: Linux audit activated Sep 21 07:33:26.582549: Starting Pluto (Libreswan Version v3.28-827-gc9aa82b8a6-master-s2 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC SYSTEMD_WATCHDOG FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:19895 Sep 21 07:33:26.582551: core dump dir: /tmp Sep 21 07:33:26.582552: secrets file: /etc/ipsec.secrets Sep 21 07:33:26.582554: leak-detective disabled Sep 21 07:33:26.582555: NSS crypto [enabled] Sep 21 07:33:26.582556: XAUTH PAM support [enabled] Sep 21 07:33:26.582613: | libevent is using pluto's memory allocator Sep 21 07:33:26.582618: Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800) Sep 21 07:33:26.582629: | libevent_malloc: new ptr-libevent@0x55dbe1bd22a0 size 40 Sep 21 07:33:26.582634: | libevent_malloc: new ptr-libevent@0x55dbe1bd22d0 size 40 Sep 21 07:33:26.582636: | libevent_malloc: new ptr-libevent@0x55dbe1bd3a80 size 40 Sep 21 07:33:26.582637: | creating event base Sep 21 07:33:26.582639: | libevent_malloc: new ptr-libevent@0x55dbe1bd3a40 size 56 Sep 21 07:33:26.582641: | libevent_malloc: new ptr-libevent@0x55dbe1bd3ab0 size 664 Sep 21 07:33:26.582649: | libevent_malloc: new ptr-libevent@0x55dbe1bd3d50 size 24 Sep 21 07:33:26.582652: | libevent_malloc: new ptr-libevent@0x55dbe1b8d2e0 size 384 Sep 21 07:33:26.582660: | libevent_malloc: new ptr-libevent@0x55dbe1bd3d70 size 16 Sep 21 07:33:26.582662: | libevent_malloc: new ptr-libevent@0x55dbe1bd3d90 size 40 Sep 21 07:33:26.582665: | libevent_malloc: new ptr-libevent@0x55dbe1bd3dc0 size 48 Sep 21 07:33:26.582672: | libevent_realloc: new ptr-libevent@0x55dbe1bd3e00 size 256 Sep 21 07:33:26.582677: | libevent_malloc: new ptr-libevent@0x55dbe1bd3f10 size 16 Sep 21 07:33:26.582684: | libevent_free: release ptr-libevent@0x55dbe1bd3a40 Sep 21 07:33:26.582688: | libevent initialized Sep 21 07:33:26.582692: | libevent_realloc: new ptr-libevent@0x55dbe1bd3f30 size 64 Sep 21 07:33:26.582697: | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds Sep 21 07:33:26.582710: | init_nat_traversal() initialized with keep_alive=0s Sep 21 07:33:26.582712: NAT-Traversal support [enabled] Sep 21 07:33:26.582714: | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized Sep 21 07:33:26.582719: | global one-shot timer EVENT_FREE_ROOT_CERTS initialized Sep 21 07:33:26.582725: | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds Sep 21 07:33:26.582753: | global one-shot timer EVENT_REVIVE_CONNS initialized Sep 21 07:33:26.582756: | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds Sep 21 07:33:26.582758: | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds Sep 21 07:33:26.582814: Encryption algorithms: Sep 21 07:33:26.582823: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm, aes_ccm_c Sep 21 07:33:26.582828: AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_b Sep 21 07:33:26.582832: AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_a Sep 21 07:33:26.582836: 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] 3des Sep 21 07:33:26.582839: CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128} Sep 21 07:33:26.582849: CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} camellia Sep 21 07:33:26.582855: AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm, aes_gcm_c Sep 21 07:33:26.582859: AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_b Sep 21 07:33:26.582862: AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_a Sep 21 07:33:26.582864: AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aesctr Sep 21 07:33:26.582867: AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aes Sep 21 07:33:26.582869: SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} serpent Sep 21 07:33:26.582871: TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} twofish Sep 21 07:33:26.582873: TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} twofish_cbc_ssh Sep 21 07:33:26.582875: NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_gmac Sep 21 07:33:26.582877: NULL IKEv1: ESP IKEv2: ESP [] Sep 21 07:33:26.582879: CHACHA20_POLY1305 IKEv1: IKEv2: IKE ESP [*256] chacha20poly1305 Sep 21 07:33:26.582887: Hash algorithms: Sep 21 07:33:26.582889: MD5 IKEv1: IKE IKEv2: Sep 21 07:33:26.582891: SHA1 IKEv1: IKE IKEv2: FIPS sha Sep 21 07:33:26.582893: SHA2_256 IKEv1: IKE IKEv2: FIPS sha2, sha256 Sep 21 07:33:26.582895: SHA2_384 IKEv1: IKE IKEv2: FIPS sha384 Sep 21 07:33:26.582897: SHA2_512 IKEv1: IKE IKEv2: FIPS sha512 Sep 21 07:33:26.582905: PRF algorithms: Sep 21 07:33:26.582907: HMAC_MD5 IKEv1: IKE IKEv2: IKE md5 Sep 21 07:33:26.582909: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS sha, sha1 Sep 21 07:33:26.582911: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS sha2, sha256, sha2_256 Sep 21 07:33:26.582913: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS sha384, sha2_384 Sep 21 07:33:26.582915: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS sha512, sha2_512 Sep 21 07:33:26.582917: AES_XCBC IKEv1: IKEv2: IKE aes128_xcbc Sep 21 07:33:26.582932: Integrity algorithms: Sep 21 07:33:26.582934: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH md5, hmac_md5 Sep 21 07:33:26.582936: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha, sha1, sha1_96, hmac_sha1 Sep 21 07:33:26.582938: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha512, sha2_512, sha2_512_256, hmac_sha2_512 Sep 21 07:33:26.582941: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha384, sha2_384, sha2_384_192, hmac_sha2_384 Sep 21 07:33:26.582943: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 Sep 21 07:33:26.582945: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH Sep 21 07:33:26.582947: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH aes_xcbc, aes128_xcbc, aes128_xcbc_96 Sep 21 07:33:26.582949: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac Sep 21 07:33:26.582951: NONE IKEv1: ESP IKEv2: IKE ESP FIPS null Sep 21 07:33:26.582958: DH algorithms: Sep 21 07:33:26.582960: NONE IKEv1: IKEv2: IKE ESP AH FIPS null, dh0 Sep 21 07:33:26.582962: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh5 Sep 21 07:33:26.582964: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh14 Sep 21 07:33:26.582968: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh15 Sep 21 07:33:26.582970: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh16 Sep 21 07:33:26.582971: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh17 Sep 21 07:33:26.582973: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh18 Sep 21 07:33:26.582975: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_256, ecp256 Sep 21 07:33:26.582977: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_384, ecp384 Sep 21 07:33:26.582979: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_521, ecp521 Sep 21 07:33:26.582980: DH31 IKEv1: IKE IKEv2: IKE ESP AH curve25519 Sep 21 07:33:26.582982: testing CAMELLIA_CBC: Sep 21 07:33:26.582984: Camellia: 16 bytes with 128-bit key Sep 21 07:33:26.583074: Camellia: 16 bytes with 128-bit key Sep 21 07:33:26.583096: Camellia: 16 bytes with 256-bit key Sep 21 07:33:26.583114: Camellia: 16 bytes with 256-bit key Sep 21 07:33:26.583131: testing AES_GCM_16: Sep 21 07:33:26.583133: empty string Sep 21 07:33:26.583151: one block Sep 21 07:33:26.583167: two blocks Sep 21 07:33:26.583183: two blocks with associated data Sep 21 07:33:26.583200: testing AES_CTR: Sep 21 07:33:26.583201: Encrypting 16 octets using AES-CTR with 128-bit key Sep 21 07:33:26.583218: Encrypting 32 octets using AES-CTR with 128-bit key Sep 21 07:33:26.583234: Encrypting 36 octets using AES-CTR with 128-bit key Sep 21 07:33:26.583251: Encrypting 16 octets using AES-CTR with 192-bit key Sep 21 07:33:26.583267: Encrypting 32 octets using AES-CTR with 192-bit key Sep 21 07:33:26.583283: Encrypting 36 octets using AES-CTR with 192-bit key Sep 21 07:33:26.583300: Encrypting 16 octets using AES-CTR with 256-bit key Sep 21 07:33:26.583315: Encrypting 32 octets using AES-CTR with 256-bit key Sep 21 07:33:26.583332: Encrypting 36 octets using AES-CTR with 256-bit key Sep 21 07:33:26.583348: testing AES_CBC: Sep 21 07:33:26.583350: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key Sep 21 07:33:26.583366: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key Sep 21 07:33:26.583384: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key Sep 21 07:33:26.583402: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key Sep 21 07:33:26.583422: testing AES_XCBC: Sep 21 07:33:26.583424: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input Sep 21 07:33:26.583497: RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input Sep 21 07:33:26.583577: RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input Sep 21 07:33:26.583654: RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input Sep 21 07:33:26.583731: RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input Sep 21 07:33:26.583817: RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input Sep 21 07:33:26.583900: RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input Sep 21 07:33:26.584071: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) Sep 21 07:33:26.584149: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) Sep 21 07:33:26.584232: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) Sep 21 07:33:26.584375: testing HMAC_MD5: Sep 21 07:33:26.584378: RFC 2104: MD5_HMAC test 1 Sep 21 07:33:26.584482: RFC 2104: MD5_HMAC test 2 Sep 21 07:33:26.584575: RFC 2104: MD5_HMAC test 3 Sep 21 07:33:26.584695: 8 CPU cores online Sep 21 07:33:26.584698: starting up 7 crypto helpers Sep 21 07:33:26.584725: started thread for crypto helper 0 Sep 21 07:33:26.584743: started thread for crypto helper 1 Sep 21 07:33:26.584764: started thread for crypto helper 2 Sep 21 07:33:26.584771: | starting up helper thread 2 Sep 21 07:33:26.584801: | status value returned by setting the priority of this thread (crypto helper 2) 22 Sep 21 07:33:26.584804: started thread for crypto helper 3 Sep 21 07:33:26.584782: | starting up helper thread 0 Sep 21 07:33:26.584816: | starting up helper thread 1 Sep 21 07:33:26.584814: | crypto helper 2 waiting (nothing to do) Sep 21 07:33:26.584827: | status value returned by setting the priority of this thread (crypto helper 0) 22 Sep 21 07:33:26.584855: | crypto helper 0 waiting (nothing to do) Sep 21 07:33:26.584842: | status value returned by setting the priority of this thread (crypto helper 1) 22 Sep 21 07:33:26.584844: started thread for crypto helper 4 Sep 21 07:33:26.584851: | starting up helper thread 4 Sep 21 07:33:26.584835: | starting up helper thread 3 Sep 21 07:33:26.584870: | crypto helper 1 waiting (nothing to do) Sep 21 07:33:26.584888: | status value returned by setting the priority of this thread (crypto helper 4) 22 Sep 21 07:33:26.584907: | crypto helper 4 waiting (nothing to do) Sep 21 07:33:26.584897: | status value returned by setting the priority of this thread (crypto helper 3) 22 Sep 21 07:33:26.584915: | crypto helper 3 waiting (nothing to do) Sep 21 07:33:26.584895: started thread for crypto helper 5 Sep 21 07:33:26.584978: started thread for crypto helper 6 Sep 21 07:33:26.584982: | checking IKEv1 state table Sep 21 07:33:26.584991: | MAIN_R0: category: half-open IKE SA flags: 0: Sep 21 07:33:26.584994: | -> MAIN_R1 EVENT_SO_DISCARD Sep 21 07:33:26.584998: | MAIN_I1: category: half-open IKE SA flags: 0: Sep 21 07:33:26.585000: | -> MAIN_I2 EVENT_RETRANSMIT Sep 21 07:33:26.585003: | MAIN_R1: category: open IKE SA flags: 200: Sep 21 07:33:26.585006: | -> MAIN_R2 EVENT_RETRANSMIT Sep 21 07:33:26.585009: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:33:26.585011: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:33:26.585014: | MAIN_I2: category: open IKE SA flags: 0: Sep 21 07:33:26.585017: | -> MAIN_I3 EVENT_RETRANSMIT Sep 21 07:33:26.585019: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:33:26.585022: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:33:26.585025: | MAIN_R2: category: open IKE SA flags: 0: Sep 21 07:33:26.585028: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:33:26.585030: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:33:26.585033: | -> UNDEFINED EVENT_SA_REPLACE Sep 21 07:33:26.585036: | MAIN_I3: category: open IKE SA flags: 0: Sep 21 07:33:26.585038: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:33:26.585041: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:33:26.585044: | -> UNDEFINED EVENT_SA_REPLACE Sep 21 07:33:26.585047: | MAIN_R3: category: established IKE SA flags: 200: Sep 21 07:33:26.585050: | -> UNDEFINED EVENT_NULL Sep 21 07:33:26.585052: | MAIN_I4: category: established IKE SA flags: 0: Sep 21 07:33:26.585054: | -> UNDEFINED EVENT_NULL Sep 21 07:33:26.585057: | AGGR_R0: category: half-open IKE SA flags: 0: Sep 21 07:33:26.585059: | -> AGGR_R1 EVENT_SO_DISCARD Sep 21 07:33:26.585061: | AGGR_I1: category: half-open IKE SA flags: 0: Sep 21 07:33:26.585063: | -> AGGR_I2 EVENT_SA_REPLACE Sep 21 07:33:26.585065: | -> AGGR_I2 EVENT_SA_REPLACE Sep 21 07:33:26.585067: | AGGR_R1: category: open IKE SA flags: 200: Sep 21 07:33:26.585070: | -> AGGR_R2 EVENT_SA_REPLACE Sep 21 07:33:26.585072: | -> AGGR_R2 EVENT_SA_REPLACE Sep 21 07:33:26.585075: | AGGR_I2: category: established IKE SA flags: 200: Sep 21 07:33:26.585077: | -> UNDEFINED EVENT_NULL Sep 21 07:33:26.585080: | AGGR_R2: category: established IKE SA flags: 0: Sep 21 07:33:26.585082: | -> UNDEFINED EVENT_NULL Sep 21 07:33:26.585084: | QUICK_R0: category: established CHILD SA flags: 0: Sep 21 07:33:26.585086: | -> QUICK_R1 EVENT_RETRANSMIT Sep 21 07:33:26.585089: | QUICK_I1: category: established CHILD SA flags: 0: Sep 21 07:33:26.585092: | -> QUICK_I2 EVENT_SA_REPLACE Sep 21 07:33:26.585094: | QUICK_R1: category: established CHILD SA flags: 0: Sep 21 07:33:26.585096: | -> QUICK_R2 EVENT_SA_REPLACE Sep 21 07:33:26.585099: | QUICK_I2: category: established CHILD SA flags: 200: Sep 21 07:33:26.585101: | -> UNDEFINED EVENT_NULL Sep 21 07:33:26.585107: | QUICK_R2: category: established CHILD SA flags: 0: Sep 21 07:33:26.585110: | -> UNDEFINED EVENT_NULL Sep 21 07:33:26.585112: | INFO: category: informational flags: 0: Sep 21 07:33:26.585115: | -> UNDEFINED EVENT_NULL Sep 21 07:33:26.585117: | INFO_PROTECTED: category: informational flags: 0: Sep 21 07:33:26.585119: | -> UNDEFINED EVENT_NULL Sep 21 07:33:26.585122: | XAUTH_R0: category: established IKE SA flags: 0: Sep 21 07:33:26.585124: | -> XAUTH_R1 EVENT_NULL Sep 21 07:33:26.585127: | XAUTH_R1: category: established IKE SA flags: 0: Sep 21 07:33:26.585129: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:33:26.585131: | MODE_CFG_R0: category: informational flags: 0: Sep 21 07:33:26.585133: | -> MODE_CFG_R1 EVENT_SA_REPLACE Sep 21 07:33:26.585136: | MODE_CFG_R1: category: established IKE SA flags: 0: Sep 21 07:33:26.585138: | -> MODE_CFG_R2 EVENT_SA_REPLACE Sep 21 07:33:26.585141: | MODE_CFG_R2: category: established IKE SA flags: 0: Sep 21 07:33:26.585143: | -> UNDEFINED EVENT_NULL Sep 21 07:33:26.585146: | MODE_CFG_I1: category: established IKE SA flags: 0: Sep 21 07:33:26.585149: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:33:26.585151: | XAUTH_I0: category: established IKE SA flags: 0: Sep 21 07:33:26.585154: | -> XAUTH_I1 EVENT_RETRANSMIT Sep 21 07:33:26.585157: | XAUTH_I1: category: established IKE SA flags: 0: Sep 21 07:33:26.585160: | -> MAIN_I4 EVENT_RETRANSMIT Sep 21 07:33:26.585167: | checking IKEv2 state table Sep 21 07:33:26.585173: | PARENT_I0: category: ignore flags: 0: Sep 21 07:33:26.585176: | -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT) Sep 21 07:33:26.585179: | PARENT_I1: category: half-open IKE SA flags: 0: Sep 21 07:33:26.585181: | -> PARENT_I1 EVENT_RETAIN send-request (Initiator: process SA_INIT reply notification) Sep 21 07:33:26.585184: | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH) Sep 21 07:33:26.585187: | PARENT_I2: category: open IKE SA flags: 0: Sep 21 07:33:26.585189: | -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification) Sep 21 07:33:26.585192: | -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification) Sep 21 07:33:26.585194: | -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification) Sep 21 07:33:26.585196: | -> V2_IPSEC_I EVENT_SA_REPLACE (Initiator: process IKE_AUTH response) Sep 21 07:33:26.585199: | -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification) Sep 21 07:33:26.585201: | PARENT_I3: category: established IKE SA flags: 0: Sep 21 07:33:26.585204: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Request) Sep 21 07:33:26.585206: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Response) Sep 21 07:33:26.585208: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Request) Sep 21 07:33:26.585209: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Response) Sep 21 07:33:26.585212: | PARENT_R0: category: half-open IKE SA flags: 0: Sep 21 07:33:26.585214: | -> PARENT_R1 EVENT_SO_DISCARD send-request (Respond to IKE_SA_INIT) Sep 21 07:33:26.585216: | PARENT_R1: category: half-open IKE SA flags: 0: Sep 21 07:33:26.585218: | -> PARENT_R1 EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request (no SKEYSEED)) Sep 21 07:33:26.585220: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request) Sep 21 07:33:26.585222: | PARENT_R2: category: established IKE SA flags: 0: Sep 21 07:33:26.585224: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Request) Sep 21 07:33:26.585226: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Response) Sep 21 07:33:26.585228: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Request) Sep 21 07:33:26.585230: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Response) Sep 21 07:33:26.585233: | V2_CREATE_I0: category: established IKE SA flags: 0: Sep 21 07:33:26.585237: | -> V2_CREATE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA) Sep 21 07:33:26.585239: | V2_CREATE_I: category: established IKE SA flags: 0: Sep 21 07:33:26.585242: | -> V2_IPSEC_I EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response) Sep 21 07:33:26.585244: | V2_REKEY_IKE_I0: category: established IKE SA flags: 0: Sep 21 07:33:26.585246: | -> V2_REKEY_IKE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey) Sep 21 07:33:26.585249: | V2_REKEY_IKE_I: category: established IKE SA flags: 0: Sep 21 07:33:26.585251: | -> PARENT_I3 EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response) Sep 21 07:33:26.585254: | V2_REKEY_CHILD_I0: category: established IKE SA flags: 0: Sep 21 07:33:26.585256: | -> V2_REKEY_CHILD_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA) Sep 21 07:33:26.585259: | V2_REKEY_CHILD_I: category: established IKE SA flags: 0: Sep 21 07:33:26.585261: | V2_CREATE_R: category: established IKE SA flags: 0: Sep 21 07:33:26.585264: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IPsec SA Request) Sep 21 07:33:26.585266: | V2_REKEY_IKE_R: category: established IKE SA flags: 0: Sep 21 07:33:26.585269: | -> PARENT_R2 EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IKE Rekey) Sep 21 07:33:26.585271: | V2_REKEY_CHILD_R: category: established IKE SA flags: 0: Sep 21 07:33:26.585274: | V2_IPSEC_I: category: established CHILD SA flags: 0: Sep 21 07:33:26.585276: | V2_IPSEC_R: category: established CHILD SA flags: 0: Sep 21 07:33:26.585279: | IKESA_DEL: category: established IKE SA flags: 0: Sep 21 07:33:26.585281: | -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) Sep 21 07:33:26.585284: | CHILDSA_DEL: category: informational flags: 0: Sep 21 07:33:26.585340: Using Linux XFRM/NETKEY IPsec interface code on 5.2.11+ Sep 21 07:33:26.585369: | starting up helper thread 5 Sep 21 07:33:26.585379: | status value returned by setting the priority of this thread (crypto helper 5) 22 Sep 21 07:33:26.585382: | crypto helper 5 waiting (nothing to do) Sep 21 07:33:26.585406: | Hard-wiring algorithms Sep 21 07:33:26.585410: | adding AES_CCM_16 to kernel algorithm db Sep 21 07:33:26.585415: | adding AES_CCM_12 to kernel algorithm db Sep 21 07:33:26.585417: | adding AES_CCM_8 to kernel algorithm db Sep 21 07:33:26.585420: | adding 3DES_CBC to kernel algorithm db Sep 21 07:33:26.585422: | adding CAMELLIA_CBC to kernel algorithm db Sep 21 07:33:26.585425: | adding AES_GCM_16 to kernel algorithm db Sep 21 07:33:26.585427: | adding AES_GCM_12 to kernel algorithm db Sep 21 07:33:26.585429: | adding AES_GCM_8 to kernel algorithm db Sep 21 07:33:26.585432: | adding AES_CTR to kernel algorithm db Sep 21 07:33:26.585434: | adding AES_CBC to kernel algorithm db Sep 21 07:33:26.585437: | adding SERPENT_CBC to kernel algorithm db Sep 21 07:33:26.585440: | adding TWOFISH_CBC to kernel algorithm db Sep 21 07:33:26.585443: | adding NULL_AUTH_AES_GMAC to kernel algorithm db Sep 21 07:33:26.585446: | adding NULL to kernel algorithm db Sep 21 07:33:26.585449: | adding CHACHA20_POLY1305 to kernel algorithm db Sep 21 07:33:26.585451: | adding HMAC_MD5_96 to kernel algorithm db Sep 21 07:33:26.585454: | adding HMAC_SHA1_96 to kernel algorithm db Sep 21 07:33:26.585456: | adding HMAC_SHA2_512_256 to kernel algorithm db Sep 21 07:33:26.585459: | adding HMAC_SHA2_384_192 to kernel algorithm db Sep 21 07:33:26.585461: | adding HMAC_SHA2_256_128 to kernel algorithm db Sep 21 07:33:26.585463: | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db Sep 21 07:33:26.585466: | adding AES_XCBC_96 to kernel algorithm db Sep 21 07:33:26.585468: | adding AES_CMAC_96 to kernel algorithm db Sep 21 07:33:26.585470: | adding NONE to kernel algorithm db Sep 21 07:33:26.585491: | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes Sep 21 07:33:26.585497: | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds Sep 21 07:33:26.585499: | setup kernel fd callback Sep 21 07:33:26.585505: | add_fd_read_event_handler: new KERNEL_XRM_FD-pe@0x55dbe1bde6f0 Sep 21 07:33:26.585509: | libevent_malloc: new ptr-libevent@0x55dbe1be57c0 size 128 Sep 21 07:33:26.585512: | libevent_malloc: new ptr-libevent@0x55dbe1bde650 size 16 Sep 21 07:33:26.585518: | add_fd_read_event_handler: new KERNEL_ROUTE_FD-pe@0x55dbe1bd8ba0 Sep 21 07:33:26.585520: | libevent_malloc: new ptr-libevent@0x55dbe1be5850 size 128 Sep 21 07:33:26.585522: | libevent_malloc: new ptr-libevent@0x55dbe1bde630 size 16 Sep 21 07:33:26.585756: | global one-shot timer EVENT_CHECK_CRLS initialized Sep 21 07:33:26.585766: selinux support is enabled. Sep 21 07:33:26.585852: systemd watchdog not enabled - not sending watchdog keepalives Sep 21 07:33:26.586040: | unbound context created - setting debug level to 5 Sep 21 07:33:26.586071: | /etc/hosts lookups activated Sep 21 07:33:26.586091: | /etc/resolv.conf usage activated Sep 21 07:33:26.586143: | outgoing-port-avoid set 0-65535 Sep 21 07:33:26.586167: | outgoing-port-permit set 32768-60999 Sep 21 07:33:26.586170: | Loading dnssec root key from:/var/lib/unbound/root.key Sep 21 07:33:26.586173: | No additional dnssec trust anchors defined via dnssec-trusted= option Sep 21 07:33:26.586176: | Setting up events, loop start Sep 21 07:33:26.586179: | add_fd_read_event_handler: new PLUTO_CTL_FD-pe@0x55dbe1bd8960 Sep 21 07:33:26.586182: | libevent_malloc: new ptr-libevent@0x55dbe1befdd0 size 128 Sep 21 07:33:26.586185: | libevent_malloc: new ptr-libevent@0x55dbe1befe60 size 16 Sep 21 07:33:26.586192: | libevent_realloc: new ptr-libevent@0x55dbe1befe80 size 256 Sep 21 07:33:26.586194: | libevent_malloc: new ptr-libevent@0x55dbe1beff90 size 8 Sep 21 07:33:26.586197: | libevent_realloc: new ptr-libevent@0x55dbe1be4ac0 size 144 Sep 21 07:33:26.586200: | libevent_malloc: new ptr-libevent@0x55dbe1beffb0 size 152 Sep 21 07:33:26.586204: | libevent_malloc: new ptr-libevent@0x55dbe1bf0050 size 16 Sep 21 07:33:26.586207: | signal event handler PLUTO_SIGCHLD installed Sep 21 07:33:26.586210: | libevent_malloc: new ptr-libevent@0x55dbe1bf0070 size 8 Sep 21 07:33:26.586212: | libevent_malloc: new ptr-libevent@0x55dbe1bf0090 size 152 Sep 21 07:33:26.586215: | signal event handler PLUTO_SIGTERM installed Sep 21 07:33:26.586217: | libevent_malloc: new ptr-libevent@0x55dbe1bf0130 size 8 Sep 21 07:33:26.586220: | libevent_malloc: new ptr-libevent@0x55dbe1bf0150 size 152 Sep 21 07:33:26.586223: | signal event handler PLUTO_SIGHUP installed Sep 21 07:33:26.586225: | libevent_malloc: new ptr-libevent@0x55dbe1bf01f0 size 8 Sep 21 07:33:26.586227: | libevent_realloc: release ptr-libevent@0x55dbe1be4ac0 Sep 21 07:33:26.586230: | libevent_realloc: new ptr-libevent@0x55dbe1bf0210 size 256 Sep 21 07:33:26.586232: | libevent_malloc: new ptr-libevent@0x55dbe1be4ac0 size 152 Sep 21 07:33:26.586234: | signal event handler PLUTO_SIGSYS installed Sep 21 07:33:26.586629: | created addconn helper (pid:19959) using fork+execve Sep 21 07:33:26.586643: | forked child 19959 Sep 21 07:33:26.586687: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:33:26.586708: | pluto_sd: executing action action: reloading(4), status 0 Sep 21 07:33:26.586716: listening for IKE messages Sep 21 07:33:26.586753: | Inspecting interface lo Sep 21 07:33:26.586759: | found lo with address 127.0.0.1 Sep 21 07:33:26.586762: | Inspecting interface eth0 Sep 21 07:33:26.586766: | found eth0 with address 192.0.3.254 Sep 21 07:33:26.586770: | Inspecting interface eth1 Sep 21 07:33:26.586774: | found eth1 with address 192.1.3.33 Sep 21 07:33:26.586966: Kernel supports NIC esp-hw-offload Sep 21 07:33:26.586980: adding interface eth1/eth1 (esp-hw-offload not supported by kernel) 192.1.3.33:500 Sep 21 07:33:26.587009: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:33:26.587011: | starting up helper thread 6 Sep 21 07:33:26.587014: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:33:26.587023: | status value returned by setting the priority of this thread (crypto helper 6) 22 Sep 21 07:33:26.587027: adding interface eth1/eth1 192.1.3.33:4500 Sep 21 07:33:26.587038: | crypto helper 6 waiting (nothing to do) Sep 21 07:33:26.587064: adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.0.3.254:500 Sep 21 07:33:26.587116: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:33:26.587120: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:33:26.587124: adding interface eth0/eth0 192.0.3.254:4500 Sep 21 07:33:26.587178: adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500 Sep 21 07:33:26.587228: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:33:26.587232: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:33:26.587235: adding interface lo/lo 127.0.0.1:4500 Sep 21 07:33:26.587323: | no interfaces to sort Sep 21 07:33:26.587328: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Sep 21 07:33:26.587337: | add_fd_read_event_handler: new ethX-pe@0x55dbe1bd9a60 Sep 21 07:33:26.587340: | libevent_malloc: new ptr-libevent@0x55dbe1bf05f0 size 128 Sep 21 07:33:26.587344: | libevent_malloc: new ptr-libevent@0x55dbe1bf0680 size 16 Sep 21 07:33:26.587350: | setup callback for interface lo 127.0.0.1:4500 fd 22 Sep 21 07:33:26.587353: | add_fd_read_event_handler: new ethX-pe@0x55dbe1bf06a0 Sep 21 07:33:26.587356: | libevent_malloc: new ptr-libevent@0x55dbe1bf06e0 size 128 Sep 21 07:33:26.587358: | libevent_malloc: new ptr-libevent@0x55dbe1bf0770 size 16 Sep 21 07:33:26.587363: | setup callback for interface lo 127.0.0.1:500 fd 21 Sep 21 07:33:26.587365: | add_fd_read_event_handler: new ethX-pe@0x55dbe1bf0790 Sep 21 07:33:26.587368: | libevent_malloc: new ptr-libevent@0x55dbe1bf07d0 size 128 Sep 21 07:33:26.587370: | libevent_malloc: new ptr-libevent@0x55dbe1bf0860 size 16 Sep 21 07:33:26.587375: | setup callback for interface eth0 192.0.3.254:4500 fd 20 Sep 21 07:33:26.587378: | add_fd_read_event_handler: new ethX-pe@0x55dbe1bf0880 Sep 21 07:33:26.587380: | libevent_malloc: new ptr-libevent@0x55dbe1bf08c0 size 128 Sep 21 07:33:26.587383: | libevent_malloc: new ptr-libevent@0x55dbe1bf0950 size 16 Sep 21 07:33:26.587388: | setup callback for interface eth0 192.0.3.254:500 fd 19 Sep 21 07:33:26.587390: | add_fd_read_event_handler: new ethX-pe@0x55dbe1bf0970 Sep 21 07:33:26.587393: | libevent_malloc: new ptr-libevent@0x55dbe1bf09b0 size 128 Sep 21 07:33:26.587396: | libevent_malloc: new ptr-libevent@0x55dbe1bf0a40 size 16 Sep 21 07:33:26.587400: | setup callback for interface eth1 192.1.3.33:4500 fd 18 Sep 21 07:33:26.587403: | add_fd_read_event_handler: new ethX-pe@0x55dbe1bf0a60 Sep 21 07:33:26.587406: | libevent_malloc: new ptr-libevent@0x55dbe1bf0aa0 size 128 Sep 21 07:33:26.587408: | libevent_malloc: new ptr-libevent@0x55dbe1bf0b30 size 16 Sep 21 07:33:26.587413: | setup callback for interface eth1 192.1.3.33:500 fd 17 Sep 21 07:33:26.587418: | certs and keys locked by 'free_preshared_secrets' Sep 21 07:33:26.587421: | certs and keys unlocked by 'free_preshared_secrets' Sep 21 07:33:26.587442: loading secrets from "/etc/ipsec.secrets" Sep 21 07:33:26.587461: | saving Modulus Sep 21 07:33:26.587465: | saving PublicExponent Sep 21 07:33:26.587468: | ignoring PrivateExponent Sep 21 07:33:26.587471: | ignoring Prime1 Sep 21 07:33:26.587474: | ignoring Prime2 Sep 21 07:33:26.587477: | ignoring Exponent1 Sep 21 07:33:26.587480: | ignoring Exponent2 Sep 21 07:33:26.587483: | ignoring Coefficient Sep 21 07:33:26.587486: | ignoring CKAIDNSS Sep 21 07:33:26.587535: | computed rsa CKAID 90 5d fc a1 08 68 74 7c 6f 20 d3 1b 2d 20 4b 8f Sep 21 07:33:26.587538: | computed rsa CKAID 88 aa 7c 5d Sep 21 07:33:26.587542: loaded private key for keyid: PKK_RSA:AQPl33O2P Sep 21 07:33:26.587550: | certs and keys locked by 'process_secret' Sep 21 07:33:26.587553: | certs and keys unlocked by 'process_secret' Sep 21 07:33:26.587559: | pluto_sd: executing action action: ready(5), status 0 Sep 21 07:33:26.587568: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:33:26.587579: | spent 0.874 milliseconds in whack Sep 21 07:33:26.616574: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:33:26.616610: | pluto_sd: executing action action: reloading(4), status 0 Sep 21 07:33:26.616616: listening for IKE messages Sep 21 07:33:26.616656: | Inspecting interface lo Sep 21 07:33:26.616664: | found lo with address 127.0.0.1 Sep 21 07:33:26.616667: | Inspecting interface eth0 Sep 21 07:33:26.616672: | found eth0 with address 192.0.3.254 Sep 21 07:33:26.616674: | Inspecting interface eth1 Sep 21 07:33:26.616678: | found eth1 with address 192.1.3.33 Sep 21 07:33:26.616741: | no interfaces to sort Sep 21 07:33:26.616751: | libevent_free: release ptr-libevent@0x55dbe1bf05f0 Sep 21 07:33:26.616754: | free_event_entry: release EVENT_NULL-pe@0x55dbe1bd9a60 Sep 21 07:33:26.616757: | add_fd_read_event_handler: new ethX-pe@0x55dbe1bd9a60 Sep 21 07:33:26.616760: | libevent_malloc: new ptr-libevent@0x55dbe1bf05f0 size 128 Sep 21 07:33:26.616767: | setup callback for interface lo 127.0.0.1:4500 fd 22 Sep 21 07:33:26.616771: | libevent_free: release ptr-libevent@0x55dbe1bf06e0 Sep 21 07:33:26.616774: | free_event_entry: release EVENT_NULL-pe@0x55dbe1bf06a0 Sep 21 07:33:26.616776: | add_fd_read_event_handler: new ethX-pe@0x55dbe1bf06a0 Sep 21 07:33:26.616779: | libevent_malloc: new ptr-libevent@0x55dbe1bf06e0 size 128 Sep 21 07:33:26.616790: | setup callback for interface lo 127.0.0.1:500 fd 21 Sep 21 07:33:26.616796: | libevent_free: release ptr-libevent@0x55dbe1bf07d0 Sep 21 07:33:26.616798: | free_event_entry: release EVENT_NULL-pe@0x55dbe1bf0790 Sep 21 07:33:26.616800: | add_fd_read_event_handler: new ethX-pe@0x55dbe1bf0790 Sep 21 07:33:26.616802: | libevent_malloc: new ptr-libevent@0x55dbe1bf07d0 size 128 Sep 21 07:33:26.616806: | setup callback for interface eth0 192.0.3.254:4500 fd 20 Sep 21 07:33:26.616810: | libevent_free: release ptr-libevent@0x55dbe1bf08c0 Sep 21 07:33:26.616812: | free_event_entry: release EVENT_NULL-pe@0x55dbe1bf0880 Sep 21 07:33:26.616814: | add_fd_read_event_handler: new ethX-pe@0x55dbe1bf0880 Sep 21 07:33:26.616816: | libevent_malloc: new ptr-libevent@0x55dbe1bf08c0 size 128 Sep 21 07:33:26.616820: | setup callback for interface eth0 192.0.3.254:500 fd 19 Sep 21 07:33:26.616824: | libevent_free: release ptr-libevent@0x55dbe1bf09b0 Sep 21 07:33:26.616826: | free_event_entry: release EVENT_NULL-pe@0x55dbe1bf0970 Sep 21 07:33:26.616829: | add_fd_read_event_handler: new ethX-pe@0x55dbe1bf0970 Sep 21 07:33:26.616831: | libevent_malloc: new ptr-libevent@0x55dbe1bf09b0 size 128 Sep 21 07:33:26.616835: | setup callback for interface eth1 192.1.3.33:4500 fd 18 Sep 21 07:33:26.616839: | libevent_free: release ptr-libevent@0x55dbe1bf0aa0 Sep 21 07:33:26.616841: | free_event_entry: release EVENT_NULL-pe@0x55dbe1bf0a60 Sep 21 07:33:26.616844: | add_fd_read_event_handler: new ethX-pe@0x55dbe1bf0a60 Sep 21 07:33:26.616846: | libevent_malloc: new ptr-libevent@0x55dbe1bf0aa0 size 128 Sep 21 07:33:26.616851: | setup callback for interface eth1 192.1.3.33:500 fd 17 Sep 21 07:33:26.616854: | certs and keys locked by 'free_preshared_secrets' Sep 21 07:33:26.616856: forgetting secrets Sep 21 07:33:26.616867: | certs and keys unlocked by 'free_preshared_secrets' Sep 21 07:33:26.616880: loading secrets from "/etc/ipsec.secrets" Sep 21 07:33:26.616896: | saving Modulus Sep 21 07:33:26.616899: | saving PublicExponent Sep 21 07:33:26.616903: | ignoring PrivateExponent Sep 21 07:33:26.616906: | ignoring Prime1 Sep 21 07:33:26.616909: | ignoring Prime2 Sep 21 07:33:26.616912: | ignoring Exponent1 Sep 21 07:33:26.616915: | ignoring Exponent2 Sep 21 07:33:26.616918: | ignoring Coefficient Sep 21 07:33:26.616920: | ignoring CKAIDNSS Sep 21 07:33:26.616945: | computed rsa CKAID 90 5d fc a1 08 68 74 7c 6f 20 d3 1b 2d 20 4b 8f Sep 21 07:33:26.616948: | computed rsa CKAID 88 aa 7c 5d Sep 21 07:33:26.616952: loaded private key for keyid: PKK_RSA:AQPl33O2P Sep 21 07:33:26.616958: | certs and keys locked by 'process_secret' Sep 21 07:33:26.616966: | certs and keys unlocked by 'process_secret' Sep 21 07:33:26.616971: | pluto_sd: executing action action: ready(5), status 0 Sep 21 07:33:26.616979: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:33:26.616987: | spent 0.428 milliseconds in whack Sep 21 07:33:26.617446: | processing signal PLUTO_SIGCHLD Sep 21 07:33:26.617459: | waitpid returned pid 19959 (exited with status 0) Sep 21 07:33:26.617462: | reaped addconn helper child (status 0) Sep 21 07:33:26.617467: | waitpid returned ECHILD (no child processes left) Sep 21 07:33:26.617472: | spent 0.0156 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:33:26.694347: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:33:26.694373: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:33:26.694376: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:33:26.694379: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:33:26.694381: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:33:26.694385: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:33:26.694393: | Added new connection north-a-dpd with policy ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:33:26.694396: | No AUTH policy was set - defaulting to RSASIG Sep 21 07:33:26.694976: | setting ID to ID_DER_ASN1_DN: 'E=user-north@testing.libreswan.org,CN=north.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' Sep 21 07:33:26.694993: | loading left certificate 'north' pubkey Sep 21 07:33:26.695089: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55dbe1bf51c0 Sep 21 07:33:26.695094: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55dbe1bf5190 Sep 21 07:33:26.695097: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55dbe1bf1840 Sep 21 07:33:26.695223: | unreference key: 0x55dbe1bf18f0 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org cnt 1-- Sep 21 07:33:26.695382: | certs and keys locked by 'lsw_add_rsa_secret' Sep 21 07:33:26.695386: | certs and keys unlocked by 'lsw_add_rsa_secret' Sep 21 07:33:26.695396: | counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org is 0 Sep 21 07:33:26.695972: | setting ID to ID_DER_ASN1_DN: 'E=user-east@testing.libreswan.org,CN=east.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' Sep 21 07:33:26.695982: | loading right certificate 'east' pubkey Sep 21 07:33:26.696059: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55dbe1bf7260 Sep 21 07:33:26.696063: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55dbe1bf6100 Sep 21 07:33:26.696066: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55dbe1bf1840 Sep 21 07:33:26.696068: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55dbe1bf1870 Sep 21 07:33:26.696071: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55dbe1bf1ae0 Sep 21 07:33:26.696266: | unreference key: 0x55dbe1bf5730 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org cnt 1-- Sep 21 07:33:26.696366: | warning: no secret key loaded for right certificate with nickname east: NSS: cert private key not found Sep 21 07:33:26.696377: | counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org is 0 Sep 21 07:33:26.696388: | connect_to_host_pair: 192.1.3.33:500 192.1.2.23:500 -> hp@(nil): none Sep 21 07:33:26.696391: | new hp@0x55dbe1bf5b70 Sep 21 07:33:26.696396: added connection description "north-a-dpd" Sep 21 07:33:26.696409: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:33:26.696431: | 192.0.3.0/24===192.1.3.33<192.1.3.33>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org]---192.1.3.254...192.1.2.23<192.1.2.23>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org]===192.0.22.0/24 Sep 21 07:33:26.696447: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:33:26.696455: | spent 2.1 milliseconds in whack Sep 21 07:33:26.800344: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:33:26.800369: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:33:26.800373: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:33:26.800376: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:33:26.800378: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:33:26.800382: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:33:26.800389: | Added new connection northnet-eastnet-b with policy ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:33:26.800393: | No AUTH policy was set - defaulting to RSASIG Sep 21 07:33:26.800566: | setting ID to ID_DER_ASN1_DN: 'E=user-north@testing.libreswan.org,CN=north.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' Sep 21 07:33:26.800574: | loading left certificate 'north' pubkey Sep 21 07:33:26.800643: | unreference key: 0x55dbe1bf68b0 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org cnt 1-- Sep 21 07:33:26.800662: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55dbe1bfaf60 Sep 21 07:33:26.800666: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55dbe1bf7260 Sep 21 07:33:26.800669: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55dbe1bf6100 Sep 21 07:33:26.800725: | unreference key: 0x55dbe1bf5e60 @north.testing.libreswan.org cnt 1-- Sep 21 07:33:26.800779: | unreference key: 0x55dbe1bf62c0 user-north@testing.libreswan.org cnt 1-- Sep 21 07:33:26.800842: | unreference key: 0x55dbe1bfaff0 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org cnt 1-- Sep 21 07:33:26.800899: | secrets entry for north already exists Sep 21 07:33:26.800911: | counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org is 0 Sep 21 07:33:26.801006: | setting ID to ID_DER_ASN1_DN: 'E=user-east@testing.libreswan.org,CN=east.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' Sep 21 07:33:26.801013: | loading right certificate 'east' pubkey Sep 21 07:33:26.801072: | unreference key: 0x55dbe1bfbec0 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org cnt 1-- Sep 21 07:33:26.801086: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55dbe1bfaf60 Sep 21 07:33:26.801090: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55dbe1bf7260 Sep 21 07:33:26.801093: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55dbe1bf6100 Sep 21 07:33:26.801095: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55dbe1bf1840 Sep 21 07:33:26.801098: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55dbe1bf1870 Sep 21 07:33:26.801151: | unreference key: 0x55dbe1bfb0b0 192.1.2.23 cnt 1-- Sep 21 07:33:26.801206: | unreference key: 0x55dbe1bfb470 east@testing.libreswan.org cnt 1-- Sep 21 07:33:26.801257: | unreference key: 0x55dbe1bfb7a0 @east.testing.libreswan.org cnt 1-- Sep 21 07:33:26.801304: | unreference key: 0x55dbe1bfbb00 user-east@testing.libreswan.org cnt 1-- Sep 21 07:33:26.801346: | unreference key: 0x55dbe1bfae50 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org cnt 1-- Sep 21 07:33:26.801455: | warning: no secret key loaded for right certificate with nickname east: NSS: cert private key not found Sep 21 07:33:26.801473: | counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org is 0 Sep 21 07:33:26.801482: | find_host_pair: comparing 192.1.3.33:500 to 192.1.2.23:500 but ignoring ports Sep 21 07:33:26.801488: | connect_to_host_pair: 192.1.3.33:500 192.1.2.23:500 -> hp@0x55dbe1bf5b70: north-a-dpd Sep 21 07:33:26.801491: added connection description "northnet-eastnet-b" Sep 21 07:33:26.801503: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:33:26.801517: | 192.0.3.0/24===192.1.3.33<192.1.3.33>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org]---192.1.3.254...192.1.2.23<192.1.2.23>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org]===192.0.2.0/24 Sep 21 07:33:26.801523: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:33:26.801528: | spent 1.19 milliseconds in whack Sep 21 07:33:26.915192: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:33:26.915215: | dup_any(fd@16) -> fd@23 (in whack_process() at rcv_whack.c:590) Sep 21 07:33:26.915221: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:33:26.915225: initiating all conns with alias='north-b' Sep 21 07:33:26.915232: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:33:26.915239: | close_any(fd@23) (in initiate_connection() at initiate.c:384) Sep 21 07:33:26.915247: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:33:26.915252: | spent 0.0828 milliseconds in whack Sep 21 07:33:26.974420: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:33:26.974442: | dup_any(fd@16) -> fd@23 (in whack_process() at rcv_whack.c:590) Sep 21 07:33:26.974446: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:33:26.974451: | start processing: connection "north-a-dpd" (in initiate_a_connection() at initiate.c:186) Sep 21 07:33:26.974455: | empty esp_info, returning defaults for ENCRYPT Sep 21 07:33:26.974460: | connection 'north-a-dpd' +POLICY_UP Sep 21 07:33:26.974463: | dup_any(fd@23) -> fd@24 (in initiate_a_connection() at initiate.c:342) Sep 21 07:33:26.974466: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:33:26.974487: | creating state object #1 at 0x55dbe1bfcd60 Sep 21 07:33:26.974490: | State DB: adding IKEv1 state #1 in UNDEFINED Sep 21 07:33:26.974497: | pstats #1 ikev1.isakmp started Sep 21 07:33:26.974505: | suspend processing: connection "north-a-dpd" (in main_outI1() at ikev1_main.c:118) Sep 21 07:33:26.974510: | start processing: state #1 connection "north-a-dpd" from 192.1.2.23:500 (in main_outI1() at ikev1_main.c:118) Sep 21 07:33:26.974514: | parent state #1: UNDEFINED(ignore) => MAIN_I1(half-open IKE SA) Sep 21 07:33:26.974517: | dup_any(fd@24) -> fd@25 (in main_outI1() at ikev1_main.c:123) Sep 21 07:33:26.974522: | Queuing pending IPsec SA negotiating with 192.1.2.23 "north-a-dpd" IKE SA #1 "north-a-dpd" Sep 21 07:33:26.974525: "north-a-dpd" #1: initiating Main Mode Sep 21 07:33:26.974560: | **emit ISAKMP Message: Sep 21 07:33:26.974563: | initiator cookie: Sep 21 07:33:26.974565: | 01 a7 a6 fa 98 79 9e af Sep 21 07:33:26.974568: | responder cookie: Sep 21 07:33:26.974584: | 00 00 00 00 00 00 00 00 Sep 21 07:33:26.974587: | next payload type: ISAKMP_NEXT_SA (0x1) Sep 21 07:33:26.974590: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:33:26.974593: | exchange type: ISAKMP_XCHG_IDPROT (0x2) Sep 21 07:33:26.974595: | flags: none (0x0) Sep 21 07:33:26.974598: | Message ID: 0 (0x0) Sep 21 07:33:26.974601: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:33:26.974603: | next payload chain: ignoring supplied 'ISAKMP Message'.'next payload type' value 1:ISAKMP_NEXT_SA Sep 21 07:33:26.974611: | no specific IKE algorithms specified - using defaults Sep 21 07:33:26.974633: | oakley_alg_makedb() processing ealg=aes=7 halg=sha2_256=4 modp=MODP2048=14 eklen=0 Sep 21 07:33:26.974637: | oakley_alg_makedb() processing ealg=aes=7 halg=sha2_512=6 modp=MODP2048=14 eklen=0 Sep 21 07:33:26.974642: | oakley_alg_makedb() processing ealg=aes=7 halg=sha=2 modp=MODP2048=14 eklen=0 Sep 21 07:33:26.974648: | oakley_alg_makedb() processing ealg=aes=7 halg=sha2_256=4 modp=MODP1536=5 eklen=0 Sep 21 07:33:26.974652: | oakley_alg_makedb() processing ealg=aes=7 halg=sha2_512=6 modp=MODP1536=5 eklen=0 Sep 21 07:33:26.974657: | oakley_alg_makedb() processing ealg=aes=7 halg=sha=2 modp=MODP1536=5 eklen=0 Sep 21 07:33:26.974668: | oakley_alg_makedb() processing ealg=3des_cbc=5 halg=sha2_256=4 modp=MODP2048=14 eklen=0 Sep 21 07:33:26.974673: | oakley_alg_makedb() processing ealg=3des_cbc=5 halg=sha2_512=6 modp=MODP2048=14 eklen=0 Sep 21 07:33:26.974678: | oakley_alg_makedb() processing ealg=3des_cbc=5 halg=sha=2 modp=MODP2048=14 eklen=0 Sep 21 07:33:26.974682: | oakley_alg_makedb() processing ealg=3des_cbc=5 halg=sha2_256=4 modp=MODP1536=5 eklen=0 Sep 21 07:33:26.974686: | oakley_alg_makedb() processing ealg=3des_cbc=5 halg=sha2_512=6 modp=MODP1536=5 eklen=0 Sep 21 07:33:26.974691: | oakley_alg_makedb() processing ealg=3des_cbc=5 halg=sha=2 modp=MODP1536=5 eklen=0 Sep 21 07:33:26.974695: | oakley_alg_makedb() returning 0x55dbe1bfdf20 Sep 21 07:33:26.974700: | ***emit ISAKMP Security Association Payload: Sep 21 07:33:26.974703: | next payload type: ISAKMP_NEXT_VID (0xd) Sep 21 07:33:26.974705: | DOI: ISAKMP_DOI_IPSEC (0x1) Sep 21 07:33:26.974708: | next payload chain: ignoring supplied 'ISAKMP Security Association Payload'.'next payload type' value 13:ISAKMP_NEXT_VID Sep 21 07:33:26.974711: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Security Association Payload (1:ISAKMP_NEXT_SA) Sep 21 07:33:26.974714: | next payload chain: saving location 'ISAKMP Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:33:26.974717: | ****emit IPsec DOI SIT: Sep 21 07:33:26.974720: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) Sep 21 07:33:26.974723: | ikev1_out_sa pcn: 0 has 1 valid proposals Sep 21 07:33:26.974726: | ikev1_out_sa pcn: 0 pn: 0<1 valid_count: 1 trans_cnt: 18 Sep 21 07:33:26.974728: | ****emit ISAKMP Proposal Payload: Sep 21 07:33:26.974730: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:26.974733: | proposal number: 0 (0x0) Sep 21 07:33:26.974735: | protocol ID: PROTO_ISAKMP (0x1) Sep 21 07:33:26.974738: | SPI size: 0 (0x0) Sep 21 07:33:26.974740: | number of transforms: 18 (0x12) Sep 21 07:33:26.974743: | last substructure: saving location 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' Sep 21 07:33:26.974746: | *****emit ISAKMP Transform Payload (ISAKMP): Sep 21 07:33:26.974748: | next payload type: ISAKMP_NEXT_T (0x3) Sep 21 07:33:26.974750: | ISAKMP transform number: 0 (0x0) Sep 21 07:33:26.974753: | ISAKMP transform ID: KEY_IKE (0x1) Sep 21 07:33:26.974756: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Sep 21 07:33:26.974758: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.974761: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Sep 21 07:33:26.974764: | length/value: 1 (0x1) Sep 21 07:33:26.974767: | [1 is OAKLEY_LIFE_SECONDS] Sep 21 07:33:26.974769: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.974772: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Sep 21 07:33:26.974775: | length/value: 3600 (0xe10) Sep 21 07:33:26.974777: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.974780: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Sep 21 07:33:26.974782: | length/value: 7 (0x7) Sep 21 07:33:26.974788: | [7 is OAKLEY_AES_CBC] Sep 21 07:33:26.974790: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.974795: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Sep 21 07:33:26.974797: | length/value: 4 (0x4) Sep 21 07:33:26.974799: | [4 is OAKLEY_SHA2_256] Sep 21 07:33:26.974802: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.974804: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Sep 21 07:33:26.974806: | length/value: 3 (0x3) Sep 21 07:33:26.974809: | [3 is OAKLEY_RSA_SIG] Sep 21 07:33:26.974811: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.974814: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Sep 21 07:33:26.974828: | length/value: 14 (0xe) Sep 21 07:33:26.974831: | [14 is OAKLEY_GROUP_MODP2048] Sep 21 07:33:26.974833: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.974835: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) Sep 21 07:33:26.974838: | length/value: 256 (0x100) Sep 21 07:33:26.974840: | emitting length of ISAKMP Transform Payload (ISAKMP): 36 Sep 21 07:33:26.974843: | *****emit ISAKMP Transform Payload (ISAKMP): Sep 21 07:33:26.974845: | next payload type: ISAKMP_NEXT_T (0x3) Sep 21 07:33:26.974847: | ISAKMP transform number: 1 (0x1) Sep 21 07:33:26.974849: | ISAKMP transform ID: KEY_IKE (0x1) Sep 21 07:33:26.974853: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Sep 21 07:33:26.974855: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Sep 21 07:33:26.974858: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.974860: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Sep 21 07:33:26.974862: | length/value: 1 (0x1) Sep 21 07:33:26.974865: | [1 is OAKLEY_LIFE_SECONDS] Sep 21 07:33:26.974867: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.974869: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Sep 21 07:33:26.974871: | length/value: 3600 (0xe10) Sep 21 07:33:26.974874: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.974876: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Sep 21 07:33:26.974878: | length/value: 7 (0x7) Sep 21 07:33:26.974880: | [7 is OAKLEY_AES_CBC] Sep 21 07:33:26.974883: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.974885: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Sep 21 07:33:26.974887: | length/value: 4 (0x4) Sep 21 07:33:26.974890: | [4 is OAKLEY_SHA2_256] Sep 21 07:33:26.974892: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.974894: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Sep 21 07:33:26.974896: | length/value: 3 (0x3) Sep 21 07:33:26.974899: | [3 is OAKLEY_RSA_SIG] Sep 21 07:33:26.974901: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.974903: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Sep 21 07:33:26.974905: | length/value: 14 (0xe) Sep 21 07:33:26.974908: | [14 is OAKLEY_GROUP_MODP2048] Sep 21 07:33:26.974910: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.974912: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) Sep 21 07:33:26.974915: | length/value: 128 (0x80) Sep 21 07:33:26.974917: | emitting length of ISAKMP Transform Payload (ISAKMP): 36 Sep 21 07:33:26.974919: | *****emit ISAKMP Transform Payload (ISAKMP): Sep 21 07:33:26.974922: | next payload type: ISAKMP_NEXT_T (0x3) Sep 21 07:33:26.974924: | ISAKMP transform number: 2 (0x2) Sep 21 07:33:26.974926: | ISAKMP transform ID: KEY_IKE (0x1) Sep 21 07:33:26.974929: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Sep 21 07:33:26.974932: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Sep 21 07:33:26.974934: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.974936: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Sep 21 07:33:26.974938: | length/value: 1 (0x1) Sep 21 07:33:26.974941: | [1 is OAKLEY_LIFE_SECONDS] Sep 21 07:33:26.974943: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.974947: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Sep 21 07:33:26.974949: | length/value: 3600 (0xe10) Sep 21 07:33:26.974952: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.974954: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Sep 21 07:33:26.974956: | length/value: 7 (0x7) Sep 21 07:33:26.974958: | [7 is OAKLEY_AES_CBC] Sep 21 07:33:26.974961: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.974963: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Sep 21 07:33:26.974965: | length/value: 6 (0x6) Sep 21 07:33:26.974967: | [6 is OAKLEY_SHA2_512] Sep 21 07:33:26.974969: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.974972: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Sep 21 07:33:26.974974: | length/value: 3 (0x3) Sep 21 07:33:26.974976: | [3 is OAKLEY_RSA_SIG] Sep 21 07:33:26.974978: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.974981: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Sep 21 07:33:26.974983: | length/value: 14 (0xe) Sep 21 07:33:26.974985: | [14 is OAKLEY_GROUP_MODP2048] Sep 21 07:33:26.974988: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.974990: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) Sep 21 07:33:26.974992: | length/value: 256 (0x100) Sep 21 07:33:26.974995: | emitting length of ISAKMP Transform Payload (ISAKMP): 36 Sep 21 07:33:26.974997: | *****emit ISAKMP Transform Payload (ISAKMP): Sep 21 07:33:26.974999: | next payload type: ISAKMP_NEXT_T (0x3) Sep 21 07:33:26.975001: | ISAKMP transform number: 3 (0x3) Sep 21 07:33:26.975004: | ISAKMP transform ID: KEY_IKE (0x1) Sep 21 07:33:26.975006: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Sep 21 07:33:26.975009: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Sep 21 07:33:26.975011: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.975014: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Sep 21 07:33:26.975016: | length/value: 1 (0x1) Sep 21 07:33:26.975018: | [1 is OAKLEY_LIFE_SECONDS] Sep 21 07:33:26.975020: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.975023: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Sep 21 07:33:26.975025: | length/value: 3600 (0xe10) Sep 21 07:33:26.975027: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.975030: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Sep 21 07:33:26.975032: | length/value: 7 (0x7) Sep 21 07:33:26.975034: | [7 is OAKLEY_AES_CBC] Sep 21 07:33:26.975036: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.975038: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Sep 21 07:33:26.975041: | length/value: 6 (0x6) Sep 21 07:33:26.975043: | [6 is OAKLEY_SHA2_512] Sep 21 07:33:26.975046: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.975048: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Sep 21 07:33:26.975050: | length/value: 3 (0x3) Sep 21 07:33:26.975052: | [3 is OAKLEY_RSA_SIG] Sep 21 07:33:26.975055: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.975057: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Sep 21 07:33:26.975059: | length/value: 14 (0xe) Sep 21 07:33:26.975061: | [14 is OAKLEY_GROUP_MODP2048] Sep 21 07:33:26.975064: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.975066: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) Sep 21 07:33:26.975068: | length/value: 128 (0x80) Sep 21 07:33:26.975071: | emitting length of ISAKMP Transform Payload (ISAKMP): 36 Sep 21 07:33:26.975073: | *****emit ISAKMP Transform Payload (ISAKMP): Sep 21 07:33:26.975075: | next payload type: ISAKMP_NEXT_T (0x3) Sep 21 07:33:26.975077: | ISAKMP transform number: 4 (0x4) Sep 21 07:33:26.975080: | ISAKMP transform ID: KEY_IKE (0x1) Sep 21 07:33:26.975082: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Sep 21 07:33:26.975085: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Sep 21 07:33:26.975089: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.975091: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Sep 21 07:33:26.975093: | length/value: 1 (0x1) Sep 21 07:33:26.975096: | [1 is OAKLEY_LIFE_SECONDS] Sep 21 07:33:26.975098: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.975100: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Sep 21 07:33:26.975103: | length/value: 3600 (0xe10) Sep 21 07:33:26.975105: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.975107: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Sep 21 07:33:26.975109: | length/value: 7 (0x7) Sep 21 07:33:26.975112: | [7 is OAKLEY_AES_CBC] Sep 21 07:33:26.975114: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.975116: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Sep 21 07:33:26.975118: | length/value: 2 (0x2) Sep 21 07:33:26.975121: | [2 is OAKLEY_SHA1] Sep 21 07:33:26.975123: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.975125: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Sep 21 07:33:26.975128: | length/value: 3 (0x3) Sep 21 07:33:26.975130: | [3 is OAKLEY_RSA_SIG] Sep 21 07:33:26.975132: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.975134: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Sep 21 07:33:26.975136: | length/value: 14 (0xe) Sep 21 07:33:26.975139: | [14 is OAKLEY_GROUP_MODP2048] Sep 21 07:33:26.975141: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.975143: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) Sep 21 07:33:26.975145: | length/value: 256 (0x100) Sep 21 07:33:26.975148: | emitting length of ISAKMP Transform Payload (ISAKMP): 36 Sep 21 07:33:26.975150: | *****emit ISAKMP Transform Payload (ISAKMP): Sep 21 07:33:26.975152: | next payload type: ISAKMP_NEXT_T (0x3) Sep 21 07:33:26.975155: | ISAKMP transform number: 5 (0x5) Sep 21 07:33:26.975157: | ISAKMP transform ID: KEY_IKE (0x1) Sep 21 07:33:26.975160: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Sep 21 07:33:26.975162: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Sep 21 07:33:26.975165: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.975167: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Sep 21 07:33:26.975169: | length/value: 1 (0x1) Sep 21 07:33:26.975171: | [1 is OAKLEY_LIFE_SECONDS] Sep 21 07:33:26.975174: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.975176: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Sep 21 07:33:26.975178: | length/value: 3600 (0xe10) Sep 21 07:33:26.975181: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.975183: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Sep 21 07:33:26.975185: | length/value: 7 (0x7) Sep 21 07:33:26.975187: | [7 is OAKLEY_AES_CBC] Sep 21 07:33:26.975190: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.975192: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Sep 21 07:33:26.975194: | length/value: 2 (0x2) Sep 21 07:33:26.975196: | [2 is OAKLEY_SHA1] Sep 21 07:33:26.975198: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.975201: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Sep 21 07:33:26.975203: | length/value: 3 (0x3) Sep 21 07:33:26.975205: | [3 is OAKLEY_RSA_SIG] Sep 21 07:33:26.975207: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.975210: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Sep 21 07:33:26.975212: | length/value: 14 (0xe) Sep 21 07:33:26.975214: | [14 is OAKLEY_GROUP_MODP2048] Sep 21 07:33:26.975216: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.975219: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) Sep 21 07:33:26.975221: | length/value: 128 (0x80) Sep 21 07:33:26.975223: | emitting length of ISAKMP Transform Payload (ISAKMP): 36 Sep 21 07:33:26.975226: | *****emit ISAKMP Transform Payload (ISAKMP): Sep 21 07:33:26.975231: | next payload type: ISAKMP_NEXT_T (0x3) Sep 21 07:33:26.975234: | ISAKMP transform number: 6 (0x6) Sep 21 07:33:26.975236: | ISAKMP transform ID: KEY_IKE (0x1) Sep 21 07:33:26.975239: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Sep 21 07:33:26.975241: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Sep 21 07:33:26.975244: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.975246: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Sep 21 07:33:26.975248: | length/value: 1 (0x1) Sep 21 07:33:26.975250: | [1 is OAKLEY_LIFE_SECONDS] Sep 21 07:33:26.975253: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.975255: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Sep 21 07:33:26.975257: | length/value: 3600 (0xe10) Sep 21 07:33:26.975260: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.975262: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Sep 21 07:33:26.975264: | length/value: 7 (0x7) Sep 21 07:33:26.975266: | [7 is OAKLEY_AES_CBC] Sep 21 07:33:26.975269: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.975271: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Sep 21 07:33:26.975273: | length/value: 4 (0x4) Sep 21 07:33:26.975275: | [4 is OAKLEY_SHA2_256] Sep 21 07:33:26.975278: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.975280: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Sep 21 07:33:26.975282: | length/value: 3 (0x3) Sep 21 07:33:26.975284: | [3 is OAKLEY_RSA_SIG] Sep 21 07:33:26.975287: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.975289: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Sep 21 07:33:26.975291: | length/value: 5 (0x5) Sep 21 07:33:26.975294: | [5 is OAKLEY_GROUP_MODP1536] Sep 21 07:33:26.975296: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.975298: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) Sep 21 07:33:26.975300: | length/value: 256 (0x100) Sep 21 07:33:26.975303: | emitting length of ISAKMP Transform Payload (ISAKMP): 36 Sep 21 07:33:26.975305: | *****emit ISAKMP Transform Payload (ISAKMP): Sep 21 07:33:26.975308: | next payload type: ISAKMP_NEXT_T (0x3) Sep 21 07:33:26.975310: | ISAKMP transform number: 7 (0x7) Sep 21 07:33:26.975312: | ISAKMP transform ID: KEY_IKE (0x1) Sep 21 07:33:26.975315: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Sep 21 07:33:26.975317: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Sep 21 07:33:26.975320: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.975322: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Sep 21 07:33:26.975324: | length/value: 1 (0x1) Sep 21 07:33:26.975327: | [1 is OAKLEY_LIFE_SECONDS] Sep 21 07:33:26.975329: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.975331: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Sep 21 07:33:26.975334: | length/value: 3600 (0xe10) Sep 21 07:33:26.975336: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.975338: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Sep 21 07:33:26.975340: | length/value: 7 (0x7) Sep 21 07:33:26.975343: | [7 is OAKLEY_AES_CBC] Sep 21 07:33:26.975345: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.975347: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Sep 21 07:33:26.975349: | length/value: 4 (0x4) Sep 21 07:33:26.975352: | [4 is OAKLEY_SHA2_256] Sep 21 07:33:26.975354: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.975356: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Sep 21 07:33:26.975358: | length/value: 3 (0x3) Sep 21 07:33:26.975361: | [3 is OAKLEY_RSA_SIG] Sep 21 07:33:26.975363: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.975365: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Sep 21 07:33:26.975368: | length/value: 5 (0x5) Sep 21 07:33:26.975371: | [5 is OAKLEY_GROUP_MODP1536] Sep 21 07:33:26.975373: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.975376: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) Sep 21 07:33:26.975378: | length/value: 128 (0x80) Sep 21 07:33:26.975380: | emitting length of ISAKMP Transform Payload (ISAKMP): 36 Sep 21 07:33:26.975383: | *****emit ISAKMP Transform Payload (ISAKMP): Sep 21 07:33:26.975385: | next payload type: ISAKMP_NEXT_T (0x3) Sep 21 07:33:26.975387: | ISAKMP transform number: 8 (0x8) Sep 21 07:33:26.975389: | ISAKMP transform ID: KEY_IKE (0x1) Sep 21 07:33:26.975392: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Sep 21 07:33:26.975395: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Sep 21 07:33:26.975397: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.975399: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Sep 21 07:33:26.975402: | length/value: 1 (0x1) Sep 21 07:33:26.975404: | [1 is OAKLEY_LIFE_SECONDS] Sep 21 07:33:26.975406: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.975409: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Sep 21 07:33:26.975411: | length/value: 3600 (0xe10) Sep 21 07:33:26.975413: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.975415: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Sep 21 07:33:26.975418: | length/value: 7 (0x7) Sep 21 07:33:26.975420: | [7 is OAKLEY_AES_CBC] Sep 21 07:33:26.975422: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.975424: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Sep 21 07:33:26.975427: | length/value: 6 (0x6) Sep 21 07:33:26.975429: | [6 is OAKLEY_SHA2_512] Sep 21 07:33:26.975431: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.975434: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Sep 21 07:33:26.975436: | length/value: 3 (0x3) Sep 21 07:33:26.975438: | [3 is OAKLEY_RSA_SIG] Sep 21 07:33:26.975440: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.975443: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Sep 21 07:33:26.975445: | length/value: 5 (0x5) Sep 21 07:33:26.975447: | [5 is OAKLEY_GROUP_MODP1536] Sep 21 07:33:26.975449: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.975452: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) Sep 21 07:33:26.975454: | length/value: 256 (0x100) Sep 21 07:33:26.975456: | emitting length of ISAKMP Transform Payload (ISAKMP): 36 Sep 21 07:33:26.975459: | *****emit ISAKMP Transform Payload (ISAKMP): Sep 21 07:33:26.975461: | next payload type: ISAKMP_NEXT_T (0x3) Sep 21 07:33:26.975463: | ISAKMP transform number: 9 (0x9) Sep 21 07:33:26.975466: | ISAKMP transform ID: KEY_IKE (0x1) Sep 21 07:33:26.975468: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Sep 21 07:33:26.975471: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Sep 21 07:33:26.975473: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.975476: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Sep 21 07:33:26.975478: | length/value: 1 (0x1) Sep 21 07:33:26.975480: | [1 is OAKLEY_LIFE_SECONDS] Sep 21 07:33:26.975482: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.975485: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Sep 21 07:33:26.975487: | length/value: 3600 (0xe10) Sep 21 07:33:26.975489: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.975492: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Sep 21 07:33:26.975494: | length/value: 7 (0x7) Sep 21 07:33:26.975496: | [7 is OAKLEY_AES_CBC] Sep 21 07:33:26.975499: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.975501: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Sep 21 07:33:26.975503: | length/value: 6 (0x6) Sep 21 07:33:26.975505: | [6 is OAKLEY_SHA2_512] Sep 21 07:33:26.975508: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.975511: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Sep 21 07:33:26.975513: | length/value: 3 (0x3) Sep 21 07:33:26.975516: | [3 is OAKLEY_RSA_SIG] Sep 21 07:33:26.975518: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.975520: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Sep 21 07:33:26.975522: | length/value: 5 (0x5) Sep 21 07:33:26.975525: | [5 is OAKLEY_GROUP_MODP1536] Sep 21 07:33:26.975527: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.975529: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) Sep 21 07:33:26.975531: | length/value: 128 (0x80) Sep 21 07:33:26.975534: | emitting length of ISAKMP Transform Payload (ISAKMP): 36 Sep 21 07:33:26.975536: | *****emit ISAKMP Transform Payload (ISAKMP): Sep 21 07:33:26.975538: | next payload type: ISAKMP_NEXT_T (0x3) Sep 21 07:33:26.975541: | ISAKMP transform number: 10 (0xa) Sep 21 07:33:26.975543: | ISAKMP transform ID: KEY_IKE (0x1) Sep 21 07:33:26.975546: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Sep 21 07:33:26.975548: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Sep 21 07:33:26.975551: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.975553: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Sep 21 07:33:26.975555: | length/value: 1 (0x1) Sep 21 07:33:26.975558: | [1 is OAKLEY_LIFE_SECONDS] Sep 21 07:33:26.975560: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.975562: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Sep 21 07:33:26.975565: | length/value: 3600 (0xe10) Sep 21 07:33:26.975567: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.975569: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Sep 21 07:33:26.975571: | length/value: 7 (0x7) Sep 21 07:33:26.975574: | [7 is OAKLEY_AES_CBC] Sep 21 07:33:26.975576: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.975578: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Sep 21 07:33:26.975580: | length/value: 2 (0x2) Sep 21 07:33:26.975583: | [2 is OAKLEY_SHA1] Sep 21 07:33:26.975585: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.975587: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Sep 21 07:33:26.975589: | length/value: 3 (0x3) Sep 21 07:33:26.975592: | [3 is OAKLEY_RSA_SIG] Sep 21 07:33:26.975594: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.975596: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Sep 21 07:33:26.975598: | length/value: 5 (0x5) Sep 21 07:33:26.975601: | [5 is OAKLEY_GROUP_MODP1536] Sep 21 07:33:26.975603: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.975605: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) Sep 21 07:33:26.975607: | length/value: 256 (0x100) Sep 21 07:33:26.975610: | emitting length of ISAKMP Transform Payload (ISAKMP): 36 Sep 21 07:33:26.975612: | *****emit ISAKMP Transform Payload (ISAKMP): Sep 21 07:33:26.975614: | next payload type: ISAKMP_NEXT_T (0x3) Sep 21 07:33:26.975617: | ISAKMP transform number: 11 (0xb) Sep 21 07:33:26.975619: | ISAKMP transform ID: KEY_IKE (0x1) Sep 21 07:33:26.975622: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Sep 21 07:33:26.975624: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Sep 21 07:33:26.975627: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.975629: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Sep 21 07:33:26.975631: | length/value: 1 (0x1) Sep 21 07:33:26.975634: | [1 is OAKLEY_LIFE_SECONDS] Sep 21 07:33:26.975636: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.975638: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Sep 21 07:33:26.975641: | length/value: 3600 (0xe10) Sep 21 07:33:26.975643: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.975645: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Sep 21 07:33:26.975649: | length/value: 7 (0x7) Sep 21 07:33:26.975651: | [7 is OAKLEY_AES_CBC] Sep 21 07:33:26.975653: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.975656: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Sep 21 07:33:26.975658: | length/value: 2 (0x2) Sep 21 07:33:26.975660: | [2 is OAKLEY_SHA1] Sep 21 07:33:26.975662: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.975665: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Sep 21 07:33:26.975667: | length/value: 3 (0x3) Sep 21 07:33:26.975669: | [3 is OAKLEY_RSA_SIG] Sep 21 07:33:26.975671: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.975674: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Sep 21 07:33:26.975676: | length/value: 5 (0x5) Sep 21 07:33:26.975678: | [5 is OAKLEY_GROUP_MODP1536] Sep 21 07:33:26.975680: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.975683: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) Sep 21 07:33:26.975685: | length/value: 128 (0x80) Sep 21 07:33:26.975687: | emitting length of ISAKMP Transform Payload (ISAKMP): 36 Sep 21 07:33:26.975690: | *****emit ISAKMP Transform Payload (ISAKMP): Sep 21 07:33:26.975692: | next payload type: ISAKMP_NEXT_T (0x3) Sep 21 07:33:26.975694: | ISAKMP transform number: 12 (0xc) Sep 21 07:33:26.975697: | ISAKMP transform ID: KEY_IKE (0x1) Sep 21 07:33:26.975699: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Sep 21 07:33:26.975702: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Sep 21 07:33:26.975704: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.975707: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Sep 21 07:33:26.975709: | length/value: 1 (0x1) Sep 21 07:33:26.975711: | [1 is OAKLEY_LIFE_SECONDS] Sep 21 07:33:26.975713: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.975716: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Sep 21 07:33:26.975718: | length/value: 3600 (0xe10) Sep 21 07:33:26.975720: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.975723: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Sep 21 07:33:26.975725: | length/value: 5 (0x5) Sep 21 07:33:26.975727: | [5 is OAKLEY_3DES_CBC] Sep 21 07:33:26.975729: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.975732: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Sep 21 07:33:26.975734: | length/value: 4 (0x4) Sep 21 07:33:26.975736: | [4 is OAKLEY_SHA2_256] Sep 21 07:33:26.975738: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.975741: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Sep 21 07:33:26.975743: | length/value: 3 (0x3) Sep 21 07:33:26.975745: | [3 is OAKLEY_RSA_SIG] Sep 21 07:33:26.975747: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.975750: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Sep 21 07:33:26.975752: | length/value: 14 (0xe) Sep 21 07:33:26.975754: | [14 is OAKLEY_GROUP_MODP2048] Sep 21 07:33:26.975757: | emitting length of ISAKMP Transform Payload (ISAKMP): 32 Sep 21 07:33:26.975759: | *****emit ISAKMP Transform Payload (ISAKMP): Sep 21 07:33:26.975761: | next payload type: ISAKMP_NEXT_T (0x3) Sep 21 07:33:26.975763: | ISAKMP transform number: 13 (0xd) Sep 21 07:33:26.975766: | ISAKMP transform ID: KEY_IKE (0x1) Sep 21 07:33:26.975769: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Sep 21 07:33:26.975771: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Sep 21 07:33:26.975773: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.975776: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Sep 21 07:33:26.975778: | length/value: 1 (0x1) Sep 21 07:33:26.975780: | [1 is OAKLEY_LIFE_SECONDS] Sep 21 07:33:26.975785: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.975802: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Sep 21 07:33:26.975806: | length/value: 3600 (0xe10) Sep 21 07:33:26.975811: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.975814: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Sep 21 07:33:26.975816: | length/value: 5 (0x5) Sep 21 07:33:26.975818: | [5 is OAKLEY_3DES_CBC] Sep 21 07:33:26.975821: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.975823: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Sep 21 07:33:26.975826: | length/value: 6 (0x6) Sep 21 07:33:26.975840: | [6 is OAKLEY_SHA2_512] Sep 21 07:33:26.975842: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.975845: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Sep 21 07:33:26.975847: | length/value: 3 (0x3) Sep 21 07:33:26.975850: | [3 is OAKLEY_RSA_SIG] Sep 21 07:33:26.975852: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.975854: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Sep 21 07:33:26.975856: | length/value: 14 (0xe) Sep 21 07:33:26.975859: | [14 is OAKLEY_GROUP_MODP2048] Sep 21 07:33:26.975861: | emitting length of ISAKMP Transform Payload (ISAKMP): 32 Sep 21 07:33:26.975863: | *****emit ISAKMP Transform Payload (ISAKMP): Sep 21 07:33:26.975865: | next payload type: ISAKMP_NEXT_T (0x3) Sep 21 07:33:26.975868: | ISAKMP transform number: 14 (0xe) Sep 21 07:33:26.975870: | ISAKMP transform ID: KEY_IKE (0x1) Sep 21 07:33:26.975873: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Sep 21 07:33:26.975875: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Sep 21 07:33:26.975878: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.975880: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Sep 21 07:33:26.975882: | length/value: 1 (0x1) Sep 21 07:33:26.975884: | [1 is OAKLEY_LIFE_SECONDS] Sep 21 07:33:26.975887: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.975889: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Sep 21 07:33:26.975891: | length/value: 3600 (0xe10) Sep 21 07:33:26.975894: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.975896: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Sep 21 07:33:26.975898: | length/value: 5 (0x5) Sep 21 07:33:26.975900: | [5 is OAKLEY_3DES_CBC] Sep 21 07:33:26.975903: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.975905: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Sep 21 07:33:26.975907: | length/value: 2 (0x2) Sep 21 07:33:26.975909: | [2 is OAKLEY_SHA1] Sep 21 07:33:26.975912: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.975914: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Sep 21 07:33:26.975916: | length/value: 3 (0x3) Sep 21 07:33:26.975919: | [3 is OAKLEY_RSA_SIG] Sep 21 07:33:26.975921: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.975923: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Sep 21 07:33:26.975925: | length/value: 14 (0xe) Sep 21 07:33:26.975928: | [14 is OAKLEY_GROUP_MODP2048] Sep 21 07:33:26.975930: | emitting length of ISAKMP Transform Payload (ISAKMP): 32 Sep 21 07:33:26.975932: | *****emit ISAKMP Transform Payload (ISAKMP): Sep 21 07:33:26.975934: | next payload type: ISAKMP_NEXT_T (0x3) Sep 21 07:33:26.975937: | ISAKMP transform number: 15 (0xf) Sep 21 07:33:26.975939: | ISAKMP transform ID: KEY_IKE (0x1) Sep 21 07:33:26.975942: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Sep 21 07:33:26.975944: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Sep 21 07:33:26.975947: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.975949: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Sep 21 07:33:26.975951: | length/value: 1 (0x1) Sep 21 07:33:26.975954: | [1 is OAKLEY_LIFE_SECONDS] Sep 21 07:33:26.975956: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.975959: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Sep 21 07:33:26.975962: | length/value: 3600 (0xe10) Sep 21 07:33:26.975964: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.975966: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Sep 21 07:33:26.975968: | length/value: 5 (0x5) Sep 21 07:33:26.975971: | [5 is OAKLEY_3DES_CBC] Sep 21 07:33:26.975973: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.975976: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Sep 21 07:33:26.975978: | length/value: 4 (0x4) Sep 21 07:33:26.975980: | [4 is OAKLEY_SHA2_256] Sep 21 07:33:26.975982: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.975985: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Sep 21 07:33:26.975987: | length/value: 3 (0x3) Sep 21 07:33:26.975989: | [3 is OAKLEY_RSA_SIG] Sep 21 07:33:26.975991: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.975994: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Sep 21 07:33:26.975996: | length/value: 5 (0x5) Sep 21 07:33:26.975998: | [5 is OAKLEY_GROUP_MODP1536] Sep 21 07:33:26.976001: | emitting length of ISAKMP Transform Payload (ISAKMP): 32 Sep 21 07:33:26.976003: | *****emit ISAKMP Transform Payload (ISAKMP): Sep 21 07:33:26.976005: | next payload type: ISAKMP_NEXT_T (0x3) Sep 21 07:33:26.976007: | ISAKMP transform number: 16 (0x10) Sep 21 07:33:26.976010: | ISAKMP transform ID: KEY_IKE (0x1) Sep 21 07:33:26.976012: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Sep 21 07:33:26.976015: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Sep 21 07:33:26.976017: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.976020: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Sep 21 07:33:26.976022: | length/value: 1 (0x1) Sep 21 07:33:26.976024: | [1 is OAKLEY_LIFE_SECONDS] Sep 21 07:33:26.976026: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.976029: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Sep 21 07:33:26.976031: | length/value: 3600 (0xe10) Sep 21 07:33:26.976033: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.976036: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Sep 21 07:33:26.976038: | length/value: 5 (0x5) Sep 21 07:33:26.976041: | [5 is OAKLEY_3DES_CBC] Sep 21 07:33:26.976043: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.976045: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Sep 21 07:33:26.976047: | length/value: 6 (0x6) Sep 21 07:33:26.976050: | [6 is OAKLEY_SHA2_512] Sep 21 07:33:26.976052: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.976054: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Sep 21 07:33:26.976056: | length/value: 3 (0x3) Sep 21 07:33:26.976059: | [3 is OAKLEY_RSA_SIG] Sep 21 07:33:26.976061: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.976063: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Sep 21 07:33:26.976065: | length/value: 5 (0x5) Sep 21 07:33:26.976068: | [5 is OAKLEY_GROUP_MODP1536] Sep 21 07:33:26.976070: | emitting length of ISAKMP Transform Payload (ISAKMP): 32 Sep 21 07:33:26.976072: | *****emit ISAKMP Transform Payload (ISAKMP): Sep 21 07:33:26.976075: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:26.976077: | ISAKMP transform number: 17 (0x11) Sep 21 07:33:26.976079: | ISAKMP transform ID: KEY_IKE (0x1) Sep 21 07:33:26.976082: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Sep 21 07:33:26.976084: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Sep 21 07:33:26.976087: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.976089: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Sep 21 07:33:26.976091: | length/value: 1 (0x1) Sep 21 07:33:26.976094: | [1 is OAKLEY_LIFE_SECONDS] Sep 21 07:33:26.976097: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.976099: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Sep 21 07:33:26.976102: | length/value: 3600 (0xe10) Sep 21 07:33:26.976104: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.976107: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Sep 21 07:33:26.976109: | length/value: 5 (0x5) Sep 21 07:33:26.976111: | [5 is OAKLEY_3DES_CBC] Sep 21 07:33:26.976113: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.976116: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Sep 21 07:33:26.976118: | length/value: 2 (0x2) Sep 21 07:33:26.976120: | [2 is OAKLEY_SHA1] Sep 21 07:33:26.976122: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.976125: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Sep 21 07:33:26.976127: | length/value: 3 (0x3) Sep 21 07:33:26.976129: | [3 is OAKLEY_RSA_SIG] Sep 21 07:33:26.976131: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:26.976133: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Sep 21 07:33:26.976136: | length/value: 5 (0x5) Sep 21 07:33:26.976138: | [5 is OAKLEY_GROUP_MODP1536] Sep 21 07:33:26.976140: | emitting length of ISAKMP Transform Payload (ISAKMP): 32 Sep 21 07:33:26.976142: | emitting length of ISAKMP Proposal Payload: 632 Sep 21 07:33:26.976145: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is 0 Sep 21 07:33:26.976147: | emitting length of ISAKMP Security Association Payload: 644 Sep 21 07:33:26.976150: | last substructure: checking 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' is 0 Sep 21 07:33:26.976154: | out_vid(): sending [FRAGMENTATION] Sep 21 07:33:26.976156: | ***emit ISAKMP Vendor ID Payload: Sep 21 07:33:26.976158: | next payload type: ISAKMP_NEXT_VID (0xd) Sep 21 07:33:26.976161: | next payload chain: ignoring supplied 'ISAKMP Vendor ID Payload'.'next payload type' value 13:ISAKMP_NEXT_VID Sep 21 07:33:26.976164: | next payload chain: setting previous 'ISAKMP Security Association Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) Sep 21 07:33:26.976167: | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' Sep 21 07:33:26.976170: | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload Sep 21 07:33:26.976173: | V_ID 40 48 b7 d5 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3 Sep 21 07:33:26.976175: | emitting length of ISAKMP Vendor ID Payload: 20 Sep 21 07:33:26.976177: | out_vid(): sending [Dead Peer Detection] Sep 21 07:33:26.976180: | ***emit ISAKMP Vendor ID Payload: Sep 21 07:33:26.976182: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:26.976185: | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) Sep 21 07:33:26.976187: | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' Sep 21 07:33:26.976190: | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload Sep 21 07:33:26.976192: | V_ID af ca d7 13 68 a1 f1 c9 6b 86 96 fc 77 57 01 00 Sep 21 07:33:26.976194: | emitting length of ISAKMP Vendor ID Payload: 20 Sep 21 07:33:26.976197: | nat add vid Sep 21 07:33:26.976199: | sending draft and RFC NATT VIDs Sep 21 07:33:26.976201: | out_vid(): sending [RFC 3947] Sep 21 07:33:26.976203: | ***emit ISAKMP Vendor ID Payload: Sep 21 07:33:26.976205: | next payload type: ISAKMP_NEXT_VID (0xd) Sep 21 07:33:26.976208: | next payload chain: ignoring supplied 'ISAKMP Vendor ID Payload'.'next payload type' value 13:ISAKMP_NEXT_VID Sep 21 07:33:26.976211: | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) Sep 21 07:33:26.976213: | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' Sep 21 07:33:26.976216: | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload Sep 21 07:33:26.976219: | V_ID 4a 13 1c 81 07 03 58 45 5c 57 28 f2 0e 95 45 2f Sep 21 07:33:26.976222: | emitting length of ISAKMP Vendor ID Payload: 20 Sep 21 07:33:26.976224: | skipping VID_NATT_RFC Sep 21 07:33:26.976226: | out_vid(): sending [draft-ietf-ipsec-nat-t-ike-03] Sep 21 07:33:26.976228: | ***emit ISAKMP Vendor ID Payload: Sep 21 07:33:26.976231: | next payload type: ISAKMP_NEXT_VID (0xd) Sep 21 07:33:26.976234: | next payload chain: ignoring supplied 'ISAKMP Vendor ID Payload'.'next payload type' value 13:ISAKMP_NEXT_VID Sep 21 07:33:26.976236: | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) Sep 21 07:33:26.976239: | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' Sep 21 07:33:26.976241: | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload Sep 21 07:33:26.976244: | V_ID 7d 94 19 a6 53 10 ca 6f 2c 17 9d 92 15 52 9d 56 Sep 21 07:33:26.976246: | emitting length of ISAKMP Vendor ID Payload: 20 Sep 21 07:33:26.976248: | out_vid(): sending [draft-ietf-ipsec-nat-t-ike-02_n] Sep 21 07:33:26.976251: | ***emit ISAKMP Vendor ID Payload: Sep 21 07:33:26.976253: | next payload type: ISAKMP_NEXT_VID (0xd) Sep 21 07:33:26.976255: | next payload chain: ignoring supplied 'ISAKMP Vendor ID Payload'.'next payload type' value 13:ISAKMP_NEXT_VID Sep 21 07:33:26.976258: | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) Sep 21 07:33:26.976261: | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' Sep 21 07:33:26.976263: | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload Sep 21 07:33:26.976265: | V_ID 90 cb 80 91 3e bb 69 6e 08 63 81 b5 ec 42 7b 1f Sep 21 07:33:26.976268: | emitting length of ISAKMP Vendor ID Payload: 20 Sep 21 07:33:26.976270: | out_vid(): sending [draft-ietf-ipsec-nat-t-ike-02] Sep 21 07:33:26.976272: | ***emit ISAKMP Vendor ID Payload: Sep 21 07:33:26.976274: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:26.976277: | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) Sep 21 07:33:26.976280: | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' Sep 21 07:33:26.976282: | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload Sep 21 07:33:26.976285: | V_ID cd 60 46 43 35 df 21 f8 7c fd b2 fc 68 b6 a4 48 Sep 21 07:33:26.976287: | emitting length of ISAKMP Vendor ID Payload: 20 Sep 21 07:33:26.976289: | no IKEv1 message padding required Sep 21 07:33:26.976291: | emitting length of ISAKMP Message: 792 Sep 21 07:33:26.976305: | sending 792 bytes for reply packet for main_outI1 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Sep 21 07:33:26.976308: | 01 a7 a6 fa 98 79 9e af 00 00 00 00 00 00 00 00 Sep 21 07:33:26.976310: | 01 10 02 00 00 00 00 00 00 00 03 18 0d 00 02 84 Sep 21 07:33:26.976312: | 00 00 00 01 00 00 00 01 00 00 02 78 00 01 00 12 Sep 21 07:33:26.976314: | 03 00 00 24 00 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:33:26.976317: | 80 01 00 07 80 02 00 04 80 03 00 03 80 04 00 0e Sep 21 07:33:26.976319: | 80 0e 01 00 03 00 00 24 01 01 00 00 80 0b 00 01 Sep 21 07:33:26.976321: | 80 0c 0e 10 80 01 00 07 80 02 00 04 80 03 00 03 Sep 21 07:33:26.976323: | 80 04 00 0e 80 0e 00 80 03 00 00 24 02 01 00 00 Sep 21 07:33:26.976325: | 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 06 Sep 21 07:33:26.976327: | 80 03 00 03 80 04 00 0e 80 0e 01 00 03 00 00 24 Sep 21 07:33:26.976330: | 03 01 00 00 80 0b 00 01 80 0c 0e 10 80 01 00 07 Sep 21 07:33:26.976332: | 80 02 00 06 80 03 00 03 80 04 00 0e 80 0e 00 80 Sep 21 07:33:26.976334: | 03 00 00 24 04 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:33:26.976336: | 80 01 00 07 80 02 00 02 80 03 00 03 80 04 00 0e Sep 21 07:33:26.976340: | 80 0e 01 00 03 00 00 24 05 01 00 00 80 0b 00 01 Sep 21 07:33:26.976342: | 80 0c 0e 10 80 01 00 07 80 02 00 02 80 03 00 03 Sep 21 07:33:26.976344: | 80 04 00 0e 80 0e 00 80 03 00 00 24 06 01 00 00 Sep 21 07:33:26.976346: | 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 04 Sep 21 07:33:26.976348: | 80 03 00 03 80 04 00 05 80 0e 01 00 03 00 00 24 Sep 21 07:33:26.976351: | 07 01 00 00 80 0b 00 01 80 0c 0e 10 80 01 00 07 Sep 21 07:33:26.976353: | 80 02 00 04 80 03 00 03 80 04 00 05 80 0e 00 80 Sep 21 07:33:26.976355: | 03 00 00 24 08 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:33:26.976357: | 80 01 00 07 80 02 00 06 80 03 00 03 80 04 00 05 Sep 21 07:33:26.976359: | 80 0e 01 00 03 00 00 24 09 01 00 00 80 0b 00 01 Sep 21 07:33:26.976362: | 80 0c 0e 10 80 01 00 07 80 02 00 06 80 03 00 03 Sep 21 07:33:26.976364: | 80 04 00 05 80 0e 00 80 03 00 00 24 0a 01 00 00 Sep 21 07:33:26.976366: | 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 02 Sep 21 07:33:26.976368: | 80 03 00 03 80 04 00 05 80 0e 01 00 03 00 00 24 Sep 21 07:33:26.976370: | 0b 01 00 00 80 0b 00 01 80 0c 0e 10 80 01 00 07 Sep 21 07:33:26.976373: | 80 02 00 02 80 03 00 03 80 04 00 05 80 0e 00 80 Sep 21 07:33:26.976375: | 03 00 00 20 0c 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:33:26.976377: | 80 01 00 05 80 02 00 04 80 03 00 03 80 04 00 0e Sep 21 07:33:26.976379: | 03 00 00 20 0d 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:33:26.976381: | 80 01 00 05 80 02 00 06 80 03 00 03 80 04 00 0e Sep 21 07:33:26.976383: | 03 00 00 20 0e 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:33:26.976386: | 80 01 00 05 80 02 00 02 80 03 00 03 80 04 00 0e Sep 21 07:33:26.976388: | 03 00 00 20 0f 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:33:26.976390: | 80 01 00 05 80 02 00 04 80 03 00 03 80 04 00 05 Sep 21 07:33:26.976392: | 03 00 00 20 10 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:33:26.976394: | 80 01 00 05 80 02 00 06 80 03 00 03 80 04 00 05 Sep 21 07:33:26.976396: | 00 00 00 20 11 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:33:26.976399: | 80 01 00 05 80 02 00 02 80 03 00 03 80 04 00 05 Sep 21 07:33:26.976401: | 0d 00 00 14 40 48 b7 d5 6e bc e8 85 25 e7 de 7f Sep 21 07:33:26.976403: | 00 d6 c2 d3 0d 00 00 14 af ca d7 13 68 a1 f1 c9 Sep 21 07:33:26.976405: | 6b 86 96 fc 77 57 01 00 0d 00 00 14 4a 13 1c 81 Sep 21 07:33:26.976407: | 07 03 58 45 5c 57 28 f2 0e 95 45 2f 0d 00 00 14 Sep 21 07:33:26.976410: | 7d 94 19 a6 53 10 ca 6f 2c 17 9d 92 15 52 9d 56 Sep 21 07:33:26.976412: | 0d 00 00 14 90 cb 80 91 3e bb 69 6e 08 63 81 b5 Sep 21 07:33:26.976414: | ec 42 7b 1f 00 00 00 14 cd 60 46 43 35 df 21 f8 Sep 21 07:33:26.976416: | 7c fd b2 fc 68 b6 a4 48 Sep 21 07:33:26.976522: | event_schedule: new EVENT_RETRANSMIT-pe@0x55dbe1bf1aa0 Sep 21 07:33:26.976528: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #1 Sep 21 07:33:26.976531: | libevent_malloc: new ptr-libevent@0x55dbe1bf51f0 size 128 Sep 21 07:33:26.976538: | #1 STATE_MAIN_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 49853.344771 Sep 21 07:33:26.976548: | #1 spent 2.02 milliseconds in main_outI1() Sep 21 07:33:26.976554: | stop processing: state #1 connection "north-a-dpd" from 192.1.2.23:500 (in main_outI1() at ikev1_main.c:228) Sep 21 07:33:26.976557: | resume processing: connection "north-a-dpd" (in main_outI1() at ikev1_main.c:228) Sep 21 07:33:26.976560: | stop processing: connection "north-a-dpd" (in initiate_a_connection() at initiate.c:349) Sep 21 07:33:26.976564: | close_any(fd@23) (in initiate_connection() at initiate.c:372) Sep 21 07:33:26.976567: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:33:26.976571: | spent 2.09 milliseconds in whack Sep 21 07:33:26.977279: | spent 0.00184 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:33:26.977308: | *received 144 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Sep 21 07:33:26.977313: | 01 a7 a6 fa 98 79 9e af 66 81 7f f0 7d 2f b4 22 Sep 21 07:33:26.977316: | 01 10 02 00 00 00 00 00 00 00 00 90 0d 00 00 38 Sep 21 07:33:26.977318: | 00 00 00 01 00 00 00 01 00 00 00 2c 00 01 00 01 Sep 21 07:33:26.977320: | 00 00 00 24 00 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:33:26.977322: | 80 01 00 07 80 02 00 04 80 03 00 03 80 04 00 0e Sep 21 07:33:26.977324: | 80 0e 01 00 0d 00 00 14 40 48 b7 d5 6e bc e8 85 Sep 21 07:33:26.977327: | 25 e7 de 7f 00 d6 c2 d3 0d 00 00 14 af ca d7 13 Sep 21 07:33:26.977329: | 68 a1 f1 c9 6b 86 96 fc 77 57 01 00 00 00 00 14 Sep 21 07:33:26.977331: | 4a 13 1c 81 07 03 58 45 5c 57 28 f2 0e 95 45 2f Sep 21 07:33:26.977335: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:33:26.977338: | **parse ISAKMP Message: Sep 21 07:33:26.977340: | initiator cookie: Sep 21 07:33:26.977342: | 01 a7 a6 fa 98 79 9e af Sep 21 07:33:26.977345: | responder cookie: Sep 21 07:33:26.977347: | 66 81 7f f0 7d 2f b4 22 Sep 21 07:33:26.977349: | next payload type: ISAKMP_NEXT_SA (0x1) Sep 21 07:33:26.977352: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:33:26.977354: | exchange type: ISAKMP_XCHG_IDPROT (0x2) Sep 21 07:33:26.977357: | flags: none (0x0) Sep 21 07:33:26.977359: | Message ID: 0 (0x0) Sep 21 07:33:26.977361: | length: 144 (0x90) Sep 21 07:33:26.977364: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) Sep 21 07:33:26.977367: | State DB: IKEv1 state not found (find_state_ikev1) Sep 21 07:33:26.977370: | State DB: found IKEv1 state #1 in MAIN_I1 (find_state_ikev1_init) Sep 21 07:33:26.977374: | start processing: state #1 connection "north-a-dpd" from 192.1.2.23:500 (in process_v1_packet() at ikev1.c:1435) Sep 21 07:33:26.977377: | #1 is idle Sep 21 07:33:26.977379: | #1 idle Sep 21 07:33:26.977383: | got payload 0x2 (ISAKMP_NEXT_SA) needed: 0x2 opt: 0x2080 Sep 21 07:33:26.977385: | ***parse ISAKMP Security Association Payload: Sep 21 07:33:26.977387: | next payload type: ISAKMP_NEXT_VID (0xd) Sep 21 07:33:26.977390: | length: 56 (0x38) Sep 21 07:33:26.977392: | DOI: ISAKMP_DOI_IPSEC (0x1) Sep 21 07:33:26.977395: | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 Sep 21 07:33:26.977397: | ***parse ISAKMP Vendor ID Payload: Sep 21 07:33:26.977400: | next payload type: ISAKMP_NEXT_VID (0xd) Sep 21 07:33:26.977402: | length: 20 (0x14) Sep 21 07:33:26.977404: | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 Sep 21 07:33:26.977406: | ***parse ISAKMP Vendor ID Payload: Sep 21 07:33:26.977409: | next payload type: ISAKMP_NEXT_VID (0xd) Sep 21 07:33:26.977411: | length: 20 (0x14) Sep 21 07:33:26.977413: | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 Sep 21 07:33:26.977416: | ***parse ISAKMP Vendor ID Payload: Sep 21 07:33:26.977418: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:26.977420: | length: 20 (0x14) Sep 21 07:33:26.977423: | message 'main_inR1_outI2' HASH payload not checked early Sep 21 07:33:26.977427: | received Vendor ID payload [FRAGMENTATION] Sep 21 07:33:26.977430: | received Vendor ID payload [Dead Peer Detection] Sep 21 07:33:26.977433: | quirks.qnat_traversal_vid set to=117 [RFC 3947] Sep 21 07:33:26.977435: | received Vendor ID payload [RFC 3947] Sep 21 07:33:26.977438: | ****parse IPsec DOI SIT: Sep 21 07:33:26.977441: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) Sep 21 07:33:26.977444: | ****parse ISAKMP Proposal Payload: Sep 21 07:33:26.977446: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:26.977448: | length: 44 (0x2c) Sep 21 07:33:26.977450: | proposal number: 0 (0x0) Sep 21 07:33:26.977453: | protocol ID: PROTO_ISAKMP (0x1) Sep 21 07:33:26.977455: | SPI size: 0 (0x0) Sep 21 07:33:26.977457: | number of transforms: 1 (0x1) Sep 21 07:33:26.977460: | *****parse ISAKMP Transform Payload (ISAKMP): Sep 21 07:33:26.977462: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:26.977464: | length: 36 (0x24) Sep 21 07:33:26.977468: | ISAKMP transform number: 0 (0x0) Sep 21 07:33:26.977470: | ISAKMP transform ID: KEY_IKE (0x1) Sep 21 07:33:26.977473: | ******parse ISAKMP Oakley attribute: Sep 21 07:33:26.977475: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Sep 21 07:33:26.977478: | length/value: 1 (0x1) Sep 21 07:33:26.977480: | [1 is OAKLEY_LIFE_SECONDS] Sep 21 07:33:26.977482: | ******parse ISAKMP Oakley attribute: Sep 21 07:33:26.977485: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Sep 21 07:33:26.977487: | length/value: 3600 (0xe10) Sep 21 07:33:26.977489: | ******parse ISAKMP Oakley attribute: Sep 21 07:33:26.977492: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Sep 21 07:33:26.977494: | length/value: 7 (0x7) Sep 21 07:33:26.977496: | [7 is OAKLEY_AES_CBC] Sep 21 07:33:26.977499: | ******parse ISAKMP Oakley attribute: Sep 21 07:33:26.977501: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Sep 21 07:33:26.977504: | length/value: 4 (0x4) Sep 21 07:33:26.977506: | [4 is OAKLEY_SHA2_256] Sep 21 07:33:26.977508: | ******parse ISAKMP Oakley attribute: Sep 21 07:33:26.977511: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Sep 21 07:33:26.977513: | length/value: 3 (0x3) Sep 21 07:33:26.977515: | [3 is OAKLEY_RSA_SIG] Sep 21 07:33:26.977517: | ******parse ISAKMP Oakley attribute: Sep 21 07:33:26.977520: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Sep 21 07:33:26.977522: | length/value: 14 (0xe) Sep 21 07:33:26.977524: | [14 is OAKLEY_GROUP_MODP2048] Sep 21 07:33:26.977527: | ******parse ISAKMP Oakley attribute: Sep 21 07:33:26.977529: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) Sep 21 07:33:26.977531: | length/value: 256 (0x100) Sep 21 07:33:26.977534: | OAKLEY proposal verified unconditionally; no alg_info to check against Sep 21 07:33:26.977536: | Oakley Transform 0 accepted Sep 21 07:33:26.977539: | sender checking NAT-T: enabled; VID 117 Sep 21 07:33:26.977541: | returning NAT-T method NAT_TRAVERSAL_METHOD_IETF_RFC Sep 21 07:33:26.977543: | enabling possible NAT-traversal with method RFC 3947 (NAT-Traversal) Sep 21 07:33:26.977547: | adding outI2 KE work-order 1 for state #1 Sep 21 07:33:26.977549: | state #1 requesting EVENT_RETRANSMIT to be deleted Sep 21 07:33:26.977552: | #1 STATE_MAIN_I1: retransmits: cleared Sep 21 07:33:26.977555: | libevent_free: release ptr-libevent@0x55dbe1bf51f0 Sep 21 07:33:26.977558: | free_event_entry: release EVENT_RETRANSMIT-pe@0x55dbe1bf1aa0 Sep 21 07:33:26.977561: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55dbe1bf1aa0 Sep 21 07:33:26.977564: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Sep 21 07:33:26.977567: | libevent_malloc: new ptr-libevent@0x55dbe1bf51f0 size 128 Sep 21 07:33:26.977576: | complete v1 state transition with STF_SUSPEND Sep 21 07:33:26.977581: | [RE]START processing: state #1 connection "north-a-dpd" from 192.1.2.23:500 (in complete_v1_state_transition() at ikev1.c:2624) Sep 21 07:33:26.977583: | suspending state #1 and saving MD Sep 21 07:33:26.977585: | #1 is busy; has a suspended MD Sep 21 07:33:26.977589: | #1 spent 0.15 milliseconds in process_packet_tail() Sep 21 07:33:26.977593: | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) Sep 21 07:33:26.977598: | stop processing: state #1 connection "north-a-dpd" from 192.1.2.23:500 (in process_md() at demux.c:382) Sep 21 07:33:26.977600: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:33:26.977604: | spent 0.319 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:33:26.977605: | crypto helper 2 resuming Sep 21 07:33:26.977613: | crypto helper 2 starting work-order 1 for state #1 Sep 21 07:33:26.977616: | crypto helper 2 doing build KE and nonce (outI2 KE); request ID 1 Sep 21 07:33:26.978227: | crypto helper 2 finished build KE and nonce (outI2 KE); request ID 1 time elapsed 0.000611 seconds Sep 21 07:33:26.978250: | (#1) spent 0.617 milliseconds in crypto helper computing work-order 1: outI2 KE (pcr) Sep 21 07:33:26.978252: | crypto helper 2 sending results from work-order 1 for state #1 to event queue Sep 21 07:33:26.978256: | scheduling resume sending helper answer for #1 Sep 21 07:33:26.978258: | libevent_malloc: new ptr-libevent@0x7fdadc006900 size 128 Sep 21 07:33:26.978264: | crypto helper 2 waiting (nothing to do) Sep 21 07:33:26.978270: | processing resume sending helper answer for #1 Sep 21 07:33:26.978277: | start processing: state #1 connection "north-a-dpd" from 192.1.2.23:500 (in resume_handler() at server.c:797) Sep 21 07:33:26.978280: | crypto helper 2 replies to request ID 1 Sep 21 07:33:26.978283: | calling continuation function 0x55dbdfa7b630 Sep 21 07:33:26.978285: | main_inR1_outI2_continue for #1: calculated ke+nonce, sending I2 Sep 21 07:33:26.978290: | **emit ISAKMP Message: Sep 21 07:33:26.978293: | initiator cookie: Sep 21 07:33:26.978295: | 01 a7 a6 fa 98 79 9e af Sep 21 07:33:26.978297: | responder cookie: Sep 21 07:33:26.978299: | 66 81 7f f0 7d 2f b4 22 Sep 21 07:33:26.978301: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:26.978304: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:33:26.978306: | exchange type: ISAKMP_XCHG_IDPROT (0x2) Sep 21 07:33:26.978308: | flags: none (0x0) Sep 21 07:33:26.978311: | Message ID: 0 (0x0) Sep 21 07:33:26.978313: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:33:26.978316: | ***emit ISAKMP Key Exchange Payload: Sep 21 07:33:26.978319: | next payload type: ISAKMP_NEXT_NONCE (0xa) Sep 21 07:33:26.978321: | next payload chain: ignoring supplied 'ISAKMP Key Exchange Payload'.'next payload type' value 10:ISAKMP_NEXT_NONCE Sep 21 07:33:26.978324: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Key Exchange Payload (4:ISAKMP_NEXT_KE) Sep 21 07:33:26.978327: | next payload chain: saving location 'ISAKMP Key Exchange Payload'.'next payload type' in 'reply packet' Sep 21 07:33:26.978330: | emitting 256 raw bytes of keyex value into ISAKMP Key Exchange Payload Sep 21 07:33:26.978332: | keyex value 76 1c 0b c7 7b 26 02 19 63 0a e3 b5 f0 55 db 25 Sep 21 07:33:26.978335: | keyex value a2 3f 62 87 9c 6a d5 66 84 08 a9 42 c5 d5 b5 c3 Sep 21 07:33:26.978337: | keyex value c9 94 31 f7 62 f0 b3 19 cc 5e 2c 8d 47 7f 11 68 Sep 21 07:33:26.978339: | keyex value 17 c3 c5 67 2d bc 6a 9f 6e f9 61 5a 52 4b e2 b8 Sep 21 07:33:26.978341: | keyex value 5b 95 fa dc 0d ab 3f 97 0c e8 94 b4 92 63 98 1f Sep 21 07:33:26.978344: | keyex value 8b 52 50 aa 92 10 8a 0c 05 2e ce b6 b4 90 08 9c Sep 21 07:33:26.978346: | keyex value 14 6b d1 26 a0 fd 1a b0 a2 48 48 2a 37 f6 27 68 Sep 21 07:33:26.978348: | keyex value 47 2f a1 cc 47 fc cd 68 a4 1b 66 ca 29 75 a3 44 Sep 21 07:33:26.978350: | keyex value 48 45 f7 f0 fa 7e e4 5e b8 f4 df 1d 24 98 e0 ff Sep 21 07:33:26.978353: | keyex value 3b 75 0a 90 64 23 af 16 e7 bb 9c 88 19 de 34 32 Sep 21 07:33:26.978355: | keyex value 2b ec e6 82 ea 05 cf c5 de b1 4b d2 15 95 c4 8b Sep 21 07:33:26.978357: | keyex value 5f 24 67 3f 5f e2 96 56 e3 48 b2 90 c2 69 46 7b Sep 21 07:33:26.978359: | keyex value 8e 90 5b 69 5c a5 be 79 05 d9 fb 89 75 4b e5 67 Sep 21 07:33:26.978362: | keyex value 35 ea 1b 32 34 c5 72 41 97 94 95 7e ef 90 e1 4d Sep 21 07:33:26.978364: | keyex value 72 ff f6 56 10 dc 27 44 57 bd b8 52 04 d0 64 83 Sep 21 07:33:26.978366: | keyex value 7e 41 07 53 96 66 45 7c c6 05 10 52 16 14 9c 60 Sep 21 07:33:26.978369: | emitting length of ISAKMP Key Exchange Payload: 260 Sep 21 07:33:26.978371: | ***emit ISAKMP Nonce Payload: Sep 21 07:33:26.978373: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:26.978376: | next payload chain: setting previous 'ISAKMP Key Exchange Payload'.'next payload type' to current ISAKMP Nonce Payload (10:ISAKMP_NEXT_NONCE) Sep 21 07:33:26.978379: | next payload chain: saving location 'ISAKMP Nonce Payload'.'next payload type' in 'reply packet' Sep 21 07:33:26.978381: | emitting 32 raw bytes of Ni into ISAKMP Nonce Payload Sep 21 07:33:26.978386: | Ni 3a 03 44 a2 8c d4 8f ee 13 6a 7c dd 01 88 1a 8a Sep 21 07:33:26.978388: | Ni 4b f2 e8 54 c3 92 b1 4a 96 8a 42 ea 73 0a 6b 04 Sep 21 07:33:26.978390: | emitting length of ISAKMP Nonce Payload: 36 Sep 21 07:33:26.978392: | NAT-T checking st_nat_traversal Sep 21 07:33:26.978394: | NAT-T found (implies NAT_T_WITH_NATD) Sep 21 07:33:26.978397: | sending NAT-D payloads Sep 21 07:33:26.978407: | natd_hash: hasher=0x55dbdfb51c40(32) Sep 21 07:33:26.978409: | natd_hash: icookie= 01 a7 a6 fa 98 79 9e af Sep 21 07:33:26.978411: | natd_hash: rcookie= 66 81 7f f0 7d 2f b4 22 Sep 21 07:33:26.978414: | natd_hash: ip= c0 01 02 17 Sep 21 07:33:26.978416: | natd_hash: port= 01 f4 Sep 21 07:33:26.978418: | natd_hash: hash= a0 2c df a8 ed 0e 88 50 49 e5 70 56 ae da 0c f6 Sep 21 07:33:26.978421: | natd_hash: hash= 01 1d 14 d4 6d fc d8 94 70 e6 6a 54 36 36 9f bb Sep 21 07:33:26.978423: | ***emit ISAKMP NAT-D Payload: Sep 21 07:33:26.978426: | next payload type: ISAKMP_NEXT_NATD_RFC (0x14) Sep 21 07:33:26.978428: | next payload chain: ignoring supplied 'ISAKMP NAT-D Payload'.'next payload type' value 20:ISAKMP_NEXT_NATD_RFC Sep 21 07:33:26.978431: | next payload chain: setting previous 'ISAKMP Nonce Payload'.'next payload type' to current ISAKMP NAT-D Payload (20:ISAKMP_NEXT_NATD_RFC) Sep 21 07:33:26.978434: | next payload chain: saving location 'ISAKMP NAT-D Payload'.'next payload type' in 'reply packet' Sep 21 07:33:26.978436: | emitting 32 raw bytes of NAT-D into ISAKMP NAT-D Payload Sep 21 07:33:26.978439: | NAT-D a0 2c df a8 ed 0e 88 50 49 e5 70 56 ae da 0c f6 Sep 21 07:33:26.978441: | NAT-D 01 1d 14 d4 6d fc d8 94 70 e6 6a 54 36 36 9f bb Sep 21 07:33:26.978443: | emitting length of ISAKMP NAT-D Payload: 36 Sep 21 07:33:26.978450: | natd_hash: hasher=0x55dbdfb51c40(32) Sep 21 07:33:26.978452: | natd_hash: icookie= 01 a7 a6 fa 98 79 9e af Sep 21 07:33:26.978454: | natd_hash: rcookie= 66 81 7f f0 7d 2f b4 22 Sep 21 07:33:26.978456: | natd_hash: ip= c0 01 03 21 Sep 21 07:33:26.978458: | natd_hash: port= 01 f4 Sep 21 07:33:26.978461: | natd_hash: hash= 0c 45 71 da 03 78 4a c3 34 0b 5c af 12 9a 51 7b Sep 21 07:33:26.978463: | natd_hash: hash= 68 17 29 1a ab 68 9d e5 42 6a 1f 11 88 0d 93 e7 Sep 21 07:33:26.978465: | ***emit ISAKMP NAT-D Payload: Sep 21 07:33:26.978468: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:26.978471: | next payload chain: setting previous 'ISAKMP NAT-D Payload'.'next payload type' to current ISAKMP NAT-D Payload (20:ISAKMP_NEXT_NATD_RFC) Sep 21 07:33:26.978473: | next payload chain: saving location 'ISAKMP NAT-D Payload'.'next payload type' in 'reply packet' Sep 21 07:33:26.978476: | emitting 32 raw bytes of NAT-D into ISAKMP NAT-D Payload Sep 21 07:33:26.978478: | NAT-D 0c 45 71 da 03 78 4a c3 34 0b 5c af 12 9a 51 7b Sep 21 07:33:26.978480: | NAT-D 68 17 29 1a ab 68 9d e5 42 6a 1f 11 88 0d 93 e7 Sep 21 07:33:26.978483: | emitting length of ISAKMP NAT-D Payload: 36 Sep 21 07:33:26.978485: | no IKEv1 message padding required Sep 21 07:33:26.978487: | emitting length of ISAKMP Message: 396 Sep 21 07:33:26.978490: | State DB: re-hashing IKEv1 state #1 IKE SPIi and SPI[ir] Sep 21 07:33:26.978495: | complete v1 state transition with STF_OK Sep 21 07:33:26.978499: | [RE]START processing: state #1 connection "north-a-dpd" from 192.1.2.23:500 (in complete_v1_state_transition() at ikev1.c:2649) Sep 21 07:33:26.978502: | #1 is idle Sep 21 07:33:26.978504: | doing_xauth:no, t_xauth_client_done:no Sep 21 07:33:26.978506: | peer supports fragmentation Sep 21 07:33:26.978508: | peer supports DPD Sep 21 07:33:26.978510: | DPD is configured locally Sep 21 07:33:26.978513: | IKEv1: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2 Sep 21 07:33:26.978516: | parent state #1: MAIN_I1(half-open IKE SA) => MAIN_I2(open IKE SA) Sep 21 07:33:26.978518: | event_already_set, deleting event Sep 21 07:33:26.978521: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:33:26.978524: | libevent_free: release ptr-libevent@0x55dbe1bf51f0 Sep 21 07:33:26.978528: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55dbe1bf1aa0 Sep 21 07:33:26.978533: | sending reply packet to 192.1.2.23:500 (from 192.1.3.33:500) Sep 21 07:33:26.978540: | sending 396 bytes for STATE_MAIN_I1 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Sep 21 07:33:26.978544: | 01 a7 a6 fa 98 79 9e af 66 81 7f f0 7d 2f b4 22 Sep 21 07:33:26.978547: | 04 10 02 00 00 00 00 00 00 00 01 8c 0a 00 01 04 Sep 21 07:33:26.978549: | 76 1c 0b c7 7b 26 02 19 63 0a e3 b5 f0 55 db 25 Sep 21 07:33:26.978551: | a2 3f 62 87 9c 6a d5 66 84 08 a9 42 c5 d5 b5 c3 Sep 21 07:33:26.978553: | c9 94 31 f7 62 f0 b3 19 cc 5e 2c 8d 47 7f 11 68 Sep 21 07:33:26.978556: | 17 c3 c5 67 2d bc 6a 9f 6e f9 61 5a 52 4b e2 b8 Sep 21 07:33:26.978558: | 5b 95 fa dc 0d ab 3f 97 0c e8 94 b4 92 63 98 1f Sep 21 07:33:26.978560: | 8b 52 50 aa 92 10 8a 0c 05 2e ce b6 b4 90 08 9c Sep 21 07:33:26.978562: | 14 6b d1 26 a0 fd 1a b0 a2 48 48 2a 37 f6 27 68 Sep 21 07:33:26.978564: | 47 2f a1 cc 47 fc cd 68 a4 1b 66 ca 29 75 a3 44 Sep 21 07:33:26.978567: | 48 45 f7 f0 fa 7e e4 5e b8 f4 df 1d 24 98 e0 ff Sep 21 07:33:26.978569: | 3b 75 0a 90 64 23 af 16 e7 bb 9c 88 19 de 34 32 Sep 21 07:33:26.978571: | 2b ec e6 82 ea 05 cf c5 de b1 4b d2 15 95 c4 8b Sep 21 07:33:26.978573: | 5f 24 67 3f 5f e2 96 56 e3 48 b2 90 c2 69 46 7b Sep 21 07:33:26.978575: | 8e 90 5b 69 5c a5 be 79 05 d9 fb 89 75 4b e5 67 Sep 21 07:33:26.978578: | 35 ea 1b 32 34 c5 72 41 97 94 95 7e ef 90 e1 4d Sep 21 07:33:26.978580: | 72 ff f6 56 10 dc 27 44 57 bd b8 52 04 d0 64 83 Sep 21 07:33:26.978582: | 7e 41 07 53 96 66 45 7c c6 05 10 52 16 14 9c 60 Sep 21 07:33:26.978584: | 14 00 00 24 3a 03 44 a2 8c d4 8f ee 13 6a 7c dd Sep 21 07:33:26.978587: | 01 88 1a 8a 4b f2 e8 54 c3 92 b1 4a 96 8a 42 ea Sep 21 07:33:26.978589: | 73 0a 6b 04 14 00 00 24 a0 2c df a8 ed 0e 88 50 Sep 21 07:33:26.978591: | 49 e5 70 56 ae da 0c f6 01 1d 14 d4 6d fc d8 94 Sep 21 07:33:26.978593: | 70 e6 6a 54 36 36 9f bb 00 00 00 24 0c 45 71 da Sep 21 07:33:26.978595: | 03 78 4a c3 34 0b 5c af 12 9a 51 7b 68 17 29 1a Sep 21 07:33:26.978598: | ab 68 9d e5 42 6a 1f 11 88 0d 93 e7 Sep 21 07:33:26.978623: | !event_already_set at reschedule Sep 21 07:33:26.978627: | event_schedule: new EVENT_RETRANSMIT-pe@0x55dbe1bf1aa0 Sep 21 07:33:26.978631: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #1 Sep 21 07:33:26.978633: | libevent_malloc: new ptr-libevent@0x55dbe1bf51f0 size 128 Sep 21 07:33:26.978638: | #1 STATE_MAIN_I2: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 49853.346891 Sep 21 07:33:26.978641: "north-a-dpd" #1: STATE_MAIN_I2: sent MI2, expecting MR2 Sep 21 07:33:26.978647: | modecfg pull: noquirk policy:push not-client Sep 21 07:33:26.978650: | phase 1 is done, looking for phase 2 to unpend Sep 21 07:33:26.978673: | resume sending helper answer for #1 suppresed complete_v1_state_transition() Sep 21 07:33:26.978678: | #1 spent 0.383 milliseconds in resume sending helper answer Sep 21 07:33:26.978787: | stop processing: state #1 connection "north-a-dpd" from 192.1.2.23:500 (in resume_handler() at server.c:833) Sep 21 07:33:26.978795: | libevent_free: release ptr-libevent@0x7fdadc006900 Sep 21 07:33:26.980050: | spent 0.00211 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:33:26.980065: | *received 576 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Sep 21 07:33:26.980067: | 01 a7 a6 fa 98 79 9e af 66 81 7f f0 7d 2f b4 22 Sep 21 07:33:26.980069: | 04 10 02 00 00 00 00 00 00 00 02 40 0a 00 01 04 Sep 21 07:33:26.980071: | a2 61 af 65 93 cc a2 b7 f1 1c 5a 12 b0 c5 36 8b Sep 21 07:33:26.980072: | 16 72 25 f7 2e 38 2c 2e a7 26 7a 8a 8b 42 51 22 Sep 21 07:33:26.980074: | 52 8f 08 34 06 be 9f 63 0c 63 f3 7f 0f f0 5d 21 Sep 21 07:33:26.980075: | af 31 f7 91 10 a9 04 e4 6b b8 b3 81 08 ab 38 f7 Sep 21 07:33:26.980077: | a3 14 f8 9f 7b b0 a3 79 3b 89 49 f5 a5 c8 29 23 Sep 21 07:33:26.980081: | b3 e3 8f d1 8a df a1 ed 45 dd dc 7f 4a b3 db 46 Sep 21 07:33:26.980082: | 9a b8 f7 21 3f e1 22 45 70 c6 d7 66 de 95 a9 45 Sep 21 07:33:26.980084: | 73 cd f9 80 a5 b2 db da 22 04 8a b7 25 36 ae 66 Sep 21 07:33:26.980085: | 5c c7 d7 d9 72 6d e3 48 3f a5 64 44 e5 bc 41 d8 Sep 21 07:33:26.980087: | 6a f9 1b 81 c1 c6 0f 07 1d 51 0c 44 df 46 e6 47 Sep 21 07:33:26.980088: | f2 73 bd c8 3e 79 38 c3 22 a8 fc 30 5f d6 e5 cd Sep 21 07:33:26.980090: | ea 34 1a 7d a0 a8 9a 63 eb 07 d3 ac c8 24 2c 7e Sep 21 07:33:26.980091: | c9 47 55 ad c4 80 60 f7 db c0 3b 79 5d 42 9a 0d Sep 21 07:33:26.980093: | e4 36 a8 c0 75 2f ca 67 6f ef ea 90 f8 cc 50 2c Sep 21 07:33:26.980094: | b2 20 fb 64 54 7d 37 4f ea 6a 8d 47 6d 61 e5 ce Sep 21 07:33:26.980096: | 9c 05 9f 68 5a 0e 1a e2 93 e7 49 34 2a ff fd cd Sep 21 07:33:26.980097: | 07 00 00 24 b8 6e a7 c7 da 14 f7 95 4c d0 c3 8a Sep 21 07:33:26.980099: | c9 32 11 2f dd 77 1a 61 df ea 3e 7b 75 75 41 8a Sep 21 07:33:26.980100: | bc 24 e3 b3 14 00 00 b4 04 30 81 ac 31 0b 30 09 Sep 21 07:33:26.980102: | 06 03 55 04 06 13 02 43 41 31 10 30 0e 06 03 55 Sep 21 07:33:26.980103: | 04 08 0c 07 4f 6e 74 61 72 69 6f 31 10 30 0e 06 Sep 21 07:33:26.980105: | 03 55 04 07 0c 07 54 6f 72 6f 6e 74 6f 31 12 30 Sep 21 07:33:26.980106: | 10 06 03 55 04 0a 0c 09 4c 69 62 72 65 73 77 61 Sep 21 07:33:26.980108: | 6e 31 18 30 16 06 03 55 04 0b 0c 0f 54 65 73 74 Sep 21 07:33:26.980109: | 20 44 65 70 61 72 74 6d 65 6e 74 31 25 30 23 06 Sep 21 07:33:26.980111: | 03 55 04 03 0c 1c 4c 69 62 72 65 73 77 61 6e 20 Sep 21 07:33:26.980112: | 74 65 73 74 20 43 41 20 66 6f 72 20 6d 61 69 6e Sep 21 07:33:26.980114: | 63 61 31 24 30 22 06 09 2a 86 48 86 f7 0d 01 09 Sep 21 07:33:26.980115: | 01 16 15 74 65 73 74 69 6e 67 40 6c 69 62 72 65 Sep 21 07:33:26.980117: | 73 77 61 6e 2e 6f 72 67 14 00 00 24 0c 45 71 da Sep 21 07:33:26.980118: | 03 78 4a c3 34 0b 5c af 12 9a 51 7b 68 17 29 1a Sep 21 07:33:26.980120: | ab 68 9d e5 42 6a 1f 11 88 0d 93 e7 00 00 00 24 Sep 21 07:33:26.980121: | a0 2c df a8 ed 0e 88 50 49 e5 70 56 ae da 0c f6 Sep 21 07:33:26.980123: | 01 1d 14 d4 6d fc d8 94 70 e6 6a 54 36 36 9f bb Sep 21 07:33:26.980126: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:33:26.980128: | **parse ISAKMP Message: Sep 21 07:33:26.980130: | initiator cookie: Sep 21 07:33:26.980131: | 01 a7 a6 fa 98 79 9e af Sep 21 07:33:26.980133: | responder cookie: Sep 21 07:33:26.980134: | 66 81 7f f0 7d 2f b4 22 Sep 21 07:33:26.980136: | next payload type: ISAKMP_NEXT_KE (0x4) Sep 21 07:33:26.980138: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:33:26.980139: | exchange type: ISAKMP_XCHG_IDPROT (0x2) Sep 21 07:33:26.980141: | flags: none (0x0) Sep 21 07:33:26.980143: | Message ID: 0 (0x0) Sep 21 07:33:26.980144: | length: 576 (0x240) Sep 21 07:33:26.980146: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) Sep 21 07:33:26.980148: | State DB: found IKEv1 state #1 in MAIN_I2 (find_state_ikev1) Sep 21 07:33:26.980152: | start processing: state #1 connection "north-a-dpd" from 192.1.2.23:500 (in process_v1_packet() at ikev1.c:1435) Sep 21 07:33:26.980154: | #1 is idle Sep 21 07:33:26.980155: | #1 idle Sep 21 07:33:26.980157: | got payload 0x10 (ISAKMP_NEXT_KE) needed: 0x410 opt: 0x102080 Sep 21 07:33:26.980159: | ***parse ISAKMP Key Exchange Payload: Sep 21 07:33:26.980161: | next payload type: ISAKMP_NEXT_NONCE (0xa) Sep 21 07:33:26.980162: | length: 260 (0x104) Sep 21 07:33:26.980164: | got payload 0x400 (ISAKMP_NEXT_NONCE) needed: 0x400 opt: 0x102080 Sep 21 07:33:26.980166: | ***parse ISAKMP Nonce Payload: Sep 21 07:33:26.980167: | next payload type: ISAKMP_NEXT_CR (0x7) Sep 21 07:33:26.980169: | length: 36 (0x24) Sep 21 07:33:26.980171: | got payload 0x80 (ISAKMP_NEXT_CR) needed: 0x0 opt: 0x102080 Sep 21 07:33:26.980173: | ***parse ISAKMP Certificate RequestPayload: Sep 21 07:33:26.980175: | next payload type: ISAKMP_NEXT_NATD_RFC (0x14) Sep 21 07:33:26.980177: | length: 180 (0xb4) Sep 21 07:33:26.980179: | cert type: CERT_X509_SIGNATURE (0x4) Sep 21 07:33:26.980180: | got payload 0x100000 (ISAKMP_NEXT_NATD_RFC) needed: 0x0 opt: 0x102080 Sep 21 07:33:26.980182: | ***parse ISAKMP NAT-D Payload: Sep 21 07:33:26.980184: | next payload type: ISAKMP_NEXT_NATD_RFC (0x14) Sep 21 07:33:26.980185: | length: 36 (0x24) Sep 21 07:33:26.980187: | got payload 0x100000 (ISAKMP_NEXT_NATD_RFC) needed: 0x0 opt: 0x102080 Sep 21 07:33:26.980189: | ***parse ISAKMP NAT-D Payload: Sep 21 07:33:26.980190: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:26.980192: | length: 36 (0x24) Sep 21 07:33:26.980193: | message 'main_inR2_outI3' HASH payload not checked early Sep 21 07:33:26.980205: | started looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org of kind PKK_PSK Sep 21 07:33:26.980210: | actually looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org of kind PKK_PSK Sep 21 07:33:26.980216: | line 0: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org) to type PKK_RSA Sep 21 07:33:26.980221: | line 1: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org) to type PKK_RSA Sep 21 07:33:26.980223: | concluding with best_match=000 best=(nil) (lineno=-1) Sep 21 07:33:26.980225: | no PreShared Key Found Sep 21 07:33:26.980227: | adding aggr outR1 DH work-order 2 for state #1 Sep 21 07:33:26.980229: | state #1 requesting EVENT_RETRANSMIT to be deleted Sep 21 07:33:26.980231: | #1 STATE_MAIN_I2: retransmits: cleared Sep 21 07:33:26.980233: | libevent_free: release ptr-libevent@0x55dbe1bf51f0 Sep 21 07:33:26.980235: | free_event_entry: release EVENT_RETRANSMIT-pe@0x55dbe1bf1aa0 Sep 21 07:33:26.980237: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7fdadc002b20 Sep 21 07:33:26.980239: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Sep 21 07:33:26.980241: | libevent_malloc: new ptr-libevent@0x55dbe1bf51f0 size 128 Sep 21 07:33:26.980248: | complete v1 state transition with STF_SUSPEND Sep 21 07:33:26.980254: | [RE]START processing: state #1 connection "north-a-dpd" from 192.1.2.23:500 (in complete_v1_state_transition() at ikev1.c:2624) Sep 21 07:33:26.980255: | crypto helper 0 resuming Sep 21 07:33:26.980257: | suspending state #1 and saving MD Sep 21 07:33:26.980264: | crypto helper 0 starting work-order 2 for state #1 Sep 21 07:33:26.980269: | #1 is busy; has a suspended MD Sep 21 07:33:26.980274: | crypto helper 0 doing compute dh+iv (V1 Phase 1) (aggr outR1 DH); request ID 2 Sep 21 07:33:26.980278: | #1 spent 0.0766 milliseconds in process_packet_tail() Sep 21 07:33:26.980283: | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) Sep 21 07:33:26.980287: | stop processing: state #1 connection "north-a-dpd" from 192.1.2.23:500 (in process_md() at demux.c:382) Sep 21 07:33:26.980290: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:33:26.980294: | spent 0.23 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:33:26.980980: | crypto helper 0 finished compute dh+iv (V1 Phase 1) (aggr outR1 DH); request ID 2 time elapsed 0.000706 seconds Sep 21 07:33:26.980989: | (#1) spent 0.711 milliseconds in crypto helper computing work-order 2: aggr outR1 DH (pcr) Sep 21 07:33:26.980991: | crypto helper 0 sending results from work-order 2 for state #1 to event queue Sep 21 07:33:26.980995: | scheduling resume sending helper answer for #1 Sep 21 07:33:26.980997: | libevent_malloc: new ptr-libevent@0x7fdad4004f00 size 128 Sep 21 07:33:26.981003: | crypto helper 0 waiting (nothing to do) Sep 21 07:33:26.981009: | processing resume sending helper answer for #1 Sep 21 07:33:26.981014: | start processing: state #1 connection "north-a-dpd" from 192.1.2.23:500 (in resume_handler() at server.c:797) Sep 21 07:33:26.981017: | crypto helper 0 replies to request ID 2 Sep 21 07:33:26.981018: | calling continuation function 0x55dbdfa7b630 Sep 21 07:33:26.981020: | main_inR2_outI3_cryptotail for #1: calculated DH, sending R1 Sep 21 07:33:26.981024: | **emit ISAKMP Message: Sep 21 07:33:26.981026: | initiator cookie: Sep 21 07:33:26.981027: | 01 a7 a6 fa 98 79 9e af Sep 21 07:33:26.981029: | responder cookie: Sep 21 07:33:26.981030: | 66 81 7f f0 7d 2f b4 22 Sep 21 07:33:26.981031: | next payload type: ISAKMP_NEXT_ID (0x5) Sep 21 07:33:26.981033: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:33:26.981035: | exchange type: ISAKMP_XCHG_IDPROT (0x2) Sep 21 07:33:26.981036: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Sep 21 07:33:26.981038: | Message ID: 0 (0x0) Sep 21 07:33:26.981040: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:33:26.981042: | next payload chain: ignoring supplied 'ISAKMP Message'.'next payload type' value 5:ISAKMP_NEXT_ID Sep 21 07:33:26.981044: | CR 30 81 ac 31 0b 30 09 06 03 55 04 06 13 02 43 41 Sep 21 07:33:26.981045: | CR 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 Sep 21 07:33:26.981047: | CR 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 Sep 21 07:33:26.981048: | CR 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c Sep 21 07:33:26.981050: | CR 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 Sep 21 07:33:26.981051: | CR 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 Sep 21 07:33:26.981052: | CR 6e 74 31 25 30 23 06 03 55 04 03 0c 1c 4c 69 62 Sep 21 07:33:26.981054: | CR 72 65 73 77 61 6e 20 74 65 73 74 20 43 41 20 66 Sep 21 07:33:26.981055: | CR 6f 72 20 6d 61 69 6e 63 61 31 24 30 22 06 09 2a Sep 21 07:33:26.981056: | CR 86 48 86 f7 0d 01 09 01 16 15 74 65 73 74 69 6e Sep 21 07:33:26.981058: | CR 67 40 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 Sep 21 07:33:26.981063: | requested CA: 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:33:26.981065: | thinking about whether to send my certificate: Sep 21 07:33:26.981067: | I have RSA key: OAKLEY_RSA_SIG cert.type: CERT_X509_SIGNATURE Sep 21 07:33:26.981069: | sendcert: CERT_ALWAYSSEND and I did get a certificate request Sep 21 07:33:26.981070: | so send cert. Sep 21 07:33:26.981072: | I am sending a certificate request Sep 21 07:33:26.981073: | I will NOT send an initial contact payload Sep 21 07:33:26.981075: | init checking NAT-T: enabled; RFC 3947 (NAT-Traversal) Sep 21 07:33:26.981082: | natd_hash: hasher=0x55dbdfb51c40(32) Sep 21 07:33:26.981084: | natd_hash: icookie= 01 a7 a6 fa 98 79 9e af Sep 21 07:33:26.981086: | natd_hash: rcookie= 66 81 7f f0 7d 2f b4 22 Sep 21 07:33:26.981087: | natd_hash: ip= c0 01 03 21 Sep 21 07:33:26.981088: | natd_hash: port= 01 f4 Sep 21 07:33:26.981090: | natd_hash: hash= 0c 45 71 da 03 78 4a c3 34 0b 5c af 12 9a 51 7b Sep 21 07:33:26.981092: | natd_hash: hash= 68 17 29 1a ab 68 9d e5 42 6a 1f 11 88 0d 93 e7 Sep 21 07:33:26.981095: | natd_hash: hasher=0x55dbdfb51c40(32) Sep 21 07:33:26.981097: | natd_hash: icookie= 01 a7 a6 fa 98 79 9e af Sep 21 07:33:26.981098: | natd_hash: rcookie= 66 81 7f f0 7d 2f b4 22 Sep 21 07:33:26.981100: | natd_hash: ip= c0 01 02 17 Sep 21 07:33:26.981101: | natd_hash: port= 01 f4 Sep 21 07:33:26.981102: | natd_hash: hash= a0 2c df a8 ed 0e 88 50 49 e5 70 56 ae da 0c f6 Sep 21 07:33:26.981104: | natd_hash: hash= 01 1d 14 d4 6d fc d8 94 70 e6 6a 54 36 36 9f bb Sep 21 07:33:26.981106: | expected NAT-D(me): 0c 45 71 da 03 78 4a c3 34 0b 5c af 12 9a 51 7b Sep 21 07:33:26.981109: | expected NAT-D(me): 68 17 29 1a ab 68 9d e5 42 6a 1f 11 88 0d 93 e7 Sep 21 07:33:26.981111: | expected NAT-D(him): Sep 21 07:33:26.981112: | a0 2c df a8 ed 0e 88 50 49 e5 70 56 ae da 0c f6 Sep 21 07:33:26.981113: | 01 1d 14 d4 6d fc d8 94 70 e6 6a 54 36 36 9f bb Sep 21 07:33:26.981115: | received NAT-D: 0c 45 71 da 03 78 4a c3 34 0b 5c af 12 9a 51 7b Sep 21 07:33:26.981116: | received NAT-D: 68 17 29 1a ab 68 9d e5 42 6a 1f 11 88 0d 93 e7 Sep 21 07:33:26.981118: | received NAT-D: a0 2c df a8 ed 0e 88 50 49 e5 70 56 ae da 0c f6 Sep 21 07:33:26.981119: | received NAT-D: 01 1d 14 d4 6d fc d8 94 70 e6 6a 54 36 36 9f bb Sep 21 07:33:26.981121: | NAT_TRAVERSAL encaps using auto-detect Sep 21 07:33:26.981122: | NAT_TRAVERSAL this end is NOT behind NAT Sep 21 07:33:26.981124: | NAT_TRAVERSAL that end is NOT behind NAT Sep 21 07:33:26.981126: | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.23 Sep 21 07:33:26.981127: | NAT-Traversal: Result using RFC 3947 (NAT-Traversal) sender port 500: no NAT detected Sep 21 07:33:26.981129: | NAT_T_WITH_KA detected Sep 21 07:33:26.981131: | global one-shot timer EVENT_NAT_T_KEEPALIVE scheduled in 20 seconds Sep 21 07:33:26.981133: | ***emit ISAKMP Identification Payload (IPsec DOI): Sep 21 07:33:26.981135: | next payload type: ISAKMP_NEXT_CERT (0x6) Sep 21 07:33:26.981136: | ID type: ID_DER_ASN1_DN (0x9) Sep 21 07:33:26.981138: | Protocol ID: 0 (0x0) Sep 21 07:33:26.981139: | port: 0 (0x0) Sep 21 07:33:26.981141: | next payload chain: ignoring supplied 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' value 6:ISAKMP_NEXT_CERT Sep 21 07:33:26.981143: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) Sep 21 07:33:26.981145: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' Sep 21 07:33:26.981147: | emitting 185 raw bytes of my identity into ISAKMP Identification Payload (IPsec DOI) Sep 21 07:33:26.981149: | my identity 30 81 b6 31 0b 30 09 06 03 55 04 06 13 02 43 41 Sep 21 07:33:26.981150: | my identity 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 Sep 21 07:33:26.981152: | my identity 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 Sep 21 07:33:26.981153: | my identity 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c Sep 21 07:33:26.981155: | my identity 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 Sep 21 07:33:26.981156: | my identity 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 Sep 21 07:33:26.981157: | my identity 6e 74 31 24 30 22 06 03 55 04 03 0c 1b 6e 6f 72 Sep 21 07:33:26.981159: | my identity 74 68 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 Sep 21 07:33:26.981160: | my identity 73 77 61 6e 2e 6f 72 67 31 2f 30 2d 06 09 2a 86 Sep 21 07:33:26.981162: | my identity 48 86 f7 0d 01 09 01 16 20 75 73 65 72 2d 6e 6f Sep 21 07:33:26.981163: | my identity 72 74 68 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 Sep 21 07:33:26.981164: | my identity 65 73 77 61 6e 2e 6f 72 67 Sep 21 07:33:26.981166: | emitting length of ISAKMP Identification Payload (IPsec DOI): 193 Sep 21 07:33:26.981168: "north-a-dpd" #1: I am sending my cert Sep 21 07:33:26.981175: | ***emit ISAKMP Certificate Payload: Sep 21 07:33:26.981178: | next payload type: ISAKMP_NEXT_CR (0x7) Sep 21 07:33:26.981180: | cert encoding: CERT_X509_SIGNATURE (0x4) Sep 21 07:33:26.981182: | next payload chain: ignoring supplied 'ISAKMP Certificate Payload'.'next payload type' value 7:ISAKMP_NEXT_CR Sep 21 07:33:26.981185: | next payload chain: setting previous 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' to current ISAKMP Certificate Payload (6:ISAKMP_NEXT_CERT) Sep 21 07:33:26.981202: | next payload chain: saving location 'ISAKMP Certificate Payload'.'next payload type' in 'reply packet' Sep 21 07:33:26.981205: | emitting 1227 raw bytes of CERT into ISAKMP Certificate Payload Sep 21 07:33:26.981208: | CERT 30 82 04 c7 30 82 04 30 a0 03 02 01 02 02 01 06 Sep 21 07:33:26.981210: | CERT 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 Sep 21 07:33:26.981211: | CERT 81 ac 31 0b 30 09 06 03 55 04 06 13 02 43 41 31 Sep 21 07:33:26.981213: | CERT 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 69 Sep 21 07:33:26.981214: | CERT 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 6f Sep 21 07:33:26.981215: | CERT 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c 69 Sep 21 07:33:26.981217: | CERT 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 0b Sep 21 07:33:26.981218: | CERT 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 6e Sep 21 07:33:26.981220: | CERT 74 31 25 30 23 06 03 55 04 03 0c 1c 4c 69 62 72 Sep 21 07:33:26.981221: | CERT 65 73 77 61 6e 20 74 65 73 74 20 43 41 20 66 6f Sep 21 07:33:26.981222: | CERT 72 20 6d 61 69 6e 63 61 31 24 30 22 06 09 2a 86 Sep 21 07:33:26.981224: | CERT 48 86 f7 0d 01 09 01 16 15 74 65 73 74 69 6e 67 Sep 21 07:33:26.981225: | CERT 40 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 30 22 Sep 21 07:33:26.981227: | CERT 18 0f 32 30 31 39 30 39 31 35 31 39 34 34 35 39 Sep 21 07:33:26.981228: | CERT 5a 18 0f 32 30 32 32 30 39 31 34 31 39 34 34 35 Sep 21 07:33:26.981229: | CERT 39 5a 30 81 b6 31 0b 30 09 06 03 55 04 06 13 02 Sep 21 07:33:26.981244: | CERT 43 41 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 Sep 21 07:33:26.981245: | CERT 61 72 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 Sep 21 07:33:26.981246: | CERT 6f 72 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c Sep 21 07:33:26.981248: | CERT 09 4c 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 Sep 21 07:33:26.981249: | CERT 55 04 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 Sep 21 07:33:26.981251: | CERT 6d 65 6e 74 31 24 30 22 06 03 55 04 03 0c 1b 6e Sep 21 07:33:26.981252: | CERT 6f 72 74 68 2e 74 65 73 74 69 6e 67 2e 6c 69 62 Sep 21 07:33:26.981253: | CERT 72 65 73 77 61 6e 2e 6f 72 67 31 2f 30 2d 06 09 Sep 21 07:33:26.981255: | CERT 2a 86 48 86 f7 0d 01 09 01 16 20 75 73 65 72 2d Sep 21 07:33:26.981256: | CERT 6e 6f 72 74 68 40 74 65 73 74 69 6e 67 2e 6c 69 Sep 21 07:33:26.981257: | CERT 62 72 65 73 77 61 6e 2e 6f 72 67 30 82 01 a2 30 Sep 21 07:33:26.981259: | CERT 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 Sep 21 07:33:26.981260: | CERT 01 8f 00 30 82 01 8a 02 82 01 81 00 ba c2 12 92 Sep 21 07:33:26.981261: | CERT f3 67 1c ca 50 e4 11 97 bd e2 74 f8 2d a7 50 1c Sep 21 07:33:26.981263: | CERT 73 d5 23 89 43 a9 58 74 05 29 97 ee a9 71 9c 8d Sep 21 07:33:26.981264: | CERT 92 44 52 90 56 aa 55 a8 8c 69 5e 32 49 62 fb 18 Sep 21 07:33:26.981266: | CERT 4f f0 e2 24 38 f0 a3 3c 7d 95 a9 03 66 29 11 c0 Sep 21 07:33:26.981267: | CERT f2 0c e3 de a1 62 78 96 0e ff d1 f8 93 ac b7 cf Sep 21 07:33:26.981268: | CERT 52 33 01 71 ef 46 ad ad d4 46 f5 e0 c5 e5 57 42 Sep 21 07:33:26.981270: | CERT 2f 10 0e 27 24 45 5e d0 bd 90 32 70 b9 bb 27 2a Sep 21 07:33:26.981271: | CERT 4c 93 a8 87 8c f0 61 5d d9 74 91 04 d9 e9 5b e5 Sep 21 07:33:26.981272: | CERT 31 9c ca e0 5b 2c 3b 17 be 1a c9 1c 28 62 24 3c Sep 21 07:33:26.981274: | CERT e4 eb d0 1a e4 e3 c4 61 b6 9d 1a a9 39 6a b0 92 Sep 21 07:33:26.981275: | CERT a6 69 2c 19 b1 57 75 2b a8 1b ac 95 2b 35 5a 2f Sep 21 07:33:26.981277: | CERT 1f 33 eb 9a 50 d0 4d fa 7a 05 9b 59 44 7d ba a6 Sep 21 07:33:26.981278: | CERT 91 64 c9 4d 4a 01 39 e3 83 11 04 e9 b5 b3 9d 19 Sep 21 07:33:26.981279: | CERT 1b 35 86 8a e9 e4 8b 28 e9 57 06 58 e2 cb a6 24 Sep 21 07:33:26.981281: | CERT 35 73 37 7c 05 25 07 5f b6 df 3f 8b ab 5f e7 e4 Sep 21 07:33:26.981282: | CERT 38 d2 69 f6 1f 68 e9 7b 4f 2f fd 11 62 0e 47 ee Sep 21 07:33:26.981283: | CERT 67 3b 0e 71 d8 9a 35 1b e4 4f 56 64 fd c1 66 02 Sep 21 07:33:26.981285: | CERT 69 2e 08 ac e7 43 ca 55 47 97 ae 83 19 50 e4 9d Sep 21 07:33:26.981286: | CERT c7 a6 5c 9b 93 22 54 6f 02 4b 75 00 cf 67 e3 e2 Sep 21 07:33:26.981288: | CERT 07 7c d8 47 8f c1 09 83 cc 70 94 fa 6c 74 c8 55 Sep 21 07:33:26.981289: | CERT 7b 96 2c c1 85 f1 02 98 cd 1d be 85 5c 10 80 dd Sep 21 07:33:26.981292: | CERT bb 89 44 4b 94 fa 5e 56 5c 67 0e 2e c6 62 69 d4 Sep 21 07:33:26.981293: | CERT de 0e 97 31 ed 00 10 7b 83 dc 75 e4 12 fb 00 15 Sep 21 07:33:26.981295: | CERT eb 5d e4 85 6b 0d 07 4b e6 db 86 31 02 03 01 00 Sep 21 07:33:26.981296: | CERT 01 a3 81 e4 30 81 e1 30 09 06 03 55 1d 13 04 02 Sep 21 07:33:26.981298: | CERT 30 00 30 26 06 03 55 1d 11 04 1f 30 1d 82 1b 6e Sep 21 07:33:26.981299: | CERT 6f 72 74 68 2e 74 65 73 74 69 6e 67 2e 6c 69 62 Sep 21 07:33:26.981300: | CERT 72 65 73 77 61 6e 2e 6f 72 67 30 0b 06 03 55 1d Sep 21 07:33:26.981302: | CERT 0f 04 04 03 02 07 80 30 1d 06 03 55 1d 25 04 16 Sep 21 07:33:26.981303: | CERT 30 14 06 08 2b 06 01 05 05 07 03 01 06 08 2b 06 Sep 21 07:33:26.981304: | CERT 01 05 05 07 03 02 30 41 06 08 2b 06 01 05 05 07 Sep 21 07:33:26.981306: | CERT 01 01 04 35 30 33 30 31 06 08 2b 06 01 05 05 07 Sep 21 07:33:26.981307: | CERT 30 01 86 25 68 74 74 70 3a 2f 2f 6e 69 63 2e 74 Sep 21 07:33:26.981309: | CERT 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 6e Sep 21 07:33:26.981310: | CERT 2e 6f 72 67 3a 32 35 36 30 30 3d 06 03 55 1d 1f Sep 21 07:33:26.981311: | CERT 04 36 30 34 30 32 a0 30 a0 2e 86 2c 68 74 74 70 Sep 21 07:33:26.981313: | CERT 3a 2f 2f 6e 69 63 2e 74 65 73 74 69 6e 67 2e 6c Sep 21 07:33:26.981314: | CERT 69 62 72 65 73 77 61 6e 2e 6f 72 67 2f 72 65 76 Sep 21 07:33:26.981315: | CERT 6f 6b 65 64 2e 63 72 6c 30 0d 06 09 2a 86 48 86 Sep 21 07:33:26.981317: | CERT f7 0d 01 01 0b 05 00 03 81 81 00 c0 be 88 d3 94 Sep 21 07:33:26.981318: | CERT e8 3a e9 d3 b3 fd ed 79 1d 46 48 36 a3 2a 00 15 Sep 21 07:33:26.981320: | CERT 9e 62 f1 22 44 4c 58 20 2e de 7d 7f 95 09 d5 bd Sep 21 07:33:26.981336: | CERT 95 29 e4 f8 99 e3 8f c0 67 b4 eb f6 4b a3 4e 69 Sep 21 07:33:26.981337: | CERT 48 de 1c 93 9f 22 c8 b7 ca bb e8 0c af 7e 5a cd Sep 21 07:33:26.981339: | CERT 90 0c b9 e5 4b 4a de cc c3 7c ea e6 3f 96 0c b5 Sep 21 07:33:26.981340: | CERT dc 5f 88 2d e7 e2 cc f5 f3 90 76 dc b3 05 1d 01 Sep 21 07:33:26.981341: | CERT 60 24 b8 8c a2 f7 26 17 04 4f 25 15 bc 7f 1c ff Sep 21 07:33:26.981343: | CERT 4a f7 81 eb 12 63 8b 11 8c 53 ba Sep 21 07:33:26.981345: | emitting length of ISAKMP Certificate Payload: 1232 Sep 21 07:33:26.981346: "north-a-dpd" #1: I am sending a certificate request Sep 21 07:33:26.981351: | ***emit ISAKMP Certificate RequestPayload: Sep 21 07:33:26.981354: | next payload type: ISAKMP_NEXT_SIG (0x9) Sep 21 07:33:26.981356: | cert type: CERT_X509_SIGNATURE (0x4) Sep 21 07:33:26.981359: | next payload chain: ignoring supplied 'ISAKMP Certificate RequestPayload'.'next payload type' value 9:ISAKMP_NEXT_SIG Sep 21 07:33:26.981361: | next payload chain: setting previous 'ISAKMP Certificate Payload'.'next payload type' to current ISAKMP Certificate RequestPayload (7:ISAKMP_NEXT_CR) Sep 21 07:33:26.981363: | next payload chain: saving location 'ISAKMP Certificate RequestPayload'.'next payload type' in 'reply packet' Sep 21 07:33:26.981365: | emitting 175 raw bytes of CA into ISAKMP Certificate RequestPayload Sep 21 07:33:26.981367: | CA 30 81 ac 31 0b 30 09 06 03 55 04 06 13 02 43 41 Sep 21 07:33:26.981381: | CA 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 Sep 21 07:33:26.981382: | CA 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 Sep 21 07:33:26.981384: | CA 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c Sep 21 07:33:26.981385: | CA 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 Sep 21 07:33:26.981386: | CA 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 Sep 21 07:33:26.981388: | CA 6e 74 31 25 30 23 06 03 55 04 03 0c 1c 4c 69 62 Sep 21 07:33:26.981402: | CA 72 65 73 77 61 6e 20 74 65 73 74 20 43 41 20 66 Sep 21 07:33:26.981403: | CA 6f 72 20 6d 61 69 6e 63 61 31 24 30 22 06 09 2a Sep 21 07:33:26.981405: | CA 86 48 86 f7 0d 01 09 01 16 15 74 65 73 74 69 6e Sep 21 07:33:26.981406: | CA 67 40 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 Sep 21 07:33:26.981410: | emitting length of ISAKMP Certificate RequestPayload: 180 Sep 21 07:33:26.981463: | started looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org of kind PKK_RSA Sep 21 07:33:26.981678: | searching for certificate PKK_RSA:AwEAAbrCE vs PKK_RSA:AwEAAbrCE Sep 21 07:33:26.987703: | ***emit ISAKMP Signature Payload: Sep 21 07:33:26.987714: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:26.987717: | next payload chain: setting previous 'ISAKMP Certificate RequestPayload'.'next payload type' to current ISAKMP Signature Payload (9:ISAKMP_NEXT_SIG) Sep 21 07:33:26.987719: | next payload chain: saving location 'ISAKMP Signature Payload'.'next payload type' in 'reply packet' Sep 21 07:33:26.987721: | emitting 384 raw bytes of SIG_I into ISAKMP Signature Payload Sep 21 07:33:26.987723: | SIG_I 4f 68 74 81 31 0d 82 c9 8a 16 4f 21 25 83 31 0c Sep 21 07:33:26.987725: | SIG_I 1c 8f 11 68 b7 33 a2 a6 d0 69 0c 75 9e 8a df 3b Sep 21 07:33:26.987726: | SIG_I 1d 0e 2d 9e c5 10 3f e7 d1 6e b1 4a 44 09 f9 f9 Sep 21 07:33:26.987727: | SIG_I aa 51 23 51 b6 5d b7 ca 0a b5 3a db b6 50 62 7e Sep 21 07:33:26.987729: | SIG_I e0 b1 18 e6 11 15 4b 2f f0 f4 2b 92 d3 c5 e1 dc Sep 21 07:33:26.987730: | SIG_I 73 4e f5 11 81 ed a9 c2 63 b2 0f 57 bb f1 ff e2 Sep 21 07:33:26.987732: | SIG_I a7 9a f9 65 a2 00 0f c2 dd aa f8 4d c3 a8 b6 ec Sep 21 07:33:26.987733: | SIG_I 2e c9 14 98 fc f5 52 48 ba 09 bf 30 4f 96 a3 e6 Sep 21 07:33:26.987734: | SIG_I f8 bf 57 32 b1 bc 29 a5 f8 91 6d 0e bc e7 f4 45 Sep 21 07:33:26.987736: | SIG_I 24 47 d2 1d 32 8d f5 19 57 2a bf 53 cc 09 01 f6 Sep 21 07:33:26.987737: | SIG_I a0 48 70 7c 5d fb 5b 76 cc af 99 86 bc 0b 38 b2 Sep 21 07:33:26.987738: | SIG_I f4 a1 19 d4 48 23 5c be e8 94 2e 1f 9f e7 8f c8 Sep 21 07:33:26.987740: | SIG_I 07 e0 1c 62 43 b0 c5 88 e8 79 11 d1 57 7d f6 de Sep 21 07:33:26.987741: | SIG_I 2b 82 1b 31 22 e7 a5 a5 bf ef 63 e6 40 c3 4c f6 Sep 21 07:33:26.987743: | SIG_I df af 98 4b e2 18 5b c6 a4 10 7e 0d ff 95 58 1a Sep 21 07:33:26.987744: | SIG_I b6 90 b0 db e7 4a fc 32 4d 42 a4 55 35 56 a9 dd Sep 21 07:33:26.987745: | SIG_I be 00 c3 6c 31 8f db 9d 00 bb 38 8f f2 d9 30 7b Sep 21 07:33:26.987747: | SIG_I e0 94 41 ce 05 5a 41 ce f8 b2 1e e8 59 25 f7 e2 Sep 21 07:33:26.987748: | SIG_I 6d 16 7b 22 ed a9 7c 17 3c 79 0a bf 1a b7 75 84 Sep 21 07:33:26.987749: | SIG_I d6 14 fd cf fa 1d ef 08 25 5a 33 6a de a0 3f 98 Sep 21 07:33:26.987751: | SIG_I 9c 1a cd df 6b 54 2a d5 b4 01 6f b4 65 bf 00 76 Sep 21 07:33:26.987752: | SIG_I 9e cb fd 0f 0f 4e d4 54 47 40 cc 2a 2b 71 70 ad Sep 21 07:33:26.987754: | SIG_I 12 f1 e1 6f b2 a2 d9 48 44 34 f5 6e f4 a0 e0 ee Sep 21 07:33:26.987755: | SIG_I 8e d3 8a 3c d5 c0 3d 0b 73 85 af 4d 6b 78 32 f5 Sep 21 07:33:26.987757: | emitting length of ISAKMP Signature Payload: 388 Sep 21 07:33:26.987758: | Not sending INITIAL_CONTACT Sep 21 07:33:26.987760: | emitting 7 zero bytes of encryption padding into ISAKMP Message Sep 21 07:33:26.987762: | no IKEv1 message padding required Sep 21 07:33:26.987764: | emitting length of ISAKMP Message: 2028 Sep 21 07:33:26.987778: | complete v1 state transition with STF_OK Sep 21 07:33:26.987787: | [RE]START processing: state #1 connection "north-a-dpd" from 192.1.2.23:500 (in complete_v1_state_transition() at ikev1.c:2649) Sep 21 07:33:26.987789: | #1 is idle Sep 21 07:33:26.987791: | doing_xauth:no, t_xauth_client_done:no Sep 21 07:33:26.987792: | IKEv1: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3 Sep 21 07:33:26.987795: | parent state #1: MAIN_I2(open IKE SA) => MAIN_I3(open IKE SA) Sep 21 07:33:26.987797: | event_already_set, deleting event Sep 21 07:33:26.987816: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:33:26.987820: | libevent_free: release ptr-libevent@0x55dbe1bf51f0 Sep 21 07:33:26.987826: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7fdadc002b20 Sep 21 07:33:26.987830: | sending reply packet to 192.1.2.23:500 (from 192.1.3.33:500) Sep 21 07:33:26.987836: | sending 2028 bytes for STATE_MAIN_I2 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Sep 21 07:33:26.987837: | 01 a7 a6 fa 98 79 9e af 66 81 7f f0 7d 2f b4 22 Sep 21 07:33:26.987839: | 05 10 02 01 00 00 00 00 00 00 07 ec 37 83 e6 f5 Sep 21 07:33:26.987840: | aa 09 d5 64 01 7b eb 71 c7 59 9e 57 06 ad 18 5a Sep 21 07:33:26.987841: | cd 10 25 df 10 e0 95 64 ae b4 00 2d 3c ab 14 37 Sep 21 07:33:26.987856: | 03 6a 9a 72 a8 34 8c 10 a6 5c af ea af 7d 8c 9d Sep 21 07:33:26.987857: | 8f a1 29 96 6d 5e 9e c9 06 b5 be 51 5c 2e e3 26 Sep 21 07:33:26.987859: | 20 f8 5e 32 70 5a c8 fe 3e 9a 31 22 72 02 75 a3 Sep 21 07:33:26.987860: | eb 8a fe 40 c0 28 b2 11 ee 66 b9 b9 b7 1f 3b a7 Sep 21 07:33:26.987861: | 2e 62 29 a2 e7 88 a0 c4 9c f6 06 04 40 8f 15 6f Sep 21 07:33:26.987863: | 5b d7 c9 c1 61 9f 2c 96 01 e0 8d 2f 24 3c d0 f3 Sep 21 07:33:26.987864: | f8 05 66 72 5c 3a 7e ee 4b bf 4e dd b6 a0 f8 c8 Sep 21 07:33:26.987865: | 03 d9 3a 10 74 3f ff 15 c7 08 13 51 19 cb eb e6 Sep 21 07:33:26.987867: | 8e 0f 2c 59 ab 95 db d5 6c a6 9d ab 7c 66 da 4e Sep 21 07:33:26.987868: | 45 3a 36 2b 13 70 fe a8 16 a1 ba ba a9 6e 73 3b Sep 21 07:33:26.987869: | df a7 11 33 e9 05 74 47 b8 96 8f 8b 14 d9 d0 50 Sep 21 07:33:26.987871: | 4e 5c 6d c0 e6 24 23 85 b9 b6 54 e2 11 da 4e 0f Sep 21 07:33:26.987872: | 39 f4 a4 c6 54 39 58 b0 99 05 3f 7d 26 42 25 af Sep 21 07:33:26.987874: | 97 f9 3f ca c7 7e c4 f3 59 09 00 56 08 23 b1 92 Sep 21 07:33:26.987875: | bd 25 67 26 1d 08 71 05 95 e4 6e 24 84 e6 7a 47 Sep 21 07:33:26.987876: | 3c a5 81 6a 7d eb c1 46 9d 38 b6 27 86 93 ca b1 Sep 21 07:33:26.987878: | ef 57 4c 7f f2 7d 0e 23 aa 39 1b 75 fd 46 05 d0 Sep 21 07:33:26.987879: | dc 18 03 fe c2 ea 83 fc 46 67 3b c5 c0 20 ed f7 Sep 21 07:33:26.987880: | 76 31 24 6d 76 0b e9 0d af ea b1 13 82 33 c1 b7 Sep 21 07:33:26.987882: | 81 33 f8 0b c5 dd 1e 80 be c0 35 f2 97 cc 39 a0 Sep 21 07:33:26.987883: | 48 39 14 11 f9 9e 4f bb da 36 ff 56 ab e3 de ce Sep 21 07:33:26.987885: | 46 2b 63 51 48 90 a6 f7 57 33 d6 65 6c 6e 19 05 Sep 21 07:33:26.987886: | 22 49 47 81 71 88 f6 56 d3 64 28 7d db 70 a3 2a Sep 21 07:33:26.987910: | 51 11 60 89 ec 99 3d de cc c3 60 98 e5 b2 28 52 Sep 21 07:33:26.987911: | 91 35 e1 c0 58 1d 6c a9 ce a7 13 9b 17 6d 1a 1c Sep 21 07:33:26.987913: | b7 67 8d 5d 45 ae 1c 83 c5 7d 2d d1 01 9a aa 9d Sep 21 07:33:26.987914: | c9 0d 83 41 bf e7 8e dc e2 90 c7 a8 8e bc 1c 81 Sep 21 07:33:26.987915: | 90 74 29 7f 36 de 1e ff c8 68 af 1e 3e a2 61 cd Sep 21 07:33:26.987917: | f7 0c 82 01 9e d9 ee 9d ed 3f 96 19 35 4d a4 d4 Sep 21 07:33:26.987918: | b4 1e f5 fa 39 17 f4 67 6b cd e0 d9 52 09 47 87 Sep 21 07:33:26.987920: | 4b 7b be de 54 e3 70 2e 40 f4 b9 02 2b 51 f7 f9 Sep 21 07:33:26.987921: | a4 c8 d0 bd 5b 1c 38 ef 4c af 96 95 e0 50 54 53 Sep 21 07:33:26.987922: | 67 48 de 1e af 9e ab 16 3a 02 d2 cc 84 55 5a 9d Sep 21 07:33:26.987924: | 7e 2c a1 86 5f 9b f5 3c 87 f6 d6 4e 16 72 d4 d6 Sep 21 07:33:26.987925: | fd f7 0d e5 dc 63 85 47 f2 e8 af 2d 8b 44 7a ce Sep 21 07:33:26.987927: | 0b c2 4a df 75 f7 90 2c 52 26 70 70 8e 10 46 d2 Sep 21 07:33:26.987928: | be 43 e6 9b 95 63 ef e4 23 88 83 b9 d8 52 7e b4 Sep 21 07:33:26.987943: | 94 24 30 5f ff 4e 90 ef 45 ea 67 19 f0 8c b7 2b Sep 21 07:33:26.987944: | ec 6e b0 f7 60 7e e1 c0 2a 01 ef a7 61 71 f8 e2 Sep 21 07:33:26.987946: | 2a af b0 eb 06 e1 51 88 02 68 cd b5 c7 8a 5f 94 Sep 21 07:33:26.987947: | cd c9 63 e4 70 4d 0d 03 70 f0 dc b0 e5 10 ef e5 Sep 21 07:33:26.987948: | a7 3f 89 e9 01 32 d3 6f 23 fa db 4d 14 76 63 b6 Sep 21 07:33:26.987950: | 90 10 62 59 c3 fd 50 24 41 58 64 71 bc 6d c0 28 Sep 21 07:33:26.987951: | 6e ca 8a 1d 77 8b 9f a5 c0 10 c4 3e 23 37 91 96 Sep 21 07:33:26.987953: | 95 cf 19 6c 3b 76 d1 77 5d 3d b1 6c 2a 8b 79 17 Sep 21 07:33:26.987955: | 9c d4 75 f5 01 3d 5b dc bd 1c 97 33 74 70 29 6c Sep 21 07:33:26.987956: | 20 7c df 17 ef ab 1c 28 a0 f1 5b 8f b6 4b bb 08 Sep 21 07:33:26.987958: | 4e 5b 35 92 82 e2 41 e4 af 35 e0 db e1 59 ac d2 Sep 21 07:33:26.987959: | 4d d8 8d b5 98 5d 77 42 eb d5 66 f7 5b 4c 05 f8 Sep 21 07:33:26.987960: | a2 d6 73 ad 88 87 d3 5c d7 b8 32 b3 bb 64 ae f9 Sep 21 07:33:26.987962: | 1b 3b 51 aa cb 14 04 4b 21 e2 41 77 7c e6 78 89 Sep 21 07:33:26.987963: | b8 49 4c cc a7 a8 5d ae 9d 19 fb 2e 1e 99 07 a3 Sep 21 07:33:26.987964: | da 78 b9 e5 d8 d5 d2 b8 b6 96 ca f8 12 b5 42 70 Sep 21 07:33:26.987966: | 32 2e b7 f9 05 29 ee 44 06 a9 2a f8 86 84 61 55 Sep 21 07:33:26.987967: | ac 3e 90 7d 54 fc ab 1e de c9 c8 af 25 e6 5b 33 Sep 21 07:33:26.987969: | eb 81 25 97 50 dc 5a 01 18 fa b9 27 9d 5e 06 b8 Sep 21 07:33:26.987970: | be 27 33 39 9c d1 6a ae 38 c1 81 c1 87 30 4e 41 Sep 21 07:33:26.987971: | b7 52 cf 1a fa c5 12 ba 70 ae 5c 9e 8d 82 06 13 Sep 21 07:33:26.987973: | 2c 5b 13 d6 9a 26 34 c6 b2 f1 d7 8d b1 a4 de fc Sep 21 07:33:26.987974: | 91 b4 0c 75 5f b9 4f 74 e8 09 e0 05 c8 8f fe e4 Sep 21 07:33:26.987975: | 21 22 04 a9 06 85 7d 3a 67 f0 0b a9 00 df 92 1f Sep 21 07:33:26.987977: | a3 4f 0e a4 d8 82 fd c6 60 80 49 f4 a9 eb 42 ea Sep 21 07:33:26.987978: | 9d 0a 52 01 18 11 53 6a e0 aa 3b 36 20 39 dd aa Sep 21 07:33:26.987980: | 09 a1 18 5c 1b cb 33 43 eb 11 61 c7 2f 14 6b 73 Sep 21 07:33:26.987981: | 13 7e 47 af a6 26 5f 06 35 a8 8d 75 d8 55 75 23 Sep 21 07:33:26.987982: | ba 07 50 87 75 5a bc 85 28 37 3f 7f a5 11 96 cc Sep 21 07:33:26.987984: | bb d6 77 81 69 25 1a a7 c8 d9 e5 b1 f9 50 48 8f Sep 21 07:33:26.987985: | 74 b9 2d 9a f6 84 d0 20 5e ac d9 c4 3d fb b2 56 Sep 21 07:33:26.987986: | 66 b0 c5 9e 7f 06 8c ca ef 97 81 61 f3 80 3f 36 Sep 21 07:33:26.987988: | 9a 8c 2b b1 d5 9d b7 b7 b9 c3 87 c4 03 c9 53 50 Sep 21 07:33:26.987989: | c4 6f 23 0f f1 45 df 46 49 66 30 6f 52 24 09 7d Sep 21 07:33:26.987991: | 4e 15 0f b6 a6 04 c6 9c ba 84 dd d6 72 d1 fc 6a Sep 21 07:33:26.987992: | 74 d1 9a 88 cc 88 6a a9 a6 2f b9 a7 d2 50 59 cc Sep 21 07:33:26.987993: | d0 4e f7 b2 ff 46 67 7e 10 2b 0f cd 87 cb e7 8c Sep 21 07:33:26.987995: | 5b 3c 86 a3 fe ef 7b 79 6b 17 bd 0f c2 5f 17 f5 Sep 21 07:33:26.987996: | 3e 6d c5 4a 2b 1a d0 f2 4c 06 90 63 01 62 eb 64 Sep 21 07:33:26.987997: | 62 0d 2a e8 86 e6 a7 36 d0 e6 f5 76 bc a1 d4 9b Sep 21 07:33:26.987999: | cd e6 65 34 44 19 16 3d 56 84 4b 55 e2 b0 8e 9a Sep 21 07:33:26.988000: | 31 eb 4d 81 e4 75 35 98 83 4b c9 1e 3a 10 fc 3a Sep 21 07:33:26.988002: | 20 6b 55 83 07 c5 c8 03 0b be d3 b0 2c 5b bd 52 Sep 21 07:33:26.988003: | 4f a1 6b ac b1 2f 83 b5 b3 f4 1b 7f 24 8a 8a 49 Sep 21 07:33:26.988004: | 90 69 f3 44 d3 b6 30 86 c4 91 a5 f7 18 1d 8d d1 Sep 21 07:33:26.988006: | 70 58 27 87 e0 f2 2c b5 35 b4 ad c6 06 49 ba e5 Sep 21 07:33:26.988007: | 96 b0 88 76 0b 9c d4 bd e4 72 7e 70 35 e9 cd a5 Sep 21 07:33:26.988008: | e2 d0 8c 5f 71 a6 21 16 26 57 32 17 42 c7 0e 95 Sep 21 07:33:26.988010: | 6e 83 1d 7d bf f9 66 68 d4 fc b6 7d ef 34 b4 21 Sep 21 07:33:26.988011: | ba 5b d8 54 98 71 bf be 64 ec 79 4a ba 74 3a cb Sep 21 07:33:26.988012: | d7 dc ec ba 11 c2 20 b7 c7 82 1b 82 63 ed a5 b4 Sep 21 07:33:26.988014: | 4c c8 c9 14 a5 4d a1 fa 9c 40 9b 13 7a cd a5 bb Sep 21 07:33:26.988015: | 35 eb dd a6 73 85 40 be 5b 94 a5 7a 07 f1 47 d3 Sep 21 07:33:26.988017: | fb b1 0b 7f 35 f8 84 de c4 80 a5 30 41 39 18 3d Sep 21 07:33:26.988018: | cd 3a c7 5c c4 b9 bc 03 9c 0a b7 09 2c 32 ac 8c Sep 21 07:33:26.988019: | 80 08 0f 8e 92 28 57 95 88 57 36 ee 12 93 28 06 Sep 21 07:33:26.988021: | bc 3b 44 fc c1 bf 70 4a 68 84 9e cb e0 77 39 c8 Sep 21 07:33:26.988022: | 33 53 9d c8 39 5c 04 9b 15 99 8f 5b 0a 13 f2 e1 Sep 21 07:33:26.988023: | de 0d 49 03 94 50 d9 98 0f de 13 cd 07 34 2d f8 Sep 21 07:33:26.988026: | f3 5c c6 4a 98 b1 f7 d9 ec 96 ce 4c 77 77 53 41 Sep 21 07:33:26.988027: | ee 03 39 78 5f 35 ec 78 37 24 81 44 b8 96 f4 7b Sep 21 07:33:26.988029: | a2 9c 10 93 e1 ae 8f e0 59 ef 54 54 85 9b b2 63 Sep 21 07:33:26.988030: | 0f 85 57 aa 8a 2d f6 31 ec 1c f4 f4 ef d5 6e 92 Sep 21 07:33:26.988031: | 04 56 a6 46 96 6b 10 16 80 00 a3 70 b7 dc 14 d1 Sep 21 07:33:26.988033: | df c6 a4 8f c1 63 95 0d ad 61 cd af 0a 50 5c fe Sep 21 07:33:26.988034: | b5 37 c4 ce 99 58 42 49 70 d7 a2 87 60 b8 b9 e1 Sep 21 07:33:26.988035: | 58 ff f1 37 db 2f 9c 47 3f 92 11 d3 b9 de 9d 0c Sep 21 07:33:26.988037: | 88 b6 82 1f 24 a0 a4 78 d0 d7 04 f5 e6 4f 8e 84 Sep 21 07:33:26.988038: | 55 d2 24 f8 ee bc 38 65 c8 93 d9 30 2a 6f ee 74 Sep 21 07:33:26.988039: | 30 e4 7e 77 bc 1b 25 e4 cc 4e 6f e7 1a 20 75 e0 Sep 21 07:33:26.988041: | bb 68 ff 0d 6a 5a 7e c6 34 59 70 30 0c fe 36 e6 Sep 21 07:33:26.988042: | 40 fd c2 7e bf 03 36 d8 47 e8 86 72 bb a5 57 11 Sep 21 07:33:26.988044: | e0 5a f0 7b f7 2a 95 4a c4 4a 21 cd e4 b4 f1 28 Sep 21 07:33:26.988045: | 54 6c 2d 86 40 82 2c 9a f2 90 05 17 9e 00 3a b7 Sep 21 07:33:26.988046: | 9c b9 a3 7b 33 96 6a 08 2b 70 e0 ca c3 62 ca 90 Sep 21 07:33:26.988048: | b6 b5 92 f9 10 5e df fc bc 4f 83 b7 42 5c 1b 7e Sep 21 07:33:26.988049: | 8e bc 7b 50 ae ad 9c c3 28 1f 97 31 c9 72 24 e6 Sep 21 07:33:26.988050: | 3c fd d6 7c e7 f6 99 b0 c1 7b 6d 5d a7 9d be 9d Sep 21 07:33:26.988052: | ee 7d 0f 47 ec c1 09 09 31 c0 06 5f 18 0c c8 09 Sep 21 07:33:26.988053: | c2 b0 c0 0b 43 69 b0 a2 e0 c7 0b 3e b8 87 56 a5 Sep 21 07:33:26.988055: | 14 92 80 89 e2 bf a4 46 07 cc de 66 07 24 f6 92 Sep 21 07:33:26.988056: | 72 cb 86 56 e1 bf 48 8d 70 be a6 ab 7c d0 a1 8d Sep 21 07:33:26.988057: | 77 8a 9b 9c f2 8b bf de f1 1a 03 1f 60 35 b1 6f Sep 21 07:33:26.988059: | f7 81 d7 2c ce 08 67 41 ae 21 e0 4a ed c4 54 8d Sep 21 07:33:26.988060: | 1d 60 95 0e 96 6c aa 2c c7 27 14 89 71 22 0e ba Sep 21 07:33:26.988061: | fc 29 d7 fb aa fa 98 c7 50 96 9c c4 Sep 21 07:33:26.988128: | !event_already_set at reschedule Sep 21 07:33:26.988133: | event_schedule: new EVENT_RETRANSMIT-pe@0x55dbe1c045d0 Sep 21 07:33:26.988136: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #1 Sep 21 07:33:26.988138: | libevent_malloc: new ptr-libevent@0x55dbe1bf51f0 size 128 Sep 21 07:33:26.988142: | #1 STATE_MAIN_I3: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 49853.356397 Sep 21 07:33:26.988145: "north-a-dpd" #1: STATE_MAIN_I3: sent MI3, expecting MR3 Sep 21 07:33:26.988154: | modecfg pull: noquirk policy:push not-client Sep 21 07:33:26.988156: | phase 1 is done, looking for phase 2 to unpend Sep 21 07:33:26.988160: | resume sending helper answer for #1 suppresed complete_v1_state_transition() Sep 21 07:33:26.988166: | #1 spent 7.07 milliseconds in resume sending helper answer Sep 21 07:33:26.988171: | stop processing: state #1 connection "north-a-dpd" from 192.1.2.23:500 (in resume_handler() at server.c:833) Sep 21 07:33:26.988174: | libevent_free: release ptr-libevent@0x7fdad4004f00 Sep 21 07:33:26.997925: | spent 0.00307 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:33:26.997952: | *received 1884 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Sep 21 07:33:26.997956: | 01 a7 a6 fa 98 79 9e af 66 81 7f f0 7d 2f b4 22 Sep 21 07:33:26.997958: | 05 10 02 01 00 00 00 00 00 00 07 5c 14 e3 2e 9d Sep 21 07:33:26.997960: | b5 36 a4 4f 41 a5 c7 ef 0d 87 22 45 c4 ee fa fe Sep 21 07:33:26.997962: | b6 e0 ec f6 18 3f f5 fa 34 81 78 00 e4 70 d4 f3 Sep 21 07:33:26.997965: | 14 dd f4 ea 9d 33 3d 82 8f c3 17 f7 c8 4b 09 57 Sep 21 07:33:26.997967: | 99 fc 90 d8 9d 5c d0 c9 d6 46 df 8b 5f 2d aa 80 Sep 21 07:33:26.997969: | 3d 90 69 33 8b ca 6c a4 18 22 56 69 4c f9 d3 73 Sep 21 07:33:26.997971: | 4f 6a d9 48 2d f2 1d 2e 2d a7 f0 63 c2 ce ef ba Sep 21 07:33:26.997973: | 14 86 f3 aa 5d 40 d4 b3 1d 6d 4a 62 ac 44 9c 10 Sep 21 07:33:26.997978: | 2d 98 3e 59 64 79 7d 17 05 05 2f df 1b 72 a2 b4 Sep 21 07:33:26.997980: | 78 aa cb cc 66 57 29 fc fb 35 94 a7 f8 46 d8 57 Sep 21 07:33:26.997982: | b3 77 eb a0 33 79 34 40 32 e5 a0 a9 37 82 6c eb Sep 21 07:33:26.997984: | 93 60 bf 78 db 6f 8f 1e 19 19 09 e2 3f 27 b9 21 Sep 21 07:33:26.997987: | 49 9a 40 d5 48 ff d1 a1 a9 85 bb 0e 3c a0 7b 27 Sep 21 07:33:26.997989: | 06 c5 18 63 9b f0 c6 c3 b3 8c 9f 07 45 38 7c 9c Sep 21 07:33:26.997991: | 1a 17 77 b4 01 41 3a 53 68 0f c8 f3 5d 6a f4 df Sep 21 07:33:26.997993: | 3c b5 96 7c fc ed bb f7 f8 88 d2 d0 ad ea 4e 2a Sep 21 07:33:26.997995: | 7e 10 d8 1c 6e 55 bc 20 97 74 25 c2 aa 09 4d e9 Sep 21 07:33:26.997998: | 2c 11 01 f6 d3 39 57 b6 5e e1 56 c6 b0 42 6c f9 Sep 21 07:33:26.998000: | 71 de f0 c2 d3 fd e7 d8 fb ba dd 9d 36 e7 99 06 Sep 21 07:33:26.998002: | 01 75 2a 6a c6 e4 ab 63 53 c0 e2 7e 79 05 39 a2 Sep 21 07:33:26.998004: | fc a3 e7 a8 9b 2a 3a 7e a4 0e 06 f8 ef b5 77 dc Sep 21 07:33:26.998006: | ae 83 98 86 67 e2 21 fe 27 8a 6a d7 b9 99 19 48 Sep 21 07:33:26.998009: | 44 3d b3 86 95 d0 27 bb 77 87 87 6d bc 7d 2a ea Sep 21 07:33:26.998011: | 4f ee cc e9 f0 97 bf 35 4d 7e 1c 17 32 bd e6 ac Sep 21 07:33:26.998013: | e9 29 33 79 27 6d d8 10 0d f0 c3 9e cb 3a 11 76 Sep 21 07:33:26.998015: | a6 65 2b 80 3d cc fa 4e 39 ab ef d9 aa 89 72 ba Sep 21 07:33:26.998017: | ff f0 29 15 81 8d c4 bb 91 a5 d4 77 23 6b 53 54 Sep 21 07:33:26.998019: | 8e 73 31 b1 ef 2d a9 0b ba 04 c9 5f c6 41 53 f6 Sep 21 07:33:26.998022: | b5 fb 99 e9 27 fe 81 fa 45 57 69 c7 82 81 24 1b Sep 21 07:33:26.998024: | 3f ce 73 53 cb 44 70 f6 f0 c4 e6 2c 22 a6 ce 42 Sep 21 07:33:26.998026: | ad 98 4c 3e a8 45 85 5b d5 01 fb 48 12 fe 84 64 Sep 21 07:33:26.998028: | 98 5e 5e 86 c6 1a 34 36 85 48 6b d7 33 81 61 da Sep 21 07:33:26.998030: | 4d f5 22 86 05 98 11 8c d9 03 df 5f 19 c7 ee 3c Sep 21 07:33:26.998033: | 79 ed 84 e6 b8 08 df 39 0c 98 59 52 b9 ff 8e 08 Sep 21 07:33:26.998035: | 7f dc c0 20 fe c8 43 de 03 d7 9b f8 d7 4c fc 27 Sep 21 07:33:26.998037: | f6 3b aa 50 0f 98 fe 1e 0b d7 d2 8d dd cb be 13 Sep 21 07:33:26.998039: | dc 08 ba 05 75 e7 5d 31 f8 36 a6 a7 65 a1 d5 ca Sep 21 07:33:26.998041: | 9c 85 56 63 99 7f 97 d2 23 17 34 38 4b 6a 85 ae Sep 21 07:33:26.998044: | cf 88 41 80 47 c0 08 cf a0 97 d9 9e e0 ff 33 76 Sep 21 07:33:26.998046: | 15 d0 4d c4 d5 bf 2b 16 e6 b4 24 32 de 9e 78 8a Sep 21 07:33:26.998048: | 9b 93 3b a0 8a 61 c3 7a 0d e3 d6 f5 27 57 e9 d0 Sep 21 07:33:26.998050: | 0d c0 bb 65 d0 35 e8 a7 fd 1a 49 7b 5e 09 9a 30 Sep 21 07:33:26.998052: | 9e 4b 3e ad 04 cf b6 42 bc 18 6a d1 ff c4 d3 2b Sep 21 07:33:26.998055: | 13 fa 31 92 87 d3 1f 5a a2 6c 63 60 23 1e bc dc Sep 21 07:33:26.998057: | f3 10 15 3a 07 64 9c 6f 4b 3d 3a ba 8e 31 07 ee Sep 21 07:33:26.998059: | 27 8f 69 61 1c 5e 70 62 17 df 27 4d 83 b9 95 ad Sep 21 07:33:26.998061: | ca e9 9c be 99 f1 fc 51 8f c0 02 b2 ca 34 bc 53 Sep 21 07:33:26.998063: | 2a 00 80 37 3e 50 27 0b 0f a6 cb 61 6d cc 51 b9 Sep 21 07:33:26.998066: | 39 87 94 1e 34 d7 cb b1 11 86 b2 d3 cf 71 2c 09 Sep 21 07:33:26.998068: | 06 ba 99 4c 9a ca 8d 40 48 90 dd 64 22 65 fd 14 Sep 21 07:33:26.998070: | 16 7b d3 dc e7 b3 32 99 d3 b4 f5 6f 27 a0 7b eb Sep 21 07:33:26.998072: | b5 75 8c 28 0c 3a 04 bf 1a 0b da bf 30 9d 6d bf Sep 21 07:33:26.998074: | 57 10 66 06 22 d1 0d 01 ab 82 96 21 b6 e5 a0 2d Sep 21 07:33:26.998076: | 04 fc df a6 e6 58 da 93 58 ea d6 81 66 e4 c1 2a Sep 21 07:33:26.998079: | b3 41 9f 9f 0e e0 2c c9 06 96 6b d6 bd 1b 95 57 Sep 21 07:33:26.998081: | cd 25 43 42 4b 08 b8 f5 b5 14 5f 19 0a 21 9e 80 Sep 21 07:33:26.998083: | e6 45 66 71 12 74 11 60 4c 3e ab 96 5a e4 9c 34 Sep 21 07:33:26.998085: | 50 2a bd e5 db 38 f3 9a 3c 4b 0a ab e5 fc 92 44 Sep 21 07:33:26.998087: | 05 72 19 3c be 2d 89 56 01 e7 8c 52 7b e2 32 d1 Sep 21 07:33:26.998090: | c9 75 61 19 26 80 8d 72 36 9d 3a ab c6 3a 62 25 Sep 21 07:33:26.998093: | b4 b0 a4 e6 19 f7 fe 7f e6 f3 b2 1b 78 fb 66 ba Sep 21 07:33:26.998095: | 86 68 66 42 6a c6 e9 4e 61 08 69 58 a7 cf d8 1d Sep 21 07:33:26.998097: | 38 27 2b 37 ea 55 dd 93 ae 84 fa 1a 14 d2 b6 8a Sep 21 07:33:26.998100: | f5 b9 84 35 6c fc f5 43 90 99 1a b7 07 70 d6 13 Sep 21 07:33:26.998102: | 65 09 cc 6f 6c 73 5d 8b a2 b8 3a 3c 3a f9 20 d7 Sep 21 07:33:26.998104: | 1c 9a 15 bb 1a 5b 56 9c 94 36 05 60 0c a6 04 5e Sep 21 07:33:26.998106: | 0d 04 81 67 5a ae 5d 5f c3 13 a5 4d 34 dc e5 ee Sep 21 07:33:26.998108: | b0 8e 22 03 52 bf 87 71 db 54 e6 3b 40 57 ed 6a Sep 21 07:33:26.998111: | 09 d3 42 61 08 60 8c 8a 5d f2 6e 85 63 11 7f cf Sep 21 07:33:26.998113: | df 7b cb 75 d7 23 18 44 01 28 0c 6c 69 96 a0 d1 Sep 21 07:33:26.998115: | 53 fe 48 d8 15 9b 49 4a 60 10 98 24 9e 0e 22 8e Sep 21 07:33:26.998117: | 8a 37 ed 9d a3 cf 43 a2 14 02 42 50 2c d6 72 0c Sep 21 07:33:26.998120: | 1e 41 f8 14 65 f5 ff 1a b3 0e fe 1d 40 03 b0 c4 Sep 21 07:33:26.998122: | f1 07 d2 e3 62 90 3a 6a 0c b7 e7 db 90 c0 cd 7f Sep 21 07:33:26.998124: | 67 fb f4 8c 97 aa d5 e5 3d 86 d7 1c e6 fe 25 fb Sep 21 07:33:26.998126: | 68 c7 74 61 71 d4 60 9b 6a cc b1 9e f7 18 53 1d Sep 21 07:33:26.998128: | 81 d8 91 15 e3 31 f8 b8 55 b7 be 47 cb d1 b5 70 Sep 21 07:33:26.998131: | b4 46 76 38 77 b7 51 8b ad 4b 33 02 92 9b 83 47 Sep 21 07:33:26.998133: | 3e 83 9e 79 00 fd cf 65 4f 53 81 c5 f0 90 9d ac Sep 21 07:33:26.998135: | b5 6e 93 d9 4d 0e a3 41 bb 7a f4 5d 3e 8b 86 f7 Sep 21 07:33:26.998137: | d7 36 e5 e8 5f d8 3e 6e 82 85 0f 24 44 1d 2c ae Sep 21 07:33:26.998139: | 2d 06 db 7e 35 48 79 8d 80 29 44 c5 a4 4b ec 6c Sep 21 07:33:26.998141: | f0 36 75 fc ad 9c bc 25 dc e8 43 f8 3c a3 53 df Sep 21 07:33:26.998144: | 8f 15 ad 09 6b 23 05 a2 1e 83 16 9f 39 df 3b 4b Sep 21 07:33:26.998146: | 3f 8b de d7 3f 1d 90 c0 0c 55 9f 9a b3 72 3a 02 Sep 21 07:33:26.998148: | 79 a7 d7 82 01 6f 99 a5 0c 4b a6 c6 2e 68 e2 99 Sep 21 07:33:26.998150: | a3 41 84 e7 f5 45 0c 76 80 e1 4a ed 68 77 4a 93 Sep 21 07:33:26.998152: | 30 8a 7a b8 3f fc da fe 10 c0 a7 45 fd 16 c9 41 Sep 21 07:33:26.998155: | 19 02 d1 1d 52 52 85 92 70 f4 77 58 9b d5 bf d0 Sep 21 07:33:26.998157: | 7c 45 cd 7e 09 79 ca 70 8a e5 33 d1 51 04 bd f8 Sep 21 07:33:26.998159: | c8 1b 70 bb dc 62 85 e6 41 0a 8d 71 8f e2 81 11 Sep 21 07:33:26.998161: | cb fe dd d5 d5 ae 2d a3 70 fb b7 cb 3e 54 e0 62 Sep 21 07:33:26.998163: | bc 68 cd e1 8d a0 58 f0 0d 8b 01 07 7f 89 c8 f7 Sep 21 07:33:26.998166: | e7 7a da b1 2b 8d fa f1 b3 77 9e ef 68 56 21 6e Sep 21 07:33:26.998168: | ee 87 f6 22 a1 f0 21 85 68 b5 ca 4e 7c 12 f3 47 Sep 21 07:33:26.998170: | 1a be 79 ea ff 30 99 00 0d 80 bf 21 2c b8 1f 16 Sep 21 07:33:26.998172: | bb e4 50 a3 00 4c 3a d8 cd 42 0a 22 a5 69 e8 50 Sep 21 07:33:26.998174: | 07 b9 cc 32 6b a2 4c 0c cd 2a 7b a7 c2 77 14 d8 Sep 21 07:33:26.998176: | c4 96 6f a4 ef c7 43 79 3b de 6c 6c 4a 0e 00 85 Sep 21 07:33:26.998179: | 76 41 a2 ee 11 3d b6 a2 5b e0 97 20 40 5a 51 e7 Sep 21 07:33:26.998181: | 0b 27 81 a1 b8 81 43 07 22 eb f1 66 ca f9 c4 4f Sep 21 07:33:26.998183: | e6 d2 db c0 6e db 5a 00 37 c4 9d 37 99 03 9a b9 Sep 21 07:33:26.998185: | 68 32 6c dc 3d c1 40 57 e9 98 d4 ce b3 ba 61 06 Sep 21 07:33:26.998188: | 5f 11 b5 d5 6e 5a 5a 7a 87 23 e3 79 e2 72 65 26 Sep 21 07:33:26.998190: | e9 de 6b 6e 3c 30 a8 63 ff 0d ae 34 58 d1 82 26 Sep 21 07:33:26.998192: | 7c 75 24 6c b3 c4 16 eb 17 b7 a3 ab 59 22 27 a2 Sep 21 07:33:26.998194: | b8 1f 3d e4 1d 08 b8 85 b0 a3 1e c3 7e 4f 8c d4 Sep 21 07:33:26.998196: | 2c d8 78 ed d3 d8 ae 97 d9 35 86 49 67 4b 2f 69 Sep 21 07:33:26.998199: | b4 c8 56 97 68 ff ec 36 d3 82 ec 09 1e 10 b8 ad Sep 21 07:33:26.998201: | d8 61 dc 6e ee 44 99 3e 8d 7c 2d 61 a1 38 b2 41 Sep 21 07:33:26.998203: | 1e 89 b1 0a 26 a6 2e 14 95 9f 1d c0 44 25 ca cf Sep 21 07:33:26.998206: | f7 95 95 4c 95 93 9b d6 86 b8 43 69 db e4 c7 30 Sep 21 07:33:26.998209: | c7 26 42 ed 6e 1c 0f d5 8b a2 b8 66 e8 f0 3f fc Sep 21 07:33:26.998211: | a8 2f 0e 56 fa 6a 63 85 0c e4 2d c9 5a c2 3b fd Sep 21 07:33:26.998213: | 23 32 9f 45 e3 70 4a 5c 70 5f ea dd 01 f0 ed dd Sep 21 07:33:26.998215: | bd 3b a3 b7 88 ee ec 1f 33 48 b9 41 15 e8 98 f5 Sep 21 07:33:26.998217: | d5 80 7a f8 03 4c 5a a7 5a 25 67 fa Sep 21 07:33:26.998222: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:33:26.998225: | **parse ISAKMP Message: Sep 21 07:33:26.998228: | initiator cookie: Sep 21 07:33:26.998230: | 01 a7 a6 fa 98 79 9e af Sep 21 07:33:26.998232: | responder cookie: Sep 21 07:33:26.998234: | 66 81 7f f0 7d 2f b4 22 Sep 21 07:33:26.998237: | next payload type: ISAKMP_NEXT_ID (0x5) Sep 21 07:33:26.998239: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:33:26.998242: | exchange type: ISAKMP_XCHG_IDPROT (0x2) Sep 21 07:33:26.998245: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Sep 21 07:33:26.998247: | Message ID: 0 (0x0) Sep 21 07:33:26.998249: | length: 1884 (0x75c) Sep 21 07:33:26.998252: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) Sep 21 07:33:26.998256: | State DB: found IKEv1 state #1 in MAIN_I3 (find_state_ikev1) Sep 21 07:33:26.998261: | start processing: state #1 connection "north-a-dpd" from 192.1.2.23:500 (in process_v1_packet() at ikev1.c:1435) Sep 21 07:33:26.998264: | #1 is idle Sep 21 07:33:26.998266: | #1 idle Sep 21 07:33:26.998270: | received encrypted packet from 192.1.2.23:500 Sep 21 07:33:26.998287: | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x220 opt: 0x20c0 Sep 21 07:33:26.998290: | ***parse ISAKMP Identification Payload: Sep 21 07:33:26.998293: | next payload type: ISAKMP_NEXT_CERT (0x6) Sep 21 07:33:26.998295: | length: 191 (0xbf) Sep 21 07:33:26.998297: | ID type: ID_DER_ASN1_DN (0x9) Sep 21 07:33:26.998300: | DOI specific A: 0 (0x0) Sep 21 07:33:26.998302: | DOI specific B: 0 (0x0) Sep 21 07:33:26.998305: | obj: 30 81 b4 31 0b 30 09 06 03 55 04 06 13 02 43 41 Sep 21 07:33:26.998307: | obj: 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 Sep 21 07:33:26.998309: | obj: 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 Sep 21 07:33:26.998311: | obj: 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c Sep 21 07:33:26.998314: | obj: 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 Sep 21 07:33:26.998316: | obj: 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 Sep 21 07:33:26.998318: | obj: 6e 74 31 23 30 21 06 03 55 04 03 0c 1a 65 61 73 Sep 21 07:33:26.998320: | obj: 74 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 Sep 21 07:33:26.998323: | obj: 77 61 6e 2e 6f 72 67 31 2e 30 2c 06 09 2a 86 48 Sep 21 07:33:26.998325: | obj: 86 f7 0d 01 09 01 16 1f 75 73 65 72 2d 65 61 73 Sep 21 07:33:26.998327: | obj: 74 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 Sep 21 07:33:26.998329: | obj: 77 61 6e 2e 6f 72 67 Sep 21 07:33:26.998332: | got payload 0x40 (ISAKMP_NEXT_CERT) needed: 0x200 opt: 0x20c0 Sep 21 07:33:26.998334: | ***parse ISAKMP Certificate Payload: Sep 21 07:33:26.998337: | next payload type: ISAKMP_NEXT_SIG (0x9) Sep 21 07:33:26.998339: | length: 1265 (0x4f1) Sep 21 07:33:26.998341: | cert encoding: CERT_X509_SIGNATURE (0x4) Sep 21 07:33:26.998344: | got payload 0x200 (ISAKMP_NEXT_SIG) needed: 0x200 opt: 0x20c0 Sep 21 07:33:26.998346: | ***parse ISAKMP Signature Payload: Sep 21 07:33:26.998349: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:26.998351: | length: 388 (0x184) Sep 21 07:33:26.998353: | removing 12 bytes of padding Sep 21 07:33:26.998356: | message 'main_inR3' HASH payload not checked early Sep 21 07:33:26.998361: | DER ASN1 DN: 30 81 b4 31 0b 30 09 06 03 55 04 06 13 02 43 41 Sep 21 07:33:26.998363: | DER ASN1 DN: 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 Sep 21 07:33:26.998365: | DER ASN1 DN: 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 Sep 21 07:33:26.998369: | DER ASN1 DN: 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c Sep 21 07:33:26.998371: | DER ASN1 DN: 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 Sep 21 07:33:26.998373: | DER ASN1 DN: 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 Sep 21 07:33:26.998376: | DER ASN1 DN: 6e 74 31 23 30 21 06 03 55 04 03 0c 1a 65 61 73 Sep 21 07:33:26.998378: | DER ASN1 DN: 74 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 Sep 21 07:33:26.998380: | DER ASN1 DN: 77 61 6e 2e 6f 72 67 31 2e 30 2c 06 09 2a 86 48 Sep 21 07:33:26.998382: | DER ASN1 DN: 86 f7 0d 01 09 01 16 1f 75 73 65 72 2d 65 61 73 Sep 21 07:33:26.998385: | DER ASN1 DN: 74 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 Sep 21 07:33:26.998387: | DER ASN1 DN: 77 61 6e 2e 6f 72 67 Sep 21 07:33:26.998397: "north-a-dpd" #1: Peer ID is ID_DER_ASN1_DN: 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' Sep 21 07:33:26.998411: | global one-shot timer EVENT_FREE_ROOT_CERTS scheduled in 300 seconds Sep 21 07:33:26.998415: loading root certificate cache Sep 21 07:33:27.002011: | spent 3.57 milliseconds in get_root_certs() calling PK11_ListCertsInSlot() Sep 21 07:33:27.002048: | spent 0.0233 milliseconds in get_root_certs() filtering CAs Sep 21 07:33:27.002055: | #1 spent 3.63 milliseconds in find_and_verify_certs() calling get_root_certs() Sep 21 07:33:27.002059: | checking for known CERT payloads Sep 21 07:33:27.002062: | saving certificate of type 'X509_SIGNATURE' Sep 21 07:33:27.002103: | decoded cert: E=user-east@testing.libreswan.org,CN=east.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA Sep 21 07:33:27.002109: | #1 spent 0.0492 milliseconds in find_and_verify_certs() calling decode_cert_payloads() Sep 21 07:33:27.002114: | cert_issuer_has_current_crl: looking for a CRL issued by E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA Sep 21 07:33:27.002158: | #1 spent 0.0432 milliseconds in find_and_verify_certs() calling crl_update_check() Sep 21 07:33:27.002162: | missing or expired CRL Sep 21 07:33:27.002166: | crl_strict: 0, ocsp: 0, ocsp_strict: 0, ocsp_post: 0 Sep 21 07:33:27.002169: | verify_end_cert trying profile IPsec Sep 21 07:33:27.002296: | certificate is valid (profile IPsec) Sep 21 07:33:27.002304: | #1 spent 0.137 milliseconds in find_and_verify_certs() calling verify_end_cert() Sep 21 07:33:27.002309: "north-a-dpd" #1: certificate verified OK: E=user-east@testing.libreswan.org,CN=east.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA Sep 21 07:33:27.002413: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55dbe1bfdff0 Sep 21 07:33:27.002418: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55dbe1bfe020 Sep 21 07:33:27.002420: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55dbe1bf6100 Sep 21 07:33:27.002423: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55dbe1bfaf30 Sep 21 07:33:27.002425: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55dbe1bfc040 Sep 21 07:33:27.002634: | unreference key: 0x55dbe1c00c10 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org cnt 1-- Sep 21 07:33:27.002643: | #1 spent 0.321 milliseconds in decode_certs() calling add_pubkey_from_nss_cert() Sep 21 07:33:27.002647: | #1 spent 4.22 milliseconds in decode_certs() Sep 21 07:33:27.002662: | ID_DER_ASN1_DN 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' needs further ID comparison against 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' Sep 21 07:33:27.002680: | ID_DER_ASN1_DN 'E=user-east@testing.libreswan.org,CN=east.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' matched our ID 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' Sep 21 07:33:27.002687: | SAN ID matched, updating that.cert Sep 21 07:33:27.002690: | X509: CERT and ID matches current connection Sep 21 07:33:27.002731: | required RSA CA is 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:33:27.002746: | checking RSA keyid 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' for match with 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' Sep 21 07:33:27.002755: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:33:27.002763: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:33:27.002772: | RSA key issuer CA is 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:33:27.002960: | an RSA Sig check passed with *AwEAAbANn [remote certificates] Sep 21 07:33:27.002969: | #1 spent 0.188 milliseconds in try_all_keys() trying a pubkey Sep 21 07:33:27.002972: "north-a-dpd" #1: Authenticated using RSA Sep 21 07:33:27.002980: | FOR_EACH_CONNECTION_... in ISAKMP_SA_established Sep 21 07:33:27.003111: | complete v1 state transition with STF_OK Sep 21 07:33:27.003119: | [RE]START processing: state #1 connection "north-a-dpd" from 192.1.2.23:500 (in complete_v1_state_transition() at ikev1.c:2649) Sep 21 07:33:27.003122: | #1 is idle Sep 21 07:33:27.003125: | doing_xauth:no, t_xauth_client_done:no Sep 21 07:33:27.003127: | IKEv1: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4 Sep 21 07:33:27.003131: | parent state #1: MAIN_I3(open IKE SA) => MAIN_I4(established IKE SA) Sep 21 07:33:27.003134: | event_already_set, deleting event Sep 21 07:33:27.003137: | state #1 requesting EVENT_RETRANSMIT to be deleted Sep 21 07:33:27.003139: | #1 STATE_MAIN_I4: retransmits: cleared Sep 21 07:33:27.003144: | libevent_free: release ptr-libevent@0x55dbe1bf51f0 Sep 21 07:33:27.003147: | free_event_entry: release EVENT_RETRANSMIT-pe@0x55dbe1c045d0 Sep 21 07:33:27.003151: | !event_already_set at reschedule Sep 21 07:33:27.003154: | event_schedule: new EVENT_SA_REPLACE-pe@0x55dbe1c04980 Sep 21 07:33:27.003158: | inserting event EVENT_SA_REPLACE, timeout in 2607 seconds for #1 Sep 21 07:33:27.003162: | libevent_malloc: new ptr-libevent@0x55dbe1bf51f0 size 128 Sep 21 07:33:27.003166: | pstats #1 ikev1.isakmp established Sep 21 07:33:27.003170: "north-a-dpd" #1: STATE_MAIN_I4: ISAKMP SA established {auth=RSA_SIG cipher=AES_CBC_256 integ=HMAC_SHA2_256 group=MODP2048} Sep 21 07:33:27.003178: | DPD: dpd_init() called on ISAKMP SA Sep 21 07:33:27.003180: | DPD: Peer supports Dead Peer Detection Sep 21 07:33:27.003183: | modecfg pull: noquirk policy:push not-client Sep 21 07:33:27.003186: | phase 1 is done, looking for phase 2 to unpend Sep 21 07:33:27.003188: | unpending state #1 Sep 21 07:33:27.003193: | creating state object #2 at 0x55dbe1c158e0 Sep 21 07:33:27.003196: | State DB: adding IKEv1 state #2 in UNDEFINED Sep 21 07:33:27.003200: | pstats #2 ikev1.ipsec started Sep 21 07:33:27.003204: | duplicating state object #1 "north-a-dpd" as #2 for IPSEC SA Sep 21 07:33:27.003209: | #2 setting local endpoint to 192.1.3.33:500 from #1.st_localport (in duplicate_state() at state.c:1481) Sep 21 07:33:27.003215: | suspend processing: state #1 connection "north-a-dpd" from 192.1.2.23:500 (in quick_outI1() at ikev1_quick.c:683) Sep 21 07:33:27.003219: | start processing: state #2 connection "north-a-dpd" from 192.1.2.23:500 (in quick_outI1() at ikev1_quick.c:683) Sep 21 07:33:27.003225: | child state #2: UNDEFINED(ignore) => QUICK_I1(established CHILD SA) Sep 21 07:33:27.003231: "north-a-dpd" #2: initiating Quick Mode RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO {using isakmp#1 msgid:e2f3506c proposal=defaults pfsgroup=MODP2048} Sep 21 07:33:27.003241: | adding quick_outI1 KE work-order 3 for state #2 Sep 21 07:33:27.003258: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55dbe1bf6490 Sep 21 07:33:27.003261: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #2 Sep 21 07:33:27.003264: | libevent_malloc: new ptr-libevent@0x7fdad4004f00 size 128 Sep 21 07:33:27.003281: | libevent_realloc: release ptr-libevent@0x55dbe1bd3f30 Sep 21 07:33:27.003284: | libevent_realloc: new ptr-libevent@0x55dbe1bf11f0 size 128 Sep 21 07:33:27.003293: | stop processing: state #2 connection "north-a-dpd" from 192.1.2.23:500 (in quick_outI1() at ikev1_quick.c:762) Sep 21 07:33:27.003298: | resume processing: state #1 connection "north-a-dpd" from 192.1.2.23:500 (in quick_outI1() at ikev1_quick.c:762) Sep 21 07:33:27.003300: | crypto helper 1 resuming Sep 21 07:33:27.003310: | crypto helper 1 starting work-order 3 for state #2 Sep 21 07:33:27.003302: | unqueuing pending Quick Mode with 192.1.2.23 "north-a-dpd" Sep 21 07:33:27.003322: | removing pending policy for no connection {0x55dbe1b99460} Sep 21 07:33:27.003327: | close_any(fd@24) (in release_whack() at state.c:654) Sep 21 07:33:27.003316: | crypto helper 1 doing build KE and nonce (quick_outI1 KE); request ID 3 Sep 21 07:33:27.003333: | #1 spent 4.94 milliseconds in process_packet_tail() Sep 21 07:33:27.003337: | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) Sep 21 07:33:27.003343: | stop processing: state #1 connection "north-a-dpd" from 192.1.2.23:500 (in process_md() at demux.c:382) Sep 21 07:33:27.003346: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:33:27.003350: | spent 5.38 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:33:27.003886: | crypto helper 1 finished build KE and nonce (quick_outI1 KE); request ID 3 time elapsed 0.000569 seconds Sep 21 07:33:27.003895: | (#2) spent 0.571 milliseconds in crypto helper computing work-order 3: quick_outI1 KE (pcr) Sep 21 07:33:27.003897: | crypto helper 1 sending results from work-order 3 for state #2 to event queue Sep 21 07:33:27.003899: | scheduling resume sending helper answer for #2 Sep 21 07:33:27.003902: | libevent_malloc: new ptr-libevent@0x7fdad8007fa0 size 128 Sep 21 07:33:27.003908: | crypto helper 1 waiting (nothing to do) Sep 21 07:33:27.003917: | processing resume sending helper answer for #2 Sep 21 07:33:27.003926: | start processing: state #2 connection "north-a-dpd" from 192.1.2.23:500 (in resume_handler() at server.c:797) Sep 21 07:33:27.003931: | crypto helper 1 replies to request ID 3 Sep 21 07:33:27.003947: | calling continuation function 0x55dbdfa7b630 Sep 21 07:33:27.003949: | quick_outI1_continue for #2: calculated ke+nonce, sending I1 Sep 21 07:33:27.003954: | **emit ISAKMP Message: Sep 21 07:33:27.003957: | initiator cookie: Sep 21 07:33:27.003960: | 01 a7 a6 fa 98 79 9e af Sep 21 07:33:27.003962: | responder cookie: Sep 21 07:33:27.003964: | 66 81 7f f0 7d 2f b4 22 Sep 21 07:33:27.003967: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:27.003970: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:33:27.003973: | exchange type: ISAKMP_XCHG_QUICK (0x20) Sep 21 07:33:27.003975: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Sep 21 07:33:27.003978: | Message ID: 3807596652 (0xe2f3506c) Sep 21 07:33:27.003981: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:33:27.003984: | ***emit ISAKMP Hash Payload: Sep 21 07:33:27.003987: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:27.003990: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Sep 21 07:33:27.003993: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'reply packet' Sep 21 07:33:27.003996: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Sep 21 07:33:27.004001: | emitting length of ISAKMP Hash Payload: 36 Sep 21 07:33:27.004003: | emitting quick defaults using policy none Sep 21 07:33:27.004006: | empty esp_info, returning defaults for ENCRYPT Sep 21 07:33:27.004010: | ***emit ISAKMP Security Association Payload: Sep 21 07:33:27.004012: | next payload type: ISAKMP_NEXT_NONCE (0xa) Sep 21 07:33:27.004015: | DOI: ISAKMP_DOI_IPSEC (0x1) Sep 21 07:33:27.004018: | next payload chain: ignoring supplied 'ISAKMP Security Association Payload'.'next payload type' value 10:ISAKMP_NEXT_NONCE Sep 21 07:33:27.004021: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Security Association Payload (1:ISAKMP_NEXT_SA) Sep 21 07:33:27.004023: | next payload chain: saving location 'ISAKMP Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:33:27.004026: | ****emit IPsec DOI SIT: Sep 21 07:33:27.004029: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) Sep 21 07:33:27.004031: | ikev1_out_sa pcn: 0 has 1 valid proposals Sep 21 07:33:27.004034: | ikev1_out_sa pcn: 0 pn: 0<1 valid_count: 1 trans_cnt: 2 Sep 21 07:33:27.004036: | ****emit ISAKMP Proposal Payload: Sep 21 07:33:27.004039: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:27.004041: | proposal number: 0 (0x0) Sep 21 07:33:27.004044: | protocol ID: PROTO_IPSEC_ESP (0x3) Sep 21 07:33:27.004046: | SPI size: 4 (0x4) Sep 21 07:33:27.004049: | number of transforms: 2 (0x2) Sep 21 07:33:27.004051: | last substructure: saving location 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' Sep 21 07:33:27.004069: | netlink_get_spi: allocated 0x577ef0d0 for esp.0@192.1.3.33 Sep 21 07:33:27.004073: | emitting 4 raw bytes of SPI into ISAKMP Proposal Payload Sep 21 07:33:27.004076: | SPI 57 7e f0 d0 Sep 21 07:33:27.004078: | *****emit ISAKMP Transform Payload (ESP): Sep 21 07:33:27.004081: | next payload type: ISAKMP_NEXT_T (0x3) Sep 21 07:33:27.004083: | ESP transform number: 0 (0x0) Sep 21 07:33:27.004086: | ESP transform ID: ESP_AES (0xc) Sep 21 07:33:27.004089: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' Sep 21 07:33:27.004091: | ******emit ISAKMP IPsec DOI attribute: Sep 21 07:33:27.004094: | af+type: AF+GROUP_DESCRIPTION (0x8003) Sep 21 07:33:27.004097: | length/value: 14 (0xe) Sep 21 07:33:27.004100: | [14 is OAKLEY_GROUP_MODP2048] Sep 21 07:33:27.004102: | ******emit ISAKMP IPsec DOI attribute: Sep 21 07:33:27.004105: | af+type: AF+ENCAPSULATION_MODE (0x8004) Sep 21 07:33:27.004107: | length/value: 1 (0x1) Sep 21 07:33:27.004110: | [1 is ENCAPSULATION_MODE_TUNNEL] Sep 21 07:33:27.004112: | ******emit ISAKMP IPsec DOI attribute: Sep 21 07:33:27.004114: | af+type: AF+SA_LIFE_TYPE (0x8001) Sep 21 07:33:27.004116: | length/value: 1 (0x1) Sep 21 07:33:27.004119: | [1 is SA_LIFE_TYPE_SECONDS] Sep 21 07:33:27.004121: | ******emit ISAKMP IPsec DOI attribute: Sep 21 07:33:27.004123: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) Sep 21 07:33:27.004125: | length/value: 28800 (0x7080) Sep 21 07:33:27.004128: | ******emit ISAKMP IPsec DOI attribute: Sep 21 07:33:27.004130: | af+type: AF+AUTH_ALGORITHM (0x8005) Sep 21 07:33:27.004132: | length/value: 2 (0x2) Sep 21 07:33:27.004135: | [2 is AUTH_ALGORITHM_HMAC_SHA1] Sep 21 07:33:27.004137: | ******emit ISAKMP IPsec DOI attribute: Sep 21 07:33:27.004140: | af+type: AF+KEY_LENGTH (0x8006) Sep 21 07:33:27.004142: | length/value: 128 (0x80) Sep 21 07:33:27.004145: | emitting length of ISAKMP Transform Payload (ESP): 32 Sep 21 07:33:27.004147: | *****emit ISAKMP Transform Payload (ESP): Sep 21 07:33:27.004150: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:27.004152: | ESP transform number: 1 (0x1) Sep 21 07:33:27.004155: | ESP transform ID: ESP_3DES (0x3) Sep 21 07:33:27.004158: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Sep 21 07:33:27.004162: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' Sep 21 07:33:27.004165: | ******emit ISAKMP IPsec DOI attribute: Sep 21 07:33:27.004168: | af+type: AF+GROUP_DESCRIPTION (0x8003) Sep 21 07:33:27.004170: | length/value: 14 (0xe) Sep 21 07:33:27.004172: | [14 is OAKLEY_GROUP_MODP2048] Sep 21 07:33:27.004175: | ******emit ISAKMP IPsec DOI attribute: Sep 21 07:33:27.004177: | af+type: AF+ENCAPSULATION_MODE (0x8004) Sep 21 07:33:27.004179: | length/value: 1 (0x1) Sep 21 07:33:27.004182: | [1 is ENCAPSULATION_MODE_TUNNEL] Sep 21 07:33:27.004184: | ******emit ISAKMP IPsec DOI attribute: Sep 21 07:33:27.004187: | af+type: AF+SA_LIFE_TYPE (0x8001) Sep 21 07:33:27.004189: | length/value: 1 (0x1) Sep 21 07:33:27.004192: | [1 is SA_LIFE_TYPE_SECONDS] Sep 21 07:33:27.004194: | ******emit ISAKMP IPsec DOI attribute: Sep 21 07:33:27.004197: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) Sep 21 07:33:27.004199: | length/value: 28800 (0x7080) Sep 21 07:33:27.004201: | ******emit ISAKMP IPsec DOI attribute: Sep 21 07:33:27.004204: | af+type: AF+AUTH_ALGORITHM (0x8005) Sep 21 07:33:27.004207: | length/value: 2 (0x2) Sep 21 07:33:27.004209: | [2 is AUTH_ALGORITHM_HMAC_SHA1] Sep 21 07:33:27.004211: | emitting length of ISAKMP Transform Payload (ESP): 28 Sep 21 07:33:27.004214: | emitting length of ISAKMP Proposal Payload: 72 Sep 21 07:33:27.004217: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' is 0 Sep 21 07:33:27.004220: | emitting length of ISAKMP Security Association Payload: 84 Sep 21 07:33:27.004222: | last substructure: checking 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' is 0 Sep 21 07:33:27.004225: | ***emit ISAKMP Nonce Payload: Sep 21 07:33:27.004228: | next payload type: ISAKMP_NEXT_KE (0x4) Sep 21 07:33:27.004231: | next payload chain: ignoring supplied 'ISAKMP Nonce Payload'.'next payload type' value 4:ISAKMP_NEXT_KE Sep 21 07:33:27.004234: | next payload chain: setting previous 'ISAKMP Security Association Payload'.'next payload type' to current ISAKMP Nonce Payload (10:ISAKMP_NEXT_NONCE) Sep 21 07:33:27.004237: | next payload chain: saving location 'ISAKMP Nonce Payload'.'next payload type' in 'reply packet' Sep 21 07:33:27.004240: | emitting 32 raw bytes of Ni into ISAKMP Nonce Payload Sep 21 07:33:27.004243: | Ni 0c a3 99 4b bf a3 4e 33 1a 6d 20 8d 52 9a 61 e7 Sep 21 07:33:27.004245: | Ni 21 8e c6 56 b9 73 a4 8d 35 24 64 db 7b 8f 56 a0 Sep 21 07:33:27.004248: | emitting length of ISAKMP Nonce Payload: 36 Sep 21 07:33:27.004251: | ***emit ISAKMP Key Exchange Payload: Sep 21 07:33:27.004253: | next payload type: ISAKMP_NEXT_ID (0x5) Sep 21 07:33:27.004256: | next payload chain: ignoring supplied 'ISAKMP Key Exchange Payload'.'next payload type' value 5:ISAKMP_NEXT_ID Sep 21 07:33:27.004260: | next payload chain: setting previous 'ISAKMP Nonce Payload'.'next payload type' to current ISAKMP Key Exchange Payload (4:ISAKMP_NEXT_KE) Sep 21 07:33:27.004262: | next payload chain: saving location 'ISAKMP Key Exchange Payload'.'next payload type' in 'reply packet' Sep 21 07:33:27.004265: | emitting 256 raw bytes of keyex value into ISAKMP Key Exchange Payload Sep 21 07:33:27.004268: | keyex value 34 ae 4b 10 65 89 4a 8c 57 fa d3 87 f0 cd 48 b5 Sep 21 07:33:27.004270: | keyex value b7 39 0e 0a db 62 30 4e 52 8e d6 c0 b9 b3 5c 45 Sep 21 07:33:27.004273: | keyex value bd 5a 1a 25 5c a6 6b 4b ac 6a 6f 39 0e f0 41 d1 Sep 21 07:33:27.004275: | keyex value 3e f9 4c 1b 1e fe b3 14 c4 a3 ad 23 ad b2 6e 74 Sep 21 07:33:27.004278: | keyex value c3 d9 b1 79 7c e5 52 a8 66 ad ec 4c c4 29 8d 11 Sep 21 07:33:27.004280: | keyex value 26 97 74 85 94 e8 43 74 6e f1 50 e1 78 a1 b0 1a Sep 21 07:33:27.004282: | keyex value 1e 5e 8b 1e 42 20 e2 96 6b ec 24 39 56 7b d4 10 Sep 21 07:33:27.004285: | keyex value af 2c f0 f3 db 1c 13 bd b9 a0 48 60 1c fc c0 08 Sep 21 07:33:27.004291: | keyex value e2 98 34 be c7 c5 95 15 6f b5 92 76 c7 1d a7 3c Sep 21 07:33:27.004294: | keyex value 8a c2 02 7e e5 78 84 48 02 70 2b 81 f8 ea 29 28 Sep 21 07:33:27.004296: | keyex value a7 fa be cd cd 28 ca 57 77 3b bf c6 61 24 22 9a Sep 21 07:33:27.004299: | keyex value 5d 28 c8 df 10 1b 54 0d 9e 2d b9 4b 20 f3 e0 48 Sep 21 07:33:27.004301: | keyex value 9f 0e 19 24 38 1c e5 0c 44 07 44 c2 da d5 97 29 Sep 21 07:33:27.004303: | keyex value e9 a8 5e 16 40 f3 44 ea e3 c4 8c 79 fc 07 ca b6 Sep 21 07:33:27.004306: | keyex value 1c 0a 7a 6c 34 8d 27 30 98 f2 f4 8f ac a6 35 b8 Sep 21 07:33:27.004308: | keyex value 5d 0e f1 9d 6f 5b 24 1b 3a a9 77 fc 64 1a 29 ad Sep 21 07:33:27.004311: | emitting length of ISAKMP Key Exchange Payload: 260 Sep 21 07:33:27.004314: | ***emit ISAKMP Identification Payload (IPsec DOI): Sep 21 07:33:27.004316: | next payload type: ISAKMP_NEXT_ID (0x5) Sep 21 07:33:27.004319: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Sep 21 07:33:27.004322: | Protocol ID: 0 (0x0) Sep 21 07:33:27.004324: | port: 0 (0x0) Sep 21 07:33:27.004327: | next payload chain: ignoring supplied 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' value 5:ISAKMP_NEXT_ID Sep 21 07:33:27.004330: | next payload chain: setting previous 'ISAKMP Key Exchange Payload'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) Sep 21 07:33:27.004333: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' Sep 21 07:33:27.004337: | emitting 4 raw bytes of client network into ISAKMP Identification Payload (IPsec DOI) Sep 21 07:33:27.004339: | client network c0 00 03 00 Sep 21 07:33:27.004343: | emitting 4 raw bytes of client mask into ISAKMP Identification Payload (IPsec DOI) Sep 21 07:33:27.004345: | client mask ff ff ff 00 Sep 21 07:33:27.004347: | emitting length of ISAKMP Identification Payload (IPsec DOI): 16 Sep 21 07:33:27.004350: | ***emit ISAKMP Identification Payload (IPsec DOI): Sep 21 07:33:27.004353: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:27.004355: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Sep 21 07:33:27.004357: | Protocol ID: 0 (0x0) Sep 21 07:33:27.004360: | port: 0 (0x0) Sep 21 07:33:27.004362: | next payload chain: setting previous 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) Sep 21 07:33:27.004365: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' Sep 21 07:33:27.004367: | emitting 4 raw bytes of client network into ISAKMP Identification Payload (IPsec DOI) Sep 21 07:33:27.004369: | client network c0 00 16 00 Sep 21 07:33:27.004372: | emitting 4 raw bytes of client mask into ISAKMP Identification Payload (IPsec DOI) Sep 21 07:33:27.004375: | client mask ff ff ff 00 Sep 21 07:33:27.004377: | emitting length of ISAKMP Identification Payload (IPsec DOI): 16 Sep 21 07:33:27.004402: | outI1 HASH(1): Sep 21 07:33:27.004406: | 7c 1f 52 c9 95 e5 31 5f 21 ce b9 22 a7 a0 58 51 Sep 21 07:33:27.004408: | a2 bc a3 85 c9 ec c7 5c 56 9c b9 9e 02 a2 af 75 Sep 21 07:33:27.004416: | no IKEv1 message padding required Sep 21 07:33:27.004419: | emitting length of ISAKMP Message: 476 Sep 21 07:33:27.004433: | sending 476 bytes for reply packet from quick_outI1 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #2) Sep 21 07:33:27.004436: | 01 a7 a6 fa 98 79 9e af 66 81 7f f0 7d 2f b4 22 Sep 21 07:33:27.004438: | 08 10 20 01 e2 f3 50 6c 00 00 01 dc 8c c7 9d 23 Sep 21 07:33:27.004441: | 66 c6 ba 22 5a f3 81 02 ae 1c 40 bd ec 2e 6f f3 Sep 21 07:33:27.004443: | a4 0b e9 b8 d7 ed dc 61 5f b6 2a f2 be 14 ef 77 Sep 21 07:33:27.004446: | 6d 08 f0 00 df d0 b1 32 0e 7d d2 0f 4f 2d 59 a6 Sep 21 07:33:27.004448: | 43 65 8e 93 dd 30 52 9a fb 69 91 62 43 18 fd f1 Sep 21 07:33:27.004450: | a1 ab 34 c3 75 f6 c1 5a 5e 87 d1 93 c8 fd fd 05 Sep 21 07:33:27.004454: | a6 12 53 92 d9 cd c0 ab 93 e8 8c 9f 86 9a 84 ca Sep 21 07:33:27.004457: | fb e6 ab 60 72 ad 6c b2 5a 04 81 d0 c5 84 bf 8b Sep 21 07:33:27.004459: | 2e 95 ed 03 1a 38 8f dc 6d 0f 7a eb 6a 65 dc 14 Sep 21 07:33:27.004461: | e3 3e eb ec 6f 8b a5 04 5e f4 e3 34 bd 86 4c 46 Sep 21 07:33:27.004463: | 49 07 6f 67 35 84 38 ff e8 13 e5 c2 4e 64 74 0f Sep 21 07:33:27.004466: | 4f f3 d5 48 5c 09 eb 36 4e 51 fa c3 5b aa 35 29 Sep 21 07:33:27.004468: | a9 aa 07 d3 14 bf 60 4c 93 07 95 9d e0 5a d0 f2 Sep 21 07:33:27.004470: | b5 57 0a 01 03 45 eb cf 3c ee 1e ad 09 db a9 dc Sep 21 07:33:27.004472: | 8c 55 77 c8 e9 c2 bc f2 27 8b 53 c8 77 93 7a 72 Sep 21 07:33:27.004474: | 07 a8 57 b6 0b 51 4e 2f 35 83 22 9c d7 5e 61 79 Sep 21 07:33:27.004477: | 3d 90 c6 10 d9 47 69 e0 02 21 cf 90 11 e3 1c ad Sep 21 07:33:27.004479: | bd bd f9 7b 8f a7 bd d1 8c d6 df 5d 2b 55 74 2e Sep 21 07:33:27.004481: | 3c 62 34 fd 2a 0b 6c e4 da 02 22 eb f0 8f 3b b5 Sep 21 07:33:27.004483: | 42 bf 49 ec 96 73 50 5f 42 6e 36 d5 58 d5 1d 92 Sep 21 07:33:27.004485: | b2 19 72 77 df a9 2d bf 40 f4 70 d6 00 54 ac e8 Sep 21 07:33:27.004487: | 99 45 6e 3b bd 10 97 ca 13 a5 cd 59 2f b2 62 18 Sep 21 07:33:27.004489: | 63 29 4c 1f 0a 81 3e fc f3 e5 36 c1 01 c9 57 2e Sep 21 07:33:27.004492: | 62 96 27 d5 e6 de 60 67 ab ce b4 40 dd 8a ff cd Sep 21 07:33:27.004494: | 23 9d 06 89 99 24 9e 5b e7 cd c9 8e 23 22 93 7c Sep 21 07:33:27.004496: | 8e da 5a d4 46 ac e3 3a ba df 17 7f 59 f4 3c 77 Sep 21 07:33:27.004498: | 47 76 e6 fe 14 b0 2f 38 b5 52 a4 bc cd f1 65 df Sep 21 07:33:27.004501: | 8d 2f 06 77 93 a7 46 37 86 77 9a 38 3d 8a 05 63 Sep 21 07:33:27.004503: | 8e 62 b4 5a 9f 31 51 a1 eb 41 d2 59 Sep 21 07:33:27.004552: | state #2 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:33:27.004572: | libevent_free: release ptr-libevent@0x7fdad4004f00 Sep 21 07:33:27.004575: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55dbe1bf6490 Sep 21 07:33:27.004578: | event_schedule: new EVENT_RETRANSMIT-pe@0x55dbe1bf6490 Sep 21 07:33:27.004582: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #2 Sep 21 07:33:27.004586: | libevent_malloc: new ptr-libevent@0x7fdad4004f00 size 128 Sep 21 07:33:27.004592: | #2 STATE_QUICK_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 49853.372842 Sep 21 07:33:27.004603: | resume sending helper answer for #2 suppresed complete_v1_state_transition() Sep 21 07:33:27.004609: | #2 spent 0.648 milliseconds in resume sending helper answer Sep 21 07:33:27.004614: | stop processing: state #2 connection "north-a-dpd" from 192.1.2.23:500 (in resume_handler() at server.c:833) Sep 21 07:33:27.004617: | libevent_free: release ptr-libevent@0x7fdad8007fa0 Sep 21 07:33:27.008035: | spent 0.00242 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:33:27.008054: | *received 460 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Sep 21 07:33:27.008058: | 01 a7 a6 fa 98 79 9e af 66 81 7f f0 7d 2f b4 22 Sep 21 07:33:27.008061: | 08 10 20 01 e2 f3 50 6c 00 00 01 cc ca 7e 09 64 Sep 21 07:33:27.008063: | fd 6d af 30 cf c0 89 46 8c 09 76 d7 af 47 e6 62 Sep 21 07:33:27.008065: | ad 80 1f 8c c6 38 d5 be c1 68 1b ba 6c e2 24 18 Sep 21 07:33:27.008068: | 40 6c 6d 79 9b 13 b3 b2 fa a1 34 1a bf 18 5f cd Sep 21 07:33:27.008070: | 11 35 b1 a4 07 d1 a0 32 69 d2 35 65 f8 13 be ab Sep 21 07:33:27.008072: | 4f 6e f5 81 a2 ef ed 02 6c 0e b9 66 73 07 df de Sep 21 07:33:27.008075: | 93 0a d4 a2 3c a2 e1 81 80 44 9e c9 40 37 d0 c6 Sep 21 07:33:27.008077: | 0a 03 89 c3 23 6d 28 6f fe 21 b8 67 53 1e 83 59 Sep 21 07:33:27.008080: | 40 90 df 2d 75 6e e7 50 42 48 3a 8a e5 a7 b9 bd Sep 21 07:33:27.008082: | 47 a9 4c e4 7a 10 a7 68 69 9f 19 50 7e 6b 4f 58 Sep 21 07:33:27.008084: | 8a 2a 91 27 91 51 e6 92 93 a3 0c b8 1e dc 7d e5 Sep 21 07:33:27.008087: | d7 93 c5 0f 03 09 53 52 c3 42 24 5d a6 5d d0 40 Sep 21 07:33:27.008092: | 0f 92 7f 78 2a 56 27 e8 66 91 59 31 76 aa cf 7c Sep 21 07:33:27.008094: | 8a 28 87 95 f4 9b 04 19 55 5e cd fb 93 14 4e be Sep 21 07:33:27.008096: | 70 ae ed ee 2e 8a b1 c7 64 33 81 b4 2e fa 74 65 Sep 21 07:33:27.008099: | 54 bd 5e 14 f3 1a 7c 10 22 6e 86 c1 8f 11 70 41 Sep 21 07:33:27.008101: | 40 1a 8a bb 68 af 4b a5 86 12 2c c4 27 70 79 70 Sep 21 07:33:27.008103: | 3e af d8 e6 be e2 50 38 8c 3e 4e da 55 da 26 9d Sep 21 07:33:27.008106: | d2 2c 8e 1e 67 32 5e d2 30 50 cf 58 6d a2 0f 47 Sep 21 07:33:27.008108: | 7c 63 9a 48 23 0d a5 9e d4 46 07 09 40 25 7b 48 Sep 21 07:33:27.008110: | ce f1 1e 8b 3a 27 bd b6 bf 56 03 45 d8 b7 6e c7 Sep 21 07:33:27.008113: | 1f f8 67 f6 3c 00 7c 7d 0d 0a 83 4e fc c0 5d ef Sep 21 07:33:27.008115: | cc 2f 67 e8 91 a5 c0 0d 16 82 be ef f6 b2 25 05 Sep 21 07:33:27.008118: | 94 c4 25 c7 d0 6a ef 8e 2f 6d 96 c0 f8 c9 ff f9 Sep 21 07:33:27.008120: | 2f c2 1d 06 7c 93 46 4f 9a ab 07 0b 6b d8 a2 f5 Sep 21 07:33:27.008122: | 0b f5 e4 80 76 7f 08 ce a1 49 cf 8a e9 4b b1 25 Sep 21 07:33:27.008125: | 2a af b4 cb 01 72 6f 46 aa 74 b3 f1 ed 64 94 b4 Sep 21 07:33:27.008127: | 68 69 42 21 a2 4b b8 71 cc 31 cc 13 Sep 21 07:33:27.008132: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:33:27.008135: | **parse ISAKMP Message: Sep 21 07:33:27.008138: | initiator cookie: Sep 21 07:33:27.008140: | 01 a7 a6 fa 98 79 9e af Sep 21 07:33:27.008142: | responder cookie: Sep 21 07:33:27.008144: | 66 81 7f f0 7d 2f b4 22 Sep 21 07:33:27.008147: | next payload type: ISAKMP_NEXT_HASH (0x8) Sep 21 07:33:27.008150: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:33:27.008153: | exchange type: ISAKMP_XCHG_QUICK (0x20) Sep 21 07:33:27.008155: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Sep 21 07:33:27.008158: | Message ID: 3807596652 (0xe2f3506c) Sep 21 07:33:27.008160: | length: 460 (0x1cc) Sep 21 07:33:27.008163: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32) Sep 21 07:33:27.008167: | State DB: found IKEv1 state #2 in QUICK_I1 (find_state_ikev1) Sep 21 07:33:27.008172: | start processing: state #2 connection "north-a-dpd" from 192.1.2.23:500 (in process_v1_packet() at ikev1.c:1609) Sep 21 07:33:27.008175: | #2 is idle Sep 21 07:33:27.008177: | #2 idle Sep 21 07:33:27.008181: | received encrypted packet from 192.1.2.23:500 Sep 21 07:33:27.008194: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x502 opt: 0x200030 Sep 21 07:33:27.008198: | ***parse ISAKMP Hash Payload: Sep 21 07:33:27.008200: | next payload type: ISAKMP_NEXT_SA (0x1) Sep 21 07:33:27.008203: | length: 36 (0x24) Sep 21 07:33:27.008206: | got payload 0x2 (ISAKMP_NEXT_SA) needed: 0x402 opt: 0x200030 Sep 21 07:33:27.008209: | ***parse ISAKMP Security Association Payload: Sep 21 07:33:27.008211: | next payload type: ISAKMP_NEXT_NONCE (0xa) Sep 21 07:33:27.008214: | length: 56 (0x38) Sep 21 07:33:27.008216: | DOI: ISAKMP_DOI_IPSEC (0x1) Sep 21 07:33:27.008219: | got payload 0x400 (ISAKMP_NEXT_NONCE) needed: 0x400 opt: 0x200030 Sep 21 07:33:27.008221: | ***parse ISAKMP Nonce Payload: Sep 21 07:33:27.008224: | next payload type: ISAKMP_NEXT_KE (0x4) Sep 21 07:33:27.008239: | length: 36 (0x24) Sep 21 07:33:27.008242: | got payload 0x10 (ISAKMP_NEXT_KE) needed: 0x0 opt: 0x200030 Sep 21 07:33:27.008244: | ***parse ISAKMP Key Exchange Payload: Sep 21 07:33:27.008246: | next payload type: ISAKMP_NEXT_ID (0x5) Sep 21 07:33:27.008249: | length: 260 (0x104) Sep 21 07:33:27.008251: | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030 Sep 21 07:33:27.008254: | ***parse ISAKMP Identification Payload (IPsec DOI): Sep 21 07:33:27.008256: | next payload type: ISAKMP_NEXT_ID (0x5) Sep 21 07:33:27.008258: | length: 16 (0x10) Sep 21 07:33:27.008261: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Sep 21 07:33:27.008263: | Protocol ID: 0 (0x0) Sep 21 07:33:27.008266: | port: 0 (0x0) Sep 21 07:33:27.008268: | obj: c0 00 03 00 ff ff ff 00 Sep 21 07:33:27.008272: | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030 Sep 21 07:33:27.008274: | ***parse ISAKMP Identification Payload (IPsec DOI): Sep 21 07:33:27.008277: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:27.008279: | length: 16 (0x10) Sep 21 07:33:27.008281: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Sep 21 07:33:27.008284: | Protocol ID: 0 (0x0) Sep 21 07:33:27.008286: | port: 0 (0x0) Sep 21 07:33:27.008288: | obj: c0 00 16 00 ff ff ff 00 Sep 21 07:33:27.008290: | removing 12 bytes of padding Sep 21 07:33:27.008311: | quick_inR1_outI2 HASH(2): Sep 21 07:33:27.008314: | 48 4d bf 3a 3b 9f 0d 57 e4 9a 21 71 32 9d 47 d7 Sep 21 07:33:27.008316: | 3b 18 49 24 43 bf 78 5b 8e ae d8 74 03 f3 5d 61 Sep 21 07:33:27.008319: | received 'quick_inR1_outI2' message HASH(2) data ok Sep 21 07:33:27.008322: | ****parse IPsec DOI SIT: Sep 21 07:33:27.008325: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) Sep 21 07:33:27.008327: | ****parse ISAKMP Proposal Payload: Sep 21 07:33:27.008330: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:27.008332: | length: 44 (0x2c) Sep 21 07:33:27.008334: | proposal number: 0 (0x0) Sep 21 07:33:27.008337: | protocol ID: PROTO_IPSEC_ESP (0x3) Sep 21 07:33:27.008339: | SPI size: 4 (0x4) Sep 21 07:33:27.008341: | number of transforms: 1 (0x1) Sep 21 07:33:27.008344: | parsing 4 raw bytes of ISAKMP Proposal Payload into SPI Sep 21 07:33:27.008346: | SPI 96 14 69 d3 Sep 21 07:33:27.008349: | *****parse ISAKMP Transform Payload (ESP): Sep 21 07:33:27.008351: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:27.008353: | length: 32 (0x20) Sep 21 07:33:27.008356: | ESP transform number: 0 (0x0) Sep 21 07:33:27.008358: | ESP transform ID: ESP_AES (0xc) Sep 21 07:33:27.008361: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:33:27.008364: | af+type: AF+GROUP_DESCRIPTION (0x8003) Sep 21 07:33:27.008366: | length/value: 14 (0xe) Sep 21 07:33:27.008369: | [14 is OAKLEY_GROUP_MODP2048] Sep 21 07:33:27.008372: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:33:27.008374: | af+type: AF+ENCAPSULATION_MODE (0x8004) Sep 21 07:33:27.008376: | length/value: 1 (0x1) Sep 21 07:33:27.008379: | [1 is ENCAPSULATION_MODE_TUNNEL] Sep 21 07:33:27.008381: | NAT-T non-encap: Installing IPsec SA without ENCAP, st->hidden_variables.st_nat_traversal is none Sep 21 07:33:27.008384: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:33:27.008386: | af+type: AF+SA_LIFE_TYPE (0x8001) Sep 21 07:33:27.008389: | length/value: 1 (0x1) Sep 21 07:33:27.008391: | [1 is SA_LIFE_TYPE_SECONDS] Sep 21 07:33:27.008393: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:33:27.008396: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) Sep 21 07:33:27.008398: | length/value: 28800 (0x7080) Sep 21 07:33:27.008401: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:33:27.008403: | af+type: AF+AUTH_ALGORITHM (0x8005) Sep 21 07:33:27.008405: | length/value: 2 (0x2) Sep 21 07:33:27.008408: | [2 is AUTH_ALGORITHM_HMAC_SHA1] Sep 21 07:33:27.008410: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:33:27.008413: | af+type: AF+KEY_LENGTH (0x8006) Sep 21 07:33:27.008415: | length/value: 128 (0x80) Sep 21 07:33:27.008418: | ESP IPsec Transform verified unconditionally; no alg_info to check against Sep 21 07:33:27.008434: | started looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org of kind PKK_PSK Sep 21 07:33:27.008443: | actually looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org of kind PKK_PSK Sep 21 07:33:27.008454: | line 0: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org) to type PKK_RSA Sep 21 07:33:27.008463: | line 1: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org) to type PKK_RSA Sep 21 07:33:27.008466: | concluding with best_match=000 best=(nil) (lineno=-1) Sep 21 07:33:27.008468: | no PreShared Key Found Sep 21 07:33:27.008472: | adding quick outI2 DH work-order 4 for state #2 Sep 21 07:33:27.008474: | state #2 requesting EVENT_RETRANSMIT to be deleted Sep 21 07:33:27.008477: | #2 STATE_QUICK_I1: retransmits: cleared Sep 21 07:33:27.008480: | libevent_free: release ptr-libevent@0x7fdad4004f00 Sep 21 07:33:27.008483: | free_event_entry: release EVENT_RETRANSMIT-pe@0x55dbe1bf6490 Sep 21 07:33:27.008485: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55dbe1bf6490 Sep 21 07:33:27.008489: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #2 Sep 21 07:33:27.008492: | libevent_malloc: new ptr-libevent@0x7fdad4004f00 size 128 Sep 21 07:33:27.008498: | complete v1 state transition with STF_SUSPEND Sep 21 07:33:27.008518: | [RE]START processing: state #2 connection "north-a-dpd" from 192.1.2.23:500 (in complete_v1_state_transition() at ikev1.c:2624) Sep 21 07:33:27.008521: | suspending state #2 and saving MD Sep 21 07:33:27.008523: | #2 is busy; has a suspended MD Sep 21 07:33:27.008527: | crypto helper 4 resuming Sep 21 07:33:27.008538: | crypto helper 4 starting work-order 4 for state #2 Sep 21 07:33:27.008528: | #2 spent 0.205 milliseconds in process_packet_tail() Sep 21 07:33:27.008542: | crypto helper 4 doing compute dh (V1 Phase 2 PFS) (quick outI2 DH); request ID 4 Sep 21 07:33:27.008550: | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) Sep 21 07:33:27.008555: | stop processing: state #2 connection "north-a-dpd" from 192.1.2.23:500 (in process_md() at demux.c:382) Sep 21 07:33:27.008558: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:33:27.008562: | spent 0.509 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:33:27.009093: | crypto helper 4 finished compute dh (V1 Phase 2 PFS) (quick outI2 DH); request ID 4 time elapsed 0.00055 seconds Sep 21 07:33:27.009102: | (#2) spent 0.546 milliseconds in crypto helper computing work-order 4: quick outI2 DH (pcr) Sep 21 07:33:27.009104: | crypto helper 4 sending results from work-order 4 for state #2 to event queue Sep 21 07:33:27.009106: | scheduling resume sending helper answer for #2 Sep 21 07:33:27.009109: | libevent_malloc: new ptr-libevent@0x7fdacc001ef0 size 128 Sep 21 07:33:27.009114: | crypto helper 4 waiting (nothing to do) Sep 21 07:33:27.009121: | processing resume sending helper answer for #2 Sep 21 07:33:27.009128: | start processing: state #2 connection "north-a-dpd" from 192.1.2.23:500 (in resume_handler() at server.c:797) Sep 21 07:33:27.009133: | crypto helper 4 replies to request ID 4 Sep 21 07:33:27.009135: | calling continuation function 0x55dbdfa7b630 Sep 21 07:33:27.009138: | quick_inR1_outI2_continue for #2: calculated ke+nonce, calculating DH Sep 21 07:33:27.009155: | **emit ISAKMP Message: Sep 21 07:33:27.009157: | initiator cookie: Sep 21 07:33:27.009159: | 01 a7 a6 fa 98 79 9e af Sep 21 07:33:27.009162: | responder cookie: Sep 21 07:33:27.009164: | 66 81 7f f0 7d 2f b4 22 Sep 21 07:33:27.009166: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:27.009169: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:33:27.009171: | exchange type: ISAKMP_XCHG_QUICK (0x20) Sep 21 07:33:27.009174: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Sep 21 07:33:27.009179: | Message ID: 3807596652 (0xe2f3506c) Sep 21 07:33:27.009197: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:33:27.009200: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address Sep 21 07:33:27.009205: | ID address c0 00 03 00 Sep 21 07:33:27.009208: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID mask Sep 21 07:33:27.009210: | ID mask ff ff ff 00 Sep 21 07:33:27.009214: | our client is subnet 192.0.3.0/24 Sep 21 07:33:27.009216: | our client protocol/port is 0/0 Sep 21 07:33:27.009219: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address Sep 21 07:33:27.009222: | ID address c0 00 16 00 Sep 21 07:33:27.009224: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID mask Sep 21 07:33:27.009226: | ID mask ff ff ff 00 Sep 21 07:33:27.009230: | peer client is subnet 192.0.22.0/24 Sep 21 07:33:27.009232: | peer client protocol/port is 0/0 Sep 21 07:33:27.009235: | ***emit ISAKMP Hash Payload: Sep 21 07:33:27.009237: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:27.009240: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Sep 21 07:33:27.009243: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'reply packet' Sep 21 07:33:27.009246: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Sep 21 07:33:27.009249: | emitting length of ISAKMP Hash Payload: 36 Sep 21 07:33:27.009283: | quick_inR1_outI2 HASH(3): Sep 21 07:33:27.009286: | 96 92 b2 98 4f f8 d1 8e bb 49 bc e4 7c 2c f4 7d Sep 21 07:33:27.009288: | 7c f5 aa 34 fd 3e 3e df e8 5b 74 c3 37 26 d4 48 Sep 21 07:33:27.009291: | compute_proto_keymat: needed_len (after ESP enc)=16 Sep 21 07:33:27.009294: | compute_proto_keymat: needed_len (after ESP auth)=36 Sep 21 07:33:27.009388: | install_ipsec_sa() for #2: inbound and outbound Sep 21 07:33:27.009392: | could_route called for north-a-dpd (kind=CK_PERMANENT) Sep 21 07:33:27.009394: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:33:27.009397: | conn north-a-dpd mark 0/00000000, 0/00000000 vs Sep 21 07:33:27.009400: | conn north-a-dpd mark 0/00000000, 0/00000000 Sep 21 07:33:27.009402: | conn north-a-dpd mark 0/00000000, 0/00000000 vs Sep 21 07:33:27.009405: | conn northnet-eastnet-b mark 0/00000000, 0/00000000 Sep 21 07:33:27.009411: | route owner of "north-a-dpd" unrouted: NULL; eroute owner: NULL Sep 21 07:33:27.009414: | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 Sep 21 07:33:27.009417: | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 Sep 21 07:33:27.009420: | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 Sep 21 07:33:27.009424: | setting IPsec SA replay-window to 32 Sep 21 07:33:27.009426: | NIC esp-hw-offload not for connection 'north-a-dpd' not available on interface eth1 Sep 21 07:33:27.009429: | netlink: enabling tunnel mode Sep 21 07:33:27.009432: | netlink: setting IPsec SA replay-window to 32 using old-style req Sep 21 07:33:27.009435: | netlink: esp-hw-offload not set for IPsec SA Sep 21 07:33:27.009495: | netlink response for Add SA esp.961469d3@192.1.2.23 included non-error error Sep 21 07:33:27.009499: | set up outgoing SA, ref=0/0 Sep 21 07:33:27.009514: | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 Sep 21 07:33:27.009517: | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 Sep 21 07:33:27.009520: | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 Sep 21 07:33:27.009523: | setting IPsec SA replay-window to 32 Sep 21 07:33:27.009526: | NIC esp-hw-offload not for connection 'north-a-dpd' not available on interface eth1 Sep 21 07:33:27.009528: | netlink: enabling tunnel mode Sep 21 07:33:27.009531: | netlink: setting IPsec SA replay-window to 32 using old-style req Sep 21 07:33:27.009533: | netlink: esp-hw-offload not set for IPsec SA Sep 21 07:33:27.009577: | netlink response for Add SA esp.577ef0d0@192.1.3.33 included non-error error Sep 21 07:33:27.009581: | priority calculation of connection "north-a-dpd" is 0xfe7e7 Sep 21 07:33:27.009588: | add inbound eroute 192.0.22.0/24:0 --0-> 192.0.3.0/24:0 => tun.10000@192.1.3.33 (raw_eroute) Sep 21 07:33:27.009593: | IPsec Sa SPD priority set to 1042407 Sep 21 07:33:27.009637: | raw_eroute result=success Sep 21 07:33:27.009640: | set up incoming SA, ref=0/0 Sep 21 07:33:27.009642: | sr for #2: unrouted Sep 21 07:33:27.009645: | route_and_eroute() for proto 0, and source port 0 dest port 0 Sep 21 07:33:27.009647: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:33:27.009650: | conn north-a-dpd mark 0/00000000, 0/00000000 vs Sep 21 07:33:27.009653: | conn north-a-dpd mark 0/00000000, 0/00000000 Sep 21 07:33:27.009655: | conn north-a-dpd mark 0/00000000, 0/00000000 vs Sep 21 07:33:27.009658: | conn northnet-eastnet-b mark 0/00000000, 0/00000000 Sep 21 07:33:27.009661: | route owner of "north-a-dpd" unrouted: NULL; eroute owner: NULL Sep 21 07:33:27.009664: | route_and_eroute with c: north-a-dpd (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #2 Sep 21 07:33:27.009668: | priority calculation of connection "north-a-dpd" is 0xfe7e7 Sep 21 07:33:27.009675: | eroute_connection add eroute 192.0.3.0/24:0 --0-> 192.0.22.0/24:0 => tun.0@192.1.2.23 (raw_eroute) Sep 21 07:33:27.009677: | IPsec Sa SPD priority set to 1042407 Sep 21 07:33:27.009700: | raw_eroute result=success Sep 21 07:33:27.009703: | running updown command "ipsec _updown" for verb up Sep 21 07:33:27.009706: | command executing up-client Sep 21 07:33:27.009739: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:33:27.009748: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:33:27.009768: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-a-dpd' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENC Sep 21 07:33:27.009771: | popen cmd is 1398 chars long Sep 21 07:33:27.009774: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-a-dpd' PLUTO_: Sep 21 07:33:27.009776: | cmd( 80):INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID=: Sep 21 07:33:27.009779: | cmd( 160):'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.: Sep 21 07:33:27.009781: | cmd( 240):libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24: Sep 21 07:33:27.009799: | cmd( 320):' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_: Sep 21 07:33:27.009802: | cmd( 400):PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_: Sep 21 07:33:27.009805: | cmd( 480):PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Te: Sep 21 07:33:27.009807: | cmd( 560):st Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org': Sep 21 07:33:27.009810: | cmd( 640): PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' PLUTO_PEER: Sep 21 07:33:27.009812: | cmd( 720):_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_P: Sep 21 07:33:27.009815: | cmd( 800):EER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libresw: Sep 21 07:33:27.009819: | cmd( 880):an test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTI: Sep 21 07:33:27.009822: | cmd( 960):ME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+I: Sep 21 07:33:27.009824: | cmd(1040):KE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4: Sep 21 07:33:27.009827: | cmd(1120):' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAI: Sep 21 07:33:27.009829: | cmd(1200):N_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_N: Sep 21 07:33:27.009832: | cmd(1280):M_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x961469d3: Sep 21 07:33:27.009834: | cmd(1360): SPI_OUT=0x577ef0d0 ipsec _updown 2>&1: Sep 21 07:33:27.017992: | route_and_eroute: firewall_notified: true Sep 21 07:33:27.018005: | running updown command "ipsec _updown" for verb prepare Sep 21 07:33:27.018008: | command executing prepare-client Sep 21 07:33:27.018030: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:33:27.018035: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:33:27.018049: | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-a-dpd' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY=' Sep 21 07:33:27.018051: | popen cmd is 1403 chars long Sep 21 07:33:27.018053: | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-a-dpd' P: Sep 21 07:33:27.018055: | cmd( 80):LUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_M: Sep 21 07:33:27.018057: | cmd( 160):Y_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.tes: Sep 21 07:33:27.018058: | cmd( 240):ting.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3: Sep 21 07:33:27.018060: | cmd( 320):.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUT: Sep 21 07:33:27.018061: | cmd( 400):O_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' P: Sep 21 07:33:27.018078: | cmd( 480):LUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, : Sep 21 07:33:27.018079: | cmd( 560):OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan: Sep 21 07:33:27.018081: | cmd( 640):.org' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' PLUTO: Sep 21 07:33:27.018083: | cmd( 720):_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PL: Sep 21 07:33:27.018084: | cmd( 800):UTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Li: Sep 21 07:33:27.018086: | cmd( 880):breswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_: Sep 21 07:33:27.018087: | cmd( 960):ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TR: Sep 21 07:33:27.018089: | cmd(1040):ACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY=: Sep 21 07:33:27.018094: | cmd(1120):'ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_: Sep 21 07:33:27.018095: | cmd(1200):DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PL: Sep 21 07:33:27.018097: | cmd(1280):UTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x961: Sep 21 07:33:27.018099: | cmd(1360):469d3 SPI_OUT=0x577ef0d0 ipsec _updown 2>&1: Sep 21 07:33:27.028045: | running updown command "ipsec _updown" for verb route Sep 21 07:33:27.028058: | command executing route-client Sep 21 07:33:27.028096: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:33:27.028105: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:33:27.028126: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-a-dpd' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSAS Sep 21 07:33:27.028129: | popen cmd is 1401 chars long Sep 21 07:33:27.028132: | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-a-dpd' PLU: Sep 21 07:33:27.028135: | cmd( 80):TO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_: Sep 21 07:33:27.028137: | cmd( 160):ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testi: Sep 21 07:33:27.028140: | cmd( 240):ng.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0: Sep 21 07:33:27.028142: | cmd( 320):/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_: Sep 21 07:33:27.028145: | cmd( 400):MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLU: Sep 21 07:33:27.028147: | cmd( 480):TO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU: Sep 21 07:33:27.028150: | cmd( 560):=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.o: Sep 21 07:33:27.028152: | cmd( 640):rg' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' PLUTO_P: Sep 21 07:33:27.028155: | cmd( 720):EER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUT: Sep 21 07:33:27.028157: | cmd( 800):O_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libr: Sep 21 07:33:27.028160: | cmd( 880):eswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_AD: Sep 21 07:33:27.028162: | cmd( 960):DTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRAC: Sep 21 07:33:27.028164: | cmd(1040):K+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='i: Sep 21 07:33:27.028166: | cmd(1120):pv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DO: Sep 21 07:33:27.028169: | cmd(1200):MAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUT: Sep 21 07:33:27.028171: | cmd(1280):O_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x96146: Sep 21 07:33:27.028174: | cmd(1360):9d3 SPI_OUT=0x577ef0d0 ipsec _updown 2>&1: Sep 21 07:33:27.039750: | route_and_eroute: instance "north-a-dpd", setting eroute_owner {spd=0x55dbe1bf13e0,sr=0x55dbe1bf13e0} to #2 (was #0) (newest_ipsec_sa=#0) Sep 21 07:33:27.039849: | #1 spent 1.06 milliseconds in install_ipsec_sa() Sep 21 07:33:27.039855: | emitting 12 zero bytes of encryption padding into ISAKMP Message Sep 21 07:33:27.039858: | no IKEv1 message padding required Sep 21 07:33:27.039862: | emitting length of ISAKMP Message: 76 Sep 21 07:33:27.039902: | inR1_outI2: instance north-a-dpd[0], setting IKEv1 newest_ipsec_sa to #2 (was #0) (spd.eroute=#2) cloned from #1 Sep 21 07:33:27.039907: | DPD: dpd_init() called on IPsec SA Sep 21 07:33:27.039911: | State DB: found IKEv1 state #1 in MAIN_I4 (find_state_ikev1) Sep 21 07:33:27.039914: | event_schedule: new EVENT_DPD-pe@0x7fdad80041c0 Sep 21 07:33:27.039919: | inserting event EVENT_DPD, timeout in 3 seconds for #2 Sep 21 07:33:27.039923: | libevent_malloc: new ptr-libevent@0x55dbe1c163a0 size 128 Sep 21 07:33:27.039928: | complete v1 state transition with STF_OK Sep 21 07:33:27.039936: | [RE]START processing: state #2 connection "north-a-dpd" from 192.1.2.23:500 (in complete_v1_state_transition() at ikev1.c:2649) Sep 21 07:33:27.039939: | #2 is idle Sep 21 07:33:27.039943: | doing_xauth:no, t_xauth_client_done:no Sep 21 07:33:27.039945: | IKEv1: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2 Sep 21 07:33:27.039947: | child state #2: QUICK_I1(established CHILD SA) => QUICK_I2(established CHILD SA) Sep 21 07:33:27.039949: | event_already_set, deleting event Sep 21 07:33:27.039951: | state #2 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:33:27.039954: | libevent_free: release ptr-libevent@0x7fdad4004f00 Sep 21 07:33:27.039956: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55dbe1bf6490 Sep 21 07:33:27.039959: | sending reply packet to 192.1.2.23:500 (from 192.1.3.33:500) Sep 21 07:33:27.039964: | sending 76 bytes for STATE_QUICK_I1 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #2) Sep 21 07:33:27.039966: | 01 a7 a6 fa 98 79 9e af 66 81 7f f0 7d 2f b4 22 Sep 21 07:33:27.039968: | 08 10 20 01 e2 f3 50 6c 00 00 00 4c b0 98 56 76 Sep 21 07:33:27.039969: | 0a c7 7e c1 e0 4a 33 96 d4 45 da a6 4c 66 38 09 Sep 21 07:33:27.039970: | b1 11 c9 53 8b 52 e3 1d f5 6d 72 ad a0 80 ee 1d Sep 21 07:33:27.039972: | 3b 79 50 ac 72 7c c9 66 8a 19 4b 56 Sep 21 07:33:27.040012: | !event_already_set at reschedule Sep 21 07:33:27.040030: | event_schedule: new EVENT_SA_REPLACE-pe@0x55dbe1bf6490 Sep 21 07:33:27.040033: | inserting event EVENT_SA_REPLACE, timeout in 28048 seconds for #2 Sep 21 07:33:27.040035: | libevent_malloc: new ptr-libevent@0x7fdad4004f00 size 128 Sep 21 07:33:27.040037: | pstats #2 ikev1.ipsec established Sep 21 07:33:27.040040: | NAT-T: encaps is 'auto' Sep 21 07:33:27.040043: "north-a-dpd" #2: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode {ESP=>0x961469d3 <0x577ef0d0 xfrm=AES_CBC_128-HMAC_SHA1_96 NATOA=none NATD=none DPD=active} Sep 21 07:33:27.040051: | modecfg pull: noquirk policy:push not-client Sep 21 07:33:27.040053: | phase 1 is done, looking for phase 2 to unpend Sep 21 07:33:27.040058: | close_any(fd@25) (in release_whack() at state.c:654) Sep 21 07:33:27.040061: | resume sending helper answer for #2 suppresed complete_v1_state_transition() Sep 21 07:33:27.040065: | #2 spent 1.51 milliseconds in resume sending helper answer Sep 21 07:33:27.040070: | stop processing: state #2 connection "north-a-dpd" from 192.1.2.23:500 (in resume_handler() at server.c:833) Sep 21 07:33:27.040073: | libevent_free: release ptr-libevent@0x7fdacc001ef0 Sep 21 07:33:27.040082: | processing signal PLUTO_SIGCHLD Sep 21 07:33:27.040086: | waitpid returned ECHILD (no child processes left) Sep 21 07:33:27.040089: | spent 0.00394 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:33:27.040091: | processing signal PLUTO_SIGCHLD Sep 21 07:33:27.040093: | waitpid returned ECHILD (no child processes left) Sep 21 07:33:27.040096: | spent 0.00236 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:33:27.040100: | processing signal PLUTO_SIGCHLD Sep 21 07:33:27.040103: | waitpid returned ECHILD (no child processes left) Sep 21 07:33:27.040105: | spent 0.00244 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:33:29.312077: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:33:29.312099: | FOR_EACH_STATE_... in show_traffic_status (sort_states) Sep 21 07:33:29.312103: | FOR_EACH_STATE_... in sort_states Sep 21 07:33:29.312110: | get_sa_info esp.577ef0d0@192.1.3.33 Sep 21 07:33:29.312130: | get_sa_info esp.961469d3@192.1.2.23 Sep 21 07:33:29.312151: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:33:29.312166: | spent 0.0898 milliseconds in whack Sep 21 07:33:29.416054: | kernel_process_msg_cb process netlink message Sep 21 07:33:29.416073: | netlink_get: XFRM_MSG_EXPIRE message Sep 21 07:33:29.416082: | spent 0.00999 milliseconds in kernel message Sep 21 07:33:30.009700: | timer_event_cb: processing event@0x7fdad80041c0 Sep 21 07:33:30.009715: | handling event EVENT_DPD for child state #2 Sep 21 07:33:30.009723: | start processing: state #2 connection "north-a-dpd" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:33:30.009729: | [RE]START processing: state #2 connection "north-a-dpd" from 192.1.2.23:500 (in dpd_event() at ikev1_dpd.c:357) Sep 21 07:33:30.009732: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:33:30.009736: | DPD: processing for state #2 ("north-a-dpd") Sep 21 07:33:30.009742: | get_sa_info esp.577ef0d0@192.1.3.33 Sep 21 07:33:30.009758: | event_schedule: new EVENT_DPD-pe@0x55dbe1bf50f0 Sep 21 07:33:30.009762: | inserting event EVENT_DPD, timeout in 3 seconds for #2 Sep 21 07:33:30.009765: | libevent_malloc: new ptr-libevent@0x7fdacc001ef0 size 128 Sep 21 07:33:30.009776: | DPD: scheduling timeout to 10 Sep 21 07:33:30.009779: | event_schedule: new EVENT_DPD_TIMEOUT-pe@0x55dbe1bf5630 Sep 21 07:33:30.009782: | inserting event EVENT_DPD_TIMEOUT, timeout in 10 seconds for #1 Sep 21 07:33:30.009790: | libevent_malloc: new ptr-libevent@0x55dbe1c02540 size 128 Sep 21 07:33:30.009795: | DPD: sending R_U_THERE 8976 to 192.1.2.23:500 (state #1) Sep 21 07:33:30.009824: | **emit ISAKMP Message: Sep 21 07:33:30.009827: | initiator cookie: Sep 21 07:33:30.009830: | 01 a7 a6 fa 98 79 9e af Sep 21 07:33:30.009832: | responder cookie: Sep 21 07:33:30.009834: | 66 81 7f f0 7d 2f b4 22 Sep 21 07:33:30.009837: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:30.009840: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:33:30.009842: | exchange type: ISAKMP_XCHG_INFO (0x5) Sep 21 07:33:30.009845: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Sep 21 07:33:30.009860: | Message ID: 1963949216 (0x750f7ca0) Sep 21 07:33:30.009863: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:33:30.009866: | ***emit ISAKMP Hash Payload: Sep 21 07:33:30.009869: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:30.009872: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Sep 21 07:33:30.009875: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'ISAKMP notify' Sep 21 07:33:30.009878: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Sep 21 07:33:30.009880: | emitting length of ISAKMP Hash Payload: 36 Sep 21 07:33:30.009882: | ***emit ISAKMP Notification Payload: Sep 21 07:33:30.009885: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:30.009887: | DOI: ISAKMP_DOI_IPSEC (0x1) Sep 21 07:33:30.009890: | protocol ID: 1 (0x1) Sep 21 07:33:30.009892: | SPI size: 16 (0x10) Sep 21 07:33:30.009895: | Notify Message Type: R_U_THERE (0x8d28) Sep 21 07:33:30.009898: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Notification Payload (11:ISAKMP_NEXT_N) Sep 21 07:33:30.009901: | next payload chain: saving location 'ISAKMP Notification Payload'.'next payload type' in 'ISAKMP notify' Sep 21 07:33:30.009908: | emitting 8 raw bytes of notify icookie into ISAKMP Notification Payload Sep 21 07:33:30.009910: | notify icookie 01 a7 a6 fa 98 79 9e af Sep 21 07:33:30.009913: | emitting 8 raw bytes of notify rcookie into ISAKMP Notification Payload Sep 21 07:33:30.009915: | notify rcookie 66 81 7f f0 7d 2f b4 22 Sep 21 07:33:30.009918: | emitting 4 raw bytes of notify data into ISAKMP Notification Payload Sep 21 07:33:30.009920: | notify data 00 00 23 10 Sep 21 07:33:30.009922: | emitting length of ISAKMP Notification Payload: 32 Sep 21 07:33:30.009951: | notification HASH(1): Sep 21 07:33:30.009954: | 32 38 a1 5e ef 51 68 c3 5b b5 b9 0a 78 42 b1 bd Sep 21 07:33:30.009956: | 22 e2 7f 7c f5 73 08 d8 6f 7e ea fa e4 93 1e 38 Sep 21 07:33:30.009968: | emitting 12 zero bytes of encryption padding into ISAKMP Message Sep 21 07:33:30.009970: | no IKEv1 message padding required Sep 21 07:33:30.009973: | emitting length of ISAKMP Message: 108 Sep 21 07:33:30.009986: | sending 108 bytes for ISAKMP notify through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Sep 21 07:33:30.009989: | 01 a7 a6 fa 98 79 9e af 66 81 7f f0 7d 2f b4 22 Sep 21 07:33:30.009991: | 08 10 05 01 75 0f 7c a0 00 00 00 6c 4b c3 77 ae Sep 21 07:33:30.009993: | 21 47 22 a0 60 27 69 03 d0 fc 8b 99 11 47 38 9f Sep 21 07:33:30.009995: | a3 2a 20 75 dc e7 3e c6 9f 69 fd 99 79 10 d8 62 Sep 21 07:33:30.009997: | c4 12 21 86 fb 4c 87 f5 2f 16 d0 b6 29 54 e6 b0 Sep 21 07:33:30.010000: | ac 69 0a 94 5b 65 2e f5 ac af d1 48 0d 17 22 b1 Sep 21 07:33:30.010002: | f0 71 a4 18 3b 44 8b ba fe 20 ab ef Sep 21 07:33:30.010015: ERROR: "north-a-dpd" #2: sendto on eth1 to 192.1.2.23:500 failed in ISAKMP notify. Errno 113: No route to host Sep 21 07:33:30.010019: | libevent_free: release ptr-libevent@0x55dbe1c163a0 Sep 21 07:33:30.010022: | free_event_entry: release EVENT_DPD-pe@0x7fdad80041c0 Sep 21 07:33:30.010029: | #2 spent 0.327 milliseconds in timer_event_cb() EVENT_DPD Sep 21 07:33:30.010034: | stop processing: state #2 connection "north-a-dpd" from 192.1.2.23:500 (in timer_event_cb() at timer.c:557) Sep 21 07:33:33.012822: | timer_event_cb: processing event@0x55dbe1bf50f0 Sep 21 07:33:33.012838: | handling event EVENT_DPD for child state #2 Sep 21 07:33:33.012846: | start processing: state #2 connection "north-a-dpd" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:33:33.012865: | [RE]START processing: state #2 connection "north-a-dpd" from 192.1.2.23:500 (in dpd_event() at ikev1_dpd.c:357) Sep 21 07:33:33.012868: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:33:33.012872: | DPD: processing for state #2 ("north-a-dpd") Sep 21 07:33:33.012878: | get_sa_info esp.577ef0d0@192.1.3.33 Sep 21 07:33:33.012894: | event_schedule: new EVENT_DPD-pe@0x7fdad80041c0 Sep 21 07:33:33.012898: | inserting event EVENT_DPD, timeout in 3 seconds for #2 Sep 21 07:33:33.012901: | libevent_malloc: new ptr-libevent@0x55dbe1c163a0 size 128 Sep 21 07:33:33.012906: | DPD: sending R_U_THERE 8977 to 192.1.2.23:500 (state #1) Sep 21 07:33:33.012917: | **emit ISAKMP Message: Sep 21 07:33:33.012919: | initiator cookie: Sep 21 07:33:33.012922: | 01 a7 a6 fa 98 79 9e af Sep 21 07:33:33.012924: | responder cookie: Sep 21 07:33:33.012926: | 66 81 7f f0 7d 2f b4 22 Sep 21 07:33:33.012929: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:33.012932: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:33:33.012934: | exchange type: ISAKMP_XCHG_INFO (0x5) Sep 21 07:33:33.012937: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Sep 21 07:33:33.012940: | Message ID: 2459521626 (0x9299525a) Sep 21 07:33:33.012942: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:33:33.012946: | ***emit ISAKMP Hash Payload: Sep 21 07:33:33.012948: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:33.012951: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Sep 21 07:33:33.012957: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'ISAKMP notify' Sep 21 07:33:33.012960: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Sep 21 07:33:33.012963: | emitting length of ISAKMP Hash Payload: 36 Sep 21 07:33:33.012965: | ***emit ISAKMP Notification Payload: Sep 21 07:33:33.012968: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:33.012970: | DOI: ISAKMP_DOI_IPSEC (0x1) Sep 21 07:33:33.012973: | protocol ID: 1 (0x1) Sep 21 07:33:33.012975: | SPI size: 16 (0x10) Sep 21 07:33:33.012978: | Notify Message Type: R_U_THERE (0x8d28) Sep 21 07:33:33.012981: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Notification Payload (11:ISAKMP_NEXT_N) Sep 21 07:33:33.012983: | next payload chain: saving location 'ISAKMP Notification Payload'.'next payload type' in 'ISAKMP notify' Sep 21 07:33:33.012987: | emitting 8 raw bytes of notify icookie into ISAKMP Notification Payload Sep 21 07:33:33.012989: | notify icookie 01 a7 a6 fa 98 79 9e af Sep 21 07:33:33.012991: | emitting 8 raw bytes of notify rcookie into ISAKMP Notification Payload Sep 21 07:33:33.012994: | notify rcookie 66 81 7f f0 7d 2f b4 22 Sep 21 07:33:33.012996: | emitting 4 raw bytes of notify data into ISAKMP Notification Payload Sep 21 07:33:33.012998: | notify data 00 00 23 11 Sep 21 07:33:33.013001: | emitting length of ISAKMP Notification Payload: 32 Sep 21 07:33:33.013027: | notification HASH(1): Sep 21 07:33:33.013030: | f7 51 8a 3e 33 d9 32 04 01 73 ce 5e 21 04 d2 92 Sep 21 07:33:33.013032: | e8 a2 2f f9 19 e5 30 ca 27 40 a8 4a df 66 2b 9d Sep 21 07:33:33.013041: | emitting 12 zero bytes of encryption padding into ISAKMP Message Sep 21 07:33:33.013043: | no IKEv1 message padding required Sep 21 07:33:33.013045: | emitting length of ISAKMP Message: 108 Sep 21 07:33:33.013057: | sending 108 bytes for ISAKMP notify through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Sep 21 07:33:33.013060: | 01 a7 a6 fa 98 79 9e af 66 81 7f f0 7d 2f b4 22 Sep 21 07:33:33.013062: | 08 10 05 01 92 99 52 5a 00 00 00 6c d1 77 15 5b Sep 21 07:33:33.013064: | b9 6e 20 87 ec 2c 1a f7 b5 ed 27 69 9e 5c a2 82 Sep 21 07:33:33.013067: | ab 3b 32 09 e1 3d 61 bd 99 6f 97 60 b1 59 20 5f Sep 21 07:33:33.013069: | 6d 14 a1 67 df 59 47 8f 8f 85 b1 d9 09 eb 84 86 Sep 21 07:33:33.013071: | d0 48 b2 5f 0d 7c b5 53 5a 82 1c 08 09 94 1e c3 Sep 21 07:33:33.013073: | 31 87 43 8b 7d 16 1b 3e 01 70 d0 82 Sep 21 07:33:33.013086: ERROR: "north-a-dpd" #2: sendto on eth1 to 192.1.2.23:500 failed in ISAKMP notify. Errno 113: No route to host Sep 21 07:33:33.013090: | libevent_free: release ptr-libevent@0x7fdacc001ef0 Sep 21 07:33:33.013093: | free_event_entry: release EVENT_DPD-pe@0x55dbe1bf50f0 Sep 21 07:33:33.013100: | #2 spent 0.3 milliseconds in timer_event_cb() EVENT_DPD Sep 21 07:33:33.013105: | stop processing: state #2 connection "north-a-dpd" from 192.1.2.23:500 (in timer_event_cb() at timer.c:557) Sep 21 07:33:36.016155: | timer_event_cb: processing event@0x7fdad80041c0 Sep 21 07:33:36.016167: | handling event EVENT_DPD for child state #2 Sep 21 07:33:36.016173: | start processing: state #2 connection "north-a-dpd" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:33:36.016177: | [RE]START processing: state #2 connection "north-a-dpd" from 192.1.2.23:500 (in dpd_event() at ikev1_dpd.c:357) Sep 21 07:33:36.016179: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:33:36.016182: | DPD: processing for state #2 ("north-a-dpd") Sep 21 07:33:36.016187: | get_sa_info esp.577ef0d0@192.1.3.33 Sep 21 07:33:36.016202: | event_schedule: new EVENT_DPD-pe@0x55dbe1bf50f0 Sep 21 07:33:36.016204: | inserting event EVENT_DPD, timeout in 3 seconds for #2 Sep 21 07:33:36.016207: | libevent_malloc: new ptr-libevent@0x7fdacc001ef0 size 128 Sep 21 07:33:36.016210: | DPD: sending R_U_THERE 8978 to 192.1.2.23:500 (state #1) Sep 21 07:33:36.016220: | **emit ISAKMP Message: Sep 21 07:33:36.016225: | initiator cookie: Sep 21 07:33:36.016226: | 01 a7 a6 fa 98 79 9e af Sep 21 07:33:36.016228: | responder cookie: Sep 21 07:33:36.016229: | 66 81 7f f0 7d 2f b4 22 Sep 21 07:33:36.016231: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:36.016233: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:33:36.016235: | exchange type: ISAKMP_XCHG_INFO (0x5) Sep 21 07:33:36.016237: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Sep 21 07:33:36.016239: | Message ID: 3706934441 (0xdcf354a9) Sep 21 07:33:36.016241: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:33:36.016243: | ***emit ISAKMP Hash Payload: Sep 21 07:33:36.016245: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:36.016247: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Sep 21 07:33:36.016249: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'ISAKMP notify' Sep 21 07:33:36.016251: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Sep 21 07:33:36.016253: | emitting length of ISAKMP Hash Payload: 36 Sep 21 07:33:36.016254: | ***emit ISAKMP Notification Payload: Sep 21 07:33:36.016256: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:36.016258: | DOI: ISAKMP_DOI_IPSEC (0x1) Sep 21 07:33:36.016260: | protocol ID: 1 (0x1) Sep 21 07:33:36.016261: | SPI size: 16 (0x10) Sep 21 07:33:36.016263: | Notify Message Type: R_U_THERE (0x8d28) Sep 21 07:33:36.016265: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Notification Payload (11:ISAKMP_NEXT_N) Sep 21 07:33:36.016267: | next payload chain: saving location 'ISAKMP Notification Payload'.'next payload type' in 'ISAKMP notify' Sep 21 07:33:36.016269: | emitting 8 raw bytes of notify icookie into ISAKMP Notification Payload Sep 21 07:33:36.016271: | notify icookie 01 a7 a6 fa 98 79 9e af Sep 21 07:33:36.016273: | emitting 8 raw bytes of notify rcookie into ISAKMP Notification Payload Sep 21 07:33:36.016274: | notify rcookie 66 81 7f f0 7d 2f b4 22 Sep 21 07:33:36.016276: | emitting 4 raw bytes of notify data into ISAKMP Notification Payload Sep 21 07:33:36.016277: | notify data 00 00 23 12 Sep 21 07:33:36.016279: | emitting length of ISAKMP Notification Payload: 32 Sep 21 07:33:36.016301: | notification HASH(1): Sep 21 07:33:36.016303: | 9e 7b 80 61 dd d5 ae 2c ca a6 cb 41 ef 1c a2 e2 Sep 21 07:33:36.016305: | a7 32 7e 88 b9 2b 1a f1 e7 ab b3 e6 ce bb 1f ca Sep 21 07:33:36.016311: | emitting 12 zero bytes of encryption padding into ISAKMP Message Sep 21 07:33:36.016313: | no IKEv1 message padding required Sep 21 07:33:36.016314: | emitting length of ISAKMP Message: 108 Sep 21 07:33:36.016324: | sending 108 bytes for ISAKMP notify through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Sep 21 07:33:36.016326: | 01 a7 a6 fa 98 79 9e af 66 81 7f f0 7d 2f b4 22 Sep 21 07:33:36.016327: | 08 10 05 01 dc f3 54 a9 00 00 00 6c be 7f 9c e7 Sep 21 07:33:36.016329: | 6b b2 cb 53 9e 2b 40 b3 45 fa 95 a8 23 de ad e6 Sep 21 07:33:36.016330: | a6 54 aa 3d 1a 90 a3 73 ed 3f 58 aa 97 a1 f6 da Sep 21 07:33:36.016332: | 6b d9 8a be 8b 94 75 7d 29 f4 9d 73 c1 4b d7 8f Sep 21 07:33:36.016333: | f2 84 04 6c 16 90 22 0b 56 60 3a e3 e5 b0 f6 10 Sep 21 07:33:36.016335: | d8 cd 26 4a 6f 8c 4b 89 ce 18 aa 01 Sep 21 07:33:36.016346: ERROR: "north-a-dpd" #2: sendto on eth1 to 192.1.2.23:500 failed in ISAKMP notify. Errno 113: No route to host Sep 21 07:33:36.016349: | libevent_free: release ptr-libevent@0x55dbe1c163a0 Sep 21 07:33:36.016351: | free_event_entry: release EVENT_DPD-pe@0x7fdad80041c0 Sep 21 07:33:36.016357: | #2 spent 0.202 milliseconds in timer_event_cb() EVENT_DPD Sep 21 07:33:36.016360: | stop processing: state #2 connection "north-a-dpd" from 192.1.2.23:500 (in timer_event_cb() at timer.c:557) Sep 21 07:33:39.018803: | timer_event_cb: processing event@0x55dbe1bf50f0 Sep 21 07:33:39.018818: | handling event EVENT_DPD for child state #2 Sep 21 07:33:39.018825: | start processing: state #2 connection "north-a-dpd" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:33:39.018829: | [RE]START processing: state #2 connection "north-a-dpd" from 192.1.2.23:500 (in dpd_event() at ikev1_dpd.c:357) Sep 21 07:33:39.018831: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:33:39.018835: | DPD: processing for state #2 ("north-a-dpd") Sep 21 07:33:39.018840: | get_sa_info esp.577ef0d0@192.1.3.33 Sep 21 07:33:39.018853: | event_schedule: new EVENT_DPD-pe@0x7fdad80041c0 Sep 21 07:33:39.018856: | inserting event EVENT_DPD, timeout in 3 seconds for #2 Sep 21 07:33:39.018858: | libevent_malloc: new ptr-libevent@0x55dbe1c163a0 size 128 Sep 21 07:33:39.018862: | DPD: sending R_U_THERE 8979 to 192.1.2.23:500 (state #1) Sep 21 07:33:39.018871: | **emit ISAKMP Message: Sep 21 07:33:39.018873: | initiator cookie: Sep 21 07:33:39.018874: | 01 a7 a6 fa 98 79 9e af Sep 21 07:33:39.018876: | responder cookie: Sep 21 07:33:39.018877: | 66 81 7f f0 7d 2f b4 22 Sep 21 07:33:39.018880: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:39.018881: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:33:39.018883: | exchange type: ISAKMP_XCHG_INFO (0x5) Sep 21 07:33:39.018885: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Sep 21 07:33:39.018887: | Message ID: 1675608710 (0x63dfc286) Sep 21 07:33:39.018889: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:33:39.018891: | ***emit ISAKMP Hash Payload: Sep 21 07:33:39.018893: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:39.018895: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Sep 21 07:33:39.018897: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'ISAKMP notify' Sep 21 07:33:39.018899: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Sep 21 07:33:39.018901: | emitting length of ISAKMP Hash Payload: 36 Sep 21 07:33:39.018903: | ***emit ISAKMP Notification Payload: Sep 21 07:33:39.018904: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:39.018906: | DOI: ISAKMP_DOI_IPSEC (0x1) Sep 21 07:33:39.018908: | protocol ID: 1 (0x1) Sep 21 07:33:39.018909: | SPI size: 16 (0x10) Sep 21 07:33:39.018911: | Notify Message Type: R_U_THERE (0x8d28) Sep 21 07:33:39.018913: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Notification Payload (11:ISAKMP_NEXT_N) Sep 21 07:33:39.018915: | next payload chain: saving location 'ISAKMP Notification Payload'.'next payload type' in 'ISAKMP notify' Sep 21 07:33:39.018917: | emitting 8 raw bytes of notify icookie into ISAKMP Notification Payload Sep 21 07:33:39.018919: | notify icookie 01 a7 a6 fa 98 79 9e af Sep 21 07:33:39.018921: | emitting 8 raw bytes of notify rcookie into ISAKMP Notification Payload Sep 21 07:33:39.018922: | notify rcookie 66 81 7f f0 7d 2f b4 22 Sep 21 07:33:39.018924: | emitting 4 raw bytes of notify data into ISAKMP Notification Payload Sep 21 07:33:39.018925: | notify data 00 00 23 13 Sep 21 07:33:39.018927: | emitting length of ISAKMP Notification Payload: 32 Sep 21 07:33:39.018949: | notification HASH(1): Sep 21 07:33:39.018951: | 42 4c e1 7d 79 fd 9e bd ce f0 ed 35 89 d7 ac 9e Sep 21 07:33:39.018953: | fe 5b 92 86 e1 ff a6 6d 63 17 a9 f0 6e ca 8a ba Sep 21 07:33:39.018959: | emitting 12 zero bytes of encryption padding into ISAKMP Message Sep 21 07:33:39.018961: | no IKEv1 message padding required Sep 21 07:33:39.018962: | emitting length of ISAKMP Message: 108 Sep 21 07:33:39.018973: | sending 108 bytes for ISAKMP notify through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Sep 21 07:33:39.018975: | 01 a7 a6 fa 98 79 9e af 66 81 7f f0 7d 2f b4 22 Sep 21 07:33:39.018976: | 08 10 05 01 63 df c2 86 00 00 00 6c dc a4 fb 52 Sep 21 07:33:39.018978: | 16 e1 89 c1 bd 9b 14 fc dd ae b1 5b 8d 6c 00 15 Sep 21 07:33:39.018981: | 23 82 e0 53 73 63 27 e0 39 33 87 93 c6 35 79 83 Sep 21 07:33:39.018983: | bc ab 8c d5 d7 7c 1e 12 65 e1 bb 1d 4e ec 4e 8e Sep 21 07:33:39.018984: | fa 1f ec bc 7c f9 ab 5d ff a7 eb d6 91 3c 22 6e Sep 21 07:33:39.018986: | 57 c7 55 4e 08 4a 1e dc 79 52 d4 0b Sep 21 07:33:39.018996: ERROR: "north-a-dpd" #2: sendto on eth1 to 192.1.2.23:500 failed in ISAKMP notify. Errno 113: No route to host Sep 21 07:33:39.018999: | libevent_free: release ptr-libevent@0x7fdacc001ef0 Sep 21 07:33:39.019001: | free_event_entry: release EVENT_DPD-pe@0x55dbe1bf50f0 Sep 21 07:33:39.019007: | #2 spent 0.206 milliseconds in timer_event_cb() EVENT_DPD Sep 21 07:33:39.019011: | stop processing: state #2 connection "north-a-dpd" from 192.1.2.23:500 (in timer_event_cb() at timer.c:557) Sep 21 07:33:40.010725: | timer_event_cb: processing event@0x55dbe1bf5630 Sep 21 07:33:40.010744: | handling event EVENT_DPD_TIMEOUT for parent state #1 Sep 21 07:33:40.010751: | start processing: state #1 connection "north-a-dpd" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:33:40.010755: | [RE]START processing: state #1 connection "north-a-dpd" from 192.1.2.23:500 (in dpd_timeout() at ikev1_dpd.c:566) Sep 21 07:33:40.010758: "north-a-dpd" #1: IKEv1 DPD action - restarting all connections that share this peer Sep 21 07:33:40.010760: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:33:40.010763: | start processing: connection "northnet-eastnet-b" (BACKGROUND) (in terminate_a_connection() at terminate.c:69) Sep 21 07:33:40.010765: "north-a-dpd" #1: terminating SAs using this connection Sep 21 07:33:40.010766: | connection 'northnet-eastnet-b' -POLICY_UP Sep 21 07:33:40.010768: | connection not shared - terminating IKE and IPsec SA Sep 21 07:33:40.010770: | Deleting states for connection - not including other IPsec SA's Sep 21 07:33:40.010772: | pass 0 Sep 21 07:33:40.010773: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:33:40.010775: | state #2 Sep 21 07:33:40.010777: | state #1 Sep 21 07:33:40.010778: | pass 1 Sep 21 07:33:40.010779: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:33:40.010781: | state #2 Sep 21 07:33:40.010782: | state #1 Sep 21 07:33:40.010791: | stop processing: connection "northnet-eastnet-b" (BACKGROUND) (in terminate_a_connection() at terminate.c:87) Sep 21 07:33:40.010793: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:33:40.010796: | start processing: connection "north-a-dpd" (BACKGROUND) (in terminate_a_connection() at terminate.c:69) Sep 21 07:33:40.010797: "north-a-dpd" #1: terminating SAs using this connection Sep 21 07:33:40.010799: | connection 'north-a-dpd' -POLICY_UP Sep 21 07:33:40.010801: | FOR_EACH_STATE_... in shared_phase1_connection Sep 21 07:33:40.010815: | connection not shared - terminating IKE and IPsec SA Sep 21 07:33:40.010817: | Deleting states for connection - not including other IPsec SA's Sep 21 07:33:40.010818: | pass 0 Sep 21 07:33:40.010819: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:33:40.010821: | state #2 Sep 21 07:33:40.010824: | suspend processing: state #1 connection "north-a-dpd" from 192.1.2.23:500 (in foreach_state_by_connection_func_delete() at state.c:1310) Sep 21 07:33:40.010826: | start processing: state #2 connection "north-a-dpd" from 192.1.2.23:500 (in foreach_state_by_connection_func_delete() at state.c:1310) Sep 21 07:33:40.010829: | pstats #2 ikev1.ipsec deleted completed Sep 21 07:33:40.010831: | [RE]START processing: state #2 connection "north-a-dpd" from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:33:40.010834: "north-a-dpd" #2: deleting state (STATE_QUICK_I2) aged 13.007s and sending notification Sep 21 07:33:40.010836: | child state #2: QUICK_I2(established CHILD SA) => delete Sep 21 07:33:40.010839: | get_sa_info esp.961469d3@192.1.2.23 Sep 21 07:33:40.010855: | get_sa_info esp.577ef0d0@192.1.3.33 Sep 21 07:33:40.010861: "north-a-dpd" #2: ESP traffic information: in=0B out=168B Sep 21 07:33:40.010863: | state #2 requesting EVENT_DPD-pe@0x7fdad80041c0 be deleted Sep 21 07:33:40.010871: | libevent_free: release ptr-libevent@0x55dbe1c163a0 Sep 21 07:33:40.010873: | free_event_entry: release EVENT_DPD-pe@0x7fdad80041c0 Sep 21 07:33:40.010875: | #2 send IKEv1 delete notification for STATE_QUICK_I2 Sep 21 07:33:40.010877: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:33:40.010887: | **emit ISAKMP Message: Sep 21 07:33:40.010889: | initiator cookie: Sep 21 07:33:40.010890: | 01 a7 a6 fa 98 79 9e af Sep 21 07:33:40.010892: | responder cookie: Sep 21 07:33:40.010893: | 66 81 7f f0 7d 2f b4 22 Sep 21 07:33:40.010895: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:40.010897: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:33:40.010899: | exchange type: ISAKMP_XCHG_INFO (0x5) Sep 21 07:33:40.010901: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Sep 21 07:33:40.010903: | Message ID: 1474668410 (0x57e5a77a) Sep 21 07:33:40.010904: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:33:40.010907: | ***emit ISAKMP Hash Payload: Sep 21 07:33:40.010908: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:40.010910: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Sep 21 07:33:40.010912: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'delete msg' Sep 21 07:33:40.010914: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Sep 21 07:33:40.010916: | emitting length of ISAKMP Hash Payload: 36 Sep 21 07:33:40.010918: | ***emit ISAKMP Delete Payload: Sep 21 07:33:40.010919: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:40.010921: | DOI: ISAKMP_DOI_IPSEC (0x1) Sep 21 07:33:40.010922: | protocol ID: 3 (0x3) Sep 21 07:33:40.010924: | SPI size: 4 (0x4) Sep 21 07:33:40.010925: | number of SPIs: 1 (0x1) Sep 21 07:33:40.010927: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Delete Payload (12:ISAKMP_NEXT_D) Sep 21 07:33:40.010929: | next payload chain: saving location 'ISAKMP Delete Payload'.'next payload type' in 'delete msg' Sep 21 07:33:40.010931: | emitting 4 raw bytes of delete payload into ISAKMP Delete Payload Sep 21 07:33:40.010932: | delete payload 57 7e f0 d0 Sep 21 07:33:40.010934: | emitting length of ISAKMP Delete Payload: 16 Sep 21 07:33:40.010959: | send delete HASH(1): Sep 21 07:33:40.010961: | 4a 39 02 f9 71 ad b0 a4 4d 0d 1b d5 d4 9f 43 27 Sep 21 07:33:40.010963: | b3 59 a6 96 70 ad 73 05 ff 64 ff 40 9d fa 77 bd Sep 21 07:33:40.010968: | emitting 12 zero bytes of encryption padding into ISAKMP Message Sep 21 07:33:40.010970: | no IKEv1 message padding required Sep 21 07:33:40.010972: | emitting length of ISAKMP Message: 92 Sep 21 07:33:40.010982: | sending 92 bytes for delete notify through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Sep 21 07:33:40.010984: | 01 a7 a6 fa 98 79 9e af 66 81 7f f0 7d 2f b4 22 Sep 21 07:33:40.010985: | 08 10 05 01 57 e5 a7 7a 00 00 00 5c e6 89 34 62 Sep 21 07:33:40.010986: | cc 4a 6f 26 70 b6 08 e6 aa 4d 5a c6 e6 0e 4e 4c Sep 21 07:33:40.010988: | 24 b3 5d fe a0 0b 6b 21 18 09 14 d6 f0 f9 2d d3 Sep 21 07:33:40.010989: | 40 35 e5 c8 f7 18 4c 81 16 07 b8 a5 06 59 ce e0 Sep 21 07:33:40.010991: | a7 84 ee a3 73 83 12 42 69 69 05 d1 Sep 21 07:33:40.011000: ERROR: "north-a-dpd" #2: sendto on eth1 to 192.1.2.23:500 failed in delete notify. Errno 113: No route to host Sep 21 07:33:40.011002: | state #2 requesting EVENT_SA_REPLACE to be deleted Sep 21 07:33:40.011004: | libevent_free: release ptr-libevent@0x7fdad4004f00 Sep 21 07:33:40.011006: | free_event_entry: release EVENT_SA_REPLACE-pe@0x55dbe1bf6490 Sep 21 07:33:40.011075: | running updown command "ipsec _updown" for verb down Sep 21 07:33:40.011078: | command executing down-client Sep 21 07:33:40.011099: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:33:40.011105: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:33:40.011118: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-a-dpd' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569051207' PLUTO_CONN_POLIC Sep 21 07:33:40.011121: | popen cmd is 1406 chars long Sep 21 07:33:40.011123: | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-a-dpd' PLUT: Sep 21 07:33:40.011124: | cmd( 80):O_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_I: Sep 21 07:33:40.011126: | cmd( 160):D='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testin: Sep 21 07:33:40.011128: | cmd( 240):g.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/: Sep 21 07:33:40.011129: | cmd( 320):24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_M: Sep 21 07:33:40.011131: | cmd( 400):Y_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUT: Sep 21 07:33:40.011133: | cmd( 480):O_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=: Sep 21 07:33:40.011134: | cmd( 560):Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.or: Sep 21 07:33:40.011136: | cmd( 640):g' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' PLUTO_PE: Sep 21 07:33:40.011137: | cmd( 720):ER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO: Sep 21 07:33:40.011139: | cmd( 800):_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libre: Sep 21 07:33:40.011141: | cmd( 880):swan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADD: Sep 21 07:33:40.011142: | cmd( 960):TIME='1569051207' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF: Sep 21 07:33:40.011144: | cmd(1040):_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMI: Sep 21 07:33:40.011146: | cmd(1120):LY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PE: Sep 21 07:33:40.011147: | cmd(1200):ER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0': Sep 21 07:33:40.011149: | cmd(1280): PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x: Sep 21 07:33:40.011150: | cmd(1360):961469d3 SPI_OUT=0x577ef0d0 ipsec _updown 2>&1: Sep 21 07:33:40.018284: | shunt_eroute() called for connection 'north-a-dpd' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 192.0.3.0/24:0 --0->- 192.0.22.0/24:0 Sep 21 07:33:40.018301: | netlink_shunt_eroute for proto 0, and source 192.0.3.0/24:0 dest 192.0.22.0/24:0 Sep 21 07:33:40.018304: | priority calculation of connection "north-a-dpd" is 0xfe7e7 Sep 21 07:33:40.018306: | IPsec Sa SPD priority set to 1042407 Sep 21 07:33:40.018365: | delete esp.961469d3@192.1.2.23 Sep 21 07:33:40.018394: | netlink response for Del SA esp.961469d3@192.1.2.23 included non-error error Sep 21 07:33:40.018397: | priority calculation of connection "north-a-dpd" is 0xfe7e7 Sep 21 07:33:40.018406: | delete inbound eroute 192.0.22.0/24:0 --0-> 192.0.3.0/24:0 => unk255.10000@192.1.3.33 (raw_eroute) Sep 21 07:33:40.018441: | raw_eroute result=success Sep 21 07:33:40.018444: | delete esp.577ef0d0@192.1.3.33 Sep 21 07:33:40.018465: | netlink response for Del SA esp.577ef0d0@192.1.3.33 included non-error error Sep 21 07:33:40.018471: | stop processing: connection "north-a-dpd" (BACKGROUND) (in update_state_connection() at connections.c:4037) Sep 21 07:33:40.018473: | start processing: connection NULL (in update_state_connection() at connections.c:4038) Sep 21 07:33:40.018475: | in connection_discard for connection north-a-dpd Sep 21 07:33:40.018477: | State DB: deleting IKEv1 state #2 in QUICK_I2 Sep 21 07:33:40.018480: | child state #2: QUICK_I2(established CHILD SA) => UNDEFINED(ignore) Sep 21 07:33:40.018497: | stop processing: state #2 from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:33:40.018517: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) Sep 21 07:33:40.018521: | resume processing: state #1 connection "north-a-dpd" from 192.1.2.23:500 (in foreach_state_by_connection_func_delete() at state.c:1312) Sep 21 07:33:40.018536: | state #1 Sep 21 07:33:40.018538: | pass 1 Sep 21 07:33:40.018541: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:33:40.018542: | state #1 Sep 21 07:33:40.018546: | [RE]START processing: state #1 connection "north-a-dpd" from 192.1.2.23:500 (in foreach_state_by_connection_func_delete() at state.c:1310) Sep 21 07:33:40.018549: | pstats #1 ikev1.isakmp deleted completed Sep 21 07:33:40.018552: | [RE]START processing: state #1 connection "north-a-dpd" from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:33:40.018557: "north-a-dpd" #1: deleting state (STATE_MAIN_I4) aged 13.044s and sending notification Sep 21 07:33:40.018560: | parent state #1: MAIN_I4(established IKE SA) => delete Sep 21 07:33:40.018619: | #1 send IKEv1 delete notification for STATE_MAIN_I4 Sep 21 07:33:40.018628: | **emit ISAKMP Message: Sep 21 07:33:40.018630: | initiator cookie: Sep 21 07:33:40.018632: | 01 a7 a6 fa 98 79 9e af Sep 21 07:33:40.018633: | responder cookie: Sep 21 07:33:40.018635: | 66 81 7f f0 7d 2f b4 22 Sep 21 07:33:40.018637: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:40.018639: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:33:40.018641: | exchange type: ISAKMP_XCHG_INFO (0x5) Sep 21 07:33:40.018643: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Sep 21 07:33:40.018644: | Message ID: 3744086103 (0xdf2a3857) Sep 21 07:33:40.018646: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:33:40.018648: | ***emit ISAKMP Hash Payload: Sep 21 07:33:40.018650: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:40.018653: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Sep 21 07:33:40.018654: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'delete msg' Sep 21 07:33:40.018657: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Sep 21 07:33:40.018658: | emitting length of ISAKMP Hash Payload: 36 Sep 21 07:33:40.018660: | ***emit ISAKMP Delete Payload: Sep 21 07:33:40.018662: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:40.018663: | DOI: ISAKMP_DOI_IPSEC (0x1) Sep 21 07:33:40.018665: | protocol ID: 1 (0x1) Sep 21 07:33:40.018667: | SPI size: 16 (0x10) Sep 21 07:33:40.018668: | number of SPIs: 1 (0x1) Sep 21 07:33:40.018671: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Delete Payload (12:ISAKMP_NEXT_D) Sep 21 07:33:40.018673: | next payload chain: saving location 'ISAKMP Delete Payload'.'next payload type' in 'delete msg' Sep 21 07:33:40.018676: | emitting 8 raw bytes of initiator SPI into ISAKMP Delete Payload Sep 21 07:33:40.018680: | initiator SPI 01 a7 a6 fa 98 79 9e af Sep 21 07:33:40.018687: | emitting 8 raw bytes of responder SPI into ISAKMP Delete Payload Sep 21 07:33:40.018690: | responder SPI 66 81 7f f0 7d 2f b4 22 Sep 21 07:33:40.018694: | emitting length of ISAKMP Delete Payload: 28 Sep 21 07:33:40.018727: | send delete HASH(1): Sep 21 07:33:40.018733: | 0c 92 b8 16 34 4d d5 84 ee 78 33 3f 11 05 b9 21 Sep 21 07:33:40.018735: | 88 84 d7 b9 4a e2 7e 9a f7 e8 aa 23 fc 78 6e b8 Sep 21 07:33:40.018743: | no IKEv1 message padding required Sep 21 07:33:40.018745: | emitting length of ISAKMP Message: 92 Sep 21 07:33:40.018755: | sending 92 bytes for delete notify through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #1) Sep 21 07:33:40.018757: | 01 a7 a6 fa 98 79 9e af 66 81 7f f0 7d 2f b4 22 Sep 21 07:33:40.018759: | 08 10 05 01 df 2a 38 57 00 00 00 5c 16 e4 b8 5e Sep 21 07:33:40.018760: | df 70 c5 a5 c4 79 52 5a 98 c0 8d 0f ad 1a 2e ae Sep 21 07:33:40.018762: | 9b 97 79 63 54 cf 13 51 0e 3d ab e0 d5 f1 2b 08 Sep 21 07:33:40.018763: | 52 eb 0f 9b cd 67 29 88 5e 22 56 b9 17 c2 78 f4 Sep 21 07:33:40.018765: | 34 65 21 f3 9a 6e ba c6 55 6a da 65 Sep 21 07:33:40.018775: ERROR: "north-a-dpd" #1: sendto on eth1 to 192.1.2.23:500 failed in delete notify. Errno 113: No route to host Sep 21 07:33:40.018777: | state #1 requesting EVENT_SA_REPLACE to be deleted Sep 21 07:33:40.018781: | libevent_free: release ptr-libevent@0x55dbe1bf51f0 Sep 21 07:33:40.018787: | free_event_entry: release EVENT_SA_REPLACE-pe@0x55dbe1c04980 Sep 21 07:33:40.018793: | State DB: IKEv1 state not found (flush_incomplete_children) Sep 21 07:33:40.018796: | in connection_discard for connection north-a-dpd Sep 21 07:33:40.018798: | State DB: deleting IKEv1 state #1 in MAIN_I4 Sep 21 07:33:40.018800: | parent state #1: MAIN_I4(established IKE SA) => UNDEFINED(ignore) Sep 21 07:33:40.018807: | unreference key: 0x55dbe1c08430 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org cnt 2-- Sep 21 07:33:40.018816: | stop processing: state #1 from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:33:40.018822: | unreference key: 0x55dbe1c08430 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org cnt 1-- Sep 21 07:33:40.018825: | unreference key: 0x55dbe1c155b0 user-east@testing.libreswan.org cnt 1-- Sep 21 07:33:40.018828: | unreference key: 0x55dbe1bcdb70 @east.testing.libreswan.org cnt 1-- Sep 21 07:33:40.018831: | unreference key: 0x55dbe1bf5310 east@testing.libreswan.org cnt 1-- Sep 21 07:33:40.018833: | unreference key: 0x55dbe1bfc1e0 192.1.2.23 cnt 1-- Sep 21 07:33:40.018843: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) Sep 21 07:33:40.018846: | processing: STOP connection NULL (in terminate_a_connection() at terminate.c:87) Sep 21 07:33:40.018848: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:33:40.018852: | start processing: connection "northnet-eastnet-b" (in initiate_a_connection() at initiate.c:186) Sep 21 07:33:40.018855: | empty esp_info, returning defaults for ENCRYPT Sep 21 07:33:40.018857: | connection 'northnet-eastnet-b' +POLICY_UP Sep 21 07:33:40.018859: | dup_any(fd@-1) -> fd@-1 (in initiate_a_connection() at initiate.c:342) Sep 21 07:33:40.018861: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:33:40.018865: | creating state object #3 at 0x55dbe1bfcd60 Sep 21 07:33:40.018867: | State DB: adding IKEv1 state #3 in UNDEFINED Sep 21 07:33:40.018874: | pstats #3 ikev1.isakmp started Sep 21 07:33:40.018879: | suspend processing: connection "northnet-eastnet-b" (in main_outI1() at ikev1_main.c:118) Sep 21 07:33:40.018882: | start processing: state #3 connection "northnet-eastnet-b" from 192.1.2.23:500 (in main_outI1() at ikev1_main.c:118) Sep 21 07:33:40.018884: | parent state #3: UNDEFINED(ignore) => MAIN_I1(half-open IKE SA) Sep 21 07:33:40.018886: | dup_any(fd@-1) -> fd@-1 (in main_outI1() at ikev1_main.c:123) Sep 21 07:33:40.018889: | Queuing pending IPsec SA negotiating with 192.1.2.23 "northnet-eastnet-b" IKE SA #3 "northnet-eastnet-b" Sep 21 07:33:40.018894: "northnet-eastnet-b" #3: initiating Main Mode Sep 21 07:33:40.018897: | **emit ISAKMP Message: Sep 21 07:33:40.018900: | initiator cookie: Sep 21 07:33:40.018901: | 83 26 94 dc 76 34 ec a4 Sep 21 07:33:40.018903: | responder cookie: Sep 21 07:33:40.018904: | 00 00 00 00 00 00 00 00 Sep 21 07:33:40.018906: | next payload type: ISAKMP_NEXT_SA (0x1) Sep 21 07:33:40.018907: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:33:40.018909: | exchange type: ISAKMP_XCHG_IDPROT (0x2) Sep 21 07:33:40.018911: | flags: none (0x0) Sep 21 07:33:40.018912: | Message ID: 0 (0x0) Sep 21 07:33:40.018914: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:33:40.018916: | next payload chain: ignoring supplied 'ISAKMP Message'.'next payload type' value 1:ISAKMP_NEXT_SA Sep 21 07:33:40.018919: | no specific IKE algorithms specified - using defaults Sep 21 07:33:40.018934: | oakley_alg_makedb() processing ealg=aes=7 halg=sha2_256=4 modp=MODP2048=14 eklen=0 Sep 21 07:33:40.018938: | oakley_alg_makedb() processing ealg=aes=7 halg=sha2_512=6 modp=MODP2048=14 eklen=0 Sep 21 07:33:40.018940: | oakley_alg_makedb() processing ealg=aes=7 halg=sha=2 modp=MODP2048=14 eklen=0 Sep 21 07:33:40.018943: | oakley_alg_makedb() processing ealg=aes=7 halg=sha2_256=4 modp=MODP1536=5 eklen=0 Sep 21 07:33:40.018946: | oakley_alg_makedb() processing ealg=aes=7 halg=sha2_512=6 modp=MODP1536=5 eklen=0 Sep 21 07:33:40.018949: | oakley_alg_makedb() processing ealg=aes=7 halg=sha=2 modp=MODP1536=5 eklen=0 Sep 21 07:33:40.018952: | oakley_alg_makedb() processing ealg=3des_cbc=5 halg=sha2_256=4 modp=MODP2048=14 eklen=0 Sep 21 07:33:40.018955: | oakley_alg_makedb() processing ealg=3des_cbc=5 halg=sha2_512=6 modp=MODP2048=14 eklen=0 Sep 21 07:33:40.018958: | oakley_alg_makedb() processing ealg=3des_cbc=5 halg=sha=2 modp=MODP2048=14 eklen=0 Sep 21 07:33:40.018960: | oakley_alg_makedb() processing ealg=3des_cbc=5 halg=sha2_256=4 modp=MODP1536=5 eklen=0 Sep 21 07:33:40.018963: | oakley_alg_makedb() processing ealg=3des_cbc=5 halg=sha2_512=6 modp=MODP1536=5 eklen=0 Sep 21 07:33:40.018965: | oakley_alg_makedb() processing ealg=3des_cbc=5 halg=sha=2 modp=MODP1536=5 eklen=0 Sep 21 07:33:40.018968: | oakley_alg_makedb() returning 0x55dbe1bfc1e0 Sep 21 07:33:40.018971: | ***emit ISAKMP Security Association Payload: Sep 21 07:33:40.018972: | next payload type: ISAKMP_NEXT_VID (0xd) Sep 21 07:33:40.018974: | DOI: ISAKMP_DOI_IPSEC (0x1) Sep 21 07:33:40.018976: | next payload chain: ignoring supplied 'ISAKMP Security Association Payload'.'next payload type' value 13:ISAKMP_NEXT_VID Sep 21 07:33:40.018978: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Security Association Payload (1:ISAKMP_NEXT_SA) Sep 21 07:33:40.018980: | next payload chain: saving location 'ISAKMP Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:33:40.018982: | ****emit IPsec DOI SIT: Sep 21 07:33:40.018984: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) Sep 21 07:33:40.018986: | ikev1_out_sa pcn: 0 has 1 valid proposals Sep 21 07:33:40.018987: | ikev1_out_sa pcn: 0 pn: 0<1 valid_count: 1 trans_cnt: 18 Sep 21 07:33:40.018989: | ****emit ISAKMP Proposal Payload: Sep 21 07:33:40.018991: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:40.018992: | proposal number: 0 (0x0) Sep 21 07:33:40.018994: | protocol ID: PROTO_ISAKMP (0x1) Sep 21 07:33:40.018995: | SPI size: 0 (0x0) Sep 21 07:33:40.018997: | number of transforms: 18 (0x12) Sep 21 07:33:40.018999: | last substructure: saving location 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' Sep 21 07:33:40.019001: | *****emit ISAKMP Transform Payload (ISAKMP): Sep 21 07:33:40.019002: | next payload type: ISAKMP_NEXT_T (0x3) Sep 21 07:33:40.019004: | ISAKMP transform number: 0 (0x0) Sep 21 07:33:40.019006: | ISAKMP transform ID: KEY_IKE (0x1) Sep 21 07:33:40.019009: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Sep 21 07:33:40.019011: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:40.019013: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Sep 21 07:33:40.019015: | length/value: 1 (0x1) Sep 21 07:33:40.019017: | [1 is OAKLEY_LIFE_SECONDS] Sep 21 07:33:40.019018: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:40.019020: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Sep 21 07:33:40.019021: | length/value: 3600 (0xe10) Sep 21 07:33:40.019023: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:40.019025: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Sep 21 07:33:40.019026: | length/value: 7 (0x7) Sep 21 07:33:40.019028: | [7 is OAKLEY_AES_CBC] Sep 21 07:33:40.019029: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:40.019031: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Sep 21 07:33:40.019032: | length/value: 4 (0x4) Sep 21 07:33:40.019034: | [4 is OAKLEY_SHA2_256] Sep 21 07:33:40.019035: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:40.019037: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Sep 21 07:33:40.019038: | length/value: 3 (0x3) Sep 21 07:33:40.019040: | [3 is OAKLEY_RSA_SIG] Sep 21 07:33:40.019041: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:40.019043: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Sep 21 07:33:40.019044: | length/value: 14 (0xe) Sep 21 07:33:40.019046: | [14 is OAKLEY_GROUP_MODP2048] Sep 21 07:33:40.019047: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:40.019049: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) Sep 21 07:33:40.019051: | length/value: 256 (0x100) Sep 21 07:33:40.019052: | emitting length of ISAKMP Transform Payload (ISAKMP): 36 Sep 21 07:33:40.019054: | *****emit ISAKMP Transform Payload (ISAKMP): Sep 21 07:33:40.019055: | next payload type: ISAKMP_NEXT_T (0x3) Sep 21 07:33:40.019057: | ISAKMP transform number: 1 (0x1) Sep 21 07:33:40.019058: | ISAKMP transform ID: KEY_IKE (0x1) Sep 21 07:33:40.019060: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Sep 21 07:33:40.019062: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Sep 21 07:33:40.019064: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:40.019065: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Sep 21 07:33:40.019067: | length/value: 1 (0x1) Sep 21 07:33:40.019068: | [1 is OAKLEY_LIFE_SECONDS] Sep 21 07:33:40.019070: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:40.019071: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Sep 21 07:33:40.019073: | length/value: 3600 (0xe10) Sep 21 07:33:40.019074: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:40.019076: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Sep 21 07:33:40.019077: | length/value: 7 (0x7) Sep 21 07:33:40.019079: | [7 is OAKLEY_AES_CBC] Sep 21 07:33:40.019080: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:40.019082: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Sep 21 07:33:40.019083: | length/value: 4 (0x4) Sep 21 07:33:40.019085: | [4 is OAKLEY_SHA2_256] Sep 21 07:33:40.019086: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:40.019088: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Sep 21 07:33:40.019089: | length/value: 3 (0x3) Sep 21 07:33:40.019091: | [3 is OAKLEY_RSA_SIG] Sep 21 07:33:40.019092: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:40.019093: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Sep 21 07:33:40.019095: | length/value: 14 (0xe) Sep 21 07:33:40.019096: | [14 is OAKLEY_GROUP_MODP2048] Sep 21 07:33:40.019098: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:40.019099: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) Sep 21 07:33:40.019101: | length/value: 128 (0x80) Sep 21 07:33:40.019108: | emitting length of ISAKMP Transform Payload (ISAKMP): 36 Sep 21 07:33:40.019111: | *****emit ISAKMP Transform Payload (ISAKMP): Sep 21 07:33:40.019116: | next payload type: ISAKMP_NEXT_T (0x3) Sep 21 07:33:40.019118: | ISAKMP transform number: 2 (0x2) Sep 21 07:33:40.019121: | ISAKMP transform ID: KEY_IKE (0x1) Sep 21 07:33:40.019123: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Sep 21 07:33:40.019125: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Sep 21 07:33:40.019127: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:40.019129: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Sep 21 07:33:40.019130: | length/value: 1 (0x1) Sep 21 07:33:40.019132: | [1 is OAKLEY_LIFE_SECONDS] Sep 21 07:33:40.019133: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:40.019135: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Sep 21 07:33:40.019136: | length/value: 3600 (0xe10) Sep 21 07:33:40.019138: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:40.019139: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Sep 21 07:33:40.019141: | length/value: 7 (0x7) Sep 21 07:33:40.019142: | [7 is OAKLEY_AES_CBC] Sep 21 07:33:40.019144: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:40.019145: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Sep 21 07:33:40.019147: | length/value: 6 (0x6) Sep 21 07:33:40.019148: | [6 is OAKLEY_SHA2_512] Sep 21 07:33:40.019150: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:40.019151: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Sep 21 07:33:40.019153: | length/value: 3 (0x3) Sep 21 07:33:40.019155: | [3 is OAKLEY_RSA_SIG] Sep 21 07:33:40.019157: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:40.019160: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Sep 21 07:33:40.019162: | length/value: 14 (0xe) Sep 21 07:33:40.019164: | [14 is OAKLEY_GROUP_MODP2048] Sep 21 07:33:40.019166: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:40.019168: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) Sep 21 07:33:40.019170: | length/value: 256 (0x100) Sep 21 07:33:40.019172: | emitting length of ISAKMP Transform Payload (ISAKMP): 36 Sep 21 07:33:40.019173: | *****emit ISAKMP Transform Payload (ISAKMP): Sep 21 07:33:40.019175: | next payload type: ISAKMP_NEXT_T (0x3) Sep 21 07:33:40.019176: | ISAKMP transform number: 3 (0x3) Sep 21 07:33:40.019178: | ISAKMP transform ID: KEY_IKE (0x1) Sep 21 07:33:40.019180: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Sep 21 07:33:40.019181: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Sep 21 07:33:40.019183: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:40.019185: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Sep 21 07:33:40.019186: | length/value: 1 (0x1) Sep 21 07:33:40.019188: | [1 is OAKLEY_LIFE_SECONDS] Sep 21 07:33:40.019189: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:40.019191: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Sep 21 07:33:40.019192: | length/value: 3600 (0xe10) Sep 21 07:33:40.019194: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:40.019195: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Sep 21 07:33:40.019197: | length/value: 7 (0x7) Sep 21 07:33:40.019198: | [7 is OAKLEY_AES_CBC] Sep 21 07:33:40.019200: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:40.019201: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Sep 21 07:33:40.019203: | length/value: 6 (0x6) Sep 21 07:33:40.019204: | [6 is OAKLEY_SHA2_512] Sep 21 07:33:40.019206: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:40.019208: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Sep 21 07:33:40.019211: | length/value: 3 (0x3) Sep 21 07:33:40.019213: | [3 is OAKLEY_RSA_SIG] Sep 21 07:33:40.019215: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:40.019217: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Sep 21 07:33:40.019221: | length/value: 14 (0xe) Sep 21 07:33:40.019222: | [14 is OAKLEY_GROUP_MODP2048] Sep 21 07:33:40.019224: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:40.019225: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) Sep 21 07:33:40.019227: | length/value: 128 (0x80) Sep 21 07:33:40.019228: | emitting length of ISAKMP Transform Payload (ISAKMP): 36 Sep 21 07:33:40.019230: | *****emit ISAKMP Transform Payload (ISAKMP): Sep 21 07:33:40.019231: | next payload type: ISAKMP_NEXT_T (0x3) Sep 21 07:33:40.019233: | ISAKMP transform number: 4 (0x4) Sep 21 07:33:40.019234: | ISAKMP transform ID: KEY_IKE (0x1) Sep 21 07:33:40.019236: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Sep 21 07:33:40.019238: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Sep 21 07:33:40.019239: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:40.019241: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Sep 21 07:33:40.019242: | length/value: 1 (0x1) Sep 21 07:33:40.019244: | [1 is OAKLEY_LIFE_SECONDS] Sep 21 07:33:40.019245: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:40.019247: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Sep 21 07:33:40.019249: | length/value: 3600 (0xe10) Sep 21 07:33:40.019250: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:40.019252: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Sep 21 07:33:40.019253: | length/value: 7 (0x7) Sep 21 07:33:40.019255: | [7 is OAKLEY_AES_CBC] Sep 21 07:33:40.019256: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:40.019258: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Sep 21 07:33:40.019259: | length/value: 2 (0x2) Sep 21 07:33:40.019262: | [2 is OAKLEY_SHA1] Sep 21 07:33:40.019264: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:40.019266: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Sep 21 07:33:40.019268: | length/value: 3 (0x3) Sep 21 07:33:40.019271: | [3 is OAKLEY_RSA_SIG] Sep 21 07:33:40.019273: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:40.019274: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Sep 21 07:33:40.019276: | length/value: 14 (0xe) Sep 21 07:33:40.019277: | [14 is OAKLEY_GROUP_MODP2048] Sep 21 07:33:40.019279: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:40.019280: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) Sep 21 07:33:40.019282: | length/value: 256 (0x100) Sep 21 07:33:40.019284: | emitting length of ISAKMP Transform Payload (ISAKMP): 36 Sep 21 07:33:40.019285: | *****emit ISAKMP Transform Payload (ISAKMP): Sep 21 07:33:40.019287: | next payload type: ISAKMP_NEXT_T (0x3) Sep 21 07:33:40.019288: | ISAKMP transform number: 5 (0x5) Sep 21 07:33:40.019290: | ISAKMP transform ID: KEY_IKE (0x1) Sep 21 07:33:40.019291: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Sep 21 07:33:40.019293: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Sep 21 07:33:40.019295: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:40.019296: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Sep 21 07:33:40.019298: | length/value: 1 (0x1) Sep 21 07:33:40.019299: | [1 is OAKLEY_LIFE_SECONDS] Sep 21 07:33:40.019301: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:40.019302: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Sep 21 07:33:40.019304: | length/value: 3600 (0xe10) Sep 21 07:33:40.019305: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:40.019307: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Sep 21 07:33:40.019308: | length/value: 7 (0x7) Sep 21 07:33:40.019310: | [7 is OAKLEY_AES_CBC] Sep 21 07:33:40.019311: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:40.019313: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Sep 21 07:33:40.019314: | length/value: 2 (0x2) Sep 21 07:33:40.019316: | [2 is OAKLEY_SHA1] Sep 21 07:33:40.019322: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:40.019325: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Sep 21 07:33:40.019327: | length/value: 3 (0x3) Sep 21 07:33:40.019329: | [3 is OAKLEY_RSA_SIG] Sep 21 07:33:40.019331: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:40.019333: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Sep 21 07:33:40.019336: | length/value: 14 (0xe) Sep 21 07:33:40.019338: | [14 is OAKLEY_GROUP_MODP2048] Sep 21 07:33:40.019339: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:40.019341: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) Sep 21 07:33:40.019342: | length/value: 128 (0x80) Sep 21 07:33:40.019344: | emitting length of ISAKMP Transform Payload (ISAKMP): 36 Sep 21 07:33:40.019345: | *****emit ISAKMP Transform Payload (ISAKMP): Sep 21 07:33:40.019347: | next payload type: ISAKMP_NEXT_T (0x3) Sep 21 07:33:40.019348: | ISAKMP transform number: 6 (0x6) Sep 21 07:33:40.019350: | ISAKMP transform ID: KEY_IKE (0x1) Sep 21 07:33:40.019352: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Sep 21 07:33:40.019354: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Sep 21 07:33:40.019355: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:40.019357: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Sep 21 07:33:40.019358: | length/value: 1 (0x1) Sep 21 07:33:40.019360: | [1 is OAKLEY_LIFE_SECONDS] Sep 21 07:33:40.019361: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:40.019363: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Sep 21 07:33:40.019364: | length/value: 3600 (0xe10) Sep 21 07:33:40.019366: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:40.019367: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Sep 21 07:33:40.019369: | length/value: 7 (0x7) Sep 21 07:33:40.019370: | [7 is OAKLEY_AES_CBC] Sep 21 07:33:40.019372: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:40.019373: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Sep 21 07:33:40.019375: | length/value: 4 (0x4) Sep 21 07:33:40.019376: | [4 is OAKLEY_SHA2_256] Sep 21 07:33:40.019378: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:40.019379: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Sep 21 07:33:40.019381: | length/value: 3 (0x3) Sep 21 07:33:40.019382: | [3 is OAKLEY_RSA_SIG] Sep 21 07:33:40.019384: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:40.019386: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Sep 21 07:33:40.019388: | length/value: 5 (0x5) Sep 21 07:33:40.019391: | [5 is OAKLEY_GROUP_MODP1536] Sep 21 07:33:40.019393: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:40.019395: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) Sep 21 07:33:40.019397: | length/value: 256 (0x100) Sep 21 07:33:40.019399: | emitting length of ISAKMP Transform Payload (ISAKMP): 36 Sep 21 07:33:40.019401: | *****emit ISAKMP Transform Payload (ISAKMP): Sep 21 07:33:40.019402: | next payload type: ISAKMP_NEXT_T (0x3) Sep 21 07:33:40.019404: | ISAKMP transform number: 7 (0x7) Sep 21 07:33:40.019405: | ISAKMP transform ID: KEY_IKE (0x1) Sep 21 07:33:40.019407: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Sep 21 07:33:40.019409: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Sep 21 07:33:40.019410: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:40.019412: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Sep 21 07:33:40.019413: | length/value: 1 (0x1) Sep 21 07:33:40.019415: | [1 is OAKLEY_LIFE_SECONDS] Sep 21 07:33:40.019416: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:40.019418: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Sep 21 07:33:40.019419: | length/value: 3600 (0xe10) Sep 21 07:33:40.019421: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:40.019424: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Sep 21 07:33:40.019425: | length/value: 7 (0x7) Sep 21 07:33:40.019427: | [7 is OAKLEY_AES_CBC] Sep 21 07:33:40.019428: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:40.019430: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Sep 21 07:33:40.019431: | length/value: 4 (0x4) Sep 21 07:33:40.019433: | [4 is OAKLEY_SHA2_256] Sep 21 07:33:40.019434: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:40.019436: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Sep 21 07:33:40.019437: | length/value: 3 (0x3) Sep 21 07:33:40.019439: | [3 is OAKLEY_RSA_SIG] Sep 21 07:33:40.019442: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:40.019444: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Sep 21 07:33:40.019446: | length/value: 5 (0x5) Sep 21 07:33:40.019448: | [5 is OAKLEY_GROUP_MODP1536] Sep 21 07:33:40.019450: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:40.019451: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) Sep 21 07:33:40.019453: | length/value: 128 (0x80) Sep 21 07:33:40.019455: | emitting length of ISAKMP Transform Payload (ISAKMP): 36 Sep 21 07:33:40.019456: | *****emit ISAKMP Transform Payload (ISAKMP): Sep 21 07:33:40.019458: | next payload type: ISAKMP_NEXT_T (0x3) Sep 21 07:33:40.019459: | ISAKMP transform number: 8 (0x8) Sep 21 07:33:40.019461: | ISAKMP transform ID: KEY_IKE (0x1) Sep 21 07:33:40.019462: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Sep 21 07:33:40.019464: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Sep 21 07:33:40.019466: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:40.019467: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Sep 21 07:33:40.019469: | length/value: 1 (0x1) Sep 21 07:33:40.019470: | [1 is OAKLEY_LIFE_SECONDS] Sep 21 07:33:40.019472: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:40.019473: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Sep 21 07:33:40.019475: | length/value: 3600 (0xe10) Sep 21 07:33:40.019476: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:40.019478: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Sep 21 07:33:40.019479: | length/value: 7 (0x7) Sep 21 07:33:40.019481: | [7 is OAKLEY_AES_CBC] Sep 21 07:33:40.019482: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:40.019484: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Sep 21 07:33:40.019485: | length/value: 6 (0x6) Sep 21 07:33:40.019487: | [6 is OAKLEY_SHA2_512] Sep 21 07:33:40.019488: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:40.019490: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Sep 21 07:33:40.019492: | length/value: 3 (0x3) Sep 21 07:33:40.019494: | [3 is OAKLEY_RSA_SIG] Sep 21 07:33:40.019497: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:40.019499: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Sep 21 07:33:40.019501: | length/value: 5 (0x5) Sep 21 07:33:40.019503: | [5 is OAKLEY_GROUP_MODP1536] Sep 21 07:33:40.019504: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:40.019506: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) Sep 21 07:33:40.019507: | length/value: 256 (0x100) Sep 21 07:33:40.019509: | emitting length of ISAKMP Transform Payload (ISAKMP): 36 Sep 21 07:33:40.019510: | *****emit ISAKMP Transform Payload (ISAKMP): Sep 21 07:33:40.019512: | next payload type: ISAKMP_NEXT_T (0x3) Sep 21 07:33:40.019513: | ISAKMP transform number: 9 (0x9) Sep 21 07:33:40.019515: | ISAKMP transform ID: KEY_IKE (0x1) Sep 21 07:33:40.019516: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Sep 21 07:33:40.019518: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Sep 21 07:33:40.019520: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:40.019521: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Sep 21 07:33:40.019524: | length/value: 1 (0x1) Sep 21 07:33:40.019526: | [1 is OAKLEY_LIFE_SECONDS] Sep 21 07:33:40.019527: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:40.019529: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Sep 21 07:33:40.019530: | length/value: 3600 (0xe10) Sep 21 07:33:40.019532: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:40.019533: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Sep 21 07:33:40.019535: | length/value: 7 (0x7) Sep 21 07:33:40.019536: | [7 is OAKLEY_AES_CBC] Sep 21 07:33:40.019538: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:40.019539: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Sep 21 07:33:40.019541: | length/value: 6 (0x6) Sep 21 07:33:40.019542: | [6 is OAKLEY_SHA2_512] Sep 21 07:33:40.019544: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:40.019547: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Sep 21 07:33:40.019549: | length/value: 3 (0x3) Sep 21 07:33:40.019551: | [3 is OAKLEY_RSA_SIG] Sep 21 07:33:40.019553: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:40.019555: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Sep 21 07:33:40.019556: | length/value: 5 (0x5) Sep 21 07:33:40.019558: | [5 is OAKLEY_GROUP_MODP1536] Sep 21 07:33:40.019559: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:40.019561: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) Sep 21 07:33:40.019562: | length/value: 128 (0x80) Sep 21 07:33:40.019564: | emitting length of ISAKMP Transform Payload (ISAKMP): 36 Sep 21 07:33:40.019565: | *****emit ISAKMP Transform Payload (ISAKMP): Sep 21 07:33:40.019567: | next payload type: ISAKMP_NEXT_T (0x3) Sep 21 07:33:40.019569: | ISAKMP transform number: 10 (0xa) Sep 21 07:33:40.019570: | ISAKMP transform ID: KEY_IKE (0x1) Sep 21 07:33:40.019572: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Sep 21 07:33:40.019574: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Sep 21 07:33:40.019575: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:40.019577: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Sep 21 07:33:40.019578: | length/value: 1 (0x1) Sep 21 07:33:40.019580: | [1 is OAKLEY_LIFE_SECONDS] Sep 21 07:33:40.019581: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:40.019583: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Sep 21 07:33:40.019584: | length/value: 3600 (0xe10) Sep 21 07:33:40.019586: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:40.019588: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Sep 21 07:33:40.019589: | length/value: 7 (0x7) Sep 21 07:33:40.019591: | [7 is OAKLEY_AES_CBC] Sep 21 07:33:40.019592: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:40.019594: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Sep 21 07:33:40.019595: | length/value: 2 (0x2) Sep 21 07:33:40.019597: | [2 is OAKLEY_SHA1] Sep 21 07:33:40.019598: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:40.019599: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Sep 21 07:33:40.019601: | length/value: 3 (0x3) Sep 21 07:33:40.019602: | [3 is OAKLEY_RSA_SIG] Sep 21 07:33:40.019604: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:40.019605: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Sep 21 07:33:40.019607: | length/value: 5 (0x5) Sep 21 07:33:40.019608: | [5 is OAKLEY_GROUP_MODP1536] Sep 21 07:33:40.019610: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:40.019611: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) Sep 21 07:33:40.019613: | length/value: 256 (0x100) Sep 21 07:33:40.019615: | emitting length of ISAKMP Transform Payload (ISAKMP): 36 Sep 21 07:33:40.019616: | *****emit ISAKMP Transform Payload (ISAKMP): Sep 21 07:33:40.019618: | next payload type: ISAKMP_NEXT_T (0x3) Sep 21 07:33:40.019619: | ISAKMP transform number: 11 (0xb) Sep 21 07:33:40.019621: | ISAKMP transform ID: KEY_IKE (0x1) Sep 21 07:33:40.019624: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Sep 21 07:33:40.019626: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Sep 21 07:33:40.019627: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:40.019629: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Sep 21 07:33:40.019630: | length/value: 1 (0x1) Sep 21 07:33:40.019632: | [1 is OAKLEY_LIFE_SECONDS] Sep 21 07:33:40.019633: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:40.019635: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Sep 21 07:33:40.019636: | length/value: 3600 (0xe10) Sep 21 07:33:40.019638: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:40.019639: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Sep 21 07:33:40.019641: | length/value: 7 (0x7) Sep 21 07:33:40.019642: | [7 is OAKLEY_AES_CBC] Sep 21 07:33:40.019644: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:40.019645: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Sep 21 07:33:40.019647: | length/value: 2 (0x2) Sep 21 07:33:40.019648: | [2 is OAKLEY_SHA1] Sep 21 07:33:40.019650: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:40.019651: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Sep 21 07:33:40.019653: | length/value: 3 (0x3) Sep 21 07:33:40.019654: | [3 is OAKLEY_RSA_SIG] Sep 21 07:33:40.019656: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:40.019657: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Sep 21 07:33:40.019659: | length/value: 5 (0x5) Sep 21 07:33:40.019660: | [5 is OAKLEY_GROUP_MODP1536] Sep 21 07:33:40.019662: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:40.019663: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) Sep 21 07:33:40.019665: | length/value: 128 (0x80) Sep 21 07:33:40.019666: | emitting length of ISAKMP Transform Payload (ISAKMP): 36 Sep 21 07:33:40.019668: | *****emit ISAKMP Transform Payload (ISAKMP): Sep 21 07:33:40.019669: | next payload type: ISAKMP_NEXT_T (0x3) Sep 21 07:33:40.019671: | ISAKMP transform number: 12 (0xc) Sep 21 07:33:40.019672: | ISAKMP transform ID: KEY_IKE (0x1) Sep 21 07:33:40.019674: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Sep 21 07:33:40.019676: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Sep 21 07:33:40.019677: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:40.019679: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Sep 21 07:33:40.019680: | length/value: 1 (0x1) Sep 21 07:33:40.019682: | [1 is OAKLEY_LIFE_SECONDS] Sep 21 07:33:40.019683: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:40.019686: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Sep 21 07:33:40.019688: | length/value: 3600 (0xe10) Sep 21 07:33:40.019690: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:40.019693: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Sep 21 07:33:40.019695: | length/value: 5 (0x5) Sep 21 07:33:40.019696: | [5 is OAKLEY_3DES_CBC] Sep 21 07:33:40.019698: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:40.019699: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Sep 21 07:33:40.019701: | length/value: 4 (0x4) Sep 21 07:33:40.019702: | [4 is OAKLEY_SHA2_256] Sep 21 07:33:40.019704: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:40.019705: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Sep 21 07:33:40.019707: | length/value: 3 (0x3) Sep 21 07:33:40.019708: | [3 is OAKLEY_RSA_SIG] Sep 21 07:33:40.019710: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:40.019711: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Sep 21 07:33:40.019713: | length/value: 14 (0xe) Sep 21 07:33:40.019714: | [14 is OAKLEY_GROUP_MODP2048] Sep 21 07:33:40.019716: | emitting length of ISAKMP Transform Payload (ISAKMP): 32 Sep 21 07:33:40.019717: | *****emit ISAKMP Transform Payload (ISAKMP): Sep 21 07:33:40.019720: | next payload type: ISAKMP_NEXT_T (0x3) Sep 21 07:33:40.019722: | ISAKMP transform number: 13 (0xd) Sep 21 07:33:40.019723: | ISAKMP transform ID: KEY_IKE (0x1) Sep 21 07:33:40.019725: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Sep 21 07:33:40.019727: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Sep 21 07:33:40.019729: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:40.019730: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Sep 21 07:33:40.019732: | length/value: 1 (0x1) Sep 21 07:33:40.019733: | [1 is OAKLEY_LIFE_SECONDS] Sep 21 07:33:40.019735: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:40.019736: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Sep 21 07:33:40.019738: | length/value: 3600 (0xe10) Sep 21 07:33:40.019741: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:40.019743: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Sep 21 07:33:40.019745: | length/value: 5 (0x5) Sep 21 07:33:40.019747: | [5 is OAKLEY_3DES_CBC] Sep 21 07:33:40.019749: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:40.019750: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Sep 21 07:33:40.019752: | length/value: 6 (0x6) Sep 21 07:33:40.019753: | [6 is OAKLEY_SHA2_512] Sep 21 07:33:40.019755: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:40.019756: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Sep 21 07:33:40.019758: | length/value: 3 (0x3) Sep 21 07:33:40.019759: | [3 is OAKLEY_RSA_SIG] Sep 21 07:33:40.019761: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:40.019762: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Sep 21 07:33:40.019764: | length/value: 14 (0xe) Sep 21 07:33:40.019765: | [14 is OAKLEY_GROUP_MODP2048] Sep 21 07:33:40.019767: | emitting length of ISAKMP Transform Payload (ISAKMP): 32 Sep 21 07:33:40.019768: | *****emit ISAKMP Transform Payload (ISAKMP): Sep 21 07:33:40.019770: | next payload type: ISAKMP_NEXT_T (0x3) Sep 21 07:33:40.019771: | ISAKMP transform number: 14 (0xe) Sep 21 07:33:40.019773: | ISAKMP transform ID: KEY_IKE (0x1) Sep 21 07:33:40.019775: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Sep 21 07:33:40.019777: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Sep 21 07:33:40.019778: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:40.019780: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Sep 21 07:33:40.019781: | length/value: 1 (0x1) Sep 21 07:33:40.019787: | [1 is OAKLEY_LIFE_SECONDS] Sep 21 07:33:40.019792: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:40.019794: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Sep 21 07:33:40.019795: | length/value: 3600 (0xe10) Sep 21 07:33:40.019797: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:40.019798: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Sep 21 07:33:40.019800: | length/value: 5 (0x5) Sep 21 07:33:40.019801: | [5 is OAKLEY_3DES_CBC] Sep 21 07:33:40.019803: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:40.019804: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Sep 21 07:33:40.019806: | length/value: 2 (0x2) Sep 21 07:33:40.019807: | [2 is OAKLEY_SHA1] Sep 21 07:33:40.019809: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:40.019812: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Sep 21 07:33:40.019814: | length/value: 3 (0x3) Sep 21 07:33:40.019816: | [3 is OAKLEY_RSA_SIG] Sep 21 07:33:40.019818: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:40.019820: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Sep 21 07:33:40.019822: | length/value: 14 (0xe) Sep 21 07:33:40.019824: | [14 is OAKLEY_GROUP_MODP2048] Sep 21 07:33:40.019826: | emitting length of ISAKMP Transform Payload (ISAKMP): 32 Sep 21 07:33:40.019829: | *****emit ISAKMP Transform Payload (ISAKMP): Sep 21 07:33:40.019830: | next payload type: ISAKMP_NEXT_T (0x3) Sep 21 07:33:40.019832: | ISAKMP transform number: 15 (0xf) Sep 21 07:33:40.019833: | ISAKMP transform ID: KEY_IKE (0x1) Sep 21 07:33:40.019835: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Sep 21 07:33:40.019837: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Sep 21 07:33:40.019839: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:40.019840: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Sep 21 07:33:40.019842: | length/value: 1 (0x1) Sep 21 07:33:40.019843: | [1 is OAKLEY_LIFE_SECONDS] Sep 21 07:33:40.019845: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:40.019846: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Sep 21 07:33:40.019848: | length/value: 3600 (0xe10) Sep 21 07:33:40.019849: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:40.019851: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Sep 21 07:33:40.019852: | length/value: 5 (0x5) Sep 21 07:33:40.019854: | [5 is OAKLEY_3DES_CBC] Sep 21 07:33:40.019855: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:40.019857: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Sep 21 07:33:40.019858: | length/value: 4 (0x4) Sep 21 07:33:40.019860: | [4 is OAKLEY_SHA2_256] Sep 21 07:33:40.019861: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:40.019863: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Sep 21 07:33:40.019864: | length/value: 3 (0x3) Sep 21 07:33:40.019865: | [3 is OAKLEY_RSA_SIG] Sep 21 07:33:40.019867: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:40.019868: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Sep 21 07:33:40.019870: | length/value: 5 (0x5) Sep 21 07:33:40.019871: | [5 is OAKLEY_GROUP_MODP1536] Sep 21 07:33:40.019873: | emitting length of ISAKMP Transform Payload (ISAKMP): 32 Sep 21 07:33:40.019874: | *****emit ISAKMP Transform Payload (ISAKMP): Sep 21 07:33:40.019876: | next payload type: ISAKMP_NEXT_T (0x3) Sep 21 07:33:40.019878: | ISAKMP transform number: 16 (0x10) Sep 21 07:33:40.019880: | ISAKMP transform ID: KEY_IKE (0x1) Sep 21 07:33:40.019883: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Sep 21 07:33:40.019886: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Sep 21 07:33:40.019888: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:40.019891: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Sep 21 07:33:40.019892: | length/value: 1 (0x1) Sep 21 07:33:40.019894: | [1 is OAKLEY_LIFE_SECONDS] Sep 21 07:33:40.019895: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:40.019897: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Sep 21 07:33:40.019898: | length/value: 3600 (0xe10) Sep 21 07:33:40.019900: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:40.019901: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Sep 21 07:33:40.019903: | length/value: 5 (0x5) Sep 21 07:33:40.019904: | [5 is OAKLEY_3DES_CBC] Sep 21 07:33:40.019906: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:40.019907: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Sep 21 07:33:40.019909: | length/value: 6 (0x6) Sep 21 07:33:40.019910: | [6 is OAKLEY_SHA2_512] Sep 21 07:33:40.019912: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:40.019913: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Sep 21 07:33:40.019915: | length/value: 3 (0x3) Sep 21 07:33:40.019916: | [3 is OAKLEY_RSA_SIG] Sep 21 07:33:40.019918: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:40.019919: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Sep 21 07:33:40.019921: | length/value: 5 (0x5) Sep 21 07:33:40.019922: | [5 is OAKLEY_GROUP_MODP1536] Sep 21 07:33:40.019924: | emitting length of ISAKMP Transform Payload (ISAKMP): 32 Sep 21 07:33:40.019926: | *****emit ISAKMP Transform Payload (ISAKMP): Sep 21 07:33:40.019928: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:40.019930: | ISAKMP transform number: 17 (0x11) Sep 21 07:33:40.019931: | ISAKMP transform ID: KEY_IKE (0x1) Sep 21 07:33:40.019933: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Sep 21 07:33:40.019935: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Sep 21 07:33:40.019936: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:40.019938: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Sep 21 07:33:40.019939: | length/value: 1 (0x1) Sep 21 07:33:40.019941: | [1 is OAKLEY_LIFE_SECONDS] Sep 21 07:33:40.019942: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:40.019944: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Sep 21 07:33:40.019946: | length/value: 3600 (0xe10) Sep 21 07:33:40.019947: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:40.019949: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Sep 21 07:33:40.019950: | length/value: 5 (0x5) Sep 21 07:33:40.019952: | [5 is OAKLEY_3DES_CBC] Sep 21 07:33:40.019953: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:40.019955: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Sep 21 07:33:40.019956: | length/value: 2 (0x2) Sep 21 07:33:40.019958: | [2 is OAKLEY_SHA1] Sep 21 07:33:40.019960: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:40.019963: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Sep 21 07:33:40.019965: | length/value: 3 (0x3) Sep 21 07:33:40.019967: | [3 is OAKLEY_RSA_SIG] Sep 21 07:33:40.019969: | ******emit ISAKMP Oakley attribute: Sep 21 07:33:40.019971: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Sep 21 07:33:40.019972: | length/value: 5 (0x5) Sep 21 07:33:40.019974: | [5 is OAKLEY_GROUP_MODP1536] Sep 21 07:33:40.019975: | emitting length of ISAKMP Transform Payload (ISAKMP): 32 Sep 21 07:33:40.019977: | emitting length of ISAKMP Proposal Payload: 632 Sep 21 07:33:40.019979: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is 0 Sep 21 07:33:40.019980: | emitting length of ISAKMP Security Association Payload: 644 Sep 21 07:33:40.019982: | last substructure: checking 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' is 0 Sep 21 07:33:40.019985: | out_vid(): sending [FRAGMENTATION] Sep 21 07:33:40.019987: | ***emit ISAKMP Vendor ID Payload: Sep 21 07:33:40.019989: | next payload type: ISAKMP_NEXT_VID (0xd) Sep 21 07:33:40.019991: | next payload chain: ignoring supplied 'ISAKMP Vendor ID Payload'.'next payload type' value 13:ISAKMP_NEXT_VID Sep 21 07:33:40.019993: | next payload chain: setting previous 'ISAKMP Security Association Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) Sep 21 07:33:40.019994: | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' Sep 21 07:33:40.019997: | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload Sep 21 07:33:40.019998: | V_ID 40 48 b7 d5 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3 Sep 21 07:33:40.020000: | emitting length of ISAKMP Vendor ID Payload: 20 Sep 21 07:33:40.020002: | out_vid(): sending [Dead Peer Detection] Sep 21 07:33:40.020003: | ***emit ISAKMP Vendor ID Payload: Sep 21 07:33:40.020005: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:40.020007: | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) Sep 21 07:33:40.020008: | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' Sep 21 07:33:40.020010: | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload Sep 21 07:33:40.020012: | V_ID af ca d7 13 68 a1 f1 c9 6b 86 96 fc 77 57 01 00 Sep 21 07:33:40.020015: | emitting length of ISAKMP Vendor ID Payload: 20 Sep 21 07:33:40.020016: | nat add vid Sep 21 07:33:40.020018: | sending draft and RFC NATT VIDs Sep 21 07:33:40.020019: | out_vid(): sending [RFC 3947] Sep 21 07:33:40.020021: | ***emit ISAKMP Vendor ID Payload: Sep 21 07:33:40.020022: | next payload type: ISAKMP_NEXT_VID (0xd) Sep 21 07:33:40.020024: | next payload chain: ignoring supplied 'ISAKMP Vendor ID Payload'.'next payload type' value 13:ISAKMP_NEXT_VID Sep 21 07:33:40.020026: | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) Sep 21 07:33:40.020028: | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' Sep 21 07:33:40.020029: | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload Sep 21 07:33:40.020031: | V_ID 4a 13 1c 81 07 03 58 45 5c 57 28 f2 0e 95 45 2f Sep 21 07:33:40.020033: | emitting length of ISAKMP Vendor ID Payload: 20 Sep 21 07:33:40.020034: | skipping VID_NATT_RFC Sep 21 07:33:40.020037: | out_vid(): sending [draft-ietf-ipsec-nat-t-ike-03] Sep 21 07:33:40.020039: | ***emit ISAKMP Vendor ID Payload: Sep 21 07:33:40.020041: | next payload type: ISAKMP_NEXT_VID (0xd) Sep 21 07:33:40.020044: | next payload chain: ignoring supplied 'ISAKMP Vendor ID Payload'.'next payload type' value 13:ISAKMP_NEXT_VID Sep 21 07:33:40.020046: | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) Sep 21 07:33:40.020048: | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' Sep 21 07:33:40.020050: | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload Sep 21 07:33:40.020051: | V_ID 7d 94 19 a6 53 10 ca 6f 2c 17 9d 92 15 52 9d 56 Sep 21 07:33:40.020053: | emitting length of ISAKMP Vendor ID Payload: 20 Sep 21 07:33:40.020054: | out_vid(): sending [draft-ietf-ipsec-nat-t-ike-02_n] Sep 21 07:33:40.020056: | ***emit ISAKMP Vendor ID Payload: Sep 21 07:33:40.020057: | next payload type: ISAKMP_NEXT_VID (0xd) Sep 21 07:33:40.020059: | next payload chain: ignoring supplied 'ISAKMP Vendor ID Payload'.'next payload type' value 13:ISAKMP_NEXT_VID Sep 21 07:33:40.020061: | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) Sep 21 07:33:40.020063: | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' Sep 21 07:33:40.020065: | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload Sep 21 07:33:40.020066: | V_ID 90 cb 80 91 3e bb 69 6e 08 63 81 b5 ec 42 7b 1f Sep 21 07:33:40.020068: | emitting length of ISAKMP Vendor ID Payload: 20 Sep 21 07:33:40.020069: | out_vid(): sending [draft-ietf-ipsec-nat-t-ike-02] Sep 21 07:33:40.020071: | ***emit ISAKMP Vendor ID Payload: Sep 21 07:33:40.020072: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:40.020074: | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) Sep 21 07:33:40.020076: | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' Sep 21 07:33:40.020078: | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload Sep 21 07:33:40.020079: | V_ID cd 60 46 43 35 df 21 f8 7c fd b2 fc 68 b6 a4 48 Sep 21 07:33:40.020081: | emitting length of ISAKMP Vendor ID Payload: 20 Sep 21 07:33:40.020082: | no IKEv1 message padding required Sep 21 07:33:40.020084: | emitting length of ISAKMP Message: 792 Sep 21 07:33:40.020089: | sending 792 bytes for reply packet for main_outI1 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #3) Sep 21 07:33:40.020091: | 83 26 94 dc 76 34 ec a4 00 00 00 00 00 00 00 00 Sep 21 07:33:40.020092: | 01 10 02 00 00 00 00 00 00 00 03 18 0d 00 02 84 Sep 21 07:33:40.020094: | 00 00 00 01 00 00 00 01 00 00 02 78 00 01 00 12 Sep 21 07:33:40.020096: | 03 00 00 24 00 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:33:40.020098: | 80 01 00 07 80 02 00 04 80 03 00 03 80 04 00 0e Sep 21 07:33:40.020099: | 80 0e 01 00 03 00 00 24 01 01 00 00 80 0b 00 01 Sep 21 07:33:40.020101: | 80 0c 0e 10 80 01 00 07 80 02 00 04 80 03 00 03 Sep 21 07:33:40.020102: | 80 04 00 0e 80 0e 00 80 03 00 00 24 02 01 00 00 Sep 21 07:33:40.020104: | 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 06 Sep 21 07:33:40.020105: | 80 03 00 03 80 04 00 0e 80 0e 01 00 03 00 00 24 Sep 21 07:33:40.020106: | 03 01 00 00 80 0b 00 01 80 0c 0e 10 80 01 00 07 Sep 21 07:33:40.020108: | 80 02 00 06 80 03 00 03 80 04 00 0e 80 0e 00 80 Sep 21 07:33:40.020109: | 03 00 00 24 04 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:33:40.020111: | 80 01 00 07 80 02 00 02 80 03 00 03 80 04 00 0e Sep 21 07:33:40.020112: | 80 0e 01 00 03 00 00 24 05 01 00 00 80 0b 00 01 Sep 21 07:33:40.020114: | 80 0c 0e 10 80 01 00 07 80 02 00 02 80 03 00 03 Sep 21 07:33:40.020115: | 80 04 00 0e 80 0e 00 80 03 00 00 24 06 01 00 00 Sep 21 07:33:40.020116: | 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 04 Sep 21 07:33:40.020118: | 80 03 00 03 80 04 00 05 80 0e 01 00 03 00 00 24 Sep 21 07:33:40.020119: | 07 01 00 00 80 0b 00 01 80 0c 0e 10 80 01 00 07 Sep 21 07:33:40.020121: | 80 02 00 04 80 03 00 03 80 04 00 05 80 0e 00 80 Sep 21 07:33:40.020122: | 03 00 00 24 08 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:33:40.020124: | 80 01 00 07 80 02 00 06 80 03 00 03 80 04 00 05 Sep 21 07:33:40.020125: | 80 0e 01 00 03 00 00 24 09 01 00 00 80 0b 00 01 Sep 21 07:33:40.020128: | 80 0c 0e 10 80 01 00 07 80 02 00 06 80 03 00 03 Sep 21 07:33:40.020130: | 80 04 00 05 80 0e 00 80 03 00 00 24 0a 01 00 00 Sep 21 07:33:40.020132: | 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 02 Sep 21 07:33:40.020134: | 80 03 00 03 80 04 00 05 80 0e 01 00 03 00 00 24 Sep 21 07:33:40.020136: | 0b 01 00 00 80 0b 00 01 80 0c 0e 10 80 01 00 07 Sep 21 07:33:40.020138: | 80 02 00 02 80 03 00 03 80 04 00 05 80 0e 00 80 Sep 21 07:33:40.020140: | 03 00 00 20 0c 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:33:40.020142: | 80 01 00 05 80 02 00 04 80 03 00 03 80 04 00 0e Sep 21 07:33:40.020143: | 03 00 00 20 0d 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:33:40.020145: | 80 01 00 05 80 02 00 06 80 03 00 03 80 04 00 0e Sep 21 07:33:40.020146: | 03 00 00 20 0e 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:33:40.020147: | 80 01 00 05 80 02 00 02 80 03 00 03 80 04 00 0e Sep 21 07:33:40.020149: | 03 00 00 20 0f 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:33:40.020150: | 80 01 00 05 80 02 00 04 80 03 00 03 80 04 00 05 Sep 21 07:33:40.020152: | 03 00 00 20 10 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:33:40.020153: | 80 01 00 05 80 02 00 06 80 03 00 03 80 04 00 05 Sep 21 07:33:40.020155: | 00 00 00 20 11 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:33:40.020156: | 80 01 00 05 80 02 00 02 80 03 00 03 80 04 00 05 Sep 21 07:33:40.020157: | 0d 00 00 14 40 48 b7 d5 6e bc e8 85 25 e7 de 7f Sep 21 07:33:40.020159: | 00 d6 c2 d3 0d 00 00 14 af ca d7 13 68 a1 f1 c9 Sep 21 07:33:40.020160: | 6b 86 96 fc 77 57 01 00 0d 00 00 14 4a 13 1c 81 Sep 21 07:33:40.020162: | 07 03 58 45 5c 57 28 f2 0e 95 45 2f 0d 00 00 14 Sep 21 07:33:40.020163: | 7d 94 19 a6 53 10 ca 6f 2c 17 9d 92 15 52 9d 56 Sep 21 07:33:40.020164: | 0d 00 00 14 90 cb 80 91 3e bb 69 6e 08 63 81 b5 Sep 21 07:33:40.020166: | ec 42 7b 1f 00 00 00 14 cd 60 46 43 35 df 21 f8 Sep 21 07:33:40.020167: | 7c fd b2 fc 68 b6 a4 48 Sep 21 07:33:40.020175: ERROR: "northnet-eastnet-b" #3: sendto on eth1 to 192.1.2.23:500 failed in reply packet for main_outI1. Errno 113: No route to host Sep 21 07:33:40.020178: | event_schedule: new EVENT_RETRANSMIT-pe@0x55dbe1bf6680 Sep 21 07:33:40.020181: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #3 Sep 21 07:33:40.020184: | libevent_malloc: new ptr-libevent@0x55dbe1bf51f0 size 128 Sep 21 07:33:40.020189: | #3 STATE_MAIN_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 49866.388442 Sep 21 07:33:40.020195: | #3 spent 1.34 milliseconds in main_outI1() Sep 21 07:33:40.020199: | stop processing: state #3 connection "northnet-eastnet-b" from 192.1.2.23:500 (in main_outI1() at ikev1_main.c:228) Sep 21 07:33:40.020201: | resume processing: connection "northnet-eastnet-b" (in main_outI1() at ikev1_main.c:228) Sep 21 07:33:40.020204: | stop processing: connection "northnet-eastnet-b" (in initiate_a_connection() at initiate.c:349) Sep 21 07:33:40.020207: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:33:40.020211: | start processing: connection "north-a-dpd" (in initiate_a_connection() at initiate.c:186) Sep 21 07:33:40.020214: | empty esp_info, returning defaults for ENCRYPT Sep 21 07:33:40.020216: | connection 'north-a-dpd' +POLICY_UP Sep 21 07:33:40.020218: | dup_any(fd@-1) -> fd@-1 (in initiate_a_connection() at initiate.c:342) Sep 21 07:33:40.020220: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:33:40.020223: | Queuing pending IPsec SA negotiating with 192.1.2.23 "north-a-dpd" IKE SA #3 "northnet-eastnet-b" Sep 21 07:33:40.020226: | stop processing: connection "north-a-dpd" (in initiate_a_connection() at initiate.c:349) Sep 21 07:33:40.020228: | libevent_free: release ptr-libevent@0x55dbe1c02540 Sep 21 07:33:40.020231: | free_event_entry: release EVENT_DPD_TIMEOUT-pe@0x55dbe1bf5630 Sep 21 07:33:40.020233: | in statetime_stop() and could not find #1 Sep 21 07:33:40.020235: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Sep 21 07:33:40.020244: | processing signal PLUTO_SIGCHLD Sep 21 07:33:40.020248: | waitpid returned ECHILD (no child processes left) Sep 21 07:33:40.020251: | spent 0.00368 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:33:40.511811: | timer_event_cb: processing event@0x55dbe1bf6680 Sep 21 07:33:40.511823: | handling event EVENT_RETRANSMIT for parent state #3 Sep 21 07:33:40.511829: | start processing: state #3 connection "northnet-eastnet-b" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:33:40.511832: | IKEv1 retransmit event Sep 21 07:33:40.511848: | [RE]START processing: state #3 connection "northnet-eastnet-b" from 192.1.2.23:500 (in retransmit_v1_msg() at retry.c:61) Sep 21 07:33:40.511851: | handling event EVENT_RETRANSMIT for 192.1.2.23 "northnet-eastnet-b" #3 keying attempt 1 of 0; retransmit 1 Sep 21 07:33:40.511856: | retransmits: current time 49866.880118; retransmit count 0 exceeds limit? NO; deltatime 0.5 exceeds limit? NO; monotime 0.491676 exceeds limit? NO Sep 21 07:33:40.511858: | event_schedule: new EVENT_RETRANSMIT-pe@0x55dbe1bf5630 Sep 21 07:33:40.511861: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #3 Sep 21 07:33:40.511863: | libevent_malloc: new ptr-libevent@0x55dbe1c02540 size 128 Sep 21 07:33:40.511867: "northnet-eastnet-b" #3: STATE_MAIN_I1: retransmission; will wait 0.5 seconds for response Sep 21 07:33:40.511871: | sending 792 bytes for EVENT_RETRANSMIT through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #3) Sep 21 07:33:40.511873: | 83 26 94 dc 76 34 ec a4 00 00 00 00 00 00 00 00 Sep 21 07:33:40.511874: | 01 10 02 00 00 00 00 00 00 00 03 18 0d 00 02 84 Sep 21 07:33:40.511876: | 00 00 00 01 00 00 00 01 00 00 02 78 00 01 00 12 Sep 21 07:33:40.511877: | 03 00 00 24 00 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:33:40.511879: | 80 01 00 07 80 02 00 04 80 03 00 03 80 04 00 0e Sep 21 07:33:40.511880: | 80 0e 01 00 03 00 00 24 01 01 00 00 80 0b 00 01 Sep 21 07:33:40.511881: | 80 0c 0e 10 80 01 00 07 80 02 00 04 80 03 00 03 Sep 21 07:33:40.511883: | 80 04 00 0e 80 0e 00 80 03 00 00 24 02 01 00 00 Sep 21 07:33:40.511884: | 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 06 Sep 21 07:33:40.511885: | 80 03 00 03 80 04 00 0e 80 0e 01 00 03 00 00 24 Sep 21 07:33:40.511887: | 03 01 00 00 80 0b 00 01 80 0c 0e 10 80 01 00 07 Sep 21 07:33:40.511888: | 80 02 00 06 80 03 00 03 80 04 00 0e 80 0e 00 80 Sep 21 07:33:40.511895: | 03 00 00 24 04 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:33:40.511896: | 80 01 00 07 80 02 00 02 80 03 00 03 80 04 00 0e Sep 21 07:33:40.511898: | 80 0e 01 00 03 00 00 24 05 01 00 00 80 0b 00 01 Sep 21 07:33:40.511899: | 80 0c 0e 10 80 01 00 07 80 02 00 02 80 03 00 03 Sep 21 07:33:40.511900: | 80 04 00 0e 80 0e 00 80 03 00 00 24 06 01 00 00 Sep 21 07:33:40.511902: | 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 04 Sep 21 07:33:40.511903: | 80 03 00 03 80 04 00 05 80 0e 01 00 03 00 00 24 Sep 21 07:33:40.511904: | 07 01 00 00 80 0b 00 01 80 0c 0e 10 80 01 00 07 Sep 21 07:33:40.511906: | 80 02 00 04 80 03 00 03 80 04 00 05 80 0e 00 80 Sep 21 07:33:40.511907: | 03 00 00 24 08 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:33:40.511908: | 80 01 00 07 80 02 00 06 80 03 00 03 80 04 00 05 Sep 21 07:33:40.511910: | 80 0e 01 00 03 00 00 24 09 01 00 00 80 0b 00 01 Sep 21 07:33:40.511911: | 80 0c 0e 10 80 01 00 07 80 02 00 06 80 03 00 03 Sep 21 07:33:40.511912: | 80 04 00 05 80 0e 00 80 03 00 00 24 0a 01 00 00 Sep 21 07:33:40.511914: | 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 02 Sep 21 07:33:40.511915: | 80 03 00 03 80 04 00 05 80 0e 01 00 03 00 00 24 Sep 21 07:33:40.511917: | 0b 01 00 00 80 0b 00 01 80 0c 0e 10 80 01 00 07 Sep 21 07:33:40.511918: | 80 02 00 02 80 03 00 03 80 04 00 05 80 0e 00 80 Sep 21 07:33:40.511919: | 03 00 00 20 0c 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:33:40.511921: | 80 01 00 05 80 02 00 04 80 03 00 03 80 04 00 0e Sep 21 07:33:40.511922: | 03 00 00 20 0d 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:33:40.511923: | 80 01 00 05 80 02 00 06 80 03 00 03 80 04 00 0e Sep 21 07:33:40.511925: | 03 00 00 20 0e 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:33:40.511926: | 80 01 00 05 80 02 00 02 80 03 00 03 80 04 00 0e Sep 21 07:33:40.511928: | 03 00 00 20 0f 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:33:40.511929: | 80 01 00 05 80 02 00 04 80 03 00 03 80 04 00 05 Sep 21 07:33:40.511930: | 03 00 00 20 10 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:33:40.511932: | 80 01 00 05 80 02 00 06 80 03 00 03 80 04 00 05 Sep 21 07:33:40.511933: | 00 00 00 20 11 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:33:40.511934: | 80 01 00 05 80 02 00 02 80 03 00 03 80 04 00 05 Sep 21 07:33:40.511936: | 0d 00 00 14 40 48 b7 d5 6e bc e8 85 25 e7 de 7f Sep 21 07:33:40.511937: | 00 d6 c2 d3 0d 00 00 14 af ca d7 13 68 a1 f1 c9 Sep 21 07:33:40.511938: | 6b 86 96 fc 77 57 01 00 0d 00 00 14 4a 13 1c 81 Sep 21 07:33:40.511940: | 07 03 58 45 5c 57 28 f2 0e 95 45 2f 0d 00 00 14 Sep 21 07:33:40.511941: | 7d 94 19 a6 53 10 ca 6f 2c 17 9d 92 15 52 9d 56 Sep 21 07:33:40.511942: | 0d 00 00 14 90 cb 80 91 3e bb 69 6e 08 63 81 b5 Sep 21 07:33:40.511944: | ec 42 7b 1f 00 00 00 14 cd 60 46 43 35 df 21 f8 Sep 21 07:33:40.511960: | 7c fd b2 fc 68 b6 a4 48 Sep 21 07:33:40.511972: ERROR: "northnet-eastnet-b" #3: sendto on eth1 to 192.1.2.23:500 failed in EVENT_RETRANSMIT. Errno 113: No route to host Sep 21 07:33:40.511975: | libevent_free: release ptr-libevent@0x55dbe1bf51f0 Sep 21 07:33:40.511990: | free_event_entry: release EVENT_RETRANSMIT-pe@0x55dbe1bf6680 Sep 21 07:33:40.511995: | #3 spent 0.187 milliseconds in timer_event_cb() EVENT_RETRANSMIT Sep 21 07:33:40.512013: | stop processing: state #3 connection "northnet-eastnet-b" from 192.1.2.23:500 (in timer_event_cb() at timer.c:557) Sep 21 07:33:41.012535: | timer_event_cb: processing event@0x55dbe1bf5630 Sep 21 07:33:41.012549: | handling event EVENT_RETRANSMIT for parent state #3 Sep 21 07:33:41.012558: | start processing: state #3 connection "northnet-eastnet-b" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:33:41.012561: | IKEv1 retransmit event Sep 21 07:33:41.012566: | [RE]START processing: state #3 connection "northnet-eastnet-b" from 192.1.2.23:500 (in retransmit_v1_msg() at retry.c:61) Sep 21 07:33:41.012571: | handling event EVENT_RETRANSMIT for 192.1.2.23 "northnet-eastnet-b" #3 keying attempt 1 of 0; retransmit 2 Sep 21 07:33:41.012580: | retransmits: current time 49867.380841; retransmit count 1 exceeds limit? NO; deltatime 1 exceeds limit? NO; monotime 0.992399 exceeds limit? NO Sep 21 07:33:41.012584: | event_schedule: new EVENT_RETRANSMIT-pe@0x55dbe1bf6680 Sep 21 07:33:41.012588: | inserting event EVENT_RETRANSMIT, timeout in 1 seconds for #3 Sep 21 07:33:41.012591: | libevent_malloc: new ptr-libevent@0x55dbe1bf51f0 size 128 Sep 21 07:33:41.012596: "northnet-eastnet-b" #3: STATE_MAIN_I1: retransmission; will wait 1 seconds for response Sep 21 07:33:41.012603: | sending 792 bytes for EVENT_RETRANSMIT through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #3) Sep 21 07:33:41.012606: | 83 26 94 dc 76 34 ec a4 00 00 00 00 00 00 00 00 Sep 21 07:33:41.012608: | 01 10 02 00 00 00 00 00 00 00 03 18 0d 00 02 84 Sep 21 07:33:41.012610: | 00 00 00 01 00 00 00 01 00 00 02 78 00 01 00 12 Sep 21 07:33:41.012613: | 03 00 00 24 00 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:33:41.012615: | 80 01 00 07 80 02 00 04 80 03 00 03 80 04 00 0e Sep 21 07:33:41.012617: | 80 0e 01 00 03 00 00 24 01 01 00 00 80 0b 00 01 Sep 21 07:33:41.012620: | 80 0c 0e 10 80 01 00 07 80 02 00 04 80 03 00 03 Sep 21 07:33:41.012622: | 80 04 00 0e 80 0e 00 80 03 00 00 24 02 01 00 00 Sep 21 07:33:41.012624: | 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 06 Sep 21 07:33:41.012627: | 80 03 00 03 80 04 00 0e 80 0e 01 00 03 00 00 24 Sep 21 07:33:41.012629: | 03 01 00 00 80 0b 00 01 80 0c 0e 10 80 01 00 07 Sep 21 07:33:41.012631: | 80 02 00 06 80 03 00 03 80 04 00 0e 80 0e 00 80 Sep 21 07:33:41.012634: | 03 00 00 24 04 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:33:41.012636: | 80 01 00 07 80 02 00 02 80 03 00 03 80 04 00 0e Sep 21 07:33:41.012638: | 80 0e 01 00 03 00 00 24 05 01 00 00 80 0b 00 01 Sep 21 07:33:41.012641: | 80 0c 0e 10 80 01 00 07 80 02 00 02 80 03 00 03 Sep 21 07:33:41.012643: | 80 04 00 0e 80 0e 00 80 03 00 00 24 06 01 00 00 Sep 21 07:33:41.012645: | 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 04 Sep 21 07:33:41.012662: | 80 03 00 03 80 04 00 05 80 0e 01 00 03 00 00 24 Sep 21 07:33:41.012665: | 07 01 00 00 80 0b 00 01 80 0c 0e 10 80 01 00 07 Sep 21 07:33:41.012667: | 80 02 00 04 80 03 00 03 80 04 00 05 80 0e 00 80 Sep 21 07:33:41.012670: | 03 00 00 24 08 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:33:41.012672: | 80 01 00 07 80 02 00 06 80 03 00 03 80 04 00 05 Sep 21 07:33:41.012674: | 80 0e 01 00 03 00 00 24 09 01 00 00 80 0b 00 01 Sep 21 07:33:41.012676: | 80 0c 0e 10 80 01 00 07 80 02 00 06 80 03 00 03 Sep 21 07:33:41.012679: | 80 04 00 05 80 0e 00 80 03 00 00 24 0a 01 00 00 Sep 21 07:33:41.012681: | 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 02 Sep 21 07:33:41.012683: | 80 03 00 03 80 04 00 05 80 0e 01 00 03 00 00 24 Sep 21 07:33:41.012686: | 0b 01 00 00 80 0b 00 01 80 0c 0e 10 80 01 00 07 Sep 21 07:33:41.012688: | 80 02 00 02 80 03 00 03 80 04 00 05 80 0e 00 80 Sep 21 07:33:41.012690: | 03 00 00 20 0c 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:33:41.012693: | 80 01 00 05 80 02 00 04 80 03 00 03 80 04 00 0e Sep 21 07:33:41.012695: | 03 00 00 20 0d 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:33:41.012697: | 80 01 00 05 80 02 00 06 80 03 00 03 80 04 00 0e Sep 21 07:33:41.012699: | 03 00 00 20 0e 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:33:41.012702: | 80 01 00 05 80 02 00 02 80 03 00 03 80 04 00 0e Sep 21 07:33:41.012704: | 03 00 00 20 0f 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:33:41.012706: | 80 01 00 05 80 02 00 04 80 03 00 03 80 04 00 05 Sep 21 07:33:41.012708: | 03 00 00 20 10 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:33:41.012711: | 80 01 00 05 80 02 00 06 80 03 00 03 80 04 00 05 Sep 21 07:33:41.012713: | 00 00 00 20 11 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:33:41.012715: | 80 01 00 05 80 02 00 02 80 03 00 03 80 04 00 05 Sep 21 07:33:41.012717: | 0d 00 00 14 40 48 b7 d5 6e bc e8 85 25 e7 de 7f Sep 21 07:33:41.012722: | 00 d6 c2 d3 0d 00 00 14 af ca d7 13 68 a1 f1 c9 Sep 21 07:33:41.012724: | 6b 86 96 fc 77 57 01 00 0d 00 00 14 4a 13 1c 81 Sep 21 07:33:41.012726: | 07 03 58 45 5c 57 28 f2 0e 95 45 2f 0d 00 00 14 Sep 21 07:33:41.012729: | 7d 94 19 a6 53 10 ca 6f 2c 17 9d 92 15 52 9d 56 Sep 21 07:33:41.012731: | 0d 00 00 14 90 cb 80 91 3e bb 69 6e 08 63 81 b5 Sep 21 07:33:41.012733: | ec 42 7b 1f 00 00 00 14 cd 60 46 43 35 df 21 f8 Sep 21 07:33:41.012735: | 7c fd b2 fc 68 b6 a4 48 Sep 21 07:33:41.012748: ERROR: "northnet-eastnet-b" #3: sendto on eth1 to 192.1.2.23:500 failed in EVENT_RETRANSMIT. Errno 113: No route to host Sep 21 07:33:41.012752: | libevent_free: release ptr-libevent@0x55dbe1c02540 Sep 21 07:33:41.012756: | free_event_entry: release EVENT_RETRANSMIT-pe@0x55dbe1bf5630 Sep 21 07:33:41.012763: | #3 spent 0.229 milliseconds in timer_event_cb() EVENT_RETRANSMIT Sep 21 07:33:41.012767: | stop processing: state #3 connection "northnet-eastnet-b" from 192.1.2.23:500 (in timer_event_cb() at timer.c:557) Sep 21 07:33:42.012831: | timer_event_cb: processing event@0x55dbe1bf6680 Sep 21 07:33:42.012847: | handling event EVENT_RETRANSMIT for parent state #3 Sep 21 07:33:42.012854: | start processing: state #3 connection "northnet-eastnet-b" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:33:42.012858: | IKEv1 retransmit event Sep 21 07:33:42.012861: | [RE]START processing: state #3 connection "northnet-eastnet-b" from 192.1.2.23:500 (in retransmit_v1_msg() at retry.c:61) Sep 21 07:33:42.012865: | handling event EVENT_RETRANSMIT for 192.1.2.23 "northnet-eastnet-b" #3 keying attempt 1 of 0; retransmit 3 Sep 21 07:33:42.012870: | retransmits: current time 49868.381133; retransmit count 2 exceeds limit? NO; deltatime 2 exceeds limit? NO; monotime 1.992691 exceeds limit? NO Sep 21 07:33:42.012873: | event_schedule: new EVENT_RETRANSMIT-pe@0x55dbe1bf5630 Sep 21 07:33:42.012876: | inserting event EVENT_RETRANSMIT, timeout in 2 seconds for #3 Sep 21 07:33:42.012879: | libevent_malloc: new ptr-libevent@0x55dbe1c02540 size 128 Sep 21 07:33:42.012884: "northnet-eastnet-b" #3: STATE_MAIN_I1: retransmission; will wait 2 seconds for response Sep 21 07:33:42.012889: | sending 792 bytes for EVENT_RETRANSMIT through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #3) Sep 21 07:33:42.012891: | 83 26 94 dc 76 34 ec a4 00 00 00 00 00 00 00 00 Sep 21 07:33:42.012893: | 01 10 02 00 00 00 00 00 00 00 03 18 0d 00 02 84 Sep 21 07:33:42.012895: | 00 00 00 01 00 00 00 01 00 00 02 78 00 01 00 12 Sep 21 07:33:42.012896: | 03 00 00 24 00 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:33:42.012898: | 80 01 00 07 80 02 00 04 80 03 00 03 80 04 00 0e Sep 21 07:33:42.012900: | 80 0e 01 00 03 00 00 24 01 01 00 00 80 0b 00 01 Sep 21 07:33:42.012901: | 80 0c 0e 10 80 01 00 07 80 02 00 04 80 03 00 03 Sep 21 07:33:42.012903: | 80 04 00 0e 80 0e 00 80 03 00 00 24 02 01 00 00 Sep 21 07:33:42.012905: | 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 06 Sep 21 07:33:42.012907: | 80 03 00 03 80 04 00 0e 80 0e 01 00 03 00 00 24 Sep 21 07:33:42.012908: | 03 01 00 00 80 0b 00 01 80 0c 0e 10 80 01 00 07 Sep 21 07:33:42.012910: | 80 02 00 06 80 03 00 03 80 04 00 0e 80 0e 00 80 Sep 21 07:33:42.012912: | 03 00 00 24 04 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:33:42.012914: | 80 01 00 07 80 02 00 02 80 03 00 03 80 04 00 0e Sep 21 07:33:42.012915: | 80 0e 01 00 03 00 00 24 05 01 00 00 80 0b 00 01 Sep 21 07:33:42.012917: | 80 0c 0e 10 80 01 00 07 80 02 00 02 80 03 00 03 Sep 21 07:33:42.012919: | 80 04 00 0e 80 0e 00 80 03 00 00 24 06 01 00 00 Sep 21 07:33:42.012920: | 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 04 Sep 21 07:33:42.012922: | 80 03 00 03 80 04 00 05 80 0e 01 00 03 00 00 24 Sep 21 07:33:42.012924: | 07 01 00 00 80 0b 00 01 80 0c 0e 10 80 01 00 07 Sep 21 07:33:42.012926: | 80 02 00 04 80 03 00 03 80 04 00 05 80 0e 00 80 Sep 21 07:33:42.012927: | 03 00 00 24 08 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:33:42.012933: | 80 01 00 07 80 02 00 06 80 03 00 03 80 04 00 05 Sep 21 07:33:42.012934: | 80 0e 01 00 03 00 00 24 09 01 00 00 80 0b 00 01 Sep 21 07:33:42.012936: | 80 0c 0e 10 80 01 00 07 80 02 00 06 80 03 00 03 Sep 21 07:33:42.012938: | 80 04 00 05 80 0e 00 80 03 00 00 24 0a 01 00 00 Sep 21 07:33:42.012940: | 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 02 Sep 21 07:33:42.012941: | 80 03 00 03 80 04 00 05 80 0e 01 00 03 00 00 24 Sep 21 07:33:42.012943: | 0b 01 00 00 80 0b 00 01 80 0c 0e 10 80 01 00 07 Sep 21 07:33:42.012945: | 80 02 00 02 80 03 00 03 80 04 00 05 80 0e 00 80 Sep 21 07:33:42.012946: | 03 00 00 20 0c 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:33:42.012948: | 80 01 00 05 80 02 00 04 80 03 00 03 80 04 00 0e Sep 21 07:33:42.012950: | 03 00 00 20 0d 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:33:42.012952: | 80 01 00 05 80 02 00 06 80 03 00 03 80 04 00 0e Sep 21 07:33:42.012953: | 03 00 00 20 0e 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:33:42.012955: | 80 01 00 05 80 02 00 02 80 03 00 03 80 04 00 0e Sep 21 07:33:42.012957: | 03 00 00 20 0f 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:33:42.012958: | 80 01 00 05 80 02 00 04 80 03 00 03 80 04 00 05 Sep 21 07:33:42.012960: | 03 00 00 20 10 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:33:42.012962: | 80 01 00 05 80 02 00 06 80 03 00 03 80 04 00 05 Sep 21 07:33:42.012964: | 00 00 00 20 11 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:33:42.012965: | 80 01 00 05 80 02 00 02 80 03 00 03 80 04 00 05 Sep 21 07:33:42.012967: | 0d 00 00 14 40 48 b7 d5 6e bc e8 85 25 e7 de 7f Sep 21 07:33:42.012969: | 00 d6 c2 d3 0d 00 00 14 af ca d7 13 68 a1 f1 c9 Sep 21 07:33:42.012970: | 6b 86 96 fc 77 57 01 00 0d 00 00 14 4a 13 1c 81 Sep 21 07:33:42.012972: | 07 03 58 45 5c 57 28 f2 0e 95 45 2f 0d 00 00 14 Sep 21 07:33:42.012974: | 7d 94 19 a6 53 10 ca 6f 2c 17 9d 92 15 52 9d 56 Sep 21 07:33:42.012976: | 0d 00 00 14 90 cb 80 91 3e bb 69 6e 08 63 81 b5 Sep 21 07:33:42.012977: | ec 42 7b 1f 00 00 00 14 cd 60 46 43 35 df 21 f8 Sep 21 07:33:42.012979: | 7c fd b2 fc 68 b6 a4 48 Sep 21 07:33:42.012992: ERROR: "northnet-eastnet-b" #3: sendto on eth1 to 192.1.2.23:500 failed in EVENT_RETRANSMIT. Errno 113: No route to host Sep 21 07:33:42.012995: | libevent_free: release ptr-libevent@0x55dbe1bf51f0 Sep 21 07:33:42.012997: | free_event_entry: release EVENT_RETRANSMIT-pe@0x55dbe1bf6680 Sep 21 07:33:42.013004: | #3 spent 0.174 milliseconds in timer_event_cb() EVENT_RETRANSMIT Sep 21 07:33:42.013007: | stop processing: state #3 connection "northnet-eastnet-b" from 192.1.2.23:500 (in timer_event_cb() at timer.c:557) Sep 21 07:33:44.014841: | timer_event_cb: processing event@0x55dbe1bf5630 Sep 21 07:33:44.014861: | handling event EVENT_RETRANSMIT for parent state #3 Sep 21 07:33:44.014869: | start processing: state #3 connection "northnet-eastnet-b" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:33:44.014873: | IKEv1 retransmit event Sep 21 07:33:44.014877: | [RE]START processing: state #3 connection "northnet-eastnet-b" from 192.1.2.23:500 (in retransmit_v1_msg() at retry.c:61) Sep 21 07:33:44.014882: | handling event EVENT_RETRANSMIT for 192.1.2.23 "northnet-eastnet-b" #3 keying attempt 1 of 0; retransmit 4 Sep 21 07:33:44.014888: | retransmits: current time 49870.383149; retransmit count 3 exceeds limit? NO; deltatime 4 exceeds limit? NO; monotime 3.994707 exceeds limit? NO Sep 21 07:33:44.014891: | event_schedule: new EVENT_RETRANSMIT-pe@0x55dbe1bf6680 Sep 21 07:33:44.014895: | inserting event EVENT_RETRANSMIT, timeout in 4 seconds for #3 Sep 21 07:33:44.014898: | libevent_malloc: new ptr-libevent@0x55dbe1bf51f0 size 128 Sep 21 07:33:44.014902: "northnet-eastnet-b" #3: STATE_MAIN_I1: retransmission; will wait 4 seconds for response Sep 21 07:33:44.014908: | sending 792 bytes for EVENT_RETRANSMIT through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #3) Sep 21 07:33:44.014911: | 83 26 94 dc 76 34 ec a4 00 00 00 00 00 00 00 00 Sep 21 07:33:44.014917: | 01 10 02 00 00 00 00 00 00 00 03 18 0d 00 02 84 Sep 21 07:33:44.014920: | 00 00 00 01 00 00 00 01 00 00 02 78 00 01 00 12 Sep 21 07:33:44.014922: | 03 00 00 24 00 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:33:44.014923: | 80 01 00 07 80 02 00 04 80 03 00 03 80 04 00 0e Sep 21 07:33:44.014925: | 80 0e 01 00 03 00 00 24 01 01 00 00 80 0b 00 01 Sep 21 07:33:44.014927: | 80 0c 0e 10 80 01 00 07 80 02 00 04 80 03 00 03 Sep 21 07:33:44.014929: | 80 04 00 0e 80 0e 00 80 03 00 00 24 02 01 00 00 Sep 21 07:33:44.014931: | 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 06 Sep 21 07:33:44.014933: | 80 03 00 03 80 04 00 0e 80 0e 01 00 03 00 00 24 Sep 21 07:33:44.014935: | 03 01 00 00 80 0b 00 01 80 0c 0e 10 80 01 00 07 Sep 21 07:33:44.014937: | 80 02 00 06 80 03 00 03 80 04 00 0e 80 0e 00 80 Sep 21 07:33:44.014939: | 03 00 00 24 04 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:33:44.014941: | 80 01 00 07 80 02 00 02 80 03 00 03 80 04 00 0e Sep 21 07:33:44.014943: | 80 0e 01 00 03 00 00 24 05 01 00 00 80 0b 00 01 Sep 21 07:33:44.014945: | 80 0c 0e 10 80 01 00 07 80 02 00 02 80 03 00 03 Sep 21 07:33:44.014947: | 80 04 00 0e 80 0e 00 80 03 00 00 24 06 01 00 00 Sep 21 07:33:44.014949: | 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 04 Sep 21 07:33:44.014951: | 80 03 00 03 80 04 00 05 80 0e 01 00 03 00 00 24 Sep 21 07:33:44.014953: | 07 01 00 00 80 0b 00 01 80 0c 0e 10 80 01 00 07 Sep 21 07:33:44.014955: | 80 02 00 04 80 03 00 03 80 04 00 05 80 0e 00 80 Sep 21 07:33:44.014957: | 03 00 00 24 08 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:33:44.014959: | 80 01 00 07 80 02 00 06 80 03 00 03 80 04 00 05 Sep 21 07:33:44.014961: | 80 0e 01 00 03 00 00 24 09 01 00 00 80 0b 00 01 Sep 21 07:33:44.014963: | 80 0c 0e 10 80 01 00 07 80 02 00 06 80 03 00 03 Sep 21 07:33:44.014965: | 80 04 00 05 80 0e 00 80 03 00 00 24 0a 01 00 00 Sep 21 07:33:44.014967: | 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 02 Sep 21 07:33:44.014968: | 80 03 00 03 80 04 00 05 80 0e 01 00 03 00 00 24 Sep 21 07:33:44.014970: | 0b 01 00 00 80 0b 00 01 80 0c 0e 10 80 01 00 07 Sep 21 07:33:44.014972: | 80 02 00 02 80 03 00 03 80 04 00 05 80 0e 00 80 Sep 21 07:33:44.014974: | 03 00 00 20 0c 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:33:44.014976: | 80 01 00 05 80 02 00 04 80 03 00 03 80 04 00 0e Sep 21 07:33:44.014978: | 03 00 00 20 0d 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:33:44.014980: | 80 01 00 05 80 02 00 06 80 03 00 03 80 04 00 0e Sep 21 07:33:44.014982: | 03 00 00 20 0e 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:33:44.014984: | 80 01 00 05 80 02 00 02 80 03 00 03 80 04 00 0e Sep 21 07:33:44.014986: | 03 00 00 20 0f 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:33:44.014988: | 80 01 00 05 80 02 00 04 80 03 00 03 80 04 00 05 Sep 21 07:33:44.014990: | 03 00 00 20 10 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:33:44.014992: | 80 01 00 05 80 02 00 06 80 03 00 03 80 04 00 05 Sep 21 07:33:44.014994: | 00 00 00 20 11 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:33:44.014996: | 80 01 00 05 80 02 00 02 80 03 00 03 80 04 00 05 Sep 21 07:33:44.014998: | 0d 00 00 14 40 48 b7 d5 6e bc e8 85 25 e7 de 7f Sep 21 07:33:44.015000: | 00 d6 c2 d3 0d 00 00 14 af ca d7 13 68 a1 f1 c9 Sep 21 07:33:44.015002: | 6b 86 96 fc 77 57 01 00 0d 00 00 14 4a 13 1c 81 Sep 21 07:33:44.015004: | 07 03 58 45 5c 57 28 f2 0e 95 45 2f 0d 00 00 14 Sep 21 07:33:44.015006: | 7d 94 19 a6 53 10 ca 6f 2c 17 9d 92 15 52 9d 56 Sep 21 07:33:44.015008: | 0d 00 00 14 90 cb 80 91 3e bb 69 6e 08 63 81 b5 Sep 21 07:33:44.015010: | ec 42 7b 1f 00 00 00 14 cd 60 46 43 35 df 21 f8 Sep 21 07:33:44.015011: | 7c fd b2 fc 68 b6 a4 48 Sep 21 07:33:44.015026: ERROR: "northnet-eastnet-b" #3: sendto on eth1 to 192.1.2.23:500 failed in EVENT_RETRANSMIT. Errno 113: No route to host Sep 21 07:33:44.015029: | libevent_free: release ptr-libevent@0x55dbe1c02540 Sep 21 07:33:44.015034: | free_event_entry: release EVENT_RETRANSMIT-pe@0x55dbe1bf5630 Sep 21 07:33:44.015041: | #3 spent 0.201 milliseconds in timer_event_cb() EVENT_RETRANSMIT Sep 21 07:33:44.015045: | stop processing: state #3 connection "northnet-eastnet-b" from 192.1.2.23:500 (in timer_event_cb() at timer.c:557) Sep 21 07:33:46.586816: | processing global timer EVENT_SHUNT_SCAN Sep 21 07:33:46.586846: | expiring aged bare shunts from shunt table Sep 21 07:33:46.586852: | spent 0.00417 milliseconds in global timer EVENT_SHUNT_SCAN Sep 21 07:33:46.979150: | spent 0.00277 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:33:46.979167: | NAT-T keep-alive (bogus ?) should not reach this point. Ignored. Sender: 192.1.2.23:500 Sep 21 07:33:46.979171: | spent 0.00936 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:33:46.981447: | processing global timer EVENT_NAT_T_KEEPALIVE Sep 21 07:33:46.981474: | FOR_EACH_STATE_... in nat_traversal_ka_event (for_each_state) Sep 21 07:33:46.981481: | start processing: state #3 connection "northnet-eastnet-b" from 192.1.2.23:500 (in for_each_state() at state.c:1572) Sep 21 07:33:46.981483: | not behind NAT: no NAT-T KEEP-ALIVE required for conn northnet-eastnet-b Sep 21 07:33:46.981486: | stop processing: state #3 connection "northnet-eastnet-b" from 192.1.2.23:500 (in for_each_state() at state.c:1574) Sep 21 07:33:46.981491: | spent 0.0168 milliseconds in global timer EVENT_NAT_T_KEEPALIVE Sep 21 07:33:48.016811: | timer_event_cb: processing event@0x55dbe1bf6680 Sep 21 07:33:48.016830: | handling event EVENT_RETRANSMIT for parent state #3 Sep 21 07:33:48.016839: | start processing: state #3 connection "northnet-eastnet-b" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:33:48.016844: | IKEv1 retransmit event Sep 21 07:33:48.016850: | [RE]START processing: state #3 connection "northnet-eastnet-b" from 192.1.2.23:500 (in retransmit_v1_msg() at retry.c:61) Sep 21 07:33:48.016856: | handling event EVENT_RETRANSMIT for 192.1.2.23 "northnet-eastnet-b" #3 keying attempt 1 of 0; retransmit 5 Sep 21 07:33:48.016864: | retransmits: current time 49874.385124; retransmit count 4 exceeds limit? NO; deltatime 8 exceeds limit? NO; monotime 7.996682 exceeds limit? NO Sep 21 07:33:48.016868: | event_schedule: new EVENT_RETRANSMIT-pe@0x55dbe1bf5630 Sep 21 07:33:48.016872: | inserting event EVENT_RETRANSMIT, timeout in 8 seconds for #3 Sep 21 07:33:48.016877: | libevent_malloc: new ptr-libevent@0x55dbe1c02540 size 128 Sep 21 07:33:48.016882: "northnet-eastnet-b" #3: STATE_MAIN_I1: retransmission; will wait 8 seconds for response Sep 21 07:33:48.016890: | sending 792 bytes for EVENT_RETRANSMIT through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #3) Sep 21 07:33:48.016893: | 83 26 94 dc 76 34 ec a4 00 00 00 00 00 00 00 00 Sep 21 07:33:48.016896: | 01 10 02 00 00 00 00 00 00 00 03 18 0d 00 02 84 Sep 21 07:33:48.016899: | 00 00 00 01 00 00 00 01 00 00 02 78 00 01 00 12 Sep 21 07:33:48.016902: | 03 00 00 24 00 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:33:48.016904: | 80 01 00 07 80 02 00 04 80 03 00 03 80 04 00 0e Sep 21 07:33:48.016907: | 80 0e 01 00 03 00 00 24 01 01 00 00 80 0b 00 01 Sep 21 07:33:48.016910: | 80 0c 0e 10 80 01 00 07 80 02 00 04 80 03 00 03 Sep 21 07:33:48.016913: | 80 04 00 0e 80 0e 00 80 03 00 00 24 02 01 00 00 Sep 21 07:33:48.016916: | 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 06 Sep 21 07:33:48.016918: | 80 03 00 03 80 04 00 0e 80 0e 01 00 03 00 00 24 Sep 21 07:33:48.016921: | 03 01 00 00 80 0b 00 01 80 0c 0e 10 80 01 00 07 Sep 21 07:33:48.016924: | 80 02 00 06 80 03 00 03 80 04 00 0e 80 0e 00 80 Sep 21 07:33:48.016927: | 03 00 00 24 04 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:33:48.016929: | 80 01 00 07 80 02 00 02 80 03 00 03 80 04 00 0e Sep 21 07:33:48.016932: | 80 0e 01 00 03 00 00 24 05 01 00 00 80 0b 00 01 Sep 21 07:33:48.016935: | 80 0c 0e 10 80 01 00 07 80 02 00 02 80 03 00 03 Sep 21 07:33:48.016938: | 80 04 00 0e 80 0e 00 80 03 00 00 24 06 01 00 00 Sep 21 07:33:48.016944: | 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 04 Sep 21 07:33:48.016947: | 80 03 00 03 80 04 00 05 80 0e 01 00 03 00 00 24 Sep 21 07:33:48.016950: | 07 01 00 00 80 0b 00 01 80 0c 0e 10 80 01 00 07 Sep 21 07:33:48.016953: | 80 02 00 04 80 03 00 03 80 04 00 05 80 0e 00 80 Sep 21 07:33:48.016955: | 03 00 00 24 08 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:33:48.016958: | 80 01 00 07 80 02 00 06 80 03 00 03 80 04 00 05 Sep 21 07:33:48.016961: | 80 0e 01 00 03 00 00 24 09 01 00 00 80 0b 00 01 Sep 21 07:33:48.016964: | 80 0c 0e 10 80 01 00 07 80 02 00 06 80 03 00 03 Sep 21 07:33:48.016966: | 80 04 00 05 80 0e 00 80 03 00 00 24 0a 01 00 00 Sep 21 07:33:48.016969: | 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 02 Sep 21 07:33:48.016972: | 80 03 00 03 80 04 00 05 80 0e 01 00 03 00 00 24 Sep 21 07:33:48.016975: | 0b 01 00 00 80 0b 00 01 80 0c 0e 10 80 01 00 07 Sep 21 07:33:48.016977: | 80 02 00 02 80 03 00 03 80 04 00 05 80 0e 00 80 Sep 21 07:33:48.016980: | 03 00 00 20 0c 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:33:48.016983: | 80 01 00 05 80 02 00 04 80 03 00 03 80 04 00 0e Sep 21 07:33:48.016986: | 03 00 00 20 0d 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:33:48.016988: | 80 01 00 05 80 02 00 06 80 03 00 03 80 04 00 0e Sep 21 07:33:48.016991: | 03 00 00 20 0e 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:33:48.016994: | 80 01 00 05 80 02 00 02 80 03 00 03 80 04 00 0e Sep 21 07:33:48.016997: | 03 00 00 20 0f 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:33:48.016999: | 80 01 00 05 80 02 00 04 80 03 00 03 80 04 00 05 Sep 21 07:33:48.017002: | 03 00 00 20 10 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:33:48.017005: | 80 01 00 05 80 02 00 06 80 03 00 03 80 04 00 05 Sep 21 07:33:48.017008: | 00 00 00 20 11 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:33:48.017010: | 80 01 00 05 80 02 00 02 80 03 00 03 80 04 00 05 Sep 21 07:33:48.017013: | 0d 00 00 14 40 48 b7 d5 6e bc e8 85 25 e7 de 7f Sep 21 07:33:48.017016: | 00 d6 c2 d3 0d 00 00 14 af ca d7 13 68 a1 f1 c9 Sep 21 07:33:48.017019: | 6b 86 96 fc 77 57 01 00 0d 00 00 14 4a 13 1c 81 Sep 21 07:33:48.017021: | 07 03 58 45 5c 57 28 f2 0e 95 45 2f 0d 00 00 14 Sep 21 07:33:48.017024: | 7d 94 19 a6 53 10 ca 6f 2c 17 9d 92 15 52 9d 56 Sep 21 07:33:48.017027: | 0d 00 00 14 90 cb 80 91 3e bb 69 6e 08 63 81 b5 Sep 21 07:33:48.017030: | ec 42 7b 1f 00 00 00 14 cd 60 46 43 35 df 21 f8 Sep 21 07:33:48.017032: | 7c fd b2 fc 68 b6 a4 48 Sep 21 07:33:48.017049: ERROR: "northnet-eastnet-b" #3: sendto on eth1 to 192.1.2.23:500 failed in EVENT_RETRANSMIT. Errno 113: No route to host Sep 21 07:33:48.017054: | libevent_free: release ptr-libevent@0x55dbe1bf51f0 Sep 21 07:33:48.017057: | free_event_entry: release EVENT_RETRANSMIT-pe@0x55dbe1bf6680 Sep 21 07:33:48.017065: | #3 spent 0.256 milliseconds in timer_event_cb() EVENT_RETRANSMIT Sep 21 07:33:48.017071: | stop processing: state #3 connection "northnet-eastnet-b" from 192.1.2.23:500 (in timer_event_cb() at timer.c:557) Sep 21 07:33:56.024846: | timer_event_cb: processing event@0x55dbe1bf5630 Sep 21 07:33:56.024872: | handling event EVENT_RETRANSMIT for parent state #3 Sep 21 07:33:56.024878: | start processing: state #3 connection "northnet-eastnet-b" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:33:56.024881: | IKEv1 retransmit event Sep 21 07:33:56.024884: | [RE]START processing: state #3 connection "northnet-eastnet-b" from 192.1.2.23:500 (in retransmit_v1_msg() at retry.c:61) Sep 21 07:33:56.024887: | handling event EVENT_RETRANSMIT for 192.1.2.23 "northnet-eastnet-b" #3 keying attempt 1 of 0; retransmit 6 Sep 21 07:33:56.024891: | retransmits: current time 49882.393154; retransmit count 5 exceeds limit? NO; deltatime 16 exceeds limit? NO; monotime 16.004712 exceeds limit? NO Sep 21 07:33:56.024894: | event_schedule: new EVENT_RETRANSMIT-pe@0x55dbe1bf6680 Sep 21 07:33:56.024896: | inserting event EVENT_RETRANSMIT, timeout in 16 seconds for #3 Sep 21 07:33:56.024903: | libevent_malloc: new ptr-libevent@0x55dbe1bf51f0 size 128 Sep 21 07:33:56.024906: "northnet-eastnet-b" #3: STATE_MAIN_I1: retransmission; will wait 16 seconds for response Sep 21 07:33:56.024910: | sending 792 bytes for EVENT_RETRANSMIT through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #3) Sep 21 07:33:56.024912: | 83 26 94 dc 76 34 ec a4 00 00 00 00 00 00 00 00 Sep 21 07:33:56.024914: | 01 10 02 00 00 00 00 00 00 00 03 18 0d 00 02 84 Sep 21 07:33:56.024915: | 00 00 00 01 00 00 00 01 00 00 02 78 00 01 00 12 Sep 21 07:33:56.024916: | 03 00 00 24 00 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:33:56.024918: | 80 01 00 07 80 02 00 04 80 03 00 03 80 04 00 0e Sep 21 07:33:56.024919: | 80 0e 01 00 03 00 00 24 01 01 00 00 80 0b 00 01 Sep 21 07:33:56.024920: | 80 0c 0e 10 80 01 00 07 80 02 00 04 80 03 00 03 Sep 21 07:33:56.024922: | 80 04 00 0e 80 0e 00 80 03 00 00 24 02 01 00 00 Sep 21 07:33:56.024923: | 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 06 Sep 21 07:33:56.024925: | 80 03 00 03 80 04 00 0e 80 0e 01 00 03 00 00 24 Sep 21 07:33:56.024926: | 03 01 00 00 80 0b 00 01 80 0c 0e 10 80 01 00 07 Sep 21 07:33:56.024927: | 80 02 00 06 80 03 00 03 80 04 00 0e 80 0e 00 80 Sep 21 07:33:56.024929: | 03 00 00 24 04 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:33:56.024930: | 80 01 00 07 80 02 00 02 80 03 00 03 80 04 00 0e Sep 21 07:33:56.024931: | 80 0e 01 00 03 00 00 24 05 01 00 00 80 0b 00 01 Sep 21 07:33:56.024933: | 80 0c 0e 10 80 01 00 07 80 02 00 02 80 03 00 03 Sep 21 07:33:56.024934: | 80 04 00 0e 80 0e 00 80 03 00 00 24 06 01 00 00 Sep 21 07:33:56.024936: | 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 04 Sep 21 07:33:56.024937: | 80 03 00 03 80 04 00 05 80 0e 01 00 03 00 00 24 Sep 21 07:33:56.024938: | 07 01 00 00 80 0b 00 01 80 0c 0e 10 80 01 00 07 Sep 21 07:33:56.024940: | 80 02 00 04 80 03 00 03 80 04 00 05 80 0e 00 80 Sep 21 07:33:56.024941: | 03 00 00 24 08 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:33:56.024942: | 80 01 00 07 80 02 00 06 80 03 00 03 80 04 00 05 Sep 21 07:33:56.024944: | 80 0e 01 00 03 00 00 24 09 01 00 00 80 0b 00 01 Sep 21 07:33:56.024945: | 80 0c 0e 10 80 01 00 07 80 02 00 06 80 03 00 03 Sep 21 07:33:56.024946: | 80 04 00 05 80 0e 00 80 03 00 00 24 0a 01 00 00 Sep 21 07:33:56.024948: | 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 02 Sep 21 07:33:56.024949: | 80 03 00 03 80 04 00 05 80 0e 01 00 03 00 00 24 Sep 21 07:33:56.024951: | 0b 01 00 00 80 0b 00 01 80 0c 0e 10 80 01 00 07 Sep 21 07:33:56.024952: | 80 02 00 02 80 03 00 03 80 04 00 05 80 0e 00 80 Sep 21 07:33:56.024953: | 03 00 00 20 0c 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:33:56.024955: | 80 01 00 05 80 02 00 04 80 03 00 03 80 04 00 0e Sep 21 07:33:56.024956: | 03 00 00 20 0d 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:33:56.024957: | 80 01 00 05 80 02 00 06 80 03 00 03 80 04 00 0e Sep 21 07:33:56.024959: | 03 00 00 20 0e 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:33:56.024960: | 80 01 00 05 80 02 00 02 80 03 00 03 80 04 00 0e Sep 21 07:33:56.024962: | 03 00 00 20 0f 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:33:56.024963: | 80 01 00 05 80 02 00 04 80 03 00 03 80 04 00 05 Sep 21 07:33:56.024964: | 03 00 00 20 10 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:33:56.024966: | 80 01 00 05 80 02 00 06 80 03 00 03 80 04 00 05 Sep 21 07:33:56.024967: | 00 00 00 20 11 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:33:56.024968: | 80 01 00 05 80 02 00 02 80 03 00 03 80 04 00 05 Sep 21 07:33:56.024970: | 0d 00 00 14 40 48 b7 d5 6e bc e8 85 25 e7 de 7f Sep 21 07:33:56.024971: | 00 d6 c2 d3 0d 00 00 14 af ca d7 13 68 a1 f1 c9 Sep 21 07:33:56.024972: | 6b 86 96 fc 77 57 01 00 0d 00 00 14 4a 13 1c 81 Sep 21 07:33:56.024974: | 07 03 58 45 5c 57 28 f2 0e 95 45 2f 0d 00 00 14 Sep 21 07:33:56.024975: | 7d 94 19 a6 53 10 ca 6f 2c 17 9d 92 15 52 9d 56 Sep 21 07:33:56.024977: | 0d 00 00 14 90 cb 80 91 3e bb 69 6e 08 63 81 b5 Sep 21 07:33:56.024979: | ec 42 7b 1f 00 00 00 14 cd 60 46 43 35 df 21 f8 Sep 21 07:33:56.024980: | 7c fd b2 fc 68 b6 a4 48 Sep 21 07:33:56.024991: ERROR: "northnet-eastnet-b" #3: sendto on eth1 to 192.1.2.23:500 failed in EVENT_RETRANSMIT. Errno 113: No route to host Sep 21 07:33:56.024994: | libevent_free: release ptr-libevent@0x55dbe1c02540 Sep 21 07:33:56.024996: | free_event_entry: release EVENT_RETRANSMIT-pe@0x55dbe1bf5630 Sep 21 07:33:56.025000: | #3 spent 0.157 milliseconds in timer_event_cb() EVENT_RETRANSMIT Sep 21 07:33:56.025003: | stop processing: state #3 connection "northnet-eastnet-b" from 192.1.2.23:500 (in timer_event_cb() at timer.c:557) Sep 21 07:34:06.586856: | processing global timer EVENT_SHUNT_SCAN Sep 21 07:34:06.586923: | expiring aged bare shunts from shunt table Sep 21 07:34:06.586945: | spent 0.0182 milliseconds in global timer EVENT_SHUNT_SCAN Sep 21 07:34:06.981827: | spent 0.00307 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:34:06.981845: | NAT-T keep-alive (bogus ?) should not reach this point. Ignored. Sender: 192.1.2.23:500 Sep 21 07:34:06.981848: | spent 0.00954 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:34:09.631316: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:34:09.631578: | FOR_EACH_CONNECTION_... in show_connections_status Sep 21 07:34:09.631583: | FOR_EACH_CONNECTION_... in show_connections_status Sep 21 07:34:09.631759: | FOR_EACH_STATE_... in show_states_status (sort_states) Sep 21 07:34:09.631762: | FOR_EACH_STATE_... in sort_states Sep 21 07:34:09.631786: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:34:09.631796: | spent 0.485 milliseconds in whack Sep 21 07:34:09.683780: | kernel_process_msg_cb process netlink message Sep 21 07:34:09.683802: | netlink_get: XFRM_MSG_UPDPOLICY message Sep 21 07:34:09.683809: | spent 0.00911 milliseconds in kernel message Sep 21 07:34:10.859670: | kernel_process_msg_cb process netlink message Sep 21 07:34:10.859687: | netlink_get: XFRM_MSG_ACQUIRE message Sep 21 07:34:10.859689: | xfrm netlink msg len 376 Sep 21 07:34:10.859691: | xfrm acquire rtattribute type 5 Sep 21 07:34:10.859693: | xfrm acquire rtattribute type 16 Sep 21 07:34:10.859703: | add bare shunt 0x55dbe1c03de0 192.0.3.254/32:8 --1--> 192.0.22.254/32:0 => %hold 0 %acquire-netlink Sep 21 07:34:10.859707: initiate on demand from 192.0.3.254:8 to 192.0.22.254:0 proto=1 because: acquire Sep 21 07:34:10.859711: | find_connection: looking for policy for connection: 192.0.3.254:1/8 -> 192.0.22.254:1/0 Sep 21 07:34:10.859712: | FOR_EACH_CONNECTION_... in find_connection_for_clients Sep 21 07:34:10.859716: | find_connection: conn "north-a-dpd" has compatible peers: 192.0.3.0/24:0 -> 192.0.22.0/24:0 [pri: 25214986] Sep 21 07:34:10.859718: | find_connection: first OK "north-a-dpd" [pri:25214986]{0x55dbe1bf1290} (child none) Sep 21 07:34:10.859721: | find_connection: concluding with "north-a-dpd" [pri:25214986]{0x55dbe1bf1290} kind=CK_PERMANENT Sep 21 07:34:10.859723: | assign hold, routing was prospective erouted, needs to be erouted HOLD Sep 21 07:34:10.859724: | assign_holdpass() need broad(er) shunt Sep 21 07:34:10.859726: | priority calculation of connection "north-a-dpd" is 0xfe7e7 Sep 21 07:34:10.859730: | eroute_connection replace %trap with broad %pass or %hold eroute 192.0.3.0/24:0 --0-> 192.0.22.0/24:0 => %hold>%hold (raw_eroute) Sep 21 07:34:10.859732: | netlink_raw_eroute: SPI_HOLD implemented as no-op Sep 21 07:34:10.859734: | raw_eroute result=success Sep 21 07:34:10.859735: | assign_holdpass() eroute_connection() done Sep 21 07:34:10.859737: | fiddle_bare_shunt called Sep 21 07:34:10.859738: | fiddle_bare_shunt with transport_proto 1 Sep 21 07:34:10.859740: | removing specific host-to-host bare shunt Sep 21 07:34:10.859743: | delete narrow %hold eroute 192.0.3.254/32:8 --1-> 192.0.22.254/32:0 => %hold (raw_eroute) Sep 21 07:34:10.859744: | netlink_raw_eroute: SPI_PASS Sep 21 07:34:10.859761: | raw_eroute result=success Sep 21 07:34:10.859764: | raw_eroute with op='delete' for transport_proto='1' kernel shunt succeeded, bare shunt lookup succeeded Sep 21 07:34:10.859767: | delete bare shunt 0x55dbe1c03de0 192.0.3.254/32:8 --1--> 192.0.22.254/32:0 => %hold 0 %acquire-netlink Sep 21 07:34:10.859769: assign_holdpass() delete_bare_shunt() failed Sep 21 07:34:10.859770: initiate_ondemand_body() failed to install negotiation_shunt, Sep 21 07:34:10.859772: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:34:10.859775: | Ignored already queued up pending IPsec SA negotiation with 192.1.2.23 "north-a-dpd" Sep 21 07:34:10.859778: | initiate on demand using RSASIG from 192.0.3.254 to 192.0.22.254 Sep 21 07:34:10.859787: | spent 0.0982 milliseconds in kernel message Sep 21 07:34:12.027841: | timer_event_cb: processing event@0x55dbe1bf6680 Sep 21 07:34:12.027853: | handling event EVENT_RETRANSMIT for parent state #3 Sep 21 07:34:12.027860: | start processing: state #3 connection "northnet-eastnet-b" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:34:12.027863: | IKEv1 retransmit event Sep 21 07:34:12.027866: | [RE]START processing: state #3 connection "northnet-eastnet-b" from 192.1.2.23:500 (in retransmit_v1_msg() at retry.c:61) Sep 21 07:34:12.027869: | handling event EVENT_RETRANSMIT for 192.1.2.23 "northnet-eastnet-b" #3 keying attempt 1 of 0; retransmit 7 Sep 21 07:34:12.027874: | retransmits: current time 49898.396137; retransmit count 6 exceeds limit? NO; deltatime 32 exceeds limit? NO; monotime 32.007695 exceeds limit? NO Sep 21 07:34:12.027877: | event_schedule: new EVENT_RETRANSMIT-pe@0x55dbe1bf5630 Sep 21 07:34:12.027879: | inserting event EVENT_RETRANSMIT, timeout in 32 seconds for #3 Sep 21 07:34:12.027882: | libevent_malloc: new ptr-libevent@0x55dbe1c02540 size 128 Sep 21 07:34:12.027885: "northnet-eastnet-b" #3: STATE_MAIN_I1: retransmission; will wait 32 seconds for response Sep 21 07:34:12.027890: | sending 792 bytes for EVENT_RETRANSMIT through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #3) Sep 21 07:34:12.027892: | 83 26 94 dc 76 34 ec a4 00 00 00 00 00 00 00 00 Sep 21 07:34:12.027894: | 01 10 02 00 00 00 00 00 00 00 03 18 0d 00 02 84 Sep 21 07:34:12.027895: | 00 00 00 01 00 00 00 01 00 00 02 78 00 01 00 12 Sep 21 07:34:12.027897: | 03 00 00 24 00 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:34:12.027898: | 80 01 00 07 80 02 00 04 80 03 00 03 80 04 00 0e Sep 21 07:34:12.027900: | 80 0e 01 00 03 00 00 24 01 01 00 00 80 0b 00 01 Sep 21 07:34:12.027901: | 80 0c 0e 10 80 01 00 07 80 02 00 04 80 03 00 03 Sep 21 07:34:12.027903: | 80 04 00 0e 80 0e 00 80 03 00 00 24 02 01 00 00 Sep 21 07:34:12.027904: | 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 06 Sep 21 07:34:12.027906: | 80 03 00 03 80 04 00 0e 80 0e 01 00 03 00 00 24 Sep 21 07:34:12.027907: | 03 01 00 00 80 0b 00 01 80 0c 0e 10 80 01 00 07 Sep 21 07:34:12.027909: | 80 02 00 06 80 03 00 03 80 04 00 0e 80 0e 00 80 Sep 21 07:34:12.027910: | 03 00 00 24 04 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:34:12.027912: | 80 01 00 07 80 02 00 02 80 03 00 03 80 04 00 0e Sep 21 07:34:12.027913: | 80 0e 01 00 03 00 00 24 05 01 00 00 80 0b 00 01 Sep 21 07:34:12.027915: | 80 0c 0e 10 80 01 00 07 80 02 00 02 80 03 00 03 Sep 21 07:34:12.027916: | 80 04 00 0e 80 0e 00 80 03 00 00 24 06 01 00 00 Sep 21 07:34:12.027918: | 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 04 Sep 21 07:34:12.027919: | 80 03 00 03 80 04 00 05 80 0e 01 00 03 00 00 24 Sep 21 07:34:12.027921: | 07 01 00 00 80 0b 00 01 80 0c 0e 10 80 01 00 07 Sep 21 07:34:12.027922: | 80 02 00 04 80 03 00 03 80 04 00 05 80 0e 00 80 Sep 21 07:34:12.027923: | 03 00 00 24 08 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:34:12.027925: | 80 01 00 07 80 02 00 06 80 03 00 03 80 04 00 05 Sep 21 07:34:12.027926: | 80 0e 01 00 03 00 00 24 09 01 00 00 80 0b 00 01 Sep 21 07:34:12.027928: | 80 0c 0e 10 80 01 00 07 80 02 00 06 80 03 00 03 Sep 21 07:34:12.027932: | 80 04 00 05 80 0e 00 80 03 00 00 24 0a 01 00 00 Sep 21 07:34:12.027934: | 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 02 Sep 21 07:34:12.027936: | 80 03 00 03 80 04 00 05 80 0e 01 00 03 00 00 24 Sep 21 07:34:12.027937: | 0b 01 00 00 80 0b 00 01 80 0c 0e 10 80 01 00 07 Sep 21 07:34:12.027939: | 80 02 00 02 80 03 00 03 80 04 00 05 80 0e 00 80 Sep 21 07:34:12.027940: | 03 00 00 20 0c 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:34:12.027941: | 80 01 00 05 80 02 00 04 80 03 00 03 80 04 00 0e Sep 21 07:34:12.027943: | 03 00 00 20 0d 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:34:12.027944: | 80 01 00 05 80 02 00 06 80 03 00 03 80 04 00 0e Sep 21 07:34:12.027946: | 03 00 00 20 0e 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:34:12.027947: | 80 01 00 05 80 02 00 02 80 03 00 03 80 04 00 0e Sep 21 07:34:12.027949: | 03 00 00 20 0f 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:34:12.027950: | 80 01 00 05 80 02 00 04 80 03 00 03 80 04 00 05 Sep 21 07:34:12.027952: | 03 00 00 20 10 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:34:12.027953: | 80 01 00 05 80 02 00 06 80 03 00 03 80 04 00 05 Sep 21 07:34:12.027955: | 00 00 00 20 11 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:34:12.027956: | 80 01 00 05 80 02 00 02 80 03 00 03 80 04 00 05 Sep 21 07:34:12.027958: | 0d 00 00 14 40 48 b7 d5 6e bc e8 85 25 e7 de 7f Sep 21 07:34:12.027959: | 00 d6 c2 d3 0d 00 00 14 af ca d7 13 68 a1 f1 c9 Sep 21 07:34:12.027961: | 6b 86 96 fc 77 57 01 00 0d 00 00 14 4a 13 1c 81 Sep 21 07:34:12.027962: | 07 03 58 45 5c 57 28 f2 0e 95 45 2f 0d 00 00 14 Sep 21 07:34:12.027964: | 7d 94 19 a6 53 10 ca 6f 2c 17 9d 92 15 52 9d 56 Sep 21 07:34:12.027965: | 0d 00 00 14 90 cb 80 91 3e bb 69 6e 08 63 81 b5 Sep 21 07:34:12.027967: | ec 42 7b 1f 00 00 00 14 cd 60 46 43 35 df 21 f8 Sep 21 07:34:12.027968: | 7c fd b2 fc 68 b6 a4 48 Sep 21 07:34:12.028014: | libevent_free: release ptr-libevent@0x55dbe1bf51f0 Sep 21 07:34:12.028018: | free_event_entry: release EVENT_RETRANSMIT-pe@0x55dbe1bf6680 Sep 21 07:34:12.028023: | #3 spent 0.159 milliseconds in timer_event_cb() EVENT_RETRANSMIT Sep 21 07:34:12.028027: | stop processing: state #3 connection "northnet-eastnet-b" from 192.1.2.23:500 (in timer_event_cb() at timer.c:557) Sep 21 07:34:12.028844: | spent 0.00217 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:34:12.028859: | *received 144 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Sep 21 07:34:12.028862: | 83 26 94 dc 76 34 ec a4 7f 9b 03 f4 eb 6f 2e 92 Sep 21 07:34:12.028864: | 01 10 02 00 00 00 00 00 00 00 00 90 0d 00 00 38 Sep 21 07:34:12.028865: | 00 00 00 01 00 00 00 01 00 00 00 2c 00 01 00 01 Sep 21 07:34:12.028867: | 00 00 00 24 00 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:34:12.028868: | 80 01 00 07 80 02 00 04 80 03 00 03 80 04 00 0e Sep 21 07:34:12.028870: | 80 0e 01 00 0d 00 00 14 40 48 b7 d5 6e bc e8 85 Sep 21 07:34:12.028871: | 25 e7 de 7f 00 d6 c2 d3 0d 00 00 14 af ca d7 13 Sep 21 07:34:12.028873: | 68 a1 f1 c9 6b 86 96 fc 77 57 01 00 00 00 00 14 Sep 21 07:34:12.028874: | 4a 13 1c 81 07 03 58 45 5c 57 28 f2 0e 95 45 2f Sep 21 07:34:12.028877: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:34:12.028880: | **parse ISAKMP Message: Sep 21 07:34:12.028881: | initiator cookie: Sep 21 07:34:12.028883: | 83 26 94 dc 76 34 ec a4 Sep 21 07:34:12.028885: | responder cookie: Sep 21 07:34:12.028886: | 7f 9b 03 f4 eb 6f 2e 92 Sep 21 07:34:12.028888: | next payload type: ISAKMP_NEXT_SA (0x1) Sep 21 07:34:12.028890: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:34:12.028892: | exchange type: ISAKMP_XCHG_IDPROT (0x2) Sep 21 07:34:12.028893: | flags: none (0x0) Sep 21 07:34:12.028895: | Message ID: 0 (0x0) Sep 21 07:34:12.028897: | length: 144 (0x90) Sep 21 07:34:12.028899: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) Sep 21 07:34:12.028901: | State DB: IKEv1 state not found (find_state_ikev1) Sep 21 07:34:12.028906: | State DB: found IKEv1 state #3 in MAIN_I1 (find_state_ikev1_init) Sep 21 07:34:12.028909: | start processing: state #3 connection "northnet-eastnet-b" from 192.1.2.23:500 (in process_v1_packet() at ikev1.c:1435) Sep 21 07:34:12.028911: | #3 is idle Sep 21 07:34:12.028913: | #3 idle Sep 21 07:34:12.028915: | got payload 0x2 (ISAKMP_NEXT_SA) needed: 0x2 opt: 0x2080 Sep 21 07:34:12.028917: | ***parse ISAKMP Security Association Payload: Sep 21 07:34:12.028919: | next payload type: ISAKMP_NEXT_VID (0xd) Sep 21 07:34:12.028921: | length: 56 (0x38) Sep 21 07:34:12.028922: | DOI: ISAKMP_DOI_IPSEC (0x1) Sep 21 07:34:12.028924: | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 Sep 21 07:34:12.028926: | ***parse ISAKMP Vendor ID Payload: Sep 21 07:34:12.028928: | next payload type: ISAKMP_NEXT_VID (0xd) Sep 21 07:34:12.028929: | length: 20 (0x14) Sep 21 07:34:12.028931: | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 Sep 21 07:34:12.028933: | ***parse ISAKMP Vendor ID Payload: Sep 21 07:34:12.028934: | next payload type: ISAKMP_NEXT_VID (0xd) Sep 21 07:34:12.028936: | length: 20 (0x14) Sep 21 07:34:12.028937: | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 Sep 21 07:34:12.028939: | ***parse ISAKMP Vendor ID Payload: Sep 21 07:34:12.028941: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:12.028942: | length: 20 (0x14) Sep 21 07:34:12.028944: | message 'main_inR1_outI2' HASH payload not checked early Sep 21 07:34:12.028947: | received Vendor ID payload [FRAGMENTATION] Sep 21 07:34:12.028949: | received Vendor ID payload [Dead Peer Detection] Sep 21 07:34:12.028952: | quirks.qnat_traversal_vid set to=117 [RFC 3947] Sep 21 07:34:12.028953: | received Vendor ID payload [RFC 3947] Sep 21 07:34:12.028956: | ****parse IPsec DOI SIT: Sep 21 07:34:12.028958: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) Sep 21 07:34:12.028960: | ****parse ISAKMP Proposal Payload: Sep 21 07:34:12.028961: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:12.028963: | length: 44 (0x2c) Sep 21 07:34:12.028964: | proposal number: 0 (0x0) Sep 21 07:34:12.028966: | protocol ID: PROTO_ISAKMP (0x1) Sep 21 07:34:12.028968: | SPI size: 0 (0x0) Sep 21 07:34:12.028969: | number of transforms: 1 (0x1) Sep 21 07:34:12.028971: | *****parse ISAKMP Transform Payload (ISAKMP): Sep 21 07:34:12.028973: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:12.028974: | length: 36 (0x24) Sep 21 07:34:12.028976: | ISAKMP transform number: 0 (0x0) Sep 21 07:34:12.028978: | ISAKMP transform ID: KEY_IKE (0x1) Sep 21 07:34:12.028979: | ******parse ISAKMP Oakley attribute: Sep 21 07:34:12.028981: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Sep 21 07:34:12.028983: | length/value: 1 (0x1) Sep 21 07:34:12.028985: | [1 is OAKLEY_LIFE_SECONDS] Sep 21 07:34:12.028987: | ******parse ISAKMP Oakley attribute: Sep 21 07:34:12.028988: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Sep 21 07:34:12.028990: | length/value: 3600 (0xe10) Sep 21 07:34:12.028992: | ******parse ISAKMP Oakley attribute: Sep 21 07:34:12.028993: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Sep 21 07:34:12.028995: | length/value: 7 (0x7) Sep 21 07:34:12.028997: | [7 is OAKLEY_AES_CBC] Sep 21 07:34:12.028999: | ******parse ISAKMP Oakley attribute: Sep 21 07:34:12.029000: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Sep 21 07:34:12.029002: | length/value: 4 (0x4) Sep 21 07:34:12.029004: | [4 is OAKLEY_SHA2_256] Sep 21 07:34:12.029005: | ******parse ISAKMP Oakley attribute: Sep 21 07:34:12.029007: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Sep 21 07:34:12.029009: | length/value: 3 (0x3) Sep 21 07:34:12.029010: | [3 is OAKLEY_RSA_SIG] Sep 21 07:34:12.029012: | ******parse ISAKMP Oakley attribute: Sep 21 07:34:12.029013: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Sep 21 07:34:12.029015: | length/value: 14 (0xe) Sep 21 07:34:12.029017: | [14 is OAKLEY_GROUP_MODP2048] Sep 21 07:34:12.029020: | ******parse ISAKMP Oakley attribute: Sep 21 07:34:12.029021: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) Sep 21 07:34:12.029023: | length/value: 256 (0x100) Sep 21 07:34:12.029025: | OAKLEY proposal verified unconditionally; no alg_info to check against Sep 21 07:34:12.029026: | Oakley Transform 0 accepted Sep 21 07:34:12.029028: | sender checking NAT-T: enabled; VID 117 Sep 21 07:34:12.029030: | returning NAT-T method NAT_TRAVERSAL_METHOD_IETF_RFC Sep 21 07:34:12.029032: | enabling possible NAT-traversal with method RFC 3947 (NAT-Traversal) Sep 21 07:34:12.029035: | adding outI2 KE work-order 5 for state #3 Sep 21 07:34:12.029037: | state #3 requesting EVENT_RETRANSMIT to be deleted Sep 21 07:34:12.029039: | #3 STATE_MAIN_I1: retransmits: cleared Sep 21 07:34:12.029042: | libevent_free: release ptr-libevent@0x55dbe1c02540 Sep 21 07:34:12.029044: | free_event_entry: release EVENT_RETRANSMIT-pe@0x55dbe1bf5630 Sep 21 07:34:12.029046: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55dbe1bf6680 Sep 21 07:34:12.029048: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #3 Sep 21 07:34:12.029050: | libevent_malloc: new ptr-libevent@0x55dbe1c02540 size 128 Sep 21 07:34:12.029057: | complete v1 state transition with STF_SUSPEND Sep 21 07:34:12.029061: | [RE]START processing: state #3 connection "northnet-eastnet-b" from 192.1.2.23:500 (in complete_v1_state_transition() at ikev1.c:2624) Sep 21 07:34:12.029063: | suspending state #3 and saving MD Sep 21 07:34:12.029064: | #3 is busy; has a suspended MD Sep 21 07:34:12.029068: | #3 spent 0.112 milliseconds in process_packet_tail() Sep 21 07:34:12.029071: | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) Sep 21 07:34:12.029074: | stop processing: state #3 connection "northnet-eastnet-b" from 192.1.2.23:500 (in process_md() at demux.c:382) Sep 21 07:34:12.029075: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:34:12.029078: | spent 0.225 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:34:12.029098: | crypto helper 3 resuming Sep 21 07:34:12.029107: | crypto helper 3 starting work-order 5 for state #3 Sep 21 07:34:12.029111: | crypto helper 3 doing build KE and nonce (outI2 KE); request ID 5 Sep 21 07:34:12.029695: | crypto helper 3 finished build KE and nonce (outI2 KE); request ID 5 time elapsed 0.000584 seconds Sep 21 07:34:12.029701: | (#3) spent 0.589 milliseconds in crypto helper computing work-order 5: outI2 KE (pcr) Sep 21 07:34:12.029703: | crypto helper 3 sending results from work-order 5 for state #3 to event queue Sep 21 07:34:12.029705: | scheduling resume sending helper answer for #3 Sep 21 07:34:12.029708: | libevent_malloc: new ptr-libevent@0x7fdad0006900 size 128 Sep 21 07:34:12.029714: | crypto helper 3 waiting (nothing to do) Sep 21 07:34:12.029753: | processing resume sending helper answer for #3 Sep 21 07:34:12.029762: | start processing: state #3 connection "northnet-eastnet-b" from 192.1.2.23:500 (in resume_handler() at server.c:797) Sep 21 07:34:12.029766: | crypto helper 3 replies to request ID 5 Sep 21 07:34:12.029768: | calling continuation function 0x55dbdfa7b630 Sep 21 07:34:12.029770: | main_inR1_outI2_continue for #3: calculated ke+nonce, sending I2 Sep 21 07:34:12.029774: | **emit ISAKMP Message: Sep 21 07:34:12.029776: | initiator cookie: Sep 21 07:34:12.029778: | 83 26 94 dc 76 34 ec a4 Sep 21 07:34:12.029779: | responder cookie: Sep 21 07:34:12.029781: | 7f 9b 03 f4 eb 6f 2e 92 Sep 21 07:34:12.029786: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:12.029792: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:34:12.029795: | exchange type: ISAKMP_XCHG_IDPROT (0x2) Sep 21 07:34:12.029797: | flags: none (0x0) Sep 21 07:34:12.029799: | Message ID: 0 (0x0) Sep 21 07:34:12.029801: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:34:12.029804: | ***emit ISAKMP Key Exchange Payload: Sep 21 07:34:12.029805: | next payload type: ISAKMP_NEXT_NONCE (0xa) Sep 21 07:34:12.029810: | next payload chain: ignoring supplied 'ISAKMP Key Exchange Payload'.'next payload type' value 10:ISAKMP_NEXT_NONCE Sep 21 07:34:12.029812: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Key Exchange Payload (4:ISAKMP_NEXT_KE) Sep 21 07:34:12.029814: | next payload chain: saving location 'ISAKMP Key Exchange Payload'.'next payload type' in 'reply packet' Sep 21 07:34:12.029816: | emitting 256 raw bytes of keyex value into ISAKMP Key Exchange Payload Sep 21 07:34:12.029818: | keyex value 04 7e 66 1f db 01 88 9d 86 9c e6 b5 3c 62 bb e3 Sep 21 07:34:12.029820: | keyex value 03 31 dd 6b cd 09 de e5 53 b6 59 2b 84 15 de fe Sep 21 07:34:12.029821: | keyex value 32 39 13 b8 c6 0d a0 84 c9 b3 3c fc d9 f0 20 d9 Sep 21 07:34:12.029823: | keyex value 63 8b 55 08 90 e9 cd 34 c3 d1 24 78 c8 59 aa ec Sep 21 07:34:12.029824: | keyex value 1e cb 16 61 be c4 cb 83 86 11 01 10 e3 d2 ef 26 Sep 21 07:34:12.029826: | keyex value 4c bc 24 fd a8 09 2c fb 5c 97 83 5e 0a 3d fa 36 Sep 21 07:34:12.029827: | keyex value 46 d6 b9 23 f8 38 98 87 b9 14 b5 21 39 15 a8 cb Sep 21 07:34:12.029829: | keyex value 16 4a 66 97 ed 74 bc dd 69 f1 5b 41 67 46 f3 23 Sep 21 07:34:12.029830: | keyex value dc e0 76 fe 2d e7 af d3 e8 6b ce a6 d8 fd 9b 3d Sep 21 07:34:12.029832: | keyex value 01 cc 2f e4 05 bd 36 85 8f a4 18 5d 9b 52 a5 c5 Sep 21 07:34:12.029833: | keyex value 2f c9 f8 b8 65 db d3 3e 6f 1a ab 38 0b c9 42 87 Sep 21 07:34:12.029835: | keyex value ae 64 81 c4 1e 58 9c 73 a3 e3 11 53 15 82 32 70 Sep 21 07:34:12.029836: | keyex value 5b 45 48 a3 8c 75 47 e3 c2 7c 72 b9 2e 3c 06 cb Sep 21 07:34:12.029838: | keyex value f7 1c 88 23 55 a8 14 c6 88 94 7e f8 d4 2c 84 bf Sep 21 07:34:12.029839: | keyex value 62 74 99 78 8d e0 17 f4 1c 56 bb 4f b7 5c bd 84 Sep 21 07:34:12.029841: | keyex value 31 31 20 fa 8b 85 18 0e b7 6c 80 14 a9 db de 1f Sep 21 07:34:12.029843: | emitting length of ISAKMP Key Exchange Payload: 260 Sep 21 07:34:12.029844: | ***emit ISAKMP Nonce Payload: Sep 21 07:34:12.029846: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:12.029848: | next payload chain: setting previous 'ISAKMP Key Exchange Payload'.'next payload type' to current ISAKMP Nonce Payload (10:ISAKMP_NEXT_NONCE) Sep 21 07:34:12.029850: | next payload chain: saving location 'ISAKMP Nonce Payload'.'next payload type' in 'reply packet' Sep 21 07:34:12.029852: | emitting 32 raw bytes of Ni into ISAKMP Nonce Payload Sep 21 07:34:12.029854: | Ni ca 00 84 5d c0 e0 08 b3 f3 4b 76 6d 48 42 be 68 Sep 21 07:34:12.029855: | Ni 5e bb 45 27 55 fb 8a 89 ef e7 ef 0f 35 18 f8 44 Sep 21 07:34:12.029857: | emitting length of ISAKMP Nonce Payload: 36 Sep 21 07:34:12.029858: | NAT-T checking st_nat_traversal Sep 21 07:34:12.029860: | NAT-T found (implies NAT_T_WITH_NATD) Sep 21 07:34:12.029861: | sending NAT-D payloads Sep 21 07:34:12.029870: | natd_hash: hasher=0x55dbdfb51c40(32) Sep 21 07:34:12.029872: | natd_hash: icookie= 83 26 94 dc 76 34 ec a4 Sep 21 07:34:12.029874: | natd_hash: rcookie= 7f 9b 03 f4 eb 6f 2e 92 Sep 21 07:34:12.029875: | natd_hash: ip= c0 01 02 17 Sep 21 07:34:12.029877: | natd_hash: port= 01 f4 Sep 21 07:34:12.029878: | natd_hash: hash= c2 95 d3 e9 aa 7e 5a ce 92 c2 58 83 d6 80 7c fb Sep 21 07:34:12.029880: | natd_hash: hash= 2d 14 ed 0b 49 52 23 ea 94 99 f6 b3 62 c9 a2 4b Sep 21 07:34:12.029882: | ***emit ISAKMP NAT-D Payload: Sep 21 07:34:12.029884: | next payload type: ISAKMP_NEXT_NATD_RFC (0x14) Sep 21 07:34:12.029886: | next payload chain: ignoring supplied 'ISAKMP NAT-D Payload'.'next payload type' value 20:ISAKMP_NEXT_NATD_RFC Sep 21 07:34:12.029888: | next payload chain: setting previous 'ISAKMP Nonce Payload'.'next payload type' to current ISAKMP NAT-D Payload (20:ISAKMP_NEXT_NATD_RFC) Sep 21 07:34:12.029889: | next payload chain: saving location 'ISAKMP NAT-D Payload'.'next payload type' in 'reply packet' Sep 21 07:34:12.029891: | emitting 32 raw bytes of NAT-D into ISAKMP NAT-D Payload Sep 21 07:34:12.029894: | NAT-D c2 95 d3 e9 aa 7e 5a ce 92 c2 58 83 d6 80 7c fb Sep 21 07:34:12.029896: | NAT-D 2d 14 ed 0b 49 52 23 ea 94 99 f6 b3 62 c9 a2 4b Sep 21 07:34:12.029897: | emitting length of ISAKMP NAT-D Payload: 36 Sep 21 07:34:12.029902: | natd_hash: hasher=0x55dbdfb51c40(32) Sep 21 07:34:12.029903: | natd_hash: icookie= 83 26 94 dc 76 34 ec a4 Sep 21 07:34:12.029905: | natd_hash: rcookie= 7f 9b 03 f4 eb 6f 2e 92 Sep 21 07:34:12.029906: | natd_hash: ip= c0 01 03 21 Sep 21 07:34:12.029908: | natd_hash: port= 01 f4 Sep 21 07:34:12.029909: | natd_hash: hash= 28 bd 53 be 95 71 a8 4f 4f a8 8c 69 f7 39 31 ee Sep 21 07:34:12.029911: | natd_hash: hash= 45 9a fb 8a 55 1c e7 2d e2 c4 3f e6 87 55 5e ff Sep 21 07:34:12.029913: | ***emit ISAKMP NAT-D Payload: Sep 21 07:34:12.029914: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:12.029916: | next payload chain: setting previous 'ISAKMP NAT-D Payload'.'next payload type' to current ISAKMP NAT-D Payload (20:ISAKMP_NEXT_NATD_RFC) Sep 21 07:34:12.029918: | next payload chain: saving location 'ISAKMP NAT-D Payload'.'next payload type' in 'reply packet' Sep 21 07:34:12.029920: | emitting 32 raw bytes of NAT-D into ISAKMP NAT-D Payload Sep 21 07:34:12.029921: | NAT-D 28 bd 53 be 95 71 a8 4f 4f a8 8c 69 f7 39 31 ee Sep 21 07:34:12.029923: | NAT-D 45 9a fb 8a 55 1c e7 2d e2 c4 3f e6 87 55 5e ff Sep 21 07:34:12.029925: | emitting length of ISAKMP NAT-D Payload: 36 Sep 21 07:34:12.029926: | no IKEv1 message padding required Sep 21 07:34:12.029928: | emitting length of ISAKMP Message: 396 Sep 21 07:34:12.029930: | State DB: re-hashing IKEv1 state #3 IKE SPIi and SPI[ir] Sep 21 07:34:12.029932: | complete v1 state transition with STF_OK Sep 21 07:34:12.029936: | [RE]START processing: state #3 connection "northnet-eastnet-b" from 192.1.2.23:500 (in complete_v1_state_transition() at ikev1.c:2649) Sep 21 07:34:12.029938: | #3 is idle Sep 21 07:34:12.029939: | doing_xauth:no, t_xauth_client_done:no Sep 21 07:34:12.029941: | peer supports fragmentation Sep 21 07:34:12.029942: | peer supports DPD Sep 21 07:34:12.029944: | IKEv1: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2 Sep 21 07:34:12.029947: | parent state #3: MAIN_I1(half-open IKE SA) => MAIN_I2(open IKE SA) Sep 21 07:34:12.029948: | event_already_set, deleting event Sep 21 07:34:12.029950: | state #3 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:34:12.029952: | libevent_free: release ptr-libevent@0x55dbe1c02540 Sep 21 07:34:12.029954: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55dbe1bf6680 Sep 21 07:34:12.029957: | sending reply packet to 192.1.2.23:500 (from 192.1.3.33:500) Sep 21 07:34:12.029962: | sending 396 bytes for STATE_MAIN_I1 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #3) Sep 21 07:34:12.029964: | 83 26 94 dc 76 34 ec a4 7f 9b 03 f4 eb 6f 2e 92 Sep 21 07:34:12.029966: | 04 10 02 00 00 00 00 00 00 00 01 8c 0a 00 01 04 Sep 21 07:34:12.029967: | 04 7e 66 1f db 01 88 9d 86 9c e6 b5 3c 62 bb e3 Sep 21 07:34:12.029969: | 03 31 dd 6b cd 09 de e5 53 b6 59 2b 84 15 de fe Sep 21 07:34:12.029970: | 32 39 13 b8 c6 0d a0 84 c9 b3 3c fc d9 f0 20 d9 Sep 21 07:34:12.029972: | 63 8b 55 08 90 e9 cd 34 c3 d1 24 78 c8 59 aa ec Sep 21 07:34:12.029973: | 1e cb 16 61 be c4 cb 83 86 11 01 10 e3 d2 ef 26 Sep 21 07:34:12.029975: | 4c bc 24 fd a8 09 2c fb 5c 97 83 5e 0a 3d fa 36 Sep 21 07:34:12.029976: | 46 d6 b9 23 f8 38 98 87 b9 14 b5 21 39 15 a8 cb Sep 21 07:34:12.029978: | 16 4a 66 97 ed 74 bc dd 69 f1 5b 41 67 46 f3 23 Sep 21 07:34:12.029979: | dc e0 76 fe 2d e7 af d3 e8 6b ce a6 d8 fd 9b 3d Sep 21 07:34:12.029980: | 01 cc 2f e4 05 bd 36 85 8f a4 18 5d 9b 52 a5 c5 Sep 21 07:34:12.029982: | 2f c9 f8 b8 65 db d3 3e 6f 1a ab 38 0b c9 42 87 Sep 21 07:34:12.029983: | ae 64 81 c4 1e 58 9c 73 a3 e3 11 53 15 82 32 70 Sep 21 07:34:12.029985: | 5b 45 48 a3 8c 75 47 e3 c2 7c 72 b9 2e 3c 06 cb Sep 21 07:34:12.029986: | f7 1c 88 23 55 a8 14 c6 88 94 7e f8 d4 2c 84 bf Sep 21 07:34:12.029989: | 62 74 99 78 8d e0 17 f4 1c 56 bb 4f b7 5c bd 84 Sep 21 07:34:12.029991: | 31 31 20 fa 8b 85 18 0e b7 6c 80 14 a9 db de 1f Sep 21 07:34:12.029992: | 14 00 00 24 ca 00 84 5d c0 e0 08 b3 f3 4b 76 6d Sep 21 07:34:12.029994: | 48 42 be 68 5e bb 45 27 55 fb 8a 89 ef e7 ef 0f Sep 21 07:34:12.029995: | 35 18 f8 44 14 00 00 24 c2 95 d3 e9 aa 7e 5a ce Sep 21 07:34:12.029997: | 92 c2 58 83 d6 80 7c fb 2d 14 ed 0b 49 52 23 ea Sep 21 07:34:12.029998: | 94 99 f6 b3 62 c9 a2 4b 00 00 00 24 28 bd 53 be Sep 21 07:34:12.030000: | 95 71 a8 4f 4f a8 8c 69 f7 39 31 ee 45 9a fb 8a Sep 21 07:34:12.030001: | 55 1c e7 2d e2 c4 3f e6 87 55 5e ff Sep 21 07:34:12.030022: | !event_already_set at reschedule Sep 21 07:34:12.030026: | event_schedule: new EVENT_RETRANSMIT-pe@0x55dbe1bf6680 Sep 21 07:34:12.030029: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #3 Sep 21 07:34:12.030031: | libevent_malloc: new ptr-libevent@0x55dbe1c02540 size 128 Sep 21 07:34:12.030034: | #3 STATE_MAIN_I2: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 49898.39829 Sep 21 07:34:12.030036: "northnet-eastnet-b" #3: STATE_MAIN_I2: sent MI2, expecting MR2 Sep 21 07:34:12.030038: | modecfg pull: noquirk policy:push not-client Sep 21 07:34:12.030040: | phase 1 is done, looking for phase 2 to unpend Sep 21 07:34:12.030042: | resume sending helper answer for #3 suppresed complete_v1_state_transition() Sep 21 07:34:12.030046: | #3 spent 0.265 milliseconds in resume sending helper answer Sep 21 07:34:12.030050: | stop processing: state #3 connection "northnet-eastnet-b" from 192.1.2.23:500 (in resume_handler() at server.c:833) Sep 21 07:34:12.030052: | libevent_free: release ptr-libevent@0x7fdad0006900 Sep 21 07:34:12.031619: | spent 0.00219 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:34:12.031637: | *received 576 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Sep 21 07:34:12.031640: | 83 26 94 dc 76 34 ec a4 7f 9b 03 f4 eb 6f 2e 92 Sep 21 07:34:12.031643: | 04 10 02 00 00 00 00 00 00 00 02 40 0a 00 01 04 Sep 21 07:34:12.031645: | 46 75 31 9a d4 b1 60 c4 3f 41 c3 01 e7 64 ac ef Sep 21 07:34:12.031647: | dd b0 94 14 a1 ed 61 ed 04 5c e7 97 1e 1b fd 5e Sep 21 07:34:12.031650: | 62 8f 7c 37 ee 2a fe 0a a8 96 cb 70 29 78 28 ea Sep 21 07:34:12.031652: | 17 30 aa e1 9c ef b5 e8 b7 c8 22 a4 85 75 4d 3a Sep 21 07:34:12.031654: | 09 bd 19 d8 c2 41 ef bf c2 78 7f 9c 2a d4 0d 3e Sep 21 07:34:12.031657: | c8 75 74 88 ca 1d 7e 09 c6 69 c0 d3 1a 22 a7 f9 Sep 21 07:34:12.031659: | b2 62 f3 e5 4c 1e 52 1f 97 a6 ce 8c e8 2f 16 6a Sep 21 07:34:12.031661: | c1 18 fa b2 7d c7 ee 3b 21 af c4 19 b3 c2 35 aa Sep 21 07:34:12.031664: | 34 47 4f 2b da 34 20 68 27 69 51 bf e0 a6 88 12 Sep 21 07:34:12.031666: | a3 51 95 27 56 3e 54 89 23 d4 0a 29 87 ba 6b 5a Sep 21 07:34:12.031668: | c0 1a 59 1e 04 82 ec ef e3 9d bf cd a2 ef 73 8e Sep 21 07:34:12.031671: | d1 16 8d b2 54 3b 4a c2 16 23 48 37 09 34 9f 2b Sep 21 07:34:12.031673: | 77 aa 28 f0 d1 6f b5 9c 35 67 bc 25 54 42 62 80 Sep 21 07:34:12.031676: | 6b 36 68 88 80 c4 ea 4d ce a4 0b 39 bb 0a 03 9c Sep 21 07:34:12.031678: | 98 d5 6f b4 bf 92 9c 51 5a e2 8e 70 3b c2 c5 34 Sep 21 07:34:12.031680: | 62 6a 89 4a 51 64 0f 82 95 21 f2 b5 0d a1 38 a1 Sep 21 07:34:12.031682: | 07 00 00 24 39 df ff 87 6a e3 3b 31 82 46 53 ee Sep 21 07:34:12.031685: | 4a 1d 48 4c b8 06 05 d3 bf 69 f6 6f ab 50 c0 1e Sep 21 07:34:12.031687: | 16 8d 6f 3b 14 00 00 b4 04 30 81 ac 31 0b 30 09 Sep 21 07:34:12.031689: | 06 03 55 04 06 13 02 43 41 31 10 30 0e 06 03 55 Sep 21 07:34:12.031692: | 04 08 0c 07 4f 6e 74 61 72 69 6f 31 10 30 0e 06 Sep 21 07:34:12.031694: | 03 55 04 07 0c 07 54 6f 72 6f 6e 74 6f 31 12 30 Sep 21 07:34:12.031696: | 10 06 03 55 04 0a 0c 09 4c 69 62 72 65 73 77 61 Sep 21 07:34:12.031699: | 6e 31 18 30 16 06 03 55 04 0b 0c 0f 54 65 73 74 Sep 21 07:34:12.031701: | 20 44 65 70 61 72 74 6d 65 6e 74 31 25 30 23 06 Sep 21 07:34:12.031708: | 03 55 04 03 0c 1c 4c 69 62 72 65 73 77 61 6e 20 Sep 21 07:34:12.031710: | 74 65 73 74 20 43 41 20 66 6f 72 20 6d 61 69 6e Sep 21 07:34:12.031712: | 63 61 31 24 30 22 06 09 2a 86 48 86 f7 0d 01 09 Sep 21 07:34:12.031715: | 01 16 15 74 65 73 74 69 6e 67 40 6c 69 62 72 65 Sep 21 07:34:12.031717: | 73 77 61 6e 2e 6f 72 67 14 00 00 24 28 bd 53 be Sep 21 07:34:12.031719: | 95 71 a8 4f 4f a8 8c 69 f7 39 31 ee 45 9a fb 8a Sep 21 07:34:12.031722: | 55 1c e7 2d e2 c4 3f e6 87 55 5e ff 00 00 00 24 Sep 21 07:34:12.031724: | c2 95 d3 e9 aa 7e 5a ce 92 c2 58 83 d6 80 7c fb Sep 21 07:34:12.031727: | 2d 14 ed 0b 49 52 23 ea 94 99 f6 b3 62 c9 a2 4b Sep 21 07:34:12.031731: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:34:12.031734: | **parse ISAKMP Message: Sep 21 07:34:12.031737: | initiator cookie: Sep 21 07:34:12.031739: | 83 26 94 dc 76 34 ec a4 Sep 21 07:34:12.031742: | responder cookie: Sep 21 07:34:12.031744: | 7f 9b 03 f4 eb 6f 2e 92 Sep 21 07:34:12.031746: | next payload type: ISAKMP_NEXT_KE (0x4) Sep 21 07:34:12.031749: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:34:12.031752: | exchange type: ISAKMP_XCHG_IDPROT (0x2) Sep 21 07:34:12.031754: | flags: none (0x0) Sep 21 07:34:12.031757: | Message ID: 0 (0x0) Sep 21 07:34:12.031759: | length: 576 (0x240) Sep 21 07:34:12.031762: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) Sep 21 07:34:12.031765: | State DB: found IKEv1 state #3 in MAIN_I2 (find_state_ikev1) Sep 21 07:34:12.031771: | start processing: state #3 connection "northnet-eastnet-b" from 192.1.2.23:500 (in process_v1_packet() at ikev1.c:1435) Sep 21 07:34:12.031773: | #3 is idle Sep 21 07:34:12.031776: | #3 idle Sep 21 07:34:12.031779: | got payload 0x10 (ISAKMP_NEXT_KE) needed: 0x410 opt: 0x102080 Sep 21 07:34:12.031781: | ***parse ISAKMP Key Exchange Payload: Sep 21 07:34:12.031807: | next payload type: ISAKMP_NEXT_NONCE (0xa) Sep 21 07:34:12.031810: | length: 260 (0x104) Sep 21 07:34:12.031813: | got payload 0x400 (ISAKMP_NEXT_NONCE) needed: 0x400 opt: 0x102080 Sep 21 07:34:12.031815: | ***parse ISAKMP Nonce Payload: Sep 21 07:34:12.031818: | next payload type: ISAKMP_NEXT_CR (0x7) Sep 21 07:34:12.031820: | length: 36 (0x24) Sep 21 07:34:12.031823: | got payload 0x80 (ISAKMP_NEXT_CR) needed: 0x0 opt: 0x102080 Sep 21 07:34:12.031825: | ***parse ISAKMP Certificate RequestPayload: Sep 21 07:34:12.031828: | next payload type: ISAKMP_NEXT_NATD_RFC (0x14) Sep 21 07:34:12.031830: | length: 180 (0xb4) Sep 21 07:34:12.031833: | cert type: CERT_X509_SIGNATURE (0x4) Sep 21 07:34:12.031836: | got payload 0x100000 (ISAKMP_NEXT_NATD_RFC) needed: 0x0 opt: 0x102080 Sep 21 07:34:12.031838: | ***parse ISAKMP NAT-D Payload: Sep 21 07:34:12.031841: | next payload type: ISAKMP_NEXT_NATD_RFC (0x14) Sep 21 07:34:12.031843: | length: 36 (0x24) Sep 21 07:34:12.031846: | got payload 0x100000 (ISAKMP_NEXT_NATD_RFC) needed: 0x0 opt: 0x102080 Sep 21 07:34:12.031848: | ***parse ISAKMP NAT-D Payload: Sep 21 07:34:12.031850: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:12.031853: | length: 36 (0x24) Sep 21 07:34:12.031855: | message 'main_inR2_outI3' HASH payload not checked early Sep 21 07:34:12.031873: | started looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org of kind PKK_PSK Sep 21 07:34:12.031882: | actually looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org of kind PKK_PSK Sep 21 07:34:12.031892: | line 0: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org) to type PKK_RSA Sep 21 07:34:12.031902: | line 1: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org) to type PKK_RSA Sep 21 07:34:12.031905: | concluding with best_match=000 best=(nil) (lineno=-1) Sep 21 07:34:12.031907: | no PreShared Key Found Sep 21 07:34:12.031911: | adding aggr outR1 DH work-order 6 for state #3 Sep 21 07:34:12.031914: | state #3 requesting EVENT_RETRANSMIT to be deleted Sep 21 07:34:12.031917: | #3 STATE_MAIN_I2: retransmits: cleared Sep 21 07:34:12.031920: | libevent_free: release ptr-libevent@0x55dbe1c02540 Sep 21 07:34:12.031923: | free_event_entry: release EVENT_RETRANSMIT-pe@0x55dbe1bf6680 Sep 21 07:34:12.031926: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7fdad0002b20 Sep 21 07:34:12.031930: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #3 Sep 21 07:34:12.031933: | libevent_malloc: new ptr-libevent@0x55dbe1c02540 size 128 Sep 21 07:34:12.031940: | complete v1 state transition with STF_SUSPEND Sep 21 07:34:12.031945: | [RE]START processing: state #3 connection "northnet-eastnet-b" from 192.1.2.23:500 (in complete_v1_state_transition() at ikev1.c:2624) Sep 21 07:34:12.031948: | suspending state #3 and saving MD Sep 21 07:34:12.031950: | #3 is busy; has a suspended MD Sep 21 07:34:12.031952: | crypto helper 5 resuming Sep 21 07:34:12.031955: | #3 spent 0.0951 milliseconds in process_packet_tail() Sep 21 07:34:12.031965: | crypto helper 5 starting work-order 6 for state #3 Sep 21 07:34:12.031973: | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) Sep 21 07:34:12.031979: | crypto helper 5 doing compute dh+iv (V1 Phase 1) (aggr outR1 DH); request ID 6 Sep 21 07:34:12.031986: | stop processing: state #3 connection "northnet-eastnet-b" from 192.1.2.23:500 (in process_md() at demux.c:382) Sep 21 07:34:12.031989: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:34:12.031994: | spent 0.337 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:34:12.033202: | crypto helper 5 finished compute dh+iv (V1 Phase 1) (aggr outR1 DH); request ID 6 time elapsed 0.001223 seconds Sep 21 07:34:12.033215: | (#3) spent 1.23 milliseconds in crypto helper computing work-order 6: aggr outR1 DH (pcr) Sep 21 07:34:12.033218: | crypto helper 5 sending results from work-order 6 for state #3 to event queue Sep 21 07:34:12.033221: | scheduling resume sending helper answer for #3 Sep 21 07:34:12.033225: | libevent_malloc: new ptr-libevent@0x7fdac4004f00 size 128 Sep 21 07:34:12.033232: | crypto helper 5 waiting (nothing to do) Sep 21 07:34:12.033267: | processing resume sending helper answer for #3 Sep 21 07:34:12.033276: | start processing: state #3 connection "northnet-eastnet-b" from 192.1.2.23:500 (in resume_handler() at server.c:797) Sep 21 07:34:12.033280: | crypto helper 5 replies to request ID 6 Sep 21 07:34:12.033282: | calling continuation function 0x55dbdfa7b630 Sep 21 07:34:12.033284: | main_inR2_outI3_cryptotail for #3: calculated DH, sending R1 Sep 21 07:34:12.033287: | **emit ISAKMP Message: Sep 21 07:34:12.033289: | initiator cookie: Sep 21 07:34:12.033291: | 83 26 94 dc 76 34 ec a4 Sep 21 07:34:12.033292: | responder cookie: Sep 21 07:34:12.033294: | 7f 9b 03 f4 eb 6f 2e 92 Sep 21 07:34:12.033296: | next payload type: ISAKMP_NEXT_ID (0x5) Sep 21 07:34:12.033297: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:34:12.033299: | exchange type: ISAKMP_XCHG_IDPROT (0x2) Sep 21 07:34:12.033301: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Sep 21 07:34:12.033303: | Message ID: 0 (0x0) Sep 21 07:34:12.033305: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:34:12.033307: | next payload chain: ignoring supplied 'ISAKMP Message'.'next payload type' value 5:ISAKMP_NEXT_ID Sep 21 07:34:12.033309: | CR 30 81 ac 31 0b 30 09 06 03 55 04 06 13 02 43 41 Sep 21 07:34:12.033313: | CR 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 Sep 21 07:34:12.033315: | CR 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 Sep 21 07:34:12.033317: | CR 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c Sep 21 07:34:12.033318: | CR 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 Sep 21 07:34:12.033319: | CR 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 Sep 21 07:34:12.033321: | CR 6e 74 31 25 30 23 06 03 55 04 03 0c 1c 4c 69 62 Sep 21 07:34:12.033322: | CR 72 65 73 77 61 6e 20 74 65 73 74 20 43 41 20 66 Sep 21 07:34:12.033324: | CR 6f 72 20 6d 61 69 6e 63 61 31 24 30 22 06 09 2a Sep 21 07:34:12.033325: | CR 86 48 86 f7 0d 01 09 01 16 15 74 65 73 74 69 6e Sep 21 07:34:12.033327: | CR 67 40 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 Sep 21 07:34:12.033333: | requested CA: 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:34:12.033335: | thinking about whether to send my certificate: Sep 21 07:34:12.033337: | I have RSA key: OAKLEY_RSA_SIG cert.type: CERT_X509_SIGNATURE Sep 21 07:34:12.033339: | sendcert: CERT_ALWAYSSEND and I did get a certificate request Sep 21 07:34:12.033340: | so send cert. Sep 21 07:34:12.033343: | I am sending a certificate request Sep 21 07:34:12.033345: | I will NOT send an initial contact payload Sep 21 07:34:12.033347: | init checking NAT-T: enabled; RFC 3947 (NAT-Traversal) Sep 21 07:34:12.033356: | natd_hash: hasher=0x55dbdfb51c40(32) Sep 21 07:34:12.033358: | natd_hash: icookie= 83 26 94 dc 76 34 ec a4 Sep 21 07:34:12.033360: | natd_hash: rcookie= 7f 9b 03 f4 eb 6f 2e 92 Sep 21 07:34:12.033361: | natd_hash: ip= c0 01 03 21 Sep 21 07:34:12.033363: | natd_hash: port= 01 f4 Sep 21 07:34:12.033364: | natd_hash: hash= 28 bd 53 be 95 71 a8 4f 4f a8 8c 69 f7 39 31 ee Sep 21 07:34:12.033366: | natd_hash: hash= 45 9a fb 8a 55 1c e7 2d e2 c4 3f e6 87 55 5e ff Sep 21 07:34:12.033370: | natd_hash: hasher=0x55dbdfb51c40(32) Sep 21 07:34:12.033372: | natd_hash: icookie= 83 26 94 dc 76 34 ec a4 Sep 21 07:34:12.033373: | natd_hash: rcookie= 7f 9b 03 f4 eb 6f 2e 92 Sep 21 07:34:12.033375: | natd_hash: ip= c0 01 02 17 Sep 21 07:34:12.033376: | natd_hash: port= 01 f4 Sep 21 07:34:12.033378: | natd_hash: hash= c2 95 d3 e9 aa 7e 5a ce 92 c2 58 83 d6 80 7c fb Sep 21 07:34:12.033380: | natd_hash: hash= 2d 14 ed 0b 49 52 23 ea 94 99 f6 b3 62 c9 a2 4b Sep 21 07:34:12.033381: | expected NAT-D(me): 28 bd 53 be 95 71 a8 4f 4f a8 8c 69 f7 39 31 ee Sep 21 07:34:12.033383: | expected NAT-D(me): 45 9a fb 8a 55 1c e7 2d e2 c4 3f e6 87 55 5e ff Sep 21 07:34:12.033384: | expected NAT-D(him): Sep 21 07:34:12.033386: | c2 95 d3 e9 aa 7e 5a ce 92 c2 58 83 d6 80 7c fb Sep 21 07:34:12.033388: | 2d 14 ed 0b 49 52 23 ea 94 99 f6 b3 62 c9 a2 4b Sep 21 07:34:12.033389: | received NAT-D: 28 bd 53 be 95 71 a8 4f 4f a8 8c 69 f7 39 31 ee Sep 21 07:34:12.033391: | received NAT-D: 45 9a fb 8a 55 1c e7 2d e2 c4 3f e6 87 55 5e ff Sep 21 07:34:12.033392: | received NAT-D: c2 95 d3 e9 aa 7e 5a ce 92 c2 58 83 d6 80 7c fb Sep 21 07:34:12.033394: | received NAT-D: 2d 14 ed 0b 49 52 23 ea 94 99 f6 b3 62 c9 a2 4b Sep 21 07:34:12.033396: | NAT_TRAVERSAL encaps using auto-detect Sep 21 07:34:12.033397: | NAT_TRAVERSAL this end is NOT behind NAT Sep 21 07:34:12.033399: | NAT_TRAVERSAL that end is NOT behind NAT Sep 21 07:34:12.033401: | NAT_TRAVERSAL nat-keepalive enabled 192.1.2.23 Sep 21 07:34:12.033403: | NAT-Traversal: Result using RFC 3947 (NAT-Traversal) sender port 500: no NAT detected Sep 21 07:34:12.033405: | NAT_T_WITH_KA detected Sep 21 07:34:12.033407: | global one-shot timer EVENT_NAT_T_KEEPALIVE scheduled in 20 seconds Sep 21 07:34:12.033409: | ***emit ISAKMP Identification Payload (IPsec DOI): Sep 21 07:34:12.033411: | next payload type: ISAKMP_NEXT_CERT (0x6) Sep 21 07:34:12.033413: | ID type: ID_DER_ASN1_DN (0x9) Sep 21 07:34:12.033415: | Protocol ID: 0 (0x0) Sep 21 07:34:12.033416: | port: 0 (0x0) Sep 21 07:34:12.033420: | next payload chain: ignoring supplied 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' value 6:ISAKMP_NEXT_CERT Sep 21 07:34:12.033422: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) Sep 21 07:34:12.033424: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' Sep 21 07:34:12.033426: | emitting 185 raw bytes of my identity into ISAKMP Identification Payload (IPsec DOI) Sep 21 07:34:12.033428: | my identity 30 81 b6 31 0b 30 09 06 03 55 04 06 13 02 43 41 Sep 21 07:34:12.033430: | my identity 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 Sep 21 07:34:12.033431: | my identity 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 Sep 21 07:34:12.033433: | my identity 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c Sep 21 07:34:12.033434: | my identity 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 Sep 21 07:34:12.033436: | my identity 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 Sep 21 07:34:12.033437: | my identity 6e 74 31 24 30 22 06 03 55 04 03 0c 1b 6e 6f 72 Sep 21 07:34:12.033439: | my identity 74 68 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 Sep 21 07:34:12.033440: | my identity 73 77 61 6e 2e 6f 72 67 31 2f 30 2d 06 09 2a 86 Sep 21 07:34:12.033442: | my identity 48 86 f7 0d 01 09 01 16 20 75 73 65 72 2d 6e 6f Sep 21 07:34:12.033443: | my identity 72 74 68 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 Sep 21 07:34:12.033445: | my identity 65 73 77 61 6e 2e 6f 72 67 Sep 21 07:34:12.033447: | emitting length of ISAKMP Identification Payload (IPsec DOI): 193 Sep 21 07:34:12.033449: "northnet-eastnet-b" #3: I am sending my cert Sep 21 07:34:12.033451: | ***emit ISAKMP Certificate Payload: Sep 21 07:34:12.033453: | next payload type: ISAKMP_NEXT_CR (0x7) Sep 21 07:34:12.033454: | cert encoding: CERT_X509_SIGNATURE (0x4) Sep 21 07:34:12.033456: | next payload chain: ignoring supplied 'ISAKMP Certificate Payload'.'next payload type' value 7:ISAKMP_NEXT_CR Sep 21 07:34:12.033458: | next payload chain: setting previous 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' to current ISAKMP Certificate Payload (6:ISAKMP_NEXT_CERT) Sep 21 07:34:12.033460: | next payload chain: saving location 'ISAKMP Certificate Payload'.'next payload type' in 'reply packet' Sep 21 07:34:12.033462: | emitting 1227 raw bytes of CERT into ISAKMP Certificate Payload Sep 21 07:34:12.033464: | CERT 30 82 04 c7 30 82 04 30 a0 03 02 01 02 02 01 06 Sep 21 07:34:12.033465: | CERT 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 Sep 21 07:34:12.033467: | CERT 81 ac 31 0b 30 09 06 03 55 04 06 13 02 43 41 31 Sep 21 07:34:12.033468: | CERT 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 69 Sep 21 07:34:12.033470: | CERT 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 6f Sep 21 07:34:12.033471: | CERT 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c 69 Sep 21 07:34:12.033473: | CERT 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 0b Sep 21 07:34:12.033474: | CERT 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 6e Sep 21 07:34:12.033476: | CERT 74 31 25 30 23 06 03 55 04 03 0c 1c 4c 69 62 72 Sep 21 07:34:12.033477: | CERT 65 73 77 61 6e 20 74 65 73 74 20 43 41 20 66 6f Sep 21 07:34:12.033479: | CERT 72 20 6d 61 69 6e 63 61 31 24 30 22 06 09 2a 86 Sep 21 07:34:12.033480: | CERT 48 86 f7 0d 01 09 01 16 15 74 65 73 74 69 6e 67 Sep 21 07:34:12.033482: | CERT 40 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 30 22 Sep 21 07:34:12.033483: | CERT 18 0f 32 30 31 39 30 39 31 35 31 39 34 34 35 39 Sep 21 07:34:12.033485: | CERT 5a 18 0f 32 30 32 32 30 39 31 34 31 39 34 34 35 Sep 21 07:34:12.033486: | CERT 39 5a 30 81 b6 31 0b 30 09 06 03 55 04 06 13 02 Sep 21 07:34:12.033488: | CERT 43 41 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 Sep 21 07:34:12.033489: | CERT 61 72 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 Sep 21 07:34:12.033491: | CERT 6f 72 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c Sep 21 07:34:12.033493: | CERT 09 4c 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 Sep 21 07:34:12.033495: | CERT 55 04 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 Sep 21 07:34:12.033496: | CERT 6d 65 6e 74 31 24 30 22 06 03 55 04 03 0c 1b 6e Sep 21 07:34:12.033498: | CERT 6f 72 74 68 2e 74 65 73 74 69 6e 67 2e 6c 69 62 Sep 21 07:34:12.033499: | CERT 72 65 73 77 61 6e 2e 6f 72 67 31 2f 30 2d 06 09 Sep 21 07:34:12.033501: | CERT 2a 86 48 86 f7 0d 01 09 01 16 20 75 73 65 72 2d Sep 21 07:34:12.033502: | CERT 6e 6f 72 74 68 40 74 65 73 74 69 6e 67 2e 6c 69 Sep 21 07:34:12.033504: | CERT 62 72 65 73 77 61 6e 2e 6f 72 67 30 82 01 a2 30 Sep 21 07:34:12.033505: | CERT 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 Sep 21 07:34:12.033507: | CERT 01 8f 00 30 82 01 8a 02 82 01 81 00 ba c2 12 92 Sep 21 07:34:12.033508: | CERT f3 67 1c ca 50 e4 11 97 bd e2 74 f8 2d a7 50 1c Sep 21 07:34:12.033510: | CERT 73 d5 23 89 43 a9 58 74 05 29 97 ee a9 71 9c 8d Sep 21 07:34:12.033511: | CERT 92 44 52 90 56 aa 55 a8 8c 69 5e 32 49 62 fb 18 Sep 21 07:34:12.033513: | CERT 4f f0 e2 24 38 f0 a3 3c 7d 95 a9 03 66 29 11 c0 Sep 21 07:34:12.033514: | CERT f2 0c e3 de a1 62 78 96 0e ff d1 f8 93 ac b7 cf Sep 21 07:34:12.033516: | CERT 52 33 01 71 ef 46 ad ad d4 46 f5 e0 c5 e5 57 42 Sep 21 07:34:12.033517: | CERT 2f 10 0e 27 24 45 5e d0 bd 90 32 70 b9 bb 27 2a Sep 21 07:34:12.033519: | CERT 4c 93 a8 87 8c f0 61 5d d9 74 91 04 d9 e9 5b e5 Sep 21 07:34:12.033520: | CERT 31 9c ca e0 5b 2c 3b 17 be 1a c9 1c 28 62 24 3c Sep 21 07:34:12.033522: | CERT e4 eb d0 1a e4 e3 c4 61 b6 9d 1a a9 39 6a b0 92 Sep 21 07:34:12.033523: | CERT a6 69 2c 19 b1 57 75 2b a8 1b ac 95 2b 35 5a 2f Sep 21 07:34:12.033525: | CERT 1f 33 eb 9a 50 d0 4d fa 7a 05 9b 59 44 7d ba a6 Sep 21 07:34:12.033526: | CERT 91 64 c9 4d 4a 01 39 e3 83 11 04 e9 b5 b3 9d 19 Sep 21 07:34:12.033528: | CERT 1b 35 86 8a e9 e4 8b 28 e9 57 06 58 e2 cb a6 24 Sep 21 07:34:12.033529: | CERT 35 73 37 7c 05 25 07 5f b6 df 3f 8b ab 5f e7 e4 Sep 21 07:34:12.033531: | CERT 38 d2 69 f6 1f 68 e9 7b 4f 2f fd 11 62 0e 47 ee Sep 21 07:34:12.033532: | CERT 67 3b 0e 71 d8 9a 35 1b e4 4f 56 64 fd c1 66 02 Sep 21 07:34:12.033534: | CERT 69 2e 08 ac e7 43 ca 55 47 97 ae 83 19 50 e4 9d Sep 21 07:34:12.033535: | CERT c7 a6 5c 9b 93 22 54 6f 02 4b 75 00 cf 67 e3 e2 Sep 21 07:34:12.033537: | CERT 07 7c d8 47 8f c1 09 83 cc 70 94 fa 6c 74 c8 55 Sep 21 07:34:12.033538: | CERT 7b 96 2c c1 85 f1 02 98 cd 1d be 85 5c 10 80 dd Sep 21 07:34:12.033540: | CERT bb 89 44 4b 94 fa 5e 56 5c 67 0e 2e c6 62 69 d4 Sep 21 07:34:12.033541: | CERT de 0e 97 31 ed 00 10 7b 83 dc 75 e4 12 fb 00 15 Sep 21 07:34:12.033542: | CERT eb 5d e4 85 6b 0d 07 4b e6 db 86 31 02 03 01 00 Sep 21 07:34:12.033544: | CERT 01 a3 81 e4 30 81 e1 30 09 06 03 55 1d 13 04 02 Sep 21 07:34:12.033545: | CERT 30 00 30 26 06 03 55 1d 11 04 1f 30 1d 82 1b 6e Sep 21 07:34:12.033547: | CERT 6f 72 74 68 2e 74 65 73 74 69 6e 67 2e 6c 69 62 Sep 21 07:34:12.033548: | CERT 72 65 73 77 61 6e 2e 6f 72 67 30 0b 06 03 55 1d Sep 21 07:34:12.033550: | CERT 0f 04 04 03 02 07 80 30 1d 06 03 55 1d 25 04 16 Sep 21 07:34:12.033551: | CERT 30 14 06 08 2b 06 01 05 05 07 03 01 06 08 2b 06 Sep 21 07:34:12.033553: | CERT 01 05 05 07 03 02 30 41 06 08 2b 06 01 05 05 07 Sep 21 07:34:12.033554: | CERT 01 01 04 35 30 33 30 31 06 08 2b 06 01 05 05 07 Sep 21 07:34:12.033556: | CERT 30 01 86 25 68 74 74 70 3a 2f 2f 6e 69 63 2e 74 Sep 21 07:34:12.033557: | CERT 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 6e Sep 21 07:34:12.033559: | CERT 2e 6f 72 67 3a 32 35 36 30 30 3d 06 03 55 1d 1f Sep 21 07:34:12.033560: | CERT 04 36 30 34 30 32 a0 30 a0 2e 86 2c 68 74 74 70 Sep 21 07:34:12.033562: | CERT 3a 2f 2f 6e 69 63 2e 74 65 73 74 69 6e 67 2e 6c Sep 21 07:34:12.033563: | CERT 69 62 72 65 73 77 61 6e 2e 6f 72 67 2f 72 65 76 Sep 21 07:34:12.033565: | CERT 6f 6b 65 64 2e 63 72 6c 30 0d 06 09 2a 86 48 86 Sep 21 07:34:12.033567: | CERT f7 0d 01 01 0b 05 00 03 81 81 00 c0 be 88 d3 94 Sep 21 07:34:12.033569: | CERT e8 3a e9 d3 b3 fd ed 79 1d 46 48 36 a3 2a 00 15 Sep 21 07:34:12.033570: | CERT 9e 62 f1 22 44 4c 58 20 2e de 7d 7f 95 09 d5 bd Sep 21 07:34:12.033572: | CERT 95 29 e4 f8 99 e3 8f c0 67 b4 eb f6 4b a3 4e 69 Sep 21 07:34:12.033573: | CERT 48 de 1c 93 9f 22 c8 b7 ca bb e8 0c af 7e 5a cd Sep 21 07:34:12.033575: | CERT 90 0c b9 e5 4b 4a de cc c3 7c ea e6 3f 96 0c b5 Sep 21 07:34:12.033576: | CERT dc 5f 88 2d e7 e2 cc f5 f3 90 76 dc b3 05 1d 01 Sep 21 07:34:12.033578: | CERT 60 24 b8 8c a2 f7 26 17 04 4f 25 15 bc 7f 1c ff Sep 21 07:34:12.033579: | CERT 4a f7 81 eb 12 63 8b 11 8c 53 ba Sep 21 07:34:12.033581: | emitting length of ISAKMP Certificate Payload: 1232 Sep 21 07:34:12.033583: "northnet-eastnet-b" #3: I am sending a certificate request Sep 21 07:34:12.033585: | ***emit ISAKMP Certificate RequestPayload: Sep 21 07:34:12.033586: | next payload type: ISAKMP_NEXT_SIG (0x9) Sep 21 07:34:12.033588: | cert type: CERT_X509_SIGNATURE (0x4) Sep 21 07:34:12.033590: | next payload chain: ignoring supplied 'ISAKMP Certificate RequestPayload'.'next payload type' value 9:ISAKMP_NEXT_SIG Sep 21 07:34:12.033592: | next payload chain: setting previous 'ISAKMP Certificate Payload'.'next payload type' to current ISAKMP Certificate RequestPayload (7:ISAKMP_NEXT_CR) Sep 21 07:34:12.033594: | next payload chain: saving location 'ISAKMP Certificate RequestPayload'.'next payload type' in 'reply packet' Sep 21 07:34:12.033596: | emitting 175 raw bytes of CA into ISAKMP Certificate RequestPayload Sep 21 07:34:12.033597: | CA 30 81 ac 31 0b 30 09 06 03 55 04 06 13 02 43 41 Sep 21 07:34:12.033599: | CA 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 Sep 21 07:34:12.033600: | CA 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 Sep 21 07:34:12.033602: | CA 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c Sep 21 07:34:12.033603: | CA 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 Sep 21 07:34:12.033605: | CA 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 Sep 21 07:34:12.033606: | CA 6e 74 31 25 30 23 06 03 55 04 03 0c 1c 4c 69 62 Sep 21 07:34:12.033608: | CA 72 65 73 77 61 6e 20 74 65 73 74 20 43 41 20 66 Sep 21 07:34:12.033609: | CA 6f 72 20 6d 61 69 6e 63 61 31 24 30 22 06 09 2a Sep 21 07:34:12.033611: | CA 86 48 86 f7 0d 01 09 01 16 15 74 65 73 74 69 6e Sep 21 07:34:12.033612: | CA 67 40 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 Sep 21 07:34:12.033614: | emitting length of ISAKMP Certificate RequestPayload: 180 Sep 21 07:34:12.033642: | started looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org of kind PKK_RSA Sep 21 07:34:12.033728: | searching for certificate PKK_RSA:AwEAAbrCE vs PKK_RSA:AwEAAbrCE Sep 21 07:34:12.038801: | ***emit ISAKMP Signature Payload: Sep 21 07:34:12.038825: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:12.038829: | next payload chain: setting previous 'ISAKMP Certificate RequestPayload'.'next payload type' to current ISAKMP Signature Payload (9:ISAKMP_NEXT_SIG) Sep 21 07:34:12.038831: | next payload chain: saving location 'ISAKMP Signature Payload'.'next payload type' in 'reply packet' Sep 21 07:34:12.038834: | emitting 384 raw bytes of SIG_I into ISAKMP Signature Payload Sep 21 07:34:12.038837: | SIG_I 1e 0a e0 d9 ff 24 5f 24 4e ad 48 40 15 89 a3 60 Sep 21 07:34:12.038839: | SIG_I de 02 3c 4d 1b b5 a5 f1 3e 81 28 ed ab 4a 20 97 Sep 21 07:34:12.038840: | SIG_I 29 9d cb e6 f3 5d c4 a8 59 40 8b d0 32 cd 2e e1 Sep 21 07:34:12.038843: | SIG_I c4 76 53 9f ee 04 ff 84 e7 4c e6 84 46 dd 94 1b Sep 21 07:34:12.038844: | SIG_I 58 3e 7e 97 6c 05 1b fe 49 5e 50 a0 dd d5 31 53 Sep 21 07:34:12.038846: | SIG_I bd 87 a9 53 61 b6 c7 40 3b bc 9c c1 e1 8b 33 af Sep 21 07:34:12.038851: | SIG_I d1 fe 4e 19 eb dc aa cd b3 5b 4c fe 23 72 a4 79 Sep 21 07:34:12.038854: | SIG_I 33 a6 cf 4b 9e 42 12 92 32 7f c5 8d a8 af d2 04 Sep 21 07:34:12.038856: | SIG_I 6f 64 7e 86 26 fe e1 bc e0 7d 34 f3 ae 7d e9 ca Sep 21 07:34:12.038858: | SIG_I 66 f0 05 77 7e 63 51 28 a4 a9 de 5c cb 97 5f c7 Sep 21 07:34:12.038861: | SIG_I b6 ec ab db b3 a7 00 a9 c0 57 c3 b0 74 82 42 0e Sep 21 07:34:12.038863: | SIG_I a1 2a 3a a4 0b cb 4d fd 5d ab 66 3f ab f7 78 1a Sep 21 07:34:12.038865: | SIG_I f6 a7 7f e7 52 c9 57 82 f9 4f 60 8d 7a 8e 10 1d Sep 21 07:34:12.038868: | SIG_I f2 03 1d e2 6f 53 a1 fd a1 8b a3 9e ff fb 3f 7d Sep 21 07:34:12.038870: | SIG_I d0 3b a3 3c fb d6 15 8c a7 ac 64 1a fb d3 4d b0 Sep 21 07:34:12.038871: | SIG_I e5 1d ed d7 47 62 f1 4a ca d2 a9 9e b7 54 1a 24 Sep 21 07:34:12.038873: | SIG_I 7f 74 51 04 7a 37 b5 9c 34 87 66 c8 d1 b0 87 6a Sep 21 07:34:12.038874: | SIG_I bf 46 53 34 2a 86 26 7d 02 c1 f7 78 f5 03 78 3f Sep 21 07:34:12.038875: | SIG_I 46 05 93 ae ff 1e 22 b5 c0 1a cb e1 d1 9d 7c f7 Sep 21 07:34:12.038877: | SIG_I ec 45 a1 3c 48 1c a5 35 d2 12 7b 66 12 1e 7e a6 Sep 21 07:34:12.038878: | SIG_I 6a c2 a7 ae 35 4f cc c2 f5 5a f8 86 97 86 a7 0e Sep 21 07:34:12.038880: | SIG_I 0d ba 41 9d 6c c5 a6 7a c2 1c a4 5f 9a 62 81 e8 Sep 21 07:34:12.038881: | SIG_I 9e 59 87 e4 11 a4 c4 87 46 5b 99 b0 ca 9a e4 b9 Sep 21 07:34:12.038882: | SIG_I 22 ff ae 35 f2 39 f7 e2 0a c7 7b fb 4b 89 8a 3f Sep 21 07:34:12.038884: | emitting length of ISAKMP Signature Payload: 388 Sep 21 07:34:12.038885: | Not sending INITIAL_CONTACT Sep 21 07:34:12.038887: | emitting 7 zero bytes of encryption padding into ISAKMP Message Sep 21 07:34:12.038889: | no IKEv1 message padding required Sep 21 07:34:12.038891: | emitting length of ISAKMP Message: 2028 Sep 21 07:34:12.038901: | complete v1 state transition with STF_OK Sep 21 07:34:12.038907: | [RE]START processing: state #3 connection "northnet-eastnet-b" from 192.1.2.23:500 (in complete_v1_state_transition() at ikev1.c:2649) Sep 21 07:34:12.038910: | #3 is idle Sep 21 07:34:12.038912: | doing_xauth:no, t_xauth_client_done:no Sep 21 07:34:12.038914: | IKEv1: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3 Sep 21 07:34:12.038917: | parent state #3: MAIN_I2(open IKE SA) => MAIN_I3(open IKE SA) Sep 21 07:34:12.038919: | event_already_set, deleting event Sep 21 07:34:12.038922: | state #3 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:34:12.038925: | libevent_free: release ptr-libevent@0x55dbe1c02540 Sep 21 07:34:12.038927: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7fdad0002b20 Sep 21 07:34:12.038932: | sending reply packet to 192.1.2.23:500 (from 192.1.3.33:500) Sep 21 07:34:12.038938: | sending 2028 bytes for STATE_MAIN_I2 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #3) Sep 21 07:34:12.038940: | 83 26 94 dc 76 34 ec a4 7f 9b 03 f4 eb 6f 2e 92 Sep 21 07:34:12.038942: | 05 10 02 01 00 00 00 00 00 00 07 ec bc 07 fc 1c Sep 21 07:34:12.038944: | 6f 5c 8c 56 d3 29 08 f1 cb 1f b0 78 3c b4 3c 67 Sep 21 07:34:12.038946: | 3a b5 48 0d bb 84 89 e9 11 fe bf da 0e 00 de bc Sep 21 07:34:12.038949: | f1 45 0d 37 d9 29 85 00 70 6d fd 1a 7d 56 8d 5e Sep 21 07:34:12.038951: | b9 db c0 a4 34 6a 99 8b 60 0d d2 0e 23 17 1f 87 Sep 21 07:34:12.038954: | e6 33 55 f7 20 c9 87 1c 10 63 4e 71 fa 11 9e 73 Sep 21 07:34:12.038956: | aa 38 85 57 2c b5 12 f8 bb 79 2a 99 85 b2 1e c0 Sep 21 07:34:12.038958: | 44 5b ad bb 72 c1 49 76 af 5a 11 59 9a b8 82 ea Sep 21 07:34:12.038960: | cd 1a a2 27 03 9f 16 a6 c3 89 1e 1c 86 db 14 29 Sep 21 07:34:12.038962: | 2a 6a 07 8a 2e 5f 9f e8 89 a0 3c 4d 37 b4 03 8e Sep 21 07:34:12.038963: | 31 f8 ca 3a 6e 5d ed d0 9f 0c c3 61 82 59 d4 17 Sep 21 07:34:12.038964: | 07 52 f4 63 45 f5 55 ff 72 bd 36 7c 4d 48 49 e8 Sep 21 07:34:12.038966: | 21 5a 35 05 0a ec da bb ce 2b 4f ee a4 6b 3c e1 Sep 21 07:34:12.038967: | c4 8f 58 e0 bf 03 53 82 d8 88 6b 0b b3 0c 63 12 Sep 21 07:34:12.038969: | 6e 2c 1f be 5b 69 19 67 3c 0c b6 86 cf 11 4f e0 Sep 21 07:34:12.038972: | da b3 97 d6 c4 fb 2c 8e c6 89 01 18 84 b9 a7 4f Sep 21 07:34:12.038973: | 9f dd ad dd 40 cf 85 f6 e4 f7 4f 74 55 02 6a bf Sep 21 07:34:12.038975: | 85 49 40 34 b5 d9 c2 7b 27 d5 ee 01 a0 dc 13 be Sep 21 07:34:12.038976: | 7e 1a 2d 36 af 63 95 09 9f 95 3f aa 18 74 ef c2 Sep 21 07:34:12.038978: | 9c cd 9c 2a df 70 42 e3 22 23 e8 7f 0d 55 50 90 Sep 21 07:34:12.038979: | 17 d2 72 c8 7e b0 28 da 54 da 49 4f 7c b7 6f 54 Sep 21 07:34:12.038980: | 8b 32 5c 1b cb 43 ed 10 f1 67 88 39 1c 1d 43 5e Sep 21 07:34:12.038982: | 5e ba 46 85 b0 c7 3b 0a e6 8c 69 eb 8f e2 ee f1 Sep 21 07:34:12.038983: | 61 8d 24 c1 7a 5c ca ac 40 d4 2d cc 86 8c bb 8d Sep 21 07:34:12.038984: | eb 19 f9 65 df 5e 55 24 93 31 d3 b8 13 3a df 6e Sep 21 07:34:12.038986: | c6 c0 ba 8c b4 a7 bc 7e 2b ac 5a 7b ac 18 99 e6 Sep 21 07:34:12.038987: | 38 2f 21 df 73 e1 36 56 5d f2 02 38 28 ae ec 9c Sep 21 07:34:12.038989: | 26 23 02 95 99 c9 7f 35 fa 84 ca d5 57 e9 d7 31 Sep 21 07:34:12.038990: | 92 ff a8 ec eb 34 2c 02 02 a4 a0 05 f3 71 64 5c Sep 21 07:34:12.038991: | 4a 90 65 82 22 7d f3 e1 37 b8 8e 9b e5 5f 49 9a Sep 21 07:34:12.038993: | a8 78 14 d9 09 ca d0 75 59 2a 4b 67 5a 6c 8c 5d Sep 21 07:34:12.038994: | d8 47 a3 72 4d 57 b6 ac d9 3c 9b 9e 60 d7 43 75 Sep 21 07:34:12.038995: | 7a cf 90 4e e9 6d 84 5a cb a5 b9 94 a8 1b 16 ee Sep 21 07:34:12.038997: | 48 ad b4 c4 0d 8c ef a2 ac 93 be 9e 92 08 b9 b4 Sep 21 07:34:12.038998: | 16 89 d9 9e 5d b9 7b 50 8c a8 96 11 17 97 97 d8 Sep 21 07:34:12.039000: | 47 ec 83 e1 50 64 12 be 3c d9 89 12 b3 d5 f9 e1 Sep 21 07:34:12.039001: | 01 a2 dd d4 7b 15 1b c8 4b 40 4b 8f b1 63 5e dd Sep 21 07:34:12.039002: | 82 3b bf 9a 69 5c 32 e4 eb e7 a8 76 73 bc 13 99 Sep 21 07:34:12.039004: | bb 28 dd 46 70 79 c6 d6 f8 a8 f1 e5 ab 93 3c a5 Sep 21 07:34:12.039005: | ca 16 9b 1e 58 df a1 f0 c4 9d 58 a8 ba c2 04 29 Sep 21 07:34:12.039006: | 2c ac 4f 72 05 02 0b c3 7a 7b 3d 14 01 2e 6c 2a Sep 21 07:34:12.039008: | da 08 ce 4d ed e0 1b 00 90 f0 48 e5 b8 be fd bd Sep 21 07:34:12.039009: | d6 66 ed 50 cc a2 86 ff 4e 93 64 00 b3 11 a3 c5 Sep 21 07:34:12.039010: | 63 22 b6 20 0d 8c 41 5e 50 34 cf 2b be 41 eb c5 Sep 21 07:34:12.039012: | e5 32 b0 9e 20 54 90 f4 52 12 87 be 47 37 c9 8d Sep 21 07:34:12.039013: | 79 1b d1 fb cd bc 90 95 49 40 0f c4 11 57 1b 08 Sep 21 07:34:12.039015: | 3b 1d c7 1f f2 98 52 1a 26 81 0b 9d 53 08 ba cf Sep 21 07:34:12.039016: | ef 30 94 b5 a0 0b 28 ac ab 94 98 b3 01 cd c7 89 Sep 21 07:34:12.039017: | 57 b3 98 55 01 c7 4d 89 27 17 59 f2 8e d2 80 9e Sep 21 07:34:12.039019: | e7 5f 0b b2 80 be 2a 67 99 d9 12 d0 93 65 4e 04 Sep 21 07:34:12.039020: | 60 4f 00 e0 b8 4e bc 41 ea 62 1b e4 5c fb 9c c4 Sep 21 07:34:12.039021: | ee 44 74 4f cb a2 ea 3b 57 25 f4 25 3c ce dc 5e Sep 21 07:34:12.039023: | 97 cf 13 06 a0 af 04 4d 2c e0 79 77 a7 02 be fe Sep 21 07:34:12.039024: | 47 ba 9e 06 28 9b 01 bf f5 21 bc 9f 34 86 07 bc Sep 21 07:34:12.039026: | 04 ef e3 b2 09 e8 6e d0 f6 3b c1 c1 2b 5b b5 2e Sep 21 07:34:12.039027: | db cc c9 42 9b 9c c4 63 5e fd 5d 2f 93 69 e1 c2 Sep 21 07:34:12.039028: | 9d 6d 57 24 fe 25 77 a2 83 e5 e4 d3 11 2b 17 53 Sep 21 07:34:12.039030: | c0 51 ab 3c 0b e0 03 c2 3e 2d c4 f2 76 e1 01 3e Sep 21 07:34:12.039031: | 97 c2 3a 7f 5d db 39 c2 be fa ee 1c fb a5 e8 c2 Sep 21 07:34:12.039032: | 9b ea 24 c7 07 26 33 c3 87 59 e2 81 9c 92 f5 9b Sep 21 07:34:12.039034: | 3f 7e 2e f0 3e 4b 51 63 d8 fa 90 21 07 75 58 3c Sep 21 07:34:12.039035: | b9 e5 b7 1b 81 5c 71 ba 05 66 eb 4a 7e c3 c6 8c Sep 21 07:34:12.039037: | e8 a8 0a 1b 5e 47 57 0d 61 8b 3f 1f ca a9 4d 59 Sep 21 07:34:12.039038: | 1c ac 81 08 bd 07 19 87 e9 32 da f9 2a 3a 3d ce Sep 21 07:34:12.039039: | 50 17 90 b6 ac 80 0c a7 e6 a2 19 e9 2a 79 3e bc Sep 21 07:34:12.039041: | e8 08 b4 9d 77 5b b2 98 a6 82 49 d4 49 6b 22 e9 Sep 21 07:34:12.039042: | 05 dd 4b 3c 1e c9 b5 b3 ed 42 d3 95 c9 a9 78 e8 Sep 21 07:34:12.039044: | 49 a7 6c 05 28 89 6b d1 af ed b6 9b a1 7d 94 0d Sep 21 07:34:12.039046: | 04 3a 13 13 ae 55 38 ca f4 1d d2 6e ca e4 d0 07 Sep 21 07:34:12.039047: | 93 9f 08 1a 38 c6 70 e7 41 aa d6 54 07 77 24 4b Sep 21 07:34:12.039049: | 94 23 32 dd 06 89 88 1c 4a 93 86 cb 09 52 bc 86 Sep 21 07:34:12.039050: | ba a8 b4 f4 f1 3b a1 65 27 d2 a6 3b d2 b3 a3 b7 Sep 21 07:34:12.039051: | a5 c4 41 c8 a3 eb 1e 36 22 14 d1 db 4c cf 57 36 Sep 21 07:34:12.039053: | 85 93 be 26 ba 8e 0a 20 48 c9 df 50 47 d5 2c e4 Sep 21 07:34:12.039054: | 09 41 04 a1 db 3c c3 cc b7 0e a5 e6 b6 5d fa 10 Sep 21 07:34:12.039055: | cc ae f8 55 11 56 7b 1b 41 fa 44 da 1c 38 3e 82 Sep 21 07:34:12.039057: | 12 aa 67 18 57 27 8f 47 35 04 dd a2 3e c6 e7 72 Sep 21 07:34:12.039058: | 48 da e3 5e e9 0d f7 b3 55 bf 89 94 ea 0c af 67 Sep 21 07:34:12.039060: | 7e 50 60 b6 81 23 65 8a 22 6f 75 2d a7 e3 1b 98 Sep 21 07:34:12.039061: | de 5b f1 c7 81 38 ce 15 68 7c 20 0c 25 13 cc 6a Sep 21 07:34:12.039062: | c8 d3 ac 33 dc f9 20 19 5b b8 66 37 b6 3f c2 d5 Sep 21 07:34:12.039064: | 05 b0 dd 44 27 cf e9 db 21 97 41 4b f3 a0 68 cd Sep 21 07:34:12.039065: | 9b 88 cf 28 71 b2 4e e7 41 04 21 d8 c5 c5 82 21 Sep 21 07:34:12.039066: | b3 bc 5f 21 0a ee 4b 67 02 ef b7 8a 56 c2 c9 de Sep 21 07:34:12.039068: | fb 11 95 a3 6b 25 fd a1 05 c2 68 e9 02 74 09 c0 Sep 21 07:34:12.039069: | 07 eb 6f cc 85 1e d3 bb a1 42 49 64 43 59 95 a2 Sep 21 07:34:12.039071: | 76 3b ab ff c1 d1 02 d1 23 ae 04 65 b8 9f ce 8e Sep 21 07:34:12.039072: | 74 f7 93 d3 20 19 8d d6 04 af 8b 76 a5 24 00 a4 Sep 21 07:34:12.039073: | a5 6e 51 a8 c1 df 24 24 34 8e 99 97 22 82 1a 72 Sep 21 07:34:12.039075: | b4 96 75 ba 11 3b 7c 1c e9 6c 47 c9 1a 13 4c e8 Sep 21 07:34:12.039076: | a1 aa 91 f1 cc 5c 6d 66 f6 e0 3b e5 48 11 68 2f Sep 21 07:34:12.039077: | 62 1e 71 ba 7b 6f 82 e7 b8 cb 29 c7 9b f4 63 f3 Sep 21 07:34:12.039079: | 34 ee 51 2a 02 3f 9c fd a7 34 4a c6 f5 3f c2 7d Sep 21 07:34:12.039080: | cf a4 63 a8 5b 4d e0 a2 51 67 ba f7 1c 34 c8 5a Sep 21 07:34:12.039082: | 3d 00 52 d2 39 0d ad 49 e1 52 2f 75 25 ec 13 63 Sep 21 07:34:12.039083: | 75 cb b0 07 1a 1e 48 ee 7d 35 3d 75 98 fc 38 0f Sep 21 07:34:12.039084: | 92 fb 74 50 71 b6 ea 5d cb 38 08 09 33 37 b8 ed Sep 21 07:34:12.039086: | 37 86 3b 3f 1b af 69 72 74 5c 7e 64 f3 1a 36 4a Sep 21 07:34:12.039087: | df e5 42 1e 62 f6 54 1f d1 a3 a1 b1 8c 9a e6 58 Sep 21 07:34:12.039088: | 43 ac 1f 29 32 5b e7 75 37 67 c2 1d 69 7a a3 0c Sep 21 07:34:12.039090: | 37 42 01 65 d6 b3 ca 0d 43 19 09 99 3f 50 b5 83 Sep 21 07:34:12.039091: | 54 cf 4e d7 bc 4f 34 fd 54 29 4a 74 49 27 88 ce Sep 21 07:34:12.039093: | d0 33 3e a0 d7 d4 b5 cd 53 e0 88 23 cd ec 34 3f Sep 21 07:34:12.039094: | 70 79 39 45 5a 00 bc c1 93 7f 79 5f 20 16 a1 7c Sep 21 07:34:12.039095: | b6 cc 84 20 ea ad 56 45 cd 74 bd 88 e5 48 30 4a Sep 21 07:34:12.039097: | a1 3e 28 f1 0e f3 14 3d c8 c9 ad 8e 0f 2c 7b 16 Sep 21 07:34:12.039098: | 12 93 f9 0b e7 2e ac 68 2f 30 26 08 27 18 74 75 Sep 21 07:34:12.039099: | 8d bb 4d 1e d4 1c 57 6b 59 46 2e 7e 55 92 5d 2e Sep 21 07:34:12.039101: | 2e 00 68 bd 80 5f 74 a1 b0 f8 34 a6 24 84 1f 94 Sep 21 07:34:12.039102: | d1 81 b7 81 7c f5 99 be b3 b5 07 f5 cf 1c 2b 5c Sep 21 07:34:12.039103: | 46 b9 5d 2d 88 23 8d c9 08 e2 46 2b bf 29 c2 6c Sep 21 07:34:12.039105: | 96 f2 e4 d5 89 e9 37 e2 30 59 85 ba e4 7a 6e a0 Sep 21 07:34:12.039106: | 12 96 17 a8 e7 16 4b 8c 56 ac 95 f2 7d 65 26 a0 Sep 21 07:34:12.039108: | 1f e7 ca a3 03 25 b3 ca 3a dd d3 32 1f 27 fa 5a Sep 21 07:34:12.039109: | 8b 71 e9 9d 79 05 89 7d e1 cd 37 0b d3 25 68 c1 Sep 21 07:34:12.039110: | 00 db 66 af 56 eb 2a 79 74 de 97 a4 ef 11 f6 c8 Sep 21 07:34:12.039112: | fe 71 8d f6 84 e0 ab 41 81 79 8c 00 65 6d 8a e0 Sep 21 07:34:12.039113: | fe 49 79 9b d8 e6 88 f5 8b 99 18 df 6f 0b 0d a2 Sep 21 07:34:12.039115: | 85 30 15 f0 06 89 e4 55 24 49 bb 37 69 79 4a be Sep 21 07:34:12.039117: | e8 a1 56 6f b6 12 6a aa 4c 96 71 8c cb aa 94 75 Sep 21 07:34:12.039118: | 84 cc f6 4e a2 8d 04 58 eb 9c bf 7e c0 6a 8e 5a Sep 21 07:34:12.039119: | 8c 74 9d 70 fa 24 f0 f4 c0 bd 65 bb 7e c4 67 26 Sep 21 07:34:12.039121: | 47 5b f4 f6 26 36 18 17 7b 6a 9a f3 4a 99 26 76 Sep 21 07:34:12.039122: | f7 e9 8c f3 c6 0d d8 3e bc 97 7f 9b 41 d3 78 37 Sep 21 07:34:12.039124: | 70 e3 eb b8 95 cd cb 1d c6 11 88 fb 90 0e e0 d0 Sep 21 07:34:12.039125: | 5a 05 89 2b cf 3a f7 9d 87 a8 82 d9 Sep 21 07:34:12.039164: | !event_already_set at reschedule Sep 21 07:34:12.039168: | event_schedule: new EVENT_RETRANSMIT-pe@0x55dbe1c05b50 Sep 21 07:34:12.039171: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #3 Sep 21 07:34:12.039173: | libevent_malloc: new ptr-libevent@0x55dbe1c02540 size 128 Sep 21 07:34:12.039177: | #3 STATE_MAIN_I3: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 49898.407433 Sep 21 07:34:12.039179: "northnet-eastnet-b" #3: STATE_MAIN_I3: sent MI3, expecting MR3 Sep 21 07:34:12.039181: | modecfg pull: noquirk policy:push not-client Sep 21 07:34:12.039182: | phase 1 is done, looking for phase 2 to unpend Sep 21 07:34:12.039184: | resume sending helper answer for #3 suppresed complete_v1_state_transition() Sep 21 07:34:12.039188: | #3 spent 5.86 milliseconds in resume sending helper answer Sep 21 07:34:12.039192: | stop processing: state #3 connection "northnet-eastnet-b" from 192.1.2.23:500 (in resume_handler() at server.c:833) Sep 21 07:34:12.039194: | libevent_free: release ptr-libevent@0x7fdac4004f00 Sep 21 07:34:12.050686: | spent 0.00256 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:34:12.050725: | *received 1884 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Sep 21 07:34:12.050728: | 83 26 94 dc 76 34 ec a4 7f 9b 03 f4 eb 6f 2e 92 Sep 21 07:34:12.050729: | 05 10 02 01 00 00 00 00 00 00 07 5c 07 74 2b 5e Sep 21 07:34:12.050731: | 9a e0 5d 01 07 7b e2 b5 70 cd 55 4e 4a 06 6f ce Sep 21 07:34:12.050732: | 51 5a ea c7 64 99 f6 68 7e 35 3f 16 42 e3 fd 79 Sep 21 07:34:12.050734: | 5e 9e 0b d4 10 fe f1 12 7f cb c7 55 a7 1e d4 7c Sep 21 07:34:12.050735: | bb 70 0d ca 41 f3 0b e4 54 6e 42 bc ca b4 01 c9 Sep 21 07:34:12.050736: | c2 b6 d6 64 ab e7 07 45 ad 44 4f 54 ab c3 e8 b4 Sep 21 07:34:12.050738: | 38 db 25 ec 77 e5 11 1f 3d 2c 01 7a 73 77 bc af Sep 21 07:34:12.050739: | 64 7c d5 8b b0 a2 87 4b 6c 9c 67 b2 0a 8c da e6 Sep 21 07:34:12.050741: | de a9 8e d6 91 80 23 9a e7 b6 68 2e 5e 37 12 04 Sep 21 07:34:12.050742: | 7d 0d b7 3b 2d bf 2d 7d b5 04 b4 0d 60 15 48 a5 Sep 21 07:34:12.050743: | 6d bf 0a 7e e3 93 e2 37 53 1c 82 61 35 32 9d 9c Sep 21 07:34:12.050745: | 38 23 b6 68 12 25 67 7e 12 1e d5 6e f9 4e 3f 22 Sep 21 07:34:12.050746: | 3f 32 04 f3 da f5 6b e6 70 8f 4e 3e bd a5 01 43 Sep 21 07:34:12.050748: | e4 1c 95 2d 87 1b 96 3b 22 f2 ca 03 df 85 26 78 Sep 21 07:34:12.050749: | a3 43 64 23 58 65 f4 be 58 28 62 83 05 4c 8c 72 Sep 21 07:34:12.050751: | c4 c1 13 9d 46 40 c9 d0 19 a6 ba 02 5a 48 4d 8f Sep 21 07:34:12.050752: | de 7b 6e 44 40 40 e8 16 ae 9e 87 d0 a4 ad 7a 58 Sep 21 07:34:12.050753: | 11 db b9 3a 61 5e d1 61 cb fa 7b 5e c4 a6 0c 8d Sep 21 07:34:12.050755: | 12 cd e6 a5 90 22 46 3c be f4 68 7c 56 5e 4d 5c Sep 21 07:34:12.050756: | 9a e6 b1 72 64 e3 d7 da 49 91 6f ec 15 73 34 6d Sep 21 07:34:12.050758: | 89 e0 cb 29 8a 9c 10 f2 07 17 47 4d b1 a7 e9 1e Sep 21 07:34:12.050759: | c5 e2 6e d8 cd 46 53 4e 60 1d 6c b2 e5 ab 12 73 Sep 21 07:34:12.050760: | 70 a1 4e ea 09 50 93 3d 8a 26 c7 87 6f e5 34 ca Sep 21 07:34:12.050762: | 7d c8 9f da 8f 03 81 de f4 c6 9d aa b1 63 15 1b Sep 21 07:34:12.050763: | 63 6b 81 e5 b6 8a 0a 7f 4a 30 f0 02 5d 6b a4 50 Sep 21 07:34:12.050765: | da 83 c1 ba 7b 18 14 2c 08 b1 b7 b4 38 f5 aa d4 Sep 21 07:34:12.050766: | 16 89 0d a8 98 5a 04 18 5a e1 20 bf a3 54 9e c2 Sep 21 07:34:12.050770: | fa a7 0b 04 1c b7 14 23 10 22 03 a8 88 92 b2 df Sep 21 07:34:12.050772: | d2 ac 16 d6 66 55 92 a5 db 7a 64 e7 c3 f7 e9 49 Sep 21 07:34:12.050773: | 30 40 45 42 1a fd c9 49 e4 9d e2 b4 59 0d c4 96 Sep 21 07:34:12.050775: | 7f 3c 89 37 6f 42 5b b1 10 85 2e 99 8e cb dd 70 Sep 21 07:34:12.050776: | 77 07 e7 cd e2 d7 db 55 98 af c1 2c ad b1 5c 8d Sep 21 07:34:12.050777: | ad 28 62 cd 27 74 d9 01 97 a8 ef 23 fd d2 c5 81 Sep 21 07:34:12.050779: | ab 98 54 09 1c ee 0a b4 c8 8e ca 5b 5c 23 c1 02 Sep 21 07:34:12.050780: | d1 fa 0b 93 b2 ae f8 bc 3c 46 8e d7 a0 e8 67 38 Sep 21 07:34:12.050782: | 47 e8 02 3b 78 0d 81 11 bb c1 65 1a c3 32 f7 06 Sep 21 07:34:12.050789: | b6 9b d8 66 dd 7e 31 55 09 cb cf 3e 67 9f 29 40 Sep 21 07:34:12.050790: | b9 34 04 46 e6 55 60 66 7e b8 4b e3 9c ab 7b 8c Sep 21 07:34:12.050792: | 0d 25 aa 1c 48 00 b4 71 e1 ef ff dd 0c f5 d9 95 Sep 21 07:34:12.050793: | 0f cb 92 8f d3 3f da ea 33 46 bf 0f 70 54 10 84 Sep 21 07:34:12.050794: | b0 6b 34 89 df 34 2c e7 fd f8 ec 28 66 7f a5 a1 Sep 21 07:34:12.050796: | fd bf f4 94 d0 35 77 ad 53 7b b9 86 a9 9c 72 ac Sep 21 07:34:12.050797: | 7c 28 35 a2 38 5e a7 12 b6 dc a2 fd f7 89 db e5 Sep 21 07:34:12.050799: | 90 2e 56 5a ee 09 14 e6 53 0b d9 d5 e8 e6 35 f0 Sep 21 07:34:12.050800: | b4 d3 20 ba 0d 9b 8f 6f 58 98 27 ad ec bc 59 78 Sep 21 07:34:12.050801: | 9f 19 da 0a 30 c0 32 6f 4f ed cf 61 68 9f 20 8e Sep 21 07:34:12.050803: | 51 cf b1 05 1a 1d 1f 0a ce e6 ed 71 91 bf 3c 09 Sep 21 07:34:12.050804: | 6c 14 7b 2f d3 8c cd 51 c1 63 6e e2 df a5 53 ed Sep 21 07:34:12.050819: | 2c 71 81 3d 08 54 20 5b 0b d5 89 81 43 63 8d 31 Sep 21 07:34:12.050820: | f8 7f 0b 79 e4 66 4d 6b 1d 35 c3 c8 83 b8 08 a3 Sep 21 07:34:12.050821: | 75 5f 67 b3 88 7d ae 96 c5 e0 a7 21 d1 6e 60 bb Sep 21 07:34:12.050823: | 00 6c 6e 19 c7 f4 39 95 0c 24 5c 34 83 01 e2 2e Sep 21 07:34:12.050824: | fb 34 84 e1 7e 9d 68 a7 8e d9 59 35 4b a8 a1 86 Sep 21 07:34:12.050825: | 24 72 bd 65 77 3f 3b 27 2d fd 57 d3 aa 74 d3 40 Sep 21 07:34:12.050827: | 9f 88 21 d3 87 b3 b4 00 5c 92 60 b1 c1 7b 1f 9e Sep 21 07:34:12.050828: | e5 1e 46 6f 77 4c 3a 7f 0c 09 45 e6 2b c8 f4 ff Sep 21 07:34:12.050830: | c2 80 63 44 3f fe 03 68 85 10 41 d4 c9 a9 c6 45 Sep 21 07:34:12.050831: | 49 2b cf 9f 69 06 47 27 7f d6 2f 27 b0 63 1b 9d Sep 21 07:34:12.050832: | 9a da 93 9b 91 97 90 aa 18 f0 b3 88 c2 66 54 0f Sep 21 07:34:12.050834: | 84 80 f5 93 ab 90 f0 57 2f a5 43 20 14 ea 15 c6 Sep 21 07:34:12.050835: | bf 7b 10 35 2e 4d 96 1c 27 79 c5 0e 7b e8 4d 14 Sep 21 07:34:12.050836: | bd 93 73 fc 3d aa cd b6 d1 17 28 89 56 0b be af Sep 21 07:34:12.050838: | 9c a2 72 bc 34 38 f5 ea c5 a5 0b 63 62 5f eb eb Sep 21 07:34:12.050839: | 32 5d 59 2b 99 3c 2e a6 60 69 a8 16 4a 64 94 c9 Sep 21 07:34:12.050841: | 1e 2e ad a7 0a 98 68 5a e0 74 e5 84 aa f4 05 8d Sep 21 07:34:12.050842: | eb ab 4a 5f 81 65 7e 6a 52 7e 57 72 47 9e d9 fe Sep 21 07:34:12.050843: | f0 c0 6b ae 61 2f 7b d7 a8 d2 6f b3 90 91 6f 67 Sep 21 07:34:12.050845: | d0 af 7e b1 24 15 01 6e f8 a3 94 cb 0d 9d e7 ac Sep 21 07:34:12.050846: | 12 d5 c2 42 34 76 04 c3 8a 0d 0d f6 b0 5c 07 fa Sep 21 07:34:12.050847: | d2 5d a3 70 3f 47 79 02 8f 15 5c 74 bb c5 df 7d Sep 21 07:34:12.050849: | 27 bd ac f2 30 e0 8f 8e 4c 84 e0 47 6c 64 0e 1f Sep 21 07:34:12.050850: | d8 60 57 30 77 d9 38 14 27 7d 7a 15 ca b0 2c 7a Sep 21 07:34:12.050852: | be dd 72 71 11 1e 34 26 a1 a0 a9 b8 3c 42 af d9 Sep 21 07:34:12.050853: | cc 16 19 29 10 58 30 d7 87 4a 90 1f 50 77 3f ee Sep 21 07:34:12.050854: | 31 ec 0c 61 1f 1e c6 81 30 75 c2 1f 47 5c 01 1f Sep 21 07:34:12.050856: | 1e 66 cb c7 95 d9 1b 19 00 18 10 71 56 13 29 fd Sep 21 07:34:12.050857: | 2b 82 81 0d 52 75 dd 5c 01 aa 50 be 4c 29 a5 81 Sep 21 07:34:12.050858: | e7 01 e2 b2 4c 6c 6e 17 b7 85 67 c8 c9 c7 20 eb Sep 21 07:34:12.050860: | 0f af bf ac d9 a3 8b e8 f0 cc 9b 9e 76 2c 5b 3d Sep 21 07:34:12.050862: | 17 1e b8 d3 8b 36 16 d4 5a b1 af 9d 9d e2 f7 94 Sep 21 07:34:12.050864: | 93 d4 9a ad aa c1 2d 54 e8 46 a5 36 61 72 f2 42 Sep 21 07:34:12.050865: | b3 a9 12 ee 58 ec 93 0a 23 b6 92 22 a2 53 a2 dc Sep 21 07:34:12.050867: | df 26 58 cb 56 5b 14 80 ba af 72 9b 52 da b2 17 Sep 21 07:34:12.050868: | 9f f6 2c 29 3d 1f 51 e8 47 fd e1 96 55 32 81 e9 Sep 21 07:34:12.050869: | db e7 43 86 6b 00 03 71 e8 84 da 6b 74 06 14 7a Sep 21 07:34:12.050871: | cf e0 43 0d 0e b7 20 12 dd 34 6a 89 8b 2d fa bc Sep 21 07:34:12.050872: | 9e bc 86 54 39 dc e6 b3 4a 98 d9 96 1c 0e 87 06 Sep 21 07:34:12.050873: | 0c a9 12 da d3 74 01 2f 16 91 47 a2 cd 39 d9 92 Sep 21 07:34:12.050875: | 92 f1 c7 b3 3b 16 93 09 72 2d 6b 56 f9 1e f8 df Sep 21 07:34:12.050876: | f4 12 77 ae 4c 18 99 c6 d3 7d ed 12 70 03 bb b8 Sep 21 07:34:12.050878: | 90 15 cc 6b b6 de b8 8d 59 9b 6a e4 56 1e 8f d6 Sep 21 07:34:12.050879: | dc dc 8d 51 9b 52 fa d7 1c 92 be fc 67 1d dd 2b Sep 21 07:34:12.050880: | 87 ac fb c6 31 f7 77 8e 1e ea d3 9a f9 dc 4c 27 Sep 21 07:34:12.050882: | af f9 2a cb 8c 50 e6 b1 4c 5d b1 f9 77 2b e3 c1 Sep 21 07:34:12.050883: | 26 d7 c0 d1 83 1b d2 bc c2 9a bb 5c 70 4d ca 6d Sep 21 07:34:12.050884: | 6c 1c 54 ff f4 fd eb 98 7d 9a 8f 3b ba 9c 99 18 Sep 21 07:34:12.050886: | 5a a4 be 30 43 57 88 fa 9e ca 48 62 56 c4 c0 52 Sep 21 07:34:12.050887: | 8c 13 aa 44 4d 1c b0 db 9d 45 08 38 05 c2 30 c6 Sep 21 07:34:12.050888: | b9 6c 68 02 3d 11 7d d8 57 9d 1f 96 cd a6 bc 37 Sep 21 07:34:12.050890: | 7a 2e 0f f3 6f d6 f8 4b b7 d6 e9 a5 41 5b bd 28 Sep 21 07:34:12.050891: | 43 3b 27 fb 47 f5 e8 b8 69 5b 84 55 02 4c b9 ef Sep 21 07:34:12.050893: | eb 39 ff 2f 8e 81 4e 81 a4 28 a0 ed 76 fe 65 da Sep 21 07:34:12.050894: | bf e4 d9 80 01 c0 5c 50 c3 63 39 87 85 14 23 e7 Sep 21 07:34:12.050895: | 65 d4 cd 51 c2 ec ee b4 e0 44 5d 8c 7e 89 cb 2d Sep 21 07:34:12.050897: | 4c 1a 1a 68 e0 70 02 96 94 94 f2 56 36 c4 7f 36 Sep 21 07:34:12.050898: | ed a3 3a 7d 03 d4 ec 55 0c 13 ef 24 c4 62 ca 3d Sep 21 07:34:12.050899: | e1 bc 63 08 8a 20 59 ca 65 ca 6a ff ab e9 e5 31 Sep 21 07:34:12.050901: | ca c2 2d 8e a6 69 b1 fe 0a 50 84 80 2e ab d5 a0 Sep 21 07:34:12.050902: | 72 04 f9 5b 80 98 bc 35 b4 8e a2 21 c1 6f 65 86 Sep 21 07:34:12.050903: | 22 54 91 76 0e 92 13 36 cf dd be 07 99 74 31 09 Sep 21 07:34:12.050905: | 8e 0c f4 eb aa 40 6f 0b 23 c7 43 a2 00 de 1a ee Sep 21 07:34:12.050906: | dc 59 10 08 b4 07 e2 49 51 8d fb 92 4e be a4 6f Sep 21 07:34:12.050908: | 97 31 3b 76 95 3d fa d0 47 de ac 1f 72 db bb 82 Sep 21 07:34:12.050909: | fc 03 1e 8d 2b 3f 35 69 37 92 52 8c e2 ef 09 4c Sep 21 07:34:12.050910: | b5 b0 94 b4 4c ea 8a 83 a8 ba 09 6f b7 75 20 d2 Sep 21 07:34:12.050912: | b1 8c ab 21 89 b2 48 5d 3e 03 20 cd d0 c8 74 9b Sep 21 07:34:12.050913: | 91 45 c1 10 1e 1d c8 fd 06 ab c1 56 Sep 21 07:34:12.050916: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:34:12.050919: | **parse ISAKMP Message: Sep 21 07:34:12.050921: | initiator cookie: Sep 21 07:34:12.050922: | 83 26 94 dc 76 34 ec a4 Sep 21 07:34:12.050924: | responder cookie: Sep 21 07:34:12.050925: | 7f 9b 03 f4 eb 6f 2e 92 Sep 21 07:34:12.050927: | next payload type: ISAKMP_NEXT_ID (0x5) Sep 21 07:34:12.050929: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:34:12.050930: | exchange type: ISAKMP_XCHG_IDPROT (0x2) Sep 21 07:34:12.050932: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Sep 21 07:34:12.050933: | Message ID: 0 (0x0) Sep 21 07:34:12.050935: | length: 1884 (0x75c) Sep 21 07:34:12.050937: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) Sep 21 07:34:12.050940: | State DB: found IKEv1 state #3 in MAIN_I3 (find_state_ikev1) Sep 21 07:34:12.050943: | start processing: state #3 connection "northnet-eastnet-b" from 192.1.2.23:500 (in process_v1_packet() at ikev1.c:1435) Sep 21 07:34:12.050946: | #3 is idle Sep 21 07:34:12.050947: | #3 idle Sep 21 07:34:12.050950: | received encrypted packet from 192.1.2.23:500 Sep 21 07:34:12.050963: | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x220 opt: 0x20c0 Sep 21 07:34:12.050965: | ***parse ISAKMP Identification Payload: Sep 21 07:34:12.050967: | next payload type: ISAKMP_NEXT_CERT (0x6) Sep 21 07:34:12.050969: | length: 191 (0xbf) Sep 21 07:34:12.050970: | ID type: ID_DER_ASN1_DN (0x9) Sep 21 07:34:12.050972: | DOI specific A: 0 (0x0) Sep 21 07:34:12.050973: | DOI specific B: 0 (0x0) Sep 21 07:34:12.050975: | obj: 30 81 b4 31 0b 30 09 06 03 55 04 06 13 02 43 41 Sep 21 07:34:12.050976: | obj: 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 Sep 21 07:34:12.050978: | obj: 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 Sep 21 07:34:12.050979: | obj: 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c Sep 21 07:34:12.050980: | obj: 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 Sep 21 07:34:12.050982: | obj: 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 Sep 21 07:34:12.050983: | obj: 6e 74 31 23 30 21 06 03 55 04 03 0c 1a 65 61 73 Sep 21 07:34:12.050985: | obj: 74 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 Sep 21 07:34:12.050986: | obj: 77 61 6e 2e 6f 72 67 31 2e 30 2c 06 09 2a 86 48 Sep 21 07:34:12.050987: | obj: 86 f7 0d 01 09 01 16 1f 75 73 65 72 2d 65 61 73 Sep 21 07:34:12.050989: | obj: 74 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 Sep 21 07:34:12.050990: | obj: 77 61 6e 2e 6f 72 67 Sep 21 07:34:12.050992: | got payload 0x40 (ISAKMP_NEXT_CERT) needed: 0x200 opt: 0x20c0 Sep 21 07:34:12.050994: | ***parse ISAKMP Certificate Payload: Sep 21 07:34:12.050995: | next payload type: ISAKMP_NEXT_SIG (0x9) Sep 21 07:34:12.050997: | length: 1265 (0x4f1) Sep 21 07:34:12.050999: | cert encoding: CERT_X509_SIGNATURE (0x4) Sep 21 07:34:12.051000: | got payload 0x200 (ISAKMP_NEXT_SIG) needed: 0x200 opt: 0x20c0 Sep 21 07:34:12.051002: | ***parse ISAKMP Signature Payload: Sep 21 07:34:12.051003: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:12.051005: | length: 388 (0x184) Sep 21 07:34:12.051006: | removing 12 bytes of padding Sep 21 07:34:12.051008: | message 'main_inR3' HASH payload not checked early Sep 21 07:34:12.051011: | DER ASN1 DN: 30 81 b4 31 0b 30 09 06 03 55 04 06 13 02 43 41 Sep 21 07:34:12.051012: | DER ASN1 DN: 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 Sep 21 07:34:12.051014: | DER ASN1 DN: 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 Sep 21 07:34:12.051015: | DER ASN1 DN: 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c Sep 21 07:34:12.051017: | DER ASN1 DN: 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 Sep 21 07:34:12.051018: | DER ASN1 DN: 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 Sep 21 07:34:12.051020: | DER ASN1 DN: 6e 74 31 23 30 21 06 03 55 04 03 0c 1a 65 61 73 Sep 21 07:34:12.051021: | DER ASN1 DN: 74 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 Sep 21 07:34:12.051022: | DER ASN1 DN: 77 61 6e 2e 6f 72 67 31 2e 30 2c 06 09 2a 86 48 Sep 21 07:34:12.051024: | DER ASN1 DN: 86 f7 0d 01 09 01 16 1f 75 73 65 72 2d 65 61 73 Sep 21 07:34:12.051025: | DER ASN1 DN: 74 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 Sep 21 07:34:12.051027: | DER ASN1 DN: 77 61 6e 2e 6f 72 67 Sep 21 07:34:12.051032: "northnet-eastnet-b" #3: Peer ID is ID_DER_ASN1_DN: 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' Sep 21 07:34:12.051037: | global one-shot timer EVENT_FREE_ROOT_CERTS scheduled in 300 seconds Sep 21 07:34:12.051041: | #3 spent 0.00368 milliseconds in find_and_verify_certs() calling get_root_certs() Sep 21 07:34:12.051043: | checking for known CERT payloads Sep 21 07:34:12.051045: | saving certificate of type 'X509_SIGNATURE' Sep 21 07:34:12.051080: | decoded cert: E=user-east@testing.libreswan.org,CN=east.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA Sep 21 07:34:12.051086: | #3 spent 0.042 milliseconds in find_and_verify_certs() calling decode_cert_payloads() Sep 21 07:34:12.051090: | cert_issuer_has_current_crl: looking for a CRL issued by E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA Sep 21 07:34:12.051151: | #3 spent 0.0595 milliseconds in find_and_verify_certs() calling crl_update_check() Sep 21 07:34:12.051154: | missing or expired CRL Sep 21 07:34:12.051156: | crl_strict: 0, ocsp: 0, ocsp_strict: 0, ocsp_post: 0 Sep 21 07:34:12.051158: | verify_end_cert trying profile IPsec Sep 21 07:34:12.051228: | certificate is valid (profile IPsec) Sep 21 07:34:12.051233: | #3 spent 0.0766 milliseconds in find_and_verify_certs() calling verify_end_cert() Sep 21 07:34:12.051236: "northnet-eastnet-b" #3: certificate verified OK: E=user-east@testing.libreswan.org,CN=east.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA Sep 21 07:34:12.051287: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55dbe1bf6100 Sep 21 07:34:12.051290: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55dbe1bf5310 Sep 21 07:34:12.051292: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55dbe1bf7260 Sep 21 07:34:12.051293: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x55dbe1bfb940 Sep 21 07:34:12.051295: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x7fdacc000c30 Sep 21 07:34:12.051461: | unreference key: 0x55dbe1c179c0 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org cnt 1-- Sep 21 07:34:12.051467: | #3 spent 0.227 milliseconds in decode_certs() calling add_pubkey_from_nss_cert() Sep 21 07:34:12.051469: | #3 spent 0.434 milliseconds in decode_certs() Sep 21 07:34:12.051478: | ID_DER_ASN1_DN 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' needs further ID comparison against 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' Sep 21 07:34:12.051481: | ID_DER_ASN1_DN 'E=user-east@testing.libreswan.org,CN=east.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' matched our ID 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' Sep 21 07:34:12.051483: | SAN ID matched, updating that.cert Sep 21 07:34:12.051484: | X509: CERT and ID matches current connection Sep 21 07:34:12.051511: | required RSA CA is 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:34:12.051519: | checking RSA keyid 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' for match with 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' Sep 21 07:34:12.051524: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:34:12.051528: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:34:12.051533: | RSA key issuer CA is 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:34:12.051625: | an RSA Sig check passed with *AwEAAbANn [remote certificates] Sep 21 07:34:12.051629: | #3 spent 0.0932 milliseconds in try_all_keys() trying a pubkey Sep 21 07:34:12.051631: "northnet-eastnet-b" #3: Authenticated using RSA Sep 21 07:34:12.051633: | FOR_EACH_CONNECTION_... in ISAKMP_SA_established Sep 21 07:34:12.051683: | complete v1 state transition with STF_OK Sep 21 07:34:12.051688: | [RE]START processing: state #3 connection "northnet-eastnet-b" from 192.1.2.23:500 (in complete_v1_state_transition() at ikev1.c:2649) Sep 21 07:34:12.051708: | #3 is idle Sep 21 07:34:12.051710: | doing_xauth:no, t_xauth_client_done:no Sep 21 07:34:12.051717: | IKEv1: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4 Sep 21 07:34:12.051721: | parent state #3: MAIN_I3(open IKE SA) => MAIN_I4(established IKE SA) Sep 21 07:34:12.051724: | event_already_set, deleting event Sep 21 07:34:12.051727: | state #3 requesting EVENT_RETRANSMIT to be deleted Sep 21 07:34:12.051730: | #3 STATE_MAIN_I4: retransmits: cleared Sep 21 07:34:12.051734: | libevent_free: release ptr-libevent@0x55dbe1c02540 Sep 21 07:34:12.051738: | free_event_entry: release EVENT_RETRANSMIT-pe@0x55dbe1c05b50 Sep 21 07:34:12.051741: | !event_already_set at reschedule Sep 21 07:34:12.051745: | event_schedule: new EVENT_SA_REPLACE-pe@0x55dbe1c05b50 Sep 21 07:34:12.051749: | inserting event EVENT_SA_REPLACE, timeout in 2638 seconds for #3 Sep 21 07:34:12.051752: | libevent_malloc: new ptr-libevent@0x55dbe1c02540 size 128 Sep 21 07:34:12.051756: | pstats #3 ikev1.isakmp established Sep 21 07:34:12.051760: "northnet-eastnet-b" #3: STATE_MAIN_I4: ISAKMP SA established {auth=RSA_SIG cipher=AES_CBC_256 integ=HMAC_SHA2_256 group=MODP2048} Sep 21 07:34:12.051764: | DPD: dpd_init() called on ISAKMP SA Sep 21 07:34:12.051766: | DPD: Peer supports Dead Peer Detection Sep 21 07:34:12.051769: | DPD: not initializing DPD because DPD is disabled locally Sep 21 07:34:12.051772: | modecfg pull: noquirk policy:push not-client Sep 21 07:34:12.051774: | phase 1 is done, looking for phase 2 to unpend Sep 21 07:34:12.051776: | unpending state #3 Sep 21 07:34:12.051780: | creating state object #4 at 0x55dbe1c0b270 Sep 21 07:34:12.051782: | State DB: adding IKEv1 state #4 in UNDEFINED Sep 21 07:34:12.051790: | pstats #4 ikev1.ipsec started Sep 21 07:34:12.051794: | duplicating state object #3 "northnet-eastnet-b" as #4 for IPSEC SA Sep 21 07:34:12.051798: | #4 setting local endpoint to 192.1.3.33:500 from #3.st_localport (in duplicate_state() at state.c:1481) Sep 21 07:34:12.051800: | in connection_discard for connection northnet-eastnet-b Sep 21 07:34:12.051804: | suspend processing: state #3 connection "northnet-eastnet-b" from 192.1.2.23:500 (in quick_outI1() at ikev1_quick.c:683) Sep 21 07:34:12.051819: | start processing: state #4 connection "north-a-dpd" from 192.1.2.23:500 (in quick_outI1() at ikev1_quick.c:683) Sep 21 07:34:12.051824: | child state #4: UNDEFINED(ignore) => QUICK_I1(established CHILD SA) Sep 21 07:34:12.051828: "north-a-dpd" #4: initiating Quick Mode RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO {using isakmp#3 msgid:665770ef proposal=defaults pfsgroup=MODP2048} Sep 21 07:34:12.051831: | adding quick_outI1 KE work-order 7 for state #4 Sep 21 07:34:12.051833: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7fdad80041c0 Sep 21 07:34:12.051835: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #4 Sep 21 07:34:12.051837: | libevent_malloc: new ptr-libevent@0x7fdac4004f00 size 128 Sep 21 07:34:12.051843: | stop processing: state #4 connection "north-a-dpd" from 192.1.2.23:500 (in quick_outI1() at ikev1_quick.c:762) Sep 21 07:34:12.051861: | resume processing: state #3 connection "northnet-eastnet-b" from 192.1.2.23:500 (in quick_outI1() at ikev1_quick.c:762) Sep 21 07:34:12.051864: | unqueuing pending Quick Mode with 192.1.2.23 "north-a-dpd" Sep 21 07:34:12.051866: | removing pending policy for no connection {0x55dbe1b96050} Sep 21 07:34:12.051868: | creating state object #5 at 0x55dbe1c0e5c0 Sep 21 07:34:12.051870: | State DB: adding IKEv1 state #5 in UNDEFINED Sep 21 07:34:12.051870: | crypto helper 6 resuming Sep 21 07:34:12.051880: | crypto helper 6 starting work-order 7 for state #4 Sep 21 07:34:12.051872: | pstats #5 ikev1.ipsec started Sep 21 07:34:12.051885: | crypto helper 6 doing build KE and nonce (quick_outI1 KE); request ID 7 Sep 21 07:34:12.051890: | duplicating state object #3 "northnet-eastnet-b" as #5 for IPSEC SA Sep 21 07:34:12.051899: | #5 setting local endpoint to 192.1.3.33:500 from #3.st_localport (in duplicate_state() at state.c:1481) Sep 21 07:34:12.051904: | suspend processing: state #3 connection "northnet-eastnet-b" from 192.1.2.23:500 (in quick_outI1() at ikev1_quick.c:683) Sep 21 07:34:12.051907: | start processing: state #5 connection "northnet-eastnet-b" from 192.1.2.23:500 (in quick_outI1() at ikev1_quick.c:683) Sep 21 07:34:12.051911: | child state #5: UNDEFINED(ignore) => QUICK_I1(established CHILD SA) Sep 21 07:34:12.051914: "northnet-eastnet-b" #5: initiating Quick Mode RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO {using isakmp#3 msgid:276b1175 proposal=defaults pfsgroup=MODP2048} Sep 21 07:34:12.051917: | adding quick_outI1 KE work-order 8 for state #5 Sep 21 07:34:12.051918: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55dbe1bf50f0 Sep 21 07:34:12.051921: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #5 Sep 21 07:34:12.051923: | libevent_malloc: new ptr-libevent@0x7fdad0006900 size 128 Sep 21 07:34:12.051929: | stop processing: state #5 connection "northnet-eastnet-b" from 192.1.2.23:500 (in quick_outI1() at ikev1_quick.c:762) Sep 21 07:34:12.051931: | resume processing: state #3 connection "northnet-eastnet-b" from 192.1.2.23:500 (in quick_outI1() at ikev1_quick.c:762) Sep 21 07:34:12.051932: | crypto helper 2 resuming Sep 21 07:34:12.051941: | crypto helper 2 starting work-order 8 for state #5 Sep 21 07:34:12.051934: | unqueuing pending Quick Mode with 192.1.2.23 "northnet-eastnet-b" Sep 21 07:34:12.051946: | crypto helper 2 doing build KE and nonce (quick_outI1 KE); request ID 8 Sep 21 07:34:12.051947: | removing pending policy for no connection {0x55dbe1c03e80} Sep 21 07:34:12.051957: | #3 spent 0.929 milliseconds in process_packet_tail() Sep 21 07:34:12.051960: | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) Sep 21 07:34:12.051963: | stop processing: state #3 connection "northnet-eastnet-b" from 192.1.2.23:500 (in process_md() at demux.c:382) Sep 21 07:34:12.051965: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:34:12.051968: | spent 1.23 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:34:12.052998: | crypto helper 6 finished build KE and nonce (quick_outI1 KE); request ID 7 time elapsed 0.001112 seconds Sep 21 07:34:12.052999: | crypto helper 2 finished build KE and nonce (quick_outI1 KE); request ID 8 time elapsed 0.001054 seconds Sep 21 07:34:12.053010: | (#4) spent 0.595 milliseconds in crypto helper computing work-order 7: quick_outI1 KE (pcr) Sep 21 07:34:12.053016: | (#5) spent 0.576 milliseconds in crypto helper computing work-order 8: quick_outI1 KE (pcr) Sep 21 07:34:12.053017: | crypto helper 6 sending results from work-order 7 for state #4 to event queue Sep 21 07:34:12.053020: | crypto helper 2 sending results from work-order 8 for state #5 to event queue Sep 21 07:34:12.053025: | scheduling resume sending helper answer for #4 Sep 21 07:34:12.053030: | scheduling resume sending helper answer for #5 Sep 21 07:34:12.053035: | libevent_malloc: new ptr-libevent@0x7fdac8006900 size 128 Sep 21 07:34:12.053039: | libevent_malloc: new ptr-libevent@0x7fdadc0016a0 size 128 Sep 21 07:34:12.053047: | crypto helper 6 waiting (nothing to do) Sep 21 07:34:12.053067: | crypto helper 2 waiting (nothing to do) Sep 21 07:34:12.053075: | processing resume sending helper answer for #4 Sep 21 07:34:12.053083: | start processing: state #4 connection "north-a-dpd" from 192.1.2.23:500 (in resume_handler() at server.c:797) Sep 21 07:34:12.053087: | crypto helper 6 replies to request ID 7 Sep 21 07:34:12.053089: | calling continuation function 0x55dbdfa7b630 Sep 21 07:34:12.053091: | quick_outI1_continue for #4: calculated ke+nonce, sending I1 Sep 21 07:34:12.053094: | **emit ISAKMP Message: Sep 21 07:34:12.053096: | initiator cookie: Sep 21 07:34:12.053098: | 83 26 94 dc 76 34 ec a4 Sep 21 07:34:12.053099: | responder cookie: Sep 21 07:34:12.053101: | 7f 9b 03 f4 eb 6f 2e 92 Sep 21 07:34:12.053102: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:12.053106: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:34:12.053108: | exchange type: ISAKMP_XCHG_QUICK (0x20) Sep 21 07:34:12.053110: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Sep 21 07:34:12.053112: | Message ID: 1717006575 (0x665770ef) Sep 21 07:34:12.053114: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:34:12.053115: | ***emit ISAKMP Hash Payload: Sep 21 07:34:12.053117: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:12.053119: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Sep 21 07:34:12.053121: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'reply packet' Sep 21 07:34:12.053123: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Sep 21 07:34:12.053125: | emitting length of ISAKMP Hash Payload: 36 Sep 21 07:34:12.053127: | emitting quick defaults using policy none Sep 21 07:34:12.053129: | empty esp_info, returning defaults for ENCRYPT Sep 21 07:34:12.053131: | ***emit ISAKMP Security Association Payload: Sep 21 07:34:12.053133: | next payload type: ISAKMP_NEXT_NONCE (0xa) Sep 21 07:34:12.053135: | DOI: ISAKMP_DOI_IPSEC (0x1) Sep 21 07:34:12.053137: | next payload chain: ignoring supplied 'ISAKMP Security Association Payload'.'next payload type' value 10:ISAKMP_NEXT_NONCE Sep 21 07:34:12.053139: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Security Association Payload (1:ISAKMP_NEXT_SA) Sep 21 07:34:12.053141: | next payload chain: saving location 'ISAKMP Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:34:12.053142: | ****emit IPsec DOI SIT: Sep 21 07:34:12.053144: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) Sep 21 07:34:12.053146: | ikev1_out_sa pcn: 0 has 1 valid proposals Sep 21 07:34:12.053148: | ikev1_out_sa pcn: 0 pn: 0<1 valid_count: 1 trans_cnt: 2 Sep 21 07:34:12.053149: | ****emit ISAKMP Proposal Payload: Sep 21 07:34:12.053151: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:12.053153: | proposal number: 0 (0x0) Sep 21 07:34:12.053154: | protocol ID: PROTO_IPSEC_ESP (0x3) Sep 21 07:34:12.053156: | SPI size: 4 (0x4) Sep 21 07:34:12.053157: | number of transforms: 2 (0x2) Sep 21 07:34:12.053159: | last substructure: saving location 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' Sep 21 07:34:12.053173: | netlink_get_spi: allocated 0xaa056cd4 for esp.0@192.1.3.33 Sep 21 07:34:12.053176: | emitting 4 raw bytes of SPI into ISAKMP Proposal Payload Sep 21 07:34:12.053177: | SPI aa 05 6c d4 Sep 21 07:34:12.053179: | *****emit ISAKMP Transform Payload (ESP): Sep 21 07:34:12.053181: | next payload type: ISAKMP_NEXT_T (0x3) Sep 21 07:34:12.053182: | ESP transform number: 0 (0x0) Sep 21 07:34:12.053184: | ESP transform ID: ESP_AES (0xc) Sep 21 07:34:12.053186: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' Sep 21 07:34:12.053187: | ******emit ISAKMP IPsec DOI attribute: Sep 21 07:34:12.053189: | af+type: AF+GROUP_DESCRIPTION (0x8003) Sep 21 07:34:12.053191: | length/value: 14 (0xe) Sep 21 07:34:12.053193: | [14 is OAKLEY_GROUP_MODP2048] Sep 21 07:34:12.053195: | ******emit ISAKMP IPsec DOI attribute: Sep 21 07:34:12.053196: | af+type: AF+ENCAPSULATION_MODE (0x8004) Sep 21 07:34:12.053198: | length/value: 1 (0x1) Sep 21 07:34:12.053200: | [1 is ENCAPSULATION_MODE_TUNNEL] Sep 21 07:34:12.053201: | ******emit ISAKMP IPsec DOI attribute: Sep 21 07:34:12.053203: | af+type: AF+SA_LIFE_TYPE (0x8001) Sep 21 07:34:12.053204: | length/value: 1 (0x1) Sep 21 07:34:12.053206: | [1 is SA_LIFE_TYPE_SECONDS] Sep 21 07:34:12.053207: | ******emit ISAKMP IPsec DOI attribute: Sep 21 07:34:12.053209: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) Sep 21 07:34:12.053210: | length/value: 28800 (0x7080) Sep 21 07:34:12.053213: | ******emit ISAKMP IPsec DOI attribute: Sep 21 07:34:12.053215: | af+type: AF+AUTH_ALGORITHM (0x8005) Sep 21 07:34:12.053216: | length/value: 2 (0x2) Sep 21 07:34:12.053218: | [2 is AUTH_ALGORITHM_HMAC_SHA1] Sep 21 07:34:12.053220: | ******emit ISAKMP IPsec DOI attribute: Sep 21 07:34:12.053221: | af+type: AF+KEY_LENGTH (0x8006) Sep 21 07:34:12.053223: | length/value: 128 (0x80) Sep 21 07:34:12.053224: | emitting length of ISAKMP Transform Payload (ESP): 32 Sep 21 07:34:12.053226: | *****emit ISAKMP Transform Payload (ESP): Sep 21 07:34:12.053227: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:12.053229: | ESP transform number: 1 (0x1) Sep 21 07:34:12.053230: | ESP transform ID: ESP_3DES (0x3) Sep 21 07:34:12.053232: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Sep 21 07:34:12.053234: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' Sep 21 07:34:12.053236: | ******emit ISAKMP IPsec DOI attribute: Sep 21 07:34:12.053237: | af+type: AF+GROUP_DESCRIPTION (0x8003) Sep 21 07:34:12.053239: | length/value: 14 (0xe) Sep 21 07:34:12.053240: | [14 is OAKLEY_GROUP_MODP2048] Sep 21 07:34:12.053242: | ******emit ISAKMP IPsec DOI attribute: Sep 21 07:34:12.053243: | af+type: AF+ENCAPSULATION_MODE (0x8004) Sep 21 07:34:12.053245: | length/value: 1 (0x1) Sep 21 07:34:12.053246: | [1 is ENCAPSULATION_MODE_TUNNEL] Sep 21 07:34:12.053248: | ******emit ISAKMP IPsec DOI attribute: Sep 21 07:34:12.053249: | af+type: AF+SA_LIFE_TYPE (0x8001) Sep 21 07:34:12.053251: | length/value: 1 (0x1) Sep 21 07:34:12.053252: | [1 is SA_LIFE_TYPE_SECONDS] Sep 21 07:34:12.053254: | ******emit ISAKMP IPsec DOI attribute: Sep 21 07:34:12.053255: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) Sep 21 07:34:12.053257: | length/value: 28800 (0x7080) Sep 21 07:34:12.053258: | ******emit ISAKMP IPsec DOI attribute: Sep 21 07:34:12.053260: | af+type: AF+AUTH_ALGORITHM (0x8005) Sep 21 07:34:12.053261: | length/value: 2 (0x2) Sep 21 07:34:12.053263: | [2 is AUTH_ALGORITHM_HMAC_SHA1] Sep 21 07:34:12.053264: | emitting length of ISAKMP Transform Payload (ESP): 28 Sep 21 07:34:12.053266: | emitting length of ISAKMP Proposal Payload: 72 Sep 21 07:34:12.053268: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' is 0 Sep 21 07:34:12.053269: | emitting length of ISAKMP Security Association Payload: 84 Sep 21 07:34:12.053271: | last substructure: checking 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' is 0 Sep 21 07:34:12.053273: | ***emit ISAKMP Nonce Payload: Sep 21 07:34:12.053275: | next payload type: ISAKMP_NEXT_KE (0x4) Sep 21 07:34:12.053276: | next payload chain: ignoring supplied 'ISAKMP Nonce Payload'.'next payload type' value 4:ISAKMP_NEXT_KE Sep 21 07:34:12.053278: | next payload chain: setting previous 'ISAKMP Security Association Payload'.'next payload type' to current ISAKMP Nonce Payload (10:ISAKMP_NEXT_NONCE) Sep 21 07:34:12.053280: | next payload chain: saving location 'ISAKMP Nonce Payload'.'next payload type' in 'reply packet' Sep 21 07:34:12.053282: | emitting 32 raw bytes of Ni into ISAKMP Nonce Payload Sep 21 07:34:12.053284: | Ni 28 55 70 6f 98 50 95 96 ca 97 e9 58 5b d6 76 b5 Sep 21 07:34:12.053285: | Ni f9 e5 6f 4a 6f 01 3d c8 55 e2 d6 73 26 24 5e 14 Sep 21 07:34:12.053287: | emitting length of ISAKMP Nonce Payload: 36 Sep 21 07:34:12.053289: | ***emit ISAKMP Key Exchange Payload: Sep 21 07:34:12.053290: | next payload type: ISAKMP_NEXT_ID (0x5) Sep 21 07:34:12.053292: | next payload chain: ignoring supplied 'ISAKMP Key Exchange Payload'.'next payload type' value 5:ISAKMP_NEXT_ID Sep 21 07:34:12.053294: | next payload chain: setting previous 'ISAKMP Nonce Payload'.'next payload type' to current ISAKMP Key Exchange Payload (4:ISAKMP_NEXT_KE) Sep 21 07:34:12.053296: | next payload chain: saving location 'ISAKMP Key Exchange Payload'.'next payload type' in 'reply packet' Sep 21 07:34:12.053299: | emitting 256 raw bytes of keyex value into ISAKMP Key Exchange Payload Sep 21 07:34:12.053300: | keyex value b8 06 f3 39 14 50 5a 9a ab 45 0b 50 09 46 e0 f9 Sep 21 07:34:12.053302: | keyex value c5 99 ce 9e 27 8f 0c 25 0b dc d5 78 0b ef af f2 Sep 21 07:34:12.053303: | keyex value bf 90 01 d9 ff d6 a4 4a bc 04 c2 38 81 13 70 ed Sep 21 07:34:12.053305: | keyex value 30 ca c3 6f b0 0d dd 15 81 a7 64 b0 06 9e 0e 8c Sep 21 07:34:12.053306: | keyex value 1a 11 bc 55 1c fb 97 c1 9b d7 8e 2f cd 49 5c ca Sep 21 07:34:12.053307: | keyex value 0d e2 2b 50 cf d3 48 ab 2e d3 cf 31 67 f7 0c c9 Sep 21 07:34:12.053309: | keyex value 93 df 7c 26 a1 99 c6 b1 5b 27 4e 91 33 b6 ed 8c Sep 21 07:34:12.053310: | keyex value 23 03 e0 f8 ab b2 39 9c ea 9e 3e 51 99 53 df f7 Sep 21 07:34:12.053312: | keyex value 61 42 bf a5 8c ee 49 18 63 85 62 eb ee 37 b8 a5 Sep 21 07:34:12.053313: | keyex value 12 60 ae 8b 62 c5 3a 3b 44 35 26 ac 15 84 03 17 Sep 21 07:34:12.053315: | keyex value cb db dd 7a 0c 75 98 b0 98 f5 3c e0 ed bc 3a 94 Sep 21 07:34:12.053316: | keyex value bc fe f6 1d d4 82 e3 c3 4f 55 22 c5 eb 3a 5e fb Sep 21 07:34:12.053318: | keyex value 3c ac 11 90 2f a8 17 2f 49 6b c5 c1 e8 50 ef 6e Sep 21 07:34:12.053319: | keyex value 44 10 b9 ed 51 a5 b5 ed ec c4 a7 d1 ae 82 f4 c6 Sep 21 07:34:12.053320: | keyex value 97 66 be 36 8e 4e 70 88 4b 1b fe 37 4a da 71 f8 Sep 21 07:34:12.053322: | keyex value e5 ba a1 41 ad a3 7d 60 f7 cc ab a7 66 84 7a c7 Sep 21 07:34:12.053323: | emitting length of ISAKMP Key Exchange Payload: 260 Sep 21 07:34:12.053325: | ***emit ISAKMP Identification Payload (IPsec DOI): Sep 21 07:34:12.053327: | next payload type: ISAKMP_NEXT_ID (0x5) Sep 21 07:34:12.053328: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Sep 21 07:34:12.053330: | Protocol ID: 0 (0x0) Sep 21 07:34:12.053331: | port: 0 (0x0) Sep 21 07:34:12.053333: | next payload chain: ignoring supplied 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' value 5:ISAKMP_NEXT_ID Sep 21 07:34:12.053335: | next payload chain: setting previous 'ISAKMP Key Exchange Payload'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) Sep 21 07:34:12.053337: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' Sep 21 07:34:12.053339: | emitting 4 raw bytes of client network into ISAKMP Identification Payload (IPsec DOI) Sep 21 07:34:12.053341: | client network c0 00 03 00 Sep 21 07:34:12.053342: | emitting 4 raw bytes of client mask into ISAKMP Identification Payload (IPsec DOI) Sep 21 07:34:12.053344: | client mask ff ff ff 00 Sep 21 07:34:12.053345: | emitting length of ISAKMP Identification Payload (IPsec DOI): 16 Sep 21 07:34:12.053347: | ***emit ISAKMP Identification Payload (IPsec DOI): Sep 21 07:34:12.053348: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:12.053350: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Sep 21 07:34:12.053351: | Protocol ID: 0 (0x0) Sep 21 07:34:12.053353: | port: 0 (0x0) Sep 21 07:34:12.053355: | next payload chain: setting previous 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) Sep 21 07:34:12.053357: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' Sep 21 07:34:12.053358: | emitting 4 raw bytes of client network into ISAKMP Identification Payload (IPsec DOI) Sep 21 07:34:12.053360: | client network c0 00 16 00 Sep 21 07:34:12.053361: | emitting 4 raw bytes of client mask into ISAKMP Identification Payload (IPsec DOI) Sep 21 07:34:12.053363: | client mask ff ff ff 00 Sep 21 07:34:12.053364: | emitting length of ISAKMP Identification Payload (IPsec DOI): 16 Sep 21 07:34:12.053382: | outI1 HASH(1): Sep 21 07:34:12.053384: | af 7b 20 8d 7c f8 ff 96 c2 76 e8 9c 2c bd 71 64 Sep 21 07:34:12.053386: | a5 c2 78 68 ce a7 1f da d6 0c 49 c1 15 6e 3c ee Sep 21 07:34:12.053392: | no IKEv1 message padding required Sep 21 07:34:12.053394: | emitting length of ISAKMP Message: 476 Sep 21 07:34:12.053402: | sending 476 bytes for reply packet from quick_outI1 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #4) Sep 21 07:34:12.053404: | 83 26 94 dc 76 34 ec a4 7f 9b 03 f4 eb 6f 2e 92 Sep 21 07:34:12.053405: | 08 10 20 01 66 57 70 ef 00 00 01 dc a1 73 da 6b Sep 21 07:34:12.053407: | af b2 ee 2a 5f f1 99 20 59 1e d3 6a 70 e1 ed 67 Sep 21 07:34:12.053408: | 60 81 21 94 eb 89 be 13 20 69 9f 07 9b 40 1f 6c Sep 21 07:34:12.053410: | b8 fd b2 5c 9c 6e 4a 2d fa ab 66 08 5e 8c d2 0e Sep 21 07:34:12.053411: | d4 8d 01 e2 74 79 a8 b4 15 35 7d 40 86 e8 87 e7 Sep 21 07:34:12.053413: | 1a 4d ce 6b 72 5a 59 74 55 ed 57 da d4 6e 82 17 Sep 21 07:34:12.053414: | fa 52 2b d4 f8 02 14 ad 09 2f 18 5a 50 8a 2f fa Sep 21 07:34:12.053415: | 98 f8 23 0b 87 94 c4 3d 15 98 00 b4 af 21 5e 69 Sep 21 07:34:12.053417: | 7b 14 f8 e9 50 7c 1a 89 0e 13 42 f6 3c 7c 22 3c Sep 21 07:34:12.053418: | cb 7c 74 8d 1d 9f 03 72 fa 11 e7 83 5f f1 e2 f8 Sep 21 07:34:12.053420: | c0 fc 65 05 34 0a 7c 40 eb 83 36 06 0d fe 24 6c Sep 21 07:34:12.053421: | d0 49 b7 c3 a0 a9 52 0a f1 ce f0 2e 29 84 0f 97 Sep 21 07:34:12.053422: | 69 67 89 b5 34 2d b3 1b 88 df 35 42 89 78 11 2f Sep 21 07:34:12.053424: | 0c 52 bb 09 b4 f5 29 5d 4c 1a ce 15 84 d5 fa 0d Sep 21 07:34:12.053425: | 39 56 3b ac 69 87 de 92 da 7d ee 1f f0 36 c9 a5 Sep 21 07:34:12.053427: | f4 d4 b2 b6 6c d3 e5 f3 26 93 57 b6 d3 8b 44 74 Sep 21 07:34:12.053428: | 66 78 41 3c 80 d2 93 a2 25 a8 c0 7b a3 97 2f ca Sep 21 07:34:12.053430: | 55 a0 1b a6 b1 ca 93 d1 9b 7a 8d 66 00 5c f3 24 Sep 21 07:34:12.053431: | 93 a3 84 6f 65 d3 ce 91 f2 93 04 57 6d d6 45 59 Sep 21 07:34:12.053432: | bb 16 30 8c 47 10 fd 66 8e b8 b3 ed 1a ad 4b 6a Sep 21 07:34:12.053434: | 06 59 f3 a4 e1 2c 3e 44 6c 86 d2 cb 52 8c 8a d3 Sep 21 07:34:12.053435: | 76 db 5d 81 70 83 b7 63 dc 7f 32 6c 46 a4 6b 9b Sep 21 07:34:12.053437: | 5a 15 cd 01 90 2c 44 61 66 fd 96 75 5c 84 a5 93 Sep 21 07:34:12.053438: | f5 aa e1 62 01 1f 0c 96 25 c8 bc 06 5d 2e 70 28 Sep 21 07:34:12.053439: | 97 43 8e 4d 86 db f5 a9 a5 b8 8c 94 0e 3d 2e 5a Sep 21 07:34:12.053441: | 54 83 4b d6 a9 ee dd d7 f2 ca ea 36 d7 d9 79 7f Sep 21 07:34:12.053442: | de 12 ec b9 e7 0e 84 fc 43 30 00 5a 15 af 64 d4 Sep 21 07:34:12.053444: | 18 29 a0 48 8e 36 e9 90 f0 a5 66 0e d3 d7 6d 7b Sep 21 07:34:12.053445: | 4b 7c d8 85 6f 9b 31 7e 5f 8b 21 4a Sep 21 07:34:12.053474: | state #4 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:34:12.053478: | libevent_free: release ptr-libevent@0x7fdac4004f00 Sep 21 07:34:12.053480: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7fdad80041c0 Sep 21 07:34:12.053482: | event_schedule: new EVENT_RETRANSMIT-pe@0x7fdad80041c0 Sep 21 07:34:12.053485: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #4 Sep 21 07:34:12.053487: | libevent_malloc: new ptr-libevent@0x7fdac4004f00 size 128 Sep 21 07:34:12.053490: | #4 STATE_QUICK_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 49898.421747 Sep 21 07:34:12.053493: | resume sending helper answer for #4 suppresed complete_v1_state_transition() Sep 21 07:34:12.053497: | #4 spent 0.392 milliseconds in resume sending helper answer Sep 21 07:34:12.053500: | stop processing: state #4 connection "north-a-dpd" from 192.1.2.23:500 (in resume_handler() at server.c:833) Sep 21 07:34:12.053502: | libevent_free: release ptr-libevent@0x7fdac8006900 Sep 21 07:34:12.053504: | processing resume sending helper answer for #5 Sep 21 07:34:12.053507: | start processing: state #5 connection "northnet-eastnet-b" from 192.1.2.23:500 (in resume_handler() at server.c:797) Sep 21 07:34:12.053509: | crypto helper 2 replies to request ID 8 Sep 21 07:34:12.053510: | calling continuation function 0x55dbdfa7b630 Sep 21 07:34:12.053514: | quick_outI1_continue for #5: calculated ke+nonce, sending I1 Sep 21 07:34:12.053517: | **emit ISAKMP Message: Sep 21 07:34:12.053518: | initiator cookie: Sep 21 07:34:12.053520: | 83 26 94 dc 76 34 ec a4 Sep 21 07:34:12.053521: | responder cookie: Sep 21 07:34:12.053523: | 7f 9b 03 f4 eb 6f 2e 92 Sep 21 07:34:12.053524: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:12.053526: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:34:12.053528: | exchange type: ISAKMP_XCHG_QUICK (0x20) Sep 21 07:34:12.053529: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Sep 21 07:34:12.053531: | Message ID: 661328245 (0x276b1175) Sep 21 07:34:12.053533: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:34:12.053535: | ***emit ISAKMP Hash Payload: Sep 21 07:34:12.053536: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:12.053538: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Sep 21 07:34:12.053540: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'reply packet' Sep 21 07:34:12.053542: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Sep 21 07:34:12.053544: | emitting length of ISAKMP Hash Payload: 36 Sep 21 07:34:12.053545: | emitting quick defaults using policy none Sep 21 07:34:12.053547: | empty esp_info, returning defaults for ENCRYPT Sep 21 07:34:12.053549: | ***emit ISAKMP Security Association Payload: Sep 21 07:34:12.053550: | next payload type: ISAKMP_NEXT_NONCE (0xa) Sep 21 07:34:12.053552: | DOI: ISAKMP_DOI_IPSEC (0x1) Sep 21 07:34:12.053554: | next payload chain: ignoring supplied 'ISAKMP Security Association Payload'.'next payload type' value 10:ISAKMP_NEXT_NONCE Sep 21 07:34:12.053555: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Security Association Payload (1:ISAKMP_NEXT_SA) Sep 21 07:34:12.053557: | next payload chain: saving location 'ISAKMP Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:34:12.053559: | ****emit IPsec DOI SIT: Sep 21 07:34:12.053561: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) Sep 21 07:34:12.053562: | ikev1_out_sa pcn: 0 has 1 valid proposals Sep 21 07:34:12.053564: | ikev1_out_sa pcn: 0 pn: 0<1 valid_count: 1 trans_cnt: 2 Sep 21 07:34:12.053566: | ****emit ISAKMP Proposal Payload: Sep 21 07:34:12.053567: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:12.053569: | proposal number: 0 (0x0) Sep 21 07:34:12.053570: | protocol ID: PROTO_IPSEC_ESP (0x3) Sep 21 07:34:12.053572: | SPI size: 4 (0x4) Sep 21 07:34:12.053573: | number of transforms: 2 (0x2) Sep 21 07:34:12.053575: | last substructure: saving location 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' Sep 21 07:34:12.053583: | netlink_get_spi: allocated 0xaac594a for esp.0@192.1.3.33 Sep 21 07:34:12.053585: | emitting 4 raw bytes of SPI into ISAKMP Proposal Payload Sep 21 07:34:12.053587: | SPI 0a ac 59 4a Sep 21 07:34:12.053588: | *****emit ISAKMP Transform Payload (ESP): Sep 21 07:34:12.053590: | next payload type: ISAKMP_NEXT_T (0x3) Sep 21 07:34:12.053592: | ESP transform number: 0 (0x0) Sep 21 07:34:12.053593: | ESP transform ID: ESP_AES (0xc) Sep 21 07:34:12.053595: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' Sep 21 07:34:12.053597: | ******emit ISAKMP IPsec DOI attribute: Sep 21 07:34:12.053598: | af+type: AF+GROUP_DESCRIPTION (0x8003) Sep 21 07:34:12.053600: | length/value: 14 (0xe) Sep 21 07:34:12.053602: | [14 is OAKLEY_GROUP_MODP2048] Sep 21 07:34:12.053603: | ******emit ISAKMP IPsec DOI attribute: Sep 21 07:34:12.053605: | af+type: AF+ENCAPSULATION_MODE (0x8004) Sep 21 07:34:12.053606: | length/value: 1 (0x1) Sep 21 07:34:12.053608: | [1 is ENCAPSULATION_MODE_TUNNEL] Sep 21 07:34:12.053609: | ******emit ISAKMP IPsec DOI attribute: Sep 21 07:34:12.053612: | af+type: AF+SA_LIFE_TYPE (0x8001) Sep 21 07:34:12.053614: | length/value: 1 (0x1) Sep 21 07:34:12.053615: | [1 is SA_LIFE_TYPE_SECONDS] Sep 21 07:34:12.053617: | ******emit ISAKMP IPsec DOI attribute: Sep 21 07:34:12.053618: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) Sep 21 07:34:12.053620: | length/value: 28800 (0x7080) Sep 21 07:34:12.053621: | ******emit ISAKMP IPsec DOI attribute: Sep 21 07:34:12.053623: | af+type: AF+AUTH_ALGORITHM (0x8005) Sep 21 07:34:12.053624: | length/value: 2 (0x2) Sep 21 07:34:12.053626: | [2 is AUTH_ALGORITHM_HMAC_SHA1] Sep 21 07:34:12.053627: | ******emit ISAKMP IPsec DOI attribute: Sep 21 07:34:12.053629: | af+type: AF+KEY_LENGTH (0x8006) Sep 21 07:34:12.053630: | length/value: 128 (0x80) Sep 21 07:34:12.053632: | emitting length of ISAKMP Transform Payload (ESP): 32 Sep 21 07:34:12.053633: | *****emit ISAKMP Transform Payload (ESP): Sep 21 07:34:12.053635: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:12.053636: | ESP transform number: 1 (0x1) Sep 21 07:34:12.053638: | ESP transform ID: ESP_3DES (0x3) Sep 21 07:34:12.053640: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Sep 21 07:34:12.053642: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' Sep 21 07:34:12.053643: | ******emit ISAKMP IPsec DOI attribute: Sep 21 07:34:12.053645: | af+type: AF+GROUP_DESCRIPTION (0x8003) Sep 21 07:34:12.053646: | length/value: 14 (0xe) Sep 21 07:34:12.053648: | [14 is OAKLEY_GROUP_MODP2048] Sep 21 07:34:12.053649: | ******emit ISAKMP IPsec DOI attribute: Sep 21 07:34:12.053651: | af+type: AF+ENCAPSULATION_MODE (0x8004) Sep 21 07:34:12.053652: | length/value: 1 (0x1) Sep 21 07:34:12.053654: | [1 is ENCAPSULATION_MODE_TUNNEL] Sep 21 07:34:12.053655: | ******emit ISAKMP IPsec DOI attribute: Sep 21 07:34:12.053657: | af+type: AF+SA_LIFE_TYPE (0x8001) Sep 21 07:34:12.053658: | length/value: 1 (0x1) Sep 21 07:34:12.053660: | [1 is SA_LIFE_TYPE_SECONDS] Sep 21 07:34:12.053661: | ******emit ISAKMP IPsec DOI attribute: Sep 21 07:34:12.053663: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) Sep 21 07:34:12.053664: | length/value: 28800 (0x7080) Sep 21 07:34:12.053666: | ******emit ISAKMP IPsec DOI attribute: Sep 21 07:34:12.053667: | af+type: AF+AUTH_ALGORITHM (0x8005) Sep 21 07:34:12.053669: | length/value: 2 (0x2) Sep 21 07:34:12.053670: | [2 is AUTH_ALGORITHM_HMAC_SHA1] Sep 21 07:34:12.053672: | emitting length of ISAKMP Transform Payload (ESP): 28 Sep 21 07:34:12.053673: | emitting length of ISAKMP Proposal Payload: 72 Sep 21 07:34:12.053675: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' is 0 Sep 21 07:34:12.053677: | emitting length of ISAKMP Security Association Payload: 84 Sep 21 07:34:12.053678: | last substructure: checking 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' is 0 Sep 21 07:34:12.053680: | ***emit ISAKMP Nonce Payload: Sep 21 07:34:12.053682: | next payload type: ISAKMP_NEXT_KE (0x4) Sep 21 07:34:12.053683: | next payload chain: ignoring supplied 'ISAKMP Nonce Payload'.'next payload type' value 4:ISAKMP_NEXT_KE Sep 21 07:34:12.053685: | next payload chain: setting previous 'ISAKMP Security Association Payload'.'next payload type' to current ISAKMP Nonce Payload (10:ISAKMP_NEXT_NONCE) Sep 21 07:34:12.053687: | next payload chain: saving location 'ISAKMP Nonce Payload'.'next payload type' in 'reply packet' Sep 21 07:34:12.053689: | emitting 32 raw bytes of Ni into ISAKMP Nonce Payload Sep 21 07:34:12.053691: | Ni 3c 40 ba 2b de 9b 36 1b 56 96 40 38 f8 4a 97 cb Sep 21 07:34:12.053692: | Ni 57 5a 65 29 37 c0 17 43 9a cf cf b8 ec 44 0b b6 Sep 21 07:34:12.053694: | emitting length of ISAKMP Nonce Payload: 36 Sep 21 07:34:12.053695: | ***emit ISAKMP Key Exchange Payload: Sep 21 07:34:12.053698: | next payload type: ISAKMP_NEXT_ID (0x5) Sep 21 07:34:12.053700: | next payload chain: ignoring supplied 'ISAKMP Key Exchange Payload'.'next payload type' value 5:ISAKMP_NEXT_ID Sep 21 07:34:12.053701: | next payload chain: setting previous 'ISAKMP Nonce Payload'.'next payload type' to current ISAKMP Key Exchange Payload (4:ISAKMP_NEXT_KE) Sep 21 07:34:12.053703: | next payload chain: saving location 'ISAKMP Key Exchange Payload'.'next payload type' in 'reply packet' Sep 21 07:34:12.053705: | emitting 256 raw bytes of keyex value into ISAKMP Key Exchange Payload Sep 21 07:34:12.053707: | keyex value 86 85 c2 ce d9 6a e2 13 fe 0c c1 20 d5 48 ec 8d Sep 21 07:34:12.053708: | keyex value 88 86 a2 3a c7 e6 91 ba 14 1f 2e 59 08 ac 07 5f Sep 21 07:34:12.053710: | keyex value 8d 48 31 c6 51 3a 7a 12 4b 0f 68 d5 38 27 76 1c Sep 21 07:34:12.053711: | keyex value a5 69 1f bb 74 93 8a ef 55 fd 04 dd 87 e6 ab 06 Sep 21 07:34:12.053712: | keyex value fd bc ee 0b 07 10 6a bc 05 65 08 34 34 c1 ea 55 Sep 21 07:34:12.053714: | keyex value 7d 41 92 dc d8 ae 22 37 6a 49 56 19 78 a4 a4 1f Sep 21 07:34:12.053715: | keyex value f0 50 63 d5 78 fc cc 75 3f d1 89 04 45 bd ad 76 Sep 21 07:34:12.053717: | keyex value 22 07 04 7b 70 45 81 02 f5 7a df e2 45 a7 98 dd Sep 21 07:34:12.053718: | keyex value c8 b8 c2 60 2e 0e 79 b9 2a 14 2a 40 7b 84 9e b2 Sep 21 07:34:12.053720: | keyex value 70 a8 11 c7 89 5d ac b5 ea ad 57 92 de 8f 93 bf Sep 21 07:34:12.053721: | keyex value de 68 fd f9 d3 9c dd 0a 74 93 e8 e2 81 ae 0c b5 Sep 21 07:34:12.053723: | keyex value 98 d4 c9 83 cc ac 44 a2 cb 6f ac b7 43 96 72 88 Sep 21 07:34:12.053724: | keyex value 03 e0 ec b0 52 5f 05 f9 b6 c1 0e 3a 4c de 41 b9 Sep 21 07:34:12.053725: | keyex value 15 c2 5e 10 db 50 48 4e 9c b5 8e ef 8c 6e b3 42 Sep 21 07:34:12.053727: | keyex value a3 75 9f 14 9f 96 2f 16 90 6f 28 98 60 2e da e5 Sep 21 07:34:12.053728: | keyex value e8 b7 0f 4a e3 44 68 8c 40 04 6c f8 c3 5c a7 30 Sep 21 07:34:12.053730: | emitting length of ISAKMP Key Exchange Payload: 260 Sep 21 07:34:12.053731: | ***emit ISAKMP Identification Payload (IPsec DOI): Sep 21 07:34:12.053733: | next payload type: ISAKMP_NEXT_ID (0x5) Sep 21 07:34:12.053735: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Sep 21 07:34:12.053736: | Protocol ID: 0 (0x0) Sep 21 07:34:12.053738: | port: 0 (0x0) Sep 21 07:34:12.053739: | next payload chain: ignoring supplied 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' value 5:ISAKMP_NEXT_ID Sep 21 07:34:12.053741: | next payload chain: setting previous 'ISAKMP Key Exchange Payload'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) Sep 21 07:34:12.053743: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' Sep 21 07:34:12.053745: | emitting 4 raw bytes of client network into ISAKMP Identification Payload (IPsec DOI) Sep 21 07:34:12.053747: | client network c0 00 03 00 Sep 21 07:34:12.053748: | emitting 4 raw bytes of client mask into ISAKMP Identification Payload (IPsec DOI) Sep 21 07:34:12.053750: | client mask ff ff ff 00 Sep 21 07:34:12.053751: | emitting length of ISAKMP Identification Payload (IPsec DOI): 16 Sep 21 07:34:12.053753: | ***emit ISAKMP Identification Payload (IPsec DOI): Sep 21 07:34:12.053754: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:12.053756: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Sep 21 07:34:12.053757: | Protocol ID: 0 (0x0) Sep 21 07:34:12.053759: | port: 0 (0x0) Sep 21 07:34:12.053761: | next payload chain: setting previous 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) Sep 21 07:34:12.053763: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' Sep 21 07:34:12.053764: | emitting 4 raw bytes of client network into ISAKMP Identification Payload (IPsec DOI) Sep 21 07:34:12.053766: | client network c0 00 02 00 Sep 21 07:34:12.053769: | emitting 4 raw bytes of client mask into ISAKMP Identification Payload (IPsec DOI) Sep 21 07:34:12.053770: | client mask ff ff ff 00 Sep 21 07:34:12.053772: | emitting length of ISAKMP Identification Payload (IPsec DOI): 16 Sep 21 07:34:12.053791: | outI1 HASH(1): Sep 21 07:34:12.053795: | 43 16 1e 84 1c e5 a5 ba 09 ad 4a 67 e8 0f 81 f9 Sep 21 07:34:12.053797: | 74 01 3c b6 70 ba a9 33 75 02 6c 2d f6 8b a5 52 Sep 21 07:34:12.053801: | no IKEv1 message padding required Sep 21 07:34:12.053803: | emitting length of ISAKMP Message: 476 Sep 21 07:34:12.053823: | sending 476 bytes for reply packet from quick_outI1 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #5) Sep 21 07:34:12.053825: | 83 26 94 dc 76 34 ec a4 7f 9b 03 f4 eb 6f 2e 92 Sep 21 07:34:12.053826: | 08 10 20 01 27 6b 11 75 00 00 01 dc 80 83 de 96 Sep 21 07:34:12.053828: | b4 44 78 96 5a 66 93 2b 51 60 59 41 6c 21 cb f9 Sep 21 07:34:12.053829: | 3b 07 e0 7f 77 75 a1 3d 2e e5 73 28 10 a6 a4 c7 Sep 21 07:34:12.053830: | a9 13 1a ea 93 50 75 c8 47 93 cb 66 77 d2 0e 48 Sep 21 07:34:12.053832: | 0f 86 46 b0 a3 93 4f 9e 68 58 0a ae 17 0e 9e a6 Sep 21 07:34:12.053833: | 36 2b 76 a2 5c 77 ad d1 5e 51 45 0b da 48 ac 03 Sep 21 07:34:12.053834: | 76 64 a1 cb 39 7e f5 bf 80 d6 a3 f3 4a f1 87 36 Sep 21 07:34:12.053836: | 4f b1 45 2e f4 25 60 ab 3d 7e cc 95 61 56 b0 51 Sep 21 07:34:12.053837: | d2 c9 06 24 74 f8 32 9f 57 b6 a1 73 23 ba cb eb Sep 21 07:34:12.053839: | 89 ed 40 90 1a ce d0 44 a7 e1 5d 5b 20 35 3a a8 Sep 21 07:34:12.053840: | c1 99 bf 6f 2e c5 cd 63 44 a8 c2 14 39 a2 88 07 Sep 21 07:34:12.053841: | 9f 76 08 e5 9b e8 13 00 39 5e 86 0a 12 9f 0c 28 Sep 21 07:34:12.053843: | e4 48 7b 6f 04 f3 01 c8 7d 1d 7c 3d f3 5c f0 6c Sep 21 07:34:12.053844: | b7 dc 55 56 7f 2b 8b 76 43 f2 b4 fa fa 8a 73 72 Sep 21 07:34:12.053845: | e4 59 67 40 14 60 b4 9f b6 de d2 96 37 e3 1a 16 Sep 21 07:34:12.053847: | ef 75 73 0d d3 f4 61 71 88 93 d3 24 ac bb d0 c7 Sep 21 07:34:12.053848: | 17 5d ca 8c 4d e4 08 c4 d7 2f 47 9d c5 08 cb ed Sep 21 07:34:12.053850: | e7 a6 ea f7 1d 3a 8e 09 f3 ff d0 7e 48 95 e2 fd Sep 21 07:34:12.053851: | 4d 59 00 e7 15 ec 23 2b e7 5c 87 e9 29 0d fd 87 Sep 21 07:34:12.053852: | 07 2f 98 f4 0e 7b 67 59 50 1c d9 25 53 13 1f ad Sep 21 07:34:12.053854: | 27 f8 4b c7 bb fb 6e 52 81 e7 31 1b 52 2c 15 9e Sep 21 07:34:12.053855: | ae 50 2b 76 64 8e d6 12 39 e1 fc bc 5d be fc 9f Sep 21 07:34:12.053856: | 93 9a 9f 70 12 76 89 f9 4b 0a 24 8c c5 10 f9 3c Sep 21 07:34:12.053858: | b7 7b 6e 78 25 e1 82 06 d9 7d a2 da e9 63 4c 69 Sep 21 07:34:12.053859: | c2 47 bd 0a 56 6c f5 45 bd ee 1d 87 19 79 fd 4d Sep 21 07:34:12.053860: | 28 65 78 16 a5 4a cf e8 08 74 6f d6 6f e0 e6 0a Sep 21 07:34:12.053862: | 20 98 41 db 34 90 13 2a 0a 41 37 30 c9 fd 5c da Sep 21 07:34:12.053863: | 22 44 91 99 a1 e0 a3 e5 54 63 05 db 2a 55 ae 86 Sep 21 07:34:12.053865: | 33 2a 0d fe 15 a9 1b 35 09 b8 cc 54 Sep 21 07:34:12.053877: | state #5 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:34:12.053879: | libevent_free: release ptr-libevent@0x7fdad0006900 Sep 21 07:34:12.053881: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55dbe1bf50f0 Sep 21 07:34:12.053884: | event_schedule: new EVENT_RETRANSMIT-pe@0x55dbe1bf50f0 Sep 21 07:34:12.053886: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #5 Sep 21 07:34:12.053888: | libevent_malloc: new ptr-libevent@0x7fdad0006900 size 128 Sep 21 07:34:12.053891: | #5 STATE_QUICK_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 49898.422148 Sep 21 07:34:12.053893: | resume sending helper answer for #5 suppresed complete_v1_state_transition() Sep 21 07:34:12.053896: | #5 spent 0.378 milliseconds in resume sending helper answer Sep 21 07:34:12.053899: | stop processing: state #5 connection "northnet-eastnet-b" from 192.1.2.23:500 (in resume_handler() at server.c:833) Sep 21 07:34:12.053903: | libevent_free: release ptr-libevent@0x7fdadc0016a0 Sep 21 07:34:12.056589: | spent 0.00199 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:34:12.056603: | *received 460 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Sep 21 07:34:12.056606: | 83 26 94 dc 76 34 ec a4 7f 9b 03 f4 eb 6f 2e 92 Sep 21 07:34:12.056607: | 08 10 20 01 66 57 70 ef 00 00 01 cc e1 97 25 e6 Sep 21 07:34:12.056609: | 7f 13 14 d3 e9 72 41 6f fb 35 a0 99 b6 0b 26 30 Sep 21 07:34:12.056611: | ae 18 de fe 27 2a da b9 36 07 8b 6e 52 ee 50 c9 Sep 21 07:34:12.056612: | 94 bb a9 64 a0 f3 ca ad 68 42 92 62 41 9c 52 dc Sep 21 07:34:12.056614: | 18 cb 36 20 e5 eb 21 f2 42 cf cd 57 ac 82 e6 f5 Sep 21 07:34:12.056615: | a8 a0 c2 a9 6e 00 ee 2d 40 d5 8f c4 3a 17 44 0d Sep 21 07:34:12.056617: | 72 fd 0b 3d 30 10 d6 2b 65 91 fd fb 1a 07 ba ac Sep 21 07:34:12.056618: | b9 7c 83 1e 94 fa 5f 20 ac d9 65 d9 24 40 0b 59 Sep 21 07:34:12.056619: | 18 bb 15 6d 32 e0 42 8d c2 12 21 d5 da 2b 59 aa Sep 21 07:34:12.056621: | e9 c7 0f 2a 44 ce 59 5a d0 82 7a d8 76 b3 ae 3a Sep 21 07:34:12.056622: | a1 4d 28 09 a0 9a be 04 57 9d 86 87 31 b4 fb 03 Sep 21 07:34:12.056624: | 11 d0 c1 3f 3c 1e 4e d0 0e 28 30 bb 98 3f 94 c0 Sep 21 07:34:12.056625: | 71 ed 07 e4 4a 31 e0 97 6e 20 23 48 8f 0b ec 10 Sep 21 07:34:12.056627: | 69 0b 7d c2 30 d4 01 a4 a1 e7 b3 71 b2 3c c3 43 Sep 21 07:34:12.056628: | ce 98 80 0b 6e 2d 4c b4 ab 5a 0b 1f 35 a5 67 4e Sep 21 07:34:12.056630: | 83 a5 92 16 1e 01 0a a5 d7 5a a6 7e 3b 08 ee 76 Sep 21 07:34:12.056631: | c1 68 be a8 83 d2 e7 81 e6 cb c6 66 c7 9a 77 99 Sep 21 07:34:12.056633: | 93 49 c7 a6 b6 74 da a8 d8 c6 65 f6 52 b4 29 84 Sep 21 07:34:12.056634: | 69 d9 71 35 9a c6 72 c9 1d b7 56 03 fc 0a 16 7d Sep 21 07:34:12.056635: | 26 63 19 71 91 e9 1b 28 ab f5 4d 33 4a 62 87 2d Sep 21 07:34:12.056637: | a0 07 cd 9a 4b 14 3b ce c8 12 18 25 05 cb cd f8 Sep 21 07:34:12.056638: | 19 5c 78 2f 21 e5 40 35 a4 ab 07 0d b7 a3 e3 cb Sep 21 07:34:12.056640: | 07 44 03 e7 4f 95 32 01 b2 72 19 fc 62 d9 51 19 Sep 21 07:34:12.056641: | 5f 1d ee c7 bc 34 44 84 e0 4e 2a 28 0f 5d 9b eb Sep 21 07:34:12.056643: | 06 8e a1 db e1 b7 57 92 e5 ba ef 4c 33 d5 87 8d Sep 21 07:34:12.056644: | 82 95 2b 4e c4 e1 04 77 14 6a 55 fc 8b 14 dc 7d Sep 21 07:34:12.056646: | a6 38 78 90 87 3e 2e 3f 24 d9 ac 5a 9b 6a d5 1d Sep 21 07:34:12.056647: | a5 b0 8a 77 22 a5 ff 8d 04 15 e4 23 Sep 21 07:34:12.056650: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:34:12.056652: | **parse ISAKMP Message: Sep 21 07:34:12.056654: | initiator cookie: Sep 21 07:34:12.056655: | 83 26 94 dc 76 34 ec a4 Sep 21 07:34:12.056657: | responder cookie: Sep 21 07:34:12.056658: | 7f 9b 03 f4 eb 6f 2e 92 Sep 21 07:34:12.056660: | next payload type: ISAKMP_NEXT_HASH (0x8) Sep 21 07:34:12.056662: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:34:12.056664: | exchange type: ISAKMP_XCHG_QUICK (0x20) Sep 21 07:34:12.056665: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Sep 21 07:34:12.056667: | Message ID: 1717006575 (0x665770ef) Sep 21 07:34:12.056669: | length: 460 (0x1cc) Sep 21 07:34:12.056671: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32) Sep 21 07:34:12.056673: | State DB: found IKEv1 state #4 in QUICK_I1 (find_state_ikev1) Sep 21 07:34:12.056676: | start processing: state #4 connection "north-a-dpd" from 192.1.2.23:500 (in process_v1_packet() at ikev1.c:1609) Sep 21 07:34:12.056678: | #4 is idle Sep 21 07:34:12.056680: | #4 idle Sep 21 07:34:12.056682: | received encrypted packet from 192.1.2.23:500 Sep 21 07:34:12.056690: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x502 opt: 0x200030 Sep 21 07:34:12.056692: | ***parse ISAKMP Hash Payload: Sep 21 07:34:12.056694: | next payload type: ISAKMP_NEXT_SA (0x1) Sep 21 07:34:12.056696: | length: 36 (0x24) Sep 21 07:34:12.056698: | got payload 0x2 (ISAKMP_NEXT_SA) needed: 0x402 opt: 0x200030 Sep 21 07:34:12.056702: | ***parse ISAKMP Security Association Payload: Sep 21 07:34:12.056703: | next payload type: ISAKMP_NEXT_NONCE (0xa) Sep 21 07:34:12.056705: | length: 56 (0x38) Sep 21 07:34:12.056707: | DOI: ISAKMP_DOI_IPSEC (0x1) Sep 21 07:34:12.056708: | got payload 0x400 (ISAKMP_NEXT_NONCE) needed: 0x400 opt: 0x200030 Sep 21 07:34:12.056710: | ***parse ISAKMP Nonce Payload: Sep 21 07:34:12.056712: | next payload type: ISAKMP_NEXT_KE (0x4) Sep 21 07:34:12.056713: | length: 36 (0x24) Sep 21 07:34:12.056715: | got payload 0x10 (ISAKMP_NEXT_KE) needed: 0x0 opt: 0x200030 Sep 21 07:34:12.056716: | ***parse ISAKMP Key Exchange Payload: Sep 21 07:34:12.056718: | next payload type: ISAKMP_NEXT_ID (0x5) Sep 21 07:34:12.056720: | length: 260 (0x104) Sep 21 07:34:12.056721: | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030 Sep 21 07:34:12.056723: | ***parse ISAKMP Identification Payload (IPsec DOI): Sep 21 07:34:12.056725: | next payload type: ISAKMP_NEXT_ID (0x5) Sep 21 07:34:12.056726: | length: 16 (0x10) Sep 21 07:34:12.056728: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Sep 21 07:34:12.056729: | Protocol ID: 0 (0x0) Sep 21 07:34:12.056731: | port: 0 (0x0) Sep 21 07:34:12.056733: | obj: c0 00 03 00 ff ff ff 00 Sep 21 07:34:12.056734: | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030 Sep 21 07:34:12.056736: | ***parse ISAKMP Identification Payload (IPsec DOI): Sep 21 07:34:12.056738: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:12.056739: | length: 16 (0x10) Sep 21 07:34:12.056741: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Sep 21 07:34:12.056742: | Protocol ID: 0 (0x0) Sep 21 07:34:12.056744: | port: 0 (0x0) Sep 21 07:34:12.056745: | obj: c0 00 16 00 ff ff ff 00 Sep 21 07:34:12.056747: | removing 12 bytes of padding Sep 21 07:34:12.056761: | quick_inR1_outI2 HASH(2): Sep 21 07:34:12.056763: | 79 11 62 0a e5 0c 23 f8 cb 5e 58 1e 66 4a b4 6a Sep 21 07:34:12.056764: | 8e 2a 26 28 de c8 f6 fa 66 c9 14 66 83 c6 1e 3e Sep 21 07:34:12.056766: | received 'quick_inR1_outI2' message HASH(2) data ok Sep 21 07:34:12.056769: | ****parse IPsec DOI SIT: Sep 21 07:34:12.056771: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) Sep 21 07:34:12.056772: | ****parse ISAKMP Proposal Payload: Sep 21 07:34:12.056774: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:12.056775: | length: 44 (0x2c) Sep 21 07:34:12.056777: | proposal number: 0 (0x0) Sep 21 07:34:12.056779: | protocol ID: PROTO_IPSEC_ESP (0x3) Sep 21 07:34:12.056780: | SPI size: 4 (0x4) Sep 21 07:34:12.056782: | number of transforms: 1 (0x1) Sep 21 07:34:12.056786: | parsing 4 raw bytes of ISAKMP Proposal Payload into SPI Sep 21 07:34:12.056801: | SPI 46 02 f0 9a Sep 21 07:34:12.056803: | *****parse ISAKMP Transform Payload (ESP): Sep 21 07:34:12.056805: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:12.056807: | length: 32 (0x20) Sep 21 07:34:12.056809: | ESP transform number: 0 (0x0) Sep 21 07:34:12.056810: | ESP transform ID: ESP_AES (0xc) Sep 21 07:34:12.056812: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:34:12.056814: | af+type: AF+GROUP_DESCRIPTION (0x8003) Sep 21 07:34:12.056815: | length/value: 14 (0xe) Sep 21 07:34:12.056817: | [14 is OAKLEY_GROUP_MODP2048] Sep 21 07:34:12.056819: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:34:12.056821: | af+type: AF+ENCAPSULATION_MODE (0x8004) Sep 21 07:34:12.056822: | length/value: 1 (0x1) Sep 21 07:34:12.056824: | [1 is ENCAPSULATION_MODE_TUNNEL] Sep 21 07:34:12.056826: | NAT-T non-encap: Installing IPsec SA without ENCAP, st->hidden_variables.st_nat_traversal is none Sep 21 07:34:12.056827: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:34:12.056829: | af+type: AF+SA_LIFE_TYPE (0x8001) Sep 21 07:34:12.056830: | length/value: 1 (0x1) Sep 21 07:34:12.056832: | [1 is SA_LIFE_TYPE_SECONDS] Sep 21 07:34:12.056833: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:34:12.056835: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) Sep 21 07:34:12.056851: | length/value: 28800 (0x7080) Sep 21 07:34:12.056852: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:34:12.056854: | af+type: AF+AUTH_ALGORITHM (0x8005) Sep 21 07:34:12.056855: | length/value: 2 (0x2) Sep 21 07:34:12.056857: | [2 is AUTH_ALGORITHM_HMAC_SHA1] Sep 21 07:34:12.056859: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:34:12.056860: | af+type: AF+KEY_LENGTH (0x8006) Sep 21 07:34:12.056861: | length/value: 128 (0x80) Sep 21 07:34:12.056863: | ESP IPsec Transform verified unconditionally; no alg_info to check against Sep 21 07:34:12.056874: | started looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org of kind PKK_PSK Sep 21 07:34:12.056879: | actually looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org of kind PKK_PSK Sep 21 07:34:12.056884: | line 0: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org) to type PKK_RSA Sep 21 07:34:12.056889: | line 1: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org) to type PKK_RSA Sep 21 07:34:12.056891: | concluding with best_match=000 best=(nil) (lineno=-1) Sep 21 07:34:12.056893: | no PreShared Key Found Sep 21 07:34:12.056895: | adding quick outI2 DH work-order 9 for state #4 Sep 21 07:34:12.056897: | state #4 requesting EVENT_RETRANSMIT to be deleted Sep 21 07:34:12.056899: | #4 STATE_QUICK_I1: retransmits: cleared Sep 21 07:34:12.056901: | libevent_free: release ptr-libevent@0x7fdac4004f00 Sep 21 07:34:12.056903: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7fdad80041c0 Sep 21 07:34:12.056904: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7fdad80041c0 Sep 21 07:34:12.056907: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #4 Sep 21 07:34:12.056909: | libevent_malloc: new ptr-libevent@0x7fdac4004f00 size 128 Sep 21 07:34:12.056914: | complete v1 state transition with STF_SUSPEND Sep 21 07:34:12.056918: | [RE]START processing: state #4 connection "north-a-dpd" from 192.1.2.23:500 (in complete_v1_state_transition() at ikev1.c:2624) Sep 21 07:34:12.056919: | suspending state #4 and saving MD Sep 21 07:34:12.056921: | #4 is busy; has a suspended MD Sep 21 07:34:12.056924: | #4 spent 0.153 milliseconds in process_packet_tail() Sep 21 07:34:12.056923: | crypto helper 0 resuming Sep 21 07:34:12.056940: | crypto helper 0 starting work-order 9 for state #4 Sep 21 07:34:12.056947: | crypto helper 0 doing compute dh (V1 Phase 2 PFS) (quick outI2 DH); request ID 9 Sep 21 07:34:12.056928: | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) Sep 21 07:34:12.056986: | stop processing: state #4 connection "north-a-dpd" from 192.1.2.23:500 (in process_md() at demux.c:382) Sep 21 07:34:12.056989: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:34:12.056993: | spent 0.385 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:34:12.057696: | spent 0.00191 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:34:12.057708: | *received 460 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Sep 21 07:34:12.057711: | 83 26 94 dc 76 34 ec a4 7f 9b 03 f4 eb 6f 2e 92 Sep 21 07:34:12.057712: | 08 10 20 01 27 6b 11 75 00 00 01 cc 85 70 6f 85 Sep 21 07:34:12.057714: | 4f ff f1 01 3f ec b7 0f 35 14 b6 6f 67 e9 f1 f3 Sep 21 07:34:12.057716: | 22 78 ab 3c 62 0b e7 cc cb 49 93 9d 5b 5f 4c 73 Sep 21 07:34:12.057717: | 92 b6 df 79 ab 00 be 13 09 71 76 31 79 d3 b7 cb Sep 21 07:34:12.057721: | 72 16 3d ee 29 7e cd c8 d5 b3 47 d2 6a c7 94 5d Sep 21 07:34:12.057723: | 77 65 8b 05 81 66 a9 31 c9 23 de cd 69 d1 08 c9 Sep 21 07:34:12.057724: | 13 0f c5 2e a8 34 ff ca d5 9e 94 7e 25 78 64 c3 Sep 21 07:34:12.057726: | b8 03 bc 05 49 3f 1a fb ac 25 25 35 0e dd 04 b3 Sep 21 07:34:12.057727: | a9 19 bb c2 5a da 01 e5 9f 4f ec 22 2d 0b 1f 39 Sep 21 07:34:12.057729: | 7c 6a 40 cf 83 4a 6c 04 b0 09 1b 29 46 82 16 83 Sep 21 07:34:12.057730: | 7b 9c 1e 0f 9e fe d1 0a 22 84 2f 8b bf 1f 52 ad Sep 21 07:34:12.057732: | 8d e2 40 ae b7 81 86 26 e4 83 2f ed 6b d2 75 25 Sep 21 07:34:12.057733: | e3 52 a9 c4 3d c1 d9 37 59 65 fd 45 0b 87 c1 21 Sep 21 07:34:12.057735: | dc f2 4a b6 f2 8a 9f 01 fa 1d c7 a5 06 37 af 1b Sep 21 07:34:12.057736: | 57 de ee 86 ff db e7 1e 48 0b e4 07 ef 97 71 33 Sep 21 07:34:12.057738: | da 25 22 34 eb 9d 31 fa a3 fe 43 54 2b 1d 5e 17 Sep 21 07:34:12.057739: | 61 e7 75 ad 90 3f 37 d8 a2 55 28 33 f0 82 e3 7b Sep 21 07:34:12.057741: | 0f 82 c2 b6 25 7b e8 9f ae fb aa a8 41 7c ab 18 Sep 21 07:34:12.057742: | 0b 8d 76 41 83 9b b9 cd 1b 94 33 e8 20 c9 46 30 Sep 21 07:34:12.057744: | 36 e0 c8 53 ef b6 87 9e 84 21 fd 2f e7 7f 8a 49 Sep 21 07:34:12.057745: | 1c b5 b2 3c fa 23 f2 83 d9 ee 4e 67 35 fe a8 bc Sep 21 07:34:12.057747: | ea 9f f7 c5 e4 b1 e0 47 f2 ef ab 64 ea 78 76 ef Sep 21 07:34:12.057748: | 66 2e dc 77 c0 e4 cf 33 61 a8 6d 0e 0d bd 74 b5 Sep 21 07:34:12.057750: | 83 74 35 5d 33 24 6d d5 be 0c 1f 79 16 ee 61 aa Sep 21 07:34:12.057751: | 3f 35 b2 60 e3 ed ad 07 e1 69 2f 9c 44 6a 17 2e Sep 21 07:34:12.057753: | d6 40 a2 87 8a 9b f3 84 13 90 39 39 8d 0a 06 6a Sep 21 07:34:12.057754: | d4 53 9b 92 4e 5f f9 5c ab f7 d4 57 48 99 3f b0 Sep 21 07:34:12.057756: | 14 3c d2 66 55 5e 64 1c 60 f8 ee 13 Sep 21 07:34:12.057759: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:34:12.057761: | **parse ISAKMP Message: Sep 21 07:34:12.057763: | initiator cookie: Sep 21 07:34:12.057764: | 83 26 94 dc 76 34 ec a4 Sep 21 07:34:12.057766: | responder cookie: Sep 21 07:34:12.057767: | 7f 9b 03 f4 eb 6f 2e 92 Sep 21 07:34:12.057769: | next payload type: ISAKMP_NEXT_HASH (0x8) Sep 21 07:34:12.057771: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:34:12.057773: | exchange type: ISAKMP_XCHG_QUICK (0x20) Sep 21 07:34:12.057774: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Sep 21 07:34:12.057776: | Message ID: 661328245 (0x276b1175) Sep 21 07:34:12.057778: | length: 460 (0x1cc) Sep 21 07:34:12.057780: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32) Sep 21 07:34:12.057782: | State DB: found IKEv1 state #5 in QUICK_I1 (find_state_ikev1) Sep 21 07:34:12.057795: | start processing: state #5 connection "northnet-eastnet-b" from 192.1.2.23:500 (in process_v1_packet() at ikev1.c:1609) Sep 21 07:34:12.057797: | #5 is idle Sep 21 07:34:12.057798: | #5 idle Sep 21 07:34:12.057801: | received encrypted packet from 192.1.2.23:500 Sep 21 07:34:12.057822: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x502 opt: 0x200030 Sep 21 07:34:12.057824: | ***parse ISAKMP Hash Payload: Sep 21 07:34:12.057826: | next payload type: ISAKMP_NEXT_SA (0x1) Sep 21 07:34:12.057827: | length: 36 (0x24) Sep 21 07:34:12.057829: | got payload 0x2 (ISAKMP_NEXT_SA) needed: 0x402 opt: 0x200030 Sep 21 07:34:12.057831: | ***parse ISAKMP Security Association Payload: Sep 21 07:34:12.057832: | next payload type: ISAKMP_NEXT_NONCE (0xa) Sep 21 07:34:12.057834: | length: 56 (0x38) Sep 21 07:34:12.057835: | DOI: ISAKMP_DOI_IPSEC (0x1) Sep 21 07:34:12.057837: | got payload 0x400 (ISAKMP_NEXT_NONCE) needed: 0x400 opt: 0x200030 Sep 21 07:34:12.057838: | ***parse ISAKMP Nonce Payload: Sep 21 07:34:12.057840: | next payload type: ISAKMP_NEXT_KE (0x4) Sep 21 07:34:12.057841: | length: 36 (0x24) Sep 21 07:34:12.057843: | got payload 0x10 (ISAKMP_NEXT_KE) needed: 0x0 opt: 0x200030 Sep 21 07:34:12.057846: | ***parse ISAKMP Key Exchange Payload: Sep 21 07:34:12.057848: | next payload type: ISAKMP_NEXT_ID (0x5) Sep 21 07:34:12.057849: | length: 260 (0x104) Sep 21 07:34:12.057851: | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030 Sep 21 07:34:12.057852: | ***parse ISAKMP Identification Payload (IPsec DOI): Sep 21 07:34:12.057854: | next payload type: ISAKMP_NEXT_ID (0x5) Sep 21 07:34:12.057855: | length: 16 (0x10) Sep 21 07:34:12.057857: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Sep 21 07:34:12.057858: | Protocol ID: 0 (0x0) Sep 21 07:34:12.057860: | port: 0 (0x0) Sep 21 07:34:12.057861: | obj: c0 00 03 00 ff ff ff 00 Sep 21 07:34:12.057863: | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030 Sep 21 07:34:12.057864: | ***parse ISAKMP Identification Payload (IPsec DOI): Sep 21 07:34:12.057866: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:12.057867: | length: 16 (0x10) Sep 21 07:34:12.057869: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Sep 21 07:34:12.057870: | Protocol ID: 0 (0x0) Sep 21 07:34:12.057872: | port: 0 (0x0) Sep 21 07:34:12.057873: | obj: c0 00 02 00 ff ff ff 00 Sep 21 07:34:12.057875: | removing 12 bytes of padding Sep 21 07:34:12.057888: | quick_inR1_outI2 HASH(2): Sep 21 07:34:12.057890: | 46 4c a3 34 a4 29 d7 63 7c a9 7c 63 52 41 98 0d Sep 21 07:34:12.057891: | e1 e5 02 41 2f 4e 9f 29 ea 38 18 ab 98 d5 13 f3 Sep 21 07:34:12.057893: | received 'quick_inR1_outI2' message HASH(2) data ok Sep 21 07:34:12.057896: | ****parse IPsec DOI SIT: Sep 21 07:34:12.057898: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) Sep 21 07:34:12.057899: | ****parse ISAKMP Proposal Payload: Sep 21 07:34:12.057901: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:12.057902: | length: 44 (0x2c) Sep 21 07:34:12.057904: | proposal number: 0 (0x0) Sep 21 07:34:12.057905: | protocol ID: PROTO_IPSEC_ESP (0x3) Sep 21 07:34:12.057907: | SPI size: 4 (0x4) Sep 21 07:34:12.057908: | number of transforms: 1 (0x1) Sep 21 07:34:12.057910: | parsing 4 raw bytes of ISAKMP Proposal Payload into SPI Sep 21 07:34:12.057911: | SPI 23 7d ce 79 Sep 21 07:34:12.057913: | *****parse ISAKMP Transform Payload (ESP): Sep 21 07:34:12.057915: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:12.057916: | length: 32 (0x20) Sep 21 07:34:12.057917: | ESP transform number: 0 (0x0) Sep 21 07:34:12.057919: | ESP transform ID: ESP_AES (0xc) Sep 21 07:34:12.057921: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:34:12.057922: | af+type: AF+GROUP_DESCRIPTION (0x8003) Sep 21 07:34:12.057924: | length/value: 14 (0xe) Sep 21 07:34:12.057925: | [14 is OAKLEY_GROUP_MODP2048] Sep 21 07:34:12.057927: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:34:12.057929: | af+type: AF+ENCAPSULATION_MODE (0x8004) Sep 21 07:34:12.057930: | length/value: 1 (0x1) Sep 21 07:34:12.057932: | [1 is ENCAPSULATION_MODE_TUNNEL] Sep 21 07:34:12.057933: | NAT-T non-encap: Installing IPsec SA without ENCAP, st->hidden_variables.st_nat_traversal is none Sep 21 07:34:12.057935: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:34:12.057937: | af+type: AF+SA_LIFE_TYPE (0x8001) Sep 21 07:34:12.057938: | length/value: 1 (0x1) Sep 21 07:34:12.057939: | [1 is SA_LIFE_TYPE_SECONDS] Sep 21 07:34:12.057941: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:34:12.057942: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) Sep 21 07:34:12.057944: | length/value: 28800 (0x7080) Sep 21 07:34:12.057946: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:34:12.057947: | af+type: AF+AUTH_ALGORITHM (0x8005) Sep 21 07:34:12.057949: | length/value: 2 (0x2) Sep 21 07:34:12.057950: | [2 is AUTH_ALGORITHM_HMAC_SHA1] Sep 21 07:34:12.057952: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:34:12.057953: | af+type: AF+KEY_LENGTH (0x8006) Sep 21 07:34:12.057955: | length/value: 128 (0x80) Sep 21 07:34:12.057956: | ESP IPsec Transform verified unconditionally; no alg_info to check against Sep 21 07:34:12.057966: | started looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org of kind PKK_PSK Sep 21 07:34:12.057974: | actually looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org of kind PKK_PSK Sep 21 07:34:12.057979: | line 0: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org) to type PKK_RSA Sep 21 07:34:12.057984: | line 1: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org) to type PKK_RSA Sep 21 07:34:12.057986: | concluding with best_match=000 best=(nil) (lineno=-1) Sep 21 07:34:12.057987: | no PreShared Key Found Sep 21 07:34:12.057990: | adding quick outI2 DH work-order 10 for state #5 Sep 21 07:34:12.057992: | state #5 requesting EVENT_RETRANSMIT to be deleted Sep 21 07:34:12.057994: | #5 STATE_QUICK_I1: retransmits: cleared Sep 21 07:34:12.057996: | libevent_free: release ptr-libevent@0x7fdad0006900 Sep 21 07:34:12.057997: | free_event_entry: release EVENT_RETRANSMIT-pe@0x55dbe1bf50f0 Sep 21 07:34:12.057999: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55dbe1bf50f0 Sep 21 07:34:12.058002: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #5 Sep 21 07:34:12.058003: | libevent_malloc: new ptr-libevent@0x7fdad0006900 size 128 Sep 21 07:34:12.058008: | complete v1 state transition with STF_SUSPEND Sep 21 07:34:12.058011: | [RE]START processing: state #5 connection "northnet-eastnet-b" from 192.1.2.23:500 (in complete_v1_state_transition() at ikev1.c:2624) Sep 21 07:34:12.058013: | suspending state #5 and saving MD Sep 21 07:34:12.058012: | crypto helper 1 resuming Sep 21 07:34:12.058022: | crypto helper 1 starting work-order 10 for state #5 Sep 21 07:34:12.058015: | #5 is busy; has a suspended MD Sep 21 07:34:12.058027: | crypto helper 1 doing compute dh (V1 Phase 2 PFS) (quick outI2 DH); request ID 10 Sep 21 07:34:12.058033: | #5 spent 0.133 milliseconds in process_packet_tail() Sep 21 07:34:12.058036: | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) Sep 21 07:34:12.058039: | stop processing: state #5 connection "northnet-eastnet-b" from 192.1.2.23:500 (in process_md() at demux.c:382) Sep 21 07:34:12.058041: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:34:12.058043: | spent 0.333 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:34:12.058240: | crypto helper 0 finished compute dh (V1 Phase 2 PFS) (quick outI2 DH); request ID 9 time elapsed 0.001293 seconds Sep 21 07:34:12.058250: | (#4) spent 1.3 milliseconds in crypto helper computing work-order 9: quick outI2 DH (pcr) Sep 21 07:34:12.058254: | crypto helper 0 sending results from work-order 9 for state #4 to event queue Sep 21 07:34:12.058257: | scheduling resume sending helper answer for #4 Sep 21 07:34:12.058262: | libevent_malloc: new ptr-libevent@0x7fdad40050d0 size 128 Sep 21 07:34:12.058271: | crypto helper 0 waiting (nothing to do) Sep 21 07:34:12.058305: | processing resume sending helper answer for #4 Sep 21 07:34:12.058313: | start processing: state #4 connection "north-a-dpd" from 192.1.2.23:500 (in resume_handler() at server.c:797) Sep 21 07:34:12.058316: | crypto helper 0 replies to request ID 9 Sep 21 07:34:12.058318: | calling continuation function 0x55dbdfa7b630 Sep 21 07:34:12.058320: | quick_inR1_outI2_continue for #4: calculated ke+nonce, calculating DH Sep 21 07:34:12.058323: | **emit ISAKMP Message: Sep 21 07:34:12.058325: | initiator cookie: Sep 21 07:34:12.058326: | 83 26 94 dc 76 34 ec a4 Sep 21 07:34:12.058327: | responder cookie: Sep 21 07:34:12.058332: | 7f 9b 03 f4 eb 6f 2e 92 Sep 21 07:34:12.058334: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:12.058335: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:34:12.058337: | exchange type: ISAKMP_XCHG_QUICK (0x20) Sep 21 07:34:12.058339: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Sep 21 07:34:12.058340: | Message ID: 1717006575 (0x665770ef) Sep 21 07:34:12.058342: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:34:12.058344: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address Sep 21 07:34:12.058346: | ID address c0 00 03 00 Sep 21 07:34:12.058347: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID mask Sep 21 07:34:12.058349: | ID mask ff ff ff 00 Sep 21 07:34:12.058351: | our client is subnet 192.0.3.0/24 Sep 21 07:34:12.058353: | our client protocol/port is 0/0 Sep 21 07:34:12.058355: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address Sep 21 07:34:12.058356: | ID address c0 00 16 00 Sep 21 07:34:12.058358: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID mask Sep 21 07:34:12.058359: | ID mask ff ff ff 00 Sep 21 07:34:12.058361: | peer client is subnet 192.0.22.0/24 Sep 21 07:34:12.058363: | peer client protocol/port is 0/0 Sep 21 07:34:12.058364: | ***emit ISAKMP Hash Payload: Sep 21 07:34:12.058366: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:12.058368: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Sep 21 07:34:12.058370: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'reply packet' Sep 21 07:34:12.058372: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Sep 21 07:34:12.058373: | emitting length of ISAKMP Hash Payload: 36 Sep 21 07:34:12.058388: | quick_inR1_outI2 HASH(3): Sep 21 07:34:12.058390: | ad 15 46 99 ae 14 91 1a 8c 19 e4 64 2d 07 c3 1f Sep 21 07:34:12.058392: | d3 64 73 b4 9e cd 87 fa d5 f9 d7 a6 49 dd ea e1 Sep 21 07:34:12.058393: | compute_proto_keymat: needed_len (after ESP enc)=16 Sep 21 07:34:12.058395: | compute_proto_keymat: needed_len (after ESP auth)=36 Sep 21 07:34:12.058461: | install_ipsec_sa() for #4: inbound and outbound Sep 21 07:34:12.058463: | could_route called for north-a-dpd (kind=CK_PERMANENT) Sep 21 07:34:12.058465: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:34:12.058467: | conn north-a-dpd mark 0/00000000, 0/00000000 vs Sep 21 07:34:12.058469: | conn north-a-dpd mark 0/00000000, 0/00000000 Sep 21 07:34:12.058471: | conn north-a-dpd mark 0/00000000, 0/00000000 vs Sep 21 07:34:12.058472: | conn northnet-eastnet-b mark 0/00000000, 0/00000000 Sep 21 07:34:12.058475: | route owner of "north-a-dpd" prospective erouted: self; eroute owner: self Sep 21 07:34:12.058477: | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 Sep 21 07:34:12.058479: | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 Sep 21 07:34:12.058480: | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 Sep 21 07:34:12.058483: | setting IPsec SA replay-window to 32 Sep 21 07:34:12.058485: | NIC esp-hw-offload not for connection 'north-a-dpd' not available on interface eth1 Sep 21 07:34:12.058487: | netlink: enabling tunnel mode Sep 21 07:34:12.058489: | netlink: setting IPsec SA replay-window to 32 using old-style req Sep 21 07:34:12.058491: | netlink: esp-hw-offload not set for IPsec SA Sep 21 07:34:12.058540: | netlink response for Add SA esp.4602f09a@192.1.2.23 included non-error error Sep 21 07:34:12.058558: | set up outgoing SA, ref=0/0 Sep 21 07:34:12.058562: | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 Sep 21 07:34:12.058565: | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 Sep 21 07:34:12.058567: | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 Sep 21 07:34:12.058569: | setting IPsec SA replay-window to 32 Sep 21 07:34:12.058573: | NIC esp-hw-offload not for connection 'north-a-dpd' not available on interface eth1 Sep 21 07:34:12.058575: | netlink: enabling tunnel mode Sep 21 07:34:12.058576: | netlink: setting IPsec SA replay-window to 32 using old-style req Sep 21 07:34:12.058578: | netlink: esp-hw-offload not set for IPsec SA Sep 21 07:34:12.058614: | netlink response for Add SA esp.aa056cd4@192.1.3.33 included non-error error Sep 21 07:34:12.058618: | priority calculation of connection "north-a-dpd" is 0xfe7e7 Sep 21 07:34:12.058624: | add inbound eroute 192.0.22.0/24:0 --0-> 192.0.3.0/24:0 => tun.10000@192.1.3.33 (raw_eroute) Sep 21 07:34:12.058626: | IPsec Sa SPD priority set to 1042407 Sep 21 07:34:12.058665: | raw_eroute result=success Sep 21 07:34:12.058669: | set up incoming SA, ref=0/0 Sep 21 07:34:12.058671: | sr for #4: prospective erouted Sep 21 07:34:12.058673: | route_and_eroute() for proto 0, and source port 0 dest port 0 Sep 21 07:34:12.058674: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:34:12.058676: | conn north-a-dpd mark 0/00000000, 0/00000000 vs Sep 21 07:34:12.058678: | conn north-a-dpd mark 0/00000000, 0/00000000 Sep 21 07:34:12.058680: | conn north-a-dpd mark 0/00000000, 0/00000000 vs Sep 21 07:34:12.058682: | conn northnet-eastnet-b mark 0/00000000, 0/00000000 Sep 21 07:34:12.058685: | route owner of "north-a-dpd" prospective erouted: self; eroute owner: self Sep 21 07:34:12.058714: | route_and_eroute with c: north-a-dpd (next: none) ero:north-a-dpd esr:{(nil)} ro:north-a-dpd rosr:{(nil)} and state: #4 Sep 21 07:34:12.058720: | priority calculation of connection "north-a-dpd" is 0xfe7e7 Sep 21 07:34:12.058727: | eroute_connection replace eroute 192.0.3.0/24:0 --0-> 192.0.22.0/24:0 => tun.0@192.1.2.23>tun.0@192.1.2.23 (raw_eroute) Sep 21 07:34:12.058729: | IPsec Sa SPD priority set to 1042407 Sep 21 07:34:12.058754: | raw_eroute result=success Sep 21 07:34:12.058758: | running updown command "ipsec _updown" for verb up Sep 21 07:34:12.058760: | command executing up-client Sep 21 07:34:12.058780: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:34:12.058792: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:34:12.058807: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-a-dpd' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENC Sep 21 07:34:12.058811: | popen cmd is 1398 chars long Sep 21 07:34:12.058813: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-a-dpd' PLUTO_: Sep 21 07:34:12.058828: | cmd( 80):INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID=: Sep 21 07:34:12.058830: | cmd( 160):'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.: Sep 21 07:34:12.058832: | cmd( 240):libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24: Sep 21 07:34:12.058835: | cmd( 320):' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_: Sep 21 07:34:12.058840: | cmd( 400):PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_: Sep 21 07:34:12.058842: | cmd( 480):PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Te: Sep 21 07:34:12.058845: | cmd( 560):st Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org': Sep 21 07:34:12.058847: | cmd( 640): PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' PLUTO_PEER: Sep 21 07:34:12.058849: | cmd( 720):_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_P: Sep 21 07:34:12.058851: | cmd( 800):EER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libresw: Sep 21 07:34:12.058852: | cmd( 880):an test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTI: Sep 21 07:34:12.058854: | cmd( 960):ME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+I: Sep 21 07:34:12.058855: | cmd(1040):KE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4: Sep 21 07:34:12.058857: | cmd(1120):' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAI: Sep 21 07:34:12.058858: | cmd(1200):N_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_N: Sep 21 07:34:12.058860: | cmd(1280):M_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x4602f09a: Sep 21 07:34:12.058862: | cmd(1360): SPI_OUT=0xaa056cd4 ipsec _updown 2>&1: Sep 21 07:34:12.059013: | crypto helper 1 finished compute dh (V1 Phase 2 PFS) (quick outI2 DH); request ID 10 time elapsed 0.000986 seconds Sep 21 07:34:12.059020: | (#5) spent 0.988 milliseconds in crypto helper computing work-order 10: quick outI2 DH (pcr) Sep 21 07:34:12.059023: | crypto helper 1 sending results from work-order 10 for state #5 to event queue Sep 21 07:34:12.059025: | scheduling resume sending helper answer for #5 Sep 21 07:34:12.059029: | libevent_malloc: new ptr-libevent@0x7fdad80030d0 size 128 Sep 21 07:34:12.059033: | crypto helper 1 waiting (nothing to do) Sep 21 07:34:12.066794: | route_and_eroute: firewall_notified: true Sep 21 07:34:12.066805: | route_and_eroute: instance "north-a-dpd", setting eroute_owner {spd=0x55dbe1bf13e0,sr=0x55dbe1bf13e0} to #4 (was #0) (newest_ipsec_sa=#0) Sep 21 07:34:12.066897: | #3 spent 0.564 milliseconds in install_ipsec_sa() Sep 21 07:34:12.066902: | emitting 12 zero bytes of encryption padding into ISAKMP Message Sep 21 07:34:12.066903: | no IKEv1 message padding required Sep 21 07:34:12.066905: | emitting length of ISAKMP Message: 76 Sep 21 07:34:12.066921: | inR1_outI2: instance north-a-dpd[0], setting IKEv1 newest_ipsec_sa to #4 (was #0) (spd.eroute=#4) cloned from #3 Sep 21 07:34:12.066924: | DPD: dpd_init() called on IPsec SA Sep 21 07:34:12.066926: | State DB: found IKEv1 state #3 in MAIN_I4 (find_state_ikev1) Sep 21 07:34:12.066929: | event_schedule: new EVENT_DPD-pe@0x7fdac8002b20 Sep 21 07:34:12.066932: | inserting event EVENT_DPD, timeout in 3 seconds for #4 Sep 21 07:34:12.066934: | libevent_malloc: new ptr-libevent@0x7fdac8006900 size 128 Sep 21 07:34:12.066937: | complete v1 state transition with STF_OK Sep 21 07:34:12.066941: | [RE]START processing: state #4 connection "north-a-dpd" from 192.1.2.23:500 (in complete_v1_state_transition() at ikev1.c:2649) Sep 21 07:34:12.066943: | #4 is idle Sep 21 07:34:12.066945: | doing_xauth:no, t_xauth_client_done:no Sep 21 07:34:12.066946: | IKEv1: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2 Sep 21 07:34:12.066949: | child state #4: QUICK_I1(established CHILD SA) => QUICK_I2(established CHILD SA) Sep 21 07:34:12.066951: | event_already_set, deleting event Sep 21 07:34:12.066952: | state #4 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:34:12.066955: | libevent_free: release ptr-libevent@0x7fdac4004f00 Sep 21 07:34:12.066957: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7fdad80041c0 Sep 21 07:34:12.066960: | sending reply packet to 192.1.2.23:500 (from 192.1.3.33:500) Sep 21 07:34:12.066965: | sending 76 bytes for STATE_QUICK_I1 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #4) Sep 21 07:34:12.066969: | 83 26 94 dc 76 34 ec a4 7f 9b 03 f4 eb 6f 2e 92 Sep 21 07:34:12.066971: | 08 10 20 01 66 57 70 ef 00 00 00 4c b0 a7 2e 7a Sep 21 07:34:12.066973: | 2e ea 12 3d c9 e6 29 df 93 b9 f3 97 f3 f8 c3 2d Sep 21 07:34:12.066974: | bb 4c 69 72 8b 4c 7a 82 3e b7 f7 15 a4 30 ab 11 Sep 21 07:34:12.066975: | a0 e2 8b 09 fd 59 ec d3 74 0f e1 51 Sep 21 07:34:12.067010: | !event_already_set at reschedule Sep 21 07:34:12.067013: | event_schedule: new EVENT_SA_REPLACE-pe@0x7fdad80041c0 Sep 21 07:34:12.067016: | inserting event EVENT_SA_REPLACE, timeout in 27829 seconds for #4 Sep 21 07:34:12.067017: | libevent_malloc: new ptr-libevent@0x7fdac4004f00 size 128 Sep 21 07:34:12.067020: | pstats #4 ikev1.ipsec established Sep 21 07:34:12.067023: | NAT-T: encaps is 'auto' Sep 21 07:34:12.067026: "north-a-dpd" #4: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode {ESP=>0x4602f09a <0xaa056cd4 xfrm=AES_CBC_128-HMAC_SHA1_96 NATOA=none NATD=none DPD=active} Sep 21 07:34:12.067028: | modecfg pull: noquirk policy:push not-client Sep 21 07:34:12.067029: | phase 1 is done, looking for phase 2 to unpend Sep 21 07:34:12.067032: | resume sending helper answer for #4 suppresed complete_v1_state_transition() Sep 21 07:34:12.067036: | #4 spent 0.83 milliseconds in resume sending helper answer Sep 21 07:34:12.067039: | stop processing: state #4 connection "north-a-dpd" from 192.1.2.23:500 (in resume_handler() at server.c:833) Sep 21 07:34:12.067041: | libevent_free: release ptr-libevent@0x7fdad40050d0 Sep 21 07:34:12.067051: | processing resume sending helper answer for #5 Sep 21 07:34:12.067054: | start processing: state #5 connection "northnet-eastnet-b" from 192.1.2.23:500 (in resume_handler() at server.c:797) Sep 21 07:34:12.067056: | crypto helper 1 replies to request ID 10 Sep 21 07:34:12.067058: | calling continuation function 0x55dbdfa7b630 Sep 21 07:34:12.067060: | quick_inR1_outI2_continue for #5: calculated ke+nonce, calculating DH Sep 21 07:34:12.067064: | **emit ISAKMP Message: Sep 21 07:34:12.067065: | initiator cookie: Sep 21 07:34:12.067067: | 83 26 94 dc 76 34 ec a4 Sep 21 07:34:12.067068: | responder cookie: Sep 21 07:34:12.067070: | 7f 9b 03 f4 eb 6f 2e 92 Sep 21 07:34:12.067072: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:12.067074: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:34:12.067076: | exchange type: ISAKMP_XCHG_QUICK (0x20) Sep 21 07:34:12.067077: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Sep 21 07:34:12.067079: | Message ID: 661328245 (0x276b1175) Sep 21 07:34:12.067081: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:34:12.067084: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address Sep 21 07:34:12.067086: | ID address c0 00 03 00 Sep 21 07:34:12.067088: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID mask Sep 21 07:34:12.067089: | ID mask ff ff ff 00 Sep 21 07:34:12.067092: | our client is subnet 192.0.3.0/24 Sep 21 07:34:12.067094: | our client protocol/port is 0/0 Sep 21 07:34:12.067096: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address Sep 21 07:34:12.067097: | ID address c0 00 02 00 Sep 21 07:34:12.067099: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID mask Sep 21 07:34:12.067100: | ID mask ff ff ff 00 Sep 21 07:34:12.067102: | peer client is subnet 192.0.2.0/24 Sep 21 07:34:12.067104: | peer client protocol/port is 0/0 Sep 21 07:34:12.067106: | ***emit ISAKMP Hash Payload: Sep 21 07:34:12.067107: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:12.067109: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Sep 21 07:34:12.067111: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'reply packet' Sep 21 07:34:12.067113: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Sep 21 07:34:12.067117: | emitting length of ISAKMP Hash Payload: 36 Sep 21 07:34:12.067136: | quick_inR1_outI2 HASH(3): Sep 21 07:34:12.067138: | 53 e3 2c 61 5e 2f 23 43 a6 b6 4c ab b2 c4 6d e0 Sep 21 07:34:12.067140: | ee 74 02 7f f4 64 a3 4d 2e a0 43 38 cc 36 19 52 Sep 21 07:34:12.067141: | compute_proto_keymat: needed_len (after ESP enc)=16 Sep 21 07:34:12.067143: | compute_proto_keymat: needed_len (after ESP auth)=36 Sep 21 07:34:12.067204: | install_ipsec_sa() for #5: inbound and outbound Sep 21 07:34:12.067207: | could_route called for northnet-eastnet-b (kind=CK_PERMANENT) Sep 21 07:34:12.067209: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:34:12.067211: | conn northnet-eastnet-b mark 0/00000000, 0/00000000 vs Sep 21 07:34:12.067213: | conn north-a-dpd mark 0/00000000, 0/00000000 Sep 21 07:34:12.067214: | conn northnet-eastnet-b mark 0/00000000, 0/00000000 vs Sep 21 07:34:12.067216: | conn northnet-eastnet-b mark 0/00000000, 0/00000000 Sep 21 07:34:12.067218: | route owner of "northnet-eastnet-b" unrouted: NULL; eroute owner: NULL Sep 21 07:34:12.067221: | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 Sep 21 07:34:12.067223: | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 Sep 21 07:34:12.067225: | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 Sep 21 07:34:12.067227: | setting IPsec SA replay-window to 32 Sep 21 07:34:12.067229: | NIC esp-hw-offload not for connection 'northnet-eastnet-b' not available on interface eth1 Sep 21 07:34:12.067231: | netlink: enabling tunnel mode Sep 21 07:34:12.067233: | netlink: setting IPsec SA replay-window to 32 using old-style req Sep 21 07:34:12.067235: | netlink: esp-hw-offload not set for IPsec SA Sep 21 07:34:12.067306: | netlink response for Add SA esp.237dce79@192.1.2.23 included non-error error Sep 21 07:34:12.067310: | set up outgoing SA, ref=0/0 Sep 21 07:34:12.067312: | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 Sep 21 07:34:12.067314: | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 Sep 21 07:34:12.067315: | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 Sep 21 07:34:12.067318: | setting IPsec SA replay-window to 32 Sep 21 07:34:12.067319: | NIC esp-hw-offload not for connection 'northnet-eastnet-b' not available on interface eth1 Sep 21 07:34:12.067321: | netlink: enabling tunnel mode Sep 21 07:34:12.067323: | netlink: setting IPsec SA replay-window to 32 using old-style req Sep 21 07:34:12.067324: | netlink: esp-hw-offload not set for IPsec SA Sep 21 07:34:12.067360: | netlink response for Add SA esp.aac594a@192.1.3.33 included non-error error Sep 21 07:34:12.067364: | priority calculation of connection "northnet-eastnet-b" is 0xfe7e7 Sep 21 07:34:12.067369: | add inbound eroute 192.0.2.0/24:0 --0-> 192.0.3.0/24:0 => tun.10000@192.1.3.33 (raw_eroute) Sep 21 07:34:12.067371: | IPsec Sa SPD priority set to 1042407 Sep 21 07:34:12.067410: | raw_eroute result=success Sep 21 07:34:12.067414: | set up incoming SA, ref=0/0 Sep 21 07:34:12.067416: | sr for #5: unrouted Sep 21 07:34:12.067417: | route_and_eroute() for proto 0, and source port 0 dest port 0 Sep 21 07:34:12.067419: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:34:12.067421: | conn northnet-eastnet-b mark 0/00000000, 0/00000000 vs Sep 21 07:34:12.067423: | conn north-a-dpd mark 0/00000000, 0/00000000 Sep 21 07:34:12.067424: | conn northnet-eastnet-b mark 0/00000000, 0/00000000 vs Sep 21 07:34:12.067426: | conn northnet-eastnet-b mark 0/00000000, 0/00000000 Sep 21 07:34:12.067428: | route owner of "northnet-eastnet-b" unrouted: NULL; eroute owner: NULL Sep 21 07:34:12.067431: | route_and_eroute with c: northnet-eastnet-b (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #5 Sep 21 07:34:12.067433: | priority calculation of connection "northnet-eastnet-b" is 0xfe7e7 Sep 21 07:34:12.067437: | eroute_connection add eroute 192.0.3.0/24:0 --0-> 192.0.2.0/24:0 => tun.0@192.1.2.23 (raw_eroute) Sep 21 07:34:12.067441: | IPsec Sa SPD priority set to 1042407 Sep 21 07:34:12.067461: | raw_eroute result=success Sep 21 07:34:12.067465: | running updown command "ipsec _updown" for verb up Sep 21 07:34:12.067467: | command executing up-client Sep 21 07:34:12.067487: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:34:12.067492: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:34:12.067505: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet-b' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASI Sep 21 07:34:12.067507: | popen cmd is 1402 chars long Sep 21 07:34:12.067509: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet-b': Sep 21 07:34:12.067511: | cmd( 80): PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO: Sep 21 07:34:12.067513: | cmd( 160):_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.t: Sep 21 07:34:12.067514: | cmd( 240):esting.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0: Sep 21 07:34:12.067516: | cmd( 320):.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PL: Sep 21 07:34:12.067517: | cmd( 400):UTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP': Sep 21 07:34:12.067532: | cmd( 480): PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan: Sep 21 07:34:12.067534: | cmd( 560):, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libresw: Sep 21 07:34:12.067535: | cmd( 640):an.org' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO: Sep 21 07:34:12.067537: | cmd( 720):_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PL: Sep 21 07:34:12.067538: | cmd( 800):UTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Li: Sep 21 07:34:12.067540: | cmd( 880):breswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_: Sep 21 07:34:12.067542: | cmd( 960):ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TR: Sep 21 07:34:12.067543: | cmd(1040):ACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY=: Sep 21 07:34:12.067545: | cmd(1120):'ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_: Sep 21 07:34:12.067546: | cmd(1200):DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PL: Sep 21 07:34:12.067548: | cmd(1280):UTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x237: Sep 21 07:34:12.067549: | cmd(1360):dce79 SPI_OUT=0xaac594a ipsec _updown 2>&1: Sep 21 07:34:12.077118: | route_and_eroute: firewall_notified: true Sep 21 07:34:12.077129: | running updown command "ipsec _updown" for verb prepare Sep 21 07:34:12.077132: | command executing prepare-client Sep 21 07:34:12.077155: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:34:12.077164: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:34:12.077178: | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet-b' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POL Sep 21 07:34:12.077180: | popen cmd is 1407 chars long Sep 21 07:34:12.077182: | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastn: Sep 21 07:34:12.077184: | cmd( 80):et-b' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' : Sep 21 07:34:12.077186: | cmd( 160):PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=no: Sep 21 07:34:12.077187: | cmd( 240):rth.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT=': Sep 21 07:34:12.077189: | cmd( 320):192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.: Sep 21 07:34:12.077191: | cmd( 400):0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE=: Sep 21 07:34:12.077192: | cmd( 480):'ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libr: Sep 21 07:34:12.077194: | cmd( 560):eswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.li: Sep 21 07:34:12.077196: | cmd( 640):breswan.org' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' : Sep 21 07:34:12.077197: | cmd( 720):PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL=': Sep 21 07:34:12.077199: | cmd( 800):0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, : Sep 21 07:34:12.077200: | cmd( 880):CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' P: Sep 21 07:34:12.077202: | cmd( 960):LUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAR: Sep 21 07:34:12.077204: | cmd(1040):EF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFA: Sep 21 07:34:12.077205: | cmd(1120):MILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_: Sep 21 07:34:12.077207: | cmd(1200):PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT=': Sep 21 07:34:12.077209: | cmd(1280):0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=: Sep 21 07:34:12.077210: | cmd(1360):0x237dce79 SPI_OUT=0xaac594a ipsec _updown 2>&1: Sep 21 07:34:12.083834: | running updown command "ipsec _updown" for verb route Sep 21 07:34:12.083851: | command executing route-client Sep 21 07:34:12.083892: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:34:12.083901: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:34:12.083924: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet-b' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY= Sep 21 07:34:12.083931: | popen cmd is 1405 chars long Sep 21 07:34:12.083935: | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet: Sep 21 07:34:12.083938: | cmd( 80):-b' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PL: Sep 21 07:34:12.083940: | cmd( 160):UTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=nort: Sep 21 07:34:12.083943: | cmd( 240):h.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='19: Sep 21 07:34:12.083945: | cmd( 320):2.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0': Sep 21 07:34:12.083948: | cmd( 400): PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='E: Sep 21 07:34:12.083950: | cmd( 480):SP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libres: Sep 21 07:34:12.083953: | cmd( 560):wan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libr: Sep 21 07:34:12.083955: | cmd( 640):eswan.org' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PL: Sep 21 07:34:12.083958: | cmd( 720):UTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0': Sep 21 07:34:12.083960: | cmd( 800): PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN: Sep 21 07:34:12.083963: | cmd( 880):=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLU: Sep 21 07:34:12.083965: | cmd( 960):TO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF: Sep 21 07:34:12.083968: | cmd(1040):_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMI: Sep 21 07:34:12.083970: | cmd(1120):LY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PE: Sep 21 07:34:12.083972: | cmd(1200):ER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0': Sep 21 07:34:12.083975: | cmd(1280): PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x: Sep 21 07:34:12.083977: | cmd(1360):237dce79 SPI_OUT=0xaac594a ipsec _updown 2>&1: Sep 21 07:34:12.093655: | route_and_eroute: instance "northnet-eastnet-b", setting eroute_owner {spd=0x55dbe1bfa9f0,sr=0x55dbe1bfa9f0} to #5 (was #0) (newest_ipsec_sa=#0) Sep 21 07:34:12.093732: | #3 spent 0.907 milliseconds in install_ipsec_sa() Sep 21 07:34:12.093739: | emitting 12 zero bytes of encryption padding into ISAKMP Message Sep 21 07:34:12.093742: | no IKEv1 message padding required Sep 21 07:34:12.093745: | emitting length of ISAKMP Message: 76 Sep 21 07:34:12.093765: | inR1_outI2: instance northnet-eastnet-b[0], setting IKEv1 newest_ipsec_sa to #5 (was #0) (spd.eroute=#5) cloned from #3 Sep 21 07:34:12.093769: | DPD: dpd_init() called on IPsec SA Sep 21 07:34:12.093772: | DPD: Peer does not support Dead Peer Detection Sep 21 07:34:12.093775: | complete v1 state transition with STF_OK Sep 21 07:34:12.093782: | [RE]START processing: state #5 connection "northnet-eastnet-b" from 192.1.2.23:500 (in complete_v1_state_transition() at ikev1.c:2649) Sep 21 07:34:12.093791: | #5 is idle Sep 21 07:34:12.093794: | doing_xauth:no, t_xauth_client_done:no Sep 21 07:34:12.093802: | IKEv1: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2 Sep 21 07:34:12.093806: | child state #5: QUICK_I1(established CHILD SA) => QUICK_I2(established CHILD SA) Sep 21 07:34:12.093809: | event_already_set, deleting event Sep 21 07:34:12.093812: | state #5 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:34:12.093830: | libevent_free: release ptr-libevent@0x7fdad0006900 Sep 21 07:34:12.093833: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55dbe1bf50f0 Sep 21 07:34:12.093839: | sending reply packet to 192.1.2.23:500 (from 192.1.3.33:500) Sep 21 07:34:12.093846: | sending 76 bytes for STATE_QUICK_I1 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #5) Sep 21 07:34:12.093849: | 83 26 94 dc 76 34 ec a4 7f 9b 03 f4 eb 6f 2e 92 Sep 21 07:34:12.093852: | 08 10 20 01 27 6b 11 75 00 00 00 4c f3 93 c8 2b Sep 21 07:34:12.093855: | 34 e1 e7 73 ef a6 aa 09 51 20 e8 c9 a5 70 e3 01 Sep 21 07:34:12.093857: | df 72 67 9b 00 4d 34 77 5c 14 f1 5e 52 70 f1 9e Sep 21 07:34:12.093859: | e6 b3 72 b6 22 53 19 95 63 ab 25 89 Sep 21 07:34:12.093898: | !event_already_set at reschedule Sep 21 07:34:12.093916: | event_schedule: new EVENT_SA_REPLACE-pe@0x55dbe1bf50f0 Sep 21 07:34:12.093919: | inserting event EVENT_SA_REPLACE, timeout in 27768 seconds for #5 Sep 21 07:34:12.093922: | libevent_malloc: new ptr-libevent@0x7fdad0006900 size 128 Sep 21 07:34:12.093924: | pstats #5 ikev1.ipsec established Sep 21 07:34:12.093927: | NAT-T: encaps is 'auto' Sep 21 07:34:12.093930: "northnet-eastnet-b" #5: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode {ESP=>0x237dce79 <0x0aac594a xfrm=AES_CBC_128-HMAC_SHA1_96 NATOA=none NATD=none DPD=passive} Sep 21 07:34:12.093933: | modecfg pull: noquirk policy:push not-client Sep 21 07:34:12.093934: | phase 1 is done, looking for phase 2 to unpend Sep 21 07:34:12.093937: | resume sending helper answer for #5 suppresed complete_v1_state_transition() Sep 21 07:34:12.093941: | #5 spent 1.24 milliseconds in resume sending helper answer Sep 21 07:34:12.093945: | stop processing: state #5 connection "northnet-eastnet-b" from 192.1.2.23:500 (in resume_handler() at server.c:833) Sep 21 07:34:12.093947: | libevent_free: release ptr-libevent@0x7fdad80030d0 Sep 21 07:34:12.093949: | processing signal PLUTO_SIGCHLD Sep 21 07:34:12.093953: | waitpid returned ECHILD (no child processes left) Sep 21 07:34:12.093956: | spent 0.0037 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:34:12.093963: | processing signal PLUTO_SIGCHLD Sep 21 07:34:12.093965: | waitpid returned ECHILD (no child processes left) Sep 21 07:34:12.093968: | spent 0.00239 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:34:12.093969: | processing signal PLUTO_SIGCHLD Sep 21 07:34:12.093972: | waitpid returned ECHILD (no child processes left) Sep 21 07:34:12.093974: | spent 0.00232 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:34:12.093976: | processing signal PLUTO_SIGCHLD Sep 21 07:34:12.093978: | waitpid returned ECHILD (no child processes left) Sep 21 07:34:12.093980: | spent 0.00232 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:34:15.061839: | timer_event_cb: processing event@0x7fdac8002b20 Sep 21 07:34:15.061864: | handling event EVENT_DPD for child state #4 Sep 21 07:34:15.061871: | start processing: state #4 connection "north-a-dpd" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:34:15.061875: | [RE]START processing: state #4 connection "north-a-dpd" from 192.1.2.23:500 (in dpd_event() at ikev1_dpd.c:357) Sep 21 07:34:15.061877: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:34:15.061880: | DPD: no need to send or schedule DPD for replaced IPsec SA Sep 21 07:34:15.061882: | libevent_free: release ptr-libevent@0x7fdac8006900 Sep 21 07:34:15.061885: | free_event_entry: release EVENT_DPD-pe@0x7fdac8002b20 Sep 21 07:34:15.061890: | #4 spent 0.0529 milliseconds in timer_event_cb() EVENT_DPD Sep 21 07:34:15.061893: | stop processing: state #4 connection "north-a-dpd" from 192.1.2.23:500 (in timer_event_cb() at timer.c:557) Sep 21 07:34:21.980450: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:34:21.980466: | FOR_EACH_STATE_... in show_traffic_status (sort_states) Sep 21 07:34:21.980470: | FOR_EACH_STATE_... in sort_states Sep 21 07:34:21.980476: | get_sa_info esp.aa056cd4@192.1.3.33 Sep 21 07:34:21.980488: | get_sa_info esp.4602f09a@192.1.2.23 Sep 21 07:34:21.980504: | get_sa_info esp.aac594a@192.1.3.33 Sep 21 07:34:21.980510: | get_sa_info esp.237dce79@192.1.2.23 Sep 21 07:34:21.980524: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:34:21.980530: | spent 0.0864 milliseconds in whack Sep 21 07:34:22.828965: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:34:22.829152: | FOR_EACH_CONNECTION_... in show_connections_status Sep 21 07:34:22.829158: | FOR_EACH_CONNECTION_... in show_connections_status Sep 21 07:34:22.829322: | FOR_EACH_STATE_... in show_states_status (sort_states) Sep 21 07:34:22.829327: | FOR_EACH_STATE_... in sort_states Sep 21 07:34:22.829338: | get_sa_info esp.aa056cd4@192.1.3.33 Sep 21 07:34:22.829359: | get_sa_info esp.4602f09a@192.1.2.23 Sep 21 07:34:22.829381: | get_sa_info esp.aac594a@192.1.3.33 Sep 21 07:34:22.829392: | get_sa_info esp.237dce79@192.1.2.23 Sep 21 07:34:22.829415: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:34:22.829423: | spent 0.467 milliseconds in whack Sep 21 07:34:23.150331: | spent 0.00285 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:34:23.150353: | *received 92 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Sep 21 07:34:23.150356: | 83 26 94 dc 76 34 ec a4 7f 9b 03 f4 eb 6f 2e 92 Sep 21 07:34:23.150359: | 08 10 05 01 44 81 8d 71 00 00 00 5c a0 74 8f 56 Sep 21 07:34:23.150361: | e8 9a ea 17 21 be 24 59 74 1e ca ae 1f 20 88 52 Sep 21 07:34:23.150364: | 6b 6d 77 02 81 cf 00 36 69 6f ef 13 41 83 f4 88 Sep 21 07:34:23.150366: | 44 44 22 9e 13 6f 7a 05 f6 fe 6f 57 37 bd 11 40 Sep 21 07:34:23.150368: | 4d b9 29 1e b3 ab 61 fe 18 40 8c b8 Sep 21 07:34:23.150372: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:34:23.150376: | **parse ISAKMP Message: Sep 21 07:34:23.150378: | initiator cookie: Sep 21 07:34:23.150381: | 83 26 94 dc 76 34 ec a4 Sep 21 07:34:23.150383: | responder cookie: Sep 21 07:34:23.150385: | 7f 9b 03 f4 eb 6f 2e 92 Sep 21 07:34:23.150388: | next payload type: ISAKMP_NEXT_HASH (0x8) Sep 21 07:34:23.150390: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:34:23.150393: | exchange type: ISAKMP_XCHG_INFO (0x5) Sep 21 07:34:23.150395: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Sep 21 07:34:23.150398: | Message ID: 1149341041 (0x44818d71) Sep 21 07:34:23.150400: | length: 92 (0x5c) Sep 21 07:34:23.150403: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_INFO (5) Sep 21 07:34:23.150406: | peer and cookies match on #5; msgid=00000000 st_msgid=276b1175 st_msgid_phase15=00000000 Sep 21 07:34:23.150410: | peer and cookies match on #4; msgid=00000000 st_msgid=665770ef st_msgid_phase15=00000000 Sep 21 07:34:23.150413: | peer and cookies match on #3; msgid=00000000 st_msgid=00000000 st_msgid_phase15=00000000 Sep 21 07:34:23.150416: | p15 state object #3 found, in STATE_MAIN_I4 Sep 21 07:34:23.150418: | State DB: found IKEv1 state #3 in MAIN_I4 (find_v1_info_state) Sep 21 07:34:23.150424: | start processing: state #3 connection "northnet-eastnet-b" from 192.1.2.23:500 (in process_v1_packet() at ikev1.c:1455) Sep 21 07:34:23.150440: | #3 is idle Sep 21 07:34:23.150443: | #3 idle Sep 21 07:34:23.150447: | received encrypted packet from 192.1.2.23:500 Sep 21 07:34:23.150457: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x100 opt: 0x0 Sep 21 07:34:23.150460: | ***parse ISAKMP Hash Payload: Sep 21 07:34:23.150463: | next payload type: ISAKMP_NEXT_D (0xc) Sep 21 07:34:23.150465: | length: 36 (0x24) Sep 21 07:34:23.150468: | got payload 0x1000 (ISAKMP_NEXT_D) needed: 0x0 opt: 0x0 Sep 21 07:34:23.150473: | ***parse ISAKMP Delete Payload: Sep 21 07:34:23.150476: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:23.150478: | length: 16 (0x10) Sep 21 07:34:23.150480: | DOI: ISAKMP_DOI_IPSEC (0x1) Sep 21 07:34:23.150482: | protocol ID: 3 (0x3) Sep 21 07:34:23.150485: | SPI size: 4 (0x4) Sep 21 07:34:23.150487: | number of SPIs: 1 (0x1) Sep 21 07:34:23.150489: | removing 12 bytes of padding Sep 21 07:34:23.150509: | informational HASH(1): Sep 21 07:34:23.150512: | 0d 09 fb 7c e1 8c 9b 0b 29 bb bd 96 b3 1d 92 b4 Sep 21 07:34:23.150515: | 88 2d a2 f0 22 5b fa 87 5f 68 b4 cc 75 16 90 49 Sep 21 07:34:23.150518: | received 'informational' message HASH(1) data ok Sep 21 07:34:23.150521: | parsing 4 raw bytes of ISAKMP Delete Payload into SPI Sep 21 07:34:23.150524: | SPI 23 7d ce 79 Sep 21 07:34:23.150526: | FOR_EACH_STATE_... in find_phase2_state_to_delete Sep 21 07:34:23.150531: | start processing: connection "northnet-eastnet-b" (BACKGROUND) (in accept_delete() at ikev1_main.c:2506) Sep 21 07:34:23.150534: "northnet-eastnet-b" #3: received Delete SA payload: replace IPsec State #5 now Sep 21 07:34:23.150537: | state #5 requesting EVENT_SA_REPLACE to be deleted Sep 21 07:34:23.150540: | libevent_free: release ptr-libevent@0x7fdad0006900 Sep 21 07:34:23.150544: | free_event_entry: release EVENT_SA_REPLACE-pe@0x55dbe1bf50f0 Sep 21 07:34:23.150547: | event_schedule: new EVENT_SA_REPLACE-pe@0x55dbe1bf50f0 Sep 21 07:34:23.150550: | inserting event EVENT_SA_REPLACE, timeout in 0 seconds for #5 Sep 21 07:34:23.150554: | libevent_malloc: new ptr-libevent@0x7fdac8006900 size 128 Sep 21 07:34:23.150559: | stop processing: connection "northnet-eastnet-b" (BACKGROUND) (in accept_delete() at ikev1_main.c:2550) Sep 21 07:34:23.150562: | del: Sep 21 07:34:23.150566: | complete v1 state transition with STF_IGNORE Sep 21 07:34:23.150572: | #3 spent 0.00458 milliseconds in process_packet_tail() Sep 21 07:34:23.150577: | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) Sep 21 07:34:23.150582: | stop processing: state #3 connection "northnet-eastnet-b" from 192.1.2.23:500 (in process_md() at demux.c:382) Sep 21 07:34:23.150585: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:34:23.150589: | spent 0.246 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:34:23.150596: | timer_event_cb: processing event@0x55dbe1bf50f0 Sep 21 07:34:23.150599: | handling event EVENT_SA_REPLACE for child state #5 Sep 21 07:34:23.150604: | start processing: state #5 connection "northnet-eastnet-b" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:34:23.150608: | picked newest_ipsec_sa #5 for #5 Sep 21 07:34:23.150611: | replacing stale IPsec SA Sep 21 07:34:23.150615: | dup_any(fd@-1) -> fd@-1 (in ipsecdoi_replace() at ipsec_doi.c:351) Sep 21 07:34:23.150618: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:34:23.150623: | creating state object #6 at 0x55dbe1c027d0 Sep 21 07:34:23.150626: | State DB: adding IKEv1 state #6 in UNDEFINED Sep 21 07:34:23.150630: | pstats #6 ikev1.ipsec started Sep 21 07:34:23.150633: | duplicating state object #3 "northnet-eastnet-b" as #6 for IPSEC SA Sep 21 07:34:23.150638: | #6 setting local endpoint to 192.1.3.33:500 from #3.st_localport (in duplicate_state() at state.c:1481) Sep 21 07:34:23.150644: | suspend processing: state #5 connection "northnet-eastnet-b" from 192.1.2.23:500 (in quick_outI1() at ikev1_quick.c:683) Sep 21 07:34:23.150648: | start processing: state #6 connection "northnet-eastnet-b" from 192.1.2.23:500 (in quick_outI1() at ikev1_quick.c:683) Sep 21 07:34:23.150654: | child state #6: UNDEFINED(ignore) => QUICK_I1(established CHILD SA) Sep 21 07:34:23.150661: "northnet-eastnet-b" #6: initiating Quick Mode RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO to replace #5 {using isakmp#3 msgid:bda7c5c5 proposal=defaults pfsgroup=MODP2048} Sep 21 07:34:23.150666: | adding quick_outI1 KE work-order 11 for state #6 Sep 21 07:34:23.150672: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7fdac8002b20 Sep 21 07:34:23.150676: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #6 Sep 21 07:34:23.150679: | libevent_malloc: new ptr-libevent@0x7fdad80030d0 size 128 Sep 21 07:34:23.150689: | stop processing: state #6 connection "northnet-eastnet-b" from 192.1.2.23:500 (in quick_outI1() at ikev1_quick.c:762) Sep 21 07:34:23.150695: | resume processing: state #5 connection "northnet-eastnet-b" from 192.1.2.23:500 (in quick_outI1() at ikev1_quick.c:762) Sep 21 07:34:23.150691: | crypto helper 4 resuming Sep 21 07:34:23.150699: | event_schedule: new EVENT_SA_EXPIRE-pe@0x55dbe1bf6490 Sep 21 07:34:23.150709: | crypto helper 4 starting work-order 11 for state #6 Sep 21 07:34:23.150715: | inserting event EVENT_SA_EXPIRE, timeout in 0 seconds for #5 Sep 21 07:34:23.150721: | crypto helper 4 doing build KE and nonce (quick_outI1 KE); request ID 11 Sep 21 07:34:23.150724: | libevent_malloc: new ptr-libevent@0x7fdad40050d0 size 128 Sep 21 07:34:23.150728: | libevent_free: release ptr-libevent@0x7fdac8006900 Sep 21 07:34:23.150731: | free_event_entry: release EVENT_SA_REPLACE-pe@0x55dbe1bf50f0 Sep 21 07:34:23.150736: | #5 spent 0.132 milliseconds in timer_event_cb() EVENT_SA_REPLACE Sep 21 07:34:23.150741: | stop processing: state #5 connection "northnet-eastnet-b" from 192.1.2.23:500 (in timer_event_cb() at timer.c:557) Sep 21 07:34:23.150746: | timer_event_cb: processing event@0x55dbe1bf6490 Sep 21 07:34:23.150749: | handling event EVENT_SA_EXPIRE for child state #5 Sep 21 07:34:23.150754: | start processing: state #5 connection "northnet-eastnet-b" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:34:23.150757: | picked newest_ipsec_sa #5 for #5 Sep 21 07:34:23.150759: | un-established partial CHILD SA timeout (SA expired) Sep 21 07:34:23.150762: | pstats #5 ikev1.ipsec re-failed exchange-timeout Sep 21 07:34:23.150765: | pstats #5 ikev1.ipsec deleted completed Sep 21 07:34:23.150769: | [RE]START processing: state #5 connection "northnet-eastnet-b" from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:34:23.150773: "northnet-eastnet-b" #5: deleting state (STATE_QUICK_I2) aged 11.098s and sending notification Sep 21 07:34:23.150776: | child state #5: QUICK_I2(established CHILD SA) => delete Sep 21 07:34:23.150780: | get_sa_info esp.237dce79@192.1.2.23 Sep 21 07:34:23.150809: | get_sa_info esp.aac594a@192.1.3.33 Sep 21 07:34:23.150819: "northnet-eastnet-b" #5: ESP traffic information: in=0B out=0B Sep 21 07:34:23.150823: | #5 send IKEv1 delete notification for STATE_QUICK_I2 Sep 21 07:34:23.150825: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:34:23.150830: | **emit ISAKMP Message: Sep 21 07:34:23.150833: | initiator cookie: Sep 21 07:34:23.150835: | 83 26 94 dc 76 34 ec a4 Sep 21 07:34:23.150838: | responder cookie: Sep 21 07:34:23.150840: | 7f 9b 03 f4 eb 6f 2e 92 Sep 21 07:34:23.150842: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:23.150845: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:34:23.150847: | exchange type: ISAKMP_XCHG_INFO (0x5) Sep 21 07:34:23.150850: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Sep 21 07:34:23.150852: | Message ID: 3880063767 (0xe7451317) Sep 21 07:34:23.150855: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:34:23.150858: | ***emit ISAKMP Hash Payload: Sep 21 07:34:23.150861: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:23.150864: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Sep 21 07:34:23.150866: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'delete msg' Sep 21 07:34:23.150870: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Sep 21 07:34:23.150872: | emitting length of ISAKMP Hash Payload: 36 Sep 21 07:34:23.150874: | ***emit ISAKMP Delete Payload: Sep 21 07:34:23.150877: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:23.150882: | DOI: ISAKMP_DOI_IPSEC (0x1) Sep 21 07:34:23.150884: | protocol ID: 3 (0x3) Sep 21 07:34:23.150886: | SPI size: 4 (0x4) Sep 21 07:34:23.150889: | number of SPIs: 1 (0x1) Sep 21 07:34:23.150892: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Delete Payload (12:ISAKMP_NEXT_D) Sep 21 07:34:23.150894: | next payload chain: saving location 'ISAKMP Delete Payload'.'next payload type' in 'delete msg' Sep 21 07:34:23.150897: | emitting 4 raw bytes of delete payload into ISAKMP Delete Payload Sep 21 07:34:23.150900: | delete payload 0a ac 59 4a Sep 21 07:34:23.150902: | emitting length of ISAKMP Delete Payload: 16 Sep 21 07:34:23.150921: | send delete HASH(1): Sep 21 07:34:23.150925: | 8d 5d 1c 50 23 f8 e2 8a 2b dc fb ba 27 2d 12 94 Sep 21 07:34:23.150927: | 9d 2e 5e 60 b2 50 3b 87 5d ac 5c 0b 26 1d 80 39 Sep 21 07:34:23.150934: | emitting 12 zero bytes of encryption padding into ISAKMP Message Sep 21 07:34:23.150937: | no IKEv1 message padding required Sep 21 07:34:23.150939: | emitting length of ISAKMP Message: 92 Sep 21 07:34:23.150949: | sending 92 bytes for delete notify through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #3) Sep 21 07:34:23.150952: | 83 26 94 dc 76 34 ec a4 7f 9b 03 f4 eb 6f 2e 92 Sep 21 07:34:23.150955: | 08 10 05 01 e7 45 13 17 00 00 00 5c 2e 1c 55 05 Sep 21 07:34:23.150957: | cf f6 51 6c ee 35 20 4b 71 1a e6 db 8a 6d 5a 91 Sep 21 07:34:23.150959: | aa ab ea b5 26 b2 44 a4 91 ec 4d 80 b1 35 1a 76 Sep 21 07:34:23.150962: | 13 6c 49 7b b2 58 91 84 63 21 3d 1a b7 a3 0b 6c Sep 21 07:34:23.150964: | 99 69 f9 69 de ad 3c 11 7e 04 3b 1f Sep 21 07:34:23.151051: | running updown command "ipsec _updown" for verb down Sep 21 07:34:23.151056: | command executing down-client Sep 21 07:34:23.151089: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:34:23.151099: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:34:23.151118: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet-b' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569051252' PLUTO_CONN_ Sep 21 07:34:23.151121: | popen cmd is 1413 chars long Sep 21 07:34:23.151124: | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet-: Sep 21 07:34:23.151127: | cmd( 80):b' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLU: Sep 21 07:34:23.151130: | cmd( 160):TO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north: Sep 21 07:34:23.151132: | cmd( 240):.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192: Sep 21 07:34:23.151134: | cmd( 320):.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' : Sep 21 07:34:23.151137: | cmd( 400):PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ES: Sep 21 07:34:23.151139: | cmd( 480):P' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libresw: Sep 21 07:34:23.151145: | cmd( 560):an, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libre: Sep 21 07:34:23.151147: | cmd( 640):swan.org' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLU: Sep 21 07:34:23.151150: | cmd( 720):TO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' : Sep 21 07:34:23.151153: | cmd( 800):PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=: Sep 21 07:34:23.151155: | cmd( 880):Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUT: Sep 21 07:34:23.151158: | cmd( 960):O_ADDTIME='1569051252' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALL: Sep 21 07:34:23.151160: | cmd(1040):OW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_: Sep 21 07:34:23.151163: | cmd(1120):ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' : Sep 21 07:34:23.151165: | cmd(1200):PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CL: Sep 21 07:34:23.151168: | cmd(1280):IENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' S: Sep 21 07:34:23.151170: | cmd(1360):PI_IN=0x237dce79 SPI_OUT=0xaac594a ipsec _updown 2>&1: Sep 21 07:34:23.151683: | crypto helper 4 finished build KE and nonce (quick_outI1 KE); request ID 11 time elapsed 0.000962 seconds Sep 21 07:34:23.151691: | (#6) spent 0.963 milliseconds in crypto helper computing work-order 11: quick_outI1 KE (pcr) Sep 21 07:34:23.151694: | crypto helper 4 sending results from work-order 11 for state #6 to event queue Sep 21 07:34:23.151697: | scheduling resume sending helper answer for #6 Sep 21 07:34:23.151700: | libevent_malloc: new ptr-libevent@0x7fdacc0069c0 size 128 Sep 21 07:34:23.151705: | crypto helper 4 waiting (nothing to do) Sep 21 07:34:23.162420: | shunt_eroute() called for connection 'northnet-eastnet-b' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 192.0.3.0/24:0 --0->- 192.0.2.0/24:0 Sep 21 07:34:23.162434: | netlink_shunt_eroute for proto 0, and source 192.0.3.0/24:0 dest 192.0.2.0/24:0 Sep 21 07:34:23.162438: | priority calculation of connection "northnet-eastnet-b" is 0xfe7e7 Sep 21 07:34:23.162441: | IPsec Sa SPD priority set to 1042407 Sep 21 07:34:23.162483: | delete esp.237dce79@192.1.2.23 Sep 21 07:34:23.162509: | netlink response for Del SA esp.237dce79@192.1.2.23 included non-error error Sep 21 07:34:23.162513: | priority calculation of connection "northnet-eastnet-b" is 0xfe7e7 Sep 21 07:34:23.162520: | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.3.0/24:0 => unk255.10000@192.1.3.33 (raw_eroute) Sep 21 07:34:23.162564: | raw_eroute result=success Sep 21 07:34:23.162570: | delete esp.aac594a@192.1.3.33 Sep 21 07:34:23.162592: | netlink response for Del SA esp.aac594a@192.1.3.33 included non-error error Sep 21 07:34:23.162597: | in connection_discard for connection northnet-eastnet-b Sep 21 07:34:23.162600: | State DB: deleting IKEv1 state #5 in QUICK_I2 Sep 21 07:34:23.162604: | child state #5: QUICK_I2(established CHILD SA) => UNDEFINED(ignore) Sep 21 07:34:23.162622: | stop processing: state #5 from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:34:23.162633: | libevent_free: release ptr-libevent@0x7fdad40050d0 Sep 21 07:34:23.162637: | free_event_entry: release EVENT_SA_EXPIRE-pe@0x55dbe1bf6490 Sep 21 07:34:23.162639: | in statetime_stop() and could not find #5 Sep 21 07:34:23.162642: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Sep 21 07:34:23.162661: | spent 0.0025 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:34:23.162674: | *received 92 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Sep 21 07:34:23.162677: | 83 26 94 dc 76 34 ec a4 7f 9b 03 f4 eb 6f 2e 92 Sep 21 07:34:23.162680: | 08 10 05 01 b4 81 c4 90 00 00 00 5c 17 aa d6 d8 Sep 21 07:34:23.162682: | a8 a8 31 0a cb 8f b8 e1 70 ff 63 90 f4 b1 76 da Sep 21 07:34:23.162684: | 59 80 3b 8b 46 6b ba e4 f5 d8 5d d1 aa e6 e9 d3 Sep 21 07:34:23.162690: | 23 3d c1 e3 9c 09 63 ad be a0 cf 2d 8b b0 28 8e Sep 21 07:34:23.162692: | 99 2d 5d e8 6f 5a 09 cd 7c 1b 2c 9f Sep 21 07:34:23.162697: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:34:23.162701: | **parse ISAKMP Message: Sep 21 07:34:23.162703: | initiator cookie: Sep 21 07:34:23.162706: | 83 26 94 dc 76 34 ec a4 Sep 21 07:34:23.162708: | responder cookie: Sep 21 07:34:23.162710: | 7f 9b 03 f4 eb 6f 2e 92 Sep 21 07:34:23.162713: | next payload type: ISAKMP_NEXT_HASH (0x8) Sep 21 07:34:23.162716: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:34:23.162718: | exchange type: ISAKMP_XCHG_INFO (0x5) Sep 21 07:34:23.162721: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Sep 21 07:34:23.162724: | Message ID: 3028403344 (0xb481c490) Sep 21 07:34:23.162726: | length: 92 (0x5c) Sep 21 07:34:23.162729: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_INFO (5) Sep 21 07:34:23.162733: | peer and cookies match on #6; msgid=00000000 st_msgid=bda7c5c5 st_msgid_phase15=00000000 Sep 21 07:34:23.162736: | peer and cookies match on #4; msgid=00000000 st_msgid=665770ef st_msgid_phase15=00000000 Sep 21 07:34:23.162739: | peer and cookies match on #3; msgid=00000000 st_msgid=00000000 st_msgid_phase15=00000000 Sep 21 07:34:23.162742: | p15 state object #3 found, in STATE_MAIN_I4 Sep 21 07:34:23.162745: | State DB: found IKEv1 state #3 in MAIN_I4 (find_v1_info_state) Sep 21 07:34:23.162750: | start processing: state #3 connection "northnet-eastnet-b" from 192.1.2.23:500 (in process_v1_packet() at ikev1.c:1455) Sep 21 07:34:23.162765: | #3 is idle Sep 21 07:34:23.162768: | #3 idle Sep 21 07:34:23.162772: | received encrypted packet from 192.1.2.23:500 Sep 21 07:34:23.162787: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x100 opt: 0x0 Sep 21 07:34:23.162793: | ***parse ISAKMP Hash Payload: Sep 21 07:34:23.162796: | next payload type: ISAKMP_NEXT_D (0xc) Sep 21 07:34:23.162799: | length: 36 (0x24) Sep 21 07:34:23.162802: | got payload 0x1000 (ISAKMP_NEXT_D) needed: 0x0 opt: 0x0 Sep 21 07:34:23.162804: | ***parse ISAKMP Delete Payload: Sep 21 07:34:23.162807: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:23.162809: | length: 16 (0x10) Sep 21 07:34:23.162812: | DOI: ISAKMP_DOI_IPSEC (0x1) Sep 21 07:34:23.162815: | protocol ID: 3 (0x3) Sep 21 07:34:23.162817: | SPI size: 4 (0x4) Sep 21 07:34:23.162819: | number of SPIs: 1 (0x1) Sep 21 07:34:23.162822: | removing 12 bytes of padding Sep 21 07:34:23.162842: | informational HASH(1): Sep 21 07:34:23.162846: | 34 2d d9 e2 6e 9e df a6 fd df 86 95 46 ca a0 a5 Sep 21 07:34:23.162849: | 17 f2 af 2c 4a af d7 a3 36 99 04 44 b2 41 2b 3f Sep 21 07:34:23.162852: | received 'informational' message HASH(1) data ok Sep 21 07:34:23.162855: | parsing 4 raw bytes of ISAKMP Delete Payload into SPI Sep 21 07:34:23.162857: | SPI 46 02 f0 9a Sep 21 07:34:23.162860: | FOR_EACH_STATE_... in find_phase2_state_to_delete Sep 21 07:34:23.162865: | start processing: connection "north-a-dpd" (BACKGROUND) (in accept_delete() at ikev1_main.c:2506) Sep 21 07:34:23.162868: "northnet-eastnet-b" #3: received Delete SA payload: replace IPsec State #4 now Sep 21 07:34:23.162872: | state #4 requesting EVENT_SA_REPLACE to be deleted Sep 21 07:34:23.162875: | libevent_free: release ptr-libevent@0x7fdac4004f00 Sep 21 07:34:23.162878: | free_event_entry: release EVENT_SA_REPLACE-pe@0x7fdad80041c0 Sep 21 07:34:23.162881: | event_schedule: new EVENT_SA_REPLACE-pe@0x7fdad80041c0 Sep 21 07:34:23.162885: | inserting event EVENT_SA_REPLACE, timeout in 0 seconds for #4 Sep 21 07:34:23.162888: | libevent_malloc: new ptr-libevent@0x7fdac4004f00 size 128 Sep 21 07:34:23.162892: | stop processing: connection "north-a-dpd" (BACKGROUND) (in accept_delete() at ikev1_main.c:2550) Sep 21 07:34:23.162895: | del: Sep 21 07:34:23.162900: | complete v1 state transition with STF_IGNORE Sep 21 07:34:23.162905: | #3 spent 0.0046 milliseconds in process_packet_tail() Sep 21 07:34:23.162911: | stop processing: from 192.1.2.23:500 (BACKGROUND) (in process_md() at demux.c:380) Sep 21 07:34:23.162917: | stop processing: state #3 connection "northnet-eastnet-b" from 192.1.2.23:500 (in process_md() at demux.c:382) Sep 21 07:34:23.162920: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:34:23.162924: | spent 0.254 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:34:23.162932: | processing resume sending helper answer for #6 Sep 21 07:34:23.162936: | start processing: state #6 connection "northnet-eastnet-b" from 192.1.2.23:500 (in resume_handler() at server.c:797) Sep 21 07:34:23.162940: | crypto helper 4 replies to request ID 11 Sep 21 07:34:23.162943: | calling continuation function 0x55dbdfa7b630 Sep 21 07:34:23.162946: | quick_outI1_continue for #6: calculated ke+nonce, sending I1 Sep 21 07:34:23.162951: | **emit ISAKMP Message: Sep 21 07:34:23.162954: | initiator cookie: Sep 21 07:34:23.162956: | 83 26 94 dc 76 34 ec a4 Sep 21 07:34:23.162958: | responder cookie: Sep 21 07:34:23.162961: | 7f 9b 03 f4 eb 6f 2e 92 Sep 21 07:34:23.162963: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:23.162965: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:34:23.162968: | exchange type: ISAKMP_XCHG_QUICK (0x20) Sep 21 07:34:23.162971: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Sep 21 07:34:23.162973: | Message ID: 3181888965 (0xbda7c5c5) Sep 21 07:34:23.162976: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:34:23.162979: | ***emit ISAKMP Hash Payload: Sep 21 07:34:23.162981: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:23.162984: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Sep 21 07:34:23.162987: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'reply packet' Sep 21 07:34:23.162990: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Sep 21 07:34:23.162992: | emitting length of ISAKMP Hash Payload: 36 Sep 21 07:34:23.162995: | emitting quick defaults using policy none Sep 21 07:34:23.162998: | empty esp_info, returning defaults for ENCRYPT Sep 21 07:34:23.163001: | ***emit ISAKMP Security Association Payload: Sep 21 07:34:23.163004: | next payload type: ISAKMP_NEXT_NONCE (0xa) Sep 21 07:34:23.163006: | DOI: ISAKMP_DOI_IPSEC (0x1) Sep 21 07:34:23.163009: | next payload chain: ignoring supplied 'ISAKMP Security Association Payload'.'next payload type' value 10:ISAKMP_NEXT_NONCE Sep 21 07:34:23.163012: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Security Association Payload (1:ISAKMP_NEXT_SA) Sep 21 07:34:23.163015: | next payload chain: saving location 'ISAKMP Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:34:23.163017: | ****emit IPsec DOI SIT: Sep 21 07:34:23.163020: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) Sep 21 07:34:23.163023: | ikev1_out_sa pcn: 0 has 1 valid proposals Sep 21 07:34:23.163026: | ikev1_out_sa pcn: 0 pn: 0<1 valid_count: 1 trans_cnt: 2 Sep 21 07:34:23.163029: | ****emit ISAKMP Proposal Payload: Sep 21 07:34:23.163031: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:23.163034: | proposal number: 0 (0x0) Sep 21 07:34:23.163037: | protocol ID: PROTO_IPSEC_ESP (0x3) Sep 21 07:34:23.163039: | SPI size: 4 (0x4) Sep 21 07:34:23.163041: | number of transforms: 2 (0x2) Sep 21 07:34:23.163044: | last substructure: saving location 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' Sep 21 07:34:23.163057: | netlink_get_spi: allocated 0xc192b56 for esp.0@192.1.3.33 Sep 21 07:34:23.163061: | emitting 4 raw bytes of SPI into ISAKMP Proposal Payload Sep 21 07:34:23.163063: | SPI 0c 19 2b 56 Sep 21 07:34:23.163066: | *****emit ISAKMP Transform Payload (ESP): Sep 21 07:34:23.163069: | next payload type: ISAKMP_NEXT_T (0x3) Sep 21 07:34:23.163071: | ESP transform number: 0 (0x0) Sep 21 07:34:23.163076: | ESP transform ID: ESP_AES (0xc) Sep 21 07:34:23.163078: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' Sep 21 07:34:23.163081: | ******emit ISAKMP IPsec DOI attribute: Sep 21 07:34:23.163084: | af+type: AF+GROUP_DESCRIPTION (0x8003) Sep 21 07:34:23.163087: | length/value: 14 (0xe) Sep 21 07:34:23.163090: | [14 is OAKLEY_GROUP_MODP2048] Sep 21 07:34:23.163092: | ******emit ISAKMP IPsec DOI attribute: Sep 21 07:34:23.163095: | af+type: AF+ENCAPSULATION_MODE (0x8004) Sep 21 07:34:23.163098: | length/value: 1 (0x1) Sep 21 07:34:23.163100: | [1 is ENCAPSULATION_MODE_TUNNEL] Sep 21 07:34:23.163103: | ******emit ISAKMP IPsec DOI attribute: Sep 21 07:34:23.163105: | af+type: AF+SA_LIFE_TYPE (0x8001) Sep 21 07:34:23.163107: | length/value: 1 (0x1) Sep 21 07:34:23.163110: | [1 is SA_LIFE_TYPE_SECONDS] Sep 21 07:34:23.163112: | ******emit ISAKMP IPsec DOI attribute: Sep 21 07:34:23.163115: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) Sep 21 07:34:23.163117: | length/value: 28800 (0x7080) Sep 21 07:34:23.163120: | ******emit ISAKMP IPsec DOI attribute: Sep 21 07:34:23.163122: | af+type: AF+AUTH_ALGORITHM (0x8005) Sep 21 07:34:23.163125: | length/value: 2 (0x2) Sep 21 07:34:23.163127: | [2 is AUTH_ALGORITHM_HMAC_SHA1] Sep 21 07:34:23.163129: | ******emit ISAKMP IPsec DOI attribute: Sep 21 07:34:23.163132: | af+type: AF+KEY_LENGTH (0x8006) Sep 21 07:34:23.163134: | length/value: 128 (0x80) Sep 21 07:34:23.163137: | emitting length of ISAKMP Transform Payload (ESP): 32 Sep 21 07:34:23.163139: | *****emit ISAKMP Transform Payload (ESP): Sep 21 07:34:23.163142: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:23.163144: | ESP transform number: 1 (0x1) Sep 21 07:34:23.163146: | ESP transform ID: ESP_3DES (0x3) Sep 21 07:34:23.163149: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Sep 21 07:34:23.163152: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' Sep 21 07:34:23.163154: | ******emit ISAKMP IPsec DOI attribute: Sep 21 07:34:23.163157: | af+type: AF+GROUP_DESCRIPTION (0x8003) Sep 21 07:34:23.163160: | length/value: 14 (0xe) Sep 21 07:34:23.163162: | [14 is OAKLEY_GROUP_MODP2048] Sep 21 07:34:23.163165: | ******emit ISAKMP IPsec DOI attribute: Sep 21 07:34:23.163167: | af+type: AF+ENCAPSULATION_MODE (0x8004) Sep 21 07:34:23.163169: | length/value: 1 (0x1) Sep 21 07:34:23.163172: | [1 is ENCAPSULATION_MODE_TUNNEL] Sep 21 07:34:23.163174: | ******emit ISAKMP IPsec DOI attribute: Sep 21 07:34:23.163177: | af+type: AF+SA_LIFE_TYPE (0x8001) Sep 21 07:34:23.163179: | length/value: 1 (0x1) Sep 21 07:34:23.163181: | [1 is SA_LIFE_TYPE_SECONDS] Sep 21 07:34:23.163183: | ******emit ISAKMP IPsec DOI attribute: Sep 21 07:34:23.163186: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) Sep 21 07:34:23.163188: | length/value: 28800 (0x7080) Sep 21 07:34:23.163190: | ******emit ISAKMP IPsec DOI attribute: Sep 21 07:34:23.163193: | af+type: AF+AUTH_ALGORITHM (0x8005) Sep 21 07:34:23.163195: | length/value: 2 (0x2) Sep 21 07:34:23.163197: | [2 is AUTH_ALGORITHM_HMAC_SHA1] Sep 21 07:34:23.163200: | emitting length of ISAKMP Transform Payload (ESP): 28 Sep 21 07:34:23.163202: | emitting length of ISAKMP Proposal Payload: 72 Sep 21 07:34:23.163205: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' is 0 Sep 21 07:34:23.163207: | emitting length of ISAKMP Security Association Payload: 84 Sep 21 07:34:23.163210: | last substructure: checking 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' is 0 Sep 21 07:34:23.163213: | ***emit ISAKMP Nonce Payload: Sep 21 07:34:23.163216: | next payload type: ISAKMP_NEXT_KE (0x4) Sep 21 07:34:23.163218: | next payload chain: ignoring supplied 'ISAKMP Nonce Payload'.'next payload type' value 4:ISAKMP_NEXT_KE Sep 21 07:34:23.163223: | next payload chain: setting previous 'ISAKMP Security Association Payload'.'next payload type' to current ISAKMP Nonce Payload (10:ISAKMP_NEXT_NONCE) Sep 21 07:34:23.163226: | next payload chain: saving location 'ISAKMP Nonce Payload'.'next payload type' in 'reply packet' Sep 21 07:34:23.163229: | emitting 32 raw bytes of Ni into ISAKMP Nonce Payload Sep 21 07:34:23.163231: | Ni e6 24 ae 8f 83 b8 9f ad 99 39 d5 19 d1 e4 d6 b9 Sep 21 07:34:23.163234: | Ni 68 04 54 07 77 06 8e c0 7e 1e 18 88 24 ac 2d 0c Sep 21 07:34:23.163236: | emitting length of ISAKMP Nonce Payload: 36 Sep 21 07:34:23.163239: | ***emit ISAKMP Key Exchange Payload: Sep 21 07:34:23.163242: | next payload type: ISAKMP_NEXT_ID (0x5) Sep 21 07:34:23.163244: | next payload chain: ignoring supplied 'ISAKMP Key Exchange Payload'.'next payload type' value 5:ISAKMP_NEXT_ID Sep 21 07:34:23.163247: | next payload chain: setting previous 'ISAKMP Nonce Payload'.'next payload type' to current ISAKMP Key Exchange Payload (4:ISAKMP_NEXT_KE) Sep 21 07:34:23.163250: | next payload chain: saving location 'ISAKMP Key Exchange Payload'.'next payload type' in 'reply packet' Sep 21 07:34:23.163253: | emitting 256 raw bytes of keyex value into ISAKMP Key Exchange Payload Sep 21 07:34:23.163255: | keyex value 35 f6 2e ed bc fc f5 31 c9 c5 10 b1 ab ad 3f fe Sep 21 07:34:23.163258: | keyex value 71 b6 7a 13 03 d4 fe c0 3c 41 05 31 1f 7a 7a 29 Sep 21 07:34:23.163260: | keyex value 41 1e db d5 a9 a7 7c 9a bd d2 64 0e aa 18 85 a1 Sep 21 07:34:23.163263: | keyex value ca 43 ac 59 18 cd 21 4c 80 c7 23 09 b3 19 89 c4 Sep 21 07:34:23.163265: | keyex value be ba 0f 40 d8 61 59 a4 0f 79 e5 db 0a 56 8c 5e Sep 21 07:34:23.163267: | keyex value 37 da bc 85 56 28 5d 92 6d 86 d3 d0 61 f1 cb 78 Sep 21 07:34:23.163270: | keyex value 88 af 55 35 1f 85 ba b0 98 ca 00 8f 2c 5c 57 47 Sep 21 07:34:23.163272: | keyex value 87 b4 7c bd c5 bd 1e 48 0d 37 41 68 89 f4 51 c1 Sep 21 07:34:23.163274: | keyex value 7c 54 64 35 59 f0 ef 82 2b f1 7f 30 8c 88 03 e4 Sep 21 07:34:23.163276: | keyex value 5d 43 05 61 10 fa 52 22 6e 2b 2f b5 55 ab 98 5c Sep 21 07:34:23.163279: | keyex value 32 5e 68 95 5d a0 56 36 6f 5e 4a e0 82 ac d7 27 Sep 21 07:34:23.163281: | keyex value 47 dd a1 77 da fb 09 86 ce 7a 4e 37 55 32 8f 44 Sep 21 07:34:23.163283: | keyex value 87 07 96 cf 82 a2 d6 80 c6 d2 bf 9f be e0 df da Sep 21 07:34:23.163286: | keyex value 18 92 68 80 f0 bf 80 28 9e b0 48 96 e2 06 a7 e9 Sep 21 07:34:23.163288: | keyex value 24 50 8a d5 1c 10 4c 2d 09 18 b4 d9 87 b7 33 d2 Sep 21 07:34:23.163290: | keyex value f1 c9 ce 8a c5 75 99 3f 90 e8 2a f8 19 9f c6 a2 Sep 21 07:34:23.163293: | emitting length of ISAKMP Key Exchange Payload: 260 Sep 21 07:34:23.163295: | ***emit ISAKMP Identification Payload (IPsec DOI): Sep 21 07:34:23.163298: | next payload type: ISAKMP_NEXT_ID (0x5) Sep 21 07:34:23.163300: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Sep 21 07:34:23.163303: | Protocol ID: 0 (0x0) Sep 21 07:34:23.163305: | port: 0 (0x0) Sep 21 07:34:23.163308: | next payload chain: ignoring supplied 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' value 5:ISAKMP_NEXT_ID Sep 21 07:34:23.163311: | next payload chain: setting previous 'ISAKMP Key Exchange Payload'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) Sep 21 07:34:23.163314: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' Sep 21 07:34:23.163317: | emitting 4 raw bytes of client network into ISAKMP Identification Payload (IPsec DOI) Sep 21 07:34:23.163319: | client network c0 00 03 00 Sep 21 07:34:23.163322: | emitting 4 raw bytes of client mask into ISAKMP Identification Payload (IPsec DOI) Sep 21 07:34:23.163325: | client mask ff ff ff 00 Sep 21 07:34:23.163327: | emitting length of ISAKMP Identification Payload (IPsec DOI): 16 Sep 21 07:34:23.163330: | ***emit ISAKMP Identification Payload (IPsec DOI): Sep 21 07:34:23.163334: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:23.163337: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Sep 21 07:34:23.163339: | Protocol ID: 0 (0x0) Sep 21 07:34:23.163341: | port: 0 (0x0) Sep 21 07:34:23.163344: | next payload chain: setting previous 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) Sep 21 07:34:23.163346: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' Sep 21 07:34:23.163349: | emitting 4 raw bytes of client network into ISAKMP Identification Payload (IPsec DOI) Sep 21 07:34:23.163352: | client network c0 00 02 00 Sep 21 07:34:23.163354: | emitting 4 raw bytes of client mask into ISAKMP Identification Payload (IPsec DOI) Sep 21 07:34:23.163357: | client mask ff ff ff 00 Sep 21 07:34:23.163359: | emitting length of ISAKMP Identification Payload (IPsec DOI): 16 Sep 21 07:34:23.163382: | outI1 HASH(1): Sep 21 07:34:23.163385: | 80 b6 ea db 1b 13 a7 19 22 95 b7 8c 80 b6 4f 4e Sep 21 07:34:23.163388: | 28 e8 2d c2 30 e2 9f dd 9b 3c cb d4 10 35 7b a4 Sep 21 07:34:23.163395: | no IKEv1 message padding required Sep 21 07:34:23.163398: | emitting length of ISAKMP Message: 476 Sep 21 07:34:23.163411: | sending 476 bytes for reply packet from quick_outI1 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #6) Sep 21 07:34:23.163415: | 83 26 94 dc 76 34 ec a4 7f 9b 03 f4 eb 6f 2e 92 Sep 21 07:34:23.163417: | 08 10 20 01 bd a7 c5 c5 00 00 01 dc 66 f4 47 69 Sep 21 07:34:23.163420: | 06 f7 04 6a d5 63 bb f4 9b 6b b1 e2 8f a5 e2 b8 Sep 21 07:34:23.163422: | cd 68 6b 79 92 b2 78 1a bf 76 86 b7 63 9e 4e 3a Sep 21 07:34:23.163424: | de c9 da e5 47 92 50 a7 68 98 18 41 02 0e 78 39 Sep 21 07:34:23.163427: | 12 37 c0 a1 b6 d3 a5 8a d4 19 e3 ea ed f5 b5 2b Sep 21 07:34:23.163429: | 75 00 bc 23 01 d9 d9 39 5f 43 e4 0e ff 19 2a 5c Sep 21 07:34:23.163431: | 40 d4 70 81 c2 3e 1a 65 4b a4 de 38 22 2d 65 58 Sep 21 07:34:23.163434: | 61 33 e3 07 5a ee 0c 4e 99 6c 00 7e 69 66 c3 f3 Sep 21 07:34:23.163436: | 46 f6 d6 84 9f 96 15 69 90 21 da d2 96 ca 8a b3 Sep 21 07:34:23.163438: | 30 a2 ca f0 df 52 e6 10 74 b0 67 66 da 6b 7d 87 Sep 21 07:34:23.163440: | 0e 88 5e 48 32 35 ae cc ee 83 b7 b2 3a 35 65 8e Sep 21 07:34:23.163443: | 7f 17 52 5a 31 4a be da a6 9c 22 52 e1 49 9e 7b Sep 21 07:34:23.163445: | 8c 39 76 d7 57 4b b0 9c 56 f0 13 7f ad 48 9c d3 Sep 21 07:34:23.163448: | 03 ba f2 bc d3 88 46 8f de b7 85 d4 f1 c0 2b 2f Sep 21 07:34:23.163450: | 16 8c 9b 63 8f 83 b1 79 c0 7d 2a 6a ef 4a 96 d7 Sep 21 07:34:23.163452: | 8f ef 5a 42 d6 b6 ae fb 8e e9 a1 fc 97 c3 9b db Sep 21 07:34:23.163454: | e0 d4 59 d9 fa de a2 20 7c 6c 82 d2 39 c9 d4 17 Sep 21 07:34:23.163457: | 51 74 e9 75 90 4c 16 3e 8a db 5e aa dc cf 29 bc Sep 21 07:34:23.163459: | bd 9e 87 cb ab 19 dc 72 2a cc 3e 31 04 e6 da fb Sep 21 07:34:23.163461: | 78 36 46 d9 6b ea 48 e5 69 7b 64 ad 88 7b 85 4b Sep 21 07:34:23.163464: | 2a 13 83 37 d8 eb db e7 f4 44 29 f6 ec 5c 70 48 Sep 21 07:34:23.163466: | 02 a9 d7 1d f3 a5 8a fd 7d a1 13 ca 88 66 fc 04 Sep 21 07:34:23.163468: | 1b 4d b2 f9 ba 27 a6 0f 31 b8 95 bd 32 cd 37 68 Sep 21 07:34:23.163471: | d0 e3 79 88 e8 f9 ab 90 b2 86 fb a0 e6 c7 9b 3a Sep 21 07:34:23.163473: | 49 1b 58 e9 4a 26 89 a8 88 1d d6 f3 e3 b4 fb e0 Sep 21 07:34:23.163475: | bd 9d 93 c0 37 25 d7 bc ac 1d 88 78 70 b0 ba 5c Sep 21 07:34:23.163477: | 89 77 77 a9 1e 52 97 80 e7 46 b0 dd c5 36 42 95 Sep 21 07:34:23.163480: | c0 cd 95 e9 ef eb a5 4b a5 3d 69 d3 87 24 8b 1e Sep 21 07:34:23.163482: | 76 22 51 a8 2a 63 ff eb 7b 3e 88 cc Sep 21 07:34:23.163524: | state #6 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:34:23.163529: | libevent_free: release ptr-libevent@0x7fdad80030d0 Sep 21 07:34:23.163533: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7fdac8002b20 Sep 21 07:34:23.163541: | event_schedule: new EVENT_RETRANSMIT-pe@0x7fdac8002b20 Sep 21 07:34:23.163546: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #6 Sep 21 07:34:23.163549: | libevent_malloc: new ptr-libevent@0x7fdad80030d0 size 128 Sep 21 07:34:23.163554: | #6 STATE_QUICK_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 49909.531805 Sep 21 07:34:23.163558: | resume sending helper answer for #6 suppresed complete_v1_state_transition() Sep 21 07:34:23.163563: | #6 spent 0.599 milliseconds in resume sending helper answer Sep 21 07:34:23.163568: | stop processing: state #6 connection "northnet-eastnet-b" from 192.1.2.23:500 (in resume_handler() at server.c:833) Sep 21 07:34:23.163572: | libevent_free: release ptr-libevent@0x7fdacc0069c0 Sep 21 07:34:23.163575: | processing signal PLUTO_SIGCHLD Sep 21 07:34:23.163580: | waitpid returned ECHILD (no child processes left) Sep 21 07:34:23.163584: | spent 0.00561 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:34:23.163592: | timer_event_cb: processing event@0x7fdad80041c0 Sep 21 07:34:23.163595: | handling event EVENT_SA_REPLACE for child state #4 Sep 21 07:34:23.163600: | start processing: state #4 connection "north-a-dpd" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:34:23.163604: | picked newest_ipsec_sa #4 for #4 Sep 21 07:34:23.163606: | replacing stale IPsec SA Sep 21 07:34:23.163610: | dup_any(fd@-1) -> fd@-1 (in ipsecdoi_replace() at ipsec_doi.c:351) Sep 21 07:34:23.163613: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:34:23.163619: | creating state object #7 at 0x55dbe1c0e5c0 Sep 21 07:34:23.163622: | State DB: adding IKEv1 state #7 in UNDEFINED Sep 21 07:34:23.163625: | pstats #7 ikev1.ipsec started Sep 21 07:34:23.163628: | duplicating state object #3 "northnet-eastnet-b" as #7 for IPSEC SA Sep 21 07:34:23.163633: | #7 setting local endpoint to 192.1.3.33:500 from #3.st_localport (in duplicate_state() at state.c:1481) Sep 21 07:34:23.163637: | in connection_discard for connection northnet-eastnet-b Sep 21 07:34:23.163641: | suspend processing: state #4 connection "north-a-dpd" from 192.1.2.23:500 (in quick_outI1() at ikev1_quick.c:683) Sep 21 07:34:23.163646: | start processing: state #7 connection "north-a-dpd" from 192.1.2.23:500 (in quick_outI1() at ikev1_quick.c:683) Sep 21 07:34:23.163654: | child state #7: UNDEFINED(ignore) => QUICK_I1(established CHILD SA) Sep 21 07:34:23.163661: "north-a-dpd" #7: initiating Quick Mode RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO to replace #4 {using isakmp#3 msgid:a7ebe32c proposal=defaults pfsgroup=MODP2048} Sep 21 07:34:23.163665: | adding quick_outI1 KE work-order 12 for state #7 Sep 21 07:34:23.163668: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x55dbe1bf6490 Sep 21 07:34:23.163671: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #7 Sep 21 07:34:23.163674: | libevent_malloc: new ptr-libevent@0x7fdacc0069c0 size 128 Sep 21 07:34:23.163684: | stop processing: state #7 connection "north-a-dpd" from 192.1.2.23:500 (in quick_outI1() at ikev1_quick.c:762) Sep 21 07:34:23.163689: | resume processing: state #4 connection "north-a-dpd" from 192.1.2.23:500 (in quick_outI1() at ikev1_quick.c:762) Sep 21 07:34:23.163689: | crypto helper 3 resuming Sep 21 07:34:23.163708: | crypto helper 3 starting work-order 12 for state #7 Sep 21 07:34:23.163714: | crypto helper 3 doing build KE and nonce (quick_outI1 KE); request ID 12 Sep 21 07:34:23.163698: | event_schedule: new EVENT_SA_EXPIRE-pe@0x55dbe1bf50f0 Sep 21 07:34:23.164107: | inserting event EVENT_SA_EXPIRE, timeout in 0 seconds for #4 Sep 21 07:34:23.164111: | libevent_malloc: new ptr-libevent@0x7fdad40050d0 size 128 Sep 21 07:34:23.164116: | libevent_free: release ptr-libevent@0x7fdac4004f00 Sep 21 07:34:23.164119: | free_event_entry: release EVENT_SA_REPLACE-pe@0x7fdad80041c0 Sep 21 07:34:23.164124: | #4 spent 0.142 milliseconds in timer_event_cb() EVENT_SA_REPLACE Sep 21 07:34:23.164129: | stop processing: state #4 connection "north-a-dpd" from 192.1.2.23:500 (in timer_event_cb() at timer.c:557) Sep 21 07:34:23.164137: | timer_event_cb: processing event@0x55dbe1bf50f0 Sep 21 07:34:23.164140: | handling event EVENT_SA_EXPIRE for child state #4 Sep 21 07:34:23.164145: | start processing: state #4 connection "north-a-dpd" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:34:23.164148: | picked newest_ipsec_sa #4 for #4 Sep 21 07:34:23.164150: | un-established partial CHILD SA timeout (SA expired) Sep 21 07:34:23.164153: | pstats #4 ikev1.ipsec re-failed exchange-timeout Sep 21 07:34:23.164155: | pstats #4 ikev1.ipsec deleted completed Sep 21 07:34:23.164159: | [RE]START processing: state #4 connection "north-a-dpd" from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:34:23.164163: "north-a-dpd" #4: deleting state (STATE_QUICK_I2) aged 11.112s and sending notification Sep 21 07:34:23.164166: | child state #4: QUICK_I2(established CHILD SA) => delete Sep 21 07:34:23.164170: | get_sa_info esp.4602f09a@192.1.2.23 Sep 21 07:34:23.164182: | get_sa_info esp.aa056cd4@192.1.3.33 Sep 21 07:34:23.164189: "north-a-dpd" #4: ESP traffic information: in=0B out=0B Sep 21 07:34:23.164193: | #4 send IKEv1 delete notification for STATE_QUICK_I2 Sep 21 07:34:23.164195: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:34:23.164203: | **emit ISAKMP Message: Sep 21 07:34:23.164206: | initiator cookie: Sep 21 07:34:23.164208: | 83 26 94 dc 76 34 ec a4 Sep 21 07:34:23.164210: | responder cookie: Sep 21 07:34:23.164213: | 7f 9b 03 f4 eb 6f 2e 92 Sep 21 07:34:23.164215: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:23.164218: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:34:23.164220: | exchange type: ISAKMP_XCHG_INFO (0x5) Sep 21 07:34:23.164223: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Sep 21 07:34:23.164225: | Message ID: 234596959 (0xdfbaa5f) Sep 21 07:34:23.164228: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:34:23.164230: | ***emit ISAKMP Hash Payload: Sep 21 07:34:23.164232: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:23.164235: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Sep 21 07:34:23.164237: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'delete msg' Sep 21 07:34:23.164240: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Sep 21 07:34:23.164243: | emitting length of ISAKMP Hash Payload: 36 Sep 21 07:34:23.164245: | ***emit ISAKMP Delete Payload: Sep 21 07:34:23.164248: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:23.164250: | DOI: ISAKMP_DOI_IPSEC (0x1) Sep 21 07:34:23.164252: | protocol ID: 3 (0x3) Sep 21 07:34:23.164254: | SPI size: 4 (0x4) Sep 21 07:34:23.164257: | number of SPIs: 1 (0x1) Sep 21 07:34:23.164260: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Delete Payload (12:ISAKMP_NEXT_D) Sep 21 07:34:23.164262: | next payload chain: saving location 'ISAKMP Delete Payload'.'next payload type' in 'delete msg' Sep 21 07:34:23.164265: | emitting 4 raw bytes of delete payload into ISAKMP Delete Payload Sep 21 07:34:23.164268: | delete payload aa 05 6c d4 Sep 21 07:34:23.164270: | emitting length of ISAKMP Delete Payload: 16 Sep 21 07:34:23.164291: | send delete HASH(1): Sep 21 07:34:23.164294: | da 6a e4 4b 3b 66 ac 30 90 5e 40 ac ab 70 49 83 Sep 21 07:34:23.164296: | 33 15 69 d7 a5 f5 8b ba d2 ac 61 af 29 68 dd e2 Sep 21 07:34:23.164304: | emitting 12 zero bytes of encryption padding into ISAKMP Message Sep 21 07:34:23.164306: | no IKEv1 message padding required Sep 21 07:34:23.164309: | emitting length of ISAKMP Message: 92 Sep 21 07:34:23.164319: | sending 92 bytes for delete notify through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #3) Sep 21 07:34:23.164321: | 83 26 94 dc 76 34 ec a4 7f 9b 03 f4 eb 6f 2e 92 Sep 21 07:34:23.164324: | 08 10 05 01 0d fb aa 5f 00 00 00 5c 20 83 c0 bf Sep 21 07:34:23.164328: | 0e 59 64 f9 4a 69 ac 58 6c 5f 79 b7 d8 9b 04 3d Sep 21 07:34:23.164330: | e3 b7 70 0e dc e8 35 06 db c3 32 ea 8b a1 a0 b0 Sep 21 07:34:23.164332: | 3f 9e 87 cc f1 a8 63 eb d3 97 c2 70 3b f1 35 89 Sep 21 07:34:23.164335: | d4 91 81 2e 1b 76 ab b4 32 12 e7 f5 Sep 21 07:34:23.164435: | running updown command "ipsec _updown" for verb down Sep 21 07:34:23.164441: | command executing down-client Sep 21 07:34:23.164479: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:34:23.164490: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:34:23.164516: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-a-dpd' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569051252' PLUTO_CONN_POLIC Sep 21 07:34:23.164523: | popen cmd is 1409 chars long Sep 21 07:34:23.164527: | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-a-dpd' PLUT: Sep 21 07:34:23.164530: | cmd( 80):O_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_I: Sep 21 07:34:23.164533: | cmd( 160):D='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testin: Sep 21 07:34:23.164535: | cmd( 240):g.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/: Sep 21 07:34:23.164538: | cmd( 320):24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_M: Sep 21 07:34:23.164540: | cmd( 400):Y_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUT: Sep 21 07:34:23.164543: | cmd( 480):O_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=: Sep 21 07:34:23.164546: | cmd( 560):Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.or: Sep 21 07:34:23.164548: | cmd( 640):g' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' PLUTO_PE: Sep 21 07:34:23.164551: | cmd( 720):ER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO: Sep 21 07:34:23.164553: | cmd( 800):_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libre: Sep 21 07:34:23.164556: | cmd( 880):swan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADD: Sep 21 07:34:23.164558: | cmd( 960):TIME='1569051252' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SA: Sep 21 07:34:23.164561: | cmd(1040):REF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRF: Sep 21 07:34:23.164564: | cmd(1120):AMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO: Sep 21 07:34:23.164566: | cmd(1200):_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT=: Sep 21 07:34:23.164569: | cmd(1280):'0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN: Sep 21 07:34:23.164571: | cmd(1360):=0x4602f09a SPI_OUT=0xaa056cd4 ipsec _updown 2>&1: Sep 21 07:34:23.164727: | crypto helper 3 finished build KE and nonce (quick_outI1 KE); request ID 12 time elapsed 0.001013 seconds Sep 21 07:34:23.164739: | (#7) spent 0.885 milliseconds in crypto helper computing work-order 12: quick_outI1 KE (pcr) Sep 21 07:34:23.164742: | crypto helper 3 sending results from work-order 12 for state #7 to event queue Sep 21 07:34:23.164746: | scheduling resume sending helper answer for #7 Sep 21 07:34:23.164749: | libevent_malloc: new ptr-libevent@0x7fdad0007470 size 128 Sep 21 07:34:23.164754: | crypto helper 3 waiting (nothing to do) Sep 21 07:34:23.174221: | shunt_eroute() called for connection 'north-a-dpd' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 192.0.3.0/24:0 --0->- 192.0.22.0/24:0 Sep 21 07:34:23.174236: | netlink_shunt_eroute for proto 0, and source 192.0.3.0/24:0 dest 192.0.22.0/24:0 Sep 21 07:34:23.174240: | priority calculation of connection "north-a-dpd" is 0xfe7e7 Sep 21 07:34:23.174243: | IPsec Sa SPD priority set to 1042407 Sep 21 07:34:23.174293: | delete esp.4602f09a@192.1.2.23 Sep 21 07:34:23.174317: | netlink response for Del SA esp.4602f09a@192.1.2.23 included non-error error Sep 21 07:34:23.174320: | priority calculation of connection "north-a-dpd" is 0xfe7e7 Sep 21 07:34:23.174327: | delete inbound eroute 192.0.22.0/24:0 --0-> 192.0.3.0/24:0 => unk255.10000@192.1.3.33 (raw_eroute) Sep 21 07:34:23.174369: | raw_eroute result=success Sep 21 07:34:23.174373: | delete esp.aa056cd4@192.1.3.33 Sep 21 07:34:23.174395: | netlink response for Del SA esp.aa056cd4@192.1.3.33 included non-error error Sep 21 07:34:23.174400: | in connection_discard for connection north-a-dpd Sep 21 07:34:23.174403: | State DB: deleting IKEv1 state #4 in QUICK_I2 Sep 21 07:34:23.174407: | child state #4: QUICK_I2(established CHILD SA) => UNDEFINED(ignore) Sep 21 07:34:23.174426: | stop processing: state #4 from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:34:23.174437: | libevent_free: release ptr-libevent@0x7fdad40050d0 Sep 21 07:34:23.174440: | free_event_entry: release EVENT_SA_EXPIRE-pe@0x55dbe1bf50f0 Sep 21 07:34:23.174443: | in statetime_stop() and could not find #4 Sep 21 07:34:23.174446: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Sep 21 07:34:23.174468: | spent 0.00291 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:34:23.174481: | *received 92 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Sep 21 07:34:23.174483: | 83 26 94 dc 76 34 ec a4 7f 9b 03 f4 eb 6f 2e 92 Sep 21 07:34:23.174486: | 08 10 05 01 c6 bd 68 d2 00 00 00 5c 30 92 46 b8 Sep 21 07:34:23.174488: | aa 94 ff fe 97 e5 8e 50 70 1a f6 99 9f 18 39 1d Sep 21 07:34:23.174490: | d0 06 39 4c a8 c4 a6 ac 9b 79 7a 9a 29 20 97 c9 Sep 21 07:34:23.174492: | 4b e7 d6 03 42 29 38 21 40 65 3d cd af cd 11 61 Sep 21 07:34:23.174494: | 46 ba 8d b4 a7 1a 35 3e a8 2b 78 18 Sep 21 07:34:23.174499: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:34:23.174502: | **parse ISAKMP Message: Sep 21 07:34:23.174505: | initiator cookie: Sep 21 07:34:23.174507: | 83 26 94 dc 76 34 ec a4 Sep 21 07:34:23.174509: | responder cookie: Sep 21 07:34:23.174511: | 7f 9b 03 f4 eb 6f 2e 92 Sep 21 07:34:23.174514: | next payload type: ISAKMP_NEXT_HASH (0x8) Sep 21 07:34:23.174516: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:34:23.174519: | exchange type: ISAKMP_XCHG_INFO (0x5) Sep 21 07:34:23.174522: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Sep 21 07:34:23.174524: | Message ID: 3334301906 (0xc6bd68d2) Sep 21 07:34:23.174526: | length: 92 (0x5c) Sep 21 07:34:23.174529: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_INFO (5) Sep 21 07:34:23.174533: | peer and cookies match on #7; msgid=00000000 st_msgid=a7ebe32c st_msgid_phase15=00000000 Sep 21 07:34:23.174536: | peer and cookies match on #6; msgid=00000000 st_msgid=bda7c5c5 st_msgid_phase15=00000000 Sep 21 07:34:23.174538: | peer and cookies match on #3; msgid=00000000 st_msgid=00000000 st_msgid_phase15=00000000 Sep 21 07:34:23.174541: | p15 state object #3 found, in STATE_MAIN_I4 Sep 21 07:34:23.174547: | State DB: found IKEv1 state #3 in MAIN_I4 (find_v1_info_state) Sep 21 07:34:23.174552: | start processing: state #3 connection "northnet-eastnet-b" from 192.1.2.23:500 (in process_v1_packet() at ikev1.c:1455) Sep 21 07:34:23.174569: | #3 is idle Sep 21 07:34:23.174572: | #3 idle Sep 21 07:34:23.174576: | received encrypted packet from 192.1.2.23:500 Sep 21 07:34:23.174588: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x100 opt: 0x0 Sep 21 07:34:23.174592: | ***parse ISAKMP Hash Payload: Sep 21 07:34:23.174594: | next payload type: ISAKMP_NEXT_D (0xc) Sep 21 07:34:23.174597: | length: 36 (0x24) Sep 21 07:34:23.174600: | got payload 0x1000 (ISAKMP_NEXT_D) needed: 0x0 opt: 0x0 Sep 21 07:34:23.174602: | ***parse ISAKMP Delete Payload: Sep 21 07:34:23.174605: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:23.174607: | length: 28 (0x1c) Sep 21 07:34:23.174609: | DOI: ISAKMP_DOI_IPSEC (0x1) Sep 21 07:34:23.174612: | protocol ID: 1 (0x1) Sep 21 07:34:23.174614: | SPI size: 16 (0x10) Sep 21 07:34:23.174616: | number of SPIs: 1 (0x1) Sep 21 07:34:23.174641: | informational HASH(1): Sep 21 07:34:23.174644: | e8 64 46 e5 c7 95 38 f3 b9 47 ed 0b 5b 0e f1 2e Sep 21 07:34:23.174647: | 87 68 03 0e 77 2f 45 d4 44 e6 8e fb 92 50 f3 63 Sep 21 07:34:23.174649: | received 'informational' message HASH(1) data ok Sep 21 07:34:23.174652: | parsing 8 raw bytes of ISAKMP Delete Payload into iCookie Sep 21 07:34:23.174655: | iCookie 83 26 94 dc 76 34 ec a4 Sep 21 07:34:23.174658: | parsing 8 raw bytes of ISAKMP Delete Payload into rCookie Sep 21 07:34:23.174660: | rCookie 7f 9b 03 f4 eb 6f 2e 92 Sep 21 07:34:23.174663: | State DB: found IKEv1 state #3 in MAIN_I4 (find_state_ikev1) Sep 21 07:34:23.174666: | del: Sep 21 07:34:23.174669: "northnet-eastnet-b" #3: received Delete SA payload: self-deleting ISAKMP State #3 Sep 21 07:34:23.174672: | pstats #3 ikev1.isakmp deleted completed Sep 21 07:34:23.174676: | [RE]START processing: state #3 connection "northnet-eastnet-b" from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:34:23.174679: "northnet-eastnet-b" #3: deleting state (STATE_MAIN_I4) aged 43.155s and sending notification Sep 21 07:34:23.174682: | parent state #3: MAIN_I4(established IKE SA) => delete Sep 21 07:34:23.174736: | #3 send IKEv1 delete notification for STATE_MAIN_I4 Sep 21 07:34:23.174744: | **emit ISAKMP Message: Sep 21 07:34:23.174747: | initiator cookie: Sep 21 07:34:23.174749: | 83 26 94 dc 76 34 ec a4 Sep 21 07:34:23.174751: | responder cookie: Sep 21 07:34:23.174753: | 7f 9b 03 f4 eb 6f 2e 92 Sep 21 07:34:23.174755: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:23.174758: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:34:23.174760: | exchange type: ISAKMP_XCHG_INFO (0x5) Sep 21 07:34:23.174763: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Sep 21 07:34:23.174765: | Message ID: 4113497325 (0xf52efced) Sep 21 07:34:23.174768: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:34:23.174771: | ***emit ISAKMP Hash Payload: Sep 21 07:34:23.174773: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:23.174777: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Sep 21 07:34:23.174779: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'delete msg' Sep 21 07:34:23.174794: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Sep 21 07:34:23.174801: | emitting length of ISAKMP Hash Payload: 36 Sep 21 07:34:23.174803: | ***emit ISAKMP Delete Payload: Sep 21 07:34:23.174806: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:23.174808: | DOI: ISAKMP_DOI_IPSEC (0x1) Sep 21 07:34:23.174810: | protocol ID: 1 (0x1) Sep 21 07:34:23.174813: | SPI size: 16 (0x10) Sep 21 07:34:23.174815: | number of SPIs: 1 (0x1) Sep 21 07:34:23.174818: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Delete Payload (12:ISAKMP_NEXT_D) Sep 21 07:34:23.174823: | next payload chain: saving location 'ISAKMP Delete Payload'.'next payload type' in 'delete msg' Sep 21 07:34:23.174826: | emitting 8 raw bytes of initiator SPI into ISAKMP Delete Payload Sep 21 07:34:23.174829: | initiator SPI 83 26 94 dc 76 34 ec a4 Sep 21 07:34:23.174831: | emitting 8 raw bytes of responder SPI into ISAKMP Delete Payload Sep 21 07:34:23.174833: | responder SPI 7f 9b 03 f4 eb 6f 2e 92 Sep 21 07:34:23.174836: | emitting length of ISAKMP Delete Payload: 28 Sep 21 07:34:23.174856: | send delete HASH(1): Sep 21 07:34:23.174859: | 25 2c 69 f4 6c 44 5e 3b 56 3d 12 57 9a 3d 35 9a Sep 21 07:34:23.174862: | fb 6a 2c 2c 54 8d 9e 79 cc 78 42 f1 dd 6d 7a 74 Sep 21 07:34:23.174869: | no IKEv1 message padding required Sep 21 07:34:23.174872: | emitting length of ISAKMP Message: 92 Sep 21 07:34:23.174884: | sending 92 bytes for delete notify through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #3) Sep 21 07:34:23.174887: | 83 26 94 dc 76 34 ec a4 7f 9b 03 f4 eb 6f 2e 92 Sep 21 07:34:23.174889: | 08 10 05 01 f5 2e fc ed 00 00 00 5c 79 01 30 56 Sep 21 07:34:23.174891: | b2 9e d5 c3 64 4c 58 4f d6 2d f6 e8 0c 66 16 5d Sep 21 07:34:23.174893: | c3 ca 77 34 df ef 52 d1 e1 ba 79 c8 1e e7 ea d9 Sep 21 07:34:23.174896: | 28 2e 7d f9 44 71 88 2e df 8e 63 46 5c 72 34 c3 Sep 21 07:34:23.174898: | 5d 28 6b 05 13 c7 94 87 83 ee 6d 06 Sep 21 07:34:23.174944: | state #3 requesting EVENT_SA_REPLACE to be deleted Sep 21 07:34:23.174949: | libevent_free: release ptr-libevent@0x55dbe1c02540 Sep 21 07:34:23.174953: | free_event_entry: release EVENT_SA_REPLACE-pe@0x55dbe1c05b50 Sep 21 07:34:23.174957: "northnet-eastnet-b" #3: reschedule pending child #7 STATE_QUICK_I1 of connection "north-a-dpd" - the parent is going away Sep 21 07:34:23.174960: | state #7 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:34:23.174963: | libevent_free: release ptr-libevent@0x7fdacc0069c0 Sep 21 07:34:23.174966: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x55dbe1bf6490 Sep 21 07:34:23.174969: | event_schedule: new EVENT_SA_REPLACE-pe@0x55dbe1bf6490 Sep 21 07:34:23.174973: | inserting event EVENT_SA_REPLACE, timeout in 0 seconds for #7 Sep 21 07:34:23.174976: | libevent_malloc: new ptr-libevent@0x7fdad40050d0 size 128 Sep 21 07:34:23.174980: "northnet-eastnet-b" #3: reschedule pending child #6 STATE_QUICK_I1 of connection "northnet-eastnet-b" - the parent is going away Sep 21 07:34:23.174983: | state #6 requesting EVENT_RETRANSMIT to be deleted Sep 21 07:34:23.174986: | #6 STATE_QUICK_I1: retransmits: cleared Sep 21 07:34:23.174989: | libevent_free: release ptr-libevent@0x7fdad80030d0 Sep 21 07:34:23.174991: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7fdac8002b20 Sep 21 07:34:23.174994: | event_schedule: new EVENT_SA_REPLACE-pe@0x7fdac8002b20 Sep 21 07:34:23.174997: | inserting event EVENT_SA_REPLACE, timeout in 0 seconds for #6 Sep 21 07:34:23.174999: | libevent_malloc: new ptr-libevent@0x7fdad80030d0 size 128 Sep 21 07:34:23.175002: | State DB: IKEv1 state not found (flush_incomplete_children) Sep 21 07:34:23.175005: | picked newest_isakmp_sa #0 for #3 Sep 21 07:34:23.175008: "northnet-eastnet-b" #3: deleting IKE SA for connection 'northnet-eastnet-b' but connection is supposed to remain up; schedule EVENT_REVIVE_CONNS Sep 21 07:34:23.175011: | add revival: connection 'northnet-eastnet-b' added to the list and scheduled for 0 seconds Sep 21 07:34:23.175014: | global one-shot timer EVENT_REVIVE_CONNS scheduled in 0 seconds Sep 21 07:34:23.175018: | in connection_discard for connection northnet-eastnet-b Sep 21 07:34:23.175021: | State DB: deleting IKEv1 state #3 in MAIN_I4 Sep 21 07:34:23.175024: | parent state #3: MAIN_I4(established IKE SA) => UNDEFINED(ignore) Sep 21 07:34:23.175035: | unreference key: 0x55dbe1c048a0 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org cnt 2-- Sep 21 07:34:23.175047: | stop processing: state #3 from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:34:23.175061: | unreference key: 0x55dbe1c048a0 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org cnt 1-- Sep 21 07:34:23.175066: | unreference key: 0x55dbe1c10fc0 user-east@testing.libreswan.org cnt 1-- Sep 21 07:34:23.175071: | unreference key: 0x55dbe1bcdb70 @east.testing.libreswan.org cnt 1-- Sep 21 07:34:23.175075: | unreference key: 0x55dbe1bfdff0 east@testing.libreswan.org cnt 1-- Sep 21 07:34:23.175080: | unreference key: 0x55dbe1bfdd80 192.1.2.23 cnt 1-- Sep 21 07:34:23.175087: | in statetime_start() with no state Sep 21 07:34:23.175090: | complete v1 state transition with STF_IGNORE Sep 21 07:34:23.175095: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Sep 21 07:34:23.175098: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:34:23.175100: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:34:23.175106: | spent 0.596 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:34:23.175113: | processing resume sending helper answer for #7 Sep 21 07:34:23.175118: | start processing: state #7 connection "north-a-dpd" from 192.1.2.23:500 (in resume_handler() at server.c:797) Sep 21 07:34:23.175122: | crypto helper 3 replies to request ID 12 Sep 21 07:34:23.175125: | calling continuation function 0x55dbdfa7b630 Sep 21 07:34:23.175127: | work-order 12 state #7 crypto result suppressed Sep 21 07:34:23.175136: | resume sending helper answer for #7 suppresed complete_v1_state_transition() Sep 21 07:34:23.175141: | #7 spent 0.0187 milliseconds in resume sending helper answer Sep 21 07:34:23.175146: | stop processing: state #7 connection "north-a-dpd" from 192.1.2.23:500 (in resume_handler() at server.c:833) Sep 21 07:34:23.175149: | libevent_free: release ptr-libevent@0x7fdad0007470 Sep 21 07:34:23.175151: | processing signal PLUTO_SIGCHLD Sep 21 07:34:23.175156: | waitpid returned ECHILD (no child processes left) Sep 21 07:34:23.175160: | spent 0.00498 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:34:23.175168: | spent 0.00159 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:34:23.175179: | *received 92 bytes from 192.1.2.23:500 on eth1 (192.1.3.33:500) Sep 21 07:34:23.175181: | 01 a7 a6 fa 98 79 9e af 66 81 7f f0 7d 2f b4 22 Sep 21 07:34:23.175184: | 08 10 05 01 d7 dc 33 8c 00 00 00 5c d4 06 d2 12 Sep 21 07:34:23.175186: | fa 8e 6b b5 52 91 19 ce 95 a1 75 6e 1d 2e 63 b0 Sep 21 07:34:23.175188: | 41 c8 e7 05 b9 e6 23 27 3a c1 13 57 53 b5 36 d4 Sep 21 07:34:23.175190: | ff e6 0b 5a 3b 58 d8 44 46 19 10 2a f2 03 0a a8 Sep 21 07:34:23.175192: | 85 ee d2 5c a8 c7 68 30 e1 85 cf 77 Sep 21 07:34:23.175197: | start processing: from 192.1.2.23:500 (in process_md() at demux.c:378) Sep 21 07:34:23.175200: | **parse ISAKMP Message: Sep 21 07:34:23.175202: | initiator cookie: Sep 21 07:34:23.175205: | 01 a7 a6 fa 98 79 9e af Sep 21 07:34:23.175207: | responder cookie: Sep 21 07:34:23.175209: | 66 81 7f f0 7d 2f b4 22 Sep 21 07:34:23.175212: | next payload type: ISAKMP_NEXT_HASH (0x8) Sep 21 07:34:23.175214: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:34:23.175217: | exchange type: ISAKMP_XCHG_INFO (0x5) Sep 21 07:34:23.175219: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Sep 21 07:34:23.175222: | Message ID: 3621532556 (0xd7dc338c) Sep 21 07:34:23.175224: | length: 92 (0x5c) Sep 21 07:34:23.175227: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_INFO (5) Sep 21 07:34:23.175230: | State DB: IKEv1 state not found (find_v1_info_state) Sep 21 07:34:23.175232: | State DB: IKEv1 state not found (find_state_ikev1_init) Sep 21 07:34:23.175235: | Informational Exchange is for an unknown (expired?) SA with MSGID:0xd7dc338c Sep 21 07:34:23.175238: | - unknown SA's md->hdr.isa_ike_initiator_spi.bytes: Sep 21 07:34:23.175240: | 01 a7 a6 fa 98 79 9e af Sep 21 07:34:23.175243: | - unknown SA's md->hdr.isa_ike_responder_spi.bytes: Sep 21 07:34:23.175247: | 66 81 7f f0 7d 2f b4 22 Sep 21 07:34:23.175251: | stop processing: from 192.1.2.23:500 (in process_md() at demux.c:380) Sep 21 07:34:23.175254: | processing: STOP state #0 (in process_md() at demux.c:382) Sep 21 07:34:23.175257: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:34:23.175261: | spent 0.088 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:34:23.175265: | timer_event_cb: processing event@0x55dbe1bf6490 Sep 21 07:34:23.175267: | handling event EVENT_SA_REPLACE for child state #7 Sep 21 07:34:23.175272: | start processing: state #7 connection "north-a-dpd" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:34:23.175275: | picked newest_ipsec_sa #0 for #7 Sep 21 07:34:23.175277: | replacing stale IPsec SA Sep 21 07:34:23.175281: | dup_any(fd@-1) -> fd@-1 (in ipsecdoi_replace() at ipsec_doi.c:351) Sep 21 07:34:23.175284: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:34:23.175291: | creating state object #8 at 0x55dbe1bfcd60 Sep 21 07:34:23.175294: | State DB: adding IKEv1 state #8 in UNDEFINED Sep 21 07:34:23.175297: | pstats #8 ikev1.isakmp started Sep 21 07:34:23.175305: | suspend processing: state #7 connection "north-a-dpd" from 192.1.2.23:500 (in main_outI1() at ikev1_main.c:118) Sep 21 07:34:23.175310: | start processing: state #8 connection "north-a-dpd" from 192.1.2.23:500 (in main_outI1() at ikev1_main.c:118) Sep 21 07:34:23.175313: | parent state #8: UNDEFINED(ignore) => MAIN_I1(half-open IKE SA) Sep 21 07:34:23.175316: | dup_any(fd@-1) -> fd@-1 (in main_outI1() at ikev1_main.c:123) Sep 21 07:34:23.175321: | Queuing pending IPsec SA negotiating with 192.1.2.23 "north-a-dpd" IKE SA #8 "north-a-dpd" Sep 21 07:34:23.175324: "north-a-dpd" #8: initiating Main Mode Sep 21 07:34:23.175330: | **emit ISAKMP Message: Sep 21 07:34:23.175332: | initiator cookie: Sep 21 07:34:23.175335: | 5c 28 90 84 0d 9c 57 5c Sep 21 07:34:23.175337: | responder cookie: Sep 21 07:34:23.175339: | 00 00 00 00 00 00 00 00 Sep 21 07:34:23.175342: | next payload type: ISAKMP_NEXT_SA (0x1) Sep 21 07:34:23.175344: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:34:23.175347: | exchange type: ISAKMP_XCHG_IDPROT (0x2) Sep 21 07:34:23.175350: | flags: none (0x0) Sep 21 07:34:23.175352: | Message ID: 0 (0x0) Sep 21 07:34:23.175355: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:34:23.175358: | next payload chain: ignoring supplied 'ISAKMP Message'.'next payload type' value 1:ISAKMP_NEXT_SA Sep 21 07:34:23.175361: | no specific IKE algorithms specified - using defaults Sep 21 07:34:23.175386: | oakley_alg_makedb() processing ealg=aes=7 halg=sha2_256=4 modp=MODP2048=14 eklen=0 Sep 21 07:34:23.175393: | oakley_alg_makedb() processing ealg=aes=7 halg=sha2_512=6 modp=MODP2048=14 eklen=0 Sep 21 07:34:23.175398: | oakley_alg_makedb() processing ealg=aes=7 halg=sha=2 modp=MODP2048=14 eklen=0 Sep 21 07:34:23.175403: | oakley_alg_makedb() processing ealg=aes=7 halg=sha2_256=4 modp=MODP1536=5 eklen=0 Sep 21 07:34:23.175408: | oakley_alg_makedb() processing ealg=aes=7 halg=sha2_512=6 modp=MODP1536=5 eklen=0 Sep 21 07:34:23.175413: | oakley_alg_makedb() processing ealg=aes=7 halg=sha=2 modp=MODP1536=5 eklen=0 Sep 21 07:34:23.175418: | oakley_alg_makedb() processing ealg=3des_cbc=5 halg=sha2_256=4 modp=MODP2048=14 eklen=0 Sep 21 07:34:23.175422: | oakley_alg_makedb() processing ealg=3des_cbc=5 halg=sha2_512=6 modp=MODP2048=14 eklen=0 Sep 21 07:34:23.175427: | oakley_alg_makedb() processing ealg=3des_cbc=5 halg=sha=2 modp=MODP2048=14 eklen=0 Sep 21 07:34:23.175431: | oakley_alg_makedb() processing ealg=3des_cbc=5 halg=sha2_256=4 modp=MODP1536=5 eklen=0 Sep 21 07:34:23.175436: | oakley_alg_makedb() processing ealg=3des_cbc=5 halg=sha2_512=6 modp=MODP1536=5 eklen=0 Sep 21 07:34:23.175440: | oakley_alg_makedb() processing ealg=3des_cbc=5 halg=sha=2 modp=MODP1536=5 eklen=0 Sep 21 07:34:23.175445: | oakley_alg_makedb() returning 0x55dbe1c00580 Sep 21 07:34:23.175452: | ***emit ISAKMP Security Association Payload: Sep 21 07:34:23.175455: | next payload type: ISAKMP_NEXT_VID (0xd) Sep 21 07:34:23.175457: | DOI: ISAKMP_DOI_IPSEC (0x1) Sep 21 07:34:23.175461: | next payload chain: ignoring supplied 'ISAKMP Security Association Payload'.'next payload type' value 13:ISAKMP_NEXT_VID Sep 21 07:34:23.175464: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Security Association Payload (1:ISAKMP_NEXT_SA) Sep 21 07:34:23.175467: | next payload chain: saving location 'ISAKMP Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:34:23.175469: | ****emit IPsec DOI SIT: Sep 21 07:34:23.175472: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) Sep 21 07:34:23.175475: | ikev1_out_sa pcn: 0 has 1 valid proposals Sep 21 07:34:23.175478: | ikev1_out_sa pcn: 0 pn: 0<1 valid_count: 1 trans_cnt: 18 Sep 21 07:34:23.175480: | ****emit ISAKMP Proposal Payload: Sep 21 07:34:23.175483: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:23.175485: | proposal number: 0 (0x0) Sep 21 07:34:23.175488: | protocol ID: PROTO_ISAKMP (0x1) Sep 21 07:34:23.175490: | SPI size: 0 (0x0) Sep 21 07:34:23.175492: | number of transforms: 18 (0x12) Sep 21 07:34:23.175495: | last substructure: saving location 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' Sep 21 07:34:23.175497: | *****emit ISAKMP Transform Payload (ISAKMP): Sep 21 07:34:23.175500: | next payload type: ISAKMP_NEXT_T (0x3) Sep 21 07:34:23.175503: | ISAKMP transform number: 0 (0x0) Sep 21 07:34:23.175505: | ISAKMP transform ID: KEY_IKE (0x1) Sep 21 07:34:23.175508: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Sep 21 07:34:23.175511: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:23.175513: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Sep 21 07:34:23.175516: | length/value: 1 (0x1) Sep 21 07:34:23.175519: | [1 is OAKLEY_LIFE_SECONDS] Sep 21 07:34:23.175521: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:23.175525: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Sep 21 07:34:23.175528: | length/value: 3600 (0xe10) Sep 21 07:34:23.175530: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:23.175533: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Sep 21 07:34:23.175535: | length/value: 7 (0x7) Sep 21 07:34:23.175538: | [7 is OAKLEY_AES_CBC] Sep 21 07:34:23.175540: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:23.175543: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Sep 21 07:34:23.175545: | length/value: 4 (0x4) Sep 21 07:34:23.175548: | [4 is OAKLEY_SHA2_256] Sep 21 07:34:23.175550: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:23.175552: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Sep 21 07:34:23.175555: | length/value: 3 (0x3) Sep 21 07:34:23.175557: | [3 is OAKLEY_RSA_SIG] Sep 21 07:34:23.175560: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:23.175562: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Sep 21 07:34:23.175564: | length/value: 14 (0xe) Sep 21 07:34:23.175567: | [14 is OAKLEY_GROUP_MODP2048] Sep 21 07:34:23.175569: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:23.175572: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) Sep 21 07:34:23.175574: | length/value: 256 (0x100) Sep 21 07:34:23.175577: | emitting length of ISAKMP Transform Payload (ISAKMP): 36 Sep 21 07:34:23.175579: | *****emit ISAKMP Transform Payload (ISAKMP): Sep 21 07:34:23.175582: | next payload type: ISAKMP_NEXT_T (0x3) Sep 21 07:34:23.175584: | ISAKMP transform number: 1 (0x1) Sep 21 07:34:23.175587: | ISAKMP transform ID: KEY_IKE (0x1) Sep 21 07:34:23.175589: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Sep 21 07:34:23.175592: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Sep 21 07:34:23.175597: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:23.175600: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Sep 21 07:34:23.175602: | length/value: 1 (0x1) Sep 21 07:34:23.175604: | [1 is OAKLEY_LIFE_SECONDS] Sep 21 07:34:23.175607: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:23.175609: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Sep 21 07:34:23.175612: | length/value: 3600 (0xe10) Sep 21 07:34:23.175614: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:23.175616: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Sep 21 07:34:23.175619: | length/value: 7 (0x7) Sep 21 07:34:23.175621: | [7 is OAKLEY_AES_CBC] Sep 21 07:34:23.175623: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:23.175626: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Sep 21 07:34:23.175628: | length/value: 4 (0x4) Sep 21 07:34:23.175631: | [4 is OAKLEY_SHA2_256] Sep 21 07:34:23.175633: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:23.175635: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Sep 21 07:34:23.175637: | length/value: 3 (0x3) Sep 21 07:34:23.175639: | [3 is OAKLEY_RSA_SIG] Sep 21 07:34:23.175642: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:23.175644: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Sep 21 07:34:23.175646: | length/value: 14 (0xe) Sep 21 07:34:23.175648: | [14 is OAKLEY_GROUP_MODP2048] Sep 21 07:34:23.175651: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:23.175653: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) Sep 21 07:34:23.175655: | length/value: 128 (0x80) Sep 21 07:34:23.175658: | emitting length of ISAKMP Transform Payload (ISAKMP): 36 Sep 21 07:34:23.175660: | *****emit ISAKMP Transform Payload (ISAKMP): Sep 21 07:34:23.175663: | next payload type: ISAKMP_NEXT_T (0x3) Sep 21 07:34:23.175665: | ISAKMP transform number: 2 (0x2) Sep 21 07:34:23.175668: | ISAKMP transform ID: KEY_IKE (0x1) Sep 21 07:34:23.175671: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Sep 21 07:34:23.175674: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Sep 21 07:34:23.175676: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:23.175679: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Sep 21 07:34:23.175681: | length/value: 1 (0x1) Sep 21 07:34:23.175683: | [1 is OAKLEY_LIFE_SECONDS] Sep 21 07:34:23.175686: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:23.175688: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Sep 21 07:34:23.175690: | length/value: 3600 (0xe10) Sep 21 07:34:23.175693: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:23.175695: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Sep 21 07:34:23.175697: | length/value: 7 (0x7) Sep 21 07:34:23.175700: | [7 is OAKLEY_AES_CBC] Sep 21 07:34:23.175702: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:23.175705: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Sep 21 07:34:23.175707: | length/value: 6 (0x6) Sep 21 07:34:23.175709: | [6 is OAKLEY_SHA2_512] Sep 21 07:34:23.175712: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:23.175714: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Sep 21 07:34:23.175716: | length/value: 3 (0x3) Sep 21 07:34:23.175719: | [3 is OAKLEY_RSA_SIG] Sep 21 07:34:23.175721: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:23.175723: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Sep 21 07:34:23.175726: | length/value: 14 (0xe) Sep 21 07:34:23.175728: | [14 is OAKLEY_GROUP_MODP2048] Sep 21 07:34:23.175731: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:23.175733: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) Sep 21 07:34:23.175735: | length/value: 256 (0x100) Sep 21 07:34:23.175738: | emitting length of ISAKMP Transform Payload (ISAKMP): 36 Sep 21 07:34:23.175740: | *****emit ISAKMP Transform Payload (ISAKMP): Sep 21 07:34:23.175743: | next payload type: ISAKMP_NEXT_T (0x3) Sep 21 07:34:23.175745: | ISAKMP transform number: 3 (0x3) Sep 21 07:34:23.175749: | ISAKMP transform ID: KEY_IKE (0x1) Sep 21 07:34:23.175752: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Sep 21 07:34:23.175755: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Sep 21 07:34:23.175758: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:23.175760: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Sep 21 07:34:23.175763: | length/value: 1 (0x1) Sep 21 07:34:23.175766: | [1 is OAKLEY_LIFE_SECONDS] Sep 21 07:34:23.175768: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:23.175771: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Sep 21 07:34:23.175773: | length/value: 3600 (0xe10) Sep 21 07:34:23.175775: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:23.175778: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Sep 21 07:34:23.175780: | length/value: 7 (0x7) Sep 21 07:34:23.175787: | [7 is OAKLEY_AES_CBC] Sep 21 07:34:23.175792: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:23.175795: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Sep 21 07:34:23.175797: | length/value: 6 (0x6) Sep 21 07:34:23.175799: | [6 is OAKLEY_SHA2_512] Sep 21 07:34:23.175802: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:23.175817: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Sep 21 07:34:23.175819: | length/value: 3 (0x3) Sep 21 07:34:23.175821: | [3 is OAKLEY_RSA_SIG] Sep 21 07:34:23.175823: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:23.175825: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Sep 21 07:34:23.175828: | length/value: 14 (0xe) Sep 21 07:34:23.175830: | [14 is OAKLEY_GROUP_MODP2048] Sep 21 07:34:23.175832: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:23.175834: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) Sep 21 07:34:23.175837: | length/value: 128 (0x80) Sep 21 07:34:23.175839: | emitting length of ISAKMP Transform Payload (ISAKMP): 36 Sep 21 07:34:23.175841: | *****emit ISAKMP Transform Payload (ISAKMP): Sep 21 07:34:23.175844: | next payload type: ISAKMP_NEXT_T (0x3) Sep 21 07:34:23.175846: | ISAKMP transform number: 4 (0x4) Sep 21 07:34:23.175848: | ISAKMP transform ID: KEY_IKE (0x1) Sep 21 07:34:23.175851: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Sep 21 07:34:23.175853: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Sep 21 07:34:23.175856: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:23.175858: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Sep 21 07:34:23.175860: | length/value: 1 (0x1) Sep 21 07:34:23.175862: | [1 is OAKLEY_LIFE_SECONDS] Sep 21 07:34:23.175865: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:23.175867: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Sep 21 07:34:23.175869: | length/value: 3600 (0xe10) Sep 21 07:34:23.175871: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:23.175874: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Sep 21 07:34:23.175876: | length/value: 7 (0x7) Sep 21 07:34:23.175878: | [7 is OAKLEY_AES_CBC] Sep 21 07:34:23.175880: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:23.175882: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Sep 21 07:34:23.175885: | length/value: 2 (0x2) Sep 21 07:34:23.175887: | [2 is OAKLEY_SHA1] Sep 21 07:34:23.175889: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:23.175891: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Sep 21 07:34:23.175893: | length/value: 3 (0x3) Sep 21 07:34:23.175896: | [3 is OAKLEY_RSA_SIG] Sep 21 07:34:23.175898: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:23.175900: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Sep 21 07:34:23.175902: | length/value: 14 (0xe) Sep 21 07:34:23.175905: | [14 is OAKLEY_GROUP_MODP2048] Sep 21 07:34:23.175907: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:23.175911: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) Sep 21 07:34:23.175913: | length/value: 256 (0x100) Sep 21 07:34:23.175916: | emitting length of ISAKMP Transform Payload (ISAKMP): 36 Sep 21 07:34:23.175918: | *****emit ISAKMP Transform Payload (ISAKMP): Sep 21 07:34:23.175921: | next payload type: ISAKMP_NEXT_T (0x3) Sep 21 07:34:23.175923: | ISAKMP transform number: 5 (0x5) Sep 21 07:34:23.175925: | ISAKMP transform ID: KEY_IKE (0x1) Sep 21 07:34:23.175928: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Sep 21 07:34:23.175931: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Sep 21 07:34:23.175933: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:23.175936: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Sep 21 07:34:23.175938: | length/value: 1 (0x1) Sep 21 07:34:23.175940: | [1 is OAKLEY_LIFE_SECONDS] Sep 21 07:34:23.175942: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:23.175945: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Sep 21 07:34:23.175947: | length/value: 3600 (0xe10) Sep 21 07:34:23.175949: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:23.175952: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Sep 21 07:34:23.175954: | length/value: 7 (0x7) Sep 21 07:34:23.175956: | [7 is OAKLEY_AES_CBC] Sep 21 07:34:23.175959: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:23.175961: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Sep 21 07:34:23.175963: | length/value: 2 (0x2) Sep 21 07:34:23.175966: | [2 is OAKLEY_SHA1] Sep 21 07:34:23.175968: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:23.175970: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Sep 21 07:34:23.175973: | length/value: 3 (0x3) Sep 21 07:34:23.175975: | [3 is OAKLEY_RSA_SIG] Sep 21 07:34:23.175977: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:23.175979: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Sep 21 07:34:23.175982: | length/value: 14 (0xe) Sep 21 07:34:23.175984: | [14 is OAKLEY_GROUP_MODP2048] Sep 21 07:34:23.175986: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:23.175989: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) Sep 21 07:34:23.175991: | length/value: 128 (0x80) Sep 21 07:34:23.175993: | emitting length of ISAKMP Transform Payload (ISAKMP): 36 Sep 21 07:34:23.175996: | *****emit ISAKMP Transform Payload (ISAKMP): Sep 21 07:34:23.176013: | next payload type: ISAKMP_NEXT_T (0x3) Sep 21 07:34:23.176015: | ISAKMP transform number: 6 (0x6) Sep 21 07:34:23.176017: | ISAKMP transform ID: KEY_IKE (0x1) Sep 21 07:34:23.176020: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Sep 21 07:34:23.176023: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Sep 21 07:34:23.176026: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:23.176028: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Sep 21 07:34:23.176030: | length/value: 1 (0x1) Sep 21 07:34:23.176033: | [1 is OAKLEY_LIFE_SECONDS] Sep 21 07:34:23.176035: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:23.176037: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Sep 21 07:34:23.176040: | length/value: 3600 (0xe10) Sep 21 07:34:23.176042: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:23.176045: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Sep 21 07:34:23.176047: | length/value: 7 (0x7) Sep 21 07:34:23.176049: | [7 is OAKLEY_AES_CBC] Sep 21 07:34:23.176051: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:23.176054: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Sep 21 07:34:23.176056: | length/value: 4 (0x4) Sep 21 07:34:23.176058: | [4 is OAKLEY_SHA2_256] Sep 21 07:34:23.176061: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:23.176063: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Sep 21 07:34:23.176067: | length/value: 3 (0x3) Sep 21 07:34:23.176070: | [3 is OAKLEY_RSA_SIG] Sep 21 07:34:23.176072: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:23.176074: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Sep 21 07:34:23.176077: | length/value: 5 (0x5) Sep 21 07:34:23.176079: | [5 is OAKLEY_GROUP_MODP1536] Sep 21 07:34:23.176081: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:23.176084: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) Sep 21 07:34:23.176086: | length/value: 256 (0x100) Sep 21 07:34:23.176088: | emitting length of ISAKMP Transform Payload (ISAKMP): 36 Sep 21 07:34:23.176091: | *****emit ISAKMP Transform Payload (ISAKMP): Sep 21 07:34:23.176093: | next payload type: ISAKMP_NEXT_T (0x3) Sep 21 07:34:23.176096: | ISAKMP transform number: 7 (0x7) Sep 21 07:34:23.176098: | ISAKMP transform ID: KEY_IKE (0x1) Sep 21 07:34:23.176101: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Sep 21 07:34:23.176104: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Sep 21 07:34:23.176106: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:23.176109: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Sep 21 07:34:23.176111: | length/value: 1 (0x1) Sep 21 07:34:23.176113: | [1 is OAKLEY_LIFE_SECONDS] Sep 21 07:34:23.176116: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:23.176118: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Sep 21 07:34:23.176120: | length/value: 3600 (0xe10) Sep 21 07:34:23.176123: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:23.176125: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Sep 21 07:34:23.176128: | length/value: 7 (0x7) Sep 21 07:34:23.176130: | [7 is OAKLEY_AES_CBC] Sep 21 07:34:23.176132: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:23.176135: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Sep 21 07:34:23.176137: | length/value: 4 (0x4) Sep 21 07:34:23.176139: | [4 is OAKLEY_SHA2_256] Sep 21 07:34:23.176141: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:23.176144: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Sep 21 07:34:23.176146: | length/value: 3 (0x3) Sep 21 07:34:23.176149: | [3 is OAKLEY_RSA_SIG] Sep 21 07:34:23.176151: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:23.176153: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Sep 21 07:34:23.176156: | length/value: 5 (0x5) Sep 21 07:34:23.176158: | [5 is OAKLEY_GROUP_MODP1536] Sep 21 07:34:23.176160: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:23.176163: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) Sep 21 07:34:23.176165: | length/value: 128 (0x80) Sep 21 07:34:23.176168: | emitting length of ISAKMP Transform Payload (ISAKMP): 36 Sep 21 07:34:23.176170: | *****emit ISAKMP Transform Payload (ISAKMP): Sep 21 07:34:23.176173: | next payload type: ISAKMP_NEXT_T (0x3) Sep 21 07:34:23.176175: | ISAKMP transform number: 8 (0x8) Sep 21 07:34:23.176178: | ISAKMP transform ID: KEY_IKE (0x1) Sep 21 07:34:23.176180: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Sep 21 07:34:23.176183: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Sep 21 07:34:23.176186: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:23.176188: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Sep 21 07:34:23.176191: | length/value: 1 (0x1) Sep 21 07:34:23.176193: | [1 is OAKLEY_LIFE_SECONDS] Sep 21 07:34:23.176195: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:23.176198: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Sep 21 07:34:23.176200: | length/value: 3600 (0xe10) Sep 21 07:34:23.176203: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:23.176205: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Sep 21 07:34:23.176208: | length/value: 7 (0x7) Sep 21 07:34:23.176211: | [7 is OAKLEY_AES_CBC] Sep 21 07:34:23.176214: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:23.176216: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Sep 21 07:34:23.176218: | length/value: 6 (0x6) Sep 21 07:34:23.176221: | [6 is OAKLEY_SHA2_512] Sep 21 07:34:23.176223: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:23.176226: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Sep 21 07:34:23.176228: | length/value: 3 (0x3) Sep 21 07:34:23.176230: | [3 is OAKLEY_RSA_SIG] Sep 21 07:34:23.176232: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:23.176235: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Sep 21 07:34:23.176237: | length/value: 5 (0x5) Sep 21 07:34:23.176240: | [5 is OAKLEY_GROUP_MODP1536] Sep 21 07:34:23.176242: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:23.176244: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) Sep 21 07:34:23.176246: | length/value: 256 (0x100) Sep 21 07:34:23.176249: | emitting length of ISAKMP Transform Payload (ISAKMP): 36 Sep 21 07:34:23.176251: | *****emit ISAKMP Transform Payload (ISAKMP): Sep 21 07:34:23.176254: | next payload type: ISAKMP_NEXT_T (0x3) Sep 21 07:34:23.176256: | ISAKMP transform number: 9 (0x9) Sep 21 07:34:23.176258: | ISAKMP transform ID: KEY_IKE (0x1) Sep 21 07:34:23.176261: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Sep 21 07:34:23.176264: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Sep 21 07:34:23.176266: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:23.176269: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Sep 21 07:34:23.176271: | length/value: 1 (0x1) Sep 21 07:34:23.176273: | [1 is OAKLEY_LIFE_SECONDS] Sep 21 07:34:23.176276: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:23.176278: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Sep 21 07:34:23.176281: | length/value: 3600 (0xe10) Sep 21 07:34:23.176283: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:23.176285: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Sep 21 07:34:23.176288: | length/value: 7 (0x7) Sep 21 07:34:23.176290: | [7 is OAKLEY_AES_CBC] Sep 21 07:34:23.176292: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:23.176295: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Sep 21 07:34:23.176297: | length/value: 6 (0x6) Sep 21 07:34:23.176299: | [6 is OAKLEY_SHA2_512] Sep 21 07:34:23.176302: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:23.176304: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Sep 21 07:34:23.176306: | length/value: 3 (0x3) Sep 21 07:34:23.176309: | [3 is OAKLEY_RSA_SIG] Sep 21 07:34:23.176311: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:23.176313: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Sep 21 07:34:23.176316: | length/value: 5 (0x5) Sep 21 07:34:23.176318: | [5 is OAKLEY_GROUP_MODP1536] Sep 21 07:34:23.176320: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:23.176322: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) Sep 21 07:34:23.176325: | length/value: 128 (0x80) Sep 21 07:34:23.176327: | emitting length of ISAKMP Transform Payload (ISAKMP): 36 Sep 21 07:34:23.176330: | *****emit ISAKMP Transform Payload (ISAKMP): Sep 21 07:34:23.176332: | next payload type: ISAKMP_NEXT_T (0x3) Sep 21 07:34:23.176335: | ISAKMP transform number: 10 (0xa) Sep 21 07:34:23.176337: | ISAKMP transform ID: KEY_IKE (0x1) Sep 21 07:34:23.176340: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Sep 21 07:34:23.176343: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Sep 21 07:34:23.176345: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:23.176348: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Sep 21 07:34:23.176350: | length/value: 1 (0x1) Sep 21 07:34:23.176352: | [1 is OAKLEY_LIFE_SECONDS] Sep 21 07:34:23.176356: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:23.176358: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Sep 21 07:34:23.176361: | length/value: 3600 (0xe10) Sep 21 07:34:23.176363: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:23.176365: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Sep 21 07:34:23.176368: | length/value: 7 (0x7) Sep 21 07:34:23.176370: | [7 is OAKLEY_AES_CBC] Sep 21 07:34:23.176372: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:23.176375: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Sep 21 07:34:23.176377: | length/value: 2 (0x2) Sep 21 07:34:23.176379: | [2 is OAKLEY_SHA1] Sep 21 07:34:23.176382: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:23.176384: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Sep 21 07:34:23.176387: | length/value: 3 (0x3) Sep 21 07:34:23.176389: | [3 is OAKLEY_RSA_SIG] Sep 21 07:34:23.176391: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:23.176394: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Sep 21 07:34:23.176396: | length/value: 5 (0x5) Sep 21 07:34:23.176398: | [5 is OAKLEY_GROUP_MODP1536] Sep 21 07:34:23.176400: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:23.176403: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) Sep 21 07:34:23.176405: | length/value: 256 (0x100) Sep 21 07:34:23.176408: | emitting length of ISAKMP Transform Payload (ISAKMP): 36 Sep 21 07:34:23.176410: | *****emit ISAKMP Transform Payload (ISAKMP): Sep 21 07:34:23.176413: | next payload type: ISAKMP_NEXT_T (0x3) Sep 21 07:34:23.176415: | ISAKMP transform number: 11 (0xb) Sep 21 07:34:23.176417: | ISAKMP transform ID: KEY_IKE (0x1) Sep 21 07:34:23.176420: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Sep 21 07:34:23.176423: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Sep 21 07:34:23.176426: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:23.176428: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Sep 21 07:34:23.176431: | length/value: 1 (0x1) Sep 21 07:34:23.176433: | [1 is OAKLEY_LIFE_SECONDS] Sep 21 07:34:23.176435: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:23.176438: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Sep 21 07:34:23.176440: | length/value: 3600 (0xe10) Sep 21 07:34:23.176443: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:23.176445: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Sep 21 07:34:23.176447: | length/value: 7 (0x7) Sep 21 07:34:23.176450: | [7 is OAKLEY_AES_CBC] Sep 21 07:34:23.176452: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:23.176454: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Sep 21 07:34:23.176457: | length/value: 2 (0x2) Sep 21 07:34:23.176459: | [2 is OAKLEY_SHA1] Sep 21 07:34:23.176461: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:23.176464: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Sep 21 07:34:23.176466: | length/value: 3 (0x3) Sep 21 07:34:23.176468: | [3 is OAKLEY_RSA_SIG] Sep 21 07:34:23.176471: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:23.176473: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Sep 21 07:34:23.176475: | length/value: 5 (0x5) Sep 21 07:34:23.176478: | [5 is OAKLEY_GROUP_MODP1536] Sep 21 07:34:23.176480: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:23.176483: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) Sep 21 07:34:23.176485: | length/value: 128 (0x80) Sep 21 07:34:23.176488: | emitting length of ISAKMP Transform Payload (ISAKMP): 36 Sep 21 07:34:23.176490: | *****emit ISAKMP Transform Payload (ISAKMP): Sep 21 07:34:23.176493: | next payload type: ISAKMP_NEXT_T (0x3) Sep 21 07:34:23.176495: | ISAKMP transform number: 12 (0xc) Sep 21 07:34:23.176498: | ISAKMP transform ID: KEY_IKE (0x1) Sep 21 07:34:23.176500: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Sep 21 07:34:23.176505: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Sep 21 07:34:23.176507: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:23.176510: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Sep 21 07:34:23.176512: | length/value: 1 (0x1) Sep 21 07:34:23.176514: | [1 is OAKLEY_LIFE_SECONDS] Sep 21 07:34:23.176517: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:23.176519: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Sep 21 07:34:23.176521: | length/value: 3600 (0xe10) Sep 21 07:34:23.176524: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:23.176526: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Sep 21 07:34:23.176528: | length/value: 5 (0x5) Sep 21 07:34:23.176531: | [5 is OAKLEY_3DES_CBC] Sep 21 07:34:23.176533: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:23.176535: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Sep 21 07:34:23.176537: | length/value: 4 (0x4) Sep 21 07:34:23.176540: | [4 is OAKLEY_SHA2_256] Sep 21 07:34:23.176542: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:23.176545: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Sep 21 07:34:23.176547: | length/value: 3 (0x3) Sep 21 07:34:23.176549: | [3 is OAKLEY_RSA_SIG] Sep 21 07:34:23.176551: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:23.176554: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Sep 21 07:34:23.176556: | length/value: 14 (0xe) Sep 21 07:34:23.176558: | [14 is OAKLEY_GROUP_MODP2048] Sep 21 07:34:23.176561: | emitting length of ISAKMP Transform Payload (ISAKMP): 32 Sep 21 07:34:23.176563: | *****emit ISAKMP Transform Payload (ISAKMP): Sep 21 07:34:23.176566: | next payload type: ISAKMP_NEXT_T (0x3) Sep 21 07:34:23.176568: | ISAKMP transform number: 13 (0xd) Sep 21 07:34:23.176570: | ISAKMP transform ID: KEY_IKE (0x1) Sep 21 07:34:23.176573: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Sep 21 07:34:23.176576: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Sep 21 07:34:23.176578: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:23.176581: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Sep 21 07:34:23.176583: | length/value: 1 (0x1) Sep 21 07:34:23.176586: | [1 is OAKLEY_LIFE_SECONDS] Sep 21 07:34:23.176588: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:23.176591: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Sep 21 07:34:23.176593: | length/value: 3600 (0xe10) Sep 21 07:34:23.176595: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:23.176598: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Sep 21 07:34:23.176600: | length/value: 5 (0x5) Sep 21 07:34:23.176602: | [5 is OAKLEY_3DES_CBC] Sep 21 07:34:23.176604: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:23.176607: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Sep 21 07:34:23.176609: | length/value: 6 (0x6) Sep 21 07:34:23.176611: | [6 is OAKLEY_SHA2_512] Sep 21 07:34:23.176614: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:23.176616: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Sep 21 07:34:23.176618: | length/value: 3 (0x3) Sep 21 07:34:23.176621: | [3 is OAKLEY_RSA_SIG] Sep 21 07:34:23.176623: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:23.176625: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Sep 21 07:34:23.176628: | length/value: 14 (0xe) Sep 21 07:34:23.176630: | [14 is OAKLEY_GROUP_MODP2048] Sep 21 07:34:23.176633: | emitting length of ISAKMP Transform Payload (ISAKMP): 32 Sep 21 07:34:23.176635: | *****emit ISAKMP Transform Payload (ISAKMP): Sep 21 07:34:23.176637: | next payload type: ISAKMP_NEXT_T (0x3) Sep 21 07:34:23.176640: | ISAKMP transform number: 14 (0xe) Sep 21 07:34:23.176642: | ISAKMP transform ID: KEY_IKE (0x1) Sep 21 07:34:23.176645: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Sep 21 07:34:23.176649: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Sep 21 07:34:23.176652: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:23.176654: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Sep 21 07:34:23.176657: | length/value: 1 (0x1) Sep 21 07:34:23.176659: | [1 is OAKLEY_LIFE_SECONDS] Sep 21 07:34:23.176661: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:23.176664: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Sep 21 07:34:23.176666: | length/value: 3600 (0xe10) Sep 21 07:34:23.176668: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:23.176671: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Sep 21 07:34:23.176673: | length/value: 5 (0x5) Sep 21 07:34:23.176676: | [5 is OAKLEY_3DES_CBC] Sep 21 07:34:23.176678: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:23.176681: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Sep 21 07:34:23.176683: | length/value: 2 (0x2) Sep 21 07:34:23.176685: | [2 is OAKLEY_SHA1] Sep 21 07:34:23.176687: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:23.176690: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Sep 21 07:34:23.176692: | length/value: 3 (0x3) Sep 21 07:34:23.176695: | [3 is OAKLEY_RSA_SIG] Sep 21 07:34:23.176697: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:23.176699: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Sep 21 07:34:23.176702: | length/value: 14 (0xe) Sep 21 07:34:23.176704: | [14 is OAKLEY_GROUP_MODP2048] Sep 21 07:34:23.176706: | emitting length of ISAKMP Transform Payload (ISAKMP): 32 Sep 21 07:34:23.176709: | *****emit ISAKMP Transform Payload (ISAKMP): Sep 21 07:34:23.176711: | next payload type: ISAKMP_NEXT_T (0x3) Sep 21 07:34:23.176713: | ISAKMP transform number: 15 (0xf) Sep 21 07:34:23.176716: | ISAKMP transform ID: KEY_IKE (0x1) Sep 21 07:34:23.176719: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Sep 21 07:34:23.176721: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Sep 21 07:34:23.176724: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:23.176726: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Sep 21 07:34:23.176728: | length/value: 1 (0x1) Sep 21 07:34:23.176731: | [1 is OAKLEY_LIFE_SECONDS] Sep 21 07:34:23.176733: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:23.176736: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Sep 21 07:34:23.176738: | length/value: 3600 (0xe10) Sep 21 07:34:23.176740: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:23.176743: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Sep 21 07:34:23.176745: | length/value: 5 (0x5) Sep 21 07:34:23.176747: | [5 is OAKLEY_3DES_CBC] Sep 21 07:34:23.176750: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:23.176752: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Sep 21 07:34:23.176755: | length/value: 4 (0x4) Sep 21 07:34:23.176757: | [4 is OAKLEY_SHA2_256] Sep 21 07:34:23.176759: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:23.176762: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Sep 21 07:34:23.176764: | length/value: 3 (0x3) Sep 21 07:34:23.176766: | [3 is OAKLEY_RSA_SIG] Sep 21 07:34:23.176769: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:23.176771: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Sep 21 07:34:23.176773: | length/value: 5 (0x5) Sep 21 07:34:23.176776: | [5 is OAKLEY_GROUP_MODP1536] Sep 21 07:34:23.176778: | emitting length of ISAKMP Transform Payload (ISAKMP): 32 Sep 21 07:34:23.176780: | *****emit ISAKMP Transform Payload (ISAKMP): Sep 21 07:34:23.176786: | next payload type: ISAKMP_NEXT_T (0x3) Sep 21 07:34:23.176791: | ISAKMP transform number: 16 (0x10) Sep 21 07:34:23.176793: | ISAKMP transform ID: KEY_IKE (0x1) Sep 21 07:34:23.176796: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Sep 21 07:34:23.176800: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Sep 21 07:34:23.176803: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:23.176805: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Sep 21 07:34:23.176821: | length/value: 1 (0x1) Sep 21 07:34:23.176824: | [1 is OAKLEY_LIFE_SECONDS] Sep 21 07:34:23.176826: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:23.176829: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Sep 21 07:34:23.176831: | length/value: 3600 (0xe10) Sep 21 07:34:23.176833: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:23.176836: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Sep 21 07:34:23.176838: | length/value: 5 (0x5) Sep 21 07:34:23.176841: | [5 is OAKLEY_3DES_CBC] Sep 21 07:34:23.176843: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:23.176845: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Sep 21 07:34:23.176847: | length/value: 6 (0x6) Sep 21 07:34:23.176850: | [6 is OAKLEY_SHA2_512] Sep 21 07:34:23.176852: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:23.176854: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Sep 21 07:34:23.176857: | length/value: 3 (0x3) Sep 21 07:34:23.176859: | [3 is OAKLEY_RSA_SIG] Sep 21 07:34:23.176861: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:23.176863: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Sep 21 07:34:23.176865: | length/value: 5 (0x5) Sep 21 07:34:23.176868: | [5 is OAKLEY_GROUP_MODP1536] Sep 21 07:34:23.176870: | emitting length of ISAKMP Transform Payload (ISAKMP): 32 Sep 21 07:34:23.176872: | *****emit ISAKMP Transform Payload (ISAKMP): Sep 21 07:34:23.176874: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:23.176877: | ISAKMP transform number: 17 (0x11) Sep 21 07:34:23.176879: | ISAKMP transform ID: KEY_IKE (0x1) Sep 21 07:34:23.176882: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is ISAKMP_NEXT_T (0x3) Sep 21 07:34:23.176885: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Sep 21 07:34:23.176887: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:23.176889: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Sep 21 07:34:23.176892: | length/value: 1 (0x1) Sep 21 07:34:23.176894: | [1 is OAKLEY_LIFE_SECONDS] Sep 21 07:34:23.176896: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:23.176899: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Sep 21 07:34:23.176901: | length/value: 3600 (0xe10) Sep 21 07:34:23.176903: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:23.176906: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Sep 21 07:34:23.176908: | length/value: 5 (0x5) Sep 21 07:34:23.176910: | [5 is OAKLEY_3DES_CBC] Sep 21 07:34:23.176913: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:23.176915: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Sep 21 07:34:23.176917: | length/value: 2 (0x2) Sep 21 07:34:23.176919: | [2 is OAKLEY_SHA1] Sep 21 07:34:23.176922: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:23.176924: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Sep 21 07:34:23.176926: | length/value: 3 (0x3) Sep 21 07:34:23.176929: | [3 is OAKLEY_RSA_SIG] Sep 21 07:34:23.176931: | ******emit ISAKMP Oakley attribute: Sep 21 07:34:23.176933: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Sep 21 07:34:23.176935: | length/value: 5 (0x5) Sep 21 07:34:23.176938: | [5 is OAKLEY_GROUP_MODP1536] Sep 21 07:34:23.176940: | emitting length of ISAKMP Transform Payload (ISAKMP): 32 Sep 21 07:34:23.176942: | emitting length of ISAKMP Proposal Payload: 632 Sep 21 07:34:23.176945: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is 0 Sep 21 07:34:23.176948: | emitting length of ISAKMP Security Association Payload: 644 Sep 21 07:34:23.176953: | last substructure: checking 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' is 0 Sep 21 07:34:23.176957: | out_vid(): sending [FRAGMENTATION] Sep 21 07:34:23.176960: | ***emit ISAKMP Vendor ID Payload: Sep 21 07:34:23.176962: | next payload type: ISAKMP_NEXT_VID (0xd) Sep 21 07:34:23.176965: | next payload chain: ignoring supplied 'ISAKMP Vendor ID Payload'.'next payload type' value 13:ISAKMP_NEXT_VID Sep 21 07:34:23.176968: | next payload chain: setting previous 'ISAKMP Security Association Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) Sep 21 07:34:23.176971: | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' Sep 21 07:34:23.176974: | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload Sep 21 07:34:23.176977: | V_ID 40 48 b7 d5 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3 Sep 21 07:34:23.176979: | emitting length of ISAKMP Vendor ID Payload: 20 Sep 21 07:34:23.176981: | out_vid(): sending [Dead Peer Detection] Sep 21 07:34:23.176984: | ***emit ISAKMP Vendor ID Payload: Sep 21 07:34:23.176986: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:23.176989: | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) Sep 21 07:34:23.176992: | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' Sep 21 07:34:23.176994: | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload Sep 21 07:34:23.176996: | V_ID af ca d7 13 68 a1 f1 c9 6b 86 96 fc 77 57 01 00 Sep 21 07:34:23.176999: | emitting length of ISAKMP Vendor ID Payload: 20 Sep 21 07:34:23.177001: | nat add vid Sep 21 07:34:23.177003: | sending draft and RFC NATT VIDs Sep 21 07:34:23.177005: | out_vid(): sending [RFC 3947] Sep 21 07:34:23.177008: | ***emit ISAKMP Vendor ID Payload: Sep 21 07:34:23.177010: | next payload type: ISAKMP_NEXT_VID (0xd) Sep 21 07:34:23.177013: | next payload chain: ignoring supplied 'ISAKMP Vendor ID Payload'.'next payload type' value 13:ISAKMP_NEXT_VID Sep 21 07:34:23.177016: | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) Sep 21 07:34:23.177018: | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' Sep 21 07:34:23.177021: | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload Sep 21 07:34:23.177023: | V_ID 4a 13 1c 81 07 03 58 45 5c 57 28 f2 0e 95 45 2f Sep 21 07:34:23.177025: | emitting length of ISAKMP Vendor ID Payload: 20 Sep 21 07:34:23.177027: | skipping VID_NATT_RFC Sep 21 07:34:23.177030: | out_vid(): sending [draft-ietf-ipsec-nat-t-ike-03] Sep 21 07:34:23.177032: | ***emit ISAKMP Vendor ID Payload: Sep 21 07:34:23.177034: | next payload type: ISAKMP_NEXT_VID (0xd) Sep 21 07:34:23.177037: | next payload chain: ignoring supplied 'ISAKMP Vendor ID Payload'.'next payload type' value 13:ISAKMP_NEXT_VID Sep 21 07:34:23.177040: | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) Sep 21 07:34:23.177043: | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' Sep 21 07:34:23.177045: | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload Sep 21 07:34:23.177048: | V_ID 7d 94 19 a6 53 10 ca 6f 2c 17 9d 92 15 52 9d 56 Sep 21 07:34:23.177050: | emitting length of ISAKMP Vendor ID Payload: 20 Sep 21 07:34:23.177052: | out_vid(): sending [draft-ietf-ipsec-nat-t-ike-02_n] Sep 21 07:34:23.177055: | ***emit ISAKMP Vendor ID Payload: Sep 21 07:34:23.177057: | next payload type: ISAKMP_NEXT_VID (0xd) Sep 21 07:34:23.177060: | next payload chain: ignoring supplied 'ISAKMP Vendor ID Payload'.'next payload type' value 13:ISAKMP_NEXT_VID Sep 21 07:34:23.177063: | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) Sep 21 07:34:23.177067: | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' Sep 21 07:34:23.177069: | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload Sep 21 07:34:23.177072: | V_ID 90 cb 80 91 3e bb 69 6e 08 63 81 b5 ec 42 7b 1f Sep 21 07:34:23.177074: | emitting length of ISAKMP Vendor ID Payload: 20 Sep 21 07:34:23.177076: | out_vid(): sending [draft-ietf-ipsec-nat-t-ike-02] Sep 21 07:34:23.177079: | ***emit ISAKMP Vendor ID Payload: Sep 21 07:34:23.177081: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:23.177084: | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) Sep 21 07:34:23.177086: | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' Sep 21 07:34:23.177089: | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload Sep 21 07:34:23.177091: | V_ID cd 60 46 43 35 df 21 f8 7c fd b2 fc 68 b6 a4 48 Sep 21 07:34:23.177094: | emitting length of ISAKMP Vendor ID Payload: 20 Sep 21 07:34:23.177096: | no IKEv1 message padding required Sep 21 07:34:23.177098: | emitting length of ISAKMP Message: 792 Sep 21 07:34:23.177106: | sending 792 bytes for reply packet for main_outI1 through eth1 from 192.1.3.33:500 to 192.1.2.23:500 (using #8) Sep 21 07:34:23.177108: | 5c 28 90 84 0d 9c 57 5c 00 00 00 00 00 00 00 00 Sep 21 07:34:23.177111: | 01 10 02 00 00 00 00 00 00 00 03 18 0d 00 02 84 Sep 21 07:34:23.177113: | 00 00 00 01 00 00 00 01 00 00 02 78 00 01 00 12 Sep 21 07:34:23.177115: | 03 00 00 24 00 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:34:23.177117: | 80 01 00 07 80 02 00 04 80 03 00 03 80 04 00 0e Sep 21 07:34:23.177119: | 80 0e 01 00 03 00 00 24 01 01 00 00 80 0b 00 01 Sep 21 07:34:23.177121: | 80 0c 0e 10 80 01 00 07 80 02 00 04 80 03 00 03 Sep 21 07:34:23.177124: | 80 04 00 0e 80 0e 00 80 03 00 00 24 02 01 00 00 Sep 21 07:34:23.177126: | 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 06 Sep 21 07:34:23.177128: | 80 03 00 03 80 04 00 0e 80 0e 01 00 03 00 00 24 Sep 21 07:34:23.177130: | 03 01 00 00 80 0b 00 01 80 0c 0e 10 80 01 00 07 Sep 21 07:34:23.177132: | 80 02 00 06 80 03 00 03 80 04 00 0e 80 0e 00 80 Sep 21 07:34:23.177135: | 03 00 00 24 04 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:34:23.177137: | 80 01 00 07 80 02 00 02 80 03 00 03 80 04 00 0e Sep 21 07:34:23.177139: | 80 0e 01 00 03 00 00 24 05 01 00 00 80 0b 00 01 Sep 21 07:34:23.177141: | 80 0c 0e 10 80 01 00 07 80 02 00 02 80 03 00 03 Sep 21 07:34:23.177144: | 80 04 00 0e 80 0e 00 80 03 00 00 24 06 01 00 00 Sep 21 07:34:23.177146: | 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 04 Sep 21 07:34:23.177148: | 80 03 00 03 80 04 00 05 80 0e 01 00 03 00 00 24 Sep 21 07:34:23.177150: | 07 01 00 00 80 0b 00 01 80 0c 0e 10 80 01 00 07 Sep 21 07:34:23.177152: | 80 02 00 04 80 03 00 03 80 04 00 05 80 0e 00 80 Sep 21 07:34:23.177155: | 03 00 00 24 08 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:34:23.177157: | 80 01 00 07 80 02 00 06 80 03 00 03 80 04 00 05 Sep 21 07:34:23.177159: | 80 0e 01 00 03 00 00 24 09 01 00 00 80 0b 00 01 Sep 21 07:34:23.177161: | 80 0c 0e 10 80 01 00 07 80 02 00 06 80 03 00 03 Sep 21 07:34:23.177163: | 80 04 00 05 80 0e 00 80 03 00 00 24 0a 01 00 00 Sep 21 07:34:23.177166: | 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 02 Sep 21 07:34:23.177168: | 80 03 00 03 80 04 00 05 80 0e 01 00 03 00 00 24 Sep 21 07:34:23.177170: | 0b 01 00 00 80 0b 00 01 80 0c 0e 10 80 01 00 07 Sep 21 07:34:23.177172: | 80 02 00 02 80 03 00 03 80 04 00 05 80 0e 00 80 Sep 21 07:34:23.177175: | 03 00 00 20 0c 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:34:23.177177: | 80 01 00 05 80 02 00 04 80 03 00 03 80 04 00 0e Sep 21 07:34:23.177179: | 03 00 00 20 0d 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:34:23.177181: | 80 01 00 05 80 02 00 06 80 03 00 03 80 04 00 0e Sep 21 07:34:23.177185: | 03 00 00 20 0e 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:34:23.177187: | 80 01 00 05 80 02 00 02 80 03 00 03 80 04 00 0e Sep 21 07:34:23.177189: | 03 00 00 20 0f 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:34:23.177192: | 80 01 00 05 80 02 00 04 80 03 00 03 80 04 00 05 Sep 21 07:34:23.177194: | 03 00 00 20 10 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:34:23.177196: | 80 01 00 05 80 02 00 06 80 03 00 03 80 04 00 05 Sep 21 07:34:23.177198: | 00 00 00 20 11 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:34:23.177200: | 80 01 00 05 80 02 00 02 80 03 00 03 80 04 00 05 Sep 21 07:34:23.177202: | 0d 00 00 14 40 48 b7 d5 6e bc e8 85 25 e7 de 7f Sep 21 07:34:23.177205: | 00 d6 c2 d3 0d 00 00 14 af ca d7 13 68 a1 f1 c9 Sep 21 07:34:23.177207: | 6b 86 96 fc 77 57 01 00 0d 00 00 14 4a 13 1c 81 Sep 21 07:34:23.177209: | 07 03 58 45 5c 57 28 f2 0e 95 45 2f 0d 00 00 14 Sep 21 07:34:23.177211: | 7d 94 19 a6 53 10 ca 6f 2c 17 9d 92 15 52 9d 56 Sep 21 07:34:23.177213: | 0d 00 00 14 90 cb 80 91 3e bb 69 6e 08 63 81 b5 Sep 21 07:34:23.177216: | ec 42 7b 1f 00 00 00 14 cd 60 46 43 35 df 21 f8 Sep 21 07:34:23.177218: | 7c fd b2 fc 68 b6 a4 48 Sep 21 07:34:23.177256: | event_schedule: new EVENT_RETRANSMIT-pe@0x55dbe1bfc260 Sep 21 07:34:23.177261: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #8 Sep 21 07:34:23.177264: | libevent_malloc: new ptr-libevent@0x7fdad0007470 size 128 Sep 21 07:34:23.177269: | #8 STATE_MAIN_I1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 49909.545519 Sep 21 07:34:23.177275: | #8 spent 1.97 milliseconds in main_outI1() Sep 21 07:34:23.177280: | stop processing: state #8 connection "north-a-dpd" from 192.1.2.23:500 (in main_outI1() at ikev1_main.c:228) Sep 21 07:34:23.177283: | event_schedule: new EVENT_SA_EXPIRE-pe@0x55dbe1c04980 Sep 21 07:34:23.177286: | inserting event EVENT_SA_EXPIRE, timeout in 0 seconds for #7 Sep 21 07:34:23.177289: | libevent_malloc: new ptr-libevent@0x7fdac4004f00 size 128 Sep 21 07:34:23.177293: | libevent_free: release ptr-libevent@0x7fdad40050d0 Sep 21 07:34:23.177295: | free_event_entry: release EVENT_SA_REPLACE-pe@0x55dbe1bf6490 Sep 21 07:34:23.177299: | #7 spent 2.01 milliseconds in timer_event_cb() EVENT_SA_REPLACE Sep 21 07:34:23.177302: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Sep 21 07:34:23.177305: | timer_event_cb: processing event@0x7fdac8002b20 Sep 21 07:34:23.177308: | handling event EVENT_SA_REPLACE for child state #6 Sep 21 07:34:23.177313: | start processing: state #6 connection "northnet-eastnet-b" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:34:23.177316: | picked newest_ipsec_sa #0 for #6 Sep 21 07:34:23.177319: | replacing stale IPsec SA Sep 21 07:34:23.177322: | dup_any(fd@-1) -> fd@-1 (in ipsecdoi_replace() at ipsec_doi.c:351) Sep 21 07:34:23.177325: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:34:23.177330: | Queuing pending IPsec SA negotiating with 192.1.2.23 "northnet-eastnet-b" IKE SA #8 "north-a-dpd" Sep 21 07:34:23.177333: | event_schedule: new EVENT_SA_EXPIRE-pe@0x55dbe1bf6490 Sep 21 07:34:23.177336: | inserting event EVENT_SA_EXPIRE, timeout in 0 seconds for #6 Sep 21 07:34:23.177339: | libevent_malloc: new ptr-libevent@0x7fdad40050d0 size 128 Sep 21 07:34:23.177341: | libevent_free: release ptr-libevent@0x7fdad80030d0 Sep 21 07:34:23.177344: | free_event_entry: release EVENT_SA_REPLACE-pe@0x7fdac8002b20 Sep 21 07:34:23.177348: | #6 spent 0.0419 milliseconds in timer_event_cb() EVENT_SA_REPLACE Sep 21 07:34:23.177353: | stop processing: state #6 connection "northnet-eastnet-b" from 192.1.2.23:500 (in timer_event_cb() at timer.c:557) Sep 21 07:34:23.177355: | processing global timer EVENT_REVIVE_CONNS Sep 21 07:34:23.177358: Initiating connection northnet-eastnet-b which received a Delete/Notify but must remain up per local policy Sep 21 07:34:23.177361: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:34:23.177367: | start processing: connection "northnet-eastnet-b" (in initiate_a_connection() at initiate.c:186) Sep 21 07:34:23.177370: | empty esp_info, returning defaults for ENCRYPT Sep 21 07:34:23.177374: | connection 'northnet-eastnet-b' +POLICY_UP Sep 21 07:34:23.177376: | dup_any(fd@-1) -> fd@-1 (in initiate_a_connection() at initiate.c:342) Sep 21 07:34:23.177379: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:34:23.177383: | Ignored already queued up pending IPsec SA negotiation with 192.1.2.23 "northnet-eastnet-b" Sep 21 07:34:23.177386: | stop processing: connection "northnet-eastnet-b" (in initiate_a_connection() at initiate.c:349) Sep 21 07:34:23.177390: | spent 0.0306 milliseconds in global timer EVENT_REVIVE_CONNS Sep 21 07:34:23.177396: | timer_event_cb: processing event@0x55dbe1c04980 Sep 21 07:34:23.177399: | handling event EVENT_SA_EXPIRE for child state #7 Sep 21 07:34:23.177403: | start processing: state #7 connection "north-a-dpd" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:34:23.177406: | picked newest_ipsec_sa #0 for #7 Sep 21 07:34:23.177408: | un-established partial CHILD SA timeout (SA expired) Sep 21 07:34:23.177411: | pstats #7 ikev1.ipsec failed exchange-timeout Sep 21 07:34:23.177414: | pstats #7 ikev1.ipsec deleted exchange-timeout Sep 21 07:34:23.177418: | [RE]START processing: state #7 connection "north-a-dpd" from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:34:23.177422: "north-a-dpd" #7: deleting state (STATE_QUICK_I1) aged 0.013s and NOT sending notification Sep 21 07:34:23.177425: | child state #7: QUICK_I1(established CHILD SA) => delete Sep 21 07:34:23.177428: | child state #7: QUICK_I1(established CHILD SA) => CHILDSA_DEL(informational) Sep 21 07:34:23.177431: | priority calculation of connection "north-a-dpd" is 0xfe7e7 Sep 21 07:34:23.177439: | delete inbound eroute 192.0.22.0/24:0 --0-> 192.0.3.0/24:0 => unk255.10000@192.1.3.33 (raw_eroute) Sep 21 07:34:23.177455: | raw_eroute result=success Sep 21 07:34:23.177458: | in connection_discard for connection north-a-dpd Sep 21 07:34:23.177461: | State DB: deleting IKEv1 state #7 in CHILDSA_DEL Sep 21 07:34:23.177464: | child state #7: CHILDSA_DEL(informational) => UNDEFINED(ignore) Sep 21 07:34:23.177469: | stop processing: state #7 from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:34:23.177473: | libevent_free: release ptr-libevent@0x7fdac4004f00 Sep 21 07:34:23.177476: | free_event_entry: release EVENT_SA_EXPIRE-pe@0x55dbe1c04980 Sep 21 07:34:23.177478: | in statetime_stop() and could not find #7 Sep 21 07:34:23.177481: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Sep 21 07:34:23.177484: | timer_event_cb: processing event@0x55dbe1bf6490 Sep 21 07:34:23.177487: | handling event EVENT_SA_EXPIRE for child state #6 Sep 21 07:34:23.177491: | start processing: state #6 connection "northnet-eastnet-b" from 192.1.2.23:500 (in timer_event_cb() at timer.c:250) Sep 21 07:34:23.177494: | picked newest_ipsec_sa #0 for #6 Sep 21 07:34:23.177496: | un-established partial CHILD SA timeout (SA expired) Sep 21 07:34:23.177498: | pstats #6 ikev1.ipsec failed exchange-timeout Sep 21 07:34:23.177501: | pstats #6 ikev1.ipsec deleted exchange-timeout Sep 21 07:34:23.177505: | [RE]START processing: state #6 connection "northnet-eastnet-b" from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:34:23.177508: "northnet-eastnet-b" #6: deleting state (STATE_QUICK_I1) aged 0.026s and NOT sending notification Sep 21 07:34:23.177511: | child state #6: QUICK_I1(established CHILD SA) => delete Sep 21 07:34:23.177514: | child state #6: QUICK_I1(established CHILD SA) => CHILDSA_DEL(informational) Sep 21 07:34:23.177517: | priority calculation of connection "northnet-eastnet-b" is 0xfe7e7 Sep 21 07:34:23.177523: | delete inbound eroute 192.0.2.0/24:0 --0-> 192.0.3.0/24:0 => unk255.10000@192.1.3.33 (raw_eroute) Sep 21 07:34:23.177532: | raw_eroute result=success Sep 21 07:34:23.177535: | in connection_discard for connection northnet-eastnet-b Sep 21 07:34:23.177537: | State DB: deleting IKEv1 state #6 in CHILDSA_DEL Sep 21 07:34:23.177542: | child state #6: CHILDSA_DEL(informational) => UNDEFINED(ignore) Sep 21 07:34:23.177556: | stop processing: state #6 from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:34:23.177567: | libevent_free: release ptr-libevent@0x7fdad40050d0 Sep 21 07:34:23.177570: | free_event_entry: release EVENT_SA_EXPIRE-pe@0x55dbe1bf6490 Sep 21 07:34:23.177573: | in statetime_stop() and could not find #6 Sep 21 07:34:23.177575: | processing: STOP state #0 (in timer_event_cb() at timer.c:557) Sep 21 07:34:23.611628: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:34:23.611649: shutting down Sep 21 07:34:23.611657: | processing: RESET whack log_fd (was fd@16) (in exit_pluto() at plutomain.c:1825) Sep 21 07:34:23.611660: | pluto_sd: executing action action: stopping(6), status 0 Sep 21 07:34:23.611664: destroying root certificate cache Sep 21 07:34:23.611682: | certs and keys locked by 'free_preshared_secrets' Sep 21 07:34:23.611684: forgetting secrets Sep 21 07:34:23.611689: | certs and keys unlocked by 'free_preshared_secrets' Sep 21 07:34:23.611697: | unreference key: 0x55dbe1bfbbc0 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org cnt 1-- Sep 21 07:34:23.611700: | unreference key: 0x55dbe1bfb860 user-east@testing.libreswan.org cnt 1-- Sep 21 07:34:23.611703: | unreference key: 0x55dbe1bfb550 @east.testing.libreswan.org cnt 1-- Sep 21 07:34:23.611706: | unreference key: 0x55dbe1bfb170 east@testing.libreswan.org cnt 1-- Sep 21 07:34:23.611709: | unreference key: 0x55dbe1bf5730 192.1.2.23 cnt 1-- Sep 21 07:34:23.611715: | unreference key: 0x55dbe1bf6380 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org cnt 1-- Sep 21 07:34:23.611717: | unreference key: 0x55dbe1bf5f40 user-north@testing.libreswan.org cnt 1-- Sep 21 07:34:23.611720: | unreference key: 0x55dbe1bf18f0 @north.testing.libreswan.org cnt 1-- Sep 21 07:34:23.611723: | start processing: connection "northnet-eastnet-b" (in delete_connection() at connections.c:189) Sep 21 07:34:23.611725: | removing pending policy for no connection {0x55dbe1c04500} Sep 21 07:34:23.611727: | Deleting states for connection - including all other IPsec SA's of this IKE SA Sep 21 07:34:23.611729: | pass 0 Sep 21 07:34:23.611731: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:34:23.611732: | state #8 Sep 21 07:34:23.611734: | pass 1 Sep 21 07:34:23.611736: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:34:23.611737: | state #8 Sep 21 07:34:23.611742: | shunt_eroute() called for connection 'northnet-eastnet-b' to 'delete' for rt_kind 'unrouted' using protoports 192.0.3.0/24:0 --0->- 192.0.2.0/24:0 Sep 21 07:34:23.611746: | netlink_shunt_eroute for proto 0, and source 192.0.3.0/24:0 dest 192.0.2.0/24:0 Sep 21 07:34:23.611748: | priority calculation of connection "northnet-eastnet-b" is 0xfe7e7 Sep 21 07:34:23.611797: | priority calculation of connection "northnet-eastnet-b" is 0xfe7e7 Sep 21 07:34:23.611809: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:34:23.611812: | conn northnet-eastnet-b mark 0/00000000, 0/00000000 vs Sep 21 07:34:23.611814: | conn northnet-eastnet-b mark 0/00000000, 0/00000000 Sep 21 07:34:23.611815: | conn northnet-eastnet-b mark 0/00000000, 0/00000000 vs Sep 21 07:34:23.611817: | conn north-a-dpd mark 0/00000000, 0/00000000 Sep 21 07:34:23.611820: | route owner of "northnet-eastnet-b" unrouted: NULL Sep 21 07:34:23.611822: | running updown command "ipsec _updown" for verb unroute Sep 21 07:34:23.611823: | command executing unroute-client Sep 21 07:34:23.611849: | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet-b' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO Sep 21 07:34:23.611854: | popen cmd is 1277 chars long Sep 21 07:34:23.611856: | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastn: Sep 21 07:34:23.611858: | cmd( 80):et-b' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' : Sep 21 07:34:23.611860: | cmd( 160):PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=no: Sep 21 07:34:23.611861: | cmd( 240):rth.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT=': Sep 21 07:34:23.611863: | cmd( 320):192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.: Sep 21 07:34:23.611865: | cmd( 400):0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE=: Sep 21 07:34:23.611866: | cmd( 480):'none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Lib: Sep 21 07:34:23.611868: | cmd( 560):reswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.l: Sep 21 07:34:23.611869: | cmd( 640):ibreswan.org' PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0': Sep 21 07:34:23.611871: | cmd( 720): PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL=: Sep 21 07:34:23.611873: | cmd( 800):'0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='R: Sep 21 07:34:23.611874: | cmd( 880):SASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO: Sep 21 07:34:23.611876: | cmd( 960):_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_P: Sep 21 07:34:23.611877: | cmd(1040):EER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER: Sep 21 07:34:23.611879: | cmd(1120):='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE=: Sep 21 07:34:23.611881: | cmd(1200):'' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&1: Sep 21 07:34:23.620041: "northnet-eastnet-b": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:23.620055: "northnet-eastnet-b": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:23.620057: "northnet-eastnet-b": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:23.620061: "northnet-eastnet-b": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:23.620062: "northnet-eastnet-b": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:23.620064: "northnet-eastnet-b": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:23.620115: "northnet-eastnet-b": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:23.620121: "northnet-eastnet-b": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:23.620123: "northnet-eastnet-b": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:23.620124: "northnet-eastnet-b": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:23.620127: "northnet-eastnet-b": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:23.620129: "northnet-eastnet-b": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:23.620180: "northnet-eastnet-b": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:23.620189: "northnet-eastnet-b": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:23.620191: "northnet-eastnet-b": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:23.620192: "northnet-eastnet-b": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:23.620195: "northnet-eastnet-b": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:23.620197: "northnet-eastnet-b": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:23.620210: "northnet-eastnet-b": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:23.620215: "northnet-eastnet-b": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:23.620227: "northnet-eastnet-b": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:23.620239: "northnet-eastnet-b": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:23.620251: "northnet-eastnet-b": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:23.620262: "northnet-eastnet-b": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:23.620273: "northnet-eastnet-b": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:23.620284: "northnet-eastnet-b": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:23.620296: "northnet-eastnet-b": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:23.620309: "northnet-eastnet-b": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:23.620320: "northnet-eastnet-b": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:23.620331: "northnet-eastnet-b": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:23.620343: "northnet-eastnet-b": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:23.620355: "northnet-eastnet-b": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:23.620367: "northnet-eastnet-b": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:23.620378: "northnet-eastnet-b": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:23.620574: "northnet-eastnet-b": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:23.620586: "northnet-eastnet-b": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:23.620598: "northnet-eastnet-b": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:23.624853: | flush revival: connection 'northnet-eastnet-b' wasn't on the list Sep 21 07:34:23.624867: | stop processing: connection "northnet-eastnet-b" (in discard_connection() at connections.c:249) Sep 21 07:34:23.624874: | start processing: connection "north-a-dpd" (in delete_connection() at connections.c:189) Sep 21 07:34:23.624876: | removing pending policy for no connection {0x55dbe1bfe0b0} Sep 21 07:34:23.624879: | Deleting states for connection - including all other IPsec SA's of this IKE SA Sep 21 07:34:23.624880: | pass 0 Sep 21 07:34:23.624882: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:34:23.624884: | state #8 Sep 21 07:34:23.624886: | suspend processing: connection "north-a-dpd" (in foreach_state_by_connection_func_delete() at state.c:1310) Sep 21 07:34:23.624890: | start processing: state #8 connection "north-a-dpd" from 192.1.2.23:500 (in foreach_state_by_connection_func_delete() at state.c:1310) Sep 21 07:34:23.624893: | pstats #8 ikev1.isakmp deleted other Sep 21 07:34:23.624895: | [RE]START processing: state #8 connection "north-a-dpd" from 192.1.2.23:500 (in delete_state() at state.c:879) Sep 21 07:34:23.624898: "north-a-dpd" #8: deleting state (STATE_MAIN_I1) aged 0.449s and NOT sending notification Sep 21 07:34:23.624901: | parent state #8: MAIN_I1(half-open IKE SA) => delete Sep 21 07:34:23.624965: | state #8 requesting EVENT_RETRANSMIT to be deleted Sep 21 07:34:23.624972: | #8 STATE_MAIN_I1: retransmits: cleared Sep 21 07:34:23.624976: | libevent_free: release ptr-libevent@0x7fdad0007470 Sep 21 07:34:23.624979: | free_event_entry: release EVENT_RETRANSMIT-pe@0x55dbe1bfc260 Sep 21 07:34:23.624981: | State DB: IKEv1 state not found (flush_incomplete_children) Sep 21 07:34:23.624983: | picked newest_isakmp_sa #0 for #8 Sep 21 07:34:23.624986: "north-a-dpd" #8: deleting IKE SA for connection 'north-a-dpd' but connection is supposed to remain up; schedule EVENT_REVIVE_CONNS Sep 21 07:34:23.624988: | add revival: connection 'north-a-dpd' added to the list and scheduled for 0 seconds Sep 21 07:34:23.624990: | global one-shot timer EVENT_REVIVE_CONNS scheduled in 0 seconds Sep 21 07:34:23.624994: | stop processing: connection "north-a-dpd" (BACKGROUND) (in update_state_connection() at connections.c:4037) Sep 21 07:34:23.624996: | start processing: connection NULL (in update_state_connection() at connections.c:4038) Sep 21 07:34:23.624998: | in connection_discard for connection north-a-dpd Sep 21 07:34:23.625000: | State DB: deleting IKEv1 state #8 in MAIN_I1 Sep 21 07:34:23.625002: | parent state #8: MAIN_I1(half-open IKE SA) => UNDEFINED(ignore) Sep 21 07:34:23.625006: | stop processing: state #8 from 192.1.2.23:500 (in delete_state() at state.c:1143) Sep 21 07:34:23.625008: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) Sep 21 07:34:23.625010: | pass 1 Sep 21 07:34:23.625011: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:34:23.625016: | shunt_eroute() called for connection 'north-a-dpd' to 'delete' for rt_kind 'unrouted' using protoports 192.0.3.0/24:0 --0->- 192.0.22.0/24:0 Sep 21 07:34:23.625019: | netlink_shunt_eroute for proto 0, and source 192.0.3.0/24:0 dest 192.0.22.0/24:0 Sep 21 07:34:23.625021: | priority calculation of connection "north-a-dpd" is 0xfe7e7 Sep 21 07:34:23.625054: | priority calculation of connection "north-a-dpd" is 0xfe7e7 Sep 21 07:34:23.625062: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:34:23.625064: | conn north-a-dpd mark 0/00000000, 0/00000000 vs Sep 21 07:34:23.625066: | conn north-a-dpd mark 0/00000000, 0/00000000 Sep 21 07:34:23.625068: | route owner of "north-a-dpd" unrouted: NULL Sep 21 07:34:23.625070: | running updown command "ipsec _updown" for verb unroute Sep 21 07:34:23.625072: | command executing unroute-client Sep 21 07:34:23.625097: | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-a-dpd' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN Sep 21 07:34:23.625099: | popen cmd is 1272 chars long Sep 21 07:34:23.625101: | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='north-a-dpd' P: Sep 21 07:34:23.625103: | cmd( 80):LUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.3.254' PLUTO_ME='192.1.3.33' PLUTO_M: Sep 21 07:34:23.625105: | cmd( 160):Y_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.tes: Sep 21 07:34:23.625106: | cmd( 240):ting.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.3: Sep 21 07:34:23.625108: | cmd( 320):.0/24' PLUTO_MY_CLIENT_NET='192.0.3.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUT: Sep 21 07:34:23.625111: | cmd( 400):O_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' : Sep 21 07:34:23.625113: | cmd( 480):PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan,: Sep 21 07:34:23.625114: | cmd( 560): OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswa: Sep 21 07:34:23.625116: | cmd( 640):n.org' PLUTO_PEER_CLIENT='192.0.22.0/24' PLUTO_PEER_CLIENT_NET='192.0.22.0' PLUT: Sep 21 07:34:23.625118: | cmd( 720):O_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' P: Sep 21 07:34:23.625119: | cmd( 800):LUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG: Sep 21 07:34:23.625121: | cmd( 880):+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN: Sep 21 07:34:23.625122: | cmd( 960):_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_C: Sep 21 07:34:23.625124: | cmd(1040):ISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' P: Sep 21 07:34:23.625126: | cmd(1120):LUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VT: Sep 21 07:34:23.625140: | cmd(1200):I_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&1: Sep 21 07:34:23.633332: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:23.633346: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:23.633348: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:23.633356: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:23.633423: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:23.633429: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:23.633431: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:23.633433: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:23.633441: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:23.633502: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:23.633505: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:23.633506: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:23.633513: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:23.633526: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:23.633538: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:23.633550: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:23.633563: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:23.633575: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:23.633586: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:23.633598: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:23.633610: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:23.633623: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:23.633635: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:23.633646: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:23.633658: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:23.633669: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:23.633682: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:23.633694: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:23.633706: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:23.633718: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:23.633730: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:23.633743: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:23.633754: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:23.633766: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:23.634005: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:23.634015: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:23.634093: unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:23.637827: | free hp@0x55dbe1bf5b70 Sep 21 07:34:23.637850: | flush revival: connection 'north-a-dpd' revival flushed Sep 21 07:34:23.637853: | processing: STOP connection NULL (in discard_connection() at connections.c:249) Sep 21 07:34:23.637869: | crl fetch request list locked by 'free_crl_fetch' Sep 21 07:34:23.637871: | crl fetch request list unlocked by 'free_crl_fetch' Sep 21 07:34:23.637881: shutting down interface lo/lo 127.0.0.1:4500 Sep 21 07:34:23.637883: shutting down interface lo/lo 127.0.0.1:500 Sep 21 07:34:23.637885: shutting down interface eth0/eth0 192.0.3.254:4500 Sep 21 07:34:23.637887: shutting down interface eth0/eth0 192.0.3.254:500 Sep 21 07:34:23.637889: shutting down interface eth1/eth1 192.1.3.33:4500 Sep 21 07:34:23.637890: shutting down interface eth1/eth1 192.1.3.33:500 Sep 21 07:34:23.637893: | FOR_EACH_STATE_... in delete_states_dead_interfaces Sep 21 07:34:23.637899: | libevent_free: release ptr-libevent@0x55dbe1bf05f0 Sep 21 07:34:23.637901: | free_event_entry: release EVENT_NULL-pe@0x55dbe1bd9a60 Sep 21 07:34:23.637909: | libevent_free: release ptr-libevent@0x55dbe1bf06e0 Sep 21 07:34:23.637910: | free_event_entry: release EVENT_NULL-pe@0x55dbe1bf06a0 Sep 21 07:34:23.637915: | libevent_free: release ptr-libevent@0x55dbe1bf07d0 Sep 21 07:34:23.637916: | free_event_entry: release EVENT_NULL-pe@0x55dbe1bf0790 Sep 21 07:34:23.637921: | libevent_free: release ptr-libevent@0x55dbe1bf08c0 Sep 21 07:34:23.637922: | free_event_entry: release EVENT_NULL-pe@0x55dbe1bf0880 Sep 21 07:34:23.637926: | libevent_free: release ptr-libevent@0x55dbe1bf09b0 Sep 21 07:34:23.637928: | free_event_entry: release EVENT_NULL-pe@0x55dbe1bf0970 Sep 21 07:34:23.637932: | libevent_free: release ptr-libevent@0x55dbe1bf0aa0 Sep 21 07:34:23.637934: | free_event_entry: release EVENT_NULL-pe@0x55dbe1bf0a60 Sep 21 07:34:23.637937: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Sep 21 07:34:23.638271: | libevent_free: release ptr-libevent@0x55dbe1befdd0 Sep 21 07:34:23.638276: | free_event_entry: release EVENT_NULL-pe@0x55dbe1bd8960 Sep 21 07:34:23.638278: | libevent_free: release ptr-libevent@0x55dbe1be5850 Sep 21 07:34:23.638280: | free_event_entry: release EVENT_NULL-pe@0x55dbe1bd8ba0 Sep 21 07:34:23.638282: | libevent_free: release ptr-libevent@0x55dbe1be57c0 Sep 21 07:34:23.638284: | free_event_entry: release EVENT_NULL-pe@0x55dbe1bde6f0 Sep 21 07:34:23.638286: | global timer EVENT_REINIT_SECRET uninitialized Sep 21 07:34:23.638288: | global timer EVENT_SHUNT_SCAN uninitialized Sep 21 07:34:23.638289: | global timer EVENT_PENDING_DDNS uninitialized Sep 21 07:34:23.638291: | global timer EVENT_PENDING_PHASE2 uninitialized Sep 21 07:34:23.638292: | global timer EVENT_CHECK_CRLS uninitialized Sep 21 07:34:23.638294: | global timer EVENT_REVIVE_CONNS uninitialized Sep 21 07:34:23.638295: | global timer EVENT_FREE_ROOT_CERTS uninitialized Sep 21 07:34:23.638297: | global timer EVENT_RESET_LOG_RATE_LIMIT uninitialized Sep 21 07:34:23.638298: | global timer EVENT_NAT_T_KEEPALIVE uninitialized Sep 21 07:34:23.638302: | libevent_free: release ptr-libevent@0x55dbe1beffb0 Sep 21 07:34:23.638304: | signal event handler PLUTO_SIGCHLD uninstalled Sep 21 07:34:23.638306: | libevent_free: release ptr-libevent@0x55dbe1bf0090 Sep 21 07:34:23.638307: | signal event handler PLUTO_SIGTERM uninstalled Sep 21 07:34:23.638309: | libevent_free: release ptr-libevent@0x55dbe1bf0150 Sep 21 07:34:23.638311: | signal event handler PLUTO_SIGHUP uninstalled Sep 21 07:34:23.638313: | libevent_free: release ptr-libevent@0x55dbe1be4ac0 Sep 21 07:34:23.638314: | signal event handler PLUTO_SIGSYS uninstalled Sep 21 07:34:23.638318: | releasing event base Sep 21 07:34:23.638328: | libevent_free: release ptr-libevent@0x55dbe1bf0210 Sep 21 07:34:23.638330: | libevent_free: release ptr-libevent@0x55dbe1b8d2e0 Sep 21 07:34:23.638333: | libevent_free: release ptr-libevent@0x55dbe1bd3d50 Sep 21 07:34:23.638335: | libevent_free: release ptr-libevent@0x55dbe1bf11f0 Sep 21 07:34:23.638336: | libevent_free: release ptr-libevent@0x55dbe1bd3d70 Sep 21 07:34:23.638338: | libevent_free: release ptr-libevent@0x55dbe1befe60 Sep 21 07:34:23.638339: | libevent_free: release ptr-libevent@0x55dbe1bf0050 Sep 21 07:34:23.638341: | libevent_free: release ptr-libevent@0x55dbe1bd3f10 Sep 21 07:34:23.638342: | libevent_free: release ptr-libevent@0x55dbe1bde650 Sep 21 07:34:23.638344: | libevent_free: release ptr-libevent@0x55dbe1bde630 Sep 21 07:34:23.638345: | libevent_free: release ptr-libevent@0x55dbe1bf0b30 Sep 21 07:34:23.638347: | libevent_free: release ptr-libevent@0x55dbe1bf0a40 Sep 21 07:34:23.638348: | libevent_free: release ptr-libevent@0x55dbe1bf0950 Sep 21 07:34:23.638350: | libevent_free: release ptr-libevent@0x55dbe1bf0860 Sep 21 07:34:23.638351: | libevent_free: release ptr-libevent@0x55dbe1bf0770 Sep 21 07:34:23.638352: | libevent_free: release ptr-libevent@0x55dbe1bf0680 Sep 21 07:34:23.638354: | libevent_free: release ptr-libevent@0x55dbe1bd3e00 Sep 21 07:34:23.638355: | libevent_free: release ptr-libevent@0x55dbe1bf0130 Sep 21 07:34:23.638357: | libevent_free: release ptr-libevent@0x55dbe1bf0070 Sep 21 07:34:23.638358: | libevent_free: release ptr-libevent@0x55dbe1beff90 Sep 21 07:34:23.638360: | libevent_free: release ptr-libevent@0x55dbe1bf01f0 Sep 21 07:34:23.638361: | libevent_free: release ptr-libevent@0x55dbe1befe80 Sep 21 07:34:23.638363: | libevent_free: release ptr-libevent@0x55dbe1bd3d90 Sep 21 07:34:23.638365: | libevent_free: release ptr-libevent@0x55dbe1bd3dc0 Sep 21 07:34:23.638366: | libevent_free: release ptr-libevent@0x55dbe1bd3ab0 Sep 21 07:34:23.638367: | releasing global libevent data Sep 21 07:34:23.638370: | libevent_free: release ptr-libevent@0x55dbe1bd22a0 Sep 21 07:34:23.638371: | libevent_free: release ptr-libevent@0x55dbe1bd22d0 Sep 21 07:34:23.638373: | libevent_free: release ptr-libevent@0x55dbe1bd3a80