Sep 21 07:33:24.136031: FIPS Product: YES Sep 21 07:33:24.136065: FIPS Kernel: NO Sep 21 07:33:24.136068: FIPS Mode: NO Sep 21 07:33:24.136071: NSS DB directory: sql:/etc/ipsec.d Sep 21 07:33:24.136222: Initializing NSS Sep 21 07:33:24.136225: Opening NSS database "sql:/etc/ipsec.d" read-only Sep 21 07:33:24.177601: NSS initialized Sep 21 07:33:24.177612: NSS crypto library initialized Sep 21 07:33:24.177614: FIPS HMAC integrity support [enabled] Sep 21 07:33:24.177616: FIPS mode disabled for pluto daemon Sep 21 07:33:24.232766: FIPS HMAC integrity verification self-test FAILED Sep 21 07:33:24.232882: libcap-ng support [enabled] Sep 21 07:33:24.232893: Linux audit support [enabled] Sep 21 07:33:24.232914: Linux audit activated Sep 21 07:33:24.232917: Starting Pluto (Libreswan Version v3.28-827-gc9aa82b8a6-master-s2 XFRM(netkey) esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) DNSSEC SYSTEMD_WATCHDOG FIPS_CHECK LABELED_IPSEC SECCOMP LIBCAP_NG LINUX_AUDIT XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:18300 Sep 21 07:33:24.232918: core dump dir: /tmp Sep 21 07:33:24.232920: secrets file: /etc/ipsec.secrets Sep 21 07:33:24.232921: leak-detective disabled Sep 21 07:33:24.232922: NSS crypto [enabled] Sep 21 07:33:24.232924: XAUTH PAM support [enabled] Sep 21 07:33:24.232978: | libevent is using pluto's memory allocator Sep 21 07:33:24.232983: Initializing libevent in pthreads mode: headers: 2.1.8-stable (2010800); library: 2.1.8-stable (2010800) Sep 21 07:33:24.232994: | libevent_malloc: new ptr-libevent@0x5609748473c0 size 40 Sep 21 07:33:24.232996: | libevent_malloc: new ptr-libevent@0x5609748473f0 size 40 Sep 21 07:33:24.232998: | libevent_malloc: new ptr-libevent@0x560974848ba0 size 40 Sep 21 07:33:24.232999: | creating event base Sep 21 07:33:24.233001: | libevent_malloc: new ptr-libevent@0x560974848b60 size 56 Sep 21 07:33:24.233003: | libevent_malloc: new ptr-libevent@0x560974848bd0 size 664 Sep 21 07:33:24.233013: | libevent_malloc: new ptr-libevent@0x560974848e70 size 24 Sep 21 07:33:24.233016: | libevent_malloc: new ptr-libevent@0x560974802400 size 384 Sep 21 07:33:24.233023: | libevent_malloc: new ptr-libevent@0x560974848e90 size 16 Sep 21 07:33:24.233025: | libevent_malloc: new ptr-libevent@0x560974848eb0 size 40 Sep 21 07:33:24.233026: | libevent_malloc: new ptr-libevent@0x560974848ee0 size 48 Sep 21 07:33:24.233031: | libevent_realloc: new ptr-libevent@0x560974848f20 size 256 Sep 21 07:33:24.233032: | libevent_malloc: new ptr-libevent@0x560974849030 size 16 Sep 21 07:33:24.233036: | libevent_free: release ptr-libevent@0x560974848b60 Sep 21 07:33:24.233039: | libevent initialized Sep 21 07:33:24.233041: | libevent_realloc: new ptr-libevent@0x560974849050 size 64 Sep 21 07:33:24.233043: | global periodic timer EVENT_RESET_LOG_RATE_LIMIT enabled with interval of 3600 seconds Sep 21 07:33:24.233054: | init_nat_traversal() initialized with keep_alive=0s Sep 21 07:33:24.233056: NAT-Traversal support [enabled] Sep 21 07:33:24.233058: | global one-shot timer EVENT_NAT_T_KEEPALIVE initialized Sep 21 07:33:24.233062: | global one-shot timer EVENT_FREE_ROOT_CERTS initialized Sep 21 07:33:24.233067: | global periodic timer EVENT_REINIT_SECRET enabled with interval of 3600 seconds Sep 21 07:33:24.233096: | global one-shot timer EVENT_REVIVE_CONNS initialized Sep 21 07:33:24.233098: | global periodic timer EVENT_PENDING_DDNS enabled with interval of 60 seconds Sep 21 07:33:24.233100: | global periodic timer EVENT_PENDING_PHASE2 enabled with interval of 120 seconds Sep 21 07:33:24.233133: Encryption algorithms: Sep 21 07:33:24.233140: AES_CCM_16 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm, aes_ccm_c Sep 21 07:33:24.233142: AES_CCM_12 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_b Sep 21 07:33:24.233144: AES_CCM_8 IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_ccm_a Sep 21 07:33:24.233146: 3DES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS [*192] 3des Sep 21 07:33:24.233148: CAMELLIA_CTR IKEv1: ESP IKEv2: ESP {256,192,*128} Sep 21 07:33:24.233155: CAMELLIA_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} camellia Sep 21 07:33:24.233157: AES_GCM_16 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm, aes_gcm_c Sep 21 07:33:24.233159: AES_GCM_12 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_b Sep 21 07:33:24.233161: AES_GCM_8 IKEv1: ESP IKEv2: IKE ESP FIPS {256,192,*128} aes_gcm_a Sep 21 07:33:24.233163: AES_CTR IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aesctr Sep 21 07:33:24.233166: AES_CBC IKEv1: IKE ESP IKEv2: IKE ESP FIPS {256,192,*128} aes Sep 21 07:33:24.233168: SERPENT_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} serpent Sep 21 07:33:24.233170: TWOFISH_CBC IKEv1: IKE ESP IKEv2: IKE ESP {256,192,*128} twofish Sep 21 07:33:24.233172: TWOFISH_SSH IKEv1: IKE IKEv2: IKE ESP {256,192,*128} twofish_cbc_ssh Sep 21 07:33:24.233174: NULL_AUTH_AES_GMAC IKEv1: ESP IKEv2: ESP FIPS {256,192,*128} aes_gmac Sep 21 07:33:24.233175: NULL IKEv1: ESP IKEv2: ESP [] Sep 21 07:33:24.233177: CHACHA20_POLY1305 IKEv1: IKEv2: IKE ESP [*256] chacha20poly1305 Sep 21 07:33:24.233182: Hash algorithms: Sep 21 07:33:24.233184: MD5 IKEv1: IKE IKEv2: Sep 21 07:33:24.233185: SHA1 IKEv1: IKE IKEv2: FIPS sha Sep 21 07:33:24.233187: SHA2_256 IKEv1: IKE IKEv2: FIPS sha2, sha256 Sep 21 07:33:24.233189: SHA2_384 IKEv1: IKE IKEv2: FIPS sha384 Sep 21 07:33:24.233191: SHA2_512 IKEv1: IKE IKEv2: FIPS sha512 Sep 21 07:33:24.233199: PRF algorithms: Sep 21 07:33:24.233200: HMAC_MD5 IKEv1: IKE IKEv2: IKE md5 Sep 21 07:33:24.233202: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS sha, sha1 Sep 21 07:33:24.233204: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS sha2, sha256, sha2_256 Sep 21 07:33:24.233206: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS sha384, sha2_384 Sep 21 07:33:24.233208: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS sha512, sha2_512 Sep 21 07:33:24.233210: AES_XCBC IKEv1: IKEv2: IKE aes128_xcbc Sep 21 07:33:24.233224: Integrity algorithms: Sep 21 07:33:24.233226: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH md5, hmac_md5 Sep 21 07:33:24.233228: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha, sha1, sha1_96, hmac_sha1 Sep 21 07:33:24.233230: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha512, sha2_512, sha2_512_256, hmac_sha2_512 Sep 21 07:33:24.233233: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha384, sha2_384, sha2_384_192, hmac_sha2_384 Sep 21 07:33:24.233235: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256 Sep 21 07:33:24.233236: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH Sep 21 07:33:24.233239: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH aes_xcbc, aes128_xcbc, aes128_xcbc_96 Sep 21 07:33:24.233240: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac Sep 21 07:33:24.233242: NONE IKEv1: ESP IKEv2: IKE ESP FIPS null Sep 21 07:33:24.233249: DH algorithms: Sep 21 07:33:24.233251: NONE IKEv1: IKEv2: IKE ESP AH FIPS null, dh0 Sep 21 07:33:24.233253: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH dh5 Sep 21 07:33:24.233255: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh14 Sep 21 07:33:24.233258: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh15 Sep 21 07:33:24.233260: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh16 Sep 21 07:33:24.233262: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh17 Sep 21 07:33:24.233263: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS dh18 Sep 21 07:33:24.233265: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_256, ecp256 Sep 21 07:33:24.233267: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_384, ecp384 Sep 21 07:33:24.233269: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS ecp_521, ecp521 Sep 21 07:33:24.233270: DH31 IKEv1: IKE IKEv2: IKE ESP AH curve25519 Sep 21 07:33:24.233272: testing CAMELLIA_CBC: Sep 21 07:33:24.233273: Camellia: 16 bytes with 128-bit key Sep 21 07:33:24.233364: Camellia: 16 bytes with 128-bit key Sep 21 07:33:24.233387: Camellia: 16 bytes with 256-bit key Sep 21 07:33:24.233405: Camellia: 16 bytes with 256-bit key Sep 21 07:33:24.233422: testing AES_GCM_16: Sep 21 07:33:24.233424: empty string Sep 21 07:33:24.233442: one block Sep 21 07:33:24.233457: two blocks Sep 21 07:33:24.233472: two blocks with associated data Sep 21 07:33:24.233488: testing AES_CTR: Sep 21 07:33:24.233489: Encrypting 16 octets using AES-CTR with 128-bit key Sep 21 07:33:24.233506: Encrypting 32 octets using AES-CTR with 128-bit key Sep 21 07:33:24.233523: Encrypting 36 octets using AES-CTR with 128-bit key Sep 21 07:33:24.233539: Encrypting 16 octets using AES-CTR with 192-bit key Sep 21 07:33:24.233554: Encrypting 32 octets using AES-CTR with 192-bit key Sep 21 07:33:24.233570: Encrypting 36 octets using AES-CTR with 192-bit key Sep 21 07:33:24.233586: Encrypting 16 octets using AES-CTR with 256-bit key Sep 21 07:33:24.233601: Encrypting 32 octets using AES-CTR with 256-bit key Sep 21 07:33:24.233616: Encrypting 36 octets using AES-CTR with 256-bit key Sep 21 07:33:24.233632: testing AES_CBC: Sep 21 07:33:24.233634: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key Sep 21 07:33:24.233650: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key Sep 21 07:33:24.233667: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key Sep 21 07:33:24.233684: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key Sep 21 07:33:24.233705: testing AES_XCBC: Sep 21 07:33:24.233706: RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input Sep 21 07:33:24.233778: RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input Sep 21 07:33:24.233893: RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input Sep 21 07:33:24.233970: RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input Sep 21 07:33:24.234050: RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input Sep 21 07:33:24.234134: RFC 3566 Test Case #6: AES-XCBC-MAC-96 with 34-byte input Sep 21 07:33:24.234219: RFC 3566 Test Case #7: AES-XCBC-MAC-96 with 1000-byte input Sep 21 07:33:24.234387: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16) Sep 21 07:33:24.234463: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10) Sep 21 07:33:24.234544: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18) Sep 21 07:33:24.234725: testing HMAC_MD5: Sep 21 07:33:24.234729: RFC 2104: MD5_HMAC test 1 Sep 21 07:33:24.234856: RFC 2104: MD5_HMAC test 2 Sep 21 07:33:24.234951: RFC 2104: MD5_HMAC test 3 Sep 21 07:33:24.235063: 8 CPU cores online Sep 21 07:33:24.235065: starting up 7 crypto helpers Sep 21 07:33:24.235094: started thread for crypto helper 0 Sep 21 07:33:24.235116: started thread for crypto helper 1 Sep 21 07:33:24.235124: | starting up helper thread 1 Sep 21 07:33:24.235133: started thread for crypto helper 2 Sep 21 07:33:24.235140: | starting up helper thread 2 Sep 21 07:33:24.235147: | starting up helper thread 0 Sep 21 07:33:24.235137: | status value returned by setting the priority of this thread (crypto helper 1) 22 Sep 21 07:33:24.235179: | status value returned by setting the priority of this thread (crypto helper 0) 22 Sep 21 07:33:24.235149: | status value returned by setting the priority of this thread (crypto helper 2) 22 Sep 21 07:33:24.235198: | starting up helper thread 3 Sep 21 07:33:24.235204: | status value returned by setting the priority of this thread (crypto helper 3) 22 Sep 21 07:33:24.235186: | crypto helper 1 waiting (nothing to do) Sep 21 07:33:24.235262: | crypto helper 0 waiting (nothing to do) Sep 21 07:33:24.235192: started thread for crypto helper 3 Sep 21 07:33:24.235272: | crypto helper 2 waiting (nothing to do) Sep 21 07:33:24.235296: | crypto helper 3 waiting (nothing to do) Sep 21 07:33:24.235310: started thread for crypto helper 4 Sep 21 07:33:24.235328: started thread for crypto helper 5 Sep 21 07:33:24.235332: | starting up helper thread 5 Sep 21 07:33:24.235340: | status value returned by setting the priority of this thread (crypto helper 5) 22 Sep 21 07:33:24.235343: | crypto helper 5 waiting (nothing to do) Sep 21 07:33:24.235349: started thread for crypto helper 6 Sep 21 07:33:24.235352: | checking IKEv1 state table Sep 21 07:33:24.235353: | starting up helper thread 4 Sep 21 07:33:24.235363: | MAIN_R0: category: half-open IKE SA flags: 0: Sep 21 07:33:24.235364: | status value returned by setting the priority of this thread (crypto helper 4) 22 Sep 21 07:33:24.235369: | -> MAIN_R1 EVENT_SO_DISCARD Sep 21 07:33:24.235374: | crypto helper 4 waiting (nothing to do) Sep 21 07:33:24.235379: | MAIN_I1: category: half-open IKE SA flags: 0: Sep 21 07:33:24.235386: | -> MAIN_I2 EVENT_RETRANSMIT Sep 21 07:33:24.235388: | MAIN_R1: category: open IKE SA flags: 200: Sep 21 07:33:24.235389: | -> MAIN_R2 EVENT_RETRANSMIT Sep 21 07:33:24.235391: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:33:24.235392: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:33:24.235394: | MAIN_I2: category: open IKE SA flags: 0: Sep 21 07:33:24.235395: | -> MAIN_I3 EVENT_RETRANSMIT Sep 21 07:33:24.235396: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:33:24.235398: | -> UNDEFINED EVENT_RETRANSMIT Sep 21 07:33:24.235399: | MAIN_R2: category: open IKE SA flags: 0: Sep 21 07:33:24.235401: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:33:24.235402: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:33:24.235403: | -> UNDEFINED EVENT_SA_REPLACE Sep 21 07:33:24.235405: | MAIN_I3: category: open IKE SA flags: 0: Sep 21 07:33:24.235406: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:33:24.235407: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:33:24.235409: | -> UNDEFINED EVENT_SA_REPLACE Sep 21 07:33:24.235410: | MAIN_R3: category: established IKE SA flags: 200: Sep 21 07:33:24.235411: | -> UNDEFINED EVENT_NULL Sep 21 07:33:24.235413: | MAIN_I4: category: established IKE SA flags: 0: Sep 21 07:33:24.235414: | -> UNDEFINED EVENT_NULL Sep 21 07:33:24.235416: | AGGR_R0: category: half-open IKE SA flags: 0: Sep 21 07:33:24.235417: | -> AGGR_R1 EVENT_SO_DISCARD Sep 21 07:33:24.235419: | AGGR_I1: category: half-open IKE SA flags: 0: Sep 21 07:33:24.235420: | -> AGGR_I2 EVENT_SA_REPLACE Sep 21 07:33:24.235421: | -> AGGR_I2 EVENT_SA_REPLACE Sep 21 07:33:24.235423: | AGGR_R1: category: open IKE SA flags: 200: Sep 21 07:33:24.235424: | -> AGGR_R2 EVENT_SA_REPLACE Sep 21 07:33:24.235425: | -> AGGR_R2 EVENT_SA_REPLACE Sep 21 07:33:24.235427: | AGGR_I2: category: established IKE SA flags: 200: Sep 21 07:33:24.235428: | -> UNDEFINED EVENT_NULL Sep 21 07:33:24.235430: | AGGR_R2: category: established IKE SA flags: 0: Sep 21 07:33:24.235431: | -> UNDEFINED EVENT_NULL Sep 21 07:33:24.235433: | QUICK_R0: category: established CHILD SA flags: 0: Sep 21 07:33:24.235434: | -> QUICK_R1 EVENT_RETRANSMIT Sep 21 07:33:24.235435: | QUICK_I1: category: established CHILD SA flags: 0: Sep 21 07:33:24.235437: | -> QUICK_I2 EVENT_SA_REPLACE Sep 21 07:33:24.235438: | QUICK_R1: category: established CHILD SA flags: 0: Sep 21 07:33:24.235442: | -> QUICK_R2 EVENT_SA_REPLACE Sep 21 07:33:24.235444: | QUICK_I2: category: established CHILD SA flags: 200: Sep 21 07:33:24.235445: | -> UNDEFINED EVENT_NULL Sep 21 07:33:24.235447: | QUICK_R2: category: established CHILD SA flags: 0: Sep 21 07:33:24.235448: | -> UNDEFINED EVENT_NULL Sep 21 07:33:24.235450: | INFO: category: informational flags: 0: Sep 21 07:33:24.235451: | -> UNDEFINED EVENT_NULL Sep 21 07:33:24.235453: | INFO_PROTECTED: category: informational flags: 0: Sep 21 07:33:24.235454: | -> UNDEFINED EVENT_NULL Sep 21 07:33:24.235455: | XAUTH_R0: category: established IKE SA flags: 0: Sep 21 07:33:24.235457: | -> XAUTH_R1 EVENT_NULL Sep 21 07:33:24.235458: | XAUTH_R1: category: established IKE SA flags: 0: Sep 21 07:33:24.235459: | -> MAIN_R3 EVENT_SA_REPLACE Sep 21 07:33:24.235461: | MODE_CFG_R0: category: informational flags: 0: Sep 21 07:33:24.235462: | -> MODE_CFG_R1 EVENT_SA_REPLACE Sep 21 07:33:24.235464: | MODE_CFG_R1: category: established IKE SA flags: 0: Sep 21 07:33:24.235465: | -> MODE_CFG_R2 EVENT_SA_REPLACE Sep 21 07:33:24.235467: | MODE_CFG_R2: category: established IKE SA flags: 0: Sep 21 07:33:24.235468: | -> UNDEFINED EVENT_NULL Sep 21 07:33:24.235470: | MODE_CFG_I1: category: established IKE SA flags: 0: Sep 21 07:33:24.235471: | -> MAIN_I4 EVENT_SA_REPLACE Sep 21 07:33:24.235472: | XAUTH_I0: category: established IKE SA flags: 0: Sep 21 07:33:24.235474: | -> XAUTH_I1 EVENT_RETRANSMIT Sep 21 07:33:24.235475: | XAUTH_I1: category: established IKE SA flags: 0: Sep 21 07:33:24.235477: | -> MAIN_I4 EVENT_RETRANSMIT Sep 21 07:33:24.235481: | checking IKEv2 state table Sep 21 07:33:24.235486: | PARENT_I0: category: ignore flags: 0: Sep 21 07:33:24.235487: | -> PARENT_I1 EVENT_RETRANSMIT send-request (initiate IKE_SA_INIT) Sep 21 07:33:24.235489: | PARENT_I1: category: half-open IKE SA flags: 0: Sep 21 07:33:24.235491: | -> PARENT_I1 EVENT_RETAIN send-request (Initiator: process SA_INIT reply notification) Sep 21 07:33:24.235492: | -> PARENT_I2 EVENT_RETRANSMIT send-request (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH) Sep 21 07:33:24.235494: | PARENT_I2: category: open IKE SA flags: 0: Sep 21 07:33:24.235496: | -> PARENT_I2 EVENT_NULL (Initiator: process INVALID_SYNTAX AUTH notification) Sep 21 07:33:24.235497: | -> PARENT_I2 EVENT_NULL (Initiator: process AUTHENTICATION_FAILED AUTH notification) Sep 21 07:33:24.235499: | -> PARENT_I2 EVENT_NULL (Initiator: process UNSUPPORTED_CRITICAL_PAYLOAD AUTH notification) Sep 21 07:33:24.235501: | -> V2_IPSEC_I EVENT_SA_REPLACE (Initiator: process IKE_AUTH response) Sep 21 07:33:24.235502: | -> PARENT_I2 EVENT_NULL (IKE SA: process IKE_AUTH response containing unknown notification) Sep 21 07:33:24.235504: | PARENT_I3: category: established IKE SA flags: 0: Sep 21 07:33:24.235505: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Request) Sep 21 07:33:24.235507: | -> PARENT_I3 EVENT_RETAIN (I3: Informational Response) Sep 21 07:33:24.235508: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Request) Sep 21 07:33:24.235509: | -> PARENT_I3 EVENT_RETAIN (I3: INFORMATIONAL Response) Sep 21 07:33:24.235511: | PARENT_R0: category: half-open IKE SA flags: 0: Sep 21 07:33:24.235513: | -> PARENT_R1 EVENT_SO_DISCARD send-request (Respond to IKE_SA_INIT) Sep 21 07:33:24.235514: | PARENT_R1: category: half-open IKE SA flags: 0: Sep 21 07:33:24.235516: | -> PARENT_R1 EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request (no SKEYSEED)) Sep 21 07:33:24.235517: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Responder: process IKE_AUTH request) Sep 21 07:33:24.235519: | PARENT_R2: category: established IKE SA flags: 0: Sep 21 07:33:24.235520: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Request) Sep 21 07:33:24.235522: | -> PARENT_R2 EVENT_RETAIN (R2: process Informational Response) Sep 21 07:33:24.235523: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Request) Sep 21 07:33:24.235526: | -> PARENT_R2 EVENT_RETAIN (R2: process INFORMATIONAL Response) Sep 21 07:33:24.235528: | V2_CREATE_I0: category: established IKE SA flags: 0: Sep 21 07:33:24.235529: | -> V2_CREATE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec SA) Sep 21 07:33:24.235531: | V2_CREATE_I: category: established IKE SA flags: 0: Sep 21 07:33:24.235532: | -> V2_IPSEC_I EVENT_SA_REPLACE (Process CREATE_CHILD_SA IPsec SA Response) Sep 21 07:33:24.235534: | V2_REKEY_IKE_I0: category: established IKE SA flags: 0: Sep 21 07:33:24.235536: | -> V2_REKEY_IKE_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IKE Rekey) Sep 21 07:33:24.235537: | V2_REKEY_IKE_I: category: established IKE SA flags: 0: Sep 21 07:33:24.235539: | -> PARENT_I3 EVENT_SA_REPLACE (Process CREATE_CHILD_SA IKE Rekey Response) Sep 21 07:33:24.235540: | V2_REKEY_CHILD_I0: category: established IKE SA flags: 0: Sep 21 07:33:24.235542: | -> V2_REKEY_CHILD_I EVENT_RETRANSMIT send-request (Initiate CREATE_CHILD_SA IPsec Rekey SA) Sep 21 07:33:24.235544: | V2_REKEY_CHILD_I: category: established IKE SA flags: 0: Sep 21 07:33:24.235545: | V2_CREATE_R: category: established IKE SA flags: 0: Sep 21 07:33:24.235547: | -> V2_IPSEC_R EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IPsec SA Request) Sep 21 07:33:24.235548: | V2_REKEY_IKE_R: category: established IKE SA flags: 0: Sep 21 07:33:24.235550: | -> PARENT_R2 EVENT_SA_REPLACE send-request (Respond to CREATE_CHILD_SA IKE Rekey) Sep 21 07:33:24.235552: | V2_REKEY_CHILD_R: category: established IKE SA flags: 0: Sep 21 07:33:24.235553: | V2_IPSEC_I: category: established CHILD SA flags: 0: Sep 21 07:33:24.235555: | V2_IPSEC_R: category: established CHILD SA flags: 0: Sep 21 07:33:24.235556: | IKESA_DEL: category: established IKE SA flags: 0: Sep 21 07:33:24.235558: | -> IKESA_DEL EVENT_RETAIN (IKE_SA_DEL: process INFORMATIONAL) Sep 21 07:33:24.235559: | CHILDSA_DEL: category: informational flags: 0: Sep 21 07:33:24.235602: Using Linux XFRM/NETKEY IPsec interface code on 5.2.11+ Sep 21 07:33:24.235650: | Hard-wiring algorithms Sep 21 07:33:24.235652: | adding AES_CCM_16 to kernel algorithm db Sep 21 07:33:24.235655: | adding AES_CCM_12 to kernel algorithm db Sep 21 07:33:24.235656: | adding AES_CCM_8 to kernel algorithm db Sep 21 07:33:24.235658: | adding 3DES_CBC to kernel algorithm db Sep 21 07:33:24.235659: | adding CAMELLIA_CBC to kernel algorithm db Sep 21 07:33:24.235661: | adding AES_GCM_16 to kernel algorithm db Sep 21 07:33:24.235662: | adding AES_GCM_12 to kernel algorithm db Sep 21 07:33:24.235663: | adding AES_GCM_8 to kernel algorithm db Sep 21 07:33:24.235665: | adding AES_CTR to kernel algorithm db Sep 21 07:33:24.235666: | adding AES_CBC to kernel algorithm db Sep 21 07:33:24.235667: | adding SERPENT_CBC to kernel algorithm db Sep 21 07:33:24.235669: | adding TWOFISH_CBC to kernel algorithm db Sep 21 07:33:24.235670: | adding NULL_AUTH_AES_GMAC to kernel algorithm db Sep 21 07:33:24.235672: | adding NULL to kernel algorithm db Sep 21 07:33:24.235673: | adding CHACHA20_POLY1305 to kernel algorithm db Sep 21 07:33:24.235675: | adding HMAC_MD5_96 to kernel algorithm db Sep 21 07:33:24.235676: | adding HMAC_SHA1_96 to kernel algorithm db Sep 21 07:33:24.235678: | adding HMAC_SHA2_512_256 to kernel algorithm db Sep 21 07:33:24.235679: | adding HMAC_SHA2_384_192 to kernel algorithm db Sep 21 07:33:24.235681: | adding HMAC_SHA2_256_128 to kernel algorithm db Sep 21 07:33:24.235682: | adding HMAC_SHA2_256_TRUNCBUG to kernel algorithm db Sep 21 07:33:24.235684: | adding AES_XCBC_96 to kernel algorithm db Sep 21 07:33:24.235685: | adding AES_CMAC_96 to kernel algorithm db Sep 21 07:33:24.235686: | adding NONE to kernel algorithm db Sep 21 07:33:24.235702: | net.ipv6.conf.all.disable_ipv6=1 ignore ipv6 holes Sep 21 07:33:24.235706: | global periodic timer EVENT_SHUNT_SCAN enabled with interval of 20 seconds Sep 21 07:33:24.235707: | setup kernel fd callback Sep 21 07:33:24.235712: | add_fd_read_event_handler: new KERNEL_XRM_FD-pe@0x560974853810 Sep 21 07:33:24.235715: | libevent_malloc: new ptr-libevent@0x56097485a7e0 size 128 Sep 21 07:33:24.235717: | libevent_malloc: new ptr-libevent@0x560974853770 size 16 Sep 21 07:33:24.235721: | add_fd_read_event_handler: new KERNEL_ROUTE_FD-pe@0x56097484dcc0 Sep 21 07:33:24.235722: | libevent_malloc: new ptr-libevent@0x56097485a870 size 128 Sep 21 07:33:24.235724: | libevent_malloc: new ptr-libevent@0x560974853750 size 16 Sep 21 07:33:24.235800: | starting up helper thread 6 Sep 21 07:33:24.235825: | status value returned by setting the priority of this thread (crypto helper 6) 22 Sep 21 07:33:24.235828: | crypto helper 6 waiting (nothing to do) Sep 21 07:33:24.235897: | global one-shot timer EVENT_CHECK_CRLS initialized Sep 21 07:33:24.235904: selinux support is enabled. Sep 21 07:33:24.235965: systemd watchdog not enabled - not sending watchdog keepalives Sep 21 07:33:24.236089: | unbound context created - setting debug level to 5 Sep 21 07:33:24.236113: | /etc/hosts lookups activated Sep 21 07:33:24.236125: | /etc/resolv.conf usage activated Sep 21 07:33:24.236157: | outgoing-port-avoid set 0-65535 Sep 21 07:33:24.236174: | outgoing-port-permit set 32768-60999 Sep 21 07:33:24.236175: | Loading dnssec root key from:/var/lib/unbound/root.key Sep 21 07:33:24.236177: | No additional dnssec trust anchors defined via dnssec-trusted= option Sep 21 07:33:24.236179: | Setting up events, loop start Sep 21 07:33:24.236181: | add_fd_read_event_handler: new PLUTO_CTL_FD-pe@0x56097484da80 Sep 21 07:33:24.236183: | libevent_malloc: new ptr-libevent@0x560974864df0 size 128 Sep 21 07:33:24.236185: | libevent_malloc: new ptr-libevent@0x560974864e80 size 16 Sep 21 07:33:24.236189: | libevent_realloc: new ptr-libevent@0x560974864ea0 size 256 Sep 21 07:33:24.236191: | libevent_malloc: new ptr-libevent@0x560974864fb0 size 8 Sep 21 07:33:24.236193: | libevent_realloc: new ptr-libevent@0x560974859be0 size 144 Sep 21 07:33:24.236194: | libevent_malloc: new ptr-libevent@0x560974864fd0 size 152 Sep 21 07:33:24.236196: | libevent_malloc: new ptr-libevent@0x560974865070 size 16 Sep 21 07:33:24.236199: | signal event handler PLUTO_SIGCHLD installed Sep 21 07:33:24.236200: | libevent_malloc: new ptr-libevent@0x560974865090 size 8 Sep 21 07:33:24.236202: | libevent_malloc: new ptr-libevent@0x5609748650b0 size 152 Sep 21 07:33:24.236204: | signal event handler PLUTO_SIGTERM installed Sep 21 07:33:24.236205: | libevent_malloc: new ptr-libevent@0x560974865150 size 8 Sep 21 07:33:24.236207: | libevent_malloc: new ptr-libevent@0x560974865170 size 152 Sep 21 07:33:24.236209: | signal event handler PLUTO_SIGHUP installed Sep 21 07:33:24.236210: | libevent_malloc: new ptr-libevent@0x560974865210 size 8 Sep 21 07:33:24.236212: | libevent_realloc: release ptr-libevent@0x560974859be0 Sep 21 07:33:24.236214: | libevent_realloc: new ptr-libevent@0x560974865230 size 256 Sep 21 07:33:24.236215: | libevent_malloc: new ptr-libevent@0x560974859be0 size 152 Sep 21 07:33:24.236217: | signal event handler PLUTO_SIGSYS installed Sep 21 07:33:24.236500: | created addconn helper (pid:18375) using fork+execve Sep 21 07:33:24.236510: | forked child 18375 Sep 21 07:33:24.236544: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:33:24.236559: | pluto_sd: executing action action: reloading(4), status 0 Sep 21 07:33:24.236564: listening for IKE messages Sep 21 07:33:24.236592: | Inspecting interface lo Sep 21 07:33:24.236597: | found lo with address 127.0.0.1 Sep 21 07:33:24.236598: | Inspecting interface eth0 Sep 21 07:33:24.236601: | found eth0 with address 192.0.2.254 Sep 21 07:33:24.236604: | Inspecting interface eth1 Sep 21 07:33:24.236607: | found eth1 with address 192.1.2.23 Sep 21 07:33:24.236644: Kernel supports NIC esp-hw-offload Sep 21 07:33:24.236652: adding interface eth1/eth1 (esp-hw-offload not supported by kernel) 192.1.2.23:500 Sep 21 07:33:24.236669: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:33:24.236675: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:33:24.236677: adding interface eth1/eth1 192.1.2.23:4500 Sep 21 07:33:24.236697: adding interface eth0/eth0 (esp-hw-offload not supported by kernel) 192.0.2.254:500 Sep 21 07:33:24.236713: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:33:24.236716: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:33:24.236718: adding interface eth0/eth0 192.0.2.254:4500 Sep 21 07:33:24.236736: adding interface lo/lo (esp-hw-offload not supported by kernel) 127.0.0.1:500 Sep 21 07:33:24.236753: | NAT-Traversal: Trying sockopt style NAT-T Sep 21 07:33:24.236755: | NAT-Traversal: ESPINUDP(2) setup succeeded for sockopt style NAT-T family IPv4 Sep 21 07:33:24.236757: adding interface lo/lo 127.0.0.1:4500 Sep 21 07:33:24.236840: | no interfaces to sort Sep 21 07:33:24.236848: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Sep 21 07:33:24.236856: | add_fd_read_event_handler: new ethX-pe@0x56097484eb80 Sep 21 07:33:24.236859: | libevent_malloc: new ptr-libevent@0x560974865610 size 128 Sep 21 07:33:24.236862: | libevent_malloc: new ptr-libevent@0x5609748656a0 size 16 Sep 21 07:33:24.236867: | setup callback for interface lo 127.0.0.1:4500 fd 22 Sep 21 07:33:24.236870: | add_fd_read_event_handler: new ethX-pe@0x5609748656c0 Sep 21 07:33:24.236872: | libevent_malloc: new ptr-libevent@0x560974865700 size 128 Sep 21 07:33:24.236875: | libevent_malloc: new ptr-libevent@0x560974865790 size 16 Sep 21 07:33:24.236880: | setup callback for interface lo 127.0.0.1:500 fd 21 Sep 21 07:33:24.236882: | add_fd_read_event_handler: new ethX-pe@0x5609748657b0 Sep 21 07:33:24.236884: | libevent_malloc: new ptr-libevent@0x5609748657f0 size 128 Sep 21 07:33:24.236887: | libevent_malloc: new ptr-libevent@0x560974865880 size 16 Sep 21 07:33:24.236891: | setup callback for interface eth0 192.0.2.254:4500 fd 20 Sep 21 07:33:24.236894: | add_fd_read_event_handler: new ethX-pe@0x5609748658a0 Sep 21 07:33:24.236896: | libevent_malloc: new ptr-libevent@0x5609748658e0 size 128 Sep 21 07:33:24.236899: | libevent_malloc: new ptr-libevent@0x560974865970 size 16 Sep 21 07:33:24.236903: | setup callback for interface eth0 192.0.2.254:500 fd 19 Sep 21 07:33:24.236906: | add_fd_read_event_handler: new ethX-pe@0x560974865990 Sep 21 07:33:24.236908: | libevent_malloc: new ptr-libevent@0x5609748659d0 size 128 Sep 21 07:33:24.236910: | libevent_malloc: new ptr-libevent@0x560974865a60 size 16 Sep 21 07:33:24.236914: | setup callback for interface eth1 192.1.2.23:4500 fd 18 Sep 21 07:33:24.236917: | add_fd_read_event_handler: new ethX-pe@0x560974865a80 Sep 21 07:33:24.236919: | libevent_malloc: new ptr-libevent@0x560974865ac0 size 128 Sep 21 07:33:24.236921: | libevent_malloc: new ptr-libevent@0x560974865b50 size 16 Sep 21 07:33:24.236926: | setup callback for interface eth1 192.1.2.23:500 fd 17 Sep 21 07:33:24.236932: | certs and keys locked by 'free_preshared_secrets' Sep 21 07:33:24.236934: | certs and keys unlocked by 'free_preshared_secrets' Sep 21 07:33:24.236953: loading secrets from "/etc/ipsec.secrets" Sep 21 07:33:24.236969: | saving Modulus Sep 21 07:33:24.236973: | saving PublicExponent Sep 21 07:33:24.236975: | ignoring PrivateExponent Sep 21 07:33:24.236977: | ignoring Prime1 Sep 21 07:33:24.236979: | ignoring Prime2 Sep 21 07:33:24.236981: | ignoring Exponent1 Sep 21 07:33:24.236983: | ignoring Exponent2 Sep 21 07:33:24.236985: | ignoring Coefficient Sep 21 07:33:24.236986: | ignoring CKAIDNSS Sep 21 07:33:24.237019: | computed rsa CKAID 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Sep 21 07:33:24.237021: | computed rsa CKAID 8a 82 25 f1 Sep 21 07:33:24.237023: loaded private key for keyid: PKK_RSA:AQO9bJbr3 Sep 21 07:33:24.237028: | certs and keys locked by 'process_secret' Sep 21 07:33:24.237031: | certs and keys unlocked by 'process_secret' Sep 21 07:33:24.237035: | pluto_sd: executing action action: ready(5), status 0 Sep 21 07:33:24.237041: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:33:24.237048: | spent 0.488 milliseconds in whack Sep 21 07:33:24.269112: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:33:24.269140: | pluto_sd: executing action action: reloading(4), status 0 Sep 21 07:33:24.269146: listening for IKE messages Sep 21 07:33:24.271236: | Inspecting interface lo Sep 21 07:33:24.271252: | found lo with address 127.0.0.1 Sep 21 07:33:24.271256: | Inspecting interface eth0 Sep 21 07:33:24.271260: | found eth0 with address 192.0.2.254 Sep 21 07:33:24.271262: | Inspecting interface eth1 Sep 21 07:33:24.271266: | found eth1 with address 192.1.2.23 Sep 21 07:33:24.271325: | no interfaces to sort Sep 21 07:33:24.271337: | libevent_free: release ptr-libevent@0x560974865610 Sep 21 07:33:24.271341: | free_event_entry: release EVENT_NULL-pe@0x56097484eb80 Sep 21 07:33:24.271345: | add_fd_read_event_handler: new ethX-pe@0x56097484eb80 Sep 21 07:33:24.271349: | libevent_malloc: new ptr-libevent@0x560974865610 size 128 Sep 21 07:33:24.271358: | setup callback for interface lo 127.0.0.1:4500 fd 22 Sep 21 07:33:24.271362: | libevent_free: release ptr-libevent@0x560974865700 Sep 21 07:33:24.271365: | free_event_entry: release EVENT_NULL-pe@0x5609748656c0 Sep 21 07:33:24.271368: | add_fd_read_event_handler: new ethX-pe@0x5609748656c0 Sep 21 07:33:24.271371: | libevent_malloc: new ptr-libevent@0x560974865700 size 128 Sep 21 07:33:24.271377: | setup callback for interface lo 127.0.0.1:500 fd 21 Sep 21 07:33:24.271382: | libevent_free: release ptr-libevent@0x5609748657f0 Sep 21 07:33:24.271385: | free_event_entry: release EVENT_NULL-pe@0x5609748657b0 Sep 21 07:33:24.271388: | add_fd_read_event_handler: new ethX-pe@0x5609748657b0 Sep 21 07:33:24.271391: | libevent_malloc: new ptr-libevent@0x5609748657f0 size 128 Sep 21 07:33:24.271395: | setup callback for interface eth0 192.0.2.254:4500 fd 20 Sep 21 07:33:24.271399: | libevent_free: release ptr-libevent@0x5609748658e0 Sep 21 07:33:24.271402: | free_event_entry: release EVENT_NULL-pe@0x5609748658a0 Sep 21 07:33:24.271405: | add_fd_read_event_handler: new ethX-pe@0x5609748658a0 Sep 21 07:33:24.271408: | libevent_malloc: new ptr-libevent@0x5609748658e0 size 128 Sep 21 07:33:24.271414: | setup callback for interface eth0 192.0.2.254:500 fd 19 Sep 21 07:33:24.271419: | libevent_free: release ptr-libevent@0x5609748659d0 Sep 21 07:33:24.271422: | free_event_entry: release EVENT_NULL-pe@0x560974865990 Sep 21 07:33:24.271425: | add_fd_read_event_handler: new ethX-pe@0x560974865990 Sep 21 07:33:24.271428: | libevent_malloc: new ptr-libevent@0x5609748659d0 size 128 Sep 21 07:33:24.271434: | setup callback for interface eth1 192.1.2.23:4500 fd 18 Sep 21 07:33:24.271438: | libevent_free: release ptr-libevent@0x560974865ac0 Sep 21 07:33:24.271441: | free_event_entry: release EVENT_NULL-pe@0x560974865a80 Sep 21 07:33:24.271444: | add_fd_read_event_handler: new ethX-pe@0x560974865a80 Sep 21 07:33:24.271447: | libevent_malloc: new ptr-libevent@0x560974865ac0 size 128 Sep 21 07:33:24.271454: | setup callback for interface eth1 192.1.2.23:500 fd 17 Sep 21 07:33:24.271458: | certs and keys locked by 'free_preshared_secrets' Sep 21 07:33:24.271461: forgetting secrets Sep 21 07:33:24.271475: | certs and keys unlocked by 'free_preshared_secrets' Sep 21 07:33:24.271493: loading secrets from "/etc/ipsec.secrets" Sep 21 07:33:24.271511: | saving Modulus Sep 21 07:33:24.271514: | saving PublicExponent Sep 21 07:33:24.271519: | ignoring PrivateExponent Sep 21 07:33:24.271523: | ignoring Prime1 Sep 21 07:33:24.271526: | ignoring Prime2 Sep 21 07:33:24.271530: | ignoring Exponent1 Sep 21 07:33:24.271534: | ignoring Exponent2 Sep 21 07:33:24.271538: | ignoring Coefficient Sep 21 07:33:24.272096: | ignoring CKAIDNSS Sep 21 07:33:24.272132: | computed rsa CKAID 61 55 99 73 d3 ac ef 7d 3a 37 0e 3e 82 ad 92 c1 Sep 21 07:33:24.272136: | computed rsa CKAID 8a 82 25 f1 Sep 21 07:33:24.272140: loaded private key for keyid: PKK_RSA:AQO9bJbr3 Sep 21 07:33:24.272149: | certs and keys locked by 'process_secret' Sep 21 07:33:24.272157: | certs and keys unlocked by 'process_secret' Sep 21 07:33:24.272163: | pluto_sd: executing action action: ready(5), status 0 Sep 21 07:33:24.272171: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:33:24.272180: | spent 0.497 milliseconds in whack Sep 21 07:33:24.272776: | processing signal PLUTO_SIGCHLD Sep 21 07:33:24.272790: | waitpid returned pid 18375 (exited with status 0) Sep 21 07:33:24.272797: | reaped addconn helper child (status 0) Sep 21 07:33:24.272800: | waitpid returned ECHILD (no child processes left) Sep 21 07:33:24.272804: | spent 0.018 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:33:24.325084: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:33:24.325105: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:33:24.325108: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:33:24.325110: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:33:24.325111: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:33:24.325114: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:33:24.325120: | Added new connection northnet-eastnets/0x1 with policy ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:33:24.325122: | No AUTH policy was set - defaulting to RSASIG Sep 21 07:33:24.325761: | setting ID to ID_DER_ASN1_DN: 'E=user-north@testing.libreswan.org,CN=north.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' Sep 21 07:33:24.325772: | loading left certificate 'north' pubkey Sep 21 07:33:24.325873: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x56097486a2c0 Sep 21 07:33:24.325879: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x56097486a1d0 Sep 21 07:33:24.325881: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x560974866860 Sep 21 07:33:24.325975: | unreference key: 0x560974866910 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org cnt 1-- Sep 21 07:33:24.326054: | warning: no secret key loaded for left certificate with nickname north: NSS: cert private key not found Sep 21 07:33:24.326061: | counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org is 0 Sep 21 07:33:24.326342: | setting ID to ID_DER_ASN1_DN: 'E=user-east@testing.libreswan.org,CN=east.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' Sep 21 07:33:24.326349: | loading right certificate 'east' pubkey Sep 21 07:33:24.326439: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x560974847390 Sep 21 07:33:24.326444: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x56097486a1d0 Sep 21 07:33:24.326447: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x560974866860 Sep 21 07:33:24.326449: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x56097486acf0 Sep 21 07:33:24.326452: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x560974866b20 Sep 21 07:33:24.326642: | unreference key: 0x56097486bbc0 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org cnt 1-- Sep 21 07:33:24.326776: | certs and keys locked by 'lsw_add_rsa_secret' Sep 21 07:33:24.326780: | certs and keys unlocked by 'lsw_add_rsa_secret' Sep 21 07:33:24.326791: | counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org is 0 Sep 21 07:33:24.326801: | connect_to_host_pair: 192.1.2.23:500 192.1.3.33:500 -> hp@(nil): none Sep 21 07:33:24.326803: | new hp@0x56097486b870 Sep 21 07:33:24.326806: added connection description "northnet-eastnets/0x1" Sep 21 07:33:24.326816: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:33:24.326835: | 192.0.2.0/24===192.1.2.23<192.1.2.23>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org]---192.1.2.254...192.1.3.33<192.1.3.33>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org]===192.0.3.0/24 Sep 21 07:33:24.326848: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:33:24.326855: | spent 1.75 milliseconds in whack Sep 21 07:33:24.326892: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:33:24.326900: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:33:24.326903: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:33:24.326906: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:33:24.326907: | FOR_EACH_CONNECTION_... in foreach_connection_by_alias Sep 21 07:33:24.326909: | FOR_EACH_CONNECTION_... in conn_by_name Sep 21 07:33:24.326913: | Added new connection northnet-eastnets/0x2 with policy ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:33:24.326915: | No AUTH policy was set - defaulting to RSASIG Sep 21 07:33:24.326987: | setting ID to ID_DER_ASN1_DN: 'E=user-north@testing.libreswan.org,CN=north.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' Sep 21 07:33:24.326992: | loading left certificate 'north' pubkey Sep 21 07:33:24.327031: | unreference key: 0x56097486b600 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org cnt 1-- Sep 21 07:33:24.327039: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x560974871010 Sep 21 07:33:24.327041: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x560974870bf0 Sep 21 07:33:24.327042: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x560974847390 Sep 21 07:33:24.327077: | unreference key: 0x56097486b0f0 @north.testing.libreswan.org cnt 1-- Sep 21 07:33:24.327111: | unreference key: 0x56097486ae10 user-north@testing.libreswan.org cnt 1-- Sep 21 07:33:24.327147: | unreference key: 0x5609748704b0 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org cnt 1-- Sep 21 07:33:24.327225: | warning: no secret key loaded for left certificate with nickname north: NSS: cert private key not found Sep 21 07:33:24.327232: | counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org is 0 Sep 21 07:33:24.327292: | setting ID to ID_DER_ASN1_DN: 'E=user-east@testing.libreswan.org,CN=east.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' Sep 21 07:33:24.327296: | loading right certificate 'east' pubkey Sep 21 07:33:24.327333: | unreference key: 0x560974871570 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org cnt 1-- Sep 21 07:33:24.327340: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x560974847390 Sep 21 07:33:24.327342: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x56097486a200 Sep 21 07:33:24.327344: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x560974871230 Sep 21 07:33:24.327345: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x56097486a1d0 Sep 21 07:33:24.327347: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x560974866860 Sep 21 07:33:24.327380: | unreference key: 0x56097486c140 192.1.2.23 cnt 1-- Sep 21 07:33:24.327412: | unreference key: 0x560974870a50 east@testing.libreswan.org cnt 1-- Sep 21 07:33:24.327445: | unreference key: 0x560974870e10 @east.testing.libreswan.org cnt 1-- Sep 21 07:33:24.327478: | unreference key: 0x5609748713f0 user-east@testing.libreswan.org cnt 1-- Sep 21 07:33:24.327514: | unreference key: 0x560974870700 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org cnt 1-- Sep 21 07:33:24.327547: | secrets entry for east already exists Sep 21 07:33:24.327557: | counting wild cards for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org is 0 Sep 21 07:33:24.327562: | find_host_pair: comparing 192.1.2.23:500 to 192.1.3.33:500 but ignoring ports Sep 21 07:33:24.327565: | connect_to_host_pair: 192.1.2.23:500 192.1.3.33:500 -> hp@0x56097486b870: northnet-eastnets/0x1 Sep 21 07:33:24.327566: added connection description "northnet-eastnets/0x2" Sep 21 07:33:24.327575: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; replay_window: 32; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO Sep 21 07:33:24.327591: | 192.0.22.0/24===192.1.2.23<192.1.2.23>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org]---192.1.2.254...192.1.3.33<192.1.3.33>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org]===192.0.3.0/24 Sep 21 07:33:24.327598: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:33:24.327603: | spent 0.716 milliseconds in whack Sep 21 07:33:24.390038: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:33:24.390291: | FOR_EACH_CONNECTION_... in show_connections_status Sep 21 07:33:24.390295: | FOR_EACH_CONNECTION_... in show_connections_status Sep 21 07:33:24.390516: | FOR_EACH_STATE_... in show_states_status (sort_states) Sep 21 07:33:24.390527: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:33:24.390534: | spent 0.515 milliseconds in whack Sep 21 07:33:26.849339: | spent 0.00294 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:33:26.849364: | *received 792 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) Sep 21 07:33:26.849366: | 18 31 dd 30 0d 3e 37 d5 00 00 00 00 00 00 00 00 Sep 21 07:33:26.849368: | 01 10 02 00 00 00 00 00 00 00 03 18 0d 00 02 84 Sep 21 07:33:26.849369: | 00 00 00 01 00 00 00 01 00 00 02 78 00 01 00 12 Sep 21 07:33:26.849371: | 03 00 00 24 00 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:33:26.849372: | 80 01 00 07 80 02 00 04 80 03 00 03 80 04 00 0e Sep 21 07:33:26.849373: | 80 0e 01 00 03 00 00 24 01 01 00 00 80 0b 00 01 Sep 21 07:33:26.849375: | 80 0c 0e 10 80 01 00 07 80 02 00 04 80 03 00 03 Sep 21 07:33:26.849376: | 80 04 00 0e 80 0e 00 80 03 00 00 24 02 01 00 00 Sep 21 07:33:26.849377: | 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 06 Sep 21 07:33:26.849379: | 80 03 00 03 80 04 00 0e 80 0e 01 00 03 00 00 24 Sep 21 07:33:26.849380: | 03 01 00 00 80 0b 00 01 80 0c 0e 10 80 01 00 07 Sep 21 07:33:26.849381: | 80 02 00 06 80 03 00 03 80 04 00 0e 80 0e 00 80 Sep 21 07:33:26.849383: | 03 00 00 24 04 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:33:26.849384: | 80 01 00 07 80 02 00 02 80 03 00 03 80 04 00 0e Sep 21 07:33:26.849386: | 80 0e 01 00 03 00 00 24 05 01 00 00 80 0b 00 01 Sep 21 07:33:26.849387: | 80 0c 0e 10 80 01 00 07 80 02 00 02 80 03 00 03 Sep 21 07:33:26.849388: | 80 04 00 0e 80 0e 00 80 03 00 00 24 06 01 00 00 Sep 21 07:33:26.849390: | 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 04 Sep 21 07:33:26.849391: | 80 03 00 03 80 04 00 05 80 0e 01 00 03 00 00 24 Sep 21 07:33:26.849392: | 07 01 00 00 80 0b 00 01 80 0c 0e 10 80 01 00 07 Sep 21 07:33:26.849394: | 80 02 00 04 80 03 00 03 80 04 00 05 80 0e 00 80 Sep 21 07:33:26.849395: | 03 00 00 24 08 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:33:26.849397: | 80 01 00 07 80 02 00 06 80 03 00 03 80 04 00 05 Sep 21 07:33:26.849398: | 80 0e 01 00 03 00 00 24 09 01 00 00 80 0b 00 01 Sep 21 07:33:26.849399: | 80 0c 0e 10 80 01 00 07 80 02 00 06 80 03 00 03 Sep 21 07:33:26.849401: | 80 04 00 05 80 0e 00 80 03 00 00 24 0a 01 00 00 Sep 21 07:33:26.849402: | 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 02 Sep 21 07:33:26.849406: | 80 03 00 03 80 04 00 05 80 0e 01 00 03 00 00 24 Sep 21 07:33:26.849407: | 0b 01 00 00 80 0b 00 01 80 0c 0e 10 80 01 00 07 Sep 21 07:33:26.849409: | 80 02 00 02 80 03 00 03 80 04 00 05 80 0e 00 80 Sep 21 07:33:26.849410: | 03 00 00 20 0c 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:33:26.849412: | 80 01 00 05 80 02 00 04 80 03 00 03 80 04 00 0e Sep 21 07:33:26.849413: | 03 00 00 20 0d 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:33:26.849414: | 80 01 00 05 80 02 00 06 80 03 00 03 80 04 00 0e Sep 21 07:33:26.849416: | 03 00 00 20 0e 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:33:26.849417: | 80 01 00 05 80 02 00 02 80 03 00 03 80 04 00 0e Sep 21 07:33:26.849418: | 03 00 00 20 0f 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:33:26.849420: | 80 01 00 05 80 02 00 04 80 03 00 03 80 04 00 05 Sep 21 07:33:26.849421: | 03 00 00 20 10 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:33:26.849422: | 80 01 00 05 80 02 00 06 80 03 00 03 80 04 00 05 Sep 21 07:33:26.849424: | 00 00 00 20 11 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:33:26.849425: | 80 01 00 05 80 02 00 02 80 03 00 03 80 04 00 05 Sep 21 07:33:26.849426: | 0d 00 00 14 40 48 b7 d5 6e bc e8 85 25 e7 de 7f Sep 21 07:33:26.849428: | 00 d6 c2 d3 0d 00 00 14 af ca d7 13 68 a1 f1 c9 Sep 21 07:33:26.849429: | 6b 86 96 fc 77 57 01 00 0d 00 00 14 4a 13 1c 81 Sep 21 07:33:26.849431: | 07 03 58 45 5c 57 28 f2 0e 95 45 2f 0d 00 00 14 Sep 21 07:33:26.849432: | 7d 94 19 a6 53 10 ca 6f 2c 17 9d 92 15 52 9d 56 Sep 21 07:33:26.849433: | 0d 00 00 14 90 cb 80 91 3e bb 69 6e 08 63 81 b5 Sep 21 07:33:26.849435: | ec 42 7b 1f 00 00 00 14 cd 60 46 43 35 df 21 f8 Sep 21 07:33:26.849436: | 7c fd b2 fc 68 b6 a4 48 Sep 21 07:33:26.849441: | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) Sep 21 07:33:26.849444: | **parse ISAKMP Message: Sep 21 07:33:26.849445: | initiator cookie: Sep 21 07:33:26.849447: | 18 31 dd 30 0d 3e 37 d5 Sep 21 07:33:26.849448: | responder cookie: Sep 21 07:33:26.849449: | 00 00 00 00 00 00 00 00 Sep 21 07:33:26.849451: | next payload type: ISAKMP_NEXT_SA (0x1) Sep 21 07:33:26.849453: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:33:26.849454: | exchange type: ISAKMP_XCHG_IDPROT (0x2) Sep 21 07:33:26.849456: | flags: none (0x0) Sep 21 07:33:26.849457: | Message ID: 0 (0x0) Sep 21 07:33:26.849459: | length: 792 (0x318) Sep 21 07:33:26.849461: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) Sep 21 07:33:26.849463: | State DB: IKEv1 state not found (find_state_ikev1_init) Sep 21 07:33:26.849465: | #null state always idle Sep 21 07:33:26.849467: | got payload 0x2 (ISAKMP_NEXT_SA) needed: 0x2 opt: 0x2080 Sep 21 07:33:26.849469: | ***parse ISAKMP Security Association Payload: Sep 21 07:33:26.849471: | next payload type: ISAKMP_NEXT_VID (0xd) Sep 21 07:33:26.849472: | length: 644 (0x284) Sep 21 07:33:26.849474: | DOI: ISAKMP_DOI_IPSEC (0x1) Sep 21 07:33:26.849476: | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 Sep 21 07:33:26.849477: | ***parse ISAKMP Vendor ID Payload: Sep 21 07:33:26.849479: | next payload type: ISAKMP_NEXT_VID (0xd) Sep 21 07:33:26.849480: | length: 20 (0x14) Sep 21 07:33:26.849482: | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 Sep 21 07:33:26.849483: | ***parse ISAKMP Vendor ID Payload: Sep 21 07:33:26.849485: | next payload type: ISAKMP_NEXT_VID (0xd) Sep 21 07:33:26.849486: | length: 20 (0x14) Sep 21 07:33:26.849488: | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 Sep 21 07:33:26.849489: | ***parse ISAKMP Vendor ID Payload: Sep 21 07:33:26.849490: | next payload type: ISAKMP_NEXT_VID (0xd) Sep 21 07:33:26.849492: | length: 20 (0x14) Sep 21 07:33:26.849493: | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 Sep 21 07:33:26.849495: | ***parse ISAKMP Vendor ID Payload: Sep 21 07:33:26.849496: | next payload type: ISAKMP_NEXT_VID (0xd) Sep 21 07:33:26.849497: | length: 20 (0x14) Sep 21 07:33:26.849502: | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 Sep 21 07:33:26.849504: | ***parse ISAKMP Vendor ID Payload: Sep 21 07:33:26.849505: | next payload type: ISAKMP_NEXT_VID (0xd) Sep 21 07:33:26.849506: | length: 20 (0x14) Sep 21 07:33:26.849508: | got payload 0x2000 (ISAKMP_NEXT_VID) needed: 0x0 opt: 0x2080 Sep 21 07:33:26.849509: | ***parse ISAKMP Vendor ID Payload: Sep 21 07:33:26.849511: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:26.849512: | length: 20 (0x14) Sep 21 07:33:26.849514: | message 'main_inI1_outR1' HASH payload not checked early Sep 21 07:33:26.849517: | received Vendor ID payload [FRAGMENTATION] Sep 21 07:33:26.849519: | received Vendor ID payload [Dead Peer Detection] Sep 21 07:33:26.849521: | quirks.qnat_traversal_vid set to=117 [RFC 3947] Sep 21 07:33:26.849523: | received Vendor ID payload [RFC 3947] Sep 21 07:33:26.849524: | Ignoring older NAT-T Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] Sep 21 07:33:26.849526: | ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] Sep 21 07:33:26.849528: | Ignoring older NAT-T Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] Sep 21 07:33:26.849529: | ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] Sep 21 07:33:26.849531: | Ignoring older NAT-T Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] Sep 21 07:33:26.849532: | ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] Sep 21 07:33:26.849534: | in statetime_start() with no state Sep 21 07:33:26.849538: | find_host_connection local=192.1.2.23:500 remote=192.1.3.33:500 policy=IKEV1_ALLOW but ignoring ports Sep 21 07:33:26.849541: | find_host_pair: comparing 192.1.2.23:500 to 192.1.3.33:500 but ignoring ports Sep 21 07:33:26.849543: | find_next_host_connection policy=IKEV1_ALLOW Sep 21 07:33:26.849545: | found policy = RSASIG+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (northnet-eastnets/0x2) Sep 21 07:33:26.849547: | find_next_host_connection returns northnet-eastnets/0x2 Sep 21 07:33:26.849548: | find_next_host_connection policy=IKEV1_ALLOW Sep 21 07:33:26.849550: | found policy = RSASIG+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO (northnet-eastnets/0x1) Sep 21 07:33:26.849552: | find_next_host_connection returns northnet-eastnets/0x1 Sep 21 07:33:26.849553: | find_next_host_connection policy=IKEV1_ALLOW Sep 21 07:33:26.849555: | find_next_host_connection returns empty Sep 21 07:33:26.849575: | creating state object #1 at 0x5609748736e0 Sep 21 07:33:26.849578: | State DB: adding IKEv1 state #1 in UNDEFINED Sep 21 07:33:26.849584: | pstats #1 ikev1.isakmp started Sep 21 07:33:26.849587: | #1 updating local interface from to 192.1.2.23:500 using md->iface (in update_ike_endpoints() at state.c:2668) Sep 21 07:33:26.849591: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in main_inI1_outR1() at ikev1_main.c:667) Sep 21 07:33:26.849593: | parent state #1: UNDEFINED(ignore) => MAIN_R0(half-open IKE SA) Sep 21 07:33:26.849595: | sender checking NAT-T: enabled; VID 117 Sep 21 07:33:26.849596: | returning NAT-T method NAT_TRAVERSAL_METHOD_IETF_RFC Sep 21 07:33:26.849598: | enabling possible NAT-traversal with method RFC 3947 (NAT-Traversal) Sep 21 07:33:26.849600: | ICOOKIE-DUMP: 18 31 dd 30 0d 3e 37 d5 Sep 21 07:33:26.849601: "northnet-eastnets/0x2" #1: responding to Main Mode Sep 21 07:33:26.849636: | **emit ISAKMP Message: Sep 21 07:33:26.849638: | initiator cookie: Sep 21 07:33:26.849639: | 18 31 dd 30 0d 3e 37 d5 Sep 21 07:33:26.849641: | responder cookie: Sep 21 07:33:26.849642: | 85 08 f7 50 ae 24 38 ea Sep 21 07:33:26.849644: | next payload type: ISAKMP_NEXT_SA (0x1) Sep 21 07:33:26.849645: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:33:26.849647: | exchange type: ISAKMP_XCHG_IDPROT (0x2) Sep 21 07:33:26.849648: | flags: none (0x0) Sep 21 07:33:26.849649: | Message ID: 0 (0x0) Sep 21 07:33:26.849651: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:33:26.849654: | next payload chain: ignoring supplied 'ISAKMP Message'.'next payload type' value 1:ISAKMP_NEXT_SA Sep 21 07:33:26.849656: | ***emit ISAKMP Security Association Payload: Sep 21 07:33:26.849658: | next payload type: ISAKMP_NEXT_VID (0xd) Sep 21 07:33:26.849659: | DOI: ISAKMP_DOI_IPSEC (0x1) Sep 21 07:33:26.849661: | next payload chain: ignoring supplied 'ISAKMP Security Association Payload'.'next payload type' value 13:ISAKMP_NEXT_VID Sep 21 07:33:26.849663: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Security Association Payload (1:ISAKMP_NEXT_SA) Sep 21 07:33:26.849664: | next payload chain: saving location 'ISAKMP Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:33:26.849666: | ****parse IPsec DOI SIT: Sep 21 07:33:26.849668: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) Sep 21 07:33:26.849669: | ****parse ISAKMP Proposal Payload: Sep 21 07:33:26.849671: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:26.849672: | length: 632 (0x278) Sep 21 07:33:26.849674: | proposal number: 0 (0x0) Sep 21 07:33:26.849675: | protocol ID: PROTO_ISAKMP (0x1) Sep 21 07:33:26.849676: | SPI size: 0 (0x0) Sep 21 07:33:26.849678: | number of transforms: 18 (0x12) Sep 21 07:33:26.849680: | *****parse ISAKMP Transform Payload (ISAKMP): Sep 21 07:33:26.849681: | next payload type: ISAKMP_NEXT_T (0x3) Sep 21 07:33:26.849682: | length: 36 (0x24) Sep 21 07:33:26.849684: | ISAKMP transform number: 0 (0x0) Sep 21 07:33:26.849685: | ISAKMP transform ID: KEY_IKE (0x1) Sep 21 07:33:26.849687: | ******parse ISAKMP Oakley attribute: Sep 21 07:33:26.849688: | af+type: AF+OAKLEY_LIFE_TYPE (0x800b) Sep 21 07:33:26.849690: | length/value: 1 (0x1) Sep 21 07:33:26.849691: | [1 is OAKLEY_LIFE_SECONDS] Sep 21 07:33:26.849693: | ******parse ISAKMP Oakley attribute: Sep 21 07:33:26.849695: | af+type: AF+OAKLEY_LIFE_DURATION (variable length) (0x800c) Sep 21 07:33:26.849696: | length/value: 3600 (0xe10) Sep 21 07:33:26.849697: | ******parse ISAKMP Oakley attribute: Sep 21 07:33:26.849699: | af+type: AF+OAKLEY_ENCRYPTION_ALGORITHM (0x8001) Sep 21 07:33:26.849700: | length/value: 7 (0x7) Sep 21 07:33:26.849702: | [7 is OAKLEY_AES_CBC] Sep 21 07:33:26.849704: | ******parse ISAKMP Oakley attribute: Sep 21 07:33:26.849705: | af+type: AF+OAKLEY_HASH_ALGORITHM (0x8002) Sep 21 07:33:26.849706: | length/value: 4 (0x4) Sep 21 07:33:26.849708: | [4 is OAKLEY_SHA2_256] Sep 21 07:33:26.849709: | ******parse ISAKMP Oakley attribute: Sep 21 07:33:26.849711: | af+type: AF+OAKLEY_AUTHENTICATION_METHOD (0x8003) Sep 21 07:33:26.849712: | length/value: 3 (0x3) Sep 21 07:33:26.849714: | [3 is OAKLEY_RSA_SIG] Sep 21 07:33:26.849715: | ******parse ISAKMP Oakley attribute: Sep 21 07:33:26.849716: | af+type: AF+OAKLEY_GROUP_DESCRIPTION (0x8004) Sep 21 07:33:26.849718: | length/value: 14 (0xe) Sep 21 07:33:26.849719: | [14 is OAKLEY_GROUP_MODP2048] Sep 21 07:33:26.849721: | ******parse ISAKMP Oakley attribute: Sep 21 07:33:26.849722: | af+type: AF+OAKLEY_KEY_LENGTH (0x800e) Sep 21 07:33:26.849724: | length/value: 256 (0x100) Sep 21 07:33:26.849725: | OAKLEY proposal verified unconditionally; no alg_info to check against Sep 21 07:33:26.849727: | Oakley Transform 0 accepted Sep 21 07:33:26.849728: | ****emit IPsec DOI SIT: Sep 21 07:33:26.849730: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) Sep 21 07:33:26.849731: | ****emit ISAKMP Proposal Payload: Sep 21 07:33:26.849733: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:26.849734: | proposal number: 0 (0x0) Sep 21 07:33:26.849736: | protocol ID: PROTO_ISAKMP (0x1) Sep 21 07:33:26.849737: | SPI size: 0 (0x0) Sep 21 07:33:26.849738: | number of transforms: 1 (0x1) Sep 21 07:33:26.849740: | last substructure: saving location 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' Sep 21 07:33:26.849742: | *****emit ISAKMP Transform Payload (ISAKMP): Sep 21 07:33:26.849743: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:26.849745: | ISAKMP transform number: 0 (0x0) Sep 21 07:33:26.849747: | ISAKMP transform ID: KEY_IKE (0x1) Sep 21 07:33:26.849748: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' Sep 21 07:33:26.849750: | emitting 28 raw bytes of attributes into ISAKMP Transform Payload (ISAKMP) Sep 21 07:33:26.849752: | attributes 80 0b 00 01 80 0c 0e 10 80 01 00 07 80 02 00 04 Sep 21 07:33:26.849753: | attributes 80 03 00 03 80 04 00 0e 80 0e 01 00 Sep 21 07:33:26.849755: | emitting length of ISAKMP Transform Payload (ISAKMP): 36 Sep 21 07:33:26.849756: | emitting length of ISAKMP Proposal Payload: 44 Sep 21 07:33:26.849758: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ISAKMP)'.'next payload type' is 0 Sep 21 07:33:26.849759: | emitting length of ISAKMP Security Association Payload: 56 Sep 21 07:33:26.849761: | last substructure: checking 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' is 0 Sep 21 07:33:26.849762: | out_vid(): sending [FRAGMENTATION] Sep 21 07:33:26.849764: | ***emit ISAKMP Vendor ID Payload: Sep 21 07:33:26.849765: | next payload type: ISAKMP_NEXT_VID (0xd) Sep 21 07:33:26.849767: | next payload chain: ignoring supplied 'ISAKMP Vendor ID Payload'.'next payload type' value 13:ISAKMP_NEXT_VID Sep 21 07:33:26.849769: | next payload chain: setting previous 'ISAKMP Security Association Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) Sep 21 07:33:26.849770: | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' Sep 21 07:33:26.849772: | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload Sep 21 07:33:26.849774: | V_ID 40 48 b7 d5 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3 Sep 21 07:33:26.849775: | emitting length of ISAKMP Vendor ID Payload: 20 Sep 21 07:33:26.849776: | out_vid(): sending [Dead Peer Detection] Sep 21 07:33:26.849778: | ***emit ISAKMP Vendor ID Payload: Sep 21 07:33:26.849779: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:26.849781: | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) Sep 21 07:33:26.849806: | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' Sep 21 07:33:26.849810: | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload Sep 21 07:33:26.849811: | V_ID af ca d7 13 68 a1 f1 c9 6b 86 96 fc 77 57 01 00 Sep 21 07:33:26.849813: | emitting length of ISAKMP Vendor ID Payload: 20 Sep 21 07:33:26.849814: | out_vid(): sending [RFC 3947] Sep 21 07:33:26.849816: | ***emit ISAKMP Vendor ID Payload: Sep 21 07:33:26.849817: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:26.849819: | next payload chain: setting previous 'ISAKMP Vendor ID Payload'.'next payload type' to current ISAKMP Vendor ID Payload (13:ISAKMP_NEXT_VID) Sep 21 07:33:26.849821: | next payload chain: saving location 'ISAKMP Vendor ID Payload'.'next payload type' in 'reply packet' Sep 21 07:33:26.849835: | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload Sep 21 07:33:26.849836: | V_ID 4a 13 1c 81 07 03 58 45 5c 57 28 f2 0e 95 45 2f Sep 21 07:33:26.849838: | emitting length of ISAKMP Vendor ID Payload: 20 Sep 21 07:33:26.849839: | no IKEv1 message padding required Sep 21 07:33:26.849841: | emitting length of ISAKMP Message: 144 Sep 21 07:33:26.849844: | complete v1 state transition with STF_OK Sep 21 07:33:26.849847: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in complete_v1_state_transition() at ikev1.c:2649) Sep 21 07:33:26.849848: | #1 is idle Sep 21 07:33:26.849850: | doing_xauth:no, t_xauth_client_done:no Sep 21 07:33:26.849851: | peer supports fragmentation Sep 21 07:33:26.849853: | peer supports DPD Sep 21 07:33:26.849854: | IKEv1: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 Sep 21 07:33:26.849859: | parent state #1: MAIN_R0(half-open IKE SA) => MAIN_R1(open IKE SA) Sep 21 07:33:26.849861: | event_already_set, deleting event Sep 21 07:33:26.849864: | sending reply packet to 192.1.3.33:500 (from 192.1.2.23:500) Sep 21 07:33:26.849869: | sending 144 bytes for STATE_MAIN_R0 through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) Sep 21 07:33:26.849871: | 18 31 dd 30 0d 3e 37 d5 85 08 f7 50 ae 24 38 ea Sep 21 07:33:26.849872: | 01 10 02 00 00 00 00 00 00 00 00 90 0d 00 00 38 Sep 21 07:33:26.849874: | 00 00 00 01 00 00 00 01 00 00 00 2c 00 01 00 01 Sep 21 07:33:26.849875: | 00 00 00 24 00 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 21 07:33:26.849876: | 80 01 00 07 80 02 00 04 80 03 00 03 80 04 00 0e Sep 21 07:33:26.849877: | 80 0e 01 00 0d 00 00 14 40 48 b7 d5 6e bc e8 85 Sep 21 07:33:26.849879: | 25 e7 de 7f 00 d6 c2 d3 0d 00 00 14 af ca d7 13 Sep 21 07:33:26.849880: | 68 a1 f1 c9 6b 86 96 fc 77 57 01 00 00 00 00 14 Sep 21 07:33:26.849881: | 4a 13 1c 81 07 03 58 45 5c 57 28 f2 0e 95 45 2f Sep 21 07:33:26.849907: | !event_already_set at reschedule Sep 21 07:33:26.849910: | event_schedule: new EVENT_SO_DISCARD-pe@0x560974870420 Sep 21 07:33:26.849913: | inserting event EVENT_SO_DISCARD, timeout in 60 seconds for #1 Sep 21 07:33:26.849915: | libevent_malloc: new ptr-libevent@0x56097486a230 size 128 Sep 21 07:33:26.849919: "northnet-eastnets/0x2" #1: STATE_MAIN_R1: sent MR1, expecting MI2 Sep 21 07:33:26.849920: | modecfg pull: noquirk policy:push not-client Sep 21 07:33:26.849922: | phase 1 is done, looking for phase 2 to unpend Sep 21 07:33:26.849925: | stop processing: from 192.1.3.33:500 (BACKGROUND) (in process_md() at demux.c:380) Sep 21 07:33:26.849927: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in process_md() at demux.c:382) Sep 21 07:33:26.849929: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:33:26.849932: | spent 0.546 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:33:26.851298: | spent 0.0021 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:33:26.851312: | *received 396 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) Sep 21 07:33:26.851314: | 18 31 dd 30 0d 3e 37 d5 85 08 f7 50 ae 24 38 ea Sep 21 07:33:26.851316: | 04 10 02 00 00 00 00 00 00 00 01 8c 0a 00 01 04 Sep 21 07:33:26.851317: | 62 c7 76 58 93 78 a3 90 b7 78 55 d6 12 dc ef 15 Sep 21 07:33:26.851318: | 19 ff f3 f0 00 48 40 c5 a5 a7 d8 cf 53 e9 ea ee Sep 21 07:33:26.851320: | b5 19 2e cd 6f 37 82 20 0b 26 92 5a 71 9d 74 4e Sep 21 07:33:26.851321: | e9 b2 92 a6 3c 99 a2 c5 b8 fe f6 5a 34 57 4c 31 Sep 21 07:33:26.851322: | 3f 0a 51 a2 72 57 a8 36 1e 59 04 b0 38 4f 5f 00 Sep 21 07:33:26.851324: | 29 a5 0a 16 a5 eb 50 8c 8a 03 50 17 a2 92 47 ce Sep 21 07:33:26.851325: | 8d b5 28 04 1f 6c b0 7d b7 da 5e 51 17 b7 c5 dd Sep 21 07:33:26.851327: | 93 88 76 a7 9f 4c d1 93 d9 d9 89 47 4a eb 1d 6c Sep 21 07:33:26.851328: | 00 ea 34 0d d7 82 5e 37 d1 a2 26 fa d3 48 7a 97 Sep 21 07:33:26.851329: | ce 94 9e 56 dd ef dc 3f 2b e4 d5 68 54 88 77 e5 Sep 21 07:33:26.851331: | 16 d0 8c 06 9f ec c7 f4 18 df 7a 2b f1 64 15 89 Sep 21 07:33:26.851332: | 1d 98 21 95 11 54 ab bc 48 cb bd f4 56 6a 7e 7d Sep 21 07:33:26.851333: | 4e 22 83 cd ac ac e0 f3 b9 b4 32 7f 8c a1 8c 80 Sep 21 07:33:26.851335: | 11 07 c9 cc ba a5 7d 81 52 fe fc df 3d 85 48 20 Sep 21 07:33:26.851336: | 63 a0 fc 56 f6 33 c9 47 ed d8 b4 0a 09 7e 1e cf Sep 21 07:33:26.851337: | 35 6c 71 21 ca a6 28 c3 02 1e 1f 41 9c 80 26 12 Sep 21 07:33:26.851339: | 14 00 00 24 36 b6 ca 66 05 22 db 05 10 a1 24 7b Sep 21 07:33:26.851340: | 24 b8 4f 0e 66 17 90 08 18 ff 99 6e 94 fb 32 a4 Sep 21 07:33:26.851341: | ae bc 77 f0 14 00 00 24 27 18 9e 1c a1 21 d9 42 Sep 21 07:33:26.851343: | 22 d5 49 da 07 43 df 78 be c2 8e 57 d8 1b e7 89 Sep 21 07:33:26.851344: | 16 36 fb 3c a1 85 4e 28 00 00 00 24 b5 57 f4 6d Sep 21 07:33:26.851348: | 16 48 8e f7 66 0d 1e e5 93 a1 9b d6 c3 4b 28 58 Sep 21 07:33:26.851349: | ba a9 7d 08 2a e6 a9 5b 00 a1 13 a4 Sep 21 07:33:26.851352: | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) Sep 21 07:33:26.851354: | **parse ISAKMP Message: Sep 21 07:33:26.851356: | initiator cookie: Sep 21 07:33:26.851357: | 18 31 dd 30 0d 3e 37 d5 Sep 21 07:33:26.851359: | responder cookie: Sep 21 07:33:26.851360: | 85 08 f7 50 ae 24 38 ea Sep 21 07:33:26.851362: | next payload type: ISAKMP_NEXT_KE (0x4) Sep 21 07:33:26.851363: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:33:26.851365: | exchange type: ISAKMP_XCHG_IDPROT (0x2) Sep 21 07:33:26.851367: | flags: none (0x0) Sep 21 07:33:26.851368: | Message ID: 0 (0x0) Sep 21 07:33:26.851370: | length: 396 (0x18c) Sep 21 07:33:26.851371: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) Sep 21 07:33:26.851374: | State DB: found IKEv1 state #1 in MAIN_R1 (find_state_ikev1) Sep 21 07:33:26.851377: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in process_v1_packet() at ikev1.c:1435) Sep 21 07:33:26.851378: | #1 is idle Sep 21 07:33:26.851380: | #1 idle Sep 21 07:33:26.851382: | got payload 0x10 (ISAKMP_NEXT_KE) needed: 0x410 opt: 0x102080 Sep 21 07:33:26.851384: | ***parse ISAKMP Key Exchange Payload: Sep 21 07:33:26.851385: | next payload type: ISAKMP_NEXT_NONCE (0xa) Sep 21 07:33:26.851387: | length: 260 (0x104) Sep 21 07:33:26.851388: | got payload 0x400 (ISAKMP_NEXT_NONCE) needed: 0x400 opt: 0x102080 Sep 21 07:33:26.851390: | ***parse ISAKMP Nonce Payload: Sep 21 07:33:26.851391: | next payload type: ISAKMP_NEXT_NATD_RFC (0x14) Sep 21 07:33:26.851393: | length: 36 (0x24) Sep 21 07:33:26.851395: | got payload 0x100000 (ISAKMP_NEXT_NATD_RFC) needed: 0x0 opt: 0x102080 Sep 21 07:33:26.851396: | ***parse ISAKMP NAT-D Payload: Sep 21 07:33:26.851398: | next payload type: ISAKMP_NEXT_NATD_RFC (0x14) Sep 21 07:33:26.851399: | length: 36 (0x24) Sep 21 07:33:26.851401: | got payload 0x100000 (ISAKMP_NEXT_NATD_RFC) needed: 0x0 opt: 0x102080 Sep 21 07:33:26.851402: | ***parse ISAKMP NAT-D Payload: Sep 21 07:33:26.851403: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:26.851405: | length: 36 (0x24) Sep 21 07:33:26.851406: | message 'main_inI2_outR2' HASH payload not checked early Sep 21 07:33:26.851410: | init checking NAT-T: enabled; RFC 3947 (NAT-Traversal) Sep 21 07:33:26.851420: | natd_hash: hasher=0x560974012c40(32) Sep 21 07:33:26.851422: | natd_hash: icookie= 18 31 dd 30 0d 3e 37 d5 Sep 21 07:33:26.851423: | natd_hash: rcookie= 85 08 f7 50 ae 24 38 ea Sep 21 07:33:26.851425: | natd_hash: ip= c0 01 02 17 Sep 21 07:33:26.851426: | natd_hash: port= 01 f4 Sep 21 07:33:26.851428: | natd_hash: hash= 27 18 9e 1c a1 21 d9 42 22 d5 49 da 07 43 df 78 Sep 21 07:33:26.851429: | natd_hash: hash= be c2 8e 57 d8 1b e7 89 16 36 fb 3c a1 85 4e 28 Sep 21 07:33:26.851433: | natd_hash: hasher=0x560974012c40(32) Sep 21 07:33:26.851434: | natd_hash: icookie= 18 31 dd 30 0d 3e 37 d5 Sep 21 07:33:26.851436: | natd_hash: rcookie= 85 08 f7 50 ae 24 38 ea Sep 21 07:33:26.851437: | natd_hash: ip= c0 01 03 21 Sep 21 07:33:26.851438: | natd_hash: port= 01 f4 Sep 21 07:33:26.851440: | natd_hash: hash= b5 57 f4 6d 16 48 8e f7 66 0d 1e e5 93 a1 9b d6 Sep 21 07:33:26.851441: | natd_hash: hash= c3 4b 28 58 ba a9 7d 08 2a e6 a9 5b 00 a1 13 a4 Sep 21 07:33:26.851443: | expected NAT-D(me): 27 18 9e 1c a1 21 d9 42 22 d5 49 da 07 43 df 78 Sep 21 07:33:26.851444: | expected NAT-D(me): be c2 8e 57 d8 1b e7 89 16 36 fb 3c a1 85 4e 28 Sep 21 07:33:26.851446: | expected NAT-D(him): Sep 21 07:33:26.851447: | b5 57 f4 6d 16 48 8e f7 66 0d 1e e5 93 a1 9b d6 Sep 21 07:33:26.851448: | c3 4b 28 58 ba a9 7d 08 2a e6 a9 5b 00 a1 13 a4 Sep 21 07:33:26.851450: | received NAT-D: 27 18 9e 1c a1 21 d9 42 22 d5 49 da 07 43 df 78 Sep 21 07:33:26.851451: | received NAT-D: be c2 8e 57 d8 1b e7 89 16 36 fb 3c a1 85 4e 28 Sep 21 07:33:26.851455: | received NAT-D: b5 57 f4 6d 16 48 8e f7 66 0d 1e e5 93 a1 9b d6 Sep 21 07:33:26.851456: | received NAT-D: c3 4b 28 58 ba a9 7d 08 2a e6 a9 5b 00 a1 13 a4 Sep 21 07:33:26.851458: | NAT_TRAVERSAL encaps using auto-detect Sep 21 07:33:26.851459: | NAT_TRAVERSAL this end is NOT behind NAT Sep 21 07:33:26.851460: | NAT_TRAVERSAL that end is NOT behind NAT Sep 21 07:33:26.851462: | NAT_TRAVERSAL nat-keepalive enabled 192.1.3.33 Sep 21 07:33:26.851464: | NAT-Traversal: Result using RFC 3947 (NAT-Traversal) sender port 500: no NAT detected Sep 21 07:33:26.851465: | NAT_T_WITH_KA detected Sep 21 07:33:26.851468: | global one-shot timer EVENT_NAT_T_KEEPALIVE scheduled in 20 seconds Sep 21 07:33:26.851472: | adding inI2_outR2 KE work-order 1 for state #1 Sep 21 07:33:26.851474: | state #1 requesting EVENT_SO_DISCARD to be deleted Sep 21 07:33:26.851476: | libevent_free: release ptr-libevent@0x56097486a230 Sep 21 07:33:26.851478: | free_event_entry: release EVENT_SO_DISCARD-pe@0x560974870420 Sep 21 07:33:26.851480: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x560974870420 Sep 21 07:33:26.851482: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Sep 21 07:33:26.851484: | libevent_malloc: new ptr-libevent@0x56097486a230 size 128 Sep 21 07:33:26.851489: | complete v1 state transition with STF_SUSPEND Sep 21 07:33:26.851492: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in complete_v1_state_transition() at ikev1.c:2624) Sep 21 07:33:26.851494: | suspending state #1 and saving MD Sep 21 07:33:26.851495: | #1 is busy; has a suspended MD Sep 21 07:33:26.851499: | #1 spent 0.0891 milliseconds in process_packet_tail() Sep 21 07:33:26.851498: | crypto helper 1 resuming Sep 21 07:33:26.851509: | crypto helper 1 starting work-order 1 for state #1 Sep 21 07:33:26.851502: | stop processing: from 192.1.3.33:500 (BACKGROUND) (in process_md() at demux.c:380) Sep 21 07:33:26.851513: | crypto helper 1 doing build KE and nonce (inI2_outR2 KE); request ID 1 Sep 21 07:33:26.851519: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in process_md() at demux.c:382) Sep 21 07:33:26.851527: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:33:26.851530: | spent 0.22 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:33:26.852532: | crypto helper 1 finished build KE and nonce (inI2_outR2 KE); request ID 1 time elapsed 0.001019 seconds Sep 21 07:33:26.852542: | (#1) spent 1.02 milliseconds in crypto helper computing work-order 1: inI2_outR2 KE (pcr) Sep 21 07:33:26.852546: | crypto helper 1 sending results from work-order 1 for state #1 to event queue Sep 21 07:33:26.852548: | scheduling resume sending helper answer for #1 Sep 21 07:33:26.852552: | libevent_malloc: new ptr-libevent@0x7f8338006900 size 128 Sep 21 07:33:26.852559: | crypto helper 1 waiting (nothing to do) Sep 21 07:33:26.852587: | processing resume sending helper answer for #1 Sep 21 07:33:26.852596: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:797) Sep 21 07:33:26.852599: | crypto helper 1 replies to request ID 1 Sep 21 07:33:26.852601: | calling continuation function 0x560973f3c630 Sep 21 07:33:26.852603: | main_inI2_outR2_continue for #1: calculated ke+nonce, sending R2 Sep 21 07:33:26.852608: | **emit ISAKMP Message: Sep 21 07:33:26.852609: | initiator cookie: Sep 21 07:33:26.852611: | 18 31 dd 30 0d 3e 37 d5 Sep 21 07:33:26.852612: | responder cookie: Sep 21 07:33:26.852614: | 85 08 f7 50 ae 24 38 ea Sep 21 07:33:26.852616: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:26.852618: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:33:26.852620: | exchange type: ISAKMP_XCHG_IDPROT (0x2) Sep 21 07:33:26.852622: | flags: none (0x0) Sep 21 07:33:26.852624: | Message ID: 0 (0x0) Sep 21 07:33:26.852627: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:33:26.852632: | ***emit ISAKMP Key Exchange Payload: Sep 21 07:33:26.852636: | next payload type: ISAKMP_NEXT_NONCE (0xa) Sep 21 07:33:26.852639: | next payload chain: ignoring supplied 'ISAKMP Key Exchange Payload'.'next payload type' value 10:ISAKMP_NEXT_NONCE Sep 21 07:33:26.852642: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Key Exchange Payload (4:ISAKMP_NEXT_KE) Sep 21 07:33:26.852645: | next payload chain: saving location 'ISAKMP Key Exchange Payload'.'next payload type' in 'reply packet' Sep 21 07:33:26.852649: | emitting 256 raw bytes of keyex value into ISAKMP Key Exchange Payload Sep 21 07:33:26.852652: | keyex value a5 f2 3a 12 d3 48 4e e9 ed 67 3c 1e c5 bf d7 0a Sep 21 07:33:26.852655: | keyex value 58 f0 06 51 29 a7 69 48 82 82 f1 74 09 14 f0 38 Sep 21 07:33:26.852657: | keyex value 8a 6c 99 e2 5c 4e 74 0e c5 91 c8 f1 83 22 b1 7f Sep 21 07:33:26.852660: | keyex value 3f 76 51 e4 66 59 a2 d2 ac 9d ca 35 73 45 64 3f Sep 21 07:33:26.852662: | keyex value 44 41 d8 e0 c8 6d 97 a3 90 5f 9a d8 27 53 92 31 Sep 21 07:33:26.852665: | keyex value 6d a6 6b f8 b5 ca 74 98 17 60 9f 20 f2 03 60 ad Sep 21 07:33:26.852668: | keyex value 0b dc d9 91 e9 0e 8c 0b 15 5b 97 0d 9b ac 14 32 Sep 21 07:33:26.852670: | keyex value 7b 35 92 a0 f4 d8 fd 66 9d f1 d8 40 fa 9b 44 47 Sep 21 07:33:26.852673: | keyex value a1 cf 62 1a 94 b3 50 b6 50 05 09 02 d9 a2 1a ec Sep 21 07:33:26.852675: | keyex value eb 5d e3 80 33 c8 96 b8 28 7b 3b 46 29 ed 77 9f Sep 21 07:33:26.852678: | keyex value 4b 28 93 13 ae 11 52 e7 f7 4f 00 40 a2 02 d9 99 Sep 21 07:33:26.852681: | keyex value 12 b7 25 ad ba b7 83 20 54 28 14 a3 78 c2 d5 db Sep 21 07:33:26.852683: | keyex value 57 cc 56 ea dc 25 c5 9f d8 73 14 54 dd 8a fa e4 Sep 21 07:33:26.852685: | keyex value a1 bf c3 12 a7 51 57 93 53 11 d7 2a 52 56 10 bf Sep 21 07:33:26.852688: | keyex value 14 78 e8 bc c9 8d 26 0c 63 84 91 01 f0 b4 2c f8 Sep 21 07:33:26.852690: | keyex value ac d0 cd cf 38 42 3f 02 02 01 d4 63 c8 90 9c 76 Sep 21 07:33:26.852693: | emitting length of ISAKMP Key Exchange Payload: 260 Sep 21 07:33:26.852696: | ***emit ISAKMP Nonce Payload: Sep 21 07:33:26.852698: | next payload type: ISAKMP_NEXT_CR (0x7) Sep 21 07:33:26.852702: | next payload chain: ignoring supplied 'ISAKMP Nonce Payload'.'next payload type' value 7:ISAKMP_NEXT_CR Sep 21 07:33:26.852705: | next payload chain: setting previous 'ISAKMP Key Exchange Payload'.'next payload type' to current ISAKMP Nonce Payload (10:ISAKMP_NEXT_NONCE) Sep 21 07:33:26.852708: | next payload chain: saving location 'ISAKMP Nonce Payload'.'next payload type' in 'reply packet' Sep 21 07:33:26.852711: | emitting 32 raw bytes of Nr into ISAKMP Nonce Payload Sep 21 07:33:26.852714: | Nr 48 12 cc f7 31 6f 90 37 45 08 4c 6f 45 df b5 21 Sep 21 07:33:26.852717: | Nr ff 5a 3d c8 e4 48 be 14 2f ac 26 c8 c2 ab 05 82 Sep 21 07:33:26.852719: | emitting length of ISAKMP Nonce Payload: 36 Sep 21 07:33:26.852722: | ***emit ISAKMP Certificate RequestPayload: Sep 21 07:33:26.852725: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:26.852728: | cert type: CERT_X509_SIGNATURE (0x4) Sep 21 07:33:26.852731: | next payload chain: setting previous 'ISAKMP Nonce Payload'.'next payload type' to current ISAKMP Certificate RequestPayload (7:ISAKMP_NEXT_CR) Sep 21 07:33:26.852734: | next payload chain: saving location 'ISAKMP Certificate RequestPayload'.'next payload type' in 'reply packet' Sep 21 07:33:26.852738: | emitting 175 raw bytes of CA into ISAKMP Certificate RequestPayload Sep 21 07:33:26.852740: | CA 30 81 ac 31 0b 30 09 06 03 55 04 06 13 02 43 41 Sep 21 07:33:26.852743: | CA 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 Sep 21 07:33:26.852746: | CA 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 Sep 21 07:33:26.852748: | CA 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c Sep 21 07:33:26.852751: | CA 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 Sep 21 07:33:26.852753: | CA 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 Sep 21 07:33:26.852756: | CA 6e 74 31 25 30 23 06 03 55 04 03 0c 1c 4c 69 62 Sep 21 07:33:26.852759: | CA 72 65 73 77 61 6e 20 74 65 73 74 20 43 41 20 66 Sep 21 07:33:26.852761: | CA 6f 72 20 6d 61 69 6e 63 61 31 24 30 22 06 09 2a Sep 21 07:33:26.852763: | CA 86 48 86 f7 0d 01 09 01 16 15 74 65 73 74 69 6e Sep 21 07:33:26.852765: | CA 67 40 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 Sep 21 07:33:26.852767: | emitting length of ISAKMP Certificate RequestPayload: 180 Sep 21 07:33:26.852770: | sending NAT-D payloads Sep 21 07:33:26.852781: | natd_hash: hasher=0x560974012c40(32) Sep 21 07:33:26.852788: | natd_hash: icookie= 18 31 dd 30 0d 3e 37 d5 Sep 21 07:33:26.852791: | natd_hash: rcookie= 85 08 f7 50 ae 24 38 ea Sep 21 07:33:26.852793: | natd_hash: ip= c0 01 03 21 Sep 21 07:33:26.852795: | natd_hash: port= 01 f4 Sep 21 07:33:26.852797: | natd_hash: hash= b5 57 f4 6d 16 48 8e f7 66 0d 1e e5 93 a1 9b d6 Sep 21 07:33:26.852800: | natd_hash: hash= c3 4b 28 58 ba a9 7d 08 2a e6 a9 5b 00 a1 13 a4 Sep 21 07:33:26.852802: | ***emit ISAKMP NAT-D Payload: Sep 21 07:33:26.852804: | next payload type: ISAKMP_NEXT_NATD_RFC (0x14) Sep 21 07:33:26.852820: | next payload chain: ignoring supplied 'ISAKMP NAT-D Payload'.'next payload type' value 20:ISAKMP_NEXT_NATD_RFC Sep 21 07:33:26.852823: | next payload chain: setting previous 'ISAKMP Certificate RequestPayload'.'next payload type' to current ISAKMP NAT-D Payload (20:ISAKMP_NEXT_NATD_RFC) Sep 21 07:33:26.852825: | next payload chain: saving location 'ISAKMP NAT-D Payload'.'next payload type' in 'reply packet' Sep 21 07:33:26.852828: | emitting 32 raw bytes of NAT-D into ISAKMP NAT-D Payload Sep 21 07:33:26.852830: | NAT-D b5 57 f4 6d 16 48 8e f7 66 0d 1e e5 93 a1 9b d6 Sep 21 07:33:26.852832: | NAT-D c3 4b 28 58 ba a9 7d 08 2a e6 a9 5b 00 a1 13 a4 Sep 21 07:33:26.852835: | emitting length of ISAKMP NAT-D Payload: 36 Sep 21 07:33:26.852841: | natd_hash: hasher=0x560974012c40(32) Sep 21 07:33:26.852844: | natd_hash: icookie= 18 31 dd 30 0d 3e 37 d5 Sep 21 07:33:26.852846: | natd_hash: rcookie= 85 08 f7 50 ae 24 38 ea Sep 21 07:33:26.852848: | natd_hash: ip= c0 01 02 17 Sep 21 07:33:26.852850: | natd_hash: port= 01 f4 Sep 21 07:33:26.852866: | natd_hash: hash= 27 18 9e 1c a1 21 d9 42 22 d5 49 da 07 43 df 78 Sep 21 07:33:26.852868: | natd_hash: hash= be c2 8e 57 d8 1b e7 89 16 36 fb 3c a1 85 4e 28 Sep 21 07:33:26.852871: | ***emit ISAKMP NAT-D Payload: Sep 21 07:33:26.852873: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:26.852876: | next payload chain: setting previous 'ISAKMP NAT-D Payload'.'next payload type' to current ISAKMP NAT-D Payload (20:ISAKMP_NEXT_NATD_RFC) Sep 21 07:33:26.852878: | next payload chain: saving location 'ISAKMP NAT-D Payload'.'next payload type' in 'reply packet' Sep 21 07:33:26.852881: | emitting 32 raw bytes of NAT-D into ISAKMP NAT-D Payload Sep 21 07:33:26.852883: | NAT-D 27 18 9e 1c a1 21 d9 42 22 d5 49 da 07 43 df 78 Sep 21 07:33:26.852885: | NAT-D be c2 8e 57 d8 1b e7 89 16 36 fb 3c a1 85 4e 28 Sep 21 07:33:26.852887: | emitting length of ISAKMP NAT-D Payload: 36 Sep 21 07:33:26.852889: | no IKEv1 message padding required Sep 21 07:33:26.852891: | emitting length of ISAKMP Message: 576 Sep 21 07:33:26.852893: | main inI2_outR2: starting async DH calculation (group=14) Sep 21 07:33:26.852907: | started looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org of kind PKK_PSK Sep 21 07:33:26.852927: | actually looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org of kind PKK_PSK Sep 21 07:33:26.852933: | line 0: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org) to type PKK_RSA Sep 21 07:33:26.852941: | line 1: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org) to type PKK_RSA Sep 21 07:33:26.852944: | concluding with best_match=000 best=(nil) (lineno=-1) Sep 21 07:33:26.852946: | no PreShared Key Found Sep 21 07:33:26.852949: | adding main_inI2_outR2_tail work-order 2 for state #1 Sep 21 07:33:26.852951: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:33:26.852954: | libevent_free: release ptr-libevent@0x56097486a230 Sep 21 07:33:26.852957: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x560974870420 Sep 21 07:33:26.852959: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x560974870420 Sep 21 07:33:26.852963: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #1 Sep 21 07:33:26.852965: | libevent_malloc: new ptr-libevent@0x56097486a230 size 128 Sep 21 07:33:26.852972: | #1 main_inI2_outR2_continue1_tail:1158 st->st_calculating = FALSE; Sep 21 07:33:26.852975: | complete v1 state transition with STF_OK Sep 21 07:33:26.852994: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in complete_v1_state_transition() at ikev1.c:2649) Sep 21 07:33:26.852996: | #1 is idle; has background offloaded task Sep 21 07:33:26.852998: | doing_xauth:no, t_xauth_client_done:no Sep 21 07:33:26.853001: | IKEv1: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2 Sep 21 07:33:26.853002: | crypto helper 0 resuming Sep 21 07:33:26.853004: | parent state #1: MAIN_R1(open IKE SA) => MAIN_R2(open IKE SA) Sep 21 07:33:26.853021: | event_already_set, deleting event Sep 21 07:33:26.853026: | state #1 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:33:26.853031: | libevent_free: release ptr-libevent@0x56097486a230 Sep 21 07:33:26.853036: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x560974870420 Sep 21 07:33:26.853014: | crypto helper 0 starting work-order 2 for state #1 Sep 21 07:33:26.853044: | sending reply packet to 192.1.3.33:500 (from 192.1.2.23:500) Sep 21 07:33:26.853051: | crypto helper 0 doing compute dh+iv (V1 Phase 1) (main_inI2_outR2_tail); request ID 2 Sep 21 07:33:26.853063: | sending 576 bytes for STATE_MAIN_R1 through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) Sep 21 07:33:26.853067: | 18 31 dd 30 0d 3e 37 d5 85 08 f7 50 ae 24 38 ea Sep 21 07:33:26.853070: | 04 10 02 00 00 00 00 00 00 00 02 40 0a 00 01 04 Sep 21 07:33:26.853072: | a5 f2 3a 12 d3 48 4e e9 ed 67 3c 1e c5 bf d7 0a Sep 21 07:33:26.853073: | 58 f0 06 51 29 a7 69 48 82 82 f1 74 09 14 f0 38 Sep 21 07:33:26.853074: | 8a 6c 99 e2 5c 4e 74 0e c5 91 c8 f1 83 22 b1 7f Sep 21 07:33:26.853076: | 3f 76 51 e4 66 59 a2 d2 ac 9d ca 35 73 45 64 3f Sep 21 07:33:26.853077: | 44 41 d8 e0 c8 6d 97 a3 90 5f 9a d8 27 53 92 31 Sep 21 07:33:26.853078: | 6d a6 6b f8 b5 ca 74 98 17 60 9f 20 f2 03 60 ad Sep 21 07:33:26.853080: | 0b dc d9 91 e9 0e 8c 0b 15 5b 97 0d 9b ac 14 32 Sep 21 07:33:26.853081: | 7b 35 92 a0 f4 d8 fd 66 9d f1 d8 40 fa 9b 44 47 Sep 21 07:33:26.853082: | a1 cf 62 1a 94 b3 50 b6 50 05 09 02 d9 a2 1a ec Sep 21 07:33:26.853084: | eb 5d e3 80 33 c8 96 b8 28 7b 3b 46 29 ed 77 9f Sep 21 07:33:26.853085: | 4b 28 93 13 ae 11 52 e7 f7 4f 00 40 a2 02 d9 99 Sep 21 07:33:26.853086: | 12 b7 25 ad ba b7 83 20 54 28 14 a3 78 c2 d5 db Sep 21 07:33:26.853088: | 57 cc 56 ea dc 25 c5 9f d8 73 14 54 dd 8a fa e4 Sep 21 07:33:26.853089: | a1 bf c3 12 a7 51 57 93 53 11 d7 2a 52 56 10 bf Sep 21 07:33:26.853090: | 14 78 e8 bc c9 8d 26 0c 63 84 91 01 f0 b4 2c f8 Sep 21 07:33:26.853092: | ac d0 cd cf 38 42 3f 02 02 01 d4 63 c8 90 9c 76 Sep 21 07:33:26.853093: | 07 00 00 24 48 12 cc f7 31 6f 90 37 45 08 4c 6f Sep 21 07:33:26.853095: | 45 df b5 21 ff 5a 3d c8 e4 48 be 14 2f ac 26 c8 Sep 21 07:33:26.853096: | c2 ab 05 82 14 00 00 b4 04 30 81 ac 31 0b 30 09 Sep 21 07:33:26.853099: | 06 03 55 04 06 13 02 43 41 31 10 30 0e 06 03 55 Sep 21 07:33:26.853100: | 04 08 0c 07 4f 6e 74 61 72 69 6f 31 10 30 0e 06 Sep 21 07:33:26.853102: | 03 55 04 07 0c 07 54 6f 72 6f 6e 74 6f 31 12 30 Sep 21 07:33:26.853103: | 10 06 03 55 04 0a 0c 09 4c 69 62 72 65 73 77 61 Sep 21 07:33:26.853105: | 6e 31 18 30 16 06 03 55 04 0b 0c 0f 54 65 73 74 Sep 21 07:33:26.853107: | 20 44 65 70 61 72 74 6d 65 6e 74 31 25 30 23 06 Sep 21 07:33:26.853109: | 03 55 04 03 0c 1c 4c 69 62 72 65 73 77 61 6e 20 Sep 21 07:33:26.853111: | 74 65 73 74 20 43 41 20 66 6f 72 20 6d 61 69 6e Sep 21 07:33:26.853113: | 63 61 31 24 30 22 06 09 2a 86 48 86 f7 0d 01 09 Sep 21 07:33:26.853115: | 01 16 15 74 65 73 74 69 6e 67 40 6c 69 62 72 65 Sep 21 07:33:26.853117: | 73 77 61 6e 2e 6f 72 67 14 00 00 24 b5 57 f4 6d Sep 21 07:33:26.853119: | 16 48 8e f7 66 0d 1e e5 93 a1 9b d6 c3 4b 28 58 Sep 21 07:33:26.853121: | ba a9 7d 08 2a e6 a9 5b 00 a1 13 a4 00 00 00 24 Sep 21 07:33:26.853123: | 27 18 9e 1c a1 21 d9 42 22 d5 49 da 07 43 df 78 Sep 21 07:33:26.853125: | be c2 8e 57 d8 1b e7 89 16 36 fb 3c a1 85 4e 28 Sep 21 07:33:26.853152: | !event_already_set at reschedule Sep 21 07:33:26.853156: | event_schedule: new EVENT_RETRANSMIT-pe@0x560974870420 Sep 21 07:33:26.853160: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #1 Sep 21 07:33:26.853162: | libevent_malloc: new ptr-libevent@0x56097486a230 size 128 Sep 21 07:33:26.853166: | #1 STATE_MAIN_R2: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 49853.22142 Sep 21 07:33:26.853169: "northnet-eastnets/0x2" #1: STATE_MAIN_R2: sent MR2, expecting MI3 Sep 21 07:33:26.853171: | modecfg pull: noquirk policy:push not-client Sep 21 07:33:26.853173: | phase 1 is done, looking for phase 2 to unpend Sep 21 07:33:26.853177: | resume sending helper answer for #1 suppresed complete_v1_state_transition() Sep 21 07:33:26.853182: | #1 spent 0.557 milliseconds in resume sending helper answer Sep 21 07:33:26.853187: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:833) Sep 21 07:33:26.853190: | libevent_free: release ptr-libevent@0x7f8338006900 Sep 21 07:33:26.853858: | crypto helper 0 finished compute dh+iv (V1 Phase 1) (main_inI2_outR2_tail); request ID 2 time elapsed 0.000807 seconds Sep 21 07:33:26.853869: | (#1) spent 0.812 milliseconds in crypto helper computing work-order 2: main_inI2_outR2_tail (pcr) Sep 21 07:33:26.853872: | crypto helper 0 sending results from work-order 2 for state #1 to event queue Sep 21 07:33:26.853874: | scheduling resume sending helper answer for #1 Sep 21 07:33:26.853877: | libevent_malloc: new ptr-libevent@0x7f8330004f00 size 128 Sep 21 07:33:26.853884: | crypto helper 0 waiting (nothing to do) Sep 21 07:33:26.853892: | processing resume sending helper answer for #1 Sep 21 07:33:26.853902: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:797) Sep 21 07:33:26.853906: | crypto helper 0 replies to request ID 2 Sep 21 07:33:26.853909: | calling continuation function 0x560973f3c630 Sep 21 07:33:26.853911: | main_inI2_outR2_calcdone for #1: calculate DH finished Sep 21 07:33:26.853916: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in main_inI2_outR2_continue2() at ikev1_main.c:1008) Sep 21 07:33:26.853921: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in main_inI2_outR2_continue2() at ikev1_main.c:1021) Sep 21 07:33:26.853924: | resume sending helper answer for #1 suppresed complete_v1_state_transition() Sep 21 07:33:26.853929: | #1 spent 0.0217 milliseconds in resume sending helper answer Sep 21 07:33:26.853932: | processing: STOP state #0 (in resume_handler() at server.c:833) Sep 21 07:33:26.853935: | libevent_free: release ptr-libevent@0x7f8330004f00 Sep 21 07:33:26.861010: | spent 0.00308 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:33:26.861050: | *received 2028 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) Sep 21 07:33:26.861054: | 18 31 dd 30 0d 3e 37 d5 85 08 f7 50 ae 24 38 ea Sep 21 07:33:26.861056: | 05 10 02 01 00 00 00 00 00 00 07 ec d9 2f 98 ba Sep 21 07:33:26.861058: | ed 5f 27 3d c2 c9 65 6d b7 37 0b 68 2d 19 a4 4b Sep 21 07:33:26.861060: | 51 b4 01 55 d1 27 9a fb 87 c4 b0 00 59 e4 ef 90 Sep 21 07:33:26.861063: | a1 cc 2c 58 cf 0b 0e a9 32 df 76 4d d1 6a 59 a6 Sep 21 07:33:26.861065: | 2e 2b f4 53 e1 c8 3c 83 8d cb 56 84 61 d0 2a 23 Sep 21 07:33:26.861067: | 3f e2 b5 d1 b5 8f d1 9d 90 85 d1 18 6c 4f 53 a8 Sep 21 07:33:26.861070: | e8 b0 d2 47 df 29 b4 1e 9f c1 36 18 fa c2 db ff Sep 21 07:33:26.861072: | f9 ca 8d 9b 79 5d 17 c4 fe 31 75 ba a9 f2 6f 12 Sep 21 07:33:26.861074: | 98 3f 21 da 60 cb 01 3e 8f 00 2b 2c 72 31 fa 1a Sep 21 07:33:26.861076: | ca 96 53 c0 91 35 88 a3 43 77 d5 9d 1f 2d 07 67 Sep 21 07:33:26.861091: | ca 4f 2f 2a 28 4b 57 ae e5 0f df 5c 2e 2d 7e 1d Sep 21 07:33:26.861093: | 39 7c ed bd 8d ae c9 ef 2f 29 76 52 2d eb 4c d0 Sep 21 07:33:26.861095: | 91 d3 a6 a1 f8 42 5e 0a 3e e7 bf 40 26 8c ff b6 Sep 21 07:33:26.861097: | 4d 2e c7 19 19 01 7b 98 f2 ff 1c f5 e8 dc 2d b2 Sep 21 07:33:26.861100: | 15 d5 da e1 f3 b9 67 0a 05 07 f9 b2 7f 20 e8 0e Sep 21 07:33:26.861102: | d2 32 24 ad 91 50 2c 37 94 b5 b6 1d 9e ef 29 8d Sep 21 07:33:26.861104: | 37 54 b5 cb 63 14 f2 c5 89 7e fb 99 83 c9 be 98 Sep 21 07:33:26.861106: | 7a 2a ca 1d 26 8b 33 22 23 0f 92 12 4e ab e4 d4 Sep 21 07:33:26.861108: | 2a b0 4b fd 46 cb b4 54 4c 9a 9a b2 2e 33 31 df Sep 21 07:33:26.861111: | 86 a4 67 93 4e b4 7f da 91 73 f7 e1 f2 0f 22 31 Sep 21 07:33:26.861113: | 37 28 3a 4f 24 70 a1 f4 e8 6a 69 9e 9b 13 6e 8e Sep 21 07:33:26.861115: | 9e 35 54 b7 98 46 1d 12 c3 65 05 9a 66 0a c1 4b Sep 21 07:33:26.861117: | ea 0f c1 bd 86 43 3f 58 7c a0 40 12 a4 72 66 32 Sep 21 07:33:26.861119: | 7e af af 6c 67 e1 67 95 2d d1 36 85 66 9a 9f 56 Sep 21 07:33:26.861121: | df 3f 9d 4b 1e ae 48 17 da d1 21 47 c2 9c 18 11 Sep 21 07:33:26.861124: | d0 e9 3c 4b f7 a3 2b 8a c4 ee 7a 10 3c 2e 8c 28 Sep 21 07:33:26.861126: | ac f7 d9 34 b6 51 08 f8 66 98 22 2a c3 97 5e 19 Sep 21 07:33:26.861128: | 0f 53 ca e6 16 51 87 92 6e d8 dd bd 61 2a 97 ba Sep 21 07:33:26.861130: | 43 3b 9a 02 b9 86 d5 7d b2 12 f5 10 77 48 4d 42 Sep 21 07:33:26.861132: | 4c d8 ef 6d 78 5e 1d 7d 54 1c 33 4b 3c b5 60 a7 Sep 21 07:33:26.861134: | 19 1e 1a 25 00 75 63 f2 82 6d 99 fa a5 22 f4 cf Sep 21 07:33:26.861137: | e2 29 00 8c 4d 5f 05 76 5a d7 ac d9 6c 69 4d b6 Sep 21 07:33:26.861139: | a5 83 72 99 03 83 52 38 88 70 98 3f a1 a9 c0 66 Sep 21 07:33:26.861141: | 4b 7a a0 c4 f5 97 9a fc 87 a9 75 55 3f c9 23 7a Sep 21 07:33:26.861143: | aa 47 93 38 6d ac 63 19 f6 7f 79 b5 2c d2 a4 36 Sep 21 07:33:26.861145: | 5d ad 15 22 46 c2 e9 9e 57 a9 ec 31 d2 c4 62 b4 Sep 21 07:33:26.861148: | ff e4 b8 63 77 32 c4 e6 fc a9 8a a6 61 9d 0d 44 Sep 21 07:33:26.861150: | f3 e8 34 53 c8 37 4f 6e 2f 3b 39 98 4e bb c6 7f Sep 21 07:33:26.861152: | c2 6b 52 df ac d6 14 88 22 53 69 2b b4 2f e2 eb Sep 21 07:33:26.861154: | 68 7f 00 3b 22 b3 e7 15 ce 36 dd f6 45 a2 37 dd Sep 21 07:33:26.861156: | bd 38 86 6f 55 e1 46 51 2c 41 d3 c0 4a 57 25 0e Sep 21 07:33:26.861159: | be 57 ba 59 46 8e 70 a3 17 b1 05 f1 33 b3 fb c8 Sep 21 07:33:26.861161: | c4 ee c9 83 4c 02 44 ee a4 5c 38 b8 49 1a 73 01 Sep 21 07:33:26.861163: | 5d ca f5 03 25 ca c6 ff 8c 1a d2 dd ff 49 0c 96 Sep 21 07:33:26.861165: | d9 4d 35 1a 56 15 8c 80 ca d6 4e 03 3f 05 7f 55 Sep 21 07:33:26.861167: | b0 fb 99 7b 10 2a e2 1e 96 b5 eb 80 24 9b ea 00 Sep 21 07:33:26.861170: | 87 c2 6e 37 c5 d5 cd 13 99 a5 87 ab 04 63 af 4e Sep 21 07:33:26.861172: | 10 22 30 fe 01 e3 37 04 c2 7b be 1f 2d aa 5c 4c Sep 21 07:33:26.861174: | 97 92 a4 b7 f5 ac e8 3a d6 e8 ce 19 50 fd 28 dc Sep 21 07:33:26.861178: | 45 ab 0d 5a 2e 24 5b f4 4b 54 b2 b1 83 c8 e7 42 Sep 21 07:33:26.861180: | 69 de 49 b1 ed 8a da 18 8c e7 3a 75 1a 0a 27 65 Sep 21 07:33:26.861182: | 72 e0 e5 ff 2e e8 f6 51 51 89 36 bc 15 84 d4 cc Sep 21 07:33:26.861184: | 53 e6 f1 c6 d4 a7 8c 09 79 3d 9b 47 83 a3 4d ff Sep 21 07:33:26.861186: | ee 5a 55 c2 e3 ad 68 7c de 3a 6c 54 b8 b3 90 ab Sep 21 07:33:26.861189: | 22 97 d7 35 3f ae 1e a6 45 bb a6 b6 a7 b5 2c f4 Sep 21 07:33:26.861191: | e3 d9 be 57 cc 19 e1 35 58 73 f0 d9 b5 ec 3c a4 Sep 21 07:33:26.861193: | da 68 69 bd c2 01 20 57 90 60 9d 7d 83 dc 88 0c Sep 21 07:33:26.861195: | f0 f9 fc e5 11 2c fd a1 58 bc 44 a9 d7 38 c6 35 Sep 21 07:33:26.861197: | 8f ef 5f 98 db 47 31 3e 3f 24 46 05 24 cc 31 7a Sep 21 07:33:26.861200: | be 83 25 12 cc b4 f6 80 75 46 7e b5 ec 88 d5 59 Sep 21 07:33:26.861202: | 11 11 be a5 03 84 e7 1e 8d cd e9 52 42 ae 4a 6c Sep 21 07:33:26.861204: | 93 2e 5c 57 cd 8f f2 e9 b4 95 44 80 ce 3a d0 60 Sep 21 07:33:26.861206: | a5 36 8b fc 55 e3 9e 5f fa f1 cb 8f 7e 2b 4c 5b Sep 21 07:33:26.861209: | 5c 10 3a 35 6b 15 85 dc a6 78 63 d9 b4 8f c8 14 Sep 21 07:33:26.861211: | 23 52 fc 4f 58 2d ec d6 93 f1 e4 c7 2a c3 ef d4 Sep 21 07:33:26.861213: | df 63 9d c6 d1 f5 79 f6 ba 7b 07 c6 4c ec d6 21 Sep 21 07:33:26.861215: | 4f e5 2b aa 5f 0a 54 c9 af 1c ad 9c 3a d2 a8 c8 Sep 21 07:33:26.861217: | a8 e8 02 25 fe 64 76 a9 35 0c 97 e3 94 3f b5 38 Sep 21 07:33:26.861219: | a1 37 d1 bb 90 fa 12 ea 33 ec bf 2d 71 39 db 4c Sep 21 07:33:26.861222: | cb 8e b6 3f ab d8 a4 c2 f1 8d 98 af 6f ec 24 de Sep 21 07:33:26.861224: | 50 7e d0 20 0e 01 bd de 3a 87 77 3b fb 3e 2f 39 Sep 21 07:33:26.861226: | 3f cc c2 fb 88 98 8c ea 25 b6 62 29 67 cb 19 be Sep 21 07:33:26.861228: | 8e a9 1c 8a 87 55 60 c4 ef ea 1f 28 c1 4a d9 9b Sep 21 07:33:26.861230: | 14 e1 ff b6 c3 62 72 83 d5 88 5e 5a c3 c2 a1 e8 Sep 21 07:33:26.861233: | 7e 92 51 21 ad 06 6f 25 35 f1 72 ec f1 32 ae 8c Sep 21 07:33:26.861235: | c2 07 3b ff 96 67 3b 38 fe 82 4d d8 36 27 26 49 Sep 21 07:33:26.861237: | a6 46 9b 5b e7 9f 20 99 c6 fe 50 39 ac 9a 42 57 Sep 21 07:33:26.861239: | 8b 13 5b 21 f7 f1 f7 60 e2 c7 6a b2 8f 80 7b e0 Sep 21 07:33:26.861241: | f0 cd eb 3b 4f 88 e4 c6 c0 c9 d6 ea 66 ff 39 83 Sep 21 07:33:26.861243: | de 66 72 27 f2 57 45 25 99 d8 5c 18 13 4b 04 3d Sep 21 07:33:26.861246: | 58 5b 7a 9b 99 39 09 9a 94 90 60 ba ea ae 70 9d Sep 21 07:33:26.861248: | 92 31 83 c4 b0 6c 81 0a c0 4c f7 cc 58 f3 1f ec Sep 21 07:33:26.861250: | fa e6 56 47 72 eb ee 84 e1 03 6d 57 d9 63 fc 13 Sep 21 07:33:26.861252: | 01 e8 7d 5d c8 a8 cc 3f 70 41 41 97 fb c3 4a c8 Sep 21 07:33:26.861254: | 1e 00 a1 e1 19 1c 7c 19 5e 14 55 e8 44 03 a4 29 Sep 21 07:33:26.861256: | 21 82 42 de 18 46 dd 85 d4 31 f9 c9 3c 0d 9a 4e Sep 21 07:33:26.861259: | 9b 2a ed 22 9b 6a 47 e9 92 5b ff 18 14 d9 0e 7a Sep 21 07:33:26.861261: | e0 bf 5a 2b 05 f3 bb d3 01 06 86 6e c9 26 34 be Sep 21 07:33:26.861263: | a7 56 76 ab 14 9b 09 73 9f 96 21 70 52 95 5d 0d Sep 21 07:33:26.861265: | 0b b5 05 f5 da 38 38 0c a8 a0 3f 3b fe 38 37 0f Sep 21 07:33:26.861268: | 98 e2 e8 52 75 63 a5 f5 0f c0 66 16 e8 1a cc 88 Sep 21 07:33:26.861270: | a4 13 ce aa 16 6a 5e 8f 91 95 c2 a5 5a e3 6c 8e Sep 21 07:33:26.861272: | 4c a4 b2 2c c1 6e 91 c8 91 f4 6a d8 a0 b2 cf 02 Sep 21 07:33:26.861274: | e5 01 25 4a 87 96 8e 77 9d 80 53 57 d5 55 35 ff Sep 21 07:33:26.861277: | 1d cd a9 d9 29 6b f3 e1 9d a3 00 d0 a1 8c 6c c0 Sep 21 07:33:26.861279: | 74 04 46 1b 23 47 a1 7b 7b 57 bd 23 09 01 a2 ac Sep 21 07:33:26.861281: | 20 38 e8 dd 76 78 5e 9c fa 99 74 b1 cb 3e 7a 03 Sep 21 07:33:26.861283: | 2a 3d da 0a 84 2b ef 65 8e b8 bd 60 09 82 91 5c Sep 21 07:33:26.861285: | 5f 23 a5 ef 8f 35 28 31 f7 16 69 52 4b 73 86 43 Sep 21 07:33:26.861288: | 02 b1 7f 04 37 5e f0 d3 66 e5 03 f9 72 74 a6 d0 Sep 21 07:33:26.861290: | f2 58 87 76 39 21 35 b1 27 43 4c d0 bd 67 cd e8 Sep 21 07:33:26.861293: | f6 61 f2 91 2d 0b 00 ec 3f 0d 2a 84 d6 30 8e 00 Sep 21 07:33:26.861295: | be 94 2d 07 11 91 c0 78 0a 78 99 31 c9 38 fc 6d Sep 21 07:33:26.861298: | 54 31 dc 12 97 85 49 48 b0 16 51 3f 6d f9 ce b5 Sep 21 07:33:26.861300: | 3d 53 1a e6 42 c8 f6 fe 74 cd 97 d9 83 3e 76 32 Sep 21 07:33:26.861302: | 6e 76 21 b4 32 9f dd 47 4a e6 04 d6 af 94 75 15 Sep 21 07:33:26.861304: | 55 8b e8 16 8a 8e 57 2d 07 b5 b2 28 49 ac 80 30 Sep 21 07:33:26.861306: | 24 81 5a b0 bf e0 eb 03 b2 63 2e 95 23 a2 a8 46 Sep 21 07:33:26.861309: | 77 d8 81 c4 54 3d d9 97 e0 df cb 5f ba 86 81 df Sep 21 07:33:26.861311: | d5 89 1b e6 f0 db 9f 7e 47 f4 2e 6d bf 41 6a 90 Sep 21 07:33:26.861313: | c6 d7 95 a4 a6 fb 05 01 1b 1a d3 97 dd ec b6 38 Sep 21 07:33:26.861315: | 6d ce 4e 98 52 0c 5b ce 8c 5e f5 a5 26 1d 4c 04 Sep 21 07:33:26.861317: | 8b 36 0c 7d 31 11 dd 18 c5 51 0a 11 aa 2e 45 29 Sep 21 07:33:26.861319: | f9 0f c6 74 f8 27 04 63 3a 38 7f 50 92 32 9d 4c Sep 21 07:33:26.861322: | d1 7c fa eb 22 ea 83 82 37 68 46 ab 1b 96 20 be Sep 21 07:33:26.861324: | f3 e0 df 58 18 85 1b 63 ad 86 1a 0b 94 ff a9 54 Sep 21 07:33:26.861326: | 0a d3 63 dc 15 d9 c9 3e c5 f4 fd 44 f6 db fb f6 Sep 21 07:33:26.861328: | 15 94 ce 7e 70 23 13 3c a5 6c 1d c2 92 db 52 56 Sep 21 07:33:26.861330: | 66 d6 ee 21 e7 0b 70 80 39 0d d1 a2 9d fc aa 37 Sep 21 07:33:26.861332: | f9 7b 86 ce 0d 6c 65 b3 84 cb 54 47 77 f0 9d b5 Sep 21 07:33:26.861335: | f5 32 5d 74 a5 11 2d ca 05 47 14 eb 4b 21 31 d5 Sep 21 07:33:26.861337: | f2 b1 7f 07 5b 1e 75 35 b6 b7 c7 c9 a5 29 1d db Sep 21 07:33:26.861339: | 7d 71 40 51 69 c6 63 f5 f9 50 c2 66 f9 76 85 7e Sep 21 07:33:26.861341: | b4 bd 98 76 c9 e7 8d c1 21 4a eb 19 31 17 b2 70 Sep 21 07:33:26.861343: | d3 21 3e 39 82 17 4f d2 e4 77 9f 0c 86 cd ad 74 Sep 21 07:33:26.861346: | 26 ab 4e 6f 3f 68 c8 73 c0 df 82 1c Sep 21 07:33:26.861351: | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) Sep 21 07:33:26.861354: | **parse ISAKMP Message: Sep 21 07:33:26.861357: | initiator cookie: Sep 21 07:33:26.861359: | 18 31 dd 30 0d 3e 37 d5 Sep 21 07:33:26.861361: | responder cookie: Sep 21 07:33:26.861363: | 85 08 f7 50 ae 24 38 ea Sep 21 07:33:26.861366: | next payload type: ISAKMP_NEXT_ID (0x5) Sep 21 07:33:26.861368: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:33:26.861371: | exchange type: ISAKMP_XCHG_IDPROT (0x2) Sep 21 07:33:26.861373: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Sep 21 07:33:26.861376: | Message ID: 0 (0x0) Sep 21 07:33:26.861378: | length: 2028 (0x7ec) Sep 21 07:33:26.861381: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2) Sep 21 07:33:26.861385: | State DB: found IKEv1 state #1 in MAIN_R2 (find_state_ikev1) Sep 21 07:33:26.861390: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in process_v1_packet() at ikev1.c:1435) Sep 21 07:33:26.861393: | #1 is idle Sep 21 07:33:26.861395: | #1 idle Sep 21 07:33:26.861399: | received encrypted packet from 192.1.3.33:500 Sep 21 07:33:26.861417: | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x220 opt: 0x20c0 Sep 21 07:33:26.861420: | ***parse ISAKMP Identification Payload: Sep 21 07:33:26.861422: | next payload type: ISAKMP_NEXT_CERT (0x6) Sep 21 07:33:26.861425: | length: 193 (0xc1) Sep 21 07:33:26.861427: | ID type: ID_DER_ASN1_DN (0x9) Sep 21 07:33:26.861429: | DOI specific A: 0 (0x0) Sep 21 07:33:26.861431: | DOI specific B: 0 (0x0) Sep 21 07:33:26.861434: | obj: 30 81 b6 31 0b 30 09 06 03 55 04 06 13 02 43 41 Sep 21 07:33:26.861436: | obj: 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 Sep 21 07:33:26.861438: | obj: 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 Sep 21 07:33:26.861441: | obj: 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c Sep 21 07:33:26.861443: | obj: 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 Sep 21 07:33:26.861447: | obj: 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 Sep 21 07:33:26.861449: | obj: 6e 74 31 24 30 22 06 03 55 04 03 0c 1b 6e 6f 72 Sep 21 07:33:26.861451: | obj: 74 68 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 Sep 21 07:33:26.861454: | obj: 73 77 61 6e 2e 6f 72 67 31 2f 30 2d 06 09 2a 86 Sep 21 07:33:26.861456: | obj: 48 86 f7 0d 01 09 01 16 20 75 73 65 72 2d 6e 6f Sep 21 07:33:26.861458: | obj: 72 74 68 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 Sep 21 07:33:26.861460: | obj: 65 73 77 61 6e 2e 6f 72 67 Sep 21 07:33:26.861463: | got payload 0x40 (ISAKMP_NEXT_CERT) needed: 0x200 opt: 0x20c0 Sep 21 07:33:26.861465: | ***parse ISAKMP Certificate Payload: Sep 21 07:33:26.861468: | next payload type: ISAKMP_NEXT_CR (0x7) Sep 21 07:33:26.861470: | length: 1232 (0x4d0) Sep 21 07:33:26.861472: | cert encoding: CERT_X509_SIGNATURE (0x4) Sep 21 07:33:26.861475: | got payload 0x80 (ISAKMP_NEXT_CR) needed: 0x200 opt: 0x20c0 Sep 21 07:33:26.861477: | ***parse ISAKMP Certificate RequestPayload: Sep 21 07:33:26.861480: | next payload type: ISAKMP_NEXT_SIG (0x9) Sep 21 07:33:26.861482: | length: 180 (0xb4) Sep 21 07:33:26.861484: | cert type: CERT_X509_SIGNATURE (0x4) Sep 21 07:33:26.861487: | got payload 0x200 (ISAKMP_NEXT_SIG) needed: 0x200 opt: 0x20c0 Sep 21 07:33:26.861489: | ***parse ISAKMP Signature Payload: Sep 21 07:33:26.861491: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:26.861493: | length: 388 (0x184) Sep 21 07:33:26.861496: | removing 7 bytes of padding Sep 21 07:33:26.861498: | message 'main_inI3_outR3' HASH payload not checked early Sep 21 07:33:26.861502: | DER ASN1 DN: 30 81 b6 31 0b 30 09 06 03 55 04 06 13 02 43 41 Sep 21 07:33:26.861505: | DER ASN1 DN: 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 Sep 21 07:33:26.861507: | DER ASN1 DN: 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 Sep 21 07:33:26.861509: | DER ASN1 DN: 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c Sep 21 07:33:26.861512: | DER ASN1 DN: 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 Sep 21 07:33:26.861514: | DER ASN1 DN: 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 Sep 21 07:33:26.861516: | DER ASN1 DN: 6e 74 31 24 30 22 06 03 55 04 03 0c 1b 6e 6f 72 Sep 21 07:33:26.861518: | DER ASN1 DN: 74 68 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 Sep 21 07:33:26.861521: | DER ASN1 DN: 73 77 61 6e 2e 6f 72 67 31 2f 30 2d 06 09 2a 86 Sep 21 07:33:26.861523: | DER ASN1 DN: 48 86 f7 0d 01 09 01 16 20 75 73 65 72 2d 6e 6f Sep 21 07:33:26.861525: | DER ASN1 DN: 72 74 68 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 Sep 21 07:33:26.861527: | DER ASN1 DN: 65 73 77 61 6e 2e 6f 72 67 Sep 21 07:33:26.861538: "northnet-eastnets/0x2" #1: Peer ID is ID_DER_ASN1_DN: 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' Sep 21 07:33:26.861543: | global one-shot timer EVENT_FREE_ROOT_CERTS scheduled in 300 seconds Sep 21 07:33:26.861546: loading root certificate cache Sep 21 07:33:26.864859: | spent 3.29 milliseconds in get_root_certs() calling PK11_ListCertsInSlot() Sep 21 07:33:26.864891: | spent 0.02 milliseconds in get_root_certs() filtering CAs Sep 21 07:33:26.864896: | #1 spent 3.34 milliseconds in find_and_verify_certs() calling get_root_certs() Sep 21 07:33:26.864900: | checking for known CERT payloads Sep 21 07:33:26.864902: | saving certificate of type 'X509_SIGNATURE' Sep 21 07:33:26.864941: | decoded cert: E=user-north@testing.libreswan.org,CN=north.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA Sep 21 07:33:26.864947: | #1 spent 0.046 milliseconds in find_and_verify_certs() calling decode_cert_payloads() Sep 21 07:33:26.864951: | cert_issuer_has_current_crl: looking for a CRL issued by E=testing@libreswan.org,CN=Libreswan test CA for mainca,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA Sep 21 07:33:26.864995: | #1 spent 0.0427 milliseconds in find_and_verify_certs() calling crl_update_check() Sep 21 07:33:26.865001: | missing or expired CRL Sep 21 07:33:26.865003: | crl_strict: 0, ocsp: 0, ocsp_strict: 0, ocsp_post: 0 Sep 21 07:33:26.865005: | verify_end_cert trying profile IPsec Sep 21 07:33:26.865124: | certificate is valid (profile IPsec) Sep 21 07:33:26.865129: | #1 spent 0.125 milliseconds in find_and_verify_certs() calling verify_end_cert() Sep 21 07:33:26.865145: "northnet-eastnets/0x2" #1: certificate verified OK: E=user-north@testing.libreswan.org,CN=north.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA Sep 21 07:33:26.865193: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x560974871010 Sep 21 07:33:26.865196: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x560974871230 Sep 21 07:33:26.865197: | get_pluto_gn_from_nss_cert: allocated pluto_gn 0x56097486a2c0 Sep 21 07:33:26.865302: | unreference key: 0x5609748758b0 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org cnt 1-- Sep 21 07:33:26.865308: | #1 spent 0.16 milliseconds in decode_certs() calling add_pubkey_from_nss_cert() Sep 21 07:33:26.865311: | #1 spent 3.75 milliseconds in decode_certs() Sep 21 07:33:26.865320: | ID_DER_ASN1_DN 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' needs further ID comparison against 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' Sep 21 07:33:26.865323: | ID_DER_ASN1_DN 'E=user-north@testing.libreswan.org,CN=north.testing.libreswan.org,OU=Test Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA' matched our ID 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' Sep 21 07:33:26.865324: | SAN ID matched, updating that.cert Sep 21 07:33:26.865326: | X509: CERT and ID matches current connection Sep 21 07:33:26.865328: | CR 30 81 ac 31 0b 30 09 06 03 55 04 06 13 02 43 41 Sep 21 07:33:26.865329: | CR 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 Sep 21 07:33:26.865331: | CR 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 Sep 21 07:33:26.865332: | CR 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c Sep 21 07:33:26.865333: | CR 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 Sep 21 07:33:26.865335: | CR 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 Sep 21 07:33:26.865336: | CR 6e 74 31 25 30 23 06 03 55 04 03 0c 1c 4c 69 62 Sep 21 07:33:26.865337: | CR 72 65 73 77 61 6e 20 74 65 73 74 20 43 41 20 66 Sep 21 07:33:26.865339: | CR 6f 72 20 6d 61 69 6e 63 61 31 24 30 22 06 09 2a Sep 21 07:33:26.865340: | CR 86 48 86 f7 0d 01 09 01 16 15 74 65 73 74 69 6e Sep 21 07:33:26.865342: | CR 67 40 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 Sep 21 07:33:26.865346: | requested CA: 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:33:26.865349: | refine_host_connection for IKEv1: starting with "northnet-eastnets/0x2" Sep 21 07:33:26.865354: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:33:26.865358: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:33:26.865363: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:33:26.865367: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:33:26.865369: | refine_host_connection: happy with starting point: "northnet-eastnets/0x2" Sep 21 07:33:26.865370: | The remote did not specify an IDr and our current connection is good enough Sep 21 07:33:26.865375: | offered CA: 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:33:26.865403: | required RSA CA is 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:33:26.865412: | checking RSA keyid 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' for match with 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' Sep 21 07:33:26.865417: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:33:26.865421: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:33:26.865425: | RSA key issuer CA is 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:33:26.865526: | an RSA Sig check passed with *AwEAAbrCE [remote certificates] Sep 21 07:33:26.865530: | #1 spent 0.102 milliseconds in try_all_keys() trying a pubkey Sep 21 07:33:26.865532: "northnet-eastnets/0x2" #1: Authenticated using RSA Sep 21 07:33:26.865534: | thinking about whether to send my certificate: Sep 21 07:33:26.865536: | I have RSA key: OAKLEY_RSA_SIG cert.type: CERT_X509_SIGNATURE Sep 21 07:33:26.865537: | sendcert: CERT_ALWAYSSEND and I did not get a certificate request Sep 21 07:33:26.865539: | so send cert. Sep 21 07:33:26.865543: | **emit ISAKMP Message: Sep 21 07:33:26.865545: | initiator cookie: Sep 21 07:33:26.865546: | 18 31 dd 30 0d 3e 37 d5 Sep 21 07:33:26.865547: | responder cookie: Sep 21 07:33:26.865549: | 85 08 f7 50 ae 24 38 ea Sep 21 07:33:26.865551: | next payload type: ISAKMP_NEXT_ID (0x5) Sep 21 07:33:26.865552: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:33:26.865554: | exchange type: ISAKMP_XCHG_IDPROT (0x2) Sep 21 07:33:26.865556: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Sep 21 07:33:26.865557: | Message ID: 0 (0x0) Sep 21 07:33:26.865559: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:33:26.865561: | next payload chain: ignoring supplied 'ISAKMP Message'.'next payload type' value 5:ISAKMP_NEXT_ID Sep 21 07:33:26.865563: | ***emit ISAKMP Identification Payload (IPsec DOI): Sep 21 07:33:26.865565: | next payload type: ISAKMP_NEXT_CERT (0x6) Sep 21 07:33:26.865566: | ID type: ID_DER_ASN1_DN (0x9) Sep 21 07:33:26.865568: | Protocol ID: 0 (0x0) Sep 21 07:33:26.865569: | port: 0 (0x0) Sep 21 07:33:26.865571: | next payload chain: ignoring supplied 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' value 6:ISAKMP_NEXT_CERT Sep 21 07:33:26.865573: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) Sep 21 07:33:26.865575: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' Sep 21 07:33:26.865577: | emitting 183 raw bytes of my identity into ISAKMP Identification Payload (IPsec DOI) Sep 21 07:33:26.865578: | my identity 30 81 b4 31 0b 30 09 06 03 55 04 06 13 02 43 41 Sep 21 07:33:26.865580: | my identity 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 Sep 21 07:33:26.865581: | my identity 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 Sep 21 07:33:26.865583: | my identity 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c Sep 21 07:33:26.865584: | my identity 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 Sep 21 07:33:26.865586: | my identity 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 Sep 21 07:33:26.865587: | my identity 6e 74 31 23 30 21 06 03 55 04 03 0c 1a 65 61 73 Sep 21 07:33:26.865588: | my identity 74 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 Sep 21 07:33:26.865591: | my identity 77 61 6e 2e 6f 72 67 31 2e 30 2c 06 09 2a 86 48 Sep 21 07:33:26.865593: | my identity 86 f7 0d 01 09 01 16 1f 75 73 65 72 2d 65 61 73 Sep 21 07:33:26.865594: | my identity 74 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 Sep 21 07:33:26.865595: | my identity 77 61 6e 2e 6f 72 67 Sep 21 07:33:26.865597: | emitting length of ISAKMP Identification Payload (IPsec DOI): 191 Sep 21 07:33:26.865599: "northnet-eastnets/0x2" #1: I am sending my cert Sep 21 07:33:26.865600: | ***emit ISAKMP Certificate Payload: Sep 21 07:33:26.865602: | next payload type: ISAKMP_NEXT_SIG (0x9) Sep 21 07:33:26.865604: | cert encoding: CERT_X509_SIGNATURE (0x4) Sep 21 07:33:26.865605: | next payload chain: ignoring supplied 'ISAKMP Certificate Payload'.'next payload type' value 9:ISAKMP_NEXT_SIG Sep 21 07:33:26.865607: | next payload chain: setting previous 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' to current ISAKMP Certificate Payload (6:ISAKMP_NEXT_CERT) Sep 21 07:33:26.865609: | next payload chain: saving location 'ISAKMP Certificate Payload'.'next payload type' in 'reply packet' Sep 21 07:33:26.865611: | emitting 1260 raw bytes of CERT into ISAKMP Certificate Payload Sep 21 07:33:26.865612: | CERT 30 82 04 e8 30 82 04 51 a0 03 02 01 02 02 01 03 Sep 21 07:33:26.865614: | CERT 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 Sep 21 07:33:26.865615: | CERT 81 ac 31 0b 30 09 06 03 55 04 06 13 02 43 41 31 Sep 21 07:33:26.865616: | CERT 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 61 72 69 Sep 21 07:33:26.865618: | CERT 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 6f 72 6f Sep 21 07:33:26.865619: | CERT 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c 09 4c 69 Sep 21 07:33:26.865620: | CERT 62 72 65 73 77 61 6e 31 18 30 16 06 03 55 04 0b Sep 21 07:33:26.865622: | CERT 0c 0f 54 65 73 74 20 44 65 70 61 72 74 6d 65 6e Sep 21 07:33:26.865623: | CERT 74 31 25 30 23 06 03 55 04 03 0c 1c 4c 69 62 72 Sep 21 07:33:26.865624: | CERT 65 73 77 61 6e 20 74 65 73 74 20 43 41 20 66 6f Sep 21 07:33:26.865626: | CERT 72 20 6d 61 69 6e 63 61 31 24 30 22 06 09 2a 86 Sep 21 07:33:26.865627: | CERT 48 86 f7 0d 01 09 01 16 15 74 65 73 74 69 6e 67 Sep 21 07:33:26.865629: | CERT 40 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 30 22 Sep 21 07:33:26.865630: | CERT 18 0f 32 30 31 39 30 39 31 35 31 39 34 34 35 39 Sep 21 07:33:26.865631: | CERT 5a 18 0f 32 30 32 32 30 39 31 34 31 39 34 34 35 Sep 21 07:33:26.865633: | CERT 39 5a 30 81 b4 31 0b 30 09 06 03 55 04 06 13 02 Sep 21 07:33:26.865634: | CERT 43 41 31 10 30 0e 06 03 55 04 08 0c 07 4f 6e 74 Sep 21 07:33:26.865635: | CERT 61 72 69 6f 31 10 30 0e 06 03 55 04 07 0c 07 54 Sep 21 07:33:26.865637: | CERT 6f 72 6f 6e 74 6f 31 12 30 10 06 03 55 04 0a 0c Sep 21 07:33:26.865638: | CERT 09 4c 69 62 72 65 73 77 61 6e 31 18 30 16 06 03 Sep 21 07:33:26.865639: | CERT 55 04 0b 0c 0f 54 65 73 74 20 44 65 70 61 72 74 Sep 21 07:33:26.865641: | CERT 6d 65 6e 74 31 23 30 21 06 03 55 04 03 0c 1a 65 Sep 21 07:33:26.865642: | CERT 61 73 74 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 Sep 21 07:33:26.865644: | CERT 65 73 77 61 6e 2e 6f 72 67 31 2e 30 2c 06 09 2a Sep 21 07:33:26.865645: | CERT 86 48 86 f7 0d 01 09 01 16 1f 75 73 65 72 2d 65 Sep 21 07:33:26.865646: | CERT 61 73 74 40 74 65 73 74 69 6e 67 2e 6c 69 62 72 Sep 21 07:33:26.865648: | CERT 65 73 77 61 6e 2e 6f 72 67 30 82 01 a2 30 0d 06 Sep 21 07:33:26.865649: | CERT 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 8f Sep 21 07:33:26.865650: | CERT 00 30 82 01 8a 02 82 01 81 00 b0 0d 9e ca 2d 55 Sep 21 07:33:26.865652: | CERT 24 59 06 37 09 58 0d 06 ab 90 5e 98 7c 00 0b 66 Sep 21 07:33:26.865653: | CERT 73 f4 12 27 69 75 6e d4 8d 13 e9 c6 e9 4f c4 b1 Sep 21 07:33:26.865654: | CERT 19 1a 1a 4f e6 4e 06 da 29 ec cf 8d 4c c3 c3 57 Sep 21 07:33:26.865656: | CERT c0 24 57 83 7a 1b 7f 96 a3 21 66 67 52 68 8e 77 Sep 21 07:33:26.865657: | CERT b9 bb f6 9b d2 43 11 57 c9 d6 ca e2 39 73 93 ea Sep 21 07:33:26.865658: | CERT 99 99 f7 52 38 4d 58 69 7f a5 18 9b ff 66 72 6c Sep 21 07:33:26.865662: | CERT df 6d df 18 50 cf 10 98 a3 f5 f9 69 27 5b 3f bd Sep 21 07:33:26.865664: | CERT 0f 34 18 93 99 1a be 8a 46 84 37 69 71 7f a7 df Sep 21 07:33:26.865665: | CERT d0 9d b2 9d ad 80 0f d0 1a 40 cb ff 37 20 ac ac Sep 21 07:33:26.865666: | CERT 3d a9 8e 56 56 cf 25 c0 5e 55 52 86 5a c5 b4 ce Sep 21 07:33:26.865668: | CERT a8 dd 95 cf ab 38 91 f6 1f 9f 83 36 d5 3f 8c d3 Sep 21 07:33:26.865669: | CERT 1d f5 3f 23 3c d2 5c 87 23 bc 6a 67 f7 00 c3 96 Sep 21 07:33:26.865670: | CERT 3f 76 5c b9 8e 6f 2b 16 90 2c 00 c0 05 a0 e2 8d Sep 21 07:33:26.865672: | CERT 57 d5 76 34 7f 6f be e8 48 79 08 91 a8 17 72 1f Sep 21 07:33:26.865673: | CERT c0 1c 8a 52 a8 18 aa 32 3c 9a e4 d9 90 58 25 5e Sep 21 07:33:26.865674: | CERT 4c 49 8e cb 7a 33 19 d2 87 1a 2a 8e b5 04 f7 f9 Sep 21 07:33:26.865676: | CERT cd 80 8c 59 ae 34 61 c5 1d de 53 65 fe 4f f3 f4 Sep 21 07:33:26.865677: | CERT 09 f2 b4 21 7a 2b eb 1f 4a f2 5f 85 3a f0 f8 2b Sep 21 07:33:26.865679: | CERT 3b 42 5b da 89 c1 ef b2 81 18 2a 4b 57 a2 ca 63 Sep 21 07:33:26.865680: | CERT 8b a7 60 8e 54 95 c3 20 5c e5 53 f0 4a 57 df 41 Sep 21 07:33:26.865681: | CERT fa 06 e6 ab 4e 0b 46 49 14 0d db b0 dc 10 2e 6d Sep 21 07:33:26.865683: | CERT 5f 52 cb 75 36 1b e2 1d 9d 77 0f 73 9d 0a 64 07 Sep 21 07:33:26.865684: | CERT 84 f4 0e 0a 98 97 58 c4 40 f6 1b ac a3 be 21 aa Sep 21 07:33:26.865685: | CERT 67 3a 2b b1 0e b7 9a 36 ff 67 02 03 01 00 01 a3 Sep 21 07:33:26.865687: | CERT 82 01 06 30 82 01 02 30 09 06 03 55 1d 13 04 02 Sep 21 07:33:26.865688: | CERT 30 00 30 47 06 03 55 1d 11 04 40 30 3e 82 1a 65 Sep 21 07:33:26.865689: | CERT 61 73 74 2e 74 65 73 74 69 6e 67 2e 6c 69 62 72 Sep 21 07:33:26.865691: | CERT 65 73 77 61 6e 2e 6f 72 67 81 1a 65 61 73 74 40 Sep 21 07:33:26.865692: | CERT 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 Sep 21 07:33:26.865693: | CERT 6e 2e 6f 72 67 87 04 c0 01 02 17 30 0b 06 03 55 Sep 21 07:33:26.865695: | CERT 1d 0f 04 04 03 02 07 80 30 1d 06 03 55 1d 25 04 Sep 21 07:33:26.865696: | CERT 16 30 14 06 08 2b 06 01 05 05 07 03 01 06 08 2b Sep 21 07:33:26.865697: | CERT 06 01 05 05 07 03 02 30 41 06 08 2b 06 01 05 05 Sep 21 07:33:26.865699: | CERT 07 01 01 04 35 30 33 30 31 06 08 2b 06 01 05 05 Sep 21 07:33:26.865700: | CERT 07 30 01 86 25 68 74 74 70 3a 2f 2f 6e 69 63 2e Sep 21 07:33:26.865701: | CERT 74 65 73 74 69 6e 67 2e 6c 69 62 72 65 73 77 61 Sep 21 07:33:26.865703: | CERT 6e 2e 6f 72 67 3a 32 35 36 30 30 3d 06 03 55 1d Sep 21 07:33:26.865704: | CERT 1f 04 36 30 34 30 32 a0 30 a0 2e 86 2c 68 74 74 Sep 21 07:33:26.865706: | CERT 70 3a 2f 2f 6e 69 63 2e 74 65 73 74 69 6e 67 2e Sep 21 07:33:26.865707: | CERT 6c 69 62 72 65 73 77 61 6e 2e 6f 72 67 2f 72 65 Sep 21 07:33:26.865708: | CERT 76 6f 6b 65 64 2e 63 72 6c 30 0d 06 09 2a 86 48 Sep 21 07:33:26.865710: | CERT 86 f7 0d 01 01 0b 05 00 03 81 81 00 bf 3c 12 c5 Sep 21 07:33:26.865711: | CERT 00 3e 71 2a 2b 2b 60 83 b9 b9 f2 4d b1 ca 0e fd Sep 21 07:33:26.865712: | CERT b4 e0 0b 6a ad 54 d7 c9 98 57 e0 5c 26 4d bf 11 Sep 21 07:33:26.865714: | CERT 23 20 79 05 b6 1b 9b 09 ed 4f 2e fd 7e da 55 53 Sep 21 07:33:26.865715: | CERT b6 8c 88 fa f3 9b ce ec ef 95 37 11 70 ce 1c 98 Sep 21 07:33:26.865716: | CERT d3 d5 cf f6 30 71 44 78 fb 45 03 69 50 d5 a5 c3 Sep 21 07:33:26.865718: | CERT de 00 4c f7 0a 7d 00 cb 3a ab 11 74 6b 57 67 4d Sep 21 07:33:26.865719: | CERT e7 c0 3a 97 98 44 e2 15 9d f2 6f 1b c7 b1 15 d0 Sep 21 07:33:26.865720: | CERT 88 c4 dc 32 b7 72 1d 9c ac 1b 37 63 Sep 21 07:33:26.865722: | emitting length of ISAKMP Certificate Payload: 1265 Sep 21 07:33:26.865746: | started looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org of kind PKK_RSA Sep 21 07:33:26.865792: | searching for certificate PKK_RSA:AwEAAbANn vs PKK_RSA:AwEAAbANn Sep 21 07:33:26.873028: | ***emit ISAKMP Signature Payload: Sep 21 07:33:26.873043: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:26.873047: | next payload chain: setting previous 'ISAKMP Certificate Payload'.'next payload type' to current ISAKMP Signature Payload (9:ISAKMP_NEXT_SIG) Sep 21 07:33:26.873051: | next payload chain: saving location 'ISAKMP Signature Payload'.'next payload type' in 'reply packet' Sep 21 07:33:26.873054: | emitting 384 raw bytes of SIG_R into ISAKMP Signature Payload Sep 21 07:33:26.873057: | SIG_R 76 bc 35 48 27 d7 ee 0d d8 a6 7c 6d 7c 1a 70 af Sep 21 07:33:26.873060: | SIG_R dc a1 fa fb d2 ea f9 01 16 64 fc 5c 88 43 e1 54 Sep 21 07:33:26.873062: | SIG_R 25 66 a6 e5 83 7e 7a c6 8e 1b 19 36 c4 1e 82 af Sep 21 07:33:26.873064: | SIG_R 23 2a 9c f2 6f e8 f5 15 61 80 32 56 f9 4c 0b f4 Sep 21 07:33:26.873067: | SIG_R ef 74 b0 19 1c a8 81 7c be 0c 45 20 24 a4 1c 5d Sep 21 07:33:26.873069: | SIG_R fb 4a 6b 23 6b 20 92 9c f8 f6 42 c1 e3 e3 d7 19 Sep 21 07:33:26.873071: | SIG_R 87 b7 02 6a ca e1 5c 11 8f 8a e3 64 77 5f 05 c2 Sep 21 07:33:26.873074: | SIG_R 9d 9e 7f cd ab c5 45 2a 45 d5 92 ef cb f0 4f d7 Sep 21 07:33:26.873076: | SIG_R 14 d2 7d f7 74 9f e7 5b 8f 92 b9 a0 1b d7 b0 68 Sep 21 07:33:26.873078: | SIG_R 5d 6c 53 88 6a 5b dd 08 27 72 ed 8f 61 bc 39 24 Sep 21 07:33:26.873080: | SIG_R 45 85 db f5 1a 76 b1 d2 59 fb aa b2 ec b4 c2 4e Sep 21 07:33:26.873083: | SIG_R bc 69 c7 1f c4 55 e9 11 bc ba af b0 6c 47 99 22 Sep 21 07:33:26.873085: | SIG_R 63 01 04 a7 84 d6 90 1c 13 ac 72 cd 8c 35 f5 e7 Sep 21 07:33:26.873087: | SIG_R 17 bc 53 62 bc bf 3f c3 b4 3e ff bd 45 89 d7 32 Sep 21 07:33:26.873090: | SIG_R f1 47 9c 36 56 ad b3 2c cb 44 78 88 6c 96 78 ec Sep 21 07:33:26.873092: | SIG_R d6 56 56 d4 df cd 4f e3 ea f0 24 2f ef 2f b6 9f Sep 21 07:33:26.873094: | SIG_R 0f cb a2 97 6a 52 89 53 4e 8b 24 ee 93 1d 9f 9d Sep 21 07:33:26.873096: | SIG_R bb 32 c5 78 ed 0e a5 fc ab 5a 7a 88 f5 5a 64 1b Sep 21 07:33:26.873099: | SIG_R 37 00 46 08 c0 e6 b8 a5 c0 44 ce 83 b7 cb 03 8f Sep 21 07:33:26.873101: | SIG_R f4 6a de a2 02 24 e9 c2 00 e7 a4 70 ce 12 85 61 Sep 21 07:33:26.873103: | SIG_R 14 48 a0 03 03 64 94 aa fb 4f 1f 1e e0 f2 3b 4a Sep 21 07:33:26.873106: | SIG_R b9 0a 90 2e ce c9 76 5e 43 9b 8e a0 07 70 bf 96 Sep 21 07:33:26.873108: | SIG_R e3 31 f9 cf 73 8e 41 57 e5 d7 01 1c 66 b6 3c 43 Sep 21 07:33:26.873110: | SIG_R 32 ae 65 fa 28 e6 38 f0 fb e1 94 43 a5 cb 82 be Sep 21 07:33:26.873113: | emitting length of ISAKMP Signature Payload: 388 Sep 21 07:33:26.873116: | emitting 12 zero bytes of encryption padding into ISAKMP Message Sep 21 07:33:26.873119: | no IKEv1 message padding required Sep 21 07:33:26.873121: | emitting length of ISAKMP Message: 1884 Sep 21 07:33:26.873141: | FOR_EACH_CONNECTION_... in ISAKMP_SA_established Sep 21 07:33:26.873236: | complete v1 state transition with STF_OK Sep 21 07:33:26.873245: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in complete_v1_state_transition() at ikev1.c:2649) Sep 21 07:33:26.873248: | #1 is idle Sep 21 07:33:26.873251: | doing_xauth:no, t_xauth_client_done:no Sep 21 07:33:26.873253: | IKEv1: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3 Sep 21 07:33:26.873257: | parent state #1: MAIN_R2(open IKE SA) => MAIN_R3(established IKE SA) Sep 21 07:33:26.873259: | event_already_set, deleting event Sep 21 07:33:26.873262: | state #1 requesting EVENT_RETRANSMIT to be deleted Sep 21 07:33:26.873265: | #1 STATE_MAIN_R3: retransmits: cleared Sep 21 07:33:26.873270: | libevent_free: release ptr-libevent@0x56097486a230 Sep 21 07:33:26.873273: | free_event_entry: release EVENT_RETRANSMIT-pe@0x560974870420 Sep 21 07:33:26.873278: | sending reply packet to 192.1.3.33:500 (from 192.1.2.23:500) Sep 21 07:33:26.873286: | sending 1884 bytes for STATE_MAIN_R2 through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) Sep 21 07:33:26.873292: | 18 31 dd 30 0d 3e 37 d5 85 08 f7 50 ae 24 38 ea Sep 21 07:33:26.873295: | 05 10 02 01 00 00 00 00 00 00 07 5c 46 4e 29 47 Sep 21 07:33:26.873297: | 6e a0 2d c1 90 6b 96 21 80 e3 3d bb 67 35 fa e7 Sep 21 07:33:26.873299: | dc 66 b7 a5 0c ab 4d aa 2a 82 ca ed de 33 13 d9 Sep 21 07:33:26.873301: | a6 bd f9 d7 51 db 1a 16 22 1e 79 e2 45 6b c6 35 Sep 21 07:33:26.873303: | ed b0 d0 0e 86 13 c9 17 f6 61 88 e7 6a 93 1a d7 Sep 21 07:33:26.873306: | d7 4a 94 07 b1 f3 3c 7a fb 6a 48 35 df 96 6a 97 Sep 21 07:33:26.873308: | b3 21 56 8f 29 f6 13 f1 4e b0 8e f7 7e 35 21 f5 Sep 21 07:33:26.873310: | 4f e2 2d 5f 27 6b ac df eb a2 55 bb 57 e5 7e b3 Sep 21 07:33:26.873312: | 11 36 99 3e 24 78 a3 ab f4 f2 13 c6 8e aa d9 69 Sep 21 07:33:26.873315: | aa 44 0d 9d c1 f2 7a b9 33 7c 79 a6 78 8d db 51 Sep 21 07:33:26.873317: | 30 eb 1d c5 64 a4 07 6a 55 88 b2 56 e6 cd 1b a9 Sep 21 07:33:26.873319: | 2f ea 15 2e 3c 86 e3 1f 80 82 96 9e 86 f2 23 4d Sep 21 07:33:26.873321: | b6 6f 5c 1b bb e8 bd 46 dc 99 7d 8f 51 21 6e 9c Sep 21 07:33:26.873324: | 7e f3 ab 0e 08 b2 e5 02 65 11 be 6f 0f 15 32 cc Sep 21 07:33:26.873326: | 9b a9 1d 91 a0 68 3b 2a 71 9e 53 a3 b5 fd 0c c0 Sep 21 07:33:26.873328: | 18 43 d7 f5 a8 b2 13 be 8f 94 9e c6 ab 27 de 08 Sep 21 07:33:26.873331: | 11 85 e9 94 2b db 97 39 44 0b f4 1d 8a 30 28 f6 Sep 21 07:33:26.873333: | 6a ed 36 9c 55 99 ed 72 d2 43 dc ad 1b 25 da 45 Sep 21 07:33:26.873335: | be 65 dd 86 d3 8b c9 4a e0 f9 43 ae 8a 58 dd 48 Sep 21 07:33:26.873337: | 31 98 44 f4 c1 f6 42 86 de 29 c4 72 8f a1 44 45 Sep 21 07:33:26.873339: | 60 ac 9b 51 22 7c 78 5c 83 cc 65 b4 a3 dd 59 f1 Sep 21 07:33:26.873341: | 98 0f 0c b9 f7 0d c4 81 d4 db 6d be cf 91 19 ef Sep 21 07:33:26.873344: | d3 c1 11 9e e7 d3 69 cf e2 aa ea 44 21 95 01 2f Sep 21 07:33:26.873346: | ca fc fd 88 f3 01 86 17 05 68 87 7a 26 b2 18 9f Sep 21 07:33:26.873348: | d9 df ee 64 10 f6 31 a4 3e cd 89 c3 d7 64 47 ff Sep 21 07:33:26.873350: | 18 89 33 79 bb 1e 8b eb a4 65 07 e6 1b 8b 9b a9 Sep 21 07:33:26.873353: | 2b 21 e2 fa ae 9a 9d b5 8b ac 64 3d 20 cc 7e 8e Sep 21 07:33:26.873355: | be 73 f1 f4 df 41 f8 6c 53 7b 52 c5 da a2 15 f2 Sep 21 07:33:26.873357: | 91 13 e9 20 bb 3a 66 b6 62 7c e4 ec fb 4b 84 dd Sep 21 07:33:26.873360: | 4e 60 dc 6a c5 ce 26 e0 11 a1 5c 18 41 12 a7 68 Sep 21 07:33:26.873362: | fe 69 98 32 3f 27 f8 6e 73 5e 43 5c 73 d1 cd da Sep 21 07:33:26.873364: | 3d 4c 02 b0 48 9b de 68 2d 81 5e 9b bd ad 5a c6 Sep 21 07:33:26.873366: | 1e 41 11 da 0d 77 9b b6 1e 49 66 1b 4f f3 b5 e4 Sep 21 07:33:26.873369: | af 73 3d fa 0a 57 9b 5e 0c 65 25 27 fd b0 55 ac Sep 21 07:33:26.873371: | e0 87 9b 9f 21 17 49 e7 b3 fe bb ee 2b f6 3e 30 Sep 21 07:33:26.873373: | 83 fd ec 83 9c 55 2f 55 b7 a9 c3 44 2f e3 e1 e1 Sep 21 07:33:26.873376: | e9 18 65 5b 22 d3 04 f0 98 3b 5a 23 9e bb b3 e2 Sep 21 07:33:26.873378: | 2d 2d 16 d0 04 85 73 df d9 d3 1f 37 cb 39 aa 9c Sep 21 07:33:26.873380: | 09 b2 7f 99 e8 80 65 7e 30 3e 03 78 81 52 eb ae Sep 21 07:33:26.873382: | 56 0f 8a df 86 aa d0 16 51 e2 15 c6 5f 3d 0a a9 Sep 21 07:33:26.873384: | 73 f8 0c d3 76 81 58 63 2d 6d 3f 4b 09 b0 0a 67 Sep 21 07:33:26.873387: | 34 93 dd a3 10 29 55 70 85 55 b4 50 51 a8 95 15 Sep 21 07:33:26.873389: | b6 42 ce 99 c0 d0 5d d6 6c 98 73 29 d7 cd 65 80 Sep 21 07:33:26.873391: | 40 58 6c 1b bd c4 2d 42 9b fc 28 e2 0f 31 56 cc Sep 21 07:33:26.873393: | 3c b4 ff d1 6a 26 32 95 39 06 f0 47 a9 30 23 0b Sep 21 07:33:26.873396: | 03 5e 87 39 cb 66 c6 c8 e4 04 aa 99 4a 40 81 ad Sep 21 07:33:26.873398: | 1f 70 75 ce 27 a5 d3 62 27 2d a6 bc 72 dc 25 e1 Sep 21 07:33:26.873400: | 4b a6 ba f1 f3 72 6c 62 d9 0a 90 78 3d a7 1c 3c Sep 21 07:33:26.873402: | 5b f0 2e 94 55 3b cf 68 9a 19 cf 92 8c 15 b3 7f Sep 21 07:33:26.873405: | 88 63 e9 28 c8 fb 87 5e 2d 28 78 1e 4a 92 14 bf Sep 21 07:33:26.873407: | 9f 29 e6 8b 63 80 4b 00 91 da e8 77 6f 36 3c b4 Sep 21 07:33:26.873411: | ac b0 9a eb 18 3c d4 e4 86 79 da ee 08 62 20 3c Sep 21 07:33:26.873414: | 22 1f 1a 0e fa fa 3a f7 e1 cb 8f cb 73 46 20 dd Sep 21 07:33:26.873416: | c9 71 4e 36 af 41 ee 4f 14 3b ae d4 f5 db 4f 97 Sep 21 07:33:26.873418: | 49 2b f0 a9 5b e8 94 2c 98 a4 3a 8a 2b be 7c f4 Sep 21 07:33:26.873421: | 03 2b 73 db 9a 2a 2a f1 ea c6 21 d6 68 04 bf 43 Sep 21 07:33:26.873423: | de 23 49 39 97 28 5e 25 ac 9e 79 39 10 b6 7a 58 Sep 21 07:33:26.873425: | 77 d1 74 f8 ce 6c 22 f2 80 79 88 3d 1a f3 e1 5b Sep 21 07:33:26.873427: | 13 67 28 7c 83 62 51 d9 1c fa ba dd 51 f3 9c 65 Sep 21 07:33:26.873430: | e8 52 bb d4 d1 2a 4c a5 68 fe 59 14 ef d4 e3 48 Sep 21 07:33:26.873432: | 67 a6 f8 b7 b7 d0 b3 41 77 d0 15 a1 23 90 8f 5a Sep 21 07:33:26.873434: | 82 3e 41 69 83 80 a5 ae 21 c6 15 ce 3b 86 c7 c6 Sep 21 07:33:26.873436: | 99 63 aa d2 c5 8f 66 e8 75 fb b4 f3 f2 a1 d6 b8 Sep 21 07:33:26.873439: | 1f 04 de 15 62 32 fc 16 a3 7f e4 9d bc 2b d0 a1 Sep 21 07:33:26.873441: | 1e 51 01 13 bf 10 f8 1e 64 99 de 0c fa 8d 5d 29 Sep 21 07:33:26.873443: | 97 2e e9 c0 4a 69 97 83 1d d8 a7 59 16 31 71 a4 Sep 21 07:33:26.873445: | d1 ad 3a d7 41 b7 3e 7f 5f 3f ad be 4a 55 98 7a Sep 21 07:33:26.873448: | 23 72 09 40 e6 9e f4 7f d3 a7 e0 c7 fc e2 16 5f Sep 21 07:33:26.873450: | 2e 87 09 df 94 7b 8a 9b 1f 7c a3 5b 68 28 bf e9 Sep 21 07:33:26.873452: | 23 87 69 39 b1 df c9 72 d4 39 26 7b 5d bf 73 c3 Sep 21 07:33:26.873454: | 2d 32 95 44 a7 4e 77 d7 e9 64 63 76 5d cb a2 02 Sep 21 07:33:26.873457: | 54 b7 19 6d a4 f7 31 66 2f 30 68 e5 e3 c6 c9 28 Sep 21 07:33:26.873459: | 64 b5 da ed 10 e1 f8 67 32 24 15 10 b9 f8 5a 4b Sep 21 07:33:26.873461: | 19 ac 60 c7 13 52 5d 80 91 e8 e0 af a6 28 a1 bb Sep 21 07:33:26.873464: | 3a f1 06 81 ba 80 6e 09 48 ef 27 c0 2c a2 fa 43 Sep 21 07:33:26.873466: | 21 cb 88 ce 72 a3 df 13 5a d0 ef 13 6b a2 f6 57 Sep 21 07:33:26.873468: | fd 38 08 db be 1c 59 ff b0 17 41 93 d5 63 1c 58 Sep 21 07:33:26.873471: | 8a db b2 49 db 9c 0f 45 f6 fd c7 b5 01 b7 e7 0c Sep 21 07:33:26.873473: | ee d7 be 25 6c eb ab f2 ee 0a 8e ea 9d 39 50 72 Sep 21 07:33:26.873475: | c0 91 14 b2 c7 d4 a4 32 75 d5 6a a1 fc 81 58 f3 Sep 21 07:33:26.873477: | 20 1c f4 f4 4a e9 24 d9 da f3 67 ac e0 15 b0 a3 Sep 21 07:33:26.873480: | 59 05 12 2b 6d f4 dc a0 ff 03 51 11 9c 88 ff 36 Sep 21 07:33:26.873482: | 1c 05 d1 c0 5a 9e a9 ba 47 af 37 df 7e 63 2d bf Sep 21 07:33:26.873484: | e3 b8 bd 9d f5 50 9e 92 cc 37 b9 e2 1f 9d 33 f2 Sep 21 07:33:26.873486: | b0 65 50 04 9f 4b 0e c8 44 a2 e1 fd 45 16 e1 9c Sep 21 07:33:26.873489: | 30 56 95 2c ee a6 a7 ad cc d1 ca bc 6a dc 4b a5 Sep 21 07:33:26.873491: | af 53 81 82 85 9a 13 cd b0 d1 aa 93 aa bb 5b 6d Sep 21 07:33:26.873493: | 2d f9 94 54 0c d7 8e 3a 15 52 b8 e8 46 bc d3 29 Sep 21 07:33:26.873496: | d9 4f a8 82 73 4f 82 55 0d d6 3a 34 2e dd d1 a0 Sep 21 07:33:26.873498: | 57 97 bc 09 d0 73 44 d5 40 09 ef aa fa ec d2 a5 Sep 21 07:33:26.873500: | 32 1f 15 d6 f8 27 8a 2f ce 81 8b b7 53 9d 4c 64 Sep 21 07:33:26.873503: | 35 b9 aa 40 5e fb 1b 69 7b 55 81 66 a0 01 ef 3e Sep 21 07:33:26.873505: | 7a b3 66 ff 8f 99 fd 70 f7 ca 3c 22 94 e2 b5 0a Sep 21 07:33:26.873507: | 49 ce 34 58 93 6d 22 e1 57 6d ee c4 69 22 0b 78 Sep 21 07:33:26.873510: | e2 a3 c8 75 b6 61 2d b6 a9 f2 da 3c 8e d3 7d 4e Sep 21 07:33:26.873512: | c1 4d 42 26 f5 e5 c4 a7 ea 69 ac 37 8b 5b 6d ac Sep 21 07:33:26.873514: | fe 03 a0 5e 95 e7 77 f5 9a 62 e1 e8 6b 94 78 b8 Sep 21 07:33:26.873516: | 3f 64 74 d8 c5 64 62 06 a0 40 10 aa dc d3 30 da Sep 21 07:33:26.873518: | b6 27 1c e3 7b 09 dd 7f 7b 94 c1 81 4e e0 f2 8b Sep 21 07:33:26.873521: | bc 06 58 7c 66 78 e0 88 76 8e 46 31 c3 67 98 7a Sep 21 07:33:26.873523: | da b2 15 e4 2f 1c 90 8f 03 2a 4c e2 e0 a7 68 5c Sep 21 07:33:26.873525: | 9c 4b fa 74 d1 dd b5 fb 5a 71 24 16 25 95 30 78 Sep 21 07:33:26.873528: | 0b aa 9d fa 2c 88 29 cb 6f f1 9d 1d d1 0e 60 db Sep 21 07:33:26.873531: | 6f fd 21 3f a6 c7 73 06 d9 55 2b 5b a5 ff a0 77 Sep 21 07:33:26.873534: | 31 11 34 4d 05 38 ac b1 01 af db 29 de 72 75 49 Sep 21 07:33:26.873536: | d8 b2 c6 ac 9b 97 3c 4b 68 3a 54 4c f8 d9 72 49 Sep 21 07:33:26.873538: | 88 8f f4 e0 85 6e c4 51 fe bd 3e 81 3e d2 28 47 Sep 21 07:33:26.873540: | b9 54 88 ee da 5d 66 d0 8b 07 00 32 7b 95 25 f5 Sep 21 07:33:26.873543: | 99 23 5f 08 69 5a 8c 0c a4 8a 03 1b 7e f5 bd f3 Sep 21 07:33:26.873545: | bc 2f 9c 04 97 a1 2b 42 04 8c 9d c5 0e ba fd 69 Sep 21 07:33:26.873547: | 57 f1 3b cf 4b 4b 43 ff d7 2c d6 bd 55 96 95 f4 Sep 21 07:33:26.873550: | 88 1a 8d 35 99 89 60 c4 f0 14 2d 4f f7 03 a4 a4 Sep 21 07:33:26.873552: | 74 79 13 3c e1 cb 71 5b f9 10 6c 52 e7 2a 5b 3f Sep 21 07:33:26.873554: | 7b 74 77 f2 ff 3b 37 56 5d 8e 28 0b c2 58 24 c3 Sep 21 07:33:26.873556: | 94 a2 ea 86 50 18 54 8b 94 40 d4 ba 0a 79 da d4 Sep 21 07:33:26.873559: | 1b 48 61 ee 9b 9f 68 50 fb 7c 94 c9 a1 6e 8d fa Sep 21 07:33:26.873561: | c0 99 80 cd 0c 84 83 5b 02 71 b2 b8 Sep 21 07:33:26.873632: | !event_already_set at reschedule Sep 21 07:33:26.873639: | event_schedule: new EVENT_SA_REPLACE-pe@0x7f8338002b20 Sep 21 07:33:26.873643: | inserting event EVENT_SA_REPLACE, timeout in 3330 seconds for #1 Sep 21 07:33:26.873647: | libevent_malloc: new ptr-libevent@0x56097486a230 size 128 Sep 21 07:33:26.873651: | pstats #1 ikev1.isakmp established Sep 21 07:33:26.873656: "northnet-eastnets/0x2" #1: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=RSA_SIG cipher=AES_CBC_256 integ=HMAC_SHA2_256 group=MODP2048} Sep 21 07:33:26.873659: | DPD: dpd_init() called on ISAKMP SA Sep 21 07:33:26.873662: | DPD: Peer supports Dead Peer Detection Sep 21 07:33:26.873664: | DPD: not initializing DPD because DPD is disabled locally Sep 21 07:33:26.873667: | modecfg pull: noquirk policy:push not-client Sep 21 07:33:26.873669: | phase 1 is done, looking for phase 2 to unpend Sep 21 07:33:26.873672: | unpending state #1 Sep 21 07:33:26.873678: | #1 spent 8.08 milliseconds Sep 21 07:33:26.873683: | #1 spent 12.1 milliseconds in process_packet_tail() Sep 21 07:33:26.873688: | stop processing: from 192.1.3.33:500 (BACKGROUND) (in process_md() at demux.c:380) Sep 21 07:33:26.873694: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in process_md() at demux.c:382) Sep 21 07:33:26.873697: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:33:26.873701: | spent 12.6 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:33:26.880622: | spent 0.00242 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:33:26.880639: | *received 476 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) Sep 21 07:33:26.880641: | 18 31 dd 30 0d 3e 37 d5 85 08 f7 50 ae 24 38 ea Sep 21 07:33:26.880643: | 08 10 20 01 ea 1e 6c f8 00 00 01 dc b0 b9 fa f6 Sep 21 07:33:26.880644: | e3 c2 f4 9d 8e 87 78 d9 51 92 29 49 b2 ca 7c a3 Sep 21 07:33:26.880646: | ed 2a a5 bc 7c fd 9d 46 05 d1 2f 4c 56 97 b8 37 Sep 21 07:33:26.880647: | 8f a9 40 50 ce 83 32 b5 7a 12 ac 56 b0 d9 1d b1 Sep 21 07:33:26.880648: | 97 e2 4a 31 79 62 97 ee d9 33 e9 50 6e ac da 96 Sep 21 07:33:26.880650: | af 14 9f be 2f ea 49 04 85 58 91 d8 52 cd 8a b8 Sep 21 07:33:26.880651: | fb fc 3d 91 c6 ba a0 7c 77 d0 80 48 20 1e a1 f7 Sep 21 07:33:26.880652: | 35 e6 42 e3 43 0c b3 92 e7 92 18 6c 07 f4 27 1b Sep 21 07:33:26.880654: | ad c2 10 0c c0 be d9 9a bb 4f 4d 26 71 42 0f c4 Sep 21 07:33:26.880655: | 85 28 07 45 82 46 e8 eb 7b d8 9a 09 bf a9 ff ed Sep 21 07:33:26.880657: | 9c 29 ef 7d d9 1e 76 5b eb b1 3f b3 7a 3d e7 ee Sep 21 07:33:26.880660: | 5f b1 f4 fd d7 36 fc 58 87 2b 8d 13 27 c6 79 aa Sep 21 07:33:26.880662: | 0b 4f 74 76 3f 5f 75 e4 e8 98 0f 60 69 a5 44 c0 Sep 21 07:33:26.880664: | c1 21 62 22 8e ef 6e fb c9 66 30 c5 d5 14 53 ab Sep 21 07:33:26.880666: | 1e c7 34 94 7c 9a b1 78 2e d3 1c ef cd 41 70 0a Sep 21 07:33:26.880671: | f1 f2 20 f1 d1 2b f3 9e e5 11 16 92 e5 3d fc 4f Sep 21 07:33:26.880674: | 0e bd 95 f6 67 08 a1 30 8b 40 d7 d6 07 d4 6b a5 Sep 21 07:33:26.880676: | e4 41 a6 8a 92 f7 03 9a 06 f2 dc 23 85 71 da 81 Sep 21 07:33:26.880678: | 19 c4 a6 fd d4 20 46 5e d9 47 0e fa 04 39 ec 8e Sep 21 07:33:26.880681: | 46 13 1a ba 56 c3 34 c5 9d 9a dc b5 79 aa 00 2a Sep 21 07:33:26.880683: | 57 7d 6e e4 9c d6 ed a8 18 86 3e 77 b2 2d 26 32 Sep 21 07:33:26.880686: | fe ca 31 ee 3e a6 6d 42 1a fe aa 6c 6d 43 7d 64 Sep 21 07:33:26.880688: | 1d 60 a9 39 5f fa 8c ae 69 4a 04 53 eb 54 52 4a Sep 21 07:33:26.880690: | e9 75 8e 2a 20 8c 6c ae 5e b8 ab 60 2c dd 93 82 Sep 21 07:33:26.880692: | 30 3d 4e 53 bd e0 f2 a3 77 7e d1 98 6a b1 fe ce Sep 21 07:33:26.880694: | 97 29 8e 45 16 1a 0c 85 cf 58 da 52 02 62 da ba Sep 21 07:33:26.880697: | be 07 39 5b 3d cf fe b6 40 9a 75 ae 41 bd a2 7f Sep 21 07:33:26.880699: | 27 2d 33 ba af e5 5f b4 41 7a 88 4d f7 dd 0e bd Sep 21 07:33:26.880701: | 6e 11 b4 64 d6 d2 1e ed 47 69 34 02 Sep 21 07:33:26.880707: | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) Sep 21 07:33:26.880711: | **parse ISAKMP Message: Sep 21 07:33:26.880713: | initiator cookie: Sep 21 07:33:26.880716: | 18 31 dd 30 0d 3e 37 d5 Sep 21 07:33:26.880718: | responder cookie: Sep 21 07:33:26.880721: | 85 08 f7 50 ae 24 38 ea Sep 21 07:33:26.880723: | next payload type: ISAKMP_NEXT_HASH (0x8) Sep 21 07:33:26.880726: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:33:26.880729: | exchange type: ISAKMP_XCHG_QUICK (0x20) Sep 21 07:33:26.880731: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Sep 21 07:33:26.880734: | Message ID: 3927862520 (0xea1e6cf8) Sep 21 07:33:26.880736: | length: 476 (0x1dc) Sep 21 07:33:26.880739: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32) Sep 21 07:33:26.880744: | State DB: IKEv1 state not found (find_state_ikev1) Sep 21 07:33:26.880747: | State DB: found IKEv1 state #1 in MAIN_R3 (find_state_ikev1) Sep 21 07:33:26.880751: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in process_v1_packet() at ikev1.c:1583) Sep 21 07:33:26.880766: | #1 is idle Sep 21 07:33:26.880769: | #1 idle Sep 21 07:33:26.880773: | received encrypted packet from 192.1.3.33:500 Sep 21 07:33:26.880790: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x502 opt: 0x200030 Sep 21 07:33:26.880794: | ***parse ISAKMP Hash Payload: Sep 21 07:33:26.880796: | next payload type: ISAKMP_NEXT_SA (0x1) Sep 21 07:33:26.880799: | length: 36 (0x24) Sep 21 07:33:26.880801: | got payload 0x2 (ISAKMP_NEXT_SA) needed: 0x402 opt: 0x200030 Sep 21 07:33:26.880804: | ***parse ISAKMP Security Association Payload: Sep 21 07:33:26.880806: | next payload type: ISAKMP_NEXT_NONCE (0xa) Sep 21 07:33:26.880808: | length: 84 (0x54) Sep 21 07:33:26.880810: | DOI: ISAKMP_DOI_IPSEC (0x1) Sep 21 07:33:26.880813: | got payload 0x400 (ISAKMP_NEXT_NONCE) needed: 0x400 opt: 0x200030 Sep 21 07:33:26.880815: | ***parse ISAKMP Nonce Payload: Sep 21 07:33:26.880817: | next payload type: ISAKMP_NEXT_KE (0x4) Sep 21 07:33:26.880819: | length: 36 (0x24) Sep 21 07:33:26.880821: | got payload 0x10 (ISAKMP_NEXT_KE) needed: 0x0 opt: 0x200030 Sep 21 07:33:26.880824: | ***parse ISAKMP Key Exchange Payload: Sep 21 07:33:26.880826: | next payload type: ISAKMP_NEXT_ID (0x5) Sep 21 07:33:26.880828: | length: 260 (0x104) Sep 21 07:33:26.880830: | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030 Sep 21 07:33:26.880833: | ***parse ISAKMP Identification Payload (IPsec DOI): Sep 21 07:33:26.880835: | next payload type: ISAKMP_NEXT_ID (0x5) Sep 21 07:33:26.880837: | length: 16 (0x10) Sep 21 07:33:26.880840: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Sep 21 07:33:26.880842: | Protocol ID: 0 (0x0) Sep 21 07:33:26.880844: | port: 0 (0x0) Sep 21 07:33:26.880846: | obj: c0 00 03 00 ff ff ff 00 Sep 21 07:33:26.880848: | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030 Sep 21 07:33:26.880853: | ***parse ISAKMP Identification Payload (IPsec DOI): Sep 21 07:33:26.880855: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:26.880857: | length: 16 (0x10) Sep 21 07:33:26.880859: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Sep 21 07:33:26.880861: | Protocol ID: 0 (0x0) Sep 21 07:33:26.880864: | port: 0 (0x0) Sep 21 07:33:26.880866: | obj: c0 00 02 00 ff ff ff 00 Sep 21 07:33:26.880891: | quick_inI1_outR1 HASH(1): Sep 21 07:33:26.880894: | c4 f7 83 37 0a c3 c6 e8 78 2d 8c 44 4e 3f f2 79 Sep 21 07:33:26.880896: | e3 c1 6f ce c0 a3 ec 38 9f 88 12 57 24 58 19 41 Sep 21 07:33:26.880899: | received 'quick_inI1_outR1' message HASH(1) data ok Sep 21 07:33:26.880903: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address Sep 21 07:33:26.880905: | ID address c0 00 03 00 Sep 21 07:33:26.880908: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID mask Sep 21 07:33:26.880910: | ID mask ff ff ff 00 Sep 21 07:33:26.880914: | peer client is subnet 192.0.3.0/24 Sep 21 07:33:26.880917: | peer client protocol/port is 0/0 Sep 21 07:33:26.880920: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address Sep 21 07:33:26.880922: | ID address c0 00 02 00 Sep 21 07:33:26.880924: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID mask Sep 21 07:33:26.880926: | ID mask ff ff ff 00 Sep 21 07:33:26.880930: | our client is subnet 192.0.2.0/24 Sep 21 07:33:26.880932: | our client protocol/port is 0/0 Sep 21 07:33:26.880937: "northnet-eastnets/0x2" #1: the peer proposed: 192.0.2.0/24:0/0 -> 192.0.3.0/24:0/0 Sep 21 07:33:26.880940: | find_client_connection starting with northnet-eastnets/0x2 Sep 21 07:33:26.880945: | looking for 192.0.2.0/24:0:0/0 -> 192.0.3.0/24:0:0/0 Sep 21 07:33:26.880950: | concrete checking against sr#0 192.0.22.0/24:0 -> 192.0.3.0/24:0 Sep 21 07:33:26.880961: | match_id a=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org Sep 21 07:33:26.880969: | b=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org Sep 21 07:33:26.880972: | results matched Sep 21 07:33:26.880980: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:33:26.880987: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:33:26.880996: | fc_try trying northnet-eastnets/0x2:192.0.2.0/24:0:0/0 -> 192.0.3.0/24:0:0/0 vs northnet-eastnets/0x2:192.0.22.0/24:0:0/0 -> 192.0.3.0/24:0:0/0 Sep 21 07:33:26.881001: | our client (192.0.22.0/24:0) not in our_net (192.0.2.0/24:0) Sep 21 07:33:26.881010: | match_id a=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org Sep 21 07:33:26.881018: | b=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org Sep 21 07:33:26.881020: | results matched Sep 21 07:33:26.881028: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:33:26.881035: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:33:26.881042: | fc_try trying northnet-eastnets/0x2:192.0.2.0/24:0:0/0 -> 192.0.3.0/24:0:0/0 vs northnet-eastnets/0x1:192.0.2.0/24:0:0/0 -> 192.0.3.0/24:0:0/0 Sep 21 07:33:26.881044: | fc_try concluding with northnet-eastnets/0x1 [128] Sep 21 07:33:26.881046: | fc_try northnet-eastnets/0x2 gives northnet-eastnets/0x1 Sep 21 07:33:26.881048: | concluding with d = northnet-eastnets/0x1 Sep 21 07:33:26.881052: | using connection "northnet-eastnets/0x1" Sep 21 07:33:26.881054: | client wildcard: no port wildcard: no virtual: no Sep 21 07:33:26.881058: | creating state object #2 at 0x5609748792a0 Sep 21 07:33:26.881060: | State DB: adding IKEv1 state #2 in UNDEFINED Sep 21 07:33:26.881063: | pstats #2 ikev1.ipsec started Sep 21 07:33:26.881066: | duplicating state object #1 "northnet-eastnets/0x2" as #2 for IPSEC SA Sep 21 07:33:26.881070: | #2 setting local endpoint to 192.1.2.23:500 from #1.st_localport (in duplicate_state() at state.c:1481) Sep 21 07:33:26.881076: | in connection_discard for connection northnet-eastnets/0x2 Sep 21 07:33:26.881079: | start processing: connection "northnet-eastnets/0x1" (BACKGROUND) (in quick_inI1_outR1_tail() at ikev1_quick.c:1285) Sep 21 07:33:26.881084: | suspend processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in quick_inI1_outR1_tail() at ikev1_quick.c:1294) Sep 21 07:33:26.881088: | start processing: state #2 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in quick_inI1_outR1_tail() at ikev1_quick.c:1294) Sep 21 07:33:26.881092: | child state #2: UNDEFINED(ignore) => QUICK_R0(established CHILD SA) Sep 21 07:33:26.881095: | ****parse IPsec DOI SIT: Sep 21 07:33:26.881097: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) Sep 21 07:33:26.881100: | ****parse ISAKMP Proposal Payload: Sep 21 07:33:26.881102: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:26.881104: | length: 72 (0x48) Sep 21 07:33:26.881106: | proposal number: 0 (0x0) Sep 21 07:33:26.881108: | protocol ID: PROTO_IPSEC_ESP (0x3) Sep 21 07:33:26.881110: | SPI size: 4 (0x4) Sep 21 07:33:26.881113: | number of transforms: 2 (0x2) Sep 21 07:33:26.881115: | parsing 4 raw bytes of ISAKMP Proposal Payload into SPI Sep 21 07:33:26.881118: | SPI 6c 96 bd 25 Sep 21 07:33:26.881121: | *****parse ISAKMP Transform Payload (ESP): Sep 21 07:33:26.881123: | next payload type: ISAKMP_NEXT_T (0x3) Sep 21 07:33:26.881126: | length: 32 (0x20) Sep 21 07:33:26.881128: | ESP transform number: 0 (0x0) Sep 21 07:33:26.881130: | ESP transform ID: ESP_AES (0xc) Sep 21 07:33:26.881133: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:33:26.881136: | af+type: AF+GROUP_DESCRIPTION (0x8003) Sep 21 07:33:26.881138: | length/value: 14 (0xe) Sep 21 07:33:26.881141: | [14 is OAKLEY_GROUP_MODP2048] Sep 21 07:33:26.881144: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:33:26.881146: | af+type: AF+ENCAPSULATION_MODE (0x8004) Sep 21 07:33:26.881148: | length/value: 1 (0x1) Sep 21 07:33:26.881151: | [1 is ENCAPSULATION_MODE_TUNNEL] Sep 21 07:33:26.881153: | NAT-T non-encap: Installing IPsec SA without ENCAP, st->hidden_variables.st_nat_traversal is none Sep 21 07:33:26.881156: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:33:26.881158: | af+type: AF+SA_LIFE_TYPE (0x8001) Sep 21 07:33:26.881160: | length/value: 1 (0x1) Sep 21 07:33:26.881162: | [1 is SA_LIFE_TYPE_SECONDS] Sep 21 07:33:26.881163: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:33:26.881165: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) Sep 21 07:33:26.881166: | length/value: 28800 (0x7080) Sep 21 07:33:26.881168: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:33:26.881169: | af+type: AF+AUTH_ALGORITHM (0x8005) Sep 21 07:33:26.881171: | length/value: 2 (0x2) Sep 21 07:33:26.881172: | [2 is AUTH_ALGORITHM_HMAC_SHA1] Sep 21 07:33:26.881174: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:33:26.881175: | af+type: AF+KEY_LENGTH (0x8006) Sep 21 07:33:26.881177: | length/value: 128 (0x80) Sep 21 07:33:26.881179: | ESP IPsec Transform verified unconditionally; no alg_info to check against Sep 21 07:33:26.881183: | adding quick_outI1 KE work-order 3 for state #2 Sep 21 07:33:26.881185: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x560974870fb0 Sep 21 07:33:26.881187: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #2 Sep 21 07:33:26.881189: | libevent_malloc: new ptr-libevent@0x7f8338006900 size 128 Sep 21 07:33:26.881192: | libevent_realloc: release ptr-libevent@0x560974849050 Sep 21 07:33:26.881195: | libevent_realloc: new ptr-libevent@0x560974878d20 size 128 Sep 21 07:33:26.881201: | complete v1 state transition with STF_SUSPEND Sep 21 07:33:26.881206: | [RE]START processing: state #2 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in complete_v1_state_transition() at ikev1.c:2624) Sep 21 07:33:26.881208: | crypto helper 2 resuming Sep 21 07:33:26.881209: | suspending state #2 and saving MD Sep 21 07:33:26.881219: | #2 is busy; has a suspended MD Sep 21 07:33:26.881216: | crypto helper 2 starting work-order 3 for state #2 Sep 21 07:33:26.881226: | #1 spent 0.319 milliseconds in process_packet_tail() Sep 21 07:33:26.881227: | crypto helper 2 doing build KE and nonce (quick_outI1 KE); request ID 3 Sep 21 07:33:26.881230: | stop processing: from 192.1.3.33:500 (BACKGROUND) (in process_md() at demux.c:380) Sep 21 07:33:26.881234: | stop processing: state #2 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in process_md() at demux.c:382) Sep 21 07:33:26.881238: | resume processing: connection "northnet-eastnets/0x1" (in process_md() at demux.c:382) Sep 21 07:33:26.881241: | stop processing: connection "northnet-eastnets/0x1" (in process_md() at demux.c:383) Sep 21 07:33:26.881245: | spent 0.604 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:33:26.881267: | spent 0.00176 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:33:26.881279: | *received 476 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) Sep 21 07:33:26.881281: | 18 31 dd 30 0d 3e 37 d5 85 08 f7 50 ae 24 38 ea Sep 21 07:33:26.881284: | 08 10 20 01 f7 7e ec 5e 00 00 01 dc 07 6a 1a 13 Sep 21 07:33:26.881286: | 64 f3 4c f7 49 1a 18 8c 3f 7b 15 59 7e 2e b4 d7 Sep 21 07:33:26.881288: | 47 3e 84 81 96 4f ec d6 50 1f 8b 20 5b fd ac ea Sep 21 07:33:26.881290: | 02 65 6c 67 bf 45 56 a2 ba 2c 4a 58 d5 72 4e 5d Sep 21 07:33:26.881292: | 2b f3 53 b3 2d 45 fb 52 7e 87 b5 f8 cc bd 0f aa Sep 21 07:33:26.881294: | 5c b4 dd da b1 fa 31 bb 41 28 ea c5 ae 41 91 6e Sep 21 07:33:26.881297: | 05 51 66 d5 b6 95 e1 ea a6 9c 10 32 9d cc 52 fc Sep 21 07:33:26.881299: | 2d 2d 78 81 09 00 94 bc 8a fb 37 bc 38 fd 58 60 Sep 21 07:33:26.881301: | 4e 17 b5 ac c2 77 12 32 4c 7f 15 5f b4 76 c8 15 Sep 21 07:33:26.881303: | a2 2e d3 d9 dd 1e f4 b4 cf 3f 52 1e 3d 0c a9 dc Sep 21 07:33:26.881305: | bd dc 2b df ca e9 28 ed a3 80 b9 06 33 d7 31 3c Sep 21 07:33:26.881307: | 3f db bd b1 a4 aa 6f 87 a3 3a 40 3d 45 55 f7 e8 Sep 21 07:33:26.881309: | 8b c8 1f 75 5b ee e7 a9 82 4c 04 59 19 b9 8a a6 Sep 21 07:33:26.881312: | 2a 34 db 72 04 9f c4 d3 38 5c 11 68 1b 7f 64 ed Sep 21 07:33:26.881314: | b1 2a 4f 60 f7 cc 00 02 cb 62 c6 67 d7 e6 e4 42 Sep 21 07:33:26.881316: | 4b f6 68 3d be 1c d1 00 de de 76 b0 79 81 98 ca Sep 21 07:33:26.881318: | 32 59 5e ec ca 27 ec bc ef b0 42 ad 28 d6 64 1f Sep 21 07:33:26.881320: | d6 4e d4 a2 bb 11 96 d5 69 81 ee 2e 07 dc 0f 89 Sep 21 07:33:26.881322: | 33 dd c9 f9 9f 33 b2 4b e7 0a ab 10 c5 a6 75 98 Sep 21 07:33:26.881325: | d3 db 17 01 eb 4b b2 d5 05 cf 41 c5 5d 05 c6 ba Sep 21 07:33:26.881327: | c2 a9 d0 ad b8 12 a9 e5 21 06 f1 93 cb f4 57 a5 Sep 21 07:33:26.881329: | 17 04 7c 2d 73 ec 90 cc 68 de 8d 42 ad 19 57 ef Sep 21 07:33:26.881331: | 00 7a 40 d8 f9 4f cb ba a0 ad f4 42 8a 6f 44 d1 Sep 21 07:33:26.881334: | 82 e7 6c 16 2f e8 2a 16 7a f7 a3 c9 36 7b 16 5d Sep 21 07:33:26.881336: | 7b 8c 4e ff 21 92 9f 15 6e a1 1d a7 b0 bb d6 2f Sep 21 07:33:26.881338: | 3b ad 76 83 f6 2d c5 28 f6 15 01 72 3c 40 67 ca Sep 21 07:33:26.881340: | b6 13 f6 40 c8 95 bb b5 a4 ef b9 17 6e 66 95 00 Sep 21 07:33:26.881342: | fd e2 98 35 14 67 58 f6 bb f9 a8 34 d4 0f 2d f5 Sep 21 07:33:26.881344: | 6f aa fe df 00 0b 06 7d c9 81 cc b2 Sep 21 07:33:26.881348: | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) Sep 21 07:33:26.881351: | **parse ISAKMP Message: Sep 21 07:33:26.881355: | initiator cookie: Sep 21 07:33:26.881358: | 18 31 dd 30 0d 3e 37 d5 Sep 21 07:33:26.881360: | responder cookie: Sep 21 07:33:26.881362: | 85 08 f7 50 ae 24 38 ea Sep 21 07:33:26.881364: | next payload type: ISAKMP_NEXT_HASH (0x8) Sep 21 07:33:26.881367: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:33:26.881369: | exchange type: ISAKMP_XCHG_QUICK (0x20) Sep 21 07:33:26.881372: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Sep 21 07:33:26.881374: | Message ID: 4152290398 (0xf77eec5e) Sep 21 07:33:26.881376: | length: 476 (0x1dc) Sep 21 07:33:26.881379: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32) Sep 21 07:33:26.881382: | State DB: IKEv1 state not found (find_state_ikev1) Sep 21 07:33:26.881385: | State DB: found IKEv1 state #1 in MAIN_R3 (find_state_ikev1) Sep 21 07:33:26.881389: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in process_v1_packet() at ikev1.c:1583) Sep 21 07:33:26.881397: | #1 is idle Sep 21 07:33:26.881400: | #1 idle Sep 21 07:33:26.881403: | received encrypted packet from 192.1.3.33:500 Sep 21 07:33:26.881411: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x502 opt: 0x200030 Sep 21 07:33:26.881414: | ***parse ISAKMP Hash Payload: Sep 21 07:33:26.881416: | next payload type: ISAKMP_NEXT_SA (0x1) Sep 21 07:33:26.881418: | length: 36 (0x24) Sep 21 07:33:26.881421: | got payload 0x2 (ISAKMP_NEXT_SA) needed: 0x402 opt: 0x200030 Sep 21 07:33:26.881423: | ***parse ISAKMP Security Association Payload: Sep 21 07:33:26.881426: | next payload type: ISAKMP_NEXT_NONCE (0xa) Sep 21 07:33:26.881428: | length: 84 (0x54) Sep 21 07:33:26.881430: | DOI: ISAKMP_DOI_IPSEC (0x1) Sep 21 07:33:26.881433: | got payload 0x400 (ISAKMP_NEXT_NONCE) needed: 0x400 opt: 0x200030 Sep 21 07:33:26.881435: | ***parse ISAKMP Nonce Payload: Sep 21 07:33:26.881437: | next payload type: ISAKMP_NEXT_KE (0x4) Sep 21 07:33:26.881440: | length: 36 (0x24) Sep 21 07:33:26.881442: | got payload 0x10 (ISAKMP_NEXT_KE) needed: 0x0 opt: 0x200030 Sep 21 07:33:26.881444: | ***parse ISAKMP Key Exchange Payload: Sep 21 07:33:26.881447: | next payload type: ISAKMP_NEXT_ID (0x5) Sep 21 07:33:26.881449: | length: 260 (0x104) Sep 21 07:33:26.881451: | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030 Sep 21 07:33:26.881454: | ***parse ISAKMP Identification Payload (IPsec DOI): Sep 21 07:33:26.881456: | next payload type: ISAKMP_NEXT_ID (0x5) Sep 21 07:33:26.881458: | length: 16 (0x10) Sep 21 07:33:26.881461: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Sep 21 07:33:26.881463: | Protocol ID: 0 (0x0) Sep 21 07:33:26.881465: | port: 0 (0x0) Sep 21 07:33:26.881467: | obj: c0 00 03 00 ff ff ff 00 Sep 21 07:33:26.881470: | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030 Sep 21 07:33:26.881472: | ***parse ISAKMP Identification Payload (IPsec DOI): Sep 21 07:33:26.881474: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:26.881477: | length: 16 (0x10) Sep 21 07:33:26.881479: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Sep 21 07:33:26.881481: | Protocol ID: 0 (0x0) Sep 21 07:33:26.881483: | port: 0 (0x0) Sep 21 07:33:26.881485: | obj: c0 00 16 00 ff ff ff 00 Sep 21 07:33:26.881505: | quick_inI1_outR1 HASH(1): Sep 21 07:33:26.881507: | 81 dc 5e f1 06 39 84 23 62 ef 70 3f fc 7c 6f 82 Sep 21 07:33:26.881510: | f2 14 93 6d f2 01 bf 0d 46 d5 dc 92 7d 52 ca 5b Sep 21 07:33:26.881512: | received 'quick_inI1_outR1' message HASH(1) data ok Sep 21 07:33:26.881516: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address Sep 21 07:33:26.881518: | ID address c0 00 03 00 Sep 21 07:33:26.881521: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID mask Sep 21 07:33:26.881523: | ID mask ff ff ff 00 Sep 21 07:33:26.881526: | peer client is subnet 192.0.3.0/24 Sep 21 07:33:26.881529: | peer client protocol/port is 0/0 Sep 21 07:33:26.881531: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address Sep 21 07:33:26.881535: | ID address c0 00 16 00 Sep 21 07:33:26.881538: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID mask Sep 21 07:33:26.881540: | ID mask ff ff ff 00 Sep 21 07:33:26.881543: | our client is subnet 192.0.22.0/24 Sep 21 07:33:26.881545: | our client protocol/port is 0/0 Sep 21 07:33:26.881550: "northnet-eastnets/0x2" #1: the peer proposed: 192.0.22.0/24:0/0 -> 192.0.3.0/24:0/0 Sep 21 07:33:26.881553: | find_client_connection starting with northnet-eastnets/0x2 Sep 21 07:33:26.881558: | looking for 192.0.22.0/24:0:0/0 -> 192.0.3.0/24:0:0/0 Sep 21 07:33:26.881562: | concrete checking against sr#0 192.0.22.0/24:0 -> 192.0.3.0/24:0 Sep 21 07:33:26.881572: | match_id a=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org Sep 21 07:33:26.881580: | b=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org Sep 21 07:33:26.881583: | results matched Sep 21 07:33:26.881591: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:33:26.881598: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:33:26.881606: | fc_try trying northnet-eastnets/0x2:192.0.22.0/24:0:0/0 -> 192.0.3.0/24:0:0/0 vs northnet-eastnets/0x2:192.0.22.0/24:0:0/0 -> 192.0.3.0/24:0:0/0 Sep 21 07:33:26.881615: | match_id a=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org Sep 21 07:33:26.881623: | b=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org Sep 21 07:33:26.881625: | results matched Sep 21 07:33:26.881633: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:33:26.881641: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:33:26.881648: | fc_try trying northnet-eastnets/0x2:192.0.22.0/24:0:0/0 -> 192.0.3.0/24:0:0/0 vs northnet-eastnets/0x1:192.0.2.0/24:0:0/0 -> 192.0.3.0/24:0:0/0 Sep 21 07:33:26.881653: | our client (192.0.2.0/24:0) not in our_net (192.0.22.0/24:0) Sep 21 07:33:26.881655: | fc_try concluding with northnet-eastnets/0x2 [129] Sep 21 07:33:26.881658: | fc_try northnet-eastnets/0x2 gives northnet-eastnets/0x2 Sep 21 07:33:26.881660: | concluding with d = northnet-eastnets/0x2 Sep 21 07:33:26.881663: | client wildcard: no port wildcard: no virtual: no Sep 21 07:33:26.881666: | creating state object #3 at 0x560974880100 Sep 21 07:33:26.881668: | State DB: adding IKEv1 state #3 in UNDEFINED Sep 21 07:33:26.881673: | pstats #3 ikev1.ipsec started Sep 21 07:33:26.881675: | duplicating state object #1 "northnet-eastnets/0x2" as #3 for IPSEC SA Sep 21 07:33:26.881680: | #3 setting local endpoint to 192.1.2.23:500 from #1.st_localport (in duplicate_state() at state.c:1481) Sep 21 07:33:26.881685: | suspend processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in quick_inI1_outR1_tail() at ikev1_quick.c:1294) Sep 21 07:33:26.881689: | start processing: state #3 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in quick_inI1_outR1_tail() at ikev1_quick.c:1294) Sep 21 07:33:26.881692: | child state #3: UNDEFINED(ignore) => QUICK_R0(established CHILD SA) Sep 21 07:33:26.881695: | ****parse IPsec DOI SIT: Sep 21 07:33:26.881698: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) Sep 21 07:33:26.881700: | ****parse ISAKMP Proposal Payload: Sep 21 07:33:26.881702: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:26.881705: | length: 72 (0x48) Sep 21 07:33:26.881707: | proposal number: 0 (0x0) Sep 21 07:33:26.881711: | protocol ID: PROTO_IPSEC_ESP (0x3) Sep 21 07:33:26.881713: | SPI size: 4 (0x4) Sep 21 07:33:26.881715: | number of transforms: 2 (0x2) Sep 21 07:33:26.881718: | parsing 4 raw bytes of ISAKMP Proposal Payload into SPI Sep 21 07:33:26.881720: | SPI 3c a7 fe e2 Sep 21 07:33:26.881722: | *****parse ISAKMP Transform Payload (ESP): Sep 21 07:33:26.881725: | next payload type: ISAKMP_NEXT_T (0x3) Sep 21 07:33:26.881727: | length: 32 (0x20) Sep 21 07:33:26.881729: | ESP transform number: 0 (0x0) Sep 21 07:33:26.881731: | ESP transform ID: ESP_AES (0xc) Sep 21 07:33:26.881734: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:33:26.881737: | af+type: AF+GROUP_DESCRIPTION (0x8003) Sep 21 07:33:26.881739: | length/value: 14 (0xe) Sep 21 07:33:26.881741: | [14 is OAKLEY_GROUP_MODP2048] Sep 21 07:33:26.881744: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:33:26.881746: | af+type: AF+ENCAPSULATION_MODE (0x8004) Sep 21 07:33:26.881748: | length/value: 1 (0x1) Sep 21 07:33:26.881751: | [1 is ENCAPSULATION_MODE_TUNNEL] Sep 21 07:33:26.881754: | NAT-T non-encap: Installing IPsec SA without ENCAP, st->hidden_variables.st_nat_traversal is none Sep 21 07:33:26.881756: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:33:26.881758: | af+type: AF+SA_LIFE_TYPE (0x8001) Sep 21 07:33:26.881760: | length/value: 1 (0x1) Sep 21 07:33:26.881763: | [1 is SA_LIFE_TYPE_SECONDS] Sep 21 07:33:26.881765: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:33:26.881767: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) Sep 21 07:33:26.881770: | length/value: 28800 (0x7080) Sep 21 07:33:26.881772: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:33:26.881774: | af+type: AF+AUTH_ALGORITHM (0x8005) Sep 21 07:33:26.881777: | length/value: 2 (0x2) Sep 21 07:33:26.881779: | [2 is AUTH_ALGORITHM_HMAC_SHA1] Sep 21 07:33:26.881781: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:33:26.881796: | af+type: AF+KEY_LENGTH (0x8006) Sep 21 07:33:26.881799: | length/value: 128 (0x80) Sep 21 07:33:26.881801: | ESP IPsec Transform verified unconditionally; no alg_info to check against Sep 21 07:33:26.881806: | adding quick_outI1 KE work-order 4 for state #3 Sep 21 07:33:26.881809: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x56097486a170 Sep 21 07:33:26.881812: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #3 Sep 21 07:33:26.881815: | libevent_malloc: new ptr-libevent@0x560974885bf0 size 128 Sep 21 07:33:26.881821: | complete v1 state transition with STF_SUSPEND Sep 21 07:33:26.881826: | [RE]START processing: state #3 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in complete_v1_state_transition() at ikev1.c:2624) Sep 21 07:33:26.881828: | suspending state #3 and saving MD Sep 21 07:33:26.881831: | #3 is busy; has a suspended MD Sep 21 07:33:26.881835: | #1 spent 0.31 milliseconds in process_packet_tail() Sep 21 07:33:26.881839: | stop processing: from 192.1.3.33:500 (BACKGROUND) (in process_md() at demux.c:380) Sep 21 07:33:26.881843: | stop processing: state #3 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in process_md() at demux.c:382) Sep 21 07:33:26.881846: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:33:26.881850: | spent 0.569 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:33:26.881856: | crypto helper 3 resuming Sep 21 07:33:26.881864: | crypto helper 3 starting work-order 4 for state #3 Sep 21 07:33:26.881867: | crypto helper 3 doing build KE and nonce (quick_outI1 KE); request ID 4 Sep 21 07:33:26.882055: | crypto helper 2 finished build KE and nonce (quick_outI1 KE); request ID 3 time elapsed 0.000828 seconds Sep 21 07:33:26.882060: | (#2) spent 0.828 milliseconds in crypto helper computing work-order 3: quick_outI1 KE (pcr) Sep 21 07:33:26.882062: | crypto helper 2 sending results from work-order 3 for state #2 to event queue Sep 21 07:33:26.882063: | scheduling resume sending helper answer for #2 Sep 21 07:33:26.882065: | libevent_malloc: new ptr-libevent@0x7f8334007fa0 size 128 Sep 21 07:33:26.882072: | crypto helper 2 waiting (nothing to do) Sep 21 07:33:26.882077: | processing resume sending helper answer for #2 Sep 21 07:33:26.882082: | start processing: state #2 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in resume_handler() at server.c:797) Sep 21 07:33:26.882086: | crypto helper 2 replies to request ID 3 Sep 21 07:33:26.882088: | calling continuation function 0x560973f3c630 Sep 21 07:33:26.882091: | quick_inI1_outR1_cryptocontinue1 for #2: calculated ke+nonce, calculating DH Sep 21 07:33:26.882106: | started looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org of kind PKK_PSK Sep 21 07:33:26.882116: | actually looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org of kind PKK_PSK Sep 21 07:33:26.882125: | line 0: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org) to type PKK_RSA Sep 21 07:33:26.882135: | line 1: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org) to type PKK_RSA Sep 21 07:33:26.882138: | concluding with best_match=000 best=(nil) (lineno=-1) Sep 21 07:33:26.882140: | no PreShared Key Found Sep 21 07:33:26.882144: | adding quick outR1 DH work-order 5 for state #2 Sep 21 07:33:26.882147: | state #2 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:33:26.882149: | libevent_free: release ptr-libevent@0x7f8338006900 Sep 21 07:33:26.882152: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x560974870fb0 Sep 21 07:33:26.882154: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x560974870fb0 Sep 21 07:33:26.882158: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #2 Sep 21 07:33:26.882160: | libevent_malloc: new ptr-libevent@0x7f8338006900 size 128 Sep 21 07:33:26.882166: | suspending state #2 and saving MD Sep 21 07:33:26.882168: | #2 is busy; has a suspended MD Sep 21 07:33:26.882171: | resume sending helper answer for #2 suppresed complete_v1_state_transition() and stole MD Sep 21 07:33:26.882174: | crypto helper 5 resuming Sep 21 07:33:26.882175: | #2 spent 0.0886 milliseconds in resume sending helper answer Sep 21 07:33:26.882186: | crypto helper 5 starting work-order 5 for state #2 Sep 21 07:33:26.882194: | stop processing: state #2 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in resume_handler() at server.c:833) Sep 21 07:33:26.882198: | crypto helper 5 doing compute dh (V1 Phase 2 PFS) (quick outR1 DH); request ID 5 Sep 21 07:33:26.882199: | libevent_free: release ptr-libevent@0x7f8334007fa0 Sep 21 07:33:26.882958: | crypto helper 3 finished build KE and nonce (quick_outI1 KE); request ID 4 time elapsed 0.001089 seconds Sep 21 07:33:26.882970: | (#3) spent 0.941 milliseconds in crypto helper computing work-order 4: quick_outI1 KE (pcr) Sep 21 07:33:26.882973: | crypto helper 3 sending results from work-order 4 for state #3 to event queue Sep 21 07:33:26.882976: | scheduling resume sending helper answer for #3 Sep 21 07:33:26.882979: | libevent_malloc: new ptr-libevent@0x7f8328007fa0 size 128 Sep 21 07:33:26.882986: | crypto helper 3 waiting (nothing to do) Sep 21 07:33:26.882994: | processing resume sending helper answer for #3 Sep 21 07:33:26.883004: | start processing: state #3 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:797) Sep 21 07:33:26.883008: | crypto helper 3 replies to request ID 4 Sep 21 07:33:26.883011: | calling continuation function 0x560973f3c630 Sep 21 07:33:26.883014: | quick_inI1_outR1_cryptocontinue1 for #3: calculated ke+nonce, calculating DH Sep 21 07:33:26.883031: | started looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org of kind PKK_PSK Sep 21 07:33:26.883041: | actually looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org of kind PKK_PSK Sep 21 07:33:26.883050: | line 0: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org) to type PKK_RSA Sep 21 07:33:26.883062: | line 1: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org) to type PKK_RSA Sep 21 07:33:26.883065: | concluding with best_match=000 best=(nil) (lineno=-1) Sep 21 07:33:26.883068: | no PreShared Key Found Sep 21 07:33:26.883071: | adding quick outR1 DH work-order 6 for state #3 Sep 21 07:33:26.883075: | state #3 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:33:26.883078: | libevent_free: release ptr-libevent@0x560974885bf0 Sep 21 07:33:26.883081: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x56097486a170 Sep 21 07:33:26.883084: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x56097486a170 Sep 21 07:33:26.883086: | crypto helper 5 finished compute dh (V1 Phase 2 PFS) (quick outR1 DH); request ID 5 time elapsed 0.000889 seconds Sep 21 07:33:26.883087: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #3 Sep 21 07:33:26.883099: | libevent_malloc: new ptr-libevent@0x560974885bf0 size 128 Sep 21 07:33:26.883108: | suspending state #3 and saving MD Sep 21 07:33:26.883112: | #3 is busy; has a suspended MD Sep 21 07:33:26.883094: | (#2) spent 0.878 milliseconds in crypto helper computing work-order 5: quick outR1 DH (pcr) Sep 21 07:33:26.883116: | resume sending helper answer for #3 suppresed complete_v1_state_transition() and stole MD Sep 21 07:33:26.883115: | crypto helper 4 resuming Sep 21 07:33:26.883122: | crypto helper 5 sending results from work-order 5 for state #2 to event queue Sep 21 07:33:26.883139: | crypto helper 4 starting work-order 6 for state #3 Sep 21 07:33:26.883131: | #3 spent 0.114 milliseconds in resume sending helper answer Sep 21 07:33:26.883146: | crypto helper 4 doing compute dh (V1 Phase 2 PFS) (quick outR1 DH); request ID 6 Sep 21 07:33:26.883141: | scheduling resume sending helper answer for #2 Sep 21 07:33:26.883150: | stop processing: state #3 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:833) Sep 21 07:33:26.883154: | libevent_malloc: new ptr-libevent@0x7f832c003590 size 128 Sep 21 07:33:26.883159: | libevent_free: release ptr-libevent@0x7f8328007fa0 Sep 21 07:33:26.883162: | crypto helper 5 waiting (nothing to do) Sep 21 07:33:26.883167: | processing resume sending helper answer for #2 Sep 21 07:33:26.883172: | start processing: state #2 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in resume_handler() at server.c:797) Sep 21 07:33:26.883176: | crypto helper 5 replies to request ID 5 Sep 21 07:33:26.883178: | calling continuation function 0x560973f3c630 Sep 21 07:33:26.883180: | quick_inI1_outR1_cryptocontinue2 for #2: calculated DH, sending R1 Sep 21 07:33:26.883185: | **emit ISAKMP Message: Sep 21 07:33:26.883187: | initiator cookie: Sep 21 07:33:26.883189: | 18 31 dd 30 0d 3e 37 d5 Sep 21 07:33:26.883191: | responder cookie: Sep 21 07:33:26.883193: | 85 08 f7 50 ae 24 38 ea Sep 21 07:33:26.883196: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:26.883198: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:33:26.883201: | exchange type: ISAKMP_XCHG_QUICK (0x20) Sep 21 07:33:26.883206: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Sep 21 07:33:26.883208: | Message ID: 3927862520 (0xea1e6cf8) Sep 21 07:33:26.883211: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:33:26.883214: | ***emit ISAKMP Hash Payload: Sep 21 07:33:26.883216: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:26.883219: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Sep 21 07:33:26.883222: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'reply packet' Sep 21 07:33:26.883225: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Sep 21 07:33:26.883228: | emitting length of ISAKMP Hash Payload: 36 Sep 21 07:33:26.883230: | ***emit ISAKMP Security Association Payload: Sep 21 07:33:26.883233: | next payload type: ISAKMP_NEXT_NONCE (0xa) Sep 21 07:33:26.883235: | DOI: ISAKMP_DOI_IPSEC (0x1) Sep 21 07:33:26.883238: | next payload chain: ignoring supplied 'ISAKMP Security Association Payload'.'next payload type' value 10:ISAKMP_NEXT_NONCE Sep 21 07:33:26.883241: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Security Association Payload (1:ISAKMP_NEXT_SA) Sep 21 07:33:26.883244: | next payload chain: saving location 'ISAKMP Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:33:26.883247: | ****parse IPsec DOI SIT: Sep 21 07:33:26.883249: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) Sep 21 07:33:26.883252: | ****parse ISAKMP Proposal Payload: Sep 21 07:33:26.883254: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:26.883256: | length: 72 (0x48) Sep 21 07:33:26.883258: | proposal number: 0 (0x0) Sep 21 07:33:26.883261: | protocol ID: PROTO_IPSEC_ESP (0x3) Sep 21 07:33:26.883263: | SPI size: 4 (0x4) Sep 21 07:33:26.883265: | number of transforms: 2 (0x2) Sep 21 07:33:26.883268: | parsing 4 raw bytes of ISAKMP Proposal Payload into SPI Sep 21 07:33:26.883270: | SPI 6c 96 bd 25 Sep 21 07:33:26.883273: | *****parse ISAKMP Transform Payload (ESP): Sep 21 07:33:26.883274: | next payload type: ISAKMP_NEXT_T (0x3) Sep 21 07:33:26.883276: | length: 32 (0x20) Sep 21 07:33:26.883277: | ESP transform number: 0 (0x0) Sep 21 07:33:26.883279: | ESP transform ID: ESP_AES (0xc) Sep 21 07:33:26.883281: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:33:26.883282: | af+type: AF+GROUP_DESCRIPTION (0x8003) Sep 21 07:33:26.883284: | length/value: 14 (0xe) Sep 21 07:33:26.883285: | [14 is OAKLEY_GROUP_MODP2048] Sep 21 07:33:26.883287: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:33:26.883289: | af+type: AF+ENCAPSULATION_MODE (0x8004) Sep 21 07:33:26.883290: | length/value: 1 (0x1) Sep 21 07:33:26.883292: | [1 is ENCAPSULATION_MODE_TUNNEL] Sep 21 07:33:26.883293: | NAT-T non-encap: Installing IPsec SA without ENCAP, st->hidden_variables.st_nat_traversal is none Sep 21 07:33:26.883295: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:33:26.883296: | af+type: AF+SA_LIFE_TYPE (0x8001) Sep 21 07:33:26.883298: | length/value: 1 (0x1) Sep 21 07:33:26.883299: | [1 is SA_LIFE_TYPE_SECONDS] Sep 21 07:33:26.883301: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:33:26.883302: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) Sep 21 07:33:26.883304: | length/value: 28800 (0x7080) Sep 21 07:33:26.883305: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:33:26.883307: | af+type: AF+AUTH_ALGORITHM (0x8005) Sep 21 07:33:26.883308: | length/value: 2 (0x2) Sep 21 07:33:26.883310: | [2 is AUTH_ALGORITHM_HMAC_SHA1] Sep 21 07:33:26.883311: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:33:26.883313: | af+type: AF+KEY_LENGTH (0x8006) Sep 21 07:33:26.883314: | length/value: 128 (0x80) Sep 21 07:33:26.883316: | ESP IPsec Transform verified unconditionally; no alg_info to check against Sep 21 07:33:26.883318: | ****emit IPsec DOI SIT: Sep 21 07:33:26.883319: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) Sep 21 07:33:26.883322: | ****emit ISAKMP Proposal Payload: Sep 21 07:33:26.883324: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:26.883327: | proposal number: 0 (0x0) Sep 21 07:33:26.883329: | protocol ID: PROTO_IPSEC_ESP (0x3) Sep 21 07:33:26.883331: | SPI size: 4 (0x4) Sep 21 07:33:26.883333: | number of transforms: 1 (0x1) Sep 21 07:33:26.883335: | last substructure: saving location 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' Sep 21 07:33:26.883353: | netlink_get_spi: allocated 0x9b1d501b for esp.0@192.1.2.23 Sep 21 07:33:26.883357: | emitting 4 raw bytes of SPI into ISAKMP Proposal Payload Sep 21 07:33:26.883359: | SPI 9b 1d 50 1b Sep 21 07:33:26.883362: | *****emit ISAKMP Transform Payload (ESP): Sep 21 07:33:26.883364: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:26.883367: | ESP transform number: 0 (0x0) Sep 21 07:33:26.883369: | ESP transform ID: ESP_AES (0xc) Sep 21 07:33:26.883372: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' Sep 21 07:33:26.883375: | emitting 24 raw bytes of attributes into ISAKMP Transform Payload (ESP) Sep 21 07:33:26.883377: | attributes 80 03 00 0e 80 04 00 01 80 01 00 01 80 02 70 80 Sep 21 07:33:26.883379: | attributes 80 05 00 02 80 06 00 80 Sep 21 07:33:26.883382: | emitting length of ISAKMP Transform Payload (ESP): 32 Sep 21 07:33:26.883384: | emitting length of ISAKMP Proposal Payload: 44 Sep 21 07:33:26.883387: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' is 0 Sep 21 07:33:26.883389: | emitting length of ISAKMP Security Association Payload: 56 Sep 21 07:33:26.883392: | last substructure: checking 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' is 0 Sep 21 07:33:26.883396: "northnet-eastnets/0x1" #2: responding to Quick Mode proposal {msgid:ea1e6cf8} Sep 21 07:33:26.883407: "northnet-eastnets/0x1" #2: us: 192.0.2.0/24===192.1.2.23<192.1.2.23>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org] Sep 21 07:33:26.883414: "northnet-eastnets/0x1" #2: them: 192.1.3.33<192.1.3.33>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org]===192.0.3.0/24 Sep 21 07:33:26.883416: | ***emit ISAKMP Nonce Payload: Sep 21 07:33:26.883417: | next payload type: ISAKMP_NEXT_KE (0x4) Sep 21 07:33:26.883419: | next payload chain: ignoring supplied 'ISAKMP Nonce Payload'.'next payload type' value 4:ISAKMP_NEXT_KE Sep 21 07:33:26.883421: | next payload chain: setting previous 'ISAKMP Security Association Payload'.'next payload type' to current ISAKMP Nonce Payload (10:ISAKMP_NEXT_NONCE) Sep 21 07:33:26.883423: | next payload chain: saving location 'ISAKMP Nonce Payload'.'next payload type' in 'reply packet' Sep 21 07:33:26.883425: | emitting 32 raw bytes of Nr into ISAKMP Nonce Payload Sep 21 07:33:26.883426: | Nr 9f e2 db 52 0d 45 e1 2a 6b 78 4f f7 dd b7 23 7d Sep 21 07:33:26.883428: | Nr 7b 0f 22 d3 4d a0 0e 44 58 63 27 0c 28 15 e3 dd Sep 21 07:33:26.883429: | emitting length of ISAKMP Nonce Payload: 36 Sep 21 07:33:26.883431: | ***emit ISAKMP Key Exchange Payload: Sep 21 07:33:26.883432: | next payload type: ISAKMP_NEXT_ID (0x5) Sep 21 07:33:26.883434: | next payload chain: ignoring supplied 'ISAKMP Key Exchange Payload'.'next payload type' value 5:ISAKMP_NEXT_ID Sep 21 07:33:26.883436: | next payload chain: setting previous 'ISAKMP Nonce Payload'.'next payload type' to current ISAKMP Key Exchange Payload (4:ISAKMP_NEXT_KE) Sep 21 07:33:26.883437: | next payload chain: saving location 'ISAKMP Key Exchange Payload'.'next payload type' in 'reply packet' Sep 21 07:33:26.883439: | emitting 256 raw bytes of keyex value into ISAKMP Key Exchange Payload Sep 21 07:33:26.883441: | keyex value 5b 2e c3 08 bd 6d d8 18 ea 32 63 20 87 9d 14 92 Sep 21 07:33:26.883442: | keyex value 72 f2 c7 f9 86 b3 53 d2 02 87 56 f6 ad 0a 1b 36 Sep 21 07:33:26.883445: | keyex value 79 1f 04 40 79 1c 1a 8a 1b b5 0f 84 68 b5 a4 ae Sep 21 07:33:26.883447: | keyex value 0a 1e 63 ad c3 27 dd 8e a7 2b 80 ab 62 8d 1c 05 Sep 21 07:33:26.883448: | keyex value 59 fc 35 37 82 fd 1d 43 32 28 60 b0 77 40 39 34 Sep 21 07:33:26.883450: | keyex value da 69 c3 a1 26 a5 c4 1b 8c 47 8b 37 e0 31 e5 c9 Sep 21 07:33:26.883451: | keyex value fb 84 fd e4 2b 0a 80 82 0f a2 99 73 81 35 55 7c Sep 21 07:33:26.883452: | keyex value 3f 3c 04 ab 55 e9 f6 56 05 c2 d5 46 e6 2b fb cf Sep 21 07:33:26.883454: | keyex value 52 d2 f4 a4 b2 b9 46 a7 50 ff 7e f7 9f 40 f0 a4 Sep 21 07:33:26.883455: | keyex value db 89 60 6b b0 f6 ca 14 00 53 34 ff 38 42 4d 12 Sep 21 07:33:26.883456: | keyex value 48 56 33 34 d2 56 70 21 ed b5 2b c1 ee c8 a1 80 Sep 21 07:33:26.883458: | keyex value 9d 10 ba 26 52 6f 76 e7 3c 87 ab 52 56 d9 b8 27 Sep 21 07:33:26.883459: | keyex value 5a c2 f3 5a 95 26 8c 7c 31 93 67 44 8b 41 ff e7 Sep 21 07:33:26.883461: | keyex value ac 38 9f 6b 88 fa 67 05 7a d6 ec c0 26 4a 0f 57 Sep 21 07:33:26.883462: | keyex value 16 41 19 1b 29 4a be 5a 53 84 57 41 e9 17 4c d7 Sep 21 07:33:26.883463: | keyex value 56 69 9c c9 0c c7 c9 8e d6 40 c3 46 57 48 eb 02 Sep 21 07:33:26.883465: | emitting length of ISAKMP Key Exchange Payload: 260 Sep 21 07:33:26.883467: | ***emit ISAKMP Identification Payload (IPsec DOI): Sep 21 07:33:26.883468: | next payload type: ISAKMP_NEXT_ID (0x5) Sep 21 07:33:26.883470: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Sep 21 07:33:26.883471: | Protocol ID: 0 (0x0) Sep 21 07:33:26.883472: | port: 0 (0x0) Sep 21 07:33:26.883474: | next payload chain: ignoring supplied 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' value 5:ISAKMP_NEXT_ID Sep 21 07:33:26.883476: | next payload chain: setting previous 'ISAKMP Key Exchange Payload'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) Sep 21 07:33:26.883478: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' Sep 21 07:33:26.883480: | emitting 8 raw bytes of ID body into ISAKMP Identification Payload (IPsec DOI) Sep 21 07:33:26.883481: | ID body c0 00 03 00 ff ff ff 00 Sep 21 07:33:26.883482: | emitting length of ISAKMP Identification Payload (IPsec DOI): 16 Sep 21 07:33:26.883484: | ***emit ISAKMP Identification Payload (IPsec DOI): Sep 21 07:33:26.883485: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:26.883487: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Sep 21 07:33:26.883488: | Protocol ID: 0 (0x0) Sep 21 07:33:26.883490: | port: 0 (0x0) Sep 21 07:33:26.883491: | next payload chain: setting previous 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) Sep 21 07:33:26.883493: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' Sep 21 07:33:26.883495: | emitting 8 raw bytes of ID body into ISAKMP Identification Payload (IPsec DOI) Sep 21 07:33:26.883496: | ID body c0 00 02 00 ff ff ff 00 Sep 21 07:33:26.883498: | emitting length of ISAKMP Identification Payload (IPsec DOI): 16 Sep 21 07:33:26.883515: | quick inR1 outI2 HASH(2): Sep 21 07:33:26.883517: | 91 de 71 5b 1a 86 22 4e ea 6b 38 05 e4 8f eb 8c Sep 21 07:33:26.883518: | c9 0d 20 54 79 e7 6b 09 82 41 de 7a 05 45 56 b7 Sep 21 07:33:26.883520: | compute_proto_keymat: needed_len (after ESP enc)=16 Sep 21 07:33:26.883522: | compute_proto_keymat: needed_len (after ESP auth)=36 Sep 21 07:33:26.883619: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:33:26.883625: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Sep 21 07:33:26.883628: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Sep 21 07:33:26.883630: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Sep 21 07:33:26.883633: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Sep 21 07:33:26.883643: | route owner of "northnet-eastnets/0x1" unrouted: NULL Sep 21 07:33:26.883646: | install_inbound_ipsec_sa() checking if we can route Sep 21 07:33:26.883649: | could_route called for northnet-eastnets/0x1 (kind=CK_PERMANENT) Sep 21 07:33:26.883651: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:33:26.883654: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Sep 21 07:33:26.883657: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Sep 21 07:33:26.883659: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Sep 21 07:33:26.883662: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Sep 21 07:33:26.883665: | route owner of "northnet-eastnets/0x1" unrouted: NULL; eroute owner: NULL Sep 21 07:33:26.883668: | routing is easy, or has resolvable near-conflict Sep 21 07:33:26.883670: | checking if this is a replacement state Sep 21 07:33:26.883673: | st=0x5609748792a0 ost=(nil) st->serialno=#2 ost->serialno=#0 Sep 21 07:33:26.883675: | installing outgoing SA now as refhim=0 Sep 21 07:33:26.883679: | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 Sep 21 07:33:26.883682: | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 Sep 21 07:33:26.883685: | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 Sep 21 07:33:26.883689: | setting IPsec SA replay-window to 32 Sep 21 07:33:26.883692: | NIC esp-hw-offload not for connection 'northnet-eastnets/0x1' not available on interface eth1 Sep 21 07:33:26.883695: | netlink: enabling tunnel mode Sep 21 07:33:26.883698: | netlink: setting IPsec SA replay-window to 32 using old-style req Sep 21 07:33:26.883701: | netlink: esp-hw-offload not set for IPsec SA Sep 21 07:33:26.883787: | netlink response for Add SA esp.6c96bd25@192.1.3.33 included non-error error Sep 21 07:33:26.883795: | outgoing SA has refhim=0 Sep 21 07:33:26.883802: | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 Sep 21 07:33:26.883806: | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 Sep 21 07:33:26.883809: | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 Sep 21 07:33:26.883813: | setting IPsec SA replay-window to 32 Sep 21 07:33:26.883817: | NIC esp-hw-offload not for connection 'northnet-eastnets/0x1' not available on interface eth1 Sep 21 07:33:26.883820: | netlink: enabling tunnel mode Sep 21 07:33:26.883822: | netlink: setting IPsec SA replay-window to 32 using old-style req Sep 21 07:33:26.883825: | netlink: esp-hw-offload not set for IPsec SA Sep 21 07:33:26.883871: | netlink response for Add SA esp.9b1d501b@192.1.2.23 included non-error error Sep 21 07:33:26.883875: | priority calculation of connection "northnet-eastnets/0x1" is 0xfe7e7 Sep 21 07:33:26.883884: | add inbound eroute 192.0.3.0/24:0 --0-> 192.0.2.0/24:0 => tun.10000@192.1.2.23 (raw_eroute) Sep 21 07:33:26.883888: | IPsec Sa SPD priority set to 1042407 Sep 21 07:33:26.883946: | raw_eroute result=success Sep 21 07:33:26.884010: | emitting 12 zero bytes of encryption padding into ISAKMP Message Sep 21 07:33:26.884015: | no IKEv1 message padding required Sep 21 07:33:26.884018: | emitting length of ISAKMP Message: 460 Sep 21 07:33:26.884030: | finished processing quick inI1 Sep 21 07:33:26.884034: | complete v1 state transition with STF_OK Sep 21 07:33:26.884038: | [RE]START processing: state #2 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in complete_v1_state_transition() at ikev1.c:2649) Sep 21 07:33:26.884040: | #2 is idle Sep 21 07:33:26.884041: | doing_xauth:no, t_xauth_client_done:no Sep 21 07:33:26.884044: | IKEv1: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1 Sep 21 07:33:26.884046: | child state #2: QUICK_R0(established CHILD SA) => QUICK_R1(established CHILD SA) Sep 21 07:33:26.884047: | event_already_set, deleting event Sep 21 07:33:26.884049: | state #2 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:33:26.884051: | libevent_free: release ptr-libevent@0x7f8338006900 Sep 21 07:33:26.884053: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x560974870fb0 Sep 21 07:33:26.884060: | sending reply packet to 192.1.3.33:500 (from 192.1.2.23:500) Sep 21 07:33:26.884064: | sending 460 bytes for STATE_QUICK_R0 through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #2) Sep 21 07:33:26.884066: | 18 31 dd 30 0d 3e 37 d5 85 08 f7 50 ae 24 38 ea Sep 21 07:33:26.884068: | 08 10 20 01 ea 1e 6c f8 00 00 01 cc aa 81 f5 d8 Sep 21 07:33:26.884069: | 5c aa c1 65 aa 30 4c 43 b9 52 41 70 14 dd 4b 64 Sep 21 07:33:26.884070: | 4f 0a db c8 9f 6e 58 c9 44 ab 1e 16 f6 b2 cf 7b Sep 21 07:33:26.884072: | 75 27 87 be 12 bc e2 0f 75 71 ef 8d 89 3e 70 d4 Sep 21 07:33:26.884073: | b9 d8 58 b7 ae 5d 31 d2 83 02 6d 9f 80 fd 73 dd Sep 21 07:33:26.884074: | 80 47 9b 1c 95 92 58 14 5b 79 d9 09 42 36 94 d9 Sep 21 07:33:26.884076: | 5a 99 a1 c5 34 f5 89 c5 10 ce d4 8f 02 3f 1d 89 Sep 21 07:33:26.884077: | 22 9b 43 d9 95 94 7a a4 bf a5 a1 0b 6c 87 21 27 Sep 21 07:33:26.884078: | d0 58 7f d6 4c ec 9c dd d3 95 6c e0 dc ce bb c5 Sep 21 07:33:26.884080: | 3c 77 38 4a 66 d9 1b 79 18 67 1a bd 5a ad 20 f3 Sep 21 07:33:26.884081: | 8c ab 93 75 4f f7 89 29 69 6e bd 13 1e 21 d4 2c Sep 21 07:33:26.884083: | 28 8e ce 9e ce cf c0 b0 0e 12 4c fa 3b a4 65 0a Sep 21 07:33:26.884084: | 5c 98 d7 3a 20 5a c6 c7 7d 09 a5 9c 0b 20 92 f5 Sep 21 07:33:26.884085: | 41 d2 4f 98 38 6a 78 5c 86 9d 6a 6c 3e d1 12 ac Sep 21 07:33:26.884087: | e1 d9 bf 92 aa 36 e4 a9 29 18 64 43 14 8b 86 f4 Sep 21 07:33:26.884088: | 66 fe 7f 02 89 3d af 8c 94 ea 4b 7e a1 d7 29 ee Sep 21 07:33:26.884089: | 69 9d 8c 75 b7 39 51 33 75 85 dc 69 1f 2b 3f 5f Sep 21 07:33:26.884091: | 42 94 b1 e5 bd b0 73 f5 99 fc 00 bc fc a1 7a d2 Sep 21 07:33:26.884092: | e7 7d 83 45 cc a3 21 8f 71 9e a2 5c 13 9b 37 93 Sep 21 07:33:26.884093: | 20 b9 91 1a 7b ae 57 0d c4 26 4a 89 f4 45 7c 26 Sep 21 07:33:26.884095: | 13 1a 75 71 dc f5 1d 3c 1f dc d6 d9 e2 16 0b 0d Sep 21 07:33:26.884096: | f8 7a 8f 6d 20 0b 48 4e d9 61 5f 3a 00 bb 57 49 Sep 21 07:33:26.884097: | 26 15 cb db 68 4a 99 07 9e 76 4e ad 1e d8 1f d8 Sep 21 07:33:26.884099: | 03 ec 71 69 84 02 e9 c7 e8 9c ca 13 53 6a 85 23 Sep 21 07:33:26.884100: | ab 28 51 2a aa c4 17 18 af 74 59 97 da f9 83 fe Sep 21 07:33:26.884101: | 97 40 3f e9 20 74 4a cf f4 66 27 9b b3 62 34 f5 Sep 21 07:33:26.884103: | 95 04 47 f7 c0 1d 69 56 d3 0c 75 19 77 42 8b 50 Sep 21 07:33:26.884104: | 5c d2 8e 31 51 62 a1 ce 94 c1 23 4d Sep 21 07:33:26.884110: | crypto helper 4 finished compute dh (V1 Phase 2 PFS) (quick outR1 DH); request ID 6 time elapsed 0.000965 seconds Sep 21 07:33:26.884119: | (#3) spent 0.969 milliseconds in crypto helper computing work-order 6: quick outR1 DH (pcr) Sep 21 07:33:26.884122: | crypto helper 4 sending results from work-order 6 for state #3 to event queue Sep 21 07:33:26.884125: | scheduling resume sending helper answer for #3 Sep 21 07:33:26.884128: | libevent_malloc: new ptr-libevent@0x7f8320003770 size 128 Sep 21 07:33:26.884132: | crypto helper 4 waiting (nothing to do) Sep 21 07:33:26.884142: | !event_already_set at reschedule Sep 21 07:33:26.884145: | event_schedule: new EVENT_RETRANSMIT-pe@0x560974870fb0 Sep 21 07:33:26.884148: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #2 Sep 21 07:33:26.884150: | libevent_malloc: new ptr-libevent@0x7f8338006900 size 128 Sep 21 07:33:26.884153: | #2 STATE_QUICK_R1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 49853.25241 Sep 21 07:33:26.884155: | pstats #2 ikev1.ipsec established Sep 21 07:33:26.884158: | NAT-T: encaps is 'auto' Sep 21 07:33:26.884161: "northnet-eastnets/0x1" #2: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2 tunnel mode {ESP=>0x6c96bd25 <0x9b1d501b xfrm=AES_CBC_128-HMAC_SHA1_96 NATOA=none NATD=none DPD=passive} Sep 21 07:33:26.884163: | modecfg pull: noquirk policy:push not-client Sep 21 07:33:26.884165: | phase 1 is done, looking for phase 2 to unpend Sep 21 07:33:26.884167: | resume sending helper answer for #2 suppresed complete_v1_state_transition() Sep 21 07:33:26.884172: | #2 spent 0.944 milliseconds in resume sending helper answer Sep 21 07:33:26.884176: | stop processing: state #2 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in resume_handler() at server.c:833) Sep 21 07:33:26.884177: | libevent_free: release ptr-libevent@0x7f832c003590 Sep 21 07:33:26.884182: | processing resume sending helper answer for #3 Sep 21 07:33:26.884185: | start processing: state #3 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:797) Sep 21 07:33:26.884187: | crypto helper 4 replies to request ID 6 Sep 21 07:33:26.884189: | calling continuation function 0x560973f3c630 Sep 21 07:33:26.884190: | quick_inI1_outR1_cryptocontinue2 for #3: calculated DH, sending R1 Sep 21 07:33:26.884194: | **emit ISAKMP Message: Sep 21 07:33:26.884195: | initiator cookie: Sep 21 07:33:26.884197: | 18 31 dd 30 0d 3e 37 d5 Sep 21 07:33:26.884198: | responder cookie: Sep 21 07:33:26.884200: | 85 08 f7 50 ae 24 38 ea Sep 21 07:33:26.884201: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:26.884203: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:33:26.884204: | exchange type: ISAKMP_XCHG_QUICK (0x20) Sep 21 07:33:26.884206: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Sep 21 07:33:26.884208: | Message ID: 4152290398 (0xf77eec5e) Sep 21 07:33:26.884209: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:33:26.884211: | ***emit ISAKMP Hash Payload: Sep 21 07:33:26.884213: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:26.884215: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Sep 21 07:33:26.884216: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'reply packet' Sep 21 07:33:26.884218: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Sep 21 07:33:26.884220: | emitting length of ISAKMP Hash Payload: 36 Sep 21 07:33:26.884221: | ***emit ISAKMP Security Association Payload: Sep 21 07:33:26.884223: | next payload type: ISAKMP_NEXT_NONCE (0xa) Sep 21 07:33:26.884224: | DOI: ISAKMP_DOI_IPSEC (0x1) Sep 21 07:33:26.884226: | next payload chain: ignoring supplied 'ISAKMP Security Association Payload'.'next payload type' value 10:ISAKMP_NEXT_NONCE Sep 21 07:33:26.884228: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Security Association Payload (1:ISAKMP_NEXT_SA) Sep 21 07:33:26.884230: | next payload chain: saving location 'ISAKMP Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:33:26.884231: | ****parse IPsec DOI SIT: Sep 21 07:33:26.884233: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) Sep 21 07:33:26.884235: | ****parse ISAKMP Proposal Payload: Sep 21 07:33:26.884236: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:26.884238: | length: 72 (0x48) Sep 21 07:33:26.884239: | proposal number: 0 (0x0) Sep 21 07:33:26.884241: | protocol ID: PROTO_IPSEC_ESP (0x3) Sep 21 07:33:26.884242: | SPI size: 4 (0x4) Sep 21 07:33:26.884244: | number of transforms: 2 (0x2) Sep 21 07:33:26.884245: | parsing 4 raw bytes of ISAKMP Proposal Payload into SPI Sep 21 07:33:26.884247: | SPI 3c a7 fe e2 Sep 21 07:33:26.884248: | *****parse ISAKMP Transform Payload (ESP): Sep 21 07:33:26.884250: | next payload type: ISAKMP_NEXT_T (0x3) Sep 21 07:33:26.884251: | length: 32 (0x20) Sep 21 07:33:26.884253: | ESP transform number: 0 (0x0) Sep 21 07:33:26.884254: | ESP transform ID: ESP_AES (0xc) Sep 21 07:33:26.884256: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:33:26.884258: | af+type: AF+GROUP_DESCRIPTION (0x8003) Sep 21 07:33:26.884259: | length/value: 14 (0xe) Sep 21 07:33:26.884261: | [14 is OAKLEY_GROUP_MODP2048] Sep 21 07:33:26.884263: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:33:26.884264: | af+type: AF+ENCAPSULATION_MODE (0x8004) Sep 21 07:33:26.884267: | length/value: 1 (0x1) Sep 21 07:33:26.884269: | [1 is ENCAPSULATION_MODE_TUNNEL] Sep 21 07:33:26.884271: | NAT-T non-encap: Installing IPsec SA without ENCAP, st->hidden_variables.st_nat_traversal is none Sep 21 07:33:26.884272: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:33:26.884274: | af+type: AF+SA_LIFE_TYPE (0x8001) Sep 21 07:33:26.884275: | length/value: 1 (0x1) Sep 21 07:33:26.884276: | [1 is SA_LIFE_TYPE_SECONDS] Sep 21 07:33:26.884278: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:33:26.884279: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) Sep 21 07:33:26.884281: | length/value: 28800 (0x7080) Sep 21 07:33:26.884282: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:33:26.884284: | af+type: AF+AUTH_ALGORITHM (0x8005) Sep 21 07:33:26.884285: | length/value: 2 (0x2) Sep 21 07:33:26.884287: | [2 is AUTH_ALGORITHM_HMAC_SHA1] Sep 21 07:33:26.884288: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:33:26.884290: | af+type: AF+KEY_LENGTH (0x8006) Sep 21 07:33:26.884291: | length/value: 128 (0x80) Sep 21 07:33:26.884293: | ESP IPsec Transform verified unconditionally; no alg_info to check against Sep 21 07:33:26.884294: | ****emit IPsec DOI SIT: Sep 21 07:33:26.884296: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) Sep 21 07:33:26.884297: | ****emit ISAKMP Proposal Payload: Sep 21 07:33:26.884299: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:26.884300: | proposal number: 0 (0x0) Sep 21 07:33:26.884302: | protocol ID: PROTO_IPSEC_ESP (0x3) Sep 21 07:33:26.884303: | SPI size: 4 (0x4) Sep 21 07:33:26.884305: | number of transforms: 1 (0x1) Sep 21 07:33:26.884306: | last substructure: saving location 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' Sep 21 07:33:26.884315: | netlink_get_spi: allocated 0x24fe65a2 for esp.0@192.1.2.23 Sep 21 07:33:26.884317: | emitting 4 raw bytes of SPI into ISAKMP Proposal Payload Sep 21 07:33:26.884318: | SPI 24 fe 65 a2 Sep 21 07:33:26.884320: | *****emit ISAKMP Transform Payload (ESP): Sep 21 07:33:26.884321: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:26.884323: | ESP transform number: 0 (0x0) Sep 21 07:33:26.884324: | ESP transform ID: ESP_AES (0xc) Sep 21 07:33:26.884326: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' Sep 21 07:33:26.884328: | emitting 24 raw bytes of attributes into ISAKMP Transform Payload (ESP) Sep 21 07:33:26.884329: | attributes 80 03 00 0e 80 04 00 01 80 01 00 01 80 02 70 80 Sep 21 07:33:26.884331: | attributes 80 05 00 02 80 06 00 80 Sep 21 07:33:26.884332: | emitting length of ISAKMP Transform Payload (ESP): 32 Sep 21 07:33:26.884334: | emitting length of ISAKMP Proposal Payload: 44 Sep 21 07:33:26.884336: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' is 0 Sep 21 07:33:26.884337: | emitting length of ISAKMP Security Association Payload: 56 Sep 21 07:33:26.884339: | last substructure: checking 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' is 0 Sep 21 07:33:26.884342: "northnet-eastnets/0x2" #3: responding to Quick Mode proposal {msgid:f77eec5e} Sep 21 07:33:26.884349: "northnet-eastnets/0x2" #3: us: 192.0.22.0/24===192.1.2.23<192.1.2.23>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org] Sep 21 07:33:26.884355: "northnet-eastnets/0x2" #3: them: 192.1.3.33<192.1.3.33>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org]===192.0.3.0/24 Sep 21 07:33:26.884356: | ***emit ISAKMP Nonce Payload: Sep 21 07:33:26.884358: | next payload type: ISAKMP_NEXT_KE (0x4) Sep 21 07:33:26.884360: | next payload chain: ignoring supplied 'ISAKMP Nonce Payload'.'next payload type' value 4:ISAKMP_NEXT_KE Sep 21 07:33:26.884362: | next payload chain: setting previous 'ISAKMP Security Association Payload'.'next payload type' to current ISAKMP Nonce Payload (10:ISAKMP_NEXT_NONCE) Sep 21 07:33:26.884365: | next payload chain: saving location 'ISAKMP Nonce Payload'.'next payload type' in 'reply packet' Sep 21 07:33:26.884367: | emitting 32 raw bytes of Nr into ISAKMP Nonce Payload Sep 21 07:33:26.884368: | Nr 30 e7 6f 73 14 1f bc 05 6a 43 ef 45 1f 58 10 19 Sep 21 07:33:26.884369: | Nr e9 c8 14 8e 15 c3 d8 46 9e 76 7e 09 69 65 56 98 Sep 21 07:33:26.884371: | emitting length of ISAKMP Nonce Payload: 36 Sep 21 07:33:26.884372: | ***emit ISAKMP Key Exchange Payload: Sep 21 07:33:26.884374: | next payload type: ISAKMP_NEXT_ID (0x5) Sep 21 07:33:26.884376: | next payload chain: ignoring supplied 'ISAKMP Key Exchange Payload'.'next payload type' value 5:ISAKMP_NEXT_ID Sep 21 07:33:26.884377: | next payload chain: setting previous 'ISAKMP Nonce Payload'.'next payload type' to current ISAKMP Key Exchange Payload (4:ISAKMP_NEXT_KE) Sep 21 07:33:26.884379: | next payload chain: saving location 'ISAKMP Key Exchange Payload'.'next payload type' in 'reply packet' Sep 21 07:33:26.884381: | emitting 256 raw bytes of keyex value into ISAKMP Key Exchange Payload Sep 21 07:33:26.884382: | keyex value b4 87 2a 09 de 22 61 3d 3f f1 99 05 2b 49 6b 68 Sep 21 07:33:26.884384: | keyex value e5 56 c2 b4 ac a9 7d 64 13 d2 a8 0e 69 c0 05 00 Sep 21 07:33:26.884385: | keyex value e3 28 0f fb 22 39 5b e1 61 ad 71 97 12 e8 14 3e Sep 21 07:33:26.884387: | keyex value f5 02 43 9c 28 d8 6b ef 01 8e dc b4 db b3 6e 8a Sep 21 07:33:26.884388: | keyex value f0 4d ad e0 c6 3b f5 91 e6 dc 34 8e 8e 2f 95 e9 Sep 21 07:33:26.884389: | keyex value 86 62 91 11 06 ea b8 15 cc 6a 4d 2a ae d5 37 bd Sep 21 07:33:26.884391: | keyex value 20 4f 6b 5e de 95 f7 8a 32 9f fa 36 f6 de 86 7c Sep 21 07:33:26.884392: | keyex value 04 aa c5 2a 87 5e be e7 7c d7 5b a2 15 51 9b ec Sep 21 07:33:26.884393: | keyex value 92 35 22 c8 fd c7 be f8 82 96 b9 88 c1 ec 60 a5 Sep 21 07:33:26.884395: | keyex value 69 b7 9c 07 06 19 b9 b0 7e 27 6d d4 5e 9c 83 fe Sep 21 07:33:26.884396: | keyex value 47 21 01 48 7d 78 bc eb 6f b7 c6 e5 e3 1e 6a 65 Sep 21 07:33:26.884398: | keyex value e7 18 84 3d 6f d4 58 df b9 68 6f b9 60 d1 43 c0 Sep 21 07:33:26.884399: | keyex value 9b ef 00 cc db 0c 2b 80 dd ad 25 6c 82 92 c9 0c Sep 21 07:33:26.884400: | keyex value 59 fc d0 0f 18 10 d2 84 12 c9 74 0a b6 27 75 8a Sep 21 07:33:26.884402: | keyex value d3 39 9c 30 10 c6 97 e9 b4 9c a1 9f c5 d8 a2 aa Sep 21 07:33:26.884403: | keyex value 3c 8f b5 dd 99 e1 3c 3f da 77 62 84 f2 bd 0b 88 Sep 21 07:33:26.884405: | emitting length of ISAKMP Key Exchange Payload: 260 Sep 21 07:33:26.884406: | ***emit ISAKMP Identification Payload (IPsec DOI): Sep 21 07:33:26.884408: | next payload type: ISAKMP_NEXT_ID (0x5) Sep 21 07:33:26.884409: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Sep 21 07:33:26.884411: | Protocol ID: 0 (0x0) Sep 21 07:33:26.884412: | port: 0 (0x0) Sep 21 07:33:26.884414: | next payload chain: ignoring supplied 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' value 5:ISAKMP_NEXT_ID Sep 21 07:33:26.884416: | next payload chain: setting previous 'ISAKMP Key Exchange Payload'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) Sep 21 07:33:26.884417: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' Sep 21 07:33:26.884419: | emitting 8 raw bytes of ID body into ISAKMP Identification Payload (IPsec DOI) Sep 21 07:33:26.884421: | ID body c0 00 03 00 ff ff ff 00 Sep 21 07:33:26.884422: | emitting length of ISAKMP Identification Payload (IPsec DOI): 16 Sep 21 07:33:26.884424: | ***emit ISAKMP Identification Payload (IPsec DOI): Sep 21 07:33:26.884425: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:26.884427: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Sep 21 07:33:26.884428: | Protocol ID: 0 (0x0) Sep 21 07:33:26.884429: | port: 0 (0x0) Sep 21 07:33:26.884431: | next payload chain: setting previous 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) Sep 21 07:33:26.884434: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' Sep 21 07:33:26.884435: | emitting 8 raw bytes of ID body into ISAKMP Identification Payload (IPsec DOI) Sep 21 07:33:26.884437: | ID body c0 00 16 00 ff ff ff 00 Sep 21 07:33:26.884438: | emitting length of ISAKMP Identification Payload (IPsec DOI): 16 Sep 21 07:33:26.884453: | quick inR1 outI2 HASH(2): Sep 21 07:33:26.884455: | 8a 6a 93 7f 58 99 26 04 1f f2 22 ab fb 7a f2 6b Sep 21 07:33:26.884456: | ab d5 4f 84 84 9f e8 ff 5a eb 4a 90 8c 9e 35 27 Sep 21 07:33:26.884458: | compute_proto_keymat: needed_len (after ESP enc)=16 Sep 21 07:33:26.884459: | compute_proto_keymat: needed_len (after ESP auth)=36 Sep 21 07:33:26.884517: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:33:26.884520: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Sep 21 07:33:26.884521: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Sep 21 07:33:26.884523: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Sep 21 07:33:26.884524: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Sep 21 07:33:26.884527: | route owner of "northnet-eastnets/0x2" unrouted: NULL Sep 21 07:33:26.884528: | install_inbound_ipsec_sa() checking if we can route Sep 21 07:33:26.884530: | could_route called for northnet-eastnets/0x2 (kind=CK_PERMANENT) Sep 21 07:33:26.884531: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:33:26.884533: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Sep 21 07:33:26.884534: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Sep 21 07:33:26.884536: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Sep 21 07:33:26.884537: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Sep 21 07:33:26.884539: | route owner of "northnet-eastnets/0x2" unrouted: NULL; eroute owner: NULL Sep 21 07:33:26.884541: | routing is easy, or has resolvable near-conflict Sep 21 07:33:26.884542: | checking if this is a replacement state Sep 21 07:33:26.884544: | st=0x560974880100 ost=(nil) st->serialno=#3 ost->serialno=#0 Sep 21 07:33:26.884546: | installing outgoing SA now as refhim=0 Sep 21 07:33:26.884547: | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 Sep 21 07:33:26.884549: | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 Sep 21 07:33:26.884551: | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 Sep 21 07:33:26.884553: | setting IPsec SA replay-window to 32 Sep 21 07:33:26.884555: | NIC esp-hw-offload not for connection 'northnet-eastnets/0x2' not available on interface eth1 Sep 21 07:33:26.884557: | netlink: enabling tunnel mode Sep 21 07:33:26.884558: | netlink: setting IPsec SA replay-window to 32 using old-style req Sep 21 07:33:26.884560: | netlink: esp-hw-offload not set for IPsec SA Sep 21 07:33:26.884599: | netlink response for Add SA esp.3ca7fee2@192.1.3.33 included non-error error Sep 21 07:33:26.884602: | outgoing SA has refhim=0 Sep 21 07:33:26.884606: | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 Sep 21 07:33:26.884609: | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 Sep 21 07:33:26.884612: | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 Sep 21 07:33:26.884616: | setting IPsec SA replay-window to 32 Sep 21 07:33:26.884620: | NIC esp-hw-offload not for connection 'northnet-eastnets/0x2' not available on interface eth1 Sep 21 07:33:26.884623: | netlink: enabling tunnel mode Sep 21 07:33:26.884626: | netlink: setting IPsec SA replay-window to 32 using old-style req Sep 21 07:33:26.884628: | netlink: esp-hw-offload not set for IPsec SA Sep 21 07:33:26.884663: | netlink response for Add SA esp.24fe65a2@192.1.2.23 included non-error error Sep 21 07:33:26.884667: | priority calculation of connection "northnet-eastnets/0x2" is 0xfe7e7 Sep 21 07:33:26.884677: | add inbound eroute 192.0.3.0/24:0 --0-> 192.0.22.0/24:0 => tun.10000@192.1.2.23 (raw_eroute) Sep 21 07:33:26.884681: | IPsec Sa SPD priority set to 1042407 Sep 21 07:33:26.884722: | raw_eroute result=success Sep 21 07:33:26.884769: | emitting 12 zero bytes of encryption padding into ISAKMP Message Sep 21 07:33:26.884774: | no IKEv1 message padding required Sep 21 07:33:26.884777: | emitting length of ISAKMP Message: 460 Sep 21 07:33:26.884793: | finished processing quick inI1 Sep 21 07:33:26.884799: | complete v1 state transition with STF_OK Sep 21 07:33:26.884805: | [RE]START processing: state #3 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in complete_v1_state_transition() at ikev1.c:2649) Sep 21 07:33:26.884807: | #3 is idle Sep 21 07:33:26.884808: | doing_xauth:no, t_xauth_client_done:no Sep 21 07:33:26.884810: | IKEv1: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1 Sep 21 07:33:26.884812: | child state #3: QUICK_R0(established CHILD SA) => QUICK_R1(established CHILD SA) Sep 21 07:33:26.884814: | event_already_set, deleting event Sep 21 07:33:26.884816: | state #3 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:33:26.884818: | libevent_free: release ptr-libevent@0x560974885bf0 Sep 21 07:33:26.884819: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x56097486a170 Sep 21 07:33:26.884822: | sending reply packet to 192.1.3.33:500 (from 192.1.2.23:500) Sep 21 07:33:26.884827: | sending 460 bytes for STATE_QUICK_R0 through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #3) Sep 21 07:33:26.884828: | 18 31 dd 30 0d 3e 37 d5 85 08 f7 50 ae 24 38 ea Sep 21 07:33:26.884830: | 08 10 20 01 f7 7e ec 5e 00 00 01 cc f5 c9 93 dd Sep 21 07:33:26.884831: | 28 9b 94 c8 b1 35 c6 d1 b6 7e 5a 09 24 bc a2 66 Sep 21 07:33:26.884833: | 13 2d 16 66 86 ad bb e9 fa 84 12 6e 89 ec 01 41 Sep 21 07:33:26.884834: | 4a 26 cb 97 b2 a2 01 43 8b 25 f0 f3 50 e6 4b 84 Sep 21 07:33:26.884835: | 29 fa 9f 72 09 ee f6 1a 26 f4 76 a5 9e 1f fa 43 Sep 21 07:33:26.884837: | ea a9 01 c5 43 a7 90 31 18 34 6d 4d 84 ee 15 1e Sep 21 07:33:26.884838: | 63 6f 82 d0 76 b6 f8 f8 62 a2 50 8d 77 60 a6 85 Sep 21 07:33:26.884839: | dc 74 0e 96 b9 be 55 5f 78 6b 09 84 c0 f2 41 2b Sep 21 07:33:26.884841: | 46 79 30 6e 95 af 6e 5d 8e d3 2f 27 a7 61 d6 60 Sep 21 07:33:26.884842: | b2 0e fd 4d 52 99 21 aa 65 22 19 a7 d5 e9 7c 17 Sep 21 07:33:26.884844: | 98 09 02 0b f4 8c 33 e5 c5 74 d6 2b ea 69 87 8a Sep 21 07:33:26.884845: | cd 7e 6d 5b 62 53 93 4d c6 5d c3 da d2 2f f7 50 Sep 21 07:33:26.884846: | 85 b7 ac d8 63 31 78 07 d0 52 2c d8 77 8e c2 d2 Sep 21 07:33:26.884848: | 18 a6 5b c4 6e 3f 9b 95 25 84 d7 75 a0 4c dd f4 Sep 21 07:33:26.884849: | 70 59 39 12 20 ad e7 65 df 2c 38 ff 98 28 31 a8 Sep 21 07:33:26.884850: | f9 f7 48 52 f3 ea 3d 8c 17 ca 8c c1 b8 90 e3 02 Sep 21 07:33:26.884852: | d9 0e c3 ab a7 bd 04 8d fa 88 d6 67 25 29 21 e2 Sep 21 07:33:26.884853: | c7 f0 2f f9 c8 5f b3 85 bd 98 ca 65 02 95 2d e5 Sep 21 07:33:26.884854: | de 80 1b 37 de 27 07 ce c0 67 9a c5 09 83 6b 25 Sep 21 07:33:26.884856: | f6 44 9e 22 82 41 72 b1 5c e9 a8 0f 3e 86 fd dd Sep 21 07:33:26.884857: | 53 29 85 91 39 ed 5c 1c 1f 0b c8 a4 9c 9e f2 d2 Sep 21 07:33:26.884859: | c2 73 78 cd e3 32 10 fd fd 75 8d 4b 47 20 6a be Sep 21 07:33:26.884860: | 98 6a 44 ac 41 b8 1e 89 2a 27 f5 60 57 a4 f4 0e Sep 21 07:33:26.884861: | 35 12 89 ff 3e 68 33 d1 9f 47 6c d5 81 0d 2c 75 Sep 21 07:33:26.884863: | 4e e2 24 a8 23 d9 97 cf 72 84 9e 0f d3 e8 d0 66 Sep 21 07:33:26.884864: | 21 28 2d 39 1f 61 dc 30 82 6c f8 9f 51 db 80 45 Sep 21 07:33:26.884865: | ea f0 60 e5 a6 55 3e 26 7e a7 41 3d 66 ea 90 65 Sep 21 07:33:26.884867: | be ad 23 77 97 d9 ce 24 72 e2 60 80 Sep 21 07:33:26.884888: | !event_already_set at reschedule Sep 21 07:33:26.884891: | event_schedule: new EVENT_RETRANSMIT-pe@0x56097486a170 Sep 21 07:33:26.884894: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #3 Sep 21 07:33:26.884896: | libevent_malloc: new ptr-libevent@0x560974885bf0 size 128 Sep 21 07:33:26.884901: | #3 STATE_QUICK_R1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 49853.253155 Sep 21 07:33:26.884903: | pstats #3 ikev1.ipsec established Sep 21 07:33:26.884905: | NAT-T: encaps is 'auto' Sep 21 07:33:26.884908: "northnet-eastnets/0x2" #3: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2 tunnel mode {ESP=>0x3ca7fee2 <0x24fe65a2 xfrm=AES_CBC_128-HMAC_SHA1_96 NATOA=none NATD=none DPD=passive} Sep 21 07:33:26.884909: | modecfg pull: noquirk policy:push not-client Sep 21 07:33:26.884911: | phase 1 is done, looking for phase 2 to unpend Sep 21 07:33:26.884913: | resume sending helper answer for #3 suppresed complete_v1_state_transition() Sep 21 07:33:26.884917: | #3 spent 0.711 milliseconds in resume sending helper answer Sep 21 07:33:26.884920: | stop processing: state #3 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:833) Sep 21 07:33:26.884922: | libevent_free: release ptr-libevent@0x7f8320003770 Sep 21 07:33:26.914607: | spent 0.00255 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:33:26.914626: | *received 76 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) Sep 21 07:33:26.914628: | 18 31 dd 30 0d 3e 37 d5 85 08 f7 50 ae 24 38 ea Sep 21 07:33:26.914630: | 08 10 20 01 ea 1e 6c f8 00 00 00 4c 4e c2 5d f8 Sep 21 07:33:26.914632: | 28 60 ce e3 31 e2 53 95 66 be d3 f1 fe 44 79 bf Sep 21 07:33:26.914633: | 23 35 3b 0e 61 2e 7e a2 0f ae 53 38 9f 7f 10 1e Sep 21 07:33:26.914636: | 9a a8 73 a0 5d f7 15 f9 f3 7b 91 b1 Sep 21 07:33:26.914640: | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) Sep 21 07:33:26.914643: | **parse ISAKMP Message: Sep 21 07:33:26.914646: | initiator cookie: Sep 21 07:33:26.914647: | 18 31 dd 30 0d 3e 37 d5 Sep 21 07:33:26.914649: | responder cookie: Sep 21 07:33:26.914651: | 85 08 f7 50 ae 24 38 ea Sep 21 07:33:26.914653: | next payload type: ISAKMP_NEXT_HASH (0x8) Sep 21 07:33:26.914655: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:33:26.914657: | exchange type: ISAKMP_XCHG_QUICK (0x20) Sep 21 07:33:26.914659: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Sep 21 07:33:26.914661: | Message ID: 3927862520 (0xea1e6cf8) Sep 21 07:33:26.914663: | length: 76 (0x4c) Sep 21 07:33:26.914665: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32) Sep 21 07:33:26.914669: | State DB: found IKEv1 state #2 in QUICK_R1 (find_state_ikev1) Sep 21 07:33:26.914674: | start processing: state #2 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in process_v1_packet() at ikev1.c:1609) Sep 21 07:33:26.914677: | #2 is idle Sep 21 07:33:26.914679: | #2 idle Sep 21 07:33:26.914681: | received encrypted packet from 192.1.3.33:500 Sep 21 07:33:26.914700: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x100 opt: 0x0 Sep 21 07:33:26.914703: | ***parse ISAKMP Hash Payload: Sep 21 07:33:26.914705: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:26.914707: | length: 36 (0x24) Sep 21 07:33:26.914710: | removing 12 bytes of padding Sep 21 07:33:26.914736: | quick_inI2 HASH(3): Sep 21 07:33:26.914739: | de c2 0e dd f3 3b 64 53 15 06 5c ef cc c0 f4 63 Sep 21 07:33:26.914741: | 40 57 43 6d 61 38 17 0a 64 8b b0 67 63 a1 22 16 Sep 21 07:33:26.914743: | received 'quick_inI2' message HASH(3) data ok Sep 21 07:33:26.914748: | install_ipsec_sa() for #2: outbound only Sep 21 07:33:26.914751: | could_route called for northnet-eastnets/0x1 (kind=CK_PERMANENT) Sep 21 07:33:26.914753: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:33:26.914756: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Sep 21 07:33:26.914758: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Sep 21 07:33:26.914761: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Sep 21 07:33:26.914763: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Sep 21 07:33:26.914767: | route owner of "northnet-eastnets/0x1" unrouted: NULL; eroute owner: NULL Sep 21 07:33:26.914772: | sr for #2: unrouted Sep 21 07:33:26.914774: | route_and_eroute() for proto 0, and source port 0 dest port 0 Sep 21 07:33:26.914777: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:33:26.914779: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Sep 21 07:33:26.914781: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Sep 21 07:33:26.914788: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Sep 21 07:33:26.914792: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Sep 21 07:33:26.914795: | route owner of "northnet-eastnets/0x1" unrouted: NULL; eroute owner: NULL Sep 21 07:33:26.914799: | route_and_eroute with c: northnet-eastnets/0x1 (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: #2 Sep 21 07:33:26.914802: | priority calculation of connection "northnet-eastnets/0x1" is 0xfe7e7 Sep 21 07:33:26.914810: | eroute_connection add eroute 192.0.2.0/24:0 --0-> 192.0.3.0/24:0 => tun.0@192.1.3.33 (raw_eroute) Sep 21 07:33:26.914826: | IPsec Sa SPD priority set to 1042407 Sep 21 07:33:26.914880: | raw_eroute result=success Sep 21 07:33:26.914885: | running updown command "ipsec _updown" for verb up Sep 21 07:33:26.914888: | command executing up-client Sep 21 07:33:26.914923: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:33:26.914931: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:33:26.914951: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RS Sep 21 07:33:26.914954: | popen cmd is 1403 chars long Sep 21 07:33:26.914957: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0: Sep 21 07:33:26.914960: | cmd( 80):x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PL: Sep 21 07:33:26.914962: | cmd( 160):UTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east: Sep 21 07:33:26.914965: | cmd( 240):.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='192.: Sep 21 07:33:26.914967: | cmd( 320):0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' P: Sep 21 07:33:26.914969: | cmd( 400):LUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP: Sep 21 07:33:26.914972: | cmd( 480):' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswa: Sep 21 07:33:26.914974: | cmd( 560):n, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libr: Sep 21 07:33:26.914976: | cmd( 640):eswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PL: Sep 21 07:33:26.914978: | cmd( 720):UTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0': Sep 21 07:33:26.914981: | cmd( 800): PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN: Sep 21 07:33:26.914982: | cmd( 880):=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLU: Sep 21 07:33:26.914986: | cmd( 960):TO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TR: Sep 21 07:33:26.914989: | cmd(1040):ACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY=: Sep 21 07:33:26.914991: | cmd(1120):'ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_: Sep 21 07:33:26.914993: | cmd(1200):DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PL: Sep 21 07:33:26.914995: | cmd(1280):UTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x6c9: Sep 21 07:33:26.914997: | cmd(1360):6bd25 SPI_OUT=0x9b1d501b ipsec _updown 2>&1: Sep 21 07:33:26.922139: | route_and_eroute: firewall_notified: true Sep 21 07:33:26.922151: | running updown command "ipsec _updown" for verb prepare Sep 21 07:33:26.922154: | command executing prepare-client Sep 21 07:33:26.922177: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:33:26.922182: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:33:26.922195: | executing prepare-client: PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_ Sep 21 07:33:26.922198: | popen cmd is 1408 chars long Sep 21 07:33:26.922199: | cmd( 0):PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastn: Sep 21 07:33:26.922201: | cmd( 80):ets/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.2: Sep 21 07:33:26.922203: | cmd( 160):3' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN: Sep 21 07:33:26.922204: | cmd( 240):=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT=: Sep 21 07:33:26.922206: | cmd( 320):'192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255: Sep 21 07:33:26.922207: | cmd( 400):.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE: Sep 21 07:33:26.922209: | cmd( 480):='ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Lib: Sep 21 07:33:26.922210: | cmd( 560):reswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing: Sep 21 07:33:26.922211: | cmd( 640):.libreswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.: Sep 21 07:33:26.922213: | cmd( 720):0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCO: Sep 21 07:33:26.922214: | cmd( 800):L='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Departmen: Sep 21 07:33:26.922216: | cmd( 880):t, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey: Sep 21 07:33:26.922217: | cmd( 960):' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAR: Sep 21 07:33:26.922219: | cmd(1040):EF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFA: Sep 21 07:33:26.922220: | cmd(1120):MILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_: Sep 21 07:33:26.922225: | cmd(1200):PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT=': Sep 21 07:33:26.922226: | cmd(1280):0' PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=: Sep 21 07:33:26.922228: | cmd(1360):0x6c96bd25 SPI_OUT=0x9b1d501b ipsec _updown 2>&1: Sep 21 07:33:26.929387: | running updown command "ipsec _updown" for verb route Sep 21 07:33:26.929398: | command executing route-client Sep 21 07:33:26.929422: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:33:26.929427: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:33:26.929441: | executing route-client: PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLI Sep 21 07:33:26.929443: | popen cmd is 1406 chars long Sep 21 07:33:26.929445: | cmd( 0):PLUTO_VERB='route-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnet: Sep 21 07:33:26.929447: | cmd( 80):s/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23': Sep 21 07:33:26.929448: | cmd( 160): PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=e: Sep 21 07:33:26.929450: | cmd( 240):ast.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='1: Sep 21 07:33:26.929451: | cmd( 320):92.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0: Sep 21 07:33:26.929453: | cmd( 400):' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE=': Sep 21 07:33:26.929455: | cmd( 480):ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libre: Sep 21 07:33:26.929456: | cmd( 560):swan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.l: Sep 21 07:33:26.929458: | cmd( 640):ibreswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0': Sep 21 07:33:26.929459: | cmd( 720): PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL=: Sep 21 07:33:26.929461: | cmd( 800):'0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department,: Sep 21 07:33:26.929462: | cmd( 880): CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' : Sep 21 07:33:26.929464: | cmd( 960):PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF: Sep 21 07:33:26.929465: | cmd(1040):_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMI: Sep 21 07:33:26.929467: | cmd(1120):LY='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PE: Sep 21 07:33:26.929468: | cmd(1200):ER_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0': Sep 21 07:33:26.929470: | cmd(1280): PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x: Sep 21 07:33:26.929471: | cmd(1360):6c96bd25 SPI_OUT=0x9b1d501b ipsec _updown 2>&1: Sep 21 07:33:26.942758: | route_and_eroute: instance "northnet-eastnets/0x1", setting eroute_owner {spd=0x560974866400,sr=0x560974866400} to #2 (was #0) (newest_ipsec_sa=#0) Sep 21 07:33:26.942775: | #1 spent 0.738 milliseconds in install_ipsec_sa() Sep 21 07:33:26.942778: | inI2: instance northnet-eastnets/0x1[0], setting IKEv1 newest_ipsec_sa to #2 (was #0) (spd.eroute=#2) cloned from #1 Sep 21 07:33:26.942781: | DPD: dpd_init() called on IPsec SA Sep 21 07:33:26.942787: | DPD: Peer does not support Dead Peer Detection Sep 21 07:33:26.942791: | complete v1 state transition with STF_OK Sep 21 07:33:26.942797: | [RE]START processing: state #2 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in complete_v1_state_transition() at ikev1.c:2649) Sep 21 07:33:26.942799: | #2 is idle Sep 21 07:33:26.942800: | doing_xauth:no, t_xauth_client_done:no Sep 21 07:33:26.942803: | IKEv1: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2 Sep 21 07:33:26.942805: | child state #2: QUICK_R1(established CHILD SA) => QUICK_R2(established CHILD SA) Sep 21 07:33:26.942807: | event_already_set, deleting event Sep 21 07:33:26.942809: | state #2 requesting EVENT_RETRANSMIT to be deleted Sep 21 07:33:26.942811: | #2 STATE_QUICK_R2: retransmits: cleared Sep 21 07:33:26.942815: | libevent_free: release ptr-libevent@0x7f8338006900 Sep 21 07:33:26.942817: | free_event_entry: release EVENT_RETRANSMIT-pe@0x560974870fb0 Sep 21 07:33:26.942819: | !event_already_set at reschedule Sep 21 07:33:26.942821: | event_schedule: new EVENT_SA_REPLACE-pe@0x560974870fb0 Sep 21 07:33:26.942824: | inserting event EVENT_SA_REPLACE, timeout in 28530 seconds for #2 Sep 21 07:33:26.942826: | libevent_malloc: new ptr-libevent@0x7f8338006900 size 128 Sep 21 07:33:26.942829: | pstats #2 ikev1.ipsec established Sep 21 07:33:26.942832: | NAT-T: encaps is 'auto' Sep 21 07:33:26.942835: "northnet-eastnets/0x1" #2: STATE_QUICK_R2: IPsec SA established tunnel mode {ESP=>0x6c96bd25 <0x9b1d501b xfrm=AES_CBC_128-HMAC_SHA1_96 NATOA=none NATD=none DPD=passive} Sep 21 07:33:26.942838: | modecfg pull: noquirk policy:push not-client Sep 21 07:33:26.942839: | phase 1 is done, looking for phase 2 to unpend Sep 21 07:33:26.942843: | #2 spent 0.807 milliseconds in process_packet_tail() Sep 21 07:33:26.942846: | stop processing: from 192.1.3.33:500 (BACKGROUND) (in process_md() at demux.c:380) Sep 21 07:33:26.942849: | stop processing: state #2 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in process_md() at demux.c:382) Sep 21 07:33:26.942851: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:33:26.942854: | spent 0.948 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:33:26.942864: | processing signal PLUTO_SIGCHLD Sep 21 07:33:26.942880: | waitpid returned ECHILD (no child processes left) Sep 21 07:33:26.942883: | spent 0.00391 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:33:26.942884: | processing signal PLUTO_SIGCHLD Sep 21 07:33:26.942887: | waitpid returned ECHILD (no child processes left) Sep 21 07:33:26.942889: | spent 0.00218 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:33:26.942890: | processing signal PLUTO_SIGCHLD Sep 21 07:33:26.942892: | waitpid returned ECHILD (no child processes left) Sep 21 07:33:26.942894: | spent 0.00217 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:33:26.946295: | spent 0.00253 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:33:26.946314: | *received 76 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) Sep 21 07:33:26.946318: | 18 31 dd 30 0d 3e 37 d5 85 08 f7 50 ae 24 38 ea Sep 21 07:33:26.946321: | 08 10 20 01 f7 7e ec 5e 00 00 00 4c 47 27 24 92 Sep 21 07:33:26.946323: | 27 9b f3 65 81 e4 04 d8 da 8c 7f 85 c4 4f e0 ee Sep 21 07:33:26.946326: | 4f 3b b8 da bc 29 bc 8e 9d bb 9e 95 3c c9 89 7d Sep 21 07:33:26.946328: | fb 91 a9 64 63 5a 65 39 8c bd 4f 6a Sep 21 07:33:26.946333: | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) Sep 21 07:33:26.946337: | **parse ISAKMP Message: Sep 21 07:33:26.946342: | initiator cookie: Sep 21 07:33:26.946344: | 18 31 dd 30 0d 3e 37 d5 Sep 21 07:33:26.946345: | responder cookie: Sep 21 07:33:26.946346: | 85 08 f7 50 ae 24 38 ea Sep 21 07:33:26.946348: | next payload type: ISAKMP_NEXT_HASH (0x8) Sep 21 07:33:26.946350: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:33:26.946352: | exchange type: ISAKMP_XCHG_QUICK (0x20) Sep 21 07:33:26.946354: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Sep 21 07:33:26.946355: | Message ID: 4152290398 (0xf77eec5e) Sep 21 07:33:26.946357: | length: 76 (0x4c) Sep 21 07:33:26.946359: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32) Sep 21 07:33:26.946362: | State DB: found IKEv1 state #3 in QUICK_R1 (find_state_ikev1) Sep 21 07:33:26.946367: | start processing: state #3 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in process_v1_packet() at ikev1.c:1609) Sep 21 07:33:26.946369: | #3 is idle Sep 21 07:33:26.946371: | #3 idle Sep 21 07:33:26.946374: | received encrypted packet from 192.1.3.33:500 Sep 21 07:33:26.946391: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x100 opt: 0x0 Sep 21 07:33:26.946394: | ***parse ISAKMP Hash Payload: Sep 21 07:33:26.946396: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:33:26.946398: | length: 36 (0x24) Sep 21 07:33:26.946400: | removing 12 bytes of padding Sep 21 07:33:26.946427: | quick_inI2 HASH(3): Sep 21 07:33:26.946430: | c8 b5 c9 f1 1a ec 43 ce 85 29 80 1e 96 f5 68 c4 Sep 21 07:33:26.946433: | 8d ae 3e 17 66 36 73 fa 8f f7 b6 65 8a c7 2b f8 Sep 21 07:33:26.946435: | received 'quick_inI2' message HASH(3) data ok Sep 21 07:33:26.946440: | install_ipsec_sa() for #3: outbound only Sep 21 07:33:26.946442: | could_route called for northnet-eastnets/0x2 (kind=CK_PERMANENT) Sep 21 07:33:26.946444: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:33:26.946447: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Sep 21 07:33:26.946449: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Sep 21 07:33:26.946452: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Sep 21 07:33:26.946454: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Sep 21 07:33:26.946458: | route owner of "northnet-eastnets/0x2" unrouted: "northnet-eastnets/0x1" erouted; eroute owner: NULL Sep 21 07:33:26.946461: | sr for #3: unrouted Sep 21 07:33:26.946463: | route_and_eroute() for proto 0, and source port 0 dest port 0 Sep 21 07:33:26.946465: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:33:26.946468: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Sep 21 07:33:26.946470: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Sep 21 07:33:26.946472: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Sep 21 07:33:26.946474: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Sep 21 07:33:26.946478: | route owner of "northnet-eastnets/0x2" unrouted: "northnet-eastnets/0x1" erouted; eroute owner: NULL Sep 21 07:33:26.946481: | route_and_eroute with c: northnet-eastnets/0x2 (next: none) ero:null esr:{(nil)} ro:northnet-eastnets/0x1 rosr:{0x560974866400} and state: #3 Sep 21 07:33:26.946485: | priority calculation of connection "northnet-eastnets/0x2" is 0xfe7e7 Sep 21 07:33:26.946493: | eroute_connection add eroute 192.0.22.0/24:0 --0-> 192.0.3.0/24:0 => tun.0@192.1.3.33 (raw_eroute) Sep 21 07:33:26.946496: | IPsec Sa SPD priority set to 1042407 Sep 21 07:33:26.946537: | raw_eroute result=success Sep 21 07:33:26.946541: | running updown command "ipsec _updown" for verb up Sep 21 07:33:26.946543: | command executing up-client Sep 21 07:33:26.946566: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:33:26.946571: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:33:26.946583: | executing up-client: PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.22.0/24' PLUTO_MY_CLIENT_NET='192.0.22.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY=' Sep 21 07:33:26.946588: | popen cmd is 1405 chars long Sep 21 07:33:26.946590: | cmd( 0):PLUTO_VERB='up-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0: Sep 21 07:33:26.946591: | cmd( 80):x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PL: Sep 21 07:33:26.946593: | cmd( 160):UTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east: Sep 21 07:33:26.946594: | cmd( 240):.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='192.: Sep 21 07:33:26.946596: | cmd( 320):0.22.0/24' PLUTO_MY_CLIENT_NET='192.0.22.0' PLUTO_MY_CLIENT_MASK='255.255.255.0': Sep 21 07:33:26.946597: | cmd( 400): PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='E: Sep 21 07:33:26.946599: | cmd( 480):SP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libres: Sep 21 07:33:26.946600: | cmd( 560):wan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.li: Sep 21 07:33:26.946602: | cmd( 640):breswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' : Sep 21 07:33:26.946603: | cmd( 720):PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL=': Sep 21 07:33:26.946605: | cmd( 800):0' PLUTO_PEER_CA='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, : Sep 21 07:33:26.946606: | cmd( 880):CN=Libreswan test CA for mainca, E=testing@libreswan.org' PLUTO_STACK='netkey' P: Sep 21 07:33:26.946608: | cmd( 960):LUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_: Sep 21 07:33:26.946609: | cmd(1040):TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMIL: Sep 21 07:33:26.946611: | cmd(1120):Y='ipv4' XAUTH_FAILED=0 PLUTO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEE: Sep 21 07:33:26.946613: | cmd(1200):R_DOMAIN_INFO='' PLUTO_PEER_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' : Sep 21 07:33:26.946614: | cmd(1280):PLUTO_NM_CONFIGURED='0' VTI_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x3: Sep 21 07:33:26.946615: | cmd(1360):ca7fee2 SPI_OUT=0x24fe65a2 ipsec _updown 2>&1: Sep 21 07:33:26.953795: | route_and_eroute: firewall_notified: true Sep 21 07:33:26.953806: | route_and_eroute: instance "northnet-eastnets/0x2", setting eroute_owner {spd=0x560974871780,sr=0x560974871780} to #3 (was #0) (newest_ipsec_sa=#0) Sep 21 07:33:26.953813: | #1 spent 0.31 milliseconds in install_ipsec_sa() Sep 21 07:33:26.953816: | inI2: instance northnet-eastnets/0x2[0], setting IKEv1 newest_ipsec_sa to #3 (was #0) (spd.eroute=#3) cloned from #1 Sep 21 07:33:26.953818: | DPD: dpd_init() called on IPsec SA Sep 21 07:33:26.953832: | DPD: Peer does not support Dead Peer Detection Sep 21 07:33:26.953834: | complete v1 state transition with STF_OK Sep 21 07:33:26.953839: | [RE]START processing: state #3 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in complete_v1_state_transition() at ikev1.c:2649) Sep 21 07:33:26.953841: | #3 is idle Sep 21 07:33:26.953842: | doing_xauth:no, t_xauth_client_done:no Sep 21 07:33:26.953844: | IKEv1: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2 Sep 21 07:33:26.953849: | child state #3: QUICK_R1(established CHILD SA) => QUICK_R2(established CHILD SA) Sep 21 07:33:26.953851: | event_already_set, deleting event Sep 21 07:33:26.953853: | state #3 requesting EVENT_RETRANSMIT to be deleted Sep 21 07:33:26.953854: | #3 STATE_QUICK_R2: retransmits: cleared Sep 21 07:33:26.953858: | libevent_free: release ptr-libevent@0x560974885bf0 Sep 21 07:33:26.953860: | free_event_entry: release EVENT_RETRANSMIT-pe@0x56097486a170 Sep 21 07:33:26.953862: | !event_already_set at reschedule Sep 21 07:33:26.953864: | event_schedule: new EVENT_SA_REPLACE-pe@0x56097486a170 Sep 21 07:33:26.953866: | inserting event EVENT_SA_REPLACE, timeout in 28530 seconds for #3 Sep 21 07:33:26.953868: | libevent_malloc: new ptr-libevent@0x560974885bf0 size 128 Sep 21 07:33:26.953871: | pstats #3 ikev1.ipsec established Sep 21 07:33:26.953874: | NAT-T: encaps is 'auto' Sep 21 07:33:26.953877: "northnet-eastnets/0x2" #3: STATE_QUICK_R2: IPsec SA established tunnel mode {ESP=>0x3ca7fee2 <0x24fe65a2 xfrm=AES_CBC_128-HMAC_SHA1_96 NATOA=none NATD=none DPD=passive} Sep 21 07:33:26.953879: | modecfg pull: noquirk policy:push not-client Sep 21 07:33:26.953881: | phase 1 is done, looking for phase 2 to unpend Sep 21 07:33:26.953884: | #3 spent 0.385 milliseconds in process_packet_tail() Sep 21 07:33:26.953887: | stop processing: from 192.1.3.33:500 (BACKGROUND) (in process_md() at demux.c:380) Sep 21 07:33:26.953890: | stop processing: state #3 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in process_md() at demux.c:382) Sep 21 07:33:26.953892: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:33:26.953894: | spent 0.529 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:33:26.953903: | processing signal PLUTO_SIGCHLD Sep 21 07:33:26.953907: | waitpid returned ECHILD (no child processes left) Sep 21 07:33:26.953910: | spent 0.004 milliseconds in signal handler PLUTO_SIGCHLD Sep 21 07:33:44.252838: | processing global timer EVENT_SHUNT_SCAN Sep 21 07:33:44.252855: | expiring aged bare shunts from shunt table Sep 21 07:33:44.252861: | spent 0.00464 milliseconds in global timer EVENT_SHUNT_SCAN Sep 21 07:33:46.852902: | processing global timer EVENT_NAT_T_KEEPALIVE Sep 21 07:33:46.852953: | FOR_EACH_STATE_... in nat_traversal_ka_event (for_each_state) Sep 21 07:33:46.852977: | start processing: state #3 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in for_each_state() at state.c:1572) Sep 21 07:33:46.852987: | not behind NAT: no NAT-T KEEP-ALIVE required for conn northnet-eastnets/0x2 Sep 21 07:33:46.853002: | [RE]START processing: state #3 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in nat_traversal_send_ka() at nat_traversal.c:773) Sep 21 07:33:46.853013: | ka_event: send NAT-KA to 192.1.3.33:500 (state=#3) Sep 21 07:33:46.853020: | sending NAT-T Keep Alive Sep 21 07:33:46.853036: | sending 1 bytes for NAT-T Keep Alive through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #3) Sep 21 07:33:46.853043: | ff Sep 21 07:33:46.853165: | stop processing: state #3 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in nat_traversal_send_ka() at nat_traversal.c:782) Sep 21 07:33:46.853180: | processing: STOP state #0 (in for_each_state() at state.c:1574) Sep 21 07:33:46.853194: | start processing: state #2 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in for_each_state() at state.c:1572) Sep 21 07:33:46.853202: | not behind NAT: no NAT-T KEEP-ALIVE required for conn northnet-eastnets/0x1 Sep 21 07:33:46.853215: | [RE]START processing: state #2 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in nat_traversal_send_ka() at nat_traversal.c:773) Sep 21 07:33:46.853225: | ka_event: send NAT-KA to 192.1.3.33:500 (state=#2) Sep 21 07:33:46.853231: | sending NAT-T Keep Alive Sep 21 07:33:46.853245: | sending 1 bytes for NAT-T Keep Alive through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #2) Sep 21 07:33:46.853252: | ff Sep 21 07:33:46.853299: | stop processing: state #2 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in nat_traversal_send_ka() at nat_traversal.c:782) Sep 21 07:33:46.853323: | processing: STOP state #0 (in for_each_state() at state.c:1574) Sep 21 07:33:46.853337: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in for_each_state() at state.c:1572) Sep 21 07:33:46.853344: | not behind NAT: no NAT-T KEEP-ALIVE required for conn northnet-eastnets/0x2 Sep 21 07:33:46.853357: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in for_each_state() at state.c:1574) Sep 21 07:33:46.853366: | global one-shot timer EVENT_NAT_T_KEEPALIVE scheduled in 20 seconds Sep 21 07:33:46.853388: | spent 0.352 milliseconds in global timer EVENT_NAT_T_KEEPALIVE Sep 21 07:34:04.251832: | processing global timer EVENT_SHUNT_SCAN Sep 21 07:34:04.251848: | expiring aged bare shunts from shunt table Sep 21 07:34:04.251853: | spent 0.00454 milliseconds in global timer EVENT_SHUNT_SCAN Sep 21 07:34:06.854799: | processing global timer EVENT_NAT_T_KEEPALIVE Sep 21 07:34:06.854824: | FOR_EACH_STATE_... in nat_traversal_ka_event (for_each_state) Sep 21 07:34:06.854829: | start processing: state #3 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in for_each_state() at state.c:1572) Sep 21 07:34:06.854831: | not behind NAT: no NAT-T KEEP-ALIVE required for conn northnet-eastnets/0x2 Sep 21 07:34:06.854834: | [RE]START processing: state #3 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in nat_traversal_send_ka() at nat_traversal.c:773) Sep 21 07:34:06.854836: | ka_event: send NAT-KA to 192.1.3.33:500 (state=#3) Sep 21 07:34:06.854838: | sending NAT-T Keep Alive Sep 21 07:34:06.854841: | sending 1 bytes for NAT-T Keep Alive through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #3) Sep 21 07:34:06.854843: | ff Sep 21 07:34:06.854886: | stop processing: state #3 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in nat_traversal_send_ka() at nat_traversal.c:782) Sep 21 07:34:06.854890: | processing: STOP state #0 (in for_each_state() at state.c:1574) Sep 21 07:34:06.854893: | start processing: state #2 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in for_each_state() at state.c:1572) Sep 21 07:34:06.854895: | not behind NAT: no NAT-T KEEP-ALIVE required for conn northnet-eastnets/0x1 Sep 21 07:34:06.854897: | [RE]START processing: state #2 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in nat_traversal_send_ka() at nat_traversal.c:773) Sep 21 07:34:06.854899: | ka_event: send NAT-KA to 192.1.3.33:500 (state=#2) Sep 21 07:34:06.854900: | sending NAT-T Keep Alive Sep 21 07:34:06.854903: | sending 1 bytes for NAT-T Keep Alive through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #2) Sep 21 07:34:06.854904: | ff Sep 21 07:34:06.854915: | stop processing: state #2 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in nat_traversal_send_ka() at nat_traversal.c:782) Sep 21 07:34:06.854917: | processing: STOP state #0 (in for_each_state() at state.c:1574) Sep 21 07:34:06.854919: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in for_each_state() at state.c:1572) Sep 21 07:34:06.854921: | not behind NAT: no NAT-T KEEP-ALIVE required for conn northnet-eastnets/0x2 Sep 21 07:34:06.854923: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in for_each_state() at state.c:1574) Sep 21 07:34:06.854926: | global one-shot timer EVENT_NAT_T_KEEPALIVE scheduled in 20 seconds Sep 21 07:34:06.854931: | spent 0.079 milliseconds in global timer EVENT_NAT_T_KEEPALIVE Sep 21 07:34:09.710285: | spent 0.00283 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:34:09.710303: | *received 476 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) Sep 21 07:34:09.710306: | 18 31 dd 30 0d 3e 37 d5 85 08 f7 50 ae 24 38 ea Sep 21 07:34:09.710307: | 08 10 20 01 7c b3 d8 d7 00 00 01 dc b4 4c a0 e5 Sep 21 07:34:09.710309: | 50 5c 31 de 37 fb 96 00 f0 f8 ca 38 dc fd 12 01 Sep 21 07:34:09.710310: | 6b 4a 4d 16 8b 9a 23 56 a6 68 e8 57 3c af c5 15 Sep 21 07:34:09.710313: | 0f a0 35 21 59 d7 0a 9c 52 54 e6 11 55 c5 d8 44 Sep 21 07:34:09.710315: | 18 da 04 23 dc 90 47 8a 8d ef 7d 39 bf a1 f7 e2 Sep 21 07:34:09.710316: | 2f f1 d3 ef 5d 5c 67 36 05 c3 7a 59 28 77 0e 9e Sep 21 07:34:09.710330: | 0b 2c 65 61 63 29 7e a0 d1 83 47 71 6a 7d bc 7e Sep 21 07:34:09.710332: | dc 98 1d 79 7b 6e bf 88 b4 b9 e2 88 03 0f 7b 0a Sep 21 07:34:09.710333: | b0 13 63 fc 71 02 a7 2e 54 1e 37 a8 ad 1f 0d 0d Sep 21 07:34:09.710334: | 2b 9a 73 ed 5c 26 d9 f3 c4 7c cf 60 1b 89 db 52 Sep 21 07:34:09.710336: | 5b 79 a3 28 e3 86 82 60 1c 1e 13 a5 27 f8 70 74 Sep 21 07:34:09.710337: | 0b a5 2b 8d 71 3b 9c 2f 2e 95 57 c2 07 b2 1a 34 Sep 21 07:34:09.710338: | 88 c5 be f8 dd d6 7c 72 df ad ab 9c b6 b7 dc 58 Sep 21 07:34:09.710340: | 3d 46 91 0c 46 3a bf e2 7f 60 60 00 94 6a b9 a2 Sep 21 07:34:09.710341: | 71 c1 fb c1 fc 5b 01 bc 87 e9 24 17 0a c9 7c 06 Sep 21 07:34:09.710342: | eb 23 08 6b 56 da 2c 78 b8 d7 55 32 6a 2d 8e cb Sep 21 07:34:09.710344: | e7 91 df ed 6a 81 b8 79 f3 98 cd e7 e0 e6 4c 76 Sep 21 07:34:09.710345: | e5 e6 de 4f bb c9 be 55 ac 68 41 6e 22 5f d5 e7 Sep 21 07:34:09.710346: | ac d2 52 c2 2c dd 6d d5 52 ce a2 b3 f5 7d 4f a6 Sep 21 07:34:09.710347: | 9d 78 7c f2 60 66 5f eb b3 94 99 73 a6 5b c2 52 Sep 21 07:34:09.710349: | 84 70 9c 92 f4 cb e5 e2 23 43 d1 07 cb 3c 72 61 Sep 21 07:34:09.710350: | cb 9c 3c 12 4a 4f 05 58 76 9a 1f 2a 6a 7f 9e 8d Sep 21 07:34:09.710351: | 31 33 be 65 6d b5 b5 70 e3 34 9f e3 d6 ab 5e ec Sep 21 07:34:09.710353: | e7 3d 94 f6 25 32 19 c2 61 79 9a bd 6e a2 e1 2d Sep 21 07:34:09.710354: | 41 ec ce 57 72 b7 3d 66 42 f6 60 d6 fd 83 c9 f6 Sep 21 07:34:09.710355: | bd d0 a4 5e e0 fd 43 65 dd b0 72 8c 88 cd a9 46 Sep 21 07:34:09.710357: | 7b eb 18 da 8b 67 21 11 91 39 41 e5 33 74 de d9 Sep 21 07:34:09.710358: | c3 7f 7c 9c 88 36 c2 f7 a5 62 c5 83 77 1d 0a 39 Sep 21 07:34:09.710359: | 61 6f f3 cd 35 d5 e9 7c 95 81 9e ee Sep 21 07:34:09.710362: | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) Sep 21 07:34:09.710364: | **parse ISAKMP Message: Sep 21 07:34:09.710366: | initiator cookie: Sep 21 07:34:09.710367: | 18 31 dd 30 0d 3e 37 d5 Sep 21 07:34:09.710369: | responder cookie: Sep 21 07:34:09.710370: | 85 08 f7 50 ae 24 38 ea Sep 21 07:34:09.710372: | next payload type: ISAKMP_NEXT_HASH (0x8) Sep 21 07:34:09.710374: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:34:09.710375: | exchange type: ISAKMP_XCHG_QUICK (0x20) Sep 21 07:34:09.710377: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Sep 21 07:34:09.710378: | Message ID: 2092161239 (0x7cb3d8d7) Sep 21 07:34:09.710380: | length: 476 (0x1dc) Sep 21 07:34:09.710382: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32) Sep 21 07:34:09.710385: | State DB: IKEv1 state not found (find_state_ikev1) Sep 21 07:34:09.710387: | State DB: found IKEv1 state #1 in MAIN_R3 (find_state_ikev1) Sep 21 07:34:09.710390: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in process_v1_packet() at ikev1.c:1583) Sep 21 07:34:09.710402: | #1 is idle Sep 21 07:34:09.710404: | #1 idle Sep 21 07:34:09.710406: | received encrypted packet from 192.1.3.33:500 Sep 21 07:34:09.710413: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x502 opt: 0x200030 Sep 21 07:34:09.710415: | ***parse ISAKMP Hash Payload: Sep 21 07:34:09.710417: | next payload type: ISAKMP_NEXT_SA (0x1) Sep 21 07:34:09.710418: | length: 36 (0x24) Sep 21 07:34:09.710420: | got payload 0x2 (ISAKMP_NEXT_SA) needed: 0x402 opt: 0x200030 Sep 21 07:34:09.710422: | ***parse ISAKMP Security Association Payload: Sep 21 07:34:09.710423: | next payload type: ISAKMP_NEXT_NONCE (0xa) Sep 21 07:34:09.710425: | length: 84 (0x54) Sep 21 07:34:09.710426: | DOI: ISAKMP_DOI_IPSEC (0x1) Sep 21 07:34:09.710428: | got payload 0x400 (ISAKMP_NEXT_NONCE) needed: 0x400 opt: 0x200030 Sep 21 07:34:09.710429: | ***parse ISAKMP Nonce Payload: Sep 21 07:34:09.710433: | next payload type: ISAKMP_NEXT_KE (0x4) Sep 21 07:34:09.710434: | length: 36 (0x24) Sep 21 07:34:09.710436: | got payload 0x10 (ISAKMP_NEXT_KE) needed: 0x0 opt: 0x200030 Sep 21 07:34:09.710437: | ***parse ISAKMP Key Exchange Payload: Sep 21 07:34:09.710439: | next payload type: ISAKMP_NEXT_ID (0x5) Sep 21 07:34:09.710440: | length: 260 (0x104) Sep 21 07:34:09.710442: | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030 Sep 21 07:34:09.710443: | ***parse ISAKMP Identification Payload (IPsec DOI): Sep 21 07:34:09.710445: | next payload type: ISAKMP_NEXT_ID (0x5) Sep 21 07:34:09.710446: | length: 16 (0x10) Sep 21 07:34:09.710447: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Sep 21 07:34:09.710449: | Protocol ID: 0 (0x0) Sep 21 07:34:09.710450: | port: 0 (0x0) Sep 21 07:34:09.710452: | obj: c0 00 03 00 ff ff ff 00 Sep 21 07:34:09.710453: | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030 Sep 21 07:34:09.710455: | ***parse ISAKMP Identification Payload (IPsec DOI): Sep 21 07:34:09.710456: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:09.710458: | length: 16 (0x10) Sep 21 07:34:09.710459: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Sep 21 07:34:09.710460: | Protocol ID: 0 (0x0) Sep 21 07:34:09.710462: | port: 0 (0x0) Sep 21 07:34:09.710463: | obj: c0 00 02 00 ff ff ff 00 Sep 21 07:34:09.710478: | quick_inI1_outR1 HASH(1): Sep 21 07:34:09.710480: | de 4f d9 56 a8 0c 0c 63 e9 97 b8 5e c9 29 8c b0 Sep 21 07:34:09.710481: | 93 fa 66 d4 b8 e4 c7 3e 73 30 82 49 4c 16 4f a2 Sep 21 07:34:09.710483: | received 'quick_inI1_outR1' message HASH(1) data ok Sep 21 07:34:09.710486: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address Sep 21 07:34:09.710487: | ID address c0 00 03 00 Sep 21 07:34:09.710489: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID mask Sep 21 07:34:09.710490: | ID mask ff ff ff 00 Sep 21 07:34:09.710493: | peer client is subnet 192.0.3.0/24 Sep 21 07:34:09.710495: | peer client protocol/port is 0/0 Sep 21 07:34:09.710496: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address Sep 21 07:34:09.710497: | ID address c0 00 02 00 Sep 21 07:34:09.710499: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID mask Sep 21 07:34:09.710500: | ID mask ff ff ff 00 Sep 21 07:34:09.710502: | our client is subnet 192.0.2.0/24 Sep 21 07:34:09.710504: | our client protocol/port is 0/0 Sep 21 07:34:09.710507: "northnet-eastnets/0x2" #1: the peer proposed: 192.0.2.0/24:0/0 -> 192.0.3.0/24:0/0 Sep 21 07:34:09.710509: | find_client_connection starting with northnet-eastnets/0x2 Sep 21 07:34:09.710511: | looking for 192.0.2.0/24:0:0/0 -> 192.0.3.0/24:0:0/0 Sep 21 07:34:09.710514: | concrete checking against sr#0 192.0.22.0/24:0 -> 192.0.3.0/24:0 Sep 21 07:34:09.710522: | match_id a=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org Sep 21 07:34:09.710527: | b=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org Sep 21 07:34:09.710528: | results matched Sep 21 07:34:09.710533: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:34:09.710537: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:34:09.710542: | fc_try trying northnet-eastnets/0x2:192.0.2.0/24:0:0/0 -> 192.0.3.0/24:0:0/0 vs northnet-eastnets/0x2:192.0.22.0/24:0:0/0 -> 192.0.3.0/24:0:0/0 Sep 21 07:34:09.710545: | our client (192.0.22.0/24:0) not in our_net (192.0.2.0/24:0) Sep 21 07:34:09.710550: | match_id a=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org Sep 21 07:34:09.710555: | b=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org Sep 21 07:34:09.710558: | results matched Sep 21 07:34:09.710562: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:34:09.710566: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:34:09.710571: | fc_try trying northnet-eastnets/0x2:192.0.2.0/24:0:0/0 -> 192.0.3.0/24:0:0/0 vs northnet-eastnets/0x1:192.0.2.0/24:0:0/0 -> 192.0.3.0/24:0:0/0 Sep 21 07:34:09.710573: | fc_try concluding with northnet-eastnets/0x1 [256] Sep 21 07:34:09.710574: | fc_try northnet-eastnets/0x2 gives northnet-eastnets/0x1 Sep 21 07:34:09.710575: | concluding with d = northnet-eastnets/0x1 Sep 21 07:34:09.710577: | using connection "northnet-eastnets/0x1" Sep 21 07:34:09.710579: | client wildcard: no port wildcard: no virtual: no Sep 21 07:34:09.710581: | creating state object #4 at 0x560974879d60 Sep 21 07:34:09.710583: | State DB: adding IKEv1 state #4 in UNDEFINED Sep 21 07:34:09.710585: | pstats #4 ikev1.ipsec started Sep 21 07:34:09.710587: | duplicating state object #1 "northnet-eastnets/0x2" as #4 for IPSEC SA Sep 21 07:34:09.710590: | #4 setting local endpoint to 192.1.2.23:500 from #1.st_localport (in duplicate_state() at state.c:1481) Sep 21 07:34:09.710592: | in connection_discard for connection northnet-eastnets/0x2 Sep 21 07:34:09.710595: | start processing: connection "northnet-eastnets/0x1" (BACKGROUND) (in quick_inI1_outR1_tail() at ikev1_quick.c:1285) Sep 21 07:34:09.710598: | suspend processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in quick_inI1_outR1_tail() at ikev1_quick.c:1294) Sep 21 07:34:09.710600: | start processing: state #4 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in quick_inI1_outR1_tail() at ikev1_quick.c:1294) Sep 21 07:34:09.710602: | child state #4: UNDEFINED(ignore) => QUICK_R0(established CHILD SA) Sep 21 07:34:09.710605: | ****parse IPsec DOI SIT: Sep 21 07:34:09.710606: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) Sep 21 07:34:09.710608: | ****parse ISAKMP Proposal Payload: Sep 21 07:34:09.710610: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:09.710611: | length: 72 (0x48) Sep 21 07:34:09.710612: | proposal number: 0 (0x0) Sep 21 07:34:09.710614: | protocol ID: PROTO_IPSEC_ESP (0x3) Sep 21 07:34:09.710615: | SPI size: 4 (0x4) Sep 21 07:34:09.710617: | number of transforms: 2 (0x2) Sep 21 07:34:09.710618: | parsing 4 raw bytes of ISAKMP Proposal Payload into SPI Sep 21 07:34:09.710620: | SPI 62 fa 20 58 Sep 21 07:34:09.710622: | *****parse ISAKMP Transform Payload (ESP): Sep 21 07:34:09.710623: | next payload type: ISAKMP_NEXT_T (0x3) Sep 21 07:34:09.710625: | length: 32 (0x20) Sep 21 07:34:09.710626: | ESP transform number: 0 (0x0) Sep 21 07:34:09.710628: | ESP transform ID: ESP_AES (0xc) Sep 21 07:34:09.710630: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:34:09.710632: | af+type: AF+GROUP_DESCRIPTION (0x8003) Sep 21 07:34:09.710633: | length/value: 14 (0xe) Sep 21 07:34:09.710635: | [14 is OAKLEY_GROUP_MODP2048] Sep 21 07:34:09.710637: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:34:09.710638: | af+type: AF+ENCAPSULATION_MODE (0x8004) Sep 21 07:34:09.710640: | length/value: 1 (0x1) Sep 21 07:34:09.710641: | [1 is ENCAPSULATION_MODE_TUNNEL] Sep 21 07:34:09.710643: | NAT-T non-encap: Installing IPsec SA without ENCAP, st->hidden_variables.st_nat_traversal is none Sep 21 07:34:09.710644: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:34:09.710646: | af+type: AF+SA_LIFE_TYPE (0x8001) Sep 21 07:34:09.710647: | length/value: 1 (0x1) Sep 21 07:34:09.710649: | [1 is SA_LIFE_TYPE_SECONDS] Sep 21 07:34:09.710650: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:34:09.710652: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) Sep 21 07:34:09.710654: | length/value: 28800 (0x7080) Sep 21 07:34:09.710656: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:34:09.710657: | af+type: AF+AUTH_ALGORITHM (0x8005) Sep 21 07:34:09.710659: | length/value: 2 (0x2) Sep 21 07:34:09.710660: | [2 is AUTH_ALGORITHM_HMAC_SHA1] Sep 21 07:34:09.710662: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:34:09.710663: | af+type: AF+KEY_LENGTH (0x8006) Sep 21 07:34:09.710665: | length/value: 128 (0x80) Sep 21 07:34:09.710667: | ESP IPsec Transform verified unconditionally; no alg_info to check against Sep 21 07:34:09.710670: | adding quick_outI1 KE work-order 7 for state #4 Sep 21 07:34:09.710672: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f83280041c0 Sep 21 07:34:09.710674: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #4 Sep 21 07:34:09.710676: | libevent_malloc: new ptr-libevent@0x7f8320003770 size 128 Sep 21 07:34:09.710682: | complete v1 state transition with STF_SUSPEND Sep 21 07:34:09.710690: | [RE]START processing: state #4 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in complete_v1_state_transition() at ikev1.c:2624) Sep 21 07:34:09.710709: | suspending state #4 and saving MD Sep 21 07:34:09.710716: | #4 is busy; has a suspended MD Sep 21 07:34:09.710716: | crypto helper 6 resuming Sep 21 07:34:09.710726: | #1 spent 0.235 milliseconds in process_packet_tail() Sep 21 07:34:09.710734: | crypto helper 6 starting work-order 7 for state #4 Sep 21 07:34:09.710741: | stop processing: from 192.1.3.33:500 (BACKGROUND) (in process_md() at demux.c:380) Sep 21 07:34:09.710746: | crypto helper 6 doing build KE and nonce (quick_outI1 KE); request ID 7 Sep 21 07:34:09.710748: | stop processing: state #4 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in process_md() at demux.c:382) Sep 21 07:34:09.710751: | resume processing: connection "northnet-eastnets/0x1" (in process_md() at demux.c:382) Sep 21 07:34:09.710753: | stop processing: connection "northnet-eastnets/0x1" (in process_md() at demux.c:383) Sep 21 07:34:09.710756: | spent 0.451 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:34:09.711705: | crypto helper 6 finished build KE and nonce (quick_outI1 KE); request ID 7 time elapsed 0.000959 seconds Sep 21 07:34:09.711717: | (#4) spent 0.967 milliseconds in crypto helper computing work-order 7: quick_outI1 KE (pcr) Sep 21 07:34:09.711720: | crypto helper 6 sending results from work-order 7 for state #4 to event queue Sep 21 07:34:09.711723: | scheduling resume sending helper answer for #4 Sep 21 07:34:09.711726: | libevent_malloc: new ptr-libevent@0x7f8324006900 size 128 Sep 21 07:34:09.711733: | crypto helper 6 waiting (nothing to do) Sep 21 07:34:09.711774: | processing resume sending helper answer for #4 Sep 21 07:34:09.711782: | start processing: state #4 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in resume_handler() at server.c:797) Sep 21 07:34:09.711807: | crypto helper 6 replies to request ID 7 Sep 21 07:34:09.711809: | calling continuation function 0x560973f3c630 Sep 21 07:34:09.711811: | quick_inI1_outR1_cryptocontinue1 for #4: calculated ke+nonce, calculating DH Sep 21 07:34:09.711821: | started looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org of kind PKK_PSK Sep 21 07:34:09.711826: | actually looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org of kind PKK_PSK Sep 21 07:34:09.711845: | line 0: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org) to type PKK_RSA Sep 21 07:34:09.711850: | line 1: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org) to type PKK_RSA Sep 21 07:34:09.711855: | concluding with best_match=000 best=(nil) (lineno=-1) Sep 21 07:34:09.711857: | no PreShared Key Found Sep 21 07:34:09.711859: | adding quick outR1 DH work-order 8 for state #4 Sep 21 07:34:09.711861: | state #4 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:34:09.711863: | libevent_free: release ptr-libevent@0x7f8320003770 Sep 21 07:34:09.711865: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f83280041c0 Sep 21 07:34:09.711866: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f83280041c0 Sep 21 07:34:09.711869: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #4 Sep 21 07:34:09.711871: | libevent_malloc: new ptr-libevent@0x7f8320003770 size 128 Sep 21 07:34:09.711876: | suspending state #4 and saving MD Sep 21 07:34:09.711878: | #4 is busy; has a suspended MD Sep 21 07:34:09.711895: | resume sending helper answer for #4 suppresed complete_v1_state_transition() and stole MD Sep 21 07:34:09.711898: | #4 spent 0.0914 milliseconds in resume sending helper answer Sep 21 07:34:09.711902: | stop processing: state #4 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in resume_handler() at server.c:833) Sep 21 07:34:09.711904: | libevent_free: release ptr-libevent@0x7f8324006900 Sep 21 07:34:09.711903: | crypto helper 1 resuming Sep 21 07:34:09.711916: | crypto helper 1 starting work-order 8 for state #4 Sep 21 07:34:09.711919: | crypto helper 1 doing compute dh (V1 Phase 2 PFS) (quick outR1 DH); request ID 8 Sep 21 07:34:09.712441: | crypto helper 1 finished compute dh (V1 Phase 2 PFS) (quick outR1 DH); request ID 8 time elapsed 0.000522 seconds Sep 21 07:34:09.712446: | (#4) spent 0.525 milliseconds in crypto helper computing work-order 8: quick outR1 DH (pcr) Sep 21 07:34:09.712448: | crypto helper 1 sending results from work-order 8 for state #4 to event queue Sep 21 07:34:09.712450: | scheduling resume sending helper answer for #4 Sep 21 07:34:09.712452: | libevent_malloc: new ptr-libevent@0x7f8338006ad0 size 128 Sep 21 07:34:09.712457: | crypto helper 1 waiting (nothing to do) Sep 21 07:34:09.712485: | processing resume sending helper answer for #4 Sep 21 07:34:09.712493: | start processing: state #4 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in resume_handler() at server.c:797) Sep 21 07:34:09.712509: | crypto helper 1 replies to request ID 8 Sep 21 07:34:09.712511: | calling continuation function 0x560973f3c630 Sep 21 07:34:09.712513: | quick_inI1_outR1_cryptocontinue2 for #4: calculated DH, sending R1 Sep 21 07:34:09.712516: | **emit ISAKMP Message: Sep 21 07:34:09.712518: | initiator cookie: Sep 21 07:34:09.712520: | 18 31 dd 30 0d 3e 37 d5 Sep 21 07:34:09.712521: | responder cookie: Sep 21 07:34:09.712522: | 85 08 f7 50 ae 24 38 ea Sep 21 07:34:09.712524: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:09.712526: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:34:09.712527: | exchange type: ISAKMP_XCHG_QUICK (0x20) Sep 21 07:34:09.712529: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Sep 21 07:34:09.712530: | Message ID: 2092161239 (0x7cb3d8d7) Sep 21 07:34:09.712532: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:34:09.712534: | ***emit ISAKMP Hash Payload: Sep 21 07:34:09.712536: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:09.712537: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Sep 21 07:34:09.712539: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'reply packet' Sep 21 07:34:09.712541: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Sep 21 07:34:09.712543: | emitting length of ISAKMP Hash Payload: 36 Sep 21 07:34:09.712544: | ***emit ISAKMP Security Association Payload: Sep 21 07:34:09.712546: | next payload type: ISAKMP_NEXT_NONCE (0xa) Sep 21 07:34:09.712549: | DOI: ISAKMP_DOI_IPSEC (0x1) Sep 21 07:34:09.712551: | next payload chain: ignoring supplied 'ISAKMP Security Association Payload'.'next payload type' value 10:ISAKMP_NEXT_NONCE Sep 21 07:34:09.712553: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Security Association Payload (1:ISAKMP_NEXT_SA) Sep 21 07:34:09.712555: | next payload chain: saving location 'ISAKMP Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:34:09.712556: | ****parse IPsec DOI SIT: Sep 21 07:34:09.712558: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) Sep 21 07:34:09.712560: | ****parse ISAKMP Proposal Payload: Sep 21 07:34:09.712561: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:09.712563: | length: 72 (0x48) Sep 21 07:34:09.712564: | proposal number: 0 (0x0) Sep 21 07:34:09.712566: | protocol ID: PROTO_IPSEC_ESP (0x3) Sep 21 07:34:09.712567: | SPI size: 4 (0x4) Sep 21 07:34:09.712568: | number of transforms: 2 (0x2) Sep 21 07:34:09.712570: | parsing 4 raw bytes of ISAKMP Proposal Payload into SPI Sep 21 07:34:09.712571: | SPI 62 fa 20 58 Sep 21 07:34:09.712573: | *****parse ISAKMP Transform Payload (ESP): Sep 21 07:34:09.712575: | next payload type: ISAKMP_NEXT_T (0x3) Sep 21 07:34:09.712576: | length: 32 (0x20) Sep 21 07:34:09.712578: | ESP transform number: 0 (0x0) Sep 21 07:34:09.712579: | ESP transform ID: ESP_AES (0xc) Sep 21 07:34:09.712581: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:34:09.712582: | af+type: AF+GROUP_DESCRIPTION (0x8003) Sep 21 07:34:09.712584: | length/value: 14 (0xe) Sep 21 07:34:09.712585: | [14 is OAKLEY_GROUP_MODP2048] Sep 21 07:34:09.712587: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:34:09.712588: | af+type: AF+ENCAPSULATION_MODE (0x8004) Sep 21 07:34:09.712590: | length/value: 1 (0x1) Sep 21 07:34:09.712591: | [1 is ENCAPSULATION_MODE_TUNNEL] Sep 21 07:34:09.712593: | NAT-T non-encap: Installing IPsec SA without ENCAP, st->hidden_variables.st_nat_traversal is none Sep 21 07:34:09.712594: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:34:09.712596: | af+type: AF+SA_LIFE_TYPE (0x8001) Sep 21 07:34:09.712597: | length/value: 1 (0x1) Sep 21 07:34:09.712599: | [1 is SA_LIFE_TYPE_SECONDS] Sep 21 07:34:09.712600: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:34:09.712602: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) Sep 21 07:34:09.712603: | length/value: 28800 (0x7080) Sep 21 07:34:09.712604: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:34:09.712606: | af+type: AF+AUTH_ALGORITHM (0x8005) Sep 21 07:34:09.712607: | length/value: 2 (0x2) Sep 21 07:34:09.712609: | [2 is AUTH_ALGORITHM_HMAC_SHA1] Sep 21 07:34:09.712610: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:34:09.712612: | af+type: AF+KEY_LENGTH (0x8006) Sep 21 07:34:09.712613: | length/value: 128 (0x80) Sep 21 07:34:09.712615: | ESP IPsec Transform verified unconditionally; no alg_info to check against Sep 21 07:34:09.712616: | ****emit IPsec DOI SIT: Sep 21 07:34:09.712618: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) Sep 21 07:34:09.712619: | ****emit ISAKMP Proposal Payload: Sep 21 07:34:09.712621: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:09.712622: | proposal number: 0 (0x0) Sep 21 07:34:09.712624: | protocol ID: PROTO_IPSEC_ESP (0x3) Sep 21 07:34:09.712625: | SPI size: 4 (0x4) Sep 21 07:34:09.712626: | number of transforms: 1 (0x1) Sep 21 07:34:09.712628: | last substructure: saving location 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' Sep 21 07:34:09.712640: | netlink_get_spi: allocated 0x464c04b5 for esp.0@192.1.2.23 Sep 21 07:34:09.712643: | emitting 4 raw bytes of SPI into ISAKMP Proposal Payload Sep 21 07:34:09.712644: | SPI 46 4c 04 b5 Sep 21 07:34:09.712645: | *****emit ISAKMP Transform Payload (ESP): Sep 21 07:34:09.712647: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:09.712648: | ESP transform number: 0 (0x0) Sep 21 07:34:09.712651: | ESP transform ID: ESP_AES (0xc) Sep 21 07:34:09.712653: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' Sep 21 07:34:09.712655: | emitting 24 raw bytes of attributes into ISAKMP Transform Payload (ESP) Sep 21 07:34:09.712656: | attributes 80 03 00 0e 80 04 00 01 80 01 00 01 80 02 70 80 Sep 21 07:34:09.712658: | attributes 80 05 00 02 80 06 00 80 Sep 21 07:34:09.712659: | emitting length of ISAKMP Transform Payload (ESP): 32 Sep 21 07:34:09.712661: | emitting length of ISAKMP Proposal Payload: 44 Sep 21 07:34:09.712662: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' is 0 Sep 21 07:34:09.712664: | emitting length of ISAKMP Security Association Payload: 56 Sep 21 07:34:09.712665: | last substructure: checking 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' is 0 Sep 21 07:34:09.712668: "northnet-eastnets/0x1" #4: responding to Quick Mode proposal {msgid:7cb3d8d7} Sep 21 07:34:09.712676: "northnet-eastnets/0x1" #4: us: 192.0.2.0/24===192.1.2.23<192.1.2.23>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org] Sep 21 07:34:09.712682: "northnet-eastnets/0x1" #4: them: 192.1.3.33<192.1.3.33>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org]===192.0.3.0/24 Sep 21 07:34:09.712684: | ***emit ISAKMP Nonce Payload: Sep 21 07:34:09.712685: | next payload type: ISAKMP_NEXT_KE (0x4) Sep 21 07:34:09.712687: | next payload chain: ignoring supplied 'ISAKMP Nonce Payload'.'next payload type' value 4:ISAKMP_NEXT_KE Sep 21 07:34:09.712689: | next payload chain: setting previous 'ISAKMP Security Association Payload'.'next payload type' to current ISAKMP Nonce Payload (10:ISAKMP_NEXT_NONCE) Sep 21 07:34:09.712690: | next payload chain: saving location 'ISAKMP Nonce Payload'.'next payload type' in 'reply packet' Sep 21 07:34:09.712692: | emitting 32 raw bytes of Nr into ISAKMP Nonce Payload Sep 21 07:34:09.712694: | Nr 7f 3f 75 c5 e0 49 d2 e4 4f 16 54 a5 c4 bf 56 38 Sep 21 07:34:09.712695: | Nr 6a 8d 44 88 53 25 0c 6f 3d 99 bf a3 3e d4 61 c5 Sep 21 07:34:09.712696: | emitting length of ISAKMP Nonce Payload: 36 Sep 21 07:34:09.712698: | ***emit ISAKMP Key Exchange Payload: Sep 21 07:34:09.712699: | next payload type: ISAKMP_NEXT_ID (0x5) Sep 21 07:34:09.712701: | next payload chain: ignoring supplied 'ISAKMP Key Exchange Payload'.'next payload type' value 5:ISAKMP_NEXT_ID Sep 21 07:34:09.712703: | next payload chain: setting previous 'ISAKMP Nonce Payload'.'next payload type' to current ISAKMP Key Exchange Payload (4:ISAKMP_NEXT_KE) Sep 21 07:34:09.712704: | next payload chain: saving location 'ISAKMP Key Exchange Payload'.'next payload type' in 'reply packet' Sep 21 07:34:09.712706: | emitting 256 raw bytes of keyex value into ISAKMP Key Exchange Payload Sep 21 07:34:09.712708: | keyex value bc 60 31 54 7f 0f b5 99 d6 b0 73 45 70 63 07 47 Sep 21 07:34:09.712709: | keyex value 17 09 27 69 cc 30 2a 32 12 dd cc ba 00 67 e1 b5 Sep 21 07:34:09.712710: | keyex value fa e8 af aa 76 3f 16 ba 39 27 96 5a 48 9e 78 f6 Sep 21 07:34:09.712712: | keyex value 83 76 75 8c c9 93 c0 21 14 60 c9 bd c6 3e 66 54 Sep 21 07:34:09.712713: | keyex value 16 62 ce be 2c 6b 3c 9a e6 c5 01 53 17 5c 90 0c Sep 21 07:34:09.712714: | keyex value e1 33 d8 40 f7 c7 3a db a9 ae 45 39 6e a0 41 3e Sep 21 07:34:09.712716: | keyex value e0 f4 21 48 54 8f 40 40 b2 b9 f2 c5 8f e6 47 09 Sep 21 07:34:09.712717: | keyex value 5e a7 8e 46 57 f8 c7 19 5d 08 59 15 05 45 91 8b Sep 21 07:34:09.712718: | keyex value d2 2e d0 e6 37 83 06 30 7b 4d 32 b6 34 7d 2a 11 Sep 21 07:34:09.712720: | keyex value e0 6b e1 23 b0 75 9a 00 0f 53 b3 0b e4 22 33 4b Sep 21 07:34:09.712721: | keyex value 16 ce 76 1e ee 86 2e 1f 01 77 2b f9 6a a2 99 98 Sep 21 07:34:09.712723: | keyex value 20 27 18 bb 4b 71 f2 d9 e1 2c 9b 93 ae 4c b8 28 Sep 21 07:34:09.712725: | keyex value e7 52 03 81 50 1b 39 d2 82 8f ac 27 a6 3c 90 8e Sep 21 07:34:09.712726: | keyex value 18 b8 aa 38 bb 2e 2e 32 59 26 8c 36 f9 30 56 b5 Sep 21 07:34:09.712728: | keyex value 62 d4 31 35 ba 89 7a 79 b4 96 f8 61 ce 77 3b 4d Sep 21 07:34:09.712729: | keyex value 33 8a fd 59 da ca cf e6 b0 06 56 68 a8 bc 2a e1 Sep 21 07:34:09.712730: | emitting length of ISAKMP Key Exchange Payload: 260 Sep 21 07:34:09.712732: | ***emit ISAKMP Identification Payload (IPsec DOI): Sep 21 07:34:09.712733: | next payload type: ISAKMP_NEXT_ID (0x5) Sep 21 07:34:09.712735: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Sep 21 07:34:09.712736: | Protocol ID: 0 (0x0) Sep 21 07:34:09.712738: | port: 0 (0x0) Sep 21 07:34:09.712739: | next payload chain: ignoring supplied 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' value 5:ISAKMP_NEXT_ID Sep 21 07:34:09.712741: | next payload chain: setting previous 'ISAKMP Key Exchange Payload'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) Sep 21 07:34:09.712743: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' Sep 21 07:34:09.712745: | emitting 8 raw bytes of ID body into ISAKMP Identification Payload (IPsec DOI) Sep 21 07:34:09.712746: | ID body c0 00 03 00 ff ff ff 00 Sep 21 07:34:09.712748: | emitting length of ISAKMP Identification Payload (IPsec DOI): 16 Sep 21 07:34:09.712749: | ***emit ISAKMP Identification Payload (IPsec DOI): Sep 21 07:34:09.712750: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:09.712752: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Sep 21 07:34:09.712753: | Protocol ID: 0 (0x0) Sep 21 07:34:09.712754: | port: 0 (0x0) Sep 21 07:34:09.712756: | next payload chain: setting previous 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) Sep 21 07:34:09.712758: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' Sep 21 07:34:09.712760: | emitting 8 raw bytes of ID body into ISAKMP Identification Payload (IPsec DOI) Sep 21 07:34:09.712761: | ID body c0 00 02 00 ff ff ff 00 Sep 21 07:34:09.712762: | emitting length of ISAKMP Identification Payload (IPsec DOI): 16 Sep 21 07:34:09.712782: | quick inR1 outI2 HASH(2): Sep 21 07:34:09.712803: | 28 e3 41 78 4d e0 70 39 5b e7 ff 2c c4 f1 a8 15 Sep 21 07:34:09.712805: | b2 bc 8e 6d 22 9b 00 a1 99 0a 84 48 1f 0f 92 cb Sep 21 07:34:09.712807: | compute_proto_keymat: needed_len (after ESP enc)=16 Sep 21 07:34:09.712808: | compute_proto_keymat: needed_len (after ESP auth)=36 Sep 21 07:34:09.712890: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:34:09.712893: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Sep 21 07:34:09.712895: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Sep 21 07:34:09.712897: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Sep 21 07:34:09.712898: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Sep 21 07:34:09.712900: | route owner of "northnet-eastnets/0x1" erouted: self Sep 21 07:34:09.712902: | install_inbound_ipsec_sa() checking if we can route Sep 21 07:34:09.712904: | could_route called for northnet-eastnets/0x1 (kind=CK_PERMANENT) Sep 21 07:34:09.712905: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:34:09.712907: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Sep 21 07:34:09.712908: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Sep 21 07:34:09.712910: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Sep 21 07:34:09.712911: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Sep 21 07:34:09.712913: | route owner of "northnet-eastnets/0x1" erouted: self; eroute owner: self Sep 21 07:34:09.712915: | routing is easy, or has resolvable near-conflict Sep 21 07:34:09.712916: | checking if this is a replacement state Sep 21 07:34:09.712918: | st=0x560974879d60 ost=0x5609748792a0 st->serialno=#4 ost->serialno=#2 Sep 21 07:34:09.712921: "northnet-eastnets/0x1" #4: keeping refhim=0 during rekey Sep 21 07:34:09.712923: | installing outgoing SA now as refhim=0 Sep 21 07:34:09.712925: | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 Sep 21 07:34:09.712927: | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 Sep 21 07:34:09.712928: | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 Sep 21 07:34:09.712931: | setting IPsec SA replay-window to 32 Sep 21 07:34:09.712932: | NIC esp-hw-offload not for connection 'northnet-eastnets/0x1' not available on interface eth1 Sep 21 07:34:09.712934: | netlink: enabling tunnel mode Sep 21 07:34:09.712936: | netlink: setting IPsec SA replay-window to 32 using old-style req Sep 21 07:34:09.712938: | netlink: esp-hw-offload not set for IPsec SA Sep 21 07:34:09.713027: | netlink response for Add SA esp.62fa2058@192.1.3.33 included non-error error Sep 21 07:34:09.713030: | outgoing SA has refhim=0 Sep 21 07:34:09.713032: | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 Sep 21 07:34:09.713034: | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 Sep 21 07:34:09.713035: | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 Sep 21 07:34:09.713037: | setting IPsec SA replay-window to 32 Sep 21 07:34:09.713039: | NIC esp-hw-offload not for connection 'northnet-eastnets/0x1' not available on interface eth1 Sep 21 07:34:09.713041: | netlink: enabling tunnel mode Sep 21 07:34:09.713042: | netlink: setting IPsec SA replay-window to 32 using old-style req Sep 21 07:34:09.713044: | netlink: esp-hw-offload not set for IPsec SA Sep 21 07:34:09.713084: | netlink response for Add SA esp.464c04b5@192.1.2.23 included non-error error Sep 21 07:34:09.713129: | emitting 12 zero bytes of encryption padding into ISAKMP Message Sep 21 07:34:09.713132: | no IKEv1 message padding required Sep 21 07:34:09.713133: | emitting length of ISAKMP Message: 460 Sep 21 07:34:09.713140: | finished processing quick inI1 Sep 21 07:34:09.713142: | complete v1 state transition with STF_OK Sep 21 07:34:09.713145: | [RE]START processing: state #4 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in complete_v1_state_transition() at ikev1.c:2649) Sep 21 07:34:09.713147: | #4 is idle Sep 21 07:34:09.713148: | doing_xauth:no, t_xauth_client_done:no Sep 21 07:34:09.713150: | IKEv1: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1 Sep 21 07:34:09.713152: | child state #4: QUICK_R0(established CHILD SA) => QUICK_R1(established CHILD SA) Sep 21 07:34:09.713154: | event_already_set, deleting event Sep 21 07:34:09.713156: | state #4 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:34:09.713158: | libevent_free: release ptr-libevent@0x7f8320003770 Sep 21 07:34:09.713160: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f83280041c0 Sep 21 07:34:09.713163: | sending reply packet to 192.1.3.33:500 (from 192.1.2.23:500) Sep 21 07:34:09.713167: | sending 460 bytes for STATE_QUICK_R0 through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #4) Sep 21 07:34:09.713169: | 18 31 dd 30 0d 3e 37 d5 85 08 f7 50 ae 24 38 ea Sep 21 07:34:09.713170: | 08 10 20 01 7c b3 d8 d7 00 00 01 cc b2 77 07 79 Sep 21 07:34:09.713171: | f0 ff ee f4 4c 6e 7c ff 6d 0a 58 32 64 f9 54 f9 Sep 21 07:34:09.713173: | da e7 96 42 bd 58 cb ff 2f d9 84 69 c4 c5 b9 8f Sep 21 07:34:09.713174: | 98 90 f9 13 f3 4a f0 a0 ed d4 2d 6b 64 c9 dc af Sep 21 07:34:09.713176: | 30 8c 0e ca 2e 40 d3 7e 0e 2a db 62 7b 1d a3 95 Sep 21 07:34:09.713177: | d3 7a a3 a2 9d 6c b0 5e 82 f4 0c b2 29 a0 8b c2 Sep 21 07:34:09.713178: | 7a 47 de 56 ee f3 a3 c7 87 d2 fe e6 c1 c8 ed 24 Sep 21 07:34:09.713180: | 4c 9d b2 f6 cf ac 2a ad e4 06 4e da 07 46 fb 21 Sep 21 07:34:09.713181: | 7a 47 73 e9 36 0b e0 dc fd f4 6d 99 58 74 8e fe Sep 21 07:34:09.713182: | d5 93 63 60 29 c4 5d d9 27 b4 00 bb 92 c3 cb dc Sep 21 07:34:09.713184: | 29 f2 53 f1 df 1d a4 31 15 18 fa 25 e6 f9 2e 48 Sep 21 07:34:09.713187: | 82 a4 35 f1 c1 ef 39 e0 18 1c 8e 96 d0 3b fd ad Sep 21 07:34:09.713188: | e6 67 15 98 dd 08 7c 5e 57 24 22 0a 9a 5a 6f 06 Sep 21 07:34:09.713190: | ed 2e c2 53 3c 07 56 c3 11 12 57 ae 95 4e 69 fd Sep 21 07:34:09.713191: | 16 ba c8 56 5b c2 68 e1 9c 82 0c 8f dc d1 48 5f Sep 21 07:34:09.713193: | e6 2c 4a bb c9 ee e8 ef 52 46 42 a2 21 7b 8a 97 Sep 21 07:34:09.713194: | 74 5d 8f a7 8f 91 7e 6f f7 47 26 28 a0 69 d7 a1 Sep 21 07:34:09.713195: | 21 f5 9e be 9f d3 9d 7c c4 2a 6c 16 2d 78 fd 67 Sep 21 07:34:09.713197: | e5 5e 90 40 a2 09 88 cf f1 80 e5 9e cd 53 2a e4 Sep 21 07:34:09.713198: | 56 0f 13 38 6c ae 28 72 5d f0 47 ff e0 98 b0 4a Sep 21 07:34:09.713199: | b2 8c 27 d6 61 e2 e4 95 c1 26 e1 2a bd d5 74 b8 Sep 21 07:34:09.713201: | 88 f5 76 8d f2 da 4c 41 e6 1b 38 dd ed 85 12 e0 Sep 21 07:34:09.713202: | 5e 35 04 8a 0a 7d b5 e2 a2 15 77 e3 f3 39 f2 2e Sep 21 07:34:09.713203: | aa 42 db 5c b0 d4 f8 3e b4 83 2c 68 8b a0 ba 6c Sep 21 07:34:09.713205: | 8c 55 f3 d6 d8 e5 66 51 d4 a4 a1 15 f7 41 60 bc Sep 21 07:34:09.713206: | e2 b5 33 d3 2d 96 ba 06 09 95 c9 47 9e 7c c8 72 Sep 21 07:34:09.713207: | 47 d5 cb bc 24 ef fa 50 5f 4e 0e 89 42 7b 68 3a Sep 21 07:34:09.713209: | 8a b3 86 d8 77 6d 21 3f 63 f6 a3 a2 Sep 21 07:34:09.713236: | !event_already_set at reschedule Sep 21 07:34:09.713239: | event_schedule: new EVENT_RETRANSMIT-pe@0x7f83280041c0 Sep 21 07:34:09.713242: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #4 Sep 21 07:34:09.713244: | libevent_malloc: new ptr-libevent@0x7f8320003770 size 128 Sep 21 07:34:09.713247: | #4 STATE_QUICK_R1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 49896.081504 Sep 21 07:34:09.713249: | pstats #4 ikev1.ipsec established Sep 21 07:34:09.713252: | NAT-T: encaps is 'auto' Sep 21 07:34:09.713254: "northnet-eastnets/0x1" #4: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2 tunnel mode {ESP=>0x62fa2058 <0x464c04b5 xfrm=AES_CBC_128-HMAC_SHA1_96 NATOA=none NATD=none DPD=passive} Sep 21 07:34:09.713256: | modecfg pull: noquirk policy:push not-client Sep 21 07:34:09.713258: | phase 1 is done, looking for phase 2 to unpend Sep 21 07:34:09.713260: | resume sending helper answer for #4 suppresed complete_v1_state_transition() Sep 21 07:34:09.713264: | #4 spent 0.717 milliseconds in resume sending helper answer Sep 21 07:34:09.713267: | stop processing: state #4 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in resume_handler() at server.c:833) Sep 21 07:34:09.713269: | libevent_free: release ptr-libevent@0x7f8338006ad0 Sep 21 07:34:09.722641: | spent 0.00285 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:34:09.722657: | *received 76 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) Sep 21 07:34:09.722660: | 18 31 dd 30 0d 3e 37 d5 85 08 f7 50 ae 24 38 ea Sep 21 07:34:09.722662: | 08 10 20 01 7c b3 d8 d7 00 00 00 4c 4a 43 e4 20 Sep 21 07:34:09.722663: | 9e 1c 4f 1e fa 0b 1c 35 a6 46 c8 04 a4 65 52 14 Sep 21 07:34:09.722665: | 9b fd 0f ba 36 18 e0 6b 22 c4 b2 dd 16 cb f3 a3 Sep 21 07:34:09.722666: | ae 9d d8 05 76 fb 4e cb 9e 17 be 60 Sep 21 07:34:09.722669: | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) Sep 21 07:34:09.722672: | **parse ISAKMP Message: Sep 21 07:34:09.722674: | initiator cookie: Sep 21 07:34:09.722675: | 18 31 dd 30 0d 3e 37 d5 Sep 21 07:34:09.722677: | responder cookie: Sep 21 07:34:09.722678: | 85 08 f7 50 ae 24 38 ea Sep 21 07:34:09.722680: | next payload type: ISAKMP_NEXT_HASH (0x8) Sep 21 07:34:09.722682: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:34:09.722684: | exchange type: ISAKMP_XCHG_QUICK (0x20) Sep 21 07:34:09.722685: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Sep 21 07:34:09.722687: | Message ID: 2092161239 (0x7cb3d8d7) Sep 21 07:34:09.722689: | length: 76 (0x4c) Sep 21 07:34:09.722691: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32) Sep 21 07:34:09.722696: | State DB: found IKEv1 state #4 in QUICK_R1 (find_state_ikev1) Sep 21 07:34:09.722700: | start processing: state #4 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in process_v1_packet() at ikev1.c:1609) Sep 21 07:34:09.722702: | #4 is idle Sep 21 07:34:09.722703: | #4 idle Sep 21 07:34:09.722706: | received encrypted packet from 192.1.3.33:500 Sep 21 07:34:09.722719: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x100 opt: 0x0 Sep 21 07:34:09.722722: | ***parse ISAKMP Hash Payload: Sep 21 07:34:09.722723: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:09.722725: | length: 36 (0x24) Sep 21 07:34:09.722727: | removing 12 bytes of padding Sep 21 07:34:09.722745: | quick_inI2 HASH(3): Sep 21 07:34:09.722747: | ef 53 7a f1 52 2c 6e dc 23 40 e0 05 03 3a d8 ff Sep 21 07:34:09.722749: | 87 fa ed 74 2d b4 85 ce 55 d7 cc a3 d1 b4 2b be Sep 21 07:34:09.722751: | received 'quick_inI2' message HASH(3) data ok Sep 21 07:34:09.722754: | install_ipsec_sa() for #4: outbound only Sep 21 07:34:09.722757: | could_route called for northnet-eastnets/0x1 (kind=CK_PERMANENT) Sep 21 07:34:09.722759: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:34:09.722761: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Sep 21 07:34:09.722763: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Sep 21 07:34:09.722765: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Sep 21 07:34:09.722767: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Sep 21 07:34:09.722769: | route owner of "northnet-eastnets/0x1" erouted: self; eroute owner: self Sep 21 07:34:09.722771: | sr for #4: erouted Sep 21 07:34:09.722773: | route_and_eroute() for proto 0, and source port 0 dest port 0 Sep 21 07:34:09.722774: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:34:09.722776: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Sep 21 07:34:09.722778: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Sep 21 07:34:09.722780: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Sep 21 07:34:09.722781: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Sep 21 07:34:09.722789: | route owner of "northnet-eastnets/0x1" erouted: self; eroute owner: self Sep 21 07:34:09.722795: | route_and_eroute with c: northnet-eastnets/0x1 (next: none) ero:northnet-eastnets/0x1 esr:{(nil)} ro:northnet-eastnets/0x1 rosr:{(nil)} and state: #4 Sep 21 07:34:09.722797: | priority calculation of connection "northnet-eastnets/0x1" is 0xfe7e7 Sep 21 07:34:09.722803: | eroute_connection replace eroute 192.0.2.0/24:0 --0-> 192.0.3.0/24:0 => tun.0@192.1.3.33>tun.0@192.1.3.33 (raw_eroute) Sep 21 07:34:09.722805: | IPsec Sa SPD priority set to 1042407 Sep 21 07:34:09.722841: | raw_eroute result=success Sep 21 07:34:09.722845: | route_and_eroute: firewall_notified: true Sep 21 07:34:09.722847: | route_and_eroute: instance "northnet-eastnets/0x1", setting eroute_owner {spd=0x560974866400,sr=0x560974866400} to #4 (was #2) (newest_ipsec_sa=#2) Sep 21 07:34:09.722851: | #1 spent 0.091 milliseconds in install_ipsec_sa() Sep 21 07:34:09.722853: | inI2: instance northnet-eastnets/0x1[0], setting IKEv1 newest_ipsec_sa to #4 (was #2) (spd.eroute=#4) cloned from #1 Sep 21 07:34:09.722855: | DPD: dpd_init() called on IPsec SA Sep 21 07:34:09.722856: | DPD: Peer does not support Dead Peer Detection Sep 21 07:34:09.722858: | complete v1 state transition with STF_OK Sep 21 07:34:09.722861: | [RE]START processing: state #4 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in complete_v1_state_transition() at ikev1.c:2649) Sep 21 07:34:09.722863: | #4 is idle Sep 21 07:34:09.722864: | doing_xauth:no, t_xauth_client_done:no Sep 21 07:34:09.722866: | IKEv1: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2 Sep 21 07:34:09.722868: | child state #4: QUICK_R1(established CHILD SA) => QUICK_R2(established CHILD SA) Sep 21 07:34:09.722870: | event_already_set, deleting event Sep 21 07:34:09.722872: | state #4 requesting EVENT_RETRANSMIT to be deleted Sep 21 07:34:09.722875: | #4 STATE_QUICK_R2: retransmits: cleared Sep 21 07:34:09.722878: | libevent_free: release ptr-libevent@0x7f8320003770 Sep 21 07:34:09.722880: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f83280041c0 Sep 21 07:34:09.722882: | !event_already_set at reschedule Sep 21 07:34:09.722883: | event_schedule: new EVENT_SA_REPLACE-pe@0x7f83280041c0 Sep 21 07:34:09.722886: | inserting event EVENT_SA_REPLACE, timeout in 28530 seconds for #4 Sep 21 07:34:09.722888: | libevent_malloc: new ptr-libevent@0x7f8320003770 size 128 Sep 21 07:34:09.722890: | pstats #4 ikev1.ipsec established Sep 21 07:34:09.722892: | NAT-T: encaps is 'auto' Sep 21 07:34:09.722895: "northnet-eastnets/0x1" #4: STATE_QUICK_R2: IPsec SA established tunnel mode {ESP=>0x62fa2058 <0x464c04b5 xfrm=AES_CBC_128-HMAC_SHA1_96 NATOA=none NATD=none DPD=passive} Sep 21 07:34:09.722897: | modecfg pull: noquirk policy:push not-client Sep 21 07:34:09.722898: | phase 1 is done, looking for phase 2 to unpend Sep 21 07:34:09.722901: | #4 spent 0.143 milliseconds in process_packet_tail() Sep 21 07:34:09.722904: | stop processing: from 192.1.3.33:500 (BACKGROUND) (in process_md() at demux.c:380) Sep 21 07:34:09.722907: | stop processing: state #4 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in process_md() at demux.c:382) Sep 21 07:34:09.722909: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:34:09.722911: | spent 0.258 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:34:11.954154: | spent 0.00471 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:34:11.954186: | *received 476 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) Sep 21 07:34:11.954191: | 18 31 dd 30 0d 3e 37 d5 85 08 f7 50 ae 24 38 ea Sep 21 07:34:11.954195: | 08 10 20 01 e6 38 58 db 00 00 01 dc e4 e7 e4 e4 Sep 21 07:34:11.954197: | d1 99 cc 6a e3 89 fb f7 fe 0b 15 f5 3c a2 92 3a Sep 21 07:34:11.954200: | c3 96 d7 9a 3b e0 e8 a0 aa a8 0b f2 4d 0b a1 8a Sep 21 07:34:11.954203: | fd 3c 24 23 df 6b 1a ed f5 0d 0d 7f d7 63 02 d0 Sep 21 07:34:11.954205: | 31 a9 35 30 fd 09 8e b3 ed f6 54 96 29 ff af 04 Sep 21 07:34:11.954208: | f2 f8 1f c6 ee f0 e1 a7 1c f1 e1 14 3a 71 36 e9 Sep 21 07:34:11.954210: | 9e 6b e0 c9 6f 21 c5 c2 40 b1 3c 11 1a 99 e7 d2 Sep 21 07:34:11.954213: | 2d 68 bd 49 3d bf 33 77 0a e1 a3 8b 87 ef 7d fb Sep 21 07:34:11.954216: | 73 b5 39 9c a1 05 20 de d8 27 0a 37 26 2f d7 3d Sep 21 07:34:11.954218: | 3b e0 de ab ef 60 6e c2 fb 68 59 36 61 bf 6e a2 Sep 21 07:34:11.954221: | f2 fa c9 4e 99 dc 1a b7 ac 89 76 20 37 56 9c ee Sep 21 07:34:11.954224: | ff d3 3e 7a 73 af 64 46 9c ff 58 6c f7 89 06 e4 Sep 21 07:34:11.954226: | fc 9a 51 bc eb 00 33 fb 74 2f f8 66 95 9a b4 ac Sep 21 07:34:11.954229: | 2f 03 cb ca ec 1f 2d 01 7a 70 8f bd c7 0d fa b8 Sep 21 07:34:11.954232: | 73 9e a0 8d b8 43 09 49 23 7a 60 c8 6e 24 82 29 Sep 21 07:34:11.954234: | 6f d6 c9 6d 20 59 b5 73 61 62 0c f2 20 af 21 76 Sep 21 07:34:11.954237: | 19 1f 20 36 ce fb d9 32 a4 0b 74 92 e0 8b 9c f6 Sep 21 07:34:11.954239: | 6e 57 7c d1 5a ee 52 ef 5d ef b9 95 3d ae 1c 08 Sep 21 07:34:11.954242: | 06 57 20 0b 34 2c e0 7c 61 1f 0e 85 fd 0f 86 a9 Sep 21 07:34:11.954245: | fa 7b ec 52 e9 99 3b cd 17 dc 76 93 e4 b8 15 3c Sep 21 07:34:11.954247: | d7 10 3b 2b a5 7a d7 b5 1c 13 bc 76 54 1b 40 fb Sep 21 07:34:11.954250: | c3 99 b4 9e 95 a8 61 90 29 21 93 70 07 97 f5 ed Sep 21 07:34:11.954253: | e6 c1 46 f1 8e a2 bd 34 fa fc 7a 33 6a c7 35 68 Sep 21 07:34:11.954255: | 28 5e fb 76 74 e4 d8 36 a8 c8 94 b5 e8 b1 ed 92 Sep 21 07:34:11.954258: | 66 f3 77 27 17 ed e5 af ee 82 23 ed dd 26 9c e5 Sep 21 07:34:11.954260: | 10 61 c8 2b f0 0c c7 47 91 ef 36 ed 42 11 7b a8 Sep 21 07:34:11.954263: | 7b 7f 19 93 5d 3e 41 de 38 ea 1a 50 73 1a 76 ea Sep 21 07:34:11.954266: | e2 ed 79 9d bd ea 00 70 4e 64 79 79 74 83 1d 32 Sep 21 07:34:11.954268: | 45 28 ad 20 79 2b 0a 27 48 a7 d9 6e Sep 21 07:34:11.954279: | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) Sep 21 07:34:11.954284: | **parse ISAKMP Message: Sep 21 07:34:11.954287: | initiator cookie: Sep 21 07:34:11.954290: | 18 31 dd 30 0d 3e 37 d5 Sep 21 07:34:11.954293: | responder cookie: Sep 21 07:34:11.954295: | 85 08 f7 50 ae 24 38 ea Sep 21 07:34:11.954299: | next payload type: ISAKMP_NEXT_HASH (0x8) Sep 21 07:34:11.954302: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:34:11.954305: | exchange type: ISAKMP_XCHG_QUICK (0x20) Sep 21 07:34:11.954308: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Sep 21 07:34:11.954312: | Message ID: 3862452443 (0xe63858db) Sep 21 07:34:11.954314: | length: 476 (0x1dc) Sep 21 07:34:11.954318: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32) Sep 21 07:34:11.954323: | State DB: IKEv1 state not found (find_state_ikev1) Sep 21 07:34:11.954327: | State DB: found IKEv1 state #1 in MAIN_R3 (find_state_ikev1) Sep 21 07:34:11.954334: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in process_v1_packet() at ikev1.c:1583) Sep 21 07:34:11.954366: | #1 is idle Sep 21 07:34:11.954370: | #1 idle Sep 21 07:34:11.954374: | received encrypted packet from 192.1.3.33:500 Sep 21 07:34:11.954390: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x502 opt: 0x200030 Sep 21 07:34:11.954394: | ***parse ISAKMP Hash Payload: Sep 21 07:34:11.954397: | next payload type: ISAKMP_NEXT_SA (0x1) Sep 21 07:34:11.954400: | length: 36 (0x24) Sep 21 07:34:11.954403: | got payload 0x2 (ISAKMP_NEXT_SA) needed: 0x402 opt: 0x200030 Sep 21 07:34:11.954420: | ***parse ISAKMP Security Association Payload: Sep 21 07:34:11.954423: | next payload type: ISAKMP_NEXT_NONCE (0xa) Sep 21 07:34:11.954425: | length: 84 (0x54) Sep 21 07:34:11.954428: | DOI: ISAKMP_DOI_IPSEC (0x1) Sep 21 07:34:11.954430: | got payload 0x400 (ISAKMP_NEXT_NONCE) needed: 0x400 opt: 0x200030 Sep 21 07:34:11.954433: | ***parse ISAKMP Nonce Payload: Sep 21 07:34:11.954435: | next payload type: ISAKMP_NEXT_KE (0x4) Sep 21 07:34:11.954437: | length: 36 (0x24) Sep 21 07:34:11.954440: | got payload 0x10 (ISAKMP_NEXT_KE) needed: 0x0 opt: 0x200030 Sep 21 07:34:11.954442: | ***parse ISAKMP Key Exchange Payload: Sep 21 07:34:11.954445: | next payload type: ISAKMP_NEXT_ID (0x5) Sep 21 07:34:11.954447: | length: 260 (0x104) Sep 21 07:34:11.954450: | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030 Sep 21 07:34:11.954452: | ***parse ISAKMP Identification Payload (IPsec DOI): Sep 21 07:34:11.954455: | next payload type: ISAKMP_NEXT_ID (0x5) Sep 21 07:34:11.954457: | length: 16 (0x10) Sep 21 07:34:11.954460: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Sep 21 07:34:11.954462: | Protocol ID: 0 (0x0) Sep 21 07:34:11.954464: | port: 0 (0x0) Sep 21 07:34:11.954467: | obj: c0 00 03 00 ff ff ff 00 Sep 21 07:34:11.954469: | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030 Sep 21 07:34:11.954472: | ***parse ISAKMP Identification Payload (IPsec DOI): Sep 21 07:34:11.954474: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:11.954477: | length: 16 (0x10) Sep 21 07:34:11.954479: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Sep 21 07:34:11.954481: | Protocol ID: 0 (0x0) Sep 21 07:34:11.954483: | port: 0 (0x0) Sep 21 07:34:11.954486: | obj: c0 00 16 00 ff ff ff 00 Sep 21 07:34:11.954513: | quick_inI1_outR1 HASH(1): Sep 21 07:34:11.954516: | 9d 2f 0d 1a 2d f1 f0 8b 7d 00 f1 d7 05 18 4b dc Sep 21 07:34:11.954519: | 8c 95 26 eb ba 9f 40 96 18 64 24 25 fa 74 01 6e Sep 21 07:34:11.954521: | received 'quick_inI1_outR1' message HASH(1) data ok Sep 21 07:34:11.954527: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address Sep 21 07:34:11.954529: | ID address c0 00 03 00 Sep 21 07:34:11.954532: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID mask Sep 21 07:34:11.954534: | ID mask ff ff ff 00 Sep 21 07:34:11.954539: | peer client is subnet 192.0.3.0/24 Sep 21 07:34:11.954544: | peer client protocol/port is 0/0 Sep 21 07:34:11.954547: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address Sep 21 07:34:11.954549: | ID address c0 00 16 00 Sep 21 07:34:11.954551: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID mask Sep 21 07:34:11.954553: | ID mask ff ff ff 00 Sep 21 07:34:11.954557: | our client is subnet 192.0.22.0/24 Sep 21 07:34:11.954559: | our client protocol/port is 0/0 Sep 21 07:34:11.954564: "northnet-eastnets/0x2" #1: the peer proposed: 192.0.22.0/24:0/0 -> 192.0.3.0/24:0/0 Sep 21 07:34:11.954567: | find_client_connection starting with northnet-eastnets/0x2 Sep 21 07:34:11.954572: | looking for 192.0.22.0/24:0:0/0 -> 192.0.3.0/24:0:0/0 Sep 21 07:34:11.954576: | concrete checking against sr#0 192.0.22.0/24:0 -> 192.0.3.0/24:0 Sep 21 07:34:11.954579: | client wildcard: no port wildcard: no virtual: no Sep 21 07:34:11.954584: | creating state object #5 at 0x56097488ab70 Sep 21 07:34:11.954587: | State DB: adding IKEv1 state #5 in UNDEFINED Sep 21 07:34:11.954590: | pstats #5 ikev1.ipsec started Sep 21 07:34:11.954593: | duplicating state object #1 "northnet-eastnets/0x2" as #5 for IPSEC SA Sep 21 07:34:11.954598: | #5 setting local endpoint to 192.1.2.23:500 from #1.st_localport (in duplicate_state() at state.c:1481) Sep 21 07:34:11.954604: | suspend processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in quick_inI1_outR1_tail() at ikev1_quick.c:1294) Sep 21 07:34:11.954609: | start processing: state #5 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in quick_inI1_outR1_tail() at ikev1_quick.c:1294) Sep 21 07:34:11.954612: | child state #5: UNDEFINED(ignore) => QUICK_R0(established CHILD SA) Sep 21 07:34:11.954616: | ****parse IPsec DOI SIT: Sep 21 07:34:11.954618: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) Sep 21 07:34:11.954621: | ****parse ISAKMP Proposal Payload: Sep 21 07:34:11.954624: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:11.954626: | length: 72 (0x48) Sep 21 07:34:11.954628: | proposal number: 0 (0x0) Sep 21 07:34:11.954631: | protocol ID: PROTO_IPSEC_ESP (0x3) Sep 21 07:34:11.954633: | SPI size: 4 (0x4) Sep 21 07:34:11.954636: | number of transforms: 2 (0x2) Sep 21 07:34:11.954638: | parsing 4 raw bytes of ISAKMP Proposal Payload into SPI Sep 21 07:34:11.954640: | SPI 6c 70 d8 7f Sep 21 07:34:11.954644: | *****parse ISAKMP Transform Payload (ESP): Sep 21 07:34:11.954646: | next payload type: ISAKMP_NEXT_T (0x3) Sep 21 07:34:11.954648: | length: 32 (0x20) Sep 21 07:34:11.954651: | ESP transform number: 0 (0x0) Sep 21 07:34:11.954653: | ESP transform ID: ESP_AES (0xc) Sep 21 07:34:11.954656: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:34:11.954659: | af+type: AF+GROUP_DESCRIPTION (0x8003) Sep 21 07:34:11.954661: | length/value: 14 (0xe) Sep 21 07:34:11.954664: | [14 is OAKLEY_GROUP_MODP2048] Sep 21 07:34:11.954667: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:34:11.954670: | af+type: AF+ENCAPSULATION_MODE (0x8004) Sep 21 07:34:11.954672: | length/value: 1 (0x1) Sep 21 07:34:11.954675: | [1 is ENCAPSULATION_MODE_TUNNEL] Sep 21 07:34:11.954677: | NAT-T non-encap: Installing IPsec SA without ENCAP, st->hidden_variables.st_nat_traversal is none Sep 21 07:34:11.954680: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:34:11.954682: | af+type: AF+SA_LIFE_TYPE (0x8001) Sep 21 07:34:11.954685: | length/value: 1 (0x1) Sep 21 07:34:11.954687: | [1 is SA_LIFE_TYPE_SECONDS] Sep 21 07:34:11.954689: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:34:11.954692: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) Sep 21 07:34:11.954694: | length/value: 28800 (0x7080) Sep 21 07:34:11.954697: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:34:11.954699: | af+type: AF+AUTH_ALGORITHM (0x8005) Sep 21 07:34:11.954701: | length/value: 2 (0x2) Sep 21 07:34:11.954704: | [2 is AUTH_ALGORITHM_HMAC_SHA1] Sep 21 07:34:11.954706: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:34:11.954711: | af+type: AF+KEY_LENGTH (0x8006) Sep 21 07:34:11.954713: | length/value: 128 (0x80) Sep 21 07:34:11.954716: | ESP IPsec Transform verified unconditionally; no alg_info to check against Sep 21 07:34:11.954722: | adding quick_outI1 KE work-order 9 for state #5 Sep 21 07:34:11.954726: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f8324002b20 Sep 21 07:34:11.954730: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #5 Sep 21 07:34:11.954733: | libevent_malloc: new ptr-libevent@0x7f8338006ad0 size 128 Sep 21 07:34:11.954743: | complete v1 state transition with STF_SUSPEND Sep 21 07:34:11.954748: | [RE]START processing: state #5 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in complete_v1_state_transition() at ikev1.c:2624) Sep 21 07:34:11.954750: | suspending state #5 and saving MD Sep 21 07:34:11.954753: | #5 is busy; has a suspended MD Sep 21 07:34:11.954758: | #1 spent 0.231 milliseconds in process_packet_tail() Sep 21 07:34:11.954762: | stop processing: from 192.1.3.33:500 (BACKGROUND) (in process_md() at demux.c:380) Sep 21 07:34:11.954767: | stop processing: state #5 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in process_md() at demux.c:382) Sep 21 07:34:11.954770: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:34:11.954774: | spent 0.601 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:34:11.954781: | crypto helper 0 resuming Sep 21 07:34:11.954807: | crypto helper 0 starting work-order 9 for state #5 Sep 21 07:34:11.954790: | spent 0.00194 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:34:11.954813: | crypto helper 0 doing build KE and nonce (quick_outI1 KE); request ID 9 Sep 21 07:34:11.954832: | *received 476 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) Sep 21 07:34:11.954843: | 18 31 dd 30 0d 3e 37 d5 85 08 f7 50 ae 24 38 ea Sep 21 07:34:11.954845: | 08 10 20 01 8b 8f 11 95 00 00 01 dc b3 90 d9 50 Sep 21 07:34:11.954848: | 4e c4 ea 42 d7 d6 f4 21 14 fc 46 2e 3e 7c 71 72 Sep 21 07:34:11.954850: | 37 f4 6f cb 99 29 a3 cb f6 dc 57 82 c3 f4 24 02 Sep 21 07:34:11.954852: | 85 fc 18 7b c0 27 10 a6 5b 47 4c 59 15 8a 56 77 Sep 21 07:34:11.954854: | 31 19 02 08 3a 3e c3 e7 5a 02 2b cf a0 a6 09 45 Sep 21 07:34:11.954857: | 8e 41 a1 f2 3d cb d4 22 6c 9e 03 62 57 15 98 a0 Sep 21 07:34:11.954859: | 25 ba 9c 7e e8 a8 30 87 1a 58 a5 56 5b 05 f1 1b Sep 21 07:34:11.954861: | 15 64 8e ab 47 ef f5 da 56 9f 9d 43 5f 0f e2 14 Sep 21 07:34:11.954863: | ff b0 04 c9 7d ee 2e 8b 95 31 03 94 e8 90 6a c6 Sep 21 07:34:11.954865: | 8a 0b 55 49 79 7a ba d6 e8 79 df 16 e5 03 99 db Sep 21 07:34:11.954867: | e1 cc 5d a5 9f 29 6c b6 f9 fc 98 87 4a 7a 32 e7 Sep 21 07:34:11.954870: | 7f 92 0c 4f 62 b0 75 eb d1 81 52 09 79 01 5f a1 Sep 21 07:34:11.954872: | 1a 2b 2c be af c5 86 54 67 91 21 25 7e c1 1f 95 Sep 21 07:34:11.954874: | 0c bf 4c 2a 53 29 a5 02 8b 2c 29 2f ff 88 a3 7f Sep 21 07:34:11.954876: | 58 0e d9 23 10 65 c2 da 5e d4 b3 b1 bc dd c4 62 Sep 21 07:34:11.954878: | 62 78 76 7a c6 08 ea 93 24 4d b4 be ef 47 d8 f2 Sep 21 07:34:11.954881: | 63 00 a8 ed 35 37 9e 53 f5 52 fc 89 01 3f 8d 96 Sep 21 07:34:11.954883: | ee f6 35 6b 95 b7 77 b2 f7 f6 c0 ce 8d 6c 51 3a Sep 21 07:34:11.954885: | 8a 6e 90 42 98 b8 03 2d 4c cc 42 5c 6c 05 41 8a Sep 21 07:34:11.954887: | 3f 3b ca 4c fb f4 df 4f de 51 20 db 1c ca 3f cf Sep 21 07:34:11.954889: | 37 ef a8 6d 35 70 72 5e 51 5f f6 fa 38 a1 4d 08 Sep 21 07:34:11.954892: | bc 40 f6 fb 93 6e cb 23 8a 3b cc 10 01 03 51 2b Sep 21 07:34:11.954894: | b7 c1 61 29 e9 86 f2 b3 76 09 0c b1 43 7c 52 04 Sep 21 07:34:11.954896: | 0b c0 97 89 95 98 f9 9b 42 97 1f 87 22 f4 67 e4 Sep 21 07:34:11.954898: | b6 ee 72 5a c7 7c e3 f8 96 8c 2f ec 2e ef 7c 85 Sep 21 07:34:11.954900: | 43 9b 93 e2 d3 45 39 d3 22 bf 4e 68 79 41 ac 1f Sep 21 07:34:11.954903: | b1 4c 7f 4f c5 71 d7 94 ae 86 56 1a ad 23 b7 45 Sep 21 07:34:11.954905: | 80 79 22 5b 17 3f 34 5c 06 7a 5e cf 05 79 62 0b Sep 21 07:34:11.954910: | 4a 32 85 84 4e 66 2d 5b 2e 26 4f 91 Sep 21 07:34:11.954914: | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) Sep 21 07:34:11.954917: | **parse ISAKMP Message: Sep 21 07:34:11.954920: | initiator cookie: Sep 21 07:34:11.954922: | 18 31 dd 30 0d 3e 37 d5 Sep 21 07:34:11.954924: | responder cookie: Sep 21 07:34:11.954926: | 85 08 f7 50 ae 24 38 ea Sep 21 07:34:11.954929: | next payload type: ISAKMP_NEXT_HASH (0x8) Sep 21 07:34:11.954932: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:34:11.954934: | exchange type: ISAKMP_XCHG_QUICK (0x20) Sep 21 07:34:11.954937: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Sep 21 07:34:11.954939: | Message ID: 2341409173 (0x8b8f1195) Sep 21 07:34:11.954942: | length: 476 (0x1dc) Sep 21 07:34:11.954945: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32) Sep 21 07:34:11.954948: | State DB: IKEv1 state not found (find_state_ikev1) Sep 21 07:34:11.954951: | State DB: found IKEv1 state #1 in MAIN_R3 (find_state_ikev1) Sep 21 07:34:11.954955: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in process_v1_packet() at ikev1.c:1583) Sep 21 07:34:11.954966: | #1 is idle Sep 21 07:34:11.954968: | #1 idle Sep 21 07:34:11.954972: | received encrypted packet from 192.1.3.33:500 Sep 21 07:34:11.954980: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x502 opt: 0x200030 Sep 21 07:34:11.954984: | ***parse ISAKMP Hash Payload: Sep 21 07:34:11.954986: | next payload type: ISAKMP_NEXT_SA (0x1) Sep 21 07:34:11.954988: | length: 36 (0x24) Sep 21 07:34:11.954991: | got payload 0x2 (ISAKMP_NEXT_SA) needed: 0x402 opt: 0x200030 Sep 21 07:34:11.954994: | ***parse ISAKMP Security Association Payload: Sep 21 07:34:11.954996: | next payload type: ISAKMP_NEXT_NONCE (0xa) Sep 21 07:34:11.954998: | length: 84 (0x54) Sep 21 07:34:11.955001: | DOI: ISAKMP_DOI_IPSEC (0x1) Sep 21 07:34:11.955003: | got payload 0x400 (ISAKMP_NEXT_NONCE) needed: 0x400 opt: 0x200030 Sep 21 07:34:11.955006: | ***parse ISAKMP Nonce Payload: Sep 21 07:34:11.955008: | next payload type: ISAKMP_NEXT_KE (0x4) Sep 21 07:34:11.955010: | length: 36 (0x24) Sep 21 07:34:11.955013: | got payload 0x10 (ISAKMP_NEXT_KE) needed: 0x0 opt: 0x200030 Sep 21 07:34:11.955015: | ***parse ISAKMP Key Exchange Payload: Sep 21 07:34:11.955018: | next payload type: ISAKMP_NEXT_ID (0x5) Sep 21 07:34:11.955020: | length: 260 (0x104) Sep 21 07:34:11.955022: | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030 Sep 21 07:34:11.955025: | ***parse ISAKMP Identification Payload (IPsec DOI): Sep 21 07:34:11.955027: | next payload type: ISAKMP_NEXT_ID (0x5) Sep 21 07:34:11.955029: | length: 16 (0x10) Sep 21 07:34:11.955032: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Sep 21 07:34:11.955034: | Protocol ID: 0 (0x0) Sep 21 07:34:11.955037: | port: 0 (0x0) Sep 21 07:34:11.955039: | obj: c0 00 03 00 ff ff ff 00 Sep 21 07:34:11.955041: | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030 Sep 21 07:34:11.955044: | ***parse ISAKMP Identification Payload (IPsec DOI): Sep 21 07:34:11.955046: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:11.955048: | length: 16 (0x10) Sep 21 07:34:11.955051: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Sep 21 07:34:11.955053: | Protocol ID: 0 (0x0) Sep 21 07:34:11.955055: | port: 0 (0x0) Sep 21 07:34:11.955058: | obj: c0 00 02 00 ff ff ff 00 Sep 21 07:34:11.955078: | quick_inI1_outR1 HASH(1): Sep 21 07:34:11.955081: | a4 3d 42 bd 66 72 5b 32 46 e7 3e a3 1a 4c 95 95 Sep 21 07:34:11.955083: | 97 3a 49 7d e2 cf ed 23 31 cc 6e 26 57 eb ab dd Sep 21 07:34:11.955086: | received 'quick_inI1_outR1' message HASH(1) data ok Sep 21 07:34:11.955090: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address Sep 21 07:34:11.955093: | ID address c0 00 03 00 Sep 21 07:34:11.955095: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID mask Sep 21 07:34:11.955100: | ID mask ff ff ff 00 Sep 21 07:34:11.955104: | peer client is subnet 192.0.3.0/24 Sep 21 07:34:11.955106: | peer client protocol/port is 0/0 Sep 21 07:34:11.955109: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address Sep 21 07:34:11.955111: | ID address c0 00 02 00 Sep 21 07:34:11.955113: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID mask Sep 21 07:34:11.955116: | ID mask ff ff ff 00 Sep 21 07:34:11.955119: | our client is subnet 192.0.2.0/24 Sep 21 07:34:11.955121: | our client protocol/port is 0/0 Sep 21 07:34:11.955126: "northnet-eastnets/0x2" #1: the peer proposed: 192.0.2.0/24:0/0 -> 192.0.3.0/24:0/0 Sep 21 07:34:11.955129: | find_client_connection starting with northnet-eastnets/0x2 Sep 21 07:34:11.955133: | looking for 192.0.2.0/24:0:0/0 -> 192.0.3.0/24:0:0/0 Sep 21 07:34:11.955137: | concrete checking against sr#0 192.0.22.0/24:0 -> 192.0.3.0/24:0 Sep 21 07:34:11.955150: | match_id a=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org Sep 21 07:34:11.955158: | b=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org Sep 21 07:34:11.955160: | results matched Sep 21 07:34:11.955168: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:34:11.955175: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:34:11.955183: | fc_try trying northnet-eastnets/0x2:192.0.2.0/24:0:0/0 -> 192.0.3.0/24:0:0/0 vs northnet-eastnets/0x2:192.0.22.0/24:0:0/0 -> 192.0.3.0/24:0:0/0 Sep 21 07:34:11.955187: | our client (192.0.22.0/24:0) not in our_net (192.0.2.0/24:0) Sep 21 07:34:11.955196: | match_id a=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org Sep 21 07:34:11.955203: | b=C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org Sep 21 07:34:11.955205: | results matched Sep 21 07:34:11.955212: | trusted_ca_nss: trustee A = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:34:11.955219: | trusted_ca_nss: trustor B = 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=Libreswan test CA for mainca, E=testing@libreswan.org' Sep 21 07:34:11.955226: | fc_try trying northnet-eastnets/0x2:192.0.2.0/24:0:0/0 -> 192.0.3.0/24:0:0/0 vs northnet-eastnets/0x1:192.0.2.0/24:0:0/0 -> 192.0.3.0/24:0:0/0 Sep 21 07:34:11.955229: | fc_try concluding with northnet-eastnets/0x1 [256] Sep 21 07:34:11.955232: | fc_try northnet-eastnets/0x2 gives northnet-eastnets/0x1 Sep 21 07:34:11.955234: | concluding with d = northnet-eastnets/0x1 Sep 21 07:34:11.955237: | using connection "northnet-eastnets/0x1" Sep 21 07:34:11.955239: | client wildcard: no port wildcard: no virtual: no Sep 21 07:34:11.955250: | creating state object #6 at 0x5609748936a0 Sep 21 07:34:11.955253: | State DB: adding IKEv1 state #6 in UNDEFINED Sep 21 07:34:11.955257: | pstats #6 ikev1.ipsec started Sep 21 07:34:11.955260: | duplicating state object #1 "northnet-eastnets/0x2" as #6 for IPSEC SA Sep 21 07:34:11.955264: | #6 setting local endpoint to 192.1.2.23:500 from #1.st_localport (in duplicate_state() at state.c:1481) Sep 21 07:34:11.955267: | in connection_discard for connection northnet-eastnets/0x2 Sep 21 07:34:11.955271: | start processing: connection "northnet-eastnets/0x1" (BACKGROUND) (in quick_inI1_outR1_tail() at ikev1_quick.c:1285) Sep 21 07:34:11.955275: | suspend processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in quick_inI1_outR1_tail() at ikev1_quick.c:1294) Sep 21 07:34:11.955280: | start processing: state #6 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in quick_inI1_outR1_tail() at ikev1_quick.c:1294) Sep 21 07:34:11.955285: | child state #6: UNDEFINED(ignore) => QUICK_R0(established CHILD SA) Sep 21 07:34:11.955288: | ****parse IPsec DOI SIT: Sep 21 07:34:11.955291: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) Sep 21 07:34:11.955293: | ****parse ISAKMP Proposal Payload: Sep 21 07:34:11.955296: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:11.955298: | length: 72 (0x48) Sep 21 07:34:11.955301: | proposal number: 0 (0x0) Sep 21 07:34:11.955303: | protocol ID: PROTO_IPSEC_ESP (0x3) Sep 21 07:34:11.955306: | SPI size: 4 (0x4) Sep 21 07:34:11.955308: | number of transforms: 2 (0x2) Sep 21 07:34:11.955311: | parsing 4 raw bytes of ISAKMP Proposal Payload into SPI Sep 21 07:34:11.955313: | SPI 45 8a 72 ab Sep 21 07:34:11.955316: | *****parse ISAKMP Transform Payload (ESP): Sep 21 07:34:11.955318: | next payload type: ISAKMP_NEXT_T (0x3) Sep 21 07:34:11.955320: | length: 32 (0x20) Sep 21 07:34:11.955323: | ESP transform number: 0 (0x0) Sep 21 07:34:11.955325: | ESP transform ID: ESP_AES (0xc) Sep 21 07:34:11.955328: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:34:11.955330: | af+type: AF+GROUP_DESCRIPTION (0x8003) Sep 21 07:34:11.955333: | length/value: 14 (0xe) Sep 21 07:34:11.955335: | [14 is OAKLEY_GROUP_MODP2048] Sep 21 07:34:11.955338: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:34:11.955340: | af+type: AF+ENCAPSULATION_MODE (0x8004) Sep 21 07:34:11.955343: | length/value: 1 (0x1) Sep 21 07:34:11.955345: | [1 is ENCAPSULATION_MODE_TUNNEL] Sep 21 07:34:11.955348: | NAT-T non-encap: Installing IPsec SA without ENCAP, st->hidden_variables.st_nat_traversal is none Sep 21 07:34:11.955350: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:34:11.955353: | af+type: AF+SA_LIFE_TYPE (0x8001) Sep 21 07:34:11.955355: | length/value: 1 (0x1) Sep 21 07:34:11.955357: | [1 is SA_LIFE_TYPE_SECONDS] Sep 21 07:34:11.955360: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:34:11.955362: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) Sep 21 07:34:11.955365: | length/value: 28800 (0x7080) Sep 21 07:34:11.955367: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:34:11.955370: | af+type: AF+AUTH_ALGORITHM (0x8005) Sep 21 07:34:11.955372: | length/value: 2 (0x2) Sep 21 07:34:11.955374: | [2 is AUTH_ALGORITHM_HMAC_SHA1] Sep 21 07:34:11.955377: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:34:11.955379: | af+type: AF+KEY_LENGTH (0x8006) Sep 21 07:34:11.955381: | length/value: 128 (0x80) Sep 21 07:34:11.955384: | ESP IPsec Transform verified unconditionally; no alg_info to check against Sep 21 07:34:11.955389: | adding quick_outI1 KE work-order 10 for state #6 Sep 21 07:34:11.955392: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f83340041c0 Sep 21 07:34:11.955396: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #6 Sep 21 07:34:11.955399: | libevent_malloc: new ptr-libevent@0x7f832c003590 size 128 Sep 21 07:34:11.955406: | complete v1 state transition with STF_SUSPEND Sep 21 07:34:11.955411: | [RE]START processing: state #6 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in complete_v1_state_transition() at ikev1.c:2624) Sep 21 07:34:11.955414: | suspending state #6 and saving MD Sep 21 07:34:11.955416: | #6 is busy; has a suspended MD Sep 21 07:34:11.955416: | crypto helper 2 resuming Sep 21 07:34:11.955421: | #1 spent 0.33 milliseconds in process_packet_tail() Sep 21 07:34:11.955444: | stop processing: from 192.1.3.33:500 (BACKGROUND) (in process_md() at demux.c:380) Sep 21 07:34:11.955435: | crypto helper 2 starting work-order 10 for state #6 Sep 21 07:34:11.955462: | crypto helper 2 doing build KE and nonce (quick_outI1 KE); request ID 10 Sep 21 07:34:11.955451: | stop processing: state #6 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in process_md() at demux.c:382) Sep 21 07:34:11.955473: | resume processing: connection "northnet-eastnets/0x1" (in process_md() at demux.c:382) Sep 21 07:34:11.955479: | stop processing: connection "northnet-eastnets/0x1" (in process_md() at demux.c:383) Sep 21 07:34:11.955484: | spent 0.647 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:34:11.957200: | crypto helper 2 finished build KE and nonce (quick_outI1 KE); request ID 10 time elapsed 0.001737 seconds Sep 21 07:34:11.957219: | crypto helper 0 finished build KE and nonce (quick_outI1 KE); request ID 9 time elapsed 0.002406 seconds Sep 21 07:34:11.957220: | (#6) spent 1.54 milliseconds in crypto helper computing work-order 10: quick_outI1 KE (pcr) Sep 21 07:34:11.957239: | (#5) spent 0.96 milliseconds in crypto helper computing work-order 9: quick_outI1 KE (pcr) Sep 21 07:34:11.957257: | crypto helper 0 sending results from work-order 9 for state #5 to event queue Sep 21 07:34:11.957248: | crypto helper 2 sending results from work-order 10 for state #6 to event queue Sep 21 07:34:11.957273: | scheduling resume sending helper answer for #6 Sep 21 07:34:11.957264: | scheduling resume sending helper answer for #5 Sep 21 07:34:11.957280: | libevent_malloc: new ptr-libevent@0x7f833400a240 size 128 Sep 21 07:34:11.957288: | libevent_malloc: new ptr-libevent@0x7f833000ad40 size 128 Sep 21 07:34:11.957300: | crypto helper 2 waiting (nothing to do) Sep 21 07:34:11.957314: | crypto helper 0 waiting (nothing to do) Sep 21 07:34:11.957344: | processing resume sending helper answer for #6 Sep 21 07:34:11.957358: | start processing: state #6 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in resume_handler() at server.c:797) Sep 21 07:34:11.957363: | crypto helper 2 replies to request ID 10 Sep 21 07:34:11.957366: | calling continuation function 0x560973f3c630 Sep 21 07:34:11.957369: | quick_inI1_outR1_cryptocontinue1 for #6: calculated ke+nonce, calculating DH Sep 21 07:34:11.957385: | started looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org of kind PKK_PSK Sep 21 07:34:11.957394: | actually looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org of kind PKK_PSK Sep 21 07:34:11.957402: | line 0: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org) to type PKK_RSA Sep 21 07:34:11.957410: | line 1: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org) to type PKK_RSA Sep 21 07:34:11.957413: | concluding with best_match=000 best=(nil) (lineno=-1) Sep 21 07:34:11.957416: | no PreShared Key Found Sep 21 07:34:11.957424: | adding quick outR1 DH work-order 11 for state #6 Sep 21 07:34:11.957427: | state #6 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:34:11.957430: | libevent_free: release ptr-libevent@0x7f832c003590 Sep 21 07:34:11.957433: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f83340041c0 Sep 21 07:34:11.957436: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f83340041c0 Sep 21 07:34:11.957440: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #6 Sep 21 07:34:11.957443: | libevent_malloc: new ptr-libevent@0x7f832c003590 size 128 Sep 21 07:34:11.957452: | suspending state #6 and saving MD Sep 21 07:34:11.957455: | #6 is busy; has a suspended MD Sep 21 07:34:11.957458: | resume sending helper answer for #6 suppresed complete_v1_state_transition() and stole MD Sep 21 07:34:11.957464: | #6 spent 0.0992 milliseconds in resume sending helper answer Sep 21 07:34:11.957469: | stop processing: state #6 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in resume_handler() at server.c:833) Sep 21 07:34:11.957472: | libevent_free: release ptr-libevent@0x7f833400a240 Sep 21 07:34:11.957478: | processing resume sending helper answer for #5 Sep 21 07:34:11.957480: | crypto helper 3 resuming Sep 21 07:34:11.957490: | crypto helper 3 starting work-order 11 for state #6 Sep 21 07:34:11.957483: | start processing: state #5 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:797) Sep 21 07:34:11.957495: | crypto helper 3 doing compute dh (V1 Phase 2 PFS) (quick outR1 DH); request ID 11 Sep 21 07:34:11.957501: | crypto helper 0 replies to request ID 9 Sep 21 07:34:11.957511: | calling continuation function 0x560973f3c630 Sep 21 07:34:11.957513: | quick_inI1_outR1_cryptocontinue1 for #5: calculated ke+nonce, calculating DH Sep 21 07:34:11.957526: | started looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org of kind PKK_PSK Sep 21 07:34:11.957535: | actually looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org of kind PKK_PSK Sep 21 07:34:11.957543: | line 0: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org) to type PKK_RSA Sep 21 07:34:11.957550: | line 1: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org) to type PKK_RSA Sep 21 07:34:11.957553: | concluding with best_match=000 best=(nil) (lineno=-1) Sep 21 07:34:11.957555: | no PreShared Key Found Sep 21 07:34:11.957558: | adding quick outR1 DH work-order 12 for state #5 Sep 21 07:34:11.957561: | state #5 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:34:11.957564: | libevent_free: release ptr-libevent@0x7f8338006ad0 Sep 21 07:34:11.957567: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f8324002b20 Sep 21 07:34:11.957569: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f8324002b20 Sep 21 07:34:11.957573: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #5 Sep 21 07:34:11.957576: | libevent_malloc: new ptr-libevent@0x7f8338006ad0 size 128 Sep 21 07:34:11.957583: | suspending state #5 and saving MD Sep 21 07:34:11.957591: | #5 is busy; has a suspended MD Sep 21 07:34:11.957603: | resume sending helper answer for #5 suppresed complete_v1_state_transition() and stole MD Sep 21 07:34:11.957592: | crypto helper 5 resuming Sep 21 07:34:11.957614: | #5 spent 0.108 milliseconds in resume sending helper answer Sep 21 07:34:11.957623: | crypto helper 5 starting work-order 12 for state #5 Sep 21 07:34:11.957635: | stop processing: state #5 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:833) Sep 21 07:34:11.957638: | crypto helper 5 doing compute dh (V1 Phase 2 PFS) (quick outR1 DH); request ID 12 Sep 21 07:34:11.957641: | libevent_free: release ptr-libevent@0x7f833000ad40 Sep 21 07:34:11.958345: | crypto helper 3 finished compute dh (V1 Phase 2 PFS) (quick outR1 DH); request ID 11 time elapsed 0.00085 seconds Sep 21 07:34:11.958356: | (#6) spent 0.853 milliseconds in crypto helper computing work-order 11: quick outR1 DH (pcr) Sep 21 07:34:11.958359: | crypto helper 3 sending results from work-order 11 for state #6 to event queue Sep 21 07:34:11.958362: | scheduling resume sending helper answer for #6 Sep 21 07:34:11.958365: | libevent_malloc: new ptr-libevent@0x7f8328009810 size 128 Sep 21 07:34:11.958372: | crypto helper 3 waiting (nothing to do) Sep 21 07:34:11.958384: | processing resume sending helper answer for #6 Sep 21 07:34:11.958395: | start processing: state #6 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in resume_handler() at server.c:797) Sep 21 07:34:11.958405: | crypto helper 3 replies to request ID 11 Sep 21 07:34:11.958409: | calling continuation function 0x560973f3c630 Sep 21 07:34:11.958413: | quick_inI1_outR1_cryptocontinue2 for #6: calculated DH, sending R1 Sep 21 07:34:11.958420: | **emit ISAKMP Message: Sep 21 07:34:11.958424: | initiator cookie: Sep 21 07:34:11.958428: | 18 31 dd 30 0d 3e 37 d5 Sep 21 07:34:11.958432: | responder cookie: Sep 21 07:34:11.958435: | 85 08 f7 50 ae 24 38 ea Sep 21 07:34:11.958439: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:11.958443: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:34:11.958448: | exchange type: ISAKMP_XCHG_QUICK (0x20) Sep 21 07:34:11.958452: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Sep 21 07:34:11.958456: | Message ID: 2341409173 (0x8b8f1195) Sep 21 07:34:11.958461: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:34:11.958465: | ***emit ISAKMP Hash Payload: Sep 21 07:34:11.958469: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:11.958474: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Sep 21 07:34:11.958478: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'reply packet' Sep 21 07:34:11.958483: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Sep 21 07:34:11.958487: | emitting length of ISAKMP Hash Payload: 36 Sep 21 07:34:11.958491: | ***emit ISAKMP Security Association Payload: Sep 21 07:34:11.958495: | next payload type: ISAKMP_NEXT_NONCE (0xa) Sep 21 07:34:11.958499: | DOI: ISAKMP_DOI_IPSEC (0x1) Sep 21 07:34:11.958503: | next payload chain: ignoring supplied 'ISAKMP Security Association Payload'.'next payload type' value 10:ISAKMP_NEXT_NONCE Sep 21 07:34:11.958508: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Security Association Payload (1:ISAKMP_NEXT_SA) Sep 21 07:34:11.958512: | next payload chain: saving location 'ISAKMP Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:34:11.958517: | ****parse IPsec DOI SIT: Sep 21 07:34:11.958521: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) Sep 21 07:34:11.958525: | ****parse ISAKMP Proposal Payload: Sep 21 07:34:11.958529: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:11.958533: | length: 72 (0x48) Sep 21 07:34:11.958536: | proposal number: 0 (0x0) Sep 21 07:34:11.958540: | protocol ID: PROTO_IPSEC_ESP (0x3) Sep 21 07:34:11.958544: | SPI size: 4 (0x4) Sep 21 07:34:11.958548: | number of transforms: 2 (0x2) Sep 21 07:34:11.958552: | parsing 4 raw bytes of ISAKMP Proposal Payload into SPI Sep 21 07:34:11.958555: | SPI 45 8a 72 ab Sep 21 07:34:11.958559: | *****parse ISAKMP Transform Payload (ESP): Sep 21 07:34:11.958563: | next payload type: ISAKMP_NEXT_T (0x3) Sep 21 07:34:11.958567: | length: 32 (0x20) Sep 21 07:34:11.958571: | ESP transform number: 0 (0x0) Sep 21 07:34:11.958572: | crypto helper 5 finished compute dh (V1 Phase 2 PFS) (quick outR1 DH); request ID 12 time elapsed 0.000934 seconds Sep 21 07:34:11.958575: | ESP transform ID: ESP_AES (0xc) Sep 21 07:34:11.958587: | (#5) spent 0.942 milliseconds in crypto helper computing work-order 12: quick outR1 DH (pcr) Sep 21 07:34:11.958588: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:34:11.958601: | af+type: AF+GROUP_DESCRIPTION (0x8003) Sep 21 07:34:11.958594: | crypto helper 5 sending results from work-order 12 for state #5 to event queue Sep 21 07:34:11.958611: | scheduling resume sending helper answer for #5 Sep 21 07:34:11.958605: | length/value: 14 (0xe) Sep 21 07:34:11.958618: | libevent_malloc: new ptr-libevent@0x7f832c002e90 size 128 Sep 21 07:34:11.958626: | [14 is OAKLEY_GROUP_MODP2048] Sep 21 07:34:11.958635: | crypto helper 5 waiting (nothing to do) Sep 21 07:34:11.958637: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:34:11.958642: | af+type: AF+ENCAPSULATION_MODE (0x8004) Sep 21 07:34:11.958648: | length/value: 1 (0x1) Sep 21 07:34:11.958651: | [1 is ENCAPSULATION_MODE_TUNNEL] Sep 21 07:34:11.958654: | NAT-T non-encap: Installing IPsec SA without ENCAP, st->hidden_variables.st_nat_traversal is none Sep 21 07:34:11.958656: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:34:11.958659: | af+type: AF+SA_LIFE_TYPE (0x8001) Sep 21 07:34:11.958661: | length/value: 1 (0x1) Sep 21 07:34:11.958663: | [1 is SA_LIFE_TYPE_SECONDS] Sep 21 07:34:11.958666: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:34:11.958668: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) Sep 21 07:34:11.958671: | length/value: 28800 (0x7080) Sep 21 07:34:11.958673: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:34:11.958676: | af+type: AF+AUTH_ALGORITHM (0x8005) Sep 21 07:34:11.958678: | length/value: 2 (0x2) Sep 21 07:34:11.958680: | [2 is AUTH_ALGORITHM_HMAC_SHA1] Sep 21 07:34:11.958683: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:34:11.958685: | af+type: AF+KEY_LENGTH (0x8006) Sep 21 07:34:11.958688: | length/value: 128 (0x80) Sep 21 07:34:11.958691: | ESP IPsec Transform verified unconditionally; no alg_info to check against Sep 21 07:34:11.958693: | ****emit IPsec DOI SIT: Sep 21 07:34:11.958696: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) Sep 21 07:34:11.958698: | ****emit ISAKMP Proposal Payload: Sep 21 07:34:11.958701: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:11.958703: | proposal number: 0 (0x0) Sep 21 07:34:11.958706: | protocol ID: PROTO_IPSEC_ESP (0x3) Sep 21 07:34:11.958708: | SPI size: 4 (0x4) Sep 21 07:34:11.958710: | number of transforms: 1 (0x1) Sep 21 07:34:11.958713: | last substructure: saving location 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' Sep 21 07:34:11.958735: | netlink_get_spi: allocated 0x3c06bef5 for esp.0@192.1.2.23 Sep 21 07:34:11.958738: | emitting 4 raw bytes of SPI into ISAKMP Proposal Payload Sep 21 07:34:11.958741: | SPI 3c 06 be f5 Sep 21 07:34:11.958743: | *****emit ISAKMP Transform Payload (ESP): Sep 21 07:34:11.958746: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:11.958748: | ESP transform number: 0 (0x0) Sep 21 07:34:11.958751: | ESP transform ID: ESP_AES (0xc) Sep 21 07:34:11.958753: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' Sep 21 07:34:11.958756: | emitting 24 raw bytes of attributes into ISAKMP Transform Payload (ESP) Sep 21 07:34:11.958759: | attributes 80 03 00 0e 80 04 00 01 80 01 00 01 80 02 70 80 Sep 21 07:34:11.958761: | attributes 80 05 00 02 80 06 00 80 Sep 21 07:34:11.958764: | emitting length of ISAKMP Transform Payload (ESP): 32 Sep 21 07:34:11.958766: | emitting length of ISAKMP Proposal Payload: 44 Sep 21 07:34:11.958769: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' is 0 Sep 21 07:34:11.958771: | emitting length of ISAKMP Security Association Payload: 56 Sep 21 07:34:11.958774: | last substructure: checking 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' is 0 Sep 21 07:34:11.958779: "northnet-eastnets/0x1" #6: responding to Quick Mode proposal {msgid:8b8f1195} Sep 21 07:34:11.958797: "northnet-eastnets/0x1" #6: us: 192.0.2.0/24===192.1.2.23<192.1.2.23>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org] Sep 21 07:34:11.958810: "northnet-eastnets/0x1" #6: them: 192.1.3.33<192.1.3.33>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org]===192.0.3.0/24 Sep 21 07:34:11.958813: | ***emit ISAKMP Nonce Payload: Sep 21 07:34:11.958816: | next payload type: ISAKMP_NEXT_KE (0x4) Sep 21 07:34:11.958819: | next payload chain: ignoring supplied 'ISAKMP Nonce Payload'.'next payload type' value 4:ISAKMP_NEXT_KE Sep 21 07:34:11.958822: | next payload chain: setting previous 'ISAKMP Security Association Payload'.'next payload type' to current ISAKMP Nonce Payload (10:ISAKMP_NEXT_NONCE) Sep 21 07:34:11.958827: | next payload chain: saving location 'ISAKMP Nonce Payload'.'next payload type' in 'reply packet' Sep 21 07:34:11.958830: | emitting 32 raw bytes of Nr into ISAKMP Nonce Payload Sep 21 07:34:11.958833: | Nr 55 40 d3 70 f1 3b 86 35 e1 43 89 34 3b 36 e8 8e Sep 21 07:34:11.958835: | Nr f6 e8 52 31 5f 6c 1f 9e fb f0 e2 87 6d df 5e 60 Sep 21 07:34:11.958837: | emitting length of ISAKMP Nonce Payload: 36 Sep 21 07:34:11.958840: | ***emit ISAKMP Key Exchange Payload: Sep 21 07:34:11.958842: | next payload type: ISAKMP_NEXT_ID (0x5) Sep 21 07:34:11.958845: | next payload chain: ignoring supplied 'ISAKMP Key Exchange Payload'.'next payload type' value 5:ISAKMP_NEXT_ID Sep 21 07:34:11.958848: | next payload chain: setting previous 'ISAKMP Nonce Payload'.'next payload type' to current ISAKMP Key Exchange Payload (4:ISAKMP_NEXT_KE) Sep 21 07:34:11.958851: | next payload chain: saving location 'ISAKMP Key Exchange Payload'.'next payload type' in 'reply packet' Sep 21 07:34:11.958854: | emitting 256 raw bytes of keyex value into ISAKMP Key Exchange Payload Sep 21 07:34:11.958856: | keyex value b1 d0 a3 c5 59 42 78 49 ff 39 68 af e5 3e 43 e7 Sep 21 07:34:11.958858: | keyex value 4b be 98 76 3b 59 d7 01 76 46 35 9e d2 b5 2e 04 Sep 21 07:34:11.958861: | keyex value 99 cc b9 32 63 96 af 45 49 77 f1 37 04 3c 0e eb Sep 21 07:34:11.958863: | keyex value 29 c3 26 65 7b 89 cd 0b 65 cc d0 93 1e 1f e3 c7 Sep 21 07:34:11.958865: | keyex value a1 b1 cd 06 c5 9b 36 45 ca 13 83 42 8e a0 0e 4a Sep 21 07:34:11.958867: | keyex value 8f de 12 10 fe 2e 15 cb f0 6b 05 a0 00 12 de c2 Sep 21 07:34:11.958870: | keyex value b8 78 ec db e2 26 eb bb a0 41 6c b2 ec 1c 71 9f Sep 21 07:34:11.958872: | keyex value 2c 65 22 46 55 87 04 2a d3 44 1f bb 63 a4 16 c5 Sep 21 07:34:11.958874: | keyex value 89 5a 81 0a ae be 23 ed 0f 5d cb 47 81 a8 25 b1 Sep 21 07:34:11.958876: | keyex value 6f d9 1b 13 7e 2b 73 44 10 38 73 bc 28 51 94 f4 Sep 21 07:34:11.958879: | keyex value e7 2a a6 6f c8 06 fd 97 f8 b6 48 12 a3 f1 b3 76 Sep 21 07:34:11.958881: | keyex value fe fa f6 0f c6 3b f1 a7 cb 87 ef de 9f 85 92 dc Sep 21 07:34:11.958883: | keyex value 0b 35 95 11 f9 87 a0 8a 5a d1 a3 06 e4 3b d9 1d Sep 21 07:34:11.958885: | keyex value 70 75 37 e8 95 02 be 74 e2 a9 b2 61 a2 88 51 8f Sep 21 07:34:11.958888: | keyex value 26 4e 2d 6d df 94 36 c4 8a b4 00 80 2e 70 db 67 Sep 21 07:34:11.958890: | keyex value fa 3b 91 e8 76 b9 b1 e8 df 5c 29 14 bb 5c 4f ee Sep 21 07:34:11.958892: | emitting length of ISAKMP Key Exchange Payload: 260 Sep 21 07:34:11.958895: | ***emit ISAKMP Identification Payload (IPsec DOI): Sep 21 07:34:11.958897: | next payload type: ISAKMP_NEXT_ID (0x5) Sep 21 07:34:11.958900: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Sep 21 07:34:11.958902: | Protocol ID: 0 (0x0) Sep 21 07:34:11.958904: | port: 0 (0x0) Sep 21 07:34:11.958907: | next payload chain: ignoring supplied 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' value 5:ISAKMP_NEXT_ID Sep 21 07:34:11.958910: | next payload chain: setting previous 'ISAKMP Key Exchange Payload'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) Sep 21 07:34:11.958913: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' Sep 21 07:34:11.958916: | emitting 8 raw bytes of ID body into ISAKMP Identification Payload (IPsec DOI) Sep 21 07:34:11.958918: | ID body c0 00 03 00 ff ff ff 00 Sep 21 07:34:11.958921: | emitting length of ISAKMP Identification Payload (IPsec DOI): 16 Sep 21 07:34:11.958923: | ***emit ISAKMP Identification Payload (IPsec DOI): Sep 21 07:34:11.958925: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:11.958928: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Sep 21 07:34:11.958930: | Protocol ID: 0 (0x0) Sep 21 07:34:11.958932: | port: 0 (0x0) Sep 21 07:34:11.958935: | next payload chain: setting previous 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) Sep 21 07:34:11.958939: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' Sep 21 07:34:11.958942: | emitting 8 raw bytes of ID body into ISAKMP Identification Payload (IPsec DOI) Sep 21 07:34:11.958944: | ID body c0 00 02 00 ff ff ff 00 Sep 21 07:34:11.958947: | emitting length of ISAKMP Identification Payload (IPsec DOI): 16 Sep 21 07:34:11.958977: | quick inR1 outI2 HASH(2): Sep 21 07:34:11.958981: | ec 51 7c f9 83 7f 3e 11 7f 9b 42 e0 87 c7 30 fa Sep 21 07:34:11.958983: | 06 d6 90 75 02 cf de a9 1a 19 9b e4 5b 08 42 bc Sep 21 07:34:11.958986: | compute_proto_keymat: needed_len (after ESP enc)=16 Sep 21 07:34:11.958988: | compute_proto_keymat: needed_len (after ESP auth)=36 Sep 21 07:34:11.959093: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:34:11.959098: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Sep 21 07:34:11.959100: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Sep 21 07:34:11.959103: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Sep 21 07:34:11.959106: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Sep 21 07:34:11.959109: | route owner of "northnet-eastnets/0x1" erouted: self Sep 21 07:34:11.959112: | install_inbound_ipsec_sa() checking if we can route Sep 21 07:34:11.959115: | could_route called for northnet-eastnets/0x1 (kind=CK_PERMANENT) Sep 21 07:34:11.959117: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:34:11.959120: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Sep 21 07:34:11.959122: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Sep 21 07:34:11.959125: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Sep 21 07:34:11.959127: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Sep 21 07:34:11.959131: | route owner of "northnet-eastnets/0x1" erouted: self; eroute owner: self Sep 21 07:34:11.959133: | routing is easy, or has resolvable near-conflict Sep 21 07:34:11.959136: | checking if this is a replacement state Sep 21 07:34:11.959139: | st=0x5609748936a0 ost=0x560974879d60 st->serialno=#6 ost->serialno=#4 Sep 21 07:34:11.959142: "northnet-eastnets/0x1" #6: keeping refhim=0 during rekey Sep 21 07:34:11.959144: | installing outgoing SA now as refhim=0 Sep 21 07:34:11.959147: | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 Sep 21 07:34:11.959151: | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 Sep 21 07:34:11.959154: | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 Sep 21 07:34:11.959157: | setting IPsec SA replay-window to 32 Sep 21 07:34:11.959160: | NIC esp-hw-offload not for connection 'northnet-eastnets/0x1' not available on interface eth1 Sep 21 07:34:11.959164: | netlink: enabling tunnel mode Sep 21 07:34:11.959166: | netlink: setting IPsec SA replay-window to 32 using old-style req Sep 21 07:34:11.959169: | netlink: esp-hw-offload not set for IPsec SA Sep 21 07:34:11.959283: | netlink response for Add SA esp.458a72ab@192.1.3.33 included non-error error Sep 21 07:34:11.959295: | outgoing SA has refhim=0 Sep 21 07:34:11.959301: | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 Sep 21 07:34:11.959306: | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 Sep 21 07:34:11.959311: | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 Sep 21 07:34:11.959318: | setting IPsec SA replay-window to 32 Sep 21 07:34:11.959324: | NIC esp-hw-offload not for connection 'northnet-eastnets/0x1' not available on interface eth1 Sep 21 07:34:11.959328: | netlink: enabling tunnel mode Sep 21 07:34:11.959333: | netlink: setting IPsec SA replay-window to 32 using old-style req Sep 21 07:34:11.959338: | netlink: esp-hw-offload not set for IPsec SA Sep 21 07:34:11.959432: | netlink response for Add SA esp.3c06bef5@192.1.2.23 included non-error error Sep 21 07:34:11.959521: | emitting 12 zero bytes of encryption padding into ISAKMP Message Sep 21 07:34:11.959535: | no IKEv1 message padding required Sep 21 07:34:11.959541: | emitting length of ISAKMP Message: 460 Sep 21 07:34:11.959556: | finished processing quick inI1 Sep 21 07:34:11.959561: | complete v1 state transition with STF_OK Sep 21 07:34:11.959570: | [RE]START processing: state #6 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in complete_v1_state_transition() at ikev1.c:2649) Sep 21 07:34:11.959574: | #6 is idle Sep 21 07:34:11.959579: | doing_xauth:no, t_xauth_client_done:no Sep 21 07:34:11.959584: | IKEv1: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1 Sep 21 07:34:11.959589: | child state #6: QUICK_R0(established CHILD SA) => QUICK_R1(established CHILD SA) Sep 21 07:34:11.959593: | event_already_set, deleting event Sep 21 07:34:11.959598: | state #6 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:34:11.959603: | libevent_free: release ptr-libevent@0x7f832c003590 Sep 21 07:34:11.959608: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f83340041c0 Sep 21 07:34:11.959617: | sending reply packet to 192.1.3.33:500 (from 192.1.2.23:500) Sep 21 07:34:11.959628: | sending 460 bytes for STATE_QUICK_R0 through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #6) Sep 21 07:34:11.959633: | 18 31 dd 30 0d 3e 37 d5 85 08 f7 50 ae 24 38 ea Sep 21 07:34:11.959637: | 08 10 20 01 8b 8f 11 95 00 00 01 cc 5e ee a7 c7 Sep 21 07:34:11.959641: | f0 ef 01 98 d3 79 d3 20 38 8f 58 1b ee b7 a6 48 Sep 21 07:34:11.959645: | ff cd e1 2a 72 d3 7e e0 e2 c1 43 78 d4 38 25 84 Sep 21 07:34:11.959649: | 35 3e 94 6d 2d c4 a9 19 78 ac 1c cb 1d f9 f6 59 Sep 21 07:34:11.959653: | df 81 57 3b 9e 7e a4 65 e1 eb 11 e6 77 a1 08 f8 Sep 21 07:34:11.959657: | 31 a7 d5 3b fd f8 8a 29 93 f5 e4 c7 bf aa 8d 4a Sep 21 07:34:11.959661: | 2c de 09 e4 70 07 a6 8f 06 17 ac 7d 5a 85 43 3d Sep 21 07:34:11.959665: | da 86 9a e4 a0 1a 22 14 05 6a da 61 c5 3d dd e5 Sep 21 07:34:11.959669: | 1b ce d0 f9 a2 a7 67 ee 1c 96 da dd 62 f9 a1 7a Sep 21 07:34:11.959673: | 58 65 49 06 e7 70 ed 52 fc 43 dd 0b 33 0b a0 ff Sep 21 07:34:11.959677: | ae ca 1a 33 b5 45 62 11 77 46 8e 2a 21 c1 2e 1f Sep 21 07:34:11.959680: | 7b e0 46 79 72 b7 53 c9 41 c3 6a 0c b3 04 ac 5c Sep 21 07:34:11.959684: | 1f 73 95 92 c3 53 a1 cb 21 ce 63 8a ae 92 98 ee Sep 21 07:34:11.959688: | 4f f1 dd d7 66 5c 2c 82 1b 22 e4 67 b1 cb 27 4b Sep 21 07:34:11.959692: | 3f d6 0c 5d 09 1f 05 ac 40 58 4f a9 e0 16 67 33 Sep 21 07:34:11.959695: | 02 fd ce 69 72 70 47 29 d0 79 3e 48 e0 8f 0f d3 Sep 21 07:34:11.959699: | 25 47 31 51 53 58 41 94 69 f1 66 cd 48 65 df 5a Sep 21 07:34:11.959701: | b7 d7 af b0 eb 4a 41 91 51 25 d4 b7 18 83 14 7d Sep 21 07:34:11.959703: | 7d 0f 22 9b 65 3b 00 cf ef 1f 1a a6 90 56 e4 ee Sep 21 07:34:11.959705: | 18 73 22 04 75 dd 5b 83 a5 82 3d 4a 22 b2 f5 c5 Sep 21 07:34:11.959706: | b0 6f 10 52 a3 c5 38 94 da 9c 93 4a e7 0a bc 3a Sep 21 07:34:11.959708: | 92 eb fc c1 28 74 e5 72 e0 e4 1a d2 53 3c f2 43 Sep 21 07:34:11.959710: | ab 72 53 4f db 17 92 bb e7 b5 98 09 b5 71 26 1a Sep 21 07:34:11.959712: | a2 eb 80 c1 6e c5 a4 3d 9b 39 8d ad 65 e2 84 aa Sep 21 07:34:11.959714: | 89 66 4d 7e ef e8 ac 6b d1 5e d4 95 5c 3e 37 93 Sep 21 07:34:11.959716: | af df a5 1f cf 18 a1 7c 39 80 74 57 7a b9 cc 39 Sep 21 07:34:11.959718: | a6 8a b0 39 8a 88 90 25 83 ea da 15 00 e3 a7 14 Sep 21 07:34:11.959720: | f2 9b a3 4b e1 ab 49 dc ae c7 84 9c Sep 21 07:34:11.959764: | !event_already_set at reschedule Sep 21 07:34:11.959768: | event_schedule: new EVENT_RETRANSMIT-pe@0x7f83340041c0 Sep 21 07:34:11.959772: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #6 Sep 21 07:34:11.959775: | libevent_malloc: new ptr-libevent@0x7f832c003590 size 128 Sep 21 07:34:11.959780: | #6 STATE_QUICK_R1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 49898.328032 Sep 21 07:34:11.959790: | pstats #6 ikev1.ipsec established Sep 21 07:34:11.959802: | NAT-T: encaps is 'auto' Sep 21 07:34:11.959808: "northnet-eastnets/0x1" #6: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2 tunnel mode {ESP=>0x458a72ab <0x3c06bef5 xfrm=AES_CBC_128-HMAC_SHA1_96 NATOA=none NATD=none DPD=passive} Sep 21 07:34:11.959811: | modecfg pull: noquirk policy:push not-client Sep 21 07:34:11.959813: | phase 1 is done, looking for phase 2 to unpend Sep 21 07:34:11.959816: | resume sending helper answer for #6 suppresed complete_v1_state_transition() Sep 21 07:34:11.959821: | #6 spent 1.3 milliseconds in resume sending helper answer Sep 21 07:34:11.959826: | stop processing: state #6 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in resume_handler() at server.c:833) Sep 21 07:34:11.959829: | libevent_free: release ptr-libevent@0x7f8328009810 Sep 21 07:34:11.959835: | processing resume sending helper answer for #5 Sep 21 07:34:11.959839: | start processing: state #5 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:797) Sep 21 07:34:11.959843: | crypto helper 5 replies to request ID 12 Sep 21 07:34:11.959845: | calling continuation function 0x560973f3c630 Sep 21 07:34:11.959847: | quick_inI1_outR1_cryptocontinue2 for #5: calculated DH, sending R1 Sep 21 07:34:11.959851: | **emit ISAKMP Message: Sep 21 07:34:11.959853: | initiator cookie: Sep 21 07:34:11.959855: | 18 31 dd 30 0d 3e 37 d5 Sep 21 07:34:11.959857: | responder cookie: Sep 21 07:34:11.959859: | 85 08 f7 50 ae 24 38 ea Sep 21 07:34:11.959861: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:11.959864: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:34:11.959866: | exchange type: ISAKMP_XCHG_QUICK (0x20) Sep 21 07:34:11.959868: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Sep 21 07:34:11.959871: | Message ID: 3862452443 (0xe63858db) Sep 21 07:34:11.959873: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:34:11.959876: | ***emit ISAKMP Hash Payload: Sep 21 07:34:11.959878: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:11.959880: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Sep 21 07:34:11.959883: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'reply packet' Sep 21 07:34:11.959885: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Sep 21 07:34:11.959888: | emitting length of ISAKMP Hash Payload: 36 Sep 21 07:34:11.959890: | ***emit ISAKMP Security Association Payload: Sep 21 07:34:11.959892: | next payload type: ISAKMP_NEXT_NONCE (0xa) Sep 21 07:34:11.959894: | DOI: ISAKMP_DOI_IPSEC (0x1) Sep 21 07:34:11.959896: | next payload chain: ignoring supplied 'ISAKMP Security Association Payload'.'next payload type' value 10:ISAKMP_NEXT_NONCE Sep 21 07:34:11.959899: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Security Association Payload (1:ISAKMP_NEXT_SA) Sep 21 07:34:11.959901: | next payload chain: saving location 'ISAKMP Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:34:11.959904: | ****parse IPsec DOI SIT: Sep 21 07:34:11.959906: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) Sep 21 07:34:11.959908: | ****parse ISAKMP Proposal Payload: Sep 21 07:34:11.959911: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:11.959913: | length: 72 (0x48) Sep 21 07:34:11.959915: | proposal number: 0 (0x0) Sep 21 07:34:11.959917: | protocol ID: PROTO_IPSEC_ESP (0x3) Sep 21 07:34:11.959919: | SPI size: 4 (0x4) Sep 21 07:34:11.959921: | number of transforms: 2 (0x2) Sep 21 07:34:11.959923: | parsing 4 raw bytes of ISAKMP Proposal Payload into SPI Sep 21 07:34:11.959925: | SPI 6c 70 d8 7f Sep 21 07:34:11.959928: | *****parse ISAKMP Transform Payload (ESP): Sep 21 07:34:11.959930: | next payload type: ISAKMP_NEXT_T (0x3) Sep 21 07:34:11.959932: | length: 32 (0x20) Sep 21 07:34:11.959934: | ESP transform number: 0 (0x0) Sep 21 07:34:11.959940: | ESP transform ID: ESP_AES (0xc) Sep 21 07:34:11.959942: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:34:11.959945: | af+type: AF+GROUP_DESCRIPTION (0x8003) Sep 21 07:34:11.959947: | length/value: 14 (0xe) Sep 21 07:34:11.959949: | [14 is OAKLEY_GROUP_MODP2048] Sep 21 07:34:11.959951: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:34:11.959953: | af+type: AF+ENCAPSULATION_MODE (0x8004) Sep 21 07:34:11.959955: | length/value: 1 (0x1) Sep 21 07:34:11.959957: | [1 is ENCAPSULATION_MODE_TUNNEL] Sep 21 07:34:11.959960: | NAT-T non-encap: Installing IPsec SA without ENCAP, st->hidden_variables.st_nat_traversal is none Sep 21 07:34:11.959962: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:34:11.959964: | af+type: AF+SA_LIFE_TYPE (0x8001) Sep 21 07:34:11.959966: | length/value: 1 (0x1) Sep 21 07:34:11.959968: | [1 is SA_LIFE_TYPE_SECONDS] Sep 21 07:34:11.959969: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:34:11.959972: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) Sep 21 07:34:11.959974: | length/value: 28800 (0x7080) Sep 21 07:34:11.959976: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:34:11.959978: | af+type: AF+AUTH_ALGORITHM (0x8005) Sep 21 07:34:11.959980: | length/value: 2 (0x2) Sep 21 07:34:11.959982: | [2 is AUTH_ALGORITHM_HMAC_SHA1] Sep 21 07:34:11.959984: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:34:11.959986: | af+type: AF+KEY_LENGTH (0x8006) Sep 21 07:34:11.959988: | length/value: 128 (0x80) Sep 21 07:34:11.959991: | ESP IPsec Transform verified unconditionally; no alg_info to check against Sep 21 07:34:11.959993: | ****emit IPsec DOI SIT: Sep 21 07:34:11.959995: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) Sep 21 07:34:11.959997: | ****emit ISAKMP Proposal Payload: Sep 21 07:34:11.959999: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:11.960001: | proposal number: 0 (0x0) Sep 21 07:34:11.960003: | protocol ID: PROTO_IPSEC_ESP (0x3) Sep 21 07:34:11.960005: | SPI size: 4 (0x4) Sep 21 07:34:11.960007: | number of transforms: 1 (0x1) Sep 21 07:34:11.960009: | last substructure: saving location 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' Sep 21 07:34:11.960022: | netlink_get_spi: allocated 0xde049297 for esp.0@192.1.2.23 Sep 21 07:34:11.960025: | emitting 4 raw bytes of SPI into ISAKMP Proposal Payload Sep 21 07:34:11.960027: | SPI de 04 92 97 Sep 21 07:34:11.960029: | *****emit ISAKMP Transform Payload (ESP): Sep 21 07:34:11.960031: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:11.960033: | ESP transform number: 0 (0x0) Sep 21 07:34:11.960035: | ESP transform ID: ESP_AES (0xc) Sep 21 07:34:11.960037: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' Sep 21 07:34:11.960040: | emitting 24 raw bytes of attributes into ISAKMP Transform Payload (ESP) Sep 21 07:34:11.960042: | attributes 80 03 00 0e 80 04 00 01 80 01 00 01 80 02 70 80 Sep 21 07:34:11.960044: | attributes 80 05 00 02 80 06 00 80 Sep 21 07:34:11.960046: | emitting length of ISAKMP Transform Payload (ESP): 32 Sep 21 07:34:11.960048: | emitting length of ISAKMP Proposal Payload: 44 Sep 21 07:34:11.960051: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' is 0 Sep 21 07:34:11.960053: | emitting length of ISAKMP Security Association Payload: 56 Sep 21 07:34:11.960055: | last substructure: checking 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' is 0 Sep 21 07:34:11.960059: "northnet-eastnets/0x2" #5: responding to Quick Mode proposal {msgid:e63858db} Sep 21 07:34:11.960069: "northnet-eastnets/0x2" #5: us: 192.0.22.0/24===192.1.2.23<192.1.2.23>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org] Sep 21 07:34:11.960078: "northnet-eastnets/0x2" #5: them: 192.1.3.33<192.1.3.33>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org]===192.0.3.0/24 Sep 21 07:34:11.960082: | ***emit ISAKMP Nonce Payload: Sep 21 07:34:11.960084: | next payload type: ISAKMP_NEXT_KE (0x4) Sep 21 07:34:11.960086: | next payload chain: ignoring supplied 'ISAKMP Nonce Payload'.'next payload type' value 4:ISAKMP_NEXT_KE Sep 21 07:34:11.960089: | next payload chain: setting previous 'ISAKMP Security Association Payload'.'next payload type' to current ISAKMP Nonce Payload (10:ISAKMP_NEXT_NONCE) Sep 21 07:34:11.960091: | next payload chain: saving location 'ISAKMP Nonce Payload'.'next payload type' in 'reply packet' Sep 21 07:34:11.960094: | emitting 32 raw bytes of Nr into ISAKMP Nonce Payload Sep 21 07:34:11.960096: | Nr 51 89 da 61 56 09 a5 f2 d3 5c a5 83 0d a9 b0 42 Sep 21 07:34:11.960098: | Nr 3f 8d d1 50 83 23 9f 16 99 ca d0 dd 83 ef 44 8c Sep 21 07:34:11.960100: | emitting length of ISAKMP Nonce Payload: 36 Sep 21 07:34:11.960102: | ***emit ISAKMP Key Exchange Payload: Sep 21 07:34:11.960104: | next payload type: ISAKMP_NEXT_ID (0x5) Sep 21 07:34:11.960106: | next payload chain: ignoring supplied 'ISAKMP Key Exchange Payload'.'next payload type' value 5:ISAKMP_NEXT_ID Sep 21 07:34:11.960109: | next payload chain: setting previous 'ISAKMP Nonce Payload'.'next payload type' to current ISAKMP Key Exchange Payload (4:ISAKMP_NEXT_KE) Sep 21 07:34:11.960111: | next payload chain: saving location 'ISAKMP Key Exchange Payload'.'next payload type' in 'reply packet' Sep 21 07:34:11.960114: | emitting 256 raw bytes of keyex value into ISAKMP Key Exchange Payload Sep 21 07:34:11.960116: | keyex value 22 a8 9f de a7 45 3f a3 e6 02 0a 2f bc 28 9e ac Sep 21 07:34:11.960118: | keyex value 7a 84 ec 1d 58 0f 65 e9 c1 ff e3 31 2d c3 36 f0 Sep 21 07:34:11.960120: | keyex value f5 2c 0f 40 7a a9 c2 25 84 c6 24 00 14 b3 fb 76 Sep 21 07:34:11.960122: | keyex value 0e 47 ef 1e 04 d5 76 91 84 46 23 b3 e8 82 ac f5 Sep 21 07:34:11.960124: | keyex value 32 a5 e2 52 ca 44 8a 1a 9a f2 e3 97 34 92 c1 1b Sep 21 07:34:11.960126: | keyex value b8 81 55 64 e9 eb 4e 55 d1 83 d0 dc d2 1a ed 89 Sep 21 07:34:11.960128: | keyex value 29 68 3e 4a b9 d7 c0 e3 da a2 d9 3b ac 9a 44 54 Sep 21 07:34:11.960129: | keyex value 18 e7 ba 5f b8 c2 68 2d eb 66 56 fd 73 ad 89 84 Sep 21 07:34:11.960131: | keyex value fd bb f3 4b 17 bb 1c f2 5a 53 9b 15 c5 a0 d3 17 Sep 21 07:34:11.960133: | keyex value 91 59 d2 74 b9 7d af ad d2 f1 eb 68 b9 23 27 a2 Sep 21 07:34:11.960135: | keyex value 12 d3 43 7e 9d aa a4 d8 77 df b1 1e fb 88 b5 59 Sep 21 07:34:11.960137: | keyex value bb 31 3e 4d 42 a6 d2 0a 66 94 1b fc 54 cd e2 9b Sep 21 07:34:11.960139: | keyex value c4 4c 48 a1 a2 11 88 f9 99 f6 bd e6 99 05 87 f9 Sep 21 07:34:11.960141: | keyex value 6c 37 30 cf cc 3b ff 1c 75 fb a2 18 5d c8 e4 59 Sep 21 07:34:11.960143: | keyex value ac 90 4f 36 f2 6d d2 ce 9e 84 3d 2b be f9 b0 1c Sep 21 07:34:11.960145: | keyex value 04 86 d2 08 5d 6f 16 16 46 c7 4f 5f fe f3 b6 37 Sep 21 07:34:11.960147: | emitting length of ISAKMP Key Exchange Payload: 260 Sep 21 07:34:11.960149: | ***emit ISAKMP Identification Payload (IPsec DOI): Sep 21 07:34:11.960151: | next payload type: ISAKMP_NEXT_ID (0x5) Sep 21 07:34:11.960154: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Sep 21 07:34:11.960156: | Protocol ID: 0 (0x0) Sep 21 07:34:11.960157: | port: 0 (0x0) Sep 21 07:34:11.960160: | next payload chain: ignoring supplied 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' value 5:ISAKMP_NEXT_ID Sep 21 07:34:11.960162: | next payload chain: setting previous 'ISAKMP Key Exchange Payload'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) Sep 21 07:34:11.960165: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' Sep 21 07:34:11.960167: | emitting 8 raw bytes of ID body into ISAKMP Identification Payload (IPsec DOI) Sep 21 07:34:11.960169: | ID body c0 00 03 00 ff ff ff 00 Sep 21 07:34:11.960173: | emitting length of ISAKMP Identification Payload (IPsec DOI): 16 Sep 21 07:34:11.960175: | ***emit ISAKMP Identification Payload (IPsec DOI): Sep 21 07:34:11.960177: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:11.960179: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Sep 21 07:34:11.960181: | Protocol ID: 0 (0x0) Sep 21 07:34:11.960183: | port: 0 (0x0) Sep 21 07:34:11.960185: | next payload chain: setting previous 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) Sep 21 07:34:11.960187: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' Sep 21 07:34:11.960190: | emitting 8 raw bytes of ID body into ISAKMP Identification Payload (IPsec DOI) Sep 21 07:34:11.960192: | ID body c0 00 16 00 ff ff ff 00 Sep 21 07:34:11.960194: | emitting length of ISAKMP Identification Payload (IPsec DOI): 16 Sep 21 07:34:11.960215: | quick inR1 outI2 HASH(2): Sep 21 07:34:11.960218: | 6d 02 cd dd 32 95 6f 3b 37 b9 f8 a7 7d ad d6 3d Sep 21 07:34:11.960220: | 7e ae d3 8f b1 1f e8 ca 86 a3 ed d1 06 0c 90 44 Sep 21 07:34:11.960222: | compute_proto_keymat: needed_len (after ESP enc)=16 Sep 21 07:34:11.960224: | compute_proto_keymat: needed_len (after ESP auth)=36 Sep 21 07:34:11.960302: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:34:11.960306: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Sep 21 07:34:11.960308: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Sep 21 07:34:11.960310: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Sep 21 07:34:11.960312: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Sep 21 07:34:11.960316: | route owner of "northnet-eastnets/0x2" erouted: self Sep 21 07:34:11.960318: | install_inbound_ipsec_sa() checking if we can route Sep 21 07:34:11.960320: | could_route called for northnet-eastnets/0x2 (kind=CK_PERMANENT) Sep 21 07:34:11.960322: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:34:11.960324: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Sep 21 07:34:11.960326: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Sep 21 07:34:11.960329: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Sep 21 07:34:11.960331: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Sep 21 07:34:11.960334: | route owner of "northnet-eastnets/0x2" erouted: self; eroute owner: self Sep 21 07:34:11.960336: | routing is easy, or has resolvable near-conflict Sep 21 07:34:11.960338: | checking if this is a replacement state Sep 21 07:34:11.960340: | st=0x56097488ab70 ost=0x560974880100 st->serialno=#5 ost->serialno=#3 Sep 21 07:34:11.960343: "northnet-eastnets/0x2" #5: keeping refhim=0 during rekey Sep 21 07:34:11.960345: | installing outgoing SA now as refhim=0 Sep 21 07:34:11.960347: | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 Sep 21 07:34:11.960350: | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 Sep 21 07:34:11.960352: | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 Sep 21 07:34:11.960355: | setting IPsec SA replay-window to 32 Sep 21 07:34:11.960358: | NIC esp-hw-offload not for connection 'northnet-eastnets/0x2' not available on interface eth1 Sep 21 07:34:11.960360: | netlink: enabling tunnel mode Sep 21 07:34:11.960363: | netlink: setting IPsec SA replay-window to 32 using old-style req Sep 21 07:34:11.960365: | netlink: esp-hw-offload not set for IPsec SA Sep 21 07:34:11.960426: | netlink response for Add SA esp.6c70d87f@192.1.3.33 included non-error error Sep 21 07:34:11.960433: | outgoing SA has refhim=0 Sep 21 07:34:11.960437: | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 Sep 21 07:34:11.960442: | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 Sep 21 07:34:11.960447: | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 Sep 21 07:34:11.960452: | setting IPsec SA replay-window to 32 Sep 21 07:34:11.960460: | NIC esp-hw-offload not for connection 'northnet-eastnets/0x2' not available on interface eth1 Sep 21 07:34:11.960465: | netlink: enabling tunnel mode Sep 21 07:34:11.960469: | netlink: setting IPsec SA replay-window to 32 using old-style req Sep 21 07:34:11.960473: | netlink: esp-hw-offload not set for IPsec SA Sep 21 07:34:11.960537: | netlink response for Add SA esp.de049297@192.1.2.23 included non-error error Sep 21 07:34:11.960613: | emitting 12 zero bytes of encryption padding into ISAKMP Message Sep 21 07:34:11.960619: | no IKEv1 message padding required Sep 21 07:34:11.960624: | emitting length of ISAKMP Message: 460 Sep 21 07:34:11.960674: | finished processing quick inI1 Sep 21 07:34:11.960680: | complete v1 state transition with STF_OK Sep 21 07:34:11.960688: | [RE]START processing: state #5 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in complete_v1_state_transition() at ikev1.c:2649) Sep 21 07:34:11.960692: | #5 is idle Sep 21 07:34:11.960694: | doing_xauth:no, t_xauth_client_done:no Sep 21 07:34:11.960697: | IKEv1: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1 Sep 21 07:34:11.960700: | child state #5: QUICK_R0(established CHILD SA) => QUICK_R1(established CHILD SA) Sep 21 07:34:11.960702: | event_already_set, deleting event Sep 21 07:34:11.960705: | state #5 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:34:11.960708: | libevent_free: release ptr-libevent@0x7f8338006ad0 Sep 21 07:34:11.960710: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f8324002b20 Sep 21 07:34:11.960715: | sending reply packet to 192.1.3.33:500 (from 192.1.2.23:500) Sep 21 07:34:11.960721: | sending 460 bytes for STATE_QUICK_R0 through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #5) Sep 21 07:34:11.960723: | 18 31 dd 30 0d 3e 37 d5 85 08 f7 50 ae 24 38 ea Sep 21 07:34:11.960725: | 08 10 20 01 e6 38 58 db 00 00 01 cc 70 45 50 0b Sep 21 07:34:11.960727: | cc 45 24 c0 ae b4 48 2e 2a 93 04 c0 8a 32 a9 72 Sep 21 07:34:11.960729: | ca 7b 35 30 7e 3c ec c5 69 01 83 e4 e6 15 7f f5 Sep 21 07:34:11.960731: | 54 57 5d 44 c4 e2 5b a0 50 49 79 61 01 08 93 38 Sep 21 07:34:11.960732: | fa 73 44 55 02 13 de 65 07 4e e4 15 02 20 db 08 Sep 21 07:34:11.960734: | da c2 cd 77 2c 71 25 41 73 1b 53 4d 85 8c e8 4d Sep 21 07:34:11.960736: | 63 14 df 1b bc 72 d0 8b 8d f3 c7 11 bb 0c c2 cc Sep 21 07:34:11.960757: | 1e 1c 9d ca 95 66 28 2e e7 b3 c8 09 33 1f 8f 8a Sep 21 07:34:11.960759: | 5e ae 1c f9 77 4c 27 c0 d5 bb 4a 05 b7 f7 7c 79 Sep 21 07:34:11.960761: | b2 d8 26 e8 dd 68 39 d8 38 ff 31 8b 23 ca 2f 5e Sep 21 07:34:11.960763: | 72 4e 40 64 b5 e3 09 34 10 45 88 12 94 b9 e8 8d Sep 21 07:34:11.960765: | 6b ba cc 10 9e d2 e1 19 0d 7d 68 ab cd dc 00 55 Sep 21 07:34:11.960767: | 48 9a 95 e3 02 13 08 14 31 ca 3f 65 08 eb ca c5 Sep 21 07:34:11.960769: | c6 b1 9e 85 55 92 49 3a 93 f0 de fa da e6 54 ef Sep 21 07:34:11.960771: | 68 71 fa 20 db 06 06 2b 0e 87 71 61 5b a5 71 7f Sep 21 07:34:11.960773: | 22 d6 3e 71 42 a0 6c c5 ca 8c 95 58 c1 85 1b c4 Sep 21 07:34:11.960775: | a7 94 bc a0 31 19 7a 0f 9c 80 b4 cd 3a 2e ae 42 Sep 21 07:34:11.960776: | 41 73 9e 44 02 20 49 0b c3 1d 46 f6 3b 15 80 9e Sep 21 07:34:11.960778: | e0 b6 61 3c 92 61 f6 86 f5 02 21 3c 5c 1c 4a 91 Sep 21 07:34:11.960780: | af 36 9b e4 75 0b 02 c6 a6 24 10 c8 a5 bb 0d 28 Sep 21 07:34:11.960782: | 65 1e ac 9f cb a0 b7 77 9c ba 0f 88 96 08 69 45 Sep 21 07:34:11.960811: | 99 fd 29 0b fd ed 24 d3 20 7b 22 b9 0c 93 e1 9f Sep 21 07:34:11.960813: | 2d 96 5f 54 f5 8c db c3 2a 00 b8 c9 a5 15 d8 7b Sep 21 07:34:11.960815: | 81 4c 09 3b 97 d9 a2 f3 be 8f da 53 d7 11 88 81 Sep 21 07:34:11.960817: | 41 98 07 85 94 87 7a 6b 23 38 2d 3e cb c1 61 19 Sep 21 07:34:11.960819: | 52 12 48 ff 37 82 f4 9f 20 f2 9e 40 00 e9 e2 20 Sep 21 07:34:11.960821: | 28 1d 66 d4 da 6d 3a 99 2d 9d d6 29 e3 c0 57 72 Sep 21 07:34:11.960823: | 0f 4d e9 c7 13 6c a0 f7 cc f6 b1 49 Sep 21 07:34:11.960853: | !event_already_set at reschedule Sep 21 07:34:11.960860: | event_schedule: new EVENT_RETRANSMIT-pe@0x7f8324002b20 Sep 21 07:34:11.960864: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #5 Sep 21 07:34:11.960867: | libevent_malloc: new ptr-libevent@0x7f8338006ad0 size 128 Sep 21 07:34:11.960872: | #5 STATE_QUICK_R1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 49898.329124 Sep 21 07:34:11.960874: | pstats #5 ikev1.ipsec established Sep 21 07:34:11.960878: | NAT-T: encaps is 'auto' Sep 21 07:34:11.960882: "northnet-eastnets/0x2" #5: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2 tunnel mode {ESP=>0x6c70d87f <0xde049297 xfrm=AES_CBC_128-HMAC_SHA1_96 NATOA=none NATD=none DPD=passive} Sep 21 07:34:11.960884: | modecfg pull: noquirk policy:push not-client Sep 21 07:34:11.960886: | phase 1 is done, looking for phase 2 to unpend Sep 21 07:34:11.960890: | resume sending helper answer for #5 suppresed complete_v1_state_transition() Sep 21 07:34:11.960895: | #5 spent 0.949 milliseconds in resume sending helper answer Sep 21 07:34:11.960899: | stop processing: state #5 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:833) Sep 21 07:34:11.960902: | libevent_free: release ptr-libevent@0x7f832c002e90 Sep 21 07:34:12.459512: | timer_event_cb: processing event@0x7f83340041c0 Sep 21 07:34:12.459528: | handling event EVENT_RETRANSMIT for child state #6 Sep 21 07:34:12.459537: | start processing: state #6 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in timer_event_cb() at timer.c:250) Sep 21 07:34:12.459541: | IKEv1 retransmit event Sep 21 07:34:12.459546: | [RE]START processing: state #6 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in retransmit_v1_msg() at retry.c:61) Sep 21 07:34:12.459565: | handling event EVENT_RETRANSMIT for 192.1.3.33 "northnet-eastnets/0x1" #6 keying attempt 0 of 0; retransmit 1 Sep 21 07:34:12.459572: | retransmits: current time 49898.827833; retransmit count 0 exceeds limit? NO; deltatime 0.5 exceeds limit? NO; monotime 0.499801 exceeds limit? NO Sep 21 07:34:12.459576: | event_schedule: new EVENT_RETRANSMIT-pe@0x56097486afb0 Sep 21 07:34:12.459581: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #6 Sep 21 07:34:12.459585: | libevent_malloc: new ptr-libevent@0x7f832c002e90 size 128 Sep 21 07:34:12.459590: "northnet-eastnets/0x1" #6: STATE_QUICK_R1: retransmission; will wait 0.5 seconds for response Sep 21 07:34:12.459597: | sending 460 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #6) Sep 21 07:34:12.459600: | 18 31 dd 30 0d 3e 37 d5 85 08 f7 50 ae 24 38 ea Sep 21 07:34:12.459603: | 08 10 20 01 8b 8f 11 95 00 00 01 cc 5e ee a7 c7 Sep 21 07:34:12.459605: | f0 ef 01 98 d3 79 d3 20 38 8f 58 1b ee b7 a6 48 Sep 21 07:34:12.459608: | ff cd e1 2a 72 d3 7e e0 e2 c1 43 78 d4 38 25 84 Sep 21 07:34:12.459610: | 35 3e 94 6d 2d c4 a9 19 78 ac 1c cb 1d f9 f6 59 Sep 21 07:34:12.459613: | df 81 57 3b 9e 7e a4 65 e1 eb 11 e6 77 a1 08 f8 Sep 21 07:34:12.459615: | 31 a7 d5 3b fd f8 8a 29 93 f5 e4 c7 bf aa 8d 4a Sep 21 07:34:12.459617: | 2c de 09 e4 70 07 a6 8f 06 17 ac 7d 5a 85 43 3d Sep 21 07:34:12.459620: | da 86 9a e4 a0 1a 22 14 05 6a da 61 c5 3d dd e5 Sep 21 07:34:12.459622: | 1b ce d0 f9 a2 a7 67 ee 1c 96 da dd 62 f9 a1 7a Sep 21 07:34:12.459625: | 58 65 49 06 e7 70 ed 52 fc 43 dd 0b 33 0b a0 ff Sep 21 07:34:12.459627: | ae ca 1a 33 b5 45 62 11 77 46 8e 2a 21 c1 2e 1f Sep 21 07:34:12.459629: | 7b e0 46 79 72 b7 53 c9 41 c3 6a 0c b3 04 ac 5c Sep 21 07:34:12.459632: | 1f 73 95 92 c3 53 a1 cb 21 ce 63 8a ae 92 98 ee Sep 21 07:34:12.459634: | 4f f1 dd d7 66 5c 2c 82 1b 22 e4 67 b1 cb 27 4b Sep 21 07:34:12.459636: | 3f d6 0c 5d 09 1f 05 ac 40 58 4f a9 e0 16 67 33 Sep 21 07:34:12.459639: | 02 fd ce 69 72 70 47 29 d0 79 3e 48 e0 8f 0f d3 Sep 21 07:34:12.459641: | 25 47 31 51 53 58 41 94 69 f1 66 cd 48 65 df 5a Sep 21 07:34:12.459644: | b7 d7 af b0 eb 4a 41 91 51 25 d4 b7 18 83 14 7d Sep 21 07:34:12.459650: | 7d 0f 22 9b 65 3b 00 cf ef 1f 1a a6 90 56 e4 ee Sep 21 07:34:12.459653: | 18 73 22 04 75 dd 5b 83 a5 82 3d 4a 22 b2 f5 c5 Sep 21 07:34:12.459656: | b0 6f 10 52 a3 c5 38 94 da 9c 93 4a e7 0a bc 3a Sep 21 07:34:12.459658: | 92 eb fc c1 28 74 e5 72 e0 e4 1a d2 53 3c f2 43 Sep 21 07:34:12.459660: | ab 72 53 4f db 17 92 bb e7 b5 98 09 b5 71 26 1a Sep 21 07:34:12.459663: | a2 eb 80 c1 6e c5 a4 3d 9b 39 8d ad 65 e2 84 aa Sep 21 07:34:12.459665: | 89 66 4d 7e ef e8 ac 6b d1 5e d4 95 5c 3e 37 93 Sep 21 07:34:12.459667: | af df a5 1f cf 18 a1 7c 39 80 74 57 7a b9 cc 39 Sep 21 07:34:12.459670: | a6 8a b0 39 8a 88 90 25 83 ea da 15 00 e3 a7 14 Sep 21 07:34:12.459672: | f2 9b a3 4b e1 ab 49 dc ae c7 84 9c Sep 21 07:34:12.459728: | libevent_free: release ptr-libevent@0x7f832c003590 Sep 21 07:34:12.459734: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f83340041c0 Sep 21 07:34:12.459743: | #6 spent 0.202 milliseconds in timer_event_cb() EVENT_RETRANSMIT Sep 21 07:34:12.459748: | stop processing: state #6 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in timer_event_cb() at timer.c:557) Sep 21 07:34:12.461885: | timer_event_cb: processing event@0x7f8324002b20 Sep 21 07:34:12.461901: | handling event EVENT_RETRANSMIT for child state #5 Sep 21 07:34:12.461909: | start processing: state #5 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in timer_event_cb() at timer.c:250) Sep 21 07:34:12.461913: | IKEv1 retransmit event Sep 21 07:34:12.461919: | [RE]START processing: state #5 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in retransmit_v1_msg() at retry.c:61) Sep 21 07:34:12.461924: | handling event EVENT_RETRANSMIT for 192.1.3.33 "northnet-eastnets/0x2" #5 keying attempt 0 of 0; retransmit 1 Sep 21 07:34:12.461930: | retransmits: current time 49898.830191; retransmit count 0 exceeds limit? NO; deltatime 0.5 exceeds limit? NO; monotime 0.501067 exceeds limit? NO Sep 21 07:34:12.461934: | event_schedule: new EVENT_RETRANSMIT-pe@0x7f83340041c0 Sep 21 07:34:12.461938: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #5 Sep 21 07:34:12.461941: | libevent_malloc: new ptr-libevent@0x7f832c003590 size 128 Sep 21 07:34:12.461946: "northnet-eastnets/0x2" #5: STATE_QUICK_R1: retransmission; will wait 0.5 seconds for response Sep 21 07:34:12.461952: | sending 460 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #5) Sep 21 07:34:12.461955: | 18 31 dd 30 0d 3e 37 d5 85 08 f7 50 ae 24 38 ea Sep 21 07:34:12.461958: | 08 10 20 01 e6 38 58 db 00 00 01 cc 70 45 50 0b Sep 21 07:34:12.461960: | cc 45 24 c0 ae b4 48 2e 2a 93 04 c0 8a 32 a9 72 Sep 21 07:34:12.461962: | ca 7b 35 30 7e 3c ec c5 69 01 83 e4 e6 15 7f f5 Sep 21 07:34:12.461965: | 54 57 5d 44 c4 e2 5b a0 50 49 79 61 01 08 93 38 Sep 21 07:34:12.461967: | fa 73 44 55 02 13 de 65 07 4e e4 15 02 20 db 08 Sep 21 07:34:12.461970: | da c2 cd 77 2c 71 25 41 73 1b 53 4d 85 8c e8 4d Sep 21 07:34:12.461972: | 63 14 df 1b bc 72 d0 8b 8d f3 c7 11 bb 0c c2 cc Sep 21 07:34:12.461974: | 1e 1c 9d ca 95 66 28 2e e7 b3 c8 09 33 1f 8f 8a Sep 21 07:34:12.461977: | 5e ae 1c f9 77 4c 27 c0 d5 bb 4a 05 b7 f7 7c 79 Sep 21 07:34:12.461979: | b2 d8 26 e8 dd 68 39 d8 38 ff 31 8b 23 ca 2f 5e Sep 21 07:34:12.461982: | 72 4e 40 64 b5 e3 09 34 10 45 88 12 94 b9 e8 8d Sep 21 07:34:12.461984: | 6b ba cc 10 9e d2 e1 19 0d 7d 68 ab cd dc 00 55 Sep 21 07:34:12.461986: | 48 9a 95 e3 02 13 08 14 31 ca 3f 65 08 eb ca c5 Sep 21 07:34:12.461989: | c6 b1 9e 85 55 92 49 3a 93 f0 de fa da e6 54 ef Sep 21 07:34:12.461991: | 68 71 fa 20 db 06 06 2b 0e 87 71 61 5b a5 71 7f Sep 21 07:34:12.461994: | 22 d6 3e 71 42 a0 6c c5 ca 8c 95 58 c1 85 1b c4 Sep 21 07:34:12.461996: | a7 94 bc a0 31 19 7a 0f 9c 80 b4 cd 3a 2e ae 42 Sep 21 07:34:12.461998: | 41 73 9e 44 02 20 49 0b c3 1d 46 f6 3b 15 80 9e Sep 21 07:34:12.462001: | e0 b6 61 3c 92 61 f6 86 f5 02 21 3c 5c 1c 4a 91 Sep 21 07:34:12.462007: | af 36 9b e4 75 0b 02 c6 a6 24 10 c8 a5 bb 0d 28 Sep 21 07:34:12.462010: | 65 1e ac 9f cb a0 b7 77 9c ba 0f 88 96 08 69 45 Sep 21 07:34:12.462012: | 99 fd 29 0b fd ed 24 d3 20 7b 22 b9 0c 93 e1 9f Sep 21 07:34:12.462014: | 2d 96 5f 54 f5 8c db c3 2a 00 b8 c9 a5 15 d8 7b Sep 21 07:34:12.462017: | 81 4c 09 3b 97 d9 a2 f3 be 8f da 53 d7 11 88 81 Sep 21 07:34:12.462019: | 41 98 07 85 94 87 7a 6b 23 38 2d 3e cb c1 61 19 Sep 21 07:34:12.462022: | 52 12 48 ff 37 82 f4 9f 20 f2 9e 40 00 e9 e2 20 Sep 21 07:34:12.462024: | 28 1d 66 d4 da 6d 3a 99 2d 9d d6 29 e3 c0 57 72 Sep 21 07:34:12.462026: | 0f 4d e9 c7 13 6c a0 f7 cc f6 b1 49 Sep 21 07:34:12.462060: | libevent_free: release ptr-libevent@0x7f8338006ad0 Sep 21 07:34:12.462065: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f8324002b20 Sep 21 07:34:12.462072: | #5 spent 0.171 milliseconds in timer_event_cb() EVENT_RETRANSMIT Sep 21 07:34:12.462078: | stop processing: state #5 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in timer_event_cb() at timer.c:557) Sep 21 07:34:12.960332: | timer_event_cb: processing event@0x56097486afb0 Sep 21 07:34:12.960348: | handling event EVENT_RETRANSMIT for child state #6 Sep 21 07:34:12.960355: | start processing: state #6 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in timer_event_cb() at timer.c:250) Sep 21 07:34:12.960357: | IKEv1 retransmit event Sep 21 07:34:12.960360: | [RE]START processing: state #6 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in retransmit_v1_msg() at retry.c:61) Sep 21 07:34:12.960364: | handling event EVENT_RETRANSMIT for 192.1.3.33 "northnet-eastnets/0x1" #6 keying attempt 0 of 0; retransmit 2 Sep 21 07:34:12.960368: | retransmits: current time 49899.32863; retransmit count 1 exceeds limit? NO; deltatime 1 exceeds limit? NO; monotime 1.000598 exceeds limit? NO Sep 21 07:34:12.960370: | event_schedule: new EVENT_RETRANSMIT-pe@0x7f8324002b20 Sep 21 07:34:12.960373: | inserting event EVENT_RETRANSMIT, timeout in 1 seconds for #6 Sep 21 07:34:12.960375: | libevent_malloc: new ptr-libevent@0x7f8338006ad0 size 128 Sep 21 07:34:12.960379: "northnet-eastnets/0x1" #6: STATE_QUICK_R1: retransmission; will wait 1 seconds for response Sep 21 07:34:12.960383: | sending 460 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #6) Sep 21 07:34:12.960385: | 18 31 dd 30 0d 3e 37 d5 85 08 f7 50 ae 24 38 ea Sep 21 07:34:12.960386: | 08 10 20 01 8b 8f 11 95 00 00 01 cc 5e ee a7 c7 Sep 21 07:34:12.960387: | f0 ef 01 98 d3 79 d3 20 38 8f 58 1b ee b7 a6 48 Sep 21 07:34:12.960389: | ff cd e1 2a 72 d3 7e e0 e2 c1 43 78 d4 38 25 84 Sep 21 07:34:12.960390: | 35 3e 94 6d 2d c4 a9 19 78 ac 1c cb 1d f9 f6 59 Sep 21 07:34:12.960392: | df 81 57 3b 9e 7e a4 65 e1 eb 11 e6 77 a1 08 f8 Sep 21 07:34:12.960393: | 31 a7 d5 3b fd f8 8a 29 93 f5 e4 c7 bf aa 8d 4a Sep 21 07:34:12.960394: | 2c de 09 e4 70 07 a6 8f 06 17 ac 7d 5a 85 43 3d Sep 21 07:34:12.960396: | da 86 9a e4 a0 1a 22 14 05 6a da 61 c5 3d dd e5 Sep 21 07:34:12.960397: | 1b ce d0 f9 a2 a7 67 ee 1c 96 da dd 62 f9 a1 7a Sep 21 07:34:12.960398: | 58 65 49 06 e7 70 ed 52 fc 43 dd 0b 33 0b a0 ff Sep 21 07:34:12.960400: | ae ca 1a 33 b5 45 62 11 77 46 8e 2a 21 c1 2e 1f Sep 21 07:34:12.960401: | 7b e0 46 79 72 b7 53 c9 41 c3 6a 0c b3 04 ac 5c Sep 21 07:34:12.960402: | 1f 73 95 92 c3 53 a1 cb 21 ce 63 8a ae 92 98 ee Sep 21 07:34:12.960404: | 4f f1 dd d7 66 5c 2c 82 1b 22 e4 67 b1 cb 27 4b Sep 21 07:34:12.960405: | 3f d6 0c 5d 09 1f 05 ac 40 58 4f a9 e0 16 67 33 Sep 21 07:34:12.960406: | 02 fd ce 69 72 70 47 29 d0 79 3e 48 e0 8f 0f d3 Sep 21 07:34:12.960408: | 25 47 31 51 53 58 41 94 69 f1 66 cd 48 65 df 5a Sep 21 07:34:12.960409: | b7 d7 af b0 eb 4a 41 91 51 25 d4 b7 18 83 14 7d Sep 21 07:34:12.960410: | 7d 0f 22 9b 65 3b 00 cf ef 1f 1a a6 90 56 e4 ee Sep 21 07:34:12.960412: | 18 73 22 04 75 dd 5b 83 a5 82 3d 4a 22 b2 f5 c5 Sep 21 07:34:12.960413: | b0 6f 10 52 a3 c5 38 94 da 9c 93 4a e7 0a bc 3a Sep 21 07:34:12.960419: | 92 eb fc c1 28 74 e5 72 e0 e4 1a d2 53 3c f2 43 Sep 21 07:34:12.960420: | ab 72 53 4f db 17 92 bb e7 b5 98 09 b5 71 26 1a Sep 21 07:34:12.960421: | a2 eb 80 c1 6e c5 a4 3d 9b 39 8d ad 65 e2 84 aa Sep 21 07:34:12.960423: | 89 66 4d 7e ef e8 ac 6b d1 5e d4 95 5c 3e 37 93 Sep 21 07:34:12.960424: | af df a5 1f cf 18 a1 7c 39 80 74 57 7a b9 cc 39 Sep 21 07:34:12.960426: | a6 8a b0 39 8a 88 90 25 83 ea da 15 00 e3 a7 14 Sep 21 07:34:12.960427: | f2 9b a3 4b e1 ab 49 dc ae c7 84 9c Sep 21 07:34:12.960473: | libevent_free: release ptr-libevent@0x7f832c002e90 Sep 21 07:34:12.960476: | free_event_entry: release EVENT_RETRANSMIT-pe@0x56097486afb0 Sep 21 07:34:12.960482: | #6 spent 0.124 milliseconds in timer_event_cb() EVENT_RETRANSMIT Sep 21 07:34:12.960485: | stop processing: state #6 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in timer_event_cb() at timer.c:557) Sep 21 07:34:12.963554: | timer_event_cb: processing event@0x7f83340041c0 Sep 21 07:34:12.963564: | handling event EVENT_RETRANSMIT for child state #5 Sep 21 07:34:12.963571: | start processing: state #5 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in timer_event_cb() at timer.c:250) Sep 21 07:34:12.963575: | IKEv1 retransmit event Sep 21 07:34:12.963580: | [RE]START processing: state #5 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in retransmit_v1_msg() at retry.c:61) Sep 21 07:34:12.963585: | handling event EVENT_RETRANSMIT for 192.1.3.33 "northnet-eastnets/0x2" #5 keying attempt 0 of 0; retransmit 2 Sep 21 07:34:12.963592: | retransmits: current time 49899.331853; retransmit count 1 exceeds limit? NO; deltatime 1 exceeds limit? NO; monotime 1.002729 exceeds limit? NO Sep 21 07:34:12.963595: | event_schedule: new EVENT_RETRANSMIT-pe@0x56097486afb0 Sep 21 07:34:12.963599: | inserting event EVENT_RETRANSMIT, timeout in 1 seconds for #5 Sep 21 07:34:12.963602: | libevent_malloc: new ptr-libevent@0x7f832c002e90 size 128 Sep 21 07:34:12.963606: "northnet-eastnets/0x2" #5: STATE_QUICK_R1: retransmission; will wait 1 seconds for response Sep 21 07:34:12.963613: | sending 460 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #5) Sep 21 07:34:12.963616: | 18 31 dd 30 0d 3e 37 d5 85 08 f7 50 ae 24 38 ea Sep 21 07:34:12.963618: | 08 10 20 01 e6 38 58 db 00 00 01 cc 70 45 50 0b Sep 21 07:34:12.963621: | cc 45 24 c0 ae b4 48 2e 2a 93 04 c0 8a 32 a9 72 Sep 21 07:34:12.963623: | ca 7b 35 30 7e 3c ec c5 69 01 83 e4 e6 15 7f f5 Sep 21 07:34:12.963626: | 54 57 5d 44 c4 e2 5b a0 50 49 79 61 01 08 93 38 Sep 21 07:34:12.963628: | fa 73 44 55 02 13 de 65 07 4e e4 15 02 20 db 08 Sep 21 07:34:12.963631: | da c2 cd 77 2c 71 25 41 73 1b 53 4d 85 8c e8 4d Sep 21 07:34:12.963633: | 63 14 df 1b bc 72 d0 8b 8d f3 c7 11 bb 0c c2 cc Sep 21 07:34:12.963636: | 1e 1c 9d ca 95 66 28 2e e7 b3 c8 09 33 1f 8f 8a Sep 21 07:34:12.963638: | 5e ae 1c f9 77 4c 27 c0 d5 bb 4a 05 b7 f7 7c 79 Sep 21 07:34:12.963641: | b2 d8 26 e8 dd 68 39 d8 38 ff 31 8b 23 ca 2f 5e Sep 21 07:34:12.963643: | 72 4e 40 64 b5 e3 09 34 10 45 88 12 94 b9 e8 8d Sep 21 07:34:12.963646: | 6b ba cc 10 9e d2 e1 19 0d 7d 68 ab cd dc 00 55 Sep 21 07:34:12.963648: | 48 9a 95 e3 02 13 08 14 31 ca 3f 65 08 eb ca c5 Sep 21 07:34:12.963650: | c6 b1 9e 85 55 92 49 3a 93 f0 de fa da e6 54 ef Sep 21 07:34:12.963653: | 68 71 fa 20 db 06 06 2b 0e 87 71 61 5b a5 71 7f Sep 21 07:34:12.963655: | 22 d6 3e 71 42 a0 6c c5 ca 8c 95 58 c1 85 1b c4 Sep 21 07:34:12.963658: | a7 94 bc a0 31 19 7a 0f 9c 80 b4 cd 3a 2e ae 42 Sep 21 07:34:12.963660: | 41 73 9e 44 02 20 49 0b c3 1d 46 f6 3b 15 80 9e Sep 21 07:34:12.963662: | e0 b6 61 3c 92 61 f6 86 f5 02 21 3c 5c 1c 4a 91 Sep 21 07:34:12.963665: | af 36 9b e4 75 0b 02 c6 a6 24 10 c8 a5 bb 0d 28 Sep 21 07:34:12.963667: | 65 1e ac 9f cb a0 b7 77 9c ba 0f 88 96 08 69 45 Sep 21 07:34:12.963670: | 99 fd 29 0b fd ed 24 d3 20 7b 22 b9 0c 93 e1 9f Sep 21 07:34:12.963675: | 2d 96 5f 54 f5 8c db c3 2a 00 b8 c9 a5 15 d8 7b Sep 21 07:34:12.963677: | 81 4c 09 3b 97 d9 a2 f3 be 8f da 53 d7 11 88 81 Sep 21 07:34:12.963680: | 41 98 07 85 94 87 7a 6b 23 38 2d 3e cb c1 61 19 Sep 21 07:34:12.963682: | 52 12 48 ff 37 82 f4 9f 20 f2 9e 40 00 e9 e2 20 Sep 21 07:34:12.963685: | 28 1d 66 d4 da 6d 3a 99 2d 9d d6 29 e3 c0 57 72 Sep 21 07:34:12.963687: | 0f 4d e9 c7 13 6c a0 f7 cc f6 b1 49 Sep 21 07:34:12.963729: | libevent_free: release ptr-libevent@0x7f832c003590 Sep 21 07:34:12.963748: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f83340041c0 Sep 21 07:34:12.963754: | #5 spent 0.177 milliseconds in timer_event_cb() EVENT_RETRANSMIT Sep 21 07:34:12.963760: | stop processing: state #5 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in timer_event_cb() at timer.c:557) Sep 21 07:34:13.960842: | timer_event_cb: processing event@0x7f8324002b20 Sep 21 07:34:13.960854: | handling event EVENT_RETRANSMIT for child state #6 Sep 21 07:34:13.960873: | start processing: state #6 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in timer_event_cb() at timer.c:250) Sep 21 07:34:13.960876: | IKEv1 retransmit event Sep 21 07:34:13.960880: | [RE]START processing: state #6 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in retransmit_v1_msg() at retry.c:61) Sep 21 07:34:13.960883: | handling event EVENT_RETRANSMIT for 192.1.3.33 "northnet-eastnets/0x1" #6 keying attempt 0 of 0; retransmit 3 Sep 21 07:34:13.960887: | retransmits: current time 49900.32915; retransmit count 2 exceeds limit? NO; deltatime 2 exceeds limit? NO; monotime 2.001118 exceeds limit? NO Sep 21 07:34:13.960890: | event_schedule: new EVENT_RETRANSMIT-pe@0x7f83340041c0 Sep 21 07:34:13.960892: | inserting event EVENT_RETRANSMIT, timeout in 2 seconds for #6 Sep 21 07:34:13.960895: | libevent_malloc: new ptr-libevent@0x7f832c003590 size 128 Sep 21 07:34:13.960898: "northnet-eastnets/0x1" #6: STATE_QUICK_R1: retransmission; will wait 2 seconds for response Sep 21 07:34:13.960902: | sending 460 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #6) Sep 21 07:34:13.960904: | 18 31 dd 30 0d 3e 37 d5 85 08 f7 50 ae 24 38 ea Sep 21 07:34:13.960905: | 08 10 20 01 8b 8f 11 95 00 00 01 cc 5e ee a7 c7 Sep 21 07:34:13.960907: | f0 ef 01 98 d3 79 d3 20 38 8f 58 1b ee b7 a6 48 Sep 21 07:34:13.960908: | ff cd e1 2a 72 d3 7e e0 e2 c1 43 78 d4 38 25 84 Sep 21 07:34:13.960909: | 35 3e 94 6d 2d c4 a9 19 78 ac 1c cb 1d f9 f6 59 Sep 21 07:34:13.960911: | df 81 57 3b 9e 7e a4 65 e1 eb 11 e6 77 a1 08 f8 Sep 21 07:34:13.960912: | 31 a7 d5 3b fd f8 8a 29 93 f5 e4 c7 bf aa 8d 4a Sep 21 07:34:13.960913: | 2c de 09 e4 70 07 a6 8f 06 17 ac 7d 5a 85 43 3d Sep 21 07:34:13.960915: | da 86 9a e4 a0 1a 22 14 05 6a da 61 c5 3d dd e5 Sep 21 07:34:13.960916: | 1b ce d0 f9 a2 a7 67 ee 1c 96 da dd 62 f9 a1 7a Sep 21 07:34:13.960917: | 58 65 49 06 e7 70 ed 52 fc 43 dd 0b 33 0b a0 ff Sep 21 07:34:13.960919: | ae ca 1a 33 b5 45 62 11 77 46 8e 2a 21 c1 2e 1f Sep 21 07:34:13.960920: | 7b e0 46 79 72 b7 53 c9 41 c3 6a 0c b3 04 ac 5c Sep 21 07:34:13.960921: | 1f 73 95 92 c3 53 a1 cb 21 ce 63 8a ae 92 98 ee Sep 21 07:34:13.960923: | 4f f1 dd d7 66 5c 2c 82 1b 22 e4 67 b1 cb 27 4b Sep 21 07:34:13.960924: | 3f d6 0c 5d 09 1f 05 ac 40 58 4f a9 e0 16 67 33 Sep 21 07:34:13.960925: | 02 fd ce 69 72 70 47 29 d0 79 3e 48 e0 8f 0f d3 Sep 21 07:34:13.960927: | 25 47 31 51 53 58 41 94 69 f1 66 cd 48 65 df 5a Sep 21 07:34:13.960928: | b7 d7 af b0 eb 4a 41 91 51 25 d4 b7 18 83 14 7d Sep 21 07:34:13.960929: | 7d 0f 22 9b 65 3b 00 cf ef 1f 1a a6 90 56 e4 ee Sep 21 07:34:13.960931: | 18 73 22 04 75 dd 5b 83 a5 82 3d 4a 22 b2 f5 c5 Sep 21 07:34:13.960932: | b0 6f 10 52 a3 c5 38 94 da 9c 93 4a e7 0a bc 3a Sep 21 07:34:13.960933: | 92 eb fc c1 28 74 e5 72 e0 e4 1a d2 53 3c f2 43 Sep 21 07:34:13.960935: | ab 72 53 4f db 17 92 bb e7 b5 98 09 b5 71 26 1a Sep 21 07:34:13.960936: | a2 eb 80 c1 6e c5 a4 3d 9b 39 8d ad 65 e2 84 aa Sep 21 07:34:13.960940: | 89 66 4d 7e ef e8 ac 6b d1 5e d4 95 5c 3e 37 93 Sep 21 07:34:13.960941: | af df a5 1f cf 18 a1 7c 39 80 74 57 7a b9 cc 39 Sep 21 07:34:13.960943: | a6 8a b0 39 8a 88 90 25 83 ea da 15 00 e3 a7 14 Sep 21 07:34:13.960944: | f2 9b a3 4b e1 ab 49 dc ae c7 84 9c Sep 21 07:34:13.960991: | libevent_free: release ptr-libevent@0x7f8338006ad0 Sep 21 07:34:13.960994: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f8324002b20 Sep 21 07:34:13.960999: | #6 spent 0.134 milliseconds in timer_event_cb() EVENT_RETRANSMIT Sep 21 07:34:13.961002: | stop processing: state #6 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in timer_event_cb() at timer.c:557) Sep 21 07:34:13.964073: | timer_event_cb: processing event@0x56097486afb0 Sep 21 07:34:13.964088: | handling event EVENT_RETRANSMIT for child state #5 Sep 21 07:34:13.964095: | start processing: state #5 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in timer_event_cb() at timer.c:250) Sep 21 07:34:13.964098: | IKEv1 retransmit event Sep 21 07:34:13.964103: | [RE]START processing: state #5 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in retransmit_v1_msg() at retry.c:61) Sep 21 07:34:13.964108: | handling event EVENT_RETRANSMIT for 192.1.3.33 "northnet-eastnets/0x2" #5 keying attempt 0 of 0; retransmit 3 Sep 21 07:34:13.964115: | retransmits: current time 49900.332376; retransmit count 2 exceeds limit? NO; deltatime 2 exceeds limit? NO; monotime 2.003252 exceeds limit? NO Sep 21 07:34:13.964119: | event_schedule: new EVENT_RETRANSMIT-pe@0x7f8324002b20 Sep 21 07:34:13.964123: | inserting event EVENT_RETRANSMIT, timeout in 2 seconds for #5 Sep 21 07:34:13.964127: | libevent_malloc: new ptr-libevent@0x7f8338006ad0 size 128 Sep 21 07:34:13.964131: "northnet-eastnets/0x2" #5: STATE_QUICK_R1: retransmission; will wait 2 seconds for response Sep 21 07:34:13.964139: | sending 460 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #5) Sep 21 07:34:13.964142: | 18 31 dd 30 0d 3e 37 d5 85 08 f7 50 ae 24 38 ea Sep 21 07:34:13.964144: | 08 10 20 01 e6 38 58 db 00 00 01 cc 70 45 50 0b Sep 21 07:34:13.964147: | cc 45 24 c0 ae b4 48 2e 2a 93 04 c0 8a 32 a9 72 Sep 21 07:34:13.964149: | ca 7b 35 30 7e 3c ec c5 69 01 83 e4 e6 15 7f f5 Sep 21 07:34:13.964151: | 54 57 5d 44 c4 e2 5b a0 50 49 79 61 01 08 93 38 Sep 21 07:34:13.964154: | fa 73 44 55 02 13 de 65 07 4e e4 15 02 20 db 08 Sep 21 07:34:13.964156: | da c2 cd 77 2c 71 25 41 73 1b 53 4d 85 8c e8 4d Sep 21 07:34:13.964159: | 63 14 df 1b bc 72 d0 8b 8d f3 c7 11 bb 0c c2 cc Sep 21 07:34:13.964161: | 1e 1c 9d ca 95 66 28 2e e7 b3 c8 09 33 1f 8f 8a Sep 21 07:34:13.964164: | 5e ae 1c f9 77 4c 27 c0 d5 bb 4a 05 b7 f7 7c 79 Sep 21 07:34:13.964166: | b2 d8 26 e8 dd 68 39 d8 38 ff 31 8b 23 ca 2f 5e Sep 21 07:34:13.964168: | 72 4e 40 64 b5 e3 09 34 10 45 88 12 94 b9 e8 8d Sep 21 07:34:13.964171: | 6b ba cc 10 9e d2 e1 19 0d 7d 68 ab cd dc 00 55 Sep 21 07:34:13.964173: | 48 9a 95 e3 02 13 08 14 31 ca 3f 65 08 eb ca c5 Sep 21 07:34:13.964175: | c6 b1 9e 85 55 92 49 3a 93 f0 de fa da e6 54 ef Sep 21 07:34:13.964178: | 68 71 fa 20 db 06 06 2b 0e 87 71 61 5b a5 71 7f Sep 21 07:34:13.964180: | 22 d6 3e 71 42 a0 6c c5 ca 8c 95 58 c1 85 1b c4 Sep 21 07:34:13.964182: | a7 94 bc a0 31 19 7a 0f 9c 80 b4 cd 3a 2e ae 42 Sep 21 07:34:13.964184: | 41 73 9e 44 02 20 49 0b c3 1d 46 f6 3b 15 80 9e Sep 21 07:34:13.964186: | e0 b6 61 3c 92 61 f6 86 f5 02 21 3c 5c 1c 4a 91 Sep 21 07:34:13.964189: | af 36 9b e4 75 0b 02 c6 a6 24 10 c8 a5 bb 0d 28 Sep 21 07:34:13.964191: | 65 1e ac 9f cb a0 b7 77 9c ba 0f 88 96 08 69 45 Sep 21 07:34:13.964193: | 99 fd 29 0b fd ed 24 d3 20 7b 22 b9 0c 93 e1 9f Sep 21 07:34:13.964195: | 2d 96 5f 54 f5 8c db c3 2a 00 b8 c9 a5 15 d8 7b Sep 21 07:34:13.964197: | 81 4c 09 3b 97 d9 a2 f3 be 8f da 53 d7 11 88 81 Sep 21 07:34:13.964200: | 41 98 07 85 94 87 7a 6b 23 38 2d 3e cb c1 61 19 Sep 21 07:34:13.964206: | 52 12 48 ff 37 82 f4 9f 20 f2 9e 40 00 e9 e2 20 Sep 21 07:34:13.964209: | 28 1d 66 d4 da 6d 3a 99 2d 9d d6 29 e3 c0 57 72 Sep 21 07:34:13.964211: | 0f 4d e9 c7 13 6c a0 f7 cc f6 b1 49 Sep 21 07:34:13.964267: | libevent_free: release ptr-libevent@0x7f832c002e90 Sep 21 07:34:13.964272: | free_event_entry: release EVENT_RETRANSMIT-pe@0x56097486afb0 Sep 21 07:34:13.964291: | #5 spent 0.177 milliseconds in timer_event_cb() EVENT_RETRANSMIT Sep 21 07:34:13.964312: | stop processing: state #5 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in timer_event_cb() at timer.c:557) Sep 21 07:34:15.962807: | timer_event_cb: processing event@0x7f83340041c0 Sep 21 07:34:15.962817: | handling event EVENT_RETRANSMIT for child state #6 Sep 21 07:34:15.962824: | start processing: state #6 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in timer_event_cb() at timer.c:250) Sep 21 07:34:15.962827: | IKEv1 retransmit event Sep 21 07:34:15.962830: | [RE]START processing: state #6 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in retransmit_v1_msg() at retry.c:61) Sep 21 07:34:15.962833: | handling event EVENT_RETRANSMIT for 192.1.3.33 "northnet-eastnets/0x1" #6 keying attempt 0 of 0; retransmit 4 Sep 21 07:34:15.962838: | retransmits: current time 49902.3311; retransmit count 3 exceeds limit? NO; deltatime 4 exceeds limit? NO; monotime 4.003068 exceeds limit? NO Sep 21 07:34:15.962841: | event_schedule: new EVENT_RETRANSMIT-pe@0x56097486afb0 Sep 21 07:34:15.962843: | inserting event EVENT_RETRANSMIT, timeout in 4 seconds for #6 Sep 21 07:34:15.962846: | libevent_malloc: new ptr-libevent@0x7f832c002e90 size 128 Sep 21 07:34:15.962849: "northnet-eastnets/0x1" #6: STATE_QUICK_R1: retransmission; will wait 4 seconds for response Sep 21 07:34:15.962854: | sending 460 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #6) Sep 21 07:34:15.962856: | 18 31 dd 30 0d 3e 37 d5 85 08 f7 50 ae 24 38 ea Sep 21 07:34:15.962857: | 08 10 20 01 8b 8f 11 95 00 00 01 cc 5e ee a7 c7 Sep 21 07:34:15.962859: | f0 ef 01 98 d3 79 d3 20 38 8f 58 1b ee b7 a6 48 Sep 21 07:34:15.962860: | ff cd e1 2a 72 d3 7e e0 e2 c1 43 78 d4 38 25 84 Sep 21 07:34:15.962862: | 35 3e 94 6d 2d c4 a9 19 78 ac 1c cb 1d f9 f6 59 Sep 21 07:34:15.962863: | df 81 57 3b 9e 7e a4 65 e1 eb 11 e6 77 a1 08 f8 Sep 21 07:34:15.962865: | 31 a7 d5 3b fd f8 8a 29 93 f5 e4 c7 bf aa 8d 4a Sep 21 07:34:15.962866: | 2c de 09 e4 70 07 a6 8f 06 17 ac 7d 5a 85 43 3d Sep 21 07:34:15.962868: | da 86 9a e4 a0 1a 22 14 05 6a da 61 c5 3d dd e5 Sep 21 07:34:15.962869: | 1b ce d0 f9 a2 a7 67 ee 1c 96 da dd 62 f9 a1 7a Sep 21 07:34:15.962871: | 58 65 49 06 e7 70 ed 52 fc 43 dd 0b 33 0b a0 ff Sep 21 07:34:15.962872: | ae ca 1a 33 b5 45 62 11 77 46 8e 2a 21 c1 2e 1f Sep 21 07:34:15.962874: | 7b e0 46 79 72 b7 53 c9 41 c3 6a 0c b3 04 ac 5c Sep 21 07:34:15.962875: | 1f 73 95 92 c3 53 a1 cb 21 ce 63 8a ae 92 98 ee Sep 21 07:34:15.962877: | 4f f1 dd d7 66 5c 2c 82 1b 22 e4 67 b1 cb 27 4b Sep 21 07:34:15.962878: | 3f d6 0c 5d 09 1f 05 ac 40 58 4f a9 e0 16 67 33 Sep 21 07:34:15.962880: | 02 fd ce 69 72 70 47 29 d0 79 3e 48 e0 8f 0f d3 Sep 21 07:34:15.962881: | 25 47 31 51 53 58 41 94 69 f1 66 cd 48 65 df 5a Sep 21 07:34:15.962883: | b7 d7 af b0 eb 4a 41 91 51 25 d4 b7 18 83 14 7d Sep 21 07:34:15.962884: | 7d 0f 22 9b 65 3b 00 cf ef 1f 1a a6 90 56 e4 ee Sep 21 07:34:15.962885: | 18 73 22 04 75 dd 5b 83 a5 82 3d 4a 22 b2 f5 c5 Sep 21 07:34:15.962887: | b0 6f 10 52 a3 c5 38 94 da 9c 93 4a e7 0a bc 3a Sep 21 07:34:15.962888: | 92 eb fc c1 28 74 e5 72 e0 e4 1a d2 53 3c f2 43 Sep 21 07:34:15.962890: | ab 72 53 4f db 17 92 bb e7 b5 98 09 b5 71 26 1a Sep 21 07:34:15.962891: | a2 eb 80 c1 6e c5 a4 3d 9b 39 8d ad 65 e2 84 aa Sep 21 07:34:15.962893: | 89 66 4d 7e ef e8 ac 6b d1 5e d4 95 5c 3e 37 93 Sep 21 07:34:15.962894: | af df a5 1f cf 18 a1 7c 39 80 74 57 7a b9 cc 39 Sep 21 07:34:15.962896: | a6 8a b0 39 8a 88 90 25 83 ea da 15 00 e3 a7 14 Sep 21 07:34:15.962904: | f2 9b a3 4b e1 ab 49 dc ae c7 84 9c Sep 21 07:34:15.962953: | libevent_free: release ptr-libevent@0x7f832c003590 Sep 21 07:34:15.962956: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f83340041c0 Sep 21 07:34:15.962962: | #6 spent 0.13 milliseconds in timer_event_cb() EVENT_RETRANSMIT Sep 21 07:34:15.962966: | stop processing: state #6 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in timer_event_cb() at timer.c:557) Sep 21 07:34:15.965033: | timer_event_cb: processing event@0x7f8324002b20 Sep 21 07:34:15.965043: | handling event EVENT_RETRANSMIT for child state #5 Sep 21 07:34:15.965049: | start processing: state #5 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in timer_event_cb() at timer.c:250) Sep 21 07:34:15.965052: | IKEv1 retransmit event Sep 21 07:34:15.965055: | [RE]START processing: state #5 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in retransmit_v1_msg() at retry.c:61) Sep 21 07:34:15.965058: | handling event EVENT_RETRANSMIT for 192.1.3.33 "northnet-eastnets/0x2" #5 keying attempt 0 of 0; retransmit 4 Sep 21 07:34:15.965062: | retransmits: current time 49902.333325; retransmit count 3 exceeds limit? NO; deltatime 4 exceeds limit? NO; monotime 4.004201 exceeds limit? NO Sep 21 07:34:15.965065: | event_schedule: new EVENT_RETRANSMIT-pe@0x7f83340041c0 Sep 21 07:34:15.965067: | inserting event EVENT_RETRANSMIT, timeout in 4 seconds for #5 Sep 21 07:34:15.965070: | libevent_malloc: new ptr-libevent@0x7f832c003590 size 128 Sep 21 07:34:15.965072: "northnet-eastnets/0x2" #5: STATE_QUICK_R1: retransmission; will wait 4 seconds for response Sep 21 07:34:15.965077: | sending 460 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #5) Sep 21 07:34:15.965079: | 18 31 dd 30 0d 3e 37 d5 85 08 f7 50 ae 24 38 ea Sep 21 07:34:15.965080: | 08 10 20 01 e6 38 58 db 00 00 01 cc 70 45 50 0b Sep 21 07:34:15.965082: | cc 45 24 c0 ae b4 48 2e 2a 93 04 c0 8a 32 a9 72 Sep 21 07:34:15.965083: | ca 7b 35 30 7e 3c ec c5 69 01 83 e4 e6 15 7f f5 Sep 21 07:34:15.965085: | 54 57 5d 44 c4 e2 5b a0 50 49 79 61 01 08 93 38 Sep 21 07:34:15.965086: | fa 73 44 55 02 13 de 65 07 4e e4 15 02 20 db 08 Sep 21 07:34:15.965088: | da c2 cd 77 2c 71 25 41 73 1b 53 4d 85 8c e8 4d Sep 21 07:34:15.965089: | 63 14 df 1b bc 72 d0 8b 8d f3 c7 11 bb 0c c2 cc Sep 21 07:34:15.965090: | 1e 1c 9d ca 95 66 28 2e e7 b3 c8 09 33 1f 8f 8a Sep 21 07:34:15.965092: | 5e ae 1c f9 77 4c 27 c0 d5 bb 4a 05 b7 f7 7c 79 Sep 21 07:34:15.965093: | b2 d8 26 e8 dd 68 39 d8 38 ff 31 8b 23 ca 2f 5e Sep 21 07:34:15.965095: | 72 4e 40 64 b5 e3 09 34 10 45 88 12 94 b9 e8 8d Sep 21 07:34:15.965096: | 6b ba cc 10 9e d2 e1 19 0d 7d 68 ab cd dc 00 55 Sep 21 07:34:15.965098: | 48 9a 95 e3 02 13 08 14 31 ca 3f 65 08 eb ca c5 Sep 21 07:34:15.965099: | c6 b1 9e 85 55 92 49 3a 93 f0 de fa da e6 54 ef Sep 21 07:34:15.965100: | 68 71 fa 20 db 06 06 2b 0e 87 71 61 5b a5 71 7f Sep 21 07:34:15.965102: | 22 d6 3e 71 42 a0 6c c5 ca 8c 95 58 c1 85 1b c4 Sep 21 07:34:15.965103: | a7 94 bc a0 31 19 7a 0f 9c 80 b4 cd 3a 2e ae 42 Sep 21 07:34:15.965105: | 41 73 9e 44 02 20 49 0b c3 1d 46 f6 3b 15 80 9e Sep 21 07:34:15.965106: | e0 b6 61 3c 92 61 f6 86 f5 02 21 3c 5c 1c 4a 91 Sep 21 07:34:15.965108: | af 36 9b e4 75 0b 02 c6 a6 24 10 c8 a5 bb 0d 28 Sep 21 07:34:15.965109: | 65 1e ac 9f cb a0 b7 77 9c ba 0f 88 96 08 69 45 Sep 21 07:34:15.965111: | 99 fd 29 0b fd ed 24 d3 20 7b 22 b9 0c 93 e1 9f Sep 21 07:34:15.965112: | 2d 96 5f 54 f5 8c db c3 2a 00 b8 c9 a5 15 d8 7b Sep 21 07:34:15.965113: | 81 4c 09 3b 97 d9 a2 f3 be 8f da 53 d7 11 88 81 Sep 21 07:34:15.965115: | 41 98 07 85 94 87 7a 6b 23 38 2d 3e cb c1 61 19 Sep 21 07:34:15.965116: | 52 12 48 ff 37 82 f4 9f 20 f2 9e 40 00 e9 e2 20 Sep 21 07:34:15.965118: | 28 1d 66 d4 da 6d 3a 99 2d 9d d6 29 e3 c0 57 72 Sep 21 07:34:15.965119: | 0f 4d e9 c7 13 6c a0 f7 cc f6 b1 49 Sep 21 07:34:15.965154: | libevent_free: release ptr-libevent@0x7f8338006ad0 Sep 21 07:34:15.965157: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f8324002b20 Sep 21 07:34:15.965163: | #5 spent 0.112 milliseconds in timer_event_cb() EVENT_RETRANSMIT Sep 21 07:34:15.965166: | stop processing: state #5 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in timer_event_cb() at timer.c:557) Sep 21 07:34:19.966805: | timer_event_cb: processing event@0x56097486afb0 Sep 21 07:34:19.966819: | handling event EVENT_RETRANSMIT for child state #6 Sep 21 07:34:19.966825: | start processing: state #6 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in timer_event_cb() at timer.c:250) Sep 21 07:34:19.966828: | IKEv1 retransmit event Sep 21 07:34:19.966831: | [RE]START processing: state #6 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in retransmit_v1_msg() at retry.c:61) Sep 21 07:34:19.966834: | handling event EVENT_RETRANSMIT for 192.1.3.33 "northnet-eastnets/0x1" #6 keying attempt 0 of 0; retransmit 5 Sep 21 07:34:19.966839: | retransmits: current time 49906.335102; retransmit count 4 exceeds limit? NO; deltatime 8 exceeds limit? NO; monotime 8.00707 exceeds limit? NO Sep 21 07:34:19.966842: | event_schedule: new EVENT_RETRANSMIT-pe@0x7f8324002b20 Sep 21 07:34:19.966844: | inserting event EVENT_RETRANSMIT, timeout in 8 seconds for #6 Sep 21 07:34:19.966847: | libevent_malloc: new ptr-libevent@0x7f8338006ad0 size 128 Sep 21 07:34:19.966850: "northnet-eastnets/0x1" #6: STATE_QUICK_R1: retransmission; will wait 8 seconds for response Sep 21 07:34:19.966855: | sending 460 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #6) Sep 21 07:34:19.966857: | 18 31 dd 30 0d 3e 37 d5 85 08 f7 50 ae 24 38 ea Sep 21 07:34:19.966859: | 08 10 20 01 8b 8f 11 95 00 00 01 cc 5e ee a7 c7 Sep 21 07:34:19.966860: | f0 ef 01 98 d3 79 d3 20 38 8f 58 1b ee b7 a6 48 Sep 21 07:34:19.966862: | ff cd e1 2a 72 d3 7e e0 e2 c1 43 78 d4 38 25 84 Sep 21 07:34:19.966863: | 35 3e 94 6d 2d c4 a9 19 78 ac 1c cb 1d f9 f6 59 Sep 21 07:34:19.966865: | df 81 57 3b 9e 7e a4 65 e1 eb 11 e6 77 a1 08 f8 Sep 21 07:34:19.966866: | 31 a7 d5 3b fd f8 8a 29 93 f5 e4 c7 bf aa 8d 4a Sep 21 07:34:19.966868: | 2c de 09 e4 70 07 a6 8f 06 17 ac 7d 5a 85 43 3d Sep 21 07:34:19.966869: | da 86 9a e4 a0 1a 22 14 05 6a da 61 c5 3d dd e5 Sep 21 07:34:19.966871: | 1b ce d0 f9 a2 a7 67 ee 1c 96 da dd 62 f9 a1 7a Sep 21 07:34:19.966872: | 58 65 49 06 e7 70 ed 52 fc 43 dd 0b 33 0b a0 ff Sep 21 07:34:19.966874: | ae ca 1a 33 b5 45 62 11 77 46 8e 2a 21 c1 2e 1f Sep 21 07:34:19.966875: | 7b e0 46 79 72 b7 53 c9 41 c3 6a 0c b3 04 ac 5c Sep 21 07:34:19.966876: | 1f 73 95 92 c3 53 a1 cb 21 ce 63 8a ae 92 98 ee Sep 21 07:34:19.966878: | 4f f1 dd d7 66 5c 2c 82 1b 22 e4 67 b1 cb 27 4b Sep 21 07:34:19.966879: | 3f d6 0c 5d 09 1f 05 ac 40 58 4f a9 e0 16 67 33 Sep 21 07:34:19.966881: | 02 fd ce 69 72 70 47 29 d0 79 3e 48 e0 8f 0f d3 Sep 21 07:34:19.966882: | 25 47 31 51 53 58 41 94 69 f1 66 cd 48 65 df 5a Sep 21 07:34:19.966884: | b7 d7 af b0 eb 4a 41 91 51 25 d4 b7 18 83 14 7d Sep 21 07:34:19.966885: | 7d 0f 22 9b 65 3b 00 cf ef 1f 1a a6 90 56 e4 ee Sep 21 07:34:19.966887: | 18 73 22 04 75 dd 5b 83 a5 82 3d 4a 22 b2 f5 c5 Sep 21 07:34:19.966888: | b0 6f 10 52 a3 c5 38 94 da 9c 93 4a e7 0a bc 3a Sep 21 07:34:19.966889: | 92 eb fc c1 28 74 e5 72 e0 e4 1a d2 53 3c f2 43 Sep 21 07:34:19.966891: | ab 72 53 4f db 17 92 bb e7 b5 98 09 b5 71 26 1a Sep 21 07:34:19.966892: | a2 eb 80 c1 6e c5 a4 3d 9b 39 8d ad 65 e2 84 aa Sep 21 07:34:19.966894: | 89 66 4d 7e ef e8 ac 6b d1 5e d4 95 5c 3e 37 93 Sep 21 07:34:19.966895: | af df a5 1f cf 18 a1 7c 39 80 74 57 7a b9 cc 39 Sep 21 07:34:19.966897: | a6 8a b0 39 8a 88 90 25 83 ea da 15 00 e3 a7 14 Sep 21 07:34:19.966898: | f2 9b a3 4b e1 ab 49 dc ae c7 84 9c Sep 21 07:34:19.966942: | libevent_free: release ptr-libevent@0x7f832c002e90 Sep 21 07:34:19.966945: | free_event_entry: release EVENT_RETRANSMIT-pe@0x56097486afb0 Sep 21 07:34:19.966954: | #6 spent 0.128 milliseconds in timer_event_cb() EVENT_RETRANSMIT Sep 21 07:34:19.966958: | stop processing: state #6 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in timer_event_cb() at timer.c:557) Sep 21 07:34:19.966961: | timer_event_cb: processing event@0x7f83340041c0 Sep 21 07:34:19.966963: | handling event EVENT_RETRANSMIT for child state #5 Sep 21 07:34:19.966966: | start processing: state #5 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in timer_event_cb() at timer.c:250) Sep 21 07:34:19.966968: | IKEv1 retransmit event Sep 21 07:34:19.966971: | [RE]START processing: state #5 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in retransmit_v1_msg() at retry.c:61) Sep 21 07:34:19.966974: | handling event EVENT_RETRANSMIT for 192.1.3.33 "northnet-eastnets/0x2" #5 keying attempt 0 of 0; retransmit 5 Sep 21 07:34:19.966977: | retransmits: current time 49906.335241; retransmit count 4 exceeds limit? NO; deltatime 8 exceeds limit? NO; monotime 8.006117 exceeds limit? NO Sep 21 07:34:19.966979: | event_schedule: new EVENT_RETRANSMIT-pe@0x56097486afb0 Sep 21 07:34:19.966982: | inserting event EVENT_RETRANSMIT, timeout in 8 seconds for #5 Sep 21 07:34:19.966983: | libevent_malloc: new ptr-libevent@0x7f832c002e90 size 128 Sep 21 07:34:19.966986: "northnet-eastnets/0x2" #5: STATE_QUICK_R1: retransmission; will wait 8 seconds for response Sep 21 07:34:19.966989: | sending 460 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #5) Sep 21 07:34:19.966991: | 18 31 dd 30 0d 3e 37 d5 85 08 f7 50 ae 24 38 ea Sep 21 07:34:19.966993: | 08 10 20 01 e6 38 58 db 00 00 01 cc 70 45 50 0b Sep 21 07:34:19.966994: | cc 45 24 c0 ae b4 48 2e 2a 93 04 c0 8a 32 a9 72 Sep 21 07:34:19.966996: | ca 7b 35 30 7e 3c ec c5 69 01 83 e4 e6 15 7f f5 Sep 21 07:34:19.966997: | 54 57 5d 44 c4 e2 5b a0 50 49 79 61 01 08 93 38 Sep 21 07:34:19.966998: | fa 73 44 55 02 13 de 65 07 4e e4 15 02 20 db 08 Sep 21 07:34:19.967000: | da c2 cd 77 2c 71 25 41 73 1b 53 4d 85 8c e8 4d Sep 21 07:34:19.967001: | 63 14 df 1b bc 72 d0 8b 8d f3 c7 11 bb 0c c2 cc Sep 21 07:34:19.967003: | 1e 1c 9d ca 95 66 28 2e e7 b3 c8 09 33 1f 8f 8a Sep 21 07:34:19.967004: | 5e ae 1c f9 77 4c 27 c0 d5 bb 4a 05 b7 f7 7c 79 Sep 21 07:34:19.967006: | b2 d8 26 e8 dd 68 39 d8 38 ff 31 8b 23 ca 2f 5e Sep 21 07:34:19.967007: | 72 4e 40 64 b5 e3 09 34 10 45 88 12 94 b9 e8 8d Sep 21 07:34:19.967009: | 6b ba cc 10 9e d2 e1 19 0d 7d 68 ab cd dc 00 55 Sep 21 07:34:19.967010: | 48 9a 95 e3 02 13 08 14 31 ca 3f 65 08 eb ca c5 Sep 21 07:34:19.967011: | c6 b1 9e 85 55 92 49 3a 93 f0 de fa da e6 54 ef Sep 21 07:34:19.967013: | 68 71 fa 20 db 06 06 2b 0e 87 71 61 5b a5 71 7f Sep 21 07:34:19.967014: | 22 d6 3e 71 42 a0 6c c5 ca 8c 95 58 c1 85 1b c4 Sep 21 07:34:19.967016: | a7 94 bc a0 31 19 7a 0f 9c 80 b4 cd 3a 2e ae 42 Sep 21 07:34:19.967017: | 41 73 9e 44 02 20 49 0b c3 1d 46 f6 3b 15 80 9e Sep 21 07:34:19.967019: | e0 b6 61 3c 92 61 f6 86 f5 02 21 3c 5c 1c 4a 91 Sep 21 07:34:19.967020: | af 36 9b e4 75 0b 02 c6 a6 24 10 c8 a5 bb 0d 28 Sep 21 07:34:19.967021: | 65 1e ac 9f cb a0 b7 77 9c ba 0f 88 96 08 69 45 Sep 21 07:34:19.967023: | 99 fd 29 0b fd ed 24 d3 20 7b 22 b9 0c 93 e1 9f Sep 21 07:34:19.967024: | 2d 96 5f 54 f5 8c db c3 2a 00 b8 c9 a5 15 d8 7b Sep 21 07:34:19.967026: | 81 4c 09 3b 97 d9 a2 f3 be 8f da 53 d7 11 88 81 Sep 21 07:34:19.967027: | 41 98 07 85 94 87 7a 6b 23 38 2d 3e cb c1 61 19 Sep 21 07:34:19.967029: | 52 12 48 ff 37 82 f4 9f 20 f2 9e 40 00 e9 e2 20 Sep 21 07:34:19.967030: | 28 1d 66 d4 da 6d 3a 99 2d 9d d6 29 e3 c0 57 72 Sep 21 07:34:19.967032: | 0f 4d e9 c7 13 6c a0 f7 cc f6 b1 49 Sep 21 07:34:19.967043: | libevent_free: release ptr-libevent@0x7f832c003590 Sep 21 07:34:19.967046: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f83340041c0 Sep 21 07:34:19.967050: | #5 spent 0.0825 milliseconds in timer_event_cb() EVENT_RETRANSMIT Sep 21 07:34:19.967057: | stop processing: state #5 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in timer_event_cb() at timer.c:557) Sep 21 07:34:20.795767: | spent 0.00298 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:34:20.795793: | *received 476 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) Sep 21 07:34:20.795797: | 18 31 dd 30 0d 3e 37 d5 85 08 f7 50 ae 24 38 ea Sep 21 07:34:20.795815: | 08 10 20 01 fc 42 ec 12 00 00 01 dc 40 88 2d 9c Sep 21 07:34:20.795819: | e4 fd ad 67 5a 96 d1 ec 2b 14 b3 0e e6 3a d9 16 Sep 21 07:34:20.795821: | c0 ba c4 99 3e c2 b8 ab b1 df d8 3f eb 56 98 43 Sep 21 07:34:20.795836: | 5c 41 98 98 b2 1d 3d 55 3f c8 ae f5 6b de 71 b9 Sep 21 07:34:20.795838: | ac 4d 1f 98 98 95 b1 0c 5f 3c 30 4d 13 0c 44 11 Sep 21 07:34:20.795841: | 28 60 71 e4 52 b4 c0 50 54 3f fe 10 1f b2 1e 3d Sep 21 07:34:20.795843: | c6 7b ab be 88 9b 3d b4 cb af 71 28 a5 fa d4 38 Sep 21 07:34:20.795845: | b6 a7 37 27 09 57 1e 30 a4 52 5b f6 72 95 89 2d Sep 21 07:34:20.795847: | 17 c4 09 fb f4 76 51 25 5c c6 6d ca 8e 7d 3f 0d Sep 21 07:34:20.795850: | db 9f c6 49 3b 7b c7 d1 93 bf 02 b3 d0 ea f7 25 Sep 21 07:34:20.795852: | cb b2 72 d0 f6 c6 d5 29 97 a5 46 86 d5 3f 60 84 Sep 21 07:34:20.795854: | 6f 4e 4c 2a e2 c7 6b 24 6e e9 10 2d 09 9d 9b 2d Sep 21 07:34:20.795856: | 8f 55 69 b0 35 86 01 b7 2b 31 2f e2 e9 66 ce e9 Sep 21 07:34:20.795859: | f6 c9 6e 14 3a f7 03 7e 7a 0f 96 dd bf 3f 2a 7f Sep 21 07:34:20.795861: | 0a 57 69 62 99 ca 65 1b af fc 62 df f9 e2 bf 1b Sep 21 07:34:20.795863: | 38 a1 75 f3 a1 dd 5a 8e 26 1a df 8e 8a 49 1e 34 Sep 21 07:34:20.795865: | 0e 9e 03 cc e5 66 07 97 27 9e ca f6 e8 0f 6e 0c Sep 21 07:34:20.795868: | d9 b9 2d a9 c9 80 37 e0 34 dc a6 c8 98 07 a1 84 Sep 21 07:34:20.795870: | 8e d9 e7 ec b5 34 a9 9b e4 9e f0 63 d8 06 c4 a0 Sep 21 07:34:20.795872: | 77 ef be 0e 27 62 6b 76 02 46 0f 66 c2 17 e2 a6 Sep 21 07:34:20.795874: | d1 0f 0a 35 3d bd e3 ad 09 d9 1e 45 bd a0 9c 4c Sep 21 07:34:20.795877: | cd cc e5 50 60 59 3d a8 77 36 79 ff 44 66 18 25 Sep 21 07:34:20.795879: | 68 d7 0a 49 18 ca 92 e4 1d 84 01 d9 a1 fe f8 41 Sep 21 07:34:20.795882: | a6 10 dd 9c 0c 0d dd 7b 7a 30 ab 87 03 41 72 79 Sep 21 07:34:20.795884: | f9 80 7e b5 6c 24 36 8d 56 b3 be bc 2c c9 56 14 Sep 21 07:34:20.795886: | fa 30 31 82 2c 3c 11 3c 57 1a ba 21 0a db 77 ba Sep 21 07:34:20.795888: | 1d f9 c4 ce 15 e1 da 85 56 66 d1 5d ec 62 37 c9 Sep 21 07:34:20.795890: | 3b 49 59 7a 94 ad a9 a9 84 de 05 89 82 e1 fa 0a Sep 21 07:34:20.795892: | 06 0d ea 28 3a 4e 8b 70 c5 66 fe 2e Sep 21 07:34:20.795897: | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) Sep 21 07:34:20.795901: | **parse ISAKMP Message: Sep 21 07:34:20.795904: | initiator cookie: Sep 21 07:34:20.795906: | 18 31 dd 30 0d 3e 37 d5 Sep 21 07:34:20.795908: | responder cookie: Sep 21 07:34:20.795911: | 85 08 f7 50 ae 24 38 ea Sep 21 07:34:20.795913: | next payload type: ISAKMP_NEXT_HASH (0x8) Sep 21 07:34:20.795916: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:34:20.795919: | exchange type: ISAKMP_XCHG_QUICK (0x20) Sep 21 07:34:20.795922: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Sep 21 07:34:20.795924: | Message ID: 4232244242 (0xfc42ec12) Sep 21 07:34:20.795926: | length: 476 (0x1dc) Sep 21 07:34:20.795930: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32) Sep 21 07:34:20.795934: | State DB: IKEv1 state not found (find_state_ikev1) Sep 21 07:34:20.795937: | State DB: found IKEv1 state #1 in MAIN_R3 (find_state_ikev1) Sep 21 07:34:20.795942: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in process_v1_packet() at ikev1.c:1583) Sep 21 07:34:20.795958: | #1 is idle Sep 21 07:34:20.795961: | #1 idle Sep 21 07:34:20.795965: | received encrypted packet from 192.1.3.33:500 Sep 21 07:34:20.795977: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x502 opt: 0x200030 Sep 21 07:34:20.795983: | ***parse ISAKMP Hash Payload: Sep 21 07:34:20.795986: | next payload type: ISAKMP_NEXT_SA (0x1) Sep 21 07:34:20.795989: | length: 36 (0x24) Sep 21 07:34:20.795992: | got payload 0x2 (ISAKMP_NEXT_SA) needed: 0x402 opt: 0x200030 Sep 21 07:34:20.795995: | ***parse ISAKMP Security Association Payload: Sep 21 07:34:20.795997: | next payload type: ISAKMP_NEXT_NONCE (0xa) Sep 21 07:34:20.795999: | length: 84 (0x54) Sep 21 07:34:20.796002: | DOI: ISAKMP_DOI_IPSEC (0x1) Sep 21 07:34:20.796004: | got payload 0x400 (ISAKMP_NEXT_NONCE) needed: 0x400 opt: 0x200030 Sep 21 07:34:20.796007: | ***parse ISAKMP Nonce Payload: Sep 21 07:34:20.796009: | next payload type: ISAKMP_NEXT_KE (0x4) Sep 21 07:34:20.796011: | length: 36 (0x24) Sep 21 07:34:20.796014: | got payload 0x10 (ISAKMP_NEXT_KE) needed: 0x0 opt: 0x200030 Sep 21 07:34:20.796016: | ***parse ISAKMP Key Exchange Payload: Sep 21 07:34:20.796018: | next payload type: ISAKMP_NEXT_ID (0x5) Sep 21 07:34:20.796021: | length: 260 (0x104) Sep 21 07:34:20.796023: | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030 Sep 21 07:34:20.796026: | ***parse ISAKMP Identification Payload (IPsec DOI): Sep 21 07:34:20.796028: | next payload type: ISAKMP_NEXT_ID (0x5) Sep 21 07:34:20.796030: | length: 16 (0x10) Sep 21 07:34:20.796033: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Sep 21 07:34:20.796035: | Protocol ID: 0 (0x0) Sep 21 07:34:20.796037: | port: 0 (0x0) Sep 21 07:34:20.796040: | obj: c0 00 03 00 ff ff ff 00 Sep 21 07:34:20.796042: | got payload 0x20 (ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030 Sep 21 07:34:20.796045: | ***parse ISAKMP Identification Payload (IPsec DOI): Sep 21 07:34:20.796047: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:20.796049: | length: 16 (0x10) Sep 21 07:34:20.796051: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Sep 21 07:34:20.796054: | Protocol ID: 0 (0x0) Sep 21 07:34:20.796056: | port: 0 (0x0) Sep 21 07:34:20.796058: | obj: c0 00 16 00 ff ff ff 00 Sep 21 07:34:20.796080: | quick_inI1_outR1 HASH(1): Sep 21 07:34:20.796083: | 7c 4c 3c 11 6c f6 e9 de dc f6 bc 16 b6 08 44 25 Sep 21 07:34:20.796085: | 26 ea a7 cd b7 19 a7 1c 8a a3 be 4f 76 fc 9e e1 Sep 21 07:34:20.796088: | received 'quick_inI1_outR1' message HASH(1) data ok Sep 21 07:34:20.796092: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address Sep 21 07:34:20.796095: | ID address c0 00 03 00 Sep 21 07:34:20.796097: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID mask Sep 21 07:34:20.796099: | ID mask ff ff ff 00 Sep 21 07:34:20.796103: | peer client is subnet 192.0.3.0/24 Sep 21 07:34:20.796105: | peer client protocol/port is 0/0 Sep 21 07:34:20.796108: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID address Sep 21 07:34:20.796110: | ID address c0 00 16 00 Sep 21 07:34:20.796112: | parsing 4 raw bytes of ISAKMP Identification Payload (IPsec DOI) into ID mask Sep 21 07:34:20.796115: | ID mask ff ff ff 00 Sep 21 07:34:20.796118: | our client is subnet 192.0.22.0/24 Sep 21 07:34:20.796120: | our client protocol/port is 0/0 Sep 21 07:34:20.796126: "northnet-eastnets/0x2" #1: the peer proposed: 192.0.22.0/24:0/0 -> 192.0.3.0/24:0/0 Sep 21 07:34:20.796129: | find_client_connection starting with northnet-eastnets/0x2 Sep 21 07:34:20.796133: | looking for 192.0.22.0/24:0:0/0 -> 192.0.3.0/24:0:0/0 Sep 21 07:34:20.796138: | concrete checking against sr#0 192.0.22.0/24:0 -> 192.0.3.0/24:0 Sep 21 07:34:20.796141: | client wildcard: no port wildcard: no virtual: no Sep 21 07:34:20.796145: | creating state object #7 at 0x560974880bc0 Sep 21 07:34:20.796147: | State DB: adding IKEv1 state #7 in UNDEFINED Sep 21 07:34:20.796151: | pstats #7 ikev1.ipsec started Sep 21 07:34:20.796153: | duplicating state object #1 "northnet-eastnets/0x2" as #7 for IPSEC SA Sep 21 07:34:20.796158: | #7 setting local endpoint to 192.1.2.23:500 from #1.st_localport (in duplicate_state() at state.c:1481) Sep 21 07:34:20.796166: | suspend processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in quick_inI1_outR1_tail() at ikev1_quick.c:1294) Sep 21 07:34:20.796171: | start processing: state #7 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in quick_inI1_outR1_tail() at ikev1_quick.c:1294) Sep 21 07:34:20.796175: | child state #7: UNDEFINED(ignore) => QUICK_R0(established CHILD SA) Sep 21 07:34:20.796178: | ****parse IPsec DOI SIT: Sep 21 07:34:20.796181: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) Sep 21 07:34:20.796184: | ****parse ISAKMP Proposal Payload: Sep 21 07:34:20.796186: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:20.796188: | length: 72 (0x48) Sep 21 07:34:20.796191: | proposal number: 0 (0x0) Sep 21 07:34:20.796193: | protocol ID: PROTO_IPSEC_ESP (0x3) Sep 21 07:34:20.796195: | SPI size: 4 (0x4) Sep 21 07:34:20.796197: | number of transforms: 2 (0x2) Sep 21 07:34:20.796200: | parsing 4 raw bytes of ISAKMP Proposal Payload into SPI Sep 21 07:34:20.796202: | SPI 5f 2e 4c f3 Sep 21 07:34:20.796205: | *****parse ISAKMP Transform Payload (ESP): Sep 21 07:34:20.796207: | next payload type: ISAKMP_NEXT_T (0x3) Sep 21 07:34:20.796209: | length: 32 (0x20) Sep 21 07:34:20.796211: | ESP transform number: 0 (0x0) Sep 21 07:34:20.796213: | ESP transform ID: ESP_AES (0xc) Sep 21 07:34:20.796216: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:34:20.796219: | af+type: AF+GROUP_DESCRIPTION (0x8003) Sep 21 07:34:20.796221: | length/value: 14 (0xe) Sep 21 07:34:20.796223: | [14 is OAKLEY_GROUP_MODP2048] Sep 21 07:34:20.796226: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:34:20.796228: | af+type: AF+ENCAPSULATION_MODE (0x8004) Sep 21 07:34:20.796230: | length/value: 1 (0x1) Sep 21 07:34:20.796232: | [1 is ENCAPSULATION_MODE_TUNNEL] Sep 21 07:34:20.796235: | NAT-T non-encap: Installing IPsec SA without ENCAP, st->hidden_variables.st_nat_traversal is none Sep 21 07:34:20.796237: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:34:20.796239: | af+type: AF+SA_LIFE_TYPE (0x8001) Sep 21 07:34:20.796241: | length/value: 1 (0x1) Sep 21 07:34:20.796243: | [1 is SA_LIFE_TYPE_SECONDS] Sep 21 07:34:20.796246: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:34:20.796248: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) Sep 21 07:34:20.796250: | length/value: 28800 (0x7080) Sep 21 07:34:20.796252: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:34:20.796255: | af+type: AF+AUTH_ALGORITHM (0x8005) Sep 21 07:34:20.796257: | length/value: 2 (0x2) Sep 21 07:34:20.796259: | [2 is AUTH_ALGORITHM_HMAC_SHA1] Sep 21 07:34:20.796261: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:34:20.796264: | af+type: AF+KEY_LENGTH (0x8006) Sep 21 07:34:20.796266: | length/value: 128 (0x80) Sep 21 07:34:20.796269: | ESP IPsec Transform verified unconditionally; no alg_info to check against Sep 21 07:34:20.796275: | adding quick_outI1 KE work-order 13 for state #7 Sep 21 07:34:20.796278: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f83340041c0 Sep 21 07:34:20.796281: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #7 Sep 21 07:34:20.796284: | libevent_malloc: new ptr-libevent@0x7f832c003590 size 128 Sep 21 07:34:20.796291: | complete v1 state transition with STF_SUSPEND Sep 21 07:34:20.796296: | [RE]START processing: state #7 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in complete_v1_state_transition() at ikev1.c:2624) Sep 21 07:34:20.796299: | suspending state #7 and saving MD Sep 21 07:34:20.796301: | #7 is busy; has a suspended MD Sep 21 07:34:20.796306: | #1 spent 0.213 milliseconds in process_packet_tail() Sep 21 07:34:20.796310: | stop processing: from 192.1.3.33:500 (BACKGROUND) (in process_md() at demux.c:380) Sep 21 07:34:20.796314: | stop processing: state #7 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in process_md() at demux.c:382) Sep 21 07:34:20.796317: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:34:20.796320: | spent 0.537 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:34:20.796323: | crypto helper 4 resuming Sep 21 07:34:20.796331: | crypto helper 4 starting work-order 13 for state #7 Sep 21 07:34:20.796334: | crypto helper 4 doing build KE and nonce (quick_outI1 KE); request ID 13 Sep 21 07:34:20.796898: | crypto helper 4 finished build KE and nonce (quick_outI1 KE); request ID 13 time elapsed 0.000564 seconds Sep 21 07:34:20.796907: | (#7) spent 0.564 milliseconds in crypto helper computing work-order 13: quick_outI1 KE (pcr) Sep 21 07:34:20.796909: | crypto helper 4 sending results from work-order 13 for state #7 to event queue Sep 21 07:34:20.796910: | scheduling resume sending helper answer for #7 Sep 21 07:34:20.796913: | libevent_malloc: new ptr-libevent@0x7f8320008350 size 128 Sep 21 07:34:20.796919: | crypto helper 4 waiting (nothing to do) Sep 21 07:34:20.796927: | processing resume sending helper answer for #7 Sep 21 07:34:20.796936: | start processing: state #7 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:797) Sep 21 07:34:20.796940: | crypto helper 4 replies to request ID 13 Sep 21 07:34:20.796942: | calling continuation function 0x560973f3c630 Sep 21 07:34:20.796945: | quick_inI1_outR1_cryptocontinue1 for #7: calculated ke+nonce, calculating DH Sep 21 07:34:20.796962: | started looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org of kind PKK_PSK Sep 21 07:34:20.796971: | actually looking for secret for C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org->C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org of kind PKK_PSK Sep 21 07:34:20.796981: | line 0: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org) to type PKK_RSA Sep 21 07:34:20.796989: | line 1: key type PKK_PSK(C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org) to type PKK_RSA Sep 21 07:34:20.796992: | concluding with best_match=000 best=(nil) (lineno=-1) Sep 21 07:34:20.796994: | no PreShared Key Found Sep 21 07:34:20.796998: | adding quick outR1 DH work-order 14 for state #7 Sep 21 07:34:20.797001: | state #7 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:34:20.797004: | libevent_free: release ptr-libevent@0x7f832c003590 Sep 21 07:34:20.797006: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f83340041c0 Sep 21 07:34:20.797009: | event_schedule: new EVENT_CRYPTO_TIMEOUT-pe@0x7f83340041c0 Sep 21 07:34:20.797013: | inserting event EVENT_CRYPTO_TIMEOUT, timeout in 60 seconds for #7 Sep 21 07:34:20.797016: | libevent_malloc: new ptr-libevent@0x7f832c003590 size 128 Sep 21 07:34:20.797022: | suspending state #7 and saving MD Sep 21 07:34:20.797025: | #7 is busy; has a suspended MD Sep 21 07:34:20.797028: | resume sending helper answer for #7 suppresed complete_v1_state_transition() and stole MD Sep 21 07:34:20.797033: | #7 spent 0.0921 milliseconds in resume sending helper answer Sep 21 07:34:20.797038: | stop processing: state #7 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:833) Sep 21 07:34:20.797041: | libevent_free: release ptr-libevent@0x7f8320008350 Sep 21 07:34:20.797056: | crypto helper 6 resuming Sep 21 07:34:20.797063: | crypto helper 6 starting work-order 14 for state #7 Sep 21 07:34:20.797067: | crypto helper 6 doing compute dh (V1 Phase 2 PFS) (quick outR1 DH); request ID 14 Sep 21 07:34:20.797576: | crypto helper 6 finished compute dh (V1 Phase 2 PFS) (quick outR1 DH); request ID 14 time elapsed 0.00051 seconds Sep 21 07:34:20.797581: | (#7) spent 0.513 milliseconds in crypto helper computing work-order 14: quick outR1 DH (pcr) Sep 21 07:34:20.797585: | crypto helper 6 sending results from work-order 14 for state #7 to event queue Sep 21 07:34:20.797587: | scheduling resume sending helper answer for #7 Sep 21 07:34:20.797589: | libevent_malloc: new ptr-libevent@0x7f8324006ad0 size 128 Sep 21 07:34:20.797595: | crypto helper 6 waiting (nothing to do) Sep 21 07:34:20.797603: | processing resume sending helper answer for #7 Sep 21 07:34:20.797612: | start processing: state #7 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:797) Sep 21 07:34:20.797617: | crypto helper 6 replies to request ID 14 Sep 21 07:34:20.797619: | calling continuation function 0x560973f3c630 Sep 21 07:34:20.797622: | quick_inI1_outR1_cryptocontinue2 for #7: calculated DH, sending R1 Sep 21 07:34:20.797627: | **emit ISAKMP Message: Sep 21 07:34:20.797630: | initiator cookie: Sep 21 07:34:20.797632: | 18 31 dd 30 0d 3e 37 d5 Sep 21 07:34:20.797635: | responder cookie: Sep 21 07:34:20.797637: | 85 08 f7 50 ae 24 38 ea Sep 21 07:34:20.797639: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:20.797642: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:34:20.797644: | exchange type: ISAKMP_XCHG_QUICK (0x20) Sep 21 07:34:20.797647: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Sep 21 07:34:20.797649: | Message ID: 4232244242 (0xfc42ec12) Sep 21 07:34:20.797652: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:34:20.797655: | ***emit ISAKMP Hash Payload: Sep 21 07:34:20.797657: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:20.797660: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Sep 21 07:34:20.797663: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'reply packet' Sep 21 07:34:20.797666: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Sep 21 07:34:20.797669: | emitting length of ISAKMP Hash Payload: 36 Sep 21 07:34:20.797671: | ***emit ISAKMP Security Association Payload: Sep 21 07:34:20.797674: | next payload type: ISAKMP_NEXT_NONCE (0xa) Sep 21 07:34:20.797676: | DOI: ISAKMP_DOI_IPSEC (0x1) Sep 21 07:34:20.797679: | next payload chain: ignoring supplied 'ISAKMP Security Association Payload'.'next payload type' value 10:ISAKMP_NEXT_NONCE Sep 21 07:34:20.797682: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Security Association Payload (1:ISAKMP_NEXT_SA) Sep 21 07:34:20.797685: | next payload chain: saving location 'ISAKMP Security Association Payload'.'next payload type' in 'reply packet' Sep 21 07:34:20.797688: | ****parse IPsec DOI SIT: Sep 21 07:34:20.797691: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) Sep 21 07:34:20.797693: | ****parse ISAKMP Proposal Payload: Sep 21 07:34:20.797696: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:20.797698: | length: 72 (0x48) Sep 21 07:34:20.797701: | proposal number: 0 (0x0) Sep 21 07:34:20.797703: | protocol ID: PROTO_IPSEC_ESP (0x3) Sep 21 07:34:20.797705: | SPI size: 4 (0x4) Sep 21 07:34:20.797708: | number of transforms: 2 (0x2) Sep 21 07:34:20.797710: | parsing 4 raw bytes of ISAKMP Proposal Payload into SPI Sep 21 07:34:20.797712: | SPI 5f 2e 4c f3 Sep 21 07:34:20.797715: | *****parse ISAKMP Transform Payload (ESP): Sep 21 07:34:20.797718: | next payload type: ISAKMP_NEXT_T (0x3) Sep 21 07:34:20.797720: | length: 32 (0x20) Sep 21 07:34:20.797723: | ESP transform number: 0 (0x0) Sep 21 07:34:20.797725: | ESP transform ID: ESP_AES (0xc) Sep 21 07:34:20.797728: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:34:20.797731: | af+type: AF+GROUP_DESCRIPTION (0x8003) Sep 21 07:34:20.797733: | length/value: 14 (0xe) Sep 21 07:34:20.797735: | [14 is OAKLEY_GROUP_MODP2048] Sep 21 07:34:20.797738: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:34:20.797740: | af+type: AF+ENCAPSULATION_MODE (0x8004) Sep 21 07:34:20.797743: | length/value: 1 (0x1) Sep 21 07:34:20.797748: | [1 is ENCAPSULATION_MODE_TUNNEL] Sep 21 07:34:20.797751: | NAT-T non-encap: Installing IPsec SA without ENCAP, st->hidden_variables.st_nat_traversal is none Sep 21 07:34:20.797753: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:34:20.797756: | af+type: AF+SA_LIFE_TYPE (0x8001) Sep 21 07:34:20.797758: | length/value: 1 (0x1) Sep 21 07:34:20.797761: | [1 is SA_LIFE_TYPE_SECONDS] Sep 21 07:34:20.797763: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:34:20.797765: | af+type: AF+SA_LIFE_DURATION (variable length) (0x8002) Sep 21 07:34:20.797768: | length/value: 28800 (0x7080) Sep 21 07:34:20.797770: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:34:20.797773: | af+type: AF+AUTH_ALGORITHM (0x8005) Sep 21 07:34:20.797775: | length/value: 2 (0x2) Sep 21 07:34:20.797777: | [2 is AUTH_ALGORITHM_HMAC_SHA1] Sep 21 07:34:20.797780: | ******parse ISAKMP IPsec DOI attribute: Sep 21 07:34:20.797782: | af+type: AF+KEY_LENGTH (0x8006) Sep 21 07:34:20.797788: | length/value: 128 (0x80) Sep 21 07:34:20.797791: | ESP IPsec Transform verified unconditionally; no alg_info to check against Sep 21 07:34:20.797793: | ****emit IPsec DOI SIT: Sep 21 07:34:20.797796: | IPsec DOI SIT: SIT_IDENTITY_ONLY (0x1) Sep 21 07:34:20.797799: | ****emit ISAKMP Proposal Payload: Sep 21 07:34:20.797818: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:20.797821: | proposal number: 0 (0x0) Sep 21 07:34:20.797826: | protocol ID: PROTO_IPSEC_ESP (0x3) Sep 21 07:34:20.797828: | SPI size: 4 (0x4) Sep 21 07:34:20.797831: | number of transforms: 1 (0x1) Sep 21 07:34:20.797834: | last substructure: saving location 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' Sep 21 07:34:20.797863: | netlink_get_spi: allocated 0x446218c0 for esp.0@192.1.2.23 Sep 21 07:34:20.797867: | emitting 4 raw bytes of SPI into ISAKMP Proposal Payload Sep 21 07:34:20.797869: | SPI 44 62 18 c0 Sep 21 07:34:20.797872: | *****emit ISAKMP Transform Payload (ESP): Sep 21 07:34:20.797874: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:20.797877: | ESP transform number: 0 (0x0) Sep 21 07:34:20.797879: | ESP transform ID: ESP_AES (0xc) Sep 21 07:34:20.797882: | last substructure: saving location 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' Sep 21 07:34:20.797885: | emitting 24 raw bytes of attributes into ISAKMP Transform Payload (ESP) Sep 21 07:34:20.797888: | attributes 80 03 00 0e 80 04 00 01 80 01 00 01 80 02 70 80 Sep 21 07:34:20.797890: | attributes 80 05 00 02 80 06 00 80 Sep 21 07:34:20.797892: | emitting length of ISAKMP Transform Payload (ESP): 32 Sep 21 07:34:20.797895: | emitting length of ISAKMP Proposal Payload: 44 Sep 21 07:34:20.797897: | last substructure: checking 'ISAKMP Proposal Payload'.'ISAKMP Transform Payload (ESP)'.'next payload type' is 0 Sep 21 07:34:20.797900: | emitting length of ISAKMP Security Association Payload: 56 Sep 21 07:34:20.797902: | last substructure: checking 'ISAKMP Security Association Payload'.'ISAKMP Proposal Payload'.'next payload type' is 0 Sep 21 07:34:20.797907: "northnet-eastnets/0x2" #7: responding to Quick Mode proposal {msgid:fc42ec12} Sep 21 07:34:20.797919: "northnet-eastnets/0x2" #7: us: 192.0.22.0/24===192.1.2.23<192.1.2.23>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org] Sep 21 07:34:20.797930: "northnet-eastnets/0x2" #7: them: 192.1.3.33<192.1.3.33>[C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org]===192.0.3.0/24 Sep 21 07:34:20.797933: | ***emit ISAKMP Nonce Payload: Sep 21 07:34:20.797935: | next payload type: ISAKMP_NEXT_KE (0x4) Sep 21 07:34:20.797938: | next payload chain: ignoring supplied 'ISAKMP Nonce Payload'.'next payload type' value 4:ISAKMP_NEXT_KE Sep 21 07:34:20.797942: | next payload chain: setting previous 'ISAKMP Security Association Payload'.'next payload type' to current ISAKMP Nonce Payload (10:ISAKMP_NEXT_NONCE) Sep 21 07:34:20.797946: | next payload chain: saving location 'ISAKMP Nonce Payload'.'next payload type' in 'reply packet' Sep 21 07:34:20.797950: | emitting 32 raw bytes of Nr into ISAKMP Nonce Payload Sep 21 07:34:20.797952: | Nr 08 5b 1c 75 29 fc a3 85 b6 86 6f bc 27 8d 1a 08 Sep 21 07:34:20.797955: | Nr 14 08 ea 4d 08 f2 93 5c 93 20 39 56 fe 94 b7 15 Sep 21 07:34:20.797957: | emitting length of ISAKMP Nonce Payload: 36 Sep 21 07:34:20.797959: | ***emit ISAKMP Key Exchange Payload: Sep 21 07:34:20.797962: | next payload type: ISAKMP_NEXT_ID (0x5) Sep 21 07:34:20.797965: | next payload chain: ignoring supplied 'ISAKMP Key Exchange Payload'.'next payload type' value 5:ISAKMP_NEXT_ID Sep 21 07:34:20.797968: | next payload chain: setting previous 'ISAKMP Nonce Payload'.'next payload type' to current ISAKMP Key Exchange Payload (4:ISAKMP_NEXT_KE) Sep 21 07:34:20.797970: | next payload chain: saving location 'ISAKMP Key Exchange Payload'.'next payload type' in 'reply packet' Sep 21 07:34:20.797973: | emitting 256 raw bytes of keyex value into ISAKMP Key Exchange Payload Sep 21 07:34:20.797976: | keyex value 57 45 0d a3 68 a3 88 0f a6 4b 97 8e c1 38 68 3e Sep 21 07:34:20.797978: | keyex value b9 6b ee 51 54 c2 5b ea 27 9f a4 7d 79 1d 25 7a Sep 21 07:34:20.797980: | keyex value ab af 90 42 47 4c a4 9a 8c 67 bf 35 39 d0 fa e9 Sep 21 07:34:20.797982: | keyex value 60 d3 02 08 00 68 05 d6 11 fb ca 57 39 99 3c e0 Sep 21 07:34:20.797984: | keyex value d2 f8 c9 56 e8 b7 c4 7f 75 0e db 44 46 7d 92 6d Sep 21 07:34:20.797987: | keyex value de 3a 5a 0a f4 73 f0 c7 4a 8d bf a9 80 8f ab 38 Sep 21 07:34:20.797989: | keyex value 77 ae e8 5e e8 47 3f f9 1d 3c 51 a9 03 ea c1 64 Sep 21 07:34:20.797991: | keyex value 14 b6 1b 32 9e f7 8f fc 5c 32 92 1c fa 9d 48 6c Sep 21 07:34:20.797993: | keyex value f4 9f fd 6d 60 56 cd d1 0e 0e 5f e8 5d 40 3f 52 Sep 21 07:34:20.797996: | keyex value 1a d2 1b 0b 91 14 31 be b5 18 f3 34 c0 f5 68 dc Sep 21 07:34:20.797998: | keyex value 84 ce 53 2c 1e 63 79 49 4c 38 ac af 0b c7 80 21 Sep 21 07:34:20.798000: | keyex value 7e c7 5f 01 96 93 36 1d c4 9e eb 8f 32 36 3c ce Sep 21 07:34:20.798003: | keyex value a4 72 61 d9 e8 68 4e c9 97 18 c9 36 35 99 b9 99 Sep 21 07:34:20.798005: | keyex value e3 53 e2 6c 8c 8c 5f b2 e7 18 0e 9c 12 ca d7 8c Sep 21 07:34:20.798007: | keyex value 83 25 ac f5 3f c8 16 e1 20 d2 f1 63 4d 17 a0 82 Sep 21 07:34:20.798009: | keyex value a0 f0 b2 5e 4d a7 57 8e 0b 9b c3 35 6a 96 d0 30 Sep 21 07:34:20.798012: | emitting length of ISAKMP Key Exchange Payload: 260 Sep 21 07:34:20.798015: | ***emit ISAKMP Identification Payload (IPsec DOI): Sep 21 07:34:20.798017: | next payload type: ISAKMP_NEXT_ID (0x5) Sep 21 07:34:20.798019: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Sep 21 07:34:20.798022: | Protocol ID: 0 (0x0) Sep 21 07:34:20.798024: | port: 0 (0x0) Sep 21 07:34:20.798027: | next payload chain: ignoring supplied 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' value 5:ISAKMP_NEXT_ID Sep 21 07:34:20.798030: | next payload chain: setting previous 'ISAKMP Key Exchange Payload'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) Sep 21 07:34:20.798033: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' Sep 21 07:34:20.798036: | emitting 8 raw bytes of ID body into ISAKMP Identification Payload (IPsec DOI) Sep 21 07:34:20.798038: | ID body c0 00 03 00 ff ff ff 00 Sep 21 07:34:20.798040: | emitting length of ISAKMP Identification Payload (IPsec DOI): 16 Sep 21 07:34:20.798043: | ***emit ISAKMP Identification Payload (IPsec DOI): Sep 21 07:34:20.798045: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:20.798047: | ID type: ID_IPV4_ADDR_SUBNET (0x4) Sep 21 07:34:20.798049: | Protocol ID: 0 (0x0) Sep 21 07:34:20.798052: | port: 0 (0x0) Sep 21 07:34:20.798055: | next payload chain: setting previous 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' to current ISAKMP Identification Payload (IPsec DOI) (5:ISAKMP_NEXT_ID) Sep 21 07:34:20.798059: | next payload chain: saving location 'ISAKMP Identification Payload (IPsec DOI)'.'next payload type' in 'reply packet' Sep 21 07:34:20.798062: | emitting 8 raw bytes of ID body into ISAKMP Identification Payload (IPsec DOI) Sep 21 07:34:20.798064: | ID body c0 00 16 00 ff ff ff 00 Sep 21 07:34:20.798067: | emitting length of ISAKMP Identification Payload (IPsec DOI): 16 Sep 21 07:34:20.798093: | quick inR1 outI2 HASH(2): Sep 21 07:34:20.798097: | 69 dd de 47 a7 e6 1d 0a 05 0c f5 28 15 75 9c 53 Sep 21 07:34:20.798099: | d8 e9 bf db f5 97 5a 14 77 f1 e6 bc ea a5 10 d6 Sep 21 07:34:20.798102: | compute_proto_keymat: needed_len (after ESP enc)=16 Sep 21 07:34:20.798104: | compute_proto_keymat: needed_len (after ESP auth)=36 Sep 21 07:34:20.798211: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:34:20.798216: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Sep 21 07:34:20.798219: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Sep 21 07:34:20.798222: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Sep 21 07:34:20.798224: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Sep 21 07:34:20.798228: | route owner of "northnet-eastnets/0x2" erouted: self Sep 21 07:34:20.798231: | install_inbound_ipsec_sa() checking if we can route Sep 21 07:34:20.798234: | could_route called for northnet-eastnets/0x2 (kind=CK_PERMANENT) Sep 21 07:34:20.798236: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:34:20.798239: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Sep 21 07:34:20.798242: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Sep 21 07:34:20.798244: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Sep 21 07:34:20.798247: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Sep 21 07:34:20.798251: | route owner of "northnet-eastnets/0x2" erouted: self; eroute owner: self Sep 21 07:34:20.798253: | routing is easy, or has resolvable near-conflict Sep 21 07:34:20.798256: | checking if this is a replacement state Sep 21 07:34:20.798259: | st=0x560974880bc0 ost=0x560974880100 st->serialno=#7 ost->serialno=#3 Sep 21 07:34:20.798262: "northnet-eastnets/0x2" #7: keeping refhim=0 during rekey Sep 21 07:34:20.798264: | installing outgoing SA now as refhim=0 Sep 21 07:34:20.798268: | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 Sep 21 07:34:20.798271: | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 Sep 21 07:34:20.798273: | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 Sep 21 07:34:20.798277: | setting IPsec SA replay-window to 32 Sep 21 07:34:20.798280: | NIC esp-hw-offload not for connection 'northnet-eastnets/0x2' not available on interface eth1 Sep 21 07:34:20.798284: | netlink: enabling tunnel mode Sep 21 07:34:20.798287: | netlink: setting IPsec SA replay-window to 32 using old-style req Sep 21 07:34:20.798289: | netlink: esp-hw-offload not set for IPsec SA Sep 21 07:34:20.798381: | netlink response for Add SA esp.5f2e4cf3@192.1.3.33 included non-error error Sep 21 07:34:20.798386: | outgoing SA has refhim=0 Sep 21 07:34:20.798389: | looking for alg with encrypt: AES_CBC keylen: 128 integ: HMAC_SHA1_96 Sep 21 07:34:20.798392: | encrypt AES_CBC keylen=128 transid=12, key_size=16, encryptalg=12 Sep 21 07:34:20.798395: | st->st_esp.keymat_len=36 is encrypt_keymat_size=16 + integ_keymat_size=20 Sep 21 07:34:20.798399: | setting IPsec SA replay-window to 32 Sep 21 07:34:20.798401: | NIC esp-hw-offload not for connection 'northnet-eastnets/0x2' not available on interface eth1 Sep 21 07:34:20.798404: | netlink: enabling tunnel mode Sep 21 07:34:20.798406: | netlink: setting IPsec SA replay-window to 32 using old-style req Sep 21 07:34:20.798424: | netlink: esp-hw-offload not set for IPsec SA Sep 21 07:34:20.798505: | netlink response for Add SA esp.446218c0@192.1.2.23 included non-error error Sep 21 07:34:20.798592: | emitting 12 zero bytes of encryption padding into ISAKMP Message Sep 21 07:34:20.798598: | no IKEv1 message padding required Sep 21 07:34:20.798601: | emitting length of ISAKMP Message: 460 Sep 21 07:34:20.798611: | finished processing quick inI1 Sep 21 07:34:20.798614: | complete v1 state transition with STF_OK Sep 21 07:34:20.798620: | [RE]START processing: state #7 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in complete_v1_state_transition() at ikev1.c:2649) Sep 21 07:34:20.798623: | #7 is idle Sep 21 07:34:20.798626: | doing_xauth:no, t_xauth_client_done:no Sep 21 07:34:20.798629: | IKEv1: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1 Sep 21 07:34:20.798632: | child state #7: QUICK_R0(established CHILD SA) => QUICK_R1(established CHILD SA) Sep 21 07:34:20.798635: | event_already_set, deleting event Sep 21 07:34:20.798638: | state #7 requesting EVENT_CRYPTO_TIMEOUT to be deleted Sep 21 07:34:20.798641: | libevent_free: release ptr-libevent@0x7f832c003590 Sep 21 07:34:20.798644: | free_event_entry: release EVENT_CRYPTO_TIMEOUT-pe@0x7f83340041c0 Sep 21 07:34:20.798649: | sending reply packet to 192.1.3.33:500 (from 192.1.2.23:500) Sep 21 07:34:20.798657: | sending 460 bytes for STATE_QUICK_R0 through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #7) Sep 21 07:34:20.798660: | 18 31 dd 30 0d 3e 37 d5 85 08 f7 50 ae 24 38 ea Sep 21 07:34:20.798662: | 08 10 20 01 fc 42 ec 12 00 00 01 cc 64 31 f0 30 Sep 21 07:34:20.798664: | 5c f4 8d 40 8d 24 23 42 cd 3d 64 31 9a 75 0a b3 Sep 21 07:34:20.798667: | 42 d0 16 e7 c2 61 9e c4 68 93 54 22 cd 80 6b ff Sep 21 07:34:20.798669: | 17 d8 55 64 f4 2e 89 cf 8d f6 16 6b 68 b2 02 aa Sep 21 07:34:20.798671: | 85 45 85 e8 7b 00 28 21 1e 4b a5 1f ee bc 15 5e Sep 21 07:34:20.798674: | 8b 00 dd 18 c1 b4 54 49 c1 a3 63 2c 8f 71 da dc Sep 21 07:34:20.798676: | 9b 2d 4a ed f7 de d6 ed e2 0f 5c ef 0f 58 27 51 Sep 21 07:34:20.798678: | 68 12 f6 4b 32 81 16 ce 22 fd 4f 99 69 df 0b ea Sep 21 07:34:20.798681: | c6 ee 1b cf 5f 6f a8 58 98 17 27 48 a9 7a 60 a2 Sep 21 07:34:20.798683: | b3 a8 74 0c 02 26 e1 4c 5c eb 41 68 28 0a c8 57 Sep 21 07:34:20.798685: | 7a 08 b0 95 d4 10 bd e0 80 11 10 d0 29 73 cb d9 Sep 21 07:34:20.798688: | 83 ce 6d ab 55 79 a9 d4 0b fb 83 16 ca 7d 94 dc Sep 21 07:34:20.798690: | c6 c3 e8 ea 11 58 5e 2c 5b 09 22 ab 3f 4c b4 e1 Sep 21 07:34:20.798692: | 4f 98 c0 87 a6 49 e0 b2 ab 62 3e dd 7b ff 99 05 Sep 21 07:34:20.798695: | d3 2c 45 a3 aa f8 eb 96 16 98 7b 16 48 a1 57 4c Sep 21 07:34:20.798697: | 09 43 15 57 25 c4 6a ce 9e b6 9c 24 67 bf 63 0e Sep 21 07:34:20.798699: | 38 1b 03 d0 f4 b8 a8 07 d0 79 11 07 13 fa 93 76 Sep 21 07:34:20.798702: | 3a f8 5d a5 21 02 8e db e7 3d 98 43 78 f4 d7 28 Sep 21 07:34:20.798704: | d4 df 2d 66 95 71 ec e2 d9 00 a4 bd e4 3c 5b 66 Sep 21 07:34:20.798706: | 22 0a bc 42 53 39 e5 a4 20 c5 65 2a c9 9c 4a 13 Sep 21 07:34:20.798708: | 71 22 6a fd f0 a9 06 1d bd 71 67 c8 b6 eb 47 4d Sep 21 07:34:20.798711: | 15 2f b8 1d ca b1 ef fd 3c 6d 80 0e 41 78 ef ca Sep 21 07:34:20.798713: | 9a a2 20 f9 2a 49 32 24 4a c6 18 d5 a2 c7 eb 3a Sep 21 07:34:20.798715: | eb 06 d6 b4 29 c9 03 cd 7e b7 56 cc 11 08 59 4f Sep 21 07:34:20.798718: | 8e 31 38 e5 8d ec 11 4e 34 5a e6 89 1c e1 1f 59 Sep 21 07:34:20.798720: | da 85 ec 06 3b 8e eb bf 69 89 bb bc 43 1c b6 d8 Sep 21 07:34:20.798722: | f7 c5 09 4d 33 ba 20 41 05 90 5c 04 9c 4c 8f fc Sep 21 07:34:20.798725: | 26 08 22 45 5e 8d 65 42 30 f1 a4 d1 Sep 21 07:34:20.798768: | !event_already_set at reschedule Sep 21 07:34:20.798774: | event_schedule: new EVENT_RETRANSMIT-pe@0x7f83340041c0 Sep 21 07:34:20.798777: | inserting event EVENT_RETRANSMIT, timeout in 0.5 seconds for #7 Sep 21 07:34:20.798781: | libevent_malloc: new ptr-libevent@0x7f832c003590 size 128 Sep 21 07:34:20.798790: | #7 STATE_QUICK_R1: retransmits: first event in 0.5 seconds; timeout in 60 seconds; limit of 12 retransmits; current time is 49907.167037 Sep 21 07:34:20.798795: | pstats #7 ikev1.ipsec established Sep 21 07:34:20.798804: | NAT-T: encaps is 'auto' Sep 21 07:34:20.798808: "northnet-eastnets/0x2" #7: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2 tunnel mode {ESP=>0x5f2e4cf3 <0x446218c0 xfrm=AES_CBC_128-HMAC_SHA1_96 NATOA=none NATD=none DPD=passive} Sep 21 07:34:20.798812: | modecfg pull: noquirk policy:push not-client Sep 21 07:34:20.798814: | phase 1 is done, looking for phase 2 to unpend Sep 21 07:34:20.798818: | resume sending helper answer for #7 suppresed complete_v1_state_transition() Sep 21 07:34:20.798823: | #7 spent 1.14 milliseconds in resume sending helper answer Sep 21 07:34:20.798828: | stop processing: state #7 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in resume_handler() at server.c:833) Sep 21 07:34:20.798832: | libevent_free: release ptr-libevent@0x7f8324006ad0 Sep 21 07:34:20.811485: | spent 0.00321 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:34:20.811508: | *received 76 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) Sep 21 07:34:20.811512: | 18 31 dd 30 0d 3e 37 d5 85 08 f7 50 ae 24 38 ea Sep 21 07:34:20.811515: | 08 10 20 01 fc 42 ec 12 00 00 00 4c ea 1e ec 85 Sep 21 07:34:20.811518: | 21 1d b9 95 34 9e 6f 00 74 52 b5 07 9b d3 ab a1 Sep 21 07:34:20.811520: | a0 b1 2a c4 fd 52 a5 21 55 82 25 b0 b2 98 b8 e7 Sep 21 07:34:20.811523: | f7 b1 6c a2 b0 40 91 2b 1b 80 b8 15 Sep 21 07:34:20.811528: | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) Sep 21 07:34:20.811532: | **parse ISAKMP Message: Sep 21 07:34:20.811535: | initiator cookie: Sep 21 07:34:20.811537: | 18 31 dd 30 0d 3e 37 d5 Sep 21 07:34:20.811540: | responder cookie: Sep 21 07:34:20.811542: | 85 08 f7 50 ae 24 38 ea Sep 21 07:34:20.811545: | next payload type: ISAKMP_NEXT_HASH (0x8) Sep 21 07:34:20.811548: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:34:20.811550: | exchange type: ISAKMP_XCHG_QUICK (0x20) Sep 21 07:34:20.811553: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Sep 21 07:34:20.811556: | Message ID: 4232244242 (0xfc42ec12) Sep 21 07:34:20.811558: | length: 76 (0x4c) Sep 21 07:34:20.811561: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32) Sep 21 07:34:20.811566: | State DB: found IKEv1 state #7 in QUICK_R1 (find_state_ikev1) Sep 21 07:34:20.811571: | start processing: state #7 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in process_v1_packet() at ikev1.c:1609) Sep 21 07:34:20.811575: | #7 is idle Sep 21 07:34:20.811577: | #7 idle Sep 21 07:34:20.811581: | received encrypted packet from 192.1.3.33:500 Sep 21 07:34:20.811599: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x100 opt: 0x0 Sep 21 07:34:20.811602: | ***parse ISAKMP Hash Payload: Sep 21 07:34:20.811605: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:20.811608: | length: 36 (0x24) Sep 21 07:34:20.811610: | removing 12 bytes of padding Sep 21 07:34:20.811640: | quick_inI2 HASH(3): Sep 21 07:34:20.811643: | 24 ec 0f 13 f3 c6 07 ff a9 e6 7e f4 80 01 e0 9a Sep 21 07:34:20.811645: | 32 4a a9 87 64 ab 0a 03 6b 33 54 a1 04 f8 d5 87 Sep 21 07:34:20.811648: | received 'quick_inI2' message HASH(3) data ok Sep 21 07:34:20.811653: | install_ipsec_sa() for #7: outbound only Sep 21 07:34:20.811656: | could_route called for northnet-eastnets/0x2 (kind=CK_PERMANENT) Sep 21 07:34:20.811659: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:34:20.811662: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Sep 21 07:34:20.811665: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Sep 21 07:34:20.811668: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Sep 21 07:34:20.811670: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Sep 21 07:34:20.811675: | route owner of "northnet-eastnets/0x2" erouted: self; eroute owner: self Sep 21 07:34:20.811678: | sr for #7: erouted Sep 21 07:34:20.811681: | route_and_eroute() for proto 0, and source port 0 dest port 0 Sep 21 07:34:20.811683: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:34:20.811689: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Sep 21 07:34:20.811692: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Sep 21 07:34:20.811694: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Sep 21 07:34:20.811697: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Sep 21 07:34:20.811701: | route owner of "northnet-eastnets/0x2" erouted: self; eroute owner: self Sep 21 07:34:20.811704: | route_and_eroute with c: northnet-eastnets/0x2 (next: none) ero:northnet-eastnets/0x2 esr:{(nil)} ro:northnet-eastnets/0x2 rosr:{(nil)} and state: #7 Sep 21 07:34:20.811708: | priority calculation of connection "northnet-eastnets/0x2" is 0xfe7e7 Sep 21 07:34:20.811718: | eroute_connection replace eroute 192.0.22.0/24:0 --0-> 192.0.3.0/24:0 => tun.0@192.1.3.33>tun.0@192.1.3.33 (raw_eroute) Sep 21 07:34:20.811723: | IPsec Sa SPD priority set to 1042407 Sep 21 07:34:20.811772: | raw_eroute result=success Sep 21 07:34:20.811776: | route_and_eroute: firewall_notified: true Sep 21 07:34:20.811780: | route_and_eroute: instance "northnet-eastnets/0x2", setting eroute_owner {spd=0x560974871780,sr=0x560974871780} to #7 (was #3) (newest_ipsec_sa=#3) Sep 21 07:34:20.811797: | #1 spent 0.132 milliseconds in install_ipsec_sa() Sep 21 07:34:20.811804: | inI2: instance northnet-eastnets/0x2[0], setting IKEv1 newest_ipsec_sa to #7 (was #3) (spd.eroute=#7) cloned from #1 Sep 21 07:34:20.811807: | DPD: dpd_init() called on IPsec SA Sep 21 07:34:20.811809: | DPD: Peer does not support Dead Peer Detection Sep 21 07:34:20.811812: | complete v1 state transition with STF_OK Sep 21 07:34:20.811817: | [RE]START processing: state #7 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in complete_v1_state_transition() at ikev1.c:2649) Sep 21 07:34:20.811820: | #7 is idle Sep 21 07:34:20.811822: | doing_xauth:no, t_xauth_client_done:no Sep 21 07:34:20.811825: | IKEv1: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2 Sep 21 07:34:20.811828: | child state #7: QUICK_R1(established CHILD SA) => QUICK_R2(established CHILD SA) Sep 21 07:34:20.811831: | event_already_set, deleting event Sep 21 07:34:20.811834: | state #7 requesting EVENT_RETRANSMIT to be deleted Sep 21 07:34:20.811837: | #7 STATE_QUICK_R2: retransmits: cleared Sep 21 07:34:20.811841: | libevent_free: release ptr-libevent@0x7f832c003590 Sep 21 07:34:20.811844: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f83340041c0 Sep 21 07:34:20.811847: | !event_already_set at reschedule Sep 21 07:34:20.811850: | event_schedule: new EVENT_SA_REPLACE-pe@0x7f83340041c0 Sep 21 07:34:20.811854: | inserting event EVENT_SA_REPLACE, timeout in 28530 seconds for #7 Sep 21 07:34:20.811857: | libevent_malloc: new ptr-libevent@0x7f832c003590 size 128 Sep 21 07:34:20.811860: | pstats #7 ikev1.ipsec established Sep 21 07:34:20.811864: | NAT-T: encaps is 'auto' Sep 21 07:34:20.811868: "northnet-eastnets/0x2" #7: STATE_QUICK_R2: IPsec SA established tunnel mode {ESP=>0x5f2e4cf3 <0x446218c0 xfrm=AES_CBC_128-HMAC_SHA1_96 NATOA=none NATD=none DPD=passive} Sep 21 07:34:20.811871: | modecfg pull: noquirk policy:push not-client Sep 21 07:34:20.811874: | phase 1 is done, looking for phase 2 to unpend Sep 21 07:34:20.811878: | #7 spent 0.215 milliseconds in process_packet_tail() Sep 21 07:34:20.811883: | stop processing: from 192.1.3.33:500 (BACKGROUND) (in process_md() at demux.c:380) Sep 21 07:34:20.811888: | stop processing: state #7 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in process_md() at demux.c:382) Sep 21 07:34:20.811891: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:34:20.811894: | spent 0.386 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:34:23.804110: | spent 0.00265 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:34:23.804140: | *received 108 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) Sep 21 07:34:23.804143: | 18 31 dd 30 0d 3e 37 d5 85 08 f7 50 ae 24 38 ea Sep 21 07:34:23.804145: | 08 10 05 01 45 c9 14 d7 00 00 00 6c de be 71 ca Sep 21 07:34:23.804149: | c4 d5 97 a7 f0 56 f4 ee c3 21 1f d4 fe 64 f8 ff Sep 21 07:34:23.804150: | 90 9e 0e 98 8b 13 3f 83 a3 2d 2e f5 7a 2d 8f 56 Sep 21 07:34:23.804152: | 98 7a 3f f8 15 2e 94 2d 90 ef 40 79 8b 72 4a 2a Sep 21 07:34:23.804153: | 54 62 ad 3e ef 7a da ed 93 ae 73 b6 5d a6 ba 17 Sep 21 07:34:23.804154: | 71 1d 04 de b3 d2 b8 2b 54 31 aa 55 Sep 21 07:34:23.804157: | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) Sep 21 07:34:23.804160: | **parse ISAKMP Message: Sep 21 07:34:23.804161: | initiator cookie: Sep 21 07:34:23.804163: | 18 31 dd 30 0d 3e 37 d5 Sep 21 07:34:23.804164: | responder cookie: Sep 21 07:34:23.804165: | 85 08 f7 50 ae 24 38 ea Sep 21 07:34:23.804167: | next payload type: ISAKMP_NEXT_HASH (0x8) Sep 21 07:34:23.804169: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:34:23.804170: | exchange type: ISAKMP_XCHG_INFO (0x5) Sep 21 07:34:23.804172: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Sep 21 07:34:23.804174: | Message ID: 1170805975 (0x45c914d7) Sep 21 07:34:23.804175: | length: 108 (0x6c) Sep 21 07:34:23.804177: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_INFO (5) Sep 21 07:34:23.804180: | peer and cookies match on #7; msgid=00000000 st_msgid=fc42ec12 st_msgid_phase15=00000000 Sep 21 07:34:23.804182: | peer and cookies match on #6; msgid=00000000 st_msgid=8b8f1195 st_msgid_phase15=00000000 Sep 21 07:34:23.804184: | peer and cookies match on #5; msgid=00000000 st_msgid=e63858db st_msgid_phase15=00000000 Sep 21 07:34:23.804186: | peer and cookies match on #4; msgid=00000000 st_msgid=7cb3d8d7 st_msgid_phase15=00000000 Sep 21 07:34:23.804187: | peer and cookies match on #3; msgid=00000000 st_msgid=f77eec5e st_msgid_phase15=00000000 Sep 21 07:34:23.804189: | peer and cookies match on #2; msgid=00000000 st_msgid=ea1e6cf8 st_msgid_phase15=00000000 Sep 21 07:34:23.804191: | peer and cookies match on #1; msgid=00000000 st_msgid=00000000 st_msgid_phase15=00000000 Sep 21 07:34:23.804193: | p15 state object #1 found, in STATE_MAIN_R3 Sep 21 07:34:23.804194: | State DB: found IKEv1 state #1 in MAIN_R3 (find_v1_info_state) Sep 21 07:34:23.804198: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in process_v1_packet() at ikev1.c:1455) Sep 21 07:34:23.804210: | #1 is idle Sep 21 07:34:23.804212: | #1 idle Sep 21 07:34:23.804214: | received encrypted packet from 192.1.3.33:500 Sep 21 07:34:23.804221: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x100 opt: 0x0 Sep 21 07:34:23.804223: | ***parse ISAKMP Hash Payload: Sep 21 07:34:23.804225: | next payload type: ISAKMP_NEXT_N (0xb) Sep 21 07:34:23.804226: | length: 36 (0x24) Sep 21 07:34:23.804228: | got payload 0x800 (ISAKMP_NEXT_N) needed: 0x0 opt: 0x0 Sep 21 07:34:23.804230: | ***parse ISAKMP Notification Payload: Sep 21 07:34:23.804232: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:23.804233: | length: 32 (0x20) Sep 21 07:34:23.804234: | DOI: ISAKMP_DOI_IPSEC (0x1) Sep 21 07:34:23.804236: | protocol ID: 1 (0x1) Sep 21 07:34:23.804237: | SPI size: 16 (0x10) Sep 21 07:34:23.804239: | Notify Message Type: R_U_THERE (0x8d28) Sep 21 07:34:23.804240: | removing 12 bytes of padding Sep 21 07:34:23.804253: | informational HASH(1): Sep 21 07:34:23.804255: | 5f 0c 6c 3f 49 20 a9 a0 50 d8 f9 57 e5 26 15 08 Sep 21 07:34:23.804257: | 00 3b 57 14 bf 11 e3 d1 26 4f 64 9e b3 ee 47 6e Sep 21 07:34:23.804258: | received 'informational' message HASH(1) data ok Sep 21 07:34:23.804260: | info: 18 31 dd 30 0d 3e 37 d5 85 08 f7 50 ae 24 38 ea Sep 21 07:34:23.804262: | info: 00 00 2b 71 Sep 21 07:34:23.804264: | processing informational R_U_THERE (36136) Sep 21 07:34:23.804266: | pstats ikev1_recv_notifies_e 36136 Sep 21 07:34:23.804269: | DPD: received R_U_THERE seq:11121 monotime:49910.172532 (state=#1 name="northnet-eastnets/0x2") Sep 21 07:34:23.804274: | **emit ISAKMP Message: Sep 21 07:34:23.804275: | initiator cookie: Sep 21 07:34:23.804277: | 18 31 dd 30 0d 3e 37 d5 Sep 21 07:34:23.804281: | responder cookie: Sep 21 07:34:23.804282: | 85 08 f7 50 ae 24 38 ea Sep 21 07:34:23.804283: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:23.804285: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:34:23.804287: | exchange type: ISAKMP_XCHG_INFO (0x5) Sep 21 07:34:23.804288: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Sep 21 07:34:23.804290: | Message ID: 3963835135 (0xec4352ff) Sep 21 07:34:23.804291: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:34:23.804293: | ***emit ISAKMP Hash Payload: Sep 21 07:34:23.804294: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:23.804296: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Sep 21 07:34:23.804298: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'ISAKMP notify' Sep 21 07:34:23.804300: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Sep 21 07:34:23.804302: | emitting length of ISAKMP Hash Payload: 36 Sep 21 07:34:23.804303: | ***emit ISAKMP Notification Payload: Sep 21 07:34:23.804304: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:23.804306: | DOI: ISAKMP_DOI_IPSEC (0x1) Sep 21 07:34:23.804307: | protocol ID: 1 (0x1) Sep 21 07:34:23.804309: | SPI size: 16 (0x10) Sep 21 07:34:23.804310: | Notify Message Type: R_U_THERE_ACK (0x8d29) Sep 21 07:34:23.804312: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Notification Payload (11:ISAKMP_NEXT_N) Sep 21 07:34:23.804314: | next payload chain: saving location 'ISAKMP Notification Payload'.'next payload type' in 'ISAKMP notify' Sep 21 07:34:23.804316: | emitting 8 raw bytes of notify icookie into ISAKMP Notification Payload Sep 21 07:34:23.804317: | notify icookie 18 31 dd 30 0d 3e 37 d5 Sep 21 07:34:23.804319: | emitting 8 raw bytes of notify rcookie into ISAKMP Notification Payload Sep 21 07:34:23.804320: | notify rcookie 85 08 f7 50 ae 24 38 ea Sep 21 07:34:23.804322: | emitting 4 raw bytes of notify data into ISAKMP Notification Payload Sep 21 07:34:23.804323: | notify data 00 00 2b 71 Sep 21 07:34:23.804325: | emitting length of ISAKMP Notification Payload: 32 Sep 21 07:34:23.804333: | notification HASH(1): Sep 21 07:34:23.804335: | b7 07 64 59 51 42 a9 e9 a4 44 0a f2 5a 51 5b f6 Sep 21 07:34:23.804337: | 96 eb ec 4e a2 43 31 d3 59 dd 7e 40 29 d3 47 25 Sep 21 07:34:23.804340: | emitting 12 zero bytes of encryption padding into ISAKMP Message Sep 21 07:34:23.804342: | no IKEv1 message padding required Sep 21 07:34:23.804343: | emitting length of ISAKMP Message: 108 Sep 21 07:34:23.804350: | sending 108 bytes for ISAKMP notify through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) Sep 21 07:34:23.804352: | 18 31 dd 30 0d 3e 37 d5 85 08 f7 50 ae 24 38 ea Sep 21 07:34:23.804353: | 08 10 05 01 ec 43 52 ff 00 00 00 6c b4 70 c3 2d Sep 21 07:34:23.804355: | 8c e3 0a bf af 4b 44 a1 66 52 b0 28 5a 2e 2e 11 Sep 21 07:34:23.804356: | c8 e3 0f 6d c3 19 f3 66 1f 74 bf 0e 4d 3f a6 a6 Sep 21 07:34:23.804357: | 6e 69 04 0d ee 57 69 60 21 bd 5c 7d d8 48 9f 36 Sep 21 07:34:23.804359: | d5 7b b4 9c 75 1d 39 d1 77 21 fb ad 65 b8 2a 3f Sep 21 07:34:23.804360: | 17 58 c8 28 19 9d 1e 4f f4 53 54 59 Sep 21 07:34:23.804387: | complete v1 state transition with STF_IGNORE Sep 21 07:34:23.804406: | #1 spent 0.127 milliseconds in process_packet_tail() Sep 21 07:34:23.804409: | stop processing: from 192.1.3.33:500 (BACKGROUND) (in process_md() at demux.c:380) Sep 21 07:34:23.804412: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in process_md() at demux.c:382) Sep 21 07:34:23.804414: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:34:23.804417: | spent 0.282 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:34:24.233802: | processing global timer EVENT_PENDING_DDNS Sep 21 07:34:24.233834: | FOR_EACH_CONNECTION_... in connection_check_ddns Sep 21 07:34:24.233839: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Sep 21 07:34:24.233843: | elapsed time in connection_check_ddns for hostname lookup 0.000008 Sep 21 07:34:24.233848: | spent 0.0119 milliseconds in global timer EVENT_PENDING_DDNS Sep 21 07:34:24.234911: | processing global timer EVENT_SHUNT_SCAN Sep 21 07:34:24.234921: | expiring aged bare shunts from shunt table Sep 21 07:34:24.234926: | spent 0.00418 milliseconds in global timer EVENT_SHUNT_SCAN Sep 21 07:34:26.805318: | spent 0.003 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:34:26.805336: | *received 108 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) Sep 21 07:34:26.805339: | 18 31 dd 30 0d 3e 37 d5 85 08 f7 50 ae 24 38 ea Sep 21 07:34:26.805341: | 08 10 05 01 7a b6 27 5f 00 00 00 6c 7f 1b 72 12 Sep 21 07:34:26.805355: | 87 89 b0 ff 3c 4f e3 fc 5a 1d 71 42 2c 30 d8 41 Sep 21 07:34:26.805357: | ac 7e c4 c6 de 2e 43 5f a2 47 2b 06 ce e7 4b 84 Sep 21 07:34:26.805358: | 4c b1 42 e6 17 5a 63 a3 cd 60 a3 93 cd 3a 14 5d Sep 21 07:34:26.805359: | cc 51 03 be 48 2b b4 d0 a9 e8 ca 6f 76 01 3f d4 Sep 21 07:34:26.805361: | ff f8 5c 5e 64 18 39 26 0a 1f f6 70 Sep 21 07:34:26.805364: | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) Sep 21 07:34:26.805366: | **parse ISAKMP Message: Sep 21 07:34:26.805368: | initiator cookie: Sep 21 07:34:26.805369: | 18 31 dd 30 0d 3e 37 d5 Sep 21 07:34:26.805371: | responder cookie: Sep 21 07:34:26.805372: | 85 08 f7 50 ae 24 38 ea Sep 21 07:34:26.805374: | next payload type: ISAKMP_NEXT_HASH (0x8) Sep 21 07:34:26.805375: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:34:26.805377: | exchange type: ISAKMP_XCHG_INFO (0x5) Sep 21 07:34:26.805378: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Sep 21 07:34:26.805380: | Message ID: 2058757983 (0x7ab6275f) Sep 21 07:34:26.805382: | length: 108 (0x6c) Sep 21 07:34:26.805383: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_INFO (5) Sep 21 07:34:26.805387: | peer and cookies match on #7; msgid=00000000 st_msgid=fc42ec12 st_msgid_phase15=00000000 Sep 21 07:34:26.805388: | peer and cookies match on #6; msgid=00000000 st_msgid=8b8f1195 st_msgid_phase15=00000000 Sep 21 07:34:26.805390: | peer and cookies match on #5; msgid=00000000 st_msgid=e63858db st_msgid_phase15=00000000 Sep 21 07:34:26.805392: | peer and cookies match on #4; msgid=00000000 st_msgid=7cb3d8d7 st_msgid_phase15=00000000 Sep 21 07:34:26.805393: | peer and cookies match on #3; msgid=00000000 st_msgid=f77eec5e st_msgid_phase15=00000000 Sep 21 07:34:26.805395: | peer and cookies match on #2; msgid=00000000 st_msgid=ea1e6cf8 st_msgid_phase15=00000000 Sep 21 07:34:26.805397: | peer and cookies match on #1; msgid=00000000 st_msgid=00000000 st_msgid_phase15=00000000 Sep 21 07:34:26.805399: | p15 state object #1 found, in STATE_MAIN_R3 Sep 21 07:34:26.805400: | State DB: found IKEv1 state #1 in MAIN_R3 (find_v1_info_state) Sep 21 07:34:26.805404: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in process_v1_packet() at ikev1.c:1455) Sep 21 07:34:26.805416: | #1 is idle Sep 21 07:34:26.805418: | #1 idle Sep 21 07:34:26.805421: | received encrypted packet from 192.1.3.33:500 Sep 21 07:34:26.805428: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x100 opt: 0x0 Sep 21 07:34:26.805430: | ***parse ISAKMP Hash Payload: Sep 21 07:34:26.805432: | next payload type: ISAKMP_NEXT_N (0xb) Sep 21 07:34:26.805433: | length: 36 (0x24) Sep 21 07:34:26.805435: | got payload 0x800 (ISAKMP_NEXT_N) needed: 0x0 opt: 0x0 Sep 21 07:34:26.805437: | ***parse ISAKMP Notification Payload: Sep 21 07:34:26.805438: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:26.805440: | length: 32 (0x20) Sep 21 07:34:26.805441: | DOI: ISAKMP_DOI_IPSEC (0x1) Sep 21 07:34:26.805442: | protocol ID: 1 (0x1) Sep 21 07:34:26.805444: | SPI size: 16 (0x10) Sep 21 07:34:26.805445: | Notify Message Type: R_U_THERE (0x8d28) Sep 21 07:34:26.805449: | removing 12 bytes of padding Sep 21 07:34:26.805463: | informational HASH(1): Sep 21 07:34:26.805465: | 34 b4 2c ac 4c b5 7a 09 0c 55 11 2d dd b1 f3 a4 Sep 21 07:34:26.805467: | 9f 61 03 b5 3f 01 e8 65 2b 26 29 e9 6f 07 55 36 Sep 21 07:34:26.805468: | received 'informational' message HASH(1) data ok Sep 21 07:34:26.805470: | info: 18 31 dd 30 0d 3e 37 d5 85 08 f7 50 ae 24 38 ea Sep 21 07:34:26.805471: | info: 00 00 2b 72 Sep 21 07:34:26.805474: | processing informational R_U_THERE (36136) Sep 21 07:34:26.805475: | pstats ikev1_recv_notifies_e 36136 Sep 21 07:34:26.805478: | DPD: received R_U_THERE seq:11122 monotime:49913.173742 (state=#1 name="northnet-eastnets/0x2") Sep 21 07:34:26.805484: | **emit ISAKMP Message: Sep 21 07:34:26.805486: | initiator cookie: Sep 21 07:34:26.805487: | 18 31 dd 30 0d 3e 37 d5 Sep 21 07:34:26.805488: | responder cookie: Sep 21 07:34:26.805490: | 85 08 f7 50 ae 24 38 ea Sep 21 07:34:26.805491: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:26.805493: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:34:26.805494: | exchange type: ISAKMP_XCHG_INFO (0x5) Sep 21 07:34:26.805496: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Sep 21 07:34:26.805497: | Message ID: 323026749 (0x1340ff3d) Sep 21 07:34:26.805499: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:34:26.805501: | ***emit ISAKMP Hash Payload: Sep 21 07:34:26.805502: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:26.805504: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Sep 21 07:34:26.805506: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'ISAKMP notify' Sep 21 07:34:26.805508: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Sep 21 07:34:26.805509: | emitting length of ISAKMP Hash Payload: 36 Sep 21 07:34:26.805511: | ***emit ISAKMP Notification Payload: Sep 21 07:34:26.805512: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:26.805514: | DOI: ISAKMP_DOI_IPSEC (0x1) Sep 21 07:34:26.805515: | protocol ID: 1 (0x1) Sep 21 07:34:26.805516: | SPI size: 16 (0x10) Sep 21 07:34:26.805518: | Notify Message Type: R_U_THERE_ACK (0x8d29) Sep 21 07:34:26.805520: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Notification Payload (11:ISAKMP_NEXT_N) Sep 21 07:34:26.805522: | next payload chain: saving location 'ISAKMP Notification Payload'.'next payload type' in 'ISAKMP notify' Sep 21 07:34:26.805524: | emitting 8 raw bytes of notify icookie into ISAKMP Notification Payload Sep 21 07:34:26.805525: | notify icookie 18 31 dd 30 0d 3e 37 d5 Sep 21 07:34:26.805527: | emitting 8 raw bytes of notify rcookie into ISAKMP Notification Payload Sep 21 07:34:26.805528: | notify rcookie 85 08 f7 50 ae 24 38 ea Sep 21 07:34:26.805529: | emitting 4 raw bytes of notify data into ISAKMP Notification Payload Sep 21 07:34:26.805531: | notify data 00 00 2b 72 Sep 21 07:34:26.805532: | emitting length of ISAKMP Notification Payload: 32 Sep 21 07:34:26.805541: | notification HASH(1): Sep 21 07:34:26.805543: | 83 74 3c bb c3 bf 3b 29 5c 21 79 a8 54 5f d1 30 Sep 21 07:34:26.805544: | d8 7b 51 c8 dd 0d 84 71 af 64 bc 93 56 7a 22 92 Sep 21 07:34:26.805548: | emitting 12 zero bytes of encryption padding into ISAKMP Message Sep 21 07:34:26.805549: | no IKEv1 message padding required Sep 21 07:34:26.805551: | emitting length of ISAKMP Message: 108 Sep 21 07:34:26.805557: | sending 108 bytes for ISAKMP notify through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) Sep 21 07:34:26.805558: | 18 31 dd 30 0d 3e 37 d5 85 08 f7 50 ae 24 38 ea Sep 21 07:34:26.805560: | 08 10 05 01 13 40 ff 3d 00 00 00 6c be f3 4a 7e Sep 21 07:34:26.805561: | 9a a7 50 84 76 97 e4 34 55 fc a2 a3 f9 1e b3 cd Sep 21 07:34:26.805562: | 2f 10 26 69 78 45 db cc 93 a5 27 c3 6f 40 4a 71 Sep 21 07:34:26.805565: | e7 30 de a3 9a a5 5c 40 76 84 da 5d 2a 0f 6b 45 Sep 21 07:34:26.805567: | b8 8a 3a e2 34 dd 8e 7c c8 2f 6f e3 ee 20 7f d3 Sep 21 07:34:26.805568: | d3 18 2b bd 77 b2 f7 c3 68 12 4e a6 Sep 21 07:34:26.805592: | complete v1 state transition with STF_IGNORE Sep 21 07:34:26.805611: | #1 spent 0.124 milliseconds in process_packet_tail() Sep 21 07:34:26.805615: | stop processing: from 192.1.3.33:500 (BACKGROUND) (in process_md() at demux.c:380) Sep 21 07:34:26.805618: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in process_md() at demux.c:382) Sep 21 07:34:26.805620: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:34:26.805622: | spent 0.28 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:34:26.855708: | processing global timer EVENT_NAT_T_KEEPALIVE Sep 21 07:34:26.855722: | FOR_EACH_STATE_... in nat_traversal_ka_event (for_each_state) Sep 21 07:34:26.855729: | start processing: state #7 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in for_each_state() at state.c:1572) Sep 21 07:34:26.855731: | not behind NAT: no NAT-T KEEP-ALIVE required for conn northnet-eastnets/0x2 Sep 21 07:34:26.855735: | [RE]START processing: state #7 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in nat_traversal_send_ka() at nat_traversal.c:773) Sep 21 07:34:26.855737: | ka_event: send NAT-KA to 192.1.3.33:500 (state=#7) Sep 21 07:34:26.855739: | sending NAT-T Keep Alive Sep 21 07:34:26.855743: | sending 1 bytes for NAT-T Keep Alive through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #7) Sep 21 07:34:26.855745: | ff Sep 21 07:34:26.855797: | stop processing: state #7 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in nat_traversal_send_ka() at nat_traversal.c:782) Sep 21 07:34:26.855805: | processing: STOP state #0 (in for_each_state() at state.c:1574) Sep 21 07:34:26.855811: | start processing: state #6 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in for_each_state() at state.c:1572) Sep 21 07:34:26.855814: | not behind NAT: no NAT-T KEEP-ALIVE required for conn northnet-eastnets/0x1 Sep 21 07:34:26.855818: | stop processing: state #6 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in for_each_state() at state.c:1574) Sep 21 07:34:26.855823: | start processing: state #5 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in for_each_state() at state.c:1572) Sep 21 07:34:26.855826: | not behind NAT: no NAT-T KEEP-ALIVE required for conn northnet-eastnets/0x2 Sep 21 07:34:26.855831: | stop processing: state #5 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in for_each_state() at state.c:1574) Sep 21 07:34:26.855836: | start processing: state #4 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in for_each_state() at state.c:1572) Sep 21 07:34:26.855838: | not behind NAT: no NAT-T KEEP-ALIVE required for conn northnet-eastnets/0x1 Sep 21 07:34:26.855843: | [RE]START processing: state #4 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in nat_traversal_send_ka() at nat_traversal.c:773) Sep 21 07:34:26.855845: | ka_event: send NAT-KA to 192.1.3.33:500 (state=#4) Sep 21 07:34:26.855847: | sending NAT-T Keep Alive Sep 21 07:34:26.855850: | sending 1 bytes for NAT-T Keep Alive through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #4) Sep 21 07:34:26.855852: | ff Sep 21 07:34:26.855869: | stop processing: state #4 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in nat_traversal_send_ka() at nat_traversal.c:782) Sep 21 07:34:26.855873: | processing: STOP state #0 (in for_each_state() at state.c:1574) Sep 21 07:34:26.855878: | start processing: state #3 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in for_each_state() at state.c:1572) Sep 21 07:34:26.855881: | not behind NAT: no NAT-T KEEP-ALIVE required for conn northnet-eastnets/0x2 Sep 21 07:34:26.855885: | stop processing: state #3 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in for_each_state() at state.c:1574) Sep 21 07:34:26.855890: | start processing: state #2 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in for_each_state() at state.c:1572) Sep 21 07:34:26.855895: | not behind NAT: no NAT-T KEEP-ALIVE required for conn northnet-eastnets/0x1 Sep 21 07:34:26.855898: | stop processing: state #2 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in for_each_state() at state.c:1574) Sep 21 07:34:26.855901: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in for_each_state() at state.c:1572) Sep 21 07:34:26.855903: | not behind NAT: no NAT-T KEEP-ALIVE required for conn northnet-eastnets/0x2 Sep 21 07:34:26.855905: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in for_each_state() at state.c:1574) Sep 21 07:34:26.855907: | global one-shot timer EVENT_NAT_T_KEEPALIVE scheduled in 20 seconds Sep 21 07:34:26.855912: | spent 0.153 milliseconds in global timer EVENT_NAT_T_KEEPALIVE Sep 21 07:34:27.968808: | timer_event_cb: processing event@0x7f8324002b20 Sep 21 07:34:27.968817: | handling event EVENT_RETRANSMIT for child state #6 Sep 21 07:34:27.968824: | start processing: state #6 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in timer_event_cb() at timer.c:250) Sep 21 07:34:27.968826: | IKEv1 retransmit event Sep 21 07:34:27.968829: | [RE]START processing: state #6 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in retransmit_v1_msg() at retry.c:61) Sep 21 07:34:27.968832: | handling event EVENT_RETRANSMIT for 192.1.3.33 "northnet-eastnets/0x1" #6 keying attempt 0 of 0; retransmit 6 Sep 21 07:34:27.968837: | retransmits: current time 49914.337099; retransmit count 5 exceeds limit? NO; deltatime 16 exceeds limit? NO; monotime 16.009067 exceeds limit? NO Sep 21 07:34:27.968840: | event_schedule: new EVENT_RETRANSMIT-pe@0x56097486a310 Sep 21 07:34:27.968842: | inserting event EVENT_RETRANSMIT, timeout in 16 seconds for #6 Sep 21 07:34:27.968845: | libevent_malloc: new ptr-libevent@0x7f8324006ad0 size 128 Sep 21 07:34:27.968848: "northnet-eastnets/0x1" #6: STATE_QUICK_R1: retransmission; will wait 16 seconds for response Sep 21 07:34:27.968852: | sending 460 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #6) Sep 21 07:34:27.968854: | 18 31 dd 30 0d 3e 37 d5 85 08 f7 50 ae 24 38 ea Sep 21 07:34:27.968855: | 08 10 20 01 8b 8f 11 95 00 00 01 cc 5e ee a7 c7 Sep 21 07:34:27.968857: | f0 ef 01 98 d3 79 d3 20 38 8f 58 1b ee b7 a6 48 Sep 21 07:34:27.968858: | ff cd e1 2a 72 d3 7e e0 e2 c1 43 78 d4 38 25 84 Sep 21 07:34:27.968860: | 35 3e 94 6d 2d c4 a9 19 78 ac 1c cb 1d f9 f6 59 Sep 21 07:34:27.968861: | df 81 57 3b 9e 7e a4 65 e1 eb 11 e6 77 a1 08 f8 Sep 21 07:34:27.968862: | 31 a7 d5 3b fd f8 8a 29 93 f5 e4 c7 bf aa 8d 4a Sep 21 07:34:27.968864: | 2c de 09 e4 70 07 a6 8f 06 17 ac 7d 5a 85 43 3d Sep 21 07:34:27.968865: | da 86 9a e4 a0 1a 22 14 05 6a da 61 c5 3d dd e5 Sep 21 07:34:27.968866: | 1b ce d0 f9 a2 a7 67 ee 1c 96 da dd 62 f9 a1 7a Sep 21 07:34:27.968868: | 58 65 49 06 e7 70 ed 52 fc 43 dd 0b 33 0b a0 ff Sep 21 07:34:27.968869: | ae ca 1a 33 b5 45 62 11 77 46 8e 2a 21 c1 2e 1f Sep 21 07:34:27.968870: | 7b e0 46 79 72 b7 53 c9 41 c3 6a 0c b3 04 ac 5c Sep 21 07:34:27.968872: | 1f 73 95 92 c3 53 a1 cb 21 ce 63 8a ae 92 98 ee Sep 21 07:34:27.968873: | 4f f1 dd d7 66 5c 2c 82 1b 22 e4 67 b1 cb 27 4b Sep 21 07:34:27.968874: | 3f d6 0c 5d 09 1f 05 ac 40 58 4f a9 e0 16 67 33 Sep 21 07:34:27.968876: | 02 fd ce 69 72 70 47 29 d0 79 3e 48 e0 8f 0f d3 Sep 21 07:34:27.968877: | 25 47 31 51 53 58 41 94 69 f1 66 cd 48 65 df 5a Sep 21 07:34:27.968879: | b7 d7 af b0 eb 4a 41 91 51 25 d4 b7 18 83 14 7d Sep 21 07:34:27.968880: | 7d 0f 22 9b 65 3b 00 cf ef 1f 1a a6 90 56 e4 ee Sep 21 07:34:27.968881: | 18 73 22 04 75 dd 5b 83 a5 82 3d 4a 22 b2 f5 c5 Sep 21 07:34:27.968883: | b0 6f 10 52 a3 c5 38 94 da 9c 93 4a e7 0a bc 3a Sep 21 07:34:27.968884: | 92 eb fc c1 28 74 e5 72 e0 e4 1a d2 53 3c f2 43 Sep 21 07:34:27.968885: | ab 72 53 4f db 17 92 bb e7 b5 98 09 b5 71 26 1a Sep 21 07:34:27.968890: | a2 eb 80 c1 6e c5 a4 3d 9b 39 8d ad 65 e2 84 aa Sep 21 07:34:27.968891: | 89 66 4d 7e ef e8 ac 6b d1 5e d4 95 5c 3e 37 93 Sep 21 07:34:27.968892: | af df a5 1f cf 18 a1 7c 39 80 74 57 7a b9 cc 39 Sep 21 07:34:27.968894: | a6 8a b0 39 8a 88 90 25 83 ea da 15 00 e3 a7 14 Sep 21 07:34:27.968895: | f2 9b a3 4b e1 ab 49 dc ae c7 84 9c Sep 21 07:34:27.968942: | libevent_free: release ptr-libevent@0x7f8338006ad0 Sep 21 07:34:27.968946: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f8324002b20 Sep 21 07:34:27.968954: | #6 spent 0.121 milliseconds in timer_event_cb() EVENT_RETRANSMIT Sep 21 07:34:27.968958: | stop processing: state #6 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in timer_event_cb() at timer.c:557) Sep 21 07:34:27.968961: | timer_event_cb: processing event@0x56097486afb0 Sep 21 07:34:27.968964: | handling event EVENT_RETRANSMIT for child state #5 Sep 21 07:34:27.968969: | start processing: state #5 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in timer_event_cb() at timer.c:250) Sep 21 07:34:27.968971: | IKEv1 retransmit event Sep 21 07:34:27.968976: | [RE]START processing: state #5 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in retransmit_v1_msg() at retry.c:61) Sep 21 07:34:27.968980: | handling event EVENT_RETRANSMIT for 192.1.3.33 "northnet-eastnets/0x2" #5 keying attempt 0 of 0; retransmit 6 Sep 21 07:34:27.968986: | retransmits: current time 49914.337247; retransmit count 5 exceeds limit? NO; deltatime 16 exceeds limit? NO; monotime 16.008123 exceeds limit? NO Sep 21 07:34:27.968988: | event_schedule: new EVENT_RETRANSMIT-pe@0x7f8324002b20 Sep 21 07:34:27.968992: | inserting event EVENT_RETRANSMIT, timeout in 16 seconds for #5 Sep 21 07:34:27.968995: | libevent_malloc: new ptr-libevent@0x7f8338006ad0 size 128 Sep 21 07:34:27.968998: "northnet-eastnets/0x2" #5: STATE_QUICK_R1: retransmission; will wait 16 seconds for response Sep 21 07:34:27.969004: | sending 460 bytes for EVENT_RETRANSMIT through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #5) Sep 21 07:34:27.969019: | 18 31 dd 30 0d 3e 37 d5 85 08 f7 50 ae 24 38 ea Sep 21 07:34:27.969021: | 08 10 20 01 e6 38 58 db 00 00 01 cc 70 45 50 0b Sep 21 07:34:27.969024: | cc 45 24 c0 ae b4 48 2e 2a 93 04 c0 8a 32 a9 72 Sep 21 07:34:27.969026: | ca 7b 35 30 7e 3c ec c5 69 01 83 e4 e6 15 7f f5 Sep 21 07:34:27.969028: | 54 57 5d 44 c4 e2 5b a0 50 49 79 61 01 08 93 38 Sep 21 07:34:27.969031: | fa 73 44 55 02 13 de 65 07 4e e4 15 02 20 db 08 Sep 21 07:34:27.969033: | da c2 cd 77 2c 71 25 41 73 1b 53 4d 85 8c e8 4d Sep 21 07:34:27.969035: | 63 14 df 1b bc 72 d0 8b 8d f3 c7 11 bb 0c c2 cc Sep 21 07:34:27.969037: | 1e 1c 9d ca 95 66 28 2e e7 b3 c8 09 33 1f 8f 8a Sep 21 07:34:27.969040: | 5e ae 1c f9 77 4c 27 c0 d5 bb 4a 05 b7 f7 7c 79 Sep 21 07:34:27.969042: | b2 d8 26 e8 dd 68 39 d8 38 ff 31 8b 23 ca 2f 5e Sep 21 07:34:27.969044: | 72 4e 40 64 b5 e3 09 34 10 45 88 12 94 b9 e8 8d Sep 21 07:34:27.969046: | 6b ba cc 10 9e d2 e1 19 0d 7d 68 ab cd dc 00 55 Sep 21 07:34:27.969048: | 48 9a 95 e3 02 13 08 14 31 ca 3f 65 08 eb ca c5 Sep 21 07:34:27.969050: | c6 b1 9e 85 55 92 49 3a 93 f0 de fa da e6 54 ef Sep 21 07:34:27.969053: | 68 71 fa 20 db 06 06 2b 0e 87 71 61 5b a5 71 7f Sep 21 07:34:27.969055: | 22 d6 3e 71 42 a0 6c c5 ca 8c 95 58 c1 85 1b c4 Sep 21 07:34:27.969057: | a7 94 bc a0 31 19 7a 0f 9c 80 b4 cd 3a 2e ae 42 Sep 21 07:34:27.969060: | 41 73 9e 44 02 20 49 0b c3 1d 46 f6 3b 15 80 9e Sep 21 07:34:27.969062: | e0 b6 61 3c 92 61 f6 86 f5 02 21 3c 5c 1c 4a 91 Sep 21 07:34:27.969064: | af 36 9b e4 75 0b 02 c6 a6 24 10 c8 a5 bb 0d 28 Sep 21 07:34:27.969066: | 65 1e ac 9f cb a0 b7 77 9c ba 0f 88 96 08 69 45 Sep 21 07:34:27.969069: | 99 fd 29 0b fd ed 24 d3 20 7b 22 b9 0c 93 e1 9f Sep 21 07:34:27.969071: | 2d 96 5f 54 f5 8c db c3 2a 00 b8 c9 a5 15 d8 7b Sep 21 07:34:27.969073: | 81 4c 09 3b 97 d9 a2 f3 be 8f da 53 d7 11 88 81 Sep 21 07:34:27.969075: | 41 98 07 85 94 87 7a 6b 23 38 2d 3e cb c1 61 19 Sep 21 07:34:27.969079: | 52 12 48 ff 37 82 f4 9f 20 f2 9e 40 00 e9 e2 20 Sep 21 07:34:27.969081: | 28 1d 66 d4 da 6d 3a 99 2d 9d d6 29 e3 c0 57 72 Sep 21 07:34:27.969083: | 0f 4d e9 c7 13 6c a0 f7 cc f6 b1 49 Sep 21 07:34:27.969117: | libevent_free: release ptr-libevent@0x7f832c002e90 Sep 21 07:34:27.969121: | free_event_entry: release EVENT_RETRANSMIT-pe@0x56097486afb0 Sep 21 07:34:27.969138: | #5 spent 0.165 milliseconds in timer_event_cb() EVENT_RETRANSMIT Sep 21 07:34:27.969143: | stop processing: state #5 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in timer_event_cb() at timer.c:557) Sep 21 07:34:29.809395: | spent 0.00359 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:34:29.809418: | *received 108 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) Sep 21 07:34:29.809422: | 18 31 dd 30 0d 3e 37 d5 85 08 f7 50 ae 24 38 ea Sep 21 07:34:29.809425: | 08 10 05 01 e2 d2 66 d4 00 00 00 6c 7e 2e 5a f7 Sep 21 07:34:29.809427: | 1d 17 d0 5a a8 75 5f 3d 10 b4 e1 03 e1 6a f3 83 Sep 21 07:34:29.809429: | 04 73 dd 0e db f7 0f 0e b3 f0 cf 8f 4d db 42 b9 Sep 21 07:34:29.809432: | 14 fe 80 3c cc 7f 46 1b 9c 0f 9e 34 f4 c7 ae 2c Sep 21 07:34:29.809434: | 95 66 e9 a9 7a 0c 13 cc 35 2f 69 04 6a f8 5a 5f Sep 21 07:34:29.809436: | fd ae dd d0 be c5 44 dc 41 4a 09 da Sep 21 07:34:29.809441: | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) Sep 21 07:34:29.809444: | **parse ISAKMP Message: Sep 21 07:34:29.809447: | initiator cookie: Sep 21 07:34:29.809449: | 18 31 dd 30 0d 3e 37 d5 Sep 21 07:34:29.809452: | responder cookie: Sep 21 07:34:29.809454: | 85 08 f7 50 ae 24 38 ea Sep 21 07:34:29.809457: | next payload type: ISAKMP_NEXT_HASH (0x8) Sep 21 07:34:29.809459: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:34:29.809462: | exchange type: ISAKMP_XCHG_INFO (0x5) Sep 21 07:34:29.809464: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Sep 21 07:34:29.809467: | Message ID: 3805439700 (0xe2d266d4) Sep 21 07:34:29.809470: | length: 108 (0x6c) Sep 21 07:34:29.809472: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_INFO (5) Sep 21 07:34:29.809477: | peer and cookies match on #7; msgid=00000000 st_msgid=fc42ec12 st_msgid_phase15=00000000 Sep 21 07:34:29.809480: | peer and cookies match on #6; msgid=00000000 st_msgid=8b8f1195 st_msgid_phase15=00000000 Sep 21 07:34:29.809483: | peer and cookies match on #5; msgid=00000000 st_msgid=e63858db st_msgid_phase15=00000000 Sep 21 07:34:29.809486: | peer and cookies match on #4; msgid=00000000 st_msgid=7cb3d8d7 st_msgid_phase15=00000000 Sep 21 07:34:29.809489: | peer and cookies match on #3; msgid=00000000 st_msgid=f77eec5e st_msgid_phase15=00000000 Sep 21 07:34:29.809492: | peer and cookies match on #2; msgid=00000000 st_msgid=ea1e6cf8 st_msgid_phase15=00000000 Sep 21 07:34:29.809495: | peer and cookies match on #1; msgid=00000000 st_msgid=00000000 st_msgid_phase15=00000000 Sep 21 07:34:29.809497: | p15 state object #1 found, in STATE_MAIN_R3 Sep 21 07:34:29.809500: | State DB: found IKEv1 state #1 in MAIN_R3 (find_v1_info_state) Sep 21 07:34:29.809506: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in process_v1_packet() at ikev1.c:1455) Sep 21 07:34:29.809525: | #1 is idle Sep 21 07:34:29.809528: | #1 idle Sep 21 07:34:29.809532: | received encrypted packet from 192.1.3.33:500 Sep 21 07:34:29.809544: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x100 opt: 0x0 Sep 21 07:34:29.809547: | ***parse ISAKMP Hash Payload: Sep 21 07:34:29.809550: | next payload type: ISAKMP_NEXT_N (0xb) Sep 21 07:34:29.809552: | length: 36 (0x24) Sep 21 07:34:29.809555: | got payload 0x800 (ISAKMP_NEXT_N) needed: 0x0 opt: 0x0 Sep 21 07:34:29.809558: | ***parse ISAKMP Notification Payload: Sep 21 07:34:29.809560: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:29.809563: | length: 32 (0x20) Sep 21 07:34:29.809565: | DOI: ISAKMP_DOI_IPSEC (0x1) Sep 21 07:34:29.809571: | protocol ID: 1 (0x1) Sep 21 07:34:29.809574: | SPI size: 16 (0x10) Sep 21 07:34:29.809576: | Notify Message Type: R_U_THERE (0x8d28) Sep 21 07:34:29.809578: | removing 12 bytes of padding Sep 21 07:34:29.809601: | informational HASH(1): Sep 21 07:34:29.809604: | f0 4e 1b 52 9d 3f 66 8a b0 6e 40 fc 36 9d 97 76 Sep 21 07:34:29.809607: | 2b fe de f0 15 da 82 75 05 c2 0f 6a 3a 1a a4 24 Sep 21 07:34:29.809609: | received 'informational' message HASH(1) data ok Sep 21 07:34:29.809612: | info: 18 31 dd 30 0d 3e 37 d5 85 08 f7 50 ae 24 38 ea Sep 21 07:34:29.809614: | info: 00 00 2b 73 Sep 21 07:34:29.809618: | processing informational R_U_THERE (36136) Sep 21 07:34:29.809620: | pstats ikev1_recv_notifies_e 36136 Sep 21 07:34:29.809625: | DPD: received R_U_THERE seq:11123 monotime:49916.177888 (state=#1 name="northnet-eastnets/0x2") Sep 21 07:34:29.809632: | **emit ISAKMP Message: Sep 21 07:34:29.809635: | initiator cookie: Sep 21 07:34:29.809637: | 18 31 dd 30 0d 3e 37 d5 Sep 21 07:34:29.809640: | responder cookie: Sep 21 07:34:29.809642: | 85 08 f7 50 ae 24 38 ea Sep 21 07:34:29.809644: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:29.809647: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:34:29.809649: | exchange type: ISAKMP_XCHG_INFO (0x5) Sep 21 07:34:29.809651: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Sep 21 07:34:29.809654: | Message ID: 3684854022 (0xdba26906) Sep 21 07:34:29.809657: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:34:29.809660: | ***emit ISAKMP Hash Payload: Sep 21 07:34:29.809663: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:29.809666: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Sep 21 07:34:29.809669: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'ISAKMP notify' Sep 21 07:34:29.809672: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Sep 21 07:34:29.809674: | emitting length of ISAKMP Hash Payload: 36 Sep 21 07:34:29.809677: | ***emit ISAKMP Notification Payload: Sep 21 07:34:29.809679: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:29.809682: | DOI: ISAKMP_DOI_IPSEC (0x1) Sep 21 07:34:29.809684: | protocol ID: 1 (0x1) Sep 21 07:34:29.809686: | SPI size: 16 (0x10) Sep 21 07:34:29.809689: | Notify Message Type: R_U_THERE_ACK (0x8d29) Sep 21 07:34:29.809692: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Notification Payload (11:ISAKMP_NEXT_N) Sep 21 07:34:29.809695: | next payload chain: saving location 'ISAKMP Notification Payload'.'next payload type' in 'ISAKMP notify' Sep 21 07:34:29.809698: | emitting 8 raw bytes of notify icookie into ISAKMP Notification Payload Sep 21 07:34:29.809700: | notify icookie 18 31 dd 30 0d 3e 37 d5 Sep 21 07:34:29.809703: | emitting 8 raw bytes of notify rcookie into ISAKMP Notification Payload Sep 21 07:34:29.809705: | notify rcookie 85 08 f7 50 ae 24 38 ea Sep 21 07:34:29.809708: | emitting 4 raw bytes of notify data into ISAKMP Notification Payload Sep 21 07:34:29.809710: | notify data 00 00 2b 73 Sep 21 07:34:29.809712: | emitting length of ISAKMP Notification Payload: 32 Sep 21 07:34:29.809729: | notification HASH(1): Sep 21 07:34:29.809732: | 45 f2 a6 90 45 de 1b f0 51 c7 d4 a7 95 10 20 cb Sep 21 07:34:29.809734: | 91 6e aa a9 0a c6 42 3b 0a 59 9f f3 48 45 30 bb Sep 21 07:34:29.809741: | emitting 12 zero bytes of encryption padding into ISAKMP Message Sep 21 07:34:29.809744: | no IKEv1 message padding required Sep 21 07:34:29.809746: | emitting length of ISAKMP Message: 108 Sep 21 07:34:29.809756: | sending 108 bytes for ISAKMP notify through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) Sep 21 07:34:29.809759: | 18 31 dd 30 0d 3e 37 d5 85 08 f7 50 ae 24 38 ea Sep 21 07:34:29.809762: | 08 10 05 01 db a2 69 06 00 00 00 6c b2 4f ad 61 Sep 21 07:34:29.809764: | 7a d1 db 09 6b 02 5b 75 5e d5 a5 22 11 49 de 89 Sep 21 07:34:29.809769: | a9 88 82 86 02 42 de 02 9b fa 35 02 6b 83 5b 52 Sep 21 07:34:29.809771: | ec b7 fb b5 05 42 f8 44 ce 3a 47 d7 6c d3 b2 5f Sep 21 07:34:29.809773: | 55 91 19 af 85 c6 a7 80 69 22 3e 9c c1 51 08 6f Sep 21 07:34:29.809774: | b8 77 a7 80 58 6a 67 91 b7 ef 12 5c Sep 21 07:34:29.809824: | complete v1 state transition with STF_IGNORE Sep 21 07:34:29.809834: | #1 spent 0.2 milliseconds in process_packet_tail() Sep 21 07:34:29.809839: | stop processing: from 192.1.3.33:500 (BACKGROUND) (in process_md() at demux.c:380) Sep 21 07:34:29.809844: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in process_md() at demux.c:382) Sep 21 07:34:29.809847: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:34:29.809851: | spent 0.413 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:34:32.156035: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:34:32.156242: | FOR_EACH_CONNECTION_... in show_connections_status Sep 21 07:34:32.156247: | FOR_EACH_CONNECTION_... in show_connections_status Sep 21 07:34:32.156423: | FOR_EACH_STATE_... in show_states_status (sort_states) Sep 21 07:34:32.156428: | FOR_EACH_STATE_... in sort_states Sep 21 07:34:32.156439: | get_sa_info esp.9b1d501b@192.1.2.23 Sep 21 07:34:32.156462: | get_sa_info esp.6c96bd25@192.1.3.33 Sep 21 07:34:32.156482: | get_sa_info esp.464c04b5@192.1.2.23 Sep 21 07:34:32.156492: | get_sa_info esp.62fa2058@192.1.3.33 Sep 21 07:34:32.156509: | get_sa_info esp.3c06bef5@192.1.2.23 Sep 21 07:34:32.156518: | get_sa_info esp.458a72ab@192.1.3.33 Sep 21 07:34:32.156537: | get_sa_info esp.24fe65a2@192.1.2.23 Sep 21 07:34:32.156546: | get_sa_info esp.3ca7fee2@192.1.3.33 Sep 21 07:34:32.156560: | get_sa_info esp.de049297@192.1.2.23 Sep 21 07:34:32.156567: | get_sa_info esp.6c70d87f@192.1.3.33 Sep 21 07:34:32.156581: | get_sa_info esp.446218c0@192.1.2.23 Sep 21 07:34:32.156590: | get_sa_info esp.5f2e4cf3@192.1.3.33 Sep 21 07:34:32.156611: | close_any(fd@16) (in whack_process() at rcv_whack.c:700) Sep 21 07:34:32.156618: | spent 0.585 milliseconds in whack Sep 21 07:34:32.811325: | spent 0.00402 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue() Sep 21 07:34:32.811357: | *received 108 bytes from 192.1.3.33:500 on eth1 (192.1.2.23:500) Sep 21 07:34:32.811363: | 18 31 dd 30 0d 3e 37 d5 85 08 f7 50 ae 24 38 ea Sep 21 07:34:32.811366: | 08 10 05 01 04 bd 2c 3e 00 00 00 6c 38 fb 1d fd Sep 21 07:34:32.811369: | f6 0d 6b 08 1d d8 67 00 5f 39 19 de b0 bb 24 d4 Sep 21 07:34:32.811372: | 13 41 45 92 7c 1c 4e 0b fc d7 3e 47 b4 04 b8 79 Sep 21 07:34:32.811375: | 1a af 6c 4a c7 4d 51 67 11 93 5a ad f7 1c 0d 39 Sep 21 07:34:32.811379: | 64 96 75 93 60 0d b2 8c 7f bb fa 41 5a 30 0e ce Sep 21 07:34:32.811382: | 6d 73 86 0b 10 95 5b cc b5 82 3c f4 Sep 21 07:34:32.811389: | start processing: from 192.1.3.33:500 (in process_md() at demux.c:378) Sep 21 07:34:32.811394: | **parse ISAKMP Message: Sep 21 07:34:32.811398: | initiator cookie: Sep 21 07:34:32.811401: | 18 31 dd 30 0d 3e 37 d5 Sep 21 07:34:32.811404: | responder cookie: Sep 21 07:34:32.811407: | 85 08 f7 50 ae 24 38 ea Sep 21 07:34:32.811411: | next payload type: ISAKMP_NEXT_HASH (0x8) Sep 21 07:34:32.811415: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:34:32.811418: | exchange type: ISAKMP_XCHG_INFO (0x5) Sep 21 07:34:32.811422: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Sep 21 07:34:32.811425: | Message ID: 79506494 (0x4bd2c3e) Sep 21 07:34:32.811429: | length: 108 (0x6c) Sep 21 07:34:32.811433: | processing version=1.0 packet with exchange type=ISAKMP_XCHG_INFO (5) Sep 21 07:34:32.811439: | peer and cookies match on #7; msgid=00000000 st_msgid=fc42ec12 st_msgid_phase15=00000000 Sep 21 07:34:32.811443: | peer and cookies match on #6; msgid=00000000 st_msgid=8b8f1195 st_msgid_phase15=00000000 Sep 21 07:34:32.811452: | peer and cookies match on #5; msgid=00000000 st_msgid=e63858db st_msgid_phase15=00000000 Sep 21 07:34:32.811456: | peer and cookies match on #4; msgid=00000000 st_msgid=7cb3d8d7 st_msgid_phase15=00000000 Sep 21 07:34:32.811460: | peer and cookies match on #3; msgid=00000000 st_msgid=f77eec5e st_msgid_phase15=00000000 Sep 21 07:34:32.811464: | peer and cookies match on #2; msgid=00000000 st_msgid=ea1e6cf8 st_msgid_phase15=00000000 Sep 21 07:34:32.811468: | peer and cookies match on #1; msgid=00000000 st_msgid=00000000 st_msgid_phase15=00000000 Sep 21 07:34:32.811472: | p15 state object #1 found, in STATE_MAIN_R3 Sep 21 07:34:32.811476: | State DB: found IKEv1 state #1 in MAIN_R3 (find_v1_info_state) Sep 21 07:34:32.811484: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in process_v1_packet() at ikev1.c:1455) Sep 21 07:34:32.811507: | #1 is idle Sep 21 07:34:32.811510: | #1 idle Sep 21 07:34:32.811516: | received encrypted packet from 192.1.3.33:500 Sep 21 07:34:32.811531: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x100 opt: 0x0 Sep 21 07:34:32.811535: | ***parse ISAKMP Hash Payload: Sep 21 07:34:32.811539: | next payload type: ISAKMP_NEXT_N (0xb) Sep 21 07:34:32.811542: | length: 36 (0x24) Sep 21 07:34:32.811546: | got payload 0x800 (ISAKMP_NEXT_N) needed: 0x0 opt: 0x0 Sep 21 07:34:32.811550: | ***parse ISAKMP Notification Payload: Sep 21 07:34:32.811554: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:32.811557: | length: 32 (0x20) Sep 21 07:34:32.811572: | DOI: ISAKMP_DOI_IPSEC (0x1) Sep 21 07:34:32.811576: | protocol ID: 1 (0x1) Sep 21 07:34:32.811579: | SPI size: 16 (0x10) Sep 21 07:34:32.811582: | Notify Message Type: R_U_THERE (0x8d28) Sep 21 07:34:32.811586: | removing 12 bytes of padding Sep 21 07:34:32.811612: | informational HASH(1): Sep 21 07:34:32.811616: | c4 8c 55 4b c8 a9 d4 2c a0 0d af 9b 02 7b 6c 60 Sep 21 07:34:32.811619: | 1d c3 f5 74 f0 9d bf f1 3a 4a f5 ed 86 b3 de f5 Sep 21 07:34:32.811623: | received 'informational' message HASH(1) data ok Sep 21 07:34:32.811627: | info: 18 31 dd 30 0d 3e 37 d5 85 08 f7 50 ae 24 38 ea Sep 21 07:34:32.811630: | info: 00 00 2b 74 Sep 21 07:34:32.811635: | processing informational R_U_THERE (36136) Sep 21 07:34:32.811638: | pstats ikev1_recv_notifies_e 36136 Sep 21 07:34:32.811645: | DPD: received R_U_THERE seq:11124 monotime:49919.179907 (state=#1 name="northnet-eastnets/0x2") Sep 21 07:34:32.811655: | **emit ISAKMP Message: Sep 21 07:34:32.811658: | initiator cookie: Sep 21 07:34:32.811661: | 18 31 dd 30 0d 3e 37 d5 Sep 21 07:34:32.811664: | responder cookie: Sep 21 07:34:32.811667: | 85 08 f7 50 ae 24 38 ea Sep 21 07:34:32.811670: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:32.811674: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:34:32.811677: | exchange type: ISAKMP_XCHG_INFO (0x5) Sep 21 07:34:32.811680: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Sep 21 07:34:32.811684: | Message ID: 3466706150 (0xcea1bce6) Sep 21 07:34:32.811688: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:34:32.811691: | ***emit ISAKMP Hash Payload: Sep 21 07:34:32.811695: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:32.811699: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Sep 21 07:34:32.811703: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'ISAKMP notify' Sep 21 07:34:32.811707: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Sep 21 07:34:32.811711: | emitting length of ISAKMP Hash Payload: 36 Sep 21 07:34:32.811714: | ***emit ISAKMP Notification Payload: Sep 21 07:34:32.811717: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:32.811721: | DOI: ISAKMP_DOI_IPSEC (0x1) Sep 21 07:34:32.811724: | protocol ID: 1 (0x1) Sep 21 07:34:32.811727: | SPI size: 16 (0x10) Sep 21 07:34:32.811730: | Notify Message Type: R_U_THERE_ACK (0x8d29) Sep 21 07:34:32.811738: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Notification Payload (11:ISAKMP_NEXT_N) Sep 21 07:34:32.811742: | next payload chain: saving location 'ISAKMP Notification Payload'.'next payload type' in 'ISAKMP notify' Sep 21 07:34:32.811746: | emitting 8 raw bytes of notify icookie into ISAKMP Notification Payload Sep 21 07:34:32.811749: | notify icookie 18 31 dd 30 0d 3e 37 d5 Sep 21 07:34:32.811752: | emitting 8 raw bytes of notify rcookie into ISAKMP Notification Payload Sep 21 07:34:32.811756: | notify rcookie 85 08 f7 50 ae 24 38 ea Sep 21 07:34:32.811759: | emitting 4 raw bytes of notify data into ISAKMP Notification Payload Sep 21 07:34:32.811762: | notify data 00 00 2b 74 Sep 21 07:34:32.811765: | emitting length of ISAKMP Notification Payload: 32 Sep 21 07:34:32.811803: | notification HASH(1): Sep 21 07:34:32.811810: | 3c f8 e4 8f 99 78 81 a6 d6 f2 d3 20 22 54 75 5a Sep 21 07:34:32.811814: | 7f da 6a 39 7f 2e 3f 79 b8 e9 9c 84 35 88 d2 ef Sep 21 07:34:32.811824: | emitting 12 zero bytes of encryption padding into ISAKMP Message Sep 21 07:34:32.811827: | no IKEv1 message padding required Sep 21 07:34:32.811831: | emitting length of ISAKMP Message: 108 Sep 21 07:34:32.811845: | sending 108 bytes for ISAKMP notify through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) Sep 21 07:34:32.811849: | 18 31 dd 30 0d 3e 37 d5 85 08 f7 50 ae 24 38 ea Sep 21 07:34:32.811852: | 08 10 05 01 ce a1 bc e6 00 00 00 6c d2 cd 23 01 Sep 21 07:34:32.811855: | b7 85 58 4d 5e 3e 3d d7 9d 9d 1b 10 20 ec 65 c8 Sep 21 07:34:32.811858: | 21 06 2f 26 43 7f 41 5c 66 87 2f 1e 6b 5e d1 4b Sep 21 07:34:32.811862: | 81 cc 93 21 98 5a 09 28 f5 e8 32 de dd 63 87 83 Sep 21 07:34:32.811865: | ef d8 dd 0a 7e ac 71 ee 0d ae 28 31 c6 b2 4c 0f Sep 21 07:34:32.811868: | b0 e8 c5 0c 9d 75 bf 09 d7 74 f9 a8 Sep 21 07:34:32.811922: | complete v1 state transition with STF_IGNORE Sep 21 07:34:32.811931: | #1 spent 0.261 milliseconds in process_packet_tail() Sep 21 07:34:32.811938: | stop processing: from 192.1.3.33:500 (BACKGROUND) (in process_md() at demux.c:380) Sep 21 07:34:32.811945: | stop processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in process_md() at demux.c:382) Sep 21 07:34:32.811950: | processing: STOP connection NULL (in process_md() at demux.c:383) Sep 21 07:34:32.811955: | spent 0.578 milliseconds in comm_handle_cb() reading and processing packet Sep 21 07:34:33.168877: | accept(whackctlfd, (struct sockaddr *)&whackaddr, &whackaddrlen) -> fd@16 (in whack_handle() at rcv_whack.c:721) Sep 21 07:34:33.168903: shutting down Sep 21 07:34:33.168911: | processing: RESET whack log_fd (was fd@16) (in exit_pluto() at plutomain.c:1825) Sep 21 07:34:33.168915: | pluto_sd: executing action action: stopping(6), status 0 Sep 21 07:34:33.168920: destroying root certificate cache Sep 21 07:34:33.168940: | certs and keys locked by 'free_preshared_secrets' Sep 21 07:34:33.168943: forgetting secrets Sep 21 07:34:33.168948: | certs and keys unlocked by 'free_preshared_secrets' Sep 21 07:34:33.168960: | unreference key: 0x5609748714b0 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org cnt 1-- Sep 21 07:34:33.168964: | unreference key: 0x560974870ed0 user-east@testing.libreswan.org cnt 1-- Sep 21 07:34:33.168968: | unreference key: 0x560974870b10 @east.testing.libreswan.org cnt 1-- Sep 21 07:34:33.168972: | unreference key: 0x56097486c220 east@testing.libreswan.org cnt 1-- Sep 21 07:34:33.168977: | unreference key: 0x56097486bbc0 192.1.2.23 cnt 1-- Sep 21 07:34:33.168987: | unreference key: 0x56097486b540 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org cnt 1-- Sep 21 07:34:33.168991: | unreference key: 0x56097486b1b0 user-north@testing.libreswan.org cnt 1-- Sep 21 07:34:33.168995: | unreference key: 0x560974866910 @north.testing.libreswan.org cnt 1-- Sep 21 07:34:33.169004: | start processing: connection "northnet-eastnets/0x2" (in delete_connection() at connections.c:189) Sep 21 07:34:33.169007: | Deleting states for connection - including all other IPsec SA's of this IKE SA Sep 21 07:34:33.169009: | pass 0 Sep 21 07:34:33.169012: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:34:33.169014: | state #7 Sep 21 07:34:33.169018: | suspend processing: connection "northnet-eastnets/0x2" (in foreach_state_by_connection_func_delete() at state.c:1310) Sep 21 07:34:33.169023: | start processing: state #7 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in foreach_state_by_connection_func_delete() at state.c:1310) Sep 21 07:34:33.169027: | pstats #7 ikev1.ipsec deleted completed Sep 21 07:34:33.169031: | [RE]START processing: state #7 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in delete_state() at state.c:879) Sep 21 07:34:33.169036: "northnet-eastnets/0x2" #7: deleting state (STATE_QUICK_R2) aged 12.372s and sending notification Sep 21 07:34:33.169039: | child state #7: QUICK_R2(established CHILD SA) => delete Sep 21 07:34:33.169043: | get_sa_info esp.5f2e4cf3@192.1.3.33 Sep 21 07:34:33.169060: | get_sa_info esp.446218c0@192.1.2.23 Sep 21 07:34:33.169069: "northnet-eastnets/0x2" #7: ESP traffic information: in=84B out=0B Sep 21 07:34:33.169072: | #7 send IKEv1 delete notification for STATE_QUICK_R2 Sep 21 07:34:33.169075: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:34:33.169085: | **emit ISAKMP Message: Sep 21 07:34:33.169088: | initiator cookie: Sep 21 07:34:33.169090: | 18 31 dd 30 0d 3e 37 d5 Sep 21 07:34:33.169092: | responder cookie: Sep 21 07:34:33.169095: | 85 08 f7 50 ae 24 38 ea Sep 21 07:34:33.169097: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:33.169100: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:34:33.169103: | exchange type: ISAKMP_XCHG_INFO (0x5) Sep 21 07:34:33.169106: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Sep 21 07:34:33.169108: | Message ID: 2853737589 (0xaa189475) Sep 21 07:34:33.169111: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:34:33.169115: | ***emit ISAKMP Hash Payload: Sep 21 07:34:33.169117: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:33.169120: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Sep 21 07:34:33.169123: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'delete msg' Sep 21 07:34:33.169126: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Sep 21 07:34:33.169129: | emitting length of ISAKMP Hash Payload: 36 Sep 21 07:34:33.169131: | ***emit ISAKMP Delete Payload: Sep 21 07:34:33.169134: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:33.169136: | DOI: ISAKMP_DOI_IPSEC (0x1) Sep 21 07:34:33.169139: | protocol ID: 3 (0x3) Sep 21 07:34:33.169141: | SPI size: 4 (0x4) Sep 21 07:34:33.169143: | number of SPIs: 1 (0x1) Sep 21 07:34:33.169146: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Delete Payload (12:ISAKMP_NEXT_D) Sep 21 07:34:33.169149: | next payload chain: saving location 'ISAKMP Delete Payload'.'next payload type' in 'delete msg' Sep 21 07:34:33.169152: | emitting 4 raw bytes of delete payload into ISAKMP Delete Payload Sep 21 07:34:33.169154: | delete payload 44 62 18 c0 Sep 21 07:34:33.169157: | emitting length of ISAKMP Delete Payload: 16 Sep 21 07:34:33.169187: | send delete HASH(1): Sep 21 07:34:33.169190: | d5 06 a6 7f 7d f0 7a b5 9c 71 dc 8e 78 e6 25 14 Sep 21 07:34:33.169193: | 08 7c 0e fa ee 9b 69 d5 0b 43 a8 f8 1d 4a 2c b6 Sep 21 07:34:33.169201: | emitting 12 zero bytes of encryption padding into ISAKMP Message Sep 21 07:34:33.169204: | no IKEv1 message padding required Sep 21 07:34:33.169206: | emitting length of ISAKMP Message: 92 Sep 21 07:34:33.169224: | sending 92 bytes for delete notify through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) Sep 21 07:34:33.169232: | 18 31 dd 30 0d 3e 37 d5 85 08 f7 50 ae 24 38 ea Sep 21 07:34:33.169234: | 08 10 05 01 aa 18 94 75 00 00 00 5c 5e e4 49 4f Sep 21 07:34:33.169237: | 23 e3 4a aa 21 6c e3 e2 6e de f2 49 80 57 12 d4 Sep 21 07:34:33.169239: | ff fa 9c 95 e1 91 7a e4 f0 20 9c b6 a6 0b 8e e6 Sep 21 07:34:33.169241: | 43 12 01 1a 3c e3 a6 fd 12 ff 7a 10 ed 05 a3 93 Sep 21 07:34:33.169243: | 1b 4d 65 f4 34 99 8b 50 76 26 59 7f Sep 21 07:34:33.169295: | state #7 requesting EVENT_SA_REPLACE to be deleted Sep 21 07:34:33.169301: | libevent_free: release ptr-libevent@0x7f832c003590 Sep 21 07:34:33.169304: | free_event_entry: release EVENT_SA_REPLACE-pe@0x7f83340041c0 Sep 21 07:34:33.169380: | running updown command "ipsec _updown" for verb down Sep 21 07:34:33.169385: | command executing down-client Sep 21 07:34:33.169424: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.22.0/24' PLUTO_MY_CLIENT_NET='192.0.22.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569051260' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' P Sep 21 07:34:33.169428: | popen cmd is 1298 chars long Sep 21 07:34:33.169431: | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets: Sep 21 07:34:33.169433: | cmd( 80):/0x2' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' : Sep 21 07:34:33.169436: | cmd( 160):PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=ea: Sep 21 07:34:33.169438: | cmd( 240):st.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='19: Sep 21 07:34:33.169441: | cmd( 320):2.0.22.0/24' PLUTO_MY_CLIENT_NET='192.0.22.0' PLUTO_MY_CLIENT_MASK='255.255.255.: Sep 21 07:34:33.169443: | cmd( 400):0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE=: Sep 21 07:34:33.169446: | cmd( 480):'ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libr: Sep 21 07:34:33.169448: | cmd( 560):eswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.: Sep 21 07:34:33.169451: | cmd( 640):libreswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0: Sep 21 07:34:33.169453: | cmd( 720):' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL: Sep 21 07:34:33.169456: | cmd( 800):='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569051260' PLUTO_CONN: Sep 21 07:34:33.169458: | cmd( 880):_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO: Sep 21 07:34:33.169461: | cmd( 960):' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLU: Sep 21 07:34:33.169463: | cmd(1040):TO_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER: Sep 21 07:34:33.169466: | cmd(1120):_BANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI: Sep 21 07:34:33.169468: | cmd(1200):_IFACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x5f2e4cf3 SPI_OUT=0x446218c0 : Sep 21 07:34:33.169470: | cmd(1280):ipsec _updown 2>&1: Sep 21 07:34:33.180541: | shunt_eroute() called for connection 'northnet-eastnets/0x2' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 192.0.22.0/24:0 --0->- 192.0.3.0/24:0 Sep 21 07:34:33.180557: | netlink_shunt_eroute for proto 0, and source 192.0.22.0/24:0 dest 192.0.3.0/24:0 Sep 21 07:34:33.180561: | priority calculation of connection "northnet-eastnets/0x2" is 0xfe7e7 Sep 21 07:34:33.180564: | IPsec Sa SPD priority set to 1042407 Sep 21 07:34:33.180600: | delete esp.5f2e4cf3@192.1.3.33 Sep 21 07:34:33.180661: | netlink response for Del SA esp.5f2e4cf3@192.1.3.33 included non-error error Sep 21 07:34:33.180667: | priority calculation of connection "northnet-eastnets/0x2" is 0xfe7e7 Sep 21 07:34:33.180674: | delete inbound eroute 192.0.3.0/24:0 --0-> 192.0.22.0/24:0 => unk255.10000@192.1.2.23 (raw_eroute) Sep 21 07:34:33.180779: | raw_eroute result=success Sep 21 07:34:33.180792: | delete esp.446218c0@192.1.2.23 Sep 21 07:34:33.180820: | netlink response for Del SA esp.446218c0@192.1.2.23 included non-error error Sep 21 07:34:33.180827: | stop processing: connection "northnet-eastnets/0x2" (BACKGROUND) (in update_state_connection() at connections.c:4037) Sep 21 07:34:33.180830: | start processing: connection NULL (in update_state_connection() at connections.c:4038) Sep 21 07:34:33.180832: | in connection_discard for connection northnet-eastnets/0x2 Sep 21 07:34:33.180835: | State DB: deleting IKEv1 state #7 in QUICK_R2 Sep 21 07:34:33.180839: | child state #7: QUICK_R2(established CHILD SA) => UNDEFINED(ignore) Sep 21 07:34:33.180855: | stop processing: state #7 from 192.1.3.33:500 (in delete_state() at state.c:1143) Sep 21 07:34:33.180864: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) Sep 21 07:34:33.180867: | state #6 Sep 21 07:34:33.180872: | start processing: state #6 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in foreach_state_by_connection_func_delete() at state.c:1310) Sep 21 07:34:33.180876: | pstats #6 ikev1.ipsec deleted completed Sep 21 07:34:33.180880: | [RE]START processing: state #6 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in delete_state() at state.c:879) Sep 21 07:34:33.180885: "northnet-eastnets/0x1" #6: deleting state (STATE_QUICK_R1) aged 21.225s and sending notification Sep 21 07:34:33.180888: | child state #6: QUICK_R1(established CHILD SA) => delete Sep 21 07:34:33.180892: | get_sa_info esp.458a72ab@192.1.3.33 Sep 21 07:34:33.180901: | get_sa_info esp.3c06bef5@192.1.2.23 Sep 21 07:34:33.180908: "northnet-eastnets/0x1" #6: ESP traffic information: in=0B out=0B Sep 21 07:34:33.180912: | #6 send IKEv1 delete notification for STATE_QUICK_R1 Sep 21 07:34:33.180914: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:34:33.180923: | **emit ISAKMP Message: Sep 21 07:34:33.180926: | initiator cookie: Sep 21 07:34:33.180929: | 18 31 dd 30 0d 3e 37 d5 Sep 21 07:34:33.180931: | responder cookie: Sep 21 07:34:33.180934: | 85 08 f7 50 ae 24 38 ea Sep 21 07:34:33.180936: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:33.180939: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:34:33.180942: | exchange type: ISAKMP_XCHG_INFO (0x5) Sep 21 07:34:33.180945: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Sep 21 07:34:33.180947: | Message ID: 1230091537 (0x4951b511) Sep 21 07:34:33.180950: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:34:33.180953: | ***emit ISAKMP Hash Payload: Sep 21 07:34:33.180956: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:33.180959: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Sep 21 07:34:33.180962: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'delete msg' Sep 21 07:34:33.180965: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Sep 21 07:34:33.180967: | emitting length of ISAKMP Hash Payload: 36 Sep 21 07:34:33.180970: | ***emit ISAKMP Delete Payload: Sep 21 07:34:33.180972: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:33.180975: | DOI: ISAKMP_DOI_IPSEC (0x1) Sep 21 07:34:33.180977: | protocol ID: 3 (0x3) Sep 21 07:34:33.180982: | SPI size: 4 (0x4) Sep 21 07:34:33.180985: | number of SPIs: 1 (0x1) Sep 21 07:34:33.180988: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Delete Payload (12:ISAKMP_NEXT_D) Sep 21 07:34:33.180991: | next payload chain: saving location 'ISAKMP Delete Payload'.'next payload type' in 'delete msg' Sep 21 07:34:33.180993: | emitting 4 raw bytes of delete payload into ISAKMP Delete Payload Sep 21 07:34:33.180996: | delete payload 3c 06 be f5 Sep 21 07:34:33.180999: | emitting length of ISAKMP Delete Payload: 16 Sep 21 07:34:33.181019: | send delete HASH(1): Sep 21 07:34:33.181022: | a7 45 bc 82 68 81 2d c2 54 e0 10 47 7b 96 a0 47 Sep 21 07:34:33.181025: | 82 11 07 f5 ed 1e 76 e6 24 98 83 44 23 ce 2e b9 Sep 21 07:34:33.181032: | emitting 12 zero bytes of encryption padding into ISAKMP Message Sep 21 07:34:33.181034: | no IKEv1 message padding required Sep 21 07:34:33.181037: | emitting length of ISAKMP Message: 92 Sep 21 07:34:33.181049: | sending 92 bytes for delete notify through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) Sep 21 07:34:33.181052: | 18 31 dd 30 0d 3e 37 d5 85 08 f7 50 ae 24 38 ea Sep 21 07:34:33.181054: | 08 10 05 01 49 51 b5 11 00 00 00 5c 6d f3 ee 61 Sep 21 07:34:33.181057: | ed b8 2e e6 98 4e 64 08 f7 da 9a 4a d5 c1 3c 74 Sep 21 07:34:33.181059: | 34 a6 a1 43 4c f2 8b 7e 08 4b 80 5b 36 89 27 89 Sep 21 07:34:33.181061: | 65 b6 c5 93 5f a8 d6 08 fa 43 bd 0a 8b 5c 36 64 Sep 21 07:34:33.181064: | c0 e2 23 2d 69 8a 7a 69 e0 db ac 21 Sep 21 07:34:33.181099: | state #6 requesting EVENT_RETRANSMIT to be deleted Sep 21 07:34:33.181103: | #6 STATE_QUICK_R1: retransmits: cleared Sep 21 07:34:33.181108: | libevent_free: release ptr-libevent@0x7f8324006ad0 Sep 21 07:34:33.181111: | free_event_entry: release EVENT_RETRANSMIT-pe@0x56097486a310 Sep 21 07:34:33.181178: | delete esp.458a72ab@192.1.3.33 Sep 21 07:34:33.181205: | netlink response for Del SA esp.458a72ab@192.1.3.33 included non-error error Sep 21 07:34:33.181210: | delete esp.3c06bef5@192.1.2.23 Sep 21 07:34:33.181231: | netlink response for Del SA esp.3c06bef5@192.1.2.23 included non-error error Sep 21 07:34:33.181235: | in connection_discard for connection northnet-eastnets/0x1 Sep 21 07:34:33.181237: | State DB: deleting IKEv1 state #6 in QUICK_R1 Sep 21 07:34:33.181241: | child state #6: QUICK_R1(established CHILD SA) => UNDEFINED(ignore) Sep 21 07:34:33.181253: | stop processing: state #6 from 192.1.3.33:500 (in delete_state() at state.c:1143) Sep 21 07:34:33.181261: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) Sep 21 07:34:33.181263: | state #5 Sep 21 07:34:33.181269: | start processing: state #5 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in foreach_state_by_connection_func_delete() at state.c:1310) Sep 21 07:34:33.181272: | pstats #5 ikev1.ipsec deleted completed Sep 21 07:34:33.181276: | [RE]START processing: state #5 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in delete_state() at state.c:879) Sep 21 07:34:33.181280: "northnet-eastnets/0x2" #5: deleting state (STATE_QUICK_R1) aged 21.226s and sending notification Sep 21 07:34:33.181283: | child state #5: QUICK_R1(established CHILD SA) => delete Sep 21 07:34:33.181286: | get_sa_info esp.6c70d87f@192.1.3.33 Sep 21 07:34:33.181294: | get_sa_info esp.de049297@192.1.2.23 Sep 21 07:34:33.181302: "northnet-eastnets/0x2" #5: ESP traffic information: in=0B out=0B Sep 21 07:34:33.181304: | #5 send IKEv1 delete notification for STATE_QUICK_R1 Sep 21 07:34:33.181307: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:34:33.181312: | **emit ISAKMP Message: Sep 21 07:34:33.181315: | initiator cookie: Sep 21 07:34:33.181317: | 18 31 dd 30 0d 3e 37 d5 Sep 21 07:34:33.181319: | responder cookie: Sep 21 07:34:33.181322: | 85 08 f7 50 ae 24 38 ea Sep 21 07:34:33.181324: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:33.181327: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:34:33.181330: | exchange type: ISAKMP_XCHG_INFO (0x5) Sep 21 07:34:33.181335: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Sep 21 07:34:33.181337: | Message ID: 1091759234 (0x4112ec82) Sep 21 07:34:33.181340: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:34:33.181343: | ***emit ISAKMP Hash Payload: Sep 21 07:34:33.181345: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:33.181348: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Sep 21 07:34:33.181351: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'delete msg' Sep 21 07:34:33.181354: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Sep 21 07:34:33.181357: | emitting length of ISAKMP Hash Payload: 36 Sep 21 07:34:33.181359: | ***emit ISAKMP Delete Payload: Sep 21 07:34:33.181362: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:33.181364: | DOI: ISAKMP_DOI_IPSEC (0x1) Sep 21 07:34:33.181367: | protocol ID: 3 (0x3) Sep 21 07:34:33.181369: | SPI size: 4 (0x4) Sep 21 07:34:33.181371: | number of SPIs: 1 (0x1) Sep 21 07:34:33.181374: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Delete Payload (12:ISAKMP_NEXT_D) Sep 21 07:34:33.181377: | next payload chain: saving location 'ISAKMP Delete Payload'.'next payload type' in 'delete msg' Sep 21 07:34:33.181380: | emitting 4 raw bytes of delete payload into ISAKMP Delete Payload Sep 21 07:34:33.181382: | delete payload de 04 92 97 Sep 21 07:34:33.181385: | emitting length of ISAKMP Delete Payload: 16 Sep 21 07:34:33.181402: | send delete HASH(1): Sep 21 07:34:33.181405: | 15 ea 89 08 f3 b0 9c b5 79 2e 71 4b 99 b5 0e f3 Sep 21 07:34:33.181408: | 43 d6 0a 20 bf 82 0d 28 1e 8e 6d 27 47 56 d2 ca Sep 21 07:34:33.181414: | emitting 12 zero bytes of encryption padding into ISAKMP Message Sep 21 07:34:33.181417: | no IKEv1 message padding required Sep 21 07:34:33.181419: | emitting length of ISAKMP Message: 92 Sep 21 07:34:33.181429: | sending 92 bytes for delete notify through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) Sep 21 07:34:33.181432: | 18 31 dd 30 0d 3e 37 d5 85 08 f7 50 ae 24 38 ea Sep 21 07:34:33.181434: | 08 10 05 01 41 12 ec 82 00 00 00 5c f1 38 b4 ea Sep 21 07:34:33.181437: | 5a e8 79 60 3f 09 d5 c0 99 c1 05 77 b5 a9 53 21 Sep 21 07:34:33.181439: | 52 5d 67 2f 33 fe e2 52 09 df b6 3c 8d e0 6b 0e Sep 21 07:34:33.181441: | 46 c7 b7 18 41 87 0b af d1 9b c3 b7 02 74 69 fe Sep 21 07:34:33.181444: | c1 dd 81 be b1 c4 35 65 8f 0e 79 22 Sep 21 07:34:33.181464: | state #5 requesting EVENT_RETRANSMIT to be deleted Sep 21 07:34:33.181467: | #5 STATE_QUICK_R1: retransmits: cleared Sep 21 07:34:33.181470: | libevent_free: release ptr-libevent@0x7f8338006ad0 Sep 21 07:34:33.181473: | free_event_entry: release EVENT_RETRANSMIT-pe@0x7f8324002b20 Sep 21 07:34:33.181526: | delete esp.6c70d87f@192.1.3.33 Sep 21 07:34:33.181551: | netlink response for Del SA esp.6c70d87f@192.1.3.33 included non-error error Sep 21 07:34:33.181554: | priority calculation of connection "northnet-eastnets/0x2" is 0xfe7e7 Sep 21 07:34:33.181561: | delete inbound eroute 192.0.3.0/24:0 --0-> 192.0.22.0/24:0 => unk255.10000@192.1.2.23 (raw_eroute) Sep 21 07:34:33.181571: | raw_eroute result=success Sep 21 07:34:33.181575: | delete esp.de049297@192.1.2.23 Sep 21 07:34:33.181596: | netlink response for Del SA esp.de049297@192.1.2.23 included non-error error Sep 21 07:34:33.181600: | in connection_discard for connection northnet-eastnets/0x2 Sep 21 07:34:33.181602: | State DB: deleting IKEv1 state #5 in QUICK_R1 Sep 21 07:34:33.181605: | child state #5: QUICK_R1(established CHILD SA) => UNDEFINED(ignore) Sep 21 07:34:33.181617: | stop processing: state #5 from 192.1.3.33:500 (in delete_state() at state.c:1143) Sep 21 07:34:33.181624: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) Sep 21 07:34:33.181626: | state #4 Sep 21 07:34:33.181631: | start processing: state #4 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in foreach_state_by_connection_func_delete() at state.c:1310) Sep 21 07:34:33.181636: | pstats #4 ikev1.ipsec deleted completed Sep 21 07:34:33.181640: | [RE]START processing: state #4 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in delete_state() at state.c:879) Sep 21 07:34:33.181644: "northnet-eastnets/0x1" #4: deleting state (STATE_QUICK_R2) aged 23.471s and sending notification Sep 21 07:34:33.181647: | child state #4: QUICK_R2(established CHILD SA) => delete Sep 21 07:34:33.181650: | get_sa_info esp.62fa2058@192.1.3.33 Sep 21 07:34:33.181658: | get_sa_info esp.464c04b5@192.1.2.23 Sep 21 07:34:33.181665: "northnet-eastnets/0x1" #4: ESP traffic information: in=84B out=84B Sep 21 07:34:33.181668: | #4 send IKEv1 delete notification for STATE_QUICK_R2 Sep 21 07:34:33.181671: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:34:33.181675: | **emit ISAKMP Message: Sep 21 07:34:33.181678: | initiator cookie: Sep 21 07:34:33.181680: | 18 31 dd 30 0d 3e 37 d5 Sep 21 07:34:33.181683: | responder cookie: Sep 21 07:34:33.181685: | 85 08 f7 50 ae 24 38 ea Sep 21 07:34:33.181688: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:33.181690: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:34:33.181693: | exchange type: ISAKMP_XCHG_INFO (0x5) Sep 21 07:34:33.181695: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Sep 21 07:34:33.181698: | Message ID: 511702158 (0x1e7ff48e) Sep 21 07:34:33.181701: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:34:33.181703: | ***emit ISAKMP Hash Payload: Sep 21 07:34:33.181706: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:33.181709: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Sep 21 07:34:33.181712: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'delete msg' Sep 21 07:34:33.181715: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Sep 21 07:34:33.181717: | emitting length of ISAKMP Hash Payload: 36 Sep 21 07:34:33.181719: | ***emit ISAKMP Delete Payload: Sep 21 07:34:33.181722: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:33.181724: | DOI: ISAKMP_DOI_IPSEC (0x1) Sep 21 07:34:33.181727: | protocol ID: 3 (0x3) Sep 21 07:34:33.181729: | SPI size: 4 (0x4) Sep 21 07:34:33.181731: | number of SPIs: 1 (0x1) Sep 21 07:34:33.181734: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Delete Payload (12:ISAKMP_NEXT_D) Sep 21 07:34:33.181737: | next payload chain: saving location 'ISAKMP Delete Payload'.'next payload type' in 'delete msg' Sep 21 07:34:33.181740: | emitting 4 raw bytes of delete payload into ISAKMP Delete Payload Sep 21 07:34:33.181742: | delete payload 46 4c 04 b5 Sep 21 07:34:33.181745: | emitting length of ISAKMP Delete Payload: 16 Sep 21 07:34:33.181761: | send delete HASH(1): Sep 21 07:34:33.181764: | 75 09 b1 b4 2a 35 1b 52 85 1a 91 36 85 f7 0c 22 Sep 21 07:34:33.181766: | 26 e1 17 68 fb 94 69 b7 31 ee 9b 1f 8c 61 1d 1c Sep 21 07:34:33.181776: | emitting 12 zero bytes of encryption padding into ISAKMP Message Sep 21 07:34:33.181779: | no IKEv1 message padding required Sep 21 07:34:33.181781: | emitting length of ISAKMP Message: 92 Sep 21 07:34:33.181798: | sending 92 bytes for delete notify through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) Sep 21 07:34:33.181801: | 18 31 dd 30 0d 3e 37 d5 85 08 f7 50 ae 24 38 ea Sep 21 07:34:33.181803: | 08 10 05 01 1e 7f f4 8e 00 00 00 5c bd 96 20 f4 Sep 21 07:34:33.181806: | 6a 69 fd 1e 06 18 ec be 70 2d ca fb b4 67 14 87 Sep 21 07:34:33.181808: | 72 43 48 47 2e 22 e1 2d 24 6b 55 6c 4d 98 8c f3 Sep 21 07:34:33.181810: | c4 57 25 c7 67 dd c5 d2 96 4b 54 4e bd 68 33 b3 Sep 21 07:34:33.181812: | 42 39 0b 34 82 96 eb ab 42 ab d8 f3 Sep 21 07:34:33.181830: | state #4 requesting EVENT_SA_REPLACE to be deleted Sep 21 07:34:33.181835: | libevent_free: release ptr-libevent@0x7f8320003770 Sep 21 07:34:33.181838: | free_event_entry: release EVENT_SA_REPLACE-pe@0x7f83280041c0 Sep 21 07:34:33.181889: | running updown command "ipsec _updown" for verb down Sep 21 07:34:33.181893: | command executing down-client Sep 21 07:34:33.181932: | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='ESP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569051249' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLU Sep 21 07:34:33.181935: | popen cmd is 1296 chars long Sep 21 07:34:33.181938: | cmd( 0):PLUTO_VERB='down-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets: Sep 21 07:34:33.181941: | cmd( 80):/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' : Sep 21 07:34:33.181943: | cmd( 160):PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=ea: Sep 21 07:34:33.181946: | cmd( 240):st.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='19: Sep 21 07:34:33.181948: | cmd( 320):2.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0': Sep 21 07:34:33.181951: | cmd( 400): PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='E: Sep 21 07:34:33.181953: | cmd( 480):SP' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libres: Sep 21 07:34:33.181956: | cmd( 560):wan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.li: Sep 21 07:34:33.181958: | cmd( 640):breswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' : Sep 21 07:34:33.181961: | cmd( 720):PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL=': Sep 21 07:34:33.181963: | cmd( 800):0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='1569051249' PLUTO_CONN_P: Sep 21 07:34:33.181966: | cmd( 880):OLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' : Sep 21 07:34:33.181968: | cmd( 960):PLUTO_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO: Sep 21 07:34:33.181971: | cmd(1040):_IS_PEER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_B: Sep 21 07:34:33.181973: | cmd(1120):ANNER='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_I: Sep 21 07:34:33.181976: | cmd(1200):FACE='' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x62fa2058 SPI_OUT=0x464c04b5 ip: Sep 21 07:34:33.181978: | cmd(1280):sec _updown 2>&1: Sep 21 07:34:33.193334: | shunt_eroute() called for connection 'northnet-eastnets/0x1' to 'replace with shunt' for rt_kind 'prospective erouted' using protoports 192.0.2.0/24:0 --0->- 192.0.3.0/24:0 Sep 21 07:34:33.193346: | netlink_shunt_eroute for proto 0, and source 192.0.2.0/24:0 dest 192.0.3.0/24:0 Sep 21 07:34:33.193349: | priority calculation of connection "northnet-eastnets/0x1" is 0xfe7e7 Sep 21 07:34:33.193351: | IPsec Sa SPD priority set to 1042407 Sep 21 07:34:33.193394: | delete esp.62fa2058@192.1.3.33 Sep 21 07:34:33.193427: | netlink response for Del SA esp.62fa2058@192.1.3.33 included non-error error Sep 21 07:34:33.193433: | priority calculation of connection "northnet-eastnets/0x1" is 0xfe7e7 Sep 21 07:34:33.193441: | delete inbound eroute 192.0.3.0/24:0 --0-> 192.0.2.0/24:0 => unk255.10000@192.1.2.23 (raw_eroute) Sep 21 07:34:33.193491: | raw_eroute result=success Sep 21 07:34:33.193498: | delete esp.464c04b5@192.1.2.23 Sep 21 07:34:33.193520: | netlink response for Del SA esp.464c04b5@192.1.2.23 included non-error error Sep 21 07:34:33.193526: | in connection_discard for connection northnet-eastnets/0x1 Sep 21 07:34:33.193530: | State DB: deleting IKEv1 state #4 in QUICK_R2 Sep 21 07:34:33.193534: | child state #4: QUICK_R2(established CHILD SA) => UNDEFINED(ignore) Sep 21 07:34:33.193553: | stop processing: state #4 from 192.1.3.33:500 (in delete_state() at state.c:1143) Sep 21 07:34:33.193562: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) Sep 21 07:34:33.193565: | state #3 Sep 21 07:34:33.193571: | start processing: state #3 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in foreach_state_by_connection_func_delete() at state.c:1310) Sep 21 07:34:33.193574: | pstats #3 ikev1.ipsec deleted completed Sep 21 07:34:33.193579: | [RE]START processing: state #3 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in delete_state() at state.c:879) Sep 21 07:34:33.193585: "northnet-eastnets/0x2" #3: deleting state (STATE_QUICK_R2) aged 66.311s and sending notification Sep 21 07:34:33.193590: | child state #3: QUICK_R2(established CHILD SA) => delete Sep 21 07:34:33.193595: | get_sa_info esp.3ca7fee2@192.1.3.33 Sep 21 07:34:33.193605: | get_sa_info esp.24fe65a2@192.1.2.23 Sep 21 07:34:33.193615: "northnet-eastnets/0x2" #3: ESP traffic information: in=168B out=0B Sep 21 07:34:33.193619: | #3 send IKEv1 delete notification for STATE_QUICK_R2 Sep 21 07:34:33.193623: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:34:33.193631: | **emit ISAKMP Message: Sep 21 07:34:33.193635: | initiator cookie: Sep 21 07:34:33.193638: | 18 31 dd 30 0d 3e 37 d5 Sep 21 07:34:33.193641: | responder cookie: Sep 21 07:34:33.193644: | 85 08 f7 50 ae 24 38 ea Sep 21 07:34:33.193647: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:33.193650: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:34:33.193654: | exchange type: ISAKMP_XCHG_INFO (0x5) Sep 21 07:34:33.193659: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Sep 21 07:34:33.193664: | Message ID: 4042762978 (0xf0f7aae2) Sep 21 07:34:33.193668: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:34:33.193671: | ***emit ISAKMP Hash Payload: Sep 21 07:34:33.193674: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:33.193679: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Sep 21 07:34:33.193682: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'delete msg' Sep 21 07:34:33.193686: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Sep 21 07:34:33.193689: | emitting length of ISAKMP Hash Payload: 36 Sep 21 07:34:33.193692: | ***emit ISAKMP Delete Payload: Sep 21 07:34:33.193696: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:33.193699: | DOI: ISAKMP_DOI_IPSEC (0x1) Sep 21 07:34:33.193702: | protocol ID: 3 (0x3) Sep 21 07:34:33.193704: | SPI size: 4 (0x4) Sep 21 07:34:33.193707: | number of SPIs: 1 (0x1) Sep 21 07:34:33.193711: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Delete Payload (12:ISAKMP_NEXT_D) Sep 21 07:34:33.193715: | next payload chain: saving location 'ISAKMP Delete Payload'.'next payload type' in 'delete msg' Sep 21 07:34:33.193719: | emitting 4 raw bytes of delete payload into ISAKMP Delete Payload Sep 21 07:34:33.193722: | delete payload 24 fe 65 a2 Sep 21 07:34:33.193725: | emitting length of ISAKMP Delete Payload: 16 Sep 21 07:34:33.193751: | send delete HASH(1): Sep 21 07:34:33.193755: | e2 7e 5a e3 c4 4c ca 18 05 1b 71 29 9f 99 c6 91 Sep 21 07:34:33.193758: | 1d bf a6 d7 18 24 d2 0d 3a 59 78 a5 5c bf 1b 82 Sep 21 07:34:33.193767: | emitting 12 zero bytes of encryption padding into ISAKMP Message Sep 21 07:34:33.193773: | no IKEv1 message padding required Sep 21 07:34:33.193776: | emitting length of ISAKMP Message: 92 Sep 21 07:34:33.193800: | sending 92 bytes for delete notify through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) Sep 21 07:34:33.193806: | 18 31 dd 30 0d 3e 37 d5 85 08 f7 50 ae 24 38 ea Sep 21 07:34:33.193810: | 08 10 05 01 f0 f7 aa e2 00 00 00 5c e0 e3 c3 7a Sep 21 07:34:33.193813: | 57 2f 7d f4 38 0d 59 76 c6 66 59 4e 3f 46 d3 cd Sep 21 07:34:33.193816: | 2e 84 03 ec 8d 42 0e b7 87 2d 84 a4 22 42 93 63 Sep 21 07:34:33.193819: | e9 f5 b6 39 54 4a 97 13 2b cf 5a 51 96 75 2f 40 Sep 21 07:34:33.193821: | 8f a4 2c f7 f2 c0 7d 54 c0 75 39 ee Sep 21 07:34:33.193860: | state #3 requesting EVENT_SA_REPLACE to be deleted Sep 21 07:34:33.193865: | libevent_free: release ptr-libevent@0x560974885bf0 Sep 21 07:34:33.193867: | free_event_entry: release EVENT_SA_REPLACE-pe@0x56097486a170 Sep 21 07:34:33.194001: | delete esp.3ca7fee2@192.1.3.33 Sep 21 07:34:33.194029: | netlink response for Del SA esp.3ca7fee2@192.1.3.33 included non-error error Sep 21 07:34:33.194090: | priority calculation of connection "northnet-eastnets/0x2" is 0xfe7e7 Sep 21 07:34:33.194101: | delete inbound eroute 192.0.3.0/24:0 --0-> 192.0.22.0/24:0 => unk255.10000@192.1.2.23 (raw_eroute) Sep 21 07:34:33.194114: | raw_eroute result=success Sep 21 07:34:33.194118: | delete esp.24fe65a2@192.1.2.23 Sep 21 07:34:33.194145: | netlink response for Del SA esp.24fe65a2@192.1.2.23 included non-error error Sep 21 07:34:33.194209: | in connection_discard for connection northnet-eastnets/0x2 Sep 21 07:34:33.194216: | State DB: deleting IKEv1 state #3 in QUICK_R2 Sep 21 07:34:33.194220: | child state #3: QUICK_R2(established CHILD SA) => UNDEFINED(ignore) Sep 21 07:34:33.194234: | stop processing: state #3 from 192.1.3.33:500 (in delete_state() at state.c:1143) Sep 21 07:34:33.194242: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) Sep 21 07:34:33.194244: | state #2 Sep 21 07:34:33.194249: | start processing: state #2 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in foreach_state_by_connection_func_delete() at state.c:1310) Sep 21 07:34:33.194252: | pstats #2 ikev1.ipsec deleted completed Sep 21 07:34:33.194257: | [RE]START processing: state #2 connection "northnet-eastnets/0x1" from 192.1.3.33:500 (in delete_state() at state.c:879) Sep 21 07:34:33.194261: "northnet-eastnets/0x1" #2: deleting state (STATE_QUICK_R2) aged 66.313s and sending notification Sep 21 07:34:33.194264: | child state #2: QUICK_R2(established CHILD SA) => delete Sep 21 07:34:33.194267: | get_sa_info esp.6c96bd25@192.1.3.33 Sep 21 07:34:33.194275: | get_sa_info esp.9b1d501b@192.1.2.23 Sep 21 07:34:33.194281: "northnet-eastnets/0x1" #2: ESP traffic information: in=168B out=168B Sep 21 07:34:33.194283: | #2 send IKEv1 delete notification for STATE_QUICK_R2 Sep 21 07:34:33.194284: | FOR_EACH_STATE_... in find_phase1_state Sep 21 07:34:33.194290: | **emit ISAKMP Message: Sep 21 07:34:33.194292: | initiator cookie: Sep 21 07:34:33.194293: | 18 31 dd 30 0d 3e 37 d5 Sep 21 07:34:33.194295: | responder cookie: Sep 21 07:34:33.194296: | 85 08 f7 50 ae 24 38 ea Sep 21 07:34:33.194298: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:33.194300: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:34:33.194301: | exchange type: ISAKMP_XCHG_INFO (0x5) Sep 21 07:34:33.194303: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Sep 21 07:34:33.194305: | Message ID: 2671582670 (0x9f3d1dce) Sep 21 07:34:33.194306: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:34:33.194308: | ***emit ISAKMP Hash Payload: Sep 21 07:34:33.194310: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:33.194312: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Sep 21 07:34:33.194313: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'delete msg' Sep 21 07:34:33.194318: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Sep 21 07:34:33.194319: | emitting length of ISAKMP Hash Payload: 36 Sep 21 07:34:33.194321: | ***emit ISAKMP Delete Payload: Sep 21 07:34:33.194322: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:33.194324: | DOI: ISAKMP_DOI_IPSEC (0x1) Sep 21 07:34:33.194325: | protocol ID: 3 (0x3) Sep 21 07:34:33.194327: | SPI size: 4 (0x4) Sep 21 07:34:33.194328: | number of SPIs: 1 (0x1) Sep 21 07:34:33.194330: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Delete Payload (12:ISAKMP_NEXT_D) Sep 21 07:34:33.194332: | next payload chain: saving location 'ISAKMP Delete Payload'.'next payload type' in 'delete msg' Sep 21 07:34:33.194334: | emitting 4 raw bytes of delete payload into ISAKMP Delete Payload Sep 21 07:34:33.194335: | delete payload 9b 1d 50 1b Sep 21 07:34:33.194337: | emitting length of ISAKMP Delete Payload: 16 Sep 21 07:34:33.194357: | send delete HASH(1): Sep 21 07:34:33.194362: | bd a6 6b b4 44 f0 24 8f 78 d7 cd 49 3a b6 49 31 Sep 21 07:34:33.194365: | 80 05 35 d1 94 69 d4 c2 e3 e9 18 de b4 b8 57 89 Sep 21 07:34:33.194372: | emitting 12 zero bytes of encryption padding into ISAKMP Message Sep 21 07:34:33.194375: | no IKEv1 message padding required Sep 21 07:34:33.194378: | emitting length of ISAKMP Message: 92 Sep 21 07:34:33.194389: | sending 92 bytes for delete notify through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) Sep 21 07:34:33.194391: | 18 31 dd 30 0d 3e 37 d5 85 08 f7 50 ae 24 38 ea Sep 21 07:34:33.194393: | 08 10 05 01 9f 3d 1d ce 00 00 00 5c e8 c0 ac f9 Sep 21 07:34:33.194396: | 4e 9f 91 55 c9 00 85 21 03 c7 d4 2d 85 42 60 17 Sep 21 07:34:33.194398: | 84 20 e2 73 bd 27 e5 fe ef 61 5b 54 57 b3 bb 4a Sep 21 07:34:33.194400: | 31 53 c7 36 54 4c 8d b8 6f f1 7a 71 3d 62 21 c2 Sep 21 07:34:33.194402: | 12 a6 c7 30 4e be 80 bc 31 46 19 3e Sep 21 07:34:33.194432: | state #2 requesting EVENT_SA_REPLACE to be deleted Sep 21 07:34:33.194437: | libevent_free: release ptr-libevent@0x7f8338006900 Sep 21 07:34:33.194440: | free_event_entry: release EVENT_SA_REPLACE-pe@0x560974870fb0 Sep 21 07:34:33.194492: | delete esp.6c96bd25@192.1.3.33 Sep 21 07:34:33.194516: | netlink response for Del SA esp.6c96bd25@192.1.3.33 included non-error error Sep 21 07:34:33.194519: | priority calculation of connection "northnet-eastnets/0x1" is 0xfe7e7 Sep 21 07:34:33.194526: | delete inbound eroute 192.0.3.0/24:0 --0-> 192.0.2.0/24:0 => unk255.10000@192.1.2.23 (raw_eroute) Sep 21 07:34:33.194535: | raw_eroute result=success Sep 21 07:34:33.194538: | delete esp.9b1d501b@192.1.2.23 Sep 21 07:34:33.194561: | netlink response for Del SA esp.9b1d501b@192.1.2.23 included non-error error Sep 21 07:34:33.194565: | in connection_discard for connection northnet-eastnets/0x1 Sep 21 07:34:33.194568: | State DB: deleting IKEv1 state #2 in QUICK_R2 Sep 21 07:34:33.194571: | child state #2: QUICK_R2(established CHILD SA) => UNDEFINED(ignore) Sep 21 07:34:33.194583: | stop processing: state #2 from 192.1.3.33:500 (in delete_state() at state.c:1143) Sep 21 07:34:33.194590: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) Sep 21 07:34:33.194593: | state #1 Sep 21 07:34:33.194595: | pass 1 Sep 21 07:34:33.194598: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:34:33.194600: | state #1 Sep 21 07:34:33.194605: | start processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in foreach_state_by_connection_func_delete() at state.c:1310) Sep 21 07:34:33.194608: | pstats #1 ikev1.isakmp deleted completed Sep 21 07:34:33.194613: | [RE]START processing: state #1 connection "northnet-eastnets/0x2" from 192.1.3.33:500 (in delete_state() at state.c:879) Sep 21 07:34:33.194617: "northnet-eastnets/0x2" #1: deleting state (STATE_MAIN_R3) aged 66.345s and sending notification Sep 21 07:34:33.194620: | parent state #1: MAIN_R3(established IKE SA) => delete Sep 21 07:34:33.194672: | #1 send IKEv1 delete notification for STATE_MAIN_R3 Sep 21 07:34:33.194677: | **emit ISAKMP Message: Sep 21 07:34:33.194680: | initiator cookie: Sep 21 07:34:33.194682: | 18 31 dd 30 0d 3e 37 d5 Sep 21 07:34:33.194685: | responder cookie: Sep 21 07:34:33.194687: | 85 08 f7 50 ae 24 38 ea Sep 21 07:34:33.194689: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:33.194692: | ISAKMP version: ISAKMP Version 1.0 (rfc2407) (0x10) Sep 21 07:34:33.194694: | exchange type: ISAKMP_XCHG_INFO (0x5) Sep 21 07:34:33.194696: | flags: ISAKMP_FLAG_v1_ENCRYPTION (0x1) Sep 21 07:34:33.194699: | Message ID: 66645870 (0x3f8ef6e) Sep 21 07:34:33.194702: | next payload chain: saving message location 'ISAKMP Message'.'next payload type' Sep 21 07:34:33.194704: | ***emit ISAKMP Hash Payload: Sep 21 07:34:33.194709: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:33.194714: | next payload chain: setting previous 'ISAKMP Message'.'next payload type' to current ISAKMP Hash Payload (8:ISAKMP_NEXT_HASH) Sep 21 07:34:33.194718: | next payload chain: saving location 'ISAKMP Hash Payload'.'next payload type' in 'delete msg' Sep 21 07:34:33.194721: | emitting 32 zero bytes of HASH DATA into ISAKMP Hash Payload Sep 21 07:34:33.194724: | emitting length of ISAKMP Hash Payload: 36 Sep 21 07:34:33.194727: | ***emit ISAKMP Delete Payload: Sep 21 07:34:33.194729: | next payload type: ISAKMP_NEXT_NONE (0x0) Sep 21 07:34:33.194732: | DOI: ISAKMP_DOI_IPSEC (0x1) Sep 21 07:34:33.194738: | protocol ID: 1 (0x1) Sep 21 07:34:33.194741: | SPI size: 16 (0x10) Sep 21 07:34:33.194743: | number of SPIs: 1 (0x1) Sep 21 07:34:33.194746: | next payload chain: setting previous 'ISAKMP Hash Payload'.'next payload type' to current ISAKMP Delete Payload (12:ISAKMP_NEXT_D) Sep 21 07:34:33.194749: | next payload chain: saving location 'ISAKMP Delete Payload'.'next payload type' in 'delete msg' Sep 21 07:34:33.194752: | emitting 8 raw bytes of initiator SPI into ISAKMP Delete Payload Sep 21 07:34:33.194755: | initiator SPI 18 31 dd 30 0d 3e 37 d5 Sep 21 07:34:33.194757: | emitting 8 raw bytes of responder SPI into ISAKMP Delete Payload Sep 21 07:34:33.194760: | responder SPI 85 08 f7 50 ae 24 38 ea Sep 21 07:34:33.194762: | emitting length of ISAKMP Delete Payload: 28 Sep 21 07:34:33.194781: | send delete HASH(1): Sep 21 07:34:33.194790: | cb ad 35 d7 d4 72 3c bd 98 b3 49 0b 16 d3 ad 45 Sep 21 07:34:33.194793: | 6a 28 66 29 da b9 15 54 6d a5 f9 2c eb 8d bf f0 Sep 21 07:34:33.194800: | no IKEv1 message padding required Sep 21 07:34:33.194803: | emitting length of ISAKMP Message: 92 Sep 21 07:34:33.194813: | sending 92 bytes for delete notify through eth1 from 192.1.2.23:500 to 192.1.3.33:500 (using #1) Sep 21 07:34:33.194816: | 18 31 dd 30 0d 3e 37 d5 85 08 f7 50 ae 24 38 ea Sep 21 07:34:33.194819: | 08 10 05 01 03 f8 ef 6e 00 00 00 5c f5 2d 2d 39 Sep 21 07:34:33.194821: | 0b c4 94 a1 68 87 bd 09 c7 1f 0a 80 03 63 07 a8 Sep 21 07:34:33.194824: | f0 4a 01 cf 6d 9f 5c 77 27 2d 55 df 7a 7b f2 59 Sep 21 07:34:33.194826: | 9d b0 d7 1c 0a c0 9d eb 94 f3 43 d0 bc 23 d3 c9 Sep 21 07:34:33.194828: | 02 19 98 e4 48 0c c0 7f c8 85 96 66 Sep 21 07:34:33.194848: | state #1 requesting EVENT_SA_REPLACE to be deleted Sep 21 07:34:33.194852: | libevent_free: release ptr-libevent@0x56097486a230 Sep 21 07:34:33.194855: | free_event_entry: release EVENT_SA_REPLACE-pe@0x7f8338002b20 Sep 21 07:34:33.194858: | State DB: IKEv1 state not found (flush_incomplete_children) Sep 21 07:34:33.194861: | in connection_discard for connection northnet-eastnets/0x2 Sep 21 07:34:33.194863: | State DB: deleting IKEv1 state #1 in MAIN_R3 Sep 21 07:34:33.194867: | parent state #1: MAIN_R3(established IKE SA) => UNDEFINED(ignore) Sep 21 07:34:33.194879: | unreference key: 0x56097487e2f0 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org cnt 2-- Sep 21 07:34:33.194891: | stop processing: state #1 from 192.1.3.33:500 (in delete_state() at state.c:1143) Sep 21 07:34:33.194904: | unreference key: 0x56097487e2f0 C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org cnt 1-- Sep 21 07:34:33.194910: | unreference key: 0x560974877870 user-north@testing.libreswan.org cnt 1-- Sep 21 07:34:33.194914: | unreference key: 0x5609748774e0 @north.testing.libreswan.org cnt 1-- Sep 21 07:34:33.194929: | processing: STOP state #0 (in foreach_state_by_connection_func_delete() at state.c:1312) Sep 21 07:34:33.194936: | shunt_eroute() called for connection 'northnet-eastnets/0x2' to 'delete' for rt_kind 'unrouted' using protoports 192.0.22.0/24:0 --0->- 192.0.3.0/24:0 Sep 21 07:34:33.194941: | netlink_shunt_eroute for proto 0, and source 192.0.22.0/24:0 dest 192.0.3.0/24:0 Sep 21 07:34:33.194944: | priority calculation of connection "northnet-eastnets/0x2" is 0xfe7e7 Sep 21 07:34:33.194974: | priority calculation of connection "northnet-eastnets/0x2" is 0xfe7e7 Sep 21 07:34:33.194984: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:34:33.194987: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Sep 21 07:34:33.194990: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 Sep 21 07:34:33.194992: | conn northnet-eastnets/0x2 mark 0/00000000, 0/00000000 vs Sep 21 07:34:33.194995: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Sep 21 07:34:33.194999: | route owner of "northnet-eastnets/0x2" unrouted: "northnet-eastnets/0x1" prospective erouted Sep 21 07:34:33.195003: | flush revival: connection 'northnet-eastnets/0x2' wasn't on the list Sep 21 07:34:33.195006: | processing: STOP connection NULL (in discard_connection() at connections.c:249) Sep 21 07:34:33.195012: | start processing: connection "northnet-eastnets/0x1" (in delete_connection() at connections.c:189) Sep 21 07:34:33.195014: | Deleting states for connection - including all other IPsec SA's of this IKE SA Sep 21 07:34:33.195017: | pass 0 Sep 21 07:34:33.195019: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:34:33.195022: | pass 1 Sep 21 07:34:33.195024: | FOR_EACH_STATE_... in foreach_state_by_connection_func_delete Sep 21 07:34:33.195030: | shunt_eroute() called for connection 'northnet-eastnets/0x1' to 'delete' for rt_kind 'unrouted' using protoports 192.0.2.0/24:0 --0->- 192.0.3.0/24:0 Sep 21 07:34:33.195036: | netlink_shunt_eroute for proto 0, and source 192.0.2.0/24:0 dest 192.0.3.0/24:0 Sep 21 07:34:33.195039: | priority calculation of connection "northnet-eastnets/0x1" is 0xfe7e7 Sep 21 07:34:33.195064: | priority calculation of connection "northnet-eastnets/0x1" is 0xfe7e7 Sep 21 07:34:33.195073: | FOR_EACH_CONNECTION_... in route_owner Sep 21 07:34:33.195076: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 vs Sep 21 07:34:33.195079: | conn northnet-eastnets/0x1 mark 0/00000000, 0/00000000 Sep 21 07:34:33.195082: | route owner of "northnet-eastnets/0x1" unrouted: NULL Sep 21 07:34:33.195085: | running updown command "ipsec _updown" for verb unroute Sep 21 07:34:33.195088: | command executing unroute-client Sep 21 07:34:33.195130: | executing unroute-client: PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastnets/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.23' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT='192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE='none' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testing.libreswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO_CONN_KIND='CK_PERMANENT' PLUTO Sep 21 07:34:33.195135: | popen cmd is 1277 chars long Sep 21 07:34:33.195139: | cmd( 0):PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0' PLUTO_CONNECTION='northnet-eastn: Sep 21 07:34:33.195141: | cmd( 80):ets/0x1' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='192.1.2.254' PLUTO_ME='192.1.2.2: Sep 21 07:34:33.195144: | cmd( 160):3' PLUTO_MY_ID='C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, CN: Sep 21 07:34:33.195147: | cmd( 240):=east.testing.libreswan.org, E=user-east@testing.libreswan.org' PLUTO_MY_CLIENT=: Sep 21 07:34:33.195149: | cmd( 320):'192.0.2.0/24' PLUTO_MY_CLIENT_NET='192.0.2.0' PLUTO_MY_CLIENT_MASK='255.255.255: Sep 21 07:34:33.195152: | cmd( 400):.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16388' PLUTO_SA_TYPE: Sep 21 07:34:33.195154: | cmd( 480):='none' PLUTO_PEER='192.1.3.33' PLUTO_PEER_ID='C=CA, ST=Ontario, L=Toronto, O=Li: Sep 21 07:34:33.195157: | cmd( 560):breswan, OU=Test Department, CN=north.testing.libreswan.org, E=user-north@testin: Sep 21 07:34:33.195160: | cmd( 640):g.libreswan.org' PLUTO_PEER_CLIENT='192.0.3.0/24' PLUTO_PEER_CLIENT_NET='192.0.3: Sep 21 07:34:33.195162: | cmd( 720):.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOC: Sep 21 07:34:33.195165: | cmd( 800):OL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_ADDTIME='0' PLUTO_CONN_POLICY: Sep 21 07:34:33.195167: | cmd( 880):='RSASIG+ENCRYPT+TUNNEL+PFS+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO' PLUTO: Sep 21 07:34:33.195170: | cmd( 960):_CONN_KIND='CK_PERMANENT' PLUTO_CONN_ADDRFAMILY='ipv4' XAUTH_FAILED=0 PLUTO_IS_P: Sep 21 07:34:33.195173: | cmd(1040):EER_CISCO='0' PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER: Sep 21 07:34:33.195175: | cmd(1120):='' PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='0' PLUTO_NM_CONFIGURED='0' VTI_IFACE=: Sep 21 07:34:33.195178: | cmd(1200):'' VTI_ROUTING='no' VTI_SHARED='no' SPI_IN=0x0 SPI_OUT=0x0 ipsec _updown 2>&1: Sep 21 07:34:33.206642: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:33.206658: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:33.206661: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:33.206664: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:33.206671: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:33.206680: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:33.206692: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:33.206701: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:33.206752: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:33.206757: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:33.206760: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:33.206762: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:33.206765: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:33.206768: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:33.206770: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:33.206773: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:33.206787: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:33.206799: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:33.206808: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:33.206817: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:33.206826: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:33.206836: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:33.206845: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:33.206854: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:33.206863: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:33.206872: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:33.206882: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:33.206892: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:33.206902: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:33.206910: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:33.206919: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:33.206929: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:33.206938: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:33.206947: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:33.206956: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:33.206964: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:33.206974: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:33.206984: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:33.206993: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:33.207002: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:33.207011: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:33.207022: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:33.207031: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:33.207040: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:33.207049: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:33.207126: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:33.207138: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:33.207146: "northnet-eastnets/0x1": unroute-client output: Error: Peer netns reference is invalid. Sep 21 07:34:33.215941: | free hp@0x56097486b870 Sep 21 07:34:33.215957: | flush revival: connection 'northnet-eastnets/0x1' wasn't on the list Sep 21 07:34:33.215960: | stop processing: connection "northnet-eastnets/0x1" (in discard_connection() at connections.c:249) Sep 21 07:34:33.215978: | crl fetch request list locked by 'free_crl_fetch' Sep 21 07:34:33.215980: | crl fetch request list unlocked by 'free_crl_fetch' Sep 21 07:34:33.215989: shutting down interface lo/lo 127.0.0.1:4500 Sep 21 07:34:33.215991: shutting down interface lo/lo 127.0.0.1:500 Sep 21 07:34:33.215993: shutting down interface eth0/eth0 192.0.2.254:4500 Sep 21 07:34:33.215995: shutting down interface eth0/eth0 192.0.2.254:500 Sep 21 07:34:33.215997: shutting down interface eth1/eth1 192.1.2.23:4500 Sep 21 07:34:33.216003: shutting down interface eth1/eth1 192.1.2.23:500 Sep 21 07:34:33.216006: | FOR_EACH_STATE_... in delete_states_dead_interfaces Sep 21 07:34:33.216013: | libevent_free: release ptr-libevent@0x560974865610 Sep 21 07:34:33.216015: | free_event_entry: release EVENT_NULL-pe@0x56097484eb80 Sep 21 07:34:33.216024: | libevent_free: release ptr-libevent@0x560974865700 Sep 21 07:34:33.216026: | free_event_entry: release EVENT_NULL-pe@0x5609748656c0 Sep 21 07:34:33.216031: | libevent_free: release ptr-libevent@0x5609748657f0 Sep 21 07:34:33.216032: | free_event_entry: release EVENT_NULL-pe@0x5609748657b0 Sep 21 07:34:33.216037: | libevent_free: release ptr-libevent@0x5609748658e0 Sep 21 07:34:33.216039: | free_event_entry: release EVENT_NULL-pe@0x5609748658a0 Sep 21 07:34:33.216043: | libevent_free: release ptr-libevent@0x5609748659d0 Sep 21 07:34:33.216044: | free_event_entry: release EVENT_NULL-pe@0x560974865990 Sep 21 07:34:33.216049: | libevent_free: release ptr-libevent@0x560974865ac0 Sep 21 07:34:33.216050: | free_event_entry: release EVENT_NULL-pe@0x560974865a80 Sep 21 07:34:33.216054: | FOR_EACH_UNORIENTED_CONNECTION_... in check_orientations Sep 21 07:34:33.216394: | libevent_free: release ptr-libevent@0x560974864df0 Sep 21 07:34:33.216399: | free_event_entry: release EVENT_NULL-pe@0x56097484da80 Sep 21 07:34:33.216402: | libevent_free: release ptr-libevent@0x56097485a870 Sep 21 07:34:33.216403: | free_event_entry: release EVENT_NULL-pe@0x56097484dcc0 Sep 21 07:34:33.216406: | libevent_free: release ptr-libevent@0x56097485a7e0 Sep 21 07:34:33.216407: | free_event_entry: release EVENT_NULL-pe@0x560974853810 Sep 21 07:34:33.216410: | global timer EVENT_REINIT_SECRET uninitialized Sep 21 07:34:33.216411: | global timer EVENT_SHUNT_SCAN uninitialized Sep 21 07:34:33.216413: | global timer EVENT_PENDING_DDNS uninitialized Sep 21 07:34:33.216414: | global timer EVENT_PENDING_PHASE2 uninitialized Sep 21 07:34:33.216416: | global timer EVENT_CHECK_CRLS uninitialized Sep 21 07:34:33.216417: | global timer EVENT_REVIVE_CONNS uninitialized Sep 21 07:34:33.216419: | global timer EVENT_FREE_ROOT_CERTS uninitialized Sep 21 07:34:33.216420: | global timer EVENT_RESET_LOG_RATE_LIMIT uninitialized Sep 21 07:34:33.216422: | global timer EVENT_NAT_T_KEEPALIVE uninitialized Sep 21 07:34:33.216426: | libevent_free: release ptr-libevent@0x560974864fd0 Sep 21 07:34:33.216427: | signal event handler PLUTO_SIGCHLD uninstalled Sep 21 07:34:33.216430: | libevent_free: release ptr-libevent@0x5609748650b0 Sep 21 07:34:33.216431: | signal event handler PLUTO_SIGTERM uninstalled Sep 21 07:34:33.216433: | libevent_free: release ptr-libevent@0x560974865170 Sep 21 07:34:33.216435: | signal event handler PLUTO_SIGHUP uninstalled Sep 21 07:34:33.216437: | libevent_free: release ptr-libevent@0x560974859be0 Sep 21 07:34:33.216438: | signal event handler PLUTO_SIGSYS uninstalled Sep 21 07:34:33.216439: | releasing event base Sep 21 07:34:33.216449: | libevent_free: release ptr-libevent@0x560974865230 Sep 21 07:34:33.216451: | libevent_free: release ptr-libevent@0x560974802400 Sep 21 07:34:33.216454: | libevent_free: release ptr-libevent@0x560974848e70 Sep 21 07:34:33.216456: | libevent_free: release ptr-libevent@0x560974878d20 Sep 21 07:34:33.216457: | libevent_free: release ptr-libevent@0x560974848e90 Sep 21 07:34:33.216459: | libevent_free: release ptr-libevent@0x560974864e80 Sep 21 07:34:33.216461: | libevent_free: release ptr-libevent@0x560974865070 Sep 21 07:34:33.216462: | libevent_free: release ptr-libevent@0x560974849030 Sep 21 07:34:33.216463: | libevent_free: release ptr-libevent@0x560974853770 Sep 21 07:34:33.216465: | libevent_free: release ptr-libevent@0x560974853750 Sep 21 07:34:33.216466: | libevent_free: release ptr-libevent@0x560974865b50 Sep 21 07:34:33.216468: | libevent_free: release ptr-libevent@0x560974865a60 Sep 21 07:34:33.216469: | libevent_free: release ptr-libevent@0x560974865970 Sep 21 07:34:33.216471: | libevent_free: release ptr-libevent@0x560974865880 Sep 21 07:34:33.216474: | libevent_free: release ptr-libevent@0x560974865790 Sep 21 07:34:33.216475: | libevent_free: release ptr-libevent@0x5609748656a0 Sep 21 07:34:33.216477: | libevent_free: release ptr-libevent@0x560974848f20 Sep 21 07:34:33.216478: | libevent_free: release ptr-libevent@0x560974865150 Sep 21 07:34:33.216480: | libevent_free: release ptr-libevent@0x560974865090 Sep 21 07:34:33.216481: | libevent_free: release ptr-libevent@0x560974864fb0 Sep 21 07:34:33.216483: | libevent_free: release ptr-libevent@0x560974865210 Sep 21 07:34:33.216484: | libevent_free: release ptr-libevent@0x560974864ea0 Sep 21 07:34:33.216486: | libevent_free: release ptr-libevent@0x560974848eb0 Sep 21 07:34:33.216487: | libevent_free: release ptr-libevent@0x560974848ee0 Sep 21 07:34:33.216489: | libevent_free: release ptr-libevent@0x560974848bd0 Sep 21 07:34:33.216490: | releasing global libevent data Sep 21 07:34:33.216492: | libevent_free: release ptr-libevent@0x5609748473c0 Sep 21 07:34:33.216494: | libevent_free: release ptr-libevent@0x5609748473f0 Sep 21 07:34:33.216496: | libevent_free: release ptr-libevent@0x560974848ba0